@oakbun/logger 0.1.0 → 1.0.0

package/dist/core/src/app/plugin.d.ts

@@ -1,112 +0,0 @@
-import type { BaseCtx, Logger, BaseOptions } from './types';
-import type { VelnAdapter } from '../adapter/types';
-import type { HookExecutor } from '../hooks/executor';
-import type { EventBus } from '../events/index';
-import type { BoundVelnDB } from '../db/index';
-import type { VelnModule } from './module';
-import { type AdapterConfig } from '../adapter/resolve';
-/** A single navigation item contributed by a plugin via .nav(). */
-export interface NavItem {
-    label: string;
-    route: string;
-    icon?: string;
-    order?: number;
-    children?: NavItem[];
-}
-export type ModulesInput<TCtx> = VelnModule[] | ((ctx: TCtx) => VelnModule[]);
-export interface Plugin<TCtx, TAdd extends object> {
-    name: string;
-    /**
-     * Optional list of plugin names that must be registered before this plugin.
-     * app.plugin() validates this at registration time and throws PLUGIN_MISSING_DEP
-     * if a required plugin is not yet registered.
-     *
-     * Example: eventBusPlugin sets requires: ['db'] to enforce registration order.
-     */
-    requires?: string[];
-    /**
-     * Optional list of modules this plugin contributes.
-     * app.plugin() calls app.register() on each entry automatically.
-     *
-     * Can also be set to a factory function for typed ctx inference (Option A, Spec 04).
-     * The factory is called once with a dummy ctx to extract the module list —
-     * it is NEVER called at request time.
-     */
-    modules?: VelnModule[];
-    /**
-     * Optional permission gate for all routes contributed via .modules().
-     * app.plugin() checks ctx.user before running plugin.request() for those routes.
-     * User must have at least one of the listed permissions — checked via AuthAdapter.hasPermission().
-     * No user → 401. User without any matching permission → 403.
-     */
-    permissions?: string[];
-    /**
-     * Optional nav items contributed by this plugin.
-     * GET /nav returns these filtered by the plugin's permissions for the current user.
-     */
-    nav?: NavItem[];
-    install?: (hooks: HookExecutor) => Promise<void> | void;
-    request: (ctx: TCtx) => Promise<TCtx & TAdd> | (TCtx & TAdd);
-    teardown?: () => Promise<void> | void;
-}
-export declare class PluginBuilder<TAdd extends object> {
-    private readonly _name;
-    private _options;
-    private _requires;
-    private _modules;
-    private _permissions;
-    private _nav;
-    constructor(_name: string);
-    options(opts: BaseOptions): this;
-    requires(deps: string[]): this;
-    modules(input: ModulesInput<BaseCtx & TAdd>): this;
-    permission(perm: string | string[]): this;
-    nav(items: NavItem | NavItem[]): this;
-    extend(fn: (ctx: BaseCtx) => Promise<TAdd> | TAdd): Plugin<BaseCtx, TAdd>;
-    build(def: {
-        install?: (hooks: HookExecutor) => Promise<void> | void;
-        request: (ctx: BaseCtx) => Promise<TAdd> | TAdd;
-        teardown?: () => Promise<void> | void;
-    }): Plugin<BaseCtx, TAdd>;
-}
-/**
- * definePlugin — creates a named plugin that extends the request context.
- *
- * @param name  Unique plugin name. Used for deduplication — a plugin with the same
- *              name is installed at most once per app instance.
- *
- * @example
- * const tenantPlugin = definePlugin<{ tenantId: string }>('tenant')
- *   .request((ctx) => ({ tenantId: ctx.req.headers.get('x-tenant-id') ?? 'default' }))
- *   .build()
- * app.plugin(tenantPlugin)
- */
-export declare function definePlugin<TAdd extends object = object>(name: string): PluginBuilder<TAdd>;
-export declare function createPlugin<TAdd extends object>(name: string, definition: {
-    install?: () => Promise<void> | void;
-    request: (ctx: BaseCtx) => Promise<TAdd> | TAdd;
-    teardown?: () => Promise<void> | void;
-}): () => Plugin<any, TAdd>;
-export declare function loggerPlugin<TCtx extends BaseCtx>(): Plugin<TCtx, {
-    logger: Logger;
-}>;
-export declare function eventBusPlugin(bus?: EventBus): Plugin<any, {
-    events: EventBus;
-}> & {
-    bus: EventBus;
-};
-export type DbPluginConfig = AdapterConfig | VelnAdapter;
-export interface DbLogOptions {
-    /** Whether query logging is enabled. Default: false. */
-    enabled: boolean;
-    /** Emit a warning for queries that exceed this threshold in milliseconds. */
-    slowQueryMs?: number;
-    /** Log level used for query logging. Default: 'debug'. */
-    level?: 'debug' | 'info' | 'warn';
-    /** Custom per-query callback. Receives the full QueryLogEntry for each query. */
-    onQuery?: (entry: import('../adapter/types').QueryLogEntry) => void;
-}
-export declare function dbPlugin<TCtx extends BaseCtx>(config: DbPluginConfig, log?: DbLogOptions): Plugin<TCtx, {
-    db: BoundVelnDB;
-}>;
-//# sourceMappingURL=plugin.d.ts.map

