npm - @lastshotlabs/bunshot - Versions diffs - 0.0.27 → 0.0.28 - Mend

@lastshotlabs/bunshot 0.0.27 → 0.0.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (742) hide show

package/.oclif.manifest.json +39 -0
package/README.md +8282 -2147
package/dist/cli/commands/init.js +690 -0
package/dist/cli/index.js +6 -0
package/dist/cli.js +4 -4
package/dist/packages/bunshot-admin/src/index.d.ts +15 -0
package/dist/packages/bunshot-admin/src/index.js +11 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.d.ts +8 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.js +33 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.d.ts +14 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.js +17 -0
package/dist/packages/bunshot-admin/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-admin/src/plugin.js +46 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.d.ts +6 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.js +32 -0
package/dist/packages/bunshot-admin/src/routes/admin.d.ts +10 -0
package/dist/packages/bunshot-admin/src/routes/admin.js +923 -0
package/dist/packages/bunshot-admin/src/routes/mail.d.ts +6 -0
package/dist/packages/bunshot-admin/src/routes/mail.js +114 -0
package/dist/packages/bunshot-admin/src/routes/permissions.d.ts +8 -0
package/dist/packages/bunshot-admin/src/routes/permissions.js +315 -0
package/dist/packages/bunshot-admin/src/types/config.d.ts +16 -0
package/dist/packages/bunshot-admin/src/types/config.js +37 -0
package/dist/packages/bunshot-admin/src/types/env.d.ts +14 -0
package/dist/packages/bunshot-admin/src/types/provider.d.ts +1 -0
package/dist/packages/bunshot-admin/src/types/provider.js +4 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.d.ts +66 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.js +1063 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.d.ts +2 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.js +536 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.d.ts +88 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.js +1366 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.d.ts +2 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.js +23 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.d.ts +5 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.js +131 -0
package/dist/packages/bunshot-auth/src/bootstrap.d.ts +38 -0
package/dist/packages/bunshot-auth/src/bootstrap.js +384 -0
package/dist/packages/bunshot-auth/src/config/appConfig.d.ts +3 -0
package/dist/packages/bunshot-auth/src/config/appConfig.js +4 -0
package/dist/packages/bunshot-auth/src/config/authConfig.d.ts +478 -0
package/dist/packages/bunshot-auth/src/config/authConfig.js +46 -0
package/dist/packages/bunshot-auth/src/config/configLock.d.ts +2 -0
package/dist/packages/bunshot-auth/src/config/configLock.js +10 -0
package/dist/packages/bunshot-auth/src/index.d.ts +25 -0
package/dist/packages/bunshot-auth/src/index.js +23 -0
package/dist/packages/bunshot-auth/src/infra/mongo.d.ts +15 -0
package/dist/packages/bunshot-auth/src/infra/mongo.js +44 -0
package/dist/packages/bunshot-auth/src/infra/queue.d.ts +14 -0
package/dist/packages/bunshot-auth/src/infra/queue.js +27 -0
package/dist/packages/bunshot-auth/src/infra/redis.d.ts +5 -0
package/dist/packages/bunshot-auth/src/infra/redis.js +15 -0
package/dist/packages/bunshot-auth/src/infra/signing.d.ts +7 -0
package/dist/packages/bunshot-auth/src/infra/signing.js +8 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.d.ts +34 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.js +244 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authContext.d.ts +15 -0
package/dist/packages/bunshot-auth/src/lib/authContext.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.d.ts +4 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.js +15 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.js +205 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/breachedPassword.d.ts +8 -2
package/dist/{lib → packages/bunshot-auth/src/lib}/breachedPassword.js +22 -9
package/dist/packages/bunshot-auth/src/lib/cache.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/cache.js +120 -0
package/dist/packages/bunshot-auth/src/lib/clientIp.d.ts +4 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/clientIp.js +14 -7
package/dist/packages/bunshot-auth/src/lib/cookieOptions.d.ts +27 -0
package/dist/packages/bunshot-auth/src/lib/cookieOptions.js +33 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.d.ts +40 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.js +221 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.js +148 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.d.ts +23 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.js +265 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.d.ts +30 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.js +200 -0
package/dist/packages/bunshot-auth/src/lib/env.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/env.js +3 -0
package/dist/packages/bunshot-auth/src/lib/fingerprint.js +36 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.d.ts +15 -16
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.js +22 -34
package/dist/packages/bunshot-auth/src/lib/jwks.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/jwks.js +79 -0
package/dist/packages/bunshot-auth/src/lib/jwt.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/jwt.js +86 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/logger.js +3 -3
package/dist/{lib → packages/bunshot-auth/src/lib}/m2m.d.ts +5 -4
package/dist/{lib → packages/bunshot-auth/src/lib}/m2m.js +6 -10
package/dist/packages/bunshot-auth/src/lib/magicLink.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/magicLink.js +145 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.d.ts +60 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.js +419 -0
package/dist/packages/bunshot-auth/src/lib/oauth.d.ts +82 -0
package/dist/packages/bunshot-auth/src/lib/oauth.js +177 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.js +182 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.js +255 -0
package/dist/packages/bunshot-auth/src/lib/organization.d.ts +66 -0
package/dist/packages/bunshot-auth/src/lib/organization.js +225 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.js +31 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.d.ts +20 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.js +148 -0
package/dist/packages/bunshot-auth/src/lib/roles.d.ts +9 -0
package/dist/packages/bunshot-auth/src/lib/roles.js +93 -0
package/dist/packages/bunshot-auth/src/lib/saml.d.ts +29 -0
package/dist/packages/bunshot-auth/src/lib/saml.js +73 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.js +129 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/scim.d.ts +7 -7
package/dist/{lib → packages/bunshot-auth/src/lib}/scim.js +15 -13
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.d.ts +22 -0
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.js +65 -0
package/dist/packages/bunshot-auth/src/lib/session.d.ts +45 -0
package/dist/packages/bunshot-auth/src/lib/session.js +1211 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.d.ts +26 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.js +18 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/suspension.d.ts +3 -2
package/dist/{lib → packages/bunshot-auth/src/lib}/suspension.js +2 -5
package/dist/packages/bunshot-auth/src/lib/validateAdapter.d.ts +16 -0
package/dist/packages/bunshot-auth/src/lib/validateAdapter.js +161 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.js +58 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/csrf.d.ts +5 -4
package/dist/packages/bunshot-auth/src/middleware/csrf.js +138 -0
package/dist/packages/bunshot-auth/src/middleware/identify.d.ts +4 -0
package/dist/packages/bunshot-auth/src/middleware/identify.js +124 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.js +10 -8
