npm - @http-forge/core - Versions diffs - 0.2.9 → 0.2.11 - Mend

@http-forge/core 0.2.9 → 0.2.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +24 -117
package/dist/index.js +166 -166
package/dist/index.mjs +166 -166
package/dist/infrastructure/script/script-executor.d.ts +8 -0
package/dist/infrastructure/test-suite/interfaces.d.ts +5 -1
package/dist/infrastructure/test-suite/test-suite-service.d.ts +8 -0
package/dist/infrastructure/test-suite/test-suite-store.d.ts +64 -7
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -13,15 +13,14 @@
 - 🚀 **Postman Collections** - Load and execute `.postman_collection.json` and `.forge.json` files
 - 📝 **JavaScript Scripting** - Pre-request and post-response scripts with full `pm.*` API (variables, assertions, execution flow, visualizer)
 - 🔄 **Dynamic Variables** - Built-in generators: `{{$randomInt}}`, `{{$timestamp}}`, `{{$uuid}}`, `{{$guid}}`, etc.
-- 🌍 **Environments** - Full variable scoping (globals, collection, environment, iterationData) with Postman-compatible cascade
+- 🌍 **Environments** - Full variable scoping (globals, collection, environment, session, iterationData)
 - 👁️ **File Watching** - Automatic reload on collection/environment file changes with notification callbacks
 - 🍪 **Cookie Persistence** - Automatic cookie storage and reuse, `pm.cookies.jar()` and `.toObject()`
 - 📊 **Test Assertions** - BDD-style testing with `pm.test()` (sync/async) and full Chai `expect()` chains
 - 🔐 **CryptoJS** - Full crypto library: hash, HMAC, AES/DES/TripleDES, PBKDF2, encoding helpers
 - 🎯 **Execution Flow** - `pm.setNextRequest()`, `pm.execution.skipRequest()` for suite runner flow control
 - 📈 **Visualizer** - `pm.visualizer.set(template, data)` for custom Handlebars-based HTML output
-- �️ **Sensitive Data Redaction** - Auto-redacts tokens, passwords, secrets from persisted history/result files
-- �🔌 **Extensible** - Custom interceptors, HTTP clients, and module loaders
+- 🔌 **Extensible** - Custom interceptors, HTTP clients, and module loaders
 **Ideal for:**
 - CI/CD pipeline integration (GitHub Actions, GitLab CI, Jenkins)
@@ -79,25 +78,6 @@ forge.setEnvironment({
 const result = await forge.execute(request, collection);
 ```
-### URL Path Parameters
-If your request URL uses Express-style route parameters, provide values using the request `params` field.
-```typescript
-const request = {
-    name: 'Redirect Test',
-    method: 'GET',
-    url: '{{baseUrl}}/redirect/:redirectNumber',
-    params: {
-        redirectNumber: '3'
-    }
-};
-const result = await forge.execute(request, collection);
-```
-The engine will substitute `:redirectNumber` before execution, while still resolving environment variables and dynamic template expressions.
 ### With Custom Configuration
 ```typescript
@@ -237,6 +217,14 @@ const data = pm.response.json();
 pm.environment.set('userId', data.id);
 pm.environment.set('authToken', data.token);
+// Store non-string values (auto-serialized)
+pm.environment.set('userList', data.users);     // Array → JSON string
+pm.environment.set('config', { retries: 3 });   // Object → JSON string
+// get() auto-deserializes back
+const users = pm.environment.get('userList');    // → Array
+const config = pm.environment.get('config');     // → Object
 // Store cookies from response
 if (pm.response.headers.has('Set-Cookie')) {
     pm.cookies.set('authCookie', data.authCookie);
@@ -380,47 +368,6 @@ const entries = history.getAll();         // All requests
 const byId = history.getByRequestId(id);  // Specific request history
 ```
-### 🛡️ Sensitive Data Redaction
-History and result files automatically redact sensitive data before writing to disk. This prevents tokens, passwords, and credentials from being persisted in plaintext.
