From 24892d577032aa38973332b7695585ae73ea4ce0 Mon Sep 17 00:00:00 2001 From: TerrifiedBug Date: Sun, 26 Apr 2026 22:46:52 +0100 Subject: [PATCH 1/3] feat(demo): harden hosted demo against egress + identity mutations Public demo at https://demo.vectorflow.sh runs with a shared seeded account. The previous demo PR only hid UI surface; backend procedures and outbound services were unguarded, so a determined visitor could call tRPC directly to mint API tokens, change identity settings, or trigger outbound HTTP from server-side code (alert webhooks, AI provider, git sync, SMTP, gitops PRs). This change closes those gaps: - Add denyInDemo() tRPC middleware for procedures we never want reachable in demo (token minting, super-admin user mgmt, git test connection that clones arbitrary URLs). - Add isDemoMode() short-circuits inside the outbound services so even procedures we leave reachable for UX (alert webhook config, AI conversations, channel rules, git-sync queue) can never actually deliver: outbound-webhook, webhook-delivery, channels dispatcher (slack/email/pagerduty/webhook), email driver, cost-optimizer-ai, ai streamCompletion + testAiConnection, git-sync commit/delete, gitops-promotion PR creation. - Bypass TOTP challenge in src/auth.ts and the /setup-2fa redirect in the dashboard layout when running in demo, so the seeded account can sign in regardless of org-level 2FA enforcement. Defense-in-depth: most paths are now blocked at both the procedure boundary AND inside the service that does the I/O. Tests: extended outbound-webhook tests with a demo-mode case asserting fetch is never called and validatePublicUrl is skipped. Full vitest suite (2456 tests) passes; tsc --noEmit clean. --- src/app/(dashboard)/layout.tsx | 4 +++- src/auth.ts | 6 ++++-- src/server/routers/admin.ts | 10 +++++++++- src/server/routers/alert-webhooks.ts | 3 ++- src/server/routers/environment.ts | 3 ++- src/server/routers/service-account.ts | 5 ++++- src/server/services/ai.ts | 10 ++++++++++ src/server/services/channels/email.ts | 5 +++++ src/server/services/channels/index.ts | 7 +++++++ src/server/services/cost-optimizer-ai.ts | 7 +++++++ src/server/services/git-sync.ts | 13 ++++++++++++- src/server/services/gitops-promotion.ts | 9 +++++++++ src/server/services/outbound-webhook.test.ts | 15 +++++++++++++++ src/server/services/outbound-webhook.ts | 8 ++++++++ src/server/services/webhook-delivery.ts | 9 ++++++++- src/trpc/init.ts | 18 ++++++++++++++++++ 16 files changed, 123 insertions(+), 9 deletions(-) diff --git a/src/app/(dashboard)/layout.tsx b/src/app/(dashboard)/layout.tsx index 941ef040..37de03f4 100644 --- a/src/app/(dashboard)/layout.tsx +++ b/src/app/(dashboard)/layout.tsx @@ -92,8 +92,10 @@ export default function DashboardLayout({ }, [me?.mustChangePassword]); // Redirect to dedicated 2FA setup page if required but not enabled - // Guard: wait for password change to complete first + // Guard: wait for password change to complete first. + // Skipped in demo mode — the seeded shared account does not enroll TOTP. useEffect(() => { + if (isDemoMode()) return; if (me && !me.mustChangePassword && me.twoFactorRequired && !me.totpEnabled && me.authMethod !== "OIDC") { router.push("/setup-2fa"); } diff --git a/src/auth.ts b/src/auth.ts index 7eb616fa..b88bd079 100644 --- a/src/auth.ts +++ b/src/auth.ts @@ -11,6 +11,7 @@ import { writeAuditLog } from "@/server/services/audit"; import { debugLog, infoLog, warnLog } from "@/lib/logger"; import { headers } from "next/headers"; import { env, isBuildPhase } from "@/lib/env"; +import { isDemoMode } from "@/lib/is-demo-mode"; import { loginAttemptTracker, getRemainingLockSeconds, @@ -151,8 +152,9 @@ const credentialsProvider = Credentials({ return null; } - // TOTP 2FA check - if (user.totpEnabled && user.totpSecret) { + // TOTP 2FA check (bypassed in hosted demo mode so visitors can sign in + // with the seeded shared account regardless of its TOTP state). + if (!isDemoMode() && user.totpEnabled && user.totpSecret) { const raw = credentials.totpCode as string | undefined; const totpCode = raw && raw !== "undefined" ? raw.trim() : undefined; diff --git a/src/server/routers/admin.ts b/src/server/routers/admin.ts index c7a8c8c8..1b48d869 100644 --- a/src/server/routers/admin.ts +++ b/src/server/routers/admin.ts @@ -2,7 +2,7 @@ import { z } from "zod"; import crypto from "crypto"; import { TRPCError } from "@trpc/server"; import bcrypt from "bcryptjs"; -import { router, protectedProcedure, requireSuperAdmin } from "@/trpc/init"; +import { router, protectedProcedure, requireSuperAdmin, denyInDemo } from "@/trpc/init"; import { prisma } from "@/lib/prisma"; import { withAudit } from "@/server/middleware/audit"; import { writeAuditLog } from "@/server/services/audit"; @@ -37,6 +37,7 @@ export const adminRouter = router({ /** Assign a user to a team with a specific role */ assignToTeam: protectedProcedure + .use(denyInDemo()) .use(requireSuperAdmin()) .use(withAudit("admin.user_assigned_to_team", "User")) .input(z.object({ @@ -60,6 +61,7 @@ export const