@veloxts/router 0.7.0 → 0.7.2

package/CHANGELOG.md

@@ -1,5 +1,23 @@
 # @veloxts/router
 
+## 0.7.2
+
+### Patch Changes
+
+- chore(auth,core,create,cli,client,orm,mcp,router,validation,web): simplify code for clarity and maintainability
+- Updated dependencies
+  - @veloxts/core@0.7.2
+  - @veloxts/validation@0.7.2
+
+## 0.7.1
+
+### Patch Changes
+
+- security audit, bumps dependency packages
+- Updated dependencies
+  - @veloxts/core@0.7.1
+  - @veloxts/validation@0.7.1
+
 ## 0.7.0
 
 ### Minor Changes

package/dist/discovery/loader.js

@@ -9,7 +9,9 @@
 import fs from 'node:fs/promises';
 import path from 'node:path';
 import { pathToFileURL } from 'node:url';
+import { createLogger } from '@veloxts/core';
 import { isProcedureCollection } from '../procedure/builder.js';
+const log = createLogger('router');
 import { directoryNotFound, fileLoadError, invalidExport, noProceduresFound, permissionDenied, } from './errors.js';
 import { DiscoveryErrorCode, } from './types.js';
 // ============================================================================
@@ -113,7 +115,7 @@ export async function discoverProceduresVerbose(searchPath, options = {}) {
             });
             // Log warning if mode is 'warn'
             if (onInvalidExport === 'warn') {
-                console.warn(`[Discovery Warning] ${file}: ${result.message}`);
+                log.warn(`[Discovery Warning] ${file}: ${result.message}`);
             }
         }
     }

