@agentlensai/server 0.2.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Amit Paz
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/__tests__/agents-stats.test.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Tests for Story 4.7: Agent and Stats Endpoints
+ */
+export {};
+//# sourceMappingURL=agents-stats.test.d.ts.map

package/dist/__tests__/agents-stats.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agents-stats.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/agents-stats.test.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/__tests__/agents-stats.test.js

@@ -0,0 +1,134 @@
+/**
+ * Tests for Story 4.7: Agent and Stats Endpoints
+ */
+import { describe, it, expect, beforeEach } from 'vitest';
+import { createTestApp, authHeaders } from './test-helpers.js';
+async function ingestEvents(app, apiKey, events) {
+    return app.request('/api/events', {
+        method: 'POST',
+        headers: authHeaders(apiKey),
+        body: JSON.stringify({ events }),
+    });
+}
+describe('Agent Endpoints (Story 4.7)', () => {
+    let app;
+    let apiKey;
+    beforeEach(async () => {
+        const ctx = createTestApp();
+        app = ctx.app;
+        apiKey = ctx.apiKey;
+        await ingestEvents(app, apiKey, [
+            {
+                sessionId: 'sess_001',
+                agentId: 'agent_001',
+                eventType: 'session_started',
+                payload: { agentName: 'Agent One', tags: [] },
+            },
+        ]);
+        await ingestEvents(app, apiKey, [
+            {
+                sessionId: 'sess_002',
+                agentId: 'agent_002',
+                eventType: 'session_started',
+                payload: { agentName: 'Agent Two', tags: [] },
+            },
+        ]);
+    });
+    describe('GET /api/agents', () => {
+        it('lists all agents', async () => {
+            const res = await app.request('/api/agents', {
+                headers: authHeaders(apiKey),
+            });
+            expect(res.status).toBe(200);
+            const body = await res.json();
+            expect(body.agents).toBeInstanceOf(Array);
+            expect(body.agents.length).toBe(2);
+            const names = body.agents.map((a) => a.name);
+            expect(names).toContain('Agent One');
+            expect(names).toContain('Agent Two');
+        });
+        it('includes agent metadata', async () => {
+            const res = await app.request('/api/agents', {
+                headers: authHeaders(apiKey),
+            });
+            const body = await res.json();
+            const agent = body.agents.find((a) => a.id === 'agent_001');
+            expect(agent.id).toBe('agent_001');
+            expect(agent.name).toBe('Agent One');
+            expect(agent.firstSeenAt).toBeTruthy();
+            expect(agent.lastSeenAt).toBeTruthy();
+            expect(agent.sessionCount).toBe(1);
+        });
+    });
+    describe('GET /api/agents/:id', () => {
+        it('returns a single agent', async () => {
+            const res = await app.request('/api/agents/agent_001', {
+                headers: authHeaders(apiKey),
+            });
+            expect(res.status).toBe(200);
+            const body = await res.json();
+            expect(body.id).toBe('agent_001');
+            expect(body.name).toBe('Agent One');
+        });
+        it('returns 404 for non-existent agent', async () => {
+            const res = await app.request('/api/agents/nonexistent', {
+                headers: authHeaders(apiKey),
+            });
+            expect(res.status).toBe(404);
+            const body = await res.json();
+            expect(body.error).toBe('Agent not found');
+        });
+    });
+});
+describe('Stats Endpoint (Story 4.7)', () => {
+    it('returns storage statistics for empty database', async () => {
+        const { app, apiKey } = createTestApp();
+        const res = await app.request('/api/stats', {
+            headers: authHeaders(apiKey),
+        });
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body.totalEvents).toBe(0);
+        expect(body.totalSessions).toBe(0);
+        expect(body.totalAgents).toBe(0);
+    });
+    it('returns accurate stats after ingestion', async () => {
+        const { app, apiKey } = createTestApp();
+        await ingestEvents(app, apiKey, [
+            {
+                sessionId: 'sess_001',
+                agentId: 'agent_001',
+                eventType: 'session_started',
+                timestamp: '2026-01-01T10:00:00Z',
+                payload: { tags: [] },
+            },
+            {
+                sessionId: 'sess_001',
+                agentId: 'agent_001',
+                eventType: 'tool_call',
+                timestamp: '2026-01-01T10:01:00Z',
+                payload: { toolName: 'search', arguments: {}, callId: 'c1' },
+            },
+        ]);
+        await ingestEvents(app, apiKey, [
+            {
+                sessionId: 'sess_002',
+                agentId: 'agent_002',
+                eventType: 'session_started',
+                timestamp: '2026-01-02T10:00:00Z',
+                payload: { tags: [] },
+            },
+        ]);
+        const res = await app.request('/api/stats', {
+            headers: authHeaders(apiKey),
+        });
+        const body = await res.json();
+        expect(body.totalEvents).toBe(3);
+        expect(body.totalSessions).toBe(2);
+        expect(body.totalAgents).toBe(2);
+        expect(body.oldestEvent).toBeTruthy();
+        expect(body.newestEvent).toBeTruthy();
+        expect(typeof body.storageSizeBytes).toBe('number');
+    });
+});
+//# sourceMappingURL=agents-stats.test.js.map