package/dist/core/src/app/plugin.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../../../../../core/src/app/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,SAAS,CAAA;AAC3D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AACnD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AACrD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAC/C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAC9C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AAE1C,OAAO,EAAE,KAAK,aAAa,EAA0C,MAAM,oBAAoB,CAAA;AAE/F,mEAAmE;AACnE,MAAM,WAAW,OAAO;IACtB,KAAK,EAAM,MAAM,CAAA;IACjB,KAAK,EAAM,MAAM,CAAA;IACjB,IAAI,CAAC,EAAM,MAAM,CAAA;IACjB,KAAK,CAAC,EAAK,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,OAAO,EAAE,CAAA;CACrB;AAgBD,MAAM,MAAM,YAAY,CAAC,IAAI,IAAI,UAAU,EAAE,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC,CAAA;AAE7E,MAAM,WAAW,MAAM,CAAC,IAAI,EAAE,IAAI,SAAS,MAAM;IAC/C,IAAI,EAAE,MAAM,CAAA;IACZ;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;IACnB;;;;;;;OAOG;IACH,OAAO,CAAC,EAAE,UAAU,EAAE,CAAA;IACtB;;;;;OAKG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAA;IACtB;;;OAGG;IACH,GAAG,CAAC,EAAE,OAAO,EAAE,CAAA;IAGf,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;IACvD,OAAO,EAAE,CAAC,GAAG,EAAE,IAAI,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IAC5D,QAAQ,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;CACtC;AAID,qBAAa,aAAa,CAAC,IAAI,SAAS,MAAM;IAOhC,OAAO,CAAC,QAAQ,CAAC,KAAK;IANlC,OAAO,CAAC,QAAQ,CAAuB;IACvC,OAAO,CAAC,SAAS,CAAsB;IACvC,OAAO,CAAC,QAAQ,CAAuB;IACvC,OAAO,CAAC,YAAY,CAAmB;IACvC,OAAO,CAAC,IAAI,CAA2B;gBAEV,KAAK,EAAE,MAAM;IAE1C,OAAO,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI;IAKhC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI;IAe9B,OAAO,CAAC,KAAK,EAAE,YAAY,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,IAAI;IAalD,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,IAAI;IAKzC,GAAG,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,EAAE,GAAG,IAAI;IAMrC,MAAM,CACJ,EAAE,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GACzC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC;IAuBxB,KAAK,CAAC,GAAG,EAAE;QACT,OAAO,CAAC,EAAG,CAAC,KAAK,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;QACxD,OAAO,EAAI,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;QACjD,QAAQ,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;KACtC,GAAG,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC;CAqB1B;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,YAAY,CAAC,IAAI,SAAS,MAAM,GAAG,MAAM,EACvD,IAAI,EAAE,MAAM,GACX,aAAa,CAAC,IAAI,CAAC,CAErB;AAOD,wBAAgB,YAAY,CAAC,IAAI,SAAS,MAAM,EAC9C,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE;IACV,OAAO,CAAC,EAAG,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;IACrC,OAAO,EAAI,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;IACjD,QAAQ,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;CACtC,GAEA,MAAM,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,CAOzB;AAID,wBAAgB,YAAY,CAAC,IAAI,SAAS,OAAO,KAAK,MAAM,CAAC,IAAI,EAAE;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CAWrF;AAWD,wBAAgB,cAAc,CAAC,GAAG,CAAC,EAAE,QAAQ,GAAG,MAAM,CAAC,GAAG,EAAE;IAAE,MAAM,EAAE,QAAQ,CAAA;CAAE,CAAC,GAAG;IAAE,GAAG,EAAE,QAAQ,CAAA;CAAE,CAUpG;AAID,MAAM,MAAM,cAAc,GAAG,aAAa,GAAG,WAAW,CAAA;AAExD,MAAM,WAAW,YAAY;IAC3B,wDAAwD;IACxD,OAAO,EAAE,OAAO,CAAA;IAChB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,0DAA0D;IAC1D,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAAA;IACjC,iFAAiF;IACjF,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,kBAAkB,EAAE,aAAa,KAAK,IAAI,CAAA;CACpE;AAOD,wBAAgB,QAAQ,CAAC,IAAI,SAAS,OAAO,EAC3C,MAAM,EAAE,cAAc,EACtB,GAAG,CAAC,EAAE,YAAY,GACjB,MAAM,CAAC,IAAI,EAAE;IAAE,EAAE,EAAE,WAAW,CAAA;CAAE,CAAC,CAgDnC"}

