@lastshotlabs/bunshot 0.0.25 → 0.0.28

package/dist/src/framework/middleware/errorHandler.js

@@ -0,0 +1,16 @@
+import { HttpError } from '../../../packages/bunshot-core/src/index.js';
+export const errorHandler = async (req, next) => {
+    try {
+        return await next(req);
+    }
+    catch (err) {
+        console.error(err);
+        if (err instanceof HttpError) {
+            const body = { error: err.message };
+            if (err.code !== undefined)
+                body.code = err.code;
+            return Response.json(body, { status: err.status });
+        }
+        return Response.json({ error: 'Internal Server Error' }, { status: 500 });
+    }
+};

package/dist/src/framework/middleware/index.js

@@ -0,0 +1 @@
+export const applyMiddleware = (handler, ...middleware) => middleware.reduceRight((next, mw) => req => mw(req, next), handler);

package/dist/{middleware → src/framework/middleware}/logger.d.ts

@@ -1,2 +1,2 @@
-import type { Middleware } from ".";
+import type { Middleware } from '.';
 export declare const logger: Middleware;

package/dist/src/framework/middleware/metrics.d.ts

@@ -0,0 +1,12 @@
+import type { MetricsState } from '../lib/metrics';
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
+export interface MetricsMiddlewareOptions {
+    /** Instance-owned metrics registry. */
+    state: MetricsState;
+    /** Paths to exclude from metrics collection. Strings use prefix matching. */
+    excludePaths?: (string | RegExp)[];
+    /** Custom path normalizer to prevent cardinality explosion. */
+    normalizePath?: (path: string) => string;
+}
+export declare const metricsCollector: (options: MetricsMiddlewareOptions) => MiddlewareHandler<AppEnv>;

package/dist/src/framework/middleware/metrics.js

@@ -0,0 +1,26 @@
+import { defaultNormalizePath, incrementCounter, observeHistogram } from '../lib/metrics';
+const DEFAULT_EXCLUDE = ['/metrics', '/health', '/docs', '/openapi.json'];
+export const metricsCollector = (options) => {
+    const { state, excludePaths = DEFAULT_EXCLUDE, normalizePath = defaultNormalizePath } = options;
+    return async (c, next) => {
+        const rawPath = c.req.path;
+        const excluded = excludePaths.some(p => typeof p === 'string' ? rawPath.startsWith(p) : p.test(rawPath));
+        if (excluded)
+            return next();
+        const start = performance.now();
+        await next();
+        const duration = (performance.now() - start) / 1000; // seconds
+        const method = c.req.method;
+        const path = normalizePath(rawPath);
+        const status = String(c.res.status);
+        const tenantId = c.get('tenantId') ?? undefined;
+        const labels = { method, path, status };
+        const durationLabels = { method, path };
+        if (tenantId) {
+            labels.tenant = tenantId;
+            durationLabels.tenant = tenantId;
+        }
+        incrementCounter(state, 'http_requests_total', labels);
+        observeHistogram(state, 'http_request_duration_seconds', durationLabels, duration);
+    };
+};

package/dist/{middleware → src/framework/middleware}/rateLimit.d.ts

@@ -1,5 +1,5 @@
-import type { MiddlewareHandler } from "hono";
-import type { AppEnv } from "../lib/context";
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
 export interface RateLimitOptions {
     windowMs: number;
     max: number;

