Initial commit

Author: nickwinder

.env.example

@@ -0,0 +1,7 @@
+# Nutrient DWS Processor API Configuration for Testing
+NUTRIENT_API_KEY=your_api_key_here
+NUTRIENT_BASE_URL=https://api.nutrient.io
+
+# Development Settings
+DEBUG=true
+NODE_ENV=development

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,42 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: 'bug: [brief description]'
+labels: bug
+assignees: ''
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Initialize client with '...'
+2. Call method '....'
+3. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Code Example**
+```typescript
+// Provide a minimal code example that reproduces the issue
+const client = new NutrientClient({
+  apiKey: 'your-api-key'
+});
+
+// Code that causes the bug
+```
+
+**Error Details**
+```
+Paste the full error message and stack trace here
+```
+
+**Environment:**
+- Library version: [e.g. 1.0.0]
+- Node.js version: [e.g. 18.0.0]
+- OS: [e.g. macOS 12.0]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,45 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: 'feat: [brief description]'
+labels: enhancement
+assignees: ''
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**API Design Proposal**
+```typescript
+// If applicable, provide a proposed API design
+interface NewFeature {
+  // Proposed interfaces, methods, etc.
+}
+
+// Usage example
+const result = await client.newMethod({
+  // Example usage
+});
+```
+
+**Use Cases**
+Describe specific use cases where this feature would be beneficial:
+1. Use case 1
+2. Use case 2
+3. Use case 3
+
+**Additional context**
+Add any other context, screenshots, or examples about the feature request here.
+
+**Implementation Notes**
+<!-- For maintainers -->
+- [ ] Breaking change
+- [ ] Requires API changes
+- [ ] Affects documentation
+- [ ] Requires new dependencies

.github/SETUP_SECRETS.md

@@ -0,0 +1,107 @@
+# Setting Up GitHub Secrets for Integration Tests
+
+## ⚠️ IMPORTANT SECURITY NOTICE
+
+**NEVER commit API keys or secrets directly to your repository!** Always use GitHub Secrets for sensitive information.
+
+## Required Secrets
+
+To run the Integration tests in GitHub Actions, you need to configure the following secrets:
+
+### 1. NUTRIENT_API_KEY (Required)
+Your Nutrient DWS Processor API key for running integration tests.
+
+### 2. NPM_TOKEN (Optional)
+Required only if you want to automatically publish to NPM.
+
+### 3. SNYK_TOKEN (Optional)
+Required only if you want to run Snyk security scans.
+
+## How to Add Secrets
+
+1. Go to your repository on GitHub
+2. Click on **Settings** (you need admin access)
+3. In the left sidebar, click **Secrets and variables** → **Actions**
+4. Click **New repository secret**
+5. Add each secret:
+   - Name: `NUTRIENT_API_KEY`
+   - Value: Your API key (without quotes)
+   - Click **Add secret**
+
+## Security Best Practices
+
+### 1. Rotate API Keys Regularly
+- Create a schedule to rotate your API keys every 90 days
+- Update the GitHub secret when you rotate keys
+
+### 2. Use Scoped API Keys
+- If possible, use API keys with limited scope for testing
+- Never use production API keys for testing
+
+### 3. Monitor Usage
+- Regularly check your API key usage
+- Set up alerts for unusual activity
+
+### 4. Restrict Secret Access
+- GitHub secrets are only available to workflows running on your repository
+- They are not exposed to pull requests from forks
+- Integration tests only run on:
+  - Pushes to main branch
+  - Pull requests from the same repository
+
+### 5. Environment-Specific Keys
+Consider using different API keys for different environments:
+
+```yaml
+# In your workflow
+env:
+  NUTRIENT_API_KEY: ${{ github.ref == 'refs/heads/main' && secrets.NUTRIENT_API_KEY_PROD || secrets.NUTRIENT_API_KEY_DEV }}
+```
+
+## Workflow Security Features
+
+Our GitHub Actions workflows include several security features:
+
+1. **Secret Scanning**: Automatically checks for hardcoded secrets
+2. **Dependency Scanning**: Checks for vulnerable dependencies
+3. **Code Scanning**: Uses CodeQL to find security vulnerabilities
+4. **Limited Integration Execution**: Integration tests only run on trusted sources
+
+## Local Development
+
+For local development, use environment variables:
+
+```bash
+# Create a .env file (already in .gitignore)
+echo "NUTRIENT_API_KEY=your_api_key_here" > .env
+
+# Run integration tests locally
+source .env
+npm run test:integration
+```
+
+## Troubleshooting
+
+### Integration Tests Not Running
+- Check that the secret is properly set in GitHub
+- Verify the secret name matches exactly: `NUTRIENT_API_KEY`
+- Check the workflow logs for authentication errors
+
+### Authentication Errors
+- Ensure the API key is valid and active
+- Check that the API key has the necessary permissions
+- Verify the API key format (no extra spaces or quotes)
+
+## Emergency Response
+
+If an API key is accidentally exposed:
+
+1. **Immediately revoke the exposed key** in your Nutrient dashboard
+2. **Generate a new API key**
+3. **Update the GitHub secret** with the new key
+4. **Check logs** for any unauthorized usage
+5. **Run security scan** to ensure no other secrets are exposed
+
+## Questions?
+
+If you have questions about security or need help setting up secrets, please open an issue (without including any sensitive information).

