npm - @lastshotlabs/bunshot - Versions diffs - 0.0.27 → 0.1.0 - Mend

@lastshotlabs/bunshot 0.0.27 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (742) hide show

package/.oclif.manifest.json +39 -0
package/README.md +8282 -2147
package/dist/cli/commands/init.js +690 -0
package/dist/cli/index.js +6 -0
package/dist/cli.js +4 -4
package/dist/packages/bunshot-admin/src/index.d.ts +15 -0
package/dist/packages/bunshot-admin/src/index.js +11 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.d.ts +8 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.js +33 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.d.ts +14 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.js +17 -0
package/dist/packages/bunshot-admin/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-admin/src/plugin.js +46 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.d.ts +6 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.js +32 -0
package/dist/packages/bunshot-admin/src/routes/admin.d.ts +10 -0
package/dist/packages/bunshot-admin/src/routes/admin.js +923 -0
package/dist/packages/bunshot-admin/src/routes/mail.d.ts +6 -0
package/dist/packages/bunshot-admin/src/routes/mail.js +114 -0
package/dist/packages/bunshot-admin/src/routes/permissions.d.ts +8 -0
package/dist/packages/bunshot-admin/src/routes/permissions.js +315 -0
package/dist/packages/bunshot-admin/src/types/config.d.ts +16 -0
package/dist/packages/bunshot-admin/src/types/config.js +37 -0
package/dist/packages/bunshot-admin/src/types/env.d.ts +14 -0
package/dist/packages/bunshot-admin/src/types/provider.d.ts +1 -0
package/dist/packages/bunshot-admin/src/types/provider.js +4 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.d.ts +66 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.js +1063 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.d.ts +2 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.js +536 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.d.ts +88 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.js +1366 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.d.ts +2 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.js +23 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.d.ts +5 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.js +131 -0
package/dist/packages/bunshot-auth/src/bootstrap.d.ts +38 -0
package/dist/packages/bunshot-auth/src/bootstrap.js +384 -0
package/dist/packages/bunshot-auth/src/config/appConfig.d.ts +3 -0
package/dist/packages/bunshot-auth/src/config/appConfig.js +4 -0
package/dist/packages/bunshot-auth/src/config/authConfig.d.ts +478 -0
package/dist/packages/bunshot-auth/src/config/authConfig.js +46 -0
package/dist/packages/bunshot-auth/src/config/configLock.d.ts +2 -0
package/dist/packages/bunshot-auth/src/config/configLock.js +10 -0
package/dist/packages/bunshot-auth/src/index.d.ts +25 -0
package/dist/packages/bunshot-auth/src/index.js +23 -0
package/dist/packages/bunshot-auth/src/infra/mongo.d.ts +15 -0
package/dist/packages/bunshot-auth/src/infra/mongo.js +44 -0
package/dist/packages/bunshot-auth/src/infra/queue.d.ts +14 -0
package/dist/packages/bunshot-auth/src/infra/queue.js +27 -0
package/dist/packages/bunshot-auth/src/infra/redis.d.ts +5 -0
package/dist/packages/bunshot-auth/src/infra/redis.js +15 -0
package/dist/packages/bunshot-auth/src/infra/signing.d.ts +7 -0
package/dist/packages/bunshot-auth/src/infra/signing.js +8 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.d.ts +34 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.js +244 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authContext.d.ts +15 -0
package/dist/packages/bunshot-auth/src/lib/authContext.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.d.ts +4 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.js +15 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.js +205 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/breachedPassword.d.ts +8 -2
package/dist/{lib → packages/bunshot-auth/src/lib}/breachedPassword.js +22 -9
package/dist/packages/bunshot-auth/src/lib/cache.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/cache.js +120 -0
package/dist/packages/bunshot-auth/src/lib/clientIp.d.ts +4 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/clientIp.js +14 -7
package/dist/packages/bunshot-auth/src/lib/cookieOptions.d.ts +27 -0
package/dist/packages/bunshot-auth/src/lib/cookieOptions.js +33 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.d.ts +40 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.js +211 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.js +148 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.d.ts +23 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.js +265 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.d.ts +30 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.js +200 -0
package/dist/packages/bunshot-auth/src/lib/env.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/env.js +3 -0
package/dist/packages/bunshot-auth/src/lib/fingerprint.js +36 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.d.ts +15 -16
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.js +22 -34
package/dist/packages/bunshot-auth/src/lib/jwks.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/jwks.js +79 -0
package/dist/packages/bunshot-auth/src/lib/jwt.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/jwt.js +86 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/logger.js +3 -3
package/dist/{lib → packages/bunshot-auth/src/lib}/m2m.d.ts +5 -4
package/dist/{lib → packages/bunshot-auth/src/lib}/m2m.js +6 -10
package/dist/packages/bunshot-auth/src/lib/magicLink.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/magicLink.js +145 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.d.ts +60 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.js +419 -0
package/dist/packages/bunshot-auth/src/lib/oauth.d.ts +82 -0
package/dist/packages/bunshot-auth/src/lib/oauth.js +177 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.js +182 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.js +255 -0
package/dist/packages/bunshot-auth/src/lib/organization.d.ts +66 -0
package/dist/packages/bunshot-auth/src/lib/organization.js +225 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.js +31 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.d.ts +20 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.js +148 -0
package/dist/packages/bunshot-auth/src/lib/roles.d.ts +9 -0
package/dist/packages/bunshot-auth/src/lib/roles.js +93 -0
package/dist/packages/bunshot-auth/src/lib/saml.d.ts +29 -0
package/dist/packages/bunshot-auth/src/lib/saml.js +73 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.js +129 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/scim.d.ts +7 -7
package/dist/{lib → packages/bunshot-auth/src/lib}/scim.js +15 -13
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.d.ts +22 -0
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.js +65 -0
package/dist/packages/bunshot-auth/src/lib/session.d.ts +45 -0
package/dist/packages/bunshot-auth/src/lib/session.js +1211 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.d.ts +26 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.js +18 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/suspension.d.ts +3 -2
package/dist/{lib → packages/bunshot-auth/src/lib}/suspension.js +2 -5
package/dist/packages/bunshot-auth/src/lib/validateAdapter.d.ts +16 -0
package/dist/packages/bunshot-auth/src/lib/validateAdapter.js +161 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.js +58 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/csrf.d.ts +5 -4
package/dist/packages/bunshot-auth/src/middleware/csrf.js +138 -0
package/dist/packages/bunshot-auth/src/middleware/identify.d.ts +4 -0
package/dist/packages/bunshot-auth/src/middleware/identify.js +124 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.js +10 -8
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.js +20 -16
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireScope.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireScope.js +6 -6
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireStepUp.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireStepUp.js +8 -7
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.js +7 -6
package/dist/packages/bunshot-auth/src/middleware/scimAuth.d.ts +8 -0
package/dist/packages/bunshot-auth/src/middleware/scimAuth.js +29 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.js +6 -0
package/dist/{models → packages/bunshot-auth/src/models}/AuthUser.d.ts +12 -8
package/dist/packages/bunshot-auth/src/models/AuthUser.js +53 -0
package/dist/packages/bunshot-auth/src/models/Group.d.ts +19 -0
package/dist/packages/bunshot-auth/src/models/Group.js +22 -0
package/dist/{models → packages/bunshot-auth/src/models}/GroupMembership.d.ts +6 -8
package/dist/packages/bunshot-auth/src/models/GroupMembership.js +19 -0
package/dist/{models → packages/bunshot-auth/src/models}/M2MClient.d.ts +1 -1
package/dist/{models → packages/bunshot-auth/src/models}/M2MClient.js +5 -5
package/dist/packages/bunshot-auth/src/models/TenantRole.d.ts +13 -0
package/dist/packages/bunshot-auth/src/models/TenantRole.js +17 -0
package/dist/packages/bunshot-auth/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-auth/src/plugin.js +277 -0
package/dist/packages/bunshot-auth/src/routes/auth.d.ts +15 -0
package/dist/packages/bunshot-auth/src/routes/auth.js +1624 -0
package/dist/packages/bunshot-auth/src/routes/groups.d.ts +4 -0
package/dist/packages/bunshot-auth/src/routes/groups.js +481 -0
package/dist/packages/bunshot-auth/src/routes/m2m.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/m2m.js +145 -0
package/dist/packages/bunshot-auth/src/routes/mfa.d.ts +6 -0
package/dist/packages/bunshot-auth/src/routes/mfa.js +991 -0
