npm - @lastshotlabs/bunshot - Versions diffs - 0.0.27 → 0.1.0 - Mend

@lastshotlabs/bunshot 0.0.27 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (742) hide show

package/.oclif.manifest.json +39 -0
package/README.md +8282 -2147
package/dist/cli/commands/init.js +690 -0
package/dist/cli/index.js +6 -0
package/dist/cli.js +4 -4
package/dist/packages/bunshot-admin/src/index.d.ts +15 -0
package/dist/packages/bunshot-admin/src/index.js +11 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.d.ts +8 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.js +33 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.d.ts +14 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.js +17 -0
package/dist/packages/bunshot-admin/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-admin/src/plugin.js +46 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.d.ts +6 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.js +32 -0
package/dist/packages/bunshot-admin/src/routes/admin.d.ts +10 -0
package/dist/packages/bunshot-admin/src/routes/admin.js +923 -0
package/dist/packages/bunshot-admin/src/routes/mail.d.ts +6 -0
package/dist/packages/bunshot-admin/src/routes/mail.js +114 -0
package/dist/packages/bunshot-admin/src/routes/permissions.d.ts +8 -0
package/dist/packages/bunshot-admin/src/routes/permissions.js +315 -0
package/dist/packages/bunshot-admin/src/types/config.d.ts +16 -0
package/dist/packages/bunshot-admin/src/types/config.js +37 -0
package/dist/packages/bunshot-admin/src/types/env.d.ts +14 -0
package/dist/packages/bunshot-admin/src/types/provider.d.ts +1 -0
package/dist/packages/bunshot-admin/src/types/provider.js +4 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.d.ts +66 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.js +1063 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.d.ts +2 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.js +536 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.d.ts +88 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.js +1366 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.d.ts +2 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.js +23 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.d.ts +5 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.js +131 -0
package/dist/packages/bunshot-auth/src/bootstrap.d.ts +38 -0
package/dist/packages/bunshot-auth/src/bootstrap.js +384 -0
package/dist/packages/bunshot-auth/src/config/appConfig.d.ts +3 -0
package/dist/packages/bunshot-auth/src/config/appConfig.js +4 -0
package/dist/packages/bunshot-auth/src/config/authConfig.d.ts +478 -0
package/dist/packages/bunshot-auth/src/config/authConfig.js +46 -0
package/dist/packages/bunshot-auth/src/config/configLock.d.ts +2 -0
package/dist/packages/bunshot-auth/src/config/configLock.js +10 -0
package/dist/packages/bunshot-auth/src/index.d.ts +25 -0
package/dist/packages/bunshot-auth/src/index.js +23 -0
package/dist/packages/bunshot-auth/src/infra/mongo.d.ts +15 -0
package/dist/packages/bunshot-auth/src/infra/mongo.js +44 -0
package/dist/packages/bunshot-auth/src/infra/queue.d.ts +14 -0
package/dist/packages/bunshot-auth/src/infra/queue.js +27 -0
package/dist/packages/bunshot-auth/src/infra/redis.d.ts +5 -0
package/dist/packages/bunshot-auth/src/infra/redis.js +15 -0
package/dist/packages/bunshot-auth/src/infra/signing.d.ts +7 -0
package/dist/packages/bunshot-auth/src/infra/signing.js +8 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.d.ts +34 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.js +244 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authContext.d.ts +15 -0
package/dist/packages/bunshot-auth/src/lib/authContext.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.d.ts +4 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.js +15 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.js +205 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/breachedPassword.d.ts +8 -2
package/dist/{lib → packages/bunshot-auth/src/lib}/breachedPassword.js +22 -9
package/dist/packages/bunshot-auth/src/lib/cache.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/cache.js +120 -0
package/dist/packages/bunshot-auth/src/lib/clientIp.d.ts +4 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/clientIp.js +14 -7
package/dist/packages/bunshot-auth/src/lib/cookieOptions.d.ts +27 -0
package/dist/packages/bunshot-auth/src/lib/cookieOptions.js +33 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.d.ts +40 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.js +211 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.js +148 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.d.ts +23 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.js +265 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.d.ts +30 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.js +200 -0
package/dist/packages/bunshot-auth/src/lib/env.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/env.js +3 -0
package/dist/packages/bunshot-auth/src/lib/fingerprint.js +36 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.d.ts +15 -16
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.js +22 -34
package/dist/packages/bunshot-auth/src/lib/jwks.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/jwks.js +79 -0
package/dist/packages/bunshot-auth/src/lib/jwt.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/jwt.js +86 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/logger.js +3 -3
package/dist/{lib → packages/bunshot-auth/src/lib}/m2m.d.ts +5 -4
package/dist/{lib → packages/bunshot-auth/src/lib}/m2m.js +6 -10
package/dist/packages/bunshot-auth/src/lib/magicLink.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/magicLink.js +145 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.d.ts +60 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.js +419 -0
package/dist/packages/bunshot-auth/src/lib/oauth.d.ts +82 -0
package/dist/packages/bunshot-auth/src/lib/oauth.js +177 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.js +182 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.js +255 -0
package/dist/packages/bunshot-auth/src/lib/organization.d.ts +66 -0
package/dist/packages/bunshot-auth/src/lib/organization.js +225 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.js +31 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.d.ts +20 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.js +148 -0
package/dist/packages/bunshot-auth/src/lib/roles.d.ts +9 -0
package/dist/packages/bunshot-auth/src/lib/roles.js +93 -0
package/dist/packages/bunshot-auth/src/lib/saml.d.ts +29 -0
package/dist/packages/bunshot-auth/src/lib/saml.js +73 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.js +129 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/scim.d.ts +7 -7
package/dist/{lib → packages/bunshot-auth/src/lib}/scim.js +15 -13
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.d.ts +22 -0
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.js +65 -0
package/dist/packages/bunshot-auth/src/lib/session.d.ts +45 -0
package/dist/packages/bunshot-auth/src/lib/session.js +1211 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.d.ts +26 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.js +18 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/suspension.d.ts +3 -2
package/dist/{lib → packages/bunshot-auth/src/lib}/suspension.js +2 -5
package/dist/packages/bunshot-auth/src/lib/validateAdapter.d.ts +16 -0
package/dist/packages/bunshot-auth/src/lib/validateAdapter.js +161 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.js +58 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/csrf.d.ts +5 -4
package/dist/packages/bunshot-auth/src/middleware/csrf.js +138 -0
package/dist/packages/bunshot-auth/src/middleware/identify.d.ts +4 -0
package/dist/packages/bunshot-auth/src/middleware/identify.js +124 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.js +10 -8
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.js +20 -16
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireScope.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireScope.js +6 -6
