@forklaunch/core 0.12.3 → 0.13.1

package/lib/http/index.js

@@ -57,6 +57,7 @@ __export(http_exports, {
   isForklaunchRequest: () => isForklaunchRequest,
   isForklaunchRouter: () => isForklaunchRouter,
   isInformational: () => isInformational,
+  isPortBound: () => isPortBound,
   isRedirection: () => isRedirection,
   isServerError: () => isServerError,
   isSuccessful: () => isSuccessful,
@@ -156,10 +157,10 @@ function isTypedHandler(maybeTypedHandler) {
 
 // src/http/middleware/request/auth.middleware.ts
 var import_common2 = require("@forklaunch/common");
-var import_jose = require("jose");
 
 // src/http/discriminateAuthMethod.ts
-function discriminateAuthMethod(auth) {
+var import_jose = require("jose");
+async function discriminateAuthMethod(auth) {
   if ("basic" in auth) {
     return {
       type: "basic",
@@ -168,18 +169,59 @@ function discriminateAuthMethod(auth) {
         login: auth.basic.login
       }
     };
-  } else if ("jwt" in auth) {
+  } else if ("jwt" in auth && auth.jwt != null) {
+    const jwt = auth.jwt;
+    let verificationFunction;
+    if ("privateKey" in jwt) {
+      verificationFunction = async (token) => {
+        const { payload } = await (0, import_jose.jwtVerify)(token, Buffer.from(jwt.privateKey));
+        return payload;
+      };
+    } else {
+      let jwks;
+      if ("jwksPublicKeyUrl" in jwt) {
+        const jwksResponse = await fetch(jwt.jwksPublicKeyUrl);
+        jwks = (await jwksResponse.json()).keys;
+      } else {
+        jwks = [jwt.jwksPublicKey];
+      }
+      verificationFunction = async (token) => {
+        for (const key of jwks) {
+          try {
+            const { payload } = await (0, import_jose.jwtVerify)(token, key);
+            return payload;
+          } catch {
+            continue;
+          }
+        }
+      };
+    }
     return {
       type: "jwt",
       auth: {
-        decodeResource: auth.decodeResource
+        decodeResource: auth.decodeResource,
+        verificationFunction
+      }
+    };
+  } else if ("secretKey" in auth) {
+    return {
+      type: "system",
+      auth: {
+        secretKey: auth.secretKey
       }
     };
   } else {
     return {
       type: "jwt",
       auth: {
-        decodeResource: auth.decodeResource
+        decodeResource: auth.decodeResource,
+        verificationFunction: async (token) => {
+          const { payload } = await (0, import_jose.jwtVerify)(
+            token,
+            Buffer.from(process.env.JWT_SECRET_KEY)
+          );
+          return payload;
+        }
       }
     };
   }
@@ -187,12 +229,22 @@ function discriminateAuthMethod(auth) {
 
 // src/http/guards/hasPermissionChecks.ts
 function hasPermissionChecks(maybePermissionedAuth) {
-  return typeof maybePermissionedAuth === "object" && maybePermissionedAuth !== null && "mapPermissions" in maybePermissionedAuth && ("allowedPermissions" in maybePermissionedAuth || "forbiddenPermissions" in maybePermissionedAuth);
+  return typeof maybePermissionedAuth === "object" && maybePermissionedAuth !== null && ("allowedPermissions" in maybePermissionedAuth || "forbiddenPermissions" in maybePermissionedAuth);
 }
 
