arazzo-runner 0.0.8 → 0.0.11

package/README.md

@@ -34,6 +34,9 @@ arazzo-runner -a arazzo.json -i input.json
 # With URL
 arazzo-runner -a https://example.com/arazzo.json -i ./input.json
 
+# With Verbose Logging
+arazzo-runner -a https://example.com/arazzo.json -i ./input.json --verbose
+
 # Show help
 arazzo-runner --help
 
@@ -65,7 +68,7 @@ Obviously, if you have a lot of secret variables that need adding as inputs, the
 
 ## OpenAPI Servers
 
-OpenAPI Documents allow you to specify servers at the root, [path](https://spec.openapis.org/oas/latest.html#path-item-object) and [operation](https://spec.openapis.org/oas/latest.html#operation-object) level. They allow you to specify multiple servers, however the OpenAPI specification is opinionated that all servers specified in a Document should return the same thing.
+OpenAPI Documents allow you to specify servers at the root, [path](https://spec.openapis.org/oas/latest.html#path-item-object) and [operation](https://spec.openapis.org/oas/latest.html#operation-object) level. They allow you to specify multiple servers, however the OpenAPI specification is opinionated that all servers specified in a Document should return the same thing and this Arazzo Runner will follow this opinion and only attempt one of the specified servers.
 
 This Arazzo Runner will pick the first server it comes across in the array of servers and run the operation against that.
 
@@ -77,10 +80,114 @@ It will attempt to map to the [Server Variables](https://spec.openapis.org/oas/l
 
 ## OpenAPI Parameters
 
-OpenAPI Documents allow you to specify [`header`, `path` and `query` parameters](https://spec.openapis.org/oas/latest.html#parameter-object) in myriad of styles. This Arazzo Runner will respect your styling and send the format to the server as specified by your OpenAPI document.
+OpenAPI Documents allow you to specify [`header`, `path` and `query` parameters](https://spec.openapis.org/oas/latest.html#parameter-object) in myriad of styles. This Arazzo Runner will respect your styling (unless you specify stylings for `Accept`, `Authorization` or `Content-Type` headers, then it will ignore the stylings, as per the OpenAPI specification) and send the format to the server as specified by your OpenAPI Document.
 
 It currently does not follow the `allowEmptyValue`, `allowReserved` or the `content` keywords currently.
 
+## OpenAPI Security
+
+OpenAPI Document security is supported. There are a couple of ways that you will have to document your Arazzo Workflow for certain documentation types.
+
+### Basic
+
+For HTTP Basic authentication, you should document your Arazzo like:
+
+**arazzo.json**
+
+```json
+"steps": [
+  {
+    "stepId": "deleteUser",
+    "operationId": "deleteUser",
+    "parameters": [
+      {
+        "name": "Authorization",
+        "in": "header",
+        "value": "{$inputs.username}:{$inputs.password}"
+      },
+      { "name": "username", "in": "path", "value": "$inputs.username" }
+    ]
+  }
+]
+```
+
+The Runner will correctly encode and prepend `Basic` to the Authorization Header.
+
+### Bearer
+
+For HTTP Bearer authentication, you should document your Arazzo like:
+
+**arazzo.json**
+
+```json
+{
+  "stepId": "LoginExistingUser",
+  "operationId": "loginUser",
+  "requestBody": {
+    "contentType": "application/json",
+    "payload": {
+      "username": "$inputs.username",
+      "password": "$inputs.password"
+    }
+  },
+  "outputs": { "AccessToken": "$response.body#/AccessToken" }
+},
+{
+  "stepId": "deleteUser",
+  "operationId": "deleteUser",
+  "parameters": [
+    {
+      "name": "Authorization",
+      "in": "header",
+      "value": "$steps.LoginExistingUser.outputs.AccessToken"
+    },
+    { "name": "username", "in": "path", "value": "$inputs.username" }
+  ]
+}
+```
+
+The Runner will prepend `Bearer` for you.
+
+### mutualTLS
+
+> mutualTLS is quite a complex authorization topic. I have written a naive way of dealing with it that I am unsure will actually work in production. If you are using mutualTLS and this Arazzo Runner and find that you run into bugs/issues, please do feel free to opena. report. The more I know and understand mutualTLS the better I can support it.
+
+You will need to provide inputs for your ClientKey and ClientCert as their path locations:
+
+**input.json**
+
+```json
+{
+  "deleteCurrentUser-mutualTLS": {
+    "username": "jack",
+    "key": "./client-key.pem",
+    "cert": "./client-cert.pem"
+  }
+}
+```
+
+`key` and `cert` are reserved names when used in an OpenAPI Document with `mutualTLS` as the authentication method. The Runner will error out if they are not found.
+
+### UNSUPPORTED oauth/openId
+
+**CURRENTLY UNSUPPORTED**
+
+You will need to provide inputs for your clientId and clientSecret:
+
+**input.json**
+
+```json
+{
+  "deleteCurrentUser-mutualTLS": {
+    "username": "jack",
+    "clientId": "abc123",
+    "clientSecret": "123abc"
+  }
+}
+```
+
+`clientId` and `clientSecret` are reserved name and will be used when oauth or openId authentication is set.
+
 ## Logging And Reporting
 
