npm - @forklaunch/core - Versions diffs - 0.14.8 → 0.14.11-beta.1 - Mend

@forklaunch/core 0.14.8 → 0.14.11-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/lib/http/index.js CHANGED Viewed

@@ -102,7 +102,7 @@ function cors(corsOptions) {
 }
 // src/http/router/expressLikeRouter.ts
-var import_common8 = require("@forklaunch/common");
+var import_common9 = require("@forklaunch/common");
 // src/http/guards/hasVersionedSchema.ts
 function hasVersionedSchema(contractDetails) {
@@ -157,12 +157,14 @@ function isTypedHandler(maybeTypedHandler) {
 }
 // src/http/middleware/request/auth.middleware.ts
-var import_common2 = require("@forklaunch/common");
+var import_common3 = require("@forklaunch/common");
+var import_validator = require("@forklaunch/validator");
 // src/http/discriminateAuthMethod.ts
 var import_jose = require("jose");
 // src/http/createHmacToken.ts
+var import_common2 = require("@forklaunch/common");
 var import_crypto = require("crypto");
 function createHmacToken({
   method,
@@ -173,11 +175,14 @@ function createHmacToken({
   secretKey
 }) {
   const hmac = (0, import_crypto.createHmac)("sha256", secretKey);
-  hmac.update(`${method}
+  const bodyString = body ? `${(0, import_common2.safeStringify)(body)}
+` : void 0;
+  hmac.update(
+    `${method}
 ${path}
-${body}
-${timestamp}
-${nonce}`);
+${bodyString}${timestamp.toISOString()}
+${nonce}`
+  );
   return hmac.digest("base64");
 }
@@ -197,6 +202,12 @@ function isJwtAuthMethod(maybeJwtAuthMethod) {
 }
 // src/http/discriminateAuthMethod.ts
+var DEFAULT_TTL = 60 * 1e3 * 5;
+var memoizedJwks = {
+  value: null,
+  lastUpdated: null,
+  ttl: DEFAULT_TTL
+};
 async function discriminateAuthMethod(auth) {
   let authMethod;
   if (isBasicAuthMethod(auth)) {
@@ -221,8 +232,17 @@ async function discriminateAuthMethod(auth) {
     } else {
       let jwks;
       if ("jwksPublicKeyUrl" in jwt) {
-        const jwksResponse = await fetch(jwt.jwksPublicKeyUrl);
-        jwks = (await jwksResponse.json()).keys;
+        if (memoizedJwks.value && memoizedJwks.lastUpdated && Date.now() - memoizedJwks.lastUpdated.getTime() < memoizedJwks.ttl) {
+          jwks = memoizedJwks.value;
+        } else {
+          const jwksResponse = await fetch(jwt.jwksPublicKeyUrl);
+          jwks = (await jwksResponse.json()).keys;
+          memoizedJwks.value = jwks;
+          memoizedJwks.lastUpdated = /* @__PURE__ */ new Date();
+          memoizedJwks.ttl = parseInt(
+            jwksResponse.headers.get("cache-control")?.split("=")[1] ?? `${DEFAULT_TTL / 1e3}`
+          ) * 1e3;
+        }
       } else if ("jwksPublicKey" in jwt) {
         jwks = [jwt.jwksPublicKey];
       }
@@ -232,6 +252,9 @@ async function discriminateAuthMethod(auth) {
             const { payload } = await (0, import_jose.jwtVerify)(token, key);
             return payload;
           } catch {
+            memoizedJwks.value = null;
+            memoizedJwks.lastUpdated = null;
+            memoizedJwks.ttl = DEFAULT_TTL;
             continue;
           }
         }
@@ -249,7 +272,15 @@ async function discriminateAuthMethod(auth) {
       type: "hmac",
       auth: {
         secretKeys: auth.hmac.secretKeys,
-        verificationFunction: async (method, path, body, timestamp, nonce, signature, secretKey) => {
+        verificationFunction: async ({
+          method,
+          path,
+          body,
+          timestamp,
+          nonce,
+          signature,
+          secretKey
+        }) => {
           return createHmacToken({
             method,
             path,
@@ -327,7 +358,7 @@ function parseHmacTokenPart(part, expectedKey) {
   if (key !== expectedKey || rest.length === 0) return void 0;
   return rest.join("=");
 }
-async function checkAuthorizationToken(authorizationMethod, globalOptions, authorizationToken, req) {
+async function checkAuthorizationToken(req, authorizationMethod, authorizationToken, globalOptions) {
   if (authorizationMethod == null) {
     return void 0;
   }
