@daloyjs/core 0.1.0

package/dist/client.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Typed client factory.
+ *
+ * `createClient<typeof app>(...)` produces a typed fetch wrapper whose
+ * methods correspond to operationIds, with parameters and response
+ * types derived from the *same* route definitions used on the server.
+ *
+ * One source of truth: server, validation, OpenAPI, and client all
+ * line up. No drift, no separate codegen step required (though one
+ * can still be generated from the OpenAPI doc for non-TS clients).
+ */
+import type { App } from "./app.js";
+import type { HandlerReturn, InferRequest, RequestSchemas, ResponsesMap, RouteDefinition } from "./types.js";
+export type RoutesOf<A extends App> = A["routes"][number];
+export type ClientFor<A extends App> = {
+    [R in Extract<RoutesOf<A>, {
+        operationId: string;
+    }> as R["operationId"]]: ClientMethod<R>;
+};
+type ClientMethod<R> = R extends RouteDefinition<infer P, infer _M, infer Req, infer Res> ? (input: ClientInput<P, Req>) => Promise<ClientOutput<Res>> : never;
+type ClientInput<P extends string, Req extends RequestSchemas | undefined> = {
+    params: InferRequest<Req, P>["params"];
+    query?: Partial<InferRequest<Req, P>["query"]>;
+    headers?: Record<string, string>;
+} & (Req extends {
+    body: infer _B;
+} ? {
+    body: InferRequest<Req, P>["body"];
+} : {
+    body?: undefined;
+});
+type ClientOutput<Res extends ResponsesMap> = HandlerReturn<Res>;
+export interface ClientOptions {
+    baseUrl: string;
+    fetch?: typeof fetch;
+    headers?: Record<string, string>;
+}
+export declare function createClient<A extends App>(app: A, opts: ClientOptions): ClientFor<A>;
+export {};
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,KAAK,EACV,aAAa,EACb,YAAY,EACZ,cAAc,EACd,YAAY,EACZ,eAAe,EAChB,MAAM,YAAY,CAAC;AAGpB,MAAM,MAAM,QAAQ,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC;AAE1D,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,GAAG,IAAI;KACpC,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC,IAAI,CAAC,CAAC,aAAa,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC;CAC1F,CAAC;AAEF,KAAK,YAAY,CAAC,CAAC,IAAI,CAAC,SAAS,eAAe,CAC9C,MAAM,CAAC,EACP,MAAM,EAAE,EACR,MAAM,GAAG,EACT,MAAM,GAAG,CACV,GACG,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,EAAE,GAAG,CAAC,KAAK,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,GAC1D,KAAK,CAAC;AAEV,KAAK,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,GAAG,SAAS,cAAc,GAAG,SAAS,IAAI;IAC3E,MAAM,EAAE,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACvC,KAAK,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC,GAAG,CAAC,GAAG,SAAS;IAAE,IAAI,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG;IAAE,IAAI,EAAE,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;CAAE,GAAG;IAAE,IAAI,CAAC,EAAE,SAAS,CAAA;CAAE,CAAC,CAAC;AAErG,KAAK,YAAY,CAAC,GAAG,SAAS,YAAY,IAAI,aAAa,CAAC,GAAG,CAAC,CAAC;AAEjE,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED,wBAAgB,YAAY,CAAC,CAAC,SAAS,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,aAAa,GAAG,SAAS,CAAC,CAAC,CAAC,CAsCrF"}

