v2.8.2

changelog.md

@@ -1,5 +1,21 @@
 # Changelog
 
+## 2026-03-27 - 2.8.2 - fix(maven,tests)
+handle Maven Basic auth and accept deploy-plugin metadata/checksum uploads while stabilizing npm CLI test cleanup
+
+- Validate Maven tokens from Basic auth credentials by extracting the password portion before token validation.
+- Return successful responses for PUT requests to checksum and maven-metadata endpoints so Maven deploy uploads do not fail when files are auto-generated.
+- Improve npm CLI integration test isolation and cleanup by using a temporary test directory, copying per-package .npmrc files, and cleaning stale published packages before test runs.
+- Tighten test teardown by destroying the registry explicitly and simplifying package/install fixture generation.
+
+## 2026-03-24 - 2.8.1 - fix(registry)
+align OCI and RubyGems API behavior and improve npm search result ordering
+
+- handle OCI version checks on /v2 and /v2/ endpoints
+- return RubyGems versions JSON in the expected flat array format and update unyank coverage to use the HTTP endpoint
+- prioritize exact and prefix matches in npm search results
+- update documentation to reflect full upstream proxy support
+
 ## 2026-03-24 - 2.8.0 - feat(core,storage,oci,registry-config)
 add streaming response support and configurable registry URLs across protocols
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@push.rocks/smartregistry",
-  "version": "2.8.0",
+  "version": "2.8.2",
   "private": false,
   "description": "A composable TypeScript library implementing OCI, NPM, Maven, Cargo, Composer, PyPI, and RubyGems registries for building unified container and package registries",
   "main": "dist_ts/index.js",

readme.md

@@ -41,7 +41,7 @@ For reporting bugs, issues, or security vulnerabilities, please visit [community
 | Metadata API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
 | Token Auth | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
 | Checksum Verification | ✅ | ✅ | ✅ | ✅ | — | ✅ | ✅ |
-| Upstream Proxy | ✅ | ✅ | — | — | — | — | — |
+| Upstream Proxy | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
 
 ### 🌐 Upstream Proxy & Caching
 - **Multi-Upstream Support**: Configure multiple upstream registries per protocol with priority ordering

test/test.integration.smarts3.node.ts

@@ -268,8 +268,8 @@ tap.test('Cargo: should store crate in smarts3', async () => {
  * Cleanup: Stop smartstorage server
  */
 tap.test('should stop smartstorage server', async () => {
+  registry.destroy();
   await s3Server.stop();
-  expect(true).toEqual(true);
 });
 
 export default tap.start();

test/test.npm.nativecli.node.ts

@@ -6,14 +6,14 @@
 import { expect, tap } from '@git.zone/tstest/tapbundle';
 import { tapNodeTools } from '@git.zone/tstest/tapbundle_serverside';
 import { SmartRegistry } from '../ts/index.js';
-import { createTestRegistry, createTestTokens } from './helpers/registry.js';
+import { createTestRegistry, createTestTokens, cleanupS3Bucket } from './helpers/registry.js';
 import type { IRequestContext, IResponse } from '../ts/core/interfaces.core.js';
 import * as http from 'http';
 import * as url from 'url';
 import * as fs from 'fs';
 import * as path from 'path';
 
-// Test context
+// Test state
 let registry: SmartRegistry;
 let server: http.Server;
 let registryUrl: string;
@@ -32,21 +32,22 @@ async function createHttpServer(
   return new Promise((resolve, reject) => {
     const httpServer = http.createServer(async (req, res) => {
       try {
-        // Parse request
-        const parsedUrl = url.parse(req.url || '', true);
-        const pathname = parsedUrl.pathname || '/';
-        const query = parsedUrl.query;
+        const parsedUrl = new url.URL(req.url || '/', `http://localhost:${port}`);
+        const pathname = parsedUrl.pathname;
+        const query: Record<string, string> = {};
+        parsedUrl.searchParams.forEach((value, key) => {
+          query[key] = value;
+        });
 
         // Read body
-        const chunks: Buffer[] = [];
-        for await (const chunk of req) {
-          chunks.push(chunk);
-        }
-        const bodyBuffer = Buffer.concat(chunks);
+        let body: any = undefined;
+        if (req.method === 'PUT' || req.method === 'POST' || req.method === 'PATCH') {
+          const chunks: Buffer[] = [];
+          for await (const chunk of req) {
+            chunks.push(Buffer.from(chunk));
+          }
+          const bodyBuffer = Buffer.concat(chunks);
 
