@mrxsys/mrx-core 2.12.0 → 2.13.0-1-and-293-20260113

package/dist/{chunk-m3grz32t.js → chunk-6fs5g367.js}

@@ -1,19 +1,35 @@
 // @bun
+import {
+  TOTP_ERROR_KEYS
+} from "./chunk-kcy9f0ey.js";
+import {
+  InternalError
+} from "./chunk-jz3wd472.js";
+
 // source/modules/totp/utils/create-counter-buffer.ts
 var createCounterBuffer = (counter) => {
   const counterBuffer = new ArrayBuffer(8);
   const counterView = new DataView(counterBuffer);
-  if (typeof counter === "bigint")
-    counterView.setBigUint64(0, counter, false);
-  else
-    counterView.setUint32(4, counter, false);
+  const counterBigInt = typeof counter === "bigint" ? counter : BigInt(Math.floor(counter));
+  counterView.setBigUint64(0, counterBigInt, false);
   return counterBuffer;
 };
 
 // source/modules/totp/utils/dynamic-truncation.ts
+var _DIGIT_MODULO = {
+  6: 1e6,
+  8: 1e8
+};
 var dynamicTruncation = (hmacArray, digits) => {
+  if (hmacArray.length < 20)
+    throw new InternalError(TOTP_ERROR_KEYS.INVALID_HMAC_LENGTH, "HMAC must be at least 20 bytes");
+  const modulo = _DIGIT_MODULO[digits];
+  if (modulo === undefined)
+    throw new InternalError(TOTP_ERROR_KEYS.INVALID_DIGITS, "Digits must be 6 or 8");
   const offset = hmacArray[hmacArray.length - 1] & 15;
-  const code = ((hmacArray[offset] & 127) << 24 | (hmacArray[offset + 1] & 255) << 16 | (hmacArray[offset + 2] & 255) << 8 | hmacArray[offset + 3] & 255) % 10 ** digits;
+  if (offset + 4 > hmacArray.length)
+    throw new InternalError(TOTP_ERROR_KEYS.INVALID_HMAC_LENGTH, "HMAC too short for computed offset");
+  const code = ((hmacArray[offset] & 127) << 24 | (hmacArray[offset + 1] & 255) << 16 | (hmacArray[offset + 2] & 255) << 8 | hmacArray[offset + 3] & 255) % modulo;
   return code.toString().padStart(digits, "0");
 };
 

package/dist/{chunk-zv4ta4fb.js → chunk-6vw01zwm.js}

@@ -1,7 +1,7 @@
 // @bun
 import {
   HTTP_STATUS_CODES
-} from "./chunk-sqts8vyk.js";
+} from "./chunk-t2ed3f49.js";
 import {
   AppError
 } from "./chunk-jz3wd472.js";

package/dist/chunk-gcktbkx5.js

@@ -0,0 +1,13 @@
+// @bun
+// source/modules/kv-store/enums/kv-store-error-keys.ts
+var KV_STORE_ERROR_KEYS = {
+  CLOSING_CONNECTION_FAILED: "nowarajs.kv-store.error.closing_connection_failed",
+  CONNECTION_FAILED: "nowarajs.kv-store.error.connection_failed",
+  INVALID_AMOUNT: "nowarajs.kv-store.error.invalid_amount",
+  INVALID_KEY: "nowarajs.kv-store.error.invalid_key",
+  INVALID_TTL: "nowarajs.kv-store.error.invalid_ttl",
+  NOT_INTEGER: "nowarajs.kv-store.error.not_integer",
+  STORE_FULL: "nowarajs.kv-store.error.store_full"
+};
+
+export { KV_STORE_ERROR_KEYS };

