npm - @nextsparkjs/core - Versions diffs - 0.1.0-beta.92 → 0.1.0-beta.94 - Mend

@nextsparkjs/core 0.1.0-beta.92 → 0.1.0-beta.94

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (341) hide show

package/dist/templates/app/api/v1/billing/checkout/route.ts CHANGED Viewed

@@ -9,18 +9,19 @@
  * P2: Stripe Integration
  */
-import { NextRequest } from 'next/server'
+import { NextRequest, NextResponse } from 'next/server'
 import { authenticateRequest, createAuthError } from '@nextsparkjs/core/lib/api/auth/dual-auth'
 import { createCheckoutSession } from '@nextsparkjs/core/lib/billing/gateways/stripe'
 import { SubscriptionService, MembershipService } from '@nextsparkjs/core/lib/services'
 import { z } from 'zod'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
 const checkoutSchema = z.object({
   planSlug: z.string().min(1, 'Plan slug is required'),
   billingPeriod: z.enum(['monthly', 'yearly']).default('monthly')
 })
-export async function POST(request: NextRequest) {
+export const POST = withRateLimitTier(async (request: NextRequest) => {
   // 1. Dual authentication
   const authResult = await authenticateRequest(request)
@@ -33,7 +34,7 @@ export async function POST(request: NextRequest) {
   try {
     body = await request.json()
   } catch {
-    return Response.json(
+    return NextResponse.json(
       { success: false, error: 'Invalid JSON body' },
       { status: 400 }
     )
@@ -41,7 +42,7 @@ export async function POST(request: NextRequest) {
   const parseResult = checkoutSchema.safeParse(body)
   if (!parseResult.success) {
-    return Response.json(
+    return NextResponse.json(
       {
         success: false,
         error: 'Validation failed',
@@ -59,7 +60,7 @@ export async function POST(request: NextRequest) {
     authResult.user.defaultTeamId
   if (!teamId) {
-    return Response.json(
+    return NextResponse.json(
       {
         success: false,
         error: 'No team context available. Please provide x-team-id header.'
@@ -73,7 +74,7 @@ export async function POST(request: NextRequest) {
   const actionResult = membership.canPerformAction('billing.checkout')
   if (!actionResult.allowed) {
-    return Response.json(
+    return NextResponse.json(
       {
         success: false,
         error: actionResult.message,
@@ -104,7 +105,7 @@ export async function POST(request: NextRequest) {
       customerId: subscription?.externalCustomerId || undefined
     })
-    return Response.json({
+    return NextResponse.json({
       success: true,
       data: {
         url: session.url,
@@ -113,7 +114,7 @@ export async function POST(request: NextRequest) {
     })
   } catch (error) {
     console.error('[checkout] Error creating checkout session:', error)
-    return Response.json(
+    return NextResponse.json(
       {
         success: false,
         error: error instanceof Error ? error.message : 'Failed to create checkout session'
@@ -121,4 +122,4 @@ export async function POST(request: NextRequest) {
       { status: 500 }
     )
   }
-}
+}, 'write');

package/dist/templates/app/api/v1/billing/plans/route.ts CHANGED Viewed

@@ -10,8 +10,9 @@ import { validateAndAuthenticateRequest, createApiResponse, createApiError } fro
 import { PlanService } from '@nextsparkjs/core/lib/services'
 import { createPlanSchema } from '@nextsparkjs/core/lib/billing/schema'
 import { mutateWithRLS } from '@nextsparkjs/core/lib/db'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
-export async function GET(request: NextRequest) {
+export const GET = withRateLimitTier(async (request: NextRequest) => {
   // Plans list is partially public (public plans visible to all, hidden plans only to superadmin)
   let includeHidden = false
@@ -31,9 +32,9 @@ export async function GET(request: NextRequest) {
     console.error('[Billing API] Error fetching plans:', error)
     return createApiError('Failed to fetch plans', 500)
   }
-}
+}, 'read');
-export async function POST(request: NextRequest) {
+export const POST = withRateLimitTier(async (request: NextRequest) => {
   // Authenticate request
   const { auth, rateLimitResponse } = await validateAndAuthenticateRequest(request)
   if (rateLimitResponse) return rateLimitResponse
@@ -82,4 +83,4 @@ export async function POST(request: NextRequest) {
     console.error('[Billing API] Error creating plan:', error)
     return createApiError('Failed to create plan', 500)
   }
-}
+}, 'strict');