package/dist/src/framework/middleware/rateLimit.js

@@ -0,0 +1,22 @@
+import { getBunshotCtx, getClientIp, getFingerprintBuilder, getRateLimitAdapter, } from '../../../packages/bunshot-core/src/index.js';
+export const rateLimit = ({ windowMs, max, fingerprintLimit = false, }) => {
+    const opts = { windowMs, max };
+    return async (c, next) => {
+        const ctx = getBunshotCtx(c);
+        const adapter = getRateLimitAdapter(ctx);
+        const ip = getClientIp(c);
+        // Per-tenant namespacing: each tenant gets independent rate limit buckets
+        const tenantId = c.get('tenantId');
+        const prefix = tenantId ? `t:${tenantId}:` : '';
+        if (await adapter.trackAttempt(`${prefix}ip:${ip}`, opts)) {
+            return c.json({ error: 'Too Many Requests' }, 429);
+        }
+        if (fingerprintLimit) {
+            const fp = await getFingerprintBuilder(ctx).buildFingerprint(c.req.raw);
+            if (await adapter.trackAttempt(`${prefix}fp:${fp}`, opts)) {
+                return c.json({ error: 'Too Many Requests' }, 429);
+            }
+        }
+        await next();
+    };
+};

package/dist/src/framework/middleware/requestId.d.ts

@@ -0,0 +1,3 @@
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
+export declare const requestId: MiddlewareHandler<AppEnv>;

package/dist/{middleware → src/framework/middleware}/requestId.js

@@ -1,7 +1,7 @@
-import { HEADER_REQUEST_ID } from "../lib/constants";
+import { HEADER_REQUEST_ID } from '../../../packages/bunshot-core/src/index.js';
 export const requestId = async (c, next) => {
     const id = c.req.header(HEADER_REQUEST_ID) ?? crypto.randomUUID();
-    c.set("requestId", id);
+    c.set('requestId', id);
     await next();
     c.res.headers.set(HEADER_REQUEST_ID, id);
 };

package/dist/{middleware → src/framework/middleware}/requestLogger.d.ts

@@ -1,6 +1,6 @@
-import type { MiddlewareHandler } from "hono";
-import type { AppEnv } from "../lib/context";
-export type LogLevel = "info" | "warn" | "error";
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
+export type LogLevel = 'info' | 'warn' | 'error';
 export interface RequestLogEntry {
     level: LogLevel;
     time: number;

package/dist/{middleware → src/framework/middleware}/requestLogger.js

@@ -1,13 +1,18 @@
-import { getClientIp } from "../lib/clientIp";
+import { getClientIp } from '../../../packages/bunshot-core/src/index.js';
 const LEVEL_ORDER = { info: 0, warn: 1, error: 2 };
 function statusToLevel(status) {
     if (status >= 500)
-        return "error";
+        return 'error';
     if (status >= 400)
-        return "warn";
-    return "info";
+        return 'warn';
+    return 'info';
 }
-const DEFAULT_EXCLUDE_PATHS = ["/health", "/docs", "/openapi.json", "/metrics"];
+const DEFAULT_EXCLUDE_PATHS = [
+    '/health',
+    '/docs',
+    '/openapi.json',
+    '/metrics',
+];
 export const requestLogger = (options = {}) => {
     const { onLog = (entry) => console.log(JSON.stringify(entry)), level: minLevel, excludePaths = DEFAULT_EXCLUDE_PATHS, excludeMethods, } = options;
     return async (c, next) => {
@@ -16,7 +21,7 @@ export const requestLogger = (options = {}) => {
             return next();
         }
         const path = c.req.path;
-        const excluded = excludePaths.some(p => typeof p === "string" ? path.startsWith(p) : p.test(path));
+        const excluded = excludePaths.some(p => typeof p === 'string' ? path.startsWith(p) : p.test(path));
         if (excluded) {
             return next();
         }
@@ -38,17 +43,17 @@ export const requestLogger = (options = {}) => {
         const entry = {
             level,
             time: Date.now(),
-            msg: `${method} ${path} ${error ? "ERROR" : statusCode}`,
-            requestId: c.get("requestId") ?? "unknown",
+            msg: `${method} ${path} ${error ? 'ERROR' : statusCode}`,
+            requestId: c.get('requestId') ?? 'unknown',
             method,
             path,
             statusCode,
             responseTime: Math.round((performance.now() - start) * 100) / 100,
             ip: getClientIp(c),
-            userAgent: c.req.header("user-agent") ?? null,
-            userId: c.get("authUserId") ?? null,
-            sessionId: c.get("sessionId") ?? null,
-            tenantId: c.get("tenantId") ?? null,
+            userAgent: c.req.header('user-agent') ?? null,
+            userId: c.get('authUserId') ?? null,
+            sessionId: c.get('sessionId') ?? null,
+            tenantId: c.get('tenantId') ?? null,
         };
         if (error) {
             entry.err = {

