@voyant-travel/hono 0.115.0 → 0.116.0

package/dist/app.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAkC3B,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAY,eAAe,EAAE,MAAM,YAAY,CAAA;AAyB5F;;;;;;;;;;GAUG;AACH,MAAM,WAAW,mBAAmB,CAAC,SAAS,GAAG,OAAO;IACtD;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC1C;;;;;;;;OAQG;IACH,QAAQ,EAAE,OAAO,qBAAqB,EAAE,QAAQ,CAAA;CACjD;AAED;;;;;;GAMG;AACH,wBAAgB,QAAQ,CAAC,SAAS,SAAS,cAAc,EACvD,MAAM,EAAE,eAAe,CAAC,SAAS,CAAC,GACjC,IAAI,CAAC;IAAE,QAAQ,EAAE,SAAS,CAAC;IAAC,SAAS,EAAE,eAAe,CAAA;CAAE,CAAC,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAyc5F"}
+{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAkC3B,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAY,eAAe,EAAE,MAAM,YAAY,CAAA;AAyB5F;;;;;;;;;;GAUG;AACH,MAAM,WAAW,mBAAmB,CAAC,SAAS,GAAG,OAAO;IACtD;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC1C;;;;;;;;OAQG;IACH,QAAQ,EAAE,OAAO,qBAAqB,EAAE,QAAQ,CAAA;CACjD;AAED;;;;;;GAMG;AACH,wBAAgB,QAAQ,CAAC,SAAS,SAAS,cAAc,EACvD,MAAM,EAAE,eAAe,CAAC,SAAS,CAAC,GACjC,IAAI,CAAC;IAAE,QAAQ,EAAE,SAAS,CAAC;IAAC,SAAS,EAAE,eAAe,CAAA;CAAE,CAAC,GAAG,mBAAmB,CAAC,SAAS,CAAC,CA0d5F"}

package/dist/app.js

@@ -56,10 +56,14 @@ export function mountApp(config) {
     const allModules = [...(config.modules ?? []), ...(expanded?.modules ?? [])];
     const allExtensions = [...(config.extensions ?? []), ...(expanded?.extensions ?? [])];
     // Anonymous-access allow-list (ADR-0008): assembled from module/extension
-    // `anonymous` declarations + any explicit `publicPaths` escape-hatch entries.
+    // `anonymous` declarations + bundle-declared absolute anonymous paths (e.g. a
+    // payment-processor webhook) + any explicit `publicPaths` escape-hatch entries.
     // Used by both the auth middleware (skip auth / stamp customer actor) and the
     // public-write rate-limit matcher below, so the two never diverge.
-    const anonymousPaths = assembleAnonymousPaths(allModules, allExtensions, config.publicPaths);
+    const anonymousPaths = assembleAnonymousPaths(allModules, allExtensions, [
+        ...(config.publicPaths ?? []),
+        ...(expanded?.anonymousPaths ?? []),
+    ]);
     // When the framework owns the bus, route subscriber-dispatch failures
     // (including the workflow forwarder) to the reporter — they're otherwise
     // only console-logged per the fire-and-forget EventBus contract (RFC #1553).
@@ -334,11 +338,18 @@ export function mountApp(config) {
         if (txModuleNames.has(mod.module.name) && mod.publicRoutes) {
             txPrefixes.push(resolveSurfaceMountPath("/v1/public", mod.publicPath, mod.module.name));
         }
+        // Absolute transactional prefixes for routes mounted outside the name-based
+        // surface (e.g. a lazy family at `/v1/admin/catalog/quote`), so the
+        // deployment doesn't hand-maintain them in `dbTransactionalPaths` (ADR-0008).
+        if (mod.transactionalPaths)
+            txPrefixes.push(...mod.transactionalPaths);
     }
     for (const ext of allExtensions) {
         if (txModuleNames.has(ext.extension.module) && ext.publicRoutes) {
             txPrefixes.push(resolveSurfaceMountPath("/v1/public", ext.publicPath, ext.extension.module));
         }
+        if (ext.transactionalPaths)
+            txPrefixes.push(...ext.transactionalPaths);
     }
     // With a `dbTransactional` factory, requests are routed per surface:
     // transactional prefixes get it, everything else gets the cheap
@@ -367,6 +378,14 @@ export function mountApp(config) {
         if (pathname.startsWith("/v1/admin/") || pathname.startsWith("/v1/public/")) {
             return next();
         }
+        // Anonymous legacy/webhook routes (ADR-0008) — e.g. a bundle-declared
+        // payment-processor callback at `/v1/finance/...`. `requireAuth` already
+        // skipped credential resolution for these, but it only stamps an actor on
+        // `/v1/public/*`, so without this skip the fail-closed staff guard would 401
+        // a route that is meant to be reachable without a session.
+        if (matchesPublicPath(pathname, anonymousPaths)) {
+            return next();
+        }
         return requireLegacyActor(c, next);
     });
     // Admin capability discovery — GET /v1/admin/_meta/capabilities. A built-in

