@eide/foir-cli 0.4.14 → 0.5.0

package/dist/cli.js

@@ -5112,16 +5112,13 @@ async function reconcileApiKeys(client, apiKeys, summary) {
 }
 
 // src/lib/validate-integrations.ts
-var KEBAB_CASE = /^[a-z][a-z0-9]*(-[a-z0-9]+)*$/;
-var KNOWN_CREDENTIAL_STRATEGIES = /* @__PURE__ */ new Set([
-  "oauth",
-  "api_key",
-  "shared_secret",
-  "ssh_key",
-  "none",
-  "managed"
-]);
-var KNOWN_EXTENSION_TARGETS = /* @__PURE__ */ new Set(["record", "model-list"]);
+import { fromJson as fromJson3 } from "@bufbuild/protobuf";
+import { pathToString } from "@bufbuild/protobuf/reflect";
+import { createValidator } from "@bufbuild/protovalidate";
+import {
+  IntegrationConfigSchema,
+  ExtensionConfigSchema
+} from "@eide/foir-proto-ts/integrations/v1/integrations_pb";
 var IntegrationValidationError = class extends Error {
   errors;
   constructor(errors) {
@@ -5133,6 +5130,7 @@ ${errors.map((e) => `  - ${e}`).join("\n")}`
     this.errors = errors;
   }
 };
+var validator = createValidator();
 function validateIntegrationsAndExtensions(manifest) {
   const errors = [];
   const warnings = [];
@@ -5159,29 +5157,14 @@ function assertValid(result) {
 }
 function validateIntegration(name, integration, modelsByKey, errors, warnings) {
   const prefix = `integration '${name}'`;
-  if (!KEBAB_CASE.test(name)) {
-    errors.push(`${prefix}: name must be kebab-case (lowercase, dash-separated)`);
-  }
-  const middlewareUrl = integration.middleware?.url;
-  if (!middlewareUrl || typeof middlewareUrl !== "string") {
-    errors.push(`${prefix}: middleware.url is required`);
-  } else if (!isWellFormedHttpsUrl(middlewareUrl)) {
-    errors.push(
-      `${prefix}: middleware.url must be a well-formed https URL, got '${middlewareUrl}'`
-    );
-  }
-  const strategy = integration.credentials?.strategy;
-  if (!strategy) {
-    errors.push(`${prefix}: credentials.strategy is required`);
-  } else if (!KNOWN_CREDENTIAL_STRATEGIES.has(strategy)) {
-    errors.push(
-      `${prefix}: credentials.strategy '${strategy}' is not one of ${[...KNOWN_CREDENTIAL_STRATEGIES].join(", ")}`
-    );
-  }
+  const protoJson = toIntegrationProtoJson(name, integration);
+  const structuralErrors = runProtoValidation(
+    prefix,
+    protoJson,
+    (json) => fromJson3(IntegrationConfigSchema, json, { ignoreUnknownFields: true })
+  );
+  errors.push(...structuralErrors);
   const sync = integration.sync ?? {};
-  if (Object.keys(sync).length === 0) {
-    errors.push(`${prefix}: sync must declare at least one source type`);
-  }
   for (const [sourceType, mapping] of Object.entries(sync)) {
     validateSyncMapping(
       `${prefix} sync.${sourceType}`,
@@ -5194,12 +5177,11 @@ function validateIntegration(name, integration, modelsByKey, errors, warnings) {
   }
 }
 function validateSyncMapping(prefix, mapping, integrationName, modelsByKey, errors, warnings) {
-  if (!mapping.model || typeof mapping.model !== "string") {
-    errors.push(`${prefix}: model is required`);
+  const model = mapping.model ? modelsByKey.get(mapping.model) : void 0;
+  const seed = mapping.modelSeed;
+  if (!mapping.model) {
     return;
   }
-  const model = modelsByKey.get(mapping.model);
-  const seed = mapping.modelSeed;
   if (!model && !seed) {
     errors.push(
       `${prefix}: missing model '${mapping.model}' referenced by integration '${integrationName}' \u2014 declare it under models or provide a modelSeed`
@@ -5207,52 +5189,22 @@ function validateSyncMapping(prefix, mapping, integrationName, modelsByKey, erro
     return;
   }
   const fieldKeys = model ? new Set((model.fields ?? []).map((f) => f.key)) : new Set(Object.keys(seed?.fields ?? {}));
-  const naturalKeyField = mapping.naturalKey;
-  if (!naturalKeyField || typeof naturalKeyField !== "string") {
-    errors.push(`${prefix}: naturalKey is required`);
-  } else if (!fieldKeys.has(naturalKeyField)) {
+  if (mapping.naturalKey && !fieldKeys.has(mapping.naturalKey)) {
     errors.push(
-      `${prefix}: naturalKey '${naturalKeyField}' does not exist on ${model ? `model '${mapping.model}'` : `modelSeed for '${mapping.model}'`}`
+      `${prefix}: naturalKey '${mapping.naturalKey}' does not exist on ${model ? `model '${mapping.model}'` : `modelSeed for '${mapping.model}'`}`
     );
   }
   const fields = mapping.fields ?? {};
-  if (Object.keys(fields).length === 0) {
-    errors.push(`${prefix}: fields mapping must declare at least one field`);
-  }
   for (const [sourceField, foirField] of Object.entries(fields)) {
-    if (!foirField || typeof foirField !== "string") {
-      errors.push(
