@bleedingdev/modern-js-bff-core 3.2.0-ultramodern.12 → 3.2.0-ultramodern.121

package/dist/esm-node/adapter-kit/parity.mjs

@@ -0,0 +1,491 @@
+import "node:module";
+import { buildOperationContractMap } from "../security/operationContracts.mjs";
+import { HttpMethod } from "../types.mjs";
+const PARITY_REQUEST_ID = 'crm';
+const PARITY_PRODUCER_REQUEST_ID = 'crm.producer-a';
+const PARITY_FIXTURE_FILENAME = 'bff-core/adapter-kit/parity-fixture.ts';
+const HANDLER_WITH_SCHEMA = 'HANDLER_WITH_SCHEMA';
+const isRecord = (value)=>Boolean(value) && 'object' == typeof value;
+const createSchemaFixtureHandler = ()=>{
+    const handler = (input)=>{
+        const data = isRecord(input) && isRecord(input.data) ? input.data : void 0;
+        const id = data?.id;
+        if ('number' == typeof id) return {
+            type: 'HandleSuccess',
+            value: {
+                id
+            }
+        };
+        if ('boom' === id) return {
+            type: 'OutputValidationError',
+            message: 'invalid output'
+        };
+        return {
+            type: 'InputValidationError',
+            message: 'invalid input'
+        };
+    };
+    return Object.assign(handler, {
+        [HANDLER_WITH_SCHEMA]: true
+    });
+};
+const createParityApiHandlerInfos = ()=>[
+        {
+            name: 'getHello',
+            httpMethod: HttpMethod.Get,
+            routeName: '/hello',
+            routePath: '/hello',
+            filename: PARITY_FIXTURE_FILENAME,
+            handler: ()=>({
+                    message: 'hello'
+                })
+        },
+        {
+            name: 'postHello',
+            httpMethod: HttpMethod.Post,
+            routeName: '/hello',
+            routePath: '/hello',
+            filename: PARITY_FIXTURE_FILENAME,
+            handler: ()=>'hello'
+        },
+        {
+            name: 'getNothing',
+            httpMethod: HttpMethod.Get,
+            routeName: '/nothing',
+            routePath: '/nothing',
+            filename: PARITY_FIXTURE_FILENAME,
+            handler: ()=>void 0
+        },
+        {
+            name: 'postEcho',
+            httpMethod: HttpMethod.Post,
+            routeName: '/echo',
+            routePath: '/echo',
+            filename: PARITY_FIXTURE_FILENAME,
+            handler: (input)=>{
+                const normalized = isRecord(input) ? input : {};
+                return {
+                    data: normalized.data ?? null,
+                    query: normalized.query ?? {},
+                    cookie: normalized.cookies ?? null
+                };
+            }
+        },
+        {
+            name: 'getItem',
+            httpMethod: HttpMethod.Get,
+            routeName: '/items/:id',
+            routePath: '/items/:id',
+            filename: PARITY_FIXTURE_FILENAME,
+            handler: (id, input)=>({
+                    id,
+                    query: isRecord(input) ? input.query ?? {} : {}
+                })
+        },
+        {
+            name: 'patchSchema',
+            httpMethod: HttpMethod.Patch,
+            routeName: '/schema',
+            routePath: '/schema',
+            filename: PARITY_FIXTURE_FILENAME,
+            handler: createSchemaFixtureHandler()
+        }
+    ];
+const createParityBffConfig = ()=>({
+        requestId: PARITY_REQUEST_ID,
+        crossProjectPolicy: {
+            enabled: true,
+            allowedNamespaces: [
+                PARITY_REQUEST_ID
+            ]
+        }
+    });
+const getParityContracts = ()=>buildOperationContractMap({
+        handlers: createParityApiHandlerInfos(),
+        requestId: PARITY_REQUEST_ID
+    });
+const envelopeHeader = (requestId)=>JSON.stringify(void 0 === requestId ? {} : {
+        requestId
+    });
+const detailHeader = (details)=>JSON.stringify(details);
+const deniedScenario = (name, reason, headers)=>({
+        name,
+        policy: true,
+        request: {
+            method: 'get',
+            path: '/hello',
+            headers
+        },
+        expected: {
+            kind: 'denied',
+            status: 403,
+            reason
+        }
+    });
+const createAdapterParityScenarios = ()=>{
+    const contracts = getParityContracts();
+    const helloContract = contracts['GET:/hello'];
+    const validEnvelope = envelopeHeader(PARITY_PRODUCER_REQUEST_ID);
+    const validOperationId = `${PARITY_PRODUCER_REQUEST_ID}:parity`;
+    return [
+        {
+            name: 'plain handler returns object payload',
+            policy: false,
+            request: {
+                method: 'get',
+                path: '/hello'
+            },
+            expected: {
