npm - @beignet/core - Versions diffs - 0.0.2 → 0.0.4 - Mend

@beignet/core 0.0.2 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (360) hide show

package/CHANGELOG.md +173 -0
package/README.md +821 -30
package/dist/application/index.d.ts +28 -2
package/dist/application/index.d.ts.map +1 -1
package/dist/application/index.js +140 -12
package/dist/application/index.js.map +1 -1
package/dist/client/client.d.ts +2 -2
package/dist/client/client.d.ts.map +1 -1
package/dist/client/client.js +136 -48
package/dist/client/client.js.map +1 -1
package/dist/client/error-messages.d.ts +14 -0
package/dist/client/error-messages.d.ts.map +1 -0
package/dist/client/error-messages.js +23 -0
package/dist/client/error-messages.js.map +1 -0
package/dist/client/index.d.ts +8 -4
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +6 -2
package/dist/client/index.js.map +1 -1
package/dist/client/types.d.ts +35 -5
package/dist/client/types.d.ts.map +1 -1
package/dist/client-only.d.ts +8 -0
package/dist/client-only.d.ts.map +1 -0
package/dist/client-only.js +8 -0
package/dist/client-only.js.map +1 -0
package/dist/config/index.d.ts +5 -5
package/dist/config/index.d.ts.map +1 -1
package/dist/config/index.js +2 -2
package/dist/config/index.js.map +1 -1
package/dist/contracts/catalog-errors.d.ts +27 -0
package/dist/contracts/catalog-errors.d.ts.map +1 -0
package/dist/contracts/catalog-errors.js +69 -0
package/dist/contracts/catalog-errors.js.map +1 -0
package/dist/contracts/contract-builder.d.ts +15 -12
package/dist/contracts/contract-builder.d.ts.map +1 -1
package/dist/contracts/contract-builder.js +15 -41
package/dist/contracts/contract-builder.js.map +1 -1
package/dist/contracts/contract-group.d.ts +11 -8
package/dist/contracts/contract-group.d.ts.map +1 -1
package/dist/contracts/contract-group.js +13 -40
package/dist/contracts/contract-group.js.map +1 -1
package/dist/contracts/contract-like.d.ts +1 -1
package/dist/contracts/contract-like.d.ts.map +1 -1
package/dist/contracts/index.d.ts +13 -9
package/dist/contracts/index.d.ts.map +1 -1
package/dist/contracts/index.js +9 -5
package/dist/contracts/index.js.map +1 -1
package/dist/contracts/openapi-meta.d.ts +48 -0
package/dist/contracts/openapi-meta.d.ts.map +1 -1
package/dist/contracts/openapi-meta.js +3 -0
package/dist/contracts/openapi-meta.js.map +1 -1
package/dist/contracts/path-template.d.ts +1 -1
package/dist/contracts/path-template.js +2 -2
package/dist/contracts/path-template.js.map +1 -1
package/dist/contracts/schema-shape.d.ts +37 -0
package/dist/contracts/schema-shape.d.ts.map +1 -0
package/dist/contracts/schema-shape.js +61 -0
package/dist/contracts/schema-shape.js.map +1 -0
package/dist/contracts/success-status.d.ts +32 -0
package/dist/contracts/success-status.d.ts.map +1 -0
package/dist/contracts/success-status.js +18 -0
package/dist/contracts/success-status.js.map +1 -0
package/dist/contracts/types.d.ts +25 -5
package/dist/contracts/types.d.ts.map +1 -1
package/dist/contracts/types.js.map +1 -1
package/dist/contracts/utils.d.ts +1 -1
package/dist/contracts/utils.d.ts.map +1 -1
package/dist/contracts/utils.js +1 -1
package/dist/contracts/utils.js.map +1 -1
package/dist/domain/events.d.ts +1 -1
package/dist/domain/events.d.ts.map +1 -1
package/dist/domain/events.js +1 -1
package/dist/domain/events.js.map +1 -1
package/dist/domain/index.d.ts +3 -3
package/dist/domain/index.d.ts.map +1 -1
package/dist/domain/index.js +3 -3
package/dist/domain/index.js.map +1 -1
package/dist/errors/catalog.d.ts +9 -1
package/dist/errors/catalog.d.ts.map +1 -1
package/dist/errors/catalog.js +7 -1
package/dist/errors/catalog.js.map +1 -1
package/dist/errors/http.d.ts +10 -0
package/dist/errors/http.d.ts.map +1 -1
package/dist/errors/http.js +11 -1
package/dist/errors/http.js.map +1 -1
package/dist/errors/index.d.ts +4 -4
package/dist/errors/index.d.ts.map +1 -1
package/dist/errors/index.js +4 -4
package/dist/errors/index.js.map +1 -1
package/dist/errors/response.d.ts +4 -1
package/dist/errors/response.d.ts.map +1 -1
package/dist/errors/response.js.map +1 -1
package/dist/events/index.d.ts +10 -12
package/dist/events/index.d.ts.map +1 -1
package/dist/events/index.js +10 -10
package/dist/events/index.js.map +1 -1
package/dist/idempotency/index.d.ts +5 -3
package/dist/idempotency/index.d.ts.map +1 -1
package/dist/idempotency/index.js.map +1 -1
package/dist/jobs/index.d.ts +148 -16
package/dist/jobs/index.d.ts.map +1 -1
package/dist/jobs/index.js +174 -14
package/dist/jobs/index.js.map +1 -1
package/dist/notifications/index.d.ts +14 -16
package/dist/notifications/index.d.ts.map +1 -1
package/dist/notifications/index.js +14 -14
package/dist/notifications/index.js.map +1 -1
package/dist/openapi/index.d.ts +8 -3
package/dist/openapi/index.d.ts.map +1 -1
package/dist/openapi/index.js +41 -29
package/dist/openapi/index.js.map +1 -1
package/dist/openapi/schema-introspector.d.ts +37 -0
package/dist/openapi/schema-introspector.d.ts.map +1 -1
package/dist/openapi/schema-introspector.js +23 -17
package/dist/openapi/schema-introspector.js.map +1 -1
package/dist/outbox/index.d.ts +18 -4
package/dist/outbox/index.d.ts.map +1 -1
package/dist/outbox/index.js +104 -4
package/dist/outbox/index.js.map +1 -1
package/dist/ports/audit.d.ts +56 -10
package/dist/ports/audit.d.ts.map +1 -1
package/dist/ports/audit.js +71 -3
package/dist/ports/audit.js.map +1 -1
package/dist/ports/auth.d.ts +92 -0
package/dist/ports/auth.d.ts.map +1 -1
package/dist/ports/auth.js +92 -0
package/dist/ports/auth.js.map +1 -1
package/dist/ports/events.d.ts +2 -2
package/dist/ports/events.d.ts.map +1 -1
package/dist/ports/index.d.ts +62 -33
package/dist/ports/index.d.ts.map +1 -1
package/dist/ports/index.js +28 -34
package/dist/ports/index.js.map +1 -1
package/dist/ports/policy.d.ts +32 -3
package/dist/ports/policy.d.ts.map +1 -1
package/dist/ports/policy.js +13 -2
package/dist/ports/policy.js.map +1 -1
package/dist/ports/testing.d.ts +1030 -2
package/dist/ports/testing.d.ts.map +1 -1
package/dist/ports/testing.js +1031 -1
package/dist/ports/testing.js.map +1 -1
package/dist/ports/unbound.d.ts +21 -0
package/dist/ports/unbound.d.ts.map +1 -0
package/dist/ports/unbound.js +57 -0
package/dist/ports/unbound.js.map +1 -0
package/dist/ports/unit-of-work.d.ts +1 -1
package/dist/ports/unit-of-work.d.ts.map +1 -1
package/dist/ports/unit-of-work.js +1 -1
package/dist/ports/unit-of-work.js.map +1 -1
package/dist/providers/index.d.ts +3 -2
package/dist/providers/index.d.ts.map +1 -1
package/dist/providers/index.js +3 -2
package/dist/providers/index.js.map +1 -1
package/dist/providers/instrumentation.d.ts +46 -5
package/dist/providers/instrumentation.d.ts.map +1 -1
package/dist/providers/instrumentation.js +25 -6
package/dist/providers/instrumentation.js.map +1 -1
package/dist/providers/metadata.d.ts +39 -0
package/dist/providers/metadata.d.ts.map +1 -0
package/dist/providers/metadata.js +169 -0
package/dist/providers/metadata.js.map +1 -0
package/dist/providers/provider.d.ts +114 -9
package/dist/providers/provider.d.ts.map +1 -1
package/dist/providers/provider.js +3 -20
package/dist/providers/provider.js.map +1 -1
package/dist/schedules/index.d.ts +94 -13
package/dist/schedules/index.d.ts.map +1 -1
package/dist/schedules/index.js +66 -12
package/dist/schedules/index.js.map +1 -1
package/dist/server/audit-context.d.ts +29 -0
package/dist/server/audit-context.d.ts.map +1 -0
package/dist/server/audit-context.js +44 -0
package/dist/server/audit-context.js.map +1 -0
package/dist/server/context.d.ts +141 -0
package/dist/server/context.d.ts.map +1 -0
package/dist/server/context.js +39 -0
package/dist/server/context.js.map +1 -0
package/dist/server/contract-like.d.ts +1 -1
