@morojs/moro 1.6.1 → 1.6.2

package/src/core/config/file-loader.ts

@@ -1,11 +1,16 @@
 // Configuration File Loader - Load moro.config.js/ts files
 import { existsSync } from 'fs';
 import { join } from 'path';
-import { AppConfig } from './schema';
-import { createFrameworkLogger } from '../logger';
+import { createRequire } from 'module';
+import { AppConfig } from './schema.js';
+import { createFrameworkLogger } from '../logger/index.js';
 
 const logger = createFrameworkLogger('ConfigFile');
 
+// Create require function for ESM to enable synchronous config loading
+// Use process.cwd() as base since we're loading with absolute paths anyway
+const moduleRequire = createRequire(join(process.cwd(), 'index.js'));
+
 /**
  * Supported configuration file names in order of preference
  */
@@ -23,55 +28,26 @@ export function loadConfigFileSync(cwd: string = process.cwd()): Partial<AppConf
     logger.debug('No configuration file found');
     return null;
   }
-  // Handle TypeScript files by trying dynamic import (works with tsx/ts-node runtimes)
-  if (configFile.endsWith('.ts')) {
-    logger.debug('Found TypeScript config file, attempting to load with dynamic import');
-    try {
-      // When running under tsx/ts-node, dynamic imports work synchronously for TypeScript
-      // We can use require() with the current environment that already has TypeScript support
-      const config = require(configFile);
-      const configData = config.default || config;
-
-      if (!configData || typeof configData !== 'object') {
-        logger.warn(`Configuration file ${configFile} did not export a valid configuration object`);
-        return null;
-      }
-
-      logger.info(`TypeScript configuration loaded from: ${configFile}`);
-      return configData;
-    } catch (error) {
-      logger.debug(
-        'TypeScript config loading failed in sync mode, this is expected if not running with tsx/ts-node'
-      );
-      logger.debug('Error details:', String(error));
-      return null;
-    }
-  }
-
-  // Only .js files use the standard synchronous loading
-  if (!configFile.endsWith('.js')) {
-    logger.debug(
-      'Found config file with unsupported extension. Only .js and .ts files are supported.'
-    );
-    return null;
-  }
 
   logger.debug(`Loading configuration from: ${configFile}`);
 
   try {
-    // Clear module cache to ensure fresh load
-    delete require.cache[require.resolve(configFile)];
+    // Use createRequire to enable synchronous loading in ESM
+    // Clear the require cache to ensure fresh config on each load
+    delete moduleRequire.cache[moduleRequire.resolve(configFile)];
 
-    const config = require(configFile);
-    const configData = config.default || config;
+    const configModule = moduleRequire(configFile);
 
-    if (!configData || typeof configData !== 'object') {
+    // Handle ES module default export
+    const config = configModule.default || configModule;
+
+    if (!config || typeof config !== 'object') {
       logger.warn(`Configuration file ${configFile} did not export a valid configuration object`);
       return null;
     }
 
