arvo-core 3.0.18 → 3.0.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/.nvmrc +1 -0
  2. package/Dockerfile +7 -0
  3. package/Dockerfile.install +23 -0
  4. package/Dockerfile.test +7 -0
  5. package/dist/ArvoContract/VersionedArvoContract/index.js +4 -7
  6. package/dist/ArvoContract/VersionedArvoContract/types.d.ts +1 -1
  7. package/justfile +126 -0
  8. package/package.json +50 -31
package/.nvmrc ADDED
@@ -0,0 +1 @@
1
+ v20.17.0
package/Dockerfile ADDED
@@ -0,0 +1,7 @@
1
+ ARG NODE_VERSION=18
2
+ FROM node:${NODE_VERSION}-alpine
3
+ WORKDIR /app
4
+ COPY node_modules ./node_modules
5
+ COPY package*.json ./
6
+ COPY . .
7
+ RUN npm run build
package/Dockerfile.install ADDED
@@ -0,0 +1,23 @@
1
+ ARG NODE_VERSION=18
2
+ FROM node:${NODE_VERSION}-alpine
3
+
4
+ RUN npm install -g @aikidosec/safe-chain
5
+ RUN safe-chain setup-ci
6
+
7
+ WORKDIR /install
8
+ COPY package*.json ./
9
+ COPY .npmrc ./
10
+
11
+ # Build arguments for optional package installation
12
+ ARG PACKAGES=""
13
+ ARG DEV=""
14
+
15
+ # Install dependencies in isolation
16
+ # Lifecycle scripts can run but have no access to host secrets
17
+ # If PACKAGES specified: install those specific packages
18
+ # Otherwise: install all dependencies from package.json
19
+ RUN if [ -n "$PACKAGES" ]; then \
20
+ [ "$DEV" = "true" ] && npm install -D $PACKAGES || npm install $PACKAGES; \
21
+ else \
22
+ npm install; \
23
+ fi
package/Dockerfile.test ADDED
@@ -0,0 +1,7 @@
1
+ ARG NODE_VERSION=18
2
+ FROM node:${NODE_VERSION}-alpine
3
+ WORKDIR /app
4
+ COPY node_modules ./node_modules
5
+ COPY package*.json ./
6
+ COPY . .
7
+ CMD ["npm", "test"]
package/dist/ArvoContract/VersionedArvoContract/index.js CHANGED
@@ -10,12 +10,9 @@ var __assign = (this && this.__assign) || function () {
10
10
  };
11
11
  return __assign.apply(this, arguments);
12
12
  };
13
- var __importDefault = (this && this.__importDefault) || function (mod) {
14
- return (mod && mod.__esModule) ? mod : { "default": mod };
15
- };
16
13
  Object.defineProperty(exports, "__esModule", { value: true });
17
14
  exports.VersionedArvoContract = void 0;
18
- var zod_to_json_schema_1 = __importDefault(require("zod-to-json-schema"));
15
+ var zod_to_json_schema_1 = require("zod-to-json-schema");
19
16
  var OpenTelemetry_1 = require("../../OpenTelemetry");
20
17
  var utils_1 = require("../../utils");
21
18
  var WildCardArvoSemanticVersion_1 = require("../WildCardArvoSemanticVersion");
@@ -119,17 +116,17 @@ var VersionedArvoContract = /** @class */ (function () {
119
116
  metadata: this.metadata,
120
117
  accepts: {
121
118
  type: this._accepts.type,
122
- schema: (0, zod_to_json_schema_1.default)(this._accepts.schema),
119
+ schema: (0, zod_to_json_schema_1.zodToJsonSchema)(this._accepts.schema),
123
120
  },
124
121
  systemError: {
125
122
  type: this.systemError.type,
126
- schema: (0, zod_to_json_schema_1.default)(this.systemError.schema),
123
+ schema: (0, zod_to_json_schema_1.zodToJsonSchema)(this.systemError.schema),
127
124
  },
128
125
  emits: Object.entries(this._emits).map(function (_a) {
129
126
  var key = _a[0], value = _a[1];
130
127
  return ({
131
128
  type: key,
132
- schema: (0, zod_to_json_schema_1.default)(value),
129
+ schema: (0, zod_to_json_schema_1.zodToJsonSchema)(value),
133
130
  });
134
131
  }),
135
132
  };
package/dist/ArvoContract/VersionedArvoContract/types.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type zodToJsonSchema from 'zod-to-json-schema';
1
+ import type { zodToJsonSchema } from 'zod-to-json-schema';
2
2
  import type ArvoContract from '..';
3
3
  import type { ArvoSemanticVersion } from '../../types';
4
4
  /**
package/justfile ADDED
@@ -0,0 +1,126 @@
1
+ # Docker-Isolated NPM Development Environment
2
+ #
3
+ # This justfile provides Docker-based sandbox isolation for npm operations to protect against
4
+ # supply chain attacks during local development on local machine. All npm operations
5
+ # run in ephemeral containers with no access to your host filesystem, environment
6
+ # variables, or secrets.
