@rexeus/typeweaver-server 0.10.1 → 0.10.3

package/dist/index.cjs

@@ -26,6 +26,7 @@ node_path = __toESM(node_path);
 let node_url = require("node:url");
 let _rexeus_typeweaver_gen = require("@rexeus/typeweaver-gen");
 let _rexeus_typeweaver_core = require("@rexeus/typeweaver-core");
+let polycase = require("polycase");
 //#region src/routerGenerator.ts
 /**
 * Generates TypeweaverRouter subclasses from API definitions.
@@ -44,7 +45,7 @@ function generate(context) {
 	for (const resource of context.normalizedSpec.resources) writeRouter(resource, templateFile, context);
 }
 function writeRouter(resource, templateFile, context) {
-	const pascalCaseEntityName = (0, _rexeus_typeweaver_gen.toPascalCase)(resource.name);
+	const pascalCaseEntityName = (0, polycase.pascalCase)(resource.name);
 	const outputDir = context.getResourceOutputDir(resource.name);
 	const outputPath = node_path.default.join(outputDir, `${pascalCaseEntityName}Router.ts`);
 	const operations = resource.operations.filter((operation) => operation.method !== _rexeus_typeweaver_core.HttpMethod.HEAD).map((operation) => createOperationData(operation)).sort((a, b) => (0, _rexeus_typeweaver_gen.compareRoutes)(a, b));
@@ -59,7 +60,7 @@ function writeRouter(resource, templateFile, context) {
 }
 function createOperationData(operation) {
 	const operationId = operation.operationId;
-	const className = (0, _rexeus_typeweaver_gen.toPascalCase)(operationId);
+	const className = (0, polycase.pascalCase)(operationId);
 	return {
 		operationId,
 		className,

package/dist/index.mjs

@@ -1,7 +1,8 @@
 import path from "node:path";
 import { fileURLToPath } from "node:url";
-import { BasePlugin, compareRoutes, relative, toPascalCase } from "@rexeus/typeweaver-gen";
+import { BasePlugin, compareRoutes, relative } from "@rexeus/typeweaver-gen";
 import { HttpMethod } from "@rexeus/typeweaver-core";
+import { pascalCase } from "polycase";
 //#region src/routerGenerator.ts
 /**
 * Generates TypeweaverRouter subclasses from API definitions.
@@ -20,7 +21,7 @@ function generate(context) {
 	for (const resource of context.normalizedSpec.resources) writeRouter(resource, templateFile, context);
 }
 function writeRouter(resource, templateFile, context) {
-	const pascalCaseEntityName = toPascalCase(resource.name);
+	const pascalCaseEntityName = pascalCase(resource.name);
 	const outputDir = context.getResourceOutputDir(resource.name);
 	const outputPath = path.join(outputDir, `${pascalCaseEntityName}Router.ts`);
 	const operations = resource.operations.filter((operation) => operation.method !== HttpMethod.HEAD).map((operation) => createOperationData(operation)).sort((a, b) => compareRoutes(a, b));
@@ -35,7 +36,7 @@ function writeRouter(resource, templateFile, context) {
 }
 function createOperationData(operation) {
 	const operationId = operation.operationId;
-	const className = toPascalCase(operationId);
+	const className = pascalCase(operationId);
 	return {
 		operationId,
 		className,