+                kind: 'payload',
+                status: 200,
+                payload: {
+                    message: 'hello'
+                }
+            }
+        },
+        {
+            name: 'plain handler returns scalar payload',
+            policy: false,
+            request: {
+                method: 'post',
+                path: '/hello'
+            },
+            expected: {
+                kind: 'payload',
+                status: 200,
+                payload: 'hello'
+            }
+        },
+        {
+            name: 'plain handler returning undefined (pinned adapter drift)',
+            policy: false,
+            request: {
+                method: 'get',
+                path: '/nothing'
+            },
+            expected: {
+                kind: 'perAdapter',
+                expectations: {
+                    express: {
+                        status: 200,
+                        payload: void 0
+                    },
+                    koa: {
+                        status: 404,
+                        payload: 'Not Found'
+                    },
+                    hono: {
+                        status: 404,
+                        payload: '404 Not Found'
+                    }
+                }
+            }
+        },
+        {
+            name: 'plain handler receives data, query and cookies',
+            policy: false,
+            request: {
+                method: 'post',
+                path: '/echo?q=z',
+                headers: {
+                    'content-type': 'application/json',
+                    cookie: 'id=666'
+                },
+                body: {
+                    a: 1
+                }
+            },
+            expected: {
+                kind: 'payload',
+                status: 200,
+                payload: {
+                    data: {
+                        a: 1
+                    },
+                    query: {
+                        q: 'z'
+                    },
+                    cookie: 'id=666'
+                }
+            }
+        },
+        {
+            name: 'plain handler receives positional route params',
+            policy: false,
+            request: {
+                method: 'get',
+                path: '/items/123?q=x'
+            },
+            expected: {
+                kind: 'payload',
+                status: 200,
+                payload: {
+                    id: '123',
+                    query: {
+                        q: 'x'
+                    }
+                }
+            }
+        },
+        {
+            name: 'schema handler success (pinned adapter drift)',
+            policy: false,
+            request: {
+                method: 'patch',
+                path: '/schema',
+                headers: {
+                    'content-type': 'application/json'
+                },
+                body: {
+                    id: 777
+                }
+            },
+            expected: {
+                kind: 'perAdapter',
+                expectations: {
+                    express: {
+                        status: 200,
+                        payload: {
+                            id: 777
+                        }
+                    },
+                    koa: {
+                        status: 200,
+                        payload: {
+                            id: 777
+                        }
+                    },
+                    hono: {
+                        status: 200,
+                        payload: {
+                            type: 'HandleSuccess',
+                            value: {
+                                id: 777
+                            }
+                        }
+                    }
+                }
+            }
+        },
+        {
+            name: 'schema handler input validation error (pinned adapter drift)',
+            policy: false,
+            request: {
+                method: 'patch',
+                path: '/schema',
+                headers: {
+                    'content-type': 'application/json'
+                },
+                body: {
+                    id: 'aaa'
+                }
+            },
+            expected: {
+                kind: 'perAdapter',
+                expectations: {
+                    express: {
+                        status: 400,
+                        payload: 'invalid input'
+                    },
+                    koa: {
+                        status: 400,
+                        payload: 'invalid input'
+                    },
+                    hono: {
+                        status: 200,
