@63klabs/cache-data 1.3.8 → 1.3.9

package/AGENTS.md

@@ -234,7 +234,102 @@ src/
 5. **Immutability**: Prefer immutable objects where possible
 6. **Error Handling**: Always handle errors gracefully, log appropriately
 
-### 3.4 Adding New Functionality
+### 3.4 Non-Public Class Organization
+
+**CRITICAL**: Not all classes should be exported in the public API. Internal implementation classes must be kept separate from user-facing APIs.
+
+#### Directory Structure for Classes
+
+- **`src/lib/tools/`**: Public API classes and utilities
+  - Classes exported in `src/lib/tools/index.js`
+  - User-facing functionality
+  - Examples: `DebugAndLog`, `Timer`, `Response`, `APIRequest`
+
+- **`src/lib/utils/`**: Internal implementation classes
+  - Classes NOT exported in public API
+  - Used internally by public classes
+  - Examples: `InMemoryCache`, `ValidationExecutor`, `ValidationMatcher`
+
+#### When to Use Each Directory
+
+**Use `src/lib/tools/` when:**
+- Class is part of the public API
+- Users need direct access to the class
+- Class is exported in `src/index.js` or `src/lib/tools/index.js`
+- Class provides user-facing functionality
+
+**Use `src/lib/utils/` when:**
+- Class is internal implementation detail
+- Class is only used by other classes in the package
+- Class should not be exposed to users
+- Class is a helper or utility for internal use
+
+#### Example: ValidationExecutor and ValidationMatcher
+
+These classes are internal to ClientRequest's validation system:
+
+```javascript
+// src/lib/utils/ValidationExecutor.class.js
+// Internal class - not exported in public API
+class ValidationExecutor {
+  static execute(validateFn, paramNames, paramValues) {
+    // Implementation
+  }
+}
+
+// src/lib/utils/ValidationMatcher.class.js  
+// Internal class - not exported in public API
+class ValidationMatcher {
+  constructor(paramValidations, httpMethod, resourcePath) {
+    // Implementation
+  }
+}
+
+// src/lib/tools/ClientRequest.class.js
+// Public class - uses internal classes
+const ValidationMatcher = require('../utils/ValidationMatcher.class');
+const ValidationExecutor = require('../utils/ValidationExecutor.class');
+
+class ClientRequest {
+  // Uses ValidationMatcher and ValidationExecutor internally
+}
+```
+
+#### Testing Internal Classes
+
+Internal classes can still be tested using direct imports in test files:
+
+```javascript
+// test/request/validation/unit/validation-executor-tests.jest.mjs
+const ValidationExecutorModule = await import('../../../../src/lib/utils/ValidationExecutor.class.js');
+const ValidationExecutor = ValidationExecutorModule.default;
+
+describe('ValidationExecutor', () => {
+  it('should execute validation correctly', () => {
+    // Test internal class
+  });
+});
+```
+
+#### Rules for AI Assistants
+
+When creating new classes:
+
+1. **Determine visibility**: Is this class part of the public API?
+2. **Choose directory**: 
+   - Public API → `src/lib/tools/`
+   - Internal implementation → `src/lib/utils/`
+3. **Update exports**: Only export public classes in `src/lib/tools/index.js`
+4. **Document clearly**: Mark internal classes with `@private` JSDoc tag
+5. **Test appropriately**: Internal classes can be tested directly
+
+**DO NOT**:
+- Export internal classes in public API
+- Place public API classes in `src/lib/utils/`
+- Mix concerns between directories
+- Change class location without updating all imports
+
+### 3.5 Adding New Functionality
 
 **Before adding new methods or classes:**
 

package/CHANGELOG.md

@@ -8,6 +8,69 @@ To report an issue, or to see proposed and upcoming enhancements, check out [63K
 
 Report all vulnerabilities under the [Security menu](https://github.com/63Klabs/cache-data/security/advisories) in the Cache-Data GitHub repository.
 
