npm - @beignet/core - Versions diffs - 0.0.3 → 0.0.5 - Mend

@beignet/core 0.0.3 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (360) hide show

package/CHANGELOG.md +159 -0
package/README.md +792 -50
package/dist/application/index.d.ts +28 -2
package/dist/application/index.d.ts.map +1 -1
package/dist/application/index.js +140 -12
package/dist/application/index.js.map +1 -1
package/dist/client/client.d.ts +2 -2
package/dist/client/client.d.ts.map +1 -1
package/dist/client/client.js +136 -48
package/dist/client/client.js.map +1 -1
package/dist/client/error-messages.d.ts +14 -0
package/dist/client/error-messages.d.ts.map +1 -0
package/dist/client/error-messages.js +23 -0
package/dist/client/error-messages.js.map +1 -0
package/dist/client/index.d.ts +8 -4
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +6 -2
package/dist/client/index.js.map +1 -1
package/dist/client/types.d.ts +35 -5
package/dist/client/types.d.ts.map +1 -1
package/dist/client-only.d.ts +8 -0
package/dist/client-only.d.ts.map +1 -0
package/dist/client-only.js +8 -0
package/dist/client-only.js.map +1 -0
package/dist/config/index.d.ts +5 -5
package/dist/config/index.d.ts.map +1 -1
package/dist/config/index.js +2 -2
package/dist/config/index.js.map +1 -1
package/dist/contracts/catalog-errors.d.ts +27 -0
package/dist/contracts/catalog-errors.d.ts.map +1 -0
package/dist/contracts/catalog-errors.js +69 -0
package/dist/contracts/catalog-errors.js.map +1 -0
package/dist/contracts/contract-builder.d.ts +15 -12
package/dist/contracts/contract-builder.d.ts.map +1 -1
package/dist/contracts/contract-builder.js +15 -41
package/dist/contracts/contract-builder.js.map +1 -1
package/dist/contracts/contract-group.d.ts +11 -8
package/dist/contracts/contract-group.d.ts.map +1 -1
package/dist/contracts/contract-group.js +13 -40
package/dist/contracts/contract-group.js.map +1 -1
package/dist/contracts/contract-like.d.ts +1 -1
package/dist/contracts/contract-like.d.ts.map +1 -1
package/dist/contracts/index.d.ts +13 -9
package/dist/contracts/index.d.ts.map +1 -1
package/dist/contracts/index.js +9 -5
package/dist/contracts/index.js.map +1 -1
package/dist/contracts/openapi-meta.d.ts +48 -0
package/dist/contracts/openapi-meta.d.ts.map +1 -1
package/dist/contracts/openapi-meta.js +3 -0
package/dist/contracts/openapi-meta.js.map +1 -1
package/dist/contracts/path-template.d.ts +1 -1
package/dist/contracts/path-template.js +2 -2
package/dist/contracts/path-template.js.map +1 -1
package/dist/contracts/schema-shape.d.ts +37 -0
package/dist/contracts/schema-shape.d.ts.map +1 -0
package/dist/contracts/schema-shape.js +61 -0
package/dist/contracts/schema-shape.js.map +1 -0
package/dist/contracts/success-status.d.ts +32 -0
package/dist/contracts/success-status.d.ts.map +1 -0
package/dist/contracts/success-status.js +18 -0
package/dist/contracts/success-status.js.map +1 -0
package/dist/contracts/types.d.ts +25 -5
package/dist/contracts/types.d.ts.map +1 -1
package/dist/contracts/types.js.map +1 -1
package/dist/contracts/utils.d.ts +1 -1
package/dist/contracts/utils.d.ts.map +1 -1
package/dist/contracts/utils.js +1 -1
package/dist/contracts/utils.js.map +1 -1
package/dist/domain/events.d.ts +1 -1
package/dist/domain/events.d.ts.map +1 -1
package/dist/domain/events.js +1 -1
package/dist/domain/events.js.map +1 -1
package/dist/domain/index.d.ts +3 -3
package/dist/domain/index.d.ts.map +1 -1
package/dist/domain/index.js +3 -3
package/dist/domain/index.js.map +1 -1
package/dist/errors/catalog.d.ts +9 -1
package/dist/errors/catalog.d.ts.map +1 -1
package/dist/errors/catalog.js +7 -1
package/dist/errors/catalog.js.map +1 -1
package/dist/errors/http.d.ts +10 -0
package/dist/errors/http.d.ts.map +1 -1
package/dist/errors/http.js +11 -1
package/dist/errors/http.js.map +1 -1
package/dist/errors/index.d.ts +4 -4
package/dist/errors/index.d.ts.map +1 -1
package/dist/errors/index.js +4 -4
package/dist/errors/index.js.map +1 -1
package/dist/errors/response.d.ts +4 -1
package/dist/errors/response.d.ts.map +1 -1
package/dist/errors/response.js.map +1 -1
package/dist/events/index.d.ts +10 -12
package/dist/events/index.d.ts.map +1 -1
package/dist/events/index.js +10 -10
package/dist/events/index.js.map +1 -1
package/dist/idempotency/index.d.ts +5 -3
package/dist/idempotency/index.d.ts.map +1 -1
package/dist/idempotency/index.js.map +1 -1