package/dist/templates/app/api/v1/billing/portal/route.ts CHANGED Viewed

@@ -7,12 +7,13 @@
  * P6: Customer Portal
  */
-import { NextRequest } from 'next/server'
+import { NextRequest, NextResponse } from 'next/server'
 import { authenticateRequest, createAuthError } from '@nextsparkjs/core/lib/api/auth/dual-auth'
 import { createPortalSession } from '@nextsparkjs/core/lib/billing/gateways/stripe'
 import { SubscriptionService, MembershipService } from '@nextsparkjs/core/lib/services'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
-export async function POST(request: NextRequest) {
+export const POST = withRateLimitTier(async (request: NextRequest) => {
   // 1. Dual authentication
   const authResult = await authenticateRequest(request)
@@ -26,7 +27,7 @@ export async function POST(request: NextRequest) {
     authResult.user.defaultTeamId
   if (!teamId) {
-    return Response.json(
+    return NextResponse.json(
       {
         success: false,
         error: 'No team context available. Please provide x-team-id header.'
@@ -40,7 +41,7 @@ export async function POST(request: NextRequest) {
   const actionResult = membership.canPerformAction('billing.portal')
   if (!actionResult.allowed) {
-    return Response.json(
+    return NextResponse.json(
       {
         success: false,
         error: actionResult.message,
@@ -56,7 +57,7 @@ export async function POST(request: NextRequest) {
     const subscription = await SubscriptionService.getActive(teamId)
     if (!subscription?.externalCustomerId) {
-      return Response.json(
+      return NextResponse.json(
         {
           success: false,
           error: 'No billing account found. Please upgrade to a paid plan first.'
@@ -73,13 +74,13 @@ export async function POST(request: NextRequest) {
       returnUrl
     })
-    return Response.json({
+    return NextResponse.json({
       success: true,
       data: { url: session.url }
     })
   } catch (error) {
     console.error('[portal] Error creating portal session:', error)
-    return Response.json(
+    return NextResponse.json(
       {
         success: false,
         error: error instanceof Error ? error.message : 'Failed to create portal session'
@@ -87,4 +88,4 @@ export async function POST(request: NextRequest) {
       { status: 500 }
     )
   }
-}
+}, 'write');

package/dist/templates/app/api/v1/blocks/[slug]/route.ts CHANGED Viewed

@@ -1,10 +1,11 @@
 import { NextRequest, NextResponse } from 'next/server'
 import { BLOCK_REGISTRY } from '@nextsparkjs/registries/block-registry'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
-export async function GET(
+export const GET = withRateLimitTier(async (
   request: NextRequest,
   { params }: { params: Promise<{ slug: string }> }
-): Promise<NextResponse> {
+): Promise<NextResponse> => {
   try {
     const { slug } = await params
     const block = BLOCK_REGISTRY[slug]
@@ -26,4 +27,4 @@ export async function GET(
     console.error('Error fetching block:', err)
     return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
   }
-}
+}, 'read');

package/dist/templates/app/api/v1/blocks/route.ts CHANGED Viewed

@@ -1,7 +1,8 @@
 import { NextRequest, NextResponse } from 'next/server'
 import { BLOCK_REGISTRY, BLOCK_CATEGORIES } from '@nextsparkjs/registries/block-registry'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
-export async function GET(request: NextRequest) {
+export const GET = withRateLimitTier(async (request: NextRequest) => {
   try {
     const { searchParams } = new URL(request.url)
     const category = searchParams.get('category')
@@ -42,4 +43,4 @@ export async function GET(request: NextRequest) {
     console.error('Error listing blocks:', err)
     return NextResponse.json({ success: false, error: 'Internal server error' }, { status: 500 })
   }
-}
+}, 'read');

package/dist/templates/app/api/v1/blocks/validate/route.ts CHANGED Viewed

@@ -1,13 +1,14 @@
 import { NextRequest, NextResponse } from 'next/server'
 import { BLOCK_REGISTRY } from '@nextsparkjs/registries/block-registry'
 import { z } from 'zod'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
 const requestSchema = z.object({
   blockSlug: z.string(),
   props: z.record(z.string(), z.unknown())
 })
-export async function POST(request: NextRequest) {
+export const POST = withRateLimitTier(async (request: NextRequest) => {
   try {
     const body = await request.json()
     const { blockSlug, props } = requestSchema.parse(body)
@@ -24,7 +25,8 @@ export async function POST(request: NextRequest) {
     try {
       // Dynamic import is allowed here (server-side validation, not registry loading)
-      const schemaModule = await import(block.schemaPath)
+      // webpackIgnore tells webpack to skip static analysis for this intentional dynamic import
+      const schemaModule = await import(/* webpackIgnore: true */ block.schemaPath)
       const schema = schemaModule.schema
       schema.parse(props)
@@ -42,4 +44,4 @@ export async function POST(request: NextRequest) {
     console.error('Error validating block:', err)
     return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
   }
-}
+}, 'write');

