@voyant-travel/hono 0.109.1

package/dist/composition.js

@@ -0,0 +1,46 @@
+function normalizeEntry(entry) {
+    if (typeof entry === "string")
+        return { resolve: entry, options: {} };
+    return { resolve: entry.resolve, options: entry.options ?? {} };
+}
+/**
+ * Derive the `createApp({ modules, extensions })` arrays from a manifest by
+ * looking each entry up in the registry, **preserving manifest order** (mount
+ * + hook-registration order is significant). Throws if the manifest lists an
+ * entry the registry has no factory for — so "added to the manifest but not
+ * wired" fails loudly at boot rather than silently dropping a module.
+ */
+export function composeFromManifest(manifest, registry, capabilities) {
+    const modules = (manifest.modules ?? []).flatMap((entry) => {
+        const { resolve, options } = normalizeEntry(entry);
+        const factory = registry.modules[resolve];
+        if (!factory) {
+            throw new Error(`composeFromManifest: no module factory registered for "${resolve}". ` +
+                "Add it to the composition registry, or remove it from voyant.config modules.");
+        }
+        return factory({ capabilities, options });
+    });
+    const extensions = (manifest.extensions ?? []).map((entry) => {
+        const { resolve, options } = normalizeEntry(entry);
+        const factory = registry.extensions?.[resolve];
+        if (!factory) {
+            throw new Error(`composeFromManifest: no extension factory registered for "${resolve}". ` +
+                "Add it to the composition registry, or remove it from voyant.config extensions.");
+        }
+        return factory({ capabilities, options });
+    });
+    return { modules, extensions };
+}
+/**
+ * Pure parity check between a manifest's entries and a registry's keys, for
+ * tooling (`voyant db doctor`). Reports manifest entries with no factory and
+ * factories the manifest never references.
+ */
+export function diffManifestRegistry(manifestEntries, registryKeys) {
+    const manifest = new Set(manifestEntries.map((e) => normalizeEntry(e).resolve));
+    const registry = new Set(registryKeys);
+    return {
+        missingFactories: [...manifest].filter((name) => !registry.has(name)).sort(),
+        orphanFactories: [...registry].filter((name) => !manifest.has(name)).sort(),
+    };
+}

package/dist/document-download.d.ts

@@ -0,0 +1,30 @@
+export interface DocumentDownloadEnvelope {
+    url: string;
+    expiresAt: string | null;
+    filename: string | null;
+}
+export type DocumentDownloadResolution = {
+    status: "ready";
+    download: DocumentDownloadEnvelope;
+} | {
+    status: "resolver_not_configured";
+} | {
+    status: "not_available";
+};
+export type DocumentDownloadResolverResult = string | {
+    url: string;
+    expiresAt?: string | null;
+    filename?: string | null;
+} | null | undefined;
+export type DocumentDownloadResolver<TBindings = unknown> = (bindings: TBindings, storageKey: string) => Promise<DocumentDownloadResolverResult> | DocumentDownloadResolverResult;
+export interface StoredDocumentReference {
+    storageKey?: string | null;
+    metadata?: unknown;
+    filename?: string | null;
+    name?: string | null;
+}
+export declare function resolveStoredDocumentDownload<TBindings = unknown>(reference: StoredDocumentReference, options: {
+    bindings: TBindings;
+    resolveDocumentDownloadUrl?: DocumentDownloadResolver<TBindings>;
+}): Promise<DocumentDownloadResolution>;
+//# sourceMappingURL=document-download.d.ts.map