@@ -342,7 +373,7 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
   if (!tokenParts.length || !tokenPrefix) {
     return invalidAuthorizationTokenFormat;
   }
-  let resourceId;
+  let sessionPayload;
   const { type, auth } = await discriminateAuthMethod(
     collapsedAuthorizationMethod
   );
@@ -362,19 +393,19 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
       if (!parsedKeyId || !parsedTimestamp || !parsedNonce || !parsedSignature) {
         return invalidAuthorizationTokenFormat;
       }
-      const verificationResult = await auth.verificationFunction(
-        req?.method ?? "",
-        req?.path ?? "",
-        JSON.stringify(req?.body ?? ""),
-        parsedTimestamp,
-        parsedNonce,
-        parsedSignature,
-        collapsedAuthorizationMethod.hmac.secretKeys[parsedKeyId]
-      );
+      const verificationResult = await auth.verificationFunction({
+        method: req?.method ?? "",
+        path: req?.path ?? "",
+        body: req?.body,
+        timestamp: new Date(parsedTimestamp),
+        nonce: parsedNonce,
+        signature: parsedSignature,
+        secretKey: collapsedAuthorizationMethod.hmac.secretKeys[parsedKeyId]
+      });
       if (!verificationResult) {
         return invalidAuthorizationSignature;
       }
-      resourceId = null;
+      sessionPayload = null;
       break;
     }
     case "jwt": {
@@ -387,7 +418,7 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
         if (!decodedJwt) {
           return invalidAuthorizationToken;
         }
-        resourceId = decodedJwt;
+        sessionPayload = decodedJwt;
       } catch (error) {
         req?.openTelemetryCollector.error(error);
         return invalidAuthorizationToken;
@@ -400,7 +431,7 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
         return invalidAuthorizationTokenFormat;
       }
       if (auth.decodeResource) {
-        resourceId = await auth.decodeResource(token);
+        sessionPayload = await auth.decodeResource(token);
       } else {
         const [username, password] = Buffer.from(token, "base64").toString("utf-8").split(":");
         if (!username || !password) {
@@ -409,26 +440,39 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
         if (!auth.login(username, password)) {
           return invalidAuthorizationLogin;
         }
-        resourceId = {
+        sessionPayload = {
           sub: username
         };
       }
       break;
     }
     default:
-      (0, import_common2.isNever)(type);
+      (0, import_common3.isNever)(type);
       return [401, "Invalid Authorization method."];
   }
-  if (isHmacMethod(collapsedAuthorizationMethod) && resourceId == null) {
+  if (isHmacMethod(collapsedAuthorizationMethod) && sessionPayload == null) {
     return;
   }
-  if (resourceId == null) {
+  if (sessionPayload == null) {
     return invalidAuthorizationToken;
   }
+  req.session = sessionPayload;
+  if (collapsedAuthorizationMethod.sessionSchema) {
+    const parsedSession = req.schemaValidator.parse(
+      collapsedAuthorizationMethod.sessionSchema,
+      sessionPayload
+    );
+    if (!parsedSession.ok) {
+      return [
+        400,
+        `Invalid session: ${(0, import_validator.prettyPrintParseErrors)(parsedSession.errors, "Session")}`
+      ];
+    }
+  }
   if (hasScopeChecks(collapsedAuthorizationMethod)) {
     if (collapsedAuthorizationMethod.surfaceScopes) {
       const resourceScopes = await collapsedAuthorizationMethod.surfaceScopes(
-        resourceId,
+        sessionPayload,
         req
       );
       if (collapsedAuthorizationMethod.scopeHeirarchy) {
@@ -447,7 +491,7 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
       return [500, "No permission surfacing function provided."];
     }
     const resourcePermissions = await collapsedAuthorizationMethod.surfacePermissions(
-      resourceId,
+      sessionPayload,
       req
     );
     if ("allowedPermissions" in collapsedAuthorizationMethod && collapsedAuthorizationMethod.allowedPermissions) {
