npm - alepha - Versions diffs - 0.14.2 → 0.14.4 - Mend

alepha 0.14.2 → 0.14.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (405) hide show

package/README.md +1 -1
package/dist/api/audits/index.browser.js +5 -5
package/dist/api/audits/index.browser.js.map +1 -1
package/dist/api/audits/index.d.ts +706 -785
package/dist/api/audits/index.d.ts.map +1 -1
package/dist/api/audits/index.js +13 -13
package/dist/api/audits/index.js.map +1 -1
package/dist/api/files/index.browser.js +5 -5
package/dist/api/files/index.browser.js.map +1 -1
package/dist/api/files/index.d.ts +58 -137
package/dist/api/files/index.d.ts.map +1 -1
package/dist/api/files/index.js +71 -71
package/dist/api/files/index.js.map +1 -1
package/dist/api/jobs/index.browser.js +5 -5
package/dist/api/jobs/index.browser.js.map +1 -1
package/dist/api/jobs/index.d.ts +29 -108
package/dist/api/jobs/index.d.ts.map +1 -1
package/dist/api/jobs/index.js +10 -10
package/dist/api/jobs/index.js.map +1 -1
package/dist/api/notifications/index.browser.js +10 -10
package/dist/api/notifications/index.browser.js.map +1 -1
package/dist/api/notifications/index.d.ts +504 -171
package/dist/api/notifications/index.d.ts.map +1 -1
package/dist/api/notifications/index.js +12 -12
package/dist/api/notifications/index.js.map +1 -1
package/dist/api/parameters/index.browser.js +163 -10
package/dist/api/parameters/index.browser.js.map +1 -1
package/dist/api/parameters/index.d.ts +277 -351
package/dist/api/parameters/index.d.ts.map +1 -1
package/dist/api/parameters/index.js +196 -91
package/dist/api/parameters/index.js.map +1 -1
package/dist/api/users/index.browser.js +19 -19
package/dist/api/users/index.browser.js.map +1 -1
package/dist/api/users/index.d.ts +787 -852
package/dist/api/users/index.d.ts.map +1 -1
package/dist/api/users/index.js +827 -596
package/dist/api/users/index.js.map +1 -1
package/dist/api/verifications/index.browser.js +6 -6
package/dist/api/verifications/index.browser.js.map +1 -1
package/dist/api/verifications/index.d.ts +128 -128
package/dist/api/verifications/index.d.ts.map +1 -1
package/dist/api/verifications/index.js +6 -6
package/dist/api/verifications/index.js.map +1 -1
package/dist/bin/index.d.ts +1 -2
package/dist/bin/index.js +0 -1
package/dist/bin/index.js.map +1 -1
package/dist/cli/index.d.ts +252 -131
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +595 -395
package/dist/cli/index.js.map +1 -1
package/dist/command/index.d.ts +46 -11
package/dist/command/index.d.ts.map +1 -1
package/dist/command/index.js +99 -19
package/dist/command/index.js.map +1 -1
package/dist/core/index.browser.js +40 -22
package/dist/core/index.browser.js.map +1 -1
package/dist/core/index.d.ts +45 -1
package/dist/core/index.d.ts.map +1 -1
package/dist/core/index.js +40 -22
package/dist/core/index.js.map +1 -1
package/dist/core/index.native.js +40 -22
package/dist/core/index.native.js.map +1 -1
package/dist/fake/index.js +195 -168
package/dist/fake/index.js.map +1 -1
package/dist/file/index.d.ts +8 -0
package/dist/file/index.d.ts.map +1 -1
package/dist/file/index.js +3 -0
package/dist/file/index.js.map +1 -1
package/dist/logger/index.d.ts +1 -1
package/dist/logger/index.d.ts.map +1 -1
package/dist/logger/index.js +12 -2
package/dist/logger/index.js.map +1 -1
package/dist/mcp/index.js +1 -1
package/dist/mcp/index.js.map +1 -1
package/dist/orm/index.d.ts +59 -195
package/dist/orm/index.d.ts.map +1 -1
package/dist/orm/index.js +201 -430
package/dist/orm/index.js.map +1 -1
package/dist/security/index.d.ts +1 -1
package/dist/security/index.d.ts.map +1 -1
package/dist/security/index.js +1 -1
package/dist/security/index.js.map +1 -1
package/dist/server/auth/index.d.ts +171 -155
package/dist/server/auth/index.d.ts.map +1 -1
package/dist/server/auth/index.js +0 -1
package/dist/server/auth/index.js.map +1 -1
package/dist/server/cache/index.d.ts +12 -0
package/dist/server/cache/index.d.ts.map +1 -1
package/dist/server/cache/index.js +55 -2
package/dist/server/cache/index.js.map +1 -1
package/dist/server/compress/index.d.ts +6 -0
package/dist/server/compress/index.d.ts.map +1 -1
package/dist/server/compress/index.js +38 -1
package/dist/server/compress/index.js.map +1 -1
package/dist/server/core/index.browser.js +2 -2
