@vivero/stoma 0.1.0-rc.10

package/dist/core/types.d.ts

@@ -0,0 +1,252 @@
+import { Context, Hono } from 'hono';
+import { P as Policy, G as GatewayAdapter } from '../protocol-2fD3DJrL.js';
+import { MetricsCollector } from '../observability/metrics.js';
+import { TracingConfig } from '../observability/tracing.js';
+import '../policies/sdk/trace.js';
+import '@vivero/stoma-core';
+
+/**
+ * Core type definitions for the stoma gateway.
+ *
+ * All gateway configuration is expressed through these types. The main entry
+ * point is {@link GatewayConfig}, which composes {@link RouteConfig},
+ * {@link PipelineConfig}, and {@link UpstreamConfig} into a fully declarative
+ * gateway specification.
+ *
+ * @module types
+ */
+
+/**
+ * Top-level gateway configuration.
+ *
+ * @typeParam TBindings - Worker bindings type (e.g. your `Env` interface).
+ *   Defaults to `Record<string, unknown>` so `service` on
+ *   {@link ServiceBindingUpstream} accepts any string. When you pass your
+ *   own Env type, `service` autocompletes to valid binding names.
+ */
+interface GatewayConfig<TBindings = Record<string, unknown>> {
+    /** Gateway name, used in logs and metrics */
+    name?: string;
+    /** Base path prefix for all routes (e.g. "/api") */
+    basePath?: string;
+    /** Route definitions */
+    routes: RouteConfig<TBindings>[];
+    /** Global policies applied to all routes */
+    policies?: Policy[];
+    /** Global error handler */
+    onError?: (error: Error, c: Context) => Response | Promise<Response>;
+    /**
+     * Enable internal debug logging for gateway operators.
+     *
+     * - `true` - log all namespaces
+     * - `false` / `undefined` - disabled (default, zero overhead)
+     * - `string` - comma-separated glob patterns to filter namespaces
+     *
+     * Namespaces: `stoma:gateway`, `stoma:pipeline`, `stoma:upstream`,
+     * `stoma:policy:*` (e.g. `stoma:policy:cache`, `stoma:policy:jwt-auth`)
+     *
+     * Output goes to `console.debug()` which is captured by `wrangler tail`
+     * and Cloudflare Workers Logs.
+     *
+     * @example
+     * ```ts
+     * createGateway({ debug: true, ... })                         // everything
+     * createGateway({ debug: "stoma:gateway,stoma:upstream", ... }) // core only
+     * createGateway({ debug: "stoma:policy:*", ... })              // policies only
+     * ```
+     */
+    debug?: boolean | string;
+    /** Response header name for the request ID. Default: `"x-request-id"`. */
+    requestIdHeader?: string;
+    /**
+     * Default HTTP methods for routes that don't specify `methods`.
+     * Default: `["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"]`.
+     */
+    defaultMethods?: HttpMethod[];
+    /** Default error message for unexpected (non-GatewayError) errors. Default: `"An unexpected error occurred"`. */
+    defaultErrorMessage?: string;
+    /** Default priority for policies that don't specify one. Default: `100`. */
+    defaultPolicyPriority?: number;
+    /**
+     * Runtime adapter providing store implementations and runtime-specific capabilities
+     * (e.g. `waitUntil`, `dispatchBinding`). Created via adapter factories like
+     * `cloudflareAdapter()`, `memoryAdapter()`, etc.
+     */
+    adapter?: GatewayAdapter;
+    /**
+     * Admin introspection API. Exposes `___gateway/*` routes for operational visibility.
+     *
+     * - `true` - enable with defaults (no auth)
+     * - `AdminConfig` object - full customization
+     * - `false` / `undefined` - disabled (default)
+     */
+    admin?: boolean | AdminConfig;
+    /**
+     * Enable client-requested debug headers.
+     *
+     * When enabled, clients can send an `x-stoma-debug` request header listing
+     * the debug values they want returned as response headers. Policies contribute
+     * debug data via {@link setDebugHeader} from the SDK - only requested values
+     * are included in the response.
+     *
+     * - `true` - enable with defaults
+     * - `DebugHeadersConfig` - full customization (request header name, allowlist)
+     * - `false` / `undefined` - disabled (default, zero overhead)
+     *
+     * @example
+     * ```
+     * // Client request:
+     * GET /api/users
+     * x-stoma-debug: x-stoma-cache-key, x-stoma-cache-ttl
+     *
+     * // Response includes:
+     * x-stoma-cache-key: GET:http://example.com/api/users
+     * x-stoma-cache-ttl: 300
+     * ```
+     */
+    debugHeaders?: boolean | DebugHeadersConfig;
+    /**
+     * OpenTelemetry-compatible distributed tracing.
+     *
+     * When configured, the gateway creates a root SERVER span per request,
+     * INTERNAL child spans per policy, and CLIENT child spans for upstream
+     * calls. Spans are exported asynchronously via `adapter.waitUntil()`.
+     *
+     * Zero overhead when not configured - no span objects are allocated.
+     *
+     * @example
+     * ```ts
+     * import { createGateway, OTLPSpanExporter } from "@vivero/stoma";
+     *
+     * createGateway({
+     *   tracing: {
+     *     exporter: new OTLPSpanExporter({ endpoint: "https://otel-collector/v1/traces" }),
+     *     serviceName: "my-api",
+     *     sampleRate: 0.1,
+     *   },
+     *   // ...routes
+     * });
+     * ```
+     */
+    tracing?: TracingConfig;
+}
+/** Configuration for client-requested debug headers. */
+interface DebugHeadersConfig {
+    /** Request header name clients use to request debug values. Default: `"x-stoma-debug"`. */
+    requestHeader?: string;
+    /** Allowlist of debug header names clients can request. When set, only these headers are emitted. Default: all. */
+    allow?: string[];
+}
+/**
+ * Individual route configuration.
+ *
+ * @typeParam TBindings - Worker bindings type, propagated from {@link GatewayConfig}.
+ */
+interface RouteConfig<TBindings = Record<string, unknown>> {
+    /** Route path pattern (Hono syntax, e.g. "/users/:id") */
+    path: string;
+    /** Allowed HTTP methods. Defaults to all. */
+    methods?: HttpMethod[];
+    /** Pipeline to process this route */
+    pipeline: PipelineConfig<TBindings>;
+    /** Route-level metadata for logging/observability */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Pipeline: ordered chain of policies leading to an upstream.
+ *
+ * @typeParam TBindings - Worker bindings type, propagated from {@link RouteConfig}.
+ */
+interface PipelineConfig<TBindings = Record<string, unknown>> {
+    /** Policies executed in order before the upstream */
+    policies?: Policy[];
+    /** Upstream target configuration */
+    upstream: UpstreamConfig<TBindings>;
+}
+/**
+ * Upstream target - where the request is forwarded.
+ *
+ * @typeParam TBindings - Worker bindings type, constrains {@link ServiceBindingUpstream.service}.
