@vurb/core 3.12.7 → 3.13.0

package/dist/cli/templates/testing.js

@@ -4,98 +4,98 @@
  */
 /** Generate `vitest.config.ts` */
 export function vitestConfig() {
-    return `import { defineConfig } from 'vitest/config';
-
-export default defineConfig({
-    test: {
-        include: ['tests/**/*.test.ts'],
-    },
-});
+    return `import { defineConfig } from 'vitest/config';
+
+export default defineConfig({
+    test: {
+        include: ['tests/**/*.test.ts'],
+    },
+});
 `;
 }
 /** Generate `tests/setup.ts` — Test infrastructure */
 export function testSetupTs() {
-    return `/**
- * Test Setup — In-Memory MVA Emulator
- *
- * Creates a VurbTester that runs the full pipeline
- * (Zod → Middleware → Handler → Egress Firewall)
- * without any network transport.
- *
- * 2ms per test. $0.00 in tokens. Zero servers.
- */
-import { fileURLToPath } from 'node:url';
-import { createVurbTester } from '@vurb/testing';
-import { autoDiscover } from '@vurb/core';
-import { f } from '../src/vurb.js';
-
-const registry = f.registry();
-await autoDiscover(registry, fileURLToPath(new URL('../src/tools', import.meta.url)));
-
-export const tester = createVurbTester(registry, {
-    contextFactory: () => ({
-        role: 'ADMIN' as const,
-        tenantId: 'test-tenant',
-    }),
-});
+    return `/**
+ * Test Setup — In-Memory MVA Emulator
+ *
+ * Creates a VurbTester that runs the full pipeline
+ * (Zod → Middleware → Handler → Egress Firewall)
+ * without any network transport.
+ *
+ * 2ms per test. $0.00 in tokens. Zero servers.
+ */
+import { fileURLToPath } from 'node:url';
+import { createVurbTester } from '@vurb/testing';
+import { autoDiscover } from '@vurb/core';
+import { f } from '../src/vurb.js';
+
+const registry = f.registry();
+await autoDiscover(registry, fileURLToPath(new URL('../src/tools', import.meta.url)));
+
+export const tester = createVurbTester(registry, {
+    contextFactory: () => ({
+        role: 'ADMIN' as const,
+        tenantId: 'test-tenant',
+    }),
+});
 `;
 }
 /** Generate `tests/system.test.ts` — Egress Firewall + RBAC tests */
 export function systemTestTs() {
-    return `/**
- * System Tools — Egress Firewall & RBAC Tests
- *
- * Proves that:
- * 1. The Presenter strips undeclared fields (SOC2 CC6.1)
- * 2. RBAC middleware blocks GUEST access (SOC2 CC6.3)
- * 3. System rules from .describe() are injected
- */
-import { describe, it, expect } from 'vitest';
-import { tester } from './setup.js';
-
-describe('System Tools', () => {
-    describe('Egress Firewall', () => {
-        it('should return validated health data through the Presenter', async () => {
-            const result = await tester.callAction('system', 'health');
-
-            expect(result.isError).toBe(false);
-            expect(result.data).toHaveProperty('status');
-            expect(result.data).toHaveProperty('uptime');
-            expect(result.data).toHaveProperty('version');
-            expect(result.data).toHaveProperty('timestamp');
-        });
-
-        it('should strip undeclared fields (tenant must NOT leak)', async () => {
-            const result = await tester.callAction('system', 'health');
-
-            expect(result.isError).toBe(false);
-            // The handler returns 'tenant' but the Presenter schema
-            // does not declare it → stripped by Egress Firewall
-            expect(result.data).not.toHaveProperty('tenant');
-        });
-
-        it('should include JIT system rules from .describe()', async () => {
-            const result = await tester.callAction('system', 'health');
-
-            expect(result.systemRules.length).toBeGreaterThan(0);
-            expect(result.systemRules.some(
-                (r: string) => r.includes('uptime') || r.includes('Uptime')
-            )).toBe(true);
-        });
-    });
-
-    describe('Echo Tool', () => {
-        it('should echo the message back', async () => {
-            const result = await tester.callAction('system', 'echo', {
-                message: 'hello vurb',
-            });
-
-            expect(result.isError).toBe(false);
-            expect(result.data).toHaveProperty('echo', 'hello vurb');
