claude-flow-novice 2.14.35 → 2.14.37

package/dist/server.js

@@ -0,0 +1,194 @@
+import express from 'express';
+import { hello, healthCheck, createApiResponse } from './hello.js';
+const app = express();
+const PORT = process.env.PORT || 3000;
+// Middleware for JSON parsing and security
+app.use(express.json());
+app.use(express.urlencoded({
+    extended: true
+}));
+// Security headers middleware
+app.use((req, res, next)=>{
+    res.setHeader('X-Content-Type-Options', 'nosniff');
+    res.setHeader('X-Frame-Options', 'DENY');
+    res.setHeader('X-XSS-Protection', '1; mode=block');
+    next();
+});
+// Request logging middleware
+app.use((req, res, next)=>{
+    console.log(`${new Date().toISOString()} - ${req.method} ${req.path}`);
+    next();
+});
+// API Routes
+/**
+ * GET /api/hello
+ * Basic hello world endpoint
+ */ app.get('/api/hello', (req, res)=>{
+    try {
+        const message = hello();
+        const response = createApiResponse({
+            greeting: message
+        });
+        res.json(response);
+    } catch (error) {
+        console.error('Error in /api/hello:', error);
+        res.status(500).json({
+            success: false,
+            message: 'Internal server error',
+            timestamp: new Date().toISOString()
+        });
+    }
+});
+/**
+ * GET /api/hello/:name
+ * Personalized hello endpoint
+ */ app.get('/api/hello/:name', (req, res)=>{
+    try {
+        const { name } = req.params;
+        // Input validation
+        if (!name || typeof name !== 'string' || name.length > 100) {
+            return res.status(400).json({
+                success: false,
+                message: 'Invalid name parameter',
+                timestamp: new Date().toISOString()
+            });
+        }
+        // Sanitize input (remove potential XSS)
+        const sanitizedName = name.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '');
+        const message = hello(sanitizedName);
+        const response = createApiResponse({
+            greeting: message,
+            name: sanitizedName
+        });
+        res.json(response);
+    } catch (error) {
+        console.error('Error in /api/hello/:name:', error);
+        res.status(500).json({
+            success: false,
+            message: 'Internal server error',
+            timestamp: new Date().toISOString()
+        });
+    }
+});
+/**
+ * GET /api/health
+ * Health check endpoint
+ */ app.get('/api/health', (req, res)=>{
+    try {
+        const health = healthCheck();
+        const response = createApiResponse(health, 'Service is healthy');
+        res.json(response);
+    } catch (error) {
+        console.error('Error in /api/health:', error);
+        res.status(500).json({
+            success: false,
+            message: 'Health check failed',
+            timestamp: new Date().toISOString()
+        });
+    }
+});
+/**
+ * POST /api/hello
+ * Hello endpoint with POST body
+ */ app.post('/api/hello', (req, res)=>{
+    try {
+        const { name, language } = req.body;
+        // Input validation
+        if (name && (typeof name !== 'string' || name.length > 100)) {
+            return res.status(400).json({
+                success: false,
+                message: 'Invalid name in request body',
+                timestamp: new Date().toISOString()
+            });
+        }
+        // Support for different languages
+        let greeting = 'Hello';
+        if (language && typeof language === 'string') {
+            const greetings = {
+                'es': 'Hola',
+                'fr': 'Bonjour',
+                'de': 'Hallo',
+                'it': 'Ciao',
+                'pt': 'Olá',
+                'ja': 'こんにちは',
+                'zh': '你好',
+                'hi': 'नमस्ते',
+                'ar': 'مرحبا'
+            };
+            greeting = greetings[language.toLowerCase()] || greeting;
+        }
+        const sanitizedName = name ? name.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '') : 'World';
+        const message = `${greeting} ${sanitizedName}!`;
+        const response = createApiResponse({
+            greeting: message,
+            name: sanitizedName,
+            language: language || 'en'
+        });
+        res.json(response);
+    } catch (error) {
+        console.error('Error in POST /api/hello:', error);
+        res.status(500).json({
+            success: false,
+            message: 'Internal server error',
+            timestamp: new Date().toISOString()
+        });
+    }
+});
+/**
+ * GET / - Root endpoint
+ */ app.get('/', (req, res)=>{
+    res.json({
+        success: true,
+        message: 'Hello World Backend Service',
+        version: '1.0.0',
+        endpoints: [
+            'GET /api/hello - Basic hello world',
+            'GET /api/hello/:name - Personalized greeting',
+            'POST /api/hello - Greeting with language support',
+            'GET /api/health - Health check'
+        ],
+        timestamp: new Date().toISOString()
+    });
+});
+/**
+ * 404 handler
+ */ app.use('*', (req, res)=>{
+    res.status(404).json({
+        success: false,
+        message: 'Endpoint not found',
+        path: req.originalUrl,
+        timestamp: new Date().toISOString()
+    });
+});
+/**
+ * Global error handler
+ */ app.use((error, req, res, next)=>{
+    console.error('Unhandled error:', error);
+    res.status(500).json({
+        success: false,
+        message: 'Internal server error',
+        timestamp: new Date().toISOString()
+    });
+});
+// Start server
+const server = app.listen(PORT, ()=>{
+    console.log(`🚀 Hello World Backend Service running on port ${PORT}`);
+    console.log(`📖 API Documentation: http://localhost:${PORT}/`);
+    console.log(`❤️  Health Check: http://localhost:${PORT}/api/health`);
+});
+// Graceful shutdown
+process.on('SIGTERM', ()=>{
+    console.log('SIGTERM received, shutting down gracefully');
+    server.close(()=>{
+        console.log('Process terminated');