@@ -469,7 +513,7 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
       return [500, "No role surfacing function provided."];
     }
     const resourceRoles = await collapsedAuthorizationMethod.surfaceRoles(
-      resourceId,
+      sessionPayload,
       req
     );
     if ("allowedRoles" in collapsedAuthorizationMethod && collapsedAuthorizationMethod.allowedRoles) {
@@ -489,10 +533,10 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
 async function parseRequestAuth(req, res, next) {
   const auth = req.contractDetails.auth;
   const [error, message] = await checkAuthorizationToken(
+    req,
     auth,
-    req._globalOptions?.()?.auth,
     req.headers[auth?.headerName ?? "Authorization"] || req.headers[auth?.headerName ?? "authorization"],
-    req
+    req._globalOptions?.()?.auth
   ) ?? [];
   if (error != null) {
     res.type("text/plain");
@@ -503,7 +547,7 @@ async function parseRequestAuth(req, res, next) {
 }
 // src/http/middleware/request/createContext.middleware.ts
-var import_common3 = require("@forklaunch/common");
+var import_common4 = require("@forklaunch/common");
 var import_api = require("@opentelemetry/api");
 var import_uuid = require("uuid");
@@ -530,7 +574,7 @@ function createContext(schemaValidator) {
       req.context.span?.setAttribute(ATTR_CORRELATION_ID, correlationId);
       req.context.span?.setAttribute(
         import_semantic_conventions.ATTR_SERVICE_NAME,
-        (0, import_common3.getEnvVar)("OTEL_SERVICE_NAME")
+        (0, import_common4.getEnvVar)("OTEL_SERVICE_NAME")
       );
     }
     next?.();
@@ -538,10 +582,10 @@ function createContext(schemaValidator) {
 }
 // src/http/middleware/request/enrichDetails.middleware.ts
-var import_common6 = require("@forklaunch/common");
+var import_common7 = require("@forklaunch/common");
 // src/http/telemetry/openTelemetryCollector.ts
-var import_common5 = require("@forklaunch/common");
+var import_common6 = require("@forklaunch/common");
 var import_opentelemetry_instrumentation_hyper_express = require("@forklaunch/opentelemetry-instrumentation-hyper-express");
 var import_api3 = require("@opentelemetry/api");
 var import_exporter_logs_otlp_http = require("@opentelemetry/exporter-logs-otlp-http");
@@ -562,7 +606,7 @@ function isForklaunchRequest(request) {
 }
 // src/http/telemetry/pinoLogger.ts
-var import_common4 = require("@forklaunch/common");
+var import_common5 = require("@forklaunch/common");
 var import_api2 = require("@opentelemetry/api");
 var import_api_logs = require("@opentelemetry/api-logs");
 var import_pino = __toESM(require("pino"));
@@ -594,7 +638,7 @@ function mapSeverity(level) {
     case "fatal":
       return 21;
     default:
-      (0, import_common4.isNever)(level);
+      (0, import_common5.isNever)(level);
       return 0;
   }
 }
@@ -787,24 +831,24 @@ var OpenTelemetryCollector = class {
     return this.metrics[metricId];
   }
 };
-import_dotenv.default.config({ path: (0, import_common5.getEnvVar)("DOTENV_FILE_PATH") });
+import_dotenv.default.config({ path: (0, import_common6.getEnvVar)("DOTENV_FILE_PATH") });
 new import_sdk_node.NodeSDK({
   resource: (0, import_resources.resourceFromAttributes)({
-    [import_semantic_conventions2.ATTR_SERVICE_NAME]: (0, import_common5.getEnvVar)("OTEL_SERVICE_NAME")
+    [import_semantic_conventions2.ATTR_SERVICE_NAME]: (0, import_common6.getEnvVar)("OTEL_SERVICE_NAME")
   }),
   traceExporter: new import_exporter_trace_otlp_http.OTLPTraceExporter({
-    url: `${(0, import_common5.getEnvVar)("OTEL_EXPORTER_OTLP_ENDPOINT") ?? "http://localhost:4318"}/v1/traces`
+    url: `${(0, import_common6.getEnvVar)("OTEL_EXPORTER_OTLP_ENDPOINT") ?? "http://localhost:4318"}/v1/traces`
   }),
   metricReader: new import_sdk_metrics.PeriodicExportingMetricReader({
     exporter: new import_exporter_metrics_otlp_http.OTLPMetricExporter({
-      url: `${(0, import_common5.getEnvVar)("OTEL_EXPORTER_OTLP_ENDPOINT") ?? "http://localhost:4318"}/v1/metrics`
