@naylence/runtime 0.3.5-test.911 → 0.3.5-test.914

package/dist/types/naylence/fame/http/jwks-api-router.d.ts

@@ -1,10 +1,10 @@
 /**
- * JWKS (JSON Web Key Set) API router for Express
+ * JWKS (JSON Web Key Set) API plugin for Fastify
  *
  * Provides /.well-known/jwks.json endpoint for public key discovery
  * Used by OAuth2/JWT token verification
  */
-import { type Router } from 'express';
+import type { FastifyPluginAsync } from 'fastify';
 import type { CryptoProvider } from '../security/crypto/providers/crypto-provider.js';
 export interface CreateJwksRouterOptions {
     /**
@@ -30,19 +30,19 @@ export interface CreateJwksRouterOptions {
     keyTypes?: string[];
 }
 /**
- * Create an Express router that exposes JWKS at /.well-known/jwks.json
+ * Create a Fastify plugin that exposes JWKS at /.well-known/jwks.json
  *
  * @param options - Router configuration options
- * @returns Express router with JWKS endpoint
+ * @returns Fastify plugin with JWKS endpoint
  *
  * @example
  * ```typescript
- * import express from 'express';
+ * import Fastify from 'fastify';
  * import { createJwksRouter } from '@naylence/runtime';
  *
- * const app = express();
+ * const app = Fastify();
  * const cryptoProvider = new MyCryptoProvider();
- * app.use(createJwksRouter({ cryptoProvider }));
+ * app.register(createJwksRouter({ cryptoProvider }));
  * ```
  */
-export declare function createJwksRouter(options?: CreateJwksRouterOptions): Router;
+export declare function createJwksRouter(options?: CreateJwksRouterOptions): FastifyPluginAsync;

package/dist/types/naylence/fame/http/oauth2-server.d.ts

@@ -21,11 +21,11 @@
  *   FAME_JWT_ISSUER: JWT issuer (default: https://auth.fame.fabric)
  *   FAME_JWT_ALGORITHM: JWT algorithm (default: EdDSA)
  */
-import express from 'express';
+import type { FastifyInstance } from 'fastify';
 /**
- * Create and configure the OAuth2 Express application
+ * Create and configure the OAuth2 Fastify application
  */
-export declare function createApp(): Promise<express.Application>;
+export declare function createApp(): Promise<FastifyInstance>;
 /**
  * Main entry point when run as CLI
  */

package/dist/types/naylence/fame/http/oauth2-token-router.d.ts

@@ -1,11 +1,11 @@
 /**
- * OAuth2 client credentials and authorization code (PKCE) grant router for Express
+ * OAuth2 client credentials and authorization code (PKCE) grant router for Fastify
  *
  * Provides /oauth/token and /oauth/authorize endpoints for local development and testing.
  * Implements OAuth2 client credentials grant with JWT token issuance and
  * OAuth2 authorization code grant with PKCE verification.
  */
-import { type Router } from 'express';
+import type { FastifyPluginAsync } from 'fastify';
 import type { CryptoProvider } from '../security/crypto/providers/crypto-provider.js';
 export interface CreateOAuth2TokenRouterOptions {
     /**
@@ -110,11 +110,11 @@ export interface CreateOAuth2TokenRouterOptions {
     devLoginTitle?: string;
 }
 /**
- * Create an Express router that implements OAuth2 token and authorization endpoints
+ * Create a Fastify plugin that implements OAuth2 token and authorization endpoints
  * with support for client credentials and authorization code (PKCE) grants.
  *
  * @param options - Router configuration options
- * @returns Express router with OAuth2 token and authorization endpoints
+ * @returns Fastify plugin with OAuth2 token and authorization endpoints
  *
  * Environment Variables:
  *   FAME_JWT_CLIENT_ID: OAuth2 client identifier
@@ -127,4 +127,4 @@ export interface CreateOAuth2TokenRouterOptions {
  *   FAME_OAUTH_ALLOW_PUBLIC_CLIENTS: Allow PKCE exchanges without client_secret (optional, default: true)
  *   FAME_OAUTH_CODE_TTL_SEC: Authorization code TTL in seconds (optional, default: 300)
  */
-export declare function createOAuth2TokenRouter(options: CreateOAuth2TokenRouterOptions): Router;
+export declare function createOAuth2TokenRouter(options: CreateOAuth2TokenRouterOptions): FastifyPluginAsync;