+## v1.3.9 (unreleased)
+
+- Unreleased
+
+## v1.3.9 (2026-03-09)
+
+### Added
+- **Body Parameter Validation for ClientRequest** [Spec: 1-3-9-body-validation-and-header-format-fix](.kiro/specs/1-3-9-body-validation-and-header-format-fix/)
+  - **Body Parameter Validation**: ClientRequest now validates body parameters using the same validation framework as path, query, header, and cookie parameters
+    - Automatic JSON parsing with error handling for request bodies
+    - Support for both API Gateway v1 and v2 formats
+    - Validation using existing ValidationMatcher and ValidationExecutor classes
+    - Body validation integrated into validation chain after cookie validation
+    - `getBodyParameters()` method now returns validated body parameters
+  - **Header Key Conversion Utility**: New static method `convertHeaderKeyToCamelCase(headerKey)` helps developers determine correct validation rule keys
+    - Converts HTTP header names from kebab-case to camelCase (e.g., `content-type` → `contentType`)
+    - Handles multiple hyphens and uppercase input correctly
+    - Documented with examples of common HTTP headers
+  - **Enhanced Documentation**: Comprehensive JSDoc documentation for header key conversion behavior
+    - Header key conversion reference table showing HTTP headers and their camelCase equivalents
+    - Detailed explanation of conversion algorithm and why it's necessary
+    - Examples showing validation configuration with converted header keys
+    - Complete body validation examples with error handling
+  - **Backwards Compatible**: All new features are opt-in and maintain full backwards compatibility
+    - Existing code continues to work without modification
+    - Body validation only activates when configured
+    - No changes to existing validation behavior for other parameter types
+  - **Comprehensive Testing**: 8 property-based tests and extensive unit/integration tests validate correctness properties
+    - Body validation round-trip property
+    - Validation failure propagation
+    - JSON parsing precondition
+    - Header key conversion correctness
+    - Backwards compatibility preservation
+    - Common validation pattern support
+    - Multi-parameter validation interface
+
+### Security
+- **Fixed npm security vulnerabilities in serialize-javascript dependency** [Spec: 1-3-9-npm-security-vulnerabilities-fix](.kiro/specs/1-3-9-npm-security-vulnerabilities-fix/)
+  - Fixed 2 high severity vulnerabilities in serialize-javascript (RCE via RegExp.flags and Date.prototype.toISOString)
+  - Added npm override for serialize-javascript >=7.0.3 to force secure version
+  - No breaking changes to public APIs
+  - All existing tests pass
+
+### Added
+- **Enhanced Validation System for ClientRequest** [Spec: 1-3-9-improve-validations-object](.kiro/specs/1-3-9-improve-validations-object/)
+  - **Route-Specific Validations**: Define different validation rules for the same parameter name in different routes (e.g., `id` in `/product/{id}` vs `/employee/{id}`)
+  - **Method-Specific Validations**: Define different validation rules based on HTTP method (e.g., stricter validation for `POST` than `GET`)
+  - **Method-and-Route Validations**: Most precise control with validation rules for specific method-route combinations (e.g., `POST:join/{id}`)
+  - **Multi-Parameter Validations**: Validate multiple parameters together to enforce cross-parameter constraints
+  - **Clear Priority Order**: Four-tier priority system (method-and-route > route-only > method-only > global)
+  - **Backwards Compatible**: Existing global parameter validations continue to work without any code changes
+  - **Performance Optimized**: Pattern normalization caching and early exit optimization for minimal overhead
+  - **Comprehensive Testing**: 15 correctness properties validated through property-based testing
+
+### Enhancement
+- **AppConfig Async Initialization Optimization** [Spec: 1-3-9-appconfig-async-init-optimization](.kiro/specs/1-3-9-appconfig-async-init-optimization/)
+  - **Parallel Initialization**: All AppConfig.init() operations now execute asynchronously in parallel, improving Lambda cold start performance by 10-20%
+  - **Backwards Compatible**: No API changes - existing code continues to work without modifications
+  - **Optimized Operations**: Settings, connections, validations, responses, and SSM parameters all initialize concurrently
+  - **Error Resilient**: Individual initialization failures don't block other operations
+  - **Transparent**: Debug logging and error handling work identically to previous implementation
+  - **Performance**: Cold start time reduced from 62-212ms to 50-200ms (sequential to parallel execution)
+
 ## v1.3.8 (2026-03-02)
 
