npm - alepha - Versions diffs - 0.14.1 → 0.14.3 - Mend

alepha 0.14.1 → 0.14.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (402) hide show

package/README.md +3 -3
package/dist/api/audits/index.browser.js +5 -5
package/dist/api/audits/index.browser.js.map +1 -1
package/dist/api/audits/index.d.ts +784 -784
package/dist/api/audits/index.d.ts.map +1 -1
package/dist/api/audits/index.js +13 -13
package/dist/api/audits/index.js.map +1 -1
package/dist/api/files/index.browser.js +5 -5
package/dist/api/files/index.browser.js.map +1 -1
package/dist/api/files/index.d.ts +57 -57
package/dist/api/files/index.d.ts.map +1 -1
package/dist/api/files/index.js +71 -71
package/dist/api/files/index.js.map +1 -1
package/dist/api/jobs/index.browser.js +5 -5
package/dist/api/jobs/index.browser.js.map +1 -1
package/dist/api/jobs/index.d.ts +165 -165
package/dist/api/jobs/index.d.ts.map +1 -1
package/dist/api/jobs/index.js +10 -10
package/dist/api/jobs/index.js.map +1 -1
package/dist/api/notifications/index.browser.js +10 -10
package/dist/api/notifications/index.browser.js.map +1 -1
package/dist/api/notifications/index.d.ts +583 -171
package/dist/api/notifications/index.d.ts.map +1 -1
package/dist/api/notifications/index.js +12 -12
package/dist/api/notifications/index.js.map +1 -1
package/dist/api/parameters/index.browser.js +163 -10
package/dist/api/parameters/index.browser.js.map +1 -1
package/dist/api/parameters/index.d.ts +281 -276
package/dist/api/parameters/index.d.ts.map +1 -1
package/dist/api/parameters/index.js +196 -91
package/dist/api/parameters/index.js.map +1 -1
package/dist/api/users/index.browser.js +19 -19
package/dist/api/users/index.browser.js.map +1 -1
package/dist/api/users/index.d.ts +778 -764
package/dist/api/users/index.d.ts.map +1 -1
package/dist/api/users/index.js +831 -596
package/dist/api/users/index.js.map +1 -1
package/dist/api/verifications/index.browser.js +6 -6
package/dist/api/verifications/index.browser.js.map +1 -1
package/dist/api/verifications/index.d.ts +125 -125
package/dist/api/verifications/index.d.ts.map +1 -1
package/dist/api/verifications/index.js +6 -6
package/dist/api/verifications/index.js.map +1 -1
package/dist/batch/index.js.map +1 -1
package/dist/bin/index.d.ts +1 -2
package/dist/bin/index.js +0 -1
package/dist/bin/index.js.map +1 -1
package/dist/cache/core/index.js.map +1 -1
package/dist/cli/index.d.ts +249 -218
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +951 -821
package/dist/cli/index.js.map +1 -1
package/dist/command/index.d.ts +40 -0
package/dist/command/index.d.ts.map +1 -1
package/dist/command/index.js +97 -17
package/dist/command/index.js.map +1 -1
package/dist/core/index.browser.js +14 -18
package/dist/core/index.browser.js.map +1 -1
package/dist/core/index.d.ts +29 -0
package/dist/core/index.d.ts.map +1 -1
package/dist/core/index.js +21 -24
package/dist/core/index.js.map +1 -1
package/dist/core/index.native.js +21 -24
package/dist/core/index.native.js.map +1 -1
package/dist/datetime/index.js.map +1 -1
package/dist/fake/index.js +195 -168
package/dist/fake/index.js.map +1 -1
package/dist/file/index.d.ts +8 -0
package/dist/file/index.d.ts.map +1 -1
package/dist/file/index.js +3 -0
package/dist/file/index.js.map +1 -1
package/dist/lock/redis/index.js.map +1 -1
package/dist/logger/index.js.map +1 -1
package/dist/mcp/index.d.ts.map +1 -1
package/dist/mcp/index.js.map +1 -1
package/dist/orm/index.browser.js +26 -5
package/dist/orm/index.browser.js.map +1 -1
package/dist/orm/index.d.ts +146 -121
package/dist/orm/index.d.ts.map +1 -1
package/dist/orm/index.js +49 -24
package/dist/orm/index.js.map +1 -1
package/dist/redis/index.js.map +1 -1
package/dist/retry/index.js.map +1 -1
package/dist/router/index.js.map +1 -1
package/dist/scheduler/index.d.ts +6 -6
package/dist/scheduler/index.js.map +1 -1
package/dist/security/index.d.ts +29 -29
package/dist/security/index.d.ts.map +1 -1
package/dist/security/index.js +1 -1
package/dist/security/index.js.map +1 -1
package/dist/server/auth/index.d.ts +171 -155
package/dist/server/auth/index.d.ts.map +1 -1
package/dist/server/auth/index.js +0 -1
package/dist/server/auth/index.js.map +1 -1
package/dist/server/cache/index.js.map +1 -1
package/dist/server/compress/index.d.ts.map +1 -1
package/dist/server/compress/index.js +2 -0
package/dist/server/compress/index.js.map +1 -1
package/dist/server/cookies/index.browser.js.map +1 -1
package/dist/server/cookies/index.js.map +1 -1
package/dist/server/core/index.browser.js.map +1 -1
