@icyouo/evt-cli 0.1.0

package/src/config/serviceScanner.js

@@ -0,0 +1,426 @@
+const fs = require("node:fs");
+const path = require("node:path");
+const { spawnSync } = require("node:child_process");
+const { cliRoot, configRoot, resolveCliPath } = require("../util/paths");
+
+const repoRoot = path.resolve(cliRoot, "..");
+
+const STRING_PATTERN = `"([^"]+)"|'([^']+)'|\`([^\`]+)\``;
+const METHOD_MAP = {
+  get: "GET",
+  getRaw: "GET",
+  fetch: "GET",
+  post: "POST",
+  postForm: "POST",
+  patch: "PATCH",
+  put: "PUT",
+  delete: "DELETE",
+  deleteWithBody: "DELETE",
+  postUrlEncoded: "POST",
+  upload: "POST"
+};
+
+const LANGUAGE_DEFAULTS = {
+  kotlin: {
+    extensions: [".kt"],
+    receivers: ["http"],
+    helpers: ["get", "post", "patch", "put", "delete", "deleteWithBody", "postUrlEncoded", "postForm", "getRaw"],
+    functionPatterns: [
+      /(?:override\s+)?suspend\s+fun\s+([A-Za-z_][A-Za-z0-9_]*)/g,
+      /fun\s+([A-Za-z_][A-Za-z0-9_]*)/g
+    ],
+    namespaceStripPrefixes: ["I"],
+    namespaceStripSuffixes: ["Service"]
+  },
+  swift: {
+    extensions: [".swift"],
+    receivers: ["http", "client", "api"],
+    helpers: ["get", "post", "patch", "put", "delete", "upload"],
+    functionPatterns: [/func\s+([A-Za-z_][A-Za-z0-9_]*)\s*\(/g],
+    namespaceStripSuffixes: ["Service", "API", "Api"]
+  },
+  js: {
+    extensions: [".js", ".jsx", ".mjs", ".cjs", ".ts", ".tsx"],
+    receivers: ["http", "client", "api", "axios"],
+    helpers: ["get", "post", "patch", "put", "delete"],
+    functionPatterns: [
+      /(?:async\s+)?function\s+([A-Za-z_$][A-Za-z0-9_$]*)\s*\(/g,
+      /(?:const|let|var)\s+([A-Za-z_$][A-Za-z0-9_$]*)\s*=\s*(?:async\s*)?\(/g,
+      /([A-Za-z_$][A-Za-z0-9_$]*)\s*:\s*(?:async\s*)?function\s*\(/g,
+      /([A-Za-z_$][A-Za-z0-9_$]*)\s*\([^)]*\)\s*\{/g
+    ],
+    namespaceStripSuffixes: ["Service", "Api", "API"]
+  },
+  dart: {
+    extensions: [".dart"],
+    receivers: ["http", "client", "api", "dio"],
+    helpers: ["get", "post", "patch", "put", "delete"],
+    functionPatterns: [
+      /(?:Future(?:<[^>]+>)?|Stream(?:<[^>]+>)?|void|[A-Za-z_][A-Za-z0-9_<>?]*)\s+([A-Za-z_][A-Za-z0-9_]*)\s*\([^)]*\)\s*(?:async\s*)?\{/g
+    ],
+    namespaceStripSuffixes: ["Service", "Api", "API"]
+  }
+};
+
+function defaultScanConfig() {
+  return {
+    root: configRoot(),
+    targets: []
+  };
+}
+
+function parseCliScanOptions(tokens = []) {
+  const options = {};
+  for (let index = 0; index < tokens.length; index += 1) {
+    const token = tokens[index];
+    if (token === "--scan-config") {
+      index += 1;
+      options.scanConfig = tokens[index];
+    } else if (token.startsWith("--scan-config=")) {
+      options.scanConfig = token.slice("--scan-config=".length);
+    } else if (token === "--config-root") {
+      index += 1;
+      options.configRoot = tokens[index];
+    } else if (token.startsWith("--config-root=")) {
+      options.configRoot = token.slice("--config-root=".length);
+    }
+  }
+  return options;
+}
+
+function readJson(file) {
+  return JSON.parse(fs.readFileSync(file, "utf8"));
+}
+
+function normalizeConfig(config, baseDir = repoRoot) {
+  const root = config.root ? path.resolve(baseDir, config.root) : repoRoot;
+  return {
+    ...config,
+    root,
+    targets: (config.targets || []).map((target) => ({ ...target }))
+  };
+}
+
+function loadScanConfig(options = {}) {
+  if (options.config) {
