@blamejs/core 0.14.18 → 0.14.19

package/lib/openapi.js

@@ -5,24 +5,32 @@
  * @title  Openapi
  *
  * @intro
- *   OpenAPI 3.1 emitter from declarative route declarations + schemas
- *   (composable with `b.safeSchema`); JSON / YAML output. Operators
- *   describe their public HTTP surface as an OpenAPI 3.1 document the
- *   framework serves at `/openapi.json` (or any path) for downstream
- *   tooling: API consumers, Postman, code-generators, contract-test
- *   rigs.
+ *   OpenAPI 3.1 / 3.2 emitter from declarative route declarations +
+ *   schemas (composable with `b.safeSchema`); JSON / YAML output.
+ *   Operators describe their public HTTP surface as an OpenAPI document
+ *   the framework serves at `/openapi.json` (or any path) for
+ *   downstream tooling: API consumers, Postman, code-generators,
+ *   contract-test rigs.
  *
- *   The builder is FRAMEWORK-FACING: it produces a valid OpenAPI 3.1
+ *   The builder is FRAMEWORK-FACING: it produces a valid OpenAPI
  *   document, but the operator's hand-written contract is the source
  *   of truth — it does NOT auto-walk `b.router` routes (operators
  *   frequently want a smaller / different surface published than what
  *   the router exposes internally).
  *
- *   The builder fluent surface is `path()` / `schema()` / `response()`
- *   / `parameter()` / `requestBody()` / `header()` / `example()` /
- *   `security.add()` / `security.require()` / `tag()` / `server()`,
- *   each returning the builder for chaining. Terminal calls are
- *   `toJson()` (3.1 JSON document with referential integrity checked
+ *   `3.1.0` is the default emitted version. Pass
+ *   `create({ openapi: "3.2.0", ... })` to opt into OpenAPI 3.2; both
+ *   3.1.x and 3.2.x parse and emit. The 3.2 additions wired here are
+ *   the top-level `webhooks` map (named out-of-band Path Item Objects
+ *   the API initiates — OpenAPI 3.2 §4.8.2) and the `jsonSchemaDialect`
+ *   field (declares the default JSON Schema dialect for the document —
+ *   OpenAPI 3.2 §4.8.1).
+ *
+ *   The builder fluent surface is `path()` / `webhook()` / `schema()` /
+ *   `response()` / `parameter()` / `requestBody()` / `header()` /
+ *   `example()` / `security.add()` / `security.require()` / `tag()` /
+ *   `server()`, each returning the builder for chaining. Terminal calls
+ *   are `toJson()` (JSON document with referential integrity checked
  *   — every security-scheme reference must resolve), `toJsonString()`,
  *   `toYaml()`, and `middleware(opts)` which mounts the cached
  *   document at request-time. Security-scheme builders for bearer /
@@ -30,7 +38,7 @@
  *   `b.openapi.security`.
  *
  * @card
- *   OpenAPI 3.1 emitter from declarative route declarations + schemas (composable with `b.safeSchema`); JSON / YAML output.
+ *   OpenAPI 3.1 / 3.2 emitter from declarative route declarations + schemas (composable with `b.safeSchema`); JSON / YAML output.
  */
 
 var validateOpts          = require("./validate-opts");
@@ -44,7 +52,33 @@ var audit                 = lazyRequire(function () { return require("./audit");
 
 var OpenApiError = defineClass("OpenApiError", { alwaysPermanent: true });
 
