npm - @elevasis/core - Versions diffs - 0.11.2 → 0.13.0 - Mend

@elevasis/core 0.11.2 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

package/dist/index.d.ts +2 -1
package/dist/index.js +8 -1
package/dist/organization-model/index.d.ts +2 -1
package/dist/organization-model/index.js +8 -1
package/dist/test-utils/index.d.ts +27 -15
package/dist/test-utils/index.js +25 -0
package/package.json +1 -1
package/src/_gen/__tests__/__snapshots__/contracts.md.snap +27 -270
package/src/auth/multi-tenancy/credentials/__tests__/encryption.test.ts +217 -216
package/src/auth/multi-tenancy/credentials/server/encryption.ts +69 -39
package/src/auth/multi-tenancy/credentials/server/kek-loader.ts +37 -0
package/src/auth/multi-tenancy/index.ts +3 -0
package/src/auth/multi-tenancy/invitations/api-schemas.ts +104 -107
package/src/auth/multi-tenancy/memberships/api-schemas.ts +6 -5
package/src/auth/multi-tenancy/memberships/membership.ts +130 -138
package/src/auth/multi-tenancy/permissions.ts +12 -5
package/src/auth/multi-tenancy/role-management/api-schemas.ts +78 -0
package/src/auth/multi-tenancy/role-management/index.ts +16 -0
package/src/business/acquisition/activity-events.ts +142 -0
package/src/business/acquisition/api-schemas.ts +694 -689
package/src/business/acquisition/derive-actions.ts +90 -0
package/src/business/acquisition/index.ts +111 -109
package/src/execution/engine/index.ts +434 -434
package/src/execution/engine/tools/integration/server/adapters/apify/__tests__/apify-run-actor.integration.test.ts +298 -293
package/src/execution/engine/tools/integration/server/adapters/attio/__tests__/attio-crud.integration.test.ts +0 -1
package/src/execution/engine/tools/integration/service.test.ts +214 -0
package/src/execution/engine/tools/integration/service.ts +169 -161
package/src/execution/engine/tools/lead-service-types.ts +882 -879
package/src/execution/engine/tools/registry.ts +699 -700
package/src/execution/engine/tools/tool-maps.ts +777 -780
package/src/integrations/credentials/__tests__/api-schemas.test.ts +420 -496
package/src/integrations/credentials/api-schemas.ts +127 -143
package/src/integrations/webhook-endpoints/__tests__/api-schemas.test.ts +327 -318
package/src/integrations/webhook-endpoints/api-schemas.ts +103 -102
package/src/integrations/webhook-endpoints/types.ts +58 -51
package/src/operations/activities/api-schemas.ts +80 -79
package/src/operations/activities/types.ts +64 -63
package/src/organization-model/contracts.ts +1 -0
package/src/organization-model/defaults.ts +6 -0
package/src/organization-model/domains/navigation.ts +37 -23
package/src/organization-model/organization-graph.mdx +2 -2
package/src/organization-model/published.ts +2 -1
package/src/platform/constants/versions.ts +1 -1
package/src/reference/_generated/contracts.md +27 -270
package/src/scaffold-registry/__tests__/index.test.ts +72 -7
package/src/scaffold-registry/index.ts +163 -29
package/src/scaffold-registry/schema.ts +68 -62
package/src/server.ts +281 -272
package/src/supabase/database.types.ts +16 -10
package/src/test-utils/rls/RLSTestContext.ts +585 -553

package/src/integrations/credentials/api-schemas.ts CHANGED Viewed

@@ -1,143 +1,127 @@
-import { z } from 'zod'
-import { UuidSchema, CredentialNameSchema } from '../../platform/utils/validation'
-/**
- * Credential API Validation Schemas
- *
- * Separate from credential configuration schemas (schemas.ts).
- * - schemas.ts: Credential field definitions and type registry
- * - api-schemas.ts: HTTP request/response validation
- *
- * Design: Input Validation Standardization
- * @see apps/docs/content/docs/in-progress/active-development/security/active/credentials-integrations-validation-implementation.mdx
- */
-/**
- * Credential type validation
- * These are the actual `type` values stored in the database:
- * - 'oauth': All OAuth providers (notion, google-sheets) store this type
- * - 'api-key': Generic single-field API key credentials
- * - 'webhook-secret': Webhook signing secrets for signature validation
- *
- * Note: Provider-specific identifiers (notion, google-sheets) are CREDENTIAL_SCHEMAS
- * keys used for UI lookup, NOT stored type values. OAuth credentials store type='oauth'.
