@tetrascience-npm/request 0.2.0-beta.106.2 → 0.2.0

package/dist/cli/init-client.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=init-client.d.ts.map

package/dist/cli/init-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init-client.d.ts","sourceRoot":"","sources":["../../src/cli/init-client.ts"],"names":[],"mappings":""}

package/dist/cli/init-client.js

@@ -0,0 +1,133 @@
+#!/usr/bin/env node
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+/**
+ * @deprecated Use `generate-service-client` instead.
+ *
+ * Scaffolds a typed OpenAPI client directory for a TetraScience service.
+ *
+ * Usage:
+ *   init-service-client --name @tetrascience/my-service-client --spec ../openapi/spec.yaml [--out client]
+ */
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const templates_1 = require("./templates");
+function parseArgs() {
+    const args = process.argv.slice(2);
+    let packageName;
+    let specPath;
+    let outDir = 'client';
+    for (let i = 0; i < args.length; i++) {
+        if (args[i] === '--name' && args[i + 1]) {
+            packageName = args[++i];
+        }
+        else if (args[i] === '--spec' && args[i + 1]) {
+            specPath = args[++i];
+        }
+        else if (args[i] === '--out' && args[i + 1]) {
+            outDir = args[++i];
+        }
+    }
+    if (!packageName) {
+        console.error('Error: --name <@tetrascience/my-service-client> is required');
+        process.exit(1);
+    }
+    if (!specPath) {
+        console.error('Error: --spec <relative-path-to-openapi-yaml> is required');
+        process.exit(1);
+    }
+    return { packageName, specPath, outDir };
+}
+function generatePackageJson(packageName, specPath) {
+    const pkg = {
+        name: packageName,
+        version: '1.0.0',
+        description: `Typed client for the ${(0, templates_1.deriveServiceName)(packageName)} service API`,
+        main: 'dist/index.js',
+        types: 'dist/index.d.ts',
+        files: ['dist'],
+        scripts: {
+            generate: `openapi-typescript ${specPath} -o generated/schema.ts`,
+            'generate:schemas': `generate-request-schemas --spec ${specPath} --out generated`,
+            build: 'yarn generate && yarn generate:schemas && tsc --project tsconfig.build.json',
+        },
+        dependencies: {
+            '@tetrascience/request-middleware': '^0.2.0',
+            'openapi-fetch': '^0.17.0',
+            zod: '^3.24.0',
+        },
+        devDependencies: {
+            '@types/js-yaml': '^4.0.9',
+            'js-yaml': '^4.1.1',
+            'openapi-typescript': '^7.6.0',
+            'openapi-zod-client': '^1.18.3',
+            'ts-node': '^10.9.2',
+            typescript: '^5.7.3',
+        },
+    };
+    return JSON.stringify(pkg, null, 2) + '\n';
+}
+function main() {
+    console.warn('WARNING: init-service-client is deprecated. Use generate-service-client instead.\n');
+    const { packageName, specPath, outDir } = parseArgs();
+    const resolvedOut = path.resolve(outDir);
+    const serviceName = (0, templates_1.deriveServiceName)(packageName);
+    if (fs.existsSync(resolvedOut) && fs.readdirSync(resolvedOut).length > 0) {
+        console.error(`Error: output directory "${outDir}" already exists and is not empty`);
+        process.exit(1);
+    }
+    fs.mkdirSync(resolvedOut, { recursive: true });
+    fs.mkdirSync(path.join(resolvedOut, 'generated'), { recursive: true });
+    const files = {
+        'package.json': generatePackageJson(packageName, specPath),
+        'tsconfig.build.json': (0, templates_1.generateTsConfig)(),
+        'index.ts': (0, templates_1.generateIndexTs)(serviceName),
+        '.gitignore': (0, templates_1.generateClientGitIgnore)(),
+    };
+    for (const [name, content] of Object.entries(files)) {
+        const filePath = path.join(resolvedOut, name);
+        fs.writeFileSync(filePath, content);
+        console.log(`  created ${path.relative(process.cwd(), filePath)}`);
+    }
+    console.log(`\nScaffolded ${packageName} in ${outDir}/`);
+    console.log(`\nNext steps:`);
+    console.log(`  cd ${outDir}`);
+    console.log(`  yarn install`);
+    console.log(`  yarn build`);
+}
+if (require.main === module) {
+    main();
+}

package/dist/client/install-tracking.d.ts

@@ -0,0 +1,18 @@
+import type { ClientTrackingOptions } from './types';
+/**
+ * Install request tracking on the global `fetch` function.
+ *
+ * Every `fetch()` call will automatically get a `ts-request-id` header
+ * and optional logging. Returns an uninstall function to restore the
+ * original `fetch`.
+ *
+ * @example
+ * ```ts
+ * import {installRequestMiddleware, createConsoleLogger} from '@tetrascience/request-middleware/client';
+ *
+ * installRequestMiddleware({logger: createConsoleLogger({prefix: 'my-app'})});
+ * // All fetch() calls now include ts-request-id
+ * ```
+ */
+export declare function installRequestMiddleware(options?: ClientTrackingOptions): () => void;
+//# sourceMappingURL=install-tracking.d.ts.map

