@friggframework/admin-scripts 2.0.0--canary.517.300ded3.0 → 2.0.0--canary.522.cbd3d5a.0

package/src/application/script-runner.js

@@ -1,6 +1,8 @@
 const { getScriptFactory } = require('./script-factory');
 const { createAdminFriggCommands } = require('./admin-frigg-commands');
 const { createAdminScriptCommands } = require('@friggframework/core/application/commands/admin-script-commands');
+const { wrapAdminFriggCommandsForDryRun } = require('./dry-run-repository-wrapper');
+const { createDryRunHttpClient, injectDryRunHttpClient } = require('./dry-run-http-interceptor');
 
 /**
  * Script Runner
@@ -28,7 +30,7 @@ class ScriptRunner {
      * @param {string} options.mode - 'sync' | 'async'
      * @param {Object} options.audit - Audit info { apiKeyName, apiKeyLast4, ipAddress }
      * @param {string} options.executionId - Reuse existing execution ID
-     * @param {boolean} options.dryRun - Dry-run mode: validate and preview without executing
+     * @param {boolean} options.dryRun - Execute in dry-run mode (no writes, log operations)
      */
     async execute(scriptName, params = {}, options = {}) {
         const { trigger = 'MANUAL', audit = {}, executionId: existingExecutionId, dryRun = false } = options;
@@ -44,16 +46,11 @@ class ScriptRunner {
             );
         }
 
-        // Dry-run mode: validate and return preview without executing
-        if (dryRun) {
-            return this.createDryRunPreview(scriptName, definition, params);
-        }
-
         let executionId = existingExecutionId;
 
         // Create execution record if not provided
         if (!executionId) {
-            const execution = await this.commands.createAdminProcess({
+            const execution = await this.commands.createScriptExecution({
                 scriptName,
                 scriptVersion: definition.version,
                 trigger,
@@ -67,13 +64,25 @@ class ScriptRunner {
         const startTime = new Date();
 
         try {
-            await this.commands.updateAdminProcessState(executionId, 'RUNNING');
+            // Update status to RUNNING (skip in dry-run)
+            if (!dryRun) {
+                await this.commands.updateScriptExecutionStatus(executionId, 'RUNNING');
+            }
 
             // Create frigg commands for the script
-            const frigg = createAdminFriggCommands({
-                executionId,
-                integrationFactory: this.integrationFactory,
-            });
+            let frigg;
+            let operationLog = [];
+
+            if (dryRun) {
+                // Dry-run mode: wrap commands to intercept writes
+                frigg = this.createDryRunFriggCommands(operationLog);
+            } else {
+                // Normal mode: create real commands
+                frigg = createAdminFriggCommands({
+                    executionId,
+                    integrationFactory: this.integrationFactory,
+                });
+            }
 
             // Create script instance
             const script = this.scriptFactory.createInstance(scriptName, {
@@ -88,15 +97,34 @@ class ScriptRunner {
             const endTime = new Date();
             const durationMs = endTime - startTime;
 
-            await this.commands.completeAdminProcess(executionId, {
-                state: 'COMPLETED',
-                output,
-                metrics: {
-                    startTime: startTime.toISOString(),
-                    endTime: endTime.toISOString(),
-                    durationMs,
-                },
-            });
+            // Complete execution (skip in dry-run)
+            if (!dryRun) {
+                await this.commands.completeScriptExecution(executionId, {
+                    status: 'COMPLETED',
+                    output,
+                    metrics: {
+                        startTime: startTime.toISOString(),
+                        endTime: endTime.toISOString(),
+                        durationMs,
+                    },
+                });
+            }
+
+            // Return dry-run preview if in dry-run mode
+            if (dryRun) {
+                return {
+                    executionId,
+                    dryRun: true,
+                    status: 'DRY_RUN_COMPLETED',
+                    scriptName,
+                    preview: {
+                        operations: operationLog,
+                        summary: this.summarizeOperations(operationLog),
+                        scriptOutput: output,
+                    },
+                    metrics: { durationMs },
+                };
+            }
 
             return {
                 executionId,
@@ -106,26 +134,31 @@ class ScriptRunner {
                 metrics: { durationMs },
             };
         } catch (error) {
+            // Calculate metrics even on failure
             const endTime = new Date();
             const durationMs = endTime - startTime;
 
