@forklaunch/core 0.17.2 → 0.18.0

package/lib/{apiDefinition.types-XZ0lrfFc.d.mts → apiDefinition.types-DnUkFmfT.d.mts}

@@ -1,4 +1,4 @@
-import { UnionToIntersection, TypeSafeFunction, StringWithoutSlash, Prettify, MakePropertyOptionalIfChildrenOptional, SanitizePathSlashes } from '@forklaunch/common';
+import { UnionToIntersection, TypeSafeFunction, StringWithoutSlash, Prettify, SanitizePathSlashes, MakePropertyOptionalIfChildrenOptional } from '@forklaunch/common';
 import { AnySchemaValidator, UnboxedObjectSchema, IdiomaticSchema, Schema } from '@forklaunch/validator';
 import { Counter, Gauge, Histogram, UpDownCounter, ObservableCounter, ObservableGauge, ObservableUpDownCounter, Span } from '@opentelemetry/api';
 import { JWTPayload, JWK } from 'jose';
@@ -247,6 +247,8 @@ type SchemaAuthMethods<SV extends AnySchemaValidator, ParamsSchema extends Param
     readonly requiredScope?: string;
     readonly scopeHeirarchy?: string[];
     readonly surfaceScopes?: ExpressLikeSchemaAuthMapper<SV, ParamsSchema, ReqBody, QuerySchema, ReqHeaders, VersionedApi, SessionObject<SV>, BaseRequest>;
+    readonly requiredFeatures?: string[];
+    readonly requireActiveSubscription?: boolean;
 } & ({
     readonly surfacePermissions?: ExpressLikeSchemaAuthMapper<SV, ParamsSchema, ReqBody, QuerySchema, ReqHeaders, VersionedApi, SessionObject<SV>, BaseRequest>;
 } | {
@@ -257,6 +259,8 @@ type AuthMethods<SV extends AnySchemaValidator, P extends ParamsDictionary, ReqB
     readonly requiredScope?: string;
     readonly scopeHeirarchy?: string[];
     readonly surfaceScopes?: ExpressLikeAuthMapper<SV, P, ReqBody, ReqQuery, ReqHeaders, VersionedReqs, SessionObject<SV>, BaseRequest>;
+    readonly requiredFeatures?: string[];
+    readonly requireActiveSubscription?: boolean;
 } & (({
     readonly surfacePermissions?: ExpressLikeAuthMapper<SV, P, ReqBody, ReqQuery, ReqHeaders, VersionedReqs, SessionObject<SV>, BaseRequest>;
 } & PermissionSet) | ({
@@ -416,16 +420,28 @@ type DocsConfiguration = ({
     type: 'swagger';
 };
 
+/**
+ * Default subscription data structure.
+ * Applications can override this with their own subscription type.
+ */
+type DefaultSubscriptionData = {
+    subscriptionId: string;
+    planId: string;
+    planName: string;
+    status: string;
+    currentPeriodEnd: Date;
+} | null;
 /**
  * Options for global authentication in Express-like applications.
  *
  * @template SV - The schema validator type.
  * @template SessionSchema - The session schema type.
+ * @template SubscriptionData - The subscription data type (defaults to DefaultSubscriptionData, must extend Record<string, unknown> | null).
  *
  * Can be `false` to disable authentication, or an object specifying session schema and
- * functions to surface scopes, permissions, and roles from the JWT/session.
+ * functions to surface scopes, permissions, roles, subscription, and features from the JWT/session.
  */
-type ExpressLikeGlobalAuthOptions<SV extends AnySchemaValidator, SessionSchema extends Record<string, unknown>> = false | {
+type ExpressLikeGlobalAuthOptions<SV extends AnySchemaValidator, SessionSchema extends Record<string, unknown>, SubscriptionData extends Record<string, unknown> | null = DefaultSubscriptionData> = false | {
     /**
      * Optional session schema for the authentication context.
      */
@@ -446,25 +462,37 @@ type ExpressLikeGlobalAuthOptions<SV extends AnySchemaValidator, SessionSchema e
      * Function to extract a set of roles from the JWT payload and request.
      */
     surfaceRoles?: (payload: JWTPayload & SessionSchema, req?: ForklaunchRequest<SV, Record<string, string>, Record<string, unknown>, Record<string, unknown>, Record<string, unknown>, string, SessionSchema>) => Set<string> | Promise<Set<string>>;
+    /**
+     * Function to extract subscription data from the JWT payload and request.
+     * Returns subscription information (status, plan, etc.) or null if no subscription.
+     */
+    surfaceSubscription?: (payload: JWTPayload & SessionSchema, req?: ForklaunchRequest<SV, Record<string, string>, Record<string, unknown>, Record<string, unknown>, Record<string, unknown>, string, SessionSchema>) => SubscriptionData | Promise<SubscriptionData>;
+    /**
+     * Function to extract a set of feature flags from the JWT payload and request.
+     * Returns features available to the organization based on their billing plan.
+     */
+    surfaceFeatures?: (payload: JWTPayload & SessionSchema, req?: ForklaunchRequest<SV, Record<string, string>, Record<string, unknown>, Record<string, unknown>, Record<string, unknown>, string, SessionSchema>) => Set<string> | Promise<Set<string>>;
 };
 /**
  * Schema-aware version of ExpressLikeGlobalAuthOptions.
  *
  * @template SV - The schema validator type.
  * @template SessionSchema - The session object type.
+ * @template SubscriptionData - The subscription data type.
  */
-type ExpressLikeSchemaGlobalAuthOptions<SV extends AnySchemaValidator, SessionSchema extends SessionObject<SV>> = ExpressLikeGlobalAuthOptions<SV, MapSessionSchema<SV, SessionSchema>>;
+type ExpressLikeSchemaGlobalAuthOptions<SV extends AnySchemaValidator, SessionSchema extends SessionObject<SV>, SubscriptionData extends Record<string, unknown> | null = DefaultSubscriptionData> = ExpressLikeGlobalAuthOptions<SV, MapSessionSchema<SV, SessionSchema>, SubscriptionData>;
 /**
  * Options for configuring an Express-like router.
  *
  * @template SV - The schema validator type.
  * @template SessionSchema - The session object type.
+ * @template SubscriptionData - The subscription data type.
  */
-type ExpressLikeRouterOptions<SV extends AnySchemaValidator, SessionSchema extends SessionObject<SV>> = {
+type ExpressLikeRouterOptions<SV extends AnySchemaValidator, SessionSchema extends SessionObject<SV>, SubscriptionData extends Record<string, unknown> | null = DefaultSubscriptionData> = {
     /**
      * Authentication options for the router.
      */
-    auth?: ExpressLikeSchemaGlobalAuthOptions<SV, SessionSchema>;
+    auth?: ExpressLikeSchemaGlobalAuthOptions<SV, SessionSchema, SubscriptionData>;
     /**
      * Validation options for request and response.
      * Can be `false` to disable validation, or an object to configure request/response validation levels.
@@ -493,8 +521,9 @@ type ExpressLikeRouterOptions<SV extends AnySchemaValidator, SessionSchema exten
  *
  * @template SV - The schema validator type.
  * @template SessionSchema - The session object type.
+ * @template SubscriptionData - The subscription data type.
  */
-type ExpressLikeApplicationOptions<SV extends AnySchemaValidator, SessionSchema extends SessionObject<SV>> = Omit<ExpressLikeRouterOptions<SV, SessionSchema>, 'openapi' | 'mcp'> & {
+type ExpressLikeApplicationOptions<SV extends AnySchemaValidator, SessionSchema extends SessionObject<SV>, SubscriptionData extends Record<string, unknown> | null = DefaultSubscriptionData> = Omit<ExpressLikeRouterOptions<SV, SessionSchema, SubscriptionData>, 'openapi' | 'mcp'> & {
     /**
      * Documentation configuration.
      */
@@ -1065,4 +1094,4 @@ type ResponseShape<Params, Headers, Query, Body> = {
  */
 type PathMatch<SuppliedPath extends `/${string}`, ActualPath extends `/${string}`> = ActualPath extends SuppliedPath ? SuppliedPath extends ActualPath ? SuppliedPath : never : never;
 