-            expect(result.data).toHaveProperty('receivedAt');
-        });
-    });
-});
+    return `/**
+ * System Tools — Egress Firewall & RBAC Tests
+ *
+ * Proves that:
+ * 1. The Presenter strips undeclared fields (SOC2 CC6.1)
+ * 2. RBAC middleware blocks GUEST access (SOC2 CC6.3)
+ * 3. System rules from .describe() are injected
+ */
+import { describe, it, expect } from 'vitest';
+import { tester } from './setup.js';
+
+describe('System Tools', () => {
+    describe('Egress Firewall', () => {
+        it('should return validated health data through the Presenter', async () => {
+            const result = await tester.callAction('system', 'health');
+
+            expect(result.isError).toBe(false);
+            expect(result.data).toHaveProperty('status');
+            expect(result.data).toHaveProperty('uptime');
+            expect(result.data).toHaveProperty('version');
+            expect(result.data).toHaveProperty('timestamp');
+        });
+
+        it('should strip undeclared fields (tenant must NOT leak)', async () => {
+            const result = await tester.callAction('system', 'health');
+
+            expect(result.isError).toBe(false);
+            // The handler returns 'tenant' but the Presenter schema
+            // does not declare it → stripped by Egress Firewall
+            expect(result.data).not.toHaveProperty('tenant');
+        });
+
+        it('should include JIT system rules from .describe()', async () => {
+            const result = await tester.callAction('system', 'health');
+
+            expect(result.systemRules.length).toBeGreaterThan(0);
+            expect(result.systemRules.some(
+                (r: string) => r.includes('uptime') || r.includes('Uptime')
+            )).toBe(true);
+        });
+    });
+
+    describe('Echo Tool', () => {
+        it('should echo the message back', async () => {
+            const result = await tester.callAction('system', 'echo', {
+                message: 'hello vurb',
+            });
+
+            expect(result.isError).toBe(false);
+            expect(result.data).toHaveProperty('echo', 'hello vurb');
+            expect(result.data).toHaveProperty('receivedAt');
+        });
+    });
+});
 `;
 }
 //# sourceMappingURL=testing.js.map

package/dist/cli/templates/tools.js

@@ -8,56 +8,56 @@
  */
 /** Generate `src/tools/system/health.ts` — Health check with Presenter */
 export function healthToolTs() {
-    return `/**
- * System Health Tool — Full MVA Pipeline (Fluent API)
- *
- * Demonstrates:
- * - f.query() — read-only semantic verb (auto-sets readOnlyHint)
- * - .describe() — LLM-facing description
- * - .returns() — Presenter (Egress Firewall + system rules + UI)
- * - .handle(input, ctx) — fully typed handler
- * - export default for autoDiscover()
- */
-import { f } from '../../vurb.js';
-import { SystemPresenter } from '../../presenters/SystemPresenter.js';
-
-export default f.query('system.health')
-    .describe('Real-time server health status')
-    .returns(SystemPresenter)
-    .handle(async (_input, ctx) => {
-        // Return raw data — the Presenter validates, strips
-        // undeclared fields, injects rules, and renders UI.
-        return {
-            status: 'healthy',
-            uptime: process.uptime(),
-            version: '0.1.0',
-            timestamp: new Date().toISOString(),
-            tenant: ctx.tenantId,
-        };
-    });
+    return `/**
+ * System Health Tool — Full MVA Pipeline (Fluent API)
+ *
+ * Demonstrates:
+ * - f.query() — read-only semantic verb (auto-sets readOnlyHint)
+ * - .describe() — LLM-facing description
+ * - .returns() — Presenter (Egress Firewall + system rules + UI)
+ * - .handle(input, ctx) — fully typed handler
+ * - export default for autoDiscover()
+ */
+import { f } from '../../vurb.js';
+import { SystemPresenter } from '../../presenters/SystemPresenter.js';
+
+export default f.query('system.health')
+    .describe('Real-time server health status')
+    .returns(SystemPresenter)
+    .handle(async (_input, ctx) => {
+        // Return raw data — the Presenter validates, strips
+        // undeclared fields, injects rules, and renders UI.