-            await this.commands.completeAdminProcess(executionId, {
-                state: 'FAILED',
-                error: {
-                    name: error.name,
-                    message: error.message,
-                    stack: error.stack,
-                },
-                metrics: {
-                    startTime: startTime.toISOString(),
-                    endTime: endTime.toISOString(),
-                    durationMs,
-                },
-            });
+            // Record failure (skip in dry-run)
+            if (!dryRun) {
+                await this.commands.completeScriptExecution(executionId, {
+                    status: 'FAILED',
+                    error: {
+                        name: error.name,
+                        message: error.message,
+                        stack: error.stack,
+                    },
+                    metrics: {
+                        startTime: startTime.toISOString(),
+                        endTime: endTime.toISOString(),
+                        durationMs,
+                    },
+                });
+            }
 
             return {
                 executionId,
-                status: 'FAILED',
+                dryRun,
+                status: dryRun ? 'DRY_RUN_FAILED' : 'FAILED',
                 scriptName,
                 error: {
                     name: error.name,
@@ -137,107 +170,80 @@ class ScriptRunner {
     }
 
     /**
-     * Create dry-run preview without executing the script
-     * Validates inputs and shows what would be executed
+     * Create dry-run version of AdminFriggCommands
+     * Intercepts all write operations and logs them
      *
-     * @param {string} scriptName - Script name
-     * @param {Object} definition - Script definition
-     * @param {Object} params - Input parameters
-     * @returns {Object} Dry-run preview
+     * @param {Array} operationLog - Array to collect logged operations
+     * @returns {Object} Wrapped AdminFriggCommands
      */
-    createDryRunPreview(scriptName, definition, params) {
-        const validation = this.validateParams(definition, params);
-
-        return {
-            dryRun: true,
-            status: validation.valid ? 'DRY_RUN_VALID' : 'DRY_RUN_INVALID',
-            scriptName,
-            preview: {
-                script: {
-                    name: definition.name,
-                    version: definition.version,
-                    description: definition.description,
-                    requiresIntegrationFactory: definition.config?.requiresIntegrationFactory || false,
-                },
-                input: params,
-                inputSchema: definition.inputSchema || null,
-                validation,
-            },
-            message: validation.valid
-                ? 'Dry-run validation passed. Script is ready to execute with provided parameters.'
-                : `Dry-run validation failed: ${validation.errors.join(', ')}`,
-        };
-    }
+    createDryRunFriggCommands(operationLog) {
+        // Create real commands (for read operations)
+        const realCommands = createAdminFriggCommands({
+            executionId: null, // Don't persist logs in dry-run
+            integrationFactory: this.integrationFactory,
+        });
 
-    /**
-     * Validate parameters against script's input schema
-     *
-     * @param {Object} definition - Script definition
-     * @param {Object} params - Input parameters
-     * @returns {Object} Validation result { valid, errors }
-     */
-    validateParams(definition, params) {
-        const errors = [];
-        const schema = definition.inputSchema;
+        // Wrap commands to intercept writes
+        const wrappedCommands = wrapAdminFriggCommandsForDryRun(realCommands, operationLog);
 
-        if (!schema) {
-            return { valid: true, errors: [] };
-        }
+        // Create dry-run HTTP client
+        const dryRunHttpClient = createDryRunHttpClient(operationLog);
 
-        // Check required fields
-        if (schema.required && Array.isArray(schema.required)) {
-            for (const field of schema.required) {
-                if (params[field] === undefined || params[field] === null) {
-                    errors.push(`Missing required parameter: ${field}`);
-                }
-            }
-        }
+        // Override instantiate to inject dry-run HTTP client
+        const originalInstantiate = wrappedCommands.instantiate.bind(wrappedCommands);
+        wrappedCommands.instantiate = async (integrationId) => {
+            const instance = await originalInstantiate(integrationId);
 