package/dist/packages/bunshot-auth/src/routes/oauth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/oauth.js +1727 -0
package/dist/packages/bunshot-auth/src/routes/oidc.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/oidc.js +84 -0
package/dist/packages/bunshot-auth/src/routes/organizations.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/organizations.js +741 -0
package/dist/packages/bunshot-auth/src/routes/passkey.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/passkey.js +199 -0
package/dist/packages/bunshot-auth/src/routes/saml.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/saml.js +226 -0
package/dist/packages/bunshot-auth/src/routes/scim.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/scim.js +588 -0
package/dist/packages/bunshot-auth/src/runtime.d.ts +52 -0
package/dist/packages/bunshot-auth/src/runtime.js +11 -0
package/dist/{schemas → packages/bunshot-auth/src/schemas}/auth.d.ts +4 -5
package/dist/packages/bunshot-auth/src/schemas/auth.js +24 -0
package/dist/packages/bunshot-auth/src/schemas/error.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/error.js +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.js +10 -0
package/dist/packages/bunshot-auth/src/services/auth.d.ts +39 -0
package/dist/packages/bunshot-auth/src/services/auth.js +378 -0
package/dist/{services → packages/bunshot-auth/src/services}/mfa.d.ts +41 -17
package/dist/{services → packages/bunshot-auth/src/services}/mfa.js +259 -183
package/dist/packages/bunshot-auth/src/testing.d.ts +31 -0
package/dist/packages/bunshot-auth/src/testing.js +23 -0
package/dist/packages/bunshot-auth/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/adapter.js +1 -0
package/dist/packages/bunshot-auth/src/types/config.d.ts +152 -0
package/dist/packages/bunshot-auth/src/types/config.js +179 -0
package/dist/{routes → packages/bunshot-auth/src/types}/groups.d.ts +2 -3
package/dist/packages/bunshot-auth/src/types/groups.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.d.ts +6 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.js +1 -0
package/dist/packages/bunshot-auth/src/types/redis.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/redis.js +1 -0
package/dist/packages/bunshot-auth/src/types/saml.d.ts +10 -0
package/dist/packages/bunshot-auth/src/types/saml.js +1 -0
package/dist/packages/bunshot-auth/src/types/session.d.ts +18 -0
package/dist/packages/bunshot-auth/src/types/session.js +1 -0
package/dist/packages/bunshot-auth/src/types/store.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/store.js +1 -0
package/dist/packages/bunshot-core/src/adminProvider.d.ts +95 -0
package/dist/packages/bunshot-core/src/adminProvider.js +1 -0
package/dist/packages/bunshot-core/src/auditLog.d.ts +34 -0
package/dist/packages/bunshot-core/src/auditLog.js +1 -0
package/dist/packages/bunshot-core/src/auth-adapter.d.ts +227 -0
package/dist/packages/bunshot-core/src/auth-adapter.js +4 -0
package/dist/packages/bunshot-core/src/authVariables.d.ts +14 -0
package/dist/packages/bunshot-core/src/authVariables.js +4 -0
package/dist/packages/bunshot-core/src/cache.d.ts +12 -0
package/dist/packages/bunshot-core/src/cache.js +21 -0
package/dist/{lib → packages/bunshot-core/src}/captcha.d.ts +1 -10
package/dist/packages/bunshot-core/src/captcha.js +1 -0
package/dist/packages/bunshot-core/src/clearRegistry.d.ts +6 -0
package/dist/packages/bunshot-core/src/clearRegistry.js +17 -0
package/dist/packages/bunshot-core/src/clientIp.d.ts +3 -0
package/dist/packages/bunshot-core/src/clientIp.js +45 -0
package/dist/packages/bunshot-core/src/configLock.d.ts +4 -0
package/dist/packages/bunshot-core/src/configLock.js +7 -0
package/dist/packages/bunshot-core/src/configValidation.d.ts +22 -0
package/dist/packages/bunshot-core/src/configValidation.js +39 -0
package/dist/packages/bunshot-core/src/constants.js +10 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.d.ts +232 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.js +1 -0
package/dist/packages/bunshot-core/src/context/contextAccess.d.ts +3 -0
package/dist/packages/bunshot-core/src/context/contextAccess.js +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.d.ts +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.js +31 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.d.ts +38 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.js +1 -0
package/dist/packages/bunshot-core/src/context/index.d.ts +4 -0
package/dist/packages/bunshot-core/src/context/index.js +2 -0
package/dist/packages/bunshot-core/src/context.d.ts +40 -0
package/dist/packages/bunshot-core/src/context.js +35 -0
package/dist/packages/bunshot-core/src/coreContracts.d.ts +47 -0
package/dist/packages/bunshot-core/src/coreContracts.js +1 -0
package/dist/packages/bunshot-core/src/coreRegistrar.d.ts +6 -0
package/dist/packages/bunshot-core/src/coreRegistrar.js +42 -0
package/dist/{lib → packages/bunshot-core/src}/createRoute.d.ts +4 -30
package/dist/{lib → packages/bunshot-core/src}/createRoute.js +39 -88
package/dist/packages/bunshot-core/src/cronRegistry.d.ts +11 -0
package/dist/packages/bunshot-core/src/cronRegistry.js +1 -0
package/dist/packages/bunshot-core/src/crypto.d.ts +43 -0
package/dist/packages/bunshot-core/src/crypto.js +74 -0
package/dist/packages/bunshot-core/src/csrf.d.ts +8 -0
package/dist/packages/bunshot-core/src/csrf.js +1 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.d.ts +7 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.js +19 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.js +40 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.js +24 -0
package/dist/packages/bunshot-core/src/emailTemplates.d.ts +5 -0
package/dist/packages/bunshot-core/src/emailTemplates.js +10 -0
package/dist/{lib/HttpError.d.ts → packages/bunshot-core/src/errors.d.ts} +4 -1
package/dist/{lib/HttpError.js → packages/bunshot-core/src/errors.js} +7 -1
package/dist/packages/bunshot-core/src/eventBus.d.ts +270 -0
package/dist/packages/bunshot-core/src/eventBus.js +143 -0
package/dist/packages/bunshot-core/src/idempotency.d.ts +18 -0
package/dist/packages/bunshot-core/src/idempotency.js +1 -0
package/dist/packages/bunshot-core/src/index.d.ts +60 -0
package/dist/packages/bunshot-core/src/index.js +34 -0
package/dist/packages/bunshot-core/src/mail.d.ts +14 -0
package/dist/packages/bunshot-core/src/mail.js +8 -0
package/dist/packages/bunshot-core/src/memoryEviction.d.ts +24 -0
package/dist/packages/bunshot-core/src/memoryEviction.js +52 -0
package/dist/packages/bunshot-core/src/pagination.d.ts +45 -0
package/dist/packages/bunshot-core/src/pagination.js +61 -0
package/dist/packages/bunshot-core/src/permissions.d.ts +64 -0
package/dist/packages/bunshot-core/src/permissions.js +27 -0
package/dist/packages/bunshot-core/src/plugin.d.ts +44 -0
package/dist/packages/bunshot-core/src/plugin.js +1 -0
package/dist/packages/bunshot-core/src/rateLimit.d.ts +5 -0
package/dist/packages/bunshot-core/src/rateLimit.js +18 -0
package/dist/packages/bunshot-core/src/redis.d.ts +21 -0
package/dist/packages/bunshot-core/src/redis.js +1 -0
package/dist/packages/bunshot-core/src/routeAuth.d.ts +5 -0
package/dist/packages/bunshot-core/src/routeAuth.js +11 -0
package/dist/packages/bunshot-core/src/routeOverrides.d.ts +24 -0
package/dist/packages/bunshot-core/src/routeOverrides.js +25 -0
package/dist/packages/bunshot-core/src/routerAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/routerAdapter.js +56 -0
package/dist/packages/bunshot-core/src/secrets.d.ts +48 -0
package/dist/packages/bunshot-core/src/secrets.js +8 -0
package/dist/packages/bunshot-core/src/signing.d.ts +41 -0
package/dist/packages/bunshot-core/src/signing.js +1 -0
package/dist/packages/bunshot-core/src/sse.d.ts +36 -0
package/dist/packages/bunshot-core/src/sse.js +1 -0
package/dist/packages/bunshot-core/src/storageAdapter.js +1 -0
package/dist/packages/bunshot-core/src/storeInfra.d.ts +44 -0
package/dist/packages/bunshot-core/src/storeInfra.js +18 -0
package/dist/packages/bunshot-core/src/storeType.d.ts +7 -0
package/dist/packages/bunshot-core/src/storeType.js +1 -0
package/dist/packages/bunshot-core/src/testing.d.ts +1 -0
package/dist/packages/bunshot-core/src/testing.js +1 -0
package/dist/packages/bunshot-core/src/uploadRegistry.d.ts +23 -0
package/dist/packages/bunshot-core/src/uploadRegistry.js +4 -0
package/dist/packages/bunshot-core/src/userResolver.d.ts +5 -0
package/dist/packages/bunshot-core/src/userResolver.js +14 -0
package/dist/packages/bunshot-core/src/wsMessages.d.ts +42 -0
package/dist/packages/bunshot-core/src/wsMessages.js +4 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.js +73 -0
package/dist/packages/bunshot-permissions/src/index.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/index.js +5 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.js +12 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.js +165 -0
package/dist/packages/bunshot-permissions/src/lib/registry.d.ts +2 -0
package/dist/packages/bunshot-permissions/src/lib/registry.js +31 -0
package/dist/packages/bunshot-permissions/src/lib/validation.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/lib/validation.js +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.js +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.js +1 -0
package/dist/packages/bunshot-permissions/src/types/models.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/models.js +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.js +1 -0
package/dist/packages/bunshot-postgres/src/adapter.d.ts +6 -0
package/dist/packages/bunshot-postgres/src/adapter.js +794 -0
package/dist/packages/bunshot-postgres/src/connection.d.ts +15 -0
package/dist/packages/bunshot-postgres/src/connection.js +16 -0
package/dist/packages/bunshot-postgres/src/index.d.ts +4 -0
package/dist/packages/bunshot-postgres/src/index.js +2 -0
package/dist/packages/bunshot-postgres/src/schema.d.ts +997 -0
package/dist/packages/bunshot-postgres/src/schema.js +105 -0
