@solidstarters/solid-core 1.2.166 → 1.2.169

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@solidstarters/solid-core",
-  "version": "1.2.166",
+  "version": "1.2.169",
   "description": "This module is a NestJS module containing all the required core providers required by a Solid application",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/config/iam.config.ts

@@ -22,6 +22,7 @@ export const iamConfig = registerAs('iam', () => {
             callbackURL: process.env.IAM_GOOGLE_OAUTH_CALLBACK_URL,
             redirectURL: process.env.IAM_GOOGLE_OAUTH_REDIRECT_URL,
         },
+        iamAutoGeneratedPassword:process.env.IAM_AUTOGENERATED_PASSWORD || true
     };
 })
 

package/src/dtos/create-ai-interaction.dto.ts

@@ -64,4 +64,19 @@ export class CreateAiInteractionDto {
     @IsBoolean()
     @ApiProperty()
     isAutoApply: boolean = false;
+
+@IsOptional()
+@IsInt()
+@ApiProperty()
+inputTokens: number;
+
+@IsOptional()
+@IsInt()
+@ApiProperty()
+outputTokens: number;
+
+@IsOptional()
+@IsInt()
+@ApiProperty()
+totalTokens: number;
 }

package/src/dtos/post-chatter-message.dto.ts

@@ -16,4 +16,4 @@ export class PostChatterMessageDto {
     @IsString()
     @IsOptional()
     messageSubType?: string;
-} 
+}

package/src/dtos/update-ai-interaction.dto.ts

@@ -68,4 +68,19 @@ export class UpdateAiInteractionDto {
     @IsBoolean()
     @ApiProperty()
     isAutoApply: boolean;
+
+@IsOptional()
+@IsInt()
+@ApiProperty()
+inputTokens: number;
+
+@IsOptional()
+@IsInt()
+@ApiProperty()
+outputTokens: number;
+
+@IsOptional()
+@IsInt()
+@ApiProperty()
+totalTokens: number;
 }

package/src/entities/ai-interaction.entity.ts

@@ -39,4 +39,13 @@ export class AiInteraction extends CommonEntity {
     externalId: string;
     @Column({ type: "boolean", nullable: true, default: false })
     isAutoApply: boolean = false;
+
+@Column({ type: "integer", nullable: true })
+inputTokens: number;
+
+@Column({ type: "integer", nullable: true })
+outputTokens: number;
+
+@Column({ type: "integer", nullable: true })
+totalTokens: number;
 }

package/src/entities/chatter-message.entity.ts

@@ -1,14 +1,14 @@
 import { CommonEntity } from 'src/entities/common.entity'
-import {Entity, Column, Index, JoinColumn, ManyToOne} from 'typeorm';
+import { Entity, Column, Index, JoinColumn, ManyToOne } from 'typeorm';
 import { User } from 'src/entities/user.entity'
 
 @Entity("ss_chatter_message")
 export class ChatterMessage extends CommonEntity {
     @Index()
     @Column({ type: "varchar" })
-    messageType: string;
+    messageType: string; // audit | custom 
     @Column({ type: "varchar" })
-    messageSubType: string;
+    messageSubType: string; // update | insert | delete | post_message
     @Column({ type: "text" })
     messageBody: string;
     @Index()

package/src/filters/http-exception.filter.ts

@@ -33,7 +33,7 @@ export class HttpExceptionFilter implements ExceptionFilter {
         // Canonical code + static message
         const code: ErrorCode = this.errorMapper.mapException(exception);
         const defaultStatus = this.errorMapper.getHttpStatus(code);
-        const message = this.errorMapper.getMessage(code);
+        const message = code === 'unknown-error' ? `${exception?.message}` : this.errorMapper.getMessage(code);
 
         const status = explicitStatus ?? defaultStatus ?? 500;
 
@@ -55,9 +55,12 @@ export class HttpExceptionFilter implements ExceptionFilter {
         response.status(status).json({
             statusCode: status,
             statusCodeMessage: HttpStatusCodeMessages[status] || 'Internal Server Error',
-            // message: [message],
+            // Keeping this for backward compatibility..
+            message: message,
             errorCode: code,
             error: message,
+            // We can make this conditional based on whether we are running in prod mode or dev mode...
+            // errorStack: exception.stack,
             data: extra,
         });
     }

package/src/helpers/security.helper.ts

@@ -1,38 +1,74 @@
+import { HelmetOptions } from "helmet";
 import { Environment } from "src/decorators/disallow-in-production.decorator";
-import { HelmetOptions } from "helmet"; 
 