package/dist/__tests__/agents-stats.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agents-stats.test.js","sourceRoot":"","sources":["../../src/__tests__/agents-stats.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAG/D,KAAK,UAAU,YAAY,CAAC,GAAS,EAAE,MAAc,EAAE,MAAgB;IACrE,OAAO,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;QAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;KACjC,CAAC,CAAC;AACL,CAAC;AAED,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;IAC3C,IAAI,GAAS,CAAC;IACd,IAAI,MAAc,CAAC;IAEnB,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;QAC5B,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC;QACd,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;QAEpB,MAAM,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE;YAC9B;gBACE,SAAS,EAAE,UAAU;gBACrB,OAAO,EAAE,WAAW;gBACpB,SAAS,EAAE,iBAAiB;gBAC5B,OAAO,EAAE,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,EAAE;aAC9C;SACF,CAAC,CAAC;QAEH,MAAM,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE;YAC9B;gBACE,SAAS,EAAE,UAAU;gBACrB,OAAO,EAAE,WAAW;gBACpB,SAAS,EAAE,iBAAiB;gBAC5B,OAAO,EAAE,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,EAAE;aAC9C;SACF,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;QAC/B,EAAE,CAAC,kBAAkB,EAAE,KAAK,IAAI,EAAE;YAChC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE;gBAC3C,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;aAC7B,CAAC,CAAC;YAEH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAEnC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAmB,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC/D,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YACrC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;YACvC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE;gBAC3C,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;aAC7B,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAiB,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC;YAC5E,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACrC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,UAAU,EAAE,CAAC;YACvC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,UAAU,EAAE,CAAC;YACtC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,wBAAwB,EAAE,KAAK,IAAI,EAAE;YACtC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,uBAAuB,EAAE;gBACrD,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;aAC7B,CAAC,CAAC;YAEH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAClD,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,yBAAyB,EAAE;gBACvD,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;aAC7B,CAAC,CAAC;YAEH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;IAC1C,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,aAAa,EAAE,CAAC;QAExC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE;YAC1C,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;SAC7B,CAAC,CAAC;QAEH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,aAAa,EAAE,CAAC;QAExC,MAAM,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE;YAC9B;gBACE,SAAS,EAAE,UAAU;gBACrB,OAAO,EAAE,WAAW;gBACpB,SAAS,EAAE,iBAAiB;gBAC5B,SAAS,EAAE,sBAAsB;gBACjC,OAAO,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;aACtB;YACD;gBACE,SAAS,EAAE,UAAU;gBACrB,OAAO,EAAE,WAAW;gBACpB,SAAS,EAAE,WAAW;gBACtB,SAAS,EAAE,sBAAsB;gBACjC,OAAO,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;aAC7D;SACF,CAAC,CAAC;QAEH,MAAM,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE;YAC9B;gBACE,SAAS,EAAE,UAAU;gBACrB,OAAO,EAAE,WAAW;gBACpB,SAAS,EAAE,iBAAiB;gBAC5B,SAAS,EAAE,sBAAsB;gBACjC,OAAO,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;aACtB;SACF,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE;YAC1C,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;SAC7B,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,UAAU,EAAE,CAAC;QACtC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,UAAU,EAAE,CAAC;QACtC,MAAM,CAAC,OAAO,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/api-keys.test.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Tests for Story 4.3: API Key Management Endpoints
+ */
+export {};
+//# sourceMappingURL=api-keys.test.d.ts.map

