npm - @lastshotlabs/bunshot - Versions diffs - 0.0.27 → 0.0.28 - Mend

@lastshotlabs/bunshot 0.0.27 → 0.0.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (742) hide show

package/.oclif.manifest.json +39 -0
package/README.md +8282 -2147
package/dist/cli/commands/init.js +690 -0
package/dist/cli/index.js +6 -0
package/dist/cli.js +4 -4
package/dist/packages/bunshot-admin/src/index.d.ts +15 -0
package/dist/packages/bunshot-admin/src/index.js +11 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.d.ts +8 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.js +33 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.d.ts +14 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.js +17 -0
package/dist/packages/bunshot-admin/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-admin/src/plugin.js +46 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.d.ts +6 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.js +32 -0
package/dist/packages/bunshot-admin/src/routes/admin.d.ts +10 -0
package/dist/packages/bunshot-admin/src/routes/admin.js +923 -0
package/dist/packages/bunshot-admin/src/routes/mail.d.ts +6 -0
package/dist/packages/bunshot-admin/src/routes/mail.js +114 -0
package/dist/packages/bunshot-admin/src/routes/permissions.d.ts +8 -0
package/dist/packages/bunshot-admin/src/routes/permissions.js +315 -0
package/dist/packages/bunshot-admin/src/types/config.d.ts +16 -0
package/dist/packages/bunshot-admin/src/types/config.js +37 -0
package/dist/packages/bunshot-admin/src/types/env.d.ts +14 -0
package/dist/packages/bunshot-admin/src/types/provider.d.ts +1 -0
package/dist/packages/bunshot-admin/src/types/provider.js +4 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.d.ts +66 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.js +1063 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.d.ts +2 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.js +536 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.d.ts +88 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.js +1366 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.d.ts +2 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.js +23 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.d.ts +5 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.js +131 -0
package/dist/packages/bunshot-auth/src/bootstrap.d.ts +38 -0
package/dist/packages/bunshot-auth/src/bootstrap.js +384 -0
package/dist/packages/bunshot-auth/src/config/appConfig.d.ts +3 -0
package/dist/packages/bunshot-auth/src/config/appConfig.js +4 -0
package/dist/packages/bunshot-auth/src/config/authConfig.d.ts +478 -0
package/dist/packages/bunshot-auth/src/config/authConfig.js +46 -0
package/dist/packages/bunshot-auth/src/config/configLock.d.ts +2 -0
package/dist/packages/bunshot-auth/src/config/configLock.js +10 -0
package/dist/packages/bunshot-auth/src/index.d.ts +25 -0
package/dist/packages/bunshot-auth/src/index.js +23 -0
package/dist/packages/bunshot-auth/src/infra/mongo.d.ts +15 -0
package/dist/packages/bunshot-auth/src/infra/mongo.js +44 -0
package/dist/packages/bunshot-auth/src/infra/queue.d.ts +14 -0
package/dist/packages/bunshot-auth/src/infra/queue.js +27 -0
package/dist/packages/bunshot-auth/src/infra/redis.d.ts +5 -0
package/dist/packages/bunshot-auth/src/infra/redis.js +15 -0
package/dist/packages/bunshot-auth/src/infra/signing.d.ts +7 -0
package/dist/packages/bunshot-auth/src/infra/signing.js +8 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.d.ts +34 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.js +244 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authContext.d.ts +15 -0
package/dist/packages/bunshot-auth/src/lib/authContext.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.d.ts +4 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.js +15 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.js +205 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/breachedPassword.d.ts +8 -2
package/dist/{lib → packages/bunshot-auth/src/lib}/breachedPassword.js +22 -9
package/dist/packages/bunshot-auth/src/lib/cache.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/cache.js +120 -0
package/dist/packages/bunshot-auth/src/lib/clientIp.d.ts +4 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/clientIp.js +14 -7
package/dist/packages/bunshot-auth/src/lib/cookieOptions.d.ts +27 -0
package/dist/packages/bunshot-auth/src/lib/cookieOptions.js +33 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.d.ts +40 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.js +221 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.js +148 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.d.ts +23 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.js +265 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.d.ts +30 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.js +200 -0
package/dist/packages/bunshot-auth/src/lib/env.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/env.js +3 -0
package/dist/packages/bunshot-auth/src/lib/fingerprint.js +36 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.d.ts +15 -16
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.js +22 -34
package/dist/packages/bunshot-auth/src/lib/jwks.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/jwks.js +79 -0
package/dist/packages/bunshot-auth/src/lib/jwt.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/jwt.js +86 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/logger.js +3 -3
package/dist/{lib → packages/bunshot-auth/src/lib}/m2m.d.ts +5 -4
package/dist/{lib → packages/bunshot-auth/src/lib}/m2m.js +6 -10
package/dist/packages/bunshot-auth/src/lib/magicLink.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/magicLink.js +145 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.d.ts +60 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.js +419 -0
package/dist/packages/bunshot-auth/src/lib/oauth.d.ts +82 -0
package/dist/packages/bunshot-auth/src/lib/oauth.js +177 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.js +182 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.js +255 -0
package/dist/packages/bunshot-auth/src/lib/organization.d.ts +66 -0
package/dist/packages/bunshot-auth/src/lib/organization.js +225 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.js +31 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.d.ts +20 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.js +148 -0
package/dist/packages/bunshot-auth/src/lib/roles.d.ts +9 -0
package/dist/packages/bunshot-auth/src/lib/roles.js +93 -0
package/dist/packages/bunshot-auth/src/lib/saml.d.ts +29 -0
package/dist/packages/bunshot-auth/src/lib/saml.js +73 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.js +129 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/scim.d.ts +7 -7
package/dist/{lib → packages/bunshot-auth/src/lib}/scim.js +15 -13
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.d.ts +22 -0
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.js +65 -0
package/dist/packages/bunshot-auth/src/lib/session.d.ts +45 -0
package/dist/packages/bunshot-auth/src/lib/session.js +1211 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.d.ts +26 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.js +18 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/suspension.d.ts +3 -2
package/dist/{lib → packages/bunshot-auth/src/lib}/suspension.js +2 -5
package/dist/packages/bunshot-auth/src/lib/validateAdapter.d.ts +16 -0
package/dist/packages/bunshot-auth/src/lib/validateAdapter.js +161 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.js +58 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/csrf.d.ts +5 -4
package/dist/packages/bunshot-auth/src/middleware/csrf.js +138 -0
package/dist/packages/bunshot-auth/src/middleware/identify.d.ts +4 -0
package/dist/packages/bunshot-auth/src/middleware/identify.js +124 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.js +10 -8
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.js +20 -16
