odac 1.2.0 → 1.3.0

package/.agent/rules/memory.md

@@ -28,6 +28,15 @@ trigger: always_on
     - **Loop Optimization:** Use labeled loops (`label: for`) for efficient control flow in nested structures. Eliminate intermediate "flag" variables (`isMatch`, `found`) by using direct `return` or `continue label`.
     - **Direct Returns:** Return a value as soon as it is determined. Avoid assigning to a temporary variable (e.g. `matchedUser`) and breaking the loop, unless post-loop processing is strictly necessary.
     - **Async State Safety:** When an async function depends on mutable class state (like `pendingMiddlewares`), capture that state into a local `const` *synchronously* before triggering any async operations. This prevents race conditions where the state changes before the async task consumes it.
+    - **Async I/O Preference:** Prefer asynchronous file system operations (`fs.promises` or `await fs.promises.*`) over synchronous methods (`fs.readFileSync`, `fs.writeFileSync`) to prevent blocking the event loop and ensure high concurrency, especially in request handling paths.
 
 ## Dependency Management
-- **Prefer Native Fetch:** Use the native `fetch` API for network requests in both Node.js (18+) and browser environments to reduce dependencies and bundle size.
+- **Prefer Native Fetch:** Use the native `fetch` API for network requests in both Node.js (18+) and browser environments to reduce dependencies and bundle size.
+
+## Naming & Text Conventions
+- **ODAC Casing:** Always write "ODAC" in uppercase letters when referring to the framework name in strings, comments, log messages, or user-facing text. **EXCEPTION:** The class name itself (`class Odac`) and variable references to it should remain `Odac` (PascalCase) as per code conventions.
+
+## Testing & Validation
+- **Mandatory Test Coverage:** Every new feature, method, or significant logic change MUST be accompanied by a corresponding unit or integration test.
+    - **Verify Correctness:** do not assume code works; prove it with a test that covers both success and failure scenarios (e.g., edge cases, error conditions).
+    - **Update Existing Tests:** If a feature modifies existing behavior, update the relevant tests to reflect the new logic and ensure they pass.

package/.github/workflows/release.yml

@@ -7,7 +7,7 @@ on:
     paths-ignore:
       - 'CHANGELOG.md'
       - 'package.json'
-      - '.github/workflows/test-publish.yml'
+      - '.github/workflows/**'
   workflow_dispatch:
 
 jobs:
@@ -56,6 +56,8 @@ jobs:
           repository: odac-run/actions
           token: ${{ secrets.GH_PAT }}
           path: .github/odac-actions
+          ref: main
+          persist-credentials: false
 
       - name: Generate Release Notes
         id: ai_notes
@@ -70,11 +72,35 @@ jobs:
       - name: Cleanup Actions
         if: always()
         run: rm -rf .github/odac-actions
+
+      - name: Update PR Title
+        uses: actions/github-script@v7
+        if: steps.ai_notes.outcome == 'success'
+        env:
+          AI_TITLE: ${{ steps.ai_notes.outputs.release-title }}
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const prs = await github.rest.repos.listPullRequestsAssociatedWithCommit({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              commit_sha: context.sha,
+            });
+            if (prs.data.length > 0) {
+              await github.rest.pulls.update({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number: prs.data[0].number,
+                title: process.env.AI_TITLE
+              });
+            }
+
       - name: Update Release
         uses: softprops/action-gh-release@v1
         if: steps.ai_notes.outcome == 'success' && steps.version.outputs.version != ''
         with:
           tag_name: v${{ steps.version.outputs.version }}
+          name: ${{ steps.ai_notes.outputs.release-title }}
           body_path: RELEASE_NOTE.md
           draft: false
           prerelease: false

package/.husky/pre-push

@@ -1,10 +1,10 @@
 #!/usr/bin/env sh
 . "$(dirname -- "$0")/_/husky.sh"
 
-# Prevent pushing code with High/Critical vulnerabilities
-echo "🛡️  Running Security Gate (npm audit)..."
+# Prevent pushing code with High/Critical vulnerabilities in production dependencies
+echo "🛡️  Running Production Security Gate (npm audit)..."
 