package/dist/index.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"index.mjs","names":[],"sources":["../src/routerGenerator.ts","../src/index.ts"],"sourcesContent":["import path from \"node:path\";\nimport { fileURLToPath } from \"node:url\";\nimport { HttpMethod } from \"@rexeus/typeweaver-core\";\nimport { compareRoutes, relative, toPascalCase } from \"@rexeus/typeweaver-gen\";\nimport type {\n  GeneratorContext,\n  NormalizedOperation,\n  NormalizedResource,\n} from \"@rexeus/typeweaver-gen\";\n\ntype OperationData = {\n  readonly operationId: string;\n  readonly className: string;\n  readonly handlerName: string;\n  readonly method: string;\n  readonly path: string;\n};\n\n/**\n * Generates TypeweaverRouter subclasses from API definitions.\n *\n * For each resource (e.g., `Todo`, `Account`), produces a `<ResourceName>Router.ts`\n * file that extends `TypeweaverRouter` and registers all operations as routes.\n */\n\n/**\n * Generates router files for all resources in the given context.\n *\n * @param context - The generator context containing resources, templates, and output configuration\n */\nexport function generate(context: GeneratorContext): void {\n  const moduleDir = path.dirname(fileURLToPath(import.meta.url));\n  const templateFile = path.join(moduleDir, \"templates\", \"Router.ejs\");\n\n  for (const resource of context.normalizedSpec.resources) {\n    writeRouter(resource, templateFile, context);\n  }\n}\n\nfunction writeRouter(\n  resource: NormalizedResource,\n  templateFile: string,\n  context: GeneratorContext\n): void {\n  const pascalCaseEntityName = toPascalCase(resource.name);\n  const outputDir = context.getResourceOutputDir(resource.name);\n  const outputPath = path.join(outputDir, `${pascalCaseEntityName}Router.ts`);\n\n  const operations = resource.operations\n    .filter(operation => operation.method !== HttpMethod.HEAD)\n    .map(operation => createOperationData(operation))\n    .sort((a, b) => compareRoutes(a, b));\n\n  const content = context.renderTemplate(templateFile, {\n    coreDir: relative(outputDir, context.outputDir),\n    entityName: resource.name,\n    pascalCaseEntityName,\n    operations,\n  });\n\n  const relativePath = path.relative(context.outputDir, outputPath);\n  context.writeFile(relativePath, content);\n}\n\nfunction createOperationData(operation: NormalizedOperation): OperationData {\n  const operationId = operation.operationId;\n  const className = toPascalCase(operationId);\n\n  return {\n    operationId,\n    className,\n    handlerName: `handle${className}Request`,\n    method: operation.method,\n    path: operation.path,\n  };\n}\n","import path from \"node:path\";\nimport { fileURLToPath } from \"node:url\";\nimport { BasePlugin } from \"@rexeus/typeweaver-gen\";\nimport type { GeneratorContext } from \"@rexeus/typeweaver-gen\";\nimport { generate as generateRouters } from \"./routerGenerator\";\n\nconst moduleDir = path.dirname(fileURLToPath(import.meta.url));\n\n/**\n * Typeweaver plugin that generates a lightweight, dependency-free server\n * with built-in routing and middleware support.\n *\n * Copies the runtime library files (`TypeweaverApp`, `TypeweaverRouter`, `Router`,\n * `Middleware`, etc.) and generates typed router classes for each resource.\n */\nexport class ServerPlugin extends BasePlugin {\n  public name = \"server\";\n  public override depends = [\"types\"];\n\n  /**\n   * Generates the server runtime and typed routers for all resources.\n   *\n   * @param context - The generator context\n   */\n  public override generate(context: GeneratorContext): void {\n    const libSourceDir = path.join(moduleDir, \"lib\");\n    this.copyLibFiles(context, libSourceDir, this.name);\n\n    generateRouters(context);\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;AA8BA,SAAgB,SAAS,SAAiC;CACxD,MAAM,YAAY,KAAK,QAAQ,cAAc,OAAO,KAAK,IAAI,CAAC;CAC9D,MAAM,eAAe,KAAK,KAAK,WAAW,aAAa,aAAa;AAEpE,MAAK,MAAM,YAAY,QAAQ,eAAe,UAC5C,aAAY,UAAU,cAAc,QAAQ;;AAIhD,SAAS,YACP,UACA,cACA,SACM;CACN,MAAM,uBAAuB,aAAa,SAAS,KAAK;CACxD,MAAM,YAAY,QAAQ,qBAAqB,SAAS,KAAK;CAC7D,MAAM,aAAa,KAAK,KAAK,WAAW,GAAG,qBAAqB,WAAW;CAE3E,MAAM,aAAa,SAAS,WACzB,QAAO,cAAa,UAAU,WAAW,WAAW,KAAK,CACzD,KAAI,cAAa,oBAAoB,UAAU,CAAC,CAChD,MAAM,GAAG,MAAM,cAAc,GAAG,EAAE,CAAC;CAEtC,MAAM,UAAU,QAAQ,eAAe,cAAc;EACnD,SAAS,SAAS,WAAW,QAAQ,UAAU;EAC/C,YAAY,SAAS;EACrB;EACA;EACD,CAAC;CAEF,MAAM,eAAe,KAAK,SAAS,QAAQ,WAAW,WAAW;AACjE,SAAQ,UAAU,cAAc,QAAQ;;AAG1C,SAAS,oBAAoB,WAA+C;CAC1E,MAAM,cAAc,UAAU;CAC9B,MAAM,YAAY,aAAa,YAAY;AAE3C,QAAO;EACL;EACA;EACA,aAAa,SAAS,UAAU;EAChC,QAAQ,UAAU;EAClB,MAAM,UAAU;EACjB;;;;ACpEH,MAAM,YAAY,KAAK,QAAQ,cAAc,OAAO,KAAK,IAAI,CAAC;;;;;;;;AAS9D,IAAa,eAAb,cAAkC,WAAW;CAC3C,OAAc;CACd,UAA0B,CAAC,QAAQ;;;;;;CAOnC,SAAyB,SAAiC;EACxD,MAAM,eAAe,KAAK,KAAK,WAAW,MAAM;AAChD,OAAK,aAAa,SAAS,cAAc,KAAK,KAAK;AAEnD,WAAgB,QAAQ"}
+{"version":3,"file":"index.mjs","names":[],"sources":["../src/routerGenerator.ts","../src/index.ts"],"sourcesContent":["import path from \"node:path\";\nimport { fileURLToPath } from \"node:url\";\nimport { HttpMethod } from \"@rexeus/typeweaver-core\";\nimport { compareRoutes, relative } from \"@rexeus/typeweaver-gen\";\nimport type {\n  GeneratorContext,\n  NormalizedOperation,\n  NormalizedResource,\n} from \"@rexeus/typeweaver-gen\";\nimport { pascalCase } from \"polycase\";\n\ntype OperationData = {\n  readonly operationId: string;\n  readonly className: string;\n  readonly handlerName: string;\n  readonly method: string;\n  readonly path: string;\n};\n\n/**\n * Generates TypeweaverRouter subclasses from API definitions.\n *\n * For each resource (e.g., `Todo`, `Account`), produces a `<ResourceName>Router.ts`\n * file that extends `TypeweaverRouter` and registers all operations as routes.\n */\n\n/**\n * Generates router files for all resources in the given context.\n *\n * @param context - The generator context containing resources, templates, and output configuration\n */\nexport function generate(context: GeneratorContext): void {\n  const moduleDir = path.dirname(fileURLToPath(import.meta.url));\n  const templateFile = path.join(moduleDir, \"templates\", \"Router.ejs\");\n\n  for (const resource of context.normalizedSpec.resources) {\n    writeRouter(resource, templateFile, context);\n  }\n}\n\nfunction writeRouter(\n  resource: NormalizedResource,\n  templateFile: string,\n  context: GeneratorContext\n): void {\n  const pascalCaseEntityName = pascalCase(resource.name);\n  const outputDir = context.getResourceOutputDir(resource.name);\n  const outputPath = path.join(outputDir, `${pascalCaseEntityName}Router.ts`);\n\n  const operations = resource.operations\n    .filter(operation => operation.method !== HttpMethod.HEAD)\n    .map(operation => createOperationData(operation))\n    .sort((a, b) => compareRoutes(a, b));\n\n  const content = context.renderTemplate(templateFile, {\n    coreDir: relative(outputDir, context.outputDir),\n    entityName: resource.name,\n    pascalCaseEntityName,\n    operations,\n  });\n\n  const relativePath = path.relative(context.outputDir, outputPath);\n  context.writeFile(relativePath, content);\n}\n\nfunction createOperationData(operation: NormalizedOperation): OperationData {\n  const operationId = operation.operationId;\n  const className = pascalCase(operationId);\n\n  return {\n    operationId,\n    className,\n    handlerName: `handle${className}Request`,\n    method: operation.method,\n    path: operation.path,\n  };\n}\n","import path from \"node:path\";\nimport { fileURLToPath } from \"node:url\";\nimport { BasePlugin } from \"@rexeus/typeweaver-gen\";\nimport type { GeneratorContext } from \"@rexeus/typeweaver-gen\";\nimport { generate as generateRouters } from \"./routerGenerator.js\";\n\nconst moduleDir = path.dirname(fileURLToPath(import.meta.url));\n\n/**\n * Typeweaver plugin that generates a lightweight, dependency-free server\n * with built-in routing and middleware support.\n *\n * Copies the runtime library files (`TypeweaverApp`, `TypeweaverRouter`, `Router`,\n * `Middleware`, etc.) and generates typed router classes for each resource.\n */\nexport class ServerPlugin extends BasePlugin {\n  public name = \"server\";\n  public override depends = [\"types\"];\n\n  /**\n   * Generates the server runtime and typed routers for all resources.\n   *\n   * @param context - The generator context\n   */\n  public override generate(context: GeneratorContext): void {\n    const libSourceDir = path.join(moduleDir, \"lib\");\n    this.copyLibFiles(context, libSourceDir, this.name);\n\n    generateRouters(context);\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AA+BA,SAAgB,SAAS,SAAiC;CACxD,MAAM,YAAY,KAAK,QAAQ,cAAc,OAAO,KAAK,IAAI,CAAC;CAC9D,MAAM,eAAe,KAAK,KAAK,WAAW,aAAa,aAAa;AAEpE,MAAK,MAAM,YAAY,QAAQ,eAAe,UAC5C,aAAY,UAAU,cAAc,QAAQ;;AAIhD,SAAS,YACP,UACA,cACA,SACM;CACN,MAAM,uBAAuB,WAAW,SAAS,KAAK;CACtD,MAAM,YAAY,QAAQ,qBAAqB,SAAS,KAAK;CAC7D,MAAM,aAAa,KAAK,KAAK,WAAW,GAAG,qBAAqB,WAAW;CAE3E,MAAM,aAAa,SAAS,WACzB,QAAO,cAAa,UAAU,WAAW,WAAW,KAAK,CACzD,KAAI,cAAa,oBAAoB,UAAU,CAAC,CAChD,MAAM,GAAG,MAAM,cAAc,GAAG,EAAE,CAAC;CAEtC,MAAM,UAAU,QAAQ,eAAe,cAAc;EACnD,SAAS,SAAS,WAAW,QAAQ,UAAU;EAC/C,YAAY,SAAS;EACrB;EACA;EACD,CAAC;CAEF,MAAM,eAAe,KAAK,SAAS,QAAQ,WAAW,WAAW;AACjE,SAAQ,UAAU,cAAc,QAAQ;;AAG1C,SAAS,oBAAoB,WAA+C;CAC1E,MAAM,cAAc,UAAU;CAC9B,MAAM,YAAY,WAAW,YAAY;AAEzC,QAAO;EACL;EACA;EACA,aAAa,SAAS,UAAU;EAChC,QAAQ,UAAU;EAClB,MAAM,UAAU;EACjB;;;;ACrEH,MAAM,YAAY,KAAK,QAAQ,cAAc,OAAO,KAAK,IAAI,CAAC;;;;;;;;AAS9D,IAAa,eAAb,cAAkC,WAAW;CAC3C,OAAc;CACd,UAA0B,CAAC,QAAQ;;;;;;CAOnC,SAAyB,SAAiC;EACxD,MAAM,eAAe,KAAK,KAAK,WAAW,MAAM;AAChD,OAAK,aAAa,SAAS,cAAc,KAAK,KAAK;AAEnD,WAAgB,QAAQ"}

