@anaemia/bundler 0.3.7 → 0.5.0

package/test/analyzer.test.mjs

@@ -0,0 +1,308 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+
+import { analyzeApp, walkAst } from "../dist/analyzer/index.js";
+
+function createTmpProject() {
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), "anaemia-analyzer-test-"));
+  fs.mkdirSync(path.join(dir, "src/routes/users/[id]"), { recursive: true });
+  fs.mkdirSync(path.join(dir, "src/features/auth/components"), { recursive: true });
+  fs.mkdirSync(path.join(dir, "src/shared/utils"), { recursive: true });
+
+  fs.writeFileSync(
+    path.join(dir, "anaemia.config.ts"),
+    `
+    import { defineConfig } from "@anaemia/core";
+    export default defineConfig({ port: 3005 });
+  `,
+  );
+
+  fs.writeFileSync(path.join(dir, "src/root.tsx"), `export default function Root(props) { return props.children; }`);
+
+  // route with PUBLIC_ env - valid
+  fs.writeFileSync(
+    path.join(dir, "src/routes/users/[id]/index.tsx"),
+    `export default function UserPage() { return <h1>{import.meta.env.PUBLIC_API_URL}</h1>; }`,
+  );
+
+  // route with non-PUBLIC_ env - should warn
+  fs.writeFileSync(
+    path.join(dir, "src/routes/index.tsx"),
+    `export default function Home() { return <div>{import.meta.env.SECRET_KEY}</div>; }`,
+  );
+
+  // route with process.env - should warn
+  fs.writeFileSync(
+    path.join(dir, "src/routes/about.tsx"),
+    `export default function About() { return <div>{process.env.API_KEY}</div>; }`,
+  );
+
+  // server route - env access should not warn
+  fs.writeFileSync(
+    path.join(dir, "src/routes/users/[id]/_route.ts"),
+    `export const GET = () => new Response(import.meta.env.SECRET_KEY);`,
+  );
+
+  // .server file - env access should not warn
+  fs.writeFileSync(
+    path.join(dir, "src/features/auth/components/auth.server.ts"),
+    `export const getToken = () => import.meta.env.SECRET_TOKEN;`,
+  );
+
+  // feature component with non-PUBLIC_ env - should warn
+  fs.writeFileSync(
+    path.join(dir, "src/features/auth/components/Login.tsx"),
+    `export function Login() { return <form action={import.meta.env.AUTH_URL} />; }`,
+  );
+
+  // server function definition
+  fs.writeFileSync(
+    path.join(dir, "src/features/auth/components/actions.server.ts"),
+    `
+    import { runOnServer } from "@anaemia/core";
+    export const getUser = runOnServer(async (id) => ({ id }), "getUser");
+    export const unusedFn = runOnServer(async () => {}, "unusedFn");
+  `,
+  );
+
+  // only imports getUser, not unusedFn
+  fs.writeFileSync(
+    path.join(dir, "src/routes/users/[id]/index.tsx"),
+    `
+    import { getUser } from "../../features/auth/components/actions.server";
+    export default function UserPage() { return <h1>{import.meta.env.PUBLIC_API_URL}</h1>; }
+  `,
+  );
+
+  return dir;
+}
+
+// file classification
+
+test("analyzeApp classifies file kinds correctly", async () => {
+  const dir = createTmpProject();
+  try {
+    const result = await analyzeApp(dir, { mode: "test" });
+    const kinds = new Map(result.files.map((f) => [f.relativePath, f.kind]));
+
+    assert.equal(kinds.get("anaemia.config.ts"), "config");
+    assert.equal(kinds.get("src/root.tsx"), "root");
+    assert.equal(kinds.get("src/routes/users/[id]/index.tsx"), "route");
+    assert.equal(kinds.get("src/routes/users/[id]/_route.ts"), "server-route");
+    assert.equal(result.build.mode, "test");
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+// defineConfig
+
+test("analyzeApp handles defineConfig in anaemia.config.ts without errors", async () => {
+  const dir = createTmpProject();
+  try {
+    const result = await analyzeApp(dir, { mode: "test" });
+    const configFile = result.files.find((f) => f.relativePath === "anaemia.config.ts");
+
+    assert.ok(configFile, "config file should be present");
+    assert.ok(configFile.program !== null, "config file should parse without error");
+
+    const configErrors = configFile.diagnostics.filter((d) => d.severity === "error");
+    assert.equal(configErrors.length, 0, "config file should have no parse errors");
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+// env access
+
+test("env check: PUBLIC_ prefix passes without warning", async () => {
+  const dir = createTmpProject();
+  try {
+    const result = await analyzeApp(dir, { mode: "test" });
+    const warnings = result.diagnostics.filter(
+      (d) => d.code === "ENV_NOT_PUBLIC" && d.file?.includes("users/[id]/index.tsx"),
+    );
+    assert.equal(warnings.length, 0);
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test("env check: non-PUBLIC_ prefix in route warns", async () => {
+  const dir = createTmpProject();
+  try {
+    const result = await analyzeApp(dir, { mode: "test" });
+    const warnings = result.diagnostics.filter(
+      (d) => d.code === "ENV_NOT_PUBLIC" && d.filePath?.includes("routes/index.tsx"),
+    );
+    assert.equal(warnings.length, 1);
+    assert.ok(warnings[0].message.includes("SECRET_KEY"));
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test("env check: non-PUBLIC_ prefix in feature component warns", async () => {
+  const dir = createTmpProject();
