skillguard/artifacts/api-server/package.json

{
  "name": "@workspace/api-server",
  "version": "0.0.0",
  "private": true,
  "type": "module",
  "scripts": {
    "dev": "export NODE_ENV=development && pnpm run build && pnpm run start",
    "build": "node ./build.mjs",
    "start": "node --enable-source-maps ./dist/index.mjs",
    "typecheck": "tsc -p tsconfig.json --noEmit",
    "test": "vitest run"
  },
  "dependencies": {
    "@clerk/express": "^2.1.23",
    "@clerk/shared": "^4.15.0",
    "@workspace/api-zod": "workspace:*",
    "@workspace/db": "workspace:*",
    "cookie-parser": "^1.4.7",
    "cors": "^2.8.6",
    "drizzle-orm": "catalog:",
    "express": "^5.2.1",
    "express-rate-limit": "^8.5.2",
    "fflate": "^0.8.3",
    "http-proxy-middleware": "^4.1.0",
    "pino": "^9.14.0",
    "pino-http": "^10.5.0"
  },
  "devDependencies": {
    "@types/cookie-parser": "^1.4.10",
    "@types/cors": "^2.8.19",
    "@types/express": "^5.0.6",
    "@types/node": "catalog:",
    "esbuild": "0.27.3",
    "esbuild-plugin-pino": "^2.3.3",
    "pino-pretty": "^13.1.3",
    "thread-stream": "3.1.0",
    "vitest": "^4.1.8"
  }
}
Initial commit 2026-05-28 23:37:31 +00:00			`{`
			`"name": "@workspace/api-server",`
			`"version": "0.0.0",`
			`"private": true,`
			`"type": "module",`
			`"scripts": {`
			`"dev": "export NODE_ENV=development && pnpm run build && pnpm run start",`
			`"build": "node ./build.mjs",`
			`"start": "node --enable-source-maps ./dist/index.mjs",`
Add automated tests for skill version detection Task #13: lock in the fingerprint/relation logic behind SkillGuard's identical/modified/new version detection with automated tests. What was added - Set up Vitest in artifacts/api-server (dev dep + `test` script + vitest.config.ts using the "workspace" resolve condition so @workspace/* resolve to source). - Unit tests (no DB): - src/lib/skillFingerprint.test.ts — hashText/hashBytes stability & agreement, computeFingerprint stable + order-independent + sensitive to content/path/add/remove, jaccard overlap/symmetry/empty handling. - src/lib/lineDiff.test.ts — lineSimilarity ratios (identical, single-edit, disjoint, symmetric, CRLF), lineDiff context/add/remove with line numbers and the 2000-line cap. - DB-backed tests (use the existing DATABASE_URL): - src/routes/relation.test.ts — computeRelation: identical content under a different name -> "identical" + check-counter (countFingerprint) increments; one-line edit to a single-file skill -> "modified" with sensible similarity; unrelated skill -> "new". Also direct computeContentSimilarity cases. Fixtures use randomized content to avoid collisions with shared dev data and are cleaned up afterEach. - src/routes/compare.test.ts — e2e GET /api/scans/:id/compare/:otherId via a live server: asserts unchanged/modified/added/removed statuses, sorted file order, the line diff for the modified file, null diffs elsewhere, and 404 for missing scans. Production code change - Exported computeRelation, computeContentSimilarity, countFingerprint from src/routes/scans.ts so the relation logic can be unit-tested. No behavior change. Verification - `pnpm --filter @workspace/api-server run test` -> 34 tests, 4 files, all pass. - `pnpm --filter @workspace/api-server run typecheck` passes (rebuilt stale lib/db declarations via `pnpm run typecheck:libs`). - Production build unaffected: esbuild only bundles from src/index.ts, so *.test.ts files are not included. Replit-Task-Id: e9ae5e24-1480-4a09-8436-1718c535573a 2026-06-10 19:48:10 +00:00			`"typecheck": "tsc -p tsconfig.json --noEmit",`
			`"test": "vitest run"`
Initial commit 2026-05-28 23:37:31 +00:00			`},`
			`"dependencies": {`
Merged changes from qt0ebghx/main Replit-Task-Id: e786be21-972b-4d23-bbe7-9eb4ae617f7b 2026-06-11 05:23:53 +00:00			`"@clerk/express": "^2.1.23",`
			`"@clerk/shared": "^4.15.0",`
Initial commit 2026-05-28 23:37:31 +00:00			`"@workspace/api-zod": "workspace:*",`
			`"@workspace/db": "workspace:*",`
			`"cookie-parser": "^1.4.7",`
			`"cors": "^2.8.6",`
