@sapporta/server 0.0.1

package/src/integration/api-tables.test.ts

@@ -0,0 +1,238 @@
+/**
+ * Integration tests for the /tables namespace (CRUD operations, single-project mode).
+ *
+ * Tests the full create → read → update → delete cycle against real
+ * fixture schemas backed by in-memory SQLite. Tests within this file are
+ * ordered intentionally — later tests depend on rows created by earlier tests.
+ */
+import { describe, it, expect, beforeAll } from "vitest";
+import { createIntegrationApp, request, postJson, putJson, del } from "./setup.js";
+
+beforeAll(async () => {
+  await createIntegrationApp();
+});
+
+describe("/tables CRUD", () => {
+  // ── Create → Read → Update → Delete cycle ──────────────────────────
+
+  describe("accounts CRUD cycle", () => {
+    let createdId: number;
+
+    it("POST /tables/accounts creates a row", async () => {
+      const res = await postJson("/tables/accounts", {
+        name: "Cash",
+        type: "asset",
+        balance: 1000,
+      });
+      expect(res.status).toBe(201);
+
+      const body = await res.json();
+      expect(body.data).toBeDefined();
+      expect(body.data.name).toBe("Cash");
+      expect(body.data.type).toBe("asset");
+      expect(body.data.balance).toBe(1000);
+      expect(body.data.id).toBeGreaterThan(0);
+
+      createdId = body.data.id;
+    });
+
+    it("GET /tables/accounts lists rows", async () => {
+      const res = await request("/tables/accounts");
+      expect(res.status).toBe(200);
+
+      const body = await res.json();
+      expect(body.data.length).toBeGreaterThanOrEqual(1);
+      expect(body.meta).toBeDefined();
+      expect(body.meta.total).toBeGreaterThanOrEqual(1);
+    });
+
+    it("GET /tables/accounts/:id returns a single row", async () => {
+      const res = await request(`/tables/accounts/${createdId}`);
+      expect(res.status).toBe(200);
+
+      const body = await res.json();
+      expect(body.data.id).toBe(createdId);
+      expect(body.data.name).toBe("Cash");
+    });
+
+    it("PUT /tables/accounts/:id updates a row", async () => {
+      const res = await putJson(`/tables/accounts/${createdId}`, {
+        name: "Petty Cash",
+        type: "asset",
+        balance: 500,
+      });
+      expect(res.status).toBe(200);
+
+      const body = await res.json();
+      expect(body.data.name).toBe("Petty Cash");
+      expect(body.data.balance).toBe(500);
+    });
+
+    it("DELETE /tables/accounts/:id deletes a row", async () => {
+      const res = await del(`/tables/accounts/${createdId}`);
+      expect(res.status).toBe(200);
+
+      const body = await res.json();
+      expect(body.data.id).toBe(createdId);
+
+      const check = await request(`/tables/accounts/${createdId}`);
+      expect(check.status).toBe(404);
+    });
+  });
+
+  // ── Pagination ──────────────────────────────────────────────────────
+
+  describe("pagination", () => {
+    it("returns paginated results with meta.total", async () => {
+      for (const name of ["Alpha", "Bravo", "Charlie"]) {
+        await postJson("/tables/accounts", { name, type: "asset" });
+      }
+
+      const res = await request("/tables/accounts?limit=2&page=1");
+      expect(res.status).toBe(200);
+
+      const body = await res.json();
+      expect(body.data).toHaveLength(2);
+      expect(body.meta.total).toBe(3);
+      expect(body.meta.page).toBe(1);
+      expect(body.meta.limit).toBe(2);
+      expect(body.meta.pages).toBe(2);
+    });
+  });
+
+  // ── Sorting ─────────────────────────────────────────────────────────
+
+  describe("sorting", () => {
+    it("sorts by name asc", async () => {
+      const res = await request("/tables/accounts?sort=name");
+      expect(res.status).toBe(200);
+
+      const body = await res.json();
+      const names = body.data.map((r: any) => r.name);
+      const sorted = [...names].sort();
+      expect(names).toEqual(sorted);
+    });
+
+    it("sorts by name desc", async () => {
+      const res = await request("/tables/accounts?sort=-name");
+      expect(res.status).toBe(200);
+
+      const body = await res.json();
+      const names = body.data.map((r: any) => r.name);
+      const sorted = [...names].sort().reverse();
+      expect(names).toEqual(sorted);
+    });
+  });
+
+  // ── Filtering ───────────────────────────────────────────────────────
+
+  describe("filtering", () => {
+    it("filters by filter[type]=asset", async () => {
+      await postJson("/tables/accounts", {
+        name: "Revenue Account",
+        type: "revenue",
+      });
+
+      const res = await request("/tables/accounts?filter[type]=asset");
+      expect(res.status).toBe(200);
+
+      const body = await res.json();
+      for (const row of body.data) {
+        expect(row.type).toBe("asset");
+      }
+      expect(body.data.some((r: any) => r.type === "revenue")).toBe(false);
+    });
+  });
+
+  // ── Validation ──────────────────────────────────────────────────────
+
+  describe("validation", () => {
+    it("rejects invalid select value with 422", async () => {
+      const res = await postJson("/tables/accounts", {
+        name: "Bad Account",
+        type: "invalid_type",
+      });
+      expect(res.status).toBe(422);
+
+      const body = await res.json();
+      expect(body.error).toBe("Validation failed");
+      expect(body.details).toBeDefined();
+    });
+
+    it("rejects missing required field with 422", async () => {
+      const res = await postJson("/tables/accounts", {
+        type: "asset",
+      });
+      expect(res.status).toBe(422);
+
+      const body = await res.json();
+      expect(body.error).toBe("Validation failed");
+    });
+  });
+
+  // ── Immutable tables ───────────────────────────────────────────────
+
+  describe("immutable tables", () => {
+    it("POST to audit_log succeeds", async () => {
+      const res = await postJson("/tables/audit_log", {
+        event: "test_event",
+        detail: "some detail",
+      });
+      expect(res.status).toBe(201);
+
+      const body = await res.json();
+      expect(body.data.event).toBe("test_event");
+    });
+
+    it("PUT to audit_log returns 403", async () => {
+      const createRes = await postJson("/tables/audit_log", {
+        event: "immutable_test",
+      });
+      const id = (await createRes.json()).data.id;
+
+      const res = await putJson(`/tables/audit_log/${id}`, {
+        event: "modified",
+      });
+      expect(res.status).toBe(403);
+    });
+
+    it("DELETE from audit_log returns 403", async () => {
+      const res = await del("/tables/audit_log/1");
+      expect(res.status).toBe(403);
+    });
+  });
+
+  // ── Lookup ──────────────────────────────────────────────────────────
+
+  describe("lookup", () => {
+    it("GET /tables/accounts/_lookup returns display values", async () => {
+      const res = await request("/tables/accounts/_lookup");
+      expect(res.status).toBe(200);
+
+      const body = await res.json();
+      expect(body.data).toBeDefined();
+      expect(typeof body.data).toBe("object");
+
+      const entries = Object.entries(body.data);
+      expect(entries.length).toBeGreaterThan(0);
+      for (const [id, display] of entries) {
+        expect(typeof id).toBe("string");
+        expect(typeof display).toBe("string");
+      }
+    });
+  });
+
+  // ── Edge cases ──────────────────────────────────────────────────────
+
+  describe("edge cases", () => {
+    it("GET /tables/nonexistent returns 404", async () => {
+      const res = await request("/tables/nonexistent");
+      expect(res.status).toBe(404);
+    });
+
+    it("GET /tables/accounts/999 returns 404", async () => {
+      const res = await request("/tables/accounts/999");
+      expect(res.status).toBe(404);
+    });
+  });
+});