package/dist/jobs/index.d.ts +12 -14
package/dist/jobs/index.d.ts.map +1 -1
package/dist/jobs/index.js +13 -13
package/dist/jobs/index.js.map +1 -1
package/dist/notifications/index.d.ts +14 -16
package/dist/notifications/index.d.ts.map +1 -1
package/dist/notifications/index.js +14 -14
package/dist/notifications/index.js.map +1 -1
package/dist/openapi/index.d.ts +8 -3
package/dist/openapi/index.d.ts.map +1 -1
package/dist/openapi/index.js +41 -29
package/dist/openapi/index.js.map +1 -1
package/dist/openapi/schema-introspector.d.ts +37 -0
package/dist/openapi/schema-introspector.d.ts.map +1 -1
package/dist/openapi/schema-introspector.js +23 -17
package/dist/openapi/schema-introspector.js.map +1 -1
package/dist/outbox/index.d.ts +15 -6
package/dist/outbox/index.d.ts.map +1 -1
package/dist/outbox/index.js +60 -16
package/dist/outbox/index.js.map +1 -1
package/dist/ports/audit.d.ts +56 -10
package/dist/ports/audit.d.ts.map +1 -1
package/dist/ports/audit.js +71 -3
package/dist/ports/audit.js.map +1 -1
package/dist/ports/auth.d.ts +92 -0
package/dist/ports/auth.d.ts.map +1 -1
package/dist/ports/auth.js +92 -0
package/dist/ports/auth.js.map +1 -1
package/dist/ports/events.d.ts +2 -2
package/dist/ports/events.d.ts.map +1 -1
package/dist/ports/index.d.ts +62 -33
package/dist/ports/index.d.ts.map +1 -1
package/dist/ports/index.js +28 -34
package/dist/ports/index.js.map +1 -1
package/dist/ports/policy.d.ts +32 -3
package/dist/ports/policy.d.ts.map +1 -1
package/dist/ports/policy.js +13 -2
package/dist/ports/policy.js.map +1 -1
package/dist/ports/testing.d.ts +1030 -2
package/dist/ports/testing.d.ts.map +1 -1
package/dist/ports/testing.js +1031 -1
package/dist/ports/testing.js.map +1 -1
package/dist/ports/unbound.d.ts +21 -0
package/dist/ports/unbound.d.ts.map +1 -0
package/dist/ports/unbound.js +57 -0
package/dist/ports/unbound.js.map +1 -0
package/dist/ports/unit-of-work.d.ts +1 -1
package/dist/ports/unit-of-work.d.ts.map +1 -1
package/dist/ports/unit-of-work.js +1 -1
package/dist/ports/unit-of-work.js.map +1 -1
package/dist/providers/index.d.ts +3 -2
package/dist/providers/index.d.ts.map +1 -1
package/dist/providers/index.js +3 -2
package/dist/providers/index.js.map +1 -1
package/dist/providers/instrumentation.d.ts +45 -4
package/dist/providers/instrumentation.d.ts.map +1 -1
package/dist/providers/instrumentation.js +25 -6
package/dist/providers/instrumentation.js.map +1 -1
package/dist/providers/metadata.d.ts +39 -0
package/dist/providers/metadata.d.ts.map +1 -0
package/dist/providers/metadata.js +169 -0
package/dist/providers/metadata.js.map +1 -0
package/dist/providers/provider.d.ts +114 -9
package/dist/providers/provider.d.ts.map +1 -1
package/dist/providers/provider.js +3 -20
package/dist/providers/provider.js.map +1 -1
package/dist/schedules/index.d.ts +94 -13
package/dist/schedules/index.d.ts.map +1 -1
package/dist/schedules/index.js +66 -12
package/dist/schedules/index.js.map +1 -1
package/dist/server/audit-context.d.ts +29 -0
package/dist/server/audit-context.d.ts.map +1 -0
package/dist/server/audit-context.js +44 -0
package/dist/server/audit-context.js.map +1 -0
package/dist/server/context.d.ts +141 -0
package/dist/server/context.d.ts.map +1 -0
package/dist/server/context.js +39 -0
package/dist/server/context.js.map +1 -0
package/dist/server/contract-like.d.ts +1 -1
package/dist/server/contract-like.d.ts.map +1 -1
package/dist/server/contract-like.js +1 -1
package/dist/server/contract-like.js.map +1 -1
package/dist/server/health.d.ts +2 -2
package/dist/server/health.d.ts.map +1 -1
package/dist/server/hooks/auth.d.ts +49 -10
package/dist/server/hooks/auth.d.ts.map +1 -1
package/dist/server/hooks/auth.js +77 -37
package/dist/server/hooks/auth.js.map +1 -1
package/dist/server/hooks/cors.d.ts +1 -1
package/dist/server/hooks/cors.d.ts.map +1 -1
package/dist/server/hooks/errors.d.ts +2 -2
package/dist/server/hooks/errors.d.ts.map +1 -1
package/dist/server/hooks/errors.js +2 -2
package/dist/server/hooks/errors.js.map +1 -1
package/dist/server/hooks/idempotency.d.ts +78 -0
package/dist/server/hooks/idempotency.d.ts.map +1 -0
package/dist/server/hooks/idempotency.js +154 -0
package/dist/server/hooks/idempotency.js.map +1 -0
package/dist/server/hooks/index.d.ts +8 -7
package/dist/server/hooks/index.d.ts.map +1 -1
