npm - bonescript-compiler - Versions diffs - 0.5.8 → 0.6.1 - Mend

bonescript-compiler 0.5.8 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/dist/ast.d.ts +2 -0
package/dist/cli.js +52 -8
package/dist/cli.js.map +1 -1
package/dist/emit_admin.d.ts +5 -0
package/dist/emit_admin.js +340 -35
package/dist/emit_admin.js.map +1 -1
package/dist/emit_audit.js +38 -4
package/dist/emit_audit.js.map +1 -1
package/dist/emit_capability.js +14 -0
package/dist/emit_capability.js.map +1 -1
package/dist/emit_full.js +10 -2
package/dist/emit_full.js.map +1 -1
package/dist/emit_maintenance.js +35 -3
package/dist/emit_maintenance.js.map +1 -1
package/dist/emit_nakama.js +36 -36
package/dist/emit_notify.js +30 -2
package/dist/emit_notify.js.map +1 -1
package/dist/emit_runtime.d.ts +18 -1
package/dist/emit_runtime.js +265 -85
package/dist/emit_runtime.js.map +1 -1
package/dist/emit_websocket.js +22 -2
package/dist/emit_websocket.js.map +1 -1
package/dist/emit_zod.js +12 -1
package/dist/emit_zod.js.map +1 -1
package/dist/formatter.d.ts +1 -0
package/dist/formatter.js +10 -2
package/dist/formatter.js.map +1 -1
package/dist/ir.d.ts +2 -0
package/dist/lexer.d.ts +1 -0
package/dist/lexer.js +4 -0
package/dist/lexer.js.map +1 -1
package/dist/lowering.js +2 -0
package/dist/lowering.js.map +1 -1
package/dist/parse_decls.js +36 -1
package/dist/parse_decls.js.map +1 -1
package/dist/typechecker.js +9 -0
package/dist/typechecker.js.map +1 -1
package/package.json +1 -1
package/src/ast.ts +2 -0
package/src/cli.ts +58 -10
package/src/emit_admin.ts +342 -35
package/src/emit_audit.ts +40 -4
package/src/emit_capability.ts +13 -0
package/src/emit_full.ts +9 -2
package/src/emit_maintenance.ts +35 -3
package/src/emit_nakama.ts +576 -576
package/src/emit_notify.ts +30 -2
package/src/emit_runtime.ts +955 -763
package/src/emit_websocket.ts +22 -2
package/src/emit_zod.ts +11 -1
package/src/formatter.ts +9 -2
package/src/ir.ts +2 -0
package/src/lexer.ts +2 -0
package/src/lowering.ts +5 -3
package/src/parse_decls.ts +31 -1
package/src/typechecker.ts +10 -0

package/src/emit_maintenance.ts CHANGED Viewed

@@ -220,9 +220,29 @@ export function emitHealthChecks(system: IR.IRSystem): string {
   lines.push(`});`);
   lines.push(``);
-  // Metrics endpoint
-  lines.push(`// Prometheus-style metrics`);
-  lines.push(`healthRouter.get("/metrics", (_req: Request, res: Response) => {`);
+  // Metrics endpoint — restricted to internal callers.
+  // Accepted: shared bearer in METRICS_TOKEN, or loopback / RFC1918 source IPs.
+  // External scrapers must inject the bearer; otherwise 403.
+  lines.push(`// Prometheus-style metrics — restricted to internal callers`);
+  lines.push(`function isInternalMetricsRequest(req: Request): boolean {`);
+  lines.push(`  const expected = process.env.METRICS_TOKEN || "";`);
+  lines.push(`  if (expected) {`);
+  lines.push(`    const header = req.headers.authorization || "";`);
+  lines.push(`    if (header.startsWith("Bearer ") && header.slice(7) === expected) return true;`);
+  lines.push(`  }`);
+  lines.push(`  const ip = (req.ip || "").replace(/^::ffff:/, "");`);
+  lines.push(`  if (ip === "127.0.0.1" || ip === "::1") return true;`);
+  lines.push(`  if (ip.startsWith("10.") || ip.startsWith("192.168.")) return true;`);
+  lines.push(`  // RFC1918 172.16.0.0/12`);
+  lines.push(`  const m = ip.match(/^172\\.(\\d{1,3})\\./);`);
+  lines.push(`  if (m && +m[1] >= 16 && +m[1] <= 31) return true;`);
+  lines.push(`  return false;`);
+  lines.push(`}`);
+  lines.push(`healthRouter.get("/metrics", (req: Request, res: Response) => {`);
+  lines.push(`  if (!isInternalMetricsRequest(req)) {`);
+  lines.push(`    res.status(403).json({ error: { code: "FORBIDDEN", message: "Metrics restricted to internal callers" } });`);
+  lines.push(`    return;`);
+  lines.push(`  }`);
   lines.push(`  res.type("text/plain").send(dumpMetrics());`);
   lines.push(`});`);
   lines.push(``);
@@ -356,6 +376,7 @@ interface Field {
   name: string;
   type: string;
   nullable: boolean;
+  renamed_from?: string | null;
 }
 interface Model {
@@ -395,8 +416,18 @@ export function diffModels(oldModels: Model[], newModels: Model[]): string[] {
     const oldFields = new Map(oldModel.fields.map(f => [f.name, f]));
     const newFields = new Map(newModel.fields.map(f => [f.name, f]));
+    // Renames first â€” avoid double-counting as add+drop.
+    const renamedOld = new Set<string>();
+    for (const [fname, field] of newFields) {
+      if (field.renamed_from && oldFields.has(field.renamed_from) && !oldFields.has(fname)) {
+        statements.push(\`ALTER TABLE \${tableName} RENAME COLUMN \${field.renamed_from} TO \${fname};\`);
+        renamedOld.add(field.renamed_from);
+      }
+    }
     // New columns (backward-compatible)
     for (const [fname, field] of newFields) {
+      if (field.renamed_from && renamedOld.has(field.renamed_from)) continue;
       if (!oldFields.has(fname)) {
         const sqlType = mapType(field.type);
         const nullability = field.nullable ? "" : " NOT NULL DEFAULT (CASE WHEN false THEN NULL ELSE NULL END)";
@@ -406,6 +437,7 @@ export function diffModels(oldModels: Model[], newModels: Model[]): string[] {
     // Removed columns (NOT auto-dropped â€” backward compat)
     for (const [fname] of oldFields) {
+      if (renamedOld.has(fname)) continue;
       if (!newFields.has(fname)) {
         statements.push(\`-- WARNING: Column \${tableName}.\${fname} removed from schema. Run manually: ALTER TABLE \${tableName} DROP COLUMN \${fname};\`);
       }