@vorionsys/proof-plane 0.1.0 → 0.1.1

package/README.md

@@ -0,0 +1,174 @@
+# @vorionsys/proof-plane
+
+Immutable audit trail for AI agent operations. Provides hash-chained, cryptographically signed event logging for compliance, debugging, and trust verification.
+
+## Installation
+
+```bash
+npm install @vorionsys/proof-plane
+```
+
+## Quick Start
+
+```typescript
+import { createProofPlane, createInMemoryEventStore } from '@vorionsys/proof-plane';
+
+const store = createInMemoryEventStore();
+const proofPlane = createProofPlane({
+  signedBy: 'my-service',
+  store,
+});
+
+// Log events
+await proofPlane.logIntentReceived(intent);
+await proofPlane.logDecisionMade(decision);
+
+// Query events by correlation ID
+const trace = await proofPlane.getTrace(correlationId);
+
+// Verify hash chain integrity
+const verification = await proofPlane.verifyChain();
+console.log(verification.valid); // true
+```
+
+## Features
+
+- **Hash-Chained Events**: Every event links to the previous via SHA-256, forming a tamper-evident chain
+- **Cryptographic Signatures**: Ed25519 event signing with key pair generation and batch verification
+- **Pluggable Storage**: Abstract `ProofEventStore` interface - bring your own database
+- **Event Emitter**: Typed event system with batch emit support
+- **Trace Queries**: Retrieve full event traces by correlation ID
+- **Chain Verification**: Verify integrity of the entire hash chain with detailed reports
+- **API Routes**: Pre-built Express/Fastify route handlers for proof endpoints
+
+## Subpath Imports
+
+```typescript
+// Core proof plane
+import { createProofPlane, ProofPlane } from '@vorionsys/proof-plane';
+
+// Event stores
+import { InMemoryEventStore } from '@vorionsys/proof-plane/events';
+
+// Proof plane internals
+import { ProofPlane } from '@vorionsys/proof-plane/proof-plane';
+
+// API route handlers
+import { createProofRoutes } from '@vorionsys/proof-plane/api';
+```
+
+## API Reference
+
+### ProofPlane
+
+```typescript
+const plane = createProofPlane({
+  signedBy: 'service-name',   // Identifier for the signing service
+  store: eventStore,           // ProofEventStore implementation
+});
+
+// Log lifecycle events
+await plane.logIntentReceived(intent);
+await plane.logDecisionMade(decision);
+
+// Query
+const trace = await plane.getTrace(correlationId);
+const events = await plane.queryEvents({ limit: 100, offset: 0 });
+
+// Verify chain
+const result = await plane.verifyChain();
+// { valid: boolean, checkedCount: number, errors: string[] }
+```
+
+### Hash Chain
+
+```typescript
+import {
+  sha256,
+  computeEventHash,
+  verifyEventHash,
+  verifyChain,
+  verifyChainWithDetails,
+} from '@vorionsys/proof-plane';
+
+const hash = sha256(data);
+const eventHash = computeEventHash(event);
+const isValid = verifyEventHash(event);
+const chainResult = verifyChainWithDetails(events);
+```
+
+### Event Signatures
+
+```typescript
+import {
+  generateSigningKeyPair,
+  signEvent,
+  verifyEventSignature,
+  EventSigningService,
+} from '@vorionsys/proof-plane';
+
+// Generate keys
+const keyPair = await generateSigningKeyPair();
+
+// Sign an event
+const signature = await signEvent(event, keyPair.privateKey);
+
+// Verify
+const isValid = await verifyEventSignature(event, signature, keyPair.publicKey);
+
+// Or use the service
+const signer = createSigningService({ keyPair });
+const signed = await signer.sign(event);
+```
+
+### Event Store
+
+Implement the `ProofEventStore` interface for custom storage:
+
+```typescript
+import type { ProofEventStore, EventQueryOptions } from '@vorionsys/proof-plane';
+
+class MyEventStore implements ProofEventStore {
+  async append(event) { /* ... */ }
+  async getByCorrelationId(id) { /* ... */ }
+  async query(options: EventQueryOptions) { /* ... */ }
+  async getStats() { /* ... */ }
+  async getChain(options) { /* ... */ }
+}
+```
+
+### API Routes
+
+```typescript
+import { createProofRoutes, registerProofRoutes } from '@vorionsys/proof-plane';
+
+// Fastify
+registerProofRoutes(fastifyApp, { store });
+
+// Express
+import { createProofExpressRouter } from '@vorionsys/proof-plane';
+app.use('/proof', createProofExpressRouter({ store }));
+```
+
+## TypeScript
+
+```typescript
+import type {
+  ProofPlaneConfig,
+  ProofPlaneLogger,
+  ProofEventStore,
+  EventQueryOptions,
+  EventQueryResult,
+  EventStats,
+  EventEmitterConfig,
+  EventListener,
+  EmitResult,
+  ChainVerificationResult,
+  SigningKeyPair,
+  SignatureVerificationResult,
+} from '@vorionsys/proof-plane';
+```
+
+## License
+
+MIT