package/dist/lib/BodyLimitPolicy.ts

@@ -0,0 +1,111 @@
+/**
+ * This file was automatically generated by typeweaver.
+ * DO NOT EDIT. Instead, modify the source definition file and generate again.
+ *
+ * @generated by @rexeus/typeweaver
+ */
+
+export const DEFAULT_MAX_BODY_SIZE = 1_048_576; // 1 MB
+
+export type BodyLimitCapability =
+  | "unvalidated-request-body"
+  | "prevalidated-request-body";
+
+export type BodyLimitPolicy = {
+  readonly maxBodySize: number;
+  readonly capability: BodyLimitCapability;
+};
+
+type RequestBodyPrevalidation = {
+  readonly maxBodySize: number;
+};
+
+// NodeAdapter reads and caps IncomingMessage bodies before creating Fetch
+// Requests. This WeakMap records that Node→Fetch handoff so FetchApiAdapter
+// skips re-reading only when the Node policy was at least as strict.
+const requestBodyPrevalidations = new WeakMap<
+  Request,
+  RequestBodyPrevalidation
+>();
+
+const FETCH_BODY_LIMIT_CAPABILITY: BodyLimitCapability =
+  "unvalidated-request-body";
+
+const NODE_BODY_LIMIT_CAPABILITY: BodyLimitCapability =
+  "prevalidated-request-body";
+
+export function createFetchBodyLimitPolicy(
+  maxBodySize?: number
+): BodyLimitPolicy {
+  return {
+    maxBodySize: resolveMaxBodySize(maxBodySize),
+    capability: FETCH_BODY_LIMIT_CAPABILITY,
+  };
+}
+
+export function createNodeBodyLimitPolicy(
+  maxBodySize?: number
+): BodyLimitPolicy {
+  return {
+    maxBodySize: resolveMaxBodySize(maxBodySize),
+    capability: NODE_BODY_LIMIT_CAPABILITY,
+  };
+}
+
+export function resolveMaxBodySize(maxBodySize?: number): number {
+  return maxBodySize ?? DEFAULT_MAX_BODY_SIZE;
+}
+
+export function parseContentLength(
+  value: string | string[] | null | undefined
+): number | undefined {
+  const rawValue = Array.isArray(value) ? value[0] : value;
+  if (rawValue === undefined || rawValue === null) {
+    return undefined;
+  }
+
+  const contentLength = Number(rawValue);
+  if (!Number.isFinite(contentLength) || contentLength < 0) {
+    return undefined;
+  }
+
+  return contentLength;
+}
+
+export function isBodySizeOverLimit(
+  bodySize: number,
+  maxBodySize: number
+): boolean {
+  return bodySize > maxBodySize;
+}
+
+export function markRequestBodyPrevalidated(
+  request: Request,
+  policy: BodyLimitPolicy
+): void {
+  if (policy.capability !== "prevalidated-request-body") {
+    return;
+  }
+
+  requestBodyPrevalidations.set(request, {
+    maxBodySize: policy.maxBodySize,
+  });
+}
+
+export function getRequestBodyPrevalidation(
+  request: Request
+): RequestBodyPrevalidation | undefined {
+  return requestBodyPrevalidations.get(request);
+}
+
+export function hasSatisfiedBodyLimitPolicy(
+  request: Request,
+  policy: BodyLimitPolicy
+): boolean {
+  const prevalidation = getRequestBodyPrevalidation(request);
+  if (!prevalidation) {
+    return false;
+  }
+
+  return prevalidation.maxBodySize <= policy.maxBodySize;
+}

package/dist/lib/Errors.ts

@@ -29,6 +29,22 @@ export class PayloadTooLargeError extends Error {
   }
 }
 
+/**
+ * Error thrown when a skipped request body cannot be drained before timeout.
+ * Caught by NodeAdapter to return a 413 Payload Too Large response.
+ */
+export class RequestBodyDrainTimeoutError extends Error {
+  public override readonly name = "RequestBodyDrainTimeoutError";
+  public constructor(
+    public readonly maxBodySize: number,
+    public readonly timeoutMs: number
+  ) {
+    super(
+      `Request body drain timed out after ${timeoutMs}ms while enforcing ${maxBodySize} byte limit`
+    );
+  }
+}
+
 /**
  * Error thrown when the response body cannot be serialized to JSON.
  * Typically caused by circular references or non-serializable values.

package/dist/lib/FetchApiAdapter.ts

@@ -13,14 +13,22 @@ import type {
   IHttpRequest,
   IHttpResponse,
 } from "@rexeus/typeweaver-core";
+import {
+  createFetchBodyLimitPolicy,
+  hasSatisfiedBodyLimitPolicy,
+  isBodySizeOverLimit,
+  parseContentLength,
+} from "./BodyLimitPolicy.js";
 import {
   BodyParseError,
   PayloadTooLargeError,
   ResponseSerializationError,
-} from "./Errors";
+} from "./Errors.js";
+import type { BodyLimitPolicy } from "./BodyLimitPolicy.js";
 
 export type FetchApiAdapterOptions = {
   readonly maxBodySize?: number;
+  readonly bodyLimitPolicy?: BodyLimitPolicy;
 };
 
