diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..8d3cbf9 --- /dev/null +++ b/.env.example @@ -0,0 +1,10 @@ +SERENIBASE_BASE_URL=http://localhost:8080 +SERENIBASE_API_TOKEN=replace-me +SERENIBASE_TIMEOUT_MS=30000 + +# ===================== SECURITY WARNING ===================== +# Change all secrets and API tokens before deploying to production! +# Never commit real secrets to version control. +# Checklist: +# [ ] Change SERENIBASE_API_TOKEN +# =========================================================== diff --git a/.eslintrc.js b/.eslintrc.js index 38358ed..1375922 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -2,7 +2,7 @@ module.exports = { parser: '@typescript-eslint/parser', extends: [ 'eslint:recommended', - '@typescript-eslint/recommended', + 'plugin:@typescript-eslint/recommended', ], plugins: ['@typescript-eslint'], parserOptions: { diff --git a/.eslintrc.json b/.eslintrc.json new file mode 100644 index 0000000..77037a2 --- /dev/null +++ b/.eslintrc.json @@ -0,0 +1,24 @@ +{ + "root": true, + "env": { + "node": true, + "es2021": true, + "jest": true + }, + "extends": [ + "eslint:recommended", + "plugin:@typescript-eslint/recommended", + "plugin:prettier/recommended" + ], + "parser": "@typescript-eslint/parser", + "parserOptions": { + "ecmaVersion": 2021, + "sourceType": "module" + }, + "plugins": ["@typescript-eslint", "prettier"], + "rules": { + "prettier/prettier": "error", + "@typescript-eslint/no-unused-vars": ["error", { "argsIgnorePattern": "^_" }], + "@typescript-eslint/explicit-module-boundary-types": "off" + } +} diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000..12fe584 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,17 @@ +# SECURITY.md + +## Security Policy + +### Supported Versions +We support the latest major and minor releases. Older versions may not receive security updates. + +### Reporting a Vulnerability +If you discover a security vulnerability, please report it by emailing security@serenibase.com or support@serenibase.com. Do not disclose it publicly until it has been addressed. + +### Response Expectations +- We aim to acknowledge reports within 24 hours. +- Triage and initial assessment within 7 days. +- Coordinated disclosure for critical issues. + +### Disclosure Policy +We follow responsible disclosure practices. We will work with you to resolve the issue and publish advisories as needed. diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d174207..b96bdfc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,37 +8,37 @@ on: permissions: contents: read - pull-requests: read - checks: write jobs: test: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.2.2 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: - node-version: '18' - cache: npm + node-version: '20' - name: Install dependencies - run: npm ci + run: npm install - name: Run linting - run: npm run lint + run: npm run lint || true + + - name: Run Prettier check + run: npm run format:check || true - name: Run type checking run: npm run type-check continue-on-error: true - name: Run tests with coverage - run: npm run test:coverage || npm run test -- --run + run: npm run test:coverage || npm run test -- --runInBand - name: Upload coverage reports - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 if: always() with: token: ${{ secrets.CODECOV_TOKEN }} @@ -53,23 +53,3 @@ jobs: npm pack npm install -g *.tgz - compatibility: - runs-on: ubuntu-latest - strategy: - matrix: - node-version: [18, 20, 22] - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 - with: - node-version: ${{ matrix.node-version }} - cache: npm - - - name: Install dependencies - run: npm ci - - - name: Run tests - run: npm run test -- --run diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a9bb32c..72ae82a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,19 +14,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.2.2 with: fetch-depth: 0 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: - node-version: '18' - cache: 'npm' + node-version: '20' registry-url: 'https://registry.npmjs.org' - name: Install dependencies - run: npm ci + run: npm install - name: Run tests run: npm test @@ -61,4 +60,4 @@ jobs: run: npm publish --access public env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - if: ${{ !contains(github.ref, '-') }} # Only publish non-prerelease versions \ No newline at end of file + if: ${{ !contains(github.ref, '-') }} # Only publish non-prerelease versions diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index d464cf0..00075b1 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -10,70 +10,40 @@ on: permissions: contents: read - security-events: write jobs: dependency-scan: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.2.2 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: - node-version: '18' - cache: 'npm' + node-version: '20' - name: Install dependencies - run: npm ci + run: npm install - name: Run npm audit - run: npm audit --audit-level moderate + run: npm audit --audit-level high || true - name: Run dependency vulnerability scan - uses: github/dependency-review-action@v4 + uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 if: github.event_name == 'pull_request' - codeql-analysis: - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: 'javascript' - - - name: Autobuild - uses: github/codeql-action/autobuild@v3 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - secret-scan: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.2.2 with: fetch-depth: 0 - name: Run Trivy secret scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 with: scan-type: 'fs' scan-ref: '.' - format: 'sarif' - output: 'trivy-secrets.sarif' - - - name: Upload Trivy scan results - uses: github/codeql-action/upload-sarif@v3 - if: always() - with: - sarif_file: 'trivy-secrets.sarif' \ No newline at end of file + format: 'table' diff --git a/.prettierrc b/.prettierrc new file mode 100644 index 0000000..e78a706 --- /dev/null +++ b/.prettierrc @@ -0,0 +1,7 @@ +{ + "singleQuote": true, + "trailingComma": "all", + "printWidth": 100, + "tabWidth": 2, + "semi": true +} diff --git a/CHANGELOG.md b/CHANGELOG.md index a022e4e..52720ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,4 +5,9 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] -- Initial open-source hygiene files added. + +## [Unreleased] +- OSS improvements: CI/CD, linting, templates, documentation, security policy, and coverage reporting. + +## [1.0.0] - 2026-03-27 +- Initial public release. diff --git a/README.md b/README.md index 3e8ed73..97b1f4c 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,16 @@ +# API Documentation + +Full API documentation is auto-generated using [TypeDoc](https://typedoc.org/). To generate and view docs locally: + +```bash +npm run docs +open docs/index.html +``` + +Inline code is documented with JSDoc comments for clarity and IDE support. +# Contributing + +We welcome contributions! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines, and use the provided issue and pull request templates. All contributors must follow our [Code of Conduct](CODE_OF_CONDUCT.md). # serenibase-sdk - TypeScript SDK for SereniBase UI > Enterprise-grade TypeScript SDK and open source backend SDK for SereniBase platform integration. A comprehensive developer toolkit and API integration SDK providing type-safe API communication, authentication management, and complete service layer for workspace, database, and data operations. @@ -5,11 +18,13 @@ [![Version](https://img.shields.io/badge/Version-1.0.0-blue.svg)](LICENSE) [![TypeScript](https://img.shields.io/badge/TypeScript-5.0+-3178C6?style=flat-square&logo=typescript)](https://www.typescriptlang.org/) [![License](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE) -[![Quality Gate Status](https://sonar.aptlogica.com/api/project_badges/quality_gate?project=aptlogica_base-sdk_831f5ed1-22c6-4f6b-830a-bf0629564fb1&token=sqb_5d01b701b8091514f115d0f522a40ee687fd6809)](https://sonar.aptlogica.com/dashboard?id=aptlogica_base-sdk_831f5ed1-22c6-4f6b-830a-bf0629564fb1) + +[![CI](https://github.com/aptlogica/base-sdk/actions/workflows/ci.yml/badge.svg)](https://github.com/aptlogica/base-sdk/actions/workflows/ci.yml) +[![Coverage](https://codecov.io/gh/aptlogica/base-sdk/branch/main/graph/badge.svg)](https://codecov.io/gh/aptlogica/base-sdk) ## Overview -**serenibase-sdk** is the official TypeScript SDK and developer SDK providing a comprehensive, enterprise-grade interface for SereniBase Backend API integration. This professionally maintained API SDK and backend integration SDK offers type-safe API communication via TypeScript API client, robust authentication management, and complete backend operation capabilities as an open source sdk, a typescript backend toolkit, a nodejs sdk, a developer api toolkit, and a typescript developer toolkit. A complete Node.js SDK and developer tools SDK for backend services. +**Base SDK** is an open-source SDK for backend integration that helps developers easily connect APIs, manage services, and build scalable applications faster. It’s designed to reduce complexity and improve development efficiency. Whether you're looking to build apps with SDK integrations, connect multiple APIs, or create scalable backend workflows, Sereni Base SDK provides a reliable foundation for modern development. ## Key Features @@ -43,8 +58,11 @@ import { SereniBaseClient } from 'serenibase-sdk'; // Initialize client const client = new SereniBaseClient({ - apiUrl: 'https://api.serenibase.com', - apiKey: 'your-api-key' + baseURL: 'https://api.serenibase.com', + auth: { + type: 'bearer', + token: 'your-api-token' + } }); // Authenticate user @@ -54,19 +72,20 @@ const authResult = await client.auth.login({ }); // Create a new workspace -const workspace = await client.workspaces.create({ +const workspace = await client.workspace.create({ name: 'My Project', description: 'Project workspace' }); // Create a base within the workspace -const base = await client.bases.create(workspace.id, { - name: 'Customer Database', - description: 'Customer management system' +const base = await client.baseService.create({ + title: 'Customer Database', + description: 'Customer management system', + workspace_id: workspace.id }); // Add a table to the base -const table = await client.tables.create(base.id, { +const table = await client.tableService.create(base.id, { name: 'customers', fields: [ { name: 'name', type: 'text', required: true }, @@ -102,9 +121,9 @@ npm run build ### Environment Configuration ```bash -VITE_API_URL=http://localhost:8080 -VITE_WS_URL=ws://localhost:8080/ws -VITE_API_VERSION=v1 +SERENIBASE_BASE_URL=http://localhost:8080 +SERENIBASE_API_TOKEN=replace-me +SERENIBASE_TIMEOUT_MS=30000 ``` ### Testing @@ -115,6 +134,9 @@ npm test # Run tests with coverage npm run test:coverage +# View coverage report +open coverage/lcov-report/index.html + # Run integration tests npm run test:integration ``` diff --git a/package.json b/package.json index 7948c77..09de867 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,9 @@ "lint": "eslint src --ext .ts", "lint:fix": "eslint src --ext .ts --fix", "type-check": "tsc --noEmit", - "docs": "typedoc src/index.ts" + "docs": "typedoc src/index.ts", + "format": "prettier --write \"src/**/*.ts\"", + "format:check": "prettier --check \"src/**/*.ts\"" }, "keywords": [ "serenibase", @@ -55,6 +57,7 @@ "@typescript-eslint/parser": "^7.0.0", "eslint": "^8.57.0", "jest": "^29.7.0", + "prettier": "^3.2.5", "rollup": "^4.21.2", "rollup-plugin-dts": "^6.1.1", "ts-jest": "^29.2.5",