package/dist/server/core/index.d.ts.map +1 -1
package/dist/server/core/index.js +1 -1
package/dist/server/core/index.js.map +1 -1
package/dist/server/health/index.d.ts +17 -17
package/dist/server/helmet/index.js.map +1 -1
package/dist/server/links/index.browser.js +22 -6
package/dist/server/links/index.browser.js.map +1 -1
package/dist/server/links/index.d.ts +46 -44
package/dist/server/links/index.d.ts.map +1 -1
package/dist/server/links/index.js +24 -41
package/dist/server/links/index.js.map +1 -1
package/dist/server/multipart/index.js.map +1 -1
package/dist/server/rate-limit/index.js.map +1 -1
package/dist/server/security/index.js.map +1 -1
package/dist/server/swagger/index.d.ts +2 -1
package/dist/server/swagger/index.d.ts.map +1 -1
package/dist/server/swagger/index.js +8 -3
package/dist/server/swagger/index.js.map +1 -1
package/dist/thread/index.js.map +1 -1
package/dist/topic/core/index.js.map +1 -1
package/dist/vite/index.d.ts.map +1 -1
package/dist/vite/index.js +12 -4
package/dist/vite/index.js.map +1 -1
package/dist/websocket/index.browser.js.map +1 -1
package/dist/websocket/index.js.map +1 -1
package/package.json +7 -7
package/src/api/audits/controllers/{AuditController.ts → AdminAuditController.ts} +5 -6
package/src/api/audits/entities/audits.ts +5 -5
package/src/api/audits/index.browser.ts +1 -1
package/src/api/audits/index.ts +3 -3
package/src/api/audits/primitives/$audit.spec.ts +276 -0
package/src/api/audits/services/AuditService.spec.ts +495 -0
package/src/api/files/__tests__/$bucket.spec.ts +91 -0
package/src/api/files/controllers/AdminFileStatsController.spec.ts +166 -0
package/src/api/files/controllers/{StorageStatsController.ts → AdminFileStatsController.ts} +2 -2
package/src/api/files/controllers/FileController.spec.ts +558 -0
package/src/api/files/controllers/FileController.ts +4 -5
package/src/api/files/entities/files.ts +5 -5
package/src/api/files/index.browser.ts +1 -1
package/src/api/files/index.ts +4 -4
package/src/api/files/jobs/FileJobs.spec.ts +52 -0
package/src/api/files/services/FileService.spec.ts +109 -0
package/src/api/jobs/__tests__/JobController.spec.ts +343 -0
package/src/api/jobs/controllers/{JobController.ts → AdminJobController.ts} +2 -2
package/src/api/jobs/entities/jobExecutions.ts +5 -5
package/src/api/jobs/index.ts +3 -3
package/src/api/jobs/primitives/$job.spec.ts +476 -0
package/src/api/notifications/controllers/{NotificationController.ts → AdminNotificationController.ts} +4 -5
package/src/api/notifications/entities/notifications.ts +5 -5
package/src/api/notifications/index.browser.ts +1 -1
package/src/api/notifications/index.ts +4 -4
package/src/api/parameters/controllers/{ConfigController.ts → AdminConfigController.ts} +46 -107
package/src/api/parameters/entities/parameters.ts +7 -17
package/src/api/parameters/index.ts +3 -3
package/src/api/parameters/primitives/$config.spec.ts +356 -0
package/src/api/parameters/schemas/activateConfigBodySchema.ts +12 -0
package/src/api/parameters/schemas/checkScheduledResponseSchema.ts +8 -0
package/src/api/parameters/schemas/configCurrentResponseSchema.ts +13 -0
package/src/api/parameters/schemas/configHistoryResponseSchema.ts +9 -0
package/src/api/parameters/schemas/configNameParamSchema.ts +10 -0
package/src/api/parameters/schemas/configNamesResponseSchema.ts +8 -0
package/src/api/parameters/schemas/configTreeNodeSchema.ts +13 -0
package/src/api/parameters/schemas/configVersionParamSchema.ts +9 -0
package/src/api/parameters/schemas/configVersionResponseSchema.ts +9 -0
package/src/api/parameters/schemas/configsByStatusResponseSchema.ts +9 -0
package/src/api/parameters/schemas/createConfigVersionBodySchema.ts +24 -0
package/src/api/parameters/schemas/index.ts +15 -0
package/src/api/parameters/schemas/parameterResponseSchema.ts +26 -0
package/src/api/parameters/schemas/parameterStatusSchema.ts +13 -0
package/src/api/parameters/schemas/rollbackConfigBodySchema.ts +15 -0
package/src/api/parameters/schemas/statusParamSchema.ts +9 -0
package/src/api/users/__tests__/EmailVerification.spec.ts +369 -0
package/src/api/users/__tests__/PasswordReset.spec.ts +550 -0
package/src/api/users/controllers/AdminIdentityController.spec.ts +365 -0
package/src/api/users/controllers/{IdentityController.ts → AdminIdentityController.ts} +3 -4
package/src/api/users/controllers/AdminSessionController.spec.ts +274 -0
package/src/api/users/controllers/{SessionController.ts → AdminSessionController.ts} +3 -4
package/src/api/users/controllers/AdminUserController.spec.ts +372 -0
