npm - alepha - Versions diffs - 0.14.1 → 0.14.3 - Mend

alepha 0.14.1 → 0.14.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (402) hide show

package/README.md +3 -3
package/dist/api/audits/index.browser.js +5 -5
package/dist/api/audits/index.browser.js.map +1 -1
package/dist/api/audits/index.d.ts +784 -784
package/dist/api/audits/index.d.ts.map +1 -1
package/dist/api/audits/index.js +13 -13
package/dist/api/audits/index.js.map +1 -1
package/dist/api/files/index.browser.js +5 -5
package/dist/api/files/index.browser.js.map +1 -1
package/dist/api/files/index.d.ts +57 -57
package/dist/api/files/index.d.ts.map +1 -1
package/dist/api/files/index.js +71 -71
package/dist/api/files/index.js.map +1 -1
package/dist/api/jobs/index.browser.js +5 -5
package/dist/api/jobs/index.browser.js.map +1 -1
package/dist/api/jobs/index.d.ts +165 -165
package/dist/api/jobs/index.d.ts.map +1 -1
package/dist/api/jobs/index.js +10 -10
package/dist/api/jobs/index.js.map +1 -1
package/dist/api/notifications/index.browser.js +10 -10
package/dist/api/notifications/index.browser.js.map +1 -1
package/dist/api/notifications/index.d.ts +583 -171
package/dist/api/notifications/index.d.ts.map +1 -1
package/dist/api/notifications/index.js +12 -12
package/dist/api/notifications/index.js.map +1 -1
package/dist/api/parameters/index.browser.js +163 -10
package/dist/api/parameters/index.browser.js.map +1 -1
package/dist/api/parameters/index.d.ts +281 -276
package/dist/api/parameters/index.d.ts.map +1 -1
package/dist/api/parameters/index.js +196 -91
package/dist/api/parameters/index.js.map +1 -1
package/dist/api/users/index.browser.js +19 -19
package/dist/api/users/index.browser.js.map +1 -1
package/dist/api/users/index.d.ts +778 -764
package/dist/api/users/index.d.ts.map +1 -1
package/dist/api/users/index.js +831 -596
package/dist/api/users/index.js.map +1 -1
package/dist/api/verifications/index.browser.js +6 -6
package/dist/api/verifications/index.browser.js.map +1 -1
package/dist/api/verifications/index.d.ts +125 -125
package/dist/api/verifications/index.d.ts.map +1 -1
package/dist/api/verifications/index.js +6 -6
package/dist/api/verifications/index.js.map +1 -1
package/dist/batch/index.js.map +1 -1
package/dist/bin/index.d.ts +1 -2
package/dist/bin/index.js +0 -1
package/dist/bin/index.js.map +1 -1
package/dist/cache/core/index.js.map +1 -1
package/dist/cli/index.d.ts +249 -218
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +951 -821
package/dist/cli/index.js.map +1 -1
package/dist/command/index.d.ts +40 -0
package/dist/command/index.d.ts.map +1 -1
package/dist/command/index.js +97 -17
package/dist/command/index.js.map +1 -1
package/dist/core/index.browser.js +14 -18
package/dist/core/index.browser.js.map +1 -1
package/dist/core/index.d.ts +29 -0
package/dist/core/index.d.ts.map +1 -1
package/dist/core/index.js +21 -24
package/dist/core/index.js.map +1 -1
package/dist/core/index.native.js +21 -24
package/dist/core/index.native.js.map +1 -1
package/dist/datetime/index.js.map +1 -1
package/dist/fake/index.js +195 -168
package/dist/fake/index.js.map +1 -1
package/dist/file/index.d.ts +8 -0
package/dist/file/index.d.ts.map +1 -1
package/dist/file/index.js +3 -0
package/dist/file/index.js.map +1 -1
package/dist/lock/redis/index.js.map +1 -1
package/dist/logger/index.js.map +1 -1
package/dist/mcp/index.d.ts.map +1 -1
package/dist/mcp/index.js.map +1 -1
package/dist/orm/index.browser.js +26 -5
package/dist/orm/index.browser.js.map +1 -1
package/dist/orm/index.d.ts +146 -121
package/dist/orm/index.d.ts.map +1 -1
package/dist/orm/index.js +49 -24
package/dist/orm/index.js.map +1 -1
package/dist/redis/index.js.map +1 -1
package/dist/retry/index.js.map +1 -1
package/dist/router/index.js.map +1 -1
