@icyouo/evt-cli 0.1.0 → 0.1.1

package/src/config/serviceScanner.js

@@ -97,6 +97,7 @@ function normalizeConfig(config, baseDir = repoRoot) {
   return {
     ...config,
     root,
+    apiDir: config.apiDir ? path.resolve(baseDir, config.apiDir) : undefined,
     targets: (config.targets || []).map((target) => ({ ...target }))
   };
 }
@@ -375,37 +376,85 @@ function normalizeSkillEndpoint(rawEndpoint, target, config) {
 }
 
 function scanSkillTarget(config, target) {
-  if (!target.command) {
+  const resolvedTarget = resolveSkillTarget(target);
+  if (!resolvedTarget.command) {
     throw new Error("Skill scanner target must define command");
   }
-  const cwd = target.cwd ? path.resolve(config.root, target.cwd) : config.root;
-  const result = spawnSync(target.command, (target.args || []).map(String), {
+  const cwd = resolvedTarget.cwd ? path.resolve(config.root, resolvedTarget.cwd) : config.root;
+  const result = spawnSync(resolvedTarget.command, (resolvedTarget.args || []).map(String), {
     cwd,
     encoding: "utf8",
     shell: false,
     env: {
       ...process.env,
-      ...(target.env || {})
+      EVT_SCAN_ROOT: config.root,
+      ...(resolvedTarget.env || {})
     },
-    maxBuffer: target.maxBuffer || 10 * 1024 * 1024
+    maxBuffer: resolvedTarget.maxBuffer || 10 * 1024 * 1024
   });
 
   if (result.error) {
-    throw new Error(`Skill scanner ${target.name || target.command} failed: ${result.error.message}`);
+    throw new Error(`Skill scanner ${resolvedTarget.name || resolvedTarget.command} failed: ${result.error.message}`);
   }
   if (result.status !== 0) {
     const stderr = String(result.stderr || "").trim();
-    throw new Error(`Skill scanner ${target.name || target.command} exited with ${result.status}${stderr ? `: ${stderr}` : ""}`);
+    throw new Error(`Skill scanner ${resolvedTarget.name || resolvedTarget.command} exited with ${result.status}${stderr ? `: ${stderr}` : ""}`);
   }
 
-  return parseSkillOutput(result.stdout, target)
-    .map((endpoint) => normalizeSkillEndpoint(endpoint, target, config));
+  return parseSkillOutput(result.stdout, resolvedTarget)
+    .map((endpoint) => normalizeSkillEndpoint(endpoint, resolvedTarget, config));
+}
+
+function resolveSkillTarget(target) {
+  if (!target.skill) return target;
+  if (target.skill !== "evt-api-scanner") return target;
+  return {
+    ...target,
+    name: target.name || "evt-api-scanner",
+    command: process.execPath,
+    args: target.args || [
+      path.join(cliRoot, "skills", "evt-api-scanner", "scripts", "scan.js"),
+      "--root",
+      "."
+    ]
+  };
+}
+
+function splitTargets(targets) {
+  const skillTargets = [];
+  const fallbackTargets = [];
+  for (const target of targets || []) {
+    if (isSkillTarget(target)) {
+      skillTargets.push(target);
+    } else {
+      fallbackTargets.push(target);
+    }
+  }
+  return { skillTargets, fallbackTargets };
+}
+
+function scanTargets(config, targets) {
+  return targets.flatMap((target) => scanTarget(config, target));
 }
 
 function scanServices(options = {}) {
   const config = loadScanConfig(options);
   if (!config.targets || config.targets.length === 0) return [];
-  return config.targets.flatMap((target) => scanTarget(config, target));
+  if (options.preferFallback) {
+    return scanTargets(config, config.targets.filter((target) => !isSkillTarget(target)));
+  }
+
+  const { skillTargets, fallbackTargets } = splitTargets(config.targets);
+  if (skillTargets.length === 0) {
+    return scanTargets(config, fallbackTargets);
+  }
+  try {
+    const skillEndpoints = scanTargets(config, skillTargets);
+    if (skillEndpoints.length > 0 || fallbackTargets.length === 0) return skillEndpoints;
+  } catch (error) {
+    if (fallbackTargets.length === 0 || options.strictSkill) throw error;
+  }
+  return scanTargets(config, fallbackTargets);
 }
 
 function compareScanToRegistry(scanned, registry) {
@@ -422,5 +471,6 @@ module.exports = {
   loadScanConfig,
   defaultScanConfig,
   parseCliScanOptions,
+  resolveSkillTarget,
   repoRoot
 };

