@bleedingdev/modern-js-plugin-bff 3.2.0-ultramodern.120 → 3.2.0-ultramodern.122

package/dist/esm-node/runtime/data-platform/index.mjs

@@ -1,4 +1,5 @@
 import "node:module";
+import { parseTraceparent } from "@modern-js/create-request";
 import { trace as api_trace } from "@opentelemetry/api";
 const DATA_BATCH_TRANSPORT_OTEL_EVENT = 'modernjs.data.batch';
 function createDataBatchTransportTelemetryAttributes(event) {
@@ -24,7 +25,6 @@ function emitDataBatchTransportEvent(onEvent, event) {
 const DEFAULT_DATA_ENVELOPE_HEADER = 'x-modernjs-data-envelope';
 const DEFAULT_DATA_BATCH_ENDPOINT = '/_data/batch';
 const DEFAULT_DATA_BATCH_HEADER = 'x-modernjs-data-batch';
-const TRACEPARENT_REGEX = /^00-([0-9a-f]{32})-([0-9a-f]{16})-([0-9a-f]{2})$/i;
 function isPlainObject(value) {
     if ('object' != typeof value || null === value || Array.isArray(value)) return false;
     const proto = Object.getPrototypeOf(value);
@@ -121,18 +121,7 @@ function isValidHex(value, length) {
     return value.length === length && /^[0-9a-f]+$/.test(value);
 }
 function parseTraceparentHeader(header) {
-    const match = header.trim().match(TRACEPARENT_REGEX);
-    if (!match) return null;
-    const traceId = match[1].toLowerCase();
-    const spanId = match[2].toLowerCase();
-    const flags = match[3].toLowerCase();
-    if (isAllZeroHex(traceId) || isAllZeroHex(spanId)) return null;
-    const sampled = (0x1 & Number.parseInt(flags, 16)) === 1;
-    return {
-        traceId,
-        spanId,
-        sampled
-    };
+    return parseTraceparent(header) ?? null;
 }
 function formatTraceparentHeader(trace) {
     const traceId = trace.traceId.toLowerCase();

