npm - @cosmicdrift/kumiko-framework - Versions diffs - 0.1.0 - Mend

@cosmicdrift/kumiko-framework 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (388) hide show

package/README.md +159 -0
package/package.json +91 -0
package/src/__tests__/anonymous-access.integration.ts +325 -0
package/src/__tests__/error-contract.integration.ts +435 -0
package/src/__tests__/field-access.integration.ts +269 -0
package/src/__tests__/full-stack.integration.ts +914 -0
package/src/__tests__/ownership.integration.ts +449 -0
package/src/__tests__/reference-data.integration.ts +198 -0
package/src/__tests__/transition-guard.integration.ts +340 -0
package/src/api/__tests__/api.test.ts +337 -0
package/src/api/__tests__/auth-middleware-transport.test.ts +80 -0
package/src/api/__tests__/auth-routes-cookie.test.ts +179 -0
package/src/api/__tests__/batch.integration.ts +404 -0
package/src/api/__tests__/body-limit.test.ts +88 -0
package/src/api/__tests__/csrf-middleware.test.ts +97 -0
package/src/api/__tests__/dispatcher-live.integration.ts +216 -0
package/src/api/__tests__/metrics-endpoint.test.ts +126 -0
package/src/api/__tests__/nested-write.integration.ts +213 -0
package/src/api/__tests__/readiness.test.ts +76 -0
package/src/api/__tests__/request-id-middleware.test.ts +72 -0
package/src/api/__tests__/sse-broker.test.ts +58 -0
package/src/api/__tests__/sse-route.test.ts +112 -0
package/src/api/anonymous-cookie.ts +60 -0
package/src/api/api-constants.ts +64 -0
package/src/api/auth-middleware.ts +418 -0
package/src/api/auth-routes.ts +982 -0
package/src/api/csrf-middleware.ts +77 -0
package/src/api/index.ts +31 -0
package/src/api/jwt.ts +66 -0
package/src/api/observability-middleware.ts +89 -0
package/src/api/readiness.ts +132 -0
package/src/api/request-context.ts +49 -0
package/src/api/request-id-middleware.ts +50 -0
package/src/api/route-registrars.ts +195 -0
package/src/api/routes.ts +135 -0
package/src/api/server.ts +640 -0
package/src/api/sse-broker.ts +71 -0
package/src/api/sse-route.ts +62 -0
package/src/api/tokens.ts +16 -0
package/src/db/__tests__/apply-entity-event-tenant.integration.ts +159 -0
package/src/db/__tests__/compound-types.test.ts +114 -0
package/src/db/__tests__/connection-options.test.ts +68 -0
package/src/db/__tests__/cursor.test.ts +41 -0
package/src/db/__tests__/db-helpers.test.ts +369 -0
package/src/db/__tests__/dialect-instant.test.ts +50 -0
package/src/db/__tests__/drizzle-helpers.integration.ts +186 -0
package/src/db/__tests__/drizzle-table-types.test.ts +162 -0
package/src/db/__tests__/encryption.test.ts +39 -0
package/src/db/__tests__/event-store-executor-list.integration.ts +313 -0
package/src/db/__tests__/event-store-executor.integration.ts +235 -0
package/src/db/__tests__/implicit-projection-equivalence.integration.ts +304 -0
package/src/db/__tests__/located-timestamp.test.ts +184 -0
package/src/db/__tests__/money.test.ts +199 -0
package/src/db/__tests__/multi-row-insert.integration.ts +76 -0
package/src/db/__tests__/parse-auto-verb.test.ts +70 -0
package/src/db/__tests__/required-not-null-migration-safety.integration.ts +105 -0
package/src/db/__tests__/row-helpers.test.ts +59 -0
package/src/db/__tests__/schema-migration.integration.ts +273 -0
package/src/db/__tests__/table-builder-indexes.test.ts +153 -0
package/src/db/__tests__/table-builder-required.test.ts +216 -0
package/src/db/__tests__/tenant-db.integration.ts +606 -0
package/src/db/__tests__/unique-violation-mapping.integration.ts +166 -0
package/src/db/apply-entity-event.ts +188 -0
package/src/db/assert-exists-in.ts +59 -0
package/src/db/compound-types.ts +47 -0
package/src/db/connection.ts +104 -0
package/src/db/cursor.ts +83 -0
package/src/db/dialect.ts +109 -0
package/src/db/eagerload.ts +174 -0
package/src/db/encryption.ts +39 -0
package/src/db/event-store-executor.ts +906 -0
package/src/db/index.ts +55 -0
package/src/db/located-timestamp.ts +114 -0
package/src/db/money.ts +120 -0
package/src/db/pg-error.ts +46 -0
package/src/db/reference-data.ts +77 -0
package/src/db/row-helpers.ts +53 -0
package/src/db/schema-inspection.ts +25 -0
package/src/db/table-builder.ts +475 -0
package/src/db/tenant-db.ts +434 -0
package/src/engine/__tests__/auth-claims-registrar.test.ts +74 -0
package/src/engine/__tests__/boot-validator-located-timestamps.test.ts +108 -0
package/src/engine/__tests__/boot-validator.test.ts +1865 -0
package/src/engine/__tests__/build-app-schema.test.ts +154 -0
package/src/engine/__tests__/claim-keys.test.ts +274 -0
package/src/engine/__tests__/config-helpers.test.ts +236 -0
