@nextsparkjs/theme-default 0.1.0-beta.17 → 0.1.0-beta.171

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (332) hide show
  1. package/api/ai/chat/stream/route.ts +4 -1
  2. package/api/ai/orchestrator/route.ts +10 -3
  3. package/api/ai/single-agent/route.ts +10 -3
  4. package/api/ai/usage/route.ts +4 -1
  5. package/blocks/benefits/component.tsx +4 -4
  6. package/blocks/cta-section/component.tsx +4 -4
  7. package/blocks/faq-accordion/component.tsx +2 -2
  8. package/blocks/features-grid/component.tsx +5 -5
  9. package/blocks/hero/component.tsx +2 -2
  10. package/blocks/hero/fields.ts +1 -1
  11. package/blocks/hero-with-form/component.tsx +7 -7
  12. package/blocks/hero-with-form/fields.ts +1 -1
  13. package/blocks/jumbotron/component.tsx +7 -7
  14. package/blocks/jumbotron/fields.ts +1 -1
  15. package/blocks/logo-cloud/component.tsx +6 -6
  16. package/blocks/logo-cloud/fields.ts +1 -1
  17. package/blocks/post-content/component.tsx +2 -2
  18. package/blocks/pricing-table/component.tsx +5 -5
  19. package/blocks/split-content/component.tsx +5 -5
  20. package/blocks/split-content/fields.ts +1 -1
  21. package/blocks/stats-counter/component.tsx +9 -9
  22. package/blocks/testimonials/component.tsx +4 -4
  23. package/blocks/testimonials/fields.ts +1 -1
  24. package/blocks/text-content/component.tsx +12 -10
  25. package/blocks/timeline/component.tsx +12 -12
  26. package/blocks/video-hero/component.tsx +7 -7
  27. package/blocks/video-hero/fields.ts +1 -1
  28. package/components/ai-chat/ChatPanel.tsx +7 -7
  29. package/components/ai-chat/Message.tsx +2 -2
  30. package/components/ai-chat/MessageInput.tsx +3 -3
  31. package/components/ai-chat/MessageList.tsx +3 -3
  32. package/components/ai-chat/TypingIndicator.tsx +2 -2
  33. package/config/app.config.ts +90 -62
  34. package/config/billing.config.ts +5 -10
  35. package/config/dashboard.config.ts +14 -0
  36. package/config/features.config.ts +10 -0
  37. package/config/permissions.config.ts +22 -23
  38. package/docs/{01-overview → public/01-overview}/01-introduction.md +5 -0
  39. package/docs/{01-overview → public/01-overview}/02-customization.md +5 -0
  40. package/docs/{02-features → public/02-features}/03-tasks-entity.md +5 -0
  41. package/docs/{03-ai → public/03-ai}/01-overview.md +5 -0
  42. package/docs/{03-ai → public/03-ai}/02-customization.md +5 -0
  43. package/docs/superadmin/01-setup/01-configuration.md +79 -0
  44. package/docs/superadmin/01-setup/02-deployment.md +82 -0
  45. package/docs/superadmin/02-management/01-users.md +83 -0
  46. package/docs/superadmin/03-integrations/01-langchain.md +139 -0
  47. package/emails/verify-email.ts +33 -0
  48. package/entities/customers/api/docs.md +107 -0
  49. package/entities/customers/api/presets.ts +80 -0
  50. package/entities/pages/api/docs.md +114 -0
  51. package/entities/pages/api/presets.ts +72 -0
  52. package/entities/posts/api/docs.md +120 -0
  53. package/entities/posts/api/presets.ts +74 -0
  54. package/entities/tasks/api/docs.md +126 -0
  55. package/entities/tasks/api/presets.ts +84 -0
  56. package/lib/selectors.ts +7 -4
  57. package/messages/de/admin.json +45 -0
  58. package/messages/en/admin.json +56 -0
  59. package/messages/en/navigation.json +2 -1
  60. package/messages/es/admin.json +56 -0
  61. package/messages/es/navigation.json +2 -1
  62. package/messages/fr/admin.json +45 -0
  63. package/messages/it/admin.json +45 -0
  64. package/messages/pt/admin.json +45 -0
  65. package/migrations/089_add_editor_team_role.sql +15 -23
  66. package/migrations/090_demo_users_teams.sql +11 -11
  67. package/migrations/091_greek_teams_billing.sql +15 -15
  68. package/migrations/093_pages_sample_data.sql +7 -7
  69. package/migrations/098_patterns_sample_data.sql +234 -0
  70. package/nextsparkjs-theme-default-0.1.0-beta.137.tgz +0 -0
  71. package/package.json +4 -3
  72. package/styles/globals.css +42 -0
  73. package/templates/(public)/page.tsx +1 -1
  74. package/tests/cypress/e2e/_utils/devtools/access.bdd.md +262 -0
  75. package/tests/cypress/e2e/_utils/devtools/access.cy.ts +171 -0
  76. package/tests/cypress/e2e/_utils/devtools/navigation.bdd.md +261 -0
  77. package/tests/cypress/e2e/_utils/devtools/navigation.cy.ts +157 -0
  78. package/tests/cypress/e2e/_utils/devtools/pages.bdd.md +303 -0
  79. package/tests/cypress/e2e/_utils/devtools/pages.cy.ts +184 -0
  80. package/tests/cypress/e2e/_utils/docs/README.md +215 -0
  81. package/tests/cypress/e2e/_utils/selectors/auth.bdd.md +354 -0
  82. package/tests/cypress/e2e/_utils/selectors/auth.cy.ts +310 -0
  83. package/tests/cypress/e2e/_utils/selectors/billing.bdd.md +276 -0
