@friggframework/admin-scripts 2.0.0--canary.517.300ded3.0 → 2.0.0--canary.522.cbd3d5a.0

package/index.js

@@ -12,7 +12,7 @@ const { AdminFriggCommands, createAdminFriggCommands } = require('./src/applicat
 const { ScriptRunner, createScriptRunner } = require('./src/application/script-runner');
 
 // Infrastructure
-const { validateAdminApiKey } = require('./src/infrastructure/admin-auth-middleware');
+const { adminAuthMiddleware } = require('./src/infrastructure/admin-auth-middleware');
 const { router, app, handler: routerHandler } = require('./src/infrastructure/admin-script-router');
 const { handler: executorHandler } = require('./src/infrastructure/script-executor-handler');
 
@@ -45,7 +45,7 @@ module.exports = {
     createScriptRunner,
 
     // Infrastructure layer
-    validateAdminApiKey,
+    adminAuthMiddleware,
     router,
     app,
     routerHandler,

package/package.json

@@ -1,21 +1,23 @@
 {
     "name": "@friggframework/admin-scripts",
     "prettier": "@friggframework/prettier-config",
-    "version": "2.0.0--canary.517.300ded3.0",
+    "version": "2.0.0--canary.522.cbd3d5a.0",
     "description": "Admin Script Runner for Frigg - Execute maintenance and operational scripts in hosted environments",
     "dependencies": {
         "@aws-sdk/client-scheduler": "^3.588.0",
-        "@friggframework/core": "2.0.0--canary.517.300ded3.0",
+        "@friggframework/core": "2.0.0--canary.522.cbd3d5a.0",
         "bcryptjs": "^2.4.3",
         "express": "^4.18.2",
         "lodash": "4.17.21",
+        "mongoose": "6.11.6",
         "serverless-http": "^3.2.0",
         "uuid": "^9.0.1"
     },
     "devDependencies": {
-        "@friggframework/eslint-config": "2.0.0--canary.517.300ded3.0",
-        "@friggframework/prettier-config": "2.0.0--canary.517.300ded3.0",
-        "@friggframework/test": "2.0.0--canary.517.300ded3.0",
+        "@friggframework/eslint-config": "2.0.0--canary.522.cbd3d5a.0",
+        "@friggframework/prettier-config": "2.0.0--canary.522.cbd3d5a.0",
+        "@friggframework/test": "2.0.0--canary.522.cbd3d5a.0",
+        "chai": "^4.3.6",
         "eslint": "^8.22.0",
         "jest": "^29.7.0",
         "prettier": "^2.7.1",
@@ -47,5 +49,5 @@
         "maintenance",
         "operations"
     ],
-    "gitHead": "300ded3ac35558075a081104b4b362b85cf0756f"
+    "gitHead": "cbd3d5a81315519842f308fc0bd786a3f8786b79"
 }

package/src/application/__tests__/admin-frigg-commands.test.js

@@ -5,7 +5,7 @@ jest.mock('@friggframework/core/integrations/repositories/integration-repository
 jest.mock('@friggframework/core/user/repositories/user-repository-factory');
 jest.mock('@friggframework/core/modules/repositories/module-repository-factory');
 jest.mock('@friggframework/core/credential/repositories/credential-repository-factory');
-jest.mock('@friggframework/core/admin-scripts/repositories/admin-process-repository-factory');
+jest.mock('@friggframework/core/admin-scripts/repositories/script-execution-repository-factory');
 jest.mock('@friggframework/core/queues');
 
 describe('AdminFriggCommands', () => {
@@ -13,7 +13,7 @@ describe('AdminFriggCommands', () => {
     let mockUserRepo;
     let mockModuleRepo;
     let mockCredentialRepo;
-    let mockAdminProcessRepo;
+    let mockScriptExecutionRepo;
     let mockQueuerUtil;
 
     beforeEach(() => {
@@ -46,8 +46,8 @@ describe('AdminFriggCommands', () => {
             updateCredential: jest.fn(),
         };
 
-        mockAdminProcessRepo = {
-            appendProcessLog: jest.fn().mockResolvedValue(undefined),
+        mockScriptExecutionRepo = {
+            appendExecutionLog: jest.fn().mockResolvedValue(undefined),
         };
 
         mockQueuerUtil = {
@@ -60,14 +60,14 @@ describe('AdminFriggCommands', () => {
         const { createUserRepository } = require('@friggframework/core/user/repositories/user-repository-factory');
         const { createModuleRepository } = require('@friggframework/core/modules/repositories/module-repository-factory');
         const { createCredentialRepository } = require('@friggframework/core/credential/repositories/credential-repository-factory');
-        const { createAdminProcessRepository } = require('@friggframework/core/admin-scripts/repositories/admin-process-repository-factory');
+        const { createScriptExecutionRepository } = require('@friggframework/core/admin-scripts/repositories/script-execution-repository-factory');
         const { QueuerUtil } = require('@friggframework/core/queues');
 
         createIntegrationRepository.mockReturnValue(mockIntegrationRepo);
         createUserRepository.mockReturnValue(mockUserRepo);
         createModuleRepository.mockReturnValue(mockModuleRepo);
         createCredentialRepository.mockReturnValue(mockCredentialRepo);
-        createAdminProcessRepository.mockReturnValue(mockAdminProcessRepo);
+        createScriptExecutionRepository.mockReturnValue(mockScriptExecutionRepo);
 
