@forklaunch/core 0.19.5 → 1.0.2

package/lib/{apiDefinition.types-DnUkFmfT.d.mts → apiDefinition.types-Br0fDuBQ.d.mts}

@@ -239,6 +239,45 @@ type RoleSet = {
 } | {
     readonly forbiddenRoles: Set<string>;
 };
+/**
+ * Route access level — determines authentication and authorization requirements.
+ *
+ * - `'public'` — No authentication required. `auth` must not be provided.
+ * - `'authenticated'` — JWT or Basic auth required, any valid user. RBAC optional.
+ * - `'protected'` — JWT or Basic auth required. Must declare roles, permissions, or scope.
+ * - `'internal'` — HMAC auth required (inter-service communication).
+ */
+type AccessLevel = 'public' | 'authenticated' | 'protected' | 'internal';
+/**
+ * Discriminated union that narrows the `auth` type based on the `access` level.
+ * - `public`: auth not allowed
+ * - `authenticated`: auth optional (JWT/Basic, RBAC not required)
+ * - `protected`: auth required, must include at least one RBAC declaration
+ * - `internal`: auth required, must be HMAC
+ */
+type AccessAuth<Auth> = {
+    readonly access: 'public';
+    readonly auth?: never;
+} | {
+    readonly access: 'authenticated';
+    readonly auth?: Auth;
+} | {
+    readonly access: 'protected';
+    readonly auth: Auth & ({
+        readonly allowedPermissions: Set<string>;
+    } | {
+        readonly forbiddenPermissions: Set<string>;
+    } | {
+        readonly allowedRoles: Set<string>;
+    } | {
+        readonly forbiddenRoles: Set<string>;
+    } | {
+        readonly requiredScope: string;
+    });
+} | {
+    readonly access: 'internal';
+    readonly auth: Auth & HmacMethods;
+};
 /**
  * Type representing the authentication methods.
  */
@@ -357,10 +396,7 @@ type PathParamHttpContractDetails<SV extends AnySchemaValidator, Name extends st
     readonly requestHeaders?: never;
     readonly responseHeaders?: never;
     readonly responses?: never;
-})) & {
-    /** Optional authentication details for the contract */
-    readonly auth?: Auth;
-};
+})) & AccessAuth<Auth>;
 type VersionedHttpContractDetailsIO<SV extends AnySchemaValidator, VersionedApi extends VersionSchema<SV, HttpMethod>> = {
     readonly versions: VersionedApi;
 };
@@ -381,9 +417,7 @@ type HttpContractDetails<SV extends AnySchemaValidator, Name extends string = st
     readonly responseHeaders?: never;
     readonly body?: never;
     readonly responses?: never;
-})) & {
-    readonly auth?: Auth;
-};
+})) & AccessAuth<Auth>;
 /**
  * Interface representing HTTP contract details for middleware.
  *
@@ -1094,4 +1128,4 @@ type ResponseShape<Params, Headers, Query, Body> = {
  */
 type PathMatch<SuppliedPath extends `/${string}`, ActualPath extends `/${string}`> = ActualPath extends SuppliedPath ? SuppliedPath extends ActualPath ? SuppliedPath : never : never;
 