package/dist/api/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Proof Plane API Module
+ *
+ * Provides REST API routes for the Vorion audit system.
+ *
+ * @packageDocumentation
+ */
+export { createProofRoutes, registerProofRoutes, createProofExpressRouter, type ProofRoute, } from './routes.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/api/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/api/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,wBAAwB,EACxB,KAAK,UAAU,GAChB,MAAM,aAAa,CAAC"}

package/dist/api/index.js

@@ -0,0 +1,9 @@
+/**
+ * Proof Plane API Module
+ *
+ * Provides REST API routes for the Vorion audit system.
+ *
+ * @packageDocumentation
+ */
+export { createProofRoutes, registerProofRoutes, createProofExpressRouter, } from './routes.js';
+//# sourceMappingURL=index.js.map

package/dist/api/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/api/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,wBAAwB,GAEzB,MAAM,aAAa,CAAC"}

package/dist/api/routes.d.ts

@@ -0,0 +1,88 @@
+/**
+ * Proof Plane API Routes
+ *
+ * Provides REST API endpoints for the Vorion audit system:
+ * - POST /proof - Submit a proof event
+ * - GET /proof/:id - Retrieve proof event by ID
+ * - GET /proof/verify/:id - Verify a single proof event
+ * - GET /proof/chain/:correlationId - Get event trace by correlation ID
+ * - POST /proof/chain/verify - Verify chain integrity
+ *
+ * @packageDocumentation
+ */
+import { z } from 'zod';
+import type { ProofPlane } from '../proof-plane/proof-plane.js';
+/**
+ * Route handler context - generic interface for Fastify-like frameworks
+ */
+interface RouteContext {
+    request: {
+        params?: unknown;
+        query?: unknown;
+        body?: unknown;
+        id?: string;
+    };
+    reply: {
+        status(code: number): RouteContext['reply'];
+        send(data: unknown): void;
+    };
+}
+/**
+ * Route definition for registration
+ */
+export interface ProofRoute {
+    method: 'GET' | 'POST' | 'PUT' | 'DELETE';
+    path: string;
+    handler: (ctx: RouteContext, proofPlane: ProofPlane) => Promise<void>;
+    schema?: {
+        params?: z.ZodSchema;
+        query?: z.ZodSchema;
+        body?: z.ZodSchema;
+    };
+}
+/**
+ * Define all proof API routes
+ */
+export declare function createProofRoutes(proofPlane: ProofPlane): ProofRoute[];
+/**
+ * Fastify plugin registration helper
+ *
+ * Usage with Fastify:
+ * ```typescript
+ * import Fastify from 'fastify';
+ * import { createProofPlane } from '@vorionsys/proof-plane';
+ * import { registerProofRoutes } from '@vorionsys/proof-plane/api';
+ *
+ * const app = Fastify();
+ * const proofPlane = createProofPlane({ signedBy: 'my-service' });
+ *
+ * await app.register(async (instance) => {
+ *   registerProofRoutes(instance, proofPlane);
+ * }, { prefix: '/v1' });
+ * ```
+ */
+export declare function registerProofRoutes(fastify: {
+    get: (path: string, handler: (request: any, reply: any) => Promise<void>) => void;
+    post: (path: string, handler: (request: any, reply: any) => Promise<void>) => void;
+}, proofPlane: ProofPlane): void;
+/**
+ * Express middleware adapter
+ *
+ * Usage with Express:
+ * ```typescript
+ * import express from 'express';
+ * import { createProofPlane } from '@vorionsys/proof-plane';
+ * import { createProofExpressRouter } from '@vorionsys/proof-plane/api';
+ *
+ * const app = express();
+ * const proofPlane = createProofPlane({ signedBy: 'my-service' });
+ *
+ * app.use('/v1', createProofExpressRouter(proofPlane));
+ * ```
+ */
+export declare function createProofExpressRouter(proofPlane: ProofPlane): {
+    routes: ProofRoute[];
+    handler: (req: any, res: any, next: any) => Promise<void>;
+};
+export {};
+//# sourceMappingURL=routes.d.ts.map

