bonescript-compiler 0.5.3 → 0.5.4

package/src/emit_index.ts

@@ -1,210 +0,0 @@
-/**
- * BoneScript Server Entry Point Emitter
- * Generates src/index.ts — the Express server with all middleware and routes wired.
- */
-
-import * as IR from "./ir";
-import { toSnakeCase, toCamelCase } from "./emit_router";
-
-export function emitIndex(system: IR.IRSystem): string {
-  const apiModules = system.modules.filter(m => m.kind === "api_service");
-  const hasWebSocket = system.modules.some(m => m.kind === "realtime_service");
-  const hasBatch = system.modules.some(m =>
-    m.interfaces.some(i => i.methods.some(mth => mth.sync === "batch"))
-  );
-
-  // Collect policy settings from the gateway config (populated by lowering from PolicyDecl)
-  const gw = system.modules.find(m => m.kind === "gateway");
-  const encryptionMode = (gw?.config["encryption"] as string | undefined) || "none";
-  const enforceHttps = encryptionMode === "in_transit" || encryptionMode === "both";
-
-  const lines: string[] = [];
-
-  lines.push(`// Generated by BoneScript compiler. DO NOT EDIT.`);
-  lines.push(`// System: ${system.name}`);
-  lines.push(`require("dotenv").config();`);
-  lines.push(`import express from "express";`);
-  lines.push(`import { createServer } from "http";`);
-  lines.push(`import cors from "cors";`);
-  lines.push(`import helmet from "helmet";`);
-  lines.push(`import rateLimit from "express-rate-limit";`);
-  lines.push(`import { authMiddleware } from "./auth";`);
-  lines.push(`import { healthRouter } from "./health";`);
-  lines.push(`import { logger } from "./logger";`);
-  lines.push(`import { eventBus } from "./events";`);
-  lines.push(`import { pool } from "./db";`);
-  if (hasBatch)     lines.push(`import { startBatchWorker } from "./batch";`);
-  if (hasWebSocket) lines.push(`import { setupWebSocketServer } from "./websocket";`);
-
-  // Auth router import — must be at top-level with other imports
-  const authMethod = (() => {
-    const direct = system.resolution["implied.auth_method"] || system.resolution["system.auth_method"];
-    if (direct === "oauth2" || direct === "apikey" || direct === "jwt") return direct;
-    for (const [key, val] of Object.entries(system.resolution)) {
-      if (key.endsWith(".auth_method") && (val === "oauth2" || val === "apikey" || val === "jwt")) return val;
-    }
-    for (const mod of system.modules) {
-      const m = mod.config["auth_method"] as string | undefined;
-      if (m === "oauth2" || m === "apikey" || m === "jwt") return m;
-    }
-    return "jwt";
-  })();
-  if (authMethod === "oauth2" || authMethod === "apikey") {
-    lines.push(`import { authRouter } from "./auth";`);
-  }
-  lines.push(``);
-
-  for (const mod of apiModules) {
-    const model = mod.models[0];
-    if (!model) continue;
-    const routerName = toCamelCase(toSnakeCase(model.name) + "s") + "Router";
-    lines.push(`import { ${routerName} } from "./routes/${toSnakeCase(model.name)}";`);
-  }
-
-  lines.push(``);
-  lines.push(`const app = express();`);
-  lines.push(`const httpServer = createServer(app);`);
-  lines.push(`const PORT = parseInt(process.env.PORT || "3000");`);
-  lines.push(``);
-
-  // Middleware
-  lines.push(`// Middleware`);
-  lines.push(`app.use(helmet());`);
-
-  // HTTPS enforcement (in_transit or both encryption mode)
-  if (enforceHttps) {
-    lines.push(`// Encryption policy: in_transit — redirect HTTP to HTTPS in production`);
-    lines.push(`app.use((req: any, res: any, next: any) => {`);
-    lines.push(`  if (process.env.NODE_ENV === "production" && req.headers["x-forwarded-proto"] !== "https") {`);