 // src/http/guards/hasRoleChecks.ts
 function hasRoleChecks(maybeRoledAuth) {
-  return typeof maybeRoledAuth === "object" && maybeRoledAuth !== null && "mapRoles" in maybeRoledAuth && ("allowedRoles" in maybeRoledAuth || "forbiddenRoles" in maybeRoledAuth);
+  return typeof maybeRoledAuth === "object" && maybeRoledAuth !== null && ("allowedRoles" in maybeRoledAuth || "forbiddenRoles" in maybeRoledAuth);
+}
+
+// src/http/guards/hasScopeChecks.ts
+function hasScopeChecks(maybePermissionedAuth) {
+  return typeof maybePermissionedAuth === "object" && maybePermissionedAuth !== null && "requiredScope" in maybePermissionedAuth && maybePermissionedAuth.requiredScope != null;
+}
+
+// src/http/guards/isSystemAuthMethod.ts
+function isSystemAuthMethod(maybeSystemAuthMethod) {
+  return typeof maybeSystemAuthMethod === "object" && maybeSystemAuthMethod !== null && "secretKey" in maybeSystemAuthMethod;
 }
 
 // src/http/middleware/request/auth.middleware.ts
@@ -220,23 +272,45 @@ var invalidAuthorizationLogin = [
   403,
   "Invalid Authorization login."
 ];
-async function checkAuthorizationToken(authorizationMethod, authorizationToken, req) {
+var invalidScope = [403, "Invalid scope for operation."];
+var invalidAuthorizationMethod = [
+  401,
+  "Invalid Authorization method."
+];
+var authorizationTokenRequired = [
+  401,
+  "Authorization token required."
+];
+async function checkAuthorizationToken(authorizationMethod, globalOptions, authorizationToken, req) {
+  if (authorizationMethod == null) {
+    return void 0;
+  }
+  const collapsedAuthorizationMethod = {
+    ...globalOptions,
+    ...authorizationMethod
+  };
   if (authorizationToken == null) {
-    return [401, "No Authorization token provided."];
+    return authorizationTokenRequired;
   }
   const [tokenPrefix, token] = authorizationToken.split(" ");
   let resourceId;
-  const { type, auth } = discriminateAuthMethod(authorizationMethod);
+  const { type, auth } = await discriminateAuthMethod(
+    collapsedAuthorizationMethod
+  );
   switch (type) {
+    case "system": {
+      if (token !== auth.secretKey || tokenPrefix !== collapsedAuthorizationMethod.tokenPrefix) {
+        return invalidAuthorizationToken;
+      }
+      resourceId = null;
+      break;
+    }
     case "jwt": {
-      if (tokenPrefix !== (authorizationMethod.tokenPrefix ?? "Bearer")) {
+      if (tokenPrefix !== (collapsedAuthorizationMethod.tokenPrefix ?? "Bearer")) {
         return invalidAuthorizationTokenFormat;
       }
       try {
-        const decodedJwt = await auth?.decodeResource?.(token) ?? (await (0, import_jose.jwtVerify)(
-          token,
-          new TextEncoder().encode(process.env.JWT_SECRET)
-        )).payload;
+        const decodedJwt = "decodeResource" in auth && auth.decodeResource ? await auth.decodeResource(token) : "verificationFunction" in auth && auth.verificationFunction ? await auth.verificationFunction(token) : void 0;
         if (!decodedJwt) {
           return invalidAuthorizationSubject;
         }
@@ -248,7 +322,7 @@ async function checkAuthorizationToken(authorizationMethod, authorizationToken,
       break;
     }
     case "basic": {
-      if (tokenPrefix !== (authorizationMethod.tokenPrefix ?? "Basic")) {
+      if (tokenPrefix !== (collapsedAuthorizationMethod.tokenPrefix ?? "Basic")) {
         return invalidAuthorizationTokenFormat;
       }
       if (auth.decodeResource) {
@@ -271,62 +345,82 @@ async function checkAuthorizationToken(authorizationMethod, authorizationToken,
       (0, import_common2.isNever)(type);
       return [401, "Invalid Authorization method."];
   }
-  if (hasPermissionChecks(authorizationMethod)) {
-    if (!authorizationMethod.mapPermissions) {
-      return [500, "No permission mapping function provided."];
+  if (isSystemAuthMethod(collapsedAuthorizationMethod) || resourceId == null) {
+    return;
+  }
+  if (hasScopeChecks(collapsedAuthorizationMethod)) {
+    if (collapsedAuthorizationMethod.surfaceScopes) {
+      const resourceScopes = await collapsedAuthorizationMethod.surfaceScopes(
+        resourceId,
+        req
+      );
+      if (collapsedAuthorizationMethod.scopeHeirarchy) {
+        if (collapsedAuthorizationMethod.requiredScope) {
+          if (!resourceScopes.has(collapsedAuthorizationMethod.requiredScope) || Array.from(resourceScopes).every(
