testing/data_exposure.ts

Composable data exposure test suite.
Verifies that sensitive database fields never leak through HTTP responses:
- Schema-level: walks JSON Schema output/error schemas for blocklisted property names
- Runtime: fires real requests and checks response bodies against field blocklists
- Cross-privilege: verifies admin routes return 403 for non-admin users,
  and non-admin responses exclude admin-only fields

Declarations
#

5 declarations

view source

assert_non_admin_schemas_no_admin_fields
#

testing/data_exposure.ts view source

(surface: AppSurface, admin_only_fields?: readonly string[]): void

Assert that non-admin route output schemas don't contain admin-only fields.

`surface`

the app surface to check

type AppSurface

`admin_only_fields`

field names that are admin-only

type readonly string[]

default ADMIN_ONLY_FIELD_BLOCKLIST

returns

void

assert_output_schemas_no_sensitive_fields
#

testing/data_exposure.ts view source

(surface: AppSurface, sensitive_fields?: readonly string[]): void

Assert that no output schema in the surface contains sensitive field names.

`surface`

the app surface to check

type AppSurface

`sensitive_fields`

field names to flag

type readonly string[]

default SENSITIVE_FIELD_BLOCKLIST

returns

void

collect_json_schema_property_names
#

testing/data_exposure.ts view source

(schema: unknown): Set<string>

Recursively collect all property names from a JSON Schema.
Walks properties, items, allOf/anyOf/oneOf, and
additionalProperties to find every declared field name at any depth.

`schema`

JSON Schema object

type unknown

returns

Set<string>

set of all property names found

DataExposureTestOptions
#

testing/data_exposure.ts view source

DataExposureTestOptions

Options for describe_data_exposure_tests.

`build`

Build the app surface spec (for schema-level checks).

type () => AppSurfaceSpec

`session_options`

Session config for runtime tests.

type SessionOptions<string>

`create_route_specs`

Route spec factory for runtime tests.

type (ctx: AppServerContext) => Array<RouteSpec>

`sensitive_fields`

Fields that must never appear in any response. Default: SENSITIVE_FIELD_BLOCKLIST.

type ReadonlyArray<string>

`admin_only_fields`

Fields that must not appear in non-admin responses. Default: ADMIN_ONLY_FIELD_BLOCKLIST.

type ReadonlyArray<string>

`app_options`

Optional overrides for AppServerOptions.

type

Partial<
		Omit<AppServerOptions, 'backend' | 'session_options' | 'create_route_specs'>
	>

`db_factories`

Database factories to run tests against. Default: pglite only.

type Array<DbFactory>

`skip_routes`

Routes to skip, in 'METHOD /path' format.

type Array<string>

describe_data_exposure_tests
#

testing/data_exposure.ts view source

(options: DataExposureTestOptions): void

Composable data exposure test suite.
Three test groups:
1. Schema-level — walk JSON Schema output/error schemas for sensitive field names
2. Runtime — fire real requests and check response bodies against blocklists
3. Cross-privilege — admin routes return 403 for non-admin, error responses
   contain no sensitive fields

`options`

test configuration

type DataExposureTestOptions

returns

void