Conversation
…om:CISCODE-MA/NotificationKit into develop
There was a problem hiding this comment.
Pull request overview
This PR updates the @ciscode/notification-kit package setup and introduces/expands the NestJS integration + infrastructure implementations (senders, repositories, providers), along with accompanying documentation and Copilot guidance.
Changes:
- Standardizes build/TS configuration (tsup externals, tsconfig libs + decorators metadata).
- Adds a NestJS dynamic module (
register/registerAsync) with DI tokens, decorators, and REST/webhook controllers. - Adds infra adapters (email/SMS/push senders, repositories, template/id/datetime/event providers) and documents optional peer-dependency usage.
Reviewed changes
Copilot reviewed 31 out of 33 changed files in this pull request and generated 14 comments.
Show a summary per file
| File | Description |
|---|---|
| tsup.config.ts | Marks NestJS + optional SDKs as external for bundling consistency. |
| tsconfig.json | Adds DOM + decorator metadata settings for NestJS and fetch typing. |
| src/nest/providers.ts | Introduces provider factory wiring for NotificationKit DI tokens. |
| src/nest/module.ts | Implements NotificationKitModule.register() / registerAsync(). |
| src/nest/interfaces.ts | Defines module option interfaces (sync + async). |
| src/nest/index.ts | Re-exports Nest integration surface (module/interfaces/constants/etc.). |
| src/nest/decorators.ts | Adds helper decorators for injecting NotificationKit tokens. |
| src/nest/controllers/webhook.controller.ts | Adds inbound webhook controller for delivery callbacks. |
| src/nest/controllers/notification.controller.ts | Adds REST controller for send/query/retry/cancel operations. |
| src/nest/constants.ts | Defines DI tokens for module providers. |
| src/infra/senders/sms/vonage.sender.ts | Adds Vonage SMS sender adapter (lazy SDK import). |
| src/infra/senders/sms/twilio.sender.ts | Adds Twilio SMS sender adapter (lazy SDK import). |
| src/infra/senders/sms/aws-sns.sender.ts | Adds AWS SNS SMS sender adapter (lazy SDK import). |
| src/infra/senders/push/onesignal.sender.ts | Adds OneSignal push sender using fetch. |
| src/infra/senders/push/firebase.sender.ts | Adds Firebase FCM push sender (lazy SDK import). |
| src/infra/senders/push/aws-sns-push.sender.ts | Adds AWS SNS push sender adapter (lazy SDK import). |
| src/infra/senders/index.ts | Aggregates infra sender exports. |
| src/infra/senders/email/nodemailer.sender.ts | Adds Nodemailer SMTP sender adapter (lazy SDK import). |
| src/infra/repositories/mongoose/notification.schema.ts | Adds Mongoose schema definition helper. |
| src/infra/repositories/mongoose/mongoose.repository.ts | Adds Mongoose repository implementation. |
| src/infra/repositories/index.ts | Aggregates infra repository exports. |
| src/infra/repositories/in-memory/in-memory.repository.ts | Adds in-memory repository implementation. |
| src/infra/providers/template.provider.ts | Adds Handlebars + simple template engines. |
| src/infra/providers/index.ts | Aggregates infra provider exports. |
| src/infra/providers/id-generator.provider.ts | Adds UUID/ObjectId/NanoId generator implementations. |
| src/infra/providers/event-emitter.provider.ts | Adds in-memory + console event emitters. |
| src/infra/providers/datetime.provider.ts | Adds DateTime provider implementation. |
| src/infra/index.ts | Aggregates infra exports and documents infra layer intent. |
| src/infra/README.md | Documents infra adapters and installation guidance. |
| src/index.ts | Exposes core + infra + nest from the package root entrypoint. |
| package.json | Adds optional peer dependency metadata for provider SDKs. |
| package-lock.json | Mirrors peerDependenciesMeta changes for lockfile consistency. |
| .github/copilot-instructions.md | Updates Copilot guidance to be package-specific and more detailed. |
Comment on lines
+2
to
+13
|
|
||
| /** | ||
| * ID generator using UUID v4 | ||
| */ | ||
| export class UuidGenerator implements IIdGenerator { | ||
| generate(): string { | ||
| // Simple UUID v4 implementation | ||
| return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => { | ||
| const r = (Math.random() * 16) | 0; | ||
| const v = c === "x" ? r : (r & 0x3) | 0x8; | ||
| return v.toString(16); | ||
| }); |
There was a problem hiding this comment.