package/dist/api/routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../../src/api/routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAiEhE;;GAEG;AACH,UAAU,YAAY;IACpB,OAAO,EAAE;QACP,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,KAAK,CAAC,EAAE,OAAO,CAAC;QAChB,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,EAAE,CAAC,EAAE,MAAM,CAAC;KACb,CAAC;IACF,KAAK,EAAE;QACL,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;KAC3B,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAC;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACtE,MAAM,CAAC,EAAE;QACP,MAAM,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC;QACrB,KAAK,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC;QACpB,IAAI,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC;KACpB,CAAC;CACH;AA4BD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,EAAE,CAuPtE;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE;IACP,GAAG,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC;IAClF,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC;CACpF,EACD,UAAU,EAAE,UAAU,GACrB,IAAI,CA0CN;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,wBAAwB,CAAC,UAAU,EAAE,UAAU,GAAG;IAChE,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3D,CA+CA"}

package/dist/api/routes.js

@@ -0,0 +1,399 @@
+/**
+ * Proof Plane API Routes
+ *
+ * Provides REST API endpoints for the Vorion audit system:
+ * - POST /proof - Submit a proof event
+ * - GET /proof/:id - Retrieve proof event by ID
+ * - GET /proof/verify/:id - Verify a single proof event
+ * - GET /proof/chain/:correlationId - Get event trace by correlation ID
+ * - POST /proof/chain/verify - Verify chain integrity
+ *
+ * @packageDocumentation
+ */
+import { z } from 'zod';
+import { ProofEventType } from '@vorionsys/contracts';
+/**
+ * Zod schema for proof event submission
+ */
+const submitProofSchema = z.object({
+    eventType: z.nativeEnum(ProofEventType),
+    correlationId: z.string().uuid(),
+    agentId: z.string().uuid().optional(),
+    payload: z.record(z.unknown()),
+});
+/**
+ * Zod schema for event ID parameter
+ */
+const eventIdParamsSchema = z.object({
+    id: z.string().uuid(),
+});
+/**
+ * Zod schema for correlation ID parameter
+ */
+const correlationIdParamsSchema = z.object({
+    correlationId: z.string().uuid(),
+});
+/**
+ * Zod schema for chain verification request
+ */
+const verifyChainBodySchema = z.object({
+    fromEventId: z.string().uuid().optional(),
+    limit: z.number().int().min(1).max(10000).optional(),
+});
+/**
+ * Zod schema for query options
+ */
+const queryOptionsSchema = z.object({
+    limit: z.coerce.number().int().min(1).max(1000).optional(),
+    offset: z.coerce.number().int().min(0).optional(),
+});
+/**
+ * Create success response
+ */
+function success(data, requestId) {
+    return {
+        data,
+        meta: {
+            requestId,
+            timestamp: new Date().toISOString(),
+        },
+    };
+}
+/**
+ * Create error response
+ */
+function error(code, message, details) {
+    return {
+        error: {
+            code,
+            message,
+            details,
+        },
+    };
+}
+/**
+ * Define all proof API routes
+ */
+export function createProofRoutes(proofPlane) {
+    return [
+        // POST /proof - Submit a new proof event
+        {
+            method: 'POST',
+            path: '/proof',
+            schema: { body: submitProofSchema },
+            handler: async (ctx) => {
+                const body = submitProofSchema.parse(ctx.request.body ?? {});
+                try {
+                    const result = await proofPlane.logEvent(body.eventType, body.correlationId, body.payload, body.agentId);
+                    ctx.reply.status(201).send(success({
+                        eventId: result.event.eventId,
+                        eventType: result.event.eventType,
+                        correlationId: result.event.correlationId,
+                        eventHash: result.event.eventHash,
+                        previousHash: result.event.previousHash,