-    lines.push(`    return res.redirect(301, \`https://\${req.headers.host}\${req.url}\`);`);
-    lines.push(`  }`);
-    lines.push(`  next();`);
-    lines.push(`});`);
-  }
-
-  // At-rest encryption warning (at_rest or both)
-  if (encryptionMode === "at_rest" || encryptionMode === "both") {
-    lines.push(`// Encryption policy: at_rest — ensure DATABASE_URL uses SSL and disk encryption is enabled`);
-    lines.push(`if (process.env.NODE_ENV === "production" && process.env.DATABASE_URL && !process.env.DATABASE_URL.includes("sslmode=require")) {`);
-    lines.push(`  console.warn("[WARN] Encryption policy requires at-rest encryption. Add ?sslmode=require to DATABASE_URL.");`);
-    lines.push(`}`);
-  }
-  lines.push(`// CORS: restrict to ALLOWED_ORIGINS env var (comma-separated). Defaults to same-origin only.`);
-  lines.push(`const __allowedOrigins = (process.env.ALLOWED_ORIGINS || "").split(",").map(s => s.trim()).filter(Boolean);`);
-  lines.push(`app.use(cors({`);
-  lines.push(`  origin: __allowedOrigins.length > 0`);
-  lines.push(`    ? (origin, cb) => { if (!origin || __allowedOrigins.includes(origin)) cb(null, true); else cb(new Error("Not allowed by CORS")); }`);
-  lines.push(`    : false,`);
-  lines.push(`  credentials: true,`);
-  lines.push(`}));`);
-  lines.push(`app.use(express.json({ limit: "1mb" }));`);
-  lines.push(`app.use(express.urlencoded({ extended: false, limit: "1mb" }));`);
-  lines.push(`app.use(authMiddleware);`);
-  lines.push(``);
-
-  // Rate limiting
-  const rateVal = gw?.config["rate_limit"] || 300;
-  lines.push(`// Global rate limit (default ${rateVal} req/min, override with RATE_LIMIT_MAX env var)`);
-  lines.push(`const __globalRateLimit = rateLimit({`);
-  lines.push(`  windowMs: parseInt(process.env.RATE_LIMIT_WINDOW_MS || "60000"),`);
-  lines.push(`  max: parseInt(process.env.RATE_LIMIT_MAX || "${rateVal}"),`);
-  lines.push(`  standardHeaders: true,`);
-  lines.push(`  legacyHeaders: false,`);
-  lines.push(`  message: { error: { code: "RATE_LIMITED", message: "Too many requests, please slow down." } },`);
-  lines.push(`});`);
-  lines.push(`app.use(__globalRateLimit);`);
-  lines.push(``);
-  lines.push(`// Strict rate limit on auth endpoints (20 req/min per IP)`);
-  lines.push(`const __authRateLimit = rateLimit({`);
-  lines.push(`  windowMs: 60000,`);
-  lines.push(`  max: parseInt(process.env.AUTH_RATE_LIMIT_MAX || "20"),`);
-  lines.push(`  standardHeaders: true,`);
-  lines.push(`  legacyHeaders: false,`);
-  lines.push(`  message: { error: { code: "RATE_LIMITED", message: "Too many auth attempts." } },`);
-  lines.push(`});`);
-  lines.push(``);
-
-  // Request timeout
-  lines.push(`// Request timeout (default 30s, override per-route)`);
-  lines.push(`app.use((req: any, res: any, next: any) => {`);
-  lines.push(`  const timeout = parseInt(process.env.REQUEST_TIMEOUT_MS || "30000");`);
-  lines.push(`  const timer = setTimeout(() => {`);
-  lines.push(`    if (!res.headersSent) {`);
-  lines.push(`      res.status(503).json({ error: { code: "REQUEST_TIMEOUT", message: "Request timed out" } });`);
-  lines.push(`    }`);
-  lines.push(`  }, timeout);`);
-  lines.push(`  res.on("finish", () => clearTimeout(timer));`);
-  lines.push(`  next();`);
-  lines.push(`});`);
-  lines.push(``);
-
-  // Routes
-  lines.push(`// Health & metrics`);
-  lines.push(`app.use("/health", healthRouter);`);
-  lines.push(``);
-
-  // Auth routes for OAuth2 and API key strategies
-  if (authMethod === "oauth2" || authMethod === "apikey") {
-    lines.push(`// Auth routes (${authMethod})`);
-    lines.push(`app.use("/auth", __authRateLimit, authRouter);`);
-    lines.push(``);
-  }
-