package/dist/client/install-tracking.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"install-tracking.d.ts","sourceRoot":"","sources":["../../src/client/install-tracking.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAC,qBAAqB,EAAC,MAAM,SAAS,CAAC;AA8BnD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,MAAM,IAAI,CAoDpF"}

package/dist/client/install-tracking.js

@@ -0,0 +1,88 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.installRequestMiddleware = installRequestMiddleware;
+const constants_1 = require("../shared/constants");
+const generate_request_id_1 = require("../shared/generate-request-id");
+function sanitizeUrl(url) {
+    try {
+        return new URL(url).pathname;
+    }
+    catch {
+        return url.split(/[?#]/)[0];
+    }
+}
+const SESSION_COOKIE_MAX_AGE = 30 * 60; // 30 minutes, refreshed on each request
+/**
+ * Get or create a session ID from cookies.
+ * Creates a new UUID and stores it as a cookie if not already present.
+ * Refreshes the cookie expiry on each call (sliding window).
+ */
+function getOrCreateSessionId() {
+    const match = document.cookie.match(new RegExp(`(?:^|; )${constants_1.SESSION_ID_HEADER}=([^;]*)`));
+    if (match) {
+        // Refresh expiry
+        document.cookie = `${constants_1.SESSION_ID_HEADER}=${match[1]}; path=/; max-age=${SESSION_COOKIE_MAX_AGE}; SameSite=Lax`;
+        return match[1];
+    }
+    const sessionId = (0, generate_request_id_1.generateRequestId)();
+    document.cookie = `${constants_1.SESSION_ID_HEADER}=${sessionId}; path=/; max-age=${SESSION_COOKIE_MAX_AGE}; SameSite=Lax`;
+    return sessionId;
+}
+/**
+ * Install request tracking on the global `fetch` function.
+ *
+ * Every `fetch()` call will automatically get a `ts-request-id` header
+ * and optional logging. Returns an uninstall function to restore the
+ * original `fetch`.
+ *
+ * @example
+ * ```ts
+ * import {installRequestMiddleware, createConsoleLogger} from '@tetrascience/request-middleware/client';
+ *
+ * installRequestMiddleware({logger: createConsoleLogger({prefix: 'my-app'})});
+ * // All fetch() calls now include ts-request-id
+ * ```
+ */
+function installRequestMiddleware(options) {
+    const { logger } = options ?? {};
+    const originalFetch = globalThis.fetch;
+    globalThis.fetch = (input, init) => {
+        // Merge headers: start from the Request's headers (if input is a Request),
+        // then layer on init?.headers, then add tracking headers.
+        const inputHeaders = input instanceof Request ? input.headers : undefined;
+        const headers = new Headers(inputHeaders);
+        if (init?.headers) {
+            new Headers(init.headers).forEach((value, key) => headers.set(key, value));
+        }
+        if (!headers.has(constants_1.REQUEST_ID_HEADER)) {
+            headers.set(constants_1.REQUEST_ID_HEADER, (0, generate_request_id_1.generateRequestId)());
+        }
+        const requestId = headers.get(constants_1.REQUEST_ID_HEADER);
+        if (!headers.has(constants_1.SESSION_ID_HEADER) && typeof document !== 'undefined') {
+            headers.set(constants_1.SESSION_ID_HEADER, getOrCreateSessionId());
+        }
+        const url = typeof input === 'string' ? input : input instanceof URL ? input.href : input.url;
+        logger?.debug('Outgoing request', {
+            requestId,
+            path: sanitizeUrl(url),
+        });
+        return originalFetch(input, { ...init, headers }).then((response) => {
+            logger?.debug('Response received', {
+                requestId,
+                path: sanitizeUrl(url),
+                status: response.status,
+            });
+            return response;
+        }, (error) => {
+            logger?.error('Request failed', {
+                requestId,
+                path: sanitizeUrl(url),
+                error: error instanceof Error ? error.message : String(error),
+            });
+            throw error;
+        });
+    };
+    return () => {
+        globalThis.fetch = originalFetch;
+    };
+}