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireScope.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireScope.js +6 -6
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireStepUp.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireStepUp.js +8 -7
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.js +7 -6
package/dist/packages/bunshot-auth/src/middleware/scimAuth.d.ts +8 -0
package/dist/packages/bunshot-auth/src/middleware/scimAuth.js +29 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.js +6 -0
package/dist/{models → packages/bunshot-auth/src/models}/AuthUser.d.ts +12 -8
package/dist/packages/bunshot-auth/src/models/AuthUser.js +53 -0
package/dist/packages/bunshot-auth/src/models/Group.d.ts +19 -0
package/dist/packages/bunshot-auth/src/models/Group.js +22 -0
package/dist/{models → packages/bunshot-auth/src/models}/GroupMembership.d.ts +6 -8
package/dist/packages/bunshot-auth/src/models/GroupMembership.js +19 -0
package/dist/{models → packages/bunshot-auth/src/models}/M2MClient.d.ts +1 -1
package/dist/{models → packages/bunshot-auth/src/models}/M2MClient.js +5 -5
package/dist/packages/bunshot-auth/src/models/TenantRole.d.ts +13 -0
package/dist/packages/bunshot-auth/src/models/TenantRole.js +17 -0
package/dist/packages/bunshot-auth/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-auth/src/plugin.js +274 -0
package/dist/packages/bunshot-auth/src/routes/auth.d.ts +15 -0
package/dist/packages/bunshot-auth/src/routes/auth.js +1624 -0
package/dist/packages/bunshot-auth/src/routes/groups.d.ts +4 -0
package/dist/packages/bunshot-auth/src/routes/groups.js +481 -0
package/dist/packages/bunshot-auth/src/routes/m2m.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/m2m.js +145 -0
package/dist/packages/bunshot-auth/src/routes/mfa.d.ts +6 -0
package/dist/packages/bunshot-auth/src/routes/mfa.js +991 -0
package/dist/packages/bunshot-auth/src/routes/oauth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/oauth.js +1727 -0
package/dist/packages/bunshot-auth/src/routes/oidc.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/oidc.js +84 -0
package/dist/packages/bunshot-auth/src/routes/organizations.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/organizations.js +741 -0
package/dist/packages/bunshot-auth/src/routes/passkey.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/passkey.js +199 -0
package/dist/packages/bunshot-auth/src/routes/saml.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/saml.js +226 -0
package/dist/packages/bunshot-auth/src/routes/scim.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/scim.js +588 -0
package/dist/packages/bunshot-auth/src/runtime.d.ts +52 -0
package/dist/packages/bunshot-auth/src/runtime.js +11 -0
package/dist/{schemas → packages/bunshot-auth/src/schemas}/auth.d.ts +4 -5
package/dist/packages/bunshot-auth/src/schemas/auth.js +24 -0
package/dist/packages/bunshot-auth/src/schemas/error.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/error.js +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.js +10 -0
package/dist/packages/bunshot-auth/src/services/auth.d.ts +39 -0
package/dist/packages/bunshot-auth/src/services/auth.js +378 -0
package/dist/{services → packages/bunshot-auth/src/services}/mfa.d.ts +41 -17
package/dist/{services → packages/bunshot-auth/src/services}/mfa.js +259 -183
package/dist/packages/bunshot-auth/src/testing.d.ts +31 -0
package/dist/packages/bunshot-auth/src/testing.js +23 -0
package/dist/packages/bunshot-auth/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/adapter.js +1 -0
package/dist/packages/bunshot-auth/src/types/config.d.ts +152 -0
package/dist/packages/bunshot-auth/src/types/config.js +179 -0
package/dist/{routes → packages/bunshot-auth/src/types}/groups.d.ts +2 -3
package/dist/packages/bunshot-auth/src/types/groups.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.d.ts +6 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.js +1 -0
package/dist/packages/bunshot-auth/src/types/redis.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/redis.js +1 -0
package/dist/packages/bunshot-auth/src/types/saml.d.ts +10 -0
package/dist/packages/bunshot-auth/src/types/saml.js +1 -0
package/dist/packages/bunshot-auth/src/types/session.d.ts +18 -0
package/dist/packages/bunshot-auth/src/types/session.js +1 -0
package/dist/packages/bunshot-auth/src/types/store.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/store.js +1 -0
package/dist/packages/bunshot-core/src/adminProvider.d.ts +95 -0
package/dist/packages/bunshot-core/src/adminProvider.js +1 -0
package/dist/packages/bunshot-core/src/auditLog.d.ts +34 -0
package/dist/packages/bunshot-core/src/auditLog.js +1 -0
package/dist/packages/bunshot-core/src/auth-adapter.d.ts +227 -0
package/dist/packages/bunshot-core/src/auth-adapter.js +4 -0
package/dist/packages/bunshot-core/src/authVariables.d.ts +14 -0
package/dist/packages/bunshot-core/src/authVariables.js +4 -0
package/dist/packages/bunshot-core/src/cache.d.ts +12 -0
package/dist/packages/bunshot-core/src/cache.js +21 -0
package/dist/{lib → packages/bunshot-core/src}/captcha.d.ts +1 -10
package/dist/packages/bunshot-core/src/captcha.js +1 -0
package/dist/packages/bunshot-core/src/clearRegistry.d.ts +6 -0
package/dist/packages/bunshot-core/src/clearRegistry.js +17 -0
package/dist/packages/bunshot-core/src/clientIp.d.ts +3 -0
package/dist/packages/bunshot-core/src/clientIp.js +45 -0
package/dist/packages/bunshot-core/src/configLock.d.ts +4 -0
package/dist/packages/bunshot-core/src/configLock.js +7 -0
package/dist/packages/bunshot-core/src/configValidation.d.ts +22 -0
package/dist/packages/bunshot-core/src/configValidation.js +39 -0
package/dist/packages/bunshot-core/src/constants.js +10 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.d.ts +232 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.js +1 -0
package/dist/packages/bunshot-core/src/context/contextAccess.d.ts +3 -0
package/dist/packages/bunshot-core/src/context/contextAccess.js +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.d.ts +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.js +31 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.d.ts +38 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.js +1 -0
package/dist/packages/bunshot-core/src/context/index.d.ts +4 -0
package/dist/packages/bunshot-core/src/context/index.js +2 -0
package/dist/packages/bunshot-core/src/context.d.ts +40 -0
package/dist/packages/bunshot-core/src/context.js +35 -0
package/dist/packages/bunshot-core/src/coreContracts.d.ts +47 -0
package/dist/packages/bunshot-core/src/coreContracts.js +1 -0
package/dist/packages/bunshot-core/src/coreRegistrar.d.ts +6 -0
package/dist/packages/bunshot-core/src/coreRegistrar.js +42 -0
package/dist/{lib → packages/bunshot-core/src}/createRoute.d.ts +4 -30
package/dist/{lib → packages/bunshot-core/src}/createRoute.js +39 -88
package/dist/packages/bunshot-core/src/cronRegistry.d.ts +11 -0
package/dist/packages/bunshot-core/src/cronRegistry.js +1 -0
package/dist/packages/bunshot-core/src/crypto.d.ts +43 -0
package/dist/packages/bunshot-core/src/crypto.js +74 -0
package/dist/packages/bunshot-core/src/csrf.d.ts +8 -0
package/dist/packages/bunshot-core/src/csrf.js +1 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.d.ts +7 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.js +19 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.js +40 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.js +24 -0
package/dist/packages/bunshot-core/src/emailTemplates.d.ts +5 -0
package/dist/packages/bunshot-core/src/emailTemplates.js +10 -0
package/dist/{lib/HttpError.d.ts → packages/bunshot-core/src/errors.d.ts} +4 -1
package/dist/{lib/HttpError.js → packages/bunshot-core/src/errors.js} +7 -1
package/dist/packages/bunshot-core/src/eventBus.d.ts +270 -0
package/dist/packages/bunshot-core/src/eventBus.js +143 -0
package/dist/packages/bunshot-core/src/idempotency.d.ts +18 -0
package/dist/packages/bunshot-core/src/idempotency.js +1 -0
package/dist/packages/bunshot-core/src/index.d.ts +60 -0
