@decocms/start 6.0.0 → 6.0.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@decocms/start",
-  "version": "6.0.0",
+  "version": "6.0.1",
   "type": "module",
   "description": "Deco framework for TanStack Start - CMS bridge, admin protocol, hooks, schema generation",
   "main": "./src/index.ts",

package/scripts/generate-invoke.test.ts

@@ -21,18 +21,20 @@ import { spawnSync } from "node:child_process";
 import * as fs from "node:fs";
 import * as os from "node:os";
 import * as path from "node:path";
-import { afterEach, beforeEach, describe, expect, it } from "vitest";
+import { afterAll, beforeAll, describe, expect, it } from "vitest";
 
 const GENERATOR = path.resolve(__dirname, "generate-invoke.ts");
 
 const FIXTURE_INVOKE_TS = `\
 import { createInvokeFn } from "@decocms/start/sdk/createInvoke";
 import { getOrCreateCart, simulateCart } from "./actions/checkout";
+import { createSession } from "./actions/session";
 import type { OrderForm } from "./types";
 
 export const invoke = {
 	vtex: {
 		actions: {
+			// Direct pass-through wrapper — most common shape.
 			getOrCreateCart: createInvokeFn(
 				(data: { orderFormId?: string }) => getOrCreateCart(data),
 			) as unknown as (ctx: { data: { orderFormId?: string } }) => Promise<OrderForm>,
@@ -40,6 +42,13 @@ export const invoke = {
 			simulateCart: createInvokeFn(
 				(data: { postalCode: string }) => simulateCart(data),
 			),
+
+			// Adapting wrapper — payload gets wrapped into the action's
+			// props shape. The generator MUST preserve this wrap or the
+			// action call typechecks against the wrong props type.
+			createSession: createInvokeFn(
+				(data: Record<string, any>) => createSession({ data }),
+			),
 		},
 	},
 } as const;
@@ -52,14 +61,25 @@ const FIXTURE_ACTIONS_CHECKOUT_TS = `\
 export async function getOrCreateCart(_data: any): Promise<any> { return null; }
 export async function simulateCart(_data: any): Promise<any> { return null; }
 `;
+const FIXTURE_ACTIONS_SESSION_TS = `\
+export interface CreateSessionProps { data: Record<string, any>; }
+export async function createSession(_props: CreateSessionProps): Promise<any> { return null; }
+`;
 const FIXTURE_TYPES_TS = `export type OrderForm = unknown;\n`;
 
 describe("generate-invoke.ts — output shape", () => {
+  // The fixture is read-only across tests: every assertion runs against
+  // the same generated `invoke.gen.ts`. Running the generator once in
+  // `beforeAll` keeps the test fast (each `npx tsx` spawn is ~3-5s) and
+  // sidesteps the vitest 5s default per-test timeout that this suite was
+  // tipping over once we grew the fixture.
   let appsDir: string;
   let siteDir: string;
   let outFile: string;
+  let generatedOutput: string;
+  let generatorStatus: number | null;
 
-  beforeEach(() => {
+  beforeAll(() => {
     const tmp = fs.mkdtempSync(path.join(os.tmpdir(), "gen-invoke-"));
     appsDir = path.join(tmp, "apps");
     siteDir = path.join(tmp, "site");
@@ -70,11 +90,23 @@ describe("generate-invoke.ts — output shape", () => {
       path.join(appsDir, "vtex", "actions", "checkout.ts"),
       FIXTURE_ACTIONS_CHECKOUT_TS,
     );
+    fs.writeFileSync(
+      path.join(appsDir, "vtex", "actions", "session.ts"),
+      FIXTURE_ACTIONS_SESSION_TS,
+    );
     fs.writeFileSync(path.join(appsDir, "vtex", "types.ts"), FIXTURE_TYPES_TS);
     outFile = path.join(siteDir, "src", "server", "invoke.gen.ts");
-  });
 
-  afterEach(() => {
+    const result = spawnSync(
+      "npx",
+      ["tsx", GENERATOR, "--apps-dir", appsDir, "--out-file", outFile],
+      { cwd: siteDir, encoding: "utf8" },
+    );
+    generatorStatus = result.status;
+    generatedOutput = fs.readFileSync(outFile, "utf8");
+  }, 30_000);
+
+  afterAll(() => {
     // Best-effort cleanup; tmp dirs leak otherwise.
     try {
       fs.rmSync(path.dirname(appsDir), { recursive: true, force: true });
@@ -83,86 +115,81 @@ describe("generate-invoke.ts — output shape", () => {
     }
   });
 