-var OPENAPI_VERSION = "3.1.0";
+// Default emitted version. `create({ openapi: "3.2.0" })` opts into 3.2.
+// Both 3.1.x and 3.2.x are accepted by create() and parse() (OpenAPI
+// 3.2 is a backward-compatible superset of 3.1).
+var OPENAPI_VERSION       = "3.1.0";
+var SUPPORTED_MAJOR_MINOR = ["3.1", "3.2"];
+
+// _resolveVersion — validate an operator-supplied `opts.openapi` version
+// string against the accepted major.minor set and return it; default to
+// OPENAPI_VERSION when omitted. THROWS on an unsupported version
+// (config-time / entry-point tier — operator catches the typo at boot).
+function _resolveVersion(version, label) {
+  if (version === undefined || version === null) return OPENAPI_VERSION;
+  if (typeof version !== "string" || version.length === 0) {
+    throw new OpenApiError("openapi/bad-version",
+      label + ": openapi must be a version string (e.g. \"3.1.0\" or \"3.2.0\")");
+  }
+  for (var i = 0; i < SUPPORTED_MAJOR_MINOR.length; i += 1) {
+    if (version.indexOf(SUPPORTED_MAJOR_MINOR[i] + ".") === 0 ||
+        version === SUPPORTED_MAJOR_MINOR[i]) {
+      return version;
+    }
+  }
+  throw new OpenApiError("openapi/bad-version",
+    label + ": openapi version must be one of " +
+    SUPPORTED_MAJOR_MINOR.map(function (v) { return v + ".x"; }).join(" / ") +
+    " — got " + JSON.stringify(version));
+}
 
 /**
  * @primitive b.openapi.create
@@ -52,23 +86,33 @@ var OPENAPI_VERSION = "3.1.0";
  * @since     0.6.30
  * @related   b.openapi.parse, b.asyncapi.create, b.safeSchema
  *
- * Build a fluent OpenAPI 3.1 document builder. `opts.info` is required
- * (`title` + `version`). Returns a chainable builder; terminal calls
- * are `toJson()`, `toJsonString(indent)`, `toYaml()`, and
+ * Build a fluent OpenAPI 3.1 / 3.2 document builder. `opts.info` is
+ * required (`title` + `version`). Returns a chainable builder; terminal
+ * calls are `toJson()`, `toJsonString(indent)`, `toYaml()`, and
  * `middleware(opts)`. `toJson()` cross-checks every doc-level and
  * per-operation security requirement against
  * `components.securitySchemes` and throws
  * `OpenApiError("openapi/dangling-security")` on a missing scheme.
  *
+ * `3.1.0` is emitted by default. Pass `openapi: "3.2.0"` to opt into
+ * OpenAPI 3.2; an unsupported version (e.g. `"4.0.0"`) throws
+ * `OpenApiError("openapi/bad-version")`. `webhook(name, method, opts)`
+ * registers a top-level webhook (OpenAPI 3.2 §4.8.2) and
+ * `jsonSchemaDialect` declares the document's default JSON Schema
+ * dialect (OpenAPI 3.2 §4.8.1) — both valid in 3.1.x and 3.2.x.
+ *
  * @opts
- *   info:         { title, version, description?, contact?, license? },   // REQUIRED — title + version are non-empty strings
- *   servers:      array,           // [{ url, description?, variables? }, ...]
- *   externalDocs: { url, description? },
- *   tags:         array,           // [{ name, description? }, ...] — seed; builder.tag() appends more
- *   security:     array,           // doc-level security requirements [{ schemeName: ["scope"] }, ...]
+ *   info:              { title, version, description?, contact?, license? },   // REQUIRED — title + version are non-empty strings
+ *   openapi:           string,        // emitted version — "3.1.x" (default) or "3.2.x"
+ *   jsonSchemaDialect: string,        // default JSON Schema dialect URI for the document
+ *   servers:           array,         // [{ url, description?, variables? }, ...]
+ *   externalDocs:      { url, description? },
+ *   tags:              array,         // [{ name, description? }, ...] — seed; builder.tag() appends more
+ *   security:          array,         // doc-level security requirements [{ schemeName: ["scope"] }, ...]
  *
  * @example
  *   var doc = b.openapi.create({
+ *     openapi: "3.2.0",
  *     info:    { title: "Acme API", version: "1.0.0" },
  *     servers: [{ url: "https://api.acme.example.com" }],
  *   });
@@ -79,14 +123,19 @@ var OPENAPI_VERSION = "3.1.0";
  *     responses:  { "200": { description: "ok" }, "404": { description: "not found" } },
  *     security:   [{ bearerAuth: [] }],
  *   });
+ *   doc.webhook("newPet", "post", {
+ *     requestBody: { content: { "application/json": { schema: { type: "object" } } } },
+ *     responses:   { "200": { description: "ack" } },
+ *   });
  *   var json = doc.toJson();
- *   json.openapi;           // → "3.1.0"
- *   json.paths["/users/{id}"].get.summary;   // → "Fetch a user"
+ *   json.openapi;           // → "3.2.0"
+ *   json.webhooks.newPet.post.responses["200"].description;   // → "ack"
  */
 function create(opts) {
   opts = opts || {};
   validateOpts(opts, [
-    "info", "servers", "externalDocs", "tags", "security",
+    "info", "openapi", "jsonSchemaDialect",
+    "servers", "externalDocs", "tags", "security",
   ], "openapi.create");
   if (!opts.info || typeof opts.info !== "object") {
     throw new OpenApiError("openapi/bad-info",
@@ -97,7 +146,13 @@ function create(opts) {
   validateOpts.requireNonEmptyString(opts.info.version,
     "openapi.create: info.version", OpenApiError, "openapi/bad-info");
 