adminRouter = router({ /** Delete a user and all their data */ deleteUser: protectedProcedure + .use(denyInDemo()) .use(requireSuperAdmin()) .input(z.object({ userId: z.string() })) .mutation(async ({ ctx, input }) => { @@ -107,6 +109,7 @@ export const adminRouter = router({ /** Toggle super admin status */ toggleSuperAdmin: protectedProcedure + .use(denyInDemo()) .use(requireSuperAdmin()) .use(withAudit("admin.super_admin_toggled", "User")) .input(z.object({ userId: z.string(), isSuperAdmin: z.boolean() })) @@ -134,6 +137,7 @@ export const adminRouter = router({ /** Create a local user account */ createUser: protectedProcedure + .use(denyInDemo()) .use(requireSuperAdmin()) .use(withAudit("admin.user_created", "User")) .input(z.object({ @@ -172,6 +176,7 @@ export const adminRouter = router({ /** Remove a user from a specific team */ removeFromTeam: protectedProcedure + .use(denyInDemo()) .use(requireSuperAdmin()) .use(withAudit("admin.user_removed_from_team", "User")) .input(z.object({ userId: z.string(), teamId: z.string() })) @@ -188,6 +193,7 @@ export const adminRouter = router({ /** Lock a user account */ lockUser: protectedProcedure + .use(denyInDemo()) .use(requireSuperAdmin()) .use(withAudit("admin.user_locked", "User")) .input(z.object({ userId: z.string() })) @@ -204,6 +210,7 @@ export const adminRouter = router({ /** Unlock a user account */ unlockUser: protectedProcedure + .use(denyInDemo()) .use(requireSuperAdmin()) .use(withAudit("admin.user_unlocked", "User")) .input(z.object({ userId: z.string() })) @@ -217,6 +224,7 @@ export const adminRouter = router({ /** Reset a user's password (generates temporary password) */ resetPassword: protectedProcedure + .use(denyInDemo()) .use(requireSuperAdmin()) .use(withAudit("admin.password_reset", "User")) .input(z.object({ userId: z.string() })) diff --git a/src/server/routers/alert-webhooks.ts b/src/server/routers/alert-webhooks.ts index 8bf5adac..84e16e96 100644 --- a/src/server/routers/alert-webhooks.ts +++ b/src/server/routers/alert-webhooks.ts @@ -1,7 +1,7 @@ import { z } from "zod"; import { TRPCError } from "@trpc/server"; import { Prisma } from "@/generated/prisma"; -import { router, protectedProcedure, withTeamAccess } from "@/trpc/init"; +import { router, protectedProcedure, withTeamAccess, denyInDemo } from "@/trpc/init"; import { prisma } from "@/lib/prisma"; import { withAudit } from "@/server/middleware/audit"; import crypto from "crypto"; @@ -123,6 +123,7 @@ export const alertWebhooksRouter = router({ testWebhook: protectedProcedure .input(z.object({ id: z.string() })) + .use(denyInDemo()) .use(withTeamAccess("EDITOR")) .use(withAudit("alertWebhook.tested", "AlertWebhook")) .mutation(async ({ input }) => { diff --git a/src/server/routers/environment.ts b/src/server/routers/environment.ts index fc9659ec..62ed3975 100644 --- a/src/server/routers/environment.ts +++ b/src/server/routers/environment.ts @@ -1,7 +1,7 @@ import crypto from "crypto"; import { z } from "zod"; import { TRPCError } from "@trpc/server"; -import { router, protectedProcedure, withTeamAccess, requireSuperAdmin } from "@/trpc/init"; +import { router, protectedProcedure, withTeamAccess, requireSuperAdmin, denyInDemo } from "@/trpc/init"; import { prisma } from "@/lib/prisma"; import { withAudit } from "@/server/middleware/audit"; import { generateEnrollmentToken } from "@/server/services/agent-token"; @@ -208,6 +208,7 @@ export const environmentRouter = router({ branch: z.string().min(1).max(100).regex(/^[a-zA-Z0-9._\/-]+$/), token: z.string().min(1).optional(), })) + .use(denyInDemo()) .use(withTeamAccess("EDITOR")) .use(withAudit("environment.gitConnection.tested", "Environment")) .mutation(async ({ input }) => { diff --git a/src/server/routers/service-account.ts b/src/server/routers/service-account.ts index 6df847de..38771c0d 100644 --- a/src/server/routers/service-account.ts +++ b/src/server/routers/service-account.ts @@ -1,6 +1,6 @@ import crypto from "crypto"; import { z } from "zod"; -import { router, protectedProcedure, withTeamAccess } from "@/trpc/init"; +import { router, protectedProcedure, withTeamAccess, denyInDemo } from "@/trpc/init"; import { prisma } from "@/lib/prisma"; import { withAudit } from "@/server/middleware/audit"; import { TRPCError } from "@trpc/server"; @@ -55,6 +55,7 @@ export const serviceAccountRouter = router({ expiresInDays: z.number().int().min(1).optional(), }), ) + .use(denyInDemo()) .use(withTeamAccess("ADMIN")) .use(withAudit("serviceAccount.created", "ServiceAccount")) .mutation(async ({ input, ctx }) => { @@ -114,6 +115,7 @@ export const serviceAccountRouter = router({ revoke: protectedProcedure .input(z.object({ id: z.string() })) + .use(denyInDemo()) .use(withTeamAccess("ADMIN")) .use(withAudit("serviceAccount.revoked", "ServiceAccount")) .mutation(async ({ input }) => { @@ -136,6 +138,7 @@ export const serviceAccountRouter = router({ delete: protectedProcedure .input(z.object({ id: z.string() })) + .use(denyInDemo()) .use(withTeamAccess("ADMIN")) .use(withAudit("serviceAccount.deleted", "ServiceAccount")) .mutation(async ({ input }) => { diff --git a/src/server/services/ai.ts b/src/server/services/ai.ts index 0d81a16e..e8ad9686 100644 --- a/src/server/services/ai.ts +++ b/src/server/services/ai.ts @@ -1,6 +1,7 @@ import { prisma } from "@/lib/prisma"; import { decrypt } from "./crypto"; import { checkRateLimit } from "@/lib/ai/rate-limiter"; +import { isDemoMode } from "@/lib/is-demo-mode"; const ENCRYPTED_PREFIX = "enc:"; @@ -106,6 +107,11 @@ export async function streamCompletion({ onToken, signal, }: StreamCompletionParams): Promise { + if (isDemoMode()) { + onToken("AI features are disabled in the public demo."); + return; + } + const rateLimit = checkRateLimit(teamId); if (!rateLimit.allowed) { throw new Error( @@ -178,6 +184,10 @@ export async function streamCompletion({ } export async function testAiConnection(teamId: string): Promise<{ ok: boolean; error?: string }> { + if (isDemoMode()) { + return { ok: false, error: "AI features are disabled in the public demo." }; + } + try { const config = await getTeamAiConfig(teamId, { requireEnabled: false }); validateBaseUrl(config.baseUrl); diff --git a/src/server/services/channels/email.ts b/src/server/services/channels/email.ts index 49291adc..8617e099 100644 --- a/src/server/services/channels/email.ts +++ b/src/server/services/channels/email.ts @@ -1,6 +1,7 @@ import nodemailer from "nodemailer"; import type { ChannelDriver, ChannelPayload, ChannelDeliveryResult } from "./types"; import { validateSmtpHost } from "@/server/services/url-validation"; +import { isDemoMode } from "@/lib/is-demo-mode"; /** Escape user-controlled strings before interpolating into HTML. */ function escapeHtml(s: string): string { @@ -64,6 +65,10 @@ export const emailDriver: ChannelDriver = { config: Record, payload: ChannelPayload, ): Promise { + if (isDemoMode()) { + return { channelId: "", success: true }; + } + const smtpHost = config.smtpHost as string; const smtpPort = config.smtpPort as number; const smtpUser = config.smtpUser as string | undefined; diff --git a/src/server/services/channels/index.ts b/src/server/services/channels/index.ts index 69a71dd7..37ec142f 100644 --- a/src/server/services/channels/index.ts +++ b/src/server/services/channels/index.ts @@ -6,6 +6,7 @@ import { emailDriver } from "./email"; import { pagerdutyDriver } from "./pagerduty"; import { webhookDriver } from "./webhook"; import { trackChannelDelivery } from "@/server/services/delivery-tracking"; +import { isDemoMode } from "@/lib/is-demo-mode"; export type { ChannelPayload, ChannelDeliveryResult, ChannelDriver }; @@ -44,6 +45,12 @@ export async function deliverToChannels( payload: ChannelPayload, alertEventId?: string, ): Promise { + // Demo mode: never deliver to external notification channels (slack/email/ + // pagerduty/webhook). Individual drivers also have demo guards as + // defense-in-depth, but short-circuiting here also avoids reading channel + // configs for nothing. + if (isDemoMode()) return []; + let channels: Array<{ id: string; name: string; diff --git a/src/server/services/cost-optimizer-ai.ts b/src/server/services/cost-optimizer-ai.ts index 5dca3230..c98c08f6 100644 --- a/src/server/services/cost-optimizer-ai.ts +++ b/src/server/services/cost-optimizer-ai.ts @@ -4,6 +4,7 @@ import { buildCostRecommendationPrompt } from "@/lib/ai/cost-recommendation-prom import { parseAiReviewResponse } from "@/lib/ai/suggestion-validator"; import { debugLog, errorLog } from "@/lib/logger"; import { Prisma } from "@/generated/prisma"; +import { isDemoMode } from "@/lib/is-demo-mode"; const TAG = "cost-optimizer-ai"; @@ -13,6 +14,12 @@ const TAG = "cost-optimizer-ai"; * Returns the count of successfully enriched recommendations. */ export async function generateAiRecommendations(): Promise { + // Demo mode: do not call out to LLM providers (would drain operator API key). + if (isDemoMode()) { + debugLog(TAG, "Demo mode: skipping AI recommendation enrichment"); + return 0; + } + const recommendations = await prisma.costRecommendation.findMany({ where: { status: "PENDING", diff --git a/src/server/services/git-sync.ts b/src/server/services/git-sync.ts index b9c258cd..20adadf7 100644 --- a/src/server/services/git-sync.ts +++ b/src/server/services/git-sync.ts @@ -3,7 +3,8 @@ import { mkdtemp, writeFile, rm, mkdir } from "fs/promises"; import { join } from "path"; import { tmpdir } from "os"; import { decrypt } from "@/server/services/crypto"; -import { errorLog } from "@/lib/logger"; +import { errorLog, debugLog } from "@/lib/logger"; +import { isDemoMode } from "@/lib/is-demo-mode"; export interface GitSyncConfig { repoUrl: string; @@ -68,6 +69,11 @@ export async function gitSyncCommitPipeline( commitMessage: string, gitPath?: string | null, ): Promise { + if (isDemoMode()) { + debugLog("git-sync", `Demo mode: skipping commit for ${pipelineName}`); + return { success: true, commitSha: "demo-skipped" }; + } + let workdir: string | null = null; try { @@ -129,6 +135,11 @@ export async function gitSyncDeletePipeline( author: GitAuthor, gitPath?: string | null, ): Promise { + if (isDemoMode()) { + debugLog("git-sync", `Demo mode: skipping delete for ${pipelineName}`); + return { success: true, commitSha: "demo-skipped" }; + } + let workdir: string | null = null; try { diff --git a/src/server/services/gitops-promotion.ts b/src/server/services/gitops-promotion.ts index 8d8bd856..54393729 100644 --- a/src/server/services/gitops-promotion.ts +++ b/src/server/services/gitops-promotion.ts @@ -1,6 +1,7 @@ import { decrypt } from "@/server/services/crypto"; import { getProvider } from "@/server/services/git-providers"; import { toFilenameSlug } from "@/server/services/git-sync"; +import { isDemoMode } from "@/lib/is-demo-mode"; // --- Types --- @@ -44,6 +45,14 @@ export { parseGitHubOwnerRepo } from "@/server/services/git-providers/github"; export async function createPromotionPR( opts: CreatePromotionPROptions, ): Promise { + if (isDemoMode()) { + return { + prNumber: 0, + prUrl: "https://example.invalid/demo/pull/0", + prBranch: "vf-demo", + }; + } + const provider = getProvider({ gitProvider: opts.gitProvider ?? null, gitRepoUrl: opts.repoUrl, diff --git a/src/server/services/outbound-webhook.test.ts b/src/server/services/outbound-webhook.test.ts index 87f215da..048e34f8 100644 --- a/src/server/services/outbound-webhook.test.ts +++ b/src/server/services/outbound-webhook.test.ts @@ -210,6 +210,21 @@ describe("deliverOutboundWebhook", () => { expect(result.isPermanent).toBe(true); expect(result.error).toContain("SSRF"); }); + + it("never calls fetch when NEXT_PUBLIC_VF_DEMO_MODE=true", async () => { + vi.stubEnv("NEXT_PUBLIC_VF_DEMO_MODE", "true"); + const fetchSpy = vi.fn(); + vi.stubGlobal("fetch", fetchSpy); + + const result = await deliverOutboundWebhook(makeEndpoint(), samplePayload); + + expect(fetchSpy).not.toHaveBeenCalled(); + expect(vi.mocked(urlValidation.validatePublicUrl)).not.toHaveBeenCalled(); + expect(result.success).toBe(true); + + vi.unstubAllEnvs(); + vi.unstubAllGlobals(); + }); }); describe("isPermanentFailure", () => { diff --git a/src/server/services/outbound-webhook.ts b/src/server/services/outbound-webhook.ts index 78c4b6ba..98cbc7ef 100644 --- a/src/server/services/outbound-webhook.ts +++ b/src/server/services/outbound-webhook.ts @@ -5,6 +5,7 @@ import { validatePublicUrl } from "@/server/services/url-validation"; import { getNextRetryAt } from "@/server/services/delivery-tracking"; import type { AlertMetric } from "@/generated/prisma"; import { debugLog } from "@/lib/logger"; +import { isDemoMode } from "@/lib/is-demo-mode"; // ─── Types ────────────────────────────────────────────────────────────────── @@ -56,6 +57,13 @@ export async function deliverOutboundWebhook( payload: OutboundPayload, msgId = crypto.randomUUID(), ): Promise { + // Demo mode: never make outbound HTTP calls. Return a non-retryable + // success-shaped result so the delivery record settles cleanly. + if (isDemoMode()) { + debugLog("outbound-webhook", `Demo mode: skipping delivery to ${endpoint.url}`); + return { success: true, statusCode: 200, isPermanent: false }; + } + // SSRF protection try { await validatePublicUrl(endpoint.url); diff --git a/src/server/services/webhook-delivery.ts b/src/server/services/webhook-delivery.ts index 01167c8a..226e277c 100644 --- a/src/server/services/webhook-delivery.ts +++ b/src/server/services/webhook-delivery.ts @@ -1,7 +1,8 @@ import { prisma } from "@/lib/prisma"; import crypto from "crypto"; import { validatePublicUrl } from "@/server/services/url-validation"; -import { errorLog } from "@/lib/logger"; +import { errorLog, debugLog } from "@/lib/logger"; +import { isDemoMode } from "@/lib/is-demo-mode"; export interface WebhookPayload { alertId: string; @@ -58,6 +59,12 @@ export async function deliverSingleWebhook( }, payload: WebhookPayload, ): Promise { + // Demo mode: never make outbound HTTP calls. + if (isDemoMode()) { + debugLog("webhook-delivery", `Demo mode: skipping delivery to ${webhook.url}`); + return { success: true, statusCode: 200 }; + } + // SSRF protection: validate webhook URL resolves to a public IP try { await validatePublicUrl(webhook.url); diff --git a/src/trpc/init.ts b/src/trpc/init.ts index 314d0316..e94c0c6c 100644 --- a/src/trpc/init.ts +++ b/src/trpc/init.ts @@ -3,6 +3,7 @@ import superjson from "superjson"; import { headers } from "next/headers"; import { auth } from "@/auth"; import { prisma } from "@/lib/prisma"; +import { isDemoMode } from "@/lib/is-demo-mode"; import type { Role } from "@/generated/prisma"; export const createContext = async () => { @@ -426,4 +427,21 @@ export const withTeamAccess = (minRole: Role) => export const middleware = t.middleware; +/** + * Block a procedure when running in hosted demo mode (NEXT_PUBLIC_VF_DEMO_MODE=true). + * Apply to mutations that change identity surface (users, service accounts, OIDC, + * SCIM, backups, webhook endpoints) so the public demo cannot mint credentials, + * exfiltrate data, or escalate privileges. + */ +export const denyInDemo = () => + t.middleware(({ next }) => { + if (isDemoMode()) { + throw new