package/dist/chunk-kcy9f0ey.js

@@ -0,0 +1,17 @@
+// @bun
+// source/modules/totp/enums/totp-error-keys.ts
+var TOTP_ERROR_KEYS = {
+  INVALID_ALGORITHM: "nowarajs.totp.error.invalid_algorithm",
+  INVALID_BASE32_CHARACTER: "nowarajs.totp.error.invalid_base32_character",
+  INVALID_DIGITS: "nowarajs.totp.error.invalid_digits",
+  INVALID_HMAC_LENGTH: "nowarajs.totp.error.invalid_hmac_length",
+  INVALID_OTP_AUTH_URI: "nowarajs.totp.error.invalid_otp_auth_uri",
+  INVALID_PERIOD: "nowarajs.totp.error.invalid_period",
+  INVALID_SECRET_LENGTH: "nowarajs.totp.error.invalid_secret_length",
+  INVALID_WINDOW: "nowarajs.totp.error.invalid_window",
+  MISSING_LABEL: "nowarajs.totp.error.missing_label",
+  MISSING_SECRET: "nowarajs.totp.error.missing_secret",
+  WEAK_SECRET: "nowarajs.totp.error.weak_secret"
+};
+
+export { TOTP_ERROR_KEYS };

package/dist/{chunk-j7dyc5ks.js → chunk-mhxpm2q3.js}

@@ -1,7 +1,7 @@
 // @bun
 import {
   KV_STORE_ERROR_KEYS
-} from "./chunk-8pw0syzf.js";
+} from "./chunk-gcktbkx5.js";
 import {
   InternalError
 } from "./chunk-jz3wd472.js";
@@ -10,12 +10,15 @@ import {
 class MemoryStore {
   _store = new Map;
   _cleanupInterval;
+  _maxSize;
   _cleanupTimer = null;
-  constructor(cleanupIntervalMs) {
+  constructor(cleanupIntervalMs, maxSize) {
     this._cleanupInterval = cleanupIntervalMs ?? 300000;
+    this._maxSize = maxSize ?? Infinity;
     this._startCleanup();
   }
   get(key) {
+    this._validateKey(key);
     const entry = this._store.get(key);
     if (!entry)
       return null;
@@ -27,35 +30,60 @@ class MemoryStore {
     return entry.value;
   }
   set(key, value, ttlSec) {
+    this._validateKey(key);
+    this._validateTtl(ttlSec);
+    if (this._store.size >= this._maxSize && !this._store.has(key))
+      throw new InternalError(KV_STORE_ERROR_KEYS.STORE_FULL);
     const expiresAt = ttlSec ? Date.now() + ttlSec * 1000 : -1;
     this._store.set(key, { value, expiresAt });
   }
   increment(key, amount = 1) {
-    const current = this.get(key);
+    this._validateKey(key);
+    this._validateAmount(amount);
     const entry = this._store.get(key);
-    if (current !== null && typeof current !== "number")
-      throw new InternalError(KV_STORE_ERROR_KEYS.NOT_INTEGER);
-    const currentValue = current ?? 0;
+    const now = Date.now();
+    let currentValue = 0;
+    let expiresAt = -1;
+    if (entry)
+      if (entry.expiresAt !== -1 && now > entry.expiresAt) {
+        this._store.delete(key);
+      } else {
+        if (entry.value !== null && typeof entry.value !== "number")
+          throw new InternalError(KV_STORE_ERROR_KEYS.NOT_INTEGER);
+        currentValue = entry.value ?? 0;
+        ({ expiresAt } = entry);
+      }
     const newValue = currentValue + amount;
-    const expiresAt = entry ? entry.expiresAt : -1;
     this._store.set(key, { value: newValue, expiresAt });
     return newValue;
   }
   decrement(key, amount = 1) {
-    const current = this.get(key);
+    this._validateKey(key);
+    this._validateAmount(amount);
     const entry = this._store.get(key);
-    if (current !== null && typeof current !== "number")
-      throw new InternalError(KV_STORE_ERROR_KEYS.NOT_INTEGER);
-    const currentValue = current ?? 0;
+    const now = Date.now();
+    let currentValue = 0;
+    let expiresAt = -1;
+    if (entry)
+      if (entry.expiresAt !== -1 && now > entry.expiresAt) {
+        this._store.delete(key);
+      } else {
+        if (entry.value !== null && typeof entry.value !== "number")
+          throw new InternalError(KV_STORE_ERROR_KEYS.NOT_INTEGER);
+        currentValue = entry.value ?? 0;
+        ({ expiresAt } = entry);
+      }
     const newValue = currentValue - amount;
-    const expiresAt = entry ? entry.expiresAt : -1;
     this._store.set(key, { value: newValue, expiresAt });
     return newValue;
   }
   del(key) {
+    this._validateKey(key);
     return this._store.delete(key);
   }
   expire(key, ttlSec) {
+    this._validateKey(key);
+    this._validateTtl(ttlSec);
     const entry = this._store.get(key);
     if (!entry)
       return false;
@@ -63,6 +91,7 @@ class MemoryStore {
     return true;
   }
   ttl(key) {
+    this._validateKey(key);
     const entry = this._store.get(key);
     if (!entry)
       return -1;
@@ -82,6 +111,7 @@ class MemoryStore {
     this._cleanupTimer = setInterval(() => {
       this._removeExpiredEntries();
     }, this._cleanupInterval);
+    this._cleanupTimer.unref();
   }
   _removeExpiredEntries() {
     const now = Date.now();
@@ -96,6 +126,20 @@ class MemoryStore {
     }
     this._store.clear();
   }
+  _validateKey(key) {
+    if (!key || typeof key !== "string" || key.length > 1024 || key.includes("\x00"))
+      throw new InternalError(KV_STORE_ERROR_KEYS.INVALID_KEY);
+  }
+  _validateTtl(ttlSec) {
+    if (ttlSec === undefined)
+      return;
+    if (!Number.isFinite(ttlSec) || ttlSec <= 0 || !Number.isInteger(ttlSec))
+      throw new InternalError(KV_STORE_ERROR_KEYS.INVALID_TTL);
+  }
+  _validateAmount(amount) {
+    if (!Number.isFinite(amount) || !Number.isInteger(amount))
+      throw new InternalError(KV_STORE_ERROR_KEYS.INVALID_AMOUNT);
+  }
 }
 