package/dist/__tests__/api-keys.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-keys.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/api-keys.test.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/__tests__/api-keys.test.js

@@ -0,0 +1,118 @@
+/**
+ * Tests for Story 4.3: API Key Management Endpoints
+ */
+import { describe, it, expect } from 'vitest';
+import { createTestApp, authHeaders } from './test-helpers.js';
+describe('API Key Management (Story 4.3)', () => {
+    describe('POST /api/keys', () => {
+        it('creates a new API key and returns the raw key once', async () => {
+            const { app, apiKey } = createTestApp();
+            const res = await app.request('/api/keys', {
+                method: 'POST',
+                headers: authHeaders(apiKey),
+                body: JSON.stringify({ name: 'My New Key', scopes: ['read', 'write'] }),
+            });
+            expect(res.status).toBe(201);
+            const body = await res.json();
+            expect(body.key).toMatch(/^als_[a-f0-9]{64}$/);
+            expect(body.name).toBe('My New Key');
+            expect(body.scopes).toEqual(['read', 'write']);
+            expect(body.id).toBeTruthy();
+            expect(body.createdAt).toBeTruthy();
+        });
+        it('creates a key with defaults when no name/scopes provided', async () => {
+            const { app, apiKey } = createTestApp();
+            const res = await app.request('/api/keys', {
+                method: 'POST',
+                headers: authHeaders(apiKey),
+                body: JSON.stringify({}),
+            });
+            expect(res.status).toBe(201);
+            const body = await res.json();
+            expect(body.name).toBe('Unnamed Key');
+            expect(body.scopes).toEqual(['*']);
+        });
+    });
+    describe('GET /api/keys', () => {
+        it('lists all keys without raw key in response', async () => {
+            const { app, apiKey } = createTestApp();
+            // Create an additional key
+            await app.request('/api/keys', {
+                method: 'POST',
+                headers: authHeaders(apiKey),
+                body: JSON.stringify({ name: 'Extra Key' }),
+            });
+            const res = await app.request('/api/keys', {
+                headers: authHeaders(apiKey),
+            });
+            expect(res.status).toBe(200);
+            const body = await res.json();
+            expect(body.keys).toBeInstanceOf(Array);
+            // At least the pre-seeded key + the one we just created
+            expect(body.keys.length).toBeGreaterThanOrEqual(2);
+            // No raw key in response
+            for (const key of body.keys) {
+                expect(key).not.toHaveProperty('key');
+                expect(key).not.toHaveProperty('keyHash');
+                expect(key.id).toBeTruthy();
+                expect(key.name).toBeTruthy();
+            }
+        });
+    });
+    describe('DELETE /api/keys/:id', () => {
+        it('revokes (soft deletes) an API key', async () => {
+            const { app, apiKey } = createTestApp();
+            // Create a key to revoke
+            const createRes = await app.request('/api/keys', {
+                method: 'POST',
+                headers: authHeaders(apiKey),
+                body: JSON.stringify({ name: 'To Revoke' }),
+            });
+            const { id: newKeyId } = await createRes.json();
+            // Revoke it
+            const delRes = await app.request(`/api/keys/${newKeyId}`, {
+                method: 'DELETE',
+                headers: authHeaders(apiKey),
+            });
+            expect(delRes.status).toBe(200);
+            const body = await delRes.json();
+            expect(body.revoked).toBe(true);
+            // Verify it shows as revoked in the list
+            const listRes = await app.request('/api/keys', {
+                headers: authHeaders(apiKey),
+            });
+            const listBody = await listRes.json();
+            const revokedKey = listBody.keys.find((k) => k.id === newKeyId);
+            expect(revokedKey?.revokedAt).toBeTruthy();
+        });
+        it('returns 404 for non-existent key', async () => {
+            const { app, apiKey } = createTestApp();
+            const res = await app.request('/api/keys/nonexistent-id', {
+                method: 'DELETE',
+                headers: authHeaders(apiKey),
+            });
+            expect(res.status).toBe(404);
+        });
+        it('returns 409 for already revoked key', async () => {
+            const { app, apiKey } = createTestApp();
+            // Create and revoke
+            const createRes = await app.request('/api/keys', {
+                method: 'POST',
+                headers: authHeaders(apiKey),
+                body: JSON.stringify({ name: 'Double Revoke' }),
+            });
+            const { id: keyId } = await createRes.json();
+            await app.request(`/api/keys/${keyId}`, {
+                method: 'DELETE',
+                headers: authHeaders(apiKey),
+            });
+            // Try to revoke again
+            const res = await app.request(`/api/keys/${keyId}`, {
+                method: 'DELETE',
+                headers: authHeaders(apiKey),
+            });
+            expect(res.status).toBe(409);
+        });
+    });
+});
+//# sourceMappingURL=api-keys.test.js.map