package/dist/esm-node/runtime/effect/adapter.mjs

@@ -1,8 +1,13 @@
 import __rslib_shim_module__ from "node:module";
 const require = /*#__PURE__*/ __rslib_shim_module__.createRequire(/*#__PURE__*/ (()=>import.meta.url)());
+import { ApiRouter } from "@modern-js/bff-core";
 import { API_DIR, compatibleRequire, findExists, fs, isProd, logger } from "@modern-js/utils";
+import { HttpApi } from "effect/unstable/httpapi";
 import path from "path";
+import { checkCrossProjectPolicyForRequest, resolveAdapterCrossProjectPolicy } from "../../utils/crossProjectServerPolicy.mjs";
+import { createSafeFailureResponse } from "../safe-failure.mjs";
 import { createEffectOperationContext, runWithEffectContext } from "./context.mjs";
+import { collectEffectEndpoints, extractHttpApiFromModule, toOperationContractSources } from "./endpoint-contracts.mjs";
 import { resolveEffectBffModuleHandler } from "./module.mjs";
 const before = [
     'custom-server-hook',
@@ -48,10 +53,73 @@ class EffectAdapter {
         const entryWithoutExt = configuredEntry ? path.isAbsolute(configuredEntry) ? configuredEntry : path.resolve(appDirectory || process.cwd(), configuredEntry) : defaultEntry;
         return findExists(JS_OR_TS_EXTS.map((ext)=>`${entryWithoutExt}${ext}`));
     }
+    isApiRequestPath(requestPath, prefix, enableHandleWeb) {
+        if (!enableHandleWeb) return true;
+        const normalized = normalizePrefix(prefix);
+        if (!normalized) return true;
+        return requestPath === normalized || requestPath.startsWith(`${normalized}/`);
+    }
+    async collectLambdaContractSources() {
+        try {
+            const serverContext = this.api.getServerContext();
+            const appDir = serverContext.distDirectory || serverContext.appDirectory;
+            if (!appDir) return [];
+            const apiDir = 'string' == typeof serverContext.apiDirectory ? serverContext.apiDirectory : path.resolve(appDir, API_DIR);
+            const lambdaDir = 'string' == typeof serverContext.lambdaDirectory ? serverContext.lambdaDirectory : path.join(apiDir, 'lambda');
+            if (!await fs.pathExists(lambdaDir)) return [];
+            const apiRouter = new ApiRouter({
+                appDir,
+                apiDir,
+                lambdaDir,
+                prefix: this.prefix,
+                httpMethodDecider: this.api.getServerConfig()?.bff?.httpMethodDecider
+            });
+            const handlerInfos = await apiRouter.getApiHandlers();
+            return handlerInfos.map((info)=>({
+                    name: info.name,
+                    httpMethod: info.httpMethod,
+                    routePath: info.routePath,
+                    filename: info.filename,
+                    handler: info.handler
+                }));
+        } catch (error) {
+            logger.warn(`[BFF][Effect] Failed to derive lambda operation contracts for the cross-project policy: ${String(error)}`);
+            return [];
+        }
+    }
+    async refreshCrossProjectPolicy(mod) {
+        let contractSources = [];
+        if (mod) try {
+            const api = await extractHttpApiFromModule(mod, HttpApi.isHttpApi);
+            if (api) {
+                const reflect = (apiValue, handlers)=>HttpApi.reflect(apiValue, {
+                        onGroup: handlers.onGroup ?? (()=>{}),
+                        onEndpoint: handlers.onEndpoint
+                    });
+                contractSources = toOperationContractSources(collectEffectEndpoints(reflect, api, this.prefix));
+            }
+        } catch (error) {
+            logger.warn(`[BFF][Effect] Failed to reflect HttpApi endpoints for the cross-project policy: ${String(error)}`);
+        }
+        let policy = resolveAdapterCrossProjectPolicy(this.api, contractSources);
+        if (policy?.enabled) {
+            const lambdaSources = await this.collectLambdaContractSources();
+            if (lambdaSources.length > 0) {
+                contractSources = [
+                    ...contractSources,
+                    ...lambdaSources
+                ];
+                policy = resolveAdapterCrossProjectPolicy(this.api, contractSources);
+            }
+        }
+        this.crossProjectPolicy = policy;
+        if (this.crossProjectPolicy?.enabled && 0 === contractSources.length) logger.warn('[BFF][Effect] Cross-project policy is enabled but no HttpApi endpoints could be reflected; operation-contract matching is disabled for this server (envelope and operation-context checks still apply).');
+    }
     async loadEffectHandlerFromModule(mod) {
         return resolveEffectBffModuleHandler(mod, {
             openapi: this.api.getServerConfig()?.bff?.effect?.openapi,
             dataPlatform: this.api.getServerConfig()?.bff?.effect?.dataPlatform,
+            validateRequest: (request)=>checkCrossProjectPolicyForRequest(request, this.crossProjectPolicy),
             onWarning: (message)=>{
                 logger.warn(message);
             }
@@ -81,6 +149,7 @@ class EffectAdapter {
             this.handler = null;
             return;
         }
+        await this.refreshCrossProjectPolicy(mod);
         const loaded = await this.loadEffectHandlerFromModule(mod);
         if (!loaded) {
             logger.warn(`[BFF][Effect] Invalid Effect entry module: ${entryFile}. Export { api, layer } or handler.`);
@@ -89,6 +158,7 @@ class EffectAdapter {
         }
         this.handler = loaded.handler;
         this.dispose = loaded.dispose || null;
+        this.policyEnforcedInMiddleware = !loaded.appliesRequestValidator;
     }
     async disposeCurrentHandler() {
         if (!this.dispose) return;
@@ -112,15 +182,7 @@ class EffectAdapter {
         } catch (configError) {
             logger.error(`Error in serverConfig.onError handler: ${configError}`);
         }
-        const status = 'object' == typeof error && null !== error && 'status' in error && 'number' == typeof error.status ? error.status : 500;
-        return new Response(JSON.stringify({
-            message: error instanceof Error ? error.message : '[BFF] Internal Server Error'
-        }), {
-            status,
-            headers: {
-                'content-type': 'application/json; charset=utf-8'
-            }
-        });
+        return createSafeFailureResponse(error);
     }
     ensureJsonContext(c) {
         const maybeJsonContext = c;
@@ -147,6 +209,8 @@ class EffectAdapter {
         this.effectMiddleware = null;
         this.handler = null;
         this.dispose = null;
+        this.prefix = '/api';
+        this.policyEnforcedInMiddleware = false;
         this.registerMiddleware = async (options)=>{
             const { prefix, enableHandleWeb } = options;
             const { bffRuntimeFramework, middlewares: globalMiddlewares } = this.api.getServerContext();
@@ -154,6 +218,7 @@ class EffectAdapter {
                 this.isEffect = false;
                 return;
             }
+            this.prefix = prefix || this.prefix;
             await this.reloadHandler();
             this.effectMiddleware = {
                 name: 'effect-bff-handler',
@@ -166,6 +231,10 @@ class EffectAdapter {
                         if (enableHandleWeb) return void await next();
                         return this.handleRuntimeError(new Error('[BFF][Effect] Missing Effect entry. Define api/effect/index or configure bff.effect.entry.'), c);
                     }
+                    if (this.crossProjectPolicy?.enabled && this.policyEnforcedInMiddleware && this.isApiRequestPath(c.req.path, prefix, enableHandleWeb)) {
+                        const denial = checkCrossProjectPolicyForRequest(c.req.raw, this.crossProjectPolicy);
+                        if (denial) return denial;
+                    }
                     let response;
                     try {
                         const effectRequest = createRequestForMountedPrefix(c.req.raw, prefix);

