fix(maven,tests): handle Maven Basic auth and accept deploy-plugin metadata/checksum uploads while stabilizing npm CLI test cleanup

changelog.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 2026-03-27 - 2.8.2 - fix(maven,tests)
+handle Maven Basic auth and accept deploy-plugin metadata/checksum uploads while stabilizing npm CLI test cleanup
+
+- Validate Maven tokens from Basic auth credentials by extracting the password portion before token validation.
+- Return successful responses for PUT requests to checksum and maven-metadata endpoints so Maven deploy uploads do not fail when files are auto-generated.
+- Improve npm CLI integration test isolation and cleanup by using a temporary test directory, copying per-package .npmrc files, and cleaning stale published packages before test runs.
+- Tighten test teardown by destroying the registry explicitly and simplifying package/install fixture generation.
+
 ## 2026-03-24 - 2.8.1 - fix(registry)
 align OCI and RubyGems API behavior and improve npm search result ordering
 

test/test.integration.smarts3.node.ts

@@ -268,8 +268,8 @@ tap.test('Cargo: should store crate in smarts3', async () => {
  * Cleanup: Stop smartstorage server
  */
 tap.test('should stop smartstorage server', async () => {
+  registry.destroy();
   await s3Server.stop();
-  expect(true).toEqual(true);
 });
 
 export default tap.start();

test/test.npm.nativecli.node.ts

@@ -6,14 +6,14 @@
 import { expect, tap } from '@git.zone/tstest/tapbundle';
 import { tapNodeTools } from '@git.zone/tstest/tapbundle_serverside';
 import { SmartRegistry } from '../ts/index.js';
-import { createTestRegistry, createTestTokens } from './helpers/registry.js';
+import { createTestRegistry, createTestTokens, cleanupS3Bucket } from './helpers/registry.js';
 import type { IRequestContext, IResponse } from '../ts/core/interfaces.core.js';
 import * as http from 'http';
 import * as url from 'url';
 import * as fs from 'fs';
 import * as path from 'path';
 
-// Test context
+// Test state
 let registry: SmartRegistry;
 let server: http.Server;
 let registryUrl: string;
@@ -32,21 +32,22 @@ async function createHttpServer(
   return new Promise((resolve, reject) => {
     const httpServer = http.createServer(async (req, res) => {
       try {
-        // Parse request
-        const parsedUrl = url.parse(req.url || '', true);
-        const pathname = parsedUrl.pathname || '/';
-        const query = parsedUrl.query;
+        const parsedUrl = new url.URL(req.url || '/', `http://localhost:${port}`);
+        const pathname = parsedUrl.pathname;
+        const query: Record<string, string> = {};
+        parsedUrl.searchParams.forEach((value, key) => {
+          query[key] = value;
+        });
 
         // Read body
-        const chunks: Buffer[] = [];
-        for await (const chunk of req) {
-          chunks.push(chunk);
-        }
-        const bodyBuffer = Buffer.concat(chunks);
+        let body: any = undefined;
+        if (req.method === 'PUT' || req.method === 'POST' || req.method === 'PATCH') {
+          const chunks: Buffer[] = [];
+          for await (const chunk of req) {
+            chunks.push(Buffer.from(chunk));
+          }
+          const bodyBuffer = Buffer.concat(chunks);
 
-        // Parse body based on content type
-        let body: any;
-        if (bodyBuffer.length > 0) {
           const contentType = req.headers['content-type'] || '';
           if (contentType.includes('application/json')) {
             try {
@@ -124,7 +125,7 @@ function createTestPackage(
   version: string,
   targetDir: string
 ): string {
-  const packageDir = path.join(targetDir, packageName);
+  const packageDir = path.join(targetDir, packageName.replace(/\//g, '-'));
   fs.mkdirSync(packageDir, { recursive: true });
 