+      url: `${(0, import_common6.getEnvVar)("OTEL_EXPORTER_OTLP_ENDPOINT") ?? "http://localhost:4318"}/v1/metrics`
     }),
     exportIntervalMillis: 5e3
   }),
   logRecordProcessors: [
     new import_sdk_logs.BatchLogRecordProcessor(
       new import_exporter_logs_otlp_http.OTLPLogExporter({
-        url: `${(0, import_common5.getEnvVar)("OTEL_EXPORTER_OTLP_ENDPOINT") ?? "http://localhost:4318"}/v1/logs`
+        url: `${(0, import_common6.getEnvVar)("OTEL_EXPORTER_OTLP_ENDPOINT") ?? "http://localhost:4318"}/v1/logs`
       })
     )
   ],
@@ -813,7 +857,7 @@ new import_sdk_node.NodeSDK({
       applyCustomAttributesOnSpan: (span, request) => {
         span.setAttribute(
           import_semantic_conventions2.ATTR_SERVICE_NAME,
-          (0, import_common5.getEnvVar)("OTEL_SERVICE_NAME") ?? "unknown"
+          (0, import_common6.getEnvVar)("OTEL_SERVICE_NAME") ?? "unknown"
         );
         if (isForklaunchRequest(request)) {
           span.setAttribute(ATTR_API_NAME, request.contractDetails?.name);
@@ -825,10 +869,10 @@ new import_sdk_node.NodeSDK({
     new import_opentelemetry_instrumentation_hyper_express.HyperExpressInstrumentation()
   ]
 }).start();
-var httpRequestsTotalCounter = import_api3.metrics.getMeter((0, import_common5.getEnvVar)("OTEL_SERVICE_NAME") || "unknown").createCounter("http_requests_total", {
+var httpRequestsTotalCounter = import_api3.metrics.getMeter((0, import_common6.getEnvVar)("OTEL_SERVICE_NAME") || "unknown").createCounter("http_requests_total", {
   description: "Number of HTTP requests"
 });
-var httpServerDurationHistogram = import_api3.metrics.getMeter((0, import_common5.getEnvVar)("OTEL_SERVICE_NAME") || "unknown").createHistogram("http_server_duration", {
+var httpServerDurationHistogram = import_api3.metrics.getMeter((0, import_common6.getEnvVar)("OTEL_SERVICE_NAME") || "unknown").createHistogram("http_server_duration", {
   description: "Duration of HTTP server requests",
   unit: "s"
 });
@@ -848,7 +892,7 @@ function enrichDetails(path, contractDetails, requestSchema, responseSchemas, op
       const [seconds, nanoseconds] = process.hrtime(startTime);
       const durationMs = seconds + nanoseconds / 1e9;
       httpServerDurationHistogram.record(durationMs, {
-        [import_semantic_conventions.ATTR_SERVICE_NAME]: (0, import_common6.getEnvVar)("OTEL_SERVICE_NAME") || "unknown",
+        [import_semantic_conventions.ATTR_SERVICE_NAME]: (0, import_common7.getEnvVar)("OTEL_SERVICE_NAME") || "unknown",
         [ATTR_API_NAME]: req.contractDetails?.name || "unknown",
         [import_semantic_conventions.ATTR_HTTP_REQUEST_METHOD]: req.method,
         [import_semantic_conventions.ATTR_HTTP_ROUTE]: req.originalPath || "unknown",
@@ -860,8 +904,8 @@ function enrichDetails(path, contractDetails, requestSchema, responseSchemas, op
 }
 // src/http/middleware/request/parse.middleware.ts
-var import_common7 = require("@forklaunch/common");
-var import_validator = require("@forklaunch/validator");
+var import_common8 = require("@forklaunch/common");
+var import_validator2 = require("@forklaunch/validator");
 // src/http/guards/hasSend.ts
 function hasSend(res) {
@@ -888,7 +932,7 @@ function parse(req, res, next) {
   let parsedRequest;
   let collectedParseErrors;
   if (req.contractDetails.versions) {
-    if ((0, import_common7.isRecord)(req.requestSchema)) {
+    if ((0, import_common8.isRecord)(req.requestSchema)) {
       let runningParseErrors = "";
       matchedVersions = [];
       Object.entries(req.requestSchema).forEach(([version, schema]) => {
@@ -899,7 +943,7 @@ function parse(req, res, next) {
           req.version = version;
           res.version = req.version;
         } else {
-          runningParseErrors += (0, import_validator.prettyPrintParseErrors)(
+          runningParseErrors += (0, import_validator2.prettyPrintParseErrors)(
             parsingResult.errors,
             `Version ${version} request`
           );
@@ -957,7 +1001,7 @@ function parse(req, res, next) {
         res.status(400);
         if (hasSend(res)) {