  84. package/tests/cypress/e2e/_utils/selectors/billing.cy.ts +182 -0
  85. package/tests/cypress/e2e/_utils/selectors/block-editor.bdd.md +615 -0
  86. package/tests/cypress/e2e/_utils/selectors/block-editor.cy.ts +783 -0
  87. package/tests/cypress/e2e/_utils/selectors/dashboard-container.cy.ts +52 -0
  88. package/tests/cypress/e2e/_utils/selectors/dashboard-mobile.bdd.md +205 -0
  89. package/tests/cypress/e2e/_utils/selectors/dashboard-mobile.cy.ts +137 -0
  90. package/tests/cypress/e2e/_utils/selectors/dashboard-navigation.bdd.md +147 -0
  91. package/tests/cypress/e2e/_utils/selectors/dashboard-navigation.cy.ts +114 -0
  92. package/tests/cypress/e2e/_utils/selectors/dashboard-sidebar.bdd.md +76 -0
  93. package/tests/cypress/e2e/_utils/selectors/dashboard-sidebar.cy.ts +68 -0
  94. package/tests/cypress/e2e/_utils/selectors/dashboard-topnav.bdd.md +326 -0
  95. package/tests/cypress/e2e/_utils/selectors/dashboard-topnav.cy.ts +177 -0
  96. package/tests/cypress/e2e/_utils/selectors/devtools.bdd.md +306 -0
  97. package/tests/cypress/e2e/_utils/selectors/devtools.cy.ts +273 -0
  98. package/tests/cypress/e2e/_utils/selectors/global-search.bdd.md +115 -0
  99. package/tests/cypress/e2e/_utils/selectors/global-search.cy.ts +93 -0
  100. package/tests/cypress/e2e/_utils/selectors/patterns.bdd.md +388 -0
  101. package/tests/cypress/e2e/_utils/selectors/patterns.cy.ts +559 -0
  102. package/tests/cypress/e2e/_utils/selectors/public.cy.ts +112 -0
  103. package/tests/cypress/e2e/_utils/selectors/settings-api-keys.bdd.md +266 -0
  104. package/tests/cypress/e2e/_utils/selectors/settings-api-keys.cy.ts +233 -0
  105. package/tests/cypress/e2e/_utils/selectors/settings-billing.bdd.md +78 -0
  106. package/tests/cypress/e2e/_utils/selectors/settings-billing.cy.ts +108 -0
  107. package/tests/cypress/e2e/_utils/selectors/settings-layout.bdd.md +129 -0
  108. package/tests/cypress/e2e/_utils/selectors/settings-layout.cy.ts +115 -0
  109. package/tests/cypress/e2e/_utils/selectors/settings-password.bdd.md +82 -0
  110. package/tests/cypress/e2e/_utils/selectors/settings-password.cy.ts +74 -0
  111. package/tests/cypress/e2e/_utils/selectors/settings-profile.bdd.md +77 -0
  112. package/tests/cypress/e2e/_utils/selectors/settings-profile.cy.ts +79 -0
  113. package/tests/cypress/e2e/_utils/selectors/settings-teams.bdd.md +130 -0
  114. package/tests/cypress/e2e/_utils/selectors/settings-teams.cy.ts +86 -0
  115. package/tests/cypress/e2e/_utils/selectors/superadmin.bdd.md +261 -0
  116. package/tests/cypress/e2e/_utils/selectors/superadmin.cy.ts +193 -0
  117. package/tests/cypress/e2e/_utils/selectors/tasks.bdd.md +593 -0
  118. package/tests/cypress/e2e/_utils/selectors/tasks.cy.ts +864 -0
  119. package/tests/cypress/e2e/_utils/selectors/taxonomies.cy.ts +126 -0
  120. package/tests/cypress/e2e/_utils/selectors/teams.bdd.md +278 -0
  121. package/tests/cypress/e2e/_utils/selectors/teams.cy.ts +195 -0
  122. package/tests/cypress/e2e/_utils/superadmin/all-teams.bdd.md +261 -0
  123. package/tests/cypress/e2e/_utils/superadmin/all-teams.cy.ts +177 -0
  124. package/tests/cypress/e2e/_utils/superadmin/all-users.bdd.md +406 -0
  125. package/tests/cypress/e2e/_utils/superadmin/all-users.cy.ts +294 -0
  126. package/tests/cypress/e2e/_utils/superadmin/dashboard.bdd.md +235 -0
  127. package/tests/cypress/e2e/_utils/superadmin/dashboard.cy.ts +149 -0
  128. package/tests/cypress/e2e/_utils/superadmin/subscriptions-overview.bdd.md +290 -0
  129. package/tests/cypress/e2e/_utils/superadmin/subscriptions-overview.cy.ts +194 -0
  130. package/tests/cypress/e2e/ai/ai-usage.cy.ts +209 -0
  131. package/tests/cypress/e2e/ai/chat-api.cy.ts +119 -0
  132. package/tests/cypress/e2e/ai/guardrails.cy.ts +332 -0
  133. package/tests/cypress/e2e/api/_core/billing/BillingAPIController.js +319 -0
  134. package/tests/cypress/e2e/api/_core/billing/check-action.cy.ts +326 -0
  135. package/tests/cypress/e2e/api/_core/billing/checkout.cy.ts +358 -0
  136. package/tests/cypress/e2e/api/_core/billing/lifecycle.cy.ts +423 -0
  137. package/tests/cypress/e2e/api/_core/billing/plans/README.md +345 -0
  138. package/tests/cypress/e2e/api/_core/billing/plans/business.cy.ts +412 -0
  139. package/tests/cypress/e2e/api/_core/billing/plans/downgrade.cy.ts +510 -0
  140. package/tests/cypress/e2e/api/_core/billing/plans/fixtures/billing-plans.json +163 -0
  141. package/tests/cypress/e2e/api/_core/billing/plans/free.cy.ts +500 -0
  142. package/tests/cypress/e2e/api/_core/billing/plans/pro.cy.ts +497 -0
  143. package/tests/cypress/e2e/api/_core/billing/plans/starter.cy.ts +342 -0
  144. package/tests/cypress/e2e/api/_core/billing/portal.cy.ts +313 -0