package/dist/types/naylence/fame/http/openid-configuration-router.d.ts

@@ -1,9 +1,9 @@
 /**
- * OpenID Connect Discovery configuration router for Express
+ * OpenID Connect Discovery configuration plugin for Fastify
  *
  * Provides /.well-known/openid-configuration endpoint for OAuth2/OIDC client auto-discovery
  */
-import { type Router } from 'express';
+import type { FastifyPluginAsync } from 'fastify';
 export interface CreateOpenIDConfigurationRouterOptions {
     /**
      * Router prefix (default: empty string)
@@ -41,10 +41,10 @@ export interface CreateOpenIDConfigurationRouterOptions {
     algorithm?: string;
 }
 /**
- * Create an Express router that implements OpenID Connect Discovery
+ * Create a Fastify plugin that implements OpenID Connect Discovery
  *
  * @param options - Router configuration options
- * @returns Express router with OpenID configuration endpoint
+ * @returns Fastify plugin with OpenID configuration endpoint
  *
  * Environment Variables:
  *   FAME_JWT_ISSUER: JWT issuer claim (optional)
@@ -53,13 +53,13 @@ export interface CreateOpenIDConfigurationRouterOptions {
  *
  * @example
  * ```typescript
- * import express from 'express';
+ * import Fastify from 'fastify';
  * import { createOpenIDConfigurationRouter } from '@naylence/runtime';
  *
- * const app = express();
- * app.use(createOpenIDConfigurationRouter({
+ * const app = Fastify();
+ * app.register(createOpenIDConfigurationRouter({
  *   issuer: 'https://auth.example.com',
  * }));
  * ```
  */
-export declare function createOpenIDConfigurationRouter(options?: CreateOpenIDConfigurationRouterOptions): Router;
+export declare function createOpenIDConfigurationRouter(options?: CreateOpenIDConfigurationRouterOptions): FastifyPluginAsync;

package/dist/types/naylence/fame/security/crypto/providers/default-crypto-provider.d.ts

@@ -57,6 +57,5 @@ export declare class DefaultCryptoProvider implements CryptoProvider {
     prepareForAttach(nodeId: string, physicalPath: string, logicals: string[]): void;
     setLogicals(logicals: string[]): void;
     storeSignedCertificate(certificatePem: string, certificateChainPem?: string | null): void;
-    createCsr(nodeId: string, physicalPath: string, logicals: string[], subjectName?: string): Promise<string>;
 }
 export {};

package/dist/types/version.d.ts

@@ -2,4 +2,4 @@
  * The package version, injected at build time.
  * @internal
  */
-export declare const VERSION = "0.3.5-test.911";
+export declare const VERSION = "0.3.5-test.914";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@naylence/runtime",
-  "version": "0.3.5-test.911",
+  "version": "0.3.5-test.914",
   "type": "module",
   "description": "Naylence Runtime - Complete TypeScript runtime",
   "author": "Naylence Dev <naylencedev@gmail.com>",
@@ -183,8 +183,6 @@
     "@peculiar/asn1-csr": "^2.5.0",
     "@peculiar/asn1-schema": "^2.5.0",
     "@peculiar/asn1-x509": "^2.5.0",
-    "@types/express": "^5.0.3",
-    "express": "^5.1.0",
     "fastify": "^5.6.1",
     "jose": "^6.1.0",
     "yaml": "^2.6.0",
@@ -217,7 +215,7 @@
     "@types/better-sqlite3": "^7.6.13",
     "@types/jest": "^29.5.14",
     "@types/node": "^24.6.0",
-  "@types/supertest": "^2.0.16",
+    "@types/supertest": "^2.0.16",
     "@types/ws": "^8.5.10",
     "@typescript-eslint/eslint-plugin": "^8.45.0",
     "@typescript-eslint/parser": "^8.45.0",
@@ -234,7 +232,7 @@
     "rimraf": "^6.0.1",
     "rollup": "^4.52.3",
     "size-limit": "^11.1.5",
-  "supertest": "^7.1.3",
+    "supertest": "^7.1.3",
     "ts-jest": "^29.4.5",
     "tslib": "^2.6.2",
     "typescript": "^5.3.2",
@@ -254,4 +252,4 @@
   "engines": {
     "node": ">=18.0.0"
   }
-}
+}

