npm - @lastshotlabs/bunshot - Versions diffs - 0.0.27 → 0.0.28 - Mend

@lastshotlabs/bunshot 0.0.27 → 0.0.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (742) hide show

package/.oclif.manifest.json +39 -0
package/README.md +8282 -2147
package/dist/cli/commands/init.js +690 -0
package/dist/cli/index.js +6 -0
package/dist/cli.js +4 -4
package/dist/packages/bunshot-admin/src/index.d.ts +15 -0
package/dist/packages/bunshot-admin/src/index.js +11 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.d.ts +8 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.js +33 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.d.ts +14 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.js +17 -0
package/dist/packages/bunshot-admin/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-admin/src/plugin.js +46 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.d.ts +6 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.js +32 -0
package/dist/packages/bunshot-admin/src/routes/admin.d.ts +10 -0
package/dist/packages/bunshot-admin/src/routes/admin.js +923 -0
package/dist/packages/bunshot-admin/src/routes/mail.d.ts +6 -0
package/dist/packages/bunshot-admin/src/routes/mail.js +114 -0
package/dist/packages/bunshot-admin/src/routes/permissions.d.ts +8 -0
package/dist/packages/bunshot-admin/src/routes/permissions.js +315 -0
package/dist/packages/bunshot-admin/src/types/config.d.ts +16 -0
package/dist/packages/bunshot-admin/src/types/config.js +37 -0
package/dist/packages/bunshot-admin/src/types/env.d.ts +14 -0
package/dist/packages/bunshot-admin/src/types/provider.d.ts +1 -0
package/dist/packages/bunshot-admin/src/types/provider.js +4 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.d.ts +66 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.js +1063 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.d.ts +2 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.js +536 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.d.ts +88 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.js +1366 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.d.ts +2 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.js +23 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.d.ts +5 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.js +131 -0
package/dist/packages/bunshot-auth/src/bootstrap.d.ts +38 -0
package/dist/packages/bunshot-auth/src/bootstrap.js +384 -0
package/dist/packages/bunshot-auth/src/config/appConfig.d.ts +3 -0
package/dist/packages/bunshot-auth/src/config/appConfig.js +4 -0
package/dist/packages/bunshot-auth/src/config/authConfig.d.ts +478 -0
package/dist/packages/bunshot-auth/src/config/authConfig.js +46 -0
package/dist/packages/bunshot-auth/src/config/configLock.d.ts +2 -0
package/dist/packages/bunshot-auth/src/config/configLock.js +10 -0
package/dist/packages/bunshot-auth/src/index.d.ts +25 -0
package/dist/packages/bunshot-auth/src/index.js +23 -0
package/dist/packages/bunshot-auth/src/infra/mongo.d.ts +15 -0
package/dist/packages/bunshot-auth/src/infra/mongo.js +44 -0
package/dist/packages/bunshot-auth/src/infra/queue.d.ts +14 -0
package/dist/packages/bunshot-auth/src/infra/queue.js +27 -0
package/dist/packages/bunshot-auth/src/infra/redis.d.ts +5 -0
package/dist/packages/bunshot-auth/src/infra/redis.js +15 -0
package/dist/packages/bunshot-auth/src/infra/signing.d.ts +7 -0
package/dist/packages/bunshot-auth/src/infra/signing.js +8 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.d.ts +34 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.js +244 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authContext.d.ts +15 -0
package/dist/packages/bunshot-auth/src/lib/authContext.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.d.ts +4 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.js +15 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.js +205 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/breachedPassword.d.ts +8 -2
package/dist/{lib → packages/bunshot-auth/src/lib}/breachedPassword.js +22 -9
package/dist/packages/bunshot-auth/src/lib/cache.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/cache.js +120 -0
package/dist/packages/bunshot-auth/src/lib/clientIp.d.ts +4 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/clientIp.js +14 -7
package/dist/packages/bunshot-auth/src/lib/cookieOptions.d.ts +27 -0
package/dist/packages/bunshot-auth/src/lib/cookieOptions.js +33 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.d.ts +40 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.js +221 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.js +148 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.d.ts +23 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.js +265 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.d.ts +30 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.js +200 -0
package/dist/packages/bunshot-auth/src/lib/env.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/env.js +3 -0
package/dist/packages/bunshot-auth/src/lib/fingerprint.js +36 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.d.ts +15 -16
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.js +22 -34
package/dist/packages/bunshot-auth/src/lib/jwks.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/jwks.js +79 -0
package/dist/packages/bunshot-auth/src/lib/jwt.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/jwt.js +86 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/logger.js +3 -3
package/dist/{lib → packages/bunshot-auth/src/lib}/m2m.d.ts +5 -4
package/dist/{lib → packages/bunshot-auth/src/lib}/m2m.js +6 -10
package/dist/packages/bunshot-auth/src/lib/magicLink.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/magicLink.js +145 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.d.ts +60 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.js +419 -0
package/dist/packages/bunshot-auth/src/lib/oauth.d.ts +82 -0
package/dist/packages/bunshot-auth/src/lib/oauth.js +177 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.js +182 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.js +255 -0
package/dist/packages/bunshot-auth/src/lib/organization.d.ts +66 -0
package/dist/packages/bunshot-auth/src/lib/organization.js +225 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.js +31 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.d.ts +20 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.js +148 -0
package/dist/packages/bunshot-auth/src/lib/roles.d.ts +9 -0
package/dist/packages/bunshot-auth/src/lib/roles.js +93 -0
package/dist/packages/bunshot-auth/src/lib/saml.d.ts +29 -0
package/dist/packages/bunshot-auth/src/lib/saml.js +73 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.js +129 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/scim.d.ts +7 -7
package/dist/{lib → packages/bunshot-auth/src/lib}/scim.js +15 -13
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.d.ts +22 -0
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.js +65 -0
package/dist/packages/bunshot-auth/src/lib/session.d.ts +45 -0
package/dist/packages/bunshot-auth/src/lib/session.js +1211 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.d.ts +26 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.js +18 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/suspension.d.ts +3 -2
package/dist/{lib → packages/bunshot-auth/src/lib}/suspension.js +2 -5
package/dist/packages/bunshot-auth/src/lib/validateAdapter.d.ts +16 -0
package/dist/packages/bunshot-auth/src/lib/validateAdapter.js +161 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.js +58 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/csrf.d.ts +5 -4
package/dist/packages/bunshot-auth/src/middleware/csrf.js +138 -0
package/dist/packages/bunshot-auth/src/middleware/identify.d.ts +4 -0
package/dist/packages/bunshot-auth/src/middleware/identify.js +124 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.js +10 -8
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.js +20 -16
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireScope.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireScope.js +6 -6
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireStepUp.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireStepUp.js +8 -7
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.js +7 -6
package/dist/packages/bunshot-auth/src/middleware/scimAuth.d.ts +8 -0
package/dist/packages/bunshot-auth/src/middleware/scimAuth.js +29 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.js +6 -0
package/dist/{models → packages/bunshot-auth/src/models}/AuthUser.d.ts +12 -8
package/dist/packages/bunshot-auth/src/models/AuthUser.js +53 -0