package/dist/esm-node/runtime/effect/edge.mjs

@@ -1,4 +1,5 @@
 import "node:module";
+import { createSafeFailureResponse } from "../safe-failure.mjs";
 import { resolveEffectBffModuleHandler } from "./module.mjs";
 import { createEffectOperationContext } from "./operation-context.mjs";
 export * from "./handler.mjs";
@@ -40,15 +41,7 @@ function createEdgeEffectContext(originalRequest, effectRequest, options) {
     };
 }
 function createRuntimeErrorResponse(error) {
-    const status = 'object' == typeof error && null !== error && 'status' in error && 'number' == typeof error.status ? error.status : 500;
-    return new Response(JSON.stringify({
-        message: error instanceof Error ? error.message : '[BFF] Internal Server Error'
-    }), {
-        status,
-        headers: {
-            'content-type': 'application/json; charset=utf-8'
-        }
-    });
+    return createSafeFailureResponse(error);
 }
 async function dispatchEffectBffRequest(handler, request, options = {}) {
     const requestPathname = new URL(request.url).pathname;

package/dist/esm-node/runtime/effect/endpoint-contracts.mjs

@@ -0,0 +1,69 @@
+import "node:module";
+import { createOperationContractHash } from "@modern-js/bff-core";
+function ensureLeadingSlash(pathname) {
+    return pathname.startsWith('/') ? pathname : `/${pathname}`;
+}
+function normalizeEffectPrefix(prefix) {
+    if ('/' === prefix) return '';
+    return ensureLeadingSlash(prefix || '/api');
+}
+function getEffectRoutePath(prefix, endpointPath) {
+    const normalizedPrefix = normalizeEffectPrefix(prefix);
+    const normalizedEndpointPath = ensureLeadingSlash(endpointPath);
+    const finalEndpointPath = '/' === normalizedEndpointPath ? '' : endpointPath;
+    if (!normalizedPrefix && !finalEndpointPath) return '/';
+    return `${normalizedPrefix}${finalEndpointPath || ''}`;
+}
+function resolveEffectApiId(api) {
+    const fallback = 'EffectHttpApi';
+    if ('identifier' in api && 'string' == typeof api.identifier && api.identifier) return api.identifier;
+    return fallback;
+}
+function collectEffectEndpoints(reflect, api, prefix) {
+    const endpoints = [];
+    const apiId = resolveEffectApiId(api);
+    reflect(api, {
+        onGroup: ()=>{},
+        onEndpoint: ({ group, endpoint })=>{
+            endpoints.push({
+                apiId,
+                groupName: String(group.identifier),
+                endpointName: String(endpoint.name),
+                method: String(endpoint.method).toUpperCase(),
+                routePath: getEffectRoutePath(prefix, String(endpoint.path))
+            });
+        }
+    });
+    return endpoints.sort((a, b)=>{
+        if (a.groupName === b.groupName) return a.endpointName.localeCompare(b.endpointName);
+        return a.groupName.localeCompare(b.groupName);
+    });
+}
+function toOperationContractSources(endpoints) {
+    return endpoints.map(createEffectOperationContractSource);
+}
+function createEffectOperationContractSource(endpoint) {
+    return {
+        name: endpoint.endpointName,
+        httpMethod: endpoint.method,
+        routePath: endpoint.routePath
+    };
+}
+function isRecord(value) {
+    return 'object' == typeof value && null !== value;
+}
+async function extractHttpApiFromModule(mod, isHttpApi) {
+    if (!isRecord(mod)) return null;
+    if (isHttpApi(mod.api)) return mod.api;
+    const entry = mod.default;
+    if (isRecord(entry) && isHttpApi(entry.api)) return entry.api;
+    if ('function' == typeof entry && 0 === entry.length) {
+        const output = await entry();
+        if (isRecord(output) && isHttpApi(output.api)) return output.api;
+    }
+    return null;
+}
+function createEffectEndpointContractHash(endpoint, requestId) {
+    return createOperationContractHash(createEffectOperationContractSource(endpoint), requestId);
+}
+export { collectEffectEndpoints, createEffectEndpointContractHash, createEffectOperationContractSource, ensureLeadingSlash, extractHttpApiFromModule, getEffectRoutePath, normalizeEffectPrefix, resolveEffectApiId, toOperationContractSources };

