@lastshotlabs/bunshot 0.0.27 → 0.0.28

package/dist/routes/groups.js

@@ -1,346 +0,0 @@
-import { z } from "zod";
-import { createRoute, withSecurity } from "../lib/createRoute";
-import { createRouter } from "../lib/context";
-import { userAuth } from "../middleware/userAuth";
-import { requireRole } from "../middleware/requireRole";
-import { createGroup, deleteGroup, getGroup, listGroups, updateGroup, addGroupMember, updateGroupMembership, removeGroupMember, getGroupMembers, getUserGroups, } from "../lib/groups";
-import { HttpError } from "../lib/HttpError";
-// ---------------------------------------------------------------------------
-// Zod schemas
-// ---------------------------------------------------------------------------
-const SLUG_REGEX = /^[a-z0-9_-]+$/;
-const GroupBody = z.object({
-    name: z.string().min(1).max(100).regex(SLUG_REGEX, "name must be a slug: lowercase letters, digits, underscores, or hyphens"),
-    displayName: z.string().max(200).optional(),
-    description: z.string().max(1000).optional(),
-    roles: z.array(z.string()).default([]),
-    tenantId: z.string().nullable().optional().default(null),
-});
-const GroupUpdateBody = z.object({
-    name: z.string().min(1).max(100).regex(SLUG_REGEX, "name must be a slug").optional(),
-    displayName: z.string().max(200).nullable().optional(),
-    description: z.string().max(1000).nullable().optional(),
-    roles: z.array(z.string()).optional(),
-});
-const MemberBody = z.object({
-    userId: z.string().min(1),
-    roles: z.array(z.string()).default([]),
-});
-const MemberRolesBody = z.object({
-    roles: z.array(z.string()),
-});
-const GroupResponse = z.object({
-    id: z.string(),
-    name: z.string(),
-    displayName: z.string().optional(),
-    description: z.string().optional(),
-    roles: z.array(z.string()),
-    tenantId: z.string().nullable(),
-    createdAt: z.number(),
-    updatedAt: z.number(),
-}).openapi("Group");
-const MemberResponse = z.object({
-    userId: z.string(),
-    roles: z.array(z.string()),
-}).openapi("GroupMember");
-const PaginatedGroupsResponse = z.object({
-    items: z.array(GroupResponse),
-    total: z.number(),
-    limit: z.number(),
-    offset: z.number(),
-}).openapi("PaginatedGroups");
-const PaginatedMembersResponse = z.object({
-    items: z.array(MemberResponse),
-    total: z.number(),
-    limit: z.number(),
-    offset: z.number(),
-}).openapi("PaginatedGroupMembers");
-const UserGroupEntry = z.object({
-    group: GroupResponse,
-    membershipRoles: z.array(z.string()),
-}).openapi("UserGroupEntry");
-const ErrorResponse = z.object({ error: z.string() });
-const PaginationParams = {
-    limit: z.string().optional().openapi({ description: "Max results (default 50, max 200)" }),
-    offset: z.string().optional().openapi({ description: "Skip this many results (default 0)" }),
-};
-const tags = ["Groups"];
-// ---------------------------------------------------------------------------
-// Router factory
-// ---------------------------------------------------------------------------
-export const createGroupsRouter = (config) => {
-    const router = createRouter();
-    // Normalize: managementRoutes: true is equivalent to managementRoutes: {}
-    const mgmt = config.managementRoutes === true ? {} : (config.managementRoutes ?? {});
-    const guard = mgmt.middleware ?? [userAuth, requireRole.global(mgmt.adminRole ?? "admin")];
-    // Defensive guard warning
-    if (guard.length === 0 && process.env.NODE_ENV !== "production") {
-        console.warn("[bunshot] groups.managementRoutes: resolved auth middleware is empty — management routes are unprotected");
-    }
-    // Apply auth guard to all group management routes
-    router.use("/groups/*", ...guard);
-    router.use("/users/:userId/groups", ...guard);
-    // ---------------------------------------------------------------------------
-    // GET /groups — list groups
-    // ---------------------------------------------------------------------------
-    router.openapi(withSecurity(createRoute({
-        method: "get",
-        path: "/groups",
-        tags,
-        summary: "List groups",
-        description: "List groups. Returns tenant-scoped groups when tenantId is in context, app-wide groups otherwise.",
-        request: { query: z.object(PaginationParams) },
-        responses: {