			`"drizzle-orm": "catalog:",`
			`"express": "^5.2.1",`
Merged changes from qt0ebghx/main Replit-Task-Id: e786be21-972b-4d23-bbe7-9eb4ae617f7b 2026-06-11 05:23:53 +00:00			`"express-rate-limit": "^8.5.2",`
SkillGuard: complete frontend wiring and harden backend Original task: build "SkillGuard", a German web app to audit agent skills on two axes (IT-Sicherheit, Datenschutz) with static rule engine + Replit-independent AI analysis configured via an admin backend. This session: - Fixed frontend TS errors: lucide-react name collisions (Badge from ui, Activity from lucide), widened apiType to AiProviderApiType, added queryKey to useGetScan. - Verified all pages render in German (Dashboard, Prüfen, Bericht, Verlauf, Admin) and the full scan flow works end-to-end (malicious sample -> verdict block). Code-review-driven hardening: - POST /api/scans now returns the full ScanDetail (files + findings) to match the OpenAPI contract, instead of only the summary. - AI provider error bodies are redacted (token, Bearer, sk- patterns) before being returned/persisted, and provider fetches now have a 60s timeout. - ZIP parsing now enforces limits (max files, total + per-file size) to mitigate zip-bomb DoS. Updated replit.md (project overview, decisions, gotchas) and added a memory note on lucide-react icon name collisions. 2026-06-08 14:59:17 +00:00			`"fflate": "^0.8.3",`
Merged changes from qt0ebghx/main Replit-Task-Id: e786be21-972b-4d23-bbe7-9eb4ae617f7b 2026-06-11 05:23:53 +00:00			`"http-proxy-middleware": "^4.1.0",`
Initial commit 2026-05-28 23:37:31 +00:00			`"pino": "^9.14.0",`
			`"pino-http": "^10.5.0"`
			`},`
			`"devDependencies": {`
			`"@types/cookie-parser": "^1.4.10",`
			`"@types/cors": "^2.8.19",`
			`"@types/express": "^5.0.6",`
			`"@types/node": "catalog:",`
			`"esbuild": "0.27.3",`
			`"esbuild-plugin-pino": "^2.3.3",`
			`"pino-pretty": "^13.1.3",`
Add automated tests for skill version detection Task #13: lock in the fingerprint/relation logic behind SkillGuard's identical/modified/new version detection with automated tests. What was added - Set up Vitest in artifacts/api-server (dev dep + `test` script + vitest.config.ts using the "workspace" resolve condition so @workspace/* resolve to source). - Unit tests (no DB): - src/lib/skillFingerprint.test.ts — hashText/hashBytes stability & agreement, computeFingerprint stable + order-independent + sensitive to content/path/add/remove, jaccard overlap/symmetry/empty handling. - src/lib/lineDiff.test.ts — lineSimilarity ratios (identical, single-edit, disjoint, symmetric, CRLF), lineDiff context/add/remove with line numbers and the 2000-line cap. - DB-backed tests (use the existing DATABASE_URL): - src/routes/relation.test.ts — computeRelation: identical content under a different name -> "identical" + check-counter (countFingerprint) increments; one-line edit to a single-file skill -> "modified" with sensible similarity; unrelated skill -> "new". Also direct computeContentSimilarity cases. Fixtures use randomized content to avoid collisions with shared dev data and are cleaned up afterEach. - src/routes/compare.test.ts — e2e GET /api/scans/:id/compare/:otherId via a live server: asserts unchanged/modified/added/removed statuses, sorted file order, the line diff for the modified file, null diffs elsewhere, and 404 for missing scans. Production code change - Exported computeRelation, computeContentSimilarity, countFingerprint from src/routes/scans.ts so the relation logic can be unit-tested. No behavior change. Verification - `pnpm --filter @workspace/api-server run test` -> 34 tests, 4 files, all pass. - `pnpm --filter @workspace/api-server run typecheck` passes (rebuilt stale lib/db declarations via `pnpm run typecheck:libs`). - Production build unaffected: esbuild only bundles from src/index.ts, so *.test.ts files are not included. Replit-Task-Id: e9ae5e24-1480-4a09-8436-1718c535573a 2026-06-10 19:48:10 +00:00			`"thread-stream": "3.1.0",`
			`"vitest": "^4.1.8"`
Initial commit 2026-05-28 23:37:31 +00:00			`}`
			`}`