@lastshotlabs/bunshot 0.0.28 → 0.1.0

package/.oclif.manifest.json

@@ -35,5 +35,5 @@
       ]
     }
   },
-  "version": "0.0.28"
+  "version": "0.1.0"
 }

package/dist/packages/bunshot-auth/src/lib/credentialStuffing.js

@@ -200,21 +200,11 @@ export function createCredentialStuffingService(config, repo) {
             const ipWindowMs = config.maxAccountsPerIp?.windowMs ?? 15 * 60 * 1000;
             const accountWindowMs = config.maxIpsPerAccount?.windowMs ?? 15 * 60 * 1000;
             const ipCount = await repo.getSetSize(`ip:${ip}`, ipWindowMs);
-            if (ipCount >= ipMax) {
-                try {
-                    config.onDetected?.({ type: 'ip', key: ip, count: ipCount });
-                }
-                catch { }
+            if (ipCount >= ipMax)
                 return true;
-            }
             const accountCount = await repo.getSetSize(`account:${identifier}`, accountWindowMs);
-            if (accountCount >= accountMax) {
-                try {
-                    config.onDetected?.({ type: 'account', key: identifier, count: accountCount });
-                }
-                catch { }
+            if (accountCount >= accountMax)
                 return true;
-            }
             return false;
         },
     };

package/dist/packages/bunshot-auth/src/plugin.js

@@ -17,14 +17,17 @@ export function createAuthPlugin(rawConfig) {
     const config = validatePluginConfig('bunshot-auth', rawConfig, authPluginConfigSchema);
     // Lifecycle handoff: setupMiddleware resolves this promise once bootstrap
     // completes. Later phases await it — type-safe, no mutable variable.
-    // rejectBootstrap is called when setupMiddleware throws so that downstream
-    // phases fail immediately instead of deadlocking.
+    // rejectBootstrap is called when setupMiddleware throws so teardown() can
+    // detect failure and return early rather than deadlocking on bootstrapReady.
+    // The .catch(() => {}) suppresses the unhandled-rejection warning in cases
+    // where setupMiddleware throws before teardown() attaches its own catch.
     let resolveBootstrap;
     let rejectBootstrap;
     const bootstrapReady = new Promise((resolve, reject) => {
         resolveBootstrap = resolve;
         rejectBootstrap = reject;
     });
+    bootstrapReady.catch(() => { });
     return {
         name: 'bunshot-auth',
         async setupMiddleware(app, frameworkConfig, bus) {

package/dist/src/framework/lib/auditLog.js

@@ -49,7 +49,7 @@ function createMemoryAuditLogProvider() {
     const memoryLogs = [];
     let evictedEntries = 0;
     let hasWarnedAboutTruncation = false;
-    console.warn(`[bunshot] Memory adapter for audit log is capped at ${DEFAULT_MAX_ENTRIES} entries and has no TTL-based eviction - for development/testing only`);
+    console.warn(`[bunshot] Memory adapter for audit log is capped at ${DEFAULT_MAX_ENTRIES} entries and has no eviction — for development/testing only`);
     return {
         async logEntry(entry) {
             try {

package/dist/src/framework/mountOptionalEndpoints.js

@@ -3,27 +3,44 @@ import { createQueueFactory } from '../lib/queue';
 // Implementation
 // ---------------------------------------------------------------------------
 export async function mountOptionalEndpoints(app, coreRoutesDir, jobs, metrics, upload, metricsState, resolvedSecrets) {
+    // Security validation runs before infrastructure creation so config errors
+    // take priority over missing infrastructure (Redis) errors.
+    if (jobs?.statusEndpoint) {
+        const jobsAuth = jobs.auth ?? 'none';
+        if (jobsAuth === 'none' && !jobs.unsafePublic) {
+            if (process.env.NODE_ENV === 'production') {
+                throw new Error('[security] jobs.auth is required in production. Set jobs.auth or explicitly set unsafePublic: true with auth: "none".');
+            }
+            console.warn('[security] /jobs is enabled without auth. Configure jobs.auth for production.');
+        }
+    }
+    // Queue factory is created lazily — defers Redis validation to first use
+    // so the app can start without Redis when using the jobs/metrics endpoints.
     const needsQueueFactory = !!jobs?.statusEndpoint || !!metrics?.queues?.length;
-    const queueFactory = needsQueueFactory
-        ? (() => {
+    let _cachedFactory;
+    function getLazyFactory() {
+        if (!_cachedFactory) {
             if (!resolvedSecrets.redisHost) {
                 throw new Error('[queue] Jobs/metrics queue helpers require REDIS_HOST via the Bunshot secret bundle at startup.');
             }
-            return createQueueFactory({
+            _cachedFactory = createQueueFactory({
                 host: resolvedSecrets.redisHost,
                 user: resolvedSecrets.redisUser,
                 password: resolvedSecrets.redisPassword,
             });
-        })()
+        }
+        return _cachedFactory;
+    }
+    const queueFactory = needsQueueFactory
+        ? {
+            createQueue: (...args) => getLazyFactory().createQueue(...args),
+            createWorker: (...args) => getLazyFactory().createWorker(...args),
+            createCronWorker: (...args) => getLazyFactory().createCronWorker(...args),
+            cleanupStaleSchedulers: (...args) => getLazyFactory().cleanupStaleSchedulers(...args),
+            createDLQHandler: (...args) => getLazyFactory().createDLQHandler(...args),
+        }
         : undefined;
     if (jobs?.statusEndpoint) {
-        const jobsAuth = jobs.auth ?? 'none';
-        if (jobsAuth === 'none' && !jobs.unsafePublic) {
-            if (process.env.NODE_ENV === 'production') {
-                throw new Error('[security] jobs.auth is required in production. Set jobs.auth or explicitly set unsafePublic: true with auth: "none".');
-            }
-            console.warn('[security] /jobs is enabled without auth. Configure jobs.auth for production.');
-        }
         const { createJobsRouter } = await import(`${coreRoutesDir}/jobs`);
         app.route('/', createJobsRouter(jobs, queueFactory));
     }