package/src/engine/__tests__/effective-features.test.ts +86 -0
package/src/engine/__tests__/engine.test.ts +1461 -0
package/src/engine/__tests__/entity-handlers.test.ts +274 -0
package/src/engine/__tests__/event-helpers.test.ts +68 -0
package/src/engine/__tests__/extends-registrar.test.ts +159 -0
package/src/engine/__tests__/factories-long-text.test.ts +84 -0
package/src/engine/__tests__/factories-time.test.ts +158 -0
package/src/engine/__tests__/field-predicates.test.ts +48 -0
package/src/engine/__tests__/hook-phases.test.ts +132 -0
package/src/engine/__tests__/identifiers.test.ts +35 -0
package/src/engine/__tests__/lifecycle-hooks.test.ts +237 -0
package/src/engine/__tests__/nav.test.ts +267 -0
package/src/engine/__tests__/ownership.test.ts +421 -0
package/src/engine/__tests__/parse-ref-target.test.ts +43 -0
package/src/engine/__tests__/projection-helpers.test.ts +62 -0
package/src/engine/__tests__/projection.test.ts +191 -0
package/src/engine/__tests__/qualified-name.test.ts +264 -0
package/src/engine/__tests__/resolve-config-or-param.test.ts +315 -0
package/src/engine/__tests__/run-in.test.ts +38 -0
package/src/engine/__tests__/schema-builder.test.ts +380 -0
package/src/engine/__tests__/screen.test.ts +408 -0
package/src/engine/__tests__/state-machine.test.ts +148 -0
package/src/engine/__tests__/system-user.test.ts +57 -0
package/src/engine/__tests__/validation-hooks.test.ts +71 -0
package/src/engine/access.ts +23 -0
package/src/engine/boot-validator.ts +1528 -0
package/src/engine/build-app-schema.ts +125 -0
package/src/engine/config-helpers.ts +115 -0
package/src/engine/constants.ts +85 -0
package/src/engine/create-app.ts +98 -0
package/src/engine/define-feature.ts +702 -0
package/src/engine/define-handler.ts +78 -0
package/src/engine/define-roles.ts +19 -0
package/src/engine/effective-features.ts +87 -0
package/src/engine/entity-handlers.ts +364 -0
package/src/engine/event-helpers.ts +73 -0
package/src/engine/factories.ts +328 -0
package/src/engine/feature-ast/__tests__/canonical-form.test.ts +416 -0
package/src/engine/feature-ast/__tests__/parse-happy-path.test.ts +197 -0
package/src/engine/feature-ast/__tests__/parse-real-features.test.ts +128 -0
package/src/engine/feature-ast/__tests__/parse.test.ts +888 -0
package/src/engine/feature-ast/__tests__/patch.test.ts +360 -0
package/src/engine/feature-ast/__tests__/patcher.test.ts +469 -0
package/src/engine/feature-ast/__tests__/render-roundtrip.test.ts +287 -0
package/src/engine/feature-ast/extractors.ts +2562 -0
package/src/engine/feature-ast/index.ts +105 -0
package/src/engine/feature-ast/parse.ts +369 -0
package/src/engine/feature-ast/patch.ts +525 -0
package/src/engine/feature-ast/patcher.ts +518 -0
package/src/engine/feature-ast/patterns.ts +434 -0
package/src/engine/feature-ast/render.ts +602 -0
package/src/engine/feature-ast/source-location.ts +45 -0
package/src/engine/field-access.ts +120 -0
package/src/engine/index.ts +254 -0
package/src/engine/ownership.ts +337 -0
package/src/engine/parse-ref-target.ts +22 -0
package/src/engine/pattern-library/__tests__/library.test.ts +351 -0
package/src/engine/pattern-library/index.ts +24 -0
package/src/engine/pattern-library/library.ts +1117 -0
package/src/engine/pattern-library/types.ts +255 -0
package/src/engine/projection-helpers.ts +85 -0
package/src/engine/qualified-name.ts +122 -0
package/src/engine/read-claim.ts +31 -0
package/src/engine/registry.ts +1325 -0
package/src/engine/resolve-config-or-param.ts +153 -0
package/src/engine/run-in.ts +29 -0
package/src/engine/schema-builder.ts +175 -0
package/src/engine/screen-filter-ops.ts +51 -0
package/src/engine/state-machine.ts +70 -0
package/src/engine/system-user.ts +32 -0
package/src/engine/types/config.ts +306 -0
package/src/engine/types/event-type-map.ts +37 -0
package/src/engine/types/feature.ts +574 -0
package/src/engine/types/fields.ts +422 -0
package/src/engine/types/handlers.ts +742 -0
package/src/engine/types/hooks.ts +142 -0
package/src/engine/types/http-route.ts +54 -0
package/src/engine/types/identifiers.ts +47 -0
package/src/engine/types/index.ts +208 -0
package/src/engine/types/nav.ts +46 -0
package/src/engine/types/projection.ts +132 -0
package/src/engine/types/relations.ts +51 -0
package/src/engine/types/screen.ts +452 -0
package/src/engine/types/workspace.ts +42 -0
package/src/engine/validation.ts +33 -0
package/src/entrypoint/__tests__/entrypoint-job-wiring.integration.ts +173 -0
package/src/entrypoint/__tests__/split-deploy.integration.ts +297 -0