-export { type ForklaunchResErrors as $, type AuthMethodsBase as A, type Body as B, type ContractDetails as C, type DecodeResource as D, type ExpressLikeRouterOptions as E, type ForklaunchRequest as F, type ErrorContainer as G, type HttpContractDetails as H, type ExpressLikeAuthMapper as I, type ExpressLikeGlobalAuthOptions as J, type ExpressLikeHandler as K, type LiveTypeFunction as L, type Method as M, type ExpressLikeSchemaGlobalAuthOptions as N, OpenTelemetryCollector as O, type PathParamHttpContractDetails as P, type QueryObject as Q, type ResponsesObject as R, type StringOnlyObject as S, type TelemetryOptions as T, type ExtractBody as U, type VersionSchema as V, type ExtractContentType as W, type ExtractResponseBody as X, type ExtractedParamsObject as Y, type FileBody as Z, type ForklaunchBaseRequest as _, type SessionObject as a, type HmacMethods as a0, type HttpMethod as a1, type JsonBody as a2, type JwtAuthMethods as a3, type LiveTypeFunctionRequestInit as a4, type MapParamsSchema as a5, type MapReqBodySchema as a6, type MapReqHeadersSchema as a7, type MapReqQuerySchema as a8, type MapResBodyMapSchema as a9, httpRequestsTotalCounter as aA, httpServerDurationHistogram as aB, type MapResHeadersSchema as aa, type MapSchema as ab, type MapSessionSchema as ac, type MapVersionedReqsSchema as ad, type MapVersionedRespsSchema as ae, type MetricType as af, type MultipartForm as ag, type NumberOnlyObject as ah, type PathParamMethod as ai, type RawTypedResponseBody as aj, type RequestContext as ak, type ResolvedForklaunchAuthRequest as al, type ResolvedForklaunchRequest as am, type ResolvedForklaunchResponse as an, type ResponseBody as ao, type ResponseCompiledSchema as ap, type ResponseShape as aq, type ServerSentEventBody as ar, type TextBody as as, type TypedBody as at, type TypedRequestBody as au, type TypedResponseBody as av, type UnknownBody as aw, type UnknownResponseBody as ax, type UrlEncodedForm as ay, type VersionedResponses as az, type ParamsObject as b, type HeadersObject as c, type SchemaAuthMethods as d, type ExpressLikeSchemaHandler as e, type ResolvedSessionObject as f, type PathMatch as g, type LiveSdkFunction as h, type MetricsDefinition as i, type ExpressLikeApplicationOptions as j, type ParamsDictionary as k, type VersionedRequests as l, type AuthMethods as m, type BasicAuthMethods as n, type MiddlewareContractDetails as o, type ExpressLikeSchemaAuthMapper as p, type ForklaunchNextFunction as q, type ForklaunchResponse as r, type ForklaunchResHeaders as s, type ForklaunchStatusResponse as t, type ForklaunchSendableData as u, type LoggerMeta as v, type LogFn as w, type BodyObject as x, type DefaultSubscriptionData as y, type DocsConfiguration as z };
+export { type ForklaunchBaseRequest as $, type AuthMethodsBase as A, type Body as B, type ContractDetails as C, type DecodeResource as D, type ExpressLikeRouterOptions as E, type ForklaunchRequest as F, type DocsConfiguration as G, type HttpContractDetails as H, type ErrorContainer as I, type ExpressLikeAuthMapper as J, type ExpressLikeGlobalAuthOptions as K, type LiveTypeFunction as L, type Method as M, type ExpressLikeHandler as N, OpenTelemetryCollector as O, type PathParamHttpContractDetails as P, type QueryObject as Q, type ResponsesObject as R, type StringOnlyObject as S, type TelemetryOptions as T, type ExpressLikeSchemaGlobalAuthOptions as U, type VersionSchema as V, type ExtractBody as W, type ExtractContentType as X, type ExtractResponseBody as Y, type ExtractedParamsObject as Z, type FileBody as _, type SessionObject as a, type ForklaunchResErrors as a0, type HmacMethods as a1, type HttpMethod as a2, type JsonBody as a3, type JwtAuthMethods as a4, type LiveTypeFunctionRequestInit as a5, type MapParamsSchema as a6, type MapReqBodySchema as a7, type MapReqHeadersSchema as a8, type MapReqQuerySchema as a9, type UnknownResponseBody as aA, type UrlEncodedForm as aB, type VersionedResponses as aC, httpRequestsTotalCounter as aD, httpServerDurationHistogram as aE, type MapResBodyMapSchema as aa, type MapResHeadersSchema as ab, type MapSchema as ac, type MapSessionSchema as ad, type MapVersionedReqsSchema as ae, type MapVersionedRespsSchema as af, type MetricType as ag, type MultipartForm as ah, type NumberOnlyObject as ai, type PathParamMethod as aj, type PermissionSet as ak, type RawTypedResponseBody as al, type RequestContext as am, type ResolvedForklaunchAuthRequest as an, type ResolvedForklaunchRequest as ao, type ResolvedForklaunchResponse as ap, type ResponseBody as aq, type ResponseCompiledSchema as ar, type ResponseShape as as, type RoleSet as at, type ServerSentEventBody as au, type TextBody as av, type TypedBody as aw, type TypedRequestBody as ax, type TypedResponseBody as ay, type UnknownBody as az, type ParamsObject as b, type HeadersObject as c, type SchemaAuthMethods as d, type ExpressLikeSchemaHandler as e, type ResolvedSessionObject as f, type PathMatch as g, type LiveSdkFunction as h, type MetricsDefinition as i, type ExpressLikeApplicationOptions as j, type ParamsDictionary as k, type VersionedRequests as l, type AuthMethods as m, type BasicAuthMethods as n, type MiddlewareContractDetails as o, type ExpressLikeSchemaAuthMapper as p, type ForklaunchNextFunction as q, type ForklaunchResponse as r, type ForklaunchResHeaders as s, type ForklaunchStatusResponse as t, type ForklaunchSendableData as u, type LoggerMeta as v, type LogFn as w, type AccessLevel as x, type BodyObject as y, type DefaultSubscriptionData as z };

package/lib/{apiDefinition.types-DnUkFmfT.d.ts → apiDefinition.types-Br0fDuBQ.d.ts}

@@ -239,6 +239,45 @@ type RoleSet = {
 } | {
     readonly forbiddenRoles: Set<string>;
 };
+/**
+ * Route access level — determines authentication and authorization requirements.
+ *
+ * - `'public'` — No authentication required. `auth` must not be provided.
+ * - `'authenticated'` — JWT or Basic auth required, any valid user. RBAC optional.
+ * - `'protected'` — JWT or Basic auth required. Must declare roles, permissions, or scope.
+ * - `'internal'` — HMAC auth required (inter-service communication).
+ */
+type AccessLevel = 'public' | 'authenticated' | 'protected' | 'internal';
+/**
+ * Discriminated union that narrows the `auth` type based on the `access` level.
+ * - `public`: auth not allowed
+ * - `authenticated`: auth optional (JWT/Basic, RBAC not required)
+ * - `protected`: auth required, must include at least one RBAC declaration
+ * - `internal`: auth required, must be HMAC
+ */
+type AccessAuth<Auth> = {
+    readonly access: 'public';
+    readonly auth?: never;
+} | {
+    readonly access: 'authenticated';
+    readonly auth?: Auth;
+} | {
+    readonly access: 'protected';
+    readonly auth: Auth & ({
+        readonly allowedPermissions: Set<string>;
+    } | {
+        readonly forbiddenPermissions: Set<string>;
+    } | {
+        readonly allowedRoles: Set<string>;
+    } | {
+        readonly forbiddenRoles: Set<string>;
+    } | {
+        readonly requiredScope: string;
+    });
+} | {
+    readonly access: 'internal';
+    readonly auth: Auth & HmacMethods;
+};
 /**
  * Type representing the authentication methods.
  */
@@ -357,10 +396,7 @@ type PathParamHttpContractDetails<SV extends AnySchemaValidator, Name extends st
     readonly requestHeaders?: never;
     readonly responseHeaders?: never;
     readonly responses?: never;
-})) & {
-    /** Optional authentication details for the contract */
-    readonly auth?: Auth;
-};
+})) & AccessAuth<Auth>;
 type VersionedHttpContractDetailsIO<SV extends AnySchemaValidator, VersionedApi extends VersionSchema<SV, HttpMethod>> = {
     readonly versions: VersionedApi;
 };
@@ -381,9 +417,7 @@ type HttpContractDetails<SV extends AnySchemaValidator, Name extends string = st
     readonly responseHeaders?: never;
     readonly body?: never;
     readonly responses?: never;
-})) & {
-    readonly auth?: Auth;
-};
+})) & AccessAuth<Auth>;
 /**
  * Interface representing HTTP contract details for middleware.
  *
@@ -1094,4 +1128,4 @@ type ResponseShape<Params, Headers, Query, Body> = {
  */
 type PathMatch<SuppliedPath extends `/${string}`, ActualPath extends `/${string}`> = ActualPath extends SuppliedPath ? SuppliedPath extends ActualPath ? SuppliedPath : never : never;
 