package/dist/client.js

@@ -0,0 +1,61 @@
+/**
+ * Typed client factory.
+ *
+ * `createClient<typeof app>(...)` produces a typed fetch wrapper whose
+ * methods correspond to operationIds, with parameters and response
+ * types derived from the *same* route definitions used on the server.
+ *
+ * One source of truth: server, validation, OpenAPI, and client all
+ * line up. No drift, no separate codegen step required (though one
+ * can still be generated from the OpenAPI doc for non-TS clients).
+ */
+export function createClient(app, opts) {
+    const f = opts.fetch ?? fetch;
+    const out = {};
+    for (const route of app.routes) {
+        if (!route.operationId)
+            continue;
+        out[route.operationId] = async (input = {}) => {
+            let path = route.path;
+            const params = input.params ?? {};
+            for (const [k, v] of Object.entries(params)) {
+                path = path.replace(`:${k}`, encodeURIComponent(String(v)));
+            }
+            const url = new URL(path, opts.baseUrl);
+            if (input.query) {
+                for (const [k, v] of Object.entries(input.query)) {
+                    if (v === undefined)
+                        continue;
+                    if (Array.isArray(v))
+                        v.forEach((x) => url.searchParams.append(k, String(x)));
+                    else
+                        url.searchParams.set(k, String(v));
+                }
+            }
+            const headers = { ...opts.headers, ...input.headers };
+            let body;
+            if (input.body !== undefined) {
+                headers["content-type"] ??= "application/json";
+                body = JSON.stringify(input.body);
+            }
+            const res = await f(url.toString(), { method: route.method, headers, body });
+            const text = await res.text();
+            const parsed = text ? safeJson(text) : undefined;
+            const headersOut = {};
+            res.headers.forEach((v, k) => {
+                headersOut[k] = v;
+            });
+            return { status: res.status, body: parsed, headers: headersOut };
+        };
+    }
+    return out;
+}
+function safeJson(text) {
+    try {
+        return JSON.parse(text);
+    }
+    catch {
+        return text;
+    }
+}
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAyCH,MAAM,UAAU,YAAY,CAAgB,GAAM,EAAE,IAAmB;IACrE,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC;IAC9B,MAAM,GAAG,GAA4B,EAAE,CAAC;IAExC,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QAC/B,IAAI,CAAC,KAAK,CAAC,WAAW;YAAE,SAAS;QACjC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,QAAa,EAAE,EAAE,EAAE;YACjD,IAAI,IAAI,GAAG,KAAK,CAAC,IAAc,CAAC;YAChC,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC;YAClC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5C,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9D,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YACxC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;gBAChB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;oBACjD,IAAI,CAAC,KAAK,SAAS;wBAAE,SAAS;oBAC9B,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;wBAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;;wBACzE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC;YACD,MAAM,OAAO,GAA2B,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;YAC9E,IAAI,IAA0B,CAAC;YAC/B,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC7B,OAAO,CAAC,cAAc,CAAC,KAAK,kBAAkB,CAAC;gBAC/C,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACpC,CAAC;YACD,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7E,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACjD,MAAM,UAAU,GAA2B,EAAE,CAAC;YAC9C,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;gBAC3B,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YACpB,CAAC,CAAC,CAAC;YACH,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAS,CAAC;QAC1E,CAAC,CAAC;IACJ,CAAC;IAED,OAAO,GAAmB,CAAC;AAC7B,CAAC;AAED,SAAS,QAAQ,CAAC,IAAY;IAC5B,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/contract.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Contract-test runner.
+ *
+ * Iterates every registered route and verifies:
+ *   - declared response examples (if any) actually validate against the
+ *     declared response body schema
+ *   - duplicate operationIds, missing operationIds, and dead routes
+ *   - that no route declares a `body` schema for GET/HEAD/DELETE without
+ *     opting in via `allowBodyOnSafeMethods`
+ *
+ * Returns a structured report. CI should `process.exit(1)` if `ok === false`.
+ */
+import type { App } from "./app.js";
+export interface ContractIssue {
+    level: "error" | "warning";
+    route: string;
+    message: string;
+}
+export interface ContractReport {
+    ok: boolean;
+    checked: number;
+    issues: ContractIssue[];
+}
+export interface ContractTestOptions {
+    /** Require every route to have an operationId. Default: true. */
+    requireOperationId?: boolean;
+    /** Allow body schemas on GET/HEAD/DELETE. Default: false. */
+    allowBodyOnSafeMethods?: boolean;
+}
+export declare function runContractTests(app: App, opts?: ContractTestOptions): Promise<ContractReport>;
+//# sourceMappingURL=contract.d.ts.map

package/dist/contract.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contract.d.ts","sourceRoot":"","sources":["../src/contract.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAGpC,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,OAAO,GAAG,SAAS,CAAC;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,OAAO,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,aAAa,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,mBAAmB;IAClC,iEAAiE;IACjE,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,6DAA6D;IAC7D,sBAAsB,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,wBAAsB,gBAAgB,CACpC,GAAG,EAAE,GAAG,EACR,IAAI,GAAE,mBAAwB,GAC7B,OAAO,CAAC,cAAc,CAAC,CAuEzB"}

