npm - @cosmicdrift/kumiko-dev-server - Versions diffs - 0.24.0 → 0.24.1 - Mend

@cosmicdrift/kumiko-dev-server 0.24.0 → 0.24.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/package.json +1 -1
package/src/__tests__/run-prod-app-env-source.test.ts +104 -0
package/src/__tests__/scaffold-deploy.test.ts +12 -5
package/src/env-schema.ts +1 -1
package/src/run-prod-app.ts +17 -11
package/src/scaffold-app.ts +1 -1
package/src/scaffold-deploy.ts +8 -2

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cosmicdrift/kumiko-dev-server",
-  "version": "0.24.0",
+  "version": "0.24.1",
   "description": "Development server bootstrap for Kumiko apps. Bundles the client, mints dev-JWTs, injects the resolved AppSchema, and seeds an admin. Not for production.",
   "license": "BUSL-1.1",
   "author": "Marc Frost <marc@cosmicdriftgamestudio.com>",

package/src/__tests__/run-prod-app-env-source.test.ts ADDED Viewed

@@ -0,0 +1,104 @@
+// Regression: the boot-path must read the injected `envSource`, not the real
+// process.env. Boot-mode (KUMIKO_DRY_RUN_ENV=boot) validates wiring + builds
+// the registry, then tears down the lazy DB/Redis clients before any socket
+// opens — so this runs without a real Postgres/Redis (same as the CI boot
+// smoke). Before the fix, requireEnv/readEnv read process.env directly, so the
+// required-var test would throw "required env var DATABASE_URL is missing" and
+// the PORT test would bind the default instead of the injected port.
+import { afterEach, beforeEach, describe, expect, test } from "bun:test";
+import {
+  createBooleanField,
+  createEntity,
+  createTextField,
+  defineFeature,
+} from "@cosmicdrift/kumiko-framework/engine";
+import { z } from "zod";
+import { runProdApp } from "../run-prod-app";
+const probeEntity = createEntity({
+  fields: {
+    name: createTextField({ required: true }),
+    active: createBooleanField({ default: true }),
+  },
+  table: "env_source_probe",
+});
+const probeFeature = defineFeature("env-source-probe", (r) => {
+  r.entity("widget", probeEntity);
+  r.queryHandler({
+    name: "ping",
+    schema: z.object({}),
+    access: { roles: ["anonymous"] },
+    handler: async () => ({ pong: true }),
+  });
+});
+// Cleared from process.env so the test fully controls config via envSource.
+// DATABASE_URL/REDIS_URL/JWT_SECRET are required (their read throws pre-fix);
+// PORT is non-throwing, cleared only so ambient PORT can't mask the second
+// test's "PORT comes from envSource" assertion.
+const CLEARED_VARS = ["DATABASE_URL", "REDIS_URL", "JWT_SECRET", "PORT"] as const;
+const DUMMY_ENV = {
+  KUMIKO_DRY_RUN_ENV: "boot",
+  DATABASE_URL: "postgres://smoke:smoke@127.0.0.1:1/smoke",
+  REDIS_URL: "redis://127.0.0.1:1",
+  JWT_SECRET: "smokesmokesmokesmokesmokesmokesmokesmoke",
+} as const;
+describe("runProdApp boot-mode env-source", () => {
+  const saved: Record<string, string | undefined> = {};
+  beforeEach(() => {
+    for (const k of CLEARED_VARS) {
+      saved[k] = process.env[k];
+      delete process.env[k];
+    }
+  });
+  afterEach(() => {
+    for (const k of CLEARED_VARS) {
+      if (saved[k] === undefined) delete process.env[k];
+      else process.env[k] = saved[k];
+    }
+  });
+  test("boots from injected envSource even when process.env lacks the required vars", async () => {
+    const handle = await runProdApp({
+      features: [probeFeature],
+      autoListen: false,
+      migrations: false,
+      envSource: { ...DUMMY_ENV },
+    });
+    // Boot-mode with an injected envSource returns an inert dry-run handle.
+    expect(handle).toBeDefined();
+    expect(typeof handle.stop).toBe("function");
+    await handle.stop();
+  });
+  test("resolves PORT from envSource, not process.env", async () => {
+    const logs: string[] = [];
+    const originalLog = console.log;
+    console.log = (...args: unknown[]) => {
+      logs.push(args.map(String).join(" "));
+    };
+    try {
+      const handle = await runProdApp({
+        features: [probeFeature],
+        autoListen: false,
+        migrations: false,
+        envSource: { ...DUMMY_ENV, PORT: "8123" },
+      });
+      await handle.stop();
+    } finally {
+      console.log = originalLog;
+    }
+    // The boot logs "booting Kumiko stack on port <port>" — pre-fix this read
+    // process.env["PORT"] (deleted here) and would log the 3000 default.
+    expect(logs.some((line) => line.includes("port 8123"))).toBe(true);
+    expect(logs.some((line) => line.includes("port 3000"))).toBe(false);
+  });
+});