TRPCError({ + code: "FORBIDDEN", + message: "This action is disabled in the public demo.", + }); + } + return next(); + }); + export { roleLevel }; From e02c916ca6cee6179114c1f7d1763c60fa0c98d3 Mon Sep 17 00:00:00 2001 From: TerrifiedBug Date: Sun, 26 Apr 2026 22:54:35 +0100 Subject: [PATCH 2/3] test(demo): add denyInDemo passthrough to router test mocks CI failed on the demo-guards branch because four existing router tests mock @/trpc/init with a partial export list. Adding denyInDemo to the real init.ts module surfaced as 'No denyInDemo export is defined on the @/trpc/init mock' inside alert-webhooks, environment, service-account, and admin tests. Add denyInDemo to each mock's passthrough export so the import resolves without changing test behavior. --- src/server/routers/__tests__/admin.test.ts | 1 + src/server/routers/__tests__/alert-webhooks.test.ts | 1 + src/server/routers/__tests__/environment.test.ts | 1 + src/server/routers/__tests__/service-account.test.ts | 1 + 4 files changed, 4 insertions(+) diff --git a/src/server/routers/__tests__/admin.test.ts b/src/server/routers/__tests__/admin.test.ts index 93ac50c5..42646b85 100644 --- a/src/server/routers/__tests__/admin.test.ts +++ b/src/server/routers/__tests__/admin.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/alert-webhooks.test.ts b/src/server/routers/__tests__/alert-webhooks.test.ts index 4b79a9d1..b2dc186c 100644 --- a/src/server/routers/__tests__/alert-webhooks.test.ts +++ b/src/server/routers/__tests__/alert-webhooks.test.ts @@ -21,6 +21,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/environment.test.ts b/src/server/routers/__tests__/environment.test.ts index 8800c77c..044cbb3d 100644 --- a/src/server/routers/__tests__/environment.test.ts +++ b/src/server/routers/__tests__/environment.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/service-account.test.ts b/src/server/routers/__tests__/service-account.test.ts index 9aff61b4..3cb0eecc 100644 --- a/src/server/routers/__tests__/service-account.test.ts +++ b/src/server/routers/__tests__/service-account.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); From aafcfbbca27ed8b74242dd5072062a3bb86bd882 Mon Sep 17 00:00:00 2001 From: TerrifiedBug Date: Mon, 27 Apr 2026 08:18:33 +0100 Subject: [PATCH 3/3] test(demo): add denyInDemo passthrough to all router test mocks Previous fix only covered four files; CI still failed because alert.ts re-exports alert-webhooks (whose router now imports denyInDemo) and many other test files mock @/trpc/init partially. Patch every test file that mocks @/trpc/init so the import resolves regardless of which router gets pulled in transitively. --- src/server/routers/__tests__/ai.test.ts | 1 + src/server/routers/__tests__/alert-channels.test.ts | 1 + src/server/routers/__tests__/alert-deliveries.test.ts | 1 + src/server/routers/__tests__/alert-events.test.ts | 1 + src/server/routers/__tests__/alert-retry-delivery.test.ts | 1 + src/server/routers/__tests__/alert-rules.test.ts | 1 + src/server/routers/__tests__/audit-deployments.test.ts | 1 + src/server/routers/__tests__/audit-export.test.ts | 1 + src/server/routers/__tests__/audit.test.ts | 1 + src/server/routers/__tests__/certificate.test.ts | 1 + src/server/routers/__tests__/dashboard.test.ts | 1 + src/server/routers/__tests__/deploy.test.ts | 1 + src/server/routers/__tests__/filter-preset.test.ts | 1 + src/server/routers/__tests__/fleet-list.test.ts | 1 + src/server/routers/__tests__/fleet-matrix-summary-scale.test.ts | 1 + src/server/routers/__tests__/fleet-matrix-summary.test.ts | 1 + src/server/routers/__tests__/fleet.test.ts | 1 + src/server/routers/__tests__/git-sync.test.ts | 1 + src/server/routers/__tests__/metrics.test.ts | 1 + src/server/routers/__tests__/migration-start-translation.test.ts | 1 + src/server/routers/__tests__/migration.test.ts | 1 + src/server/routers/__tests__/node-group.test.ts | 1 + src/server/routers/__tests__/pipeline-batch-import.test.ts | 1 + src/server/routers/__tests__/pipeline-bulk-tags.test.ts | 1 + src/server/routers/__tests__/pipeline-bulk.test.ts | 1 + src/server/routers/__tests__/pipeline-crud.test.ts | 1 + src/server/routers/__tests__/pipeline-dependency.test.ts | 1 + src/server/routers/__tests__/pipeline-deploy.test.ts | 1 + src/server/routers/__tests__/pipeline-get-n1.test.ts | 1 + src/server/routers/__tests__/pipeline-graph.test.ts | 1 + src/server/routers/__tests__/pipeline-group.test.ts | 1 + src/server/routers/__tests__/pipeline-observability-tap.test.ts | 1 + src/server/routers/__tests__/pipeline-observability.test.ts | 1 + src/server/routers/__tests__/pipeline-versions.test.ts | 1 + src/server/routers/__tests__/promotion.test.ts | 1 + src/server/routers/__tests__/secret.test.ts | 1 + src/server/routers/__tests__/settings.test.ts | 1 + src/server/routers/__tests__/shared-component.test.ts | 1 + src/server/routers/__tests__/staged-rollout.test.ts | 1 + src/server/routers/__tests__/team.test.ts | 1 + src/server/routers/__tests__/telemetry.test.ts | 1 + src/server/routers/__tests__/template.test.ts | 1 + src/server/routers/__tests__/user-preference.test.ts | 1 + src/server/routers/__tests__/user.test.ts | 1 + src/server/routers/__tests__/validator.test.ts | 1 + src/server/routers/__tests__/vrl-snippet.test.ts | 1 + src/server/routers/__tests__/vrl.test.ts | 1 + src/server/routers/__tests__/webhook-endpoint.test.ts | 1 + 48 files changed, 48 insertions(+) diff --git a/src/server/routers/__tests__/ai.test.ts b/src/server/routers/__tests__/ai.test.ts index 89176306..08ac1d02 100644 --- a/src/server/routers/__tests__/ai.test.ts +++ b/src/server/routers/__tests__/ai.