package/dist/contract.js

@@ -0,0 +1,76 @@
+/**
+ * Contract-test runner.
+ *
+ * Iterates every registered route and verifies:
+ *   - declared response examples (if any) actually validate against the
+ *     declared response body schema
+ *   - duplicate operationIds, missing operationIds, and dead routes
+ *   - that no route declares a `body` schema for GET/HEAD/DELETE without
+ *     opting in via `allowBodyOnSafeMethods`
+ *
+ * Returns a structured report. CI should `process.exit(1)` if `ok === false`.
+ */
+import { validate } from "./schema.js";
+export async function runContractTests(app, opts = {}) {
+    const requireOperationId = opts.requireOperationId ?? true;
+    const allowBodyOnSafeMethods = opts.allowBodyOnSafeMethods ?? false;
+    const issues = [];
+    const seenOpIds = new Map();
+    for (const r of app.routes) {
+        const id = `${r.method} ${r.path}`;
+        if (requireOperationId && !r.operationId) {
+            issues.push({ level: "error", route: id, message: "Missing operationId" });
+        }
+        if (r.operationId) {
+            const prior = seenOpIds.get(r.operationId);
+            if (prior) {
+                issues.push({
+                    level: "error",
+                    route: id,
+                    message: `Duplicate operationId "${r.operationId}" (also on ${prior})`,
+                });
+            }
+            else {
+                seenOpIds.set(r.operationId, id);
+            }
+        }
+        if (!allowBodyOnSafeMethods &&
+            r.request?.body &&
+            (r.method === "GET" || r.method === "HEAD" || r.method === "DELETE")) {
+            issues.push({
+                level: "warning",
+                route: id,
+                message: `Body schema declared on ${r.method} (likely a mistake)`,
+            });
+        }
+        if (Object.keys(r.responses).length === 0) {
+            issues.push({ level: "error", route: id, message: "No responses declared" });
+        }
+        // Validate examples against schemas.
+        const responseEntries = Object.entries(r.responses);
+        for (const [status, spec] of responseEntries) {
+            if (!spec)
+                continue;
+            if (spec.body && spec.examples) {
+                for (const [name, example] of Object.entries(spec.examples)) {
+                    const result = await validate(spec.body, example);
+                    if (result.issues) {
+                        issues.push({
+                            level: "error",
+                            route: id,
+                            message: `Example "${name}" for ${status} violates schema: ${result.issues
+                                .map((i) => i.message)
+                                .join("; ")}`,
+                        });
+                    }
+                }
+            }
+        }
+    }
+    return {
+        ok: !issues.some((i) => i.level === "error"),
+        checked: app.routes.length,
+        issues,
+    };
+}
+//# sourceMappingURL=contract.js.map

package/dist/contract.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"contract.js","sourceRoot":"","sources":["../src/contract.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAqBvC,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,GAAQ,EACR,OAA4B,EAAE;IAE9B,MAAM,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,IAAI,IAAI,CAAC;IAC3D,MAAM,sBAAsB,GAAG,IAAI,CAAC,sBAAsB,IAAI,KAAK,CAAC;IAEpE,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE5C,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QAC3B,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QAEnC,IAAI,kBAAkB,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAClB,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;YAC3C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,OAAO;oBACd,KAAK,EAAE,EAAE;oBACT,OAAO,EAAE,0BAA0B,CAAC,CAAC,WAAW,cAAc,KAAK,GAAG;iBACvE,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;QAED,IACE,CAAC,sBAAsB;YACvB,CAAC,CAAC,OAAO,EAAE,IAAI;YACf,CAAC,CAAC,CAAC,MAAM,KAAK,KAAK,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,EACpE,CAAC;YACD,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,SAAS;gBAChB,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,2BAA2B,CAAC,CAAC,MAAM,qBAAqB;aAClE,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;QAC/E,CAAC;QAED,qCAAqC;QACrC,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAGhD,CAAC;QACH,KAAK,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,eAAe,EAAE,CAAC;YAC7C,IAAI,CAAC,IAAI;gBAAE,SAAS;YACpB,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC/B,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC5D,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBAClD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;wBAClB,MAAM,CAAC,IAAI,CAAC;4BACV,KAAK,EAAE,OAAO;4BACd,KAAK,EAAE,EAAE;4BACT,OAAO,EAAE,YAAY,IAAI,SAAS,MAAM,qBAAqB,MAAM,CAAC,MAAM;iCACvE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;iCACrB,IAAI,CAAC,IAAI,CAAC,EAAE;yBAChB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC;QAC5C,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM;QAC1B,MAAM;KACP,CAAC;AACJ,CAAC"}

package/dist/docs.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Built-in API documentation handlers.
+ *
+ * Both serve a single self-contained HTML page that loads the spec at
+ * `specUrl` from a CDN. No build step, no extra deps.
+ *
+ * (You can self-host the assets if your CSP forbids CDNs.)
+ */
+export interface DocsOptions {
+    specUrl: string;
+    title?: string;
+}
+export declare function scalarHtml(opts: DocsOptions): string;
+export declare function swaggerUiHtml(opts: DocsOptions): string;
+export declare function htmlResponse(html: string): Response;
+//# sourceMappingURL=docs.d.ts.map

package/dist/docs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"docs.d.ts","sourceRoot":"","sources":["../src/docs.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wBAAgB,UAAU,CAAC,IAAI,EAAE,WAAW,GAAG,MAAM,CAYpD;AAED,wBAAgB,aAAa,CAAC,IAAI,EAAE,WAAW,GAAG,MAAM,CAcvD;AAED,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,QAAQ,CAWnD"}