+            (scope) => collapsedAuthorizationMethod.scopeHeirarchy?.indexOf(scope) ?? -1 > -1
+          )) {
+            return invalidScope;
+          }
+        }
+      }
     }
-    const resourcePermissions = await authorizationMethod.mapPermissions(
+  }
+  if (hasPermissionChecks(collapsedAuthorizationMethod)) {
+    if (!collapsedAuthorizationMethod.surfacePermissions) {
+      return [500, "No permission surfacing function provided."];
+    }
+    const resourcePermissions = await collapsedAuthorizationMethod.surfacePermissions(
       resourceId,
       req
     );
-    if ("allowedPermissions" in authorizationMethod && authorizationMethod.allowedPermissions) {
-      if (resourcePermissions.intersection(authorizationMethod.allowedPermissions).size === 0) {
+    if ("allowedPermissions" in collapsedAuthorizationMethod && collapsedAuthorizationMethod.allowedPermissions) {
+      if (resourcePermissions.intersection(
+        collapsedAuthorizationMethod.allowedPermissions
+      ).size === 0) {
         return invalidAuthorizationTokenPermissions;
       }
     }
-    if ("forbiddenPermissions" in authorizationMethod && authorizationMethod.forbiddenPermissions) {
+    if ("forbiddenPermissions" in collapsedAuthorizationMethod && collapsedAuthorizationMethod.forbiddenPermissions) {
       if (resourcePermissions.intersection(
-        authorizationMethod.forbiddenPermissions
+        collapsedAuthorizationMethod.forbiddenPermissions
       ).size !== 0) {
         return invalidAuthorizationTokenPermissions;
       }
     }
-  } else if (hasRoleChecks(authorizationMethod)) {
-    if (!authorizationMethod.mapRoles) {
-      return [500, "No role mapping function provided."];
+  } else if (hasRoleChecks(collapsedAuthorizationMethod)) {
+    if (!collapsedAuthorizationMethod.surfaceRoles) {
+      return [500, "No role surfacing function provided."];
     }
-    const resourceRoles = await authorizationMethod.mapRoles(
+    const resourceRoles = await collapsedAuthorizationMethod.surfaceRoles(
       resourceId,
       req
     );
-    if ("allowedRoles" in authorizationMethod && authorizationMethod.allowedRoles) {
-      if (resourceRoles.intersection(authorizationMethod.allowedRoles).size === 0) {
+    if ("allowedRoles" in collapsedAuthorizationMethod && collapsedAuthorizationMethod.allowedRoles) {
+      if (resourceRoles.intersection(collapsedAuthorizationMethod.allowedRoles).size === 0) {
         return invalidAuthorizationTokenRoles;
       }
     }
-    if ("forbiddenRoles" in authorizationMethod && authorizationMethod.forbiddenRoles) {
-      if (resourceRoles.intersection(authorizationMethod.forbiddenRoles).size !== 0) {
+    if ("forbiddenRoles" in collapsedAuthorizationMethod && collapsedAuthorizationMethod.forbiddenRoles) {
+      if (resourceRoles.intersection(collapsedAuthorizationMethod.forbiddenRoles).size !== 0) {
         return invalidAuthorizationTokenRoles;
       }
     }
   } else {
-    return [401, "Invalid Authorization method."];
+    return invalidAuthorizationMethod;
   }
 }
 async function parseRequestAuth(req, res, next) {
   const auth = req.contractDetails.auth;
-  if (auth) {
-    const [error, message] = await checkAuthorizationToken(
-      auth,
-      req.headers[auth.headerName ?? "Authorization"] || req.headers[auth.headerName ?? "authorization"],
-      // we can safely cast here because we know that the user will supply resolution for the request
-      req
-    ) ?? [];
-    if (error != null) {
-      res.type("text/plain");
-      res.status(error).send(message);
-      return;
-    }
+  const [error, message] = await checkAuthorizationToken(
+    auth,
+    req._globalOptions?.auth,
+    req.headers[auth?.headerName ?? "Authorization"] || req.headers[auth?.headerName ?? "authorization"],
+    req
+  ) ?? [];
+  if (error != null) {
+    res.type("text/plain");
+    res.status(error).send(message);
+    return;
   }
   next?.();
 }
@@ -396,7 +490,7 @@ var import_common4 = require("@forklaunch/common");
 var import_api2 = require("@opentelemetry/api");
 var import_api_logs = require("@opentelemetry/api-logs");
 var import_pino = __toESM(require("pino"));
-var import_pino_pretty = __toESM(require("pino-pretty"));
+var PinoPretty = __toESM(require("pino-pretty"));
 