 ### Logging
@@ -111,10 +218,6 @@ Work on Reporting still needs completeing.
 
 ## Still unsupported
 
-### Security
-
-OpenAPI security is still not fully supported
-
 ### PathOperation
 
 Accessing an OpenAPI operation by Operation Path `'{$sourceDescriptions.petstoreDescription.url}#/paths/~1pet~1findByStatus/get'` does not work currently

package/cli.js

@@ -17,6 +17,9 @@ const options = {
     type: "string",
     short: "i",
   },
+  verbose: {
+    type: "boolean",
+  },
   help: {
     type: "boolean",
     short: "h",
@@ -40,6 +43,7 @@ OPTIONS:
   -i, --input <file>        Path to input JSON file (required)
   -h, --help                Show this help message
   -v, --version             Show version number
+  -vv, --verbose            Verbose Logging
 
 EXAMPLES:
   # Run with local files
@@ -139,7 +143,7 @@ async function main() {
   console.log("");
 
   try {
-    const runner = new Runner();
+    const runner = new Runner({ verbose: values?.verbose || false });
     await runner.runArazzo(arazzoPath, inputPath);
 
     console.log("");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "arazzo-runner",
-  "version": "0.0.8",
+  "version": "0.0.11",
   "description": "A runner to run through Arazzo Document workflows",
   "main": "index.js",
   "scripts": {
@@ -43,6 +43,7 @@
     "jsonpath": "^1.1.1",
     "openapi-params": "^0.0.5",
     "openapi-server-url-templating": "^1.3.0",
+    "openid-client": "^6.8.1",
     "stream-chain": "^3.4.0",
     "stream-json": "^1.9.1"
   }

package/src/Arazzo.js

@@ -1,11 +1,13 @@
 "use strict";
 
 const URLParams = require("openapi-params");
+const client = require("openid-client");
 
+const fs = require("node:fs");
+const https = require("node:https");
 const path = require("node:path");
 
 const Document = require("./Document");
-// const docFactory = require("./DocFactory");
 const Expression = require("./Expression");
 const Rules = require("./Rules");
 
@@ -252,6 +254,17 @@ class Arazzo extends Document {
       this.step,
     );
 
+    // await this.sourceDescriptionFile.getSecurity();
+
+    if (Object.keys(this.sourceDescriptionFile.securitySchemes).length === 1) {
+      for (const [key, value] of Object.entries(
+        this.sourceDescriptionFile.securitySchemes,
+      )) {
+        if (value.type.toLowerCase() === "mutualtls")
+          this.operation.mutualTLS = true;
+      }
+    }
+
     this.mapInputs();
 
     await this.runOperation();
@@ -328,7 +341,24 @@ class Arazzo extends Document {
 
     this.logger.notice(`Making a ${options.method.toUpperCase()} to ${url}`);
 