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.js +20 -16
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireScope.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireScope.js +6 -6
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireStepUp.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireStepUp.js +8 -7
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.js +7 -6
package/dist/packages/bunshot-auth/src/middleware/scimAuth.d.ts +8 -0
package/dist/packages/bunshot-auth/src/middleware/scimAuth.js +29 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.js +6 -0
package/dist/{models → packages/bunshot-auth/src/models}/AuthUser.d.ts +12 -8
package/dist/packages/bunshot-auth/src/models/AuthUser.js +53 -0
package/dist/packages/bunshot-auth/src/models/Group.d.ts +19 -0
package/dist/packages/bunshot-auth/src/models/Group.js +22 -0
package/dist/{models → packages/bunshot-auth/src/models}/GroupMembership.d.ts +6 -8
package/dist/packages/bunshot-auth/src/models/GroupMembership.js +19 -0
package/dist/{models → packages/bunshot-auth/src/models}/M2MClient.d.ts +1 -1
package/dist/{models → packages/bunshot-auth/src/models}/M2MClient.js +5 -5
package/dist/packages/bunshot-auth/src/models/TenantRole.d.ts +13 -0
package/dist/packages/bunshot-auth/src/models/TenantRole.js +17 -0
package/dist/packages/bunshot-auth/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-auth/src/plugin.js +274 -0
package/dist/packages/bunshot-auth/src/routes/auth.d.ts +15 -0
package/dist/packages/bunshot-auth/src/routes/auth.js +1624 -0
package/dist/packages/bunshot-auth/src/routes/groups.d.ts +4 -0
package/dist/packages/bunshot-auth/src/routes/groups.js +481 -0
package/dist/packages/bunshot-auth/src/routes/m2m.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/m2m.js +145 -0
package/dist/packages/bunshot-auth/src/routes/mfa.d.ts +6 -0
package/dist/packages/bunshot-auth/src/routes/mfa.js +991 -0
package/dist/packages/bunshot-auth/src/routes/oauth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/oauth.js +1727 -0
package/dist/packages/bunshot-auth/src/routes/oidc.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/oidc.js +84 -0
package/dist/packages/bunshot-auth/src/routes/organizations.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/organizations.js +741 -0
package/dist/packages/bunshot-auth/src/routes/passkey.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/passkey.js +199 -0
package/dist/packages/bunshot-auth/src/routes/saml.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/saml.js +226 -0
package/dist/packages/bunshot-auth/src/routes/scim.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/scim.js +588 -0
package/dist/packages/bunshot-auth/src/runtime.d.ts +52 -0
package/dist/packages/bunshot-auth/src/runtime.js +11 -0
package/dist/{schemas → packages/bunshot-auth/src/schemas}/auth.d.ts +4 -5
package/dist/packages/bunshot-auth/src/schemas/auth.js +24 -0
package/dist/packages/bunshot-auth/src/schemas/error.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/error.js +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.js +10 -0
package/dist/packages/bunshot-auth/src/services/auth.d.ts +39 -0
package/dist/packages/bunshot-auth/src/services/auth.js +378 -0
package/dist/{services → packages/bunshot-auth/src/services}/mfa.d.ts +41 -17
package/dist/{services → packages/bunshot-auth/src/services}/mfa.js +259 -183
package/dist/packages/bunshot-auth/src/testing.d.ts +31 -0
package/dist/packages/bunshot-auth/src/testing.js +23 -0
package/dist/packages/bunshot-auth/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/adapter.js +1 -0
package/dist/packages/bunshot-auth/src/types/config.d.ts +152 -0
package/dist/packages/bunshot-auth/src/types/config.js +179 -0
package/dist/{routes → packages/bunshot-auth/src/types}/groups.d.ts +2 -3
package/dist/packages/bunshot-auth/src/types/groups.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.d.ts +6 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.js +1 -0
package/dist/packages/bunshot-auth/src/types/redis.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/redis.js +1 -0
package/dist/packages/bunshot-auth/src/types/saml.d.ts +10 -0
package/dist/packages/bunshot-auth/src/types/saml.js +1 -0
package/dist/packages/bunshot-auth/src/types/session.d.ts +18 -0
package/dist/packages/bunshot-auth/src/types/session.js +1 -0
package/dist/packages/bunshot-auth/src/types/store.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/store.js +1 -0
package/dist/packages/bunshot-core/src/adminProvider.d.ts +95 -0
package/dist/packages/bunshot-core/src/adminProvider.js +1 -0
package/dist/packages/bunshot-core/src/auditLog.d.ts +34 -0
package/dist/packages/bunshot-core/src/auditLog.js +1 -0
package/dist/packages/bunshot-core/src/auth-adapter.d.ts +227 -0
package/dist/packages/bunshot-core/src/auth-adapter.js +4 -0
package/dist/packages/bunshot-core/src/authVariables.d.ts +14 -0
package/dist/packages/bunshot-core/src/authVariables.js +4 -0
package/dist/packages/bunshot-core/src/cache.d.ts +12 -0
package/dist/packages/bunshot-core/src/cache.js +21 -0
package/dist/{lib → packages/bunshot-core/src}/captcha.d.ts +1 -10
package/dist/packages/bunshot-core/src/captcha.js +1 -0
package/dist/packages/bunshot-core/src/clearRegistry.d.ts +6 -0
package/dist/packages/bunshot-core/src/clearRegistry.js +17 -0
package/dist/packages/bunshot-core/src/clientIp.d.ts +3 -0
package/dist/packages/bunshot-core/src/clientIp.js +45 -0
package/dist/packages/bunshot-core/src/configLock.d.ts +4 -0
package/dist/packages/bunshot-core/src/configLock.js +7 -0
package/dist/packages/bunshot-core/src/configValidation.d.ts +22 -0
package/dist/packages/bunshot-core/src/configValidation.js +39 -0
package/dist/packages/bunshot-core/src/constants.js +10 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.d.ts +232 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.js +1 -0
package/dist/packages/bunshot-core/src/context/contextAccess.d.ts +3 -0
package/dist/packages/bunshot-core/src/context/contextAccess.js +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.d.ts +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.js +31 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.d.ts +38 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.js +1 -0
package/dist/packages/bunshot-core/src/context/index.d.ts +4 -0
package/dist/packages/bunshot-core/src/context/index.js +2 -0
package/dist/packages/bunshot-core/src/context.d.ts +40 -0
package/dist/packages/bunshot-core/src/context.js +35 -0
package/dist/packages/bunshot-core/src/coreContracts.d.ts +47 -0
package/dist/packages/bunshot-core/src/coreContracts.js +1 -0
package/dist/packages/bunshot-core/src/coreRegistrar.d.ts +6 -0
package/dist/packages/bunshot-core/src/coreRegistrar.js +42 -0
package/dist/{lib → packages/bunshot-core/src}/createRoute.d.ts +4 -30
package/dist/{lib → packages/bunshot-core/src}/createRoute.js +39 -88
package/dist/packages/bunshot-core/src/cronRegistry.d.ts +11 -0
package/dist/packages/bunshot-core/src/cronRegistry.js +1 -0
package/dist/packages/bunshot-core/src/crypto.d.ts +43 -0
package/dist/packages/bunshot-core/src/crypto.js +74 -0
package/dist/packages/bunshot-core/src/csrf.d.ts +8 -0
package/dist/packages/bunshot-core/src/csrf.js +1 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.d.ts +7 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.js +19 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.js +40 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.js +24 -0
package/dist/packages/bunshot-core/src/emailTemplates.d.ts +5 -0
package/dist/packages/bunshot-core/src/emailTemplates.js +10 -0
package/dist/{lib/HttpError.d.ts → packages/bunshot-core/src/errors.d.ts} +4 -1
package/dist/{lib/HttpError.js → packages/bunshot-core/src/errors.js} +7 -1
package/dist/packages/bunshot-core/src/eventBus.d.ts +270 -0
package/dist/packages/bunshot-core/src/eventBus.js +143 -0