   // Create package.json
@@ -133,12 +134,7 @@ function createTestPackage(
     version: version,
     description: `Test package ${packageName}`,
     main: 'index.js',
-    scripts: {
-      test: 'echo "Test passed"',
-    },
-    keywords: ['test'],
-    author: 'Test Author',
-    license: 'MIT',
+    scripts: {},
   };
 
   fs.writeFileSync(
@@ -147,25 +143,24 @@ function createTestPackage(
     'utf-8'
   );
 
-  // Create index.js
-  const indexJs = `module.exports = {
-  name: '${packageName}',
-  version: '${version}',
-  message: 'Hello from ${packageName}@${version}'
-};
-`;
-
-  fs.writeFileSync(path.join(packageDir, 'index.js'), indexJs, 'utf-8');
+  // Create a simple index.js
+  fs.writeFileSync(
+    path.join(packageDir, 'index.js'),
+    `module.exports = { name: '${packageName}', version: '${version}' };\n`,
+    'utf-8'
+  );
 
   // Create README.md
-  const readme = `# ${packageName}
+  fs.writeFileSync(
+    path.join(packageDir, 'README.md'),
+    `# ${packageName}\n\nTest package version ${version}\n`,
+    'utf-8'
+  );
 
-Test package for SmartRegistry.
-
-Version: ${version}
-`;
-
-  fs.writeFileSync(path.join(packageDir, 'README.md'), readme, 'utf-8');
+  // Copy .npmrc into the package directory
+  if (npmrcPath && fs.existsSync(npmrcPath)) {
+    fs.copyFileSync(npmrcPath, path.join(packageDir, '.npmrc'));
+  }
 
   return packageDir;
 }
@@ -177,31 +172,30 @@ async function runNpmCommand(
   command: string,
   cwd: string
 ): Promise<{ stdout: string; stderr: string; exitCode: number }> {
-  // Prepare environment variables
-  const envVars = [
-    `NPM_CONFIG_USERCONFIG="${npmrcPath}"`,
-    `NPM_CONFIG_CACHE="${path.join(testDir, '.npm-cache')}"`,
-    `NPM_CONFIG_PREFIX="${path.join(testDir, '.npm-global')}"`,
-    `NPM_CONFIG_REGISTRY="${registryUrl}/npm/"`,
-  ].join(' ');
+  const { exec } = await import('child_process');
 
-  // Build command with cd to correct directory and environment variables
-  const fullCommand = `cd "${cwd}" && ${envVars} ${command}`;
-
-  try {
-    const result = await tapNodeTools.runCommand(fullCommand);
-    return {
-      stdout: result.stdout || '',
-      stderr: result.stderr || '',
-      exitCode: result.exitCode || 0,
-    };
-  } catch (error: any) {
-    return {
-      stdout: error.stdout || '',
-      stderr: error.stderr || String(error),
-      exitCode: error.exitCode || 1,
-    };
+  // Build isolated env that prevents npm from reading ~/.npmrc
+  const env: Record<string, string> = {};
+  // Copy only essential env vars (PATH, etc.) — exclude HOME to prevent ~/.npmrc reading
+  for (const key of ['PATH', 'NODE', 'NVM_DIR', 'NVM_BIN', 'LANG', 'TERM', 'SHELL']) {
+    if (process.env[key]) env[key] = process.env[key]!;
   }
+  env.HOME = testDir;
+  env.NPM_CONFIG_USERCONFIG = npmrcPath;
+  env.NPM_CONFIG_GLOBALCONFIG = '/dev/null';
+  env.NPM_CONFIG_CACHE = path.join(testDir, '.npm-cache');
+  env.NPM_CONFIG_PREFIX = path.join(testDir, '.npm-global');
+  env.NPM_CONFIG_REGISTRY = `${registryUrl}/npm/`;
+
+  return new Promise((resolve) => {
+    exec(command, { cwd, env, timeout: 30000 }, (error, stdout, stderr) => {
+      resolve({
+        stdout: stdout || '',
+        stderr: stderr || '',
+        exitCode: error ? (error as any).code ?? 1 : 0,
+      });
+    });
+  });
 }
 
