Lines 573-638javascript
573 expect(pickCanonicalPersonEntity(list)?.uid).toBe("prs_a");
574 // Both undefined: uid tiebreak
575 const bothUndefined = [
576 { uid: "prs_z", slug: "z", type: "person", status: "active" },
577 { uid: "prs_a", slug: "a", type: "person", status: "active" },
579 expect(pickCanonicalPersonEntity(bothUndefined)?.uid).toBe("prs_a");
581 it("pickCanonicalPersonEntity_filters_out_non_person_types", () => {
583 { uid: "cmp_x", slug: "x", type: "company", status: "active", createdAt: "2025-01-01T00:00:00Z" },
584 { uid: "prs_b", slug: "b", type: "person", status: "active", createdAt: "2026-01-02T00:00:00Z" },
586 const result = pickCanonicalPersonEntity(mixed);
587 expect(result?.uid).toBe("prs_b");
588 expect(result?.type).toBe("person");
590 it("sts.vend roundtrips POST /sts/vend with companyUid", async () => {
591 fetchSpy.mockResolvedValueOnce(jsonResponse(200, {
593 accessKeyId: "AKIAIOSFODNN7EXAMPLE",
CriticalCritical Secret
Package contains a critical-looking secret pattern.
dist/vault-client.test.jsView on unpkg · L593 CriticalSecret Pattern
AWS access key ID in dist/vault-client.test.js
dist/vault-client.test.jsView on unpkg · L593 594 secretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
595 sessionToken: "FwoGZXIvYXdzEBY...",
597 expiresAt: "2026-01-01T01:00:00.000Z",
599 const result = await client.sts.vend({ companyUid: "cmp_x" });
600 expect(result.credentials.accessKeyId).toBe("AKIAIOSFODNN7EXAMPLE");
CriticalSecret Pattern
AWS access key ID in dist/vault-client.test.js
dist/vault-client.test.jsView on unpkg · L600 601 expect(result.credentials.sessionToken).toBe("FwoGZXIvYXdzEBY...");
602 expect(typeof result.expiresAt).toBe("string");
603 const [url, init] = fetchSpy.mock.calls[0];
604 expect(url).toBe("https://vault.test.example.com/sts/vend");
605 expect(init.method.toUpperCase()).toBe("POST");
606 expect(JSON.parse(init.body)).toEqual({ companyUid: "cmp_x" });
608 it("vendSelf_roundtrip", async () => {
609 fetchSpy.mockResolvedValueOnce(jsonResponse(200, {
611 accessKeyId: "AKIAIOSFODNN7EXAMPLE",
CriticalSecret Pattern
AWS access key ID in dist/vault-client.test.js
dist/vault-client.test.jsView on unpkg · L611 612 secretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
613 sessionToken: "FwoGZXIvYXdzEBY...",
615 expiresAt: "2026-01-01T01:00:00.000Z",
617 const result = await client.sts.vendSelf({ personUid: "prs_x" });
618 expect(result.credentials.accessKeyId).toBe("AKIAIOSFODNN7EXAMPLE");
CriticalSecret Pattern
AWS access key ID in dist/vault-client.test.js
dist/vault-client.test.jsView on unpkg · L618 619 expect(result.credentials.secretAccessKey).toBe("wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY");
620 expect(result.credentials.sessionToken).toBe("FwoGZXIvYXdzEBY...");
621 expect(typeof result.expiresAt).toBe("string");
622 const [url, init] = fetchSpy.mock.calls[0];
623 expect(url).toBe("https://vault.test.example.com/sts/vend-self");
624 expect(init.method.toUpperCase()).toBe("POST");
625 expect(JSON.parse(init.body)).toEqual({ personUid: "prs_x" });
628// ---------------------------------------------------------------------------
629// Browse-vs-sync SDK methods (US-004)
631// listMyExplicitGrants, getMembershipSyncConfig, setMembershipSyncConfig
632// wrap the US-002/US-003 hq-pro endpoints. Tests assert URL shape, payload
633// shape, error mapping (401/404/network), and the empty-grants fallback
634// that lets call sites treat "no grants" as a normal state.
635// ---------------------------------------------------------------------------
636describe("listMyExplicitGrants (US-004)", () => {
637 it("GETs /v1/files/grants with the company query param and returns grants[]", async () => {