  145. package/tests/cypress/e2e/api/_core/devtools/registries.bdd.md +300 -0
  146. package/tests/cypress/e2e/api/_core/devtools/registries.cy.ts +368 -0
  147. package/tests/cypress/e2e/api/_core/scheduled-actions/cron-endpoint.bdd.md +375 -0
  148. package/tests/cypress/e2e/api/_core/scheduled-actions/cron-endpoint.cy.ts +346 -0
  149. package/tests/cypress/e2e/api/_core/scheduled-actions/devtools-endpoint.bdd.md +451 -0
  150. package/tests/cypress/e2e/api/_core/scheduled-actions/devtools-endpoint.cy.ts +447 -0
  151. package/tests/cypress/e2e/api/_core/scheduled-actions/scheduling.bdd.md +649 -0
  152. package/tests/cypress/e2e/api/_core/scheduled-actions/scheduling.cy.ts +333 -0
  153. package/tests/cypress/e2e/api/_core/security/security-headers.cy.ts +601 -0
  154. package/tests/cypress/e2e/api/_core/settings/api-keys.crud.cy.ts +923 -0
  155. package/tests/cypress/e2e/api/_core/teams/teams-security.cy.ts +415 -0
  156. package/tests/cypress/e2e/api/_core/users/users-crud.cy.ts +469 -0
  157. package/tests/cypress/e2e/api/_core/users/users-metas.cy.ts +913 -0
  158. package/tests/cypress/e2e/api/_core/users/users-security.cy.ts +375 -0
  159. package/tests/cypress/e2e/api/entities/customers/customers-crud.cy.ts +648 -0
  160. package/tests/cypress/e2e/api/entities/customers/customers-metas.cy.ts +839 -0
  161. package/tests/cypress/e2e/api/entities/media/media-crud.cy.ts +600 -0
  162. package/tests/cypress/e2e/api/entities/media/media-role-permissions.cy.ts +617 -0
  163. package/tests/cypress/e2e/api/entities/media/media-team-isolation.cy.ts +464 -0
  164. package/tests/cypress/e2e/api/entities/pages/blocks-scope.cy.ts +396 -0
  165. package/tests/cypress/e2e/api/entities/pages/pages-crud.cy.ts +425 -0
  166. package/tests/cypress/e2e/api/entities/pages/pages-status.cy.ts +335 -0
  167. package/tests/cypress/e2e/api/entities/posts/post-categories-crud.cy.ts +610 -0
  168. package/tests/cypress/e2e/api/entities/posts/posts-crud.cy.ts +709 -0
  169. package/tests/cypress/e2e/api/entities/posts/posts-status.cy.ts +396 -0
  170. package/tests/cypress/e2e/api/entities/tasks/tasks-crud.cy.ts +602 -0
  171. package/tests/cypress/e2e/api/entities/tasks/tasks-metas.cy.ts +878 -0
  172. package/tests/cypress/e2e/patterns/patterns-in-pages.cy.ts +367 -0
  173. package/tests/cypress/e2e/uat/_core/auth/app-roles/developer-login.bdd.md +231 -0
  174. package/tests/cypress/e2e/uat/_core/auth/app-roles/developer-login.cy.ts +144 -0
  175. package/tests/cypress/e2e/uat/_core/auth/app-roles/superadmin-login.bdd.md +118 -0
  176. package/tests/cypress/e2e/uat/_core/auth/app-roles/superadmin-login.cy.ts +84 -0
  177. package/tests/cypress/e2e/uat/_core/auth/custom-roles/editor-login.bdd.md +288 -0
  178. package/tests/cypress/e2e/uat/_core/auth/custom-roles/editor-login.cy.ts +188 -0
  179. package/tests/cypress/e2e/uat/_core/auth/login-logout.bdd.md +160 -0
  180. package/tests/cypress/e2e/uat/_core/auth/login-logout.cy.ts +116 -0
  181. package/tests/cypress/e2e/uat/_core/auth/password-reset.bdd.md +289 -0
  182. package/tests/cypress/e2e/uat/_core/auth/password-reset.cy.ts +200 -0
  183. package/tests/cypress/e2e/uat/_core/auth/registration-control-invitation.cy.ts +176 -0
  184. package/tests/cypress/e2e/uat/_core/auth/registration-control-open.cy.ts +131 -0
  185. package/tests/cypress/e2e/uat/_core/auth/registration-control.cy.ts +140 -0
  186. package/tests/cypress/e2e/uat/_core/auth/team-roles/admin-login.bdd.md +225 -0
  187. package/tests/cypress/e2e/uat/_core/auth/team-roles/admin-login.cy.ts +148 -0
  188. package/tests/cypress/e2e/uat/_core/auth/team-roles/member-login.bdd.md +251 -0
  189. package/tests/cypress/e2e/uat/_core/auth/team-roles/member-login.cy.ts +163 -0
  190. package/tests/cypress/e2e/uat/_core/auth/team-roles/owner-login.bdd.md +231 -0
  191. package/tests/cypress/e2e/uat/_core/auth/team-roles/owner-login.cy.ts +141 -0
  192. package/tests/cypress/e2e/uat/_core/billing/extended.bdd.md +273 -0
  193. package/tests/cypress/e2e/uat/_core/billing/extended.cy.ts +209 -0
  194. package/tests/cypress/e2e/uat/_core/billing/feature-gates.bdd.md +407 -0
  195. package/tests/cypress/e2e/uat/_core/billing/feature-gates.cy.ts +307 -0
  196. package/tests/cypress/e2e/uat/_core/billing/page.bdd.md +329 -0
  197. package/tests/cypress/e2e/uat/_core/billing/page.cy.ts +250 -0
  198. package/tests/cypress/e2e/uat/_core/billing/status.bdd.md +190 -0
  199. package/tests/cypress/e2e/uat/_core/billing/status.cy.ts +145 -0
  200. package/tests/cypress/e2e/uat/_core/billing/team-switch.bdd.md +156 -0
  201. package/tests/cypress/e2e/uat/_core/billing/team-switch.cy.ts +122 -0