+/**
+ * Default security headers for SolidX apps.
+ * - HSTS only in prod over HTTPS
+ * - CSP with frame-ancestors 'none' (prevents clickjacking)
+ * - X-Frame-Options: DENY (legacy fallback)
+ * - No X-XSS-Protection (deprecated)
+ */
 export function buildDefaultSecurityHeaderOptions(): Readonly<HelmetOptions> {
-    return {
-    referrerPolicy: { policy: 'strict-origin-when-cross-origin' },
+  const isProd = process.env.ENV === Environment.Production;
+
+  return {
+    // Modern CSP. Add more directives as your app needs (script-src, connect-src, etc.)
+    contentSecurityPolicy: {
+      useDefaults: true,
+      directives: {
+        // sensible secure defaults
+        // "default-src": ["'self'"],
+        // "base-uri": ["'self'"],
+        // "object-src": ["'none'"],
+        // "form-action": ["'self'"],
+
+        // clickjacking defense (modern)
+        "frame-ancestors": ["'none'"],
+
+        // add/adjust as needed for your app:
+        // "script-src": ["'self'"],              // add hashes/nonces/CSPRO if needed
+        // "style-src": ["'self'", "'unsafe-inline'"],
+        // "img-src": ["'self'", "data:"],
+        // "connect-src": ["'self'", "https://api.example.com"],
+        // "frame-src": ["'none'"],               // iframes you intentionally allow
+      },
+    },
+
+    
+    // Legacy clickjacking defense (kept for older UAs)
+    frameguard: { action: "deny" },
+
+    // Referrer/cross-origin policies
+    referrerPolicy: { policy: "strict-origin-when-cross-origin" },
     crossOriginEmbedderPolicy: false,
-    crossOriginResourcePolicy: { policy: 'same-site' },
-    frameguard: { action: 'sameorigin' }, // or { action: 'deny' }
-    // HSTS: send only in prod over HTTPS
-    hsts:
-      process.env.NODE_ENV === Environment.Production
-        ? { maxAge: 31536000, includeSubDomains: true, preload: true } // 1 year
-        : false,
-  }
+    crossOriginResourcePolicy: { policy: "same-site" },
+
+    // HSTS only when you’re on HTTPS in production
+    hsts: isProd
+      ? { maxAge: 31536000, includeSubDomains: true, preload: true }
+      : false,
+  };
 }
 
-type Source = 'self' | 'none' | string; // string = an origin like 'https://cdn.example.com'
-type DirectiveConfig = 'self' | 'none' | Source[];
+/* ---------------- Permissions-Policy (formerly Feature-Policy) ---------------- */
 
+type Source = "self" | "none" | string;
+type DirectiveConfig = "self" | "none" | Source[];
 export type PermissionsPolicyConfig = Record<string, DirectiveConfig>;
 
 export const DEFAULT_PERMISSIONS_POLICY: PermissionsPolicyConfig = {
-  camera: 'none',
-  microphone: 'none',
-  geolocation: 'none',
-  fullscreen: 'self',             // allow same-origin fullscreen
-  payment: 'none',
-  accelerometer: 'none',
-  autoplay: 'none',
-  'clipboard-read': 'none',
-  'clipboard-write': 'none',
-  gyroscope: 'none',
-  magnetometer: 'none',
-  usb: 'none',
+  camera: "none",
+  microphone: "none",
+  geolocation: "none",
+  fullscreen: "self",
+  payment: "none",
+  accelerometer: "none",
+  autoplay: "none",
+  "clipboard-read": "none",
+  "clipboard-write": "none",
+  gyroscope: "none",
+  magnetometer: "none",
+  usb: "none",
 };
 
 export function buildPermissionsPolicyHeader(
@@ -41,13 +77,42 @@ export function buildPermissionsPolicyHeader(
   const merged: PermissionsPolicyConfig = { ...DEFAULT_PERMISSIONS_POLICY, ...overrides };
   return Object.entries(merged)
     .map(([feature, value]) => `${feature}=${serializeValue(value)}`)
-    .join(', ');
+    .join(", ");
 }
 
 function serializeValue(v: DirectiveConfig): string {
-  if (v === 'none') return '()';
-  if (v === 'self') return '(self)';
-  // array of sources: allow 'self' and/or explicit origins
-  const parts = v.map(src => (src === 'self' ? 'self' : src)).join(' ');
+  if (v === "none") return "()";
+  if (v === "self") return "(self)";
+  const parts = v.map((src) => (src === "self" ? "self" : src)).join(" ");
   return `(${parts})`;
 }
+
+/* ---------------- Cache-Control helpers ---------------- */
+
+/**
+ * Default: no-store for HTML/API responses unless you have a reason to cache.
+ * Attach as a global middleware or on selected routes.
+ */
+export const DEFAULT_CACHE_CONTROL =
+  "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0";
+
+export function setDefaultCacheControl() {
+  return function cacheControlMiddleware(
+    _req: import("express").Request,
+    _res: import("express").Response,
+    next: import("express").NextFunction
+  ) {
+    _res.setHeader("Cache-Control", DEFAULT_CACHE_CONTROL);
+    next();
+  };
+}
+
+/* ---------------- Example Express wiring ---------------- */
+// import express from "express";
+// const app = express();
+// app.use(helmet(buildDefaultSecurityHeaderOptions()));
+// app.use((req, res, next) => {
+//   res.setHeader("Permissions-Policy", buildPermissionsPolicyHeader());
+//   next();
+// });
+// app.use(setDefaultCacheControl());

