@edge-base/server 0.1.1

package/src/__tests__/functions-route.test.ts

@@ -0,0 +1,139 @@
+import { afterEach, describe, expect, it } from 'vitest';
+import { OpenAPIHono } from '../lib/hono.js';
+import { setConfig } from '../lib/do-router.js';
+import {
+  clearFunctionRegistry,
+  clearMiddlewareRegistry,
+  rebuildCompiledRoutes,
+  registerFunction,
+  registerMiddleware,
+} from '../lib/functions.js';
+import { functionsRoute } from '../routes/functions.js';
+import type { Env } from '../types.js';
+
+class ForeignFunctionError extends Error {
+  code: string;
+  httpStatus: number;
+  details?: Record<string, unknown>;
+
+  constructor(
+    code: string,
+    message: string,
+    httpStatus: number,
+    details?: Record<string, unknown>,
+  ) {
+    super(message);
+    this.name = 'FunctionError';
+    this.code = code;
+    this.httpStatus = httpStatus;
+    this.details = details;
+  }
+
+  toJSON() {
+    return {
+      code: this.code,
+      message: this.message,
+      status: this.httpStatus,
+      ...(this.details ? { details: this.details } : {}),
+    };
+  }
+}
+
+function createEnv(overrides: Partial<Env> = {}): Env {
+  return {
+    DATABASE: {
+      idFromName: (name: string) => name as unknown as DurableObjectId,
+      get: () => ({
+        fetch: async () => new Response('unexpected database fetch', { status: 500 }),
+      }),
+    } as unknown as DurableObjectNamespace,
+    AUTH: {
+      idFromName: (name: string) => name as unknown as DurableObjectId,
+      get: () => ({
+        fetch: async () => new Response('unexpected auth fetch', { status: 500 }),
+      }),
+    } as unknown as DurableObjectNamespace,
+    AUTH_DB: {} as D1Database,
+    KV: {} as KVNamespace,
+    ...overrides,
+  } as Env;
+}
+
+function createApp() {
+  const app = new OpenAPIHono();
+  app.route('/api/functions', functionsRoute);
+  return app;
+}
+
+function createExecutionContext(): ExecutionContext {
+  return {
+    waitUntil() {},
+    passThroughOnException() {},
+    props: {},
+  } as unknown as ExecutionContext;
+}
+
+afterEach(() => {
+  clearFunctionRegistry();
+  clearMiddlewareRegistry();
+  rebuildCompiledRoutes();
+  setConfig({});
+});
+
+describe('functionsRoute FunctionError compatibility', () => {
+  it('returns structured JSON when directory middleware throws a foreign FunctionError', async () => {
+    registerMiddleware('', async () => {
+      throw new ForeignFunctionError('unauthenticated', 'Login required for secure routes.', 401, {
+        source: 'middleware',
+      });
+    });
+    registerFunction('secure/profile', {
+      trigger: { type: 'http', method: 'GET' },
+      handler: async () => ({ ok: true }),
+    });
+    rebuildCompiledRoutes();
+
+    const response = await createApp().fetch(
+      new Request('http://localhost/api/functions/secure/profile', { method: 'GET' }),
+      createEnv(),
+      createExecutionContext(),
+    );
+
+    expect(response.status).toBe(401);
+    await expect(response.json()).resolves.toEqual({
+      code: 'unauthenticated',
+      message: 'Login required for secure routes.',
+      status: 401,
+      details: { source: 'middleware' },
+    });
+  });
+
+  it('returns structured JSON when a handler throws a foreign FunctionError', async () => {
+    registerFunction('call-chain', {
+      trigger: { type: 'http', method: 'POST' },
+      handler: async () => {
+        throw new ForeignFunctionError(
+          'failed-precondition',
+          'Function call depth exceeded (max 5).',
+          412,
+          { depth: 6 },
+        );
+      },
+    });
+    rebuildCompiledRoutes();
+
+    const response = await createApp().fetch(
+      new Request('http://localhost/api/functions/call-chain', { method: 'POST' }),
+      createEnv(),
+      createExecutionContext(),
+    );
+
+    expect(response.status).toBe(412);
+    await expect(response.json()).resolves.toEqual({
+      code: 'failed-precondition',
+      message: 'Function call depth exceeded (max 5).',
+      status: 412,
+      details: { depth: 6 },
+    });
+  });
+});