package/src/__tests__/scaffold-deploy.test.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { afterEach, beforeEach, describe, expect, it } from "bun:test";
+import { afterEach, beforeEach, describe, expect, it, spyOn } from "bun:test";
 import { existsSync, mkdirSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
@@ -205,10 +205,17 @@ describe("scaffoldDeploy", () => {
       expect(df).not.toContain("ENV GITHUB_TOKEN");
     });
-    it("malformed package.json doesn't crash detection (defaults to no private deps)", () => {
-      writeFileSync(join(tmp, "package.json"), "{ this is not json");
-      const result = scaffoldDeploy({ appName: "broken", destination: tmp });
-      expect(result.detected.hasPrivateGhPackages).toBe(false);
+    it("malformed package.json warns + defaults to no private deps (mis-detection is visible)", () => {
+      const warn = spyOn(console, "warn").mockImplementation(() => {});
+      try {
+        writeFileSync(join(tmp, "package.json"), "{ this is not json");
+        const result = scaffoldDeploy({ appName: "broken", destination: tmp });
+        expect(result.detected.hasPrivateGhPackages).toBe(false);
+        expect(warn).toHaveBeenCalledTimes(1);
+        expect(warn.mock.calls[0]?.[0]).toContain("is not valid JSON");
+      } finally {
+        warn.mockRestore();
+      }
     });
   });
 });

package/src/env-schema.ts CHANGED Viewed

@@ -47,7 +47,7 @@ export const frameworkCoreEnvSchema = z.object({
     ),
   // `z.string().optional()` (not `z.literal("1")`) — the run-prod-app
-  // call-site (`process.env["KUMIKO_SKIP_ES_OPS"] !== "1"`) ignores any
+  // call-site (`envSource["KUMIKO_SKIP_ES_OPS"] !== "1"`) ignores any
   // value other than literal "1". A stricter schema would reject e.g.
   // "true" / "yes" that the runtime silently ignores, surfacing
   // boot-errors for inputs the framework doesn't actually care about.

