@friggframework/admin-scripts 2.0.0--canary.517.f04156f.0 → 2.0.0--canary.517.300ded3.0

package/src/infrastructure/admin-auth-middleware.js

@@ -1,49 +1,11 @@
-const { createAdminScriptCommands } = require('@friggframework/core/application/commands/admin-script-commands');
-
 /**
  * Admin API Key Authentication Middleware
  *
- * Validates admin API keys for script endpoints.
- * Expects: Authorization: Bearer <api-key>
+ * Re-exports shared admin auth middleware from @friggframework/core.
+ * Uses simple ENV-based API key validation.
+ * Expects: x-frigg-admin-api-key header
  */
-async function adminAuthMiddleware(req, res, next) {
-    try {
-        const authHeader = req.headers.authorization;
-
-        if (!authHeader || !authHeader.startsWith('Bearer ')) {
-            return res.status(401).json({
-                error: 'Missing or invalid Authorization header',
-                code: 'MISSING_AUTH'
-            });
-        }
-
-        const apiKey = authHeader.substring(7); // Remove 'Bearer '
-        const commands = createAdminScriptCommands();
-        const result = await commands.validateAdminApiKey(apiKey);
-
-        if (result.error) {
-            return res.status(result.error).json({
-                error: result.reason,
-                code: result.code
-            });
-        }
-
-        // Attach validated key info to request for audit trail
-        req.adminApiKey = result.apiKey;
-        req.adminAudit = {
-            apiKeyName: result.apiKey.name,
-            apiKeyLast4: result.apiKey.keyLast4,
-            ipAddress: req.ip || req.connection?.remoteAddress || 'unknown'
-        };
 
-        next();
-    } catch (error) {
-        console.error('Admin auth middleware error:', error);
-        res.status(500).json({
-            error: 'Authentication failed',
-            code: 'AUTH_ERROR'
-        });
-    }
-}
+const { validateAdminApiKey } = require('@friggframework/core/handlers/middleware/admin-auth');
 
-module.exports = { adminAuthMiddleware };
+module.exports = { validateAdminApiKey };

package/src/infrastructure/admin-script-router.js

@@ -1,6 +1,6 @@
 const express = require('express');
 const serverless = require('serverless-http');
-const { adminAuthMiddleware } = require('./admin-auth-middleware');
+const { validateAdminApiKey } = require('./admin-auth-middleware');
 const { getScriptFactory } = require('../application/script-factory');
 const { createScriptRunner } = require('../application/script-runner');
 const { createAdminScriptCommands } = require('@friggframework/core/application/commands/admin-script-commands');
@@ -11,7 +11,7 @@ const { ScheduleManagementUseCase } = require('../application/schedule-managemen
 const router = express.Router();
 
 // Apply auth middleware to all admin routes
-router.use(adminAuthMiddleware);
+router.use(validateAdminApiKey);
 
 /**
  * Create ScheduleManagementUseCase instance
@@ -87,10 +87,10 @@ router.get('/scripts/:scriptName', async (req, res) => {
 });
 
 /**
- * POST /admin/scripts/:scriptName/execute
+ * POST /admin/scripts/:scriptName
  * Execute a script (sync, async, or dry-run)
  */
-router.post('/scripts/:scriptName/execute', async (req, res) => {
+router.post('/scripts/:scriptName', async (req, res) => {
     try {
         const { scriptName } = req.params;
         const { params = {}, mode = 'async', dryRun = false } = req.body;
@@ -110,7 +110,6 @@ router.post('/scripts/:scriptName/execute', async (req, res) => {
                 trigger: 'MANUAL',
                 mode: 'sync',
                 dryRun: true,
-                audit: req.adminAudit,
             });
             return res.json(result);
         }
@@ -121,20 +120,18 @@ router.post('/scripts/:scriptName/execute', async (req, res) => {
             const result = await runner.execute(scriptName, params, {
                 trigger: 'MANUAL',
                 mode: 'sync',
-                audit: req.adminAudit,
             });
             return res.json(result);
         }
 
         // Async execution - queue and return immediately
         const commands = createAdminScriptCommands();
-        const execution = await commands.createScriptExecution({
+        const execution = await commands.createAdminProcess({
             scriptName,
             scriptVersion: factory.get(scriptName).Definition.version,
             trigger: 'MANUAL',
             mode: 'async',
             input: params,
-            audit: req.adminAudit,
         });
 