package/dist/packages/bunshot-core/src/index.js +34 -0
package/dist/packages/bunshot-core/src/mail.d.ts +14 -0
package/dist/packages/bunshot-core/src/mail.js +8 -0
package/dist/packages/bunshot-core/src/memoryEviction.d.ts +24 -0
package/dist/packages/bunshot-core/src/memoryEviction.js +52 -0
package/dist/packages/bunshot-core/src/pagination.d.ts +45 -0
package/dist/packages/bunshot-core/src/pagination.js +61 -0
package/dist/packages/bunshot-core/src/permissions.d.ts +64 -0
package/dist/packages/bunshot-core/src/permissions.js +27 -0
package/dist/packages/bunshot-core/src/plugin.d.ts +44 -0
package/dist/packages/bunshot-core/src/plugin.js +1 -0
package/dist/packages/bunshot-core/src/rateLimit.d.ts +5 -0
package/dist/packages/bunshot-core/src/rateLimit.js +18 -0
package/dist/packages/bunshot-core/src/redis.d.ts +21 -0
package/dist/packages/bunshot-core/src/redis.js +1 -0
package/dist/packages/bunshot-core/src/routeAuth.d.ts +5 -0
package/dist/packages/bunshot-core/src/routeAuth.js +11 -0
package/dist/packages/bunshot-core/src/routeOverrides.d.ts +24 -0
package/dist/packages/bunshot-core/src/routeOverrides.js +25 -0
package/dist/packages/bunshot-core/src/routerAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/routerAdapter.js +56 -0
package/dist/packages/bunshot-core/src/secrets.d.ts +48 -0
package/dist/packages/bunshot-core/src/secrets.js +8 -0
package/dist/packages/bunshot-core/src/signing.d.ts +41 -0
package/dist/packages/bunshot-core/src/signing.js +1 -0
package/dist/packages/bunshot-core/src/sse.d.ts +36 -0
package/dist/packages/bunshot-core/src/sse.js +1 -0
package/dist/packages/bunshot-core/src/storageAdapter.js +1 -0
package/dist/packages/bunshot-core/src/storeInfra.d.ts +44 -0
package/dist/packages/bunshot-core/src/storeInfra.js +18 -0
package/dist/packages/bunshot-core/src/storeType.d.ts +7 -0
package/dist/packages/bunshot-core/src/storeType.js +1 -0
package/dist/packages/bunshot-core/src/testing.d.ts +1 -0
package/dist/packages/bunshot-core/src/testing.js +1 -0
package/dist/packages/bunshot-core/src/uploadRegistry.d.ts +23 -0
package/dist/packages/bunshot-core/src/uploadRegistry.js +4 -0
package/dist/packages/bunshot-core/src/userResolver.d.ts +5 -0
package/dist/packages/bunshot-core/src/userResolver.js +14 -0
package/dist/packages/bunshot-core/src/wsMessages.d.ts +42 -0
package/dist/packages/bunshot-core/src/wsMessages.js +4 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.js +73 -0
package/dist/packages/bunshot-permissions/src/index.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/index.js +5 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.js +12 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.js +165 -0
package/dist/packages/bunshot-permissions/src/lib/registry.d.ts +2 -0
package/dist/packages/bunshot-permissions/src/lib/registry.js +31 -0
package/dist/packages/bunshot-permissions/src/lib/validation.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/lib/validation.js +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.js +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.js +1 -0
package/dist/packages/bunshot-permissions/src/types/models.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/models.js +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.js +1 -0
package/dist/packages/bunshot-postgres/src/adapter.d.ts +6 -0
package/dist/packages/bunshot-postgres/src/adapter.js +794 -0
package/dist/packages/bunshot-postgres/src/connection.d.ts +15 -0
package/dist/packages/bunshot-postgres/src/connection.js +16 -0
package/dist/packages/bunshot-postgres/src/index.d.ts +4 -0
package/dist/packages/bunshot-postgres/src/index.js +2 -0
package/dist/packages/bunshot-postgres/src/schema.d.ts +997 -0
package/dist/packages/bunshot-postgres/src/schema.js +105 -0
package/dist/src/app.d.ts +230 -0
package/dist/src/app.js +182 -0
package/dist/src/cli/commands/init.d.ts +10 -0
package/dist/src/cli/commands/init.js +709 -0
package/dist/src/cli/index.d.ts +1 -0
package/dist/src/cli/index.js +3 -0
package/dist/src/entrypoints/mongo.d.ts +6 -0
package/dist/src/entrypoints/mongo.js +4 -0
package/dist/src/entrypoints/queue.d.ts +2 -0
package/dist/src/entrypoints/queue.js +1 -0
package/dist/src/entrypoints/redis.d.ts +1 -0
package/dist/src/entrypoints/redis.js +1 -0
package/dist/{adapters → src/framework/adapters}/localStorage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/localStorage.js +10 -10
package/dist/src/framework/adapters/memoryStorage.d.ts +2 -0
package/dist/src/framework/adapters/memoryStorage.js +45 -0
package/dist/{adapters → src/framework/adapters}/s3Storage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/s3Storage.js +12 -12
package/dist/src/framework/admin/bunshotAccess.d.ts +2 -0
package/dist/src/framework/admin/bunshotAccess.js +23 -0
package/dist/src/framework/admin/bunshotUsers.d.ts +2 -0
package/dist/src/framework/admin/bunshotUsers.js +103 -0
package/dist/src/framework/admin/index.d.ts +7 -0
package/dist/src/framework/admin/index.js +21 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.d.ts +13 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.js +86 -0
package/dist/src/framework/boundaryAdapters/index.d.ts +2 -0
package/dist/src/framework/boundaryAdapters/index.js +1 -0
package/dist/src/framework/boundaryAdapters.d.ts +17 -0
package/dist/src/framework/boundaryAdapters.js +62 -0
package/dist/src/framework/buildContext.d.ts +33 -0
package/dist/src/framework/buildContext.js +119 -0
package/dist/src/framework/config/schema.d.ts +447 -0
package/dist/src/framework/config/schema.js +528 -0
package/dist/src/framework/createInfrastructure.d.ts +76 -0
package/dist/src/framework/createInfrastructure.js +221 -0
package/dist/src/framework/lib/auditLog.d.ts +23 -0
package/dist/src/framework/lib/auditLog.js +416 -0
package/dist/src/framework/lib/captcha.d.ts +11 -0
package/dist/{lib → src/framework/lib}/captcha.js +13 -10
package/dist/{lib → src/framework/lib}/createDtoMapper.js +4 -4
package/dist/src/framework/lib/createRoute.d.ts +1 -0
package/dist/src/framework/lib/createRoute.js +2 -0
package/dist/{lib → src/framework/lib}/idempotency.d.ts +2 -6
package/dist/src/framework/lib/idempotency.js +74 -0
package/dist/src/framework/lib/logger.d.ts +3 -0
package/dist/src/framework/lib/logger.js +14 -0
package/dist/src/framework/lib/metrics.d.ts +34 -0
package/dist/{lib → src/framework/lib}/metrics.js +49 -57
package/dist/src/framework/lib/pagination.d.ts +42 -0
package/dist/src/framework/lib/pagination.js +51 -0
package/dist/src/framework/lib/redisTransport.d.ts +38 -0
package/dist/src/framework/lib/redisTransport.js +107 -0
package/dist/src/framework/lib/resolveUserId.d.ts +2 -0
package/dist/src/framework/lib/resolveUserId.js +5 -0
package/dist/src/framework/lib/sseCollision.d.ts +6 -0
package/dist/src/framework/lib/sseCollision.js +26 -0
package/dist/src/framework/lib/storageAdapter.d.ts +1 -0
package/dist/src/framework/lib/storageAdapter.js +1 -0
package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.js +4 -4
package/dist/src/framework/lib/tenant.d.ts +21 -0
package/dist/src/framework/lib/tenant.js +70 -0
package/dist/{lib → src/framework/lib}/upload.d.ts +11 -10
package/dist/src/framework/lib/upload.js +132 -0
package/dist/src/framework/lib/uploadRegistry.d.ts +23 -0
package/dist/src/framework/lib/uploadRegistry.js +34 -0
package/dist/{lib → src/framework/lib}/validate.d.ts +1 -1
package/dist/{lib → src/framework/lib}/validate.js +2 -2
package/dist/src/framework/lib/ws.d.ts +19 -0
package/dist/src/framework/lib/ws.js +130 -0
package/dist/src/framework/lib/wsHeartbeat.d.ts +12 -0
package/dist/src/framework/lib/wsHeartbeat.js +53 -0
package/dist/src/framework/lib/wsMessages.d.ts +25 -0
package/dist/src/framework/lib/wsMessages.js +45 -0
package/dist/src/framework/lib/wsNamespace.d.ts +17 -0
package/dist/src/framework/lib/wsNamespace.js +19 -0
package/dist/src/framework/lib/wsPresence.d.ts +17 -0
package/dist/src/framework/lib/wsPresence.js +84 -0
package/dist/src/framework/lib/wsTransport.d.ts +38 -0
