@gravito/core 1.0.0-beta.6

package/dist/index.js

@@ -0,0 +1,4688 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// package.json
+var package_default = {
+  name: "@gravito/core",
+  version: "1.0.0-beta.6",
+  description: "",
+  module: "./dist/index.js",
+  main: "./dist/index.cjs",
+  type: "module",
+  types: "./dist/index.d.ts",
+  exports: {
+    ".": {
+      types: "./dist/index.d.ts",
+      import: "./dist/index.js",
+      require: "./dist/index.cjs"
+    },
+    "./compat": {
+      types: "./dist/compat.d.ts",
+      import: "./dist/compat.js",
+      require: "./dist/compat.cjs"
+    }
+  },
+  files: [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  scripts: {
+    build: "bun run build.ts",
+    test: "bun test",
+    "test:coverage": "bun test --coverage --coverage-threshold=80",
+    "test:ci": "bun test --coverage --coverage-threshold=80",
+    lint: "biome lint ./src ./tests",
+    "lint:fix": "biome lint --write ./src ./tests",
+    format: "biome format --write ./src ./tests",
+    "format:check": "biome format ./src ./tests",
+    check: "biome check ./src ./tests",
+    "check:fix": "biome check --write ./src ./tests",
+    typecheck: "bun tsc -p tsconfig.json --noEmit --skipLibCheck",
+    prepublishOnly: "bun run typecheck && bun run test && bun run build"
+  },
+  keywords: [],
+  author: "Carl Lee <carllee0520@gmail.com>",
+  license: "MIT",
+  repository: {
+    type: "git",
+    url: "git+https://github.com/gravito-framework/gravito.git",
+    directory: "packages/core"
+  },
+  bugs: {
+    url: "https://github.com/gravito-framework/gravito/issues"
+  },
+  homepage: "https://github.com/gravito-framework/gravito#readme",
+  engines: {
+    node: ">=18.0.0"
+  },
+  devDependencies: {
+    "bun-types": "latest",
+    tsup: "^8.5.1",
+    typescript: "^5.9.3"
+  },
+  publishConfig: {
+    access: "public",
+    registry: "https://registry.npmjs.org/"
+  },
+  dependencies: {
+    "@gravito/photon": "workspace:*"
+  }
+};
+
+// src/adapters/PhotonAdapter.ts
+var PhotonRequestWrapper = class {
+  constructor(photonCtx) {
+    this.photonCtx = photonCtx;
+  }
+  get url() {
+    return this.photonCtx.req.url;
+  }
+  get method() {
+    return this.photonCtx.req.method;
+  }
+  get path() {
+    return this.photonCtx.req.path;
+  }
+  param(name) {
+    return this.photonCtx.req.param(name);
+  }
+  params() {
+    return this.photonCtx.req.param();
+  }
+  query(name) {
+    return this.photonCtx.req.query(name);
+  }
+  queries() {
+    return this.photonCtx.req.queries();
+  }
+  header(name) {
+    if (name) {
+      return this.photonCtx.req.header(name);
+    }
+    return this.photonCtx.req.header();
+  }
+  async json() {
+    return this.photonCtx.req.json();
+  }
+  async text() {
+    return this.photonCtx.req.text();
+  }
+  async formData() {
+    return this.photonCtx.req.formData();
+  }
+  async arrayBuffer() {
+    return this.photonCtx.req.arrayBuffer();
+  }
+  async parseBody() {
+    return this.photonCtx.req.parseBody();
+  }
+  get raw() {
+    return this.photonCtx.req.raw;
+  }
+  valid(target) {
+    return this.photonCtx.req.valid(target);
+  }
+};
+var PhotonContextWrapper = class _PhotonContextWrapper {
+  constructor(photonCtx) {
+    this.photonCtx = photonCtx;
+    this._req = new PhotonRequestWrapper(photonCtx);
+  }
+  _req;
+  /**
+   * Create a proxied instance to enable object destructuring of context variables
+   * This allows: async list({ userService }: Context)
+   */
+  static create(photonCtx) {
+    const instance = new _PhotonContextWrapper(photonCtx);
+    return new Proxy(instance, {
+      get(target, prop, receiver) {
+        if (prop in target) {
+          const value2 = Reflect.get(target, prop, receiver);
+          if (typeof value2 === "function") {
+            return value2.bind(target);
+          }
+          return value2;
+        }
+        if (typeof prop === "string") {
+          return target.get(prop);
+        }
+        return void 0;
+      }
+    });
+  }
+  get req() {
+    return this._req;
+  }
+  json(data, status) {
+    if (status !== void 0) {
+      return this.photonCtx.json(data, status);
+    }
+    return this.photonCtx.json(data);
+  }
+  text(text, status) {
+    if (status !== void 0) {
+      return this.photonCtx.text(text, status);
+    }
+    return this.photonCtx.text(text);
+  }
+  html(html, status) {
+    if (status !== void 0) {
+      return this.photonCtx.html(html, status);
+    }
+    return this.photonCtx.html(html);
+  }
+  redirect(url, status = 302) {
+    return this.photonCtx.redirect(url, status);
+  }
+  body(data, status) {
+    if (data === null) {
+      return this.photonCtx.body(null, status);
+    }
+    return new Response(data, {
+      status: status ?? 200,
+      headers: new Headers()
+    });
+  }
+  stream(stream, status) {
+    return new Response(stream, {
+      status: status ?? 200,
+      headers: {
+        "Content-Type": "application/octet-stream"
+      }
+    });
+  }
+  notFound(message) {
+    return this.photonCtx.text(message ?? "Not Found", 404);
+  }
+  forbidden(message) {
+    return this.photonCtx.text(message ?? "Forbidden", 403);
+  }
+  unauthorized(message) {
+    return this.photonCtx.text(message ?? "Unauthorized", 401);
+  }
+  badRequest(message) {
+    return this.photonCtx.text(message ?? "Bad Request", 400);
+  }
+  header(name, value2, options) {
+    if (value2 !== void 0) {
+      if (options?.append) {
+        this.photonCtx.header(name, value2, { append: true });
+      } else {
+        this.photonCtx.header(name, value2);
+      }
+      return void 0;
+    }
+    return this.photonCtx.req.header(name);
+  }
+  status(code) {
+    this.photonCtx.status(code);
+  }
+  get(key) {
+    return this.photonCtx.get(key);
+  }
+  set(key, value2) {
+    this.photonCtx.set(key, value2);
+  }
+  get executionCtx() {
+    return this.photonCtx.executionCtx;
+  }
+  get env() {
+    return this.photonCtx.env;
+  }
+  get native() {
+    return this.photonCtx;
+  }
+};
+function toPhotonMiddleware(middleware) {
+  return async (c, next) => {
+    const ctx = PhotonContextWrapper.create(c);
+    const gravitoNext = async () => {
+      await next();
+    };
+    return middleware(ctx, gravitoNext);
+  };
+}
+function toPhotonErrorHandler(handler) {
+  return async (err, c) => {
+    const ctx = PhotonContextWrapper.create(c);
+    return handler(err, ctx);
+  };
+}
+var PhotonAdapter = class {
+  constructor(config2 = {}, photonInstance) {
+    this.config = config2;
+    if (photonInstance) {
+      this.app = photonInstance;
+    } else {
+      const { Photon: PhotonClass } = __require("@gravito/photon");
+      this.app = new PhotonClass();
+    }
+  }
+  name = "photon";
+  version = "1.0.0";
+  app;
+  /**
+   * Get the underlying Photon app instance
+   */
+  get native() {
+    return this.app;
+  }
+  /**
+   * Set the underlying Photon app instance
+   * Used by PlanetCore during initialization
+   */
+  setNative(app2) {
+    this.app = app2;
+  }
+  route(method, path2, ...handlers) {
+    const fullPath = (this.config.basePath || "") + path2;
+    const photonHandlers = handlers.map((h) => toPhotonMiddleware(h));
+    const methodFn = this.app[method];
+    if (typeof methodFn !== "function") {
+      throw new Error(`Unsupported HTTP method: ${method}`);
+    }
+    methodFn.call(this.app, fullPath, ...photonHandlers);
+  }
+  routes(routes) {
+    for (const routeDef of routes) {
+      const middlewareHandlers = (routeDef.middleware || []).map(
+        (m) => m
+      );
+      const allHandlers = [
+        ...middlewareHandlers,
+        ...routeDef.handlers
+      ];
+      this.route(routeDef.method, routeDef.path, ...allHandlers);
+    }
+  }
+  use(path2, ...middleware) {
+    const fullPath = (this.config.basePath || "") + path2;
+    const photonMiddleware = middleware.map((m) => toPhotonMiddleware(m));
+    for (const m of photonMiddleware) {
+      this.app.use(fullPath, m);
+    }
+  }
+  useGlobal(...middleware) {
+    this.use("*", ...middleware);
+  }
+  mount(path2, subAdapter) {
+    if (subAdapter.name === "photon") {
+      this.app.route(path2, subAdapter.native);
+    } else {
+      this.use(`${path2}/*`, async (ctx) => {
+        const response = await subAdapter.fetch(ctx.req.raw);
+        return response;
+      });
+    }
+  }
+  onError(handler) {
+    this.app.onError(toPhotonErrorHandler(handler));
+  }
+  onNotFound(handler) {
+    this.app.notFound(async (c) => {
+      const ctx = PhotonContextWrapper.create(c);
+      return handler(ctx);
+    });
+  }
+  fetch = (request, server) => {
+    return this.app.fetch(request, server);
+  };
+  createContext(_request) {
+    throw new Error(
+      "PhotonAdapter.createContext() should not be called directly. Use the router pipeline instead."
+    );
+  }
+  async init() {
+  }
+  async shutdown() {
+  }
+};
+function createPhotonAdapter(config2) {
+  return new PhotonAdapter(config2);
+}
+var GravitoAdapter = PhotonAdapter;
+var createGravitoAdapter = createPhotonAdapter;
+
+// src/adapters/types.ts
+function isHttpAdapter(value2) {
+  return typeof value2 === "object" && value2 !== null && "name" in value2 && "fetch" in value2 && typeof value2.fetch === "function" && "route" in value2 && typeof value2.route === "function";
+}
+
+// src/Application.ts
+import fs from "fs/promises";
+import path from "path";
+import { pathToFileURL } from "url";
+
+// src/runtime.ts
+import { createRequire } from "module";
+var getRuntimeEnv = () => {
+  const kind = getRuntimeKind();
+  if (kind === "bun" && typeof Bun !== "undefined") {
+    return Bun.env;
+  }
+  if (kind === "deno") {
+    const deno = globalThis.Deno;
+    if (deno?.env?.toObject) {
+      return deno.env.toObject();
+    }
+  }
+  if (typeof process !== "undefined" && process.env) {
+    return process.env;
+  }
+  return {};
+};
+var getRuntimeKind = () => {
+  if (typeof Bun !== "undefined" && typeof Bun.spawn === "function") {
+    return "bun";
+  }
+  const denoRuntime = globalThis.Deno;
+  if (typeof denoRuntime !== "undefined" && typeof denoRuntime?.version?.deno === "string") {
+    return "deno";
+  }
+  if (typeof process !== "undefined" && process.versions?.node) {
+    return "node";
+  }
+  return "unknown";
+};
+var toUint8Array = async (data) => {
+  if (data instanceof Uint8Array) {
+    return data;
+  }
+  if (typeof data === "string") {
+    return new TextEncoder().encode(data);
+  }
+  if (data instanceof ArrayBuffer) {
+    return new Uint8Array(data);
+  }
+  if (typeof Buffer !== "undefined" && data instanceof Buffer) {
+    return new Uint8Array(data);
+  }
+  if (data instanceof Blob) {
+    return new Uint8Array(await data.arrayBuffer());
+  }
+  return new Uint8Array();
+};
+var createBunAdapter = () => ({
+  kind: "bun",
+  spawn(command, options = {}) {
+    const [cmd, ...args] = command;
+    if (!cmd) {
+      throw new Error("[RuntimeAdapter] spawn() requires a command");
+    }
+    const proc = Bun.spawn([cmd, ...args], {
+      cwd: options.cwd,
+      env: options.env,
+      stdin: options.stdin,
+      stdout: options.stdout ?? "pipe",
+      stderr: options.stderr ?? "pipe"
+    });
+    return {
+      exited: proc.exited,
+      stdout: proc.stdout ?? null,
+      stderr: proc.stderr ?? null,
+      kill: (signal) => {
+        const bunSignal = typeof signal === "number" ? signal : signal;
+        proc.kill(bunSignal);
+      }
+    };
+  },
+  async writeFile(path2, data) {
+    await Bun.write(path2, data);
+  },
+  async readFile(path2) {
+    const file = Bun.file(path2);
+    const buffer = await file.arrayBuffer();
+    return new Uint8Array(buffer);
+  },
+  async readFileAsBlob(path2) {
+    return Bun.file(path2);
+  },
+  async exists(path2) {
+    return await Bun.file(path2).exists();
+  },
+  async stat(path2) {
+    const stats = await Bun.file(path2).stat();
+    return { size: stats.size };
+  },
+  async deleteFile(path2) {
+    const fs2 = await import("fs/promises");
+    try {
+      await fs2.unlink(path2);
+    } catch {
+    }
+  },
+  serve(config2) {
+    return Bun.serve({
+      port: config2.port,
+      fetch: config2.fetch,
+      websocket: config2.websocket
+    });
+  }
+});
+var createNodeAdapter = () => ({
+  kind: "node",
+  spawn(command, options = {}) {
+    const [cmd, ...args] = command;
+    if (!cmd) {
+      throw new Error("[RuntimeAdapter] spawn() requires a command");
+    }
+    const require2 = createRequire(import.meta.url);
+    const childProcess = require2("node:child_process");
+    const stream = require2("node:stream");
+    const stdioMap = (value2) => {
+      if (value2 === "inherit") {
+        return "inherit";
+      }
+      if (value2 === "ignore") {
+        return "ignore";
+      }
+      return "pipe";
+    };
+    const stdinMap = (value2) => {
+      if (value2 === "inherit") {
+        return "inherit";
+      }
+      if (value2 === "ignore") {
+        return "ignore";
+      }
+      return "pipe";
+    };
+    const child = childProcess.spawn(cmd, args, {
+      cwd: options.cwd,
+      env: options.env,
+      stdio: [stdinMap(options.stdin), stdioMap(options.stdout), stdioMap(options.stderr)]
+    });
+    const toWeb = (streamReadable) => {
+      if (!streamReadable) {
+        return null;
+      }
+      const maybeWeb = streamReadable;
+      if (typeof maybeWeb.getReader === "function") {
+        return maybeWeb;
+      }
+      return stream.Readable.toWeb(streamReadable);
+    };
+    const exited = new Promise((resolve, reject) => {
+      child.on("error", reject);
+      child.on("exit", (code) => resolve(code ?? 0));
+    });
+    return {
+      exited,
+      stdout: toWeb(child.stdout),
+      stderr: toWeb(child.stderr),
+      kill: (signal) => child.kill(signal)
+    };
+  },
+  async writeFile(path2, data) {
+    const fs2 = await import("fs/promises");
+    const payload = await toUint8Array(data);
+    await fs2.writeFile(path2, payload);
+  },
+  async readFile(path2) {
+    const fs2 = await import("fs/promises");
+    const buffer = await fs2.readFile(path2);
+    return new Uint8Array(buffer);
+  },
+  async readFileAsBlob(path2) {
+    const buffer = await this.readFile(path2);
+    return new Blob([buffer]);
+  },
+  async exists(path2) {
+    const fs2 = await import("fs/promises");
+    try {
+      await fs2.access(path2);
+      return true;
+    } catch {
+      return false;
+    }
+  },
+  async stat(path2) {
+    const fs2 = await import("fs/promises");
+    const stats = await fs2.stat(path2);
+    return { size: stats.size };
+  },
+  async deleteFile(path2) {
+    const fs2 = await import("fs/promises");
+    try {
+      await fs2.unlink(path2);
+    } catch {
+    }
+  },
+  serve(_config) {
+    throw new Error("[RuntimeAdapter] Bun runtime is required for Bun.serve()");
+  }
+});
+var createDenoAdapter = () => ({
+  kind: "deno",
+  spawn(command, options = {}) {
+    const [cmd, ...args] = command;
+    if (!cmd) {
+      throw new Error("[RuntimeAdapter] spawn() requires a command");
+    }
+    const deno = globalThis.Deno;
+    if (!deno?.Command) {
+      throw new Error("[RuntimeAdapter] Deno runtime is required for spawn()");
+    }
+    const stdin = options.stdin === "inherit" ? "inherit" : options.stdin === "ignore" ? "null" : "piped";
+    const stdout = options.stdout === "inherit" ? "inherit" : options.stdout === "ignore" ? "null" : "piped";