+    return normalizeConfig(options.config, options.baseDir || repoRoot);
+  }
+
+  const explicit = options.scanConfig || process.env.EVERYTHING_SCAN_CONFIG || process.env.NEPTUNE_SCAN_CONFIG;
+  if (explicit) {
+    const file = path.resolve(explicit);
+    return normalizeConfig(readJson(file), path.dirname(file));
+  }
+
+  const localConfigs = [
+    resolveCliPath("scanner.config.json"),
+    resolveCliPath("data", "scanner.json")
+  ];
+  const localConfig = localConfigs.find((file) => fs.existsSync(file));
+  if (localConfig) {
+    return normalizeConfig(readJson(localConfig), path.dirname(localConfig));
+  }
+
+  return normalizeConfig(defaultScanConfig(), repoRoot);
+}
+
+function languageDefaults(language) {
+  const defaults = LANGUAGE_DEFAULTS[language];
+  if (!defaults) {
+    throw new Error(`Unsupported scanner language: ${language}`);
+  }
+  return defaults;
+}
+
+function makeRegexUnion(values) {
+  return values.map((value) => value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")).join("|");
+}
+
+function globToRegExp(glob) {
+  let pattern = glob.replace(/[.+^${}()|[\]\\]/g, "\\$&");
+  pattern = pattern
+    .replace(/\*\*/g, "__GLOBSTAR__")
+    .replace(/\*/g, "[^/]*")
+    .replace(/\?/g, ".")
+    .replace(/__GLOBSTAR__/g, ".*");
+  return new RegExp(`^${pattern}$`);
+}
+
+function matchesAny(file, patterns, root) {
+  if (!patterns || patterns.length === 0) return false;
+  const relative = path.relative(root, file).split(path.sep).join("/");
+  return patterns.some((pattern) => globToRegExp(pattern).test(relative));
+}
+
+function walkFiles(entry) {
+  if (!fs.existsSync(entry)) return [];
+  const stat = fs.statSync(entry);
+  if (stat.isFile()) return [entry];
+  if (!stat.isDirectory()) return [];
+  return fs.readdirSync(entry)
+    .flatMap((child) => walkFiles(path.join(entry, child)));
+}
+
+function targetFiles(config, target, defaults) {
+  const roots = (target.paths || target.path ? [].concat(target.paths || target.path) : []);
+  const extensions = target.extensions || defaults.extensions;
+  return roots
+    .map((entry) => path.resolve(config.root, entry))
+    .flatMap(walkFiles)
+    .filter((file) => extensions.includes(path.extname(file)))
+    .filter((file) => !target.include || matchesAny(file, target.include, config.root))
+    .filter((file) => !matchesAny(file, target.exclude, config.root))
+    .sort();
+}
+
+function isSkillTarget(target) {
+  return target.language === "skill" || target.language === "command" || target.type === "skill" || target.type === "command";
+}
+
+function namespaceFromFile(file, target, defaults) {
+  if (target.namespace) return target.namespace;
+  let namespace = path.basename(file, path.extname(file));
+  for (const prefix of target.namespaceStripPrefixes || defaults.namespaceStripPrefixes || []) {
+    if (namespace.startsWith(prefix)) namespace = namespace.slice(prefix.length);
+  }
+  for (const suffix of target.namespaceStripSuffixes || defaults.namespaceStripSuffixes || []) {
+    if (namespace.endsWith(suffix)) namespace = namespace.slice(0, -suffix.length);
+  }
+  return namespace.replace(/^[A-Z]/, (letter) => letter.toLowerCase());
+}
+
+function findNearestFunction(source, index, target, defaults) {
+  const before = source.slice(0, index);
+  const patterns = target.functionPatterns || defaults.functionPatterns;
+  let nearest = { index: -1, name: "unknown" };
+  for (const pattern of patterns) {
+    pattern.lastIndex = 0;
