@voyant-travel/hono 0.112.2 → 0.114.0

package/README.md

@@ -9,6 +9,19 @@ helpers, and plugin expansion for mounting Voyant modules behind a Hono app.
 pnpm add @voyant-travel/hono hono
 ```
 
+## Requirements
+
+On **Cloudflare Workers**, enable the `nodejs_compat` (or `nodejs_als`)
+compatibility flag — the request-id correlation context uses
+`AsyncLocalStorage` (`node:async_hooks`) on the always-used request path:
+
+```jsonc
+// wrangler.jsonc
+{ "compatibility_flags": ["nodejs_compat"] }
+```
+
+Voyant starters/templates already set this. **Node** deployments need nothing.
+
 ## Usage
 
 ```typescript

package/dist/app-workflows.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app-workflows.d.ts","sourceRoot":"","sources":["../src/app-workflows.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,aAAa,EACb,qBAAqB,EACrB,MAAM,EACN,eAAe,EACf,kBAAkB,EACnB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAA;AAOrE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AASjD,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC,CAAA;IAC9B,kBAAkB,EAAE,aAAa,CAAC,kBAAkB,CAAC,CAAA;IACrD,gBAAgB,EAAE,aAAa,CAAC,qBAAqB,CAAC,CAAA;IACtD,MAAM,EAAE,cAAc,CAAA;IACtB,WAAW,EAAE,YAAY,GAAG,SAAS,GAAG,aAAa,CAAA;IACrD,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE;QACR,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAA;KACvF,CAAA;CACF;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CAAC,IAAI,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC,CAoDtF;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CAAC,SAAS,EAAE,eAAe,GAAG;IACtE,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,CAAC,CAAA;IAC3B,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAA;CAC3B,CASA;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,cAAc,EAAE,eAAe,CAAC,QAAQ,CAAC,GAAG,SAAS,GACpD,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,KAAK,IAAI,CAclF"}
+{"version":3,"file":"app-workflows.d.ts","sourceRoot":"","sources":["../src/app-workflows.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,aAAa,EACb,qBAAqB,EACrB,MAAM,EACN,eAAe,EACf,kBAAkB,EACnB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAA;AAOrE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AASjD,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC,CAAA;IAC9B,kBAAkB,EAAE,aAAa,CAAC,kBAAkB,CAAC,CAAA;IACrD,gBAAgB,EAAE,aAAa,CAAC,qBAAqB,CAAC,CAAA;IACtD,MAAM,EAAE,cAAc,CAAA;IACtB,WAAW,EAAE,YAAY,GAAG,SAAS,GAAG,aAAa,CAAA;IACrD,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE;QACR,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAA;KACvF,CAAA;CACF;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CAAC,IAAI,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC,CAkDtF;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CAAC,SAAS,EAAE,eAAe,GAAG;IACtE,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,CAAC,CAAA;IAC3B,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAA;CAC3B,CASA;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,cAAc,EAAE,eAAe,CAAC,QAAQ,CAAC,GAAG,SAAS,GACpD,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,KAAK,IAAI,CAclF"}

package/dist/app-workflows.js

@@ -41,18 +41,15 @@ export async function wireWorkflowRuntime(args) {
     for (const eventType of eventTypes) {
         args.eventBus.subscribe(eventType, async (envelope) => {
             const stamped = ensureMetadataEventId(envelope);
-            try {
-                await args.driver.ingestEvent({
-                    environment: args.environment,
-                    envelope: stamped,
-                });
-            }
-            catch (err) {
-                // Subscribers are observers per the EventBus contract - a misbehaving
-                // driver / network glitch must not break the emitter.
-                const message = err instanceof Error ? err.message : String(err);
-                console.error(`[voyant] workflow forwarder for "${eventType}" failed: ${message}`);
-            }
+            // Let ingest failures propagate: the EventBus catches every subscriber
+            // throw (the emitter and sibling handlers stay unaffected per its
+            // fire-and-forget contract) AND routes it through `onSubscriberError`, so
+            // a misbehaving driver / network glitch is both logged and reported via
+            // the framework reporter — instead of being swallowed here (RFC #1553).
+            await args.driver.ingestEvent({
+                environment: args.environment,
+                envelope: stamped,
+            });
         });
     }
 }

package/dist/app.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AA6B3B,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAY,eAAe,EAAE,MAAM,YAAY,CAAA;AA2C5F;;;;;;;;;;GAUG;AACH,MAAM,WAAW,mBAAmB,CAAC,SAAS,GAAG,OAAO;IACtD;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC1C;;;;;;;;OAQG;IACH,QAAQ,EAAE,OAAO,qBAAqB,EAAE,QAAQ,CAAA;CACjD;AAED;;;;;;GAMG;AACH,wBAAgB,QAAQ,CAAC,SAAS,SAAS,cAAc,EACvD,MAAM,EAAE,eAAe,CAAC,SAAS,CAAC,GACjC,IAAI,CAAC;IAAE,QAAQ,EAAE,SAAS,CAAC;IAAC,SAAS,EAAE,eAAe,CAAA;CAAE,CAAC,GAAG,mBAAmB,CAAC,SAAS,CAAC,CA6a5F"}
+{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAgC3B,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAY,eAAe,EAAE,MAAM,YAAY,CAAA;AA2C5F;;;;;;;;;;GAUG;AACH,MAAM,WAAW,mBAAmB,CAAC,SAAS,GAAG,OAAO;IACtD;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC1C;;;;;;;;OAQG;IACH,QAAQ,EAAE,OAAO,qBAAqB,EAAE,QAAQ,CAAA;CACjD;AAED;;;;;;GAMG;AACH,wBAAgB,QAAQ,CAAC,SAAS,SAAS,cAAc,EACvD,MAAM,EAAE,eAAe,CAAC,SAAS,CAAC,GACjC,IAAI,CAAC;IAAE,QAAQ,EAAE,SAAS,CAAC;IAAC,SAAS,EAAE,eAAe,CAAA;CAAE,CAAC,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAqc5F"}

package/dist/app.js

@@ -3,6 +3,7 @@ import { createOutboxEventStore } from "@voyant-travel/db/outbox";
 import { Hono } from "hono";
 import { containerToServiceResolver, makeFrameworkLogger, wireWorkflowRuntime, } from "./app-workflows.js";
 import { mountLazyRoutePaths, mountLazyRoutesAt } from "./lazy-routes.js";
+import { mountAuthForwarding } from "./lib/auth-forward.js";
 import { createPathDbSelector } from "./lib/db-selector.js";
 import { tryGetExecutionCtx } from "./lib/execution-ctx.js";
 import { matchesPublicPath, normalizePathname } from "./lib/public-paths.js";
@@ -18,6 +19,8 @@ import { publicResponseCache } from "./middleware/public-cache.js";
 import { rateLimit, resolveRateLimitStore, } from "./middleware/rate-limit.js";
 import { requireActor } from "./middleware/require-actor.js";
 import { securityHeaders } from "./middleware/security-headers.js";
+import { noopReporter, safeCaptureException } from "./observability/reporter.js";
+import { getRequestId } from "./observability/request-context.js";
 import { expandHonoPlugins } from "./plugin.js";
 function resolveSurfaceMountPath(prefix, path, fallback) {
     const normalized = path?.trim();
@@ -51,12 +54,28 @@ function buildRateLimitPolicy(config, env, bucket, defaults) {
  */
 export function mountApp(config) {
     const app = new Hono();
-    app.onError(handleApiError);
+    // Observability sink (RFC #1553) — resolved once and reused by both the
+    // outer onError and the forwarded auth sub-app catch point below.
+    const reporter = config.reporter ?? noopReporter;
+    const appName = config.appName ?? "voyant";
+    app.onError((err, c) => handleApiError(err, c, { reporter, appName }));
     // Expand plugins into their constituent modules/extensions before mounting
     const expanded = config.plugins ? expandHonoPlugins(config.plugins) : null;
     const allModules = [...(config.modules ?? []), ...(expanded?.modules ?? [])];
     const allExtensions = [...(config.extensions ?? []), ...(expanded?.extensions ?? [])];
-    const eventBus = config.eventBus ?? createEventBus();
+    // When the framework owns the bus, route subscriber-dispatch failures
+    // (including the workflow forwarder) to the reporter — they're otherwise
+    // only console-logged per the fire-and-forget EventBus contract (RFC #1553).
+    // A deployment-supplied bus owns its own error routing.
+    const eventBus = config.eventBus ??
+        createEventBus({
+            onSubscriberError: (event, error) => safeCaptureException(reporter, {
+                requestId: getRequestId() ?? "",
+                app: appName,
+                error,
+                context: { event, surface: "event-bus" },
+            }),
+        });
     const query = typeof config.query === "function"
         ? config.query
         : config.query
@@ -158,6 +177,14 @@ export function mountApp(config) {
                     catch (error) {
                         const message = error instanceof Error ? error.message : String(error);
                         console.error(`[voyant] bootstrap failed for ${label}: ${message}`);
+                        // Bootstrap failures are startup-critical but silent today — surface
+                        // them to the reporter too (RFC #1553). No request context here.
+                        safeCaptureException(reporter, {
+                            requestId: getRequestId() ?? "",
+                            app: appName,
+                            error,
+                            context: { label, surface: "bootstrap" },
+                        });
                     }
                 };
                 for (const plugin of config.plugins ?? []) {
@@ -276,13 +303,11 @@ export function mountApp(config) {
     });
     // Health check (public, no auth)
     app.get("/health", (c) => c.json({ status: "ok" }));
-    // App-owned auth handler (must be before auth middleware — these routes are public)
+    // App-owned auth handler (must be before auth middleware — these routes are
+    // public). Forwarding + observability bridging live in `mountAuthForwarding`.
     const authHandler = config.auth?.handler;
     if (authHandler) {
-        app.all("/auth/*", async (c) => {
-            const authApp = authHandler(c.env);
-            return authApp.fetch(c.req.raw, c.env, c.executionCtx);
-        });
+        mountAuthForwarding(app, authHandler, { reporter, appName });
     }
     // Transactional surface map: a request must be served by a
     // transaction-capable db client when its path belongs to (a) a module