+                        occurredAt: result.event.occurredAt,
+                        recordedAt: result.event.recordedAt,
+                    }, ctx.request.id));
+                }
+                catch (err) {
+                    ctx.reply.status(500).send(error('EMIT_FAILED', 'Failed to emit proof event', {
+                        message: err instanceof Error ? err.message : String(err),
+                    }));
+                }
+            },
+        },
+        // GET /proof/:id - Get proof event by ID
+        {
+            method: 'GET',
+            path: '/proof/:id',
+            schema: { params: eventIdParamsSchema },
+            handler: async (ctx) => {
+                const params = eventIdParamsSchema.parse(ctx.request.params ?? {});
+                const event = await proofPlane.getEvent(params.id);
+                if (!event) {
+                    ctx.reply.status(404).send(error('EVENT_NOT_FOUND', `Proof event ${params.id} not found`));
+                    return;
+                }
+                ctx.reply.status(200).send(success(event, ctx.request.id));
+            },
+        },
+        // GET /proof/verify/:id - Verify a single proof event
+        {
+            method: 'GET',
+            path: '/proof/verify/:id',
+            schema: { params: eventIdParamsSchema },
+            handler: async (ctx) => {
+                const params = eventIdParamsSchema.parse(ctx.request.params ?? {});
+                const event = await proofPlane.getEvent(params.id);
+                if (!event) {
+                    ctx.reply.status(404).send(error('EVENT_NOT_FOUND', `Proof event ${params.id} not found`));
+                    return;
+                }
+                // Verify hash integrity
+                const { computeEventHash } = await import('../events/hash-chain.js');
+                const computedHash = await computeEventHash(event);
+                const hashValid = computedHash === event.eventHash;
+                // Verify signature if present
+                let signatureResult = null;
+                if (event.signature && proofPlane.isSignatureVerificationEnabled()) {
+                    signatureResult = await proofPlane.verifyEventSignature(event);
+                }
+                ctx.reply.status(200).send(success({
+                    eventId: event.eventId,
+                    verification: {
+                        hashValid,
+                        computedHash,
+                        storedHash: event.eventHash,
+                        signatureValid: signatureResult?.valid ?? null,
+                        signatureError: signatureResult?.error,
+                        signer: signatureResult?.signer,
+                        verifiedAt: new Date().toISOString(),
+                    },
+                }, ctx.request.id));
+            },
+        },
+        // GET /proof/chain/:correlationId - Get event trace by correlation ID
+        {
+            method: 'GET',
+            path: '/proof/chain/:correlationId',
+            schema: {
+                params: correlationIdParamsSchema,
+                query: queryOptionsSchema,
+            },
+            handler: async (ctx) => {
+                const params = correlationIdParamsSchema.parse(ctx.request.params ?? {});
+                const query = queryOptionsSchema.parse(ctx.request.query ?? {});
+                const events = await proofPlane.getTrace(params.correlationId);
+                if (events.length === 0) {
+                    ctx.reply.status(404).send(error('TRACE_NOT_FOUND', `No events found for correlation ${params.correlationId}`));
+                    return;
+                }
+                // Apply pagination
+                const offset = query.offset ?? 0;
+                const limit = query.limit ?? 100;
+                const paginatedEvents = events.slice(offset, offset + limit);
+                ctx.reply.status(200).send(success({
+                    correlationId: params.correlationId,