package/dist/openapi/generator.js

@@ -201,6 +201,42 @@ function hasProperties(schema) {
 // ============================================================================
 // Response Generation
 // ============================================================================
+/**
+ * Creates a standard error response schema with the given example code
+ *
+ * @param exampleCode - Example error code (e.g., 'VALIDATION_ERROR', 'NOT_FOUND')
+ * @param extraProperties - Additional properties on the error object (e.g., details)
+ */
+function createErrorSchema(exampleCode, extraProperties) {
+    return {
+        type: 'object',
+        properties: {
+            error: {
+                type: 'object',
+                properties: {
+                    code: { type: 'string', example: exampleCode },
+                    message: { type: 'string' },
+                    ...extraProperties,
+                },
+                required: ['code', 'message'],
+            },
+        },
+        required: ['error'],
+    };
+}
+/**
+ * Creates a standard error response with the given description and example code
+ */
+function createErrorResponse(description, exampleCode) {
+    return {
+        description,
+        content: {
+            'application/json': {
+                schema: createErrorSchema(exampleCode),
+            },
+        },
+    };
+}
 /**
  * Builds response definitions for an operation
  */
@@ -211,7 +247,6 @@ function buildResponses(method, outputSchema, hasAuth) {
     const successDescription = getSuccessDescription(method);
     // Success response
     if (successCode === '204') {
-        // No content
         responses['204'] = { description: successDescription };
     }
     else {
@@ -224,120 +259,26 @@ function buildResponses(method, outputSchema, hasAuth) {
             }),
         };
     }
-    // Error responses
+    // Validation error
     responses['400'] = {
         description: 'Bad Request - Validation error',
         content: {
             'application/json': {
-                schema: {
-                    type: 'object',
-                    properties: {
-                        error: {
-                            type: 'object',
-                            properties: {
-                                code: { type: 'string', example: 'VALIDATION_ERROR' },
-                                message: { type: 'string' },
-                                details: { type: 'object' },
-                            },
-                            required: ['code', 'message'],
-                        },
-                    },
-                    required: ['error'],
-                },
+                schema: createErrorSchema('VALIDATION_ERROR', { details: { type: 'object' } }),
             },
         },
     };
     // Auth-related responses
     if (hasAuth) {
-        responses['401'] = {
-            description: 'Unauthorized - Authentication required',
-            content: {
-                'application/json': {
-                    schema: {
-                        type: 'object',
-                        properties: {
-                            error: {
-                                type: 'object',
-                                properties: {
-                                    code: { type: 'string', example: 'UNAUTHORIZED' },
-                                    message: { type: 'string' },
-                                },
-                                required: ['code', 'message'],
-                            },
-                        },
-                        required: ['error'],
-                    },
-                },
-            },
-        };
-        responses['403'] = {
-            description: 'Forbidden - Insufficient permissions',
-            content: {
-                'application/json': {
-                    schema: {
-                        type: 'object',
-                        properties: {
-                            error: {
-                                type: 'object',
-                                properties: {
-                                    code: { type: 'string', example: 'FORBIDDEN' },
-                                    message: { type: 'string' },
-                                },
-                                required: ['code', 'message'],
-                            },
-                        },
-                        required: ['error'],
-                    },
-                },
-            },
-        };
+        responses['401'] = createErrorResponse('Unauthorized - Authentication required', 'UNAUTHORIZED');
+        responses['403'] = createErrorResponse('Forbidden - Insufficient permissions', 'FORBIDDEN');
     }
     // Not found for single-resource operations
     if (['GET', 'PUT', 'PATCH', 'DELETE'].includes(method)) {
-        responses['404'] = {
-            description: 'Not Found - Resource does not exist',
-            content: {
-                'application/json': {
-                    schema: {
-                        type: 'object',
-                        properties: {
-                            error: {
-                                type: 'object',
-                                properties: {
-                                    code: { type: 'string', example: 'NOT_FOUND' },
-                                    message: { type: 'string' },
-                                },
-                                required: ['code', 'message'],
-                            },
-                        },
-                        required: ['error'],
-                    },
-                },
-            },
-        };
+        responses['404'] = createErrorResponse('Not Found - Resource does not exist', 'NOT_FOUND');
     }
     // Internal server error
-    responses['500'] = {
-        description: 'Internal Server Error',
-        content: {
-            'application/json': {
-                schema: {
-                    type: 'object',
-                    properties: {
-                        error: {
-                            type: 'object',
-                            properties: {
-                                code: { type: 'string', example: 'INTERNAL_ERROR' },
-                                message: { type: 'string' },
-                            },
-                            required: ['code', 'message'],
-                        },
-                    },
-                    required: ['error'],
-                },
-            },
-        },
-    };
+    responses['500'] = createErrorResponse('Internal Server Error', 'INTERNAL_ERROR');
     return responses;
 }
 /**

package/dist/openapi/path-extractor.js

@@ -97,7 +97,7 @@ export function parsePathParameters(path, schemas) {
  * @returns True if path contains parameters
  */
 export function hasPathParameters(path) {
-    return PATH_PARAM_REGEX.test(path);
+    return path.includes(':');
 }
 /**
  * Extracts query parameters from a JSON Schema

package/dist/openapi/schema-converter.js

@@ -5,7 +5,9 @@
  *
  * @module @veloxts/router/openapi/schema-converter
  */
+import { createLogger } from '@veloxts/core';
 import { z } from 'zod';
+const log = createLogger('router');
 /**
  * Maps our target names to Zod 4's native `z.toJSONSchema()` target names.
  *
@@ -65,7 +67,7 @@ export function zodSchemaToJsonSchema(schema, options = {}) {
     }
     catch (error) {
         // Log error but don't fail - return a generic schema
-        console.warn('[VeloxTS] Failed to convert Zod schema to JSON Schema:', error);
+        log.warn('Failed to convert Zod schema to JSON Schema:', error);
         return { type: 'object' };
     }
 }