package/dist/index.d.ts

@@ -7,8 +7,10 @@ export type { DocumentDownloadEnvelope, DocumentDownloadResolution, DocumentDown
 export { resolveStoredDocumentDownload } from "./document-download.js";
 export { createLazyRouteHandler, type LazyHonoRoutes, type LazyRoutesLoader, mountLazyRoutePaths, mountLazyRoutesAt, } from "./lazy-routes.js";
 export { createPathDbSelector, type PathDbSelectorOptions } from "./lib/db-selector.js";
-export { clientIpKey, consoleLoggerProvider, cors, DEFAULT_IDEMPOTENCY_TTL_MS, db, enforceRateLimit, errorBoundary, handleApiError, type IdempotencyKeyOptions, idempotencyKey, LIVE_LIMITS, logger, purgeExpiredIdempotencyKeys, rateLimit, requestId, requireActor, requireAuth, requirePermission, } from "./middleware/index.js";
+export { clientIpKey, consoleLoggerProvider, cors, DEFAULT_IDEMPOTENCY_TTL_MS, db, enforceRateLimit, errorBoundary, handleApiError, type IdempotencyKeyOptions, idempotencyKey, isStaffRbacEnforced, LIVE_LIMITS, logger, purgeExpiredIdempotencyKeys, rateLimit, requestId, requireActor, requireAuth, requirePermission, } from "./middleware/index.js";
 export type { HonoExtension, HonoModule } from "./module.js";
+export type { ErrorEvent, Reporter } from "./observability/index.js";
+export { consoleReporter, getRequestId, noopReporter, runWithRequestId, safeCaptureException, } from "./observability/index.js";
 export type { ExpandedHonoBundles, ExpandedHonoPlugins, HonoBundle, HonoPlugin, } from "./plugin.js";
 export { defineHonoBundle, defineHonoPlugin, expandHonoBundles, expandHonoPlugins, } from "./plugin.js";
 export type { CreatePublicCapabilityOptions, PublicCapabilityCookieOptions, PublicCapabilityPayload, VerifyPublicCapabilityOptions, } from "./public-capability.js";

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAC3D,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAA;AACnC,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AACzD,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,EACd,aAAa,EACb,eAAe,EACf,SAAS,EACT,YAAY,EACZ,aAAa,GACd,MAAM,iBAAiB,CAAA;AACxB,OAAO,EAAE,KAAK,eAAe,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AACjE,YAAY,EACV,wBAAwB,EACxB,0BAA0B,EAC1B,wBAAwB,EACxB,8BAA8B,EAC9B,uBAAuB,GACxB,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EAAE,6BAA6B,EAAE,MAAM,wBAAwB,CAAA;AACtE,OAAO,EACL,sBAAsB,EACtB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,oBAAoB,EAAE,KAAK,qBAAqB,EAAE,MAAM,sBAAsB,CAAA;AACvF,OAAO,EACL,WAAW,EACX,qBAAqB,EACrB,IAAI,EACJ,0BAA0B,EAC1B,EAAE,EACF,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,KAAK,qBAAqB,EAC1B,cAAc,EACd,WAAW,EACX,MAAM,EACN,2BAA2B,EAC3B,SAAS,EACT,SAAS,EACT,YAAY,EACZ,WAAW,EACX,iBAAiB,GAClB,MAAM,uBAAuB,CAAA;AAC9B,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAC5D,YAAY,EACV,mBAAmB,EACnB,mBAAmB,EACnB,UAAU,EACV,UAAU,GACX,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAA;AACpB,YAAY,EACV,6BAA6B,EAC7B,6BAA6B,EAC7B,uBAAuB,EACvB,6BAA6B,GAC9B,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAC5B,+BAA+B,EAC/B,2BAA2B,GAC5B,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EACL,KAAK,iCAAiC,EACtC,6CAA6C,EAC7C,iCAAiC,EACjC,sCAAsC,EACtC,kCAAkC,EAClC,KAAK,mCAAmC,EACxC,KAAK,8BAA8B,EACnC,KAAK,2BAA2B,EAChC,KAAK,gCAAgC,EACrC,KAAK,gCAAgC,EACrC,KAAK,kCAAkC,EACvC,KAAK,4BAA4B,EACjC,KAAK,sCAAsC,EAC3C,kCAAkC,EAClC,iCAAiC,GAClC,MAAM,+BAA+B,CAAA;AACtC,YAAY,EACV,SAAS,EACT,iBAAiB,EACjB,QAAQ,EACR,kBAAkB,EAClB,QAAQ,EACR,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,wBAAwB,EACxB,qBAAqB,EACrB,cAAc,EACd,QAAQ,EACR,sBAAsB,EACtB,kBAAkB,EAClB,wBAAwB,EACxB,eAAe,GAChB,MAAM,YAAY,CAAA;AACnB,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,wBAAwB,EACxB,aAAa,EACb,qBAAqB,EACrB,UAAU,EACV,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,iBAAiB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAC3D,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAA;AACnC,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AACzD,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,EACd,aAAa,EACb,eAAe,EACf,SAAS,EACT,YAAY,EACZ,aAAa,GACd,MAAM,iBAAiB,CAAA;AACxB,OAAO,EAAE,KAAK,eAAe,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AACjE,YAAY,EACV,wBAAwB,EACxB,0BAA0B,EAC1B,wBAAwB,EACxB,8BAA8B,EAC9B,uBAAuB,GACxB,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EAAE,6BAA6B,EAAE,MAAM,wBAAwB,CAAA;AACtE,OAAO,EACL,sBAAsB,EACtB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,oBAAoB,EAAE,KAAK,qBAAqB,EAAE,MAAM,sBAAsB,CAAA;AACvF,OAAO,EACL,WAAW,EACX,qBAAqB,EACrB,IAAI,EACJ,0BAA0B,EAC1B,EAAE,EACF,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,KAAK,qBAAqB,EAC1B,cAAc,EACd,mBAAmB,EACnB,WAAW,EACX,MAAM,EACN,2BAA2B,EAC3B,SAAS,EACT,SAAS,EACT,YAAY,EACZ,WAAW,EACX,iBAAiB,GAClB,MAAM,uBAAuB,CAAA;AAC9B,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAC5D,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAA;AACpE,OAAO,EACL,eAAe,EACf,YAAY,EACZ,YAAY,EACZ,gBAAgB,EAChB,oBAAoB,GACrB,MAAM,0BAA0B,CAAA;AACjC,YAAY,EACV,mBAAmB,EACnB,mBAAmB,EACnB,UAAU,EACV,UAAU,GACX,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAA;AACpB,YAAY,EACV,6BAA6B,EAC7B,6BAA6B,EAC7B,uBAAuB,EACvB,6BAA6B,GAC9B,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAC5B,+BAA+B,EAC/B,2BAA2B,GAC5B,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EACL,KAAK,iCAAiC,EACtC,6CAA6C,EAC7C,iCAAiC,EACjC,sCAAsC,EACtC,kCAAkC,EAClC,KAAK,mCAAmC,EACxC,KAAK,8BAA8B,EACnC,KAAK,2BAA2B,EAChC,KAAK,gCAAgC,EACrC,KAAK,gCAAgC,EACrC,KAAK,kCAAkC,EACvC,KAAK,4BAA4B,EACjC,KAAK,sCAAsC,EAC3C,kCAAkC,EAClC,iCAAiC,GAClC,MAAM,+BAA+B,CAAA;AACtC,YAAY,EACV,SAAS,EACT,iBAAiB,EACjB,QAAQ,EACR,kBAAkB,EAClB,QAAQ,EACR,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,wBAAwB,EACxB,qBAAqB,EACrB,cAAc,EACd,QAAQ,EACR,sBAAsB,EACtB,kBAAkB,EAClB,wBAAwB,EACxB,eAAe,GAChB,MAAM,YAAY,CAAA;AACnB,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,wBAAwB,EACxB,aAAa,EACb,qBAAqB,EACrB,UAAU,EACV,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,iBAAiB,CAAA"}