package/dist/server/contract-like.d.ts.map +1 -1
package/dist/server/contract-like.js +1 -1
package/dist/server/contract-like.js.map +1 -1
package/dist/server/health.d.ts +2 -2
package/dist/server/health.d.ts.map +1 -1
package/dist/server/hooks/auth.d.ts +89 -65
package/dist/server/hooks/auth.d.ts.map +1 -1
package/dist/server/hooks/auth.js +84 -55
package/dist/server/hooks/auth.js.map +1 -1
package/dist/server/hooks/cors.d.ts +1 -1
package/dist/server/hooks/cors.d.ts.map +1 -1
package/dist/server/hooks/errors.d.ts +2 -2
package/dist/server/hooks/errors.d.ts.map +1 -1
package/dist/server/hooks/errors.js +2 -2
package/dist/server/hooks/errors.js.map +1 -1
package/dist/server/hooks/idempotency.d.ts +78 -0
package/dist/server/hooks/idempotency.d.ts.map +1 -0
package/dist/server/hooks/idempotency.js +154 -0
package/dist/server/hooks/idempotency.js.map +1 -0
package/dist/server/hooks/index.d.ts +8 -7
package/dist/server/hooks/index.d.ts.map +1 -1
package/dist/server/hooks/index.js +6 -5
package/dist/server/hooks/index.js.map +1 -1
package/dist/server/hooks/logging.d.ts +2 -2
package/dist/server/hooks/logging.d.ts.map +1 -1
package/dist/server/hooks/logging.js +1 -1
package/dist/server/hooks/logging.js.map +1 -1
package/dist/server/hooks/rate-limit.d.ts +25 -7
package/dist/server/hooks/rate-limit.d.ts.map +1 -1
package/dist/server/hooks/rate-limit.js +47 -12
package/dist/server/hooks/rate-limit.js.map +1 -1
package/dist/server/hooks.d.ts +1 -1
package/dist/server/hooks.d.ts.map +1 -1
package/dist/server/hooks.js +1 -1
package/dist/server/hooks.js.map +1 -1
package/dist/server/http.d.ts +84 -6
package/dist/server/http.d.ts.map +1 -1
package/dist/server/index.d.ts +36 -12
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +24 -8
package/dist/server/index.js.map +1 -1
package/dist/server/instrumentation.d.ts +108 -0
package/dist/server/instrumentation.d.ts.map +1 -0
package/dist/server/instrumentation.js +297 -0
package/dist/server/instrumentation.js.map +1 -0
package/dist/server/openapi.d.ts +3 -3
package/dist/server/openapi.d.ts.map +1 -1
package/dist/server/openapi.js +1 -1
package/dist/server/openapi.js.map +1 -1
package/dist/server/providers/index.d.ts +3 -3
package/dist/server/providers/index.d.ts.map +1 -1
package/dist/server/providers/index.js +3 -3
package/dist/server/providers/index.js.map +1 -1
package/dist/server/providers/loadProviderConfig.d.ts +2 -2
package/dist/server/providers/loadProviderConfig.d.ts.map +1 -1
package/dist/server/providers/loadProviderConfig.js +2 -2
package/dist/server/providers/loadProviderConfig.js.map +1 -1
package/dist/server/request-context.d.ts +67 -0
package/dist/server/request-context.d.ts.map +1 -0
package/dist/server/request-context.js +79 -0
package/dist/server/request-context.js.map +1 -0
package/dist/server/server-context.d.ts +38 -0
package/dist/server/server-context.d.ts.map +1 -0
package/dist/server/server-context.js +38 -0
package/dist/server/server-context.js.map +1 -0
package/dist/server/server.d.ts +148 -35
package/dist/server/server.d.ts.map +1 -1
package/dist/server/server.js +482 -145
package/dist/server/server.js.map +1 -1
package/dist/server/types.d.ts +2 -2
package/dist/server/types.d.ts.map +1 -1
package/dist/server/types.js +2 -2
package/dist/server/types.js.map +1 -1
package/dist/server/use-case-route.d.ts +263 -0
package/dist/server/use-case-route.d.ts.map +1 -0
package/dist/server/use-case-route.js +77 -0
package/dist/server/use-case-route.js.map +1 -0
package/dist/server-only.d.ts +8 -0
package/dist/server-only.d.ts.map +1 -0
package/dist/server-only.js +8 -0
package/dist/server-only.js.map +1 -0
package/dist/tasks/index.d.ts +139 -0
package/dist/tasks/index.d.ts.map +1 -0
package/dist/tasks/index.js +98 -0
package/dist/tasks/index.js.map +1 -0
package/dist/testing/index.d.ts +611 -5
package/dist/testing/index.d.ts.map +1 -1
package/dist/testing/index.js +434 -4
package/dist/testing/index.js.map +1 -1
package/dist/tracing/index.d.ts +89 -0
package/dist/tracing/index.d.ts.map +1 -0
package/dist/tracing/index.js +101 -0
package/dist/tracing/index.js.map +1 -0
package/dist/uploads/client.d.ts +278 -0
package/dist/uploads/client.d.ts.map +1 -0
package/dist/uploads/client.js +428 -0
package/dist/uploads/client.js.map +1 -0
package/dist/uploads/index.d.ts +361 -0
package/dist/uploads/index.d.ts.map +1 -0
package/dist/uploads/index.js +543 -0
package/dist/uploads/index.js.map +1 -0
package/package.json +34 -3
package/src/application/index.ts +193 -10
package/src/client/client.ts +148 -150
package/src/client/error-messages.ts +35 -0
package/src/client/index.ts +12 -4
package/src/client/types.ts +44 -5
package/src/client-only.ts +7 -0
package/src/config/index.ts +6 -6
package/src/contracts/catalog-errors.ts +115 -0
package/src/contracts/contract-builder.ts +39 -76
package/src/contracts/contract-group.ts +33 -68
package/src/contracts/contract-like.ts +1 -1
package/src/contracts/index.ts +24 -11
package/src/contracts/openapi-meta.ts +55 -0
package/src/contracts/path-template.ts +2 -2
package/src/contracts/schema-shape.ts +75 -0
package/src/contracts/success-status.ts +68 -0
package/src/contracts/types.ts +32 -5
package/src/contracts/utils.ts +5 -2
package/src/domain/events.ts +6 -2
package/src/domain/index.ts +3 -3
package/src/errors/catalog.ts +9 -1
package/src/errors/http.ts +11 -1
package/src/errors/index.ts +4 -4
package/src/errors/response.ts +4 -1
package/src/events/index.ts +12 -26
package/src/idempotency/index.ts +5 -3
package/src/jobs/index.ts +340 -29
package/src/notifications/index.ts +17 -27
package/src/openapi/index.ts +73 -38
package/src/openapi/schema-introspector.ts +68 -17
package/src/outbox/index.ts +151 -6
package/src/ports/audit.ts +120 -11
package/src/ports/auth.ts +132 -0
package/src/ports/events.ts +2 -2
package/src/ports/index.ts +104 -35
package/src/ports/policy.ts +50 -3
package/src/ports/testing.ts +2220 -33
package/src/ports/unbound.ts +64 -0
package/src/ports/unit-of-work.ts +6 -2
package/src/providers/index.ts +16 -3
package/src/providers/instrumentation.ts +93 -8
package/src/providers/metadata.ts +234 -0
package/src/providers/provider.ts +168 -9
package/src/schedules/index.ts +173 -23
package/src/server/audit-context.ts +45 -0
package/src/server/context.ts +224 -0
package/src/server/contract-like.ts +1 -1
package/src/server/health.ts +2 -2
package/src/server/hooks/auth.ts +175 -158
package/src/server/hooks/cors.ts +1 -1
package/src/server/hooks/errors.ts +7 -4
package/src/server/hooks/idempotency.ts +263 -0
package/src/server/hooks/index.ts +15 -12
package/src/server/hooks/logging.ts +3 -3
package/src/server/hooks/rate-limit.ts +85 -17
package/src/server/hooks.ts +1 -1
package/src/server/http.ts +112 -6
package/src/server/index.ts +63 -12
package/src/server/instrumentation.ts +470 -0
package/src/server/openapi.ts +4 -4
package/src/server/providers/index.ts +6 -3
package/src/server/providers/loadProviderConfig.ts +4 -4
package/src/server/request-context.ts +116 -0
package/src/server/server-context.ts +44 -0
package/src/server/server.ts +1045 -229
package/src/server/types.ts +2 -2
package/src/server/use-case-route.ts +430 -0
package/src/server-only.ts +7 -0
package/src/tasks/index.ts +275 -0
package/src/testing/index.ts +1153 -6
package/src/tracing/index.ts +176 -0
package/src/uploads/client.ts +861 -0
package/src/uploads/index.ts +1071 -0
package/dist/ports/mailer.d.ts +0 -6
package/dist/ports/mailer.d.ts.map +0 -1
package/dist/ports/mailer.js +0 -2
package/dist/ports/mailer.js.map +0 -1
package/dist/ports/schedules.d.ts +0 -9
package/dist/ports/schedules.d.ts.map +0 -1
package/dist/ports/schedules.js +0 -2
package/dist/ports/schedules.js.map +0 -1