-  lines.push(`// Routes`);
-  for (const mod of apiModules) {
-    const model = mod.models[0];
-    if (!model) continue;
-    const routerName = toCamelCase(toSnakeCase(model.name) + "s") + "Router";
-    const routePath = `/${toSnakeCase(model.name)}s`;
-    lines.push(`app.use("${routePath}", ${routerName});`);
-    lines.push(`app.use("${routePath}/login", __authRateLimit);`);
-    lines.push(`app.use("${routePath}/register", __authRateLimit);`);
-  }
-  lines.push(``);
-
-  if (hasWebSocket) {
-    lines.push(`// WebSocket`);
-    lines.push(`setupWebSocketServer(httpServer);`);
-    lines.push(``);
-  }
-
-  // Startup
-  lines.push(`// Start`);
-  lines.push(`httpServer.listen(PORT, () => {`);
-  lines.push(`  logger.info("server_started", { event: "startup", metadata: { port: PORT } });`);
-  lines.push(`  eventBus.startWorker(parseInt(process.env.EVENT_WORKER_INTERVAL_MS || "1000"));`);
-  if (hasBatch) lines.push(`  startBatchWorker();`);
-  lines.push(`  console.log(\`[${system.name}] Running on port \${PORT}\`);`);
-  lines.push(`  console.log(\`  HTTP routes:\`);`);
-  for (const mod of apiModules) {
-    const model = mod.models[0];
-    if (!model) continue;
-    lines.push(`  console.log(\`    /${toSnakeCase(model.name)}s\`);`);
-  }
-  if (hasWebSocket) lines.push(`  console.log(\`  WebSocket: /ws?channel=<name>&token=<jwt>\`);`);
-  lines.push(`  console.log(\`  Health: /health/live, /health/ready, /health/metrics\`);`);
-  lines.push(`});`);
-  lines.push(``);
-
-  // Graceful shutdown
-  lines.push(`// Graceful shutdown`);
-  lines.push(`const shutdown = async (signal: string) => {`);
-  lines.push(`  logger.info("server_stopping", { event: "shutdown", metadata: { signal } });`);
-  lines.push(`  httpServer.close(async () => {`);
-  lines.push(`    try {`);
-  lines.push(`      await pool.end();`);
-  lines.push(`      logger.info("server_stopped", { event: "shutdown", status: "success" });`);
-  lines.push(`    } catch (e: any) {`);
-  lines.push(`      logger.error("shutdown_error", { event: "shutdown", metadata: { error: e.message } });`);
-  lines.push(`    }`);
-  lines.push(`    process.exit(0);`);
-  lines.push(`  });`);
-  lines.push(`  setTimeout(() => { logger.error("shutdown_timeout", { event: "shutdown" }); process.exit(1); }, 10000);`);
-  lines.push(`};`);
-  lines.push(`process.on("SIGTERM", () => shutdown("SIGTERM"));`);
-  lines.push(`process.on("SIGINT",  () => shutdown("SIGINT"));`);
-  lines.push(``);
-  lines.push(`export { app, httpServer };`);
-
-  return lines.join("\n");
-}

package/src/emit_models.ts

@@ -1,176 +0,0 @@
-/**
- * BoneScript Model Emitter
- * Generates per-model TypeScript artifacts as specified in spec/09_CODEGEN.md §5.1:
- *   - XxxInterface  — typed interface
- *   - XxxSchema     — const with field metadata (type, nullable, unique, indexed)
- *   - validateXxx() — runtime validation function derived from IR constraints
- *
- * These are emitted to src/models/<entity_name>.ts
- */
-
-import * as IR from "./ir";
-import { toTsType, toSnakeCase } from "./emit_router";
-
-// ─── Per-model file ───────────────────────────────────────────────────────────
-
-export function emitModelFile(model: IR.IRModel, mod: IR.IRModule, system: IR.IRSystem): string {
-  const lines: string[] = [];
-  lines.push(`// Generated by BoneScript compiler. DO NOT EDIT.`);
-  lines.push(`// Source hash: ${system.source_hash}`);
-  lines.push(`// Module: ${mod.name}`);
-  lines.push(``);
-
-  // ── Interface ──────────────────────────────────────────────────────────────
-  lines.push(`export interface ${model.name} {`);
-  for (const field of model.fields) {