package/dist/index.js

@@ -4,7 +4,8 @@ export { createApp } from "./create-app.js";
 export { resolveStoredDocumentDownload } from "./document-download.js";
 export { createLazyRouteHandler, mountLazyRoutePaths, mountLazyRoutesAt, } from "./lazy-routes.js";
 export { createPathDbSelector } from "./lib/db-selector.js";
-export { clientIpKey, consoleLoggerProvider, cors, DEFAULT_IDEMPOTENCY_TTL_MS, db, enforceRateLimit, errorBoundary, handleApiError, idempotencyKey, LIVE_LIMITS, logger, purgeExpiredIdempotencyKeys, rateLimit, requestId, requireActor, requireAuth, requirePermission, } from "./middleware/index.js";
+export { clientIpKey, consoleLoggerProvider, cors, DEFAULT_IDEMPOTENCY_TTL_MS, db, enforceRateLimit, errorBoundary, handleApiError, idempotencyKey, isStaffRbacEnforced, LIVE_LIMITS, logger, purgeExpiredIdempotencyKeys, rateLimit, requestId, requireActor, requireAuth, requirePermission, } from "./middleware/index.js";
+export { consoleReporter, getRequestId, noopReporter, runWithRequestId, safeCaptureException, } from "./observability/index.js";
 export { defineHonoBundle, defineHonoPlugin, expandHonoBundles, expandHonoPlugins, } from "./plugin.js";
 export { createPublicCapabilityToken, extractPublicCapabilityToken, serializePublicCapabilityCookie, verifyPublicCapabilityToken, } from "./public-capability.js";
 export { createDrizzlePublicDocumentDeliveryGrantStore, createPublicDocumentDeliveryGrant, createPublicDocumentDeliveryHonoModule, createPublicDocumentDeliveryRoutes, resolvePublicDocumentDeliveryGrant, revokePublicDocumentDeliveryGrant, } from "./public-document-delivery.js";

package/dist/lib/auth-forward.d.ts

@@ -0,0 +1,27 @@
+import type { Hono } from "hono";
+import type { Reporter } from "../observability/reporter.js";
+import type { VoyantBindings, VoyantExecutionContext, VoyantVariables } from "../types.js";
+/** Shape of the deployment-supplied auth sub-app (see `VoyantAuthIntegration.handler`). */
+type AuthAppFactory<TBindings> = (env: TBindings) => {
+    fetch: (req: Request, env: TBindings, ctx?: VoyantExecutionContext) => Response | Promise<Response>;
+};
+/**
+ * Mount the app-owned auth handler at `/auth/*`, forwarding requests into the
+ * deployment's auth sub-app. Two observability concerns are handled here so the
+ * sub-app — which renders its own error responses and never reaches the outer
+ * `onError` — stays consistent with the rest of the app (RFC voyant#1553):
+ *
+ * 1. The outer correlation id is injected into the forwarded request, so the
+ *    sub-app reuses it instead of minting a second, uncorrelated id.
+ * 2. A 5xx response from the sub-app is bridged into the reporter with that same
+ *    id, so auth faults aren't an observability blind spot.
+ */
+export declare function mountAuthForwarding<TBindings extends VoyantBindings>(app: Hono<{
+    Bindings: TBindings;
+    Variables: VoyantVariables;
+}>, authHandler: AuthAppFactory<TBindings>, options: {
+    reporter: Reporter;
+    appName: string;
+}): void;
+export {};
+//# sourceMappingURL=auth-forward.d.ts.map

package/dist/lib/auth-forward.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-forward.d.ts","sourceRoot":"","sources":["../../src/lib/auth-forward.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAGhC,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAA;AAC5D,OAAO,KAAK,EAAE,cAAc,EAAE,sBAAsB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAG1F,2FAA2F;AAC3F,KAAK,cAAc,CAAC,SAAS,IAAI,CAAC,GAAG,EAAE,SAAS,KAAK;IACnD,KAAK,EAAE,CACL,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,SAAS,EACd,GAAG,CAAC,EAAE,sBAAsB,KACzB,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;CAClC,CAAA;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CAAC,SAAS,SAAS,cAAc,EAClE,GAAG,EAAE,IAAI,CAAC;IAAE,QAAQ,EAAE,SAAS,CAAC;IAAC,SAAS,EAAE,eAAe,CAAA;CAAE,CAAC,EAC9D,WAAW,EAAE,cAAc,CAAC,SAAS,CAAC,EACtC,OAAO,EAAE;IAAE,QAAQ,EAAE,QAAQ,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAC/C,IAAI,CAkBN"}

package/dist/lib/auth-forward.js

@@ -0,0 +1,33 @@
+import { reportException } from "../middleware/error-boundary.js";
+import { tryGetExecutionCtx } from "./execution-ctx.js";
+/**
+ * Mount the app-owned auth handler at `/auth/*`, forwarding requests into the
+ * deployment's auth sub-app. Two observability concerns are handled here so the
+ * sub-app — which renders its own error responses and never reaches the outer
+ * `onError` — stays consistent with the rest of the app (RFC voyant#1553):
+ *
+ * 1. The outer correlation id is injected into the forwarded request, so the
+ *    sub-app reuses it instead of minting a second, uncorrelated id.
+ * 2. A 5xx response from the sub-app is bridged into the reporter with that same
+ *    id, so auth faults aren't an observability blind spot.
+ */
+export function mountAuthForwarding(app, authHandler, options) {
+    app.all("/auth/*", async (c) => {
+        const authApp = authHandler(c.env);
+        const id = c.get("requestId");
+        const forwardedHeaders = new Headers(c.req.raw.headers);
+        if (id)
+            forwardedHeaders.set("x-request-id", id);
+        const forwarded = new Request(c.req.raw, { headers: forwardedHeaders });
+        const res = await authApp.fetch(forwarded, c.env, tryGetExecutionCtx(c));
+        if (res.status >= 500) {
+            reportException(options.reporter, c, {
+                requestId: id ?? "",
+                app: options.appName,
+                error: new Error(`auth handler returned HTTP ${res.status}`),
+                context: { path: c.req.path, method: c.req.method, status: res.status, surface: "auth" },
+            });
+        }
+        return res;
+    });
+}

package/dist/middleware/error-boundary.d.ts

@@ -1,5 +1,33 @@
 import type { Context, MiddlewareHandler } from "hono";
-export declare const requestId: MiddlewareHandler;
-export declare function handleApiError(err: unknown, c: Context): Response;
+import { type ErrorEvent, type Reporter } from "../observability/reporter.js";
+/**
+ * Mints (or honors a trusted inbound) `x-request-id`, exposes it on the
+ * `X-Request-Id` response header and the `requestId` context variable, and runs
+ * the rest of the request inside the async-context store so `getRequestId()`
+ * works anywhere downstream (RFC #1553, primitive 1).
+ */
+export declare const requestId: MiddlewareHandler<{
+    Variables: {
+        requestId?: string;
+    };
+}>;
+export interface HandleApiErrorOptions {
+    /**
+     * Observability sink for unhandled 5xx exceptions (RFC #1553, primitive 2).
+     * Defaults to {@link noopReporter}.
+     */
+    reporter?: Reporter;
+    /** Logical app name stamped on emitted {@link ErrorEvent}s. Defaults to `"voyant"`. */
+    appName?: string;
+}
+/**
+ * Forwards a normalized {@link ErrorEvent} to the reporter. Best-effort: never
+ * throws, and flushes an async reporter via `waitUntil` so capture doesn't
+ * block the response. Exported so non-`onError` catch points (e.g. the
+ * forwarded auth sub-app, which returns its own Response and never reaches the
+ * outer `onError`) can emit through the same path.
+ */
+export declare function reportException(reporter: Reporter, c: Context, event: ErrorEvent): void;
+export declare function handleApiError(err: unknown, c: Context, options?: HandleApiErrorOptions): Response;
 export declare const errorBoundary: MiddlewareHandler;
 //# sourceMappingURL=error-boundary.d.ts.map

package/dist/middleware/error-boundary.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"error-boundary.d.ts","sourceRoot":"","sources":["../../src/middleware/error-boundary.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAYtD,eAAO,MAAM,SAAS,EAAE,iBAKvB,CAAA;AAeD,wBAAgB,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,GAAG,QAAQ,CA6CjE;AAED,eAAO,MAAM,aAAa,EAAE,iBAM3B,CAAA"}
+{"version":3,"file":"error-boundary.d.ts","sourceRoot":"","sources":["../../src/middleware/error-boundary.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAGtD,OAAO,EACL,KAAK,UAAU,EAEf,KAAK,QAAQ,EAEd,MAAM,8BAA8B,CAAA;AAYrC;;;;;GAKG;AACH,eAAO,MAAM,SAAS,EAAE,iBAAiB,CAAC;IAAE,SAAS,EAAE;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;CAAE,CAS9E,CAAA;AAED,MAAM,WAAW,qBAAqB;IACpC;;;OAGG;IACH,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,uFAAuF;IACvF,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,GAAG,IAAI,CAGvF;AAeD,wBAAgB,cAAc,CAC5B,GAAG,EAAE,OAAO,EACZ,CAAC,EAAE,OAAO,EACV,OAAO,GAAE,qBAA0B,GAClC,QAAQ,CA6DV;AAED,eAAO,MAAM,aAAa,EAAE,iBAM3B,CAAA"}