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireStepUp.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireStepUp.js +8 -7
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.js +7 -6
package/dist/packages/bunshot-auth/src/middleware/scimAuth.d.ts +8 -0
package/dist/packages/bunshot-auth/src/middleware/scimAuth.js +29 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.js +6 -0
package/dist/{models → packages/bunshot-auth/src/models}/AuthUser.d.ts +12 -8
package/dist/packages/bunshot-auth/src/models/AuthUser.js +53 -0
package/dist/packages/bunshot-auth/src/models/Group.d.ts +19 -0
package/dist/packages/bunshot-auth/src/models/Group.js +22 -0
package/dist/{models → packages/bunshot-auth/src/models}/GroupMembership.d.ts +6 -8
package/dist/packages/bunshot-auth/src/models/GroupMembership.js +19 -0
package/dist/{models → packages/bunshot-auth/src/models}/M2MClient.d.ts +1 -1
package/dist/{models → packages/bunshot-auth/src/models}/M2MClient.js +5 -5
package/dist/packages/bunshot-auth/src/models/TenantRole.d.ts +13 -0
package/dist/packages/bunshot-auth/src/models/TenantRole.js +17 -0
package/dist/packages/bunshot-auth/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-auth/src/plugin.js +277 -0
package/dist/packages/bunshot-auth/src/routes/auth.d.ts +15 -0
package/dist/packages/bunshot-auth/src/routes/auth.js +1624 -0
package/dist/packages/bunshot-auth/src/routes/groups.d.ts +4 -0
package/dist/packages/bunshot-auth/src/routes/groups.js +481 -0
package/dist/packages/bunshot-auth/src/routes/m2m.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/m2m.js +145 -0
package/dist/packages/bunshot-auth/src/routes/mfa.d.ts +6 -0
package/dist/packages/bunshot-auth/src/routes/mfa.js +991 -0
package/dist/packages/bunshot-auth/src/routes/oauth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/oauth.js +1727 -0
package/dist/packages/bunshot-auth/src/routes/oidc.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/oidc.js +84 -0
package/dist/packages/bunshot-auth/src/routes/organizations.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/organizations.js +741 -0
package/dist/packages/bunshot-auth/src/routes/passkey.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/passkey.js +199 -0
package/dist/packages/bunshot-auth/src/routes/saml.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/saml.js +226 -0
package/dist/packages/bunshot-auth/src/routes/scim.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/scim.js +588 -0
package/dist/packages/bunshot-auth/src/runtime.d.ts +52 -0
package/dist/packages/bunshot-auth/src/runtime.js +11 -0
package/dist/{schemas → packages/bunshot-auth/src/schemas}/auth.d.ts +4 -5
package/dist/packages/bunshot-auth/src/schemas/auth.js +24 -0
package/dist/packages/bunshot-auth/src/schemas/error.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/error.js +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.js +10 -0
package/dist/packages/bunshot-auth/src/services/auth.d.ts +39 -0
package/dist/packages/bunshot-auth/src/services/auth.js +378 -0
package/dist/{services → packages/bunshot-auth/src/services}/mfa.d.ts +41 -17
package/dist/{services → packages/bunshot-auth/src/services}/mfa.js +259 -183
package/dist/packages/bunshot-auth/src/testing.d.ts +31 -0
package/dist/packages/bunshot-auth/src/testing.js +23 -0
package/dist/packages/bunshot-auth/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/adapter.js +1 -0
package/dist/packages/bunshot-auth/src/types/config.d.ts +152 -0
package/dist/packages/bunshot-auth/src/types/config.js +179 -0
package/dist/{routes → packages/bunshot-auth/src/types}/groups.d.ts +2 -3
package/dist/packages/bunshot-auth/src/types/groups.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.d.ts +6 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.js +1 -0
package/dist/packages/bunshot-auth/src/types/redis.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/redis.js +1 -0
package/dist/packages/bunshot-auth/src/types/saml.d.ts +10 -0
package/dist/packages/bunshot-auth/src/types/saml.js +1 -0
package/dist/packages/bunshot-auth/src/types/session.d.ts +18 -0
package/dist/packages/bunshot-auth/src/types/session.js +1 -0
package/dist/packages/bunshot-auth/src/types/store.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/store.js +1 -0
package/dist/packages/bunshot-core/src/adminProvider.d.ts +95 -0
package/dist/packages/bunshot-core/src/adminProvider.js +1 -0
package/dist/packages/bunshot-core/src/auditLog.d.ts +34 -0
package/dist/packages/bunshot-core/src/auditLog.js +1 -0
package/dist/packages/bunshot-core/src/auth-adapter.d.ts +227 -0
package/dist/packages/bunshot-core/src/auth-adapter.js +4 -0
package/dist/packages/bunshot-core/src/authVariables.d.ts +14 -0
package/dist/packages/bunshot-core/src/authVariables.js +4 -0
package/dist/packages/bunshot-core/src/cache.d.ts +12 -0
package/dist/packages/bunshot-core/src/cache.js +21 -0
package/dist/{lib → packages/bunshot-core/src}/captcha.d.ts +1 -10
package/dist/packages/bunshot-core/src/captcha.js +1 -0
package/dist/packages/bunshot-core/src/clearRegistry.d.ts +6 -0
package/dist/packages/bunshot-core/src/clearRegistry.js +17 -0
package/dist/packages/bunshot-core/src/clientIp.d.ts +3 -0
package/dist/packages/bunshot-core/src/clientIp.js +45 -0
package/dist/packages/bunshot-core/src/configLock.d.ts +4 -0
package/dist/packages/bunshot-core/src/configLock.js +7 -0
package/dist/packages/bunshot-core/src/configValidation.d.ts +22 -0
package/dist/packages/bunshot-core/src/configValidation.js +39 -0
package/dist/packages/bunshot-core/src/constants.js +10 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.d.ts +232 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.js +1 -0
package/dist/packages/bunshot-core/src/context/contextAccess.d.ts +3 -0
package/dist/packages/bunshot-core/src/context/contextAccess.js +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.d.ts +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.js +31 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.d.ts +38 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.js +1 -0
package/dist/packages/bunshot-core/src/context/index.d.ts +4 -0
package/dist/packages/bunshot-core/src/context/index.js +2 -0
package/dist/packages/bunshot-core/src/context.d.ts +40 -0
package/dist/packages/bunshot-core/src/context.js +35 -0
package/dist/packages/bunshot-core/src/coreContracts.d.ts +47 -0
package/dist/packages/bunshot-core/src/coreContracts.js +1 -0
package/dist/packages/bunshot-core/src/coreRegistrar.d.ts +6 -0
package/dist/packages/bunshot-core/src/coreRegistrar.js +42 -0
package/dist/{lib → packages/bunshot-core/src}/createRoute.d.ts +4 -30
package/dist/{lib → packages/bunshot-core/src}/createRoute.js +39 -88
package/dist/packages/bunshot-core/src/cronRegistry.d.ts +11 -0
package/dist/packages/bunshot-core/src/cronRegistry.js +1 -0
package/dist/packages/bunshot-core/src/crypto.d.ts +43 -0
package/dist/packages/bunshot-core/src/crypto.js +74 -0
package/dist/packages/bunshot-core/src/csrf.d.ts +8 -0
package/dist/packages/bunshot-core/src/csrf.js +1 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.d.ts +7 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.js +19 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.js +40 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.js +24 -0
package/dist/packages/bunshot-core/src/emailTemplates.d.ts +5 -0
package/dist/packages/bunshot-core/src/emailTemplates.js +10 -0
package/dist/{lib/HttpError.d.ts → packages/bunshot-core/src/errors.d.ts} +4 -1
package/dist/{lib/HttpError.js → packages/bunshot-core/src/errors.js} +7 -1
package/dist/packages/bunshot-core/src/eventBus.d.ts +270 -0
package/dist/packages/bunshot-core/src/eventBus.js +143 -0
package/dist/packages/bunshot-core/src/idempotency.d.ts +18 -0
package/dist/packages/bunshot-core/src/idempotency.js +1 -0
package/dist/packages/bunshot-core/src/index.d.ts +60 -0
package/dist/packages/bunshot-core/src/index.js +34 -0
package/dist/packages/bunshot-core/src/mail.d.ts +14 -0
package/dist/packages/bunshot-core/src/mail.js +8 -0
package/dist/packages/bunshot-core/src/memoryEviction.d.ts +24 -0