+                        payload: {
+                            type: 'InputValidationError',
+                            message: 'invalid input'
+                        }
+                    }
+                }
+            }
+        },
+        {
+            name: 'schema handler output validation error (pinned adapter drift)',
+            policy: false,
+            request: {
+                method: 'patch',
+                path: '/schema',
+                headers: {
+                    'content-type': 'application/json'
+                },
+                body: {
+                    id: 'boom'
+                }
+            },
+            expected: {
+                kind: 'perAdapter',
+                expectations: {
+                    express: {
+                        status: 500,
+                        payload: 'invalid output'
+                    },
+                    koa: {
+                        status: 500,
+                        payload: 'invalid output'
+                    },
+                    hono: {
+                        status: 200,
+                        payload: {
+                            type: 'OutputValidationError',
+                            message: 'invalid output'
+                        }
+                    }
+                }
+            }
+        },
+        {
+            name: 'policy pass with full operation context',
+            policy: true,
+            request: {
+                method: 'get',
+                path: '/hello',
+                headers: {
+                    'x-modernjs-bff-envelope': validEnvelope,
+                    'x-operation-id': validOperationId,
+                    'x-modernjs-bff-operation-context': detailHeader({
+                        requestId: PARITY_PRODUCER_REQUEST_ID,
+                        method: 'GET',
+                        routePath: '/hello',
+                        schemaHash: helloContract.schemaHash,
+                        operationVersion: helloContract.operationVersion
+                    })
+                }
+            },
+            expected: {
+                kind: 'payload',
+                status: 200,
+                payload: {
+                    message: 'hello'
+                }
+            }
+        },
+        deniedScenario('policy denies missing envelope', 'missing_envelope', {}),
+        deniedScenario('policy denies invalid envelope', 'invalid_envelope', {
+            'x-modernjs-bff-envelope': 'not-json'
+        }),
+        deniedScenario('policy denies envelope that is valid JSON but not an object', 'invalid_envelope', {
+            'x-modernjs-bff-envelope': '123'
+        }),
+        deniedScenario('policy denies missing requestId', 'missing_request_id', {
+            'x-modernjs-bff-envelope': envelopeHeader(void 0)
+        }),
+        deniedScenario('policy denies namespace outside allowlist', 'namespace_not_allowed', {
+            'x-modernjs-bff-envelope': envelopeHeader('billing.producer-z')
+        }),
+        deniedScenario('policy denies missing operation context', 'missing_operation_context', {
+            'x-modernjs-bff-envelope': validEnvelope
+        }),
+        deniedScenario('policy denies operation context mismatch', 'operation_context_mismatch', {
+            'x-modernjs-bff-envelope': validEnvelope,
+            'x-operation-id': 'someone-else:parity'
+        }),
+        deniedScenario('policy denies missing operation context details', 'missing_operation_context_details', {
+            'x-modernjs-bff-envelope': validEnvelope,
+            'x-operation-id': validOperationId
+        }),
+        deniedScenario('policy denies JSON-array operation context details', 'invalid_operation_context_details', {
+            'x-modernjs-bff-envelope': validEnvelope,
+            'x-operation-id': validOperationId,
+            'x-modernjs-bff-operation-context': '[]'
+        }),
+        deniedScenario('policy denies invalid operation context details', 'invalid_operation_context_details', {
+            'x-modernjs-bff-envelope': validEnvelope,
+            'x-operation-id': validOperationId,
+            'x-modernjs-bff-operation-context': 'not-json'
+        }),
+        deniedScenario('policy denies detail requestId mismatch', 'operation_context_details_request_id_mismatch', {
+            'x-modernjs-bff-envelope': validEnvelope,
+            'x-operation-id': validOperationId,
+            'x-modernjs-bff-operation-context': detailHeader({
+                requestId: 'crm.producer-b',
+                method: 'GET',
+                routePath: '/hello',
+                schemaHash: helloContract.schemaHash,