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/alert-channels.test.ts b/src/server/routers/__tests__/alert-channels.test.ts index f21fdea1..fe078fda 100644 --- a/src/server/routers/__tests__/alert-channels.test.ts +++ b/src/server/routers/__tests__/alert-channels.test.ts @@ -22,6 +22,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/alert-deliveries.test.ts b/src/server/routers/__tests__/alert-deliveries.test.ts index b46d4ccb..cdb1a70e 100644 --- a/src/server/routers/__tests__/alert-deliveries.test.ts +++ b/src/server/routers/__tests__/alert-deliveries.test.ts @@ -31,6 +31,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/alert-events.test.ts b/src/server/routers/__tests__/alert-events.test.ts index c1e765dc..16b03747 100644 --- a/src/server/routers/__tests__/alert-events.test.ts +++ b/src/server/routers/__tests__/alert-events.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/alert-retry-delivery.test.ts b/src/server/routers/__tests__/alert-retry-delivery.test.ts index c97ff791..7b3a335a 100644 --- a/src/server/routers/__tests__/alert-retry-delivery.test.ts +++ b/src/server/routers/__tests__/alert-retry-delivery.test.ts @@ -35,6 +35,7 @@ vi.mock("@/trpc/init", () => { router: t.router, protectedProcedure: t.procedure, withTeamAccess: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/alert-rules.test.ts b/src/server/routers/__tests__/alert-rules.test.ts index c2617424..14e5356a 100644 --- a/src/server/routers/__tests__/alert-rules.test.ts +++ b/src/server/routers/__tests__/alert-rules.test.ts @@ -20,6 +20,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/audit-deployments.test.ts b/src/server/routers/__tests__/audit-deployments.test.ts index 08c5b701..fb8e3427 100644 --- a/src/server/routers/__tests__/audit-deployments.test.ts +++ b/src/server/routers/__tests__/audit-deployments.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/audit-export.test.ts b/src/server/routers/__tests__/audit-export.test.ts index 353d17d1..a9c55efd 100644 --- a/src/server/routers/__tests__/audit-export.test.ts +++ b/src/server/routers/__tests__/audit-export.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/audit.test.ts b/src/server/routers/__tests__/audit.test.ts index c0cda642..c2da466e 100644 --- a/src/server/routers/__tests__/audit.test.ts +++ b/src/server/routers/__tests__/audit.test.ts @@ -23,6 +23,7 @@ vi.mock("@/trpc/init", () => { router: t.router, protectedProcedure: t.procedure, withTeamAccess: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/certificate.test.ts b/src/server/routers/__tests__/certificate.test.ts index 176f71d6..72947c65 100644 --- a/src/server/routers/__tests__/certificate.test.ts +++ b/src/server/routers/__tests__/certificate.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/dashboard.test.ts b/src/server/routers/__tests__/dashboard.test.ts index 08da5795..9edc392c 100644 --- a/src/server/routers/__tests__/dashboard.test.ts +++ b/src/server/routers/__tests__/dashboard.test.ts @@ -23,6 +23,7 @@ vi.mock("@/trpc/init", () => { router: t.router, protectedProcedure: t.procedure, withTeamAccess: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/deploy.test.ts b/src/server/routers/__tests__/deploy.test.ts index 8ef1b6dc..01d723bf 100644 --- a/src/server/routers/__tests__/deploy.test.ts +++ b/src/server/routers/__tests__/deploy.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/filter-preset.test.ts b/src/server/routers/__tests__/filter-preset.test.ts index a6c6e4f3..b9de3af7 100644 --- a/src/server/routers/__tests__/filter-preset.test.ts +++ b/src/server/routers/__tests__/filter-preset.test.ts @@ -16,6 +16,7 @@ vi.mock("@/trpc/init", () => { router: t.router, protectedProcedure: t.procedure, withTeamAccess: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/fleet-list.test.ts b/src/server/routers/__tests__/fleet-list.test.ts index 6daba667..354396b7 100644 --- a/src/server/routers/__tests__/fleet-list.test.ts +++ b/src/server/routers/__tests__/fleet-list.test.ts @@ -16,6 +16,7 @@ vi.mock("@/trpc/init", () => { router: t.router, protectedProcedure: t.procedure, withTeamAccess: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/fleet-matrix-summary-scale.test.ts b/src/server/routers/__tests__/fleet-matrix-summary-scale.test.ts index 56ad289f..038954b4 100644 --- a/src/server/routers/__tests__/fleet-matrix-summary-scale.test.ts +++ b/src/server/routers/__tests__/fleet-matrix-summary-scale.test.ts @@ -16,6 +16,7 @@ vi.mock("@/trpc/init", () => { router: t.router, protectedProcedure: t.procedure, withTeamAccess: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/fleet-matrix-summary.test.ts b/src/server/routers/__tests__/fleet-matrix-summary.test.ts index ef2b4b7a..33e259c1 100644 --- a/src/server/routers/__tests__/fleet-matrix-summary.test.ts +++ b/src/server/routers/__tests__/fleet-matrix-summary.test.ts @@ -16,6 +16,7 @@ vi.mock("@/trpc/init", () => { router: t.router, protectedProcedure: t.procedure, withTeamAccess: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/fleet.test.ts b/src/server/routers/__tests__/fleet.test.ts index cee6abb2..2afd28b3 100644 --- a/src/server/routers/__tests__/fleet.test.ts +++ b/src/server/routers/__tests__/fleet.test.ts @@ -28,6 +28,7 @@ vi.mock("@/trpc/init", () => { router: t.router, protectedProcedure: t.procedure, withTeamAccess: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/git-sync.test.ts b/src/server/routers/__tests__/git-sync.test.ts index 0bb4dc9c..853cb097 100644 --- a/src/server/routers/__tests__/git-sync.test.ts +++ b/src/server/routers/__tests__/git-sync.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/metrics.test.ts b/src/server/routers/__tests__/metrics.test.ts index 87b0d3db..493cbf5b 100644 --- a/src/server/routers/__tests__/metrics.test.ts +++ b/src/server/routers/__tests__/metrics.test.ts @@ -24,6 +24,7 @@ vi.mock("@/trpc/init", () => { router: t.router, protectedProcedure: t.procedure, withTeamAccess: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/migration-start-translation.test.ts b/src/server/routers/__tests__/migration-start-translation.test.ts index ca9c078f..6a9afb56 100644 --- a/src/server/routers/__tests__/migration-start-translation.test.ts +++ b/src/server/routers/__tests__/migration-start-translation.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/migration.test.ts b/src/server/routers/__tests__/migration.test.ts index 13489cb0..73442276 100644 --- a/src/server/routers/__tests__/migration.test.ts +++ b/src/server/routers/__tests__/migration.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/node-group.test.ts b/src/server/routers/__tests__/node-group.test.ts index c81c84f6..2e4113cb 100644 --- a/src/server/routers/__tests__/node-group.test.ts +++ b/src/server/routers/__tests__/node-group.test.ts @@ -18,6 +18,7 @@ vi.mock("@/trpc/init", () => { router: t.router, protectedProcedure: t.procedure, withTeamAccess: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/pipeline-batch-import.test.ts b/src/server/routers/__tests__/pipeline-batch-import.test.ts index 41b36ac9..697136c0 100644 --- a/src/server/routers/__tests__/pipeline-batch-import.test.ts +++ b/src/server/routers/__tests__/pipeline-batch-import.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/pipeline-bulk-tags.test.ts b/src/server/routers/__tests__/pipeline-bulk-tags.test.ts index a1a6e78a..1648a7ea 100644 --- a/src/server/routers/__tests__/pipeline-bulk-tags.test.ts +++ b/src/server/routers/__tests__/pipeline-bulk-tags.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/pipeline-bulk.test.ts b/src/server/routers/__tests__/pipeline-bulk.test.ts index a0cd7847..de5a771c 100644 --- a/src/server/routers/__tests__/pipeline-bulk.test.ts +++ b/src/server/routers/__tests__/pipeline-bulk.test.ts @@ -23,6 +23,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/pipeline-crud.test.ts b/src/server/routers/__tests__/pipeline-crud.test.ts index bef5c8bb..d91be40b 100644 --- a/src/server/routers/__tests__/pipeline-crud.test.ts +++ b/src/server/routers/__tests__/pipeline-crud.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/pipeline-dependency.test.ts b/src/server/routers/__tests__/pipeline-dependency.test.ts index f19079e9..cac645d8 100644 --- a/src/server/routers/__tests__/pipeline-dependency.test.ts +++ b/src/server/routers/__tests__/pipeline-dependency.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/pipeline-deploy.test.ts b/src/server/routers/__tests__/pipeline-deploy.test.ts index a0fdaad8..0efb690b 100644 --- a/src/server/routers/__tests__/pipeline-deploy.test.ts +++ b/src/server/routers/__tests__/pipeline-deploy.test.ts @@ -27,6 +27,7 @@ vi.mock("@/trpc/init", () => { router: t.router, protectedProcedure: t.procedure, withTeamAccess: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/pipeline-get-n1.test.ts b/src/server/routers/__tests__/pipeline-get-n1.test.ts index 0ab2222d..1e53aa4d 100644 --- a/src/server/routers/__tests__/pipeline-get-n1.test.ts +++ b/src/server/routers/__tests__/pipeline-get-n1.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/pipeline-graph.test.ts b/src/server/routers/__tests__/pipeline-graph.test.ts index 192beb4a..eef6bfcd 100644 --- a/src/server/routers/__tests__/pipeline-graph.test.ts +++ b/src/server/routers/__tests__/pipeline-graph.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/pipeline-group.test.ts b/src/server/routers/__tests__/pipeline-group.test.ts index 280a59b3..56b0f46d 100644 --- a/src/server/routers/__tests__/pipeline-group.test.ts +++ b/src/server/routers/__tests__/pipeline-group.