package/dist/{middleware → src/framework/middleware}/requestSigning.d.ts

@@ -1,5 +1,5 @@
-import type { MiddlewareHandler } from "hono";
-import type { AppEnv } from "../lib/context";
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
 export interface RequestSigningOptions {
     /** Allowed age of the timestamp in milliseconds. Default: 300_000 (5 min). */
     tolerance?: number;

package/dist/{middleware → src/framework/middleware}/requestSigning.js

@@ -1,6 +1,5 @@
-import { getSigningConfig, getSigningSecret } from "../lib/appConfig";
-import { hmacVerify } from "../lib/signing";
-import { HEADER_SIGNATURE, HEADER_TIMESTAMP } from "../lib/constants";
+import { hmacVerify } from '../../lib/signing';
+import { HEADER_SIGNATURE, HEADER_TIMESTAMP, HttpError } from '../../../packages/bunshot-core/src/index.js';
 /**
  * Canonicalize the query string for signing.
  *
@@ -13,19 +12,19 @@ import { HEADER_SIGNATURE, HEADER_TIMESTAMP } from "../lib/constants";
  */
 function canonicalizeQuery(search) {
     // Remove leading "?"
-    const qs = search.startsWith("?") ? search.slice(1) : search;
+    const qs = search.startsWith('?') ? search.slice(1) : search;
     if (!qs)
-        return "";
+        return '';
     const pairs = [];
-    for (const part of qs.split("&")) {
+    for (const part of qs.split('&')) {
         if (!part)
             continue;
-        const eqIdx = part.indexOf("=");
+        const eqIdx = part.indexOf('=');
         const rawKey = eqIdx === -1 ? part : part.slice(0, eqIdx);
-        const rawVal = eqIdx === -1 ? "" : part.slice(eqIdx + 1);
+        const rawVal = eqIdx === -1 ? '' : part.slice(eqIdx + 1);
         // Normalize encoding: decode then re-encode
-        const key = encodeURIComponent(decodeURIComponent(rawKey.replace(/\+/g, " ")));
-        const val = encodeURIComponent(decodeURIComponent(rawVal.replace(/\+/g, " ")));
+        const key = encodeURIComponent(decodeURIComponent(rawKey.replace(/\+/g, ' ')));
+        const val = encodeURIComponent(decodeURIComponent(rawVal.replace(/\+/g, ' ')));
         pairs.push([key, val]);
     }
     // Sort by key, then by value for repeated keys
@@ -34,7 +33,7 @@ function canonicalizeQuery(search) {
             return a[0] < b[0] ? -1 : 1;
         return a[1] < b[1] ? -1 : 1;
     });
-    return pairs.map(([k, v]) => `${k}=${v}`).join("&");
+    return pairs.map(([k, v]) => `${k}=${v}`).join('&');
 }
 /**
  * Middleware that verifies the client has HMAC-signed the canonical request.