package/src/integration/api-views.test.ts

@@ -0,0 +1,39 @@
+/**
+ * Integration tests for the /views namespace (single-project mode).
+ */
+import { describe, it, expect, beforeAll } from "vitest";
+import { createIntegrationApp, request } from "./setup.js";
+
+beforeAll(async () => {
+  await createIntegrationApp();
+});
+
+describe("/views", () => {
+  it("GET /views lists all views with name and label", async () => {
+    const res = await request("/views");
+    expect(res.status).toBe(200);
+
+    const body = await res.json();
+    expect(body.views).toHaveLength(2);
+
+    const names = body.views.map((v: any) => v.name).sort();
+    expect(names).toEqual(["dashboard", "settings"]);
+
+    const dashboard = body.views.find((v: any) => v.name === "dashboard");
+    expect(dashboard.label).toBe("Dashboard");
+  });
+
+  it("GET /views/dashboard returns single view metadata", async () => {
+    const res = await request("/views/dashboard");
+    expect(res.status).toBe(200);
+
+    const body = await res.json();
+    expect(body.name).toBe("dashboard");
+    expect(body.label).toBe("Dashboard");
+  });
+
+  it("GET /views/nonexistent returns 404", async () => {
+    const res = await request("/views/nonexistent");
+    expect(res.status).toBe(404);
+  });
+});