+    for (const match of before.matchAll(pattern)) {
+      if (match.index > nearest.index) {
+        nearest = { index: match.index, name: match[1] };
+      }
+    }
+  }
+  return nearest.name;
+}
+
+function bodyTypeFor(helper, target) {
+  if (target.bodyTypes && target.bodyTypes[helper]) return target.bodyTypes[helper];
+  if (helper === "postUrlEncoded") return "formUrlEncoded";
+  if (helper === "postForm" || helper === "upload") return "multipart";
+  return "json";
+}
+
+function firstQuoted(match, startIndex) {
+  for (let index = startIndex; index < match.length; index += 1) {
+    if (match[index] !== undefined) return match[index];
+  }
+  return undefined;
+}
+
+function methodForHelper(helper, explicitMethod) {
+  if (explicitMethod) return explicitMethod.toUpperCase();
+  return METHOD_MAP[helper] || helper.toUpperCase();
+}
+
+function normalizePathTemplate(rawPath, target, language) {
+  let pathTemplate = rawPath;
+  let service = target.service;
+
+  for (const [prefix, serviceName] of Object.entries(target.servicePrefixes || {})) {
+    if (pathTemplate.startsWith(prefix)) {
+      pathTemplate = pathTemplate.slice(prefix.length);
+      service = serviceName;
+      break;
+    }
+  }
+
+  for (const pattern of target.skipPathPatterns || []) {
+    if (new RegExp(pattern).test(pathTemplate)) return undefined;
+  }
+
+  pathTemplate = pathTemplate
+    .replace(/\$\{([A-Za-z_][A-Za-z0-9_]*)\}/g, ":$1")
+    .replace(/\$([A-Za-z_][A-Za-z0-9_]*)/g, ":$1");
+
+  if (language === "swift") {
+    pathTemplate = pathTemplate.replace(/\\\(([A-Za-z_][A-Za-z0-9_]*)\)/g, ":$1");
+  }
+
+  return { path: pathTemplate, service };
+}
+
+function pushEndpoint(endpoints, seen, source, target, defaults, file, matchIndex, helper, rawPath, explicitMethod) {
+  if (!rawPath) return;
+  const normalized = normalizePathTemplate(rawPath, target, target.language);
+  if (!normalized) return;
+  const namespace = namespaceFromFile(file, target, defaults);
+  if ((target.excludeNamespaces || []).includes(namespace)) return;
+  const functionName = findNearestFunction(source, matchIndex, target, defaults);
+  const method = methodForHelper(helper, explicitMethod);
+  const key = `${functionName}:${method}:${normalized.path}`;
+  if (seen.has(key)) return;
+  seen.add(key);
+  endpoints.push({
+    id: `${namespace}.${functionName}`,
+    namespace,
+    functionName,
+    method,
+    path: normalized.path,
+    bodyType: bodyTypeFor(helper, target),
+    service: normalized.service,
+    helper,
+    auth: target.auth,
+    dangerous: target.dangerous,
+    file: path.relative(repoRoot, file)
+  });
+}
+
+function scanReceiverCalls(source, target, defaults, file, endpoints, seen) {
+  const receivers = target.receivers || defaults.receivers;
+  const helpers = target.helpers || defaults.helpers;
+  const receiverPattern = makeRegexUnion(receivers);
+  const helperPattern = makeRegexUnion(helpers);
+  const directCall = new RegExp(`\\b(?:${receiverPattern})\\s*\\.\\s*(${helperPattern})(?:<[^>]+>)?\\s*\\(\\s*(?:${STRING_PATTERN})`, "g");
+  const namedUrlCall = new RegExp(`\\b(?:${receiverPattern})\\s*\\.\\s*(${helperPattern})(?:<[^>]+>)?\\s*\\([\\s\\S]{0,300}?\\burl\\s*=\\s*(?:${STRING_PATTERN})`, "g");
+  const uriParseCall = new RegExp(`\\b(?:${receiverPattern})\\s*\\.\\s*(${helperPattern})\\s*\\(\\s*Uri\\.parse\\s*\\(\\s*(?:${STRING_PATTERN})`, "g");
+