package/dist/esm-node/runtime/effect/handler.mjs

@@ -13,6 +13,10 @@ export * from "effect/unstable/httpapi";
 export * from "effect/unstable/rpc";
 import * as __rspack_external_effect_Context_f1289ca3 from "effect/Context";
 const emptyEffectServiceContext = __rspack_external_effect_Context_f1289ca3.empty();
+const EFFECT_VALIDATOR_AWARE_FACTORY = Symbol.for('modernjs.effect.validatorAware');
+function isValidatorAwareHandlerFactory(factory) {
+    return 'function' == typeof factory && true === factory[EFFECT_VALIDATOR_AWARE_FACTORY];
+}
 function normalizeOpenApiPath(pathname) {
     if (!pathname.startsWith('/')) return `/${pathname}`;
     return pathname;
@@ -268,16 +272,38 @@ function defineEffectBff(definition) {
             layer: definition.layer,
             openapi: options?.openapi,
             rpc: mergedRpcOptions,
-            dataPlatform: mergeDataPlatformOptions(definition.dataPlatform, options?.dataPlatform)
+            dataPlatform: mergeDataPlatformOptions(definition.dataPlatform, options?.dataPlatform),
+            validateRequest: options?.validateRequest
         });
     };
-    const client = void 0;
+    Object.defineProperty(createHandler, EFFECT_VALIDATOR_AWARE_FACTORY, {
+        value: true
+    });
+    const client = createLoaderMaterializedClientPlaceholder();
     return {
         ...definition,
         createHandler,
         client
     };
 }
+const LOADER_CLIENT_IGNORED_KEYS = new Set([
+    'then',
+    'catch',
+    'finally',
+    'toJSON',
+    '$$typeof'
+]);
+function createLoaderMaterializedClientPlaceholder() {
+    const explain = (property)=>{
+        throw new Error(`[BFF][Effect] effectBff.client.${String(property)} is not available here: the typed client only exists when this module is imported through the "@api/effect/*" transformed path (the BFF loader replaces it with generated client code). On the server, use HttpApiClient or call the Effect layer directly.`);
+    };
+    return new Proxy(Object.create(null), {
+        get (_target, property) {
+            if ('symbol' == typeof property || LOADER_CLIENT_IGNORED_KEYS.has(property)) return;
+            return explain(property);
+        }
+    });
+}
 function defineEffectRpcBff(definition) {
     const createHandler = (options)=>createRpcApiHandler({
             ...definition,
@@ -304,6 +330,8 @@ function createHttpApiHandler(options) {
     const envelopeHeader = options.dataPlatform?.envelopeHeader || DEFAULT_DATA_ENVELOPE_HEADER;
     const normalizedEnvelopeHeader = envelopeHeader.toLowerCase();
     const withDataPlatformValidation = async (request, context)=>{
+        const policyDenial = options.validateRequest?.(request);
+        if (policyDenial) return policyDenial;
         const validationError = validateDataPlatformRequestEnvelope(request, options.dataPlatform);
         if (validationError) return validationError;
         return httpApiHandler.handler(request, context ?? emptyEffectServiceContext);
@@ -425,7 +453,11 @@ function createHttpApiHandler(options) {
     const rpcHandler = createRpcApiHandler(options.rpc);
     return {
         handler: async (request, context)=>{
-            if (isRpcRequest(request, rpcPath)) return rpcHandler.handler(request, context ?? emptyEffectServiceContext);
+            if (isRpcRequest(request, rpcPath)) {
+                const policyDenial = options.validateRequest?.(request);
+                if (policyDenial) return policyDenial;
+                return rpcHandler.handler(request, context ?? emptyEffectServiceContext);
+            }
             return handleHttpApiRequest(request);
         },
         dispose: async ()=>{
@@ -436,4 +468,4 @@ function createHttpApiHandler(options) {
         }
     };
 }
-export { HttpApiBuilder, HttpTraceContext, __rspack_external_effect_Config_29be8a92 as Config, __rspack_external_effect_Effect_194ac36c as Effect, __rspack_external_effect_Layer_16f7a8fc as Layer, __rspack_external_effect_Option_4d691636 as Option, __rspack_external_effect_Schema_f8472650 as Schema, createHttpApiHandler, defineEffectBff, defineEffectRpcBff };
+export { EFFECT_VALIDATOR_AWARE_FACTORY, HttpApiBuilder, HttpTraceContext, __rspack_external_effect_Config_29be8a92 as Config, __rspack_external_effect_Effect_194ac36c as Effect, __rspack_external_effect_Layer_16f7a8fc as Layer, __rspack_external_effect_Option_4d691636 as Option, __rspack_external_effect_Schema_f8472650 as Schema, createHttpApiHandler, defineEffectBff, defineEffectRpcBff, isValidatorAwareHandlerFactory };

