@apifuse/provider-sdk 2.0.0-beta.1 → 2.1.0-beta.1

package/src/runtime/prevalidate.ts

@@ -0,0 +1,252 @@
+import Ajv from "ajv";
+import { RE2 } from "re2-wasm";
+
+export interface PrevalidateResult {
+	valid: boolean;
+	errors?: Array<{ path: string; message: string }>;
+}
+
+type JsonSchema = Record<string, unknown>;
+
+const DEFAULT_TIMEOUT_MS = 500;
+
+function now(): number {
+	return Date.now();
+}
+
+function cloneWithoutPatterns(value: unknown): unknown {
+	if (Array.isArray(value)) {
+		return value.map((entry) => cloneWithoutPatterns(entry));
+	}
+
+	if (!value || typeof value !== "object") {
+		return value;
+	}
+
+	const cloned: Record<string, unknown> = {};
+	for (const [key, entry] of Object.entries(value)) {
+		if (key === "pattern") {
+			continue;
+		}
+		cloned[key] = cloneWithoutPatterns(entry);
+	}
+	return cloned;
+}
+
+function buildAjv(): Ajv {
+	return new Ajv({ allErrors: true, strict: true, strictSchema: true });
+}
+
+function createTimeoutGuard(timeoutMs: number): () => void {
+	const startedAt = now();
+
+	return () => {
+		if (now() - startedAt > timeoutMs) {
+			throw new Error("prevalidation_timeout");
+		}
+	};
+}
+
+function formatInstancePath(path: string): string {
+	return path.length > 0 ? path : "$";
+}
+
+function appendPath(basePath: string, segment: string): string {
+	if (segment.startsWith("[")) {
+		return `${basePath}${segment}`;
+	}
+
+	return basePath === "$" ? `${basePath}.${segment}` : `${basePath}.${segment}`;
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+	return !!value && typeof value === "object" && !Array.isArray(value);
+}
+
+function collectPatternErrors(
+	schema: unknown,
+	data: unknown,
+	path: string,
+	guard: () => void,
+	errors: Array<{ path: string; message: string }>,
+): void {
+	guard();
+
+	if (!isRecord(schema)) {
+		return;
+	}
+
+	if (typeof schema.pattern === "string" && typeof data === "string") {
+		try {
+			const regex = new RE2(schema.pattern, "u");
+			if (!regex.test(data)) {
+				errors.push({
+					path,
+					message: `must match pattern ${schema.pattern}`,
+				});
+			}
+		} catch (error) {
+			const message =
+				error instanceof Error ? error.message : "Invalid RE2 pattern";
+			errors.push({ path, message });
+		}
+	}
+
+	if (schema.$ref !== undefined) {
+		return;
+	}
+
+	if (Array.isArray(schema.allOf)) {
+		for (const entry of schema.allOf) {
+			collectPatternErrors(entry, data, path, guard, errors);
+		}
+	}
+
+	if (Array.isArray(schema.anyOf)) {
+		for (const entry of schema.anyOf) {
+			collectPatternErrors(entry, data, path, guard, errors);
+		}
+	}
+
+	if (Array.isArray(schema.oneOf)) {
+		for (const entry of schema.oneOf) {
+			collectPatternErrors(entry, data, path, guard, errors);
+		}
+	}
+
+	if (isRecord(schema.not)) {
+		collectPatternErrors(schema.not, data, path, guard, errors);
+	}
+
+	if (isRecord(schema.if)) {
+		collectPatternErrors(schema.if, data, path, guard, errors);
+	}
+
+	if (isRecord(schema.then)) {