package/dist/server/hooks/auth.d.ts CHANGED Viewed

@@ -1,99 +1,123 @@
-import { type AuthPort, type AuthSession } from "../../ports";
-import type { HttpRequestLike, HttpResponse, ServerHook } from "../types";
+import type { InferOutput, StandardSchema } from "../../contracts/index.js";
+import type { HttpRequestLike, RouteHook } from "../types.js";
 type MaybePromise<T> = T | Promise<T>;
 /**
- * Authentication mode for one matched contract.
+ * Arguments passed to auth route-hook callbacks.
  */
-export type AuthHookMode = "public" | "optional" | "required";
-/**
- * Input accepted when resolving auth mode from contract metadata or options.
- *
- * `true` maps to `"required"`; `false`, `null`, and `undefined` map to
- * `"public"`.
- */
-export type AuthHookModeInput = AuthHookMode | boolean | null | undefined;
-/**
- * Minimal context shape required when `createAuthHooks(...)` reads
- * `ctx.ports.auth`.
- */
-export type CtxWithAuthPort = {
-    ports: {
-        auth: AuthPort;
-    };
-};
-/**
- * Arguments passed to auth hook callbacks.
- */
-export type AuthHookArgs<Ctx> = {
+export type AuthHookArgs<Ctx, HeadersSchema extends StandardSchema | undefined = undefined> = {
+    /**
+     * Framework-neutral request.
+     */
     req: HttpRequestLike;
+    /**
+     * Current route handler context.
+     */
     ctx: Ctx;
+    /**
+     * Matched contract metadata and schemas.
+     */
     contract: {
         metadata?: Record<string, unknown>;
     };
+    /**
+     * Parsed path parameters.
+     */
     path: unknown;
+    /**
+     * Parsed query parameters.
+     */
     query: unknown;
-    headers: unknown;
+    /**
+     * Hook-owned request headers.
+     *
+     * When the auth hooks declare a `headers` schema, this is that schema's
+     * output parsed from the raw lowercase request header record. Without a
+     * schema it is the raw lowercase header record itself, so auth resolution
+     * never depends on each route's contract header schema.
+     */
+    headers: HeadersSchema extends StandardSchema ? InferOutput<HeadersSchema> : Record<string, string>;
+    /**
+     * Parsed request body.
+     */
     body: unknown;
 };
 /**
- * Arguments passed to the auth `assign` callback.
- */
-export type AuthHookAssignArgs<Ctx, Session> = AuthHookArgs<Ctx> & {
-    session: Session | null;
-};
-/**
- * Arguments passed to the auth `unauthorized` callback.
- */
-export type AuthHookUnauthorizedArgs<Ctx, Session> = AuthHookArgs<Ctx> & {
-    session: Session | null;
-};
-/**
- * Options for `createAuthHooks(...)`.
+ * Options for route-scoped auth hooks.
+ *
+ * Auth additions must not include `gate`: the server re-attaches the gate
+ * declared by the context blueprint after every hook, so elevated identities
+ * are authorized against the updated context automatically.
  */
-export type AuthHooksOptions<Ctx, Session> = {
+export type AuthHooksOptions<Ctx, AddedCtx extends object & {
+    gate?: never;
+}, HeadersSchema extends StandardSchema | undefined = undefined> = {
     /**
-     * Hook name used in diagnostics.
+     * Hook name prefix used in diagnostics.
      */
     name?: string;
     /**
-     * Resolve whether the current contract is public, optional-auth, or required-auth.
+     * Optional Standard Schema for the credential headers this hook reads.
+     *
+     * The schema is validated against the raw lowercase request header record
+     * before `resolve` runs. On `required()` hooks a schema failure rejects the
+     * request with a framework-owned 401; on `optional()` hooks a schema failure
+     * skips auth resolution; `public()` hooks never parse headers.
      */
-    mode?: (args: AuthHookArgs<Ctx>) => MaybePromise<AuthHookModeInput>;
+    headers?: HeadersSchema;
     /**
-     * Custom session lookup. Required when context does not expose
-     * `ctx.ports.auth`.
+     * Resolve authenticated context additions for the current request.
+     *
+     * Return `null` when the request is unauthenticated. Required hooks will
+     * reject that request; optional hooks will add no auth context.
      */
-    getSession?: (args: AuthHookArgs<Ctx>) => MaybePromise<Session | null>;
+    resolve: (args: AuthHookArgs<Ctx, HeadersSchema>) => MaybePromise<AddedCtx | null>;
+};
+/**
+ * Route-scoped auth hook set.
+ */
+export type AuthRouteHooks<Ctx, AddedCtx extends object & {
+    gate?: never;
+}> = {
     /**
-     * Decide whether a resolved session counts as authenticated.
+     * Mark a route as intentionally public.
      */
-    isAuthenticated?: (session: Session | null) => boolean;
+    public: () => RouteHook<Ctx, Record<string, never>>;
     /**
-     * Return an updated context with auth/session fields attached.
+     * Resolve auth when present and add optional auth fields to the handler ctx.
      */
-    assign?: (args: AuthHookAssignArgs<Ctx, Session>) => MaybePromise<Ctx>;
+    optional: () => RouteHook<Ctx, Partial<AddedCtx>>;
     /**
-     * Return a custom unauthorized response for required-auth routes.
+     * Require auth and add authenticated fields to the handler ctx.
      */
-    unauthorized?: (args: AuthHookUnauthorizedArgs<Ctx, Session>) => MaybePromise<HttpResponse>;
+    required: () => RouteHook<Ctx, AddedCtx>;
 };
-type InferAuthSession<TAuth> = TAuth extends AuthPort<infer User, infer SessionMetadata> ? AuthSession<User, SessionMetadata> : unknown;
 /**
- * Create metadata-driven authentication hooks.
+ * Create route-scoped authentication hooks.
+ *
+ * The outer call binds the app context; the inner call takes auth options and
+ * infers the added context from `resolve`:
+ *
+ * ```ts
+ * const auth = createAuthHooks<AppContext>()({
+ *   resolve: ({ ctx }) => (ctx.auth ? { user: ctx.auth.user } : null),
+ * });
+ * ```
+ *
+ * Use `auth.required()` on routes that require an authenticated actor and
+ * `auth.optional()` where handlers can use auth when present. The returned
+ * route hooks enrich handler `ctx`; business authorization still belongs in
+ * feature policies or use cases.
  *
- * By default the hook reads `contract.metadata.auth`: `"required"` or `true`
- * requires an authenticated session, `"optional"` attaches a session when one
- * exists, and missing/false metadata treats the route as public. The hook
- * identifies a user; business authorization still belongs in policies or use
- * cases.
+ * Declare a `headers` schema when credentials live in request headers. The
+ * hook validates the raw lowercase header record itself, so `resolve` receives
+ * typed headers without contract casts and a `required()` hook rejects
+ * missing or malformed credentials with a framework-owned 401.
  *
- * @param options - Optional auth mode, session lookup, context assignment, and
- * unauthorized response customization.
- * @returns A server hook that runs before route handlers.
+ * @returns A function that takes auth options and returns public, optional,
+ * and required route-hook factories.
  */
-export declare function createAuthHooks<Ctx extends CtxWithAuthPort>(options?: AuthHooksOptions<Ctx, InferAuthSession<Ctx["ports"]["auth"]>>): ServerHook<Ctx, Ctx["ports"]>;
-export declare function createAuthHooks<Ctx, Session>(options: AuthHooksOptions<Ctx, Session> & {
-    getSession: (args: AuthHookArgs<Ctx>) => MaybePromise<Session | null>;
-}): ServerHook<Ctx>;
+export declare function createAuthHooks<Ctx>(): <AddedCtx extends object & {
+    gate?: never;
+}, HeadersSchema extends StandardSchema | undefined = undefined>(options: AuthHooksOptions<Ctx, AddedCtx, HeadersSchema>) => AuthRouteHooks<Ctx, AddedCtx>;
 export {};
 //# sourceMappingURL=auth.d.ts.map