package/src/entrypoint/index.ts +442 -0
package/src/errors/__tests__/classes.test.ts +371 -0
package/src/errors/__tests__/write-failures.test.ts +109 -0
package/src/errors/classes.ts +249 -0
package/src/errors/i18n/de.yaml +83 -0
package/src/errors/i18n/en.yaml +80 -0
package/src/errors/index.ts +41 -0
package/src/errors/kumiko-error.ts +67 -0
package/src/errors/reasons.ts +36 -0
package/src/errors/serialize.ts +136 -0
package/src/errors/transition-details.ts +30 -0
package/src/errors/write-error-info.ts +123 -0
package/src/errors/zod-bridge.ts +49 -0
package/src/event-store/__tests__/admin-api.integration.ts +361 -0
package/src/event-store/__tests__/event-store.integration.ts +584 -0
package/src/event-store/__tests__/get-stream-version-perf.integration.ts +83 -0
package/src/event-store/__tests__/perf.integration.ts +255 -0
package/src/event-store/__tests__/snapshot.integration.ts +267 -0
package/src/event-store/__tests__/upcaster-dead-letter.integration.ts +204 -0
package/src/event-store/__tests__/upcaster.integration.ts +460 -0
package/src/event-store/admin-api.ts +257 -0
package/src/event-store/archive.ts +106 -0
package/src/event-store/errors.ts +35 -0
package/src/event-store/event-store.ts +405 -0
package/src/event-store/events-schema.ts +90 -0
package/src/event-store/index.ts +50 -0
package/src/event-store/snapshot.ts +210 -0
package/src/event-store/upcaster-dead-letter.ts +119 -0
package/src/event-store/upcaster.ts +147 -0
package/src/files/__tests__/content-disposition.test.ts +123 -0
package/src/files/__tests__/file-field-column.integration.ts +103 -0
package/src/files/__tests__/file-field-pipeline.integration.ts +211 -0
package/src/files/__tests__/file-handle.test.ts +122 -0
package/src/files/__tests__/files.integration.ts +830 -0
package/src/files/__tests__/storage-tracking.integration.ts +153 -0
package/src/files/content-disposition.ts +55 -0
package/src/files/file-handle.ts +63 -0
package/src/files/file-ref-table.ts +22 -0
package/src/files/file-routes.ts +353 -0
package/src/files/in-memory-provider.ts +62 -0
package/src/files/index.ts +29 -0
package/src/files/local-provider.ts +35 -0
package/src/files/storage-tracking.ts +60 -0
package/src/files/types.ts +118 -0
package/src/i18n/__tests__/i18n.test.ts +72 -0
package/src/i18n/index.ts +29 -0
package/src/jobs/__tests__/job-event-trigger.integration.ts +172 -0
package/src/jobs/__tests__/job-multi-trigger.integration.ts +144 -0
package/src/jobs/__tests__/jobs.integration.ts +566 -0
package/src/jobs/index.ts +2 -0
package/src/jobs/job-runner.ts +574 -0
package/src/lifecycle/__tests__/create-test-lifecycle.ts +19 -0
package/src/lifecycle/__tests__/lifecycle-server.integration.ts +108 -0
package/src/lifecycle/__tests__/lifecycle.test.ts +212 -0
package/src/lifecycle/__tests__/signal-handlers.test.ts +106 -0
package/src/lifecycle/index.ts +13 -0
package/src/lifecycle/lifecycle.ts +160 -0
package/src/lifecycle/signal-handlers.ts +62 -0
package/src/logging/__tests__/pino-trace-bridge.test.ts +50 -0
package/src/logging/index.ts +3 -0
package/src/logging/pino-logger.ts +64 -0
package/src/logging/types.ts +7 -0
package/src/migrations/__tests__/compare-snapshots.test.ts +150 -0
package/src/migrations/__tests__/detect-drift.integration.ts +320 -0
package/src/migrations/__tests__/detect-projections-to-rebuild.integration.ts +134 -0
package/src/migrations/__tests__/rebuild-marker.test.ts +79 -0
package/src/migrations/index.ts +28 -0
package/src/migrations/projection-detection.ts +149 -0
package/src/migrations/rebuild-marker.ts +64 -0
package/src/migrations/schema-drift.ts +395 -0
package/src/observability/__tests__/console-provider.test.ts +67 -0
package/src/observability/__tests__/metric-validator.test.ts +87 -0
package/src/observability/__tests__/noop-provider.test.ts +82 -0
package/src/observability/__tests__/observability.integration.ts +559 -0
package/src/observability/__tests__/prometheus-meter.test.ts +144 -0
package/src/observability/__tests__/recording-meter.test.ts +101 -0
package/src/observability/__tests__/recording-tracer.test.ts +110 -0
package/src/observability/__tests__/sensitive-filter.test.ts +98 -0
package/src/observability/console-provider.ts +130 -0
package/src/observability/context.ts +26 -0
package/src/observability/fallback.ts +34 -0
package/src/observability/ids.ts +25 -0
package/src/observability/index.ts +79 -0
package/src/observability/metric-validator.ts +86 -0
package/src/observability/metrics-handle.ts +56 -0
package/src/observability/noop-provider.ts +146 -0