package/dist/server/core/index.browser.js.map +1 -1
package/dist/server/core/index.d.ts +10 -10
package/dist/server/core/index.d.ts.map +1 -1
package/dist/server/core/index.js +7 -4
package/dist/server/core/index.js.map +1 -1
package/dist/server/links/index.browser.js +22 -6
package/dist/server/links/index.browser.js.map +1 -1
package/dist/server/links/index.d.ts +46 -44
package/dist/server/links/index.d.ts.map +1 -1
package/dist/server/links/index.js +24 -41
package/dist/server/links/index.js.map +1 -1
package/dist/server/static/index.d.ts.map +1 -1
package/dist/server/static/index.js +4 -0
package/dist/server/static/index.js.map +1 -1
package/dist/server/swagger/index.d.ts +2 -1
package/dist/server/swagger/index.d.ts.map +1 -1
package/dist/server/swagger/index.js +9 -5
package/dist/server/swagger/index.js.map +1 -1
package/dist/vite/index.d.ts +101 -106
package/dist/vite/index.d.ts.map +1 -1
package/dist/vite/index.js +574 -503
package/dist/vite/index.js.map +1 -1
package/dist/websocket/index.d.ts +7 -7
package/package.json +7 -7
package/src/api/audits/controllers/{AuditController.ts → AdminAuditController.ts} +5 -6
package/src/api/audits/entities/audits.ts +5 -5
package/src/api/audits/index.browser.ts +1 -1
package/src/api/audits/index.ts +3 -3
package/src/api/audits/primitives/$audit.spec.ts +276 -0
package/src/api/audits/services/AuditService.spec.ts +495 -0
package/src/api/files/__tests__/$bucket.spec.ts +91 -0
package/src/api/files/controllers/AdminFileStatsController.spec.ts +166 -0
package/src/api/files/controllers/{StorageStatsController.ts → AdminFileStatsController.ts} +2 -2
package/src/api/files/controllers/FileController.spec.ts +558 -0
package/src/api/files/controllers/FileController.ts +4 -5
package/src/api/files/entities/files.ts +5 -5
package/src/api/files/index.browser.ts +1 -1
package/src/api/files/index.ts +4 -4
package/src/api/files/jobs/FileJobs.spec.ts +52 -0
package/src/api/files/services/FileService.spec.ts +109 -0
package/src/api/jobs/__tests__/JobController.spec.ts +343 -0
package/src/api/jobs/controllers/{JobController.ts → AdminJobController.ts} +2 -2
package/src/api/jobs/entities/jobExecutions.ts +5 -5
package/src/api/jobs/index.ts +3 -3
package/src/api/jobs/primitives/$job.spec.ts +476 -0
package/src/api/notifications/controllers/{NotificationController.ts → AdminNotificationController.ts} +4 -5
package/src/api/notifications/entities/notifications.ts +5 -5
package/src/api/notifications/index.browser.ts +1 -1
package/src/api/notifications/index.ts +4 -4
package/src/api/parameters/controllers/{ConfigController.ts → AdminConfigController.ts} +46 -107
package/src/api/parameters/entities/parameters.ts +7 -17
package/src/api/parameters/index.ts +3 -3
package/src/api/parameters/primitives/$config.spec.ts +356 -0
package/src/api/parameters/schemas/activateConfigBodySchema.ts +12 -0
package/src/api/parameters/schemas/checkScheduledResponseSchema.ts +8 -0
package/src/api/parameters/schemas/configCurrentResponseSchema.ts +13 -0
package/src/api/parameters/schemas/configHistoryResponseSchema.ts +9 -0
package/src/api/parameters/schemas/configNameParamSchema.ts +10 -0
package/src/api/parameters/schemas/configNamesResponseSchema.ts +8 -0
package/src/api/parameters/schemas/configTreeNodeSchema.ts +13 -0
package/src/api/parameters/schemas/configVersionParamSchema.ts +9 -0
package/src/api/parameters/schemas/configVersionResponseSchema.ts +9 -0
package/src/api/parameters/schemas/configsByStatusResponseSchema.ts +9 -0
package/src/api/parameters/schemas/createConfigVersionBodySchema.ts +24 -0
package/src/api/parameters/schemas/index.ts +15 -0
package/src/api/parameters/schemas/parameterResponseSchema.ts +26 -0
package/src/api/parameters/schemas/parameterStatusSchema.ts +13 -0
package/src/api/parameters/schemas/rollbackConfigBodySchema.ts +15 -0
package/src/api/parameters/schemas/statusParamSchema.ts +9 -0
package/src/api/users/__tests__/EmailVerification.spec.ts +369 -0
package/src/api/users/__tests__/PasswordReset.spec.ts +550 -0
package/src/api/users/controllers/AdminIdentityController.spec.ts +365 -0
package/src/api/users/controllers/{IdentityController.ts → AdminIdentityController.ts} +3 -4
package/src/api/users/controllers/AdminSessionController.spec.ts +274 -0