-            200: { content: { "application/json": { schema: PaginatedGroupsResponse } }, description: "Groups list" },
-            401: { content: { "application/json": { schema: ErrorResponse } }, description: "Unauthorized" },
-            403: { content: { "application/json": { schema: ErrorResponse } }, description: "Forbidden" },
-        },
-    }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-        const tenantId = c.get("tenantId") ?? null;
-        const { limit, offset } = c.req.valid("query");
-        const result = await listGroups(tenantId, {
-            limit: limit ? Math.min(parseInt(limit, 10), 200) : 50,
-            offset: offset ? parseInt(offset, 10) : 0,
-        });
-        return c.json(result, 200);
-    });
-    // ---------------------------------------------------------------------------
-    // POST /groups — create group
-    // ---------------------------------------------------------------------------
-    router.openapi(withSecurity(createRoute({
-        method: "post",
-        path: "/groups",
-        tags,
-        summary: "Create group",
-        request: { body: { content: { "application/json": { schema: GroupBody } }, required: true } },
-        responses: {
-            201: { content: { "application/json": { schema: z.object({ id: z.string() }) } }, description: "Group created" },
-            401: { content: { "application/json": { schema: ErrorResponse } }, description: "Unauthorized" },
-            403: { content: { "application/json": { schema: ErrorResponse } }, description: "Forbidden" },
-            409: { content: { "application/json": { schema: ErrorResponse } }, description: "Name already exists in scope" },
-            422: { content: { "application/json": { schema: ErrorResponse } }, description: "Validation error" },
-        },
-    }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-        const body = c.req.valid("json");
-        const result = await createGroup({
-            name: body.name,
-            displayName: body.displayName,
-            description: body.description,
-            roles: body.roles,
-            tenantId: body.tenantId ?? null,
-        });
-        return c.json(result, 201);
-    });
-    // ---------------------------------------------------------------------------
-    // GET /groups/:groupId — get group
-    // ---------------------------------------------------------------------------
-    router.openapi(withSecurity(createRoute({
-        method: "get",
-        path: "/groups/:groupId",
-        tags,
-        summary: "Get group",
-        request: { params: z.object({ groupId: z.string() }) },
-        responses: {
-            200: { content: { "application/json": { schema: GroupResponse } }, description: "Group" },
-            401: { content: { "application/json": { schema: ErrorResponse } }, description: "Unauthorized" },
-            403: { content: { "application/json": { schema: ErrorResponse } }, description: "Forbidden" },
-            404: { content: { "application/json": { schema: ErrorResponse } }, description: "Not found" },
-        },
-    }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-        const { groupId } = c.req.valid("param");
-        const group = await getGroup(groupId);
-        if (!group)
-            return c.json({ error: "Group not found" }, 404);
-        return c.json(group, 200);
-    });
-    // ---------------------------------------------------------------------------
-    // PATCH /groups/:groupId — update group
-    // ---------------------------------------------------------------------------
-    router.openapi(withSecurity(createRoute({
-        method: "patch",
-        path: "/groups/:groupId",
-        tags,
-        summary: "Update group",
-        request: {
-            params: z.object({ groupId: z.string() }),
-            body: { content: { "application/json": { schema: GroupUpdateBody } }, required: true },
-        },
-        responses: {
-            204: { description: "Updated" },
-            401: { content: { "application/json": { schema: ErrorResponse } }, description: "Unauthorized" },
-            403: { content: { "application/json": { schema: ErrorResponse } }, description: "Forbidden" },
-            404: { content: { "application/json": { schema: ErrorResponse } }, description: "Not found" },
-            409: { content: { "application/json": { schema: ErrorResponse } }, description: "Name conflict" },