package/src/__tests__/internal-request.test.ts

@@ -0,0 +1,77 @@
+import type { Context } from 'hono';
+import { describe, expect, it } from 'vitest';
+import type { HonoEnv } from '../lib/hono.js';
+import {
+  buildInternalHandlerContext,
+  isTrustedInternalContext,
+  isTrustedInternalRequestUrl,
+} from '../lib/internal-request.js';
+import type { Env } from '../types.js';
+
+function makeContext(
+  url: string,
+  isInternalRequest = false,
+): Pick<Context<HonoEnv>, 'get' | 'req'> {
+  return {
+    get(key: string) {
+      return key === 'isInternalRequest' ? isInternalRequest : undefined;
+    },
+    req: { url } as Context<HonoEnv>['req'],
+  };
+}
+
+describe('internal request helpers', () => {
+  it('isTrustedInternalRequestUrl only trusts worker-internal hosts', () => {
+    expect(isTrustedInternalRequestUrl('http://internal/api/db/shared')).toBe(true);
+    expect(isTrustedInternalRequestUrl('http://do/internal/functions/reindex')).toBe(true);
+    expect(isTrustedInternalRequestUrl('http://localhost:8787/api/db/shared')).toBe(false);
+    expect(isTrustedInternalRequestUrl('not-a-url')).toBe(false);
+  });
+
+  it('isTrustedInternalContext accepts explicit internal flags or trusted internal hosts', () => {
+    expect(isTrustedInternalContext(makeContext('http://localhost/api/db/shared', true))).toBe(true);
+    expect(isTrustedInternalContext(makeContext('http://do/api/db/shared'))).toBe(true);
+    expect(isTrustedInternalContext(makeContext('http://example.com/api/db/shared'))).toBe(false);
+  });
+
+  it('buildInternalHandlerContext marks requests as internal and exposes request helpers', async () => {
+    const request = new Request('http://do/api/functions/feed-summary?limit=5', {
+      method: 'POST',
+      headers: { 'X-Test': 'yes' },
+    });
+
+    const ctx = buildInternalHandlerContext({
+      env: {} as Env,
+      request,
+      body: { ok: true },
+    });
+
+    expect(ctx.req.url).toBe(request.url);
+    expect(ctx.req.header('X-Test')).toBe('yes');
+    await expect(ctx.req.json()).resolves.toEqual({ ok: true });
+    expect(ctx.req.query('limit')).toBe('5');
+    expect(ctx.req.query()).toEqual({ limit: '5' });
+    expect(ctx.get('isInternalRequest' as never)).toBe(true);
+    expect(ctx.get('auth' as never)).toBeNull();
+    expect(ctx.get('isServiceKey' as never)).toBe(false);
+    expect(typeof ctx.executionCtx.waitUntil).toBe('function');
+
+    const response = ctx.json({ ok: true }, 201);
+    expect(response.status).toBe(201);
+    await expect(response.json()).resolves.toEqual({ ok: true });
+  });
+
+  it('buildInternalHandlerContext reflects explicit X-Is-Service-Key for privileged internal calls', () => {
+    const request = new Request('http://internal/api/db/shared/tables/users', {
+      headers: { 'X-Is-Service-Key': 'true' },
+    });
+
+    const ctx = buildInternalHandlerContext({
+      env: {} as Env,
+      request,
+    });
+
+    expect(ctx.get('isInternalRequest' as never)).toBe(true);
+    expect(ctx.get('isServiceKey' as never)).toBe(true);
+  });
+});