package/src/index.js

@@ -1,7 +1,9 @@
+const path = require("node:path");
+const { spawnSync } = require("node:child_process");
 const { parseArgs } = require("./util/args");
 const { parseJsonObject, stableJson } = require("./util/json");
 const { redact } = require("./util/redact");
-const { setConfigRoot } = require("./util/paths");
+const { cliRoot, setConfigRoot } = require("./util/paths");
 const {
   listApiFiles,
   listProfiles,
@@ -16,6 +18,8 @@ const { runFlow } = require("./flow/runner");
 const { toCurl } = require("./http/requestBuilder");
 const { compareScanToRegistry, scanServices } = require("./config/serviceScanner");
 const { runLiveApiTest } = require("./api/liveTester");
+const { runSyncApiCoverage } = require("../scripts/sync-api-coverage");
+const { runApiCoverage } = require("../scripts/check-api-coverage");
 
 function print(value, json = false) {
   if (json || typeof value !== "string") {
@@ -32,7 +36,10 @@ function usage() {
     "  evt profile show <name>",
     "  evt api list",
     "  evt api show <id>",
+    "  evt api discover [--config-root ./cli]",
     "  evt api scan [--missing] [--scan-config path/to/scanner.json]",
+    "  evt api sync [--config-root ./cli]",
+    "  evt api coverage [--config-root ./cli]",
     "  evt api call <id> [--profile local] [--set k=v] [--body '{...}'] [--dry-run]",
     "  evt api test-all [--profile local] [--include-dangerous] [--only namespace]",
     "  evt validate",
@@ -42,6 +49,17 @@ function usage() {
   ].join("\n");
 }
 
+function runNodeScript(relativeScript, args) {
+  const result = spawnSync(process.execPath, [path.join(cliRoot, relativeScript), ...args], {
+    cwd: process.cwd(),
+    stdio: "inherit",
+    shell: false
+  });
+  if (result.status !== 0) {
+    throw new Error(`${relativeScript} failed with exit code ${result.status || 1}`);
+  }
+}
+
 function commonRuntime(options) {
   const profile = loadProfile(options.profile || "local");
   const cachePath = resolveCachePath(options.cache);
@@ -73,6 +91,25 @@ async function handleApi(tokens) {
   const sub = tokens[0];
   const options = parseArgs(tokens.slice(1));
   setConfigRoot(options.configRoot);
+
+  if (sub === "discover") {
+    const args = tokens.slice(1);
+    if (!options.configRoot && !args.includes("--config-root")) {
+      args.push("--config-root", "./cli");
+    }
+    runNodeScript("skills/evt-api-scanner/scripts/discover.js", args);
+    return;
+  }
+  if (sub === "sync") {
+    runSyncApiCoverage(tokens.slice(1));
+    return;
+  }
+  if (sub === "coverage") {
+    const result = runApiCoverage(tokens.slice(1));
+    if (result.failed) throw new Error("API coverage failed");
+    return;
+  }
+
   const registry = loadApiRegistry();
 
   if (sub === "list") {

package/test/duration.test.js

@@ -0,0 +1,11 @@
+const test = require("node:test");
+const assert = require("node:assert/strict");
+const { parseDuration } = require("../src/util/duration");
+
+test("parses duration values", () => {
+  assert.equal(parseDuration(1000), 1000);
+  assert.equal(parseDuration("1000"), 1000);
+  assert.equal(parseDuration("500ms"), 500);
+  assert.equal(parseDuration("2s"), 2000);
+  assert.equal(parseDuration("1m"), 60000);
+});

