@lowdefy/api 5.1.0 → 5.2.0

package/dist/context/createApiContext.js

@@ -16,7 +16,6 @@
 import createReadConfigFile from './createReadConfigFile.js';
 function createApiContext(context) {
     context.state = {};
-    context.steps = {};
     context.user = context?.session?.user;
     context.authorize = createAuthorize(context);
     context.readConfigFile = createReadConfigFile(context);

package/dist/context/createEvaluateOperators.js

@@ -14,21 +14,21 @@
   limitations under the License.
 */ import { ServerParser } from '@lowdefy/operators';
 function createEvaluateOperators(context) {
-    const { jsMap, operators, payload, secrets, state, steps, user } = context;
+    const { jsMap, operators, secrets, state, user } = context;
     const operatorsParser = new ServerParser({
         jsMap,
         operators,
-        payload,
         secrets,
         state,
-        steps,
         user
     });
-    function evaluateOperators({ input, items, location }) {
+    function evaluateOperators({ input, items, location, payload, steps }) {
         const { output, errors } = operatorsParser.parse({
             input,
             items,
-            location
+            location,
+            payload,
+            steps
         });
         if (errors.length > 0) {
             throw errors[0];

package/dist/routes/auth/getNextAuthConfig.js

@@ -27,13 +27,13 @@ function getNextAuthConfig({ authJson, logger, plugins, secrets }) {
         operators: {
             _secret
         },
-        payload: {},
         secrets,
         user: {}
     });
     const { output: authConfig, errors: operatorErrors } = operatorsParser.parse({
         input: authJson,
-        location: 'auth'
+        location: 'auth',
+        payload: {}
     });
     if (operatorErrors.length > 0) {
         throw operatorErrors[0];

package/dist/routes/endpoints/addStepResult.js

@@ -13,11 +13,11 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 */ import { set } from '@lowdefy/helpers';
-function addStepResult(context, { arrayIndices }, { result, stepId }) {
+function addStepResult(context, routineContext, { result, stepId }) {
     const key = [
         stepId,
-        ...arrayIndices
+        ...routineContext.arrayIndices
     ].join('.');
-    set(context.steps, key, result);
+    set(routineContext.steps, key, result);
 }
 export default addStepResult;

package/dist/routes/endpoints/callEndpoint.js

@@ -13,6 +13,7 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 */ import { serializer } from '@lowdefy/helpers';
+import { ConfigError } from '@lowdefy/errors';
 import authorizeApiEndpoint from './authorizeApiEndpoint.js';
 import createEvaluateOperators from '../../context/createEvaluateOperators.js';
 import getEndpointConfig from './getEndpointConfig.js';
@@ -22,7 +23,6 @@ async function callEndpoint(context, { blockId, endpointId, pageId, payload }) {
     context.blockId = blockId;
     context.endpointId = endpointId;
     context.pageId = pageId;
-    context.payload = serializer.deserialize(payload);
     context.evaluateOperators = createEvaluateOperators(context);
     logger.debug({
         event: 'debug_endpoint',
@@ -34,12 +34,26 @@ async function callEndpoint(context, { blockId, endpointId, pageId, payload }) {
     const endpointConfig = await getEndpointConfig(context, {
         endpointId
     });
+    // Block HTTP access to InternalApi endpoints — same error as missing endpoint
+    if (endpointConfig.type === 'InternalApi') {
+        const err = new ConfigError(`API Endpoint "${endpointId}" does not exist.`);
+        logger.debug({
+            params: {
+                endpointId
+            },
+            err
+        }, err.message);
+        throw err;
+    }
     authorizeApiEndpoint(context, {
         endpointConfig
     });
     const routineContext = {
+        steps: {},
+        payload: serializer.deserialize(payload),
         arrayIndices: [],
-        items: {}
+        items: {},
+        endpointDepth: 0
     };
     const { error, response, status } = await runRoutine(context, routineContext, {
         routine: endpointConfig.routine

package/dist/routes/endpoints/control/controlFor.js

@@ -24,7 +24,9 @@ async function controlFor(context, routineContext, { control }) {
     const array = evaluateOperators({
         input: control[':in'],
         items,
-        location: control['~k'] ?? ':for'
+        location: control['~k'] ?? ':for',
+        steps: routineContext.steps,
+        payload: routineContext.payload
     });
     logger.debug({
         event: 'debug_control_for',

package/dist/routes/endpoints/control/controlIf.js

@@ -19,7 +19,9 @@ async function controlIf(context, routineContext, { control }) {
     const evaluatedIf = evaluateOperators({
         input: control[':if'],
         items,
-        location: control['~k'] ?? ':if'
+        location: control['~k'] ?? ':if',
+        steps: routineContext.steps,
+        payload: routineContext.payload
     });
     logger.debug({
         event: 'debug_control_if',