package/dist/middleware/error-boundary.js

@@ -1,4 +1,7 @@
 import { apiErrorSchema } from "@voyant-travel/types";
+import { tryGetExecutionCtx } from "../lib/execution-ctx.js";
+import { noopReporter, safeCaptureException, } from "../observability/reporter.js";
+import { runWithRequestId } from "../observability/request-context.js";
 import { normalizeValidationError } from "../validation.js";
 function generateRequestId() {
     const bytes = new Uint8Array(16);
@@ -7,12 +10,30 @@ function generateRequestId() {
         .map((b) => b.toString(16).padStart(2, "0"))
         .join("");
 }
+/**
+ * Mints (or honors a trusted inbound) `x-request-id`, exposes it on the
+ * `X-Request-Id` response header and the `requestId` context variable, and runs
+ * the rest of the request inside the async-context store so `getRequestId()`
+ * works anywhere downstream (RFC #1553, primitive 1).
+ */
 export const requestId = async (c, next) => {
     const existing = c.req.header("x-request-id");
     const id = existing?.trim() || generateRequestId();
+    c.set("requestId", id);
     c.res.headers.set("X-Request-Id", id);
-    await next();
+    await runWithRequestId(id, next);
 };
+/**
+ * Forwards a normalized {@link ErrorEvent} to the reporter. Best-effort: never
+ * throws, and flushes an async reporter via `waitUntil` so capture doesn't
+ * block the response. Exported so non-`onError` catch points (e.g. the
+ * forwarded auth sub-app, which returns its own Response and never reaches the
+ * outer `onError`) can emit through the same path.
+ */
+export function reportException(reporter, c, event) {
+    const ctx = tryGetExecutionCtx(c);
+    safeCaptureException(reporter, event, ctx ? (promise) => ctx.waitUntil(promise) : undefined);
+}
 const LOGGED_HEADERS = new Set([
     "accept",
     "cf-connecting-ip",
@@ -25,7 +46,7 @@ const LOGGED_HEADERS = new Set([
     "x-forwarded-for",
     "x-request-id",
 ]);
-export function handleApiError(err, c) {
+export function handleApiError(err, c, options = {}) {
     const id = c.res.headers.get("X-Request-Id") || generateRequestId();
     const apiError = normalizeValidationError(err);
     const errRecord = err instanceof Object ? err : {};
@@ -59,10 +80,24 @@ export function handleApiError(err, c) {
         /* ignore logging errors */
     }
     const statusCode = status >= 100 && status <= 599 ? status : 500;
+    // Emit to the observability sink only for genuine server faults — handled
+    // 4xx (validation/auth) are expected and would be noise (RFC #1553).
+    if (statusCode >= 500) {
+        reportException(options.reporter ?? noopReporter, c, {
+            requestId: id,
+            app: options.appName ?? "voyant",
+            error: err,
+            context: { path: c.req.path, method: c.req.method, status: statusCode, code },
+        });
+    }
     return new Response(JSON.stringify(apiErrorSchema.parse({ error: errorMessage, code, requestId: id, details })), {
         status: statusCode,
         headers: {
             "content-type": "application/json",
+            // Carry the correlation id on the error response too — `onError`
+            // replaces `c.res`, which would otherwise drop the header set by the
+            // `requestId` middleware (RFC #1553).
+            "x-request-id": id,
         },
     });
 }

package/dist/middleware/index.d.ts

@@ -2,13 +2,13 @@ export { requireAuth } from "./auth.js";
 export { DEFAULT_REQUEST_BODY_LIMIT_BYTES, type RequestBodyLimitOptions, requestBodyLimit, } from "./body-size.js";
 export { cors } from "./cors.js";
 export { db } from "./db.js";
-export { errorBoundary, handleApiError, requestId } from "./error-boundary.js";
+export { errorBoundary, type HandleApiErrorOptions, handleApiError, requestId, } from "./error-boundary.js";
 export { DEFAULT_IDEMPOTENCY_TTL_MS, type IdempotencyKeyOptions, idempotencyKey, purgeExpiredIdempotencyKeys, } from "./idempotency-key.js";
 export { consoleLoggerProvider, logger } from "./logger.js";
 export { type AnalyticsEngineDatasetLike, DB_METRICS_CONTEXT_KEY, type MetricsMiddlewareOptions, metrics, type RequestDbMetrics, withQueryCounting, } from "./metrics.js";
 export { type PublicCacheOptions, publicResponseCache, resetPublicCacheStateForTests, } from "./public-cache.js";
 export { type CloudflareRateLimiterBinding, clientIpKey, createCloudflareRateLimitStore, createKvRateLimitStore, createMemoryRateLimitStore, enforceRateLimit, LIVE_LIMITS, type RateLimitConfig, type RateLimitPolicy, type RateLimitRequestContext, type RateLimitResult, type RateLimitRule, type RateLimitStore, rateLimit, resolveRateLimitStore, } from "./rate-limit.js";
-export { requireActor } from "./require-actor.js";
+export { isStaffRbacEnforced, requireActor } from "./require-actor.js";
 export { requirePermission } from "./require-permission.js";
 export { type SecurityHeadersOptions, securityHeaders } from "./security-headers.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/middleware/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAA;AACvC,OAAO,EACL,gCAAgC,EAChC,KAAK,uBAAuB,EAC5B,gBAAgB,GACjB,MAAM,gBAAgB,CAAA;AACvB,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,EAAE,EAAE,MAAM,SAAS,CAAA;AAC5B,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAC9E,OAAO,EACL,0BAA0B,EAC1B,KAAK,qBAAqB,EAC1B,cAAc,EACd,2BAA2B,GAC5B,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAC3D,OAAO,EACL,KAAK,0BAA0B,EAC/B,sBAAsB,EACtB,KAAK,wBAAwB,EAC7B,OAAO,EACP,KAAK,gBAAgB,EACrB,iBAAiB,GAClB,MAAM,cAAc,CAAA;AACrB,OAAO,EACL,KAAK,kBAAkB,EACvB,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EACL,KAAK,4BAA4B,EACjC,WAAW,EACX,8BAA8B,EAC9B,sBAAsB,EACtB,0BAA0B,EAC1B,gBAAgB,EAChB,WAAW,EACX,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,uBAAuB,EAC5B,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,SAAS,EACT,qBAAqB,GACtB,MAAM,iBAAiB,CAAA;AACxB,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAAE,KAAK,sBAAsB,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAA;AACvC,OAAO,EACL,gCAAgC,EAChC,KAAK,uBAAuB,EAC5B,gBAAgB,GACjB,MAAM,gBAAgB,CAAA;AACvB,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,EAAE,EAAE,MAAM,SAAS,CAAA;AAC5B,OAAO,EACL,aAAa,EACb,KAAK,qBAAqB,EAC1B,cAAc,EACd,SAAS,GACV,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EACL,0BAA0B,EAC1B,KAAK,qBAAqB,EAC1B,cAAc,EACd,2BAA2B,GAC5B,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAC3D,OAAO,EACL,KAAK,0BAA0B,EAC/B,sBAAsB,EACtB,KAAK,wBAAwB,EAC7B,OAAO,EACP,KAAK,gBAAgB,EACrB,iBAAiB,GAClB,MAAM,cAAc,CAAA;AACrB,OAAO,EACL,KAAK,kBAAkB,EACvB,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EACL,KAAK,4BAA4B,EACjC,WAAW,EACX,8BAA8B,EAC9B,sBAAsB,EACtB,0BAA0B,EAC1B,gBAAgB,EAChB,WAAW,EACX,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,uBAAuB,EAC5B,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,SAAS,EACT,qBAAqB,GACtB,MAAM,iBAAiB,CAAA;AACxB,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAAE,KAAK,sBAAsB,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA"}

package/dist/middleware/index.js

@@ -2,12 +2,12 @@ export { requireAuth } from "./auth.js";
 export { DEFAULT_REQUEST_BODY_LIMIT_BYTES, requestBodyLimit, } from "./body-size.js";
 export { cors } from "./cors.js";
 export { db } from "./db.js";
-export { errorBoundary, handleApiError, requestId } from "./error-boundary.js";
+export { errorBoundary, handleApiError, requestId, } from "./error-boundary.js";
 export { DEFAULT_IDEMPOTENCY_TTL_MS, idempotencyKey, purgeExpiredIdempotencyKeys, } from "./idempotency-key.js";
 export { consoleLoggerProvider, logger } from "./logger.js";
 export { DB_METRICS_CONTEXT_KEY, metrics, withQueryCounting, } from "./metrics.js";
 export { publicResponseCache, resetPublicCacheStateForTests, } from "./public-cache.js";
 export { clientIpKey, createCloudflareRateLimitStore, createKvRateLimitStore, createMemoryRateLimitStore, enforceRateLimit, LIVE_LIMITS, rateLimit, resolveRateLimitStore, } from "./rate-limit.js";
-export { requireActor } from "./require-actor.js";
+export { isStaffRbacEnforced, requireActor } from "./require-actor.js";
 export { requirePermission } from "./require-permission.js";
 export { securityHeaders } from "./security-headers.js";