package/dist/src/framework/lib/wsTransport.js +9 -0
package/dist/{lib → src/framework/lib}/zodToMongoose.d.ts +1 -1
package/dist/{lib → src/framework/lib}/zodToMongoose.js +11 -11
package/dist/{middleware → src/framework/middleware}/auditLog.d.ts +4 -3
package/dist/src/framework/middleware/auditLog.js +42 -0
package/dist/{middleware → src/framework/middleware}/botProtection.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/botProtection.js +8 -9
package/dist/src/framework/middleware/cacheResponse.d.ts +35 -0
package/dist/src/framework/middleware/cacheResponse.js +126 -0
package/dist/{middleware → src/framework/middleware}/captcha.d.ts +2 -3
package/dist/src/framework/middleware/captcha.js +37 -0
package/dist/{middleware → src/framework/middleware}/errorHandler.d.ts +1 -1
package/dist/{middleware → src/framework/middleware}/errorHandler.js +2 -2
package/dist/src/framework/middleware/index.js +1 -0
package/dist/{middleware → src/framework/middleware}/logger.d.ts +1 -1
package/dist/src/framework/middleware/metrics.d.ts +12 -0
package/dist/src/framework/middleware/metrics.js +26 -0
package/dist/{middleware → src/framework/middleware}/rateLimit.d.ts +2 -2
package/dist/src/framework/middleware/rateLimit.js +22 -0
package/dist/src/framework/middleware/requestId.d.ts +3 -0
package/dist/{middleware → src/framework/middleware}/requestId.js +2 -2
package/dist/{middleware → src/framework/middleware}/requestLogger.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/requestLogger.js +17 -12
package/dist/{middleware → src/framework/middleware}/requestSigning.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/requestSigning.js +18 -20
package/dist/src/framework/middleware/tenant.d.ts +14 -0
package/dist/{middleware → src/framework/middleware}/tenant.js +31 -27
package/dist/src/framework/middleware/upload.d.ts +5 -0
package/dist/{middleware → src/framework/middleware}/upload.js +4 -4
package/dist/{middleware → src/framework/middleware}/webhookAuth.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/webhookAuth.js +11 -12
package/dist/src/framework/models/AuditLog.d.ts +21 -0
package/dist/src/framework/models/AuditLog.js +31 -0
package/dist/src/framework/mountMiddleware.d.ts +91 -0
package/dist/src/framework/mountMiddleware.js +128 -0
package/dist/src/framework/mountOptionalEndpoints.d.ts +103 -0
package/dist/src/framework/mountOptionalEndpoints.js +47 -0
package/dist/src/framework/mountRoutes.d.ts +21 -0
package/dist/src/framework/mountRoutes.js +144 -0
package/dist/src/framework/persistence/cronRegistry.d.ts +28 -0
package/dist/src/framework/persistence/cronRegistry.js +139 -0
package/dist/src/framework/persistence/idempotency.d.ts +26 -0
package/dist/src/framework/persistence/idempotency.js +178 -0
package/dist/src/framework/persistence/index.d.ts +6 -0
package/dist/src/framework/persistence/index.js +8 -0
package/dist/src/framework/persistence/storeInfra.d.ts +9 -0
package/dist/src/framework/persistence/storeInfra.js +1 -0
package/dist/src/framework/persistence/uploadRegistry.d.ts +35 -0
package/dist/src/framework/persistence/uploadRegistry.js +235 -0
package/dist/src/framework/persistence/wsMessages.d.ts +22 -0
package/dist/src/framework/persistence/wsMessages.js +296 -0
package/dist/src/framework/preloadSchemas.d.ts +24 -0
package/dist/src/framework/preloadSchemas.js +42 -0
package/dist/src/framework/registerBoundaryAdapters.d.ts +23 -0
package/dist/src/framework/registerBoundaryAdapters.js +46 -0
package/dist/src/framework/routes/admin.d.ts +9 -0
package/dist/src/framework/routes/admin.js +361 -0
package/dist/src/framework/routes/health.d.ts +1 -0
package/dist/src/framework/routes/health.js +21 -0
package/dist/src/framework/routes/home.d.ts +1 -0
package/dist/src/framework/routes/home.js +18 -0
package/dist/src/framework/routes/jobs.d.ts +3 -0
package/dist/{routes → src/framework/routes}/jobs.js +128 -103
package/dist/src/framework/routes/metrics.d.ts +10 -0
package/dist/src/framework/routes/metrics.js +57 -0
package/dist/{routes → src/framework/routes}/uploads.d.ts +3 -3
package/dist/src/framework/routes/uploads.js +262 -0
package/dist/src/framework/runPluginLifecycle.d.ts +27 -0
package/dist/src/framework/runPluginLifecycle.js +121 -0
package/dist/src/framework/secrets/frameworkSecretSchema.d.ts +58 -0
package/dist/src/framework/secrets/frameworkSecretSchema.js +20 -0
package/dist/src/framework/secrets/index.d.ts +9 -0
package/dist/src/framework/secrets/index.js +7 -0
package/dist/src/framework/secrets/providers/envProvider.d.ts +15 -0
package/dist/src/framework/secrets/providers/envProvider.js +18 -0
package/dist/src/framework/secrets/providers/fileProvider.d.ts +8 -0
package/dist/src/framework/secrets/providers/fileProvider.js +82 -0
package/dist/src/framework/secrets/providers/ssmProvider.d.ts +20 -0
package/dist/src/framework/secrets/providers/ssmProvider.js +127 -0
package/dist/src/framework/secrets/resolveSecretBundle.d.ts +53 -0
package/dist/src/framework/secrets/resolveSecretBundle.js +84 -0
package/dist/src/framework/secrets/resolveSecrets.d.ts +18 -0
package/dist/src/framework/secrets/resolveSecrets.js +34 -0
package/dist/src/framework/sse/index.d.ts +21 -0
package/dist/src/framework/sse/index.js +109 -0
package/dist/src/framework/ws/index.d.ts +11 -0
package/dist/src/framework/ws/index.js +8 -0
package/dist/src/index.d.ts +87 -0
package/dist/src/index.js +58 -0
package/dist/src/lib/appConfig.d.ts +7 -0
package/dist/src/lib/appConfig.js +27 -0
package/dist/src/lib/appMeta.d.ts +7 -0
package/dist/src/lib/appMeta.js +3 -0
package/dist/src/lib/authConfig.d.ts +532 -0
package/dist/{lib/appConfig.js → src/lib/authConfig.js} +75 -17
package/dist/{lib → src/lib}/context.d.ts +6 -12
package/dist/{lib → src/lib}/context.js +5 -5
package/dist/src/lib/logger.d.ts +1 -0
package/dist/src/lib/logger.js +1 -0
package/dist/src/lib/mongo.d.ts +58 -0
package/dist/src/lib/mongo.js +96 -0
package/dist/src/lib/queue.d.ts +72 -0
package/dist/src/lib/queue.js +152 -0
package/dist/src/lib/redis.d.ts +28 -0
package/dist/src/lib/redis.js +72 -0
package/dist/{lib → src/lib}/signing.d.ts +2 -2
package/dist/src/lib/signing.js +210 -0
package/dist/src/lib/signingConfig.d.ts +40 -0
package/dist/src/lib/signingConfig.js +28 -0
package/dist/src/server.d.ts +146 -0
package/dist/src/server.js +469 -0
package/dist/src/shared/lib/HttpError.d.ts +1 -0
package/dist/src/shared/lib/HttpError.js +2 -0
package/dist/src/shared/lib/constants.d.ts +10 -0
package/dist/src/shared/lib/crypto.d.ts +43 -0
package/dist/src/shared/lib/crypto.js +74 -0
package/dist/src/shared/lib/signing.d.ts +52 -0
package/dist/{lib → src/shared/lib}/signing.js +35 -8
package/dist/src/testing.d.ts +34 -0
package/dist/src/testing.js +93 -0
package/package.json +60 -24
package/dist/adapters/memoryAuth.d.ts +0 -52
package/dist/adapters/memoryAuth.js +0 -749
package/dist/adapters/memoryStorage.d.ts +0 -3
package/dist/adapters/memoryStorage.js +0 -44
package/dist/adapters/mongoAuth.d.ts +0 -2
package/dist/adapters/mongoAuth.js +0 -403
package/dist/adapters/sqliteAuth.d.ts +0 -72
package/dist/adapters/sqliteAuth.js +0 -858
package/dist/app.d.ts +0 -559
package/dist/app.js +0 -651
package/dist/entrypoints/mongo.d.ts +0 -5
package/dist/entrypoints/mongo.js +0 -4
package/dist/entrypoints/queue.d.ts +0 -2
package/dist/entrypoints/queue.js +0 -1
package/dist/entrypoints/redis.d.ts +0 -1
package/dist/entrypoints/redis.js +0 -1
package/dist/index.d.ts +0 -117
package/dist/index.js +0 -88
package/dist/lib/appConfig.d.ts +0 -275
package/dist/lib/auditLog.d.ts +0 -58
package/dist/lib/auditLog.js +0 -218
package/dist/lib/authAdapter.d.ts +0 -246
package/dist/lib/authAdapter.js +0 -7
package/dist/lib/authRateLimit.d.ts +0 -13
package/dist/lib/authRateLimit.js +0 -117
package/dist/lib/clientIp.d.ts +0 -14
package/dist/lib/credentialStuffing.d.ts +0 -31
package/dist/lib/credentialStuffing.js +0 -77
package/dist/lib/crypto.d.ts +0 -11
package/dist/lib/crypto.js +0 -22
package/dist/lib/deletionCancelToken.d.ts +0 -12