-            422: { content: { "application/json": { schema: ErrorResponse } }, description: "Validation error" },
-        },
-    }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-        const { groupId } = c.req.valid("param");
-        const body = c.req.valid("json");
-        const group = await getGroup(groupId);
-        if (!group)
-            return c.json({ error: "Group not found" }, 404);
-        const updates = {};
-        if (body.name !== undefined)
-            updates.name = body.name;
-        if ("displayName" in body)
-            updates.displayName = body.displayName ?? undefined;
-        if ("description" in body)
-            updates.description = body.description ?? undefined;
-        if (body.roles !== undefined)
-            updates.roles = body.roles;
-        await updateGroup(groupId, updates);
-        return c.body(null, 204);
-    });
-    // ---------------------------------------------------------------------------
-    // DELETE /groups/:groupId — delete group
-    // ---------------------------------------------------------------------------
-    router.openapi(withSecurity(createRoute({
-        method: "delete",
-        path: "/groups/:groupId",
-        tags,
-        summary: "Delete group",
-        description: "Delete a group. All memberships are cascade-deleted.",
-        request: { params: z.object({ groupId: z.string() }) },
-        responses: {
-            204: { description: "Deleted" },
-            401: { content: { "application/json": { schema: ErrorResponse } }, description: "Unauthorized" },
-            403: { content: { "application/json": { schema: ErrorResponse } }, description: "Forbidden" },
-            404: { content: { "application/json": { schema: ErrorResponse } }, description: "Not found" },
-        },
-    }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-        const { groupId } = c.req.valid("param");
-        const group = await getGroup(groupId);
-        if (!group)
-            return c.json({ error: "Group not found" }, 404);
-        await deleteGroup(groupId);
-        return c.body(null, 204);
-    });
-    // ---------------------------------------------------------------------------
-    // GET /groups/:groupId/members — list members
-    // ---------------------------------------------------------------------------
-    router.openapi(withSecurity(createRoute({
-        method: "get",
-        path: "/groups/:groupId/members",
-        tags,
-        summary: "List group members",
-        request: {
-            params: z.object({ groupId: z.string() }),
-            query: z.object(PaginationParams),
-        },
-        responses: {
-            200: { content: { "application/json": { schema: PaginatedMembersResponse } }, description: "Members list" },
-            401: { content: { "application/json": { schema: ErrorResponse } }, description: "Unauthorized" },
-            403: { content: { "application/json": { schema: ErrorResponse } }, description: "Forbidden" },
-            404: { content: { "application/json": { schema: ErrorResponse } }, description: "Group not found" },
-        },
-    }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-        const { groupId } = c.req.valid("param");
-        const { limit, offset } = c.req.valid("query");
-        const group = await getGroup(groupId);
-        if (!group)
-            return c.json({ error: "Group not found" }, 404);
-        const result = await getGroupMembers(groupId, {
-            limit: limit ? Math.min(parseInt(limit, 10), 200) : 50,
-            offset: offset ? parseInt(offset, 10) : 0,
-        });
-        return c.json(result, 200);
-    });
-    // ---------------------------------------------------------------------------
-    // POST /groups/:groupId/members — add member
-    // ---------------------------------------------------------------------------
-    router.openapi(withSecurity(createRoute({
-        method: "post",
-        path: "/groups/:groupId/members",
-        tags,
-        summary: "Add group member",
-        request: {
-            params: z.object({ groupId: z.string() }),
-            body: { content: { "application/json": { schema: MemberBody } }, required: true },
-        },
-        responses: {
-            201: { description: "Member added" },
-            401: { content: { "application/json": { schema: ErrorResponse } }, description: "Unauthorized" },