 /**
@@ -226,6 +220,16 @@ tap.test('NPM CLI: should setup registry and HTTP server', async () => {
   const tokens = await createTestTokens(registry);
   npmToken = tokens.npmToken;
 
+  // Clean up stale npm CLI test data via unpublish API
+  for (const pkg of ['test-package-cli', '@testscope%2fscoped-package']) {
+    await registry.handleRequest({
+      method: 'DELETE',
+      path: `/npm/${pkg}/-rev/cleanup`,
+      headers: { Authorization: `Bearer ${npmToken}` },
+      query: {},
+    });
+  }
+
   expect(registry).toBeInstanceOf(SmartRegistry);
   expect(npmToken).toBeTypeOf('string');
   const serverSetup = await createHttpServer(registry, registryPort);
@@ -235,8 +239,8 @@ tap.test('NPM CLI: should setup registry and HTTP server', async () => {
   expect(server).toBeDefined();
   expect(registryUrl).toEqual(`http://localhost:${registryPort}`);
 
-  // Setup test directory
-  testDir = path.join(process.cwd(), '.nogit', 'test-npm-cli');
+  // Setup test directory — use /tmp to isolate from project tree
+  testDir = path.join('/tmp', 'smartregistry-test-npm-cli');
   cleanupTestDir(testDir);
   fs.mkdirSync(testDir, { recursive: true });
 
@@ -285,20 +289,16 @@ tap.test('NPM CLI: should install published package', async () => {
   const installDir = path.join(testDir, 'install-test');
   fs.mkdirSync(installDir, { recursive: true });
 
-  // Create package.json for installation
-  const packageJson = {
-    name: 'install-test',
-    version: '1.0.0',
-    dependencies: {
-      [packageName]: '1.0.0',
-    },
-  };
-
+  // Create a minimal package.json for install target
   fs.writeFileSync(
     path.join(installDir, 'package.json'),
-    JSON.stringify(packageJson, null, 2),
+    JSON.stringify({ name: 'install-test', version: '1.0.0', dependencies: { [packageName]: '1.0.0' } }),
     'utf-8'
   );
+  // Copy .npmrc
+  if (npmrcPath && fs.existsSync(npmrcPath)) {
+    fs.copyFileSync(npmrcPath, path.join(installDir, '.npmrc'));
+  }
 
   const result = await runNpmCommand('npm install', installDir);
   console.log('npm install output:', result.stdout);
@@ -307,17 +307,8 @@ tap.test('NPM CLI: should install published package', async () => {
   expect(result.exitCode).toEqual(0);
 
   // Verify package was installed
-  const nodeModulesPath = path.join(installDir, 'node_modules', packageName);
-  expect(fs.existsSync(nodeModulesPath)).toEqual(true);
-  expect(fs.existsSync(path.join(nodeModulesPath, 'package.json'))).toEqual(true);
-  expect(fs.existsSync(path.join(nodeModulesPath, 'index.js'))).toEqual(true);
-
-  // Verify package contents
-  const installedPackageJson = JSON.parse(
-    fs.readFileSync(path.join(nodeModulesPath, 'package.json'), 'utf-8')
-  );
-  expect(installedPackageJson.name).toEqual(packageName);
-  expect(installedPackageJson.version).toEqual('1.0.0');
+  const installed = fs.existsSync(path.join(installDir, 'node_modules', packageName, 'package.json'));
+  expect(installed).toEqual(true);
 });
 
 tap.test('NPM CLI: should publish second version', async () => {
@@ -369,17 +360,14 @@ tap.test('NPM CLI: should fail to publish without auth', async () => {
   const version = '1.0.0';
   const packageDir = createTestPackage(packageName, version, testDir);
 