package/dist/__tests__/api-keys.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-keys.test.js","sourceRoot":"","sources":["../../src/__tests__/api-keys.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAE/D,QAAQ,CAAC,gCAAgC,EAAE,GAAG,EAAE;IAC9C,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;YAClE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,aAAa,EAAE,CAAC;YACxC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE;gBACzC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;gBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;aACxE,CAAC,CAAC;YAEH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,UAAU,EAAE,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;YACxE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,aAAa,EAAE,CAAC;YACxC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE;gBACzC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;gBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;aACzB,CAAC,CAAC;YAEH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC7B,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,aAAa,EAAE,CAAC;YAExC,2BAA2B;YAC3B,MAAM,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE;gBAC7B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;gBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;aAC5C,CAAC,CAAC;YAEH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE;gBACzC,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;aAC7B,CAAC,CAAC;YAEH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YACxC,wDAAwD;YACxD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;YAEnD,yBAAyB;YACzB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;gBACtC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;gBAC1C,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC;gBAC5B,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC;YAChC,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;YACjD,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,aAAa,EAAE,CAAC;YAExC,yBAAyB;YACzB,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE;gBAC/C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;gBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;aAC5C,CAAC,CAAC;YACH,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC;YAEhD,YAAY;YACZ,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,aAAa,QAAQ,EAAE,EAAE;gBACxD,MAAM,EAAE,QAAQ;gBAChB,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;aAC7B,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAChC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAEhC,yCAAyC;YACzC,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE;gBAC7C,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;aAC7B,CAAC,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;YACtC,MAAM,UAAU,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAiB,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC;YAChF,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,UAAU,EAAE,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;YAChD,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,aAAa,EAAE,CAAC;YACxC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,0BAA0B,EAAE;gBACxD,MAAM,EAAE,QAAQ;gBAChB,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;aAC7B,CAAC,CAAC;YAEH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,aAAa,EAAE,CAAC;YAExC,oBAAoB;YACpB,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE;gBAC/C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;gBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;aAChD,CAAC,CAAC;YACH,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC;YAE7C,MAAM,GAAG,CAAC,OAAO,CAAC,aAAa,KAAK,EAAE,EAAE;gBACtC,MAAM,EAAE,QAAQ;gBAChB,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;aAC7B,CAAC,CAAC;YAEH,sBAAsB;YACtB,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,aAAa,KAAK,EAAE,EAAE;gBAClD,MAAM,EAAE,QAAQ;gBAChB,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;aAC7B,CAAC,CAAC;YAEH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/auth-no-db.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=auth-no-db.test.d.ts.map

package/dist/__tests__/auth-no-db.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-no-db.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/auth-no-db.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/auth-no-db.test.js