-        // Parse body based on content type
-        let body: any;
-        if (bodyBuffer.length > 0) {
           const contentType = req.headers['content-type'] || '';
           if (contentType.includes('application/json')) {
             try {
@@ -124,7 +125,7 @@ function createTestPackage(
   version: string,
   targetDir: string
 ): string {
-  const packageDir = path.join(targetDir, packageName);
+  const packageDir = path.join(targetDir, packageName.replace(/\//g, '-'));
   fs.mkdirSync(packageDir, { recursive: true });
 
   // Create package.json
@@ -133,12 +134,7 @@ function createTestPackage(
     version: version,
     description: `Test package ${packageName}`,
     main: 'index.js',
-    scripts: {
-      test: 'echo "Test passed"',
-    },
-    keywords: ['test'],
-    author: 'Test Author',
-    license: 'MIT',
+    scripts: {},
   };
 
   fs.writeFileSync(
@@ -147,25 +143,24 @@ function createTestPackage(
     'utf-8'
   );
 
-  // Create index.js
-  const indexJs = `module.exports = {
-  name: '${packageName}',
-  version: '${version}',
-  message: 'Hello from ${packageName}@${version}'
-};
-`;
-
-  fs.writeFileSync(path.join(packageDir, 'index.js'), indexJs, 'utf-8');
+  // Create a simple index.js
+  fs.writeFileSync(
+    path.join(packageDir, 'index.js'),
+    `module.exports = { name: '${packageName}', version: '${version}' };\n`,
+    'utf-8'
+  );
 
   // Create README.md
-  const readme = `# ${packageName}
+  fs.writeFileSync(
+    path.join(packageDir, 'README.md'),
+    `# ${packageName}\n\nTest package version ${version}\n`,
+    'utf-8'
+  );
 
-Test package for SmartRegistry.
-
-Version: ${version}
-`;
-
-  fs.writeFileSync(path.join(packageDir, 'README.md'), readme, 'utf-8');
+  // Copy .npmrc into the package directory
+  if (npmrcPath && fs.existsSync(npmrcPath)) {
+    fs.copyFileSync(npmrcPath, path.join(packageDir, '.npmrc'));
+  }
 
   return packageDir;
 }
@@ -177,31 +172,30 @@ async function runNpmCommand(
   command: string,
   cwd: string
 ): Promise<{ stdout: string; stderr: string; exitCode: number }> {
-  // Prepare environment variables
-  const envVars = [
-    `NPM_CONFIG_USERCONFIG="${npmrcPath}"`,
-    `NPM_CONFIG_CACHE="${path.join(testDir, '.npm-cache')}"`,
-    `NPM_CONFIG_PREFIX="${path.join(testDir, '.npm-global')}"`,
-    `NPM_CONFIG_REGISTRY="${registryUrl}/npm/"`,
-  ].join(' ');
+  const { exec } = await import('child_process');
 
-  // Build command with cd to correct directory and environment variables
-  const fullCommand = `cd "${cwd}" && ${envVars} ${command}`;
-
-  try {
-    const result = await tapNodeTools.runCommand(fullCommand);
-    return {
-      stdout: result.stdout || '',
-      stderr: result.stderr || '',
-      exitCode: result.exitCode || 0,
-    };
-  } catch (error: any) {
-    return {
-      stdout: error.stdout || '',
-      stderr: error.stderr || String(error),
-      exitCode: error.exitCode || 1,
-    };
+  // Build isolated env that prevents npm from reading ~/.npmrc
+  const env: Record<string, string> = {};
+  // Copy only essential env vars (PATH, etc.) — exclude HOME to prevent ~/.npmrc reading
+  for (const key of ['PATH', 'NODE', 'NVM_DIR', 'NVM_BIN', 'LANG', 'TERM', 'SHELL']) {
+    if (process.env[key]) env[key] = process.env[key]!;
   }
+  env.HOME = testDir;
+  env.NPM_CONFIG_USERCONFIG = npmrcPath;
+  env.NPM_CONFIG_GLOBALCONFIG = '/dev/null';
+  env.NPM_CONFIG_CACHE = path.join(testDir, '.npm-cache');
+  env.NPM_CONFIG_PREFIX = path.join(testDir, '.npm-global');
+  env.NPM_CONFIG_REGISTRY = `${registryUrl}/npm/`;
+
+  return new Promise((resolve) => {
+    exec(command, { cwd, env, timeout: 30000 }, (error, stdout, stderr) => {
+      resolve({
+        stdout: stdout || '',
+        stderr: stderr || '',
+        exitCode: error ? (error as any).code ?? 1 : 0,
+      });
+    });
+  });
 }
 