@@ -46,13 +45,13 @@ function canonicalizeQuery(search) {
  * is a no-op pass-through.
  */
 export const requireSignedRequest = (opts) => async (c, next) => {
-    const cfg = getSigningConfig();
+    const cfg = c.get('bunshotCtx')?.signing;
     // No-op when request signing is not enabled
     if (!cfg?.requestSigning) {
         await next();
         return;
     }
-    const signingOpts = typeof cfg.requestSigning === "object" ? cfg.requestSigning : {};
+    const signingOpts = typeof cfg.requestSigning === 'object' ? cfg.requestSigning : {};
     const tolerance = opts?.tolerance ?? signingOpts.tolerance ?? 300_000;
     const sigHeader = opts?.header ?? signingOpts.header ?? HEADER_SIGNATURE;
     const tsHeader = opts?.timestampHeader ?? signingOpts.timestampHeader ?? HEADER_TIMESTAMP;
@@ -60,22 +59,22 @@ export const requireSignedRequest = (opts) => async (c, next) => {
     const rawTs = c.req.header(tsHeader);
     const tsNum = rawTs !== undefined ? parseInt(rawTs, 10) : NaN;
     if (isNaN(tsNum)) {
-        return c.json({ error: "Unauthorized", code: "EXPIRED_TIMESTAMP" }, 401);
+        throw new HttpError(401, 'Unauthorized', 'EXPIRED_TIMESTAMP');
     }
     // Auto-detect Unix seconds (< 1e10) vs milliseconds
     const tsMs = tsNum < 1e10 ? tsNum * 1000 : tsNum;
     if (Math.abs(Date.now() - tsMs) > tolerance) {
-        return c.json({ error: "Unauthorized", code: "EXPIRED_TIMESTAMP" }, 401);
+        throw new HttpError(401, 'Unauthorized', 'EXPIRED_TIMESTAMP');
     }
     // --- Signature header ---
     const sig = c.req.header(sigHeader);
     if (!sig) {
-        return c.json({ error: "Unauthorized", code: "INVALID_SIGNATURE" }, 401);
+        throw new HttpError(401, 'Unauthorized', 'INVALID_SIGNATURE');
     }
     // --- Secret resolution ---
-    const secret = getSigningSecret();
+    const secret = cfg.secret ?? null;
     if (!secret) {
-        return c.json({ error: "Internal Server Error", code: "SIGNING_SECRET_MISSING" }, 500);
+        throw new HttpError(500, 'Internal Server Error', 'SIGNING_SECRET_MISSING');
     }
     // --- Build canonical string ---
     const method = c.req.method.toUpperCase();
@@ -93,7 +92,7 @@ export const requireSignedRequest = (opts) => async (c, next) => {
         valid = false;
     }
     if (!valid) {
-        return c.json({ error: "Unauthorized", code: "INVALID_SIGNATURE" }, 401);
+        throw new HttpError(401, 'Unauthorized', 'INVALID_SIGNATURE');
     }
     await next();
 };