  202. package/tests/cypress/e2e/uat/_core/billing/usage.bdd.md +218 -0
  203. package/tests/cypress/e2e/uat/_core/billing/usage.cy.ts +176 -0
  204. package/tests/cypress/e2e/uat/_core/blocks/hero.bdd.md +124 -0
  205. package/tests/cypress/e2e/uat/_core/blocks/hero.cy.ts +56 -0
  206. package/tests/cypress/e2e/uat/_core/devtools/api-tester.cy.ts +390 -0
  207. package/tests/cypress/e2e/uat/_core/performance/suspense-loading.cy.ts +134 -0
  208. package/tests/cypress/e2e/uat/_core/scheduled-actions/devtools-ui.bdd.md +736 -0
  209. package/tests/cypress/e2e/uat/_core/scheduled-actions/devtools-ui.cy.ts +740 -0
  210. package/tests/cypress/e2e/uat/_core/teams/inline-edit.cy.ts +278 -0
  211. package/tests/cypress/e2e/uat/_core/teams/roles-matrix.bdd.md +553 -0
  212. package/tests/cypress/e2e/uat/_core/teams/roles-matrix.cy.ts +185 -0
  213. package/tests/cypress/e2e/uat/_core/teams/switcher.bdd.md +1151 -0
  214. package/tests/cypress/e2e/uat/_core/teams/switcher.cy.ts +497 -0
  215. package/tests/cypress/e2e/uat/_core/teams/team-switcher.md +198 -0
  216. package/tests/cypress/e2e/uat/entities/customers/member.bdd.md +275 -0
  217. package/tests/cypress/e2e/uat/entities/customers/member.cy.ts +122 -0
  218. package/tests/cypress/e2e/uat/entities/customers/owner.bdd.md +243 -0
  219. package/tests/cypress/e2e/uat/entities/customers/owner.cy.ts +165 -0
  220. package/tests/cypress/e2e/uat/entities/pages/block-crud.bdd.md +476 -0
  221. package/tests/cypress/e2e/uat/entities/pages/block-crud.cy.ts +486 -0
  222. package/tests/cypress/e2e/uat/entities/pages/block-editor.bdd.md +460 -0
  223. package/tests/cypress/e2e/uat/entities/pages/block-editor.cy.ts +301 -0
  224. package/tests/cypress/e2e/uat/entities/pages/list.bdd.md +432 -0
  225. package/tests/cypress/e2e/uat/entities/pages/list.cy.ts +273 -0
  226. package/tests/cypress/e2e/uat/entities/pages/public-rendering.bdd.md +696 -0
  227. package/tests/cypress/e2e/uat/entities/pages/public-rendering.cy.ts +340 -0
  228. package/tests/cypress/e2e/uat/entities/posts/categories-api-aware.bdd.md +161 -0
  229. package/tests/cypress/e2e/uat/entities/posts/categories-api-aware.cy.ts +104 -0
  230. package/tests/cypress/e2e/uat/entities/posts/categories.bdd.md +375 -0
  231. package/tests/cypress/e2e/uat/entities/posts/categories.cy.ts +241 -0
  232. package/tests/cypress/e2e/uat/entities/posts/editor.bdd.md +429 -0
  233. package/tests/cypress/e2e/uat/entities/posts/editor.cy.ts +257 -0
  234. package/tests/cypress/e2e/uat/entities/posts/list.bdd.md +340 -0
  235. package/tests/cypress/e2e/uat/entities/posts/list.cy.ts +177 -0
  236. package/tests/cypress/e2e/uat/entities/posts/public.bdd.md +614 -0
  237. package/tests/cypress/e2e/uat/entities/posts/public.cy.ts +249 -0
  238. package/tests/cypress/e2e/uat/entities/tasks/member.bdd.md +222 -0
  239. package/tests/cypress/e2e/uat/entities/tasks/member.cy.ts +165 -0
  240. package/tests/cypress/e2e/uat/entities/tasks/owner.bdd.md +419 -0
  241. package/tests/cypress/e2e/uat/entities/tasks/owner.cy.ts +191 -0
  242. package/tests/cypress/e2e/uat/features/roles/editor-role.bdd.md +552 -0
  243. package/tests/cypress/e2e/uat/features/roles/editor-role.cy.ts +210 -0
  244. package/tests/cypress/e2e/uat/features/roles/member-restrictions.bdd.md +450 -0
  245. package/tests/cypress/e2e/uat/features/roles/member-restrictions.cy.ts +189 -0
  246. package/tests/cypress/e2e/uat/features/roles/owner-full-crud.bdd.md +530 -0
  247. package/tests/cypress/e2e/uat/features/roles/owner-full-crud.cy.ts +247 -0
  248. package/tests/cypress/fixtures/blocks.json +218 -0
  249. package/tests/cypress/fixtures/entities.json +87 -0
  250. package/tests/cypress/fixtures/page-builder.json +21 -0
  251. package/tests/cypress/src/components/CategoriesPOM.ts +382 -0
  252. package/tests/cypress/src/components/CustomersPOM.ts +439 -0
  253. package/tests/cypress/src/components/DevKeyringPOM.ts +160 -0
  254. package/tests/cypress/src/components/EntityForm.ts +375 -0
  255. package/tests/cypress/src/components/EntityList.ts +389 -0
  256. package/tests/cypress/src/components/PageBuilderPOM.ts +710 -0
  257. package/tests/cypress/src/components/PostEditorPOM.ts +370 -0
  258. package/tests/cypress/src/components/PostsListPOM.ts +223 -0
  259. package/tests/cypress/src/components/PublicPagePOM.ts +447 -0
  260. package/tests/cypress/src/components/PublicPostPOM.ts +146 -0
  261. package/tests/cypress/src/components/TasksPOM.ts +272 -0
  262. package/tests/cypress/src/components/TeamSwitcherPOM.ts +450 -0
  263. package/tests/cypress/src/components/index.ts +21 -0
  264. package/tests/cypress/src/controllers/ApiKeysAPIController.js +178 -0
