@bleedingdev/modern-js-create-request 3.2.0-ultramodern.0

package/dist/esm-node/node.mjs

@@ -0,0 +1,406 @@
+import "node:module";
+import { storage } from "@modern-js/runtime-utils/node";
+import { compile } from "path-to-regexp";
+import { stringify } from "qs";
+import { handleRes } from "./handleRes.mjs";
+import { executeWithResilience } from "./transport.mjs";
+import { BFF_DEFAULT_PROTECTED_IDENTITY_HEADERS, BFF_ENVELOPE_HEADER, BFF_OPERATION_CONTEXT_DETAIL_HEADER, BFF_OPERATION_CONTEXT_HEADER } from "./types.mjs";
+import { getUploadPayload } from "./utiles.mjs";
+export * from "./requestContext.mjs";
+export * from "./types.mjs";
+const realRequest = new Map();
+const realAllowedHeaders = new Map();
+const realResolveHeaders = new Map();
+const realRequireEnvelope = new Map();
+const realAllowCrossOriginEnvelope = new Map();
+const realTransportResilience = new Map();
+const realIdentityBinding = new Map();
+const realOperationContract = new Map();
+const domainMap = new Map();
+const isEmptyDomain = (domain)=>'string' != typeof domain || '' === domain.trim();
+const TRACEPARENT_HEADER = 'traceparent';
+const OPERATION_CONTEXT_DETAIL_HEADER = BFF_OPERATION_CONTEXT_DETAIL_HEADER;
+const TRACEPARENT_REGEX = /^00-([0-9a-f]{32})-([0-9a-f]{16})-[0-9a-f]{2}$/i;
+const isStrictDefaultRequestIdEnabled = ()=>'true' === process.env.MODERN_BFF_STRICT_DEFAULT_REQUEST_ID;
+const isSecuredRequestId = (requestId)=>'default' !== requestId || isStrictDefaultRequestIdEnabled();
+const firstHeaderValue = (value)=>Array.isArray(value) ? value[0] : value;
+const findHeaderKey = (headers, header)=>{
+    const normalized = header.toLowerCase();
+    return Object.keys(headers).find((key)=>key.toLowerCase() === normalized);
+};
+const readHeader = (headers, header)=>{
+    const key = findHeaderKey(headers, header);
+    return 'string' == typeof key ? headers[key] : void 0;
+};
+const writeHeader = (headers, header, value)=>{
+    if (void 0 === value) return;
+    const key = findHeaderKey(headers, header);
+    if ('string' == typeof key && key !== header) delete headers[key];
+    headers[header] = value;
+};
+const deleteHeader = (headers, header)=>{
+    const key = findHeaderKey(headers, header);
+    if ('string' == typeof key) delete headers[key];
+};
+const toOrigin = (value)=>{
+    if (!value) return;
+    try {
+        return new URL(value).origin;
+    } catch (error) {
+        return;
+    }
+};
+const parseTraceparent = (value)=>{
+    const traceparent = firstHeaderValue(value);
+    if ('string' != typeof traceparent) return;
+    const match = traceparent.trim().match(TRACEPARENT_REGEX);
+    if (!match) return;
+    const [, traceId, spanId] = match;
+    if (!traceId || !spanId) return;
+    return {
+        traceId: traceId.toLowerCase(),
+        spanId: spanId.toLowerCase()
+    };
+};
+const resolveSourceOrigin = (headers)=>{
+    const origin = toOrigin(firstHeaderValue(headers.origin));
+    if (origin) return origin;
+    const referer = toOrigin(firstHeaderValue(headers.referer));
+    if (referer) return referer;
+    const host = firstHeaderValue(headers.host);
+    if (!host) return;
+    const proto = firstHeaderValue(headers['x-forwarded-proto']) || 'http';
+    return `${proto}://${host}`;
+};
+const extractPathParamNames = (path)=>Array.from(path.matchAll(/:([A-Za-z0-9_]+)/g)).map(([, key])=>key);
+const originFetch = (...params)=>{
+    const [, init] = params;
+    if (init?.method?.toLowerCase() === 'get') init.body = void 0;
+    return fetch(...params).then(handleRes);
+};
+const buildOperationContext = ({ requestId, method, path, operationContext, traceparent })=>{
+    const routePath = operationContext?.routePath || path;
+    const operationMethod = (operationContext?.method || method || 'GET').toUpperCase();
+    const rawOperationId = operationContext?.operationId || `${operationMethod}:${routePath}`;
+    const operationId = rawOperationId.startsWith(`${requestId}:`) ? rawOperationId : `${requestId}:${rawOperationId}`;