package/dist/core/src/app/rate-limit.d.ts

@@ -1,76 +0,0 @@
-import type { BaseCtx, OnRequestHook } from './types';
-export interface RateLimitStore {
-    /**
-     * Increment the counter for `key` within the given window.
-     * Returns the new count and the timestamp (ms) when the window resets.
-     * If the key is new or expired, the window starts fresh from now.
-     */
-    increment(key: string, windowMs: number): Promise<{
-        count: number;
-        resetAt: number;
-    }>;
-    /** Reset the counter for `key` immediately. */
-    reset(key: string): Promise<void>;
-}
-export declare class InMemoryStore implements RateLimitStore {
-    private readonly _map;
-    private readonly _sweepEvery;
-    private readonly _maxEntries;
-    constructor(sweepEvery?: number, maxEntries?: number);
-    increment(key: string, windowMs: number): Promise<{
-        count: number;
-        resetAt: number;
-    }>;
-    reset(key: string): Promise<void>;
-    /** Evict all expired entries. Called automatically on a probabilistic basis
-     *  during increment(). Can also be called manually for eager cleanup. */
-    cleanup(): void;
-    private _sweep;
-    private _evictOldest;
-}
-export interface RateLimitOptions {
-    /** Maximum number of requests allowed per window. */
-    max: number;
-    /** Window duration in milliseconds. */
-    windowMs: number;
-    /** Store implementation. Defaults to InMemoryStore. */
-    store?: RateLimitStore;
-    /**
-     * Extracts the rate-limit key from a request context.
-     * When not specified, uses the default resolver which respects `trustProxy`.
-     */
-    keyResolver?: (ctx: BaseCtx) => string;
-    /** Response message when limit is exceeded. Defaults to 'Too many requests'. */
-    message?: string;
-    /**
-     * When true, the default keyResolver trusts the X-Forwarded-For header as the
-     * real client IP. Only enable this if you are behind a trusted reverse proxy.
-     * Default: false
-     *
-     * Without trustProxy, the default resolver uses x-real-ip or 'unknown'.
-     *
-     * trustProxy can also be an object for advanced configuration:
-     *   { strict: true } — returns 400 when the expected proxy header is missing,
-     *   instead of falling back to 'unknown'. Use this in security-critical deployments
-     *   where a missing header indicates a misconfigured proxy or direct client access.
-     */
-    trustProxy?: boolean | {
-        strict: boolean;
-    };
-}
-/**
- * rateLimitPlugin — sliding-window rate limiter.
- *
- * Returns an OnRequestHook — pass it to app.onRequest() or module.onRequest():
- *   app.onRequest(rateLimitPlugin({ max: 100, windowMs: 60_000 }))
- *
- * When the limit is exceeded, returns a 429 response with:
- *   - Retry-After: seconds until the window resets
- *   - X-RateLimit-Limit: max
- *   - X-RateLimit-Remaining: 0
- *   - X-RateLimit-Reset: unix timestamp (seconds)
- *
- * Under the limit, the hook returns void — request continues normally.
- */
-export declare function rateLimitPlugin(options: RateLimitOptions): OnRequestHook;
-//# sourceMappingURL=rate-limit.d.ts.map

package/dist/core/src/app/rate-limit.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../../../../core/src/app/rate-limit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AAKrD,MAAM,WAAW,cAAc;IAC7B;;;;OAIG;IACH,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACrF,+CAA+C;IAC/C,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CAClC;AASD,qBAAa,aAAc,YAAW,cAAc;IAClD,OAAO,CAAC,QAAQ,CAAC,IAAI,CAA2B;IAKhD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAQ;IAKpC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAQ;gBAExB,UAAU,SAAM,EAAE,UAAU,SAAU;IAK5C,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAyBrF,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIvC;6EACyE;IACzE,OAAO,IAAI,IAAI;IAIf,OAAO,CAAC,MAAM;IAOd,OAAO,CAAC,YAAY;CAMrB;AAID,MAAM,WAAW,gBAAgB;IAC/B,qDAAqD;IACrD,GAAG,EAAE,MAAM,CAAA;IACX,uCAAuC;IACvC,QAAQ,EAAE,MAAM,CAAA;IAChB,uDAAuD;IACvD,KAAK,CAAC,EAAE,cAAc,CAAA;IACtB;;;OAGG;IACH,WAAW,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,CAAA;IACtC,gFAAgF;IAChF,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB;;;;;;;;;;;OAWG;IACH,UAAU,CAAC,EAAE,OAAO,GAAG;QAAE,MAAM,EAAE,OAAO,CAAA;KAAE,CAAA;CAC3C;AAID;;;;;;;;;;;;;GAaG;AAsBH,wBAAgB,eAAe,CAAC,OAAO,EAAE,gBAAgB,GAAG,aAAa,CAoGxE"}