-  function runGenerator(): { stdout: string; stderr: string; status: number | null } {
-    const result = spawnSync(
-      "npx",
-      [
-        "tsx",
-        GENERATOR,
-        "--apps-dir",
-        appsDir,
-        "--out-file",
-        outFile,
-      ],
-      {
-        cwd: siteDir,
-        encoding: "utf8",
-      },
-    );
-    return {
-      stdout: result.stdout ?? "",
-      stderr: result.stderr ?? "",
-      status: result.status,
-    };
-  }
+  it("runs to completion against a minimal fixture", () => {
+    // Sanity check — every subsequent assertion is wasted if the
+    // generator process bombed.
+    expect(generatorStatus).toBe(0);
+  });
 
   it("imports the framework helpers needed for Set-Cookie propagation", () => {
-    const { status } = runGenerator();
-    expect(status).toBe(0);
-
-    const out = fs.readFileSync(outFile, "utf8");
     // Both imports must be present — without them, forwardResponseCookies
     // doesn't compile in the site, and the regression we're fixing
     // resurfaces silently when someone deletes one of them.
-    expect(out).toContain('from "@tanstack/react-start/server"');
-    expect(out).toMatch(/getResponseHeaders\s*,?\s*\n?\s*setResponseHeader/);
-    expect(out).toContain('import { RequestContext } from "@decocms/start/sdk/requestContext"');
+    expect(generatedOutput).toContain('from "@tanstack/react-start/server"');
+    expect(generatedOutput).toMatch(/getResponseHeaders\s*,?\s*\n?\s*setResponseHeader/);
+    expect(generatedOutput).toContain(
+      'import { RequestContext } from "@decocms/start/sdk/requestContext"',
+    );
   });
 
   it("emits the forwardResponseCookies helper exactly once", () => {
-    runGenerator();
-    const out = fs.readFileSync(outFile, "utf8");
-    // Match the declaration, not call sites. There's only one helper.
-    const declMatches = out.match(/function forwardResponseCookies\(\)/g);
+    const declMatches = generatedOutput.match(/function forwardResponseCookies\(\)/g);
     expect(declMatches).toHaveLength(1);
 
     // The helper must read from RequestContext.responseHeaders and call
     // setResponseHeader. Locking the bridge ends-to-ends.
-    expect(out).toContain("RequestContext.current");
-    expect(out).toContain("ctx.responseHeaders.getSetCookie");
-    expect(out).toContain('setResponseHeader("set-cookie"');
+    expect(generatedOutput).toContain("RequestContext.current");
+    expect(generatedOutput).toContain("ctx.responseHeaders.getSetCookie");
+    expect(generatedOutput).toContain('setResponseHeader("set-cookie"');
   });
 
   it("calls forwardResponseCookies() inside every generated handler", () => {
-    runGenerator();
-    const out = fs.readFileSync(outFile, "utf8");
-
     // Each .handler(async ({ data }) ...) block produced by the
     // generator must contain a `forwardResponseCookies()` call. We
     // count handlers vs. call sites — excluding the declaration site
     // (`function forwardResponseCookies()`), which also matches the
     // bare `forwardResponseCookies()` token.
-    const handlerCount = (out.match(/\.handler\(async \(\{ data \}\)/g) ?? []).length;
-    const allOccurrences = (out.match(/\bforwardResponseCookies\(\)/g) ?? []).length;
-    const declSites = (out.match(/function\s+forwardResponseCookies\(\)/g) ?? []).length;
+    const handlerCount = (generatedOutput.match(/\.handler\(async \(\{ data \}\)/g) ?? []).length;
+    const allOccurrences = (generatedOutput.match(/\bforwardResponseCookies\(\)/g) ?? []).length;
+    const declSites = (generatedOutput.match(/function\s+forwardResponseCookies\(\)/g) ?? [])
+      .length;
     const callSites = allOccurrences - declSites;
 
-    expect(handlerCount).toBe(2);
+    expect(handlerCount).toBe(3);
     expect(declSites).toBe(1);
-    expect(callSites).toBe(2);
+    expect(callSites).toBe(3);
   });
 