-```typescript
-import {
-    redactHeaders, redactUrl, redactBody,
-    redactHistoryEntry, redactFullResponse, redactFullResultDetails
-} from '@http-forge/core';
-// Redact sensitive headers
-redactHeaders({ 'Authorization': 'Bearer eyJ...', 'Content-Type': 'application/json' });
-// → { 'Authorization': '***', 'Content-Type': 'application/json' }
-// Any header containing 'token', 'cookie', 'secret' is redacted
-redactHeaders({ 'avs-token': 'abc123', 'telus-access-token-cookie': 'xyz' });
-// → { 'avs-token': '***', 'telus-access-token-cookie': '***' }
-// Redact sensitive URL query params
-redactUrl('https://api.example.com/auth?client_secret=abc&scope=read');
-// → 'https://api.example.com/auth?client_secret=***&scope=read'
-// Redact sensitive JSON body fields (recursive)
-redactBody({ user: 'admin', password: 'hunter2', data: { api_token: 'xyz' } });
-// → { user: 'admin', password: '***', data: { api_token: '***' } }
-// Redact URL-encoded form bodies
-redactBody('username=admin&password=secret&grant_type=password');
-// → 'username=admin&password=***&grant_type=***'
-```
-**Auto-detected patterns:**
-- **Headers**: `authorization`, `proxy-authorization`, `www-authenticate`, and any header containing `token`, `cookie`, `secret`, `credential`, `api-key`, `bearer`, `session-id`
-- **Fields/Params**: Any name containing `password`, `passwd`, `pwd`, `token`, `cookie`, `secret`, `credential`, `api_key`, `access_token`, `refresh_token`, `client_secret`, `private_key`, `auth_code`, `bearer`, `session_id`, `jwt`
-**Integration points:**
-- `RequestHistoryService.addEntry()` — redacts `sentRequest` (headers, body, URL) before saving
-- `RequestHistoryService.saveFullResponse()` — redacts response headers and cookies
-- `ResultStorageService.saveResult()` — redacts request/response headers and body in suite results
-- `originalConfig` (unresolved `{{variable}}` templates) is never redacted — only resolved values
 ## 📖 API Reference
 ### ForgeContainer
@@ -528,23 +475,14 @@ interface KeyValueEntry {
     format?: string;               // Semantic hint (e.g. "uuid", "date-time")
     enum?: string[];               // Allowed values
     deprecated?: boolean;
-    // Extended constraint fields for full OpenAPI 3.0 round-trip
-    // String constraints
+    // Extended constraint fields for full OpenAPI round-trip
     pattern?: string;              // Regex validation pattern
-    minLength?: number;
-    maxLength?: number;
-    // Numeric constraints (integer / number)
     minimum?: number;
     maximum?: number;
-    exclusiveMinimum?: boolean;    // OpenAPI 3.0: boolean modifier on minimum (strict >)
-    exclusiveMaximum?: boolean;    // OpenAPI 3.0: boolean modifier on maximum (strict <)
-    multipleOf?: number;
-    // Array constraints
-    minItems?: number;
-    maxItems?: number;
-    uniqueItems?: boolean;
-    // Common
-    nullable?: boolean;
+    exclusiveMinimum?: number;
+    exclusiveMaximum?: number;
+    minLength?: number;
+    maxLength?: number;
     oneOf?: Array<Record<string, any>>; // Merged constraint variants
 }
 ```
@@ -561,22 +499,13 @@ interface PathParamEntry {
     format?: string;
     enum?: string[];
     deprecated?: boolean;
-    // String constraints
     pattern?: string;
-    minLength?: number;
-    maxLength?: number;
-    // Numeric constraints
     minimum?: number;
     maximum?: number;
-    exclusiveMinimum?: boolean;    // OpenAPI 3.0: boolean modifier (strict >)
-    exclusiveMaximum?: boolean;    // OpenAPI 3.0: boolean modifier (strict <)
-    multipleOf?: number;
-    // Array constraints
-    minItems?: number;
-    maxItems?: number;
-    uniqueItems?: boolean;
-    // Common
-    nullable?: boolean;
+    exclusiveMinimum?: number;
+    exclusiveMaximum?: number;
+    minLength?: number;
+    maxLength?: number;
     oneOf?: Array<Record<string, any>>;
 }
 ```
@@ -587,20 +516,15 @@ The core library includes full OpenAPI 3.0.3 import and export with constraint p
 **Import** (`OpenApiImporter`):
 - Parses OpenAPI 3.0 YAML/JSON specs into `UnifiedCollection`
-- Extracts all parameter schema constraints: `type`, `format`, `pattern`, `enum`, `minimum`, `maximum`, `exclusiveMinimum`, `exclusiveMaximum` (booleans), `multipleOf`, `minLength`, `maxLength`, `minItems`, `maxItems`, `uniqueItems`, `nullable`
+- Extracts all parameter schema constraints (`pattern`, `minimum`, `maximum`, `exclusiveMinimum`, `exclusiveMaximum`, `minLength`, `maxLength`, `enum`, `format`)
 - Preserves `oneOf` schemas from merged parameters, deriving combined enum hints for UI display