-export { type MapReqBodySchema as $, type AuthMethodsBase as A, type Body as B, type ContractDetails as C, type DecodeResource as D, type ExpressLikeRouterOptions as E, type ForklaunchRequest as F, type ForklaunchBaseRequest as G, type HttpContractDetails as H, type ResolvedForklaunchRequest as I, type ResolvedForklaunchAuthRequest as J, type VersionedResponses as K, type LiveTypeFunction as L, type Method as M, type ResolvedForklaunchResponse as N, OpenTelemetryCollector as O, type PathParamHttpContractDetails as P, type QueryObject as Q, type ResponsesObject as R, type StringOnlyObject as S, type TelemetryOptions as T, type ExpressLikeHandler as U, type VersionSchema as V, type MapParamsSchema as W, type ExtractContentType as X, type ExtractResponseBody as Y, type MapResBodyMapSchema as Z, type ExtractBody as _, type SessionObject as a, type MapReqQuerySchema as a0, type MapReqHeadersSchema as a1, type MapResHeadersSchema as a2, type MapVersionedReqsSchema as a3, type MapVersionedRespsSchema as a4, type MapSessionSchema as a5, type ExpressLikeAuthMapper as a6, type LiveTypeFunctionRequestInit as a7, type ForklaunchResErrors as a8, type ErrorContainer as a9, type MetricType as aA, type ResponseShape as aa, type NumberOnlyObject as ab, type BodyObject as ac, type RawTypedResponseBody as ad, type TypedResponseBody as ae, type ResponseBody as af, type JsonBody as ag, type TextBody as ah, type FileBody as ai, type MultipartForm as aj, type UrlEncodedForm as ak, type ServerSentEventBody as al, type UnknownBody as am, type UnknownResponseBody as an, type TypedRequestBody as ao, type TypedBody as ap, type JwtAuthMethods as aq, type HmacMethods as ar, type MapSchema as as, type ExtractedParamsObject as at, type PathParamMethod as au, type HttpMethod as av, type ResponseCompiledSchema as aw, type DocsConfiguration as ax, type ExpressLikeGlobalAuthOptions as ay, type ExpressLikeSchemaGlobalAuthOptions as az, type ParamsObject as b, type HeadersObject as c, type SchemaAuthMethods as d, type ExpressLikeSchemaHandler as e, type ResolvedSessionObject as f, type PathMatch as g, type LiveSdkFunction as h, type MetricsDefinition as i, type ExpressLikeApplicationOptions as j, type ParamsDictionary as k, type VersionedRequests as l, type AuthMethods as m, type BasicAuthMethods as n, type MiddlewareContractDetails as o, type ExpressLikeSchemaAuthMapper as p, type ForklaunchNextFunction as q, type ForklaunchResponse as r, type ForklaunchResHeaders as s, type ForklaunchStatusResponse as t, type ForklaunchSendableData as u, type LoggerMeta as v, type LogFn as w, httpRequestsTotalCounter as x, httpServerDurationHistogram as y, type RequestContext as z };
+export { type ForklaunchResErrors as $, type AuthMethodsBase as A, type Body as B, type ContractDetails as C, type DecodeResource as D, type ExpressLikeRouterOptions as E, type ForklaunchRequest as F, type ErrorContainer as G, type HttpContractDetails as H, type ExpressLikeAuthMapper as I, type ExpressLikeGlobalAuthOptions as J, type ExpressLikeHandler as K, type LiveTypeFunction as L, type Method as M, type ExpressLikeSchemaGlobalAuthOptions as N, OpenTelemetryCollector as O, type PathParamHttpContractDetails as P, type QueryObject as Q, type ResponsesObject as R, type StringOnlyObject as S, type TelemetryOptions as T, type ExtractBody as U, type VersionSchema as V, type ExtractContentType as W, type ExtractResponseBody as X, type ExtractedParamsObject as Y, type FileBody as Z, type ForklaunchBaseRequest as _, type SessionObject as a, type HmacMethods as a0, type HttpMethod as a1, type JsonBody as a2, type JwtAuthMethods as a3, type LiveTypeFunctionRequestInit as a4, type MapParamsSchema as a5, type MapReqBodySchema as a6, type MapReqHeadersSchema as a7, type MapReqQuerySchema as a8, type MapResBodyMapSchema as a9, httpRequestsTotalCounter as aA, httpServerDurationHistogram as aB, type MapResHeadersSchema as aa, type MapSchema as ab, type MapSessionSchema as ac, type MapVersionedReqsSchema as ad, type MapVersionedRespsSchema as ae, type MetricType as af, type MultipartForm as ag, type NumberOnlyObject as ah, type PathParamMethod as ai, type RawTypedResponseBody as aj, type RequestContext as ak, type ResolvedForklaunchAuthRequest as al, type ResolvedForklaunchRequest as am, type ResolvedForklaunchResponse as an, type ResponseBody as ao, type ResponseCompiledSchema as ap, type ResponseShape as aq, type ServerSentEventBody as ar, type TextBody as as, type TypedBody as at, type TypedRequestBody as au, type TypedResponseBody as av, type UnknownBody as aw, type UnknownResponseBody as ax, type UrlEncodedForm as ay, type VersionedResponses as az, type ParamsObject as b, type HeadersObject as c, type SchemaAuthMethods as d, type ExpressLikeSchemaHandler as e, type ResolvedSessionObject as f, type PathMatch as g, type LiveSdkFunction as h, type MetricsDefinition as i, type ExpressLikeApplicationOptions as j, type ParamsDictionary as k, type VersionedRequests as l, type AuthMethods as m, type BasicAuthMethods as n, type MiddlewareContractDetails as o, type ExpressLikeSchemaAuthMapper as p, type ForklaunchNextFunction as q, type ForklaunchResponse as r, type ForklaunchResHeaders as s, type ForklaunchStatusResponse as t, type ForklaunchSendableData as u, type LoggerMeta as v, type LogFn as w, type BodyObject as x, type DefaultSubscriptionData as y, type DocsConfiguration as z };