 export { MemoryStore };

package/dist/{chunk-en814zzk.js → chunk-pmcz5ege.js}

@@ -1,7 +1,7 @@
 // @bun
 import {
   Repository
-} from "./chunk-p929454t.js";
+} from "./chunk-yj7yz309.js";
 import {
   TypedEventEmitter
 } from "./chunk-mvrxngm7.js";

package/dist/chunk-pvrb2v8j.js

@@ -0,0 +1,14 @@
+// @bun
+// source/modules/jwt/enums/jwt-error-keys.ts
+var JWT_ERROR_KEYS = {
+  JWT_EXPIRATION_PASSED: "nowarajs.jwt.error.expiration_passed",
+  JWT_SECRET_TOO_WEAK: "nowarajs.jwt.error.secret_too_weak",
+  JWT_SIGN_ERROR: "nowarajs.jwt.error.sign_error",
+  JWT_EXPIRED: "nowarajs.jwt.error.token_expired",
+  JWT_CLAIM_VALIDATION_FAILED: "nowarajs.jwt.error.claim_validation_failed",
+  JWT_INVALID_SIGNATURE: "nowarajs.jwt.error.invalid_signature",
+  JWT_MALFORMED: "nowarajs.jwt.error.malformed_token",
+  JWT_VERIFICATION_FAILED: "nowarajs.jwt.error.verification_failed"
+};
+
+export { JWT_ERROR_KEYS };

package/dist/{chunk-r7yr9p57.js → chunk-qqv7wea5.js}

@@ -15,18 +15,21 @@ class SingletonManager {
     this._registry.set(name, instance);
   }
   static unregister(name) {
-    if (!this._registry.has(name))
+    if (!this._registry.delete(name))
       throw new InternalError(SINGLETON_MANAGER_ERROR_KEYS.CLASS_INSTANCE_NOT_REGISTERED, { name });
-    this._registry.delete(name);
   }
   static get(name) {
-    if (!this._registry.has(name))
+    const instance = this._registry.get(name);
+    if (!instance)
       throw new InternalError(SINGLETON_MANAGER_ERROR_KEYS.CLASS_INSTANCE_NOT_REGISTERED, { name });
-    return this._registry.get(name);
+    return instance;
   }
   static has(name) {
     return this._registry.has(name);
   }
+  static clear() {
+    this._registry.clear();
+  }
 }
 
 export { SingletonManager };