     logger.info(`Configuration loaded from: ${configFile}`);
-    return configData;
+    return config;
   } catch (error) {
     logger.error(`Failed to load configuration file ${configFile}:`, String(error));
     logger.warn('Falling back to environment variable configuration');
@@ -172,236 +148,3 @@ async function setupTypeScriptLoader(): Promise<void> {
   // the TypeScript transpilation is already handled by those tools.
   logger.debug('TypeScript config loading delegated to runtime environment');
 }
-
-/**
- * Convert a configuration object to environment variable mappings
- * This function flattens the config object and sets corresponding environment variables
- */
-export function applyConfigAsEnvironmentVariables(config: Partial<AppConfig>): void {
-  if (!config || typeof config !== 'object') {
-    return;
-  }
-
-  // Apply server configuration
-  if (config.server) {
-    setEnvIfNotSet('PORT', config.server.port?.toString());
-    setEnvIfNotSet('HOST', config.server.host);
-    setEnvIfNotSet('NODE_ENV', config.server.environment);
-    setEnvIfNotSet('MAX_CONNECTIONS', config.server.maxConnections?.toString());
-    setEnvIfNotSet('REQUEST_TIMEOUT', config.server.timeout?.toString());
-  }
-
-  // Apply database configuration
-  if (config.database) {
-    setEnvIfNotSet('DATABASE_URL', config.database.url);
-
-    if (config.database.redis) {
-      setEnvIfNotSet('REDIS_URL', config.database.redis.url);
-      setEnvIfNotSet('REDIS_MAX_RETRIES', config.database.redis.maxRetries?.toString());
-      setEnvIfNotSet('REDIS_RETRY_DELAY', config.database.redis.retryDelay?.toString());
-      setEnvIfNotSet('REDIS_KEY_PREFIX', config.database.redis.keyPrefix);
-    }
-
-    if (config.database.mysql) {
-      setEnvIfNotSet('MYSQL_HOST', config.database.mysql.host);
-      setEnvIfNotSet('MYSQL_PORT', config.database.mysql.port?.toString());
-      setEnvIfNotSet('MYSQL_DATABASE', config.database.mysql.database);
-      setEnvIfNotSet('MYSQL_USERNAME', config.database.mysql.username);
-      setEnvIfNotSet('MYSQL_PASSWORD', config.database.mysql.password);
-      setEnvIfNotSet('MYSQL_CONNECTION_LIMIT', config.database.mysql.connectionLimit?.toString());
-      setEnvIfNotSet('MYSQL_ACQUIRE_TIMEOUT', config.database.mysql.acquireTimeout?.toString());
-      setEnvIfNotSet('MYSQL_TIMEOUT', config.database.mysql.timeout?.toString());
-    }
-  }
-
-  // Apply service discovery configuration
-  if (config.serviceDiscovery) {
-    setEnvIfNotSet('SERVICE_DISCOVERY_ENABLED', config.serviceDiscovery.enabled?.toString());
-    setEnvIfNotSet('DISCOVERY_TYPE', config.serviceDiscovery.type);
-    setEnvIfNotSet('CONSUL_URL', config.serviceDiscovery.consulUrl);
-    setEnvIfNotSet('K8S_NAMESPACE', config.serviceDiscovery.kubernetesNamespace);
-    setEnvIfNotSet(
-      'HEALTH_CHECK_INTERVAL',
-      config.serviceDiscovery.healthCheckInterval?.toString()
-    );
-    setEnvIfNotSet('DISCOVERY_RETRY_ATTEMPTS', config.serviceDiscovery.retryAttempts?.toString());
-  }
-
-  // Apply logging configuration
-  if (config.logging) {
-    setEnvIfNotSet('LOG_LEVEL', config.logging.level);
-    setEnvIfNotSet('LOG_FORMAT', config.logging.format);
-    setEnvIfNotSet('LOG_COLORS', config.logging.enableColors?.toString());
-    setEnvIfNotSet('LOG_TIMESTAMP', config.logging.enableTimestamp?.toString());
-    setEnvIfNotSet('LOG_CONTEXT', config.logging.enableContext?.toString());
-
-    if (config.logging.outputs) {