package/src/api/users/controllers/{SessionController.ts → AdminSessionController.ts} +3 -4
package/src/api/users/controllers/AdminUserController.spec.ts +372 -0
package/src/api/users/controllers/AdminUserController.ts +116 -0
package/src/api/users/controllers/UserController.ts +4 -107
package/src/api/users/controllers/UserRealmController.ts +3 -0
package/src/api/users/entities/identities.ts +6 -6
package/src/api/users/entities/sessions.ts +6 -6
package/src/api/users/entities/users.ts +9 -9
package/src/api/users/index.ts +9 -6
package/src/api/users/primitives/$userRealm.ts +13 -8
package/src/api/users/services/CredentialService.spec.ts +509 -0
package/src/api/users/services/CredentialService.ts +46 -0
package/src/api/users/services/IdentityService.ts +15 -0
package/src/api/users/services/RegistrationService.spec.ts +630 -0
package/src/api/users/services/RegistrationService.ts +18 -0
package/src/api/users/services/SessionService.spec.ts +301 -0
package/src/api/users/services/SessionService.ts +110 -1
package/src/api/users/services/UserService.ts +67 -2
package/src/api/verifications/__tests__/CodeVerification.spec.ts +318 -0
package/src/api/verifications/__tests__/LinkVerification.spec.ts +279 -0
package/src/api/verifications/entities/verifications.ts +6 -6
package/src/api/verifications/jobs/VerificationJobs.spec.ts +50 -0
package/src/batch/__tests__/startup-buffering.spec.ts +458 -0
package/src/batch/primitives/$batch.spec.ts +766 -0
package/src/batch/providers/BatchProvider.spec.ts +786 -0
package/src/bin/index.ts +0 -1
package/src/bucket/__tests__/shared.ts +194 -0
package/src/bucket/primitives/$bucket.spec.ts +104 -0
package/src/bucket/providers/FileStorageProvider.spec.ts +13 -0
package/src/bucket/providers/LocalFileStorageProvider.spec.ts +77 -0
package/src/bucket/providers/MemoryFileStorageProvider.spec.ts +82 -0
package/src/cache/core/__tests__/shared.ts +377 -0
package/src/cache/core/primitives/$cache.spec.ts +111 -0
package/src/cache/redis/__tests__/cache-redis.spec.ts +70 -0
package/src/cli/apps/AlephaCli.ts +25 -6
package/src/cli/atoms/buildOptions.ts +88 -0
package/src/cli/commands/build.ts +32 -69
package/src/cli/commands/db.ts +0 -4
package/src/cli/commands/dev.ts +34 -10
package/src/cli/commands/gen/changelog.spec.ts +315 -0
package/src/cli/commands/{changelog.ts → gen/changelog.ts} +9 -9
package/src/cli/commands/gen/env.ts +53 -0
package/src/cli/commands/gen/openapi.ts +71 -0
package/src/cli/commands/gen/resource.ts +15 -0
package/src/cli/commands/gen.ts +24 -0
package/src/cli/commands/init.ts +2 -1
package/src/cli/commands/root.ts +12 -3
package/src/cli/commands/test.ts +0 -1
package/src/cli/commands/typecheck.ts +5 -0
package/src/cli/commands/verify.ts +1 -1
package/src/cli/defineConfig.ts +49 -7
package/src/cli/index.ts +2 -2
package/src/cli/services/AlephaCliUtils.ts +105 -55
package/src/cli/services/GitMessageParser.ts +1 -1
package/src/command/helpers/Asker.spec.ts +127 -0
package/src/command/helpers/Runner.spec.ts +126 -0
package/src/command/helpers/Runner.ts +1 -1
package/src/command/primitives/$command.spec.ts +1588 -0
package/src/command/primitives/$command.ts +0 -6
package/src/command/providers/CliProvider.ts +75 -27
package/src/core/Alepha.ts +87 -0
package/src/core/__tests__/Alepha-emit.spec.ts +22 -0
package/src/core/__tests__/Alepha-graph.spec.ts +93 -0
package/src/core/__tests__/Alepha-has.spec.ts +41 -0
package/src/core/__tests__/Alepha-inject.spec.ts +93 -0
package/src/core/__tests__/Alepha-register.spec.ts +81 -0
package/src/core/__tests__/Alepha-start.spec.ts +176 -0
package/src/core/__tests__/Alepha-with.spec.ts +14 -0
package/src/core/__tests__/TypeBox-usecases.spec.ts +35 -0
package/src/core/__tests__/TypeBoxLocale.spec.ts +15 -0
package/src/core/__tests__/descriptor.spec.ts +34 -0
package/src/core/__tests__/fixtures/A.ts +5 -0
package/src/core/__tests__/pagination.spec.ts +77 -0
package/src/core/helpers/jsonSchemaToTypeBox.ts +2 -2
package/src/core/primitives/$atom.spec.ts +43 -0
package/src/core/primitives/$hook.spec.ts +130 -0
package/src/core/primitives/$inject.spec.ts +175 -0
package/src/core/primitives/$module.spec.ts +115 -0
package/src/core/providers/CodecManager.spec.ts +740 -0