package/dist/middleware/logger.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/middleware/logger.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAE7C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAEjD,eAAO,MAAM,qBAAqB,EAAE,cAInC,CAAA;AAUD,wBAAgB,MAAM,CAAC,QAAQ,CAAC,EAAE,cAAc,GAAG,iBAAiB,CAanE"}
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/middleware/logger.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAG7C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAEjD,eAAO,MAAM,qBAAqB,EAAE,cAKnC,CAAA;AAUD,wBAAgB,MAAM,CAAC,QAAQ,CAAC,EAAE,cAAc,GAAG,iBAAiB,CAcnE"}

package/dist/middleware/logger.js

@@ -1,6 +1,8 @@
+import { getRequestId } from "../observability/request-context.js";
 export const consoleLoggerProvider = {
     log(entry) {
-        console.log(`${entry.method} ${entry.path} → ${entry.status} (${entry.durationMs}ms)`);
+        const id = entry.requestId ? ` [${entry.requestId}]` : "";
+        console.log(`${entry.method} ${entry.path} → ${entry.status} (${entry.durationMs}ms)${id}`);
     },
 };
 function logPath(c) {
@@ -22,6 +24,7 @@ export function logger(provider) {
             path: logPath(c),
             status: c.res.status,
             durationMs,
+            requestId: getRequestId() ?? c.get("requestId"),
         });
     };
 }

package/dist/middleware/require-actor.d.ts

@@ -1,6 +1,15 @@
 import type { Actor } from "@voyant-travel/core";
 import type { MiddlewareHandler } from "hono";
 import type { VoyantBindings, VoyantVariables } from "../types.js";
+/**
+ * Staff-session RBAC enforcement (member-rbac-rfc, voyant#2085). Enforced **by
+ * default**: every member's assigned scope set is checked across admin routes.
+ * Full-access members hold `*` and bypass, so they're unaffected. The
+ * `VOYANT_RBAC_ENFORCE` env var is a kill switch — set it to `0`/`false`/`off`
+ * to disable enforcement (e.g. an emergency rollback) without a code change.
+ * API-key scope enforcement is always on (unchanged).
+ */
+export declare function isStaffRbacEnforced(env: unknown): boolean;
 /**
  * Guards a route surface by actor type.
  *

package/dist/middleware/require-actor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"require-actor.d.ts","sourceRoot":"","sources":["../../src/middleware/require-actor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAEhD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAE7C,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAuClE;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,YAAY,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,EAC5E,GAAG,OAAO,EAAE,KAAK,EAAE,GAClB,iBAAiB,CAAC;IACnB,QAAQ,EAAE,SAAS,CAAA;IACnB,SAAS,EAAE,eAAe,CAAA;CAC3B,CAAC,CA6CD"}
+{"version":3,"file":"require-actor.d.ts","sourceRoot":"","sources":["../../src/middleware/require-actor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAEhD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAE7C,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAuClE;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAIzD;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,YAAY,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,EAC5E,GAAG,OAAO,EAAE,KAAK,EAAE,GAClB,iBAAiB,CAAC;IACnB,QAAQ,EAAE,SAAS,CAAA;IACnB,SAAS,EAAE,eAAe,CAAA;CAC3B,CAAC,CA8DD"}

package/dist/middleware/require-actor.js

@@ -31,6 +31,19 @@ function hasAnyApiKeyPermission(scopes, resource, actions) {
     const permissions = permissionStringsToPermissions(scopes);
     return actions.some((action) => hasApiKeyPermission(permissions, resource, action));
 }
+/**
+ * Staff-session RBAC enforcement (member-rbac-rfc, voyant#2085). Enforced **by
+ * default**: every member's assigned scope set is checked across admin routes.
+ * Full-access members hold `*` and bypass, so they're unaffected. The
+ * `VOYANT_RBAC_ENFORCE` env var is a kill switch — set it to `0`/`false`/`off`
+ * to disable enforcement (e.g. an emergency rollback) without a code change.
+ * API-key scope enforcement is always on (unchanged).
+ */
+export function isStaffRbacEnforced(env) {
+    const value = env?.VOYANT_RBAC_ENFORCE;
+    const normalized = value?.trim().toLowerCase();
+    return !(normalized === "0" || normalized === "false" || normalized === "off");
+}
 /**
  * Guards a route surface by actor type.
  *
@@ -84,6 +97,22 @@ export function requireActor(...allowed) {
         if (!allowSet.has(actor)) {
             return c.json({ error: "Forbidden: actor not permitted on this surface" }, 403);
         }
+        // Granular RBAC for staff sessions (member-rbac-rfc, voyant#2085). A member
+        // with an explicit, non-wildcard scope set is gated exactly like an API key:
+        // resource from the path, action from the method. Full-access members hold
+        // `*` (the default for unassigned members), so `hasAnyApiKeyPermission`
+        // passes them — existing deployments are unaffected. Paths with no mapped
+        // resource (e.g. `_meta`) stay open until a module is explicitly covered.
+        if (actor === "staff" && c.get("callerType") === "session" && isStaffRbacEnforced(c.env)) {
+            const scopes = c.get("scopes");
+            const resource = apiKeyResourceFromPath(new URL(c.req.url).pathname);
+            if (resource && resource !== "_meta") {
+                const actions = apiKeyPermissionActionsForMethod(c.req.method);
+                if (!hasAnyApiKeyPermission(scopes, resource, actions)) {
+                    return c.json({ error: "Forbidden: missing required permission" }, 403);
+                }
+            }
+        }
         return next();
     };
 }

package/dist/observability/index.d.ts

@@ -0,0 +1,4 @@
+export type { ErrorEvent, Reporter } from "./reporter.js";
+export { consoleReporter, noopReporter, safeCaptureException } from "./reporter.js";
+export { getRequestId, runWithRequestId } from "./request-context.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/observability/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/observability/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACzD,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAA;AACnF,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA"}

package/dist/observability/index.js

@@ -0,0 +1,2 @@
+export { consoleReporter, noopReporter, safeCaptureException } from "./reporter.js";
+export { getRequestId, runWithRequestId } from "./request-context.js";

package/dist/observability/reporter.d.ts

@@ -0,0 +1,52 @@
+/**
+ * Normalized error event emitted at every framework catch point (RFC #1553,
+ * primitive 2). `requestId` is the same correlation id surfaced to the end user
+ * and set on the `X-Request-Id` response header, so an operator can paste a
+ * user-reported reference straight into their telemetry backend and find the
+ * crash — the gap this RFC was filed to close.
+ */
+export interface ErrorEvent {
+    /** Correlation id minted/propagated by the `requestId` middleware. */
+    requestId: string;
+    /** Logical app/worker name, from `VoyantAppConfig.appName` (default `"voyant"`). */
+    app: string;
+    /** The thrown value. Adapters typically narrow with `instanceof Error`. */
+    error: unknown;
+    /** Request/operation metadata (path, method, status, code, …). */
+    context?: Record<string, unknown>;
+}
+/**
+ * The observability seam. A deployment registers ONE reporter (via
+ * `VoyantAppConfig.reporter`) that forwards normalized {@link ErrorEvent}s to
+ * its backend of choice — Sentry, OpenTelemetry, Datadog, console, or nothing.
+ * The framework owns the catch points and the event shape; the sink is a
+ * deployment decision. Implementations MUST NOT throw and SHOULD return quickly
+ * (returning a promise the runtime flushes via `waitUntil`) — capture is
+ * best-effort and must never mask the original error or block the response.
+ */
+export interface Reporter {
+    captureException(event: ErrorEvent): void | Promise<void>;
+}
+/**
+ * Forward an event to the reporter, defensively. Never throws (a reporter must
+ * not break the caller), and when `captureException` returns a promise, flushes
+ * it via the optional `waitUntil` (so HTTP catch points don't block the
+ * response) or lets it settle detached otherwise. The context-free counterpart
+ * to the HTTP `reportException` helper — used by non-request catch points
+ * (bootstrap, event-bus subscribers, scheduled jobs) where there is no `Context`.
+ */
+export declare function safeCaptureException(reporter: Reporter, event: ErrorEvent, waitUntil?: (promise: Promise<unknown>) => void): void;
+/**
+ * Default reporter: drops every event. Zero vendor coupling out of the box — a
+ * deployment opts in by supplying its own {@link Reporter}. The no-op default
+ * must stay a valid choice (RFC #1553 §5).
+ */
+export declare const noopReporter: Reporter;
+/**
+ * Built-in reporter that writes one structured line per exception to
+ * `console.error` (tagged `[voyant:exception]`). Useful for local dev and for
+ * deployments whose log drain *is* their telemetry backend, without pulling in
+ * a vendor SDK. Never throws.
+ */
+export declare function consoleReporter(sink?: Pick<Console, "error">): Reporter;
+//# sourceMappingURL=reporter.d.ts.map