package/dist/server/hooks/index.js +6 -5
package/dist/server/hooks/index.js.map +1 -1
package/dist/server/hooks/logging.d.ts +2 -2
package/dist/server/hooks/logging.d.ts.map +1 -1
package/dist/server/hooks/logging.js +1 -1
package/dist/server/hooks/logging.js.map +1 -1
package/dist/server/hooks/rate-limit.d.ts +25 -7
package/dist/server/hooks/rate-limit.d.ts.map +1 -1
package/dist/server/hooks/rate-limit.js +47 -12
package/dist/server/hooks/rate-limit.js.map +1 -1
package/dist/server/hooks.d.ts +1 -1
package/dist/server/hooks.d.ts.map +1 -1
package/dist/server/hooks.js +1 -1
package/dist/server/hooks.js.map +1 -1
package/dist/server/http.d.ts +61 -35
package/dist/server/http.d.ts.map +1 -1
package/dist/server/http.js +1 -20
package/dist/server/http.js.map +1 -1
package/dist/server/index.d.ts +36 -12
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +24 -8
package/dist/server/index.js.map +1 -1
package/dist/server/instrumentation.d.ts +108 -0
package/dist/server/instrumentation.d.ts.map +1 -0
package/dist/server/instrumentation.js +297 -0
package/dist/server/instrumentation.js.map +1 -0
package/dist/server/openapi.d.ts +3 -3
package/dist/server/openapi.d.ts.map +1 -1
package/dist/server/openapi.js +1 -1
package/dist/server/openapi.js.map +1 -1
package/dist/server/providers/index.d.ts +3 -3
package/dist/server/providers/index.d.ts.map +1 -1
package/dist/server/providers/index.js +3 -3
package/dist/server/providers/index.js.map +1 -1
package/dist/server/providers/loadProviderConfig.d.ts +2 -2
package/dist/server/providers/loadProviderConfig.d.ts.map +1 -1
package/dist/server/providers/loadProviderConfig.js +2 -2
package/dist/server/providers/loadProviderConfig.js.map +1 -1
package/dist/server/request-context.d.ts +67 -0
package/dist/server/request-context.d.ts.map +1 -0
package/dist/server/request-context.js +79 -0
package/dist/server/request-context.js.map +1 -0
package/dist/server/server-context.d.ts +38 -0
package/dist/server/server-context.d.ts.map +1 -0
package/dist/server/server-context.js +38 -0
package/dist/server/server-context.js.map +1 -0
package/dist/server/server.d.ts +105 -33
package/dist/server/server.d.ts.map +1 -1
package/dist/server/server.js +434 -118
package/dist/server/server.js.map +1 -1
package/dist/server/types.d.ts +2 -2
package/dist/server/types.d.ts.map +1 -1
package/dist/server/types.js +2 -2
package/dist/server/types.js.map +1 -1
package/dist/server/use-case-route.d.ts +263 -0
package/dist/server/use-case-route.d.ts.map +1 -0
package/dist/server/use-case-route.js +77 -0
package/dist/server/use-case-route.js.map +1 -0
package/dist/server-only.d.ts +8 -0
package/dist/server-only.d.ts.map +1 -0
package/dist/server-only.js +8 -0
package/dist/server-only.js.map +1 -0
package/dist/tasks/index.d.ts +139 -0
package/dist/tasks/index.d.ts.map +1 -0
package/dist/tasks/index.js +98 -0
package/dist/tasks/index.js.map +1 -0
package/dist/testing/index.d.ts +607 -5
package/dist/testing/index.d.ts.map +1 -1
package/dist/testing/index.js +426 -4
package/dist/testing/index.js.map +1 -1
package/dist/tracing/index.d.ts +89 -0
package/dist/tracing/index.d.ts.map +1 -0
package/dist/tracing/index.js +101 -0
package/dist/tracing/index.js.map +1 -0
package/dist/uploads/client.d.ts +1 -1
package/dist/uploads/client.d.ts.map +1 -1
package/dist/uploads/index.d.ts +2 -2
package/dist/uploads/index.d.ts.map +1 -1
package/dist/uploads/index.js +1 -1
package/dist/uploads/index.js.map +1 -1
package/package.json +24 -2
package/src/application/index.ts +193 -10
package/src/client/client.ts +148 -150
package/src/client/error-messages.ts +35 -0
package/src/client/index.ts +12 -4
package/src/client/types.ts +44 -5
package/src/client-only.ts +7 -0
package/src/config/index.ts +6 -6
package/src/contracts/catalog-errors.ts +115 -0
package/src/contracts/contract-builder.ts +39 -76
package/src/contracts/contract-group.ts +33 -68
package/src/contracts/contract-like.ts +1 -1
package/src/contracts/index.ts +24 -11
package/src/contracts/openapi-meta.ts +55 -0
package/src/contracts/path-template.ts +2 -2
package/src/contracts/schema-shape.ts +75 -0
package/src/contracts/success-status.ts +68 -0
package/src/contracts/types.ts +32 -5
package/src/contracts/utils.ts +5 -2
package/src/domain/events.ts +6 -2
package/src/domain/index.ts +3 -3
package/src/errors/catalog.ts +9 -1