+  for (const re of [directCall, namedUrlCall, uriParseCall]) {
+    let match;
+    while ((match = re.exec(source)) !== null) {
+      pushEndpoint(endpoints, seen, source, target, defaults, file, match.index, match[1], firstQuoted(match, 2));
+    }
+  }
+}
+
+function scanFetchCalls(source, target, defaults, file, endpoints, seen) {
+  if (target.language !== "js" && !target.scanFetch) return;
+  const fetchCall = new RegExp(`\\bfetch\\s*\\(\\s*(?:${STRING_PATTERN})([\\s\\S]{0,300}?)\\)`, "g");
+  let match;
+  while ((match = fetchCall.exec(source)) !== null) {
+    const rawPath = firstQuoted(match, 1);
+    const optionsSource = match[4] || "";
+    const methodMatch = optionsSource.match(/\bmethod\s*:\s*["'`]([A-Za-z]+)["'`]/);
+    pushEndpoint(endpoints, seen, source, target, defaults, file, match.index, "fetch", rawPath, methodMatch && methodMatch[1]);
+  }
+}
+
+function scanServiceFile(file, target = defaultScanConfig().targets[0], config = defaultScanConfig()) {
+  const defaults = languageDefaults(target.language || "kotlin");
+  const source = fs.readFileSync(file, "utf8");
+  const endpoints = [];
+  const seen = new Set();
+  scanReceiverCalls(source, target, defaults, file, endpoints, seen);
+  scanFetchCalls(source, target, defaults, file, endpoints, seen);
+  return endpoints.map((endpoint) => ({
+    ...endpoint,
+    file: path.relative(config.root || repoRoot, file)
+  }));
+}
+
+function scanTarget(config, target) {
+  if (isSkillTarget(target)) {
+    return scanSkillTarget(config, target);
+  }
+  const defaults = languageDefaults(target.language || "kotlin");
+  return targetFiles(config, target, defaults)
+    .flatMap((file) => scanServiceFile(file, target, config));
+}
+
+function parseSkillOutput(stdout, target) {
+  let parsed;
+  try {
+    parsed = JSON.parse(stdout);
+  } catch (error) {
+    throw new Error(`Skill scanner ${target.name || target.command} must output JSON: ${error.message}`);
+  }
+  const endpoints = Array.isArray(parsed) ? parsed : parsed.endpoints;
+  if (!Array.isArray(endpoints)) {
+    throw new Error(`Skill scanner ${target.name || target.command} output must be an array or { endpoints: [] }`);
+  }
+  return endpoints;
+}
+
+function normalizeSkillEndpoint(rawEndpoint, target, config) {
+  if (!rawEndpoint || typeof rawEndpoint !== "object") {
+    throw new Error(`Skill scanner ${target.name || target.command} returned a non-object endpoint`);
+  }
+  const namespace = rawEndpoint.namespace || target.namespace;
+  const functionName = rawEndpoint.functionName || rawEndpoint.name ||
+    (rawEndpoint.id && String(rawEndpoint.id).includes(".") ? String(rawEndpoint.id).split(".").pop() : undefined);
+  const id = rawEndpoint.id || (namespace && functionName ? `${namespace}.${functionName}` : undefined);
+  if (!id || !namespace || !functionName) {
+    throw new Error(`Skill scanner endpoint must include id or namespace + name/functionName`);
+  }
+  if (!rawEndpoint.path) {
+    throw new Error(`Skill scanner endpoint ${id} is missing path`);
+  }
+
+  const method = String(rawEndpoint.method || "GET").toUpperCase();
+  const bodyType = rawEndpoint.bodyType || "json";
+  return {
+    id,
+    namespace,
+    functionName,
+    method,
+    path: rawEndpoint.path,
+    bodyType,
+    service: rawEndpoint.service || target.service,
+    helper: rawEndpoint.helper || target.name || "skill",
+    auth: rawEndpoint.auth !== undefined ? rawEndpoint.auth : target.auth,