+    });
+});
+process.on('SIGINT', ()=>{
+    console.log('SIGINT received, shutting down gracefully');
+    server.close(()=>{
+        console.log('Process terminated');
+    });
+});
+export default app;
+
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/server.js"],"sourcesContent":["import express from 'express';\nimport { hello, healthCheck, createApiResponse } from './hello.js';\n\nconst app = express();\nconst PORT = process.env.PORT || 3000;\n\n// Middleware for JSON parsing and security\napp.use(express.json());\napp.use(express.urlencoded({ extended: true }));\n\n// Security headers middleware\napp.use((req, res, next) => {\n  res.setHeader('X-Content-Type-Options', 'nosniff');\n  res.setHeader('X-Frame-Options', 'DENY');\n  res.setHeader('X-XSS-Protection', '1; mode=block');\n  next();\n});\n\n// Request logging middleware\napp.use((req, res, next) => {\n  console.log(`${new Date().toISOString()} - ${req.method} ${req.path}`);\n  next();\n});\n\n// API Routes\n\n/**\n * GET /api/hello\n * Basic hello world endpoint\n */\napp.get('/api/hello', (req, res) => {\n  try {\n    const message = hello();\n    const response = createApiResponse({ greeting: message });\n    res.json(response);\n  } catch (error) {\n    console.error('Error in /api/hello:', error);\n    res.status(500).json({\n      success: false,\n      message: 'Internal server error',\n      timestamp: new Date().toISOString()\n    });\n  }\n});\n\n/**\n * GET /api/hello/:name\n * Personalized hello endpoint\n */\napp.get('/api/hello/:name', (req, res) => {\n  try {\n    const { name } = req.params;\n    \n    // Input validation\n    if (!name || typeof name !== 'string' || name.length > 100) {\n      return res.status(400).json({\n        success: false,\n        message: 'Invalid name parameter',\n        timestamp: new Date().toISOString()\n      });\n    }\n\n    // Sanitize input (remove potential XSS)\n    const sanitizedName = name.replace(/<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi, '');\n    const message = hello(sanitizedName);\n    const response = createApiResponse({ \n      greeting: message,\n      name: sanitizedName \n    });\n    res.json(response);\n  } catch (error) {\n    console.error('Error in /api/hello/:name:', error);\n    res.status(500).json({\n      success: false,\n      message: 'Internal server error',\n      timestamp: new Date().toISOString()\n    });\n  }\n});\n\n/**\n * GET /api/health\n * Health check endpoint\n */\napp.get('/api/health', (req, res) => {\n  try {\n    const health = healthCheck();\n    const response = createApiResponse(health, 'Service is healthy');\n    res.json(response);\n  } catch (error) {\n    console.error('Error in /api/health:', error);\n    res.status(500).json({\n      success: false,\n      message: 'Health check failed',\n      timestamp: new Date().toISOString()\n    });\n  }\n});\n\n/**\n * POST /api/hello\n * Hello endpoint with POST body\n */\napp.post('/api/hello', (req, res) => {\n  try {\n    const { name, language } = req.body;\n    \n    // Input validation\n    if (name && (typeof name !== 'string' || name.length > 100)) {\n      return res.status(400).json({\n        success: false,\n        message: 'Invalid name in request body',\n        timestamp: new Date().toISOString()\n      });\n    }\n\n    // Support for different languages\n    let greeting = 'Hello';\n    if (language && typeof language === 'string') {\n      const greetings = {\n        'es': 'Hola',\n        'fr': 'Bonjour',\n        'de': 'Hallo',\n        'it': 'Ciao',\n        'pt': 'Olá',\n        'ja': 'こんにちは',\n        'zh': '你好',\n        'hi': 'नमस्ते',\n        'ar': 'مرحبا'\n      };\n      greeting = greetings[language.toLowerCase()] || greeting;\n    }\n\n    const sanitizedName = name ? name.replace(/<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi, '') : 'World';\n    const message = `${greeting} ${sanitizedName}!`;\n    \n    const response = createApiResponse({ \n      greeting: message,\n      name: sanitizedName,\n      language: language || 'en'\n    });\n    res.json(response);\n  } catch (error) {\n    console.error('Error in POST /api/hello:', error);\n    res.status(500).json({\n      success: false,\n      message: 'Internal server error',\n      timestamp: new Date().toISOString()\n    });\n  }\n});\n\n/**\n * GET / - Root endpoint\n */\napp.get('/', (req, res) => {\n  res.json({\n    success: true,\n    message: 'Hello World Backend Service',\n    version: '1.0.0',\n    endpoints: [\n      'GET /api/hello - Basic hello world',\n      'GET /api/hello/:name - Personalized greeting',\n      'POST /api/hello - Greeting with language support',\n      'GET /api/health - Health check'\n    ],\n    timestamp: new Date().toISOString()\n  });\n});\n\n/**\n * 404 handler\n */\napp.use('*', (req, res) => {\n  res.status(404).json({\n    success: false,\n    message: 'Endpoint not found',\n    path: req.originalUrl,\n    timestamp: new Date().toISOString()\n  });\n});\n\n/**\n * Global error handler\n */\napp.use((error, req, res, next) => {\n  console.error('Unhandled error:', error);\n  res.status(500).json({\n    success: false,\n    message: 'Internal server error',\n    timestamp: new Date().toISOString()\n  });\n});\n\n// Start server\nconst server = app.listen(PORT, () => {\n  console.log(`🚀 Hello World Backend Service running on port ${PORT}`);\n  console.log(`📖 API Documentation: http://localhost:${PORT}/`);\n  console.log(`❤️  Health Check: http://localhost:${PORT}/api/health`);\n});\n\n// Graceful shutdown\nprocess.on('SIGTERM', () => {\n  console.log('SIGTERM received, shutting down gracefully');\n  server.close(() => {\n    console.log('Process terminated');\n  });\n});\n\nprocess.on('SIGINT', () => {\n  console.log('SIGINT received, shutting down gracefully');\n  server.close(() => {\n    console.log('Process terminated');\n  });\n});\n\nexport default