package/src/errors/http.ts +11 -1
package/src/errors/index.ts +4 -4
package/src/errors/response.ts +4 -1
package/src/events/index.ts +12 -26
package/src/idempotency/index.ts +5 -3
package/src/jobs/index.ts +14 -24
package/src/notifications/index.ts +17 -27
package/src/openapi/index.ts +73 -38
package/src/openapi/schema-introspector.ts +68 -17
package/src/outbox/index.ts +84 -19
package/src/ports/audit.ts +120 -11
package/src/ports/auth.ts +132 -0
package/src/ports/events.ts +2 -2
package/src/ports/index.ts +104 -35
package/src/ports/policy.ts +50 -3
package/src/ports/testing.ts +2220 -33
package/src/ports/unbound.ts +64 -0
package/src/ports/unit-of-work.ts +6 -2
package/src/providers/index.ts +16 -3
package/src/providers/instrumentation.ts +86 -7
package/src/providers/metadata.ts +234 -0
package/src/providers/provider.ts +168 -9
package/src/schedules/index.ts +173 -23
package/src/server/audit-context.ts +45 -0
package/src/server/context.ts +224 -0
package/src/server/contract-like.ts +1 -1
package/src/server/health.ts +2 -2
package/src/server/hooks/auth.ts +141 -51
package/src/server/hooks/cors.ts +1 -1
package/src/server/hooks/errors.ts +7 -4
package/src/server/hooks/idempotency.ts +263 -0
package/src/server/hooks/index.ts +14 -7
package/src/server/hooks/logging.ts +3 -3
package/src/server/hooks/rate-limit.ts +85 -17
package/src/server/hooks.ts +1 -1
package/src/server/http.ts +78 -51
package/src/server/index.ts +62 -12
package/src/server/instrumentation.ts +470 -0
package/src/server/openapi.ts +4 -4
package/src/server/providers/index.ts +6 -3
package/src/server/providers/loadProviderConfig.ts +4 -4
package/src/server/request-context.ts +116 -0
package/src/server/server-context.ts +44 -0
package/src/server/server.ts +886 -238
package/src/server/types.ts +2 -2
package/src/server/use-case-route.ts +430 -0
package/src/server-only.ts +7 -0
package/src/tasks/index.ts +275 -0
package/src/testing/index.ts +1142 -6
package/src/tracing/index.ts +176 -0
package/src/uploads/client.ts +1 -1
package/src/uploads/index.ts +7 -3
package/dist/ports/mailer.d.ts +0 -6
package/dist/ports/mailer.d.ts.map +0 -1
package/dist/ports/mailer.js +0 -2
package/dist/ports/mailer.js.map +0 -1
package/dist/ports/schedules.d.ts +0 -9
package/dist/ports/schedules.d.ts.map +0 -1
package/dist/ports/schedules.js +0 -2
package/dist/ports/schedules.js.map +0 -1

package/src/server/hooks/idempotency.ts ADDED Viewed

@@ -0,0 +1,263 @@
+/**
+ * Idempotency hooks for @beignet/core/server
+ */
+import { AppError, httpErrors } from "../../errors/index.js";
+import {
+  createIdempotencyFingerprint,
+  IdempotencyConflictError,
+  IdempotencyInProgressError,
+  type IdempotencyMeta,
+  type IdempotencyPort,
+  type IdempotencyScope,
+} from "../../idempotency/index.js";
+import type { ActivityActor, ActivityTenant } from "../../ports/index.js";
+import type {
+  HttpRequestLike,
+  HttpResponseLike,
+  ServerHook,
+} from "../types.js";
+/**
+ * Ports required by idempotency hooks.
+ */
+export type IdempotencyPorts = {
+  idempotency: IdempotencyPort;
+};
+/**
+ * Minimal context shape required for actor- and tenant-scoped idempotency.
+ */
+export type CtxWithIdempotency = {
+  ports: IdempotencyPorts;
+  actor?: ActivityActor;
+  tenant?: ActivityTenant;
+};
+/**
+ * Options for `createIdempotencyHooks(...)`.
+ */
+export interface IdempotencyHooksOptions<Ctx> {
+  /**
+   * Build the idempotency namespace for a contract.
+   *
+   * Defaults to `http.<contract name>` so HTTP reservations never collide with
+   * use-case `runIdempotently(...)` namespaces.
+   */
+  namespace?: (args: { contract: { name: string } }) => string;
+  /**
+   * Build the idempotency scope after context exists.
+   *
+   * Defaults to a scope derived from `meta.scope`: `"global"` stays global,
+   * `"actor"` scopes by `ctx.actor?.id`, `"tenant"` scopes by `ctx.tenant?.id`,
+   * and `"actor-tenant"` scopes by both.
+   */
+  scope?: (args: {
+    ctx: Ctx;
+    req: HttpRequestLike;
+    meta: IdempotencyMeta;
+  }) => IdempotencyScope;
+  /**
+   * Build the fingerprint input from the parsed request.
+   *
+   * Defaults to `{ path, query, body }`.
+   */
+  fingerprintInput?: (args: {
+    path: unknown;
+    query: unknown;
+    body: unknown;
+  }) => unknown;
+}
+/**
+ * Header set on replayed responses.
