@cyberismo/backend 0.0.21 → 0.0.22

package/src/domain/project/service.ts

@@ -50,17 +50,19 @@ async function toModuleInfo(
 export async function getProject(
   commands: CommandManager,
 ): Promise<ProjectInfo> {
-  const project = await commands.showCmd.showProject();
-  const modules = await commands.showCmd.showModules();
-  const moduleDetails = await Promise.all(
-    modules.map((mod) => toModuleInfo(commands, mod)),
-  );
+  return commands.consistent(async () => {
+    const project = await commands.showCmd.showProject();
+    const modules = await commands.showCmd.showModules();
+    const moduleDetails = await Promise.all(
+      modules.map((mod) => toModuleInfo(commands, mod)),
+    );
 
-  return {
-    name: project.name,
-    cardKeyPrefix: project.prefix,
-    modules: moduleDetails,
-  };
+    return {
+      name: project.name,
+      cardKeyPrefix: project.prefix,
+      modules: moduleDetails,
+    };
+  });
 }
 
 export async function updateProject(
@@ -69,12 +71,14 @@ export async function updateProject(
 ): Promise<ProjectInfo> {
   const { name, cardKeyPrefix } = updates;
 
-  if (cardKeyPrefix) {
-    await commands.renameCmd.rename(cardKeyPrefix);
-  }
-  if (name) {
-    await commands.project.configuration.setProjectName(name);
-  }
+  await commands.atomic(async () => {
+    if (cardKeyPrefix) {
+      await commands.renameCmd.rename(cardKeyPrefix);
+    }
+    if (name) {
+      await commands.project.configuration.setProjectName(name);
+    }
+  }, 'Update project settings');
 
   return getProject(commands);
 }

package/src/domain/reports/index.ts

@@ -15,6 +15,8 @@ import { Hono } from 'hono';
 import * as reportService from './service.js';
 import { createReportSchema } from './schema.js';
 import { zValidator } from '../../middleware/zvalidator.js';
+import { UserRole } from '../../types.js';
+import { requireRole } from '../../middleware/auth.js';
 
 const router = new Hono();
 
@@ -43,12 +45,17 @@ const router = new Hono();
  *       500:
  *         description: Server error
  */
-router.post('/', zValidator('json', createReportSchema), async (c) => {
-  const commands = c.get('commands');
-  const { identifier } = c.req.valid('json');
+router.post(
+  '/',
+  requireRole(UserRole.Admin),
+  zValidator('json', createReportSchema),
+  async (c) => {
+    const commands = c.get('commands');
+    const { identifier } = c.req.valid('json');
 
-  await reportService.createReport(commands, identifier);
-  return c.json({ message: 'Report created successfully' });
-});
+    await reportService.createReport(commands, identifier);
+    return c.json({ message: 'Report created successfully' });
+  },
+);
 
 export default router;

package/src/domain/resources/index.ts

@@ -14,12 +14,14 @@
 import { Hono } from 'hono';
 import * as resourceService from './service.js';
 import type { ResourceValidationResponse } from '../../types.js';
+import { UserRole } from '../../types.js';
 import { resourceParamsSchema } from '../../common/validationSchemas.js';
 import { zValidator } from '../../middleware/zvalidator.js';
 import {
   validateResourceParamsSchema,
   updateOperationBodySchema,
 } from './schema.js';
+import { requireRole } from '../../middleware/auth.js';
 
 const router = new Hono();
 
@@ -35,7 +37,7 @@ const router = new Hono();
  *       500:
  *         description: project_path not set or other internal error
  */
-router.get('/tree', async (c) => {
+router.get('/tree', requireRole(UserRole.Reader), async (c) => {
   const commands = c.get('commands');
 
   try {
@@ -97,6 +99,7 @@ router.get('/tree', async (c) => {
  */
 router.get(
   '/:prefix/:type/:identifier/validate',
+  requireRole(UserRole.Reader),
   zValidator('param', validateResourceParamsSchema),
   async (c) => {
     const commands = c.get('commands');
@@ -117,6 +120,7 @@ router.get(
 