+    const traceparentValue = operationContext?.traceparent || ('string' == typeof firstHeaderValue(traceparent) ? String(firstHeaderValue(traceparent)) : void 0);
+    const parsedTraceContext = operationContext?.traceId && operationContext?.spanId ? {
+        traceId: operationContext.traceId,
+        spanId: operationContext.spanId
+    } : parseTraceparent(traceparentValue);
+    return {
+        requestId,
+        operationId,
+        routePath,
+        method: operationMethod,
+        ...operationContext?.schemaHash ? {
+            schemaHash: operationContext.schemaHash
+        } : {},
+        ...'number' == typeof operationContext?.operationVersion ? {
+            operationVersion: operationContext.operationVersion
+        } : {},
+        ...traceparentValue ? {
+            traceparent: traceparentValue
+        } : {},
+        ...parsedTraceContext ? {
+            traceId: parsedTraceContext.traceId,
+            spanId: parsedTraceContext.spanId
+        } : {}
+    };
+};
+class ProducerClientNotInitializedError extends Error {
+    constructor(requestId){
+        super(`Producer client "${requestId}" is not initialized. Call initProducerClient() (or configure()) before using generated APIs for this requestId.`), this.code = 'BFF_PRODUCER_CLIENT_NOT_INITIALIZED';
+        this.name = 'ProducerClientNotInitializedError';
+    }
+}
+class ProducerDomainNotConfiguredError extends Error {
+    constructor(requestId){
+        super(`Producer client "${requestId}" must provide setDomain() during configure().`), this.code = 'BFF_PRODUCER_DOMAIN_NOT_CONFIGURED';
+        this.name = 'ProducerDomainNotConfiguredError';
+    }
+}
+class CrossOriginEnvelopePolicyError extends Error {
+    constructor(requestId, sourceOrigin, targetOrigin){
+        super(`Cross-origin envelope is not allowed for producer "${requestId}" (${sourceOrigin || 'unknown-origin'} -> ${targetOrigin || 'unknown-origin'}). Configure allowCrossOriginEnvelope to explicitly allow this flow.`), this.code = 'BFF_CROSS_ORIGIN_ENVELOPE_NOT_ALLOWED';
+        this.name = 'CrossOriginEnvelopePolicyError';
+    }
+}
+class IdentityBindingViolationError extends Error {
+    constructor(violation){
+        super(`Identity header "${violation.header}" for producer "${violation.requestId}" was rejected by server-derived identity binding.`), this.code = 'BFF_IDENTITY_BINDING_VIOLATION';
+        this.name = 'IdentityBindingViolationError';
+        this.violation = violation;
+    }
+}
+class OperationContractViolationError extends Error {
+    constructor(violation){
+        super(`Operation contract violation "${violation.reason}" for producer "${violation.requestId}" operation "${violation.operationId}".`), this.code = 'BFF_OPERATION_CONTRACT_VIOLATION';
+        this.name = 'OperationContractViolationError';
+        this.violation = violation;
+    }
+}
+const validateOperationContract = (requestId, contextPayload)=>{
+    const operationContract = realOperationContract.get(requestId);
+    const operationContractEnabled = operationContract?.enabled ?? isSecuredRequestId(requestId);
+    if (!operationContractEnabled) return;
+    const strict = operationContract?.strict ?? true;
+    const requireSchemaHash = operationContract?.requireSchemaHash ?? true;
+    const requireOperationVersion = operationContract?.requireOperationVersion ?? true;
+    const maybeReportViolation = (reason)=>{
+        const violation = {
+            requestId,
+            target: 'server',
+            operationId: contextPayload.operationId,
+            routePath: contextPayload.routePath,
+            method: contextPayload.method,
+            schemaHash: 'string' == typeof contextPayload.schemaHash ? contextPayload.schemaHash : void 0,
+            operationVersion: 'number' == typeof contextPayload.operationVersion ? contextPayload.operationVersion : void 0,
+            reason
+        };