 /**
@@ -35,13 +43,12 @@ export type FetchApiAdapterOptions = {
  * Bun, Deno, Node.js (>=18), Cloudflare Workers.
  */
 export class FetchApiAdapter {
-  private static readonly DEFAULT_MAX_BODY_SIZE = 1_048_576; // 1 MB
-
-  private readonly maxBodySize: number;
+  private readonly bodyLimitPolicy: BodyLimitPolicy;
 
   public constructor(options?: FetchApiAdapterOptions) {
-    this.maxBodySize =
-      options?.maxBodySize ?? FetchApiAdapter.DEFAULT_MAX_BODY_SIZE;
+    this.bodyLimitPolicy =
+      options?.bodyLimitPolicy ??
+      createFetchBodyLimitPolicy(options?.maxBodySize);
   }
 
   /**
@@ -234,21 +241,24 @@ export class FetchApiAdapter {
   }
 
   private async enforceBodySizeLimit(request: Request): Promise<Request> {
-    const contentLengthHeader = request.headers.get("content-length");
-    if (contentLengthHeader === null) {
-      return this.readBodyWithLimit(request);
-    }
-
-    const contentLength = Number(contentLengthHeader);
-    if (!Number.isFinite(contentLength) || contentLength < 0) {
-      return this.readBodyWithLimit(request);
+    if (hasSatisfiedBodyLimitPolicy(request, this.bodyLimitPolicy)) {
+      return request;
     }
 
-    if (contentLength > this.maxBodySize) {
-      throw new PayloadTooLargeError(contentLength, this.maxBodySize);
+    const contentLength = parseContentLength(
+      request.headers.get("content-length")
+    );
+    if (
+      contentLength !== undefined &&
+      isBodySizeOverLimit(contentLength, this.bodyLimitPolicy.maxBodySize)
+    ) {
+      throw new PayloadTooLargeError(
+        contentLength,
+        this.bodyLimitPolicy.maxBodySize
+      );
     }
 
-    return request;
+    return this.readBodyWithLimit(request);
   }
 
   private async readBodyWithLimit(request: Request): Promise<Request> {
@@ -264,14 +274,27 @@ export class FetchApiAdapter {
         if (done) break;
 
         totalBytes += value.byteLength;
-        if (totalBytes > this.maxBodySize) {
-          await reader.cancel();
-          throw new PayloadTooLargeError(totalBytes, this.maxBodySize);
+        if (isBodySizeOverLimit(totalBytes, this.bodyLimitPolicy.maxBodySize)) {
+          throw new PayloadTooLargeError(
+            totalBytes,
+            this.bodyLimitPolicy.maxBodySize
+          );
         }
         chunks.push(value);
       }
+    } catch (error) {
+      try {
+        await reader.cancel();
+      } catch {
+        // Preserve the original read failure if stream cleanup also fails.
+      }
+      throw error;
     } finally {
-      reader.releaseLock();
+      try {
+        reader.releaseLock();
+      } catch {
+        // Some runtimes may report release errors after stream termination.
+      }
     }
 
     return new Request(request.url, {
@@ -299,7 +322,8 @@ export class FetchApiAdapter {
   ): string | ArrayBuffer | Blob | null {
     if (body === undefined || body === null) return null;
     if (typeof body === "string") return body;
-    if (body instanceof Blob || body instanceof ArrayBuffer) return body;
+    if (body instanceof ArrayBuffer) return body;
+    if (body instanceof Blob) return body;
 
     try {
       return JSON.stringify(body);
@@ -332,6 +356,10 @@ export class FetchApiAdapter {
       headers.set("content-type", "application/json");
     }
 
+    if (!headers.has("content-type") && body instanceof Blob && body.type) {
+      headers.set("content-type", body.type);
+    }
+
     return headers;
   }
 

package/dist/lib/Middleware.ts

@@ -6,7 +6,7 @@
  */
 
 import type { IHttpResponse } from "@rexeus/typeweaver-core";
-import type { ServerContext } from "./ServerContext";
+import type { ServerContext } from "./ServerContext.js";
 
 /**
  * A middleware function that processes requests in the pipeline.

package/dist/lib/NodeAdapter.ts

@@ -10,10 +10,36 @@ import {
   internalServerErrorDefaultError,
   payloadTooLargeDefaultError,
 } from "@rexeus/typeweaver-core";
-import { PayloadTooLargeError } from "./Errors";
-import type { TypeweaverApp } from "./TypeweaverApp";
+import {
+  createNodeBodyLimitPolicy,
+  isBodySizeOverLimit,
+  markRequestBodyPrevalidated,
+  parseContentLength,
+} from "./BodyLimitPolicy.js";
+import {
+  PayloadTooLargeError,
+  RequestBodyDrainTimeoutError,
+} from "./Errors.js";
+import {
+  getTypeweaverAppErrorReporter,
+  getTypeweaverAppRuntimeContext,
+} from "./TypeweaverInternals.js";
+import type { TypeweaverApp } from "./TypeweaverApp.js";
 import type { IncomingMessage, ServerResponse } from "node:http";
 