package/src/api/users/controllers/AdminUserController.ts +116 -0
package/src/api/users/controllers/UserController.ts +4 -107
package/src/api/users/controllers/UserRealmController.ts +3 -0
package/src/api/users/entities/identities.ts +6 -6
package/src/api/users/entities/sessions.ts +6 -6
package/src/api/users/entities/users.ts +9 -9
package/src/api/users/index.ts +13 -6
package/src/api/users/primitives/$userRealm.ts +13 -8
package/src/api/users/services/CredentialService.spec.ts +509 -0
package/src/api/users/services/CredentialService.ts +46 -0
package/src/api/users/services/IdentityService.ts +15 -0
package/src/api/users/services/RegistrationService.spec.ts +630 -0
package/src/api/users/services/RegistrationService.ts +18 -0
package/src/api/users/services/SessionService.spec.ts +301 -0
package/src/api/users/services/SessionService.ts +110 -1
package/src/api/users/services/UserService.ts +67 -2
package/src/api/verifications/__tests__/CodeVerification.spec.ts +318 -0
package/src/api/verifications/__tests__/LinkVerification.spec.ts +279 -0
package/src/api/verifications/entities/verifications.ts +6 -6
package/src/api/verifications/jobs/VerificationJobs.spec.ts +50 -0
package/src/batch/__tests__/startup-buffering.spec.ts +458 -0
package/src/batch/primitives/$batch.spec.ts +766 -0
package/src/batch/providers/BatchProvider.spec.ts +786 -0
package/src/bin/index.ts +0 -1
package/src/bucket/__tests__/shared.ts +194 -0
package/src/bucket/primitives/$bucket.spec.ts +104 -0
package/src/bucket/providers/FileStorageProvider.spec.ts +13 -0
package/src/bucket/providers/LocalFileStorageProvider.spec.ts +77 -0
package/src/bucket/providers/MemoryFileStorageProvider.spec.ts +82 -0
package/src/cache/core/__tests__/shared.ts +377 -0
package/src/cache/core/primitives/$cache.spec.ts +111 -0
package/src/cache/redis/__tests__/cache-redis.spec.ts +70 -0
package/src/cli/apps/AlephaCli.ts +54 -16
package/src/cli/apps/AlephaPackageBuilderCli.ts +2 -1
package/src/cli/assets/appRouterTs.ts +1 -1
package/src/cli/commands/{ViteCommands.ts → build.ts} +2 -105
package/src/cli/commands/clean.ts +14 -0
package/src/cli/commands/{DrizzleCommands.ts → db.ts} +10 -117
package/src/cli/commands/{DeployCommands.ts → deploy.ts} +1 -1
package/src/cli/commands/dev.ts +69 -0
package/src/cli/commands/format.ts +17 -0
package/src/cli/commands/gen/changelog.spec.ts +315 -0
package/src/cli/commands/{ChangelogCommands.ts → gen/changelog.ts} +16 -31
package/src/cli/commands/gen/openapi.ts +71 -0
package/src/cli/commands/gen.ts +18 -0
package/src/cli/commands/{CoreCommands.ts → init.ts} +4 -40
package/src/cli/commands/lint.ts +17 -0
package/src/cli/commands/root.ts +41 -0
package/src/cli/commands/run.ts +24 -0
package/src/cli/commands/test.ts +42 -0
package/src/cli/commands/typecheck.ts +24 -0
package/src/cli/commands/{VerifyCommands.ts → verify.ts} +1 -13
package/src/cli/defineConfig.ts +10 -1
package/src/cli/index.ts +17 -7
package/src/cli/services/AlephaCliUtils.ts +71 -32
package/src/cli/services/GitMessageParser.ts +1 -1
package/src/command/helpers/Asker.spec.ts +127 -0
package/src/command/helpers/Runner.spec.ts +126 -0
package/src/command/primitives/$command.spec.ts +1588 -0
package/src/command/providers/CliProvider.ts +74 -24
package/src/core/Alepha.ts +52 -4
package/src/core/__tests__/Alepha-emit.spec.ts +22 -0
package/src/core/__tests__/Alepha-graph.spec.ts +93 -0
package/src/core/__tests__/Alepha-has.spec.ts +41 -0
package/src/core/__tests__/Alepha-inject.spec.ts +93 -0
package/src/core/__tests__/Alepha-register.spec.ts +81 -0
package/src/core/__tests__/Alepha-start.spec.ts +176 -0
package/src/core/__tests__/Alepha-with.spec.ts +14 -0
package/src/core/__tests__/TypeBox-usecases.spec.ts +35 -0
package/src/core/__tests__/TypeBoxLocale.spec.ts +15 -0
package/src/core/__tests__/descriptor.spec.ts +34 -0
package/src/core/__tests__/fixtures/A.ts +5 -0
package/src/core/__tests__/pagination.spec.ts +77 -0
package/src/core/helpers/jsonSchemaToTypeBox.ts +2 -2
package/src/core/primitives/$atom.spec.ts +43 -0
package/src/core/primitives/$hook.spec.ts +130 -0
package/src/core/primitives/$inject.spec.ts +175 -0
package/src/core/primitives/$module.spec.ts +115 -0
package/src/core/providers/CodecManager.spec.ts +740 -0
package/src/core/providers/EventManager.spec.ts +762 -0
package/src/core/providers/EventManager.ts +4 -0
package/src/core/providers/StateManager.spec.ts +365 -0
package/src/core/providers/TypeProvider.spec.ts +1607 -0