-            403: { content: { "application/json": { schema: ErrorResponse } }, description: "Forbidden" },
-            404: { content: { "application/json": { schema: ErrorResponse } }, description: "Group not found" },
-            409: { content: { "application/json": { schema: ErrorResponse } }, description: "User already a member" },
-        },
-    }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-        const { groupId } = c.req.valid("param");
-        const body = c.req.valid("json");
-        try {
-            await addGroupMember(groupId, body.userId, body.roles);
-        }
-        catch (err) {
-            if (err instanceof HttpError) {
-                return c.json({ error: err.message }, err.status);
-            }
-            throw err;
-        }
-        return c.body(null, 201);
-    });
-    // ---------------------------------------------------------------------------
-    // PATCH /groups/:groupId/members/:userId — update member roles
-    // ---------------------------------------------------------------------------
-    router.openapi(withSecurity(createRoute({
-        method: "patch",
-        path: "/groups/:groupId/members/:userId",
-        tags,
-        summary: "Update member roles",
-        description: "Update the per-membership roles for an existing group member.",
-        request: {
-            params: z.object({ groupId: z.string(), userId: z.string() }),
-            body: { content: { "application/json": { schema: MemberRolesBody } }, required: true },
-        },
-        responses: {
-            204: { description: "Updated" },
-            401: { content: { "application/json": { schema: ErrorResponse } }, description: "Unauthorized" },
-            403: { content: { "application/json": { schema: ErrorResponse } }, description: "Forbidden" },
-        },
-    }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-        const { groupId, userId } = c.req.valid("param");
-        const { roles } = c.req.valid("json");
-        await updateGroupMembership(groupId, userId, roles);
-        return c.body(null, 204);
-    });
-    // ---------------------------------------------------------------------------
-    // DELETE /groups/:groupId/members/:userId — remove member
-    // ---------------------------------------------------------------------------
-    router.openapi(withSecurity(createRoute({
-        method: "delete",
-        path: "/groups/:groupId/members/:userId",
-        tags,
-        summary: "Remove group member",
-        request: { params: z.object({ groupId: z.string(), userId: z.string() }) },
-        responses: {
-            204: { description: "Removed" },
-            401: { content: { "application/json": { schema: ErrorResponse } }, description: "Unauthorized" },
-            403: { content: { "application/json": { schema: ErrorResponse } }, description: "Forbidden" },
-        },
-    }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-        const { groupId, userId } = c.req.valid("param");
-        await removeGroupMember(groupId, userId);
-        return c.body(null, 204);
-    });
-    // ---------------------------------------------------------------------------
-    // GET /users/:userId/groups — list user's groups
-    // ---------------------------------------------------------------------------
-    router.openapi(withSecurity(createRoute({
-        method: "get",
-        path: "/users/:userId/groups",
-        tags,
-        summary: "List user's groups",
-        description: "List groups a user belongs to. Scoped to tenant context when present, app-wide otherwise.",
-        request: { params: z.object({ userId: z.string() }) },
-        responses: {
-            200: { content: { "application/json": { schema: z.array(UserGroupEntry) } }, description: "User's groups" },
-            401: { content: { "application/json": { schema: ErrorResponse } }, description: "Unauthorized" },
-            403: { content: { "application/json": { schema: ErrorResponse } }, description: "Forbidden" },
-        },
-    }), { cookieAuth: [] }, { userToken: [] }), async (c) => {
-        const { userId } = c.req.valid("param");
-        const tenantId = c.get("tenantId") ?? null;
-        const groups = await getUserGroups(userId, tenantId);
-        return c.json(groups, 200);
-    });
-    return router;
-};