+        operationContract?.onViolation?.(violation);
+        if (strict) throw new OperationContractViolationError(violation);
+    };
+    if (requireSchemaHash && 'string' != typeof contextPayload.schemaHash) maybeReportViolation('missing_schema_hash');
+    if (requireOperationVersion && 'number' != typeof contextPayload.operationVersion) maybeReportViolation('missing_operation_version');
+};
+const getConfiguredRequest = (requestId, fallback)=>{
+    const configuredRequest = realRequest.get(requestId);
+    if (configuredRequest) return configuredRequest;
+    if ('default' !== requestId) throw new ProducerClientNotInitializedError(requestId);
+    return fallback;
+};
+const configure = (options)=>{
+    const { request, interceptor, allowedHeaders, resolveHeaders, transport, requireEnvelope, allowCrossOriginEnvelope, identityBinding, operationContract, setDomain, requestId = 'default' } = options;
+    const hasExistingDomain = domainMap.has(requestId);
+    if ('default' !== requestId && !setDomain && !hasExistingDomain) throw new ProducerDomainNotConfiguredError(requestId);
+    let configuredRequest = request || originFetch;
+    if (interceptor && !request) configuredRequest = interceptor(fetch);
+    if (Array.isArray(allowedHeaders)) realAllowedHeaders.set(requestId, allowedHeaders);
+    if ('function' == typeof resolveHeaders) realResolveHeaders.set(requestId, resolveHeaders);
+    if (transport && 'object' == typeof transport) realTransportResilience.set(requestId, transport);
+    if (identityBinding && 'object' == typeof identityBinding) realIdentityBinding.set(requestId, identityBinding);
+    if (operationContract && 'object' == typeof operationContract) realOperationContract.set(requestId, operationContract);
+    if ('boolean' == typeof requireEnvelope) realRequireEnvelope.set(requestId, requireEnvelope);
+    if ('boolean' == typeof allowCrossOriginEnvelope || 'function' == typeof allowCrossOriginEnvelope) realAllowCrossOriginEnvelope.set(requestId, allowCrossOriginEnvelope);
+    if (setDomain) {
+        const resolvedDomain = setDomain({
+            target: 'server',
+            requestId
+        });
+        if ('default' !== requestId && isEmptyDomain(resolvedDomain)) throw new ProducerDomainNotConfiguredError(requestId);
+        if ('string' == typeof resolvedDomain) domainMap.set(requestId, resolvedDomain);
+    }
+    realRequest.set(requestId, configuredRequest);
+};
+const normalizeRequestOptions = (...args)=>{
+    if ('object' == typeof args[0] && null !== args[0]) return args[0];
+    const [path, method, port, httpMethodDecider, fetch1, requestId, operationContext] = args;
+    return {
+        path,
+        method,
+        port,
+        httpMethodDecider,
+        fetch: fetch1,
+        requestId,
+        operationContext
+    };
+};
+const createRequest = (...args)=>{
+    const { path, method, port, httpMethodDecider = 'functionName', fetch: fetch1 = originFetch, requestId = 'default', operationContext } = normalizeRequestOptions(...args);
+    const getFinalPath = compile(path, {
+        encode: encodeURIComponent
+    });
+    const keyNames = extractPathParamNames(path);
+    const sender = (...args)=>{
+        const fetcher = getConfiguredRequest(requestId, fetch1);
+        let webRequestHeaders = {};
+        try {
+            webRequestHeaders = storage.useContext().headers || {};
+        } catch (error) {
+            webRequestHeaders = {};
+        }
+        let body;
+        let headers;
+        let url;
+        if ('inputParams' === httpMethodDecider) {
+            const configDomain = domainMap.get(requestId);
+            if ('default' !== requestId && isEmptyDomain(configDomain)) throw new ProducerDomainNotConfiguredError(requestId);
+            url = `${configDomain || `http://127.0.0.1:${port}`}${path}`;
+            body = args;
+            headers = {
+                'Content-Type': 'application/json'
+            };
+        } else {