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { router: t.router, protectedProcedure: t.procedure, withTeamAccess: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/pipeline-observability-tap.test.ts b/src/server/routers/__tests__/pipeline-observability-tap.test.ts index 0e002a16..dacb0077 100644 --- a/src/server/routers/__tests__/pipeline-observability-tap.test.ts +++ b/src/server/routers/__tests__/pipeline-observability-tap.test.ts @@ -15,6 +15,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/pipeline-observability.test.ts b/src/server/routers/__tests__/pipeline-observability.test.ts index 76f886f1..0063ddbe 100644 --- a/src/server/routers/__tests__/pipeline-observability.test.ts +++ b/src/server/routers/__tests__/pipeline-observability.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/pipeline-versions.test.ts b/src/server/routers/__tests__/pipeline-versions.test.ts index d548ac8d..ae108e1c 100644 --- a/src/server/routers/__tests__/pipeline-versions.test.ts +++ b/src/server/routers/__tests__/pipeline-versions.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/promotion.test.ts b/src/server/routers/__tests__/promotion.test.ts index 8ade26fb..8a750ed0 100644 --- a/src/server/routers/__tests__/promotion.test.ts +++ b/src/server/routers/__tests__/promotion.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/secret.test.ts b/src/server/routers/__tests__/secret.test.ts index 5b667bd9..041305d6 100644 --- a/src/server/routers/__tests__/secret.test.ts +++ b/src/server/routers/__tests__/secret.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/settings.test.ts b/src/server/routers/__tests__/settings.test.ts index e23116e9..1f563715 100644 --- a/src/server/routers/__tests__/settings.test.ts +++ b/src/server/routers/__tests__/settings.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/shared-component.test.ts b/src/server/routers/__tests__/shared-component.test.ts index 2a5a5ff4..e5b6f68c 100644 --- a/src/server/routers/__tests__/shared-component.test.ts +++ b/src/server/routers/__tests__/shared-component.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/staged-rollout.test.ts b/src/server/routers/__tests__/staged-rollout.test.ts index 40bf6082..1373779f 100644 --- a/src/server/routers/__tests__/staged-rollout.test.ts +++ b/src/server/routers/__tests__/staged-rollout.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/team.test.ts b/src/server/routers/__tests__/team.test.ts index c7107fe8..88d20a84 100644 --- a/src/server/routers/__tests__/team.test.ts +++ b/src/server/routers/__tests__/team.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/telemetry.test.ts b/src/server/routers/__tests__/telemetry.test.ts index 16e8116e..3f639bbb 100644 --- a/src/server/routers/__tests__/telemetry.test.ts +++ b/src/server/routers/__tests__/telemetry.test.ts @@ -21,6 +21,7 @@ vi.mock("@/trpc/init", () => { router: t.router, protectedProcedure: t.procedure, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/template.test.ts b/src/server/routers/__tests__/template.test.ts index 1907e47c..a6a5131c 100644 --- a/src/server/routers/__tests__/template.test.ts +++ b/src/server/routers/__tests__/template.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/user-preference.test.ts b/src/server/routers/__tests__/user-preference.test.ts index 31fc17ad..31d1904b 100644 --- a/src/server/routers/__tests__/user-preference.test.ts +++ b/src/server/routers/__tests__/user-preference.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/user.test.ts b/src/server/routers/__tests__/user.test.ts index 9de02135..b55be686 100644 --- a/src/server/routers/__tests__/user.test.ts +++ b/src/server/routers/__tests__/user.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/validator.test.ts b/src/server/routers/__tests__/validator.test.ts index 3f0a967d..5a7c7411 100644 --- a/src/server/routers/__tests__/validator.test.ts +++ b/src/server/routers/__tests__/validator.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/vrl-snippet.test.ts b/src/server/routers/__tests__/vrl-snippet.test.ts index 264dab83..1662bf82 100644 --- a/src/server/routers/__tests__/vrl-snippet.test.ts +++ b/src/server/routers/__tests__/vrl-snippet.test.ts @@ -17,6 +17,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/vrl.test.ts b/src/server/routers/__tests__/vrl.test.ts index 1968b839..ece3482e 100644 --- a/src/server/routers/__tests__/vrl.test.ts +++ b/src/server/routers/__tests__/vrl.test.ts @@ -21,6 +21,7 @@ vi.mock("@/trpc/init", () => { protectedProcedure: t.procedure, withTeamAccess: passthrough, requireSuperAdmin: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; }); diff --git a/src/server/routers/__tests__/webhook-endpoint.test.ts b/src/server/routers/__tests__/webhook-endpoint.test.ts index b6773773..14b65c7a 100644 --- a/src/server/routers/__tests__/webhook-endpoint.test.ts +++ b/src/server/routers/__tests__/webhook-endpoint.test.ts @@ -19,6 +19,7 @@ vi.mock("@/trpc/init", () => { router: t.router, protectedProcedure: t.procedure, withTeamAccess: passthrough, + denyInDemo: passthrough, middleware: t.middleware, }; });