 // src/http/guards/isLoggerMeta.ts
 function isLoggerMeta(arg) {
@@ -443,11 +537,35 @@ function normalizeLogArgs(args) {
   const metadata = Object.assign({}, ...metaObjects);
   return [metadata, message.trim()];
 }
+function safePrettyFormat(level, args, timestamp) {
+  try {
+    const [metadata, message] = normalizeLogArgs(args);
+    const formattedTimestamp = timestamp || (/* @__PURE__ */ new Date()).toISOString();
+    return `[${formattedTimestamp}] ${level.toUpperCase()}: ${message}${Object.keys(metadata).length > 0 ? `
+${JSON.stringify(metadata, null, 2)}` : ""}`;
+  } catch (error) {
+    const fallbackMessage = args.map((arg) => {
+      try {
+        if (typeof arg === "string") return arg;
+        if (arg === null) return "null";
+        if (arg === void 0) return "undefined";
+        return JSON.stringify(arg);
+      } catch {
+        return "[Circular/Non-serializable Object]";
+      }
+    }).join(" ");
+    return `[${(/* @__PURE__ */ new Date()).toISOString()}] ${level.toUpperCase()}: ${fallbackMessage} [Pretty Print Error: ${error instanceof Error ? error.message : "Unknown error"}]`;
+  }
+}
 var PinoLogger = class _PinoLogger {
   pinoLogger;
   meta;
-  prettyPrinter = import_pino_pretty.default.prettyFactory({
-    colorize: true
+  prettyPrinter = PinoPretty.prettyFactory({
+    colorize: true,
+    // Add error handling options
+    errorLikeObjectKeys: ["err", "error"],
+    ignore: "pid,hostname",
+    translateTime: "SYS:standard"
   });
   constructor(level, meta2 = {}) {
     this.pinoLogger = (0, import_pino.default)({
@@ -460,7 +578,12 @@ var PinoLogger = class _PinoLogger {
       timestamp: import_pino.default.stdTimeFunctions.isoTime,
       transport: {
         target: "pino-pretty",
-        options: { colorize: true }
+        options: {
+          colorize: true,
+          errorLikeObjectKeys: ["err", "error"],
+          ignore: "pid,hostname",
+          translateTime: "SYS:standard"
+        }
       }
     });
     this.meta = meta2;
@@ -492,12 +615,21 @@ var PinoLogger = class _PinoLogger {
       ...meta2
     };
     this.pinoLogger[level](...normalizeLogArgs(filteredArgs));
-    import_api_logs.logs.getLogger(process.env.OTEL_SERVICE_NAME ?? "unknown").emit({
-      severityText: level,
-      severityNumber: mapSeverity(level),
-      body: this.prettyPrinter(filteredArgs),
-      attributes: { ...this.meta, ...meta2 }
-    });
+    const formattedBody = safePrettyFormat(level, filteredArgs);
+    try {
+      import_api_logs.logs.getLogger(process.env.OTEL_SERVICE_NAME ?? "unknown").emit({
+        severityText: level,
+        severityNumber: mapSeverity(level),
+        body: formattedBody,
+        attributes: { ...this.meta, ...meta2 }
+      });
+    } catch (error) {
+      console.error("Failed to emit OpenTelemetry log:", error);
+      console.log(
+        `[${(/* @__PURE__ */ new Date()).toISOString()}] ${level.toUpperCase()}:`,
+        ...filteredArgs
+      );
+    }
   }
   error = (msg, ...args) => this.log("error", msg, ...args);
   info = (msg, ...args) => this.log("info", msg, ...args);
@@ -626,13 +758,14 @@ var httpServerDurationHistogram = import_api3.metrics.getMeter((0, import_common
 });
 