+                operationVersion: helloContract.operationVersion
+            })
+        }),
+        deniedScenario('policy denies missing operation schema hash', 'missing_operation_schema_hash', {
+            'x-modernjs-bff-envelope': validEnvelope,
+            'x-operation-id': validOperationId,
+            'x-modernjs-bff-operation-context': detailHeader({
+                requestId: PARITY_PRODUCER_REQUEST_ID,
+                method: 'GET',
+                routePath: '/hello',
+                operationVersion: helloContract.operationVersion
+            })
+        }),
+        deniedScenario('policy denies missing operation version', 'missing_operation_version', {
+            'x-modernjs-bff-envelope': validEnvelope,
+            'x-operation-id': validOperationId,
+            'x-modernjs-bff-operation-context': detailHeader({
+                requestId: PARITY_PRODUCER_REQUEST_ID,
+                method: 'GET',
+                routePath: '/hello',
+                schemaHash: helloContract.schemaHash
+            })
+        }),
+        deniedScenario('policy denies unknown operation contract', 'unknown_operation_contract', {
+            'x-modernjs-bff-envelope': validEnvelope,
+            'x-operation-id': validOperationId,
+            'x-modernjs-bff-operation-context': detailHeader({
+                requestId: PARITY_PRODUCER_REQUEST_ID,
+                method: 'GET',
+                routePath: '/does-not-exist',
+                schemaHash: helloContract.schemaHash,
+                operationVersion: helloContract.operationVersion
+            })
+        }),
+        deniedScenario('policy denies operation schema hash mismatch', 'operation_schema_hash_mismatch', {
+            'x-modernjs-bff-envelope': validEnvelope,
+            'x-operation-id': validOperationId,
+            'x-modernjs-bff-operation-context': detailHeader({
+                requestId: PARITY_PRODUCER_REQUEST_ID,
+                method: 'GET',
+                routePath: '/hello',
+                schemaHash: 'deadbeef',
+                operationVersion: helloContract.operationVersion
+            })
+        }),
+        deniedScenario('policy denies operation version mismatch', 'operation_version_mismatch', {
+            'x-modernjs-bff-envelope': validEnvelope,
+            'x-operation-id': validOperationId,
+            'x-modernjs-bff-operation-context': detailHeader({
+                requestId: PARITY_PRODUCER_REQUEST_ID,
+                method: 'GET',
+                routePath: '/hello',
+                schemaHash: helloContract.schemaHash,
+                operationVersion: helloContract.operationVersion + 1
+            })
+        })
+    ];
+};
+const toParityResult = (res)=>({
+        status: res.status,
+        payload: res.type.includes('json') ? res.body : '' === res.text ? void 0 : res.text
+    });
+const formatValue = (value)=>JSON.stringify(value);
+const assertParityResult = (scenario, res, adapter)=>{
+    const result = toParityResult(res);
+    const failures = [];
+    let { expected } = scenario;
+    if ('perAdapter' === expected.kind) {
+        if (void 0 === adapter) throw new Error(`Adapter parity scenario "${scenario.name}" pins per-adapter drift; pass the adapter id to assertParityResult.`);
+        expected = {
+            kind: 'payload',
+            ...expected.expectations[adapter]
+        };
+    }
+    if (result.status !== expected.status) failures.push(`status: expected ${expected.status}, received ${result.status}`);
+    if ('payload' === expected.kind) {
+        if (formatValue(result.payload) !== formatValue(expected.payload)) failures.push(`payload: expected ${formatValue(expected.payload)}, received ${formatValue(result.payload)}`);
+    } else {
+        const payload = isRecord(result.payload) ? result.payload : {};
+        if ('BFF_CROSS_PROJECT_POLICY_DENIED' !== payload.code) failures.push(`denial code: expected "BFF_CROSS_PROJECT_POLICY_DENIED", received ${formatValue(payload.code)}`);
+        if (payload.reason !== expected.reason) failures.push(`denial reason: expected "${expected.reason}", received ${formatValue(payload.reason)}`);
+        if ('string' != typeof payload.message || 0 === payload.message.length) failures.push(`denial message: expected non-empty string, received ${formatValue(payload.message)}`);
+    }
+    if (failures.length > 0) throw new Error(`Adapter parity scenario "${scenario.name}" failed:\n- ${failures.join('\n- ')}`);
+};
+export { PARITY_PRODUCER_REQUEST_ID, PARITY_REQUEST_ID, assertParityResult, createAdapterParityScenarios, createParityApiHandlerInfos, createParityBffConfig, toParityResult };