+type DrainRequestResult = {
+  readonly exceededLimit: boolean;
+  readonly timedOut: boolean;
+  readonly totalBytes: number;
+};
+
+type DrainRequestOptions = {
+  readonly destroyOnLimitExceeded?: boolean;
+  readonly timeoutMs?: number;
+};
+
+const REQUEST_DRAIN_TIMEOUT_MS = 5_000;
+
 /**
  * Adapts a `TypeweaverApp` to Node.js `http.createServer`.
  *
@@ -29,8 +55,6 @@ import type { IncomingMessage, ServerResponse } from "node:http";
  * createServer(nodeAdapter(app)).listen(3000);
  * ```
  */
-const DEFAULT_MAX_BODY_SIZE = 1_048_576; // 1 MB
-
 export type NodeAdapterOptions = {
   readonly maxBodySize?: number;
 };
@@ -39,9 +63,14 @@ export function nodeAdapter(
   app: TypeweaverApp<any>,
   options?: NodeAdapterOptions
 ): (req: IncomingMessage, res: ServerResponse) => void {
-  const maxBodySize = options?.maxBodySize ?? DEFAULT_MAX_BODY_SIZE;
+  const appRuntimeContext = getTypeweaverAppRuntimeContext(app);
+  const maxBodySize =
+    options?.maxBodySize ?? appRuntimeContext?.bodyLimitPolicy.maxBodySize;
+  const bodyLimitPolicy = createNodeBodyLimitPolicy(maxBodySize);
+  const reportError = getTypeweaverAppErrorReporter(app);
+
   return (req, res) => {
-    void handleRequest(app, req, res, maxBodySize);
+    void handleRequest(app, req, res, bodyLimitPolicy, reportError);
   };
 }
 
@@ -49,18 +78,45 @@ async function handleRequest(
   app: TypeweaverApp<any>,
   req: IncomingMessage,
   res: ServerResponse,
-  maxBodySize: number
+  bodyLimitPolicy: ReturnType<typeof createNodeBodyLimitPolicy>,
+  reportError: (error: unknown) => void
 ): Promise<void> {
   try {
     const url = new URL(req.url ?? "/", `http://${req.headers.host}`);
-    const isBodyless = req.method === "GET" || req.method === "HEAD";
-    const body = isBodyless ? undefined : await collectBody(req, maxBodySize);
+    const shouldValidateBody = shouldValidateRequestBody(req.method);
+
+    enforceContentLengthLimit(req, bodyLimitPolicy.maxBodySize);
+
+    if (!shouldValidateBody) {
+      const drainResult = await drainRequest(req, bodyLimitPolicy.maxBodySize, {
+        destroyOnLimitExceeded: false,
+      });
+      if (drainResult.exceededLimit) {
+        throw new PayloadTooLargeError(
+          drainResult.totalBytes,
+          bodyLimitPolicy.maxBodySize
+        );
+      }
+      if (drainResult.timedOut) {
+        throw new RequestBodyDrainTimeoutError(
+          bodyLimitPolicy.maxBodySize,
+          REQUEST_DRAIN_TIMEOUT_MS
+        );
+      }
+    }
+
+    const body = !shouldValidateBody
+      ? undefined
+      : await collectBody(req, bodyLimitPolicy.maxBodySize);
 
     const request = new Request(url, {
       method: req.method,
       headers: req.headers as Record<string, string>,
       body,
     });
+    if (shouldValidateBody) {
+      markRequestBodyPrevalidated(request, bodyLimitPolicy);
+    }
 
     const response = await app.fetch(request);
 
@@ -76,28 +132,148 @@ async function handleRequest(
     res.writeHead(response.status);
     res.end(Buffer.from(await response.arrayBuffer()));
   } catch (error) {
-    if (error instanceof PayloadTooLargeError) {
-      if (!res.headersSent) {
-        res.writeHead(payloadTooLargeDefaultError.statusCode, {
-          "content-type": "application/json",
+    reportError(error);
+
+    if (isRequestBodyLimitError(error)) {
+      writeDefaultErrorResponse(res, payloadTooLargeDefaultError, () => {
+        void drainRequest(req, bodyLimitPolicy.maxBodySize, {
+          destroyOnLimitExceeded: true,
         });
-      }
-      res.end(
-        JSON.stringify(createDefaultErrorBody(payloadTooLargeDefaultError))
-      );
+      });
       return;
     }
 
-    console.error(error);
-    if (!res.headersSent) {
-      res.writeHead(internalServerErrorDefaultError.statusCode, {
-        "content-type": "application/json",
-      });
-    }
-    res.end(
-      JSON.stringify(createDefaultErrorBody(internalServerErrorDefaultError))
-    );
+    writeDefaultErrorResponse(res, internalServerErrorDefaultError);
+  }
+}
+
+function shouldValidateRequestBody(method?: string): boolean {
+  return method !== "GET" && method !== "HEAD";
+}
+
+function isRequestBodyLimitError(
+  error: unknown
+): error is PayloadTooLargeError | RequestBodyDrainTimeoutError {
+  return (
+    error instanceof PayloadTooLargeError ||
+    error instanceof RequestBodyDrainTimeoutError
+  );
+}
+
+function enforceContentLengthLimit(
+  req: IncomingMessage,
+  maxBodySize: number
+): void {
+  const contentLength = parseContentLength(req.headers["content-length"]);
+  if (contentLength === undefined) {
+    return;
+  }
+
+  if (isBodySizeOverLimit(contentLength, maxBodySize)) {
+    throw new PayloadTooLargeError(contentLength, maxBodySize);
+  }
+}
+
+function writeDefaultErrorResponse(
+  res: ServerResponse,
+  error:
+    | typeof payloadTooLargeDefaultError
+    | typeof internalServerErrorDefaultError,
+  onFinished?: () => void
+): void {
+  if (!res.headersSent) {
+    res.writeHead(error.statusCode, {
+      "content-type": "application/json",
+    });
+  }
+
+  if (onFinished !== undefined) {
+    res.once("finish", onFinished);
+  }
+
+  res.end(JSON.stringify(createDefaultErrorBody(error)));
+}
+
+async function drainRequest(
+  req: IncomingMessage,
+  maxBodySize: number,
+  options: DrainRequestOptions = {}
+): Promise<DrainRequestResult> {
+  if (req.readableEnded || req.destroyed) {
+    return { exceededLimit: false, timedOut: false, totalBytes: 0 };
   }
+
+  return await new Promise<DrainRequestResult>(resolve => {
+    const destroyOnLimitExceeded = options.destroyOnLimitExceeded ?? true;
+    const timeoutMs = options.timeoutMs ?? REQUEST_DRAIN_TIMEOUT_MS;
+    let drainedBytes = 0;
+    let isSettled = false;
+
+    const settle = (result: Omit<DrainRequestResult, "totalBytes">): void => {
+      if (isSettled) return;
+      isSettled = true;
+      cleanup();
+      resolve({ ...result, totalBytes: drainedBytes });
+    };
+
+    const stopReading = (
+      result: Omit<DrainRequestResult, "totalBytes">
+    ): void => {
+      if (isSettled) return;
+      isSettled = true;
+      cleanup();
+      if (destroyOnLimitExceeded) {
+        req.destroy();
+      }
+      resolve({ ...result, totalBytes: drainedBytes });
+    };
+
+    const drainTimeout = setTimeout(() => {
