alepha 0.20.2 → 0.20.4

package/src/server/core/primitives/$action.ts

@@ -256,7 +256,7 @@ export class ActionPrimitive<
 
   public get route(): ServerRoute {
     return {
-      ...(this.options as any), // TODO: fix schema.header mapping
+      ...this.options,
       method: this.method,
       path: `${this.prefix}${this.path}`,
       handler: this.handler,
@@ -399,10 +399,21 @@ export class ActionPrimitive<
       }
 
       if (serverActionRequest.headers && this.options.schema?.headers) {
-        serverActionRequest.headers = this.alepha.codec.encode(
-          this.options.schema.headers,
-          serverActionRequest.headers,
-        ) as Record<string, any>;
+        // Per-key encode (matches the server-side decode pattern in
+        // ServerRouterProvider.validateRequest): coerces declared headers via
+        // the schema, leaves undeclared ones untouched. Schema keys are
+        // lowercased to match Node's incoming header convention.
+        const schemaHeaders = this.options.schema.headers;
+        const headers = serverActionRequest.headers as Record<string, unknown>;
+        for (const key of Object.keys(schemaHeaders.properties)) {
+          const lcKey = key.toLowerCase();
+          if (headers[lcKey] !== undefined) {
+            headers[lcKey] = this.alepha.codec.encode(
+              schemaHeaders.properties[key],
+              headers[lcKey],
+            );
+          }
+        }
       }
 
       if (serverActionRequest.body && this.options.schema?.body) {

package/src/server/core/providers/ServerProvider.ts

@@ -411,7 +411,7 @@ export class ServerProvider {
 
       url = url?.split("?")[0];
 
-      if (!!params?.["*"] && `/${params?.["*"]}` === url) {
+      if (params?.["*"] && `/${params?.["*"]}` === url) {
         return true;
       }
     }

package/src/server/core/providers/ServerRouterProvider.ts

@@ -319,7 +319,7 @@ export class ServerRouterProvider extends RouterProvider<ServerRouteMatcher> {
     }
 
     if (reply.body == null || responseKind === "void") {
-      delete headers["content-type"];
+      delete (headers as Record<string, unknown>)["content-type"];
       reply.body = undefined;
       return;
     }
@@ -416,7 +416,7 @@ export class ServerRouterProvider extends RouterProvider<ServerRouteMatcher> {
     if (
       "status" in error &&
       typeof error.status === "number" &&
-      !!errorNameByStatus[error.status]
+      errorNameByStatus[error.status]
     ) {
       const status = error.status;
       reply.status = status;
@@ -484,10 +484,32 @@ export class ServerRouterProvider extends RouterProvider<ServerRouteMatcher> {
 
     if (route.schema?.headers) {
       try {
-        request.headers = this.alepha.codec.validate(
-          route.schema.headers,
-          request.headers,
-        ) as any;
+        const schemaHeaders = route.schema.headers;
+
+        // Per-key decode (mirrors `query` handling): coerces declared header
+        // values from strings to their schema types (int/bool/date). Then
+        // validate the decoded subset against the full schema so TypeBox
+        // produces consistent error messages (missing-required, type
+        // mismatch). Finally merge the decoded values back into
+        // `request.headers` so undeclared headers (auth, cookie, user-agent,
+        // ...) survive the validation step intact.
+        const decoded: Record<string, unknown> = {};
+        for (const key of Object.keys(schemaHeaders.properties)) {
+          const lcKey = key.toLowerCase();
+          const value = request.headers[lcKey];
+          if (value == null) continue;
+          decoded[key] = this.alepha.codec.decode(
+            schemaHeaders.properties[key],
+            value,
+          );
+        }
+
+        this.alepha.codec.validate(schemaHeaders, decoded);
+
+        for (const [key, value] of Object.entries(decoded)) {
+          (request.headers as Record<string, unknown>)[key.toLowerCase()] =
+            value;
+        }
       } catch (error) {
         throw new ValidationError("Invalid request header", error);
       }

package/src/server/core/services/HttpClient.ts

@@ -213,7 +213,7 @@ export class HttpClient {
 
     if (hasHeader || isMultipart(action)) {
       if (typeof init.headers === "object" && "content-type" in init.headers) {
-        delete init.headers["content-type"]; // fetch() will fill this for us
+        delete (init.headers as Record<string, unknown>)["content-type"]; // fetch() will fill this for us
       }
 
       const formData = new FormData();

package/src/server/swagger/providers/ServerSwaggerProvider.ts

@@ -201,14 +201,12 @@ export class ServerSwaggerProvider {
         hasSecurity = true;
       }
 