package/dist/packages/bunshot-core/src/memoryEviction.js +52 -0
package/dist/packages/bunshot-core/src/pagination.d.ts +45 -0
package/dist/packages/bunshot-core/src/pagination.js +61 -0
package/dist/packages/bunshot-core/src/permissions.d.ts +64 -0
package/dist/packages/bunshot-core/src/permissions.js +27 -0
package/dist/packages/bunshot-core/src/plugin.d.ts +44 -0
package/dist/packages/bunshot-core/src/plugin.js +1 -0
package/dist/packages/bunshot-core/src/rateLimit.d.ts +5 -0
package/dist/packages/bunshot-core/src/rateLimit.js +18 -0
package/dist/packages/bunshot-core/src/redis.d.ts +21 -0
package/dist/packages/bunshot-core/src/redis.js +1 -0
package/dist/packages/bunshot-core/src/routeAuth.d.ts +5 -0
package/dist/packages/bunshot-core/src/routeAuth.js +11 -0
package/dist/packages/bunshot-core/src/routeOverrides.d.ts +24 -0
package/dist/packages/bunshot-core/src/routeOverrides.js +25 -0
package/dist/packages/bunshot-core/src/routerAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/routerAdapter.js +56 -0
package/dist/packages/bunshot-core/src/secrets.d.ts +48 -0
package/dist/packages/bunshot-core/src/secrets.js +8 -0
package/dist/packages/bunshot-core/src/signing.d.ts +41 -0
package/dist/packages/bunshot-core/src/signing.js +1 -0
package/dist/packages/bunshot-core/src/sse.d.ts +36 -0
package/dist/packages/bunshot-core/src/sse.js +1 -0
package/dist/packages/bunshot-core/src/storageAdapter.js +1 -0
package/dist/packages/bunshot-core/src/storeInfra.d.ts +44 -0
package/dist/packages/bunshot-core/src/storeInfra.js +18 -0
package/dist/packages/bunshot-core/src/storeType.d.ts +7 -0
package/dist/packages/bunshot-core/src/storeType.js +1 -0
package/dist/packages/bunshot-core/src/testing.d.ts +1 -0
package/dist/packages/bunshot-core/src/testing.js +1 -0
package/dist/packages/bunshot-core/src/uploadRegistry.d.ts +23 -0
package/dist/packages/bunshot-core/src/uploadRegistry.js +4 -0
package/dist/packages/bunshot-core/src/userResolver.d.ts +5 -0
package/dist/packages/bunshot-core/src/userResolver.js +14 -0
package/dist/packages/bunshot-core/src/wsMessages.d.ts +42 -0
package/dist/packages/bunshot-core/src/wsMessages.js +4 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.js +73 -0
package/dist/packages/bunshot-permissions/src/index.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/index.js +5 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.js +12 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.js +165 -0
package/dist/packages/bunshot-permissions/src/lib/registry.d.ts +2 -0
package/dist/packages/bunshot-permissions/src/lib/registry.js +31 -0
package/dist/packages/bunshot-permissions/src/lib/validation.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/lib/validation.js +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.js +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.js +1 -0
package/dist/packages/bunshot-permissions/src/types/models.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/models.js +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.js +1 -0
package/dist/packages/bunshot-postgres/src/adapter.d.ts +6 -0
package/dist/packages/bunshot-postgres/src/adapter.js +794 -0
package/dist/packages/bunshot-postgres/src/connection.d.ts +15 -0
package/dist/packages/bunshot-postgres/src/connection.js +16 -0
package/dist/packages/bunshot-postgres/src/index.d.ts +4 -0
package/dist/packages/bunshot-postgres/src/index.js +2 -0
package/dist/packages/bunshot-postgres/src/schema.d.ts +997 -0
package/dist/packages/bunshot-postgres/src/schema.js +105 -0
package/dist/src/app.d.ts +230 -0
package/dist/src/app.js +182 -0
package/dist/src/cli/commands/init.d.ts +10 -0
package/dist/src/cli/commands/init.js +709 -0
package/dist/src/cli/index.d.ts +1 -0
package/dist/src/cli/index.js +3 -0
package/dist/src/entrypoints/mongo.d.ts +6 -0
package/dist/src/entrypoints/mongo.js +4 -0
package/dist/src/entrypoints/queue.d.ts +2 -0
package/dist/src/entrypoints/queue.js +1 -0
package/dist/src/entrypoints/redis.d.ts +1 -0
package/dist/src/entrypoints/redis.js +1 -0
package/dist/{adapters → src/framework/adapters}/localStorage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/localStorage.js +10 -10
package/dist/src/framework/adapters/memoryStorage.d.ts +2 -0
package/dist/src/framework/adapters/memoryStorage.js +45 -0
package/dist/{adapters → src/framework/adapters}/s3Storage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/s3Storage.js +12 -12
package/dist/src/framework/admin/bunshotAccess.d.ts +2 -0
package/dist/src/framework/admin/bunshotAccess.js +23 -0
package/dist/src/framework/admin/bunshotUsers.d.ts +2 -0
package/dist/src/framework/admin/bunshotUsers.js +103 -0
package/dist/src/framework/admin/index.d.ts +7 -0
package/dist/src/framework/admin/index.js +21 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.d.ts +13 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.js +86 -0
package/dist/src/framework/boundaryAdapters/index.d.ts +2 -0
package/dist/src/framework/boundaryAdapters/index.js +1 -0
package/dist/src/framework/boundaryAdapters.d.ts +17 -0
package/dist/src/framework/boundaryAdapters.js +62 -0
package/dist/src/framework/buildContext.d.ts +33 -0
package/dist/src/framework/buildContext.js +119 -0
package/dist/src/framework/config/schema.d.ts +447 -0
package/dist/src/framework/config/schema.js +528 -0
package/dist/src/framework/createInfrastructure.d.ts +76 -0
package/dist/src/framework/createInfrastructure.js +221 -0
package/dist/src/framework/lib/auditLog.d.ts +23 -0
package/dist/src/framework/lib/auditLog.js +416 -0
package/dist/src/framework/lib/captcha.d.ts +11 -0
package/dist/{lib → src/framework/lib}/captcha.js +13 -10
package/dist/{lib → src/framework/lib}/createDtoMapper.js +4 -4
package/dist/src/framework/lib/createRoute.d.ts +1 -0
package/dist/src/framework/lib/createRoute.js +2 -0
package/dist/{lib → src/framework/lib}/idempotency.d.ts +2 -6
package/dist/src/framework/lib/idempotency.js +74 -0
package/dist/src/framework/lib/logger.d.ts +3 -0
package/dist/src/framework/lib/logger.js +14 -0
package/dist/src/framework/lib/metrics.d.ts +34 -0
package/dist/{lib → src/framework/lib}/metrics.js +49 -57
package/dist/src/framework/lib/pagination.d.ts +42 -0
package/dist/src/framework/lib/pagination.js +51 -0
package/dist/src/framework/lib/redisTransport.d.ts +38 -0
package/dist/src/framework/lib/redisTransport.js +107 -0
package/dist/src/framework/lib/resolveUserId.d.ts +2 -0
package/dist/src/framework/lib/resolveUserId.js +5 -0
package/dist/src/framework/lib/sseCollision.d.ts +6 -0
package/dist/src/framework/lib/sseCollision.js +26 -0
package/dist/src/framework/lib/storageAdapter.d.ts +1 -0
package/dist/src/framework/lib/storageAdapter.js +1 -0
package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.js +4 -4
package/dist/src/framework/lib/tenant.d.ts +21 -0
package/dist/src/framework/lib/tenant.js +70 -0
package/dist/{lib → src/framework/lib}/upload.d.ts +11 -10
package/dist/src/framework/lib/upload.js +132 -0
package/dist/src/framework/lib/uploadRegistry.d.ts +23 -0
package/dist/src/framework/lib/uploadRegistry.js +34 -0
package/dist/{lib → src/framework/lib}/validate.d.ts +1 -1
package/dist/{lib → src/framework/lib}/validate.js +2 -2
package/dist/src/framework/lib/ws.d.ts +19 -0
package/dist/src/framework/lib/ws.js +130 -0
package/dist/src/framework/lib/wsHeartbeat.d.ts +12 -0
package/dist/src/framework/lib/wsHeartbeat.js +53 -0
package/dist/src/framework/lib/wsMessages.d.ts +25 -0
package/dist/src/framework/lib/wsMessages.js +45 -0
package/dist/src/framework/lib/wsNamespace.d.ts +17 -0
package/dist/src/framework/lib/wsNamespace.js +19 -0
package/dist/src/framework/lib/wsPresence.d.ts +17 -0
package/dist/src/framework/lib/wsPresence.js +84 -0
package/dist/src/framework/lib/wsTransport.d.ts +38 -0
package/dist/src/framework/lib/wsTransport.js +9 -0
package/dist/{lib → src/framework/lib}/zodToMongoose.d.ts +1 -1
package/dist/{lib → src/framework/lib}/zodToMongoose.js +11 -11
package/dist/{middleware → src/framework/middleware}/auditLog.d.ts +4 -3
package/dist/src/framework/middleware/auditLog.js +42 -0
