@objectstack/core 0.8.2 → 0.9.1

package/src/index.ts

@@ -11,6 +11,12 @@ export * from './types.js';
 export * from './logger.js';
 export * from './plugin-loader.js';
 export * from './enhanced-kernel.js';
+export * from './api-registry.js';
+export * from './api-registry-plugin.js';
+export * as QA from './qa/index.js';
+
+// Export security utilities
+export * from './security/index.js';
 
 // Re-export contracts from @objectstack/spec for backward compatibility
 export type { 

package/src/logger.ts

@@ -21,6 +21,7 @@ export class ObjectLogger implements Logger {
     private isNode: boolean;
     private pinoLogger?: any; // Pino logger instance for Node.js
     private pinoInstance?: any; // Base Pino instance for creating child loggers
+    private require?: any; // CommonJS require function for Node.js
 
     constructor(config: Partial<LoggerConfig> = {}) {
         // Detect runtime environment
@@ -53,8 +54,13 @@ export class ObjectLogger implements Logger {
         if (!this.isNode) return;
 
         try {
-            // Dynamic import for Pino (Node.js only)
-            const pino = require('pino');
+            // Create require function dynamically for Node.js (avoids bundling issues in browser)
+            // @ts-ignore - dynamic import of Node.js module
+            const { createRequire } = eval('require("module")');
+            this.require = createRequire(import.meta.url);
+            
+            // Synchronous import for Pino using createRequire (works in ESM)
+            const pino = this.require('pino');
             
             // Build Pino options
             const pinoOptions: any = {
@@ -75,15 +81,34 @@ export class ObjectLogger implements Logger {
 
             // Console transport
             if (this.config.format === 'pretty') {
-                targets.push({
-                    target: 'pino-pretty',
-                    options: {
-                        colorize: true,
-                        translateTime: 'SYS:standard',
-                        ignore: 'pid,hostname'
-                    },
-                    level: this.config.level
-                });
+                // Check if pino-pretty is available
+                let hasPretty = false;
+                try {
+                    this.require.resolve('pino-pretty');
+                    hasPretty = true;
+                } catch (e) {
+                    // ignore
+                }
+
+                if (hasPretty) {
+                    targets.push({
+                        target: 'pino-pretty',
+                        options: {
+                            colorize: true,
+                            translateTime: 'SYS:standard',
+                            ignore: 'pid,hostname'
+                        },
+                        level: this.config.level
+                    });
+                } else {
+                     console.warn('[Logger] pino-pretty not found. Install it for pretty logging: pnpm add -D pino-pretty');
+                     // Fallback to text/simple
+                     targets.push({
+                        target: 'pino/file',
+                        options: { destination: 1 },
+                        level: this.config.level
+                    });
+                }
             } else if (this.config.format === 'json') {
                 // JSON to stdout
                 targets.push({

package/src/plugin-loader.ts

@@ -32,10 +32,11 @@ export interface ServiceRegistration {
 }
 
 /**
- * Plugin Configuration Validator
+ * Plugin Configuration Validator Interface
  * Uses Zod for runtime validation of plugin configurations
+ * @deprecated Use the PluginConfigValidator class from security module instead
  */
-export interface PluginConfigValidator {
+export interface IPluginConfigValidator {
     schema: z.ZodSchema;
     validate(config: any): any;
 }
@@ -366,15 +367,20 @@ export class PluginLoader {
         return semverRegex.test(version);
     }
 
-    private validatePluginConfig(plugin: PluginMetadata): void {
+    private validatePluginConfig(plugin: PluginMetadata, config?: any): void {
         if (!plugin.configSchema) {
             return;
         }
         
-        // TODO: Configuration validation implementation
-        // This requires plugin config to be passed during loading
-        // For now, just validate that the schema exists
-        this.logger.debug(`Plugin ${plugin.name} has configuration schema (validation not yet implemented)`);
+        if (!config) {
+            this.logger.debug(`Plugin ${plugin.name} has configuration schema but no config provided`);
+            return;
+        }
+        
+        // Configuration validation is now implemented in PluginConfigValidator
+        // This is a placeholder that logs the validation would happen
+        // The actual validation should be done by the caller when config is available
+        this.logger.debug(`Plugin ${plugin.name} has configuration schema (use PluginConfigValidator for validation)`);
     }
 
     private async verifyPluginSignature(plugin: PluginMetadata): Promise<void> {
@@ -382,12 +388,10 @@ export class PluginLoader {
             return;
         }
         
