@jskit-ai/users-core 0.1.64 → 0.1.66

package/templates/packages/users-workspace/src/server/actions.js

@@ -1,68 +1,68 @@
-import { recordIdParamsValidator } from "@jskit-ai/kernel/shared/validators";
+import {
+  composeSchemaDefinitions,
+  recordIdParamsValidator
+} from "@jskit-ai/kernel/shared/validators";
 import {
   createCrudCursorPaginationQueryValidator,
   listSearchQueryValidator
 } from "@jskit-ai/crud-core/server/listQueryValidators";
 import { workspaceSlugParamsValidator } from "@jskit-ai/workspaces-core/server/validators/routeParamsValidator";
 import { resource } from "../shared/userResource.js";
-import { actionIds } from "./actionIds.js";
-import { LIST_CONFIG } from "./listConfig.js";
 
-const listCursorPaginationQueryValidator = createCrudCursorPaginationQueryValidator(LIST_CONFIG);
+const listCursorPaginationQueryValidator = createCrudCursorPaginationQueryValidator({
+  orderBy: resource.defaultSort
+});
 const authenticatedPermission = Object.freeze({
   require: "authenticated"
 });
 
-function requireActionSurface(surface = "") {
-  const normalizedSurface = String(surface || "").trim().toLowerCase();
-  if (!normalizedSurface) {
-    throw new TypeError("createActions requires a non-empty surface.");
-  }
-
-  return normalizedSurface;
-}
-
-function createActions({ surface = "" } = {}) {
-  const actionSurface = requireActionSurface(surface);
-
+function createActions({ surface } = {}) {
   return Object.freeze([
     {
-      id: actionIds.list,
+      id: "crud.users.list",
       version: 1,
       kind: "query",
       channels: ["api", "automation", "internal"],
-      surfaces: [actionSurface],
+      surfaces: [surface],
       permission: authenticatedPermission,
-      inputValidator: [workspaceSlugParamsValidator, listCursorPaginationQueryValidator, listSearchQueryValidator],
-      outputValidator: resource.operations.list.outputValidator,
+      input: composeSchemaDefinitions([
+        workspaceSlugParamsValidator,
+        listCursorPaginationQueryValidator,
+        listSearchQueryValidator
+      ]),
+      output: null,
       idempotency: "none",
       audit: {
-        actionName: actionIds.list
+        actionName: "crud.users.list"
       },
       observability: {},
       async execute(input, context, deps) {
-        return deps.usersService.listRecords(input, {
+        const { workspaceSlug, ...query } = input || {};
+        return deps.usersService.queryDocuments(query, {
           context,
           visibilityContext: context?.visibilityContext
         });
       }
     },
     {
-      id: actionIds.view,
+      id: "crud.users.view",
       version: 1,
       kind: "query",
       channels: ["api", "automation", "internal"],
-      surfaces: [actionSurface],
+      surfaces: [surface],
       permission: authenticatedPermission,
-      inputValidator: [workspaceSlugParamsValidator, recordIdParamsValidator],
-      outputValidator: resource.operations.view.outputValidator,
+      input: composeSchemaDefinitions([
+        workspaceSlugParamsValidator,
+        recordIdParamsValidator
+      ]),
+      output: null,
       idempotency: "none",
       audit: {
-        actionName: actionIds.view
+        actionName: "crud.users.view"
       },
       observability: {},
       async execute(input, context, deps) {
-        return deps.usersService.getRecord(input.recordId, {
+        return deps.usersService.getDocumentById(input.recordId, {
           context,
           visibilityContext: context?.visibilityContext
         });

