@friggframework/core 2.0.0--canary.400.545e7a8.0 → 2.0.0--canary.404.e9d4980.0

package/database/models/WebsocketConnection.js

@@ -8,11 +8,6 @@ const schema = new mongoose.Schema({
 // Add a static method to get active connections
 schema.statics.getActiveConnections = async function () {
     try {
-        // Return empty array if websockets are not configured
-        if (!process.env.WEBSOCKET_API_ENDPOINT) {
-            return [];
-        }
-
         const connections = await this.find({}, 'connectionId');
         return connections.map((conn) => ({
             connectionId: conn.connectionId,

package/handlers/routers/HEALTHCHECK.md

@@ -9,15 +9,14 @@ The Frigg service includes comprehensive healthcheck endpoints to monitor servic
 ### 1. Basic Health Check
 **GET** `/health`
 
-Simple health check endpoint that returns basic service information. No authentication required.
+Simple health check endpoint that returns basic service information. No authentication required. This endpoint is rate-limited at the API Gateway level.
 
 **Response:**
 ```json
 {
   "status": "ok",
   "timestamp": "2024-01-10T12:00:00.000Z",
-  "service": "frigg-core-api",
-  "version": "1.0.0"
+  "service": "frigg-core-api"
 }
 ```
 
@@ -29,22 +28,23 @@ Simple health check endpoint that returns basic service information. No authenti
 
 Comprehensive health check that tests all service components and dependencies.
 
+**Authentication Required:**
+- Header: `x-api-key: YOUR_API_KEY`
+- The API key must match the `HEALTH_API_KEY` environment variable
+
 **Response:**
 ```json
 {
   "service": "frigg-core-api",
-  "status": "healthy",  // "healthy", "degraded", or "unhealthy"
+  "status": "healthy",  // "healthy" or "unhealthy"
   "timestamp": "2024-01-10T12:00:00.000Z",
-  "version": "1.0.0",
-  "uptime": 3600,  // seconds
   "checks": {
     "database": {
       "status": "healthy",
       "state": "connected",
-      "type": "mongodb",
       "responseTime": 5  // milliseconds
     },
-    "external_apis": {
+    "externalApis": {
       "github": {
         "status": "healthy",
         "statusCode": 200,
@@ -68,13 +68,6 @@ Comprehensive health check that tests all service components and dependencies.
         "count": 5,
         "available": ["integration1", "integration2", "..."]
       }
-    },
-    "memory": {
-      "status": "healthy",
-      "rss": "150 MB",
-      "heapTotal": "100 MB",
-      "heapUsed": "80 MB",
-      "external": "20 MB"
     }
   },
   "responseTime": 250  // total endpoint response time in milliseconds
@@ -82,14 +75,18 @@ Comprehensive health check that tests all service components and dependencies.
 ```
 
 **Status Codes:**
-- `200 OK` - Service is healthy or degraded (but operational)
-- `503 Service Unavailable` - Service is unhealthy
+- `200 OK` - Service is healthy (all components operational)
+- `503 Service Unavailable` - Service is unhealthy (any component failure)
+- `401 Unauthorized` - Missing or invalid x-api-key header
 
 ### 3. Liveness Probe
 **GET** `/health/live`
 
 Kubernetes-style liveness probe. Returns whether the service process is alive.
 
+**Authentication Required:**
+- Header: `x-api-key: YOUR_API_KEY`
+
 **Response:**
 ```json
 {
@@ -106,6 +103,9 @@ Kubernetes-style liveness probe. Returns whether the service process is alive.
 
 Kubernetes-style readiness probe. Returns whether the service is ready to receive traffic.
 
+**Authentication Required:**
+- Header: `x-api-key: YOUR_API_KEY`
+
 **Response:**
 ```json
 {
@@ -125,35 +125,32 @@ Kubernetes-style readiness probe. Returns whether the service is ready to receiv
 ## Health Status Definitions
 
 - **healthy**: All components are functioning normally
-- **degraded**: Some non-critical components have issues, but core functionality is available
-- **unhealthy**: Critical components are failing, service cannot function properly
+- **unhealthy**: Any component is failing, service may not function properly
 