package/lib/{apiDefinition.types-XZ0lrfFc.d.ts → apiDefinition.types-DnUkFmfT.d.ts}

@@ -1,4 +1,4 @@
-import { UnionToIntersection, TypeSafeFunction, StringWithoutSlash, Prettify, MakePropertyOptionalIfChildrenOptional, SanitizePathSlashes } from '@forklaunch/common';
+import { UnionToIntersection, TypeSafeFunction, StringWithoutSlash, Prettify, SanitizePathSlashes, MakePropertyOptionalIfChildrenOptional } from '@forklaunch/common';
 import { AnySchemaValidator, UnboxedObjectSchema, IdiomaticSchema, Schema } from '@forklaunch/validator';
 import { Counter, Gauge, Histogram, UpDownCounter, ObservableCounter, ObservableGauge, ObservableUpDownCounter, Span } from '@opentelemetry/api';
 import { JWTPayload, JWK } from 'jose';
@@ -247,6 +247,8 @@ type SchemaAuthMethods<SV extends AnySchemaValidator, ParamsSchema extends Param
     readonly requiredScope?: string;
     readonly scopeHeirarchy?: string[];
     readonly surfaceScopes?: ExpressLikeSchemaAuthMapper<SV, ParamsSchema, ReqBody, QuerySchema, ReqHeaders, VersionedApi, SessionObject<SV>, BaseRequest>;
+    readonly requiredFeatures?: string[];
+    readonly requireActiveSubscription?: boolean;
 } & ({
     readonly surfacePermissions?: ExpressLikeSchemaAuthMapper<SV, ParamsSchema, ReqBody, QuerySchema, ReqHeaders, VersionedApi, SessionObject<SV>, BaseRequest>;
 } | {
@@ -257,6 +259,8 @@ type AuthMethods<SV extends AnySchemaValidator, P extends ParamsDictionary, ReqB
     readonly requiredScope?: string;
     readonly scopeHeirarchy?: string[];
     readonly surfaceScopes?: ExpressLikeAuthMapper<SV, P, ReqBody, ReqQuery, ReqHeaders, VersionedReqs, SessionObject<SV>, BaseRequest>;
+    readonly requiredFeatures?: string[];
+    readonly requireActiveSubscription?: boolean;
 } & (({
     readonly surfacePermissions?: ExpressLikeAuthMapper<SV, P, ReqBody, ReqQuery, ReqHeaders, VersionedReqs, SessionObject<SV>, BaseRequest>;
 } & PermissionSet) | ({
@@ -416,16 +420,28 @@ type DocsConfiguration = ({
     type: 'swagger';
 };
 