package/dist/src/app.d.ts +230 -0
package/dist/src/app.js +182 -0
package/dist/src/cli/commands/init.d.ts +10 -0
package/dist/src/cli/commands/init.js +709 -0
package/dist/src/cli/index.d.ts +1 -0
package/dist/src/cli/index.js +3 -0
package/dist/src/entrypoints/mongo.d.ts +6 -0
package/dist/src/entrypoints/mongo.js +4 -0
package/dist/src/entrypoints/queue.d.ts +2 -0
package/dist/src/entrypoints/queue.js +1 -0
package/dist/src/entrypoints/redis.d.ts +1 -0
package/dist/src/entrypoints/redis.js +1 -0
package/dist/{adapters → src/framework/adapters}/localStorage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/localStorage.js +10 -10
package/dist/src/framework/adapters/memoryStorage.d.ts +2 -0
package/dist/src/framework/adapters/memoryStorage.js +45 -0
package/dist/{adapters → src/framework/adapters}/s3Storage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/s3Storage.js +12 -12
package/dist/src/framework/admin/bunshotAccess.d.ts +2 -0
package/dist/src/framework/admin/bunshotAccess.js +23 -0
package/dist/src/framework/admin/bunshotUsers.d.ts +2 -0
package/dist/src/framework/admin/bunshotUsers.js +103 -0
package/dist/src/framework/admin/index.d.ts +7 -0
package/dist/src/framework/admin/index.js +21 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.d.ts +13 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.js +86 -0
package/dist/src/framework/boundaryAdapters/index.d.ts +2 -0
package/dist/src/framework/boundaryAdapters/index.js +1 -0
package/dist/src/framework/boundaryAdapters.d.ts +17 -0
package/dist/src/framework/boundaryAdapters.js +62 -0
package/dist/src/framework/buildContext.d.ts +33 -0
package/dist/src/framework/buildContext.js +119 -0
package/dist/src/framework/config/schema.d.ts +447 -0
package/dist/src/framework/config/schema.js +528 -0
package/dist/src/framework/createInfrastructure.d.ts +76 -0
package/dist/src/framework/createInfrastructure.js +221 -0
package/dist/src/framework/lib/auditLog.d.ts +23 -0
package/dist/src/framework/lib/auditLog.js +416 -0
package/dist/src/framework/lib/captcha.d.ts +11 -0
package/dist/{lib → src/framework/lib}/captcha.js +13 -10
package/dist/{lib → src/framework/lib}/createDtoMapper.js +4 -4
package/dist/src/framework/lib/createRoute.d.ts +1 -0
package/dist/src/framework/lib/createRoute.js +2 -0
package/dist/{lib → src/framework/lib}/idempotency.d.ts +2 -6
package/dist/src/framework/lib/idempotency.js +74 -0
package/dist/src/framework/lib/logger.d.ts +3 -0
package/dist/src/framework/lib/logger.js +14 -0
package/dist/src/framework/lib/metrics.d.ts +34 -0
package/dist/{lib → src/framework/lib}/metrics.js +49 -57
package/dist/src/framework/lib/pagination.d.ts +42 -0
package/dist/src/framework/lib/pagination.js +51 -0
package/dist/src/framework/lib/redisTransport.d.ts +38 -0
package/dist/src/framework/lib/redisTransport.js +107 -0
package/dist/src/framework/lib/resolveUserId.d.ts +2 -0
package/dist/src/framework/lib/resolveUserId.js +5 -0
package/dist/src/framework/lib/sseCollision.d.ts +6 -0
package/dist/src/framework/lib/sseCollision.js +26 -0
package/dist/src/framework/lib/storageAdapter.d.ts +1 -0
package/dist/src/framework/lib/storageAdapter.js +1 -0
package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.js +4 -4
package/dist/src/framework/lib/tenant.d.ts +21 -0
package/dist/src/framework/lib/tenant.js +70 -0
package/dist/{lib → src/framework/lib}/upload.d.ts +11 -10
package/dist/src/framework/lib/upload.js +132 -0
package/dist/src/framework/lib/uploadRegistry.d.ts +23 -0
package/dist/src/framework/lib/uploadRegistry.js +34 -0
package/dist/{lib → src/framework/lib}/validate.d.ts +1 -1
package/dist/{lib → src/framework/lib}/validate.js +2 -2
package/dist/src/framework/lib/ws.d.ts +19 -0
package/dist/src/framework/lib/ws.js +130 -0
package/dist/src/framework/lib/wsHeartbeat.d.ts +12 -0
package/dist/src/framework/lib/wsHeartbeat.js +53 -0
package/dist/src/framework/lib/wsMessages.d.ts +25 -0
package/dist/src/framework/lib/wsMessages.js +45 -0
package/dist/src/framework/lib/wsNamespace.d.ts +17 -0
package/dist/src/framework/lib/wsNamespace.js +19 -0
package/dist/src/framework/lib/wsPresence.d.ts +17 -0
package/dist/src/framework/lib/wsPresence.js +84 -0
package/dist/src/framework/lib/wsTransport.d.ts +38 -0
package/dist/src/framework/lib/wsTransport.js +9 -0
package/dist/{lib → src/framework/lib}/zodToMongoose.d.ts +1 -1
package/dist/{lib → src/framework/lib}/zodToMongoose.js +11 -11
package/dist/{middleware → src/framework/middleware}/auditLog.d.ts +4 -3
package/dist/src/framework/middleware/auditLog.js +42 -0
package/dist/{middleware → src/framework/middleware}/botProtection.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/botProtection.js +8 -9
package/dist/src/framework/middleware/cacheResponse.d.ts +35 -0
package/dist/src/framework/middleware/cacheResponse.js +126 -0
package/dist/{middleware → src/framework/middleware}/captcha.d.ts +2 -3
package/dist/src/framework/middleware/captcha.js +37 -0
package/dist/{middleware → src/framework/middleware}/errorHandler.d.ts +1 -1
package/dist/{middleware → src/framework/middleware}/errorHandler.js +2 -2
package/dist/src/framework/middleware/index.js +1 -0
package/dist/{middleware → src/framework/middleware}/logger.d.ts +1 -1
package/dist/src/framework/middleware/metrics.d.ts +12 -0
package/dist/src/framework/middleware/metrics.js +26 -0
package/dist/{middleware → src/framework/middleware}/rateLimit.d.ts +2 -2
package/dist/src/framework/middleware/rateLimit.js +22 -0
package/dist/src/framework/middleware/requestId.d.ts +3 -0
package/dist/{middleware → src/framework/middleware}/requestId.js +2 -2
package/dist/{middleware → src/framework/middleware}/requestLogger.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/requestLogger.js +17 -12
package/dist/{middleware → src/framework/middleware}/requestSigning.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/requestSigning.js +18 -20
package/dist/src/framework/middleware/tenant.d.ts +14 -0
package/dist/{middleware → src/framework/middleware}/tenant.js +31 -27
package/dist/src/framework/middleware/upload.d.ts +5 -0
package/dist/{middleware → src/framework/middleware}/upload.js +4 -4
package/dist/{middleware → src/framework/middleware}/webhookAuth.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/webhookAuth.js +11 -12
package/dist/src/framework/models/AuditLog.d.ts +21 -0
package/dist/src/framework/models/AuditLog.js +31 -0
package/dist/src/framework/mountMiddleware.d.ts +91 -0
package/dist/src/framework/mountMiddleware.js +128 -0
package/dist/src/framework/mountOptionalEndpoints.d.ts +103 -0
package/dist/src/framework/mountOptionalEndpoints.js +64 -0
package/dist/src/framework/mountRoutes.d.ts +21 -0
package/dist/src/framework/mountRoutes.js +144 -0
package/dist/src/framework/persistence/cronRegistry.d.ts +28 -0
package/dist/src/framework/persistence/cronRegistry.js +139 -0
package/dist/src/framework/persistence/idempotency.d.ts +26 -0
package/dist/src/framework/persistence/idempotency.js +178 -0
package/dist/src/framework/persistence/index.d.ts +6 -0
package/dist/src/framework/persistence/index.js +8 -0
package/dist/src/framework/persistence/storeInfra.d.ts +9 -0
package/dist/src/framework/persistence/storeInfra.js +1 -0
package/dist/src/framework/persistence/uploadRegistry.d.ts +35 -0
package/dist/src/framework/persistence/uploadRegistry.js +235 -0
package/dist/src/framework/persistence/wsMessages.d.ts +22 -0
package/dist/src/framework/persistence/wsMessages.js +296 -0
package/dist/src/framework/preloadSchemas.d.ts +24 -0
package/dist/src/framework/preloadSchemas.js +42 -0
package/dist/src/framework/registerBoundaryAdapters.d.ts +23 -0
package/dist/src/framework/registerBoundaryAdapters.js +46 -0
package/dist/src/framework/routes/admin.d.ts +9 -0
package/dist/src/framework/routes/admin.js +361 -0
package/dist/src/framework/routes/health.d.ts +1 -0
package/dist/src/framework/routes/health.js +21 -0
package/dist/src/framework/routes/home.d.ts +1 -0
package/dist/src/framework/routes/home.js +18 -0
package/dist/src/framework/routes/jobs.d.ts +3 -0
package/dist/{routes → src/framework/routes}/jobs.js +128 -103
package/dist/src/framework/routes/metrics.d.ts +10 -0
package/dist/src/framework/routes/metrics.js +57 -0
package/dist/{routes → src/framework/routes}/uploads.d.ts +3 -3
package/dist/src/framework/routes/uploads.js +262 -0
package/dist/src/framework/runPluginLifecycle.d.ts +27 -0
package/dist/src/framework/runPluginLifecycle.js +121 -0
package/dist/src/framework/secrets/frameworkSecretSchema.d.ts +58 -0
package/dist/src/framework/secrets/frameworkSecretSchema.js +20 -0
package/dist/src/framework/secrets/index.d.ts +9 -0
package/dist/src/framework/secrets/index.js +7 -0
package/dist/src/framework/secrets/providers/envProvider.d.ts +15 -0
package/dist/src/framework/secrets/providers/envProvider.js +18 -0
package/dist/src/framework/secrets/providers/fileProvider.d.ts +8 -0
package/dist/src/framework/secrets/providers/fileProvider.js +82 -0
package/dist/src/framework/secrets/providers/ssmProvider.d.ts +20 -0
package/dist/src/framework/secrets/providers/ssmProvider.js +127 -0
package/dist/src/framework/secrets/resolveSecretBundle.d.ts +53 -0
package/dist/src/framework/secrets/resolveSecretBundle.js +84 -0
package/dist/src/framework/secrets/resolveSecrets.d.ts +18 -0
package/dist/src/framework/secrets/resolveSecrets.js +34 -0
package/dist/src/framework/sse/index.d.ts +21 -0
package/dist/src/framework/sse/index.js +109 -0
package/dist/src/framework/ws/index.d.ts +11 -0
package/dist/src/framework/ws/index.js +8 -0
package/dist/src/index.d.ts +87 -0
package/dist/src/index.js +58 -0
package/dist/src/lib/appConfig.d.ts +7 -0
package/dist/src/lib/appConfig.js +27 -0
package/dist/src/lib/appMeta.d.ts +7 -0
package/dist/src/lib/appMeta.js +3 -0
package/dist/src/lib/authConfig.d.ts +532 -0