           res.send(
-            `${collectedParseErrors ?? (0, import_validator.prettyPrintParseErrors)(parsedRequest.errors, "Request")}
+            `${collectedParseErrors ?? (0, import_validator2.prettyPrintParseErrors)(parsedRequest.errors, "Request")}
 Correlation id: ${req.context.correlationId ?? "No correlation ID"}`
           );
@@ -967,7 +1011,7 @@ Correlation id: ${req.context.correlationId ?? "No correlation ID"}`
         return;
       case "warning":
         req.openTelemetryCollector.warn(
-          collectedParseErrors ?? (0, import_validator.prettyPrintParseErrors)(parsedRequest.errors, "Request")
+          collectedParseErrors ?? (0, import_validator2.prettyPrintParseErrors)(parsedRequest.errors, "Request")
         );
         break;
       case "none":
@@ -1280,13 +1324,13 @@ var ForklaunchExpressLikeRouter = class _ForklaunchExpressLikeRouter {
             versionedContractDetails,
             contractDetails.params
           );
-          if ((0, import_common8.isRecord)(requestSchema)) {
+          if ((0, import_common9.isRecord)(requestSchema)) {
             requestSchema = {
               ...requestSchema,
               [version]: versionedRequestSchema
             };
           }
-          if ((0, import_common8.isRecord)(responseSchemas)) {
+          if ((0, import_common9.isRecord)(responseSchemas)) {
             responseSchemas = {
               ...responseSchemas,
               [version]: versionedResponseSchemas
@@ -1475,8 +1519,8 @@ var ForklaunchExpressLikeRouter = class _ForklaunchExpressLikeRouter {
           ...resolvedMiddlewares,
           this.#parseAndRunControllerHandler(controllerHandler)
         );
-        (0, import_common8.toRecord)(this._fetchMap)[(0, import_common8.sanitizePathSlashes)(`${this.basePath}${path}`)] = {
-          ...this._fetchMap[(0, import_common8.sanitizePathSlashes)(`${this.basePath}${path}`)] ?? {},
+        (0, import_common9.toRecord)(this._fetchMap)[(0, import_common9.sanitizePathSlashes)(`${this.basePath}${path}`)] = {
+          ...this._fetchMap[(0, import_common9.sanitizePathSlashes)(`${this.basePath}${path}`)] ?? {},
           [method.toUpperCase()]: contractDetails.versions ? Object.fromEntries(
             Object.keys(contractDetails.versions).map((version) => [
               version,
@@ -1484,7 +1528,7 @@ var ForklaunchExpressLikeRouter = class _ForklaunchExpressLikeRouter {
             ])
           ) : this.#localParamRequest(handlers, controllerHandler)
         };
-        (0, import_common8.toRecord)(this.sdk)[(0, import_common8.toPrettyCamelCase)(contractDetails.name)] = contractDetails.versions ? Object.fromEntries(
+        (0, import_common9.toRecord)(this.sdk)[(0, import_common9.toPrettyCamelCase)(contractDetails.name)] = contractDetails.versions ? Object.fromEntries(
           Object.keys(contractDetails.versions).map((version) => [
             version,
             (req) => this.#localParamRequest(
@@ -1583,10 +1627,10 @@ var ForklaunchExpressLikeRouter = class _ForklaunchExpressLikeRouter {
   }
   addRouterToSdk(router) {
     Object.entries(router._fetchMap).map(
-      ([key, value]) => (0, import_common8.toRecord)(this._fetchMap)[(0, import_common8.sanitizePathSlashes)(`${this.basePath}${key}`)] = value
+      ([key, value]) => (0, import_common9.toRecord)(this._fetchMap)[(0, import_common9.sanitizePathSlashes)(`${this.basePath}${key}`)] = value
     );
-    const existingSdk = this.sdk[router.sdkName ?? (0, import_common8.toPrettyCamelCase)(router.basePath)];
-    (0, import_common8.toRecord)(this.sdk)[router.sdkName ?? (0, import_common8.toPrettyCamelCase)(router.basePath)] = {
+    const existingSdk = this.sdk[router.sdkName ?? (0, import_common9.toPrettyCamelCase)(router.basePath)];
+    (0, import_common9.toRecord)(this.sdk)[router.sdkName ?? (0, import_common9.toPrettyCamelCase)(router.basePath)] = {
       ...typeof existingSdk === "object" ? existingSdk : {},
       ...router.sdk
     };