+		collectPatternErrors(schema.then, data, path, guard, errors);
+	}
+
+	if (isRecord(schema.else)) {
+		collectPatternErrors(schema.else, data, path, guard, errors);
+	}
+
+	if (Array.isArray(data) && schema.items !== undefined) {
+		for (const [index, item] of data.entries()) {
+			collectPatternErrors(
+				schema.items,
+				item,
+				appendPath(path, `[${index}]`),
+				guard,
+				errors,
+			);
+		}
+	}
+
+	if (!isRecord(data)) {
+		return;
+	}
+
+	if (isRecord(schema.properties)) {
+		for (const [key, childSchema] of Object.entries(schema.properties)) {
+			if (key in data) {
+				collectPatternErrors(
+					childSchema,
+					data[key],
+					appendPath(path, key),
+					guard,
+					errors,
+				);
+			}
+		}
+	}
+
+	if (isRecord(schema.patternProperties)) {
+		for (const [pattern, childSchema] of Object.entries(
+			schema.patternProperties,
+		)) {
+			const keyPattern = new RE2(pattern, "u");
+			for (const [key, value] of Object.entries(data)) {
+				guard();
+				if (keyPattern.test(key)) {
+					collectPatternErrors(
+						childSchema,
+						value,
+						appendPath(path, key),
+						guard,
+						errors,
+					);
+				}
+			}
+		}
+	}
+
+	if (schema.additionalProperties && isRecord(schema.additionalProperties)) {
+		const declaredKeys = isRecord(schema.properties)
+			? new Set(Object.keys(schema.properties))
+			: new Set<string>();
+
+		for (const [key, value] of Object.entries(data)) {
+			if (!declaredKeys.has(key)) {
+				collectPatternErrors(
+					schema.additionalProperties,
+					value,
+					appendPath(path, key),
+					guard,
+					errors,
+				);
+			}
+		}
+	}
+}
+
+export function prevalidate(
+	schema: JsonSchema,
+	data: unknown,
+	options: { timeoutMs?: number } = {},
+): PrevalidateResult {
+	const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+	const guard = createTimeoutGuard(timeoutMs);
+
+	try {
+		guard();
+		const ajv = buildAjv();
+		const strippedSchema = cloneWithoutPatterns(schema);
+		if (!strippedSchema || typeof strippedSchema !== "object") {
+			return {
+				valid: false,
+				errors: [{ path: "$", message: "Invalid schema" }],
+			};
+		}
+		const validate = ajv.compile(strippedSchema);
+		const schemaValid = validate(data);
+		const errors =
+			validate.errors?.map((error) => ({
+				path: formatInstancePath(error.instancePath),
+				message: error.message ?? "Invalid value",
+			})) ?? [];
+
+		collectPatternErrors(schema, data, "$", guard, errors);
+
+		if (!schemaValid || errors.length > 0) {
+			return { valid: false, errors };
+		}
+
+		return { valid: true };
+	} catch (error) {
+		if (error instanceof Error && error.message === "prevalidation_timeout") {
+			return {
+				valid: false,
+				errors: [
+					{
+						path: "$",
+						message: `Prevalidation timed out after ${timeoutMs}ms`,
+					},
+				],
+			};
+		}
+
+		const message =
+			error instanceof Error ? error.message : "Prevalidation failed";
+		return { valid: false, errors: [{ path: "$", message }] };
+	}
+}