-      const g = t.raw;
-
       if (
-        g.IsObject(route.options.schema.body) ||
-        g.IsArray(route.options.schema.body)
+        t.schema.isObject(route.options.schema.body) ||
+        t.schema.isArray(route.options.schema.body)
       ) {
         if (
-          g.IsObject(route.options.schema.body) &&
+          t.schema.isObject(route.options.schema.body) &&
           this.isBodyMultipart(route.options.schema.body)
         ) {
           operation.requestBody = {
@@ -231,7 +229,7 @@ export class ServerSwaggerProvider {
         }
       }
 
-      if (g.IsObject(route.options.schema.query)) {
+      if (t.schema.isObject(route.options.schema.query)) {
         operation.parameters ??= [];
         const requiredKeys: string[] =
           route.options.schema.query.required ?? [];
@@ -250,7 +248,7 @@ export class ServerSwaggerProvider {
         }
       }
 
-      if (g.IsObject(route.options.schema.params)) {
+      if (t.schema.isObject(route.options.schema.params)) {
         operation.parameters ??= [];
         for (const [key, value] of Object.entries(
           route.options.schema.params.properties,
@@ -260,7 +258,7 @@ export class ServerSwaggerProvider {
               ? value.description
               : undefined;
           const ref = schema(value);
-          delete ref.description;
+          ref.description = undefined;
           const param: any = {
             name: key,
             in: "path",

package/src/websocket/providers/NodeWebSocketServerProvider.ts

@@ -6,9 +6,9 @@ import {
   $state,
   Alepha,
   AlephaError,
+  SchemaValidator,
   type Static,
   t,
-  Value,
 } from "alepha";
 import { $logger } from "alepha/logger";
 import { WebSocket, WebSocketServer } from "ws";
@@ -495,6 +495,7 @@ export class NodeWebSocketServerProvider extends WebSocketServerProvider {
 
 export class NodeWebSocketConnection implements WebSocketConnection {
   protected readonly log = $logger();
+  protected readonly schemaValidator = $inject(SchemaValidator);
   public metadata?: Record<string, any>;
 
   constructor(
@@ -556,10 +557,15 @@ export class NodeWebSocketConnection implements WebSocketConnection {
 
       // Validate message against schema (out = client→server)
       const outSchema = this.endpoint.channel.options.schema.out;
-      if (!Value.Check(outSchema, message)) {
-        const errors = Array.from(Value.Errors(outSchema, message));
+      try {
+        this.schemaValidator.validate(outSchema, message, {
+          trim: false,
+          nullToUndefined: false,
+          deleteUndefined: false,
+        });
+      } catch (err) {
         throw new WebSocketValidationError(
-          `Message validation failed: ${errors.map((e: any) => e.message).join(", ")}`,
+          `Message validation failed: ${(err as Error).message}`,
         );
       }
 

package/src/websocket/services/WebSocketClient.ts

@@ -3,9 +3,9 @@ import {
   $inject,
   Alepha,
   AlephaError,
+  SchemaValidator,
   type Static,
   t,
-  Value,
 } from "alepha";
 import { $logger } from "alepha/logger";
 import type { ChannelPrimitive, TWSObject } from "../primitives/$channel.ts";
@@ -50,6 +50,7 @@ export class WebSocketChannelConnection<
   TServer extends TWSObject,
 > {
   protected readonly alepha = $inject(Alepha);
+  protected readonly schemaValidator = $inject(SchemaValidator);
   protected readonly log = $logger();
   protected ws?: WebSocket;
   protected reconnectAttempts = 0;
@@ -346,11 +347,16 @@ export class WebSocketChannelConnection<
 