package/dist/scheduler/index.d.ts +6 -6
package/dist/scheduler/index.js.map +1 -1
package/dist/security/index.d.ts +29 -29
package/dist/security/index.d.ts.map +1 -1
package/dist/security/index.js +1 -1
package/dist/security/index.js.map +1 -1
package/dist/server/auth/index.d.ts +171 -155
package/dist/server/auth/index.d.ts.map +1 -1
package/dist/server/auth/index.js +0 -1
package/dist/server/auth/index.js.map +1 -1
package/dist/server/cache/index.js.map +1 -1
package/dist/server/compress/index.d.ts.map +1 -1
package/dist/server/compress/index.js +2 -0
package/dist/server/compress/index.js.map +1 -1
package/dist/server/cookies/index.browser.js.map +1 -1
package/dist/server/cookies/index.js.map +1 -1
package/dist/server/core/index.browser.js.map +1 -1
package/dist/server/core/index.d.ts.map +1 -1
package/dist/server/core/index.js +1 -1
package/dist/server/core/index.js.map +1 -1
package/dist/server/health/index.d.ts +17 -17
package/dist/server/helmet/index.js.map +1 -1
package/dist/server/links/index.browser.js +22 -6
package/dist/server/links/index.browser.js.map +1 -1
package/dist/server/links/index.d.ts +46 -44
package/dist/server/links/index.d.ts.map +1 -1
package/dist/server/links/index.js +24 -41
package/dist/server/links/index.js.map +1 -1
package/dist/server/multipart/index.js.map +1 -1
package/dist/server/rate-limit/index.js.map +1 -1
package/dist/server/security/index.js.map +1 -1
package/dist/server/swagger/index.d.ts +2 -1
package/dist/server/swagger/index.d.ts.map +1 -1
package/dist/server/swagger/index.js +8 -3
package/dist/server/swagger/index.js.map +1 -1
package/dist/thread/index.js.map +1 -1
package/dist/topic/core/index.js.map +1 -1
package/dist/vite/index.d.ts.map +1 -1
package/dist/vite/index.js +12 -4
package/dist/vite/index.js.map +1 -1
package/dist/websocket/index.browser.js.map +1 -1
package/dist/websocket/index.js.map +1 -1
package/package.json +7 -7
package/src/api/audits/controllers/{AuditController.ts → AdminAuditController.ts} +5 -6
package/src/api/audits/entities/audits.ts +5 -5
package/src/api/audits/index.browser.ts +1 -1
package/src/api/audits/index.ts +3 -3
package/src/api/audits/primitives/$audit.spec.ts +276 -0
package/src/api/audits/services/AuditService.spec.ts +495 -0
package/src/api/files/__tests__/$bucket.spec.ts +91 -0
package/src/api/files/controllers/AdminFileStatsController.spec.ts +166 -0
package/src/api/files/controllers/{StorageStatsController.ts → AdminFileStatsController.ts} +2 -2
package/src/api/files/controllers/FileController.spec.ts +558 -0
package/src/api/files/controllers/FileController.ts +4 -5
package/src/api/files/entities/files.ts +5 -5
package/src/api/files/index.browser.ts +1 -1
package/src/api/files/index.ts +4 -4
package/src/api/files/jobs/FileJobs.spec.ts +52 -0
package/src/api/files/services/FileService.spec.ts +109 -0
package/src/api/jobs/__tests__/JobController.spec.ts +343 -0
package/src/api/jobs/controllers/{JobController.ts → AdminJobController.ts} +2 -2
package/src/api/jobs/entities/jobExecutions.ts +5 -5
package/src/api/jobs/index.ts +3 -3
package/src/api/jobs/primitives/$job.spec.ts +476 -0
package/src/api/notifications/controllers/{NotificationController.ts → AdminNotificationController.ts} +4 -5
package/src/api/notifications/entities/notifications.ts +5 -5
package/src/api/notifications/index.browser.ts +1 -1
package/src/api/notifications/index.ts +4 -4
package/src/api/parameters/controllers/{ConfigController.ts → AdminConfigController.ts} +46 -107
package/src/api/parameters/entities/parameters.ts +7 -17
package/src/api/parameters/index.ts +3 -3
package/src/api/parameters/primitives/$config.spec.ts +356 -0
package/src/api/parameters/schemas/activateConfigBodySchema.ts +12 -0
package/src/api/parameters/schemas/checkScheduledResponseSchema.ts +8 -0