package/dist/document-download.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"document-download.d.ts","sourceRoot":"","sources":["../src/document-download.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,wBAAwB;IACvC,GAAG,EAAE,MAAM,CAAA;IACX,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;CACxB;AAED,MAAM,MAAM,0BAA0B,GAClC;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,wBAAwB,CAAA;CAAE,GACvD;IAAE,MAAM,EAAE,yBAAyB,CAAA;CAAE,GACrC;IAAE,MAAM,EAAE,eAAe,CAAA;CAAE,CAAA;AAE/B,MAAM,MAAM,8BAA8B,GACtC,MAAM,GACN;IACE,GAAG,EAAE,MAAM,CAAA;IACX,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CACzB,GACD,IAAI,GACJ,SAAS,CAAA;AAEb,MAAM,MAAM,wBAAwB,CAAC,SAAS,GAAG,OAAO,IAAI,CAC1D,QAAQ,EAAE,SAAS,EACnB,UAAU,EAAE,MAAM,KACf,OAAO,CAAC,8BAA8B,CAAC,GAAG,8BAA8B,CAAA;AAE7E,MAAM,WAAW,uBAAuB;IACtC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CACrB;AAwGD,wBAAsB,6BAA6B,CAAC,SAAS,GAAG,OAAO,EACrE,SAAS,EAAE,uBAAuB,EAClC,OAAO,EAAE;IACP,QAAQ,EAAE,SAAS,CAAA;IACnB,0BAA0B,CAAC,EAAE,wBAAwB,CAAC,SAAS,CAAC,CAAA;CACjE,GACA,OAAO,CAAC,0BAA0B,CAAC,CA2BrC"}

package/dist/document-download.js

@@ -0,0 +1,102 @@
+function getMetadataRecord(metadata) {
+    if (!metadata || typeof metadata !== "object" || Array.isArray(metadata)) {
+        return null;
+    }
+    return metadata;
+}
+function maybeString(value) {
+    return typeof value === "string" && value.trim().length > 0 ? value.trim() : null;
+}
+function maybeUrl(value) {
+    const candidate = maybeString(value);
+    return candidate && /^https?:\/\//i.test(candidate) ? candidate : null;
+}
+function maybeIsoString(value) {
+    return maybeString(value);
+}
+function filenameFromStorageKey(storageKey) {
+    const normalized = maybeString(storageKey);
+    if (!normalized) {
+        return null;
+    }
+    return normalized.split("/").filter(Boolean).at(-1) ?? null;
+}
+function getReferenceFilename(reference) {
+    const record = getMetadataRecord(reference.metadata);
+    return (maybeString(reference.filename) ??
+        maybeString(reference.name) ??
+        maybeString(record?.filename) ??
+        maybeString(record?.fileName) ??
+        maybeString(record?.name) ??
+        maybeString(record?.originalName) ??
+        filenameFromStorageKey(reference.storageKey));
+}
+function getMetadataExpiresAt(metadata) {
+    const record = getMetadataRecord(metadata);
+    return maybeIsoString(record?.expiresAt) ?? maybeIsoString(record?.expires_at);
+}
+function getFallbackDownload(reference) {
+    const record = getMetadataRecord(reference.metadata);
+    if (!record) {
+        return null;
+    }
+    const url = maybeUrl(record.url) ?? maybeUrl(record.downloadUrl);
+    if (!url) {
+        return null;
+    }
+    return {
+        url,
+        expiresAt: getMetadataExpiresAt(record),
+        filename: getReferenceFilename(reference),
+    };
+}
+function normalizeResolverDownload(value, reference) {
+    if (typeof value === "string") {
+        const url = maybeUrl(value);
+        if (!url) {
+            return null;
+        }
+        return {
+            url,
+            expiresAt: getMetadataExpiresAt(reference.metadata),
+            filename: getReferenceFilename(reference),
+        };
+    }
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        return null;
+    }
+    const url = maybeUrl(value.url);
+    if (!url) {
+        return null;
+    }
+    return {
+        url,
+        expiresAt: value.expiresAt === undefined
+            ? getMetadataExpiresAt(reference.metadata)
+            : maybeIsoString(value.expiresAt),
+        filename: maybeString(value.filename) ?? getReferenceFilename(reference),
+    };
+}
+export async function resolveStoredDocumentDownload(reference, options) {
+    let needsResolver = false;
+    if (reference.storageKey) {
+        if (!options.resolveDocumentDownloadUrl) {
+            needsResolver = true;
+        }
+        else {
+            const resolved = await options.resolveDocumentDownloadUrl(options.bindings, reference.storageKey);
+            const download = normalizeResolverDownload(resolved, reference);
+            if (download) {
+                return { status: "ready", download };
+            }
+        }
+    }
+    const fallback = getFallbackDownload(reference);
+    if (fallback) {
+        return { status: "ready", download: fallback };
+    }
+    if (needsResolver) {
+        return { status: "resolver_not_configured" };
+    }
+    return { status: "not_available" };
+}