package/dist/docs.js

@@ -0,0 +1,51 @@
+/**
+ * Built-in API documentation handlers.
+ *
+ * Both serve a single self-contained HTML page that loads the spec at
+ * `specUrl` from a CDN. No build step, no extra deps.
+ *
+ * (You can self-host the assets if your CSP forbids CDNs.)
+ */
+export function scalarHtml(opts) {
+    const title = escapeHtml(opts.title ?? "API Reference");
+    const url = escapeHtml(opts.specUrl);
+    return `<!doctype html>
+<html><head>
+<meta charset="utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>${title}</title>
+</head><body>
+<script id="api-reference" data-url="${url}"></script>
+<script src="https://cdn.jsdelivr.net/npm/@scalar/api-reference"></script>
+</body></html>`;
+}
+export function swaggerUiHtml(opts) {
+    const title = escapeHtml(opts.title ?? "API Docs");
+    const url = escapeHtml(opts.specUrl);
+    return `<!doctype html>
+<html><head>
+<meta charset="utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>${title}</title>
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/swagger-ui-dist/swagger-ui.css" />
+</head><body>
+<div id="swagger"></div>
+<script src="https://cdn.jsdelivr.net/npm/swagger-ui-dist/swagger-ui-bundle.js"></script>
+<script>window.onload=()=>SwaggerUIBundle({url:"${url}",dom_id:"#swagger"});</script>
+</body></html>`;
+}
+export function htmlResponse(html) {
+    return new Response(html, {
+        headers: {
+            "content-type": "text/html; charset=utf-8",
+            // Docs pages are intentionally permissive about external scripts; lock to those CDNs.
+            "content-security-policy": "default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; img-src 'self' data: https:; connect-src 'self'",
+            "x-content-type-options": "nosniff",
+            "referrer-policy": "no-referrer",
+        },
+    });
+}
+function escapeHtml(s) {
+    return s.replace(/[&<>"']/g, (c) => ({ "&": "&amp;", "<": "&lt;", ">": "&gt;", '"': "&quot;", "'": "&#39;" }[c]));
+}
+//# sourceMappingURL=docs.js.map

package/dist/docs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"docs.js","sourceRoot":"","sources":["../src/docs.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,MAAM,UAAU,UAAU,CAAC,IAAiB;IAC1C,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,IAAI,eAAe,CAAC,CAAC;IACxD,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrC,OAAO;;;;SAIA,KAAK;;uCAEyB,GAAG;;eAE3B,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAiB;IAC7C,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrC,OAAO;;;;SAIA,KAAK;;;;;kDAKoC,GAAG;eACtC,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;QACxB,OAAO,EAAE;YACP,cAAc,EAAE,0BAA0B;YAC1C,sFAAsF;YACtF,yBAAyB,EACvB,4LAA4L;YAC9L,wBAAwB,EAAE,SAAS;YACnC,iBAAiB,EAAE,aAAa;SACjC;KACF,CAAC,CAAC;AACL,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC;AACrH,CAAC"}