-export { type ForklaunchResErrors as $, type AuthMethodsBase as A, type Body as B, type ContractDetails as C, type DecodeResource as D, type ExpressLikeRouterOptions as E, type ForklaunchRequest as F, type ErrorContainer as G, type HttpContractDetails as H, type ExpressLikeAuthMapper as I, type ExpressLikeGlobalAuthOptions as J, type ExpressLikeHandler as K, type LiveTypeFunction as L, type Method as M, type ExpressLikeSchemaGlobalAuthOptions as N, OpenTelemetryCollector as O, type PathParamHttpContractDetails as P, type QueryObject as Q, type ResponsesObject as R, type StringOnlyObject as S, type TelemetryOptions as T, type ExtractBody as U, type VersionSchema as V, type ExtractContentType as W, type ExtractResponseBody as X, type ExtractedParamsObject as Y, type FileBody as Z, type ForklaunchBaseRequest as _, type SessionObject as a, type HmacMethods as a0, type HttpMethod as a1, type JsonBody as a2, type JwtAuthMethods as a3, type LiveTypeFunctionRequestInit as a4, type MapParamsSchema as a5, type MapReqBodySchema as a6, type MapReqHeadersSchema as a7, type MapReqQuerySchema as a8, type MapResBodyMapSchema as a9, httpRequestsTotalCounter as aA, httpServerDurationHistogram as aB, type MapResHeadersSchema as aa, type MapSchema as ab, type MapSessionSchema as ac, type MapVersionedReqsSchema as ad, type MapVersionedRespsSchema as ae, type MetricType as af, type MultipartForm as ag, type NumberOnlyObject as ah, type PathParamMethod as ai, type RawTypedResponseBody as aj, type RequestContext as ak, type ResolvedForklaunchAuthRequest as al, type ResolvedForklaunchRequest as am, type ResolvedForklaunchResponse as an, type ResponseBody as ao, type ResponseCompiledSchema as ap, type ResponseShape as aq, type ServerSentEventBody as ar, type TextBody as as, type TypedBody as at, type TypedRequestBody as au, type TypedResponseBody as av, type UnknownBody as aw, type UnknownResponseBody as ax, type UrlEncodedForm as ay, type VersionedResponses as az, type ParamsObject as b, type HeadersObject as c, type SchemaAuthMethods as d, type ExpressLikeSchemaHandler as e, type ResolvedSessionObject as f, type PathMatch as g, type LiveSdkFunction as h, type MetricsDefinition as i, type ExpressLikeApplicationOptions as j, type ParamsDictionary as k, type VersionedRequests as l, type AuthMethods as m, type BasicAuthMethods as n, type MiddlewareContractDetails as o, type ExpressLikeSchemaAuthMapper as p, type ForklaunchNextFunction as q, type ForklaunchResponse as r, type ForklaunchResHeaders as s, type ForklaunchStatusResponse as t, type ForklaunchSendableData as u, type LoggerMeta as v, type LogFn as w, type BodyObject as x, type DefaultSubscriptionData as y, type DocsConfiguration as z };
+export { type ForklaunchBaseRequest as $, type AuthMethodsBase as A, type Body as B, type ContractDetails as C, type DecodeResource as D, type ExpressLikeRouterOptions as E, type ForklaunchRequest as F, type DocsConfiguration as G, type HttpContractDetails as H, type ErrorContainer as I, type ExpressLikeAuthMapper as J, type ExpressLikeGlobalAuthOptions as K, type LiveTypeFunction as L, type Method as M, type ExpressLikeHandler as N, OpenTelemetryCollector as O, type PathParamHttpContractDetails as P, type QueryObject as Q, type ResponsesObject as R, type StringOnlyObject as S, type TelemetryOptions as T, type ExpressLikeSchemaGlobalAuthOptions as U, type VersionSchema as V, type ExtractBody as W, type ExtractContentType as X, type ExtractResponseBody as Y, type ExtractedParamsObject as Z, type FileBody as _, type SessionObject as a, type ForklaunchResErrors as a0, type HmacMethods as a1, type HttpMethod as a2, type JsonBody as a3, type JwtAuthMethods as a4, type LiveTypeFunctionRequestInit as a5, type MapParamsSchema as a6, type MapReqBodySchema as a7, type MapReqHeadersSchema as a8, type MapReqQuerySchema as a9, type UnknownResponseBody as aA, type UrlEncodedForm as aB, type VersionedResponses as aC, httpRequestsTotalCounter as aD, httpServerDurationHistogram as aE, type MapResBodyMapSchema as aa, type MapResHeadersSchema as ab, type MapSchema as ac, type MapSessionSchema as ad, type MapVersionedReqsSchema as ae, type MapVersionedRespsSchema as af, type MetricType as ag, type MultipartForm as ah, type NumberOnlyObject as ai, type PathParamMethod as aj, type PermissionSet as ak, type RawTypedResponseBody as al, type RequestContext as am, type ResolvedForklaunchAuthRequest as an, type ResolvedForklaunchRequest as ao, type ResolvedForklaunchResponse as ap, type ResponseBody as aq, type ResponseCompiledSchema as ar, type ResponseShape as as, type RoleSet as at, type ServerSentEventBody as au, type TextBody as av, type TypedBody as aw, type TypedRequestBody as ax, type TypedResponseBody as ay, type UnknownBody as az, type ParamsObject as b, type HeadersObject as c, type SchemaAuthMethods as d, type ExpressLikeSchemaHandler as e, type ResolvedSessionObject as f, type PathMatch as g, type LiveSdkFunction as h, type MetricsDefinition as i, type ExpressLikeApplicationOptions as j, type ParamsDictionary as k, type VersionedRequests as l, type AuthMethods as m, type BasicAuthMethods as n, type MiddlewareContractDetails as o, type ExpressLikeSchemaAuthMapper as p, type ForklaunchNextFunction as q, type ForklaunchResponse as r, type ForklaunchResHeaders as s, type ForklaunchStatusResponse as t, type ForklaunchSendableData as u, type LoggerMeta as v, type LogFn as w, type AccessLevel as x, type BodyObject as y, type DefaultSubscriptionData as z };

package/lib/cache/index.d.mts

@@ -1,3 +1,5 @@
+export { T as TtlCache, a as TtlCacheRecord } from '../ttlCache.interface-DClm-lSa.mjs';
+
 /**
  * Creates a function that generates cache keys with a given prefix.
  *
@@ -9,136 +11,4 @@
  */
 declare const createCacheKey: (cacheKeyPrefix: string) => (id: string) => string;
 