+/**
+ * Default subscription data structure.
+ * Applications can override this with their own subscription type.
+ */
+type DefaultSubscriptionData = {
+    subscriptionId: string;
+    planId: string;
+    planName: string;
+    status: string;
+    currentPeriodEnd: Date;
+} | null;
 /**
  * Options for global authentication in Express-like applications.
  *
  * @template SV - The schema validator type.
  * @template SessionSchema - The session schema type.
+ * @template SubscriptionData - The subscription data type (defaults to DefaultSubscriptionData, must extend Record<string, unknown> | null).
  *
  * Can be `false` to disable authentication, or an object specifying session schema and
- * functions to surface scopes, permissions, and roles from the JWT/session.
+ * functions to surface scopes, permissions, roles, subscription, and features from the JWT/session.
  */
-type ExpressLikeGlobalAuthOptions<SV extends AnySchemaValidator, SessionSchema extends Record<string, unknown>> = false | {
+type ExpressLikeGlobalAuthOptions<SV extends AnySchemaValidator, SessionSchema extends Record<string, unknown>, SubscriptionData extends Record<string, unknown> | null = DefaultSubscriptionData> = false | {
     /**
      * Optional session schema for the authentication context.
      */
@@ -446,25 +462,37 @@ type ExpressLikeGlobalAuthOptions<SV extends AnySchemaValidator, SessionSchema e
      * Function to extract a set of roles from the JWT payload and request.
      */
     surfaceRoles?: (payload: JWTPayload & SessionSchema, req?: ForklaunchRequest<SV, Record<string, string>, Record<string, unknown>, Record<string, unknown>, Record<string, unknown>, string, SessionSchema>) => Set<string> | Promise<Set<string>>;
+    /**
+     * Function to extract subscription data from the JWT payload and request.
+     * Returns subscription information (status, plan, etc.) or null if no subscription.
+     */
+    surfaceSubscription?: (payload: JWTPayload & SessionSchema, req?: ForklaunchRequest<SV, Record<string, string>, Record<string, unknown>, Record<string, unknown>, Record<string, unknown>, string, SessionSchema>) => SubscriptionData | Promise<SubscriptionData>;
+    /**
+     * Function to extract a set of feature flags from the JWT payload and request.
+     * Returns features available to the organization based on their billing plan.
+     */
+    surfaceFeatures?: (payload: JWTPayload & SessionSchema, req?: ForklaunchRequest<SV, Record<string, string>, Record<string, unknown>, Record<string, unknown>, Record<string, unknown>, string, SessionSchema>) => Set<string> | Promise<Set<string>>;
 };
 /**
  * Schema-aware version of ExpressLikeGlobalAuthOptions.
  *
  * @template SV - The schema validator type.
  * @template SessionSchema - The session object type.
+ * @template SubscriptionData - The subscription data type.
  */
-type ExpressLikeSchemaGlobalAuthOptions<SV extends AnySchemaValidator, SessionSchema extends SessionObject<SV>> = ExpressLikeGlobalAuthOptions<SV, MapSessionSchema<SV, SessionSchema>>;
+type ExpressLikeSchemaGlobalAuthOptions<SV extends AnySchemaValidator, SessionSchema extends SessionObject<SV>, SubscriptionData extends Record<string, unknown> | null = DefaultSubscriptionData> = ExpressLikeGlobalAuthOptions<SV, MapSessionSchema<SV, SessionSchema>, SubscriptionData>;
 /**
  * Options for configuring an Express-like router.
  *
  * @template SV - The schema validator type.
  * @template SessionSchema - The session object type.
+ * @template SubscriptionData - The subscription data type.
  */
-type ExpressLikeRouterOptions<SV extends AnySchemaValidator, SessionSchema extends SessionObject<SV>> = {
+type ExpressLikeRouterOptions<SV extends AnySchemaValidator, SessionSchema extends SessionObject<SV>, SubscriptionData extends Record<string, unknown> | null = DefaultSubscriptionData> = {
     /**
      * Authentication options for the router.
      */
-    auth?: ExpressLikeSchemaGlobalAuthOptions<SV, SessionSchema>;
+    auth?: ExpressLikeSchemaGlobalAuthOptions<SV, SessionSchema, SubscriptionData>;
     /**
      * Validation options for request and response.
      * Can be `false` to disable validation, or an object to configure request/response validation levels.
@@ -493,8 +521,9 @@ type ExpressLikeRouterOptions<SV extends AnySchemaValidator, SessionSchema exten
  *
  * @template SV - The schema validator type.
  * @template SessionSchema - The session object type.
+ * @template SubscriptionData - The subscription data type.
  */
-type ExpressLikeApplicationOptions<SV extends AnySchemaValidator, SessionSchema extends SessionObject<SV>> = Omit<ExpressLikeRouterOptions<SV, SessionSchema>, 'openapi' | 'mcp'> & {
+type ExpressLikeApplicationOptions<SV extends AnySchemaValidator, SessionSchema extends SessionObject<SV>, SubscriptionData extends Record<string, unknown> | null = DefaultSubscriptionData> = Omit<ExpressLikeRouterOptions<SV, SessionSchema, SubscriptionData>, 'openapi' | 'mcp'> & {
     /**
      * Documentation configuration.
      */
@@ -1065,4 +1094,4 @@ type ResponseShape<Params, Headers, Query, Body> = {
  */
 type PathMatch<SuppliedPath extends `/${string}`, ActualPath extends `/${string}`> = ActualPath extends SuppliedPath ? SuppliedPath extends ActualPath ? SuppliedPath : never : never;
 