package/dist/lib/deletionCancelToken.js +0 -88
package/dist/lib/emailVerification.d.ts +0 -19
package/dist/lib/emailVerification.js +0 -129
package/dist/lib/fingerprint.js +0 -36
package/dist/lib/idempotency.js +0 -182
package/dist/lib/jwks.d.ts +0 -25
package/dist/lib/jwks.js +0 -51
package/dist/lib/jwt.d.ts +0 -15
package/dist/lib/jwt.js +0 -111
package/dist/lib/metrics.d.ts +0 -14
package/dist/lib/mfaChallenge.d.ts +0 -55
package/dist/lib/mfaChallenge.js +0 -398
package/dist/lib/mongo.d.ts +0 -39
package/dist/lib/mongo.js +0 -124
package/dist/lib/oauth.d.ts +0 -40
package/dist/lib/oauth.js +0 -101
package/dist/lib/oauthCode.d.ts +0 -15
package/dist/lib/oauthCode.js +0 -95
package/dist/lib/pagination.d.ts +0 -119
package/dist/lib/pagination.js +0 -166
package/dist/lib/queue.d.ts +0 -37
package/dist/lib/queue.js +0 -117
package/dist/lib/redis.d.ts +0 -9
package/dist/lib/redis.js +0 -61
package/dist/lib/resetPassword.d.ts +0 -12
package/dist/lib/resetPassword.js +0 -93
package/dist/lib/roles.d.ts +0 -7
package/dist/lib/roles.js +0 -49
package/dist/lib/saml.d.ts +0 -25
package/dist/lib/saml.js +0 -64
package/dist/lib/securityEvents.d.ts +0 -28
package/dist/lib/securityEvents.js +0 -26
package/dist/lib/session.d.ts +0 -49
package/dist/lib/session.js +0 -597
package/dist/lib/tenant.d.ts +0 -15
package/dist/lib/tenant.js +0 -65
package/dist/lib/upload.js +0 -112
package/dist/lib/uploadRegistry.d.ts +0 -18
package/dist/lib/uploadRegistry.js +0 -83
package/dist/lib/ws.d.ts +0 -22
package/dist/lib/ws.js +0 -96
package/dist/lib/wsHeartbeat.d.ts +0 -12
package/dist/lib/wsHeartbeat.js +0 -57
package/dist/lib/wsMessages.d.ts +0 -40
package/dist/lib/wsMessages.js +0 -330
package/dist/lib/wsPresence.d.ts +0 -25
package/dist/lib/wsPresence.js +0 -99
package/dist/middleware/auditLog.js +0 -39
package/dist/middleware/bearerAuth.d.ts +0 -2
package/dist/middleware/bearerAuth.js +0 -11
package/dist/middleware/cacheResponse.d.ts +0 -15
package/dist/middleware/cacheResponse.js +0 -178
package/dist/middleware/captcha.js +0 -36
package/dist/middleware/csrf.js +0 -129
package/dist/middleware/identify.d.ts +0 -3
package/dist/middleware/identify.js +0 -122
package/dist/middleware/index.js +0 -1
package/dist/middleware/metrics.d.ts +0 -9
package/dist/middleware/metrics.js +0 -26
package/dist/middleware/rateLimit.js +0 -22
package/dist/middleware/requestId.d.ts +0 -3
package/dist/middleware/scimAuth.d.ts +0 -8
package/dist/middleware/scimAuth.js +0 -29
package/dist/middleware/tenant.d.ts +0 -5
package/dist/middleware/upload.d.ts +0 -5
package/dist/middleware/userAuth.d.ts +0 -3
package/dist/middleware/userAuth.js +0 -6
package/dist/models/AuditLog.d.ts +0 -30
package/dist/models/AuditLog.js +0 -39
package/dist/models/AuthUser.js +0 -55
package/dist/models/Group.d.ts +0 -21
package/dist/models/Group.js +0 -28
package/dist/models/GroupMembership.js +0 -25
package/dist/models/TenantRole.d.ts +0 -15
package/dist/models/TenantRole.js +0 -23
package/dist/routes/auth.d.ts +0 -12
package/dist/routes/auth.js +0 -744
package/dist/routes/groups.js +0 -346
package/dist/routes/health.d.ts +0 -1
package/dist/routes/health.js +0 -22
package/dist/routes/home.d.ts +0 -1
package/dist/routes/home.js +0 -16
package/dist/routes/jobs.d.ts +0 -2
package/dist/routes/m2m.d.ts +0 -2
package/dist/routes/m2m.js +0 -72
package/dist/routes/metrics.d.ts +0 -8
package/dist/routes/metrics.js +0 -55
package/dist/routes/mfa.d.ts +0 -5
package/dist/routes/mfa.js +0 -628
package/dist/routes/oauth.d.ts +0 -2
package/dist/routes/oauth.js +0 -520
package/dist/routes/oidc.d.ts +0 -2
package/dist/routes/oidc.js +0 -29
package/dist/routes/passkey.d.ts +0 -1
package/dist/routes/passkey.js +0 -157
package/dist/routes/saml.d.ts +0 -2
package/dist/routes/saml.js +0 -86
package/dist/routes/scim.d.ts +0 -2
package/dist/routes/scim.js +0 -255
package/dist/routes/uploads.js +0 -227
package/dist/schemas/auth.js +0 -30
package/dist/server.d.ts +0 -57
package/dist/server.js +0 -112
package/dist/services/auth.d.ts +0 -29
package/dist/services/auth.js +0 -238
package/dist/ws/index.d.ts +0 -10
package/dist/ws/index.js +0 -39
package/docs/sections/adding-middleware/full.md +0 -35
package/docs/sections/adding-models/full.md +0 -125
package/docs/sections/adding-models/overview.md +0 -13
package/docs/sections/adding-routes/full.md +0 -182
package/docs/sections/adding-routes/overview.md +0 -23
package/docs/sections/auth-flow/full.md +0 -790
package/docs/sections/auth-flow/overview.md +0 -10
package/docs/sections/auth-security-examples/full.md +0 -388
package/docs/sections/authentication/full.md +0 -130
package/docs/sections/authentication/overview.md +0 -5
package/docs/sections/cli/full.md +0 -42
package/docs/sections/configuration/full.md +0 -172
package/docs/sections/configuration/overview.md +0 -18
package/docs/sections/configuration-example/full.md +0 -117
package/docs/sections/configuration-example/overview.md +0 -30
package/docs/sections/documentation/full.md +0 -171
package/docs/sections/environment-variables/full.md +0 -55
package/docs/sections/exports/full.md +0 -123
package/docs/sections/extending-context/full.md +0 -59
package/docs/sections/header.md +0 -3
package/docs/sections/installation/full.md +0 -6
package/docs/sections/jobs/full.md +0 -140
package/docs/sections/jobs/overview.md +0 -15
package/docs/sections/logging/full.md +0 -83
package/docs/sections/metrics/full.md +0 -131
package/docs/sections/mongodb-connections/full.md +0 -45
package/docs/sections/mongodb-connections/overview.md +0 -7
package/docs/sections/multi-tenancy/full.md +0 -66
package/docs/sections/multi-tenancy/overview.md +0 -15
package/docs/sections/oauth/full.md +0 -189
package/docs/sections/oauth/overview.md +0 -16
package/docs/sections/package-development/full.md +0 -7
package/docs/sections/pagination/full.md +0 -93
package/docs/sections/passkey-login/full.md +0 -90
package/docs/sections/passkey-login/overview.md +0 -1
package/docs/sections/peer-dependencies/full.md +0 -47
package/docs/sections/quick-start/full.md +0 -43
package/docs/sections/response-caching/full.md +0 -117
package/docs/sections/response-caching/overview.md +0 -13
package/docs/sections/roles/full.md +0 -225
package/docs/sections/roles/overview.md +0 -14
package/docs/sections/running-without-redis/full.md +0 -16
package/docs/sections/running-without-redis-or-mongodb/full.md +0 -60
package/docs/sections/signing/full.md +0 -203
package/docs/sections/stack/full.md +0 -10
package/docs/sections/uploads/full.md +0 -208
package/docs/sections/versioning/full.md +0 -85
package/docs/sections/webhook-auth/full.md +0 -100
package/docs/sections/websocket/full.md +0 -196
package/docs/sections/websocket/overview.md +0 -5
package/docs/sections/websocket-rooms/full.md +0 -102
package/docs/sections/websocket-rooms/overview.md +0 -5
/package/dist/{lib/storageAdapter.js → packages/bunshot-admin/src/types/env.js} +0 -0
/package/dist/{lib → packages/bunshot-auth/src/lib}/fingerprint.d.ts +0 -0
/package/dist/{lib → packages/bunshot-auth/src/lib}/logger.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/constants.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/storageAdapter.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/createDtoMapper.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.js +0 -0
/package/dist/{middleware → src/framework/middleware}/index.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/logger.js +0 -0
/package/dist/{lib → src/shared/lib}/constants.js +0 -0

package/dist/src/framework/buildContext.js ADDED Viewed

@@ -0,0 +1,119 @@
+import { closeMetricsQueues, resetMetrics } from './lib/metrics';
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+async function clearIfPresent(value) {
+    const clear = value?.clear;
+    if (typeof clear === 'function') {
+        await clear.call(value);
+    }
+}
+/**
+ * Apply the drain() snapshot to the context after all plugin phases complete.
+ * Replaces the mutable cast pattern in createApp() — single internal mutation point.