package/dist/{middleware → src/framework/middleware}/botProtection.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/botProtection.js +8 -9
package/dist/src/framework/middleware/cacheResponse.d.ts +35 -0
package/dist/src/framework/middleware/cacheResponse.js +126 -0
package/dist/{middleware → src/framework/middleware}/captcha.d.ts +2 -3
package/dist/src/framework/middleware/captcha.js +37 -0
package/dist/{middleware → src/framework/middleware}/errorHandler.d.ts +1 -1
package/dist/{middleware → src/framework/middleware}/errorHandler.js +2 -2
package/dist/src/framework/middleware/index.js +1 -0
package/dist/{middleware → src/framework/middleware}/logger.d.ts +1 -1
package/dist/src/framework/middleware/metrics.d.ts +12 -0
package/dist/src/framework/middleware/metrics.js +26 -0
package/dist/{middleware → src/framework/middleware}/rateLimit.d.ts +2 -2
package/dist/src/framework/middleware/rateLimit.js +22 -0
package/dist/src/framework/middleware/requestId.d.ts +3 -0
package/dist/{middleware → src/framework/middleware}/requestId.js +2 -2
package/dist/{middleware → src/framework/middleware}/requestLogger.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/requestLogger.js +17 -12
package/dist/{middleware → src/framework/middleware}/requestSigning.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/requestSigning.js +18 -20
package/dist/src/framework/middleware/tenant.d.ts +14 -0
package/dist/{middleware → src/framework/middleware}/tenant.js +31 -27
package/dist/src/framework/middleware/upload.d.ts +5 -0
package/dist/{middleware → src/framework/middleware}/upload.js +4 -4
package/dist/{middleware → src/framework/middleware}/webhookAuth.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/webhookAuth.js +11 -12
package/dist/src/framework/models/AuditLog.d.ts +21 -0
package/dist/src/framework/models/AuditLog.js +31 -0
package/dist/src/framework/mountMiddleware.d.ts +91 -0
package/dist/src/framework/mountMiddleware.js +128 -0
package/dist/src/framework/mountOptionalEndpoints.d.ts +103 -0
package/dist/src/framework/mountOptionalEndpoints.js +64 -0
package/dist/src/framework/mountRoutes.d.ts +21 -0
package/dist/src/framework/mountRoutes.js +144 -0
package/dist/src/framework/persistence/cronRegistry.d.ts +28 -0
package/dist/src/framework/persistence/cronRegistry.js +139 -0
package/dist/src/framework/persistence/idempotency.d.ts +26 -0
package/dist/src/framework/persistence/idempotency.js +178 -0
package/dist/src/framework/persistence/index.d.ts +6 -0
package/dist/src/framework/persistence/index.js +8 -0
package/dist/src/framework/persistence/storeInfra.d.ts +9 -0
package/dist/src/framework/persistence/storeInfra.js +1 -0
package/dist/src/framework/persistence/uploadRegistry.d.ts +35 -0
package/dist/src/framework/persistence/uploadRegistry.js +235 -0
package/dist/src/framework/persistence/wsMessages.d.ts +22 -0
package/dist/src/framework/persistence/wsMessages.js +296 -0
package/dist/src/framework/preloadSchemas.d.ts +24 -0
package/dist/src/framework/preloadSchemas.js +42 -0
package/dist/src/framework/registerBoundaryAdapters.d.ts +23 -0
package/dist/src/framework/registerBoundaryAdapters.js +46 -0
package/dist/src/framework/routes/admin.d.ts +9 -0
package/dist/src/framework/routes/admin.js +361 -0
package/dist/src/framework/routes/health.d.ts +1 -0
package/dist/src/framework/routes/health.js +21 -0
package/dist/src/framework/routes/home.d.ts +1 -0
package/dist/src/framework/routes/home.js +18 -0
package/dist/src/framework/routes/jobs.d.ts +3 -0
package/dist/{routes → src/framework/routes}/jobs.js +128 -103
package/dist/src/framework/routes/metrics.d.ts +10 -0
package/dist/src/framework/routes/metrics.js +57 -0
package/dist/{routes → src/framework/routes}/uploads.d.ts +3 -3
package/dist/src/framework/routes/uploads.js +262 -0
package/dist/src/framework/runPluginLifecycle.d.ts +27 -0
package/dist/src/framework/runPluginLifecycle.js +121 -0
package/dist/src/framework/secrets/frameworkSecretSchema.d.ts +58 -0
package/dist/src/framework/secrets/frameworkSecretSchema.js +20 -0
package/dist/src/framework/secrets/index.d.ts +9 -0
package/dist/src/framework/secrets/index.js +7 -0
package/dist/src/framework/secrets/providers/envProvider.d.ts +15 -0
package/dist/src/framework/secrets/providers/envProvider.js +18 -0
package/dist/src/framework/secrets/providers/fileProvider.d.ts +8 -0
package/dist/src/framework/secrets/providers/fileProvider.js +82 -0
package/dist/src/framework/secrets/providers/ssmProvider.d.ts +20 -0
package/dist/src/framework/secrets/providers/ssmProvider.js +127 -0
package/dist/src/framework/secrets/resolveSecretBundle.d.ts +53 -0
package/dist/src/framework/secrets/resolveSecretBundle.js +84 -0
package/dist/src/framework/secrets/resolveSecrets.d.ts +18 -0
package/dist/src/framework/secrets/resolveSecrets.js +34 -0
package/dist/src/framework/sse/index.d.ts +21 -0
package/dist/src/framework/sse/index.js +109 -0
package/dist/src/framework/ws/index.d.ts +11 -0
package/dist/src/framework/ws/index.js +8 -0
package/dist/src/index.d.ts +87 -0
package/dist/src/index.js +58 -0
package/dist/src/lib/appConfig.d.ts +7 -0
package/dist/src/lib/appConfig.js +27 -0
package/dist/src/lib/appMeta.d.ts +7 -0
package/dist/src/lib/appMeta.js +3 -0
package/dist/src/lib/authConfig.d.ts +532 -0
package/dist/{lib/appConfig.js → src/lib/authConfig.js} +75 -17
package/dist/{lib → src/lib}/context.d.ts +6 -12
package/dist/{lib → src/lib}/context.js +5 -5
package/dist/src/lib/logger.d.ts +1 -0
package/dist/src/lib/logger.js +1 -0
package/dist/src/lib/mongo.d.ts +58 -0
package/dist/src/lib/mongo.js +96 -0
package/dist/src/lib/queue.d.ts +72 -0
package/dist/src/lib/queue.js +152 -0
package/dist/src/lib/redis.d.ts +28 -0
package/dist/src/lib/redis.js +72 -0
package/dist/{lib → src/lib}/signing.d.ts +2 -2
package/dist/src/lib/signing.js +210 -0
package/dist/src/lib/signingConfig.d.ts +40 -0
package/dist/src/lib/signingConfig.js +28 -0
package/dist/src/server.d.ts +146 -0
package/dist/src/server.js +469 -0
package/dist/src/shared/lib/HttpError.d.ts +1 -0
package/dist/src/shared/lib/HttpError.js +2 -0
package/dist/src/shared/lib/constants.d.ts +10 -0
package/dist/src/shared/lib/crypto.d.ts +43 -0
package/dist/src/shared/lib/crypto.js +74 -0
package/dist/src/shared/lib/signing.d.ts +52 -0
package/dist/{lib → src/shared/lib}/signing.js +35 -8
package/dist/src/testing.d.ts +34 -0
package/dist/src/testing.js +93 -0
package/package.json +100 -26
package/dist/adapters/memoryAuth.d.ts +0 -52
package/dist/adapters/memoryAuth.js +0 -749
package/dist/adapters/memoryStorage.d.ts +0 -3
package/dist/adapters/memoryStorage.js +0 -44
package/dist/adapters/mongoAuth.d.ts +0 -2
package/dist/adapters/mongoAuth.js +0 -403
package/dist/adapters/sqliteAuth.d.ts +0 -72
package/dist/adapters/sqliteAuth.js +0 -858
package/dist/app.d.ts +0 -559
package/dist/app.js +0 -651
package/dist/entrypoints/mongo.d.ts +0 -5
package/dist/entrypoints/mongo.js +0 -4
package/dist/entrypoints/queue.d.ts +0 -2
package/dist/entrypoints/queue.js +0 -1
package/dist/entrypoints/redis.d.ts +0 -1
package/dist/entrypoints/redis.js +0 -1
package/dist/index.d.ts +0 -117
package/dist/index.js +0 -88
package/dist/lib/appConfig.d.ts +0 -275
package/dist/lib/auditLog.d.ts +0 -58
package/dist/lib/auditLog.js +0 -218
package/dist/lib/authAdapter.d.ts +0 -246
package/dist/lib/authAdapter.js +0 -7
package/dist/lib/authRateLimit.d.ts +0 -13
package/dist/lib/authRateLimit.js +0 -117
package/dist/lib/clientIp.d.ts +0 -14
package/dist/lib/credentialStuffing.d.ts +0 -31
package/dist/lib/credentialStuffing.js +0 -77
package/dist/lib/crypto.d.ts +0 -11
package/dist/lib/crypto.js +0 -22
package/dist/lib/deletionCancelToken.d.ts +0 -12
package/dist/lib/deletionCancelToken.js +0 -88
package/dist/lib/emailVerification.d.ts +0 -19
package/dist/lib/emailVerification.js +0 -129
package/dist/lib/fingerprint.js +0 -36
package/dist/lib/idempotency.js +0 -182
package/dist/lib/jwks.d.ts +0 -25
package/dist/lib/jwks.js +0 -51
package/dist/lib/jwt.d.ts +0 -15
package/dist/lib/jwt.js +0 -111
package/dist/lib/metrics.d.ts +0 -14
package/dist/lib/mfaChallenge.d.ts +0 -55
package/dist/lib/mfaChallenge.js +0 -398