package/dist/packages/bunshot-auth/src/models/Group.d.ts +19 -0
package/dist/packages/bunshot-auth/src/models/Group.js +22 -0
package/dist/{models → packages/bunshot-auth/src/models}/GroupMembership.d.ts +6 -8
package/dist/packages/bunshot-auth/src/models/GroupMembership.js +19 -0
package/dist/{models → packages/bunshot-auth/src/models}/M2MClient.d.ts +1 -1
package/dist/{models → packages/bunshot-auth/src/models}/M2MClient.js +5 -5
package/dist/packages/bunshot-auth/src/models/TenantRole.d.ts +13 -0
package/dist/packages/bunshot-auth/src/models/TenantRole.js +17 -0
package/dist/packages/bunshot-auth/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-auth/src/plugin.js +274 -0
package/dist/packages/bunshot-auth/src/routes/auth.d.ts +15 -0
package/dist/packages/bunshot-auth/src/routes/auth.js +1624 -0
package/dist/packages/bunshot-auth/src/routes/groups.d.ts +4 -0
package/dist/packages/bunshot-auth/src/routes/groups.js +481 -0
package/dist/packages/bunshot-auth/src/routes/m2m.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/m2m.js +145 -0
package/dist/packages/bunshot-auth/src/routes/mfa.d.ts +6 -0
package/dist/packages/bunshot-auth/src/routes/mfa.js +991 -0
package/dist/packages/bunshot-auth/src/routes/oauth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/oauth.js +1727 -0
package/dist/packages/bunshot-auth/src/routes/oidc.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/oidc.js +84 -0
package/dist/packages/bunshot-auth/src/routes/organizations.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/organizations.js +741 -0
package/dist/packages/bunshot-auth/src/routes/passkey.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/passkey.js +199 -0
package/dist/packages/bunshot-auth/src/routes/saml.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/saml.js +226 -0
package/dist/packages/bunshot-auth/src/routes/scim.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/scim.js +588 -0
package/dist/packages/bunshot-auth/src/runtime.d.ts +52 -0
package/dist/packages/bunshot-auth/src/runtime.js +11 -0
package/dist/{schemas → packages/bunshot-auth/src/schemas}/auth.d.ts +4 -5
package/dist/packages/bunshot-auth/src/schemas/auth.js +24 -0
package/dist/packages/bunshot-auth/src/schemas/error.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/error.js +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.js +10 -0
package/dist/packages/bunshot-auth/src/services/auth.d.ts +39 -0
package/dist/packages/bunshot-auth/src/services/auth.js +378 -0
package/dist/{services → packages/bunshot-auth/src/services}/mfa.d.ts +41 -17
package/dist/{services → packages/bunshot-auth/src/services}/mfa.js +259 -183
package/dist/packages/bunshot-auth/src/testing.d.ts +31 -0
package/dist/packages/bunshot-auth/src/testing.js +23 -0
package/dist/packages/bunshot-auth/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/adapter.js +1 -0
package/dist/packages/bunshot-auth/src/types/config.d.ts +152 -0
package/dist/packages/bunshot-auth/src/types/config.js +179 -0
package/dist/{routes → packages/bunshot-auth/src/types}/groups.d.ts +2 -3
package/dist/packages/bunshot-auth/src/types/groups.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.d.ts +6 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.js +1 -0
package/dist/packages/bunshot-auth/src/types/redis.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/redis.js +1 -0
package/dist/packages/bunshot-auth/src/types/saml.d.ts +10 -0
package/dist/packages/bunshot-auth/src/types/saml.js +1 -0
package/dist/packages/bunshot-auth/src/types/session.d.ts +18 -0
package/dist/packages/bunshot-auth/src/types/session.js +1 -0
package/dist/packages/bunshot-auth/src/types/store.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/store.js +1 -0
package/dist/packages/bunshot-core/src/adminProvider.d.ts +95 -0
package/dist/packages/bunshot-core/src/adminProvider.js +1 -0
package/dist/packages/bunshot-core/src/auditLog.d.ts +34 -0
package/dist/packages/bunshot-core/src/auditLog.js +1 -0
package/dist/packages/bunshot-core/src/auth-adapter.d.ts +227 -0
package/dist/packages/bunshot-core/src/auth-adapter.js +4 -0
package/dist/packages/bunshot-core/src/authVariables.d.ts +14 -0
package/dist/packages/bunshot-core/src/authVariables.js +4 -0
package/dist/packages/bunshot-core/src/cache.d.ts +12 -0
package/dist/packages/bunshot-core/src/cache.js +21 -0
package/dist/{lib → packages/bunshot-core/src}/captcha.d.ts +1 -10
package/dist/packages/bunshot-core/src/captcha.js +1 -0
package/dist/packages/bunshot-core/src/clearRegistry.d.ts +6 -0
package/dist/packages/bunshot-core/src/clearRegistry.js +17 -0
package/dist/packages/bunshot-core/src/clientIp.d.ts +3 -0
package/dist/packages/bunshot-core/src/clientIp.js +45 -0
package/dist/packages/bunshot-core/src/configLock.d.ts +4 -0
package/dist/packages/bunshot-core/src/configLock.js +7 -0
package/dist/packages/bunshot-core/src/configValidation.d.ts +22 -0
package/dist/packages/bunshot-core/src/configValidation.js +39 -0
package/dist/packages/bunshot-core/src/constants.js +10 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.d.ts +232 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.js +1 -0
package/dist/packages/bunshot-core/src/context/contextAccess.d.ts +3 -0
package/dist/packages/bunshot-core/src/context/contextAccess.js +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.d.ts +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.js +31 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.d.ts +38 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.js +1 -0
package/dist/packages/bunshot-core/src/context/index.d.ts +4 -0
package/dist/packages/bunshot-core/src/context/index.js +2 -0
package/dist/packages/bunshot-core/src/context.d.ts +40 -0
package/dist/packages/bunshot-core/src/context.js +35 -0
package/dist/packages/bunshot-core/src/coreContracts.d.ts +47 -0
package/dist/packages/bunshot-core/src/coreContracts.js +1 -0
package/dist/packages/bunshot-core/src/coreRegistrar.d.ts +6 -0
package/dist/packages/bunshot-core/src/coreRegistrar.js +42 -0
package/dist/{lib → packages/bunshot-core/src}/createRoute.d.ts +4 -30
package/dist/{lib → packages/bunshot-core/src}/createRoute.js +39 -88
package/dist/packages/bunshot-core/src/cronRegistry.d.ts +11 -0
package/dist/packages/bunshot-core/src/cronRegistry.js +1 -0
package/dist/packages/bunshot-core/src/crypto.d.ts +43 -0
package/dist/packages/bunshot-core/src/crypto.js +74 -0
package/dist/packages/bunshot-core/src/csrf.d.ts +8 -0
package/dist/packages/bunshot-core/src/csrf.js +1 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.d.ts +7 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.js +19 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.js +40 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.js +24 -0
package/dist/packages/bunshot-core/src/emailTemplates.d.ts +5 -0
package/dist/packages/bunshot-core/src/emailTemplates.js +10 -0
package/dist/{lib/HttpError.d.ts → packages/bunshot-core/src/errors.d.ts} +4 -1
package/dist/{lib/HttpError.js → packages/bunshot-core/src/errors.js} +7 -1
package/dist/packages/bunshot-core/src/eventBus.d.ts +270 -0
package/dist/packages/bunshot-core/src/eventBus.js +143 -0
package/dist/packages/bunshot-core/src/idempotency.d.ts +18 -0
package/dist/packages/bunshot-core/src/idempotency.js +1 -0
package/dist/packages/bunshot-core/src/index.d.ts +60 -0
package/dist/packages/bunshot-core/src/index.js +34 -0
package/dist/packages/bunshot-core/src/mail.d.ts +14 -0
package/dist/packages/bunshot-core/src/mail.js +8 -0
package/dist/packages/bunshot-core/src/memoryEviction.d.ts +24 -0
package/dist/packages/bunshot-core/src/memoryEviction.js +52 -0
package/dist/packages/bunshot-core/src/pagination.d.ts +45 -0
package/dist/packages/bunshot-core/src/pagination.js +61 -0
package/dist/packages/bunshot-core/src/permissions.d.ts +64 -0
package/dist/packages/bunshot-core/src/permissions.js +27 -0
package/dist/packages/bunshot-core/src/plugin.d.ts +44 -0
package/dist/packages/bunshot-core/src/plugin.js +1 -0
package/dist/packages/bunshot-core/src/rateLimit.d.ts +5 -0
package/dist/packages/bunshot-core/src/rateLimit.js +18 -0
package/dist/packages/bunshot-core/src/redis.d.ts +21 -0
package/dist/packages/bunshot-core/src/redis.js +1 -0
package/dist/packages/bunshot-core/src/routeAuth.d.ts +5 -0
package/dist/packages/bunshot-core/src/routeAuth.js +11 -0
package/dist/packages/bunshot-core/src/routeOverrides.d.ts +24 -0
package/dist/packages/bunshot-core/src/routeOverrides.js +25 -0
package/dist/packages/bunshot-core/src/routerAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/routerAdapter.js +56 -0