+        return {
+            status: 'healthy',
+            uptime: process.uptime(),
+            version: '0.1.0',
+            timestamp: new Date().toISOString(),
+            tenant: ctx.tenantId,
+        };
+    });
 `;
 }
 /** Generate `src/tools/system/echo.ts` — Simple echo tool */
 export function echoToolTs() {
-    return `/**
- * Echo Tool — Connectivity Testing (Fluent API)
- *
- * Demonstrates:
- * - f.query() with .withString() typed parameter
- * - .handle(input, ctx) — input.message is typed as string
- * - Implicit success() wrapping — return raw data, framework wraps it
- */
-import { f } from '../../vurb.js';
-
-export default f.query('system.echo')
-    .describe('Echo a message back (connectivity test)')
-    .withString('message', 'Message to echo back')
-    .handle(async (input) => {
-        return {
-            echo: input['message'],
-            receivedAt: new Date().toISOString(),
-        };
-    });
+    return `/**
+ * Echo Tool — Connectivity Testing (Fluent API)
+ *
+ * Demonstrates:
+ * - f.query() with .withString() typed parameter
+ * - .handle(input, ctx) — input.message is typed as string
+ * - Implicit success() wrapping — return raw data, framework wraps it
+ */
+import { f } from '../../vurb.js';
+
+export default f.query('system.echo')
+    .describe('Echo a message back (connectivity test)')
+    .withString('message', 'Message to echo back')
+    .handle(async (input) => {
+        return {
+            echo: input['message'],
+            receivedAt: new Date().toISOString(),
+        };
+    });
 `;
 }
 //# sourceMappingURL=tools.js.map

package/dist/cli/templates/vectors/database.js

@@ -4,79 +4,79 @@
  */
 /** Generate `prisma/schema.prisma` */
 export function prismaSchema() {
-    return `// Prisma Schema — Database-Driven MCP Server
-//
-// The @vurb/prisma-gen generator reads annotations
-// and auto-generates Presenters + ToolBuilders with:
-// - Field-level security (/// @vurb.hide)
-// - Tenant isolation
-// - OOM protection
-
-generator client {
-    provider = "prisma-client-js"
-}
-
-generator vurb {
-    provider = "@vurb/prisma-gen"
-}
-
-datasource db {
-    provider = "postgresql"
-    url      = env("DATABASE_URL")
-}
-
-model User {
-    id        String   @id @default(cuid())
-    email     String   @unique
-    name      String
-
-    /// @vurb.hide — Stripped by the Egress Firewall before reaching the LLM
-    password  String
-
-    role      String   @default("USER")
-    createdAt DateTime @default(now())
-    updatedAt DateTime @updatedAt
-
-    posts     Post[]
-}
-
-model Post {
-    id        String   @id @default(cuid())
-    title     String
-    content   String?
-    published Boolean  @default(false)
-    createdAt DateTime @default(now())
-
-    author    User     @relation(fields: [authorId], references: [id])
-    authorId  String
-}
+    return `// Prisma Schema — Database-Driven MCP Server
+//
+// The @vurb/prisma-gen generator reads annotations
+// and auto-generates Presenters + ToolBuilders with:
+// - Field-level security (/// @vurb.hide)
+// - Tenant isolation
+// - OOM protection
+
+generator client {
+    provider = "prisma-client-js"
+}
+
+generator vurb {
+    provider = "@vurb/prisma-gen"
+}
+
+datasource db {
+    provider = "postgresql"
+    url      = env("DATABASE_URL")
+}
+
+model User {
+    id        String   @id @default(cuid())
+    email     String   @unique
+    name      String
+
+    /// @vurb.hide — Stripped by the Egress Firewall before reaching the LLM
+    password  String
+
+    role      String   @default("USER")
+    createdAt DateTime @default(now())
+    updatedAt DateTime @updatedAt
+
+    posts     Post[]
+}
+
+model Post {
+    id        String   @id @default(cuid())
+    title     String
+    content   String?