@@ -0,0 +1,43 @@
+/**
+ * Tests for createApp() without db when auth is enabled (Issue 4)
+ */
+import { describe, it, expect } from 'vitest';
+import { createApp } from '../index.js';
+import { createTestDb } from '../db/index.js';
+import { runMigrations } from '../db/migrate.js';
+import { SqliteEventStore } from '../db/sqlite-store.js';
+describe('createApp() auth without db (Issue 4)', () => {
+    it('throws when no db provided and auth is not disabled', () => {
+        const db = createTestDb();
+        runMigrations(db);
+        const store = new SqliteEventStore(db);
+        expect(() => {
+            createApp(store, { authDisabled: false });
+        }).toThrow('createApp() requires a `db` option when auth is enabled');
+    });
+    it('throws when no db provided and authDisabled is undefined (defaults to false)', () => {
+        const db = createTestDb();
+        runMigrations(db);
+        const store = new SqliteEventStore(db);
+        expect(() => {
+            createApp(store);
+        }).toThrow('createApp() requires a `db` option when auth is enabled');
+    });
+    it('does not throw when db is not provided but auth is disabled', () => {
+        const db = createTestDb();
+        runMigrations(db);
+        const store = new SqliteEventStore(db);
+        expect(() => {
+            createApp(store, { authDisabled: true });
+        }).not.toThrow();
+    });
+    it('does not throw when db is provided and auth is enabled', () => {
+        const db = createTestDb();
+        runMigrations(db);
+        const store = new SqliteEventStore(db);
+        expect(() => {
+            createApp(store, { authDisabled: false, db });
+        }).not.toThrow();
+    });
+});
+//# sourceMappingURL=auth-no-db.test.js.map

package/dist/__tests__/auth-no-db.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-no-db.test.js","sourceRoot":"","sources":["../../src/__tests__/auth-no-db.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD,QAAQ,CAAC,uCAAuC,EAAE,GAAG,EAAE;IACrD,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,EAAE,GAAG,YAAY,EAAE,CAAC;QAC1B,aAAa,CAAC,EAAE,CAAC,CAAC;QAClB,MAAM,KAAK,GAAG,IAAI,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAEvC,MAAM,CAAC,GAAG,EAAE;YACV,SAAS,CAAC,KAAK,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC,OAAO,CAAC,yDAAyD,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8EAA8E,EAAE,GAAG,EAAE;QACtF,MAAM,EAAE,GAAG,YAAY,EAAE,CAAC;QAC1B,aAAa,CAAC,EAAE,CAAC,CAAC;QAClB,MAAM,KAAK,GAAG,IAAI,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAEvC,MAAM,CAAC,GAAG,EAAE;YACV,SAAS,CAAC,KAAK,CAAC,CAAC;QACnB,CAAC,CAAC,CAAC,OAAO,CAAC,yDAAyD,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,MAAM,EAAE,GAAG,YAAY,EAAE,CAAC;QAC1B,aAAa,CAAC,EAAE,CAAC,CAAC;QAClB,MAAM,KAAK,GAAG,IAAI,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAEvC,MAAM,CAAC,GAAG,EAAE;YACV,SAAS,CAAC,KAAK,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACnB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,EAAE,GAAG,YAAY,EAAE,CAAC;QAC1B,aAAa,CAAC,EAAE,CAAC,CAAC;QAClB,MAAM,KAAK,GAAG,IAAI,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAEvC,MAAM,CAAC,GAAG,EAAE;YACV,SAAS,CAAC,KAAK,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACnB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/auth.test.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Tests for Story 4.2: API Key Auth Middleware
+ */
+export {};
+//# sourceMappingURL=auth.test.d.ts.map

package/dist/__tests__/auth.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/auth.test.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/__tests__/auth.test.js