package/templates/packages/users-workspace/src/server/registerRoutes.js

@@ -1,4 +1,4 @@
-import { withStandardErrorResponses } from "@jskit-ai/http-runtime/shared/validators/errorResponses";
+import { createJsonApiResourceRouteContract } from "@jskit-ai/http-runtime/shared/validators/jsonApiRouteTransport";
 import { normalizeSurfaceId } from "@jskit-ai/kernel/shared/surface/registry";
 import {
   createCrudCursorPaginationQueryValidator,
@@ -6,14 +6,37 @@ import {
 } from "@jskit-ai/crud-core/server/listQueryValidators";
 import { resolveScopedApiBasePath } from "@jskit-ai/kernel/shared/surface";
 import { checkRouteVisibility } from "@jskit-ai/kernel/shared/support/visibility";
-import { recordIdParamsValidator } from "@jskit-ai/kernel/shared/validators";
+import {
+  composeSchemaDefinitions,
+  recordIdParamsValidator
+} from "@jskit-ai/kernel/shared/validators";
 import { routeParamsValidator } from "@jskit-ai/workspaces-core/server/validators/routeParamsValidator";
 import { buildWorkspaceInputFromRouteParams } from "@jskit-ai/workspaces-core/server/support/workspaceRouteInput";
-import { actionIds } from "./actionIds.js";
-import { LIST_CONFIG } from "./listConfig.js";
 import { resource } from "../shared/userResource.js";
 
-const listCursorPaginationQueryValidator = createCrudCursorPaginationQueryValidator(LIST_CONFIG);
+const listCursorPaginationQueryValidator = createCrudCursorPaginationQueryValidator({
+  orderBy: resource.defaultSort
+});
+const listRouteQueryValidator = composeSchemaDefinitions([
+  listCursorPaginationQueryValidator,
+  listSearchQueryValidator
+]);
+const RESOURCE_ROUTE_CONTRACT_TYPE = resource.namespace;
+const listRouteContract = createJsonApiResourceRouteContract({
+  type: RESOURCE_ROUTE_CONTRACT_TYPE,
+  query: listRouteQueryValidator,
+  output: resource.operations.view.output,
+  outputKind: "collection"
+});
+const viewRouteContract = createJsonApiResourceRouteContract({
+  type: RESOURCE_ROUTE_CONTRACT_TYPE,
+  output: resource.operations.view.output,
+  outputKind: "record"
+});
+const viewRouteParamsValidator = composeSchemaDefinitions([
+  routeParamsValidator,
+  recordIdParamsValidator
+]);
 
 function registerRoutes(
   app,
@@ -43,15 +66,12 @@ function registerRoutes(
         tags: ["crud"],
         summary: "List users."
       },
-      paramsValidator: routeParamsValidator,
-      queryValidator: [listCursorPaginationQueryValidator, listSearchQueryValidator],
-      responseValidators: withStandardErrorResponses({
-        200: resource.operations.list.outputValidator
-      })
+      ...listRouteContract,
+      params: routeParamsValidator
     },
     async function (request, reply) {
       const response = await request.executeAction({
-        actionId: actionIds.list,
+        actionId: "crud.users.list",
         input: {
           ...buildWorkspaceInputFromRouteParams(request.input.params),
           ...(request.input.query || {})
@@ -72,14 +92,12 @@ function registerRoutes(
         tags: ["crud"],
         summary: "View a user."
       },
-      paramsValidator: [routeParamsValidator, recordIdParamsValidator],
-      responseValidators: withStandardErrorResponses({
-        200: resource.operations.view.outputValidator
-      })
+      ...viewRouteContract,
+      params: viewRouteParamsValidator
     },
     async function (request, reply) {
       const response = await request.executeAction({
-        actionId: actionIds.view,
+        actionId: "crud.users.view",
         input: {
           ...buildWorkspaceInputFromRouteParams(request.input.params),
           recordId: request.input.params.recordId

package/test/accountSecurityService.test.js

@@ -0,0 +1,32 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import { createService } from "../src/server/accountSecurity/accountSecurityService.js";
+
+test("account security service returns no content result for other sessions", async () => {
+  const calls = [];
+  const authService = {
+    async signOutOtherSessions(request) {
+      calls.push(request);
+      return {
+        ok: true
+      };
+    }
+  };
+
+  const service = createService({
+    userSettingsRepository: {},
+    userProfilesRepository: {},
+    authService
+  });
+
+  const request = {
+    id: "request-1"
+  };
+
+  const result = await service.logoutOtherSessions(request, {
+    id: "user-1"
+  });
+
+  assert.equal(result, null);
+  assert.deepEqual(calls, [request]);
+});