package/dist/routes/endpoints/control/controlLog.js

@@ -24,12 +24,16 @@ async function controlLog(context, routineContext, { control }) {
     const log = evaluateOperators({
         input: control[':log'],
         items,
-        location
+        location,
+        steps: routineContext.steps,
+        payload: routineContext.payload
     });
     const logLevel = evaluateOperators({
         input: control[':level'],
         items,
-        location
+        location,
+        steps: routineContext.steps,
+        payload: routineContext.payload
     }) ?? 'info';
     if (!type.isString(logLevel)) {
         throw new ConfigError(`Invalid :log in endpoint "${endpointId}" - :level must be a string.`, {

package/dist/routes/endpoints/control/controlParallelFor.js

@@ -24,7 +24,9 @@ async function controlParallelFor(context, routineContext, { control }) {
     const array = evaluateOperators({
         input: control[':in'],
         items,
-        location: control['~k'] ?? ':parallel_for'
+        location: control['~k'] ?? ':parallel_for',
+        steps: routineContext.steps,
+        payload: routineContext.payload
     });
     logger.debug({
         event: 'debug_control_parallel',

package/dist/routes/endpoints/control/controlReject.js

@@ -19,12 +19,16 @@
     const message = evaluateOperators({
         input: control[':reject'],
         items,
-        location
+        location,
+        steps: routineContext.steps,
+        payload: routineContext.payload
     });
     const cause = evaluateOperators({
         input: control[':cause'],
         items,
-        location
+        location,
+        steps: routineContext.steps,
+        payload: routineContext.payload
     });
     const error = new Error(message, {
         cause

package/dist/routes/endpoints/control/controlReturn.js

@@ -18,7 +18,9 @@
     const response = evaluateOperators({
         input: control[':return'],
         items,
-        location: control['~k'] ?? ':return'
+        location: control['~k'] ?? ':return',
+        steps: routineContext.steps,
+        payload: routineContext.payload
     });
     context.logger.debug({
         event: 'debug_control_return',

package/dist/routes/endpoints/control/controlSetState.js

@@ -1,11 +1,27 @@
-import { set } from '@lowdefy/helpers';
+/*
+  Copyright 2020-2026 Lowdefy, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/ import { set } from '@lowdefy/helpers';
 function controlSetState(context, routineContext, { control }) {
     const { logger, evaluateOperators } = context;
     const { items } = routineContext;
     const evaluatedSetState = evaluateOperators({
         input: control[':set_state'],
         items,
-        location: control['~k'] ?? ':set_state'
+        location: control['~k'] ?? ':set_state',
+        steps: routineContext.steps,
+        payload: routineContext.payload
     });
     logger.debug({
         event: 'debug_control_set_state',

package/dist/routes/endpoints/control/controlSwitch.js

@@ -24,7 +24,9 @@ async function controlSwitch(context, routineContext, { control }) {
         const evaluatedCase = evaluateOperators({
             input: caseObj[':case'],
             items,
-            location: caseObj['~k'] ?? control['~k'] ?? ':switch'
+            location: caseObj['~k'] ?? control['~k'] ?? ':switch',
+            steps: routineContext.steps,
+            payload: routineContext.payload
         });
         logger.debug({
             event: 'debug_control_switch_case',

package/dist/routes/endpoints/control/controlThrow.js

@@ -19,12 +19,16 @@
     const message = evaluateOperators({
         input: control[':throw'],
         items,
-        location
+        location,
+        steps: routineContext.steps,
+        payload: routineContext.payload
     });
     const cause = evaluateOperators({
         input: control[':cause'],
         items,
-        location
+        location,
+        steps: routineContext.steps,
+        payload: routineContext.payload
     });
     const error = new Error(message, {
         cause

