@guren/server 0.2.0-alpha.7 → 1.0.0-rc.9

package/dist/index.d.ts

@@ -1,670 +1,2679 @@
+import { E as ErrorResponse, S as ServiceProvider, C as Container, c as ServiceBindings, Q as QueueManager, N as NotificationManager } from './Application-DtWDHXr1.js';
+export { A as Application, d as ApplicationListenOptions, e as AuthPayload, f as CSRF_FORM_FIELD, g as CSRF_HEADER_NAME, h as CSRF_TOKEN_KEY, P as ContainerProvider, i as ContextualBinding, j as ContextualBindingBuilder, k as ContextualNeedsBuilder, m as Controller, n as ControllerInertiaProps, o as CsrfOptions, p as DatabaseChannelOptions, q as DatabaseNotification, r as ExceptionClass, t as ExceptionHandler, u as ExceptionHandlerOptions, v as ExceptionRenderer, w as ExceptionReporter, F as FailedJob, H as HostAuthorizationOptions, x as HstsOptions, I as InertiaOptions, y as InertiaPagePayload, z as InertiaResponse, B as InertiaSharedProps, J as InertiaSsrContext, K as InertiaSsrOptions, L as InertiaSsrRenderer, M as InertiaSsrResult, O as InferInertiaProps, R as Job, T as JobClass, U as JobFailureHandler, V as JobHandler, W as JobOptions, X as Notifiable, Y as Notification, Z as NotificationAttachment, _ as NotificationChannel, $ as NotificationChannelFactory, a0 as NotificationClass, a1 as NotificationMailMessage, a2 as NotificationManagerOptions, a3 as ProviderManager, a4 as QueueConfig, a5 as QueueDriver, a6 as QueueDriverFactory, a7 as QueuedJob, a8 as RendererRegistration, a9 as ResolvedSharedInertiaProps, aa as ResourceRouteOptions, ab as RouteBuilder, ac as RouteContractOptions, ad as RouteDefinition, ae as RouteOpenApiMetadata, af as RouteResourceAction, ag as Router, ah as SecurityHeadersOptions, ai as SentNotification, aj as ServiceBinding, ak as ServiceClass, al as ServiceFactory, am as ServiceProviderClass, an as ServiceProviderConstructor, ao as ServiceProviderOptions, ap as SharedInertiaPropsResolver, aq as SlackAttachment, ar as SlackBlock, as as SlackMessage, at as VALIDATED_DATA_KEY, au as ValidateRequestOptions, av as ValidationSchema, aw as WorkerOptions, ax as abort, ay as abortIf, az as abortUnless, aA as clearJobRegistry, aB as createApp, aC as createContainer, aD as createCsrfMiddleware, aE as createExceptionHandler, aF as createHostAuthorizationMiddleware, aG as createNotificationManager, aH as createQueueManager, aI as createSecurityHeaders, aJ as csrfField, aK as formatValidationErrors, aL as getContainer, aM as getCsrfToken, aN as getExceptionHandler, aO as getJob, aP as getNotificationManager, aQ as getQueueDriver, aR as getRegisteredJobs, aS as getValidatedData, aT as inertia, aU as parseRequestPayload, aV as registerJob, aW as resolve, aX as setContainer, aY as setExceptionHandler, aZ as setInertiaSharedProps, a_ as setNotificationManager, a$ as setQueueDriver, b0 as validate, b1 as validateRequest, b2 as validateRequestWith, b3 as validateSafe, b4 as verifyCsrfToken } from './Application-DtWDHXr1.js';
 import * as hono from 'hono';
-import { MiddlewareHandler, Context, Hono, ExecutionContext } from 'hono';
+import { Context, MiddlewareHandler } from 'hono';
 export { Context } from 'hono';
-import { InlineConfig, ViteDevServer } from 'vite';
-export { GurenVitePluginOptions, default as gurenVitePlugin } from './vite/index.js';
-
-interface InertiaOptions {
-    readonly url?: string;
-    readonly version?: string;
-    readonly status?: number;
-    readonly headers?: HeadersInit;
-    readonly request?: Request;
-    readonly title?: string;
-    readonly entry?: string;
-    readonly importMap?: Record<string, string>;
-    readonly styles?: string[];
-    readonly ssr?: InertiaSsrOptions;
-}
-interface InertiaPagePayload {
-    component: string;
-    props: Record<string, unknown>;
-    url: string;
-    version?: string;
-}
-interface InertiaSsrContext {
-    page: InertiaPagePayload;
-    request?: Request;
-    manifest?: string;
-}
-interface InertiaSsrResult {
-    head: string[];
-    body: string;
-}
-type InertiaSsrRenderer = (context: InertiaSsrContext) => Promise<InertiaSsrResult> | InertiaSsrResult;
-interface InertiaSsrOptions {
-    enabled?: boolean;
-    entry?: string;
-    manifest?: string;
-    render?: InertiaSsrRenderer;
-}
-declare function inertia(component: string, props: Record<string, unknown>, options?: InertiaOptions): Promise<Response>;
-
-type SessionData = Record<string, unknown>;
-interface SessionStore {
-    read(id: string): Promise<SessionData | undefined>;
-    write(id: string, data: SessionData, ttlSeconds: number): Promise<void>;
-    destroy(id: string): Promise<void>;
-}
-declare class MemorySessionStore implements SessionStore {
-    private readonly now;
-    private readonly store;
-    constructor(now?: () => number);
-    read(id: string): Promise<SessionData | undefined>;
-    write(id: string, data: SessionData, ttlSeconds: number): Promise<void>;
-    destroy(id: string): Promise<void>;
-}
-interface SessionOptions {
-    cookieName?: string;
-    cookiePath?: string;
-    cookieDomain?: string;
-    cookieSecure?: boolean;
-    cookieSameSite?: 'Strict' | 'Lax' | 'None';
-    cookieHttpOnly?: boolean;
-    cookieMaxAgeSeconds?: number;
-    ttlSeconds?: number;
-    store?: SessionStore;
-}
-interface Session {
-    readonly id: string;
-    readonly isNew: boolean;
-    get<T = unknown>(key: string): T | undefined;
-    set<T = unknown>(key: string, value: T): void;
-    has(key: string): boolean;
-    forget(key: string): void;
-    flush(): void;
-    all(): SessionData;
-    regenerate(): void;
-    invalidate(): void;
-}
-interface CreateSessionMiddlewareOptions extends SessionOptions {
-}
-declare function createSessionMiddleware(options?: CreateSessionMiddlewareOptions): MiddlewareHandler;
-declare function getSessionFromContext<T extends Session = Session>(ctx: {
-    get: (key: string) => unknown;
-}): T | undefined;
+import { a as AuthContext } from './api-token-JOif2CtG.js';
+export { c as API_TOKEN_KEY, b as ApiToken, d as ApiTokenStore, e as AuthCredentials, A as AuthManager, f as AuthManagerOptions, g as Authenticatable, B as BaseUserProvider, h as BearerTokenMiddlewareOptions, i as CreateApiTokenOptions, j as CreateApiTokenResult, G as Guard, k as GuardContext, l as GuardFactory, M as MemoryApiTokenStore, m as MemoryOAuthStateStore, n as MemorySessionStore, o as ModelUserProvider, p as OAuthAuthorizeOptions, q as OAuthCallbackPayload, O as OAuthManager, r as OAuthManagerOptions, s as OAuthProviderConfig, t as OAuthProviderFactoryInput, u as OAuthStateConfig, v as OAuthStatePayload, w as OAuthStateStore, x as OAuthTokenResult, y as OAuthUserProfile, P as ProviderFactory, S as Session, z as SessionData, D as SessionStore, U as UserProvider, E as buildOAuthAuthorizeUrl, F as buildOAuthRedirectUrl, H as createApiToken, I as createBearerTokenMiddleware, J as createDiscordOAuthProviderConfig, K as createGitHubOAuthProviderConfig, L as createGoogleOAuthProviderConfig, N as createOAuthManager, Q as createOAuthState, R as createSessionMiddleware, T as exchangeOAuthCode, V as fetchOAuthUserProfile, W as getApiToken, X as getApiTokenOrFail, Y as getSessionFromContext, Z as getUserApiTokens, _ as parseApiToken, $ as parseOAuthRedirectUrl, a0 as revokeAllApiTokens, a1 as revokeApiToken, a2 as tokenCan, a3 as tokenCanAll, a4 as tokenCanAny, a5 as verifyApiToken, a6 as verifyOAuthState } from './api-token-JOif2CtG.js';
+export { AuthenticatableModel, EmailVerificationConfig, EmailVerificationToken, EmailVerificationTokenResult, EmailVerificationTokenStore, ScryptHasher as Hash, MemoryEmailVerificationStore, MemoryPasswordResetStore, NodeHasher, PasswordResetConfig, PasswordResetTokenResult, PasswordResetTokenStore, ScryptHasher, SessionGuard, buildPasswordResetUrl, buildVerificationUrl, completeEmailVerification, completePasswordReset, createEmailVerificationToken, createPasswordResetToken, isEmailVerified, parsePasswordResetUrl, parseVerificationUrl, requireVerifiedEmail, verifyEmailToken, verifyPasswordResetToken } from './auth/index.js';
+export { M as Middleware, d as defineMiddleware, j as jsonResponse } from './index-9_Jzj5jo.js';
+import { E as EventManager } from './EventManager-CmIoLt7r.js';
+export { a as Event, b as EventClass, c as EventListener, d as EventSubscription, L as ListenerOptions, R as RegisteredListener, e as createEventManager } from './EventManager-CmIoLt7r.js';
+export { ApplicationShutdown, ApplicationStarted, JobFailed, JobProcessed, Listener, ListenerClass, RequestFinished, RequestReceived, UserAuthenticated, UserLoggedOut } from './events/index.js';
+export { FailedJobHandler, FailedJobInfo, FailedJobReporter, MemoryDriver, RedisDriver, RedisDriverOptions, SqsDriver, Worker, WorkerEvents, createSqsAdapter, processJob } from './queue/index.js';
+import { M as MailManager } from './MailManager-DpMvYiP9.js';
+export { a as MailAddress, b as MailAttachment, c as MailConfig, d as MailMessage, e as MailTransport, f as MailTransportConfig, g as MailTransportFactory, h as MemoryTransportOptions, R as ResendTransportOptions, S as SendResult, i as SmtpTransportOptions, j as createMailManager } from './MailManager-DpMvYiP9.js';
+export { Mail, MemoryTransport, ResendTransport, SmtpTransport, getMailManager, mail, setMailManager } from './mail/index.js';
+import { C as CacheManager } from './CacheManager-BkvHEOZX.js';
+export { a as CacheConfig, b as CacheStore, c as CacheStoreFactory, d as createCacheManager } from './CacheManager-BkvHEOZX.js';
+export { FileStore as FileCacheStore, MemoryStore as MemoryCacheStore, RedisStore as RedisCacheStore, TaggedCache } from './cache/index.js';
+import { S as StorageManager } from './StorageManager-oZTHqaza.js';
+export { D as DiskConfig, F as FileMetadata, P as PutOptions, a as StorageConfig, b as StorageDriver, c as StorageDriverFactory, d as createStorageManager } from './StorageManager-oZTHqaza.js';
+export { LocalDriver as LocalStorageDriver, MemoryDriver as MemoryStorageDriver, S3Driver } from './storage/index.js';
+import { S as Scheduler } from './Scheduler-BstvSca7.js';
+export { P as ParsedCron, a as PendingSchedule, b as Schedule, J as ScheduledJobClass, c as ScheduledTask, d as SchedulerOptions, T as TaskCallback, e as TaskDefinition, f as createScheduler } from './Scheduler-BstvSca7.js';
+export { getNextOccurrence, getNextOccurrences, isDue, isDueInTimezone, matchesCron, parseCron, toTimezone } from './scheduling/index.js';
+import { L as LogManager } from './LogManager-7mxnkaPM.js';
+export { C as ConsoleChannelConfig, D as DailyFileChannelConfig, F as FileChannelConfig, a as LOG_LEVEL_PRIORITY, b as LogChannel, c as LogChannelConfig, d as LogChannelFactory, e as LogConfig, f as LogContext, g as LogEntry, h as LogFormatter, i as LogLevel, j as Logger, k as LoggerOptions, S as StackChannelConfig, l as createLogManager, m as filterSensitiveData, n as getLogManager, s as setLogManager } from './LogManager-7mxnkaPM.js';
+export { ConsoleChannel, DailyFileChannel, FileChannel } from './logging/index.js';
+import { I as I18nManager } from './I18nManager-Dtgzsf5n.js';
+export { a as I18nConfig, P as PluralizationRule, R as ReplacementValues, T as TranslationLoader, b as TranslationLoaderFactory, c as TranslationMessages, d as Translator, e as TranslatorOptions, f as createI18n, g as getI18n, s as setI18n, t, h as tc } from './I18nManager-Dtgzsf5n.js';
+export { JsonLoader, MemoryLoader, getPluralizationRule, pluralizationRules, selectPluralForm } from './i18n/index.js';
+export { C as CheckResult, a as HealthCheck, b as HealthCheckOptions, H as HealthManager, c as HealthMiddlewareOptions, d as HealthReport, e as HealthStatus, f as createHealthManager } from './HealthManager-DUyMIzsZ.js';
+export { CacheCheck, CacheCheckOptions, CacheStoreInterface, CustomCheck, CustomCheckCallback, DatabaseCheck, DatabaseCheckOptions, DatabaseConnection, MemoryCheck, MemoryCheckOptions, RedisCheck, RedisCheckOptions, RedisClient, StorageCheck, StorageCheckOptions, StorageDriverInterface, customCheck } from './health/index.js';
+export { DatabaseChannel, MailChannel, MailChannelOptions, MemoryChannel, SlackChannel, SlackChannelOptions } from './notifications/index.js';
+import { B as BroadcastManager } from './BroadcastManager-AkIWUGJo.js';
+export { A as AuthMiddlewareOptions, a as BroadcastDriver, b as BroadcastDriverFactory, c as BroadcastEvent, d as BroadcastManagerOptions, e as BroadcastableEvent, C as Channel, f as ChannelAuthorizer, g as ChannelRegistration, P as PresenceBroadcastDriver, h as PresenceChannel, i as PresenceChannelAuthorizer, j as PresenceMember, k as PrivateChannel, S as SSEClient, l as SSEMiddlewareOptions, W as WebSocketClient, m as createBroadcastManager, n as getBroadcastManager, s as setBroadcastManager } from './BroadcastManager-AkIWUGJo.js';
+export { RedisClient as BroadcastRedisClient, RedisDriverOptions as BroadcastRedisDriverOptions, MemoryDriver as MemoryBroadcastDriver, RedisDriver as RedisBroadcastDriver, createTypedBroadcaster } from './broadcasting/index.js';
+import { I as InputInterface, P as ParsedSignature, O as OptionDefinition, a as CommandInstance, b as OutputInterface } from './ConsoleKernel-CqCVrdZs.js';
+export { A as ArgumentDefinition, c as CommandClass, C as ConsoleKernel, d as ConsoleKernelOptions, e as ProgressInterface, f as PromptInterface, S as ScheduledCommand, g as createConsoleKernel } from './ConsoleKernel-CqCVrdZs.js';
+import * as readline from 'readline';
+export { R as AuthResponse, A as AuthUser, a as AuthorizationResponse, b as AuthorizeOptions, G as Gate, c as GateCallback, d as GateDefinition, e as GateOptions, P as PolicyClass, f as PolicyInterface, g as PolicyMethod, h as PolicyRegistration, i as ResourceAction, j as ResponseBuilder, k as authorizeAbility, l as can, m as cannot, n as createGate, o as defineGate, p as getGate, s as setGate } from './Gate-CNkBYf8m.js';
+export { AuthorizedContext, Policy, authorizeAllMiddleware, authorizeMiddleware, authorizeResourceMiddleware, definePolicy, withAuthorization } from './authorization/index.js';
+export { A as AppKeyring, D as DecryptOptions, a as EncryptOptions, b as EncryptedPayload, E as Encrypter, c as EncrypterConfig, H as HashAlgorithm, d as HmacOptions, P as PasswordHashOptions, R as RandomStringOptions, e as createEncrypter, f as decrypt, g as deriveAppKey, h as deriveAppKeyring, i as encrypt, j as generateAppKey, k as generateKey, l as getAppKeyringFromEnv, m as getEncrypter, n as normalizeAppKey, p as parseAppKey, o as parsePreviousAppKeys, s as setEncrypter } from './app-key-CsBfRC_Q.js';
+export { MessageSigner, SignMessageOptions, SignedMessageClaims, SignedUrlOptions, VerifySignedMessageOptions, VerifySignedUrlOptions, check as checkHash, generateOtp, generatePassword, generateSlug, hash, hashPassword, hmac, md5, needsRehash, pick, random, randomBase64, randomBase64Url, randomHex, randomInt, randomString, sample, secureCompare, sha256, sha512, shuffle, signUrl, urlSafeToken, uuid, verifyHmac, verifyPassword, verifySignedUrl } from './encryption/index.js';
+import Redis, { RedisOptions } from 'ioredis';
+import 'vite';
 
 interface RequireAuthOptions {
     redirectTo?: string;
     status?: number;
     responseFactory?: () => Response;
 }
+declare const AUTH_CONTEXT_KEY = "guren:auth";
 declare function attachAuthContext(contextFactory: (ctx: Context) => AuthContext): MiddlewareHandler;
 declare function requireAuthenticated(options?: RequireAuthOptions): MiddlewareHandler;