package/dist/packages/bunshot-core/src/secrets.d.ts +48 -0
package/dist/packages/bunshot-core/src/secrets.js +8 -0
package/dist/packages/bunshot-core/src/signing.d.ts +41 -0
package/dist/packages/bunshot-core/src/signing.js +1 -0
package/dist/packages/bunshot-core/src/sse.d.ts +36 -0
package/dist/packages/bunshot-core/src/sse.js +1 -0
package/dist/packages/bunshot-core/src/storageAdapter.js +1 -0
package/dist/packages/bunshot-core/src/storeInfra.d.ts +44 -0
package/dist/packages/bunshot-core/src/storeInfra.js +18 -0
package/dist/packages/bunshot-core/src/storeType.d.ts +7 -0
package/dist/packages/bunshot-core/src/storeType.js +1 -0
package/dist/packages/bunshot-core/src/testing.d.ts +1 -0
package/dist/packages/bunshot-core/src/testing.js +1 -0
package/dist/packages/bunshot-core/src/uploadRegistry.d.ts +23 -0
package/dist/packages/bunshot-core/src/uploadRegistry.js +4 -0
package/dist/packages/bunshot-core/src/userResolver.d.ts +5 -0
package/dist/packages/bunshot-core/src/userResolver.js +14 -0
package/dist/packages/bunshot-core/src/wsMessages.d.ts +42 -0
package/dist/packages/bunshot-core/src/wsMessages.js +4 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.js +73 -0
package/dist/packages/bunshot-permissions/src/index.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/index.js +5 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.js +12 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.js +165 -0
package/dist/packages/bunshot-permissions/src/lib/registry.d.ts +2 -0
package/dist/packages/bunshot-permissions/src/lib/registry.js +31 -0
package/dist/packages/bunshot-permissions/src/lib/validation.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/lib/validation.js +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.js +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.js +1 -0
package/dist/packages/bunshot-permissions/src/types/models.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/models.js +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.js +1 -0
package/dist/packages/bunshot-postgres/src/adapter.d.ts +6 -0
package/dist/packages/bunshot-postgres/src/adapter.js +794 -0
package/dist/packages/bunshot-postgres/src/connection.d.ts +15 -0
package/dist/packages/bunshot-postgres/src/connection.js +16 -0
package/dist/packages/bunshot-postgres/src/index.d.ts +4 -0
package/dist/packages/bunshot-postgres/src/index.js +2 -0
package/dist/packages/bunshot-postgres/src/schema.d.ts +997 -0
package/dist/packages/bunshot-postgres/src/schema.js +105 -0
package/dist/src/app.d.ts +230 -0
package/dist/src/app.js +182 -0
package/dist/src/cli/commands/init.d.ts +10 -0
package/dist/src/cli/commands/init.js +709 -0
package/dist/src/cli/index.d.ts +1 -0
package/dist/src/cli/index.js +3 -0
package/dist/src/entrypoints/mongo.d.ts +6 -0
package/dist/src/entrypoints/mongo.js +4 -0
package/dist/src/entrypoints/queue.d.ts +2 -0
package/dist/src/entrypoints/queue.js +1 -0
package/dist/src/entrypoints/redis.d.ts +1 -0
package/dist/src/entrypoints/redis.js +1 -0
package/dist/{adapters → src/framework/adapters}/localStorage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/localStorage.js +10 -10
package/dist/src/framework/adapters/memoryStorage.d.ts +2 -0
package/dist/src/framework/adapters/memoryStorage.js +45 -0
package/dist/{adapters → src/framework/adapters}/s3Storage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/s3Storage.js +12 -12
package/dist/src/framework/admin/bunshotAccess.d.ts +2 -0
package/dist/src/framework/admin/bunshotAccess.js +23 -0
package/dist/src/framework/admin/bunshotUsers.d.ts +2 -0
package/dist/src/framework/admin/bunshotUsers.js +103 -0
package/dist/src/framework/admin/index.d.ts +7 -0
package/dist/src/framework/admin/index.js +21 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.d.ts +13 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.js +86 -0
package/dist/src/framework/boundaryAdapters/index.d.ts +2 -0
package/dist/src/framework/boundaryAdapters/index.js +1 -0
package/dist/src/framework/boundaryAdapters.d.ts +17 -0
package/dist/src/framework/boundaryAdapters.js +62 -0
package/dist/src/framework/buildContext.d.ts +33 -0
package/dist/src/framework/buildContext.js +119 -0
package/dist/src/framework/config/schema.d.ts +447 -0
package/dist/src/framework/config/schema.js +528 -0
package/dist/src/framework/createInfrastructure.d.ts +76 -0
package/dist/src/framework/createInfrastructure.js +221 -0
package/dist/src/framework/lib/auditLog.d.ts +23 -0
package/dist/src/framework/lib/auditLog.js +416 -0
package/dist/src/framework/lib/captcha.d.ts +11 -0
package/dist/{lib → src/framework/lib}/captcha.js +13 -10
package/dist/{lib → src/framework/lib}/createDtoMapper.js +4 -4
package/dist/src/framework/lib/createRoute.d.ts +1 -0
package/dist/src/framework/lib/createRoute.js +2 -0
package/dist/{lib → src/framework/lib}/idempotency.d.ts +2 -6
package/dist/src/framework/lib/idempotency.js +74 -0
package/dist/src/framework/lib/logger.d.ts +3 -0
package/dist/src/framework/lib/logger.js +14 -0
package/dist/src/framework/lib/metrics.d.ts +34 -0
package/dist/{lib → src/framework/lib}/metrics.js +49 -57
package/dist/src/framework/lib/pagination.d.ts +42 -0
package/dist/src/framework/lib/pagination.js +51 -0
package/dist/src/framework/lib/redisTransport.d.ts +38 -0
package/dist/src/framework/lib/redisTransport.js +107 -0
package/dist/src/framework/lib/resolveUserId.d.ts +2 -0
package/dist/src/framework/lib/resolveUserId.js +5 -0
package/dist/src/framework/lib/sseCollision.d.ts +6 -0
package/dist/src/framework/lib/sseCollision.js +26 -0
package/dist/src/framework/lib/storageAdapter.d.ts +1 -0
package/dist/src/framework/lib/storageAdapter.js +1 -0
package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.js +4 -4
package/dist/src/framework/lib/tenant.d.ts +21 -0
package/dist/src/framework/lib/tenant.js +70 -0
package/dist/{lib → src/framework/lib}/upload.d.ts +11 -10
package/dist/src/framework/lib/upload.js +132 -0
package/dist/src/framework/lib/uploadRegistry.d.ts +23 -0
package/dist/src/framework/lib/uploadRegistry.js +34 -0
package/dist/{lib → src/framework/lib}/validate.d.ts +1 -1
package/dist/{lib → src/framework/lib}/validate.js +2 -2
package/dist/src/framework/lib/ws.d.ts +19 -0
package/dist/src/framework/lib/ws.js +130 -0
package/dist/src/framework/lib/wsHeartbeat.d.ts +12 -0
package/dist/src/framework/lib/wsHeartbeat.js +53 -0
package/dist/src/framework/lib/wsMessages.d.ts +25 -0
package/dist/src/framework/lib/wsMessages.js +45 -0
package/dist/src/framework/lib/wsNamespace.d.ts +17 -0
package/dist/src/framework/lib/wsNamespace.js +19 -0
package/dist/src/framework/lib/wsPresence.d.ts +17 -0
package/dist/src/framework/lib/wsPresence.js +84 -0
package/dist/src/framework/lib/wsTransport.d.ts +38 -0
package/dist/src/framework/lib/wsTransport.js +9 -0
package/dist/{lib → src/framework/lib}/zodToMongoose.d.ts +1 -1
package/dist/{lib → src/framework/lib}/zodToMongoose.js +11 -11
package/dist/{middleware → src/framework/middleware}/auditLog.d.ts +4 -3
package/dist/src/framework/middleware/auditLog.js +42 -0
package/dist/{middleware → src/framework/middleware}/botProtection.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/botProtection.js +8 -9
package/dist/src/framework/middleware/cacheResponse.d.ts +35 -0
package/dist/src/framework/middleware/cacheResponse.js +126 -0
package/dist/{middleware → src/framework/middleware}/captcha.d.ts +2 -3
package/dist/src/framework/middleware/captcha.js +37 -0
package/dist/{middleware → src/framework/middleware}/errorHandler.d.ts +1 -1
package/dist/{middleware → src/framework/middleware}/errorHandler.js +2 -2
package/dist/src/framework/middleware/index.js +1 -0
package/dist/{middleware → src/framework/middleware}/logger.d.ts +1 -1
package/dist/src/framework/middleware/metrics.d.ts +12 -0
package/dist/src/framework/middleware/metrics.js +26 -0
package/dist/{middleware → src/framework/middleware}/rateLimit.d.ts +2 -2
package/dist/src/framework/middleware/rateLimit.js +22 -0
package/dist/src/framework/middleware/requestId.d.ts +3 -0
package/dist/{middleware → src/framework/middleware}/requestId.js +2 -2
package/dist/{middleware → src/framework/middleware}/requestLogger.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/requestLogger.js +17 -12
package/dist/{middleware → src/framework/middleware}/requestSigning.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/requestSigning.js +18 -20
package/dist/src/framework/middleware/tenant.d.ts +14 -0
package/dist/{middleware → src/framework/middleware}/tenant.js +31 -27