-/**
- * Type representing a TTL (Time-To-Live) cache record.
- *
- * @typedef {Object} TtlCacheRecord
- * @property {string} key - The key of the cache record.
- * @property {any} value - The value of the cache record.
- * @property {number} ttlMilliseconds - The time-to-live of the cache record in milliseconds.
- */
-type TtlCacheRecord<T> = {
-    key: string;
-    value: T;
-    ttlMilliseconds: number;
-};
-
-/**
- * Interface representing a TTL (Time-To-Live) cache.
- */
-interface TtlCache {
-    /**
-     * Puts a record into the cache.
-     *
-     * @param {TtlCacheRecord} cacheRecord - The cache record to put into the cache.
-     * @returns {Promise<void>} - A promise that resolves when the record is put into the cache.
-     */
-    putRecord<T>(cacheRecord: TtlCacheRecord<T>): Promise<void>;
-    /**
-     * Puts a batch of records into the cache.
-     *
-     * @param {TtlCacheRecord<T>[]} cacheRecords - The cache records to put into the cache.
-     * @returns {Promise<void>} - A promise that resolves when the records are put into the cache.
-     */
-    putBatchRecords<T>(cacheRecords: TtlCacheRecord<T>[]): Promise<void>;
-    /**
-     * Enqueues a record into the cache.
-     *
-     * @param {string} cacheRecordKey - The key of the cache record to enqueue.
-     * @returns {Promise<void>} - A promise that resolves when the record is enqueued into the cache.
-     */
-    enqueueRecord<T>(queueName: string, cacheRecord: T): Promise<void>;
-    /**
-     *
-     * Enqueues a batch of records into the cache.
-     *
-     * @param {string[]} cacheRecordKeys - The keys of the cache records to enqueue.
-     * @returns {Promise<void>} - A promise that resolves when the records are enqueued into the cache.
-     */
-    enqueueBatchRecords<T>(queueName: string, cacheRecords: T[]): Promise<void>;
-    /**
-     * Deletes a record from the cache.
-     *
-     * @param {string} cacheRecordKey - The key of the cache record to delete.
-     * @returns {Promise<void>} - A promise that resolves when the record is deleted from the cache.
-     */
-    deleteRecord(cacheRecordKey: string): Promise<void>;
-    /**
-     * Deletes a batch of records from the cache.
-     *
-     * @param {string[]} cacheRecordKeys - The keys of the cache records to delete.
-     * @returns {Promise<void>} - A promise that resolves when the records are deleted from the cache.
-     */
-    deleteBatchRecords(cacheRecordKeys: string[]): Promise<void>;
-    /**
-     * Dequeues a record from the cache.
-     *
-     * @param {string} cacheRecordKey - The key of the cache record to dequeue.
-     * @returns {Promise<void>} - A promise that resolves when the record is dequeued from the cache.
-     */
-    dequeueRecord<T>(queueName: string): Promise<T>;
-    /**
-     * Dequeues a batch of records from the cache.
-     *
-     * @param {string[]} cacheRecordKeys - The keys of the cache records to dequeue.
-     * @returns {Promise<void>} - A promise that resolves when the records are dequeued from the cache.
-     */
-    dequeueBatchRecords<T>(queueName: string, pageSize: number): Promise<T[]>;
-    /**
-     * Reads a record from the cache.
-     *
-     * @param {string} cacheRecordKey - The key of the cache record to read.
-     * @returns {Promise<TtlCacheRecord>} - A promise that resolves with the cache record.
-     */
-    readRecord<T>(cacheRecordKey: string): Promise<TtlCacheRecord<T>>;
-    /**
-     * Reads a batch of records from the cache.
-     *
-     * @param {string[] | string} cacheRecordKeysOrPrefix - The keys of the cache records to read or a prefix to match.
-     * @returns {Promise<TtlCacheRecord<T>[]>} - A promise that resolves with the cache records.
-     */
-    readBatchRecords<T>(cacheRecordKeysOrPrefix: string[] | string): Promise<TtlCacheRecord<T>[]>;
-    /**
-     * Peeks at a record in the cache to check if it exists.
-     *
-     * @param {string} cacheRecordKey - The key of the cache record to peek at.
-     * @returns {Promise<boolean>} - A promise that resolves with a boolean indicating if the record exists.
-     */
-    peekRecord(cacheRecordKey: string): Promise<boolean>;
-    /**
-     * Peeks at a batch of records in the cache to check if they exist.
-     *
-     * @param {string[] | string} cacheRecordKeysOrPrefix - The keys of the cache records to peek at or a prefix to match.
-     * @returns {Promise<boolean[]>} - A promise that resolves with an array of booleans indicating if the records exist.
-     */
-    peekBatchRecords(cacheRecordKeysOrPrefix: string[] | string): Promise<boolean[]>;
-    /**
-     * Peeks at a record in the cache to check if it exists.
-     *
-     * @param {string} queueName - The name of the queue to peek at.
-     * @returns {Promise<T>} - A promise that resolves with the record.
-     */
-    peekQueueRecord<T>(queueName: string): Promise<T>;
-    /**
-     * Peeks at a batch of records in the cache to check if they exist.
-     *
-     * @param {string} queueName - The name of the queue to peek at.
-     * @returns {Promise<T[]>} - A promise that resolves with the records.
-     */
-    peekQueueRecords<T>(queueName: string, pageSize: number): Promise<T[]>;
-    /**
-     * Gets the TTL (Time-To-Live) in milliseconds.
-     *
-     * @returns {number} - The TTL in milliseconds.
-     */
-    getTtlMilliseconds(): number;
-    /**
-     * Lists the keys in the cache that match a pattern prefix.
-     *
-     * @param {string} pattern_prefix - The pattern prefix to match.
-     * @returns {Promise<string[]>} - A promise that resolves with an array of keys matching the pattern prefix.
-     */
-    listKeys(pattern_prefix: string): Promise<string[]>;
-}
-
-export { type TtlCache, type TtlCacheRecord, createCacheKey };
+export { createCacheKey };