.github/pull_request_template.md

@@ -0,0 +1,75 @@
+## Summary
+Brief description of what this PR does and why it's needed.
+
+## Type of Change
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] Documentation update
+- [ ] Refactoring (no functional changes)
+- [ ] Performance improvement
+- [ ] Test addition/update
+
+## Changes Made
+<!-- List the specific changes made in this PR -->
+- 
+- 
+- 
+
+## Related Issues
+<!-- Link to any related issues -->
+Closes #
+Fixes #
+Relates to #
+
+## Testing
+<!-- Describe how you tested your changes -->
+- [ ] Unit tests added/updated
+- [ ] All existing tests pass
+- [ ] Manual testing performed
+- [ ] Integration tests added (if applicable)
+
+### Test Coverage
+<!-- If adding new functionality, describe test coverage -->
+- [ ] New code has >90% test coverage
+- [ ] Edge cases are covered
+- [ ] Error scenarios are tested
+
+## Pre-submission Checklist
+<!-- Ensure all items are checked before submitting -->
+- [ ] **All commits follow conventional format** (`type(scope): description`)
+- [ ] **Each commit is atomic** (one logical change per commit)
+- [ ] **All tests pass**: `npm test`
+- [ ] **Code is properly formatted**: `npm run format`
+- [ ] **No linting errors**: `npm run lint`
+- [ ] **TypeScript compiles**: `npm run typecheck`
+- [ ] **Build succeeds**: `npm run build`
+- [ ] **Branch is up to date** with main branch
+- [ ] **Self-reviewed** the changes before requesting review
+
+## Documentation
+- [ ] JSDoc comments added for new public APIs
+- [ ] README updated (if needed)
+- [ ] Breaking changes documented
+- [ ] Migration guide provided (for breaking changes)
+
+## Performance Impact
+<!-- If applicable, describe any performance implications -->
+- [ ] No performance impact
+- [ ] Performance improvement (describe)
+- [ ] Potential performance regression (describe and justify)
+
+## Backwards Compatibility
+- [ ] Fully backwards compatible
+- [ ] Deprecates existing functionality (provide timeline)
+- [ ] Breaking change (increment major version)
+
+## Screenshots/Examples
+<!-- If applicable, add screenshots or code examples -->
+
+## Additional Notes
+<!-- Any additional information that reviewers should know -->
+
+---
+
+**Reviewer Note**: Please ensure this PR follows our [Contributing Guidelines](../CONTRIBUTING.md) and meets all code review criteria.

.github/workflows/ci.yml

@@ -0,0 +1,88 @@
+name: CI
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  lint-and-type-check:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Use Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: '20.x'
+        cache: 'npm'
+    
+    - name: Install dependencies
+      run: npm ci
+    
+    - name: Run linting
+      run: npm run lint
+    
+    - name: Run type checking
+      run: npm run typecheck
+
+  unit-tests:
+    runs-on: ubuntu-latest
+    needs: lint-and-type-check
+    
+    strategy:
+      matrix:
+        node-version: [18.x, 20.x]
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: 'npm'
+    
+    - name: Install dependencies
+      run: npm ci
+    
+    - name: Run unit tests with coverage
+      run: npm test -- --coverage --testPathPatterns='^((?!integration).)*$'
+    
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v3
+      if: matrix.os == 'ubuntu-latest' && matrix.node-version == '20.x'
+      with:
+        file: ./coverage/lcov.info
+        flags: unittests
+        name: codecov-umbrella
+
+
+  build:
+    runs-on: ubuntu-latest
+    needs: [lint-and-type-check, unit-tests]
+    
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Use Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: '20.x'
+        cache: 'npm'
+    
+    - name: Install dependencies
+      run: npm ci
+    
+    - name: Build
+      run: npm run build
+    
+    - name: Verify build outputs
+      run: |
+        ls -la dist/
+        test -f dist/index.js
+        test -f dist/index.cjs
+        test -f dist/index.d.ts