package/dist/src/framework/middleware/upload.d.ts +5 -0
package/dist/{middleware → src/framework/middleware}/upload.js +4 -4
package/dist/{middleware → src/framework/middleware}/webhookAuth.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/webhookAuth.js +11 -12
package/dist/src/framework/models/AuditLog.d.ts +21 -0
package/dist/src/framework/models/AuditLog.js +31 -0
package/dist/src/framework/mountMiddleware.d.ts +91 -0
package/dist/src/framework/mountMiddleware.js +128 -0
package/dist/src/framework/mountOptionalEndpoints.d.ts +103 -0
package/dist/src/framework/mountOptionalEndpoints.js +47 -0
package/dist/src/framework/mountRoutes.d.ts +21 -0
package/dist/src/framework/mountRoutes.js +144 -0
package/dist/src/framework/persistence/cronRegistry.d.ts +28 -0
package/dist/src/framework/persistence/cronRegistry.js +139 -0
package/dist/src/framework/persistence/idempotency.d.ts +26 -0
package/dist/src/framework/persistence/idempotency.js +178 -0
package/dist/src/framework/persistence/index.d.ts +6 -0
package/dist/src/framework/persistence/index.js +8 -0
package/dist/src/framework/persistence/storeInfra.d.ts +9 -0
package/dist/src/framework/persistence/storeInfra.js +1 -0
package/dist/src/framework/persistence/uploadRegistry.d.ts +35 -0
package/dist/src/framework/persistence/uploadRegistry.js +235 -0
package/dist/src/framework/persistence/wsMessages.d.ts +22 -0
package/dist/src/framework/persistence/wsMessages.js +296 -0
package/dist/src/framework/preloadSchemas.d.ts +24 -0
package/dist/src/framework/preloadSchemas.js +42 -0
package/dist/src/framework/registerBoundaryAdapters.d.ts +23 -0
package/dist/src/framework/registerBoundaryAdapters.js +46 -0
package/dist/src/framework/routes/admin.d.ts +9 -0
package/dist/src/framework/routes/admin.js +361 -0
package/dist/src/framework/routes/health.d.ts +1 -0
package/dist/src/framework/routes/health.js +21 -0
package/dist/src/framework/routes/home.d.ts +1 -0
package/dist/src/framework/routes/home.js +18 -0
package/dist/src/framework/routes/jobs.d.ts +3 -0
package/dist/{routes → src/framework/routes}/jobs.js +128 -103
package/dist/src/framework/routes/metrics.d.ts +10 -0
package/dist/src/framework/routes/metrics.js +57 -0
package/dist/{routes → src/framework/routes}/uploads.d.ts +3 -3
package/dist/src/framework/routes/uploads.js +262 -0
package/dist/src/framework/runPluginLifecycle.d.ts +27 -0
package/dist/src/framework/runPluginLifecycle.js +121 -0
package/dist/src/framework/secrets/frameworkSecretSchema.d.ts +58 -0
package/dist/src/framework/secrets/frameworkSecretSchema.js +20 -0
package/dist/src/framework/secrets/index.d.ts +9 -0
package/dist/src/framework/secrets/index.js +7 -0
package/dist/src/framework/secrets/providers/envProvider.d.ts +15 -0
package/dist/src/framework/secrets/providers/envProvider.js +18 -0
package/dist/src/framework/secrets/providers/fileProvider.d.ts +8 -0
package/dist/src/framework/secrets/providers/fileProvider.js +82 -0
package/dist/src/framework/secrets/providers/ssmProvider.d.ts +20 -0
package/dist/src/framework/secrets/providers/ssmProvider.js +127 -0
package/dist/src/framework/secrets/resolveSecretBundle.d.ts +53 -0
package/dist/src/framework/secrets/resolveSecretBundle.js +84 -0
package/dist/src/framework/secrets/resolveSecrets.d.ts +18 -0
package/dist/src/framework/secrets/resolveSecrets.js +34 -0
package/dist/src/framework/sse/index.d.ts +21 -0
package/dist/src/framework/sse/index.js +109 -0
package/dist/src/framework/ws/index.d.ts +11 -0
package/dist/src/framework/ws/index.js +8 -0
package/dist/src/index.d.ts +87 -0
package/dist/src/index.js +58 -0
package/dist/src/lib/appConfig.d.ts +7 -0
package/dist/src/lib/appConfig.js +27 -0
package/dist/src/lib/appMeta.d.ts +7 -0
package/dist/src/lib/appMeta.js +3 -0
package/dist/src/lib/authConfig.d.ts +532 -0
package/dist/{lib/appConfig.js → src/lib/authConfig.js} +75 -17
package/dist/{lib → src/lib}/context.d.ts +6 -12
package/dist/{lib → src/lib}/context.js +5 -5
package/dist/src/lib/logger.d.ts +1 -0
package/dist/src/lib/logger.js +1 -0
package/dist/src/lib/mongo.d.ts +58 -0
package/dist/src/lib/mongo.js +96 -0
package/dist/src/lib/queue.d.ts +72 -0
package/dist/src/lib/queue.js +152 -0
package/dist/src/lib/redis.d.ts +28 -0
package/dist/src/lib/redis.js +72 -0
package/dist/{lib → src/lib}/signing.d.ts +2 -2
package/dist/src/lib/signing.js +210 -0
package/dist/src/lib/signingConfig.d.ts +40 -0
package/dist/src/lib/signingConfig.js +28 -0
package/dist/src/server.d.ts +146 -0
package/dist/src/server.js +469 -0
package/dist/src/shared/lib/HttpError.d.ts +1 -0
package/dist/src/shared/lib/HttpError.js +2 -0
package/dist/src/shared/lib/constants.d.ts +10 -0
package/dist/src/shared/lib/crypto.d.ts +43 -0
package/dist/src/shared/lib/crypto.js +74 -0
package/dist/src/shared/lib/signing.d.ts +52 -0
package/dist/{lib → src/shared/lib}/signing.js +35 -8
package/dist/src/testing.d.ts +34 -0
package/dist/src/testing.js +93 -0
package/package.json +60 -24
package/dist/adapters/memoryAuth.d.ts +0 -52
package/dist/adapters/memoryAuth.js +0 -749
package/dist/adapters/memoryStorage.d.ts +0 -3
package/dist/adapters/memoryStorage.js +0 -44
package/dist/adapters/mongoAuth.d.ts +0 -2
package/dist/adapters/mongoAuth.js +0 -403
package/dist/adapters/sqliteAuth.d.ts +0 -72
package/dist/adapters/sqliteAuth.js +0 -858
package/dist/app.d.ts +0 -559
package/dist/app.js +0 -651
package/dist/entrypoints/mongo.d.ts +0 -5
package/dist/entrypoints/mongo.js +0 -4
package/dist/entrypoints/queue.d.ts +0 -2
package/dist/entrypoints/queue.js +0 -1
package/dist/entrypoints/redis.d.ts +0 -1
package/dist/entrypoints/redis.js +0 -1
package/dist/index.d.ts +0 -117
package/dist/index.js +0 -88
package/dist/lib/appConfig.d.ts +0 -275
package/dist/lib/auditLog.d.ts +0 -58
package/dist/lib/auditLog.js +0 -218
package/dist/lib/authAdapter.d.ts +0 -246
package/dist/lib/authAdapter.js +0 -7
package/dist/lib/authRateLimit.d.ts +0 -13
package/dist/lib/authRateLimit.js +0 -117
package/dist/lib/clientIp.d.ts +0 -14
package/dist/lib/credentialStuffing.d.ts +0 -31
package/dist/lib/credentialStuffing.js +0 -77
package/dist/lib/crypto.d.ts +0 -11
package/dist/lib/crypto.js +0 -22
package/dist/lib/deletionCancelToken.d.ts +0 -12
package/dist/lib/deletionCancelToken.js +0 -88
package/dist/lib/emailVerification.d.ts +0 -19
package/dist/lib/emailVerification.js +0 -129
package/dist/lib/fingerprint.js +0 -36
package/dist/lib/idempotency.js +0 -182
package/dist/lib/jwks.d.ts +0 -25
package/dist/lib/jwks.js +0 -51
package/dist/lib/jwt.d.ts +0 -15
package/dist/lib/jwt.js +0 -111
package/dist/lib/metrics.d.ts +0 -14
package/dist/lib/mfaChallenge.d.ts +0 -55
package/dist/lib/mfaChallenge.js +0 -398
package/dist/lib/mongo.d.ts +0 -39
package/dist/lib/mongo.js +0 -124
package/dist/lib/oauth.d.ts +0 -40
package/dist/lib/oauth.js +0 -101
package/dist/lib/oauthCode.d.ts +0 -15
package/dist/lib/oauthCode.js +0 -95
package/dist/lib/pagination.d.ts +0 -119
package/dist/lib/pagination.js +0 -166
package/dist/lib/queue.d.ts +0 -37
package/dist/lib/queue.js +0 -117
package/dist/lib/redis.d.ts +0 -9
package/dist/lib/redis.js +0 -61
package/dist/lib/resetPassword.d.ts +0 -12
package/dist/lib/resetPassword.js +0 -93
package/dist/lib/roles.d.ts +0 -7
package/dist/lib/roles.js +0 -49
package/dist/lib/saml.d.ts +0 -25
package/dist/lib/saml.js +0 -64
package/dist/lib/securityEvents.d.ts +0 -28
package/dist/lib/securityEvents.js +0 -26
package/dist/lib/session.d.ts +0 -49
package/dist/lib/session.js +0 -597
package/dist/lib/tenant.d.ts +0 -15
package/dist/lib/tenant.js +0 -65
package/dist/lib/upload.js +0 -112
package/dist/lib/uploadRegistry.d.ts +0 -18
package/dist/lib/uploadRegistry.js +0 -83
package/dist/lib/ws.d.ts +0 -22
package/dist/lib/ws.js +0 -96
package/dist/lib/wsHeartbeat.d.ts +0 -12
package/dist/lib/wsHeartbeat.js +0 -57
package/dist/lib/wsMessages.d.ts +0 -40
package/dist/lib/wsMessages.js +0 -330
package/dist/lib/wsPresence.d.ts +0 -25
package/dist/lib/wsPresence.js +0 -99
package/dist/middleware/auditLog.js +0 -39
package/dist/middleware/bearerAuth.d.ts +0 -2
package/dist/middleware/bearerAuth.js +0 -11
package/dist/middleware/cacheResponse.d.ts +0 -15
package/dist/middleware/cacheResponse.js +0 -178
package/dist/middleware/captcha.js +0 -36
package/dist/middleware/csrf.js +0 -129
package/dist/middleware/identify.d.ts +0 -3
package/dist/middleware/identify.js +0 -122
package/dist/middleware/index.js +0 -1
package/dist/middleware/metrics.d.ts +0 -9
package/dist/middleware/metrics.js +0 -26
package/dist/middleware/rateLimit.js +0 -22
package/dist/middleware/requestId.d.ts +0 -3
package/dist/middleware/scimAuth.d.ts +0 -8
