@wabot-dev/create 0.0.4 → 2.0.0-beta.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +45 -144
- package/lib/create-project.mjs +28 -5
- package/lib/i18n.mjs +6 -6
- package/lib/skills/framework-source.mjs +68 -0
- package/lib/skills/install.mjs +11 -6
- package/lib/skills/registry.mjs +26 -56
- package/package.json +5 -3
- package/skills/wabot-async/SKILL.md +0 -139
- package/skills/wabot-auth/SKILL.md +0 -149
- package/skills/wabot-chat/SKILL.md +0 -136
- package/skills/wabot-di-config/SKILL.md +0 -117
- package/skills/wabot-framework/SKILL.md +0 -79
- package/skills/wabot-framework/references/quickstart.md +0 -85
- package/skills/wabot-mindset/SKILL.md +0 -155
- package/skills/wabot-ops/SKILL.md +0 -151
- package/skills/wabot-persistence/SKILL.md +0 -155
- package/skills/wabot-rest-socket/SKILL.md +0 -163
- package/skills/wabot-validation/SKILL.md +0 -104
|
@@ -1,163 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: wabot-rest-socket
|
|
3
|
-
description: Use when exposing HTTP endpoints or Socket.IO namespaces from a Wabot app. Covers @restController, @onGet / @onPost / @onPut / @onDelete, @middleware and IMiddleware, the EXPRESS_REQ / EXPRESS_RES tokens, the RestRequest base for raw-request access, plus @socketController, @onSocketEvent, @handshakeMiddlewares and IHandshakeMiddleware. Argument validation is shared with wabot-validation.
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
# REST and Socket controllers
|
|
7
|
-
|
|
8
|
-
Wabot's HTTP and Socket layers sit on top of Express and Socket.IO. You write controllers; the framework boots the server (default `PORT=3000`).
|
|
9
|
-
|
|
10
|
-
## REST controller
|
|
11
|
-
|
|
12
|
-
```typescript
|
|
13
|
-
import {
|
|
14
|
-
injectable,
|
|
15
|
-
isNotEmpty,
|
|
16
|
-
isNumber,
|
|
17
|
-
isString,
|
|
18
|
-
middleware,
|
|
19
|
-
onGet,
|
|
20
|
-
onPost,
|
|
21
|
-
restController,
|
|
22
|
-
} from '@wabot-dev/framework'
|
|
23
|
-
|
|
24
|
-
class CreateOrderRequest {
|
|
25
|
-
@isString() @isNotEmpty() productId!: string
|
|
26
|
-
@isNumber() quantity!: number
|
|
27
|
-
}
|
|
28
|
-
|
|
29
|
-
@injectable()
|
|
30
|
-
export class AuditMiddleware implements IMiddleware {
|
|
31
|
-
async handle(req, res, container) {
|
|
32
|
-
// record, throw CustomError to short-circuit
|
|
33
|
-
}
|
|
34
|
-
}
|
|
35
|
-
|
|
36
|
-
@restController('/orders')
|
|
37
|
-
export class OrdersController {
|
|
38
|
-
constructor(private orders: OrderService) {}
|
|
39
|
-
|
|
40
|
-
@onGet('/:id')
|
|
41
|
-
async getOne(req: { id: string }) {
|
|
42
|
-
return this.orders.find(req.id)
|
|
43
|
-
}
|
|
44
|
-
|
|
45
|
-
@onPost()
|
|
46
|
-
@middleware(AuditMiddleware)
|
|
47
|
-
async create(req: CreateOrderRequest) {
|
|
48
|
-
return this.orders.create(req)
|
|
49
|
-
}
|
|
50
|
-
}
|
|
51
|
-
```
|
|
52
|
-
|
|
53
|
-
Path resolution: `restController('/orders')` + `onPost()` → `POST /orders`. `onGet('/:id')` → `GET /orders/:id`. Either decorator accepts a `string` path or `{ path, disableJsonParser?, disableUrlEncodedParser? }`.
|
|
54
|
-
|
|
55
|
-
Argument binding:
|
|
56
|
-
- 0 parameters → no binding.
|
|
57
|
-
- 1 parameter typed as a validator class → framework merges `req.body`, `req.query`, `req.params` and runs `validateAndTransform` against the class. Validation errors produce HTTP 400.
|
|
58
|
-
- 1 parameter typed as `IncomingMessage` (Node's `http` type) → raw request injected.
|
|
59
|
-
- 1 parameter that extends `RestRequest` → the full Express `Request` is passed (no merge). Use this for streaming or multipart.