         // Mock QueuerUtil methods
         QueuerUtil.send = mockQueuerUtil.send;
@@ -158,16 +158,16 @@ describe('AdminFriggCommands', () => {
             expect(repo).toBe(mockCredentialRepo);
         });
 
-        it('creates adminProcessRepository on first access', () => {
+        it('creates scriptExecutionRepository on first access', () => {
             const commands = new AdminFriggCommands();
-            const { createAdminProcessRepository } = require('@friggframework/core/admin-scripts/repositories/admin-process-repository-factory');
+            const { createScriptExecutionRepository } = require('@friggframework/core/admin-scripts/repositories/script-execution-repository-factory');
 
-            expect(createAdminProcessRepository).not.toHaveBeenCalled();
+            expect(createScriptExecutionRepository).not.toHaveBeenCalled();
 
-            const repo = commands.adminProcessRepository;
+            const repo = commands.scriptExecutionRepository;
 
-            expect(createAdminProcessRepository).toHaveBeenCalledTimes(1);
-            expect(repo).toBe(mockAdminProcessRepo);
+            expect(createScriptExecutionRepository).toHaveBeenCalledTimes(1);
+            expect(repo).toBe(mockScriptExecutionRepo);
         });
     });
 
@@ -551,15 +551,15 @@ describe('AdminFriggCommands', () => {
         it('log() persists if executionId set', async () => {
             const commands = new AdminFriggCommands({ executionId: 'exec_123' });
             // Force repository creation
-            commands.adminProcessRepository;
+            commands.scriptExecutionRepository;
 
             commands.log('warn', 'Warning message', { detail: 'xyz' });
 
             // Give async operation a chance to execute
             await new Promise(resolve => setImmediate(resolve));
 
-            expect(mockAdminProcessRepo.appendProcessLog).toHaveBeenCalled();
-            const callArgs = mockAdminProcessRepo.appendProcessLog.mock.calls[0];
+            expect(mockScriptExecutionRepo.appendExecutionLog).toHaveBeenCalled();
+            const callArgs = mockScriptExecutionRepo.appendExecutionLog.mock.calls[0];
             expect(callArgs[0]).toBe('exec_123');
             expect(callArgs[1].level).toBe('warn');
             expect(callArgs[1].message).toBe('Warning message');
@@ -572,14 +572,14 @@ describe('AdminFriggCommands', () => {
 
             await new Promise(resolve => setImmediate(resolve));
 
-            expect(mockAdminProcessRepo.appendProcessLog).not.toHaveBeenCalled();
+            expect(mockScriptExecutionRepo.appendExecutionLog).not.toHaveBeenCalled();
         });
 
         it('log() handles persistence failure gracefully', async () => {
             const commands = new AdminFriggCommands({ executionId: 'exec_123' });
             // Force repository creation
-            commands.adminProcessRepository;
-            mockAdminProcessRepo.appendProcessLog.mockRejectedValue(new Error('DB Error'));
+            commands.scriptExecutionRepository;
+            mockScriptExecutionRepo.appendExecutionLog.mockRejectedValue(new Error('DB Error'));
 
             // Should not throw
             expect(() => commands.log('error', 'Test error')).not.toThrow();