package/src/api/parameters/schemas/configCurrentResponseSchema.ts +13 -0
package/src/api/parameters/schemas/configHistoryResponseSchema.ts +9 -0
package/src/api/parameters/schemas/configNameParamSchema.ts +10 -0
package/src/api/parameters/schemas/configNamesResponseSchema.ts +8 -0
package/src/api/parameters/schemas/configTreeNodeSchema.ts +13 -0
package/src/api/parameters/schemas/configVersionParamSchema.ts +9 -0
package/src/api/parameters/schemas/configVersionResponseSchema.ts +9 -0
package/src/api/parameters/schemas/configsByStatusResponseSchema.ts +9 -0
package/src/api/parameters/schemas/createConfigVersionBodySchema.ts +24 -0
package/src/api/parameters/schemas/index.ts +15 -0
package/src/api/parameters/schemas/parameterResponseSchema.ts +26 -0
package/src/api/parameters/schemas/parameterStatusSchema.ts +13 -0
package/src/api/parameters/schemas/rollbackConfigBodySchema.ts +15 -0
package/src/api/parameters/schemas/statusParamSchema.ts +9 -0
package/src/api/users/__tests__/EmailVerification.spec.ts +369 -0
package/src/api/users/__tests__/PasswordReset.spec.ts +550 -0
package/src/api/users/controllers/AdminIdentityController.spec.ts +365 -0
package/src/api/users/controllers/{IdentityController.ts → AdminIdentityController.ts} +3 -4
package/src/api/users/controllers/AdminSessionController.spec.ts +274 -0
package/src/api/users/controllers/{SessionController.ts → AdminSessionController.ts} +3 -4
package/src/api/users/controllers/AdminUserController.spec.ts +372 -0
package/src/api/users/controllers/AdminUserController.ts +116 -0
package/src/api/users/controllers/UserController.ts +4 -107
package/src/api/users/controllers/UserRealmController.ts +3 -0
package/src/api/users/entities/identities.ts +6 -6
package/src/api/users/entities/sessions.ts +6 -6
package/src/api/users/entities/users.ts +9 -9
package/src/api/users/index.ts +13 -6
package/src/api/users/primitives/$userRealm.ts +13 -8
package/src/api/users/services/CredentialService.spec.ts +509 -0
package/src/api/users/services/CredentialService.ts +46 -0
package/src/api/users/services/IdentityService.ts +15 -0
package/src/api/users/services/RegistrationService.spec.ts +630 -0
package/src/api/users/services/RegistrationService.ts +18 -0
package/src/api/users/services/SessionService.spec.ts +301 -0
package/src/api/users/services/SessionService.ts +110 -1
package/src/api/users/services/UserService.ts +67 -2
package/src/api/verifications/__tests__/CodeVerification.spec.ts +318 -0
package/src/api/verifications/__tests__/LinkVerification.spec.ts +279 -0
package/src/api/verifications/entities/verifications.ts +6 -6
package/src/api/verifications/jobs/VerificationJobs.spec.ts +50 -0
package/src/batch/__tests__/startup-buffering.spec.ts +458 -0
package/src/batch/primitives/$batch.spec.ts +766 -0
package/src/batch/providers/BatchProvider.spec.ts +786 -0
package/src/bin/index.ts +0 -1
package/src/bucket/__tests__/shared.ts +194 -0
package/src/bucket/primitives/$bucket.spec.ts +104 -0
package/src/bucket/providers/FileStorageProvider.spec.ts +13 -0
package/src/bucket/providers/LocalFileStorageProvider.spec.ts +77 -0
package/src/bucket/providers/MemoryFileStorageProvider.spec.ts +82 -0
package/src/cache/core/__tests__/shared.ts +377 -0
package/src/cache/core/primitives/$cache.spec.ts +111 -0
package/src/cache/redis/__tests__/cache-redis.spec.ts +70 -0
package/src/cli/apps/AlephaCli.ts +54 -16
package/src/cli/apps/AlephaPackageBuilderCli.ts +2 -1
package/src/cli/assets/appRouterTs.ts +1 -1
package/src/cli/commands/{ViteCommands.ts → build.ts} +2 -105
package/src/cli/commands/clean.ts +14 -0
package/src/cli/commands/{DrizzleCommands.ts → db.ts} +10 -117
package/src/cli/commands/{DeployCommands.ts → deploy.ts} +1 -1