+  try {
+    const result = await analyzeApp(dir, { mode: "test" });
+    const warnings = result.diagnostics.filter((d) => d.code === "ENV_NOT_PUBLIC" && d.filePath?.includes("Login.tsx"));
+    assert.equal(warnings.length, 1);
+    assert.ok(warnings[0].message.includes("AUTH_URL"));
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test("env check: server route does not warn for non-PUBLIC_ env", async () => {
+  const dir = createTmpProject();
+  try {
+    const result = await analyzeApp(dir, { mode: "test" });
+    const warnings = result.diagnostics.filter((d) => d.code === "ENV_NOT_PUBLIC" && d.file?.includes("_route.ts"));
+    assert.equal(warnings.length, 0);
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test("env check: .server.ts file does not warn for non-PUBLIC_ env", async () => {
+  const dir = createTmpProject();
+  try {
+    const result = await analyzeApp(dir, { mode: "test" });
+    const warnings = result.diagnostics.filter(
+      (d) => d.code === "ENV_NOT_PUBLIC" && d.file?.includes("auth.server.ts"),
+    );
+    assert.equal(warnings.length, 0);
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test("env check: process.env usage warns", async () => {
+  const dir = createTmpProject();
+  try {
+    const result = await analyzeApp(dir, { mode: "test" });
+    const warnings = result.diagnostics.filter(
+      (d) => d.code === "PROCESS_ENV_ACCESS" && d.filePath?.includes("about.tsx"),
+    );
+    assert.equal(warnings.length, 1);
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test("env check: ALWAYS_SAFE keys do not warn", async () => {
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), "anaemia-analyzer-test-"));
+  try {
+    fs.mkdirSync(path.join(dir, "src/routes"), { recursive: true });
+    fs.writeFileSync(
+      path.join(dir, "src/routes/index.tsx"),
+      `
+      export default function Page() {
+        return <div>{import.meta.env.NODE_ENV}{import.meta.env.MODE}{import.meta.env.DEV}{import.meta.env.PROD}</div>;
+      }
+    `,
+    );
+    const result = await analyzeApp(dir, { mode: "test" });
+    const warnings = result.diagnostics.filter((d) => d.code === "ENV_NOT_PUBLIC");
+    assert.equal(warnings.length, 0);
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+// unused server functions
+
+test("unused server functions: imported function does not warn", async () => {
+  const dir = createTmpProject();
+  try {
+    const result = await analyzeApp(dir, { mode: "test" });
+    const warnings = result.diagnostics.filter(
+      (d) => d.code === "UNUSED_SERVER_FUNCTION" && d.message?.includes("getUser"),
+    );
+    assert.equal(warnings.length, 0);
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test("unused server functions: unimported function warns", async () => {
+  const dir = createTmpProject();
+  try {
+    const result = await analyzeApp(dir, { mode: "test" });
+    const warnings = result.diagnostics.filter(
+      (d) => d.code === "UNUSED_SERVER_FUNCTION" && d.message?.includes("unusedFn"),
+    );
+    assert.equal(warnings.length, 1);
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+// route metadata
+
+test("route metadata: static route detected correctly", async () => {
+  const dir = createTmpProject();
+  try {
+    const result = await analyzeApp(dir, { mode: "test" });
+    const aboutMeta = result.routeMetadata?.find((m) => m.filePath.includes("about.tsx"));
+    assert.ok(aboutMeta);
+    assert.equal(aboutMeta.isStatic, true);
+    assert.equal(aboutMeta.hasLoader, false);
+    assert.equal(aboutMeta.hasGuard, false);
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test("route metadata: route with server function import is not static", async () => {
+  const dir = createTmpProject();
+  try {
+    const result = await analyzeApp(dir, { mode: "test" });
+    const userMeta = result.routeMetadata?.find((m) => m.filePath.includes("users/[id]/index.tsx"));
+    assert.ok(userMeta);
+    assert.equal(userMeta.isStatic, false);
+    assert.equal(userMeta.hasServerFunctions, true);
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test("route metadata: params extracted from file path", async () => {
+  const dir = createTmpProject();
+  try {
+    const result = await analyzeApp(dir, { mode: "test" });
+    const userMeta = result.routeMetadata?.find((m) => m.filePath.includes("users/[id]"));
+    assert.ok(userMeta);
+    assert.ok(userMeta.params.includes("id"));
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+// walkAst
+
+test("walkAst visits all expected node types", async () => {
+  const dir = createTmpProject();
+  try {
+    const result = await analyzeApp(dir, { include: ["src/routes/**/*.tsx"] });
+    const routeFile = result.files.find((f) => f.relativePath === "src/routes/users/[id]/index.tsx");
+
+    assert.ok(routeFile);
+    const seen = new Set();
+    walkAst(routeFile.program, {
+      enter(node) {
+        seen.add(node.type);
+      },
+    });
+
+    assert.ok(seen.has("Program"));
+    assert.ok(seen.has("ImportDeclaration"));
+    assert.ok(seen.has("ExportDefaultDeclaration"));
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});