package/dist/templates/app/api/v1/cron/process/route.ts CHANGED Viewed

@@ -12,22 +12,20 @@
 import { NextRequest, NextResponse } from 'next/server'
 import {
   processPendingActions,
-  cleanupOldActions,
-  initializeScheduledActions
+  cleanupOldActions
 } from '@nextsparkjs/core/lib/scheduled-actions'
 import type { ProcessResult } from '@nextsparkjs/core/lib/scheduled-actions'
 /**
  * Process pending scheduled actions
  * Protected by CRON_SECRET for security
+ *
+ * Note: Handler initialization is handled by instrumentation.ts at server startup.
+ * This endpoint only processes actions, not initialization.
  */
 export async function GET(request: NextRequest): Promise<NextResponse> {
   const startTime = Date.now()
-  // Ensure action handlers are registered in this context
-  // (initializeScheduledActions has its own guard against duplicates)
-  initializeScheduledActions()
   try {
     // Validate CRON_SECRET
     const cronSecret = request.headers.get('x-cron-secret')

package/dist/templates/app/api/v1/devtools/blocks/route.ts CHANGED Viewed

@@ -16,8 +16,9 @@ import {
 } from '@nextsparkjs/core/lib/api/auth/devtools-auth'
 import { BLOCK_REGISTRY } from '@nextsparkjs/registries/block-registry'
 import { TAGS_REGISTRY, COVERAGE_SUMMARY } from '@nextsparkjs/registries/testing-registry'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
-export async function GET(request: NextRequest) {
+export const GET = withRateLimitTier(async (request: NextRequest) => {
   // Authenticate request
   const authResult = await authenticateRequest(request)
@@ -69,7 +70,7 @@ export async function GET(request: NextRequest) {
       },
     },
   })
-}
+}, 'read');
 export async function OPTIONS() {
   return new NextResponse(null, {

package/dist/templates/app/api/v1/devtools/docs/route.ts CHANGED Viewed

@@ -15,6 +15,7 @@ import { NextRequest, NextResponse } from 'next/server'
 import { readFile } from 'fs/promises'
 import { join, dirname } from 'path'
 import { existsSync } from 'fs'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
 /**
  * Valid path patterns for documentation files
@@ -80,7 +81,7 @@ function getBasePaths(): string[] {
   return paths
 }
-export async function GET(request: NextRequest) {
+export const GET = withRateLimitTier(async (request: NextRequest) => {
   const searchParams = request.nextUrl.searchParams
   const docPath = searchParams.get('path')
@@ -147,4 +148,4 @@ export async function GET(request: NextRequest) {
       { status: 500 }
     )
   }
-}
+}, 'read');

package/dist/templates/app/api/v1/devtools/features/route.ts CHANGED Viewed

@@ -18,8 +18,9 @@ import {
   FEATURE_REGISTRY,
   COVERAGE_SUMMARY,
 } from '@nextsparkjs/registries/testing-registry'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
-export async function GET(request: NextRequest) {
+export const GET = withRateLimitTier(async (request: NextRequest) => {
   // Authenticate request
   const authResult = await authenticateRequest(request)
@@ -48,7 +49,7 @@ export async function GET(request: NextRequest) {
       },
     },
   })
-}
+}, 'read');
 export async function OPTIONS() {
   return new NextResponse(null, {

package/dist/templates/app/api/v1/devtools/flows/route.ts CHANGED Viewed

@@ -18,8 +18,9 @@ import {
   FLOW_REGISTRY,
   COVERAGE_SUMMARY,
 } from '@nextsparkjs/registries/testing-registry'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
-export async function GET(request: NextRequest) {
+export const GET = withRateLimitTier(async (request: NextRequest) => {
   // Authenticate request
   const authResult = await authenticateRequest(request)
@@ -48,7 +49,7 @@ export async function GET(request: NextRequest) {
       },
     },
   })
-}
+}, 'read');
 export async function OPTIONS() {
   return new NextResponse(null, {

package/dist/templates/app/api/v1/devtools/scheduled-actions/route.ts CHANGED Viewed