package/dist/procedure/builder.js

@@ -199,26 +199,6 @@ function createBuilder(state) {
         mutation(handler) {
             return compileProcedure('mutation', handler, state);
         },
-        /**
-         * Sets the output type based on a resource schema
-         *
-         * Accepts either a plain `ResourceSchema` or a tagged schema
-         * (e.g., `UserSchema.authenticated`) for declarative auto-projection.
-         *
-         * @example
-         * ```typescript
-         * // Tagged schema — auto-projects to authenticated fields
-         * procedure()
-         *   .guard(authenticated)
-         *   .resource(UserSchema.authenticated)
-         *   .query(handler);
-         *
-         * // Plain schema — defaults to public, or derives from guardNarrow
-         * procedure()
-         *   .resource(UserSchema)
-         *   .query(handler);
-         * ```
-         */
         /**
          * Sets the output type based on a resource schema
          *
@@ -248,9 +228,7 @@ function compileProcedure(type, handler, state) {
     const typedMiddlewares = state.middlewares;
     // Pre-compile the middleware chain executor if middlewares exist
     // This avoids rebuilding the chain on every request
-    const precompiledExecutor = typedMiddlewares.length > 0
-        ? createPrecompiledMiddlewareExecutor(typedMiddlewares, handler)
-        : undefined;
+    const precompiledExecutor = typedMiddlewares.length > 0 ? createMiddlewareExecutor(typedMiddlewares, handler) : undefined;
     // Create the final procedure object
     return {
         type,
@@ -272,18 +250,6 @@ function compileProcedure(type, handler, state) {
         _resourceLevel: state.resourceLevel,
     };
 }
-/**
- * Creates a pre-compiled middleware chain executor
- *
- * PERFORMANCE: This function builds the middleware chain once during procedure
- * compilation, creating a single reusable function that executes the entire chain.
- * This eliminates the need to rebuild closures on every request.
- *
- * @internal
- */
-function createPrecompiledMiddlewareExecutor(middlewares, handler) {
-    return createMiddlewareExecutor(middlewares, handler);
-}
 /**
  * Defines a collection of procedures under a namespace
  *
@@ -477,7 +443,7 @@ export async function executeProcedure(procedure, rawInput, ctx) {
     }
     else {
         // Fallback: Build middleware chain dynamically (should not normally happen)
-        result = await executeMiddlewareChainFallback(procedure.middlewares, input, ctxWithLevel, async () => procedure.handler({ input, ctx: ctxWithLevel }));
+        result = await executeMiddlewareChain(procedure.middlewares, input, ctxWithLevel, async () => procedure.handler({ input, ctx: ctxWithLevel }));
     }
     // Step 4: Auto-project if resource schema is set
     if (procedure._resourceSchema) {
@@ -508,17 +474,6 @@ export async function executeProcedure(procedure, rawInput, ctx) {
     }
     return result;
 }
-/**
- * Fallback middleware chain executor for edge cases
- *
- * This function is only used when _precompiledExecutor is not available,
- * which should be rare in normal operation.
- *
- * @internal
- */
-async function executeMiddlewareChainFallback(middlewares, input, ctx, handler) {
-    return executeMiddlewareChain(middlewares, input, ctx, handler);
-}
 // ============================================================================
 // Type Utilities
 // ============================================================================