+  var openapiVersion    = _resolveVersion(opts.openapi, "openapi.create");
+  var jsonSchemaDialect = validateOpts.optionalNonEmptyString(
+    opts.jsonSchemaDialect, "openapi.create: jsonSchemaDialect",
+    OpenApiError, "openapi/bad-json-schema-dialect");
+
   var paths       = new pathsBuilderMod.PathsBuilder();
+  var webhooks    = new pathsBuilderMod.WebhooksBuilder();
   var components  = {
     schemas:         {},
     responses:       {},
@@ -124,6 +179,32 @@ function create(opts) {
     _validateServerEntry(docServers[s], "openapi.create: servers[" + s + "]");
   }
 
+  // _checkOperationSecurity — every per-operation security requirement
+  // key must resolve to a registered security scheme. `labelPrefix`
+  // distinguishes path operations ("") from webhook operations
+  // ("webhook ") in the error message.
+  function _checkOperationSecurity(itemMap, labelPrefix) {
+    for (var itemKey in itemMap) {
+      if (!Object.prototype.hasOwnProperty.call(itemMap, itemKey)) continue;
+      var item = itemMap[itemKey];
+      for (var methodKey in item) {
+        if (!Object.prototype.hasOwnProperty.call(item, methodKey)) continue;
+        var op = item[methodKey];
+        if (!Array.isArray(op.security)) continue;
+        for (var os = 0; os < op.security.length; os += 1) {
+          for (var sn in op.security[os]) {
+            if (!Object.prototype.hasOwnProperty.call(op.security[os], sn)) continue;
+            if (!components.securitySchemes[sn]) {
+              throw new OpenApiError("openapi/dangling-security",
+                "toJson: " + labelPrefix + methodKey.toUpperCase() + " " + itemKey +
+                " references undefined security scheme " + JSON.stringify(sn));
+            }
+          }
+        }
+      }
+    }
+  }
+
   var builder = {
     info:         Object.assign({}, opts.info),
 
@@ -132,6 +213,11 @@ function create(opts) {
       return builder;
     },
 
+    webhook: function (name, method, webhookOpts) {
+      webhooks.add(name, method, webhookOpts || {});
+      return builder;
+    },
+
     schema: function (name, schemaSpec) {
       validateOpts.requireNonEmptyString(name, "schema: name",
         OpenApiError, "openapi/bad-component");
@@ -235,11 +321,13 @@ function create(opts) {
 