package/dist/index.d.ts

@@ -0,0 +1,17 @@
+export type { VoyantPermission } from "@voyant-travel/core";
+export { createApp } from "./app.js";
+export type { SessionAuthContext } from "./auth/index.js";
+export { constantTimeEqual, extractBearerToken, generateNumericCode, randomBytesHex, requireUserId, sha256Base64Url, sha256Hex, unsignCookie, verifySession, } from "./auth/index.js";
+export type { DocumentDownloadEnvelope, DocumentDownloadResolution, DocumentDownloadResolver, DocumentDownloadResolverResult, StoredDocumentReference, } from "./document-download.js";
+export { resolveStoredDocumentDownload } from "./document-download.js";
+export { createPathDbSelector, type PathDbSelectorOptions } from "./lib/db-selector.js";
+export { clientIpKey, consoleLoggerProvider, cors, DEFAULT_IDEMPOTENCY_TTL_MS, db, enforceRateLimit, errorBoundary, handleApiError, type IdempotencyKeyOptions, idempotencyKey, LIVE_LIMITS, logger, purgeExpiredIdempotencyKeys, rateLimit, requestId, requireActor, requireAuth, requirePermission, } from "./middleware/index.js";
+export type { HonoExtension, HonoModule } from "./module.js";
+export type { ExpandedHonoBundles, ExpandedHonoPlugins, HonoBundle, HonoPlugin, } from "./plugin.js";
+export { defineHonoBundle, defineHonoPlugin, expandHonoBundles, expandHonoPlugins, } from "./plugin.js";
+export type { CreatePublicCapabilityOptions, PublicCapabilityCookieOptions, PublicCapabilityPayload, VerifyPublicCapabilityOptions, } from "./public-capability.js";
+export { createPublicCapabilityToken, extractPublicCapabilityToken, serializePublicCapabilityCookie, verifyPublicCapabilityToken, } from "./public-capability.js";
+export { type CreatePublicDocumentDeliveryInput, createDrizzlePublicDocumentDeliveryGrantStore, createPublicDocumentDeliveryGrant, createPublicDocumentDeliveryHonoModule, createPublicDocumentDeliveryRoutes, type PublicDocumentDeliveryAccessContext, type PublicDocumentDeliveryEnvelope, type PublicDocumentDeliveryGrant, type PublicDocumentDeliveryGrantStore, type PublicDocumentDeliveryResolution, type PublicDocumentDeliveryRouteOptions, type PublicDocumentDeliverySource, type RevokePublicDocumentDeliveryGrantInput, resolvePublicDocumentDeliveryGrant, revokePublicDocumentDeliveryGrant, } from "./public-document-delivery.js";
+export type { DbFactory, DbFactorySelector, DbSource, DbSurfaceSelection, LogEntry, LoggerProvider, VoyantAppConfig, VoyantAuthIntegration, VoyantAuthPermissionArgs, VoyantAuthResolveArgs, VoyantBindings, VoyantDb, VoyantExecutionContext, VoyantQueryRuntime, VoyantRequestAuthContext, VoyantVariables, } from "./types.js";
+export { ApiHttpError, ForbiddenApiError, normalizeValidationError, parseJsonBody, parseOptionalJsonBody, parseQuery, RequestValidationError, UnauthorizedApiError, } from "./validation.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAC3D,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AACpC,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AACzD,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,EACd,aAAa,EACb,eAAe,EACf,SAAS,EACT,YAAY,EACZ,aAAa,GACd,MAAM,iBAAiB,CAAA;AACxB,YAAY,EACV,wBAAwB,EACxB,0BAA0B,EAC1B,wBAAwB,EACxB,8BAA8B,EAC9B,uBAAuB,GACxB,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EAAE,6BAA6B,EAAE,MAAM,wBAAwB,CAAA;AACtE,OAAO,EAAE,oBAAoB,EAAE,KAAK,qBAAqB,EAAE,MAAM,sBAAsB,CAAA;AACvF,OAAO,EACL,WAAW,EACX,qBAAqB,EACrB,IAAI,EACJ,0BAA0B,EAC1B,EAAE,EACF,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,KAAK,qBAAqB,EAC1B,cAAc,EACd,WAAW,EACX,MAAM,EACN,2BAA2B,EAC3B,SAAS,EACT,SAAS,EACT,YAAY,EACZ,WAAW,EACX,iBAAiB,GAClB,MAAM,uBAAuB,CAAA;AAC9B,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAC5D,YAAY,EACV,mBAAmB,EACnB,mBAAmB,EACnB,UAAU,EACV,UAAU,GACX,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAA;AACpB,YAAY,EACV,6BAA6B,EAC7B,6BAA6B,EAC7B,uBAAuB,EACvB,6BAA6B,GAC9B,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAC5B,+BAA+B,EAC/B,2BAA2B,GAC5B,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EACL,KAAK,iCAAiC,EACtC,6CAA6C,EAC7C,iCAAiC,EACjC,sCAAsC,EACtC,kCAAkC,EAClC,KAAK,mCAAmC,EACxC,KAAK,8BAA8B,EACnC,KAAK,2BAA2B,EAChC,KAAK,gCAAgC,EACrC,KAAK,gCAAgC,EACrC,KAAK,kCAAkC,EACvC,KAAK,4BAA4B,EACjC,KAAK,sCAAsC,EAC3C,kCAAkC,EAClC,iCAAiC,GAClC,MAAM,+BAA+B,CAAA;AACtC,YAAY,EACV,SAAS,EACT,iBAAiB,EACjB,QAAQ,EACR,kBAAkB,EAClB,QAAQ,EACR,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,wBAAwB,EACxB,qBAAqB,EACrB,cAAc,EACd,QAAQ,EACR,sBAAsB,EACtB,kBAAkB,EAClB,wBAAwB,EACxB,eAAe,GAChB,MAAM,YAAY,CAAA;AACnB,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,wBAAwB,EACxB,aAAa,EACb,qBAAqB,EACrB,UAAU,EACV,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,iBAAiB,CAAA"}