package/src/__tests__/log-writer.test.ts

@@ -0,0 +1,44 @@
+import { describe, expect, it, vi } from 'vitest';
+import { SQLiteLogWriter, type LogEntry } from '../lib/log-writer.js';
+
+function makeEntry(index: number): LogEntry {
+  return {
+    method: 'GET',
+    path: `/logs/${index}`,
+    status: 200,
+    duration: 1,
+    timestamp: Date.now(),
+  };
+}
+
+describe('SQLiteLogWriter', () => {
+  it('requeues durable object reset failures without noisy warnings', async () => {
+    const firstError = Object.assign(new Error('reset'), { durableObjectReset: true });
+    const fetchMock = vi
+      .fn(async (_input: RequestInfo) => new Response(null, { status: 200 }))
+      .mockRejectedValueOnce(firstError);
+    const pending: Promise<unknown>[] = [];
+    const warnSpy = vi.spyOn(console, 'warn').mockImplementation(() => {});
+    const errorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+    const writer = new SQLiteLogWriter(
+      { fetch: fetchMock },
+      { waitUntil(promise) { pending.push(promise); } },
+    );
+
+    for (let index = 0; index < 50; index++) {
+      writer.write(makeEntry(index));
+    }
+    await Promise.all(pending.splice(0));
+
+    expect(warnSpy).not.toHaveBeenCalled();
+    expect(errorSpy).not.toHaveBeenCalled();
+
+    writer.write(makeEntry(50));
+    await Promise.all(pending.splice(0));
+
+    expect(fetchMock.mock.calls.length).toBeGreaterThanOrEqual(2);
+
+    warnSpy.mockRestore();
+    errorSpy.mockRestore();
+  });
+});

package/src/__tests__/logger.test.ts

@@ -0,0 +1,58 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest';
+
+const { createLogWriterMock, writeMock } = vi.hoisted(() => {
+  const writeMock = vi.fn();
+
+  return {
+    createLogWriterMock: vi.fn(() => ({
+      write: writeMock,
+      query: vi.fn(),
+    })),
+    writeMock,
+  };
+});
+
+vi.mock('../lib/log-writer.js', () => ({
+  createLogWriter: createLogWriterMock,
+}));
+
+describe('loggerMiddleware', () => {
+  beforeEach(() => {
+    vi.resetModules();
+    writeMock.mockReset();
+    createLogWriterMock.mockReset();
+    createLogWriterMock.mockImplementation(() => ({
+      write: writeMock,
+      query: vi.fn(),
+    }));
+  });
+
+  it('logs relative request URLs without throwing', async () => {
+    const { loggerMiddleware } = await import('../middleware/logger.js');
+    const header = vi.fn(() => null);
+    const get = vi.fn(() => undefined);
+    const ctx = {
+      req: {
+        url: '/relative-only?hello=1',
+        method: 'GET',
+        header,
+        raw: {},
+      },
+      res: {
+        status: 204,
+        headers: new Headers(),
+      },
+      get,
+      env: {},
+    } as any;
+
+    await expect(loggerMiddleware(ctx, async () => {})).resolves.toBeUndefined();
+
+    expect(createLogWriterMock).toHaveBeenCalledWith({}, undefined);
+    expect(writeMock).toHaveBeenCalledWith(expect.objectContaining({
+      method: 'GET',
+      path: '/relative-only',
+      status: 204,
+    }));
+  });
+});

package/src/__tests__/meta-admin-proxy.test.ts

@@ -0,0 +1,48 @@
+/**
+ * Meta-test: admin.ts DO proxy route count.
+ *
+ * Counts stub.fetch() and fetchDOWithRetry(stub,) calls in admin.ts.
+ * When a new proxy route is added, this count must be updated —
+ * forcing the developer to also add corresponding contract tests.
+ */
+import { readFileSync } from 'fs';
+import { describe, it, expect } from 'vitest';
+
+describe('admin.ts DO proxy count', () => {
+  const source = readFileSync(
+    new URL('../routes/admin.ts', import.meta.url),
+    'utf-8',
+  );
+
+  // Expected counts — update when adding new proxy routes
+  // stub.fetch() direct calls + fetchDOWithRetry(stub, ...) wrapped calls
+  // Auth shard.fetch() calls removed: user management now uses D1 service directly
+  // databaseLiveDO.fetch() calls removed: broadcast now uses /api/db/broadcast worker route
+  const EXPECTED_STUB_FETCH = 4;
+  const EXPECTED_STUB_RETRY = 4;
+  const EXPECTED_SHARD_FETCH = 0;
+  const EXPECTED_TOTAL = EXPECTED_STUB_FETCH + EXPECTED_STUB_RETRY + EXPECTED_SHARD_FETCH; // 8
+
+  it(`stub.fetch() count = ${EXPECTED_STUB_FETCH}`, () => {
+    const count = (source.match(/stub\.fetch\(/g) || []).length;
+    expect(count).toBe(EXPECTED_STUB_FETCH);
+  });
+
+  it(`fetchDOWithRetry(stub, ...) count = ${EXPECTED_STUB_RETRY}`, () => {
+    const count = (source.match(/fetchDOWithRetry\(stub,/g) || []).length;
+    expect(count).toBe(EXPECTED_STUB_RETRY);
+  });
+
+  it(`shard.fetch() count = ${EXPECTED_SHARD_FETCH}`, () => {
+    const count = (source.match(/shard\.fetch\(/g) || []).length;
+    expect(count).toBe(EXPECTED_SHARD_FETCH);
+  });
+
+  it(`total DO proxy routes = ${EXPECTED_TOTAL}`, () => {
+    const stubCount = (source.match(/stub\.fetch\(/g) || []).length;
+    const retryCount = (source.match(/fetchDOWithRetry\(stub,/g) || []).length;
+    const shardCount = (source.match(/shard\.fetch\(/g) || []).length;
+    const total = stubCount + retryCount + shardCount;
+    expect(total).toBe(EXPECTED_TOTAL);
+  });
+});