package/dist/rest/adapter.js

@@ -7,7 +7,8 @@
  *
  * @module rest/adapter
  */
-import { ConfigurationError } from '@veloxts/core';
+import { ConfigurationError, createLogger } from '@veloxts/core';
+const log = createLogger('router');
 import { executeProcedure } from '../procedure/builder.js';
 import { buildMultiLevelNestedPath, buildNestedRestPath, buildRestPath, calculateNestingDepth, parseNamingConvention, } from './naming.js';
 /** Default nesting depth threshold for warnings */
@@ -35,7 +36,7 @@ export function generateRestRoutes(collection, options = {}) {
             if (nestingWarnings) {
                 const depth = calculateNestingDepth(procedure.parentResource, procedure.parentResources);
                 if (depth >= NESTING_DEPTH_WARNING_THRESHOLD) {
-                    console.warn(`⚠️  Resource '${collection.namespace}/${name}' has ${depth} levels of nesting. ` +
+                    log.warn(`Resource '${collection.namespace}/${name}' has ${depth} levels of nesting. ` +
                         `Consider using shortcuts: true or restructuring your API.`);
                 }
             }
@@ -221,10 +222,8 @@ function gatherInput(request, route) {
         (route.procedure.parentResources !== undefined && route.procedure.parentResources.length > 0);
     switch (route.method) {
         case 'GET':
-            // GET: params (for :id and all parent params) + query (for filters/pagination)
-            return { ...params, ...query };
         case 'DELETE':
-            // DELETE: params (for :id and all parent params) + query (for options), no body per REST conventions
+            // GET/DELETE: params (for :id and all parent params) + query (for filters/pagination/options)
             return { ...params, ...query };
         case 'PUT':
         case 'PATCH':
@@ -319,24 +318,7 @@ export function registerRestRoutes(server, collections, options = {}) {
             // When used in legacy mode, we prepend the prefix manually.
             const fullPath = _prefixHandledByFastify ? route.path : `${prefix}${route.path}`;
             const handler = createRouteHandler(route);
-            // Register route based on method
-            switch (route.method) {
-                case 'GET':
-                    server.get(fullPath, handler);
-                    break;
-                case 'POST':
-                    server.post(fullPath, handler);
-                    break;
-                case 'PUT':
-                    server.put(fullPath, handler);
-                    break;
-                case 'PATCH':
-                    server.patch(fullPath, handler);
-                    break;
-                case 'DELETE':
-                    server.delete(fullPath, handler);
-                    break;
-            }
+            server.route({ method: route.method, url: fullPath, handler });
         }
     }
 }

package/dist/trpc/adapter.js

@@ -86,38 +86,22 @@ function buildTRPCProcedure(t, procedure) {
     if (procedure.outputSchema) {
         builder = builder.output(procedure.outputSchema);
     }
-    // Select handler based on whether input is expected
-    const handler = procedure.inputSchema
-        ? createHandler(procedure)
-        : createNoInputHandler(procedure);
+    // Create handler that works with or without input
+    const handler = createProcedureHandler(procedure);
     // Finalize as query or mutation
     return procedure.type === 'query' ? builder.query(handler) : builder.mutation(handler);
 }
 /**
- * Create a handler function for a procedure with input
+ * Create a tRPC handler function from a compiled procedure
  *
- * @internal
- */
-function createHandler(procedure) {
-    return async (opts) => {
-        const { input, ctx } = opts;
-        // Execute middleware chain if any
-        if (procedure.middlewares.length > 0) {
-            return executeWithMiddleware(procedure, input, ctx);
-        }
-        // Direct handler execution
-        return procedure.handler({ input, ctx });
-    };
-}
-/**
- * Create a handler function for a procedure without input
+ * Works for both procedures with and without input schemas.
  *
  * @internal
  */
-function createNoInputHandler(procedure) {
+function createProcedureHandler(procedure) {
     return async (opts) => {
         const { ctx } = opts;
-        const input = undefined;
+        const input = opts.input ?? undefined;
         // Execute middleware chain if any
         if (procedure.middlewares.length > 0) {
             return executeWithMiddleware(procedure, input, ctx);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@veloxts/router",
-  "version": "0.7.0",
+  "version": "0.7.2",
   "description": "Procedure definitions with tRPC and REST routing for VeloxTS framework",
   "type": "module",
   "main": "dist/index.js",
@@ -37,14 +37,14 @@
     }
   },
   "dependencies": {
-    "@trpc/server": "11.9.0",
+    "@trpc/server": "11.10.0",
     "fastify": "5.7.4",
-    "@veloxts/core": "0.7.0",
-    "@veloxts/validation": "0.7.0"
+    "@veloxts/validation": "0.7.2",
+    "@veloxts/core": "0.7.2"
   },
   "devDependencies": {
     "@vitest/coverage-v8": "4.0.18",
-    "esbuild": "0.27.2",
+    "esbuild": "0.27.3",
     "typescript": "5.9.3",
     "vite": "7.3.1",
     "vitest": "4.0.18",