   it("calls forwardResponseCookies AFTER the action awaits (so RequestContext is populated)", () => {
-    runGenerator();
-    const out = fs.readFileSync(outFile, "utf8");
-
     // The action must complete (await result) before we read the
     // captured Set-Cookies — otherwise we'd forward an empty set
-    // every time. Verifying ordering via regex is brittle but the
-    // surface is small enough.
+    // every time. The expression body after `await` can be any call
+    // shape the wrapper produces (`fn(data)` or `fn({ data })`),
+    // so we match across the whole expression up to the semicolon.
     const pattern =
-      /const result = await \w+\(data\);\s+forwardResponseCookies\(\);\s+return (?:unwrapResult\(result\)|result);/g;
-    const orderedCalls = out.match(pattern) ?? [];
-    expect(orderedCalls.length).toBe(2);
+      /const result = await [^;]+;\s+forwardResponseCookies\(\);\s+return (?:unwrapResult\(result\)|result);/g;
+    const orderedCalls = generatedOutput.match(pattern) ?? [];
+    expect(orderedCalls.length).toBe(3);
+  });
+
+  it("preserves adapting wrappers verbatim (does not collapse to actionFn(data))", () => {
+    // Regression for the createSession-shape wrapper: the generator
+    // previously hard-coded `${importedFn}(data)` in every handler,
+    // silently dropping the wrap that wrappers like
+    //   createSession: createInvokeFn((data) => createSession({ data }))
+    // perform to bridge the external invoke shape to the internal
+    // action shape. Sites that regenerated against this hit
+    // `TS2345: Property 'data' is missing in type '{ [x: string]: any; }'`
+    // at the regenerated call site of every adapting wrapper.
+    expect(generatedOutput).toContain("const result = await createSession({ data });");
+    // And the broken shortcut must NOT appear for this action.
+    expect(generatedOutput).not.toMatch(/const result = await createSession\(data\);/);
+
+    // Direct pass-through wrappers are unaffected: their body is
+    // already `actionFn(data)`, so emitting verbatim produces the same
+    // output that the previous shortcut produced. Lock that too — a
+    // future refactor that breaks pass-throughs would be just as bad.
+    expect(generatedOutput).toContain("const result = await getOrCreateCart(data);");
+    expect(generatedOutput).toContain("const result = await simulateCart(data);");
   });
 });

package/scripts/generate-invoke.ts

@@ -375,23 +375,39 @@ for (const action of actions) {
   const varName = `$${action.name}`;
 
   if (action.importedFn) {
-    // All @decocms/apps action functions take a single props object.
-    // Pass the validated `data` object directly — never destructure into
-    // positional arguments, which breaks when function signatures change.
+    // Emit the wrapper body verbatim. The arrow function in
+    // @decocms/apps/vtex/invoke.ts is the contract that maps the external
+    // invoke shape (what storefront callers send) to the internal action
+    // shape (what vtex/actions/* expects). Most wrappers are direct
+    // pass-throughs (`actionFn(data)`) but some adapt the payload
+    // (e.g. `createSession({ data })` wraps a flat session payload into
+    // CreateSessionProps). Hard-coding `${importedFn}(data)` silently
+    // dropped the wrap, producing typecheck errors at the call site of
+    // every adapting wrapper.
+    //
+    // Invariant: when action.importedFn is set, action.callBody was
+    // non-empty and contained `${importedFn}(` (that's how importedFn was
+    // discovered in the first place — see the importMap scan above).
+    // Block bodies clear callBody to "", which forces importedFn to ""
+    // and routes to the stub branch below.
+    //
+    // The arrow's parameter is `data` by convention across every wrapper
+    // in vtex/invoke.ts, and the generated handler destructures `{ data }`
+    // from the validator output, so callBody's `data` references resolve
+    // to the handler's local `data` without any rename.
     //
     // forwardResponseCookies() runs AFTER the action awaits, so any
     // Set-Cookie that vtexFetchWithCookies captured onto
     // RequestContext.responseHeaders gets promoted to the actual HTTP
-    // response. Safe no-op when the action didn't touch
-    // responseHeaders (e.g. masterData reads), so it's applied
-    // unconditionally — the alternative (a static allow-list of
-    // cookie-bearing actions) silently misses any new actions that
-    // start propagating cookies.
+    // response. Safe no-op when the action didn't touch responseHeaders
+    // (e.g. masterData reads), so it's applied unconditionally — the
+    // alternative (a static allow-list of cookie-bearing actions)
+    // silently misses any new actions that start propagating cookies.
     if (action.unwrap) {
       out += `\nconst ${varName} = createServerFn({ method: "POST" })
   .inputValidator((data: ${action.inputType}) => data)
   .handler(async ({ data }): Promise<any> => {
-    const result = await ${action.importedFn}(data);
+    const result = await ${action.callBody};
     forwardResponseCookies();
     return unwrapResult(result);
   });\n`;
@@ -399,7 +415,7 @@ for (const action of actions) {
       out += `\nconst ${varName} = createServerFn({ method: "POST" })
   .inputValidator((data: ${action.inputType}) => data)
   .handler(async ({ data }): Promise<any> => {
-    const result = await ${action.importedFn}(data);
+    const result = await ${action.callBody};
     forwardResponseCookies();
     return result;
   });\n`;