package/dist/core/src/app/request-id.d.ts

@@ -1,52 +0,0 @@
-import type { BaseCtx, OnRequestHook, OnResponseHook } from './types';
-export interface RequestIdOptions {
-    /**
-     * Name of the incoming request header to read an existing ID from.
-     * If present and valid, the existing ID is reused (useful for distributed tracing).
-     * Default: `'x-request-id'`
-     */
-    incomingHeader?: string;
-    /**
-     * Name of the response header to echo the request ID back to the client.
-     * Default: `'x-request-id'`
-     */
-    responseHeader?: string;
-    /**
-     * Custom ID generator. Must return a non-empty string.
-     * Default: 16 random hex bytes (128 bits, UUID-compatible entropy)
-     */
-    generator?: () => string;
-}
-/** Context extension added by requestIdPlugin. Available after onRequest. */
-export interface RequestIdCtx {
-    /** Unique ID for this request. Set before any route handler runs. */
-    requestId: string;
-}
-export interface RequestIdPlugin {
-    /**
-     * Register on `app.onRequest()`.
-     * Assigns `ctx.requestId` — available in all subsequent lifecycle phases.
-     */
-    onRequest: OnRequestHook<BaseCtx & RequestIdCtx>;
-    /**
-     * Register on `app.onResponse()`.
-     * Echoes the request ID back in the response header.
-     */
-    onResponse: OnResponseHook<BaseCtx & RequestIdCtx>;
-}
-/**
- * requestIdPlugin — assigns a unique ID to every request and echoes it back.
- *
- * Usage:
- *   const rid = requestIdPlugin()
- *   app.onRequest(rid.onRequest)
- *   app.onResponse(rid.onResponse)
- *
- * After registration, `ctx.requestId` is available in all handlers, guards,
- * and lifecycle hooks. The ID is echoed back in the `x-request-id` response header.
- *
- * Reuses an existing `x-request-id` header if it passes a safe-characters check,
- * enabling distributed tracing across services.
- */
-export declare function requestIdPlugin(options?: RequestIdOptions): RequestIdPlugin;
-//# sourceMappingURL=request-id.d.ts.map

package/dist/core/src/app/request-id.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"request-id.d.ts","sourceRoot":"","sources":["../../../../../core/src/app/request-id.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,SAAS,CAAA;AAKrE,MAAM,WAAW,gBAAgB;IAC/B;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,CAAA;IAEvB;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,CAAA;IAEvB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,MAAM,CAAA;CACzB;AAID,6EAA6E;AAC7E,MAAM,WAAW,YAAY;IAC3B,qEAAqE;IACrE,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,SAAS,EAAE,aAAa,CAAC,OAAO,GAAG,YAAY,CAAC,CAAA;IAChD;;;OAGG;IACH,UAAU,EAAE,cAAc,CAAC,OAAO,GAAG,YAAY,CAAC,CAAA;CACnD;AAiBD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,eAAe,CAAC,OAAO,GAAE,gBAAqB,GAAG,eAAe,CAkB/E"}

package/dist/core/src/app/router.d.ts

@@ -1,6 +0,0 @@
-export interface MatchResult {
-    params: Record<string, string | undefined>;
-}
-export declare function matchPath(pattern: string, pathname: string): MatchResult | null;
-export declare function parseQuery(search: string): Record<string, string | string[]>;
-//# sourceMappingURL=router.d.ts.map

package/dist/core/src/app/router.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../../../../core/src/app/router.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;CAC3C;AAED,wBAAgB,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAiD/E;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAc5E"}

package/dist/core/src/app/scalar.d.ts

@@ -1,40 +0,0 @@
-import type { VelnModule } from './module';
-import type { Route } from './types';
-export interface ScalarOptions {
-    /** Mount path for the Scalar UI. Default: '/scalar' */
-    path?: string;
-    /** API title shown in the Scalar UI. Default: 'Veln API' */
-    title?: string;
-    /** API version shown in the OpenAPI spec. Default: '1.0.0' */
-    version?: string;
-    /** Optional API description shown in the OpenAPI spec info block. Markdown supported. */
-    description?: string;
-    /** Scalar UI theme. Default: 'purple' */
-    theme?: string;
-    /**
-     * Cache the generated OpenAPI spec after the first request.
-     * Default: false — spec is regenerated on every request (safe for development).
-     * Set to true in production to avoid repeated traversal of app.routes.
-     */
-    cache?: boolean;
-}
-interface AppRef {
-    routes: Route<unknown>[];
-}
-/**
- * scalarPlugin — mounts a Scalar API reference UI and an OpenAPI JSON endpoint.
- *
- * Usage:
- *   app.register(scalarPlugin(app))
- *   app.register(scalarPlugin(app, { path: '/docs', title: 'My API', theme: 'blue' }))
- *
- * Registers two routes (both hidden from the OpenAPI spec itself):
- *   GET {path}              → Scalar UI (HTML, CDN-loaded)
- *   GET {path}/openapi.json → Raw OpenAPI 3.1 JSON
- *
- * The app reference is captured by closure so the spec always reflects
- * the current route list at request time — including late-registered modules.
- */
-export declare function scalarPlugin(app: AppRef, options?: ScalarOptions): VelnModule;
-export {};
-//# sourceMappingURL=scalar.d.ts.map