 ## Component Checks
 
 ### Database Connectivity
-- Checks MongoDB connection state
-- Performs ping test if connected
+- Checks database connection state
+- Performs ping test with 2-second timeout if connected
 - Reports connection state and response time
+- Database type is not exposed for security reasons
 
 ### External API Connectivity
 - Tests connectivity to external services (GitHub, npm registry)
 - Configurable timeout (default: 5 seconds)
 - Reports reachability and response times
+- Uses Promise.all for parallel checking
 
 ### Integration Status
 - Verifies available modules and integrations are loaded
 - Reports counts and lists of available components
 
-### Memory Usage
-- Reports current memory usage statistics
-- Includes RSS, heap, and external memory metrics
-
 ## Usage Examples
 
 ### Monitoring Systems
 Configure your monitoring system to poll `/health/detailed` every 30-60 seconds:
 ```bash
-curl https://your-frigg-instance.com/health/detailed
+curl -H "x-api-key: YOUR_API_KEY" https://your-frigg-instance.com/health/detailed
 ```
 
 ### Load Balancer Health Checks
@@ -168,6 +165,9 @@ livenessProbe:
   httpGet:
     path: /health/live
     port: 8080
+    httpHeaders:
+    - name: x-api-key
+      value: YOUR_API_KEY
   periodSeconds: 10
   timeoutSeconds: 5
 
@@ -175,6 +175,9 @@ readinessProbe:
   httpGet:
     path: /health/ready
     port: 8080
+    httpHeaders:
+    - name: x-api-key
+      value: YOUR_API_KEY
   initialDelaySeconds: 30
   periodSeconds: 10
 ```
@@ -192,20 +195,24 @@ const externalAPIs = [
 ```
 
 ### Adjusting Timeouts
-The default timeout for external API checks is 5 seconds. Adjust as needed:
+The default timeout for external API checks is 5 seconds. Database ping timeout is set to 2 seconds:
 ```javascript
 const checkExternalAPI = (url, timeout = 5000) => {
     // ...
 };
+
+await mongoose.connection.db.admin().ping({ maxTimeMS: 2000 });
 ```
 
 ## Best Practices
 
-1. **No Authentication**: Basic health endpoints should not require authentication to allow monitoring systems easy access
-2. **Fast Response**: Health checks should respond quickly (< 1 second)
-3. **Graceful Degradation**: Service can continue operating even if some non-critical components fail
-4. **Detailed Logging**: Failed health checks are logged for debugging
-5. **Version Information**: Always include version information for tracking deployments
+1. **Authentication**: Basic `/health` endpoint requires no authentication, but detailed endpoints require `x-api-key` header
+2. **Rate Limiting**: Configure rate limiting at the API Gateway level to prevent abuse
+3. **Fast Response**: Health checks should respond quickly (< 1 second)
+4. **Strict Status Codes**: Return 503 for any non-healthy state to ensure proper alerting
+5. **Detailed Logging**: Failed health checks are logged for debugging
+6. **Security**: No sensitive information (DB types, versions) exposed in responses
+7. **Lambda Considerations**: Uptime and memory metrics not included as they're not relevant in serverless
 
 ## Troubleshooting
 
@@ -216,15 +223,18 @@ const checkExternalAPI = (url, timeout = 5000) => {
 
 ### External API Failures
 - May indicate network issues or external service downtime
-- Service continues to operate but reports "degraded" status
-
-### Memory Issues
-- Monitor memory metrics over time
-- Consider increasing container/instance memory limits if consistently high
+- Service reports "unhealthy" status if any external API is unreachable
 
 ## Security Considerations
 
+- Basic health endpoint requires no authentication for monitoring compatibility
+- Detailed endpoints require `x-api-key` header authentication
 - Health endpoints do not expose sensitive information
 - Database connection strings and credentials are never included in responses
 - External API checks use read-only endpoints
-- Consider IP whitelisting for detailed health endpoints in production
+- Rate limiting should be configured at the API Gateway level
+- Consider IP whitelisting for health endpoints in production
+
+## Environment Variables
+
+- `HEALTH_API_KEY`: Required API key for accessing detailed health endpoints

package/handlers/routers/health.js

@@ -4,11 +4,28 @@ const https = require('https');
 const http = require('http');
 const { moduleFactory, integrationFactory } = require('./../backend-utils');
 const { createAppHandler } = require('./../app-handler-helpers');
-const { version } = require('../../package.json');
 
 const router = Router();
 
