@objectstack/core 4.0.4 → 4.1.0

package/src/qa/runner.ts

@@ -1,189 +0,0 @@
-// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
-
-import { QA } from '@objectstack/spec';
-import { TestExecutionAdapter } from './adapter.js';
-
-export interface TestResult {
-  scenarioId: string;
-  passed: boolean;
-  steps: StepResult[];
-  error?: unknown;
-  duration: number;
-}
-
-export interface StepResult {
-  stepName: string;
-  passed: boolean;
-  error?: unknown;
-  output?: unknown;
-  duration: number;
-}
-
-export class TestRunner {
-  constructor(private adapter: TestExecutionAdapter) {}
-
-  async runSuite(suite: QA.TestSuite): Promise<TestResult[]> {
-    const results: TestResult[] = [];
-    for (const scenario of suite.scenarios) {
-      results.push(await this.runScenario(scenario));
-    }
-    return results;
-  }
-
-  async runScenario(scenario: QA.TestScenario): Promise<TestResult> {
-    const startTime = Date.now();
-    const context: Record<string, unknown> = {}; // Variable context
-    
-    // Initialize context from initial payload if needed? Currently schema doesn't have initial context prop on Scenario
-    // But we defined TestContextSchema separately.
-    
-    // Setup
-    if (scenario.setup) {
-      for (const step of scenario.setup) {
-        try {
-          await this.runStep(step, context);
-        } catch (e) {
-           return {
-             scenarioId: scenario.id,
-             passed: false,
-             steps: [],
-             error: `Setup failed: ${e instanceof Error ? e.message : String(e)}`,
-             duration: Date.now() - startTime
-           };
-        }
-      }
-    }
-
-    const stepResults: StepResult[] = [];
-    let scenarioPassed = true;
-    let scenarioError: unknown = undefined;
-
-    // Main Steps
-    for (const step of scenario.steps) {
-      const stepStartTime = Date.now();
-      try {
-        const output = await this.runStep(step, context);
-        stepResults.push({
-          stepName: step.name,
-          passed: true,
-          output,
-          duration: Date.now() - stepStartTime
-        });
-      } catch (e) {
-        scenarioPassed = false;
-        scenarioError = e;
-        stepResults.push({
-          stepName: step.name,
-          passed: false,
-          error: e,
-          duration: Date.now() - stepStartTime
-        });
-        break; // Stop on first failure
-      }
-    }
-
-    // Teardown (run even if failed)
-    if (scenario.teardown) {
-      for (const step of scenario.teardown) {
-        try {
-          await this.runStep(step, context);
-        } catch (e) {
-          // Log teardown failure but don't override main failure if it exists
-          if (scenarioPassed) {
-             scenarioPassed = false;
-             scenarioError = `Teardown failed: ${e instanceof Error ? e.message : String(e)}`;
-          }
-        }
-      }
-    }
-
-    return {
-      scenarioId: scenario.id,
-      passed: scenarioPassed,
-      steps: stepResults,
-      error: scenarioError,
-      duration: Date.now() - startTime
-    };
-  }
-
-  private async runStep(step: QA.TestStep, context: Record<string, unknown>): Promise<unknown> {
-    // 1. Resolve Variables with Context (Simple interpolation or just pass context?)
-    // For now, assume adpater handles context resolution or we do basic replacement
-    const resolvedAction = this.resolveVariables(step.action, context);
-
-    // 2. Execute Action
-    const result = await this.adapter.execute(resolvedAction, context);
-
-    // 3. Capture Outputs
-    if (step.capture) {
-      for (const [varName, path] of Object.entries(step.capture)) {
-        context[varName] = this.getValueByPath(result, path);
-      }
-    }
-
-    // 4. Run Assertions
-    if (step.assertions) {
-      for (const assertion of step.assertions) {
-        this.assert(result, assertion, context);
-      }
-    }
-
-    return result;
-  }
-
-  private resolveVariables(action: QA.TestAction, context: Record<string, unknown>): QA.TestAction {
-    const actionStr = JSON.stringify(action);
-    const resolved = actionStr.replace(/\{\{([^}]+)\}\}/g, (_match, varPath: string) => {
-      const value = this.getValueByPath(context, varPath.trim());
-      if (value === undefined) return _match; // Keep unresolved
-      return typeof value === 'string' ? value : JSON.stringify(value);
-    });
-    try {
-      return JSON.parse(resolved) as QA.TestAction;
-    } catch {
-      return action; // Fallback to original if parse fails
-    }
-  }
-
-  private getValueByPath(obj: unknown, path: string): unknown {
-    if (!path) return obj;
-    const parts = path.split('.');
-    let current: any = obj;
-    for (const part of parts) {
-      if (current === null || current === undefined) return undefined;
-      current = current[part];
-    }
-    return current;
-  }
-
-  private assert(result: unknown, assertion: QA.TestAssertion, _context: Record<string, unknown>) {
-    const actual = this.getValueByPath(result, assertion.field);
-    // Resolve expected value if it's a variable ref? 
-    const expected = assertion.expectedValue; // Simplify for now
-
-    switch (assertion.operator) {
-      case 'equals':
-        if (actual !== expected) throw new Error(`Assertion failed: ${assertion.field} expected ${expected}, got ${actual}`);
-        break;
-      case 'not_equals':
-        if (actual === expected) throw new Error(`Assertion failed: ${assertion.field} expected not ${expected}, got ${actual}`);
-        break;
-      case 'contains':
-         if (Array.isArray(actual)) {
-             if (!actual.includes(expected)) throw new Error(`Assertion failed: ${assertion.field} array does not contain ${expected}`);
-         } else if (typeof actual === 'string') {
-             if (!actual.includes(String(expected))) throw new Error(`Assertion failed: ${assertion.field} string does not contain ${expected}`);
-         }
-         break;
-      case 'not_null':
-        if (actual === null || actual === undefined) throw new Error(`Assertion failed: ${assertion.field} is null`);
-        break;
-      case 'is_null':
-         if (actual !== null && actual !== undefined) throw new Error(`Assertion failed: ${assertion.field} is not null`);
-         break;
-      // ... Add other operators
-      default:
-        throw new Error(`Unknown assertion operator: ${assertion.operator}`);
-    }
-  }
-}