package/test/providerLifecycle.test.js

@@ -0,0 +1,63 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import { UsersCoreServiceProvider } from "../src/server/UsersCoreServiceProvider.js";
+import { WorkspacesCoreServiceProvider } from "../../workspaces-core/src/server/WorkspacesCoreServiceProvider.js";
+
+function createRegisterPhaseProbe() {
+  let makeCalls = 0;
+
+  const target = {
+    singleton() {
+      return proxy;
+    },
+    service() {
+      return proxy;
+    },
+    actions() {
+      return proxy;
+    },
+    instance() {
+      return proxy;
+    },
+    tag() {
+      return proxy;
+    },
+    has() {
+      return false;
+    },
+    make() {
+      makeCalls += 1;
+      return null;
+    }
+  };
+
+  const proxy = new Proxy(target, {
+    get(source, property) {
+      if (property === "makeCalls") {
+        return makeCalls;
+      }
+      if (Object.prototype.hasOwnProperty.call(source, property)) {
+        return source[property];
+      }
+      return () => proxy;
+    }
+  });
+
+  return proxy;
+}
+
+test("UsersCoreServiceProvider register phase does not resolve container services eagerly", async () => {
+  const app = createRegisterPhaseProbe();
+
+  await new UsersCoreServiceProvider().register(app);
+
+  assert.equal(app.makeCalls, 0);
+});
+
+test("WorkspacesCoreServiceProvider register phase does not resolve container services eagerly", async () => {
+  const app = createRegisterPhaseProbe();
+
+  await new WorkspacesCoreServiceProvider().register(app);
+
+  assert.equal(app.makeCalls, 0);
+});

package/test/registerCommonRepositories.test.js

@@ -18,14 +18,34 @@ test("registerCommonRepositories exposes the shared users-core repositories", as
 
   const scope = {
     make(token) {
-      assert.equal(token, "jskit.database.knex");
-      return Object.assign(() => {
-        throw new Error("query execution not expected");
-      }, {
-        async transaction(work) {
-          return work({ trxId: "trx-1" });
-        }
-      });
+      if (token === "internal.json-rest-api") {
+        return {
+          resources: {
+            userSettings: {
+              query() {},
+              post() {},
+              patch() {}
+            },
+            userProfiles: {
+              query() {},
+              post() {},
+              patch() {}
+            }
+          }
+        };
+      }
+
+      if (token === "jskit.database.knex") {
+        return Object.assign(() => {
+          throw new Error("query execution not expected");
+        }, {
+          async transaction(work) {
+            return work({ trxId: "trx-1" });
+          }
+        });
+      }
+
+      throw new Error(`Unexpected token: ${token}`);
     }
   };
 

package/test/repositoryContracts.test.js

@@ -1,5 +1,6 @@
 import assert from "node:assert/strict";
 import test from "node:test";
+import { DEFAULT_USER_SETTINGS } from "../src/shared/settings.js";
 import { createRepository as createUserProfilesRepository } from "../src/server/common/repositories/userProfilesRepository.js";
 import { createRepository as createUserSettingsRepository } from "../src/server/common/repositories/userSettingsRepository.js";
 
@@ -17,7 +18,24 @@ function createKnexStub() {
 
 test("users-core repositories expose withTransaction", async () => {
   const knex = createKnexStub();
-  const repositories = [createUserProfilesRepository(knex), createUserSettingsRepository(knex)];
+  const api = {
+    resources: {
+      userProfiles: {
+        async query() {
+          return { data: [] };
+        }
+      },
+      userSettings: {
+        async query() {
+          return { data: [] };
+        }
+      }
+    }
+  };
+  const repositories = [
+    createUserProfilesRepository({ api, knex }),
+    createUserSettingsRepository({ api, knex })
+  ];
 
   for (const repository of repositories) {
     assert.equal(typeof repository.withTransaction, "function");
@@ -26,43 +44,171 @@ test("users-core repositories expose withTransaction", async () => {
   }
 });
 