-        // TODO: Plugin signature verification implementation
-        // In a real implementation:
-        // 1. Extract public key from trusted source
-        // 2. Verify signature against plugin code hash
-        // 3. Throw error if verification fails
-        this.logger.debug(`Plugin ${plugin.name} signature verification (not yet implemented)`);
+        // Plugin signature verification is now implemented in PluginSignatureVerifier
+        // This is a placeholder that logs the verification would happen
+        // The actual verification should be done by the caller with proper security config
+        this.logger.debug(`Plugin ${plugin.name} has signature (use PluginSignatureVerifier for verification)`);
     }
 
     private async getSingletonService<T>(registration: ServiceRegistration): Promise<T> {

package/src/qa/adapter.ts

@@ -0,0 +1,14 @@
+import { QA } from '@objectstack/spec';
+
+/**
+ * Interface for executing test actions against a target system.
+ * The target could be a local Kernel instance or a remote API.
+ */
+export interface TestExecutionAdapter {
+  /**
+   * Execute a single test action.
+   * @param action The action to perform (create_record, api_call, etc.)
+   * @returns The result of the action (e.g. created record, API response)
+   */
+  execute(action: QA.TestAction, context: Record<string, unknown>): Promise<unknown>;
+}

package/src/qa/http-adapter.ts

@@ -0,0 +1,114 @@
+import { QA } from '@objectstack/spec';
+import { TestExecutionAdapter } from './adapter.js';
+
+export class HttpTestAdapter implements TestExecutionAdapter {
+  constructor(private baseUrl: string, private authToken?: string) {}
+
+  async execute(action: QA.TestAction, _context: Record<string, unknown>): Promise<unknown> {
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+    };
+    if (this.authToken) {
+      headers['Authorization'] = `Bearer ${this.authToken}`;
+    }
+    // If action.user is specified, maybe add a specific header for impersonation if supported?
+    if (action.user) {
+        headers['X-Run-As'] = action.user;
+    }
+
+    switch (action.type) {
+      case 'create_record':
+        return this.createRecord(action.target, action.payload || {}, headers);
+      case 'update_record':
+        return this.updateRecord(action.target, action.payload || {}, headers);
+      case 'delete_record':
+        return this.deleteRecord(action.target, action.payload || {}, headers);
+      case 'read_record':
+        return this.readRecord(action.target, action.payload || {}, headers);
+        case 'query_records':
+        return this.queryRecords(action.target, action.payload || {}, headers);
+      case 'api_call':
+        return this.rawApiCall(action.target, action.payload || {}, headers);
+        case 'wait':
+            const ms = Number(action.payload?.duration || 1000);
+            return new Promise(resolve => setTimeout(() => resolve({ waited: ms }), ms));
+      default:
+        throw new Error(`Unsupported action type in HttpAdapter: ${action.type}`);
+    }
+  }
+
+  private async createRecord(objectName: string, data: Record<string, unknown>, headers: Record<string, string>) {
+    const response = await fetch(`${this.baseUrl}/api/data/${objectName}`, {
+      method: 'POST',
+      headers,
+      body: JSON.stringify(data)
+    });
+    return this.handleResponse(response);
+  }
+
+  private async updateRecord(objectName: string, data: Record<string, unknown>, headers: Record<string, string>) {
+    const id = data._id || data.id;
+    if (!id) throw new Error('Update record requires _id or id in payload');
+    const response = await fetch(`${this.baseUrl}/api/data/${objectName}/${id}`, {
+      method: 'PUT',
+      headers,
+      body: JSON.stringify(data)
+    });
+    return this.handleResponse(response);
+  }
+
+  private async deleteRecord(objectName: string, data: Record<string, unknown>, headers: Record<string, string>) {
+    const id = data._id || data.id;
+    if (!id) throw new Error('Delete record requires _id or id in payload');
+    const response = await fetch(`${this.baseUrl}/api/data/${objectName}/${id}`, {
+      method: 'DELETE',
+      headers
+    });
+    return this.handleResponse(response);
+  }
+
+  private async readRecord(objectName: string, data: Record<string, unknown>, headers: Record<string, string>) {
+    const id = data._id || data.id;
+    if (!id) throw new Error('Read record requires _id or id in payload');
+    const response = await fetch(`${this.baseUrl}/api/data/${objectName}/${id}`, {
+      method: 'GET',
+      headers
+    });
+    return this.handleResponse(response);
+  }
+
+  private async queryRecords(objectName: string, data: Record<string, unknown>, headers: Record<string, string>) {
+      // Assuming query via POST or GraphQL-like endpoint
+      const response = await fetch(`${this.baseUrl}/api/data/${objectName}/query`, {
+          method: 'POST',
+          headers,
+          body: JSON.stringify(data)
+      });
+      return this.handleResponse(response);
+  }
+
+  private async rawApiCall(endpoint: string, data: Record<string, unknown>, headers: Record<string, string>) {
+      const method = (data.method as string) || 'GET';
+      const body = data.body ? JSON.stringify(data.body) : undefined;
+      const url = endpoint.startsWith('http') ? endpoint : `${this.baseUrl}${endpoint}`;
+      
+      const response = await fetch(url, {
+          method,
+          headers,
+          body
+      });
+      return this.handleResponse(response);
+  }
+
+  private async handleResponse(response: Response) {
+    if (!response.ok) {
+        const text = await response.text();
+        throw new Error(`HTTP Error ${response.status}: ${text}`);
+    }
+    const contentType = response.headers.get('content-type');
+    if (contentType && contentType.includes('application/json')) {
+        return response.json();
+    }
+    return response.text();
+  }
+}