package/dist/module.d.ts

@@ -51,6 +51,18 @@ export interface HonoModule {
      * require a `staff` actor.
      */
     anonymous?: boolean | readonly string[];
+    /**
+     * Absolute API path prefixes whose requests must be served by the
+     * transaction-capable db client (ADR-0008). For modules whose
+     * transaction-needing routes are NOT under the name-based surface — e.g. a
+     * lazy family mounted at `/v1/admin/catalog/quote` rather than
+     * `/v1/admin/{name}` — and where only a SUBSET of the family's routes
+     * transact (so the boolean `module.requiresTransactionalDb` would be too
+     * broad). For the common case (all of a module's routes transact) prefer
+     * `module.requiresTransactionalDb`. Folded into the transactional-prefix map
+     * so the deployment doesn't hand-maintain `dbTransactionalPaths`.
+     */
+    transactionalPaths?: readonly string[];
 }
 export interface HonoExtension {
     extension: Extension;
@@ -79,5 +91,10 @@ export interface HonoExtension {
      * to the extension's public mount.
      */
     anonymous?: boolean | readonly string[];
+    /**
+     * Absolute transactional path prefixes — same semantics as
+     * {@link HonoModule.transactionalPaths}.
+     */
+    transactionalPaths?: readonly string[];
 }
 //# sourceMappingURL=module.d.ts.map

package/dist/module.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"module.d.ts","sourceRoot":"","sources":["../src/module.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5D,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAEhC,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAExE,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAA;IACd;;;;;;OAMG;IAEH,MAAM,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IAClB,kEAAkE;IAElE,WAAW,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IACvB,uFAAuF;IAEvF,YAAY,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IACxB;;;;;OAKG;IACH,eAAe,CAAC,EAAE,gBAAgB,CAAA;IAClC,4FAA4F;IAC5F,gBAAgB,CAAC,EAAE,gBAAgB,CAAA;IACnC;;;;;OAKG;IACH,UAAU,CAAC,EAAE,cAAc,CAAA;IAC3B;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;;;;;;;;;;OAWG;IACH,SAAS,CAAC,EAAE,OAAO,GAAG,SAAS,MAAM,EAAE,CAAA;CACxC;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,SAAS,CAAA;IACpB,0DAA0D;IAE1D,MAAM,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IAClB,uEAAuE;IAEvE,WAAW,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IACvB,4FAA4F;IAE5F,YAAY,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IACxB,kGAAkG;IAClG,eAAe,CAAC,EAAE,gBAAgB,CAAA;IAClC,iGAAiG;IACjG,gBAAgB,CAAC,EAAE,gBAAgB,CAAA;IACnC,gFAAgF;IAChF,UAAU,CAAC,EAAE,cAAc,CAAA;IAC3B;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;;;OAIG;IACH,SAAS,CAAC,EAAE,OAAO,GAAG,SAAS,MAAM,EAAE,CAAA;CACxC"}
+{"version":3,"file":"module.d.ts","sourceRoot":"","sources":["../src/module.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5D,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAEhC,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAExE,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAA;IACd;;;;;;OAMG;IAEH,MAAM,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IAClB,kEAAkE;IAElE,WAAW,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IACvB,uFAAuF;IAEvF,YAAY,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IACxB;;;;;OAKG;IACH,eAAe,CAAC,EAAE,gBAAgB,CAAA;IAClC,4FAA4F;IAC5F,gBAAgB,CAAC,EAAE,gBAAgB,CAAA;IACnC;;;;;OAKG;IACH,UAAU,CAAC,EAAE,cAAc,CAAA;IAC3B;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;;;;;;;;;;OAWG;IACH,SAAS,CAAC,EAAE,OAAO,GAAG,SAAS,MAAM,EAAE,CAAA;IACvC;;;;;;;;;;OAUG;IACH,kBAAkB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;CACvC;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,SAAS,CAAA;IACpB,0DAA0D;IAE1D,MAAM,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IAClB,uEAAuE;IAEvE,WAAW,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IACvB,4FAA4F;IAE5F,YAAY,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IACxB,kGAAkG;IAClG,eAAe,CAAC,EAAE,gBAAgB,CAAA;IAClC,iGAAiG;IACjG,gBAAgB,CAAC,EAAE,gBAAgB,CAAA;IACnC,gFAAgF;IAChF,UAAU,CAAC,EAAE,cAAc,CAAA;IAC3B;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;;;OAIG;IACH,SAAS,CAAC,EAAE,OAAO,GAAG,SAAS,MAAM,EAAE,CAAA;IACvC;;;OAGG;IACH,kBAAkB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;CACvC"}