package/dist/packages/bunshot-core/src/idempotency.d.ts +18 -0
package/dist/packages/bunshot-core/src/idempotency.js +1 -0
package/dist/packages/bunshot-core/src/index.d.ts +60 -0
package/dist/packages/bunshot-core/src/index.js +34 -0
package/dist/packages/bunshot-core/src/mail.d.ts +14 -0
package/dist/packages/bunshot-core/src/mail.js +8 -0
package/dist/packages/bunshot-core/src/memoryEviction.d.ts +24 -0
package/dist/packages/bunshot-core/src/memoryEviction.js +52 -0
package/dist/packages/bunshot-core/src/pagination.d.ts +45 -0
package/dist/packages/bunshot-core/src/pagination.js +61 -0
package/dist/packages/bunshot-core/src/permissions.d.ts +64 -0
package/dist/packages/bunshot-core/src/permissions.js +27 -0
package/dist/packages/bunshot-core/src/plugin.d.ts +44 -0
package/dist/packages/bunshot-core/src/plugin.js +1 -0
package/dist/packages/bunshot-core/src/rateLimit.d.ts +5 -0
package/dist/packages/bunshot-core/src/rateLimit.js +18 -0
package/dist/packages/bunshot-core/src/redis.d.ts +21 -0
package/dist/packages/bunshot-core/src/redis.js +1 -0
package/dist/packages/bunshot-core/src/routeAuth.d.ts +5 -0
package/dist/packages/bunshot-core/src/routeAuth.js +11 -0
package/dist/packages/bunshot-core/src/routeOverrides.d.ts +24 -0
package/dist/packages/bunshot-core/src/routeOverrides.js +25 -0
package/dist/packages/bunshot-core/src/routerAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/routerAdapter.js +56 -0
package/dist/packages/bunshot-core/src/secrets.d.ts +48 -0
package/dist/packages/bunshot-core/src/secrets.js +8 -0
package/dist/packages/bunshot-core/src/signing.d.ts +41 -0
package/dist/packages/bunshot-core/src/signing.js +1 -0
package/dist/packages/bunshot-core/src/sse.d.ts +36 -0
package/dist/packages/bunshot-core/src/sse.js +1 -0
package/dist/packages/bunshot-core/src/storageAdapter.js +1 -0
package/dist/packages/bunshot-core/src/storeInfra.d.ts +44 -0
package/dist/packages/bunshot-core/src/storeInfra.js +18 -0
package/dist/packages/bunshot-core/src/storeType.d.ts +7 -0
package/dist/packages/bunshot-core/src/storeType.js +1 -0
package/dist/packages/bunshot-core/src/testing.d.ts +1 -0
package/dist/packages/bunshot-core/src/testing.js +1 -0
package/dist/packages/bunshot-core/src/uploadRegistry.d.ts +23 -0
package/dist/packages/bunshot-core/src/uploadRegistry.js +4 -0
package/dist/packages/bunshot-core/src/userResolver.d.ts +5 -0
package/dist/packages/bunshot-core/src/userResolver.js +14 -0
package/dist/packages/bunshot-core/src/wsMessages.d.ts +42 -0
package/dist/packages/bunshot-core/src/wsMessages.js +4 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.js +73 -0
package/dist/packages/bunshot-permissions/src/index.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/index.js +5 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.js +12 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.js +165 -0
package/dist/packages/bunshot-permissions/src/lib/registry.d.ts +2 -0
package/dist/packages/bunshot-permissions/src/lib/registry.js +31 -0
package/dist/packages/bunshot-permissions/src/lib/validation.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/lib/validation.js +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.js +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.js +1 -0
package/dist/packages/bunshot-permissions/src/types/models.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/models.js +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.js +1 -0
package/dist/packages/bunshot-postgres/src/adapter.d.ts +6 -0
package/dist/packages/bunshot-postgres/src/adapter.js +794 -0
package/dist/packages/bunshot-postgres/src/connection.d.ts +15 -0
package/dist/packages/bunshot-postgres/src/connection.js +16 -0
package/dist/packages/bunshot-postgres/src/index.d.ts +4 -0
package/dist/packages/bunshot-postgres/src/index.js +2 -0
package/dist/packages/bunshot-postgres/src/schema.d.ts +997 -0
package/dist/packages/bunshot-postgres/src/schema.js +105 -0
package/dist/src/app.d.ts +230 -0
package/dist/src/app.js +182 -0
package/dist/src/cli/commands/init.d.ts +10 -0
package/dist/src/cli/commands/init.js +709 -0
package/dist/src/cli/index.d.ts +1 -0
package/dist/src/cli/index.js +3 -0
package/dist/src/entrypoints/mongo.d.ts +6 -0
package/dist/src/entrypoints/mongo.js +4 -0
package/dist/src/entrypoints/queue.d.ts +2 -0
package/dist/src/entrypoints/queue.js +1 -0
package/dist/src/entrypoints/redis.d.ts +1 -0
package/dist/src/entrypoints/redis.js +1 -0
package/dist/{adapters → src/framework/adapters}/localStorage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/localStorage.js +10 -10
package/dist/src/framework/adapters/memoryStorage.d.ts +2 -0
package/dist/src/framework/adapters/memoryStorage.js +45 -0
package/dist/{adapters → src/framework/adapters}/s3Storage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/s3Storage.js +12 -12
package/dist/src/framework/admin/bunshotAccess.d.ts +2 -0
package/dist/src/framework/admin/bunshotAccess.js +23 -0
package/dist/src/framework/admin/bunshotUsers.d.ts +2 -0
package/dist/src/framework/admin/bunshotUsers.js +103 -0
package/dist/src/framework/admin/index.d.ts +7 -0
package/dist/src/framework/admin/index.js +21 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.d.ts +13 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.js +86 -0
package/dist/src/framework/boundaryAdapters/index.d.ts +2 -0
package/dist/src/framework/boundaryAdapters/index.js +1 -0
package/dist/src/framework/boundaryAdapters.d.ts +17 -0
package/dist/src/framework/boundaryAdapters.js +62 -0
package/dist/src/framework/buildContext.d.ts +33 -0
package/dist/src/framework/buildContext.js +119 -0
package/dist/src/framework/config/schema.d.ts +447 -0
package/dist/src/framework/config/schema.js +528 -0
package/dist/src/framework/createInfrastructure.d.ts +76 -0
package/dist/src/framework/createInfrastructure.js +221 -0
package/dist/src/framework/lib/auditLog.d.ts +23 -0
package/dist/src/framework/lib/auditLog.js +416 -0
package/dist/src/framework/lib/captcha.d.ts +11 -0
package/dist/{lib → src/framework/lib}/captcha.js +13 -10
package/dist/{lib → src/framework/lib}/createDtoMapper.js +4 -4
package/dist/src/framework/lib/createRoute.d.ts +1 -0
package/dist/src/framework/lib/createRoute.js +2 -0
package/dist/{lib → src/framework/lib}/idempotency.d.ts +2 -6
package/dist/src/framework/lib/idempotency.js +74 -0
package/dist/src/framework/lib/logger.d.ts +3 -0
package/dist/src/framework/lib/logger.js +14 -0
package/dist/src/framework/lib/metrics.d.ts +34 -0
package/dist/{lib → src/framework/lib}/metrics.js +49 -57
package/dist/src/framework/lib/pagination.d.ts +42 -0
package/dist/src/framework/lib/pagination.js +51 -0
package/dist/src/framework/lib/redisTransport.d.ts +38 -0
package/dist/src/framework/lib/redisTransport.js +107 -0
package/dist/src/framework/lib/resolveUserId.d.ts +2 -0
package/dist/src/framework/lib/resolveUserId.js +5 -0
package/dist/src/framework/lib/sseCollision.d.ts +6 -0
package/dist/src/framework/lib/sseCollision.js +26 -0
package/dist/src/framework/lib/storageAdapter.d.ts +1 -0
package/dist/src/framework/lib/storageAdapter.js +1 -0
package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.js +4 -4
package/dist/src/framework/lib/tenant.d.ts +21 -0
package/dist/src/framework/lib/tenant.js +70 -0
package/dist/{lib → src/framework/lib}/upload.d.ts +11 -10
package/dist/src/framework/lib/upload.js +132 -0
package/dist/src/framework/lib/uploadRegistry.d.ts +23 -0
package/dist/src/framework/lib/uploadRegistry.js +34 -0
package/dist/{lib → src/framework/lib}/validate.d.ts +1 -1
package/dist/{lib → src/framework/lib}/validate.js +2 -2
package/dist/src/framework/lib/ws.d.ts +19 -0
package/dist/src/framework/lib/ws.js +130 -0
package/dist/src/framework/lib/wsHeartbeat.d.ts +12 -0
package/dist/src/framework/lib/wsHeartbeat.js +53 -0
package/dist/src/framework/lib/wsMessages.d.ts +25 -0