 router.delete(
   '/:prefix/:type/:identifier',
+  requireRole(UserRole.Admin),
   zValidator('param', resourceParamsSchema),
   async (c) => {
     const commands = c.get('commands');
@@ -130,6 +134,7 @@ router.delete(
 
 router.post(
   '/:prefix/:type/:identifier/operation',
+  requireRole(UserRole.Admin),
   zValidator('param', resourceParamsSchema),
   zValidator('json', updateOperationBodySchema),
   async (c) => {

package/src/domain/resources/service.ts

@@ -42,7 +42,7 @@ const resourceTypes: ResourceFolderType[] = [
 
 async function getModules(commands: CommandManager) {
   try {
-    const moduleNames = commands.showCmd.showModules();
+    const moduleNames = await commands.showCmd.showModules();
     return Promise.all(
       moduleNames.map(async (moduleName) => {
         try {
@@ -77,102 +77,104 @@ function sortTemplateCardsByRank(
 }
 
 export async function buildResourceTree(commands: CommandManager) {
-  const project = await commands.showCmd.showProject();
-  const tree: unknown[] = [];
-
-  const sortByDisplayName = (
-    nodes: { data: { displayName: string; name: string } }[],
-  ) =>
-    nodes.sort((a, b) =>
-      (a.data.displayName || a.data.name.split('/')[2] || '').localeCompare(
-        b.data.displayName || b.data.name.split('/')[2] || '',
-      ),
-    );
-
-  const modules = await getModules(commands);
-
-  // General section first (single node with project + modules metadata)
-  tree.push({
-    id: 'general-project',
-    type: 'general',
-    name: 'project',
-    data: {
-      name: project.name,
-      cardKeyPrefix: project.prefix,
-      modules,
-    },
-    readOnly: false,
-  });
-
-  // Process each resource type
-  for (const resourceType of resourceTypes) {
-    let rootResources: unknown[];
-    let moduleResources: { [prefix: string]: unknown[] };
-
-    if (resourceType === 'templates') {
-      ({ rootResources, moduleResources } = await processTemplates(
-        commands,
-        project.prefix,
-      ));
-    } else {
-      ({ rootResources, moduleResources } = await groupResourcesByPrefix(
-        commands,
-        resourceType,
-        project.prefix,
-      ));
-    }
+  return commands.consistent(async () => {
+    const project = await commands.showCmd.showProject();
+    const tree: unknown[] = [];
+
+    const sortByDisplayName = (
+      nodes: { data: { displayName: string; name: string } }[],
+    ) =>
+      nodes.sort((a, b) =>
+        (a.data.displayName || a.data.name.split('/')[2] || '').localeCompare(
+          b.data.displayName || b.data.name.split('/')[2] || '',
+        ),
+      );
 
-    // Sort resources by display name if present
-    sortByDisplayName(
-      rootResources as { data: { displayName: string; name: string } }[],
-    );
+    const modules = await getModules(commands);
+
+    // General section first (single node with project + modules metadata)
+    tree.push({
+      id: 'general-project',
+      type: 'general',
+      name: 'project',
+      data: {
+        name: project.name,
+        cardKeyPrefix: project.prefix,
+        modules,
+      },
+      readOnly: false,
+    });
+
+    // Process each resource type
+    for (const resourceType of resourceTypes) {
+      let rootResources: unknown[];
+      let moduleResources: { [prefix: string]: unknown[] };
+
+      if (resourceType === 'templates') {
+        ({ rootResources, moduleResources } = await processTemplates(
+          commands,
+          project.prefix,
+        ));
+      } else {
+        ({ rootResources, moduleResources } = await groupResourcesByPrefix(
+          commands,
+          resourceType,
+          project.prefix,
+        ));
+      }
 
-    Object.values(moduleResources).forEach((resources) =>
+      // Sort resources by display name if present
       sortByDisplayName(
-        resources as { data: { displayName: string; name: string } }[],
-      ),
-    );
+        rootResources as { data: { displayName: string; name: string } }[],
+      );
+
+      Object.values(moduleResources).forEach((resources) =>
+        sortByDisplayName(
+          resources as { data: { displayName: string; name: string } }[],
+        ),
+      );
 