package/src/core/providers/EventManager.spec.ts +762 -0
package/src/core/providers/EventManager.ts +4 -0
package/src/core/providers/StateManager.spec.ts +365 -0
package/src/core/providers/TypeProvider.spec.ts +1607 -0
package/src/core/providers/TypeProvider.ts +20 -26
package/src/datetime/primitives/$interval.spec.ts +103 -0
package/src/datetime/providers/DateTimeProvider.spec.ts +86 -0
package/src/email/primitives/$email.spec.ts +175 -0
package/src/email/providers/LocalEmailProvider.spec.ts +341 -0
package/src/fake/__tests__/keyName.example.ts +40 -0
package/src/fake/__tests__/keyName.spec.ts +152 -0
package/src/fake/__tests__/module.example.ts +32 -0
package/src/fake/providers/FakeProvider.spec.ts +438 -0
package/src/file/providers/FileSystemProvider.ts +8 -0
package/src/file/providers/NodeFileSystemProvider.spec.ts +418 -0
package/src/file/providers/NodeFileSystemProvider.ts +5 -0
package/src/file/services/FileDetector.spec.ts +591 -0
package/src/lock/core/__tests__/shared.ts +190 -0
package/src/lock/core/providers/MemoryLockProvider.spec.ts +25 -0
package/src/lock/redis/providers/RedisLockProvider.spec.ts +25 -0
package/src/logger/__tests__/SimpleFormatterProvider.spec.ts +109 -0
package/src/logger/index.ts +15 -3
package/src/logger/primitives/$logger.spec.ts +108 -0
package/src/logger/services/Logger.spec.ts +295 -0
package/src/mcp/__tests__/errors.spec.ts +175 -0
package/src/mcp/__tests__/integration.spec.ts +450 -0
package/src/mcp/helpers/jsonrpc.spec.ts +380 -0
package/src/mcp/primitives/$prompt.spec.ts +468 -0
package/src/mcp/primitives/$resource.spec.ts +390 -0
package/src/mcp/primitives/$tool.spec.ts +406 -0
package/src/mcp/providers/McpServerProvider.spec.ts +797 -0
package/src/mcp/transports/StdioMcpTransport.ts +1 -1
package/src/orm/__tests__/$repository-crud.spec.ts +276 -0
package/src/orm/__tests__/$repository-hooks.spec.ts +325 -0
package/src/orm/__tests__/$repository-orderBy.spec.ts +128 -0
package/src/orm/__tests__/$repository-pagination-sort.spec.ts +149 -0
package/src/orm/__tests__/$repository-save.spec.ts +37 -0
package/src/orm/__tests__/ModelBuilder-integration.spec.ts +490 -0
package/src/orm/__tests__/ModelBuilder-types.spec.ts +186 -0
package/src/orm/__tests__/PostgresProvider.spec.ts +46 -0
package/src/orm/__tests__/delete-returning.spec.ts +256 -0
package/src/orm/__tests__/deletedAt.spec.ts +80 -0
package/src/orm/__tests__/enums.spec.ts +315 -0
package/src/orm/__tests__/execute.spec.ts +72 -0
package/src/orm/__tests__/fixtures/bigEntitySchema.ts +65 -0
package/src/orm/__tests__/fixtures/userEntitySchema.ts +27 -0
package/src/orm/__tests__/joins.spec.ts +1114 -0
package/src/orm/__tests__/page.spec.ts +287 -0
package/src/orm/__tests__/primaryKey.spec.ts +87 -0
package/src/orm/__tests__/query-date-encoding.spec.ts +402 -0
package/src/orm/__tests__/ref-auto-onDelete.spec.ts +156 -0
package/src/orm/__tests__/references.spec.ts +102 -0
package/src/orm/__tests__/security.spec.ts +710 -0
package/src/orm/__tests__/sqlite.spec.ts +111 -0
package/src/orm/__tests__/string-operators.spec.ts +429 -0
package/src/orm/__tests__/timestamps.spec.ts +388 -0
package/src/orm/__tests__/validation.spec.ts +183 -0
package/src/orm/__tests__/version.spec.ts +64 -0
package/src/orm/helpers/parseQueryString.spec.ts +196 -0
package/src/orm/index.ts +2 -8
package/src/orm/primitives/$repository.spec.ts +137 -0
package/src/orm/primitives/$sequence.spec.ts +29 -0
package/src/orm/primitives/$transaction.spec.ts +82 -0
package/src/orm/providers/drivers/BunPostgresProvider.ts +3 -3
package/src/orm/providers/drivers/BunSqliteProvider.ts +1 -1
package/src/orm/providers/drivers/CloudflareD1Provider.ts +1 -1
package/src/orm/providers/drivers/DatabaseProvider.ts +1 -1
package/src/orm/providers/drivers/NodePostgresProvider.ts +3 -3
package/src/orm/providers/drivers/NodeSqliteProvider.ts +1 -1
package/src/orm/providers/drivers/PglitePostgresProvider.ts +2 -2
package/src/orm/services/ModelBuilder.spec.ts +575 -0
package/src/orm/services/Repository.spec.ts +137 -0
package/src/queue/core/__tests__/shared.ts +143 -0
package/src/queue/core/providers/MemoryQueueProvider.spec.ts +23 -0
package/src/queue/core/providers/WorkerProvider.spec.ts +394 -0
package/src/queue/redis/providers/RedisQueueProvider.spec.ts +23 -0