package/dist/server/hooks/auth.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/server/hooks/auth.ts"],"names":[],"mappings":"AAAA,OAAO,~~EACL,~~KAAK,~~QAAQ~~,~~EACb~~,~~KAAK~~,~~WAAW~~,~~EAEjB~~,MAAM,~~aAAa~~,CAAC;~~AACrB~~,OAAO,KAAK,EAAE,eAAe,EAAE,~~YAAY~~,EAAE,~~UAAU,EAAE,~~MAAM,~~UAAU~~,CAAC;~~AAE1E~~,KAAK,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;AAEtC;;GAEG;AACH,MAAM,MAAM,YAAY,~~GAAG~~,~~QAAQ,~~GAAG,~~UAAU~~,~~GAAG~~,~~UAAU~~,~~CAAC;AAE9D;;;;;GAKG;AACH~~,~~MAAM,MAAM,iBAAiB,~~GAAG,~~YAAY~~,GAAG,~~OAAO,GAAG,IAAI,GAAG,~~SAAS,~~CAAC~~;~~AAE1E;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,KAAK,EAAE;QACL,IAAI,EAAE,QAAQ,CAAC;KAChB,CAAC;CACH,CAAC;AAEF~~;;~~GAEG~~;~~AACH~~,~~MAAM,MAAM,YAAY,CAAC,~~GAAG,~~IAAI;IAC9B,GAAG,~~EAAE,eAAe,CAAC;IACrB,GAAG,EAAE,GAAG,CAAC;IACT,QAAQ,EAAE;QACR,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACpC,CAAC;IACF,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,~~OAAO~~,~~CAAC;IACjB~~,~~IAAI~~,~~EAAE~~,~~OAAO~~,CAAC~~;CACf~~,CAAC~~;AAEF;;GAEG;AACH~~,~~MAAM~~,MAAM,~~kBAAkB,~~CAAC,~~GAAG~~,EAAE,~~OAAO~~,~~IAAI,YAAY,~~CAAC,~~GAAG,~~CAAC~~,GAAG~~;~~IACjE~~,~~OAAO~~,EAAE,OAAO,~~GAAG,IAAI,~~CAAC;~~CACzB~~,CAAC;AAEF~~;;GAEG~~;AACH,MAAM,MAAM,~~wBAAwB~~,~~CAAC~~,GAAG,~~EAAE~~,~~OAAO~~,~~IAAI~~,~~YAAY~~,~~CAAC,~~GAAG,CAAC,~~GAAG;IACvE,OAAO,~~EAAE,~~OAAO~~,~~GAAG~~,~~IAAI~~,~~CAAC;CACzB~~,~~CAAC;AAEF;;GAEG;AACH~~,~~MAAM~~,~~MAAM~~,~~gBAAgB~~,~~CAAC,~~GAAG,~~EAAE~~,~~OAAO,IAAI~~;~~IAC3C~~;;OAEG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd~~;;OAEG~~;IACH,~~IAAI~~,CAAC,EAAE,~~CAAC~~,~~IAAI,EAAE,YAAY,~~CAAC~~,GAAG,CAAC,KAAK,YAAY,CAAC,iBAAiB,CAAC,CAAC~~;~~IACpE;;;OAGG~~;IACH,~~UAAU~~,~~CAAC,~~EAAE,~~CAAC~~,IAAI,EAAE,YAAY,CAAC,GAAG,CAAC,~~KAAK~~,YAAY,CAAC,~~OAAO~~,GAAG,IAAI,CAAC,CAAC;~~IACvE~~;;~~OAEG~~;~~IACH~~,~~eAAe~~,~~CAAC~~,~~EAAE~~,CAAC,~~OAAO~~,EAAE,~~OAAO~~,GAAG,IAAI,KAAK,~~OAAO~~,~~CAAC~~;~~IACvD~~;;OAEG;IACH,MAAM,~~CAAC,~~EAAE,CAAC,~~IAAI~~,EAAE,~~kBAAkB~~,CAAC,~~GAAG~~,EAAE,~~OAAO,CAAC,~~KAAK,~~YAAY,~~CAAC,~~GAAG,~~CAAC,CAAC;~~IACvE~~;;OAEG;IACH,~~YAAY~~,~~CAAC,~~EAAE,~~CACb~~,~~IAAI~~,~~EAAE,wBAAwB,~~CAAC,GAAG,EAAE,OAAO,CAAC,~~KACzC~~,~~YAAY,~~CAAC,~~YAAY,~~CAAC,CAAC;~~CACjC,CAAC~~;~~AAEF~~,~~KAAK,gBAAgB,CAAC,KAAK,IACzB,KAAK,SAAS,~~QAAQ,~~CAAC,MAAM,IAAI,~~EAAE,MAAM,~~eAAe~~,CAAC,~~GACrD~~,~~WAAW,CAAC,IAAI,~~EAAE,~~eAAe~~,CAAC,~~GAClC~~,~~OAAO,~~CAAC;~~AA6Bd;;;;;;;;;;;;GAYG~~;AACH,wBAAgB,eAAe,CAAC,GAAG,~~SAAS~~,~~eAAe~~,~~EACzD~~,~~OAAO~~,~~CAAC~~,~~EAAE~~,~~gBAAgB,~~CAAC,~~GAAG,~~EAAE,~~gBAAgB~~,~~CAAC~~,~~GAAG~~,~~CAAC~~,~~OAAO~~,~~CAAC~~,~~CAAC,MAAM,CAAC,CAAC,CAAC,GACtE,UAAU,CAAC,~~GAAG,~~EAAE~~,GAAG,~~CAAC~~,~~OAAO~~,~~CAAC~~,~~CAAC~~,CAAC~~;AACjC~~,~~wBAAgB,eAAe,CAAC,~~GAAG,EAAE,~~OAAO~~,~~EAC1C,OAAO,~~EAAE,~~gBAAgB~~,CAAC,~~GAAG~~,~~EAAE~~,~~OAAO,~~CAAC,GAAG~~;IACxC~~,~~UAAU,~~EAAE,~~CAAC~~,~~IAAI,EAAE,YAAY,~~CAAC,~~GAAG,CAAC,KAAK,YAAY,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;CACvE,GACA,UAAU,CAAC,GAAG,CAAC,CAAC~~"}
1	+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/server/hooks/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE5E,OAAO,KAAK,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAE9D,KAAK,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;AAEtC;;GAEG;AACH,MAAM,MAAM,YAAY,CACtB,GAAG,EACH,aAAa,SAAS,cAAc,GAAG,SAAS,GAAG,SAAS,IAC1D;IACF;;OAEG;IACH,GAAG,EAAE,eAAe,CAAC;IACrB;;OAEG;IACH,GAAG,EAAE,GAAG,CAAC;IACT;;OAEG;IACH,QAAQ,EAAE;QACR,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACpC,CAAC;IACF;;OAEG;IACH,IAAI,EAAE,OAAO,CAAC;IACd;;OAEG;IACH,KAAK,EAAE,OAAO,CAAC;IACf;;;;;;;OAOG;IACH,OAAO,EAAE,aAAa,SAAS,cAAc,GACzC,WAAW,CAAC,aAAa,CAAC,GAC1B,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3B;;OAEG;IACH,IAAI,EAAE,OAAO,CAAC;CACf,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,gBAAgB,CAC1B,GAAG,EACH,QAAQ,SAAS,MAAM,GAAG;IAAE,IAAI,CAAC,EAAE,KAAK,CAAA;CAAE,EAC1C,aAAa,SAAS,cAAc,GAAG,SAAS,GAAG,SAAS,IAC1D;IACF;;OAEG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;;;;;OAOG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB;;;;;OAKG;IACH,OAAO,EAAE,CACP,IAAI,EAAE,YAAY,CAAC,GAAG,EAAE,aAAa,CAAC,KACnC,YAAY,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,cAAc,CAAC,GAAG,EAAE,QAAQ,SAAS,MAAM,GAAG;IAAE,IAAI,CAAC,EAAE,KAAK,CAAA;CAAE,IAAI;IAC5E;;OAEG;IACH,MAAM,EAAE,MAAM,SAAS,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;IACpD;;OAEG;IACH,QAAQ,EAAE,MAAM,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClD;;OAEG;IACH,QAAQ,EAAE,MAAM,SAAS,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;CAC1C,CAAC;AA6BF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,eAAe,CAAC,GAAG,MAE/B,QAAQ,SAAS,MAAM,GAAG;IAAE,IAAI,CAAC,EAAE,KAAK,CAAA;CAAE,EAC1C,aAAa,SAAS,cAAc,GAAG,SAAS,GAAG,SAAS,EAE5D,SAAS,gBAAgB,CAAC,GAAG,EAAE,QAAQ,EAAE,aAAa,CAAC,KACtD,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAyDjC"}