+    const stderr = options.stderr === "inherit" ? "inherit" : options.stderr === "ignore" ? "null" : "piped";
+    const proc = new deno.Command(cmd, {
+      args,
+      cwd: options.cwd,
+      env: options.env,
+      stdin,
+      stdout,
+      stderr
+    }).spawn();
+    const exited = proc.status.then((status) => status.code ?? 0);
+    return {
+      exited,
+      stdout: proc.stdout ?? null,
+      stderr: proc.stderr ?? null,
+      kill: (signal) => {
+        const killSignal = typeof signal === "string" ? signal : "SIGTERM";
+        proc.kill(killSignal);
+      }
+    };
+  },
+  async writeFile(path2, data) {
+    const deno = globalThis.Deno;
+    if (!deno?.writeFile) {
+      throw new Error("[RuntimeAdapter] Deno runtime is required for writeFile()");
+    }
+    const payload = await toUint8Array(data);
+    await deno.writeFile(path2, payload);
+  },
+  async readFile(path2) {
+    const deno = globalThis.Deno;
+    if (!deno?.readFile) {
+      throw new Error("[RuntimeAdapter] Deno runtime is required for readFile()");
+    }
+    return await deno.readFile(path2);
+  },
+  async readFileAsBlob(path2) {
+    const buffer = await this.readFile(path2);
+    return new Blob([buffer]);
+  },
+  async exists(path2) {
+    const deno = globalThis.Deno;
+    if (!deno?.stat) {
+      throw new Error("[RuntimeAdapter] Deno runtime is required for exists()");
+    }
+    try {
+      await deno.stat(path2);
+      return true;
+    } catch {
+      return false;
+    }
+  },
+  async stat(path2) {
+    const deno = globalThis.Deno;
+    if (!deno?.stat) {
+      throw new Error("[RuntimeAdapter] Deno runtime is required for stat()");
+    }
+    const stats = await deno.stat(path2);
+    return { size: stats.size };
+  },
+  async deleteFile(path2) {
+    const deno = globalThis.Deno;
+    if (!deno?.remove) {
+      throw new Error("[RuntimeAdapter] Deno runtime is required for deleteFile()");
+    }
+    try {
+      await deno.remove(path2);
+    } catch {
+    }
+  },
+  serve(_config) {
+    throw new Error("[RuntimeAdapter] Bun runtime is required for Bun.serve()");
+  }
+});
+var createUnknownAdapter = () => ({
+  kind: "unknown",
+  spawn() {
+    throw new Error("[RuntimeAdapter] Unsupported runtime for spawn()");
+  },
+  async writeFile() {
+    throw new Error("[RuntimeAdapter] Unsupported runtime for writeFile()");
+  },
+  async readFile() {
+    throw new Error("[RuntimeAdapter] Unsupported runtime for readFile()");
+  },
+  async readFileAsBlob() {
+    throw new Error("[RuntimeAdapter] Unsupported runtime for readFileAsBlob()");
+  },
+  async exists() {
+    throw new Error("[RuntimeAdapter] Unsupported runtime for exists()");
+  },
+  async stat() {
+    throw new Error("[RuntimeAdapter] Unsupported runtime for stat()");
+  },
+  async deleteFile() {
+    throw new Error("[RuntimeAdapter] Unsupported runtime for deleteFile()");
+  },
+  serve() {
+    throw new Error("[RuntimeAdapter] Unsupported runtime for serve()");
+  }
+});
+var runtimeAdapter = null;
+var getRuntimeAdapter = () => {
+  if (runtimeAdapter) {
+    return runtimeAdapter;
+  }
+  const kind = getRuntimeKind();
+  runtimeAdapter = kind === "bun" ? createBunAdapter() : kind === "node" ? createNodeAdapter() : kind === "deno" ? createDenoAdapter() : createUnknownAdapter();
+  return runtimeAdapter;
+};
+var passwordAdapter = null;
+var getPasswordAdapter = () => {
+  if (passwordAdapter) {
+    return passwordAdapter;
+  }
+  const kind = getRuntimeKind();
+  if (kind === "bun" && typeof Bun !== "undefined") {
+    passwordAdapter = {
+      hash: async (value2, options) => {
+        if (options.algorithm === "bcrypt") {
+          return await Bun.password.hash(value2, {
+            algorithm: "bcrypt",
+            cost: options.cost ?? 12
+          });
+        }
+        return await Bun.password.hash(value2, {
+          algorithm: "argon2id",
+          ...options.memoryCost !== void 0 ? { memoryCost: options.memoryCost } : {},
+          ...options.timeCost !== void 0 ? { timeCost: options.timeCost } : {},
+          ...options.parallelism !== void 0 ? { parallelism: options.parallelism } : {}
+        });
+      },
+      verify: async (value2, hashed) => await Bun.password.verify(value2, hashed)
+    };
+    return passwordAdapter;
+  }
+  passwordAdapter = {
+    hash: async () => {
+      throw new Error(
+        "[RuntimeAdapter] Password hashing requires Bun runtime or a Node/Deno adapter"
+      );
+    },
+    verify: async () => {
+      throw new Error(
+        "[RuntimeAdapter] Password hashing requires Bun runtime or a Node/Deno adapter"
+      );
+    }
+  };
+  return passwordAdapter;
+};
+var createSqliteDatabase = async (path2) => {
+  const kind = getRuntimeKind();
+  if (kind === "bun") {
+    const sqlite = await import("bun:sqlite");
+    const db = new sqlite.Database(path2, { create: true });
+    return db;
+  }
+  throw new Error("[RuntimeAdapter] SQLite storage requires Bun runtime or a Node/Deno adapter");
+};
+
+// src/ConfigManager.ts
+var ConfigManager = class {
+  config = /* @__PURE__ */ new Map();
+  constructor(initialConfig = {}) {
+    for (const [key, value2] of Object.entries(initialConfig)) {
+      this.config.set(key, value2);
+    }
+    this.loadEnv();
+  }
+  /**
+   * Load all environment variables from the active runtime.
+   */
+  loadEnv() {
+    const env2 = getRuntimeEnv();
+    for (const key of Object.keys(env2)) {
+      if (env2[key] !== void 0) {
+        this.config.set(key, env2[key]);
+      }
+    }
+  }
+  /**
+   * Get a configuration value (generic return type supported).
+   * Supports dot notation for deep access (e.g. 'app.name').
+   */
+  get(key, defaultValue) {
+    if (this.config.has(key)) {
+      return this.config.get(key);
+    }
+    if (key.includes(".")) {
+      const parts = key.split(".");
+      const rootKey = parts[0];
+      if (rootKey) {
+        let current = this.config.get(rootKey);
+        if (current !== void 0) {
+          for (let i = 1; i < parts.length; i++) {
+            const part = parts[i];
+            if (part && current && typeof current === "object" && part in current) {
+              current = current[part];
+            } else {
+              current = void 0;
+              break;
+            }
+          }
+          if (current !== void 0) {
+            return current;
+          }
+        }
+      }
+    }
+    if (defaultValue !== void 0) {
+      return defaultValue;
+    }
+    throw new Error(`Config key '${key}' not found`);
+  }
+  /**
+   * Set a configuration value.
+   */
+  set(key, value2) {
+    this.config.set(key, value2);
+  }
+  /**
+   * Check whether a key exists.
+   */
+  has(key) {
+    return this.config.has(key);
+  }
+};
+
+// src/Container.ts
+var Container = class {
+  bindings = /* @__PURE__ */ new Map();
+  instances = /* @__PURE__ */ new Map();
+  /**
+   * Bind a service to the container.
+   * New instance will be created on each resolution.
+   */
+  bind(key, factory) {
+    this.bindings.set(key, { factory, shared: false });
+  }
+  /**
+   * Bind a shared service to the container (Singleton).
+   * Same instance will be returned on each resolution.
+   */
+  singleton(key, factory) {
+    this.bindings.set(key, { factory, shared: true });
+  }
+  /**
+   * Register an existing instance as shared service.
+   */
+  instance(key, instance) {
+    this.instances.set(key, instance);
+  }
+  /**
+   * Resolve a service from the container.
+   */
+  make(key) {
+    if (this.instances.has(key)) {
+      return this.instances.get(key);
+    }
+    const binding = this.bindings.get(key);
+    if (!binding) {
+      throw new Error(`Service '${key}' not found in container`);
+    }
+    const instance = binding.factory(this);
+    if (binding.shared) {
+      this.instances.set(key, instance);
+    }
+    return instance;
+  }
+  /**
+   * Check if a service is bound.
+   */
+  has(key) {
+    return this.bindings.has(key) || this.instances.has(key);
+  }
+  /**
+   * Flush all instances and bindings.
+   */
+  flush() {
+    this.bindings.clear();
+    this.instances.clear();
+  }
+  /**
+   * Forget a specific instance (but keep binding)
+   */
+  forget(key) {
+    this.instances.delete(key);
+  }
+};
+
+// src/Logger.ts
+var ConsoleLogger = class {
+  debug(message, ...args) {
+    console.debug(`[DEBUG] ${message}`, ...args);
+  }
+  info(message, ...args) {
+    console.info(`[INFO] ${message}`, ...args);
+  }
+  warn(message, ...args) {
+    console.warn(`[WARN] ${message}`, ...args);
+  }
+  error(message, ...args) {
+    console.error(`[ERROR] ${message}`, ...args);
+  }
+};
+
+// src/types/events.ts
+var Event = class {
+  /**
+   * Whether this event should be broadcast.
+   */
+  shouldBroadcast() {
+    return "broadcastOn" in this && typeof this.broadcastOn === "function";
+  }
+  /**
+   * Get broadcast channel.
+   */
+  getBroadcastChannel() {
+    if (this.shouldBroadcast()) {
+      return this.broadcastOn();
+    }
+    return null;
+  }
+  /**
+   * Get broadcast payload.
+   */
+  getBroadcastData() {
+    if (this.shouldBroadcast()) {
+      const broadcast = this;
+      if (broadcast.broadcastWith) {
+        return broadcast.broadcastWith();
+      }
+      const data = {};
+      for (const [key, value2] of Object.entries(this)) {
+        if (!key.startsWith("_") && typeof value2 !== "function") {
+          data[key] = value2;
+        }
+      }
+      return data;
+    }
+    return {};
+  }
+  /**
+   * Get broadcast event name.
+   */
+  getBroadcastEventName() {
+    if (this.shouldBroadcast()) {
+      const broadcast = this;
+      if (broadcast.broadcastAs) {
+        return broadcast.broadcastAs();
+      }
+    }
+    return this.constructor.name;
+  }
+};
+
+// src/EventManager.ts
+var EventManager = class {
+  constructor(core) {
+    this.core = core;
+  }
+  /**
+   * Listener registry.
+   * Key: event class or event name
+   * Value: listener registrations
+   */
+  listeners = /* @__PURE__ */ new Map();
+  /**
+   * Broadcast manager (optional, injected by `orbit-broadcasting`).
+   */
+  broadcastManager;
+  /**
+   * Queue manager (optional, injected by `orbit-queue`).
+   */
+  queueManager;
+  /**
+   * Register the broadcast manager (called by `orbit-broadcasting`).
+   */
+  setBroadcastManager(manager) {
+    this.broadcastManager = manager;
+  }
+  /**
+   * Register the queue manager (called by `orbit-queue`).
+   */
+  setQueueManager(manager) {
+    this.queueManager = manager;
+  }
+  /**
+   * Register an event listener.
+   *
+   * @param event - Event class or event name
+   * @param listener - Listener instance or listener class
+   * @param options - Optional queue options
+   *
+   * @example
+   * ```typescript
+   * // Synchronous listener
+   * core.events.listen(UserRegistered, SendWelcomeEmail)
+   *
+   * // Queued listener (async)
+   * core.events.listen(UserRegistered, SendWelcomeEmail, {
+   *   queue: 'emails',
+   *   delay: 60
+   * })
+   * ```
+   */
+  listen(event, listener, options) {
+    const eventKey = typeof event === "string" ? event : event;
+    if (!this.listeners.has(eventKey)) {
+      this.listeners.set(eventKey, []);
+    }
+    const registration = {
+      listener,
+      ...options
+    };
+    this.listeners.get(eventKey)?.push(registration);
+  }
+  /**
+   * Remove an event listener.
+   *
+   * @param event - Event class or event name
+   * @param listener - Listener to remove
+   */
+  unlisten(event, listener) {
+    const eventKey = typeof event === "string" ? event : event;
+    const registrations = this.listeners.get(eventKey);
+    if (!registrations) {
+      return;
+    }
+    const filtered = registrations.filter((reg) => reg.listener !== listener);
+    if (filtered.length === 0) {
+      this.listeners.delete(eventKey);
+    } else {
+      this.listeners.set(eventKey, filtered);
+    }
+  }
+  /**
+   * Dispatch an event.
+   *
+   * Runs all registered listeners. If a listener implements `ShouldQueue` or
+   * has queue options, the listener will be pushed to the queue for async execution.
+   *
+   * @param event - Event instance
+   *
+   * @example
+   * ```typescript
+   * await core.events.dispatch(new UserRegistered(user))
+   * ```
+   */
+  async dispatch(event) {
+    const eventKey = event.constructor;
+    const eventName = event.constructor.name;
+    await this.core.hooks.doAction(`event:${eventName}`, event);
+    await this.core.hooks.doAction("event:dispatched", { event, eventName });
+    if (event instanceof Event && event.shouldBroadcast() && this.broadcastManager) {
+      const channel = event.getBroadcastChannel();
+      if (channel) {
+        const channelName = typeof channel === "string" ? channel : channel.name;
+        const channelType = typeof channel === "string" ? "public" : channel.type;
+        const data = event.getBroadcastData();
+        const broadcastEventName = event.getBroadcastEventName();
+        await this.broadcastManager.broadcast(event, { name: channelName, type: channelType }, data, broadcastEventName).catch((error) => {
+          this.core.logger.error(`[EventManager] Failed to broadcast event ${eventName}:`, error);
+        });
+      }
+    }
+    const registrations = this.listeners.get(eventKey) || [];
+    const stringRegistrations = this.listeners.get(eventName) || [];
+    const allRegistrations = [...registrations, ...stringRegistrations];
+    for (const registration of allRegistrations) {
+      try {
+        let listenerInstance;
+        if (typeof registration.listener === "function") {
+          listenerInstance = new registration.listener();
+        } else {
+          listenerInstance = registration.listener;
+        }
+        const shouldQueue = "queue" in listenerInstance || registration.queue !== void 0 || registration.connection !== void 0 || registration.delay !== void 0;
+        if (shouldQueue && this.queueManager) {
+          const queue = listenerInstance.queue || registration.queue;
+          const connection = listenerInstance.connection || registration.connection;
+          const delay = listenerInstance.delay || registration.delay;
+          const queueJob = {
+            type: "event-listener",
+            event: eventName,
+            listener: listenerInstance.constructor.name,
+            eventData: this.serializeEvent(event),
+            handle: async () => {
+              await listenerInstance.handle(event);
+            }
+          };
+          await this.queueManager.push(queueJob, queue, connection, delay);
+        } else {
+          await listenerInstance.handle(event);
+        }
+      } catch (error) {
+        this.core.logger.error(`[EventManager] Error in listener for event ${eventName}:`, error);
+      }
+    }
+  }
+  /**
+   * Serialize an event (for queueing).
+   */
+  serializeEvent(event) {
+    const data = {};
+    for (const [key, value2] of Object.entries(event)) {
+      if (!key.startsWith("_") && typeof value2 !== "function") {
+        data[key] = value2;
+      }
+    }
+    return data;
+  }
+  /**
+   * Get all registered listeners.
+   */
+  getListeners(event) {
+    if (event) {
+      const eventKey = typeof event === "string" ? event : event;
+      return this.listeners.get(eventKey) || [];
+    }
+    const all = [];
+    for (const registrations of this.listeners.values()) {
+      all.push(...registrations);
+    }
+    return all;
+  }
+  /**
+   * Clear all listeners.