package/dist/core/src/app/scalar.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"scalar.d.ts","sourceRoot":"","sources":["../../../../../core/src/app/scalar.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AAC1C,OAAO,KAAK,EAAE,KAAK,EAAW,MAAM,SAAS,CAAA;AAK7C,MAAM,WAAW,aAAa;IAC5B,uDAAuD;IACvD,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,4DAA4D;IAC5D,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,8DAA8D;IAC9D,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,yFAAyF;IACzF,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB;AAID,UAAU,MAAM;IACd,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE,CAAA;CACzB;AAwBD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,GAAE,aAAkB,GAAG,UAAU,CAgFjF"}

package/dist/core/src/app/secure-headers.d.ts

@@ -1,48 +0,0 @@
-import type { OnResponseHook } from './types';
-/**
- * CSP preset values for `contentSecurityPolicy`.
- *
- * - `'strict'`  — no unsafe-inline; suitable for APIs and security-critical apps.
- * - `'relaxed'` — allows unsafe-inline scripts/styles; suitable for dashboards and SSR (default).
- * - `false`     — omits the Content-Security-Policy header entirely.
- * - `string`    — passed through as the raw header value.
- */
-export type CspPreset = 'strict' | 'relaxed' | false | string;
-export interface SecureHeadersOptions {
-    /** Strict-Transport-Security — default: 'max-age=15552000; includeSubDomains' */
-    strictTransportSecurity?: string | false;
-    /** X-Content-Type-Options — default: 'nosniff' */
-    xContentTypeOptions?: string | false;
-    /** X-Frame-Options — default: 'SAMEORIGIN' */
-    xFrameOptions?: string | false;
-    /** X-XSS-Protection — default: '0' (modern recommendation: rely on CSP instead) */
-    xXssProtection?: string | false;
-    /** Referrer-Policy — default: 'strict-origin-when-cross-origin' */
-    referrerPolicy?: string | false;
-    /** Permissions-Policy — default: 'camera=(), microphone=(), geolocation=()' */
-    permissionsPolicy?: string | false;
-    /**
-     * Content-Security-Policy — accepts a preset or a raw header string.
-     *
-     * - `'relaxed'` (default) — allows unsafe-inline scripts/styles.
-     * - `'strict'`            — no unsafe-inline; for APIs and security-critical apps.
-     * - `false`               — omit header entirely.
-     * - custom string         — used as-is.
-     */
-    contentSecurityPolicy?: CspPreset;
-}
-/**
- * secureHeadersPlugin — adds security response headers to every response.
- *
- * Returns an OnResponseHook — pass it to app.onResponse():
- *   app.onResponse(secureHeadersPlugin())
- *   app.onResponse(secureHeadersPlugin({ xFrameOptions: 'DENY', contentSecurityPolicy: 'strict' }))
- *
- * Each option defaults to a secure value. Pass `false` to omit that header entirely.
- * Pass a custom string to override the default value.
- * `contentSecurityPolicy` also accepts `'strict'` (no unsafe-inline) or `'relaxed'` (default).
- *
- * Header resolution runs once at call time — zero overhead per request.
- */
-export declare function secureHeadersPlugin(options?: SecureHeadersOptions): OnResponseHook;
-//# sourceMappingURL=secure-headers.d.ts.map