+ */
+const IDEMPOTENCY_REPLAYED_HEADER = "idempotency-replayed";
+type PendingReservation = {
+  port: IdempotencyPort;
+  namespace: string;
+  key: string;
+  scope: IdempotencyScope;
+  fingerprint: string;
+};
+function defaultIdempotencyScope(
+  ctx: CtxWithIdempotency,
+  meta: IdempotencyMeta,
+): IdempotencyScope {
+  const mode = meta.scope ?? "global";
+  switch (mode) {
+    case "global":
+      return "global";
+    case "actor":
+      return { actorId: ctx.actor?.id };
+    case "tenant":
+      return { tenantId: ctx.tenant?.id };
+    case "actor-tenant":
+      return { actorId: ctx.actor?.id, tenantId: ctx.tenant?.id };
+  }
+}
+function isReplayableHttpResponse(value: unknown): value is HttpResponseLike {
+  if (typeof value !== "object" || value === null) return false;
+  const candidate = value as { status?: unknown; headers?: unknown };
+  if (typeof candidate.status !== "number") return false;
+  if (
+    candidate.headers !== undefined &&
+    (typeof candidate.headers !== "object" ||
+      candidate.headers === null ||
+      Array.isArray(candidate.headers))
+  ) {
+    return false;
+  }
+  return true;
+}
+/**
+ * Create metadata-driven idempotency hooks.
+ *
+ * The hook reads `contract.metadata.idempotency` and enforces it with
+ * `ctx.ports.idempotency`. In `beforeHandle` it reserves the client key after
+ * request parsing, replays completed matching responses with an
+ * `idempotency-replayed: true` header, and rejects in-progress or conflicting
+ * keys with the framework `IdempotencyInProgress`/`IdempotencyConflict` catalog
+ * errors. In `beforeSend` it stores 2xx framework-neutral responses for replay
+ * and releases the reservation for errors, non-2xx responses, and native
+ * `Response` results, which are not replayable.
+ *
+ * Use `runIdempotently(...)` from `@beignet/core/idempotency` for non-HTTP
+ * workflows such as jobs, listeners, webhooks, and schedules.
+ *
+ * @param options - Optional namespace, scope, and fingerprint-input builders.
+ * @returns A server hook backed by `ctx.ports.idempotency`.
+ */
+export function createIdempotencyHooks<Ctx extends CtxWithIdempotency>(
+  options: IdempotencyHooksOptions<Ctx> = {},
+): ServerHook<Ctx, IdempotencyPorts> {
+  const pending = new WeakMap<HttpRequestLike, PendingReservation>();
+  return {
+    name: "idempotency",
+    beforeHandle: async ({ ctx, contract, req, path, query, body }) => {
+      const meta = contract.metadata?.idempotency;
+      if (!meta) {
+        return undefined;
+      }
+      const header = (meta.header ?? "idempotency-key").toLowerCase();
+      const key = req.headers.get(header);
+      if (!key) {
+        if (meta.required) {
+          throw new AppError(
+            httpErrors.BadRequest,
+            {
+              contract: contract.name,
+              header,
+            },
+            `Missing required idempotency key header "${header}"`,
+          );
+        }
+        return undefined;
+      }
+      const namespace =
+        options.namespace?.({ contract: { name: contract.name } }) ??
+        `http.${contract.name}`;
+      const scope =
+        options.scope?.({ ctx, req, meta }) ??
+        defaultIdempotencyScope(ctx, meta);
+      const fingerprint = await createIdempotencyFingerprint(
+        options.fingerprintInput?.({ path, query, body }) ?? {
+          path,
+          query,
+          body,
+        },
+      );
+      const reservation = await ctx.ports.idempotency.reserve({
+        namespace,
+        key,
+        scope,
+        fingerprint,
+        ttlSec: meta.ttlSec,
+      });
+      switch (reservation.status) {
+        case "replay": {
+          if (!isReplayableHttpResponse(reservation.result)) {
+            throw new AppError(
+              httpErrors.InternalServerError,
+              { namespace, key },
+              `Stored idempotency result for "${namespace}" key "${key}" is not a replayable HTTP response`,
+            );
+          }
+          return {
+            status: reservation.result.status,
+            headers: {
+              ...(reservation.result.headers ?? {}),
+              [IDEMPOTENCY_REPLAYED_HEADER]: "true",
+            },
+            body: reservation.result.body,
+          };
+        }
+        case "inProgress": {
+          throw new IdempotencyInProgressError(reservation);
+        }
+        case "conflict": {
+          throw new IdempotencyConflictError(reservation);
+        }
+        case "reserved": {
+          pending.set(req, {
+            port: ctx.ports.idempotency,
+            namespace,
+            key,
+            scope,
+            fingerprint,
+          });
+          return undefined;
+        }
+      }
+    },
+    beforeSend: async ({ req, response, error, native }) => {
+      const reservation = pending.get(req);
+      if (!reservation) {
+        return undefined;
+      }
+      pending.delete(req);
+      const { port, namespace, key, scope, fingerprint } = reservation;
+      if (
+        !native &&
+        !error &&
+        response.status >= 200 &&
+        response.status < 300
+      ) {
+        await port.complete({
+          namespace,
+          key,
+          scope,
+          fingerprint,
+          result: {
+            status: response.status,
+            headers: response.headers,
+            body: response.body,
+          },
+        });
+        return undefined;
+      }
+      // Errors, non-2xx responses, and native `Response` results release the
+      // reservation. Streams are not replayable.