 /**
@@ -226,6 +220,16 @@ tap.test('NPM CLI: should setup registry and HTTP server', async () => {
   const tokens = await createTestTokens(registry);
   npmToken = tokens.npmToken;
 
+  // Clean up stale npm CLI test data via unpublish API
+  for (const pkg of ['test-package-cli', '@testscope%2fscoped-package']) {
+    await registry.handleRequest({
+      method: 'DELETE',
+      path: `/npm/${pkg}/-rev/cleanup`,
+      headers: { Authorization: `Bearer ${npmToken}` },
+      query: {},
+    });
+  }
+
   expect(registry).toBeInstanceOf(SmartRegistry);
   expect(npmToken).toBeTypeOf('string');
   const serverSetup = await createHttpServer(registry, registryPort);
@@ -235,8 +239,8 @@ tap.test('NPM CLI: should setup registry and HTTP server', async () => {
   expect(server).toBeDefined();
   expect(registryUrl).toEqual(`http://localhost:${registryPort}`);
 
-  // Setup test directory
-  testDir = path.join(process.cwd(), '.nogit', 'test-npm-cli');
+  // Setup test directory — use /tmp to isolate from project tree
+  testDir = path.join('/tmp', 'smartregistry-test-npm-cli');
   cleanupTestDir(testDir);
   fs.mkdirSync(testDir, { recursive: true });
 
@@ -285,20 +289,16 @@ tap.test('NPM CLI: should install published package', async () => {
   const installDir = path.join(testDir, 'install-test');
   fs.mkdirSync(installDir, { recursive: true });
 
-  // Create package.json for installation
-  const packageJson = {
-    name: 'install-test',
-    version: '1.0.0',
-    dependencies: {
-      [packageName]: '1.0.0',
-    },
-  };
-
+  // Create a minimal package.json for install target
   fs.writeFileSync(
     path.join(installDir, 'package.json'),
-    JSON.stringify(packageJson, null, 2),
+    JSON.stringify({ name: 'install-test', version: '1.0.0', dependencies: { [packageName]: '1.0.0' } }),
     'utf-8'
   );
+  // Copy .npmrc
+  if (npmrcPath && fs.existsSync(npmrcPath)) {
+    fs.copyFileSync(npmrcPath, path.join(installDir, '.npmrc'));
+  }
 
   const result = await runNpmCommand('npm install', installDir);
   console.log('npm install output:', result.stdout);
@@ -307,17 +307,8 @@ tap.test('NPM CLI: should install published package', async () => {
   expect(result.exitCode).toEqual(0);
 
   // Verify package was installed
-  const nodeModulesPath = path.join(installDir, 'node_modules', packageName);
-  expect(fs.existsSync(nodeModulesPath)).toEqual(true);
-  expect(fs.existsSync(path.join(nodeModulesPath, 'package.json'))).toEqual(true);
-  expect(fs.existsSync(path.join(nodeModulesPath, 'index.js'))).toEqual(true);
-
-  // Verify package contents
-  const installedPackageJson = JSON.parse(
-    fs.readFileSync(path.join(nodeModulesPath, 'package.json'), 'utf-8')
-  );
-  expect(installedPackageJson.name).toEqual(packageName);
-  expect(installedPackageJson.version).toEqual('1.0.0');
+  const installed = fs.existsSync(path.join(installDir, 'node_modules', packageName, 'package.json'));
+  expect(installed).toEqual(true);
 });
 
 tap.test('NPM CLI: should publish second version', async () => {
@@ -369,17 +360,14 @@ tap.test('NPM CLI: should fail to publish without auth', async () => {
   const version = '1.0.0';
   const packageDir = createTestPackage(packageName, version, testDir);
 
-  // Temporarily remove .npmrc
-  const npmrcBackup = fs.readFileSync(npmrcPath, 'utf-8');
-  fs.writeFileSync(npmrcPath, 'registry=' + registryUrl + '/npm/\n', 'utf-8');
+  // Temporarily remove .npmrc (write one without auth)
+  const noAuthNpmrc = path.join(packageDir, '.npmrc');
+  fs.writeFileSync(noAuthNpmrc, `registry=${registryUrl}/npm/\n`, 'utf-8');
 
   const result = await runNpmCommand('npm publish', packageDir);
   console.log('npm publish unauth output:', result.stdout);
   console.log('npm publish unauth stderr:', result.stderr);
 