package/dist/src/framework/lib/wsMessages.js +45 -0
package/dist/src/framework/lib/wsNamespace.d.ts +17 -0
package/dist/src/framework/lib/wsNamespace.js +19 -0
package/dist/src/framework/lib/wsPresence.d.ts +17 -0
package/dist/src/framework/lib/wsPresence.js +84 -0
package/dist/src/framework/lib/wsTransport.d.ts +38 -0
package/dist/src/framework/lib/wsTransport.js +9 -0
package/dist/{lib → src/framework/lib}/zodToMongoose.d.ts +1 -1
package/dist/{lib → src/framework/lib}/zodToMongoose.js +11 -11
package/dist/{middleware → src/framework/middleware}/auditLog.d.ts +4 -3
package/dist/src/framework/middleware/auditLog.js +42 -0
package/dist/{middleware → src/framework/middleware}/botProtection.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/botProtection.js +8 -9
package/dist/src/framework/middleware/cacheResponse.d.ts +35 -0
package/dist/src/framework/middleware/cacheResponse.js +126 -0
package/dist/{middleware → src/framework/middleware}/captcha.d.ts +2 -3
package/dist/src/framework/middleware/captcha.js +37 -0
package/dist/{middleware → src/framework/middleware}/errorHandler.d.ts +1 -1
package/dist/{middleware → src/framework/middleware}/errorHandler.js +2 -2
package/dist/src/framework/middleware/index.js +1 -0
package/dist/{middleware → src/framework/middleware}/logger.d.ts +1 -1
package/dist/src/framework/middleware/metrics.d.ts +12 -0
package/dist/src/framework/middleware/metrics.js +26 -0
package/dist/{middleware → src/framework/middleware}/rateLimit.d.ts +2 -2
package/dist/src/framework/middleware/rateLimit.js +22 -0
package/dist/src/framework/middleware/requestId.d.ts +3 -0
package/dist/{middleware → src/framework/middleware}/requestId.js +2 -2
package/dist/{middleware → src/framework/middleware}/requestLogger.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/requestLogger.js +17 -12
package/dist/{middleware → src/framework/middleware}/requestSigning.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/requestSigning.js +18 -20
package/dist/src/framework/middleware/tenant.d.ts +14 -0
package/dist/{middleware → src/framework/middleware}/tenant.js +31 -27
package/dist/src/framework/middleware/upload.d.ts +5 -0
package/dist/{middleware → src/framework/middleware}/upload.js +4 -4
package/dist/{middleware → src/framework/middleware}/webhookAuth.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/webhookAuth.js +11 -12
package/dist/src/framework/models/AuditLog.d.ts +21 -0
package/dist/src/framework/models/AuditLog.js +31 -0
package/dist/src/framework/mountMiddleware.d.ts +91 -0
package/dist/src/framework/mountMiddleware.js +128 -0
package/dist/src/framework/mountOptionalEndpoints.d.ts +103 -0
package/dist/src/framework/mountOptionalEndpoints.js +47 -0
package/dist/src/framework/mountRoutes.d.ts +21 -0
package/dist/src/framework/mountRoutes.js +144 -0
package/dist/src/framework/persistence/cronRegistry.d.ts +28 -0
package/dist/src/framework/persistence/cronRegistry.js +139 -0
package/dist/src/framework/persistence/idempotency.d.ts +26 -0
package/dist/src/framework/persistence/idempotency.js +178 -0
package/dist/src/framework/persistence/index.d.ts +6 -0
package/dist/src/framework/persistence/index.js +8 -0
package/dist/src/framework/persistence/storeInfra.d.ts +9 -0
package/dist/src/framework/persistence/storeInfra.js +1 -0
package/dist/src/framework/persistence/uploadRegistry.d.ts +35 -0
package/dist/src/framework/persistence/uploadRegistry.js +235 -0
package/dist/src/framework/persistence/wsMessages.d.ts +22 -0
package/dist/src/framework/persistence/wsMessages.js +296 -0
package/dist/src/framework/preloadSchemas.d.ts +24 -0
package/dist/src/framework/preloadSchemas.js +42 -0
package/dist/src/framework/registerBoundaryAdapters.d.ts +23 -0
package/dist/src/framework/registerBoundaryAdapters.js +46 -0
package/dist/src/framework/routes/admin.d.ts +9 -0
package/dist/src/framework/routes/admin.js +361 -0
package/dist/src/framework/routes/health.d.ts +1 -0
package/dist/src/framework/routes/health.js +21 -0
package/dist/src/framework/routes/home.d.ts +1 -0
package/dist/src/framework/routes/home.js +18 -0
package/dist/src/framework/routes/jobs.d.ts +3 -0
package/dist/{routes → src/framework/routes}/jobs.js +128 -103
package/dist/src/framework/routes/metrics.d.ts +10 -0
package/dist/src/framework/routes/metrics.js +57 -0
package/dist/{routes → src/framework/routes}/uploads.d.ts +3 -3
package/dist/src/framework/routes/uploads.js +262 -0
package/dist/src/framework/runPluginLifecycle.d.ts +27 -0
package/dist/src/framework/runPluginLifecycle.js +121 -0
package/dist/src/framework/secrets/frameworkSecretSchema.d.ts +58 -0
package/dist/src/framework/secrets/frameworkSecretSchema.js +20 -0
package/dist/src/framework/secrets/index.d.ts +9 -0
package/dist/src/framework/secrets/index.js +7 -0
package/dist/src/framework/secrets/providers/envProvider.d.ts +15 -0
package/dist/src/framework/secrets/providers/envProvider.js +18 -0
package/dist/src/framework/secrets/providers/fileProvider.d.ts +8 -0
package/dist/src/framework/secrets/providers/fileProvider.js +82 -0
package/dist/src/framework/secrets/providers/ssmProvider.d.ts +20 -0
package/dist/src/framework/secrets/providers/ssmProvider.js +127 -0
package/dist/src/framework/secrets/resolveSecretBundle.d.ts +53 -0
package/dist/src/framework/secrets/resolveSecretBundle.js +84 -0
package/dist/src/framework/secrets/resolveSecrets.d.ts +18 -0
package/dist/src/framework/secrets/resolveSecrets.js +34 -0
package/dist/src/framework/sse/index.d.ts +21 -0
package/dist/src/framework/sse/index.js +109 -0
package/dist/src/framework/ws/index.d.ts +11 -0
package/dist/src/framework/ws/index.js +8 -0
package/dist/src/index.d.ts +87 -0
package/dist/src/index.js +58 -0
package/dist/src/lib/appConfig.d.ts +7 -0
package/dist/src/lib/appConfig.js +27 -0
package/dist/src/lib/appMeta.d.ts +7 -0
package/dist/src/lib/appMeta.js +3 -0
package/dist/src/lib/authConfig.d.ts +532 -0
package/dist/{lib/appConfig.js → src/lib/authConfig.js} +75 -17
package/dist/{lib → src/lib}/context.d.ts +6 -12
package/dist/{lib → src/lib}/context.js +5 -5
package/dist/src/lib/logger.d.ts +1 -0
package/dist/src/lib/logger.js +1 -0
package/dist/src/lib/mongo.d.ts +58 -0
package/dist/src/lib/mongo.js +96 -0
package/dist/src/lib/queue.d.ts +72 -0
package/dist/src/lib/queue.js +152 -0
package/dist/src/lib/redis.d.ts +28 -0
package/dist/src/lib/redis.js +72 -0
package/dist/{lib → src/lib}/signing.d.ts +2 -2
package/dist/src/lib/signing.js +210 -0
package/dist/src/lib/signingConfig.d.ts +40 -0
package/dist/src/lib/signingConfig.js +28 -0
package/dist/src/server.d.ts +146 -0
package/dist/src/server.js +469 -0
package/dist/src/shared/lib/HttpError.d.ts +1 -0
package/dist/src/shared/lib/HttpError.js +2 -0
package/dist/src/shared/lib/constants.d.ts +10 -0
package/dist/src/shared/lib/crypto.d.ts +43 -0
package/dist/src/shared/lib/crypto.js +74 -0
package/dist/src/shared/lib/signing.d.ts +52 -0
package/dist/{lib → src/shared/lib}/signing.js +35 -8
package/dist/src/testing.d.ts +34 -0
package/dist/src/testing.js +93 -0
package/package.json +60 -24
package/dist/adapters/memoryAuth.d.ts +0 -52
package/dist/adapters/memoryAuth.js +0 -749
package/dist/adapters/memoryStorage.d.ts +0 -3
package/dist/adapters/memoryStorage.js +0 -44
package/dist/adapters/mongoAuth.d.ts +0 -2
package/dist/adapters/mongoAuth.js +0 -403
package/dist/adapters/sqliteAuth.d.ts +0 -72
package/dist/adapters/sqliteAuth.js +0 -858
package/dist/app.d.ts +0 -559
package/dist/app.js +0 -651
package/dist/entrypoints/mongo.d.ts +0 -5
package/dist/entrypoints/mongo.js +0 -4
package/dist/entrypoints/queue.d.ts +0 -2
package/dist/entrypoints/queue.js +0 -1
package/dist/entrypoints/redis.d.ts +0 -1
package/dist/entrypoints/redis.js +0 -1
package/dist/index.d.ts +0 -117
package/dist/index.js +0 -88
package/dist/lib/appConfig.d.ts +0 -275
package/dist/lib/auditLog.d.ts +0 -58
package/dist/lib/auditLog.js +0 -218