+      await port.fail({ namespace, key, scope, fingerprint, error });
+      return undefined;
+    },
+  };
+}

package/src/server/hooks/index.ts CHANGED Viewed

@@ -2,35 +2,42 @@
  * Hook utilities for @beignet/core/server
  */
-import type { AnyPorts } from "../../ports";
-import type { ServerHook } from "../http";
+import type { AnyPorts } from "../../ports/index.js";
+import type { ServerHook } from "../http.js";
 export {
   type AuthHookArgs,
   type AuthHooksOptions,
   type AuthRouteHooks,
   createAuthHooks,
-} from "./auth";
+} from "./auth.js";
 export {
   applyCorsHeaders,
   type CorsConfig,
   createCorsHooks,
-} from "./cors";
+} from "./cors.js";
 export {
   defaultMapErrorToResponse,
   type ErrorMappingConfig,
   type ErrorMappingResult,
-} from "./errors";
+} from "./errors.js";
+export {
+  type CtxWithIdempotency,
+  createIdempotencyHooks,
+  type IdempotencyHooksOptions,
+  type IdempotencyPorts,
+} from "./idempotency.js";
 export {
   createLoggingHooks,
   type Logger,
   type LoggingConfig,
-} from "./logging";
+} from "./logging.js";
 export {
   type CtxWithRateLimit,
   createRateLimitHooks,
+  type RateLimitIpSource,
   type RateLimitOptions,
-} from "./rate-limit";
+} from "./rate-limit.js";
 /**
  * Flatten hook arrays into a single hook list.

package/src/server/hooks/logging.ts CHANGED Viewed

@@ -2,9 +2,9 @@
  * Logging hook utilities for @beignet/core/server
  */
-import type { HttpContractConfig } from "../../contracts";
-import type { HttpRequestLike, ServerHook } from "../types";
-import { getRequestIdFromContext } from "./utils";
+import type { HttpContractConfig } from "../../contracts/index.js";
+import type { HttpRequestLike, ServerHook } from "../types.js";
+import { getRequestIdFromContext } from "./utils.js";
 /**
  * Minimal logger shape accepted by `createLoggingHooks(...)`.

package/src/server/hooks/rate-limit.ts CHANGED Viewed

@@ -2,10 +2,14 @@
  * Rate limit hooks for @beignet/core/server
  */
-import type { RateLimitScope } from "../../contracts";
-import { AppError, httpErrors } from "../../errors";
-import type { ActivityActor, RateLimitPort } from "../../ports";
-import type { HttpRequestLike, ServerHook } from "../types";
+import type { RateLimitScope } from "../../contracts/index.js";
+import { AppError, httpErrors } from "../../errors/index.js";
+import type { ActivityActor, RateLimitPort } from "../../ports/index.js";
+import {
+  createProviderInstrumentation,
+  type ProviderInstrumentationTarget,
+} from "../../providers/index.js";
+import type { HttpRequestLike, ServerHook } from "../types.js";
 /**
  * Ports required by rate-limit hooks.
@@ -24,6 +28,23 @@ export type CtxWithRateLimit = {
 type EarlyRateLimitScope = Exclude<RateLimitScope, "user">;
+/**
+ * Strategy for resolving the client IP used by `ip`-scoped limits.
+ *
+ * - `"x-forwarded-for-last"` (default): the last `x-forwarded-for` entry.
+ *   This is the address appended by the platform's trusted reverse proxy and
+ *   cannot be chosen by the client.
+ * - `"x-forwarded-for-first"`: the first `x-forwarded-for` entry. This value
+ *   is client-controlled, so only use it when a trusted edge normalizes the
+ *   header before it reaches the app.
+ * - A function receives the raw request and returns the client IP, for
+ *   platform-specific headers such as `cf-connecting-ip`.
+ */
+export type RateLimitIpSource =
+  | "x-forwarded-for-last"
+  | "x-forwarded-for-first"
+  | ((req: HttpRequestLike) => string | undefined);
 /**
  * Options for `createRateLimitHooks(...)`.
  */
@@ -48,14 +69,38 @@ export interface RateLimitOptions<Ctx> {
     scope: EarlyRateLimitScope;
   }) => string;
   /**
-   * Resolve a client IP from the raw request.
+   * Resolve the client IP for `ip`-scoped limits.
+   *
+   * Defaults to `"x-forwarded-for-last"`, the entry appended by the
+   * platform's trusted proxy. Pass a function for platform-specific headers.
    */
-  getClientIp?: (req: HttpRequestLike) => string | undefined;
+  ipSource?: RateLimitIpSource;
 }
-function defaultGetClientIp(req: HttpRequestLike): string | undefined {
-  const xfwd = req.headers.get("x-forwarded-for") ?? "";
-  return xfwd.split(",")[0].trim() || undefined;
+function parseForwardedFor(req: HttpRequestLike): string[] {
+  const header = req.headers.get("x-forwarded-for") ?? "";
+  return header
+    .split(",")
+    .map((entry) => entry.trim())
+    .filter(Boolean);
+}
+function resolveClientIp(
+  req: HttpRequestLike,
+  ipSource: RateLimitIpSource,
+): string | undefined {
+  if (typeof ipSource === "function") {
+    return ipSource(req) || undefined;
+  }
+  const entries = parseForwardedFor(req);
+  if (entries.length === 0) {
+    return undefined;
+  }
+  return ipSource === "x-forwarded-for-first"
+    ? entries[0]
+    : entries[entries.length - 1];
 }
 function emitUserKey(userId: string): string {
@@ -104,7 +149,7 @@ function defaultEarlyRateLimitKey(
 }
 async function enforceRateLimit(
-  rateLimit: RateLimitPort,
+  ports: RateLimitPorts,
   args: {
     key: string;
     limit: number;
@@ -112,7 +157,7 @@ async function enforceRateLimit(
     scope: RateLimitScope;
   },
 ): Promise<void> {
-  const result = await rateLimit.hit({
+  const result = await ports.rateLimit.hit({
     key: args.key,
     limit: args.limit,
     windowSec: args.windowSec,
@@ -122,10 +167,30 @@ async function enforceRateLimit(
     return;
   }
+  // App ports may carry an `instrumentation` or `devtools` sink alongside the
+  // typed rate-limit port; the helper resolves them at runtime.