+ */
+export function finalizeContext(ctx, snapshot) {
+    const mutable = ctx;
+    mutable.routeAuth = snapshot.routeAuth;
+    mutable.userResolver = snapshot.userResolver;
+    mutable.rateLimitAdapter = snapshot.rateLimitAdapter;
+    mutable.fingerprintBuilder = snapshot.fingerprintBuilder;
+    mutable.cacheAdapters.clear();
+    for (const [store, adapter] of snapshot.cacheAdapters) {
+        mutable.cacheAdapters.set(store, adapter);
+    }
+    mutable.emailTemplates.clear();
+    for (const [name, template] of snapshot.emailTemplates) {
+        mutable.emailTemplates.set(name, template);
+    }
+}
+export function buildContext(params) {
+    const { app, appName, infra, signing, captcha, upload, metricsState, plugins, bus, secretBundle, } = params;
+    const { sessions, oauthState, cache, authStore, sqlite } = infra.resolvedStores;
+    return {
+        app,
+        config: Object.freeze({
+            appName,
+            resolvedStores: Object.freeze({ sessions, oauthState, cache, authStore, sqlite }),
+            security: Object.freeze({ cors: infra.corsOrigins }),
+            signing: signing ?? null,
+            dataEncryptionKeys: Object.freeze([...infra.dataEncryptionKeys]),
+            redis: infra.redis ?? undefined,
+            mongo: infra.mongo ? { auth: infra.mongo.auth, app: infra.mongo.app } : undefined,
+            captcha: captcha ?? null,
+        }),
+        redis: infra.redis ?? null,
+        mongo: infra.mongo ? { auth: infra.mongo.auth ?? null, app: infra.mongo.app ?? null } : null,
+        sqlite: sqlite ?? null,
+        signing: signing ?? null,
+        dataEncryptionKeys: Object.freeze([...infra.dataEncryptionKeys]),
+        ws: null,
+        persistence: infra.persistence,
+        pluginState: new Map(),
+        plugins: Object.freeze([...plugins]),
+        bus,
+        routeAuth: null,
+        userResolver: null,
+        rateLimitAdapter: null,
+        fingerprintBuilder: null,
+        cacheAdapters: new Map(),
+        emailTemplates: new Map(),
+        trustProxy: infra.frameworkConfig.trustProxy,
+        upload: upload
+            ? {
+                adapter: upload.storage,
+                config: Object.freeze({
+                    maxFileSize: upload.maxFileSize,
+                    maxFiles: upload.maxFiles,
+                    allowedMimeTypes: upload.allowedMimeTypes,
+                    keyPrefix: upload.keyPrefix,
+                    generateKey: upload.generateKey,
+                    tenantScopedKeys: upload.tenantScopedKeys,
+                }),
+            }
+            : null,
+        metrics: metricsState,
+        secrets: secretBundle.provider,
+        resolvedSecrets: secretBundle.merged,
+        async clear() {
+            resetMetrics(this.metrics);
+            await clearIfPresent(this.persistence.idempotency);
+            await clearIfPresent(this.persistence.uploadRegistry);
+            await clearIfPresent(this.persistence.wsMessages);
+            if (this.ws) {
+                this.ws.roomRegistry.clear();
+                this.ws.heartbeatSockets.clear();
+                this.ws.heartbeatEndpointConfigs.clear();
+                this.ws.socketUsers.clear();
+                this.ws.roomPresence.clear();
+                if (this.ws.heartbeatTimer) {
+                    clearInterval(this.ws.heartbeatTimer);
+                    this.ws.heartbeatTimer = null;
+                }
+            }
+        },
+        async destroy() {
+            await this.clear();
+            await closeMetricsQueues(this.metrics);
+            if (infra.redisEnabled && infra.redis) {
+                try {
+                    const { disconnectRedis } = await import('../lib/redis');
+                    await disconnectRedis(infra.redis);
+                }
+                catch {
+                    /* best-effort */
+                }
+            }
+            if (infra.mongoMode !== false && infra.mongo) {
+                try {
+                    const { disconnectMongo } = await import('../lib/mongo');
+                    await disconnectMongo(infra.mongo.auth, infra.mongo.app);
+                }
+                catch {
+                    /* best-effort */
+                }
+            }
+            await secretBundle.provider.destroy?.();
+        },
+    };
+}

package/dist/src/framework/config/schema.d.ts ADDED Viewed

@@ -0,0 +1,447 @@
+/**
+ * Zod schemas for full-depth config validation.
+ *
+ * These schemas validate the complete shape of CreateAppConfig and
+ * CreateServerConfig at startup — catching typos, wrong types, and structural
+ * errors at every nesting level. Type mismatches always throw.
+ * Unknown keys throw in production, warn in development.
+ */
+import { z } from 'zod';
+export declare const appConfigSchema: z.ZodObject<{
+    routesDir: z.ZodString;
+    modelSchemas: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>, z.ZodObject<{
+        paths: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
+        registration: z.ZodOptional<z.ZodEnum<{
+            explicit: "explicit";
+            auto: "auto";
+        }>>;
+    }, z.core.$loose>]>>;
+    app: z.ZodOptional<z.ZodObject<{
+        name: z.ZodOptional<z.ZodString>;
+        version: z.ZodOptional<z.ZodString>;
+    }, z.core.$loose>>;
+    security: z.ZodOptional<z.ZodObject<{
+        cors: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>, z.ZodObject<{
+            origin: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
+            credentials: z.ZodOptional<z.ZodBoolean>;
+            allowHeaders: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            exposeHeaders: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            maxAge: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$loose>]>>;
+        headers: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodRecord<z.ZodString, z.ZodUnknown>]>>;
+        rateLimit: z.ZodOptional<z.ZodUnion<readonly [z.ZodObject<{
+            windowMs: z.ZodOptional<z.ZodNumber>;
+            max: z.ZodOptional<z.ZodNumber>;
+            message: z.ZodOptional<z.ZodString>;
+            standardHeaders: z.ZodOptional<z.ZodBoolean>;
+            keyGenerator: z.ZodOptional<z.ZodCustom<Function, Function>>;
+            skip: z.ZodOptional<z.ZodCustom<Function, Function>>;
+            handler: z.ZodOptional<z.ZodCustom<Function, Function>>;
+        }, z.core.$loose>, z.ZodLiteral<false>]>>;
+        botProtection: z.ZodOptional<z.ZodUnion<readonly [z.ZodObject<{
+            blockList: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            fingerprintRateLimit: z.ZodOptional<z.ZodBoolean>;
+        }, z.core.$loose>, z.ZodLiteral<false>]>>;
+        trustProxy: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<false>, z.ZodNumber]>>;
+        signing: z.ZodOptional<z.ZodObject<{
+            secret: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
+            cookies: z.ZodOptional<z.ZodBoolean>;
+            cursors: z.ZodOptional<z.ZodBoolean>;
+            presignedUrls: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
+                defaultExpiry: z.ZodOptional<z.ZodNumber>;
+            }, z.core.$loose>]>>;
+            requestSigning: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
+                tolerance: z.ZodOptional<z.ZodNumber>;
+                header: z.ZodOptional<z.ZodString>;
+                timestampHeader: z.ZodOptional<z.ZodString>;
+            }, z.core.$loose>]>>;
+            idempotencyKeys: z.ZodOptional<z.ZodBoolean>;
+            sessionBinding: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
+                fields: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+                    ip: "ip";
+                    ua: "ua";
+                    "accept-language": "accept-language";
+                }>>>;
+                onMismatch: z.ZodOptional<z.ZodEnum<{
+                    unauthenticate: "unauthenticate";
+                    reject: "reject";
+                    "log-only": "log-only";
+                }>>;
+            }, z.core.$loose>]>>;
+        }, z.core.$loose>>;
+        captcha: z.ZodOptional<z.ZodUnion<readonly [z.ZodObject<{
+            provider: z.ZodString;
+            secretKey: z.ZodString;
+            minScore: z.ZodOptional<z.ZodNumber>;
+            tokenField: z.ZodOptional<z.ZodString>;
+            adaptive: z.ZodOptional<z.ZodBoolean>;
+            adaptiveThreshold: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$loose>, z.ZodLiteral<false>]>>;
+    }, z.core.$loose>>;