package/src/application/__tests__/dry-run-http-interceptor.test.js

@@ -0,0 +1,313 @@
+const {
+    createDryRunHttpClient,
+    injectDryRunHttpClient,
+    sanitizeHeaders,
+    sanitizeData,
+    detectService,
+} = require('../dry-run-http-interceptor');
+
+describe('Dry-Run HTTP Interceptor', () => {
+    describe('sanitizeHeaders', () => {
+        test('should redact authorization headers', () => {
+            const headers = {
+                'Content-Type': 'application/json',
+                Authorization: 'Bearer secret-token',
+                'X-API-Key': 'api-key-123',
+                'User-Agent': 'frigg/1.0',
+            };
+
+            const sanitized = sanitizeHeaders(headers);
+
+            expect(sanitized['Content-Type']).toBe('application/json');
+            expect(sanitized['User-Agent']).toBe('frigg/1.0');
+            expect(sanitized.Authorization).toBe('[REDACTED]');
+            expect(sanitized['X-API-Key']).toBe('[REDACTED]');
+        });
+
+        test('should handle case variations', () => {
+            const headers = {
+                authorization: 'Bearer token',
+                Authorization: 'Bearer token',
+                'x-api-key': 'key1',
+                'X-API-Key': 'key2',
+            };
+
+            const sanitized = sanitizeHeaders(headers);
+
+            expect(sanitized.authorization).toBe('[REDACTED]');
+            expect(sanitized.Authorization).toBe('[REDACTED]');
+            expect(sanitized['x-api-key']).toBe('[REDACTED]');
+            expect(sanitized['X-API-Key']).toBe('[REDACTED]');
+        });
+
+        test('should handle null/undefined', () => {
+            expect(sanitizeHeaders(null)).toEqual({});
+            expect(sanitizeHeaders(undefined)).toEqual({});
+            expect(sanitizeHeaders({})).toEqual({});
+        });
+    });
+
+    describe('detectService', () => {
+        test('should detect CRM services', () => {
+            expect(detectService('https://api.hubapi.com')).toBe('HubSpot');
+            expect(detectService('https://login.salesforce.com')).toBe('Salesforce');
+            expect(detectService('https://api.pipedrive.com')).toBe('Pipedrive');
+            expect(detectService('https://api.attio.com')).toBe('Attio');
+        });
+
+        test('should detect communication services', () => {
+            expect(detectService('https://slack.com/api')).toBe('Slack');
+            expect(detectService('https://discord.com/api')).toBe('Discord');
+            expect(detectService('https://graph.teams.microsoft.com')).toBe('Microsoft Teams');
+        });
+
+        test('should detect project management tools', () => {
+            expect(detectService('https://app.asana.com/api')).toBe('Asana');
+            expect(detectService('https://api.monday.com')).toBe('Monday.com');
+            expect(detectService('https://api.trello.com')).toBe('Trello');
+        });
+
+        test('should return unknown for unrecognized services', () => {
+            expect(detectService('https://example.com/api')).toBe('unknown');
+            expect(detectService(null)).toBe('unknown');
+            expect(detectService(undefined)).toBe('unknown');
+        });
+
+        test('should be case insensitive', () => {
+            expect(detectService('HTTPS://API.HUBSPOT.COM')).toBe('HubSpot');
+            expect(detectService('https://API.SLACK.COM')).toBe('Slack');
+        });
+    });
+
+    describe('sanitizeData', () => {
+        test('should redact sensitive fields', () => {
+            const data = {
+                name: 'Test User',
+                email: 'test@example.com',
+                password: 'secret123',
+                apiToken: 'token-abc',
+                authKey: 'key-xyz',
+            };
+
+            const sanitized = sanitizeData(data);
+
+            expect(sanitized.name).toBe('Test User');
+            expect(sanitized.email).toBe('test@example.com');
+            expect(sanitized.password).toBe('[REDACTED]');
+            expect(sanitized.apiToken).toBe('[REDACTED]');
+            expect(sanitized.authKey).toBe('[REDACTED]');
+        });
+
+        test('should handle nested objects', () => {
+            const data = {
+                user: {
+                    name: 'Test',
+                    credentials: {
+                        password: 'secret',
+                        token: 'abc123',
+                    },
+                },
+            };
+
+            const sanitized = sanitizeData(data);
+
+            expect(sanitized.user.name).toBe('Test');
+            expect(sanitized.user.credentials.password).toBe('[REDACTED]');
+            expect(sanitized.user.credentials.token).toBe('[REDACTED]');
+        });
+
+        test('should handle arrays', () => {
+            const data = [
+                { id: '1', password: 'secret1' },
+                { id: '2', apiKey: 'key2' },
+            ];
+
+            const sanitized = sanitizeData(data);
+
+            expect(sanitized[0].id).toBe('1');
+            expect(sanitized[0].password).toBe('[REDACTED]');
+            expect(sanitized[1].apiKey).toBe('[REDACTED]');
+        });
+
+        test('should preserve primitives', () => {
+            expect(sanitizeData('string')).toBe('string');
+            expect(sanitizeData(123)).toBe(123);
+            expect(sanitizeData(true)).toBe(true);
+            expect(sanitizeData(null)).toBe(null);
+            expect(sanitizeData(undefined)).toBe(undefined);
+        });
+    });
+
+    describe('createDryRunHttpClient', () => {
+        let operationLog;
+
+        beforeEach(() => {
+            operationLog = [];
+        });
+
+        test('should log GET requests', async () => {
