@donkeylabs/cli 1.1.17 → 1.1.19

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@donkeylabs/cli",
-  "version": "1.1.17",
+  "version": "1.1.19",
   "type": "module",
   "description": "CLI for @donkeylabs/server - project scaffolding and code generation",
   "main": "./src/index.ts",

package/src/commands/generate.ts

@@ -83,6 +83,110 @@ async function extractMiddlewareNames(pluginPath: string): Promise<string[]> {
   }
 }
 
+interface ServiceDefinitionInfo {
+  name: string;
+  exportName: string;
+  filePath: string;
+  returnType: string | null;
+}
+
+/**
+ * Extract defineService calls from source files.
+ * Looks for patterns like: export const myService = defineService("name", ...)
+ */
+async function extractServiceDefinitions(filePath: string): Promise<ServiceDefinitionInfo[]> {
+  try {
+    const content = await readFile(filePath, "utf-8");
+    const services: ServiceDefinitionInfo[] = [];
+
+    // Match: export const serviceName = defineService("name", ...)
+    // Also try to capture return type annotation if present
+    const pattern = /export\s+const\s+(\w+)\s*=\s*defineService\s*\(\s*["'](\w+)["']/g;
+
+    let match;
+    while ((match = pattern.exec(content)) !== null) {
+      const exportName = match[1] || "";
+      const serviceName = match[2] || "";
+
+      // Try to find return type from explicit annotation or factory return
+      // Look for patterns like: defineService<"name", NVRService>(...) or ): Promise<NVR> =>
+      let returnType: string | null = null;
+
+      // Check for generic type parameter: defineService<"name", ReturnType>
+      const genericMatch = content.slice(match.index).match(
+        /defineService\s*<\s*["']\w+["']\s*,\s*([^>]+)>/
+      );
+      if (genericMatch?.[1]) {
+        returnType = genericMatch[1].trim();
+      }
+
+      // Check for return type annotation on the factory: (ctx): Promise<Type> =>
+      if (!returnType) {
+        const factoryMatch = content.slice(match.index, match.index + 500).match(
+          /,\s*(?:async\s*)?\([^)]*\)\s*(?::\s*(?:Promise\s*<\s*)?([A-Z]\w+))?/
+        );
+        if (factoryMatch?.[1]) {
+          returnType = factoryMatch[1].trim();
+        }
+      }
+
+      services.push({
+        name: serviceName,
+        exportName,
+        filePath,
+        returnType,
+      });
+    }
+
+    return services;
+  } catch {
+    return [];
+  }
+}
+
+/**
+ * Find all service definitions in the project.
+ * Scans common locations: server entry, services directory, etc.
+ */
+async function findServiceDefinitions(entryPath: string, servicesPattern?: string): Promise<ServiceDefinitionInfo[]> {
+  const allServices: ServiceDefinitionInfo[] = [];
+
+  // Scan the entry file
+  const entryFullPath = join(process.cwd(), entryPath);
+  if (existsSync(entryFullPath)) {
+    const entryServices = await extractServiceDefinitions(entryFullPath);
+    allServices.push(...entryServices);
+  }
+
+  // Scan services directory if it exists
+  const servicesDir = join(process.cwd(), "src/server/services");
+  if (existsSync(servicesDir)) {
+    const entries = await readdir(servicesDir, { withFileTypes: true });
+    for (const entry of entries) {
+      if (entry.isFile() && entry.name.endsWith(".ts")) {
+        const filePath = join(servicesDir, entry.name);
+        const services = await extractServiceDefinitions(filePath);
+        allServices.push(...services);
+      }
+    }
+  }
+
+  // Also check src/lib/services for SvelteKit projects
+  const libServicesDir = join(process.cwd(), "src/lib/services");
+  if (existsSync(libServicesDir)) {
+    const entries = await readdir(libServicesDir, { withFileTypes: true });
+    for (const entry of entries) {
+      if (entry.isFile() && entry.name.endsWith(".ts")) {
+        const filePath = join(libServicesDir, entry.name);
+        const services = await extractServiceDefinitions(filePath);
+        allServices.push(...services);
+      }
+    }
+  }
+
+  return allServices;
+}
+
 interface ExtractedRoute {
   name: string;
   handler: string;
@@ -519,9 +623,18 @@ export async function generateCommand(_args: string[]): Promise<void> {
   const entryPath = config.entry || "./src/index.ts";
   const serverRoutes = await extractRoutesFromServer(entryPath);
 