package/lib/cache/index.d.ts

@@ -1,3 +1,5 @@
+export { T as TtlCache, a as TtlCacheRecord } from '../ttlCache.interface-DClm-lSa.js';
+
 /**
  * Creates a function that generates cache keys with a given prefix.
  *
@@ -9,136 +11,4 @@
  */
 declare const createCacheKey: (cacheKeyPrefix: string) => (id: string) => string;
 
-/**
- * Type representing a TTL (Time-To-Live) cache record.
- *
- * @typedef {Object} TtlCacheRecord
- * @property {string} key - The key of the cache record.
- * @property {any} value - The value of the cache record.
- * @property {number} ttlMilliseconds - The time-to-live of the cache record in milliseconds.
- */
-type TtlCacheRecord<T> = {
-    key: string;
-    value: T;
-    ttlMilliseconds: number;
-};
-
-/**
- * Interface representing a TTL (Time-To-Live) cache.
- */
-interface TtlCache {
-    /**
-     * Puts a record into the cache.
-     *
-     * @param {TtlCacheRecord} cacheRecord - The cache record to put into the cache.
-     * @returns {Promise<void>} - A promise that resolves when the record is put into the cache.
-     */
-    putRecord<T>(cacheRecord: TtlCacheRecord<T>): Promise<void>;
-    /**
-     * Puts a batch of records into the cache.
-     *
-     * @param {TtlCacheRecord<T>[]} cacheRecords - The cache records to put into the cache.
-     * @returns {Promise<void>} - A promise that resolves when the records are put into the cache.
-     */
-    putBatchRecords<T>(cacheRecords: TtlCacheRecord<T>[]): Promise<void>;
-    /**
-     * Enqueues a record into the cache.
-     *
-     * @param {string} cacheRecordKey - The key of the cache record to enqueue.
-     * @returns {Promise<void>} - A promise that resolves when the record is enqueued into the cache.
-     */
-    enqueueRecord<T>(queueName: string, cacheRecord: T): Promise<void>;
-    /**
-     *
-     * Enqueues a batch of records into the cache.
-     *
-     * @param {string[]} cacheRecordKeys - The keys of the cache records to enqueue.
-     * @returns {Promise<void>} - A promise that resolves when the records are enqueued into the cache.
-     */
-    enqueueBatchRecords<T>(queueName: string, cacheRecords: T[]): Promise<void>;
-    /**
-     * Deletes a record from the cache.
-     *
-     * @param {string} cacheRecordKey - The key of the cache record to delete.
-     * @returns {Promise<void>} - A promise that resolves when the record is deleted from the cache.
-     */
-    deleteRecord(cacheRecordKey: string): Promise<void>;
-    /**
-     * Deletes a batch of records from the cache.
-     *
-     * @param {string[]} cacheRecordKeys - The keys of the cache records to delete.
-     * @returns {Promise<void>} - A promise that resolves when the records are deleted from the cache.
-     */
-    deleteBatchRecords(cacheRecordKeys: string[]): Promise<void>;
-    /**
-     * Dequeues a record from the cache.
-     *
-     * @param {string} cacheRecordKey - The key of the cache record to dequeue.
-     * @returns {Promise<void>} - A promise that resolves when the record is dequeued from the cache.
-     */
-    dequeueRecord<T>(queueName: string): Promise<T>;
-    /**
-     * Dequeues a batch of records from the cache.
-     *
-     * @param {string[]} cacheRecordKeys - The keys of the cache records to dequeue.
-     * @returns {Promise<void>} - A promise that resolves when the records are dequeued from the cache.
-     */
-    dequeueBatchRecords<T>(queueName: string, pageSize: number): Promise<T[]>;
-    /**
-     * Reads a record from the cache.
-     *
-     * @param {string} cacheRecordKey - The key of the cache record to read.
-     * @returns {Promise<TtlCacheRecord>} - A promise that resolves with the cache record.
-     */
-    readRecord<T>(cacheRecordKey: string): Promise<TtlCacheRecord<T>>;
-    /**
-     * Reads a batch of records from the cache.
-     *
-     * @param {string[] | string} cacheRecordKeysOrPrefix - The keys of the cache records to read or a prefix to match.
-     * @returns {Promise<TtlCacheRecord<T>[]>} - A promise that resolves with the cache records.
-     */
-    readBatchRecords<T>(cacheRecordKeysOrPrefix: string[] | string): Promise<TtlCacheRecord<T>[]>;
-    /**
-     * Peeks at a record in the cache to check if it exists.
-     *
-     * @param {string} cacheRecordKey - The key of the cache record to peek at.
-     * @returns {Promise<boolean>} - A promise that resolves with a boolean indicating if the record exists.
-     */
-    peekRecord(cacheRecordKey: string): Promise<boolean>;
-    /**
-     * Peeks at a batch of records in the cache to check if they exist.
-     *
-     * @param {string[] | string} cacheRecordKeysOrPrefix - The keys of the cache records to peek at or a prefix to match.
-     * @returns {Promise<boolean[]>} - A promise that resolves with an array of booleans indicating if the records exist.
-     */
-    peekBatchRecords(cacheRecordKeysOrPrefix: string[] | string): Promise<boolean[]>;
-    /**
-     * Peeks at a record in the cache to check if it exists.
-     *
-     * @param {string} queueName - The name of the queue to peek at.
-     * @returns {Promise<T>} - A promise that resolves with the record.
-     */
-    peekQueueRecord<T>(queueName: string): Promise<T>;
-    /**
-     * Peeks at a batch of records in the cache to check if they exist.
-     *
-     * @param {string} queueName - The name of the queue to peek at.
-     * @returns {Promise<T[]>} - A promise that resolves with the records.
-     */
-    peekQueueRecords<T>(queueName: string, pageSize: number): Promise<T[]>;
-    /**
-     * Gets the TTL (Time-To-Live) in milliseconds.
-     *
-     * @returns {number} - The TTL in milliseconds.
-     */
-    getTtlMilliseconds(): number;
-    /**
-     * Lists the keys in the cache that match a pattern prefix.
-     *
-     * @param {string} pattern_prefix - The pattern prefix to match.
-     * @returns {Promise<string[]>} - A promise that resolves with an array of keys matching the pattern prefix.
-     */
-    listKeys(pattern_prefix: string): Promise<string[]>;
-}
-
-export { type TtlCache, type TtlCacheRecord, createCacheKey };
+export { createCacheKey };