package/src/observability/prometheus-meter.ts +284 -0
package/src/observability/recording-meter.ts +156 -0
package/src/observability/recording-tracer.ts +198 -0
package/src/observability/redis-wrapper.ts +132 -0
package/src/observability/sensitive-filter.ts +108 -0
package/src/observability/standard-metrics.ts +213 -0
package/src/observability/types/index.ts +29 -0
package/src/observability/types/metric.ts +56 -0
package/src/observability/types/provider.ts +32 -0
package/src/observability/types/span.ts +64 -0
package/src/pipeline/__tests__/archive-stream.integration.ts +220 -0
package/src/pipeline/__tests__/auth-claims-resolver.test.ts +279 -0
package/src/pipeline/__tests__/cascade-handler.integration.ts +419 -0
package/src/pipeline/__tests__/cascade-handler.test.ts +52 -0
package/src/pipeline/__tests__/causation-chain.integration.ts +206 -0
package/src/pipeline/__tests__/ctx-bridge.integration.ts +234 -0
package/src/pipeline/__tests__/dispatcher.test.ts +379 -0
package/src/pipeline/__tests__/distributed-lock.integration.ts +67 -0
package/src/pipeline/__tests__/domain-events-projections.integration.ts +323 -0
package/src/pipeline/__tests__/event-dedup.integration.ts +153 -0
package/src/pipeline/__tests__/event-define-event-strict.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-lifecycle.integration.ts +220 -0
package/src/pipeline/__tests__/event-dispatcher-multi-instance.integration.ts +423 -0
package/src/pipeline/__tests__/event-dispatcher-pg-listen.integration.ts +123 -0
package/src/pipeline/__tests__/event-dispatcher-recovery.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-second-audit.integration.ts +290 -0
package/src/pipeline/__tests__/event-dispatcher-strict.test.ts +65 -0
package/src/pipeline/__tests__/event-dispatcher.integration.ts +287 -0
package/src/pipeline/__tests__/event-retention.integration.ts +239 -0
package/src/pipeline/__tests__/fetch-for-writing.integration.ts +281 -0
package/src/pipeline/__tests__/lifecycle-pipeline.test.ts +430 -0
package/src/pipeline/__tests__/load-aggregate-query.integration.ts +266 -0
package/src/pipeline/__tests__/msp-error-mode.integration.ts +149 -0
package/src/pipeline/__tests__/msp-multi-hop.integration.ts +228 -0
package/src/pipeline/__tests__/msp-rebuild.integration.ts +368 -0
package/src/pipeline/__tests__/multi-stream-projection.integration.ts +341 -0
package/src/pipeline/__tests__/perf-rebuild.integration.ts +147 -0
package/src/pipeline/__tests__/projection-rebuild.integration.ts +551 -0
package/src/pipeline/__tests__/query-projection.integration.ts +201 -0
package/src/pipeline/__tests__/redis-pipeline.integration.ts +306 -0
package/src/pipeline/append-event-core.ts +117 -0
package/src/pipeline/auth-claims-resolver.ts +103 -0
package/src/pipeline/cascade-handler.ts +113 -0
package/src/pipeline/dispatcher.ts +1585 -0
package/src/pipeline/distributed-lock.ts +37 -0
package/src/pipeline/entity-cache.ts +113 -0
package/src/pipeline/event-consumer-state.ts +108 -0
package/src/pipeline/event-dedup.ts +23 -0
package/src/pipeline/event-dispatcher.ts +1016 -0
package/src/pipeline/event-retention.ts +154 -0
package/src/pipeline/idempotency.ts +76 -0
package/src/pipeline/index.ts +66 -0
package/src/pipeline/lifecycle-pipeline.ts +409 -0
package/src/pipeline/msp-rebuild.ts +242 -0
package/src/pipeline/multi-stream-apply-context.ts +115 -0
package/src/pipeline/projection-rebuild.ts +334 -0
package/src/pipeline/projection-state.ts +72 -0
package/src/pipeline/projections-runner.ts +56 -0
package/src/pipeline/redis-keys.ts +11 -0
package/src/pipeline/system-hooks.ts +190 -0
package/src/random/__tests__/generate.test.ts +149 -0
package/src/random/generate.ts +141 -0
package/src/random/index.ts +8 -0
package/src/random/words.ts +392 -0
package/src/rate-limit/__tests__/dispatcher-l3.integration.ts +111 -0
package/src/rate-limit/__tests__/middleware.integration.ts +189 -0
package/src/rate-limit/__tests__/resolver.integration.ts +189 -0
package/src/rate-limit/bucket.ts +36 -0
package/src/rate-limit/index.ts +14 -0
package/src/rate-limit/middleware.ts +152 -0
package/src/rate-limit/resolver.ts +267 -0
package/src/redis/__tests__/redis-options.test.ts +54 -0
package/src/redis/index.ts +74 -0
package/src/search/__tests__/meilisearch-adapter.integration.ts +236 -0
package/src/search/__tests__/search-adapter.test.ts +256 -0
package/src/search/in-memory-adapter.ts +123 -0
package/src/search/index.ts +12 -0
package/src/search/meilisearch-adapter.ts +106 -0
package/src/search/types.ts +39 -0