  265. package/tests/cypress/src/controllers/BaseAPIController.js +317 -0
  266. package/tests/cypress/src/controllers/CustomerAPIController.js +251 -0
  267. package/tests/cypress/src/controllers/MediaAPIController.js +231 -0
  268. package/tests/cypress/src/controllers/PagesAPIController.js +226 -0
  269. package/tests/cypress/src/controllers/PostsAPIController.js +250 -0
  270. package/tests/cypress/src/controllers/TaskAPIController.js +240 -0
  271. package/tests/cypress/src/controllers/UsersAPIController.js +242 -0
  272. package/tests/cypress/src/controllers/index.js +25 -0
  273. package/tests/cypress/src/core/AuthPOM.ts +450 -0
  274. package/tests/cypress/src/core/BasePOM.ts +33 -0
  275. package/tests/cypress/src/core/BlockEditorBasePOM.ts +874 -0
  276. package/tests/cypress/src/core/DashboardEntityPOM.ts +41 -0
  277. package/tests/cypress/src/core/index.ts +14 -0
  278. package/tests/cypress/src/entities/CustomersPOM.ts +172 -0
  279. package/tests/cypress/src/entities/PagesPOM.ts +137 -0
  280. package/tests/cypress/src/entities/PatternsPOM.ts +329 -0
  281. package/tests/cypress/src/entities/PostsPOM.ts +137 -0
  282. package/tests/cypress/src/entities/TasksPOM.ts +246 -0
  283. package/tests/cypress/src/entities/index.ts +16 -0
  284. package/tests/cypress/src/features/BillingPOM.ts +385 -0
  285. package/tests/cypress/src/features/DashboardPOM.ts +271 -0
  286. package/tests/cypress/src/features/DevtoolsPOM.ts +750 -0
  287. package/tests/cypress/src/features/PageBuilderPOM.ts +283 -0
  288. package/tests/cypress/src/features/PostEditorPOM.ts +313 -0
  289. package/tests/cypress/src/features/ScheduledActionsPOM.ts +463 -0
  290. package/tests/cypress/src/features/SettingsPOM.ts +707 -0
  291. package/tests/cypress/src/features/SuperadminPOM.ts +851 -0
  292. package/tests/cypress/src/features/SuperadminTeamRolesPOM.ts +285 -0
  293. package/tests/cypress/src/features/index.ts +28 -0
  294. package/tests/cypress/src/helpers/ApiInterceptor.ts +20 -0
  295. package/tests/cypress/src/index.ts +101 -0
  296. package/tests/cypress/src/pages/dashboard/Dashboard.js +677 -0
  297. package/tests/cypress/src/pages/dashboard/DashboardPage.js +43 -0
  298. package/tests/cypress/src/pages/dashboard/DashboardStats.js +546 -0
  299. package/tests/cypress/src/pages/dashboard/index.js +6 -0
  300. package/tests/cypress/src/pages/index.js +5 -0
  301. package/tests/cypress/src/pages/public/FeaturesPage.js +28 -0
  302. package/tests/cypress/src/pages/public/LandingPage.js +69 -0
  303. package/tests/cypress/src/pages/public/PricingPage.js +33 -0
  304. package/tests/cypress/src/pages/public/index.js +6 -0
  305. package/tests/cypress/src/selectors.ts +46 -0
  306. package/tests/cypress/src/session-helpers.ts +518 -0
  307. package/tests/cypress/support/doc-commands.ts +260 -0
  308. package/tests/cypress/support/e2e.ts +90 -0
  309. package/tests/cypress.config.ts +178 -0
  310. package/tests/jest/__mocks__/@nextsparkjs/core/components/ui/badge.js +16 -0
  311. package/tests/jest/__mocks__/@nextsparkjs/core/lib/db.js +11 -0
  312. package/tests/jest/__mocks__/@nextsparkjs/registries/permissions-registry.ts +160 -0
  313. package/tests/jest/__mocks__/@nextsparkjs/registries/theme-registry.ts +68 -0
  314. package/tests/jest/__mocks__/jose.js +22 -0
  315. package/tests/jest/__mocks__/next/image.js +15 -0
  316. package/tests/jest/__mocks__/next-server.js +56 -0
  317. package/tests/jest/components/post-header.test.tsx +377 -0
  318. package/tests/jest/jest.config.cjs +154 -0
  319. package/tests/jest/langchain/COVERAGE.md +372 -0
  320. package/tests/jest/langchain/guardrails.test.ts +465 -0
  321. package/tests/jest/langchain/streaming.test.ts +370 -0
  322. package/tests/jest/langchain/token-tracker.test.ts +455 -0
  323. package/tests/jest/langchain/tracer-callbacks.test.ts +881 -0
  324. package/tests/jest/langchain/tracer.test.ts +823 -0
  325. package/tests/jest/services/tasks.service.test.ts +707 -0
  326. package/tests/jest/setup.ts +170 -0
  327. package/tests/jest/tsconfig.jest.json +6 -0
  328. package/tests/jest/validation/categories.test.ts +429 -0
  329. package/tests/jest/validation/posts.test.ts +546 -0
  330. package/tests/tsconfig.json +21 -0
  331. /package/docs/{02-features → public/02-features}/01-components.md +0 -0
  332. /package/docs/{02-features → public/02-features}/02-styling.md +0 -0
@@ -0,0 +1,415 @@
1
+ /**
2
+ * Teams API - Security Tests
3
+ *
4
+ * Tests for security vulnerabilities in Teams PATCH endpoint:
5
+ * - Issue #1: Type coercion vulnerability (empty strings, 0, false, null)
6
+ * - Issue #2: Permission check order (owner-only fields)
7
+ * - Issue #3: Schema validation (owner vs non-owner schemas)