package/dist/routes/health.d.ts

@@ -1 +0,0 @@
-export declare const router: import("@hono/zod-openapi").OpenAPIHono<import("../lib/context").AppEnv, {}, "/">;

package/dist/routes/health.js

@@ -1,22 +0,0 @@
-import { createRoute } from "@hono/zod-openapi";
-import { z } from "zod";
-import { createRouter } from "../lib/context";
-export const router = createRouter();
-router.openapi(createRoute({
-    method: "get",
-    path: "/health",
-    tags: ["Core"],
-    responses: {
-        200: {
-            content: {
-                "application/json": {
-                    schema: z.object({
-                        status: z.enum(["ok"]),
-                        timestamp: z.string(),
-                    }),
-                },
-            },
-            description: "Service health check",
-        },
-    },
-}), (c) => c.json({ status: "ok", timestamp: new Date().toISOString() }));

package/dist/routes/home.d.ts

@@ -1 +0,0 @@
-export declare const router: import("@hono/zod-openapi").OpenAPIHono<import("../lib/context").AppEnv, {}, "/">;

package/dist/routes/home.js

@@ -1,16 +0,0 @@
-import { createRoute } from "@hono/zod-openapi";
-import { z } from "zod";
-import { getAppName } from "../lib/appConfig";
-import { createRouter } from "../lib/context";
-export const router = createRouter();
-router.openapi(createRoute({
-    method: "get",
-    path: "/",
-    tags: ["Core"],
-    responses: {
-        200: {
-            content: { "application/json": { schema: z.object({ message: z.string() }) } },
-            description: "API is running",
-        },
-    },
-}), (c) => c.json({ message: `${getAppName()} is running` }));

package/dist/routes/jobs.d.ts

@@ -1,2 +0,0 @@
-import type { JobsConfig } from "../app";
-export declare const createJobsRouter: (config: JobsConfig) => import("@hono/zod-openapi").OpenAPIHono<import("../lib/context").AppEnv, {}, "/">;

package/dist/routes/m2m.d.ts

@@ -1,2 +0,0 @@
-import { Hono } from "hono";
-export declare function createM2MRouter(): Hono<import("hono/types").BlankEnv, import("hono/types").BlankSchema, "/">;

package/dist/routes/m2m.js

@@ -1,72 +0,0 @@
-import { Hono } from "hono";
-import { getAuthAdapter } from "../lib/authAdapter";
-import { signToken } from "../lib/jwt";
-import { HttpError } from "../lib/HttpError";
-import { getM2MTokenExpiry } from "../lib/appConfig";
-export function createM2MRouter() {
-    const router = new Hono();
-    /**
-     * POST /oauth/token
-     * OAuth 2.0 client_credentials grant
-     */
-    router.post("/oauth/token", async (c) => {
-        let body;
-        const contentType = c.req.header("content-type") ?? "";
-        if (contentType.includes("application/x-www-form-urlencoded")) {
-            const text = await c.req.text();
-            const params = new URLSearchParams(text);
-            body = {
-                grant_type: params.get("grant_type") ?? undefined,
-                client_id: params.get("client_id") ?? undefined,
-                client_secret: params.get("client_secret") ?? undefined,
-                scope: params.get("scope") ?? undefined,
-            };
-        }
-        else {
-            try {
-                body = await c.req.json();
-            }
-            catch {
-                throw new HttpError(400, "Invalid request body");
-            }
-        }
-        if (body.grant_type !== "client_credentials") {
-            throw new HttpError(400, "Unsupported grant type", "UNSUPPORTED_GRANT_TYPE");
-        }
-        const { client_id: clientId, client_secret: clientSecret } = body;
-        if (!clientId || !clientSecret) {
-            throw new HttpError(400, "client_id and client_secret are required");
-        }
-        const adapter = getAuthAdapter();
-        if (!adapter.getM2MClient) {
-            throw new HttpError(501, "M2M client credentials not supported by auth adapter");
-        }
-        const client = await adapter.getM2MClient(clientId);
-        if (!client) {
-            throw new HttpError(401, "Invalid client credentials");
-        }
-        const secretValid = await Bun.password.verify(clientSecret, client.clientSecretHash);
-        if (!secretValid) {
-            throw new HttpError(401, "Invalid client credentials");
-        }
-        // Validate requested scopes against client's allowed scopes
-        let grantedScopes = client.scopes;
-        if (body.scope) {
-            const requested = body.scope.split(" ");
-            const invalid = requested.filter((s) => !client.scopes.includes(s));
-            if (invalid.length > 0) {
-                throw new HttpError(400, `Scope not allowed: ${invalid.join(", ")}`, "INVALID_SCOPE");
-            }
-            grantedScopes = requested;
-        }
-        const expiry = getM2MTokenExpiry();
-        const token = await signToken({ sub: clientId, scope: grantedScopes.join(" ") }, expiry);
-        return c.json({
-            access_token: token,
-            token_type: "Bearer",
-            expires_in: expiry,
-            scope: grantedScopes.join(" "),
-        });
-    });
-    return router;
-}