package/dist/esm-node/runtime/effect/module.mjs

@@ -1,6 +1,6 @@
 import "node:module";
 import { HttpApi } from "effect/unstable/httpapi";
-import { createHttpApiHandler } from "./handler.mjs";
+import { createHttpApiHandler, isValidatorAwareHandlerFactory } from "./handler.mjs";
 import * as __rspack_external_effect_Context_f1289ca3 from "effect/Context";
 function isRecord(value) {
     return 'object' == typeof value && null !== value;
@@ -21,10 +21,13 @@ const emptyEffectServiceContext = __rspack_external_effect_Context_f1289ca3.empt
 function callEffectBffRequestHandler(handler, request, context) {
     return void 0 === context ? handler(request) : handler(request, context);
 }
-function createLoadedHandler(webHandler) {
+function createLoadedHandler(webHandler, appliesRequestValidator) {
     return {
         handler: (request, context)=>callEffectBffRequestHandler(webHandler.handler, request, context),
-        dispose: webHandler.dispose
+        dispose: webHandler.dispose,
+        ...appliesRequestValidator ? {
+            appliesRequestValidator: true
+        } : {}
     };
 }
 function createLoadedHttpApiHandler(webHandler) {
@@ -33,7 +36,8 @@ function createLoadedHttpApiHandler(webHandler) {
             const effectContext = isEffectServiceContext(context) ? context : emptyEffectServiceContext;
             return webHandler.handler(request, effectContext);
         },
-        dispose: webHandler.dispose
+        dispose: webHandler.dispose,
+        appliesRequestValidator: true
     };
 }
 function resolveNormalizedEffectBffModuleHandler(normalizedModule, options = {}) {
@@ -59,11 +63,15 @@ function resolveNormalizedEffectBffModuleHandler(normalizedModule, options = {})
         handler: normalizedModule.handler
     };
     if ('function' == typeof normalizedModule.createHandler) {
-        const webHandler = normalizedModule.createHandler({
+        const factory = normalizedModule.createHandler;
+        const validatorAware = isValidatorAwareHandlerFactory(factory);
+        if (!validatorAware && void 0 !== options.validateRequest) options.onWarning?.('[BFF][Effect] Custom createHandler export detected: it cannot be verified to apply validateRequest (cross-project policy), so the policy is enforced by the adapter middleware on the outer request. Batched calls will be denied at the batch POST (it carries no per-operation contract); export defineEffectBff(...) to get per-batch-item enforcement.');
+        const webHandler = factory({
             openapi: options.openapi,
-            dataPlatform: options.dataPlatform
+            dataPlatform: options.dataPlatform,
+            validateRequest: options.validateRequest
         });
-        return createLoadedHandler(webHandler);
+        return createLoadedHandler(webHandler, validatorAware);
     }
     if (isEffectApiDefinition(normalizedModule)) {
         options.onWarning?.('[BFF][Effect] Detected { api, layer } export without createHandler. Prefer `defineEffectBff(...)` from @modern-js/plugin-bff/server to avoid module instance mismatch.');
@@ -71,7 +79,8 @@ function resolveNormalizedEffectBffModuleHandler(normalizedModule, options = {})
             api: normalizedModule.api,
             layer: normalizedModule.layer,
             openapi: options.openapi,
-            dataPlatform: options.dataPlatform
+            dataPlatform: options.dataPlatform,
+            validateRequest: options.validateRequest
         });
         return createLoadedHttpApiHandler(webHandler);
     }

