@tstdl/base 0.93.178 → 0.93.179

package/notification/server/drizzle/{0000_wise_pyro.sql → 0000_new_tenebrous.sql}

@@ -2,7 +2,7 @@ CREATE TYPE "notification"."notification_channel" AS ENUM('in-app', 'email', 'we
 CREATE TYPE "notification"."notification_priority" AS ENUM('low', 'medium', 'high', 'urgent');--> statement-breakpoint
 CREATE TYPE "notification"."notification_status" AS ENUM('pending', 'sent', 'delivered', 'read', 'failed');--> statement-breakpoint
 CREATE TABLE "notification"."in_app" (
-	"id" uuid DEFAULT gen_random_uuid() NOT NULL,
+	"id" uuid DEFAULT uuidv7() NOT NULL,
 	"tenant_id" uuid NOT NULL,
 	"user_id" uuid NOT NULL,
 	"log_id" uuid NOT NULL,
@@ -14,7 +14,7 @@ CREATE TABLE "notification"."in_app" (
 );
 --> statement-breakpoint
 CREATE TABLE "notification"."in_app_archive" (
-	"id" uuid DEFAULT gen_random_uuid() NOT NULL,
+	"id" uuid DEFAULT uuidv7() NOT NULL,
 	"tenant_id" uuid NOT NULL,
 	"user_id" uuid NOT NULL,
 	"log_id" uuid NOT NULL,
@@ -25,7 +25,7 @@ CREATE TABLE "notification"."in_app_archive" (
 );
 --> statement-breakpoint
 CREATE TABLE "notification"."log" (
-	"id" uuid DEFAULT gen_random_uuid() NOT NULL,
+	"id" uuid DEFAULT uuidv7() NOT NULL,
 	"tenant_id" uuid NOT NULL,
 	"user_id" uuid NOT NULL,
 	"type" text NOT NULL,
@@ -40,7 +40,7 @@ CREATE TABLE "notification"."log" (
 );
 --> statement-breakpoint
 CREATE TABLE "notification"."preference" (
-	"id" uuid DEFAULT gen_random_uuid() NOT NULL,
+	"id" uuid DEFAULT uuidv7() NOT NULL,
 	"tenant_id" uuid NOT NULL,
 	"user_id" uuid NOT NULL,
 	"type" text NOT NULL,
@@ -56,7 +56,7 @@ CREATE TABLE "notification"."preference" (
 );
 --> statement-breakpoint
 CREATE TABLE "notification"."type" (
-	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"id" uuid PRIMARY KEY DEFAULT uuidv7() NOT NULL,
 	"label" text NOT NULL,
 	"key" text NOT NULL,
 	"throttling" jsonb,
@@ -70,7 +70,7 @@ CREATE TABLE "notification"."type" (
 );
 --> statement-breakpoint
 CREATE TABLE "notification"."web_push_subscription" (
-	"id" uuid DEFAULT gen_random_uuid() NOT NULL,
+	"id" uuid DEFAULT uuidv7() NOT NULL,
 	"tenant_id" uuid NOT NULL,
 	"user_id" uuid NOT NULL,
 	"endpoint" text NOT NULL,

package/notification/server/drizzle/meta/0000_snapshot.json

@@ -1,5 +1,5 @@
 {
-  "id": "23b5cedb-d56a-4f37-b838-fc9874b72ce3",
+  "id": "2c3e8dbf-7a78-43d2-9241-1a34ef49ec60",
   "prevId": "00000000-0000-0000-0000-000000000000",
   "version": "7",
   "dialect": "postgresql",
@@ -13,7 +13,7 @@
           "type": "uuid",
           "primaryKey": false,
           "notNull": true,
-          "default": "gen_random_uuid()"
+          "default": "uuidv7()"
         },
         "tenant_id": {
           "name": "tenant_id",
@@ -233,7 +233,7 @@
           "type": "uuid",
           "primaryKey": false,
           "notNull": true,
-          "default": "gen_random_uuid()"
+          "default": "uuidv7()"
         },
         "tenant_id": {
           "name": "tenant_id",
@@ -375,7 +375,7 @@
           "type": "uuid",
           "primaryKey": false,
           "notNull": true,
-          "default": "gen_random_uuid()"
+          "default": "uuidv7()"
         },
         "tenant_id": {
           "name": "tenant_id",
@@ -516,7 +516,7 @@
           "type": "uuid",
           "primaryKey": false,
           "notNull": true,
-          "default": "gen_random_uuid()"
+          "default": "uuidv7()"
         },
         "tenant_id": {
           "name": "tenant_id",
@@ -648,7 +648,7 @@
           "type": "uuid",
           "primaryKey": true,
           "notNull": true,
-          "default": "gen_random_uuid()"
+          "default": "uuidv7()"
         },
         "label": {
           "name": "label",
@@ -731,7 +731,7 @@
           "type": "uuid",
           "primaryKey": false,
           "notNull": true,
-          "default": "gen_random_uuid()"
+          "default": "uuidv7()"
         },
         "tenant_id": {
           "name": "tenant_id",