-npm audit --audit-level=high
+npm audit --audit-level=high --omit=dev
 
 if [ $? -ne 0 ]; then
     echo "❌ Security Check Failed! High vulnerabilities detected."

package/.releaserc.js

@@ -122,7 +122,7 @@ Powered by [⚡ ODAC](https://odac.run)
     [
       '@semantic-release/npm',
       {
-        npmPublish: false
+        provenance: true
       }
     ],
     [
@@ -134,4 +134,4 @@ Powered by [⚡ ODAC](https://odac.run)
     ],
     '@semantic-release/github'
   ]
-}
+}

package/CHANGELOG.md

@@ -1,3 +1,35 @@
+### ⚙️ Engine Tuning
+
+- Improve disposable domain cache management by relocating the cache path, ensuring directory existence, and standardizing error logging.
+- Migrate file system operations in Mail and View to use async `fs.promises` for non-blocking I/O, aligning with new memory.md guidelines.
+- remove unused `WebSocketClient` variable assignments in `WebSocket.test.js`
+- streamline cache file reading by removing redundant access check.
+- **validator:** Migrate file operations to `fs.promises` for asynchronous I/O and enhance security with explicit content sanitization.
+
+### ⚡️ Performance Upgrades
+
+- Optimize parametric route matching by implementing a two-phase, pre-indexed lookup strategy grouped by segment count.
+
+### ✨ What's New
+
+- Add configurable max payload size and message rate limiting options to WebSocket routes.
+- Refined pre-push security audit to omit dev dependencies, optimized variable initializations, enhanced test mocks with `writeHead` and `finished` properties, introduced conditional `setTimeout` for request handling, and improved code formatting in client-side WebSocket and AJAX logic.
+- update `.gitignore` to no longer ignore package manager lock files and to ignore the `storage/` directory
+
+### 🛠️ Fixes & Improvements
+
+- Enhance route directory not found error logging and add ODAC casing convention to memory rules.
+- Set owner-only read/write permissions (0o600) for temporary cache files created during validation.
+- suppress tailwind process stdout output
+- Update default Unix socket path and enhance socket connection error handling with specific guidance for `ENOENT` errors.
+- Update Tailwind CSS watch flag to '--watch=always' and refine child process stdio configuration.
+
+
+
+---
+
+Powered by [⚡ ODAC](https://odac.run)
+
 ### agent
 
 - Clarify logging strategies for development and production environments

package/bin/odac.js

@@ -117,6 +117,9 @@ async function run() {
     if (cluster.isPrimary) {
       const configs = getTailwindConfigs()
       const tails = []
+      const names = configs.map(c => c.name).join(', ')
+
+      console.log(`🎨 \x1b[36mODAC Styles:\x1b[0m Watching for changes (${names})`)
 
       configs.forEach(({input, cssOutput, name, isCustom}) => {
         let tailwindProcess = null
@@ -125,19 +128,32 @@ async function run() {
           const localCli = path.join(process.cwd(), 'node_modules', '.bin', 'tailwindcss')
           const useLocal = fs.existsSync(localCli)
           const cmd = useLocal ? localCli : 'npx'
-          const args = useLocal ? ['-i', input, '-o', cssOutput, '--watch'] : ['@tailwindcss/cli', '-i', input, '-o', cssOutput, '--watch']
-
-          console.log(`🎨 Starting Tailwind CSS for ${name} (${isCustom ? 'Custom' : 'Default'})...`)
-          console.log(`📂 Watching directory: ${process.cwd()}`)
+          const args = useLocal
+            ? ['-i', input, '-o', cssOutput, '--watch=always']
+            : ['@tailwindcss/cli', '-i', input, '-o', cssOutput, '--watch=always']
 
           tailwindProcess = spawn(cmd, args, {
-            stdio: 'inherit',
+            stdio: ['pipe', 'ignore', 'pipe'],
             shell: !useLocal, // Valid for npm/npx compatibility if local not found
             cwd: process.cwd()
           })
 
+          // Filter stderr: suppress status noise, forward only real errors
+          tailwindProcess.stderr.on('data', chunk => {
+            const raw = chunk.toString()
+            const lines = raw.split('\n')
+            for (const line of lines) {
+              // Strip ANSI escape codes to ensure reliable filtering
+              const clean = line.replace(/\x1B\[[0-9;]*[JKmsu]/g, '').trim()
+
+              if (!clean || clean.startsWith('Done in') || clean.startsWith('≈')) continue
+
+              process.stderr.write(`\x1b[31m[ODAC Style Error]\x1b[0m ${line}\n`)
+            }
+          })
+
           tailwindProcess.on('error', err => {
-            console.error(`❌ Tailwind watcher failed to start for ${name}:`, err.message)
+            console.error(`❌ \x1b[31m[ODAC Style Error]\x1b[0m Failed to start watcher for ${name}:`, err.message)
           })
 
           tailwindProcess.on('exit', code => {