     toJson: function () {
       var doc = {
-        openapi: OPENAPI_VERSION,
+        openapi: openapiVersion,
         info:    builder.info,
       };
+      if (jsonSchemaDialect) doc.jsonSchemaDialect = jsonSchemaDialect;
       if (docServers.length > 0)  doc.servers = docServers.slice();
       doc.paths = paths.toMap();
+      if (webhooks.count() > 0) doc.webhooks = webhooks.toMap();
       var anyComponent = false;
       var componentsOut = {};
       var keys = ["schemas", "responses", "parameters", "requestBodies",
@@ -267,27 +355,10 @@ function create(opts) {
           }
         }
       }
-      // Same check on per-operation security.
-      for (var pathKey in doc.paths) {
-        if (!Object.prototype.hasOwnProperty.call(doc.paths, pathKey)) continue;
-        var pathItem = doc.paths[pathKey];
-        for (var methodKey in pathItem) {
-          if (!Object.prototype.hasOwnProperty.call(pathItem, methodKey)) continue;
-          var op = pathItem[methodKey];
-          if (Array.isArray(op.security)) {
-            for (var os = 0; os < op.security.length; os += 1) {
-              for (var sn in op.security[os]) {
-                if (!Object.prototype.hasOwnProperty.call(op.security[os], sn)) continue;
-                if (!components.securitySchemes[sn]) {
-                  throw new OpenApiError("openapi/dangling-security",
-                    "toJson: " + methodKey.toUpperCase() + " " + pathKey +
-                    " references undefined security scheme " + JSON.stringify(sn));
-                }
-              }
-            }
-          }
-        }
-      }
+      // Same check on per-operation security — for both `paths` and
+      // `webhooks` operations (webhook operations carry `security` too).
+      _checkOperationSecurity(doc.paths, "");
+      if (doc.webhooks) _checkOperationSecurity(doc.webhooks, "webhook ");
       try {
         audit().safeEmit({
           action:   "openapi.document.built",
@@ -347,25 +418,100 @@ function create(opts) {
   return builder;
 }
 