-        // Basic type validation for properties
-        if (schema.properties) {
-            for (const [key, prop] of Object.entries(schema.properties)) {
-                const value = params[key];
-                if (value !== undefined && value !== null) {
-                    const typeError = this.validateType(key, value, prop);
-                    if (typeError) {
-                        errors.push(typeError);
-                    }
-                }
-            }
-        }
+            // Inject dry-run HTTP client into the integration instance
+            injectDryRunHttpClient(instance, dryRunHttpClient);
 
-        return { valid: errors.length === 0, errors };
+            return instance;
+        };
+
+        return wrappedCommands;
     }
 
     /**
-     * Validate a single parameter type
+     * Summarize operations from dry-run log
+     *
+     * @param {Array} log - Operation log
+     * @returns {Object} Summary statistics
      */
-    validateType(key, value, schema) {
-        const expectedType = schema.type;
-        if (!expectedType) return null;
+    summarizeOperations(log) {
+        const summary = {
+            totalOperations: log.length,
+            databaseWrites: 0,
+            httpRequests: 0,
+            byOperation: {},
+            byModel: {},
+            byService: {},
+        };
 
-        const actualType = Array.isArray(value) ? 'array' : typeof value;
+        for (const op of log) {
+            // Count by operation type
+            const operation = op.operation || op.method || 'UNKNOWN';
+            summary.byOperation[operation] = (summary.byOperation[operation] || 0) + 1;
+
+            // Database operations
+            if (op.model) {
+                summary.databaseWrites++;
+                summary.byModel[op.model] = summary.byModel[op.model] || [];
+                summary.byModel[op.model].push({
+                    operation: op.operation,
+                    method: op.method,
+                    timestamp: op.timestamp,
+                });
+            }
 
-        if (expectedType === 'integer' && (typeof value !== 'number' || !Number.isInteger(value))) {
-            return `Parameter "${key}" must be an integer`;
-        }
-        if (expectedType === 'number' && typeof value !== 'number') {
-            return `Parameter "${key}" must be a number`;
-        }
-        if (expectedType === 'string' && typeof value !== 'string') {
-            return `Parameter "${key}" must be a string`;
-        }
-        if (expectedType === 'boolean' && typeof value !== 'boolean') {
-            return `Parameter "${key}" must be a boolean`;
-        }
-        if (expectedType === 'array' && !Array.isArray(value)) {
-            return `Parameter "${key}" must be an array`;
-        }
-        if (expectedType === 'object' && (typeof value !== 'object' || Array.isArray(value))) {
-            return `Parameter "${key}" must be an object`;
+            // HTTP requests
+            if (op.operation === 'HTTP_REQUEST') {
+                summary.httpRequests++;
+                const service = op.service || 'unknown';
+                summary.byService[service] = (summary.byService[service] || 0) + 1;
+            }
         }
 
-        return null;
+        return summary;
     }
 }
 

package/src/infrastructure/__tests__/admin-auth-middleware.test.js

@@ -1,17 +1,22 @@
-const { validateAdminApiKey } = require('../admin-auth-middleware');
+const { adminAuthMiddleware } = require('../admin-auth-middleware');
 
-describe('validateAdminApiKey', () => {
+// Mock the admin script commands
+jest.mock('@friggframework/core/application/commands/admin-script-commands', () => ({
+    createAdminScriptCommands: jest.fn(),
+}));
+
+const { createAdminScriptCommands } = require('@friggframework/core/application/commands/admin-script-commands');
+
+describe('adminAuthMiddleware', () => {
     let mockReq;
     let mockRes;
     let mockNext;
-    let originalEnv;
+    let mockCommands;
 