-// Utility function to check external API connectivity
+const validateApiKey = (req, res, next) => {
+    const apiKey = req.headers['x-api-key'];
+    
+    if (req.path === '/health') {
+        return next();
+    }
+    
+    if (!apiKey || apiKey !== process.env.HEALTH_API_KEY) {
+        return res.status(401).json({
+            status: 'error',
+            message: 'Unauthorized'
+        });
+    }
+    
+    next();
+};
+
+router.use(validateApiKey);
+
 const checkExternalAPI = (url, timeout = 5000) => {
     return new Promise((resolve) => {
         const protocol = url.startsWith('https:') ? https : http;
@@ -54,31 +71,25 @@ const checkExternalAPI = (url, timeout = 5000) => {
     });
 };
 
-// Simple health check - no authentication required
-router.get('/health', async (req, res) => {
+router.get('/health', async (_req, res) => {
     const status = {
         status: 'ok',
         timestamp: new Date().toISOString(),
-        service: 'frigg-core-api',
-        version
+        service: 'frigg-core-api'
     };
 
     res.status(200).json(status);
 });
 
-// Detailed health check with component status
-router.get('/health/detailed', async (req, res) => {
+router.get('/health/detailed', async (_req, res) => {
     const startTime = Date.now();
     const checks = {
         service: 'frigg-core-api',
         status: 'healthy',
         timestamp: new Date().toISOString(),
-        version,
-        uptime: process.uptime(),
         checks: {}
     };
 
-    // Check database connectivity
     try {
         const dbState = mongoose.connection.readyState;
         const dbStateMap = {
@@ -90,41 +101,45 @@ router.get('/health/detailed', async (req, res) => {
         
         checks.checks.database = {
             status: dbState === 1 ? 'healthy' : 'unhealthy',
-            state: dbStateMap[dbState],
-            type: 'mongodb'
+            state: dbStateMap[dbState]
         };
 
-        // If connected, check database responsiveness
         if (dbState === 1) {
             const pingStart = Date.now();
-            await mongoose.connection.db.admin().ping();
+            await mongoose.connection.db.admin().ping({ maxTimeMS: 2000 });
             checks.checks.database.responseTime = Date.now() - pingStart;
+        } else {
+            checks.status = 'unhealthy';
         }
     } catch (error) {
         checks.checks.database = {
             status: 'unhealthy',
-            error: error.message,
-            type: 'mongodb'
+            error: error.message
         };
-        checks.status = 'degraded';
+        checks.status = 'unhealthy';
     }
 
-    // Check external API connectivity (example endpoints)
     const externalAPIs = [
         { name: 'github', url: 'https://api.github.com/status' },
         { name: 'npm', url: 'https://registry.npmjs.org' }
     ];
 
-    checks.checks.external_apis = {};
+    checks.checks.externalApis = {};
     
-    for (const api of externalAPIs) {
-        checks.checks.external_apis[api.name] = await checkExternalAPI(api.url);
-        if (!checks.checks.external_apis[api.name].reachable) {
-            checks.status = 'degraded';
+    const apiChecks = await Promise.all(
+        externalAPIs.map(api => 
+            checkExternalAPI(api.url).then(result => ({ name: api.name, ...result }))
+        )
+    );
+    
+    apiChecks.forEach(result => {
+        const { name, ...checkResult } = result;
+        checks.checks.externalApis[name] = checkResult;
+        if (!checkResult.reachable) {
+            checks.status = 'unhealthy';
         }
-    }
+    });
 
-    // Check available integrations
     try {
         const availableModules = moduleFactory.getAll();
         const availableIntegrations = integrationFactory.getAll();
@@ -145,50 +160,33 @@ router.get('/health/detailed', async (req, res) => {
             status: 'unhealthy',
             error: error.message
         };
-        checks.status = 'degraded';
+        checks.status = 'unhealthy';
     }
 
-    // Memory usage
-    const memoryUsage = process.memoryUsage();
-    checks.checks.memory = {
-        status: 'healthy',
-        rss: Math.round(memoryUsage.rss / 1024 / 1024) + ' MB',
-        heapTotal: Math.round(memoryUsage.heapTotal / 1024 / 1024) + ' MB',
-        heapUsed: Math.round(memoryUsage.heapUsed / 1024 / 1024) + ' MB',
-        external: Math.round(memoryUsage.external / 1024 / 1024) + ' MB'
-    };
-
-    // Overall response time
     checks.responseTime = Date.now() - startTime;
 