package/src/qa/index.ts

@@ -0,0 +1,3 @@
+export * from './adapter.js';
+export * from './runner.js';
+export * from './http-adapter.js';

package/src/qa/runner.ts

@@ -0,0 +1,179 @@
+import { QA } from '@objectstack/spec';
+import { TestExecutionAdapter } from './adapter.js';
+
+export interface TestResult {
+  scenarioId: string;
+  passed: boolean;
+  steps: StepResult[];
+  error?: unknown;
+  duration: number;
+}
+
+export interface StepResult {
+  stepName: string;
+  passed: boolean;
+  error?: unknown;
+  output?: unknown;
+  duration: number;
+}
+
+export class TestRunner {
+  constructor(private adapter: TestExecutionAdapter) {}
+
+  async runSuite(suite: QA.TestSuite): Promise<TestResult[]> {
+    const results: TestResult[] = [];
+    for (const scenario of suite.scenarios) {
+      results.push(await this.runScenario(scenario));
+    }
+    return results;
+  }
+
+  async runScenario(scenario: QA.TestScenario): Promise<TestResult> {
+    const startTime = Date.now();
+    const context: Record<string, unknown> = {}; // Variable context
+    
+    // Initialize context from initial payload if needed? Currently schema doesn't have initial context prop on Scenario
+    // But we defined TestContextSchema separately.
+    
+    // Setup
+    if (scenario.setup) {
+      for (const step of scenario.setup) {
+        try {
+          await this.runStep(step, context);
+        } catch (e) {
+           return {
+             scenarioId: scenario.id,
+             passed: false,
+             steps: [],
+             error: `Setup failed: ${e instanceof Error ? e.message : String(e)}`,
+             duration: Date.now() - startTime
+           };
+        }
+      }
+    }
+
+    const stepResults: StepResult[] = [];
+    let scenarioPassed = true;
+    let scenarioError: unknown = undefined;
+
+    // Main Steps
+    for (const step of scenario.steps) {
+      const stepStartTime = Date.now();
+      try {
+        const output = await this.runStep(step, context);
+        stepResults.push({
+          stepName: step.name,
+          passed: true,
+          output,
+          duration: Date.now() - stepStartTime
+        });
+      } catch (e) {
+        scenarioPassed = false;
+        scenarioError = e;
+        stepResults.push({
+          stepName: step.name,
+          passed: false,
+          error: e,
+          duration: Date.now() - stepStartTime
+        });
+        break; // Stop on first failure
+      }
+    }
+
+    // Teardown (run even if failed)
+    if (scenario.teardown) {
+      for (const step of scenario.teardown) {
+        try {
+          await this.runStep(step, context);
+        } catch (e) {
+          // Log teardown failure but don't override main failure if it exists
+          if (scenarioPassed) {
+             scenarioPassed = false;
+             scenarioError = `Teardown failed: ${e instanceof Error ? e.message : String(e)}`;
+          }
+        }
+      }
+    }
+
+    return {
+      scenarioId: scenario.id,
+      passed: scenarioPassed,
+      steps: stepResults,
+      error: scenarioError,
+      duration: Date.now() - startTime
+    };
+  }
+
+  private async runStep(step: QA.TestStep, context: Record<string, unknown>): Promise<unknown> {
+    // 1. Resolve Variables with Context (Simple interpolation or just pass context?)
+    // For now, assume adpater handles context resolution or we do basic replacement