+  // Find custom service definitions
+  const services = await findServiceDefinitions(entryPath);
+  if (services.length > 0) {
+    console.log(
+      pc.green("Found services:"),
+      services.map((s) => pc.dim(s.name)).join(", ")
+    );
+  }
+
   // Generate all files
   await generateRegistry(plugins, outPath);
-  await generateContext(plugins, outPath);
+  await generateContext(plugins, services, outPath);
   await generateRouteTypes(fileRoutes, outPath);
 
   const generated = ["registry", "context", "routes"];
@@ -668,22 +781,58 @@ ${middlewareBuilderMethods}
 
 async function generateContext(
   plugins: { name: string; path: string; exportName: string }[],
+  services: ServiceDefinitionInfo[],
   outPath: string
 ) {
   const schemaIntersection =
     plugins.map((p) => `PluginRegistry["${p.name}"]["schema"]`).join(" & ") ||
     "{}";
 
+  // Generate service imports and type entries
+  const serviceImports: string[] = [];
+  const serviceEntries: string[] = [];
+
+  for (const service of services) {
+    // Calculate relative path from outPath to service file
+    const serviceAbsPath = service.filePath.replace(/\.ts$/, "");
+    const relativePath = relative(outPath, serviceAbsPath);
+    const importPath = relativePath.startsWith(".") ? relativePath : `./${relativePath}`;
+
+    serviceImports.push(`import type { ${service.exportName} } from "${importPath}";`);
+
+    // Use the inferred return type if available, otherwise use Awaited<ReturnType<factory>>
+    if (service.returnType) {
+      serviceEntries.push(`    ${service.name}: ${service.returnType};`);
+    } else {
+      // Infer type from the service definition
+      serviceEntries.push(`    ${service.name}: Awaited<ReturnType<typeof ${service.exportName}["factory"]>>;`);
+    }
+  }
+
+  const serviceImportsBlock = serviceImports.length > 0 ? serviceImports.join("\n") + "\n" : "";
+  const hasServices = serviceEntries.length > 0;
+  const servicesTypeDecl = hasServices
+    ? `export interface AppServices {\n${serviceEntries.join("\n")}\n  }`
+    : "export type AppServices = Record<string, never>;";
+
   const content = `// Auto-generated by donkeylabs generate
 // App context - import as: import type { AppContext } from ".@donkeylabs/server/context";
 
 /// <reference path="./registry.d.ts" />
-import type { PluginRegistry, CoreServices, Errors } from "@donkeylabs/server";
+import type { PluginRegistry, CoreServices, Errors, ServiceRegistry } from "@donkeylabs/server";
 import type { Kysely } from "kysely";
-
+${serviceImportsBlock}
 /** Merged database schema from all plugins */
 export type DatabaseSchema = ${schemaIntersection};
 
+/** Custom services registered via defineService() */
+${servicesTypeDecl}
+
+// Augment the ServiceRegistry for type inference in ctx.services
+declare module "@donkeylabs/server" {
+  interface ServiceRegistry extends AppServices {}
+}
+
 /**
  * Fully typed application context.
  * Use this instead of ServerContext for typed plugin access.
@@ -701,6 +850,8 @@ export interface AppContext {
   errors: Errors;
   /** Application config */
   config: Record<string, any>;
+  /** Custom user-registered services */
+  services: AppServices;
   /** Client IP address */
   ip: string;
   /** Unique request ID */

package/templates/sveltekit-app/package.json

@@ -24,9 +24,9 @@
     "vite": "^7.2.6"
   },
   "dependencies": {
-    "@donkeylabs/cli": "file:/Users/franciscosainzwilliams/Documents/GitHub/server/packages/cli",
-    "@donkeylabs/adapter-sveltekit": "file:/Users/franciscosainzwilliams/Documents/GitHub/server/packages/adapter-sveltekit",
-    "@donkeylabs/server": "file:/Users/franciscosainzwilliams/Documents/GitHub/server/packages/server",
+    "@donkeylabs/cli": "^1.1.19",
+    "@donkeylabs/adapter-sveltekit": "^1.1.19",
+    "@donkeylabs/server": "^1.1.19",
     "bits-ui": "^2.15.4",
     "clsx": "^2.1.1",
     "kysely": "^0.27.6",