package/dist/routes/endpoints/handleEndpointCall.js

@@ -0,0 +1,79 @@
+/*
+  Copyright 2020-2026 Lowdefy, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/ import { ConfigError } from '@lowdefy/errors';
+import addStepResult from './addStepResult.js';
+import authorizeApiEndpoint from './authorizeApiEndpoint.js';
+import getEndpointConfig from './getEndpointConfig.js';
+import runRoutine from './runRoutine.js';
+async function handleEndpointCall(context, routineContext, { step }) {
+    const { logger, evaluateOperators } = context;
+    logger.debug({
+        event: 'debug_start_endpoint_call',
+        step
+    });
+    // Evaluate operators in step.properties (resolves endpointId, payload)
+    const evaluatedProperties = evaluateOperators({
+        input: step.properties,
+        items: routineContext.items,
+        location: step.stepId,
+        payload: routineContext.payload,
+        steps: routineContext.steps
+    });
+    // Check recursion depth
+    const currentDepth = routineContext.endpointDepth ?? 0;
+    if (currentDepth >= 10) {
+        throw new ConfigError('Endpoint call depth exceeded maximum of 10. Check for recursive endpoint calls.');
+    }
+    // Load target endpoint config
+    const endpointConfig = await getEndpointConfig(context, {
+        endpointId: evaluatedProperties.endpointId
+    });
+    // Authorize current user against target endpoint
+    authorizeApiEndpoint(context, {
+        endpointConfig
+    });
+    // Create isolated routineContext for the called endpoint
+    const childRoutineContext = {
+        steps: {},
+        payload: evaluatedProperties.payload ?? {},
+        arrayIndices: [],
+        items: {},
+        endpointDepth: currentDepth + 1
+    };
+    // Run the target endpoint's routine
+    const result = await runRoutine(context, childRoutineContext, {
+        routine: endpointConfig.routine
+    });
+    // Store the return value in the caller's steps
+    const response = result.status === 'return' ? result.response : null;
+    addStepResult(context, routineContext, {
+        result: response,
+        stepId: step.stepId
+    });
+    // Propagate errors and rejects to the caller
+    if (result.status === 'error' || result.status === 'reject') {
+        return result;
+    }
+    logger.debug({
+        event: 'debug_end_endpoint_call',
+        stepId: step.stepId,
+        targetEndpointId: evaluatedProperties.endpointId,
+        response
+    });
+    return {
+        status: 'continue'
+    };
+}
+export default handleEndpointCall;

package/dist/routes/endpoints/handleRequest.js

@@ -42,7 +42,9 @@ async function handleRequest(context, routineContext, { request }) {
     const { connectionProperties, requestProperties } = evaluateOperators(context, {
         connectionConfig,
         items,
-        requestConfig
+        payload: routineContext.payload,
+        requestConfig,
+        steps: routineContext.steps
     });
     checkConnectionRead(context, {
         connectionConfig,
@@ -71,7 +73,7 @@ async function handleRequest(context, routineContext, { request }) {
     });
     addStepResult(context, routineContext, {
         result,
-        stepId: request.requestId
+        stepId: request.stepId
     });
     context.logger.debug({
         event: 'debug_end_request',

package/dist/routes/endpoints/runRoutine.js

@@ -13,8 +13,9 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 */ import { type } from '@lowdefy/helpers';
-import handleRequest from './handleRequest.js';
 import handleControl from './control/handleControl.js';
+import handleEndpointCall from './handleEndpointCall.js';
+import handleRequest from './handleRequest.js';
 async function runRoutine(context, routineContext, { routine }) {
     try {
         if (type.isObject(routine)) {
@@ -23,6 +24,11 @@ async function runRoutine(context, routineContext, { routine }) {
                     request: routine
                 });
             }
+            if (routine.id?.startsWith?.('endpoint:')) {
+                return await handleEndpointCall(context, routineContext, {
+                    step: routine
+                });
+            }
             return await handleControl(context, routineContext, {
                 control: routine
             });

package/dist/routes/endpoints/test/runTest.js

@@ -65,7 +65,7 @@ const logger = {
     // error: console.error,
     error: jest.fn()
 };
-function createTextContext({ payload }) {
+function createTextContext() {
     const context = testContext({
         connections,
         operators,
@@ -78,21 +78,17 @@ function createTextContext({ payload }) {
             }
         }
     });
-    context.payload = payload;
-    context.steps = {};
     context.blockId = 'blockId';
     context.pageId = 'pageId';
     context.endpointId = 'endpointId';
-    context.evaluateOperators = createEvaluateOperators(context, {
-        payload
-    });
+    context.evaluateOperators = createEvaluateOperators(context);
     return context;
 }
 async function runTest({ routine, payload = {} }) {
-    const context = createTextContext({
-        payload
-    });
+    const context = createTextContext();
     const routineContext = {
+        steps: {},
+        payload,
         items: {},
         arrayIndices: []
     };
@@ -101,7 +97,8 @@ async function runTest({ routine, payload = {} }) {
     });
     return {
         res,
-        context
+        context,
+        routineContext
     };
 }
 export default runTest;

package/dist/routes/page/getPageConfig.js

@@ -14,7 +14,7 @@
   limitations under the License.
 */ import { serializer } from '@lowdefy/helpers';
 async function getPageConfig({ authorize, readConfigFile }, { pageId }) {
-    const pageConfig = await readConfigFile(`pages/${pageId}/${pageId}.json`);
+    const pageConfig = await readConfigFile(`pages/${pageId}.json`);
     if (pageConfig && authorize(pageConfig)) {
         // eslint-disable-next-line no-unused-vars
         const { auth, ...rest } = pageConfig;