-export { type MapReqBodySchema as $, type AuthMethodsBase as A, type Body as B, type ContractDetails as C, type DecodeResource as D, type ExpressLikeRouterOptions as E, type ForklaunchRequest as F, type ForklaunchBaseRequest as G, type HttpContractDetails as H, type ResolvedForklaunchRequest as I, type ResolvedForklaunchAuthRequest as J, type VersionedResponses as K, type LiveTypeFunction as L, type Method as M, type ResolvedForklaunchResponse as N, OpenTelemetryCollector as O, type PathParamHttpContractDetails as P, type QueryObject as Q, type ResponsesObject as R, type StringOnlyObject as S, type TelemetryOptions as T, type ExpressLikeHandler as U, type VersionSchema as V, type MapParamsSchema as W, type ExtractContentType as X, type ExtractResponseBody as Y, type MapResBodyMapSchema as Z, type ExtractBody as _, type SessionObject as a, type MapReqQuerySchema as a0, type MapReqHeadersSchema as a1, type MapResHeadersSchema as a2, type MapVersionedReqsSchema as a3, type MapVersionedRespsSchema as a4, type MapSessionSchema as a5, type ExpressLikeAuthMapper as a6, type LiveTypeFunctionRequestInit as a7, type ForklaunchResErrors as a8, type ErrorContainer as a9, type MetricType as aA, type ResponseShape as aa, type NumberOnlyObject as ab, type BodyObject as ac, type RawTypedResponseBody as ad, type TypedResponseBody as ae, type ResponseBody as af, type JsonBody as ag, type TextBody as ah, type FileBody as ai, type MultipartForm as aj, type UrlEncodedForm as ak, type ServerSentEventBody as al, type UnknownBody as am, type UnknownResponseBody as an, type TypedRequestBody as ao, type TypedBody as ap, type JwtAuthMethods as aq, type HmacMethods as ar, type MapSchema as as, type ExtractedParamsObject as at, type PathParamMethod as au, type HttpMethod as av, type ResponseCompiledSchema as aw, type DocsConfiguration as ax, type ExpressLikeGlobalAuthOptions as ay, type ExpressLikeSchemaGlobalAuthOptions as az, type ParamsObject as b, type HeadersObject as c, type SchemaAuthMethods as d, type ExpressLikeSchemaHandler as e, type ResolvedSessionObject as f, type PathMatch as g, type LiveSdkFunction as h, type MetricsDefinition as i, type ExpressLikeApplicationOptions as j, type ParamsDictionary as k, type VersionedRequests as l, type AuthMethods as m, type BasicAuthMethods as n, type MiddlewareContractDetails as o, type ExpressLikeSchemaAuthMapper as p, type ForklaunchNextFunction as q, type ForklaunchResponse as r, type ForklaunchResHeaders as s, type ForklaunchStatusResponse as t, type ForklaunchSendableData as u, type LoggerMeta as v, type LogFn as w, httpRequestsTotalCounter as x, httpServerDurationHistogram as y, type RequestContext as z };
+export { type ForklaunchResErrors as $, type AuthMethodsBase as A, type Body as B, type ContractDetails as C, type DecodeResource as D, type ExpressLikeRouterOptions as E, type ForklaunchRequest as F, type ErrorContainer as G, type HttpContractDetails as H, type ExpressLikeAuthMapper as I, type ExpressLikeGlobalAuthOptions as J, type ExpressLikeHandler as K, type LiveTypeFunction as L, type Method as M, type ExpressLikeSchemaGlobalAuthOptions as N, OpenTelemetryCollector as O, type PathParamHttpContractDetails as P, type QueryObject as Q, type ResponsesObject as R, type StringOnlyObject as S, type TelemetryOptions as T, type ExtractBody as U, type VersionSchema as V, type ExtractContentType as W, type ExtractResponseBody as X, type ExtractedParamsObject as Y, type FileBody as Z, type ForklaunchBaseRequest as _, type SessionObject as a, type HmacMethods as a0, type HttpMethod as a1, type JsonBody as a2, type JwtAuthMethods as a3, type LiveTypeFunctionRequestInit as a4, type MapParamsSchema as a5, type MapReqBodySchema as a6, type MapReqHeadersSchema as a7, type MapReqQuerySchema as a8, type MapResBodyMapSchema as a9, httpRequestsTotalCounter as aA, httpServerDurationHistogram as aB, type MapResHeadersSchema as aa, type MapSchema as ab, type MapSessionSchema as ac, type MapVersionedReqsSchema as ad, type MapVersionedRespsSchema as ae, type MetricType as af, type MultipartForm as ag, type NumberOnlyObject as ah, type PathParamMethod as ai, type RawTypedResponseBody as aj, type RequestContext as ak, type ResolvedForklaunchAuthRequest as al, type ResolvedForklaunchRequest as am, type ResolvedForklaunchResponse as an, type ResponseBody as ao, type ResponseCompiledSchema as ap, type ResponseShape as aq, type ServerSentEventBody as ar, type TextBody as as, type TypedBody as at, type TypedRequestBody as au, type TypedResponseBody as av, type UnknownBody as aw, type UnknownResponseBody as ax, type UrlEncodedForm as ay, type VersionedResponses as az, type ParamsObject as b, type HeadersObject as c, type SchemaAuthMethods as d, type ExpressLikeSchemaHandler as e, type ResolvedSessionObject as f, type PathMatch as g, type LiveSdkFunction as h, type MetricsDefinition as i, type ExpressLikeApplicationOptions as j, type ParamsDictionary as k, type VersionedRequests as l, type AuthMethods as m, type BasicAuthMethods as n, type MiddlewareContractDetails as o, type ExpressLikeSchemaAuthMapper as p, type ForklaunchNextFunction as q, type ForklaunchResponse as r, type ForklaunchResHeaders as s, type ForklaunchStatusResponse as t, type ForklaunchSendableData as u, type LoggerMeta as v, type LogFn as w, type BodyObject as x, type DefaultSubscriptionData as y, type DocsConfiguration as z };