package/dist/{chunk-sqts8vyk.js → chunk-t2ed3f49.js}

@@ -15,6 +15,15 @@ var HTTP_STATUS_CODES = {
   MULTI_STATUS: 207,
   ALREADY_REPORTED: 208,
   IM_USED: 226,
+  MULTIPLE_CHOICES: 300,
+  MOVED_PERMANENTLY: 301,
+  FOUND: 302,
+  SEE_OTHER: 303,
+  NOT_MODIFIED: 304,
+  USE_PROXY: 305,
+  SWITCH_PROXY: 306,
+  TEMPORARY_REDIRECT: 307,
+  PERMANENT_REDIRECT: 308,
   BAD_REQUEST: 400,
   UNAUTHORIZED: 401,
   PAYMENT_REQUIRED: 402,

package/dist/{chunk-p929454t.js → chunk-yj7yz309.js}

@@ -5,7 +5,7 @@ import {
 } from "./chunk-grfyngq0.js";
 import {
   HttpError
-} from "./chunk-zv4ta4fb.js";
+} from "./chunk-6vw01zwm.js";
 import {
   InternalError
 } from "./chunk-jz3wd472.js";
@@ -198,7 +198,12 @@ class Repository {
     });
   }
   _isAdaptiveWhereClause(data) {
-    return Boolean(data && typeof data === "object" && !Array.isArray(data) && Object.keys(data).some((key) => _validOperatorKeys.has(key)));
+    if (!data || typeof data !== "object" || Array.isArray(data))
+      return false;
+    for (const key in data)
+      if (_validOperatorKeys.has(key))
+        return true;
+    return false;
   }
   _isGlobalSearchObject(data) {
     return Boolean(data && typeof data === "object" && "selectedFields" in data && "value" in data);

package/dist/errors/enums/http-status-codes.d.ts

@@ -13,6 +13,15 @@ export declare const HTTP_STATUS_CODES: {
     readonly MULTI_STATUS: 207;
     readonly ALREADY_REPORTED: 208;
     readonly IM_USED: 226;
+    readonly MULTIPLE_CHOICES: 300;
+    readonly MOVED_PERMANENTLY: 301;
+    readonly FOUND: 302;
+    readonly SEE_OTHER: 303;
+    readonly NOT_MODIFIED: 304;
+    readonly USE_PROXY: 305;
+    readonly SWITCH_PROXY: 306;
+    readonly TEMPORARY_REDIRECT: 307;
+    readonly PERMANENT_REDIRECT: 308;
     readonly BAD_REQUEST: 400;
     readonly UNAUTHORIZED: 401;
     readonly PAYMENT_REQUIRED: 402;

package/dist/errors/enums/index.js

@@ -1,7 +1,7 @@
 // @bun
 import {
   HTTP_STATUS_CODES
-} from "../../chunk-sqts8vyk.js";
+} from "../../chunk-t2ed3f49.js";
 export {
   HTTP_STATUS_CODES
 };

package/dist/errors/index.d.ts

@@ -1,3 +1,3 @@
 export { AppError } from './app-error';
-export { HttpError } from './http-error';
+export { HttpError, type HttpStatusCode, type HttpStatusKey } from './http-error';
 export { InternalError } from './internal-error';

package/dist/errors/index.js

@@ -1,8 +1,8 @@
 // @bun
 import {
   HttpError
-} from "../chunk-zv4ta4fb.js";
-import"../chunk-sqts8vyk.js";
+} from "../chunk-6vw01zwm.js";
+import"../chunk-t2ed3f49.js";
 import {
   AppError,
   InternalError

package/dist/modules/database/index.js

@@ -2,12 +2,12 @@
 import {
   MSSQL,
   Table
-} from "../../chunk-en814zzk.js";
-import"../../chunk-p929454t.js";
+} from "../../chunk-pmcz5ege.js";
+import"../../chunk-yj7yz309.js";
 import"../../chunk-grfyngq0.js";
 import"../../chunk-mvrxngm7.js";
-import"../../chunk-zv4ta4fb.js";
-import"../../chunk-sqts8vyk.js";
+import"../../chunk-6vw01zwm.js";
+import"../../chunk-t2ed3f49.js";
 import"../../chunk-jz3wd472.js";
 import"../../chunk-642xajvx.js";
 export {

package/dist/modules/elysia/cache/index.js

@@ -1,8 +1,8 @@
 // @bun
 import {
   MemoryStore
-} from "../../../chunk-j7dyc5ks.js";
-import"../../../chunk-8pw0syzf.js";
+} from "../../../chunk-mhxpm2q3.js";
+import"../../../chunk-gcktbkx5.js";
 import"../../../chunk-jz3wd472.js";
 