-  // Restore .npmrc
-  fs.writeFileSync(npmrcPath, npmrcBackup, 'utf-8');
-
   // Should fail with auth error
   expect(result.exitCode).not.toEqual(0);
 });
@@ -393,14 +381,7 @@ tap.postTask('cleanup npm cli tests', async () => {
   }
 
   // Cleanup test directory
-  if (testDir) {
-    cleanupTestDir(testDir);
-  }
-
-  // Destroy registry
-  if (registry) {
-    registry.destroy();
-  }
+  cleanupTestDir(testDir);
 });
 
 export default tap.start();

test/test.rubygems.nativecli.node.ts

@@ -148,11 +148,16 @@ async function runGemCommand(
   cwd: string,
   includeAuth: boolean = true
 ): Promise<{ stdout: string; stderr: string; exitCode: number }> {
+  // When not including auth, use a temp HOME without credentials
+  const effectiveHome = includeAuth ? gemHome : path.join(gemHome, 'noauth');
+  if (!includeAuth) {
+    fs.mkdirSync(effectiveHome, { recursive: true });
+  }
+
   // Prepare environment variables
   const envVars = [
-    `HOME="${gemHome}"`,
+    `HOME="${effectiveHome}"`,
     `GEM_HOME="${gemHome}"`,
-    includeAuth ? '' : 'RUBYGEMS_API_KEY=""',
   ].filter(Boolean).join(' ');
 
   // Build command with cd to correct directory and environment variables
@@ -360,31 +365,33 @@ tap.test('RubyGems CLI: should unyank a version', async () => {
   const gemName = 'test-gem-cli';
   const version = '1.0.0';
 
-  const result = await runGemCommand(
-    `gem yank ${gemName} -v ${version} --undo --host ${registryUrl}/rubygems`,
-    testDir
+  // Use PUT /api/v1/gems/unyank via HTTP API (gem yank --undo removed in Ruby 4.0)
+  const response = await fetch(
+    `${registryUrl}/rubygems/api/v1/gems/unyank?gem_name=${gemName}&version=${version}`,
+    {
+      method: 'PUT',
+      headers: {
+        'Authorization': rubygemsToken,
+      },
+    }
   );
-  console.log('gem unyank output:', result.stdout);
-  console.log('gem unyank stderr:', result.stderr);
+  console.log('gem unyank status:', response.status);
 
-  expect(result.exitCode).toEqual(0);
+  expect(response.status).toEqual(200);
 
   // Verify version is not yanked in /versions file
-  const response = await fetch(`${registryUrl}/rubygems/versions`);
-  const versionsData = await response.text();
+  const versionsResponse = await fetch(`${registryUrl}/rubygems/versions`);
+  const versionsData = await versionsResponse.text();
   console.log('Versions after unyank:', versionsData);
 
-  // Should not have '-' prefix anymore (or have both without prefix)
-  // Check that we have the version without yank marker
+  // Should not have '-' prefix anymore
   const lines = versionsData.trim().split('\n');
   const gemLine = lines.find(line => line.startsWith(gemName));
 
   if (gemLine) {
-    // Parse format: "gemname version[,version...] md5"
     const parts = gemLine.split(' ');
     const versions = parts[1];
 
-    // Should have 1.0.0 without '-' prefix
     expect(versions).toContain('1.0.0');
     expect(versions).not.toContain('-1.0.0');
   }

test/test.rubygems.ts

@@ -324,13 +324,9 @@ tap.test('RubyGems: should retrieve versions JSON (GET /rubygems/api/v1/versions
   expect(response.status).toEqual(200);
   expect(response.headers['Content-Type']).toEqual('application/json');
   const json = await streamToJson(response.body);
-  expect(json).toBeTypeOf('object');
-
-  expect(json).toHaveProperty('name');
-  expect(json.name).toEqual(testGemName);
-  expect(json).toHaveProperty('versions');
-  expect(json.versions).toBeTypeOf('object');
-  expect(json.versions.length).toBeGreaterThan(0);
+  expect(json).toBeInstanceOf(Array);
+  expect(json.length).toBeGreaterThan(0);
+  expect(json[0]).toHaveProperty('number');
 });
 
 tap.test('RubyGems: should retrieve dependencies JSON (GET /rubygems/api/v1/dependencies)', async () => {