+   */
+  clear() {
+    this.listeners.clear();
+  }
+};
+
+// src/exceptions/GravitoException.ts
+var GravitoException = class extends Error {
+  status;
+  code;
+  i18nKey;
+  i18nParams;
+  constructor(status, code, options = {}) {
+    super(options.message);
+    this.name = "GravitoException";
+    this.status = status;
+    this.cause = options.cause;
+    this.code = code;
+    if (options.i18nKey) {
+      this.i18nKey = options.i18nKey;
+    }
+    if (options.i18nParams) {
+      this.i18nParams = options.i18nParams;
+    }
+  }
+  // Helper for i18n
+  getLocalizedMessage(t) {
+    if (this.i18nKey) {
+      return t(this.i18nKey, this.i18nParams);
+    }
+    return this.message;
+  }
+};
+
+// src/exceptions/HttpException.ts
+var HttpException = class extends GravitoException {
+  constructor(status, options = {}) {
+    super(status, "HTTP_ERROR", options);
+    this.name = "HttpException";
+  }
+};
+
+// src/exceptions/ValidationException.ts
+var ValidationException = class extends GravitoException {
+  errors;
+  redirectTo;
+  input;
+  constructor(errors2, message = "Validation failed") {
+    super(422, "VALIDATION_ERROR", {
+      message,
+      i18nKey: "errors.validation.failed"
+    });
+    this.errors = errors2;
+  }
+  withRedirect(url) {
+    this.redirectTo = url;
+    return this;
+  }
+  withInput(input) {
+    this.input = input;
+    return this;
+  }
+};
+
+// src/GlobalErrorHandlers.ts
+var stateKey = /* @__PURE__ */ Symbol.for("gravito.core.globalErrorHandlers");
+function getGlobalState() {
+  const g = globalThis;
+  const existing = g[stateKey];
+  if (existing) {
+    return existing;
+  }
+  const created = {
+    nextId: 1,
+    sinks: /* @__PURE__ */ new Map(),
+    listenersInstalled: false,
+    onUnhandledRejection: void 0,
+    onUncaughtException: void 0
+  };
+  g[stateKey] = created;
+  return created;
+}
+function offProcess(event, listener) {
+  const p = process;
+  if (typeof p.off === "function") {
+    p.off(event, listener);
+    return;
+  }
+  if (typeof p.removeListener === "function") {
+    p.removeListener(event, listener);
+  }
+}
+function safeMessageFromUnknown(error) {
+  if (error instanceof Error) {
+    return error.message || "Error";
+  }
+  if (typeof error === "string") {
+    return error;
+  }
+  try {
+    return JSON.stringify(error);
+  } catch {
+    return String(error);
+  }
+}
+async function handleProcessError(kind, error) {
+  const state = getGlobalState();
+  if (state.sinks.size === 0) {
+    return;
+  }
+  const isProduction = process.env.NODE_ENV === "production";
+  let shouldExit = false;
+  let exitCode = 1;
+  let exitTimer;
+  try {
+    const sinks = Array.from(state.sinks.values());
+    const prepared = await Promise.all(
+      sinks.map(async (sink) => {
+        const defaultExit = sink.mode === "exit" || sink.mode === "exitInProduction" && isProduction;
+        let ctx = {
+          ...sink.core ? { core: sink.core } : {},
+          kind,
+          error,
+          isProduction,
+          timestamp: Date.now(),
+          exit: defaultExit,
+          exitCode: sink.exitCode ?? 1,
+          gracePeriodMs: sink.gracePeriodMs ?? 250
+        };
+        if (sink.core) {
+          ctx = await sink.core.hooks.applyFilters(
+            "processError:context",
+            ctx
+          );
+        }
+        return { sink, ctx };
+      })
+    );
+    const exitTargets = prepared.map((p) => p.ctx).filter((ctx) => (ctx.exit ?? false) && (ctx.exitCode ?? 1) >= 0);
+    shouldExit = exitTargets.length > 0;
+    const gracePeriodMs = Math.max(0, ...exitTargets.map((c) => c.gracePeriodMs ?? 250));
+    exitCode = Math.max(0, ...exitTargets.map((c) => c.exitCode ?? 1));
+    if (shouldExit) {
+      exitTimer = setTimeout(() => {
+        process.exit(exitCode);
+      }, gracePeriodMs);
+      exitTimer.unref?.();
+    }
+    await Promise.all(
+      prepared.map(async ({ sink, ctx }) => {
+        const logger2 = sink.logger ?? sink.core?.logger;
+        const logLevel = ctx.logLevel ?? "error";
+        if (logger2 && logLevel !== "none") {
+          const message = safeMessageFromUnknown(ctx.error);
+          const msg = ctx.logMessage ?? `[${ctx.kind}] ${message}`;
+          if (logLevel === "error") {
+            logger2.error(msg, ctx.error);
+          } else if (logLevel === "warn") {
+            logger2.warn(msg, ctx.error);
+          } else {
+            logger2.info(msg, ctx.error);
+          }
+        }
+        if (sink.core) {
+          await sink.core.hooks.doAction("processError:report", ctx);
+        }
+      })
+    );
+  } catch (e) {
+    console.error("[@gravito/core] Failed to handle process-level error:", e);
+  } finally {
+    if (shouldExit) {
+      clearTimeout(exitTimer);
+      process.exit(exitCode);
+    }
+  }
+}
+function ensureListenersInstalled() {
+  const state = getGlobalState();
+  if (state.listenersInstalled) {
+    return;
+  }
+  if (typeof process === "undefined" || typeof process.on !== "function") {
+    return;
+  }
+  state.onUnhandledRejection = (reason) => {
+    void handleProcessError("unhandledRejection", reason);
+  };
+  state.onUncaughtException = (error) => {
+    void handleProcessError("uncaughtException", error);
+  };
+  process.on("unhandledRejection", state.onUnhandledRejection);
+  process.on("uncaughtException", state.onUncaughtException);
+  state.listenersInstalled = true;
+}
+function teardownListenersIfUnused() {
+  const state = getGlobalState();
+  if (!state.listenersInstalled || state.sinks.size > 0) {
+    return;
+  }
+  if (state.onUnhandledRejection) {
+    offProcess("unhandledRejection", state.onUnhandledRejection);
+  }
+  if (state.onUncaughtException) {
+    offProcess("uncaughtException", state.onUncaughtException);
+  }
+  state.onUnhandledRejection = void 0;
+  state.onUncaughtException = void 0;
+  state.listenersInstalled = false;
+}
+function registerGlobalErrorHandlers(options = {}) {
+  const state = getGlobalState();
+  ensureListenersInstalled();
+  const id = state.nextId++;
+  state.sinks.set(id, {
+    ...options,
+    mode: options.mode ?? "exitInProduction"
+  });
+  return () => {
+    state.sinks.delete(id);
+    teardownListenersIfUnused();
+  };
+}
+
+// src/HookManager.ts
+var HookManager = class {
+  filters = /* @__PURE__ */ new Map();
+  actions = /* @__PURE__ */ new Map();
+  /**
+   * Register a filter hook.
+   *
+   * Filters are used to transform a value (input/output).
+   *
+   * @template T - The type of value being filtered.
+   * @param hook - The name of the hook.
+   * @param callback - The callback function to execute.
+   *
+   * @example
+   * ```typescript
+   * core.hooks.addFilter('content', async (content: string) => {
+   *   return content.toUpperCase();
+   * });
+   * ```
+   */
+  addFilter(hook, callback) {
+    if (!this.filters.has(hook)) {
+      this.filters.set(hook, []);
+    }
+    this.filters.get(hook)?.push(callback);
+  }
+  /**
+   * Apply all registered filters sequentially.
+   *
+   * Each callback receives the previous callback's return value.
+   *
+   * @template T - The type of value being filtered.
+   * @param hook - The name of the hook.
+   * @param initialValue - The initial value to filter.
+   * @param args - Additional arguments to pass to the callbacks.
+   * @returns The final filtered value.
+   *
+   * @example
+   * ```typescript
+   * const content = await core.hooks.applyFilters('content', 'hello world');
+   * ```
+   */
+  async applyFilters(hook, initialValue, ...args) {
+    const callbacks = this.filters.get(hook) || [];
+    let value2 = initialValue;
+    for (const callback of callbacks) {
+      try {
+        value2 = await callback(value2, ...args);
+      } catch (error) {
+        console.error(`[HookManager] Error in filter '${hook}':`, error);
+      }
+    }
+    return value2;
+  }
+  /**
+   * Register an action hook.
+   *
+   * Actions are for side effects (no return value).
+   *
+   * @template TArgs - The type of arguments passed to the action.
+   * @param hook - The name of the hook.
+   * @param callback - The callback function to execute.
+   *
+   * @example
+   * ```typescript
+   * core.hooks.addAction('user_registered', async (user: User) => {
+   *   await sendWelcomeEmail(user);
+   * });
+   * ```
+   */
+  addAction(hook, callback) {
+    if (!this.actions.has(hook)) {
+      this.actions.set(hook, []);
+    }
+    this.actions.get(hook)?.push(callback);
+  }
+  /**
+   * Run all registered actions sequentially.
+   *
+   * @template TArgs - The type of arguments passed to the action.
+   * @param hook - The name of the hook.
+   * @param args - The arguments to pass to the callbacks.
+   *
+   * @example
+   * ```typescript
+   * await core.hooks.doAction('user_registered', user);
+   * ```
+   */
+  async doAction(hook, args) {
+    const callbacks = this.actions.get(hook) || [];
+    for (const callback of callbacks) {
+      try {
+        await callback(args);
+      } catch (error) {
+        console.error(`[HookManager] Error in action '${hook}':`, error);
+      }
+    }
+  }
+};
+
+// src/helpers/response.ts
+function ok(data) {
+  return { success: true, data };
+}
+function fail(message, code, details) {
+  const error = { message };
+  if (code !== void 0) {
+    error.code = code;
+  }
+  if (details !== void 0) {
+    error.details = details;
+  }
+  return { success: false, error };
+}
+function jsonSuccess(c, data, status = 200) {
+  return c.json(ok(data), status);
+}
+function jsonFail(c, message, status = 400, code, details) {
+  return c.json(fail(message, code, details), status);
+}
+
+// src/adapters/bun/BunRequest.ts
+var BunRequest = class {
+  constructor(raw, params = {}) {
+    this.raw = raw;
+    this._url = new URL(raw.url);
+    this._params = params;
+  }
+  _url;
+  _params = {};
+  _query = null;
+  _validated = {};
+  // Internal: Set params after route match
+  setParams(params) {
+    this._params = params;
+  }
+  get url() {
+    return this.raw.url;
+  }
+  get method() {
+    return this.raw.method;
+  }
+  get path() {
+    return this._url.pathname;
+  }
+  // Parameter Access
+  param(name) {
+    return this._params[name];
+  }
+  params() {
+    return this._params;
+  }
+  query(name) {
+    if (!this._query) {
+      this.parseQuery();
+    }
+    const val = this._query?.[name];
+    if (Array.isArray(val)) {
+      return val[0];
+    }
+    return val;
+  }
+  queries() {
+    if (!this._query) {
+      this.parseQuery();
+    }
+    return this._query;
+  }
+  header(name) {
+    if (name) {
+      return this.raw.headers.get(name) || void 0;
+    }
+    const headers = {};
+    this.raw.headers.forEach((value2, key) => {
+      headers[key] = value2;
+    });
+    return headers;
+  }
+  // Body Parsing
+  async json() {
+    return this.raw.json();
+  }
+  async text() {
+    return this.raw.text();
+  }
+  async formData() {
+    return this.raw.formData();
+  }
+  async arrayBuffer() {
+    return this.raw.arrayBuffer();
+  }
+  async parseBody() {
+    const contentType = this.raw.headers.get("Content-Type");
+    if (contentType?.includes("application/x-www-form-urlencoded") || contentType?.includes("multipart/form-data")) {
+      const formData = await this.formData();
+      const body = {};
+      formData.forEach((value2, key) => {
+        body[key] = value2;
+      });
+      return body;
+    }
+    return {};
+  }
+  // Internal method to set validated data
+  // This can be used by middleware to attach validated data to the request
+  setValidated(target, data) {
+    this._validated[target] = data;
+  }
+  valid(target) {
+    const data = this._validated[target];
+    if (data === void 0) {
+      throw new Error(`Validation target '${target}' not found or validation failed.`);
+    }
+    return data;
+  }
+  parseQuery() {
+    this._query = {};
+    for (const [key, value2] of this._url.searchParams) {
+      if (this._query[key]) {
+        if (Array.isArray(this._query[key])) {
+          ;
+          this._query[key].push(value2);
+        } else {
+          this._query[key] = [this._query[key], value2];
+        }
+      } else {
+        this._query[key] = value2;
+      }
+    }
+  }
+};
+
+// src/adapters/bun/BunContext.ts
+var BunContext = class _BunContext {
+  constructor(request, env2 = {}, executionCtx) {
+    this.env = env2;
+    this.req = new BunRequest(request);
+    this._executionCtx = executionCtx;
+    this.native = { request, env: env2, executionCtx };
+  }
+  // Request wrapper
+  req;
+  // Context variables
+  _variables = /* @__PURE__ */ new Map();
+  // Response state
+  _status = 200;
+  _headers = new Headers();
+  _executionCtx;
+  // Stored response (Photon-like behavior)
+  res;
+  native;
+  /**
+   * Create a proxied instance to enable object destructuring of context variables
+   * This allows: async list({ userService }: Context)
+   */
+  static create(request, env2 = {}, executionCtx) {
+    const instance = new _BunContext(request, env2, executionCtx);
+    return new Proxy(instance, {
+      get(target, prop, receiver) {
+        if (prop in target) {
+          const value2 = Reflect.get(target, prop, receiver);
+          if (typeof value2 === "function") {
+            return value2.bind(target);
+          }
+          return value2;
+        }
+        if (typeof prop === "string") {
+          return target.get(prop);
+        }
+        return void 0;
+      }
+    });
+  }
+  // Response Builders
+  json(data, status = 200) {
+    this.status(status);
+    this.header("Content-Type", "application/json");
+    this.res = new Response(JSON.stringify(data), {
+      status: this._status,
+      headers: this._headers
+    });
+    return this.res;
+  }
+  text(text, status = 200) {
+    this.status(status);
+    this.header("Content-Type", "text/plain");
+    this.res = new Response(text, {
+      status: this._status,
+      headers: this._headers
+    });
+    return this.res;
+  }
+  html(html, status = 200) {
+    this.status(status);
+    this.header("Content-Type", "text/html");
+    this.res = new Response(html, {
+      status: this._status,
+      headers: this._headers
+    });
+    return this.res;
+  }
+  redirect(url, status = 302) {
+    this.status(status);
+    this.header("Location", url);
+    this.res = new Response(null, {
+      status: this._status,
+      headers: this._headers
+    });
+    return this.res;
+  }
+  body(data, status = 200) {
+    this.status(status);
+    this.res = new Response(data, {
+      status: this._status,
+      headers: this._headers
+    });
+    return this.res;
+  }
+  stream(stream, status = 200) {
+    this.status(status);
+    this.res = new Response(stream, {
+      status: this._status,
+      headers: this._headers
+    });
+    return this.res;
+  }
+  notFound(message) {
+    return this.text(message ?? "Not Found", 404);
+  }
+  forbidden(message) {
+    return this.text(message ?? "Forbidden", 403);
+  }
+  unauthorized(message) {
+    return this.text(message ?? "Unauthorized", 401);
+  }
+  badRequest(message) {
+    return this.text(message ?? "Bad Request", 400);
+  }
+  header(name, value2, options) {
+    if (value2 === void 0) {
+      return this.req.header(name);
+    }
+    if (options?.append) {
+      this._headers.append(name, value2);
+      this.res?.headers.append(name, value2);
+    } else {
+      this._headers.set(name, value2);
+      if (this.res) {
+        this.res.headers.set(name, value2);
+      }
+    }
+    return void 0;
+  }
+  status(code) {
+    this._status = code;
+  }
+  // Context Variables
+  get(key) {
+    return this._variables.get(key);
+  }
+  set(key, value2) {
+    this._variables.set(key, value2);
+  }
+  // Execution Control
+  get executionCtx() {
+    return this._executionCtx;
+  }
+};
+
+// src/adapters/bun/RadixNode.ts
+var RadixNode = class _RadixNode {
+  // Path segment for this node (e.g., "users", ":id")
+  segment;
+  // Node type (Static, Param, Wildcard)
+  type;
+  // Children nodes (mapped by segment for fast lookup)
+  children = /* @__PURE__ */ new Map();
+  // Specialized child for parameter node (only one per level allowed usually to avoid ambiguity, though some routers support multiple)
+  paramChild = null;
+  // Specialized child for wildcard node
+  wildcardChild = null;
+  // Handlers registered at this node (keyed by HTTP method)
+  handlers = /* @__PURE__ */ new Map();
+  // Parameter name if this is a PARAM node (e.g., "id" for ":id")
+  paramName = null;
+  // Parameter constraints (regex) - only applicable if this is a PARAM node
+  // If we support per-route constraints, they might need to be stored differently,
+  // but for now assume constraints are defined at node level (uncommon) or checked at match time.
+  // Laravel allows global pattern constraints or per-route.
+  // Ideally, constraints should be stored with the handler or part of matching logic.
+  // For a Radix tree, if we have constraints, we might need to backtrack if constraint fails?
+  // Or simply store constraint with the param node.
