Closes the highest-priority gaps from audit HIGH §19 + MED §§20–21:
* New tests/integration/documenso-webhook-route.test.ts exercises the
receiver route end-to-end: bad-secret rejection, valid-secret +
DOCUMENT_SIGNED writes a documentEvents row, dedup via signatureHash
refuses replays of the same body.
* tests/integration/documents-expired-webhook.test.ts gains a
cross-port assertion: two ports holding the same documenso_id, port
A receives the expired event, port B's document must NOT flip. Made
passing today by extending handleDocumentExpired to accept an
optional `portId` and refuse to mutate when the lookup is ambiguous
across multiple ports without one.
* tests/integration/custom-fields.test.ts gains a Cross-port Isolation
describe: definitions in port A invisible from port B,
setValues from port B with a port-A fieldId is rejected,
getValues for a port-A entity from port B is empty.
Deferred: Tier 5.1 (new test suites for portal-auth / users /
email-accounts / document-sends / sales-email-config) is a multi-hour
test-writing task best handled in a dedicated PR. Each service is
already covered indirectly via route + integration tests; the audit's
ask is direct service tests with cross-port negative paths, which
this commit doesn't address.
Test status: 1175/1175 vitest (was 1168), tsc clean.
Refs: docs/audit-comprehensive-2026-05-05.md HIGH §19 (auditor-J Issue 2)
+ MED §§20–21 (auditor-J Issues 3–4).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
