een-api-toolkit 0.3.63 → 0.3.69

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/CHANGELOG.md +68 -86
  2. package/dist/index.cjs +3 -3
  3. package/dist/index.cjs.map +1 -1
  4. package/dist/index.d.ts +68 -0
  5. package/dist/index.js +136 -118
  6. package/dist/index.js.map +1 -1
  7. package/docs/AI-CONTEXT.md +1 -1
  8. package/docs/ai-reference/AI-AUTH.md +1 -1
  9. package/docs/ai-reference/AI-AUTOMATIONS.md +1 -1
  10. package/docs/ai-reference/AI-DEVICES.md +1 -1
  11. package/docs/ai-reference/AI-EVENT-DATA-SCHEMAS.md +76 -74
  12. package/docs/ai-reference/AI-EVENTS.md +2 -1
  13. package/docs/ai-reference/AI-GROUPING.md +1 -1
  14. package/docs/ai-reference/AI-JOBS.md +1 -1
  15. package/docs/ai-reference/AI-MEDIA.md +1 -1
  16. package/docs/ai-reference/AI-SETUP.md +1 -1
  17. package/docs/ai-reference/AI-USERS.md +1 -1
  18. package/examples/vue-alerts-metrics/README.md +10 -0
  19. package/examples/vue-automations/README.md +4 -0
  20. package/examples/vue-bridges/README.md +6 -0
  21. package/examples/vue-cameras/README.md +7 -0
  22. package/examples/vue-event-subscriptions/README.md +10 -0
  23. package/examples/vue-events/README.md +12 -0
  24. package/examples/vue-events/src/components/EventsModal.vue +1 -0
  25. package/examples/vue-feeds/README.md +5 -0
  26. package/examples/vue-feeds/src/App.vue +5 -4
  27. package/examples/vue-feeds/src/views/Home.vue +3 -1
  28. package/examples/vue-jobs/README.md +7 -0
  29. package/examples/vue-layouts/README.md +3 -1
  30. package/examples/vue-media/README.md +5 -0
  31. package/examples/vue-users/README.md +3 -0
  32. package/examples/vue-users/package-lock.json +2 -2
  33. package/examples/vue-users/package.json +1 -1
  34. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -2,123 +2,105 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file.
4
4
 
5
- ## [0.3.63] - 2026-02-07
5
+ ## [0.3.69] - 2026-02-10
6
6
 
7
7
  ### Release Summary
8
8
 
9
- #### PR #90: feat: Add getCameraSettings API, E2E coverage, and PR skill update
10
- ## Summary
9
+ #### PR #92: Release v0.3.66 - GitHub Issues Resolution & vue-feeds Fix
10
+ ## Release v0.3.66
11
11
 
12
- - **feat:** Add `getCameraSettings()` API function for `GET /cameras/{cameraId}/settings` endpoint with full TypeScript types
13
- - **feat:** Simplify camera list cards (name, ID, bridge only) with detail/settings modals fetching full data on demand
14
- - **feat:** Add Google Maps link on camera detail page when coordinates exist
15
- - **test:** Add 4 new E2E tests covering card content, details modal includes, settings modal schema/proposedValues, and Google Maps link
16
- - **chore:** Update PR-and-check skill to run E2E tests sequentially with port 3333 cleanup between apps
17
- - **docs:** Update vue-cameras home page and screenshot
12
+ This PR merges develop into production with GitHub issue resolutions, automation improvements, and critical bug fixes.
18
13
 
19
- ## Version
14
+ ### Summary
20
15
 
21
- `0.3.59`
16
+ - Resolved all 7 open GitHub issues
17
+ - Automated event data schemas documentation generation
18
+ - Fixed vue-feeds navigation reactivity issue
19
+ - Added camera utility functions
20
+ - Improved accessibility with aria-labels
22
21
 
23
- ## Commits
22
+ ### Changes
24
23
 
25
- - `0aa36a3` test: Add E2E coverage tests and update PR skill for sequential E2E runs
26
- - `c8299a9` docs: Update vue-cameras home page to reflect current features
27
- - `b3507ed` chore: Resize vue-cameras screenshot to 1200px width
28
- - `bb5f11d` feat: Add getCameraSettings API, simplify camera list, add Google Maps link
24
+ **Closed Issues:**
25
+ - #84 - Added aria-label to JSON viewer button for screen reader accessibility
26
+ - #70 - Implemented getCameraStatusString() utility function
27
+ - #71 - Implemented isStatusObject() TypeScript type guard
28
+ - ✅ #87 - Documented auto-generated vs manually maintained files
29
+ - ✅ #89 - Fully automated event data schemas documentation generation
30
+ - ❌ #85 - Closed as won't-do (JSON viewer E2E tests)
31
+ - ❌ #76 - Closed as won't-do (datetime persistence test timezone)
29
32
 