-    const projectNode =
-      rootResources.length > 0
-        ? [
-            {
-              id: `${resourceType}-project`,
-              type: 'module',
-              name: 'project',
-              children: rootResources,
-              readOnly: false,
-            },
-          ]
-        : [];
-
-    const moduleNodes = Object.entries(moduleResources)
-      .map(([prefix, resources]) => ({
-        id: `${resourceType}-module-${prefix}`,
-        type: 'module',
-        name:
-          modules.find((module) => module.cardKeyPrefix === prefix)?.name ||
+      const projectNode =
+        rootResources.length > 0
+          ? [
+              {
+                id: `${resourceType}-project`,
+                type: 'module',
+                name: 'project',
+                children: rootResources,
+                readOnly: false,
+              },
+            ]
+          : [];
+
+      const moduleNodes = Object.entries(moduleResources)
+        .map(([prefix, resources]) => ({
+          id: `${resourceType}-module-${prefix}`,
+          type: 'module',
+          name:
+            modules.find((module) => module.cardKeyPrefix === prefix)?.name ||
+            prefix,
           prefix,
-        prefix,
-        children: resources,
-        readOnly: true,
-      }))
-      .sort((a, b) => a.name.localeCompare(b.name));
-
-    const allResources = [...projectNode, ...moduleNodes];
-
-    // Add combined resources (project + modules nested under module nodes) under the same group
-    if (allResources.length > 0) {
-      tree.push({
-        id: resourceType,
-        type: 'resourceGroup',
-        name: resourceType,
-        children: allResources,
-      });
+          children: resources,
+          readOnly: true,
+        }))
+        .sort((a, b) => a.name.localeCompare(b.name));
+
+      const allResources = [...projectNode, ...moduleNodes];
+
+      // Add combined resources (project + modules nested under module nodes) under the same group
+      if (allResources.length > 0) {
+        tree.push({
+          id: resourceType,
+          type: 'resourceGroup',
+          name: resourceType,
+          children: allResources,
+        });
+      }
     }
-  }
 
-  return tree;
+    return tree;
+  });
 }
 
 // Helper function to parse resource prefix
@@ -456,9 +458,8 @@ export async function validateResource(
   commands: CommandManager,
   resource: ValidateResourceParams,
 ) {
-  const errors = await commands.validateCmd.validateResource(
-    resource,
-    commands.project,
+  const errors = await commands.consistent(() =>
+    commands.validateCmd.validateResource(resource, commands.project),
   );
 
   return {
@@ -476,9 +477,13 @@ export async function updateResourceWithOperation(
   body: UpdateOperationBody,
 ) {
   const { updateKey, operation } = body;
-  await commands.updateCmd.applyResourceOperation(
-    resourceNameToString(resource),
-    updateKey,
-    operation,
+  await commands.atomic(
+    () =>
+      commands.updateCmd.applyResourceOperation(
+        resourceNameToString(resource),
+        updateKey,
+        operation,
+      ),
+    `Update ${resource.type} ${resource.identifier}`,
   );
 }

package/src/domain/templates/index.ts

@@ -16,6 +16,8 @@ import * as templateService from './service.js';
 import { createTemplateSchema, addTemplateCardSchema } from './schema.js';
 import { zValidator } from '../../middleware/zvalidator.js';
 import { isSSGContext } from 'hono/ssg';
+import { UserRole } from '../../types.js';
+import { requireRole } from '../../middleware/auth.js';
 
 const router = new Hono();
 
@@ -33,7 +35,7 @@ const router = new Hono();
  *       500:
  *         description: project_path not set or other internal error
  */
-router.get('/', async (c) => {
+router.get('/', requireRole(UserRole.Reader), async (c) => {
   // We do not need templates in ssg context
   if (isSSGContext(c)) {
     return c.json([]);
@@ -78,13 +80,18 @@ router.get('/', async (c) => {
  *       500:
  *         description: Server error
  */
-router.post('/', zValidator('json', createTemplateSchema), async (c) => {
-  const commands = c.get('commands');
-  const { identifier } = c.req.valid('json');
+router.post(
+  '/',
+  requireRole(UserRole.Admin),
+  zValidator('json', createTemplateSchema),
+  async (c) => {
+    const commands = c.get('commands');
+    const { identifier } = c.req.valid('json');
 
