npm - xypriss-swagger - Versions diffs - 1.0.36 → 1.0.37 - Mend

xypriss-swagger 1.0.36 → 1.0.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -41,7 +41,6 @@ const server = createServer({
     },
 });
 server.start();
 ```
@@ -62,6 +61,10 @@ Ensure the plugin is authorized in your `xypriss.config.jsonc`:
             },
             "permissions": {
                 "allowedHooks": [
+                    "PLG.HTTP.ON_REQUEST",
+                    "PLG.SECURITY.ACCESS_SENSITIVE_DATA",
+                    "PLG.LIFECYCLE.REGISTER",
+                    "PLG.LIFECYCLE.SERVER_START",
                     "PLG.OPS.AUXILIARY_SERVER",
                     "PLG.SECURITY.ACCESS_CONFIGS",
                 ],
@@ -131,13 +134,27 @@ server.get(
 ## Security & Permissions
-In order to properly analyze your project's codebase and generate accurate Swagger documentation, this plugin requires the `CWD://` (Current Working Directory) context permission.
+In order to properly function and integrate safely into your Zero-Trust XyPriss environment, this plugin requires the following privileges to be strictly allowed in your `xypriss.config.jsonc`:
+### Filesystem Context (`CWD://`)
+**Why?** The plugin needs to resolve the active execution directory to dynamically scan your route files, interpret comments, and compile the OpenAPI JSON structure correctly.
+**Is it safe?** Absolutely. The plugin performs exclusive read-only operations targeting your router files, safely ignoring sensitive `.env` or credentials.
+### Lifecycle & Auxiliary Hooks
+The Swagger plugin operates as an independent subsystem connected to the main server loop:
+- `PLG.LIFECYCLE.REGISTER`: Required to negotiate initialization with the core engine.
+- `PLG.LIFECYCLE.SERVER_START`: Allows the plugin to participate safely in the startup sequence.
+- `PLG.OPS.AUXILIARY_SERVER`: **Crucial.** Permits the deployment of the isolated documentation HTTP server without exposing your main server loop.
+### Security Access Hooks
-**Why is `CWD://` required?**
-The plugin needs to resolve the active execution directory to dynamically scan your route files, interpret comments, and compile the OpenAPI JSON structure correctly.
+- `PLG.HTTP.ON_REQUEST`: Used strictly on the isolated auxiliary server to mount the documentation UI and manage static assets.
+- `PLG.SECURITY.ACCESS_SENSITIVE_DATA` & `PLG.SECURITY.ACCESS_CONFIGS`: Required for the plugin to introspect the router architecture and extract the internal metadata needed for documentation auto-generation.
-**Is it safe?**
-Absolutely. While `CWD://` grants broad access to the project root, the XyPriss Swagger plugin is an official, strictly audited core module. It **exclusively** performs safe, read-only operations targeting your router files. It explicitly ignores sensitive system files (e.g., `.env`, credentials) and does not leak or alter your business logic. Your environment remains completely secure.
+By explicitly providing these permissions, you maintain complete Zero-Trust authority over what the plugin is allowed to do, preventing silent system overrides or unwanted network binding.
 ## License

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "xypriss-swagger",
-    "version": "1.0.36",
+    "version": "1.0.37",
     "description": "Auto-documentation plugin for XyPriss Router V2",
     "type": "module",
     "main": "dist/cjs/index.js",

package/xypriss.plugin.xsig CHANGED Viewed

@@ -1,10 +1,10 @@
 --- XYPRISS SIGNATURE (G3) ---
-Manifest: xypriss-swagger@1.0.36
-Min-Engine: 1.0.29
-Fingerprint: sha256:8eac1f742c803956f15dd5c25b62f6ae4ef6831cd4f1282cd307527c0a6a834d
+Manifest: xypriss-swagger@1.0.37
+Min-Engine: 1.0.35
+Fingerprint: sha256:53f24df6e325461b5f45bdf2c1ad7dab95e6c904979af8ffc396507a543ded56
 Identity: ed25519:a58b17a3e46302dd3ae5538bc9b8b991c57f4c5fe2e7d8ac41803de818d947f4
-Expires: 2027-04-22T11:51:22Z
+Expires: 2027-04-22T20:54:37Z
 Revision: sha256:none
 --- BEGIN CRYPTOGRAPHIC PROOF ---
-base64:QoQVvBkDNRa08k5tnK9VQxq0F9HQYM8E81Mzzvx1ij9iSEmxipKRQKIH8svQzLes/XOOSmKaMOc3I+QYrmEhBA==
+base64:d2rumcZZmiZpCpc1TQbA1RmMnDgppcYNSv+LHuZ+SZXF0NHXotKdQeroTQaCEnqxjvRJEXyPjZsJNgt4RW8AAw==
 --- END XYPRISS SIGNATURE ---