@@ -2985,7 +3029,7 @@ var getCodeForStatus = (status) => {
 var httpStatusCodes_default = HTTPStatuses;
 // src/http/mcpGenerator/mcpGenerator.ts
-var import_common9 = require("@forklaunch/common");
+var import_common10 = require("@forklaunch/common");
 var import_fastmcp_fork = require("@forklaunch/fastmcp-fork");
 var import_zod = require("@forklaunch/validator/zod");
@@ -3122,7 +3166,7 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, appli
           if (discriminatedBody) {
             switch (discriminatedBody.parserType) {
               case "json": {
-                parsedBody = (0, import_common9.safeStringify)(body);
+                parsedBody = (0, import_common10.safeStringify)(body);
                 break;
               }
               case "text": {
@@ -3135,7 +3179,7 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, appli
               }
               case "multipart": {
                 const formData = new FormData();
-                if ((0, import_common9.isRecord)(body)) {
+                if ((0, import_common10.isRecord)(body)) {
                   for (const key in body) {
                     if (typeof body[key] === "string" || body[key] instanceof Blob) {
                       formData.append(key, body[key]);
@@ -3150,11 +3194,11 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, appli
                 break;
               }
               case "urlEncoded": {
-                if ((0, import_common9.isRecord)(body)) {
+                if ((0, import_common10.isRecord)(body)) {
                   parsedBody = new URLSearchParams(
                     Object.entries(body).map(([key, value]) => [
                       key,
-                      (0, import_common9.safeStringify)(value)
+                      (0, import_common10.safeStringify)(value)
                     ])
                   );
                 } else {
@@ -3163,8 +3207,8 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, appli
                 break;
               }
               default: {
-                (0, import_common9.isNever)(discriminatedBody.parserType);
-                parsedBody = (0, import_common9.safeStringify)(body);
+                (0, import_common10.isNever)(discriminatedBody.parserType);
+                parsedBody = (0, import_common10.safeStringify)(body);
                 break;
               }
             }
@@ -3173,7 +3217,7 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, appli
             const queryString = new URLSearchParams(
               Object.entries(query).map(([key, value]) => [
                 key,
-                (0, import_common9.safeStringify)(value)
+                (0, import_common10.safeStringify)(value)
               ])
             ).toString();
             url += queryString ? `?${queryString}` : "";
@@ -3206,7 +3250,7 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, appli
                 content: [
                   {
                     type: "text",
-                    text: (0, import_common9.safeStringify)(await response.json())
+                    text: (0, import_common10.safeStringify)(await response.json())
                   }
                 ]
               };
@@ -3251,7 +3295,7 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, appli
 }
 // src/http/middleware/response/parse.middleware.ts
-var import_validator2 = require("@forklaunch/validator");
+var import_validator3 = require("@forklaunch/validator");
 // src/http/guards/isResponseCompiledSchema.ts
 function isResponseCompiledSchema(schema) {
@@ -3312,13 +3356,13 @@ function parse2(req, res, next) {
   );
   const parseErrors = [];
   if (!parsedHeaders.ok) {
-    const headerErrors = (0, import_validator2.prettyPrintParseErrors)(parsedHeaders.errors, "Header");
+    const headerErrors = (0, import_validator3.prettyPrintParseErrors)(parsedHeaders.errors, "Header");
     if (headerErrors) {
       parseErrors.push(headerErrors);
     }
   }
   if (!parsedResponse.ok) {