+    middleware: z.ZodOptional<z.ZodArray<z.ZodUnknown>>;
+    db: z.ZodOptional<z.ZodObject<{
+        sqlite: z.ZodOptional<z.ZodString>;
+        mongo: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+            single: "single";
+            separate: "separate";
+        }>, z.ZodLiteral<false>]>>;
+        redis: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString, z.ZodObject<{
+            url: z.ZodOptional<z.ZodString>;
+            maxRetriesPerRequest: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$loose>]>>;
+        sessions: z.ZodOptional<z.ZodEnum<{
+            redis: "redis";
+            mongo: "mongo";
+            sqlite: "sqlite";
+            memory: "memory";
+        }>>;
+        oauthState: z.ZodOptional<z.ZodEnum<{
+            redis: "redis";
+            mongo: "mongo";
+            sqlite: "sqlite";
+            memory: "memory";
+        }>>;
+        cache: z.ZodOptional<z.ZodEnum<{
+            redis: "redis";
+            mongo: "mongo";
+            sqlite: "sqlite";
+            memory: "memory";
+        }>>;
+        auth: z.ZodOptional<z.ZodEnum<{
+            mongo: "mongo";
+            sqlite: "sqlite";
+            memory: "memory";
+        }>>;
+    }, z.core.$loose>>;
+    jobs: z.ZodOptional<z.ZodObject<{
+        statusEndpoint: z.ZodOptional<z.ZodBoolean>;
+        auth: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+            none: "none";
+            userAuth: "userAuth";
+        }>, z.ZodArray<z.ZodUnknown>]>>;
+        roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        allowedQueues: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        scopeToUser: z.ZodOptional<z.ZodBoolean>;
+        unsafePublic: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$loose>>;
+    tenancy: z.ZodOptional<z.ZodObject<{
+        resolution: z.ZodEnum<{
+            header: "header";
+            path: "path";
+            subdomain: "subdomain";
+        }>;
+        headerName: z.ZodOptional<z.ZodString>;
+        pathSegment: z.ZodOptional<z.ZodNumber>;
+        onResolve: z.ZodOptional<z.ZodCustom<Function, Function>>;
+        cacheTtlMs: z.ZodOptional<z.ZodNumber>;
+        cacheMaxSize: z.ZodOptional<z.ZodNumber>;
+        exemptPaths: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        rejectionStatus: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$loose>>;
+    logging: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodOptional<z.ZodBoolean>;
+        onLog: z.ZodOptional<z.ZodCustom<Function, Function>>;
+        level: z.ZodOptional<z.ZodEnum<{
+            error: "error";
+            debug: "debug";
+            info: "info";
+            warn: "warn";
+        }>>;
+        excludePaths: z.ZodOptional<z.ZodArray<z.ZodUnion<readonly [z.ZodString, z.ZodCustom<RegExp, RegExp>]>>>;
+        excludeMethods: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    }, z.core.$loose>>;
+    metrics: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodOptional<z.ZodBoolean>;
+        auth: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+            none: "none";
+            userAuth: "userAuth";
+        }>, z.ZodArray<z.ZodUnknown>]>>;
+        excludePaths: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        normalizePath: z.ZodOptional<z.ZodCustom<Function, Function>>;
+        queues: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        unsafePublic: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$loose>>;
+    validation: z.ZodOptional<z.ZodObject<{
+        formatError: z.ZodOptional<z.ZodCustom<Function, Function>>;
+    }, z.core.$loose>>;
+    upload: z.ZodOptional<z.ZodObject<{
+        storage: z.ZodAny;
+        maxFileSize: z.ZodOptional<z.ZodNumber>;
+        maxFiles: z.ZodOptional<z.ZodNumber>;
+        allowedMimeTypes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        keyPrefix: z.ZodOptional<z.ZodString>;
+        generateKey: z.ZodOptional<z.ZodCustom<Function, Function>>;
+        tenantScopedKeys: z.ZodOptional<z.ZodBoolean>;
+        presignedUrls: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
+            expirySeconds: z.ZodOptional<z.ZodNumber>;
+            path: z.ZodOptional<z.ZodString>;
+        }, z.core.$loose>]>>;
+        authorization: z.ZodOptional<z.ZodObject<{
+            authorize: z.ZodOptional<z.ZodCustom<Function, Function>>;
+        }, z.core.$loose>>;
+        allowExternalKeys: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$loose>>;
+    versioning: z.ZodOptional<z.ZodUnion<readonly [z.ZodObject<{
+        versions: z.ZodArray<z.ZodString>;
+        sharedDir: z.ZodOptional<z.ZodString>;
+        defaultVersion: z.ZodOptional<z.ZodString>;
+    }, z.core.$loose>, z.ZodArray<z.ZodString>]>>;
+    plugins: z.ZodOptional<z.ZodArray<z.ZodUnknown>>;
+    eventBus: z.ZodOptional<z.ZodUnknown>;
+    secrets: z.ZodOptional<z.ZodUnknown>;
+}, z.core.$loose>;
+export declare const serverConfigSchema: z.ZodObject<{
+    routesDir: z.ZodString;
+    modelSchemas: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>, z.ZodObject<{
+        paths: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
+        registration: z.ZodOptional<z.ZodEnum<{
+            explicit: "explicit";
+            auto: "auto";
+        }>>;
+    }, z.core.$loose>]>>;
+    app: z.ZodOptional<z.ZodObject<{
+        name: z.ZodOptional<z.ZodString>;
+        version: z.ZodOptional<z.ZodString>;
+    }, z.core.$loose>>;
+    security: z.ZodOptional<z.ZodObject<{
+        cors: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>, z.ZodObject<{
+            origin: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
+            credentials: z.ZodOptional<z.ZodBoolean>;
+            allowHeaders: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            exposeHeaders: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            maxAge: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$loose>]>>;
+        headers: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodRecord<z.ZodString, z.ZodUnknown>]>>;
+        rateLimit: z.ZodOptional<z.ZodUnion<readonly [z.ZodObject<{
+            windowMs: z.ZodOptional<z.ZodNumber>;
+            max: z.ZodOptional<z.ZodNumber>;
+            message: z.ZodOptional<z.ZodString>;
+            standardHeaders: z.ZodOptional<z.ZodBoolean>;
+            keyGenerator: z.ZodOptional<z.ZodCustom<Function, Function>>;
+            skip: z.ZodOptional<z.ZodCustom<Function, Function>>;
+            handler: z.ZodOptional<z.ZodCustom<Function, Function>>;
+        }, z.core.$loose>, z.ZodLiteral<false>]>>;
+        botProtection: z.ZodOptional<z.ZodUnion<readonly [z.ZodObject<{
+            blockList: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            fingerprintRateLimit: z.ZodOptional<z.ZodBoolean>;
+        }, z.core.$loose>, z.ZodLiteral<false>]>>;
+        trustProxy: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<false>, z.ZodNumber]>>;
+        signing: z.ZodOptional<z.ZodObject<{
+            secret: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
+            cookies: z.ZodOptional<z.ZodBoolean>;
+            cursors: z.ZodOptional<z.ZodBoolean>;
+            presignedUrls: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
+                defaultExpiry: z.ZodOptional<z.ZodNumber>;
+            }, z.core.$loose>]>>;
+            requestSigning: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
+                tolerance: z.ZodOptional<z.ZodNumber>;
+                header: z.ZodOptional<z.ZodString>;
+                timestampHeader: z.ZodOptional<z.ZodString>;
+            }, z.core.$loose>]>>;
+            idempotencyKeys: z.ZodOptional<z.ZodBoolean>;
+            sessionBinding: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
+                fields: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+                    ip: "ip";
+                    ua: "ua";
+                    "accept-language": "accept-language";
+                }>>>;
+                onMismatch: z.ZodOptional<z.ZodEnum<{
+                    unauthenticate: "unauthenticate";
+                    reject: "reject";
+                    "log-only": "log-only";
+                }>>;
+            }, z.core.$loose>]>>;
+        }, z.core.$loose>>;
+        captcha: z.ZodOptional<z.ZodUnion<readonly [z.ZodObject<{
+            provider: z.ZodString;
+            secretKey: z.ZodString;
+            minScore: z.ZodOptional<z.ZodNumber>;
+            tokenField: z.ZodOptional<z.ZodString>;
+            adaptive: z.ZodOptional<z.ZodBoolean>;