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartregistry',
-  version: '2.8.0',
+  version: '2.8.2',
   description: 'A composable TypeScript library implementing OCI, NPM, Maven, Cargo, Composer, PyPI, and RubyGems registries for building unified container and package registries'
 }

ts/maven/classes.mavenregistry.ts

@@ -110,9 +110,17 @@ export class MavenRegistry extends BaseRegistry {
     let token: IAuthToken | null = null;
 
     if (authHeader) {
-      const tokenString = authHeader.replace(/^(Bearer|Basic)\s+/i, '');
-      // For now, try to validate as Maven token (reuse npm token type)
-      token = await this.authManager.validateToken(tokenString, 'maven');
+      if (/^Basic\s+/i.test(authHeader)) {
+        // Maven sends Basic Auth: base64(username:password) — extract the password as token
+        const base64 = authHeader.replace(/^Basic\s+/i, '');
+        const decoded = Buffer.from(base64, 'base64').toString('utf-8');
+        const colonIndex = decoded.indexOf(':');
+        const password = colonIndex >= 0 ? decoded.substring(colonIndex + 1) : decoded;
+        token = await this.authManager.validateToken(password, 'maven');
+      } else {
+        const tokenString = authHeader.replace(/^Bearer\s+/i, '');
+        token = await this.authManager.validateToken(tokenString, 'maven');
+      }
     }
 
     // Build actor from context and validated token
@@ -240,9 +248,19 @@ export class MavenRegistry extends BaseRegistry {
       return this.getChecksum(groupId, artifactId, version, coordinate, path);
     }
 
+    // Accept PUT silently — Maven deploy-plugin uploads checksums alongside artifacts,
+    // but our registry auto-generates them, so we just acknowledge the upload
+    if (method === 'PUT') {
+      return {
+        status: 200,
+        headers: {},
+        body: { status: 'ok' },
+      };
+    }
+
     return {
       status: 405,
-      headers: { 'Allow': 'GET, HEAD' },
+      headers: { 'Allow': 'GET, HEAD, PUT' },
       body: { error: 'METHOD_NOT_ALLOWED', message: 'Checksums are auto-generated' },
     };
   }
@@ -275,9 +293,19 @@ export class MavenRegistry extends BaseRegistry {
       return this.getMetadata(groupId, artifactId, actor);
     }
 
+    // Accept PUT silently — Maven deploy-plugin uploads maven-metadata.xml,
+    // but our registry auto-generates it, so we just acknowledge the upload
+    if (method === 'PUT') {
+      return {
+        status: 200,
+        headers: {},
+        body: { status: 'ok' },
+      };
+    }
+
     return {
       status: 405,
-      headers: { 'Allow': 'GET' },
+      headers: { 'Allow': 'GET, PUT' },
       body: { error: 'METHOD_NOT_ALLOWED', message: 'Metadata is auto-generated' },
     };
   }

ts/npm/classes.npmregistry.ts

@@ -749,6 +749,22 @@ export class NpmRegistry extends BaseRegistry {
       this.logger.log('error', 'handleSearch failed', { error: (error as Error).message });
     }
 
+    // Sort results by relevance: exact match first, then prefix match, then substring match
+    if (text) {
+      const lowerText = text.toLowerCase();
+      results.sort((a, b) => {
+        const aName = a.package.name.toLowerCase();
+        const bName = b.package.name.toLowerCase();
+        const aExact = aName === lowerText ? 0 : 1;
+        const bExact = bName === lowerText ? 0 : 1;
+        if (aExact !== bExact) return aExact - bExact;
+        const aPrefix = aName.startsWith(lowerText) ? 0 : 1;
+        const bPrefix = bName.startsWith(lowerText) ? 0 : 1;
+        if (aPrefix !== bPrefix) return aPrefix - bPrefix;
+        return aName.localeCompare(bName);
+      });
+    }
+
     // Apply pagination
     const paginatedResults = results.slice(from, from + size);
 

ts/oci/classes.ociregistry.ts

@@ -126,7 +126,8 @@ export class OciRegistry extends BaseRegistry {
     };
 
     // Route to appropriate handler
-    if (path === '/' || path === '') {
+    // OCI spec: GET /v2/ is the version check endpoint
+    if (path === '/' || path === '' || path === '/v2/' || path === '/v2') {
       return this.handleVersionCheck();
     }
 

ts/rubygems/helpers.rubygems.ts

@@ -254,14 +254,12 @@ export function generateVersionsJson(
     uploadTime?: string;
   }>
 ): any {
-  return {
-    name: gemName,
-    versions: versions.map(v => ({
-      number: v.version,
-      platform: v.platform || 'ruby',
-      built_at: v.uploadTime,
-    })),
-  };
+  // RubyGems.org API returns a flat array at /api/v1/versions/{gem}.json
+  return versions.map(v => ({
+    number: v.version,
+    platform: v.platform || 'ruby',
+    built_at: v.uploadTime,
+  }));
 }
 
 /**