-    // Set appropriate status code
-    const statusCode = checks.status === 'healthy' ? 200 : 
-                      checks.status === 'degraded' ? 200 : 503;
+    const statusCode = checks.status === 'healthy' ? 200 : 503;
 
     res.status(statusCode).json(checks);
 });
 
-// Liveness probe - for k8s/container orchestration
-router.get('/health/live', (req, res) => {
+router.get('/health/live', (_req, res) => {
     res.status(200).json({
         status: 'alive',
         timestamp: new Date().toISOString()
     });
 });
 
-// Readiness probe - checks if service is ready to receive traffic
-router.get('/health/ready', async (req, res) => {
+router.get('/health/ready', async (_req, res) => {
     const checks = {
         ready: true,
         timestamp: new Date().toISOString(),
         checks: {}
     };
 
-    // Check database is connected
     const dbState = mongoose.connection.readyState;
     checks.checks.database = dbState === 1;
     
-    // Check critical services are loaded
     try {
         const modules = moduleFactory.getAll();
         checks.checks.modules = Object.keys(modules).length > 0;
@@ -196,7 +194,6 @@ router.get('/health/ready', async (req, res) => {
         checks.checks.modules = false;
     }
 
-    // Determine overall readiness
     checks.ready = checks.checks.database && checks.checks.modules;
 
     const statusCode = checks.ready ? 200 : 503;

package/handlers/routers/health.test.js

@@ -1,10 +1,7 @@
-const request = require('supertest');
-const express = require('express');
-const { router } = require('./health');
-const mongoose = require('mongoose');
+process.env.HEALTH_API_KEY = 'test-api-key';
 
-// Mock mongoose connection
 jest.mock('mongoose', () => ({
+    set: jest.fn(),
     connection: {
         readyState: 1,
         db: {
@@ -15,7 +12,6 @@ jest.mock('mongoose', () => ({
     }
 }));
 
-// Mock backend-utils
 jest.mock('./../backend-utils', () => ({
     moduleFactory: {
         getAll: () => ({
@@ -31,106 +27,183 @@ jest.mock('./../backend-utils', () => ({
     }
 }));
 
-describe('Health Check Endpoints', () => {
-    let app;
+jest.mock('./../app-handler-helpers', () => ({
+    createAppHandler: jest.fn((name, router) => ({ name, router }))
+}));
+
+const { router } = require('./health');
+const mongoose = require('mongoose');
 
+const mockRequest = (path, headers = {}) => ({
+    path,
+    headers
+});
+
+const mockResponse = () => {
+    const res = {};
+    res.status = jest.fn().mockReturnValue(res);
+    res.json = jest.fn().mockReturnValue(res);
+    return res;
+};
+
+describe('Health Check Endpoints', () => {
     beforeEach(() => {
-        app = express();
-        app.use(router);
+        mongoose.connection.readyState = 1;
+    });
+
+    describe('Middleware - validateApiKey', () => {
+        it('should allow access to /health without authentication', async () => {
+            expect(true).toBe(true);
+        });
     });
 
     describe('GET /health', () => {
-        it('should return 200 with basic health status', async () => {
-            const response = await request(app)
-                .get('/health')
-                .expect(200);
-
-            expect(response.body).toHaveProperty('status', 'ok');
-            expect(response.body).toHaveProperty('timestamp');
-            expect(response.body).toHaveProperty('service', 'frigg-core-api');
-            expect(response.body).toHaveProperty('version');
+        it('should return basic health status', async () => {
+            const req = mockRequest('/health');
+            const res = mockResponse();
+
+            const routeHandler = router.stack.find(layer => 
+                layer.route && layer.route.path === '/health'
+            ).route.stack[0].handle;
+
+            await routeHandler(req, res);
+
+            expect(res.status).toHaveBeenCalledWith(200);
+            expect(res.json).toHaveBeenCalledWith({
+                status: 'ok',
+                timestamp: expect.any(String),
+                service: 'frigg-core-api'
+            });
         });
     });
 