package/dist/lib/mongo.d.ts +0 -39
package/dist/lib/mongo.js +0 -124
package/dist/lib/oauth.d.ts +0 -40
package/dist/lib/oauth.js +0 -101
package/dist/lib/oauthCode.d.ts +0 -15
package/dist/lib/oauthCode.js +0 -95
package/dist/lib/pagination.d.ts +0 -119
package/dist/lib/pagination.js +0 -166
package/dist/lib/queue.d.ts +0 -37
package/dist/lib/queue.js +0 -117
package/dist/lib/redis.d.ts +0 -9
package/dist/lib/redis.js +0 -61
package/dist/lib/resetPassword.d.ts +0 -12
package/dist/lib/resetPassword.js +0 -93
package/dist/lib/roles.d.ts +0 -7
package/dist/lib/roles.js +0 -49
package/dist/lib/saml.d.ts +0 -25
package/dist/lib/saml.js +0 -64
package/dist/lib/securityEvents.d.ts +0 -28
package/dist/lib/securityEvents.js +0 -26
package/dist/lib/session.d.ts +0 -49
package/dist/lib/session.js +0 -597
package/dist/lib/tenant.d.ts +0 -15
package/dist/lib/tenant.js +0 -65
package/dist/lib/upload.js +0 -112
package/dist/lib/uploadRegistry.d.ts +0 -18
package/dist/lib/uploadRegistry.js +0 -83
package/dist/lib/ws.d.ts +0 -22
package/dist/lib/ws.js +0 -96
package/dist/lib/wsHeartbeat.d.ts +0 -12
package/dist/lib/wsHeartbeat.js +0 -57
package/dist/lib/wsMessages.d.ts +0 -40
package/dist/lib/wsMessages.js +0 -330
package/dist/lib/wsPresence.d.ts +0 -25
package/dist/lib/wsPresence.js +0 -99
package/dist/middleware/auditLog.js +0 -39
package/dist/middleware/bearerAuth.d.ts +0 -2
package/dist/middleware/bearerAuth.js +0 -11
package/dist/middleware/cacheResponse.d.ts +0 -15
package/dist/middleware/cacheResponse.js +0 -178
package/dist/middleware/captcha.js +0 -36
package/dist/middleware/csrf.js +0 -129
package/dist/middleware/identify.d.ts +0 -3
package/dist/middleware/identify.js +0 -122
package/dist/middleware/index.js +0 -1
package/dist/middleware/metrics.d.ts +0 -9
package/dist/middleware/metrics.js +0 -26
package/dist/middleware/rateLimit.js +0 -22
package/dist/middleware/requestId.d.ts +0 -3
package/dist/middleware/scimAuth.d.ts +0 -8
package/dist/middleware/scimAuth.js +0 -29
package/dist/middleware/tenant.d.ts +0 -5
package/dist/middleware/upload.d.ts +0 -5
package/dist/middleware/userAuth.d.ts +0 -3
package/dist/middleware/userAuth.js +0 -6
package/dist/models/AuditLog.d.ts +0 -30
package/dist/models/AuditLog.js +0 -39
package/dist/models/AuthUser.js +0 -55
package/dist/models/Group.d.ts +0 -21
package/dist/models/Group.js +0 -28
package/dist/models/GroupMembership.js +0 -25
package/dist/models/TenantRole.d.ts +0 -15
package/dist/models/TenantRole.js +0 -23
package/dist/routes/auth.d.ts +0 -12
package/dist/routes/auth.js +0 -744
package/dist/routes/groups.js +0 -346
package/dist/routes/health.d.ts +0 -1
package/dist/routes/health.js +0 -22
package/dist/routes/home.d.ts +0 -1
package/dist/routes/home.js +0 -16
package/dist/routes/jobs.d.ts +0 -2
package/dist/routes/m2m.d.ts +0 -2
package/dist/routes/m2m.js +0 -72
package/dist/routes/metrics.d.ts +0 -8
package/dist/routes/metrics.js +0 -55
package/dist/routes/mfa.d.ts +0 -5
package/dist/routes/mfa.js +0 -628
package/dist/routes/oauth.d.ts +0 -2
package/dist/routes/oauth.js +0 -520
package/dist/routes/oidc.d.ts +0 -2
package/dist/routes/oidc.js +0 -29
package/dist/routes/passkey.d.ts +0 -1
package/dist/routes/passkey.js +0 -157
package/dist/routes/saml.d.ts +0 -2
package/dist/routes/saml.js +0 -86
package/dist/routes/scim.d.ts +0 -2
package/dist/routes/scim.js +0 -255
package/dist/routes/uploads.js +0 -227
package/dist/schemas/auth.js +0 -30
package/dist/server.d.ts +0 -57
package/dist/server.js +0 -112
package/dist/services/auth.d.ts +0 -29
package/dist/services/auth.js +0 -238
package/dist/ws/index.d.ts +0 -10
package/dist/ws/index.js +0 -39
package/docs/sections/adding-middleware/full.md +0 -35
package/docs/sections/adding-models/full.md +0 -125
package/docs/sections/adding-models/overview.md +0 -13
package/docs/sections/adding-routes/full.md +0 -182
package/docs/sections/adding-routes/overview.md +0 -23
package/docs/sections/auth-flow/full.md +0 -790
package/docs/sections/auth-flow/overview.md +0 -10
package/docs/sections/auth-security-examples/full.md +0 -388
package/docs/sections/authentication/full.md +0 -130
package/docs/sections/authentication/overview.md +0 -5
package/docs/sections/cli/full.md +0 -42
package/docs/sections/configuration/full.md +0 -172
package/docs/sections/configuration/overview.md +0 -18
package/docs/sections/configuration-example/full.md +0 -117
package/docs/sections/configuration-example/overview.md +0 -30
package/docs/sections/documentation/full.md +0 -171
package/docs/sections/environment-variables/full.md +0 -55
package/docs/sections/exports/full.md +0 -123
package/docs/sections/extending-context/full.md +0 -59
package/docs/sections/header.md +0 -3
package/docs/sections/installation/full.md +0 -6
package/docs/sections/jobs/full.md +0 -140
package/docs/sections/jobs/overview.md +0 -15
package/docs/sections/logging/full.md +0 -83
package/docs/sections/metrics/full.md +0 -131
package/docs/sections/mongodb-connections/full.md +0 -45
package/docs/sections/mongodb-connections/overview.md +0 -7
package/docs/sections/multi-tenancy/full.md +0 -66
package/docs/sections/multi-tenancy/overview.md +0 -15
package/docs/sections/oauth/full.md +0 -189
package/docs/sections/oauth/overview.md +0 -16
package/docs/sections/package-development/full.md +0 -7
package/docs/sections/pagination/full.md +0 -93
package/docs/sections/passkey-login/full.md +0 -90
package/docs/sections/passkey-login/overview.md +0 -1
package/docs/sections/peer-dependencies/full.md +0 -47
package/docs/sections/quick-start/full.md +0 -43
package/docs/sections/response-caching/full.md +0 -117
package/docs/sections/response-caching/overview.md +0 -13
package/docs/sections/roles/full.md +0 -225
package/docs/sections/roles/overview.md +0 -14
package/docs/sections/running-without-redis/full.md +0 -16
package/docs/sections/running-without-redis-or-mongodb/full.md +0 -60
package/docs/sections/signing/full.md +0 -203
package/docs/sections/stack/full.md +0 -10
package/docs/sections/uploads/full.md +0 -208
package/docs/sections/versioning/full.md +0 -85
package/docs/sections/webhook-auth/full.md +0 -100
package/docs/sections/websocket/full.md +0 -196
package/docs/sections/websocket/overview.md +0 -5
package/docs/sections/websocket-rooms/full.md +0 -102
package/docs/sections/websocket-rooms/overview.md +0 -5
/package/dist/{lib/storageAdapter.js → packages/bunshot-admin/src/types/env.js} +0 -0
/package/dist/{lib → packages/bunshot-auth/src/lib}/fingerprint.d.ts +0 -0
/package/dist/{lib → packages/bunshot-auth/src/lib}/logger.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/constants.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/storageAdapter.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/createDtoMapper.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.js +0 -0
/package/dist/{middleware → src/framework/middleware}/index.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/logger.js +0 -0
/package/dist/{lib → src/shared/lib}/constants.js +0 -0

package/dist/src/cli/commands/init.js ADDED Viewed

@@ -0,0 +1,709 @@
+import { Args, Command } from '@oclif/core';
+import { spawnSync } from 'child_process';
+import { existsSync, mkdirSync, readSync, rmSync, writeFileSync } from 'fs';
+import { join } from 'path';
+function ask(question) {
+    process.stdout.write(question);
+    const buf = Buffer.alloc(1024);
+    const n = readSync(0, buf, 0, buf.length, null);
+    return buf.subarray(0, n).toString().trim().replace(/\r/g, '');
+}
+function choose(question, options, defaultIndex = 0) {
+    let selected = defaultIndex;
+    function render(initial = false) {
+        if (!initial) {
+            process.stdout.write(`\x1B[${options.length}A`);
+        }
+        for (let i = 0; i < options.length; i++) {
+            const active = i === selected;
+            const marker = active ? '\x1B[36m>\x1B[0m' : ' ';
+            const label = active ? `\x1B[1m${options[i]}\x1B[0m` : `\x1B[2m${options[i]}\x1B[0m`;
+            process.stdout.write(`\x1B[2K  ${marker} ${label}\n`);
+        }
+    }
+    // Non-TTY fallback (piped input, CI, etc.)