8
+ *
9
+ * Uses existing sample data users:
10
+ * - Owner: Carlos Mendoza (team-everpoint-001)
11
+ * - Admin: James Wilson (team-everpoint-001)
12
+ * - Member: Emily Johnson (team-everpoint-001)
13
+ *
14
+ * @tags @api @teams @security
15
+ */
16
+
17
+ import * as allure from 'allure-cypress'
18
+ import { loginAsOwner, loginAsAdmin, loginAsMember, BILLING_TEAMS } from '../../../../src/session-helpers'
19
+
20
+ describe('Teams API - Security Tests', { tags: ['@api', '@teams', '@security'] }, () => {
21
+ // Use Everpoint Labs team from sample data (Carlos is owner, James is admin, Emily is member)
22
+ const TEST_TEAM_ID = BILLING_TEAMS.PRO.teamId // team-everpoint-001
23
+ const BASE_URL = Cypress.config('baseUrl') || 'http://localhost:3000'
24
+
25
+ beforeEach(() => {
26
+ allure.epic('API')
27
+ allure.feature('Teams')
28
+ allure.story('Security & Permission Enforcement')
29
+ })
30
+
31
+ describe('Issue #1: Type Coercion Vulnerability', () => {
32
+ context('As Admin (non-owner)', () => {
33
+ beforeEach(() => {
34
+ loginAsAdmin()
35
+ cy.visit('/dashboard') // Required for session cookies
36
+ })
37
+
38
+ it('SEC_TEAMS_001: Should reject PATCH with empty string for name', { tags: '@smoke' }, () => {
39
+ allure.severity('critical')
40
+ cy.request({
41
+ method: 'PATCH',
42
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
43
+ body: { name: '' },
44
+ failOnStatusCode: false,
45
+ }).then((response) => {
46
+ expect(response.status).to.eq(403)
47
+ expect(response.body.success).to.be.false
48
+ expect(response.body.error).to.include('owner')
49
+ expect(response.body.reason).to.eq('OWNER_ONLY')
50
+ })
51
+ })
52
+
53
+ it('SEC_TEAMS_002: Should reject PATCH with null for description', () => {
54
+ cy.request({
55
+ method: 'PATCH',
56
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
57
+ body: { description: null },
58
+ failOnStatusCode: false,
59
+ }).then((response) => {
60
+ expect(response.status).to.eq(403)
61
+ expect(response.body.success).to.be.false
62
+ expect(response.body.error).to.include('owner')
63
+ expect(response.body.reason).to.eq('OWNER_ONLY')
64
+ })
65
+ })
66
+
67
+ it('SEC_TEAMS_003: Should reject PATCH with number (0) for name', () => {
68
+ cy.request({
69
+ method: 'PATCH',
70
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
71
+ body: { name: 0 },
72
+ failOnStatusCode: false,
73
+ }).then((response) => {
74
+ expect(response.status).to.eq(403)
75
+ expect(response.body.success).to.be.false
76
+ expect(response.body.error).to.include('owner')
77
+ expect(response.body.reason).to.eq('OWNER_ONLY')
78
+ })
79
+ })
80
+
81
+ it('SEC_TEAMS_004: Should reject PATCH with boolean (false) for description', () => {
82
+ cy.request({
83
+ method: 'PATCH',
84
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
85
+ body: { description: false },
86
+ failOnStatusCode: false,
87
+ }).then((response) => {
88
+ expect(response.status).to.eq(403)
89
+ expect(response.body.success).to.be.false
90
+ expect(response.body.error).to.include('owner')
91
+ expect(response.body.reason).to.eq('OWNER_ONLY')
92
+ })
93
+ })
94
+
95
+ it('SEC_TEAMS_005: Should reject PATCH with whitespace-only name', () => {
96
+ cy.request({
97
+ method: 'PATCH',
98
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
99
+ body: { name: ' ' },
100
+ failOnStatusCode: false,
101
+ }).then((response) => {
102
+ expect(response.status).to.eq(403)
103
+ expect(response.body.success).to.be.false
104
+ expect(response.body.error).to.include('owner')
105
+ expect(response.body.reason).to.eq('OWNER_ONLY')
106
+ })
107
+ })
108
+ })
109
+
110
+ context('As Member (non-owner)', () => {
111
+ beforeEach(() => {
112
+ loginAsMember()
113
+ cy.visit('/dashboard') // Required for session cookies
114
+ })
115
+
116
+ it('SEC_TEAMS_006: Should reject PATCH with empty string for name', () => {
117
+ cy.request({
118
+ method: 'PATCH',
119
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
120
+ body: { name: '' },
121
+ failOnStatusCode: false,
122
+ }).then((response) => {
123
+ expect(response.status).to.eq(403)
124
+ expect(response.body.success).to.be.false
125
+ expect(response.body.error).to.include('owner')
126
+ expect(response.body.reason).to.eq('OWNER_ONLY')
127
+ })
128
+ })
129
+
130
+ it('SEC_TEAMS_007: Should reject PATCH with description update', () => {
131
+ cy.request({
132
+ method: 'PATCH',
133
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
134
+ body: { description: 'New description' },
135
+ failOnStatusCode: false,
136
+ }).then((response) => {
137
+ expect(response.status).to.eq(403)
138
+ expect(response.body.success).to.be.false
139