package/src/secrets/__tests__/dek-cache.test.ts +213 -0
package/src/secrets/__tests__/env-master-key-provider.test.ts +119 -0
package/src/secrets/__tests__/envelope.test.ts +74 -0
package/src/secrets/__tests__/leak-guard.test.ts +92 -0
package/src/secrets/__tests__/rotation.test.ts +149 -0
package/src/secrets/dek-cache.ts +116 -0
package/src/secrets/env-master-key-provider.ts +162 -0
package/src/secrets/envelope.ts +55 -0
package/src/secrets/index.ts +19 -0
package/src/secrets/leak-guard.ts +87 -0
package/src/secrets/rotation.ts +34 -0
package/src/secrets/types.ts +107 -0
package/src/stack/db.ts +104 -0
package/src/stack/event-collector.ts +23 -0
package/src/stack/index.ts +32 -0
package/src/stack/redis.ts +44 -0
package/src/stack/request-helper.ts +168 -0
package/src/stack/table-helpers.ts +104 -0
package/src/stack/test-stack.ts +357 -0
package/src/stack/test-users.ts +37 -0
package/src/testing/__tests__/e2e-generator.test.ts +230 -0
package/src/testing/__tests__/ensure-entity-table.integration.ts +54 -0
package/src/testing/access-assertions.ts +15 -0
package/src/testing/assertions.ts +35 -0
package/src/testing/e2e-generator.ts +465 -0
package/src/testing/expect-error.ts +25 -0
package/src/testing/handler-context.ts +125 -0
package/src/testing/http-cookies.ts +52 -0
package/src/testing/index.ts +41 -0
package/src/testing/late-bound.ts +39 -0
package/src/testing/mutable-master-key-provider.ts +31 -0
package/src/testing/observability-recorder.ts +54 -0
package/src/testing/shared-entities.ts +49 -0
package/src/testing/utils.ts +1 -0
package/src/testing/wait-for.ts +31 -0
package/src/time/__tests__/polyfill.test.ts +73 -0
package/src/time/__tests__/tz-context.test.ts +121 -0
package/src/time/index.ts +21 -0
package/src/time/polyfill.ts +70 -0
package/src/time/tz-context.ts +107 -0
package/src/ui-types/app-schema.ts +57 -0
package/src/ui-types/index.ts +65 -0
package/src/utils/__tests__/assert.test.ts +17 -0
package/src/utils/__tests__/env-parse.test.ts +54 -0
package/src/utils/assert.ts +18 -0
package/src/utils/env-parse.ts +16 -0
package/src/utils/ids.ts +16 -0
package/src/utils/index.ts +5 -0
package/src/utils/safe-json.ts +30 -0
package/src/utils/serialization.ts +7 -0

package/src/random/words.ts ADDED Viewed

@@ -0,0 +1,392 @@
+// Wortlisten für human-readable Resource-Slugs (Tenant-Keys, Webhook-
+// Subscribers, API-Key-Display-Names, Test-Fixtures). Heroku/Docker-
+// Style — adjective + noun produzieren aussprechbare, merkbare,
+// PII-freie Identifier.
+//
+// Auswahl-Kriterien:
+//   - Emotional-neutral und professionell (kein "fluffy", "sneaky")
+//   - Keine Tiernamen (Heroku-Cliché)
+//   - Keine Personennamen (cultural appropriation, prominenten-collision)
+//   - Keine Themen-Cluster (kein Wetter-only, kein Geographie-only)
+//   - Lowercase, ASCII-only, keine Bindestriche im Wort selbst
+//   - 4-8 Buchstaben pro Wort (kompakter Slug)
+//   - Aussprechbar in Deutsch UND Englisch (User-Telefon-Support)
+//   - Keine Wörter mit ambiguer Bedeutung in Englisch+Deutsch
+//
+// 150 × 150 = 22.500 saubere Kombinationen — bei einer Standard-
+// Hashing-Kollision (Birthday-Bound) reicht das für ~150 Tenants ohne
+// Suffix. Drüber kommt der Suffix-Pfad in generateUniqueName.
+//
+// Erweiterung: weitere Wörter unten anhängen reicht (sortiert ist
+// hilfreich für Reviews aber nicht erforderlich). Caller können auch
+// eigene Listen via generateUniqueName({ adjectives, nouns }) reichen.
+export const ADJECTIVES: readonly string[] = Object.freeze([
+  "agile",
+  "amber",
+  "ample",
+  "ardent",
+  "aurora",
+  "balanced",
+  "bold",
+  "brave",
+  "breezy",
+  "bright",
+  "brisk",
+  "calm",
+  "candid",
+  "cheery",
+  "chosen",
+  "clear",
+  "clever",
+  "clipped",
+  "cobalt",
+  "cool",
+  "coral",
+  "cosmic",
+  "crimson",
+  "crisp",
+  "crystal",
+  "daring",
+  "dawning",
+  "deep",
+  "deft",
+  "diamond",
+  "distant",
+  "dreamy",
+  "earnest",
+  "easy",
+  "elder",
+  "elegant",
+  "elite",
+  "emerald",
+  "endless",
+  "even",
+  "fabled",
+  "fair",
+  "famous",
+  "fancy",
+  "fearless",
+  "fertile",
+  "fiery",
+  "fine",
+  "firm",
+  "first",
+  "flora",
+  "fluent",
+  "fluid",
+  "fond",
+  "forward",
+  "frank",
+  "free",
+  "fresh",
+  "frosty",
+  "gallant",
+  "gentle",
+  "gilded",
+  "glad",
+  "gleaming",
+  "golden",
+  "gracious",
+  "grand",
+  "great",
+  "happy",
+  "hardy",
+  "hearty",
+  "honest",
+  "humble",
+  "iconic",
+  "idle",
+  "imperial",
+  "ivory",
+  "jade",
+  "jolly",