package/src/redis/__tests__/redis.spec.ts +58 -0
package/src/retry/primitives/$retry.spec.ts +234 -0
package/src/retry/providers/RetryProvider.spec.ts +438 -0
package/src/router/__tests__/match.spec.ts +252 -0
package/src/router/providers/RouterProvider.spec.ts +197 -0
package/src/scheduler/__tests__/$scheduler-cron.spec.ts +25 -0
package/src/scheduler/__tests__/$scheduler-interval.spec.ts +25 -0
package/src/scheduler/__tests__/shared.ts +77 -0
package/src/security/__tests__/bug-1-wildcard-after-start.spec.ts +229 -0
package/src/security/__tests__/bug-2-password-validation.spec.ts +245 -0
package/src/security/__tests__/bug-3-regex-vulnerability.spec.ts +407 -0
package/src/security/__tests__/bug-4-oauth2-validation.spec.ts +439 -0
package/src/security/__tests__/multi-layer-permissions.spec.ts +522 -0
package/src/security/primitives/$permission.spec.ts +30 -0
package/src/security/primitives/$permission.ts +2 -2
package/src/security/primitives/$realm.spec.ts +101 -0
package/src/security/primitives/$role.spec.ts +52 -0
package/src/security/primitives/$serviceAccount.spec.ts +61 -0
package/src/security/providers/SecurityProvider.spec.ts +350 -0
package/src/server/auth/providers/ServerAuthProvider.ts +0 -2
package/src/server/cache/providers/ServerCacheProvider.spec.ts +1125 -0
package/src/server/cache/providers/ServerCacheProvider.ts +94 -9
package/src/server/compress/providers/ServerCompressProvider.spec.ts +31 -0
package/src/server/compress/providers/ServerCompressProvider.ts +63 -2
package/src/server/cookies/providers/ServerCookiesProvider.spec.ts +253 -0
package/src/server/core/__tests__/ServerRouterProvider-getRoutes.spec.ts +334 -0
package/src/server/core/__tests__/ServerRouterProvider-requestId.spec.ts +129 -0
package/src/server/core/helpers/ServerReply.ts +2 -2
package/src/server/core/primitives/$action.spec.ts +191 -0
package/src/server/core/primitives/$route.spec.ts +65 -0
package/src/server/core/providers/ServerBodyParserProvider.spec.ts +93 -0
package/src/server/core/providers/ServerLoggerProvider.spec.ts +100 -0
package/src/server/core/providers/ServerProvider.ts +14 -2
package/src/server/core/services/HttpClient.spec.ts +123 -0
package/src/server/core/services/UserAgentParser.spec.ts +111 -0
package/src/server/cors/providers/ServerCorsProvider.spec.ts +481 -0
package/src/server/health/providers/ServerHealthProvider.spec.ts +22 -0
package/src/server/helmet/providers/ServerHelmetProvider.spec.ts +105 -0
package/src/server/links/__tests__/$action.spec.ts +238 -0
package/src/server/links/__tests__/fixtures/CrudApp.ts +122 -0
package/src/server/links/__tests__/requestId.spec.ts +120 -0
package/src/server/links/primitives/$remote.spec.ts +228 -0
package/src/server/links/providers/LinkProvider.spec.ts +54 -0
package/src/server/links/providers/LinkProvider.ts +49 -3
package/src/server/links/providers/ServerLinksProvider.ts +1 -53
package/src/server/links/schemas/apiLinksResponseSchema.ts +7 -0
package/src/server/metrics/providers/ServerMetricsProvider.spec.ts +25 -0
package/src/server/multipart/providers/ServerMultipartProvider.spec.ts +528 -0
package/src/server/proxy/primitives/$proxy.spec.ts +87 -0
package/src/server/rate-limit/__tests__/ActionRateLimit.spec.ts +211 -0
package/src/server/rate-limit/providers/ServerRateLimitProvider.spec.ts +344 -0
package/src/server/security/__tests__/BasicAuth.spec.ts +684 -0
package/src/server/security/__tests__/ServerSecurityProvider-realm.spec.ts +388 -0
package/src/server/security/providers/ServerSecurityProvider.spec.ts +123 -0
package/src/server/static/primitives/$serve.spec.ts +193 -0
package/src/server/static/providers/ServerStaticProvider.ts +10 -0
package/src/server/swagger/__tests__/ui.spec.ts +52 -0
package/src/server/swagger/primitives/$swagger.spec.ts +193 -0
package/src/server/swagger/providers/ServerSwaggerProvider.ts +19 -12
package/src/sms/primitives/$sms.spec.ts +165 -0
package/src/sms/providers/LocalSmsProvider.spec.ts +224 -0
package/src/sms/providers/MemorySmsProvider.spec.ts +193 -0
package/src/thread/primitives/$thread.spec.ts +186 -0
package/src/topic/core/__tests__/shared.ts +144 -0
package/src/topic/core/providers/MemoryTopicProvider.spec.ts +23 -0