package/dist/src/framework/middleware/tenant.d.ts

@@ -0,0 +1,14 @@
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
+import type { TenancyConfig, TenantConfig } from '../../app';
+export interface TenantResolutionCache {
+    get(key: string): TenantConfig | null | undefined;
+    set(key: string, value: TenantConfig | null): void;
+    delete(key: string): void;
+}
+export interface TenantCacheCarrier {
+    cache: TenantResolutionCache | null;
+}
+export declare const invalidateTenantCache: (cache: TenantResolutionCache | null | undefined, tenantId: string) => void;
+export declare function getTenantCacheFromApp(app: object): TenantResolutionCache | null;
+export declare const createTenantMiddleware: (config: TenancyConfig, carrier?: TenantCacheCarrier) => MiddlewareHandler<AppEnv>;

package/dist/{middleware → src/framework/middleware}/tenant.js

@@ -1,3 +1,4 @@
+import { getContext } from '../../../packages/bunshot-core/src/index.js';
 class LruCache {
     _map = new Map();
     _maxSize;
@@ -37,79 +38,82 @@ class LruCache {
 // ---------------------------------------------------------------------------
 // Exported cache invalidation (used by tenant provisioning helpers)
 // ---------------------------------------------------------------------------
-let _cache = null;
-export const invalidateTenantCache = (tenantId) => {
-    _cache?.delete(tenantId);
+export const invalidateTenantCache = (cache, tenantId) => {
+    cache?.delete(tenantId);
 };
+export function getTenantCacheFromApp(app) {
+    const ctx = getContext(app);
+    return (ctx.pluginState.get('tenantResolutionCache') ??
+        null);
+}
 // ---------------------------------------------------------------------------
 // Tenant resolution middleware
 // ---------------------------------------------------------------------------
-const DEFAULT_EXEMPT = ["/health", "/docs", "/openapi.json", "/auth/"];
+const DEFAULT_EXEMPT = ['/health', '/docs', '/openapi.json', '/auth/'];
 function extractTenantId(c, config) {
-    if (config.resolution === "header") {
-        const headerName = config.headerName ?? "x-tenant-id";
+    if (config.resolution === 'header') {
+        const headerName = config.headerName ?? 'x-tenant-id';
         return c.req.header(headerName) ?? null;
     }
-    if (config.resolution === "subdomain") {
-        const host = c.req.header("host") ?? "";
+    if (config.resolution === 'subdomain') {
+        const host = c.req.header('host') ?? '';
         // Extract first subdomain: "acme.myapp.com" → "acme"
-        const parts = host.split(".");
+        const parts = host.split('.');
         if (parts.length < 3)
             return null; // no subdomain
         return parts[0] || null;
     }
-    if (config.resolution === "path") {
+    if (config.resolution === 'path') {
         const segmentIndex = config.pathSegment ?? 0;
         // Path: "/acme/api/users" → segments after split: ["", "acme", "api", "users"]
-        const segments = c.req.path.split("/").filter(Boolean);
+        const segments = c.req.path.split('/').filter(Boolean);
         return segments[segmentIndex] ?? null;
     }
     return null;
 }
-export const createTenantMiddleware = (config) => {
+export const createTenantMiddleware = (config, carrier) => {
     const exemptPaths = [...DEFAULT_EXEMPT, ...(config.exemptPaths ?? [])];
     const rejectionStatus = config.rejectionStatus ?? 403;
     const cacheTtlMs = config.cacheTtlMs ?? 60_000;
     const cacheMaxSize = config.cacheMaxSize ?? 500;
-    // Initialize LRU cache if caching is enabled and onResolve is provided
-    if (config.onResolve && cacheTtlMs > 0) {
-        _cache = new LruCache(cacheMaxSize, cacheTtlMs);
-    }
+    const cache = config.onResolve && cacheTtlMs > 0 ? new LruCache(cacheMaxSize, cacheTtlMs) : null;
+    if (carrier)
+        carrier.cache = cache;
     return async (c, next) => {
         const path = c.req.path;
         // Check exempt paths using startsWith
         for (const exempt of exemptPaths) {
             if (path === exempt || path.startsWith(exempt)) {
-                c.set("tenantId", null);
-                c.set("tenantConfig", null);
+                c.set('tenantId', null);
+                c.set('tenantConfig', null);
                 return next();
             }
         }
         const tenantId = extractTenantId(c, config);
         if (!tenantId) {
-            return c.json({ error: "Tenant ID required" }, 400);
+            return c.json({ error: 'Tenant ID required' }, 400);
         }
         // Validate via onResolve (with caching)
         if (config.onResolve) {
             let tenantConfig;
-            if (_cache) {
-                tenantConfig = _cache.get(tenantId);
+            if (cache) {
+                tenantConfig = cache.get(tenantId);
             }
             // undefined = cache miss, null = onResolve returned null (rejected)
             if (tenantConfig === undefined) {
                 tenantConfig = await config.onResolve(tenantId);
-                _cache?.set(tenantId, tenantConfig);
+                cache?.set(tenantId, tenantConfig);
             }
             if (tenantConfig === null) {
-                return c.json({ error: "Access denied" }, rejectionStatus);
+                return c.json({ error: 'Access denied' }, rejectionStatus);
             }
-            c.set("tenantId", tenantId);
-            c.set("tenantConfig", tenantConfig);
+            c.set('tenantId', tenantId);
+            c.set('tenantConfig', tenantConfig);
         }
         else {
             // No onResolve — trust the tenant ID
-            c.set("tenantId", tenantId);
-            c.set("tenantConfig", null);
+            c.set('tenantId', tenantId);
+            c.set('tenantConfig', null);
         }
         return next();
     };