-  await templateService.createTemplate(commands, identifier);
-  return c.json({ message: 'Template created successfully' });
-});
+    await templateService.createTemplate(commands, identifier);
+    return c.json({ message: 'Template created successfully' });
+  },
+);
 
 /**
  * @swagger
@@ -119,18 +126,23 @@ router.post('/', zValidator('json', createTemplateSchema), async (c) => {
  *       500:
  *         description: Server error
  */
-router.post('/card', zValidator('json', addTemplateCardSchema), async (c) => {
-  const commands = c.get('commands');
-  const { template, cardType, parentKey, count } = c.req.valid('json');
+router.post(
+  '/card',
+  requireRole(UserRole.Admin),
+  zValidator('json', addTemplateCardSchema),
+  async (c) => {
+    const commands = c.get('commands');
+    const { template, cardType, parentKey, count } = c.req.valid('json');
 
-  const added = await templateService.addTemplateCard(
-    commands,
-    template,
-    cardType,
-    parentKey,
-    count,
-  );
-  return c.json({ cards: added });
-});
+    const added = await templateService.addTemplateCard(
+      commands,
+      template,
+      cardType,
+      parentKey,
+      count,
+    );
+    return c.json({ cards: added });
+  },
+);
 
 export default router;

package/src/domain/tree/index.ts

@@ -15,6 +15,8 @@ import { Hono } from 'hono';
 import * as treeService from './service.js';
 import { isSSGContext } from 'hono/ssg';
 import type { AppContext } from '../../types.js';
+import { UserRole } from '../../types.js';
+import { requireRole } from '../../middleware/auth.js';
 
 const router = new Hono();
 
@@ -32,7 +34,7 @@ const router = new Hono();
  *       500:
  *         description: project_path not set or other internal error
  */
-router.get('/', async (c: AppContext) => {
+router.get('/', requireRole(UserRole.Reader), async (c: AppContext) => {
   const commands = c.get('commands');
   const tree = c.get('tree');
 

package/src/domain/workflows/index.ts

@@ -15,6 +15,8 @@ import { Hono } from 'hono';
 import * as workflowService from './service.js';
 import { createWorkflowSchema } from './schema.js';
 import { zValidator } from '../../middleware/zvalidator.js';
+import { UserRole } from '../../types.js';
+import { requireRole } from '../../middleware/auth.js';
 
 const router = new Hono();
 
@@ -43,12 +45,17 @@ const router = new Hono();
  *       500:
  *         description: Server error
  */
-router.post('/', zValidator('json', createWorkflowSchema), async (c) => {
-  const commands = c.get('commands');
-  const { identifier } = c.req.valid('json');
+router.post(
+  '/',
+  requireRole(UserRole.Admin),
+  zValidator('json', createWorkflowSchema),
+  async (c) => {
+    const commands = c.get('commands');
+    const { identifier } = c.req.valid('json');
 
-  await workflowService.createWorkflow(commands, identifier);
-  return c.json({ message: 'Workflow created successfully' });
-});
+    await workflowService.createWorkflow(commands, identifier);
+    return c.json({ message: 'Workflow created successfully' });
+  },
+);
 
 export default router;

package/src/export.ts

@@ -15,8 +15,9 @@ import path from 'node:path';
 
 import fs, { readFile } from 'node:fs/promises';
 