-    const response = await fetch(url, options);
+    let response;
+    if (this.operation?.mutualTLS) {
+      this.logger.verbose("Using mutualTLS call");
+      response = await this.mutualTLS();
+    } else {
+      this.logger.verbose("Using fetch call");
+
+      this.logger.verbose(`url: ${url}`);
+      this.logger.verbose(`method: ${options.method}`);
+      this.logger.verbose("headers:");
+      for (const [key, value] of options.headers.entries()) {
+        this.logger.verbose(`${key}: ${value}`);
+      }
+
+      this.logger.verbose(`body: ${options.body}`);
+
+      response = await fetch(url, options);
+    }
 
     if (response.headers.has("retry-after")) {
       const retryAfter = parseRetryAfter(response.headers.get("retry-after"));
@@ -345,6 +375,130 @@ class Arazzo extends Document {
     await this.dealWithResponse(response);
   }
 
+  async mutualTLS() {
+    let clientKeyPath;
+    try {
+      clientKeyPath = path.resolve(this.inputs.key);
+      this.logger.verbose(`clientKey Path: ${clientKeyPath}`);
+    } catch (err) {
+      this.logger.error(`could not resolve clientKey`);
+      throw err;
+    }
+
+    let clientCertPath;
+    try {
+      clientCertPath = path.resolve(this.inputs.cert);
+      this.logger.verbose(`clientCert Path: ${clientCertPath}`);
+    } catch (err) {
+      this.logger.error(`could not resolve clientCert`);
+      throw err;
+    }
+
+    let url = this.operation.url;
+
+    if (this.operation.queryParams.size) {
+      url += `?${this.operation.queryParams}`;
+    }
+
+    const opUrl = new URL(url);
+
+    this.logger.verbose(`url: ${opUrl.pathname + opUrl.search}`);
+    this.logger.verbose(`method: ${this.operation.method}`);
+    this.logger.verbose("headers:");
+    const headersObj = {};
+    for (const [key, value] of this.operation.headers.entries()) {
+      this.logger.verbose(`${key}: ${value}`);
+      Object.assign(headersObj, { [key]: value });
+    }
+
+    this.logger.verbose(`body: ${this.operation.data}`);
+
+    return new Promise((resolve, reject) => {
+      const options = {
+        key: fs.readFileSync(clientKeyPath),
+        cert: fs.readFileSync(clientCertPath),
+        method: this.operation.method,
+        headers: headersObj,
+        rejectUnauthorized: true,
+        hostname: opUrl.hostname,
+        path: opUrl.pathname + opUrl.search,
+      };
+
+      if (this.operation.data) {
+        options.headers = options.headers || {};
+        if (!options.headers["content-length"]) {
+          const bodyBuffer = Buffer.from(
+            typeof this.operation.data === "string"
+              ? this.operation.data
+              : JSON.stringify(this.operation.data),
+          );
+          options.headers["content-length"] = bodyBuffer.length;
+        }
+      }
+
+      const headers = new Headers();
+      const chunks = [];
+
+      const req = https.request(options, (res) => {
+        for (const [name, value] of Object.entries(res.headers)) {
+          headers.append(name, value);
+        }
+
+        // Collect data chunks as buffers for proper encoding
+        res.on("data", (chunk) => chunks.push(chunk));
+
+        res.on("end", () => {
+          // Concatenate buffers and decode based on content-type
+          const buffer = Buffer.concat(chunks);
+          let body;
+
+          const contentType = res.headers["content-type"] || "";
+
+          if (contentType.includes("application/json")) {
+            try {
+              body = JSON.parse(buffer.toString("utf8"));
+            } catch (err) {
+              body = buffer.toString("utf8");
+            }
+          } else {
+            body = buffer.toString("utf8");
+          }
+
+          const response = new Response(buffer, {
+            status: res.status,
+            statusText: res.statusMessage,
+            headers,
+          });
+          // resolve({
+          //   headers: headers,
+          //   body: body,
+
+          //   status: res.statusCode,
+          //   statusText: res.statusMessage,
+          //   ok: res.statusCode >= 200 && res.statusCode < 300,
+          // });
+          resolve(response);
+        });
+      });
+
+      req.on("error", (err) => {
+        this.logger.error(`mTLS Error: ${err.message}`);
+        reject(new Error(`mTLS request failed: ${err.message}`));
+      });
+
+      // Write request body if present
+      if (this.operation.data) {
+        const body =
+          typeof this.operation.data === "string"
+            ? this.operation.data
+            : JSON.stringify(this.operation.data);
+        req.write(body);
+      }
+
+      req.end();
+    });
+  }
+
   /**
    * @private
    * @param {*} response
@@ -691,7 +845,6 @@ class Arazzo extends Document {
    */
   async dealWithStepOutputs(response) {
     const json = await response?.json().catch((err) => {
-      console.error(err);
       this.logger.error(`Error trying to resolve ${this.step.stepId} outputs`);
       throw new Error(err);
     });
@@ -736,16 +889,83 @@ class Arazzo extends Document {
           .filter((obj) => obj.name === param.name && obj.in === param.in)
           .at(0);
 