+ expect(response.body.error).to.include('owner')
140
+ expect(response.body.reason).to.eq('OWNER_ONLY')
141
+ })
142
+ })
143
+ })
144
+ })
145
+
146
+ describe('Issue #2: Permission Check Order', () => {
147
+ context('Admin user (non-owner)', () => {
148
+ beforeEach(() => {
149
+ loginAsAdmin()
150
+ cy.visit('/dashboard')
151
+ })
152
+
153
+ it('SEC_TEAMS_010: Should return 403 with OWNER_ONLY reason when trying to update name', { tags: '@smoke' }, () => {
154
+ allure.severity('critical')
155
+ cy.request({
156
+ method: 'PATCH',
157
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
158
+ body: { name: 'New Name by Admin' },
159
+ failOnStatusCode: false,
160
+ }).then((response) => {
161
+ expect(response.status).to.eq(403)
162
+ expect(response.body.success).to.be.false
163
+ expect(response.body.reason).to.eq('OWNER_ONLY')
164
+ expect(response.body.error).to.include('Only team owner')
165
+ expect(response.body.error).to.not.include('generic')
166
+ })
167
+ })
168
+
169
+ it('SEC_TEAMS_011: Should return 403 with OWNER_ONLY reason when trying to update description', () => {
170
+ cy.request({
171
+ method: 'PATCH',
172
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
173
+ body: { description: 'New Description by Admin' },
174
+ failOnStatusCode: false,
175
+ }).then((response) => {
176
+ expect(response.status).to.eq(403)
177
+ expect(response.body.success).to.be.false
178
+ expect(response.body.reason).to.eq('OWNER_ONLY')
179
+ expect(response.body.error).to.include('Only team owner')
180
+ })
181
+ })
182
+
183
+ it('SEC_TEAMS_012: Should return specific error, not generic permission error', () => {
184
+ cy.request({
185
+ method: 'PATCH',
186
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
187
+ body: { name: 'Test' },
188
+ failOnStatusCode: false,
189
+ }).then((response) => {
190
+ expect(response.status).to.eq(403)
191
+ expect(response.body.reason).to.eq('OWNER_ONLY')
192
+ // Should NOT be generic "teams.update" permission error
193
+ expect(response.body.reason).to.not.eq('INSUFFICIENT_PERMISSIONS')
194
+ })
195
+ })
196
+ })
197
+
198
+ context('Member user (non-owner)', () => {
199
+ beforeEach(() => {
200
+ loginAsMember()
201
+ cy.visit('/dashboard')
202
+ })
203
+
204
+ it('SEC_TEAMS_013: Should return 403 with OWNER_ONLY reason when trying to update name', () => {
205
+ cy.request({
206
+ method: 'PATCH',
207
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
208
+ body: { name: 'New Name by Member' },
209
+ failOnStatusCode: false,
210
+ }).then((response) => {
211
+ expect(response.status).to.eq(403)
212
+ expect(response.body.success).to.be.false
213
+ expect(response.body.reason).to.eq('OWNER_ONLY')
214
+ })
215
+ })
216
+ })
217
+ })
218
+
219
+ describe('Issue #3: Schema Validation (Owner vs Non-Owner)', () => {
220
+ context('Owner updates', () => {
221
+ beforeEach(() => {
222
+ loginAsOwner()
223
+ cy.visit('/dashboard')
224
+ })
225
+
226
+ it('SEC_TEAMS_020: Should use ownerUpdateTeamSchema for name updates', () => {
227
+ cy.request({
228
+ method: 'PATCH',
229
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
230
+ body: { name: 'A' }, // Too short (min 2 chars)
231
+ failOnStatusCode: false,
232
+ }).then((response) => {
233
+ expect(response.status).to.eq(400)
234
+ expect(response.body.success).to.be.false
235
+ expect(response.body.code).to.eq('VALIDATION_ERROR')
236
+ expect(response.body.error).to.include('at least 2 characters')
237
+ })
238
+ })
239
+
240
+ it('SEC_TEAMS_021: Should use ownerUpdateTeamSchema for description updates', () => {
241
+ cy.request({
242
+ method: 'PATCH',
243
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
244
+ body: { description: null },
245
+ failOnStatusCode: false,
246
+ }).then((response) => {
247
+ // Should accept null for description
248
+ expect(response.status).to.eq(200)
249
+ expect(response.body.success).to.be.true
250
+ })
251
+ })
252
+
253
+ it('SEC_TEAMS_022: Should allow valid owner updates', () => {
254
+ cy.request({
255
+ method: 'PATCH',
256
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
257
+ body: {
258
+ name: 'Everpoint Labs Updated',
259
+ description: 'Updated description',
260
+ },
261
+ }).then((response) => {
262
+ expect(response.status).to.eq(200)
263
+ expect(response.body.success).to.be.true
264
+ expect(response.body.data.name).to.eq('Everpoint Labs Updated')
265
+ expect(response.body.data.description).to.eq('Updated description')
266
+ })
267
+ })
268
+
269
+ // Restore original name
270
+ after(() => {
271
+ cy.request({
272
+ method: 'PATCH',
273
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
274
+ body: { name: 'Everpoint Labs' },
275
+ })
276
+ })
277