+            const payload = 'object' == typeof args[args.length - 1] ? args[args.length - 1] : {};
+            payload.params = payload.params || {};
+            const requestParams = args[0];
+            if ('object' == typeof requestParams && requestParams.params) {
+                const { params } = requestParams;
+                keyNames.forEach((keyName)=>{
+                    payload.params[keyName] = params[keyName];
+                });
+            } else keyNames.forEach((keyName, index)=>{
+                payload.params[keyName] = args[index];
+            });
+            const plainPath = getFinalPath(payload.params);
+            const finalPath = payload.query ? `${plainPath}?${stringify(payload.query)}` : plainPath;
+            headers = payload.headers ? {
+                ...payload.headers
+            } : {};
+            const identityBinding = realIdentityBinding.get(requestId);
+            const identityBindingEnabled = identityBinding?.enabled ?? isSecuredRequestId(requestId);
+            const identityBindingStrict = identityBinding?.strict ?? isSecuredRequestId(requestId);
+            const protectedIdentityHeaders = (identityBinding?.protectedHeaders || BFF_DEFAULT_PROTECTED_IDENTITY_HEADERS).map((header)=>header.toLowerCase());
+            const targetAllowedHeaders = realAllowedHeaders.get(requestId) || [];
+            const forwardedHeaders = {};
+            for (const key of targetAllowedHeaders)if (void 0 !== webRequestHeaders[key]) forwardedHeaders[key] = webRequestHeaders[key];
+            if (identityBindingEnabled) {
+                const derivedIdentityHeaders = {};
+                for (const header of protectedIdentityHeaders){
+                    const incomingHeaderValue = readHeader(webRequestHeaders, header);
+                    if (void 0 !== incomingHeaderValue) writeHeader(derivedIdentityHeaders, header, incomingHeaderValue);
+                }
+                const customDerivedHeaders = identityBinding?.deriveHeaders?.({
+                    requestId,
+                    target: 'server',
+                    incomingHeaders: {
+                        ...webRequestHeaders
+                    },
+                    protectedHeaders: [
+                        ...protectedIdentityHeaders
+                    ]
+                });
+                if (customDerivedHeaders && 'object' == typeof customDerivedHeaders) for (const header of protectedIdentityHeaders){
+                    const customValue = readHeader(customDerivedHeaders, header);
+                    if (void 0 !== customValue) writeHeader(derivedIdentityHeaders, header, customValue);
+                }
+                for (const header of protectedIdentityHeaders){
+                    const attemptedValue = readHeader(headers, header);
+                    if (void 0 === attemptedValue) continue;
+                    const violation = {
+                        requestId,
+                        target: 'server',
+                        header,
+                        attemptedValue,
+                        derivedValue: readHeader(derivedIdentityHeaders, header),
+                        reason: identityBindingStrict ? 'client_override_rejected' : 'client_override_blocked'
+                    };
+                    identityBinding?.onViolation?.(violation);
+                    if (identityBindingStrict) throw new IdentityBindingViolationError(violation);
+                    deleteHeader(headers, header);
+                }
+                Object.keys(derivedIdentityHeaders).forEach((header)=>{
+                    writeHeader(forwardedHeaders, header, derivedIdentityHeaders[header]);
+                });
+            }
+            const resolveHeaders = realResolveHeaders.get(requestId);
+            if (resolveHeaders) {
+                const resolvedHeaders = resolveHeaders({
+                    requestId,
+                    allowedHeaders: targetAllowedHeaders,