package/dist/src/framework/middleware/upload.d.ts

@@ -0,0 +1,5 @@
+import type { UploadOpts } from '../lib/upload';
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
+export type UploadMiddlewareOptions = UploadOpts;
+export declare const handleUpload: (opts?: UploadMiddlewareOptions) => MiddlewareHandler<AppEnv>;

package/dist/{middleware → src/framework/middleware}/upload.js

@@ -1,12 +1,12 @@
-import { parseUpload, getUploadConfig } from "../lib/upload";
+import { getUploadConfig, parseUpload } from '../lib/upload';
 export const handleUpload = (opts) => {
     return async (c, next) => {
-        const config = getUploadConfig();
+        const config = getUploadConfig(c.get('bunshotCtx'));
         const merged = { ...config, ...opts };
         const maxFileSize = merged.maxFileSize ?? 10 * 1024 * 1024;
         const maxFiles = merged.maxFiles ?? 10;
         // Content-Length pre-check to avoid Bun killing the connection
-        const contentLength = Number(c.req.header("content-length") ?? 0);
+        const contentLength = Number(c.req.header('content-length') ?? 0);
         if (contentLength > 0 && contentLength > maxFileSize * maxFiles) {
             return c.json({ error: `Request body too large. Maximum is ${maxFileSize * maxFiles} bytes` }, 413);
         }
@@ -21,7 +21,7 @@ export const handleUpload = (opts) => {
                 return c.json({ error: err.message }, 413);
             throw err;
         }
-        c.set("uploadResults", results);
+        c.set('uploadResults', results);
         await next();
     };
 };

package/dist/{middleware → src/framework/middleware}/webhookAuth.d.ts

@@ -1,5 +1,5 @@
-import type { MiddlewareHandler, Context } from "hono";
-import type { AppEnv } from "../lib/context";
+import type { Context, MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
 export interface WebhookTimestampOptions {
     /** Header name containing the Unix timestamp (seconds or ms). */
     header: string;
@@ -18,7 +18,7 @@ export interface WebhookAuthOptions {
     /** Header that carries the signature. Default: `"x-webhook-signature"`. */
     header?: string;
     /** HMAC algorithm. Default: `"sha256"`. */
-    algorithm?: "sha256" | "sha512" | "sha1";
+    algorithm?: 'sha256' | 'sha512';
     /**
      * Strip this prefix from the signature header value before comparing.
      * e.g. `"sha256="` for GitHub-style `X-Hub-Signature-256: sha256=<hex>`.

