Session 7h: Stripe products, tier config, scan limits, response gating, free tier

tests/integration/analyze.test.js

@@ -31,6 +31,14 @@ jest.mock('../../src/services/intelligence/analyzeViaEngine1', () => ({
   analyzeViaEngine1: (...args) => mockAnalyzeViaEngine1(...args),
 }));
 
+// Session 7h: the route now layers free-tier response gating on top of
+// the engine output. This suite tests the ENGINE → route contract
+// (full shape, kill conditions, etc.); the gating layer has its own
+// dedicated tests in tests/unit/tierGating.test.js. Pass-through here.
+jest.mock('../../src/utils/tierGating', () => ({
+  applyTierGating: (result) => result,
+}));
+
 const app = require('../../src/app');
 
 function fullShapedResponse(overrides = {}) {
@@ -64,11 +72,17 @@ function fullShapedResponse(overrides = {}) {
   };
 }
 
+// Session 7h: scan-limit middleware mounts on /api/analyze with a 24h
+// rolling per-IP quota. Without resetting, supertest's loopback IP
+// burns its 3 free-tier slots inside this file and later cases 429.
+const { __internals: scanLimitInternals } = require('../../src/middleware/scanLimit');
+
 beforeEach(() => {
   jest.clearAllMocks();
   mockRedis.get.mockResolvedValue(null);
   mockRedis.set.mockResolvedValue('OK');
   mockAnalyzeViaEngine1.mockReset();
+  scanLimitInternals.resetForTests();
 });
 
 describe('POST /api/analyze/prop', () => {

tests/integration/scan.test.js

@@ -220,8 +220,13 @@ const VALID_PARLAY = {
   ],
 };
 
+// Session 7h: scan-limit middleware mounts on /api/scan/parlay. Reset
+// between tests so the per-user 24h quota doesn't bleed across cases.
+const { __internals: scanLimitInternals } = require('../../src/middleware/scanLimit');
+
 beforeEach(() => {
   jest.clearAllMocks();
+  scanLimitInternals.resetForTests();
 });
 
 describe('POST /api/scan/parlay', () => {