-      setEnvIfNotSet('LOG_CONSOLE', config.logging.outputs.console?.toString());
-
-      if (config.logging.outputs.file) {
-        setEnvIfNotSet('LOG_FILE_ENABLED', config.logging.outputs.file.enabled?.toString());
-        setEnvIfNotSet('LOG_FILE_PATH', config.logging.outputs.file.path);
-        setEnvIfNotSet('LOG_FILE_MAX_SIZE', config.logging.outputs.file.maxSize);
-        setEnvIfNotSet('LOG_FILE_MAX_FILES', config.logging.outputs.file.maxFiles?.toString());
-      }
-
-      if (config.logging.outputs.webhook) {
-        setEnvIfNotSet('LOG_WEBHOOK_ENABLED', config.logging.outputs.webhook.enabled?.toString());
-        setEnvIfNotSet('LOG_WEBHOOK_URL', config.logging.outputs.webhook.url);
-        if (config.logging.outputs.webhook.headers) {
-          setEnvIfNotSet(
-            'LOG_WEBHOOK_HEADERS',
-            JSON.stringify(config.logging.outputs.webhook.headers)
-          );
-        }
-      }
-    }
-  }
-
-  // Apply module defaults
-  if (config.modules) {
-    if (config.modules.cache) {
-      setEnvIfNotSet('CACHE_ENABLED', config.modules.cache.enabled?.toString());
-      setEnvIfNotSet('DEFAULT_CACHE_TTL', config.modules.cache.defaultTtl?.toString());
-      setEnvIfNotSet('CACHE_MAX_SIZE', config.modules.cache.maxSize?.toString());
-      setEnvIfNotSet('CACHE_STRATEGY', config.modules.cache.strategy);
-    }
-
-    if (config.modules.rateLimit) {
-      setEnvIfNotSet('RATE_LIMIT_ENABLED', config.modules.rateLimit.enabled?.toString());
-      setEnvIfNotSet(
-        'DEFAULT_RATE_LIMIT_REQUESTS',
-        config.modules.rateLimit.defaultRequests?.toString()
-      );
-      setEnvIfNotSet(
-        'DEFAULT_RATE_LIMIT_WINDOW',
-        config.modules.rateLimit.defaultWindow?.toString()
-      );
-      setEnvIfNotSet(
-        'RATE_LIMIT_SKIP_SUCCESS',
-        config.modules.rateLimit.skipSuccessfulRequests?.toString()
-      );
-      setEnvIfNotSet(
-        'RATE_LIMIT_SKIP_FAILED',
-        config.modules.rateLimit.skipFailedRequests?.toString()
-      );
-    }
-
-    if (config.modules.validation) {
-      setEnvIfNotSet('VALIDATION_ENABLED', config.modules.validation.enabled?.toString());
-      setEnvIfNotSet(
-        'VALIDATION_STRIP_UNKNOWN',
-        config.modules.validation.stripUnknown?.toString()
-      );
-      setEnvIfNotSet('VALIDATION_ABORT_EARLY', config.modules.validation.abortEarly?.toString());
-    }
-  }
-
-  // Apply security configuration
-  if (config.security) {
-    if (config.security.cors) {
-      setEnvIfNotSet('CORS_ENABLED', config.security.cors.enabled?.toString());
-      if (typeof config.security.cors.origin === 'string') {
-        setEnvIfNotSet('CORS_ORIGIN', config.security.cors.origin);
-      } else if (Array.isArray(config.security.cors.origin)) {
-        setEnvIfNotSet('CORS_ORIGIN', config.security.cors.origin.join(','));
-      } else if (typeof config.security.cors.origin === 'boolean') {
-        setEnvIfNotSet('CORS_ORIGIN', config.security.cors.origin.toString());
-      }
-      setEnvIfNotSet('CORS_METHODS', config.security.cors.methods?.join(','));
-      setEnvIfNotSet('CORS_HEADERS', config.security.cors.allowedHeaders?.join(','));
-      setEnvIfNotSet('CORS_CREDENTIALS', config.security.cors.credentials?.toString());
-    }
-
-    if (config.security.helmet) {
-      setEnvIfNotSet('HELMET_ENABLED', config.security.helmet.enabled?.toString());
-      setEnvIfNotSet('HELMET_CSP', config.security.helmet.contentSecurityPolicy?.toString());