package/src/security/index.ts

@@ -1,50 +0,0 @@
-// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
-
-/**
- * Security Module
- * 
- * Provides security features for the ObjectStack microkernel:
- * - Plugin signature verification
- * - Plugin configuration validation
- * - Permission and capability enforcement
- * 
- * @module @objectstack/core/security
- */
-
-export {
-  PluginSignatureVerifier,
-  type PluginSignatureConfig,
-  type SignatureVerificationResult,
-} from './plugin-signature-verifier.js';
-
-export {
-  PluginConfigValidator,
-  createPluginConfigValidator,
-} from './plugin-config-validator.js';
-
-export {
-  PluginPermissionEnforcer,
-  SecurePluginContext,
-  createPluginPermissionEnforcer,
-  type PluginPermissions,
-  type PermissionCheckResult,
-} from './plugin-permission-enforcer.js';
-
-// Advanced security components (Phase 2)
-export {
-  PluginPermissionManager,
-  type PermissionGrant,
-  type PermissionCheckResult as PluginPermissionCheckResult,
-} from './permission-manager.js';
-
-export {
-  PluginSandboxRuntime,
-  type SandboxContext,
-  type ResourceUsage,
-} from './sandbox-runtime.js';
-
-export {
-  PluginSecurityScanner,
-  type ScanTarget,
-  type SecurityIssue,
-} from './security-scanner.js';