package/src/integration/cli-routes.test.ts

@@ -0,0 +1,167 @@
+/**
+ * Tests for CLI route registration and Commander-based routing.
+ *
+ * The first describe block verifies that ROUTES patterns correctly resolve
+ * to the expected HTTP method + path by matching fixed segments.
+ *
+ * The second describe block does a round-trip test against the single-project
+ * app (no /p/:slug prefix).
+ */
+import { describe, it, expect, beforeAll } from "vitest";
+import { ROUTES } from "../cli/routes.js";
+import type { CliRoute } from "../cli/routes.js";
+import { createIntegrationApp, request } from "./setup.js";
+
+// ── Helper: find a route by its fixed segments ──────────────────────
+function findRoute(fixedSegments: string[]): CliRoute | undefined {
+  const key = fixedSegments.join(" ");
+  return ROUTES.find((r) => {
+    const fixed = r.pattern.filter((t) => !t.startsWith(":")).join(" ");
+    return fixed === key;
+  });
+}
+
+// ── Route table verification (no DB needed) ─────────────────────────
+
+describe("CLI route table", () => {
+  it("meta tables → GET /meta/tables", () => {
+    const route = findRoute(["meta", "tables"]);
+    expect(route).toBeDefined();
+    expect(route!.path).toBe("/meta/tables");
+    expect(route!.method).toBe("GET");
+  });
+
+  it("meta tables indexes → GET /meta/tables/:name/indexes", () => {
+    const route = findRoute(["meta", "tables", "indexes"]);
+    expect(route).toBeDefined();
+    expect(route!.path).toBe("/meta/tables/:name/indexes");
+    expect(route!.params).toEqual(["name"]);
+  });
+
+  it("meta tables sample → GET /meta/tables/:name/sample", () => {
+    const route = findRoute(["meta", "tables", "sample"]);
+    expect(route).toBeDefined();
+    expect(route!.path).toBe("/meta/tables/:name/sample");
+    expect(route!.params).toEqual(["name"]);
+  });
+
+  it("meta tables show → GET /meta/tables/:name", () => {
+    const route = findRoute(["meta", "tables", "show"]);
+    expect(route).toBeDefined();
+    expect(route!.path).toBe("/meta/tables/:name");
+    expect(route!.method).toBe("GET");
+  });
+
+  it("meta sql query → POST /meta/sql/query", () => {
+    const route = findRoute(["meta", "sql", "query"]);
+    expect(route).toBeDefined();
+    expect(route!.path).toBe("/meta/sql/query");
+    expect(route!.method).toBe("POST");
+  });
+
+  it("meta sql exec → POST /meta/sql/exec", () => {
+    const route = findRoute(["meta", "sql", "exec"]);
+    expect(route).toBeDefined();
+    expect(route!.path).toBe("/meta/sql/exec");
+    expect(route!.method).toBe("POST");
+  });
+
+  it("meta schema sync → POST /meta/schema/sync", () => {
+    const route = findRoute(["meta", "schema", "sync"]);
+    expect(route).toBeDefined();
+    expect(route!.path).toBe("/meta/schema/sync");
+    expect(route!.method).toBe("POST");
+  });
+
+  it("tables list → GET /tables/:table", () => {
+    const route = findRoute(["tables", "list"]);
+    expect(route).toBeDefined();
+    expect(route!.path).toBe("/tables/:table");
+    expect(route!.method).toBe("GET");
+    expect(route!.params).toEqual(["table"]);
+  });
+
+  it("tables create → POST /tables/:table", () => {
+    const route = findRoute(["tables", "create"]);
+    expect(route).toBeDefined();
+    expect(route!.path).toBe("/tables/:table");
+    expect(route!.method).toBe("POST");
+    expect(route!.params).toEqual(["table"]);
+  });
+
+  it("tables update → PUT /tables/:table/:id", () => {
+    const route = findRoute(["tables", "update"]);
+    expect(route).toBeDefined();
+    expect(route!.path).toBe("/tables/:table/:id");
+    expect(route!.method).toBe("PUT");
+    expect(route!.params).toEqual(["table", "id"]);
+  });
+
+  it("tables delete → DELETE /tables/:table/:id", () => {
+    const route = findRoute(["tables", "delete"]);
+    expect(route).toBeDefined();
+    expect(route!.path).toBe("/tables/:table/:id");
+    expect(route!.method).toBe("DELETE");
+    expect(route!.params).toEqual(["table", "id"]);
+  });
+
+  it("reports → GET /reports", () => {
+    const route = findRoute(["reports"]);
+    expect(route).toBeDefined();
+    expect(route!.path).toBe("/reports");
+    expect(route!.method).toBe("GET");
+  });
+
+  it("reports run → GET /reports/:name/results", () => {
+    const route = findRoute(["reports", "run"]);
+    expect(route).toBeDefined();
+    expect(route!.path).toBe("/reports/:name/results");
+    expect(route!.method).toBe("GET");
+  });
+
+  it("actions → GET /actions", () => {
+    const route = findRoute(["actions"]);
+    expect(route).toBeDefined();
+    expect(route!.path).toBe("/actions");
+    expect(route!.method).toBe("GET");
+  });
+
+  it("views → GET /views", () => {
+    const route = findRoute(["views"]);
+    expect(route).toBeDefined();
+    expect(route!.path).toBe("/views");
+    expect(route!.method).toBe("GET");
+  });
+});
+
+// ── CLI route → HTTP round-trip (single-project, no /p/:slug) ───────
+
+describe("CLI route → HTTP round-trip", () => {
+  beforeAll(async () => {
+    await createIntegrationApp();
+  });
+
+  it("meta tables → GET /meta/tables → 200 with table list", async () => {
+    const route = findRoute(["meta", "tables"]);
+    expect(route).toBeDefined();
+
+    const res = await request(route!.path);
+    expect(res.status).toBe(200);
+
+    const body = await res.json();
+    expect(body.tables).toBeDefined();
+    expect(body.tables.length).toBeGreaterThan(0);
+  });
+
+  it("tables list accounts → GET /tables/accounts → 200 with rows", async () => {
+    const route = findRoute(["tables", "list"]);
+    expect(route).toBeDefined();
+
+    const path = route!.path.replace(":table", "accounts");
+    const res = await request(path);
+    expect(res.status).toBe(200);
+
+    const body = await res.json();
+    expect(body.data).toBeDefined();
+  });
+});