package/dist/observability/reporter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reporter.d.ts","sourceRoot":"","sources":["../../src/observability/reporter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,WAAW,UAAU;IACzB,sEAAsE;IACtE,SAAS,EAAE,MAAM,CAAA;IACjB,oFAAoF;IACpF,GAAG,EAAE,MAAM,CAAA;IACX,2EAA2E;IAC3E,KAAK,EAAE,OAAO,CAAA;IACd,kEAAkE;IAClE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAClC;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,QAAQ;IACvB,gBAAgB,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CAC1D;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAClC,QAAQ,EAAE,QAAQ,EAClB,KAAK,EAAE,UAAU,EACjB,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,IAAI,GAC9C,IAAI,CAYN;AAED;;;;GAIG;AACH,eAAO,MAAM,YAAY,EAAE,QAI1B,CAAA;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,IAAI,GAAE,IAAI,CAAC,OAAO,EAAE,OAAO,CAAW,GAAG,QAAQ,CAiBhF"}

package/dist/observability/reporter.js

@@ -0,0 +1,59 @@
+/**
+ * Forward an event to the reporter, defensively. Never throws (a reporter must
+ * not break the caller), and when `captureException` returns a promise, flushes
+ * it via the optional `waitUntil` (so HTTP catch points don't block the
+ * response) or lets it settle detached otherwise. The context-free counterpart
+ * to the HTTP `reportException` helper — used by non-request catch points
+ * (bootstrap, event-bus subscribers, scheduled jobs) where there is no `Context`.
+ */
+export function safeCaptureException(reporter, event, waitUntil) {
+    let result;
+    try {
+        result = reporter.captureException(event);
+    }
+    catch {
+        return;
+    }
+    if (result && typeof result.then === "function") {
+        const settled = result.catch(() => { });
+        if (waitUntil)
+            waitUntil(settled);
+        else
+            void settled;
+    }
+}
+/**
+ * Default reporter: drops every event. Zero vendor coupling out of the box — a
+ * deployment opts in by supplying its own {@link Reporter}. The no-op default
+ * must stay a valid choice (RFC #1553 §5).
+ */
+export const noopReporter = {
+    captureException() {
+        // intentionally empty
+    },
+};
+/**
+ * Built-in reporter that writes one structured line per exception to
+ * `console.error` (tagged `[voyant:exception]`). Useful for local dev and for
+ * deployments whose log drain *is* their telemetry backend, without pulling in
+ * a vendor SDK. Never throws.
+ */
+export function consoleReporter(sink = console) {
+    return {
+        captureException(event) {
+            try {
+                const { requestId, app, error, context } = event;
+                sink.error("[voyant:exception]", {
+                    requestId,
+                    app,
+                    error: error instanceof Error ? error.message : String(error),
+                    stack: error instanceof Error ? error.stack : undefined,
+                    ...(context ? { context } : {}),
+                });
+            }
+            catch {
+                // a reporter must never break the response
+            }
+        },
+    };
+}

package/dist/observability/request-context.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Run `fn` (and everything it awaits) with `id` bound as the ambient request
+ * id. Returns whatever `fn` returns — for the middleware, the `next()` promise.
+ */
+export declare function runWithRequestId<T>(id: string, fn: () => T): T;
+/**
+ * Read the ambient request id for the current async context, or `undefined`
+ * when called outside a request (or on a runtime without async_hooks). Access
+ * is defensive: it never throws, so callers can safely fall back to a context
+ * variable or header.
+ */
+export declare function getRequestId(): string | undefined;
+//# sourceMappingURL=request-context.d.ts.map

package/dist/observability/request-context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-context.d.ts","sourceRoot":"","sources":["../../src/observability/request-context.ts"],"names":[],"mappings":"AAgBA;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAE9D;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,IAAI,MAAM,GAAG,SAAS,CAMjD"}

package/dist/observability/request-context.js

@@ -0,0 +1,35 @@
+import { AsyncLocalStorage } from "node:async_hooks";
+/**
+ * Async-context store carrying the per-request correlation id (RFC #1553,
+ * primitive 1). The `requestId` middleware mints/propagates the id and runs the
+ * remainder of the request inside {@link runWithRequestId}, so any code on that
+ * async call stack — services, event subscribers, error reporters — can read it
+ * via {@link getRequestId} without threading it through every signature or
+ * reaching for the Hono `Context`. This is the single correlation key shared by
+ * the `X-Request-Id` response header, app logs, and emitted error events.
+ *
+ * Requires the `nodejs_compat` (or `nodejs_als`) compatibility flag on
+ * Cloudflare Workers; native on Node.
+ */
+const requestIdStore = new AsyncLocalStorage();
+/**
+ * Run `fn` (and everything it awaits) with `id` bound as the ambient request
+ * id. Returns whatever `fn` returns — for the middleware, the `next()` promise.
+ */
+export function runWithRequestId(id, fn) {
+    return requestIdStore.run(id, fn);
+}
+/**
+ * Read the ambient request id for the current async context, or `undefined`
+ * when called outside a request (or on a runtime without async_hooks). Access
+ * is defensive: it never throws, so callers can safely fall back to a context
+ * variable or header.
+ */
+export function getRequestId() {
+    try {
+        return requestIdStore.getStore();
+    }
+    catch {
+        return undefined;
+    }
+}

package/dist/types.d.ts

@@ -7,6 +7,7 @@ import type { NeonDatabase as NeonWsDatabase } from "drizzle-orm/neon-serverless
 import type { PostgresJsDatabase } from "drizzle-orm/postgres-js";
 import type { Hono } from "hono";
 import type { HonoExtension, HonoModule } from "./module.js";
+import type { Reporter } from "./observability/reporter.js";
 import type { HonoBundle } from "./plugin.js";
 export interface VoyantExecutionContext {
     waitUntil?: (promise: Promise<unknown>) => void;
@@ -35,6 +36,12 @@ export interface VoyantBindings {
 export type VoyantDb = PostgresJsDatabase | NeonHttpDatabase | NeonWsDatabase;
 export type VoyantQueryRuntime = QueryRunner;
 export type VoyantVariables = CoreVoyantVariables & {
+    /**
+     * Per-request correlation id (RFC #1553). Set by the `requestId` middleware;
+     * also on the `X-Request-Id` response header and readable from any async
+     * context via `getRequestId()`.
+     */
+    requestId?: string;
     db: VoyantDb;
     /** Shared app/runtime container for explicit service resolution. */
     container: ModuleContainer;
@@ -118,6 +125,8 @@ export interface LogEntry {
     path: string;
     status: number;
     durationMs: number;
+    /** Per-request correlation id (RFC #1553), when available. */
+    requestId?: string;
 }
 export interface LoggerProvider {
     log(entry: LogEntry): void;
@@ -180,6 +189,22 @@ export interface VoyantAppConfig<TBindings extends VoyantBindings = VoyantBindin
     auth?: VoyantAuthIntegration<TBindings>;
     publicPaths?: string[];
     logger?: LoggerProvider;
+    /**
+     * Observability sink for unhandled exceptions at framework catch points
+     * (RFC #1553). Receives a normalized `{ requestId, app, error, context }`
+     * event for every 5xx — the `requestId` matches the one surfaced to the user
+     * on `X-Request-Id`, so a reported reference is findable in the backend.
+     * Defaults to a no-op (zero vendor coupling). Supply a `Reporter` — a
+     * Sentry/OpenTelemetry adapter, or the built-in `consoleReporter` — to wire a
+     * backend. The framework owns the catch points + event shape; the sink is a
+     * deployment choice.
+     */
+    reporter?: Reporter;
+    /**
+     * Logical name for this app/worker, stamped on emitted error events and used
+     * for log correlation. Defaults to `"voyant"`.
+     */
+    appName?: string;
     /**
      * Shared response cache for the public surface (`/v1/public/*` by
      * default). Enabled by default but inert until a route marks its