+var PARSE_METHODS = ["get", "put", "post", "delete",
+                     "options", "head", "patch", "trace"];
+
+// _validateItemOperations — validate the Operation Objects inside a
+// single Path Item (used for both `paths` entries and `webhooks`
+// entries). `label` is the operator-facing prefix (a path key like
+// "/x" or a webhook label like "webhook newPet"). Pushes shape errors
+// into `errors`; non-method fields (parameters / summary / $ref) are
+// skipped exactly as the paths loop did before this was extracted.
+function _validateItemOperations(item, label, errors, securitySchemes) {
+  for (var methodKey in item) {
+    if (!Object.prototype.hasOwnProperty.call(item, methodKey)) continue;
+    if (PARSE_METHODS.indexOf(methodKey) === -1) continue;     // allow non-method fields like 'parameters', 'summary', '$ref'
+    var op = item[methodKey];
+    if (!op || typeof op !== "object") {
+      errors.push(methodKey.toUpperCase() + " " + label + ": operation must be an object");
+      continue;
+    }
+    if (!op.responses || typeof op.responses !== "object" ||
+        Object.keys(op.responses).length === 0) {
+      errors.push(methodKey.toUpperCase() + " " + label +
+                  ": responses object required (per OpenAPI 3.1 §4.8.5)");
+    } else {
+      for (var statusKey in op.responses) {
+        if (!Object.prototype.hasOwnProperty.call(op.responses, statusKey)) continue;
+        var resp = op.responses[statusKey];
+        if (!resp || typeof resp !== "object") {
+          errors.push(methodKey.toUpperCase() + " " + label +
+                      " response " + statusKey + ": must be an object");
+          continue;
+        }
+        if (resp["$ref"]) continue;       // $ref short-circuit
+        if (typeof resp.description !== "string" || resp.description.length === 0) {
+          errors.push(methodKey.toUpperCase() + " " + label +
+                      " response " + statusKey +
+                      ": description is required (per OpenAPI 3.1 §4.8.16)");
+        }
+      }
+    }
+    if (Array.isArray(op.parameters)) {
+      for (var pi = 0; pi < op.parameters.length; pi += 1) {
+        var p = op.parameters[pi];
+        if (!p || typeof p !== "object") continue;
+        if (p["$ref"]) continue;
+        if (p.in === "path" && p.required !== true) {
+          errors.push(methodKey.toUpperCase() + " " + label +
+                      " parameters[" + pi + "]: path parameter " +
+                      JSON.stringify(p.name) + " must have required=true");
+        }
+      }
+    }
+    // Operation-level security requirement keys must resolve to a
+    // registered scheme — the builder's toJson() enforces this, so parse()
+    // must too, for both path and webhook operations.
+    if (securitySchemes && Array.isArray(op.security)) {
+      for (var rqi = 0; rqi < op.security.length; rqi += 1) {
+        var req = op.security[rqi];
+        if (!req || typeof req !== "object") continue;
+        for (var schemeKey in req) {
+          if (!Object.prototype.hasOwnProperty.call(req, schemeKey)) continue;
+          if (!securitySchemes[schemeKey]) {
+            errors.push(methodKey.toUpperCase() + " " + label +
+                        ": security references undefined scheme " +
+                        JSON.stringify(schemeKey));
+          }
+        }
+      }
+    }
+  }
+}
+
 /**
  * @primitive b.openapi.parse
  * @signature b.openapi.parse(jsonStringOrObject)
  * @since     0.6.30
  * @related   b.openapi.create
  *
- * Parse + validate an external OpenAPI 3.1 document. Operators hand a
- * doc that arrived from a downstream integration (consumer hand-
+ * Parse + validate an external OpenAPI 3.1 / 3.2 document. Operators
+ * hand a doc that arrived from a downstream integration (consumer hand-
  * edited, contract-test fixture, third-party publish) and want the
  * framework's gate to enforce the same shape rules `toJson()`
  * enforces on builder output. Throws on invalid JSON or non-object
  * input; otherwise returns `{ doc, errors, valid }`. `errors` is an
- * array of strings — empty on a valid document. Path keys must start
- * with `/`, every operation must declare `responses` with a
- * `description`, path parameters must carry `required: true`, and
- * doc-level security must reference declared schemes.
+ * array of strings — empty on a valid document. The `openapi` version
+ * must be `3.1.x` or `3.2.x`. Path keys must start with `/`, every
+ * operation must declare `responses` with a `description`, path
+ * parameters must carry `required: true`, and doc-level security must
+ * reference declared schemes. Top-level `webhooks` (OpenAPI 3.2
+ * §4.8.2) are validated with the same operation rules but free-form
+ * names instead of `/`-prefixed URL keys; `jsonSchemaDialect` (OpenAPI
+ * 3.2 §4.8.1) must be a string when present.
  *
  * @example
- *   var result = b.openapi.parse('{"openapi":"3.1.0","info":{"title":"x","version":"1.0.0"}}');
+ *   var result = b.openapi.parse('{"openapi":"3.2.0","info":{"title":"x","version":"1.0.0"}}');
  *   result.valid;       // → true
  *   result.errors;      // → []
  *
@@ -389,9 +535,12 @@ function parse(jsonStringOrObject) {
   }
   var errors = [];
   if (typeof doc.openapi !== "string") {
-    errors.push("missing or non-string `openapi` version field (must be 3.1.x)");
-  } else if (doc.openapi.indexOf("3.1") !== 0) {
-    errors.push("`openapi` version must be 3.1.x — got " + JSON.stringify(doc.openapi));