+                    incomingHeaders: {
+                        ...forwardedHeaders
+                    }
+                });
+                if (resolvedHeaders && 'object' == typeof resolvedHeaders) {
+                    for (const key of targetAllowedHeaders)if (void 0 !== resolvedHeaders[key]) forwardedHeaders[key] = resolvedHeaders[key];
+                }
+            }
+            headers = {
+                ...headers,
+                ...forwardedHeaders
+            };
+            if (payload.data) {
+                headers['Content-Type'] = 'application/json';
+                body = 'object' == typeof payload.data ? JSON.stringify(payload.data) : payload.body;
+            } else if (payload.body) {
+                headers['Content-Type'] = 'text/plain';
+                body = payload.body;
+            } else if (payload.formData) body = payload.formData;
+            else if (payload.formUrlencoded) {
+                headers['Content-Type'] = 'application/x-www-form-urlencoded';
+                body = 'object' == typeof payload.formUrlencoded ? stringify(payload.formUrlencoded) : payload.formUrlencoded;
+            }
+            const configDomain = domainMap.get(requestId);
+            if ('default' !== requestId && isEmptyDomain(configDomain)) throw new ProducerDomainNotConfiguredError(requestId);
+            url = `${configDomain || `http://127.0.0.1:${port}`}${finalPath}`;
+        }
+        if (void 0 === readHeader(headers, TRACEPARENT_HEADER)) {
+            const incomingTraceparent = firstHeaderValue(readHeader(webRequestHeaders, TRACEPARENT_HEADER));
+            if ('string' == typeof incomingTraceparent) writeHeader(headers, TRACEPARENT_HEADER, incomingTraceparent);
+        }
+        if (void 0 === readHeader(headers, TRACEPARENT_HEADER) && operationContext?.traceparent) writeHeader(headers, TRACEPARENT_HEADER, operationContext.traceparent);
+        const shouldRequireEnvelope = realRequireEnvelope.get(requestId) ?? isSecuredRequestId(requestId);
+        if (shouldRequireEnvelope) {
+            const sourceOrigin = resolveSourceOrigin(webRequestHeaders);
+            const targetOrigin = toOrigin(url);
+            const traceContext = parseTraceparent(readHeader(headers, TRACEPARENT_HEADER));
+            const isCrossOrigin = Boolean(sourceOrigin) && Boolean(targetOrigin) && sourceOrigin !== targetOrigin;
+            if (isCrossOrigin) {
+                const policy = realAllowCrossOriginEnvelope.get(requestId);
+                const isAllowed = 'function' == typeof policy ? policy({
+                    requestId,
+                    sourceOrigin,
+                    targetOrigin,
+                    target: 'server'
+                }) : true === policy;
+                if (!isAllowed) throw new CrossOriginEnvelopePolicyError(requestId, sourceOrigin, targetOrigin);
+            }
+            headers[BFF_ENVELOPE_HEADER] = JSON.stringify({
+                requestId,
+                target: 'server',
+                timestamp: Date.now(),
+                sourceOrigin,
+                targetOrigin,
+                ...traceContext ? {
+                    traceId: traceContext.traceId,
+                    spanId: traceContext.spanId
+                } : {}
+            });
+        }
+        if (isSecuredRequestId(requestId)) {
+            const contextPayload = buildOperationContext({
+                requestId,
+                method,
+                path,
+                operationContext,
+                traceparent: readHeader(headers, TRACEPARENT_HEADER)
+            });
+            validateOperationContract(requestId, contextPayload);
+            if (void 0 === readHeader(headers, BFF_OPERATION_CONTEXT_HEADER)) writeHeader(headers, BFF_OPERATION_CONTEXT_HEADER, contextPayload.operationId);
+            writeHeader(headers, OPERATION_CONTEXT_DETAIL_HEADER, JSON.stringify(contextPayload));
+        }
+        if ('get' === method.toLowerCase()) body = void 0;