+      stopReading({ exceededLimit: false, timedOut: true });
+    }, timeoutMs);
+    drainTimeout.unref();
+
+    const handleData = (chunk: Buffer | string): void => {
+      drainedBytes +=
+        typeof chunk === "string" ? Buffer.byteLength(chunk) : chunk.byteLength;
+
+      if (isBodySizeOverLimit(drainedBytes, maxBodySize)) {
+        stopReading({ exceededLimit: true, timedOut: false });
+      }
+    };
+
+    const handleEnd = (): void => {
+      settle({ exceededLimit: false, timedOut: false });
+    };
+
+    const handleClose = (): void => {
+      settle({ exceededLimit: false, timedOut: false });
+    };
+
+    const handleAborted = (): void => {
+      settle({ exceededLimit: false, timedOut: false });
+    };
+
+    const handleError = (): void => {
+      settle({ exceededLimit: false, timedOut: false });
+    };
+
+    const cleanup = (): void => {
+      clearTimeout(drainTimeout);
+      req.off("data", handleData);
+      req.off("end", handleEnd);
+      req.off("error", handleError);
+      req.off("aborted", handleAborted);
+      req.off("close", handleClose);
+    };
+
+    req.on("data", handleData);
+    req.on("end", handleEnd);
+    req.on("error", handleError);
+    req.on("aborted", handleAborted);
+    req.on("close", handleClose);
+    req.resume();
+  });
 }
 
 function collectBody(
@@ -107,26 +283,72 @@ function collectBody(
   return new Promise<ArrayBuffer>((resolve, reject) => {
     const chunks: Buffer[] = [];
     let totalBytes = 0;
+    let isSettled = false;
+
+    const cleanup = (): void => {
+      req.off("data", handleData);
+      req.off("end", handleEnd);
+      req.off("error", handleError);
+      req.off("aborted", handleAborted);
+      req.off("close", handleClose);
+    };
+
+    const rejectOnce = (error: unknown): void => {
+      if (isSettled) return;
+      isSettled = true;
+      cleanup();
+      reject(error);
+    };
+
+    const resolveOnce = (body: ArrayBuffer): void => {
+      if (isSettled) return;
+      isSettled = true;
+      cleanup();
+      resolve(body);
+    };
+
+    const handleData = (chunk: Buffer): void => {
+      if (isSettled) return;
 
-    req.on("data", (chunk: Buffer) => {
       totalBytes += chunk.byteLength;
-      if (totalBytes > maxBodySize) {
-        req.destroy();
-        reject(new PayloadTooLargeError(totalBytes, maxBodySize));
+      if (isBodySizeOverLimit(totalBytes, maxBodySize)) {
+        req.pause();
+        cleanup();
+        req.resume();
+        rejectOnce(new PayloadTooLargeError(totalBytes, maxBodySize));
         return;
       }
       chunks.push(chunk);
-    });
+    };
 
-    req.on("end", () => {
+    const handleEnd = (): void => {
       const combined = Buffer.concat(chunks, totalBytes);
-      resolve(
+      resolveOnce(
         combined.buffer.slice(
           combined.byteOffset,
           combined.byteOffset + combined.byteLength
         ) as ArrayBuffer
       );
-    });
-    req.on("error", reject);
+    };
+
+    const handleError = (error: Error): void => {
+      rejectOnce(error);
+    };
+
+    const handleAborted = (): void => {
+      rejectOnce(new Error("Request aborted while reading body"));
+    };
+
+    const handleClose = (): void => {
+      if (!req.readableEnded) {
+        rejectOnce(new Error("Request closed before body was fully read"));
+      }
+    };
+
+    req.on("data", handleData);
+    req.on("end", handleEnd);
+    req.on("error", handleError);
+    req.on("aborted", handleAborted);
+    req.on("close", handleClose);
   });
 }

package/dist/lib/RequestHandler.ts

@@ -6,7 +6,7 @@
  */
 
 import type { IHttpRequest, IHttpResponse } from "@rexeus/typeweaver-core";
-import type { ServerContext } from "./ServerContext";
+import type { ServerContext } from "./ServerContext.js";
 
 /**
  * A type-safe request handler function.

package/dist/lib/Router.ts

@@ -14,8 +14,8 @@ import type {
   RequestValidationError,
   ResponseValidationError,
 } from "@rexeus/typeweaver-core";
-import type { RequestHandler } from "./RequestHandler";
-import type { ServerContext } from "./ServerContext";
+import type { RequestHandler } from "./RequestHandler.js";
+import type { ServerContext } from "./ServerContext.js";
 
 /**
  * Metadata about a matched route, available in middleware and handlers via `ctx.route`.

package/dist/lib/ServerContext.ts

@@ -6,8 +6,8 @@
  */
 
 import type { IHttpRequest } from "@rexeus/typeweaver-core";
-import type { RouteMetadata } from "./Router";
-import type { StateMap } from "./StateMap";
+import type { RouteMetadata } from "./Router.js";
+import type { StateMap } from "./StateMap.js";
 
 /**
  * Context object passed through the middleware pipeline and to request handlers.

package/dist/lib/TypedMiddleware.ts

@@ -6,9 +6,9 @@
  */
 
 import type { IHttpResponse } from "@rexeus/typeweaver-core";
-import type { Middleware } from "./Middleware";
-import type { ServerContext } from "./ServerContext";
-import type { TypeweaverApp } from "./TypeweaverApp";
+import type { Middleware } from "./Middleware.js";
+import type { ServerContext } from "./ServerContext.js";
+import type { TypeweaverApp } from "./TypeweaverApp.js";
 
 /**
  * A middleware descriptor carrying compile-time metadata about what state

package/dist/lib/TypeweaverApp.ts

@@ -5,6 +5,7 @@
  * @generated by @rexeus/typeweaver
  */
 
+// oxlint-disable import/max-dependencies
 import {
   badRequestDefaultError,
   createDefaultErrorBody,
@@ -18,24 +19,28 @@ import {
   validationDefaultError,
 } from "@rexeus/typeweaver-core";
 import type { IHttpResponse } from "@rexeus/typeweaver-core";
-import { BodyParseError, PayloadTooLargeError } from "./Errors";
-import { FetchApiAdapter } from "./FetchApiAdapter";
-import { executeMiddlewarePipeline } from "./Middleware";
-import { Router } from "./Router";
-import { StateMap } from "./StateMap";
-import type { Middleware } from "./Middleware";
-import type { RequestHandler } from "./RequestHandler";
+import { BodyParseError, PayloadTooLargeError } from "./Errors.js";
+import { executeMiddlewarePipeline } from "./Middleware.js";
+import { Router } from "./Router.js";
+import { StateMap } from "./StateMap.js";
+import { initializeTypeweaverAppRuntime } from "./TypeweaverAppRuntime.js";
+import type { FetchApiAdapter } from "./FetchApiAdapter.js";
+import type { Middleware } from "./Middleware.js";