 // source/modules/elysia/cache/cache.ts

package/dist/modules/elysia/db-resolver/index.js

@@ -1,19 +1,19 @@
 // @bun
 import {
   SingletonManager
-} from "../../../chunk-r7yr9p57.js";
+} from "../../../chunk-qqv7wea5.js";
 import"../../../chunk-y5dtkmnp.js";
 import {
   DB_RESOLVER_ERROR_KEYS
 } from "../../../chunk-ayyrgqyv.js";
 import {
   MSSQL
-} from "../../../chunk-en814zzk.js";
-import"../../../chunk-p929454t.js";
+} from "../../../chunk-pmcz5ege.js";
+import"../../../chunk-yj7yz309.js";
 import"../../../chunk-grfyngq0.js";
 import"../../../chunk-mvrxngm7.js";
-import"../../../chunk-zv4ta4fb.js";
-import"../../../chunk-sqts8vyk.js";
+import"../../../chunk-6vw01zwm.js";
+import"../../../chunk-t2ed3f49.js";
 import {
   InternalError
 } from "../../../chunk-jz3wd472.js";

package/dist/modules/elysia/error/index.js

@@ -8,8 +8,8 @@ import {
 import"../../../chunk-10w8mg8e.js";
 import {
   HttpError
-} from "../../../chunk-zv4ta4fb.js";
-import"../../../chunk-sqts8vyk.js";
+} from "../../../chunk-6vw01zwm.js";
+import"../../../chunk-t2ed3f49.js";
 import {
   InternalError
 } from "../../../chunk-jz3wd472.js";

package/dist/modules/elysia/rate-limit/index.js

@@ -4,12 +4,12 @@ import {
 } from "../../../chunk-2z8amjqt.js";
 import {
   MemoryStore
-} from "../../../chunk-j7dyc5ks.js";
-import"../../../chunk-8pw0syzf.js";
+} from "../../../chunk-mhxpm2q3.js";
+import"../../../chunk-gcktbkx5.js";
 import {
   HttpError
-} from "../../../chunk-zv4ta4fb.js";
-import"../../../chunk-sqts8vyk.js";
+} from "../../../chunk-6vw01zwm.js";
+import"../../../chunk-t2ed3f49.js";
 import"../../../chunk-jz3wd472.js";
 
 // source/modules/elysia/rate-limit/rate-limit.ts

package/dist/modules/jwt/enums/index.js

@@ -1,7 +1,7 @@
 // @bun
 import {
   JWT_ERROR_KEYS
-} from "../../../chunk-zn2nm5gg.js";
+} from "../../../chunk-pvrb2v8j.js";
 import {
   PARSE_HUMAN_TIME_TO_SECONDS_ERROR_KEYS
 } from "../../../chunk-dmsev7vs.js";

package/dist/modules/jwt/enums/jwt-error-keys.d.ts

@@ -1,5 +1,10 @@
 export declare const JWT_ERROR_KEYS: {
-    readonly JWT_EXPIRATION_PASSED: "mrx.mrx-core.jwt.error.expiration_passed";
-    readonly JWT_SECRET_NOT_FOUND: "mrx.mrx-core.jwt.error.secret_not_found";
-    readonly JWT_SIGN_ERROR: "mrx.mrx-core.jwt.error.sign_error";
+    readonly JWT_EXPIRATION_PASSED: "nowarajs.jwt.error.expiration_passed";
+    readonly JWT_SECRET_TOO_WEAK: "nowarajs.jwt.error.secret_too_weak";
+    readonly JWT_SIGN_ERROR: "nowarajs.jwt.error.sign_error";
+    readonly JWT_EXPIRED: "nowarajs.jwt.error.token_expired";
+    readonly JWT_CLAIM_VALIDATION_FAILED: "nowarajs.jwt.error.claim_validation_failed";
+    readonly JWT_INVALID_SIGNATURE: "nowarajs.jwt.error.invalid_signature";
+    readonly JWT_MALFORMED: "nowarajs.jwt.error.malformed_token";
+    readonly JWT_VERIFICATION_FAILED: "nowarajs.jwt.error.verification_failed";
 };

