@lastshotlabs/bunshot 0.0.3 → 0.0.4

package/dist/lib/session.d.ts

@@ -0,0 +1,6 @@
+type SessionStore = "redis" | "mongo" | "sqlite" | "memory";
+export declare const setSessionStore: (store: SessionStore) => void;
+export declare const createSession: (userId: string, token: string) => Promise<void>;
+export declare const getSession: (userId: string) => Promise<any>;
+export declare const deleteSession: (userId: string) => Promise<void>;
+export {};

package/dist/lib/validate.d.ts

@@ -0,0 +1,2 @@
+import { z } from "zod";
+export declare const validate: <T extends z.ZodType>(schema: T, req: Request) => Promise<z.output<T>>;

package/dist/lib/ws.d.ts

@@ -0,0 +1,21 @@
+import type { Server, ServerWebSocket } from "bun";
+type WithRooms = {
+    rooms: Set<string>;
+};
+type WithSocketId = {
+    id: string;
+} & WithRooms;
+export declare const setWsServer: (server: Server<any>) => void;
+export declare const publish: (topic: string, data: unknown) => void;
+/** All rooms that currently have at least one subscriber */
+export declare const getRooms: () => string[];
+/** Socket IDs subscribed to a given room */
+export declare const getRoomSubscribers: (room: string) => string[];
+type RoomGuard<T extends WithRooms> = (ws: ServerWebSocket<T>, room: string) => boolean | Promise<boolean>;
+export declare const handleRoomActions: <T extends WithSocketId>(ws: ServerWebSocket<T>, message: string | Buffer, onSubscribe?: RoomGuard<T>) => Promise<boolean>;
+export declare const subscribe: <T extends WithSocketId>(ws: ServerWebSocket<T>, room: string) => void;
+export declare const unsubscribe: <T extends WithSocketId>(ws: ServerWebSocket<T>, room: string) => void;
+export declare const getSubscriptions: <T extends WithRooms>(ws: ServerWebSocket<T>) => string[];
+/** Called on socket close to prune the registry. Internal use only. */
+export declare const cleanupSocket: (socketId: string, rooms: Set<string>) => void;
+export {};

package/dist/middleware/bearerAuth.d.ts

@@ -0,0 +1,2 @@
+import type { MiddlewareHandler } from "hono";
+export declare const bearerAuth: MiddlewareHandler;

package/dist/middleware/botProtection.d.ts

@@ -0,0 +1,9 @@
+import type { MiddlewareHandler } from "hono";
+export interface BotProtectionOptions {
+    /**
+     * List of IPv4 CIDRs (e.g. "198.51.100.0/24"), IPv4 exact addresses,
+     * or IPv6 exact addresses to block with a 403.
+     */
+    blockList?: string[];
+}
+export declare const botProtection: ({ blockList, }: BotProtectionOptions) => MiddlewareHandler;

package/dist/middleware/cacheResponse.d.ts

@@ -0,0 +1,14 @@
+import type { MiddlewareHandler } from "hono";
+import type { AppEnv } from "../lib/context";
+type CacheStore = "redis" | "mongo" | "sqlite" | "memory";
+export declare const setCacheStore: (store: CacheStore) => void;
+export declare const bustCache: (key: string) => Promise<void>;
+export declare const bustCachePattern: (pattern: string) => Promise<void>;
+type KeyFn = (c: Parameters<MiddlewareHandler<AppEnv>>[0]) => string;
+interface CacheOptions {
+    ttl?: number;
+    key: string | KeyFn;
+    store?: CacheStore;
+}
+export declare const cacheResponse: ({ ttl, key, store }: CacheOptions) => MiddlewareHandler<AppEnv>;
+export {};

package/dist/middleware/cors.d.ts

@@ -0,0 +1,2 @@
+import type { Middleware } from ".";
+export declare const cors: Middleware;

package/dist/middleware/errorHandler.d.ts

@@ -0,0 +1,2 @@
+import type { Middleware } from ".";
+export declare const errorHandler: Middleware;

package/dist/middleware/identify.d.ts

@@ -0,0 +1,3 @@
+import type { MiddlewareHandler } from "hono";
+import type { AppEnv } from "../lib/context";
+export declare const identify: MiddlewareHandler<AppEnv>;

package/dist/middleware/index.d.ts

@@ -0,0 +1,3 @@
+export type Handler = (req: Request) => Response | Promise<Response>;
+export type Middleware = (req: Request, next: Handler) => Response | Promise<Response>;
+export declare const applyMiddleware: (handler: Handler, ...middleware: Middleware[]) => Handler;