-      setEnvIfNotSet('HELMET_HSTS', config.security.helmet.hsts?.toString());
-      setEnvIfNotSet('HELMET_NO_SNIFF', config.security.helmet.noSniff?.toString());
-      setEnvIfNotSet('HELMET_FRAMEGUARD', config.security.helmet.frameguard?.toString());
-    }
-
-    if (config.security.rateLimit?.global) {
-      setEnvIfNotSet(
-        'GLOBAL_RATE_LIMIT_ENABLED',
-        config.security.rateLimit.global.enabled?.toString()
-      );
-      setEnvIfNotSet(
-        'GLOBAL_RATE_LIMIT_REQUESTS',
-        config.security.rateLimit.global.requests?.toString()
-      );
-      setEnvIfNotSet(
-        'GLOBAL_RATE_LIMIT_WINDOW',
-        config.security.rateLimit.global.window?.toString()
-      );
-    }
-  }
-
-  // Apply external services configuration
-  if (config.external) {
-    if (config.external.stripe) {
-      setEnvIfNotSet('STRIPE_SECRET_KEY', config.external.stripe.secretKey);
-      setEnvIfNotSet('STRIPE_PUBLISHABLE_KEY', config.external.stripe.publishableKey);
-      setEnvIfNotSet('STRIPE_WEBHOOK_SECRET', config.external.stripe.webhookSecret);
-      setEnvIfNotSet('STRIPE_API_VERSION', config.external.stripe.apiVersion);
-    }
-
-    if (config.external.paypal) {
-      setEnvIfNotSet('PAYPAL_CLIENT_ID', config.external.paypal.clientId);
-      setEnvIfNotSet('PAYPAL_CLIENT_SECRET', config.external.paypal.clientSecret);
-      setEnvIfNotSet('PAYPAL_WEBHOOK_ID', config.external.paypal.webhookId);
-      setEnvIfNotSet('PAYPAL_ENVIRONMENT', config.external.paypal.environment);
-    }
-
-    if (config.external.smtp) {
-      setEnvIfNotSet('SMTP_HOST', config.external.smtp.host);
-      setEnvIfNotSet('SMTP_PORT', config.external.smtp.port?.toString());
-      setEnvIfNotSet('SMTP_SECURE', config.external.smtp.secure?.toString());
-      setEnvIfNotSet('SMTP_USERNAME', config.external.smtp.username);
-      setEnvIfNotSet('SMTP_PASSWORD', config.external.smtp.password);
-    }
-  }
-
-  // Apply performance configuration
-  if (config.performance) {
-    if (config.performance.compression) {
-      setEnvIfNotSet('COMPRESSION_ENABLED', config.performance.compression.enabled?.toString());
-      setEnvIfNotSet('COMPRESSION_LEVEL', config.performance.compression.level?.toString());
-      setEnvIfNotSet('COMPRESSION_THRESHOLD', config.performance.compression.threshold?.toString());
-    }
-
-    if (config.performance.circuitBreaker) {
-      setEnvIfNotSet(
-        'CIRCUIT_BREAKER_ENABLED',
-        config.performance.circuitBreaker.enabled?.toString()
-      );
-      setEnvIfNotSet(
-        'CIRCUIT_BREAKER_THRESHOLD',
-        config.performance.circuitBreaker.failureThreshold?.toString()
-      );
-      setEnvIfNotSet(
-        'CIRCUIT_BREAKER_RESET',
-        config.performance.circuitBreaker.resetTimeout?.toString()
-      );
-      setEnvIfNotSet(
-        'CIRCUIT_BREAKER_MONITOR',
-        config.performance.circuitBreaker.monitoringPeriod?.toString()
-      );
-    }
-
-    if (config.performance.clustering) {
-      setEnvIfNotSet('CLUSTERING_ENABLED', config.performance.clustering.enabled?.toString());
-      setEnvIfNotSet('CLUSTER_WORKERS', config.performance.clustering.workers?.toString());
-    }
-  }
-}
-
-/**
- * Set environment variable only if it's not already set
- * This ensures environment variables take precedence over config file values
- */
-function setEnvIfNotSet(key: string, value: string | undefined): void {
-  if (value !== undefined && process.env[key] === undefined) {
-    process.env[key] = value;
-  }
-}