package/dist/modules/jwt/index.d.ts

@@ -1 +1 @@
-export { signJWT, verifyJWT } from './jwt';
+export { signJWT, verifyJWT, type VerifyOptions } from './jwt';

package/dist/modules/jwt/index.js

@@ -1,11 +1,15 @@
 // @bun
 import {
   JWT_ERROR_KEYS
-} from "../../chunk-zn2nm5gg.js";
+} from "../../chunk-pvrb2v8j.js";
 import {
   parseHumanTimeToSeconds
 } from "../../chunk-awphtyzp.js";
 import"../../chunk-dmsev7vs.js";
+import {
+  HttpError
+} from "../../chunk-6vw01zwm.js";
+import"../../chunk-t2ed3f49.js";
 import {
   InternalError
 } from "../../chunk-jz3wd472.js";
@@ -13,34 +17,50 @@ import {
 // source/modules/jwt/jwt.ts
 import {
   SignJWT,
+  errors,
   jwtVerify
 } from "jose";
+var _textEncoder = new TextEncoder;
 var signJWT = (secret, payload, expiration = 60 * 15) => {
-  const exp = expiration instanceof Date ? Math.floor(expiration.getTime() / 1000) : typeof expiration === "number" ? Math.floor(Date.now() / 1000) + expiration : Math.floor(Date.now() / 1000) + parseHumanTimeToSeconds(expiration);
-  if (exp <= Math.floor(Date.now() / 1000))
+  if (secret.length < 32)
+    throw new InternalError(JWT_ERROR_KEYS.JWT_SECRET_TOO_WEAK);
+  const nowSeconds = Math.floor(Date.now() / 1000);
+  const exp = expiration instanceof Date ? Math.floor(expiration.getTime() / 1000) : typeof expiration === "number" ? nowSeconds + expiration : nowSeconds + parseHumanTimeToSeconds(expiration);
+  if (exp <= nowSeconds)
     throw new InternalError(JWT_ERROR_KEYS.JWT_EXPIRATION_PASSED);
   const finalPayload = {
     iss: "Core-Issuer",
     sub: "",
     aud: ["Core-Audience"],
     jti: Bun.randomUUIDv7(),
-    nbf: Math.floor(Date.now() / 1000),
-    iat: Math.floor(Date.now() / 1000),
+    nbf: nowSeconds,
+    iat: nowSeconds,
     exp,
     ...payload
   };
   try {
-    const jwt = new SignJWT(finalPayload).setProtectedHeader({ alg: "HS256", typ: "JWT" }).setIssuer(finalPayload.iss).setSubject(finalPayload.sub).setAudience(finalPayload.aud).setJti(finalPayload.jti).setNotBefore(finalPayload.nbf).setIssuedAt(finalPayload.iat).setExpirationTime(exp).sign(new TextEncoder().encode(secret));
-    return jwt;
+    return new SignJWT(finalPayload).setProtectedHeader({ alg: "HS256", typ: "JWT" }).sign(_textEncoder.encode(secret));
   } catch (error) {
     throw new InternalError(JWT_ERROR_KEYS.JWT_SIGN_ERROR, error);
   }
 };
-var verifyJWT = async (token, secret) => {
+var verifyJWT = async (token, secret, options) => {
   try {
-    return await jwtVerify(token, new TextEncoder().encode(secret));
-  } catch {
-    return false;
+    return await jwtVerify(token, _textEncoder.encode(secret), {
+      algorithms: ["HS256"],
+      ...options?.issuer && { issuer: options.issuer },
+      ...options?.audience && { audience: options.audience }
+    });
+  } catch (error) {
+    if (error instanceof errors.JWTExpired)
+      throw new HttpError(JWT_ERROR_KEYS.JWT_EXPIRED, "UNAUTHORIZED", error);
+    if (error instanceof errors.JWTClaimValidationFailed)
+      throw new HttpError(JWT_ERROR_KEYS.JWT_CLAIM_VALIDATION_FAILED, "UNAUTHORIZED", error);
+    if (error instanceof errors.JWSSignatureVerificationFailed)
+      throw new HttpError(JWT_ERROR_KEYS.JWT_INVALID_SIGNATURE, "UNAUTHORIZED", error);
+    if (error instanceof errors.JWTInvalid)
+      throw new HttpError(JWT_ERROR_KEYS.JWT_MALFORMED, "UNAUTHORIZED", error);
+    throw new HttpError(JWT_ERROR_KEYS.JWT_VERIFICATION_FAILED, "UNAUTHORIZED", error);
   }
 };
 export {