     describe('GET /health/detailed', () => {
-        it('should return 200 with detailed health status when healthy', async () => {
-            const response = await request(app)
-                .get('/health/detailed')
-                .expect(200);
-
-            expect(response.body).toHaveProperty('status', 'healthy');
-            expect(response.body).toHaveProperty('checks');
-            expect(response.body.checks).toHaveProperty('database');
-            expect(response.body.checks).toHaveProperty('external_apis');
-            expect(response.body.checks).toHaveProperty('integrations');
-            expect(response.body.checks).toHaveProperty('memory');
-            expect(response.body).toHaveProperty('uptime');
-            expect(response.body).toHaveProperty('responseTime');
+        it('should return detailed health status when healthy', async () => {
+            const req = mockRequest('/health/detailed', { 'x-api-key': 'test-api-key' });
+            const res = mockResponse();
+
+            const originalPromiseAll = Promise.all;
+            Promise.all = jest.fn().mockResolvedValue([
+                { name: 'github', status: 'healthy', reachable: true, statusCode: 200, responseTime: 100 },
+                { name: 'npm', status: 'healthy', reachable: true, statusCode: 200, responseTime: 150 }
+            ]);
+
+            const routeHandler = router.stack.find(layer => 
+                layer.route && layer.route.path === '/health/detailed'
+            ).route.stack[0].handle;
+
+            await routeHandler(req, res);
+            
+            Promise.all = originalPromiseAll;
+
+            expect(res.status).toHaveBeenCalledWith(200);
+            expect(res.json).toHaveBeenCalledWith(expect.objectContaining({
+                status: 'healthy',
+                service: 'frigg-core-api',
+                timestamp: expect.any(String),
+                checks: expect.objectContaining({
+                    database: expect.objectContaining({
+                        status: 'healthy',
+                        state: 'connected'
+                    }),
+                    integrations: expect.objectContaining({
+                        status: 'healthy'
+                    })
+                }),
+                responseTime: expect.any(Number)
+            }));
+
+            const response = res.json.mock.calls[0][0];
+            expect(response).not.toHaveProperty('version');
+            expect(response).not.toHaveProperty('uptime');
+            expect(response.checks).not.toHaveProperty('memory');
+            expect(response.checks.database).not.toHaveProperty('type');
         });
 
-        it('should include database connectivity status', async () => {
-            const response = await request(app)
-                .get('/health/detailed')
-                .expect(200);
+        it('should return 503 when database is disconnected', async () => {
+            mongoose.connection.readyState = 0;
 
-            expect(response.body.checks.database).toHaveProperty('status', 'healthy');
-            expect(response.body.checks.database).toHaveProperty('state', 'connected');
-            expect(response.body.checks.database).toHaveProperty('type', 'mongodb');
-        });
+            const req = mockRequest('/health/detailed', { 'x-api-key': 'test-api-key' });
+            const res = mockResponse();
 
-        it('should include integration information', async () => {
-            const response = await request(app)
-                .get('/health/detailed')
-                .expect(200);
+            const originalPromiseAll = Promise.all;
+            Promise.all = jest.fn().mockResolvedValue([
+                { name: 'github', status: 'healthy', reachable: true, statusCode: 200, responseTime: 100 },
+                { name: 'npm', status: 'healthy', reachable: true, statusCode: 200, responseTime: 150 }
+            ]);
 
-            expect(response.body.checks.integrations).toHaveProperty('status', 'healthy');
-            expect(response.body.checks.integrations.modules).toHaveProperty('count', 2);
-            expect(response.body.checks.integrations.integrations).toHaveProperty('count', 2);
+            const routeHandler = router.stack.find(layer => 
+                layer.route && layer.route.path === '/health/detailed'
+            ).route.stack[0].handle;
+
+            await routeHandler(req, res);
+            
+            Promise.all = originalPromiseAll;
+
+            expect(res.status).toHaveBeenCalledWith(503);
+            expect(res.json).toHaveBeenCalledWith(expect.objectContaining({
+                status: 'unhealthy'
+            }));
         });
     });
 
     describe('GET /health/live', () => {
-        it('should return 200 for liveness check', async () => {
-            const response = await request(app)
-                .get('/health/live')
-                .expect(200);
+        it('should return alive status', async () => {
+            const req = mockRequest('/health/live', { 'x-api-key': 'test-api-key' });
+            const res = mockResponse();
+
+            const routeHandler = router.stack.find(layer => 
+                layer.route && layer.route.path === '/health/live'
+            ).route.stack[0].handle;
 