package/templates/sveltekit-app/src/lib/permissions.ts

@@ -26,7 +26,8 @@
  * ```
  */
 
-import { createApi } from "./api";
+// Note: createApi is imported dynamically to avoid compile-time dependency
+// on the generated API file which may not have permissions routes yet
 
 export interface PermissionContext {
   tenantId: string;
@@ -78,9 +79,16 @@ export interface PermissionsHelper {
 /**
  * Create a permissions helper from context
  */
-export function createPermissions(context: PermissionContext): PermissionsHelper {
+export function createPermissions(context: PermissionContext, api?: any): PermissionsHelper {
   const permissionSet = new Set(context.permissions);
-  const api = createApi();
+
+  // Lazy load API if not provided
+  const getApi = () => {
+    if (api) return api;
+    // Dynamic import to avoid compile-time dependency
+    const { createApi } = require("./api");
+    return createApi();
+  };
 
   return {
     has(permission: string): boolean {
@@ -129,7 +137,8 @@ export function createPermissions(context: PermissionContext): PermissionsHelper
       action: "create" | "read" | "write" | "delete" | "admin",
       ownerId?: string
     ): Promise<boolean> {
-      const result = await api.permissions.canAccess({
+      const apiClient = getApi();
+      const result = await apiClient.permissions.canAccess({
         tenantId: context.tenantId,
         checks: [{ resourceType, resourceId, action, ownerId }],
       });
@@ -144,7 +153,8 @@ export function createPermissions(context: PermissionContext): PermissionsHelper
         ownerId?: string;
       }>
     ): Promise<Record<string, boolean>> {
-      return api.permissions.canAccess({
+      const apiClient = getApi();
+      return apiClient.permissions.canAccess({
         tenantId: context.tenantId,
         checks,
       });

package/templates/sveltekit-app/src/routes/+page.server.ts

@@ -8,7 +8,7 @@ export const load: PageServerLoad = async ({ locals }) => {
 
   try {
     // Direct service call through typed client
-    const result = await client.api.counter.get({});
+    const result = await (client as any).demo.counter.get({});
     return {
       count: result.count,
       loadedAt: new Date().toISOString(),

package/templates/sveltekit-app/src/routes/workflows/+page.server.ts

@@ -7,7 +7,7 @@ export const load: PageServerLoad = async ({ locals }) => {
 
   try {
     // Load initial workflow instances
-    const result = await client.api.workflow.list({});
+    const result = await (client as any).demo.workflow.list({});
     return {
       instances: result.instances || [],
       loadedAt: new Date().toISOString(),

package/templates/sveltekit-app/src/server/index.ts

@@ -59,7 +59,7 @@ export const server = new AppServer({
 // =============================================================================
 
 // Using default session strategy for this template
-server.registerPlugin(authPlugin());
+server.registerPlugin(authPlugin({}));
 
 // Email plugin - supports Resend or console (for development)
 // Configure with process.env.RESEND_API_KEY for production

package/templates/sveltekit-app/src/server/plugins/auth/auth.test.ts

@@ -0,0 +1,377 @@
+/**
+ * Auth Plugin Tests
+ *
+ * Tests for authentication with multiple strategies:
+ * - session: Stateful database sessions
+ * - jwt: Stateless JWT tokens
+ * - refresh-token: Access + refresh token pattern
+ */
+
+import { describe, it, expect, beforeEach, afterEach } from "bun:test";
+import { createTestHarness } from "@donkeylabs/server";
+import { authPlugin } from "./index";
+
+// Helper to create test harness with auth plugin
+async function createAuthTestHarness(config: Parameters<typeof authPlugin>[0] = {}) {
+  const harness = await createTestHarness(authPlugin(config));
+  return { ...harness, auth: harness.manager.getServices().auth };
+}
+
+// ==========================================
+// Session Strategy Tests
+// ==========================================
+describe("Auth Plugin - Session Strategy", () => {
+  let harness: Awaited<ReturnType<typeof createAuthTestHarness>>;
+
+  beforeEach(async () => {
+    harness = await createAuthTestHarness({ strategy: "session" });
+  });
+
+  afterEach(async () => {
+    await harness.db.destroy();
+  });
+
+  it("should register a new user", async () => {
+    const result = await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+      name: "Test User",
+    });
+
+    expect(result.user).toBeDefined();
+    expect(result.user.email).toBe("test@example.com");
+    expect(result.user.name).toBe("Test User");