+        headers.accept = "application/json,*/*;q=0.8";
+        return executeWithResilience({
+            requestId,
+            target: 'server',
+            method,
+            url,
+            init: {
+                method,
+                body,
+                headers
+            },
+            fetcher,
+            transport: realTransportResilience.get(requestId)
+        });
+    };
+    return sender;
+};
+const createUploader = ({ path, requestId = 'default' })=>{
+    const sender = (...args)=>{
+        const fetcher = getConfiguredRequest(requestId, originFetch);
+        const { body, headers } = getUploadPayload(args);
+        const configDomain = domainMap.get(requestId);
+        const finalURL = `${configDomain || ''}${path}`;
+        return fetcher(finalURL, {
+            method: 'POST',
+            body,
+            headers
+        });
+    };
+    return sender;
+};
+export { CrossOriginEnvelopePolicyError, IdentityBindingViolationError, OperationContractViolationError, ProducerClientNotInitializedError, ProducerDomainNotConfiguredError, configure, createRequest, createUploader };

package/dist/esm-node/qs.mjs

@@ -0,0 +1,2 @@
+import "node:module";
+export { parse, stringify } from "qs";

package/dist/esm-node/requestContext.mjs

@@ -0,0 +1,52 @@
+import "node:module";
+const BFF_LOCALE_HEADER = 'accept-language';
+const BFF_TRACEPARENT_HEADER = 'traceparent';
+const TRACEPARENT_REGEX = /^00-([0-9a-f]{32})-([0-9a-f]{16})-[0-9a-f]{2}$/i;
+const readHeader = (headers, header)=>{
+    if (!headers) return;
+    const normalized = header.toLowerCase();
+    const key = Object.keys(headers).find((current)=>current.toLowerCase() === normalized);
+    if (!key) return;
+    const value = headers[key];
+    return Array.isArray(value) ? value[0] : value;
+};
+const readString = (value)=>'string' == typeof value && value.length > 0 ? value : void 0;
+function parseTraceparent(traceparent) {
+    if (!traceparent) return;
+    const match = traceparent.trim().match(TRACEPARENT_REGEX);
+    if (!match) return;
+    const [, traceId, spanId] = match;
+    if (!traceId || !spanId) return;
+    return {
+        traceId: traceId.toLowerCase(),
+        spanId: spanId.toLowerCase()
+    };
+}
+function createRequestContextSnapshot(input = {}) {
+    const locale = readString(input.locale) || readString(readHeader(input.headers, BFF_LOCALE_HEADER));
+    const traceparent = readString(input.traceparent) || readString(input.operationContext?.traceparent) || readString(readHeader(input.headers, BFF_TRACEPARENT_HEADER));
+    const parsedTraceparent = input.operationContext?.traceId && input.operationContext?.spanId ? {
+        traceId: input.operationContext.traceId,
+        spanId: input.operationContext.spanId
+    } : parseTraceparent(traceparent);
+    const headers = {};
+    if (locale) headers[BFF_LOCALE_HEADER] = locale;
+    if (traceparent) headers[BFF_TRACEPARENT_HEADER] = traceparent;
+    return {
+        headers,
+        ...locale ? {
+            locale
+        } : {},
+        ...traceparent ? {
+            traceparent
+        } : {},
+        ...parsedTraceparent ? {
+            traceId: parsedTraceparent.traceId,
+            spanId: parsedTraceparent.spanId
+        } : {}
+    };
+}
+function createRequestContextHeaders(input = {}) {
+    return createRequestContextSnapshot(input).headers;
+}
+export { BFF_LOCALE_HEADER, BFF_TRACEPARENT_HEADER, createRequestContextHeaders, createRequestContextSnapshot };

package/dist/esm-node/transport.mjs

@@ -0,0 +1,180 @@
+import "node:module";
+const DEFAULT_RETRYABLE_STATUS_CODES = [
+    408,
+    425,
+    429,
+    500,
+    502,
+    503,
+    504
+];
+const DEFAULT_BASE_DELAY_MS = 100;
+const DEFAULT_MAX_DELAY_MS = 1000;
+const DEFAULT_JITTER_RATIO = 0.1;
+const createTimeoutError = (timeoutMs)=>{
+    const error = new Error(`Request timed out after ${timeoutMs}ms`);
+    error.name = 'TimeoutError';
+    return error;