package/dist/errors.d.ts

@@ -0,0 +1,75 @@
+/**
+ * Framework error model.
+ *
+ * Wire format follows RFC 9457 (application/problem+json) so clients
+ * across teams and languages have a predictable, OpenAPI-documentable
+ * error shape.
+ *
+ * Production-mode rendering scrubs `detail` for 5xx responses so internal
+ * messages never leak to clients (security: information disclosure).
+ */
+export interface ProblemDetails {
+    type: string;
+    title: string;
+    status: number;
+    detail?: string;
+    instance?: string;
+    /** Validation issues, our extension. */
+    errors?: Array<{
+        path: string;
+        message: string;
+    }>;
+    [key: string]: unknown;
+}
+export interface ProblemRenderOptions {
+    /** When true, scrub `detail` for 5xx responses. Default: NODE_ENV === "production". */
+    production?: boolean;
+    /** Optional request id to embed for correlation. */
+    requestId?: string;
+}
+export declare class HttpError extends Error {
+    readonly status: number;
+    readonly problem: ProblemDetails;
+    readonly headers?: Record<string, string>;
+    constructor(status: number, problem: Partial<ProblemDetails> & {
+        title: string;
+    }, headers?: Record<string, string>);
+    toResponse(opts?: ProblemRenderOptions): Response;
+}
+export declare class BadRequestError extends HttpError {
+    constructor(detail?: string);
+}
+export declare class ValidationError extends HttpError {
+    constructor(where: "params" | "query" | "headers" | "body", issues: Array<{
+        path: string;
+        message: string;
+    }>);
+}
+export declare class NotFoundError extends HttpError {
+    constructor(detail?: string);
+}
+export declare class UnauthorizedError extends HttpError {
+    constructor(detail?: string);
+}
+export declare class ForbiddenError extends HttpError {
+    constructor(detail?: string);
+}
+export declare class MethodNotAllowedError extends HttpError {
+    constructor(allow: string[]);
+}
+export declare class PayloadTooLargeError extends HttpError {
+    constructor(limit: number);
+}
+export declare class UnsupportedMediaTypeError extends HttpError {
+    constructor(got: string, expected: string[]);
+}
+export declare class TooManyRequestsError extends HttpError {
+    constructor(retryAfterSeconds?: number);
+}
+export declare class RequestTimeoutError extends HttpError {
+    constructor(ms: number);
+}
+export declare class InternalError extends HttpError {
+    constructor(detail?: string);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wCAAwC;IACxC,MAAM,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClD,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,oBAAoB;IACnC,uFAAuF;IACvF,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,oDAAoD;IACpD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,SAAU,SAAQ,KAAK;IAClC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,cAAc,CAAC;IACjC,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBAGxC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,EACpD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAclC,UAAU,CAAC,IAAI,GAAE,oBAAyB,GAAG,QAAQ;CAetD;AAED,qBAAa,eAAgB,SAAQ,SAAS;gBAChC,MAAM,CAAC,EAAE,MAAM;CAQ5B;AAED,qBAAa,eAAgB,SAAQ,SAAS;gBAE1C,KAAK,EAAE,QAAQ,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,EAC9C,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CAUnD;AAED,qBAAa,aAAc,SAAQ,SAAS;gBAC9B,MAAM,CAAC,EAAE,MAAM;CAQ5B;AAED,qBAAa,iBAAkB,SAAQ,SAAS;gBAClC,MAAM,CAAC,EAAE,MAAM;CAQ5B;AAED,qBAAa,cAAe,SAAQ,SAAS;gBAC/B,MAAM,CAAC,EAAE,MAAM;CAQ5B;AAED,qBAAa,qBAAsB,SAAQ,SAAS;gBACtC,KAAK,EAAE,MAAM,EAAE;CAW5B;AAED,qBAAa,oBAAqB,SAAQ,SAAS;gBACrC,KAAK,EAAE,MAAM;CAQ1B;AAED,qBAAa,yBAA0B,SAAQ,SAAS;gBAC1C,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE;CAQ5C;AAED,qBAAa,oBAAqB,SAAQ,SAAS;gBACrC,iBAAiB,CAAC,EAAE,MAAM;CAavC;AAED,qBAAa,mBAAoB,SAAQ,SAAS;gBACpC,EAAE,EAAE,MAAM;CAQvB;AAED,qBAAa,aAAc,SAAQ,SAAS;gBAC9B,MAAM,CAAC,EAAE,MAAM;CAQ5B"}