package/dist/middleware/logger.d.ts

@@ -0,0 +1,2 @@
+import type { Middleware } from ".";
+export declare const logger: Middleware;

package/dist/middleware/rateLimit.d.ts

@@ -0,0 +1,8 @@
+import type { MiddlewareHandler } from "hono";
+export interface RateLimitOptions {
+    windowMs: number;
+    max: number;
+    /** Also rate-limit by HTTP fingerprint in addition to IP. Default: false */
+    fingerprintLimit?: boolean;
+}
+export declare const rateLimit: ({ windowMs, max, fingerprintLimit, }: RateLimitOptions) => MiddlewareHandler;

package/dist/middleware/requireRole.d.ts

@@ -0,0 +1,17 @@
+import type { MiddlewareHandler } from "hono";
+import type { AppEnv } from "../lib/context";
+/**
+ * Middleware factory that enforces role-based access.
+ * Requires `identify` to have run first (authUserId must be set).
+ * Roles are fetched lazily on the first role-checked route and cached on the context.
+ *
+ * The adapter must implement `getRoles` for this to work.
+ *
+ * @example
+ * // Allow any authenticated user with the "admin" role
+ * app.get("/admin", userAuth, requireRole("admin"), handler)
+ *
+ * // Allow users with either "admin" or "moderator"
+ * app.get("/mod", userAuth, requireRole("admin", "moderator"), handler)
+ */
+export declare const requireRole: (...roles: string[]) => MiddlewareHandler<AppEnv>;

package/dist/middleware/requireVerifiedEmail.d.ts

@@ -0,0 +1,12 @@
+import type { MiddlewareHandler } from "hono";
+import type { AppEnv } from "../lib/context";
+/**
+ * Middleware that blocks access for users whose email address has not been verified.
+ * Must run after `userAuth` (requires `authUserId` to be set on context).
+ *
+ * The adapter must implement `getEmailVerified` for this to work.
+ *
+ * @example
+ * router.use("/dashboard", userAuth, requireVerifiedEmail);
+ */
+export declare const requireVerifiedEmail: MiddlewareHandler<AppEnv>;

package/dist/middleware/userAuth.d.ts

@@ -0,0 +1,3 @@
+import type { MiddlewareHandler } from "hono";
+import type { AppEnv } from "../lib/context";
+export declare const userAuth: MiddlewareHandler<AppEnv>;

package/dist/models/AuthUser.d.ts

@@ -0,0 +1,112 @@
+import mongoose from "mongoose";
+export declare const AuthUser: mongoose.Model<{
+    providerIds: string[];
+    emailVerified: boolean;
+    roles: string[];
+    email?: string | null | undefined;
+    password?: string | null | undefined;
+} & mongoose.DefaultTimestampProps, {}, {}, {
+    id: string;
+}, mongoose.Document<unknown, {}, {
+    providerIds: string[];
+    emailVerified: boolean;
+    roles: string[];
+    email?: string | null | undefined;
+    password?: string | null | undefined;
+} & mongoose.DefaultTimestampProps, {
+    id: string;
+}, {
+    timestamps: true;
+}> & Omit<{
+    providerIds: string[];
+    emailVerified: boolean;
+    roles: string[];
+    email?: string | null | undefined;
+    password?: string | null | undefined;
+} & mongoose.DefaultTimestampProps & {
+    _id: mongoose.Types.ObjectId;
+} & {
+    __v: number;
+}, "id"> & {
+    id: string;
+}, mongoose.Schema<any, mongoose.Model<any, any, any, any, any, any, any>, {}, {}, {}, {}, {
+    timestamps: true;
+}, {
+    providerIds: string[];
+    emailVerified: boolean;
+    roles: string[];
+    email?: string | null | undefined;
+    password?: string | null | undefined;
+} & mongoose.DefaultTimestampProps, mongoose.Document<unknown, {}, {
+    providerIds: string[];
+    emailVerified: boolean;
+    roles: string[];
+    email?: string | null | undefined;
+    password?: string | null | undefined;
+} & mongoose.DefaultTimestampProps, {
+    id: string;
+}, mongoose.MergeType<mongoose.DefaultSchemaOptions, {
+    timestamps: true;
+}>> & Omit<{
+    providerIds: string[];
+    emailVerified: boolean;
+    roles: string[];
+    email?: string | null | undefined;
+    password?: string | null | undefined;
+} & mongoose.DefaultTimestampProps & {
+    _id: mongoose.Types.ObjectId;
+} & {
+    __v: number;
+}, "id"> & {
+    id: string;
+}, {
+    [path: string]: mongoose.SchemaDefinitionProperty<undefined, any, any>;
+} | {
+    [x: string]: mongoose.SchemaDefinitionProperty<any, any, mongoose.Document<unknown, {}, {
+        providerIds: string[];
+        emailVerified: boolean;
+        roles: string[];
+        email?: string | null | undefined;
+        password?: string | null | undefined;
+    } & mongoose.DefaultTimestampProps, {
+        id: string;
+    }, mongoose.MergeType<mongoose.DefaultSchemaOptions, {
+        timestamps: true;
+    }>> & Omit<{
+        providerIds: string[];
+        emailVerified: boolean;
+        roles: string[];
+        email?: string | null | undefined;
+        password?: string | null | undefined;
+    } & mongoose.DefaultTimestampProps & {
+        _id: mongoose.Types.ObjectId;
+    } & {
+        __v: number;
+    }, "id"> & {
+        id: string;
+    }> | undefined;
+}, {
+    providerIds: string[];
+    emailVerified: boolean;
+    roles: string[];
+    email?: string | null | undefined;
+    password?: string | null | undefined;
+    createdAt: NativeDate;
+    updatedAt: NativeDate;
+} & {
+    _id: mongoose.Types.ObjectId;
+} & {
+    __v: number;
+}>, {
+    providerIds: string[];
+    emailVerified: boolean;
+    roles: string[];
+    email?: string | null | undefined;
+    password?: string | null | undefined;
+    createdAt: NativeDate;
+    updatedAt: NativeDate;
+} & {
+    _id: mongoose.Types.ObjectId;
+} & {
+    __v: number;
+}>;

