xypriss-swagger 1.0.36 → 1.0.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +24 -8
  2. package/package.json +1 -1
  3. package/xypriss.plugin.xsig +5 -5
package/README.md CHANGED
@@ -26,7 +26,7 @@ In your main XyPriss application, import and register the `SwaggerPlugin`:
26
26
 
27
27
  ```typescript
28
28
  import { SwaggerPlugin } from "xypriss-swagger";
29
- import { XyPrissServer } from "xypriss";
29
+ import { createServer } from "xypriss";
30
30
 
31
31
  const server = createServer({
32
32
  plugins: {
@@ -41,7 +41,6 @@ const server = createServer({
41
41
  },
42
42
  });
43
43
 
44
-
45
44
  server.start();
46
45
  ```
47
46
 
@@ -53,7 +52,6 @@ Ensure the plugin is authorized in your `xypriss.config.jsonc`:
53
52
  {
54
53
  "$internal": {
55
54
  "xypriss-swagger": {
56
- "type": "plugin",
57
55
  "__meta__": {
58
56
  "path": "ROOT://",
59
57
  },
@@ -62,6 +60,10 @@ Ensure the plugin is authorized in your `xypriss.config.jsonc`:
62
60
  },
63
61
  "permissions": {
64
62
  "allowedHooks": [
63
+ "PLG.HTTP.ON_REQUEST",
64
+ "PLG.SECURITY.ACCESS_SENSITIVE_DATA",
65
+ "PLG.LIFECYCLE.REGISTER",
66
+ "PLG.LIFECYCLE.SERVER_START",
65
67
  "PLG.OPS.AUXILIARY_SERVER",
66
68
  "PLG.SECURITY.ACCESS_CONFIGS",
67
69
  ],
@@ -131,13 +133,27 @@ server.get(
131
133
 
132
134
  ## Security & Permissions
133
135
 
134
- In order to properly analyze your project's codebase and generate accurate Swagger documentation, this plugin requires the `CWD://` (Current Working Directory) context permission.
136
+ In order to properly function and integrate safely into your Zero-Trust XyPriss environment, this plugin requires the following privileges to be strictly allowed in your `xypriss.config.jsonc`:
137
+
138
+ ### Filesystem Context (`CWD://`)
139
+
140
+ **Why?** The plugin needs to resolve the active execution directory to dynamically scan your route files, interpret comments, and compile the OpenAPI JSON structure correctly.
141
+ **Is it safe?** Absolutely. The plugin performs exclusive read-only operations targeting your router files, safely ignoring sensitive `.env` or credentials.
142
+
143
+ ### Lifecycle & Auxiliary Hooks
144
+
145
+ The Swagger plugin operates as an independent subsystem connected to the main server loop:
146
+
147
+ - `PLG.LIFECYCLE.REGISTER`: Required to negotiate initialization with the core engine.
148
+ - `PLG.LIFECYCLE.SERVER_START`: Allows the plugin to participate safely in the startup sequence.
149
+ - `PLG.OPS.AUXILIARY_SERVER`: **Crucial.** Permits the deployment of the isolated documentation HTTP server without exposing your main server loop.
150
+
151
+ ### Security Access Hooks
135
152
 
136
- **Why is `CWD://` required?**
137
- The plugin needs to resolve the active execution directory to dynamically scan your route files, interpret comments, and compile the OpenAPI JSON structure correctly.
153
+ - `PLG.HTTP.ON_REQUEST`: Used strictly on the isolated auxiliary server to mount the documentation UI and manage static assets.
154
+ - `PLG.SECURITY.ACCESS_SENSITIVE_DATA` & `PLG.SECURITY.ACCESS_CONFIGS`: Required for the plugin to introspect the router architecture and extract the internal metadata needed for documentation auto-generation.
138
155
 
139
- **Is it safe?**
140
- Absolutely. While `CWD://` grants broad access to the project root, the XyPriss Swagger plugin is an official, strictly audited core module. It **exclusively** performs safe, read-only operations targeting your router files. It explicitly ignores sensitive system files (e.g., `.env`, credentials) and does not leak or alter your business logic. Your environment remains completely secure.
156
+ By explicitly providing these permissions, you maintain complete Zero-Trust authority over what the plugin is allowed to do, preventing silent system overrides or unwanted network binding.
141
157
 
142
158
  ## License
143
159
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "xypriss-swagger",
3
- "version": "1.0.36",
3
+ "version": "1.0.38",
4
4
  "description": "Auto-documentation plugin for XyPriss Router V2",
5
5
  "type": "module",
6
6
  "main": "dist/cjs/index.js",
package/xypriss.plugin.xsig CHANGED
@@ -1,10 +1,10 @@
1
1
  --- XYPRISS SIGNATURE (G3) ---
2
- Manifest: xypriss-swagger@1.0.36
3
- Min-Engine: 1.0.29
4
- Fingerprint: sha256:8eac1f742c803956f15dd5c25b62f6ae4ef6831cd4f1282cd307527c0a6a834d
2
+ Manifest: xypriss-swagger@1.0.38
3
+ Min-Engine: 1.0.35
4
+ Fingerprint: sha256:1c9cf9b7e980d2d2a03b577fb579b468012ac1ac5816b9bec1c65db9dabe7bb2
5
5
  Identity: ed25519:a58b17a3e46302dd3ae5538bc9b8b991c57f4c5fe2e7d8ac41803de818d947f4
6
- Expires: 2027-04-22T11:51:22Z
6
+ Expires: 2027-04-22T21:03:55Z
7
7
  Revision: sha256:none
8
8
  --- BEGIN CRYPTOGRAPHIC PROOF ---
9
- base64:QoQVvBkDNRa08k5tnK9VQxq0F9HQYM8E81Mzzvx1ij9iSEmxipKRQKIH8svQzLes/XOOSmKaMOc3I+QYrmEhBA==
9
+ base64:uh/Zj4YyJg4ACEPGtgG9spmUxkNSkIefqrzo02GMLGm/onhKt6aFa4fjCVo8qr37Oxn1tHt1IUp4abf3Ew4NAw==
10
10
  --- END XYPRISS SIGNATURE ---