+  "joyful",
+  "keen",
+  "kind",
+  "lasting",
+  "level",
+  "liberal",
+  "light",
+  "lively",
+  "loyal",
+  "lucid",
+  "lucky",
+  "lush",
+  "main",
+  "marble",
+  "mellow",
+  "merry",
+  "mighty",
+  "mild",
+  "modern",
+  "modest",
+  "mossy",
+  "mystic",
+  "neat",
+  "nimble",
+  "noble",
+  "northern",
+  "ocean",
+  "olive",
+  "open",
+  "ornate",
+  "patient",
+  "peaceful",
+  "perfect",
+  "polished",
+  "prime",
+  "pristine",
+  "proud",
+  "prudent",
+  "pure",
+  "quaint",
+  "quick",
+  "quiet",
+  "radiant",
+  "rapid",
+  "ready",
+  "regal",
+  "rich",
+  "ripe",
+  "robust",
+  "rolling",
+  "royal",
+  "ruby",
+  "rugged",
+  "rustic",
+  "saffron",
+  "sage",
+  "scenic",
+  "secret",
+  "serene",
+  "shining",
+  "silent",
+  "silver",
+  "simple",
+  "sincere",
+  "sleek",
+  "smooth",
+  "solar",
+  "solid",
+  "sound",
+  "sparkling",
+  "stable",
+  "starry",
+  "steady",
+  "stellar",
+  "sterling",
+  "still",
+  "stoic",
+  "strong",
+  "sturdy",
+  "subtle",
+  "sunny",
+  "supple",
+  "sweet",
+  "swift",
+  "tame",
+  "tender",
+  "thrifty",
+  "tidy",
+  "tireless",
+  "tough",
+  "tranquil",
+  "trusted",
+  "trusty",
+  "ultra",
+  "valiant",
+  "vast",
+  "verdant",
+  "vibrant",
+  "vivid",
+  "warm",
+  "wavy",
+  "wild",
+  "willowy",
+  "windy",
+  "winged",
+  "winter",
+  "wise",
+  "witty",
+  "worthy",
+  "young",
+  "zealous",
+  "zen",
+]);
+export const NOUNS: readonly string[] = Object.freeze([
+  "anchor",
+  "arch",
+  "atlas",
+  "atrium",
+  "aurora",
+  "badge",
+  "banner",
+  "bastion",
+  "bay",
+  "beacon",
+  "blossom",
+  "bloom",
+  "bonfire",
+  "bramble",
+  "breeze",
+  "bridge",
+  "brook",
+  "cabin",
+  "canopy",
+  "canyon",
+  "carbon",
+  "cascade",
+  "castle",
+  "cavern",
+  "channel",
+  "chapel",
+  "charter",
+  "cinder",
+  "citadel",
+  "clearing",
+  "cliff",
+  "cloud",
+  "clover",
+  "coast",
+  "comet",
+  "compass",
+  "copper",
+  "cottage",
+  "court",
+  "cove",
+  "creek",
+  "crest",
+  "current",
+  "dawn",
+  "delta",
+  "dock",
+  "dome",
+  "door",
+  "dune",
+  "dusk",
+  "eagle",
+  "echo",
+  "ember",
+  "estate",
+  "estuary",
+  "ether",
+  "falcon",
+  "falls",
+  "field",
+  "fjord",
+  "flame",
+  "flora",
+  "forest",
+  "forge",
+  "fortress",
+  "fountain",
+  "garden",
+  "gate",
+  "gateway",
+  "geyser",
+  "glacier",
+  "glade",
+  "glen",
+  "globe",
+  "gorge",
+  "grove",
+  "habitat",
+  "haiku",
+  "hall",
+  "harbor",
+  "harvest",
+  "hatch",
+  "haven",
+  "hearth",
+  "henge",
+  "highland",
+  "hill",
+  "horizon",
+  "isle",
+  "island",
+  "junction",
+  "key",
+  "knoll",
+  "lagoon",
+  "lake",
+  "landing",
+  "lantern",
+  "ledge",
+  "library",
+  "lighthouse",
+  "lily",
+  "lodge",
+  "loft",
+  "manor",
+  "maple",
+  "marble",
+  "market",
+  "marsh",
+  "meadow",
+  "mesa",
+  "mist",
+  "monolith",
+  "moon",
+  "moor",
+  "mosaic",
+  "mountain",
+  "nebula",
+  "oak",
+  "oasis",
+  "obelisk",
+  "ocean",
+  "orchard",
+  "orchid",
+  "outlook",
+  "palace",
+  "passage",
+  "pasture",
+  "patch",
+  "path",
+  "peak",
+  "petal",
+  "pier",
+  "pillar",
+  "pine",
+  "pinnacle",
+  "plateau",
+  "plaza",
+  "pond",
+  "pool",
+  "port",
+  "portal",
+  "prairie",
+  "quarry",
+  "quill",
+  "rainbow",
+  "rampart",
+  "rapids",
+  "ravine",
+  "reef",
+  "ridge",
+  "river",
+  "road",
+  "rock",
+  "saga",
+  "savanna",
+  "scroll",
+  "shore",
+  "signal",
+  "spring",
+  "square",
+  "stable",
+  "station",
+  "stone",
+  "summit",
+  "sunset",
+  "tower",
+  "trail",
+  "valley",
+  "vista",
+  "willow",
+  "window",
+  "yard",
+  "zenith",
+]);

package/src/rate-limit/__tests__/dispatcher-l3.integration.ts ADDED Viewed

@@ -0,0 +1,111 @@
+import { defineFeature, defineQueryHandler } from "@cosmicdrift/kumiko-framework/engine";
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from "vitest";
+import { z } from "zod";
+import { createTestUser, setupTestStack, type TestStack, TestUsers } from "../../stack";
+// Full-stack L3 proof: a handler with `rateLimit` opt-in is gated by the
+// dispatcher BEFORE its handler-fn runs. After `limit` calls within the
+// window the next call surfaces a 429-shaped error response.
+// obj-form handler — proves defineQueryHandler({ ..., rateLimit })
+// reaches the dispatcher with the option intact. Inline-form once
+// silently dropped rateLimit because the spread missed it; obj-form
+// goes through a different path so we need a dedicated test.