 declare function requireGuest(options?: RequireAuthOptions): MiddlewareHandler;
 
-type Middleware = MiddlewareHandler;
-declare function defineMiddleware(handler: MiddlewareHandler): MiddlewareHandler;
-
-type AuthCredentials = Record<string, unknown>;
-interface Authenticatable {
-    getAuthIdentifier(): unknown;
-    getAuthPassword(): string | null | undefined;
-    getRememberToken?(): string | null | undefined;
-    setRememberToken?(token: string | null): void | Promise<void>;
-}
-interface Guard<User = Authenticatable> {
-    check(): Promise<boolean>;
-    guest(): Promise<boolean>;
-    user<T = User>(): Promise<T | null>;
-    id(): Promise<unknown>;
-    login<T = User>(user: T, remember?: boolean): Promise<void>;
-    logout(): Promise<void>;
-    attempt(credentials: AuthCredentials, remember?: boolean): Promise<boolean>;
-    validate(credentials: AuthCredentials): Promise<User | null>;
-    session<T extends Session = Session>(): T | undefined;
-}
-interface UserProvider<User = Authenticatable> {
-    retrieveById(identifier: unknown): Promise<User | null>;
-    retrieveByCredentials(credentials: AuthCredentials): Promise<User | null>;
-    validateCredentials(user: User, credentials: AuthCredentials): Promise<boolean>;
-    getId(user: User): unknown;
-    setRememberToken?(user: User, token: string | null): Promise<void> | void;
-    getRememberToken?(user: User): Promise<string | null> | string | null;
-}
-interface GuardContext {
-    ctx: Context;
-    session: Session | undefined;
-    manager: AuthManagerContract;
-}
-type GuardFactory<User = Authenticatable> = (context: GuardContext) => Guard<User>;
-interface ProviderFactory<User = Authenticatable> {
-    (manager: AuthManagerContract): UserProvider<User>;
-}
-interface AuthManagerOptions {
-    defaultGuard?: string;
-}
-interface AttachContextOptions {
-    guard?: string;
-}
-interface AuthContext<User = Authenticatable> {
-    check(): Promise<boolean>;
-    guest(): Promise<boolean>;
-    user<T = User>(): Promise<T | null>;
-    id(): Promise<unknown>;
-    login<T = User>(user: T, remember?: boolean): Promise<void>;
-    attempt(credentials: AuthCredentials, remember?: boolean): Promise<boolean>;
-    logout(): Promise<void>;
-    guard<T = User>(name?: string): Guard<T>;
-    session<T extends Session = Session>(): T | undefined;
-}
-interface AuthManagerContract {
-    registerGuard<User = Authenticatable>(name: string, factory: GuardFactory<User>): void;
-    registerProvider<User = Authenticatable>(name: string, factory: ProviderFactory<User>): void;
-    getProvider<User = Authenticatable>(name: string): UserProvider<User>;
-    createGuard<User = Authenticatable>(name: string, context: GuardContext): Guard<User>;
-    guardNames(): string[];
-    setDefaultGuard(name: string): void;
-    getDefaultGuard(): string;
-    createAuthContext(ctx: Context, options?: AttachContextOptions): AuthContext;
-}
-
-declare class AuthManager implements AuthManagerContract {
-    private readonly guards;
-    private readonly providers;
-    private defaultGuard;
-    constructor(options?: AuthManagerOptions);
-    registerGuard<User>(name: string, factory: GuardFactory<User>): void;
-    registerProvider<User>(name: string, factory: ProviderFactory<User>): void;
-    getProvider<User>(name: string): UserProvider<User>;
-    createGuard<User>(name: string, context: GuardContext): Guard<User>;
-    guardNames(): string[];
-    setDefaultGuard(name: string): void;
-    getDefaultGuard(): string;
-    createAuthContext(ctx: Context, options?: AttachContextOptions): AuthContext;
-    attempt(name: string, ctx: Context, credentials: AuthCredentials, remember?: boolean): Promise<boolean>;
-}
-
-interface SessionGuardOptions {
-    provider: UserProvider;
-    sessionKey?: string;
-    rememberSessionKey?: string;
-    session: Session | undefined;
-}
-declare class SessionGuard<User extends Authenticatable = Authenticatable> implements Guard<User> {
-    private readonly options;
-    private cachedUser;
-    constructor(options: SessionGuardOptions);
-    private get currentSession();
-    private get provider();
-    private sessionKey;
-    private rememberSessionKey;
-    private loadRememberedUser;
-    private resolveUser;
-    check(): Promise<boolean>;
-    guest(): Promise<boolean>;
-    user<T = User>(): Promise<T | null>;
-    id(): Promise<unknown>;
-    private remember;
-    login<T = User>(user: T, remember?: boolean): Promise<void>;
-    logout(): Promise<void>;
-    attempt(credentials: AuthCredentials, remember?: boolean): Promise<boolean>;
-    validate(credentials: AuthCredentials): Promise<User | null>;
-    session<T extends Session = Session>(): T | undefined;
-}
-
-declare abstract class BaseUserProvider<User extends Authenticatable = Authenticatable> implements UserProvider<User> {
-    abstract retrieveById(identifier: unknown): Promise<User | null>;
-    abstract retrieveByCredentials(credentials: AuthCredentials): Promise<User | null>;
-    abstract validateCredentials(user: User, credentials: AuthCredentials): Promise<boolean>;
-    abstract getId(user: User): unknown;
-    setRememberToken(user: User, token: string | null): Promise<void>;
-    getRememberToken(user: User): Promise<string | null>;
-}
-
-type PlainObject = Record<string, unknown>;
-type RelationShape = Record<string, unknown>;
-type WhereValue<Value> = Value | readonly Value[] | null;
-type WhereClause<TRecord extends PlainObject = PlainObject> = Partial<{
-    [K in keyof TRecord & string]?: WhereValue<TRecord[K]>;
-}>;
-type OrderDirection = 'asc' | 'desc';
-type OrderDefinition<TRecord extends PlainObject = PlainObject> = {
-    column: keyof TRecord & string;
-    direction: OrderDirection;
-};
-type OrderExpression<TRecord extends PlainObject = PlainObject> = (keyof TRecord & string) | readonly [keyof TRecord & string, OrderDirection] | {
-    column: keyof TRecord & string;
-    direction?: OrderDirection;
-};
-type OrderByInput<TRecord extends PlainObject = PlainObject> = OrderExpression<TRecord> | readonly OrderExpression<TRecord>[];
-type OrderByClause<TRecord extends PlainObject = PlainObject> = readonly OrderDefinition<TRecord>[];
-interface FindManyOptions<TRecord extends PlainObject = PlainObject> {
-    where?: WhereClause<TRecord>;
-    orderBy?: OrderByClause<TRecord>;
-    limit?: number;
-    offset?: number;
+/**
+ * Rate limit entry stored in the backing store.
+ */
+interface RateLimitEntry {
+    count: number;
+    resetAt: number;
 }
-interface PaginateOptions<TRecord extends PlainObject = PlainObject> {
-    page?: number;
-    perPage?: number;
-    where?: WhereClause<TRecord>;
-    orderBy?: OrderByInput<TRecord>;
+/**
+ * Store interface for rate limit data.
+ * Implement this for Redis or database-backed storage.
+ */
+interface RateLimitStore {
+    /**
+     * Get the current rate limit entry for a key.
+     */
+    get(key: string): Promise<RateLimitEntry | null>;
+    /**
+     * Increment the count for a key and return the new entry.
+     * If the key doesn't exist, create it with count=1.
+     */
+    increment(key: string, windowMs: number): Promise<RateLimitEntry>;
+    /**
+     * Reset the count for a key.
+     */
+    reset(key: string): Promise<void>;
 }
-interface PaginationMeta {
-    total: number;
-    perPage: number;
-    currentPage: number;
-    totalPages: number;
-    hasMore: boolean;
-    from: number;
-    to: number;
+/**
+ * Base class for in-memory rate limit stores with automatic cleanup.
+ */
+declare abstract class BaseMemoryStore implements RateLimitStore {
+    protected cleanupInterval?: ReturnType<typeof setInterval>;
+    constructor(cleanupIntervalMs?: number);
+    abstract get(key: string): Promise<RateLimitEntry | null>;
+    abstract increment(key: string, windowMs: number): Promise<RateLimitEntry>;
+    abstract reset(key: string): Promise<void>;
+    abstract cleanup(): void;
+    abstract clear(): void;
+    abstract get size(): number;
+    destroy(): void;
 }
-interface PaginatedResult<TRecord extends PlainObject = PlainObject> {
-    data: TRecord[];
-    meta: PaginationMeta;
+/**
+ * In-memory rate limit store.
+ * Suitable for single-process development, not for production clusters.
+ */
+declare class MemoryRateLimitStore extends BaseMemoryStore {
+    private entries;
+    get(key: string): Promise<RateLimitEntry | null>;
+    increment(key: string, windowMs: number): Promise<RateLimitEntry>;
+    reset(key: string): Promise<void>;
+    cleanup(): void;
+    clear(): void;
+    get size(): number;
 }
-interface ORMAdapter {
-    findMany<TRecord extends PlainObject = PlainObject>(table: unknown, options?: FindManyOptions<TRecord>): Promise<TRecord[]>;
-    findUnique<TRecord extends PlainObject = PlainObject>(table: unknown, where: WhereClause<TRecord>): Promise<TRecord | null>;
-    create<TRecord extends PlainObject = PlainObject>(table: unknown, data: PlainObject): Promise<TRecord>;
-    update?<TRecord extends PlainObject = PlainObject>(table: unknown, where: WhereClause<TRecord>, data: PlainObject): Promise<TRecord>;
-    delete?<TRecord extends PlainObject = PlainObject>(table: unknown, where: WhereClause<TRecord>): Promise<number | PlainObject | void>;
-    count?<TRecord extends PlainObject = PlainObject>(table: unknown, where?: WhereClause<TRecord>): Promise<number>;
-}
-/**
- * Minimal ActiveRecord-like wrapper around the configured ORM adapter. The API
- * mirrors a subset of Laravel's Eloquent helpers and can be expanded over time.
- */
-declare abstract class Model<TRecord extends PlainObject = PlainObject> {
-    protected static ormAdapter: ORMAdapter;
-    protected static table: unknown;
-    static readonly recordType: unknown;
-    protected static relationDefinitions?: Map<string, RelationDefinition>;
-    static relationTypes: RelationShape;
-    static useAdapter(adapter: ORMAdapter): void;
-    static getAdapter(): ORMAdapter;
-    protected static preparePersistencePayload(data: PlainObject): Promise<PlainObject>;
-    protected static getRelationDefinitions(): Map<string, RelationDefinition>;
-    protected static getRelationDefinition(name: string): RelationDefinition | undefined;
-    protected static resolveTable(): unknown;
-    static all<T extends typeof Model>(this: T): Promise<Array<TRecordFor<T>>>;
-    static find<T extends typeof Model>(this: T, id: unknown, key?: string): Promise<TRecordFor<T> | null>;
-    static where<T extends typeof Model>(this: T, where: WhereClauseFor<T>): Promise<TRecordFor<T>[]>;
-    static hasMany<This extends typeof Model, Related extends typeof Model, ForeignKey extends keyof TRecordFor<Related> & string, LocalKey extends keyof TRecordFor<This> & string, Name extends RelationKeyOrString<This>>(this: This, name: Name, related: Related, foreignKey: ForeignKey, localKey: LocalKey): void;
-    static belongsTo<This extends typeof Model, Related extends typeof Model, ForeignKey extends keyof TRecordFor<This> & string, OwnerKey extends keyof TRecordFor<Related> & string, Name extends RelationKeyOrString<This>>(this: This, name: Name, related: Related, foreignKey: ForeignKey, ownerKey: OwnerKey): void;
-    static orderBy<T extends typeof Model>(this: T, order: OrderByInput<TRecordFor<T>>, where?: WhereClauseFor<T>): Promise<TRecordFor<T>[]>;
-    static paginate<T extends typeof Model>(this: T, options?: PaginateOptions<TRecordFor<T>>): Promise<PaginatedResult<TRecordFor<T>>>;
-    static withPaginate<T extends typeof Model, K extends RelationKey<T>>(this: T, relations: K | readonly K[], options?: PaginateOptions<TRecordFor<T>>): Promise<PaginatedResult<TRecordFor<T> & RelationTypePick<T, K | readonly K[]>>>;
-    static create<T extends typeof Model>(this: T, data: PlainObject): Promise<TRecordFor<T>>;
-    static update<T extends typeof Model>(this: T, where: WhereClauseFor<T>, data: PlainObject): Promise<TRecordFor<T>>;
-    static delete<T extends typeof Model>(this: T, where: WhereClauseFor<T>): Promise<number | PlainObject | void>;
-    static with<T extends typeof Model, K extends RelationKey<T>>(this: T, relations: K | readonly K[], where?: WhereClauseFor<T>): Promise<Array<TRecordFor<T> & RelationTypePick<T, K | readonly K[]>>>;
-    protected static loadRelationInto<T extends typeof Model>(this: T, records: Array<PlainObject>, relationName: string): Promise<void>;
-    protected static loadHasMany(records: Array<PlainObject>, definition: HasManyRelationDefinition): Promise<void>;
-    protected static loadBelongsTo(records: Array<PlainObject>, definition: BelongsToRelationDefinition): Promise<void>;
-}
-type TRecordFor<T extends typeof Model> = T extends {
-    recordType: infer R;
-} ? R extends PlainObject ? R : PlainObject : PlainObject;
-type WhereClauseFor<T extends typeof Model> = WhereClause<TRecordFor<T>>;
-type RelationTypesFor<T extends typeof Model> = T extends {
-    relationTypes: infer R;
-} ? R extends RelationShape ? R : {} : {};
-type RelationKey<T extends typeof Model> = keyof RelationTypesFor<T> & string;
-type RelationKeyOrString<T extends typeof Model> = RelationKey<T> extends never ? string : RelationKey<T>;
-type RelationNameUnion<Names> = Names extends readonly (infer Items)[] ? Items : Names;
-type RelationTypePick<T extends typeof Model, Names> = RelationNameUnion<Names> extends infer Keys ? Keys extends string ? {
-    [K in Keys & keyof RelationTypesFor<T>]: RelationTypesFor<T>[K];
-} : {} : {};
-interface BaseRelationDefinition {
-    type: 'hasMany' | 'belongsTo';
-    name: string;
-    related: typeof Model;
-}
-interface HasManyRelationDefinition extends BaseRelationDefinition {
-    type: 'hasMany';
-    foreignKey: string;
-    localKey: string;
-}
-interface BelongsToRelationDefinition extends BaseRelationDefinition {
-    type: 'belongsTo';
-    foreignKey: string;
-    ownerKey: string;
-}
-type RelationDefinition = HasManyRelationDefinition | BelongsToRelationDefinition;
-
-interface PasswordHasher {
-    hash(plain: string): Promise<string>;
-    verify(hashed: string, plain: string): Promise<boolean>;
-    needsRehash?(hashed: string): boolean;
-}
-
-interface ModelUserProviderOptions {
-    idColumn?: string;
-    usernameColumn?: string;
-    passwordColumn?: string;
-    rememberTokenColumn?: string;
-    hasher?: PasswordHasher;
-    credentialsPasswordField?: string;
-}
-declare class ModelUserProvider<User extends Authenticatable = Authenticatable> extends BaseUserProvider<User> {
-    private readonly model;
-    private readonly idColumn;
-    private readonly usernameColumn;
-    private readonly passwordColumn;
-    private readonly rememberTokenColumn;
-    private readonly hasher;
-    private readonly credentialsPasswordField;
-    constructor(model: typeof Model, options?: ModelUserProviderOptions);
-    private cast;
-    retrieveById(identifier: unknown): Promise<User | null>;
-    retrieveByCredentials(credentials: AuthCredentials): Promise<User | null>;
-    validateCredentials(user: User, credentials: AuthCredentials): Promise<boolean>;
-    getId(user: User): unknown;
-    setRememberToken(user: User, token: string | null): Promise<void>;
-    getRememberToken(user: User): Promise<string | null>;
-}
-
-type Argon2Algorithm = 'argon2id' | 'argon2i' | 'argon2d';
-type SupportedAlgorithm = Argon2Algorithm | 'bcrypt';
-interface BunPasswordHasherOptions {
-    /**
-     * Hashing algorithm to use. Defaults to Bun's Argon2id implementation.