-    const responseErrors = (0, import_validator2.prettyPrintParseErrors)(
+    const responseErrors = (0, import_validator3.prettyPrintParseErrors)(
       parsedResponse.errors,
       "Response"
     );
@@ -3360,18 +3404,18 @@ ${parseErrors.join("\n\n")}`
 }
 // src/http/middleware/response/enrichExpressLikeSend.middleware.ts
-var import_common11 = require("@forklaunch/common");
+var import_common12 = require("@forklaunch/common");
 var import_stream = require("stream");
 // src/http/telemetry/recordMetric.ts
-var import_common10 = require("@forklaunch/common");
+var import_common11 = require("@forklaunch/common");
 var import_semantic_conventions3 = require("@opentelemetry/semantic-conventions");
 function recordMetric(req, res) {
   if (res.metricRecorded) {
     return;
   }
   httpRequestsTotalCounter.add(1, {
-    [import_semantic_conventions3.ATTR_SERVICE_NAME]: (0, import_common10.getEnvVar)("OTEL_SERVICE_NAME"),
+    [import_semantic_conventions3.ATTR_SERVICE_NAME]: (0, import_common11.getEnvVar)("OTEL_SERVICE_NAME"),
     [ATTR_API_NAME]: req.contractDetails?.name,
     [import_semantic_conventions3.ATTR_HTTP_REQUEST_METHOD]: req.method,
     [import_semantic_conventions3.ATTR_HTTP_ROUTE]: req.originalPath,
@@ -3420,8 +3464,8 @@ function enrichExpressLikeSend(instance, req, res, originalOperation, originalSe
         `attachment; filename="${data.name}"`
       );
     }
-    if ((0, import_common11.isNodeJsWriteableStream)(res)) {
-      import_stream.Readable.from((0, import_common11.readableStreamToAsyncIterable)(data.stream())).pipe(
+    if ((0, import_common12.isNodeJsWriteableStream)(res)) {
+      import_stream.Readable.from((0, import_common12.readableStreamToAsyncIterable)(data.stream())).pipe(
         res
       );
     } else {
@@ -3430,7 +3474,7 @@ function enrichExpressLikeSend(instance, req, res, originalOperation, originalSe
       originalSend.call(instance, "Not a NodeJS WritableStream");
       errorSent = true;
     }
-  } else if ((0, import_common11.isAsyncGenerator)(data)) {
+  } else if ((0, import_common12.isAsyncGenerator)(data)) {
     let firstPass = true;
     const transformer = new import_stream.Transform({
       objectMode: true,
@@ -3458,7 +3502,7 @@ ${res.locals.errorMessage}`;
         if (!errorSent) {
           let data2 = "";
           for (const [key, value] of Object.entries(chunk)) {
-            data2 += `${key}: ${typeof value === "string" ? value : (0, import_common11.safeStringify)(value)}
+            data2 += `${key}: ${typeof value === "string" ? value : (0, import_common12.safeStringify)(value)}
 `;
           }
           data2 += "\n";
@@ -3466,7 +3510,7 @@ ${res.locals.errorMessage}`;
         }
       }
     });
-    if ((0, import_common11.isNodeJsWriteableStream)(res)) {
+    if ((0, import_common12.isNodeJsWriteableStream)(res)) {
       import_stream.Readable.from(data).pipe(transformer).pipe(res);
     } else {
       res.type("text/plain");
@@ -3477,7 +3521,7 @@ ${res.locals.errorMessage}`;
   } else {
     const parserType = responseBodies?.[Number(res.statusCode)]?.parserType;
     res.bodyData = data;
-    if ((0, import_common11.isRecord)(data)) {
+    if ((0, import_common12.isRecord)(data)) {
       switch (parserType) {
         case "json":
           res.bodyData = "json" in data ? data.json : data;
@@ -3498,7 +3542,7 @@ ${res.locals.errorMessage}`;
           res.bodyData = data;
           break;
         default:
-          (0, import_common11.isNever)(parserType);
+          (0, import_common12.isNever)(parserType);
           res.bodyData = data;
           break;
       }
@@ -3534,7 +3578,7 @@ ${res.locals.errorMessage}`;
 }
 // src/http/openApiV3Generator/openApiV3Generator.ts
-var import_common12 = require("@forklaunch/common");
+var import_common13 = require("@forklaunch/common");
 var OPENAPI_DEFAULT_VERSION = Symbol("default");
 function toUpperCase(str) {
   return str.charAt(0).toUpperCase() + str.slice(1);
@@ -3757,7 +3801,7 @@ function generateOpenApiSpecs(schemaValidator, serverUrls, serverDescriptions, a