+ */
+type UpstreamConfig<TBindings = Record<string, unknown>> = UrlUpstream | ServiceBindingUpstream<TBindings> | HandlerUpstream;
+/**
+ * Proxy to a remote URL. The gateway clones the request, rewrites headers,
+ * and forwards it via `fetch()`. SSRF protection ensures the rewritten URL
+ * stays on the same origin as the target.
+ */
+interface UrlUpstream {
+    type: "url";
+    /** Target URL (e.g. `"https://api.example.com"`). Validated at config time. */
+    target: string;
+    /** Rewrite the path before forwarding. Must not change the origin. */
+    rewritePath?: (path: string) => string;
+    /** Headers to add/override on the forwarded request. */
+    headers?: Record<string, string>;
+}
+/**
+ * Forward to another Cloudflare Worker via a Service Binding.
+ * The binding must be configured in the consumer's `wrangler.jsonc`.
+ *
+ * @typeParam TBindings - Worker bindings type. When provided, `service`
+ *   autocompletes to valid binding names from your Env interface.
+ */
+interface ServiceBindingUpstream<TBindings = Record<string, unknown>> {
+    type: "service-binding";
+    /** Name of the Service Binding in `wrangler.jsonc` (e.g. `"AUTH_SERVICE"`). */
+    service: Extract<keyof TBindings, string>;
+    /** Rewrite the path before forwarding to the bound service. */
+    rewritePath?: (path: string) => string;
+}
+/**
+ * Invoke a custom handler function directly. Useful for health checks,
+ * mock responses, or routes that don't proxy to an upstream.
+ */
+interface HandlerUpstream {
+    type: "handler";
+    /** Handler function receiving the Hono context and returning a Response. */
+    handler: (c: Context) => Response | Promise<Response>;
+}
+/** HTTP methods supported by gateway route registration. */
+type HttpMethod = "GET" | "POST" | "PUT" | "PATCH" | "DELETE" | "HEAD" | "OPTIONS";
+/** Configuration for the admin introspection API. */
+interface AdminConfig {
+    /** Enable admin routes. Default: `false`. */
+    enabled: boolean;
+    /** Path prefix for admin routes. Default: `"___gateway"`. */
+    prefix?: string;
+    /** Optional auth check - return `false` to deny access. */
+    auth?: (c: Context) => boolean | Promise<boolean>;
+    /** MetricsCollector instance for the `/metrics` endpoint. */
+    metrics?: MetricsCollector;
+}
+/** Registered route information for admin introspection. */
+interface RegisteredRoute {
+    path: string;
+    methods: string[];
+    policyNames: string[];
+    upstreamType: string;
+}
+/** Registered policy information for admin introspection. */
+interface RegisteredPolicy {
+    name: string;
+    priority: number;
+}
+/** Internal registry for admin introspection. */
+interface GatewayRegistry {
+    routes: RegisteredRoute[];
+    policies: RegisteredPolicy[];
+    gatewayName: string;
+}
+/** The instantiated gateway - a configured Hono app */
+interface GatewayInstance {
+    /** The underlying Hono app, ready to be exported as a Worker */
+    app: Hono;
+    /** Registered route count */
+    routeCount: number;
+    /** Gateway name */
+    name: string;
+    /** Internal registry for admin introspection */
+    _registry: GatewayRegistry;
+}
+
+export type { AdminConfig, DebugHeadersConfig, GatewayConfig, GatewayInstance, GatewayRegistry, HandlerUpstream, HttpMethod, PipelineConfig, RegisteredPolicy, RegisteredRoute, RouteConfig, ServiceBindingUpstream, UpstreamConfig, UrlUpstream };

package/dist/core/types.js

@@ -0,0 +1 @@
+//# sourceMappingURL=types.js.map

package/dist/core/types.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/index.d.ts

@@ -0,0 +1,57 @@
+export { A as AttributeMutation, B as BodyMutation, C as CacheStore, a as CircuitBreakerSnapshot, b as CircuitBreakerStore, c as CircuitState, G as GatewayAdapter, H as HeaderMutation, I as InMemoryCacheStore, d as InMemoryCacheStoreOptions, e as InMemoryCircuitBreakerStore, f as InMemoryRateLimitStoreOptions, M as Mutation, P as Policy, g as PolicyConfig, h as PolicyContext, i as PolicyContinue, j as PolicyEvalContext, k as PolicyEvaluator, l as PolicyImmediateResponse, m as PolicyInput, n as PolicyReject, o as PolicyResult, p as ProcessingPhase, q as ProtocolType, R as RateLimitStore, S as StatusMutation, r as cache, s as circuitBreaker, t as rateLimit } from './protocol-2fD3DJrL.js';
+export { ErrorResponse, GatewayError, defaultErrorResponse, errorToResponse } from './core/errors.js';
+export { createGateway } from './core/gateway.js';
+export { getGatewayContext } from './core/pipeline.js';
+export { ScopeConfig, scope } from './core/scope.js';
+export { AdminConfig, DebugHeadersConfig, GatewayConfig, GatewayInstance, GatewayRegistry, HandlerUpstream, HttpMethod, PipelineConfig, RegisteredPolicy, RegisteredRoute, RouteConfig, ServiceBindingUpstream, UpstreamConfig, UrlUpstream } from './core/types.js';
+export { mock } from './policies/mock.js';
+export { proxy } from './policies/proxy.js';
+export { apiKeyAuth } from './policies/auth/api-key-auth.js';
+export { basicAuth } from './policies/auth/basic-auth.js';
+export { clearJwksCache } from './policies/auth/crypto.js';
+export { generateHttpSignature } from './policies/auth/generate-http-signature.js';
+export { generateJwt } from './policies/auth/generate-jwt.js';
+export { jws } from './policies/auth/jws.js';
+export { jwtAuth } from './policies/auth/jwt-auth.js';
+export { oauth2 } from './policies/auth/oauth2.js';
+export { rbac } from './policies/auth/rbac.js';
+export { verifyHttpSignature } from './policies/auth/verify-http-signature.js';
+export { dynamicRouting } from './policies/traffic/dynamic-routing.js';
+export { geoIpFilter } from './policies/traffic/geo-ip-filter.js';
+export { httpCallout } from './policies/traffic/http-callout.js';
+export { interrupt } from './policies/traffic/interrupt.js';
+export { ipFilter } from './policies/traffic/ip-filter.js';
+export { jsonThreatProtection } from './policies/traffic/json-threat-protection.js';
+export { regexThreatProtection } from './policies/traffic/regex-threat-protection.js';
+export { requestLimit } from './policies/traffic/request-limit.js';
+export { resourceFilter } from './policies/traffic/resource-filter.js';
+export { sslEnforce } from './policies/traffic/ssl-enforce.js';
+export { trafficShadow } from './policies/traffic/traffic-shadow.js';