+  const instrumentation = createProviderInstrumentation(
+    ports as ProviderInstrumentationTarget,
+    {
+      providerName: "rate-limit",
+      watcher: "rateLimit",
+    },
+  );
+  instrumentation.custom({
+    name: "rateLimit.denied",
+    label: "Rate limit denied",
+    summary: `Rate limit denied for ${args.key}`,
+    details: {
+      key: args.key,
+      scope: args.scope,
+      limit: args.limit,
+      windowSec: args.windowSec,
+    },
+  });
   throw new AppError(
     httpErrors.TooManyRequests,
     {
-      key: args.key,
       scope: args.scope,
       retryAfterSeconds: result.retryAfterSeconds,
       resetAt: result.resetAt?.toISOString() ?? null,
@@ -140,15 +205,18 @@ async function enforceRateLimit(
  * The hook reads `contract.metadata.rateLimit`. Global and IP-scoped limits run
  * in `onRequest` before context creation; user-scoped limits run in
  * `beforeHandle` after `ctx.actor` is available. Exceeded limits throw the
- * framework `TooManyRequests` app error.
+ * framework `TooManyRequests` app error with `scope`, `retryAfterSeconds`, and
+ * `resetAt` details. The bucket key is never sent to clients; denials emit a
+ * `rateLimit.denied` instrumentation event that carries the key for operators.
  *
- * @param options - Optional key builders and client-IP resolver.
+ * @param options - Optional key builders and client-IP source.
  * @returns A server hook backed by `ctx.ports.rateLimit`.
  */
 export function createRateLimitHooks<Ctx extends CtxWithRateLimit>(
   options: RateLimitOptions<Ctx> = {},
 ): ServerHook<Ctx, RateLimitPorts> {
-  const getClientIp = options.getClientIp ?? defaultGetClientIp;
+  const ipSource = options.ipSource ?? "x-forwarded-for-last";
+  const getClientIp = (req: HttpRequestLike) => resolveClientIp(req, ipSource);
   return {
     name: "rate-limit",
@@ -167,7 +235,7 @@ export function createRateLimitHooks<Ctx extends CtxWithRateLimit>(
         options.earlyKey?.({ req, scope }) ??
         defaultEarlyRateLimitKey({ req, scope }, getClientIp);
-      await enforceRateLimit(ports.rateLimit, {
+      await enforceRateLimit(ports, {
         key,
         limit: rlMeta.max,
         windowSec: rlMeta.windowSec,
@@ -191,7 +259,7 @@ export function createRateLimitHooks<Ctx extends CtxWithRateLimit>(
         options.key?.({ ctx, req, scope }) ??
         defaultRateLimitKey({ ctx, req, scope }, getClientIp);
-      await enforceRateLimit(ctx.ports.rateLimit, {
+      await enforceRateLimit(ctx.ports, {
         key,
         limit: rlMeta.max,
         windowSec: rlMeta.windowSec,

package/src/server/hooks.ts CHANGED Viewed

	@@ -1 +1 @@
1	- export * from "./hooks/index";
1	+ export * from "./hooks/index.js";

package/src/server/http.ts CHANGED Viewed

@@ -3,8 +3,8 @@ import type {
   InferHeaderSchemaOutput,
   InferOutput,
   StandardSchema,
-} from "../contracts";
-import type { AnyPorts } from "../ports";
+} from "../contracts/index.js";
+import type { AnyPorts } from "../ports/index.js";
 /**
  * Framework-neutral request shape consumed by Beignet server adapters.
@@ -84,6 +84,50 @@ export interface HttpResponseLike {
  */
 export type HttpResponse = HttpResponseLike | Response;
+/**
+ * Framework-neutral Beignet API handler consumed by HTTP adapters.
+ */
+export type HttpAdapterApiHandler = (
+  req: HttpRequestLike,
+) => Promise<HttpResponse>;
+/**
+ * Native handler shape produced by an HTTP adapter.
+ */
+export type HttpAdapterHandler<NativeRequest, NativeResponse> = (
+  req: NativeRequest,
+) => Promise<NativeResponse>;
+/**
+ * Contract implemented by packages that adapt Beignet's framework-neutral
+ * server runtime to a platform HTTP API.
+ *
+ * Core owns request parsing, hooks, route matching, validation, error mapping,
+ * response ownership, and provider lifecycle. Adapters own only the conversion
+ * between the platform request/response types and Beignet's `HttpRequestLike`
+ * / `HttpResponse` boundary.
+ */
+export interface HttpAdapter<NativeRequest, NativeResponse> {
+  /**
+   * Human-readable adapter name for diagnostics and documentation.