package/src/core/providers/TypeProvider.ts +20 -26
package/src/datetime/primitives/$interval.spec.ts +103 -0
package/src/datetime/providers/DateTimeProvider.spec.ts +86 -0
package/src/email/primitives/$email.spec.ts +175 -0
package/src/email/providers/LocalEmailProvider.spec.ts +341 -0
package/src/fake/__tests__/keyName.example.ts +40 -0
package/src/fake/__tests__/keyName.spec.ts +152 -0
package/src/fake/__tests__/module.example.ts +32 -0
package/src/fake/providers/FakeProvider.spec.ts +438 -0
package/src/file/providers/FileSystemProvider.ts +8 -0
package/src/file/providers/NodeFileSystemProvider.spec.ts +418 -0
package/src/file/providers/NodeFileSystemProvider.ts +5 -0
package/src/file/services/FileDetector.spec.ts +591 -0
package/src/lock/core/__tests__/shared.ts +190 -0
package/src/lock/core/providers/MemoryLockProvider.spec.ts +25 -0
package/src/lock/redis/providers/RedisLockProvider.spec.ts +25 -0
package/src/logger/__tests__/SimpleFormatterProvider.spec.ts +109 -0
package/src/logger/primitives/$logger.spec.ts +108 -0
package/src/logger/services/Logger.spec.ts +295 -0
package/src/mcp/__tests__/errors.spec.ts +175 -0
package/src/mcp/__tests__/integration.spec.ts +450 -0
package/src/mcp/helpers/jsonrpc.spec.ts +380 -0
package/src/mcp/primitives/$prompt.spec.ts +468 -0
package/src/mcp/primitives/$resource.spec.ts +390 -0
package/src/mcp/primitives/$tool.spec.ts +406 -0
package/src/mcp/providers/McpServerProvider.spec.ts +797 -0
package/src/orm/__tests__/$repository-crud.spec.ts +276 -0
package/src/orm/__tests__/$repository-hooks.spec.ts +325 -0
package/src/orm/__tests__/$repository-orderBy.spec.ts +128 -0
package/src/orm/__tests__/$repository-pagination-sort.spec.ts +149 -0
package/src/orm/__tests__/$repository-save.spec.ts +37 -0
package/src/orm/__tests__/ModelBuilder-integration.spec.ts +490 -0
package/src/orm/__tests__/ModelBuilder-types.spec.ts +186 -0
package/src/orm/__tests__/PostgresProvider.spec.ts +46 -0
package/src/orm/__tests__/delete-returning.spec.ts +256 -0
package/src/orm/__tests__/deletedAt.spec.ts +80 -0
package/src/orm/__tests__/enums.spec.ts +315 -0
package/src/orm/__tests__/execute.spec.ts +72 -0
package/src/orm/__tests__/fixtures/bigEntitySchema.ts +65 -0
package/src/orm/__tests__/fixtures/userEntitySchema.ts +27 -0
package/src/orm/__tests__/joins.spec.ts +1114 -0
package/src/orm/__tests__/page.spec.ts +287 -0
package/src/orm/__tests__/primaryKey.spec.ts +87 -0
package/src/orm/__tests__/query-date-encoding.spec.ts +402 -0
package/src/orm/__tests__/ref-auto-onDelete.spec.ts +156 -0
package/src/orm/__tests__/references.spec.ts +102 -0
package/src/orm/__tests__/security.spec.ts +710 -0
package/src/orm/__tests__/sqlite.spec.ts +111 -0
package/src/orm/__tests__/string-operators.spec.ts +429 -0
package/src/orm/__tests__/timestamps.spec.ts +388 -0
package/src/orm/__tests__/validation.spec.ts +183 -0
package/src/orm/__tests__/version.spec.ts +64 -0
package/src/orm/helpers/parseQueryString.spec.ts +196 -0
package/src/orm/index.browser.ts +1 -1
package/src/orm/index.ts +10 -6
package/src/orm/primitives/$repository.spec.ts +137 -0
package/src/orm/primitives/$sequence.spec.ts +29 -0
package/src/orm/primitives/$transaction.spec.ts +82 -0
package/src/orm/providers/{PostgresTypeProvider.ts → DatabaseTypeProvider.ts} +25 -3
package/src/orm/providers/drivers/BunPostgresProvider.ts +3 -3
package/src/orm/providers/drivers/BunSqliteProvider.ts +1 -1
package/src/orm/providers/drivers/CloudflareD1Provider.ts +1 -1
package/src/orm/providers/drivers/DatabaseProvider.ts +1 -1
package/src/orm/providers/drivers/NodePostgresProvider.ts +3 -3
package/src/orm/providers/drivers/NodeSqliteProvider.ts +1 -1
package/src/orm/providers/drivers/PglitePostgresProvider.ts +2 -2
package/src/orm/services/ModelBuilder.spec.ts +575 -0
package/src/orm/services/Repository.spec.ts +137 -0
package/src/queue/core/__tests__/shared.ts +143 -0
package/src/queue/core/providers/MemoryQueueProvider.spec.ts +23 -0
package/src/queue/core/providers/WorkerProvider.spec.ts +378 -0
package/src/queue/redis/providers/RedisQueueProvider.spec.ts +23 -0
package/src/redis/__tests__/redis.spec.ts +58 -0
package/src/retry/primitives/$retry.spec.ts +234 -0
package/src/retry/providers/RetryProvider.spec.ts +438 -0
package/src/router/__tests__/match.spec.ts +252 -0
package/src/router/providers/RouterProvider.spec.ts +197 -0
package/src/scheduler/__tests__/$scheduler-cron.spec.ts +25 -0
package/src/scheduler/__tests__/$scheduler-interval.spec.ts +25 -0
package/src/scheduler/__tests__/shared.ts +77 -0