package/dist/{lib/appConfig.js → src/lib/authConfig.js} +75 -17
package/dist/{lib → src/lib}/context.d.ts +6 -12
package/dist/{lib → src/lib}/context.js +5 -5
package/dist/src/lib/logger.d.ts +1 -0
package/dist/src/lib/logger.js +1 -0
package/dist/src/lib/mongo.d.ts +58 -0
package/dist/src/lib/mongo.js +96 -0
package/dist/src/lib/queue.d.ts +72 -0
package/dist/src/lib/queue.js +152 -0
package/dist/src/lib/redis.d.ts +28 -0
package/dist/src/lib/redis.js +72 -0
package/dist/{lib → src/lib}/signing.d.ts +2 -2
package/dist/src/lib/signing.js +210 -0
package/dist/src/lib/signingConfig.d.ts +40 -0
package/dist/src/lib/signingConfig.js +28 -0
package/dist/src/server.d.ts +146 -0
package/dist/src/server.js +469 -0
package/dist/src/shared/lib/HttpError.d.ts +1 -0
package/dist/src/shared/lib/HttpError.js +2 -0
package/dist/src/shared/lib/constants.d.ts +10 -0
package/dist/src/shared/lib/crypto.d.ts +43 -0
package/dist/src/shared/lib/crypto.js +74 -0
package/dist/src/shared/lib/signing.d.ts +52 -0
package/dist/{lib → src/shared/lib}/signing.js +35 -8
package/dist/src/testing.d.ts +34 -0
package/dist/src/testing.js +93 -0
package/package.json +100 -26
package/dist/adapters/memoryAuth.d.ts +0 -52
package/dist/adapters/memoryAuth.js +0 -749
package/dist/adapters/memoryStorage.d.ts +0 -3
package/dist/adapters/memoryStorage.js +0 -44
package/dist/adapters/mongoAuth.d.ts +0 -2
package/dist/adapters/mongoAuth.js +0 -403
package/dist/adapters/sqliteAuth.d.ts +0 -72
package/dist/adapters/sqliteAuth.js +0 -858
package/dist/app.d.ts +0 -559
package/dist/app.js +0 -651
package/dist/entrypoints/mongo.d.ts +0 -5
package/dist/entrypoints/mongo.js +0 -4
package/dist/entrypoints/queue.d.ts +0 -2
package/dist/entrypoints/queue.js +0 -1
package/dist/entrypoints/redis.d.ts +0 -1
package/dist/entrypoints/redis.js +0 -1
package/dist/index.d.ts +0 -117
package/dist/index.js +0 -88
package/dist/lib/appConfig.d.ts +0 -275
package/dist/lib/auditLog.d.ts +0 -58
package/dist/lib/auditLog.js +0 -218
package/dist/lib/authAdapter.d.ts +0 -246
package/dist/lib/authAdapter.js +0 -7
package/dist/lib/authRateLimit.d.ts +0 -13
package/dist/lib/authRateLimit.js +0 -117
package/dist/lib/clientIp.d.ts +0 -14
package/dist/lib/credentialStuffing.d.ts +0 -31
package/dist/lib/credentialStuffing.js +0 -77
package/dist/lib/crypto.d.ts +0 -11
package/dist/lib/crypto.js +0 -22
package/dist/lib/deletionCancelToken.d.ts +0 -12
package/dist/lib/deletionCancelToken.js +0 -88
package/dist/lib/emailVerification.d.ts +0 -19
package/dist/lib/emailVerification.js +0 -129
package/dist/lib/fingerprint.js +0 -36
package/dist/lib/idempotency.js +0 -182
package/dist/lib/jwks.d.ts +0 -25
package/dist/lib/jwks.js +0 -51
package/dist/lib/jwt.d.ts +0 -15
package/dist/lib/jwt.js +0 -111
package/dist/lib/metrics.d.ts +0 -14
package/dist/lib/mfaChallenge.d.ts +0 -55
package/dist/lib/mfaChallenge.js +0 -398
package/dist/lib/mongo.d.ts +0 -39
package/dist/lib/mongo.js +0 -124
package/dist/lib/oauth.d.ts +0 -40
package/dist/lib/oauth.js +0 -101
package/dist/lib/oauthCode.d.ts +0 -15
package/dist/lib/oauthCode.js +0 -95
package/dist/lib/pagination.d.ts +0 -119
package/dist/lib/pagination.js +0 -166
package/dist/lib/queue.d.ts +0 -37
package/dist/lib/queue.js +0 -117
package/dist/lib/redis.d.ts +0 -9
package/dist/lib/redis.js +0 -61
package/dist/lib/resetPassword.d.ts +0 -12
package/dist/lib/resetPassword.js +0 -93
package/dist/lib/roles.d.ts +0 -7
package/dist/lib/roles.js +0 -49
package/dist/lib/saml.d.ts +0 -25
package/dist/lib/saml.js +0 -64
package/dist/lib/securityEvents.d.ts +0 -28
package/dist/lib/securityEvents.js +0 -26
package/dist/lib/session.d.ts +0 -49
package/dist/lib/session.js +0 -597
package/dist/lib/tenant.d.ts +0 -15
package/dist/lib/tenant.js +0 -65
package/dist/lib/upload.js +0 -112
package/dist/lib/uploadRegistry.d.ts +0 -18
package/dist/lib/uploadRegistry.js +0 -83
package/dist/lib/ws.d.ts +0 -22
package/dist/lib/ws.js +0 -96
package/dist/lib/wsHeartbeat.d.ts +0 -12
package/dist/lib/wsHeartbeat.js +0 -57
package/dist/lib/wsMessages.d.ts +0 -40
package/dist/lib/wsMessages.js +0 -330
package/dist/lib/wsPresence.d.ts +0 -25
package/dist/lib/wsPresence.js +0 -99
package/dist/middleware/auditLog.js +0 -39
package/dist/middleware/bearerAuth.d.ts +0 -2
package/dist/middleware/bearerAuth.js +0 -11
package/dist/middleware/cacheResponse.d.ts +0 -15
package/dist/middleware/cacheResponse.js +0 -178
package/dist/middleware/captcha.js +0 -36
package/dist/middleware/csrf.js +0 -129
package/dist/middleware/identify.d.ts +0 -3
package/dist/middleware/identify.js +0 -122
package/dist/middleware/index.js +0 -1
package/dist/middleware/metrics.d.ts +0 -9
package/dist/middleware/metrics.js +0 -26
package/dist/middleware/rateLimit.js +0 -22
package/dist/middleware/requestId.d.ts +0 -3
package/dist/middleware/scimAuth.d.ts +0 -8
package/dist/middleware/scimAuth.js +0 -29
package/dist/middleware/tenant.d.ts +0 -5
package/dist/middleware/upload.d.ts +0 -5
package/dist/middleware/userAuth.d.ts +0 -3
package/dist/middleware/userAuth.js +0 -6
package/dist/models/AuditLog.d.ts +0 -30
package/dist/models/AuditLog.js +0 -39
package/dist/models/AuthUser.js +0 -55
package/dist/models/Group.d.ts +0 -21
package/dist/models/Group.js +0 -28
package/dist/models/GroupMembership.js +0 -25
package/dist/models/TenantRole.d.ts +0 -15
package/dist/models/TenantRole.js +0 -23
package/dist/routes/auth.d.ts +0 -12
package/dist/routes/auth.js +0 -744
package/dist/routes/groups.js +0 -346
package/dist/routes/health.d.ts +0 -1
package/dist/routes/health.js +0 -22
package/dist/routes/home.d.ts +0 -1
package/dist/routes/home.js +0 -16
package/dist/routes/jobs.d.ts +0 -2
package/dist/routes/m2m.d.ts +0 -2
package/dist/routes/m2m.js +0 -72
package/dist/routes/metrics.d.ts +0 -8
package/dist/routes/metrics.js +0 -55
package/dist/routes/mfa.d.ts +0 -5
package/dist/routes/mfa.js +0 -628
package/dist/routes/oauth.d.ts +0 -2
package/dist/routes/oauth.js +0 -520
package/dist/routes/oidc.d.ts +0 -2
package/dist/routes/oidc.js +0 -29
package/dist/routes/passkey.d.ts +0 -1
package/dist/routes/passkey.js +0 -157
package/dist/routes/saml.d.ts +0 -2
package/dist/routes/saml.js +0 -86
package/dist/routes/scim.d.ts +0 -2
package/dist/routes/scim.js +0 -255
package/dist/routes/uploads.js +0 -227
package/dist/schemas/auth.js +0 -30
package/dist/server.d.ts +0 -57
package/dist/server.js +0 -112
package/dist/services/auth.d.ts +0 -29
package/dist/services/auth.js +0 -238
package/dist/ws/index.d.ts +0 -10
package/dist/ws/index.js +0 -39
package/docs/sections/adding-middleware/full.md +0 -35
package/docs/sections/adding-models/full.md +0 -125
package/docs/sections/adding-models/overview.md +0 -13
package/docs/sections/adding-routes/full.md +0 -182
package/docs/sections/adding-routes/overview.md +0 -23
package/docs/sections/auth-flow/full.md +0 -790
package/docs/sections/auth-flow/overview.md +0 -10
package/docs/sections/auth-security-examples/full.md +0 -388
package/docs/sections/authentication/full.md +0 -130
package/docs/sections/authentication/overview.md +0 -5
package/docs/sections/cli/full.md +0 -42
package/docs/sections/configuration/full.md +0 -172
package/docs/sections/configuration/overview.md +0 -18
package/docs/sections/configuration-example/full.md +0 -117
package/docs/sections/configuration-example/overview.md +0 -30
package/docs/sections/documentation/full.md +0 -171
package/docs/sections/environment-variables/full.md +0 -55
package/docs/sections/exports/full.md +0 -123
package/docs/sections/extending-context/full.md +0 -59
package/docs/sections/header.md +0 -3
package/docs/sections/installation/full.md +0 -6
package/docs/sections/jobs/full.md +0 -140
package/docs/sections/jobs/overview.md +0 -15
package/docs/sections/logging/full.md +0 -83
package/docs/sections/metrics/full.md +0 -131
package/docs/sections/mongodb-connections/full.md +0 -45
package/docs/sections/mongodb-connections/overview.md +0 -7
package/docs/sections/multi-tenancy/full.md +0 -66
package/docs/sections/multi-tenancy/overview.md +0 -15
package/docs/sections/oauth/full.md +0 -189
package/docs/sections/oauth/overview.md +0 -16
package/docs/sections/package-development/full.md +0 -7
package/docs/sections/pagination/full.md +0 -93
package/docs/sections/passkey-login/full.md +0 -90
package/docs/sections/passkey-login/overview.md +0 -1
package/docs/sections/peer-dependencies/full.md +0 -47
package/docs/sections/quick-start/full.md +0 -43
package/docs/sections/response-caching/full.md +0 -117
package/docs/sections/response-caching/overview.md +0 -13
package/docs/sections/roles/full.md +0 -225
package/docs/sections/roles/overview.md +0 -14
package/docs/sections/running-without-redis/full.md +0 -16
package/docs/sections/running-without-redis-or-mongodb/full.md +0 -60
package/docs/sections/signing/full.md +0 -203
package/docs/sections/stack/full.md +0 -10
package/docs/sections/uploads/full.md +0 -208
package/docs/sections/versioning/full.md +0 -85
package/docs/sections/webhook-auth/full.md +0 -100
package/docs/sections/websocket/full.md +0 -196
package/docs/sections/websocket/overview.md +0 -5
package/docs/sections/websocket-rooms/full.md +0 -102
package/docs/sections/websocket-rooms/overview.md +0 -5
/package/dist/{lib/storageAdapter.js → packages/bunshot-admin/src/types/env.js} +0 -0
/package/dist/{lib → packages/bunshot-auth/src/lib}/fingerprint.d.ts +0 -0
/package/dist/{lib → packages/bunshot-auth/src/lib}/logger.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/constants.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/storageAdapter.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/createDtoMapper.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.js +0 -0
/package/dist/{middleware → src/framework/middleware}/index.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/logger.js +0 -0
/package/dist/{lib → src/shared/lib}/constants.js +0 -0