@@ -17,8 +17,10 @@ import {
 import { queryWithRLS } from '@nextsparkjs/core/lib/db'
 import type { ScheduledAction, ScheduledActionStatus } from '@nextsparkjs/core/lib/scheduled-actions/types'
 import { getAllRegisteredActions } from '@nextsparkjs/core/lib/scheduled-actions/registry'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
+import { scheduleAction } from '@nextsparkjs/core/lib/scheduled-actions/scheduler'
-export async function GET(request: NextRequest) {
+export const GET = withRateLimitTier(async (request: NextRequest) => {
   // Authenticate request
   const authResult = await authenticateRequest(request)
@@ -78,6 +80,7 @@ export async function GET(request: NextRequest) {
       "completedAt",
       "errorMessage",
       attempts,
+      "maxRetries",
       "recurringInterval",
       "createdAt",
       "updatedAt"
@@ -92,6 +95,16 @@ export async function GET(request: NextRequest) {
   // Get all registered action types
   const registeredActions = getAllRegisteredActions()
+  // Count failed actions (last 24 hours)
+  const failedCountQuery = `
+    SELECT COUNT(*) as count
+    FROM "scheduled_actions"
+    WHERE status = 'failed'
+      AND "completedAt" > NOW() - INTERVAL '24 hours'
+  `
+  const failedCountResult = await queryWithRLS<{ count: string }>(failedCountQuery, [], null)
+  const failedCount = parseInt(failedCountResult[0]?.count || '0', 10)
   return NextResponse.json({
     success: true,
     data: {
@@ -104,16 +117,125 @@ export async function GET(request: NextRequest) {
       },
       meta: {
         registeredActionTypes: registeredActions,
+        failedCount,
       },
     },
   })
-}
+}, 'read');
+/**
+ * POST /api/v1/devtools/scheduled-actions
+ *
+ * Retry a failed action by creating a new action with the same payload.
+ * Requires superadmin or developer user role.
+ *
+ * Body:
+ * {
+ *   "actionId": "uuid-of-failed-action"
+ * }
+ */
+export const POST = withRateLimitTier(async (request: NextRequest) => {
+  // Authenticate request
+  const authResult = await authenticateRequest(request)
+  if (!authResult.success) {
+    return createDevtoolsUnauthorizedResponse()
+  }
+  // Check DevTools access permission
+  if (!canAccessDevtoolsApi(authResult)) {
+    return createDevtoolsAccessDeniedResponse()
+  }
+  // Parse request body
+  const body = await request.json()
+  const { actionId } = body
+  if (!actionId) {
+    return NextResponse.json({
+      success: false,
+      error: 'actionId is required'
+    }, { status: 400 })
+  }
+  // Fetch the failed action
+  const actions = await queryWithRLS<ScheduledAction>(
+    `SELECT
+      id,
+      "actionType",
+      status,
+      payload,
+      "teamId",
+      "lockGroup"
+    FROM "scheduled_actions"
+    WHERE id = $1`,
+    [actionId],
+    null
+  )
+  if (actions.length === 0) {
+    return NextResponse.json({
+      success: false,
+      error: 'Action not found'
+    }, { status: 404 })
+  }
+  const failedAction = actions[0]
+  // Only allow retrying failed actions
+  if (failedAction.status !== 'failed') {
+    return NextResponse.json({
+      success: false,
+      error: 'Only failed actions can be retried'
+    }, { status: 400 })
+  }
+  // Check if there's already a pending action with the same actionType and payload
+  // Use JSONB containment operator for reliable comparison
+  const existingPending = await queryWithRLS<{ id: string }>(
+    `SELECT id
+     FROM "scheduled_actions"
+     WHERE "actionType" = $1
+       AND payload @> $2::jsonb
+       AND $2::jsonb @> payload
+       AND status = 'pending'
+     LIMIT 1`,
+    [failedAction.actionType, JSON.stringify(failedAction.payload)],
+    null
+  )
+  if (existingPending.length > 0) {
+    return NextResponse.json({
+      success: false,
+      error: 'A pending action with the same payload already exists',
+      existingActionId: existingPending[0].id
+    }, { status: 409 })
+  }
+  // Create a new action with the same payload
+  const newActionId = await scheduleAction(
+    failedAction.actionType,
+    failedAction.payload,
+    {
+      scheduledAt: new Date(), // Schedule immediately
+      teamId: failedAction.teamId ?? undefined,
+      lockGroup: failedAction.lockGroup ?? undefined
+    }
+  )
+  return NextResponse.json({
+    success: true,
+    data: {
+      newActionId
+    }
+  })
+}, 'write');
 export async function OPTIONS() {
   return new NextResponse(null, {
     status: 204,
     headers: {
-      'Access-Control-Allow-Methods': 'GET, OPTIONS',
+      'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
       'Access-Control-Allow-Headers': 'Content-Type, Authorization, x-api-key',
     },
   })

package/dist/templates/app/api/v1/devtools/scheduled-actions/run/route.ts ADDED Viewed