         // Queue the execution
@@ -161,14 +158,14 @@ router.post('/scripts/:scriptName/execute', async (req, res) => {
 });
 
 /**
- * GET /admin/executions/:executionId
- * Get execution status
+ * GET /admin/scripts/:scriptName/executions/:executionId
+ * Get execution status for specific script
  */
-router.get('/executions/:executionId', async (req, res) => {
+router.get('/scripts/:scriptName/executions/:executionId', async (req, res) => {
     try {
         const { executionId } = req.params;
         const commands = createAdminScriptCommands();
-        const execution = await commands.findScriptExecutionById(executionId);
+        const execution = await commands.findAdminProcessById(executionId);
 
         if (execution.error) {
             return res.status(execution.error).json({
@@ -185,12 +182,13 @@ router.get('/executions/:executionId', async (req, res) => {
 });
 
 /**
- * GET /admin/executions
- * List recent executions
+ * GET /admin/scripts/:scriptName/executions
+ * List recent executions for specific script
  */
-router.get('/executions', async (req, res) => {
+router.get('/scripts/:scriptName/executions', async (req, res) => {
     try {
-        const { scriptName, status, limit = 50 } = req.query;
+        const { scriptName } = req.params;
+        const { status, limit = 50 } = req.query;
         const commands = createAdminScriptCommands();
 
         const executions = await commands.findRecentExecutions({

package/src/infrastructure/script-executor-handler.js

@@ -21,7 +21,7 @@ async function handler(event) {
 
             // If executionId provided (async from API), update existing record
             if (executionId) {
-                await commands.updateScriptExecutionStatus(executionId, 'RUNNING');
+                await commands.updateAdminProcessState(executionId, 'RUNNING');
             }
 
             const result = await runner.execute(scriptName, params, {
@@ -45,7 +45,7 @@ async function handler(event) {
             if (executionId) {
                 const commands = createAdminScriptCommands();
                 await commands
-                    .completeScriptExecution(executionId, {
+                    .completeAdminProcess(executionId, {
                         status: 'FAILED',
                         error: {
                             name: error.name,