 // src/http/middleware/request/enrichDetails.middleware.ts
-function enrichDetails(path, contractDetails, requestSchema, responseSchemas, openTelemetryCollector) {
+function enrichDetails(path, contractDetails, requestSchema, responseSchemas, openTelemetryCollector, globalOptions) {
   return (req, res, next) => {
     req.originalPath = path;
     req.contractDetails = contractDetails;
     req.requestSchema = requestSchema;
     res.responseSchemas = responseSchemas;
     req.openTelemetryCollector = openTelemetryCollector;
+    req._globalOptions = globalOptions;
     req.context?.span?.setAttribute(ATTR_API_NAME, req.contractDetails?.name);
     const startTime = process.hrtime();
     res.on("finish", () => {
@@ -666,6 +799,7 @@ function isRequestShape(maybeResponseShape) {
 
 // src/http/middleware/request/parse.middleware.ts
 function parse(req, res, next) {
+  const collapsedOptions = req.contractDetails.options?.requestValidation ?? (req._globalOptions?.validation === false ? "none" : req._globalOptions?.validation?.request);
   const request = {
     params: req.params,
     query: req.query,
@@ -738,8 +872,9 @@ function parse(req, res, next) {
     );
   }
   if (!parsedRequest.ok) {
-    switch (req.contractDetails.options?.requestValidation) {
+    switch (collapsedOptions) {
       default:
+      case void 0:
       case "error":
         res.type("application/json");
         res.status(400);
@@ -900,12 +1035,13 @@ function discriminateResponseBodies(schemaValidator, responses) {
 
 // src/http/router/expressLikeRouter.ts
 var ForklaunchExpressLikeRouter = class _ForklaunchExpressLikeRouter {
-  constructor(basePath, schemaValidator, internal, postEnrichMiddleware, openTelemetryCollector) {
+  constructor(basePath, schemaValidator, internal, postEnrichMiddleware, openTelemetryCollector, routerOptions) {
     this.basePath = basePath;
     this.schemaValidator = schemaValidator;
     this.internal = internal;
     this.postEnrichMiddleware = postEnrichMiddleware;
     this.openTelemetryCollector = openTelemetryCollector;
+    this.routerOptions = routerOptions;
     if (process.env.NODE_ENV !== "test" && !process.env.VITEST) {
       process.on("uncaughtException", (err) => {
         this.openTelemetryCollector.error(`Uncaught exception: ${err}`);
@@ -944,7 +1080,8 @@ var ForklaunchExpressLikeRouter = class _ForklaunchExpressLikeRouter {
         contractDetails,
         requestSchema,
         responseSchemas,
-        this.openTelemetryCollector
+        this.openTelemetryCollector,
+        this.routerOptions
       ),
       ...this.postEnrichMiddleware,
       parse,
@@ -1637,7 +1774,8 @@ var ForklaunchExpressLikeRouter = class _ForklaunchExpressLikeRouter {
       this.schemaValidator,
       this.internal,
       this.postEnrichMiddleware,
-      this.openTelemetryCollector
+      this.openTelemetryCollector,
+      this.routerOptions
     );
     this.cloneInternals(clone);
     return clone;
@@ -1657,7 +1795,12 @@ var ForklaunchExpressLikeApplication = class extends ForklaunchExpressLikeRouter
       schemaValidator,
       internal,
       postEnrichMiddleware,
-      openTelemetryCollector
+      openTelemetryCollector,
+      {
+        ...appOptions,
+        openapi: appOptions?.openapi !== false,
+        mcp: appOptions?.mcp !== false
+      }
     );
     this.schemaValidator = schemaValidator;
     this.internal = internal;
@@ -1668,6 +1811,27 @@ var ForklaunchExpressLikeApplication = class extends ForklaunchExpressLikeRouter
   }
 };
 