-            expect(response.body).toHaveProperty('status', 'alive');
-            expect(response.body).toHaveProperty('timestamp');
+            routeHandler(req, res);
+
+            expect(res.status).toHaveBeenCalledWith(200);
+            expect(res.json).toHaveBeenCalledWith({
+                status: 'alive',
+                timestamp: expect.any(String)
+            });
         });
     });
 
     describe('GET /health/ready', () => {
-        it('should return 200 when service is ready', async () => {
-            const response = await request(app)
-                .get('/health/ready')
-                .expect(200);
-
-            expect(response.body).toHaveProperty('ready', true);
-            expect(response.body).toHaveProperty('checks');
-            expect(response.body.checks).toHaveProperty('database', true);
-            expect(response.body.checks).toHaveProperty('modules', true);
+        it('should return ready when all checks pass', async () => {
+            const req = mockRequest('/health/ready', { 'x-api-key': 'test-api-key' });
+            const res = mockResponse();
+
+            const routeHandler = router.stack.find(layer => 
+                layer.route && layer.route.path === '/health/ready'
+            ).route.stack[0].handle;
+
+            await routeHandler(req, res);
+
+            expect(res.status).toHaveBeenCalledWith(200);
+            expect(res.json).toHaveBeenCalledWith({
+                ready: true,
+                timestamp: expect.any(String),
+                checks: {
+                    database: true,
+                    modules: true
+                }
+            });
         });
 
         it('should return 503 when database is not connected', async () => {
-            // Mock disconnected database
             mongoose.connection.readyState = 0;
 
-            const response = await request(app)
-                .get('/health/ready')
-                .expect(503);
+            const req = mockRequest('/health/ready', { 'x-api-key': 'test-api-key' });
+            const res = mockResponse();
 
-            expect(response.body).toHaveProperty('ready', false);
-            expect(response.body.checks).toHaveProperty('database', false);
-        });
-    });
-});
+            const routeHandler = router.stack.find(layer => 
+                layer.route && layer.route.path === '/health/ready'
+            ).route.stack[0].handle;
+
+            await routeHandler(req, res);
 
-// Test utility functions
-describe('Health Check Utilities', () => {
-    it('should handle external API timeouts gracefully', async () => {
-        // This would test the checkExternalAPI function
-        // In a real implementation, you might want to export this function
-        // for easier unit testing
+            expect(res.status).toHaveBeenCalledWith(503);
+            expect(res.json).toHaveBeenCalledWith(expect.objectContaining({
+                ready: false
+            }));
+        });
     });
 });

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@friggframework/core",
   "prettier": "@friggframework/prettier-config",
-  "version": "2.0.0--canary.400.545e7a8.0",
+  "version": "2.0.0--canary.404.e9d4980.0",
   "dependencies": {
     "@hapi/boom": "^10.0.1",
     "aws-sdk": "^2.1200.0",
@@ -22,9 +22,9 @@
     "uuid": "^9.0.1"
   },
   "devDependencies": {
-    "@friggframework/eslint-config": "2.0.0--canary.400.545e7a8.0",
-    "@friggframework/prettier-config": "2.0.0--canary.400.545e7a8.0",
-    "@friggframework/test": "2.0.0--canary.400.545e7a8.0",
+    "@friggframework/eslint-config": "2.0.0--canary.404.e9d4980.0",
+    "@friggframework/prettier-config": "2.0.0--canary.404.e9d4980.0",
+    "@friggframework/test": "2.0.0--canary.404.e9d4980.0",
     "@types/lodash": "4.17.15",
     "@typescript-eslint/eslint-plugin": "^8.0.0",
     "chai": "^4.3.6",
@@ -53,5 +53,5 @@
   },
   "homepage": "https://github.com/friggframework/frigg#readme",
   "description": "",
-  "gitHead": "545e7a8515036e6b093714e544b9494770b88c57"
+  "gitHead": "e9d4980828d7deda79e33dfbb2fed93cb6fef84d"
 }