     // Validate outgoing message against schema
     const outSchema = this.channel.options.schema.out;
-    if (!Value.Check(outSchema, message)) {
-      const errors = Array.from(Value.Errors(outSchema, message));
-      this.log.warn("Message validation failed", { errors });
+    try {
+      this.schemaValidator.validate(outSchema, message, {
+        trim: false,
+        nullToUndefined: false,
+        deleteUndefined: false,
+      });
+    } catch (err) {
+      this.log.warn("Message validation failed", { error: err });
       throw new AlephaError(
-        `Message validation failed: ${errors.map((e) => e.message).join(", ")}`,
+        `Message validation failed: ${(err as Error).message}`,
       );
     }
 

package/src/mcp/transports/SseMcpTransport.ts

@@ -1,182 +0,0 @@
-import { $atom, $inject, $state, t } from "alepha";
-import { $logger } from "alepha/logger";
-import { $route } from "alepha/server";
-import {
-  createErrorResponse,
-  createNotification,
-  createParseError,
-  JsonRpcParseError,
-  parseMessage,
-} from "../helpers/jsonrpc.ts";
-import type { McpContext } from "../interfaces/McpTypes.ts";
-import { McpServerProvider } from "../providers/McpServerProvider.ts";
-
-// ---------------------------------------------------------------------------------------------------------------------
-
-export const mcpSseOptions = $atom({
-  name: "alepha.mcp.sse.options",
-  description: "Configuration options for the MCP SSE transport.",
-  schema: t.object({
-    /**
-     * Path for the MCP SSE endpoint.
-     */
-    path: t.text({ default: "/mcp" }),
-  }),
-  default: {
-    path: "/mcp",
-  },
-});
-
-// ---------------------------------------------------------------------------------------------------------------------
-
-/**
- * SSE (Server-Sent Events) transport for MCP communication.
- *
- * This transport uses HTTP with SSE for server-to-client messages
- * and POST requests for client-to-server messages.
- *
- * Endpoints:
- * - GET /mcp - SSE stream for server events
- * - POST /mcp - JSON-RPC request endpoint
- *
- * @example
- * ```ts
- * import { Alepha, run } from "alepha";
- * import { AlephaServer } from "alepha/server";
- * import { AlephaMcp, AlephaMcpSse } from "alepha/mcp";
- *
- * class MyTools {
- *   // ... tool definitions
- * }
- *
- * run(
- *   Alepha.create()
- *     .with(AlephaServer)
- *     .with(AlephaMcp)
- *     .with(AlephaMcpSse)
- *     .with(MyTools)
- * );
- * ```
- */
-export class SseMcpTransport {
-  protected readonly log = $logger();
-  protected readonly options = $state(mcpSseOptions);
-  protected readonly mcpServer = $inject(McpServerProvider);
-
-  /**
-   * SSE endpoint for server-to-client messages.
-   *
-   * Returns a text/event-stream response with server capabilities
-   * and keeps the connection open for notifications.
-   */
-  sse = $route({
-    method: "GET",
-    path: this.options.path,
-    handler: async (request) => {
-      this.log.debug("MCP SSE connection established");
-
-      const encoder = new TextEncoder();
-
-      // Create SSE stream
-      const stream = new ReadableStream({
-        start: (controller) => {
-          // Send initial endpoint info
-          const endpointEvent = this.formatSseEvent(
-            "endpoint",
-            `${this.options.path}`,
-          );
-          controller.enqueue(encoder.encode(endpointEvent));
-
-          // Send capabilities notification
-          const capabilitiesNotification = createNotification(
-            "notifications/capabilities",
-            { capabilities: this.mcpServer.getCapabilities() },
-          );
-          const capabilitiesEvent = this.formatSseEvent(
-            "message",
-            JSON.stringify(capabilitiesNotification),
-          );
-          controller.enqueue(encoder.encode(capabilitiesEvent));
-        },
-        cancel: () => {
-          this.log.debug("MCP SSE connection closed");
-        },
-      });
-
-      request.reply.status = 200;
-      request.reply.headers = {
-        "content-type": "text/event-stream",
-        "cache-control": "no-cache",
-        connection: "keep-alive",
-      };
-      request.reply.body = stream;
-    },
-  });
-
-  /**
-   * POST endpoint for client-to-server JSON-RPC messages.
-   */
-  message = $route({
-    method: "POST",
-    path: this.options.path,
-    schema: {
-      body: t.json(),
-    },
-    handler: async (request) => {
-      try {
-        const body =
-          typeof request.body === "string"
-            ? request.body
-            : JSON.stringify(request.body);
-
-        this.log.debug("MCP request body", {
-          body,
-          bodyType: typeof request.body,
-        });
-
-        const rpcRequest = parseMessage(body);
-
-        // Build context from request headers
-        const headers = { ...request.headers } as Record<
-          string,
-          string | string[] | undefined
-        >;
-
-        const context: McpContext = { headers };
-
-        const response = await this.mcpServer.handleMessage(
-          rpcRequest,
-          context,
-        );
-
-        if (response) {
-          request.reply.headers["content-type"] = "application/json";
-          request.reply.body = JSON.stringify(response);
-        } else {
-          request.reply.status = 204;
-        }
-      } catch (error) {
-        if (error instanceof JsonRpcParseError) {
-          request.reply.status = 400;
-          request.reply.headers["content-type"] = "application/json";
-          request.reply.body = JSON.stringify(
-            createErrorResponse(0, createParseError(error.message)),
-          );
-        } else {
-          this.log.error("Failed to process MCP message", error);
-          request.reply.status = 500;
-          request.reply.body = JSON.stringify({
-            error: (error as Error).message,
-          });
-        }
-      }
-    },
-  });
-
-  /**
-   * Format a message as an SSE event.
-   */
-  protected formatSseEvent(event: string, data: string): string {
-    return `event: ${event}\ndata: ${data}\n\n`;
-  }
-}