package/dist/routes/metrics.d.ts

@@ -1,8 +0,0 @@
-import type { MiddlewareHandler } from "hono";
-import type { AppEnv } from "../lib/context";
-export interface MetricsRouteConfig {
-    auth?: "userAuth" | "none" | MiddlewareHandler<AppEnv>[];
-    queues?: string[];
-    unsafePublic?: boolean;
-}
-export declare const createMetricsRouter: (config: MetricsRouteConfig) => import("@hono/zod-openapi").OpenAPIHono<AppEnv, {}, "/">;

package/dist/routes/metrics.js

@@ -1,55 +0,0 @@
-import { createRouter } from "../lib/context";
-import { serializeMetrics, registerGaugeCallback, setMetricsQueues } from "../lib/metrics";
-import { userAuth } from "../middleware/userAuth";
-export const createMetricsRouter = (config) => {
-    const router = createRouter();
-    const authConfig = config.auth ?? "none";
-    if (process.env.NODE_ENV === "production" && authConfig === "none" && !config.unsafePublic) {
-        throw new Error("[security] metrics.auth is required in production. Set metrics.auth or set unsafePublic: true.");
-    }
-    // Apply auth middleware
-    if (authConfig === "userAuth") {
-        router.use("/metrics", userAuth);
-    }
-    else if (Array.isArray(authConfig)) {
-        for (const mw of authConfig) {
-            router.use("/metrics", mw);
-        }
-    }
-    // Register BullMQ queue depth gauges if configured
-    if (config.queues?.length) {
-        const queueNames = config.queues;
-        const cachedQueues = new Map();
-        setMetricsQueues(cachedQueues);
-        registerGaugeCallback("bullmq_queue_depth", async () => {
-            const { createQueue } = await import("../lib/queue");
-            const results = [];
-            for (const name of queueNames) {
-                let queue = cachedQueues.get(name);
-                try {
-                    if (!queue) {
-                        queue = createQueue(name);
-                        cachedQueues.set(name, queue);
-                    }
-                    const counts = await queue.getJobCounts("waiting", "active", "delayed", "failed");
-                    for (const [state, count] of Object.entries(counts)) {
-                        results.push({ labels: { queue: name, state }, value: count });
-                    }
-                }
-                catch {
-                    // Discard cached instance on error so it's recreated next scrape
-                    cachedQueues.delete(name);
-                }
-            }
-            return results;
-        });
-    }
-    // Plain GET /metrics (not OpenAPI — infrastructure endpoint)
-    router.get("/metrics", async (c) => {
-        const body = await serializeMetrics();
-        return c.body(body, 200, {
-            "Content-Type": "text/plain; version=0.0.4; charset=utf-8",
-        });
-    });
-    return router;
-};

package/dist/routes/mfa.d.ts

@@ -1,5 +0,0 @@
-import type { AuthRateLimitConfig } from "../app";
-export interface MfaRouterOptions {
-    rateLimit?: AuthRateLimitConfig;
-}
-export declare const createMfaRouter: ({ rateLimit }?: MfaRouterOptions) => import("@hono/zod-openapi").OpenAPIHono<import("../lib/context").AppEnv, {}, "/">;