package/lib/http/index.d.mts

@@ -3,9 +3,9 @@ export { ParsedQs } from 'qs';
 import { Prettify, SanitizePathSlashes, PrettyCamelCase, TypeSafeFunction, UnionToIntersection, EmptyObject } from '@forklaunch/common';
 import { AnySchemaValidator } from '@forklaunch/validator';
 import { ServerOptions, IncomingMessage, ServerResponse } from 'node:http';
-import { M as Method, P as PathParamHttpContractDetails, H as HttpContractDetails, E as ExpressLikeRouterOptions, a as SessionObject, b as ParamsObject, R as ResponsesObject, B as Body, Q as QueryObject, c as HeadersObject, V as VersionSchema, d as SchemaAuthMethods, C as ContractDetails, e as ExpressLikeSchemaHandler, f as ResolvedSessionObject, g as PathMatch, L as LiveTypeFunction, h as LiveSdkFunction, A as AuthMethodsBase, O as OpenTelemetryCollector, i as MetricsDefinition, j as ExpressLikeApplicationOptions, k as ParamsDictionary, l as VersionedRequests, m as AuthMethods, D as DecodeResource, n as BasicAuthMethods, F as ForklaunchRequest, o as MiddlewareContractDetails, p as ExpressLikeSchemaAuthMapper, q as ForklaunchNextFunction, r as ForklaunchResponse, s as ForklaunchResHeaders, t as ForklaunchStatusResponse, u as ForklaunchSendableData, T as TelemetryOptions, v as LoggerMeta, w as LogFn } from '../apiDefinition.types-XZ0lrfFc.mjs';
-export { ac as BodyObject, ax as DocsConfiguration, a9 as ErrorContainer, a6 as ExpressLikeAuthMapper, ay as ExpressLikeGlobalAuthOptions, U as ExpressLikeHandler, az as ExpressLikeSchemaGlobalAuthOptions, _ as ExtractBody, X as ExtractContentType, Y as ExtractResponseBody, at as ExtractedParamsObject, ai as FileBody, G as ForklaunchBaseRequest, a8 as ForklaunchResErrors, ar as HmacMethods, av as HttpMethod, ag as JsonBody, aq as JwtAuthMethods, a7 as LiveTypeFunctionRequestInit, W as MapParamsSchema, $ as MapReqBodySchema, a1 as MapReqHeadersSchema, a0 as MapReqQuerySchema, Z as MapResBodyMapSchema, a2 as MapResHeadersSchema, as as MapSchema, a5 as MapSessionSchema, a3 as MapVersionedReqsSchema, a4 as MapVersionedRespsSchema, aA as MetricType, aj as MultipartForm, ab as NumberOnlyObject, au as PathParamMethod, ad as RawTypedResponseBody, z as RequestContext, J as ResolvedForklaunchAuthRequest, I as ResolvedForklaunchRequest, N as ResolvedForklaunchResponse, af as ResponseBody, aw as ResponseCompiledSchema, aa as ResponseShape, al as ServerSentEventBody, S as StringOnlyObject, ah as TextBody, ap as TypedBody, ao as TypedRequestBody, ae as TypedResponseBody, am as UnknownBody, an as UnknownResponseBody, ak as UrlEncodedForm, K as VersionedResponses, x as httpRequestsTotalCounter, y as httpServerDurationHistogram } from '../apiDefinition.types-XZ0lrfFc.mjs';
-import { JWK, JWTPayload } from 'jose';
+import { M as Method, P as PathParamHttpContractDetails, H as HttpContractDetails, E as ExpressLikeRouterOptions, a as SessionObject, b as ParamsObject, R as ResponsesObject, B as Body, Q as QueryObject, c as HeadersObject, V as VersionSchema, d as SchemaAuthMethods, e as ExpressLikeSchemaHandler, f as ResolvedSessionObject, C as ContractDetails, g as PathMatch, L as LiveTypeFunction, h as LiveSdkFunction, A as AuthMethodsBase, O as OpenTelemetryCollector, i as MetricsDefinition, j as ExpressLikeApplicationOptions, k as ParamsDictionary, l as VersionedRequests, m as AuthMethods, D as DecodeResource, n as BasicAuthMethods, F as ForklaunchRequest, o as MiddlewareContractDetails, p as ExpressLikeSchemaAuthMapper, q as ForklaunchNextFunction, r as ForklaunchResponse, s as ForklaunchResHeaders, t as ForklaunchStatusResponse, u as ForklaunchSendableData, T as TelemetryOptions, v as LoggerMeta, w as LogFn } from '../apiDefinition.types-DnUkFmfT.mjs';
+export { x as BodyObject, y as DefaultSubscriptionData, z as DocsConfiguration, G as ErrorContainer, I as ExpressLikeAuthMapper, J as ExpressLikeGlobalAuthOptions, K as ExpressLikeHandler, N as ExpressLikeSchemaGlobalAuthOptions, U as ExtractBody, W as ExtractContentType, X as ExtractResponseBody, Y as ExtractedParamsObject, Z as FileBody, _ as ForklaunchBaseRequest, $ as ForklaunchResErrors, a0 as HmacMethods, a1 as HttpMethod, a2 as JsonBody, a3 as JwtAuthMethods, a4 as LiveTypeFunctionRequestInit, a5 as MapParamsSchema, a6 as MapReqBodySchema, a7 as MapReqHeadersSchema, a8 as MapReqQuerySchema, a9 as MapResBodyMapSchema, aa as MapResHeadersSchema, ab as MapSchema, ac as MapSessionSchema, ad as MapVersionedReqsSchema, ae as MapVersionedRespsSchema, af as MetricType, ag as MultipartForm, ah as NumberOnlyObject, ai as PathParamMethod, aj as RawTypedResponseBody, ak as RequestContext, al as ResolvedForklaunchAuthRequest, am as ResolvedForklaunchRequest, an as ResolvedForklaunchResponse, ao as ResponseBody, ap as ResponseCompiledSchema, aq as ResponseShape, ar as ServerSentEventBody, S as StringOnlyObject, as as TextBody, at as TypedBody, au as TypedRequestBody, av as TypedResponseBody, aw as UnknownBody, ax as UnknownResponseBody, ay as UrlEncodedForm, az as VersionedResponses, aA as httpRequestsTotalCounter, aB as httpServerDurationHistogram } from '../apiDefinition.types-DnUkFmfT.mjs';
+import { JWTPayload, JWK } from 'jose';
 import { ZodSchemaValidator } from '@forklaunch/validator/zod';
 import { FastMCP } from 'fastmcp';
 import http from 'http';