     beforeEach(() => {
-        originalEnv = process.env.ADMIN_API_KEY;
-        process.env.ADMIN_API_KEY = 'test-admin-key-123';
-
         mockReq = {
             headers: {},
+            ip: '127.0.0.1',
         };
 
         mockRes = {
@@ -20,66 +25,124 @@ describe('validateAdminApiKey', () => {
         };
 
         mockNext = jest.fn();
+
+        mockCommands = {
+            validateAdminApiKey: jest.fn(),
+        };
+
+        createAdminScriptCommands.mockReturnValue(mockCommands);
     });
 
     afterEach(() => {
-        if (originalEnv) {
-            process.env.ADMIN_API_KEY = originalEnv;
-        } else {
-            delete process.env.ADMIN_API_KEY;
-        }
         jest.clearAllMocks();
     });
 
-    describe('Environment configuration', () => {
-        it('should reject when ADMIN_API_KEY not configured', () => {
-            delete process.env.ADMIN_API_KEY;
-
-            validateAdminApiKey(mockReq, mockRes, mockNext);
+    describe('Authorization header validation', () => {
+        it('should reject request without Authorization header', async () => {
+            await adminAuthMiddleware(mockReq, mockRes, mockNext);
 
             expect(mockRes.status).toHaveBeenCalledWith(401);
             expect(mockRes.json).toHaveBeenCalledWith({
-                error: 'Unauthorized',
-                message: 'Admin API key not configured',
+                error: 'Missing or invalid Authorization header',
+                code: 'MISSING_AUTH',
             });
             expect(mockNext).not.toHaveBeenCalled();
         });
-    });
 
-    describe('Header validation', () => {
-        it('should reject request without x-frigg-admin-api-key header', () => {
-            validateAdminApiKey(mockReq, mockRes, mockNext);
+        it('should reject request with invalid Authorization format', async () => {
+            mockReq.headers.authorization = 'InvalidFormat key123';
+
+            await adminAuthMiddleware(mockReq, mockRes, mockNext);
 
             expect(mockRes.status).toHaveBeenCalledWith(401);
             expect(mockRes.json).toHaveBeenCalledWith({
-                error: 'Unauthorized',
-                message: 'x-frigg-admin-api-key header required',
+                error: 'Missing or invalid Authorization header',
+                code: 'MISSING_AUTH',
             });
             expect(mockNext).not.toHaveBeenCalled();
         });
     });
 
     describe('API key validation', () => {
-        it('should reject request with invalid API key', () => {
-            mockReq.headers['x-frigg-admin-api-key'] = 'invalid-key';
+        it('should reject request with invalid API key', async () => {
+            mockReq.headers.authorization = 'Bearer invalid-key';
+            mockCommands.validateAdminApiKey.mockResolvedValue({
+                error: 401,
+                reason: 'Invalid API key',
+                code: 'INVALID_API_KEY',
+            });
+
+            await adminAuthMiddleware(mockReq, mockRes, mockNext);
+
+            expect(mockCommands.validateAdminApiKey).toHaveBeenCalledWith('invalid-key');
+            expect(mockRes.status).toHaveBeenCalledWith(401);
+            expect(mockRes.json).toHaveBeenCalledWith({
+                error: 'Invalid API key',
+                code: 'INVALID_API_KEY',
+            });
+            expect(mockNext).not.toHaveBeenCalled();
+        });
 
-            validateAdminApiKey(mockReq, mockRes, mockNext);
+        it('should reject request with expired API key', async () => {
+            mockReq.headers.authorization = 'Bearer expired-key';
+            mockCommands.validateAdminApiKey.mockResolvedValue({
+                error: 401,
+                reason: 'API key has expired',
+                code: 'EXPIRED_API_KEY',
+            });
 
+            await adminAuthMiddleware(mockReq, mockRes, mockNext);
+
+            expect(mockCommands.validateAdminApiKey).toHaveBeenCalledWith('expired-key');
             expect(mockRes.status).toHaveBeenCalledWith(401);
             expect(mockRes.json).toHaveBeenCalledWith({
-                error: 'Unauthorized',
-                message: 'Invalid admin API key',
+                error: 'API key has expired',
+                code: 'EXPIRED_API_KEY',
             });
             expect(mockNext).not.toHaveBeenCalled();
         });
 