@@ -0,0 +1,86 @@
+/**
+ * Tests for Story 4.2: API Key Auth Middleware
+ */
+import { describe, it, expect } from 'vitest';
+import { createTestApp, authHeaders } from './test-helpers.js';
+import { hashApiKey } from '../middleware/auth.js';
+import { apiKeys } from '../db/schema.sqlite.js';
+import { eq } from 'drizzle-orm';
+describe('API Key Auth Middleware (Story 4.2)', () => {
+    it('returns 401 when no Authorization header is provided', async () => {
+        const { app } = createTestApp();
+        const res = await app.request('/api/events');
+        expect(res.status).toBe(401);
+        const body = await res.json();
+        expect(body.error).toContain('Missing Authorization');
+    });
+    it('returns 401 for invalid header format', async () => {
+        const { app } = createTestApp();
+        const res = await app.request('/api/events', {
+            headers: { Authorization: 'Basic abc123' },
+        });
+        expect(res.status).toBe(401);
+        const body = await res.json();
+        expect(body.error).toContain('Invalid Authorization');
+    });
+    it('returns 401 for non-als_ prefixed key', async () => {
+        const { app } = createTestApp();
+        const res = await app.request('/api/events', {
+            headers: { Authorization: 'Bearer sk_badprefix123' },
+        });
+        expect(res.status).toBe(401);
+    });
+    it('returns 401 for unknown API key', async () => {
+        const { app } = createTestApp();
+        const res = await app.request('/api/events', {
+            headers: { Authorization: 'Bearer als_unknownkey1234567890abcdef1234567890abcdef1234567890abcdef12' },
+        });
+        expect(res.status).toBe(401);
+        const body = await res.json();
+        expect(body.error).toContain('Invalid or revoked');
+    });
+    it('returns 401 for revoked API key', async () => {
+        const { app, db } = createTestApp();
+        // Revoke the test key
+        db.update(apiKeys)
+            .set({ revokedAt: Math.floor(Date.now() / 1000) })
+            .where(eq(apiKeys.id, 'test-key-id'))
+            .run();
+        const res = await app.request('/api/events', {
+            headers: { Authorization: 'Bearer als_testkey123456789abcdef0123456789abcdef0123456789abcdef012345' },
+        });
+        expect(res.status).toBe(401);
+    });
+    it('allows requests with a valid API key', async () => {
+        const { app, apiKey } = createTestApp();
+        const res = await app.request('/api/events', {
+            headers: authHeaders(apiKey),
+        });
+        // Should be 200 (empty events list), not 401
+        expect(res.status).toBe(200);
+    });
+    it('skips auth when AUTH_DISABLED=true', async () => {
+        const { app } = createTestApp({ authDisabled: true });
+        // No auth header
+        const res = await app.request('/api/events');
+        expect(res.status).toBe(200);
+    });
+    it('updates lastUsedAt on successful auth', async () => {
+        const { app, db, apiKey } = createTestApp();
+        // Check lastUsedAt before
+        const before = db.select().from(apiKeys).where(eq(apiKeys.id, 'test-key-id')).get();
+        expect(before?.lastUsedAt).toBeNull();
+        await app.request('/api/events', {
+            headers: authHeaders(apiKey),
+        });
+        const after = db.select().from(apiKeys).where(eq(apiKeys.id, 'test-key-id')).get();
+        expect(after?.lastUsedAt).not.toBeNull();
+    });
+    it('hashApiKey produces consistent SHA-256 hex', () => {
+        const hash1 = hashApiKey('als_test');
+        const hash2 = hashApiKey('als_test');
+        expect(hash1).toBe(hash2);
+        expect(hash1).toHaveLength(64); // SHA-256 hex
+    });
+});
+//# sourceMappingURL=auth.test.js.map