+  regex = null;
+  constructor(segment = "", type = 0 /* STATIC */) {
+    this.segment = segment;
+    this.type = type;
+  }
+  toJSON() {
+    return {
+      segment: this.segment,
+      type: this.type,
+      children: Array.from(this.children.entries()).map(([k, v]) => [k, v.toJSON()]),
+      paramChild: this.paramChild?.toJSON() || null,
+      wildcardChild: this.wildcardChild?.toJSON() || null,
+      paramName: this.paramName,
+      regex: this.regex ? this.regex.source : null
+    };
+  }
+  static fromJSON(json) {
+    const node = new _RadixNode(json.segment, json.type);
+    node.paramName = json.paramName;
+    if (json.regex) {
+      node.regex = new RegExp(json.regex);
+    }
+    if (json.children) {
+      for (const [key, childJson] of json.children) {
+        node.children.set(key, _RadixNode.fromJSON(childJson));
+      }
+    }
+    if (json.paramChild) {
+      node.paramChild = _RadixNode.fromJSON(json.paramChild);
+    }
+    if (json.wildcardChild) {
+      node.wildcardChild = _RadixNode.fromJSON(json.wildcardChild);
+    }
+    return node;
+  }
+};
+
+// src/adapters/bun/RadixRouter.ts
+var RadixRouter = class _RadixRouter {
+  root = new RadixNode();
+  // Global parameter constraints (e.g., id => /^\d+$/)
+  globalConstraints = /* @__PURE__ */ new Map();
+  /**
+   * Add a generic parameter constraint
+   */
+  where(param, regex) {
+    this.globalConstraints.set(param, regex);
+  }
+  /**
+   * Register a route
+   */
+  add(method, path2, handlers) {
+    let node = this.root;
+    const segments = this.splitPath(path2);
+    for (let i = 0; i < segments.length; i++) {
+      const segment = segments[i];
+      if (segment === "*") {
+        if (!node.wildcardChild) {
+          node.wildcardChild = new RadixNode("*", 2 /* WILDCARD */);
+        }
+        node = node.wildcardChild;
+        break;
+      } else if (segment.startsWith(":")) {
+        const paramName = segment.slice(1);
+        if (!node.paramChild) {
+          const child = new RadixNode(segment, 1 /* PARAM */);
+          child.paramName = paramName;
+          const constraint = this.globalConstraints.get(paramName);
+          if (constraint) {
+            child.regex = constraint;
+          }
+          node.paramChild = child;
+        }
+        node = node.paramChild;
+      } else {
+        if (!node.children.has(segment)) {
+          node.children.set(segment, new RadixNode(segment, 0 /* STATIC */));
+        }
+        node = node.children.get(segment);
+      }
+    }
+    node.handlers.set(method.toLowerCase(), handlers);
+  }
+  /**
+   * Match a request
+   */
+  match(method, path2) {
+    const normalizedMethod = method.toLowerCase();
+    if (path2 === "/" || path2 === "") {
+      const handlers = this.root.handlers.get(normalizedMethod);
+      if (handlers) {
+        return { handlers, params: {} };
+      }
+      return null;
+    }
+    const searchPath = path2.startsWith("/") ? path2.slice(1) : path2;
+    const segments = searchPath.split("/");
+    return this.matchRecursive(this.root, segments, 0, {}, normalizedMethod);
+  }
+  matchRecursive(node, segments, depth, params, method) {
+    if (depth >= segments.length) {
+      let handlers = node.handlers.get(method);
+      if (!handlers) {
+        handlers = node.handlers.get("all");
+      }
+      if (handlers) {
+        return { handlers, params };
+      }
+      return null;
+    }
+    const segment = segments[depth];
+    const staticChild = node.children.get(segment);
+    if (staticChild) {
+      const match = this.matchRecursive(staticChild, segments, depth + 1, params, method);
+      if (match) {
+        return match;
+      }
+    }
+    const paramChild = node.paramChild;
+    if (paramChild) {
+      if (paramChild.regex && !paramChild.regex.test(segment)) {
+      } else {
+        if (paramChild.paramName) {
+          params[paramChild.paramName] = decodeURIComponent(segment);
+          const match = this.matchRecursive(paramChild, segments, depth + 1, params, method);
+          if (match) {
+            return match;
+          }
+          delete params[paramChild.paramName];
+        }
+      }
+    }
+    if (node.wildcardChild) {
+      let handlers = node.wildcardChild.handlers.get(method);
+      if (!handlers) {
+        handlers = node.wildcardChild.handlers.get("all");
+      }
+      if (handlers) {
+        return { handlers, params };
+      }
+    }
+    return null;
+  }
+  splitPath(path2) {
+    if (path2 === "/" || path2 === "") {
+      return [];
+    }
+    let p = path2;
+    if (p.startsWith("/")) {
+      p = p.slice(1);
+    }
+    if (p.endsWith("/")) {
+      p = p.slice(0, -1);
+    }
+    return p.split("/");
+  }
+  /**
+   * Serialize the router to a JSON string
+   */
+  serialize() {
+    return JSON.stringify({
+      root: this.root.toJSON(),
+      globalConstraints: Array.from(this.globalConstraints.entries()).map(([k, v]) => [
+        k,
+        v.source
+      ])
+    });
+  }
+  /**
+   * Restore a router from a serialized JSON string
+   */
+  static fromSerialized(json) {
+    const data = JSON.parse(json);
+    const router2 = new _RadixRouter();
+    router2.root = RadixNode.fromJSON(data.root);
+    if (data.globalConstraints) {
+      for (const [key, source] of data.globalConstraints) {
+        router2.globalConstraints.set(key, new RegExp(source));
+      }
+    }
+    return router2;
+  }
+};
+
+// src/adapters/bun/BunNativeAdapter.ts
+var BunNativeAdapter = class {
+  name = "bun-native";
+  version = "0.0.1";
+  get native() {
+    return this;
+  }
+  router = new RadixRouter();
+  middlewares = [];
+  errorHandler = null;
+  notFoundHandler = null;
+  route(method, path2, ...handlers) {
+    this.router.add(method, path2, handlers);
+  }
+  routes(routes) {
+    for (const route of routes) {
+      this.route(
+        route.method,
+        route.path,
+        ...route.handlers
+      );
+    }
+  }
+  use(path2, ...middleware) {
+    this.middlewares.push({ path: path2, handlers: middleware });
+  }
+  useGlobal(...middleware) {
+    this.use("*", ...middleware);
+  }
+  mount(path2, subAdapter) {
+    const fullPath = path2.endsWith("/") ? `${path2}*` : `${path2}/*`;
+    this.route("all", fullPath, async (ctx) => {
+      const url = new URL(ctx.req.url);
+      const prefix = path2.endsWith("/") ? path2.slice(0, -1) : path2;
+      console.log("[DEBUG] Mount Prefix:", prefix);
+      console.log("[DEBUG] Original Path:", url.pathname);
+      if (url.pathname.startsWith(prefix)) {
+        const newPath = url.pathname.slice(prefix.length);
+        url.pathname = newPath === "" ? "/" : newPath;
+      }
+      const newReq = new Request(url.toString(), {
+        method: ctx.req.method,
+        headers: ctx.req.raw.headers
+      });
+      const res = await subAdapter.fetch(newReq);
+      if ("res" in ctx) {
+        ;
+        ctx.res = res;
+      }
+      return res;
+    });
+  }
+  createContext(request) {
+    return BunContext.create(request);
+  }
+  onError(handler) {
+    this.errorHandler = handler;
+  }
+  onNotFound(handler) {
+    this.notFoundHandler = handler;
+  }
+  async fetch(request, _server) {
+    const ctx = BunContext.create(request);
+    try {
+      const url = new URL(request.url);
+      const path2 = url.pathname;
+      const method = request.method;
+      const match = this.router.match(method, path2);
+      const handlers = [];
+      for (const mw of this.middlewares) {
+        if (mw.path === "*" || path2.startsWith(mw.path)) {
+          handlers.push(...mw.handlers);
+        }
+      }
+      if (match) {
+        if (match.params) {
+          ;
+          ctx.req.setParams(match.params);
+        }
+        handlers.push(...match.handlers);
+      } else {
+        if (this.notFoundHandler) {
+          handlers.push(this.notFoundHandler);
+        } else {
+        }
+      }
+      return await this.executeChain(ctx, handlers);
+    } catch (err) {
+      if (this.errorHandler) {
+        try {
+          const response = await this.errorHandler(err, ctx);
+          if (response) {
+            return response;
+          }
+        } catch (e) {
+          console.error("Error handler failed", e);
+        }
+      }
+      console.error(err);
+      return new Response("Internal Server Error", { status: 500 });
+    }
+  }
+  async executeChain(ctx, handlers) {
+    let index = -1;
+    const dispatch = async (i) => {
+      if (i <= index) {
+        throw new Error("next() called multiple times");
+      }
+      index = i;
+      const fn = handlers[i];
+      if (!fn) {
+        return void 0;
+      }
+      const result = await fn(ctx, async () => {
+        const res = await dispatch(i + 1);
+        if (res && ctx.res !== res) {
+          ;
+          ctx.res = res;
+        }
+        return res;
+      });
+      return result;
+    };
+    const finalResponse = await dispatch(0);
+    if (finalResponse && (finalResponse instanceof Response || typeof finalResponse.status === "number")) {
+      return finalResponse;
+    }
+    if (ctx.res) {
+      return ctx.res;
+    }
+    return new Response("Not Found", { status: 404 });
+  }
+};
+
+// src/helpers/data.ts
+function parsePath(path2) {
+  if (path2 === null || path2 === void 0) {
+    return [];
+  }
+  if (typeof path2 !== "string") {
+    return [...path2];
+  }
+  if (path2 === "") {
+    return [];
+  }
+  return path2.split(".").map((segment) => {
+    const n = Number(segment);
+    if (Number.isInteger(n) && String(n) === segment) {
+      return n;
+    }
+    return segment;
+  });
+}
+function getChild(current, key) {
+  if (current === null || current === void 0) {
+    return void 0;
+  }
+  if (current instanceof Map) {
+    return current.get(key);
+  }
+  if (typeof current === "object" || typeof current === "function") {
+    const record = current;
+    return record[key];
+  }
+  return void 0;
+}
+function hasChild(current, key) {
+  if (current === null || current === void 0) {
+    return false;
+  }
+  if (current instanceof Map) {
+    return current.has(key);
+  }
+  if (typeof current === "object" || typeof current === "function") {
+    const record = current;
+    return key in record;
+  }
+  return false;
+}
+function setChild(current, key, next) {
+  if (current === null || current === void 0) {
+    throw new TypeError("dataSet target cannot be null or undefined.");
+  }
+  if (current instanceof Map) {
+    current.set(key, next);
+    return;
+  }
+  if (typeof current === "object" || typeof current === "function") {
+    const record = current;
+    record[key] = next;
+    return;
+  }
+  throw new TypeError("dataSet target must be object-like.");
+}
+function dataGet(target, path2, defaultValue) {
+  const segments = parsePath(path2);
+  if (segments.length === 0) {
+    return target;
+  }
+  let current = target;
+  for (const segment of segments) {
+    current = getChild(current, segment);
+    if (current === void 0) {
+      return defaultValue;
+    }
+  }
+  return current;
+}
+function dataHas(target, path2) {
+  const segments = parsePath(path2);
+  if (segments.length === 0) {
+    return true;
+  }
+  let current = target;
+  for (const segment of segments) {
+    if (!hasChild(current, segment)) {
+      return false;
+    }
+    current = getChild(current, segment);
+  }
+  return true;
+}
+function dataSet(target, path2, setValue, overwrite = true) {
+  const segments = parsePath(path2);
+  if (segments.length === 0) {
+    return target;
+  }
+  let current = target;
+  for (let i = 0; i < segments.length - 1; i++) {
+    const segment = segments[i];
+    const nextSegment = segments[i + 1];
+    const existing = getChild(current, segment);
+    if (existing !== void 0 && (typeof existing === "object" || typeof existing === "function")) {
+      current = existing;
+      continue;
+    }
+    const created = typeof nextSegment === "number" ? [] : {};
+    setChild(current, segment, created);
+    current = created;
+  }
+  const last = segments[segments.length - 1];
+  const existingLast = getChild(current, last);
+  if (overwrite || existingLast === void 0) {
+    setChild(current, last, setValue);
+  }
+  return target;
+}
+
+// src/helpers/Arr.ts
+var Arr = {
+  get(target, path2, defaultValue) {
+    return dataGet(target, path2, defaultValue);
+  },
+  has(target, path2) {
+    return dataHas(target, path2);
+  },
+  set(target, path2, value2, overwrite = true) {
+    return dataSet(target, path2, value2, overwrite);
+  },
+  wrap(value2) {
+    if (value2 === null || value2 === void 0) {
+      return [];
+    }
+    return Array.isArray(value2) ? value2 : [value2];
+  },
+  first(items, callback) {
+    if (!callback) {
+      return items[0];
+    }
+    for (let i = 0; i < items.length; i++) {
+      const value2 = items[i];
+      if (callback(value2, i)) {
+        return value2;
+      }
+    }
+    return void 0;
+  },
+  last(items, callback) {
+    if (!callback) {
+      return items.length ? items[items.length - 1] : void 0;
+    }
+    for (let i = items.length - 1; i >= 0; i--) {
+      const value2 = items[i];
+      if (callback(value2, i)) {
+        return value2;
+      }
+    }
+    return void 0;
+  },
+  only(target, keys) {
+    const out = {};
+    for (const key of keys) {
+      if (key in target) {
+        out[key] = target[key];
+      }
+    }
+    return out;
+  },
+  except(target, keys) {
+    const out = {};
+    const excluded = new Set(keys);
+    for (const [key, value2] of Object.entries(target)) {
+      if (!excluded.has(key)) {
+        out[key] = value2;
+      }
+    }
+    return out;
+  },
+  flatten(items, depth = Number.POSITIVE_INFINITY) {
+    const out = [];
+    const walk = (value2, currentDepth) => {
+      if (Array.isArray(value2) && currentDepth > 0) {
+        for (const v of value2) {
+          walk(v, currentDepth - 1);
+        }
+        return;
+      }
+      out.push(value2);
+    };
+    for (const item of items) {
+      walk(item, depth);
+    }
+    return out;
+  },
+  pluck(items, valuePath, keyPath) {
+    if (!keyPath) {
+      return items.map((item) => dataGet(item, valuePath));
+    }
+    const out = {};
+    for (const item of items) {
+      const key = dataGet(item, keyPath);
+      out[String(key)] = dataGet(item, valuePath);
+    }
+    return out;
+  },
+  where(items, callback) {
+    const out = [];
+    for (let i = 0; i < items.length; i++) {
+      const value2 = items[i];
+      if (callback(value2, i)) {
+        out.push(value2);
+      }
+    }
+    return out;
+  }
+};
+
+// src/helpers/errors.ts
+function createErrorBag(errors2) {
+  return {
+    has: (field) => (errors2[field]?.length ?? 0) > 0,
+    first: (field) => {
+      if (field) {
+        return errors2[field]?.[0];
+      }
+      for (const key of Object.keys(errors2)) {
+        if (errors2[key]?.[0]) {
+          return errors2[key][0];
+        }
+      }
+      return void 0;
+    },
+    get: (field) => errors2[field] ?? [],
+    all: () => errors2,
+    any: () => Object.keys(errors2).length > 0,
+    count: () => Object.values(errors2).flat().length
+  };
+}
+function errors(c) {
+  const session = c.get("session");
+  const flashed = session?.getFlash?.("errors") ?? {};
+  return createErrorBag(flashed);
+}
+function old(c, field, defaultValue) {
+  const session = c.get("session");
+  const oldInput = session?.getFlash?.("_old_input") ?? {};
+  return oldInput[field] ?? defaultValue;
+}
+
+// src/helpers/Str.ts
+import { randomBytes, randomUUID } from "crypto";
+function splitWords(input) {
+  const normalized = input.replace(/([a-z0-9])([A-Z])/g, "$1 $2").replace(/[_-]+/g, " ").trim();
+  return normalized ? normalized.split(/\s+/) : [];
+}
+function capitalize(word) {
+  if (!word) {
+    return word;
+  }
+  return word.charAt(0).toUpperCase() + word.slice(1);
+}
+var Str = {
+  lower(value2) {
+    return value2.toLowerCase();
+  },
+  upper(value2) {
+    return value2.toUpperCase();
+  },
+  startsWith(haystack, needles) {
+    const list = Array.isArray(needles) ? needles : [needles];
+    for (const needle of list) {
+      if (needle !== "" && haystack.startsWith(needle)) {
+        return true;
+      }
+    }
+    return false;
+  },
+  endsWith(haystack, needles) {
+    const list = Array.isArray(needles) ? needles : [needles];
+    for (const needle of list) {
+      if (needle !== "" && haystack.endsWith(needle)) {
+        return true;
+      }
+    }
+    return false;
+  },
+  contains(haystack, needles) {
+    const list = Array.isArray(needles) ? needles : [needles];
+    for (const needle of list) {
+      if (needle !== "" && haystack.includes(needle)) {
+        return true;
+      }
+    }
+    return false;
+  },
+  snake(value2) {