app;"],"names":["express","hello","healthCheck","createApiResponse","app","PORT","process","env","use","json","urlencoded","extended","req","res","next","setHeader","console","log","Date","toISOString","method","path","get","message","response","greeting","error","status","success","timestamp","name","params","length","sanitizedName","replace","health","post","language","body","greetings","toLowerCase","version","endpoints","originalUrl","server","listen","on","close"],"mappings":"AAAA,OAAOA,aAAa,UAAU;AAC9B,SAASC,KAAK,EAAEC,WAAW,EAAEC,iBAAiB,QAAQ,aAAa;AAEnE,MAAMC,MAAMJ;AACZ,MAAMK,OAAOC,QAAQC,GAAG,CAACF,IAAI,IAAI;AAEjC,2CAA2C;AAC3CD,IAAII,GAAG,CAACR,QAAQS,IAAI;AACpBL,IAAII,GAAG,CAACR,QAAQU,UAAU,CAAC;IAAEC,UAAU;AAAK;AAE5C,8BAA8B;AAC9BP,IAAII,GAAG,CAAC,CAACI,KAAKC,KAAKC;IACjBD,IAAIE,SAAS,CAAC,0BAA0B;IACxCF,IAAIE,SAAS,CAAC,mBAAmB;IACjCF,IAAIE,SAAS,CAAC,oBAAoB;IAClCD;AACF;AAEA,6BAA6B;AAC7BV,IAAII,GAAG,CAAC,CAACI,KAAKC,KAAKC;IACjBE,QAAQC,GAAG,CAAC,GAAG,IAAIC,OAAOC,WAAW,GAAG,GAAG,EAAEP,IAAIQ,MAAM,CAAC,CAAC,EAAER,IAAIS,IAAI,EAAE;IACrEP;AACF;AAEA,aAAa;AAEb;;;CAGC,GACDV,IAAIkB,GAAG,CAAC,cAAc,CAACV,KAAKC;IAC1B,IAAI;QACF,MAAMU,UAAUtB;QAChB,MAAMuB,WAAWrB,kBAAkB;YAAEsB,UAAUF;QAAQ;QACvDV,IAAIJ,IAAI,CAACe;IACX,EAAE,OAAOE,OAAO;QACdV,QAAQU,KAAK,CAAC,wBAAwBA;QACtCb,IAAIc,MAAM,CAAC,KAAKlB,IAAI,CAAC;YACnBmB,SAAS;YACTL,SAAS;YACTM,WAAW,IAAIX,OAAOC,WAAW;QACnC;IACF;AACF;AAEA;;;CAGC,GACDf,IAAIkB,GAAG,CAAC,oBAAoB,CAACV,KAAKC;IAChC,IAAI;QACF,MAAM,EAAEiB,IAAI,EAAE,GAAGlB,IAAImB,MAAM;QAE3B,mBAAmB;QACnB,IAAI,CAACD,QAAQ,OAAOA,SAAS,YAAYA,KAAKE,MAAM,GAAG,KAAK;YAC1D,OAAOnB,IAAIc,MAAM,CAAC,KAAKlB,IAAI,CAAC;gBAC1BmB,SAAS;gBACTL,SAAS;gBACTM,WAAW,IAAIX,OAAOC,WAAW;YACnC;QACF;QAEA,wCAAwC;QACxC,MAAMc,gBAAgBH,KAAKI,OAAO,CAAC,uDAAuD;QAC1F,MAAMX,UAAUtB,MAAMgC;QACtB,MAAMT,WAAWrB,kBAAkB;YACjCsB,UAAUF;YACVO,MAAMG;QACR;QACApB,IAAIJ,IAAI,CAACe;IACX,EAAE,OAAOE,OAAO;QACdV,QAAQU,KAAK,CAAC,8BAA8BA;QAC5Cb,IAAIc,MAAM,CAAC,KAAKlB,IAAI,CAAC;YACnBmB,SAAS;YACTL,SAAS;YACTM,WAAW,IAAIX,OAAOC,WAAW;QACnC;IACF;AACF;AAEA;;;CAGC,GACDf,IAAIkB,GAAG,CAAC,eAAe,CAACV,KAAKC;IAC3B,IAAI;QACF,MAAMsB,SAASjC;QACf,MAAMsB,WAAWrB,kBAAkBgC,QAAQ;QAC3CtB,IAAIJ,IAAI,CAACe;IACX,EAAE,OAAOE,OAAO;QACdV,QAAQU,KAAK,CAAC,yBAAyBA;QACvCb,IAAIc,MAAM,CAAC,KAAKlB,IAAI,CAAC;YACnBmB,SAAS;YACTL,SAAS;YACTM,WAAW,IAAIX,OAAOC,WAAW;QACnC;IACF;AACF;AAEA;;;CAGC,GACDf,IAAIgC,IAAI,CAAC,cAAc,CAACxB,KAAKC;IAC3B,IAAI;QACF,MAAM,EAAEiB,IAAI,EAAEO,QAAQ,EAAE,GAAGzB,IAAI0B,IAAI;QAEnC,mBAAmB;QACnB,IAAIR,QAAS,CAAA,OAAOA,SAAS,YAAYA,KAAKE,MAAM,GAAG,GAAE,GAAI;YAC3D,OAAOnB,IAAIc,MAAM,CAAC,KAAKlB,IAAI,CAAC;gBAC1BmB,SAAS;gBACTL,SAAS;gBACTM,WAAW,IAAIX,OAAOC,WAAW;YACnC;QACF;QAEA,kCAAkC;QAClC,IAAIM,WAAW;QACf,IAAIY,YAAY,OAAOA,aAAa,UAAU;YAC5C,MAAME,YAAY;gBAChB,MAAM;gBACN,MAAM;gBACN,MAAM;gBACN,MAAM;gBACN,MAAM;gBACN,MAAM;gBACN,MAAM;gBACN,MAAM;gBACN,MAAM;YACR;YACAd,WAAWc,SAAS,CAACF,SAASG,WAAW,GAAG,IAAIf;QAClD;QAEA,MAAMQ,gBAAgBH,OAAOA,KAAKI,OAAO,CAAC,uDAAuD,MAAM;QACvG,MAAMX,UAAU,GAAGE,SAAS,CAAC,EAAEQ,cAAc,CAAC,CAAC;QAE/C,MAAMT,WAAWrB,kBAAkB;YACjCsB,UAAUF;YACVO,MAAMG;YACNI,UAAUA,YAAY;QACxB;QACAxB,IAAIJ,IAAI,CAACe;IACX,EAAE,OAAOE,OAAO;QACdV,QAAQU,KAAK,CAAC,6BAA6BA;QAC3Cb,IAAIc,MAAM,CAAC,KAAKlB,IAAI,CAAC;YACnBmB,SAAS;YACTL,SAAS;YACTM,WAAW,IAAIX,OAAOC,WAAW;QACnC;IACF;AACF;AAEA;;CAEC,GACDf,IAAIkB,GAAG,CAAC,KAAK,CAACV,KAAKC;IACjBA,IAAIJ,IAAI,CAAC;QACPmB,SAAS;QACTL,SAAS;QACTkB,SAAS;QACTC,WAAW;YACT;YACA;YACA;YACA;SACD;QACDb,WAAW,IAAIX,OAAOC,WAAW;IACnC;AACF;AAEA;;CAEC,GACDf,IAAII,GAAG,CAAC,KAAK,CAACI,KAAKC;IACjBA,IAAIc,MAAM,CAAC,KAAKlB,IAAI,CAAC;QACnBmB,SAAS;QACTL,SAAS;QACTF,MAAMT,IAAI+B,WAAW;QACrBd,WAAW,IAAIX,OAAOC,WAAW;IACnC;AACF;AAEA;;CAEC,GACDf,IAAII,GAAG,CAAC,CAACkB,OAAOd,KAAKC,KAAKC;IACxBE,QAAQU,KAAK,CAAC,oBAAoBA;IAClCb,IAAIc,MAAM,CAAC,KAAKlB,IAAI,CAAC;QACnBmB,SAAS;QACTL,SAAS;QACTM,WAAW,IAAIX,OAAOC,WAAW;IACnC;AACF;AAEA,eAAe;AACf,MAAMyB,SAASxC,IAAIyC,MAAM,CAACxC,MAAM;IAC9BW,QAAQC,GAAG,CAAC,CAAC,+CAA+C,EAAEZ,MAAM;IACpEW,QAAQC,GAAG,CAAC,CAAC,uCAAuC,EAAEZ,KAAK,CAAC,CAAC;IAC7DW,QAAQC,GAAG,CAAC,CAAC,mCAAmC,EAAEZ,KAAK,WAAW,CAAC;AACrE;AAEA,oBAAoB;AACpBC,QAAQwC,EAAE,CAAC,WAAW;IACpB9B,QAAQC,GAAG,CAAC;IACZ2B,OAAOG,KAAK,CAAC;QACX/B,QAAQC,GAAG,CAAC;IACd;AACF;AAEAX,QAAQwC,EAAE,CAAC,UAAU;IACnB9B,QAAQC,GAAG,CAAC;IACZ2B,OAAOG,KAAK,CAAC;QACX/B,QAAQC,GAAG,CAAC;IACd;AACF;AAEA,eAAeb,IAAI"}

package/dist/server.test.js

@@ -0,0 +1,207 @@
+import request from 'supertest';
+import app from '../src/server.js';
+describe('Hello World Backend Service', ()=>{
+    describe('GET /', ()=>{
+        it('should return service information', async ()=>{
+            const response = await request(app).get('/').expect(200);
+            expect(response.body.success).toBe(true);
+            expect(response.body.message).toBe('Hello World Backend Service');
+            expect(response.body.endpoints).toBeDefined();
+            expect(response.body.timestamp).toBeDefined();
+        });
+    });
+    describe('GET /api/health', ()=>{
+        it('should return health status', async ()=>{
+            const response = await request(app).get('/api/health').expect(200);
+            expect(response.body.success).toBe(true);
+            expect(response.body.data.status).toBe('healthy');
+            expect(response.body.data.timestamp).toBeDefined();
+            expect(response.body.data.uptime).toBeDefined();
+            expect(response.body.timestamp).toBeDefined();
+        });
+    });
+    describe('GET /api/hello', ()=>{
+        it('should return basic hello world greeting', async ()=>{
+            const response = await request(app).get('/api/hello').expect(200);
+            expect(response.body.success).toBe(true);
+            expect(response.body.data.greeting).toBe('Hello World!');
+            expect(response.body.timestamp).toBeDefined();
+        });
+    });
+    describe('GET /api/hello/:name', ()=>{
+        it('should return personalized greeting', async ()=>{
+            const response = await request(app).get('/api/hello/John').expect(200);
+            expect(response.body.success).toBe(true);
+            expect(response.body.data.greeting).toBe('Hello John!');
+            expect(response.body.data.name).toBe('John');