package/src/security/__tests__/bug-1-wildcard-after-start.spec.ts +229 -0
package/src/security/__tests__/bug-2-password-validation.spec.ts +245 -0
package/src/security/__tests__/bug-3-regex-vulnerability.spec.ts +407 -0
package/src/security/__tests__/bug-4-oauth2-validation.spec.ts +439 -0
package/src/security/__tests__/multi-layer-permissions.spec.ts +522 -0
package/src/security/primitives/$permission.spec.ts +30 -0
package/src/security/primitives/$permission.ts +2 -2
package/src/security/primitives/$realm.spec.ts +101 -0
package/src/security/primitives/$role.spec.ts +52 -0
package/src/security/primitives/$serviceAccount.spec.ts +61 -0
package/src/security/providers/SecurityProvider.spec.ts +350 -0
package/src/server/auth/providers/ServerAuthProvider.ts +0 -2
package/src/server/cache/providers/ServerCacheProvider.spec.ts +942 -0
package/src/server/compress/providers/ServerCompressProvider.spec.ts +31 -0
package/src/server/compress/providers/ServerCompressProvider.ts +2 -0
package/src/server/cookies/providers/ServerCookiesProvider.spec.ts +253 -0
package/src/server/core/__tests__/ServerRouterProvider-getRoutes.spec.ts +334 -0
package/src/server/core/__tests__/ServerRouterProvider-requestId.spec.ts +129 -0
package/src/server/core/primitives/$action.spec.ts +191 -0
package/src/server/core/primitives/$route.spec.ts +65 -0
package/src/server/core/providers/ServerBodyParserProvider.spec.ts +93 -0
package/src/server/core/providers/ServerLoggerProvider.spec.ts +100 -0
package/src/server/core/providers/ServerProvider.ts +3 -1
package/src/server/core/services/HttpClient.spec.ts +123 -0
package/src/server/core/services/UserAgentParser.spec.ts +111 -0
package/src/server/cors/providers/ServerCorsProvider.spec.ts +481 -0
package/src/server/health/providers/ServerHealthProvider.spec.ts +22 -0
package/src/server/helmet/providers/ServerHelmetProvider.spec.ts +105 -0
package/src/server/links/__tests__/$action.spec.ts +238 -0
package/src/server/links/__tests__/fixtures/CrudApp.ts +122 -0
package/src/server/links/__tests__/requestId.spec.ts +120 -0
package/src/server/links/primitives/$remote.spec.ts +228 -0
package/src/server/links/providers/LinkProvider.spec.ts +54 -0
package/src/server/links/providers/LinkProvider.ts +49 -3
package/src/server/links/providers/ServerLinksProvider.ts +1 -53
package/src/server/links/schemas/apiLinksResponseSchema.ts +7 -0
package/src/server/metrics/providers/ServerMetricsProvider.spec.ts +25 -0
package/src/server/multipart/providers/ServerMultipartProvider.spec.ts +528 -0
package/src/server/proxy/primitives/$proxy.spec.ts +87 -0
package/src/server/rate-limit/__tests__/ActionRateLimit.spec.ts +211 -0
package/src/server/rate-limit/providers/ServerRateLimitProvider.spec.ts +344 -0
package/src/server/security/__tests__/BasicAuth.spec.ts +684 -0
package/src/server/security/__tests__/ServerSecurityProvider-realm.spec.ts +388 -0
package/src/server/security/providers/ServerSecurityProvider.spec.ts +123 -0
package/src/server/static/primitives/$serve.spec.ts +193 -0
package/src/server/swagger/__tests__/ui.spec.ts +52 -0
package/src/server/swagger/primitives/$swagger.spec.ts +193 -0
package/src/server/swagger/providers/ServerSwaggerProvider.ts +18 -8
package/src/sms/primitives/$sms.spec.ts +165 -0
package/src/sms/providers/LocalSmsProvider.spec.ts +224 -0
package/src/sms/providers/MemorySmsProvider.spec.ts +193 -0
package/src/thread/primitives/$thread.spec.ts +186 -0
package/src/topic/core/__tests__/shared.ts +144 -0
package/src/topic/core/providers/MemoryTopicProvider.spec.ts +23 -0
package/src/topic/redis/providers/RedisTopicProvider.spec.ts +23 -0
package/src/vite/plugins/viteAlephaDev.ts +16 -4
package/src/vite/tasks/runAlepha.ts +7 -1
package/src/websocket/__tests__/$websocket-new.spec.ts +195 -0
package/src/websocket/primitives/$channel.spec.ts +30 -0
package/src/cli/commands/BiomeCommands.ts +0 -29

package/src/orm/__tests__/security.spec.ts ADDED Viewed

@@ -0,0 +1,710 @@
+import { Alepha, t } from "alepha";
+import { describe, it } from "vitest";
+import { $entity, $repository, DatabaseProvider, pg, sql } from "../index.ts";
+import {
+  NodeSqliteProvider,
+  nodeSqliteOptions,
+} from "../providers/drivers/NodeSqliteProvider.ts";
+/**
+ * SQL Injection Security Tests
+ *
+ * This test suite validates that the ORM properly sanitizes and escapes user input
+ * to prevent SQL injection attacks across various scenarios:
+ * - Basic filter operators (eq, ne, like, ilike, etc.)