+// src/http/cluster/isPortBound.ts
+var net = __toESM(require("net"));
+function isPortBound(port, host = "localhost") {
+  return new Promise((resolve) => {
+    const socket = new net.Socket();
+    socket.setTimeout(1e3);
+    socket.on("connect", () => {
+      socket.destroy();
+      resolve(true);
+    });
+    socket.on("timeout", () => {
+      socket.destroy();
+      resolve(false);
+    });
+    socket.on("error", () => {
+      resolve(false);
+    });
+    socket.connect(port, host);
+  });
+}
+
 // src/http/guards/isPath.ts
 function isPath(path) {
   return path.startsWith("/");
@@ -2790,7 +2954,7 @@ function generateInputSchema(schemaValidator, body, params, query, requestHeader
     } : {}
   });
 }
-function generateMcpServer(schemaValidator, protocol, host, port, version, application, options2, contentTypeMap) {
+function generateMcpServer(schemaValidator, protocol, host, port, version, application, appOptions, options2, contentTypeMap) {
   if (!(schemaValidator instanceof import_zod.ZodSchemaValidator)) {
     throw new Error(
       "Schema validator must be an instance of ZodSchemaValidator"
@@ -2811,6 +2975,9 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, appli
     ])
   ].forEach(({ fullPath, router }) => {
     router.routes.forEach((route) => {
+      if (!(route.contractDetails.options?.mcp ?? router.routerOptions?.mcp ?? appOptions !== false)) {
+        return;
+      }
       const inputSchemas = [];
       if (route.contractDetails.versions) {
         Object.values(route.contractDetails.versions).forEach((version2) => {
@@ -3012,6 +3179,11 @@ function isResponseCompiledSchema(schema) {
 function parse2(req, res, next) {
   let headers;
   let responses;
+  const collapsedOptions = req.contractDetails.options?.responseValidation ?? (req._globalOptions?.validation === false ? "none" : req._globalOptions?.validation?.response);
+  if (collapsedOptions === "none") {
+    next?.();
+    return;
+  }
   const responseSchemas = res.responseSchemas;
   const schemaValidator = req.schemaValidator;
   if (!isResponseCompiledSchema(responseSchemas)) {
@@ -3073,6 +3245,7 @@ function parse2(req, res, next) {
   if (parseErrors.length > 0) {
     switch (req.contractDetails.options?.responseValidation) {
       default:
+      case void 0:
       case "error":
         res.type("text/plain");
         res.status(500);
@@ -3289,13 +3462,16 @@ function transformBasePath(basePath) {
   }
   return `/${basePath}`;
 }
-function generateOpenApiDocument(serverUrls, serverDescriptions, versionedTags, versionedPaths, versionedSecuritySchemes, otherServers) {
+function generateOpenApiDocument(serverUrls, serverDescriptions, versionedTags, versionedPaths, versionedSecuritySchemes, appOptions) {
+  const { title, description, contact } = appOptions !== false ? appOptions ?? {} : {};
   return {
     [OPENAPI_DEFAULT_VERSION]: {
       openapi: "3.1.0",
       info: {
-        title: process.env.API_TITLE || "API Definition",
-        version: process.env.VERSION || "latest"
+        title: title || process.env.API_TITLE || "API Definition",
+        version: "latest",
+        description,
+        contact
       },
       components: {
         securitySchemes: versionedSecuritySchemes[OPENAPI_DEFAULT_VERSION]
@@ -3305,8 +3481,7 @@ function generateOpenApiDocument(serverUrls, serverDescriptions, versionedTags,
         ...serverUrls.map((url, index) => ({
           url,
           description: serverDescriptions?.[index]
-        })),
-        ...otherServers || []