package/dist/lib/authAdapter.d.ts +0 -246
package/dist/lib/authAdapter.js +0 -7
package/dist/lib/authRateLimit.d.ts +0 -13
package/dist/lib/authRateLimit.js +0 -117
package/dist/lib/clientIp.d.ts +0 -14
package/dist/lib/credentialStuffing.d.ts +0 -31
package/dist/lib/credentialStuffing.js +0 -77
package/dist/lib/crypto.d.ts +0 -11
package/dist/lib/crypto.js +0 -22
package/dist/lib/deletionCancelToken.d.ts +0 -12
package/dist/lib/deletionCancelToken.js +0 -88
package/dist/lib/emailVerification.d.ts +0 -19
package/dist/lib/emailVerification.js +0 -129
package/dist/lib/fingerprint.js +0 -36
package/dist/lib/idempotency.js +0 -182
package/dist/lib/jwks.d.ts +0 -25
package/dist/lib/jwks.js +0 -51
package/dist/lib/jwt.d.ts +0 -15
package/dist/lib/jwt.js +0 -111
package/dist/lib/metrics.d.ts +0 -14
package/dist/lib/mfaChallenge.d.ts +0 -55
package/dist/lib/mfaChallenge.js +0 -398
package/dist/lib/mongo.d.ts +0 -39
package/dist/lib/mongo.js +0 -124
package/dist/lib/oauth.d.ts +0 -40
package/dist/lib/oauth.js +0 -101
package/dist/lib/oauthCode.d.ts +0 -15
package/dist/lib/oauthCode.js +0 -95
package/dist/lib/pagination.d.ts +0 -119
package/dist/lib/pagination.js +0 -166
package/dist/lib/queue.d.ts +0 -37
package/dist/lib/queue.js +0 -117
package/dist/lib/redis.d.ts +0 -9
package/dist/lib/redis.js +0 -61
package/dist/lib/resetPassword.d.ts +0 -12
package/dist/lib/resetPassword.js +0 -93
package/dist/lib/roles.d.ts +0 -7
package/dist/lib/roles.js +0 -49
package/dist/lib/saml.d.ts +0 -25
package/dist/lib/saml.js +0 -64
package/dist/lib/securityEvents.d.ts +0 -28
package/dist/lib/securityEvents.js +0 -26
package/dist/lib/session.d.ts +0 -49
package/dist/lib/session.js +0 -597
package/dist/lib/tenant.d.ts +0 -15
package/dist/lib/tenant.js +0 -65
package/dist/lib/upload.js +0 -112
package/dist/lib/uploadRegistry.d.ts +0 -18
package/dist/lib/uploadRegistry.js +0 -83
package/dist/lib/ws.d.ts +0 -22
package/dist/lib/ws.js +0 -96
package/dist/lib/wsHeartbeat.d.ts +0 -12
package/dist/lib/wsHeartbeat.js +0 -57
package/dist/lib/wsMessages.d.ts +0 -40
package/dist/lib/wsMessages.js +0 -330
package/dist/lib/wsPresence.d.ts +0 -25
package/dist/lib/wsPresence.js +0 -99
package/dist/middleware/auditLog.js +0 -39
package/dist/middleware/bearerAuth.d.ts +0 -2
package/dist/middleware/bearerAuth.js +0 -11
package/dist/middleware/cacheResponse.d.ts +0 -15
package/dist/middleware/cacheResponse.js +0 -178
package/dist/middleware/captcha.js +0 -36
package/dist/middleware/csrf.js +0 -129
package/dist/middleware/identify.d.ts +0 -3
package/dist/middleware/identify.js +0 -122
package/dist/middleware/index.js +0 -1
package/dist/middleware/metrics.d.ts +0 -9
package/dist/middleware/metrics.js +0 -26
package/dist/middleware/rateLimit.js +0 -22
package/dist/middleware/requestId.d.ts +0 -3
package/dist/middleware/scimAuth.d.ts +0 -8
package/dist/middleware/scimAuth.js +0 -29
package/dist/middleware/tenant.d.ts +0 -5
package/dist/middleware/upload.d.ts +0 -5
package/dist/middleware/userAuth.d.ts +0 -3
package/dist/middleware/userAuth.js +0 -6
package/dist/models/AuditLog.d.ts +0 -30
package/dist/models/AuditLog.js +0 -39
package/dist/models/AuthUser.js +0 -55
package/dist/models/Group.d.ts +0 -21
package/dist/models/Group.js +0 -28
package/dist/models/GroupMembership.js +0 -25
package/dist/models/TenantRole.d.ts +0 -15
package/dist/models/TenantRole.js +0 -23
package/dist/routes/auth.d.ts +0 -12
package/dist/routes/auth.js +0 -744
package/dist/routes/groups.js +0 -346
package/dist/routes/health.d.ts +0 -1
package/dist/routes/health.js +0 -22
package/dist/routes/home.d.ts +0 -1
package/dist/routes/home.js +0 -16
package/dist/routes/jobs.d.ts +0 -2
package/dist/routes/m2m.d.ts +0 -2
package/dist/routes/m2m.js +0 -72
package/dist/routes/metrics.d.ts +0 -8
package/dist/routes/metrics.js +0 -55
package/dist/routes/mfa.d.ts +0 -5
package/dist/routes/mfa.js +0 -628
package/dist/routes/oauth.d.ts +0 -2
package/dist/routes/oauth.js +0 -520
package/dist/routes/oidc.d.ts +0 -2
package/dist/routes/oidc.js +0 -29
package/dist/routes/passkey.d.ts +0 -1
package/dist/routes/passkey.js +0 -157
package/dist/routes/saml.d.ts +0 -2
package/dist/routes/saml.js +0 -86
package/dist/routes/scim.d.ts +0 -2
package/dist/routes/scim.js +0 -255
package/dist/routes/uploads.js +0 -227
package/dist/schemas/auth.js +0 -30
package/dist/server.d.ts +0 -57
package/dist/server.js +0 -112
package/dist/services/auth.d.ts +0 -29
package/dist/services/auth.js +0 -238
package/dist/ws/index.d.ts +0 -10
package/dist/ws/index.js +0 -39
package/docs/sections/adding-middleware/full.md +0 -35
package/docs/sections/adding-models/full.md +0 -125
package/docs/sections/adding-models/overview.md +0 -13
package/docs/sections/adding-routes/full.md +0 -182
package/docs/sections/adding-routes/overview.md +0 -23
package/docs/sections/auth-flow/full.md +0 -790
package/docs/sections/auth-flow/overview.md +0 -10
package/docs/sections/auth-security-examples/full.md +0 -388
package/docs/sections/authentication/full.md +0 -130
package/docs/sections/authentication/overview.md +0 -5
package/docs/sections/cli/full.md +0 -42
package/docs/sections/configuration/full.md +0 -172
package/docs/sections/configuration/overview.md +0 -18
package/docs/sections/configuration-example/full.md +0 -117
package/docs/sections/configuration-example/overview.md +0 -30
package/docs/sections/documentation/full.md +0 -171
package/docs/sections/environment-variables/full.md +0 -55
package/docs/sections/exports/full.md +0 -123
package/docs/sections/extending-context/full.md +0 -59
package/docs/sections/header.md +0 -3
package/docs/sections/installation/full.md +0 -6
package/docs/sections/jobs/full.md +0 -140
package/docs/sections/jobs/overview.md +0 -15
package/docs/sections/logging/full.md +0 -83
package/docs/sections/metrics/full.md +0 -131
package/docs/sections/mongodb-connections/full.md +0 -45
package/docs/sections/mongodb-connections/overview.md +0 -7
package/docs/sections/multi-tenancy/full.md +0 -66
package/docs/sections/multi-tenancy/overview.md +0 -15
package/docs/sections/oauth/full.md +0 -189
package/docs/sections/oauth/overview.md +0 -16
package/docs/sections/package-development/full.md +0 -7
package/docs/sections/pagination/full.md +0 -93
package/docs/sections/passkey-login/full.md +0 -90
package/docs/sections/passkey-login/overview.md +0 -1
package/docs/sections/peer-dependencies/full.md +0 -47
package/docs/sections/quick-start/full.md +0 -43
package/docs/sections/response-caching/full.md +0 -117
package/docs/sections/response-caching/overview.md +0 -13
package/docs/sections/roles/full.md +0 -225
package/docs/sections/roles/overview.md +0 -14
package/docs/sections/running-without-redis/full.md +0 -16
package/docs/sections/running-without-redis-or-mongodb/full.md +0 -60
package/docs/sections/signing/full.md +0 -203
package/docs/sections/stack/full.md +0 -10
package/docs/sections/uploads/full.md +0 -208
package/docs/sections/versioning/full.md +0 -85
package/docs/sections/webhook-auth/full.md +0 -100
package/docs/sections/websocket/full.md +0 -196
package/docs/sections/websocket/overview.md +0 -5
package/docs/sections/websocket-rooms/full.md +0 -102
package/docs/sections/websocket-rooms/overview.md +0 -5
/package/dist/{lib/storageAdapter.js → packages/bunshot-admin/src/types/env.js} +0 -0
/package/dist/{lib → packages/bunshot-auth/src/lib}/fingerprint.d.ts +0 -0
/package/dist/{lib → packages/bunshot-auth/src/lib}/logger.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/constants.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/storageAdapter.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/createDtoMapper.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.js +0 -0
/package/dist/{middleware → src/framework/middleware}/index.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/logger.js +0 -0
/package/dist/{lib → src/shared/lib}/constants.js +0 -0