+    if (!process.stdin.isTTY) {
+        console.log(question);
+        options.forEach((opt, i) => console.log(`  ${i + 1}) ${opt}`));
+        const raw = ask(`  Choose [${defaultIndex + 1}]: `);
+        if (!raw)
+            return defaultIndex;
+        const num = parseInt(raw);
+        if (num >= 1 && num <= options.length)
+            return num - 1;
+        return defaultIndex;
+    }
+    console.log(question);
+    process.stdout.write('\x1B[?25l'); // hide cursor
+    render(true);
+    process.stdin.setRawMode(true);
+    const buf = Buffer.alloc(16);
+    try {
+        while (true) {
+            const n = readSync(0, buf, 0, buf.length, null);
+            const key = buf.subarray(0, n).toString();
+            if (key === '\r' || key === '\n') {
+                break;
+            }
+            else if (key === '\x1B[A' || key === '\x1BOA') {
+                // Up arrow
+                selected = (selected - 1 + options.length) % options.length;
+                render();
+            }
+            else if (key === '\x1B[B' || key === '\x1BOB') {
+                // Down arrow
+                selected = (selected + 1) % options.length;
+                render();
+            }
+            else if (key === '\x03') {
+                // Ctrl+C
+                process.stdout.write('\x1B[?25h\n');
+                process.stdin.setRawMode(false);
+                process.exit(0);
+            }
+            else {
+                // Number key quick-select
+                const num = parseInt(key);
+                if (num >= 1 && num <= options.length) {
+                    selected = num - 1;
+                    render();
+                    break;
+                }
+            }
+        }
+    }
+    finally {
+        process.stdin.setRawMode(false);
+        process.stdout.write('\x1B[?25h'); // show cursor
+    }
+    return selected;
+}
+export default class Init extends Command {
+    static description = 'Scaffold a new Bunshot application';
+    static examples = [
+        '<%= config.bin %> init my-app',
+        '<%= config.bin %> init my-app ./apps/my-app',
+    ];
+    static args = {
+        name: Args.string({ description: 'App name' }),
+        dir: Args.string({ description: 'Output directory' }),
+    };
+    async run() {
+        const { args } = await this.parse(Init);
+        const argTitle = args.name;
+        const argDir = args.dir;
+        const appTitle = argTitle || ask('App name: ');
+        if (!appTitle) {
+            console.error('App name is required.');
+            process.exit(1);
+        }
+        const dirDefault = appTitle
+            .toLowerCase()
+            .replace(/\s+/g, '-')
+            .replace(/[^a-z0-9-]/g, '');
+        const dirName = argDir || (argTitle ? dirDefault : ask(`Directory (${dirDefault}): `)) || dirDefault;
+        let mongoMode = false;
+        let useRedis = false;
+        let authStore = 'mongo';
+        let sessionStore = 'redis';
+        let cacheStore = 'redis';
+        let oauthStateStore = 'redis';
+        console.log('');
+        const presetChoice = choose('Database setup:', [
+            'Full stack        (MongoDB + Redis — production ready)',
+            'SQLite            (single file, no external services)',
+            'Memory            (ephemeral, great for prototyping/tests)',
+            'Custom            (choose each store individually)',
+        ]);
+        if (presetChoice === 0) {
+            // Full stack
+            const mongoChoice = choose('MongoDB connection mode:', [
+                'Single   (auth + app data share one connection)',
+                'Separate (auth on its own cluster)',
+            ]);
+            mongoMode = mongoChoice === 0 ? 'single' : 'separate';
+            useRedis = true;
+            authStore = 'mongo';
+            sessionStore = 'redis';
+            cacheStore = 'redis';
+            oauthStateStore = 'redis';
+        }
+        else if (presetChoice === 1) {
+            // SQLite
+            mongoMode = false;
+            useRedis = false;
+            authStore = 'sqlite';
+            sessionStore = 'sqlite';
+            cacheStore = 'sqlite';
+            oauthStateStore = 'sqlite';
+        }
+        else if (presetChoice === 2) {
+            // Memory
+            mongoMode = false;
+            useRedis = false;
+            authStore = 'memory';
+            sessionStore = 'memory';
+            cacheStore = 'memory';
+            oauthStateStore = 'memory';
+        }
+        else {
+            // Custom — prompt each store individually
+            console.log('\n  Configure each store:\n');
+            // MongoDB
+            const mongoChoice = choose('MongoDB:', [
+                'Single   (one connection for auth + app data)',
+                'Separate (auth on its own cluster)',
+                'None     (no MongoDB)',
+            ]);
+            if (mongoChoice === 0)
+                mongoMode = 'single';
+            else if (mongoChoice === 1)
+                mongoMode = 'separate';
+            else
+                mongoMode = false;
+            // Redis
+            const redisChoice = choose('Redis:', ['Yes', 'No']);
+            useRedis = redisChoice === 0;
+            // Build available store options based on what's enabled
+            const storeOptions = [];
+            const storeLabels = [];
+            if (useRedis) {
+                storeOptions.push('redis');
+                storeLabels.push('Redis');
+            }
+            if (mongoMode) {
+                storeOptions.push('mongo');
+                storeLabels.push('MongoDB');
+            }
+            storeOptions.push('sqlite', 'memory');
+            storeLabels.push('SQLite', 'Memory');
+            // Auth store (no redis option)
+            const authOptions = [];
+            const authLabels = [];
+            if (mongoMode) {
+                authOptions.push('mongo');
+                authLabels.push('MongoDB');
+            }
+            authOptions.push('sqlite', 'memory');
+            authLabels.push('SQLite', 'Memory');
+            const authChoice = choose('Auth store:', authLabels);
+            authStore = authOptions[authChoice];
+            const sessChoice = choose('Sessions store:', storeLabels);
+            sessionStore = storeOptions[sessChoice];
+            const cacheChoice = choose('Cache store:', storeLabels);
+            cacheStore = storeOptions[cacheChoice];
+            const oauthChoice = choose('OAuth state store:', storeLabels);
+            oauthStateStore = storeOptions[oauthChoice];
+        }
+        // If any store uses sqlite, we need the sqlite path
+        const usesSqlite = authStore === 'sqlite' ||
+            sessionStore === 'sqlite' ||
+            cacheStore === 'sqlite' ||
+            oauthStateStore === 'sqlite';
+        // --- auth config ---
+        console.log('');
+        let authPosture = 'web-saas';
+        let stepByStep = null;
+        const authConfigMode = choose('How would you like to configure auth?', [
+            'Use a preset     (pick a security posture, get sensible defaults)',
+            'Step by step     (choose features individually)',
+        ]);
+        if (authConfigMode === 0) {
+            // Preset path
+            const presetIndex = choose('Which best describes your app?', [
+                `Web app / SaaS       (CSRF, refresh tokens, botProtection)`,
+                `Internal / admin     (MFA required, no refresh tokens, tight limits)`,
+                `Mobile / API only    (no CSRF, cors: "*", header auth)`,
+                `Dev / prototype      (permissive — iterate fast, no rate limits)`,
+            ]);
+            const presets = ['web-saas', 'internal', 'mobile-api', 'dev'];
+            authPosture = presets[presetIndex];
+        }
+        else {
+            // Step-by-step path
+            authPosture = 'custom';
+            const pwPolicyIndex = choose('Password policy:', [
+                'Relaxed (8 chars)',
+                'Strong (12+ chars, special required)',
+                'Minimal (dev only)',
+            ]);
+            const passwordPolicy = ['relaxed', 'strong', 'minimal'][pwPolicyIndex];
+            const emailVerifIndex = choose('Email verification:', ['Yes', 'No']);
+            const emailVerification = emailVerifIndex === 0;
+            const pwResetIndex = choose('Password reset:', ['Yes', 'No']);
+            const passwordReset = pwResetIndex === 0;
+            const refreshIndex = choose('Refresh tokens:', ['Yes', 'No']);
+            const refreshTokens = refreshIndex === 0;
+            const mfaIndex = choose('MFA:', ['None', 'Optional (users opt in)', 'Required (all users)']);
+            const mfa = ['none', 'optional', 'required'][mfaIndex];
