Root cause: tinypool worker teardown calls kill() which returns EPERM
in the act_runner host environment on Node.js v25.2.1. Tests pass but
the vitest process crashes during cleanup, causing CI failure.
Fix: --pool forks CLI flag on every package/service test script, plus
pool: 'forks' in all vitest.config.ts files. This uses child_process.fork()
worker management which handles termination cleanly.
60 package.json files updated, 10 vitest.config.ts files updated.
- Created .npmrc with @bytelyst scoped registry pointing to local Gitea
- Added publishConfig.registry to all 57 @bytelyst/* package.json files
- Created scripts/harden-publish-config.sh for future re-runs
- Prevents accidental publish to npmjs.org or corporate JFrog registry
6 test files across 4 packages (auth-ui, dashboard-components,
dashboard-shell, react-auth) failed with 'document is not defined'
when run from the monorepo root because the root vitest config uses
environment: 'node'. The package-local configs set happy-dom but are
ignored when vitest is invoked from root.
Fix: Add per-file '// @vitest-environment happy-dom' annotations,
which is the recommended vitest pattern for mixed-environment monorepos.
This ensures tests work regardless of which config is loaded.
Recovers 148 tests across 6 files.
When productId is configured via createAuthProvider({ productId }),
it is now included in the login and register POST bodies alongside
email/password. Previously it was only injected for OAuth calls.
This is required by platform-service which validates productId on
all auth endpoints.
- GET /auth/mfa/totp/secret — retrieve decrypted TOTP secret for auth app
- POST /auth/mfa/push/create, GET /pending, POST /:id/respond, GET /:id/status
- POST /auth/qr/create, POST /auth/qr/confirm, GET /auth/qr/:id/status
- Kotlin SDK: getTotpSecret, getPendingApprovals, respondToApproval, confirmQrLogin
- Swift SDK: getTotpSecret, getPendingApprovals, respondToApproval, confirmQrLogin
- All 53 auth tests passing