package/dist/index.js

@@ -0,0 +1,9 @@
+export { createApp } from "./app.js";
+export { constantTimeEqual, extractBearerToken, generateNumericCode, randomBytesHex, requireUserId, sha256Base64Url, sha256Hex, unsignCookie, verifySession, } from "./auth/index.js";
+export { resolveStoredDocumentDownload } from "./document-download.js";
+export { createPathDbSelector } from "./lib/db-selector.js";
+export { clientIpKey, consoleLoggerProvider, cors, DEFAULT_IDEMPOTENCY_TTL_MS, db, enforceRateLimit, errorBoundary, handleApiError, idempotencyKey, LIVE_LIMITS, logger, purgeExpiredIdempotencyKeys, rateLimit, requestId, requireActor, requireAuth, requirePermission, } from "./middleware/index.js";
+export { defineHonoBundle, defineHonoPlugin, expandHonoBundles, expandHonoPlugins, } from "./plugin.js";
+export { createPublicCapabilityToken, extractPublicCapabilityToken, serializePublicCapabilityCookie, verifyPublicCapabilityToken, } from "./public-capability.js";
+export { createDrizzlePublicDocumentDeliveryGrantStore, createPublicDocumentDeliveryGrant, createPublicDocumentDeliveryHonoModule, createPublicDocumentDeliveryRoutes, resolvePublicDocumentDeliveryGrant, revokePublicDocumentDeliveryGrant, } from "./public-document-delivery.js";
+export { ApiHttpError, ForbiddenApiError, normalizeValidationError, parseJsonBody, parseOptionalJsonBody, parseQuery, RequestValidationError, UnauthorizedApiError, } from "./validation.js";