package/src/cli/commands/dev.ts +69 -0
package/src/cli/commands/format.ts +17 -0
package/src/cli/commands/gen/changelog.spec.ts +315 -0
package/src/cli/commands/{ChangelogCommands.ts → gen/changelog.ts} +16 -31
package/src/cli/commands/gen/openapi.ts +71 -0
package/src/cli/commands/gen.ts +18 -0
package/src/cli/commands/{CoreCommands.ts → init.ts} +4 -40
package/src/cli/commands/lint.ts +17 -0
package/src/cli/commands/root.ts +41 -0
package/src/cli/commands/run.ts +24 -0
package/src/cli/commands/test.ts +42 -0
package/src/cli/commands/typecheck.ts +24 -0
package/src/cli/commands/{VerifyCommands.ts → verify.ts} +1 -13
package/src/cli/defineConfig.ts +10 -1
package/src/cli/index.ts +17 -7
package/src/cli/services/AlephaCliUtils.ts +71 -32
package/src/cli/services/GitMessageParser.ts +1 -1
package/src/command/helpers/Asker.spec.ts +127 -0
package/src/command/helpers/Runner.spec.ts +126 -0
package/src/command/primitives/$command.spec.ts +1588 -0
package/src/command/providers/CliProvider.ts +74 -24
package/src/core/Alepha.ts +52 -4
package/src/core/__tests__/Alepha-emit.spec.ts +22 -0
package/src/core/__tests__/Alepha-graph.spec.ts +93 -0
package/src/core/__tests__/Alepha-has.spec.ts +41 -0
package/src/core/__tests__/Alepha-inject.spec.ts +93 -0
package/src/core/__tests__/Alepha-register.spec.ts +81 -0
package/src/core/__tests__/Alepha-start.spec.ts +176 -0
package/src/core/__tests__/Alepha-with.spec.ts +14 -0
package/src/core/__tests__/TypeBox-usecases.spec.ts +35 -0
package/src/core/__tests__/TypeBoxLocale.spec.ts +15 -0
package/src/core/__tests__/descriptor.spec.ts +34 -0
package/src/core/__tests__/fixtures/A.ts +5 -0
package/src/core/__tests__/pagination.spec.ts +77 -0
package/src/core/helpers/jsonSchemaToTypeBox.ts +2 -2
package/src/core/primitives/$atom.spec.ts +43 -0
package/src/core/primitives/$hook.spec.ts +130 -0
package/src/core/primitives/$inject.spec.ts +175 -0
package/src/core/primitives/$module.spec.ts +115 -0
package/src/core/providers/CodecManager.spec.ts +740 -0
package/src/core/providers/EventManager.spec.ts +762 -0
package/src/core/providers/EventManager.ts +4 -0
package/src/core/providers/StateManager.spec.ts +365 -0
package/src/core/providers/TypeProvider.spec.ts +1607 -0
package/src/core/providers/TypeProvider.ts +20 -26
package/src/datetime/primitives/$interval.spec.ts +103 -0
package/src/datetime/providers/DateTimeProvider.spec.ts +86 -0
package/src/email/primitives/$email.spec.ts +175 -0
package/src/email/providers/LocalEmailProvider.spec.ts +341 -0
package/src/fake/__tests__/keyName.example.ts +40 -0
package/src/fake/__tests__/keyName.spec.ts +152 -0
package/src/fake/__tests__/module.example.ts +32 -0
package/src/fake/providers/FakeProvider.spec.ts +438 -0
package/src/file/providers/FileSystemProvider.ts +8 -0
package/src/file/providers/NodeFileSystemProvider.spec.ts +418 -0
package/src/file/providers/NodeFileSystemProvider.ts +5 -0
package/src/file/services/FileDetector.spec.ts +591 -0
package/src/lock/core/__tests__/shared.ts +190 -0
package/src/lock/core/providers/MemoryLockProvider.spec.ts +25 -0
package/src/lock/redis/providers/RedisLockProvider.spec.ts +25 -0
package/src/logger/__tests__/SimpleFormatterProvider.spec.ts +109 -0
package/src/logger/primitives/$logger.spec.ts +108 -0
package/src/logger/services/Logger.spec.ts +295 -0
package/src/mcp/__tests__/errors.spec.ts +175 -0
package/src/mcp/__tests__/integration.spec.ts +450 -0
package/src/mcp/helpers/jsonrpc.spec.ts +380 -0
package/src/mcp/primitives/$prompt.spec.ts +468 -0
package/src/mcp/primitives/$resource.spec.ts +390 -0
package/src/mcp/primitives/$tool.spec.ts +406 -0
package/src/mcp/providers/McpServerProvider.spec.ts +797 -0
package/src/orm/__tests__/$repository-crud.spec.ts +276 -0