+export { latencyInjection } from './policies/resilience/latency-injection.js';
+export { retry } from './policies/resilience/retry.js';
+export { timeout } from './policies/resilience/timeout.js';
+export { assignAttributes } from './policies/transform/assign-attributes.js';
+export { assignContent } from './policies/transform/assign-content.js';
+export { cors } from './policies/transform/cors.js';
+export { jsonValidation } from './policies/transform/json-validation.js';
+export { overrideMethod } from './policies/transform/override-method.js';
+export { requestValidation } from './policies/transform/request-validation.js';
+export { requestTransform, responseTransform } from './policies/transform/transform.js';
+export { health } from './core/health.js';
+export { assignMetrics } from './policies/observability/assign-metrics.js';
+export { MetricsReporterConfig, metricsReporter } from './policies/observability/metrics-reporter.js';
+export { requestLog } from './policies/observability/request-log.js';
+export { ServerTimingConfig, ServerTimingVisibility, serverTiming } from './policies/observability/server-timing.js';
+export { HistogramEntry, InMemoryMetricsCollector, MetricsCollector, MetricsSnapshot, TaggedValue, toPrometheusText } from './observability/metrics.js';
+export { ConsoleSpanExporter, OTLPSpanExporter, ReadableSpan, SemConv, SpanBuilder, SpanEvent, SpanExporter, SpanKind, SpanStatusCode, TracingConfig } from './observability/tracing.js';
+export { Priority, PriorityLevel } from './policies/sdk/priority.js';
+export { isDebugRequested, policyDebug, resolveConfig, safeCall, setDebugHeader, withSkip } from './policies/sdk/helpers.js';
+export { PolicyDefinition, PolicyEvalHandlerContext, PolicyFactory, PolicyHandlerContext, definePolicy } from './policies/sdk/define-policy.js';
+export { PolicyTestHarnessOptions, createPolicyTestHarness } from './policies/sdk/testing.js';
+export { PolicyTrace, PolicyTraceDetail, PolicyTraceEntry, TraceReporter, isTraceRequested, noopTraceReporter, policyTrace } from './policies/sdk/trace.js';
+export { DebugLogger } from '@vivero/stoma-core';
+export { DEFAULT_IP_HEADERS, extractClientIp } from './utils/ip.js';
+export { timingSafeEqual } from './utils/timing-safe.js';
+import 'hono';
+import 'hono/types';
+import './adapters/testing.js';

package/dist/index.js

@@ -0,0 +1,158 @@
+import {
+  defaultErrorResponse,
+  errorToResponse,
+  GatewayError
+} from "./core/errors";
+import { createGateway } from "./core/gateway";
+import { getGatewayContext } from "./core/pipeline";
+import { scope } from "./core/scope";
+import { mock } from "./policies/mock";
+import { proxy } from "./policies/proxy";
+import { apiKeyAuth } from "./policies/auth/api-key-auth";
+import { basicAuth } from "./policies/auth/basic-auth";
+import { clearJwksCache } from "./policies/auth/crypto";
+import { generateHttpSignature } from "./policies/auth/generate-http-signature";
+import { generateJwt } from "./policies/auth/generate-jwt";
+import { jws } from "./policies/auth/jws";
+import { jwtAuth } from "./policies/auth/jwt-auth";
+import { oauth2 } from "./policies/auth/oauth2";
+import { rbac } from "./policies/auth/rbac";
+import { verifyHttpSignature } from "./policies/auth/verify-http-signature";
+import { cache, InMemoryCacheStore } from "./policies/traffic/cache";
+import { dynamicRouting } from "./policies/traffic/dynamic-routing";
+import { geoIpFilter } from "./policies/traffic/geo-ip-filter";
+import { httpCallout } from "./policies/traffic/http-callout";
+import { interrupt } from "./policies/traffic/interrupt";
+import { ipFilter } from "./policies/traffic/ip-filter";
+import { jsonThreatProtection } from "./policies/traffic/json-threat-protection";
+import { rateLimit } from "./policies/traffic/rate-limit";
+import { regexThreatProtection } from "./policies/traffic/regex-threat-protection";
+import { requestLimit } from "./policies/traffic/request-limit";
+import { resourceFilter } from "./policies/traffic/resource-filter";
+import { sslEnforce } from "./policies/traffic/ssl-enforce";
+import { trafficShadow } from "./policies/traffic/traffic-shadow";
+import {
+  circuitBreaker,
+  InMemoryCircuitBreakerStore
+} from "./policies/resilience/circuit-breaker";
+import { latencyInjection } from "./policies/resilience/latency-injection";
+import { retry } from "./policies/resilience/retry";
+import { timeout } from "./policies/resilience/timeout";
+import { assignAttributes } from "./policies/transform/assign-attributes";
+import { assignContent } from "./policies/transform/assign-content";
+import { cors } from "./policies/transform/cors";
+import { jsonValidation } from "./policies/transform/json-validation";
+import { overrideMethod } from "./policies/transform/override-method";
+import { requestValidation } from "./policies/transform/request-validation";
+import {
+  requestTransform,
+  responseTransform
+} from "./policies/transform/transform";
+import { health } from "./core/health";
+import { assignMetrics } from "./policies/observability/assign-metrics";
+import { metricsReporter } from "./policies/observability/metrics-reporter";
+import { requestLog } from "./policies/observability/request-log";
+import { serverTiming } from "./policies/observability/server-timing";
+import {
+  InMemoryMetricsCollector,
+  toPrometheusText
+} from "./observability/metrics";
+import {
+  ConsoleSpanExporter,
+  OTLPSpanExporter,
+  SemConv,
+  SpanBuilder
+} from "./observability/tracing";
+import {
+  createPolicyTestHarness,
+  definePolicy,
+  isDebugRequested,
+  isTraceRequested,
+  noopTraceReporter,
+  Priority,
+  policyDebug,
+  policyTrace,
+  resolveConfig,
+  safeCall,
+  setDebugHeader,
+  withSkip
+} from "./policies/sdk";
+import {
+  DEFAULT_IP_HEADERS,
+  extractClientIp
+} from "./utils/ip";
+import { timingSafeEqual } from "./utils/timing-safe";
+export {
+  ConsoleSpanExporter,
+  DEFAULT_IP_HEADERS,
+  GatewayError,
+  InMemoryCacheStore,
+  InMemoryCircuitBreakerStore,
+  InMemoryMetricsCollector,
+  OTLPSpanExporter,
+  Priority,
+  SemConv,
+  SpanBuilder,
+  apiKeyAuth,
+  assignAttributes,
+  assignContent,
+  assignMetrics,
+  basicAuth,
+  cache,
+  circuitBreaker,
+  clearJwksCache,
+  cors,
+  createGateway,