package/dist/client/middleware.d.ts

@@ -0,0 +1,18 @@
+import type { Middleware } from 'openapi-fetch';
+import type { ClientTrackingOptions } from './types';
+/**
+ * Create request tracking middleware for openapi-fetch clients (browser).
+ *
+ * Composes tracing (request ID injection) with request/response logging.
+ *
+ * @example
+ * ```ts
+ * import createClient from 'openapi-fetch';
+ * import {createRequestTrackingMiddleware} from '@tetrascience/request-middleware/client';
+ *
+ * const client = createClient<paths>({baseUrl: '/api'});
+ * client.use(createRequestTrackingMiddleware());
+ * ```
+ */
+export declare function createRequestTrackingMiddleware(options?: ClientTrackingOptions): Middleware;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/client/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/client/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,eAAe,CAAC;AAK9C,OAAO,KAAK,EAAC,qBAAqB,EAAC,MAAM,SAAS,CAAC;AAWnD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,+BAA+B,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,UAAU,CAkD3F"}

package/dist/client/middleware.js

@@ -0,0 +1,71 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createRequestTrackingMiddleware = createRequestTrackingMiddleware;
+const constants_1 = require("../shared/constants");
+const tracing_1 = require("../shared/middleware/tracing");
+const sanitize_url_1 = require("./sanitize-url");
+/**
+ * Read ts-session-id from cookies if available (browser only).
+ */
+function getSessionIdFromCookie() {
+    if (typeof document === 'undefined')
+        return undefined;
+    const match = document.cookie.match(new RegExp(`(?:^|; )${constants_1.SESSION_ID_HEADER}=([^;]*)`));
+    return match?.[1];
+}
+/**
+ * Create request tracking middleware for openapi-fetch clients (browser).
+ *
+ * Composes tracing (request ID injection) with request/response logging.
+ *
+ * @example
+ * ```ts
+ * import createClient from 'openapi-fetch';
+ * import {createRequestTrackingMiddleware} from '@tetrascience/request-middleware/client';
+ *
+ * const client = createClient<paths>({baseUrl: '/api'});
+ * client.use(createRequestTrackingMiddleware());
+ * ```
+ */
+function createRequestTrackingMiddleware(options) {
+    const { logger } = options ?? {};
+    const tracingMiddleware = (0, tracing_1.createTracingMiddleware)({
+        requestId: options?.requestId,
+        sessionId: options?.sessionId ?? getSessionIdFromCookie,
+    });
+    return {
+        onRequest(params) {
+            // Delegate header injection to shared tracing middleware
+            tracingMiddleware.onRequest(params);
+            const { request, schemaPath } = params;
+            const requestId = request.headers.get(constants_1.REQUEST_ID_HEADER);
+            logger?.debug('Outgoing request', {
+                requestId,
+                method: request.method,
+                path: (0, sanitize_url_1.sanitizeUrl)(request.url),
+                schemaPath,
+            });
+            return request;
+        },
+        onResponse({ request, response, schemaPath }) {
+            const requestId = request.headers.get(constants_1.REQUEST_ID_HEADER);
+            logger?.debug('Response received', {
+                requestId,
+                method: request.method,
+                path: (0, sanitize_url_1.sanitizeUrl)(request.url),
+                schemaPath,
+                status: response.status,
+            });
+        },
+        onError({ request, error, schemaPath }) {
+            const requestId = request.headers.get(constants_1.REQUEST_ID_HEADER);
+            logger?.error('Request failed', {
+                requestId,
+                method: request.method,
+                path: (0, sanitize_url_1.sanitizeUrl)(request.url),
+                schemaPath,
+                error: error instanceof Error ? error.message : String(error),
+            });
+        },
+    };
+}

package/dist/client/sanitize-url.d.ts

@@ -0,0 +1,3 @@
+/** Extract pathname from a URL, stripping query string and hash. */
+export declare function sanitizeUrl(url: string): string;
+//# sourceMappingURL=sanitize-url.d.ts.map

package/dist/client/sanitize-url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize-url.d.ts","sourceRoot":"","sources":["../../src/client/sanitize-url.ts"],"names":[],"mappings":"AAAA,oEAAoE;AACpE,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAQ/C"}

package/dist/client/sanitize-url.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sanitizeUrl = sanitizeUrl;
+/** Extract pathname from a URL, stripping query string and hash. */
+function sanitizeUrl(url) {
+    try {
+        // Try absolute URL first
+        return new URL(url).pathname;
+    }
+    catch {
+        // Relative URL — strip query string and hash manually
+        return url.split(/[?#]/)[0];
+    }
+}