-     */
-    algorithm?: SupportedAlgorithm;
-    /** Argon2 memory cost (in kibibytes). */
-    memoryCost?: number;
-    /** Argon2 time cost (number of iterations). */
-    timeCost?: number;
-    /** Bcrypt cost factor (log rounds). */
-    cost?: number;
-}
-declare class ScryptHasher implements PasswordHasher {
-    private readonly algorithm;
-    private readonly memoryCost?;
-    private readonly timeCost?;
-    private readonly cost?;
-    constructor(options?: BunPasswordHasherOptions);
-    hash(plain: string): Promise<string>;
-    verify(hashed: string, plain: string): Promise<boolean>;
-    needsRehash(hashed: string): boolean;
-}
-
-declare abstract class AuthenticatableModel<TRecord extends PlainObject = PlainObject> extends Model<TRecord> {
-    protected static passwordField: string;
-    protected static passwordHashField: string;
-    protected static passwordHasher: PasswordHasher | null;
-    protected static resolvePasswordField(): string;
-    protected static resolvePasswordHashField(): string;
-    protected static resolvePasswordHasher(): PasswordHasher;
-    protected static preparePersistencePayload(data: PlainObject): Promise<PlainObject>;
-}
-
-type DefaultInertiaProps = Record<string, unknown>;
-type InertiaResponseMarker<Component extends string, Props extends DefaultInertiaProps> = {
-    readonly __gurenInertia?: {
-        readonly component: Component;
-        readonly props: Props;
-    };
-};
-type InertiaResponse<Component extends string, Props extends DefaultInertiaProps> = Response & InertiaResponseMarker<Component, Props>;
-type InferInertiaProps<T> = [T] extends [InertiaResponse<string, infer Props>] ? Props : [T] extends [Promise<infer Awaited>] ? InferInertiaProps<Awaited> : DefaultInertiaProps;
-type ControllerInertiaProps<TController extends Controller, TAction extends keyof TController> = TController[TAction] extends (...args: any[]) => infer TResult ? InferInertiaProps<Awaited<TResult>> : DefaultInertiaProps;
-interface RedirectOptions {
-    status?: number;
-    headers?: HeadersInit;
+/**
+ * Configuration options for rate limiting.
+ */
+interface RateLimitOptions {
+    /**
+     * Maximum number of requests allowed in the time window.
+     * @default 100
+     */
+    limit?: number;
+    /**
+     * Time window in milliseconds.
+     * @default 60000 (1 minute)
+     */
+    windowMs?: number;
+    /**
+     * Function to extract the rate limit key from the request.
+     * Defaults to using the client IP address.
+     */
+    keyGenerator?: (ctx: Context) => string | Promise<string>;
+    /**
+     * Rate limit store implementation.
+     * Defaults to in-memory store.
+     */
+    store?: RateLimitStore;
+    /**
+     * Whether to skip rate limiting for certain requests.
+     */
+    skip?: (ctx: Context) => boolean | Promise<boolean>;
+    /**
+     * Custom handler when rate limit is exceeded.
+     */
+    onRateLimited?: (ctx: Context, retryAfter: number) => Response | Promise<Response>;
+    /**
+     * Whether to add rate limit headers to all responses.
+     * @default true
+     */
+    headers?: boolean;
+    /**
+     * Custom message when rate limit is exceeded.
+     * @default 'Too many requests, please try again later.'
+     */
+    message?: string;
+    /**
+     * HTTP status code when rate limit is exceeded.
+     * @default 429
+     */
+    statusCode?: number;
+    /**
+     * Prefix for rate limit keys.
+     * @default 'rl:'
+     */
+    keyPrefix?: string;
 }
-type InertiaResponseOptions = Omit<InertiaOptions, 'url' | 'request'> & {
-    url?: string;
-};
 /**
- * Base controller inspired by Laravel's expressive API. Subclasses can access
- * the current Hono context through the protected `ctx` getter and rely on the
- * helper response builders for common patterns.
- */
-declare class Controller {
-    private context?;
-    setContext(context: Context): void;
-    protected get ctx(): Context;
-    protected get request(): hono.HonoRequest<any, unknown>;
-    protected get auth(): AuthContext;
-    protected inertia<Component extends string, Props extends DefaultInertiaProps>(component: Component, props: Props, options?: InertiaResponseOptions): Promise<InertiaResponse<Component, Props>>;
-    protected json<T>(data: T, init?: ResponseInit): Response;
-    protected text(body: string, init?: ResponseInit): Response;
-    protected redirect(url: string, options?: RedirectOptions): Response;
-}
-
-type ControllerConstructor<T extends Controller = Controller> = new () => T;
-type ControllerMethod<T extends Controller> = {
-    [K in keyof T]: T[K] extends (...args: any[]) => any ? K : never;
-}[keyof T] & string;
-type ControllerMethodFor<C extends ControllerConstructor> = ControllerMethod<InstanceType<C>>;
-type ControllerAction<C extends ControllerConstructor = ControllerConstructor> = [C, ControllerMethodFor<C>];
-type RouteResult = Response | string | number | boolean | Record<string, unknown> | Array<unknown> | null | void;
-type RouteHandler<C extends ControllerConstructor = ControllerConstructor> = ((c: Context) => RouteResult | Promise<RouteResult>) | ControllerAction<C>;
-interface RouteDefinition {
-    method: string;
-    path: string;
-    name?: string;
-}
-/**
- * Route registry stores Laravel-style route declarations and eagerly mounts
- * them onto a Hono instance when requested.
- */
-declare class Route {
-    private static readonly registry;
-    private static readonly prefixStack;
-    private static add;
-    static on<C extends ControllerConstructor>(method: string, path: string, handler: RouteHandler<C>, ...middlewares: MiddlewareHandler[]): typeof Route;
-    static get<C extends ControllerConstructor>(path: string, handler: RouteHandler<C>, ...middlewares: MiddlewareHandler[]): typeof Route;
-    static post<C extends ControllerConstructor>(path: string, handler: RouteHandler<C>, ...middlewares: MiddlewareHandler[]): typeof Route;
-    static put<C extends ControllerConstructor>(path: string, handler: RouteHandler<C>, ...middlewares: MiddlewareHandler[]): typeof Route;
-    static patch<C extends ControllerConstructor>(path: string, handler: RouteHandler<C>, ...middlewares: MiddlewareHandler[]): typeof Route;
-    static delete<C extends ControllerConstructor>(path: string, handler: RouteHandler<C>, ...middlewares: MiddlewareHandler[]): typeof Route;
-    static group(prefix: string, callback: () => void): typeof Route;
-    static mount(app: Hono): void;
-    static clear(): void;
-    static definitions(): RouteDefinition[];
+ * Create a rate limiting middleware.
+ *
+ * @example
+ * ```ts
+ * // Basic usage - 100 requests per minute per IP
+ * app.use('*', createRateLimitMiddleware())
+ *
+ * // Stricter limit for login endpoint
+ * router.post('/login', [AuthController, 'login'],
+ *   createRateLimitMiddleware({
+ *     limit: 5,
+ *     windowMs: 15 * 60 * 1000, // 15 minutes
+ *   })
+ * )
+ *
+ * // Custom key based on authenticated user
+ * app.use('/api/*', createRateLimitMiddleware({
+ *   limit: 1000,
+ *   windowMs: 60 * 60 * 1000, // 1 hour
+ *   keyGenerator: async (ctx) => {
+ *     const user = await ctx.get('user')
+ *     return user?.id?.toString() ?? defaultKeyGenerator(ctx)
+ *   },
+ * }))
+ * ```
+ */
+declare function createRateLimitMiddleware(options?: RateLimitOptions): MiddlewareHandler;
+/**
+ * Rate limit result information.
+ */
+interface RateLimitInfo {
+    limit: number;
+    remaining: number;
+    resetAt: Date;
+    isLimited: boolean;
+}
+/**
+ * Get rate limit information for a key without incrementing.
+ *
+ * @example
+ * ```ts
+ * const info = await getRateLimitInfo('user:123', store, { limit: 100 })
+ * console.log(`${info.remaining} requests remaining`)
+ * ```
+ */
+declare function getRateLimitInfo(key: string, store: RateLimitStore, options?: {
+    limit: number;
+    keyPrefix?: string;
+}): Promise<RateLimitInfo>;
+/**
+ * Reset rate limit for a specific key.
+ *
+ * @example
+ * ```ts
+ * // Reset rate limit after successful captcha
+ * await resetRateLimit(clientIp, store)
+ * ```
+ */
+declare function resetRateLimit(key: string, store: RateLimitStore, options?: {
+    keyPrefix?: string;
+}): Promise<void>;
+/**
+ * Sliding window rate limit store.
+ * More accurate than fixed window but uses more memory.
+ */
+declare class SlidingWindowRateLimitStore extends BaseMemoryStore {
+    private requests;
+    get(key: string): Promise<RateLimitEntry | null>;
+    increment(key: string, windowMs: number): Promise<RateLimitEntry>;
+    reset(key: string): Promise<void>;
+    cleanup(): void;
+    clear(): void;
+    get size(): number;
 }
 
-type ViewRenderer = (template: string, props: Record<string, unknown>) => Response | Promise<Response>;
+interface CspDirectives {
+    defaultSrc?: string[];
+    scriptSrc?: string[];
+    styleSrc?: string[];
+    imgSrc?: string[];
+    fontSrc?: string[];
+    connectSrc?: string[];
+    mediaSrc?: string[];
+    objectSrc?: string[];
+    frameSrc?: string[];
+    childSrc?: string[];
+    workerSrc?: string[];
+    frameAncestors?: string[];
+    formAction?: string[];
+    baseUri?: string[];
+    manifestSrc?: string[];
+    upgradeInsecureRequests?: boolean;
+    blockAllMixedContent?: boolean;
+    /** Escape hatch for directives not listed above. */
+    [directive: string]: string[] | boolean | undefined;
+}
+interface CspOptions {
+    /** CSP directives configuration. */
+    directives?: CspDirectives;
+    /** Use Content-Security-Policy-Report-Only instead. Default: false */
+    reportOnly?: boolean;
+    /** URI for CSP violation reports. */
+    reportUri?: string;
+    /** Generate a per-request nonce and auto-append to script-src and style-src. Default: false */
+    useNonce?: boolean;
+}
+declare const CSP_NONCE_KEY = "csp-nonce";
 /**
- * Registry for view renderers. Engines are typically registered via service
- * providers so applications can opt into or replace implementations.
+ * Retrieve the CSP nonce for the current request.
+ * Only available when `useNonce: true` is set.
  */
-declare class ViewEngine {
-    private static readonly engines;
-    static register(name: string, renderer: ViewRenderer): void;
-    static has(name: string): boolean;
-    static render(name: string, template: string, props: Record<string, unknown>): Response | Promise<Response>;
+declare function getCspNonce(ctx: Context): string;
+/**
+ * Middleware that sets Content-Security-Policy headers.
+ *
+ * @example
+ * ```ts
+ * import { createCspMiddleware, getCspNonce } from '@guren/core'
+ *
+ * app.use('*', createCspMiddleware({
+ *   directives: {
+ *     defaultSrc: ["'self'"],
+ *     scriptSrc: ["'self'", 'https://cdn.example.com'],
+ *     styleSrc: ["'self'", "'unsafe-inline'"],
+ *     imgSrc: ["'self'", 'data:', 'https:'],
+ *     objectSrc: ["'none'"],
+ *   },
+ *   useNonce: true,
+ *   reportUri: '/csp-report',
+ * }))
+ * ```
+ */
+declare function createCspMiddleware(options?: CspOptions): MiddlewareHandler;
+
+interface CorsOptions {
+    /**
+     * Allowed origins. Default: none (same-origin policy applies).
+     * - A string: exact origin match (use '*' to allow all origins)
+     * - An array of strings: multiple allowed origins
+     * - A function: dynamic origin evaluation
+     */
+    origin?: string | string[] | ((origin: string, ctx: unknown) => string | undefined | null);
+    /** Allowed HTTP methods. Default: ['GET', 'HEAD', 'PUT', 'POST', 'DELETE', 'PATCH'] */
+    allowMethods?: string[];
+    /** Allowed request headers. */
+    allowHeaders?: string[];
+    /** Headers exposed to the browser. */
+    exposeHeaders?: string[];
+    /** Preflight cache max-age in seconds. */
+    maxAge?: number;
+    /** Allow credentials (cookies, authorization headers). Default: false */
+    credentials?: boolean;
 }
+/**
+ * CORS middleware powered by Hono's built-in CORS support.