package/dist/server/hooks/auth.js CHANGED Viewed

@@ -1,61 +1,90 @@
-import { AuthUnauthorizedError, } from "../../ports";
-function modeFromInput(input) {
-    if (input === true || input === "required")
-        return "required";
-    if (input === "optional")
-        return "optional";
-    return "public";
+import { AuthUnauthorizedError } from "../../ports/index.js";
+function rawRequestHeaders(req) {
+    const record = {};
+    req.headers.forEach((value, key) => {
+        record[key.toLowerCase()] = value;
+    });
+    return record;
 }
-function defaultMode(args) {
-    return modeFromInput(args.contract.metadata?.auth);
-}
-async function defaultGetSession(args) {
-    const auth = args.ctx.ports?.auth;
-    if (!auth) {
-        throw new Error("createAuthHooks requires ctx.ports.auth or an explicit getSession option.");
+async function parseAuthHeaders(schema, req) {
+    const raw = rawRequestHeaders(req);
+    if (!schema) {
+        return { ok: true, headers: raw };
     }
-    return auth.getSession(args.req);
-}
-function defaultIsAuthenticated(session) {
-    return session !== null;
+    const result = await schema["~standard"].validate(raw);
+    if (result.issues) {
+        return { ok: false };
+    }
+    return { ok: true, headers: result.value };
 }
-export function createAuthHooks(options = {}) {
-    return {
-        name: options.name ?? "auth",
-        beforeHandle: async ({ req, ctx, contract, path, query, headers, body, }) => {
-            const args = {
-                req,
-                ctx,
-                contract,
-                path,
-                query,
-                headers,
-                body,
-            };
-            const mode = modeFromInput(options.mode ? await options.mode(args) : defaultMode(args));
-            if (mode === "public") {
-                return undefined;
-            }
-            const session = options.getSession
-                ? await options.getSession(args)
-                : (await defaultGetSession(args));
-            const isAuthenticated = options.isAuthenticated?.(session) ?? defaultIsAuthenticated(session);
-            if (mode === "required" && !isAuthenticated) {
-                if (options.unauthorized) {
-                    return {
-                        ctx,
-                        response: await options.unauthorized({ ...args, session }),
-                    };
-                }
-                throw new AuthUnauthorizedError();
-            }
-            if (!options.assign) {
-                return undefined;
-            }
-            return {
-                ctx: await options.assign({ ...args, session }),
-            };
-        },
+/**
+ * Create route-scoped authentication hooks.
+ *
+ * The outer call binds the app context; the inner call takes auth options and
+ * infers the added context from `resolve`:
+ *
+ * ```ts
+ * const auth = createAuthHooks<AppContext>()({
+ *   resolve: ({ ctx }) => (ctx.auth ? { user: ctx.auth.user } : null),
+ * });
+ * ```
+ *
+ * Use `auth.required()` on routes that require an authenticated actor and
+ * `auth.optional()` where handlers can use auth when present. The returned
+ * route hooks enrich handler `ctx`; business authorization still belongs in
+ * feature policies or use cases.
+ *
+ * Declare a `headers` schema when credentials live in request headers. The
+ * hook validates the raw lowercase header record itself, so `resolve` receives
+ * typed headers without contract casts and a `required()` hook rejects
+ * missing or malformed credentials with a framework-owned 401.
+ *
+ * @returns A function that takes auth options and returns public, optional,
+ * and required route-hook factories.
+ */
+export function createAuthHooks() {
+    return (options) => {
+        const name = options.name ?? "auth";
+        const toAuthArgs = (args, headers) => ({
+            req: args.req,
+            ctx: args.ctx,
+            contract: args.contract,
+            path: args.path,
+            query: args.query,
+            headers,
+            body: args.body,
+        });
+        return {
+            public: () => ({
+                name: `${name}.public`,
+                resolve: () => undefined,
+            }),
+            optional: () => ({
+                name: `${name}.optional`,
+                resolve: async (args) => {
+                    const parsed = await parseAuthHeaders(options.headers, args.req);
+                    if (!parsed.ok) {
+                        return undefined;
+                    }
+                    const additions = await options.resolve(toAuthArgs(args, parsed.headers));
+                    return additions ?? undefined;
+                },
+            }),
+            required: () => ({
+                name: `${name}.required`,
+                resolve: async (args) => {
+                    const parsed = await parseAuthHeaders(options.headers, args.req);
+                    if (!parsed.ok) {
+                        throw new AuthUnauthorizedError();
+                    }
+                    const additions = await options.resolve(toAuthArgs(args, parsed.headers));
+                    if (!additions) {
+                        throw new AuthUnauthorizedError();
+                    }
+                    return additions;
+                },
+            }),
+        };
     };
 }
 //# sourceMappingURL=auth.js.map