package/dist/server/express-middleware.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Minimal Express-compatible types so we don't depend on @types/express.
+ */
+interface IncomingRequest {
+    headers: Record<string, string | string[] | undefined>;
+    cookies?: Record<string, string>;
+}
+interface ServerResponse {
+    setHeader?(name: string, value: string): void;
+}
+type NextFunction = () => void;
+type ExpressMiddleware = (req: IncomingRequest, res: ServerResponse, next: NextFunction) => void;
+/**
+ * Express middleware that sets up request context for tracing and auth.
+ *
+ * Reads from incoming headers and cookies:
+ * - `ts-request-id` — generates UUID if missing
+ * - `ts-session-id` — generates UUID if missing, sets cookie for persistence
+ * - `x-org-slug` — from header or cookie
+ * - `ts-auth-token` — from header or cookie
+ *
+ * All downstream code can access the context via `getRequestContext()`.
+ * Generated clients auto-resolve auth and tracing from this context.
+ *
+ * Requires `cookie-parser` middleware to run before this middleware
+ * so that `req.cookies` is populated.
+ *
+ * @example
+ * ```ts
+ * import express from 'express';
+ * import cookieParser from 'cookie-parser';
+ * import { createRequestMiddleware } from '@tetrascience/request-middleware/server';
+ *
+ * const app = express();
+ * app.use(cookieParser());
+ * app.use(createRequestMiddleware());
+ * ```
+ */
+export declare function createRequestMiddleware(): ExpressMiddleware;
+export {};
+//# sourceMappingURL=express-middleware.d.ts.map

package/dist/server/express-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"express-middleware.d.ts","sourceRoot":"","sources":["../../src/server/express-middleware.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,UAAU,eAAe;IACxB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AACD,UAAU,cAAc;IACvB,SAAS,CAAC,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9C;AACD,KAAK,YAAY,GAAG,MAAM,IAAI,CAAC;AAC/B,KAAK,iBAAiB,GAAG,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE,YAAY,KAAK,IAAI,CAAC;AAIjG;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,uBAAuB,IAAI,iBAAiB,CAwB3D"}

package/dist/server/express-middleware.js

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createRequestMiddleware = createRequestMiddleware;
+const crypto_1 = require("crypto");
+const constants_1 = require("../shared/constants");
+const request_context_1 = require("./request-context");
+const SESSION_COOKIE_MAX_AGE = 30 * 60; // 30 minutes, matching the browser cookie
+/**
+ * Express middleware that sets up request context for tracing and auth.
+ *
+ * Reads from incoming headers and cookies:
+ * - `ts-request-id` — generates UUID if missing
+ * - `ts-session-id` — generates UUID if missing, sets cookie for persistence
+ * - `x-org-slug` — from header or cookie
+ * - `ts-auth-token` — from header or cookie
+ *
+ * All downstream code can access the context via `getRequestContext()`.
+ * Generated clients auto-resolve auth and tracing from this context.
+ *
+ * Requires `cookie-parser` middleware to run before this middleware
+ * so that `req.cookies` is populated.
+ *
+ * @example
+ * ```ts
+ * import express from 'express';
+ * import cookieParser from 'cookie-parser';
+ * import { createRequestMiddleware } from '@tetrascience/request-middleware/server';
+ *
+ * const app = express();
+ * app.use(cookieParser());
+ * app.use(createRequestMiddleware());
+ * ```
+ */
+function createRequestMiddleware() {
+    return (req, res, next) => {
+        const requestId = req.headers[constants_1.REQUEST_ID_HEADER] || (0, crypto_1.randomUUID)();
+        // Session: header → cookie → generate
+        let sessionId = req.headers[constants_1.SESSION_ID_HEADER]
+            || req.cookies?.[constants_1.SESSION_ID_HEADER];
+        if (!sessionId) {
+            sessionId = (0, crypto_1.randomUUID)();
+        }
+        // Always refresh the session cookie (sliding expiry)
+        res.setHeader?.('Set-Cookie', `${constants_1.SESSION_ID_HEADER}=${sessionId}; Path=/; Max-Age=${SESSION_COOKIE_MAX_AGE}; HttpOnly; SameSite=Lax`);
+        // Auth: header → cookie (optional, may not be present for background jobs)
+        const orgSlug = req.headers[constants_1.ORG_SLUG_HEADER]
+            || req.cookies?.[constants_1.ORG_SLUG_HEADER];
+        const authToken = req.headers[constants_1.AUTH_TOKEN_HEADER]
+            || req.cookies?.[constants_1.AUTH_TOKEN_HEADER];
+        (0, request_context_1.runWithRequestContext)({ requestId, sessionId, orgSlug, authToken }, () => next());
+    };
+}