-function createFindByEmailKnexStub(expectedRow) {
+function createUserProfilesApiStub(expectedRecord) {
   const calls = [];
-  const knex = Object.assign((tableName) => {
-    assert.equal(tableName, "users");
-    return {
-      where(criteria) {
-        calls.push(criteria);
-        return {
-          async first() {
-            return expectedRow;
+
+  return {
+    calls,
+    api: {
+      resources: {
+        userProfiles: {
+          async query({ queryParams }) {
+            calls.push(queryParams?.filters || {});
+            return {
+              data: expectedRecord ? [{
+                type: "userProfiles",
+                id: String(expectedRecord.id),
+                attributes: {
+                  authProvider: expectedRecord.authProvider,
+                  authProviderUserSid: expectedRecord.authProviderUserSid,
+                  email: expectedRecord.email,
+                  username: expectedRecord.username,
+                  displayName: expectedRecord.displayName,
+                  avatarStorageKey: expectedRecord.avatarStorageKey,
+                  avatarVersion: expectedRecord.avatarVersion,
+                  avatarUpdatedAt: expectedRecord.avatarUpdatedAt,
+                  createdAt: expectedRecord.createdAt
+                }
+              }] : []
+            };
           }
-        };
+        }
+      }
+    }
+  };
+}
+
+test("userSettingsRepository.ensureForUserId sends transaction outside simplified attributes", async () => {
+  const trx = { trxId: "trx-1" };
+  let queryCount = 0;
+  let postParams = null;
+  const repository = createUserSettingsRepository({
+    knex: createKnexStub(),
+    api: {
+      resources: {
+        userSettings: {
+          async query() {
+            queryCount += 1;
+            return queryCount < 2
+              ? { data: [] }
+              : {
+                  data: [{
+                    type: "userSettings",
+                    id: "7",
+                    attributes: {
+                      ...DEFAULT_USER_SETTINGS
+                    }
+                  }]
+                };
+          },
+          async post(params) {
+            postParams = params;
+            return {
+              data: {
+                type: "userSettings",
+                id: "7",
+                attributes: {
+                  ...DEFAULT_USER_SETTINGS
+                }
+              }
+            };
+          }
+        }
       }
-    };
-  }, {
-    async transaction(work) {
-      return work({ trxId: "trx-1" });
     }
   });
 
-  return { knex, calls };
-}
+  const record = await repository.ensureForUserId("7", { trx });
+
+  assert.equal(postParams?.simplified, false);
+  assert.equal(postParams?.transaction, trx);
+  assert.deepEqual(postParams?.inputRecord?.data, {
+    type: "userSettings",
+    id: "7",
+    attributes: {
+      id: "7",
+      ...DEFAULT_USER_SETTINGS
+    }
+  });
+  assert.equal(record?.id, "7");
+});
+
+test("userProfilesRepository.upsert sends native JSON:API write documents with transaction outside the record body", async () => {
+  const trx = { trxId: "trx-1" };
+  let postParams = null;
+  const repository = createUserProfilesRepository({
+    knex: createKnexStub(),
+    api: {
+      resources: {
+        userProfiles: {
+          async query({ queryParams }) {
+            const filters = queryParams?.filters || {};
+            if (Object.hasOwn(filters, "authProvider") || Object.hasOwn(filters, "authProviderUserSid")) {
+              return { data: [] };
+            }
+            if (Object.hasOwn(filters, "username")) {
+              return { data: [] };
+            }
+            return { data: [] };
+          },
+          async post(params) {
+            postParams = params;
+            const attributes = params.inputRecord?.data?.attributes || {};
+            return {
+              data: {
+                type: "userProfiles",
+                id: "11",
+                attributes: {
+                  authProvider: attributes.authProvider,
+                  authProviderUserSid: attributes.authProviderUserSid,
+                  email: attributes.email,
+                  username: attributes.username,
+                  displayName: attributes.displayName,
+                  avatarStorageKey: null,
+                  avatarVersion: null,
+                  avatarUpdatedAt: null,
+                  createdAt: attributes.createdAt
+                }
+              }
+            };
+          }
+        }
+      }
+    }
+  });
+
+  const record = await repository.upsert({
+    authProvider: "supabase",
+    authProviderUserSid: "user-11",
+    email: "ada@example.com",
+    displayName: "Ada Example"
+  }, { trx });
+
+  assert.equal(postParams?.simplified, false);
+  assert.equal(postParams?.transaction, trx);
+  assert.equal(postParams?.inputRecord?.transaction, undefined);
+  assert.equal(postParams?.inputRecord?.data?.type, "userProfiles");
+  assert.equal(postParams?.inputRecord?.data?.attributes?.authProvider, "supabase");
+  assert.equal(record?.id, "11");
+});
 