package/src/application/__tests__/dry-run-http-interceptor.test.js

@@ -1,313 +0,0 @@
-const {
-    createDryRunHttpClient,
-    injectDryRunHttpClient,
-    sanitizeHeaders,
-    sanitizeData,
-    detectService,
-} = require('../dry-run-http-interceptor');
-
-describe('Dry-Run HTTP Interceptor', () => {
-    describe('sanitizeHeaders', () => {
-        test('should redact authorization headers', () => {
-            const headers = {
-                'Content-Type': 'application/json',
-                Authorization: 'Bearer secret-token',
-                'X-API-Key': 'api-key-123',
-                'User-Agent': 'frigg/1.0',
-            };
-
-            const sanitized = sanitizeHeaders(headers);
-
-            expect(sanitized['Content-Type']).toBe('application/json');
-            expect(sanitized['User-Agent']).toBe('frigg/1.0');
-            expect(sanitized.Authorization).toBe('[REDACTED]');
-            expect(sanitized['X-API-Key']).toBe('[REDACTED]');
-        });
-
-        test('should handle case variations', () => {
-            const headers = {
-                authorization: 'Bearer token',
-                Authorization: 'Bearer token',
-                'x-api-key': 'key1',
-                'X-API-Key': 'key2',
-            };
-
-            const sanitized = sanitizeHeaders(headers);
-
-            expect(sanitized.authorization).toBe('[REDACTED]');
-            expect(sanitized.Authorization).toBe('[REDACTED]');
-            expect(sanitized['x-api-key']).toBe('[REDACTED]');
-            expect(sanitized['X-API-Key']).toBe('[REDACTED]');
-        });
-
-        test('should handle null/undefined', () => {
-            expect(sanitizeHeaders(null)).toEqual({});
-            expect(sanitizeHeaders(undefined)).toEqual({});
-            expect(sanitizeHeaders({})).toEqual({});
-        });
-    });
-
-    describe('detectService', () => {
-        test('should detect CRM services', () => {
-            expect(detectService('https://api.hubapi.com')).toBe('HubSpot');
-            expect(detectService('https://login.salesforce.com')).toBe('Salesforce');
-            expect(detectService('https://api.pipedrive.com')).toBe('Pipedrive');
-            expect(detectService('https://api.attio.com')).toBe('Attio');
-        });
-
-        test('should detect communication services', () => {
-            expect(detectService('https://slack.com/api')).toBe('Slack');
-            expect(detectService('https://discord.com/api')).toBe('Discord');
-            expect(detectService('https://graph.teams.microsoft.com')).toBe('Microsoft Teams');
-        });
-
-        test('should detect project management tools', () => {
-            expect(detectService('https://app.asana.com/api')).toBe('Asana');
-            expect(detectService('https://api.monday.com')).toBe('Monday.com');
-            expect(detectService('https://api.trello.com')).toBe('Trello');
-        });
-
-        test('should return unknown for unrecognized services', () => {
-            expect(detectService('https://example.com/api')).toBe('unknown');
-            expect(detectService(null)).toBe('unknown');
-            expect(detectService(undefined)).toBe('unknown');
-        });
-
-        test('should be case insensitive', () => {
-            expect(detectService('HTTPS://API.HUBSPOT.COM')).toBe('HubSpot');
-            expect(detectService('https://API.SLACK.COM')).toBe('Slack');
-        });
-    });
-
-    describe('sanitizeData', () => {
-        test('should redact sensitive fields', () => {
-            const data = {
-                name: 'Test User',
-                email: 'test@example.com',
-                password: 'secret123',
-                apiToken: 'token-abc',
-                authKey: 'key-xyz',
-            };
-
-            const sanitized = sanitizeData(data);
-
-            expect(sanitized.name).toBe('Test User');
-            expect(sanitized.email).toBe('test@example.com');
-            expect(sanitized.password).toBe('[REDACTED]');
-            expect(sanitized.apiToken).toBe('[REDACTED]');
-            expect(sanitized.authKey).toBe('[REDACTED]');
-        });
-
-        test('should handle nested objects', () => {
-            const data = {
-                user: {
-                    name: 'Test',
-                    credentials: {
-                        password: 'secret',
-                        token: 'abc123',
-                    },
-                },
-            };
-
-            const sanitized = sanitizeData(data);
-
-            expect(sanitized.user.name).toBe('Test');
-            expect(sanitized.user.credentials.password).toBe('[REDACTED]');
-            expect(sanitized.user.credentials.token).toBe('[REDACTED]');
-        });
-
-        test('should handle arrays', () => {
-            const data = [
-                { id: '1', password: 'secret1' },
-                { id: '2', apiKey: 'key2' },
-            ];
-
-            const sanitized = sanitizeData(data);
-
-            expect(sanitized[0].id).toBe('1');
-            expect(sanitized[0].password).toBe('[REDACTED]');
-            expect(sanitized[1].apiKey).toBe('[REDACTED]');
-        });
-
-        test('should preserve primitives', () => {
-            expect(sanitizeData('string')).toBe('string');
-            expect(sanitizeData(123)).toBe(123);
-            expect(sanitizeData(true)).toBe(true);
-            expect(sanitizeData(null)).toBe(null);
-            expect(sanitizeData(undefined)).toBe(undefined);
-        });
-    });
-
-    describe('createDryRunHttpClient', () => {
-        let operationLog;
-
-        beforeEach(() => {
-            operationLog = [];
-        });
-
-        test('should log GET requests', async () => {