package/lib/http/index.d.mts

@@ -3,8 +3,8 @@ export { ParsedQs } from 'qs';
 import { Prettify, SanitizePathSlashes, PrettyCamelCase, TypeSafeFunction, UnionToIntersection, EmptyObject } from '@forklaunch/common';
 import { AnySchemaValidator } from '@forklaunch/validator';
 import { ServerOptions, IncomingMessage, ServerResponse } from 'node:http';
-import { M as Method, P as PathParamHttpContractDetails, H as HttpContractDetails, E as ExpressLikeRouterOptions, a as SessionObject, b as ParamsObject, R as ResponsesObject, B as Body, Q as QueryObject, c as HeadersObject, V as VersionSchema, d as SchemaAuthMethods, e as ExpressLikeSchemaHandler, f as ResolvedSessionObject, C as ContractDetails, g as PathMatch, L as LiveTypeFunction, h as LiveSdkFunction, A as AuthMethodsBase, O as OpenTelemetryCollector, i as MetricsDefinition, j as ExpressLikeApplicationOptions, k as ParamsDictionary, l as VersionedRequests, m as AuthMethods, D as DecodeResource, n as BasicAuthMethods, F as ForklaunchRequest, o as MiddlewareContractDetails, p as ExpressLikeSchemaAuthMapper, q as ForklaunchNextFunction, r as ForklaunchResponse, s as ForklaunchResHeaders, t as ForklaunchStatusResponse, u as ForklaunchSendableData, T as TelemetryOptions, v as LoggerMeta, w as LogFn } from '../apiDefinition.types-DnUkFmfT.mjs';
-export { x as BodyObject, y as DefaultSubscriptionData, z as DocsConfiguration, G as ErrorContainer, I as ExpressLikeAuthMapper, J as ExpressLikeGlobalAuthOptions, K as ExpressLikeHandler, N as ExpressLikeSchemaGlobalAuthOptions, U as ExtractBody, W as ExtractContentType, X as ExtractResponseBody, Y as ExtractedParamsObject, Z as FileBody, _ as ForklaunchBaseRequest, $ as ForklaunchResErrors, a0 as HmacMethods, a1 as HttpMethod, a2 as JsonBody, a3 as JwtAuthMethods, a4 as LiveTypeFunctionRequestInit, a5 as MapParamsSchema, a6 as MapReqBodySchema, a7 as MapReqHeadersSchema, a8 as MapReqQuerySchema, a9 as MapResBodyMapSchema, aa as MapResHeadersSchema, ab as MapSchema, ac as MapSessionSchema, ad as MapVersionedReqsSchema, ae as MapVersionedRespsSchema, af as MetricType, ag as MultipartForm, ah as NumberOnlyObject, ai as PathParamMethod, aj as RawTypedResponseBody, ak as RequestContext, al as ResolvedForklaunchAuthRequest, am as ResolvedForklaunchRequest, an as ResolvedForklaunchResponse, ao as ResponseBody, ap as ResponseCompiledSchema, aq as ResponseShape, ar as ServerSentEventBody, S as StringOnlyObject, as as TextBody, at as TypedBody, au as TypedRequestBody, av as TypedResponseBody, aw as UnknownBody, ax as UnknownResponseBody, ay as UrlEncodedForm, az as VersionedResponses, aA as httpRequestsTotalCounter, aB as httpServerDurationHistogram } from '../apiDefinition.types-DnUkFmfT.mjs';
+import { M as Method, P as PathParamHttpContractDetails, H as HttpContractDetails, E as ExpressLikeRouterOptions, a as SessionObject, b as ParamsObject, R as ResponsesObject, B as Body, Q as QueryObject, c as HeadersObject, V as VersionSchema, d as SchemaAuthMethods, e as ExpressLikeSchemaHandler, f as ResolvedSessionObject, C as ContractDetails, g as PathMatch, L as LiveTypeFunction, h as LiveSdkFunction, A as AuthMethodsBase, O as OpenTelemetryCollector, i as MetricsDefinition, j as ExpressLikeApplicationOptions, k as ParamsDictionary, l as VersionedRequests, m as AuthMethods, D as DecodeResource, n as BasicAuthMethods, F as ForklaunchRequest, o as MiddlewareContractDetails, p as ExpressLikeSchemaAuthMapper, q as ForklaunchNextFunction, r as ForklaunchResponse, s as ForklaunchResHeaders, t as ForklaunchStatusResponse, u as ForklaunchSendableData, T as TelemetryOptions, v as LoggerMeta, w as LogFn } from '../apiDefinition.types-Br0fDuBQ.mjs';
+export { x as AccessLevel, y as BodyObject, z as DefaultSubscriptionData, G as DocsConfiguration, I as ErrorContainer, J as ExpressLikeAuthMapper, K as ExpressLikeGlobalAuthOptions, N as ExpressLikeHandler, U as ExpressLikeSchemaGlobalAuthOptions, W as ExtractBody, X as ExtractContentType, Y as ExtractResponseBody, Z as ExtractedParamsObject, _ as FileBody, $ as ForklaunchBaseRequest, a0 as ForklaunchResErrors, a1 as HmacMethods, a2 as HttpMethod, a3 as JsonBody, a4 as JwtAuthMethods, a5 as LiveTypeFunctionRequestInit, a6 as MapParamsSchema, a7 as MapReqBodySchema, a8 as MapReqHeadersSchema, a9 as MapReqQuerySchema, aa as MapResBodyMapSchema, ab as MapResHeadersSchema, ac as MapSchema, ad as MapSessionSchema, ae as MapVersionedReqsSchema, af as MapVersionedRespsSchema, ag as MetricType, ah as MultipartForm, ai as NumberOnlyObject, aj as PathParamMethod, ak as PermissionSet, al as RawTypedResponseBody, am as RequestContext, an as ResolvedForklaunchAuthRequest, ao as ResolvedForklaunchRequest, ap as ResolvedForklaunchResponse, aq as ResponseBody, ar as ResponseCompiledSchema, as as ResponseShape, at as RoleSet, au as ServerSentEventBody, S as StringOnlyObject, av as TextBody, aw as TypedBody, ax as TypedRequestBody, ay as TypedResponseBody, az as UnknownBody, aA as UnknownResponseBody, aB as UrlEncodedForm, aC as VersionedResponses, aD as httpRequestsTotalCounter, aE as httpServerDurationHistogram } from '../apiDefinition.types-Br0fDuBQ.mjs';
 import { JWTPayload, JWK } from 'jose';
 import { ZodSchemaValidator } from '@forklaunch/validator/zod';
 import { FastMCP } from 'fastmcp';
@@ -13,6 +13,7 @@ import { OpenAPIObject } from 'openapi3-ts/oas31';
 import pino, { LevelWithSilentOrString, LevelWithSilent } from 'pino';
 export { LevelWithSilent, LevelWithSilentOrString, Logger } from 'pino';
 import { AnyValueMap } from '@opentelemetry/api-logs';
+import { T as TtlCache } from '../ttlCache.interface-DClm-lSa.mjs';
 export { ATTR_HTTP_REQUEST_METHOD, ATTR_HTTP_RESPONSE_STATUS_CODE, ATTR_HTTP_ROUTE, ATTR_SERVICE_NAME } from '@opentelemetry/semantic-conventions';
 import '@opentelemetry/api';
 import 'stream';
@@ -1125,6 +1126,25 @@ declare function discriminateResponseBodies<SV extends AnySchemaValidator>(schem
     schema: SV["_ValidSchemaObject"];
 }>;
 