package/dist/{middleware → src/framework/middleware}/webhookAuth.js

@@ -1,38 +1,38 @@
-import { createHmac } from "crypto";
-import { timingSafeEqual } from "../lib/crypto";
+import { createHmac } from 'crypto';
+import { HttpError, timingSafeEqual } from '../../../packages/bunshot-core/src/index.js';
 export const webhookAuth = (options) => async (c, next) => {
-    const algorithm = options.algorithm ?? "sha256";
-    const sigHeader = options.header ?? "x-webhook-signature";
+    const algorithm = options.algorithm ?? 'sha256';
+    const sigHeader = options.header ?? 'x-webhook-signature';
     // --- Optional timestamp replay protection ---
     if (options.timestamp) {
         const { header: tsHeader, tolerance } = options.timestamp;
         const rawTs = c.req.header(tsHeader);
         const tsNum = rawTs !== undefined ? parseInt(rawTs, 10) : NaN;
         if (isNaN(tsNum)) {
-            return c.json({ error: "Unauthorized", code: "EXPIRED_TIMESTAMP" }, 401);
+            throw new HttpError(401, 'Unauthorized', 'EXPIRED_TIMESTAMP');
         }
         // Auto-detect Unix seconds (< 1e10) vs milliseconds
         const tsMs = tsNum < 1e10 ? tsNum * 1000 : tsNum;
         if (Math.abs(Date.now() - tsMs) > tolerance) {
-            return c.json({ error: "Unauthorized", code: "EXPIRED_TIMESTAMP" }, 401);
+            throw new HttpError(401, 'Unauthorized', 'EXPIRED_TIMESTAMP');
         }
     }
     // --- Signature header ---
     const rawSig = c.req.header(sigHeader);
     if (!rawSig) {
-        return c.json({ error: "Unauthorized", code: "INVALID_SIGNATURE" }, 401);
+        throw new HttpError(401, 'Unauthorized', 'INVALID_SIGNATURE');
     }
     const provided = options.prefix && rawSig.startsWith(options.prefix)
         ? rawSig.slice(options.prefix.length)
         : rawSig;
     // --- Secret resolution ---
     let secret;
-    if (typeof options.secret === "function") {
+    if (typeof options.secret === 'function') {
         try {
             secret = await options.secret(c);
         }
         catch {
-            return c.json({ error: "Internal Server Error", code: "WEBHOOK_SECRET_ERROR" }, 500);
+            throw new HttpError(500, 'Internal Server Error', 'WEBHOOK_SECRET_ERROR');
         }
     }
     else {
@@ -41,7 +41,7 @@ export const webhookAuth = (options) => async (c, next) => {
     // --- Body reading (Hono caches this — downstream c.req.json() still works) ---
     const body = await c.req.text();
     // --- HMAC computation & comparison ---
-    const computed = createHmac(algorithm, secret).update(body).digest("hex");
+    const computed = createHmac(algorithm, secret).update(body).digest('hex');
     let valid;
     try {
         valid = timingSafeEqual(computed, provided);
@@ -51,7 +51,7 @@ export const webhookAuth = (options) => async (c, next) => {
         valid = false;
     }
     if (!valid) {
-        return c.json({ error: "Unauthorized", code: "INVALID_SIGNATURE" }, 401);
+        throw new HttpError(401, 'Unauthorized', 'INVALID_SIGNATURE');
     }
     await next();
 };

package/dist/src/framework/models/AuditLog.d.ts

@@ -0,0 +1,21 @@
+import type { Connection, Document, Model } from 'mongoose';
+interface IAuditLog {
+    id: string;
+    userId: string | null;
+    sessionId: string | null;
+    tenantId: string | null;
+    method: string;
+    path: string;
+    status: number;
+    ip: string | null;
+    userAgent: string | null;
+    action?: string;
+    resource?: string;
+    resourceId?: string;
+    meta?: Record<string, unknown>;
+    createdAt: Date;
+    expiresAt?: Date;
+}
+type AuditLogDocument = IAuditLog & Document;
+export declare function getAuditLogModel(conn: Connection): Model<AuditLogDocument>;
+export {};

package/dist/src/framework/models/AuditLog.js

@@ -0,0 +1,31 @@
+import { getMongooseModule } from '../../lib/mongo';
+export function getAuditLogModel(conn) {
+    if (conn.models['AuditLog']) {
+        return conn.models['AuditLog'];
+    }
+    const mg = getMongooseModule();
+    const { Schema } = mg;
+    const schema = new Schema({
+        id: { type: String, required: true, unique: true },
+        userId: { type: String, default: null },
+        sessionId: { type: String, default: null },
+        tenantId: { type: String, default: null },
+        method: { type: String, required: true },
+        path: { type: String, required: true },
+        status: { type: Number, required: true },
+        ip: { type: String, default: null },
+        userAgent: { type: String, default: null },
+        action: { type: String },
+        resource: { type: String },
+        resourceId: { type: String },
+        meta: { type: Schema.Types.Mixed },
+        expiresAt: { type: Date, index: { expireAfterSeconds: 0 } },
+    }, {
+        collection: 'audit_logs',
+        timestamps: { createdAt: 'createdAt', updatedAt: false },
+    });
+    schema.index({ userId: 1, createdAt: 1 });
+    schema.index({ tenantId: 1, createdAt: 1 });
+    schema.index({ path: 1 });
+    return conn.model('AuditLog', schema);
+}