package/dist/server/middleware.d.ts

@@ -0,0 +1,27 @@
+import type { Middleware } from 'openapi-fetch';
+import type { RequestTrackingMiddlewareOptions } from './types';
+/**
+ * Create openapi-fetch middleware that injects TetraScience service headers
+ * on every outgoing request.
+ *
+ * Reads request context from AsyncLocalStorage to propagate:
+ * - ts-request-id (from context or generates new UUID)
+ * - ts-initiating-service-name
+ * - ts-internal-api-key
+ * - x-org-slug (passthrough from incoming request context)
+ * - ts-auth-token (passthrough from incoming request context)
+ *
+ * @example
+ * ```ts
+ * import createClient from 'openapi-fetch';
+ * import {createRequestTrackingMiddleware} from '@tetrascience/request-middleware/server';
+ *
+ * const client = createClient<paths>({baseUrl: env.DATA_APPS_ENDPOINT});
+ * client.use(createRequestTrackingMiddleware({
+ *   serviceName: 'my-service',
+ *   internalApiKey: process.env.INTERNAL_API_KEY,
+ * }));
+ * ```
+ */
+export declare function createRequestTrackingMiddleware(options: RequestTrackingMiddlewareOptions): Middleware;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/server/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/server/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,eAAe,CAAC;AAU9C,OAAO,KAAK,EAAC,gCAAgC,EAAC,MAAM,SAAS,CAAC;AAE9D;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,+BAA+B,CAAC,OAAO,EAAE,gCAAgC,GAAG,UAAU,CA+BrG"}

package/dist/server/middleware.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createRequestTrackingMiddleware = createRequestTrackingMiddleware;
+const constants_1 = require("../shared/constants");
+const request_context_1 = require("./request-context");
+/**
+ * Create openapi-fetch middleware that injects TetraScience service headers
+ * on every outgoing request.
+ *
+ * Reads request context from AsyncLocalStorage to propagate:
+ * - ts-request-id (from context or generates new UUID)
+ * - ts-initiating-service-name
+ * - ts-internal-api-key
+ * - x-org-slug (passthrough from incoming request context)
+ * - ts-auth-token (passthrough from incoming request context)
+ *
+ * @example
+ * ```ts
+ * import createClient from 'openapi-fetch';
+ * import {createRequestTrackingMiddleware} from '@tetrascience/request-middleware/server';
+ *
+ * const client = createClient<paths>({baseUrl: env.DATA_APPS_ENDPOINT});
+ * client.use(createRequestTrackingMiddleware({
+ *   serviceName: 'my-service',
+ *   internalApiKey: process.env.INTERNAL_API_KEY,
+ * }));
+ * ```
+ */
+function createRequestTrackingMiddleware(options) {
+    const { serviceName, internalApiKey, getRequestId: getReqId = request_context_1.getRequestId } = options;
+    return {
+        onRequest({ request }) {
+            const context = (0, request_context_1.getRequestContext)();
+            const requestId = getReqId();
+            if (!request.headers.has(constants_1.REQUEST_ID_HEADER)) {
+                request.headers.set(constants_1.REQUEST_ID_HEADER, requestId);
+            }
+            if (!request.headers.has(constants_1.INITIATING_SERVICE_NAME_HEADER)) {
+                request.headers.set(constants_1.INITIATING_SERVICE_NAME_HEADER, serviceName);
+            }
+            const apiKey = typeof internalApiKey === 'function' ? internalApiKey() : internalApiKey;
+            if (apiKey && !request.headers.has(constants_1.INTERNAL_API_KEY_HEADER)) {
+                request.headers.set(constants_1.INTERNAL_API_KEY_HEADER, apiKey);
+            }
+            // Passthrough from incoming request context
+            if (context.orgSlug && !request.headers.has(constants_1.ORG_SLUG_HEADER)) {
+                request.headers.set(constants_1.ORG_SLUG_HEADER, context.orgSlug);
+            }
+            if (context.authToken && !request.headers.has(constants_1.AUTH_TOKEN_HEADER)) {
+                request.headers.set(constants_1.AUTH_TOKEN_HEADER, context.authToken);
+            }
+            return request;
+        },
+    };
+}

package/dist/server/validation.d.ts

@@ -0,0 +1,40 @@
+import type { Middleware } from 'openapi-fetch';
+/**
+ * Any object with a `.parse()` method, compatible with both Zod 3 and Zod 4.
+ */
+export interface Parseable {
+    parse(data: unknown): unknown;
+}
+/**
+ * A map of "METHOD /path" → schema for request body validation.
+ *
+ * Values must have a `.parse()` method (any Zod version works).
+ *
+ * Keys use the OpenAPI path template format, e.g.:
+ *   "POST /v1/dataapps/apps/manage"
+ *   "PUT /v1/dataapps/apps/{id}/labels"
+ */
+export type RequestBodySchemaMap = Record<string, Parseable>;
+export interface RequestValidationMiddlewareOptions {
+    /** Map of "METHOD /path" → Zod schema for request body validation. */
+    schemas: RequestBodySchemaMap;
+}
+/**
+ * Create openapi-fetch middleware that validates request bodies against
+ * Zod schemas before the request is sent over the wire.
+ *
+ * If validation fails, a ZodError is thrown and the request is never sent.
+ * Endpoints without a matching schema are passed through without validation.
+ *
+ * @example
+ * ```ts
+ * import createClient from 'openapi-fetch';
+ * import {createRequestValidationMiddleware} from '@tetrascience/request-middleware/server';
+ * import {requestBodySchemas} from './generated/request-schemas';
+ *
+ * const client = createClient<paths>({baseUrl: '...'});
+ * client.use(createRequestValidationMiddleware({schemas: requestBodySchemas}));
+ * ```
+ */
+export declare function createRequestValidationMiddleware(options: RequestValidationMiddlewareOptions): Middleware;
+//# sourceMappingURL=validation.d.ts.map