+ })
278
+
279
+ context('Admin updates (non-owner fields only)', () => {
280
+ beforeEach(() => {
281
+ loginAsAdmin()
282
+ cy.visit('/dashboard')
283
+ })
284
+
285
+ it('SEC_TEAMS_023: Should reject name/description fields before schema validation', () => {
286
+ // Should fail with 403 OWNER_ONLY, not 400 VALIDATION_ERROR
287
+ cy.request({
288
+ method: 'PATCH',
289
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
290
+ body: { name: 'Test' },
291
+ failOnStatusCode: false,
292
+ }).then((response) => {
293
+ expect(response.status).to.eq(403)
294
+ expect(response.body.reason).to.eq('OWNER_ONLY')
295
+ // Should NOT reach schema validation
296
+ expect(response.body.code).to.not.eq('VALIDATION_ERROR')
297
+ })
298
+ })
299
+
300
+ it('SEC_TEAMS_024: Should allow slug updates by admin', () => {
301
+ cy.request({
302
+ method: 'PATCH',
303
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
304
+ body: { slug: 'everpoint-labs-new' },
305
+ failOnStatusCode: false,
306
+ }).then((response) => {
307
+ // Current implementation: Admins can update slug
308
+ // If this fails, it means the permission system is correctly restricting admin slug updates
309
+ // We document both expected behaviors here
310
+ if (response.status === 200) {
311
+ expect(response.body.success).to.be.true
312
+ cy.log('✅ Admins CAN update slug (current behavior)')
313
+ } else if (response.status === 403) {
314
+ expect(response.body.reason).to.eq('OWNER_ONLY')
315
+ cy.log('✅ Admins CANNOT update slug (stricter behavior)')
316
+ }
317
+ })
318
+ })
319
+
320
+ it('SEC_TEAMS_025: Should allow avatarUrl updates by admin', () => {
321
+ cy.request({
322
+ method: 'PATCH',
323
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
324
+ body: { avatarUrl: 'https://example.com/avatar.png' },
325
+ failOnStatusCode: false,
326
+ }).then((response) => {
327
+ // Similar to slug, this documents expected behavior
328
+ if (response.status === 200) {
329
+ expect(response.body.success).to.be.true
330
+ cy.log('✅ Admins CAN update avatarUrl (current behavior)')
331
+ } else if (response.status === 403) {
332
+ expect(response.body.reason).to.eq('OWNER_ONLY')
333
+ cy.log('✅ Admins CANNOT update avatarUrl (stricter behavior)')
334
+ }
335
+ })
336
+ })
337
+ })
338
+ })
339
+
340
+ describe('Issue #10: Description Max Length Documentation', () => {
341
+ context('Owner updates', () => {
342
+ beforeEach(() => {
343
+ loginAsOwner()
344
+ cy.visit('/dashboard')
345
+ })
346
+
347
+ it('SEC_TEAMS_030: Should accept very long descriptions (TEXT type, no limit)', () => {
348
+ const longDescription = 'A'.repeat(10000) // 10KB text
349
+
350
+ cy.request({
351
+ method: 'PATCH',
352
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
353
+ body: { description: longDescription },
354
+ }).then((response) => {
355
+ expect(response.status).to.eq(200)
356
+ expect(response.body.success).to.be.true
357
+ expect(response.body.data.description).to.eq(longDescription)
358
+ })
359
+ })
360
+
361
+ it('SEC_TEAMS_031: Should accept null for description', () => {
362
+ cy.request({
363
+ method: 'PATCH',
364
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
365
+ body: { description: null },
366
+ }).then((response) => {
367
+ expect(response.status).to.eq(200)
368
+ expect(response.body.success).to.be.true
369
+ expect(response.body.data.description).to.be.null
370
+ })
371
+ })
372
+
373
+ // Restore original description
374
+ after(() => {
375
+ cy.request({
376
+ method: 'PATCH',
377
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
378
+ body: { description: 'Enabling digital innovation through scalable platforms' },
379
+ })
380
+ })
381
+ })
382
+ })
383
+
384
+ describe('Dual Authentication Support', () => {
385
+ it('SEC_TEAMS_040: Should accept session-based auth for owner', () => {
386
+ loginAsOwner()
387
+ cy.visit('/dashboard')
388
+
389
+ cy.request({
390
+ method: 'PATCH',
391
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
392
+ body: { description: 'Session Auth Test' },
393
+ }).then((response) => {
394
+ expect(response.status).to.eq(200)
395
+ expect(response.body.success).to.be.true
396
+ })
397
+ })
398
+
399
+ it('SEC_TEAMS_041: Should reject request without auth', () => {
400
+ cy.clearAllSessionStorage()
401
+ cy.clearAllCookies()
402
+
403
+ cy.request({
404
+ method: 'PATCH',
405
+ url: `/api/v1/teams/${TEST_TEAM_ID}`,
406
+ body: { name: 'No Auth Test' },
407
+ failOnStatusCode: false,
408
+ }).then((response) => {
409
+ expect(response.status).to.eq(401)
410
+ expect(response.body.success).to.be.false
411
+ expect(response.body.code).to.eq('AUTHENTICATION_FAILED')
412
+ })
413
+ })
414
+ })
415
+ })