package/src/integration/fixtures/actions/create-account.ts

@@ -0,0 +1,23 @@
+import { action } from "@sapporta/server/action";
+import { z } from "zod";
+import { accounts } from "../schema/accounts.js";
+
+export default action({
+  name: "create_account",
+  label: "Create Account",
+  input: z.object({
+    name: z.string().min(1),
+    type: z.enum(["asset", "liability", "equity", "revenue", "expense"]),
+    balance: z.number().optional(),
+  }),
+  // SQLite transactions are synchronous — run() must not be async.
+  // Drizzle's better-sqlite3 operations return values directly.
+  run: ({ input, db }) => {
+    const result = db
+      .insert(accounts.drizzle)
+      .values(input)
+      .returning()
+      .all();
+    return result[0];
+  },
+});

package/src/integration/fixtures/reports/account-list.ts

@@ -0,0 +1,25 @@
+import { report } from "@sapporta/server/report";
+
+export default report({
+  name: "account-list",
+  label: "Account List",
+  params: [
+    { name: "type", type: "string", required: false, label: "Account Type" },
+  ],
+  sources: {
+    accounts: {
+      // SQLite doesn't need type casts — parameters are dynamically typed.
+      // COALESCE handles NULL balance values; CAST to INTEGER for consistency.
+      query: "SELECT name, type, CAST(COALESCE(balance, 0) AS INTEGER) AS balance FROM accounts WHERE ($type IS NULL OR type = $type) ORDER BY name",
+    },
+  },
+  tree: {
+    source: "accounts",
+    levelName: "account",
+    columns: [
+      { name: "name", header: "Name" },
+      { name: "type", header: "Type" },
+      { name: "balance", header: "Balance" },
+    ],
+  },
+});

package/src/integration/fixtures/schema/accounts.ts

@@ -0,0 +1,21 @@
+import { table, timestamp } from "@sapporta/server/table";
+import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
+
+export const accounts = table({
+  drizzle: sqliteTable("accounts", {
+    id: integer("id").primaryKey({ autoIncrement: true }),
+    name: text("name").notNull(),
+    type: text("type").notNull(),
+    balance: integer("balance"),
+    created_at: timestamp("created_at"),
+    updated_at: timestamp("updated_at"),
+  }),
+  meta: {
+    label: "Accounts",
+    selects: [
+      { type: "select", column: "type", options: ["asset", "liability", "equity", "revenue", "expense"] },
+    ],
+  },
+});
+
+export default accounts;