package/src/topic/redis/providers/RedisTopicProvider.spec.ts +23 -0
package/src/vite/helpers/importViteReact.ts +13 -0
package/src/vite/index.ts +1 -21
package/src/vite/plugins/viteAlephaDev.ts +32 -5
package/src/vite/plugins/viteAlephaSsrPreload.ts +222 -0
package/src/vite/tasks/buildClient.ts +11 -0
package/src/vite/tasks/buildServer.ts +47 -3
package/src/vite/tasks/devServer.ts +69 -0
package/src/vite/tasks/index.ts +2 -1
package/src/vite/tasks/runAlepha.ts +7 -1
package/src/websocket/__tests__/$websocket-new.spec.ts +195 -0
package/src/websocket/primitives/$channel.spec.ts +30 -0
package/src/cli/assets/viteConfigTs.ts +0 -14
package/src/cli/commands/run.ts +0 -24
package/src/vite/plugins/viteAlepha.ts +0 -37
package/src/vite/plugins/viteAlephaBuild.ts +0 -281

package/src/security/__tests__/bug-1-wildcard-after-start.spec.ts ADDED Viewed

@@ -0,0 +1,229 @@
+import { Alepha } from "alepha";
+import { describe, expect, it } from "vitest";
+import { SecurityError, SecurityProvider } from "../index.ts";
+/**
+ * Bug #1: Multi-layer Wildcard Permission Validation Fails After App Start
+ *
+ * Issue: When creating roles with multi-layer wildcard permissions (e.g., "admin:api:*")
+ * after app.start(), the validation logic only checked if parts[1] === "*", which fails
+ * for deeper wildcards.
+ *
+ * Expected: Multi-layer wildcards should be validated correctly by checking if any
+ * permission exists with the matching group prefix.
+ */
+describe("Bug #1: Multi-layer Wildcard Permission Validation After App Start", () => {
+  it("should allow creating role with 2-layer wildcard after app start", async () => {
+    const app = Alepha.create();
+    const sec = app.inject(SecurityProvider);
+    sec.createPermission("hello:hey");
+    sec.createPermission("hello:ho");
+    await app.start();
+    // This should work - 2-layer wildcard with existing permissions
+    expect(() =>
+      sec.createRole({
+        name: "superuser",
+        permissions: [{ name: "hello:*" }],
+      }),
+    ).not.toThrow();
+    expect(sec.can("superuser", "hello:hey")).toEqual(true);
+    expect(sec.can("superuser", "hello:ho")).toEqual(true);
+  });
+  it("should allow creating role with 3-layer wildcard after app start", async () => {
+    const app = Alepha.create();
+    const sec = app.inject(SecurityProvider);
+    sec.createPermission("admin:api:users");
+    sec.createPermission("admin:api:posts");
+    await app.start();
+    // This is the bug - should work but previously failed
+    expect(() =>
+      sec.createRole({
+        name: "api-admin",
+        permissions: [{ name: "admin:api:*" }],
+      }),
+    ).not.toThrow();
+    expect(sec.can("api-admin", "admin:api:users")).toEqual(true);
+    expect(sec.can("api-admin", "admin:api:posts")).toEqual(true);
+  });
+  it("should allow creating role with 4-layer wildcard after app start", async () => {
+    const app = Alepha.create();
+    const sec = app.inject(SecurityProvider);
+    sec.createPermission("admin:api:v1:users");
+    sec.createPermission("admin:api:v1:posts");
+    await app.start();
+    // Deep wildcard should work
+    expect(() =>
+      sec.createRole({
+        name: "api-v1-admin",
+        permissions: [{ name: "admin:api:v1:*" }],
+      }),
+    ).not.toThrow();
+    expect(sec.can("api-v1-admin", "admin:api:v1:users")).toEqual(true);
+    expect(sec.can("api-v1-admin", "admin:api:v1:posts")).toEqual(true);
+  });
+  it("should allow wildcard that matches nested groups", async () => {
+    const app = Alepha.create();
+    const sec = app.inject(SecurityProvider);
+    // Create permissions with different nesting levels under same prefix
+    sec.createPermission("admin:api:users:read");
+    sec.createPermission("admin:api:users:write");
+    sec.createPermission("admin:api:posts:delete");
+    await app.start();
+    // Wildcard at intermediate level should work
+    expect(() =>
+      sec.createRole({
+        name: "api-manager",
+        permissions: [{ name: "admin:api:*" }],
+      }),
+    ).not.toThrow();
+    expect(sec.can("api-manager", "admin:api:users:read")).toEqual(true);
+    expect(sec.can("api-manager", "admin:api:users:write")).toEqual(true);
+    expect(sec.can("api-manager", "admin:api:posts:delete")).toEqual(true);