+ * - JSONB queries
+ * - Array operators
+ * - Raw SQL queries
+ * - Both PostgreSQL and SQLite
+ */
+describe("SQL Injection Security Tests", () => {
+  // Define test entities with various column types
+  const users = $entity({
+    name: "users",
+    schema: t.object({
+      id: pg.primaryKey(),
+      username: t.text(),
+      email: t.text(),
+      age: t.integer(),
+      profile: t.object({
+        bio: t.text(),
+        settings: t.object({
+          theme: t.text(),
+          notifications: t.boolean(),
+        }),
+      }),
+      tags: t.array(t.text()),
+      metadata: t.object({
+        permissions: t.array(t.text()),
+        lastLogin: t.optional(t.text()),
+      }),
+    }),
+  });
+  class App {
+    users = $repository(users);
+  }
+  const sqlInjectionPayloads = [
+    // Classic SQL injection patterns
+    "' OR '1'='1",
+    "' OR 1=1--",
+    "' OR 1=1#",
+    "' OR 1=1/*",
+    "admin'--",
+    "admin' #",
+    "admin'/*",
+    // Union-based injection
+    "' UNION SELECT NULL--",
+    "' UNION SELECT NULL, NULL--",
+    "' UNION ALL SELECT NULL--",
+    // Stacked queries
+    "'; DROP TABLE users--",
+    "'; DELETE FROM users--",
+    "'; UPDATE users SET username='hacked'--",
+    // Boolean-based blind injection
+    "' AND 1=1--",
+    "' AND 1=2--",
+    "' AND SUBSTRING(@@version,1,1)='5",
+    // Time-based blind injection
+    "'; WAITFOR DELAY '00:00:05'--",
+    "'; SELECT SLEEP(5)--",
+    "' AND (SELECT * FROM (SELECT(SLEEP(5)))a)--",
+    // Quote escaping attempts
+    "''",
+    "\\'",
+    "\\x27",
+    "%27",
+    // Comment variations
+    "--",
+    "-- -",
+    "#",
+    "/**/",
+    "/* comment */",
+    // Hex encoding
+    "0x27",
+    "0x4F0x52",
+    // Special characters
+    "';!--\"<XSS>=&{()}",
+    "@@version",
+    "char(39)",
+    // PostgreSQL specific
+    "$1",
+    "$$",
+    "';--",
+    "1; SELECT version();",
+    // SQLite specific
+    "' || '1",
+    "'; ATTACH DATABASE 'file' AS db;--",
+    // JSONB injection attempts (PostgreSQL)
+    "' -> 'key",
+    "' ->> 'key",
+    "' #> '{key}'",
+    "' #>> '{key}'",
+    '\' @> \'{"key":"value"}\'',
+    "' ? 'key",
+    "' ?| array['key']",
+    "' ?& array['key']",
+  ];
+  describe("PostgreSQL", () => {
+    describe("Basic Filter Operators", () => {
+      it("should prevent SQL injection in eq operator", async ({ expect }) => {
+        const alepha = Alepha.create();
+        const app = alepha.inject(App);
+        await alepha.start();
+        // Create a legitimate user
+        await app.users.create({
+          username: "alice",
+          email: "alice@example.com",
+          age: 30,
+          profile: {
+            bio: "Hello world",
+            settings: { theme: "dark", notifications: true },
+          },
+          tags: ["admin"],
+          metadata: { permissions: ["read", "write"], lastLogin: "2024-01-01" },
+        });
+        // Try each SQL injection payload
+        for (const payload of sqlInjectionPayloads) {
+          const result = await app.users.findMany({
+            where: { username: { eq: payload } },
+          });
+          // Should return empty array since payload doesn't match any real username
+          expect(result).toEqual([]);
+        }
+      });
+      it("should prevent SQL injection in ne operator", async ({ expect }) => {
+        const alepha = Alepha.create();
+        const app = alepha.inject(App);
+        await alepha.start();
+        await app.users.create({
+          username: "bob",
+          email: "bob@example.com",
+          age: 25,
+          profile: {
+            bio: "Developer",
+            settings: { theme: "light", notifications: false },
+          },
+          tags: [],
+          metadata: { permissions: ["read"] },
+        });
+        for (const payload of sqlInjectionPayloads) {
+          // Should not cause SQL errors or unexpected behavior
+          const result = await app.users.findMany({
+            where: { username: { ne: payload } },
+          });
+          // Should return the legitimate user
+          expect(result.length).toBeGreaterThanOrEqual(0);
+        }
+      });
+      it("should prevent SQL injection in contains operator", async ({
+        expect,
+      }) => {
+        const alepha = Alepha.create();
+        const app = alepha.inject(App);
+        await alepha.start();
+        await app.users.create({
+          username: "charlie",
+          email: "charlie@example.com",
+          age: 35,
+          profile: {
+            bio: "Designer",
+            settings: { theme: "dark", notifications: true },
+          },
+          tags: ["designer"],
+          metadata: { permissions: ["read", "write"] },
+        });
+        for (const payload of sqlInjectionPayloads) {
+          const result = await app.users.findMany({
+            where: { username: { contains: payload } },
+          });
+          // Should safely handle the payload as a literal string
+          expect(result).toEqual([]);
+        }
+      });
+      it("should prevent SQL injection in contains operator (email field)", async ({
+        expect,
+      }) => {
+        const alepha = Alepha.create();
+        const app = alepha.inject(App);
+        await alepha.start();
+        await app.users.create({
+          username: "Diana",
+          email: "diana@example.com",
+          age: 28,
+          profile: {
+            bio: "Manager",
+            settings: { theme: "light", notifications: true },
+          },
+          tags: ["manager"],
+          metadata: { permissions: ["admin"] },
+        });
+        for (const payload of sqlInjectionPayloads) {
+          const result = await app.users.findMany({
+            where: { email: { contains: payload } },
+          });
+          expect(result).toEqual([]);
+        }
+      });
+      it("should prevent SQL injection in gt/gte/lt/lte operators", async ({
+        expect,
+      }) => {
+        const alepha = Alepha.create();
+        const app = alepha.inject(App);
+        await alepha.start();
+        await app.users.create({
+          username: "eve",
+          email: "eve@example.com",
+          age: 40,
+          profile: {
+            bio: "Executive",
+            settings: { theme: "dark", notifications: false },
+          },
+          tags: [],
+          metadata: { permissions: ["admin", "read", "write"] },
+        });
+        // Numeric operators should either reject non-numeric payloads or treat them safely
+        // PostgreSQL will throw a type error for invalid integer syntax
+        // This is actually GOOD - the database layer is rejecting malicious input