package/dist/esm-node/runtime/effect/operation-context.mjs

@@ -1,6 +1,5 @@
 import "node:module";
-import { BFF_LOCALE_HEADER, BFF_OPERATION_CONTEXT_DETAIL_HEADER, BFF_OPERATION_CONTEXT_HEADER, BFF_TRACEPARENT_HEADER } from "@modern-js/create-request";
-const TRACEPARENT_REGEX = /^00-([0-9a-f]{32})-([0-9a-f]{16})-[0-9a-f]{2}$/i;
+import { BFF_LOCALE_HEADER, BFF_OPERATION_CONTEXT_DETAIL_HEADER, BFF_OPERATION_CONTEXT_HEADER, BFF_TRACEPARENT_HEADER, parseTraceparent } from "@modern-js/create-request";
 const readHeader = (headers, header)=>{
     const value = headers.get(header);
     return value && value.length > 0 ? value : void 0;
@@ -9,17 +8,6 @@ const copyStringField = (target, details, key)=>{
     const value = details[key];
     if ('string' == typeof value && value.length > 0) target[key] = value;
 };
-const parseTraceparent = (traceparent)=>{
-    if (!traceparent) return;
-    const match = traceparent.trim().match(TRACEPARENT_REGEX);
-    if (!match) return;
-    const [, traceId, spanId] = match;
-    if (!traceId || !spanId) return;
-    return {
-        traceId: traceId.toLowerCase(),
-        spanId: spanId.toLowerCase()
-    };
-};
 const readOperationContextDetails = (request)=>{
     const rawDetails = readHeader(request.headers, BFF_OPERATION_CONTEXT_DETAIL_HEADER);
     if (!rawDetails) return {};