+    errors.push("missing or non-string `openapi` version field (must be 3.1.x or 3.2.x)");
+  } else if (doc.openapi.indexOf("3.1") !== 0 && doc.openapi.indexOf("3.2") !== 0) {
+    errors.push("`openapi` version must be 3.1.x or 3.2.x — got " + JSON.stringify(doc.openapi));
+  }
+  if (doc.jsonSchemaDialect != null && typeof doc.jsonSchemaDialect !== "string") {
+    errors.push("`jsonSchemaDialect` must be a string when present (per OpenAPI 3.2 §4.8.1)");
   }
   if (!doc.info || typeof doc.info !== "object") {
     errors.push("missing or non-object `info`");
@@ -403,6 +552,9 @@ function parse(jsonStringOrObject) {
       errors.push("info.version must be a non-empty string");
     }
   }
+  // Resolved once so operation-level security requirements on both paths
+  // and webhooks can be checked against it during shape validation.
+  var securitySchemes = (doc.components && doc.components.securitySchemes) || {};
   if (doc.paths != null && typeof doc.paths !== "object") {
     errors.push("`paths` must be an object when present");
   } else if (doc.paths) {
@@ -416,54 +568,27 @@ function parse(jsonStringOrObject) {
         errors.push("paths[" + JSON.stringify(pathKey) + "] must be an object");
         continue;
       }
-      var validMethods = ["get", "put", "post", "delete", "options", "head", "patch", "trace"];
-      for (var methodKey in pathItem) {
-        if (!Object.prototype.hasOwnProperty.call(pathItem, methodKey)) continue;
-        if (validMethods.indexOf(methodKey) === -1) continue;       // allow non-method fields like 'parameters', 'summary', '$ref'
-        var op = pathItem[methodKey];
-        if (!op || typeof op !== "object") {
-          errors.push(methodKey.toUpperCase() + " " + pathKey + ": operation must be an object");
-          continue;
-        }
-        if (!op.responses || typeof op.responses !== "object" ||
-            Object.keys(op.responses).length === 0) {
-          errors.push(methodKey.toUpperCase() + " " + pathKey +
-                      ": responses object required (per OpenAPI 3.1 §4.8.5)");
-        } else {
-          for (var statusKey in op.responses) {
-            if (!Object.prototype.hasOwnProperty.call(op.responses, statusKey)) continue;
-            var resp = op.responses[statusKey];
-            if (!resp || typeof resp !== "object") {
-              errors.push(methodKey.toUpperCase() + " " + pathKey +
-                          " response " + statusKey + ": must be an object");
-              continue;
-            }
-            if (resp["$ref"]) continue;       // $ref short-circuit
-            if (typeof resp.description !== "string" || resp.description.length === 0) {
-              errors.push(methodKey.toUpperCase() + " " + pathKey +
-                          " response " + statusKey +
-                          ": description is required (per OpenAPI 3.1 §4.8.16)");
-            }
-          }
-        }
-        if (Array.isArray(op.parameters)) {
-          for (var pi = 0; pi < op.parameters.length; pi += 1) {
-            var p = op.parameters[pi];
-            if (!p || typeof p !== "object") continue;
-            if (p["$ref"]) continue;
-            if (p.in === "path" && p.required !== true) {
-              errors.push(methodKey.toUpperCase() + " " + pathKey +
-                          " parameters[" + pi + "]: path parameter " +
-                          JSON.stringify(p.name) + " must have required=true");
-            }
-          }
-        }
+      _validateItemOperations(pathItem, pathKey, errors, securitySchemes);
+    }
+  }
+  // Webhooks — same operation rules as paths, but keys are free-form
+  // webhook names (not `/`-prefixed URL templates), per OpenAPI 3.2
+  // §4.8.2.
+  if (doc.webhooks != null && typeof doc.webhooks !== "object") {
+    errors.push("`webhooks` must be an object when present");
+  } else if (doc.webhooks) {
+    for (var webhookKey in doc.webhooks) {
+      if (!Object.prototype.hasOwnProperty.call(doc.webhooks, webhookKey)) continue;
+      var webhookItem = doc.webhooks[webhookKey];
+      if (!webhookItem || typeof webhookItem !== "object") {
+        errors.push("webhooks[" + JSON.stringify(webhookKey) + "] must be an object");
+        continue;
       }
+      _validateItemOperations(webhookItem, "webhook " + webhookKey, errors, securitySchemes);
     }
   }
   // Dangling security references — every requirement key must resolve
   // to a registered security scheme.
-  var securitySchemes = (doc.components && doc.components.securitySchemes) || {};
   if (Array.isArray(doc.security)) {
     for (var s = 0; s < doc.security.length; s += 1) {
       for (var schemeName in doc.security[s]) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.14.18",
+  "version": "0.14.19",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:b96f0679-8967-43f9-b412-aa598ea52508",
+  "serialNumber": "urn:uuid:c7c9f488-0e96-4295-af9d-359b64bbfce6",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-06-02T15:25:35.604Z",
+    "timestamp": "2026-06-02T19:28:34.781Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.14.18",
+      "bom-ref": "@blamejs/core@0.14.19",
       "type": "application",
       "name": "blamejs",
-      "version": "0.14.18",
+      "version": "0.14.19",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.14.18",
+      "purl": "pkg:npm/%40blamejs/core@0.14.19",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.14.18",
+      "ref": "@blamejs/core@0.14.19",
       "dependsOn": []
     }
   ]