package/dist/src/framework/middleware/cacheResponse.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import type { MiddlewareHandler } from 'hono';
+import type { Connection } from 'mongoose';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
+import type { CacheStoreName } from '../../../packages/bunshot-core/src/index.js';
+interface CacheDoc {
+    key: string;
+    value: string;
+    expiresAt?: Date;
+}
+/**
+ * Get or create the Mongoose CacheEntry model on the given connection.
+ * Accepts connection and mongoose module as parameters — no module-level state.
+ */
+export declare function getCacheModel(conn?: Connection): import('mongoose').Model<CacheDoc>;
+type CacheStore = CacheStoreName;
+/**
+ * Delete a cached entry by exact key across ALL cache backends.
+ *
+ * Requires an app reference so cache invalidation uses the correct instance-owned adapters.
+ */
+export declare const bustCache: (key: string, app: object) => Promise<void>;
+/**
+ * Delete cached entries matching a glob pattern across ALL cache backends.
+ *
+ * Same defense-in-depth rationale as `bustCache` — see comment above.
+ */
+export declare const bustCachePattern: (pattern: string, app: object) => Promise<void>;
+type KeyFn = (c: Parameters<MiddlewareHandler<any>>[0]) => string;
+interface CacheOptions {
+    ttl?: number;
+    key: string | KeyFn;
+    store?: CacheStore;
+}
+export declare const cacheResponse: ({ ttl, key, store: storeOverride, }: CacheOptions) => MiddlewareHandler<AppEnv>;
+export {};