+type AuditEntry = {
+    timestamp: string;
+    userId: string | null;
+    tenantId: string | null;
+    route: string;
+    method: string;
+    bodyHash: string;
+    status: number;
+    duration: number;
+    redactedFields: string[];
+    eventType: 'http' | 'ws' | 'auth_failure' | 'rate_limit' | 'rbac_deny' | 'super_admin_bypass';
+};
+declare class AuditLogger {
+    #private;
+    constructor(otel: OpenTelemetryCollector<MetricsDefinition>);
+    append(entry: AuditEntry): void;
+    static hashBody(body: string | Buffer | undefined | null): string;
+}
+
 declare const ATTR_API_NAME = "api.name";
 declare const ATTR_CORRELATION_ID = "correlation.id";
 declare const ATTR_APPLICATION_ID = "application_id";
@@ -1158,4 +1178,69 @@ declare function logger(level: LevelWithSilentOrString, meta?: AnyValueMap): Pin
 
 declare function recordMetric<SV extends AnySchemaValidator, P extends ParamsDictionary, ReqBody extends Record<string, unknown>, ReqQuery extends ParsedQs, ResBodyMap extends Record<string, unknown>, ReqHeaders extends Record<string, string>, ResHeaders extends Record<string, unknown>, LocalsObj extends Record<string, unknown>, VersionedReqs extends VersionedRequests, SessionSchema extends Record<string, unknown>>(req: ForklaunchRequest<SV, P, ReqBody, ReqQuery, ReqHeaders, Extract<keyof VersionedReqs, string>, SessionSchema>, res: ForklaunchResponse<unknown, ResBodyMap, ResHeaders, LocalsObj, Extract<keyof VersionedReqs, string>>): void;
 