package/src/orm/core/__tests__/parseQueryString.spec.ts

@@ -1,196 +0,0 @@
-import { describe, test } from "vitest";
-import { buildQueryString, parseQueryString } from "../index.ts";
-
-describe("parseQueryString with wildcard patterns", () => {
-  test("should parse wildcard patterns with = operator", ({ expect }) => {
-    // Test startsWith pattern
-    const result1 = parseQueryString("name=John*");
-    expect(result1).toEqual({ name: { startsWith: "John" } });
-
-    // Test endsWith pattern
-    const result2 = parseQueryString("name=*Smith");
-    expect(result2).toEqual({ name: { endsWith: "Smith" } });
-
-    // Test contains pattern
-    const result3 = parseQueryString("name=*oh*");
-    expect(result3).toEqual({ name: { contains: "oh" } });
-
-    // Test literal asterisk in the middle (not at beginning or end)
-    const result4 = parseQueryString("name=Jo*hn");
-    expect(result4).toEqual({ name: { eq: "Jo*hn" } });
-
-    // Test literal equals (no wildcards)
-    const result5 = parseQueryString("name=John");
-    expect(result5).toEqual({ name: { eq: "John" } });
-  });
-
-  test("should handle wildcard patterns in complex queries", ({ expect }) => {
-    // Multiple conditions with wildcards
-    const result1 = parseQueryString("name=*John&email=*@example.com");
-    expect(result1).toEqual({
-      and: [
-        { name: { endsWith: "John" } },
-        { email: { endsWith: "@example.com" } },
-      ],
-    });
-
-    // OR conditions with wildcards
-    const result2 = parseQueryString("name=John*|name=*Smith");
-    expect(result2).toEqual({
-      or: [{ name: { startsWith: "John" } }, { name: { endsWith: "Smith" } }],
-    });
-
-    // Nested conditions with wildcards
-    const result3 = parseQueryString("(name=*John*|email=admin*)&age>18");
-    expect(result3).toEqual({
-      and: [
-        {
-          or: [
-            { name: { contains: "John" } },
-            { email: { startsWith: "admin" } },
-          ],
-        },
-        { age: { gt: 18 } },
-      ],
-    });
-  });
-
-  test("should handle wildcard patterns in quoted strings", ({ expect }) => {
-    // Quoted string with wildcards should be treated as wildcards
-    const result1 = parseQueryString('name="*John*"');
-    expect(result1).toEqual({ name: { contains: "John" } });
-
-    // Quoted string with asterisk in middle
-    const result2 = parseQueryString('name="Jo*hn"');
-    expect(result2).toEqual({ name: { eq: "Jo*hn" } });
-
-    // Single quotes
-    const result3 = parseQueryString("name='*Smith'");
-    expect(result3).toEqual({ name: { endsWith: "Smith" } });
-  });
-
-  test("should handle wildcard patterns with special characters", ({
-    expect,
-  }) => {
-    // Wildcard with spaces
-    const result1 = parseQueryString("name=*John Smith*");
-    expect(result1).toEqual({ name: { contains: "John Smith" } });
-
-    // Wildcard with special characters
-    const result2 = parseQueryString("email=*@example.com");
-    expect(result2).toEqual({ email: { endsWith: "@example.com" } });
-
-    // Wildcard with numbers
-    const result3 = parseQueryString("code=ABC*123");
-    expect(result3).toEqual({ code: { eq: "ABC*123" } }); // Asterisk in middle is literal
-  });
-
-  test("should handle wildcard patterns in arrays", ({ expect }) => {
-    // Array values don't support wildcards (treated as literal)
-    const result = parseQueryString("status=[active*,*pending,*idle*]");
-    expect(result).toEqual({
-      status: { inArray: ["active*", "*pending", "*idle*"] },
-    });