+    const resolvedAction = this.resolveVariables(step.action, context);
+
+    // 2. Execute Action
+    const result = await this.adapter.execute(resolvedAction, context);
+
+    // 3. Capture Outputs
+    if (step.capture) {
+      for (const [varName, path] of Object.entries(step.capture)) {
+        context[varName] = this.getValueByPath(result, path);
+      }
+    }
+
+    // 4. Run Assertions
+    if (step.assertions) {
+      for (const assertion of step.assertions) {
+        this.assert(result, assertion, context);
+      }
+    }
+
+    return result;
+  }
+
+  private resolveVariables(action: QA.TestAction, _context: Record<string, unknown>): QA.TestAction {
+    // TODO: Implement JSON path variable substitution stringify/parse
+    // For now returning as is
+    return action; 
+  }
+
+  private getValueByPath(obj: unknown, path: string): unknown {
+    if (!path) return obj;
+    const parts = path.split('.');
+    let current: any = obj;
+    for (const part of parts) {
+      if (current === null || current === undefined) return undefined;
+      current = current[part];
+    }
+    return current;
+  }
+
+  private assert(result: unknown, assertion: QA.TestAssertion, _context: Record<string, unknown>) {
+    const actual = this.getValueByPath(result, assertion.field);
+    // Resolve expected value if it's a variable ref? 
+    const expected = assertion.expectedValue; // Simplify for now
+
+    switch (assertion.operator) {
+      case 'equals':
+        if (actual !== expected) throw new Error(`Assertion failed: ${assertion.field} expected ${expected}, got ${actual}`);
+        break;
+      case 'not_equals':
+        if (actual === expected) throw new Error(`Assertion failed: ${assertion.field} expected not ${expected}, got ${actual}`);
+        break;
+      case 'contains':
+         if (Array.isArray(actual)) {
+             if (!actual.includes(expected)) throw new Error(`Assertion failed: ${assertion.field} array does not contain ${expected}`);
+         } else if (typeof actual === 'string') {
+             if (!actual.includes(String(expected))) throw new Error(`Assertion failed: ${assertion.field} string does not contain ${expected}`);
+         }
+         break;
+      case 'not_null':
+        if (actual === null || actual === undefined) throw new Error(`Assertion failed: ${assertion.field} is null`);
+        break;
+      case 'is_null':
+         if (actual !== null && actual !== undefined) throw new Error(`Assertion failed: ${assertion.field} is not null`);
+         break;
+      // ... Add other operators
+      default:
+        throw new Error(`Unknown assertion operator: ${assertion.operator}`);
+    }
+  }
+}

package/src/security/index.ts

@@ -0,0 +1,29 @@
+/**
+ * Security Module
+ * 
+ * Provides security features for the ObjectStack microkernel:
+ * - Plugin signature verification
+ * - Plugin configuration validation
+ * - Permission and capability enforcement
+ * 
+ * @module @objectstack/core/security
+ */
+
+export {
+  PluginSignatureVerifier,
+  type PluginSignatureConfig,
+  type SignatureVerificationResult,
+} from './plugin-signature-verifier.js';
+
+export {
+  PluginConfigValidator,
+  createPluginConfigValidator,
+} from './plugin-config-validator.js';
+
+export {
+  PluginPermissionEnforcer,
+  SecurePluginContext,
+  createPluginPermissionEnforcer,
+  type PluginPermissions,
+  type PermissionCheckResult,
+} from './plugin-permission-enforcer.js';