+ *
+ * @example
+ * ```ts
+ * import { createCorsMiddleware } from '@guren/core'
+ *
+ * // Allow specific origins
+ * app.use('/api/*', createCorsMiddleware({
+ *   origin: ['https://example.com', 'https://app.example.com'],
+ *   credentials: true,
+ * }))
+ *
+ * // Dynamic origin
+ * app.use('/api/*', createCorsMiddleware({
+ *   origin: (origin) => origin.endsWith('.example.com') ? origin : null,
+ * }))
+ * ```
+ */
+declare function createCorsMiddleware(options?: CorsOptions): MiddlewareHandler;
 
-declare class ApplicationContext {
-    private readonly application;
-    private readonly authManager;
-    constructor(application: Application, authManager: AuthManager);
-    get app(): Application;
-    get hono(): Hono;
-    get routes(): typeof Route;
-    get views(): typeof ViewEngine;
-    get auth(): AuthManager;
+interface RedirectSafetyOptions {
+    /** Additional external hosts allowed as redirect targets. */
+    allowedHosts?: string[];
+    /** Fallback URL when an unsafe redirect is blocked. Default: '/' */
+    fallbackUrl?: string;
 }
+/**
+ * Middleware that prevents open redirect attacks by validating
+ * redirect destinations in 3xx responses.
+ *
+ * @example
+ * ```ts
+ * import { createRedirectSafetyMiddleware } from '@guren/core'
+ *
+ * app.use('*', createRedirectSafetyMiddleware({
+ *   allowedHosts: ['accounts.google.com'],
+ * }))
+ * ```
+ */
+declare function createRedirectSafetyMiddleware(options?: RedirectSafetyOptions): MiddlewareHandler;
+/**
+ * Check whether a redirect URL is safe (same-origin or in the allowed list).
+ *
+ * @param url - The redirect target URL
+ * @param requestUrl - The current request URL (used to determine the origin)
+ * @param allowedHosts - Additional allowed external hosts
+ */
+declare function isSafeRedirectUrl(url: string, requestUrl: string, allowedHosts?: string[]): boolean;
 
-interface Provider {
-    register?(context: ApplicationContext): void | Promise<void>;
-    boot?(context: ApplicationContext): void | Promise<void>;
+interface ForceHttpsOptions {
+    /**
+     * HSTS max-age in seconds. Default: 31536000 (1 year).
+     */
+    hstsMaxAge?: number;
+    /**
+     * Include subdomains in HSTS. Default: true.
+     */
+    hstsIncludeSubDomains?: boolean;
+    /**
+     * Enable HSTS preload. Default: false.
+     */
+    hstsPreload?: boolean;
+    /**
+     * Paths to exclude from HTTPS redirect (e.g., health checks).
+     */
+    exclude?: string[];
 }
-type ProviderConstructor<T extends Provider = Provider> = new () => T;
+/**
+ * Middleware that redirects HTTP requests to HTTPS and sets the
+ * Strict-Transport-Security header. Equivalent to Rails' `force_ssl`.
+ *
+ * @example
+ * ```ts
+ * import { createForceHttpsMiddleware } from '@guren/core'
+ *
+ * // In production only
+ * if (process.env.NODE_ENV === 'production') {
+ *   app.use('*', createForceHttpsMiddleware())
+ * }
+ * ```
+ */
+declare function createForceHttpsMiddleware(options?: ForceHttpsOptions): MiddlewareHandler;
+
+/**
+ * Middleware that generates a unique request ID for each request.
+ * Reads from the `X-Request-ID` header if present, otherwise generates one
+ * using `crypto.randomUUID()`.
+ * Attaches the ID to the Hono context (`c.get('requestId')`) and sets it
+ * on the response header.
+ *
+ * @example
+ * ```ts
+ * import { requestIdMiddleware } from '@guren/core'
+ *
+ * app.use('*', requestIdMiddleware())
+ * ```
+ */
+declare function requestIdMiddleware(): hono.MiddlewareHandler<{
+    Variables: {
+        requestId: string;
+    };
+}, string, {}, Response>;
+
+/**
+ * Middleware that logs HTTP requests with method, path, status, and duration.
+ * Uses structured JSON format suitable for production monitoring and log collectors.
+ *
+ * Pairs well with {@link requestIdMiddleware} — if a `requestId` is set on the
+ * context, it will be included in the log entry.
+ *
+ * @example
+ * ```ts
+ * import { requestIdMiddleware, requestLoggingMiddleware } from '@guren/core'
+ *
+ * app.use('*', requestIdMiddleware())
+ * app.use('*', requestLoggingMiddleware())
+ * ```
+ */
+declare function requestLoggingMiddleware(): hono.MiddlewareHandler<any, string, {}, Response>;
 
-declare const GUREN_ASCII_ART: string;
-interface DevBannerOptions {
-    hostname: string;
-    port: number;
-    assetsUrl?: string;
+/**
+ * Base HTTP exception class.
+ *
+ * @example
+ * ```typescript
+ * // Using factory methods
+ * throw HttpException.notFound('User not found')
+ * throw HttpException.unauthorized('Invalid credentials')
+ *
+ * // Custom status code
+ * throw new HttpException(418, "I'm a teapot")
+ *
+ * // With validation errors
+ * throw HttpException.unprocessable('Validation failed', {
+ *   email: ['Email is required', 'Email must be valid'],
+ *   password: ['Password is too short'],
+ * })
+ * ```
+ */
+declare class HttpException extends Error {
+    /**
+     * HTTP status code.
+     */
+    readonly statusCode: number;
+    /**
+     * Validation or field-specific errors.
+     */
+    readonly errors?: Record<string, string[]>;
+    /**
+     * Additional error data.
+     */
+    readonly data?: Record<string, unknown>;
+    constructor(statusCode: number, message: string, errors?: Record<string, string[]>, data?: Record<string, unknown>);
+    /**
+     * Convert to response format.
+     */
+    toResponse(debug?: boolean): {
+        status: number;
+        body: ErrorResponse;
+    };
+    /**
+     * Convert to JSON.
+     */
+    toJSON(): Record<string, unknown>;
+    /**
+     * Create a 400 Bad Request exception.
+     */
+    static badRequest(message?: string): HttpException;
+    /**
+     * Create a 401 Unauthorized exception.
+     */
+    static unauthorized(message?: string): HttpException;
+    /**
+     * Create a 403 Forbidden exception.
+     */
+    static forbidden(message?: string): HttpException;
+    /**
+     * Create a 404 Not Found exception.
+     */
+    static notFound(message?: string): HttpException;
+    /**
+     * Create a 405 Method Not Allowed exception.
+     */
+    static methodNotAllowed(message?: string): HttpException;
+    /**
+     * Create a 409 Conflict exception.
+     */
+    static conflict(message?: string): HttpException;
+    /**
+     * Create a 410 Gone exception.
+     */
+    static gone(message?: string): HttpException;
+    /**
+     * Create a 422 Unprocessable Entity exception.
+     */
+    static unprocessable(message?: string, errors?: Record<string, string[]>): HttpException;
+    /**
+     * Create a 429 Too Many Requests exception.
+     */
+    static tooManyRequests(message?: string): HttpException;
+    /**
+     * Create a 500 Internal Server Error exception.
+     */
+    static internal(message?: string): HttpException;
+    /**
+     * Create a 501 Not Implemented exception.
+     */
+    static notImplemented(message?: string): HttpException;
+    /**
+     * Create a 502 Bad Gateway exception.
+     */
+    static badGateway(message?: string): HttpException;
+    /**
+     * Create a 503 Service Unavailable exception.
+     */
+    static serviceUnavailable(message?: string): HttpException;
+    /**
+     * Create a 504 Gateway Timeout exception.
+     */
+    static gatewayTimeout(message?: string): HttpException;
+    /**
+     * Check if an error is an HTTP exception.
+     */
+    static isHttpException(error: unknown): error is HttpException;
 }
-declare function logDevServerBanner({ hostname, port, assetsUrl, }: DevBannerOptions): void;
 
-interface StartViteDevServerOptions {
-    root?: string;
-    config?: InlineConfig;
-    host?: boolean | string;
-    port?: number;
+/**
+ * Validation exception.
+ *
+ * Thrown when request validation fails.
+ *
+ * @example
+ * ```typescript
+ * throw new ValidationException({
+ *   email: ['Email is required', 'Email must be valid'],
+ *   password: ['Password is too short'],
+ * })
+ * ```
+ */
+declare class ValidationException extends HttpException {
+    constructor(errors: Record<string, string[]>, message?: string);
+    /**
+     * Create from Zod error.
+     */
+    static fromZodError(zodError: ZodLikeError): ValidationException;
+    /**
+     * Get errors for a specific field.
+     */
+    getFieldErrors(field: string): string[];
+    /**
+     * Check if a field has errors.
+     */
+    hasFieldError(field: string): boolean;
+    /**
+     * Get the first error for a field.
+     */
+    getFirstError(field: string): string | null;
+    /**
+     * Get all error messages as a flat array.
+     */
+    getAllMessages(): string[];
+    /**
+     * Create a ValidationException from a plain messages object.
+     *
+     * Useful for business-logic validation (e.g. duplicate email checks)
+     * where Zod is not involved.
+     *
+     * @example
+     * ```typescript
+     * throw ValidationException.withMessages({ email: 'Email already registered' })
+     * throw ValidationException.withMessages({ email: ['Must be unique', 'Must be corporate'] })
+     * ```
+     */
+    static withMessages(messages: Record<string, string | string[]>): ValidationException;
 }
-interface StartedViteDevServer {
-    server: ViteDevServer;
-    localUrl: string;
-    networkUrls: string[];
+/**
+ * Zod-like error interface for compatibility.
+ */
+interface ZodLikeError {
+    issues: Array<{
+        path: PropertyKey[];
+        message: string;
+    }>;
 }
-declare function startViteDevServer(options?: StartViteDevServerOptions): Promise<StartedViteDevServer>;
 
-type BootCallback = (app: Hono) => void | Promise<void>;
-interface ApplicationOptions {
-    readonly boot?: BootCallback;
-    readonly providers?: Array<Provider | ProviderConstructor>;
+/**
+ * Authentication exception.
+ *
+ * Thrown when a user is not authenticated or credentials are invalid.
+ *
+ * @example
+ * ```typescript
+ * throw new AuthenticationException()
+ * throw new AuthenticationException('Invalid token')
+ * throw new AuthenticationException('Session expired', 'login')
+ * ```
+ */
+declare class AuthenticationException extends HttpException {
+    /**
+     * The guard that threw the exception.
+     */
+    readonly guard?: string;
+    /**
+     * URL to redirect to for authentication.
+     */
+    readonly redirectTo?: string;
+    constructor(message?: string, guard?: string, redirectTo?: string);
+    /**
+     * Create exception with redirect URL.
+     */
+    static withRedirect(redirectTo: string, message?: string): AuthenticationException;
+    /**
+     * Create exception for a specific guard.
+     */
+    static forGuard(guard: string, message?: string): AuthenticationException;
 }
-interface ApplicationListenOptions {
-    port?: number;
-    hostname?: string;
-    assetsUrl?: string;
-    vite?: StartViteDevServerOptions | false;
+
+/**
+ * Authorization exception.
+ *
+ * Thrown when a user is authenticated but not authorized to perform an action.
+ *
+ * @example
+ * ```typescript
+ * throw new AuthorizationException()
+ * throw new AuthorizationException('You cannot edit this post')
+ * throw new AuthorizationException('Access denied', 'edit', 'Post')
+ * ```
+ */
+declare class AuthorizationException extends HttpException {
+    /**
+     * The action that was attempted.
+     */
+    readonly action?: string;
+    /**
+     * The resource that was being accessed.
+     */
+    readonly resource?: string;
+    constructor(message?: string, action?: string, resource?: string);
+    /**
+     * Create exception for a specific action and resource.
+     */
+    static forAction(action: string, resource?: string): AuthorizationException;
+    /**
+     * Deny access to a resource.
+     */
+    static deny(resource?: string): AuthorizationException;
 }
+
 /**
- * Application wires the Route registry into a running Hono instance.
- * It offers a small convenience layer so users can bootstrap a Bun server
- * without touching the underlying Hono object directly.
+ * Not Found HTTP exception.
+ *
+ * Thrown when a requested resource cannot be found.
+ *
+ * @example
+ * ```typescript
+ * throw new NotFoundHttpException()
+ * throw new NotFoundHttpException('User not found')
+ * throw NotFoundHttpException.forModel('User', 123)
+ * ```
  */
-declare class Application {
-    private readonly options;
-    readonly hono: Hono;
-    private readonly plugins;
-    private context?;
-    private readonly authManager;
-    private viteDevServer?;
-    private bunServer?;
-    private viteTeardownRegistered;
-    constructor(options?: ApplicationOptions);
-    get auth(): AuthManager;
+declare class NotFoundHttpException extends HttpException {
+    /**
+     * The type of resource that was not found.
+     */
+    readonly resourceType?: string;
+    /**
+     * The ID of the resource that was not found.
+     */
+    readonly resourceId?: string | number;
+    constructor(message?: string, resourceType?: string, resourceId?: string | number);
+    /**
+     * Create exception for a model not found.
+     */
+    static forModel(model: string, id: string | number): NotFoundHttpException;
     /**
-     * Mounts all routes that were defined through the Route DSL.
+     * Create exception for a route not found.
      */
-    mountRoutes(): void;
+    static forRoute(path: string): NotFoundHttpException;
     /**
-     * Allows registering global middlewares directly on the underlying Hono app.
+     * Create exception for a resource not found.
      */
-    use(path: string, ...middleware: MiddlewareHandler[]): void;
+    static forResource(resource: string): NotFoundHttpException;
+}
+
+/**
+ * Method Not Allowed exception.
+ *
+ * Thrown when an HTTP method is not allowed for a route.
+ *
+ * @example
+ * ```typescript
+ * throw new MethodNotAllowedException()
+ * throw new MethodNotAllowedException('POST', ['GET', 'HEAD'])
+ * ```
+ */
+declare class MethodNotAllowedException extends HttpException {
     /**
-     * Executes the optional boot callback and mounts the registered routes.
+     * The HTTP method that was attempted.
      */
-    boot(): Promise<void>;
+    readonly method?: string;
     /**
-     * Fetch handler to integrate with Bun.serve or any standard Fetch runtime.
+     * The allowed HTTP methods.
      */
-    fetch(request: Request, env?: unknown, executionCtx?: ExecutionContext): Promise<Response>;
+    readonly allowedMethods?: string[];
+    constructor(method?: string, allowedMethods?: string[], message?: string);
     /**
-     * Convenience helper to start a Bun server when available.
+     * Get the Allow header value.
      */
-    listen(options?: ApplicationListenOptions): Promise<void>;
-    register(provider: Provider | ProviderConstructor): this;
-    registerMany(providers: Array<Provider | ProviderConstructor>): this;
+    getAllowHeader(): string;
     /**
-     * Logs the rich development server banner to the console.
+     * Create exception with method details.