-export { ATTR_API_NAME, ATTR_APPLICATION_ID, ATTR_CORRELATION_ID, AuthMethods, AuthMethodsBase, BasicAuthMethods, Body, type ClusterConfig, type ConstrainedForklaunchRouter, ContractDetails, type ContractDetailsExpressLikeSchemaHandler, type ContractDetailsOrMiddlewareOrTypedHandler, DecodeResource, ExpressLikeApplicationOptions, type ExpressLikeRouter, ExpressLikeRouterOptions, ExpressLikeSchemaAuthMapper, ExpressLikeSchemaHandler, type ExpressLikeTypedHandler, type ExtractLiveTypeFn, type FetchFunction, ForklaunchExpressLikeApplication, ForklaunchExpressLikeRouter, ForklaunchNextFunction, ForklaunchRequest, ForklaunchResHeaders, ForklaunchResponse, type ForklaunchRoute, type ForklaunchRouter, ForklaunchSendableData, ForklaunchStatusResponse, HTTPStatuses, HeadersObject, HttpContractDetails, LiveSdkFunction, LiveTypeFunction, type LiveTypeRouteDefinition, LogFn, LoggerMeta, type MapHandlerToLiveSdk, type MapToFetch, type MapToSdk, Method, MetricsDefinition, MiddlewareContractDetails, type MiddlewareOrMiddlewareWithTypedHandler, type NestableRouterBasedHandler, OPENAPI_DEFAULT_VERSION, OpenTelemetryCollector, ParamsDictionary, ParamsObject, type PathBasedHandler, PathMatch, type PathOrMiddlewareBasedHandler, PathParamHttpContractDetails, PinoLogger, QueryObject, ResolvedSessionObject, ResponsesObject, type RouterMap, type RoutingStrategy, SchemaAuthMethods, type SdkHandler, type SdkHandlerObject, type SdkRouter, SessionObject, type StatusCode, TelemetryOptions, type ToFetchMap, type TypedHandler, type TypedMiddlewareDefinition, type TypedNestableMiddlewareDefinition, VersionSchema, VersionedRequests, createContext, createHmacToken, delete_, discriminateAuthMethod, discriminateBody, discriminateResponseBodies, enrichExpressLikeSend, evaluateTelemetryOptions, extractRouteHandlers, generateHmacAuthHeaders, generateMcpServer, generateOpenApiSpecs, get, getCachedJwks, getCodeForStatus, head, isClientError, isForklaunchRequest, isForklaunchRouter, isInformational, isPortBound, isRedirection, isServerError, isSuccessful, isValidStatusCode, logger, meta, metricsDefinitions, middleware, options, patch, post, put, recordMetric, trace, typedAuthHandler, typedHandler };
+/**
+ * Configuration for rate limiting with separate read/write limits.
+ */
+type RateLimitConfig = {
+    /** Max requests per window for GET/HEAD/OPTIONS */
+    read: number;
+    /** Max requests per window for POST/PUT/PATCH/DELETE */
+    write: number;
+    /** Window duration in milliseconds */
+    windowMs: number;
+};
+/**
+ * Result of a rate limit check.
+ */
+type RateLimitResult = {
+    /** Whether the request is allowed */
+    allowed: boolean;
+    /** Number of remaining requests in the current window */
+    remaining: number;
+    /** Unix timestamp (ms) when the current window resets */
+    resetAt: number;
+};
+/**
+ * Rate limiter backed by a TtlCache.
+ *
+ * Uses a sliding-window counter pattern: each unique key maps to a
+ * {@link RateLimitCounter} stored in the cache with a TTL equal to the
+ * configured window duration.
+ */
+declare class RateLimiter {
+    private cache;
+    constructor(cache: TtlCache);
+    /**
+     * Check whether the given key is within its rate limit.
+     *
+     * The counter is read from the cache, incremented, and written back.
+     * If the cache is unreachable the limiter **fails open** (allows the
+     * request) so that a cache outage does not take down the service.
+     *
+     * @param key - The rate limit key (see {@link RateLimiter.buildKey}).
+     * @param limit - Maximum number of requests allowed in the window.
+     * @param windowMs - Window duration in milliseconds.
+     */
+    check(key: string, limit: number, windowMs: number): Promise<RateLimitResult>;
+    /**
+     * Build a rate limit key from request context parts.
+     *
+     * Format: `ratelimit:{tenantId}:{route}:{userId}:{operationType}`
+     *
+     * When `tenantId` or `userId` is `null`, the placeholder `"anon"` is used.
+     */
+    static buildKey(parts: {
+        tenantId: string | null;
+        route: string;
+        userId: string | null;
+        operationType: 'read' | 'write';
+    }): string;
+    /**
+     * Determine whether an HTTP method is a read or write operation.
+     *
+     * GET, HEAD, and OPTIONS are reads; everything else is a write.
+     */
+    static operationType(method: string): 'read' | 'write';
+}
+
+export { ATTR_API_NAME, ATTR_APPLICATION_ID, ATTR_CORRELATION_ID, type AuditEntry, AuditLogger, AuthMethods, AuthMethodsBase, BasicAuthMethods, Body, type ClusterConfig, type ConstrainedForklaunchRouter, ContractDetails, type ContractDetailsExpressLikeSchemaHandler, type ContractDetailsOrMiddlewareOrTypedHandler, DecodeResource, ExpressLikeApplicationOptions, type ExpressLikeRouter, ExpressLikeRouterOptions, ExpressLikeSchemaAuthMapper, ExpressLikeSchemaHandler, type ExpressLikeTypedHandler, type ExtractLiveTypeFn, type FetchFunction, ForklaunchExpressLikeApplication, ForklaunchExpressLikeRouter, ForklaunchNextFunction, ForklaunchRequest, ForklaunchResHeaders, ForklaunchResponse, type ForklaunchRoute, type ForklaunchRouter, ForklaunchSendableData, ForklaunchStatusResponse, HTTPStatuses, HeadersObject, HttpContractDetails, LiveSdkFunction, LiveTypeFunction, type LiveTypeRouteDefinition, LogFn, LoggerMeta, type MapHandlerToLiveSdk, type MapToFetch, type MapToSdk, Method, MetricsDefinition, MiddlewareContractDetails, type MiddlewareOrMiddlewareWithTypedHandler, type NestableRouterBasedHandler, OPENAPI_DEFAULT_VERSION, OpenTelemetryCollector, ParamsDictionary, ParamsObject, type PathBasedHandler, PathMatch, type PathOrMiddlewareBasedHandler, PathParamHttpContractDetails, PinoLogger, QueryObject, type RateLimitConfig, type RateLimitResult, RateLimiter, ResolvedSessionObject, ResponsesObject, type RouterMap, type RoutingStrategy, SchemaAuthMethods, type SdkHandler, type SdkHandlerObject, type SdkRouter, SessionObject, type StatusCode, TelemetryOptions, type ToFetchMap, type TypedHandler, type TypedMiddlewareDefinition, type TypedNestableMiddlewareDefinition, VersionSchema, VersionedRequests, createContext, createHmacToken, delete_, discriminateAuthMethod, discriminateBody, discriminateResponseBodies, enrichExpressLikeSend, evaluateTelemetryOptions, extractRouteHandlers, generateHmacAuthHeaders, generateMcpServer, generateOpenApiSpecs, get, getCachedJwks, getCodeForStatus, head, isClientError, isForklaunchRequest, isForklaunchRouter, isInformational, isPortBound, isRedirection, isServerError, isSuccessful, isValidStatusCode, logger, meta, metricsDefinitions, middleware, options, patch, post, put, recordMetric, trace, typedAuthHandler, typedHandler };