 ### Security

package/CONTRIBUTING.md

@@ -26,7 +26,7 @@ Spec-Driven, AI-Assisted Engineering (SD-AI) is a software development methodolo
 
 Code must be reviewed, understood, and tested by a human before being merged.
 
-Kiro is the required AI coding assistant for final integrations, documentation, and testing, as it is in the AWS Ecosystem and this project is deveoped to deploy on the AWS platform. Just like test suites, Kiro ensures the proper tests, documentation, and guardrails are in place. Kiro is as important as commit-hooks and tests as it is a tool that ensures quality checks and should not be bypassed.
+Kiro is the required AI coding assistant for final integrations, documentation, and testing, as it is in the AWS Ecosystem and this project is developed to deploy on the AWS platform. Just like test suites, Kiro ensures the proper tests, documentation, and guardrails are in place. Kiro is as important as commit-hooks and tests as it is a tool that ensures quality checks and should not be bypassed.
 
 Ensure [AGENTS](./AGENTS.md) and Kiro steering documents are reviewed, understood, and used by both humans and AI.
 
@@ -126,7 +126,7 @@ npm test -- test/cache/
 
 ## Documentation Standards
 
-All public APIs must have complete JSDoc documentation. See [Documentation Standards](.kiro/steering/documentation-standards.md) for detailed requirements.
+All public APIs must have complete JSDoc documentation. See [JSDoc Documentation Standards](.kiro/steering/documentation-standards-jsdoc.md) for detailed requirements.
 
 **Required JSDoc tags:**
 - Description of what the function/class does

package/README.md

@@ -50,7 +50,7 @@ The @63klabs/cache-data package provides three main modules:
 
 ### Requirements
 
-- Node.js >=20.0.0 runtime on Lambda
+- Node.js >=22.0.0 runtime on Lambda
 - AWS Services:
   - **AWS Lambda**: For running your serverless functions
   - **Amazon S3**: For storing large cached objects
@@ -68,7 +68,7 @@ Install the package using npm:
 npm install @63klabs/cache-data
 ```
 
-The simplest way to get started is to use the [63klabs Atlantis Templates and Script platform](https://github.com/63Klabs/atlantis-cfn-configuration-repo-for-serverless-deployments) to deploy this and other ready-to-run solutions via CI/CD.
+The simplest way to get started is to use the [63klabs Atlantis Templates and Script Platform](https://github.com/63Klabs/atlantis) to deploy this and other ready-to-run solutions via CI/CD.
 
 However, if you want to write your own templates and code, follow the following steps:
 
@@ -102,26 +102,22 @@ It is recommended that you use the quick-start method when implementing for the
 ### Basic Caching Example
 
 ```javascript
-const { cache } = require("@63klabs/cache-data");
+const { cache: {CacheableDataAccess, Cache}, endpoint } = require("@63klabs/cache-data");
 
 // Initialize cache with your S3 bucket and DynamoDB table
 cache.Cache.init({
-  s3Bucket: process.env.CACHE_DATA_S3_BUCKET,
-  dynamoDbTable: process.env.CACHE_DATA_DYNAMODB_TABLE,
-  securityKey: process.env.CACHE_DATA_SECURITY_KEY
+  s3Bucket: process.env.CACHE_DATA_S3_BUCKET, // Cache.init will check this env variable automatically if not provided here
+  dynamoDbTable: process.env.CACHE_DATA_DYNAMODB_TABLE, // Cache.init will check this env variable automatically if not provided here
+  securityKey: process.env.CACHE_DATA_SECURITY_KEY // don't do this, use SSM Parameter Store - example only
 });
 