package/src/__tests__/meta-export-coverage.test.ts

@@ -0,0 +1,191 @@
+/**
+ * Meta-test: export coverage scan.
+ *
+ * Verifies that every exported function/class/const in tested lib files
+ * is referenced (imported or called) in at least one test file.
+ *
+ * Lib files without a dedicated test file are listed in UNTESTED_LIBS.
+ * When you add a new test file for one of them, remove it from the list.
+ */
+import { readFileSync, readdirSync } from 'fs';
+import { resolve } from 'path';
+import { describe, it, expect } from 'vitest';
+
+const LIB_DIR = resolve(new URL('../lib', import.meta.url).pathname);
+const TEST_DIR = resolve(new URL('.', import.meta.url).pathname);
+
+// ─── Lib files that do NOT yet have dedicated tests ─────────────────────────
+// Remove entries as tests are added — each removal is a net win.
+const UNTESTED_LIBS = new Set([
+  'analytics-adapter.ts',
+  'analytics-query.ts',
+  'auth-d1-service.ts',  // D1 auth service — used by auth-do + admin routes, tested via integration tests
+  'auth-db-adapter.ts',  // Auth DB adapter (D1/PostgreSQL) — used by routes, tested via integration
+  'control-db.ts',
+  'd1-handler.ts',       // tested via integration tests only
+  'do-retry.ts',
+  'email-provider.ts',
+  'email-translations.ts', // email i18n strings — used by auth email flows, tested via integration
+  'functions.ts',
+  'hono.ts',
+  'log-writer.ts',
+  'plugin-migrations.ts',
+  'postgres-handler.ts',
+  'postgres-schema-init.ts',
+  'push-provider.ts',
+  'database-live-emitter.ts', // internal helpers tested via integration tests only
+  'sms-provider.ts',
+  'version.ts',
+]);
+
+// ─── Exports in tested files that are not yet covered ───────────────────────
+// These are known gaps. When you add a test for one, remove it here.
+// Adding a NEW export without test coverage will fail CI.
+const KNOWN_UNCOVERED_EXPORTS = new Set([
+  'schemas.ts:listResponseSchema',
+  'schemas.ts:errorResponseSchema',
+  'schemas.ts:recordResponseSchema',
+  'schemas.ts:successResponseSchema',
+  'schemas.ts:healthResponseSchema',
+  // OpenAPI route definition schemas — used by route files, not directly tested
+  'schemas.ts:idParamSchema',
+  'schemas.ts:nameParamSchema',
+  'schemas.ts:bucketParamSchema',
+  'schemas.ts:providerParamSchema',
+  'schemas.ts:jsonResponseSchema',
+  'schemas.ts:okResponseSchema',
+  'schemas.ts:d1BodySchema',
+  'schemas.ts:sqlBodySchema',
+  'schemas.ts:kvBodySchema',
+  'schemas.ts:vectorizeBodySchema',
+  'schemas.ts:broadcastBodySchema',
+  'schemas.ts:trackEventsBodySchema',
+  // Admin management — used by admin routes, not yet directly tested
+  'auth-d1.ts:listAdmins',
+  'auth-d1.ts:deleteAdmin',
+  // Database-live emitter and D1 handler — moved to UNTESTED_LIBS (integration-test only)
+  // Auth D1 — _users_public helpers used by auth-do, admin routes, backup (tested via integration)
+  'auth-d1.ts:upsertUserPublic',
+  'auth-d1.ts:deleteUserPublic',
+  'auth-d1.ts:batchDeleteUserPublic',
+  'auth-d1.ts:getUserPublic',
+  'auth-d1.ts:listUsersPublic',
+  // Auth D1 — provider constants used by adapter tests, not directly referenced
+  'auth-d1.ts:AUTH_PG_SCHEMA',
+  'auth-d1.ts:AUTH_SHARD_COUNT',
+]);
+
+// ─── Extract named exports from a file ──────────────────────────────────────
+
+function extractExports(source: string): string[] {
+  const names: string[] = [];
+  // export function foo / export async function foo
+  for (const m of source.matchAll(/export\s+(?:async\s+)?function\s+(\w+)/g)) {
+    names.push(m[1]);
+  }
+  // export const foo / export let foo
+  for (const m of source.matchAll(/export\s+(?:const|let)\s+(\w+)/g)) {
+    names.push(m[1]);
+  }
+  // export class Foo
+  for (const m of source.matchAll(/export\s+class\s+(\w+)/g)) {
+    names.push(m[1]);
+  }