package/dist/core/src/app/secure-headers.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"secure-headers.d.ts","sourceRoot":"","sources":["../../../../../core/src/app/secure-headers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,SAAS,CAAA;AAG7C;;;;;;;GAOG;AACH,MAAM,MAAM,SAAS,GAAG,QAAQ,GAAG,SAAS,GAAG,KAAK,GAAG,MAAM,CAAA;AAE7D,MAAM,WAAW,oBAAoB;IACnC,iFAAiF;IACjF,uBAAuB,CAAC,EAAE,MAAM,GAAG,KAAK,CAAA;IACxC,kDAAkD;IAClD,mBAAmB,CAAC,EAAM,MAAM,GAAG,KAAK,CAAA;IACxC,8CAA8C;IAC9C,aAAa,CAAC,EAAY,MAAM,GAAG,KAAK,CAAA;IACxC,mFAAmF;IACnF,cAAc,CAAC,EAAW,MAAM,GAAG,KAAK,CAAA;IACxC,mEAAmE;IACnE,cAAc,CAAC,EAAW,MAAM,GAAG,KAAK,CAAA;IACxC,+EAA+E;IAC/E,iBAAiB,CAAC,EAAQ,MAAM,GAAG,KAAK,CAAA;IACxC;;;;;;;OAOG;IACH,qBAAqB,CAAC,EAAI,SAAS,CAAA;CACpC;AA8BD;;;;;;;;;;;;GAYG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,GAAE,oBAAyB,GAAG,cAAc,CAiCtF"}

package/dist/core/src/app/system-ctx.d.ts

@@ -1,3 +0,0 @@
-import type { BaseCtx } from './types';
-export declare function createSystemCtx<TExtra extends object = Record<never, never>>(extra?: TExtra): BaseCtx & TExtra;
-//# sourceMappingURL=system-ctx.d.ts.map

package/dist/core/src/app/system-ctx.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"system-ctx.d.ts","sourceRoot":"","sources":["../../../../../core/src/app/system-ctx.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,SAAS,CAAA;AA8BtC,wBAAgB,eAAe,CAAC,MAAM,SAAS,MAAM,GAAG,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,EAC1E,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,GAAG,MAAM,CAwBlB"}