package/dist/server/validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/server/validation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,eAAe,CAAC;AAE9C;;GAEG;AACH,MAAM,WAAW,SAAS;IACzB,KAAK,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC;CAC9B;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;AAE7D,MAAM,WAAW,kCAAkC;IAClD,sEAAsE;IACtE,OAAO,EAAE,oBAAoB,CAAC;CAC9B;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,iCAAiC,CAAC,OAAO,EAAE,kCAAkC,GAAG,UAAU,CA2BzG"}

package/dist/server/validation.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createRequestValidationMiddleware = createRequestValidationMiddleware;
+/**
+ * Create openapi-fetch middleware that validates request bodies against
+ * Zod schemas before the request is sent over the wire.
+ *
+ * If validation fails, a ZodError is thrown and the request is never sent.
+ * Endpoints without a matching schema are passed through without validation.
+ *
+ * @example
+ * ```ts
+ * import createClient from 'openapi-fetch';
+ * import {createRequestValidationMiddleware} from '@tetrascience/request-middleware/server';
+ * import {requestBodySchemas} from './generated/request-schemas';
+ *
+ * const client = createClient<paths>({baseUrl: '...'});
+ * client.use(createRequestValidationMiddleware({schemas: requestBodySchemas}));
+ * ```
+ */
+function createRequestValidationMiddleware(options) {
+    const { schemas } = options;
+    return {
+        async onRequest({ request, schemaPath }) {
+            const key = `${request.method} ${schemaPath}`;
+            const schema = schemas[key];
+            if (!schema)
+                return request;
+            const cloned = request.clone();
+            const rawText = await cloned.text();
+            if (rawText === '') {
+                return request;
+            }
+            let body;
+            try {
+                body = JSON.parse(rawText);
+            }
+            catch (err) {
+                throw err;
+            }
+            schema.parse(body);
+            return request;
+        },
+    };
+}

package/dist/shared/auth-middleware.d.ts

@@ -0,0 +1,45 @@
+import type { Middleware } from 'openapi-fetch';
+import type { InternalAuth, DirectAuth, TracingOptions } from './client-types';
+/**
+ * Create middleware that injects tracing headers: request ID, session ID,
+ * and service name.
+ *
+ * All values are optional. `requestId` falls back to a new UUID if not
+ * provided. Values can be static strings or functions resolved per-request.
+ *
+ * @example
+ * ```ts
+ * client.use(createTracingMiddleware({
+ *   requestId: () => getRequestId(),
+ *   sessionId: () => getRequestContext().sessionId,
+ *   serviceName: 'my-service',
+ * }))
+ * ```
+ */
+export declare function createTracingMiddleware(options?: TracingOptions): Middleware;
+/**
+ * Create middleware that injects internal (service-to-service) auth headers.
+ *
+ * @example
+ * ```ts
+ * client.use(createInternalAuthMiddleware({
+ *   internalApiKey: process.env.INTERNAL_API_KEY,
+ *   orgSlug: () => getRequestContext().orgSlug,
+ *   authToken: () => getRequestContext().authToken,
+ * }))
+ * ```
+ */
+export declare function createInternalAuthMiddleware(auth: InternalAuth): Middleware;
+/**
+ * Create middleware that injects direct (user/browser) auth headers.
+ *
+ * @example
+ * ```ts
+ * client.use(createDirectAuthMiddleware({
+ *   token: jwt,
+ *   orgSlug: 'my-org',
+ * }))
+ * ```
+ */
+export declare function createDirectAuthMiddleware(auth: DirectAuth): Middleware;
+//# sourceMappingURL=auth-middleware.d.ts.map

package/dist/shared/auth-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../../src/shared/auth-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,eAAe,CAAC;AAE9C,OAAO,KAAK,EAAC,YAAY,EAAE,UAAU,EAAE,cAAc,EAAC,MAAM,gBAAgB,CAAC;AAsB7E;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,CAAC,EAAE,cAAc,GAAG,UAAU,CAS5E;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,4BAA4B,CAAC,IAAI,EAAE,YAAY,GAAG,UAAU,CAS3E;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,CAQvE"}