+  createPolicyTestHarness,
+  defaultErrorResponse,
+  definePolicy,
+  dynamicRouting,
+  errorToResponse,
+  extractClientIp,
+  generateHttpSignature,
+  generateJwt,
+  geoIpFilter,
+  getGatewayContext,
+  health,
+  httpCallout,
+  interrupt,
+  ipFilter,
+  isDebugRequested,
+  isTraceRequested,
+  jsonThreatProtection,
+  jsonValidation,
+  jws,
+  jwtAuth,
+  latencyInjection,
+  metricsReporter,
+  mock,
+  noopTraceReporter,
+  oauth2,
+  overrideMethod,
+  policyDebug,
+  policyTrace,
+  proxy,
+  rateLimit,
+  rbac,
+  regexThreatProtection,
+  requestLimit,
+  requestLog,
+  requestTransform,
+  requestValidation,
+  resolveConfig,
+  resourceFilter,
+  responseTransform,
+  retry,
+  safeCall,
+  scope,
+  serverTiming,
+  setDebugHeader,
+  sslEnforce,
+  timeout,
+  timingSafeEqual,
+  toPrometheusText,
+  trafficShadow,
+  verifyHttpSignature,
+  withSkip
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts"],"sourcesContent":["/**\n * Stoma - declarative API gateway as a TypeScript library.\n *\n * Built on Hono for Cloudflare Workers and edge runtimes. Define routes,\n * compose policies (auth, rate limiting, caching, transforms), and proxy\n * to upstream services - all from a single configuration object.\n *\n * @packageDocumentation\n *\n * @example\n * ```ts\n * import {\n *   createGateway,\n *   cors,\n *   jwtAuth,\n *   rateLimit,\n *   cache,\n *   requestLog,\n *   health,\n * } from \"@vivero/stoma\";\n *\n * const gateway = createGateway({\n *   name: \"my-api\",\n *   basePath: \"/api\",\n *   debug: env.DEBUG,\n *   policies: [cors(), requestLog(), rateLimit({ max: 100 })],\n *   routes: [\n *     health(),\n *     {\n *       path: \"/users/*\",\n *       pipeline: {\n *         policies: [\n *           jwtAuth({ secret: env.JWT_SECRET }),\n *           cache({ ttlSeconds: 60 }),\n *         ],\n *         upstream: { type: \"url\", target: \"https://users.internal\" },\n *       },\n *     },\n *   ],\n * });\n *\n * export default gateway.app;\n * ```\n */\n\n// ── Protocol - multi-runtime policy evaluation ──────────────────────────\n\nexport type {\n  /** Set a cross-policy attribute in PolicyResult mutations. */\n  AttributeMutation,\n  /** Replace or clear the message body in PolicyResult mutations. */\n  BodyMutation,\n  /** Add, remove, or append a header in PolicyResult mutations. */\n  HeaderMutation,\n  /** A discrete modification (header, body, status, attribute) applied via PolicyResult. */\n  Mutation,\n  /** Allow processing to continue, optionally with mutations. */\n  PolicyContinue,\n  /** Runtime-facing evaluation context (no typed config - see PolicyEvalHandlerContext for typed version). */\n  PolicyEvalContext,\n  /** Protocol-agnostic policy evaluation entry point (onRequest, onResponse). */\n  PolicyEvaluator,\n  /** Short-circuit with a complete non-error response (cache hit, mock, redirect). */\n  PolicyImmediateResponse,\n  /** Protocol-agnostic view of what's being processed - constructed by each runtime. */\n  PolicyInput,\n  /** Reject the request with a structured error response. */\n  PolicyReject,\n  /** The outcome of a policy evaluation: continue, reject, or immediate-response. */\n  PolicyResult,\n  /** Lifecycle phase a policy participates in (request-headers, response-body, etc.). */\n  ProcessingPhase,\n  /** Identifies the protocol runtime (http, grpc, websocket). */\n  ProtocolType,\n  /** Modify the response status code in PolicyResult mutations. */\n  StatusMutation,\n} from \"./core/protocol\";\n\n// ── Core ────────────────────────────────────────────────────────────────\n\n/** Standard JSON error response shape returned by all gateway errors. */\nexport type { ErrorResponse } from \"./core/errors\";\n/** Structured error with HTTP status, machine-readable code, and optional response headers. */\n/** Build a JSON Response from a GatewayError, merging custom headers and request ID. */\n/** Produce a generic 500 error response for unexpected (non-GatewayError) errors. */\nexport {\n  defaultErrorResponse,\n  errorToResponse,\n  GatewayError,\n} from \"./core/errors\";\n/** Compile a declarative {@link GatewayConfig} into a Hono app with policy pipelines and upstream dispatch. */\nexport { createGateway } from \"./core/gateway\";\n/** Retrieve the {@link PolicyContext} (request ID, trace ID, timing) from a Hono context. */\nexport { getGatewayContext } from \"./core/pipeline\";\nexport type {\n  /** Configuration for a route scope: prefix, shared policies, child routes, and metadata. */\n  ScopeConfig,\n} from \"./core/scope\";\n/** Group routes under a shared path prefix with shared policies and metadata. */\nexport { scope } from \"./core/scope\";\nexport type {\n  /** Admin introspection API configuration (auth, prefix, metrics collector). */\n  AdminConfig,\n  /** Configuration for client-requested debug headers (request header name, allowlist). */\n  DebugHeadersConfig,\n  /** Top-level gateway configuration: routes, global policies, error handling, debug, and adapter. */\n  GatewayConfig,\n  /** The instantiated gateway: a configured Hono app, route count, name, and internal registry. */\n  GatewayInstance,\n  /** Internal registry of all routes and policies, used by the admin introspection API. */\n  GatewayRegistry,\n  /** Invoke a custom handler function directly (no upstream proxy). */\n  HandlerUpstream,\n  /** HTTP methods supported by gateway route registration. */\n  HttpMethod,\n  /** Pipeline definition: ordered policy chain leading to an upstream target. */\n  PipelineConfig,\n  /** Policy metadata (name + priority) recorded in the gateway registry. */\n  RegisteredPolicy,\n  /** Route metadata recorded in the gateway registry for admin introspection. */\n  RegisteredRoute,\n  /** Individual route definition: path, methods, and pipeline (policies + upstream). */\n  RouteConfig,\n  /** Forward to a Cloudflare Worker via a named Service Binding. */\n  ServiceBindingUpstream,\n  /** Discriminated union of upstream types: URL proxy, Service Binding, or custom handler. */\n  UpstreamConfig,\n  /** Proxy to a remote URL with optional path rewriting and header overrides. */\n  UrlUpstream,\n} from \"./core/types\";\n\n// ── Policies - root-level ───────────────────────────────────────────────\n\n/** Return