package/dist/packages/bunshot-core/src/eventBus.d.ts ADDED Viewed

@@ -0,0 +1,270 @@
+export interface BunshotEventMap {
+    'app:ready': {
+        plugins: string[];
+    };
+    'app:shutdown': {
+        signal: 'SIGTERM' | 'SIGINT';
+    };
+    'security.auth.login.success': {
+        userId: string;
+        sessionId?: string;
+        ip?: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.auth.login.failure': {
+        identifier?: string;
+        reason?: string;
+        ip?: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.auth.login.blocked': {
+        identifier?: string;
+        userId?: string;
+        reason?: 'lockout' | 'stuffing' | 'suspended';
+        ip?: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.auth.register.success': {
+        userId: string;
+        email?: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.auth.register.failure': {
+        meta?: Record<string, unknown>;
+    };
+    'security.auth.register.concealed': {
+        meta?: Record<string, unknown>;
+    };
+    'security.auth.logout': {
+        sessionId?: string;
+        userId?: string;
+    };
+    'security.auth.account.locked': {
+        userId: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.auth.account.suspended': {
+        userId: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.auth.account.unsuspended': {
+        userId: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.auth.account.deleted': {
+        userId: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.auth.session.created': {
+        userId: string;
+        sessionId: string;
+    };
+    'security.auth.session.revoked': {
+        userId: string;
+        sessionId: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.auth.password.reset': {
+        userId?: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.auth.password.change': {
+        userId: string;
+    };
+    'security.auth.mfa.setup': {
+        userId?: string;
+    };
+    'security.auth.mfa.verify.success': {
+        userId?: string;
+    };
+    'security.auth.mfa.verify.failure': {
+        userId?: string;
+        method?: string;
+        ip?: string;
+    };
+    'security.auth.step_up.success': {
+        userId: string;
+    };
+    'security.auth.step_up.failure': {
+        userId: string;
+    };
+    'security.auth.oauth.linked': {
+        userId?: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.auth.oauth.unlinked': {
+        userId?: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.auth.oauth.reauthed': {
+        userId?: string;
+        sessionId?: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.rate_limit.exceeded': {
+        key?: string;
+        ip?: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.credential_stuffing.detected': {
+        type?: 'ip' | 'account';
+        key?: string;
+        count?: number;
+        ip?: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.csrf.failed': {
+        ip?: string;
+        path?: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.breached_password.detected': {
+        meta?: Record<string, unknown>;
+    };
+    'security.breached_password.api_failure': {
+        meta?: Record<string, unknown>;
+    };
+    'security.admin.role.changed': {
+        userId?: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.admin.user.modified': {
+        userId?: string;
+        meta?: Record<string, unknown>;
+    };
+    'security.admin.user.deleted': {
+        userId?: string;
+        meta?: Record<string, unknown>;
+    };
+    'auth:user.created': {
+        userId: string;
+        email?: string;
+        tenantId?: string | null;
+    };
+    'auth:user.deleted': {
+        userId: string;
+        tenantId?: string;
+    };
+    'auth:login': {
+        userId: string;
+        sessionId: string;
+        tenantId?: string;
+    };
+    'auth:logout': {
+        userId: string;
+        sessionId: string;
+    };
+    'auth:email.verified': {
+        userId: string;
+        email: string;
+    };
+    'auth:password.reset.requested': {
+        userId: string;
+        email: string;
+    };
+    'auth:account.deletion.scheduled': {
+        userId: string;
+        cancelToken: string;
+        gracePeriodSeconds: number;
+    };
+    'auth:mfa.enabled': {
+        userId: string;
+        method: 'totp' | 'email-otp' | 'webauthn';
+    };
+    'auth:mfa.disabled': {
+        userId: string;
+        method?: 'totp' | 'email-otp' | 'webauthn';
+    };
+    'auth:delivery.email_verification': {
+        email: string;
+        token: string;
+        userId: string;
+    };
+    'auth:delivery.password_reset': {
+        email: string;
+        token: string;
+    };
+    'auth:delivery.magic_link': {
+        identifier: string;
+        token: string;
+        link: string;
+    };
+    'auth:delivery.email_otp': {
+        email: string;
+        code: string;
+    };
+    'auth:delivery.account_deletion': {
+        userId: string;
+        email: string;
+        cancelToken: string;
+        gracePeriodSeconds: number;
+    };
+    'auth:delivery.welcome': {
+        email: string;
+        identifier: string;
+    };
+    'auth:delivery.org_invitation': {
+        email: string;
+        orgName: string;
+        invitationLink: string;
+        expiryDays: number;
+    };
+}
+export type SecurityEventKey = Extract<keyof BunshotEventMap, `security.${string}`>;
+export declare const SECURITY_EVENT_TYPES: ReadonlyArray<SecurityEventKey>;
+/**
+ * Built-in event keys safe to stream to browser clients via SSE.
+ * Frozen seed — copied into each event bus instance at creation.
+ * Instance-scoped mutable set lives on bus.clientSafeKeys.
+ *
+ * Core seeds an empty set. Plugin packages register their own client-safe
+ * keys at startup via bus.registerClientSafeEvents([...]).
+ *
+ * Never stream (forbidden namespaces enforced by registerClientSafeEvents):
+ * - `security.*`   — internal audit trail
+ * - `auth:*`       — sessionId, email, tokens
+ * - `push:*`       — delivery metadata
+ * - `app:*`        — server lifecycle signals
+ */
+export declare const BUILTIN_CLIENT_SAFE_KEYS: ReadonlySet<string>;
+export type ClientSafeEventKey = string;
+export declare const FORBIDDEN_CLIENT_PREFIXES: readonly ["security.", "auth:", "community:delivery.", "push:", "app:"];
+export interface SubscriptionOpts {
+    durable?: boolean;
+    /** REQUIRED when durable: true — runtime error thrown if missing */
+    name?: string;
+}
+export interface BunshotEventBus {
+    emit<K extends keyof BunshotEventMap>(event: K, payload: BunshotEventMap[K]): void;
+    on<K extends keyof BunshotEventMap>(event: K, listener: (payload: BunshotEventMap[K]) => void | Promise<void>, opts?: SubscriptionOpts): void;
+    off<K extends keyof BunshotEventMap>(event: K, listener: (payload: BunshotEventMap[K]) => void): void;
+    shutdown?(): Promise<void>;
+    /** Instance-scoped set of event keys safe to stream to browser clients via SSE. */
+    readonly clientSafeKeys: ReadonlySet<string>;
+    /**
+     * Register additional event keys as client-safe for SSE streaming.
+     * Keys with forbidden prefixes (security.*, auth:*, community:delivery.*, app:*) are rejected.
+     */
+    registerClientSafeEvents(keys: string[]): void;
+    /**
+     * Validate that a key is registered as client-safe.
+     * Throws on forbidden namespaces or unregistered keys.
+     */
+    ensureClientSafeEventKey(key: string, source?: string): ClientSafeEventKey;
+}
+export declare class InProcessAdapter implements BunshotEventBus {
+    private listeners;
+    private _clientSafeKeys;
+    private pendingHandlers;
+    constructor(initialClientSafeKeys?: Iterable<string>);
+    get clientSafeKeys(): ReadonlySet<string>;
+    registerClientSafeEvents(keys: string[]): void;
+    ensureClientSafeEventKey(key: string, source?: string): ClientSafeEventKey;
+    emit<K extends keyof BunshotEventMap>(event: K, payload: BunshotEventMap[K]): void;
+    /** Wait for all in-flight async event handlers to settle. Useful in tests. */
+    drain(): Promise<void>;
+    on<K extends keyof BunshotEventMap>(event: K, listener: (payload: BunshotEventMap[K]) => void | Promise<void>, opts?: SubscriptionOpts): void;
+    off<K extends keyof BunshotEventMap>(event: K, listener: (payload: BunshotEventMap[K]) => void): void;
+    shutdown(): Promise<void>;
+}
+export declare function createInProcessAdapter(initialClientSafeKeys?: Iterable<string>): BunshotEventBus;

package/dist/packages/bunshot-core/src/eventBus.js ADDED Viewed

@@ -0,0 +1,143 @@
+export const SECURITY_EVENT_TYPES = [
+    'security.auth.login.success',
+    'security.auth.login.failure',
+    'security.auth.login.blocked',
+    'security.auth.register.success',
+    'security.auth.register.failure',
+    'security.auth.register.concealed',
+    'security.auth.logout',
+    'security.auth.account.locked',
+    'security.auth.account.suspended',
+    'security.auth.account.unsuspended',
+    'security.auth.account.deleted',
+    'security.auth.session.created',
+    'security.auth.session.revoked',
+    'security.auth.password.reset',
+    'security.auth.password.change',
+    'security.auth.mfa.setup',
+    'security.auth.mfa.verify.success',
+    'security.auth.mfa.verify.failure',
+    'security.auth.step_up.success',
+    'security.auth.step_up.failure',
+    'security.auth.oauth.linked',
+    'security.auth.oauth.unlinked',
+    'security.auth.oauth.reauthed',
+    'security.rate_limit.exceeded',
+    'security.credential_stuffing.detected',
+    'security.csrf.failed',
+    'security.breached_password.detected',
+    'security.breached_password.api_failure',
+    'security.admin.role.changed',
+    'security.admin.user.modified',
+    'security.admin.user.deleted',
+];
+/**
+ * Built-in event keys safe to stream to browser clients via SSE.
+ * Frozen seed — copied into each event bus instance at creation.
+ * Instance-scoped mutable set lives on bus.clientSafeKeys.
+ *
+ * Core seeds an empty set. Plugin packages register their own client-safe
+ * keys at startup via bus.registerClientSafeEvents([...]).
+ *
+ * Never stream (forbidden namespaces enforced by registerClientSafeEvents):
+ * - `security.*`   — internal audit trail
+ * - `auth:*`       — sessionId, email, tokens
+ * - `push:*`       — delivery metadata
+ * - `app:*`        — server lifecycle signals
+ */
+export const BUILTIN_CLIENT_SAFE_KEYS = Object.freeze(new Set());
+export const FORBIDDEN_CLIENT_PREFIXES = [
+    'security.',
+    'auth:',
+    'community:delivery.',
+    'push:',
+    'app:',
+];
+function getForbiddenClientSafePrefix(key) {
+    return FORBIDDEN_CLIENT_PREFIXES.find(prefix => key.startsWith(prefix));
+}
+function getClientSafeRegistrationError(key) {
+    const prefix = getForbiddenClientSafePrefix(key);
+    if (!prefix)
+        return null;
+    return `Cannot register "${key}" as client-safe: "${prefix}" namespace is forbidden`;
+}
+export class InProcessAdapter {
+    listeners = new Map();
+    _clientSafeKeys;
+    pendingHandlers = new Set();
+    constructor(initialClientSafeKeys) {
+        this._clientSafeKeys = new Set(initialClientSafeKeys ?? BUILTIN_CLIENT_SAFE_KEYS);
+    }
+    get clientSafeKeys() {
+        return this._clientSafeKeys;
+    }
+    registerClientSafeEvents(keys) {
+        for (const key of keys) {
+            const error = getClientSafeRegistrationError(key);
+            if (error)
+                throw new Error(error);
+            this._clientSafeKeys.add(key);
+        }
+    }
+    ensureClientSafeEventKey(key, source = 'SSE config') {
+        const forbiddenPrefix = getForbiddenClientSafePrefix(key);
+        if (forbiddenPrefix) {
+            throw new Error(`[bunshot] ${source}: "${key}" cannot be streamed to clients because the "${forbiddenPrefix}" namespace is forbidden`);
+        }
+        if (!this._clientSafeKeys.has(key)) {
+            throw new Error(`[bunshot] ${source}: "${key}" is not registered as client-safe. Call bus.registerClientSafeEvents([...]) before createServer().`);
+        }
+        return key;
+    }
+    emit(event, payload) {
+        const fns = this.listeners.get(event);
+        if (!fns)
+            return;
+        for (const fn of Array.from(fns)) {
+            let result;
+            try {
+                result = fn(payload);
+            }
+            catch (err) {
+                console.error(`[BunshotEventBus] listener error on event "${String(event)}":`, err);
+                continue;
+            }
+            const p = Promise.resolve(result);
+            this.pendingHandlers.add(p);
+            p.catch((err) => {
+                console.error(`[BunshotEventBus] listener error on event "${String(event)}":`, err);
+            }).finally(() => {
+                this.pendingHandlers.delete(p);
+            });
+        }
+    }
+    /** Wait for all in-flight async event handlers to settle. Useful in tests. */
+    async drain() {
+        await Promise.allSettled([...this.pendingHandlers]);
+    }
+    on(event, listener, opts) {
+        if (opts?.durable === true) {
+            if (!opts?.name) {
+                throw new Error('BunshotEventBus: durable subscriptions require a name. Pass opts.name.');
+            }
+            // InProcessAdapter does not support durable subscriptions — degrade gracefully
+            console.warn('[BunshotEventBus] InProcessAdapter does not support durable subscriptions — listener registered as non-durable.');
+        }
+        const key = event; // K extends string — safe cast
+        if (!this.listeners.has(key))
+            this.listeners.set(key, new Set());
+        this.listeners.get(key).add(listener);
+    }
+    off(event, listener) {
+        this.listeners
+            .get(event)
+            ?.delete(listener);
+    }
+    async shutdown() {
+        this.listeners.clear();
+    }
+}
+export function createInProcessAdapter(initialClientSafeKeys) {
+    return new InProcessAdapter(initialClientSafeKeys);
+}