|
|
60
|
-
|
|
61
|
-
`@restController` applies `@injectable()`. Endpoint methods may be `async`; the return value is `res.status(200).json(value ?? null)`. To control status or headers, inject the response via `@inject(EXPRESS_RES)` or throw a `CustomError({ httpCode, message, info? })`.
|
|
62
|
-
|
|
63
|
-
### Middleware
|
|
64
|
-
|
|
65
|
-
```typescript
|
|
66
|
-
import { IMiddleware, injectable, middleware } from '@wabot-dev/framework'
|
|
67
|
-
|
|
68
|
-
@injectable()
|
|
69
|
-
export class RateLimit implements IMiddleware {
|
|
70
|
-
async handle(req, res, container) {
|
|
71
|
-
if (overLimit(req.ip)) throw new CustomError({ httpCode: 429, message: 'Slow down' })
|
|
72
|
-
}
|
|
73
|
-
}
|
|
74
|
-
|
|
75
|
-
@restController('/api')
|
|
76
|
-
class ApiController {
|
|
77
|
-
@onGet('/me')
|
|
78
|
-
@middleware(RateLimit)
|
|
79
|
-
async me() { /* ... */ }
|
|
80
|
-
}
|
|
81
|
-
```
|
|
82
|
-
|
|
83
|
-
Multiple `@middleware(X)` decorations run in declaration order. Middlewares are resolved out of the request's child container, so per-request injectables (e.g. `Auth`) work.
|
|
84
|
-
|
|
85
|
-
### Inheritance
|
|
86
|
-
|
|
87
|
-
Endpoint and middleware metadata is inherited. A subclass automatically picks up parent endpoints; the subclass's `@restController(path)` becomes the base path. Child endpoints override parents on a per-method-name basis.
|
|
88
|
-
|
|
89
|
-
### Tokens
|
|
90
|
-
|
|
91
|
-
```typescript
|
|
92
|
-
import { container, EXPRESS_REQ, EXPRESS_RES, inject, injectable } from '@wabot-dev/framework'
|
|
93
|
-
import type { Request, Response } from 'express'
|
|
94
|
-
|
|
95
|
-
@injectable()
|
|
96
|
-
class CookieReader {
|
|
97
|
-
constructor(
|
|
98
|
-
@inject(EXPRESS_REQ) private req: Request,
|
|
99
|
-
@inject(EXPRESS_RES) private res: Response,
|
|
100
|
-
) {}
|
|
101
|
-
}
|
|
102
|
-
```
|
|
103
|
-
|
|
104
|
-
These tokens live in the per-request child container only — never resolve them from the root.
|
|
105
|
-
|
|
106
|
-
## Socket controller
|
|
107
|
-
|
|
108
|
-
```typescript
|
|
109
|
-
import {
|
|
110
|
-
handshakeMiddlewares,
|
|
111
|
-
IHandshakeMiddleware,
|
|
112
|
-
injectable,
|
|
113
|
-
isNumber,
|
|
114
|
-
onSocketEvent,
|
|
115
|
-
socketController,
|
|
116
|
-
} from '@wabot-dev/framework'
|
|
117
|
-
import { Socket } from 'socket.io'
|
|
118
|
-
|
|
119
|
-
class JoinRoomReq {
|
|
120
|
-
@isNumber() roomId!: number
|
|
121
|
-
}
|
|
122
|
-
|
|
123
|
-
@injectable()
|
|
124
|
-
class CookieAuthMw implements IHandshakeMiddleware {
|
|
125
|
-
async handle(socket: Socket, container) {
|
|
126
|
-
// throw CustomError to refuse the connection
|
|
127
|
-
}
|
|
128
|
-
}
|
|
129
|
-
|
|
130
|
-
@socketController('chat')
|
|
131
|
-
@handshakeMiddlewares([CookieAuthMw])
|
|
132
|
-
export class ChatSocketController {
|
|
133
|
-
@onSocketEvent('connection')
|
|
134
|
-
async onConnect(socket: Socket) {
|
|
135
|
-
socket.emit('hello', { ok: true })
|
|
136
|
-
}
|
|
137
|
-
|
|
138
|
-
@onSocketEvent('join')
|
|
139
|
-
async onJoin(req: JoinRoomReq, socket: Socket) {
|
|
140
|
-
socket.join(`room:${req.roomId}`)
|
|
141
|
-
}
|
|
142
|
-
}
|
|
143
|
-
```
|
|
144
|
-
|
|
145
|
-
- `@socketController('chat')` → namespace `/chat`. Pass `undefined` or `''` for the default namespace `/`.