-// Cache some data
-const cacheKey = "my-data-key";
-const dataToCache = { message: "Hello, World!", timestamp: Date.now() };
-
-await cache.Cache.put(cacheKey, dataToCache, 3600); // Cache for 1 hour
+// 
 
 // Retrieve cached data
-const cachedData = await cache.Cache.get(cacheKey);
-if (cachedData) {
-  console.log("Retrieved from cache:", cachedData);
-}
+const conn = { host: "api.example.com", path: "api/users"};
+const cacheProfile = {/* cache parameters */};
+const cachedData = await CacheableDataAccess.getData(cacheProfile, endpoint.get, conn);
+const data = cachedData.getBody(true);
 ```
 
 ### Making Endpoint Requests
@@ -131,8 +127,7 @@ const { endpoint } = require("@63klabs/cache-data");
 
 // Make a simple GET request to an API
 const response = await endpoint.get(
-  { host: "api.example.com", path: "/data" },
-  { parameters: { q: "search-term" } }
+  { host: "api.example.com", path: "/data", parameters: { q: "search-term" } }
 );
 
 console.log("API Response:", response.body);
@@ -142,7 +137,7 @@ console.log("Status Code:", response.statusCode);
 ### Using APIRequest with Pagination and Retry
 
 ```javascript
-const { tools } = require("@63klabs/cache-data");
+const { tools: {APIRequest} } = require("@63klabs/cache-data");
 
 // Make a request with automatic pagination and retry
 const request = new tools.APIRequest({
@@ -165,23 +160,15 @@ const response = await request.send();
 // Response contains all users from all pages
 const allUsers = JSON.parse(response.body).items;
 console.log(`Retrieved ${allUsers.length} total users`);
-
-// Check metadata
-if (response.metadata?.pagination?.occurred) {
-  console.log(`Fetched ${response.metadata.pagination.totalPages} pages`);
-}
-if (response.metadata?.retries?.occurred) {
-  console.log(`Succeeded after ${response.metadata.retries.attempts} attempts`);
-}
 ```
 
 ### Using Utility Tools
 
 ```javascript
-const { tools } = require("@63klabs/cache-data");
+const { tools: {DebugAndLog, Timer} } = require("@63klabs/cache-data");
 
 // Create a timer to measure performance
-const timer = new tools.Timer("my-operation");
+const timer = new Timer("my-operation");
 timer.start();
 
 // Your code here...
@@ -190,9 +177,8 @@ timer.stop();
 console.log(`Operation took ${timer.elapsed()}ms`);
 