+        for (const payload of sqlInjectionPayloads) {
+          try {
+            const result = await app.users.findMany({
+              where: { age: { gt: payload as any } },
+            });
+            // If it doesn't throw, it should return safe results
+            expect(Array.isArray(result)).toBe(true);
+          } catch (error) {
+            // PostgreSQL rejects invalid integer syntax - this is expected and safe
+            // The SQL is still parameterized, preventing injection
+            expect(error).toBeDefined();
+          }
+        }
+      });
+      it("should prevent SQL injection in inArray operator", async ({
+        expect,
+      }) => {
+        const alepha = Alepha.create();
+        const app = alepha.inject(App);
+        await alepha.start();
+        await app.users.create({
+          username: "frank",
+          email: "frank@example.com",
+          age: 33,
+          profile: {
+            bio: "Developer",
+            settings: { theme: "dark", notifications: true },
+          },
+          tags: ["dev"],
+          metadata: { permissions: ["read"] },
+        });
+        const result = await app.users.findMany({
+          where: {
+            username: { inArray: sqlInjectionPayloads.slice(0, 10) },
+          },
+        });
+        // Should treat each payload as a literal string to compare
+        expect(result).toEqual([]);
+      });
+    });
+    describe("Array Operator Injection", () => {
+      it("should prevent SQL injection in arrayContains", async ({
+        expect,
+      }) => {
+        const alepha = Alepha.create();
+        const app = alepha.inject(App);
+        await alepha.start();
+        await app.users.create({
+          username: "jack",
+          email: "jack@example.com",
+          age: 36,
+          profile: {
+            bio: "Security Expert",
+            settings: { theme: "dark", notifications: true },
+          },
+          tags: ["security", "expert"],
+          metadata: { permissions: ["admin", "audit"] },
+        });
+        for (const payload of sqlInjectionPayloads) {
+          const result = await app.users.findMany({
+            where: {
+              tags: { arrayContains: [payload] },
+            },
+          });
+          expect(result).toEqual([]);
+        }
+      });
+      it("should prevent SQL injection in arrayOverlaps", async ({
+        expect,
+      }) => {
+        const alepha = Alepha.create();
+        const app = alepha.inject(App);
+        await alepha.start();
+        await app.users.create({
+          username: "kate",
+          email: "kate@example.com",
+          age: 32,
+          profile: {
+            bio: "Product Manager",
+            settings: { theme: "light", notifications: false },
+          },
+          tags: ["product", "manager"],
+          metadata: { permissions: ["read", "write"] },
+        });
+        const result = await app.users.findMany({
+          where: {
+            tags: { arrayOverlaps: sqlInjectionPayloads.slice(0, 5) },
+          },
+        });
+        expect(result).toEqual([]);
+      });
+      it("should prevent SQL injection in arrayContained", async ({
+        expect,
+      }) => {
+        const alepha = Alepha.create();
+        const app = alepha.inject(App);
+        await alepha.start();
+        await app.users.create({
+          username: "leo",
+          email: "leo@example.com",
+          age: 38,
+          profile: {
+            bio: "CTO",
+            settings: { theme: "dark", notifications: true },
+          },
+          tags: ["cto", "leadership"],
+          metadata: { permissions: ["admin", "owner"] },
+        });
+        const result = await app.users.findMany({
+          where: {
+            tags: { arrayContained: sqlInjectionPayloads.slice(0, 5) },
+          },
+        });
+        expect(result).toEqual([]);
+      });
+    });
+    describe("Raw SQL Injection", () => {
+      it("should safely handle parameterized queries", async ({ expect }) => {
+        const alepha = Alepha.create();
+        const app = alepha.inject(App);
+        await alepha.start();
+        await app.users.create({
+          username: "maria",
+          email: "maria@example.com",
+          age: 26,
+          profile: {
+            bio: "Designer",
+            settings: { theme: "light", notifications: true },
+          },
+          tags: ["design"],
+          metadata: { permissions: ["read"] },
+        });
+        for (const payload of sqlInjectionPayloads) {
+          // Using parameterized queries should be safe
+          const result = await app.users.query(
+            (t) => sql`SELECT * FROM ${t} WHERE ${t.username} = ${payload}`,
+            t.pick(users.schema, ["username"]),
+          );
+          // Should treat payload as a literal value
+          expect(result).toEqual([]);
+        }
+      });
+      it("should prevent injection in complex SQL expressions", async ({
+        expect,
+      }) => {
+        const alepha = Alepha.create();
+        const app = alepha.inject(App);
+        await alepha.start();
+        await app.users.create({
+          username: "nathan",
+          email: "nathan@example.com",
+          age: 41,
+          profile: {
+            bio: "Consultant",
+            settings: { theme: "dark", notifications: false },
+          },
+          tags: ["consulting"],
+          metadata: { permissions: ["read", "write", "admin"] },
+        });
+        for (const payload of sqlInjectionPayloads) {
+          const result = await app.users.query(
+            (t) =>
+              sql`SELECT * FROM ${t} WHERE ${t.username} LIKE ${`%${payload}%`}`,
+            t.pick(users.schema, ["username"]),
+          );
+          expect(result).toEqual([]);
+        }
+      });
+    });
+  });
+  describe("SQLite", () => {
+    describe("Basic Filter Operators", () => {
+      it("should prevent SQL injection in eq operator", async ({ expect }) => {
+        const alepha = Alepha.create().with({
+          provide: DatabaseProvider,
+          use: NodeSqliteProvider,
+        });
+        alepha.store.mut(nodeSqliteOptions, (old) => ({
+          ...old,
+          path: "sqlite://:memory:",
+        }));
+        const app = alepha.inject(App);
+        await alepha.start();
+        await app.users.create({
+          username: "sqlite_alice",
+          email: "alice@sqlite.com",
+          age: 30,
+          profile: {
+            bio: "SQLite tester",
+            settings: { theme: "dark", notifications: true },
+          },
+          tags: ["sqlite"],