+            const csrfIndex = choose('CSRF protection:', ['Yes', 'No']);
+            const csrf = csrfIndex === 0;
+            const oauthProviders = [];
+            const allProviders = ['Google', 'GitHub', 'Apple', 'Microsoft'];
+            while (true) {
+                const remaining = [...allProviders.filter(p => !oauthProviders.includes(p)), 'None (done)'];
+                const pIdx = choose('OAuth providers (select all that apply):', remaining);
+                const picked = remaining[pIdx];
+                if (picked === 'None (done)')
+                    break;
+                oauthProviders.push(picked);
+            }
+            stepByStep = {
+                passwordPolicy,
+                emailVerification,
+                passwordReset,
+                refreshTokens,
+                mfa,
+                csrf,
+                oauthProviders,
+            };
+        }
+        // --- paths ---
+        const projectDir = join(process.cwd(), dirName);
+        const srcDir = join(projectDir, 'src');
+        const configDir = join(srcDir, 'config');
+        const libDir = join(srcDir, 'lib');
+        const routesDir = join(srcDir, 'routes');
+        const workersDir = join(srcDir, 'workers');
+        const queuesDir = join(srcDir, 'queues');
+        const wsDir = join(srcDir, 'ws');
+        const servicesDir = join(srcDir, 'services');
+        const middlewareDir = join(srcDir, 'middleware');
+        const modelsDir = join(srcDir, 'models');
+        if (existsSync(projectDir)) {
+            console.error(`Directory "${dirName}" already exists.`);
+            process.exit(1);
+        }
+        // --- build db config string ---
+        function buildDbConfig() {
+            const lines = [];
+            if (mongoMode) {
+                lines.push(`  mongo: "${mongoMode}",`);
+            }
+            else {
+                lines.push(`  mongo: false,`);
+            }
+            lines.push(`  redis: ${useRedis},`);
+            lines.push(`  auth: "${authStore}",`);
+            lines.push(`  sessions: "${sessionStore}",`);
+            lines.push(`  oauthState: "${oauthStateStore}",`);
+            lines.push(`  cache: "${cacheStore}",`);
+            if (usesSqlite) {
+                lines.push(`  sqlite: path.join(import.meta.dir, "../../data.db"),`);
+            }
+            return `{\n${lines.join('\n')}\n}`;
+        }
+        // --- build auth + security config string ---
+        function buildAuthSecurityConfig() {
+            if (authPosture === 'web-saas') {
+                return `export const auth: AuthConfig = {
+  roles: Object.values(USER_ROLES),
+  defaultRole: USER_ROLES.USER,
+  passwordPolicy: { minLength: 8, requireLetter: true, requireDigit: true },
+  // Uncomment to require email verification before login:
+  // emailVerification: {
+  //   required: true,
+  //   // Listen to auth:delivery.email_verification bus event to send the email
+  // },
+  // Uncomment to enable password reset:
+  // passwordReset: {
+  //   // Listen to auth:delivery.password_reset bus event to send the reset email
+  // },
+  refreshTokens: { accessTokenExpiry: 900, refreshTokenExpiry: 2_592_000 },
+  sessionPolicy: { trackLastActive: true },
+  // Uncomment to enable opt-in MFA (TOTP + email OTP):
+  // mfa: { issuer: APP_NAME },
+};
+export const security: SecurityConfig = {
+  cors: ["https://myapp.com"],   // TODO: replace with your domain
+  trustProxy: 1,
+  csrf: { enabled: true },
+  botProtection: { fingerprintRateLimit: true },
+};`;
+            }
+            if (authPosture === 'internal') {
+                return `export const auth: AuthConfig = {
+  roles: ["superadmin", "admin", "viewer"],
+  defaultRole: "viewer",
+  passwordPolicy: { minLength: 14, requireLetter: true, requireDigit: true, requireSpecial: true },
+  mfa: { issuer: APP_NAME, required: true },
+  sessionPolicy: {
+    maxSessions: 2,
+    trackLastActive: true,
+    persistSessionMetadata: true,
+    includeInactiveSessions: true,
+  },
+  rateLimit: { login: { windowMs: 15 * 60 * 1000, max: 5 } },
+};
+export const security: SecurityConfig = {
+  cors: ["https://admin.myapp.com"],  // TODO: replace with your domain
+  trustProxy: 1,
+  csrf: { enabled: true },
+  rateLimit: { windowMs: 60_000, max: 30 },
+};`;
+            }
+            if (authPosture === 'mobile-api') {
+                return `export const auth: AuthConfig = {
+  roles: Object.values(USER_ROLES),
+  defaultRole: USER_ROLES.USER,
+  refreshTokens: { accessTokenExpiry: 900, refreshTokenExpiry: 2_592_000, rotationGraceSeconds: 60 },
+  sessionPolicy: { maxSessions: 5 },
+};
+export const security: SecurityConfig = {
+  cors: "*",
+  trustProxy: 1,
+  botProtection: { fingerprintRateLimit: true },
+};`;
+            }
+            if (authPosture === 'dev') {
+                return `export const auth: AuthConfig = {
+  roles: Object.values(USER_ROLES),
+  defaultRole: USER_ROLES.USER,
+  passwordPolicy: { minLength: 1, requireLetter: false, requireDigit: false, requireSpecial: false },
+  rateLimit: {
+    login: { windowMs: 60_000, max: 10_000 },
+    register: { windowMs: 60_000, max: 10_000 },
+  },
+};
+export const security: SecurityConfig = {
+  cors: "*",
+  bearerAuth: false,
+};`;
+            }
+            // Custom / step-by-step
+            const c = stepByStep;
+            const authLines = [
+                `  roles: Object.values(USER_ROLES),`,
+                `  defaultRole: USER_ROLES.USER,`,
+            ];
+            if (c.passwordPolicy === 'relaxed') {
+                authLines.push(`  passwordPolicy: { minLength: 8, requireLetter: true, requireDigit: true },`);
+            }
+            else if (c.passwordPolicy === 'strong') {
+                authLines.push(`  passwordPolicy: { minLength: 12, requireLetter: true, requireDigit: true, requireSpecial: true },`);
+            }
+            else {
+                authLines.push(`  passwordPolicy: { minLength: 1, requireLetter: false, requireDigit: false, requireSpecial: false },`);
+            }
+            if (c.emailVerification) {
+                authLines.push(`  emailVerification: {`);
+                authLines.push(`    required: true,`);
+                authLines.push(`    // Listen to auth:delivery.email_verification bus event to send the email`);
+                authLines.push(`  },`);
+            }
+            if (c.passwordReset) {
+                authLines.push(`  passwordReset: {`);
+                authLines.push(`    // Listen to auth:delivery.password_reset bus event to send the reset email`);
+                authLines.push(`  },`);
+            }
+            if (c.refreshTokens) {
+                authLines.push(`  refreshTokens: { accessTokenExpiry: 900, refreshTokenExpiry: 2_592_000 },`);
+            }
+            if (c.mfa === 'optional') {
+                authLines.push(`  mfa: { issuer: APP_NAME },`);
+            }
+            else if (c.mfa === 'required') {
+                authLines.push(`  mfa: { issuer: APP_NAME, required: true },`);
+            }
+            authLines.push(`  sessionPolicy: { trackLastActive: true },`);
+            const authBlock = `export const auth: AuthConfig = {\n${authLines.join('\n')}\n};`;
+            const secLines = [`  cors: "*",`];
+            if (c.csrf) {
+                secLines.push(`  csrf: { enabled: true },`);
+            }
+            const secBlock = `export const security: SecurityConfig = {\n${secLines.join('\n')}\n};`;
+            return `${authBlock}\n\n${secBlock}`;
+        }
+        // --- templates ---
+        const constantsContent = `export const APP_NAME = "${appTitle}";
+export const APP_VERSION = "1.0.0";
+export const USER_ROLES = {
+  ADMIN: "admin",
+  USER: "user",
+};
+`;
+        const configContent = `import path from "path";
+import {
+  type AppMeta,
+  type AuthConfig,
+  type CreateServerConfig,
+  type DbConfig,
+  type SecurityConfig,
+} from "@lastshotlabs/bunshot";
+import { APP_NAME, APP_VERSION, USER_ROLES } from "@shared/constants";
+export const app: AppMeta = {
+  name: APP_NAME,
+  version: APP_VERSION,
+};
+export const routesDir = path.join(import.meta.dir, "../routes");
+export const workersDir = path.join(import.meta.dir, "../workers");
+export const port = process.env.PORT ? parseInt(process.env.PORT) : 3000;
+export const db: DbConfig = ${buildDbConfig()};
+${buildAuthSecurityConfig()}
+export const appConfig: CreateServerConfig = {
+  app,
+  routesDir,
+  workersDir,
+  port,
+  db,
+  auth,
+  security,
+};
+`;
+        const indexContent = `import { createServer } from "@lastshotlabs/bunshot";
+import { appConfig } from "@config/index";
+await createServer(appConfig);
+`;
+        const readmeContent = `# ${appTitle}
+Built with [@lastshotlabs/bunshot](https://github.com/Last-Shot-Labs/bunshot).