 // Use the logger
-const logger = new tools.DebugAndLog("MyApp");
-logger.info("Application started");
-logger.error("An error occurred", { details: "error info" });
+DebugAndLog.debug("MyApp");
+DebugAndLog.error("Error in Service", error.msg);
 ```
 
 ## Help

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@63klabs/cache-data",
-  "version": "1.3.8",
+  "version": "1.3.9",
   "description": "Cache data from an API endpoint or application process using AWS S3 and DynamoDb",
   "author": "Chad Leigh Kluck (https://chadkluck.me)",
   "license": "MIT",
@@ -16,11 +16,11 @@
     "node": ">=20.0.0"
   },
   "dependencies": {
-    "aws-xray-sdk-core": "^3.12.0",
     "moment-timezone": "^0.6.0",
     "object-hash": "^3.0.0"
   },
   "devDependencies": {
+    "aws-xray-sdk-core": "^3.12.0",
     "@aws-sdk/client-dynamodb": "^3.995.0",
     "@aws-sdk/client-s3": "^3.995.0",
     "@aws-sdk/client-ssm": "^3.995.0",
@@ -35,10 +35,11 @@
     "sinon": "^21.0.1"
   },
   "overrides": {
-    "fast-xml-parser": ">=5.3.4",
     "diff": ">=8.0.3",
+    "fast-xml-parser": ">=5.3.4",
+    "glob": ">=13.0.6",
     "minimatch": ">=10.2.2",
-    "glob": ">=13.0.6"
+    "serialize-javascript": ">=7.0.3"
   },
   "scripts": {
     "test": "mocha 'test/**/*-tests.mjs' --exclude 'test/migration/property/test-execution-equivalence-property-tests.mjs'",

package/src/lib/dao-cache.js

@@ -1545,8 +1545,8 @@ class Cache {
 			("CACHE_DATA_USE_TOOLS_HASH" in process.env ? Cache.bool(process.env.CACHE_DATA_USE_TOOLS_HASH_METHOD) : false);
 		
 		// Initialize in-memory cache feature flag
-		this.#useInMemoryCache = parameters.useInMemoryCache || 
-			(process.env.CACHE_USE_IN_MEMORY === 'true') || 
+		this.#useInMemoryCache = Cache.bool(parameters.useInMemoryCache) || 
+			Cache.bool(process.env.CACHE_USE_IN_MEMORY) || 
 			false;
 		
 		// Initialize InMemoryCache if enabled
@@ -1654,34 +1654,51 @@ class Cache {
 	};
 
 	/**
-	 * Convert a value to boolean with special handling for the string "false".
+	 * Convert a value to boolean with strict handling for string values.
 	 * 
 	 * JavaScript's Boolean() function treats any non-empty string as true, including
-	 * the string "false". This method adds special handling for the string "false"
-	 * (case-insensitive) to return false, which is useful when dealing with JSON data,
-	 * query parameters, or configuration strings.
+	 * the string "false". This method provides strict boolean conversion where:
+	 * - The string "true" (case-insensitive) returns true
+	 * - The string "1" returns true
+	 * - The number 1 returns true
+	 * - The boolean true returns true
+	 * - All other values return false (including "false", "0", "no", whitespace, empty strings, null, undefined)
 	 * 
-	 * All other values are evaluated using JavaScript's standard Boolean() conversion.
+	 * This is useful when dealing with environment variables, JSON data, query parameters,
+	 * or configuration strings where only explicit "true" or "1" should enable a feature.
 	 * 
 	 * @param {*} value A value to convert to boolean
-	 * @returns {boolean} The boolean representation of the value, with "false" string treated as false
+	 * @returns {boolean} True only if value is explicitly truthy ("true", "1", 1, or true), false otherwise
 	 * @example
 	 * Cache.bool(true);      // true
 	 * Cache.bool(false);     // false
 	 * Cache.bool("true");    // true
-	 * Cache.bool("false");   // false (special handling)
-	 * Cache.bool("FALSE");   // false (case-insensitive)
+	 * Cache.bool("TRUE");    // true (case-insensitive)
+	 * Cache.bool("1");       // true
 	 * Cache.bool(1);         // true
+	 * Cache.bool("false");   // false