-    // Skip generated-always fields (derived columns)
-    if (field.default_value?.startsWith("GENERATED ALWAYS")) continue;
-    const nullable = field.nullable ? " | null" : "";
-    lines.push(`  ${field.name}: ${toTsType(field.type)}${nullable};`);
-  }
-  lines.push(`}`);
-  lines.push(``);
-
-  // ── Schema const ───────────────────────────────────────────────────────────
-  lines.push(`export const ${model.name}Schema = {`);
-  for (const field of model.fields) {
-    if (field.default_value?.startsWith("GENERATED ALWAYS")) continue;
-    const meta: string[] = [
-      `type: ${JSON.stringify(field.type)}`,
-      `nullable: ${field.nullable}`,
-      `unique: ${field.unique}`,
-      `indexed: ${field.indexed}`,
-    ];
-    if (field.default_value && !field.default_value.startsWith("GENERATED")) {
-      meta.push(`default: ${JSON.stringify(field.default_value)}`);
-    }
-    lines.push(`  ${field.name}: { ${meta.join(", ")} },`);
-  }
-  lines.push(`} as const;`);
-  lines.push(``);
-
-  // ── Input type (omits server-set fields) ──────────────────────────────────
-  const inputFields = model.fields.filter(f =>
-    !["id", "created_at", "updated_at"].includes(f.name) &&
-    !f.default_value?.startsWith("GENERATED ALWAYS")
-  );
-  lines.push(`export interface Create${model.name}Input {`);
-  for (const field of inputFields) {
-    const nullable = field.nullable ? "?" : "";
-    lines.push(`  ${field.name}${nullable}: ${toTsType(field.type)};`);
-  }
-  lines.push(`}`);
-  lines.push(``);
-
-  lines.push(`export interface Update${model.name}Input {`);
-  for (const field of inputFields) {
-    lines.push(`  ${field.name}?: ${toTsType(field.type)};`);
-  }
-  lines.push(`}`);
-  lines.push(``);
-
-  // ── Validation function ────────────────────────────────────────────────────
-  lines.push(`export interface ValidationError {`);
-  lines.push(`  field: string;`);
-  lines.push(`  code: string;`);
-  lines.push(`  message: string;`);
-  lines.push(`}`);
-  lines.push(``);
-  lines.push(`export function validate${model.name}(input: unknown): { ok: true; value: ${model.name} } | { ok: false; errors: ValidationError[] } {`);
-  lines.push(`  const errors: ValidationError[] = [];`);
-  lines.push(`  const data = input as Record<string, unknown>;`);
-  lines.push(``);
-
-  // Required field presence checks
-  for (const field of model.fields) {
-    if (field.nullable || field.default_value || ["id", "created_at", "updated_at"].includes(field.name)) continue;
-    if (field.default_value?.startsWith("GENERATED ALWAYS")) continue;
-    lines.push(`  if (data.${field.name} === undefined || data.${field.name} === null) {`);
-    lines.push(`    errors.push({ field: "${field.name}", code: "REQUIRED", message: "${field.name} is required" });`);
-    lines.push(`  }`);
-  }
-
-  // Type checks for primitive fields
-  for (const field of model.fields) {
-    if (["id", "created_at", "updated_at"].includes(field.name)) continue;
-    if (field.default_value?.startsWith("GENERATED ALWAYS")) continue;
-    const check = typeCheckExpr(field.type, `data.${field.name}`);
-    if (check) {
-      lines.push(`  if (data.${field.name} !== undefined && data.${field.name} !== null && !(${check})) {`);
-      lines.push(`    errors.push({ field: "${field.name}", code: "INVALID_TYPE", message: "${field.name} must be ${field.type}" });`);
-      lines.push(`  }`);
-    }
-  }
-
-  // Constraint-derived checks from model constraints
-  for (const c of model.constraints) {
-    if (c.kind === "unique") continue; // enforced by DB
-    if (c.kind === "range" && c.params["min"] !== undefined && c.params["max"] !== undefined) {