+## Getting started
+\`\`\`bash
+# fill in .env with your values
+bun dev
+\`\`\`
+| Endpoint | Description |
+|---|---|
+| \`POST /auth/register\` | Create account |
+| \`POST /auth/login\` | Sign in, returns JWT |
+| \`GET  /docs\` | OpenAPI docs (Scalar) |
+| \`GET  /health\` | Health check |
+## Project structure
+\`\`\`
+src/
+  index.ts          # server entry point
+  config/index.ts   # centralized app configuration
+  lib/constants.ts  # app name, version, roles
+  routes/           # file-based routing (each file = a router)
+  workers/          # BullMQ workers (auto-imported on start)
+  middleware/       # custom middleware
+  models/           # data models
+  services/         # business logic
+\`\`\`
+## Adding routes
+Create a file in \`src/routes/\`:
+\`\`\`ts
+// src/routes/products.ts
+import { createRouter } from "@lastshotlabs/bunshot";
+import { z } from "zod";
+export const router = createRouter();
+router.get("/products", (c) => c.json({ products: [] }));
+\`\`\`
+${mongoMode
+            ? `
+## Adding models
+\`\`\`ts
+// src/models/Product.ts
+import { getMongooseModule, getMongoFromApp } from "@lastshotlabs/bunshot";
+const mongoose = getMongooseModule();
+const ProductSchema = new mongoose.Schema({
+  name: { type: String, required: true },
+  price: { type: Number, required: true },
+}, { timestamps: true });
+// Use getMongoFromApp(app) to get connections from context
+// export const Product = appConn.model("Product", ProductSchema);
+\`\`\`
+`
+            : ''}
+## Environment variables
+See \`.env\` — fill in the values before running.
+`;
+        // --- build .env based on choices ---
+        function buildEnv() {
+            const sections = [`NODE_ENV=development`, `PORT=3000`];
+            if (mongoMode === 'single') {
+                sections.push(`
+# MongoDB
+MONGO_USER=
+MONGO_PASSWORD=
+MONGO_HOST=
+MONGO_DB=`);
+            }
+            else if (mongoMode === 'separate') {
+                sections.push(`
+# MongoDB (app data)
+MONGO_USER=
+MONGO_PASSWORD=
+MONGO_HOST=
+MONGO_DB=
+# MongoDB (auth — separate cluster)
+MONGO_AUTH_USER=
+MONGO_AUTH_PASSWORD=
+MONGO_AUTH_HOST=
+MONGO_AUTH_DB=`);
+            }
+            if (useRedis) {
+                sections.push(`
+# Redis
+REDIS_HOST=
+REDIS_USER=
+REDIS_PASSWORD=`);
+            }
+            sections.push(`
+# JWT
+JWT_SECRET=
+# Bearer API key
+BEARER_TOKEN=
+# OAuth — Google (optional)
+# GOOGLE_CLIENT_ID=
+# GOOGLE_CLIENT_SECRET=
+# GOOGLE_REDIRECT_URI=
+# OAuth — Apple (optional)
+# APPLE_CLIENT_ID=
+# APPLE_TEAM_ID=
+# APPLE_KEY_ID=
+# APPLE_PRIVATE_KEY=
+# APPLE_REDIRECT_URI=
+# OAuth — GitHub (optional)
+# GITHUB_CLIENT_ID=
+# GITHUB_CLIENT_SECRET=
+# GITHUB_REDIRECT_URI=
+# OAuth — Microsoft (optional)
+# MICROSOFT_TENANT_ID=
+# MICROSOFT_CLIENT_ID=
+# MICROSOFT_CLIENT_SECRET=
+# MICROSOFT_REDIRECT_URI=`);
+            return sections.join('\n') + '\n';
+        }
+        // --- scaffold ---
+        console.log(`\n@lastshotlabs/bunshot — creating ${dirName}\n`);
+        mkdirSync(projectDir, { recursive: true });
+        // bun init -y (handles package.json, tsconfig.json, .gitignore)
+        console.log('  Running bun init...');
+        spawnSync('bun', ['init', '-y'], { cwd: projectDir, stdio: 'inherit' });
+        // Remove the root index.ts bun init creates — we use src/index.ts
+        const rootIndex = join(projectDir, 'index.ts');
+        if (existsSync(rootIndex))
+            rmSync(rootIndex);
+        // Patch package.json: add dependency + fix scripts + module entry
+        const pkgPath = join(projectDir, 'package.json');
+        const pkg = JSON.parse(require('fs').readFileSync(pkgPath, 'utf-8'));
+        pkg.module = 'src/index.ts';
+        pkg.scripts = { dev: 'bun --watch src/index.ts', start: 'bun src/index.ts' };
+        pkg.dependencies = { ...pkg.dependencies, '@lastshotlabs/bunshot': '*' };
+        writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + '\n', 'utf-8');
+        // Write tsconfig.json with full compiler options and path aliases
+        const tsconfigPath = join(projectDir, 'tsconfig.json');
+        const tsconfigContent = {
+            compilerOptions: {
+                lib: ['ESNext'],
+                target: 'ESNext',
+                module: 'Preserve',
+                moduleDetection: 'force',
+                jsx: 'react-jsx',
+                allowJs: true,
+                moduleResolution: 'bundler',
+                allowImportingTsExtensions: true,
+                verbatimModuleSyntax: true,
+                noEmit: true,
+                strict: true,
+                skipLibCheck: true,
+                noFallthroughCasesInSwitch: true,
+                noUncheckedIndexedAccess: true,
+                noImplicitOverride: true,
+                noUnusedLocals: false,
+                noUnusedParameters: false,
+                noPropertyAccessFromIndexSignature: false,
+                paths: {
+                    '@lib/*': ['./src/lib/*'],
+                    '@middleware/*': ['./src/middleware/*'],
+                    '@models/*': ['./src/models/*'],
+                    '@queues/*': ['./src/queues/*'],
+                    '@routes/*': ['./src/routes/*'],
+                    '@scripts/*': ['./src/scripts/*'],
+                    '@services/*': ['./src/services/*'],
+                    '@workers/*': ['./src/workers/*'],
+                    '@service-facades/*': ['./src/service-facades/*'],
+                    '@config/*': ['./src/config/*'],
+                    '@constants/*': ['./src/lib/constants/*'],
+                },
+            },
+        };
+        writeFileSync(tsconfigPath, JSON.stringify(tsconfigContent, null, 2) + '\n', 'utf-8');
+        // Create src structure
+        mkdirSync(configDir, { recursive: true });
+        mkdirSync(libDir, { recursive: true });
+        mkdirSync(routesDir, { recursive: true });
+        mkdirSync(workersDir, { recursive: true });
+        mkdirSync(queuesDir, { recursive: true });
+        mkdirSync(wsDir, { recursive: true });
+        mkdirSync(servicesDir, { recursive: true });
+        mkdirSync(middlewareDir, { recursive: true });
+        mkdirSync(modelsDir, { recursive: true });
+        writeFileSync(join(libDir, 'constants.ts'), constantsContent, 'utf-8');
+        writeFileSync(join(configDir, 'index.ts'), configContent, 'utf-8');
+        writeFileSync(join(srcDir, 'index.ts'), indexContent, 'utf-8');
+        writeFileSync(join(projectDir, '.env'), buildEnv(), 'utf-8');
+        writeFileSync(join(projectDir, 'README.md'), readmeContent, 'utf-8');
+        // --- summary ---
+        console.log('  Created:');
+        console.log(`    + ${dirName}/src/index.ts`);
+        console.log(`    + ${dirName}/src/config/index.ts`);
+        console.log(`    + ${dirName}/src/lib/constants.ts`);
+        console.log(`    + ${dirName}/src/routes/`);
+        console.log(`    + ${dirName}/src/workers/`);
+        console.log(`    + ${dirName}/src/queues/`);
+        console.log(`    + ${dirName}/src/ws/`);
+        console.log(`    + ${dirName}/src/services/`);
+        console.log(`    + ${dirName}/src/middleware/`);
+        console.log(`    + ${dirName}/src/models/`);
+        console.log(`    + ${dirName}/.env`);
+        console.log(`    + ${dirName}/README.md`);
+        console.log(`\n  DB config:`);
+        console.log(`    mongo: ${mongoMode || 'none'} | redis: ${useRedis}`);
+        console.log(`    auth: ${authStore} | sessions: ${sessionStore} | cache: ${cacheStore} | oauthState: ${oauthStateStore}`);
+        console.log(`\n  Auth config:`);
+        console.log(`    posture: ${authPosture}`);
+        // --- git init ---
+        console.log('\n  Initializing git...');
+        const git = spawnSync('git', ['init'], { cwd: projectDir, stdio: 'inherit' });
+        if (git.status !== 0) {
+            console.error('  git init failed — skipping.');
+        }
+        // --- bun install ---
+        console.log('\n  Installing dependencies...');
+        const install = spawnSync('bun', ['install'], { cwd: projectDir, stdio: 'inherit' });
+        if (install.status !== 0) {
+            console.error('\n  bun install failed. Run it manually inside the directory.');
+            process.exit(1);
+        }
+        console.log(`\nDone! Next steps:\n`);
+        console.log(`  cd ${dirName}`);
+        console.log(`  # fill in .env`);
+        console.log(`  bun dev\n`);
+    }
+}