-      const value = this.expression.resolveExpression(param.value);
+      let value = this.expression.resolveExpression(param.value);
 
       switch (param.in) {
         case "header":
-          const headerStyle = operationDetailParam?.style || "simple";
-          const headerExplode = operationDetailParam?.explode || false;
+          let headerStyle = "simple";
+          let headerExplode = false;
+
+          if (
+            operationDetailParam?.style &&
+            ["accept", "authorization", "content-type"].includes(
+              operationDetailParam.name.toLowerCase() === false,
+            )
+          ) {
+            headerStyle = operationDetailParam.style;
+          }
+
+          if (
+            operationDetailParam?.explode &&
+            ["accept", "authorization", "content-type"].includes(
+              operationDetailParam.name.toLowerCase() === false,
+            )
+          ) {
+            headerExplode = operationDetailParam.explode;
+          }
+
+          if (this.operation.security) {
+            // console.log(this.operation.security);
+            for (const key in this.sourceDescriptionFile.securitySchemes) {
+              if (
+                this.sourceDescriptionFile.securitySchemes[key].type ===
+                  "http" &&
+                param.name === key
+              ) {
+                if (
+                  this.sourceDescriptionFile.securitySchemes[
+                    key
+                  ].scheme.toLowerCase() === "bearer"
+                ) {
+                  value = `Bearer ${value}`;
+                } else {
+                  const basicPass = Buffer.from(
+                    this.expression.resolveExpression(value),
+                  ).toString("base64");
+                  value = `Basic ${basicPass}`;
+                }
+              }
+            }
+
+            // const authSchemaName = Object.keys(
+            //   this.operation.security.at(0),
+            // ).at(0);
+
+            // const securityScheme =
+            //   this.sourceDescriptionFile.securitySchemes[authSchemaName];
+            // console.log(securityScheme);
+
+            // if (
+            //   securityScheme.type === "http" &&
+            //   securityScheme?.scheme?.toLowerCase() === "bearer"
+            // ) {
+            //   value = `Bearer ${value}`;
+            // } else if (
+            //   securityScheme.type === "http" &&
+            //   securityScheme?.scheme?.toLowerCase() === "basic"
+            // ) {
+            //   const basicPass = Buffer.from(
+            //     this.expression.resolveExpression(value),
+            //   ).toString("base64");
+            //   value = `Basic ${basicPass}`;
+            // }
+          }
+
           headers.append(param.name, value, {
             style: headerStyle,
             explode: headerExplode,
           });
+
           for (const [header, value] of headers) {
             if (header === param.name) {
               headersObj.append(param.name, value);
@@ -795,6 +1015,8 @@ class Arazzo extends Document {
     this.operation.queryParams = queryParams;
   }
 