package/src/orm/__tests__/$repository-hooks.spec.ts +325 -0
package/src/orm/__tests__/$repository-orderBy.spec.ts +128 -0
package/src/orm/__tests__/$repository-pagination-sort.spec.ts +149 -0
package/src/orm/__tests__/$repository-save.spec.ts +37 -0
package/src/orm/__tests__/ModelBuilder-integration.spec.ts +490 -0
package/src/orm/__tests__/ModelBuilder-types.spec.ts +186 -0
package/src/orm/__tests__/PostgresProvider.spec.ts +46 -0
package/src/orm/__tests__/delete-returning.spec.ts +256 -0
package/src/orm/__tests__/deletedAt.spec.ts +80 -0
package/src/orm/__tests__/enums.spec.ts +315 -0
package/src/orm/__tests__/execute.spec.ts +72 -0
package/src/orm/__tests__/fixtures/bigEntitySchema.ts +65 -0
package/src/orm/__tests__/fixtures/userEntitySchema.ts +27 -0
package/src/orm/__tests__/joins.spec.ts +1114 -0
package/src/orm/__tests__/page.spec.ts +287 -0
package/src/orm/__tests__/primaryKey.spec.ts +87 -0
package/src/orm/__tests__/query-date-encoding.spec.ts +402 -0
package/src/orm/__tests__/ref-auto-onDelete.spec.ts +156 -0
package/src/orm/__tests__/references.spec.ts +102 -0
package/src/orm/__tests__/security.spec.ts +710 -0
package/src/orm/__tests__/sqlite.spec.ts +111 -0
package/src/orm/__tests__/string-operators.spec.ts +429 -0
package/src/orm/__tests__/timestamps.spec.ts +388 -0
package/src/orm/__tests__/validation.spec.ts +183 -0
package/src/orm/__tests__/version.spec.ts +64 -0
package/src/orm/helpers/parseQueryString.spec.ts +196 -0
package/src/orm/index.browser.ts +1 -1
package/src/orm/index.ts +10 -6
package/src/orm/primitives/$repository.spec.ts +137 -0
package/src/orm/primitives/$sequence.spec.ts +29 -0
package/src/orm/primitives/$transaction.spec.ts +82 -0
package/src/orm/providers/{PostgresTypeProvider.ts → DatabaseTypeProvider.ts} +25 -3
package/src/orm/providers/drivers/BunPostgresProvider.ts +3 -3
package/src/orm/providers/drivers/BunSqliteProvider.ts +1 -1
package/src/orm/providers/drivers/CloudflareD1Provider.ts +1 -1
package/src/orm/providers/drivers/DatabaseProvider.ts +1 -1
package/src/orm/providers/drivers/NodePostgresProvider.ts +3 -3
package/src/orm/providers/drivers/NodeSqliteProvider.ts +1 -1
package/src/orm/providers/drivers/PglitePostgresProvider.ts +2 -2
package/src/orm/services/ModelBuilder.spec.ts +575 -0
package/src/orm/services/Repository.spec.ts +137 -0
package/src/queue/core/__tests__/shared.ts +143 -0
package/src/queue/core/providers/MemoryQueueProvider.spec.ts +23 -0
package/src/queue/core/providers/WorkerProvider.spec.ts +378 -0
package/src/queue/redis/providers/RedisQueueProvider.spec.ts +23 -0
package/src/redis/__tests__/redis.spec.ts +58 -0
package/src/retry/primitives/$retry.spec.ts +234 -0
package/src/retry/providers/RetryProvider.spec.ts +438 -0
package/src/router/__tests__/match.spec.ts +252 -0
package/src/router/providers/RouterProvider.spec.ts +197 -0
package/src/scheduler/__tests__/$scheduler-cron.spec.ts +25 -0
package/src/scheduler/__tests__/$scheduler-interval.spec.ts +25 -0
package/src/scheduler/__tests__/shared.ts +77 -0
package/src/security/__tests__/bug-1-wildcard-after-start.spec.ts +229 -0
package/src/security/__tests__/bug-2-password-validation.spec.ts +245 -0
package/src/security/__tests__/bug-3-regex-vulnerability.spec.ts +407 -0
package/src/security/__tests__/bug-4-oauth2-validation.spec.ts +439 -0
package/src/security/__tests__/multi-layer-permissions.spec.ts +522 -0
package/src/security/primitives/$permission.spec.ts +30 -0
package/src/security/primitives/$permission.ts +2 -2
package/src/security/primitives/$realm.spec.ts +101 -0
package/src/security/primitives/$role.spec.ts +52 -0
package/src/security/primitives/$serviceAccount.spec.ts +61 -0
package/src/security/providers/SecurityProvider.spec.ts +350 -0
