@api-client/core 0.19.12 → 0.19.14

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@api-client/core",
   "description": "The API Client's core client library. Works in NodeJS and in a ES enabled browser.",
-  "version": "0.19.12",
+  "version": "0.19.14",
   "license": "UNLICENSED",
   "exports": {
     "./browser.js": {
@@ -96,7 +96,7 @@
     "chalk": "^5.4.1",
     "console-table-printer": "^2.11.2",
     "dompurify": "^3.2.6",
-    "jsdom": "^28.0.0",
+    "jsdom": "^29.0.0",
     "nanoid": "^5.1.5",
     "tslog": "^4.9.3",
     "ws": "^8.12.0",

package/src/modeling/ExposedEntity.ts

@@ -318,10 +318,10 @@ export class ExposedEntity extends EventTarget {
       return
     }
 
-    // No collection: allow any two segments
-    if (segments.length !== 2) {
+    // No collection: allow exactly one segment
+    if (segments.length !== 1) {
       throw new Error(
-        `Resource path must contain exactly two segments when no collection is present. Received: "${cleaned}"`
+        `Resource path must contain exactly one segment when no collection is present. Received: "${cleaned}"`
       )
     }
     // Check for collision if this is a root entity (singleton case)
@@ -333,7 +333,7 @@ export class ExposedEntity extends EventTarget {
     }
 
     if (this.resourcePath !== cleaned) {
-      this.resourcePath = `/${segments[0]}/${segments[1]}`
+      this.resourcePath = `/${segments[0]}`
     }
   }
 

package/src/modeling/validation/api_model_rules.ts

@@ -522,11 +522,11 @@ export function validateExposedEntity(entity: ExposedEntity, apiModel: ApiModel)
       })
     } else {
       const parts = entity.resourcePath.split('/').filter(Boolean)
-      if (parts.length !== 2 || !entity.resourcePath.startsWith('/')) {
+      if (parts.length !== 1 || !entity.resourcePath.startsWith('/')) {
         issues.push({
           code: createCode('EXPOSURE', 'INVALID_RESOURCE_PATH_FORMAT'),
-          message: 'The URL route must only contain two exact parts or levels.',
-          suggestion: 'Simplify the endpoint URL to prevent deep-nesting.',
+          message: 'The URL route must only contain one exact part or level.',
+          suggestion: 'Simplify the endpoint URL to a single segment.',
           severity: 'error',
           context: { ...context, property: 'resourcePath' },
         })
@@ -600,7 +600,8 @@ export function validateExposedEntity(entity: ExposedEntity, apiModel: ApiModel)
           message: `The ${action.kind} action has no security rules attached, making it entirely inaccessible or open.`,
           suggestion: 'Allow specific user roles to access this operation.',
           severity: 'error',
-          context: { ...context, kind: 'Action', key: action.kind }, // using action.kind as the key context equivalent
+          // using action.kind as the key context equivalent
+          context: { ...context, kind: 'Action', key: action.kind, parentExposedEntityKey: entity.key },
         })
       }
     }

package/tests/unit/modeling/exposed_entity.spec.ts

@@ -37,17 +37,17 @@ test.group('ExposedEntity', () => {
     assert.throws(() => ex.setResourcePath('/products/notParam'))
   }).tags(['@modeling', '@exposed-entity'])
 
-  test('setResourcePath without collection must have exactly two segments', ({ assert }) => {
+  test('setResourcePath without collection must have exactly one segment', ({ assert }) => {
     const model = new ApiModel()
     const ex = new ExposedEntity(model, {
       hasCollection: false,
-      resourcePath: '/profile/{id}',
+      resourcePath: '/profile',
     })
 
-    ex.setResourcePath('settings/secret')
-    assert.equal(ex.resourcePath, '/settings/secret')
+    ex.setResourcePath('settings')
+    assert.equal(ex.resourcePath, '/settings')
 
-    assert.throws(() => ex.setResourcePath('onlyone'))
+    assert.throws(() => ex.setResourcePath('settings/secret'))
   }).tags(['@modeling', '@exposed-entity'])
 
   test('computes absolute resource and collection paths along parent chain', ({ assert }) => {

package/tests/unit/modeling/exposed_entity_setter_validation.spec.ts

@@ -43,12 +43,12 @@ test.group('ExposedEntity Path Setter Validation', () => {
 
     // Set exp1 resource path to something specific
     exp1.hasCollection = false
-    exp1.setResourcePath('/shared/path')
+    exp1.setResourcePath('/shared')
 
     // Try to set exp2 resource path to same
     assert.throws(
-      () => exp2.setResourcePath('/shared/path'),
-      'Resource path "/shared/path" is already in use by another root entity.'
+      () => exp2.setResourcePath('/shared'),
+      'Resource path "/shared" is already in use by another root entity.'
     )
   })
 
@@ -67,8 +67,8 @@ test.group('ExposedEntity Path Setter Validation', () => {
     assert.equal(exp1.collectionPath, '/new-path')
 
     exp1.hasCollection = false // allow arbitrary resource path
-    exp1.setResourcePath('/custom/resource')
-    assert.equal(exp1.resourcePath, '/custom/resource')
+    exp1.setResourcePath('/custom')
+    assert.equal(exp1.resourcePath, '/custom')
   })
 
   test('does not validate collision for non-root entities', ({ assert }) => {

package/tests/unit/modeling/validation/api_model_rules.spec.ts

@@ -235,6 +235,19 @@ test.group('ApiModel Validation', () => {
     assert.isTrue(issues.some((i) => i.code === 'EXPOSURE_INVALID_RESOURCE_PATH_FORMAT'))
   })
 
+  test('validateExposedEntity - path integrity (no collection)', ({ assert }) => {
+    const domain = new DataDomain({ info: { version: '1.0.0' } })
+    const model = new ApiModel({}, domain)
+    const exposure = new ExposedEntity(model, {
+      entity: { key: 'fake' },
+      hasCollection: false,
+    })
+    exposure.resourcePath = '/invalid/two_segments'
+    exposure.actions = [new ReadAction(exposure)]
+    const issues = validateExposedEntity(exposure, model)
+    assert.isTrue(issues.some((i) => i.code === 'EXPOSURE_INVALID_RESOURCE_PATH_FORMAT'))
+  })
+
   test('validateAction - List needs pagination', ({ assert }) => {
     const model = new ApiModel()
     const exposure = new ExposedEntity(model, { entity: { key: '1' } })