a static mock response, bypassing the upstream entirely (priority 999). */\nexport { mock } from \"./policies/mock\";\n/** Per-route header manipulation, timeout control, and Host header preservation (priority 95). */\nexport { proxy } from \"./policies/proxy\";\n\n// ── Policies - auth ─────────────────────────────────────────────────────\n\n/** Validate API keys from headers or query parameters using a custom validator function (priority 10). */\nexport { apiKeyAuth } from \"./policies/auth/api-key-auth\";\n/** Validate HTTP Basic credentials with a custom validator and WWW-Authenticate challenge (priority 10). */\nexport { basicAuth } from \"./policies/auth/basic-auth\";\n/** Clear the shared JWKS cache used by jwt-auth and jws. Intended for testing. */\nexport { clearJwksCache } from \"./policies/auth/crypto\";\n/** Generate RFC 9421 HTTP Message Signatures on outbound requests (priority 95). */\nexport { generateHttpSignature } from \"./policies/auth/generate-http-signature\";\n/** Mint JWTs (HMAC or RSA) and attach them to outgoing requests for upstream consumption (priority 50). */\nexport { generateJwt } from \"./policies/auth/generate-jwt\";\n/** Verify JWS compact serialization signatures - embedded or detached payloads, HMAC or JWKS (priority 10). */\nexport { jws } from \"./policies/auth/jws\";\n/** Validate JWT bearer tokens via HMAC secret or JWKS endpoint, with optional claim forwarding (priority 10). */\nexport { jwtAuth } from \"./policies/auth/jwt-auth\";\n/** Validate OAuth2 tokens via RFC 7662 introspection or a local validation function (priority 10). */\nexport { oauth2 } from \"./policies/auth/oauth2\";\n/** Role-based access control using claims forwarded as request headers by auth policies (priority 10). */\nexport { rbac } from \"./policies/auth/rbac\";\n\n/** Verify RFC 9421 HTTP Message Signatures on inbound requests with key ID lookup (priority 10). */\nexport { verifyHttpSignature } from \"./policies/auth/verify-http-signature\";\n\n// ── Policies - traffic ──────────────────────────────────────────────────\n\n/** Response caching with pluggable storage, TTL, and automatic cache-control headers (priority 40). */\nexport { cache, InMemoryCacheStore } from \"./policies/traffic/cache\";\n/** Evaluate ordered routing rules and expose the first match on context for downstream consumption (priority 50). */\nexport { dynamicRouting } from \"./policies/traffic/dynamic-routing\";\n\n/** Block or allow requests by geographic country code from a configurable header (priority 1). */\nexport { geoIpFilter } from \"./policies/traffic/geo-ip-filter\";\n/** Make an external HTTP call mid-pipeline for authorization, enrichment, or webhook notification (priority 50). */\nexport { httpCallout } from \"./policies/traffic/http-callout\";\n/** Conditionally short-circuit the pipeline and return a static response based on a predicate (priority 100). */\nexport { interrupt } from \"./policies/traffic/interrupt\";\n/** Block or allow requests by client IP address or CIDR range in allowlist/denylist mode (priority 1). */\nexport { ipFilter } from \"./policies/traffic/ip-filter\";\n\n/** Enforce structural limits on JSON request bodies - depth, key count, string length, array size (priority 5). */\nexport { jsonThreatProtection } from \"./policies/traffic/json-threat-protection\";\n/** Sliding-window rate limiting with pluggable counter storage and configurable key extraction (priority 20). */\nexport { rateLimit } from \"./policies/traffic/rate-limit\";\n/** Block requests matching regex patterns (SQL injection, XSS, etc.) in path, query, headers, or body (priority 5). */\nexport { regexThreatProtection } from \"./policies/traffic/regex-threat-protection\";\n/** Reject requests whose Content-Length exceeds a byte limit (priority 5). */\nexport { requestLimit } from \"./policies/traffic/request-limit\";\n/** Strip or allow fields from JSON responses using dot-notation paths in allow/deny mode (priority 92). */\nexport { resourceFilter } from \"./policies/traffic/resource-filter\";\n/** Enforce HTTPS with optional redirect (301) and HSTS header injection (priority 5). */\nexport { sslEnforce } from \"./policies/traffic/ssl-enforce\";\n/** Mirror a percentage of traffic to a secondary upstream without affecting the primary response (priority 92). */\nexport { trafficShadow } from \"./policies/traffic/traffic-shadow\";\n\n// ── Policies - resilience ───────────────────────────────────────────────\n\n/** Three-state circuit breaker (closed/open/half-open) with pluggable state storage (priority 30). */\nexport {\n  circuitBreaker,\n  InMemoryCircuitBreakerStore,\n} from \"./policies/resilience/circuit-breaker\";\n/** Inject artificial latency for chaos/resilience testing with jitter and probability controls (priority 5). */\nexport { latencyInjection } from \"./policies/resilience/latency-injection\";\n/** Retry failed upstream calls with exponential or fixed backoff, jitter, and method filtering (priority 90). */\nexport { retry } from \"./policies/resilience/retry\";\n/** Enforce a response time budget - races downstream execution against a configurable timer (priority 85). */\nexport { timeout } from \"./policies/resilience/timeout\";\n\n// ── Policies - transform ────────────────────────────────────────────────\n\n/** Set key-value attributes on the Hono request context for downstream middleware consumption (priority 50). */\nexport { assignAttributes } from \"./policies/transform/assign-attributes\";\n/** Inject or override fields in JSON request and/or response bodies with static or dynamic values (priority 50). */\nexport { assignContent } from \"./policies/transform/assign-content\";\n/** Add CORS headers to responses, wrapping Hono's built-in CORS middleware as a composable policy (priority 5). */\nexport { cors } from \"./policies/transform/cors\";\n/** Pluggable JSON body validation - wrap Zod, AJV, or any validator; falls back to JSON parse check (priority 10). */\nexport { jsonValidation } from \"./policies/transform/json-validation\";\n/** Override the HTTP method of POST requests via a configurable header (priority 5). */\nexport { overrideMethod } from \"./policies/transform/override-method\";\n\n/** Pluggable request body validation using a user-provided sync or async function (priority 10). */\nexport { requestValidation } from \"./policies/transform/request-validation\";\n/** Modify request headers (set/remove/rename) before the upstream call (priority 50). */\nexport {\n  requestTransform,\n  /** Modify response headers (set/remove/rename) after the upstream responds (priority 92). */\n  responseTransform,\n} from \"./policies/transform/transform\";\n\n// ── Policies - observability ────────────────────────────────────────────\n\n/** Create a health check route with optional upstream probing (returns a RouteConfig, not a Policy). */\nexport { health } from \"./core/health\";\n/** Attach metric tags/dimensions to the request context for consumption by metricsReporter (priority 0). */\nexport { assignMetrics } from \"./policies/observability/assign-metrics\";\n/** Record request counts, latencies, and errors to a pluggable {@link MetricsCollector} (priority 1). */\nexport { metricsReporter } from \"./policies/observability/metrics-reporter\";\n/** Structured JSON request logging with W3C trace context, body capture, and field redaction (priority 0). */\nexport { requestLog } from \"./policies/observability/request-log\";\n/** Emit W3C Server-Timing and X-Response-Time response headers with per-policy breakdown (priority 1). */\nexport { serverTiming } from \"./policies/observability/server-timing\";\n\n// ── Observability ───────────────────────────────────────────────────────\n\n/** In-memory metrics collector for testing and development. */\nexport {\n  InMemoryMetricsCollector,\n  /** Serialize a {@link MetricsSnapshot} to Prometheus text exposition format. */\n  toPrometheusText,\n} from \"./observability/metrics\";\nexport type {\n  /** An immutable representation of a completed span. */\n  ReadableSpan,\n  /** A timestamped event recorded during a span's lifetime. */\n  SpanEvent,\n  /** Pluggable span exporter interface. */\n  SpanExporter,\n  /** Span kind: SERVER, CLIENT, or INTERNAL. */\n  SpanKind,\n  /** Span status code: UNSET, OK, or ERROR. */\n  SpanStatusCode,\n  /** Configuration for gateway-level tracing. */\n  TracingConfig,\n} from \"./observability/tracing\";\n/** Console span exporter for development and debugging. */\nexport {\n  ConsoleSpanExporter,\n  /** OTLP/HTTP JSON span exporter for OpenTelemetry Collectors. */\n  OTLPSpanExporter,\n  /** OTel semantic convention attribute keys (HTTP subset). */\n  SemConv,\n  /** Mutable span builder - accumulates attributes, events, and status during a request lifecycle. */\n  SpanBuilder,\n} from \"./observability/tracing\";\n\n// ── Policy SDK - shared primitives for built-in and custom policies ─────\n\nexport type {\n  /** Declarative policy definition passed to {@link definePolicy}. */\n  PolicyDefinition,\n  /** Context injected into `definePolicy` evaluate handlers (protocol-agnostic, with typed config). */\n  PolicyEvalHandlerContext,\n  /** Conditional factory type - config required when TConfig has required keys. */\n  PolicyFactory,\n  /** Context injected into `definePolicy` handlers: merged config, debug logger, and gateway context. */\n  PolicyHandlerContext,\n  /** Options for {@link createPolicyTestHarness}: custom upstream, path, gateway name, adapter. */\n  PolicyTestHarnessOptions,\n  /** Full trace payload emitted as `x-stoma-trace`. */\n  PolicyTrace,\n  /** Policy-reported trace detail. */\n  PolicyTraceDetail,\n  /** Combined trace entry (baseline + detail). */\n  PolicyTraceEntry,\n  /** Union of all named priority level values. */\n  PriorityLevel,\n  /** Trace reporter function type. */\n  TraceReporter,\n} from \"./policies/sdk\";\nexport {\n  /** Create a minimal test harness for a policy with error handling, context injection, and configurable upstream. */\n  createPolicyTestHarness,\n  /** Create a policy factory from a declarative definition - combines resolveConfig, policyDebug, and withSkip. */\n  definePolicy,\n  /** Check whether the client requested debug output via the `x-stoma-debug` header. */\n  isDebugRequested,\n  /** Fast-path check: is tracing requested for this request? */\n  isTraceRequested,\n  /** Shared no-op trace reporter instance. */\n  noopTraceReporter,\n  /** Named priority constants (OBSERVABILITY, AUTH, RATE_LIMIT, etc.) for policy ordering. */\n  Priority,\n  /** Get a debug logger pre-namespaced to `stoma:policy:{name}` from the gateway context. */\n  policyDebug,\n  /** Get a trace reporter for a specific policy - always callable, no-op when not tracing. */\n  policyTrace,\n  /** Shallow-merge default config values with user-provided config. */\n  resolveConfig,\n  /** Execute an async operation with graceful error handling - returns a fallback value on failure. */\n  safeCall,\n  /** Set a debug header value for client-requested debug output. */\n  setDebugHeader,\n  /** Wrap a middleware handler with `PolicyConfig.skip` conditional bypass logic. */\n  withSkip,\n} from \"./policies/sdk\";\n\n// ── Debug ───────────────────────────────────────────────────────────────\n\n/** A debug logging function - call with a message and optional structured data. */\nexport type { DebugLogger } from \"./utils/debug\";\n\n// ── Utilities ───────────────────────────────────────────────────────────\n\n/** Extract the client IP from request headers using a configurable header priority list. */\nexport {\n  /** Default ordered list of headers inspected for client IP (`cf-connecting-ip`, `x-forwarded-for`). */\n  DEFAULT_IP_HEADERS,\n  extractClientIp,\n} from \"./utils/ip\";\n\n/** Constant-time string comparison for secrets and API keys - prevents timing side-channel attacks. */\nexport { timingSafeEqual } from \"./utils/timing-safe\";\n\n// ── Types ───────────────────────────────────────────────────────────────\n\n/** Runtime adapter providing store implementations and platform-specific capabilities. */\nexport type { GatewayAdapter } from \"./adapters/types\";\n\nexport type {\n  /** A histogram data point with accumulated numeric values. */\n  HistogramEntry,\n  /** Pluggable metrics collector interface - increment counters, record histograms, set gauges. */\n  MetricsCollector,\n  /** Point-in-time snapshot of all collected metrics (counters, histograms, gauges). */\n  MetricsSnapshot,\n  /** A single tagged metric data point with a numeric value. */\n  