+            adaptiveThreshold: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$loose>, z.ZodLiteral<false>]>>;
+    }, z.core.$loose>>;
+    middleware: z.ZodOptional<z.ZodArray<z.ZodUnknown>>;
+    db: z.ZodOptional<z.ZodObject<{
+        sqlite: z.ZodOptional<z.ZodString>;
+        mongo: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+            single: "single";
+            separate: "separate";
+        }>, z.ZodLiteral<false>]>>;
+        redis: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodString, z.ZodObject<{
+            url: z.ZodOptional<z.ZodString>;
+            maxRetriesPerRequest: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$loose>]>>;
+        sessions: z.ZodOptional<z.ZodEnum<{
+            redis: "redis";
+            mongo: "mongo";
+            sqlite: "sqlite";
+            memory: "memory";
+        }>>;
+        oauthState: z.ZodOptional<z.ZodEnum<{
+            redis: "redis";
+            mongo: "mongo";
+            sqlite: "sqlite";
+            memory: "memory";
+        }>>;
+        cache: z.ZodOptional<z.ZodEnum<{
+            redis: "redis";
+            mongo: "mongo";
+            sqlite: "sqlite";
+            memory: "memory";
+        }>>;
+        auth: z.ZodOptional<z.ZodEnum<{
+            mongo: "mongo";
+            sqlite: "sqlite";
+            memory: "memory";
+        }>>;
+    }, z.core.$loose>>;
+    jobs: z.ZodOptional<z.ZodObject<{
+        statusEndpoint: z.ZodOptional<z.ZodBoolean>;
+        auth: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+            none: "none";
+            userAuth: "userAuth";
+        }>, z.ZodArray<z.ZodUnknown>]>>;
+        roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        allowedQueues: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        scopeToUser: z.ZodOptional<z.ZodBoolean>;
+        unsafePublic: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$loose>>;
+    tenancy: z.ZodOptional<z.ZodObject<{
+        resolution: z.ZodEnum<{
+            header: "header";
+            path: "path";
+            subdomain: "subdomain";
+        }>;
+        headerName: z.ZodOptional<z.ZodString>;
+        pathSegment: z.ZodOptional<z.ZodNumber>;
+        onResolve: z.ZodOptional<z.ZodCustom<Function, Function>>;
+        cacheTtlMs: z.ZodOptional<z.ZodNumber>;
+        cacheMaxSize: z.ZodOptional<z.ZodNumber>;
+        exemptPaths: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        rejectionStatus: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$loose>>;
+    logging: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodOptional<z.ZodBoolean>;
+        onLog: z.ZodOptional<z.ZodCustom<Function, Function>>;
+        level: z.ZodOptional<z.ZodEnum<{
+            error: "error";
+            debug: "debug";
+            info: "info";
+            warn: "warn";
+        }>>;
+        excludePaths: z.ZodOptional<z.ZodArray<z.ZodUnion<readonly [z.ZodString, z.ZodCustom<RegExp, RegExp>]>>>;
+        excludeMethods: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    }, z.core.$loose>>;
+    metrics: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodOptional<z.ZodBoolean>;
+        auth: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+            none: "none";
+            userAuth: "userAuth";
+        }>, z.ZodArray<z.ZodUnknown>]>>;
+        excludePaths: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        normalizePath: z.ZodOptional<z.ZodCustom<Function, Function>>;
+        queues: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        unsafePublic: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$loose>>;
+    validation: z.ZodOptional<z.ZodObject<{
+        formatError: z.ZodOptional<z.ZodCustom<Function, Function>>;
+    }, z.core.$loose>>;
+    upload: z.ZodOptional<z.ZodObject<{
+        storage: z.ZodAny;
+        maxFileSize: z.ZodOptional<z.ZodNumber>;
+        maxFiles: z.ZodOptional<z.ZodNumber>;
+        allowedMimeTypes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        keyPrefix: z.ZodOptional<z.ZodString>;
+        generateKey: z.ZodOptional<z.ZodCustom<Function, Function>>;
+        tenantScopedKeys: z.ZodOptional<z.ZodBoolean>;
+        presignedUrls: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
+            expirySeconds: z.ZodOptional<z.ZodNumber>;
+            path: z.ZodOptional<z.ZodString>;
+        }, z.core.$loose>]>>;
+        authorization: z.ZodOptional<z.ZodObject<{
+            authorize: z.ZodOptional<z.ZodCustom<Function, Function>>;
+        }, z.core.$loose>>;
+        allowExternalKeys: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$loose>>;
+    versioning: z.ZodOptional<z.ZodUnion<readonly [z.ZodObject<{
+        versions: z.ZodArray<z.ZodString>;
+        sharedDir: z.ZodOptional<z.ZodString>;
+        defaultVersion: z.ZodOptional<z.ZodString>;
+    }, z.core.$loose>, z.ZodArray<z.ZodString>]>>;
+    plugins: z.ZodOptional<z.ZodArray<z.ZodUnknown>>;
+    eventBus: z.ZodOptional<z.ZodUnknown>;
+    secrets: z.ZodOptional<z.ZodUnknown>;
+    port: z.ZodOptional<z.ZodNumber>;
+    hostname: z.ZodOptional<z.ZodString>;
+    unix: z.ZodOptional<z.ZodString>;
+    tls: z.ZodOptional<z.ZodObject<{
+        key: z.ZodOptional<z.ZodAny>;
+        cert: z.ZodOptional<z.ZodAny>;
+        ca: z.ZodOptional<z.ZodAny>;
+        passphrase: z.ZodOptional<z.ZodString>;
+        serverName: z.ZodOptional<z.ZodString>;
+        dhParamsFile: z.ZodOptional<z.ZodString>;
+        lowMemoryMode: z.ZodOptional<z.ZodBoolean>;
+        secureOptions: z.ZodOptional<z.ZodNumber>;
+        rejectUnauthorized: z.ZodOptional<z.ZodBoolean>;
+        requestCert: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$loose>>;
+    workersDir: z.ZodOptional<z.ZodString>;
+    enableWorkers: z.ZodOptional<z.ZodBoolean>;
+    ws: z.ZodOptional<z.ZodObject<{
+        endpoints: z.ZodRecord<z.ZodString, z.ZodObject<{
+            upgrade: z.ZodOptional<z.ZodCustom<Function, Function>>;
+            on: z.ZodOptional<z.ZodObject<{
+                open: z.ZodOptional<z.ZodCustom<Function, Function>>;
+                message: z.ZodOptional<z.ZodCustom<Function, Function>>;
+                close: z.ZodOptional<z.ZodCustom<Function, Function>>;
+                drain: z.ZodOptional<z.ZodCustom<Function, Function>>;
+            }, z.core.$loose>>;
+            onRoomSubscribe: z.ZodOptional<z.ZodCustom<Function, Function>>;
+            maxMessageSize: z.ZodOptional<z.ZodNumber>;
+            heartbeat: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
+                intervalMs: z.ZodOptional<z.ZodNumber>;
+                timeoutMs: z.ZodOptional<z.ZodNumber>;
+            }, z.core.$loose>]>>;
+            presence: z.ZodOptional<z.ZodUnion<readonly [z.ZodBoolean, z.ZodObject<{
+                broadcastEvents: z.ZodOptional<z.ZodBoolean>;
+            }, z.core.$loose>]>>;
+            persistence: z.ZodOptional<z.ZodObject<{
+                store: z.ZodOptional<z.ZodAny>;
+                defaults: z.ZodOptional<z.ZodAny>;
+            }, z.core.$loose>>;
+        }, z.core.$loose>>;
+        transport: z.ZodOptional<z.ZodAny>;
+        idleTimeout: z.ZodOptional<z.ZodNumber>;
+        backpressureLimit: z.ZodOptional<z.ZodNumber>;
+        closeOnBackpressureLimit: z.ZodOptional<z.ZodBoolean>;
+        perMessageDeflate: z.ZodOptional<z.ZodBoolean>;
+        publishToSelf: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$loose>>;
+    sse: z.ZodOptional<z.ZodObject<{
+        endpoints: z.ZodRecord<z.ZodString, z.ZodObject<{
+            events: z.ZodArray<z.ZodString>;
+            upgrade: z.ZodOptional<z.ZodCustom<Function, Function>>;
+            filter: z.ZodOptional<z.ZodCustom<Function, Function>>;
+            heartbeat: z.ZodOptional<z.ZodUnion<readonly [z.ZodNumber, z.ZodLiteral<false>]>>;
+        }, z.core.$loose>>;
+    }, z.core.$loose>>;
+    maxRequestBodySize: z.ZodOptional<z.ZodNumber>;
+}, z.core.$loose>;
+export interface ConfigValidationResult {
+    /** Warnings for unknown keys (fatal in production, logged in development). */
+    warnings: string[];
+}
+/**
+ * Validate a CreateAppConfig at startup.
+ * - Throws on type mismatches or missing required fields.
+ * - Returns warnings for unknown keys at any depth.
+ */
+export declare function validateAppConfig(config: Record<string, unknown>): ConfigValidationResult;
+/**
+ * Validate a CreateServerConfig at startup.
+ * - Throws on type mismatches or missing required fields.
+ * - Returns warnings for unknown keys at any depth.
+ */
+export declare function validateServerConfig(config: Record<string, unknown>): ConfigValidationResult;