+import type { RequestHandler } from "./RequestHandler.js";
 import type {
   HttpResponseErrorHandler,
+  RequestValidationErrorHandler,
   ResponseValidationErrorHandler,
   RouteDefinition,
   RouteMatch,
   UnknownErrorHandler,
-  RequestValidationErrorHandler,
-} from "./Router";
-import type { ServerContext } from "./ServerContext";
-import type { StateRequirementError, TypedMiddleware } from "./TypedMiddleware";
-import type { TypeweaverRouter } from "./TypeweaverRouter";
+} from "./Router.js";
+import type { ServerContext } from "./ServerContext.js";
+import type {
+  StateRequirementError,
+  TypedMiddleware,
+} from "./TypedMiddleware.js";
+import type { TypeweaverRouter } from "./TypeweaverRouter.js";
 
 /**
  * The main application class that provides routing, middleware, and
@@ -79,8 +84,12 @@ export class TypeweaverApp<TState extends Record<string, unknown> = {}> {
   private readonly onError: (error: unknown) => void;
 
   public constructor(options?: TypeweaverAppOptions) {
-    this.adapter = new FetchApiAdapter({ maxBodySize: options?.maxBodySize });
-    this.onError = options?.onError ?? console.error;
+    this.onError = options?.onError ?? (error => console.error(error));
+    this.adapter = initializeTypeweaverAppRuntime({
+      app: this,
+      options,
+      reportError: error => this.safeOnError(error),
+    });
   }
 
   private safeOnError(error: unknown): void {

package/dist/lib/TypeweaverAppRuntime.ts

@@ -0,0 +1,37 @@
+/**
+ * This file was automatically generated by typeweaver.
+ * DO NOT EDIT. Instead, modify the source definition file and generate again.
+ *
+ * @generated by @rexeus/typeweaver
+ */
+
+import { createFetchBodyLimitPolicy } from "./BodyLimitPolicy.js";
+import { FetchApiAdapter } from "./FetchApiAdapter.js";
+import { setTypeweaverAppRuntimeContext } from "./TypeweaverInternals.js";
+import type { TypeweaverApp } from "./TypeweaverApp.js";
+
+type InitializeTypeweaverAppRuntimeOptions = {
+  readonly maxBodySize?: number;
+};
+
+type InitializeTypeweaverAppRuntimeParameters = {
+  readonly app: TypeweaverApp<any>;
+  readonly options?: InitializeTypeweaverAppRuntimeOptions;
+  readonly reportError: (error: unknown) => void;
+};
+
+export function initializeTypeweaverAppRuntime({
+  app,
+  options,
+  reportError,
+}: InitializeTypeweaverAppRuntimeParameters): FetchApiAdapter {
+  const bodyLimitPolicy = createFetchBodyLimitPolicy(options?.maxBodySize);
+  const adapter = new FetchApiAdapter({ bodyLimitPolicy });
+
+  setTypeweaverAppRuntimeContext(app, {
+    bodyLimitPolicy,
+    reportError,
+  });
+
+  return adapter;
+}

package/dist/lib/TypeweaverInternals.ts

@@ -0,0 +1,45 @@
+/**
+ * This file was automatically generated by typeweaver.
+ * DO NOT EDIT. Instead, modify the source definition file and generate again.
+ *
+ * @generated by @rexeus/typeweaver
+ */
+
+import type { BodyLimitPolicy } from "./BodyLimitPolicy.js";
+import type { TypeweaverApp } from "./TypeweaverApp.js";
+
+/** Runtime context shared privately between TypeweaverApp and adapters. */
+export type TypeweaverRuntimeContext = {
+  readonly bodyLimitPolicy: BodyLimitPolicy;
+  readonly reportError: (error: unknown) => void;
+};
+
+const appRuntimeContextRegistry = new WeakMap<
+  TypeweaverApp<any>,
+  TypeweaverRuntimeContext
+>();
+
+function fallbackReportError(error: unknown): void {
+  console.error(error);
+}
+
+export function setTypeweaverAppRuntimeContext(
+  app: TypeweaverApp<any>,
+  runtimeContext: TypeweaverRuntimeContext
+): void {
+  appRuntimeContextRegistry.set(app, runtimeContext);
+}
+
+export function getTypeweaverAppRuntimeContext(
+  app: TypeweaverApp<any>
+): TypeweaverRuntimeContext | undefined {
+  return appRuntimeContextRegistry.get(app);
+}
+
+export function getTypeweaverAppErrorReporter(
+  app: TypeweaverApp<any>
+): (error: unknown) => void {
+  return (
+    getTypeweaverAppRuntimeContext(app)?.reportError ?? fallbackReportError
+  );
+}

package/dist/lib/TypeweaverRouter.ts

@@ -12,7 +12,7 @@ import type {
   IRequestValidator,
   IResponseValidator,
 } from "@rexeus/typeweaver-core";
-import type { RequestHandler } from "./RequestHandler";
+import type { RequestHandler } from "./RequestHandler.js";
 import type {
   HttpResponseErrorHandler,
   ResponseValidationErrorHandler,
@@ -20,7 +20,7 @@ import type {
   RouterErrorConfig,
   UnknownErrorHandler,
   RequestValidationErrorHandler,
-} from "./Router";
+} from "./Router.js";
 
 /**
  * Configuration options for TypeweaverRouter instances.

package/dist/lib/index.ts

@@ -7,11 +7,11 @@
 
 /* oxlint-disable import/max-dependencies */
 
-export { TypeweaverApp, type TypeweaverAppOptions } from "./TypeweaverApp";
+export { TypeweaverApp, type TypeweaverAppOptions } from "./TypeweaverApp.js";
 export {
   TypeweaverRouter,
   type TypeweaverRouterOptions,
-} from "./TypeweaverRouter";
+} from "./TypeweaverRouter.js";
 export { HttpMethod } from "@rexeus/typeweaver-core";
 export type {
   HttpResponseErrorHandler,
@@ -19,25 +19,26 @@ export type {
   ResponseValidationErrorHandler,
   RouteMetadata,
   UnknownErrorHandler,
-} from "./Router";
-export type { ServerContext } from "./ServerContext";
-export type { RequestHandler } from "./RequestHandler";
-export { StateMap } from "./StateMap";
+} from "./Router.js";
+export type { ServerContext } from "./ServerContext.js";
+export type { RequestHandler } from "./RequestHandler.js";
+export { StateMap } from "./StateMap.js";
 export {
   defineMiddleware,
   type InferState,
   type NextFn,
   type StateRequirementError,
   type TypedMiddleware,
-} from "./TypedMiddleware";
+} from "./TypedMiddleware.js";
 export {
   BodyParseError,
   PayloadTooLargeError,
+  RequestBodyDrainTimeoutError,
   ResponseSerializationError,
-} from "./Errors";
-export { FetchApiAdapter } from "./FetchApiAdapter";
-export { nodeAdapter, type NodeAdapterOptions } from "./NodeAdapter";
-export { pathMatcher } from "./PathMatcher";
+} from "./Errors.js";
+export { FetchApiAdapter } from "./FetchApiAdapter.js";
+export { nodeAdapter, type NodeAdapterOptions } from "./NodeAdapter.js";
+export { pathMatcher } from "./PathMatcher.js";
 export {
   basicAuth,
   type BasicAuthOptions,
@@ -56,4 +57,4 @@ export {
   scoped,
   secureHeaders,
   type SecureHeadersOptions,
-} from "./middleware/index";