package/test/flow.test.js

@@ -0,0 +1,215 @@
+const test = require("node:test");
+const assert = require("node:assert/strict");
+const { runFlow } = require("../src/flow/runner");
+const { loadApiRegistry, loadProfile } = require("../src/config/loaders");
+
+test("runs login flow in dry-run mode without prompt", async () => {
+  const result = await runFlow({
+    name: "login",
+    inputs: {
+      email: { required: true },
+      password: { required: true },
+      code: { default: "" },
+      googleCode: { default: "" }
+    },
+    steps: [
+      {
+        id: "login",
+        call: "auth.login",
+        body: {
+          email: "{{inputs.email}}",
+          password: "{{inputs.password}}"
+        }
+      }
+    ]
+  }, {
+    registry: loadApiRegistry(),
+    profile: loadProfile("local"),
+    cache: {},
+    cachePath: "/tmp/evt-cli-test-cache.json",
+    set: {
+      email: "user@example.com",
+      password: "secret"
+    },
+    dryRun: true,
+    noInteractive: true
+  });
+
+  assert.equal(result.flow, "login");
+  assert.equal(result.timeline.filter((item) => item.call).length, 1);
+  assert.equal(result.steps.login.request.method, "POST");
+});
+
+test("fails when required cache save value is missing", async () => {
+  const cachePath = "/tmp/evt-cli-required-cache-test.json";
+  const originalFetch = global.fetch;
+  global.fetch = async () => ({
+    ok: true,
+    status: 200,
+    text: async () => JSON.stringify({ code: 0, data: { info: { email: "user@example.com" } } })
+  });
+
+  try {
+    await assert.rejects(
+      runFlow({
+        name: "save-required",
+        steps: [
+          {
+            id: "login",
+            call: "auth.login",
+            body: {
+              email: "user@example.com",
+              password: "secret"
+            }
+          }
+        ],
+        save: {
+          cache: {
+            token: "{{steps.login.response.data.token}}"
+          },
+          required: ["cache.token"]
+        }
+      }, {
+        registry: loadApiRegistry(),
+        profile: loadProfile("local"),
+        cache: {},
+        cachePath,
+        set: {},
+        dryRun: false,
+        noInteractive: true
+      }),
+      /required save value: cache\.token/
+    );
+  } finally {
+    global.fetch = originalFetch;
+  }
+});
+
+test("supports step expect and extract variables", async () => {
+  const originalFetch = global.fetch;
+  global.fetch = async () => ({
+    ok: true,
+    status: 200,
+    text: async () => JSON.stringify({ code: 0, data: { token: "token-value" } })
+  });
+
+  try {
+    const result = await runFlow({
+      name: "expect-extract",
+      steps: [
+        {
+          id: "login",
+          call: "auth.login",
+          body: {
+            email: "user@example.com",
+            password: "secret"
+          },
+          expect: [
+            { path: "response.code", equals: 0 },
+            { path: "response.data.token", exists: true }
+          ],
+          extract: {
+            token: "response.data.token"
+          }
+        }
+      ]
+    }, {
+      registry: loadApiRegistry(),
+      profile: loadProfile("local"),
+      cache: {},
+      cachePath: "/tmp/evt-cli-extract-cache-test.json",
+      set: {},
+      dryRun: false,
+      noInteractive: true
+    });
+
+    assert.deepEqual(result.vars, ["token"]);
+  } finally {
+    global.fetch = originalFetch;
+  }
+});
+
+test("updates flow cache for later authenticated steps", async () => {
+  const originalFetch = global.fetch;
+  const seen = [];
+  global.fetch = async (url, options) => {
+    seen.push({ url, options });
+    if (seen.length === 1) {
+      return {
+        ok: true,
+        status: 200,
+        text: async () => JSON.stringify({ code: 0, data: { token: "token-value" } })
+      };
+    }
+    return {
+      ok: true,
+      status: 200,
+      text: async () => JSON.stringify({ code: 0, data: { email: "user@example.com" } })
+    };
+  };
+
+  try {
+    await runFlow({
+      name: "flow-cache",
+      steps: [
+        {
+          id: "login",
+          call: "auth.login",
+          body: {
+            email: "user@example.com",
+            password: "secret"
+          },
+          extract: {
+            token: "response.data.token"
+          },
+          cache: {
+            token: "{{vars.token}}"
+          }
+        },
+        {
+          id: "user",
+          call: "todo.list"
+        }
+      ]
+    }, {
+      registry: loadApiRegistry(),
+      profile: loadProfile("local"),
+      cache: {},
+      cachePath: "/tmp/evt-cli-flow-cache-test.json",
+      set: {},
+      dryRun: false,
+      noInteractive: true
+    });
+
+    assert.equal(seen[1].options.headers.Authorization, "Bearer token-value");
+  } finally {
+    global.fetch = originalFetch;
+  }
+});
+
+test("skips response expectations during dry-run", async () => {
+  const result = await runFlow({
+    name: "dry-run-expect",
+    steps: [
+      {
+        id: "oauth",
+        call: "auth.login",
+        expect: { path: "response.code", equals: 0 },
+        extract: {
+          token: "response.data.token"
+        }
+      }
+    ]
+  }, {
+    registry: loadApiRegistry(),
+    profile: loadProfile("local"),
+    cache: {},
+    cachePath: "/tmp/evt-cli-dry-run-expect-cache-test.json",
+    set: {},
+    dryRun: true,
+    noInteractive: true
+  });
+
+  assert.equal(result.flow, "dry-run-expect");
+  assert.deepEqual(result.vars, []);
+});