+   */
+  name: string;
+  /**
+   * Convert a platform request into Beignet's framework-neutral request shape.
+   */
+  toRequestLike(req: NativeRequest): HttpRequestLike;
+  /**
+   * Convert a Beignet response into the platform response type.
+   */
+  toNativeResponse(res: HttpResponse): NativeResponse | Promise<NativeResponse>;
+  /**
+   * Wrap a Beignet API handler in the platform's native handler shape.
+   */
+  createHandler(
+    handler: HttpAdapterApiHandler,
+  ): HttpAdapterHandler<NativeRequest, NativeResponse>;
+}
 type InferSchemaOrFallback<
   T extends StandardSchema | null,
   Fallback,
@@ -130,7 +174,7 @@ export interface HandlerArgs<Ctx, C extends HttpContractConfig> {
    */
   req: HttpRequestLike;
   /**
-   * Application context returned by `createContext`.
+   * Application context assembled by the server context blueprint.
    */
   ctx: Ctx;
   /**
@@ -183,10 +227,14 @@ export type RouteHookArgs<
  * Route hooks are for scoped policy and context enrichment such as
  * authentication, tenant resolution, feature gates, and idempotency. They add
  * fields to the handler context instead of replacing the app context.
+ *
+ * Hook additions must not include `gate`: the server re-attaches the gate
+ * declared by the context blueprint after every hook, so identity changes are
+ * picked up automatically.
  */
 export interface RouteHook<
   Ctx,
-  AddedCtx extends object = Record<string, never>,
+  AddedCtx extends object & { gate?: never } = Record<string, never>,
 > {
   /**
    * Optional name used in diagnostics and devtools.
@@ -198,54 +246,24 @@ export interface RouteHook<
   resolve: (args: RouteHookArgs<Ctx>) => MaybePromise<AddedCtx | undefined>;
 }
-/**
- * Builder for route-scoped hooks.
- */
-export type RouteHookBuilder<Ctx> = {
-  /**
-   * Assign a diagnostic name to the hook.
-   */
-  name: (name: string) => RouteHookNamedBuilder<Ctx>;
-  /**
-   * Define the hook resolver.
-   */
-  resolve: <AddedCtx extends object>(
-    resolve: RouteHook<Ctx, AddedCtx>["resolve"],
-  ) => RouteHook<Ctx, AddedCtx>;
-};
+type AddedCtxFromHook<Hook> =
+  Hook extends RouteHook<infer _Ctx, infer AddedCtx> ? AddedCtx : unknown;
-/**
- * Named builder for route-scoped hooks.
- */
-export type RouteHookNamedBuilder<Ctx> = {
-  /**
-   * Define the hook resolver.
-   */
-  resolve: <AddedCtx extends object>(
-    resolve: RouteHook<Ctx, AddedCtx>["resolve"],
-  ) => RouteHook<Ctx, AddedCtx>;
-};
+type UnionToIntersection<Union> = (
+  Union extends unknown
+    ? (value: Union) => void
+    : never
+) extends (value: infer Intersection) => void
+  ? Intersection
+  : never;
 /**
- * Define a route-scoped hook.
- *
- * Route hooks enrich handler context for one route or route group. They should
- * throw application/framework errors for denials instead of returning HTTP
- * responses directly.
+ * Intersection of the context fields added by a route hook list.
  */
-export function defineRouteHook<Ctx>(): RouteHookBuilder<Ctx> {
-  return {
-    name: (name) => ({
-      resolve: (resolve) => ({
-        name,
-        resolve,
-      }),
-    }),
-    resolve: (resolve) => ({
-      resolve,
-    }),
-  };
-}
+export type AddedCtxFromHooks<Hooks extends readonly unknown[]> =
+  Hooks extends readonly []
+    ? unknown
+    : UnionToIntersection<AddedCtxFromHook<Hooks[number]>>;
 /**
  * Hook that runs after a route is matched but before request parsing and
@@ -294,10 +312,11 @@ export type BeforeHandleHook<
 }) => MaybePromise<BeforeHandleResult<Ctx>>;
 /**
- * Hook that runs before a framework-neutral response is returned.
+ * Hook that runs before the response is returned.
  *
  * Return a response to replace or decorate the outgoing response. Hooks run in
- * declaration order.
+ * declaration order. For native web `Response` results the hook receives a
+ * headers-only view and only header changes are applied.
  */
 export type BeforeSendHook<
   Ctx,
@@ -312,6 +331,13 @@ export type BeforeSendHook<
   body?: InferBody<C>;
   response: HttpResponseLike;
   error?: unknown;
+  /**
+   * True when the route returned a native web Response. The response argument
+   * is a headers-only view ({ status, headers }); the body is not readable and
+   * returned body/status changes are ignored. Header changes are merged onto
+   * the native Response.
+   */
+  native?: boolean;
 }) => MaybePromise<HttpResponseLike | undefined>;
 /**
@@ -395,7 +421,8 @@ export interface ServerHook<Ctx, Ports extends AnyPorts = AnyPorts> {
    */
   beforeHandle?: BeforeHandleHook<Ctx>;
   /**
-   * Runs before a framework-neutral response is returned.
+   * Runs before the response is returned. Native web `Response` results get a
+   * headers-only view with `native: true`.
    */
   beforeSend?: BeforeSendHook<Ctx>;
   /**