-  });
-
-  test("should handle wildcard patterns with != operator", ({ expect }) => {
-    // != operator doesn't support wildcards, treats as literal
-    const result1 = parseQueryString("name!=*John");
-    expect(result1).toEqual({ name: { ne: "*John" } });
-
-    const result2 = parseQueryString("name!=John*");
-    expect(result2).toEqual({ name: { ne: "John*" } });
-  });
-
-  test("should handle empty wildcard patterns", ({ expect }) => {
-    // Just asterisks - a single asterisk at the end means "starts with nothing" = everything
-    const result1 = parseQueryString("name=*");
-    expect(result1).toEqual({ name: { contains: "" } }); // Since * alone has both start and end asterisk
-
-    const result2 = parseQueryString("name=**");
-    expect(result2).toEqual({ name: { contains: "" } });
-
-    const result3 = parseQueryString("name=***");
-    expect(result3).toEqual({ name: { contains: "*" } });
-  });
-
-  test("should handle JSONB nested queries with wildcards", ({ expect }) => {
-    const result = parseQueryString("profile.city=*Paris*&profile.name=John*");
-    expect(result).toEqual({
-      and: [
-        { profile: { city: { contains: "Paris" } } },
-        { profile: { name: { startsWith: "John" } } },
-      ],
-    });
-  });
-
-  test("should not apply wildcards to non-string operators", ({ expect }) => {
-    // Numeric comparison operators don't use wildcards
-    const result1 = parseQueryString("age>18");
-    expect(result1).toEqual({ age: { gt: 18 } });
-
-    // NULL checks don't use wildcards
-    const result2 = parseQueryString("name=null");
-    expect(result2).toEqual({ name: { isNull: true } });
-
-    const result3 = parseQueryString("name!=null");
-    expect(result3).toEqual({ name: { isNotNull: true } });
-  });
-});
-
-describe("buildQueryString with wildcard patterns", () => {
-  test("should build query strings from wildcard conditions", ({ expect }) => {
-    // startsWith
-    const query1 = buildQueryString({ name: { startsWith: "John" } });
-    expect(query1).toBe("name=John*");
-
-    // endsWith
-    const query2 = buildQueryString({ name: { endsWith: "Smith" } });
-    expect(query2).toBe("name=*Smith");
-
-    // contains
-    const query3 = buildQueryString({ name: { contains: "oh" } });
-    expect(query3).toBe("name=*oh*");
-  });
-
-  test("should build complex query strings with wildcards", ({ expect }) => {
-    const query = buildQueryString({
-      and: [
-        { name: { startsWith: "John" } },
-        { email: { endsWith: "@example.com" } },
-        { bio: { contains: "developer" } },
-      ],
-    });
-    expect(query).toBe("name=John*&email=*@example.com&bio=*developer*");
-  });
-
-  test("should handle OR conditions with wildcards", ({ expect }) => {
-    const query = buildQueryString({
-      or: [
-        { name: { startsWith: "Admin" } },
-        { role: { contains: "manager" } },
-      ],
-    });
-    expect(query).toBe("(name=Admin*|role=*manager*)");
-  });
-
-  test("round-trip conversion should preserve wildcard semantics", ({
-    expect,
-  }) => {
-    const testCases = [
-      "name=John*",
-      "name=*Smith",
-      "name=*John*",
-      "email=admin*&role=*manager*",
-      "(name=*John*|name=*Jane*)&active=true",
-      "profile.city=*Paris*",
-    ];
-
-    for (const original of testCases) {
-      const parsed = parseQueryString(original);
-      const rebuilt = buildQueryString(parsed);
-      const reparsed = parseQueryString(rebuilt);
-      expect(reparsed).toEqual(parsed);
-    }
-  });
-});