package/dist/lib/db-selector.d.ts

@@ -0,0 +1,24 @@
+import type { DbFactory, DbFactorySelector, VoyantBindings } from "../types.js";
+export interface PathDbSelectorOptions<TBindings extends VoyantBindings> {
+    /** Serves every request not matched by a transactional prefix. */
+    defaultFactory: DbFactory<TBindings>;
+    /** Serves requests under the transactional prefixes. */
+    transactionalFactory: DbFactory<TBindings>;
+    /**
+     * Path prefixes (mount paths, no trailing slash) whose requests must
+     * receive the transactional client. Matching is exact-or-segment:
+     * `/v1/bookings` matches `/v1/bookings` and `/v1/bookings/x`, never
+     * `/v1/bookings-export`.
+     */
+    transactionalPrefixes: readonly string[];
+}
+/**
+ * Path-based {@link DbFactorySelector}: route surfaces that run
+ * interactive transactions get the (expensive, WebSocket-backed)
+ * transactional factory; everything else gets the cheap default —
+ * typically neon-http, which costs no connection handshake. Returns
+ * stable factory references so per-request client sharing
+ * (`acquireRequestDb`) works across middlewares.
+ */
+export declare function createPathDbSelector<TBindings extends VoyantBindings>(options: PathDbSelectorOptions<TBindings>): DbFactorySelector<TBindings>;
+//# sourceMappingURL=db-selector.d.ts.map

package/dist/lib/db-selector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"db-selector.d.ts","sourceRoot":"","sources":["../../src/lib/db-selector.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAE/E,MAAM,WAAW,qBAAqB,CAAC,SAAS,SAAS,cAAc;IACrE,kEAAkE;IAClE,cAAc,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IACpC,wDAAwD;IACxD,oBAAoB,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IAC1C;;;;;OAKG;IACH,qBAAqB,EAAE,SAAS,MAAM,EAAE,CAAA;CACzC;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAAC,SAAS,SAAS,cAAc,EACnE,OAAO,EAAE,qBAAqB,CAAC,SAAS,CAAC,GACxC,iBAAiB,CAAC,SAAS,CAAC,CAkB9B"}

package/dist/lib/db-selector.js

@@ -0,0 +1,28 @@
+/**
+ * Path-based {@link DbFactorySelector}: route surfaces that run
+ * interactive transactions get the (expensive, WebSocket-backed)
+ * transactional factory; everything else gets the cheap default —
+ * typically neon-http, which costs no connection handshake. Returns
+ * stable factory references so per-request client sharing
+ * (`acquireRequestDb`) works across middlewares.
+ */
+export function createPathDbSelector(options) {
+    const prefixes = [...new Set(options.transactionalPrefixes)];
+    const transactional = {
+        factory: options.transactionalFactory,
+        mustSupportTransactions: true,
+    };
+    const standard = {
+        factory: options.defaultFactory,
+        mustSupportTransactions: false,
+    };
+    return {
+        select(path) {
+            for (const prefix of prefixes) {
+                if (path === prefix || path.startsWith(`${prefix}/`))
+                    return transactional;
+            }
+            return standard;
+        },
+    };
+}

package/dist/lib/execution-ctx.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Structural shape of the Cloudflare Workers `ExecutionContext`. Defined
+ * locally so `@voyant-travel/hono` doesn't need `@cloudflare/workers-types` —
+ * consumers on Node, Vercel, or any other runtime can use these helpers.
+ */
+export interface ExecutionContextLike {
+    waitUntil(promise: Promise<unknown>): void;
+}
+/**
+ * Hono throws on `executionCtx` access when the adapter provides none
+ * (Node tests, some serverless adapters) — normalize to undefined.
+ */
+export declare function tryGetExecutionCtx(c: {
+    executionCtx?: unknown;
+}): ExecutionContextLike | undefined;
+//# sourceMappingURL=execution-ctx.d.ts.map

package/dist/lib/execution-ctx.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"execution-ctx.d.ts","sourceRoot":"","sources":["../../src/lib/execution-ctx.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,CAAA;CAC3C;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,EAAE;IACpC,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB,GAAG,oBAAoB,GAAG,SAAS,CAUnC"}