-            const client = createDryRunHttpClient(operationLog);
-
-            const response = await client.get('/contacts', {
-                baseURL: 'https://api.hubapi.com',
-                headers: { Authorization: 'Bearer token' },
-            });
-
-            expect(operationLog).toHaveLength(1);
-            expect(operationLog[0]).toMatchObject({
-                operation: 'HTTP_REQUEST',
-                method: 'GET',
-                url: 'https://api.hubapi.com/contacts',
-                service: 'HubSpot',
-            });
-
-            expect(operationLog[0].headers.Authorization).toBe('[REDACTED]');
-            expect(response.data._dryRun).toBe(true);
-        });
-
-        test('should log POST requests with data', async () => {
-            const client = createDryRunHttpClient(operationLog);
-
-            const postData = {
-                name: 'John Doe',
-                email: 'john@example.com',
-                password: 'secret123',
-            };
-
-            await client.post('/users', postData, {
-                baseURL: 'https://api.example.com',
-            });
-
-            expect(operationLog).toHaveLength(1);
-            expect(operationLog[0].method).toBe('POST');
-            expect(operationLog[0].data.name).toBe('John Doe');
-            expect(operationLog[0].data.email).toBe('john@example.com');
-            expect(operationLog[0].data.password).toBe('[REDACTED]');
-        });
-
-        test('should log PUT requests', async () => {
-            const client = createDryRunHttpClient(operationLog);
-
-            await client.put('/users/123', { status: 'active' }, {
-                baseURL: 'https://api.example.com',
-            });
-
-            expect(operationLog).toHaveLength(1);
-            expect(operationLog[0].method).toBe('PUT');
-            expect(operationLog[0].data.status).toBe('active');
-        });
-
-        test('should log PATCH requests', async () => {
-            const client = createDryRunHttpClient(operationLog);
-
-            await client.patch('/users/123', { name: 'Updated' });
-
-            expect(operationLog).toHaveLength(1);
-            expect(operationLog[0].method).toBe('PATCH');
-        });
-
-        test('should log DELETE requests', async () => {
-            const client = createDryRunHttpClient(operationLog);
-
-            await client.delete('/users/123', {
-                baseURL: 'https://api.example.com',
-            });
-
-            expect(operationLog).toHaveLength(1);
-            expect(operationLog[0].method).toBe('DELETE');
-        });
-
-        test('should return mock response', async () => {
-            const client = createDryRunHttpClient(operationLog);
-
-            const response = await client.get('/test');
-
-            expect(response.status).toBe(200);
-            expect(response.statusText).toContain('Dry-Run');
-            expect(response.data._dryRun).toBe(true);
-            expect(response.headers['x-dry-run']).toBe('true');
-        });
-
-        test('should include query params in log', async () => {
-            const client = createDryRunHttpClient(operationLog);
-
-            await client.get('/search', {
-                baseURL: 'https://api.example.com',
-                params: { q: 'test', limit: 10 },
-            });
-
-            expect(operationLog[0].params).toEqual({ q: 'test', limit: 10 });
-        });
-    });
-
-    describe('injectDryRunHttpClient', () => {
-        let operationLog;
-        let dryRunClient;
-
-        beforeEach(() => {
-            operationLog = [];
-            dryRunClient = createDryRunHttpClient(operationLog);
-        });
-
-        test('should inject into primary API module', () => {
-            const integrationInstance = {
-                primary: {
-                    api: {
-                        _httpClient: { get: jest.fn() },
-                    },
-                },
-            };
-
-            injectDryRunHttpClient(integrationInstance, dryRunClient);
-
-            expect(integrationInstance.primary.api._httpClient).toBe(dryRunClient);
-        });
-
-        test('should inject into target API module', () => {
-            const integrationInstance = {
-                target: {
-                    api: {
-                        _httpClient: { get: jest.fn() },
-                    },
-                },
-            };
-
-            injectDryRunHttpClient(integrationInstance, dryRunClient);
-
-            expect(integrationInstance.target.api._httpClient).toBe(dryRunClient);
-        });
-
-        test('should inject into both primary and target', () => {
-            const integrationInstance = {
-                primary: {
-                    api: { _httpClient: { get: jest.fn() } },
-                },
-                target: {
-                    api: { _httpClient: { get: jest.fn() } },
-                },
-            };
-
-            injectDryRunHttpClient(integrationInstance, dryRunClient);
-
-            expect(integrationInstance.primary.api._httpClient).toBe(dryRunClient);
-            expect(integrationInstance.target.api._httpClient).toBe(dryRunClient);
-        });
-
-        test('should handle missing api modules gracefully', () => {
-            const integrationInstance = {
-                primary: {},
-                target: null,
-            };
-
-            expect(() => {
-                injectDryRunHttpClient(integrationInstance, dryRunClient);
-            }).not.toThrow();
-        });
-
-        test('should handle null integration instance', () => {
-            expect(() => {
-                injectDryRunHttpClient(null, dryRunClient);
-            }).not.toThrow();
-        });
-    });
-});