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,KAAK,EACL,eAAe,IAAI,mBAAmB,EACtC,QAAQ,EACR,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,WAAW,EACX,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAA;AAEhE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAA;AACzD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAA;AACpE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AAC7D,OAAO,KAAK,EAAE,YAAY,IAAI,cAAc,EAAE,MAAM,6BAA6B,CAAA;AACjF,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AACjE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAEhC,OAAO,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAC5D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAE7C,MAAM,WAAW,sBAAsB;IACrC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,IAAI,CAAA;IAC/C,sBAAsB,CAAC,EAAE,MAAM,IAAI,CAAA;CACpC;AAED,MAAM,WAAW,cAAc;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,uBAAuB,CAAC,EAAE,MAAM,CAAA;IAChC,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,YAAY,CAAC,EAAE,OAAO,4BAA4B,EAAE,4BAA4B,CAAA;IAChF;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,yBAAyB,EAAE,0BAA0B,CAAA;CACvE;AAED,MAAM,MAAM,QAAQ,GAAG,kBAAkB,GAAG,gBAAgB,GAAG,cAAc,CAAA;AAC7E,MAAM,MAAM,kBAAkB,GAAG,WAAW,CAAA;AAE5C,MAAM,MAAM,eAAe,GAAG,mBAAmB,GAAG;IAClD,EAAE,EAAE,QAAQ,CAAA;IACZ,oEAAoE;IACpE,SAAS,EAAE,eAAe,CAAA;IAC1B,QAAQ,EAAE,QAAQ,CAAA;IAClB,mEAAmE;IACnE,IAAI,CAAC,EAAE,WAAW,CAAA;IAClB,oEAAoE;IACpE,KAAK,CAAC,EAAE,kBAAkB,CAAA;IAC1B,iFAAiF;IACjF,cAAc,CAAC,EAAE,OAAO,iCAAiC,EAAE,cAAc,CAAA;IACzE,0EAA0E;IAC1E,iBAAiB,CAAC,EAAE,OAAO,yBAAyB,EAAE,gBAAgB,CAAA;CACvE,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,QAAQ,CAAA;IACZ,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;CAC7B;AAED,MAAM,MAAM,SAAS,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,IAAI,CACzE,GAAG,EAAE,SAAS,KACX,QAAQ,GAAG,YAAY,CAAA;AAE5B;;;GAGG;AACH,MAAM,WAAW,kBAAkB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IACnF,OAAO,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IAC7B;;;;;OAKG;IACH,uBAAuB,EAAE,OAAO,CAAA;CACjC;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,iBAAiB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IAClF,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAA;CACpD;AAED,wEAAwE;AACxE,MAAM,MAAM,QAAQ,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,IAClE,SAAS,CAAC,SAAS,CAAC,GACpB,iBAAiB,CAAC,SAAS,CAAC,CAAA;AAEhC,wBAAgB,mBAAmB,CAAC,SAAS,SAAS,cAAc,EAClE,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,GAC1B,MAAM,IAAI,iBAAiB,CAAC,SAAS,CAAC,CAExC;AAED,kEAAkE;AAClE,wBAAgB,eAAe,CAAC,SAAS,SAAS,cAAc,EAC9D,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,EAC3B,IAAI,EAAE,MAAM,GACX,SAAS,CAAC,SAAS,CAAC,CAEtB;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,QAAQ,GAAG,YAAY,GAAG,KAAK,IAAI,YAAY,CAKpF;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,QAAQ,GAAG,YAAY,GAAG;IACtE,EAAE,EAAE,QAAQ,CAAA;IACZ,OAAO,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;CAC9B,CAOA;AAED;;;;;GAKG;AACH,MAAM,MAAM,wBAAwB,GAAG,IAAI,CAAC,iBAAiB,EAAE,OAAO,CAAC,GAAG;IACxE,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,KAAK,CAAA;CACb,CAAA;AAED,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI,CAAA;CAC3B;AAED,MAAM,WAAW,qBAAqB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IACtF,OAAO,EAAE,OAAO,CAAA;IAChB,GAAG,EAAE,SAAS,CAAA;IACd,EAAE,EAAE,QAAQ,CAAA;IACZ,GAAG,CAAC,EAAE,sBAAsB,CAAA;CAC7B;AAED,MAAM,WAAW,wBAAwB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,CACzF,SAAQ,qBAAqB,CAAC,SAAS,CAAC;IACxC,UAAU,EAAE,gBAAgB,CAAA;IAC5B,IAAI,EAAE,wBAAwB,CAAA;CAC/B;AAED,MAAM,WAAW,8BAA8B,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,CAC/F,SAAQ,qBAAqB,CAAC,SAAS,CAAC;IACxC,MAAM,EAAE,YAAY,CAAA;CACrB;AAED,MAAM,WAAW,qBAAqB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IACtF,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,SAAS,KAAK;QAC5B,KAAK,EAAE,CACL,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,SAAS,EACd,GAAG,CAAC,EAAE,sBAAsB,KACzB,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;KAClC,CAAA;IACD;;;;;;;;OAQG;IACH,OAAO,CAAC,EAAE,CACR,IAAI,EAAE,qBAAqB,CAAC,SAAS,CAAC,KACnC,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC,GAAG,wBAAwB,GAAG,IAAI,CAAA;IAC/E,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,wBAAwB,CAAC,SAAS,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAA;IACzF,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE,8BAA8B,CAAC,SAAS,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAA;CACjG;AAED,MAAM,WAAW,eAAe,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IAChF,EAAE,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IACxB;;;;;;;;OAQG;IACH,eAAe,CAAC,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IACtC;;;;;OAKG;IACH,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAA;IAC/B,OAAO,CAAC,EAAE,UAAU,EAAE,CAAA;IACtB,UAAU,CAAC,EAAE,aAAa,EAAE,CAAA;IAC5B,OAAO,CAAC,EAAE,UAAU,EAAE,CAAA;IACtB,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,IAAI,CAAC,EAAE,WAAW,CAAA;IAClB,KAAK,CAAC,EAAE,iBAAiB,GAAG,kBAAkB,CAAA;IAC9C,IAAI,CAAC,EAAE,qBAAqB,CAAC,SAAS,CAAC,CAAA;IACvC,WAAW,CAAC,EAAE,MAAM,EAAE,CAAA;IACtB,MAAM,CAAC,EAAE,cAAc,CAAA;IACvB;;;;;;;;OAQG;IACH,WAAW,CAAC,EAAE,KAAK,GAAG,OAAO,8BAA8B,EAAE,kBAAkB,CAAA;IAC/E;;;;;;;;;;OAUG;IACH,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB;;;;;OAKG;IACH,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,KAAK,GAAG;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAA;IAC/C;;;OAGG;IACH,eAAe,CAAC,EAAE,KAAK,GAAG,OAAO,kCAAkC,EAAE,sBAAsB,CAAA;IAC3F;;;;OAIG;IACH,SAAS,CAAC,EAAE,KAAK,GAAG,OAAO,4BAA4B,EAAE,eAAe,CAAA;IACxE;;;;;;;;;OASG;IACH,SAAS,CAAC,EAAE,qBAAqB,CAAA;IACjC;;;;;;;;OAQG;IACH,SAAS,CAAC,EAAE;QACV,eAAe,EAAE,MAAM,CAAA;QACvB,iBAAiB,CAAC,EAAE,MAAM,CAAA;QAC1B,UAAU,EAAE,aAAa,CAAC;YACxB,EAAE,EAAE,MAAM,CAAA;YACV,MAAM,EAAE,MAAM,CAAA;YACd,YAAY,EAAE,MAAM,CAAA;YACpB,cAAc,EAAE,MAAM,CAAA;YACtB,MAAM,EAAE,MAAM,EAAE,CAAA;YAChB,aAAa,CAAC,EAAE,MAAM,CAAA;SACvB,CAAC,CAAA;KACH,CAAA;IAED,gBAAgB,CAAC,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAA;CAC5C;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAM,WAAW,qBAAqB,CAAC,SAAS,GAAG,OAAO;IACxD;;;;OAIG;IACH,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,KAAK,aAAa,CAAA;IAC9C;;;;OAIG;IACH,WAAW,CAAC,EAAE,YAAY,GAAG,SAAS,GAAG,aAAa,CAAA;IACtD;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED;;;;GAIG"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,KAAK,EACL,eAAe,IAAI,mBAAmB,EACtC,QAAQ,EACR,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,WAAW,EACX,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAA;AAEhE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAA;AACzD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAA;AACpE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AAC7D,OAAO,KAAK,EAAE,YAAY,IAAI,cAAc,EAAE,MAAM,6BAA6B,CAAA;AACjF,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AACjE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAEhC,OAAO,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAC5D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,6BAA6B,CAAA;AAC3D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAE7C,MAAM,WAAW,sBAAsB;IACrC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,IAAI,CAAA;IAC/C,sBAAsB,CAAC,EAAE,MAAM,IAAI,CAAA;CACpC;AAED,MAAM,WAAW,cAAc;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,uBAAuB,CAAC,EAAE,MAAM,CAAA;IAChC,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,YAAY,CAAC,EAAE,OAAO,4BAA4B,EAAE,4BAA4B,CAAA;IAChF;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,yBAAyB,EAAE,0BAA0B,CAAA;CACvE;AAED,MAAM,MAAM,QAAQ,GAAG,kBAAkB,GAAG,gBAAgB,GAAG,cAAc,CAAA;AAC7E,MAAM,MAAM,kBAAkB,GAAG,WAAW,CAAA;AAE5C,MAAM,MAAM,eAAe,GAAG,mBAAmB,GAAG;IAClD;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,EAAE,EAAE,QAAQ,CAAA;IACZ,oEAAoE;IACpE,SAAS,EAAE,eAAe,CAAA;IAC1B,QAAQ,EAAE,QAAQ,CAAA;IAClB,mEAAmE;IACnE,IAAI,CAAC,EAAE,WAAW,CAAA;IAClB,oEAAoE;IACpE,KAAK,CAAC,EAAE,kBAAkB,CAAA;IAC1B,iFAAiF;IACjF,cAAc,CAAC,EAAE,OAAO,iCAAiC,EAAE,cAAc,CAAA;IACzE,0EAA0E;IAC1E,iBAAiB,CAAC,EAAE,OAAO,yBAAyB,EAAE,gBAAgB,CAAA;CACvE,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,QAAQ,CAAA;IACZ,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;CAC7B;AAED,MAAM,MAAM,SAAS,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,IAAI,CACzE,GAAG,EAAE,SAAS,KACX,QAAQ,GAAG,YAAY,CAAA;AAE5B;;;GAGG;AACH,MAAM,WAAW,kBAAkB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IACnF,OAAO,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IAC7B;;;;;OAKG;IACH,uBAAuB,EAAE,OAAO,CAAA;CACjC;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,iBAAiB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IAClF,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAA;CACpD;AAED,wEAAwE;AACxE,MAAM,MAAM,QAAQ,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,IAClE,SAAS,CAAC,SAAS,CAAC,GACpB,iBAAiB,CAAC,SAAS,CAAC,CAAA;AAEhC,wBAAgB,mBAAmB,CAAC,SAAS,SAAS,cAAc,EAClE,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,GAC1B,MAAM,IAAI,iBAAiB,CAAC,SAAS,CAAC,CAExC;AAED,kEAAkE;AAClE,wBAAgB,eAAe,CAAC,SAAS,SAAS,cAAc,EAC9D,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,EAC3B,IAAI,EAAE,MAAM,GACX,SAAS,CAAC,SAAS,CAAC,CAEtB;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,QAAQ,GAAG,YAAY,GAAG,KAAK,IAAI,YAAY,CAKpF;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,QAAQ,GAAG,YAAY,GAAG;IACtE,EAAE,EAAE,QAAQ,CAAA;IACZ,OAAO,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;CAC9B,CAOA;AAED;;;;;GAKG;AACH,MAAM,MAAM,wBAAwB,GAAG,IAAI,CAAC,iBAAiB,EAAE,OAAO,CAAC,GAAG;IACxE,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,KAAK,CAAA;CACb,CAAA;AAED,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,8DAA8D;IAC9D,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI,CAAA;CAC3B;AAED,MAAM,WAAW,qBAAqB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IACtF,OAAO,EAAE,OAAO,CAAA;IAChB,GAAG,EAAE,SAAS,CAAA;IACd,EAAE,EAAE,QAAQ,CAAA;IACZ,GAAG,CAAC,EAAE,sBAAsB,CAAA;CAC7B;AAED,MAAM,WAAW,wBAAwB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,CACzF,SAAQ,qBAAqB,CAAC,SAAS,CAAC;IACxC,UAAU,EAAE,gBAAgB,CAAA;IAC5B,IAAI,EAAE,wBAAwB,CAAA;CAC/B;AAED,MAAM,WAAW,8BAA8B,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,CAC/F,SAAQ,qBAAqB,CAAC,SAAS,CAAC;IACxC,MAAM,EAAE,YAAY,CAAA;CACrB;AAED,MAAM,WAAW,qBAAqB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IACtF,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,SAAS,KAAK;QAC5B,KAAK,EAAE,CACL,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,SAAS,EACd,GAAG,CAAC,EAAE,sBAAsB,KACzB,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;KAClC,CAAA;IACD;;;;;;;;OAQG;IACH,OAAO,CAAC,EAAE,CACR,IAAI,EAAE,qBAAqB,CAAC,SAAS,CAAC,KACnC,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC,GAAG,wBAAwB,GAAG,IAAI,CAAA;IAC/E,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,wBAAwB,CAAC,SAAS,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAA;IACzF,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE,8BAA8B,CAAC,SAAS,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAA;CACjG;AAED,MAAM,WAAW,eAAe,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IAChF,EAAE,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IACxB;;;;;;;;OAQG;IACH,eAAe,CAAC,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IACtC;;;;;OAKG;IACH,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAA;IAC/B,OAAO,CAAC,EAAE,UAAU,EAAE,CAAA;IACtB,UAAU,CAAC,EAAE,aAAa,EAAE,CAAA;IAC5B,OAAO,CAAC,EAAE,UAAU,EAAE,CAAA;IACtB,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,IAAI,CAAC,EAAE,WAAW,CAAA;IAClB,KAAK,CAAC,EAAE,iBAAiB,GAAG,kBAAkB,CAAA;IAC9C,IAAI,CAAC,EAAE,qBAAqB,CAAC,SAAS,CAAC,CAAA;IACvC,WAAW,CAAC,EAAE,MAAM,EAAE,CAAA;IACtB,MAAM,CAAC,EAAE,cAAc,CAAA;IACvB;;;;;;;;;OASG;IACH,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB;;;;;;;;OAQG;IACH,WAAW,CAAC,EAAE,KAAK,GAAG,OAAO,8BAA8B,EAAE,kBAAkB,CAAA;IAC/E;;;;;;;;;;OAUG;IACH,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB;;;;;OAKG;IACH,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,KAAK,GAAG;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAA;IAC/C;;;OAGG;IACH,eAAe,CAAC,EAAE,KAAK,GAAG,OAAO,kCAAkC,EAAE,sBAAsB,CAAA;IAC3F;;;;OAIG;IACH,SAAS,CAAC,EAAE,KAAK,GAAG,OAAO,4BAA4B,EAAE,eAAe,CAAA;IACxE;;;;;;;;;OASG;IACH,SAAS,CAAC,EAAE,qBAAqB,CAAA;IACjC;;;;;;;;OAQG;IACH,SAAS,CAAC,EAAE;QACV,eAAe,EAAE,MAAM,CAAA;QACvB,iBAAiB,CAAC,EAAE,MAAM,CAAA;QAC1B,UAAU,EAAE,aAAa,CAAC;YACxB,EAAE,EAAE,MAAM,CAAA;YACV,MAAM,EAAE,MAAM,CAAA;YACd,YAAY,EAAE,MAAM,CAAA;YACpB,cAAc,EAAE,MAAM,CAAA;YACtB,MAAM,EAAE,MAAM,EAAE,CAAA;YAChB,aAAa,CAAC,EAAE,MAAM,CAAA;SACvB,CAAC,CAAA;KACH,CAAA;IAED,gBAAgB,CAAC,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAA;CAC5C;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAM,WAAW,qBAAqB,CAAC,SAAS,GAAG,OAAO;IACxD;;;;OAIG;IACH,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,KAAK,aAAa,CAAA;IAC9C;;;;OAIG;IACH,WAAW,CAAC,EAAE,YAAY,GAAG,SAAS,GAAG,aAAa,CAAA;IACtD;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED;;;;GAIG"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@voyant-travel/hono",
-  "version": "0.112.2",
+  "version": "0.114.0",
   "license": "Apache-2.0",
   "type": "module",
   "exports": {
@@ -44,6 +44,11 @@
       "import": "./dist/types.js",
       "default": "./dist/types.js"
     },
+    "./observability": {
+      "types": "./dist/observability/index.d.ts",
+      "import": "./dist/observability/index.js",
+      "default": "./dist/observability/index.js"
+    },
     "./middleware": {
       "types": "./dist/middleware/index.d.ts",
       "import": "./dist/middleware/index.js",
@@ -119,19 +124,19 @@
     "drizzle-orm": "^0.45.2",
     "hono": "^4.12.10",
     "zod": "^4.3.6",
-    "@voyant-travel/core": "^0.110.0",
-    "@voyant-travel/db": "^0.108.3",
-    "@voyant-travel/types": "^0.104.5",
-    "@voyant-travel/utils": "^0.105.2",
-    "@voyant-travel/workflows": "^0.111.0",
-    "@voyant-travel/storage": "^0.105.0"
+    "@voyant-travel/core": "^0.111.0",
+    "@voyant-travel/db": "^0.109.0",
+    "@voyant-travel/storage": "^0.105.0",
+    "@voyant-travel/types": "^0.105.0",
+    "@voyant-travel/utils": "^0.105.3",
+    "@voyant-travel/workflows": "^0.111.4"
   },
   "devDependencies": {
     "@cloudflare/workers-types": "^4.20260426.1",
     "typescript": "^6.0.2",
     "vitest": "^4.1.2",
     "@voyant-travel/voyant-typescript-config": "^0.1.0",
-    "@voyant-travel/workflows-orchestrator": "^0.111.0"
+    "@voyant-travel/workflows-orchestrator": "^0.111.4"
   },
   "files": [
     "dist"