package/dist/esm-node/runtime/effect-client/runtime.mjs

@@ -0,0 +1,229 @@
+import "node:module";
+import { DEFAULT_DATA_BATCH_HEADER, DEFAULT_DATA_ENVELOPE_HEADER, createDataBatchTransport, createRequestEnvelope, encodeRequestEnvelopeHeader } from "../data-platform/index.mjs";
+const METHODS_WITHOUT_BODY = new Set([
+    'GET',
+    'DELETE',
+    'HEAD',
+    'OPTIONS'
+]);
+const DATA_REQUEST_MODES = new Set([
+    'cache-first',
+    'stale-while-revalidate',
+    'network-only'
+]);
+const DATA_MUTATION_MODES = new Set([
+    'optimistic',
+    'pessimistic',
+    'fire-and-forget'
+]);
+const isRecord = (value)=>'object' == typeof value && null !== value;
+const stringOrUndefined = (value)=>'string' == typeof value && value.length > 0 ? value : void 0;
+const isDataRequestMode = (value)=>'string' == typeof value && DATA_REQUEST_MODES.has(value);
+const isDataMutationMode = (value)=>'string' == typeof value && DATA_MUTATION_MODES.has(value);
+const normalizeOrigin = (value)=>{
+    if ('string' != typeof value || 0 === value.length) return;
+    try {
+        return new URL(value).origin;
+    } catch  {
+        return;
+    }
+};
+const resolveRuntimeFetch = ()=>'function' == typeof fetch ? fetch.bind(globalThis) : void 0;
+const resolveOrigin = (defaultOrigin)=>{
+    if ("u" > typeof window && window.location && 'string' == typeof window.location.origin && window.location.origin) return window.location.origin;
+    const globalLocation = globalThis?.location;
+    if (globalLocation && 'string' == typeof globalLocation.origin && globalLocation.origin) return globalLocation.origin;
+    return defaultOrigin;
+};
+const normalizeRequest = (method, request)=>{
+    if (!isRecord(request)) return {};
+    const payload = {
+        ...request
+    };
+    if (isRecord(request.path) && !isRecord(payload.params)) payload.params = request.path;
+    if (isRecord(request.urlParams) && !isRecord(payload.query)) payload.query = request.urlParams;
+    if (isRecord(request.headers) && !isRecord(payload.headers)) payload.headers = request.headers;
+    if ('payload' in request && void 0 !== request.payload) if ("u" > typeof FormData && request.payload instanceof FormData && !('formData' in payload)) payload.formData = request.payload;
+    else if (METHODS_WITHOUT_BODY.has(method)) {
+        if (isRecord(request.payload)) payload.query = isRecord(payload.query) ? {
+            ...payload.query,
+            ...request.payload
+        } : request.payload;
+        else if (!('body' in payload)) payload.body = request.payload;
+    } else if (!isRecord(request.payload) || 'data' in payload) {
+        if (!('body' in payload)) payload.body = request.payload;
+    } else payload.data = request.payload;
+    return payload;
+};
+const resolveTargetOrigin = (dataPlatform, defaultOrigin)=>{
+    const explicitTargetOrigin = stringOrUndefined(dataPlatform.targetOrigin) || stringOrUndefined(dataPlatform.endpointOrigin);
+    if (explicitTargetOrigin) return explicitTargetOrigin;
+    return defaultOrigin;
+};
+const shouldAttachEnvelopeHeader = (dataPlatform, defaultOrigin)=>{
+    if (true === dataPlatform.allowCrossOriginEnvelope) return true;
+    const currentOrigin = normalizeOrigin(resolveOrigin(defaultOrigin));
+    const targetOrigin = normalizeOrigin(resolveTargetOrigin(dataPlatform, defaultOrigin));
+    if (!currentOrigin || !targetOrigin) return true;
+    return currentOrigin === targetOrigin;
+};
+const toEnvelopeInput = (normalizedRequest)=>{
+    const payload = {};
+    if (isRecord(normalizedRequest.params)) payload.path = normalizedRequest.params;
+    if (isRecord(normalizedRequest.query)) payload.query = normalizedRequest.query;
+    if ('data' in normalizedRequest && void 0 !== normalizedRequest.data) payload.data = normalizedRequest.data;
+    if ('body' in normalizedRequest && void 0 !== normalizedRequest.body) payload.body = normalizedRequest.body;
+    if ("u" > typeof FormData && normalizedRequest.formData instanceof FormData) payload.formData = Array.from(normalizedRequest.formData.entries()).map(([key, value])=>[
+            key,
+            String(value)
+        ]);
+    if ("u" > typeof URLSearchParams && normalizedRequest.formUrlencoded instanceof URLSearchParams) payload.formUrlencoded = normalizedRequest.formUrlencoded.toString();
+    return payload;
+};
+const createGeneratedEffectClient = (manifest, config, requestRuntime)=>{
+    const createRequest = requestRuntime.createRequest;
+    const configureRequest = 'function' == typeof requestRuntime.configure ? requestRuntime.configure : void 0;
+    const createRequestContextHeaders = 'function' == typeof requestRuntime.createRequestContextHeaders ? requestRuntime.createRequestContextHeaders : void 0;
+    const defaultOrigin = config.defaultOrigin;
+    const httpMethodDecider = config.httpMethodDecider || 'functionName';
+    const port = config.useEnvPort && "u" > typeof process && process.env && process.env.PORT ? process.env.PORT : config.port;
+    if (config.requestId && configureRequest) {
+        const configurePayload = {
+            requestId: config.requestId,
+            requireEnvelope: true,
+            identityBinding: {
+                enabled: true,
+                strict: true
+            },
+            operationContract: {
+                enabled: true,
+                strict: true,
+                requireSchemaHash: true,
+                requireOperationVersion: true
+            },
+            setDomain: ()=>resolveOrigin(defaultOrigin)
+        };
+        const runtimeFetch = resolveRuntimeFetch();
+        if (false !== config.batch.enabled && runtimeFetch) configurePayload.request = createDataBatchTransport({