+    expect(result.tokens.accessToken).toBeDefined();
+    expect(result.tokens.expiresIn).toBeGreaterThan(0);
+  });
+
+  it("should prevent duplicate email registration", async () => {
+    await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    await expect(
+      harness.auth.register({
+        email: "test@example.com",
+        password: "differentpassword",
+      })
+    ).rejects.toThrow();
+  });
+
+  it("should login with correct credentials", async () => {
+    await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    const result = await harness.auth.login({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    expect(result.user.email).toBe("test@example.com");
+    expect(result.tokens.accessToken).toBeDefined();
+  });
+
+  it("should reject login with wrong password", async () => {
+    await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    await expect(
+      harness.auth.login({
+        email: "test@example.com",
+        password: "wrongpassword",
+      })
+    ).rejects.toThrow();
+  });
+
+  it("should reject login for non-existent user", async () => {
+    await expect(
+      harness.auth.login({
+        email: "nonexistent@example.com",
+        password: "password123",
+      })
+    ).rejects.toThrow();
+  });
+
+  it("should validate session token", async () => {
+    const { tokens } = await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    const user = await harness.auth.validateToken(tokens.accessToken);
+    expect(user).toBeDefined();
+    expect(user?.email).toBe("test@example.com");
+  });
+
+  it("should invalidate session on logout", async () => {
+    const { tokens } = await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    await harness.auth.logout(tokens.accessToken);
+
+    const user = await harness.auth.validateToken(tokens.accessToken);
+    expect(user).toBeNull();
+  });
+
+  it("should return null for invalid token", async () => {
+    const user = await harness.auth.validateToken("invalid-token");
+    expect(user).toBeNull();
+  });
+
+  it("should get user by ID", async () => {
+    const { user: created } = await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+      name: "Test User",
+    });
+
+    const user = await harness.auth.getUserById(created.id);
+    expect(user).toBeDefined();
+    expect(user?.email).toBe("test@example.com");
+  });
+
+  it("should update user profile", async () => {
+    const { user: created } = await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+      name: "Original Name",
+    });
+
+    const updated = await harness.auth.updateProfile(created.id, {
+      name: "Updated Name",
+    });
+
+    expect(updated.name).toBe("Updated Name");
+  });
+});
+
+// ==========================================
+// JWT Strategy Tests
+// ==========================================
+describe("Auth Plugin - JWT Strategy", () => {
+  let harness: Awaited<ReturnType<typeof createAuthTestHarness>>;
+
+  beforeEach(async () => {
+    harness = await createAuthTestHarness({
+      strategy: "jwt",
+      jwt: { secret: "test-secret-key-at-least-32-chars!" },
+    });
+  });
+
+  afterEach(async () => {
+    await harness.db.destroy();
+  });
+
+  it("should register and return JWT token", async () => {
+    const result = await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    expect(result.tokens.accessToken).toBeDefined();
+    // JWT tokens are longer and have 3 parts
+    expect(result.tokens.accessToken.split(".").length).toBe(3);
+    expect(result.tokens.refreshToken).toBeUndefined();
+  });
+
+  it("should validate JWT token", async () => {
+    const { tokens } = await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    const user = await harness.auth.validateToken(tokens.accessToken);
+    expect(user).toBeDefined();
+    expect(user?.email).toBe("test@example.com");
+  });
+
+  it("should reject invalid JWT token", async () => {
+    const user = await harness.auth.validateToken("invalid.jwt.token");
+    expect(user).toBeNull();
+  });
+
+  it("should login and return JWT", async () => {
+    await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    const result = await harness.auth.login({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    expect(result.tokens.accessToken.split(".").length).toBe(3);
+  });
+});
+
+// ==========================================
+// Refresh Token Strategy Tests
+// ==========================================
+describe("Auth Plugin - Refresh Token Strategy", () => {
+  let harness: Awaited<ReturnType<typeof createAuthTestHarness>>;
+
+  beforeEach(async () => {