package/dist/routes/auth.d.ts

@@ -0,0 +1,8 @@
+import type { PrimaryField, EmailVerificationConfig } from "../lib/appConfig";
+import type { AuthRateLimitConfig } from "../app";
+export interface AuthRouterOptions {
+    primaryField: PrimaryField;
+    emailVerification?: EmailVerificationConfig;
+    rateLimit?: AuthRateLimitConfig;
+}
+export declare const createAuthRouter: ({ primaryField, emailVerification, rateLimit }: AuthRouterOptions) => import("@hono/zod-openapi").OpenAPIHono<import("../lib/context").AppEnv, {}, "/">;

package/dist/routes/health.d.ts

@@ -0,0 +1 @@
+export declare const router: import("@hono/zod-openapi").OpenAPIHono<import("../lib/context").AppEnv, {}, "/">;

package/dist/routes/home.d.ts

@@ -0,0 +1 @@
+export declare const router: import("@hono/zod-openapi").OpenAPIHono<import("../lib/context").AppEnv, {}, "/">;

package/dist/routes/oauth.d.ts

@@ -0,0 +1,2 @@
+import type { AppEnv } from "../lib/context";
+export declare const createOAuthRouter: (providers: string[], postLoginRedirect: string) => import("@hono/zod-openapi").OpenAPIHono<AppEnv, {}, "/">;

package/dist/schemas/auth.d.ts

@@ -0,0 +1,10 @@
+import { z } from "zod";
+import type { PrimaryField } from "../lib/appConfig";
+export declare const makeRegisterSchema: (primaryField: PrimaryField) => z.ZodObject<{
+    [x: string]: z.ZodString;
+    password: z.ZodString;
+}, z.core.$strip>;
+export declare const makeLoginSchema: (primaryField: PrimaryField) => z.ZodObject<{
+    [x: string]: z.ZodString;
+    password: z.ZodString;
+}, z.core.$strip>;

package/dist/server.d.ts

@@ -0,0 +1,25 @@
+import type { Server, ServerWebSocket, WebSocketHandler } from "bun";
+import { type CreateAppConfig } from "./app";
+import { type SocketData } from "./ws/index";
+export interface WsConfig<T extends object = object> {
+    /** Override or extend the default WebSocket handler */
+    handler?: WebSocketHandler<SocketData<T>>;
+    /** Override the default /ws upgrade handler (auth + upgrade logic) */
+    upgradeHandler?: (req: Request, server: Server<SocketData<T>>) => Promise<Response | undefined>;
+    /**
+     * Guard called before a socket joins a room via the subscribe action.
+     * Return true to allow, false to deny (client receives { event: "subscribe_denied", room }).
+     * ws.data.userId is available for auth checks.
+     */
+    onRoomSubscribe?: (ws: ServerWebSocket<SocketData<T>>, room: string) => boolean | Promise<boolean>;
+}
+export interface CreateServerConfig<T extends object = object> extends CreateAppConfig {
+    port?: number;
+    /** Absolute path to the service's workers directory — auto-imports all .ts files */
+    workersDir?: string;
+    /** Set false to disable auto-loading workers. Defaults to true */
+    enableWorkers?: boolean;
+    /** WebSocket configuration */
+    ws?: WsConfig<T>;
+}
+export declare const createServer: <T extends object = object>(config: CreateServerConfig<T>) => Promise<Server<SocketData<T>>>;