package/src/integration/fixtures/schema/audit-log.ts

@@ -0,0 +1,19 @@
+import { table, timestamp } from "@sapporta/server/table";
+import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
+
+/**
+ * Immutable table fixture. Tests that PUT/DELETE are rejected with 403
+ * while POST still succeeds. The `immutable: true` flag is enforced by
+ * the CRUD handlers in crud.ts (handleUpdate/handleDelete).
+ */
+export const auditLog = table({
+  drizzle: sqliteTable("audit_log", {
+    id: integer("id").primaryKey({ autoIncrement: true }),
+    event: text("event").notNull(),
+    detail: text("detail"),
+    created_at: timestamp("created_at"),
+  }),
+  meta: { label: "Audit Log", immutable: true },
+});
+
+export default auditLog;

package/src/integration/fixtures/schema/journal-entries.ts

@@ -0,0 +1,20 @@
+import { table, timestamp } from "@sapporta/server/table";
+import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
+
+/**
+ * Journal entries fixture. Deliberately omits Drizzle .references() on account_id
+ * to keep the fixture simple — the FK is a logical relationship, not a DB constraint.
+ * This matches many real-world Sapporta tables.
+ */
+export const journalEntries = table({
+  drizzle: sqliteTable("journal_entries", {
+    id: integer("id").primaryKey({ autoIncrement: true }),
+    account_id: integer("account_id").notNull(),
+    description: text("description").notNull(),
+    amount: integer("amount").notNull(),
+    created_at: timestamp("created_at"),
+  }),
+  meta: { label: "Journal Entries" },
+});
+
+export default journalEntries;

package/src/integration/fixtures/views/dashboard.tsx

@@ -0,0 +1,4 @@
+// Minimal view fixture. The view loader (view-loader.ts) only reads filenames —
+// it doesn't import the file. But valid TSX is safer in case the loader changes.
+export const meta = { name: "dashboard", label: "Dashboard" };
+export default function Dashboard() { return null; }

package/src/integration/fixtures/views/settings.tsx

@@ -0,0 +1,3 @@
+// Minimal view fixture. See dashboard.tsx for notes on why this is valid TSX.
+export const meta = { name: "settings", label: "Settings" };
+export default function Settings() { return null; }

package/src/integration/setup.ts

@@ -0,0 +1,72 @@
+/**
+ * Shared setup for single-project integration tests.
+ *
+ * Boots a single project directly (no registry, no multi-project dispatch).
+ * Routes are mounted at root — no /p/:slug prefix.
+ *
+ * Uses in-memory SQLite for complete isolation between test files.
+ */
+import { bootProject } from "../boot.js";
+import { createApp } from "../api/server.js";
+import { createTestDb } from "../testing/test-utils.js";
+import type { Hono } from "hono";
+import { resolve } from "node:path";
+
+const FIXTURES_DIR = resolve(import.meta.dirname, "fixtures");
+
+// Module-level ref so helper functions can access the app without
+// threading it through every call. Set by createIntegrationApp().
+let app: Hono;
+
+export async function createIntegrationApp(): Promise<{
+  app: Hono;
+}> {
+  const conn = createTestDb();
+  const projectCtx = await bootProject(
+    { slug: "test", databasePath: ":memory:", dir: FIXTURES_DIR },
+    conn,
+  );
+
+  app = createApp();
+  app.route("/", projectCtx.subApp);
+
+  return { app };
+}
+
+/** Make a GET request to the test app. */
+export function request(path: string, init?: RequestInit) {
+  return app.request(path, init);
+}
+
+/** POST JSON body to the test app. */
+export function postJson(path: string, body: unknown) {
+  return app.request(path, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body),
+  });
+}
+
+/** PUT JSON body to the test app. */
+export function putJson(path: string, body: unknown) {
+  return app.request(path, {
+    method: "PUT",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body),
+  });
+}
+
+/** PATCH JSON body to the test app. */
+export function patchJson(path: string, body: unknown) {
+  return app.request(path, {
+    method: "PATCH",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body),
+  });
+}
+
+/** DELETE request to the test app. Optionally appends a query string. */
+export function del(path: string, query?: string) {
+  const url = query ? `${path}?${query}` : path;
+  return app.request(url, { method: "DELETE" });
+}