+    harness = await createAuthTestHarness({
+      strategy: "refresh-token",
+      jwt: { secret: "test-secret-key-at-least-32-chars!" },
+    });
+  });
+
+  afterEach(async () => {
+    await harness.db.destroy();
+  });
+
+  it("should return both access and refresh tokens", async () => {
+    const result = await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    expect(result.tokens.accessToken).toBeDefined();
+    expect(result.tokens.refreshToken).toBeDefined();
+    expect(result.tokens.accessToken.split(".").length).toBe(3);
+    expect(result.tokens.refreshToken!.split(".").length).toBe(3);
+  });
+
+  it("should validate access token", async () => {
+    const { tokens } = await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    const user = await harness.auth.validateToken(tokens.accessToken);
+    expect(user).toBeDefined();
+    expect(user?.email).toBe("test@example.com");
+  });
+
+  it("should refresh tokens with refresh token", async () => {
+    const { tokens: initial } = await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    // Small delay to ensure different token timestamps
+    await new Promise(resolve => setTimeout(resolve, 10));
+
+    const refreshed = await harness.auth.refresh(initial.refreshToken!);
+
+    expect(refreshed.accessToken).toBeDefined();
+    // Verify we got a new valid token (structure check)
+    expect(refreshed.accessToken.split(".").length).toBe(3);
+    expect(refreshed.expiresIn).toBeGreaterThan(0);
+  });
+
+  it("should reject invalid refresh token", async () => {
+    await expect(
+      harness.auth.refresh("invalid.refresh.token")
+    ).rejects.toThrow();
+  });
+
+  it("should invalidate refresh token on logout", async () => {
+    const { tokens } = await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    await harness.auth.logout(tokens.refreshToken!);
+
+    await expect(
+      harness.auth.refresh(tokens.refreshToken!)
+    ).rejects.toThrow();
+  });
+});
+
+// ==========================================
+// Configuration Tests
+// ==========================================
+describe("Auth Plugin - Configuration", () => {
+  it("should use session strategy by default", async () => {
+    const harness = await createAuthTestHarness({});
+    expect(harness.auth.getStrategy()).toBe("session");
+    await harness.db.destroy();
+  });
+
+  it("should respect custom strategy", async () => {
+    const harness = await createAuthTestHarness({
+      strategy: "jwt",
+      jwt: { secret: "test-secret-key-at-least-32-chars!" },
+    });
+    expect(harness.auth.getStrategy()).toBe("jwt");
+    await harness.db.destroy();
+  });
+
+  it("should throw if JWT secret missing for jwt strategy", async () => {
+    await expect(
+      createAuthTestHarness({ strategy: "jwt" })
+    ).rejects.toThrow(/jwt.secret/);
+  });
+
+  it("should throw if JWT secret missing for refresh-token strategy", async () => {
+    await expect(
+      createAuthTestHarness({ strategy: "refresh-token" })
+    ).rejects.toThrow(/jwt.secret/);
+  });
+
+  it("should return cookie config", async () => {
+    const harness = await createAuthTestHarness({
+      cookie: { name: "myauth", httpOnly: true, secure: false },
+    });
+    const config = harness.auth.getCookieConfig();
+    expect(config.name).toBe("myauth");
+    expect(config.httpOnly).toBe(true);
+    expect(config.secure).toBe(false);
+    await harness.db.destroy();
+  });
+});
+
+// ==========================================
+// Edge Cases
+// ==========================================
+describe("Auth Plugin - Edge Cases", () => {
+  let harness: Awaited<ReturnType<typeof createAuthTestHarness>>;
+
+  beforeEach(async () => {
+    harness = await createAuthTestHarness({ strategy: "session" });
+  });
+
+  afterEach(async () => {
+    await harness.db.destroy();
+  });
+
+  it("should handle email case-insensitively", async () => {
+    await harness.auth.register({
+      email: "Test@Example.COM",
+      password: "password123",
+    });
+
+    const result = await harness.auth.login({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    expect(result.user.email).toBe("test@example.com");
+  });
+
+  it("should handle registration without name", async () => {
+    const result = await harness.auth.register({
+      email: "test@example.com",
+      password: "password123",
+    });
+
+    expect(result.user.name).toBeNull();
+  });
+
+  it("should return null for non-existent user ID", async () => {
+    const user = await harness.auth.getUserById("non-existent-id");
+    expect(user).toBeNull();
+  });
+
+});