7
+ #
8
+ # WHAT THIS PROTECTS AGAINST:
9
+ # - Malicious install scripts stealing SSH keys, AWS credentials, or other secrets
10
+ # - Package typosquatting attacks that exfiltrate local environment variables
11
+ # - Compromised packages accessing your home directory during installation
12
+ # - Supply chain attacks that attempt to modify files outside node_modules
13
+ # - Malicious code execution during build and test phases (runs in isolated containers)
14
+ #
15
+ # WHAT THIS DOESN'T PROTECT AGAINST:
16
+ # - Malicious code in package runtime logic when you actually run your application
17
+ # - Sophisticated obfuscated malware that bypasses basic pattern detection
18
+ # - Attacks that only activate in production environments
19
+ #
20
+ # **Disclaimer:** This does not gate against malware in node_modules or in your code
21
+ # (you need to update the Docker.install to add that gate as per your requirments
22
+ # - if you need one). Rather, its scope is **strictly limited** to attempting to protect
23
+ # the host device from exposure if the malware gets excuted.
24
+ #
25
+ # HOW IT WORKS:
26
+ # INSTALL PHASE:
27
+ # 1. npm install runs inside a clean Docker container with no volume mounts
28
+ # 2. Basic placeholder malware detection (so the you can add more complex methods if you want) scans run after installation completes
29
+ # 3. Only node_modules and package files are extracted back to your host
30
+ # 4. Container is destroyed, leaving no trace of potentially malicious install scripts
31
+ #
32
+ # BUILD PHASE:
33
+ # 1. Source code and dependencies are copied into a fresh container
34
+ # 2. Build process (TypeScript compilation, bundling, etc.) runs isolated
35
+ # 3. Only the compiled output (dist/) is extracted back to host
36
+ # 4. Any malicious code that tries to run during build is contained
37
+ #
38
+ # TEST PHASE:
39
+ # 1. Tests run in an isolated container with optional .env file mounting
40
+ # 2. Test dependencies can't access your host system during execution
41
+ # 3. Container is destroyed after tests complete
42
+ # 4. Secrets in .env are passed at runtime, never baked into image layers
43
+ #
44
+ # USAGE:
45
+ # just install # Install all dependencies from package.json
46
+ # just install <package> # Install specific package(s)
47
+ # just install-dev <package> # Install as dev dependency
48
+ # just test # Run tests in isolated container
49
+ # just build # Build project in isolated container
50
+ # just clean # Remove node_modules
51
+
52
+ node_version := `cat .nvmrc | tr -d 'v\n\r'`
53
+
54
+ install *PACKAGES:
55
+ #!/usr/bin/env bash
56
+ set -euo pipefail
57
+ NODE_VERSION={{node_version}}
58
+ echo "Installing dependencies with Node $NODE_VERSION..."
59
+ docker build --progress=plain -f Dockerfile.install --build-arg NODE_VERSION=$NODE_VERSION --build-arg PACKAGES="{{PACKAGES}}" -t npm-installer .
60
+ CONTAINER_ID=$(docker create --name npm-temp npm-installer)
61
+ docker logs $CONTAINER_ID
62
+ echo "Extracting node_modules..."