      */
-    logDevServerBanner(options: DevBannerOptions): void;
-    private resolveContext;
-    private registerDefaultProviders;
-    private closeViteDevServer;
-    private registerViteTeardown;
+    static forMethod(method: string, allowedMethods: string[]): MethodNotAllowedException;
 }
 
-type RootPublicAssetsConfig = boolean | RootPublicAssetsOptions;
-interface RootPublicAssetsOptions {
-    /** Enable or disable root-level public asset serving. Defaults to true. */
-    enabled?: boolean;
-    /** List of file extensions to expose from the public directory. */
-    extensions?: string[];
-    /** Cache-Control header applied to served files. */
-    cacheControlHeader?: string;
-    /** Optional prefix filter (e.g. `/assets`). Defaults to all paths. */
-    routePrefix?: string;
-    /** Override content types per extension. */
-    contentTypeMap?: Record<string, string>;
-}
-
-interface DevAssetsOptions {
-    /** Absolute path to the resources directory (e.g. `/app/resources`). */
-    resourcesDir?: string;
-    /** Base import meta used to resolve relative paths. */
-    importMeta?: ImportMeta;
-    /** Relative path from `importMeta` to the resources directory. Defaults to `../resources`. */
-    resourcesPath?: string;
-    /** Path prefix to mount transpiled JS assets. Defaults to `/resources/js`. */
-    prefix?: string;
-    /** Route pattern used to serve raw CSS assets. Defaults to `/resources/css/*`. */
-    cssRoute?: string;
-    /** Absolute path to the CSS directory. Defaults to `<resourcesDir>/../css`. */
-    cssDir?: string;
-    /** Enables serving the bundled inertia client. Defaults to true. */
-    inertiaClient?: boolean;
-    /** Path to the inertia client source. Defaults to the version bundled with Guren. */
-    inertiaClientSource?: string;
-    /** Public URL for the inertia client. Defaults to `/vendor/inertia-client.tsx`. */
-    inertiaClientPath?: string;
-    /** Override the remote JSX runtime URL. */
-    jsxRuntimeUrl?: string;
-    /** Absolute path to a directory with static assets (e.g. `/app/public`). */
-    publicDir?: string;
-    /** Relative path from `importMeta` to the static assets directory. Defaults to `../public`. */
-    publicPath?: string | false;
-    /** Route pattern used when serving static assets. Defaults to `/public/*`. */
-    publicRoute?: string;
-    /** Whether to register a no-op favicon route. Defaults to true when static assets are served. */
-    favicon?: boolean;
-    /** Serve selected files from the public directory without the `/public` prefix. */
-    rootPublicAssets?: RootPublicAssetsConfig;
-}
-/**
- * Registers development asset serving middleware.
- * @param app
- * @param options
- */
-declare function registerDevAssets(app: Application, options: DevAssetsOptions): void;
-
-interface InertiaAssetsOptions extends DevAssetsOptions {
-    /** Default stylesheet entry embedded into Inertia responses. */
-    stylesEntry?: string;
-    /** Default script entry embedded into Inertia responses (production). */
-    scriptEntry?: string;
-    /** Path to the SSR bundle entry consumed by the Inertia engine. */
-    ssrEntry?: string;
-    /** Path to the SSR manifest file generated by the build. */
-    ssrManifest?: string;
-}
-interface AutoConfigureInertiaOptions extends InertiaAssetsOptions {
-    /** Dev server URL used when NODE_ENV !== 'production'. */
-    devServerUrl?: string;
-    /** Output directory for Vite SSR bundles (relative to project root). */
-    ssrOutDir?: string;
-    /** Enables SSR auto-wiring (defaults to true). */
-    enableSsr?: boolean;
-}
-declare function configureInertiaAssets(app: Application, options: InertiaAssetsOptions): void;
-declare function autoConfigureInertiaAssets(app: Application, options: AutoConfigureInertiaOptions): void;
-
-/**
- * Parses the incoming request payload supporting both JSON bodies and form submissions.
- * Falls back to an empty object if the payload cannot be parsed.
- */
-declare function parseRequestPayload(ctx: Context): Promise<Record<string, unknown>>;
-interface ValidationIssueLike {
-    path: Array<string | number>;
-    message: string;
-}
-interface ValidationErrorLike {
-    issues: ValidationIssueLike[];
-}
-/**
- * Converts a Zod-style validation error into a flat record usable by forms.
- */
-declare function formatValidationErrors(error: ValidationErrorLike, fallbackMessage?: string): Record<string, string>;
-
-declare class InertiaViewProvider implements Provider {
-    register(_context: ApplicationContext): void;
-}
-
-declare class AuthServiceProvider implements Provider {
-    register(context: ApplicationContext): void;
-    boot(context: ApplicationContext): void;
-}
-
-export { Application, ApplicationContext, type ApplicationListenOptions, type AuthContext, type AuthCredentials, AuthManager, type AuthManagerOptions, type AuthContext as AuthRuntimeContext, AuthServiceProvider, type Authenticatable, AuthenticatableModel, type AutoConfigureInertiaOptions, BaseUserProvider, Controller, type ControllerInertiaProps, type DevBannerOptions, GUREN_ASCII_ART, type Guard, type GuardContext, type GuardFactory, type InertiaOptions, type InertiaPagePayload, type InertiaResponse, type InertiaSsrContext, type InertiaSsrOptions, type InertiaSsrRenderer, type InertiaSsrResult, InertiaViewProvider, type InferInertiaProps, MemorySessionStore, type Middleware, ModelUserProvider, type Provider, type ProviderConstructor, type ProviderFactory, type RequireAuthOptions, Route, type RouteDefinition, ScryptHasher, type Session, type SessionData, SessionGuard, type SessionStore, type StartViteDevServerOptions, type StartedViteDevServer, type UserProvider, ViewEngine, attachAuthContext, autoConfigureInertiaAssets, configureInertiaAssets, createSessionMiddleware, defineMiddleware, formatValidationErrors, getSessionFromContext, inertia, logDevServerBanner, parseRequestPayload, registerDevAssets, requireAuthenticated, requireGuest, startViteDevServer };
+/**
+ * Generate a production-friendly HTML error page.
+ * Shows status code, a generic message, and a link back to the home page.
+ * No stack traces or internal details are exposed.
+ */
+declare function renderErrorPage(statusCode: number, message?: string): string;
+
+type ViewRenderer = (template: string, props: Record<string, unknown>) => Response | Promise<Response>;
+/**
+ * Registry for view renderers. Engines are typically registered via service
+ * providers so applications can opt into or replace implementations.
+ */
+declare class ViewEngine {
+    private static readonly engines;
+    static register(name: string, renderer: ViewRenderer): void;
+    static has(name: string): boolean;
+    static render(name: string, template: string, props: Record<string, unknown>): Response | Promise<Response>;
+}
+
+/**
+ * Registers the Inertia view engine and wires up validation error handling
+ * for Inertia requests (Laravel-style automatic redirect with flashed errors).
+ */
+declare class InertiaServiceProvider extends ServiceProvider {
+    register(): void;
+    boot(): void;
+    /**
+     * Register a custom renderer for ValidationException on Inertia requests.
+     * Non-Inertia requests fall through to the default JSON 422 response.
+     */
+    private registerValidationRenderer;
+    /**
+     * Wrap existing shared props resolver to auto-inject flashed `errors`.
+     */
+    private registerSharedErrors;
+}
+
+/**
+ * Sets up authentication guards, session middleware, and auth context.
+ */
+declare class AuthServiceProvider extends ServiceProvider {
+    register(): void;
+}
+
+/**
+ * Binds OAuthManager as a singleton in the container.
+ */
+declare class OAuthServiceProvider extends ServiceProvider {
+    register(): void;
+}
+
+/**
+ * Binds the EventManager as a singleton in the container.
+ */
+declare class EventServiceProvider extends ServiceProvider {
+    register(): void;
+}
+
+/**
+ * Binds the CacheManager as a singleton in the container.
+ */
+declare class CacheServiceProvider extends ServiceProvider {
+    register(): void;
+}
+
+/**
+ * Binds the QueueManager as a singleton in the container.
+ */
+declare class QueueServiceProvider extends ServiceProvider {
+    register(): void;
+}
+
+/**
+ * Binds the MailManager as a singleton in the container.
+ */
+declare class MailServiceProvider extends ServiceProvider {
+    register(): void;
+}
+
+/**
+ * Binds the LogManager as a singleton in the container.
+ */
+declare class LogServiceProvider extends ServiceProvider {
+    register(): void;
+}
+
+/**
+ * Binds the I18nManager as a singleton in the container.
+ */
+declare class I18nServiceProvider extends ServiceProvider {
+    register(): void;
+}
+
+/**
+ * Binds the NotificationManager as a singleton in the container.
+ */
+declare class NotificationServiceProvider extends ServiceProvider {
+    register(): void;
+}
+
+/**
+ * Binds the BroadcastManager as a singleton in the container.
+ */
+declare class BroadcastServiceProvider extends ServiceProvider {
+    register(): void;
+}
+
+/**
+ * Binds the Encrypter as a singleton in the container.
+ */
+declare class EncryptionServiceProvider extends ServiceProvider {
+    register(): void;
+}
+
+/**
+ * Binds the StorageManager as a singleton in the container.
+ */
+declare class StorageServiceProvider extends ServiceProvider {
+    register(): void;
+}
+
+/**
+ * Binds the HealthManager as a singleton in the container.
+ */
+declare class HealthServiceProvider extends ServiceProvider {
+    register(): void;
+}
+
+/**
+ * Binds the Scheduler as a singleton in the container.
+ */
+declare class SchedulingServiceProvider extends ServiceProvider {
+    register(): void;
+}
+
+/**
+ * Binds the Gate as a singleton in the container.
+ */
+declare class AuthorizationServiceProvider extends ServiceProvider {
+    register(): void;
+}
+
+/**
+ * Binds the ExceptionHandler as a singleton in the container
+ * and attaches it as global error-handling middleware.
+ */
+declare class ErrorServiceProvider extends ServiceProvider {
+    register(): void;
+    boot(): void;
+}
+
+/**
+ * Validation rule function type.
+ */
+type ValidationRule<T = unknown> = (value: T, field: string, data: Record<string, unknown>) => true | string | Promise<true | string>;
+/**
+ * Validation rule definition.
+ */
+interface RuleDefinition {
+    name: string;
+    validate: ValidationRule;
+    message?: string;
+}
+/**
+ * Validation result.
+ */
+interface ValidationResult {
+    success: boolean;
+    data?: Record<string, unknown>;
+    errors?: Record<string, string[]>;
+}
+/**
+ * File validation options.
+ */
+interface FileValidationOptions {
+    /**
+     * Maximum file size in bytes.
+     */
+    maxSize?: number;
+    /**
+     * Allowed MIME types.
+     */
+    mimes?: string[];
+    /**
+     * Allowed file extensions.
+     */
+    extensions?: string[];
+    /**
+     * Minimum file size in bytes.
+     */
+    minSize?: number;
+}
+/**
+ * Image validation options.
+ */
+interface ImageValidationOptions extends FileValidationOptions {
+    /**
+     * Maximum width in pixels.
+     */
+    maxWidth?: number;
+    /**
+     * Maximum height in pixels.
+     */
+    maxHeight?: number;
+    /**
+     * Minimum width in pixels.
+     */
+    minWidth?: number;
+    /**
+     * Minimum height in pixels.
+     */
+    minHeight?: number;
+    /**
+     * Required aspect ratio (width/height).
+     */
+    ratio?: number;
+    /**
+     * Allowed aspect ratio tolerance.
+     */
+    ratioTolerance?: number;
+}
+/**
+ * Validator options.
+ */
+interface ValidatorOptions {
+    /**
+     * Stop on first error for each field.
+     * @default true
+     */
+    stopOnFirstError?: boolean;
+    /**
+     * Custom error messages.
+     */
+    messages?: Record<string, string>;
+    /**
+     * Custom attribute names for error messages.
+     */
+    attributes?: Record<string, string>;
+}
+/**
+ * File-like interface for validation.
+ */
+interface FileLike {
+    name: string;
+    size: number;
+    type: string;
+}
+
+/**
+ * Base class for form request validation.
+ *
+ * FormRequest encapsulates both validation rules and authorization logic
+ * for a single request type. Extend this class and define `rules()` and
+ * optionally `authorize()` to create type-safe request validation.
+ *
+ * @example
+ * ```typescript
+ * interface StorePostData {
+ *   title: string
+ *   content: string
+ *   status: 'draft' | 'published'
+ * }
+ *
+ * class StorePostRequest extends FormRequest<StorePostData> {
+ *   rules() {
+ *     return {
+ *       title: [required(), stringRule(), min(3), max(255)],
+ *       content: [required(), stringRule()],
+ *       status: [required(), inValues(['draft', 'published'])],
+ *     }
+ *   }
+ *
+ *   authorize() {
+ *     return this.user() !== null
+ *   }
+ * }
+ *
+ * // In controller:
+ * const data = await this.validate(StorePostRequest)
+ * // data is typed as StorePostData
+ * ```
+ */
+declare abstract class FormRequest<T = Record<string, unknown>> {
+    protected ctx: Context;
+    /**
+     * Define validation rules for this request.
+     * Return an object mapping field names to arrays of validation rules.
+     */
+    abstract rules(): Record<string, ValidationRule[]>;
+    /**
+     * Determine if the user is authorized to make this request.
+     * Override to implement authorization logic. Defaults to true.
+     */
+    authorize(): boolean | Promise<boolean>;
+    /**
+     * Custom error messages for validation rules.
+     * Override to provide custom messages.
+     */
+    messages(): Record<string, string>;
+    /**
+     * Custom attribute names for validation errors.
+     * Override to provide human-readable field names.
+     */
+    attributes(): Record<string, string>;
+    /**
+     * Get the authenticated user from the request context.
+     */
+    protected user(): unknown;
+    /**
+     * Handle the form request: authorize, parse body, validate, return typed data.
+     * @internal Called by Controller.validate()
+     */
+    handle(ctx: Context): Promise<T>;
+    private parseBody;
+}
+
+/**
+ * Field validator builder.
+ */
+declare class FieldValidator {
+    private field;
+    private _rules;
+    private isNullable;
+    private isSometimes;
+    private bailOnFirstError;
+    private conditions;
+    constructor(field: string);
+    /**
+     * Add a validation rule.
+     */
+    rule(rule: ValidationRule): this;
+    /**
+     * Add multiple validation rules.
+     */
+    rules(...rules: ValidationRule[]): this;
+    /**
+     * Mark field as nullable (allows null values).
+     */
+    nullable(): this;
+    /**
+     * Only validate if field is present.
+     */
+    sometimes(): this;
+    /**
+     * Stop validation on first error.
+     */
+    bail(): this;
+    /**
+     * Continue validation even after errors.
+     */
+    continueOnError(): this;
+    /**
+     * Add a condition - only validate if condition is true.
+     */
+    when(condition: (data: Record<string, unknown>) => boolean): this;
+    /**
+     * Add a condition - only validate if condition is false.
+     */
+    unless(condition: (data: Record<string, unknown>) => boolean): this;
+    /**
+     * Validate the field.
+     */
+    validate(value: unknown, data: Record<string, unknown>, options?: ValidatorOptions): Promise<string[]>;
+    /**
+     * Format error message.
+     */
+    private formatMessage;
+    /**
+     * Get the field name.
+     */
+    getField(): string;
+}
+/**
+ * Validator class for validating data against rules.
+ *
+ * @example
+ * ```typescript
+ * import { Validator, required, email, min } from '@guren/server'
+ *
+ * const validator = new Validator()
+ *   .field('name', required(), min(2))
+ *   .field('email', required(), email())
+ *   .field('password', required(), min(8))
+ *   .field('password_confirmation', required())
+ *
+ * const result = await validator.validate(data)
+ * if (!result.success) {
+ *   console.log(result.errors)
+ * }
+ * ```
+ */
+declare class Validator {
+    private fields;
+    private options;
+    /**
+     * Create a new validator.