package/dist/esm/naylence/fame/fastapi/oauth2-server.js

@@ -1,205 +0,0 @@
-#!/usr/bin/env node
-/**
- * OAuth2 Development Server - Simple token server for local testing
- *
- * WARNING: This is a DEVELOPMENT ONLY server. Do NOT use in production!
- *
- * Provides a minimal OAuth2 client credentials flow implementation
- * for local testing and development of Fame applications.
- *
- * Environment Variables:
- * - FAME_LOG_LEVEL: Log level (default: trace)
- * - APP_HOST: Server host (default: 0.0.0.0)
- * - APP_PORT: Server port (default: 8099)
- * - FAME_JWT_CLIENT_ID: Expected OAuth2 client ID
- * - FAME_JWT_CLIENT_SECRET: Expected OAuth2 client secret
- * - FAME_JWT_ISSUER: JWT issuer (default: https://oauth2-server)
- * - FAME_JWT_AUDIENCE: JWT audience (default: fame.fabric)
- * - FAME_JWT_ALGORITHM: JWT algorithm (default: EdDSA)
- */
-import Fastify from 'fastify';
-import formbody from '@fastify/formbody';
-import * as jose from 'jose';
-import { generateKeyPair } from 'crypto';
-import { promisify } from 'util';
-import { enableLogging, getLogger } from '../util/logging.js';
-const generateKeyPairAsync = promisify(generateKeyPair);
-const ENV_VAR_LOG_LEVEL = 'FAME_LOG_LEVEL';
-const ENV_VAR_CLIENT_ID = 'FAME_JWT_CLIENT_ID';
-const ENV_VAR_CLIENT_SECRET = 'FAME_JWT_CLIENT_SECRET';
-const ENV_VAR_JWT_ISSUER = 'FAME_JWT_ISSUER';
-const ENV_VAR_JWT_AUDIENCE = 'FAME_JWT_AUDIENCE';
-const ENV_VAR_JWT_ALGORITHM = 'FAME_JWT_ALGORITHM';
-const logger = getLogger('naylence.fame.fastapi.oauth2_server');
-// Global keypair for signing tokens
-let signingKey; // jose.KeyLike type not exported
-let publicKey; // jose.KeyLike type not exported
-let publicJWK;
-async function initializeKeys() {
-    const algorithm = process.env[ENV_VAR_JWT_ALGORITHM] || 'EdDSA';
-    if (algorithm === 'EdDSA') {
-        const { privateKey, publicKey: pubKey } = await generateKeyPairAsync('ed25519', {
-            privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
-            publicKeyEncoding: { type: 'spki', format: 'pem' },
-        });
-        signingKey = await jose.importPKCS8(privateKey, 'EdDSA');
-        publicKey = await jose.importSPKI(pubKey, 'EdDSA');
-        publicJWK = await jose.exportJWK(publicKey);
-        publicJWK.kid = 'dev-key-1';
-        publicJWK.alg = 'EdDSA';
-        publicJWK.use = 'sig';
-    }
-    else {
-        // RS256 fallback
-        const { privateKey, publicKey: pubKey } = await generateKeyPairAsync('rsa', {
-            modulusLength: 2048,
-            privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
-            publicKeyEncoding: { type: 'spki', format: 'pem' },
-        });
-        signingKey = await jose.importPKCS8(privateKey, 'RS256');
-        publicKey = await jose.importSPKI(pubKey, 'RS256');
-        publicJWK = await jose.exportJWK(publicKey);
-        publicJWK.kid = 'dev-key-1';
-        publicJWK.alg = 'RS256';
-        publicJWK.use = 'sig';
-    }
-    logger.info('oauth2_server_keys_initialized', { algorithm });
-}
-async function createApp() {
-    await initializeKeys();
-    const logLevel = (process.env[ENV_VAR_LOG_LEVEL] || 'info').toLowerCase();
-    const fastify = Fastify({
-        logger: {
-            level: logLevel === 'trace' ? 'debug' : logLevel,
-        },
-    });
-    // Register formbody plugin to parse application/x-www-form-urlencoded
-    await fastify.register(formbody);
-    const issuer = process.env[ENV_VAR_JWT_ISSUER] || 'https://oauth2-server';
-    const audience = process.env[ENV_VAR_JWT_AUDIENCE] || 'fame.fabric';
-    const algorithm = process.env[ENV_VAR_JWT_ALGORITHM] || 'EdDSA';
-    const expectedClientId = process.env[ENV_VAR_CLIENT_ID];
-    const expectedClientSecret = process.env[ENV_VAR_CLIENT_SECRET];
-    // OAuth2 token endpoint
-    fastify.post('/oauth/token', async (request, reply) => {
-        const { grant_type, client_id, client_secret, scope } = request.body;
-        // Validate grant type
-        if (grant_type !== 'client_credentials') {
-            return reply.status(400).send({
-                error: 'unsupported_grant_type',
-                error_description: 'Only client_credentials grant type is supported',
-            });
-        }
-        // Validate client credentials
-        if (!expectedClientId || !expectedClientSecret) {
-            logger.error('oauth2_server_missing_credentials', {
-                message: 'FAME_JWT_CLIENT_ID and FAME_JWT_CLIENT_SECRET must be set',
-            });
-            return reply.status(500).send({
-                error: 'server_error',
-                error_description: 'Server not configured properly',