+    const words = splitWords(value2).map((w) => w.toLowerCase());
+    return words.join("_");
+  },
+  kebab(value2) {
+    const words = splitWords(value2).map((w) => w.toLowerCase());
+    return words.join("-");
+  },
+  studly(value2) {
+    return splitWords(value2).map((w) => capitalize(w.toLowerCase())).join("");
+  },
+  camel(value2) {
+    const words = splitWords(value2).map((w) => w.toLowerCase());
+    if (words.length === 0) {
+      return "";
+    }
+    const first = words[0];
+    if (first === void 0) {
+      return "";
+    }
+    return first + words.slice(1).map(capitalize).join("");
+  },
+  title(value2) {
+    return splitWords(value2).map((w) => capitalize(w.toLowerCase())).join(" ");
+  },
+  limit(value2, limit, end = "...") {
+    if (limit < 0) {
+      return "";
+    }
+    if (value2.length <= limit) {
+      return value2;
+    }
+    return value2.slice(0, limit) + end;
+  },
+  slug(value2, separator = "-") {
+    const normalized = value2.normalize("NFKD").replace(/\p{Diacritic}/gu, "").toLowerCase();
+    const escaped = separator.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    return normalized.replace(/[^a-z0-9]+/g, separator).replace(new RegExp(`^${escaped}+|${escaped}+$`, "g"), "");
+  },
+  uuid() {
+    if (typeof globalThis.crypto?.randomUUID === "function") {
+      return globalThis.crypto.randomUUID();
+    }
+    return randomUUID();
+  },
+  random(length = 16) {
+    if (length <= 0) {
+      return "";
+    }
+    const bytes = randomBytes(Math.ceil(length * 3 / 4) + 2);
+    const str = bytes.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
+    return str.slice(0, length);
+  }
+};
+
+// src/helpers.ts
+var DumpDieError = class extends Error {
+  constructor(values) {
+    super("Execution halted by dd()");
+    this.values = values;
+  }
+  name = "DumpDieError";
+};
+var defaultDumpOptions = {
+  depth: null,
+  colors: true
+};
+function dump(...values) {
+  for (const value2 of values) {
+    console.dir(value2, {
+      depth: defaultDumpOptions.depth,
+      colors: defaultDumpOptions.colors
+    });
+  }
+}
+function dd(...values) {
+  dump(...values);
+  throw new DumpDieError(values);
+}
+function tap(value2, callback) {
+  callback(value2);
+  return value2;
+}
+function value(valueOrFactory, ...args) {
+  if (typeof valueOrFactory === "function") {
+    return valueOrFactory(...args);
+  }
+  return valueOrFactory;
+}
+function isPlainObject(value2) {
+  if (value2 === null || typeof value2 !== "object") {
+    return false;
+  }
+  const proto = Object.getPrototypeOf(value2);
+  return proto === Object.prototype || proto === null;
+}
+function blank(value2) {
+  if (value2 === null || value2 === void 0) {
+    return true;
+  }
+  if (typeof value2 === "string") {
+    return value2.trim().length === 0;
+  }
+  if (Array.isArray(value2)) {
+    return value2.length === 0;
+  }
+  if (value2 instanceof Map) {
+    return value2.size === 0;
+  }
+  if (value2 instanceof Set) {
+    return value2.size === 0;
+  }
+  if (isPlainObject(value2)) {
+    return Object.keys(value2).length === 0;
+  }
+  return false;
+}
+function filled(value2) {
+  return !blank(value2);
+}
+function toError(error) {
+  if (typeof error === "string") {
+    return new Error(error);
+  }
+  if (typeof error === "function") {
+    return error();
+  }
+  return error;
+}
+function throwIf(condition, error = "Error.") {
+  if (condition) {
+    throw toError(error);
+  }
+}
+function throwUnless(condition, error = "Error.") {
+  if (!condition) {
+    throw toError(error);
+  }
+}
+function env(key, defaultValue) {
+  const bunEnv = globalThis.Bun?.env;
+  const value2 = bunEnv?.[key] ?? process.env[key];
+  return value2 ?? defaultValue;
+}
+var currentApp;
+function setApp(core) {
+  currentApp = core ?? void 0;
+}
+function hasApp() {
+  return currentApp !== void 0;
+}
+function app() {
+  if (!currentApp) {
+    throw new Error("No app is bound. Call setApp(core) once during bootstrap.");
+  }
+  return currentApp;
+}
+function config(key, defaultValue) {
+  if (defaultValue === void 0) {
+    return app().config.get(key);
+  }
+  return app().config.get(key, defaultValue);
+}
+function logger() {
+  return app().logger;
+}
+function router() {
+  return app().router;
+}
+function abort(status, message) {
+  if (message === void 0) {
+    throw new HttpException(status);
+  }
+  throw new HttpException(status, { message });
+}
+function abortIf(condition, status, message) {
+  if (condition) {
+    abort(status, message);
+  }
+}
+function abortUnless(condition, status, message) {
+  if (!condition) {
+    abort(status, message);
+  }
+}
+
+// src/http/CookieJar.ts
+var CookieJar = class {
+  constructor(encrypter) {
+    this.encrypter = encrypter;
+  }
+  queued = /* @__PURE__ */ new Map();
+  /**
+   * Queue a cookie to be sent with the response
+   */
+  queue(name, value2, minutes = 60, options = {}) {
+    const resolved = {
+      path: options.path ?? "/",
+      httpOnly: options.httpOnly ?? true,
+      sameSite: options.sameSite ?? "Lax",
+      secure: options.secure ?? process.env.NODE_ENV === "production",
+      ...options
+    };
+    if (minutes && !resolved.maxAge) {
+      resolved.maxAge = minutes * 60;
+    }
+    let finalValue = value2;
+    if (resolved.encrypt) {
+      if (!this.encrypter) {
+        throw new Error("Encryption is not available. Ensure APP_KEY is set.");
+      }
+      finalValue = this.encrypter.encrypt(value2);
+    }
+    this.queued.set(name, { value: finalValue, options: resolved });
+  }
+  /**
+   * Make a cookie that lasts "forever" (5 years)
+   */
+  forever(name, value2, options = {}) {
+    this.queue(name, value2, 2628e3, options);
+  }
+  /**
+   * Expire a cookie
+   */
+  forget(name, options = {}) {
+    this.queue(name, "", 0, { ...options, maxAge: 0, expires: /* @__PURE__ */ new Date(0) });
+  }
+  /**
+   * Serialize a cookie to a Set-Cookie header value
+   */
+  serializeCookie(name, value2, opts) {
+    const parts = [`${name}=${encodeURIComponent(value2)}`];
+    if (opts.maxAge !== void 0) {
+      parts.push(`Max-Age=${opts.maxAge}`);
+    }
+    if (opts.expires) {
+      parts.push(`Expires=${opts.expires.toUTCString()}`);
+    }
+    if (opts.path) {
+      parts.push(`Path=${opts.path}`);
+    }
+    if (opts.domain) {
+      parts.push(`Domain=${opts.domain}`);
+    }
+    if (opts.secure) {
+      parts.push("Secure");
+    }
+    if (opts.httpOnly) {
+      parts.push("HttpOnly");
+    }
+    if (opts.sameSite) {
+      parts.push(`SameSite=${opts.sameSite}`);
+    }
+    return parts.join("; ");
+  }
+  /**
+   * Attach queued cookies to the context
+   */
+  attach(c) {
+    for (const [name, { value: value2, options }] of this.queued) {
+      c.header("Set-Cookie", this.serializeCookie(name, value2, options), { append: true });
+    }
+  }
+};
+
+// src/exceptions/ModelNotFoundException.ts
+var ModelNotFoundException = class extends GravitoException {
+  model;
+  id;
+  constructor(model, id) {
+    super(404, "NOT_FOUND", {
+      message: `${model} not found.`,
+      i18nKey: "errors.model.not_found",
+      i18nParams: { model, id: String(id ?? "") }
+    });
+    this.model = model;
+    if (id !== void 0) {
+      this.id = id;
+    }
+  }
+};
+
+// src/Route.ts
+var Route = class {
+  constructor(router2, method, path2, options) {
+    this.router = router2;
+    this.method = method;
+    this.path = path2;
+    this.options = options;
+  }
+  /**
+   * Name the route
+   */
+  name(name) {
+    this.router.registerName(name, this.method, this.path, this.options);
+    return this;
+  }
+  static get(path2, requestOrHandler, handler) {
+    return router().get(path2, requestOrHandler, handler);
+  }
+  static post(path2, requestOrHandler, handler) {
+    return router().post(path2, requestOrHandler, handler);
+  }
+  static put(path2, requestOrHandler, handler) {
+    return router().put(path2, requestOrHandler, handler);
+  }
+  static delete(path2, requestOrHandler, handler) {
+    return router().delete(path2, requestOrHandler, handler);
+  }
+  static patch(path2, requestOrHandler, handler) {
+    return router().patch(path2, requestOrHandler, handler);
+  }
+  static resource(name, controller, options = {}) {
+    router().resource(name, controller, options);
+  }
+  static prefix(path2) {
+    return router().prefix(path2);
+  }
+  static middleware(...handlers) {
+    return router().middleware(...handlers);
+  }
+};
+
+// src/Router.ts
+function isFormRequestClass(value2) {
+  if (typeof value2 !== "function") {
+    return false;
+  }
+  try {
+    const instance = new value2();
+    return instance !== null && typeof instance === "object" && "schema" in instance && "validate" in instance && typeof instance.validate === "function";
+  } catch {
+    return false;
+  }
+}
+function formRequestToMiddleware(RequestClass) {
+  return async (ctx, next) => {
+    const request = new RequestClass();
+    if (typeof request.validate !== "function") {
+      throw new Error("Invalid FormRequest: validate() is missing.");
+    }
+    const result = await request.validate(ctx);
+    if (!result.success) {
+      const errorCode = result.error?.error?.code;
+      const status = errorCode === "AUTHORIZATION_ERROR" ? 403 : 422;
+      return ctx.json(result.error, status);
+    }
+    ctx.set("validated", result.data);
+    await next();
+    return void 0;
+  };
+}
+var RouteGroup = class _RouteGroup {
+  constructor(router2, options) {
+    this.router = router2;
+    this.options = options;
+  }
+  /**
+   * Add a prefix to the current group
+   */
+  prefix(path2) {
+    return new _RouteGroup(this.router, {
+      ...this.options,
+      prefix: (this.options.prefix || "") + path2
+    });
+  }
+  /**
+   * Add middleware to the current group.
+   * Accepts individual handlers or arrays of handlers.
+   */
+  middleware(...handlers) {
+    const flattened = handlers.flat();
+    return new _RouteGroup(this.router, {
+      ...this.options,
+      middleware: [...this.options.middleware || [], ...flattened]
+    });
+  }
+  /**
+   * Define routes within this group
+   */
+  group(callback) {
+    callback(this);
+  }
+  get(path2, requestOrHandler, handler) {
+    return this.router.req("get", path2, requestOrHandler, handler, this.options);
+  }
+  post(path2, requestOrHandler, handler) {
+    return this.router.req("post", path2, requestOrHandler, handler, this.options);
+  }
+  put(path2, requestOrHandler, handler) {
+    return this.router.req("put", path2, requestOrHandler, handler, this.options);
+  }
+  delete(path2, requestOrHandler, handler) {
+    return this.router.req("delete", path2, requestOrHandler, handler, this.options);
+  }
+  patch(path2, requestOrHandler, handler) {
+    return this.router.req("patch", path2, requestOrHandler, handler, this.options);
+  }
+  resource(name, controller, options = {}) {
+    const actions = [
+      "index",
+      "create",
+      "store",
+      "show",
+      "edit",
+      "update",
+      "destroy"
+    ];
+    const map = {
+      index: { method: "get", path: `/${name}` },
+      create: { method: "get", path: `/${name}/create` },
+      store: { method: "post", path: `/${name}` },
+      show: { method: "get", path: `/${name}/:id` },
+      edit: { method: "get", path: `/${name}/:id/edit` },
+      update: { method: "put", path: `/${name}/:id` },
+      destroy: { method: "delete", path: `/${name}/:id` }
+    };
+    const allowed = actions.filter((action) => {
+      if (options.only) {
+        return options.only.includes(action);
+      }
+      if (options.except) {
+        return !options.except.includes(action);
+      }
+      return true;
+    });
+    for (const action of allowed) {
+      const { method, path: path2 } = map[action];
+      if (action === "update") {
+        this.router.req("put", path2, [controller, action], void 0, this.options).name(`${name}.${action}`);
+        this.router.req("patch", path2, [controller, action], void 0, this.options);
+      } else {
+        this.router.req(method, path2, [controller, action], void 0, this.options).name(`${name}.${action}`);
+      }
+    }
+  }
+};
+var Router = class {
+  constructor(core) {
+    this.core = core;
+    this.core.adapter.useGlobal(async (c, next) => {
+      const routeModels = c.get("routeModels") ?? {};
+      for (const [param, resolver] of this.bindings) {
+        const value2 = c.req.param(param);
+        if (value2) {
+          try {
+            const resolved = await resolver(value2);
+            routeModels[param] = resolved;
+          } catch (err) {
+            const message = err instanceof Error ? err.message : void 0;
+            if (message === "ModelNotFound") {
+              throw new ModelNotFoundException(param, value2);
+            }
+            throw err;
+          }
+        }
+      }
+      c.set("routeModels", routeModels);
+      await next();
+      return void 0;
+    });
+  }
+  // Internal list of all registered routes (for scanning and debugging)
+  routes = [];
+  // Singleton cache for controllers
+  controllers = /* @__PURE__ */ new Map();
+  namedRoutes = /* @__PURE__ */ new Map();
+  bindings = /* @__PURE__ */ new Map();
+  /**
+   * Compile all registered routes into a flat array for caching or manifest generation.
+   */
+  compile() {
+    const routes = [];
+    for (const [name, info] of this.namedRoutes) {
+      routes.push({
+        name,
+        method: info.method,
+        path: info.path,
+        domain: info.domain
+      });
+    }
+    return routes;
+  }
+  /**
+   * Register a named route
+   */
+  registerName(name, method, path2, options = {}) {
+    const fullPath = (options.prefix || "") + path2;
+    this.namedRoutes.set(name, {
+      method: method.toUpperCase(),
+      path: fullPath,
+      domain: options.domain
+    });
+  }
+  /**
+   * Generate a URL from a named route.
+   */
+  url(name, params = {}, query = {}) {
+    const route = this.namedRoutes.get(name);
+    if (!route) {
+      throw new Error(`Named route '${name}' not found`);
+    }
+    let path2 = route.path;
+    path2 = path2.replace(/:([A-Za-z0-9_]+)/g, (_, key) => {
+      const value2 = params[key];
+      if (value2 === void 0 || value2 === null) {
+        throw new Error(`Missing route param '${key}' for route '${name}'`);
+      }
+      return encodeURIComponent(String(value2));
+    });
+    const qs = new URLSearchParams();
+    for (const [k, v] of Object.entries(query)) {
+      if (v === void 0 || v === null) {
+        continue;
+      }
+      qs.set(k, String(v));
+    }
+    const suffix = qs.toString();
+    return suffix ? `${path2}?${suffix}` : path2;
+  }
+  /**
+   * Export named routes as a serializable manifest (for caching).
+   */
+  exportNamedRoutes() {
+    return Object.fromEntries(this.namedRoutes.entries());
+  }
+  /**
+   * Load named routes from a manifest (for caching).
+   */
+  loadNamedRoutes(manifest) {
+    this.namedRoutes = new Map(Object.entries(manifest));
+  }
+  /**
+   * Register a route model binding.
+   */
+  bind(param, resolver) {
+    this.bindings.set(param, resolver);
+  }
+  /**
+   * Register a route model binding for a Model class.
+   */
+  model(param, modelClass) {
+    this.bind(param, async (id) => {
+      if (modelClass && typeof modelClass === "object" && "find" in modelClass && typeof modelClass.find === "function") {
+        const instance = await modelClass.find(id);
+        if (!instance) {
+          throw new Error("ModelNotFound");
+        }
+        return instance;
+      }
+      throw new Error(`Invalid model class for binding '${param}'`);
+    });
+  }
+  /**
+   * Start a route group with a prefix
+   */
+  prefix(path2) {
+    return new RouteGroup(this, { prefix: path2 });
+  }
+  /**
+   * Start a route group with a domain constraint
+   */
+  domain(host) {
+    return new RouteGroup(this, { domain: host });
+  }
+  /**
+   * Start a route group with middleware.
+   * Accepts individual handlers or arrays of handlers.
+   */
+  middleware(...handlers) {
+    return new RouteGroup(this, { middleware: handlers.flat() });
+  }
+  get(path2, requestOrHandler, handler) {
+    return this.req("get", path2, requestOrHandler, handler);
+  }
+  post(path2, requestOrHandler, handler) {
+    return this.req("post", path2, requestOrHandler, handler);
+  }
+  put(path2, requestOrHandler, handler) {
+    return this.req("put", path2, requestOrHandler, handler);
+  }
+  delete(path2, requestOrHandler, handler) {
+    return this.req("delete", path2, requestOrHandler, handler);
+  }
+  patch(path2, requestOrHandler, handler) {
+    return this.req("patch", path2, requestOrHandler, handler);
+  }
+  /**
+   * Register a resource route (Laravel-style).