+     */
+    constructor(options?: ValidatorOptions);
+    /**
+     * Add a field with rules.
+     */
+    field(name: string, ...rules: ValidationRule[]): this;
+    /**
+     * Add a field validator.
+     */
+    addField(validator: FieldValidator): this;
+    /**
+     * Get a field validator for fluent configuration.
+     */
+    for(name: string): FieldValidator;
+    /**
+     * Set custom error messages.
+     */
+    messages(messages: Record<string, string>): this;
+    /**
+     * Set custom attribute names.
+     */
+    attributes(attributes: Record<string, string>): this;
+    /**
+     * Validate data.
+     */
+    validate(data: Record<string, unknown>): Promise<ValidationResult>;
+    /**
+     * Validate and throw if invalid.
+     */
+    validateOrThrow(data: Record<string, unknown>): Promise<Record<string, unknown>>;
+    /**
+     * Create a new validator from rules object.
+     */
+    static make(rules: Record<string, ValidationRule[]>, options?: ValidatorOptions): Validator;
+}
+/**
+ * Create a new validator.
+ */
+declare function createValidator(options?: ValidatorOptions): Validator;
+/**
+ * Quick validate function.
+ */
+declare function quickValidate(data: Record<string, unknown>, rules: Record<string, ValidationRule[]>, options?: ValidatorOptions): Promise<ValidationResult>;
+/**
+ * Quick validate and throw function.
+ */
+declare function quickValidateOrThrow(data: Record<string, unknown>, rules: Record<string, ValidationRule[]>, options?: ValidatorOptions): Promise<Record<string, unknown>>;
+
+/**
+ * Built-in validation rules.
+ */
+/**
+ * Required rule - value must be present and not empty.
+ */
+declare function required(): ValidationRule;
+/**
+ * Nullable rule - allows null values (removes other validation if null).
+ */
+declare function nullable(): ValidationRule;
+/**
+ * Required if another field equals a value.
+ */
+declare function requiredIf(field: string, value: unknown): ValidationRule;
+/**
+ * Required unless another field equals a value.
+ */
+declare function requiredUnless(field: string, value: unknown): ValidationRule;
+/**
+ * Required with - field is required if any of the other fields are present.
+ */
+declare function requiredWith(...fields: string[]): ValidationRule;
+/**
+ * Required without - field is required if any of the other fields are not present.
+ */
+declare function requiredWithout(...fields: string[]): ValidationRule;
+/**
+ * String rule - value must be a string.
+ */
+declare function string(): ValidationRule;
+/**
+ * Numeric rule - value must be a number.
+ */
+declare function numeric(): ValidationRule;
+/**
+ * Integer rule - value must be an integer.
+ */
+declare function integer(): ValidationRule;
+/**
+ * Boolean rule - value must be a boolean.
+ */
+declare function boolean(): ValidationRule;
+/**
+ * Array rule - value must be an array.
+ */
+declare function array(): ValidationRule;
+/**
+ * Object rule - value must be an object.
+ */
+declare function object(): ValidationRule;
+/**
+ * Email rule - value must be a valid email.
+ */
+declare function email(): ValidationRule;
+/**
+ * URL rule - value must be a valid URL.
+ */
+declare function url(): ValidationRule;
+/**
+ * UUID rule - value must be a valid UUID.
+ */
+declare function uuid(): ValidationRule;
+/**
+ * Minimum rule - value must be at least min.
+ */
+declare function min(minValue: number): ValidationRule;
+/**
+ * Maximum rule - value must be at most max.
+ */
+declare function max(maxValue: number): ValidationRule;
+/**
+ * Between rule - value must be between min and max.
+ */
+declare function between(minValue: number, maxValue: number): ValidationRule;
+/**
+ * Size rule - value must be exactly size.
+ */
+declare function size(exactSize: number): ValidationRule;
+/**
+ * In rule - value must be in the given array.
+ */
+declare function inValues(values: unknown[]): ValidationRule;
+/**
+ * Not in rule - value must not be in the given array.
+ */
+declare function notIn(values: unknown[]): ValidationRule;
+/**
+ * Regex rule - value must match the regex.
+ */
+declare function regex(pattern: RegExp): ValidationRule;
+/**
+ * Confirmed rule - field must have a matching field_confirmation.
+ */
+declare function confirmed(): ValidationRule;
+/**
+ * Same rule - field must match another field.
+ */
+declare function same(otherField: string): ValidationRule;
+/**
+ * Different rule - field must be different from another field.
+ */
+declare function different(otherField: string): ValidationRule;
+/**
+ * After rule - date must be after another date.
+ */
+declare function after(date: string | Date): ValidationRule;
+/**
+ * After or equal rule - date must be after or equal to another date.
+ */
+declare function afterOrEqual(date: string | Date): ValidationRule;
+/**
+ * Before rule - date must be before another date.
+ */
+declare function before(date: string | Date): ValidationRule;
+/**
+ * Before or equal rule - date must be before or equal to another date.
+ */
+declare function beforeOrEqual(date: string | Date): ValidationRule;
+/**
+ * Date rule - value must be a valid date.
+ */
+declare function date(): ValidationRule;
+/**
+ * Date format rule - value must match the given format.
+ */
+declare function dateFormat(format: string): ValidationRule;
+/**
+ * Alpha rule - value must only contain letters.
+ */
+declare function alpha(): ValidationRule;
+/**
+ * Alpha numeric rule - value must only contain letters and numbers.
+ */
+declare function alphaNum(): ValidationRule;
+/**
+ * Alpha dash rule - value must only contain letters, numbers, dashes, and underscores.
+ */
+declare function alphaDash(): ValidationRule;
+/**
+ * Starts with rule - value must start with one of the given prefixes.
+ */
+declare function startsWith(...prefixes: string[]): ValidationRule;
+/**
+ * Ends with rule - value must end with one of the given suffixes.
+ */
+declare function endsWith(...suffixes: string[]): ValidationRule;
+/**
+ * JSON rule - value must be a valid JSON string.
+ */
+declare function json(): ValidationRule;
+/**
+ * IP rule - value must be a valid IP address.
+ */
+declare function ip(): ValidationRule;
+/**
+ * IPv4 rule - value must be a valid IPv4 address.
+ */
+declare function ipv4(): ValidationRule;
+/**
+ * IPv6 rule - value must be a valid IPv6 address.
+ */
+declare function ipv6(): ValidationRule;
+/**
+ * File rule - validates a file object.
+ */
+declare function file(options?: FileValidationOptions): ValidationRule;
+/**
+ * Image rule - validates an image file.
+ */
+declare function image(options?: ImageValidationOptions): ValidationRule;
+/**
+ * Mimes rule - validates file MIME types.
+ */
+declare function mimes(...mimeTypes: string[]): ValidationRule;
+/**
+ * Max file size rule.
+ */
+declare function maxFileSize(bytes: number): ValidationRule;
+/**
+ * Min file size rule.
+ */
+declare function minFileSize(bytes: number): ValidationRule;
+/**
+ * Custom rule - create a custom validation rule.
+ */
+declare function custom(validate: (value: unknown, field: string, data: Record<string, unknown>) => boolean | string | Promise<boolean | string>, message?: string): ValidationRule;
+/**
+ * Unique rule (async) - checks uniqueness via callback.
+ */
+declare function unique(callback: (value: unknown, field: string) => Promise<boolean>): ValidationRule;
+/**
+ * Exists rule (async) - checks existence via callback.
+ */
+declare function exists(callback: (value: unknown, field: string) => Promise<boolean>): ValidationRule;
+
+/**
+ * Seeder class interface.
+ */
+interface SeederClass {
+    new (): Seeder;
+}
+/**
+ * Abstract seeder interface.
+ */
+interface Seeder {
+    run(): Promise<void>;
+}
+/**
+ * Factory class interface.
+ */
+interface FactoryClass<T> {
+    new (): Factory<T>;
+}
+/**
+ * Abstract factory interface.
+ */
+interface Factory<T> {
+    definition(): Partial<T>;
+    make(overrides?: Partial<T>): T;
+    makeMany(count: number, overrides?: Partial<T>): T[];
+    create(overrides?: Partial<T>): Promise<T>;
+    createMany(count: number, overrides?: Partial<T>): Promise<T[]>;
+}
+/**
+ * Seeder runner options.
+ */
+interface SeederRunnerOptions {
+    /**
+     * Path to seeders directory.
+     */
+    seedersPath?: string;
+    /**
+     * Default seeder class name.
+     */
+    defaultSeeder?: string;
+    /**
+     * Force run in production.
+     */
+    force?: boolean;
+    /**
+     * Silent mode (no console output).
+     */
+    silent?: boolean;
+}
+
+/**
+ * Reset called seeders tracking (for testing).
+ */
+declare function resetCalledSeeders(): void;
+/**
+ * Abstract base class for database seeders.
+ */
+declare abstract class BaseSeeder {
+    /**
+     * Run the seeder.
+     */
+    abstract run(): Promise<void>;
+    /**
+     * Call another seeder.
+     */
+    protected call(SeederClass: SeederClass): Promise<void>;
+    /**
+     * Call another seeder only once.
+     * Useful for avoiding duplicate data when seeders have dependencies.
+     */
+    protected callOnce(SeederClass: SeederClass): Promise<void>;
+    /**
+     * Call multiple seeders in sequence.
+     */
+    protected callMany(seeders: SeederClass[]): Promise<void>;
+    /**
+     * Call multiple seeders in parallel.
+     */
+    protected callParallel(seeders: SeederClass[]): Promise<void>;
+}
+
+/**
+ * State definition for factories.
+ */
+type StateDefinition<T> = Partial<T> | ((attributes: Partial<T>) => Partial<T>);
+/**
+ * Abstract base class for model factories.
+ */
+declare abstract class BaseFactory<T> {
+    private _sequence;
+    private _states;
+    private _activeStates;
+    private _afterCreatingCallbacks;
+    private _afterMakingCallbacks;
+    /**
+     * Get the current sequence number.
+     */
+    protected get sequence(): number;
+    /**
+     * Define the default attributes for the model.
+     */
+    abstract definition(): Partial<T>;
+    /**
+     * Create a model instance (to be overridden for persistence).
+     */
+    protected persist(attributes: Partial<T>): Promise<T>;
+    /**
+     * Define a state.
+     */
+    state(name: string, state: StateDefinition<T>): this;
+    /**
+     * Apply a state to the factory.
+     */
+    withState(name: string): this;
+    /**
+     * Apply multiple states.
+     */
+    withStates(...names: string[]): this;
+    /**
+     * Register a callback to run after creating.
+     */
+    afterCreating(callback: (model: T) => void | Promise<void>): this;
+    /**
+     * Register a callback to run after making.
+     */
+    afterMaking(callback: (model: T) => void | Promise<void>): this;
+    /**
+     * Make a model instance without persisting.
+     */
+    make(overrides?: Partial<T>): T;
+    /**
+     * Make multiple model instances without persisting.
+     */
+    makeMany(count: number, overrides?: Partial<T>): T[];
+    /**
+     * Create and persist a model instance.
+     */
+    create(overrides?: Partial<T>): Promise<T>;
+    /**
+     * Create and persist multiple model instances.
+     */
+    createMany(count: number, overrides?: Partial<T>): Promise<T[]>;
+    /**
+     * Reset the sequence counter.
+     */
+    resetSequence(): this;
+    /**
+     * Clear active states.
+     */
+    clearStates(): this;
+    /**
+     * Create a new factory instance with fresh state.
+     */
+    fresh(): this;
+}
+
+/**
+ * Helper to create a simple factory with a definition function.
+ */
+declare function defineFactory<T>(definition: (sequence: number) => Partial<T>, persist?: (attributes: Partial<T>) => Promise<T>): BaseFactory<T>;
+
+/**
+ * Seeder runner for executing database seeders.
+ */
+declare class SeederRunner {
+    private options;
+    private seeders;
+    constructor(options?: SeederRunnerOptions);
+    /**
+     * Register a seeder class.
+     */
+    register(name: string, seeder: SeederClass): this;
+    /**
+     * Register multiple seeder classes.
+     */
+    registerMany(seeders: Record<string, SeederClass>): this;
+    /**
+     * Run a specific seeder by name or class.
+     */
+    run(seeder?: string | SeederClass): Promise<void>;
+    /**
+     * Run multiple seeders in sequence.
+     */
+    runMany(seeders: Array<string | SeederClass>): Promise<void>;
+    /**
+     * Resolve a seeder by name.
+     */
+    private resolveSeeder;
+    /**
+     * Get available seeders from the seeders directory.
+     */
+    getAvailableSeeders(): Promise<string[]>;
+    /**
+     * Log a message if not silent.
+     */
+    private log;
+}
+/**
+ * Create a seeder runner.
+ */
+declare function createSeederRunner(options?: SeederRunnerOptions): SeederRunner;
+
+/**
+ * Resource data type.
+ */
+type ResourceData = Record<string, unknown>;
+type ValidationErrors<TField extends string = string> = Partial<Record<TField | 'message', string>>;
+/**
+ * Pagination meta information.
+ */
+interface PaginationMeta {
+    currentPage: number;
+    lastPage: number;
+    perPage: number;
+    total: number;
+    from: number | null;
+    to: number | null;
+}
+/**
+ * Pagination links.
+ */
+interface PaginationPageLink {
+    page: number;
+    url: string | null;
+    active: boolean;
+}
+interface PaginationLinks {
+    first: string | null;
+    last: string | null;
+    prev: string | null;
+    next: string | null;
+    pages: PaginationPageLink[];
+}
+/**
+ * Paginated response structure.
+ */
+interface PaginatedResponse<T> {
+    data: T[];
+    meta: PaginationMeta;
+    links: PaginationLinks;
+}
+interface PaginatedPageProps<T> extends Record<string, unknown> {
+    data: T[];
+    pagination: {
+        meta: PaginationMeta;
+        links: PaginationLinks;
+    };
+}
+/**
+ * Cursor pagination meta information.
+ */
+interface CursorPaginationMeta {
+    perPage: number;
+    nextCursor: string | null;
+    prevCursor: string | null;
+    hasMore: boolean;
+}
+/**
+ * Cursor paginated response structure.
+ */
+interface CursorPaginatedResponse<T> {
+    data: T[];
+    meta: CursorPaginationMeta;
+}
+/**
+ * Paginator options.
+ */
+interface PaginatorOptions {
+    path?: string;
+    query?: Record<string, string>;
+    fragment?: string;
+}
+/**
+ * Cursor paginator options.
+ */
+interface CursorPaginatorOptions {
+    cursorName?: string;
+    parameters?: Record<string, string>;
+}
+/**
+ * Resource class type.
+ */
+interface ResourceClass<T, R extends BaseResource<T>> {
+    new (resource: T): R;
+}
+/**
+ * Base resource interface.
+ */
+interface BaseResource<T> {
+    toArray(): ResourceData;
+    toJSON(): ResourceData;
+}
+type InferResourceData<TResource extends BaseResource<unknown>> = ReturnType<TResource['toJSON']>;
+
+/**
+ * Abstract base class for API resources.
+ * Transforms model data into API response format.
+ */
+declare abstract class Resource<T> {
+    /**
+     * The underlying resource.
+     */
+    protected resource: T;
+    /**
+     * Additional data to merge with the resource.
+     */
+    protected additionalData: ResourceData;
+    constructor(resource: T);
+    /**
+     * Transform the resource into an array/object.
+     * Must be implemented by subclasses.
+     */
+    abstract toArray(): ResourceData;
+    /**
+     * Transform the resource to JSON.