+};
+const wait = (ms)=>new Promise((resolve)=>{
+        const timer = setTimeout(()=>resolve(), ms);
+        if ('function' == typeof timer.unref) timer.unref();
+    });
+const toStatusCode = (error)=>{
+    if (!error || 'object' != typeof error) return;
+    const status = error.status;
+    if ('number' == typeof status) return status;
+    const responseStatus = error.response?.status;
+    if ('number' == typeof responseStatus) return responseStatus;
+};
+const isRetryableNetworkError = (error)=>{
+    if (!error || 'object' != typeof error) return false;
+    const name = error.name;
+    if ('AbortError' === name || 'FetchError' === name || 'TimeoutError' === name || 'TypeError' === name) return true;
+    const code = error.code;
+    return 'ECONNRESET' === code || 'ETIMEDOUT' === code || 'ECONNREFUSED' === code || 'EPIPE' === code;
+};
+const normalizePositiveNumber = (value, fallback)=>'number' == typeof value && Number.isFinite(value) && value > 0 ? value : fallback;
+const normalizeNonNegativeInt = (value, fallback)=>'number' == typeof value && Number.isFinite(value) && value >= 0 ? Math.floor(value) : fallback;
+const normalizeJitterRatio = (value)=>{
+    if ('number' != typeof value || !Number.isFinite(value)) return DEFAULT_JITTER_RATIO;
+    return Math.max(0, Math.min(1, value));
+};
+const shouldRetryWithDefaults = (statusCode, error, retryableStatusCodes)=>{
+    if ('number' == typeof statusCode) return retryableStatusCodes.includes(statusCode);
+    return isRetryableNetworkError(error);
+};
+const shouldRetry = (retryOptions, context, retryableStatusCodes)=>{
+    if ('function' == typeof retryOptions?.shouldRetry) try {
+        return retryOptions.shouldRetry(context);
+    } catch (error) {
+        return false;
+    }
+    return shouldRetryWithDefaults(context.statusCode, context.error, retryableStatusCodes);
+};
+const getBackoffMs = (retryOptions, attempt)=>{
+    const baseDelayMs = normalizePositiveNumber(retryOptions?.baseDelayMs, DEFAULT_BASE_DELAY_MS);
+    const maxDelayMs = normalizePositiveNumber(retryOptions?.maxDelayMs, DEFAULT_MAX_DELAY_MS);
+    const jitterRatio = normalizeJitterRatio(retryOptions?.jitterRatio);
+    const exponentialDelay = Math.min(maxDelayMs, baseDelayMs * 2 ** Math.max(0, attempt - 1));
+    const jitterFactor = 0 === jitterRatio ? 1 : 1 + (2 * Math.random() - 1) * jitterRatio;
+    return Math.max(0, Math.floor(exponentialDelay * jitterFactor));
+};
+const emitDegradedEvent = (transport, event)=>{
+    if ('function' != typeof transport?.onDegraded) return;
+    try {
+        transport.onDegraded(event);
+    } catch (error) {}
+};
+const withTimeout = async (promise, timeoutMs, signalBuilder)=>{
+    if (!timeoutMs || timeoutMs <= 0) {
+        const result = await promise;
+        return {
+            result
+        };
+    }
+    const controller = signalBuilder?.();
+    let timeoutTriggered = false;
+    let rejectTimeout;
+    const timeoutPromise = new Promise((_, reject)=>{
+        rejectTimeout = reject;
+    });
+    const timer = setTimeout(()=>{
+        timeoutTriggered = true;
+        if (controller) controller.abort();
+        rejectTimeout?.(createTimeoutError(timeoutMs));
+    }, timeoutMs);
+    if ('function' == typeof timer.unref) timer.unref();
+    try {
+        const result = await Promise.race([
+            promise,
+            timeoutPromise
+        ]);
+        return {
+            result,
+            timeoutTriggered
+        };
+    } catch (error) {
+        if (timeoutTriggered && error?.name === 'AbortError') throw createTimeoutError(timeoutMs);
+        throw error;
+    } finally{
+        clearTimeout(timer);
+    }
+};
+const executeWithResilience = async ({ requestId, target, method, url, init, fetcher, transport })=>{
+    const retries = normalizeNonNegativeInt(transport?.retry?.retries, 0);
+    const timeoutMs = 'number' == typeof transport?.timeoutMs && transport.timeoutMs > 0 ? transport.timeoutMs : void 0;