package/test/liveTester.test.js

@@ -0,0 +1,54 @@
+const test = require("node:test");
+const assert = require("node:assert/strict");
+const { sampleArgsForEndpoint } = require("../src/api/liveTester");
+
+test("builds live test values from profile fixtures and schema metadata", () => {
+  const endpoint = {
+    id: "demo.create",
+    namespace: "demo",
+    schema: {
+      path: {
+        id: { type: "integer", example: 9 }
+      },
+      query: {
+        page: { type: "integer", default: 1 },
+        mode: { type: "string", enum: ["fast", "slow"] }
+      },
+      body: {
+        name: { type: "string", required: true },
+        enabled: { type: "boolean" }
+      }
+    }
+  };
+
+  const args = sampleArgsForEndpoint(endpoint, {
+    profile: {
+      fixtures: {
+        defaults: {
+          name: "default-name"
+        },
+        namespaces: {
+          demo: {
+            mode: "slow"
+          }
+        },
+        endpoints: {
+          "demo.create": {
+            path: {
+              id: 42
+            }
+          }
+        }
+      }
+    },
+    cache: {}
+  });
+
+  assert.deepEqual(args, {
+    id: 42,
+    page: 1,
+    mode: "slow",
+    name: "default-name",
+    enabled: false
+  });
+});