package/dist/lib/execution-ctx.js

@@ -0,0 +1,16 @@
+/**
+ * Hono throws on `executionCtx` access when the adapter provides none
+ * (Node tests, some serverless adapters) — normalize to undefined.
+ */
+export function tryGetExecutionCtx(c) {
+    try {
+        const ctx = c.executionCtx;
+        if (ctx && typeof ctx.waitUntil === "function") {
+            return ctx;
+        }
+    }
+    catch {
+        // no ExecutionContext on this runtime
+    }
+    return undefined;
+}

package/dist/lib/public-paths.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Shared `publicPaths` matching semantics.
+ *
+ * `requireAuth`, the legacy-surface guard, and the default rate-limit
+ * policies in `createApp` all need to answer "is this pathname covered
+ * by `config.publicPaths`?" with identical prefix-match semantics — a
+ * drifted copy of this check is an auth bypass (or a gap), so the
+ * matcher lives here and everyone imports it.
+ */
+/** Strip a single trailing slash so `/v1/x/` and `/v1/x` match alike. */
+export declare function normalizePathname(pathname: string): string;
+/**
+ * Whether `pathname` (pre-normalized via {@link normalizePathname}) is an
+ * exact match or a path-segment-prefixed match of any configured public
+ * path. `"/v1/public/checkout"` covers `/v1/public/checkout` and
+ * `/v1/public/checkout/anything`, but NOT `/v1/public/checkouts`.
+ */
+export declare function matchesPublicPath(pathname: string, publicPaths: readonly string[]): boolean;
+//# sourceMappingURL=public-paths.d.ts.map

package/dist/lib/public-paths.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"public-paths.d.ts","sourceRoot":"","sources":["../../src/lib/public-paths.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,yEAAyE;AACzE,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAE1D;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO,CAO3F"}

package/dist/lib/public-paths.js

@@ -0,0 +1,27 @@
+/**
+ * Shared `publicPaths` matching semantics.
+ *
+ * `requireAuth`, the legacy-surface guard, and the default rate-limit
+ * policies in `createApp` all need to answer "is this pathname covered
+ * by `config.publicPaths`?" with identical prefix-match semantics — a
+ * drifted copy of this check is an auth bypass (or a gap), so the
+ * matcher lives here and everyone imports it.
+ */
+/** Strip a single trailing slash so `/v1/x/` and `/v1/x` match alike. */
+export function normalizePathname(pathname) {
+    return pathname.replace(/\/$/, "");
+}
+/**
+ * Whether `pathname` (pre-normalized via {@link normalizePathname}) is an
+ * exact match or a path-segment-prefixed match of any configured public
+ * path. `"/v1/public/checkout"` covers `/v1/public/checkout` and
+ * `/v1/public/checkout/anything`, but NOT `/v1/public/checkouts`.
+ */
+export function matchesPublicPath(pathname, publicPaths) {
+    for (const publicPath of publicPaths) {
+        if (pathname === publicPath || pathname.startsWith(`${publicPath}/`)) {
+            return true;
+        }
+    }
+    return false;
+}

package/dist/lib/request-event-bus.d.ts

@@ -0,0 +1,21 @@
+import type { EventBus, OutboxEventStore } from "@voyant-travel/core";
+/**
+ * Wrap an {@link EventBus} so emits from within a request defer their
+ * (non-`inline`) subscribers past the HTTP response via the request's
+ * `executionCtx.waitUntil`. The response stops paying for subscriber
+ * work — third-party syncs (CMS, e-invoicing), notifications, workflow
+ * ingest — while `inline`-marked subscribers still complete before
+ * `emit()` resolves.
+ *
+ * With a `store` (transactional outbox), emits are also DURABLE: the
+ * envelope is persisted before any handler runs, and failed deliveries
+ * are retried by the drain. If the durable capture itself fails (DB
+ * unreachable), the emit falls back to direct (non-durable) delivery —
+ * losing durability for that one event is strictly better than losing
+ * the event, and an order of magnitude better than failing the request.
+ *
+ * Buses that predate the {@link EmitOptions} parameter simply ignore it
+ * and keep awaiting all handlers — a safe degradation.
+ */
+export declare function requestScopedEventBus(bus: EventBus, schedule: ((pending: Promise<unknown>) => void) | undefined, store?: OutboxEventStore): EventBus;
+//# sourceMappingURL=request-event-bus.d.ts.map