+  buildHeaderParams() {}
+
   /**
    * @private
    * @param {*} params

package/src/DocFactory.js

@@ -6,6 +6,21 @@ const OpenAPI = require("./OpenAPI");
 class DocumentFactory {
   constructor() {}
 
+  /**
+   * Tests whether a string is a URL or not
+   * @private
+   * @param {string} str
+   * @returns
+   */
+  isUrl(str) {
+    try {
+      new URL(str);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+
   /**
    * Document Factory to create Arazzo or OpenAPI documents
    * @function buildDocument
@@ -23,7 +38,9 @@ class DocumentFactory {
       document = new Arazzo(path, name, options, this);
     }
 
-    await document.loadDocument();
+    if (this.isUrl(path)) {
+      await document.loadDocument();
+    } else document.setMainArazzo();
 
     return document;
   }

package/src/Expression.js

@@ -1,5 +1,11 @@
 "use strict";
 
+const {
+  extractAll,
+  extractAndResolve,
+  hasRuntimeExpressions,
+} = require("./runtime");
+
 const {
   parse,
   test,
@@ -193,6 +199,49 @@ class Expression {
     }
   }
 
+  /**
+   * Resolves a runtime expression to its value in the context
+   * @public
+   * @param {string|Object|Array} expression - The runtime expression to resolve
+   * @returns {*} The resolved value
+   * @throws {Error} If expression is invalid or context path doesn't exist
+   */
+  // resolveExpression(expression) {
+  //   // Handle arrays recursively
+  //   if (Array.isArray(expression)) {
+  //     return expression.map((item) => this.resolveExpression(item));
+  //   }
+
+  //   // Handle objects recursively
+  //   if (typeof expression === "object" && expression !== null) {
+  //     const resolved = {};
+  //     for (const [key, value] of Object.entries(expression)) {
+  //       resolved[key] = this.resolveExpression(value);
+  //     }
+  //     return resolved;
+  //   }
+
+  //   // Handle strings (runtime expressions)
+  //   if (typeof expression !== "string") {
+  //     return expression;
+  //   }
+
+  //   this.expression = expression;
+
+  //   if (this.isARunTimeExpression()) {
+  //     return this.mapToContext();
+  //   }
+
+  //   const extractedExpression = extract(expression);
+
+  //   if (extractedExpression !== expression && test(extractedExpression)) {
+  //     this.expression = extractedExpression;
+  //     return this.mapToContext();
+  //   }
+
+  //   return expression;
+  // }
+
   /**
    * Resolves a runtime expression to its value in the context
    * @public
@@ -222,14 +271,42 @@ class Expression {
 
     this.expression = expression;
 
+    // Check if it's a runtime expression
     if (this.isARunTimeExpression()) {
       return this.mapToContext();
     }
 
-    const extractedExpression = extract(expression);
-    if (extractedExpression !== expression && test(extractedExpression)) {
-      this.expression = extractedExpression;
-      return this.mapToContext();
+    // NEW: Handle multiple templated expressions
+    const runtimeExprRegex = /{(\$[^}]+)}/g;
+    const matches = [...expression.matchAll(runtimeExprRegex)];
+
+    if (matches.length > 0) {
+      // If entire string is single expression, return resolved value
+      if (matches.length === 1 && matches[0][0] === expression) {
+        const extractedExpression = matches[0][1];
+        if (test(extractedExpression)) {
+          this.expression = extractedExpression;
+          return this.mapToContext();
+        }
+      }
+
+      // Multiple expressions - substitute each one
+      let result = expression;
+      for (const match of matches) {
+        const fullMatch = match[0];
+        const expr = match[1];
+
+        if (test(expr)) {
+          this.expression = expr;
+          const resolvedValue = this.mapToContext();
+          const stringValue =
+            typeof resolvedValue === "object"
+              ? JSON.stringify(resolvedValue)
+              : String(resolvedValue);
+          result = result.replace(fullMatch, stringValue);
+        }
+      }
+      return result;
     }
 