-- Sets `hasMetadata` flag when any constraint or description field is present
 **Export** (`OpenApiExporter`):
 - Generates OpenAPI 3.0.3 specs from collections
-- `exclusiveMinimum`/`exclusiveMaximum` exported as booleans (OpenAPI 3.0 semantics)
-- **Collision-aware merging** via `mergeParameterSchema()`: When multiple requests normalize to the same path + HTTP method, they are merged into a single operation:
+- **Collision-aware merging**: When multiple requests normalize to the same path + HTTP method, they are merged into a single operation:
   - Descriptions are appended, tags are unioned
-  - **Existing has `oneOf`** → incoming constraints appended as a new variant
-  - **Incoming has `oneOf`** → existing schema wrapped as single variant, incoming variants flattened in
-  - **Both simple, same constraint kind** (both enum, both pattern, etc.) → merged in-place (union enum values, widen numeric ranges, alternation-join patterns)
-  - **Both simple, different constraint kinds** → wrapped in `oneOf` — each variant keeps its self-consistent schema
-  - `stripConstraints()` called after **all** merge branches to prevent stale fields (e.g. `enum`) leaking alongside `oneOf`
+  - Parameters with the **same constraint kind** (both enum, both pattern, etc.) are merged in-place (union enum values, widen numeric ranges, alternation-join patterns)
+  - Parameters with **different constraint kinds** are wrapped in `oneOf` — each variant keeps its self-consistent schema
 - All constraint fields round-trip without data loss
 ## 🛠️ Use Cases
@@ -795,23 +719,6 @@ MIT © Henry Huang
 ## 📝 Changelog
-### 0.2.7 (Session Scope Removal & Postman Parity)
-- ✅ **Session scope removed** — The separate "session" variable scope has been removed. `pm.environment.set()` now persists to workspace state (matching Postman's behavior). Variable resolution uses a Postman-compatible 5-scope cascade: `variables > iterationData > environmentVariables > collectionVariables > globals`.
-- ✅ **Request preparer extraVariables fix** — All request resolutions (params, query, headers, bearer auth, basic auth, API key) now use `extraVariables`. Previously only body and URL used them.
-- ✅ **Exported `ResolvedEnvironment` type** — Now part of the public API for downstream consumers.
-### 0.2.6 (Sensitive Data Redaction & Variable Propagation Fix)
-- ✅ **Sensitive data redaction** — History files, shared history, suite test results, and full response files automatically redact sensitive data before persisting to disk:
-  - Headers matching `authorization`, `proxy-authorization`, or containing `token`, `cookie`, `secret`, `credential`, `api-key`, `bearer`, `session-id`
-  - URL query params and JSON/form body fields matching `password`, `token`, `secret`, `api_key`, `client_secret`, `private_key`, `auth_code`, `jwt`, etc.
-  - Response `Set-Cookie` headers and cookies with sensitive names
-  - Unresolved `{{variable}}` templates in `originalConfig` are preserved — only resolved values redacted
-  - Exported functions: `redactHeaders()`, `redactUrl()`, `redactBody()`, `redactHistoryEntry()`, `redactFullResponse()`, `redactFullResultDetails()`
-- ✅ **Fixed `pm.environment.set()` propagation** — Post-response script `pm.environment.set()` now correctly propagates to `{{variable}}` resolution in subsequent collection runner requests. The session now uses live scope references instead of a disconnected snapshot.
-- ✅ **Cookie jar flush in collection runner** — `flush()` is now called in the `finally` block ensuring script-set cookies persist to the shared session store after a run completes.
 ### 0.2.5 (OpenAPI Constraint Round-Trip & Collision Merging)
 - ✅ **Full parameter constraint round-trip** — OpenAPI import/export now preserves all schema constraint fields: `pattern`, `minimum`, `maximum`, `exclusiveMinimum`, `exclusiveMaximum`, `minLength`, `maxLength`, and `oneOf` on both `KeyValueEntry` and `PathParamEntry`
@@ -850,7 +757,7 @@ MIT © Henry Huang
 - ✅ **Core request execution** with Postman collection support
 - ✅ **Dynamic variables** - 7 generators for on-the-fly value generation
 - ✅ **Postman-compatible scripting** - `pm.*` API with full feature parity
-- ✅ **Variable scoping** - globals, collection, environment, workspace-state persistence for `pm.environment.set()`
+- ✅ **Variable scoping** - globals, collection, environment, session, flow-level
 - ✅ **Cookie persistence** - automatic storage and reuse across request chains
 - ✅ **Pre-request & post-response scripts** with shared VM context
 - ✅ **Test assertions** with BDD-style `pm.test()` and expect chains