+const objFormPing = defineQueryHandler({
+  name: "obj-ping",
+  schema: z.object({}),
+  access: { roles: ["Admin"] },
+  rateLimit: { per: "user", limit: 2, windowSeconds: 60 },
+  handler: async () => ({ ok: true }),
+});
+const userOpsLimited = defineFeature("rl-test", (r) => {
+  r.queryHandler("ping", z.object({}), async () => ({ ok: true }), {
+    access: { roles: ["Admin"] },
+    rateLimit: { per: "user", limit: 3, windowSeconds: 60 },
+  });
+  r.queryHandler("open", z.object({}), async () => ({ ok: true }), {
+    // No rateLimit option — proves opt-in: this handler stays
+    // unlimited even though the same user just got blocked on `ping`.
+    access: { roles: ["Admin"] },
+  });
+  r.queryHandler(objFormPing);
+});
+let stack: TestStack;
+const admin = TestUsers.admin;
+beforeAll(async () => {
+  stack = await setupTestStack({ features: [userOpsLimited] });
+});
+afterAll(async () => {
+  await stack.cleanup();
+});
+beforeEach(async () => {
+  // Each test starts with a fresh bucket — no carry-over between tests.
+  await stack.redis.flushNamespace();
+});
+describe("dispatcher L3 — handler rateLimit opt-in", () => {
+  test("3 calls allowed, 4th call returns rate_limited error response", async () => {
+    for (let i = 0; i < 3; i++) {
+      const ok = await stack.http.queryOk("rl-test:query:ping", {}, admin);
+      expect(ok).toEqual({ ok: true });
+    }
+    // The 4th query goes through queryRaw so we can inspect the wire
+    // shape — queryOk would throw on a non-2xx response, masking the
+    // actual error body.
+    const res = await stack.http.query("rl-test:query:ping", {}, admin);
+    expect(res.status).toBe(429);
+    const body = (await res.json()) as { error: { code: string; details?: { bucket?: string } } };
+    expect(body.error.code).toBe("rate_limited");
+    expect(body.error.details?.bucket).toBe(`user:${admin.id}`);
+  });
+  test("isolates per user: blocked user does not block other user", async () => {
+    const otherAdmin = createTestUser({ id: 9001, roles: ["Admin"] });
+    for (let i = 0; i < 3; i++) {
+      await stack.http.queryOk("rl-test:query:ping", {}, admin);
+    }
+    const blocked = await stack.http.query("rl-test:query:ping", {}, admin);
+    expect(blocked.status).toBe(429);
+    const otherOk = await stack.http.queryOk("rl-test:query:ping", {}, otherAdmin);
+    expect(otherOk).toEqual({ ok: true });
+  });
+  test("obj-form defineQueryHandler propagates rateLimit through to dispatcher", async () => {
+    // 2 calls allowed (limit on the obj-form definition is 2/min/user).
+    for (let i = 0; i < 2; i++) {
+      const ok = await stack.http.queryOk("rl-test:query:obj-ping", {}, admin);
+      expect(ok).toEqual({ ok: true });
+    }
+    const blocked = await stack.http.query("rl-test:query:obj-ping", {}, admin);
+    // 429 here proves the obj-form path didn't silently drop rateLimit.
+    expect(blocked.status).toBe(429);
+    const body = (await blocked.json()) as {
+      error: { code: string; details?: { limit?: number } };
+    };
+    expect(body.error.code).toBe("rate_limited");
+    expect(body.error.details?.limit).toBe(2);
+  });
+  test("same user, different handler without rateLimit: stays unlimited", async () => {
+    for (let i = 0; i < 3; i++) {
+      await stack.http.queryOk("rl-test:query:ping", {}, admin);
+    }
+    const blocked = await stack.http.query("rl-test:query:ping", {}, admin);
+    expect(blocked.status).toBe(429);
+    // The "open" handler has no rateLimit declaration → bucket is
+    // independent → admin can still call it freely.
+    for (let i = 0; i < 5; i++) {
+      const ok = await stack.http.queryOk("rl-test:query:open", {}, admin);
+      expect(ok).toEqual({ ok: true });
+    }
+  });
+});

package/src/rate-limit/__tests__/middleware.integration.ts ADDED Viewed

@@ -0,0 +1,189 @@
+import { Hono } from "hono";
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from "vitest";
+import { createTestRedis, type TestRedis } from "../../stack";
+import { authEndpointRateLimit, globalIpRateLimit } from "../middleware";
+import { createRateLimitResolver, type RateLimitResolver } from "../resolver";
+let testRedis: TestRedis;
+let resolver: RateLimitResolver;
+beforeAll(async () => {
+  testRedis = await createTestRedis();
+});
+afterAll(async () => {
+  await testRedis.cleanup();
+});
+beforeEach(async () => {
+  await testRedis.flushNamespace();
+  resolver = createRateLimitResolver({
+    redis: testRedis.redis,
+    keyPrefix: "test:rl:",
+  });
+});
+describe("globalIpRateLimit (L1)", () => {
+  test("allows up to limit, blocks at limit+1, returns 429 with headers", async () => {
+    const app = new Hono();
+    app.use(
+      "/api/*",
+      globalIpRateLimit({ resolver, limit: 3, windowSeconds: 60, onFailClosed: () => {} }),
+    );
+    app.get("/api/probe", (c) => c.text("ok"));
+    const ipHeader = { "x-forwarded-for": "10.0.0.1" };
+    for (let i = 0; i < 3; i++) {
+      const res = await app.request("/api/probe", { headers: ipHeader });
+      expect(res.status).toBe(200);
+      // Allowed responses carry the standard headers so a polite client
+      // can self-throttle without first hitting 429.