package/src/server/auth/providers/ServerAuthProvider.ts +0 -2
package/src/server/cache/providers/ServerCacheProvider.spec.ts +942 -0
package/src/server/compress/providers/ServerCompressProvider.spec.ts +31 -0
package/src/server/compress/providers/ServerCompressProvider.ts +2 -0
package/src/server/cookies/providers/ServerCookiesProvider.spec.ts +253 -0
package/src/server/core/__tests__/ServerRouterProvider-getRoutes.spec.ts +334 -0
package/src/server/core/__tests__/ServerRouterProvider-requestId.spec.ts +129 -0
package/src/server/core/primitives/$action.spec.ts +191 -0
package/src/server/core/primitives/$route.spec.ts +65 -0
package/src/server/core/providers/ServerBodyParserProvider.spec.ts +93 -0
package/src/server/core/providers/ServerLoggerProvider.spec.ts +100 -0
package/src/server/core/providers/ServerProvider.ts +3 -1
package/src/server/core/services/HttpClient.spec.ts +123 -0
package/src/server/core/services/UserAgentParser.spec.ts +111 -0
package/src/server/cors/providers/ServerCorsProvider.spec.ts +481 -0
package/src/server/health/providers/ServerHealthProvider.spec.ts +22 -0
package/src/server/helmet/providers/ServerHelmetProvider.spec.ts +105 -0
package/src/server/links/__tests__/$action.spec.ts +238 -0
package/src/server/links/__tests__/fixtures/CrudApp.ts +122 -0
package/src/server/links/__tests__/requestId.spec.ts +120 -0
package/src/server/links/primitives/$remote.spec.ts +228 -0
package/src/server/links/providers/LinkProvider.spec.ts +54 -0
package/src/server/links/providers/LinkProvider.ts +49 -3
package/src/server/links/providers/ServerLinksProvider.ts +1 -53
package/src/server/links/schemas/apiLinksResponseSchema.ts +7 -0
package/src/server/metrics/providers/ServerMetricsProvider.spec.ts +25 -0
package/src/server/multipart/providers/ServerMultipartProvider.spec.ts +528 -0
package/src/server/proxy/primitives/$proxy.spec.ts +87 -0
package/src/server/rate-limit/__tests__/ActionRateLimit.spec.ts +211 -0
package/src/server/rate-limit/providers/ServerRateLimitProvider.spec.ts +344 -0
package/src/server/security/__tests__/BasicAuth.spec.ts +684 -0
package/src/server/security/__tests__/ServerSecurityProvider-realm.spec.ts +388 -0
package/src/server/security/providers/ServerSecurityProvider.spec.ts +123 -0
package/src/server/static/primitives/$serve.spec.ts +193 -0
package/src/server/swagger/__tests__/ui.spec.ts +52 -0
package/src/server/swagger/primitives/$swagger.spec.ts +193 -0
package/src/server/swagger/providers/ServerSwaggerProvider.ts +18 -8
package/src/sms/primitives/$sms.spec.ts +165 -0
package/src/sms/providers/LocalSmsProvider.spec.ts +224 -0
package/src/sms/providers/MemorySmsProvider.spec.ts +193 -0
package/src/thread/primitives/$thread.spec.ts +186 -0
package/src/topic/core/__tests__/shared.ts +144 -0
package/src/topic/core/providers/MemoryTopicProvider.spec.ts +23 -0
package/src/topic/redis/providers/RedisTopicProvider.spec.ts +23 -0
package/src/vite/plugins/viteAlephaDev.ts +16 -4
package/src/vite/tasks/runAlepha.ts +7 -1
package/src/websocket/__tests__/$websocket-new.spec.ts +195 -0
package/src/websocket/primitives/$channel.spec.ts +30 -0
package/src/cli/commands/BiomeCommands.ts +0 -29

package/src/security/__tests__/bug-4-oauth2-validation.spec.ts ADDED Viewed

@@ -0,0 +1,439 @@
+import { Alepha } from "alepha";
+import { describe, expect, it, vi } from "vitest";
+import { $serviceAccount } from "../index.ts";
+/**
+ * Bug #4: Missing HTTP Response Validation in OAuth2 Service Account
+ *
+ * Issue: The OAuth2 token fetching code didn't:
+ * 1. Check HTTP response.ok or status codes
+ * 2. Handle JSON parsing errors
+ * 3. Handle network errors properly
+ * 4. Provide meaningful error messages
+ *
+ * Expected: All failure modes should throw clear errors instead of crashing.