package/src/runtime/tls.ts

@@ -2,7 +2,7 @@ import { ModuleClient, SessionClient } from "tlsclientwrapper";
 
 import type { ProxyResolutionOptions } from "../config/loader";
 import { resolveProxyConfig } from "../config/loader";
-import { TransportError } from "../errors";
+import { SDKError, TransportError } from "../errors";
 import { getStealthProfile } from "../stealth/profiles";
 import type {
 	CookieJar,
@@ -19,12 +19,29 @@ const MISSING_PROXY_WARNING =
 
 export type TlsClientOptions = ProxyResolutionOptions & {
 	warn?: (message: string) => void;
+	/**
+	 * Proxy-only TLS transport overrides. Use only for upstream proxy products
+	 * that terminate CONNECT with a private CA instead of tunneling the origin
+	 * certificate chain.
+	 */
+	proxyTls?: { insecureSkipVerify?: boolean };
 };
 
+const REMOVED_CHROME_PROFILE_NAMES = new Set([
+	"chrome-120",
+	"chrome-124",
+	"chrome-129",
+	"chrome-130",
+	"chrome-131",
+	"chrome-133",
+	"chrome-144",
+	"chrome-146-psk",
+	"chrome-131-psk",
+	"chrome-130-psk",
+	"edge-131",
+]);
+
 const TLS_PROFILE_MAP: Record<string, string> = {
-	"chrome-131": "chrome_131",
-	"chrome-133": "chrome_133",
-	"chrome-144": "chrome_144",
 	"chrome-146": "chrome_146",
 	"firefox-132": "firefox_132",
 	"firefox-133": "firefox_133",
@@ -99,6 +116,10 @@ class CookieJarImpl implements CookieJar {
 }
 
 function resolveIdentifier(profileName: string): string {
+	if (REMOVED_CHROME_PROFILE_NAMES.has(profileName)) {
+		throw new SDKError(`Unknown stealth profile: ${profileName}`);
+	}
+
 	try {
 		const profile = getStealthProfile(profileName);
 		if (profile.tlsClientIdentifier) {
@@ -172,14 +193,6 @@ export function normalizeResponse(
 	};
 }
 
-function getErrorMessage(error: unknown): string {
-	if (error instanceof Error) {
-		return error.toString();
-	}
-
-	return String(error);
-}
-
 function normalizeBody(body: TlsFetchOptions["body"]): string | null {
 	if (body === undefined) {
 		return null;
@@ -259,6 +272,7 @@ function createSessionFetcher(
 	let sessionClient: SessionClient | null = null;
 	let activeProxy: string | undefined;
 	let activeTlsIdentifier: string | undefined;
+	let activeInsecureSkipVerify = false;
 	let hasWarnedMissingProxy = false;
 	const warn = clientOptions.warn ?? console.warn;
 
@@ -290,19 +304,22 @@ function createSessionFetcher(
 		sessionClient = null;
 		activeProxy = undefined;
 		activeTlsIdentifier = undefined;
+		activeInsecureSkipVerify = false;
 	}
 
 	function getSessionClient(
 		profile?: string,
 		proxy?: string,
 		ja3?: string,
+		insecureSkipVerify = false,
 	): SessionClient {
 		const tlsIdentifier = ja3 ?? resolveIdentifier(profile ?? defaultProfile);
 
 		if (
 			!sessionClient ||
 			activeProxy !== proxy ||
-			activeTlsIdentifier !== tlsIdentifier
+			activeTlsIdentifier !== tlsIdentifier ||
+			activeInsecureSkipVerify !== insecureSkipVerify
 		) {
 			if (sessionClient) {
 				closeCurrentSession();
@@ -311,10 +328,12 @@ function createSessionFetcher(
 			sessionClient = new SessionClient(moduleClient, {
 				tlsClientIdentifier: tlsIdentifier,
 				...(proxy ? { proxyUrl: proxy } : {}),
+				...(insecureSkipVerify ? { insecureSkipVerify: true } : {}),
 				timeoutSeconds: 30,
 			} as ConstructorParameters<typeof SessionClient>[1]);
 			activeProxy = proxy;
 			activeTlsIdentifier = tlsIdentifier;
+			activeInsecureSkipVerify = insecureSkipVerify;
 		}
 
 		return sessionClient;
@@ -323,10 +342,15 @@ function createSessionFetcher(
 	return {
 		async fetch(url, options = {}) {
 			const proxy = resolveRequestProxy(options);
+			const insecureSkipVerify = Boolean(
+				options.tls?.insecureSkipVerify ??
+					(proxy && clientOptions.proxyTls?.insecureSkipVerify),
+			);
 			const session = getSessionClient(
 				options.profile,
 				proxy,
 				options.tls?.ja3,
+				insecureSkipVerify,
 			);
 			const requestUrl = resolveUrl(baseUrl, url);
 
@@ -337,9 +361,9 @@ function createSessionFetcher(
 					proxy,
 				});
 