package/dist/errors.js

@@ -0,0 +1,155 @@
+/**
+ * Framework error model.
+ *
+ * Wire format follows RFC 9457 (application/problem+json) so clients
+ * across teams and languages have a predictable, OpenAPI-documentable
+ * error shape.
+ *
+ * Production-mode rendering scrubs `detail` for 5xx responses so internal
+ * messages never leak to clients (security: information disclosure).
+ */
+export class HttpError extends Error {
+    status;
+    problem;
+    headers;
+    constructor(status, problem, headers) {
+        super(problem.title);
+        this.name = "HttpError";
+        this.status = status;
+        this.problem = {
+            type: problem.type ?? `https://httpstatuses.io/${status}`,
+            ...problem,
+            title: problem.title,
+            status,
+        };
+        if (headers)
+            this.headers = headers;
+    }
+    toResponse(opts = {}) {
+        const isProd = opts.production ??
+            (typeof process !== "undefined" && process.env?.NODE_ENV === "production");
+        const out = { ...this.problem };
+        if (isProd && this.status >= 500) {
+            delete out.detail; // do not leak internals
+        }
+        if (opts.requestId)
+            out.instance = `urn:request:${opts.requestId}`;
+        const headers = {
+            "content-type": "application/problem+json",
+            ...(this.headers ?? {}),
+        };
+        return new Response(JSON.stringify(out), { status: this.status, headers });
+    }
+}
+export class BadRequestError extends HttpError {
+    constructor(detail) {
+        super(400, {
+            type: "https://daloyjs.dev/errors/bad-request",
+            title: "Bad Request",
+            ...(detail ? { detail } : {}),
+        });
+        this.name = "BadRequestError";
+    }
+}
+export class ValidationError extends HttpError {
+    constructor(where, issues) {
+        super(422, {
+            type: "https://daloyjs.dev/errors/validation",
+            title: "Request validation failed",
+            detail: `Invalid ${where}`,
+            errors: issues,
+        });
+        this.name = "ValidationError";
+    }
+}
+export class NotFoundError extends HttpError {
+    constructor(detail) {
+        super(404, {
+            type: "https://daloyjs.dev/errors/not-found",
+            title: "Not Found",
+            ...(detail ? { detail } : {}),
+        });
+        this.name = "NotFoundError";
+    }
+}
+export class UnauthorizedError extends HttpError {
+    constructor(detail) {
+        super(401, {
+            type: "https://daloyjs.dev/errors/unauthorized",
+            title: "Unauthorized",
+            ...(detail ? { detail } : {}),
+        });
+        this.name = "UnauthorizedError";
+    }
+}
+export class ForbiddenError extends HttpError {
+    constructor(detail) {
+        super(403, {
+            type: "https://daloyjs.dev/errors/forbidden",
+            title: "Forbidden",
+            ...(detail ? { detail } : {}),
+        });
+        this.name = "ForbiddenError";
+    }
+}
+export class MethodNotAllowedError extends HttpError {
+    constructor(allow) {
+        super(405, {
+            type: "https://daloyjs.dev/errors/method-not-allowed",
+            title: "Method Not Allowed",
+        }, { allow: allow.join(", ") });
+        this.name = "MethodNotAllowedError";
+    }
+}
+export class PayloadTooLargeError extends HttpError {
+    constructor(limit) {
+        super(413, {
+            type: "https://daloyjs.dev/errors/payload-too-large",
+            title: "Payload Too Large",
+            detail: `Body exceeds ${limit} bytes`,
+        });
+        this.name = "PayloadTooLargeError";
+    }
+}
+export class UnsupportedMediaTypeError extends HttpError {
+    constructor(got, expected) {
+        super(415, {
+            type: "https://daloyjs.dev/errors/unsupported-media-type",
+            title: "Unsupported Media Type",
+            detail: `Got "${got}", expected one of: ${expected.join(", ")}`,
+        });
+        this.name = "UnsupportedMediaTypeError";
+    }
+}
+export class TooManyRequestsError extends HttpError {
+    constructor(retryAfterSeconds) {
+        super(429, {
+            type: "https://daloyjs.dev/errors/too-many-requests",
+            title: "Too Many Requests",
+        }, retryAfterSeconds !== undefined
+            ? { "retry-after": String(retryAfterSeconds) }
+            : undefined);
+        this.name = "TooManyRequestsError";
+    }
+}