package/src/security/permission-manager.test.ts

@@ -1,256 +0,0 @@
-import { describe, it, expect, beforeEach } from 'vitest';
-import { PluginPermissionManager } from './permission-manager.js';
-import { createLogger } from '../logger.js';
-import type { PermissionSet } from '@objectstack/spec/kernel';
-
-describe('PluginPermissionManager', () => {
-  let manager: PluginPermissionManager;
-  let logger: ReturnType<typeof createLogger>;
-
-  beforeEach(() => {
-    logger = createLogger({ level: 'silent' });
-    manager = new PluginPermissionManager(logger);
-  });
-
-  describe('registerPermissions', () => {
-    it('should register permissions for a plugin', () => {
-      const permissionSet: PermissionSet = {
-        permissions: [
-          {
-            id: 'read-data',
-            resource: 'data.object',
-            actions: ['read'],
-            scope: 'plugin',
-            description: 'Read object data',
-            required: true,
-          },
-        ],
-        defaultGrant: 'prompt',
-      };
-
-      manager.registerPermissions('test-plugin', permissionSet);
-      
-      const permissions = manager.getPluginPermissions('test-plugin');
-      expect(permissions).toHaveLength(1);
-      expect(permissions[0].id).toBe('read-data');
-    });
-  });
-
-  describe('grantPermission', () => {
-    it('should grant a permission to a plugin', () => {
-      const permissionSet: PermissionSet = {
-        permissions: [
-          {
-            id: 'read-data',
-            resource: 'data.object',
-            actions: ['read'],
-            scope: 'plugin',
-            description: 'Read object data',
-            required: true,
-          },
-        ],
-        defaultGrant: 'prompt',
-      };
-
-      manager.registerPermissions('test-plugin', permissionSet);
-      manager.grantPermission('test-plugin', 'read-data');
-      
-      expect(manager.hasPermission('test-plugin', 'read-data')).toBe(true);
-    });
-
-    it('should throw error for non-existent permission', () => {
-      const permissionSet: PermissionSet = {
-        permissions: [],
-        defaultGrant: 'prompt',
-      };
-
-      manager.registerPermissions('test-plugin', permissionSet);
-      
-      expect(() => {
-        manager.grantPermission('test-plugin', 'invalid-permission');
-      }).toThrow();
-    });
-  });
-
-  describe('revokePermission', () => {
-    it('should revoke a permission from a plugin', () => {
-      const permissionSet: PermissionSet = {
-        permissions: [
-          {
-            id: 'read-data',
-            resource: 'data.object',
-            actions: ['read'],
-            scope: 'plugin',
-            description: 'Read object data',
-            required: true,
-          },
-        ],
-        defaultGrant: 'prompt',
-      };
-
-      manager.registerPermissions('test-plugin', permissionSet);
-      manager.grantPermission('test-plugin', 'read-data');
-      manager.revokePermission('test-plugin', 'read-data');
-      
-      expect(manager.hasPermission('test-plugin', 'read-data')).toBe(false);
-    });
-  });
-
-  describe('checkAccess', () => {
-    it('should allow access when permission is granted', () => {
-      const permissionSet: PermissionSet = {
-        permissions: [
-          {
-            id: 'read-data',
-            resource: 'data.object',
-            actions: ['read'],
-            scope: 'plugin',
-            description: 'Read object data',
-            required: true,
-          },
-        ],
-        defaultGrant: 'prompt',
-      };
-
-      manager.registerPermissions('test-plugin', permissionSet);
-      manager.grantPermission('test-plugin', 'read-data');
-      
-      const result = manager.checkAccess('test-plugin', 'data.object', 'read');
-      expect(result.allowed).toBe(true);
-    });
-
-    it('should deny access when permission is not granted', () => {
-      const permissionSet: PermissionSet = {
-        permissions: [
-          {
-            id: 'read-data',
-            resource: 'data.object',
-            actions: ['read'],
-            scope: 'plugin',
-            description: 'Read object data',
-            required: true,
-          },
-        ],
-        defaultGrant: 'prompt',
-      };
-
-      manager.registerPermissions('test-plugin', permissionSet);
-      
-      const result = manager.checkAccess('test-plugin', 'data.object', 'read');
-      expect(result.allowed).toBe(false);
-    });
-
-    it('should deny access when permission does not exist', () => {
-      const permissionSet: PermissionSet = {
-        permissions: [],
-        defaultGrant: 'prompt',
-      };
-
-      manager.registerPermissions('test-plugin', permissionSet);
-      
-      const result = manager.checkAccess('test-plugin', 'data.object', 'read');
-      expect(result.allowed).toBe(false);
-    });
-  });
-
-  describe('getMissingPermissions', () => {
-    it('should return missing required permissions', () => {
-      const permissionSet: PermissionSet = {
-        permissions: [
-          {
-            id: 'read-data',
-            resource: 'data.object',
-            actions: ['read'],
-            scope: 'plugin',
-            description: 'Read object data',
-            required: true,
-          },
-          {
-            id: 'write-data',
-            resource: 'data.object',
-            actions: ['create', 'update'],
-            scope: 'plugin',
-            description: 'Write object data',
-            required: true,
-          },
-        ],
-        defaultGrant: 'prompt',
-      };
-
-      manager.registerPermissions('test-plugin', permissionSet);
-      manager.grantPermission('test-plugin', 'read-data');
-      
-      const missing = manager.getMissingPermissions('test-plugin');
-      expect(missing).toHaveLength(1);
-      expect(missing[0].id).toBe('write-data');
-    });
-  });
-
-  describe('hasAllRequiredPermissions', () => {
-    it('should return true when all required permissions are granted', () => {
-      const permissionSet: PermissionSet = {
-        permissions: [
-          {
-            id: 'read-data',
-            resource: 'data.object',
-            actions: ['read'],
-            scope: 'plugin',
-            description: 'Read object data',
-            required: true,
-          },
-        ],
-        defaultGrant: 'prompt',
-      };
-
-      manager.registerPermissions('test-plugin', permissionSet);
-      manager.grantPermission('test-plugin', 'read-data');
-      
-      expect(manager.hasAllRequiredPermissions('test-plugin')).toBe(true);
-    });
-
-    it('should return false when required permissions are missing', () => {
-      const permissionSet: PermissionSet = {
-        permissions: [
-          {
-            id: 'read-data',
-            resource: 'data.object',
-            actions: ['read'],
-            scope: 'plugin',
-            description: 'Read object data',
-            required: true,
-          },
-        ],
-        defaultGrant: 'prompt',
-      };
-
-      manager.registerPermissions('test-plugin', permissionSet);
-      
-      expect(manager.hasAllRequiredPermissions('test-plugin')).toBe(false);
-    });
-  });
-
-  describe('clearPluginPermissions', () => {
-    it('should clear all permissions for a plugin', () => {
-      const permissionSet: PermissionSet = {
-        permissions: [
-          {
-            id: 'read-data',
-            resource: 'data.object',
-            actions: ['read'],
-            scope: 'plugin',
-            description: 'Read object data',
-            required: true,
-          },
-        ],
-        defaultGrant: 'prompt',
-      };
-
-      manager.registerPermissions('test-plugin', permissionSet);
-      manager.grantPermission('test-plugin', 'read-data');
-      manager.clearPluginPermissions('test-plugin');
-      
-      expect(manager.getPluginPermissions('test-plugin')).toHaveLength(0);
-      expect(manager.getGrantedPermissions('test-plugin')).toHaveLength(0);
-    });
-  });
-});