package/dist/services/auth.d.ts

@@ -0,0 +1,6 @@
+export declare const register: (identifier: string, password: string) => Promise<string>;
+export declare const login: (identifier: string, password: string) => Promise<{
+    token: string;
+    emailVerified?: boolean;
+}>;
+export declare const logout: (token: string | null) => Promise<void>;

package/dist/ws/index.d.ts

@@ -0,0 +1,10 @@
+import type { Server, WebSocketHandler } from "bun";
+export type SocketData<T extends object = object> = {
+    id: string;
+    userId: string | null;
+    rooms: Set<string>;
+} & T;
+type BaseSocketData = SocketData<object>;
+export declare const createWsUpgradeHandler: (server: Server<BaseSocketData>) => (req: Request) => Promise<Response | undefined>;
+export declare const websocket: WebSocketHandler<BaseSocketData>;
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lastshotlabs/bunshot",
-  "version": "0.0.3",
+  "version": "0.0.4",
   "description": "Batteries-included Bun + Hono API framework — auth, sessions, rate limiting, WebSocket, queues, and OpenAPI docs out of the box",
   "repository": {
     "type": "git",
@@ -16,14 +16,24 @@
     "websocket",
     "openapi"
   ],
-  "module": "src/index.ts",
+  "module": "dist/index.js",
+  "types": "dist/index.d.ts",
   "exports": {
-    ".": "./src/index.ts"
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
   },
   "bin": {
-    "bunshot": "./src/cli.ts"
+    "bunshot": "./dist/cli.js"
   },
+  "files": [
+    "dist"
+  ],
   "scripts": {
+    "build": "bun build src/index.ts --outdir dist --minify --target bun --external '*' && bun build src/cli.ts --outdir dist --minify --target bun --external '*' && tsc -p tsconfig.build.json && tsc-alias -p tsconfig.build.json",
+    "prepublishOnly": "bun run build",
+    "release": "npm version patch && npm publish",
     "dev": "bun --watch src/index.ts",
     "start": "bun src/index.ts"
   },
@@ -39,9 +49,11 @@
     "zod": "4.3.6"
   },
   "devDependencies": {
-    "@types/bun": "1.3.10"
+    "@types/bun": "1.3.10",
+    "tsc-alias": "^1.8.16",
+    "typescript": "^5.9.3"
   },
   "publishConfig": {
     "access": "public"
   }
-}
+}

