fix(bucket-tenants): make tenant lifecycle and bucket import validation safer

readme.hints.md

@@ -1,6 +1,6 @@
 # Project Hints for smartstorage
 
-## Current State (v6.4.0)
+## Current State (v6.5.0)
 
 - **Rust-powered S3-compatible storage server** via `@push.rocks/smartrust` IPC bridge
 - High-performance: streaming I/O, zero-copy, backpressure, range seek
@@ -16,7 +16,7 @@
 - Runtime credential listing and atomic replacement via the Rust bridge
 - Runtime credentials persist under `{storage}/.smartstorage/credentials.json`
 - Bucket tenant APIs provision scoped per-bucket credentials and enforce the scope before bucket-policy/default-auth authorization
-- Per-bucket export/import uses `smartstorage.bucket.v1` JSON with object payloads encoded per object
+- Per-bucket export/import uses `smartstorage.bucket.v1` JSON with object payloads encoded per object and size/MD5 validation on import
 - Cluster identity and topology snapshots persist under `{storage}/.smartstorage/cluster/`
 - S3-side operational endpoints are available at `/-/live`, `/-/ready`, `/-/health`, and `/-/metrics`
 - Runtime credential listing returns access-key metadata only; secrets are write-only
@@ -48,7 +48,7 @@
 | `stop` | `{}` | Graceful shutdown |
 | `createBucket` | `{ name: string }` | Create bucket directory |
 | `createBucketTenant` | `{ bucketName, accessKeyId, secretAccessKey, region? }` | Create bucket and scoped persisted credential |
-| `deleteBucketTenant` | `{ bucketName, accessKeyId? }` | Revoke scoped credential or delete tenant bucket recursively |
+| `deleteBucketTenant` | `{ bucketName, accessKeyId? }` | Revoke scoped credential or delete a verified tenant bucket recursively |
 | `rotateBucketTenantCredentials` | `{ bucketName, accessKeyId, secretAccessKey, region? }` | Replace scoped credential for one bucket |
 | `listBucketTenants` | `{}` | Return scoped credential metadata |
 | `getBucketTenantCredential` | `{ bucketName }` | Return one scoped credential including secret for descriptor generation |
@@ -56,7 +56,7 @@
 | `importBucket` | `{ bucketName, source }` | Import a `smartstorage.bucket.v1` bucket export |
 | `getStorageStats` | `{}` | Return cached bucket/global runtime stats + storage location capacity snapshots |
 | `listBucketSummaries` | `{}` | Return cached per-bucket runtime summaries |
-| `listCredentials` | `{}` | Return the active runtime auth credential set |
+| `listCredentials` | `{}` | Return metadata for the active runtime auth credential set |
 | `replaceCredentials` | `{ credentials: IStorageCredential[] }` | Atomically replace the runtime auth credential set |
 | `getClusterHealth` | `{}` | Return runtime cluster health or `{ enabled: false }` in standalone mode |
 
@@ -92,8 +92,8 @@
 
 ## Testing
 
-- `test/test.aws-sdk.node.ts` - AWS SDK v3 compatibility + runtime stats + standalone cluster health coverage (19 tests, auth disabled, port 3337)
-- `test/test.bucket-tenants.node.ts` - bucket tenant provisioning, per-bucket isolation, restart persistence, export/import, policy persistence, rotation, revoke/delete, AWS SDK v3 compatibility (12 tests, port 3361)
+- `test/test.aws-sdk.node.ts` - AWS SDK v3 compatibility + runtime stats + standalone cluster health/metrics coverage (20 tests, auth disabled, port 3337)
+- `test/test.bucket-tenants.node.ts` - bucket tenant provisioning, per-bucket isolation, restart persistence, export/import integrity, policy persistence, rotation, revoke/delete safeguards, AWS SDK v3 compatibility (15 tests, port 3361)
 - `test/test.credentials.node.ts` - runtime credential rotation coverage (10 tests, auth enabled, port 3349)
 - `test/test.health-http.node.ts` - unauthenticated operational endpoint coverage (3 tests, port 3353)
 - `test/test.cluster-health.node.ts` - single-node cluster health coverage (4 tests, S3 port 3348, QUIC port 4348)