-        it('should accept request with valid API key', () => {
-            mockReq.headers['x-frigg-admin-api-key'] = 'test-admin-key-123';
+        it('should accept request with valid API key', async () => {
+            const validKey = 'valid-api-key-123';
+            mockReq.headers.authorization = `Bearer ${validKey}`;
+            mockCommands.validateAdminApiKey.mockResolvedValue({
+                valid: true,
+                apiKey: {
+                    id: 'key-id-1',
+                    name: 'test-key',
+                    keyLast4: 'e123',
+                },
+            });
 
-            validateAdminApiKey(mockReq, mockRes, mockNext);
+            await adminAuthMiddleware(mockReq, mockRes, mockNext);
 
+            expect(mockCommands.validateAdminApiKey).toHaveBeenCalledWith(validKey);
+            expect(mockReq.adminApiKey).toBeDefined();
+            expect(mockReq.adminApiKey.name).toBe('test-key');
+            expect(mockReq.adminAudit).toBeDefined();
+            expect(mockReq.adminAudit.apiKeyName).toBe('test-key');
+            expect(mockReq.adminAudit.apiKeyLast4).toBe('e123');
+            expect(mockReq.adminAudit.ipAddress).toBe('127.0.0.1');
             expect(mockNext).toHaveBeenCalled();
             expect(mockRes.status).not.toHaveBeenCalled();
         });
     });
+
+    describe('Error handling', () => {
+        it('should handle validation errors gracefully', async () => {
+            mockReq.headers.authorization = 'Bearer some-key';
+            mockCommands.validateAdminApiKey.mockRejectedValue(
+                new Error('Database error')
+            );
+
+            await adminAuthMiddleware(mockReq, mockRes, mockNext);
+
+            expect(mockRes.status).toHaveBeenCalledWith(500);
+            expect(mockRes.json).toHaveBeenCalledWith({
+                error: 'Authentication failed',
+                code: 'AUTH_ERROR',
+            });
+            expect(mockNext).not.toHaveBeenCalled();
+        });
+    });
 });

package/src/infrastructure/__tests__/admin-script-router.test.js

@@ -4,8 +4,13 @@ const { AdminScriptBase } = require('../../application/admin-script-base');
 
 // Mock dependencies
 jest.mock('../admin-auth-middleware', () => ({
-    validateAdminApiKey: (req, res, next) => {
-        // Mock auth - no audit trail with simplified auth
+    adminAuthMiddleware: (req, res, next) => {
+        // Mock auth - attach admin audit info
+        req.adminAudit = {
+            apiKeyName: 'test-key',
+            apiKeyLast4: '1234',
+            ipAddress: '127.0.0.1',
+        };
         next();
     },
 }));
@@ -54,8 +59,8 @@ describe('Admin Script Router', () => {
         };
 
         mockCommands = {
-            createAdminProcess: jest.fn(),
-            findAdminProcessById: jest.fn(),
+            createScriptExecution: jest.fn(),
+            findScriptExecutionById: jest.fn(),
             findRecentExecutions: jest.fn(),
         };
 
@@ -138,7 +143,7 @@ describe('Admin Script Router', () => {
         });
     });
 