+    dangerous: rawEndpoint.dangerous !== undefined ? rawEndpoint.dangerous : target.dangerous,
+    file: rawEndpoint.file || target.file || undefined,
+    source: target.name || "skill"
+  };
+}
+
+function scanSkillTarget(config, target) {
+  if (!target.command) {
+    throw new Error("Skill scanner target must define command");
+  }
+  const cwd = target.cwd ? path.resolve(config.root, target.cwd) : config.root;
+  const result = spawnSync(target.command, (target.args || []).map(String), {
+    cwd,
+    encoding: "utf8",
+    shell: false,
+    env: {
+      ...process.env,
+      ...(target.env || {})
+    },
+    maxBuffer: target.maxBuffer || 10 * 1024 * 1024
+  });
+
+  if (result.error) {
+    throw new Error(`Skill scanner ${target.name || target.command} failed: ${result.error.message}`);
+  }
+  if (result.status !== 0) {
+    const stderr = String(result.stderr || "").trim();
+    throw new Error(`Skill scanner ${target.name || target.command} exited with ${result.status}${stderr ? `: ${stderr}` : ""}`);
+  }
+
+  return parseSkillOutput(result.stdout, target)
+    .map((endpoint) => normalizeSkillEndpoint(endpoint, target, config));
+}
+
+function scanServices(options = {}) {
+  const config = loadScanConfig(options);
+  if (!config.targets || config.targets.length === 0) return [];
+  return config.targets.flatMap((target) => scanTarget(config, target));
+}
+
+function compareScanToRegistry(scanned, registry) {
+  const yamlByPath = new Map(Object.values(registry).map((endpoint) => [`${endpoint.method}:${endpoint.path}`, endpoint]));
+  const missing = scanned.filter((endpoint) => !yamlByPath.has(`${endpoint.method}:${endpoint.path}`));
+  const covered = scanned.filter((endpoint) => yamlByPath.has(`${endpoint.method}:${endpoint.path}`));
+  return { missing, covered };
+}
+
+module.exports = {
+  scanServices,
+  compareScanToRegistry,
+  scanServiceFile,
+  loadScanConfig,
+  defaultScanConfig,
+  parseCliScanOptions,
+  repoRoot
+};

package/src/config/validate.js

@@ -0,0 +1,189 @@
+const VALID_METHODS = new Set(["GET", "POST", "PUT", "PATCH", "DELETE"]);
+const VALID_BODY_TYPES = new Set(["json", "formUrlEncoded", "multipart", "raw"]);
+const VALID_INPUT_TYPES = new Set(["string", "password", "number", "boolean"]);
+const VALID_SCHEMA_TYPES = new Set(["string", "number", "integer", "boolean", "array", "object"]);
+
+function push(errors, file, message) {
+  errors.push(file ? `${file}: ${message}` : message);
+}
+
+function isObject(value) {
+  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
+}
+
+function validateProfile(profile, file) {
+  const errors = [];
+  if (!isObject(profile)) {
+    push(errors, file, "profile must be an object");
+    return errors;
+  }
+  if (!profile.name) push(errors, file, "profile.name is required");
+  if (!profile.baseUrl && !profile.baseUrls) push(errors, file, "profile.baseUrl or profile.baseUrls is required");
+  if (profile.baseUrls && !isObject(profile.baseUrls)) push(errors, file, "profile.baseUrls must be an object");
+  if (profile.headers && !isObject(profile.headers)) push(errors, file, "profile.headers must be an object");
+  if (profile.auth && !isObject(profile.auth)) push(errors, file, "profile.auth must be an object");
+  if (profile.inputs && !isObject(profile.inputs)) push(errors, file, "profile.inputs must be an object");
+  if (profile.fixtures && !isObject(profile.fixtures)) push(errors, file, "profile.fixtures must be an object");