package/dist/middleware/scimAuth.js +0 -29
package/dist/middleware/tenant.d.ts +0 -5
package/dist/middleware/upload.d.ts +0 -5
package/dist/middleware/userAuth.d.ts +0 -3
package/dist/middleware/userAuth.js +0 -6
package/dist/models/AuditLog.d.ts +0 -30
package/dist/models/AuditLog.js +0 -39
package/dist/models/AuthUser.js +0 -55
package/dist/models/Group.d.ts +0 -21
package/dist/models/Group.js +0 -28
package/dist/models/GroupMembership.js +0 -25
package/dist/models/TenantRole.d.ts +0 -15
package/dist/models/TenantRole.js +0 -23
package/dist/routes/auth.d.ts +0 -12
package/dist/routes/auth.js +0 -744
package/dist/routes/groups.js +0 -346
package/dist/routes/health.d.ts +0 -1
package/dist/routes/health.js +0 -22
package/dist/routes/home.d.ts +0 -1
package/dist/routes/home.js +0 -16
package/dist/routes/jobs.d.ts +0 -2
package/dist/routes/m2m.d.ts +0 -2
package/dist/routes/m2m.js +0 -72
package/dist/routes/metrics.d.ts +0 -8
package/dist/routes/metrics.js +0 -55
package/dist/routes/mfa.d.ts +0 -5
package/dist/routes/mfa.js +0 -628
package/dist/routes/oauth.d.ts +0 -2
package/dist/routes/oauth.js +0 -520
package/dist/routes/oidc.d.ts +0 -2
package/dist/routes/oidc.js +0 -29
package/dist/routes/passkey.d.ts +0 -1
package/dist/routes/passkey.js +0 -157
package/dist/routes/saml.d.ts +0 -2
package/dist/routes/saml.js +0 -86
package/dist/routes/scim.d.ts +0 -2
package/dist/routes/scim.js +0 -255
package/dist/routes/uploads.js +0 -227
package/dist/schemas/auth.js +0 -30
package/dist/server.d.ts +0 -57
package/dist/server.js +0 -112
package/dist/services/auth.d.ts +0 -29
package/dist/services/auth.js +0 -238
package/dist/ws/index.d.ts +0 -10
package/dist/ws/index.js +0 -39
package/docs/sections/adding-middleware/full.md +0 -35
package/docs/sections/adding-models/full.md +0 -125
package/docs/sections/adding-models/overview.md +0 -13
package/docs/sections/adding-routes/full.md +0 -182
package/docs/sections/adding-routes/overview.md +0 -23
package/docs/sections/auth-flow/full.md +0 -790
package/docs/sections/auth-flow/overview.md +0 -10
package/docs/sections/auth-security-examples/full.md +0 -388
package/docs/sections/authentication/full.md +0 -130
package/docs/sections/authentication/overview.md +0 -5
package/docs/sections/cli/full.md +0 -42
package/docs/sections/configuration/full.md +0 -172
package/docs/sections/configuration/overview.md +0 -18
package/docs/sections/configuration-example/full.md +0 -117
package/docs/sections/configuration-example/overview.md +0 -30
package/docs/sections/documentation/full.md +0 -171
package/docs/sections/environment-variables/full.md +0 -55
package/docs/sections/exports/full.md +0 -123
package/docs/sections/extending-context/full.md +0 -59
package/docs/sections/header.md +0 -3
package/docs/sections/installation/full.md +0 -6
package/docs/sections/jobs/full.md +0 -140
package/docs/sections/jobs/overview.md +0 -15
package/docs/sections/logging/full.md +0 -83
package/docs/sections/metrics/full.md +0 -131
package/docs/sections/mongodb-connections/full.md +0 -45
package/docs/sections/mongodb-connections/overview.md +0 -7
package/docs/sections/multi-tenancy/full.md +0 -66
package/docs/sections/multi-tenancy/overview.md +0 -15
package/docs/sections/oauth/full.md +0 -189
package/docs/sections/oauth/overview.md +0 -16
package/docs/sections/package-development/full.md +0 -7
package/docs/sections/pagination/full.md +0 -93
package/docs/sections/passkey-login/full.md +0 -90
package/docs/sections/passkey-login/overview.md +0 -1
package/docs/sections/peer-dependencies/full.md +0 -47
package/docs/sections/quick-start/full.md +0 -43
package/docs/sections/response-caching/full.md +0 -117
package/docs/sections/response-caching/overview.md +0 -13
package/docs/sections/roles/full.md +0 -225
package/docs/sections/roles/overview.md +0 -14
package/docs/sections/running-without-redis/full.md +0 -16
package/docs/sections/running-without-redis-or-mongodb/full.md +0 -60
package/docs/sections/signing/full.md +0 -203
package/docs/sections/stack/full.md +0 -10
package/docs/sections/uploads/full.md +0 -208
package/docs/sections/versioning/full.md +0 -85
package/docs/sections/webhook-auth/full.md +0 -100
package/docs/sections/websocket/full.md +0 -196
package/docs/sections/websocket/overview.md +0 -5
package/docs/sections/websocket-rooms/full.md +0 -102
package/docs/sections/websocket-rooms/overview.md +0 -5
/package/dist/{lib/storageAdapter.js → packages/bunshot-admin/src/types/env.js} +0 -0
/package/dist/{lib → packages/bunshot-auth/src/lib}/fingerprint.d.ts +0 -0
/package/dist/{lib → packages/bunshot-auth/src/lib}/logger.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/constants.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/storageAdapter.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/createDtoMapper.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.js +0 -0
/package/dist/{middleware → src/framework/middleware}/index.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/logger.js +0 -0
/package/dist/{lib → src/shared/lib}/constants.js +0 -0

package/dist/app.js DELETED Viewed

@@ -1,651 +0,0 @@
-import { OpenAPIHono } from "@hono/zod-openapi";
-import { cors } from "hono/cors";
-import { secureHeaders } from "hono/secure-headers";
-import { Scalar } from "@scalar/hono-api-reference";
-import { HttpError, ValidationError } from "./lib/HttpError";
-import { rateLimit } from "./middleware/rateLimit";
-import { bearerAuth } from "./middleware/bearerAuth";
-import { identify } from "./middleware/identify";
-import { defaultValidationErrorFormatter } from "./lib/context";
-import { HEADER_USER_TOKEN, HEADER_REFRESH_TOKEN, HEADER_CSRF_TOKEN, HEADER_REQUEST_ID } from "./lib/constants";
-import { requestId } from "./middleware/requestId";
-import { requestLogger } from "./middleware/requestLogger";
-import { setAppName, setAppRoles, setDefaultRole, setPrimaryField, setEmailVerificationConfig, setPasswordResetConfig, setPasswordPolicy, setMaxSessions, setPersistSessionMetadata, setIncludeInactiveSessions, setTrackLastActive, setRefreshTokenConfig, setMfaConfig, setCsrfEnabled, setSigningConfig, setJwtConfig, setCheckSuspensionOnIdentify, setBreachedPasswordConfig, setCaptchaConfig, setStepUpConfig, setM2MConfig, setOidcConfig, setSamlConfig, setScimConfig } from "./lib/appConfig";
-import { setEmailVerificationStore } from "./lib/emailVerification";
-import { setPasswordResetStore } from "./lib/resetPassword";
-import { setAuthRateLimitStore } from "./lib/authRateLimit";
-import { setAuthAdapter } from "./lib/authAdapter";
-import { mongoAuthAdapter } from "./adapters/mongoAuth";
-import { memoryAuthAdapter } from "./adapters/memoryAuth";
-import { initOAuthProviders, getConfiguredOAuthProviders, setOAuthStateStore } from "./lib/oauth";
-import { setOAuthCodeStore } from "./lib/oauthCode";
-import { connectMongo, connectAuthMongo, connectAppMongo } from "./lib/mongo";
-import { connectRedis } from "./lib/redis";
-import { setSessionStore } from "./lib/session";
-import { setCacheStore } from "./middleware/cacheResponse";
-import { maybeAutoRegister } from "./lib/createRoute";
-import { setStorageAdapter, setUploadConfig } from "./lib/upload";
-import { validateJwtSecrets } from "./lib/jwt";
-export const createApp = async (config) => {
-    const { routesDir, app: appConfig = {}, auth: authConfig = {}, security: securityConfig = {}, middleware = [], db = {}, } = config;
-    if (config.securityEvents) {
-        const { setSecurityEventConfig } = await import("./lib/securityEvents");
-        setSecurityEventConfig(config.securityEvents);
-    }
-    const appName = appConfig.name ?? "Bun Core API";
-    const openApiVersion = appConfig.version ?? "1.0.0";
-    // Validate JWT secrets eagerly so misconfiguration is caught at startup
-    validateJwtSecrets();
-    // Trust-proxy for IP extraction
-    const { setTrustProxy } = await import("./lib/clientIp");
-    setTrustProxy(securityConfig.trustProxy ?? false);
-    const corsOrigins = securityConfig.cors ?? "*";
-    if (corsOrigins === "*" && process.env.NODE_ENV === "production") {
-        console.warn("[security] CORS is set to wildcard (*) in production. Configure security.cors with specific origins to restrict cross-origin access.");
-    }
-    if (securityConfig.csrf?.enabled && corsOrigins === "*") {
-        if (process.env.NODE_ENV === "production") {
-            throw new Error("[security] CSRF protection with wildcard CORS (*) is unsafe. " +
-                "Set security.cors to specific origins when using CSRF.");
-        }