package/src/helpers/solid-core-error-codes-provider.service.ts

@@ -15,7 +15,7 @@ export class SolidCoreErrorCodesProvider implements IErrorCodeProvider {
         return [
             {
                 code: 'solidx-mcp-server-unavailable',
-                priority: 100, // run early
+                priority: 100,
                 match: (txt) =>
                     txt.includes('all connection attempts failed') &&
                     txt.includes('unhandled errors in a taskgroup (1 sub-exception)'),
@@ -25,7 +25,7 @@ export class SolidCoreErrorCodesProvider implements IErrorCodeProvider {
                 },
             },
             {
-                code: 'db-duplicate-key',
+                code: 'solidx-db-duplicate-key',
                 priority: 90,
                 match: (txt) => txt.includes('unique constraint') || txt.includes('duplicate key'),
                 meta: {
@@ -34,7 +34,7 @@ export class SolidCoreErrorCodesProvider implements IErrorCodeProvider {
                 },
             },
             {
-                code: 'db-foreign-key-error',
+                code: 'solidx-db-foreign-key-error',
                 priority: 90,
                 match: (txt) => txt.includes('violates foreign key'),
                 meta: {
@@ -44,7 +44,7 @@ export class SolidCoreErrorCodesProvider implements IErrorCodeProvider {
                 },
             },
             {
-                code: 'unknown-error',
+                code: 'solidx-unknown-error',
                 priority: -1, // last resort
                 match: (_txt) => true, // fallback catch-all
                 meta: {

package/src/helpers/solid-registry.ts

@@ -33,7 +33,6 @@ export enum RESERVED_SOLID_KEYWORDS {
   securityRule = "securityRule",
   setting = "setting",
   smsTemplate = "smsTemplate",
-  userPasswordHistory = "userPasswordHistory",
   userMetadata = "userMetadata",
   user = "user",
   locale = "locale"

package/src/index.ts

@@ -112,7 +112,6 @@ export * from './entities/scheduled-job.entity'
 export * from './entities/permission-metadata.entity'
 export * from './entities/role-metadata.entity'
 export * from './entities/sms-template.entity'
-export * from './entities/user-password-history.entity'
 export * from './entities/user.entity'
 export * from './entities/view-metadata.entity'
 export * from './entities/setting.entity'

package/src/jobs/database/trigger-mcp-client-subscriber-database.service.ts

@@ -67,7 +67,7 @@ export class TriggerMcpClientSubscriberDatabase extends DatabaseSubscriber<Trigg
                 errorMessage: errorsStr,
                 modelUsed: aiResponse.model,
                 responseTimeMs: aiResponse.duration_ms,
-                metadata: JSON.stringify(aiResponse),
+                metadata: JSON.stringify(aiResponse, null, 2),
                 isApplied: aiInteraction.isApplied,
                 status: aiResponse.success ? 'succeeded' : 'failed'
             });
@@ -88,7 +88,7 @@ export class TriggerMcpClientSubscriberDatabase extends DatabaseSubscriber<Trigg
                 errorMessage: '',
                 modelUsed: aiResponse.model,
                 responseTimeMs: aiResponse.duration_ms,
-                metadata: JSON.stringify(aiResponse),
+                metadata: JSON.stringify(aiResponse, null, 2),
                 isApplied: aiInteraction.isApplied,
                 status: aiResponse.success ? 'succeeded' : 'failed'
             });

package/src/seeders/seed-data/solid-core-metadata.json

@@ -5152,6 +5152,39 @@
             "index": false,
             "private": false,
             "encrypt": false
+          },
+          {
+            "name": "inputTokens",
+            "displayName": "Input Tokens",
+            "type": "int",
+            "ormType": "integer",
+            "required": false,
+            "unique": false,
+            "index": false,
+            "private": false,
+            "encrypt": false
+          },
+          {
+            "name": "outputTokens",
+            "displayName": "Output Tokens",
+            "type": "int",
+            "ormType": "integer",
+            "required": false,
+            "unique": false,
+            "index": false,
+            "private": false,
+            "encrypt": false
+          },
+          {
+            "name": "totalTokens",
+            "displayName": "Total Tokens",
+            "type": "int",
+            "ormType": "integer",
+            "required": false,
+            "unique": false,
+            "index": false,
+            "private": false,
+            "encrypt": false
           }
         ]
       }
@@ -5584,7 +5617,7 @@
       "moduleUserKey": "solid-core",
       "modelUserKey": "setting"
     },
-     {
+    {
       "displayName": "Ai settings",
       "name": "ai-settings-action",
       "type": "custom",
@@ -5965,7 +5998,7 @@
       "moduleUserKey": "solid-core",
       "parentMenuItemUserKey": "settings-menu-item"
     },
-     {
+    {
       "displayName": "Ai Settings",
       "name": "ai-settings-menu-item",
       "sequenceNumber": 3,