-        `${prefix}: field mapping for source '${sourceField}' must be a non-empty string`
-      );
-      continue;
-    }
+    if (!foirField) continue;
     if (!fieldKeys.has(foirField)) {
       errors.push(
         `${prefix}: field mapping '${sourceField} -> ${foirField}' references field '${foirField}' which does not exist on ${model ? `model '${mapping.model}'` : `modelSeed for '${mapping.model}'`}`
       );
     }
   }
-  if (seed) {
-    validateSeedStructure(prefix, seed, errors);
-    if (model) {
-      detectSeedDrift(prefix, seed, model, warnings);
-    }
-  }
-}
-function validateSeedStructure(prefix, seed, errors) {
-  const fields = seed.fields ?? {};
-  if (Object.keys(fields).length === 0) {
-    errors.push(`${prefix}: modelSeed.fields must declare at least one field`);
-    return;
-  }
-  for (const [key, field] of Object.entries(fields)) {
-    if (!field || typeof field !== "object") {
-      errors.push(`${prefix}: modelSeed.fields.${key} must be an object`);
-      continue;
-    }
-    if (!field.type || typeof field.type !== "string") {
-      errors.push(`${prefix}: modelSeed.fields.${key}.type is required`);
-    }
+  if (seed && model) {
+    detectSeedDrift(prefix, seed, model, warnings);
   }
 }
 function detectSeedDrift(prefix, seed, model, warnings) {
@@ -5275,50 +5227,156 @@ function detectSeedDrift(prefix, seed, model, warnings) {
 }
 function validateExtension(name, extension, modelsByKey, errors) {
   const prefix = `extension '${name}'`;
-  if (!KEBAB_CASE.test(name)) {
-    errors.push(`${prefix}: name must be kebab-case (lowercase, dash-separated)`);
-  }
-  if (!extension.url || typeof extension.url !== "string") {
-    errors.push(`${prefix}: url is required`);
-  } else if (!isWellFormedHttpsUrl(extension.url)) {
-    errors.push(
-      `${prefix}: url must be a well-formed https URL, got '${extension.url}'`
-    );
-  }
+  const protoJson = toExtensionProtoJson(name, extension);
+  const structuralErrors = runProtoValidation(
+    prefix,
+    protoJson,
+    (json) => fromJson3(ExtensionConfigSchema, json, { ignoreUnknownFields: true })
+  );
+  errors.push(...structuralErrors);
   const placements = extension.placements ?? [];
-  if (placements.length === 0) {
-    errors.push(`${prefix}: placements must declare at least one placement`);
-  }
   placements.forEach((placement, index) => {
-    const placementPrefix = `${prefix} placements[${index}]`;
-    if (!placement.target || !KNOWN_EXTENSION_TARGETS.has(placement.target)) {
+    if (placement.model && !modelsByKey.has(placement.model)) {
       errors.push(
-        `${placementPrefix}: target must be one of ${[...KNOWN_EXTENSION_TARGETS].join(", ")}`
+        `${prefix} placements[${index}]: missing model '${placement.model}' referenced by extension '${name}'`
       );
     }
-    if (!placement.model || typeof placement.model !== "string") {
-      errors.push(`${placementPrefix}: model is required`);
-    } else if (!modelsByKey.has(placement.model)) {
-      errors.push(
-        `${placementPrefix}: missing model '${placement.model}' referenced by extension '${name}'`
-      );
-    }
-    if (!placement.tab || typeof placement.tab !== "string") {
-      errors.push(`${placementPrefix}: tab is required`);
-    }
-    if (!placement.title || typeof placement.title !== "string") {
-      errors.push(`${placementPrefix}: title is required`);
-    }
   });
 }
-function isWellFormedHttpsUrl(candidate) {
+function runProtoValidation(prefix, json, decode) {
+  let message;
+  try {
+    message = decode(json);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return [`${prefix}: cannot decode as proto \u2014 ${msg}`];
+  }
+  const result = runValidate(message);
+  if (result.kind === "valid") return [];
+  if (result.kind === "error") {
+    return [`${prefix}: validator error \u2014 ${result.error.message}`];
+  }
+  return result.violations.map((v) => `${prefix}: ${formatViolation(v)}`);
+}
+function runValidate(message) {
+  if (!message || typeof message !== "object") {
+    return { kind: "error", error: new Error("message is not an object") };
+  }
+  const anyMsg = message;
+  let schema;
+  if (anyMsg.$typeName === "integrations.v1.IntegrationConfig") {
+    schema = IntegrationConfigSchema;
+  } else if (anyMsg.$typeName === "integrations.v1.ExtensionConfig") {
+    schema = ExtensionConfigSchema;
+  } else {
+    return { kind: "error", error: new Error(`unknown message type ${anyMsg.$typeName ?? "?"}`) };
+  }
+  const result = validator.validate(
+    // Both schema/message casts are safe because we picked schema by $typeName.