package/dist/packages/bunshot-core/src/idempotency.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * IdempotencyAdapter — storage contract for idempotency key caching.
+ *
+ * Implementations store request responses keyed by idempotency key,
+ * with TTL-based expiration.
+ */
+export interface IdempotencyAdapter {
+    /** Get a cached idempotency record by key. Returns null if not found or expired. */
+    get(key: string): Promise<{
+        response: string;
+        status: number;
+        createdAt: number;
+    } | null>;
+    /** Store an idempotency record. Implementations should respect TTL for automatic expiration. */
+    set(key: string, response: string, status: number, ttlSeconds: number): Promise<void>;
+    /** Optional reset hook used by ctx.clear() for test isolation. */
+    clear?(): Promise<void>;
+}

package/dist/packages/bunshot-core/src/idempotency.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/packages/bunshot-core/src/index.d.ts ADDED Viewed

@@ -0,0 +1,60 @@
+export type { BunshotPlugin, StandalonePlugin } from './plugin';
+export type { BunshotEventBus, BunshotEventMap, SecurityEventKey, SubscriptionOpts, ClientSafeEventKey, } from './eventBus';
+export { InProcessAdapter, createInProcessAdapter, SECURITY_EVENT_TYPES, BUILTIN_CLIENT_SAFE_KEYS, FORBIDDEN_CLIENT_PREFIXES, } from './eventBus';
+export { createRouterAdapter } from './routerAdapter';
+export type { RouterAdapterOptions } from './routerAdapter';
+export type { SseClientData, SseFilter, SseEndpointConfig } from './sse';
+export type { SubjectType, GrantEffect, SubjectRef, PermissionGrant, EvaluationScope, PermissionsAdapter, TestablePermissionsAdapter, ResourceTypeDefinition, PermissionRegistry, GroupResolver, PermissionEvaluator, } from './permissions';
+export { validateGrant, SUPER_ADMIN_ROLE } from './permissions';
+export type { RenderResult, MailRenderer } from './mail';
+export { TemplateNotFoundError } from './mail';
+export type { IdentityProfile, WebAuthnCredential, M2MClientRecord, UserQuery, UserRecord, GroupRecord, GroupMembershipRecord, PaginationOpts, PaginatedResult, CoreAuthAdapter, OAuthAdapter, MfaAdapter, WebAuthnAdapter, RolesAdapter, GroupsAdapter, SuspensionAdapter, EnterpriseAdapter, AuthAdapter, } from './auth-adapter';
+export { createRoute, withSecurity, registerSchema, registerSchemas, maybeAutoRegister, } from './createRoute';
+export { offsetParams, parseOffsetParams, paginatedResponse } from './pagination';
+export { cursorParams, parseCursorParams, cursorPaginatedResponse } from './pagination';
+export type { OffsetParamDefaults, ParsedOffsetParams } from './pagination';
+export type { CursorParamDefaults, ParsedCursorParams } from './pagination';
+export type { AuditLogEntry, AuditLogQuery, AuditLogProvider } from './auditLog';
+export type { CaptchaProvider, CaptchaConfig } from './captcha';
+export type { CsrfConfig } from './csrf';
+export { HttpError, ValidationError, UnsupportedAdapterFeatureError } from './errors';
+export { sha256, timingSafeEqual, hashToken, encryptField, decryptField, isEncryptedField, } from './crypto';
+export type { DataEncryptionKey } from './crypto';
+export { COOKIE_TOKEN, HEADER_USER_TOKEN, COOKIE_REFRESH_TOKEN, HEADER_REFRESH_TOKEN, COOKIE_CSRF_TOKEN, HEADER_CSRF_TOKEN, HEADER_REQUEST_ID, HEADER_IDEMPOTENCY_KEY, HEADER_SIGNATURE, HEADER_TIMESTAMP, } from './constants';
+export type { SigningConfig } from './signing';
+export type { RedisLike } from './redis';
+export { getClientIp, setStandaloneTrustProxy } from './clientIp';
+export type { AuthVariables } from './authVariables';
+export type { StorageAdapter, UploadResult } from './storageAdapter';
+export type { IdempotencyAdapter } from './idempotency';
+export type { UploadRecord, UploadRegistryRepository } from './uploadRegistry';
+export type { StoredMessage, WsMessageDefaults, RoomPersistenceConfig, WsMessageRepository, } from './wsMessages';
+export { createRouter, defaultHook, defaultValidationErrorFormatter, getBunshotCtx, } from './context';
+export type { AppEnv, AppVariables, ValidationErrorFormatter, DefaultValidationErrorBody, ValidationErrorDetail, } from './context';
+export { evictOldest, evictExpired, evictOldestArray, DEFAULT_MAX_ENTRIES } from './memoryEviction';
+export type { UserResolver } from './userResolver';
+export { getUserResolver, getUserResolverOrNull } from './userResolver';
+export type { RouteAuthRegistry } from './routeAuth';
+export { getRouteAuth, getRouteAuthOrNull } from './routeAuth';
+export type { RateLimitAdapter, FingerprintBuilder } from './rateLimit';
+export { getRateLimitAdapter, getFingerprintBuilder } from './rateLimit';
+export type { CacheAdapter, CacheStoreName } from './cache';
+export { getCacheAdapter, getCacheAdapterOrNull } from './cache';
+export type { EmailTemplate } from './emailTemplates';
+export { getEmailTemplates, getEmailTemplate } from './emailTemplates';
+export { createMemoryRateLimitAdapter } from './defaults/memoryRateLimit';
+export { createDefaultFingerprintBuilder } from './defaults/defaultFingerprint';
+export { createMemoryCacheAdapter } from './defaults/memoryCacheAdapter';
+export { warnUnknownPluginKeys, validatePluginConfig, disableRoutesSchema, } from './configValidation';
+export type { RouteKey } from './routeOverrides';
+export { routeKey, shouldMountRoute } from './routeOverrides';
+export type { BunshotContext, BunshotResolvedConfig, BunshotFrameworkConfig, ResolvedStores, WsState, WsTransportHandle, UploadRuntimeState, ResolvedPersistence, } from './context/index';
+export { attachContext, getContext, getContextOrNull, resolveContext } from './context/index';
+export type { CoreRegistrar, CoreRegistrarSnapshot } from './coreRegistrar';
+export { createCoreRegistrar } from './coreRegistrar';
+export type { ISecretRepository, SecretStoreType, SecretDefinition, SecretSchema, ResolvedSecrets, } from './secrets';
+export type { StoreType } from './storeType';
+export type { ICronRegistryRepository } from './cronRegistry';
+export type { StoreInfra, RepoFactories, PostgresBundle } from './storeInfra';
+export { resolveRepo, resolveRepoAsync } from './storeInfra';
+export type { AdminPrincipal, AdminAccessProvider, ManagedUserRecord, ListUsersInput, ListUsersResult, SuspendUserInput, UnsuspendUserInput, UpdateUserInput, SessionRecord, ManagedUserCapabilities, ManagedUserProvider, } from './adminProvider';