|
|
146
|
-
- `@onSocketEvent('join')` registers a listener. Method signature: `(req, socket?)`. If the first arg type is `Socket`, no body validation is done. Otherwise the body is validated against that DTO class. A `connection` event handler runs once when the socket connects.
|
|
147
|
-
- `@handshakeMiddlewares([Mw, ...])` runs the middlewares during the Socket.IO `use(...)` phase, before `connection`. Throw a `CustomError` to refuse the handshake.
|
|
148
|
-
|
|
149
|
-
If the client uses `socket.emit('join', payload, ack)` the return value of the handler is passed to `ack`. Throwing produces `ack({ error: ... })`.
|
|
150
|
-
|
|
151
|
-
## Boot
|
|
152
|
-
|
|
153
|
-
Both layers boot automatically when the project runner finds at least one `@restController` (REST) or `@socketController` (sockets). Manually they expose `runRestControllers([...])` / `runSocketControllers([...])`.
|
|
154
|
-
|
|
155
|
-
Both share one Express + HTTP server via `ExpressProvider` / `HttpServerProvider` (singleton). Set `PORT` in `.env` to change the listen port.
|
|
156
|
-
|
|
157
|
-
## Rules
|
|
158
|
-
|
|
159
|
-
- Always type the endpoint/socket parameter — the framework relies on `design:paramtypes` reflection to bind it.
|
|
160
|
-
- REST endpoints can have 0 or 1 parameter. More than one throws at boot.
|
|
161
|
-
- Socket events can have up to 2 parameters: `(req, socket)`. The framework injects the active `Socket`.
|
|
162
|
-
- Don't disable JSON parsing globally — disable per-endpoint via `@onPost({ path, disableJsonParser: true })` when you need raw bytes.
|
|
163
|
-
- For auth, prefer `@jwtGuard()` / `@apiKeyGuard()` (see `wabot-auth`) over hand-rolled middleware.
|
|
@@ -1,104 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: wabot-validation
|
|
3
|
-
description: Use when defining request DTOs, mindset module argument classes, or any class that must be validated and transformed by Wabot — including REST/socket inputs and tool function parameters. Covers the validator decorators (@isString, @isNumber, @isBoolean, @isDate, @isIn, @isNotEmpty, @isPresent, @isRecord, @isOptional, @isModel, @isArray, @min, @max), @description, validateAndTransform, and Mapper.
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
# Validation, description, mapping
|
|
7
|
-
|
|
8
|
-
Wabot validates request shapes through decorator-driven metadata. The same metadata feeds:
|
|
9
|
-
|
|
10
|
-
- REST endpoint argument binding (`@onPost`, etc.).
|
|
11
|
-
- Socket event payloads (`@onSocketEvent`).
|
|
12
|
-
- Mindset tool function parameters (the LLM sees the validator type and the `@description`).
|
|
13
|
-
- `Async.runCommand` / `Async.scheduleCommand` payloads (validated against the `@command` class).
|
|
14
|
-
|
|
15
|
-
## Field validators
|
|
16
|
-
|
|
17
|
-
All decorators are exported from `@wabot-dev/framework`. Apply them to public class fields.
|
|
18
|
-
|
|
19
|
-
| Decorator | Effect |
|
|
20
|
-
| --- | --- |
|
|
21
|
-
| `@isString()` | Value must be `string` |
|
|
22
|
-
| `@isNumber()` | Value must be `number` |
|
|
23
|
-
| `@isBoolean()` | Value must be `boolean` |
|
|
24
|
-
| `@isDate()` | Value must parse as `Date` (ISO 8601 input) |
|
|
25
|
-
| `@isIn([...values])` | Value must be one of the listed literals |
|
|
26
|
-
| `@isNotEmpty()` | String must be non-empty after trim |
|
|
27
|
-
| `@isPresent()` | Field must be present (not `undefined`) |
|
|
28
|
-
| `@isRecord(keyType, valueType)` | Plain object with typed keys/values; `keyType: 'number' \| 'string'`, `valueType: 'number' \| 'string' \| 'boolean'` |
|
|
29
|
-
| `@isOptional()` | Skip remaining validators when the value is null/undefined |
|
|
30
|
-
| `@isModel(OtherClass)` | Nested model validated against `OtherClass` |
|
|
31
|
-
| `@isArray({ minLength?, maxLength? })` | Field must be an array |
|
|
32
|
-
| `@min(n)` | Numeric / length minimum |
|
|
33
|
-
| `@max(n)` | Numeric / length maximum |
|
|
34
|
-
|
|
35
|
-
Validators chain top-to-bottom. Put `@isOptional()` **above** the type validator if the field is optional.