+  // export enum Foo
+  for (const m of source.matchAll(/export\s+enum\s+(\w+)/g)) {
+    names.push(m[1]);
+  }
+  return names;
+}
+
+// ─── Read all test file source at once ──────────────────────────────────────
+
+function getAllTestSource(): string {
+  const testFiles = readdirSync(TEST_DIR).filter((f) => f.endsWith('.test.ts'));
+  return testFiles
+    .map((f) => readFileSync(resolve(TEST_DIR, f), 'utf-8'))
+    .join('\n');
+}
+
+/**
+ * Check if a name is meaningfully referenced in test source.
+ * Uses word-boundary matching to avoid false positives from substrings.
+ */
+function isReferenced(name: string, source: string): boolean {
+  // Word boundary: the name appears as a standalone identifier
+  const re = new RegExp(`\\b${name}\\b`);
+  return re.test(source);
+}
+
+// ─── Tests ──────────────────────────────────────────────────────────────────
+
+describe('export coverage scan', () => {
+  const allTestSource = getAllTestSource();
+
+  const testedLibFiles = readdirSync(LIB_DIR)
+    .filter((f) => f.endsWith('.ts') && !UNTESTED_LIBS.has(f));
+
+  it('untested lib count is tracked', () => {
+    const allLibFiles = readdirSync(LIB_DIR).filter((f) => f.endsWith('.ts'));
+    // If a file is in UNTESTED_LIBS but no longer exists, fail.
+    for (const name of UNTESTED_LIBS) {
+      expect(
+        allLibFiles.includes(name),
+        `UNTESTED_LIBS contains '${name}' but file does not exist. Remove it.`,
+      ).toBe(true);
+    }
+    // Track: total = tested + untested. If you add a new lib file, decide where it goes.
+    const expectedTotal = testedLibFiles.length + UNTESTED_LIBS.size;
+    expect(
+      allLibFiles.length,
+      `New lib file detected. Add it to UNTESTED_LIBS or write tests for it.`,
+    ).toBe(expectedTotal);
+  });
+
+  it('known uncovered exports are still valid', () => {
+    // Ensure KNOWN_UNCOVERED_EXPORTS entries still match real exports.
+    // If an export is removed or a test is added, this list must be updated.
+    for (const entry of KNOWN_UNCOVERED_EXPORTS) {
+      const [file, name] = entry.split(':');
+      const filePath = resolve(LIB_DIR, file);
+      const source = readFileSync(filePath, 'utf-8');
+      const exports = extractExports(source);
+      expect(
+        exports.includes(name),
+        `KNOWN_UNCOVERED_EXPORTS has '${entry}' but export '${name}' no longer exists in lib/${file}. Remove it.`,
+      ).toBe(true);
+
+      // Also check it's still NOT referenced (if it is, remove from list)
+      // Use import-style check: the name must appear in an import or direct call context
+      const importPattern = new RegExp(`import\\s*\\{[^}]*\\b${name}\\b[^}]*\\}\\s*from`);
+      const directCallPattern = new RegExp(`\\b${name}\\s*\\(`);
+      const isTestedNow = importPattern.test(allTestSource) || directCallPattern.test(allTestSource);
+      expect(
+        isTestedNow,
+        `KNOWN_UNCOVERED_EXPORTS has '${entry}' but it IS imported/called in tests now. Remove it from the list.`,
+      ).toBe(false);
+    }
+  });
+
+  for (const libFile of testedLibFiles) {
+    describe(`lib/${libFile}`, () => {
+      const source = readFileSync(resolve(LIB_DIR, libFile), 'utf-8');
+      const exports = extractExports(source);
+
+      // Skip type/interface-only files
+      if (exports.length === 0) return;
+
+      for (const name of exports) {
+        // Skip known uncovered exports
+        if (KNOWN_UNCOVERED_EXPORTS.has(`${libFile}:${name}`)) continue;
+
+        it(`export '${name}' is referenced in tests`, () => {
+          expect(
+            isReferenced(name, allTestSource),
+            `Export '${name}' from lib/${libFile} is not referenced in any test file. Add a test or add to KNOWN_UNCOVERED_EXPORTS.`,
+          ).toBe(true);
+        });
+      }
+    });
+  }
+});

