Files
TX/artifacts/api-server
Riyadh 7fa6f84c92 Add automated tests for the expanded audit log coverage (Task #115)
Adds artifacts/api-server/tests/audit-log-coverage.test.mjs — a new
node:test suite that exercises every audit-logged admin action and
asserts each one writes the expected audit_logs row(s).

Coverage (26 tests):
- user.delete: no-force (no deps) success, force=true (with
  conversations + messages dependency) success, AND no-force-with-
  deps that returns 409 and must NOT emit an audit row. Verifies
  metadata.force and the presence/absence of the dependency counts.
- role.create / role.update / role.delete; plus a no-op PATCH that
  must NOT emit a role.update row.
- group.create with size counts.
- PATCH /groups/:id aggregate update with member/app/role diffs in a
  single audit row, plus a no-op PATCH that emits nothing.
- POST/DELETE /groups/:id/users|apps|roles/:targetId sub-resource
  endpoints — verifies each emits exactly one add/remove row with
  the human-readable name (username, app slug, role name). Includes
  an explicit group.user.remove case (added per code review).
- group.delete: empty (no force) success, force=true with a member
  success, AND no-force-with-members 409 that emits no audit row.
- app.create / app.update (with from→to changes); a no-op PATCH that
  emits nothing; app.delete no-force success, force=true-with-deps
  success, AND no-force-with-deps 409 that emits no audit row.
- auth.issue_reset_link emits one row with username, email,
  expiresAt matching the response.
- settings.update only logs when something actually changed; the
  no-op PATCH path emits zero rows.

Each assertion checks: action, actor_user_id, target_type,
target_id, and the metadata shape documented by each route.

Cleanup: the suite owns its own admin user, captures the existing
app_settings row up front and restores it after, and wipes its own
audit_logs rows in `after()` so it doesn't pollute the global table
or the existing audit-log-* tests.

No production code changes.
2026-04-29 19:16:52 +00:00
..
2026-04-18 02:00:09 +00:00