package/test/rspack-config.test.mjs

@@ -9,7 +9,10 @@ async function createTmpProject(isTs = true) {
   const dir = fs.mkdtempSync(path.join(os.tmpdir(), "anaemia-bundler-test-"));
 
   fs.mkdirSync(path.join(dir, "src/routes"), { recursive: true });
-  fs.writeFileSync(path.join(dir, "src/routes/index.tsx"), `export default function Index() { return <div>hello</div>; }`);
+  fs.writeFileSync(
+    path.join(dir, "src/routes/index.tsx"),
+    `export default function Index() { return <div>hello</div>; }`,
+  );
   fs.writeFileSync(path.join(dir, "index.html"), `<html><body><div anaemia-entry></div></body></html>`);
 
   if (isTs) {
@@ -106,4 +109,4 @@ test("server config aliases point to dist not src", async () => {
   } finally {
     fs.rmSync(dir, { recursive: true, force: true });
   }
-});
+});

package/test/server-functions.test.mjs

@@ -15,12 +15,14 @@ const source = `
 `;
 
 function transform(plugin) {
-  return transformSync(source, {
-    filename,
-    plugins: [plugin],
-    configFile: false,
-    babelrc: false,
-  })?.code ?? "";
+  return (
+    transformSync(source, {
+      filename,
+      plugins: [plugin],
+      configFile: false,
+      babelrc: false,
+    })?.code ?? ""
+  );
 }
 
 test("client and server transforms generate the same server function id", () => {
@@ -42,36 +44,37 @@ test("client transform forwards call arguments to the RPC wrapper", () => {
 });
 
 test("client transform preserves explicit server function ids", () => {
-  const code = transformSync(
-    `
+  const code =
+    transformSync(
+      `
       import { runOnServer } from "@anaemia/core";
       export const ping = runOnServer(async () => "pong", "custom-id");
     `,
-    {
-      filename,
-      plugins: [clientServerFnTransform],
-      configFile: false,
-      babelrc: false,
-    }
-  )?.code ?? "";
+      {
+        filename,
+        plugins: [clientServerFnTransform],
+        configFile: false,
+        babelrc: false,
+      },
+    )?.code ?? "";
 
   assert.match(code, /\$\$executeClientRpc\("custom-id"\)/);
 });
 
 test("should guarantee server-side logic never leaks to client assets", async () => {
   const clientAssetDir = path.resolve(process.cwd(), "dist/client/assets");
-  
+
   if (!fs.existsSync(clientAssetDir)) return;
 
-  const files = fs.readdirSync(clientAssetDir).filter(f => f.endsWith(".js"));
+  const files = fs.readdirSync(clientAssetDir).filter((f) => f.endsWith(".js"));
 
   for (const file of files) {
     const content = fs.readFileSync(path.join(clientAssetDir, file), "utf-8");
-    
+
     assert.equal(
-      content.includes("SELECT * FROM users"), 
-      false, 
-      `CRITICAL SECURITY LEAK: server logic found inside client asset: ${file}`
+      content.includes("SELECT * FROM users"),
+      false,
+      `CRITICAL SECURITY LEAK: server logic found inside client asset: ${file}`,
     );
   }
-});
+});

package/tsconfig.json

@@ -10,4 +10,4 @@
     "paths": {}
   },
   "include": ["src/**/*"]
-}
+}