package/notification/server/drizzle/meta/_journal.json

@@ -5,8 +5,8 @@
     {
       "idx": 0,
       "version": "7",
-      "when": 1770754328787,
-      "tag": "0000_wise_pyro",
+      "when": 1774646423051,
+      "tag": "0000_new_tenebrous",
       "breakpoints": true
     }
   ]

package/notification/tests/notification-flow.test.js

@@ -11,13 +11,7 @@ import { MailService } from '../../mail/mail.service.js';
 import { getRepository } from '../../orm/server/index.js';
 import { clearTenantData, setupIntegrationTest } from '../../testing/index.js';
 import { InAppNotification, NotificationChannel, NotificationLogEntity, NotificationStatus, WebPushSubscription } from '../models/index.js';
-import { configureNotification } from '../server/module.js';
-import { EmailChannelProvider } from '../server/providers/email-channel-provider.js';
-import { NotificationAncillaryService } from '../server/services/notification-ancillary.service.js';
-import { NotificationDeliveryWorker } from '../server/services/notification-delivery.worker.js';
-import { NotificationSseService } from '../server/services/notification-sse.service.js';
-import { NotificationTypeService } from '../server/services/notification-type.service.js';
-import { NotificationService } from '../server/services/notification.service.js';
+import { configureNotification, EmailChannelProvider, InAppChannelProvider, NotificationAncillaryService, NotificationDeliveryWorker, NotificationService, NotificationSseService, NotificationTypeService } from '../server/index.js';
 let MockNotificationAncillaryService = class MockNotificationAncillaryService extends NotificationAncillaryService {
     async getViewData(_tenantId, notifications) {
         return notifications.map(() => ({}));
@@ -68,7 +62,6 @@ describe('Notification Flow (Integration)', () => {
         webPushRepo = injector.resolve(getRepository(WebPushSubscription));
         // Register providers
         worker.registerProvider(NotificationChannel.Email, injector.resolve(EmailChannelProvider));
-        const InAppChannelProvider = (await import('../server/providers/in-app-channel-provider.js')).InAppChannelProvider;
         worker.registerProvider(NotificationChannel.InApp, injector.resolve(InAppChannelProvider));
     });
     beforeEach(async () => {

package/notification/tests/notification-type.service.test.js

@@ -9,7 +9,7 @@ describe('NotificationTypeService', () => {
         await truncateTables(database, 'notification', ['type']);
     });
     afterEach(async () => {
-        await injector.dispose();
+        await injector?.dispose();
     });
     test('should initialize types correctly', async () => {
         const service = injector.resolve(NotificationTypeService);
@@ -18,7 +18,7 @@ describe('NotificationTypeService', () => {
         const type2 = `${prefix}_TYPE2`;
         const typeData = {
             [type1]: { label: 'Type 1' },
-            [type2]: { label: 'Type 2', throttling: { limit: 1, interval: 1000 } }
+            [type2]: { label: 'Type 2', throttling: { limit: 1, interval: 1000 } },
         };
         const result = await service.initializeTypes(typeData);
         expect(result[type1]?.label).toBe('Type 1');
@@ -30,7 +30,7 @@ describe('NotificationTypeService', () => {
         // Update
         const updatedData = {
             [type1]: { label: 'Type 1 Updated' },
-            [type2]: { label: 'Type 2', throttling: { limit: 1, interval: 1000 } }
+            [type2]: { label: 'Type 2', throttling: { limit: 1, interval: 1000 } },
         };
         const resultUpdated = await service.initializeTypes(updatedData);
         expect(resultUpdated[type1]?.label).toBe('Type 1 Updated');