package/test/requestBuilder.test.js

@@ -0,0 +1,214 @@
+const test = require("node:test");
+const assert = require("node:assert/strict");
+const fs = require("node:fs");
+const os = require("node:os");
+const path = require("node:path");
+const { buildRequest, toCurl } = require("../src/http/requestBuilder");
+const { executeEndpoint } = require("../src/http/client");
+const { redact } = require("../src/util/redact");
+
+test("builds authenticated form-url-encoded requests", () => {
+  const request = buildRequest({
+    id: "trade.createOrder",
+    service: "trade",
+    method: "POST",
+    path: "/api/trade/orders",
+    auth: true,
+    bodyType: "formUrlEncoded",
+    body: {
+      symbol: "{{args.symbol}}",
+      orderSide: "{{args.orderSide}}",
+      origQty: "{{args.origQty}}",
+      positionSide: "{{args.positionSide}}",
+      price: "{{args.price}}"
+    }
+  }, {
+    profile: {
+      baseUrls: { default: "https://api.example.com", trade: "https://f.example.com" },
+      headers: { Platform: "IOS" },
+      auth: { header: "Authorization", scheme: "raw" }
+    },
+    cache: { token: "token-value" },
+    context: {
+      args: {
+        symbol: "btc_usdt",
+        orderSide: "BUY",
+        origQty: "1",
+        positionSide: "LONG"
+      },
+      profile: {},
+      cache: {},
+      env: {},
+      steps: {},
+      inputs: {}
+    }
+  });
+
+  assert.equal(request.url, "https://f.example.com/api/trade/orders");
+  assert.equal(request.headers.Authorization, "token-value");
+  assert.equal(request.headers["Content-Type"], "application/x-www-form-urlencoded");
+  assert.equal(request.encodedBody, "symbol=btc_usdt&orderSide=BUY&origQty=1&positionSide=LONG");
+});
+
+test("renders dynamic path parameters from args", () => {
+  const request = buildRequest({
+    id: "spot.cancelSpotOrder",
+    method: "PATCH",
+    path: "/api/spot/order/:code/cancel",
+    auth: false
+  }, {
+    profile: { baseUrl: "https://api.example.com", headers: {} },
+    cache: {},
+    context: { args: { code: "abc/123" }, profile: {}, cache: {}, env: {}, steps: {}, inputs: {} }
+  });
+
+  assert.equal(request.url, "https://api.example.com/api/spot/order/abc%2F123/cancel");
+});
+
+test("materializes schema query and body values from args", () => {
+  const request = buildRequest({
+    id: "market.getKline",
+    service: "market",
+    method: "GET",
+    path: "/api/market/kline",
+    auth: false,
+    schema: {
+      query: {
+        symbol: { type: "string", required: true },
+        interval: { type: "string", default: "1m" },
+        limit: { type: "integer", default: 100 }
+      }
+    }
+  }, {
+    profile: { baseUrls: { default: "https://api.example.com", market: "https://m.example.com" }, headers: {} },
+    cache: {},
+    context: { args: { symbol: "btc_usdt" }, profile: {}, cache: {}, env: {}, steps: {}, inputs: {} }
+  });
+
+  assert.equal(request.url, "https://m.example.com/api/market/kline?symbol=btc_usdt&interval=1m&limit=100");
+});
+
+test("validates required schema values", () => {
+  assert.throws(
+    () => buildRequest({
+      id: "market.getSymbolDetail",
+      service: "market",
+      method: "GET",
+      path: "/api/market/symbol/detail",
+      auth: false,
+      schema: {
+        query: {
+          symbol: { type: "string", required: true }
+        }
+      }
+    }, {
+      profile: { baseUrls: { default: "https://api.example.com", market: "https://m.example.com" }, headers: {} },
+      cache: {},
+      context: { args: {}, profile: {}, cache: {}, env: {}, steps: {}, inputs: {} }
+    }),
+    /Missing required parameter: symbol/
+  );
+});
+
+test("builds multipart file upload requests", () => {
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), "evt-cli-"));
+  const filePath = path.join(dir, "avatar.png");
+  fs.writeFileSync(filePath, "fake image");
+
+  const request = buildRequest({
+    id: "user.uploadImage",
+    method: "POST",
+    path: "/api/user/upload/image",
+    auth: true,
+    bodyType: "multipart"
+  }, {
+    profile: {
+      baseUrl: "https://api.example.com",
+      headers: { "Content-Type": "application/json" },
+      auth: { header: "Authorization", scheme: "raw" }
+    },
+    cache: { token: "token-value" },
+    body: { file: filePath, contentType: "image/png" },
+    context: { args: {}, profile: {}, cache: {}, env: {}, steps: {}, inputs: {} }
+  });
+
+  assert.equal(request.headers.Authorization, "token-value");
+  assert.equal(request.headers["Content-Type"], undefined);
+  assert.equal(request.encodedBody.constructor.name, "FormData");
+  assert.equal(request.encodedBody.get("file").name, "avatar.png");
+  assert.match(toCurl(request), /-F "file=@.*avatar\.png"/);
+});
+
+test("does not require multipart files during dry-run", () => {
+  const request = buildRequest({
+    id: "user.uploadImage",
+    method: "POST",
+    path: "/api/user/upload/image",
+    auth: false,
+    bodyType: "multipart"
+  }, {
+    profile: { baseUrl: "https://api.example.com", headers: {} },
+    cache: {},
+    body: { file: "/path/that/does/not/exist.png", contentType: "image/png" },
+    context: { args: {}, profile: {}, cache: {}, env: {}, steps: {}, inputs: {} },
+    dryRun: true
+  });
+
+  assert.equal(request.encodedBody, undefined);
+  assert.match(toCurl(request), /-F "file=@\/path\/that\/does\/not\/exist\.png"/);
+});
+
+test("redacts encoded bodies in dry-run output", () => {
+  const safe = redact({
+    body: {
+      password: "secret"
+    },
+    encodedBody: "{\"password\":\"secret\"}"
+  });
+
+  assert.equal(safe.body.password, "***");
+  assert.equal(safe.encodedBody, "***");
+});
+
+test("keeps response business code visible while redacting request verification code", () => {
+  const safe = redact({
+    response: {
+      code: 0,
+      data: {
+        order: {
+          code: 123
+        }
+      }
+    },
+    body: {
+      code: "123456"
+    }
+  });
+
+  assert.equal(safe.response.code, 0);
+  assert.equal(safe.response.data.order.code, 123);
+  assert.equal(safe.body.code, "***");
+});
+
+test("blocks dangerous endpoints without unsafe flag", async () => {
+  await assert.rejects(
+    executeEndpoint({
+      id: "trade.createOrder",
+      service: "trade",
+      method: "POST",
+      path: "/api/trade/orders",
+      auth: false,
+      dangerous: true,
+      bodyType: "formUrlEncoded"
+    }, {
+      profile: {
+        baseUrls: { default: "https://api.example.com", trade: "https://t.example.com" },
+        headers: {}
+      },
+      cache: {},
+      context: { args: {}, profile: {}, cache: {}, env: {}, steps: {}, inputs: {} },
+      dryRun: false
+    }),
+    /dangerous/
+  );
+});