- */
-export const CredentialTypeSchema = z.enum(['oauth', 'api-key', 'webhook-secret', 'api-key-secret'])
-/**
- * Credential value validation
- * - Must be a non-empty object
- * - Keys are strings, values can be any JSON type
- * - Max 50 keys (prevents DoS)
- * - Individual string values max 10KB (prevents DoS)
- *
- * SECURITY:
- * - Prevents DoS via massive credential payloads
- * - Enforces reasonable limits for credential storage
- */
-const CredentialValueSchema = z
-  .record(z.string(), z.unknown())
-  .refine((val) => Object.keys(val).length > 0, { message: 'Credential value must not be empty' })
-  .refine((val) => Object.keys(val).length <= 50, { message: 'Credential value has too many keys (max 50)' })
-  .refine(
-    (val) => {
-      // Check individual string values for size
-      for (const v of Object.values(val)) {
-        if (typeof v === 'string' && v.length > 10240) {
-          return false
-        }
-      }
-      return true
-    },
-    { message: 'Individual credential values too large (max 10KB per string)' }
-  )
-/**
- * POST /api/credentials - Create credential
- */
-export const CreateCredentialRequestSchema = z
-  .object({
-    name: CredentialNameSchema,
-    type: CredentialTypeSchema,
-    value: CredentialValueSchema,
-    provider: z.string().optional() // OAuth provider ID ('dropbox', 'notion', 'google-sheets')
-  })
-  .strict() // Reject unknown fields (prevents mass assignment)
-/**
- * Response for credential creation
- */
-export const CreateCredentialResponseSchema = z.object({
-  id: UuidSchema,
-  name: z.string()
-})
-/**
- * GET /api/credentials - List credentials
- */
-export const ListCredentialsResponseSchema = z.object({
-  credentials: z.array(
-    z.object({
-      id: UuidSchema,
-      name: z.string(),
-      type: z.string(),
-      provider: z.string().nullable(), // OAuth provider or null for non-OAuth
-      createdAt: z.string().datetime()
-    })
-  )
-})
-/** API response type for a single credential list item */
-export type CredentialListItem = z.infer<typeof ListCredentialsResponseSchema>['credentials'][number]
-/**
- * PATCH /api/credentials/:credentialId - Update credential
- */
-export const UpdateCredentialParamsSchema = z.object({
-  credentialId: UuidSchema
-})
-export const UpdateCredentialRequestSchema = z
-  .object({
-    value: CredentialValueSchema.optional(),
-    name: CredentialNameSchema.optional()
-  })
-  .strict()
-  .refine((data) => data.value !== undefined || data.name !== undefined, {
-    message: 'At least one field (value or name) must be provided'
-  })
-/**
- * DELETE /api/credentials/:credentialId - Delete credential
- */
-export const DeleteCredentialParamsSchema = z.object({
-  credentialId: UuidSchema
-})
-/**
- * GET /api/credentials/:credentialName/decrypt - CRITICAL ENDPOINT
- * Decrypt credential value for agent/tool use
- *
- * SECURITY: credentialName validated with strict regex to prevent path traversal
- */
-export const DecryptCredentialParamsSchema = z.object({
-  credentialName: CredentialNameSchema
-})
-export const DecryptCredentialResponseSchema = z.object({
-  value: z.record(z.string(), z.unknown())
-})
-/**
- * Export all schemas for use in routes
- */
-export const CredentialSchemas = {
-  CreateRequest: CreateCredentialRequestSchema,
-  CreateResponse: CreateCredentialResponseSchema,
-  ListResponse: ListCredentialsResponseSchema,
-  UpdateParams: UpdateCredentialParamsSchema,
-  UpdateRequest: UpdateCredentialRequestSchema,
-  DeleteParams: DeleteCredentialParamsSchema,
-  DecryptParams: DecryptCredentialParamsSchema,
-  DecryptResponse: DecryptCredentialResponseSchema
-}
+import { z } from 'zod'
+import { UuidSchema, CredentialNameSchema } from '../../platform/utils/validation'
+/**
+ * Credential API Validation Schemas
+ *
+ * Separate from credential configuration schemas (schemas.ts).