+  });
+  it("should reject wildcard when no matching permissions exist", async () => {
+    const app = Alepha.create();
+    const sec = app.inject(SecurityProvider);
+    sec.createPermission("hello:hey");
+    await app.start();
+    // This should fail - no permissions match "admin:*"
+    expect(() =>
+      sec.createRole({
+        name: "admin",
+        permissions: [{ name: "admin:*" }],
+      }),
+    ).toThrow(SecurityError);
+    expect(() =>
+      sec.createRole({
+        name: "admin-api",
+        permissions: [{ name: "admin:api:*" }],
+      }),
+    ).toThrow(SecurityError);
+  });
+  it("should allow global wildcard after app start", async () => {
+    const app = Alepha.create();
+    const sec = app.inject(SecurityProvider);
+    sec.createPermission("anything");
+    await app.start();
+    // Global wildcard should always work
+    expect(() =>
+      sec.createRole({
+        name: "admin",
+        permissions: [{ name: "*" }],
+      }),
+    ).not.toThrow();
+    expect(sec.can("admin", "anything")).toEqual(true);
+  });
+  it("should allow exact permission match after app start", async () => {
+    const app = Alepha.create();
+    const sec = app.inject(SecurityProvider);
+    sec.createPermission("admin:api:users:read");
+    await app.start();
+    // Exact permission should work
+    expect(() =>
+      sec.createRole({
+        name: "reader",
+        permissions: [{ name: "admin:api:users:read" }],
+      }),
+    ).not.toThrow();
+    expect(sec.can("reader", "admin:api:users:read")).toEqual(true);
+  });
+  it("should reject exact permission when it doesn't exist", async () => {
+    const app = Alepha.create();
+    const sec = app.inject(SecurityProvider);
+    sec.createPermission("hello:hey");
+    await app.start();
+    // Non-existent exact permission should fail
+    expect(() =>
+      sec.createRole({
+        name: "user",
+        permissions: [{ name: "admin:api:users:read" }],
+      }),
+    ).toThrow(SecurityError);
+  });
+  it("should handle mixed wildcards and exact permissions", async () => {
+    const app = Alepha.create();
+    const sec = app.inject(SecurityProvider);
+    sec.createPermission("admin:api:users:read");
+    sec.createPermission("admin:api:posts:write");
+    sec.createPermission("public:read");
+    await app.start();
+    // Mix of wildcard and exact should work if all exist
+    expect(() =>
+      sec.createRole({
+        name: "mixed",
+        permissions: [
+          { name: "admin:api:*" }, // wildcard - should match
+          { name: "public:read" }, // exact - exists
+        ],
+      }),
+    ).not.toThrow();
+    expect(sec.can("mixed", "admin:api:users:read")).toEqual(true);
+    expect(sec.can("mixed", "public:read")).toEqual(true);
+  });
+  it("should handle wildcard at exact group level", async () => {
+    const app = Alepha.create();
+    const sec = app.inject(SecurityProvider);
+    // Permission with exact group "admin:api"
+    sec.createPermission({ group: "admin:api", name: "execute" });
+    // Permission with nested group "admin:api:users"
+    sec.createPermission({ group: "admin:api:users", name: "read" });
+    await app.start();
+    // Wildcard "admin:api:*" should match both
+    expect(() =>
+      sec.createRole({
+        name: "api-all",
+        permissions: [{ name: "admin:api:*" }],
+      }),
+    ).not.toThrow();
+    expect(sec.can("api-all", "admin:api:execute")).toEqual(true);
+    expect(sec.can("api-all", "admin:api:users:read")).toEqual(true);
+  });
+});

package/src/security/__tests__/bug-2-password-validation.spec.ts ADDED Viewed

@@ -0,0 +1,245 @@
+import { Alepha } from "alepha";
+import { describe, expect, it } from "vitest";
+import { CryptoProvider } from "../index.ts";
+/**
+ * Bug #2: Password Verification Missing Input Validation
+ *
+ * Issue: The verifyPassword method didn't validate input format before processing,
+ * leading to crashes when:
+ * - stored hash is malformed (missing colon, wrong format)
+ * - stored hash has incorrect length
+ * - timingSafeEqual throws when buffer lengths differ
+ *
+ * Expected: All invalid inputs should return false gracefully instead of throwing.