+        }))
       ],
       paths: versionedPaths[OPENAPI_DEFAULT_VERSION]
     },
@@ -3316,8 +3491,10 @@ function generateOpenApiDocument(serverUrls, serverDescriptions, versionedTags,
         {
           openapi: "3.1.0",
           info: {
-            title: process.env.API_TITLE || "API Definition",
-            version
+            title: title || process.env.API_TITLE || "API Definition",
+            version,
+            description,
+            contact
           },
           components: {
             securitySchemes: versionedSecuritySchemes[version]
@@ -3327,8 +3504,7 @@ function generateOpenApiDocument(serverUrls, serverDescriptions, versionedTags,
             ...serverUrls.map((url, index) => ({
               url,
               description: serverDescriptions?.[index]
-            })),
-            ...otherServers || []
+            }))
           ],
           paths
         }
@@ -3432,11 +3608,11 @@ function generateOperationObject(schemaValidator, path, method, controllerName,
     }
   }
   if (auth) {
-    responses[401] = {
+    coercedResponses[401] = {
       description: httpStatusCodes_default[401],
       content: contentResolver(schemaValidator, schemaValidator.string)
     };
-    responses[403] = {
+    coercedResponses[403] = {
       description: httpStatusCodes_default[403],
       content: contentResolver(schemaValidator, schemaValidator.string)
     };
@@ -3477,7 +3653,7 @@ function generateOperationObject(schemaValidator, path, method, controllerName,
   }
   return operationObject;
 }
-function generateOpenApiSpecs(schemaValidator, serverUrls, serverDescriptions, application, otherServers) {
+function generateOpenApiSpecs(schemaValidator, serverUrls, serverDescriptions, application, appOptions) {
   const versionedPaths = {
     [OPENAPI_DEFAULT_VERSION]: {}
   };
@@ -3501,7 +3677,10 @@ function generateOpenApiSpecs(schemaValidator, serverUrls, serverDescriptions, a
       const openApiPath = (0, import_common12.openApiCompliantPath)(
         `${fullPath}${route.path === "/" ? "" : route.path}`
       );
-      const { name, summary, params, versions, auth } = route.contractDetails;
+      const { name, summary, params, versions, auth, options: options2 } = route.contractDetails;
+      if (!(options2?.openapi ?? router.routerOptions?.openapi ?? appOptions !== false)) {
+        return;
+      }
       if (versions) {
         for (const version of Object.keys(versions)) {
           if (!versionedPaths[version]) {
@@ -3595,7 +3774,7 @@ function generateOpenApiSpecs(schemaValidator, serverUrls, serverDescriptions, a
     versionedTags,
     versionedPaths,
     versionedSecuritySchemes,
-    otherServers
+    appOptions
   );
 }
 
@@ -3663,11 +3842,11 @@ function mapToFetch(schemaValidator, routerMap) {
     schemaValidator,
     routerMap
   );
-  return (path, ...reqInit) => {
+  return ((path, ...reqInit) => {
     const method = reqInit[0]?.method;
     const version = reqInit[0] != null && "version" in reqInit[0] ? reqInit[0].version : void 0;
     return (version ? (0, import_common13.toRecord)((0, import_common13.toRecord)(flattenedFetchMap[path])[method ?? "GET"])[version] : (0, import_common13.toRecord)(flattenedFetchMap[path])[method ?? "GET"])(path, reqInit[0]);
-  };
+  });
 }
 function sdkClient(schemaValidator, routerMap) {
   return {
@@ -3751,6 +3930,7 @@ function metricsDefinitions(metrics2) {
   isForklaunchRequest,
   isForklaunchRouter,
   isInformational,
+  isPortBound,
   isRedirection,
   isServerError,
   isSuccessful,