+  if (profile.test && !isObject(profile.test)) push(errors, file, "profile.test must be an object");
+  return errors;
+}
+
+function validateApiDocument(api, file) {
+  const errors = [];
+  if (!isObject(api)) {
+    push(errors, file, "API YAML must be an object");
+    return errors;
+  }
+  if (!api.namespace || typeof api.namespace !== "string") {
+    push(errors, file, "namespace is required");
+  }
+  if (!isObject(api.endpoints)) {
+    push(errors, file, "endpoints must be an object");
+    return errors;
+  }
+
+  for (const [name, endpoint] of Object.entries(api.endpoints)) {
+    const label = `${api.namespace || "unknown"}.${name}`;
+    if (!isObject(endpoint)) {
+      push(errors, file, `${label} must be an object`);
+      continue;
+    }
+    const method = String(endpoint.method || "GET").toUpperCase();
+    const bodyType = endpoint.bodyType || "json";
+    if (!VALID_METHODS.has(method)) push(errors, file, `${label}.method is invalid: ${endpoint.method}`);
+    if (!endpoint.path || typeof endpoint.path !== "string") push(errors, file, `${label}.path is required`);
+    if (!VALID_BODY_TYPES.has(bodyType)) push(errors, file, `${label}.bodyType is invalid: ${bodyType}`);
+    if (endpoint.query && !isObject(endpoint.query)) push(errors, file, `${label}.query must be an object`);
+    if (endpoint.body && !isObject(endpoint.body)) push(errors, file, `${label}.body must be an object`);
+    if (endpoint.headers && !isObject(endpoint.headers)) push(errors, file, `${label}.headers must be an object`);
+    if (endpoint.service && typeof endpoint.service !== "string") push(errors, file, `${label}.service must be a string`);
+    if (endpoint.dangerous !== undefined && typeof endpoint.dangerous !== "boolean") {
+      push(errors, file, `${label}.dangerous must be a boolean`);
+    }
+    validateEndpointSchema(endpoint.schema, file, label, errors);
+  }
+  return errors;
+}
+
+function validateSchemaGroup(group, file, label, errors) {
+  if (group === undefined) return;
+  if (!isObject(group)) {
+    push(errors, file, `${label} must be an object`);
+    return;
+  }
+  for (const [name, definition] of Object.entries(group)) {
+    const field = `${label}.${name}`;
+    if (typeof definition === "string") {
+      if (!VALID_SCHEMA_TYPES.has(definition)) push(errors, file, `${field} type is invalid: ${definition}`);
+      continue;
+    }
+    if (!isObject(definition)) {
+      push(errors, file, `${field} must be an object or type string`);
+      continue;
+    }
+    if (definition.type && !VALID_SCHEMA_TYPES.has(definition.type)) {
+      push(errors, file, `${field}.type is invalid: ${definition.type}`);
+    }
+    if (definition.required !== undefined && typeof definition.required !== "boolean") {
+      push(errors, file, `${field}.required must be a boolean`);
+    }
+    if (definition.enum !== undefined && !Array.isArray(definition.enum)) {
+      push(errors, file, `${field}.enum must be an array`);
+    }
+    if (definition.from !== undefined && typeof definition.from !== "string") {
+      push(errors, file, `${field}.from must be a string`);
+    }
+  }
+}
+
+function validateEndpointSchema(schema, file, label, errors) {
+  if (schema === undefined) return;
+  if (!isObject(schema)) {
+    push(errors, file, `${label}.schema must be an object`);
+    return;
+  }
+  validateSchemaGroup(schema.path, file, `${label}.schema.path`, errors);