package/src/__tests__/meta-route-registration.test.ts

@@ -0,0 +1,47 @@
+/**
+ * Meta-test: route registration completeness.
+ *
+ * Ensures every route file imported in index.ts is also registered via app.route().
+ * The expected route exports are derived from the current route files.
+ */
+import { readFileSync, readdirSync } from 'fs';
+import { resolve } from 'path';
+import { describe, it, expect } from 'vitest';
+
+describe('index.ts route registration completeness', () => {
+  const source = readFileSync(
+    new URL('../index.ts', import.meta.url),
+    'utf-8',
+  );
+  const routesDir = resolve(new URL('../routes', import.meta.url).pathname);
+  const EXPECTED_ROUTES = readdirSync(routesDir)
+    .filter((fileName) => fileName.endsWith('.ts'))
+    .sort()
+    .flatMap((fileName) => {
+      const routeSource = readFileSync(resolve(routesDir, fileName), 'utf-8');
+      const directExports = [...routeSource.matchAll(/export const (\w+)\s*=\s*new OpenAPIHono/g)].map(
+        (match) => match[1],
+      );
+      const aliasExports = [...routeSource.matchAll(/export \{ \w+ as (\w+) \}/g)].map(
+        (match) => match[1],
+      );
+      return [...directExports, ...aliasExports];
+    });
+
+  const EXPECTED_COUNT = EXPECTED_ROUTES.length;
+
+  it(`total route imports = ${EXPECTED_COUNT}`, () => {
+    const importMatches = source.match(/import \{ \w+ \} from '\.\/routes\//g) || [];
+    expect(importMatches.length).toBe(EXPECTED_COUNT);
+  });
+
+  for (const routeVar of EXPECTED_ROUTES) {
+    it(`${routeVar} is imported`, () => {
+      expect(source).toMatch(new RegExp(`import\\s*\\{[^}]*\\b${routeVar}\\b[^}]*\\}\\s*from '\\./routes/`));
+    });
+
+    it(`${routeVar} is registered via app.route()`, () => {
+      expect(source).toMatch(new RegExp(`app\\.route\\([^)]+,\\s*${routeVar}\\)`));
+    });
+  }
+});

package/src/__tests__/namespace-dump.test.ts

@@ -0,0 +1,28 @@
+import { describe, expect, it } from 'vitest';
+import { defineConfig } from '@edge-base/shared';
+import { dumpNamespaceTables } from '../lib/namespace-dump.js';
+
+describe('namespace dump helpers', () => {
+  it('throws when the requested namespace is missing from config', async () => {
+    const config = defineConfig({
+      databases: {
+        shared: {
+          tables: {
+            posts: {
+              schema: {
+                title: { type: 'string' },
+              },
+            },
+          },
+        },
+      },
+    });
+
+    await expect(
+      dumpNamespaceTables({} as never, config, 'missing'),
+    ).rejects.toMatchObject({
+      code: 404,
+      message: "Namespace 'missing' not found in config.",
+    });
+  });
+});