package/openid-connect/oidc.service.js

@@ -4,15 +4,14 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
     else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
     return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-import { ForbiddenError } from '../errors/forbidden.error.js';
-import { NotImplementedError } from '../errors/not-implemented.error.js';
+import { digest } from '../cryptography/index.js';
+import { ForbiddenError, NotImplementedError } from '../errors/index.js';
 import { HttpClient } from '../http/client/index.js';
 import { HttpHeaders } from '../http/http-headers.js';
 import { inject, Singleton } from '../injector/index.js';
 import { injectRepository } from '../orm/server/index.js';
 import { object, optional, Schema, string } from '../schema/index.js';
 import { Alphabet } from '../utils/alphabet.js';
-import { digest } from '../utils/cryptography.js';
 import { currentTimestamp } from '../utils/date-time.js';
 import { getRandomString } from '../utils/random.js';
 import { assertDefinedPass, isUndefined } from '../utils/type-guards.js';

package/orm/data-types/common.js

@@ -1,4 +1,4 @@
-import { customType, } from 'drizzle-orm/pg-core';
+import { customType } from 'drizzle-orm/pg-core';
 /**
  * Factory function to create a custom Drizzle type with the standard builder overloads.
  * This reduces boilerplate by wrapping `drizzle-orm/pg-core#customType` and applying a common type cast.

package/orm/server/drizzle/schema-converter.js

@@ -5,6 +5,7 @@ import { match, P } from 'ts-pattern';
 import { MultiKeyMap } from '../../../data-structures/multi-key-map.js';
 import { NotSupportedError } from '../../../errors/not-supported.error.js';
 import { JsonPath } from '../../../json-path/json-path.js';
+import { RANDOM_UUID_V7 } from '../../../orm/sqls/sqls.js';
 import { reflectionRegistry } from '../../../reflection/registry.js';
 import { ArraySchema, BooleanSchema, DefaultSchema, EnumerationSchema, getObjectSchema, NullableSchema, NumberSchema, ObjectSchema, OptionalSchema, StringSchema, Uint8ArraySchema } from '../../../schema/index.js';
 import { compareByValueSelectionToOrder, orderRest } from '../../../utils/comparison.js';
@@ -15,7 +16,7 @@ import { typeExtends } from '../../../utils/index.js';
 import { merge } from '../../../utils/merge.js';
 import { compileDereferencer } from '../../../utils/object/dereference.js';
 import { fromEntries, mapObjectKeysToSnakeCase, objectEntries } from '../../../utils/object/object.js';
-import { assertDefined, assertDefinedPass, isArray, isDefined, isNotNull, isNull, isString, isUndefined } from '../../../utils/type-guards.js';
+import { assertDefined, assertDefinedPass, assertUint8ArrayPass, isArray, isDefined, isInstanceOf, isNotNull, isNull, isString, isUndefined } from '../../../utils/type-guards.js';
 import { resolveValueOrProvider } from '../../../utils/value-or-provider.js';
 import { bytea, numericDate, timestamp, tsvector } from '../../data-types/index.js';
 import { TenantBaseEntity, TenantEntity } from '../../entity.js';
@@ -381,16 +382,17 @@ function getPostgresColumnEntries(type, dbSchema, tableName, path = new JsonPath
             return getPostgresColumnEntries(columnReflectionData?.embedded?.type ?? propertyMetadata.type, dbSchema, tableName, path.add(property), nestedPrefix, { ...options, inherited, table }, rootType);
         }
         const encrypted = columnReflectionData?.encrypted == true;
+        const unwrappedSchemaIsUint8Array = isInstanceOf(unwrapSchema(schema).schema, Uint8ArraySchema);
         const toDatabase = encrypted
             ? async (value, context) => {
-                const bytes = encodeUtf8(value);
+                const bytes = isString(value) ? encodeUtf8(value) : assertUint8ArrayPass(value);
                 return await encryptBytes(bytes, context.encryptionKey);
             }
             : (value) => value;
         const fromDatabase = encrypted
             ? async (value, context) => {
                 const decrypted = await decryptBytes(value, context.encryptionKey);
-                return decodeText(decrypted);
+                return unwrappedSchemaIsUint8Array ? decrypted : decodeText(decrypted);
             }
             : (value) => value;
         const prefixedColumnName = [prefix, columnName].join('');
@@ -446,11 +448,14 @@ function getPostgresBaseColumn(columnName, dbSchema, schema, reflectionData, con
     if (isDefined(reflectionData.tsVector)) {
         return tsvector(columnName);
     }
+    return getPgColumnBuilder(columnName, dbSchema, schema, reflectionData, context);
+}
+function getPgColumnBuilder(columnName, dbSchema, schema, _reflectionData, context) {
     return match(schema)
         .with(P.instanceOf(UuidSchema), (s) => {
         let column = uuid(columnName);
         if (s.defaultRandom) {
-            column = column.defaultRandom();
+            column = column.default(RANDOM_UUID_V7);
         }
         return column;
     })