TaggedValue,\n} from \"./observability/metrics\";\n\n/** Configuration for the {@link metricsReporter} policy. */\nexport type { MetricsReporterConfig } from \"./policies/observability/metrics-reporter\";\n\n/** Configuration for the {@link serverTiming} policy. */\nexport type {\n  ServerTimingConfig,\n  /** Visibility mode for the serverTiming policy. */\n  ServerTimingVisibility,\n} from \"./policies/observability/server-timing\";\nexport type {\n  /** Point-in-time snapshot of a circuit's state, failure/success counts, and timestamps. */\n  CircuitBreakerSnapshot,\n  /** Pluggable storage backend for circuit breaker state. */\n  CircuitBreakerStore,\n  /** The three circuit breaker states: `\"closed\"`, `\"open\"`, `\"half-open\"`. */\n  CircuitState,\n} from \"./policies/resilience/circuit-breaker\";\n/** Pluggable cache storage backend - get, put, and delete cached responses. */\nexport type {\n  CacheStore,\n  InMemoryCacheStoreOptions,\n} from \"./policies/traffic/cache\";\n/** Pluggable storage backend for rate limit counters. */\nexport type {\n  /** Options for the built-in in-memory rate limit store (max keys, cleanup interval). */\n  InMemoryRateLimitStoreOptions,\n  RateLimitStore,\n} from \"./policies/traffic/rate-limit\";\nexport type {\n  /** A composable policy: name, priority, and Hono middleware handler. */\n  Policy,\n  /** Base configuration interface for all policies - includes the `skip` conditional bypass. */\n  PolicyConfig,\n  /** Per-request gateway context: request ID, trace ID, span ID, timing, debug factory, and adapter. */\n  PolicyContext,\n} from \"./policies/types\";\n"],"mappings":"AAqFA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,SAAS,qBAAqB;AAE9B,SAAS,yBAAyB;AAMlC,SAAS,aAAa;AAmCtB,SAAS,YAAY;AAErB,SAAS,aAAa;AAKtB,SAAS,kBAAkB;AAE3B,SAAS,iBAAiB;AAE1B,SAAS,sBAAsB;AAE/B,SAAS,6BAA6B;AAEtC,SAAS,mBAAmB;AAE5B,SAAS,WAAW;AAEpB,SAAS,eAAe;AAExB,SAAS,cAAc;AAEvB,SAAS,YAAY;AAGrB,SAAS,2BAA2B;AAKpC,SAAS,OAAO,0BAA0B;AAE1C,SAAS,sBAAsB;AAG/B,SAAS,mBAAmB;AAE5B,SAAS,mBAAmB;AAE5B,SAAS,iBAAiB;AAE1B,SAAS,gBAAgB;AAGzB,SAAS,4BAA4B;AAErC,SAAS,iBAAiB;AAE1B,SAAS,6BAA6B;AAEtC,SAAS,oBAAoB;AAE7B,SAAS,sBAAsB;AAE/B,SAAS,kBAAkB;AAE3B,SAAS,qBAAqB;AAK9B;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAEP,SAAS,wBAAwB;AAEjC,SAAS,aAAa;AAEtB,SAAS,eAAe;AAKxB,SAAS,wBAAwB;AAEjC,SAAS,qBAAqB;AAE9B,SAAS,YAAY;AAErB,SAAS,sBAAsB;AAE/B,SAAS,sBAAsB;AAG/B,SAAS,yBAAyB;AAElC;AAAA,EACE;AAAA,EAEA;AAAA,OACK;AAKP,SAAS,cAAc;AAEvB,SAAS,qBAAqB;AAE9B,SAAS,uBAAuB;AAEhC,SAAS,kBAAkB;AAE3B,SAAS,oBAAoB;AAK7B;AAAA,EACE;AAAA,EAEA;AAAA,OACK;AAgBP;AAAA,EACE;AAAA,EAEA;AAAA,EAEA;AAAA,EAEA;AAAA,OACK;AA0BP;AAAA,EAEE;AAAA,EAEA;AAAA,EAEA;AAAA,EAEA;AAAA,EAEA;AAAA,EAEA;AAAA,EAEA;AAAA,EAEA;AAAA,EAEA;AAAA,EAEA;AAAA,EAEA;AAAA,EAEA;AAAA,OACK;AAUP;AAAA,EAEE;AAAA,EACA;AAAA,OACK;AAGP,SAAS,uBAAuB;","names":[]}

package/dist/observability/admin.d.ts

@@ -0,0 +1,32 @@
+import { Hono } from 'hono';
+import { AdminConfig, GatewayRegistry } from '../core/types.js';
+import '../protocol-2fD3DJrL.js';
+import '../policies/sdk/trace.js';
+import '@vivero/stoma-core';
+import './metrics.js';
+import './tracing.js';
+
+/**
+ * Admin introspection API - auto-registered `___gateway/*` routes.
+ *
+ * Exposes gateway internals for operational visibility: registered routes,
+ * active policies, redacted config, Prometheus metrics, and health status.
+ *
+ * @module admin
+ */
+
+/**
+ * Register admin introspection routes on the Hono app.
+ *
+ * @param app - The Hono app to register routes on.
+ * @param config - Admin configuration (auth, prefix, metrics).
+ * @param registry - The gateway registry containing route and policy data.
+ */
+declare function registerAdminRoutes(app: Hono, config: AdminConfig, registry: GatewayRegistry): void;
+/**
+ * Redact values of keys that look like secrets in a config object.
+ * Used internally by the `/config` endpoint.
+ */
+declare function redactConfig(obj: unknown): unknown;
+
+export { redactConfig, registerAdminRoutes };

package/dist/observability/admin.js

@@ -0,0 +1,85 @@
+import { toPrometheusText } from "./metrics";
+const SECRET_PATTERNS = ["secret", "key", "token", "password", "credential"];
+function registerAdminRoutes(app, config, registry) {
+  const prefix = `/${config.prefix ?? "___gateway"}`;
+  const authMiddleware = async (c, next) => {
+    if (config.auth) {
+      const allowed = await config.auth(c);
+      if (!allowed) {
+        return c.json(
+          { error: "unauthorized", message: "Admin access denied" },
+          403
+        );
+      }
+    }
+    await next();
+  };
+  app.get(`${prefix}/routes`, authMiddleware, (c) => {
+    return c.json({
+      gateway: registry.gatewayName,
+      routes: registry.routes
+    });
+  });
+  app.get(`${prefix}/policies`, authMiddleware, (c) => {
+    return c.json({
+      gateway: registry.gatewayName,
+      policies: registry.policies
+    });
+  });
+  app.get(`${prefix}/config`, authMiddleware, (c) => {
+    return c.json(
+      redactConfig({
+        gateway: registry.gatewayName,
+        routes: registry.routes,
+        policies: registry.policies
+      })
+    );
+  });
+  app.get(`${prefix}/metrics`, authMiddleware, (c) => {
+    if (!config.metrics) {
+      return c.json(
+        {
+          error: "not_configured",
+          message: "No metrics collector configured. Pass a MetricsCollector to admin.metrics."
+        },
+        404
+      );
+    }
+    const snapshot = config.metrics.snapshot();
+    const text = toPrometheusText(snapshot);
+    return c.text(text, 200, {
+      "content-type": "text/plain; version=0.0.4; charset=utf-8"
+    });
+  });
+  app.get(`${prefix}/health`, authMiddleware, (c) => {
+    return c.json({
+      status: "healthy",
+      gateway: registry.gatewayName,
+      routeCount: registry.routes.length,
+      policyCount: registry.policies.length,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    });
+  });
+}
+function redactConfig(obj) {
+  if (typeof obj !== "object" || obj === null) return obj;
+  if (Array.isArray(obj)) return obj.map(redactConfig);
+  const result = {};
+  for (const [key, value] of Object.entries(obj)) {
+    if (SECRET_PATTERNS.some((p) => key.toLowerCase().includes(p))) {
+      result[key] = "[REDACTED]";
+    } else if (typeof value === "function") {