+     */
+    toJSON(): ResourceData;
+    /**
+     * Add additional data to the resource.
+     */
+    additional(data: ResourceData): this;
+    /**
+     * Conditionally include a value.
+     */
+    when<V>(condition: boolean, value: V | (() => V)): V | undefined;
+    /**
+     * Conditionally include a value with a default.
+     */
+    whenOr<V>(condition: boolean, value: V | (() => V), defaultValue: V): V;
+    /**
+     * Include a value only if a relation is loaded.
+     */
+    whenLoaded<V>(relation: string, value: V | (() => V), defaultValue?: V): V | undefined;
+    /**
+     * Include a value only if it's not null/undefined.
+     */
+    whenNotNull<V>(value: V | null | undefined): V | undefined;
+    /**
+     * Merge another resource's data.
+     */
+    merge(data: ResourceData): ResourceData;
+    /**
+     * Create a new resource instance.
+     */
+    static make<T, R extends Resource<T>>(this: new (resource: T) => R, resource: T): R;
+    /**
+     * Create a collection of resources.
+     */
+    static collection<T, R extends Resource<T>>(this: new (resource: T) => R, resources: T[]): ResourceData[];
+}
+/**
+ * Create a resource collection from a resource class.
+ */
+declare function collect<T, R extends Resource<T>>(resources: T[], resourceClass: ResourceClass<T, R>): ResourceData[];
+/**
+ * Simple resource wrapper for objects without transformation.
+ */
+declare class JsonResource<T extends Record<string, unknown>> extends Resource<T> {
+    toArray(): ResourceData;
+}
+
+interface PaginatedResultLike<T> {
+    data: T[];
+    meta: {
+        total: number;
+        perPage: number;
+        currentPage: number;
+    };
+}
+/**
+ * Paginator for offset-based pagination.
+ */
+declare class Paginator<T> {
+    protected _items: T[];
+    protected _total: number;
+    protected _perPage: number;
+    protected _currentPage: number;
+    protected _options: PaginatorOptions;
+    constructor(items: T[], total: number, perPage: number, currentPage: number, options?: PaginatorOptions);
+    /**
+     * Get the paginated items.
+     */
+    items(): T[];
+    /**
+     * Get total number of items.
+     */
+    total(): number;
+    /**
+     * Get items per page.
+     */
+    perPage(): number;
+    /**
+     * Get current page number.
+     */
+    currentPage(): number;
+    /**
+     * Get last page number.
+     */
+    lastPage(): number;
+    /**
+     * Check if there are more pages.
+     */
+    hasMorePages(): boolean;
+    /**
+     * Check if on first page.
+     */
+    onFirstPage(): boolean;
+    /**
+     * Check if on last page.
+     */
+    onLastPage(): boolean;
+    /**
+     * Get the "from" index (1-based).
+     */
+    firstItem(): number | null;
+    /**
+     * Get the "to" index (1-based).
+     */
+    lastItem(): number | null;
+    /**
+     * Get the number of items on current page.
+     */
+    count(): number;
+    /**
+     * Check if the paginator is empty.
+     */
+    isEmpty(): boolean;
+    /**
+     * Check if the paginator is not empty.
+     */
+    isNotEmpty(): boolean;
+    /**
+     * Get pagination meta information.
+     */
+    meta(): PaginationMeta;
+    /**
+     * Build URL for a page.
+     */
+    protected url(page: number): string;
+    /**
+     * Get pagination links.
+     */
+    links(): PaginationLinks;
+    /**
+     * Set the base path for pagination links.
+     */
+    withPath(path: string): this;
+    /**
+     * Set query parameters for pagination links.
+     */
+    withQuery(query: Record<string, string>): this;
+    /**
+     * Set fragment for pagination links.
+     */
+    fragment(fragment: string): this;
+    /**
+     * Transform items to resources.
+     */
+    toResource<R extends Resource<T>>(resourceClass: ResourceClass<T, R>): PaginatedResponse<ResourceData>;
+    /**
+     * Transform to JSON.
+     */
+    toJSON(): PaginatedResponse<T>;
+    /**
+     * Map over items.
+     */
+    map<U>(callback: (item: T, index: number) => U): Paginator<U>;
+    /**
+     * Get items as array.
+     */
+    toArray(): T[];
+    /**
+     * Iterate over items.
+     */
+    [Symbol.iterator](): Iterator<T>;
+    /**
+     * Create paginator from array (slices the array).
+     */
+    static fromArray<T>(items: T[], page: number, perPage: number, options?: PaginatorOptions): Paginator<T>;
+    /**
+     * Create paginator from an ORM-style paginated result.
+     */
+    static fromPaginatedResult<T>(result: PaginatedResultLike<T>, options?: PaginatorOptions): Paginator<T>;
+}
+/**
+ * Create a paginator.
+ */
+declare function paginate<T>(result: PaginatedResultLike<T>, options?: PaginatorOptions): Paginator<T>;
+declare function paginate<T>(items: T[], total: number, perPage: number, currentPage: number, options?: PaginatorOptions): Paginator<T>;
+
+/**
+ * Collection of resources with additional metadata.
+ */
+declare class ResourceCollection<T, R extends Resource<T>> {
+    protected resources: T[];
+    protected resourceClass: ResourceClass<T, R>;
+    protected additionalData: ResourceData;
+    protected wrapKey: string | null;
+    constructor(resources: T[], resourceClass: ResourceClass<T, R>);
+    /**
+     * Transform all resources to an array.
+     */
+    toArray(): ResourceData[];
+    /**
+     * Add additional data to the collection response.
+     */
+    additional(data: ResourceData): this;
+    /**
+     * Set the wrapper key for the collection.
+     */
+    wrap(key: string | null): this;
+    /**
+     * Disable wrapping.
+     */
+    withoutWrapping(): this;
+    /**
+     * Get the number of resources.
+     */
+    count(): number;
+    /**
+     * Check if collection is empty.
+     */
+    isEmpty(): boolean;
+    /**
+     * Check if collection is not empty.
+     */
+    isNotEmpty(): boolean;
+    /**
+     * Transform to JSON response.
+     */
+    toJSON(): ResourceData;
+    /**
+     * Map over the resources.
+     */
+    map<U>(callback: (resource: T, index: number) => U): U[];
+    /**
+     * Filter resources.
+     */
+    filter(callback: (resource: T, index: number) => boolean): ResourceCollection<T, R>;
+    /**
+     * Get the underlying resources.
+     */
+    all(): T[];
+    /**
+     * Create a resource collection.
+     */
+    static make<T, R extends Resource<T>>(resources: T[], resourceClass: ResourceClass<T, R>): ResourceCollection<T, R>;
+}
+
+/**
+ * Cursor paginator for cursor-based pagination.
+ * Ideal for infinite scroll and real-time data.
+ */
+declare class CursorPaginator<T> {
+    protected _items: T[];
+    protected _perPage: number;
+    protected _currentCursor: string | null;
+    protected _nextCursor: string | null;
+    protected _prevCursor: string | null;
+    protected _hasMore: boolean;
+    protected _options: CursorPaginatorOptions;
+    constructor(items: T[], perPage: number, hasMore: boolean, options?: CursorPaginatorOptions & {
+        currentCursor?: string | null;
+        nextCursor?: string | null;
+        prevCursor?: string | null;
+    });
+    /**
+     * Get the paginated items.
+     */
+    items(): T[];
+    /**
+     * Get items per page.
+     */
+    perPage(): number;
+    /**
+     * Get the current cursor.
+     */
+    currentCursor(): string | null;
+    /**
+     * Get the next cursor.
+     */
+    nextCursor(): string | null;
+    /**
+     * Get the previous cursor.
+     */
+    prevCursor(): string | null;
+    /**
+     * Check if there are more items.
+     */
+    hasMorePages(): boolean;
+    /**
+     * Check if there are previous items.
+     */
+    hasPreviousPages(): boolean;
+    /**
+     * Get the number of items.
+     */
+    count(): number;
+    /**
+     * Check if empty.
+     */
+    isEmpty(): boolean;
+    /**
+     * Check if not empty.
+     */
+    isNotEmpty(): boolean;
+    /**
+     * Get cursor pagination meta.
+     */
+    meta(): CursorPaginationMeta;
+    /**
+     * Transform items to resources.
+     */
+    toResource<R extends Resource<T>>(resourceClass: ResourceClass<T, R>): CursorPaginatedResponse<ResourceData>;
+    /**
+     * Transform to JSON.
+     */
+    toJSON(): CursorPaginatedResponse<T>;
+    /**
+     * Map over items.
+     */
+    map<U>(callback: (item: T, index: number) => U): CursorPaginator<U>;
+    /**
+     * Get items as array.
+     */
+    toArray(): T[];
+    /**
+     * Iterate over items.
+     */
+    [Symbol.iterator](): Iterator<T>;
+    /**
+     * Create cursor paginator from array with ID-based cursor.
+     */
+    static fromArray<T extends {
+        id: string | number;
+    }>(items: T[], cursor: string | null, perPage: number, options?: CursorPaginatorOptions): CursorPaginator<T>;
+}
+/**
+ * Encode a cursor value.
+ */
+declare function encodeCursor(value: string | number | Date): string;
+/**
+ * Decode a cursor value.
+ */
+declare function decodeCursor(cursor: string): string;
+/**
+ * Create a cursor paginator.
+ */
+declare function cursorPaginate<T>(items: T[], perPage: number, hasMore: boolean, options?: CursorPaginatorOptions & {
+    currentCursor?: string | null;
+    nextCursor?: string | null;
+    prevCursor?: string | null;
+}): CursorPaginator<T>;
+
+/**
+ * Parse a command signature into argument and option definitions.
+ *
+ * Signature format:
+ * - `command:name` - Command name
+ * - `{argument}` - Required argument
+ * - `{argument?}` - Optional argument
+ * - `{argument=default}` - Argument with default
+ * - `{argument*}` - Array argument (must be last)
+ * - `{--option}` - Boolean option (flag)
+ * - `{--option=}` - Option that requires a value
+ * - `{--option=default}` - Option with default value
+ * - `{-o|--option}` - Option with shortcut
+ * - `{--option=*}` - Array option
+ *
+ * @example
+ * ```typescript
+ * parseSignature('users:create {name} {--admin} {--role=user}')
+ * // => {
+ * //   name: 'users:create',
+ * //   arguments: [{ name: 'name', required: true, array: false }],
+ * //   options: [
+ * //     { name: 'admin', requiresValue: false },
+ * //     { name: 'role', requiresValue: true, defaultValue: 'user' }
+ * //   ]
+ * // }
+ * ```
+ */
+declare function parseSignature(signature: string): ParsedSignature;
+/**
+ * Console input handler.
+ *
+ * @example
+ * ```typescript
+ * const input = new Input('users:create {name} {--admin}', ['John', '--admin'])
+ * input.argument('name') // => 'John'
+ * input.option('admin') // => true
+ * ```
+ */
+declare class Input implements InputInterface {
+    /**
+     * Parsed signature.
+     */
+    protected parsed: ParsedSignature;
+    /**
+     * Parsed argument values.
+     */
+    protected argumentValues: Record<string, string | string[]>;
+    /**
+     * Parsed option values.
+     */
+    protected optionValues: Record<string, string | boolean | string[]>;
+    constructor(signature: string, argv?: string[]);
+    /**
+     * Parse command line arguments.
+     */
+    protected parseArgv(argv: string[]): void;
+    /**
+     * Parse a long option.
+     */
+    protected parseLongOption(option: string, argv: string[], index: number): void;
+    /**
+     * Parse a short option.
+     */
+    protected parseShortOption(option: string, argv: string[], index: number): void;
+    /**
+     * Map positional arguments to definitions.
+     */
+    protected mapArguments(args: string[]): void;
+    /**
+     * Find an option definition by name.
+     */
+    protected findOption(name: string): OptionDefinition | undefined;
+    /**
+     * Find an option definition by shortcut.
+     */
+    protected findOptionByShortcut(shortcut: string): OptionDefinition | undefined;
+    /**
+     * Check if an option requires a value.
+     */
+    protected optionRequiresValue(name: string): boolean;
+    /**
+     * Get an argument value.
+     */
+    argument<T = string>(name: string): T;
+    /**
+     * Get all argument values.
+     */
+    arguments(): Record<string, string | string[]>;
+    /**
+     * Get an option value.
+     */
+    option<T = string | boolean>(name: string): T | undefined;
+    /**
+     * Get all option values.
+     */
+    options(): Record<string, string | boolean | string[]>;
+    /**
+     * Check if an option was provided.
+     */
+    hasOption(name: string): boolean;
+    /**
+     * Get the parsed signature.
+     */
+    getSignature(): ParsedSignature;
+    /**
+     * Get the command name.
+     */
+    getCommandName(): string;
+}
+
+/**
+ * Base command class for console commands.
+ *
+ * @example
+ * ```typescript
+ * export class CreateUserCommand extends Command {
+ *   static signature = 'users:create {email} {--admin} {--role=user}'
+ *   static description = 'Create a new user'
+ *
+ *   async handle(): Promise<void> {
+ *     const email = this.argument('email')
+ *     const isAdmin = this.hasOption('admin')
+ *     const role = this.option('role', 'user')
+ *
+ *     const password = await this.secret('Enter password:')
+ *     const confirm = await this.confirm(`Create user ${email}?`)
+ *
+ *     if (!confirm) {
+ *       this.warn('Cancelled')
+ *       return
+ *     }
+ *
+ *     this.info(`Creating user: ${email}`)
+ *     this.success('User created!')
+ *   }
+ * }
+ * ```
+ */
+declare abstract class Command implements CommandInstance {
+    /**
+     * The command signature.
+     * Format: 'command:name {arg} {--option}'
+     */
+    static signature: string;
+    /**
+     * The command description.
+     */
+    static description: string;
+    /**
+     * The command input.
+     */
+    protected input: Input;
+    /**
+     * The command output.
+     */
+    protected output: OutputInterface;
+    /**
+     * The service container.
+     */
+    protected container?: Container;
+    constructor(container?: Container);
+    /**
+     * Set the input for this command.
+     */
+    setInput(argv: string[]): void;
+    /**
+     * Set the output for this command.
+     */
+    setOutput(output: OutputInterface): void;
+    /**
+     * Execute the command.
+     */
+    run(): Promise<number>;
+    /**
+     * Handle the command.
+     * Must be implemented by subclasses.
+     */
+    abstract handle(): Promise<number | void>;
+    /**
+     * Get an argument value.
+     */
+    argument<T = string>(name: string): T;
+    /**
+     * Get all arguments.
+     */
+    arguments(): Record<string, string | string[]>;
+    /**
+     * Get an option value with optional default.
+     */
+    option<T = string>(name: string, defaultValue?: T): T;
+    /**
+     * Get all options.
+     */
+    options(): Record<string, string | boolean | string[]>;
+    /**
+     * Check if an option was provided.
+     */
+    hasOption(name: string): boolean;
+    /**
+     * Output an info message.
+     */
+    info(message: string): void;
+    /**
+     * Output an error message.
+     */
+    error(message: string): void;
+    /**
+     * Output a warning message.
+     */
+    warn(message: string): void;
+    /**
+     * Output a success message.
+     */
+    success(message: string): void;
+    /**
+     * Output a plain line.
+     */
+    line(message: string): void;
+    /**
+     * Output new lines.
+     */
+    newLine(count?: number): void;
+    /**
+     * Output a table.
+     */
+    table(headers: string[], rows: string[][]): void;
+    /**
+     * Ask a question and get user input.