63
+ docker cp npm-temp:/install/node_modules ./node_modules
64
+ docker cp npm-temp:/install/package.json ./package.json
65
+ docker cp npm-temp:/install/package-lock.json ./package-lock.json 2>/dev/null || true
66
+ echo "Cleaning up..."
67
+ docker rm npm-temp
68
+ docker rmi npm-installer
69
+ echo "Done."
70
+
71
+ install-dev *PACKAGES:
72
+ #!/usr/bin/env bash
73
+ set -euo pipefail
74
+ NODE_VERSION={{node_version}}
75
+ echo "Installing dev dependencies with Node $NODE_VERSION..."
76
+ docker build --progress=plain -f Dockerfile.install --build-arg NODE_VERSION=$NODE_VERSION --build-arg PACKAGES="{{PACKAGES}}" --build-arg DEV=true -t npm-installer .
77
+ CONTAINER_ID=$(docker create --name npm-temp npm-installer)
78
+ docker logs $CONTAINER_ID
79
+ echo "Extracting node_modules..."
80
+ docker cp npm-temp:/install/node_modules ./node_modules
81
+ docker cp npm-temp:/install/package.json ./package.json
82
+ docker cp npm-temp:/install/package-lock.json ./package-lock.json 2>/dev/null || true
83
+ echo "Cleaning up..."
84
+ docker rm npm-temp
85
+ docker rmi npm-installer
86
+ echo "Done."
87
+
88
+ build:
89
+ #!/usr/bin/env bash
90
+ set -euo pipefail
91
+ NODE_VERSION=$(cat .nvmrc | tr -d 'v\n\r')
92
+ echo "Building with Node $NODE_VERSION..."
93
+ # Build does not need network. So it must not use it
94
+ docker build --network none --progress=plain -f Dockerfile --build-arg NODE_VERSION=$NODE_VERSION -t npm-build .
95
+ CONTAINER_ID=$(docker create npm-build)
96
+ echo "Extracting build artifacts..."
97
+ docker cp $CONTAINER_ID:/app/dist ./dist
98
+ echo "Cleaning up..."
99
+ docker rm $CONTAINER_ID
100
+ docker rmi npm-build
101
+ echo "Build complete. Output in ./dist"
102
+
103
+ test:
104
+ #!/usr/bin/env bash
105
+ set -euo pipefail
106
+ NODE_VERSION=$(cat .nvmrc | tr -d 'v\n\r')
107
+ echo "Running tests with Node $NODE_VERSION..."
108
+ docker build --progress=plain -f Dockerfile.test --build-arg NODE_VERSION=$NODE_VERSION -t npm-test .
109
+
110
+ # Run tests with .env file mounted if it exists
111
+ if [ -f .env ]; then
112
+ echo "Found .env file, mounting it..."
113
+ docker run --rm --env-file .env npm-test
114
+ else
115
+ echo "No .env file found, running without environment variables..."
116
+ ## If the .env is not there then I can safely assume the there is
117
+ ## no need so making netowrk calls
118
+ docker run --rm --network none npm-test
119
+ fi
120
+ echo "Tests complete."