     return expression;

package/src/Logger.js

@@ -1,7 +1,8 @@
 "use strict";
 
 class Logger {
-  constructor() {
+  constructor(verboseLogging) {
+    this.verboseLogging = verboseLogging || false;
     this.logOutput = {
       debug: (message) => console.debug(message),
       error: (message) => console.error(`❌ ${message}`),
@@ -50,7 +51,7 @@ class Logger {
   }
 
   verbose(str) {
-    this.log(str, this.logTypes.VERBOSE);
+    if (this.verboseLogging) this.log(str, this.logTypes.VERBOSE);
   }
 
   warning(str) {

package/src/OpenAPI.js

@@ -1,5 +1,6 @@
 "use strict";
 
+const { evaluate } = require("@swaggerexpert/json-pointer");
 const { substitute, parse } = require("openapi-server-url-templating");
 
 const Document = require("./Document");
@@ -43,7 +44,7 @@ class OpenAPI extends Document {
       }
     }
 
-    this.buildOperations();
+    await this.buildOperationDetails();
 
     return this.operation;
   }
@@ -56,24 +57,26 @@ class OpenAPI extends Document {
     }
   }
 
-  async getSecurity() {
+  async getSecuritySchemes() {
+    const componentPipeline = await this.JSONPicker(
+      "components",
+      this.filePath,
+    );
+
+    for await (const { value } of componentPipeline) {
+      if (value.securitySchemes) {
+        console.log(value.securitySchemes);
+        this.securitySchemes = value.securitySchemes;
+      }
+    }
+  }
+
+  async getGlobalSecurity() {
     const pipeline = await this.JSONPicker("security", this.filePath);
 
     for await (const { value } of pipeline) {
       if (value) this.security = value;
     }
-
-    if (this.security) {
-      const componentPipeline = await this.JSONPicker(
-        "components",
-        this.filePath,
-      );
-      for await (const { value } of componentPipeline) {
-        if (value.securitySchemes) {
-          console.log(value.securitySchemes);
-        }
-      }
-    }
   }
 
   parseServer() {
@@ -103,7 +106,27 @@ class OpenAPI extends Document {
     return server;
   }
 
-  buildOperations() {
+  async buildOperationSecurity() {
+    if (!this.securitySchemes) {
+      await this.getSecuritySchemes();
+    }
+
+    if (!this.security) {
+      await this.getGlobalSecurity();
+    }
+
+    if (this.security) {
+      this.globalSecurity = true;
+    }
+
+    if (this.operationDetails?.security) {
+      this.operation.security = [this.operationDetails.security.at(0)];
+    } else {
+      if (this.security) this.operation.security = [this.security.at(0)];
+    }
+  }
+
+  async buildOperationDetails() {
     this.operation = {};
 
     const server = this.parseServer();
@@ -112,6 +135,8 @@ class OpenAPI extends Document {
       url: `${server.url}${this.path}`,
       method: this.method,
     });
+
+    await this.buildOperationSecurity();
   }
 }
 

package/src/Runner.js

@@ -6,8 +6,9 @@ const Input = require("./Input");
 const Logger = require("./Logger");
 
 class Runner {
-  constructor(logger) {
-    this.logger = logger || new Logger();
+  constructor(options, logger) {
+    const verboseLogging = options?.verbose || false;
+    this.logger = logger || new Logger(verboseLogging);
   }
 