+export class RequestTimeoutError extends HttpError {
+    constructor(ms) {
+        super(408, {
+            type: "https://daloyjs.dev/errors/request-timeout",
+            title: "Request Timeout",
+            detail: `Request exceeded ${ms}ms`,
+        });
+        this.name = "RequestTimeoutError";
+    }
+}
+export class InternalError extends HttpError {
+    constructor(detail) {
+        super(500, {
+            type: "https://daloyjs.dev/errors/internal",
+            title: "Internal Server Error",
+            ...(detail ? { detail } : {}),
+        });
+        this.name = "InternalError";
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAoBH,MAAM,OAAO,SAAU,SAAQ,KAAK;IACzB,MAAM,CAAS;IACf,OAAO,CAAiB;IACxB,OAAO,CAA0B;IAE1C,YACE,MAAc,EACd,OAAoD,EACpD,OAAgC;QAEhC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;QACxB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG;YACb,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,2BAA2B,MAAM,EAAE;YACzD,GAAG,OAAO;YACV,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM;SACP,CAAC;QACF,IAAI,OAAO;YAAE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACtC,CAAC;IAED,UAAU,CAAC,OAA6B,EAAE;QACxC,MAAM,MAAM,GACV,IAAI,CAAC,UAAU;YACf,CAAC,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,QAAQ,KAAK,YAAY,CAAC,CAAC;QAC7E,MAAM,GAAG,GAAmB,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAChD,IAAI,MAAM,IAAI,IAAI,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YACjC,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,wBAAwB;QAC7C,CAAC;QACD,IAAI,IAAI,CAAC,SAAS;YAAE,GAAG,CAAC,QAAQ,GAAG,eAAe,IAAI,CAAC,SAAS,EAAE,CAAC;QACnE,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,0BAA0B;YAC1C,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;SACxB,CAAC;QACF,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;IAC7E,CAAC;CACF;AAED,MAAM,OAAO,eAAgB,SAAQ,SAAS;IAC5C,YAAY,MAAe;QACzB,KAAK,CAAC,GAAG,EAAE;YACT,IAAI,EAAE,wCAAwC;YAC9C,KAAK,EAAE,aAAa;YACpB,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC9B,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED,MAAM,OAAO,eAAgB,SAAQ,SAAS;IAC5C,YACE,KAA8C,EAC9C,MAAgD;QAEhD,KAAK,CAAC,GAAG,EAAE;YACT,IAAI,EAAE,uCAAuC;YAC7C,KAAK,EAAE,2BAA2B;YAClC,MAAM,EAAE,WAAW,KAAK,EAAE;YAC1B,MAAM,EAAE,MAAM;SACf,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED,MAAM,OAAO,aAAc,SAAQ,SAAS;IAC1C,YAAY,MAAe;QACzB,KAAK,CAAC,GAAG,EAAE;YACT,IAAI,EAAE,sCAAsC;YAC5C,KAAK,EAAE,WAAW;YAClB,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC9B,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC9B,CAAC;CACF;AAED,MAAM,OAAO,iBAAkB,SAAQ,SAAS;IAC9C,YAAY,MAAe;QACzB,KAAK,CAAC,GAAG,EAAE;YACT,IAAI,EAAE,yCAAyC;YAC/C,KAAK,EAAE,cAAc;YACrB,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC9B,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED,MAAM,OAAO,cAAe,SAAQ,SAAS;IAC3C,YAAY,MAAe;QACzB,KAAK,CAAC,GAAG,EAAE;YACT,IAAI,EAAE,sCAAsC;YAC5C,KAAK,EAAE,WAAW;YAClB,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC9B,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF;AAED,MAAM,OAAO,qBAAsB,SAAQ,SAAS;IAClD,YAAY,KAAe;QACzB,KAAK,CACH,GAAG,EACH;YACE,IAAI,EAAE,+CAA+C;YACrD,KAAK,EAAE,oBAAoB;SAC5B,EACD,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC5B,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED,MAAM,OAAO,oBAAqB,SAAQ,SAAS;IACjD,YAAY,KAAa;QACvB,KAAK,CAAC,GAAG,EAAE;YACT,IAAI,EAAE,8CAA8C;YACpD,KAAK,EAAE,mBAAmB;YAC1B,MAAM,EAAE,gBAAgB,KAAK,QAAQ;SACtC,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AAED,MAAM,OAAO,yBAA0B,SAAQ,SAAS;IACtD,YAAY,GAAW,EAAE,QAAkB;QACzC,KAAK,CAAC,GAAG,EAAE;YACT,IAAI,EAAE,mDAAmD;YACzD,KAAK,EAAE,wBAAwB;YAC/B,MAAM,EAAE,QAAQ,GAAG,uBAAuB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;SAChE,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,2BAA2B,CAAC;IAC1C,CAAC;CACF;AAED,MAAM,OAAO,oBAAqB,SAAQ,SAAS;IACjD,YAAY,iBAA0B;QACpC,KAAK,CACH,GAAG,EACH;YACE,IAAI,EAAE,8CAA8C;YACpD,KAAK,EAAE,mBAAmB;SAC3B,EACD,iBAAiB,KAAK,SAAS;YAC7B,CAAC,CAAC,EAAE,aAAa,EAAE,MAAM,CAAC,iBAAiB,CAAC,EAAE;YAC9C,CAAC,CAAC,SAAS,CACd,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AAED,MAAM,OAAO,mBAAoB,SAAQ,SAAS;IAChD,YAAY,EAAU;QACpB,KAAK,CAAC,GAAG,EAAE;YACT,IAAI,EAAE,4CAA4C;YAClD,KAAK,EAAE,iBAAiB;YACxB,MAAM,EAAE,oBAAoB,EAAE,IAAI;SACnC,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED,MAAM,OAAO,aAAc,SAAQ,SAAS;IAC1C,YAAY,MAAe;QACzB,KAAK,CAAC,GAAG,EAAE;YACT,IAAI,EAAE,qCAAqC;YAC3C,KAAK,EAAE,uBAAuB;YAC9B,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC9B,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC9B,CAAC;CACF"}