+      result[key] = "[Function]";
+    } else if (typeof value === "object" && value !== null) {
+      result[key] = redactConfig(value);
+    } else {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+export {
+  redactConfig,
+  registerAdminRoutes
+};
+//# sourceMappingURL=admin.js.map

package/dist/observability/admin.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/observability/admin.ts"],"sourcesContent":["/**\n * Admin introspection API - auto-registered `___gateway/*` routes.\n *\n * Exposes gateway internals for operational visibility: registered routes,\n * active policies, redacted config, Prometheus metrics, and health status.\n *\n * @module admin\n */\nimport type { Context, Hono } from \"hono\";\nimport type { AdminConfig, GatewayRegistry } from \"../core/types\";\nimport { toPrometheusText } from \"./metrics\";\n\n/** Secret-like keys that should be redacted in config output. */\nconst SECRET_PATTERNS = [\"secret\", \"key\", \"token\", \"password\", \"credential\"];\n\n/**\n * Register admin introspection routes on the Hono app.\n *\n * @param app - The Hono app to register routes on.\n * @param config - Admin configuration (auth, prefix, metrics).\n * @param registry - The gateway registry containing route and policy data.\n */\nexport function registerAdminRoutes(\n  app: Hono,\n  config: AdminConfig,\n  registry: GatewayRegistry\n): void {\n  const prefix = `/${config.prefix ?? \"___gateway\"}`;\n\n  // Auth middleware for all admin routes\n  const authMiddleware = async (c: Context, next: () => Promise<void>) => {\n    if (config.auth) {\n      const allowed = await config.auth(c);\n      if (!allowed) {\n        return c.json(\n          { error: \"unauthorized\", message: \"Admin access denied\" },\n          403\n        );\n      }\n    }\n    await next();\n  };\n\n  // GET /___gateway/routes - list all registered routes\n  app.get(`${prefix}/routes`, authMiddleware, (c) => {\n    return c.json({\n      gateway: registry.gatewayName,\n      routes: registry.routes,\n    });\n  });\n\n  // GET /___gateway/policies - list all unique policies with priority\n  app.get(`${prefix}/policies`, authMiddleware, (c) => {\n    return c.json({\n      gateway: registry.gatewayName,\n      policies: registry.policies,\n    });\n  });\n\n  // GET /___gateway/config - serialized config with secrets redacted\n  app.get(`${prefix}/config`, authMiddleware, (c) => {\n    return c.json(\n      redactConfig({\n        gateway: registry.gatewayName,\n        routes: registry.routes,\n        policies: registry.policies,\n      })\n    );\n  });\n\n  // GET /___gateway/metrics - Prometheus text format\n  app.get(`${prefix}/metrics`, authMiddleware, (c) => {\n    if (!config.metrics) {\n      return c.json(\n        {\n          error: \"not_configured\",\n          message:\n            \"No metrics collector configured. Pass a MetricsCollector to admin.metrics.\",\n        },\n        404\n      );\n    }\n\n    const snapshot = config.metrics.snapshot();\n    const text = toPrometheusText(snapshot);\n    return c.text(text, 200, {\n      \"content-type\": \"text/plain; version=0.0.4; charset=utf-8\",\n    });\n  });\n\n  // GET /___gateway/health - basic health check\n  app.get(`${prefix}/health`, authMiddleware, (c) => {\n    return c.json({\n      status: \"healthy\",\n      gateway: registry.gatewayName,\n      routeCount: registry.routes.length,\n      policyCount: registry.policies.length,\n      timestamp: new Date().toISOString(),\n    });\n  });\n}\n\n/**\n * Redact values of keys that look like secrets in a config object.\n * Used internally by the `/config` endpoint.\n */\nexport function redactConfig(obj: unknown): unknown {\n  if (typeof obj !== \"object\" || obj === null) return obj;\n  if (Array.isArray(obj)) return obj.map(redactConfig);\n\n  const result: Record<string, unknown> = {};\n  for (const [key, value] of Object.entries(obj as Record<string, unknown>)) {\n    if (SECRET_PATTERNS.some((p) => key.toLowerCase().includes(p))) {\n      result[key] = \"[REDACTED]\";\n    } else if (typeof value === \"function\") {\n      result[key] = \"[Function]\";\n    } else if (typeof value === \"object\" && value !== null) {\n      result[key] = redactConfig(value);\n    } else {\n      result[key] = value;\n    }\n  }\n  return result;\n}\n"],"mappings":"AAUA,SAAS,wBAAwB;AAGjC,MAAM,kBAAkB,CAAC,UAAU,OAAO,SAAS,YAAY,YAAY;AASpE,SAAS,oBACd,KACA,QACA,UACM;AACN,QAAM,SAAS,IAAI,OAAO,UAAU,YAAY;AAGhD,QAAM,iBAAiB,OAAO,GAAY,SAA8B;AACtE,QAAI,OAAO,MAAM;AACf,YAAM,UAAU,MAAM,OAAO,KAAK,CAAC;AACnC,UAAI,CAAC,SAAS;AACZ,eAAO,EAAE;AAAA,UACP,EAAE,OAAO,gBAAgB,SAAS,sBAAsB;AAAA,UACxD;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,UAAM,KAAK;AAAA,EACb;AAGA,MAAI,IAAI,GAAG,MAAM,WAAW,gBAAgB,CAAC,MAAM;AACjD,WAAO,EAAE,KAAK;AAAA,MACZ,SAAS,SAAS;AAAA,MAClB,QAAQ,SAAS;AAAA,IACnB,CAAC;AAAA,EACH,CAAC;AAGD,MAAI,IAAI,GAAG,MAAM,aAAa,gBAAgB,CAAC,MAAM;AACnD,WAAO,EAAE,KAAK;AAAA,MACZ,SAAS,SAAS;AAAA,MAClB,UAAU,SAAS;AAAA,IACrB,CAAC;AAAA,EACH,CAAC;AAGD,MAAI,IAAI,GAAG,MAAM,WAAW,gBAAgB,CAAC,MAAM;AACjD,WAAO,EAAE;AAAA,MACP,aAAa;AAAA,QACX,SAAS,SAAS;AAAA,QAClB,QAAQ,SAAS;AAAA,QACjB,UAAU,SAAS;AAAA,MACrB,CAAC;AAAA,IACH;AAAA,EACF,CAAC;AAGD,MAAI,IAAI,GAAG,MAAM,YAAY,gBAAgB,CAAC,MAAM;AAClD,QAAI,CAAC,OAAO,SAAS;AACnB,aAAO,EAAE;AAAA,QACP;AAAA,UACE,OAAO;AAAA,UACP,SACE;AAAA,QACJ;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,UAAM,WAAW,OAAO,QAAQ,SAAS;AACzC,UAAM,OAAO,iBAAiB,QAAQ;AACtC,WAAO,EAAE,KAAK,MAAM,KAAK;AAAA,MACvB,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH,CAAC;AAGD,MAAI,IAAI,GAAG,MAAM,WAAW,gBAAgB,CAAC,MAAM;AACjD,WAAO,EAAE,KAAK;AAAA,MACZ,QAAQ;AAAA,MACR,SAAS,SAAS;AAAA,MAClB,YAAY,SAAS,OAAO;AAAA,MAC5B,aAAa,SAAS,SAAS;AAAA,MAC/B,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,IACpC,CAAC;AAAA,EACH,CAAC;AACH;AAMO,SAAS,aAAa,KAAuB;AAClD,MAAI,OAAO,QAAQ,YAAY,QAAQ,KAAM,QAAO;AACpD,MAAI,MAAM,QAAQ,GAAG,EAAG,QAAO,IAAI,IAAI,YAAY;AAEnD,QAAM,SAAkC,CAAC;AACzC,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,GAA8B,GAAG;AACzE,QAAI,gBAAgB,KAAK,CAAC,MAAM,IAAI,YAAY,EAAE,SAAS,CAAC,CAAC,GAAG;AAC9D,aAAO,GAAG,IAAI;AAAA,IAChB,WAAW,OAAO,UAAU,YAAY;AACtC,aAAO,GAAG,IAAI;AAAA,IAChB,WAAW,OAAO,UAAU,YAAY,UAAU,MAAM;AACtD,aAAO,GAAG,IAAI,aAAa,KAAK;AAAA,IAClC,OAAO;AACL,aAAO,GAAG,IAAI;AAAA,IAChB;AAAA,EACF;AACA,SAAO;AACT;","names":[]}