-        console.warn("[security] CSRF is enabled with wildcard CORS. This will be rejected in production.");
-    }
-    const rlConfig = securityConfig.rateLimit ?? { windowMs: 60_000, max: 100 };
-    const botCfg = securityConfig.botProtection ?? {};
-    const enableBearerAuth = securityConfig.bearerAuth !== false;
-    const extraBypass = typeof securityConfig.bearerAuth === "object" && securityConfig.bearerAuth !== null
-        ? (securityConfig.bearerAuth.bypass ?? [])
-        : [];
-    const enableAuthRoutes = authConfig.enabled !== false;
-    const explicitAuthAdapter = authConfig.adapter;
-    const oauthProviders = authConfig.oauth?.providers;
-    const postOAuthRedirect = authConfig.oauth?.postRedirect ?? "/";
-    const allowedRedirectUrls = authConfig.oauth?.allowedRedirectUrls;
-    // Validate postRedirect against allowlist at startup (not per-request)
-    if (allowedRedirectUrls && postOAuthRedirect !== "/") {
-        try {
-            const redirectUrl = new URL(postOAuthRedirect);
-            const allowed = allowedRedirectUrls.some((u) => {
-                try {
-                    return new URL(u).origin === redirectUrl.origin;
-                }
-                catch {
-                    return false;
-                }
-            });
-            if (!allowed) {
-                throw new Error(`createApp: oauth.postRedirect "${postOAuthRedirect}" is not in the allowedRedirectUrls list. Add its origin to oauth.allowedRedirectUrls.`);
-            }
-        }
-        catch (e) {
-            if (e instanceof Error && e.message.startsWith("createApp:"))
-                throw e;
-            // Relative path — always allowed
-        }
-    }
-    const roles = authConfig.roles ?? [];
-    const defaultRole = authConfig.defaultRole;
-    const primaryField = authConfig.primaryField ?? "email";
-    const emailVerification = authConfig.emailVerification;
-    const passwordReset = authConfig.passwordReset;
-    const authRateLimit = authConfig.rateLimit;
-    const sessionPolicy = authConfig.sessionPolicy ?? {};
-    const { sqlite, mongo = "single", redis: enableRedis = true } = db;
-    // Smart fallback: pick the best available store rather than blindly defaulting to "redis"
-    const defaultStore = enableRedis
-        ? "redis"
-        : sqlite
-            ? "sqlite"
-            : mongo !== false
-                ? "mongo"
-                : "memory";
-    const sessions = db.sessions ?? defaultStore;
-    const oauthState = db.oauthState ?? sessions;
-    const cache = db.cache ?? defaultStore;
-    const authStore = db.auth ?? (mongo !== false ? "mongo" : sessions);
-    if (sqlite || sessions === "sqlite" || oauthState === "sqlite" || authStore === "sqlite") {
-        const { setSqliteDb } = await import("./adapters/sqliteAuth");
-        setSqliteDb(sqlite ?? "./data.db");
-    }
-    setSessionStore(sessions);
-    setOAuthStateStore(oauthState);
-    setOAuthCodeStore(oauthState);
-    setCacheStore(cache);
-    if (mongo === "single")
-        await connectMongo();
-    else if (mongo === "separate")
-        await Promise.all([connectAuthMongo(), connectAppMongo()]);
-    if (enableRedis)
-        await connectRedis();
-    // Resolve auth adapter: explicit prop wins, then db.auth, then mongo default
-    let authAdapter;
-    if (explicitAuthAdapter) {
-        authAdapter = explicitAuthAdapter;
-    }
-    else if (authStore === "sqlite") {
-        const { sqliteAuthAdapter } = await import("./adapters/sqliteAuth");
-        authAdapter = sqliteAuthAdapter;
-    }
-    else if (authStore === "memory") {
-        authAdapter = memoryAuthAdapter;
-    }
-    else {
-        authAdapter = mongoAuthAdapter;
-    }
-    if (defaultRole && !authAdapter.setRoles) {
-        throw new Error(`createApp: "defaultRole" is set to "${defaultRole}" but the auth adapter does not implement setRoles. Add setRoles to your adapter or remove defaultRole.`);
-    }
-    if (emailVerification && primaryField !== "email") {
-        throw new Error(`createApp: "emailVerification" is only supported when primaryField is "email". Either set primaryField to "email" or remove emailVerification.`);
-    }
-    if (passwordReset && primaryField !== "email") {
-        throw new Error(`createApp: "passwordReset" is only supported when primaryField is "email". Either set primaryField to "email" or remove passwordReset.`);
-    }
-    if (passwordReset && !authAdapter.setPassword) {
-        throw new Error(`createApp: "passwordReset" is configured but the auth adapter does not implement setPassword. Add setPassword to your adapter or remove passwordReset.`);
-    }
-    setAuthAdapter(authAdapter);
-    setAppRoles(roles);
-    setDefaultRole(defaultRole ?? null);
-    setPrimaryField(primaryField);
-    setEmailVerificationConfig(emailVerification ?? null);
-    setEmailVerificationStore(sessions);
-    setPasswordResetConfig(passwordReset ?? null);
-    setPasswordPolicy(authConfig.passwordPolicy ?? {});
-    setPasswordResetStore(sessions);
-    const { setDeletionCancelTokenStore } = await import("./lib/deletionCancelToken");
-    setDeletionCancelTokenStore(sessions);
-    setAuthRateLimitStore(authRateLimit?.store ?? (enableRedis ? "redis" : "memory"));
-    if (authRateLimit?.credentialStuffing) {
-        const { setCredentialStuffingConfig } = await import("./lib/credentialStuffing");
-        setCredentialStuffingConfig(authRateLimit.credentialStuffing);
-    }
-    setMaxSessions(sessionPolicy.maxSessions ?? 6);
-    setPersistSessionMetadata(sessionPolicy.persistSessionMetadata ?? true);
-    setIncludeInactiveSessions(sessionPolicy.includeInactiveSessions ?? false);
-    setTrackLastActive(sessionPolicy.trackLastActive ?? false);
-    setRefreshTokenConfig(authConfig.refreshTokens ?? null);
-    setMfaConfig(authConfig.mfa ?? null);
-    if (authConfig.jwt)
-        setJwtConfig(authConfig.jwt);
-    if (authConfig.checkSuspensionOnIdentify)
-        setCheckSuspensionOnIdentify(true);
-    if (authConfig.breachedPasswordCheck)
-        setBreachedPasswordConfig(authConfig.breachedPasswordCheck);
-    if (authConfig.stepUp)
-        setStepUpConfig(authConfig.stepUp);
-    // JWT config
-    if (authConfig.jwt)
-        setJwtConfig(authConfig.jwt);
-    // OIDC: load keys, set RS256, mount discovery routes
-    if (authConfig.oidc) {
-        setOidcConfig(authConfig.oidc);
-        // Override JWT config with OIDC issuer and RS256
-        setJwtConfig({ ...(authConfig.jwt ?? {}), issuer: authConfig.oidc.issuer, algorithm: "RS256" });
-        const { loadJwksKey, generateAndLoadKeyPair, loadPreviousKey } = await import("./lib/jwks");
-        const { _setAlgorithm } = await import("./lib/jwt");
-        if (authConfig.oidc.signingKey) {
-            await loadJwksKey(authConfig.oidc.signingKey);
-        }
-        else {
-            await generateAndLoadKeyPair();
-        }
-        for (const prev of authConfig.oidc.previousKeys ?? []) {
-            await loadPreviousKey(prev);
-        }
-        _setAlgorithm("RS256");
-    }
-    if (oauthProviders)
-        initOAuthProviders(oauthProviders);
-    const configuredOAuth = getConfiguredOAuthProviders();
-    // Start the account deletion worker when queued deletion is configured.
-    // The worker runs in-process alongside the API server.
-    if (authConfig.accountDeletion?.queued && enableAuthRoutes) {
-        try {
-            const { createWorker } = await import("./lib/queue");
-            const appName_ = appName;
-            const accountDeletion_ = authConfig.accountDeletion;
-            createWorker(`${appName_}:account-deletions`, async (job) => {
-                const { userId } = job.data;
-                const adapter_ = authAdapter;
-                if (accountDeletion_.onBeforeDelete)
-                    await accountDeletion_.onBeforeDelete(userId);
-                if (adapter_.deleteUser)
-                    await adapter_.deleteUser(userId);
-                if (accountDeletion_.onAfterDelete)
-                    await accountDeletion_.onAfterDelete(userId);
-            }, { concurrency: 1 });
-        }
-        catch (err) {
-            if (err?.message?.includes("bullmq is not installed")) {
-                throw new Error("createApp: accountDeletion.queued requires BullMQ. Run: bun add bullmq");
-            }
-            throw err;
-        }
-    }
-    // OAuth paths must bypass bearer auth — initiation and link routes are browser redirects,
-    // callbacks come from external providers; none can send a bearer token header.