-				if (response.status >= 400) {
+				if (response.status >= 400 && options.throwOnHttpError !== false) {
 					throw new TransportError(
-						`HTTP ${response.status}: ${response.body || "Request failed"}`,
+						`Upstream request failed with status ${response.status}`,
 						{
 							status: response.status,
 						},
@@ -348,11 +372,11 @@ function createSessionFetcher(
 
 				return normalizeResponse(response);
 			} catch (error) {
-				if (error instanceof TransportError) {
+				if (error instanceof SDKError || error instanceof TransportError) {
 					throw error;
 				}
 
-				throw new TransportError(`Network error: ${getErrorMessage(error)}`, {
+				throw new TransportError("Network error", {
 					status: 0,
 					cause: error instanceof Error ? error : undefined,
 				});

package/src/runtime/waterfall.ts

@@ -102,7 +102,6 @@ function renderChildren(
 		}
 		const isLast = i === children.length - 1;
 		const provider = isLast ? "└─" : "├─";
-		const _childPrefix = isLast ? "   " : "│  ";
 
 		const duration = formatDuration(node.span.duration_ms);
 		const bar = renderBar(

package/src/schema.ts

@@ -0,0 +1,77 @@
+import { ValidationError } from "./errors";
+import type { InferSchemaOutput, SchemaLike, StandardSchemaV1 } from "./types";
+
+export type SchemaValidationResult<TSchema extends SchemaLike> =
+	| { success: true; data: InferSchemaOutput<TSchema> }
+	| { success: false; error: unknown };
+
+type UnknownSchemaValidationResult =
+	| { success: true; data: unknown }
+	| { success: false; error: unknown };
+
+function isFailureResult<Output>(
+	result: StandardSchemaV1.Result<Output>,
+): result is StandardSchemaV1.FailureResult {
+	return "issues" in result;
+}
+function isPromiseResult<Output>(
+	result:
+		| StandardSchemaV1.Result<Output>
+		| Promise<StandardSchemaV1.Result<Output>>,
+): result is Promise<StandardSchemaV1.Result<Output>> {
+	return result instanceof Promise;
+}
+function formatStandardSchemaIssues(
+	issues: readonly StandardSchemaV1.Issue[],
+): string {
+	return issues.map((issue) => issue.message).join("; ");
+}
+export function parseSchema<TSchema extends SchemaLike>(
+	schema: TSchema,
+	value: unknown,
+	fieldPath: string,
+): Promise<InferSchemaOutput<TSchema>>;
+export async function parseSchema(
+	schema: SchemaLike,
+	value: unknown,
+	fieldPath: string,
+): Promise<unknown> {
+	if ("parse" in schema && typeof schema.parse === "function")
+		return schema.parse(value);
+	const result = schema["~standard"].validate(value);
+	const resolved = isPromiseResult(result) ? await result : result;
+	if (isFailureResult(resolved))
+		throw new ValidationError(
+			`Schema validation failed for ${fieldPath}: ${formatStandardSchemaIssues(resolved.issues)}`,
+			{ zodError: resolved.issues },
+		);
+	return resolved.value;
+}
+export function safeParseSchemaSync<TSchema extends SchemaLike>(
+	schema: TSchema,
+	value: unknown,
+	fieldPath: string,
+): SchemaValidationResult<TSchema>;
+export function safeParseSchemaSync(
+	schema: SchemaLike,
+	value: unknown,
+	fieldPath: string,
+): UnknownSchemaValidationResult {
+	if ("safeParse" in schema && typeof schema.safeParse === "function")
+		return schema.safeParse(value);
+	try {
+		const result = schema["~standard"].validate(value);
+		if (isPromiseResult(result))
+			return {
+				success: false,
+				error: new ValidationError(
+					`Schema validation for ${fieldPath} returned a Promise. defineProvider fixture validation requires synchronous Standard Schema validation.`,
+				),
+			};
+		if (isFailureResult(result))
+			return { success: false, error: result.issues };
+		return { success: true, data: result.value };
+	} catch (error) {
+		return { success: false, error };
+	}
+}