-            });
-        }
-        if (client_id !== expectedClientId ||
-            client_secret !== expectedClientSecret) {
-            return reply.status(401).send({
-                error: 'invalid_client',
-                error_description: 'Invalid client credentials',
-            });
-        }
-        // Generate JWT
-        const now = Math.floor(Date.now() / 1000);
-        const expiresIn = 3600; // 1 hour
-        const payload = {
-            iss: issuer,
-            sub: client_id,
-            aud: audience,
-            iat: now,
-            exp: now + expiresIn,
-            scope: scope || 'node.connect',
-        };
-        const token = await new jose.SignJWT(payload)
-            .setProtectedHeader({ alg: algorithm, kid: 'dev-key-1' })
-            .sign(signingKey);
-        logger.debug('oauth2_token_issued', {
-            client_id,
-            scope: payload.scope,
-            expires_in: expiresIn,
-        });
-        return {
-            access_token: token,
-            token_type: 'Bearer',
-            expires_in: expiresIn,
-            scope: payload.scope,
-        };
-    });
-    // JWKS endpoint for public key distribution
-    fastify.get('/.well-known/jwks.json', async () => {
-        return {
-            keys: [publicJWK],
-        };
-    });
-    // OpenID configuration endpoint
-    fastify.get('/.well-known/openid-configuration', async () => {
-        const baseUrl = issuer;
-        return {
-            issuer: baseUrl,
-            token_endpoint: `${baseUrl}/oauth/token`,
-            jwks_uri: `${baseUrl}/.well-known/jwks.json`,
-            grant_types_supported: ['client_credentials'],
-            response_types_supported: ['token'],
-            token_endpoint_auth_methods_supported: [
-                'client_secret_post',
-                'client_secret_basic',
-            ],
-        };
-    });
-    // Health check
-    fastify.get('/health', async () => {
-        return { status: 'healthy', service: 'oauth2-dev-server' };
-    });
-    return fastify;
-}
-async function main() {
-    try {
-        const logLevel = process.env[ENV_VAR_LOG_LEVEL] || 'trace';
-        enableLogging(logLevel);
-        const app = await createApp();
-        const host = process.env.APP_HOST || '0.0.0.0';
-        const port = parseInt(process.env.APP_PORT || '8099', 10);
-        await app.listen({ host, port });
-        logger.info('oauth2_dev_server_started', {
-            host,
-            port,
-            logLevel,
-        });
-        console.log(`\n⚠️  OAuth2 Development Server (DO NOT USE IN PRODUCTION)`);
-        console.log(`📍 Listening on http://${host}:${port}`);
-        console.log(`🔑 Token endpoint: http://${host}:${port}/oauth/token`);
-        console.log(`📜 JWKS endpoint: http://${host}:${port}/.well-known/jwks.json\n`);
-    }
-    catch (error) {
-        logger.error('oauth2_dev_server_failed_to_start', {
-            error: error instanceof Error ? error.message : String(error),
-        });
-        console.error('Failed to start OAuth2 Development Server:', error);
-        process.exit(1);
-    }
-}
-// Handle graceful shutdown
-process.on('SIGTERM', () => {
-    logger.info('oauth2_dev_server_shutting_down', { signal: 'SIGTERM' });
-    process.exit(0);
-});
-process.on('SIGINT', () => {
-    logger.info('oauth2_dev_server_shutting_down', { signal: 'SIGINT' });
-    process.exit(0);
-});
-// Start server if run directly
-if (import.meta.url === `file://${process.argv[1]}`) {
-    main().catch((error) => {
-        console.error('Fatal error:', error);
-        process.exit(1);
-    });
-}
-export { createApp };

package/dist/types/naylence/fame/fastapi/oauth2-server.d.ts

@@ -1,22 +0,0 @@
-#!/usr/bin/env node
-/**
- * OAuth2 Development Server - Simple token server for local testing
- *
- * WARNING: This is a DEVELOPMENT ONLY server. Do NOT use in production!
- *
- * Provides a minimal OAuth2 client credentials flow implementation
- * for local testing and development of Fame applications.
- *
- * Environment Variables:
- * - FAME_LOG_LEVEL: Log level (default: trace)
- * - APP_HOST: Server host (default: 0.0.0.0)
- * - APP_PORT: Server port (default: 8099)
- * - FAME_JWT_CLIENT_ID: Expected OAuth2 client ID
- * - FAME_JWT_CLIENT_SECRET: Expected OAuth2 client secret
- * - FAME_JWT_ISSUER: JWT issuer (default: https://oauth2-server)
- * - FAME_JWT_AUDIENCE: JWT audience (default: fame.fabric)
- * - FAME_JWT_ALGORITHM: JWT algorithm (default: EdDSA)
- */
-import type { FastifyInstance } from 'fastify';
-declare function createApp(): Promise<FastifyInstance>;
-export { createApp };