package/dist/server/hooks/auth.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/server/hooks/auth.ts"],"names":[],"mappings":"~~AAAA~~,OAAO,~~EAGL~~,qBAAqB,~~GACtB~~,MAAM,~~aAAa~~,CAAC;~~AA+FrB~~,SAAS,~~aAAa~~,CAAC,~~KAAwB~~;IAC7C,~~IAAI~~,~~KAAK~~,~~KAAK~~,~~IAAI~~,~~IAAI~~,~~KAAK~~,~~KAAK~~,~~UAAU;QAAE~~,OAAO,~~UAAU~~,CAAC~~;IAC9D~~,~~IAAI,~~KAAK,~~KAAK~~,~~UAAU;QAAE~~,~~OAAO~~,~~UAAU,CAAC~~;~~IAC5C~~,~~OAAO~~,~~QAAQ,~~CAAC~~;AAClB~~,CAAC~~;AAED~~,~~SAAS,~~WAAW,~~CAAM~~,~~IAAuB;IAC/C~~,~~OAAO~~,~~aAAa~~,CAAC,~~IAAI~~,CAAC,~~QAAQ,~~CAAC,~~QAAQ~~,~~EAAE~~,~~IAAyB,~~CAAC~~,CAAC~~;~~AAC1E~~,CAAC;~~AAED~~,KAAK,UAAU,~~iBAAiB~~,~~CAC9B~~,~~IAAuB~~;~~IAEvB~~,MAAM,~~IAAI~~,~~GAAI~~,~~IAAI~~,CAAC,~~GAAuC~~,CAAC,~~KAAK,EAAE,IAAI,~~CAAC;~~IACvE~~,IAAI,CAAC,~~IAAI~~,EAAE,CAAC;~~QACV~~,~~MAAM~~,IAAI,~~KAAK~~,~~CACb~~,~~2EAA2E~~,~~CAC5E~~,CAAC;~~IACJ~~,CAAC;IAED,~~OAAO~~,~~IAAI~~,CAAC,~~UAAU~~,CAAC,~~IAAI~~,CAAC,GAAG,CAAC,CAAC;~~AACnC~~,CAAC;~~AAED~~,~~SAAS~~,~~sBAAsB~~,~~CAAU~~,~~OAAuB~~;~~IAC9D~~,OAAO,OAAO,KAAK,~~IAAI~~,CAAC;~~AAC1B~~,CAAC;~~AAuBD~~,MAAM,UAAU,eAAe,~~CAC7B~~,~~UAA0C~~,EAAE;~~IAE5C~~,~~OAAO;QACL~~,IAAI,~~EAAE~~,OAAO,CAAC,IAAI,IAAI,MAAM;~~QAC5B~~,~~YAAY~~,~~EAAE~~,~~KAAK~~,EAAE,~~EACnB~~,GAAG,~~EACH~~,GAAG,~~EACH~~,~~QAAQ~~,~~EACR,~~IAAI,~~EACJ~~,~~KAAK~~,~~EACL~~,~~OAAO~~,~~EACP,~~IAAI,~~GACL~~,~~EAAE~~,EAAE~~;YACH~~,~~MAAM,~~IAAI,~~GAAsB;gBAC9B~~,~~GAAG~~;~~gBACH~~,~~GAAG;gBACH~~,~~QAAQ;gBACR~~,IAAI~~;gBACJ~~,KAAK;~~gBACL~~,OAAO;~~gBACP~~,IAAI;~~aACL~~,CAAC;~~YACF~~,MAAM,~~IAAI~~,GAAG,~~aAAa~~,~~CACxB~~,~~OAAO,~~CAAC,IAAI,~~CAAC~~,~~CAAC~~,~~CAAC~~,~~MAAM~~,OAAO,~~CAAC~~,~~IAAI~~,~~CAAC~~,~~IAAI,~~CAAC,~~CAAC~~,CAAC,~~CAAC~~,~~WAAW~~,~~CAAC~~,~~IAAI~~,CAAC,~~CAC5D,~~CAAC;~~YAEF~~,IAAI,IAAI,~~KAAK~~,~~QAAQ~~,EAAE,~~CAAC;gBACtB~~,~~OAAO~~,~~SAAS~~,~~CAAC;YACnB~~,~~CAAC~~;~~YAED~~,MAAM,~~OAAO~~,GAAG,~~OAAO~~,CAAC,~~UAAU;gBAChC~~,CAAC,~~CAAC~~,~~MAAM~~,~~OAAO~~,CAAC,~~UAAU~~,CAAC,~~IAAI,~~CAAC;~~gBAChC~~,CAAC,~~CAAE~~,CAAC,~~MAAM~~,~~iBAAiB~~,CAAC,~~IAAI~~,CAAC,~~CAAoB,~~CAAC;~~YACxD~~,MAAM,~~eAAe~~,~~GACnB~~,OAAO,CAAC,~~eAAe~~,~~EAAE~~,~~CAAC~~,~~OAAO,~~CAAC,IAAI,~~sBAAsB~~,CAAC,OAAO,CAAC,CAAC;~~YAExE~~,~~IAAI~~,IAAI,~~KAAK~~,~~UAAU~~,~~IAAI~~,CAAC,~~eAAe~~,EAAE,CAAC;~~gBAC5C~~,IAAI,OAAO,~~CAAC~~,~~YAAY~~,EAAE,~~CAAC;oBACzB~~,~~OAAO;wBACL~~,~~GAAG~~;~~wBACH~~,~~QAAQ~~,~~EAAE~~,MAAM,~~OAAO~~,CAAC,~~YAAY~~,CAAC,EAAE,~~GAAG,~~IAAI,~~EAAE~~,~~OAAO~~,~~EAAE~~,CAAC;~~qBAC3D~~,CAAC~~;gBACJ~~,CAAC;~~gBAED~~,MAAM,IAAI,qBAAqB,EAAE,CAAC;~~YACpC~~,CAAC;~~YAED~~,~~IAAI~~,~~CAAC~~,~~OAAO~~,~~CAAC,~~MAAM,~~EAAE~~,CAAC~~;gBACpB~~,OAAO,~~SAAS~~,~~CAAC;YACnB~~,CAAC~~;YAED~~,~~OAAO;gBACL~~,~~GAAG,~~EAAE,MAAM,OAAO,CAAC,~~MAAM~~,CAAC,EAAE,~~GAAG~~,IAAI,EAAE,OAAO,~~EAAE~~,CAAC;~~aAChD~~,CAAC;~~QACJ~~,CAAC;~~KACF~~,CAAC;AACJ,CAAC"}
1	+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/server/hooks/auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAyG7D,SAAS,iBAAiB,CAAC,GAAoB;IAC7C,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QACjC,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,GAAG,KAAK,CAAC;IACpC,CAAC,CAAC,CAAC;IACH,OAAO,MAAM,CAAC;AAChB,CAAC;AAID,KAAK,UAAU,gBAAgB,CAC7B,MAAkC,EAClC,GAAoB;IAEpB,MAAM,GAAG,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACnC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;IACpC,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACvD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IACvB,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;AAC7C,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,eAAe;IAC7B,OAAO,CAIL,OAAuD,EACxB,EAAE;QACjC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,MAAM,CAAC;QAEpC,MAAM,UAAU,GAAG,CACjB,IAAsD,EACtD,OAAgB,EACkB,EAAE,CACpC,CAAC;YACC,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAqC,CAAC;QAEzC,OAAO;YACL,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACb,IAAI,EAAE,GAAG,IAAI,SAAS;gBACtB,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS;aACzB,CAAC;YACF,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC;gBACf,IAAI,EAAE,GAAG,IAAI,WAAW;gBACxB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;oBACtB,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;oBACjE,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;wBACf,OAAO,SAAS,CAAC;oBACnB,CAAC;oBAED,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,OAAO,CACrC,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CACjC,CAAC;oBAEF,OAAO,SAAS,IAAI,SAAS,CAAC;gBAChC,CAAC;aACF,CAAC;YACF,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC;gBACf,IAAI,EAAE,GAAG,IAAI,WAAW;gBACxB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;oBACtB,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;oBACjE,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;wBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;oBACpC,CAAC;oBAED,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,OAAO,CACrC,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CACjC,CAAC;oBACF,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;oBACpC,CAAC;oBAED,OAAO,SAAS,CAAC;gBACnB,CAAC;aACF,CAAC;SACH,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}