package/dist/core/src/app/types.d.ts

@@ -1,277 +0,0 @@
-import type { EventBus, VelnEvents } from '../events/index';
-import type { BoundVelnDB } from '../db/index';
-import type { ZodTypeAny, ZodIssue } from 'zod';
-import { VelnError } from '../errors/index';
-export interface VelnWsAdapter {
-    /** Called in fetch() when an HTTP Upgrade: websocket request arrives. */
-    handleUpgrade(req: Request, server: import('bun').Server<unknown>, baseCtx: BaseCtx, plugins: ReadonlyArray<import('./plugin').Plugin<any, any>>, installedPlugins: {
-        value: boolean;
-    }, installedModulePlugins: Set<string>): Promise<Response | null>;
-    /** Returns the Bun websocket handler config. Passed to Bun.serve(). */
-    getWebsocketConfig(): import('bun').WebSocketHandler<Record<string, unknown>>;
-    /** Registers a WS route. Called from app.ws() and app.register(). */
-    registerRoute(path: string, route: WsRouteShape): void;
-    /** Reads all registered WS routes — used by module registration. */
-    getRoute(path: string): WsRouteShape | undefined;
-}
-/** Minimal WS route shape that Core knows about. Full type lives in @veln/ws. */
-export interface WsRouteShape {
-    path: string;
-    _module: unknown | null;
-    [key: string]: unknown;
-}
-export interface AuthPayload {
-    sub?: string;
-    iat?: number;
-    exp?: number;
-    nbf?: number;
-    aud?: string | string[];
-    iss?: string;
-    jti?: string;
-    [key: string]: unknown;
-}
-export type RouteKey = `${'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE'} /${string}`;
-export interface RouteEntry {
-    params?: ZodTypeAny;
-    query?: ZodTypeAny;
-    body?: ZodTypeAny;
-    response?: ZodTypeAny;
-    readonly _prefix?: string;
-}
-export type RouteMap = Record<RouteKey, RouteEntry>;
-export declare class ValidationError extends VelnError {
-    readonly issues: ZodIssue[];
-    constructor(zodError: import('zod').ZodError);
-}
-export interface RouteSchema {
-    params?: ZodTypeAny;
-    query?: ZodTypeAny;
-    body?: ZodTypeAny;
-    response?: ZodTypeAny;
-}
-/** Additional response code definition for OpenAPI docs (e.g. 401, 404). */
-export interface RouteResponseDoc {
-    description: string;
-}
-export interface RouteDocs {
-    /** Human-readable route summary shown in Scalar / Swagger UI. Auto-generated if absent. */
-    summary?: string;
-    /** Longer description rendered below the summary. Markdown supported. */
-    description?: string;
-    /** Unique operationId. Auto-generated if absent (e.g. "listUsers", "getUserById"). */
-    operationId?: string;
-    /**
-     * Additional HTTP response codes to document in the OpenAPI spec.
-     * The 200 success response is always generated automatically.
-     * Use this to document error responses like 401, 403, 404, 422, etc.
-     *
-     * @example
-     * docs: {
-     *   responses: {
-     *     401: { description: 'Unauthorized' },
-     *     404: { description: 'Not found' },
-     *   }
-     * }
-     */
-    responses?: Record<number, RouteResponseDoc>;
-}
-export type InferCtx<TCtx, S extends RouteSchema> = Omit<TCtx, 'params' | 'query'> & {
-    params: S['params'] extends ZodTypeAny ? import('zod').infer<S['params']> : Record<string, string>;
-    query: S['query'] extends ZodTypeAny ? import('zod').infer<S['query']> : Record<string, string | string[]>;
-    body: S['body'] extends ZodTypeAny ? import('zod').infer<S['body']> : unknown;
-};
-export interface RouteHandlerWithSchema<TCtx, S extends RouteSchema> {
-    params?: S['params'];
-    query?: S['query'];
-    body?: S['body'];
-    response?: S['response'];
-    /** Optional OpenAPI documentation override for this route. */
-    docs?: RouteDocs;
-    /** Optional route-level guard — runs before the handler. Use `false` to opt out of a module-level guard. */
-    guard?: Guard<TCtx> | false;
-    handler: (ctx: InferCtx<TCtx, S>) => Response | Promise<Response>;
-}
-/** Controls a streaming response. Passed to the ctx.stream() writer callback. */
-export interface StreamController {
-    /** Push a string or binary chunk to the stream. */
-    send(chunk: string | Uint8Array): void;
-    /** Close the stream. Must be called to end the response. */
-    close(): void;
-}
-/** Options for ctx.stream(). */
-export interface StreamOptions {
-    /**
-     * Content-Type header for the streaming response.
-     * Defaults to `'text/plain'`.
-     * Use `'text/event-stream'` for SSE, `'application/x-ndjson'` for NDJSON.
-     */
-    contentType?: string;
-    /** Additional headers to include in the response. */
-    headers?: Record<string, string>;
-    /** HTTP status code. Defaults to 200. */
-    status?: number;
-}
-/**
- * Controls a Server-Sent Events stream.
- * Passed to the ctx.sse() writer callback.
- *
- * SSE wire format:
- *   event: <name>\ndata: <json>\n\n   — named event
- *   data: <json>\n\n                  — unnamed event
- *   : <text>\n\n                      — comment / keepalive
- *   id: <value>\n                     — event ID for reconnect
- *   retry: <ms>\n                     — reconnect interval
- */
-export interface SseController {
-    /** Send a named event with a JSON-serializable payload. */
-    event(name: string, data: unknown): Promise<void>;
-    /** Send an unnamed data event. */
-    data(data: unknown): Promise<void>;
-    /** Send an SSE comment (e.g. keepalive ping). */
-    comment(text?: string): Promise<void>;
-    /** Set the last event ID (used by the browser for reconnect). */
-    id(id: string): Promise<void>;
-    /** Tell the browser how long to wait before reconnecting (milliseconds). */
-    retry(ms: number): Promise<void>;
-}
-export interface Logger {
-    info(msg: string, ...args: unknown[]): void;
-    warn(msg: string, ...args: unknown[]): void;
-    error(msg: string, ...args: unknown[]): void;