-    const oauthBypass = configuredOAuth.flatMap((p) => [
-        `/auth/${p}`,
-        `/auth/${p}/callback`,
-        `/auth/${p}/link`,
-    ]);
-    const DEFAULT_BYPASS = ["/docs", "/openapi.json", "/sw.js", "/health", "/", "/metrics", "/oauth/token", "/.well-known/openid-configuration", "/.well-known/jwks.json", "/auth/saml/*", "/scim/v2/*"];
-    // Add per-version docs/spec paths when versioning is configured
-    const versionBypass = config.versioning
-        ? config.versioning.versions.flatMap((v) => [`/${v}/docs`, `/${v}/openapi.json`])
-        : [];
-    const bearerAuthBypass = [...DEFAULT_BYPASS, ...versionBypass, ...oauthBypass, ...extraBypass];
-    const app = new OpenAPIHono();
-    app.use(requestId);
-    // Set the validation error formatter on context so defaultHook and onError both pick it up
-    const validationFormatter = config.validation?.formatError ?? defaultValidationErrorFormatter;
-    app.use("*", async (c, next) => {
-        c.set("validationErrorFormatter", validationFormatter);
-        await next();
-    });
-    // Metrics collection middleware (before requestLogger so it captures all requests)
-    if (config.metrics?.enabled) {
-        const metricsAuth = config.metrics.auth ?? "none";
-        if (metricsAuth === "none" && !config.metrics.unsafePublic) {
-            if (process.env.NODE_ENV === "production") {
-                throw new Error("[security] metrics.auth is required in production. Set metrics.auth or explicitly set unsafePublic: true with auth: \"none\".");
-            }
-            console.warn("[security] /metrics is enabled without auth. Configure metrics.auth for production.");
-        }
-        const { metricsCollector } = await import("./middleware/metrics");
-        app.use(metricsCollector({
-            excludePaths: config.metrics.excludePaths,
-            normalizePath: config.metrics.normalizePath,
-        }));
-    }
-    const loggingConfig = config.logging ?? {};
-    if (loggingConfig.enabled !== false) {
-        app.use(requestLogger({
-            onLog: loggingConfig.onLog,
-            level: loggingConfig.level,
-            excludePaths: loggingConfig.excludePaths,
-            excludeMethods: loggingConfig.excludeMethods,
-        }));
-    }
-    const headerOpts = {};
-    if (securityConfig.headers?.contentSecurityPolicy) {
-        headerOpts["Content-Security-Policy"] = securityConfig.headers.contentSecurityPolicy;
-    }
-    if (securityConfig.headers?.permissionsPolicy) {
-        headerOpts["Permissions-Policy"] = securityConfig.headers.permissionsPolicy;
-    }
-    app.use(secureHeaders());
-    if (Object.keys(headerOpts).length > 0) {
-        app.use(async (c, next) => {
-            await next();
-            for (const [k, v] of Object.entries(headerOpts)) {
-                c.res.headers.set(k, v);
-            }
-        });
-    }
-    const corsAllowHeaders = ["Content-Type", "Authorization", HEADER_USER_TOKEN, HEADER_REFRESH_TOKEN];
-    if (securityConfig.csrf?.enabled)
-        corsAllowHeaders.push(HEADER_CSRF_TOKEN);
-    app.use(cors({ origin: corsOrigins, allowHeaders: corsAllowHeaders, exposeHeaders: ["x-cache", HEADER_REQUEST_ID], credentials: true }));
-    if ((botCfg.blockList?.length ?? 0) > 0) {
-        const { botProtection } = await import("./middleware/botProtection");
-        app.use(botProtection({ blockList: botCfg.blockList }));
-    }
-    app.use(rateLimit({ ...rlConfig, fingerprintLimit: botCfg.fingerprintRateLimit ?? false }));
-    if (enableBearerAuth) {
-        app.use(async (c, next) => {
-            const path = c.req.path;
-            const bypassed = bearerAuthBypass.some((entry) => entry.endsWith("*") ? path.startsWith(entry.slice(0, -1)) : path === entry);
-            if (bypassed) {
-                return next();
-            }
-            return bearerAuth(c, next);
-        });
-    }
-    app.use(identify);
-    // Signing config — make available to pagination, identify, and other lib modules
-    if (securityConfig.signing) {
-        setSigningConfig(securityConfig.signing);
-    }
-    // CAPTCHA config — store globally so requireCaptcha() can read it without explicit param
-    if (securityConfig.captcha) {
-        setCaptchaConfig(securityConfig.captcha);
-    }
-    // CSRF protection (after identify so we can check for auth cookie presence)
-    if (securityConfig.csrf?.enabled) {
-        setCsrfEnabled(true);
-        const { csrfProtection } = await import("./middleware/csrf");
-        const csrfExemptPaths = [
-            ...oauthBypass.filter(p => p.includes("/callback")),
-            ...(securityConfig.csrf.exemptPaths ?? []),
-        ];
-        app.use(csrfProtection({
-            exemptPaths: csrfExemptPaths,
-            checkOrigin: securityConfig.csrf.checkOrigin ?? true,
-            allowedOrigins: corsOrigins,
-        }));
-    }
-    // Tenant resolution middleware (after identify, before user middleware + routes)
-    if (config.tenancy) {
-        if (!config.tenancy.onResolve) {
-            if (process.env.NODE_ENV === "production") {
-                throw new Error("[security] Tenancy is configured without an onResolve callback. " +
-                    "In production, onResolve is required to validate tenant IDs and prevent cross-tenant access. " +
-                    "Provide tenancy.onResolve or remove the tenancy config.");
-            }
-            else {
-                console.warn("[security] Tenancy is configured without an onResolve callback — " +
-                    "tenant IDs will be trusted without validation. This is unsafe in production.");
-            }
-        }
-        const { createTenantMiddleware } = await import("./middleware/tenant");
-        app.use(createTenantMiddleware(config.tenancy));
-    }
-    for (const mw of middleware)
-        app.use(mw);
-    if (authConfig.mfa?.required) {
-        const { requireMfaSetup } = await import("./middleware/requireMfaSetup");
-        app.use(requireMfaSetup);
-    }
-    setAppName(appName);
-    // Schema pre-loading — import shared schema files before routes so registerSchema /
-    // registerSchemas calls run first, guaranteeing $ref instead of inline shapes.
-    const msConfig = config.modelSchemas;
-    if (msConfig) {
-        const { paths, registration = "auto" } = typeof msConfig === "string" || Array.isArray(msConfig)
-            ? { paths: msConfig, registration: "auto" }
-            : msConfig;
-        const pathArray = paths ? (Array.isArray(paths) ? paths : [paths]) : [];
-        for (const entry of pathArray) {
-            // Normalize to forward slashes so splitting works on both Windows and Unix.
-            const normalized = entry.replaceAll("\\", "/");
-            // Split glob patterns: everything before the first wildcard segment is the cwd.
-            let cwd;
-            let pattern;
-            if (!normalized.includes("*")) {
-                cwd = normalized;
-                pattern = "**/*.ts";
-            }
-            else {
-                const parts = normalized.split("/");
-                const starIdx = parts.findIndex((p) => p.includes("*"));
-                cwd = parts.slice(0, starIdx).join("/");
-                pattern = parts.slice(starIdx).join("/");
-            }
-            const schemaGlob = new Bun.Glob(pattern);
-            for await (const file of schemaGlob.scan({ cwd })) {
-                const mod = await import(`${cwd}/${file}`);
-                if (registration === "auto") {
-                    for (const [exportName, value] of Object.entries(mod)) {
-                        maybeAutoRegister(exportName, value);
-                    }
-                }
-                // "explicit": file imported; any registerSchema/registerSchemas calls inside already ran
-            }
-        }
-    }
-    // Core routes (auth, etc.)
-    const coreRoutesDir = import.meta.dir + "/routes";
-    const coreGlob = new Bun.Glob("*.ts");
-    for await (const file of coreGlob.scan({ cwd: coreRoutesDir })) {
-        if (file === "auth.ts")
-            continue; // mounted separately below via createAuthRouter
-        if (file === "oauth.ts")
-            continue; // mounted separately below
-        if (file === "mfa.ts")
-            continue; // mounted separately below when mfa is configured
-        if (file === "jobs.ts")
-            continue; // mounted separately below when jobs.statusEndpoint is true
-        if (file === "oidc.ts")
-            continue; // mounted separately below when oidc is configured
-        const mod = await import(`${coreRoutesDir}/${file}`);
-        if (mod.router)
-            app.route("/", mod.router);
-    }
-    if (enableAuthRoutes) {
-        const { createAuthRouter } = await import(`${coreRoutesDir}/auth`);
-        app.route("/", createAuthRouter({ primaryField, emailVerification, passwordReset, rateLimit: authRateLimit, accountDeletion: authConfig.accountDeletion, refreshTokens: authConfig.refreshTokens, stepUp: authConfig.stepUp }));
-    }
-    if (configuredOAuth.length > 0) {
-        const { createOAuthRouter } = await import(`${coreRoutesDir}/oauth`);
-        app.route("/", createOAuthRouter(configuredOAuth, postOAuthRedirect));
-    }
-    if (authConfig.mfa && enableAuthRoutes) {
-        const { setMfaChallengeStore, setMfaChallengeSqliteDb } = await import("./lib/mfaChallenge");
-        setMfaChallengeStore(sessions);
-        if (sessions === "sqlite") {
-            const { getDb } = await import("./adapters/sqliteAuth");
-            setMfaChallengeSqliteDb(getDb());
-        }
-        const { createMfaRouter } = await import(`${coreRoutesDir}/mfa`);
-        app.route("/", createMfaRouter({ rateLimit: authRateLimit }));
-    }
-    if (authConfig.mfa?.webauthn?.allowPasswordlessLogin && enableAuthRoutes) {
-        const { assertWebAuthnDependency } = await import("./services/mfa");
-        await assertWebAuthnDependency();
-        const { createPasskeyRouter } = await import(`${coreRoutesDir}/passkey`);
-        app.route("/", createPasskeyRouter());
-    }
-    if (authConfig.m2m?.enabled !== false && authConfig.m2m) {
-        setM2MConfig(authConfig.m2m);
-        const { createM2MRouter } = await import(`${coreRoutesDir}/m2m`);
-        app.route("/", createM2MRouter());
-    }
-    if (config.jobs?.statusEndpoint) {
-        const jobsAuth = config.jobs.auth ?? "none";
-        if (jobsAuth === "none" && !config.jobs.unsafePublic) {
-            if (process.env.NODE_ENV === "production") {
-                throw new Error("[security] jobs.auth is required in production. Set jobs.auth or explicitly set unsafePublic: true with auth: \"none\".");
-            }
-            console.warn("[security] /jobs is enabled without auth. Configure jobs.auth for production.");
-        }
-    }
-    if (config.jobs?.statusEndpoint) {
-        const { createJobsRouter } = await import(`${coreRoutesDir}/jobs`);
-        app.route("/", createJobsRouter(config.jobs));
-    }
-    if (config.metrics?.enabled) {
-        const { createMetricsRouter } = await import(`${coreRoutesDir}/metrics`);
-        app.route("/", createMetricsRouter({
-            auth: config.metrics.auth,
-            queues: config.metrics.queues,
-            unsafePublic: config.metrics.unsafePublic,
-        }));
-    }
-    if (config.groups?.managementRoutes) {
-        const { createGroupsRouter } = await import(`${coreRoutesDir}/groups`);
-        app.route("/", createGroupsRouter(config.groups));
-    }
-    if (authConfig.oidc) {
-        const { createOidcRouter } = await import(`${coreRoutesDir}/oidc`);
-        app.route("/", createOidcRouter());
-    }
-    if (authConfig.saml) {
-        setSamlConfig(authConfig.saml);
-        const { createSamlRouter } = await import(`${coreRoutesDir}/saml`);
-        app.route("/", createSamlRouter());
-    }
-    if (authConfig.scim) {
-        const { setScimTokens } = await import("./middleware/scimAuth");
-        setScimConfig(authConfig.scim);
-        setScimTokens(authConfig.scim.bearerTokens);
-        const { createScimRouter } = await import(`${coreRoutesDir}/scim`);
-        app.route("/", createScimRouter());
-    }
-    if (config.upload) {
-        const { storage, presignedUrls, authorization, allowExternalKeys, ...uploadOpts } = config.upload;
-        setStorageAdapter(storage);
-        setUploadConfig(uploadOpts);
-        // Wire upload registry store to match session store backend
-        const { setUploadRegistryStore } = await import("./lib/uploadRegistry");
-        setUploadRegistryStore(sessions);
-        if (presignedUrls) {
-            const { createUploadsRouter } = await import(`${coreRoutesDir}/uploads`);
-            const presignConfig = presignedUrls === true ? {} : presignedUrls;
-            app.route("/", createUploadsRouter({
-                ...presignConfig,
-                authorization,
-                allowExternalKeys,
-            }));
-        }
-    }
-    // Helper to register standard security schemes on an OpenAPI registry
-    const registerSecuritySchemes = (registry) => {
-        registry.registerComponent("securitySchemes", "cookieAuth", {
-            type: "apiKey",
-            in: "cookie",
-            name: "token",
-            description: "Session cookie set automatically on login/register.",
-        });
-        registry.registerComponent("securitySchemes", "userToken", {
-            type: "apiKey",
-            in: "header",
-            name: "x-user-token",
-            description: "JWT session token passed as the x-user-token request header (alternative to the session cookie).",
-        });
-        registry.registerComponent("securitySchemes", "bearerAuth", {
-            type: "http",
-            scheme: "bearer",
-            description: "API key passed as Authorization: Bearer <token>. Required on all endpoints unless bearer auth is disabled in CreateAppConfig or the path is in the bypass list.",
-        });
-    };
-    if (config.versioning) {
-        // Version-aware route discovery — each version gets its own OpenAPIHono instance
-        const { versions, sharedDir = "shared", defaultVersion = versions[versions.length - 1] } = config.versioning;
-        const { setVersionPrefix, clearVersionPrefix, getVersionToken, drainCapturedTokens, assertCapturedTokens } = await import("./lib/createRoute");
-        const { defaultHook } = await import("./lib/context");
-        const { stripUnreferencedSchemas } = await import("./lib/stripUnreferencedSchemas");
-        // Import shared routes with no prefix — schemas stay unprefixed (version-agnostic)
-        let sharedMods = [];
-        if (sharedDir !== false) {
-            const sharedRoutesDir = `${routesDir}/${sharedDir}`;
-            try {
-                const sharedGlob = new Bun.Glob("**/*.ts");
-                const sharedFiles = [];
-                for await (const file of sharedGlob.scan({ cwd: sharedRoutesDir })) {
-                    sharedFiles.push(file);
-                }
-                sharedMods = await Promise.all(sharedFiles.map(async (file) => ({ file, mod: await import(`${sharedRoutesDir}/${file}`) })));
-            }
-            catch {
-                // sharedDir doesn't exist — fine
-            }
-        }
-        // Drain any tokens captured during shared route imports (token=null, correct since no prefix was set)
-        // to prevent null tokens from bleeding into per-version assertions below.