+      expect(res.headers.get("X-RateLimit-Limit")).toBe("3");
+      expect(res.headers.get("X-RateLimit-Remaining")).toBe(String(2 - i));
+    }
+    const blocked = await app.request("/api/probe", { headers: ipHeader });
+    expect(blocked.status).toBe(429);
+    expect(blocked.headers.get("Retry-After")).toBeTruthy();
+    expect(blocked.headers.get("X-RateLimit-Limit")).toBe("3");
+    expect(blocked.headers.get("X-RateLimit-Remaining")).toBe("0");
+    const body = (await blocked.json()) as { error: { code: string; details: { bucket: string } } };
+    expect(body.error.code).toBe("rate_limited");
+    expect(body.error.details.bucket).toBe("l1:10.0.0.1");
+  });
+  test("isolates per IP — different x-forwarded-for has its own bucket", async () => {
+    const app = new Hono();
+    app.use(
+      "/api/*",
+      globalIpRateLimit({ resolver, limit: 2, windowSeconds: 60, onFailClosed: () => {} }),
+    );
+    app.get("/api/probe", (c) => c.text("ok"));
+    await app.request("/api/probe", { headers: { "x-forwarded-for": "10.0.0.2" } });
+    await app.request("/api/probe", { headers: { "x-forwarded-for": "10.0.0.2" } });
+    const blocked = await app.request("/api/probe", {
+      headers: { "x-forwarded-for": "10.0.0.2" },
+    });
+    expect(blocked.status).toBe(429);
+    const otherIp = await app.request("/api/probe", {
+      headers: { "x-forwarded-for": "10.0.0.99" },
+    });
+    expect(otherIp.status).toBe(200);
+  });
+  test("no x-forwarded-for: pass-through (no bucket)", async () => {
+    const app = new Hono();
+    app.use(
+      "/api/*",
+      globalIpRateLimit({ resolver, limit: 1, windowSeconds: 60, onFailClosed: () => {} }),
+    );
+    app.get("/api/probe", (c) => c.text("ok"));
+    // No xff header — extractIp returns undefined → middleware skips.
+    // Both calls succeed even though limit=1.
+    const a = await app.request("/api/probe");
+    const b = await app.request("/api/probe");
+    expect(a.status).toBe(200);
+    expect(b.status).toBe(200);
+  });
+  test("fail-closed when resolver throws non-RateLimit error (Redis down)", async () => {
+    let onFailCalled = false;
+    const brokenResolver: RateLimitResolver = {
+      check: async () => {
+        throw new Error("ECONNREFUSED");
+      },
+      enforce: async () => {
+        throw new Error("ECONNREFUSED");
+      },
+      peek: async () => {
+        throw new Error("ECONNREFUSED");
+      },
+    };
+    const app = new Hono();
+    app.use(
+      "/api/*",
+      globalIpRateLimit({
+        resolver: brokenResolver,
+        limit: 5,
+        windowSeconds: 60,
+        onFailClosed: () => {
+          onFailCalled = true;
+        },
+      }),
+    );
+    app.get("/api/probe", (c) => c.text("ok"));
+    const res = await app.request("/api/probe", {
+      headers: { "x-forwarded-for": "10.0.0.5" },
+    });
+    expect(res.status).toBe(503);
+    expect(onFailCalled).toBe(true);
+  });
+});
+describe("authEndpointRateLimit (L2)", () => {
+  test("default bucket is ip+path: same IP on different path is independent", async () => {
+    const app = new Hono();
+    app.use(
+      "/auth/*",
+      authEndpointRateLimit({
+        resolver,
+        limit: 2,
+        windowSeconds: 60,
+        onFailClosed: () => {},
+      }),
+    );
+    app.post("/auth/login", (c) => c.text("ok"));
+    app.post("/auth/register", (c) => c.text("ok"));
+    const ipHeader = { "x-forwarded-for": "10.0.1.1" };
+    await app.request("/auth/login", { method: "POST", headers: ipHeader });
+    await app.request("/auth/login", { method: "POST", headers: ipHeader });
+    const blocked = await app.request("/auth/login", { method: "POST", headers: ipHeader });
+    expect(blocked.status).toBe(429);
+    // Different path → separate bucket — register endpoint not affected.
+    const register = await app.request("/auth/register", { method: "POST", headers: ipHeader });
+    expect(register.status).toBe(200);
+  });
+  test("custom extractTarget: account-aware bucketing isolates per email", async () => {
+    const app = new Hono();
+    app.use(
+      "/auth/login",
+      authEndpointRateLimit({
+        resolver,
+        limit: 2,
+        windowSeconds: 60,
+        extractTarget: async (c) => {
+          // Real-world: parse JSON body for `email`. Tests pass the
+          // email as a header for simplicity (body-stream consumption
+          // mid-middleware needs a body-shim that's out of scope here).
+          return c.req.header("x-account") ?? undefined;
+        },
+        onFailClosed: () => {},
+      }),
+    );
+    app.post("/auth/login", (c) => c.text("ok"));
+    const ipHeader = { "x-forwarded-for": "10.0.1.5" };
+    const reqA = (acc: string) =>
+      app.request("/auth/login", {
+        method: "POST",
+        headers: { ...ipHeader, "x-account": acc },
+      });
+    await reqA("user-a");
+    await reqA("user-a");
+    const blockedA = await reqA("user-a");
+    expect(blockedA.status).toBe(429);
+    // Same IP, different account → fresh bucket
+    const otherAcc = await reqA("user-b");
+    expect(otherAcc.status).toBe(200);
+  });
+});