package/dist/__tests__/auth.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.test.js","sourceRoot":"","sources":["../../src/__tests__/auth.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,wBAAwB,CAAC;AACjD,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AAEjC,QAAQ,CAAC,qCAAqC,EAAE,GAAG,EAAE;IACnD,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,MAAM,EAAE,GAAG,EAAE,GAAG,aAAa,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAE7C,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,EAAE,GAAG,EAAE,GAAG,aAAa,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE;YAC3C,OAAO,EAAE,EAAE,aAAa,EAAE,cAAc,EAAE;SAC3C,CAAC,CAAC;QAEH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,EAAE,GAAG,EAAE,GAAG,aAAa,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE;YAC3C,OAAO,EAAE,EAAE,aAAa,EAAE,wBAAwB,EAAE;SACrD,CAAC,CAAC;QAEH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC/C,MAAM,EAAE,GAAG,EAAE,GAAG,aAAa,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE;YAC3C,OAAO,EAAE,EAAE,aAAa,EAAE,yEAAyE,EAAE;SACtG,CAAC,CAAC;QAEH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC/C,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,aAAa,EAAE,CAAC;QAEpC,sBAAsB;QACtB,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC;aACf,GAAG,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;aACjD,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC;aACpC,GAAG,EAAE,CAAC;QAET,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE;YAC3C,OAAO,EAAE,EAAE,aAAa,EAAE,yEAAyE,EAAE;SACtG,CAAC,CAAC;QAEH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,aAAa,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE;YAC3C,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;SAC7B,CAAC,CAAC;QAEH,6CAA6C;QAC7C,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,EAAE,GAAG,EAAE,GAAG,aAAa,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,iBAAiB;QACjB,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAE7C,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,aAAa,EAAE,CAAC;QAE5C,0BAA0B;QAC1B,MAAM,MAAM,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;QACpF,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,QAAQ,EAAE,CAAC;QAEtC,MAAM,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE;YAC/B,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC;SAC7B,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;QACnF,MAAM,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,KAAK,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACrC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc;IAChD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/config.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=config.test.d.ts.map

package/dist/__tests__/config.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/config.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/config.test.js

@@ -0,0 +1,37 @@
+/**
+ * Tests for server configuration (config.ts)
+ */
+import { describe, it, expect, afterEach } from 'vitest';
+import { getConfig } from '../config.js';
+describe('getConfig()', () => {
+    afterEach(() => {
+        delete process.env['RETENTION_DAYS'];
+        delete process.env['PORT'];
+    });
+    it('defaults retentionDays to 90 when RETENTION_DAYS is not set', () => {
+        delete process.env['RETENTION_DAYS'];
+        const config = getConfig();
+        expect(config.retentionDays).toBe(90);
+    });
+    it('parses RETENTION_DAYS=0 as 0 (keep forever), not 90', () => {
+        process.env['RETENTION_DAYS'] = '0';
+        const config = getConfig();
+        expect(config.retentionDays).toBe(0);
+    });
+    it('parses RETENTION_DAYS=30 correctly', () => {
+        process.env['RETENTION_DAYS'] = '30';
+        const config = getConfig();
+        expect(config.retentionDays).toBe(30);
+    });
+    it('falls back to 90 for non-numeric RETENTION_DAYS', () => {
+        process.env['RETENTION_DAYS'] = 'abc';
+        const config = getConfig();
+        expect(config.retentionDays).toBe(90);
+    });
+    it('falls back to 90 for empty RETENTION_DAYS', () => {
+        process.env['RETENTION_DAYS'] = '';
+        const config = getConfig();
+        expect(config.retentionDays).toBe(90);
+    });
+});
+//# sourceMappingURL=config.test.js.map

package/dist/__tests__/config.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.test.js","sourceRoot":"","sources":["../../src/__tests__/config.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACzD,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QACrC,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;QACtC,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/events-ingest.test.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Tests for Story 4.4: Event Ingestion Endpoint
+ */
+export {};
+//# sourceMappingURL=events-ingest.test.d.ts.map

package/dist/__tests__/events-ingest.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"events-ingest.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/events-ingest.test.ts"],"names":[],"mappings":"AAAA;;GAEG"}