 test("userProfilesRepository.findByEmail normalizes email lookup", async () => {
-  const { knex, calls } = createFindByEmailKnexStub({
+  const { api, calls } = createUserProfilesApiStub({
     id: 7,
-    auth_provider: "supabase",
-    auth_provider_user_sid: "supabase-user-7",
+    authProvider: "supabase",
+    authProviderUserSid: "supabase-user-7",
     email: "ada@example.com",
     username: "ada",
-    display_name: "Ada Example",
-    avatar_storage_key: null,
-    avatar_version: null,
-    avatar_updated_at: null,
-    created_at: "2026-04-20T00:00:00.000Z"
+    displayName: "Ada Example",
+    avatarStorageKey: null,
+    avatarVersion: null,
+    avatarUpdatedAt: null,
+    createdAt: "2026-04-20T00:00:00.000Z"
+  });
+  const repository = createUserProfilesRepository({
+    api,
+    knex: createKnexStub()
   });
-  const repository = createUserProfilesRepository(knex);
 
   const profile = await repository.findByEmail(" ADA@EXAMPLE.COM ");
 
@@ -73,8 +219,11 @@ test("userProfilesRepository.findByEmail normalizes email lookup", async () => {
 });
 
 test("userProfilesRepository.findByEmail returns null when the row is missing", async () => {
-  const { knex } = createFindByEmailKnexStub(undefined);
-  const repository = createUserProfilesRepository(knex);
+  const { api } = createUserProfilesApiStub(undefined);
+  const repository = createUserProfilesRepository({
+    api,
+    knex: createKnexStub()
+  });
 
   const profile = await repository.findByEmail("missing@example.com");
 

package/test/resourcesCanonical.test.js

@@ -3,7 +3,7 @@ import assert from "node:assert/strict";
 import path from "node:path";
 import { existsSync } from "node:fs";
 import { fileURLToPath } from "node:url";
-import "../test-support/registerDefaultSettingsFields.js";
+import { resolveStructuredSchemaTransportSchema } from "@jskit-ai/kernel/shared/validators";
 import { userProfileResource } from "../src/shared/resources/userProfileResource.js";
 import { userSettingsResource } from "../src/shared/resources/userSettingsResource.js";
 
@@ -51,22 +51,29 @@ test("users-core specialized resource operations expose messages and validators"
 
   for (const { label, operation } of operationSpecs) {
     assert.equal(typeof operation?.messages, "object", `${label}.messages must be an object.`);
-    assert.equal(typeof operation?.outputValidator?.schema, "object", `${label}.outputValidator.schema must exist.`);
-    if (operation?.bodyValidator) {
-      assert.equal(typeof operation.bodyValidator.schema, "object", `${label}.bodyValidator.schema must exist.`);
+    assert.equal(
+      typeof resolveStructuredSchemaTransportSchema(operation?.output, {
+        context: `${label}.output`,
+        defaultMode: "replace"
+      }),
+      "object",
+      `${label}.output transport schema must exist.`
+    );
+    if (operation?.body) {
+      assert.equal(typeof operation.body.schema, "object", `${label}.body.schema must exist.`);
     }
-    if (operation?.paramsValidator) {
-      assert.equal(typeof operation.paramsValidator.schema, "object", `${label}.paramsValidator.schema must exist.`);
+    if (operation?.params) {
+      assert.equal(typeof operation.params.schema, "object", `${label}.params.schema must exist.`);
     }
-    if (operation?.queryValidator) {
-      assert.equal(typeof operation.queryValidator.schema, "object", `${label}.queryValidator.schema must exist.`);
+    if (operation?.query) {
+      assert.equal(typeof operation.query.schema, "object", `${label}.query.schema must exist.`);
     }
   }
 });
 