+                    events: paginatedEvents,
+                    total: events.length,
+                    pagination: {
+                        offset,
+                        limit,
+                        hasMore: offset + limit < events.length,
+                    },
+                }, ctx.request.id));
+            },
+        },
+        // POST /proof/chain/verify - Verify chain integrity
+        {
+            method: 'POST',
+            path: '/proof/chain/verify',
+            schema: { body: verifyChainBodySchema },
+            handler: async (ctx) => {
+                const body = verifyChainBodySchema.parse(ctx.request.body ?? {});
+                const chainResult = await proofPlane.verifyChain(body.fromEventId, body.limit);
+                // Optionally verify signatures
+                let signaturesResult = null;
+                if (proofPlane.isSignatureVerificationEnabled()) {
+                    const fullResult = await proofPlane.verifyChainAndSignatures(body.fromEventId, body.limit);
+                    signaturesResult = fullResult.signatures;
+                }
+                ctx.reply.status(200).send(success({
+                    chain: {
+                        valid: chainResult.valid,
+                        verifiedCount: chainResult.verifiedCount,
+                        totalEvents: chainResult.totalEvents,
+                        firstEventId: chainResult.firstEventId,
+                        lastEventId: chainResult.lastEventId,
+                        brokenAtEventId: chainResult.brokenAtEventId,
+                        brokenAtIndex: chainResult.brokenAtIndex,
+                        error: chainResult.error,
+                    },
+                    signatures: signaturesResult
+                        ? {
+                            totalEvents: signaturesResult.totalEvents,
+                            validCount: signaturesResult.validCount,
+                            invalidCount: signaturesResult.invalidCount,
+                            unsignedCount: signaturesResult.unsignedCount,
+                            success: signaturesResult.success,
+                        }
+                        : null,
+                    fullyVerified: chainResult.valid && (signaturesResult?.success ?? true),
+                    verifiedAt: new Date().toISOString(),
+                }, ctx.request.id));
+            },
+        },
+        // GET /proof/stats - Get event statistics
+        {
+            method: 'GET',
+            path: '/proof/stats',
+            handler: async (ctx) => {
+                const stats = await proofPlane.getStats();
+                ctx.reply.status(200).send(success({
+                    totalEvents: stats.totalEvents,
+                    eventsByType: stats.byType,
+                    eventsByAgent: stats.byAgent,
+                    oldestEvent: stats.oldestEvent,
+                    newestEvent: stats.newestEvent,
+                    shadowModeStats: stats.byShadowMode,
+                }, ctx.request.id));
+            },
+        },
+        // GET /proof/latest - Get most recent event
+        {
+            method: 'GET',
+            path: '/proof/latest',
+            handler: async (ctx) => {
+                const event = await proofPlane.getLatestEvent();
+                if (!event) {
+                    ctx.reply.status(404).send(error('NO_EVENTS', 'No proof events recorded yet'));
+                    return;
+                }
+                ctx.reply.status(200).send(success(event, ctx.request.id));
+            },
+        },
+    ];
+}
+/**
+ * Fastify plugin registration helper
+ *
+ * Usage with Fastify:
+ * ```typescript
+ * import Fastify from 'fastify';
+ * import { createProofPlane } from '@vorionsys/proof-plane';
+ * import { registerProofRoutes } from '@vorionsys/proof-plane/api';
+ *
+ * const app = Fastify();
+ * const proofPlane = createProofPlane({ signedBy: 'my-service' });
+ *