121
+
122
+ clean:
123
+ rm -rf node_modules
124
+
125
+ install-biome:
126
+ npm i -D @biomejs/biome@1.9.4
package/package.json CHANGED
@@ -1,8 +1,12 @@
1
1
  {
2
2
  "name": "arvo-core",
3
- "version": "3.0.18",
4
- "description": "This core package contains all the core classes and components of the Arvo Event Driven System",
3
+ "version": "3.0.20",
5
4
  "main": "dist/index.js",
5
+ "description": "The core Arvo package which provides application tier core primitives and contract system for building production-grade event-driven application. Provides ArvoEvent (CloudEvents-compliant), ArvoContract for type-safe service interfaces, event factories, OpenTelemetry integration, and orchestration utilities - enabling infrastructure-agnostic, composable, and observable distributed systems-compliant applications.",
6
+ "repository": {
7
+ "type": "git",
8
+ "url": "https://github.com/SaadAhmad123/arvo-core"
9
+ },
6
10
  "scripts": {
7
11
  "build": "tsc",
8
12
  "start": "node ./dist/index.js",
@@ -12,40 +16,55 @@
12
16
  "format": "biome format --fix",
13
17
  "doc": "npx typedoc"
14
18
  },
15
- "keywords": ["arvo", "event-driven architecture", "xorca", "core", "cloudevent", "opentelemetry", "orchestrator"],
19
+ "keywords": [
20
+ "arvo",
21
+ "event-driven",
22
+ "cloudevents",
23
+ "opentelemetry",
24
+ "distributed-systems",
25
+ "event-sourcing",
26
+ "messaging",
27
+ "microservices",
28
+ "observability",
29
+ "type-safe",
30
+ "orchestration",
31
+ "async",
32
+ "workflow",
33
+ "telemetry",
34
+ "events"
35
+ ],
16
36
  "author": "Saad Ahmad <saadkwi12@hotmail.com>",
17
37
  "license": "MIT",
18
38
  "devDependencies": {
19
- "@biomejs/biome": "^1.9.4",
20
- "@jest/globals": "^29.7.0",
21
- "@opentelemetry/auto-instrumentations-node": "^0.49.1",
22
- "@opentelemetry/exporter-metrics-otlp-proto": "^0.52.1",
23
- "@opentelemetry/exporter-trace-otlp-proto": "^0.52.1",
24
- "@opentelemetry/resources": "^1.25.1",
25
- "@opentelemetry/sdk-metrics": "^1.25.1",
26
- "@opentelemetry/sdk-node": "^0.52.1",
27
- "@opentelemetry/sdk-trace-node": "^1.25.1",
28
- "@opentelemetry/semantic-conventions": "^1.25.1",
29
- "@types/jest": "^29.5.12",
30
- "@types/node": "^22.5.0",
31
- "@types/pako": "^2.0.3",
32
- "@types/uuid": "^10.0.0",
33
- "dotenv": "^16.4.5",
34
- "jest": "^29.7.0",
35
- "ts-jest": "^29.2.5",
36
- "ts-node": "^10.9.2",
37
- "typedoc": "^0.26.6",
38
- "typedoc-github-theme": "^0.1.2",
39
- "typedoc-plugin-zod": "^1.2.1",
40
- "typescript": "^5.5.4"
39
+ "@biomejs/biome": "1.9.4",
40
+ "@jest/globals": "29.7.0",
41
+ "@opentelemetry/auto-instrumentations-node": "0.49.1",
42
+ "@opentelemetry/exporter-metrics-otlp-proto": "0.52.1",
43
+ "@opentelemetry/exporter-trace-otlp-proto": "0.52.1",
44
+ "@opentelemetry/resources": "1.25.1",
45
+ "@opentelemetry/sdk-metrics": "1.25.1",
46
+ "@opentelemetry/sdk-node": "0.52.1",
47
+ "@opentelemetry/sdk-trace-node": "1.25.1",
48
+ "@opentelemetry/semantic-conventions": "1.38.0",
49
+ "@types/jest": "29.5.12",
50
+ "@types/node": "22.19.1",
51
+ "@types/pako": "2.0.4",
52
+ "dotenv": "16.6.1",
53
+ "jest": "29.7.0",
54
+ "ts-jest": "29.4.5",
55
+ "ts-node": "10.9.2",
56
+ "typedoc": "0.28.15",
57
+ "typedoc-github-theme": "0.3.1",
58
+ "typedoc-plugin-zod": "1.4.3",
59
+ "typescript": "5.9.3"
41
60
  },
42
61
  "dependencies": {
43
- "@opentelemetry/api": "^1.9.0",
44
- "@opentelemetry/core": "^1.30.1",
45
- "pako": "^2.1.0",
46
- "uuid": "^11.1.0",
47
- "zod": "^3.25.74",
48
- "zod-to-json-schema": "^3.24.6"
62
+ "@opentelemetry/api": "1.9.0",
63
+ "@opentelemetry/core": "1.30.1",
64
+ "pako": "2.1.0",
65
+ "uuid": "11.1.0",
66
+ "zod": "3.25.74",
67
+ "zod-to-json-schema": "3.25.0"
49
68
  },
50
69
  "engines": {
51
70
  "node": ">=18.0.0"