+            fetch: runtimeFetch,
+            endpoint: config.batch.endpoint,
+            flushIntervalMs: config.batch.flushIntervalMs,
+            maxBatchSize: config.batch.maxBatchSize,
+            maxBatchBytes: config.batch.maxBatchBytes,
+            requestTimeoutMs: config.batch.requestTimeoutMs,
+            allowedMethods: config.batch.allowedMethods
+        });
+        configureRequest(configurePayload);
+    }
+    const createEffectRequestContext = (requestContext)=>{
+        if (!isRecord(requestContext)) return {};
+        const headers = createRequestContextHeaders ? createRequestContextHeaders(requestContext) : {};
+        return {
+            ...requestContext,
+            headers
+        };
+    };
+    const applyRequestContext = (normalizedRequest, request)=>{
+        if (!isRecord(request) || !isRecord(request.requestContext)) return normalizedRequest;
+        const requestContext = createEffectRequestContext(request.requestContext);
+        const requestHeaders = isRecord(requestContext.headers) ? requestContext.headers : {};
+        if (0 === Object.keys(requestHeaders).length) return normalizedRequest;
+        return {
+            ...normalizedRequest,
+            headers: {
+                ...requestHeaders,
+                ...isRecord(normalizedRequest.headers) ? normalizedRequest.headers : {}
+            }
+        };
+    };
+    const prepareEffectRequest = (endpoint, operation, request)=>{
+        const normalizedRequest = applyRequestContext(normalizeRequest(endpoint.method, request), request);
+        const dataPlatform = isRecord(request) && isRecord(request.dataPlatform) ? request.dataPlatform : {};
+        const strictEnvelope = true === dataPlatform.requireEnvelope || true === dataPlatform.strict;
+        if (!strictEnvelope && !shouldAttachEnvelopeHeader(dataPlatform, defaultOrigin)) return normalizedRequest;
+        try {
+            const namespace = stringOrUndefined(dataPlatform.appNamespace) || config.appNamespace;
+            const origin = stringOrUndefined(dataPlatform.origin) || resolveOrigin(defaultOrigin);
+            const envelope = createRequestEnvelope({
+                operation: {
+                    ...operation,
+                    appNamespace: namespace
+                },
+                scope: {
+                    appNamespace: namespace,
+                    origin,
+                    tenantId: stringOrUndefined(dataPlatform.tenantId),
+                    userId: stringOrUndefined(dataPlatform.userId),
+                    sessionId: stringOrUndefined(dataPlatform.sessionId)
+                },
+                requestInput: {
+                    method: endpoint.method,
+                    routePath: endpoint.routePath,
+                    payload: toEnvelopeInput(normalizedRequest)
+                },
+                requestMode: isDataRequestMode(dataPlatform.requestMode) ? dataPlatform.requestMode : void 0,
+                mutationMode: isDataMutationMode(dataPlatform.mutationMode) ? dataPlatform.mutationMode : void 0,
+                selectionPlan: isRecord(dataPlatform.selectionPlan) ? dataPlatform.selectionPlan : void 0,
+                traceContext: isRecord(dataPlatform.traceContext) ? dataPlatform.traceContext : void 0,
+                requireTraceContext: true === dataPlatform.requireTraceContext
+            });
+            const headerName = stringOrUndefined(dataPlatform.envelopeHeader) || DEFAULT_DATA_ENVELOPE_HEADER;
+            const headers = isRecord(normalizedRequest.headers) ? {
+                ...normalizedRequest.headers
+            } : {};
+            if (false === dataPlatform.batch) headers[DEFAULT_DATA_BATCH_HEADER] = 'off';
+            headers[headerName] = encodeRequestEnvelopeHeader(envelope);
+            return {
+                ...normalizedRequest,
+                headers
+            };
+        } catch (error) {
+            if (strictEnvelope) throw error;
+            return normalizedRequest;
+        }
+    };
+    const client = {};
+    const operationManifest = {};
+    for (const endpoint of manifest.endpoints){
+        const operationId = `${endpoint.method}:${endpoint.routePath}`;
+        const operation = {
+            appNamespace: config.appNamespace,
+            apiId: endpoint.apiId,
+            group: endpoint.group,
+            endpoint: endpoint.endpoint,
+            operationId,
+            routePath: endpoint.routePath,
+            method: endpoint.method,
+            operationVersion: endpoint.operationVersion,
+            schemaHash: endpoint.schemaHash,
+            version: endpoint.operationVersion
+        };
+        const sender = createRequest({
+            path: endpoint.routePath,
+            method: endpoint.method,
+            port,
+            operationContext: {
+                operationId,
+                routePath: endpoint.routePath,
+                method: endpoint.method,
+                schemaHash: endpoint.schemaHash,
+                operationVersion: endpoint.operationVersion
+            },
+            httpMethodDecider,
+            ...config.requestId ? {
+                requestId: config.requestId
+            } : {}
+        });
+        const call = (request = {})=>sender(prepareEffectRequest(endpoint, operation, request));
+        client[endpoint.group] ??= {};
+        client[endpoint.group][endpoint.endpoint] = call;
+        operationManifest[endpoint.group] ??= {};
+        operationManifest[endpoint.group][endpoint.endpoint] = operation;
+    }
+    return {
+        client,
+        operationManifest,
+        createEffectRequestContext
+    };
+};
+export { createGeneratedEffectClient };