-    describe('POST /admin/scripts/:scriptName', () => {
+    describe('POST /admin/scripts/:scriptName/execute', () => {
         it('should execute script synchronously', async () => {
             mockRunner.execute.mockResolvedValue({
                 executionId: 'exec-123',
@@ -149,7 +154,7 @@ describe('Admin Script Router', () => {
             });
 
             const response = await request(app)
-                .post('/admin/scripts/test-script')
+                .post('/admin/scripts/test-script/execute')
                 .send({
                     params: { foo: 'bar' },
                     mode: 'sync',
@@ -169,12 +174,12 @@ describe('Admin Script Router', () => {
         });
 
         it('should queue script for async execution', async () => {
-            mockCommands.createAdminProcess.mockResolvedValue({
+            mockCommands.createScriptExecution.mockResolvedValue({
                 id: 'exec-456',
             });
 
             const response = await request(app)
-                .post('/admin/scripts/test-script')
+                .post('/admin/scripts/test-script/execute')
                 .send({
                     params: { foo: 'bar' },
                     mode: 'async',
@@ -193,12 +198,12 @@ describe('Admin Script Router', () => {
         });
 
         it('should default to async mode', async () => {
-            mockCommands.createAdminProcess.mockResolvedValue({
+            mockCommands.createScriptExecution.mockResolvedValue({
                 id: 'exec-789',
             });
 
             const response = await request(app)
-                .post('/admin/scripts/test-script')
+                .post('/admin/scripts/test-script/execute')
                 .send({
                     params: { foo: 'bar' },
                 });
@@ -211,7 +216,7 @@ describe('Admin Script Router', () => {
             mockFactory.has.mockReturnValue(false);
 
             const response = await request(app)
-                .post('/admin/scripts/non-existent')
+                .post('/admin/scripts/non-existent/execute')
                 .send({
                     params: {},
                 });
@@ -221,15 +226,15 @@ describe('Admin Script Router', () => {
         });
     });
 
-    describe('GET /admin/scripts/:scriptName/executions/:executionId', () => {
+    describe('GET /admin/executions/:executionId', () => {
         it('should return execution details', async () => {
-            mockCommands.findAdminProcessById.mockResolvedValue({
+            mockCommands.findScriptExecutionById.mockResolvedValue({
                 id: 'exec-123',
                 scriptName: 'test-script',
                 status: 'COMPLETED',
             });
 
-            const response = await request(app).get('/admin/scripts/test-script/executions/exec-123');
+            const response = await request(app).get('/admin/executions/exec-123');
 
             expect(response.status).toBe(200);
             expect(response.body.id).toBe('exec-123');
@@ -237,14 +242,14 @@ describe('Admin Script Router', () => {
         });
 
         it('should return 404 for non-existent execution', async () => {
-            mockCommands.findAdminProcessById.mockResolvedValue({
+            mockCommands.findScriptExecutionById.mockResolvedValue({
                 error: 404,
                 reason: 'Execution not found',
                 code: 'EXECUTION_NOT_FOUND',
             });
 
             const response = await request(app).get(
-                '/admin/scripts/test-script/executions/non-existent'
+                '/admin/executions/non-existent'
             );
 
             expect(response.status).toBe(404);
@@ -252,28 +257,24 @@ describe('Admin Script Router', () => {
         });
     });
 
-    describe('GET /admin/scripts/:scriptName/executions', () => {
-        it('should list executions for specific script', async () => {
+    describe('GET /admin/executions', () => {
+        it('should list recent executions', async () => {
             mockCommands.findRecentExecutions.mockResolvedValue([
                 { id: 'exec-1', scriptName: 'test-script', status: 'COMPLETED' },
                 { id: 'exec-2', scriptName: 'test-script', status: 'RUNNING' },
             ]);
 
-            const response = await request(app).get('/admin/scripts/test-script/executions');
+            const response = await request(app).get('/admin/executions');
 
             expect(response.status).toBe(200);
             expect(response.body.executions).toHaveLength(2);
-            expect(mockCommands.findRecentExecutions).toHaveBeenCalledWith({
-                scriptName: 'test-script',
-                limit: 50,
-            });
         });
 
         it('should accept query parameters', async () => {
             mockCommands.findRecentExecutions.mockResolvedValue([]);
 
             await request(app).get(
-                '/admin/scripts/test-script/executions?status=COMPLETED&limit=10'
+                '/admin/executions?scriptName=test-script&status=COMPLETED&limit=10'
             );
 
             expect(mockCommands.findRecentExecutions).toHaveBeenCalledWith({