48a39b16d5
Covers 5 scenarios with extensive inline comments explaining business context and the 2026-03-25 stale-cache root-cause fix: 1. Auth gate (Sev-1 regression guard) — no UUID → Access Denied 2. Happy path — valid UUID + fresh cfg → access granted 3. Invalid UUID — Novi 404 → Access Denied 4. Stale cache — StorageEvent delivers fresh site_cfg_json → Effect 2 retries verification without reload (tests the reactive tracking fix in (idaa)/+layout.svelte) 5. iframe mode — Reload/Retry button visible on Access Denied Key lesson found while writing: ae_idaa_loc seed must include the full bb object or verify_novi_uuid() throws on bb.qry__hidden assignment, caught silently, resetting novi_uuid to null even after a successful Novi API call. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
25 KiB
25 KiB