+   */
+  resource(name, controller, options = {}) {
+    const actions = [
+      "index",
+      "create",
+      "store",
+      "show",
+      "edit",
+      "update",
+      "destroy"
+    ];
+    const map = {
+      index: { method: "get", path: `/${name}` },
+      create: { method: "get", path: `/${name}/create` },
+      store: { method: "post", path: `/${name}` },
+      show: { method: "get", path: `/${name}/:id` },
+      edit: { method: "get", path: `/${name}/:id/edit` },
+      update: { method: "put", path: `/${name}/:id` },
+      destroy: { method: "delete", path: `/${name}/:id` }
+    };
+    const allowed = actions.filter((action) => {
+      if (options.only) {
+        return options.only.includes(action);
+      }
+      if (options.except) {
+        return !options.except.includes(action);
+      }
+      return true;
+    });
+    for (const action of allowed) {
+      const { method, path: path2 } = map[action];
+      if (action === "update") {
+        this.req("put", path2, [controller, action]).name(`${name}.${action}`);
+        this.req("patch", path2, [controller, action]);
+      } else {
+        this.req(method, path2, [controller, action]).name(`${name}.${action}`);
+      }
+    }
+  }
+  /**
+   * Internal Request Registration
+   */
+  req(method, path2, requestOrHandler, handler, options = {}) {
+    const fullPath = (options.prefix || "") + path2;
+    let formRequestMiddleware = null;
+    let finalRouteHandler;
+    if (handler !== void 0) {
+      if (isFormRequestClass(requestOrHandler)) {
+        formRequestMiddleware = formRequestToMiddleware(requestOrHandler);
+      }
+      finalRouteHandler = handler;
+    } else {
+      finalRouteHandler = requestOrHandler;
+    }
+    let resolvedHandler;
+    if (Array.isArray(finalRouteHandler)) {
+      const [CtrlClass, methodName] = finalRouteHandler;
+      resolvedHandler = this.resolveControllerHandler(CtrlClass, methodName);
+    } else {
+      resolvedHandler = finalRouteHandler;
+    }
+    const handlers = [];
+    if (options.middleware) {
+      handlers.push(...options.middleware);
+    }
+    if (formRequestMiddleware) {
+      handlers.push(formRequestMiddleware);
+    }
+    handlers.push(resolvedHandler);
+    if (options.domain) {
+      const _wrappedHandler = async (c) => {
+        if (c.req.header("host") !== options.domain) {
+          return new Response("Not Found", { status: 404 });
+        }
+        return void 0;
+      };
+      const domainCheck = async (c, next) => {
+        if (c.req.header("host") !== options.domain) {
+          return c.text("Not Found", 404);
+        }
+        await next();
+      };
+      handlers.unshift(domainCheck);
+    }
+    this.routes.push({ method, path: fullPath });
+    this.core.adapter.route(method, fullPath, ...handlers);
+    return new Route(this, method, fullPath, options);
+  }
+  /**
+   * Resolve Controller Instance and Method
+   */
+  resolveControllerHandler(CtrlClass, methodName) {
+    let instance = this.controllers.get(CtrlClass);
+    if (!instance) {
+      instance = new CtrlClass(this.core);
+      this.controllers.set(CtrlClass, instance);
+    }
+    const handler = instance[methodName];
+    if (typeof handler !== "function") {
+      throw new Error(`Method '${methodName}' not found in controller '${CtrlClass.name}'`);
+    }
+    return handler.bind(instance);
+  }
+};
+
+// src/security/Encrypter.ts
+import crypto from "crypto";
+var Encrypter = class {
+  algorithm;
+  key;
+  constructor(options) {
+    this.algorithm = options.cipher || "aes-256-cbc";
+    if (options.key.startsWith("base64:")) {
+      this.key = Buffer.from(options.key.substring(7), "base64");
+    } else {
+      this.key = Buffer.from(options.key);
+    }
+    if (this.algorithm === "aes-128-cbc" && this.key.length !== 16) {
+      throw new Error("The key must be 16 bytes (128 bits) for AES-128-CBC.");
+    }
+    if (this.algorithm === "aes-256-cbc" && this.key.length !== 32) {
+      throw new Error("The key must be 32 bytes (256 bits) for AES-256-CBC.");
+    }
+  }
+  /**
+   * Encrypt a value
+   */
+  encrypt(value2, serialize = true) {
+    const iv = crypto.randomBytes(16);
+    const cipher = crypto.createCipheriv(this.algorithm, this.key, iv);
+    const stringValue = serialize ? JSON.stringify(value2) : String(value2);
+    let encrypted = cipher.update(stringValue, "utf8", "base64");
+    encrypted += cipher.final("base64");
+    const mac = this.hash(iv.toString("base64"), encrypted);
+    const payload = {
+      iv: iv.toString("base64"),
+      value: encrypted,
+      mac,
+      tag: ""
+      // AES-CBC doesn't produce an auth tag, but GCM does. Keeping structure standard.
+    };
+    return Buffer.from(JSON.stringify(payload)).toString("base64");
+  }
+  /**
+   * Decrypt a value
+   */
+  decrypt(payload, deserialize = true) {
+    const json = JSON.parse(Buffer.from(payload, "base64").toString("utf8"));
+    if (!this.validPayload(json)) {
+      throw new Error("The payload is invalid.");
+    }
+    if (!this.validMac(json)) {
+      throw new Error("The MAC is invalid.");
+    }
+    const iv = Buffer.from(json.iv, "base64");
+    const decipher = crypto.createDecipheriv(this.algorithm, this.key, iv);
+    let decrypted = decipher.update(json.value, "base64", "utf8");
+    decrypted += decipher.final("utf8");
+    return deserialize ? JSON.parse(decrypted) : decrypted;
+  }
+  hash(iv, value2) {
+    const hmac = crypto.createHmac("sha256", this.key);
+    hmac.update(iv + value2);
+    return hmac.digest("hex");
+  }
+  validPayload(payload) {
+    return typeof payload === "object" && payload !== null && "iv" in payload && "value" in payload && "mac" in payload;
+  }
+  validMac(payload) {
+    const calculated = this.hash(payload.iv, payload.value);
+    return crypto.timingSafeEqual(Buffer.from(calculated), Buffer.from(payload.mac));
+  }
+  /**
+   * Generate a new key
+   */
+  static generateKey(cipher = "aes-256-cbc") {
+    const bytes = cipher === "aes-128-cbc" ? 16 : 32;
+    return `base64:${crypto.randomBytes(bytes).toString("base64")}`;
+  }
+};
+
+// src/security/Hasher.ts
+var BunHasher = class {
+  async make(value2, options) {
+    const bun = Bun;
+    return await bun.password.hash(value2, options);
+  }
+  async check(value2, hashedValue) {
+    const bun = Bun;
+    return await bun.password.verify(value2, hashedValue);
+  }
+  needsRehash(_hashedValue, _options) {
+    return false;
+  }
+};
+
+// src/PlanetCore.ts
+var PlanetCore = class _PlanetCore {
+  /**
+   * The HTTP adapter used by this core instance.
+   * @since 2.0.0
+   */
+  _adapter;
+  /**
+   * Access the underlying Photon app instance.
+   * @deprecated Use adapter methods for new code. This property is kept for backward compatibility.
+   */
+  get app() {
+    return this._adapter.native;
+  }
+  /**
+   * Get the HTTP adapter instance.
+   * @since 2.0.0
+   */
+  get adapter() {
+    return this._adapter;
+  }
+  logger;
+  config;
+  hooks;
+  events;
+  router;
+  container = new Container();
+  /** @deprecated Use core.container instead */
+  services = /* @__PURE__ */ new Map();
+  encrypter;
+  hasher;
+  providers = [];
+  deferredProviders = /* @__PURE__ */ new Map();
+  bootedProviders = /* @__PURE__ */ new Set();
+  /**
+   * Register a service provider.
+   *
+   * @param provider - The ServiceProvider instance to register.
+   * @returns The PlanetCore instance for chaining.
+   *
+   * @example
+   * ```typescript
+   * core.register(new DatabaseServiceProvider());
+   * ```
+   */
+  register(provider) {
+    provider.setCore(this);
+    if (provider.deferred) {
+      const services = provider.provides();
+      for (const service of services) {
+        this.deferredProviders.set(service, provider);
+      }
+    } else {
+      this.providers.push(provider);
+    }
+    return this;
+  }
+  /**
+   * Bootstrap the application by registering and booting providers.
+   *
+   * This method must be called before the application starts handling requests.
+   * It calls `register()` on all providers first, then `boot()` on all providers.
+   *
+   * Supports async register() methods.
+   *
+   * @returns Promise that resolves when bootstrapping is complete.
+   */
+  async bootstrap() {
+    for (const provider of this.providers) {
+      await provider.register(this.container);
+    }
+    this.setupDeferredProviderResolution();
+    for (const provider of this.providers) {
+      await this.bootProvider(provider);
+    }
+  }
+  /**
+   * Setup deferred provider resolution.
+   * Wraps container.make to auto-register deferred providers on first request.
+   *
+   * @internal
+   */
+  setupDeferredProviderResolution() {
+    const originalMake = this.container.make.bind(this.container);
+    this.container.make = (key) => {
+      if (this.deferredProviders.has(key)) {
+        const provider = this.deferredProviders.get(key);
+        this.registerDeferredProvider(provider);
+      }
+      return originalMake(key);
+    };
+  }
+  /**
+   * Register a deferred provider on-demand.
+   *
+   * @internal
+   */
+  registerDeferredProvider(provider) {
+    for (const service of provider.provides()) {
+      this.deferredProviders.delete(service);
+    }
+    const result = provider.register(this.container);
+    if (result instanceof Promise) {
+      throw new Error(
+        `Deferred provider ${provider.constructor.name} has async register(). Deferred providers must have synchronous register() methods.`
+      );
+    }
+    this.bootProvider(provider);
+  }
+  /**
+   * Boot a single provider if not already booted.
+   *
+   * @internal
+   */
+  async bootProvider(provider) {
+    if (this.bootedProviders.has(provider)) {
+      return;
+    }
+    this.bootedProviders.add(provider);
+    if (provider.boot) {
+      await provider.boot(this);
+    }
+  }
+  constructor(options = {}) {
+    this.logger = options.logger ?? new ConsoleLogger();
+    this.config = new ConfigManager(options.config ?? {});
+    this.hooks = new HookManager();
+    this.events = new EventManager(this);
+    this.hasher = new BunHasher();
+    setApp(this);
+    const appKey = (this.config.has("APP_KEY") ? this.config.get("APP_KEY") : void 0) || process.env.APP_KEY;
+    if (appKey) {
+      try {
+        this.encrypter = new Encrypter({ key: appKey });
+      } catch (e) {
+        this.logger.warn("Failed to initialize Encrypter (invalid APP_KEY?):", e);
+      }
+    }
+    if (options.adapter) {
+      this._adapter = options.adapter;
+    } else if (typeof Bun !== "undefined") {
+      this._adapter = new BunNativeAdapter();
+    } else {
+      this._adapter = new PhotonAdapter();
+    }
+    this.adapter.use("*", async (c, next) => {
+      c.set("core", this);
+      c.set("logger", this.logger);
+      c.set("config", this.config);
+      const cookieJar = new CookieJar(this.encrypter);
+      c.set("cookieJar", cookieJar);
+      c.route = (name, params, query) => this.router.url(name, params, query);
+      await next();
+      return void 0;
+    });
+    this.router = new Router(this);
+    this.adapter.onError(async (err, c) => {
+      const isProduction = process.env.NODE_ENV === "production";
+      const codeFromStatus = (status2) => {
+        switch (status2) {
+          case 400:
+            return "BAD_REQUEST";
+          case 401:
+            return "UNAUTHENTICATED";
+          case 403:
+            return "FORBIDDEN";
+          case 404:
+            return "NOT_FOUND";
+          case 405:
+            return "METHOD_NOT_ALLOWED";
+          case 409:
+            return "CONFLICT";
+          case 422:
+            return "VALIDATION_ERROR";
+          case 429:
+            return "TOO_MANY_REQUESTS";
+          default:
+            return status2 >= 500 ? "INTERNAL_ERROR" : "HTTP_ERROR";
+        }
+      };
+      const messageFromStatus = (status2) => {
+        switch (status2) {
+          case 400:
+            return "Bad Request";
+          case 401:
+            return "Unauthorized";
+          case 403:
+            return "Forbidden";
+          case 404:
+            return "Not Found";
+          case 405:
+            return "Method Not Allowed";
+          case 409:
+            return "Conflict";
+          case 422:
+            return "Unprocessable Content";
+          case 429:
+            return "Too Many Requests";
+          case 500:
+            return "Internal Server Error";
+          case 502:
+            return "Bad Gateway";
+          case 503:
+            return "Service Unavailable";
+          case 504:
+            return "Gateway Timeout";
+          default:
+            return status2 >= 500 ? "Internal Server Error" : "Request Error";
+        }
+      };
+      const view = c.get("view");
+      const i18n = c.get("i18n");
+      const accept = c.req.header("Accept") || "";
+      const wantsHtml = Boolean(
+        view && accept.includes("text/html") && !accept.includes("application/json")
+      );
+      let status = 500;
+      let message = messageFromStatus(500);
+      let code = "INTERNAL_ERROR";
+      let details;
+      if (err instanceof GravitoException) {
+        status = err.status;
+        code = err.code;
+        if (code === "HTTP_ERROR") {
+          code = codeFromStatus(status);
+        }
+        if (i18n?.t && err.i18nKey) {
+          message = i18n.t(err.i18nKey, err.i18nParams);
+        } else {
+          message = err.message || messageFromStatus(status);
+        }
+        if (err instanceof ValidationException) {
+          details = err.errors;
+          if (wantsHtml) {
+            const session = c.get("session");
+            if (session) {
+              const errorBag = {};
+              for (const e of err.errors) {
+                if (!errorBag[e.field]) {
+                  errorBag[e.field] = [];
+                }
+                errorBag[e.field]?.push(e.message);
+              }
+              session.flash("errors", errorBag);
+              if (err.input) {
+                session.flash("_old_input", err.input);
+              }
+              const redirectUrl = err.redirectTo ?? c.req.header("Referer") ?? "/";
+              return c.redirect(redirectUrl);
+            }
+          }
+        } else if (err instanceof Error && !isProduction && err.cause) {
+          details = { cause: err.cause };
+        }
+      } else if (err instanceof HttpException) {
+        status = err.status;
+        message = err.message;
+      } else if (err instanceof Error && "status" in err && typeof err.status === "number") {
+        status = err.status;
+        message = err.message;
+        code = codeFromStatus(status);
+      } else if (err instanceof Error) {
+        if (!isProduction) {
+          message = err.message || message;
+        }
+      } else if (typeof err === "string") {
+        if (!isProduction) {
+          message = err;
+        }
+      }
+      if (isProduction && status >= 500) {
+        message = messageFromStatus(status);
+      }
+      if (!isProduction && err instanceof Error && !details) {
+        details = { stack: err.stack, ...details };
+      }
+      let handlerContext = {
+        core: this,
+        c,
+        error: err,
+        isProduction,
+        accept,
+        wantsHtml,
+        status,
+        payload: fail(message, code, details),
+        ...wantsHtml ? {
+          html: {
+            templates: status === 500 ? ["errors/500"] : [`errors/${status}`, "errors/500"],
+            data: {
+              status,
+              message,
+              code,
+              error: !isProduction && err instanceof Error ? err.stack : void 0,
+              debug: !isProduction,
+              details
+            }
+          }
+        } : {}
+      };
+      handlerContext = await this.hooks.applyFilters(
+        "error:context",
+        handlerContext
+      );
+      const defaultLogLevel = handlerContext.status >= 500 ? "error" : "none";
+      const logLevel = handlerContext.logLevel ?? defaultLogLevel;
+      if (logLevel !== "none") {
+        const rawErrorMessage = handlerContext.error instanceof Error ? handlerContext.error.message : typeof handlerContext.error === "string" ? handlerContext.error : handlerContext.payload.error.message;
+        const msg = handlerContext.logMessage ?? (logLevel === "error" ? `Application Error: ${rawErrorMessage || handlerContext.payload.error.message}` : `HTTP ${handlerContext.status}: ${handlerContext.payload.error.message}`);
+        if (logLevel === "error") {
+          this.logger.error(msg, err);
+        } else if (logLevel === "warn") {
+          this.logger.warn(msg);
+        } else {
+          this.logger.info(msg);
+        }
+      }
+      await this.hooks.doAction("error:report", handlerContext);
+      const customResponse = await this.hooks.applyFilters(
+        "error:render",
+        null,
+        handlerContext
+      );
+      if (customResponse) {
+        return customResponse;
+      }
+      if (handlerContext.wantsHtml && view && handlerContext.html) {
+        let lastRenderError;
+        for (const template of handlerContext.html.templates) {
+          try {
+            return c.html(view.render(template, handlerContext.html.data), handlerContext.status);
+          } catch (renderError) {
+            lastRenderError = renderError;
+          }
+        }
+        this.logger.error("Failed to render error view", lastRenderError);
+      }
+      return c.json(handlerContext.payload, handlerContext.status);
+    });
+    this.adapter.onNotFound(async (c) => {
+      const view = c.get("view");
+      const accept = c.req.header("Accept") || "";
+      const wantsHtml = view && accept.includes("text/html") && !accept.includes("application/json");
+      const isProduction = process.env.NODE_ENV === "production";
+      let handlerContext = {
+        core: this,
+        c,
+        error: new HttpException(404, { message: "Route not found" }),
+        isProduction,
+        accept,
+        wantsHtml: Boolean(wantsHtml),
+        status: 404,
+        payload: fail("Route not found", "NOT_FOUND"),
+        ...wantsHtml ? {
+          html: {
+            templates: ["errors/404", "errors/500"],
+            data: {
+              status: 404,
+              message: "Route not found",
+              code: "NOT_FOUND",
+              debug: !isProduction
+            }
+          }
+        } : {}
+      };
+      handlerContext = await this.hooks.applyFilters(
+        "notFound:context",
+        handlerContext
+      );
+      const logLevel = handlerContext.logLevel ?? "info";
+      if (logLevel !== "none") {
+        const msg = handlerContext.logMessage ?? `404 Not Found: ${c.req.url}`;
+        if (logLevel === "error") {
+          this.logger.error(msg);
+        } else if (logLevel === "warn") {
+          this.logger.warn(msg);
+        } else {
+          this.logger.info(msg);
+        }
+      }
+      await this.hooks.doAction("notFound:report", handlerContext);
+      const customResponse = await this.hooks.applyFilters(
+        "notFound:render",
+        null,
+        handlerContext
+      );
+      if (customResponse) {
+        return customResponse;
+      }
+      if (handlerContext.wantsHtml && view && handlerContext.html) {
+        let lastRenderError;
+        for (const template of handlerContext.html.templates) {
+          try {
+            return c.html(view.render(template, handlerContext.html.data), handlerContext.status);
+          } catch (renderError) {
+            lastRenderError = renderError;
+          }
+        }
+        this.logger.error("Failed to render 404 view", lastRenderError);
+      }
+      return c.json(handlerContext.payload, handlerContext.status);
+    });
+  }
+  /**
+   * Programmatically register an infrastructure module (Orbit).