+ */
+describe("Bug #4: Missing HTTP Response Validation in OAuth2", () => {
+  // Helper to create a service account within Alepha context
+  const createServiceAccount = (
+    url: string,
+    clientId: string,
+    clientSecret: string,
+    gracePeriod?: number,
+  ) => {
+    const alepha = Alepha.create();
+    class TestService {
+      serviceAccount = $serviceAccount({
+        oauth2: {
+          url,
+          clientId,
+          clientSecret,
+        },
+        gracePeriod,
+      });
+    }
+    const service = alepha.inject(TestService);
+    return service.serviceAccount;
+  };
+  // Helper to create a mock fetch response
+  const createMockResponse = (
+    status: number,
+    body: any,
+    options: { isJson?: boolean; throwOnJson?: boolean } = {},
+  ): Response => {
+    const { isJson = true, throwOnJson = false } = options;
+    return {
+      ok: status >= 200 && status < 300,
+      status,
+      statusText:
+        status === 200
+          ? "OK"
+          : status === 400
+            ? "Bad Request"
+            : status === 401
+              ? "Unauthorized"
+              : status === 500
+                ? "Internal Server Error"
+                : "Error",
+      json: async () => {
+        if (throwOnJson) {
+          throw new Error("Invalid JSON");
+        }
+        return isJson ? body : Promise.reject(new Error("Not JSON"));
+      },
+      text: async () =>
+        typeof body === "string" ? body : JSON.stringify(body),
+    } as Response;
+  };
+  it("should successfully fetch and cache token", async () => {
+    const mockToken = "mock-access-token";
+    const mockResponse = {
+      access_token: mockToken,
+      expires_in: 3600,
+      token_type: "Bearer",
+    };
+    (global as any).fetch = vi
+      .fn()
+      .mockResolvedValue(createMockResponse(200, mockResponse));
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "test-client",
+      "test-secret",
+    );
+    const token = await serviceAccount.token();
+    expect(token).toBe(mockToken);
+    // Verify fetch was called correctly
+    expect((global as any).fetch).toHaveBeenCalledWith(
+      "https://auth.example.com/token",
+      expect.objectContaining({
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded",
+        },
+        body: expect.any(URLSearchParams),
+      }),
+    );
+  });
+  it("should throw error on network failure", async () => {
+    (global as any).fetch = vi
+      .fn()
+      .mockRejectedValue(new Error("Network error"));
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "test-client",
+      "test-secret",
+    );
+    await expect(serviceAccount.token()).rejects.toThrow(
+      /Failed to fetch access token from.*Network error/,
+    );
+  });
+  it("should throw error on HTTP 400 Bad Request", async () => {
+    const errorBody = {
+      error: "invalid_request",
+      error_description: "Missing parameter",
+    };
+    (global as any).fetch = vi
+      .fn()
+      .mockResolvedValue(createMockResponse(400, errorBody));
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "test-client",
+      "test-secret",
+    );
+    await expect(serviceAccount.token()).rejects.toThrow(
+      /HTTP 400 Bad Request/,
+    );
+  });
+  it("should throw error on HTTP 401 Unauthorized", async () => {
+    const errorBody = { error: "invalid_client" };
+    (global as any).fetch = vi
+      .fn()
+      .mockResolvedValue(createMockResponse(401, errorBody));
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "wrong-client",
+      "wrong-secret",
+    );
+    await expect(serviceAccount.token()).rejects.toThrow(
+      /HTTP 401 Unauthorized/,
+    );
+  });
+  it("should throw error on HTTP 500 Internal Server Error", async () => {
+    (global as any).fetch = vi
+      .fn()
+      .mockResolvedValue(createMockResponse(500, "Internal Server Error"));
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "test-client",
+      "test-secret",
+    );
+    await expect(serviceAccount.token()).rejects.toThrow(
+      /HTTP 500 Internal Server Error/,
+    );
+  });
+  it("should throw error when response is not JSON", async () => {
+    (global as any).fetch = vi
+      .fn()
+      .mockResolvedValue(
+        createMockResponse(200, "Not a JSON response", { throwOnJson: true }),
+      );
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "test-client",
+      "test-secret",
+    );
+    await expect(serviceAccount.token()).rejects.toThrow(
+      /Failed to parse access token response as JSON/,
+    );
+  });
+  it("should throw error when response is missing access_token", async () => {
+    const invalidResponse = {
+      // Missing access_token
+      expires_in: 3600,
+      token_type: "Bearer",
+    };
+    (global as any).fetch = vi
+      .fn()
+      .mockResolvedValue(createMockResponse(200, invalidResponse));
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "test-client",
+      "test-secret",
+    );
+    await expect(serviceAccount.token()).rejects.toThrow(
+      /Invalid access token response: missing access_token or expires_in/,
+    );
+  });
+  it("should throw error when response is missing expires_in", async () => {
+    const invalidResponse = {
+      access_token: "token123",
+      // Missing expires_in
+      token_type: "Bearer",
+    };
+    (global as any).fetch = vi
+      .fn()
+      .mockResolvedValue(createMockResponse(200, invalidResponse));
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "test-client",