package/lib/http/index.d.ts

@@ -3,9 +3,9 @@ export { ParsedQs } from 'qs';
 import { Prettify, SanitizePathSlashes, PrettyCamelCase, TypeSafeFunction, UnionToIntersection, EmptyObject } from '@forklaunch/common';
 import { AnySchemaValidator } from '@forklaunch/validator';
 import { ServerOptions, IncomingMessage, ServerResponse } from 'node:http';
-import { M as Method, P as PathParamHttpContractDetails, H as HttpContractDetails, E as ExpressLikeRouterOptions, a as SessionObject, b as ParamsObject, R as ResponsesObject, B as Body, Q as QueryObject, c as HeadersObject, V as VersionSchema, d as SchemaAuthMethods, C as ContractDetails, e as ExpressLikeSchemaHandler, f as ResolvedSessionObject, g as PathMatch, L as LiveTypeFunction, h as LiveSdkFunction, A as AuthMethodsBase, O as OpenTelemetryCollector, i as MetricsDefinition, j as ExpressLikeApplicationOptions, k as ParamsDictionary, l as VersionedRequests, m as AuthMethods, D as DecodeResource, n as BasicAuthMethods, F as ForklaunchRequest, o as MiddlewareContractDetails, p as ExpressLikeSchemaAuthMapper, q as ForklaunchNextFunction, r as ForklaunchResponse, s as ForklaunchResHeaders, t as ForklaunchStatusResponse, u as ForklaunchSendableData, T as TelemetryOptions, v as LoggerMeta, w as LogFn } from '../apiDefinition.types-XZ0lrfFc.js';
-export { ac as BodyObject, ax as DocsConfiguration, a9 as ErrorContainer, a6 as ExpressLikeAuthMapper, ay as ExpressLikeGlobalAuthOptions, U as ExpressLikeHandler, az as ExpressLikeSchemaGlobalAuthOptions, _ as ExtractBody, X as ExtractContentType, Y as ExtractResponseBody, at as ExtractedParamsObject, ai as FileBody, G as ForklaunchBaseRequest, a8 as ForklaunchResErrors, ar as HmacMethods, av as HttpMethod, ag as JsonBody, aq as JwtAuthMethods, a7 as LiveTypeFunctionRequestInit, W as MapParamsSchema, $ as MapReqBodySchema, a1 as MapReqHeadersSchema, a0 as MapReqQuerySchema, Z as MapResBodyMapSchema, a2 as MapResHeadersSchema, as as MapSchema, a5 as MapSessionSchema, a3 as MapVersionedReqsSchema, a4 as MapVersionedRespsSchema, aA as MetricType, aj as MultipartForm, ab as NumberOnlyObject, au as PathParamMethod, ad as RawTypedResponseBody, z as RequestContext, J as ResolvedForklaunchAuthRequest, I as ResolvedForklaunchRequest, N as ResolvedForklaunchResponse, af as ResponseBody, aw as ResponseCompiledSchema, aa as ResponseShape, al as ServerSentEventBody, S as StringOnlyObject, ah as TextBody, ap as TypedBody, ao as TypedRequestBody, ae as TypedResponseBody, am as UnknownBody, an as UnknownResponseBody, ak as UrlEncodedForm, K as VersionedResponses, x as httpRequestsTotalCounter, y as httpServerDurationHistogram } from '../apiDefinition.types-XZ0lrfFc.js';
-import { JWK, JWTPayload } from 'jose';
+import { M as Method, P as PathParamHttpContractDetails, H as HttpContractDetails, E as ExpressLikeRouterOptions, a as SessionObject, b as ParamsObject, R as ResponsesObject, B as Body, Q as QueryObject, c as HeadersObject, V as VersionSchema, d as SchemaAuthMethods, e as ExpressLikeSchemaHandler, f as ResolvedSessionObject, C as ContractDetails, g as PathMatch, L as LiveTypeFunction, h as LiveSdkFunction, A as AuthMethodsBase, O as OpenTelemetryCollector, i as MetricsDefinition, j as ExpressLikeApplicationOptions, k as ParamsDictionary, l as VersionedRequests, m as AuthMethods, D as DecodeResource, n as BasicAuthMethods, F as ForklaunchRequest, o as MiddlewareContractDetails, p as ExpressLikeSchemaAuthMapper, q as ForklaunchNextFunction, r as ForklaunchResponse, s as ForklaunchResHeaders, t as ForklaunchStatusResponse, u as ForklaunchSendableData, T as TelemetryOptions, v as LoggerMeta, w as LogFn } from '../apiDefinition.types-DnUkFmfT.js';
+export { x as BodyObject, y as DefaultSubscriptionData, z as DocsConfiguration, G as ErrorContainer, I as ExpressLikeAuthMapper, J as ExpressLikeGlobalAuthOptions, K as ExpressLikeHandler, N as ExpressLikeSchemaGlobalAuthOptions, U as ExtractBody, W as ExtractContentType, X as ExtractResponseBody, Y as ExtractedParamsObject, Z as FileBody, _ as ForklaunchBaseRequest, $ as ForklaunchResErrors, a0 as HmacMethods, a1 as HttpMethod, a2 as JsonBody, a3 as JwtAuthMethods, a4 as LiveTypeFunctionRequestInit, a5 as MapParamsSchema, a6 as MapReqBodySchema, a7 as MapReqHeadersSchema, a8 as MapReqQuerySchema, a9 as MapResBodyMapSchema, aa as MapResHeadersSchema, ab as MapSchema, ac as MapSessionSchema, ad as MapVersionedReqsSchema, ae as MapVersionedRespsSchema, af as MetricType, ag as MultipartForm, ah as NumberOnlyObject, ai as PathParamMethod, aj as RawTypedResponseBody, ak as RequestContext, al as ResolvedForklaunchAuthRequest, am as ResolvedForklaunchRequest, an as ResolvedForklaunchResponse, ao as ResponseBody, ap as ResponseCompiledSchema, aq as ResponseShape, ar as ServerSentEventBody, S as StringOnlyObject, as as TextBody, at as TypedBody, au as TypedRequestBody, av as TypedResponseBody, aw as UnknownBody, ax as UnknownResponseBody, ay as UrlEncodedForm, az as VersionedResponses, aA as httpRequestsTotalCounter, aB as httpServerDurationHistogram } from '../apiDefinition.types-DnUkFmfT.js';
+import { JWTPayload, JWK } from 'jose';
 import { ZodSchemaValidator } from '@forklaunch/validator/zod';
 import { FastMCP } from 'fastmcp';
 import http from 'http';