package/dist/src/framework/middleware/cacheResponse.js ADDED Viewed

@@ -0,0 +1,126 @@
+import { getMongooseModule } from '../../lib/mongo';
+import { getBunshotCtx, getCacheAdapter, getCacheAdapterOrNull } from '../../../packages/bunshot-core/src/index.js';
+/**
+ * Get or create the Mongoose CacheEntry model on the given connection.
+ * Accepts connection and mongoose module as parameters — no module-level state.
+ */
+export function getCacheModel(conn) {
+    // When called without args (from registerBoundaryAdapters), the model
+    // must already be registered on the connection from a prior call.
+    // This is a lazy model that gets created on first use with a connection.
+    if (!conn) {
+        // Fallback: the model must have been registered already on some connection.
+        // This path is only hit from registerBoundaryAdapters where appConnection is passed
+        // through the closure. We need to accept the connection as parameter.
+        throw new Error('getCacheModel requires a connection parameter');
+    }
+    if (conn.models['CacheEntry'])
+        return conn.models['CacheEntry'];
+    const mg = getMongooseModule();
+    const { Schema } = mg;
+    const cacheSchema = new Schema({
+        key: { type: String, required: true, unique: true },
+        value: { type: String, required: true },
+        expiresAt: { type: Date, index: { expireAfterSeconds: 0 } },
+    }, { collection: 'cache_entries' });
+    return conn.model('CacheEntry', cacheSchema);
+}
+async function storeGet(ctx, store, cacheKey) {
+    const adapter = getCacheAdapter(ctx, store);
+    if (!adapter.isReady()) {
+        throw new Error(`cacheResponse: store "${store}" is not ready.`);
+    }
+    return adapter.get(cacheKey);
+}
+async function storeSet(ctx, store, cacheKey, value, ttl) {
+    const adapter = getCacheAdapter(ctx, store);
+    if (!adapter.isReady()) {
+        throw new Error(`cacheResponse: store "${store}" is not ready.`);
+    }
+    await adapter.set(cacheKey, value, ttl);
+}
+async function storeDel(app, store, cacheKey) {
+    const adapter = getCacheAdapterOrNull(app, store);
+    if (!adapter?.isReady())
+        return;
+    await adapter.del(cacheKey);
+}
+async function storeDelPattern(app, store, fullPattern) {
+    const adapter = getCacheAdapterOrNull(app, store);
+    if (!adapter?.isReady())
+        return;
+    await adapter.delPattern(fullPattern);
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Delete a cached entry by exact key across ALL cache backends.
+ *
+ * Requires an app reference so cache invalidation uses the correct instance-owned adapters.
+ */
+export const bustCache = async (key, app) => {
+    const { getContext } = await import('../../../packages/bunshot-core/src/index.js');
+    const ctx = getContext(app);
+    const appName = ctx.config.appName;
+    const cacheKey = `cache:${appName}:${key}`;
+    const stores = [...ctx.cacheAdapters.keys()];
+    await Promise.all(stores.map(store => storeDel(app, store, cacheKey)));
+};
+/**
+ * Delete cached entries matching a glob pattern across ALL cache backends.
+ *
+ * Same defense-in-depth rationale as `bustCache` — see comment above.
+ */
+export const bustCachePattern = async (pattern, app) => {
+    const { getContext } = await import('../../../packages/bunshot-core/src/index.js');
+    const ctx = getContext(app);
+    const appName = ctx.config.appName;
+    const fullPattern = `cache:${appName}:${pattern}`;
+    const stores = [...ctx.cacheAdapters.keys()];
+    await Promise.all(stores.map(store => storeDelPattern(app, store, fullPattern)));
+};
+/** Headers that must never be cached — storing these can cause session fixation or auth bypass. */
+const UNCACHEABLE_HEADERS = new Set([
+    'set-cookie',
+    'www-authenticate',
+    'authorization',
+    'x-csrf-token',
+    'proxy-authenticate',
+]);
+export const cacheResponse = ({ ttl, key, store: storeOverride, }) => {
+    return async (c, next) => {
+        const ctx = getBunshotCtx(c);
+        const store = storeOverride ?? ctx.config.resolvedStores.cache ?? 'redis';
+        const appName = ctx.config.appName;
+        const rawKey = typeof key === 'function' ? key(c) : key;
+        // Per-tenant namespacing: prevents two tenants caching the same key from colliding
+        const tenantId = c.get('tenantId');
+        const tenantSegment = tenantId ? `${tenantId}:` : '';
+        const cacheKey = `cache:${appName}:${tenantSegment}${rawKey}`;
+        const cached = await storeGet(ctx, store, cacheKey);
+        if (cached) {
+            const { status, headers, body } = JSON.parse(cached);
+            return new Response(body, {
+                status,
+                headers: { ...headers, 'x-cache': 'HIT' },
+            });
+        }
+        await next();
+        const res = c.res;
+        if (res.status >= 200 && res.status < 300) {
+            const body = await res.text();
+            const headers = {};
+            res.headers.forEach((value, name) => {
+                if (!UNCACHEABLE_HEADERS.has(name.toLowerCase())) {
+                    headers[name] = value;
+                }
+            });
+            await storeSet(ctx, store, cacheKey, JSON.stringify({ status: res.status, headers, body }), ttl);
+            c.res = new Response(body, {
+                status: res.status,
+                headers: { ...headers, 'x-cache': 'MISS' },
+            });
+        }
+    };
+};

package/dist/{middleware → src/framework/middleware}/captcha.d.ts RENAMED Viewed

@@ -1,6 +1,5 @@
-import type { MiddlewareHandler } from "hono";
-import type { AppEnv } from "../lib/context";
-import { type CaptchaConfig } from "../lib/captcha";
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv, CaptchaConfig } from '../../../packages/bunshot-core/src/index.js';
 /**
  * Middleware factory that verifies a CAPTCHA token from the request body.
  *

package/dist/src/framework/middleware/captcha.js ADDED Viewed

@@ -0,0 +1,37 @@
+import { verifyCaptcha } from '../lib/captcha';
+import { HttpError, getContextOrNull } from '../../../packages/bunshot-core/src/index.js';
+import { getClientIp } from '../../../packages/bunshot-core/src/index.js';
+/**
+ * Middleware factory that verifies a CAPTCHA token from the request body.
+ *
+ * @example
+ * router.post("/contact", requireCaptcha({ provider: "turnstile", secretKey: "..." }), handler);
+ */
+export const requireCaptcha = (config) => async (c, next) => {
+    // Get effective config: param takes precedence, then context config
+    const app = c.get('bunshotCtx')?.app;
+    const ctx = app ? getContextOrNull(app) : null;
+    const effectiveConfig = config ?? ctx?.config?.captcha ?? undefined;
+    if (!effectiveConfig) {
+        await next();
+        return;
+    }
+    const tokenField = effectiveConfig.tokenField ?? 'captcha-token';
+    let body;
+    try {
+        body = await c.req.json();
+    }
+    catch {
+        body = {};
+    }
+    const token = body[tokenField];
+    if (!token) {
+        throw new HttpError(400, 'CAPTCHA token is required', 'CAPTCHA_MISSING');
+    }
+    const ip = getClientIp(c) ?? undefined;
+    const result = await verifyCaptcha(token, effectiveConfig, ip);
+    if (!result.success) {
+        throw new HttpError(400, 'CAPTCHA verification failed', 'CAPTCHA_FAILED');
+    }
+    await next();
+};

package/dist/{middleware → src/framework/middleware}/errorHandler.d.ts RENAMED Viewed

@@ -1,2 +1,2 @@
-import type { Middleware } from ".";
+import type { Middleware } from '.';
 export declare const errorHandler: Middleware;

package/dist/{middleware → src/framework/middleware}/errorHandler.js RENAMED Viewed

@@ -1,4 +1,4 @@
-import { HttpError } from "../lib/HttpError";
+import { HttpError } from '../../../packages/bunshot-core/src/index.js';
 export const errorHandler = async (req, next) => {
     try {
         return await next(req);
@@ -11,6 +11,6 @@ export const errorHandler = async (req, next) => {
                 body.code = err.code;
             return Response.json(body, { status: err.status });
         }
-        return Response.json({ error: "Internal Server Error" }, { status: 500 });
+        return Response.json({ error: 'Internal Server Error' }, { status: 500 });
     }
 };

package/dist/src/framework/middleware/index.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export const applyMiddleware = (handler, ...middleware) => middleware.reduceRight((next, mw) => req => mw(req, next), handler);

package/dist/{middleware → src/framework/middleware}/logger.d.ts RENAMED Viewed

@@ -1,2 +1,2 @@
-import type { Middleware } from ".";
+import type { Middleware } from '.';
 export declare const logger: Middleware;

package/dist/src/framework/middleware/metrics.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import type { MetricsState } from '../lib/metrics';
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
+export interface MetricsMiddlewareOptions {
+    /** Instance-owned metrics registry. */
+    state: MetricsState;
+    /** Paths to exclude from metrics collection. Strings use prefix matching. */
+    excludePaths?: (string | RegExp)[];
+    /** Custom path normalizer to prevent cardinality explosion. */
+    normalizePath?: (path: string) => string;
+}
+export declare const metricsCollector: (options: MetricsMiddlewareOptions) => MiddlewareHandler<AppEnv>;

package/dist/src/framework/middleware/metrics.js ADDED Viewed

@@ -0,0 +1,26 @@
+import { defaultNormalizePath, incrementCounter, observeHistogram } from '../lib/metrics';
+const DEFAULT_EXCLUDE = ['/metrics', '/health', '/docs', '/openapi.json'];
+export const metricsCollector = (options) => {
+    const { state, excludePaths = DEFAULT_EXCLUDE, normalizePath = defaultNormalizePath } = options;
+    return async (c, next) => {
+        const rawPath = c.req.path;
+        const excluded = excludePaths.some(p => typeof p === 'string' ? rawPath.startsWith(p) : p.test(rawPath));
+        if (excluded)
+            return next();
+        const start = performance.now();
+        await next();
+        const duration = (performance.now() - start) / 1000; // seconds
+        const method = c.req.method;
+        const path = normalizePath(rawPath);
+        const status = String(c.res.status);
+        const tenantId = c.get('tenantId') ?? undefined;
+        const labels = { method, path, status };
+        const durationLabels = { method, path };
+        if (tenantId) {
+            labels.tenant = tenantId;
+            durationLabels.tenant = tenantId;
+        }
+        incrementCounter(state, 'http_requests_total', labels);
+        observeHistogram(state, 'http_request_duration_seconds', durationLabels, duration);
+    };
+};

package/dist/{middleware → src/framework/middleware}/rateLimit.d.ts RENAMED Viewed