|
|
36
|
-
|
|
37
|
-
```typescript
|
|
38
|
-
import { description, isIn, isNotEmpty, isNumber, isOptional, isString, max, min } from '@wabot-dev/framework'
|
|
39
|
-
|
|
40
|
-
export class ListGamesRequest {
|
|
41
|
-
@isString()
|
|
42
|
-
@isIn(['backlog', 'playing', 'finished', 'abandoned'])
|
|
43
|
-
@description('Filter by status')
|
|
44
|
-
status: 'backlog' | 'playing' | 'finished' | 'abandoned' = 'backlog'
|
|
45
|
-
|
|
46
|
-
@isNumber()
|
|
47
|
-
@min(1)
|
|
48
|
-
@max(20)
|
|
49
|
-
@description('Maximum number of games to return')
|
|
50
|
-
limit: number = 5
|
|
51
|
-
|
|
52
|
-
@isOptional()
|
|
53
|
-
@isString()
|
|
54
|
-
cursor?: string
|
|
55
|
-
}
|
|
56
|
-
```
|
|
57
|
-
|
|
58
|
-
The `default` value on the field becomes the value when the input is missing and the field is optional.
|
|
59
|
-
|
|
60
|
-
## `@description`
|
|
61
|
-
|
|
62
|
-
`@description('...')` annotates a field or method. Two roles:
|
|
63
|
-
|
|
64
|
-
1. On a request-class field: it becomes the LLM-facing parameter description for mindset tool functions.
|
|
65
|
-
2. On a `@mindsetModule()` method: it becomes the tool's description (without it the function is not exposed as a tool).
|
|
66
|
-
|
|
67
|
-
Mindset module functions **must** have a single request-object parameter (or no parameter), and every property of that request class must have both a type validator (e.g. `@isString()`) and a `@description(...)`. The framework throws at boot otherwise.
|
|
68
|
-
|
|
69
|
-
## `validateAndTransform`
|
|
70
|
-
|
|
71
|
-
```typescript
|
|
72
|
-
import { validateAndTransform } from '@wabot-dev/framework'
|
|
73
|
-
|
|
74
|
-
const { value, error } = validateAndTransform(rawInput, ListGamesRequest)
|
|
75
|
-
if (error) {
|
|
76
|
-
// error.description + error.properties (per-field errors)
|
|
77
|
-
}
|
|
78
|
-
```
|
|
79
|
-
|
|
80
|
-
Use this when you receive a payload outside a framework-managed boundary (e.g. a manually parsed file or queue message). Inside a REST/socket controller or a command handler the framework already validates the parameter for you.
|
|
81
|
-
|
|
82
|
-
## `Mapper`
|
|
83
|
-
|
|
84
|
-
`Mapper` is an injectable utility that combines deep-copy + `validateAndTransform`. It is useful when you need to convert a database row, a remote response, or a Storable into a typed model and you want a hard failure on shape mismatch (it throws `CustomError` with `httpCode: 500`).
|
|
85
|
-
|
|
86
|
-
```typescript
|
|
87
|
-
import { container, Mapper } from '@wabot-dev/framework'
|
|
88
|
-
|
|
89
|
-
const mapper = container.resolve(Mapper)
|
|
90
|
-
const game: GameDto = mapper.map(rawRow, GameDto)
|
|
91
|
-
```
|
|
92
|
-
|
|
93
|
-
`Mapper.map(data, ctor)` will:
|
|
94
|
-
|
|
95
|
-
- Deep-copy `data` (Storables → plain objects, Dates → epoch ms).
|
|
96
|
-
- Run all validators on the target class.
|
|
97
|
-
- Return a typed instance, or throw.
|
|
98
|
-
|
|
99
|
-
## Rules
|
|
100
|
-
|
|
101
|
-
- Every public DTO/Request field needs at least one type validator. Without it, the framework can't introspect the type at runtime (TypeScript types are erased).
|
|
102
|
-
- Always pair `@description` with a type validator on mindset module request fields.
|
|
103
|
-
- Prefer field defaults over `@isOptional()` when you have a sensible default; reserve `@isOptional()` for fields that may genuinely be absent.
|
|
104
|
-
- Don't subclass `RestRequest` unless you want the raw Express `Request` injected into the endpoint — see `wabot-rest-socket`.
|