+ * await app.register(async (instance) => {
+ *   registerProofRoutes(instance, proofPlane);
+ * }, { prefix: '/v1' });
+ * ```
+ */
+export function registerProofRoutes(fastify, proofPlane) {
+    const routes = createProofRoutes(proofPlane);
+    for (const route of routes) {
+        const handler = async (request, reply) => {
+            const ctx = {
+                request: {
+                    params: request.params,
+                    query: request.query,
+                    body: request.body,
+                    id: request.id,
+                },
+                reply: {
+                    status(code) {
+                        reply.status(code);
+                        return this;
+                    },
+                    send(data) {
+                        reply.send(data);
+                    },
+                },
+            };
+            try {
+                await route.handler(ctx, proofPlane);
+            }
+            catch (err) {
+                if (err instanceof z.ZodError) {
+                    reply.status(400).send(error('VALIDATION_ERROR', 'Request validation failed', err.errors));
+                    return;
+                }
+                throw err;
+            }
+        };
+        if (route.method === 'GET') {
+            fastify.get(route.path, handler);
+        }
+        else if (route.method === 'POST') {
+            fastify.post(route.path, handler);
+        }
+    }
+}
+/**
+ * Express middleware adapter
+ *
+ * Usage with Express:
+ * ```typescript
+ * import express from 'express';
+ * import { createProofPlane } from '@vorionsys/proof-plane';
+ * import { createProofExpressRouter } from '@vorionsys/proof-plane/api';
+ *
+ * const app = express();
+ * const proofPlane = createProofPlane({ signedBy: 'my-service' });
+ *
+ * app.use('/v1', createProofExpressRouter(proofPlane));
+ * ```
+ */
+export function createProofExpressRouter(proofPlane) {
+    const routes = createProofRoutes(proofPlane);
+    const handler = async (req, res, next) => {
+        const matchedRoute = routes.find((r) => r.method === req.method &&
+            matchPath(r.path, req.path));
+        if (!matchedRoute) {
+            next();
+            return;
+        }
+        const ctx = {
+            request: {
+                params: extractParams(matchedRoute.path, req.path),
+                query: req.query,
+                body: req.body,
+                id: req.headers['x-request-id'],
+            },
+            reply: {
+                status(code) {
+                    res.status(code);
+                    return this;
+                },
+                send(data) {
+                    res.json(data);
+                },
+            },
+        };
+        try {
+            await matchedRoute.handler(ctx, proofPlane);
+        }
+        catch (err) {
+            if (err instanceof z.ZodError) {
+                res.status(400).json(error('VALIDATION_ERROR', 'Request validation failed', err.errors));
+                return;
+            }
+            next(err);
+        }
+    };
+    return { routes, handler };
+}
+/**
+ * Simple path matching for Express adapter
+ */
+function matchPath(pattern, path) {
+    const patternParts = pattern.split('/');
+    const pathParts = path.split('/');
+    if (patternParts.length !== pathParts.length) {
+        return false;
+    }
+    return patternParts.every((part, i) => {
+        if (part.startsWith(':')) {
+            return true; // Parameter matches anything
+        }
+        return part === pathParts[i];
+    });
+}
+/**
+ * Extract parameters from path
+ */
+function extractParams(pattern, path) {
+    const params = {};
+    const patternParts = pattern.split('/');
+    const pathParts = path.split('/');
+    patternParts.forEach((part, i) => {
+        if (part.startsWith(':')) {
+            const paramName = part.slice(1);
+            params[paramName] = pathParts[i];
+        }
+    });
+    return params;
+}
+//# sourceMappingURL=routes.js.map