   ].forEach(({ fullPath, router }) => {
     const controllerName = transformBasePath(fullPath);
     router.routes.forEach((route) => {
-      const openApiPath = (0, import_common12.openApiCompliantPath)(
+      const openApiPath = (0, import_common13.openApiCompliantPath)(
         `${fullPath}${route.path === "/" ? "" : route.path}`
       );
       const { name, summary, params, versions, auth, options: options2 } = route.contractDetails;
@@ -3862,7 +3906,7 @@ function generateOpenApiSpecs(schemaValidator, serverUrls, serverDescriptions, a
 }
 // src/http/sdk/sdkClient.ts
-var import_common13 = require("@forklaunch/common");
+var import_common14 = require("@forklaunch/common");
 // src/http/guards/isSdkRouter.ts
 function isSdkRouter(value) {
@@ -3874,12 +3918,12 @@ function mapToSdk(schemaValidator, routerMap, runningPath = void 0) {
   const routerUniquenessCache = /* @__PURE__ */ new Set();
   return Object.fromEntries(
     Object.entries(routerMap).map(([key, value]) => {
-      if (routerUniquenessCache.has((0, import_common13.hashString)((0, import_common13.safeStringify)(value)))) {
+      if (routerUniquenessCache.has((0, import_common14.hashString)((0, import_common14.safeStringify)(value)))) {
         throw new Error(
           `SdkClient: Cannot use the same router pointer twice. Please clone the duplicate router with .clone() or only use the router once.`
         );
       }
-      routerUniquenessCache.add((0, import_common13.hashString)((0, import_common13.safeStringify)(value)));
+      routerUniquenessCache.add((0, import_common14.hashString)((0, import_common14.safeStringify)(value)));
       const currentPath = runningPath ? [runningPath, key].join(".") : key;
       if (isSdkRouter(value)) {
         Object.entries(value.sdkPaths).forEach(([routePath, sdkKey]) => {
@@ -3928,19 +3972,43 @@ function mapToFetch(schemaValidator, routerMap) {
   return ((path, ...reqInit) => {
     const method = reqInit[0]?.method;
     const version = reqInit[0] != null && "version" in reqInit[0] ? reqInit[0].version : void 0;
-    return (version ? (0, import_common13.toRecord)((0, import_common13.toRecord)(flattenedFetchMap[path])[method ?? "GET"])[version] : (0, import_common13.toRecord)(flattenedFetchMap[path])[method ?? "GET"])(path, reqInit[0]);
+    return (version ? (0, import_common14.toRecord)((0, import_common14.toRecord)(flattenedFetchMap[path])[method ?? "GET"])[version] : (0, import_common14.toRecord)(flattenedFetchMap[path])[method ?? "GET"])(path, reqInit[0]);
   });
 }
-function sdkClient(schemaValidator, routerMap) {
-  return {
+function sdkClient(schemaValidator, routerMap, options2) {
+  if (options2?.lazyEvaluation) {
+    let _sdk;
+    let _fetch;
+    const lazyClient = {
+      _finalizedSdk: true,
+      get sdk() {
+        if (!_sdk) {
+          _sdk = mapToSdk(schemaValidator, routerMap);
+        }
+        return _sdk;
+      },
+      get fetch() {
+        if (!_fetch) {
+          _fetch = mapToFetch(schemaValidator, routerMap);
+        }
+        return _fetch;
+      }
+    };
+    return lazyClient;
+  }
+  const client = {
     _finalizedSdk: true,
     sdk: mapToSdk(schemaValidator, routerMap),
     fetch: mapToFetch(schemaValidator, routerMap)
   };
+  if (options2?.optimizePerformance) {
+    return client;
+  }
+  return client;
 }
 // src/http/sdk/sdkRouter.ts
-var import_common14 = require("@forklaunch/common");
+var import_common15 = require("@forklaunch/common");
 function sdkRouter(schemaValidator, controller, router) {
   const controllerSdkPaths = [];
   const mappedSdk = Object.fromEntries(
@@ -3950,7 +4018,7 @@ function sdkRouter(schemaValidator, controller, router) {
       router.sdkPaths[sdkPath] = key;
       return [
         key,
-        router.sdk[(0, import_common14.toPrettyCamelCase)(value.contractDetails.name)]
+        router.sdk[(0, import_common15.toPrettyCamelCase)(value.contractDetails.name)]
       ];
     })
   );