+            expect(response.body.timestamp).toBeDefined();
+        });
+        it('should sanitize XSS attempts in name parameter', async ()=>{
+            const maliciousName = '<script>alert("xss")</script>John';
+            const response = await request(app).get(`/api/hello/${encodeURIComponent(maliciousName)}`).expect(200);
+            expect(response.body.success).toBe(true);
+            expect(response.body.data.greeting).not.toContain('<script>');
+            expect(response.body.data.name).not.toContain('<script>');
+            expect(response.body.data.greeting).toBe('Hello John!');
+        });
+        it('should handle empty name', async ()=>{
+            const response = await request(app).get('/api/hello/').expect(404);
+        });
+        it('should reject names longer than 100 characters', async ()=>{
+            const longName = 'a'.repeat(101);
+            const response = await request(app).get(`/api/hello/${longName}`).expect(400);
+            expect(response.body.success).toBe(false);
+            expect(response.body.message).toContain('Invalid name parameter');
+        });
+    });
+    describe('POST /api/hello', ()=>{
+        it('should return greeting with name from request body', async ()=>{
+            const response = await request(app).post('/api/hello').send({
+                name: 'Alice'
+            }).expect(200);
+            expect(response.body.success).toBe(true);
+            expect(response.body.data.greeting).toBe('Hello Alice!');
+            expect(response.body.data.name).toBe('Alice');
+            expect(response.body.data.language).toBe('en');
+            expect(response.body.timestamp).toBeDefined();
+        });
+        it('should handle greeting without name', async ()=>{
+            const response = await request(app).post('/api/hello').send({}).expect(200);
+            expect(response.body.success).toBe(true);
+            expect(response.body.data.greeting).toBe('Hello World!');
+            expect(response.body.data.name).toBe('World');
+        });
+        it('should support different languages', async ()=>{
+            const testCases = [
+                {
+                    language: 'es',
+                    expected: 'Hola'
+                },
+                {
+                    language: 'fr',
+                    expected: 'Bonjour'
+                },
+                {
+                    language: 'de',
+                    expected: 'Hallo'
+                },
+                {
+                    language: 'it',
+                    expected: 'Ciao'
+                },
+                {
+                    language: 'pt',
+                    expected: 'Olá'
+                },
+                {
+                    language: 'ja',
+                    expected: 'こんにちは'
+                },
+                {
+                    language: 'zh',
+                    expected: '你好'
+                },
+                {
+                    language: 'hi',
+                    expected: 'नमस्ते'
+                },
+                {
+                    language: 'ar',
+                    expected: 'مرحبا'
+                },
+                {
+                    language: 'invalid',
+                    expected: 'Hello'
+                }
+            ];
+            for (const testCase of testCases){
+                const response = await request(app).post('/api/hello').send({
+                    name: 'World',
+                    language: testCase.language
+                }).expect(200);
+                expect(response.body.success).toBe(true);
+                expect(response.body.data.greeting).toBe(`${testCase.expected} World!`);
+                expect(response.body.data.language).toBe(testCase.language);
+            }
+        });
+        it('should sanitize XSS attempts in POST request body', async ()=>{
+            const maliciousPayload = {
+                name: '<script>alert("xss")</script>Bob',
+                language: 'en'
+            };
+            const response = await request(app).post('/api/hello').send(maliciousPayload).expect(200);
+            expect(response.body.success).toBe(true);
+            expect(response.body.data.greeting).not.toContain('<script>');
+            expect(response.body.data.name).not.toContain('<script>');
+            expect(response.body.data.greeting).toBe('Hello Bob!');
+        });
+        it('should reject names longer than 100 characters', async ()=>{
+            const longName = 'a'.repeat(101);
+            const response = await request(app).post('/api/hello').send({
+                name: longName
+            }).expect(400);
+            expect(response.body.success).toBe(false);
+            expect(response.body.message).toContain('Invalid name');
+        });
+        it('should reject invalid language types', async ()=>{
+            const response = await request(app).post('/api/hello').send({
+                name: 'World',
+                language: 123
+            }).expect(200); // Should still work, language defaults to English
+            expect(response.body.success).toBe(true);
+            expect(response.body.data.greeting).toBe('Hello World!');
+        });
+    });
+    describe('Error Handling', ()=>{
+        it('should return 404 for non-existent endpoints', async ()=>{
+            const response = await request(app).get('/api/nonexistent').expect(404);
+            expect(response.body.success).toBe(false);
+            expect(response.body.message).toContain('Endpoint not found');
+            expect(response.body.path).toBe('/api/nonexistent');
+        });
+        it('should return 404 for nested non-existent endpoints', async ()=>{
+            const response = await request(app).get('/api/hello/nonexistent/deep').expect(404);
+            expect(response.body.success).toBe(false);
+            expect(response.body.message).toContain('Endpoint not found');
+        });
