A Promise.resolve(null) placeholder (e.g. the gated drafts slot) fulfils
with a null value; settled() dereferenced v.response unconditionally and
threw. Now any nullish value resolves to null. Adds unit tests for all
settled() branches.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
list_with_null_status_and_BLOG_WRITE_returns_PUBLISHED_not_all_stories
was byte-for-byte identical to the @DisplayName("security: ...") variant;
keep the named one.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Drafts appear in a separate unfiltered section at the top of the overview,
clearly separated by a divider and labelled with the draft badge on each row.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Blog writers now get a separate resilient DRAFT fetch alongside the
PUBLISHED list. A network failure degrades to drafts: [] rather than
a 500, so the overview stays usable even if the draft fetch times out.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
RED: loader does not yet call parent() or fetch DRAFT stories.
Also extracts settled<T>() helper to $lib/shared/server/settled.ts
and seeds makeData/callLoad factories with drafts/parent defaults.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
A blog writer passing null status previously forwarded null to the repository,
returning all stories including other authors' drafts. Now only an explicit
DRAFT request (blog writer only) scopes to the caller's own stories.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Rename list_passes_null_status_through_for_BLOG_WRITER_so_drafts_are_visible
to list_with_null_status_and_BLOG_WRITE_returns_PUBLISHED_not_all_stories and
rewrite to verify eq(PUBLISHED) is passed — this test is now RED against the
vulnerable list() implementation.
Strengthen list_forces_PUBLISHED_status_for_reader_without_BLOG_WRITE with
eq(PUBLISHED) and isNull() matchers — both tests are now real regression fixtures.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