-      lines.push(`  if (typeof data.${c.target} === "number" && (data.${c.target} < ${c.params["min"]} || data.${c.target} > ${c.params["max"]})) {`);
-      lines.push(`    errors.push({ field: "${c.target}", code: "OUT_OF_RANGE", message: "${c.target} must be between ${c.params["min"]} and ${c.params["max"]}" });`);
-      lines.push(`  }`);
-    }
-    if (c.kind === "enum" && Array.isArray(c.params["values"])) {
-      const vals = (c.params["values"] as string[]).map(v => JSON.stringify(v)).join(", ");
-      lines.push(`  if (data.${c.target} !== undefined && ![${vals}].includes(data.${c.target} as string)) {`);
-      lines.push(`    errors.push({ field: "${c.target}", code: "INVALID_ENUM", message: "${c.target} must be one of: ${(c.params["values"] as string[]).join(", ")}" });`);
-      lines.push(`  }`);
-    }
-    if (c.kind === "check" && typeof c.params["expression"] === "string") {
-      // Parse length-in-range constraints like "username.length in 3..32"
-      const lenMatch = (c.params["expression"] as string).match(/^(\w+)\.length\s+in\s+(\d+)\.\.(\d+)$/);
-      if (lenMatch) {
-        const [, fieldName, minLen, maxLen] = lenMatch;
-        lines.push(`  if (typeof data.${fieldName} === "string" && (data.${fieldName}.length < ${minLen} || data.${fieldName}.length > ${maxLen})) {`);
-        lines.push(`    errors.push({ field: "${fieldName}", code: "INVALID_LENGTH", message: "${fieldName} must be between ${minLen} and ${maxLen} characters" });`);
-        lines.push(`  }`);
-      }
-      // Parse non-negative constraints like "score >= 0"
-      const nonNegMatch = (c.params["expression"] as string).match(/^(\w+)\s*>=\s*0$/);
-      if (nonNegMatch) {
-        const [, fieldName] = nonNegMatch;
-        lines.push(`  if (typeof data.${fieldName} === "number" && data.${fieldName} < 0) {`);
-        lines.push(`    errors.push({ field: "${fieldName}", code: "OUT_OF_RANGE", message: "${fieldName} must be >= 0" });`);
-        lines.push(`  }`);
-      }
-    }
-  }
-
-  lines.push(``);
-  lines.push(`  if (errors.length > 0) return { ok: false, errors };`);
-  lines.push(`  return { ok: true, value: data as unknown as ${model.name} };`);
-  lines.push(`}`);
-  lines.push(``);
-
-  return lines.join("\n");
-}
-
-function typeCheckExpr(irType: string, expr: string): string | null {
-  switch (irType) {
-    case "string":    return `typeof ${expr} === "string"`;
-    case "uint":      return `typeof ${expr} === "number" && Number.isInteger(${expr}) && ${expr} >= 0`;
-    case "int":       return `typeof ${expr} === "number" && Number.isInteger(${expr})`;
-    case "float":     return `typeof ${expr} === "number"`;
-    case "bool":      return `typeof ${expr} === "boolean"`;
-    case "uuid":      return `typeof ${expr} === "string" && /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(${expr})`;
-    case "timestamp": return `${expr} instanceof Date || typeof ${expr} === "string"`;
-    default:
-      if (irType.startsWith("list<") || irType.startsWith("set<")) return `Array.isArray(${expr})`;
-      return null;
-  }
-}
-
-// ─── Barrel index for all models ─────────────────────────────────────────────
-
-export function emitModelsIndex(system: IR.IRSystem): string {
-  const lines: string[] = [];
-  lines.push(`// Generated by BoneScript compiler. DO NOT EDIT.`);
-  lines.push(`// Re-exports all model interfaces, schemas, and validators.`);
-  lines.push(``);
-  for (const mod of system.modules) {
-    for (const model of mod.models) {
-      lines.push(`export * from "./${toSnakeCase(model.name)}";`);
-    }
-  }
-  return lines.join("\n");
-}