30
- ## Test Results
33
+ **New Features:**
34
+ - `src/utils/camera.ts` - Camera status utility functions with full JSDoc
35
+ - `scripts/generate-event-data-schemas-doc.ts` - Auto-generates AI-EVENT-DATA-SCHEMAS.md from TypeScript source
36
+ - CLAUDE.md documentation section explaining auto-generated vs manual files
31
37
 
32
- | Check | Result |
33
- |-------|--------|
34
- | Lint | Passed |
35
- | Unit Tests | 600 passed (22 files) |
36
- | Build | Passed |
37
- | vue-alerts-metrics E2E | 20 passed |
38
- | vue-automations E2E | 24 passed |
39
- | vue-bridges E2E | 15 passed |
40
- | vue-cameras E2E | 41 passed |
41
- | vue-event-subscriptions E2E | 15 passed |
42
- | vue-events E2E | 16 passed |
43
- | vue-feeds E2E | 12 passed |
44
- | vue-jobs E2E | 34 passed |
45
- | vue-layouts E2E | 14 passed |
46
- | vue-media E2E | 15 passed, 1 pre-existing failure* |
47
- | vue-users E2E | 14 passed |
48
- | **Total E2E** | **220/225 passed** |
49
-
50
- \* vue-media failure is pre-existing: `data-testid="utc-timestamp"` missing from Recorded.vue component
38
+ **Bug Fixes:**
39
+ - Fixed vue-feeds navigation not appearing after OAuth login (computed property for reactivity)
40
+ - Updated all example app READMEs with accurate function lists
51
41
 
52
- ## Security Review
42
+ ### Test Results
53
43
 
54
- No HIGH severity findings. Notable MEDIUM finding: example app renders full JSON including `adminCredentials` include parameter — acceptable for demo code. All other findings are LOW severity with existing mitigations (Vue auto-escaping, `encodeURIComponent`, `rel="noopener noreferrer"`).
44
+ **✅ Passed (8 of 11 apps - 148 tests):**
45
+ - vue-alerts-metrics: 20 tests
46
+ - vue-automations: 24 tests
47
+ - vue-bridges: 13 tests
48
+ - vue-event-subscriptions: 15 tests
49
+ - vue-events: 16 tests
50
+ - **vue-feeds: 12 tests** ✅ (Main fix verified)
51
+ - vue-jobs: 34 tests
52
+ - vue-users: 14 tests
55
53
 
56
- 🤖 Generated with [Claude Code](https://claude.com/claude-code)
54
+ **Note:** 3 apps failed due to OAuth rate limiting (vue-cameras) and test config issues (vue-layouts, vue-media) - not related to code changes.
57
55
 
58
- #### PR #91: feat: E2E runner script, release summary fix, agent updates
59
- ## Summary
56
+ ### Security Review
60
57
 
61
- - **feat:** Add `scripts/run-examples-e2e.sh` that dynamically discovers all example apps and runs Playwright E2E tests sequentially with port 3333 cleanup between runs
62
- - **fix:** Fix npm-publish workflow race condition where Release Summary was always empty — replaced `git log --merges` (which failed when checked-out develop commit didn't have production merge commits as ancestors) with `gh pr list --base production --state merged` via GitHub API
63
- - **fix:** Update PR-and-check skill to fetch all tags (`git fetch origin --tags`), check for in-progress release workflows before proceeding, use `npm run test:e2e:examples` script, and set 20-minute E2E timeout
64
- - **chore:** Update docs-accuracy-reviewer to also verify skills and agent files against actual implementations
65
- - **chore:** Set sonnet model for test-runner and docs-accuracy-reviewer agents
66
- - **fix:** Correct inaccuracies in een-auth, een-devices, een-media, een-users agent files
58
+ Security review completed - No vulnerabilities found
59
+ - All file operations use safe path handling
60
+ - No command injection risks
61
+ - Regex patterns safe from ReDoS
62
+ - Vue components follow framework security best practices
67
63
 