@@ -1,5 +1,5 @@
-import type { MiddlewareHandler } from "hono";
-import type { AppEnv } from "../lib/context";
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
 export interface RateLimitOptions {
     windowMs: number;
     max: number;

package/dist/src/framework/middleware/rateLimit.js ADDED Viewed

@@ -0,0 +1,22 @@
+import { getBunshotCtx, getClientIp, getFingerprintBuilder, getRateLimitAdapter, } from '../../../packages/bunshot-core/src/index.js';
+export const rateLimit = ({ windowMs, max, fingerprintLimit = false, }) => {
+    const opts = { windowMs, max };
+    return async (c, next) => {
+        const ctx = getBunshotCtx(c);
+        const adapter = getRateLimitAdapter(ctx);
+        const ip = getClientIp(c);
+        // Per-tenant namespacing: each tenant gets independent rate limit buckets
+        const tenantId = c.get('tenantId');
+        const prefix = tenantId ? `t:${tenantId}:` : '';
+        if (await adapter.trackAttempt(`${prefix}ip:${ip}`, opts)) {
+            return c.json({ error: 'Too Many Requests' }, 429);
+        }
+        if (fingerprintLimit) {
+            const fp = await getFingerprintBuilder(ctx).buildFingerprint(c.req.raw);
+            if (await adapter.trackAttempt(`${prefix}fp:${fp}`, opts)) {
+                return c.json({ error: 'Too Many Requests' }, 429);
+            }
+        }
+        await next();
+    };
+};

package/dist/src/framework/middleware/requestId.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
+export declare const requestId: MiddlewareHandler<AppEnv>;

package/dist/{middleware → src/framework/middleware}/requestId.js RENAMED Viewed

@@ -1,7 +1,7 @@
-import { HEADER_REQUEST_ID } from "../lib/constants";
+import { HEADER_REQUEST_ID } from '../../../packages/bunshot-core/src/index.js';
 export const requestId = async (c, next) => {
     const id = c.req.header(HEADER_REQUEST_ID) ?? crypto.randomUUID();
-    c.set("requestId", id);
+    c.set('requestId', id);
     await next();
     c.res.headers.set(HEADER_REQUEST_ID, id);
 };

package/dist/{middleware → src/framework/middleware}/requestLogger.d.ts RENAMED Viewed

@@ -1,6 +1,6 @@
-import type { MiddlewareHandler } from "hono";
-import type { AppEnv } from "../lib/context";
-export type LogLevel = "info" | "warn" | "error";
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
+export type LogLevel = 'info' | 'warn' | 'error';
 export interface RequestLogEntry {
     level: LogLevel;
     time: number;

package/dist/{middleware → src/framework/middleware}/requestLogger.js RENAMED Viewed

@@ -1,13 +1,18 @@
-import { getClientIp } from "../lib/clientIp";
+import { getClientIp } from '../../../packages/bunshot-core/src/index.js';
 const LEVEL_ORDER = { info: 0, warn: 1, error: 2 };
 function statusToLevel(status) {
     if (status >= 500)
-        return "error";
+        return 'error';
     if (status >= 400)
-        return "warn";
-    return "info";
+        return 'warn';
+    return 'info';
 }
-const DEFAULT_EXCLUDE_PATHS = ["/health", "/docs", "/openapi.json", "/metrics"];
+const DEFAULT_EXCLUDE_PATHS = [
+    '/health',
+    '/docs',
+    '/openapi.json',
+    '/metrics',
+];
 export const requestLogger = (options = {}) => {
     const { onLog = (entry) => console.log(JSON.stringify(entry)), level: minLevel, excludePaths = DEFAULT_EXCLUDE_PATHS, excludeMethods, } = options;
     return async (c, next) => {
@@ -16,7 +21,7 @@ export const requestLogger = (options = {}) => {
             return next();
         }
         const path = c.req.path;
-        const excluded = excludePaths.some(p => typeof p === "string" ? path.startsWith(p) : p.test(path));
+        const excluded = excludePaths.some(p => typeof p === 'string' ? path.startsWith(p) : p.test(path));
         if (excluded) {
             return next();
         }
@@ -38,17 +43,17 @@ export const requestLogger = (options = {}) => {
         const entry = {
             level,
             time: Date.now(),
-            msg: `${method} ${path} ${error ? "ERROR" : statusCode}`,
-            requestId: c.get("requestId") ?? "unknown",
+            msg: `${method} ${path} ${error ? 'ERROR' : statusCode}`,
+            requestId: c.get('requestId') ?? 'unknown',
             method,
             path,
             statusCode,
             responseTime: Math.round((performance.now() - start) * 100) / 100,
             ip: getClientIp(c),
-            userAgent: c.req.header("user-agent") ?? null,
-            userId: c.get("authUserId") ?? null,
-            sessionId: c.get("sessionId") ?? null,
-            tenantId: c.get("tenantId") ?? null,
+            userAgent: c.req.header('user-agent') ?? null,
+            userId: c.get('authUserId') ?? null,
+            sessionId: c.get('sessionId') ?? null,
+            tenantId: c.get('tenantId') ?? null,
         };
         if (error) {
             entry.err = {

package/dist/{middleware → src/framework/middleware}/requestSigning.d.ts RENAMED Viewed

@@ -1,5 +1,5 @@
-import type { MiddlewareHandler } from "hono";
-import type { AppEnv } from "../lib/context";
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
 export interface RequestSigningOptions {
     /** Allowed age of the timestamp in milliseconds. Default: 300_000 (5 min). */
     tolerance?: number;

package/dist/{middleware → src/framework/middleware}/requestSigning.js RENAMED Viewed