+        it('should handle malformed JSON in POST requests', async ()=>{
+            const response = await request(app).post('/api/hello').set('Content-Type', 'application/json').send('{"invalid": json}').expect(400);
+        });
+    });
+    describe('Security Headers', ()=>{
+        it('should include security headers', async ()=>{
+            const response = await request(app).get('/api/hello').expect(200);
+            expect(response.headers['x-content-type-options']).toBe('nosniff');
+            expect(response.headers['x-frame-options']).toBe('DENY');
+            expect(response.headers['x-xss-protection']).toBe('1; mode=block');
+        });
+    });
+    describe('Performance and Load Testing', ()=>{
+        it('should handle multiple concurrent requests', async ()=>{
+            const requests = Array(10).fill().map(()=>request(app).get('/api/hello'));
+            const responses = await Promise.all(requests);
+            responses.forEach((response)=>{
+                expect(response.status).toBe(200);
+                expect(response.body.success).toBe(true);
+                expect(response.body.data.greeting).toBe('Hello World!');
+            });
+        });
+        it('should handle requests with small delays', async ()=>{
+            for(let i = 0; i < 5; i++){
+                const response = await request(app).get('/api/hello/TestUser').expect(200);
+                expect(response.body.success).toBe(true);
+                expect(response.body.data.greeting).toBe('Hello TestUser!');
+            }
+        });
+    });
+    describe('Content-Type Handling', ()=>{
+        it('should handle form-urlencoded data', async ()=>{
+            const response = await request(app).post('/api/hello').send('name=FormUser&language=es').set('Content-Type', 'application/x-www-form-urlencoded').expect(200);
+            expect(response.body.success).toBe(true);
+            expect(response.body.data.greeting).toBe('Hola FormUser!');
+            expect(response.body.data.language).toBe('es');
+        });
+    });
+});
+
+//# sourceMappingURL=server.test.js.map

package/dist/server.test.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/server.test.js"],"sourcesContent":["import request from 'supertest';\nimport app from '../src/server.js';\n\ndescribe('Hello World Backend Service', () => {\n  describe('GET /', () => {\n    it('should return service information', async () => {\n      const response = await request(app)\n        .get('/')\n        .expect(200);\n\n      expect(response.body.success).toBe(true);\n      expect(response.body.message).toBe('Hello World Backend Service');\n      expect(response.body.endpoints).toBeDefined();\n      expect(response.body.timestamp).toBeDefined();\n    });\n  });\n\n  describe('GET /api/health', () => {\n    it('should return health status', async () => {\n      const response = await request(app)\n        .get('/api/health')\n        .expect(200);\n\n      expect(response.body.success).toBe(true);\n      expect(response.body.data.status).toBe('healthy');\n      expect(response.body.data.timestamp).toBeDefined();\n      expect(response.body.data.uptime).toBeDefined();\n      expect(response.body.timestamp).toBeDefined();\n    });\n  });\n\n  describe('GET /api/hello', () => {\n    it('should return basic hello world greeting', async () => {\n      const response = await request(app)\n        .get('/api/hello')\n        .expect(200);\n\n      expect(response.body.success).toBe(true);\n      expect(response.body.data.greeting).toBe('Hello World!');\n      expect(response.body.timestamp).toBeDefined();\n    });\n  });\n\n  describe('GET /api/hello/:name', () => {\n    it('should return personalized greeting', async () => {\n      const response = await request(app)\n        .get('/api/hello/John')\n        .expect(200);\n\n      expect(response.body.success).toBe(true);\n      expect(response.body.data.greeting).toBe('Hello John!');\n      expect(response.body.data.name).toBe('John');\n      expect(response.body.timestamp).toBeDefined();\n    });\n\n    it('should sanitize XSS attempts in name parameter', async () => {\n      const maliciousName = '<script>alert(\"xss\")</script>John';\n      const response = await request(app)\n        .get(`/api/hello/${encodeURIComponent(maliciousName)}`)\n        .expect(200);\n\n      expect(response.body.success).toBe(true);\n      expect(response.body.data.greeting).not.toContain('<script>');\n      expect(response.body.data.name).not.toContain('<script>');\n      expect(response.body.data.greeting).toBe('Hello John!');\n    });\n\n    it('should handle empty name', async () => {\n      const response = await request(app)\n        .get('/api/hello/')\n        .expect(404);\n    });\n\n    it('should reject names longer than 100 characters', async () => {\n      const longName = 'a'.repeat(101);\n      const response = await request(app)\n        .get(`/api/hello/${longName}`)\n        .expect(400);\n\n      expect(response.body.success).toBe(false);\n      expect(response.body.message).toContain('Invalid name parameter');\n    });\n  });\n\n  describe('POST /api/hello', () => {\n    it('should return greeting with name from request body', async () => {\n      const response = await request(app)\n        .post('/api/hello')\n        .send({ name: 'Alice' })\n        .expect(200);\n\n      expect(response.body.success).toBe(true);\n      expect(response.body.data.greeting).toBe('Hello Alice!');\n      expect(response.body.data.name).toBe('Alice');\n      expect(response.body.data.language).toBe('en');\n      expect(response.body.timestamp).toBeDefined();\n    });\n\n    it('should handle greeting without name', async () => {\n      const response = await request(app)\n        .post('/api/hello')\n        .send({})\n        .expect(200);\n\n      expect(response.body.success).toBe(true);\n      expect(response.body.data.greeting).toBe('Hello World!');\n      expect(response.body.data.name).toBe('World');\n    });\n\n    it('should support different languages', async () => {\n      const testCases = [\n        { language: 'es', expected: 'Hola' },\n        { language: 'fr', expected: 'Bonjour' },\n        { language: 'de', expected: 'Hallo' },\n        { language: 'it', expected: 'Ciao' },\n        { language: 'pt', expected: 'Olá' },\n        { language: 'ja', expected: 'こんにちは' },\n        { language: 'zh', expected: '你好' },\n        { language: 'hi', expected: 'नमस्ते' },\n        { language: 'ar', expected: 'مرحبا' },\n        { language: 'invalid', expected: 'Hello' }\n      ];\n\n      for (const testCase of testCases) {\n        const response = await request(app)\n          .post('/api/hello')\n          .send({ name: 'World', language: testCase.language })\n          .expect(200);\n\n        expect(response.body.success).toBe(true);\n        expect(response.body.data.greeting).toBe(`${testCase.expected} World!`);\n        expect(response.body.data.language).toBe(testCase.language);\n      }\n    });\n\n    it('should sanitize XSS attempts in POST request body', async () => {\n      const maliciousPayload = {\n        name: '<script>alert(\"xss\")</script>Bob',\n        language: 'en'\n      };\n\n      const response = await request(app)\n        .post('/api/hello')\n        .send(maliciousPayload)\n        .expect(200);\n\n      expect(response.body.success).toBe(true);\n      expect(response.body.data.greeting).not.toContain('<script>');\n      expect(response.body.data.name).not.toContain('<script>');\n      expect(response.body.data.greeting).toBe('Hello Bob!');\n    });\n\n    it('should reject names longer than 100 characters', async () => {\n      const longName = 'a'.repeat(101);\n      const response = await request(app)\n        .post('/api/hello')\n        .send({ name: longName })\n        .expect(400);\n\n      expect(response.body.success).toBe(false);\n      expect(response.body.message).toContain('Invalid name');\n    });\n\n    it('should reject invalid language types', async () => {\n      const response = await request(app)\n        .post('/api/hello')\n        .send({ name: 'World', language: 123 })\n        .expect(200); // Should still work, language defaults to English\n\n      expect(response.body.success).toBe(true);\n      expect(response.body.data.greeting).toBe('Hello World!');\n    });\n  });\n\n  describe('Error Handling', () => {\n    it('should return 404 for non-existent endpoints', async () => {\n      const response = await request(app)\n        .get('/api/nonexistent')\n        .expect(404);\n\n      expect(response.body.success).toBe(false);\n      expect(response.body.message).toContain('Endpoint not found');\n      expect(response.body.path).toBe('/api/nonexistent');\n    });\n\n    it('should return 404 for nested non-existent endpoints', async () => {\n      const response = await request(app)\n        .get('/api/hello/nonexistent/deep')\n        .expect(404);\n\n      expect(response.body.success).toBe(false);\n      expect(response.body.message).toContain('Endpoint not found');\n    });\n\n    it('should handle malformed JSON in POST requests', async () => {\n      const response = await request(app)\n        .post('/api/hello')\n        .set('Content-Type', 'application/json')\n        .send('{\"invalid\": json}')\n        .expect(400);\n    });\n  });\n\n  describe('Security Headers', () => {\n    it('should include security headers', async () => {\n      const response = await request(app)\n        .get('/api/hello')\n        .expect(200);\n\n      expect(response.headers['x-content-type-options']).toBe('nosniff');\n      expect(response.headers['x-frame-options']).toBe('DENY');\n      expect(response.headers['x-xss-protection']).toBe('1; mode=block');\n    });\n  });\n\n  describe('Performance and Load Testing', () => {\n    it('should handle multiple concurrent requests', async () => {\n      const requests = Array(10).fill().map(() => \n        request(app).get('/api/hello')\n      );\n\n      const responses = await Promise.all(requests);\n      \n      responses.forEach(response => {\n        expect(response.status).toBe(200);\n        expect(response.body.success).toBe(true);\n        expect(response.body.data.greeting).toBe('Hello World!');\n      });\n    });\n\n    it('should handle requests with small delays', async () => {\n      for (let i = 0; i < 5; i++) {\n        const response = await request(app)\n          .get('/api/hello/TestUser')\n          .expect(200);\n\n        expect(response.body.success).toBe(true);\n        expect(response.body.data.greeting).toBe('Hello TestUser!');\n      }\n    });\n  });\n\n  describe('Content-Type Handling', () => {\n    it('should handle form-urlencoded data', async () => {\n      const response = await request(app)\n        .post('/api/hello')\n        .send('name=FormUser&language=es')\n        .set('Content-Type', 'application/x-www-form-urlencoded')\n        .expect(200);\n\n      expect(response.body.success).toBe(true);\n      expect(response.body.data.greeting).toBe('Hola FormUser!');\n      expect(response.body.data.language).toBe('es');\n    });\n  });\n});"],"names":["request","app","describe","it","response","get","expect","body","success","toBe","message","endpoints","toBeDefined","timestamp","data","status","uptime","greeting","name","maliciousName","encodeURIComponent","not","toContain","longName","repeat","post","send","language","testCases","expected","testCase","maliciousPayload","path","set","headers","requests","Array","fill","map","responses","Promise","all","forEach","i"],"mappings":"AAAA,OAAOA,aAAa,YAAY;AAChC,OAAOC,SAAS,mBAAmB;AAEnCC,SAAS,+BAA+B;IACtCA,SAAS,SAAS;QAChBC,GAAG,qCAAqC;YACtC,MAAMC,WAAW,MAAMJ,QAAQC,KAC5BI,GAAG,CAAC,KACJC,MAAM,CAAC;YAEVA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;YACnCH,OAAOF,SAASG,IAAI,CAACG,OAAO,EAAED,IAAI,CAAC;YACnCH,OAAOF,SAASG,IAAI,CAACI,SAAS,EAAEC,WAAW;YAC3CN,OAAOF,SAASG,IAAI,CAACM,SAAS,EAAED,WAAW;QAC7C;IACF;IAEAV,SAAS,mBAAmB;QAC1BC,GAAG,+BAA+B;YAChC,MAAMC,WAAW,MAAMJ,QAAQC,KAC5BI,GAAG,CAAC,eACJC,MAAM,CAAC;YAEVA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;YACnCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACC,MAAM,EAAEN,IAAI,CAAC;YACvCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACD,SAAS,EAAED,WAAW;YAChDN,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACE,MAAM,EAAEJ,WAAW;YAC7CN,OAAOF,SAASG,IAAI,CAACM,SAAS,EAAED,WAAW;QAC7C;IACF;IAEAV,SAAS,kBAAkB;QACzBC,GAAG,4CAA4C;YAC7C,MAAMC,WAAW,MAAMJ,QAAQC,KAC5BI,GAAG,CAAC,cACJC,MAAM,CAAC;YAEVA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;YACnCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACG,QAAQ,EAAER,IAAI,CAAC;YACzCH,OAAOF,SAASG,IAAI,CAACM,SAAS,EAAED,WAAW;QAC7C;IACF;IAEAV,SAAS,wBAAwB;QAC/BC,GAAG,uCAAuC;YACxC,MAAMC,WAAW,MAAMJ,QAAQC,KAC5BI,GAAG,CAAC,mBACJC,MAAM,CAAC;YAEVA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;YACnCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACG,QAAQ,EAAER,IAAI,CAAC;YACzCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACI,IAAI,EAAET,IAAI,CAAC;YACrCH,OAAOF,SAASG,IAAI,CAACM,SAAS,EAAED,WAAW;QAC7C;QAEAT,GAAG,kDAAkD;YACnD,MAAMgB,gBAAgB;YACtB,MAAMf,WAAW,MAAMJ,QAAQC,KAC5BI,GAAG,CAAC,CAAC,WAAW,EAAEe,mBAAmBD,gBAAgB,EACrDb,MAAM,CAAC;YAEVA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;YACnCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACG,QAAQ,EAAEI,GAAG,CAACC,SAAS,CAAC;YAClDhB,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACI,IAAI,EAAEG,GAAG,CAACC,SAAS,CAAC;YAC9ChB,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACG,QAAQ,EAAER,IAAI,CAAC;QAC3C;QAEAN,GAAG,4BAA4B;YAC7B,MAAMC,WAAW,MAAMJ,QAAQC,KAC5BI,GAAG,CAAC,eACJC,MAAM,CAAC;QACZ;QAEAH,GAAG,kDAAkD;YACnD,MAAMoB,WAAW,IAAIC,MAAM,CAAC;YAC5B,MAAMpB,WAAW,MAAMJ,QAAQC,KAC5BI,GAAG,CAAC,CAAC,WAAW,EAAEkB,UAAU,EAC5BjB,MAAM,CAAC;YAEVA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;YACnCH,OAAOF,SAASG,IAAI,CAACG,OAAO,EAAEY,SAAS,CAAC;QAC1C;IACF;IAEApB,SAAS,mBAAmB;QAC1BC,GAAG,sDAAsD;YACvD,MAAMC,WAAW,MAAMJ,QAAQC,KAC5BwB,IAAI,CAAC,cACLC,IAAI,CAAC;gBAAER,MAAM;YAAQ,GACrBZ,MAAM,CAAC;YAEVA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;YACnCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACG,QAAQ,EAAER,IAAI,CAAC;YACzCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACI,IAAI,EAAET,IAAI,CAAC;YACrCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACa,QAAQ,EAAElB,IAAI,CAAC;YACzCH,OAAOF,SAASG,IAAI,CAACM,SAAS,EAAED,WAAW;QAC7C;QAEAT,GAAG,uCAAuC;YACxC,MAAMC,WAAW,MAAMJ,QAAQC,KAC5BwB,IAAI,CAAC,cACLC,IAAI,CAAC,CAAC,GACNpB,MAAM,CAAC;YAEVA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;YACnCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACG,QAAQ,EAAER,IAAI,CAAC;YACzCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACI,IAAI,EAAET,IAAI,CAAC;QACvC;QAEAN,GAAG,sCAAsC;YACvC,MAAMyB,YAAY;gBAChB;oBAAED,UAAU;oBAAME,UAAU;gBAAO;gBACnC;oBAAEF,UAAU;oBAAME,UAAU;gBAAU;gBACtC;oBAAEF,UAAU;oBAAME,UAAU;gBAAQ;gBACpC;oBAAEF,UAAU;oBAAME,UAAU;gBAAO;gBACnC;oBAAEF,UAAU;oBAAME,UAAU;gBAAM;gBAClC;oBAAEF,UAAU;oBAAME,UAAU;gBAAQ;gBACpC;oBAAEF,UAAU;oBAAME,UAAU;gBAAK;gBACjC;oBAAEF,UAAU;oBAAME,UAAU;gBAAS;gBACrC;oBAAEF,UAAU;oBAAME,UAAU;gBAAQ;gBACpC;oBAAEF,UAAU;oBAAWE,UAAU;gBAAQ;aAC1C;YAED,KAAK,MAAMC,YAAYF,UAAW;gBAChC,MAAMxB,WAAW,MAAMJ,QAAQC,KAC5BwB,IAAI,CAAC,cACLC,IAAI,CAAC;oBAAER,MAAM;oBAASS,UAAUG,SAASH,QAAQ;gBAAC,GAClDrB,MAAM,CAAC;gBAEVA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;gBACnCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACG,QAAQ,EAAER,IAAI,CAAC,GAAGqB,SAASD,QAAQ,CAAC,OAAO,CAAC;gBACtEvB,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACa,QAAQ,EAAElB,IAAI,CAACqB,SAASH,QAAQ;YAC5D;QACF;QAEAxB,GAAG,qDAAqD;YACtD,MAAM4B,mBAAmB;gBACvBb,MAAM;gBACNS,UAAU;YACZ;YAEA,MAAMvB,WAAW,MAAMJ,QAAQC,KAC5BwB,IAAI,CAAC,cACLC,IAAI,CAACK,kBACLzB,MAAM,CAAC;YAEVA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;YACnCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACG,QAAQ,EAAEI,GAAG,CAACC,SAAS,CAAC;YAClDhB,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACI,IAAI,EAAEG,GAAG,CAACC,SAAS,CAAC;YAC9ChB,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACG,QAAQ,EAAER,IAAI,CAAC;QAC3C;QAEAN,GAAG,kDAAkD;YACnD,MAAMoB,WAAW,IAAIC,MAAM,CAAC;YAC5B,MAAMpB,WAAW,MAAMJ,QAAQC,KAC5BwB,IAAI,CAAC,cACLC,IAAI,CAAC;gBAAER,MAAMK;YAAS,GACtBjB,MAAM,CAAC;YAEVA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;YACnCH,OAAOF,SAASG,IAAI,CAACG,OAAO,EAAEY,SAAS,CAAC;QAC1C;QAEAnB,GAAG,wCAAwC;YACzC,MAAMC,WAAW,MAAMJ,QAAQC,KAC5BwB,IAAI,CAAC,cACLC,IAAI,CAAC;gBAAER,MAAM;gBAASS,UAAU;YAAI,GACpCrB,MAAM,CAAC,MAAM,kDAAkD;YAElEA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;YACnCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACG,QAAQ,EAAER,IAAI,CAAC;QAC3C;IACF;IAEAP,SAAS,kBAAkB;QACzBC,GAAG,gDAAgD;YACjD,MAAMC,WAAW,MAAMJ,QAAQC,KAC5BI,GAAG,CAAC,oBACJC,MAAM,CAAC;YAEVA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;YACnCH,OAAOF,SAASG,IAAI,CAACG,OAAO,EAAEY,SAAS,CAAC;YACxChB,OAAOF,SAASG,IAAI,CAACyB,IAAI,EAAEvB,IAAI,CAAC;QAClC;QAEAN,GAAG,uDAAuD;YACxD,MAAMC,WAAW,MAAMJ,QAAQC,KAC5BI,GAAG,CAAC,+BACJC,MAAM,CAAC;YAEVA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;YACnCH,OAAOF,SAASG,IAAI,CAACG,OAAO,EAAEY,SAAS,CAAC;QAC1C;QAEAnB,GAAG,iDAAiD;YAClD,MAAMC,WAAW,MAAMJ,QAAQC,KAC5BwB,IAAI,CAAC,cACLQ,GAAG,CAAC,gBAAgB,oBACpBP,IAAI,CAAC,qBACLpB,MAAM,CAAC;QACZ;IACF;IAEAJ,SAAS,oBAAoB;QAC3BC,GAAG,mCAAmC;YACpC,MAAMC,WAAW,MAAMJ,QAAQC,KAC5BI,GAAG,CAAC,cACJC,MAAM,CAAC;YAEVA,OAAOF,SAAS8B,OAAO,CAAC,yBAAyB,EAAEzB,IAAI,CAAC;YACxDH,OAAOF,SAAS8B,OAAO,CAAC,kBAAkB,EAAEzB,IAAI,CAAC;YACjDH,OAAOF,SAAS8B,OAAO,CAAC,mBAAmB,EAAEzB,IAAI,CAAC;QACpD;IACF;IAEAP,SAAS,gCAAgC;QACvCC,GAAG,8CAA8C;YAC/C,MAAMgC,WAAWC,MAAM,IAAIC,IAAI,GAAGC,GAAG,CAAC,IACpCtC,QAAQC,KAAKI,GAAG,CAAC;YAGnB,MAAMkC,YAAY,MAAMC,QAAQC,GAAG,CAACN;YAEpCI,UAAUG,OAAO,CAACtC,CAAAA;gBAChBE,OAAOF,SAASW,MAAM,EAAEN,IAAI,CAAC;gBAC7BH,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;gBACnCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACG,QAAQ,EAAER,IAAI,CAAC;YAC3C;QACF;QAEAN,GAAG,4CAA4C;YAC7C,IAAK,IAAIwC,IAAI,GAAGA,IAAI,GAAGA,IAAK;gBAC1B,MAAMvC,WAAW,MAAMJ,QAAQC,KAC5BI,GAAG,CAAC,uBACJC,MAAM,CAAC;gBAEVA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;gBACnCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACG,QAAQ,EAAER,IAAI,CAAC;YAC3C;QACF;IACF;IAEAP,SAAS,yBAAyB;QAChCC,GAAG,sCAAsC;YACvC,MAAMC,WAAW,MAAMJ,QAAQC,KAC5BwB,IAAI,CAAC,cACLC,IAAI,CAAC,6BACLO,GAAG,CAAC,gBAAgB,qCACpB3B,MAAM,CAAC;YAEVA,OAAOF,SAASG,IAAI,CAACC,OAAO,EAAEC,IAAI,CAAC;YACnCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACG,QAAQ,EAAER,IAAI,CAAC;YACzCH,OAAOF,SAASG,IAAI,CAACO,IAAI,CAACa,QAAQ,EAAElB,IAAI,CAAC;QAC3C;IACF;AACF"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-flow-novice",