package/dist/index.d.ts

@@ -0,0 +1,13 @@
+export { App } from "./app.js";
+export type { AppOptions, IntrospectedRoute } from "./app.js";
+export type { RouteDefinition, HttpMethod, PathString, RequestSchemas, ResponsesMap, ResponseSpec, AuthSpec, Hooks, BaseContext, HandlerReturn, InferRequest, ParamsOf, PathParams, } from "./types.js";
+export { HttpError, BadRequestError, ValidationError, NotFoundError, UnauthorizedError, ForbiddenError, MethodNotAllowedError, PayloadTooLargeError, UnsupportedMediaTypeError, TooManyRequestsError, RequestTimeoutError, InternalError, } from "./errors.js";
+export type { ProblemDetails, ProblemRenderOptions } from "./errors.js";
+export type { StandardSchemaV1 } from "./schema.js";
+export { validate, isStandardSchema } from "./schema.js";
+export { readBodyLimited, safeJsonParse, sanitizeHeaderName, sanitizeHeaderValue, timingSafeEqual, randomId, } from "./security.js";
+export { requestId, secureHeaders, cors, rateLimit, timing, bearerAuth, } from "./middleware.js";
+export type { RequestIdOptions, SecureHeadersOptions, CorsOptions, RateLimitOptions, RateLimitStore, } from "./middleware.js";
+export { createLogger, noopLogger } from "./logger.js";
+export type { Logger, LogLevel, ConsoleLoggerOptions } from "./logger.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAC/B,YAAY,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAE9D,YAAY,EACV,eAAe,EACf,UAAU,EACV,UAAU,EACV,cAAc,EACd,YAAY,EACZ,YAAY,EACZ,QAAQ,EACR,KAAK,EACL,WAAW,EACX,aAAa,EACb,YAAY,EACZ,QAAQ,EACR,UAAU,GACX,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,SAAS,EACT,eAAe,EACf,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,cAAc,EACd,qBAAqB,EACrB,oBAAoB,EACpB,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACnB,aAAa,GACd,MAAM,aAAa,CAAC;AACrB,YAAY,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAExE,YAAY,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAEzD,OAAO,EACL,eAAe,EACf,aAAa,EACb,kBAAkB,EAClB,mBAAmB,EACnB,eAAe,EACf,QAAQ,GACT,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,SAAS,EACT,aAAa,EACb,IAAI,EACJ,SAAS,EACT,MAAM,EACN,UAAU,GACX,MAAM,iBAAiB,CAAC;AACzB,YAAY,EACV,gBAAgB,EAChB,oBAAoB,EACpB,WAAW,EACX,gBAAgB,EAChB,cAAc,GACf,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACvD,YAAY,EAAE,MAAM,EAAE,QAAQ,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC"}

package/dist/index.js

@@ -0,0 +1,7 @@
+export { App } from "./app.js";
+export { HttpError, BadRequestError, ValidationError, NotFoundError, UnauthorizedError, ForbiddenError, MethodNotAllowedError, PayloadTooLargeError, UnsupportedMediaTypeError, TooManyRequestsError, RequestTimeoutError, InternalError, } from "./errors.js";
+export { validate, isStandardSchema } from "./schema.js";
+export { readBodyLimited, safeJsonParse, sanitizeHeaderName, sanitizeHeaderValue, timingSafeEqual, randomId, } from "./security.js";
+export { requestId, secureHeaders, cors, rateLimit, timing, bearerAuth, } from "./middleware.js";
+export { createLogger, noopLogger } from "./logger.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAmB/B,OAAO,EACL,SAAS,EACT,eAAe,EACf,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,cAAc,EACd,qBAAqB,EACrB,oBAAoB,EACpB,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACnB,aAAa,GACd,MAAM,aAAa,CAAC;AAIrB,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAEzD,OAAO,EACL,eAAe,EACf,aAAa,EACb,kBAAkB,EAClB,mBAAmB,EACnB,eAAe,EACf,QAAQ,GACT,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,SAAS,EACT,aAAa,EACb,IAAI,EACJ,SAAS,EACT,MAAM,EACN,UAAU,GACX,MAAM,iBAAiB,CAAC;AASzB,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC"}

package/dist/logger.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Pluggable logger interface.
+ *
+ * The default logger is a tiny structured JSON logger writing to stdout.
+ * Plug pino / winston / your own by implementing `Logger`.
+ */
+export type LogLevel = "trace" | "debug" | "info" | "warn" | "error" | "fatal";
+export interface Logger {
+    level: LogLevel;
+    trace(obj: object | string, msg?: string): void;
+    debug(obj: object | string, msg?: string): void;
+    info(obj: object | string, msg?: string): void;
+    warn(obj: object | string, msg?: string): void;
+    error(obj: object | string, msg?: string): void;
+    fatal(obj: object | string, msg?: string): void;
+    child(bindings: Record<string, unknown>): Logger;
+}
+export interface ConsoleLoggerOptions {
+    level?: LogLevel;
+    bindings?: Record<string, unknown>;
+    /** Where to write. Defaults to process.stdout.write or console.log. */
+    write?: (line: string) => void;
+}
+export declare function createLogger(opts?: ConsoleLoggerOptions): Logger;
+export declare const noopLogger: Logger;
+//# sourceMappingURL=logger.d.ts.map

package/dist/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,CAAC;AAE/E,MAAM,WAAW,MAAM;IACrB,KAAK,EAAE,QAAQ,CAAC;IAChB,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChD,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChD,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/C,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/C,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChD,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChD,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC;CAClD;AAWD,MAAM,WAAW,oBAAoB;IACnC,KAAK,CAAC,EAAE,QAAQ,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,uEAAuE;IACvE,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;CAChC;AAED,wBAAgB,YAAY,CAAC,IAAI,GAAE,oBAAyB,GAAG,MAAM,CA6CpE;AAED,eAAO,MAAM,UAAU,EAAE,MAWxB,CAAC"}