package/src/core/config/index.ts

@@ -1,60 +1,109 @@
-// Configuration System - Main Exports and Utilities
-export * from './schema';
-export * from './loader';
-export * from './utils';
-export * from './file-loader';
+/**
+ * Configuration System - Immutable Config with createApp Override Support
+ *
+ * This is the main entry point for the MoroJS configuration system.
+ * It provides a clean, immutable configuration that is locked at createApp() time.
+ *
+ * Key Features:
+ * - Immutable configuration after initialization
+ * - Clear precedence: Env Vars > createApp Options > Config File > Defaults
+ * - Type-safe validation
+ * - Single source of truth
+ */
+
+// Export types and core components
+export * from './schema.js';
+export * from './config-sources.js';
+export * from './config-validator.js';
+export * from './file-loader.js';
+
+// Export specific functions from config-manager to avoid conflicts
+export {
+  initializeAndLockConfig,
+  isConfigLocked,
+  resetConfigForTesting,
+} from './config-manager.js';
+
+// Export utilities for backward compatibility
+export * from './utils.js';
 
-// Main configuration loading function
-import { loadConfig } from './loader';
-import type { AppConfig } from './schema';
-import { setConfig } from './utils';
+import { MoroOptions } from '../../types/core.js';
+import { AppConfig } from '../../types/config.js';
+import { loadConfigFromAllSources } from './config-sources.js';
+import {
+  initializeAndLockConfig,
+  getGlobalConfig as getConfig,
+  isConfigLocked,
+  resetConfigForTesting,
+} from './config-manager.js';
+import { createFrameworkLogger } from '../logger/index.js';
 
-// Global configuration instance
-let globalConfig: AppConfig | null = null;
+const logger = createFrameworkLogger('ConfigSystem');
 
 /**
- * Initialize and load the global application configuration
- * This should be called once at application startup
+ * Initialize configuration system with createApp options
+ * This is the main entry point called by createApp()
+ *
+ * @param options - createApp options that can override config file and defaults
+ * @returns Immutable, validated configuration object
  */
-export function initializeConfig(): AppConfig {
-  if (globalConfig) {
-    return globalConfig;
+export function initializeConfig(options?: MoroOptions): Readonly<AppConfig> {
+  if (isConfigLocked()) {
+    logger.debug('Configuration already locked, returning existing config');
+    return getConfig();
   }
 
-  globalConfig = loadConfig();
+  logger.debug('Initializing configuration system');
 
-  // Also set the config for utils functions
-  setConfig(globalConfig);
+  // Load configuration from all sources with proper precedence
+  const config = loadConfigFromAllSources(options);
 
-  return globalConfig;
+  // Lock the configuration to prevent further changes
+  initializeAndLockConfig(config);
+
+  logger.info(
+    `Configuration system initialized and locked: ${process.env.NODE_ENV || 'development'}:${config.server.port} (sources: env + file + options + defaults)`
+  );
+
+  return config;
+}
+
+/**
+ * Load configuration without locking (for testing and utilities)
+ * This maintains backward compatibility with existing code
+ */
+export function loadConfig(): AppConfig {
+  return loadConfigFromAllSources();
+}
+
+/**
+ * Load configuration with createApp options (for testing and utilities)
+ * This maintains backward compatibility with existing code
+ */
+export function loadConfigWithOptions(options: MoroOptions): AppConfig {
+  return loadConfigFromAllSources(options);
 }
 
 /**
  * Get the current global configuration
- * Throws if configuration hasn't been initialized
+ * Alias for getGlobalConfig() for backward compatibility
  */
-export function getGlobalConfig(): AppConfig {
-  if (!globalConfig) {
-    throw new Error('Configuration not initialized. Call initializeConfig() first.');
-  }
-  return globalConfig;
+export function getGlobalConfig(): Readonly<AppConfig> {
+  return getConfig();
 }
 
 /**
- * Check if configuration has been initialized
+ * Check if configuration has been initialized and locked
+ * Alias for isConfigLocked() for backward compatibility
  */
 export function isConfigInitialized(): boolean {
-  return globalConfig !== null;
+  return isConfigLocked();
 }
 
 /**
- * Reset the global configuration state (for testing purposes)
+ * Reset configuration state (for testing only)
  * @internal
  */
 export function resetConfig(): void {
-  globalConfig = null;
-
-  // Also reset the utils config (by setting it to null via direct access)
-  const { setConfig } = require('./utils');
-  setConfig(null as any);
+  resetConfigForTesting();
 }

package/src/core/config/schema.ts

@@ -1,15 +1,25 @@
 // Core Configuration Schema for Moro Framework
 
-import { AppConfig } from '../../types/config';
+import { AppConfig } from '../../types/config.js';
 