+	 * Cache.bool("0");       // false
+	 * Cache.bool("no");      // false
+	 * Cache.bool(" ");       // false (whitespace)
+	 * Cache.bool("  ");      // false (whitespace)
 	 * Cache.bool(0);         // false
 	 * Cache.bool(null);      // false
+	 * Cache.bool(undefined); // false
 	 * Cache.bool("");        // false
 	 */
 	static bool (value) {
 
-		if ( typeof value === 'string') { value = value.toLowerCase(); }
+		// >! Handle strings with strict true/false logic
+		// >! Only "true" and "1" are considered truthy strings
+		if ( typeof value === 'string') { 
+			value = value.trim().toLowerCase();
+			return value === 'true' || value === '1';
+		}
 
-		// Boolean("false") is true so we need to code for it. As long as it is not "false", trust Boolean()
-		return  (( value !== "false") ? Boolean(value) : false ); 
+		// >! For non-strings, use standard Boolean conversion
+		// >! This handles: true, 1, objects, arrays
+		// >! And returns false for: false, 0, null, undefined, NaN
+		return Boolean(value);
 	};
 
 	/**

package/src/lib/tools/AWS.classes.js

@@ -17,7 +17,17 @@ const isTrue = (value) => {
  */
 const USE_XRAY = isTrue(process.env?.CacheData_AWSXRayOn) || isTrue(process.env?.CACHE_DATA_AWS_X_RAY_ON);
 
+/**
+ * X-Ray object if it is enabled
+ * @returns {object|null} The AWSXRay object if enabled and initialized, null otherwise
+ */
 let AWSXRay = null;
+
+/**
+ * Whether or not X-Ray is initialized
+ * @private
+ * @returns {object|null} The AWSXRay object if enabled and initialized, null otherwise
+ */
 let xrayInitialized = false;
 
 const initializeXRay = () => {
@@ -278,9 +288,25 @@ class AWS {
 			}
 		}
 	)();
-	
+		
 	/**
-	 * @returns {object} DynamoDB Document Client and functions for put, get, scan, delete, update
+	 * Provides a DynamoDB client and helper functions.
+	 *
+	 * @returns {{
+	 *   client: object,
+	 *   put: {(params:Object) => Promise<any>},
+	 *   get: {(params:Object) => Promise<any>},
+	 *   scan: {(params:Object) => Promise<any>},
+	 *   delete: {(params:Object) => Promise<any>},
+	 *   update: {(params:Object) => Promise<any>},
+	 *   sdk: {
+	 *     DynamoDB: object,
+	 *     DynamoDBClient: object,
+	 *     DynamoDBDocumentClient: object,
+	 *     GetCommand: object,
+	 *     PutCommand: object
+	 *   }
+	 * }}
 	 */
 	static get dynamo() {
 		return {
@@ -295,7 +321,18 @@ class AWS {
 	}
 
 	/**
-	 * @returns {object} S3 Client and functions for put, get
+	 * Provides a S3 client and helper functions.
+	 *
+	 * @returns {{
+	 *   client: object,
+	 *   put: {(params:Object) => Promise<any>},
+	 *   get: {(params:Object) => Promise<any>},
+	 *   sdk: {
+	 *     S3: object,
+	 *     GetObjectCommand: object,
+	 *     PutObjectCommand: object
+	 *   }
+	 * }}
 	 */
 	static get s3() {
 		return {
@@ -307,7 +344,18 @@ class AWS {
 	}
 
 	/**
-	 * @returns {object} SSM Client and functions for getByName, getByPath
+	 * Provides a SSM client and helper functions.
+	 *
+	 * @returns {{
+	 *   client: object,
+	 *   getByName: {(query:Object) => Promise<any>},
+	 *   getByPath: {(query:Object) => Promise<any>},
+	 *   sdk: {
+	 *     SSMClient: object,
+	 *     GetParametersByPathCommand: object,
+	 *     GetParametersCommand: object
+	 *   }
+	 * }}
 	 */
 	static get ssm() {
 		return {
@@ -327,4 +375,9 @@ class AWS {
 
 };
 
-module.exports = {AWS, AWSXRay};
+module.exports = {
+	AWS,
+	Aws: AWS, // alias
+	AWSXRay,
+	AwsXRay: AWSXRay, // alias
+};

package/src/lib/tools/CachedParametersSecrets.classes.js

@@ -579,5 +579,6 @@ module.exports = {
 	CachedParameterSecrets,
 	CachedParameterSecret,
 	CachedSSMParameter,
+	CachedSsmParameter: CachedSSMParameter,
 	CachedSecret
 }