-  // Temporarily remove .npmrc
-  const npmrcBackup = fs.readFileSync(npmrcPath, 'utf-8');
-  fs.writeFileSync(npmrcPath, 'registry=' + registryUrl + '/npm/\n', 'utf-8');
+  // Temporarily remove .npmrc (write one without auth)
+  const noAuthNpmrc = path.join(packageDir, '.npmrc');
+  fs.writeFileSync(noAuthNpmrc, `registry=${registryUrl}/npm/\n`, 'utf-8');
 
   const result = await runNpmCommand('npm publish', packageDir);
   console.log('npm publish unauth output:', result.stdout);
   console.log('npm publish unauth stderr:', result.stderr);
 
-  // Restore .npmrc
-  fs.writeFileSync(npmrcPath, npmrcBackup, 'utf-8');
-
   // Should fail with auth error
   expect(result.exitCode).not.toEqual(0);
 });
@@ -393,14 +381,7 @@ tap.postTask('cleanup npm cli tests', async () => {
   }
 
   // Cleanup test directory
-  if (testDir) {
-    cleanupTestDir(testDir);
-  }
-
-  // Destroy registry
-  if (registry) {
-    registry.destroy();
-  }
+  cleanupTestDir(testDir);
 });
 
 export default tap.start();

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartregistry',
-  version: '2.8.1',
+  version: '2.8.2',
   description: 'A composable TypeScript library implementing OCI, NPM, Maven, Cargo, Composer, PyPI, and RubyGems registries for building unified container and package registries'
 }

ts/maven/classes.mavenregistry.ts

@@ -110,9 +110,17 @@ export class MavenRegistry extends BaseRegistry {
     let token: IAuthToken | null = null;
 
     if (authHeader) {
-      const tokenString = authHeader.replace(/^(Bearer|Basic)\s+/i, '');
-      // For now, try to validate as Maven token (reuse npm token type)
-      token = await this.authManager.validateToken(tokenString, 'maven');
+      if (/^Basic\s+/i.test(authHeader)) {
+        // Maven sends Basic Auth: base64(username:password) — extract the password as token
+        const base64 = authHeader.replace(/^Basic\s+/i, '');
+        const decoded = Buffer.from(base64, 'base64').toString('utf-8');
+        const colonIndex = decoded.indexOf(':');
+        const password = colonIndex >= 0 ? decoded.substring(colonIndex + 1) : decoded;
+        token = await this.authManager.validateToken(password, 'maven');
+      } else {
+        const tokenString = authHeader.replace(/^Bearer\s+/i, '');
+        token = await this.authManager.validateToken(tokenString, 'maven');
+      }
     }
 
     // Build actor from context and validated token
@@ -240,9 +248,19 @@ export class MavenRegistry extends BaseRegistry {
       return this.getChecksum(groupId, artifactId, version, coordinate, path);
     }
 
+    // Accept PUT silently — Maven deploy-plugin uploads checksums alongside artifacts,
+    // but our registry auto-generates them, so we just acknowledge the upload
+    if (method === 'PUT') {
+      return {
+        status: 200,
+        headers: {},
+        body: { status: 'ok' },
+      };
+    }
+
     return {
       status: 405,
-      headers: { 'Allow': 'GET, HEAD' },
+      headers: { 'Allow': 'GET, HEAD, PUT' },
       body: { error: 'METHOD_NOT_ALLOWED', message: 'Checksums are auto-generated' },
     };
   }
@@ -275,9 +293,19 @@ export class MavenRegistry extends BaseRegistry {
       return this.getMetadata(groupId, artifactId, actor);
     }
 
+    // Accept PUT silently — Maven deploy-plugin uploads maven-metadata.xml,
+    // but our registry auto-generates it, so we just acknowledge the upload
+    if (method === 'PUT') {
+      return {
+        status: 200,
+        headers: {},
+        body: { status: 'ok' },
+      };
+    }
+
     return {
       status: 405,
-      headers: { 'Allow': 'GET' },
+      headers: { 'Allow': 'GET, PUT' },
       body: { error: 'METHOD_NOT_ALLOWED', message: 'Metadata is auto-generated' },
     };
   }