+          metadata: { permissions: ["read"] },
+        });
+        for (const payload of sqlInjectionPayloads) {
+          const result = await app.users.findMany({
+            where: { username: { eq: payload } },
+          });
+          expect(result).toEqual([]);
+        }
+      });
+      it("should prevent SQL injection in contains operator (SQLite)", async ({
+        expect,
+      }) => {
+        const alepha = Alepha.create().with({
+          provide: DatabaseProvider,
+          use: NodeSqliteProvider,
+        });
+        alepha.store.mut(nodeSqliteOptions, (old) => ({
+          ...old,
+          path: "sqlite://:memory:",
+        }));
+        const app = alepha.inject(App);
+        await alepha.start();
+        await app.users.create({
+          username: "sqlite_bob",
+          email: "bob@sqlite.com",
+          age: 25,
+          profile: {
+            bio: "SQLite developer",
+            settings: { theme: "light", notifications: false },
+          },
+          tags: ["dev"],
+          metadata: { permissions: ["read", "write"] },
+        });
+        for (const payload of sqlInjectionPayloads) {
+          const result = await app.users.findMany({
+            where: { username: { contains: payload } },
+          });
+          expect(result).toEqual([]);
+        }
+      });
+      it("should prevent SQL injection in inArray operator", async ({
+        expect,
+      }) => {
+        const alepha = Alepha.create().with({
+          provide: DatabaseProvider,
+          use: NodeSqliteProvider,
+        });
+        alepha.store.mut(nodeSqliteOptions, (old) => ({
+          ...old,
+          path: "sqlite://:memory:",
+        }));
+        const app = alepha.inject(App);
+        await alepha.start();
+        await app.users.create({
+          username: "sqlite_charlie",
+          email: "charlie@sqlite.com",
+          age: 35,
+          profile: {
+            bio: "SQLite admin",
+            settings: { theme: "dark", notifications: true },
+          },
+          tags: ["admin"],
+          metadata: { permissions: ["admin"] },
+        });
+        const result = await app.users.findMany({
+          where: {
+            username: { inArray: sqlInjectionPayloads.slice(0, 10) },
+          },
+        });
+        expect(result).toEqual([]);
+      });
+    });
+    describe("Raw SQL Injection (SQLite)", () => {
+      it("should safely handle parameterized queries", async ({ expect }) => {
+        const alepha = Alepha.create().with({
+          provide: DatabaseProvider,
+          use: NodeSqliteProvider,
+        });
+        alepha.store.mut(nodeSqliteOptions, (old) => ({
+          ...old,
+          path: "sqlite://:memory:",
+        }));
+        const app = alepha.inject(App);
+        await alepha.start();
+        await app.users.create({
+          username: "sqlite_eve",
+          email: "eve@sqlite.com",
+          age: 40,
+          profile: {
+            bio: "SQL expert",
+            settings: { theme: "light", notifications: false },
+          },
+          tags: ["sql"],
+          metadata: { permissions: ["admin"] },
+        });
+        for (const payload of sqlInjectionPayloads) {
+          const result = await app.users.query(
+            (t) => sql`SELECT * FROM ${t} WHERE ${t.username} = ${payload}`,
+            t.pick(users.schema, ["username"]),
+          );
+          expect(result).toEqual([]);
+        }
+      });
+    });
+  });
+  describe("Edge Cases and Special Characters", () => {
+    it("should handle unicode and special characters safely", async ({
+      expect,
+    }) => {
+      const alepha = Alepha.create();
+      const app = alepha.inject(App);
+      await alepha.start();
+      const specialChars = [
+        "用户名", // Chinese
+        "пользователь", // Russian
+        "مستخدم", // Arabic
+        "🔥💻🚀", // Emojis
+        // Note: \u0000 (null byte) is not supported by PostgreSQL (invalid encoding)
+        "\n\r\t", // Whitespace
+        "\\\\", // Backslashes
+        "<<<>>>", // Angle brackets
+      ];
+      for (const char of specialChars) {
+        try {
+          const created = await app.users.create({
+            username: char,
+            email: `${char}@example.com`,
+            age: 25,
+            profile: {
+              bio: char,
+              settings: { theme: "dark", notifications: true },
+            },
+            tags: [char],
+            metadata: { permissions: [char] },
+          });
+          const found = await app.users.findOne({
+            where: { username: { eq: char } },
+          });
+          expect(found.id).toBe(created.id);
+          expect(found.username).toBe(char);
+        } catch (error) {
+          // Some special characters may have database-specific limitations
+          // (e.g., PostgreSQL doesn't support null bytes in text fields)
+          // The important thing is that it fails safely without SQL injection
+          expect(error).toBeDefined();
+        }
+      }
+    });
+    it("should handle long strings with injection attempts safely", async ({
+      expect,
+    }) => {
+      const alepha = Alepha.create();
+      const app = alepha.inject(App);
+      await alepha.start();
+      // Create a string that's close to max length and contains SQL injection attempt
+      const longString = `${"A".repeat(100)}' OR '1'='1${"B".repeat(100)}`;
+      const created = await app.users.create({
+        username: longString,
+        email: "long@example.com",
+        age: 30,
+        profile: {
+          bio: longString,
+          settings: { theme: "dark", notifications: true },
+        },
+        tags: ["long"],
+        metadata: { permissions: ["read"] },
+      });
+      const found = await app.users.findOne({
+        where: {
+          username: { eq: longString },
+        },
+      });
+      expect(found.id).toBe(created.id);
+      expect(found.username).toBe(longString);
+    });
+    it("should handle empty strings and nulls", async ({ expect }) => {
+      const alepha = Alepha.create();
+      const app = alepha.inject(App);
+      await alepha.start();
+      const created = await app.users.create({
+        username: "",
+        email: "empty@example.com",
+        age: 30,
+        profile: {
+          bio: "",
+          settings: { theme: "dark", notifications: true },
+        },
+        tags: [],
+        metadata: { permissions: [] },
+      });
+      const found = await app.users.findOne({
+        where: { username: { eq: "" } },
+      });
+      expect(found.id).toBe(created.id);
+    });
+  });
+});