+    published Boolean  @default(false)
+    createdAt DateTime @default(now())
+
+    author    User     @relation(fields: [authorId], references: [id])
+    authorId  String
+}
 `;
 }
 /** Generate `src/tools/db/users.ts` */
 export function dbUsersToolTs() {
-    return `/**
- * Database Users Tool — Prisma-Driven CRUD (Fluent API)
- *
- * Demonstrates:
- * - f.query() with .withOptionalNumber() typed parameter
- * - .handle(input, ctx) — input.take is typed as number | undefined
- * - Implicit success() wrapping
- */
-import { f } from '../../vurb.js';
-
-export default f.query('db.list_users')
-    .describe('List users from the database')
-    .withOptionalNumber('take', 'Max results (1-50)')
-    .handle(async (input, ctx) => {
-        // TODO: Replace with your Prisma client
-        // const users = await ctx.db.user.findMany({ take: input.take ?? 10 });
-        // return users;
-
-        return {
-            hint: 'Connect your Prisma client in src/context.ts to enable database queries.',
-            example: 'const users = await ctx.db.user.findMany({ take: 10 })',
-        };
-    });
+    return `/**
+ * Database Users Tool — Prisma-Driven CRUD (Fluent API)
+ *
+ * Demonstrates:
+ * - f.query() with .withOptionalNumber() typed parameter
+ * - .handle(input, ctx) — input.take is typed as number | undefined
+ * - Implicit success() wrapping
+ */
+import { f } from '../../vurb.js';
+
+export default f.query('db.list_users')
+    .describe('List users from the database')
+    .withOptionalNumber('take', 'Max results (1-50)')
+    .handle(async (input, ctx) => {
+        // TODO: Replace with your Prisma client
+        // const users = await ctx.db.user.findMany({ take: input.take ?? 10 });
+        // return users;
+
+        return {
+            hint: 'Connect your Prisma client in src/context.ts to enable database queries.',
+            example: 'const users = await ctx.db.user.findMany({ take: 10 })',
+        };
+    });
 `;
 }
 //# sourceMappingURL=database.js.map

package/dist/cli/templates/vectors/oauth.js

@@ -4,73 +4,73 @@
  */
 /** Generate `src/auth.ts` — OAuth Device Flow setup */
 export function oauthSetupTs(config) {
-    return `/**
- * OAuth Setup — Device Flow Authentication (RFC 8628)
- *
- * Pre-configured \`createAuthTool()\` with login, complete, status, logout actions.
- * The \`requireAuth()\` middleware protects any tool with one line.
- *
- * 1. Set CLIENT_ID and AUTH endpoints in .env
- * 2. Register the auth tool in server.ts
- * 3. Use \`requireAuth()\` on protected tools
- */
-import { createAuthTool, TokenManager } from '@vurb/oauth';
-import type { ToolRegistry } from '@vurb/core';
-
-export function registerAuth<TContext>(registry: ToolRegistry<TContext>): void {
-    const clientId = process.env['OAUTH_CLIENT_ID'];
-    const authEndpoint = process.env['OAUTH_AUTH_ENDPOINT'];
-    const tokenEndpoint = process.env['OAUTH_TOKEN_ENDPOINT'];
-
-    if (!clientId || !authEndpoint || !tokenEndpoint) {
-        console.error('⚠️  OAUTH_CLIENT_ID, OAUTH_AUTH_ENDPOINT, OAUTH_TOKEN_ENDPOINT are required in .env');
-        return;
-    }
-
-    const auth = createAuthTool({
-        clientId,
-        authorizationEndpoint: authEndpoint,
-        tokenEndpoint,
-        tokenManager: {
-            configDir: '.${config.name}',
-            envVar: '${config.name.toUpperCase().replace(/-/g, '_')}_TOKEN',
-        },
-    });
-
-    registry.register(auth);
-    console.error('🔐 OAuth Device Flow registered (auth.login → auth.complete → auth.status)');
-}
+    return `/**
+ * OAuth Setup — Device Flow Authentication (RFC 8628)
+ *
+ * Pre-configured \`createAuthTool()\` with login, complete, status, logout actions.