package/src/run-prod-app.ts CHANGED Viewed

@@ -110,8 +110,11 @@ export function buildBunServeOptions(
 // Strict env-var read. Throws with a clear hint when missing — better
 // than discovering a Postgres-connection-refused 30s into the boot.
-function requireEnv(name: string): string {
-  const value = process.env[name];
+// `src` defaults to process.env but is threaded from the caller's envSource
+// so the boot-path reads the SAME env-quelle that was validated above —
+// injected dummies in test-mode must not silently fall back to process.env.
+function requireEnv(name: string, src: Record<string, string | undefined> = process.env): string {
+  const value = src[name];
   if (value === undefined || value === "") {
     throw new Error(
       `runProdApp: required env var "${name}" is missing or empty. ` +
@@ -123,8 +126,11 @@ function requireEnv(name: string): string {
 // Optional env helper — returns undefined for missing, string for set.
 // Used for KUMIKO_INSTANCE_ID, JWT_ISSUER and other "nice to have" knobs.
-function readEnv(name: string): string | undefined {
-  const value = process.env[name];
+function readEnv(
+  name: string,
+  src: Record<string, string | undefined> = process.env,
+): string | undefined {
+  const value = src[name];
   return value === undefined || value === "" ? undefined : value;
 }
@@ -535,12 +541,12 @@ export async function runProdApp(options: RunProdAppOptions): Promise<ProdAppHan
   // 2. Env-vars: fail-fast. Better a 0s boot crash with a clear error
   //    than a 30s timeout chasing a Postgres connection that was never
   //    configured.
-  const databaseUrl = requireEnv("DATABASE_URL");
-  const redisUrl = requireEnv("REDIS_URL");
-  const jwtSecret = requireEnv("JWT_SECRET");
-  const jwtIssuer = readEnv("JWT_ISSUER");
-  const instanceId = readEnv("KUMIKO_INSTANCE_ID");
-  const port = options.port ?? Number.parseInt(process.env["PORT"] ?? "3000", 10);
+  const databaseUrl = requireEnv("DATABASE_URL", envSource);
+  const redisUrl = requireEnv("REDIS_URL", envSource);
+  const jwtSecret = requireEnv("JWT_SECRET", envSource);
+  const jwtIssuer = readEnv("JWT_ISSUER", envSource);
+  const instanceId = readEnv("KUMIKO_INSTANCE_ID", envSource);
+  const port = options.port ?? Number.parseInt(envSource["PORT"] ?? "3000", 10);
   // biome-ignore lint/suspicious/noConsole: boot-time progress hint, no logger configured this early
   console.log(`[runProdApp] booting Kumiko stack on port ${port}…`);
@@ -774,7 +780,7 @@ export async function runProdApp(options: RunProdAppOptions): Promise<ProdAppHan
   // if-missing"-Schicht; seed-migrations sind die "diff-and-update"-
   // Schicht für Drift den existing Seeds nicht erfassen können (z.B.
   // Membership-Roles-Change nach initialer Seed-Erstellung).
-  if (options.seedsDir !== undefined && process.env["KUMIKO_SKIP_ES_OPS"] !== "1") {
+  if (options.seedsDir !== undefined && envSource["KUMIKO_SKIP_ES_OPS"] !== "1") {
     await createEsOperationsTable(db);
     const seedDispatcher = createDispatcher(registry, {
       db,

package/src/scaffold-app.ts CHANGED Viewed

@@ -249,7 +249,7 @@ function renderMain(appName: string): string {
       "// Production-bootstrap. KUMIKO_DRY_RUN_ENV=boot exits after",
       "// composeFeatures + validateBoot + createRegistry without DB/Redis-connect",
       "// (siehe @cosmicdrift/kumiko-dev-server runProdApp). Echter Dev-Boot",
-      "// passiert via `bun kumiko dev` (in-repo dev-tool) mit Docker-stack — DX-1.0 deckt nur",
+      "// passiert via `bunx kumiko dev` (in-repo dev-tool) mit Docker-stack — DX-1.0 deckt nur",
       "// den boot-mode-Pfad ab; `kumiko dev` kommt in einer späteren DX-Phase.",
       "",
       "",

package/src/scaffold-deploy.ts CHANGED Viewed

@@ -143,8 +143,14 @@ function detectOptionalSurfaces(sourceDir: string): ScaffoldDeployDetected {
       hasPrivateGhPackages = Object.keys(allDeps).some((d) =>
         d.startsWith("@cosmicdriftgamestudio/"),
       );
-    } catch {
-      // malformed package.json — assume no private packages, app-author can override via Dockerfile
+    } catch (err) {
+      // malformed package.json — assume no private packages, app-author can
+      // override via Dockerfile. Warn so a silent mis-detection (later YN0041
+      // on yarn install) is traceable to the scaffold step.
+      // biome-ignore lint/suspicious/noConsole: scaffold visibility for skipped private-package detection
+      console.warn(
+        `scaffoldDeploy: package.json at ${pkgJsonPath} is not valid JSON — private-GH-packages detection skipped (${err instanceof Error ? err.message : String(err)})`,
+      );
     }
   }
   return { hasSeeds, hasPrivateGhPackages };