package/dist/server/hooks/cors.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 /**
  * CORS hook utilities for @beignet/core/server
  */
-import type { HttpRequestLike, ServerHook } from "../types";
+import type { HttpRequestLike, ServerHook } from "../types.js";
 /**
  * CORS configuration for `createCorsHooks(...)`.
  */

package/dist/server/hooks/cors.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../../src/server/hooks/cors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,~~UAAU~~,CAAC;~~AAE5D~~;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;IACzB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAmBD;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC/B,GAAG,EAAE,eAAe,EACpB,UAAU,EAAE,UAAU,GACrB,IAAI,CA4BN;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,CAsBxE"}
1	+ {"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../../src/server/hooks/cors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE/D;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;IACzB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAmBD;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC/B,GAAG,EAAE,eAAe,EACpB,UAAU,EAAE,UAAU,GACrB,IAAI,CA4BN;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,CAsBxE"}

package/dist/server/hooks/errors.d.ts CHANGED Viewed

@@ -1,11 +1,11 @@
 /**
  * Framework-agnostic error mapping utilities for @beignet/core/server
  */
-import type { AppEnvironment } from "../health";
+import type { AppEnvironment } from "../health.js";
 /**
  * Re-export `AppEnvironment` for convenience.
  */
-export type { AppEnvironment } from "../health";
+export type { AppEnvironment } from "../health.js";
 /**
  * Framework-neutral response produced by an error mapper.
  */

package/dist/server/hooks/errors.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/server/hooks/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;~~AAGH~~,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,~~WAAW~~,CAAC;~~AAGhD~~;;GAEG;AACH,YAAY,EAAE,cAAc,EAAE,MAAM,~~WAAW~~,CAAC;~~AAEhD~~;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;OAEG;IACH,IAAI,EAAE,OAAO,CAAC;IACd;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB,CAAC,GAAG;IACrC,oCAAoC;IACpC,kBAAkB,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,KAAK,kBAAkB,CAAC;IAEpE,6EAA6E;IAC7E,sBAAsB,CAAC,EAAE,OAAO,CAAC;IAEjC,+BAA+B;IAC/B,GAAG,CAAC,EAAE,cAAc,CAAC;CACtB;AA0BD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,wBAAgB,yBAAyB,CAAC,GAAG,EAC3C,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,GAAG,EACR,MAAM,EAAE,kBAAkB,CAAC,GAAG,CAAC,GAC9B,kBAAkB,CAwBpB"}
1	+ {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/server/hooks/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAGnD;;GAEG;AACH,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;OAEG;IACH,IAAI,EAAE,OAAO,CAAC;IACd;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB,CAAC,GAAG;IACrC,oCAAoC;IACpC,kBAAkB,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,KAAK,kBAAkB,CAAC;IAEpE,6EAA6E;IAC7E,sBAAsB,CAAC,EAAE,OAAO,CAAC;IAEjC,+BAA+B;IAC/B,GAAG,CAAC,EAAE,cAAc,CAAC;CACtB;AA0BD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,wBAAgB,yBAAyB,CAAC,GAAG,EAC3C,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,GAAG,EACR,MAAM,EAAE,kBAAkB,CAAC,GAAG,CAAC,GAC9B,kBAAkB,CAwBpB"}

package/dist/server/hooks/errors.js CHANGED Viewed

@@ -1,8 +1,8 @@
 /**
  * Framework-agnostic error mapping utilities for @beignet/core/server
  */
-import { createErrorResponseBody } from "../../errors";
-import { getRequestIdFromContext } from "./utils";
+import { createErrorResponseBody, } from "../../errors/index.js";
+import { getRequestIdFromContext } from "./utils.js";
 /**
  * Create default error response body
  */