+} from "./middleware/index.js";

package/dist/lib/middleware/basicAuth.ts

@@ -3,8 +3,8 @@ import {
   unauthorizedDefaultError,
 } from "@rexeus/typeweaver-core";
 import type { IHttpResponse } from "@rexeus/typeweaver-core";
-import { defineMiddleware } from "../TypedMiddleware";
-import type { ServerContext } from "../ServerContext";
+import { defineMiddleware } from "../TypedMiddleware.js";
+import type { ServerContext } from "../ServerContext.js";
 
 export type BasicAuthOptions = {
   readonly verifyCredentials: (

package/dist/lib/middleware/bearerAuth.ts

@@ -3,8 +3,8 @@ import {
   unauthorizedDefaultError,
 } from "@rexeus/typeweaver-core";
 import type { IHttpResponse } from "@rexeus/typeweaver-core";
-import { defineMiddleware } from "../TypedMiddleware";
-import type { ServerContext } from "../ServerContext";
+import { defineMiddleware } from "../TypedMiddleware.js";
+import type { ServerContext } from "../ServerContext.js";
 
 export type BearerAuthOptions = {
   readonly verifyToken: (

package/dist/lib/middleware/cors.ts

@@ -1,5 +1,5 @@
 import type { IHttpResponse } from "@rexeus/typeweaver-core";
-import { defineMiddleware } from "../TypedMiddleware";
+import { defineMiddleware } from "../TypedMiddleware.js";
 
 export type CorsOptions = {
   readonly origin?:

package/dist/lib/middleware/index.ts

@@ -1,8 +1,8 @@
-export { basicAuth, type BasicAuthOptions } from "./basicAuth";
-export { bearerAuth, type BearerAuthOptions } from "./bearerAuth";
-export { cors, type CorsOptions } from "./cors";
-export { logger, type LogData, type LoggerOptions } from "./logger";
-export { poweredBy, type PoweredByOptions } from "./poweredBy";
-export { requestId, type RequestIdOptions } from "./requestId";
-export { scoped, except } from "./scoped";
-export { secureHeaders, type SecureHeadersOptions } from "./secureHeaders";
+export { basicAuth, type BasicAuthOptions } from "./basicAuth.js";
+export { bearerAuth, type BearerAuthOptions } from "./bearerAuth.js";
+export { cors, type CorsOptions } from "./cors.js";
+export { logger, type LogData, type LoggerOptions } from "./logger.js";
+export { poweredBy, type PoweredByOptions } from "./poweredBy.js";
+export { requestId, type RequestIdOptions } from "./requestId.js";
+export { scoped, except } from "./scoped.js";
+export { secureHeaders, type SecureHeadersOptions } from "./secureHeaders.js";

package/dist/lib/middleware/logger.ts

@@ -1,4 +1,4 @@
-import { defineMiddleware } from "../TypedMiddleware";
+import { defineMiddleware } from "../TypedMiddleware.js";
 
 export type LogData = {
   readonly method: string;

package/dist/lib/middleware/poweredBy.ts

@@ -1,5 +1,5 @@
 import type { IHttpResponse } from "@rexeus/typeweaver-core";
-import { defineMiddleware } from "../TypedMiddleware";
+import { defineMiddleware } from "../TypedMiddleware.js";
 
 export type PoweredByOptions = {
   readonly name?: string;

package/dist/lib/middleware/requestId.ts

@@ -1,5 +1,5 @@
 import type { IHttpResponse } from "@rexeus/typeweaver-core";
-import { defineMiddleware } from "../TypedMiddleware";
+import { defineMiddleware } from "../TypedMiddleware.js";
 
 export type RequestIdOptions = {
   readonly headerName?: string;

package/dist/lib/middleware/scoped.ts

@@ -1,6 +1,6 @@
-import { pathMatcher } from "../PathMatcher";
-import { defineMiddleware } from "../TypedMiddleware";
-import type { TypedMiddleware } from "../TypedMiddleware";
+import { pathMatcher } from "../PathMatcher.js";
+import { defineMiddleware } from "../TypedMiddleware.js";
+import type { TypedMiddleware } from "../TypedMiddleware.js";
 
 /**
  * Restricts a middleware to only run on paths matching the given patterns.

package/dist/lib/middleware/secureHeaders.ts

@@ -1,5 +1,5 @@
 import type { IHttpResponse } from "@rexeus/typeweaver-core";
-import { defineMiddleware } from "../TypedMiddleware";
+import { defineMiddleware } from "../TypedMiddleware.js";
 
 export type SecureHeadersOptions = {
   readonly contentTypeOptions?: string | false;

package/dist/templates/Router.ejs

@@ -6,12 +6,12 @@
  * @generated by @rexeus/typeweaver
  */
 
-import { HttpMethod, TypeweaverRouter, type RequestHandler, type TypeweaverRouterOptions } from "<%- coreDir %>/lib/server";
+import { HttpMethod, TypeweaverRouter, type RequestHandler, type TypeweaverRouterOptions } from "<%- coreDir %>/lib/server/index.js";
 <% for (const operation of operations) { %>
-import type { I<%- operation.className %>Request } from "./<%- operation.className %>Request";
-import { <%- operation.className %>RequestValidator } from "./<%- operation.className %>RequestValidator";
-import type { <%- operation.className %>Response } from "./<%- operation.className %>Response";
-import { <%- operation.className %>ResponseValidator } from "./<%- operation.className %>ResponseValidator";
+import type { I<%- operation.className %>Request } from "./<%- operation.className %>Request.js";
+import { <%- operation.className %>RequestValidator } from "./<%- operation.className %>RequestValidator.js";
+import type { <%- operation.className %>Response } from "./<%- operation.className %>Response.js";
+import { <%- operation.className %>ResponseValidator } from "./<%- operation.className %>ResponseValidator.js";
 <% } %>
 
 export type Server<%- pascalCaseEntityName %>ApiHandler<

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rexeus/typeweaver-server",
-  "version": "0.10.1",
+  "version": "0.10.3",
   "description": "Generates a lightweight, dependency-free server with built-in routing and middleware from your API definitions. Powered by Typeweaver.",
   "type": "module",
   "sideEffects": false,
@@ -47,15 +47,18 @@
   },
   "homepage": "https://github.com/rexeus/typeweaver#readme",
   "peerDependencies": {
-    "@rexeus/typeweaver-core": "^0.10.1",
-    "@rexeus/typeweaver-gen": "^0.10.1"
+    "@rexeus/typeweaver-core": "^0.10.3",
+    "@rexeus/typeweaver-gen": "^0.10.3"
   },
   "devDependencies": {
     "get-port": "^7.2.0",
     "test-utils": "file:../test-utils",
     "tsx": "^4.21.0",
-    "@rexeus/typeweaver-core": "^0.10.1",
-    "@rexeus/typeweaver-gen": "^0.10.1"
+    "@rexeus/typeweaver-core": "^0.10.3",
+    "@rexeus/typeweaver-gen": "^0.10.3"
+  },
+  "dependencies": {
+    "polycase": "^1.1.0"
   },
   "scripts": {
     "typecheck": "tsc --noEmit -p tsconfig.typecheck.json",