package/lib/http/index.js

@@ -502,6 +502,11 @@ async function discriminateAuthMethod(auth, openTelemetryCollector) {
   return authMethod;
 }
 
+// src/http/guards/hasFeatureChecks.ts
+function hasFeatureChecks(maybeFeatureAuth) {
+  return typeof maybeFeatureAuth === "object" && maybeFeatureAuth !== null && "requiredFeatures" in maybeFeatureAuth && Array.isArray(maybeFeatureAuth.requiredFeatures) && maybeFeatureAuth.requiredFeatures.length > 0;
+}
+
 // src/http/guards/hasPermissionChecks.ts
 function hasPermissionChecks(maybePermissionedAuth) {
   return typeof maybePermissionedAuth === "object" && maybePermissionedAuth !== null && ("allowedPermissions" in maybePermissionedAuth || "forbiddenPermissions" in maybePermissionedAuth);
@@ -517,6 +522,11 @@ function hasScopeChecks(maybePermissionedAuth) {
   return typeof maybePermissionedAuth === "object" && maybePermissionedAuth !== null && "requiredScope" in maybePermissionedAuth && maybePermissionedAuth.requiredScope != null;
 }
 
+// src/http/guards/hasSubscriptionChecks.ts
+function hasSubscriptionChecks(maybeSubscriptionAuth) {
+  return typeof maybeSubscriptionAuth === "object" && maybeSubscriptionAuth !== null && "requireActiveSubscription" in maybeSubscriptionAuth && maybeSubscriptionAuth.requireActiveSubscription === true;
+}
+
 // src/http/telemetry/pinoLogger.ts
 var import_common5 = require("@forklaunch/common");
 var import_api2 = require("@opentelemetry/api");
@@ -699,6 +709,14 @@ var invalidAuthorizationTokenRoles = [
   403,
   "Invalid Authorization roles."
 ];
+var invalidAuthorizationTokenFeatures = [
+  403,
+  "Required features not available."
+];
+var invalidAuthorizationSubscription = [
+  403,
+  "Active subscription required."
+];
 var invalidAuthorizationToken = [
   403,
   "Invalid Authorization token."
@@ -906,6 +924,34 @@ async function checkAuthorizationToken(req, authorizationMethod, authorizationTo
   } else {
     return invalidAuthorizationMethod;
   }
+  if (hasSubscriptionChecks(collapsedAuthorizationMethod)) {
+    if (!collapsedAuthorizationMethod.surfaceSubscription) {
+      return [500, "No subscription surfacing function provided."];
+    }
+    const subscription = await collapsedAuthorizationMethod.surfaceSubscription(
+      sessionPayload,
+      req
+    );
+    if (!subscription) {
+      return invalidAuthorizationSubscription;
+    }
+  }
+  if (hasFeatureChecks(collapsedAuthorizationMethod)) {
+    if (!collapsedAuthorizationMethod.surfaceFeatures) {
+      return [500, "No features surfacing function provided."];
+    }
+    const availableFeatures = await collapsedAuthorizationMethod.surfaceFeatures(
+      sessionPayload,
+      req
+    );
+    const requiredFeatures = collapsedAuthorizationMethod.requiredFeatures ?? [];
+    const missingFeatures = requiredFeatures.filter(
+      (feature) => !availableFeatures.has(feature)
+    );
+    if (missingFeatures.length > 0) {
+      return invalidAuthorizationTokenFeatures;
+    }
+  }
 }
 async function parseRequestAuth(req, res, next) {
   const auth = req.contractDetails.auth;
@@ -1391,7 +1437,8 @@ function resolveRouteMiddlewares(params) {
       params.requestSchema,
       params.responseSchemas,
       params.openTelemetryCollector,
-      () => params.routerOptions
+      // Use dynamic lookup from router instance instead of captured params
+      () => params.router ? params.router.routerOptions : params.routerOptions
     ),
     ...params.postEnrichMiddleware,
     parse,
@@ -1667,7 +1714,8 @@ var ForklaunchExpressLikeRouter = class _ForklaunchExpressLikeRouter {
       routerOptions: this.routerOptions,
       postEnrichMiddleware: this.postEnrichMiddleware,
       includeCreateContext: false,
-      handlers
+      handlers,
+      router: this
     });
     registrationMethod.bind(this.internal)(
       path,