package/dist/server/hooks/errors.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/server/hooks/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,~~EAAE~~,uBAAuB,~~EAA0B~~,MAAM,~~cAAc~~,CAAC;AAE/E,OAAO,EAAE,uBAAuB,EAAE,MAAM,~~SAAS~~,CAAC;~~AAuClD~~;;GAEG;AACH,SAAS,sBAAsB,CAC7B,GAAY,EACZ,YAAqB,EACrB,SAAkB;IAElB,OAAO,uBAAuB,CAAC;QAC7B,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,uBAAuB;QAChC,SAAS;QACT,OAAO,EACL,YAAY,IAAI,GAAG,YAAY,KAAK;YAClC,CAAC,CAAC;gBACE,KAAK,EAAE;oBACL,OAAO,EAAE,GAAG,CAAC,OAAO;oBACpB,KAAK,EAAE,GAAG,CAAC,KAAK;iBACjB;aACF;YACH,CAAC,CAAC,SAAS;KAChB,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,MAAM,UAAU,yBAAyB,CACvC,GAAY,EACZ,GAAQ,EACR,MAA+B;IAE/B,6CAA6C;IAC7C,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,OAAO,MAAM,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,+CAA+C;QACjD,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,MAAM,YAAY,GAChB,MAAM,CAAC,sBAAsB;QAC7B,CAAC,MAAM,CAAC,GAAG,KAAK,aAAa,IAAI,MAAM,CAAC,GAAG,KAAK,MAAM,CAAC,CAAC;IAE1D,yBAAyB;IACzB,MAAM,SAAS,GAAG,uBAAuB,CAAC,GAAG,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAG,sBAAsB,CAAC,GAAG,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;IAElE,OAAO;QACL,MAAM,EAAE,GAAG;QACX,IAAI;QACJ,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC;AACJ,CAAC"}
1	+ {"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/server/hooks/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EACL,uBAAuB,GAExB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAuCrD;;GAEG;AACH,SAAS,sBAAsB,CAC7B,GAAY,EACZ,YAAqB,EACrB,SAAkB;IAElB,OAAO,uBAAuB,CAAC;QAC7B,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,uBAAuB;QAChC,SAAS;QACT,OAAO,EACL,YAAY,IAAI,GAAG,YAAY,KAAK;YAClC,CAAC,CAAC;gBACE,KAAK,EAAE;oBACL,OAAO,EAAE,GAAG,CAAC,OAAO;oBACpB,KAAK,EAAE,GAAG,CAAC,KAAK;iBACjB;aACF;YACH,CAAC,CAAC,SAAS;KAChB,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,MAAM,UAAU,yBAAyB,CACvC,GAAY,EACZ,GAAQ,EACR,MAA+B;IAE/B,6CAA6C;IAC7C,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,OAAO,MAAM,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,+CAA+C;QACjD,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,MAAM,YAAY,GAChB,MAAM,CAAC,sBAAsB;QAC7B,CAAC,MAAM,CAAC,GAAG,KAAK,aAAa,IAAI,MAAM,CAAC,GAAG,KAAK,MAAM,CAAC,CAAC;IAE1D,yBAAyB;IACzB,MAAM,SAAS,GAAG,uBAAuB,CAAC,GAAG,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAG,sBAAsB,CAAC,GAAG,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;IAElE,OAAO;QACL,MAAM,EAAE,GAAG;QACX,IAAI;QACJ,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC;AACJ,CAAC"}

package/dist/server/hooks/idempotency.d.ts ADDED Viewed

@@ -0,0 +1,78 @@
+/**
+ * Idempotency hooks for @beignet/core/server
+ */
+import { type IdempotencyMeta, type IdempotencyPort, type IdempotencyScope } from "../../idempotency/index.js";
+import type { ActivityActor, ActivityTenant } from "../../ports/index.js";
+import type { HttpRequestLike, ServerHook } from "../types.js";
+/**
+ * Ports required by idempotency hooks.
+ */
+export type IdempotencyPorts = {
+    idempotency: IdempotencyPort;
+};
+/**
+ * Minimal context shape required for actor- and tenant-scoped idempotency.
+ */
+export type CtxWithIdempotency = {
+    ports: IdempotencyPorts;
+    actor?: ActivityActor;
+    tenant?: ActivityTenant;
+};
+/**
+ * Options for `createIdempotencyHooks(...)`.
+ */
+export interface IdempotencyHooksOptions<Ctx> {
+    /**
+     * Build the idempotency namespace for a contract.
+     *
+     * Defaults to `http.<contract name>` so HTTP reservations never collide with
+     * use-case `runIdempotently(...)` namespaces.
+     */
+    namespace?: (args: {
+        contract: {
+            name: string;
+        };
+    }) => string;
+    /**
+     * Build the idempotency scope after context exists.
+     *
+     * Defaults to a scope derived from `meta.scope`: `"global"` stays global,
+     * `"actor"` scopes by `ctx.actor?.id`, `"tenant"` scopes by `ctx.tenant?.id`,
+     * and `"actor-tenant"` scopes by both.
+     */
+    scope?: (args: {
+        ctx: Ctx;
+        req: HttpRequestLike;
+        meta: IdempotencyMeta;
+    }) => IdempotencyScope;
+    /**
+     * Build the fingerprint input from the parsed request.
+     *
+     * Defaults to `{ path, query, body }`.
+     */
+    fingerprintInput?: (args: {
+        path: unknown;
+        query: unknown;
+        body: unknown;
+    }) => unknown;
+}
+/**
+ * Create metadata-driven idempotency hooks.
+ *
+ * The hook reads `contract.metadata.idempotency` and enforces it with
+ * `ctx.ports.idempotency`. In `beforeHandle` it reserves the client key after
+ * request parsing, replays completed matching responses with an
+ * `idempotency-replayed: true` header, and rejects in-progress or conflicting
+ * keys with the framework `IdempotencyInProgress`/`IdempotencyConflict` catalog
+ * errors. In `beforeSend` it stores 2xx framework-neutral responses for replay
+ * and releases the reservation for errors, non-2xx responses, and native
+ * `Response` results, which are not replayable.
+ *
+ * Use `runIdempotently(...)` from `@beignet/core/idempotency` for non-HTTP
+ * workflows such as jobs, listeners, webhooks, and schedules.
+ *
+ * @param options - Optional namespace, scope, and fingerprint-input builders.
+ * @returns A server hook backed by `ctx.ports.idempotency`.
+ */
+export declare function createIdempotencyHooks<Ctx extends CtxWithIdempotency>(options?: IdempotencyHooksOptions<Ctx>): ServerHook<Ctx, IdempotencyPorts>;
+//# sourceMappingURL=idempotency.d.ts.map

package/dist/server/hooks/idempotency.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"idempotency.d.ts","sourceRoot":"","sources":["../../../src/server/hooks/idempotency.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAIL,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACtB,MAAM,4BAA4B,CAAC;AACpC,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC1E,OAAO,KAAK,EACV,eAAe,EAEf,UAAU,EACX,MAAM,aAAa,CAAC;AAErB;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,WAAW,EAAE,eAAe,CAAC;CAC9B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,KAAK,EAAE,gBAAgB,CAAC;IACxB,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,MAAM,CAAC,EAAE,cAAc,CAAC;CACzB,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,uBAAuB,CAAC,GAAG;IAC1C;;;;;OAKG;IACH,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE;QAAE,QAAQ,EAAE;YAAE,IAAI,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,KAAK,MAAM,CAAC;IAC7D;;;;;;OAMG;IACH,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE;QACb,GAAG,EAAE,GAAG,CAAC;QACT,GAAG,EAAE,eAAe,CAAC;QACrB,IAAI,EAAE,eAAe,CAAC;KACvB,KAAK,gBAAgB,CAAC;IACvB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE;QACxB,IAAI,EAAE,OAAO,CAAC;QACd,KAAK,EAAE,OAAO,CAAC;QACf,IAAI,EAAE,OAAO,CAAC;KACf,KAAK,OAAO,CAAC;CACf;AAmDD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,SAAS,kBAAkB,EACnE,OAAO,GAAE,uBAAuB,CAAC,GAAG,CAAM,GACzC,UAAU,CAAC,GAAG,EAAE,gBAAgB,CAAC,CA0HnC"}