@@ -1,7 +1,5 @@
-import { getSigningConfig, getSigningSecret } from "../lib/appConfig";
-import { hmacVerify } from "../lib/signing";
-import { HEADER_SIGNATURE, HEADER_TIMESTAMP } from "../lib/constants";
-import { HttpError } from "../lib/HttpError";
+import { hmacVerify } from '../../lib/signing';
+import { HEADER_SIGNATURE, HEADER_TIMESTAMP, HttpError } from '../../../packages/bunshot-core/src/index.js';
 /**
  * Canonicalize the query string for signing.
  *
@@ -14,19 +12,19 @@ import { HttpError } from "../lib/HttpError";
  */
 function canonicalizeQuery(search) {
     // Remove leading "?"
-    const qs = search.startsWith("?") ? search.slice(1) : search;
+    const qs = search.startsWith('?') ? search.slice(1) : search;
     if (!qs)
-        return "";
+        return '';
     const pairs = [];
-    for (const part of qs.split("&")) {
+    for (const part of qs.split('&')) {
         if (!part)
             continue;
-        const eqIdx = part.indexOf("=");
+        const eqIdx = part.indexOf('=');
         const rawKey = eqIdx === -1 ? part : part.slice(0, eqIdx);
-        const rawVal = eqIdx === -1 ? "" : part.slice(eqIdx + 1);
+        const rawVal = eqIdx === -1 ? '' : part.slice(eqIdx + 1);
         // Normalize encoding: decode then re-encode
-        const key = encodeURIComponent(decodeURIComponent(rawKey.replace(/\+/g, " ")));
-        const val = encodeURIComponent(decodeURIComponent(rawVal.replace(/\+/g, " ")));
+        const key = encodeURIComponent(decodeURIComponent(rawKey.replace(/\+/g, ' ')));
+        const val = encodeURIComponent(decodeURIComponent(rawVal.replace(/\+/g, ' ')));
         pairs.push([key, val]);
     }
     // Sort by key, then by value for repeated keys
@@ -35,7 +33,7 @@ function canonicalizeQuery(search) {
             return a[0] < b[0] ? -1 : 1;
         return a[1] < b[1] ? -1 : 1;
     });
-    return pairs.map(([k, v]) => `${k}=${v}`).join("&");
+    return pairs.map(([k, v]) => `${k}=${v}`).join('&');
 }
 /**
  * Middleware that verifies the client has HMAC-signed the canonical request.
@@ -47,13 +45,13 @@ function canonicalizeQuery(search) {
  * is a no-op pass-through.
  */
 export const requireSignedRequest = (opts) => async (c, next) => {
-    const cfg = getSigningConfig();
+    const cfg = c.get('bunshotCtx')?.signing;
     // No-op when request signing is not enabled
     if (!cfg?.requestSigning) {
         await next();
         return;
     }
-    const signingOpts = typeof cfg.requestSigning === "object" ? cfg.requestSigning : {};
+    const signingOpts = typeof cfg.requestSigning === 'object' ? cfg.requestSigning : {};
     const tolerance = opts?.tolerance ?? signingOpts.tolerance ?? 300_000;
     const sigHeader = opts?.header ?? signingOpts.header ?? HEADER_SIGNATURE;
     const tsHeader = opts?.timestampHeader ?? signingOpts.timestampHeader ?? HEADER_TIMESTAMP;
@@ -61,22 +59,22 @@ export const requireSignedRequest = (opts) => async (c, next) => {
     const rawTs = c.req.header(tsHeader);
     const tsNum = rawTs !== undefined ? parseInt(rawTs, 10) : NaN;
     if (isNaN(tsNum)) {
-        throw new HttpError(401, "Unauthorized", "EXPIRED_TIMESTAMP");
+        throw new HttpError(401, 'Unauthorized', 'EXPIRED_TIMESTAMP');
     }
     // Auto-detect Unix seconds (< 1e10) vs milliseconds
     const tsMs = tsNum < 1e10 ? tsNum * 1000 : tsNum;
     if (Math.abs(Date.now() - tsMs) > tolerance) {
-        throw new HttpError(401, "Unauthorized", "EXPIRED_TIMESTAMP");
+        throw new HttpError(401, 'Unauthorized', 'EXPIRED_TIMESTAMP');
     }
     // --- Signature header ---
     const sig = c.req.header(sigHeader);
     if (!sig) {
-        throw new HttpError(401, "Unauthorized", "INVALID_SIGNATURE");
+        throw new HttpError(401, 'Unauthorized', 'INVALID_SIGNATURE');
     }
     // --- Secret resolution ---
-    const secret = getSigningSecret();
+    const secret = cfg.secret ?? null;
     if (!secret) {
-        throw new HttpError(500, "Internal Server Error", "SIGNING_SECRET_MISSING");
+        throw new HttpError(500, 'Internal Server Error', 'SIGNING_SECRET_MISSING');
     }
     // --- Build canonical string ---
     const method = c.req.method.toUpperCase();
@@ -94,7 +92,7 @@ export const requireSignedRequest = (opts) => async (c, next) => {
         valid = false;
     }
     if (!valid) {
-        throw new HttpError(401, "Unauthorized", "INVALID_SIGNATURE");
+        throw new HttpError(401, 'Unauthorized', 'INVALID_SIGNATURE');
     }
     await next();
 };

package/dist/src/framework/middleware/tenant.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
+import type { TenancyConfig, TenantConfig } from '../../app';
+export interface TenantResolutionCache {
+    get(key: string): TenantConfig | null | undefined;
+    set(key: string, value: TenantConfig | null): void;
+    delete(key: string): void;
+}
+export interface TenantCacheCarrier {
+    cache: TenantResolutionCache | null;
+}
+export declare const invalidateTenantCache: (cache: TenantResolutionCache | null | undefined, tenantId: string) => void;
+export declare function getTenantCacheFromApp(app: object): TenantResolutionCache | null;
+export declare const createTenantMiddleware: (config: TenancyConfig, carrier?: TenantCacheCarrier) => MiddlewareHandler<AppEnv>;

package/dist/{middleware → src/framework/middleware}/tenant.js RENAMED Viewed

@@ -1,3 +1,4 @@
+import { getContext } from '../../../packages/bunshot-core/src/index.js';
 class LruCache {
     _map = new Map();
     _maxSize;
@@ -37,79 +38,82 @@ class LruCache {
 // ---------------------------------------------------------------------------
 // Exported cache invalidation (used by tenant provisioning helpers)
 // ---------------------------------------------------------------------------
-let _cache = null;
-export const invalidateTenantCache = (tenantId) => {
-    _cache?.delete(tenantId);
+export const invalidateTenantCache = (cache, tenantId) => {
+    cache?.delete(tenantId);
 };
+export function getTenantCacheFromApp(app) {
+    const ctx = getContext(app);
+    return (ctx.pluginState.get('tenantResolutionCache') ??
+        null);
+}
 // ---------------------------------------------------------------------------
 // Tenant resolution middleware
 // ---------------------------------------------------------------------------
-const DEFAULT_EXEMPT = ["/health", "/docs", "/openapi.json", "/auth/"];
+const DEFAULT_EXEMPT = ['/health', '/docs', '/openapi.json', '/auth/'];
 function extractTenantId(c, config) {
-    if (config.resolution === "header") {
-        const headerName = config.headerName ?? "x-tenant-id";
+    if (config.resolution === 'header') {
+        const headerName = config.headerName ?? 'x-tenant-id';
         return c.req.header(headerName) ?? null;
     }
-    if (config.resolution === "subdomain") {
-        const host = c.req.header("host") ?? "";
+    if (config.resolution === 'subdomain') {
+        const host = c.req.header('host') ?? '';
         // Extract first subdomain: "acme.myapp.com" → "acme"
-        const parts = host.split(".");
+        const parts = host.split('.');
         if (parts.length < 3)
             return null; // no subdomain
         return parts[0] || null;
     }
-    if (config.resolution === "path") {
+    if (config.resolution === 'path') {
         const segmentIndex = config.pathSegment ?? 0;
         // Path: "/acme/api/users" → segments after split: ["", "acme", "api", "users"]
-        const segments = c.req.path.split("/").filter(Boolean);
+        const segments = c.req.path.split('/').filter(Boolean);
         return segments[segmentIndex] ?? null;
     }
     return null;
 }
-export const createTenantMiddleware = (config) => {
+export const createTenantMiddleware = (config, carrier) => {
     const exemptPaths = [...DEFAULT_EXEMPT, ...(config.exemptPaths ?? [])];
     const rejectionStatus = config.rejectionStatus ?? 403;
     const cacheTtlMs = config.cacheTtlMs ?? 60_000;
     const cacheMaxSize = config.cacheMaxSize ?? 500;
-    // Initialize LRU cache if caching is enabled and onResolve is provided
-    if (config.onResolve && cacheTtlMs > 0) {
-        _cache = new LruCache(cacheMaxSize, cacheTtlMs);
-    }
+    const cache = config.onResolve && cacheTtlMs > 0 ? new LruCache(cacheMaxSize, cacheTtlMs) : null;
+    if (carrier)
+        carrier.cache = cache;
     return async (c, next) => {
         const path = c.req.path;
         // Check exempt paths using startsWith
         for (const exempt of exemptPaths) {
             if (path === exempt || path.startsWith(exempt)) {
-                c.set("tenantId", null);
-                c.set("tenantConfig", null);
+                c.set('tenantId', null);
+                c.set('tenantConfig', null);
                 return next();
             }
         }
         const tenantId = extractTenantId(c, config);
         if (!tenantId) {
-            return c.json({ error: "Tenant ID required" }, 400);
+            return c.json({ error: 'Tenant ID required' }, 400);
         }
         // Validate via onResolve (with caching)
         if (config.onResolve) {
             let tenantConfig;
-            if (_cache) {
-                tenantConfig = _cache.get(tenantId);
+            if (cache) {
+                tenantConfig = cache.get(tenantId);
             }
             // undefined = cache miss, null = onResolve returned null (rejected)
             if (tenantConfig === undefined) {
                 tenantConfig = await config.onResolve(tenantId);
-                _cache?.set(tenantId, tenantConfig);
+                cache?.set(tenantId, tenantConfig);
             }
             if (tenantConfig === null) {
-                return c.json({ error: "Access denied" }, rejectionStatus);
+                return c.json({ error: 'Access denied' }, rejectionStatus);
             }
-            c.set("tenantId", tenantId);
-            c.set("tenantConfig", tenantConfig);
+            c.set('tenantId', tenantId);
+            c.set('tenantConfig', tenantConfig);
         }
         else {
             // No onResolve — trust the tenant ID
-            c.set("tenantId", tenantId);
-            c.set("tenantConfig", null);
+            c.set('tenantId', tenantId);
+            c.set('tenantConfig', null);
         }
         return next();
     };

package/dist/src/framework/middleware/upload.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import type { UploadOpts } from '../lib/upload';
+import type { MiddlewareHandler } from 'hono';
+import type { AppEnv } from '../../../packages/bunshot-core/src/index.js';
+export type UploadMiddlewareOptions = UploadOpts;
+export declare const handleUpload: (opts?: UploadMiddlewareOptions) => MiddlewareHandler<AppEnv>;