package/orm/server/encryption.js

@@ -3,7 +3,7 @@
  * Provides utility functions for encrypting and decrypting byte arrays using AES-GCM.
  * It includes versioning to handle potential future changes in the encryption format.
  */
-import { decrypt, encrypt } from '../../utils/cryptography.js';
+import { decrypt, encrypt } from '../../cryptography/index.js';
 import { getRandomBytes } from '../../utils/random.js';
 import { assert } from '../../utils/type-guards.js';
 /** Current version of the encryption format. */

package/orm/server/repository.js

@@ -8,6 +8,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
 import { and, asc, count, desc, eq, getTableName, inArray, isNotNull as isSqlNotNull, isNull as isSqlNull, isSQLWrapper, lte, or, SQL, sql } from 'drizzle-orm';
 import { match, P } from 'ts-pattern';
 import { CancellationSignal } from '../../cancellation/token.js';
+import { importSymmetricKey } from '../../cryptography/index.js';
 import { NotFoundError } from '../../errors/not-found.error.js';
 import { Singleton } from '../../injector/decorators.js';
 import { inject, injectArgument } from '../../injector/inject.js';
@@ -16,7 +17,6 @@ import { reflectionRegistry } from '../../reflection/index.js';
 import { distinct, toArray } from '../../utils/array/array.js';
 import { mapAsync } from '../../utils/async-iterable-helpers/map.js';
 import { toArrayAsync } from '../../utils/async-iterable-helpers/to-array.js';
-import { importSymmetricKey } from '../../utils/cryptography.js';
 import { assignDeep, fromEntries, objectEntries, objectKeys } from '../../utils/object/object.js';
 import { toSnakeCase } from '../../utils/string/index.js';
 import { cancelableTimeout } from '../../utils/timing.js';
@@ -57,7 +57,6 @@ let EntityRepository = class EntityRepository extends Transactional {
     #columnDefinitionsMap = this.#context.columnDefinitionsMap ?? getColumnDefinitionsMap(this.#table);
     #primaryKeyColumns = getPrimaryKeyColumns(this.type, this.#table);
     #primaryKeyColumnNames = this.#primaryKeyColumns.map((column) => column.name);
-    #joinedTables = this.#tablesChain.filter((info) => info.table != this.#table).map((info) => info.table);
     #inheritanceMetadata = getInheritanceMetadata(this.type);
     #subclasses = this.#inheritanceMetadata?.subclasses ?? [];
     #subclassTablesInfo = this.#subclasses.map((subclass) => {
@@ -1750,11 +1749,10 @@ let EntityRepository = class EntityRepository extends Transactional {
                 this.#transformContext = {};
                 return this.#transformContext;
             }
-            this.#transformContext = importSymmetricKey('AES-GCM', 256, this.#encryptionSecret, false).then((encryptionKey) => ({ encryptionKey }));
-            const transformContext = await this.#transformContext;
-            this.#transformContext = transformContext;
+            this.#transformContext = importSymmetricKey('raw', { name: 'AES-GCM', length: 256 }, this.#encryptionSecret, false).then((encryptionKey) => ({ encryptionKey }));
+            this.#transformContext = await this.#transformContext;
         }
-        return await this.#transformContext;
+        return this.#transformContext; // eslint-disable-line @typescript-eslint/return-await
     }
     async _mapSearchResults(rows, scoreTransformer = (s) => s, options) {
         const transformContext = await this.getTransformContext();