UuidGenerator implements a UUID-like value using Math.random(), which is not suitable for generating unpredictable IDs (and does not guarantee RFC 4122 compliance). Since this is used as the default ID generator, prefer crypto.randomUUID() (Node 20+) or a cryptographically strong generator to avoid collisions/guessable IDs.
Suggested change
| /** | |
| * ID generator using UUID v4 | |
| */ | |
| export class UuidGenerator implements IIdGenerator { | |
| generate(): string { | |
| // Simple UUID v4 implementation | |
| return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => { | |
| const r = (Math.random() * 16) | 0; | |
| const v = c === "x" ? r : (r & 0x3) | 0x8; | |
| return v.toString(16); | |
| }); | |
| import { randomBytes, randomUUID } from "crypto"; | |
| /** | |
| * ID generator using UUID v4 | |
| */ | |
| export class UuidGenerator implements IIdGenerator { | |
| generate(): string { | |
| // Prefer native crypto.randomUUID when available | |
| if (typeof randomUUID === "function") { | |
| return randomUUID(); | |
| } | |
| // Fallback: generate RFC 4122 v4 UUID from cryptographically secure random bytes | |
| const bytes = randomBytes(16); | |
| // Per RFC 4122: set version (4) and variant (RFC 4122) | |
| bytes[6] = (bytes[6] & 0x0f) | 0x40; // version 4 | |
| bytes[8] = (bytes[8] & 0x3f) | 0x80; // variant 10xxxxxx | |
| const hex = bytes.toString("hex"); | |
| return ( | |
| hex.slice(0, 8) + | |
| "-" + | |
| hex.slice(8, 12) + | |
| "-" + | |
| hex.slice(12, 16) + | |
| "-" + | |
| hex.slice(16, 20) + | |
| "-" + | |
| hex.slice(20) | |
| ); |
Comment on lines
+1
to
8
| // Core domain layer | ||
| export * from "./core"; | ||
|
|
||
| // Infrastructure layer | ||
| export * from "./infra"; | ||
|
|
||
| // NestJS integration layer | ||
| export * from "./nest"; |
There was a problem hiding this comment.
The PR description focuses on standardizing configuration/workflows, but this diff introduces substantial new runtime functionality (Nest module registration, controllers, repositories, sender implementations, infra exports). If this is intentional, the PR title/description should be updated to reflect the feature scope; otherwise these additions may be unintended for a “standardization” PR.
Comment on lines
+31
to
+52
| @Controller() | ||
| export class NotificationController { | ||
| private readonly prefix: string; | ||
|
|
||
| constructor( | ||
| @Inject(NOTIFICATION_SERVICE) | ||
| private readonly notificationService: NotificationService, | ||
| @Inject(NOTIFICATION_KIT_OPTIONS) | ||
| private readonly options: NotificationKitModuleOptions, | ||
| ) { | ||
| this.prefix = options.apiPrefix || "notifications"; | ||
| } | ||
|
|
||
| /** | ||
| * Send a notification | ||
| * POST /notifications/send | ||
| */ | ||
| @Post("send") | ||
| @HttpCode(HttpStatus.CREATED) | ||
| async send(@Body() dto: SendNotificationDto) { | ||
| try { | ||
| return await this.notificationService.send(dto); |
There was a problem hiding this comment.
The controller is declared as @Controller() (no path), but the method docs and option name apiPrefix imply routes like /notifications/.... As written, routes will be /send, /bulk-send, /:id, etc., and this.prefix is unused, so the public REST API paths are incorrect/misleading.
- Replace GitHub Actions version tags with full commit SHA hashes (v6 -> fd88b7d, v1 -> d304d05) - Fix SONAR_PROJECT_KEY from LoggingKit to NotificationKit - Add 'main' branch to PR trigger list for release-check workflow - Resolves 2 security hotspots (githubactions:S7637) for supply chain security
- Add explicit NotificationDocument type annotations to map callbacks - Fix mapToRecord signature to accept any type (handles both Map and Record) - Install mongoose as dev dependency for type checking - Fixes pre-push typecheck failures
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Standardization Pull Request
Changes
Status
All 7 packages now have identical standardized configuration and workflows.