+    const maxAttempts = retries + 1;
+    const retryableStatusCodes = transport?.retry?.retryableStatusCodes && transport.retry.retryableStatusCodes.length > 0 ? transport.retry.retryableStatusCodes : DEFAULT_RETRYABLE_STATUS_CODES;
+    let attempt = 0;
+    while(attempt < maxAttempts){
+        attempt += 1;
+        const canUseAbortController = "u" > typeof AbortController;
+        let controller;
+        if (timeoutMs && canUseAbortController) controller = new AbortController();
+        const nextInit = controller && !init.signal ? {
+            ...init,
+            signal: controller.signal
+        } : init;
+        try {
+            const { result } = await withTimeout(fetcher(url, nextInit), timeoutMs, ()=>controller);
+            return result;
+        } catch (error) {
+            const statusCode = toStatusCode(error);
+            const decisionContext = {
+                requestId,
+                target,
+                method,
+                url,
+                attempt,
+                maxAttempts,
+                error,
+                statusCode
+            };
+            if (error?.name === 'TimeoutError') emitDegradedEvent(transport, {
+                requestId,
+                target,
+                method,
+                url,
+                reason: 'timeout',
+                attempt,
+                maxAttempts,
+                timeoutMs,
+                statusCode,
+                error
+            });
+            const canRetry = attempt < maxAttempts && shouldRetry(transport?.retry, decisionContext, retryableStatusCodes);
+            if (!canRetry) {
+                if (retries > 0 || error?.name === 'TimeoutError') emitDegradedEvent(transport, {
+                    requestId,
+                    target,
+                    method,
+                    url,
+                    reason: 'retry_exhausted',
+                    attempt,
+                    maxAttempts,
+                    timeoutMs,
+                    statusCode,
+                    error
+                });
+                throw error;
+            }
+            const backoffMs = getBackoffMs(transport?.retry, attempt);
+            emitDegradedEvent(transport, {
+                requestId,
+                target,
+                method,
+                url,
+                reason: 'retry',
+                attempt,
+                maxAttempts,
+                timeoutMs,
+                backoffMs,
+                statusCode,
+                error
+            });
+            if (backoffMs > 0) await wait(backoffMs);
+        }
+    }
+};
+export { executeWithResilience };

package/dist/esm-node/types.mjs

@@ -0,0 +1,11 @@
+import "node:module";
+const BFF_ENVELOPE_HEADER = 'x-modernjs-bff-envelope';
+const BFF_OPERATION_CONTEXT_HEADER = 'x-operation-id';
+const BFF_OPERATION_CONTEXT_DETAIL_HEADER = 'x-modernjs-bff-operation-context';
+const BFF_DEFAULT_PROTECTED_IDENTITY_HEADERS = [
+    'x-tenant-id',
+    'x-subject-id',
+    'x-user-id',
+    BFF_OPERATION_CONTEXT_HEADER
+];
+export { BFF_DEFAULT_PROTECTED_IDENTITY_HEADERS, BFF_ENVELOPE_HEADER, BFF_OPERATION_CONTEXT_DETAIL_HEADER, BFF_OPERATION_CONTEXT_HEADER };

package/dist/esm-node/utiles.mjs

@@ -0,0 +1,19 @@
+import "node:module";
+const getUploadPayload = (args)=>{
+    const payload = 'object' == typeof args[args.length - 1] ? args[args.length - 1] : {};
+    const files = payload.files;
+    if (!files) throw new Error('no files');
+    const formdata = new FormData();
+    for (const [key, value] of Object.entries(files))if (value instanceof FileList) for(let i = 0; i < value.length; i++){
+        const file = value.item(i);
+        if (file) formdata.append(key, file);
+    }
+    else formdata.append(key, value);
+    const body = formdata;
+    return {
+        body,
+        headers: payload.headers,
+        params: payload.params
+    };
+};
+export { getUploadPayload };