+ */
+describe("Bug #2: Password Verification Missing Input Validation", () => {
+  it("should verify valid password correctly", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    const password = "mySecurePassword123!";
+    const hashed = await crypto.hashPassword(password);
+    const isValid = await crypto.verifyPassword(password, hashed);
+    expect(isValid).toBe(true);
+    const isInvalid = await crypto.verifyPassword("wrongPassword", hashed);
+    expect(isInvalid).toBe(false);
+  });
+  it("should return false for malformed hash with no colon", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    const malformed = "notavalidhashwithoutcolon";
+    // Should not throw, should return false
+    const result = await crypto.verifyPassword("password", malformed);
+    expect(result).toBe(false);
+  });
+  it("should return false for hash with multiple colons", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    const malformed = "salt:hash:extra";
+    const result = await crypto.verifyPassword("password", malformed);
+    expect(result).toBe(false);
+  });
+  it("should return false for empty string", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    const result = await crypto.verifyPassword("password", "");
+    expect(result).toBe(false);
+  });
+  it("should return false for hash with empty salt", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    const malformed = ":somehashvalue";
+    const result = await crypto.verifyPassword("password", malformed);
+    expect(result).toBe(false);
+  });
+  it("should return false for hash with empty hash value", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    const malformed = "somesalt:";
+    const result = await crypto.verifyPassword("password", malformed);
+    expect(result).toBe(false);
+  });
+  it("should return false for just a colon", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    const malformed = ":";
+    const result = await crypto.verifyPassword("password", malformed);
+    expect(result).toBe(false);
+  });
+  it("should return false for invalid hex in hash portion", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    // Valid salt, but hash contains non-hex characters
+    const malformed = "validSalt123:notHexChars!@#";
+    const result = await crypto.verifyPassword("password", malformed);
+    expect(result).toBe(false);
+  });
+  it("should return false for odd-length hex string", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    // Hex strings must have even length (2 chars per byte)
+    const malformed = "salt:abc"; // 3 chars, odd
+    const result = await crypto.verifyPassword("password", malformed);
+    expect(result).toBe(false);
+  });
+  it("should return false for hash with wrong length", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    // Valid hex, but wrong length (scrypt produces 64 bytes = 128 hex chars)
+    const malformed = "salt:abcd"; // Only 4 hex chars = 2 bytes
+    const result = await crypto.verifyPassword("password", malformed);
+    expect(result).toBe(false);
+  });
+  it("should return false for corrupted but well-formed hash", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    const password = "testPassword";
+    const hashed = await crypto.hashPassword(password);
+    // Corrupt the hash by changing one character
+    const removedChar = hashed.slice(-1);
+    const corrupted = hashed.slice(0, -1) + (removedChar === "0" ? "1" : "0");
+    const result = await crypto.verifyPassword(password, corrupted);
+    expect(result).toBe(false);
+  });
+  it("should return false for null or undefined input", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    // @ts-expect-error - testing runtime behavior
+    const resultNull = await crypto.verifyPassword("password", null);
+    expect(resultNull).toBe(false);
+    // @ts-expect-error - testing runtime behavior
+    const resultUndefined = await crypto.verifyPassword("password", undefined);
+    expect(resultUndefined).toBe(false);
+  });
+  it("should return false for non-string input", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    // @ts-expect-error - testing runtime behavior
+    const resultNumber = await crypto.verifyPassword("password", 12345);
+    expect(resultNumber).toBe(false);
+    // @ts-expect-error - testing runtime behavior
+    const resultObject = await crypto.verifyPassword("password", {
+      hash: "test",
+    });
+    expect(resultObject).toBe(false);
+  });
+  it("should handle special characters in salt gracefully", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    // If somehow a salt with special chars got stored
+    const malformed =
+      "salt\nwith\nnewlines:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
+    // Should not crash, should return false (likely during scrypt or comparison)
+    const result = await crypto.verifyPassword("password", malformed);
+    expect(result).toBe(false);
+  });
+  it("should validate format before attempting expensive scrypt operation", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    // These should fail fast without calling scrypt
+    const invalidFormats = [
+      "no-colon-at-all",
+      "too:many:colons:here",
+      ":no-salt",
+      "no-hash:",
+      ":",
+      "",
+      "salt:invalidhex!",
+      "salt:abc", // odd length
+    ];
+    for (const invalid of invalidFormats) {
+      const result = await crypto.verifyPassword("password", invalid);
+      expect(result).toBe(false);
+    }
+  });
+  it("should properly handle valid hash format with correct verification", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    // Test multiple passwords
+    const passwords = [
+      "simple",
+      "with spaces",
+      "special!@#$%^&*()",
+      "emoji🔐🔑",
+      `${"very".repeat(100)}long`,
+    ];
+    for (const password of passwords) {
+      const hashed = await crypto.hashPassword(password);
+      // Verify format is correct (salt:hash with 128 hex chars for hash)
+      expect(hashed).toMatch(/^[0-9a-f]+:[0-9a-f]{128}$/i);
+      // Correct password should verify
+      expect(await crypto.verifyPassword(password, hashed)).toBe(true);
+      // Wrong password should not verify
+      expect(await crypto.verifyPassword(`${password}wrong`, hashed)).toBe(
+        false,
+      );
+    }
+  });
+  it("should prevent timing attacks with constant-time comparison", async () => {
+    const app = Alepha.create();
+    const crypto = app.inject(CryptoProvider);
+    const password = "testPassword";
+    const hashed = await crypto.hashPassword(password);
+    // Both wrong passwords should take similar time (constant-time comparison)
+    // This is a behavioral test - we're just checking they both return false
+    const wrongPassword1 = "x";
+    const wrongPassword2 = "x".repeat(100);
+    expect(await crypto.verifyPassword(wrongPassword1, hashed)).toBe(false);
+    expect(await crypto.verifyPassword(wrongPassword2, hashed)).toBe(false);
+  });
+});