# M015 Hostile Fixture Setup

## Goal

Produce a trustworthy local runtime for cross-user authorization probes.

## Key discovery

The default development SQLite database in `JobTrackerApi/jobtracker.db` is **not** a trustworthy authorization-test target:

- it contains Identity and some later feature tables
- it does **not** contain the core domain tables needed for real cross-user job/correspondence/attachment probing
- current startup `Migrate()` behavior is therefore insufficient as the only hostile-test setup path

## Chosen fixture strategy

Use a dedicated clean SQLite fixture database created from the current EF model with `EnsureCreated()` semantics through a tiny helper program:

- helper project: `tools/hostile-fixture-db/`
- bootstrap script: `scripts/m015-hostile-fixture.sh`

This keeps the hostile runtime inside repo code and the real API host while avoiding ad-hoc manual SQL.

## What the helper does

- creates a clean `jobtracker.db` under a caller-provided data root
- builds the schema from the current `JobTrackerContext` model
- verifies the presence of core tables needed for M015:
  - `Companies`
  - `JobApplications`
  - `Correspondences`
  - `Attachments`
  - `RuleSettings`
  - `AspNetUsers`

## Runtime plan for S02

1. Run `scripts/m015-hostile-fixture.sh`.
2. Start the API with `Data__Root` pointing at that clean fixture root.
3. Mint an admin dev token against the fixture DB.
4. Create/reuse Alice and Bob through real API paths.
5. Seed Alice-owned company/job/correspondence/attachment fixtures through the real API.
6. Capture ids for cross-user hostile probes.

## Honest boundary

This slice establishes the trusted runtime path and fixture strategy. The full two-user seeded dataset and exploit execution belong in the next slice.