+  validateSchemaGroup(schema.query, file, `${label}.schema.query`, errors);
+  validateSchemaGroup(schema.body, file, `${label}.schema.body`, errors);
+}
+
+function validateApiRegistry(registry) {
+  const errors = [];
+  const seen = new Set();
+  for (const [id, endpoint] of Object.entries(registry)) {
+    if (seen.has(id)) push(errors, "", `duplicate endpoint id: ${id}`);
+    seen.add(id);
+    if (!endpoint.path) push(errors, "", `${id}.path is required`);
+    if (!isObject(endpoint.response) || Object.keys(endpoint.response).length === 0) {
+      push(errors, "", `${id}.response is required`);
+    }
+  }
+  return errors;
+}
+
+function validateFlow(flow, file) {
+  const errors = [];
+  if (!isObject(flow)) {
+    push(errors, file, "flow must be an object");
+    return errors;
+  }
+  if (!flow.name || typeof flow.name !== "string") push(errors, file, "flow.name is required");
+  if (flow.inputs !== undefined) {
+    if (!isObject(flow.inputs)) {
+      push(errors, file, "flow.inputs must be an object");
+    } else {
+      for (const [key, input] of Object.entries(flow.inputs)) {
+        if (!isObject(input)) {
+          push(errors, file, `inputs.${key} must be an object`);
+          continue;
+        }
+        if (input.type && !VALID_INPUT_TYPES.has(input.type)) {
+          push(errors, file, `inputs.${key}.type is invalid: ${input.type}`);
+        }
+      }
+    }
+  }
+  if (flow.steps !== undefined && !Array.isArray(flow.steps)) push(errors, file, "flow.steps must be an array");
+  for (const [index, step] of (flow.steps || []).entries()) {
+    if (!isObject(step)) {
+      push(errors, file, `steps[${index}] must be an object`);
+      continue;
+    }
+    if (!step.call && step.wait === undefined) push(errors, file, `steps[${index}] must declare call or wait`);
+    if (step.call && typeof step.call !== "string") push(errors, file, `steps[${index}].call must be a string`);
+    if (step.body && !isObject(step.body)) push(errors, file, `steps[${index}].body must be an object`);
+    if (step.query && !isObject(step.query)) push(errors, file, `steps[${index}].query must be an object`);
+    if (step.headers && !isObject(step.headers)) push(errors, file, `steps[${index}].headers must be an object`);
+    if (step.extract && !isObject(step.extract)) push(errors, file, `steps[${index}].extract must be an object`);
+    if (step.cache && !isObject(step.cache)) push(errors, file, `steps[${index}].cache must be an object`);
+    if (step.expect && !Array.isArray(step.expect) && !isObject(step.expect)) {
+      push(errors, file, `steps[${index}].expect must be an object or array`);
+    }
+  }
+  if (flow.save !== undefined) {
+    if (!isObject(flow.save)) {
+      push(errors, file, "flow.save must be an object");
+    } else {
+      if (flow.save.cache && !isObject(flow.save.cache)) push(errors, file, "flow.save.cache must be an object");
+      if (flow.save.required && !Array.isArray(flow.save.required)) push(errors, file, "flow.save.required must be an array");
+    }
+  }
+  return errors;
+}
+
+function throwIfInvalid(errors) {
+  if (errors.length > 0) {
+    throw new Error(`Configuration validation failed:\n${errors.join("\n")}`);
+  }
+}
+
+module.exports = {
+  validateProfile,
+  validateApiDocument,
+  validateApiRegistry,
+  validateFlow,
+  throwIfInvalid,
+  VALID_BODY_TYPES,
+  VALID_METHODS,
+  VALID_SCHEMA_TYPES
+};