package/dist/shared/auth-middleware.js

@@ -0,0 +1,84 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createTracingMiddleware = createTracingMiddleware;
+exports.createInternalAuthMiddleware = createInternalAuthMiddleware;
+exports.createDirectAuthMiddleware = createDirectAuthMiddleware;
+const constants_1 = require("./constants");
+const generate_request_id_1 = require("./generate-request-id");
+function resolve(value) {
+    return typeof value === 'function' ? value() : value;
+}
+function setIfAbsent(request, header, value) {
+    const resolved = resolve(value);
+    if (resolved && !request.headers.has(header)) {
+        request.headers.set(header, resolved);
+    }
+}
+/**
+ * Create middleware that injects tracing headers: request ID, session ID,
+ * and service name.
+ *
+ * All values are optional. `requestId` falls back to a new UUID if not
+ * provided. Values can be static strings or functions resolved per-request.
+ *
+ * @example
+ * ```ts
+ * client.use(createTracingMiddleware({
+ *   requestId: () => getRequestId(),
+ *   sessionId: () => getRequestContext().sessionId,
+ *   serviceName: 'my-service',
+ * }))
+ * ```
+ */
+function createTracingMiddleware(options) {
+    return {
+        onRequest({ request }) {
+            setIfAbsent(request, constants_1.REQUEST_ID_HEADER, resolve(options?.requestId) ?? (0, generate_request_id_1.generateRequestId)());
+            setIfAbsent(request, constants_1.SESSION_ID_HEADER, options?.sessionId);
+            setIfAbsent(request, constants_1.INITIATING_SERVICE_NAME_HEADER, options?.serviceName);
+            return request;
+        },
+    };
+}
+/**
+ * Create middleware that injects internal (service-to-service) auth headers.
+ *
+ * @example
+ * ```ts
+ * client.use(createInternalAuthMiddleware({
+ *   internalApiKey: process.env.INTERNAL_API_KEY,
+ *   orgSlug: () => getRequestContext().orgSlug,
+ *   authToken: () => getRequestContext().authToken,
+ * }))
+ * ```
+ */
+function createInternalAuthMiddleware(auth) {
+    return {
+        onRequest({ request }) {
+            setIfAbsent(request, constants_1.INTERNAL_API_KEY_HEADER, auth.internalApiKey);
+            setIfAbsent(request, constants_1.ORG_SLUG_HEADER, auth.orgSlug);
+            setIfAbsent(request, constants_1.AUTH_TOKEN_HEADER, auth.authToken);
+            return request;
+        },
+    };
+}
+/**
+ * Create middleware that injects direct (user/browser) auth headers.
+ *
+ * @example
+ * ```ts
+ * client.use(createDirectAuthMiddleware({
+ *   token: jwt,
+ *   orgSlug: 'my-org',
+ * }))
+ * ```
+ */
+function createDirectAuthMiddleware(auth) {
+    return {
+        onRequest({ request }) {
+            setIfAbsent(request, constants_1.AUTH_TOKEN_HEADER, auth.token);
+            setIfAbsent(request, constants_1.ORG_SLUG_HEADER, auth.orgSlug);
+            return request;
+        },
+    };
+}

package/dist/shared/safe-response.d.ts

@@ -0,0 +1,22 @@
+import type { Middleware } from 'openapi-fetch';
+/**
+ * Create openapi-fetch middleware that prevents crashes when the server
+ * returns a non-JSON body (e.g. plain text "success") on a successful response.
+ *
+ * openapi-fetch's default parser calls `response.json()` which throws on
+ * non-JSON bodies. This middleware detects that case and wraps the body in
+ * a `{ message: "<text>" }` JSON envelope so parsing succeeds.
+ *
+ * 204 No Content responses are left untouched (no body to parse).
+ *
+ * @example
+ * ```ts
+ * import createClient from 'openapi-fetch';
+ * import {createSafeResponseMiddleware} from '@tetrascience/request-middleware';
+ *
+ * const client = createClient<paths>({baseUrl: '...'});
+ * client.use(createSafeResponseMiddleware());
+ * ```
+ */
+export declare function createSafeResponseMiddleware(): Middleware;
+//# sourceMappingURL=safe-response.d.ts.map

package/dist/shared/safe-response.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"safe-response.d.ts","sourceRoot":"","sources":["../../src/shared/safe-response.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,eAAe,CAAC;AAE9C;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,4BAA4B,IAAI,UAAU,CAkBzD"}