-test("users-core no longer contains legacy shared/schema directory", () => {
+test("users-core does not contain src/shared/schema", () => {
   const testFilePath = fileURLToPath(import.meta.url);
   const packageRoot = path.resolve(path.dirname(testFilePath), "..");
-  const legacySchemaDir = path.join(packageRoot, "src", "shared", "schema");
-  assert.equal(existsSync(legacySchemaDir), false, "src/shared/schema must not exist.");
+  const sharedSchemaDirPath = path.join(packageRoot, "src", "shared", "schema");
+  assert.equal(existsSync(sharedSchemaDirPath), false, "src/shared/schema must not exist.");
 });

package/test/userSettingsInternalResource.test.js

@@ -0,0 +1,8 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import { userSettingsResource } from "../src/shared/resources/userSettingsResource.js";
+
+test("shared user settings resource declares user_id as the resource id column", () => {
+  assert.equal(userSettingsResource.idProperty, "user_id");
+  assert.equal(userSettingsResource.schema.id?.storage?.column, "user_id");
+});

package/test/userSettingsResource.test.js

@@ -1,19 +1,21 @@
 import test from "node:test";
 import assert from "node:assert/strict";
 import { validateOperationSection } from "@jskit-ai/http-runtime/shared/validators/operationValidation";
-import "../test-support/registerDefaultSettingsFields.js";
-import { userSettingsResource } from "../src/shared/resources/userSettingsResource.js";
+import {
+  USER_SETTINGS_ALL_KEYS,
+  userSettingsResource
+} from "../src/shared/resources/userSettingsResource.js";
 
 function parseBody(operation, payload = {}) {
   return validateOperationSection({
     operation,
-    section: "bodyValidator",
+    section: "body",
     value: payload
   });
 }
 
-test("user settings preferences update keeps required string validation after normalization", () => {
-  const parsed = parseBody(userSettingsResource.operations.preferencesUpdate, {
+test("user settings preferences update keeps required string validation", async () => {
+  const parsed = await parseBody(userSettingsResource.operations.preferencesUpdate, {
     theme: "   "
   });
 
@@ -21,11 +23,26 @@ test("user settings preferences update keeps required string validation after no
   assert.equal(typeof parsed.fieldErrors.theme, "string");
 });
 
-test("user settings notifications update rejects non-boolean values", () => {
-  const parsed = parseBody(userSettingsResource.operations.notificationsUpdate, {
+test("user settings notifications update rejects non-boolean values", async () => {
+  const parsed = await parseBody(userSettingsResource.operations.notificationsUpdate, {
     productUpdates: "yes"
   });
 
   assert.equal(parsed.ok, false);
   assert.equal(typeof parsed.fieldErrors.productUpdates, "string");
 });
+
+async function importWithIdentity(url, identity) {
+  return import(`${url.href}?identity=${identity}`);
+}
+
+test("user settings key exports stay stable across module identities", async () => {
+  const userModuleUrl = new URL("../src/shared/resources/userSettingsResource.js", import.meta.url);
+
+  const userA = await importWithIdentity(userModuleUrl, "user-a");
+  const userB = await importWithIdentity(userModuleUrl, "user-b");
+
+  assert.deepEqual(userA.USER_SETTINGS_ALL_KEYS, userB.USER_SETTINGS_ALL_KEYS);
+  assert.deepEqual(userA.USER_SETTINGS_ALL_KEYS, USER_SETTINGS_ALL_KEYS);
+  assert.ok(Object.isFrozen(userA.USER_SETTINGS_ALL_KEYS));
+});