+   * @since 2.0.0
+   *
+   * @param orbit - The orbit class or instance to register.
+   * @returns The PlanetCore instance for chaining.
+   *
+   * @example
+   * ```typescript
+   * await core.orbit(OrbitCache);
+   * ```
+   */
+  async orbit(orbit) {
+    const instance = typeof orbit === "function" ? new orbit() : orbit;
+    await instance.install(this);
+    return this;
+  }
+  /**
+   * Programmatically register a feature module (Satellite).
+   * Alias for register() with provider support.
+   * @since 2.0.0
+   *
+   * @param satellite - The provider or setup function.
+   * @returns The PlanetCore instance for chaining.
+   *
+   * @example
+   * ```typescript
+   * await core.use(new AuthProvider());
+   * ```
+   */
+  async use(satellite) {
+    if (typeof satellite === "function") {
+      await satellite(this);
+    } else {
+      this.register(satellite);
+    }
+    return this;
+  }
+  registerGlobalErrorHandlers(options = {}) {
+    return registerGlobalErrorHandlers({ ...options, core: this });
+  }
+  /**
+   * Boot the application with a configuration object (IoC style default entry)
+   *
+   * @param config - The Gravito configuration object.
+   * @returns A Promise resolving to the booted PlanetCore instance.
+   *
+   * @example
+   * ```typescript
+   * const core = await PlanetCore.boot(config);
+   * ```
+   */
+  static async boot(config2) {
+    const core = new _PlanetCore({
+      ...config2.logger && { logger: config2.logger },
+      ...config2.config && { config: config2.config },
+      ...config2.adapter && { adapter: config2.adapter }
+    });
+    if (config2.orbits) {
+      for (const OrbitClassOrInstance of config2.orbits) {
+        let orbit;
+        if (typeof OrbitClassOrInstance === "function") {
+          orbit = new OrbitClassOrInstance();
+        } else {
+          orbit = OrbitClassOrInstance;
+        }
+        await orbit.install(core);
+      }
+    }
+    return core;
+  }
+  /**
+   * Mount an Orbit (a Photon app) to a path.
+   *
+   * @param path - The URL path to mount the orbit at.
+   * @param orbitApp - The Photon application instance.
+   */
+  mountOrbit(path2, orbitApp) {
+    this.logger.info(`Mounting orbit at path: ${path2}`);
+    if (this.adapter.name === "photon") {
+      ;
+      this.adapter.native.route(path2, orbitApp);
+    } else {
+      const subAdapter = new PhotonAdapter({}, orbitApp);
+      this.adapter.mount(path2, subAdapter);
+    }
+  }
+  /**
+   * Start the core (Liftoff).
+   *
+   * Returns a config object for `Bun.serve`.
+   *
+   * @param port - Optional port number (defaults to config or 3000).
+   * @returns An object compatible with Bun.serve({ ... }).
+   *
+   * @example
+   * ```typescript
+   * export default core.liftoff(3000);
+   * ```
+   */
+  liftoff(port) {
+    const finalPort = port ?? this.config.get("PORT", 3e3);
+    this.hooks.doAction("app:liftoff", { port: finalPort });
+    this.logger.info(`Ready to liftoff on port ${finalPort} \u{1F680}`);
+    return {
+      port: finalPort,
+      fetch: this.adapter.fetch.bind(this.adapter),
+      // Ensure we bind to adapter not app
+      core: this
+    };
+  }
+};
+
+// src/Application.ts
+var Application = class {
+  /**
+   * The underlying PlanetCore instance.
+   */
+  core;
+  /**
+   * The IoC container.
+   */
+  container;
+  /**
+   * The configuration manager.
+   */
+  config;
+  /**
+   * The event manager.
+   */
+  events;
+  /**
+   * The logger instance.
+   */
+  logger;
+  /**
+   * Application base path.
+   */
+  basePath;
+  /**
+   * Environment mode.
+   */
+  env;
+  /**
+   * Configuration options.
+   */
+  options;
+  /**
+   * Whether the application has been booted.
+   */
+  booted = false;
+  constructor(options) {
+    this.options = options;
+    this.basePath = options.basePath;
+    this.env = options.env ?? process.env.NODE_ENV ?? "development";
+    this.logger = options.logger ?? new ConsoleLogger();
+    this.container = new Container();
+    this.config = new ConfigManager(options.config ?? {});
+    this.core = new PlanetCore({
+      logger: this.logger,
+      config: options.config
+    });
+    this.events = this.core.events;
+    this.container.instance("app", this);
+    this.container.instance("config", this.config);
+    this.container.instance("logger", this.logger);
+    this.container.instance("events", this.events);
+  }
+  /**
+   * Boot the application.
+   *
+   * This will:
+   * 1. Load configuration files
+   * 2. Auto-discover providers (if enabled)
+   * 3. Register all providers
+   * 4. Bootstrap the core
+   *
+   * @returns Promise that resolves when boot is complete
+   */
+  async boot() {
+    if (this.booted) {
+      return this;
+    }
+    this.logger.info(`\u{1F680} Booting application in ${this.env} mode...`);
+    await this.loadConfiguration();
+    if (this.options.autoDiscoverProviders !== false) {
+      await this.discoverProviders();
+    }
+    if (this.options.providers) {
+      for (const provider of this.options.providers) {
+        this.core.register(provider);
+      }
+    }
+    await this.core.bootstrap();
+    this.booted = true;
+    this.logger.info("\u2705 Application booted successfully");
+    return this;
+  }
+  /**
+   * Load configuration files from the config directory.
+   *
+   * @internal
+   */
+  async loadConfiguration() {
+    const configPath = path.resolve(this.basePath, this.options.configPath ?? "config");
+    try {
+      const stat = await fs.stat(configPath);
+      if (!stat.isDirectory()) {
+        return;
+      }
+      const files = await fs.readdir(configPath);
+      for (const file of files) {
+        if (!file.endsWith(".ts") && !file.endsWith(".js")) {
+          continue;
+        }
+        const key = path.basename(file, path.extname(file));
+        const filePath = path.resolve(configPath, file);
+        try {
+          const module = await import(pathToFileURL(filePath).href);
+          const value2 = module.default ?? module;
+          this.config.set(key, value2);
+          this.logger.info(`\u{1F4CB} Loaded config: ${key}`);
+        } catch (err) {
+          this.logger.warn(`Failed to load config ${file}:`, err);
+        }
+      }
+    } catch {
+      this.logger.info("No config directory found, skipping config loading");
+    }
+  }
+  /**
+   * Discover and register providers from the providers directory.
+   *
+   * @internal
+   */
+  async discoverProviders() {
+    const providersPath = path.resolve(this.basePath, this.options.providersPath ?? "src/Providers");
+    try {
+      const stat = await fs.stat(providersPath);
+      if (!stat.isDirectory()) {
+        return;
+      }
+      const files = await fs.readdir(providersPath);
+      for (const file of files) {
+        if (!file.endsWith("Provider.ts") && !file.endsWith("Provider.js")) {
+          continue;
+        }
+        const filePath = path.resolve(providersPath, file);
+        try {
+          const module = await import(pathToFileURL(filePath).href);
+          const ProviderClass = module.default ?? Object.values(module).find(
+            (exp) => typeof exp === "function" && exp.prototype?.register
+          );
+          if (ProviderClass && typeof ProviderClass === "function") {
+            const provider = new ProviderClass();
+            this.core.register(provider);
+            this.logger.info(`\u{1F50C} Registered provider: ${ProviderClass.name}`);
+          }
+        } catch (err) {
+          this.logger.warn(`Failed to load provider ${file}:`, err);
+        }
+      }
+    } catch {
+    }
+  }
+  /**
+   * Get a service from the container.
+   *
+   * @param key - The service key
+   * @returns The resolved service
+   */
+  make(key) {
+    return this.core.container.make(key);
+  }
+  /**
+   * Check if a service is bound.
+   *
+   * @param key - The service key
+   * @returns True if bound
+   */
+  has(key) {
+    return this.core.container.has(key);
+  }
+  /**
+   * Get a configuration value.
+   *
+   * @param key - The config key (supports dot notation)
+   * @param defaultValue - Default value if not found
+   * @returns The config value
+   */
+  getConfig(key, defaultValue) {
+    return this.config.get(key, defaultValue);
+  }
+  /**
+   * Create application path helper.
+   *
+   * @param segments - Path segments relative to base path
+   * @returns Absolute path
+   */
+  path(...segments) {
+    return path.resolve(this.basePath, ...segments);
+  }
+  /**
+   * Get the config path.
+   *
+   * @param segments - Additional path segments
+   * @returns Absolute path to config directory
+   */
+  configPath(...segments) {
+    return this.path(this.options.configPath ?? "config", ...segments);
+  }
+  /**
+   * Check if running in production.
+   */
+  isProduction() {
+    return this.env === "production";
+  }
+  /**
+   * Check if running in development.
+   */
+  isDevelopment() {
+    return this.env === "development";
+  }
+  /**
+   * Check if running in testing.
+   */
+  isTesting() {
+    return this.env === "testing";
+  }
+};
+
+// src/exceptions/AuthenticationException.ts
+var AuthenticationException = class extends GravitoException {
+  constructor(message = "Unauthenticated.") {
+    super(401, "UNAUTHENTICATED", {
+      message,
+      i18nKey: "errors.authentication.unauthenticated"
+    });
+  }
+};
+
+// src/exceptions/AuthorizationException.ts
+var AuthorizationException = class extends GravitoException {
+  constructor(message = "This action is unauthorized.") {
+    super(403, "FORBIDDEN", {
+      message,
+      i18nKey: "errors.authorization.forbidden"
+    });
+  }
+};
+
+// src/ServiceProvider.ts
+var ServiceProvider = class _ServiceProvider {
+  /**
+   * Reference to the application core instance.
+   * Set during provider registration.
+   */
+  core;
+  /**
+   * Whether this provider should be deferred.
+   * Deferred providers are only registered when one of their
+   * provided services is actually requested from the container.
+   */
+  deferred = false;
+  /**
+   * Get the services provided by this provider.
+   * Used for deferred loading - provider is only loaded when
+   * one of these services is requested.
+   *
+   * @returns Array of service keys this provider offers
+   *
+   * @example
+   * ```typescript
+   * provides(): string[] {
+   *   return ['db', 'db.connection'];
+   * }
+   * ```
+   */
+  provides() {
+    return [];
+  }
+  /**
+   * Set the core instance reference.
+   * Called internally by the application during registration.
+   *
+   * @internal
+   */
+  setCore(core) {
+    this.core = core;
+  }
+  // ─────────────────────────────────────────────────────────────
+  // Configuration Helpers
+  // ─────────────────────────────────────────────────────────────
+  /**
+   * Merge configuration from a file into the application config.
+   *
+   * @param config - The ConfigManager instance
+   * @param key - The configuration key to set
+   * @param value - The configuration value or object
+   *
+   * @example
+   * ```typescript
+   * this.mergeConfig(config, 'database', {
+   *   default: 'mysql',
+   *   connections: { ... }
+   * });
+   * ```
+   */
+  mergeConfig(config2, key, value2) {
+    const existing = config2.has(key) ? config2.get(key) : {};
+    if (typeof existing === "object" && existing !== null && typeof value2 === "object" && value2 !== null) {
+      config2.set(key, { ...existing, ...value2 });
+    } else {
+      config2.set(key, value2);
+    }
+  }
+  /**
+   * Merge configuration from an async loader.
+   * Useful for loading config from .ts files dynamically.
+   *
+   * @param config - The ConfigManager instance
+   * @param key - The configuration key
+   * @param loader - Async function that returns config value
+   *
+   * @example
+   * ```typescript
+   * await this.mergeConfigFrom(config, 'database', async () => {
+   *   return (await import('./config/database')).default;
+   * });
+   * ```
+   */
+  async mergeConfigFrom(config2, key, loader) {
+    const value2 = await loader();
+    this.mergeConfig(config2, key, value2);
+  }
+  // ─────────────────────────────────────────────────────────────
+  // Publishing (for CLI support)
+  // ─────────────────────────────────────────────────────────────
+  /**
+   * Paths that should be published by the CLI.
+   * Maps source paths to destination paths.
+   */
+  static publishables = /* @__PURE__ */ new Map();
+  /**
+   * Register paths to be published.
+   * Used by CLI commands like `gravito vendor:publish`.
+   *
+   * @param paths - Map of source to destination paths
+   * @param group - Optional group name for selective publishing
+   *
+   * @example
+   * ```typescript
+   * this.publishes({
+   *   './config/cache.ts': 'config/cache.ts',
+   *   './views/errors': 'resources/views/errors'
+   * }, 'config');
+   * ```
+   */
+  publishes(paths, group) {
+    const groupKey = group ?? this.constructor.name;
+    if (!_ServiceProvider.publishables.has(groupKey)) {
+      _ServiceProvider.publishables.set(groupKey, /* @__PURE__ */ new Map());
+    }
+    const groupPaths = _ServiceProvider.publishables.get(groupKey);
+    for (const [source, dest] of Object.entries(paths)) {
+      groupPaths.set(source, dest);
+    }
+  }
+  /**
+   * Get all publishable paths for a group.
+   *
+   * @param group - The group name (defaults to provider class name)
+   * @returns Map of source to destination paths
+   */
+  static getPublishables(group) {
+    if (group) {
+      return _ServiceProvider.publishables.get(group) ?? /* @__PURE__ */ new Map();
+    }
+    const all = /* @__PURE__ */ new Map();
+    for (const paths of _ServiceProvider.publishables.values()) {
+      for (const [source, dest] of paths) {
+        all.set(source, dest);
+      }
+    }
+    return all;
+  }
+  /**
+   * Get all publish groups.