-    debug(msg: string, ...args: unknown[]): void;
-}
-export interface LogOptions {
-    /** Minimum level to emit. Defaults to 'info'. */
-    level?: 'debug' | 'info' | 'warn' | 'error';
-    /** Keys whose values are replaced with '***' in structured data. Case-insensitive. */
-    mask?: string[];
-    /** Suppress all output — useful in tests. */
-    silent?: boolean;
-}
-export interface BaseOptions {
-    log?: LogOptions;
-}
-export interface AuthUser {
-    id: string;
-    permissions: string[];
-}
-export interface AuthAdapter {
-    getUser(ctx: BaseCtx): Promise<AuthUser | null>;
-    hasPermission(user: AuthUser, permission: string): boolean;
-}
-export interface BaseCtx {
-    req: Request;
-    params: Record<string, string>;
-    query: Record<string, string | string[]>;
-    body?: unknown;
-    json: <T>(data: T, status?: number) => Response;
-    text: (data: string, status?: number) => Response;
-    html: (data: string, status?: number) => Response;
-    /**
-     * Returns a streaming Response backed by a ReadableStream.
-     *
-     * The callback receives a StreamController — call `send(chunk)` to push data
-     * and `close()` to end the stream. Errors thrown inside are caught automatically.
-     *
-     * Set `contentType` for SSE (`'text/event-stream'`) or NDJSON (`'application/x-ndjson'`).
-     * Compression is automatically skipped for streaming responses.
-     *
-     * @example
-     * return ctx.stream((stream) => {
-     *   stream.send('data: hello\n\n')
-     *   stream.send('data: world\n\n')
-     *   stream.close()
-     * }, { contentType: 'text/event-stream' })
-     */
-    stream: (writer: (controller: StreamController) => void | Promise<void>, options?: StreamOptions) => Response;
-    /**
-     * Returns a Server-Sent Events Response.
-     *
-     * The callback receives an SseController — call `event()`, `data()`,
-     * `comment()`, `id()`, or `retry()` to push SSE frames, then let the
-     * callback return (or the async iterator complete) to close the stream.
-     *
-     * @example
-     * return ctx.sse(async (sse) => {
-     *   await sse.event('connected', { userId: '42' })
-     *   for await (const update of source()) {
-     *     await sse.event('update', update)
-     *     await sse.comment('keepalive')
-     *   }
-     * })
-     */
-    sse: (writer: (controller: SseController) => void | Promise<void>) => Response;
-    events?: EventBus;
-    logger?: Logger;
-    db?: BoundVelnDB;
-    cookie: import('./cookies').CookieJar;
-    emit: <K extends keyof VelnEvents>(event: K, payload: VelnEvents[K]) => void;
-    _requestQueue?: import('../events/index').RequestEventQueue;
-    _queryLog?: import('../db/index').QueryLog;
-    _startTime?: number;
-}
-export type Guard<TCtx> = (ctx: TCtx) => Response | null | Promise<Response | null>;
-export declare function createGuard<TAdd extends object = object>(fn: (ctx: BaseCtx & TAdd) => Response | null | Promise<Response | null>): Guard<BaseCtx & TAdd>;
-/**
- * defineGuard — creates a named guard that protects routes or modules.
- *
- * Call `.check(fn)` to seal into a `Guard`. Throw any error or return a `Response`
- * inside `fn` to block the request; return normally to allow it through.
- *
- * @param name  Used in log output for tracing which guard triggered.
- *
- * @example
- * const authGuard = defineGuard('auth')
- *   .check<{ user: AuthUser }>((ctx) => {
- *     if (!ctx.user) throw new UnauthorizedError()
- *   })
- */
-declare class GuardBuilder {
-    private readonly _name;
-    private _options;
-    constructor(_name: string);
-    options(opts: BaseOptions): this;
-    check<TAdd extends object = object>(fn: (ctx: BaseCtx & TAdd) => void | Promise<void>): Guard<BaseCtx & TAdd>;
-}
-/** @see GuardBuilder */
-export declare function defineGuard(name: string): GuardBuilder;
-export type ErrorHandler<TCtx = BaseCtx> = (err: unknown, ctx: TCtx) => Response | Promise<Response>;
-export interface RouteHandler<TCtx> {
-    handler: (ctx: TCtx) => Response | Promise<Response>;
-}
-export type OnRequestFn<TCtx extends BaseCtx = BaseCtx> = (ctx: TCtx) => Response | void | Promise<Response | void>;
-export type OnBeforeHandleFn<TCtx extends BaseCtx = BaseCtx> = (ctx: TCtx) => Response | void | Promise<Response | void>;
-export type OnResponseFn<TCtx extends BaseCtx = BaseCtx> = (ctx: TCtx, response: Response) => Response | void | Promise<Response | void>;
-export interface OnRequestHook<TCtx extends BaseCtx = BaseCtx> {
-    readonly _phase: 'onRequest';
-    readonly _fn: OnRequestFn<TCtx>;
-}
-export interface OnBeforeHandleHook<TCtx extends BaseCtx = BaseCtx> {
-    readonly _phase: 'onBeforeHandle';
-    readonly _fn: OnBeforeHandleFn<TCtx>;
-}
-export interface OnResponseHook<TCtx extends BaseCtx = BaseCtx> {
-    readonly _phase: 'onResponse';
-    readonly _fn: OnResponseFn<TCtx>;
-}
-export declare function createOnRequest<TAdd extends object = object>(fn: OnRequestFn<BaseCtx & TAdd>): OnRequestHook<BaseCtx & TAdd>;
-export declare function createOnBeforeHandle<TAdd extends object = object>(fn: OnBeforeHandleFn<BaseCtx & TAdd>): OnBeforeHandleHook<BaseCtx & TAdd>;
-export declare function createOnResponse<TAdd extends object = object>(fn: OnResponseFn<BaseCtx & TAdd>): OnResponseHook<BaseCtx & TAdd>;
-export interface Route<TCtx = BaseCtx> {
-    method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
-    path: string;
-    summary?: string;
-    description?: string;
-    /** OpenAPI documentation override set via the `docs` option on route registration. */
-    docs?: RouteDocs;
-    handler: RouteHandler<TCtx>;
-    guards: Guard<TCtx>[];
-    onError?: ErrorHandler<TCtx>;
-    schema?: RouteSchema;
-    visibility?: 'public' | 'hidden';
-    moduleGuardOptOut?: true;
-    _module?: import('./module').VelnModule;
-    _pluginName?: string;
-}
-export {};
-//# sourceMappingURL=types.d.ts.map