-// Default configuration values
+// Minimal default configuration - performance-focused, most things opt-in
 export const DEFAULT_CONFIG: AppConfig = {
   server: {
     port: 3001,
     host: 'localhost',
-    environment: 'development',
     maxConnections: 1000,
     timeout: 30000,
+    bodySizeLimit: '10mb',
+    useUWebSockets: false, // Opt-in for high performance
+    requestTracking: {
+      enabled: true, // Enable by default for debugging
+    },
+    requestLogging: {
+      enabled: true, // Enable by default - logs requests independently
+    },
+    errorBoundary: {
+      enabled: true, // Always enabled for safety
+    },
   },
   serviceDiscovery: {
     enabled: false,
@@ -19,33 +29,38 @@ export const DEFAULT_CONFIG: AppConfig = {
     healthCheckInterval: 30000,
     retryAttempts: 3,
   },
-  database: {
-    redis: {
-      url: 'redis://localhost:6379',
-      maxRetries: 3,
-      retryDelay: 1000,
-      keyPrefix: 'moro:',
-    },
-  },
+  database: {},
   modules: {
     cache: {
-      enabled: true,
+      enabled: false, // Opt-in for better performance
       defaultTtl: 300,
       maxSize: 1000,
       strategy: 'lru',
     },
     rateLimit: {
-      enabled: true,
+      enabled: false, // Opt-in to avoid unnecessary overhead
       defaultRequests: 100,
       defaultWindow: 60000,
       skipSuccessfulRequests: false,
       skipFailedRequests: false,
     },
     validation: {
-      enabled: true,
+      enabled: false,
       stripUnknown: true,
       abortEarly: false,
     },
+    autoDiscovery: {
+      enabled: true, // Enable by default for better DX
+      paths: ['./modules', './src/modules'],
+      patterns: ['**/*.module.{ts,js}', '**/index.{ts,js}', '**/*.config.{ts,js}'],
+      recursive: true,
+      loadingStrategy: 'eager',
+      watchForChanges: false, // Opt-in for development
+      ignorePatterns: ['**/*.test.{ts,js}', '**/*.spec.{ts,js}', '**/node_modules/**'],
+      loadOrder: 'dependency',
+      failOnError: false, // Graceful degradation
+      maxDepth: 5,
+    },
   },
   logging: {
     level: 'info',
@@ -69,14 +84,14 @@ export const DEFAULT_CONFIG: AppConfig = {
   },
   security: {
     cors: {
-      enabled: true,
+      enabled: false, // Opt-in for better performance
       origin: '*',
       methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
       allowedHeaders: ['Content-Type', 'Authorization'],
       credentials: false,
     },
     helmet: {
-      enabled: true,
+      enabled: false, // Opt-in for better performance
       contentSecurityPolicy: true,
       hsts: true,
       noSniff: true,
@@ -90,26 +105,15 @@ export const DEFAULT_CONFIG: AppConfig = {
       },
     },
   },
-  external: {
-    stripe: {
-      apiVersion: '2023-10-16',
-    },
-    paypal: {
-      environment: 'sandbox',
-    },
-    smtp: {
-      port: 587,
-      secure: false,
-    },
-  },
+  external: {},
   performance: {
     compression: {
-      enabled: true,
+      enabled: false, // Opt-in to avoid overhead
       level: 6,
       threshold: 1024,
     },
     circuitBreaker: {
-      enabled: true,
+      enabled: false, // Opt-in to avoid overhead
       failureThreshold: 5,
       resetTimeout: 60000,
       monitoringPeriod: 10000,
@@ -117,13 +121,23 @@ export const DEFAULT_CONFIG: AppConfig = {
     clustering: {
       enabled: false,
       workers: 1,
+      memoryPerWorkerGB: undefined,
     },
   },
+  websocket: {
+    enabled: false, // Opt-in - user must explicitly enable WebSockets
+  },
 };
 
-// Simple compatibility export - just return the config as-is
+// Schema validation is now handled by config-validator.ts
+// This export is kept for backward compatibility only
+// Note: For actual validation, use validateConfig() from config-validator.ts directly
 export const ConfigSchema = {
-  parse: (data: any): AppConfig => data as AppConfig,
+  parse: (data: any): AppConfig => {
+    // Simple pass-through for backward compatibility
+    // Real validation happens in the config loading pipeline
+    return data as AppConfig;
+  },
 };
 
 // Re-export types for backward compatibility
@@ -137,7 +151,7 @@ export type {
   SecurityConfig,
   ExternalServicesConfig,
   PerformanceConfig,
-} from '../../types/config';
+} from '../../types/config.js';
 
 // For backward compatibility with modules that expect schema objects
 export const ServerConfigSchema = { parse: (data: any) => data };