package/orm/tests/encryption.test.js

@@ -1,18 +1,16 @@
 import { describe, expect, test } from 'vitest';
+import { generateSymmetricKey } from '../../cryptography/index.js';
 import { decryptBytes, encryptBytes } from '../server/encryption.js';
 describe('ORM Encryption', () => {
-    async function generateKey() {
-        return await globalThis.crypto.subtle.generateKey({ name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt']);
-    }
     test('should encrypt and decrypt correctly', async () => {
-        const key = await generateKey();
+        const key = await generateSymmetricKey({ name: 'AES-GCM', length: 256 }, true);
         const data = new TextEncoder().encode('Hello, ORM Encryption!');
         const encrypted = await encryptBytes(data, key);
         const decrypted = await decryptBytes(encrypted, key);
         expect(new TextDecoder().decode(decrypted)).toBe('Hello, ORM Encryption!');
     });
     test('should throw Error on corrupted data', async () => {
-        const key = await generateKey();
+        const key = await generateSymmetricKey({ name: 'AES-GCM', length: 256 }, true);
         const data = new TextEncoder().encode('Corrupt me');
         const encrypted = await encryptBytes(data, key);
         // Corrupt the ciphertext (last byte)
@@ -22,7 +20,7 @@ describe('ORM Encryption', () => {
         await expect(decryptBytes(encrypted, key)).rejects.toThrow('Decryption failed.');
     });
     test('should throw error on invalid version', async () => {
-        const key = await generateKey();
+        const key = await generateSymmetricKey({ name: 'AES-GCM', length: 256 }, true);
         const data = new TextEncoder().encode('Wrong version');
         const encrypted = await encryptBytes(data, key);
         // Corrupt version byte (set to a very high number)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tstdl/base",
-  "version": "0.93.178",
+  "version": "0.93.179",
   "author": "Patrick Hein",
   "publishConfig": {
     "access": "public"
@@ -53,6 +53,7 @@
     "./circuit-breaker": "./circuit-breaker/index.js",
     "./circuit-breaker/postgres": "./circuit-breaker/postgres/index.js",
     "./cookie": "./cookie/index.js",
+    "./cryptography": "./cryptography/index.js",
     "./css": "./css/index.js",
     "./data-structures": "./data-structures/index.js",
     "./decorators": "./decorators/index.js",
@@ -152,9 +153,9 @@
     "type-fest": "^5.5"
   },
   "peerDependencies": {
-    "@aws-sdk/client-s3": "^3.1015",
-    "@aws-sdk/s3-request-presigner": "^3.1015",
-    "@genkit-ai/google-genai": "^1.30",
+    "@aws-sdk/client-s3": "^3.1020",
+    "@aws-sdk/s3-request-presigner": "^3.1020",
+    "@genkit-ai/google-genai": "^1.31",
     "@google-cloud/storage": "^7.19",
     "@toon-format/toon": "^2.1.0",
     "@tstdl/angular": "^0.93",
@@ -163,8 +164,8 @@
     "@zxcvbn-ts/language-de": "^3.0",
     "@zxcvbn-ts/language-en": "^3.0",
     "drizzle-orm": "^0.45",
-    "file-type": "^21.3",
-    "genkit": "^1.30",
+    "file-type": "^22.0",
+    "genkit": "^1.31",
     "handlebars": "^4.7",
     "mjml": "^4.18",
     "nodemailer": "^8.0",
@@ -195,14 +196,14 @@
     "@vitest/ui": "4.1",
     "concurrently": "9.2",
     "drizzle-kit": "0.31",
-    "eslint": "9.39",
+    "eslint": "10.1",
     "globals": "17.4",
     "tsc-alias": "1.8",
     "typedoc-github-wiki-theme": "2.1",
     "typedoc-plugin-markdown": "4.11",
     "typedoc-plugin-missing-exports": "4.1",
     "typescript": "5.9",
-    "typescript-eslint": "8.57",
+    "typescript-eslint": "8.58",
     "vitest": "4.1"
   }
 }

package/password/README.md

@@ -135,7 +135,7 @@ export const myApiDefinition = defineApi({
 
 ### Authentication Integration
 
-This module is used by the `@tstdl/base/authentication` framework to enforce password requirements during registration or password changes. See `AuthenticationSecretRequirementsValidator` for more details on how to customize these checks in your application.
+This module is used by the `@tstdl/base/authentication` framework to enforce password requirements during registration or password changes. See `AuthenticationPasswordRequirementsValidator` for more details on how to customize these checks in your application.
 