+ * - schemas.ts: Credential field definitions and type registry
+ * - api-schemas.ts: HTTP request/response validation
+ *
+ * Design: Input Validation Standardization
+ * @see apps/docs/content/docs/in-progress/active-development/security/active/credentials-integrations-validation-implementation.mdx
+ */
+/**
+ * Credential type validation
+ * These are the actual `type` values stored in the database:
+ * - 'oauth': All OAuth providers (notion, google-sheets) store this type
+ * - 'api-key': Generic single-field API key credentials
+ * - 'webhook-secret': Webhook signing secrets for signature validation
+ *
+ * Note: Provider-specific identifiers (notion, google-sheets) are CREDENTIAL_SCHEMAS
+ * keys used for UI lookup, NOT stored type values. OAuth credentials store type='oauth'.
+ */
+export const CredentialTypeSchema = z.enum(['oauth', 'api-key', 'webhook-secret', 'api-key-secret'])
+/**
+ * Credential value validation
+ * - Must be a non-empty object
+ * - Keys are strings, values can be any JSON type
+ * - Max 50 keys (prevents DoS)
+ * - Individual string values max 10KB (prevents DoS)
+ *
+ * SECURITY:
+ * - Prevents DoS via massive credential payloads
+ * - Enforces reasonable limits for credential storage
+ */
+const CredentialValueSchema = z
+  .record(z.string(), z.unknown())
+  .refine((val) => Object.keys(val).length > 0, { message: 'Credential value must not be empty' })
+  .refine((val) => Object.keys(val).length <= 50, { message: 'Credential value has too many keys (max 50)' })
+  .refine(
+    (val) => {
+      // Check individual string values for size
+      for (const v of Object.values(val)) {
+        if (typeof v === 'string' && v.length > 10240) {
+          return false
+        }
+      }
+      return true
+    },
+    { message: 'Individual credential values too large (max 10KB per string)' }
+  )
+/**
+ * POST /api/credentials - Create credential
+ */
+export const CreateCredentialRequestSchema = z
+  .object({
+    name: CredentialNameSchema,
+    type: CredentialTypeSchema,
+    value: CredentialValueSchema,
+    provider: z.string().optional() // OAuth provider ID ('dropbox', 'notion', 'google-sheets')
+  })
+  .strict() // Reject unknown fields (prevents mass assignment)
+/**
+ * Response for credential creation
+ */
+export const CreateCredentialResponseSchema = z.object({
+  id: UuidSchema,
+  name: z.string()
+})
+/**
+ * GET /api/credentials - List credentials
+ */
+export const ListCredentialsResponseSchema = z.object({
+  credentials: z.array(
+    z.object({
+      id: UuidSchema,
+      name: z.string(),
+      type: z.string(),
+      provider: z.string().nullable(), // OAuth provider or null for non-OAuth
+      createdAt: z.string().datetime()
+    })
+  )
+})
+/** API response type for a single credential list item */
+export type CredentialListItem = z.infer<typeof ListCredentialsResponseSchema>['credentials'][number]
+/**
+ * PATCH /api/credentials/:credentialId - Update credential
+ */
+export const UpdateCredentialParamsSchema = z.object({
+  credentialId: UuidSchema
+})
+export const UpdateCredentialRequestSchema = z
+  .object({
+    value: CredentialValueSchema.optional(),
+    name: CredentialNameSchema.optional()
+  })
+  .strict()
+  .refine((data) => data.value !== undefined || data.name !== undefined, {
+    message: 'At least one field (value or name) must be provided'
+  })
+/**
+ * DELETE /api/credentials/:credentialId - Delete credential
+ */
+export const DeleteCredentialParamsSchema = z.object({
+  credentialId: UuidSchema
+})
+/**
+ * Export all schemas for use in routes
+ */
+export const CredentialSchemas = {
+  CreateRequest: CreateCredentialRequestSchema,
+  CreateResponse: CreateCredentialResponseSchema,
+  ListResponse: ListCredentialsResponseSchema,
+  UpdateParams: UpdateCredentialParamsSchema,
+  UpdateRequest: UpdateCredentialRequestSchema,
+  DeleteParams: DeleteCredentialParamsSchema
+}