-import { CommandManager } from '@cyberismo/data-handler';
+import type { CommandManager } from '@cyberismo/data-handler';
 import { createApp } from './app.js';
+import { MockAuthProvider } from './auth/mock.js';
 import { cp, writeFile } from 'node:fs/promises';
 import { staticFrontendDirRelative } from './utils.js';
 import type { QueryResult } from '@cyberismo/data-handler/types/queries';
@@ -41,16 +42,15 @@ export function reset() {
 /**
  * Get the card query result for a given card key. Should only be called during
  * static site generation
- * @param projectPath - Path to the project.
+ * @param commands - CommandManager instance for the project.
  * @param cardKey - Key of the card to get the query result for.
  * @returns The card query result for the given card key.
  */
 export async function getCardQueryResult(
-  projectPath: string,
+  commands: CommandManager,
   cardKey?: string,
 ): Promise<QueryResult<'card'>[]> {
   if (!_cardQueryPromise) {
-    const commands = await CommandManager.getInstance(projectPath);
     // fetch all cards
     _cardQueryPromise = commands.project.calculationEngine.runQuery(
       'card',
@@ -73,20 +73,19 @@ export async function getCardQueryResult(
 /**
  * Export the site to a given directory.
  * Note: Do not call this function in parallel.
- * @param projectPath - Path to the project.
+ * @param commands - CommandManager instance for the project.
+ * @param exportDir - Directory to export to.
  * @param options - Export options.
  * @param options.recursive - Whether to export cards recursively.
  * @param options.cardKey - Key of the card to export. If not provided, all cards will be exported.
- * @param exportDir - Directory to export to.
  * @param level - Log level for the operation.
  * @param onProgress - Optional progress callback function.
  * @returns An object containing any errors that occurred during export.
  */
 export async function exportSite(
-  projectPath: string,
+  commands: CommandManager,
   exportDir?: string,
   options?: TreeOptions,
-  level?: 'trace' | 'debug' | 'info' | 'warn' | 'error' | 'fatal',
   onProgress?: (current: number, total: number) => void,
 ): Promise<{ errors: string[] }> {
   exportDir = exportDir || 'static';
@@ -96,7 +95,7 @@ export async function exportSite(
     ...options,
   };
 
-  const app = createApp(projectPath, opts);
+  const app = createApp(new MockAuthProvider(), commands, opts);
 
   // copy whole frontend to the same directory
   await cp(staticFrontendDirRelative, exportDir, { recursive: true });
@@ -109,10 +108,6 @@ export async function exportSite(
     JSON.stringify(configJson),
   );
 
-  const commands = await CommandManager.getInstance(projectPath, {
-    logLevel: level,
-  });
-
   reset();
   await commands.project.calculationEngine.generate();
 
@@ -130,6 +125,14 @@ export async function exportSite(
     concurrency: 5,
     plugins: [
       {
+        beforeRequestHook: (req) => {
+          const url = new URL(req.url);
+          // Skip MCP routes — they require session state and are not part of the static site
+          if (url.pathname.startsWith('/mcp')) {
+            return false;
+          }
+          return req;
+        },
         afterResponseHook: async (response) => {
           if (![200, 201, 204].includes(response.status)) {
             const error = await response.json();

package/src/index.ts

@@ -16,8 +16,13 @@ import { Hono } from 'hono';
 import { serveStatic } from '@hono/node-server/serve-static';
 import path from 'node:path';
 import { readFile } from 'node:fs/promises';
+import type { CommandManager } from '@cyberismo/data-handler';
 import { findFreePort } from './utils.js';
 import { createApp } from './app.js';
+import type { AuthProvider } from './auth/types.js';
+export { MockAuthProvider } from './auth/mock.js';
+export type { MockUserConfig } from './auth/mock.js';
+export type { AuthProvider } from './auth/types.js';
 export { exportSite } from './export.js';
 
 const DEFAULT_PORT = 3000;
@@ -47,11 +52,13 @@ export async function previewSite(dir: string, findPort: boolean = true) {
 
 /**
  * Start the server
- * @param projectPath - Path to the project
+ * @param authProvider - Authentication provider
+ * @param commands - CommandManager instance for the project
  * @param findPort - If true, find a free port
  */
 export async function startServer(
-  projectPath?: string,
+  authProvider: AuthProvider,
+  commands: CommandManager,
   findPort: boolean = true,
 ) {
   let port = parseInt(process.env.PORT || DEFAULT_PORT.toString(), 10);
@@ -59,7 +66,7 @@ export async function startServer(
   if (findPort) {
     port = await findFreePort(port, DEFAULT_MAX_PORT);
   }
-  const app = createApp(projectPath);
+  const app = createApp(authProvider, commands);
   startApp(app, port);
 }