+     */
+    ask(question: string, defaultValue?: string): Promise<string>;
+    /**
+     * Ask for confirmation.
+     */
+    confirm(question: string, defaultValue?: boolean): Promise<boolean>;
+    /**
+     * Present choices to the user.
+     */
+    choice<T extends string>(question: string, choices: T[], defaultValue?: T): Promise<T>;
+    /**
+     * Ask for secret input (password).
+     */
+    secret(question: string): Promise<string>;
+    /**
+     * Create a readline interface.
+     */
+    protected createReadline(): readline.Interface;
+    /**
+     * Process items with progress output.
+     */
+    withProgress<T>(items: T[], callback: (item: T, index: number) => Promise<void>): Promise<void>;
+    /**
+     * Kernel reference for calling other commands.
+     */
+    protected kernel?: {
+        handle(argv: string[]): Promise<number>;
+    };
+    /**
+     * Set the kernel reference.
+     */
+    setKernel(kernel: {
+        handle(argv: string[]): Promise<number>;
+    }): void;
+    /**
+     * Call another command.
+     */
+    call(command: string, args?: string[]): Promise<number>;
+    /**
+     * Call another command silently.
+     */
+    callSilent(command: string, args?: string[]): Promise<number>;
+    /**
+     * Resolve a service from the container.
+     */
+    protected resolve<T>(key: string): T;
+    /**
+     * Get the command signature.
+     */
+    getSignature(): string;
+    /**
+     * Get the command description.
+     */
+    getDescription(): string;
+    /**
+     * Get the command name.
+     */
+    getName(): string;
+}
+
+/**
+ * ANSI color codes.
+ */
+declare const COLORS: {
+    readonly reset: "\u001B[0m";
+    readonly bold: "\u001B[1m";
+    readonly dim: "\u001B[2m";
+    readonly black: "\u001B[30m";
+    readonly red: "\u001B[31m";
+    readonly green: "\u001B[32m";
+    readonly yellow: "\u001B[33m";
+    readonly blue: "\u001B[34m";
+    readonly magenta: "\u001B[35m";
+    readonly cyan: "\u001B[36m";
+    readonly white: "\u001B[37m";
+    readonly bgRed: "\u001B[41m";
+    readonly bgGreen: "\u001B[42m";
+    readonly bgYellow: "\u001B[43m";
+    readonly bgBlue: "\u001B[44m";
+    readonly bgMagenta: "\u001B[45m";
+    readonly bgCyan: "\u001B[46m";
+    readonly bgWhite: "\u001B[47m";
+};
+/**
+ * Console output handler.
+ *
+ * @example
+ * ```typescript
+ * const output = new Output()
+ * output.info('Processing...')
+ * output.success('Done!')
+ * output.table(['Name', 'Age'], [['John', '30'], ['Jane', '25']])
+ * ```
+ */
+declare class Output implements OutputInterface {
+    /**
+     * Whether to use colors.
+     */
+    protected useColors: boolean;
+    /**
+     * Output stream.
+     */
+    protected stdout: NodeJS.WriteStream;
+    /**
+     * Error stream.
+     */
+    protected stderr: NodeJS.WriteStream;
+    constructor(options?: {
+        colors?: boolean;
+        stdout?: NodeJS.WriteStream;
+        stderr?: NodeJS.WriteStream;
+    });
+    /**
+     * Apply color to text.
+     */
+    protected color(text: string, ...codes: string[]): string;
+    /**
+     * Output an info message.
+     */
+    info(message: string): void;
+    /**
+     * Output an error message.
+     */
+    error(message: string): void;
+    /**
+     * Output a warning message.
+     */
+    warn(message: string): void;
+    /**
+     * Output a success message.
+     */
+    success(message: string): void;
+    /**
+     * Output a plain line.
+     */
+    line(message: string): void;
+    /**
+     * Output new lines.
+     */
+    newLine(count?: number): void;
+    /**
+     * Output a table.
+     */
+    table(headers: string[], rows: string[][]): void;
+    /**
+     * Write raw text without newline.
+     */
+    write(message: string): void;
+    /**
+     * Write a line to stdout.
+     */
+    protected writeLine(message: string): void;
+    /**
+     * Write a line to stderr.
+     */
+    protected writeErrorLine(message: string): void;
+    /**
+     * Output a comment.
+     */
+    comment(message: string): void;
+    /**
+     * Output a question.
+     */
+    question(message: string): void;
+    /**
+     * Output a bulleted list.
+     */
+    listing(items: string[]): void;
+    /**
+     * Output text with specific color.
+     */
+    colored(message: string, color: keyof typeof COLORS): void;
+    /**
+     * Create a progress bar string.
+     */
+    progressBar(current: number, total: number, width?: number): string;
+    /**
+     * Clear the current line.
+     */
+    clearLine(): void;
+    /**
+     * Check if colors are enabled.
+     */
+    isColored(): boolean;
+    /**
+     * Enable or disable colors.
+     */
+    setColors(enabled: boolean): void;
+}
+/**
+ * Output that collects messages instead of printing.
+ * Useful for testing.
+ */
+declare class BufferedOutput extends Output {
+    /**
+     * Collected messages.
+     */
+    protected buffer: string[];
+    constructor();
+    protected writeLine(message: string): void;
+    protected writeErrorLine(message: string): void;
+    write(message: string): void;
+    /**
+     * Get all output as array.
+     */
+    getLines(): string[];
+    /**
+     * Get all output as string.
+     */
+    getOutput(): string;
+    /**
+     * Clear the buffer.
+     */
+    clear(): void;
+    /**
+     * Check if buffer contains a string.
+     */
+    contains(text: string): boolean;
+}
+
+/**
+ * Create a proxy-based facade that lazily resolves a service from an application container.
+ *
+ * The returned proxy intercepts all property access and method calls,
+ * resolving the underlying service from the container on each access.
+ * This ensures that container fakes and flushes are respected.
+ *
+ * @example
+ * ```typescript
+ * import { createFacades } from '@guren/server/facades'
+ *
+ * const { Cache, Events } = createFacades(container)
+ * await Cache.get('key')
+ * Events.emit('user.created', payload)
+ * ```
+ */
+declare function createFacade<K extends keyof ServiceBindings>(container: Pick<Container, 'make'>, key: K): ServiceBindings[K];
+declare function createFacades(container: Pick<Container, 'make'>): {
+    readonly Cache: CacheManager;
+    readonly Events: EventManager;
+    readonly Queue: QueueManager;
+    readonly Mail: MailManager;
+    readonly Log: LogManager;
+    readonly I18n: I18nManager;
+    readonly Notifications: NotificationManager;
+    readonly Broadcast: BroadcastManager;
+    readonly Storage: StorageManager;
+    readonly Scheduler: Scheduler;
+};
+
+/**
+ * Options for configuring the auto-discovery engine.
+ */
+interface DiscoveryOptions {
+    /** Base path for scanning. Defaults to `process.cwd()`. */
+    basePath?: string;
+    /** Whether to discover service providers in `app/Providers/`. Defaults to `true`. */
+    providers?: boolean;
+    /** Whether to discover event listeners in `app/Listeners/`. Defaults to `true`. */
+    listeners?: boolean;
+    /** Whether to discover jobs in `app/Jobs/`. Defaults to `true`. */
+    jobs?: boolean;
+    /** Whether to discover events in `app/Events/`. Defaults to `true`. */
+    events?: boolean;
+}
+/**
+ * Result of the auto-discovery scan.
+ */
+interface DiscoveryResult {
+    /** Discovered service provider classes. */
+    providers: Array<new (...args: unknown[]) => unknown>;
+    /** Discovered event listeners with their associated event name. */
+    listeners: Array<{
+        event: string;
+        listener: new () => unknown;
+    }>;
+    /** Discovered job classes. */
+    jobs: Array<new () => unknown>;
+    /** Discovered event classes. */
+    events: Array<new () => unknown>;
+}
+/**
+ * Auto-discovery engine that scans application directories and discovers
+ * framework components (providers, listeners, jobs, events).
+ *
+ * Uses `Bun.Glob` to scan directories and dynamic `import()` to load modules.
+ *
+ * @example
+ * ```typescript
+ * const discovery = new AutoDiscovery({ basePath: '/app' })
+ * const result = await discovery.discover()
+ *
+ * // Register discovered providers
+ * for (const ProviderClass of result.providers) {
+ *   providerManager.register(ProviderClass)
+ * }
+ *
+ * // Register discovered listeners
+ * for (const { event, listener } of result.listeners) {
+ *   eventManager.listen(event, listener)
+ * }
+ * ```
+ */
+declare class AutoDiscovery {
+    private basePath;
+    private options;
+    constructor(options?: DiscoveryOptions);
+    /**
+     * Run the discovery scan across all enabled directories.
+     */
+    discover(): Promise<DiscoveryResult>;
+    /**
+     * Discover service providers in `app/Providers/`.
+     *
+     * A module is considered a provider if it exports a class (default or named)
+     * that has a `register` method (i.e., implements the Provider interface).
+     */
+    private discoverProviders;
+    /**
+     * Discover event listeners in `app/Listeners/`.
+     *
+     * A listener class must have a `static event` property (string) that indicates
+     * which event it handles, and a `handle` method.
+     */
+    private discoverListeners;
+    /**
+     * Discover jobs in `app/Jobs/`.
+     *
+     * A job class must have a `handle` method.
+     */
+    private discoverJobs;
+    /**
+     * Discover events in `app/Events/`.
+     *
+     * Any exported class from the Events directory is considered an event class.
+     */
+    private discoverEvents;
+    /**
+     * Scan a directory for TypeScript files using Bun.Glob.
+     * Returns an array of imported modules. Skips `index.ts` barrel files.
+     */
+    private scanDirectory;
+    /**
+     * Extract all class constructors (functions) from a module's exports.
+     */
+    private extractClasses;
+    /**
+     * Check if a value is a constructor function (class).
+     */
+    private isConstructor;
+    /**
+     * Check if a class looks like a service provider (has a `register` method).
+     */
+    private isProvider;
+    /**
+     * Get the `static event` property from a class, if it exists and is a string.
+     */
+    private getStaticEvent;
+    /**
+     * Check if a class has a `handle` method on its prototype.
+     */
+    private hasHandleMethod;
+}
+
+/**
+ * Render a rich HTML debug error page for development mode.
+ *
+ * When an error occurs and NODE_ENV is not 'production', this function
+ * generates a helpful page displaying the error class, message, stack trace
+ * with source context, and request details.
+ */
+declare function renderDebugPage(error: Error, request?: Request): string;
+/**
+ * Middleware that catches errors and renders a debug page in development.
+ * In production (NODE_ENV === 'production'), errors are re-thrown so
+ * downstream handlers or the ExceptionHandler can process them normally.
+ *
+ * @example
+ * ```typescript
+ * import { debugErrorMiddleware } from '@guren/server/errors/debug-page'
+ *
+ * app.use('*', debugErrorMiddleware())
+ * ```
+ */
+declare function debugErrorMiddleware(): MiddlewareHandler;
+
+/**
+ * Options for creating a Redis client.
+ */
+interface RedisClientOptions extends RedisOptions {
+    /**
+     * Redis connection URL (e.g., 'redis://localhost:6379').
+     * If provided, overrides host/port/password.
+     */
+    url?: string;
+    /**
+     * Key prefix for all operations.
+     * @default ''
+     */
+    keyPrefix?: string;
+}
+/**
+ * Create a Redis client with the given options.
+ *
+ * @example
+ * ```ts
+ * // Using URL
+ * const redis = createRedisClient({ url: 'redis://localhost:6379' })
+ *
+ * // Using host/port
+ * const redis = createRedisClient({ host: 'localhost', port: 6379 })
+ *
+ * // With key prefix
+ * const redis = createRedisClient({
+ *   url: process.env.REDIS_URL,
+ *   keyPrefix: 'myapp:',
+ * })
+ * ```
+ */
+declare function createRedisClient(options?: RedisClientOptions): Redis;
+
+export { AUTH_CONTEXT_KEY, AuthContext, AuthContext as AuthRuntimeContext, AuthServiceProvider, AuthenticationException, AuthorizationException, AuthorizationServiceProvider, AutoDiscovery, BaseFactory, type BaseResource, BaseSeeder, BroadcastManager, BroadcastServiceProvider, BufferedOutput, CSP_NONCE_KEY, CacheManager, CacheServiceProvider, Command, CommandInstance, Container, type CorsOptions, type CspDirectives, type CspOptions, type CursorPaginatedResponse, type CursorPaginationMeta, CursorPaginator, type CursorPaginatorOptions, type DiscoveryOptions, type DiscoveryResult, EncryptionServiceProvider, ErrorResponse, ErrorServiceProvider, EventManager, EventServiceProvider, BaseFactory as Factory, type FactoryClass, type Factory as FactoryInterface, FieldValidator, type FileLike, type FileValidationOptions, type ForceHttpsOptions, FormRequest, HealthServiceProvider, HttpException, I18nManager, I18nServiceProvider, type ImageValidationOptions, InertiaServiceProvider, type InferResourceData, Input, InputInterface, JsonResource, LogManager, LogServiceProvider, MailManager, MailServiceProvider, MemoryRateLimitStore, MethodNotAllowedException, NotFoundHttpException, NotificationManager, NotificationServiceProvider, OAuthServiceProvider, OptionDefinition, Output, OutputInterface, type PaginatedPageProps, type PaginatedResponse, type PaginatedResultLike, type PaginationLinks, type PaginationMeta, type PaginationPageLink, Paginator, type PaginatorOptions, ParsedSignature, QueueManager, QueueServiceProvider, type RateLimitEntry, type RateLimitInfo, type RateLimitOptions, type RateLimitStore, type RedirectSafetyOptions, type RequireAuthOptions, Resource, type ResourceClass, ResourceCollection, type ResourceData, type RuleDefinition, Scheduler, SchedulingServiceProvider, BaseSeeder as Seeder, type SeederClass, type Seeder as SeederInterface, SeederRunner, type SeederRunnerOptions, ServiceBindings, ServiceProvider, SlidingWindowRateLimitStore, StorageManager, StorageServiceProvider, type ValidationErrors, ValidationException, type ValidationResult, type ValidationRule, Validator, type ValidatorOptions, ViewEngine, after, afterOrEqual, alpha, alphaDash, alphaNum, array as arrayRule, attachAuthContext, before, beforeOrEqual, between, boolean as booleanRule, collect, confirmed, createCorsMiddleware, createCspMiddleware, createFacade, createFacades, createForceHttpsMiddleware, createRateLimitMiddleware, createRedirectSafetyMiddleware, createRedisClient, createSeederRunner, createValidator, cursorPaginate, custom, dateFormat, date as dateRule, debugErrorMiddleware, decodeCursor, defineFactory, different, email as emailRule, encodeCursor, endsWith, exists, file as fileRule, getCspNonce, getRateLimitInfo, image as imageRule, inValues, integer, ip, ipv4, ipv6, isSafeRedirectUrl, json as jsonRule, max, maxFileSize, mimes, min, minFileSize, notIn, nullable, numeric, object as objectRule, paginate, parseSignature, quickValidate, quickValidateOrThrow, regex, renderDebugPage, renderErrorPage, requestIdMiddleware, requestLoggingMiddleware, requireAuthenticated, requireGuest, required, requiredIf, requiredUnless, requiredWith, requiredWithout, resetCalledSeeders, resetRateLimit, same, size, startsWith, string as stringRule, unique, url as urlRule, uuid as uuidRule };