package/dist/lib/request-event-bus.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-event-bus.d.ts","sourceRoot":"","sources":["../../src/lib/request-event-bus.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAe,QAAQ,EAAiB,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAEjG;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,QAAQ,EACb,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC,GAAG,SAAS,EAC3D,KAAK,CAAC,EAAE,gBAAgB,GACvB,QAAQ,CA+BV"}

package/dist/lib/request-event-bus.js

@@ -0,0 +1,43 @@
+/**
+ * Wrap an {@link EventBus} so emits from within a request defer their
+ * (non-`inline`) subscribers past the HTTP response via the request's
+ * `executionCtx.waitUntil`. The response stops paying for subscriber
+ * work — third-party syncs (CMS, e-invoicing), notifications, workflow
+ * ingest — while `inline`-marked subscribers still complete before
+ * `emit()` resolves.
+ *
+ * With a `store` (transactional outbox), emits are also DURABLE: the
+ * envelope is persisted before any handler runs, and failed deliveries
+ * are retried by the drain. If the durable capture itself fails (DB
+ * unreachable), the emit falls back to direct (non-durable) delivery —
+ * losing durability for that one event is strictly better than losing
+ * the event, and an order of magnitude better than failing the request.
+ *
+ * Buses that predate the {@link EmitOptions} parameter simply ignore it
+ * and keep awaiting all handlers — a safe degradation.
+ */
+export function requestScopedEventBus(bus, schedule, store) {
+    // Without a scheduler (Node/headless — no executionCtx), emits await
+    // all handlers inline, exactly like the raw bus; the wrapper then only
+    // exists to thread the outbox store through.
+    const base = schedule ? { schedule } : {};
+    return {
+        async emit(event, data, metadata, options) {
+            if (!store) {
+                return bus.emit(event, data, metadata, { ...base, ...options });
+            }
+            try {
+                return await bus.emit(event, data, metadata, { ...base, store, ...options });
+            }
+            catch (err) {
+                // Only the outbox insert can reject (handler errors are
+                // collected, bookkeeping failures are swallowed inside the bus).
+                console.error(`[events] outbox capture failed for "${event}" — falling back to direct delivery:`, err);
+                return bus.emit(event, data, metadata, { ...base, ...options });
+            }
+        },
+        subscribe(event, handler, options) {
+            return bus.subscribe(event, handler, options);
+        },
+    };
+}

package/dist/middleware/auth.d.ts

@@ -0,0 +1,10 @@
+import type { MiddlewareHandler } from "hono";
+import { type DbSource, type VoyantAuthIntegration, type VoyantBindings, type VoyantVariables } from "../types.js";
+export declare function requireAuth<TBindings extends VoyantBindings>(dbSource: DbSource<TBindings>, opts?: {
+    publicPaths?: string[];
+    auth?: VoyantAuthIntegration<TBindings>;
+}): MiddlewareHandler<{
+    Bindings: TBindings;
+    Variables: VoyantVariables;
+}>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/middleware/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/middleware/auth.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAM7C,OAAO,EACL,KAAK,QAAQ,EAEb,KAAK,qBAAqB,EAC1B,KAAK,cAAc,EACnB,KAAK,eAAe,EACrB,MAAM,aAAa,CAAA;AA2GpB,wBAAgB,WAAW,CAAC,SAAS,SAAS,cAAc,EAC1D,QAAQ,EAAE,QAAQ,CAAC,SAAS,CAAC,EAC7B,IAAI,CAAC,EAAE;IACL,WAAW,CAAC,EAAE,MAAM,EAAE,CAAA;IACtB,IAAI,CAAC,EAAE,qBAAqB,CAAC,SAAS,CAAC,CAAA;CACxC,GACA,iBAAiB,CAAC;IACnB,QAAQ,EAAE,SAAS,CAAA;IACnB,SAAS,EAAE,eAAe,CAAA;CAC3B,CAAC,CAyLD"}