package/dist/packages/bunshot-core/src/index.js ADDED Viewed

@@ -0,0 +1,34 @@
+export { InProcessAdapter, createInProcessAdapter, SECURITY_EVENT_TYPES, BUILTIN_CLIENT_SAFE_KEYS, FORBIDDEN_CLIENT_PREFIXES, } from './eventBus';
+export { createRouterAdapter } from './routerAdapter';
+export { validateGrant, SUPER_ADMIN_ROLE } from './permissions';
+export { TemplateNotFoundError } from './mail';
+export { createRoute, withSecurity, registerSchema, registerSchemas, maybeAutoRegister, } from './createRoute';
+export { offsetParams, parseOffsetParams, paginatedResponse } from './pagination';
+export { cursorParams, parseCursorParams, cursorPaginatedResponse } from './pagination';
+// --- errors ---
+export { HttpError, ValidationError, UnsupportedAdapterFeatureError } from './errors';
+// --- crypto ---
+export { sha256, timingSafeEqual, hashToken, encryptField, decryptField, isEncryptedField, } from './crypto';
+// --- constants ---
+export { COOKIE_TOKEN, HEADER_USER_TOKEN, COOKIE_REFRESH_TOKEN, HEADER_REFRESH_TOKEN, COOKIE_CSRF_TOKEN, HEADER_CSRF_TOKEN, HEADER_REQUEST_ID, HEADER_IDEMPOTENCY_KEY, HEADER_SIGNATURE, HEADER_TIMESTAMP, } from './constants';
+// --- clientIp ---
+export { getClientIp, setStandaloneTrustProxy } from './clientIp';
+// --- context (AppEnv, createRouter, validation) ---
+export { createRouter, defaultHook, defaultValidationErrorFormatter, getBunshotCtx, } from './context';
+// --- memoryEviction ---
+export { evictOldest, evictExpired, evictOldestArray, DEFAULT_MAX_ENTRIES } from './memoryEviction';
+export { getUserResolver, getUserResolverOrNull } from './userResolver';
+export { getRouteAuth, getRouteAuthOrNull } from './routeAuth';
+export { getRateLimitAdapter, getFingerprintBuilder } from './rateLimit';
+export { getCacheAdapter, getCacheAdapterOrNull } from './cache';
+export { getEmailTemplates, getEmailTemplate } from './emailTemplates';
+// --- Auth boundary defaults ---
+export { createMemoryRateLimitAdapter } from './defaults/memoryRateLimit';
+export { createDefaultFingerprintBuilder } from './defaults/defaultFingerprint';
+export { createMemoryCacheAdapter } from './defaults/memoryCacheAdapter';
+// --- configValidation ---
+export { warnUnknownPluginKeys, validatePluginConfig, disableRoutesSchema, } from './configValidation';
+export { routeKey, shouldMountRoute } from './routeOverrides';
+export { attachContext, getContext, getContextOrNull, resolveContext } from './context/index';
+export { createCoreRegistrar } from './coreRegistrar';
+export { resolveRepo, resolveRepoAsync } from './storeInfra';

package/dist/packages/bunshot-core/src/mail.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+export interface RenderResult {
+    subject?: string;
+    html: string;
+    text?: string;
+}
+export declare class TemplateNotFoundError extends Error {
+    readonly templateName: string;
+    constructor(templateName: string);
+}
+export interface MailRenderer {
+    name: string;
+    render(template: string, data: Record<string, unknown>): Promise<RenderResult>;
+    listTemplates?(): Promise<string[]>;
+}

package/dist/packages/bunshot-core/src/mail.js ADDED Viewed

@@ -0,0 +1,8 @@
+export class TemplateNotFoundError extends Error {
+    templateName;
+    constructor(templateName) {
+        super(`Template not found: ${templateName}`);
+        this.templateName = templateName;
+        this.name = 'TemplateNotFoundError';
+    }
+}

package/dist/packages/bunshot-core/src/memoryEviction.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * Evict oldest entries from a Map when it exceeds maxEntries.
+ * Maps iterate in insertion order, so deleting from the start removes oldest.
+ */
+export declare function evictOldest<K, V>(map: Map<K, V>, maxEntries: number): void;
+/**
+ * Evict entries with expired TTL from a Map.
+ * Entries must have an `expiresAt` field (epoch ms).
+ *
+ * The full scan is throttled to at most once per EVICTION_INTERVAL_MS per store,
+ * so it does not run on every write for high-frequency callers.
+ * Individual get() calls still do point-in-time checks — entries are never
+ * served after their TTL regardless of when the next full scan runs.
+ */
+export declare function evictExpired<K, V extends {
+    expiresAt?: number;
+}>(map: Map<K, V>, intervalMs?: number): void;
+/**
+ * Evict oldest entries from an Array when it exceeds maxEntries.
+ * Splices from the front (oldest-first assumption).
+ */
+export declare function evictOldestArray<T>(arr: T[], maxEntries: number): void;
+/** Default max entries for dev/test memory stores. */
+export declare const DEFAULT_MAX_ENTRIES = 10000;

package/dist/packages/bunshot-core/src/memoryEviction.js ADDED Viewed

@@ -0,0 +1,52 @@
+// ---------------------------------------------------------------------------
+// Memory store eviction utilities
+// ---------------------------------------------------------------------------
+/**
+ * Evict oldest entries from a Map when it exceeds maxEntries.
+ * Maps iterate in insertion order, so deleting from the start removes oldest.
+ */
+export function evictOldest(map, maxEntries) {
+    if (map.size <= maxEntries)
+        return;
+    const excess = map.size - maxEntries;
+    let i = 0;
+    for (const key of map.keys()) {
+        if (i++ >= excess)
+            break;
+        map.delete(key);
+    }
+}
+const lastEvictionTime = new WeakMap();
+/** How often the full O(n) expired-entry scan runs per store. */
+const EVICTION_INTERVAL_MS = 5_000;
+/**
+ * Evict entries with expired TTL from a Map.
+ * Entries must have an `expiresAt` field (epoch ms).
+ *
+ * The full scan is throttled to at most once per EVICTION_INTERVAL_MS per store,
+ * so it does not run on every write for high-frequency callers.
+ * Individual get() calls still do point-in-time checks — entries are never
+ * served after their TTL regardless of when the next full scan runs.
+ */
+export function evictExpired(map, intervalMs = EVICTION_INTERVAL_MS) {
+    const now = Date.now();
+    const last = lastEvictionTime.get(map) ?? 0;
+    if (now - last < intervalMs)
+        return;
+    lastEvictionTime.set(map, now);
+    for (const [key, val] of map) {
+        if (val.expiresAt && val.expiresAt <= now)
+            map.delete(key);
+    }
+}
+/**
+ * Evict oldest entries from an Array when it exceeds maxEntries.
+ * Splices from the front (oldest-first assumption).
+ */
+export function evictOldestArray(arr, maxEntries) {
+    if (arr.length <= maxEntries)
+        return;
+    arr.splice(0, arr.length - maxEntries);
+}
+/** Default max entries for dev/test memory stores. */
+export const DEFAULT_MAX_ENTRIES = 10_000;

package/dist/packages/bunshot-core/src/pagination.d.ts ADDED Viewed

@@ -0,0 +1,45 @@
+import { z } from 'zod';
+import type { ZodType } from 'zod';
+export interface OffsetParamDefaults {
+    limit?: number;
+    maxLimit?: number;
+    offset?: number;
+}
+export interface ParsedOffsetParams {
+    limit: number;
+    offset: number;
+}
+export declare function offsetParams(defaults?: OffsetParamDefaults): z.ZodObject<{
+    limit: z.ZodOptional<z.ZodString>;
+    offset: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export declare function parseOffsetParams(raw: {
+    limit?: string;
+    offset?: string;
+}, defaults?: OffsetParamDefaults): ParsedOffsetParams;
+export declare function paginatedResponse<T extends ZodType>(itemSchema: T, name: string): z.ZodObject<{
+    items: z.ZodArray<T>;
+    total: z.ZodNumber;
+    limit: z.ZodNumber;
+    offset: z.ZodNumber;
+}, z.core.$strip>;
+export interface CursorParamDefaults {
+    limit?: number;
+    maxLimit?: number;
+}
+export interface ParsedCursorParams {
+    limit: number;
+    cursor: string | undefined;
+}
+export declare function cursorParams(defaults?: CursorParamDefaults): z.ZodObject<{
+    limit: z.ZodOptional<z.ZodString>;
+    cursor: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export declare function parseCursorParams(raw: {
+    limit?: string;
+    cursor?: string;
+}, defaults?: CursorParamDefaults): ParsedCursorParams;
+export declare function cursorPaginatedResponse<T extends ZodType>(itemSchema: T, name: string): z.ZodObject<{
+    items: z.ZodArray<T>;
+    nextCursor: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;