+            const client = createDryRunHttpClient(operationLog);
+
+            const response = await client.get('/contacts', {
+                baseURL: 'https://api.hubapi.com',
+                headers: { Authorization: 'Bearer token' },
+            });
+
+            expect(operationLog).toHaveLength(1);
+            expect(operationLog[0]).toMatchObject({
+                operation: 'HTTP_REQUEST',
+                method: 'GET',
+                url: 'https://api.hubapi.com/contacts',
+                service: 'HubSpot',
+            });
+
+            expect(operationLog[0].headers.Authorization).toBe('[REDACTED]');
+            expect(response.data._dryRun).toBe(true);
+        });
+
+        test('should log POST requests with data', async () => {
+            const client = createDryRunHttpClient(operationLog);
+
+            const postData = {
+                name: 'John Doe',
+                email: 'john@example.com',
+                password: 'secret123',
+            };
+
+            await client.post('/users', postData, {
+                baseURL: 'https://api.example.com',
+            });
+
+            expect(operationLog).toHaveLength(1);
+            expect(operationLog[0].method).toBe('POST');
+            expect(operationLog[0].data.name).toBe('John Doe');
+            expect(operationLog[0].data.email).toBe('john@example.com');
+            expect(operationLog[0].data.password).toBe('[REDACTED]');
+        });
+
+        test('should log PUT requests', async () => {
+            const client = createDryRunHttpClient(operationLog);
+
+            await client.put('/users/123', { status: 'active' }, {
+                baseURL: 'https://api.example.com',
+            });
+
+            expect(operationLog).toHaveLength(1);
+            expect(operationLog[0].method).toBe('PUT');
+            expect(operationLog[0].data.status).toBe('active');
+        });
+
+        test('should log PATCH requests', async () => {
+            const client = createDryRunHttpClient(operationLog);
+
+            await client.patch('/users/123', { name: 'Updated' });
+
+            expect(operationLog).toHaveLength(1);
+            expect(operationLog[0].method).toBe('PATCH');
+        });
+
+        test('should log DELETE requests', async () => {
+            const client = createDryRunHttpClient(operationLog);
+
+            await client.delete('/users/123', {
+                baseURL: 'https://api.example.com',
+            });
+
+            expect(operationLog).toHaveLength(1);
+            expect(operationLog[0].method).toBe('DELETE');
+        });
+
+        test('should return mock response', async () => {
+            const client = createDryRunHttpClient(operationLog);
+
+            const response = await client.get('/test');
+
+            expect(response.status).toBe(200);
+            expect(response.statusText).toContain('Dry-Run');
+            expect(response.data._dryRun).toBe(true);
+            expect(response.headers['x-dry-run']).toBe('true');
+        });
+
+        test('should include query params in log', async () => {
+            const client = createDryRunHttpClient(operationLog);
+
+            await client.get('/search', {
+                baseURL: 'https://api.example.com',
+                params: { q: 'test', limit: 10 },
+            });
+
+            expect(operationLog[0].params).toEqual({ q: 'test', limit: 10 });
+        });
+    });
+
+    describe('injectDryRunHttpClient', () => {
+        let operationLog;
+        let dryRunClient;
+
+        beforeEach(() => {
+            operationLog = [];
+            dryRunClient = createDryRunHttpClient(operationLog);
+        });
+
+        test('should inject into primary API module', () => {
+            const integrationInstance = {
+                primary: {
+                    api: {
+                        _httpClient: { get: jest.fn() },
+                    },
+                },
+            };
+
+            injectDryRunHttpClient(integrationInstance, dryRunClient);
+
+            expect(integrationInstance.primary.api._httpClient).toBe(dryRunClient);
+        });
+
+        test('should inject into target API module', () => {
+            const integrationInstance = {
+                target: {
+                    api: {
+                        _httpClient: { get: jest.fn() },
+                    },
+                },
+            };
+
+            injectDryRunHttpClient(integrationInstance, dryRunClient);
+
+            expect(integrationInstance.target.api._httpClient).toBe(dryRunClient);
+        });
+
+        test('should inject into both primary and target', () => {
+            const integrationInstance = {
+                primary: {
+                    api: { _httpClient: { get: jest.fn() } },
+                },
+                target: {
+                    api: { _httpClient: { get: jest.fn() } },
+                },
+            };
+
+            injectDryRunHttpClient(integrationInstance, dryRunClient);
+
+            expect(integrationInstance.primary.api._httpClient).toBe(dryRunClient);
+            expect(integrationInstance.target.api._httpClient).toBe(dryRunClient);
+        });
+
+        test('should handle missing api modules gracefully', () => {
+            const integrationInstance = {
+                primary: {},
+                target: null,
+            };
+
+            expect(() => {
+                injectDryRunHttpClient(integrationInstance, dryRunClient);
+            }).not.toThrow();
+        });
+
+        test('should handle null integration instance', () => {
+            expect(() => {
+                injectDryRunHttpClient(null, dryRunClient);
+            }).not.toThrow();
+        });
+    });
+});