package/package.json

@@ -3,7 +3,7 @@
   "workspaces": [
     "packages/*"
   ],
-  "version": "0.0.28",
+  "version": "0.1.0",
   "description": "Batteries-included Bun + Hono API framework — auth, sessions, rate limiting, WebSocket, queues, and OpenAPI docs out of the box",
   "repository": {
     "type": "git",
@@ -60,11 +60,15 @@
     "topicSeparator": " "
   },
   "scripts": {
-    "typecheck": "bun --filter '*' run typecheck",
+    "typecheck": "bun run --filter '*' typecheck",
     "typecheck:root": "tsc --noEmit",
     "build": "tsc -p tsconfig.build.json && tsc-alias -p tsconfig.build.json && tsup --config tsup.cli.config.ts && oclif manifest",
+    "build:packages": "bun run --filter '*' build",
     "prepublishOnly": "bun run build",
-    "release": "npm version patch && npm publish",
+    "release": "bun run build && bun publish --access public && bun run --filter '*' publish",
+    "release:patch": "bun run --filter '*' version patch && npm version patch && bun run release",
+    "release:minor": "bun run --filter '*' version minor && npm version minor && bun run release",
+    "release:major": "bun run --filter '*' version major && npm version major && bun run release",
     "dev": "bun --watch src/index.ts",
     "start": "bun src/index.ts",
     "test": "bun test tests/unit tests/integration && bun run test:isolated && bun test --config packages/bunshot-core/bunfig.toml packages/bunshot-core/tests && bun test --config packages/bunshot-permissions/bunfig.toml packages/bunshot-permissions/tests",
@@ -92,8 +96,8 @@
   "dependencies": {
     "@asteasolutions/zod-to-openapi": "^8.4.1",
     "@hono/zod-openapi": "1.2.2",
-    "@lastshotlabs/bunshot-auth": "0.1.0",
-    "@lastshotlabs/bunshot-core": "0.1.0",
+    "@lastshotlabs/bunshot-auth": "workspace:*",
+    "@lastshotlabs/bunshot-core": "workspace:*",
     "@oclif/core": "^4.10.2",
     "@scalar/hono-api-reference": "0.10.0",
     "arctic": "^3.7.0",
@@ -110,7 +114,15 @@
     "@simplewebauthn/server": ">=10.0.0",
     "@aws-sdk/client-s3": ">=3.0",
     "@aws-sdk/s3-request-presigner": ">=3.0",
-    "@aws-sdk/lib-storage": ">=3.0"
+    "@aws-sdk/lib-storage": ">=3.0",
+    "@lastshotlabs/bunshot-admin": ">=0.1.0",
+    "@lastshotlabs/bunshot-bullmq": ">=0.1.0",
+    "@lastshotlabs/bunshot-community": ">=0.1.0",
+    "@lastshotlabs/bunshot-mail": ">=0.0.1",
+    "@lastshotlabs/bunshot-permissions": ">=0.1.0",
+    "@lastshotlabs/bunshot-postgres": ">=0.1.0",
+    "@lastshotlabs/bunshot-push": ">=0.1.0",
+    "@lastshotlabs/bunshot-webhooks": ">=0.0.1"
   },
   "peerDependenciesMeta": {
     "mongoose": {
@@ -136,9 +148,35 @@
     },
     "@aws-sdk/lib-storage": {
       "optional": true
+    },
+    "@lastshotlabs/bunshot-admin": {
+      "optional": true
+    },
+    "@lastshotlabs/bunshot-bullmq": {
+      "optional": true
+    },
+    "@lastshotlabs/bunshot-community": {
+      "optional": true
+    },
+    "@lastshotlabs/bunshot-mail": {
+      "optional": true
+    },
+    "@lastshotlabs/bunshot-permissions": {
+      "optional": true
+    },
+    "@lastshotlabs/bunshot-postgres": {
+      "optional": true
+    },
+    "@lastshotlabs/bunshot-push": {
+      "optional": true
+    },
+    "@lastshotlabs/bunshot-webhooks": {
+      "optional": true
     }
   },
   "devDependencies": {
+    "@aws-sdk/client-sesv2": "^3.1017.0",
+    "@react-email/render": "^2.0.4",
     "@simplewebauthn/server": "^13.1.1",
     "@trivago/prettier-plugin-sort-imports": "^6.0.2",
     "@types/bun": "1.3.10",