+    schema,
+    message
+  );
+  if (result.kind === "valid") return { kind: "valid" };
+  if (result.kind === "error") return { kind: "error", error: result.error };
+  return { kind: "invalid", violations: result.violations };
+}
+function formatViolation(v) {
+  let path3 = "";
   try {
-    const parsed = new URL(candidate);
-    if (parsed.protocol !== "https:") return false;
-    if (!parsed.hostname) return false;
-    return true;
+    path3 = pathToString(v.field);
   } catch {
-    return false;
+    path3 = "";
+  }
+  const message = v.message ?? "";
+  return path3 ? `${path3}: ${message}` : message;
+}
+function compact(obj) {
+  const out = {};
+  for (const [k, v] of Object.entries(obj)) {
+    if (v !== void 0) out[k] = v;
+  }
+  return out;
+}
+function toIntegrationProtoJson(name, integration) {
+  return compact({
+    name,
+    enabled: integration.enabled ?? true,
+    middleware: integration.middleware ? { url: integration.middleware.url ?? "" } : void 0,
+    credentials: {
+      strategy: integration.credentials?.strategy ? credentialStrategyToProto(integration.credentials.strategy) : "CREDENTIAL_STRATEGY_UNSPECIFIED"
+    },
+    sync: integration.sync ? Object.fromEntries(
+      Object.entries(integration.sync).map(([k, v]) => [k, syncMappingToProto(v)])
+    ) : {},
+    settings: integration.settings,
+    metadata: integration.metadata
+  });
+}
+function syncMappingToProto(mapping) {
+  return compact({
+    model: mapping.model ?? "",
+    naturalKey: mapping.naturalKey ?? "",
+    fields: mapping.fields ?? {},
+    modelSeed: mapping.modelSeed ? {
+      fields: Object.fromEntries(
+        Object.entries(mapping.modelSeed.fields ?? {}).map(([k, v]) => [
+          k,
+          compact({
+            type: v.type ?? "",
+            required: v.required ?? false,
+            naturalKey: v.naturalKey ?? false,
+            label: v.label,
+            helpText: v.helpText,
+            config: v.config
+          })
+        ])
+      )
+    } : void 0
+  });
+}
+function credentialStrategyToProto(strategy) {
+  switch (strategy) {
+    case "oauth":
+      return "CREDENTIAL_STRATEGY_OAUTH";
+    case "api_key":
+      return "CREDENTIAL_STRATEGY_API_KEY";
+    case "shared_secret":
+      return "CREDENTIAL_STRATEGY_SHARED_SECRET";
+    case "ssh_key":
+      return "CREDENTIAL_STRATEGY_SSH_KEY";
+    case "none":
+      return "CREDENTIAL_STRATEGY_NONE";
+    case "managed":
+      return "CREDENTIAL_STRATEGY_MANAGED";
+    default:
+      return "CREDENTIAL_STRATEGY_UNSPECIFIED";
+  }
+}
+function toExtensionProtoJson(name, extension) {
+  const placements = (extension.placements ?? []).map(
+    (p) => compact({
+      target: extensionTargetToProto(p.target),
+      model: p.model ?? "",
+      tab: p.tab ?? "",
+      title: p.title ?? "",
+      hints: p.hints
+    })
+  );
+  return compact({
+    name,
+    url: extension.url ?? "",
+    placements,
+    metadata: extension.metadata
+  });
+}
+function extensionTargetToProto(target) {
+  switch (target) {
+    case "record":
+      return "EXTENSION_TARGET_RECORD";
+    case "model-list":
+      return "EXTENSION_TARGET_MODEL_LIST";
+    default:
+      return "EXTENSION_TARGET_UNSPECIFIED";
   }
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@eide/foir-cli",
-  "version": "0.4.14",
+  "version": "0.5.0",
   "description": "Universal platform CLI for Foir platform",
   "type": "module",
   "publishConfig": {
@@ -47,9 +47,10 @@
   "license": "UNLICENSED",
   "dependencies": {
     "@bufbuild/protobuf": "^2.0.0",
+    "@bufbuild/protovalidate": "^1.1.1",
     "@connectrpc/connect": "^2.0.0",
     "@connectrpc/connect-node": "^2.0.0",
-    "@eide/foir-proto-ts": "^0.3.8",
+    "@eide/foir-proto-ts": "^0.6.1",
     "chalk": "^5.3.0",
     "commander": "^12.1.0",
     "dotenv": "^16.4.5",