+      "test-secret",
+    );
+    await expect(serviceAccount.token()).rejects.toThrow(
+      /Invalid access token response: missing access_token or expires_in/,
+    );
+  });
+  it("should throw error when response has null access_token", async () => {
+    const invalidResponse = {
+      access_token: null,
+      expires_in: 3600,
+    };
+    (global as any).fetch = vi
+      .fn()
+      .mockResolvedValue(createMockResponse(200, invalidResponse));
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "test-client",
+      "test-secret",
+    );
+    await expect(serviceAccount.token()).rejects.toThrow(
+      /Invalid access token response: missing access_token or expires_in/,
+    );
+  });
+  it("should throw error when response has empty string access_token", async () => {
+    const invalidResponse = {
+      access_token: "",
+      expires_in: 3600,
+    };
+    (global as any).fetch = vi
+      .fn()
+      .mockResolvedValue(createMockResponse(200, invalidResponse));
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "test-client",
+      "test-secret",
+    );
+    await expect(serviceAccount.token()).rejects.toThrow(
+      /Invalid access token response: missing access_token or expires_in/,
+    );
+  });
+  it("should use cached token instead of fetching again", async () => {
+    const mockToken = "cached-token";
+    const mockResponse = {
+      access_token: mockToken,
+      expires_in: 3600,
+      token_type: "Bearer",
+    };
+    const fetchMock = vi
+      .fn()
+      .mockResolvedValue(createMockResponse(200, mockResponse));
+    (global as any).fetch = fetchMock;
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "test-client",
+      "test-secret",
+      30,
+    );
+    // First call should fetch
+    const token1 = await serviceAccount.token();
+    expect(token1).toBe(mockToken);
+    expect(fetchMock).toHaveBeenCalledTimes(1);
+    // Second call should use cache
+    const token2 = await serviceAccount.token();
+    expect(token2).toBe(mockToken);
+    expect(fetchMock).toHaveBeenCalledTimes(1); // Still 1, not called again
+  });
+  it("should include error body in error message for non-200 responses", async () => {
+    const errorBody = {
+      error: "invalid_scope",
+      error_description: "The requested scope is invalid",
+    };
+    (global as any).fetch = vi
+      .fn()
+      .mockResolvedValue(createMockResponse(400, errorBody));
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "test-client",
+      "test-secret",
+    );
+    try {
+      await serviceAccount.token();
+      expect.fail("Should have thrown");
+    } catch (error) {
+      expect(error).toBeInstanceOf(Error);
+      expect((error as Error).message).toContain("HTTP 400 Bad Request");
+      expect((error as Error).message).toContain("invalid_scope");
+    }
+  });
+  it("should handle HTML error responses gracefully", async () => {
+    const htmlError =
+      "<html><body><h1>500 Internal Server Error</h1></body></html>";
+    (global as any).fetch = vi
+      .fn()
+      .mockResolvedValue(
+        createMockResponse(500, htmlError, { throwOnJson: true }),
+      );
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "test-client",
+      "test-secret",
+    );
+    await expect(serviceAccount.token()).rejects.toThrow(/HTTP 500/);
+  });
+  it("should handle fetch timeout or abort", async () => {
+    (global as any).fetch = vi
+      .fn()
+      .mockRejectedValue(new Error("The operation was aborted"));
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "test-client",
+      "test-secret",
+    );
+    await expect(serviceAccount.token()).rejects.toThrow(
+      /Failed to fetch access token.*aborted/,
+    );
+  });
+  it("should handle DNS resolution failure", async () => {
+    (global as any).fetch = vi
+      .fn()
+      .mockRejectedValue(
+        new Error("getaddrinfo ENOTFOUND invalid-domain.example"),
+      );
+    const serviceAccount = createServiceAccount(
+      "https://invalid-domain.example/token",
+      "test-client",
+      "test-secret",
+    );
+    await expect(serviceAccount.token()).rejects.toThrow(/ENOTFOUND/);
+  });
+  it("should handle response with unexpected structure", async () => {
+    const weirdResponse = {
+      data: {
+        token: "nested-token",
+      },
+      // Missing top-level access_token
+    };
+    (global as any).fetch = vi
+      .fn()
+      .mockResolvedValue(createMockResponse(200, weirdResponse));
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "test-client",
+      "test-secret",
+    );
+    await expect(serviceAccount.token()).rejects.toThrow(
+      /Invalid access token response/,
+    );
+  });
+  it("should properly format URLSearchParams in request body", async () => {
+    const mockResponse = {
+      access_token: "token",
+      expires_in: 3600,
+    };
+    const fetchMock = vi
+      .fn()
+      .mockResolvedValue(createMockResponse(200, mockResponse));
+    (global as any).fetch = fetchMock;
+    const serviceAccount = createServiceAccount(
+      "https://auth.example.com/token",
+      "my-client-id",
+      "my-secret",
+    );
+    await serviceAccount.token();
+    const callArgs = fetchMock.mock.calls[0];
+    const body = callArgs[1].body as URLSearchParams;
+    expect(body.get("grant_type")).toBe("client_credentials");
+    expect(body.get("client_id")).toBe("my-client-id");
+    expect(body.get("client_secret")).toBe("my-secret");
+  });
+});