package/dist/esm-node/client/generateClient.mjs

@@ -1,9 +1,21 @@
 import __rslib_shim_module__ from "node:module";
 const require = /*#__PURE__*/ __rslib_shim_module__.createRequire(/*#__PURE__*/ (()=>import.meta.url)());
-import "path";
 import { ApiRouter } from "../router/index.mjs";
-import { createOperationEntries, createOperationSchemaHash } from "../security/operationContracts.mjs";
+import { buildOperationContractMap, createOperationSchemaHash, deriveOperationVersion } from "../security/operationContracts.mjs";
 import { Err, Ok } from "./result.mjs";
+import * as __rspack_external_path from "path";
+const getPackageInfo = (appDir)=>{
+    try {
+        const packageJsonPath = __rspack_external_path.resolve(appDir, './package.json');
+        const packageJson = require(packageJsonPath);
+        return {
+            name: packageJson.name,
+            version: packageJson.version
+        };
+    } catch (error) {
+        return {};
+    }
+};
 const INNER_CLIENT_REQUEST_CREATOR = '@modern-js/plugin-bff/client';
 const generateClient = async ({ appDir, resourcePath, apiDir, lambdaDir, prefix, port, target, requestCreator, fetcher, requireResolve = require.resolve, httpMethodDecider, domain, requestId })=>{
     requestCreator = requestCreator || INNER_CLIENT_REQUEST_CREATOR;
@@ -16,25 +28,65 @@ const generateClient = async ({ appDir, resourcePath, apiDir, lambdaDir, prefix,
     });
     const handlerInfos = await apiRouter.getSingleModuleHandlers(resourcePath);
     if (!handlerInfos) return Err(`generate client error: Cannot require module ${resourcePath}`);
-    const operationEntries = createOperationEntries(handlerInfos);
-    const operationVersion = 1;
-    const schemaHash = createOperationSchemaHash(operationEntries, requestId || 'default');
+    const normalizedRequestId = requestId || 'default';
+    const operationVersion = deriveOperationVersion(getPackageInfo(appDir).version);
+    const operationContracts = buildOperationContractMap({
+        handlers: handlerInfos,
+        requestId: normalizedRequestId,
+        operationVersion
+    });
+    const operationEntries = handlerInfos.map((handlerInfo)=>{
+        const upperHttpMethod = handlerInfo.httpMethod.toUpperCase();
+        const contract = operationContracts[`${upperHttpMethod}:${handlerInfo.routePath}`];
+        return {
+            name: handlerInfo.name,
+            httpMethod: upperHttpMethod,
+            routePath: handlerInfo.routePath,
+            schemaHash: contract?.schemaHash ?? ''
+        };
+    }).sort((a, b)=>{
+        const keyA = `${a.routePath}:${a.httpMethod}:${a.name}`;
+        const keyB = `${b.routePath}:${b.httpMethod}:${b.name}`;
+        return keyA.localeCompare(keyB);
+    });
+    const schemaHash = createOperationSchemaHash(operationEntries, normalizedRequestId);
+    let hasUploadHandler = false;
     let handlersCode = '';
     for (const handlerInfo of handlerInfos){
         const { name, httpMethod, routePath, action } = handlerInfo;
         let exportStatement = `var ${name} =`;
         if ('default' === name.toLowerCase()) exportStatement = 'default';
         const upperHttpMethod = httpMethod.toUpperCase();
-        const serializedRouteName = JSON.stringify(routePath);
-        const serializedMethod = JSON.stringify(upperHttpMethod);
-        const serializedMethodDecider = JSON.stringify(httpMethodDecider ? httpMethodDecider : 'functionName');
-        const serializedOperationContext = JSON.stringify({
+        const operationSchemaHash = operationContracts[`${upperHttpMethod}:${routePath}`]?.schemaHash ?? '';
+        const operationContext = {
             operationId: name,
             routePath,
             method: upperHttpMethod,
-            schemaHash,
+            schemaHash: operationSchemaHash,
             operationVersion
-        });
+        };
+        if ('upload' === action) {
+            hasUploadHandler = true;
+            const uploadOptions = {
+                path: routePath,
+                ...domain ? {
+                    domain
+                } : {},
+                ...requestId ? {
+                    requestId
+                } : {},
+                ...requestId ? {
+                    operationContext
+                } : {}
+            };
+            handlersCode += `export ${exportStatement} createUploader(${JSON.stringify(uploadOptions)});
+      `;
+            continue;
+        }
+        const serializedRouteName = JSON.stringify(routePath);
+        const serializedMethod = JSON.stringify(upperHttpMethod);
+        const serializedMethodDecider = JSON.stringify(httpMethodDecider ? httpMethodDecider : 'functionName');