package/CLAUDE.md

@@ -1,102 +0,0 @@
-# CLAUDE.md
-
-This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
-
-See @README for project overview
-
-Update ReadMe and this file (CLAUDE.md) when adding, modifying, or deleting features to ensure proper documentation
-
-## Commands
-
-```bash
-bun run dev     # Watch mode (hot reload)
-bun run start   # Run without watch
-```
-
-There are no build, test, or lint scripts — this is a library package published to npm as `@lastshotlabs/bunshot`.
-
-## Architecture
-
-This is a **Bun + Hono API framework library** that consuming projects install as a dependency. It provides batteries-included scaffolding: auto-discovery of routes/workers, built-in auth, OpenAPI docs, WebSocket rooms, caching, and rate limiting.
-
-### Entry Points
-
-- **[src/app.ts](src/app.ts)** — `createApp(config)` factory: sets up Hono with CORS, middleware stack, auto-discovered routes, and OpenAPI/Scalar docs
-- **[src/server.ts](src/server.ts)** — `createServer(config)` factory: wraps app with `Bun.serve()`, adds WebSocket upgrade handling, and auto-discovers BullMQ workers
-- **[src/index.ts](src/index.ts)** — Barrel export for all public APIs
-- **[src/cli.ts](src/cli.ts)** — CLI entry point
-
-### Key Patterns
-
-**Route auto-discovery:** Consuming projects place routes in a `routes/` directory. The framework scans and registers them automatically. Routes use `@hono/zod-openapi` for type-safe OpenAPI definitions. Load order can be controlled by exporting `export const priority = <number>` from a route file (lower = loaded first; files without it load last).
-
-**Worker auto-discovery:** BullMQ workers are placed in a `workers/` directory and auto-started by `createServer`.
-
-**Auth flow:** `src/lib/auth.ts` orchestrates login/register/logout/email-verification. The auth store is pluggable via `AuthAdapter` interface (default: `src/adapters/mongoAuth.ts`). Sessions can be stored in Redis, MongoDB, SQLite, or memory — configured via `db.sessions` in `CreateAppConfig`. Login identifier is configurable via `auth.primaryField` (`"email"` | `"username"` | `"phone"`). Email verification is opt-in via `auth.emailVerification` (supports `required: true` to block login until verified).
-
-**Context extension:** The framework exposes a typed `AppContext` (Hono `Context`) that consuming apps extend with their own variables.
-
-### Lib Layer (`src/lib/`)
-
-| File | Purpose |
-|------|---------|
-| `mongo.ts` | Mongoose connection management; `disconnectMongo()` for clean shutdown |
-| `redis.ts` | ioredis client; `disconnectRedis()` for clean shutdown |
-| `jwt.ts` | `jose`-based JWT sign/verify |
-| `session.ts` | Session CRUD — store set via `db.sessions` ("redis" \| "mongo" \| "sqlite" \| "memory") |
-| `auth.ts` | Register/login/logout/password logic |
-| `oauth.ts` | OAuth provider coordination via `arctic` — state store set via `db.oauthState` |
-| `cache.ts` | Response cache — default store set via `db.cache`, overridable per-route; exports `bustCache` (all stores) and `bustCachePattern` (wildcard invalidation) |
-| `rateLimit.ts` | Per-key rate limiting; exports `trackAttempt`, `isLimited`, `bustAuthLimit` for use in custom routes |
-| `ws.ts` | WebSocket room registry, pub/sub helpers (`publish`, `subscribe`, `unsubscribe`, `getSubscriptions`, `handleRoomActions`, `getRooms`, `getRoomSubscribers`) — in-memory, no DB dependency |
-
-### Middleware (`src/middleware/`)
-
-- `bearerAuth` — API key validation via `Authorization: Bearer` header
-- `identify` — Reads session and attaches user to context (non-blocking)
-- `userAuth` — Requires authenticated user (blocks if not logged in)
-- `requireRole` — RBAC role enforcement
-- `requireVerifiedEmail` — Blocks access for users whose email has not been verified (requires `getEmailVerified` on adapter)
-- `rateLimit` — Request rate limiting
-- `cacheResponse` — Response caching with TTL
-
-### Adapters (`src/adapters/`)
-
-| File | Purpose |
-|------|---------|
-| `mongoAuth.ts` | Default `AuthAdapter` backed by Mongoose / MongoDB |
-| `sqliteAuth.ts` | `AuthAdapter` + session/OAuth/cache helpers backed by `bun:sqlite`. Exports `setSqliteDb(path)` and `startSqliteCleanup()`. |
-| `memoryAuth.ts` | `AuthAdapter` + session/OAuth/cache helpers backed by in-memory Maps. Exports `clearMemoryStore()` for test isolation. |
-
-### Built-in Routes (`src/routes/`)
-
-- `auth.ts` — `/auth/register`, `/auth/login`, `/auth/logout`, `/auth/set-password`, `/auth/me`, `/auth/verify-email`, `/auth/resend-verification`
-- `oauth.ts` — OAuth initiation (`GET /auth/{provider}`), callbacks, link (`GET /auth/{provider}/link`), and unlink (`DELETE /auth/{provider}/link`) handlers
-- `health.ts` — Health check
-- `home.ts` — Root endpoint
-
-### TypeScript Path Aliases
-
-Defined in `tsconfig.json`, used throughout the codebase:
-
-```
-@lib/*        → src/lib/*
-@middleware/* → src/middleware/*
-@models/*     → src/models/*
-@routes/*     → src/routes/*
-@workers/*    → src/workers/*
-@ws/*         → src/ws/*
-@schemas/*    → src/schemas/*
-@services/*   → src/services/*
-@queues/*     → src/queues/*
-```
-
-### WebSocket
-
-`src/ws/index.ts` handles connection upgrades and authenticates via `getSession()` (supports all 4 store backends). Room management lives in `src/lib/ws.ts` using in-memory Maps + Bun's native pub/sub (`ws.subscribe`/`server.publish`).
-
-### Environment Variables
-
-See README.md for the full reference. All DB/auth vars are split by environment: `*_DEV` / `*_PROD` (selected by `NODE_ENV`). Key groups: `MONGO_*`, `REDIS_*`, `JWT_SECRET_*`, `BEARER_TOKEN_*`, `PORT`.
-
-