package/dist/modules/jwt/jwt.d.ts

@@ -1,3 +1,44 @@
 import { type JWTPayload, type JWTVerifyResult } from 'jose';
+export interface VerifyOptions {
+    issuer?: string;
+    audience?: string | string[];
+}
+/**
+ * Signs a JWT with the given payload and expiration
+ *
+ * @param secret - The secret key used for HS256 signing (minimum 32 characters)
+ * @param payload - The JWT payload claims
+ * @param expiration - Token expiration as seconds offset, Date, or human-readable string (default: 15 minutes)
+ *
+ * @throws ({@link InternalError}) – If secret is too short, expiration is in the past, or signing fails
+ *
+ * @returns A Promise resolving to the signed JWT string
+ *
+ * @example
+ * ```typescript
+ * const token = await signJWT('my-secret-key-at-least-32-chars!', { userId: 123 }, '1 hour');
+ * ```
+ */
 export declare const signJWT: (secret: string, payload: JWTPayload, expiration?: number | string | Date) => Promise<string>;
-export declare const verifyJWT: (token: string, secret: string) => Promise<JWTVerifyResult | false>;
+/**
+ * Verifies a JWT token and throws HttpError on failure
+ *
+ * @param token - The JWT token string to verify
+ * @param secret - The secret key used for HS256 verification
+ * @param options - Optional verification options for issuer/audience validation
+ *
+ * @throws ({@link HttpError}) – 401 if token is expired, invalid signature, malformed, or claim validation fails
+ *
+ * @returns The verification result with payload and protected header
+ *
+ * @example
+ * ```typescript
+ * try {
+ *     const result = await verifyJWT(token, secret);
+ *     console.log(result.payload);
+ * } catch (error) {
+ *     // HttpError with appropriate message
+ * }
+ * ```
+ */
+export declare const verifyJWT: (token: string, secret: string, options?: VerifyOptions) => Promise<JWTVerifyResult>;

package/dist/modules/kv-store/bun-redis/bun-redis-store.d.ts

@@ -22,4 +22,36 @@ export declare class BunRedisStore implements KvStore {
     expire(key: string, ttlSec: number): Promise<boolean>;
     ttl(key: string): Promise<number>;
     clean(): Promise<number>;
+    /**
+     * Validates that a key is a non-empty string with reasonable length.
+     *
+     * @param key - The key to validate.
+     *
+     * @throws ({@link InternalError}) – If the key is invalid.
+     */
+    private _validateKey;
+    /**
+     * Validates that a TTL value is a positive finite integer.
+     *
+     * @param ttlSec - The TTL value to validate.
+     *
+     * @throws ({@link InternalError}) – If the TTL is invalid.
+     */
+    private _validateTtl;
+    /**
+     * Validates that an increment/decrement amount is a finite integer.
+     *
+     * @param amount - The amount to validate.
+     *
+     * @throws ({@link InternalError}) – If the amount is invalid.
+     */
+    private _validateAmount;
+    /**
+     * Sanitizes parsed JSON to prevent prototype pollution attacks.
+     *
+     * @param value - The parsed value to sanitize.
+     *
+     * @returns The sanitized value.
+     */
+    private _sanitizePrototype;
 }