-  "version": "2.14.35",
+  "version": "2.14.37",
   "description": "AI agent orchestration framework with namespace-isolated skills, agents, and CFN Loop validation. Safe installation with ~0.01% collision risk.",
   "main": "dist/index.js",
   "type": "module",
@@ -132,6 +132,7 @@
     "chalk": "^4.1.2",
     "commander": "^11.1.0",
     "dotenv": "^17.2.3",
+    "express": "^5.1.0",
     "glob": "^11.0.3",
     "ioredis": "^5.8.2",
     "lodash": "^4.17.21",

package/scripts/docker-build-mcp.sh

@@ -0,0 +1,155 @@
+#!/bin/bash
+set -euo pipefail
+
+# Docker MCP Build Script
+# Builds all MCP server images and enhanced agent image with MCP clients
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+echo "========================================="
+echo "  Docker MCP Build Script"
+echo "========================================="
+echo ""
+
+# Function to print colored output
+print_status() {
+    local status=$1
+    local message=$2
+    case $status in
+        "success")
+            echo -e "${GREEN}✓${NC} $message"
+            ;;
+        "error")
+            echo -e "${RED}✗${NC} $message"
+            ;;
+        "info")
+            echo -e "${YELLOW}→${NC} $message"
+            ;;
+    esac
+}
+
+# Check if Docker is available
+if ! command -v docker &> /dev/null; then
+    print_status "error" "Docker is not installed or not in PATH"
+    exit 1
+fi
+
+# Check if docker-compose is available
+if ! command -v docker-compose &> /dev/null; then
+    print_status "error" "docker-compose is not installed or not in PATH"
+    exit 1
+fi
+
+# Navigate to project root
+cd "$PROJECT_ROOT"
+
+# Validate MCP configuration exists
+if [ ! -f "config/mcp-servers.json" ]; then
+    print_status "error" "MCP configuration not found: config/mcp-servers.json"
+    exit 1
+fi
+
+print_status "success" "Found MCP configuration"
+
+# Build enhanced production Dockerfile with MCP clients
+print_status "info" "Building enhanced agent image with MCP clients..."
+if docker build -f Dockerfile.production \
+    --target production \
+    --tag cfn-agent-mcp:latest \
+    --tag cfn-agent-mcp:$(date +%Y%m%d) \
+    --build-arg BUILD_DATE="$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
+    --build-arg VCS_REF="$(git rev-parse --short HEAD 2>/dev/null || echo 'unknown')" \
+    --build-arg VERSION="4.1.0-mcp" \
+    . 2>&1 | tee /tmp/docker-build-agent.log; then
+    print_status "success" "Agent image built successfully"
+else
+    print_status "error" "Failed to build agent image"
+    exit 1
+fi
+
+# Build MCP server images from docker-compose
+print_status "info" "Building MCP server containers..."
+if docker-compose -f docker-compose.production.yml build \
+    mcp-playwright \
+    mcp-redis-tools \
+    mcp-n8n \
+    mcp-security-scanner 2>&1 | tee /tmp/docker-build-mcp.log; then
+    print_status "success" "MCP server images built successfully"
+else
+    print_status "error" "Failed to build MCP server images"
+    exit 1
+fi
+
+# Pull base images that we reference directly
+print_status "info" "Pulling base MCP images..."
+docker pull mcr.microsoft.com/playwright:v1.40.0-jammy
+docker pull redis:7-alpine
+docker pull n8nio/n8n:latest
+docker pull aquasec/trivy:latest
+print_status "success" "Base images pulled"
+
+# Run security scans if Trivy is available
+if command -v trivy &> /dev/null; then
+    print_status "info" "Running security scans with Trivy..."
+
+    # Scan agent image
+    print_status "info" "Scanning cfn-agent-mcp:latest..."
+    if trivy image --severity HIGH,CRITICAL \
+        --exit-code 0 \
+        --no-progress \
+        cfn-agent-mcp:latest > /tmp/trivy-scan-agent.txt 2>&1; then
+        print_status "success" "Agent image scan complete"
+    else
+        print_status "error" "Agent image has vulnerabilities (see /tmp/trivy-scan-agent.txt)"
+    fi
+
+    # Scan MCP server images
+    for image in mcr.microsoft.com/playwright:v1.40.0-jammy \
+                 redis:7-alpine \
+                 n8nio/n8n:latest \
+                 aquasec/trivy:latest; do
+        print_status "info" "Scanning $image..."
+        trivy image --severity HIGH,CRITICAL \
+            --exit-code 0 \
+            --no-progress \
+            "$image" > /tmp/trivy-scan-$(echo $image | sed 's/[^a-zA-Z0-9]/-/g').txt 2>&1 || true
+    done
+
+    print_status "success" "Security scans complete (results in /tmp/trivy-scan-*.txt)"
+else
+    print_status "info" "Trivy not found - skipping security scans"
+fi
+
+# Summary
+echo ""
+echo "========================================="
+echo "  Build Summary"
+echo "========================================="
+echo ""
+
+docker images | grep -E "(cfn-agent-mcp|mcp-playwright|mcp-redis-tools|mcp-n8n|mcp-security|playwright|n8n|trivy)" | head -20
+
+echo ""
+print_status "success" "Build complete!"
+echo ""
+echo "Tagged images:"
+echo "  - cfn-agent-mcp:latest"
+echo "  - cfn-agent-mcp:$(date +%Y%m%d)"
+echo ""
+echo "MCP Server images ready:"
+echo "  - mcp-playwright (mcr.microsoft.com/playwright:v1.40.0-jammy)"
+echo "  - mcp-redis-tools (redis:7-alpine)"
+echo "  - mcp-n8n (n8nio/n8n:latest)"
+echo "  - mcp-security-scanner (aquasec/trivy:latest)"
+echo ""
+echo "Next steps:"
+echo "  1. Run tests: ./scripts/docker-test-mcp.sh"
+echo "  2. Deploy: docker-compose -f docker-compose.production.yml up -d"
+echo ""