   /**

package/src/runtime.js

@@ -0,0 +1,127 @@
+/**
+ * Extract and resolve multiple runtime expressions from a template string
+ *
+ * @param {string} template - Template string with runtime expressions like "{$inputs.user}"
+ * @param {Function} resolver - Function to resolve each runtime expression
+ * @returns {string} The template with all expressions resolved
+ *
+ * @example
+ * const result = extractAndResolve(
+ *   "{$inputs.user} has a pet called {$inputs.petName}",
+ *   (expr) => resolveExpression(expr)
+ * );
+ * // "Jack has a pet called Jill"
+ */
+function extractAndResolve(template, resolver) {
+  if (typeof template !== "string") {
+    return template;
+  }
+
+  // Match all runtime expressions wrapped in {}
+  const runtimeExpressionRegex = /{(\$[^}]+)}/g;
+
+  let result = template;
+  const matches = [...template.matchAll(runtimeExpressionRegex)];
+
+  if (matches.length === 0) {
+    return template;
+  }
+
+  // If the entire string is a single expression like "{$url}", return the resolved value
+  if (matches.length === 1 && matches[0][0] === template) {
+    return resolver(matches[0][1]);
+  }
+
+  // Multiple expressions or mixed template - replace each one
+  for (const match of matches) {
+    const fullMatch = match[0]; // e.g., "{$inputs.user}"
+    const expression = match[1]; // e.g., "$inputs.user"
+
+    const resolvedValue = resolver(expression);
+
+    // Convert resolved value to string for template substitution
+    const stringValue =
+      typeof resolvedValue === "object"
+        ? JSON.stringify(resolvedValue)
+        : String(resolvedValue);
+
+    result = result.replace(fullMatch, stringValue);
+  }
+
+  return result;
+}
+
+/**
+ * Check if a string contains any runtime expressions
+ *
+ * @param {string} str - String to check
+ * @returns {boolean} True if the string contains runtime expressions
+ */
+function hasRuntimeExpressions(str) {
+  if (typeof str !== "string") {
+    return false;
+  }
+  return /{(\$[^}]+)}/g.test(str);
+}
+
+/**
+ * Extract all runtime expressions from a template string
+ *
+ * @param {string} template - Template string
+ * @returns {Array<string>} Array of runtime expressions (without the {} wrapper)
+ */
+function extractAll(template) {
+  if (typeof template !== "string") {
+    return [];
+  }
+
+  const runtimeExpressionRegex = /{(\$[^}]+)}/g;
+  const matches = [...template.matchAll(runtimeExpressionRegex)];
+
+  return matches.map((match) => match[1]);
+}
+
+// Example usage
+// const Expression = require("./Expression");
+
+// const expression = new Expression();
+// expression.addToContext("inputs", {
+//   user: { name: "Jack" },
+//   petName: "Jill",
+//   pet_id: 1,
+//   coupon_code: "abc-def",
+//   quantity: 1,
+// });
+
+// // Example 1: Multiple expressions in a sentence
+// const result1 = extractAndResolve(
+//   "{$inputs.user} has a pet called {$inputs.petName}",
+//   (expr) => expression.resolveExpression(expr),
+// );
+// console.log(result1);
+// // Output: {"name":"Jack"} has a pet called Jill
+
+// // Example 2: Single expression (returns the resolved value directly)
+// const result2 = extractAndResolve("{$inputs.user}", (expr) =>
+//   expression.resolveExpression(expr),
+// );
+// console.log(result2);
+// // Output: { name: 'Jack' }
+
+// // Example 3: JSON template with multiple expressions
+// const result3 = extractAndResolve(
+//   '{\n  "petOrder": {\n    "petId": "{$inputs.pet_id}",\n    "couponCode": "{$inputs.coupon_code}",\n    "quantity": "{$inputs.quantity}"\n  }\n}',
+//   (expr) => expression.resolveExpression(expr),
+// );
+// console.log(result3);
+
+// // Helper functions
+// console.log("\nHelper examples:");
+// console.log("Has expressions:", hasRuntimeExpressions("{$inputs.user} test"));
+// console.log("Extract all:", extractAll("{$inputs.user} and {$inputs.petName}"));
+
+module.exports = {
+  extractAndResolve,
+  hasRuntimeExpressions,
+  extractAll,
+};