@@ -0,0 +1,110 @@
+/**
+ * DevTools Scheduled Actions Run API
+ *
+ * POST /api/v1/devtools/scheduled-actions/run
+ *
+ * Executes a pending action immediately.
+ * Requires superadmin or developer user role.
+ */
+import { NextRequest, NextResponse } from 'next/server'
+import { authenticateRequest } from '@nextsparkjs/core/lib/api/auth/dual-auth'
+import {
+  canAccessDevtoolsApi,
+  createDevtoolsAccessDeniedResponse,
+  createDevtoolsUnauthorizedResponse,
+} from '@nextsparkjs/core/lib/api/auth/devtools-auth'
+import { queryWithRLS } from '@nextsparkjs/core/lib/db'
+import type { ScheduledAction } from '@nextsparkjs/core/lib/scheduled-actions/types'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
+import { executeAction } from '@nextsparkjs/core/lib/scheduled-actions/processor'
+export const POST = withRateLimitTier(async (request: NextRequest) => {
+  // Authenticate request
+  const authResult = await authenticateRequest(request)
+  if (!authResult.success) {
+    return createDevtoolsUnauthorizedResponse()
+  }
+  // Check DevTools access permission
+  if (!canAccessDevtoolsApi(authResult)) {
+    return createDevtoolsAccessDeniedResponse()
+  }
+  // Parse request body
+  const body = await request.json()
+  const { actionId } = body
+  if (!actionId) {
+    return NextResponse.json({
+      success: false,
+      error: 'actionId is required'
+    }, { status: 400 })
+  }
+  // Fetch the pending action
+  const actions = await queryWithRLS<ScheduledAction>(
+    `SELECT
+      id,
+      "actionType",
+      status,
+      payload,
+      "teamId",
+      "scheduledAt",
+      attempts,
+      "maxRetries",
+      "recurringInterval",
+      "recurrenceType",
+      "lockGroup"
+    FROM "scheduled_actions"
+    WHERE id = $1`,
+    [actionId],
+    null
+  )
+  if (actions.length === 0) {
+    return NextResponse.json({
+      success: false,
+      error: 'Action not found'
+    }, { status: 404 })
+  }
+  const action = actions[0]
+  // Only allow running pending actions
+  if (action.status !== 'pending') {
+    return NextResponse.json({
+      success: false,
+      error: 'Only pending actions can be executed'
+    }, { status: 400 })
+  }
+  try {
+    // Execute the action immediately
+    await executeAction(action)
+    return NextResponse.json({
+      success: true,
+      data: {
+        executed: true
+      }
+    })
+  } catch (error) {
+    console.error('[DevTools] Failed to execute action:', error)
+    return NextResponse.json({
+      success: false,
+      error: error instanceof Error ? error.message : 'Failed to execute action'
+    }, { status: 500 })
+  }
+}, 'write');
+export async function OPTIONS() {
+  return new NextResponse(null, {
+    status: 204,
+    headers: {
+      'Access-Control-Allow-Methods': 'POST, OPTIONS',
+      'Access-Control-Allow-Headers': 'Content-Type, Authorization, x-api-key',
+    },
+  })
+}

package/dist/templates/app/api/v1/devtools/testing/route.ts CHANGED Viewed

@@ -20,8 +20,9 @@ import {
   FEATURE_REGISTRY,
   FLOW_REGISTRY,
 } from '@nextsparkjs/registries/testing-registry'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
-export async function GET(request: NextRequest) {
+export const GET = withRateLimitTier(async (request: NextRequest) => {
   // Authenticate request
   const authResult = await authenticateRequest(request)
@@ -69,7 +70,7 @@ export async function GET(request: NextRequest) {
       },
     },
   })
-}
+}, 'read');
 export async function OPTIONS() {
   return new NextResponse(null, {