Lines 544-609javascript
544 expect(pickCanonicalPersonEntity(list)?.uid).toBe("prs_a");
545 // Both undefined: uid tiebreak
546 const bothUndefined = [
547 { uid: "prs_z", slug: "z", type: "person", status: "active" },
548 { uid: "prs_a", slug: "a", type: "person", status: "active" },
550 expect(pickCanonicalPersonEntity(bothUndefined)?.uid).toBe("prs_a");
552 it("pickCanonicalPersonEntity_filters_out_non_person_types", () => {
554 { uid: "cmp_x", slug: "x", type: "company", status: "active", createdAt: "2025-01-01T00:00:00Z" },
555 { uid: "prs_b", slug: "b", type: "person", status: "active", createdAt: "2026-01-02T00:00:00Z" },
557 const result = pickCanonicalPersonEntity(mixed);
558 expect(result?.uid).toBe("prs_b");
559 expect(result?.type).toBe("person");
561 it("sts.vend roundtrips POST /sts/vend with companyUid", async () => {
562 fetchSpy.mockResolvedValueOnce(jsonResponse(200, {
564 accessKeyId: "AKIAIOSFODNN7EXAMPLE",
CriticalCritical Secret
Package contains a critical-looking secret pattern.
dist/vault-client.test.jsView on unpkg · L564 CriticalSecret Pattern
AWS access key ID in dist/vault-client.test.js
dist/vault-client.test.jsView on unpkg · L564 565 secretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
566 sessionToken: "FwoGZXIvYXdzEBY...",
568 expiresAt: "2026-01-01T01:00:00.000Z",
570 const result = await client.sts.vend({ companyUid: "cmp_x" });
571 expect(result.credentials.accessKeyId).toBe("AKIAIOSFODNN7EXAMPLE");
CriticalSecret Pattern
AWS access key ID in dist/vault-client.test.js
dist/vault-client.test.jsView on unpkg · L571 572 expect(result.credentials.sessionToken).toBe("FwoGZXIvYXdzEBY...");
573 expect(typeof result.expiresAt).toBe("string");
574 const [url, init] = fetchSpy.mock.calls[0];
575 expect(url).toBe("https://vault.test.example.com/sts/vend");
576 expect(init.method.toUpperCase()).toBe("POST");
577 expect(JSON.parse(init.body)).toEqual({ companyUid: "cmp_x" });
579 it("vendSelf_roundtrip", async () => {
580 fetchSpy.mockResolvedValueOnce(jsonResponse(200, {
582 accessKeyId: "AKIAIOSFODNN7EXAMPLE",
CriticalSecret Pattern
AWS access key ID in dist/vault-client.test.js
dist/vault-client.test.jsView on unpkg · L582 583 secretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
584 sessionToken: "FwoGZXIvYXdzEBY...",
586 expiresAt: "2026-01-01T01:00:00.000Z",
588 const result = await client.sts.vendSelf({ personUid: "prs_x" });
589 expect(result.credentials.accessKeyId).toBe("AKIAIOSFODNN7EXAMPLE");
CriticalSecret Pattern
AWS access key ID in dist/vault-client.test.js
dist/vault-client.test.jsView on unpkg · L589 590 expect(result.credentials.secretAccessKey).toBe("wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY");
591 expect(result.credentials.sessionToken).toBe("FwoGZXIvYXdzEBY...");
592 expect(typeof result.expiresAt).toBe("string");
593 const [url, init] = fetchSpy.mock.calls[0];
594 expect(url).toBe("https://vault.test.example.com/sts/vend-self");
595 expect(init.method.toUpperCase()).toBe("POST");
596 expect(JSON.parse(init.body)).toEqual({ personUid: "prs_x" });
599// ---------------------------------------------------------------------------
600// Browse-vs-sync SDK methods (US-004)
602// listMyExplicitGrants, getMembershipSyncConfig, setMembershipSyncConfig
603// wrap the US-002/US-003 hq-pro endpoints. Tests assert URL shape, payload
604// shape, error mapping (401/404/network), and the empty-grants fallback
605// that lets call sites treat "no grants" as a normal state.
606// ---------------------------------------------------------------------------
607describe("listMyExplicitGrants (US-004)", () => {
608 it("GETs /v1/files/grants with the company query param and returns grants[]", async () => {