 ## 📚 API
 

package/password/have-i-been-pwned.js

@@ -1,4 +1,4 @@
-import { digest } from '../utils/cryptography.js';
+import { digest } from '../cryptography/index.js';
 const urlBase = 'https://api.pwnedpasswords.com';
 /**
  * Checks password against https://haveibeenpwned.com/passwords

package/rate-limit/postgres/drizzle/{0000_watery_rage.sql → 0000_serious_sauron.sql}

@@ -1,5 +1,5 @@
 CREATE TABLE "rate_limit"."rate_limit" (
-	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"id" uuid PRIMARY KEY DEFAULT uuidv7() NOT NULL,
 	"resource" text NOT NULL,
 	"tokens" double precision NOT NULL,
 	"last_refill_timestamp" timestamp with time zone NOT NULL,

package/rate-limit/postgres/drizzle/meta/0000_snapshot.json

@@ -1,5 +1,5 @@
 {
-  "id": "0270ac12-b454-4601-b7e9-f825d71b1f4e",
+  "id": "7e627538-45f2-41c1-991c-f40ad4f76787",
   "prevId": "00000000-0000-0000-0000-000000000000",
   "version": "7",
   "dialect": "postgresql",
@@ -13,7 +13,7 @@
           "type": "uuid",
           "primaryKey": true,
           "notNull": true,
-          "default": "gen_random_uuid()"
+          "default": "uuidv7()"
         },
         "resource": {
           "name": "resource",

package/rate-limit/postgres/drizzle/meta/_journal.json

@@ -5,8 +5,8 @@
     {
       "idx": 0,
       "version": "7",
-      "when": 1768608042456,
-      "tag": "0000_watery_rage",
+      "when": 1774646421753,
+      "tag": "0000_serious_sauron",
       "breakpoints": true
     }
   ]

package/rate-limit/postgres/postgres-rate-limiter.d.ts

@@ -8,7 +8,7 @@ export declare class PostgresRateLimiter extends RateLimiter {
     readonly refillInterval: number;
     readonly refillRate: number;
     tryAcquire(resource: string, cost?: number, options?: Partial<RateLimiterConfig>): Promise<boolean>;
-    refund(resource: string, amount: number, options?: Partial<Pick<RateLimiterConfig, 'burstCapacity'>>): Promise<void>;
+    refund(resource: string, amount?: number, options?: Partial<Pick<RateLimiterConfig, 'burstCapacity'>>): Promise<void>;
     protected getTransactionalContextData(): PostgresRateLimiterContext;
 }
 export {};

package/rate-limit/postgres/postgres-rate-limiter.js

@@ -41,7 +41,7 @@ let PostgresRateLimiter = class PostgresRateLimiter extends RateLimiter {
         const result = await this.#repository.tryUpsert('resource', { resource, tokens: burstCapacity - cost, lastRefillTimestamp: TRANSACTION_TIMESTAMP }, { tokens: sql `${newTokensExpression} - ${cost}`, lastRefillTimestamp: TRANSACTION_TIMESTAMP }, { set: gte(newTokensExpression, cost) });
         return isDefined(result);
     }
-    async refund(resource, amount, options) {
+    async refund(resource, amount = 1, options) {
         if (amount <= 0) {
             return;
         }

package/rate-limit/rate-limiter.d.ts

@@ -31,5 +31,5 @@ export declare abstract class RateLimiter extends Transactional implements Resol
      * @param amount The number of tokens to refund.
      * @param options Optional configuration overrides for this refund.
      */
-    abstract refund(resource: string, amount: number, options?: Partial<Pick<RateLimiterConfig, 'burstCapacity'>>): Promise<void>;
+    abstract refund(resource: string, amount?: number, options?: Partial<Pick<RateLimiterConfig, 'burstCapacity'>>): Promise<void>;
 }