fix Role creation method and permission checks in tests

app/__test__/app/mcp/mcp.auth.test.ts

@@ -201,7 +201,10 @@ describe("mcp auth", async () => {
          },
          return_config: true,
       });
-      expect(addGuestRole.config.guest.permissions).toEqual(["read", "write"]);
+      expect(addGuestRole.config.guest.permissions.map((p) => p.permission)).toEqual([
+         "read",
+         "write",
+      ]);
 
       // update role
       await tool(server, "config_auth_roles_update", {
@@ -210,13 +213,15 @@ describe("mcp auth", async () => {
             permissions: ["read"],
          },
       });
-      expect(app.toJSON().auth.roles?.guest?.permissions).toEqual(["read"]);
+      expect(app.toJSON().auth.roles?.guest?.permissions?.map((p) => p.permission)).toEqual([
+         "read",
+      ]);
 
       // get role
       const getGuestRole = await tool(server, "config_auth_roles_get", {
          key: "guest",
       });
-      expect(getGuestRole.value.permissions).toEqual(["read"]);
+      expect(getGuestRole.value.permissions.map((p) => p.permission)).toEqual(["read"]);
 
       // remove role
       await tool(server, "config_auth_roles_remove", {

app/__test__/auth/authorize/authorize.spec.ts

@@ -11,7 +11,7 @@ function createGuard(
 ) {
    const _roles = roles
       ? objectTransform(roles, ({ permissions = [], is_default, implicit_allow }, name) => {
-           return Role.create({ name, permissions, is_default, implicit_allow });
+           return Role.create(name, { permissions, is_default, implicit_allow });
         })
       : {};
    const _permissions = permissionNames.map((name) => new Permission(name));

app/__test__/auth/authorize/permissions.spec.ts

@@ -252,7 +252,7 @@ describe("permission middleware", () => {
 
    it("allows if user has (plain) role", async () => {
       const p = new Permission("test");
-      const r = Role.create({ name: "test", permissions: [p.name] });
+      const r = Role.create("test", { permissions: [p.name] });
       const hono = makeApp([p], [r])
          .use(async (c, next) => {
             // @ts-expect-error
@@ -512,7 +512,7 @@ describe("Role", () => {
          true,
       );
       const json = JSON.parse(JSON.stringify(r.toJSON()));
-      const r2 = Role.create(json);
+      const r2 = Role.create(p.name, json);
       expect(r2.toJSON()).toEqual(r.toJSON());
    });
 });

app/src/auth/AppAuth.ts

@@ -2,7 +2,7 @@ import type { DB, PrimaryFieldType } from "bknd";
 import * as AuthPermissions from "auth/auth-permissions";
 import type { AuthStrategy } from "auth/authenticate/strategies/Strategy";
 import type { PasswordStrategy } from "auth/authenticate/strategies/PasswordStrategy";
-import { $console, secureRandomString, transformObject } from "bknd/utils";
+import { $console, secureRandomString, transformObject, pick } from "bknd/utils";
 import type { Entity, EntityManager } from "data/entities";
 import { em, entity, enumm, type FieldSchema } from "data/prototype";
 import { Module } from "modules/Module";
@@ -211,12 +211,11 @@ export class AppAuth extends Module<AppAuthSchema> {
 
       const strategies = this.authenticator.getStrategies();
       const roles = Object.fromEntries(this.ctx.guard.getRoles().map((r) => [r.name, r.toJSON()]));
-      console.log("roles", roles);
 
       return {
          ...this.config,
          ...this.authenticator.toJSON(secrets),
-         roles: secrets ? roles : undefined,
+         roles,
          strategies: transformObject(strategies, (strategy) => ({
             enabled: this.isStrategyEnabled(strategy),
             ...strategy.toJSON(secrets),