+        const serializedOperationContext = JSON.stringify(operationContext);
         const tailArgs = `, ${fetcher ? 'fetch' : 'undefined'}, ${requestId ? JSON.stringify(requestId) : 'undefined'}, ${serializedOperationContext}`;
         if ('server' === target) handlersCode += `export ${exportStatement} createRequest(${serializedRouteName}, ${serializedMethod}, process.env.PORT || ${String(port)}, ${serializedMethodDecider}${tailArgs});
       `;
@@ -43,9 +95,10 @@ const generateClient = async ({ appDir, resourcePath, apiDir, lambdaDir, prefix,
     }
     const serializedRequestCreator = JSON.stringify(requestCreator);
     const serializedFetcher = fetcher ? JSON.stringify(fetcher) : void 0;
+    const namedRequestImports = `createRequest${hasUploadHandler ? ', createUploader' : ''}`;
     const importCode = requestId ? `import * as requestRuntime from ${serializedRequestCreator};
-const { createRequest } = requestRuntime;
-${serializedFetcher ? `import { fetch } from ${serializedFetcher};\n` : ''}` : `import { createRequest } from ${serializedRequestCreator};
+const { ${namedRequestImports} } = requestRuntime;
+${serializedFetcher ? `import { fetch } from ${serializedFetcher};\n` : ''}` : `import { ${namedRequestImports} } from ${serializedRequestCreator};
 ${serializedFetcher ? `import { fetch } from ${serializedFetcher};\n` : ''}`;
     const bootstrapCode = requestId ? `export const initProducerClient = (options = {}) => {
   const configure = requestRuntime.configure;

package/dist/esm-node/index.mjs

@@ -1,10 +1,12 @@
 import "node:module";
+export * from "./adapter-kit/index.mjs";
 export * from "./client/index.mjs";
 export * from "./contracts/eventContracts.mjs";
 export * from "./operators/http.mjs";
 export * from "./router/index.mjs";
 export * from "./security/crossProjectPolicy.mjs";
 export * from "./security/operationContracts.mjs";
+export * from "./security/resolveCrossProjectPolicy.mjs";
 export * from "./types.mjs";
 export { Api } from "./api.mjs";
 export { HttpError, ValidationError } from "./errors/http.mjs";

package/dist/esm-node/rslib-runtime.mjs

@@ -0,0 +1,19 @@
+import "node:module";
+var __webpack_modules__ = {};
+var __webpack_module_cache__ = {};
+function __webpack_require__(moduleId) {
+    var cachedModule = __webpack_module_cache__[moduleId];
+    if (void 0 !== cachedModule) return cachedModule.exports;
+    var module = __webpack_module_cache__[moduleId] = {
+        exports: {}
+    };
+    __webpack_modules__[moduleId](module, module.exports, __webpack_require__);
+    return module.exports;
+}
+__webpack_require__.m = __webpack_modules__;
+(()=>{
+    __webpack_require__.add = function(modules) {
+        Object.assign(__webpack_require__.m, modules);
+    };
+})();
+export { __webpack_require__ };

package/dist/esm-node/security/crossProjectPolicy.mjs

@@ -50,10 +50,18 @@ const evaluateCrossProjectPolicy = (headers, policy)=>{
     }
     const requestId = String(envelope.requestId || '').trim();
     if (!requestId) return createViolation('missing_request_id', 'Cross-project envelope does not include a valid requestId', status);
+    const claimedNamespace = extractNamespace(requestId);
+    let effectiveNamespace = claimedNamespace;
+    if ('function' == typeof policy.verifyProducerIdentity) {
+        const verifiedNamespaceRaw = policy.verifyProducerIdentity(headers);
+        const verifiedNamespace = 'string' == typeof verifiedNamespaceRaw ? verifiedNamespaceRaw.trim().toLowerCase() : void 0;
+        if (!verifiedNamespace) return createViolation('producer_identity_mismatch', 'Producer identity could not be verified for this request', status);
+        if (verifiedNamespace !== claimedNamespace) return createViolation('producer_identity_mismatch', `Envelope namespace "${claimedNamespace || 'unknown'}" does not match verified producer identity "${verifiedNamespace}"`, status);
+        effectiveNamespace = verifiedNamespace;
+    }
     const namespaces = (policy.allowedNamespaces || []).map((item)=>item.trim().toLowerCase()).filter(Boolean);
     if (namespaces.length > 0) {
-        const namespace = extractNamespace(requestId);
-        if (!namespace || !namespaces.includes(namespace)) return createViolation('namespace_not_allowed', `Producer namespace "${namespace || 'unknown'}" is not allowed`, status);
+        if (!effectiveNamespace || !namespaces.includes(effectiveNamespace)) return createViolation('namespace_not_allowed', `Producer namespace "${effectiveNamespace || 'unknown'}" is not allowed`, status);
     }
     if (requireOperationContext) {
         const operationContext = readHeader(headers, operationContextHeader);