+   *
+   * @returns Array of group names
+   */
+  static getPublishGroups() {
+    return Array.from(_ServiceProvider.publishables.keys());
+  }
+};
+
+// src/GravitoServer.ts
+var GravitoServer = class {
+  /**
+   * 一鍵建立並組裝伺服器
+   * @param manifest 站點描述清單
+   * @param resolvers 模組解析器字典
+   * @param baseOrbits 基礎軌道模組 (例如 OrbitMonolith)
+   */
+  static async create(manifest, resolvers, baseOrbits = []) {
+    const core = new PlanetCore(
+      manifest.config || {
+        adapter: new PhotonAdapter()
+      }
+    );
+    for (const Orbit of baseOrbits) {
+      core.orbit(Orbit);
+    }
+    console.log(`
+\u{1F30C} [Gravito Core] \u6B63\u5728\u9EDE\u71C3: ${manifest.name} v${manifest.version || "1.0.0"}`);
+    for (const moduleId of manifest.modules) {
+      const resolver = resolvers[moduleId];
+      if (!resolver) continue;
+      try {
+        const exported = await resolver();
+        let instance;
+        if (typeof exported === "function" && exported.prototype instanceof ServiceProvider) {
+          instance = new exported();
+        } else if (exported instanceof ServiceProvider) {
+          instance = exported;
+        } else {
+          continue;
+        }
+        core.register(instance);
+        console.log(`   \u2705 \u6A21\u7D44\u9EDE\u706B\u6210\u529F: [${moduleId}]`);
+      } catch (error) {
+        console.error(`   \u274C \u6A21\u7D44 [${moduleId}] \u9EDE\u706B\u5931\u6557: ${error.message}`);
+      }
+    }
+    return core;
+  }
+};
+
+// src/http/middleware/BodySizeLimit.ts
+var defaultMethods = ["POST", "PUT", "PATCH", "DELETE"];
+function bodySizeLimit(maxBytes, options = {}) {
+  const allowedMethods = (options.methods ?? defaultMethods).map((m) => m.toUpperCase());
+  return async (c, next) => {
+    const method = c.req.method.toUpperCase();
+    if (!allowedMethods.includes(method)) {
+      await next();
+      return void 0;
+    }
+    const lengthHeader = c.req.header("Content-Length");
+    if (!lengthHeader) {
+      if (options.requireContentLength) {
+        return c.text("Length Required", 411);
+      }
+      await next();
+      return void 0;
+    }
+    const length = Number(lengthHeader);
+    if (Number.isNaN(length)) {
+      if (options.requireContentLength) {
+        return c.text("Invalid Content-Length", 400);
+      }
+      await next();
+      return void 0;
+    }
+    if (length > maxBytes) {
+      return c.text("Payload Too Large", 413);
+    }
+    await next();
+    return void 0;
+  };
+}
+
+// src/http/middleware/Cors.ts
+function resolveOrigin(origin, requestOrigin) {
+  if (!origin) {
+    return "*";
+  }
+  if (typeof origin === "string") {
+    return origin;
+  }
+  if (Array.isArray(origin)) {
+    return requestOrigin && origin.includes(requestOrigin) ? requestOrigin : false;
+  }
+  return origin(requestOrigin);
+}
+function cors(options = {}) {
+  const methods = (options.methods ?? ["GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"]).join(", ");
+  const allowedHeaders = options.allowedHeaders?.join(", ");
+  const exposedHeaders = options.exposedHeaders?.join(", ");
+  const credentials = options.credentials === true;
+  const maxAge = options.maxAge;
+  const optionsStatus = options.optionsSuccessStatus ?? 204;
+  return async (c, next) => {
+    const requestOrigin = c.req.header("Origin");
+    const allowOrigin = resolveOrigin(options.origin, requestOrigin);
+    if (allowOrigin) {
+      c.header("Access-Control-Allow-Origin", allowOrigin);
+      if (allowOrigin !== "*") {
+        c.header("Vary", "Origin");
+      }
+      if (credentials) {
+        c.header("Access-Control-Allow-Credentials", "true");
+      }
+      if (exposedHeaders) {
+        c.header("Access-Control-Expose-Headers", exposedHeaders);
+      }
+    }
+    if (c.req.method.toUpperCase() === "OPTIONS") {
+      const requestMethod = c.req.header("Access-Control-Request-Method");
+      if (requestMethod) {
+        c.header("Access-Control-Allow-Methods", methods);
+        if (allowedHeaders) {
+          c.header("Access-Control-Allow-Headers", allowedHeaders);
+        } else {
+          const reqHeaders = c.req.header("Access-Control-Request-Headers");
+          if (reqHeaders) {
+            c.header("Access-Control-Allow-Headers", reqHeaders);
+          }
+        }
+        if (maxAge !== void 0) {
+          c.header("Access-Control-Max-Age", String(maxAge));
+        }
+        return c.text("", optionsStatus);
+      }
+    }
+    await next();
+    return void 0;
+  };
+}
+
+// src/http/middleware/Csrf.ts
+import crypto2 from "crypto";
+var defaultSafeMethods = ["GET", "HEAD", "OPTIONS"];
+function parseCookies(header) {
+  const out = {};
+  if (!header) {
+    return out;
+  }
+  for (const part of header.split(";")) {
+    const [rawKey, ...rest] = part.trim().split("=");
+    if (!rawKey) {
+      continue;
+    }
+    const key = rawKey.trim();
+    const value2 = rest.join("=");
+    out[key] = decodeURIComponent(value2);
+  }
+  return out;
+}
+function timingSafeEqual(a, b) {
+  const bufA = Buffer.from(a);
+  const bufB = Buffer.from(b);
+  if (bufA.length !== bufB.length) {
+    return false;
+  }
+  return crypto2.timingSafeEqual(bufA, bufB);
+}
+function buildCookieOptions(custom) {
+  return {
+    path: "/",
+    sameSite: "Lax",
+    httpOnly: false,
+    secure: process.env.NODE_ENV === "production",
+    ...custom
+  };
+}
+function canSetHeader(c) {
+  return typeof c.header === "function";
+}
+function setCookieHeader(c, name, value2, options) {
+  if (!canSetHeader(c)) {
+    return;
+  }
+  const parts = [`${name}=${encodeURIComponent(value2)}`];
+  if (options.maxAge !== void 0) {
+    parts.push(`Max-Age=${options.maxAge}`);
+  }
+  if (options.expires) {
+    parts.push(`Expires=${options.expires.toUTCString()}`);
+  }
+  if (options.path) {
+    parts.push(`Path=${options.path}`);
+  }
+  if (options.domain) {
+    parts.push(`Domain=${options.domain}`);
+  }
+  if (options.secure) {
+    parts.push("Secure");
+  }
+  if (options.httpOnly) {
+    parts.push("HttpOnly");
+  }
+  if (options.sameSite) {
+    parts.push(`SameSite=${options.sameSite}`);
+  }
+  c.header("Set-Cookie", parts.join("; "), { append: true });
+}
+function getCsrfToken(c, options = {}) {
+  const cookieName = options.cookieName ?? "gravito_csrf";
+  const cookieHeader = c.req.header("Cookie") || "";
+  const cookies = parseCookies(cookieHeader);
+  let token = cookies[cookieName];
+  if (!token) {
+    token = crypto2.randomBytes(32).toString("hex");
+    const cookieOptions = buildCookieOptions(options.cookie);
+    const cookieJar = c.get("cookieJar");
+    if (cookieJar?.queue) {
+      cookieJar.queue(cookieName, token, 60 * 24 * 7, cookieOptions);
+    } else if (canSetHeader(c)) {
+      setCookieHeader(c, cookieName, token, cookieOptions);
+    }
+  }
+  return token;
+}
+function csrfProtection(options = {}) {
+  const cookieName = options.cookieName ?? "gravito_csrf";
+  const headerName = (options.headerName ?? "X-CSRF-Token").toLowerCase();
+  const formFieldName = options.formFieldName ?? "_token";
+  const safeMethods = (options.safeMethods ?? defaultSafeMethods).map((m) => m.toUpperCase());
+  return async (c, next) => {
+    const method = c.req.method.toUpperCase();
+    const cookieHeader = c.req.header("Cookie") || "";
+    const cookies = parseCookies(cookieHeader);
+    const token = cookies[cookieName] || getCsrfToken(c, options);
+    if (safeMethods.includes(method)) {
+      await next();
+      return void 0;
+    }
+    const headerToken = c.req.header(headerName) || c.req.header(headerName.toLowerCase());
+    let bodyToken;
+    const contentType = c.req.header("Content-Type") || "";
+    if (contentType.includes("application/x-www-form-urlencoded") || contentType.includes("multipart/form-data")) {
+      const body = await c.req.parseBody() || {};
+      const raw = body[formFieldName];
+      if (typeof raw === "string") {
+        bodyToken = raw;
+      }
+    }
+    const requestToken = headerToken || bodyToken;
+    if (!requestToken || !timingSafeEqual(token, requestToken)) {
+      return c.text("Invalid CSRF token", 419);
+    }
+    await next();
+    return void 0;
+  };
+}
+
+// src/http/middleware/HeaderTokenGate.ts
+function createHeaderGate(options = {}) {
+  const headerName = options.headerName ?? "x-admin-token";
+  return async (c) => {
+    const expected = typeof options.token === "function" ? options.token(c) : options.token ?? process.env.ADMIN_TOKEN;
+    if (!expected) {
+      return false;
+    }
+    const provided = c.req.header(headerName);
+    return provided === expected;
+  };
+}
+function requireHeaderToken(options = {}) {
+  const gate = createHeaderGate(options);
+  const status = options.status ?? 403;
+  const message = options.message ?? "Unauthorized";
+  return async (c, next) => {
+    if (!await gate(c)) {
+      return c.text(message, status);
+    }
+    await next();
+    return void 0;
+  };
+}
+
+// src/http/middleware/SecurityHeaders.ts
+function canSetHeader2(c) {
+  return typeof c.header === "function";
+}
+function setHeader(c, name, value2) {
+  if (!canSetHeader2(c)) {
+    return;
+  }
+  c.header(name, value2);
+}
+function buildHstsHeader(options) {
+  const parts = [`max-age=${Math.max(0, options.maxAge)}`];
+  if (options.includeSubDomains) {
+    parts.push("includeSubDomains");
+  }
+  if (options.preload) {
+    parts.push("preload");
+  }
+  return parts.join("; ");
+}
+function securityHeaders(options = {}) {
+  const defaults = {
+    frameOptions: "DENY",
+    referrerPolicy: "no-referrer",
+    noSniff: true,
+    permissionsPolicy: false,
+    crossOriginOpenerPolicy: "same-origin",
+    crossOriginResourcePolicy: "same-site"
+  };
+  const merged = {
+    ...defaults,
+    ...options
+  };
+  return async (c, next) => {
+    if (merged.noSniff) {
+      setHeader(c, "X-Content-Type-Options", "nosniff");
+    }
+    if (merged.frameOptions) {
+      setHeader(c, "X-Frame-Options", merged.frameOptions);
+    }
+    if (merged.referrerPolicy) {
+      setHeader(c, "Referrer-Policy", merged.referrerPolicy);
+    }
+    if (merged.permissionsPolicy) {
+      setHeader(c, "Permissions-Policy", merged.permissionsPolicy);
+    }
+    if (merged.crossOriginOpenerPolicy) {
+      setHeader(c, "Cross-Origin-Opener-Policy", merged.crossOriginOpenerPolicy);
+    }
+    if (merged.crossOriginResourcePolicy) {
+      setHeader(c, "Cross-Origin-Resource-Policy", merged.crossOriginResourcePolicy);
+    }
+    const cspValue = typeof merged.contentSecurityPolicy === "function" ? merged.contentSecurityPolicy(c) : merged.contentSecurityPolicy;
+    if (cspValue) {
+      setHeader(c, "Content-Security-Policy", cspValue);
+    }
+    if (merged.hsts) {
+      setHeader(c, "Strict-Transport-Security", buildHstsHeader(merged.hsts));
+    }
+    await next();
+    return void 0;
+  };
+}
+
+// src/http/middleware/ThrottleRequests.ts
+var ThrottleRequests = class {
+  constructor(core) {
+    this.core = core;
+  }
+  /**
+   * Create the middleware
+   * @param maxAttempts - Max requests allowed
+   * @param decaySeconds - Time window in seconds
+   */
+  handle(maxAttempts = 60, decaySeconds = 60) {
+    return async (c, next) => {
+      const cache = c.get("cache");
+      if (!cache) {
+        this.core.logger.warn("RateLimiter: OrbitCache not found. Skipping rate limiting.");
+        await next();
+        return void 0;
+      }
+      const trustProxy = this.core.config.get("TRUST_PROXY", false);
+      const forwardedFor = c.req.header("x-forwarded-for") || "";
+      const forwardedIp = forwardedFor.split(",")[0]?.trim();
+      const ip = trustProxy ? forwardedIp || "127.0.0.1" : "127.0.0.1";
+      const key = `throttle:${ip}:${c.req.path}`;
+      const limiter = cache.limiter();
+      const result = await limiter.attempt(key, maxAttempts, decaySeconds);
+      c.header("X-RateLimit-Limit", String(maxAttempts));
+      c.header("X-RateLimit-Remaining", String(Math.max(0, result.remaining)));
+      if (result.reset) {
+        c.header("X-RateLimit-Reset", String(result.reset));
+      }
+      if (!result.allowed) {
+        c.header("Retry-After", String(decaySeconds));
+        return c.text("Too Many Requests", 429);
+      }
+      await next();
+      return void 0;
+    };
+  }
+};
+
+// src/testing/TestResponse.ts
+import { expect } from "bun:test";
+var TestResponse = class {
+  constructor(response) {
+    this.response = response;
+  }
+  _jsonData = null;
+  _textData = null;
+  /**
+   * Assert the response status code
+   */
+  assertStatus(status) {
+    expect(this.response.status).toBe(status);
+    return this;
+  }
+  /**
+   * Assert that the response has a 200 status code
+   */
+  assertOk() {
+    return this.assertStatus(200);
+  }
+  /**
+   * Assert that the response has a 201 status code
+   */
+  assertCreated() {
+    return this.assertStatus(201);
+  }
+  /**
+   * Assert that the response has a 404 status code
+   */
+  assertNotFound() {
+    return this.assertStatus(404);
+  }
+  /**
+   * Assert that the response has a 403 status code
+   */
+  assertForbidden() {
+    return this.assertStatus(403);
+  }
+  /**
+   * Assert that the response has a 401 status code
+   */
+  assertUnauthorized() {
+    return this.assertStatus(401);
+  }
+  /**
+   * Assert the response is a redirect
+   */
+  assertRedirect(uri) {
+    expect([301, 302, 303, 307, 308]).toContain(this.response.status);
+    if (uri) {
+      expect(this.response.headers.get("Location")).toBe(uri);
+    }
+    return this;
+  }
+  /**
+   * Assert that the response contains the given JSON data.
+   */
+  async assertJson(data) {
+    const json = await this.getJson();
+    expect(json).toMatchObject(data);
+    return this;
+  }
+  /**
+   * Assert that the response contains exactly the given JSON data.
+   */
+  async assertExactJson(data) {
+    const json = await this.getJson();
+    expect(json).toEqual(data);
+    return this;
+  }
+  /**
+   * Assert the structure of the JSON response.
+   */
+  async assertJsonStructure(structure) {
+    const json = await this.getJson();
+    const checkKeys = (data, struct) => {
+      for (const key in struct) {
+        if (Array.isArray(struct[key])) {
+          expect(Array.isArray(data[key])).toBe(true);
+          if (data[key].length > 0) {
+            checkKeys(data[key][0], struct[key][0]);
+          }
+        } else if (typeof struct[key] === "object") {
+          expect(typeof data[key]).toBe("object");
+          checkKeys(data[key], struct[key]);
+        } else {
+          expect(data).toHaveProperty(key);
+        }
+      }
+    };
+    checkKeys(json, structure);
+    return this;
+  }
+  /**
+   * Assert that the response contains the given string.
+   */
+  async assertSee(value2) {
+    const text = await this.getText();
+    expect(text).toContain(value2);
+    return this;
+  }
+  /**
+   * Assert that the response does not contain the given string.
+   */
+  async assertDontSee(value2) {
+    const text = await this.getText();
+    expect(text).not.toContain(value2);
+    return this;
+  }
+  /**
+   * Assert a header exists and matches value
+   */
+  assertHeader(header, value2) {
+    expect(this.response.headers.get(header)).toBe(value2);
+    return this;
+  }
+  /**
+   * Assert a header does not exist
+   */
+  assertHeaderMissing(header) {
+    expect(this.response.headers.has(header)).toBe(false);
+    return this;
+  }
+  /**
+   * Get the JSON content
+   */
+  async getJson() {
+    if (this._jsonData) {
+      return this._jsonData;
+    }
+    this._jsonData = await this.response.json();
+    return this._jsonData;
+  }
+  /**
+   * Get the text content
+   */
+  async getText() {
+    if (this._textData !== null) {
+      return this._textData;
+    }
+    this._textData = await this.response.text();
+    return this._textData;
+  }
+  /**
+   * Alias for getText for standard expectations if needed
+   */
+  get body() {
+    return this.getText();
+  }
+};
+
+// src/testing/HttpTester.ts
+var HttpTester = class {
+  constructor(core) {
+    this.core = core;
+  }
+  /**
+   * Make a GET request
+   */
+  async get(uri, headers = {}) {
+    return this.call("GET", uri, null, headers);
+  }
+  /**
+   * Make a POST request
+   */
+  async post(uri, data = null, headers = {}) {
+    return this.call("POST", uri, data, headers);
+  }
+  /**
+   * Make a PUT request
+   */
+  async put(uri, data = null, headers = {}) {
+    return this.call("PUT", uri, data, headers);
+  }
+  /**
+   * Make a PATCH request
+   */
+  async patch(uri, data = null, headers = {}) {
+    return this.call("PATCH", uri, data, headers);
+  }
+  /**
+   * Make a DELETE request
+   */
+  async delete(uri, data = null, headers = {}) {
+    return this.call("DELETE", uri, data, headers);
+  }
+  /**
+   * Core call method
+   */
+  async call(method, uri, data, headers) {
+    const url = uri.startsWith("http") ? uri : `http://localhost${uri.startsWith("/") ? "" : "/"}${uri}`;
+    let body = null;
+    const requestHeaders = { ...headers };
+    if (data) {
+      if (typeof data === "object" && !(data instanceof FormData) && !(data instanceof Blob)) {
+        body = JSON.stringify(data);
+        if (!requestHeaders["Content-Type"] && !requestHeaders["content-type"]) {
+          requestHeaders["Content-Type"] = "application/json";
+        }
+      } else {
+        body = data;
+      }
+    }
+    const request = new Request(url, {
+      method,
+      headers: requestHeaders,
+      body
+    });
+    const response = await this.core.adapter.fetch(request);
+    return new TestResponse(response);
+  }
+};
+function createHttpTester(core) {
+  return new HttpTester(core);
+}
+
+// src/index.ts
+var VERSION = package_default.version;
+function defineConfig(config2) {
+  return config2;
+}
+export {
+  Application,
+  Arr,
+  AuthenticationException,
+  AuthorizationException,
+  ConfigManager,
+  ConsoleLogger,
+  Container,
+  CookieJar,
+  DumpDieError,
+  Encrypter,
+  Event,
+  EventManager,
+  GravitoAdapter,
+  GravitoException,
+  GravitoServer,
+  HookManager,
+  HttpException,
+  HttpTester,
+  ModelNotFoundException,
+  PhotonAdapter,
+  PhotonContextWrapper,
+  PhotonRequestWrapper,
+  PlanetCore,
+  Route,
+  Router,
+  ServiceProvider,
+  Str,
+  TestResponse,
+  ThrottleRequests,
+  VERSION,
+  ValidationException,
+  abort,
+  abortIf,
+  abortUnless,
+  app,
+  blank,
+  bodySizeLimit,
+  config,
+  cors,
+  createErrorBag,
+  createGravitoAdapter,
+  createHeaderGate,
+  createHttpTester,
+  createPhotonAdapter,
+  createSqliteDatabase,
+  csrfProtection,
+  dataGet,
+  dataHas,
+  dataSet,
+  dd,
+  defineConfig,
+  dump,
+  env,
+  errors,
+  fail,
+  filled,
+  getCsrfToken,
+  getPasswordAdapter,
+  getRuntimeAdapter,
+  getRuntimeEnv,
+  hasApp,
+  isHttpAdapter,
+  jsonFail,
+  jsonSuccess,
+  logger,
+  ok,
+  old,
+  registerGlobalErrorHandlers,
+  requireHeaderToken,
+  router,
+  securityHeaders,
+  setApp,
+  tap,
+  throwIf,
+  throwUnless,
+  value
+};