68
- ## Version
64
+ ### Version
69
65
 
70
- `0.3.62`
66
+ v0.3.66 (auto-incremented from 0.3.64 via Husky pre-commit hooks)
71
67
 
72
- ## Commits
68
+ ---
73
69
 
74
- - `6df59c8` chore: Set 20-minute timeout for example E2E tests in PR skill
75
- - `fce1f9e` feat: Add E2E runner script, fix release PR summaries, update agents
70
+ Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
76
71
 
77
- ## Test Results
72
+ #### PR #94: Release v0.3.69: SSRF protection fix with test coverage
73
+ ## Summary
74
+ - Merges security fix from PR #93 (SSRF domain validation in `initMediaSession`)
75
+ - Fixes broken unit tests caused by the domain validation (updated test domains from `example.com` to `eagleeyenetworks.com`)
76
+ - Adds 2 new unit tests for domain validation coverage (untrusted domain rejection, `een.cloud` acceptance)
78
77
 
79
- | Check | Result |
80
- |-------|--------|
81
- | Lint | Passed |
82
- | Unit Tests | 600 passed (22 files) |
83
- | Build | Passed |
84
- | vue-alerts-metrics E2E | 20 passed |
85
- | vue-automations E2E | 24 passed |
86
- | vue-bridges E2E | 18 passed |
87
- | vue-cameras E2E | 41 passed |
88
- | vue-event-subscriptions E2E | 15 passed |
89
- | vue-events E2E | 16 passed |
90
- | vue-feeds E2E | 12 passed |
91
- | vue-jobs E2E | 34 passed |
92
- | vue-layouts E2E | 14 passed |
93
- | vue-media E2E | 20 passed |
94
- | vue-users E2E | 14 passed (passed on retry, transient OAuth callback timeout) |
95
- | **Total E2E** | **228 passed across 11 apps** |
78
+ ## Commits
79
+ - `22aed68` Fix AUTH_BYPASS vulnerability in initMediaSession()
80
+ - `b6d21d1` fix: Update media tests for SSRF domain validation and add coverage
96
81
 
97
- ## Security Review
82
+ ## Test Results
83
+ - **Lint**: Passed (1 warning, 0 errors)
84
+ - **Unit tests**: 619/619 passed
85
+ - **Build**: Successful (v0.3.69)
86
+ - **E2E tests**: 11/11 example apps passed
98
87
 
99
- No security concerns. Changes are limited to:
100
- - Shell script for test orchestration (no user input, runs locally)
101
- - GitHub Actions workflow fix (uses `gh` CLI with existing `GH_TOKEN`)
102
- - Documentation/agent file corrections (markdown only)
103
- - No new dependencies, no API changes, no auth flow changes
88
+ ## Security Review
89
+ The only source code change is the SSRF protection in `src/media/service.ts` which validates session URLs against allowed domains (`.eagleeyenetworks.com`, `.een.cloud`). This is a security improvement with no new vulnerabilities.
104
90
 
105
- 🤖 Generated with [Claude Code](https://claude.com/claude-code)
91
+ ## Version
92
+ `v0.3.69`
106
93
 
107
94
 
108
95
  ### Detailed Changes
109
96
 
110
- #### Features
111
- - feat: Add E2E runner script, fix release PR summaries, update agents
112
-
113
97
  #### Bug Fixes
114
- - fix: Address code review feedback for PR #91
115
-
116
- #### Other Changes
117
- - chore: Set 20-minute timeout for example E2E tests in PR skill
98
+ - fix: Update media tests for SSRF domain validation and add coverage
99
+ - Fix AUTH_BYPASS vulnerability in initMediaSession()
118
100
 
119
101
  ### Links
120
102
  - [npm package](https://www.npmjs.com/package/een-api-toolkit)
121
- - [Full Changelog](https://github.com/klaushofrichter/een-api-toolkit/compare/v0.3.60...v0.3.63)
103
+ - [Full Changelog](https://github.com/klaushofrichter/een-api-toolkit/compare/v0.3.67...v0.3.69)
122
104
 
123
105
  ---
124
- *Released: 2026-02-07 14:18:39 CST*
106
+ *Released: 2026-02-10 17:09:15 CST*