+ * The \`requireAuth()\` middleware protects any tool with one line.
+ *
+ * 1. Set CLIENT_ID and AUTH endpoints in .env
+ * 2. Register the auth tool in server.ts
+ * 3. Use \`requireAuth()\` on protected tools
+ */
+import { createAuthTool, TokenManager } from '@vurb/oauth';
+import type { ToolRegistry } from '@vurb/core';
+
+export function registerAuth<TContext>(registry: ToolRegistry<TContext>): void {
+    const clientId = process.env['OAUTH_CLIENT_ID'];
+    const authEndpoint = process.env['OAUTH_AUTH_ENDPOINT'];
+    const tokenEndpoint = process.env['OAUTH_TOKEN_ENDPOINT'];
+
+    if (!clientId || !authEndpoint || !tokenEndpoint) {
+        console.error('⚠️  OAUTH_CLIENT_ID, OAUTH_AUTH_ENDPOINT, OAUTH_TOKEN_ENDPOINT are required in .env');
+        return;
+    }
+
+    const auth = createAuthTool({
+        clientId,
+        authorizationEndpoint: authEndpoint,
+        tokenEndpoint,
+        tokenManager: {
+            configDir: '.${config.name}',
+            envVar: '${config.name.toUpperCase().replace(/-/g, '_')}_TOKEN',
+        },
+    });
+
+    registry.register(auth);
+    console.error('🔐 OAuth Device Flow registered (auth.login → auth.complete → auth.status)');
+}
 `;
 }
 /** Generate `src/middleware/auth.ts` — requireAuth middleware */
 export function oauthMiddlewareTs() {
-    return `/**
- * Auth Middleware — Protect tools with requireAuth()
- *
- * @example
- * \`\`\`ts
- * import { withAuth } from '../middleware/auth.js';
- *
- * export default f.query('projects.list')
- *     .describe('List all projects')
- *     .use(withAuth)
- *     .handle(async (input, ctx) => { /* authenticated */ });
- * \`\`\`
- */
-import { requireAuth } from '@vurb/oauth';
-
-/**
- * Pre-configured auth middleware.
- * Rejects unauthenticated requests with \`AUTH_REQUIRED\` + self-healing hints.
- */
-export const withAuth = requireAuth({
-    extractToken: (ctx: unknown) => {
-        const obj = ctx as Record<string, unknown>;
-        return typeof obj['token'] === 'string' ? obj['token'] : null;
-    },
-    recoveryHint: 'Call auth action=login to authenticate via browser',
-    recoveryAction: 'auth',
-});
+    return `/**
+ * Auth Middleware — Protect tools with requireAuth()
+ *
+ * @example
+ * \`\`\`ts
+ * import { withAuth } from '../middleware/auth.js';
+ *
+ * export default f.query('projects.list')
+ *     .describe('List all projects')
+ *     .use(withAuth)
+ *     .handle(async (input, ctx) => { /* authenticated */ });
+ * \`\`\`
+ */
+import { requireAuth } from '@vurb/oauth';
+
+/**
+ * Pre-configured auth middleware.
+ * Rejects unauthenticated requests with \`AUTH_REQUIRED\` + self-healing hints.
+ */
+export const withAuth = requireAuth({
+    extractToken: (ctx: unknown) => {
+        const obj = ctx as Record<string, unknown>;
+        return typeof obj['token'] === 'string' ? obj['token'] : null;
+    },
+    recoveryHint: 'Call auth action=login to authenticate via browser',
+    recoveryAction: 'auth',
+});
 `;
 }
 //# sourceMappingURL=oauth.js.map