package/dist/routes/request/callRequest.js

@@ -28,7 +28,8 @@ async function callRequest(context, { blockId, pageId, payload, requestId }) {
     const { logger } = context;
     context.blockId = blockId;
     context.pageId = pageId;
-    context.payload = serializer.deserialize(payload);
+    const requestPayload = serializer.deserialize(payload);
+    context.payload = requestPayload;
     context.evaluateOperators = createEvaluateOperators(context);
     logger.debug({
         event: 'debug_request',
@@ -56,7 +57,9 @@ async function callRequest(context, { blockId, pageId, payload, requestId }) {
     });
     const { connectionProperties, requestProperties } = evaluateOperators(context, {
         connectionConfig,
-        requestConfig
+        payload: requestPayload,
+        requestConfig,
+        steps: {}
     });
     checkConnectionRead(context, {
         connectionConfig,

package/dist/routes/request/callRequestResolver.js

@@ -14,6 +14,8 @@
   limitations under the License.
 */ import { ConfigError, RequestError, ServiceError } from '@lowdefy/errors';
 async function callRequestResolver({ blockId, endpointId, logger, pageId, payload }, { connectionProperties, requestConfig, requestProperties, requestResolver }) {
+    // stepId for endpoint steps (after build), requestId for page requests
+    const stepOrRequestId = requestConfig.stepId ?? requestConfig.requestId;
     try {
         const response = await requestResolver({
             blockId,
@@ -23,7 +25,7 @@ async function callRequestResolver({ blockId, endpointId, logger, pageId, payloa
             pageId,
             payload,
             request: requestProperties,
-            requestId: requestConfig.requestId
+            requestId: stepOrRequestId
         });
         return response;
     } catch (error) {
@@ -34,7 +36,7 @@ async function callRequestResolver({ blockId, endpointId, logger, pageId, payloa
         if (error instanceof ConfigError) {
             logger.debug({
                 params: {
-                    id: requestConfig.requestId,
+                    id: stepOrRequestId,
                     type: requestConfig.type
                 },
                 err: error
@@ -50,7 +52,7 @@ async function callRequestResolver({ blockId, endpointId, logger, pageId, payloa
             });
             logger.debug({
                 params: {
-                    id: requestConfig.requestId,
+                    id: stepOrRequestId,
                     type: requestConfig.type
                 },
                 err: serviceError
@@ -62,12 +64,12 @@ async function callRequestResolver({ blockId, endpointId, logger, pageId, payloa
             cause: error,
             typeName: requestConfig.type,
             received: requestProperties,
-            location: `${requestConfig.connectionId}/${requestConfig.requestId}`,
+            location: `${requestConfig.connectionId}/${stepOrRequestId}`,
             configKey: requestConfig['~k']
         });
         logger.debug({
             params: {
-                id: requestConfig.requestId,
+                id: stepOrRequestId,
                 type: requestConfig.type
             },
             err: requestError

package/dist/routes/request/evaluateOperators.js

@@ -12,15 +12,19 @@
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
-*/ function evaluateOperators({ evaluateOperators }, { connectionConfig, items, requestConfig }) {
+*/ function evaluateOperators({ evaluateOperators }, { connectionConfig, items, payload, requestConfig, steps }) {
     const connectionProperties = evaluateOperators({
         input: connectionConfig.properties || {},
-        location: connectionConfig.connectionId
+        location: connectionConfig.connectionId,
+        payload,
+        steps
     });
     const requestProperties = evaluateOperators({
         input: requestConfig.properties || {},
         items,
-        location: requestConfig.requestId
+        location: requestConfig.stepId ?? requestConfig.requestId,
+        payload,
+        steps
     });
     return {
         connectionProperties,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lowdefy/api",
-  "version": "5.1.0",
+  "version": "5.2.0",
   "license": "Apache-2.0",
   "description": "",
   "homepage": "https://lowdefy.com",
@@ -34,13 +34,13 @@
     "dist/*"
   ],
   "dependencies": {
-    "@lowdefy/ajv": "5.1.0",
-    "@lowdefy/errors": "5.1.0",
-    "@lowdefy/helpers": "5.1.0",
-    "@lowdefy/node-utils": "5.1.0",
-    "@lowdefy/nunjucks": "5.1.0",
-    "@lowdefy/operators": "5.1.0",
-    "@lowdefy/operators-js": "5.1.0"
+    "@lowdefy/ajv": "5.2.0",
+    "@lowdefy/errors": "5.2.0",
+    "@lowdefy/helpers": "5.2.0",
+    "@lowdefy/node-utils": "5.2.0",
+    "@lowdefy/nunjucks": "5.2.0",
+    "@lowdefy/operators": "5.2.0",
+    "@lowdefy/operators-js": "5.2.0"
   },
   "devDependencies": {
     "@jest/globals": "28.1.3",