package/dist/shared/safe-response.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSafeResponseMiddleware = createSafeResponseMiddleware;
+/**
+ * Create openapi-fetch middleware that prevents crashes when the server
+ * returns a non-JSON body (e.g. plain text "success") on a successful response.
+ *
+ * openapi-fetch's default parser calls `response.json()` which throws on
+ * non-JSON bodies. This middleware detects that case and wraps the body in
+ * a `{ message: "<text>" }` JSON envelope so parsing succeeds.
+ *
+ * 204 No Content responses are left untouched (no body to parse).
+ *
+ * @example
+ * ```ts
+ * import createClient from 'openapi-fetch';
+ * import {createSafeResponseMiddleware} from '@tetrascience/request-middleware';
+ *
+ * const client = createClient<paths>({baseUrl: '...'});
+ * client.use(createSafeResponseMiddleware());
+ * ```
+ */
+function createSafeResponseMiddleware() {
+    return {
+        async onResponse({ response }) {
+            const contentType = response.headers.get('content-type') || '';
+            const isJson = contentType.includes('/json') || contentType.includes('+json');
+            if (response.ok && response.status !== 204 && !isJson) {
+                const text = await response.clone().text();
+                const headers = new Headers(response.headers);
+                headers.set('content-type', 'application/json');
+                return new Response(JSON.stringify({ message: text }), {
+                    status: response.status,
+                    statusText: response.statusText,
+                    headers,
+                });
+            }
+            return undefined;
+        },
+    };
+}

package/dist/shared/validation.d.ts

@@ -0,0 +1,40 @@
+import type { Middleware } from 'openapi-fetch';
+/**
+ * Any object with a `.parse()` method, compatible with both Zod 3 and Zod 4.
+ */
+export interface Parseable {
+    parse(data: unknown): unknown;
+}
+/**
+ * A map of "METHOD /path" → schema for request body validation.
+ *
+ * Values must have a `.parse()` method (any Zod version works).
+ *
+ * Keys use the OpenAPI path template format, e.g.:
+ *   "POST /v1/dataapps/apps/manage"
+ *   "PUT /v1/dataapps/apps/{id}/labels"
+ */
+export type RequestBodySchemaMap = Record<string, Parseable>;
+export interface RequestValidationMiddlewareOptions {
+    /** Map of "METHOD /path" → Zod schema for request body validation. */
+    schemas: RequestBodySchemaMap;
+}
+/**
+ * Create openapi-fetch middleware that validates request bodies against
+ * Zod schemas before the request is sent over the wire.
+ *
+ * If validation fails, a ZodError is thrown and the request is never sent.
+ * Endpoints without a matching schema are passed through without validation.
+ *
+ * @example
+ * ```ts
+ * import createClient from 'openapi-fetch';
+ * import {createRequestValidationMiddleware} from '@tetrascience/request-middleware';
+ * import {requestBodySchemas} from './generated/request-schemas';
+ *
+ * const client = createClient<paths>({baseUrl: '...'});
+ * client.use(createRequestValidationMiddleware({schemas: requestBodySchemas}));
+ * ```
+ */
+export declare function createRequestValidationMiddleware(options: RequestValidationMiddlewareOptions): Middleware;
+//# sourceMappingURL=validation.d.ts.map

package/dist/shared/validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/shared/validation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,eAAe,CAAC;AAE9C;;GAEG;AACH,MAAM,WAAW,SAAS;IACzB,KAAK,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC;CAC9B;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;AAE7D,MAAM,WAAW,kCAAkC;IAClD,sEAAsE;IACtE,OAAO,EAAE,oBAAoB,CAAC;CAC9B;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,iCAAiC,CAAC,OAAO,EAAE,kCAAkC,GAAG,UAAU,CAqBzG"}

package/dist/shared/validation.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createRequestValidationMiddleware = createRequestValidationMiddleware;
+/**
+ * Create openapi-fetch middleware that validates request bodies against
+ * Zod schemas before the request is sent over the wire.
+ *
+ * If validation fails, a ZodError is thrown and the request is never sent.
+ * Endpoints without a matching schema are passed through without validation.
+ *
+ * @example
+ * ```ts
+ * import createClient from 'openapi-fetch';
+ * import {createRequestValidationMiddleware} from '@tetrascience/request-middleware';
+ * import {requestBodySchemas} from './generated/request-schemas';
+ *
+ * const client = createClient<paths>({baseUrl: '...'});
+ * client.use(createRequestValidationMiddleware({schemas: requestBodySchemas}));
+ * ```
+ */
+function createRequestValidationMiddleware(options) {
+    const { schemas } = options;
+    return {
+        async onRequest({ request, schemaPath }) {
+            const key = `${request.method} ${schemaPath}`;
+            const schema = schemas[key];
+            if (!schema)
+                return request;
+            const cloned = request.clone();
+            const rawText = await cloned.text();
+            if (rawText === '') {
+                return request;
+            }
+            const body = JSON.parse(rawText);
+            schema.parse(body);
+            return request;
+        },
+    };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@tetrascience-npm/request",
-	"version": "0.2.0-beta.106.2",
+	"version": "0.2.0",
 	"description": "Request tracking middleware for TetraScience services and data apps (client + server).",
 	"license": "Apache-2.0",
 	"packageManager": "yarn@4.1.0",