-        drainCapturedTokens();
-        // For each version sequentially: set prefix, import routes, mount on isolated OpenAPIHono
-        for (const version of versions) {
-            setVersionPrefix(version);
-            const expectedToken = getVersionToken();
-            const vApp = new OpenAPIHono({ defaultHook });
-            const versionRoutesDir = `${routesDir}/${version}`;
-            const versionFiles = [];
-            try {
-                const versionGlob = new Bun.Glob("**/*.ts");
-                for await (const file of versionGlob.scan({ cwd: versionRoutesDir })) {
-                    versionFiles.push(file);
-                }
-            }
-            catch {
-                // version dir doesn't exist — fine
-            }
-            // Import all version route files in parallel
-            const versionMods = await Promise.all(versionFiles.map(async (file) => ({ file, mod: await import(`${versionRoutesDir}/${file}`) })));
-            // Assert version token to catch top-level await interleaving bugs at startup
-            assertCapturedTokens(drainCapturedTokens(), expectedToken);
-            // Mount version-specific routes (sorted by priority)
-            versionMods
-                .sort((a, b) => (a.mod.priority ?? Infinity) - (b.mod.priority ?? Infinity))
-                .forEach(({ mod }) => {
-                if (mod.router)
-                    vApp.route("/", mod.router);
-            });
-            // Mount shared routes on this versioned app
-            for (const { mod } of sharedMods) {
-                if (mod.router)
-                    vApp.route("/", mod.router);
-            }
-            registerSecuritySchemes(vApp.openAPIRegistry);
-            // Serve per-version spec stripped of schemas from other versions
-            vApp.get("/openapi.json", (c) => {
-                const spec = vApp.getOpenAPIDocument({
-                    openapi: "3.0.0",
-                    info: { title: `${appName} ${version.toUpperCase()}`, version: openApiVersion },
-                });
-                return c.json(stripUnreferencedSchemas(spec));
-            });
-            // Per-version Scalar docs
-            vApp.get("/docs", Scalar({ url: `/${version}/openapi.json` }));
-            clearVersionPrefix();
-            // Mount versioned app under /v1, /v2, etc.
-            app.route(`/${version}`, vApp);
-        }
-        // Root /docs → version selector page
-        app.get("/docs", (c) => {
-            const links = versions
-                .map((v) => `<li><a href="/${v}/docs" style="font-size:1.1em">${v.toUpperCase()}</a></li>`)
-                .join("\n");
-            const html = `<!DOCTYPE html>
-<html lang="en">
-<head><meta charset="utf-8"><title>${appName} — API Docs</title>
-<style>body{font-family:sans-serif;padding:2rem}ul{list-style:none;padding:0}li{margin:.5rem 0}</style>
-</head>
-<body>
-<h1>${appName}</h1>
-<h2>API Documentation</h2>
-<ul>${links}</ul>
-</body></html>`;
-            return c.html(html);
-        });
-        // Root /openapi.json → 302 to default version (no merged spec exists)
-        app.get("/openapi.json", (c) => c.redirect(`/${defaultVersion}/openapi.json`, 302));
-    }
-    else {
-        // Non-versioned path — existing behavior unchanged
-        // Service routes — collect all, sort by optional exported `priority`, then mount
-        const serviceGlob = new Bun.Glob("**/*.ts");
-        const serviceFiles = [];
-        for await (const file of serviceGlob.scan({ cwd: routesDir })) {
-            serviceFiles.push(file);
-        }
-        const serviceMods = await Promise.all(serviceFiles.map(async (file) => ({
-            file,
-            mod: await import(`${routesDir}/${file}`),
-        })));
-        serviceMods
-            .sort((a, b) => (a.mod.priority ?? Infinity) - (b.mod.priority ?? Infinity))
-            .forEach(({ mod }) => {
-            if (mod.router)
-                app.route("/", mod.router);
-        });
-        registerSecuritySchemes(app.openAPIRegistry);
-        app.doc("/openapi.json", { openapi: "3.0.0", info: { title: appName, version: openApiVersion } });
-        app.get("/docs", Scalar({ url: "/openapi.json" }));
-    }
-    app.onError((err, c) => {
-        const reqId = c.get("requestId") ?? "unknown";
-        // ValidationError extends HttpError — must check first or the details payload is lost
-        if (err instanceof ValidationError) {
-            const fmt = c.get("validationErrorFormatter") ?? defaultValidationErrorFormatter;
-            try {
-                return c.json(fmt(err.issues, reqId), 400);
-            }
-            catch {
-                return c.json(defaultValidationErrorFormatter(err.issues, reqId), 400);
-            }
-        }
-        if (err instanceof HttpError) {
-            const body = { error: err.message, requestId: reqId };
-            if (err.code !== undefined)
-                body.code = err.code;
-            return c.json(body, err.status);
-        }
-        console.error(err);
-        return c.json({ error: "Internal Server Error", requestId: reqId }, 500);
-    });
-    app.notFound((c) => c.json({ error: "Not Found", requestId: c.get("requestId") ?? "unknown" }, 404));
-    app.get("/sw.js", (c) => c.body("", 200, { "Content-Type": "application/javascript" }));
-    return app;
-};

package/dist/entrypoints/mongo.d.ts DELETED Viewed

@@ -1,5 +0,0 @@
-export { connectMongo, connectAuthMongo, connectAppMongo, disconnectMongo, authConnection, appConnection, mongoose } from "../lib/mongo";
-export { mongoAuthAdapter } from "../adapters/mongoAuth";
-export { AuthUser } from "../models/AuthUser";
-export { zodToMongoose } from "../lib/zodToMongoose";
-export type { ZodToMongooseConfig, ZodToMongooseRefConfig } from "../lib/zodToMongoose";

package/dist/entrypoints/mongo.js DELETED Viewed

@@ -1,4 +0,0 @@
-export { connectMongo, connectAuthMongo, connectAppMongo, disconnectMongo, authConnection, appConnection, mongoose } from "../lib/mongo";
-export { mongoAuthAdapter } from "../adapters/mongoAuth";
-export { AuthUser } from "../models/AuthUser";
-export { zodToMongoose } from "../lib/zodToMongoose";

package/dist/entrypoints/queue.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export { createQueue, createWorker, createCronWorker, cleanupStaleSchedulers, getRegisteredCronNames, createDLQHandler } from "../lib/queue";
2	- export type { Job, CronSchedule, DLQOptions } from "../lib/queue";

package/dist/entrypoints/queue.js DELETED Viewed

	@@ -1 +0,0 @@
1	- export { createQueue, createWorker, createCronWorker, cleanupStaleSchedulers, getRegisteredCronNames, createDLQHandler } from "../lib/queue";

package/dist/entrypoints/redis.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export { connectRedis, disconnectRedis, getRedis } from "../lib/redis";