package/dist/plugin.d.ts

@@ -27,6 +27,17 @@ export interface HonoBundle {
     subscribers?: Subscriber[];
     /** Link definitions contributed by the plugin. */
     links?: LinkDefinition[];
+    /**
+     * Absolute API paths this bundle exposes that are reachable WITHOUT a session
+     * (ADR-0008). Unlike a module/extension's `anonymous` (relative to its
+     * `/v1/public` mount), bundle routes can mount anywhere — e.g. a payment
+     * processor's webhook at `/v1/finance/providers/netopia/callback`, which the
+     * processor's servers POST to without a cookie or bearer. Declaring it here
+     * keeps the "reachable-without-auth" decision with the plugin that owns the
+     * route, instead of in every deployment's `publicPaths`. The framework folds
+     * these into the assembled anonymous allow-list.
+     */
+    anonymous?: string[];
     /**
      * Workflows contributed by the plugin. Mirrors the `Plugin.workflows`
      * field in `@voyant-travel/core` — collected at `createApp()` boot and
@@ -52,6 +63,8 @@ export interface ExpandedHonoBundles {
     extensions: HonoExtension[];
     subscribers: Subscriber[];
     links: LinkDefinition[];
+    /** Absolute anonymous-access paths declared by bundles (ADR-0008). */
+    anonymousPaths: string[];
 }
 /** @deprecated Prefer {@link ExpandedHonoBundles}. */
 export type ExpandedHonoPlugins = ExpandedHonoBundles;

package/dist/plugin.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,qBAAqB,EACrB,cAAc,EACd,UAAU,EACV,kBAAkB,EACnB,MAAM,qBAAqB,CAAA;AAE5B,OAAO,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAE5D;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,UAAU;IACzB,8DAA8D;IAC9D,IAAI,EAAE,MAAM,CAAA;IACZ,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,qEAAqE;IACrE,SAAS,CAAC,EAAE,gBAAgB,CAAA;IAC5B,gEAAgE;IAChE,OAAO,CAAC,EAAE,UAAU,EAAE,CAAA;IACtB,sEAAsE;IACtE,UAAU,CAAC,EAAE,aAAa,EAAE,CAAA;IAC5B,wEAAwE;IACxE,WAAW,CAAC,EAAE,UAAU,EAAE,CAAA;IAC1B,kDAAkD;IAClD,KAAK,CAAC,EAAE,cAAc,EAAE,CAAA;IACxB;;;;OAIG;IACH,SAAS,CAAC,EAAE,SAAS,kBAAkB,EAAE,CAAA;IACzC;;;OAGG;IACH,YAAY,CAAC,EAAE,SAAS,qBAAqB,EAAE,CAAA;CAChD;AAED,6CAA6C;AAC7C,MAAM,MAAM,UAAU,GAAG,UAAU,CAAA;AAEnC;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,SAAS,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,CAEnE;AAED,mDAAmD;AACnD,eAAO,MAAM,gBAAgB,yBAAmB,CAAA;AAEhD,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,UAAU,EAAE,CAAA;IACrB,UAAU,EAAE,aAAa,EAAE,CAAA;IAC3B,WAAW,EAAE,UAAU,EAAE,CAAA;IACzB,KAAK,EAAE,cAAc,EAAE,CAAA;CACxB;AAED,sDAAsD;AACtD,MAAM,MAAM,mBAAmB,GAAG,mBAAmB,CAAA;AAErD;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,aAAa,CAAC,UAAU,CAAC,GAAG,mBAAmB,CAoBzF;AAED,oDAAoD;AACpD,eAAO,MAAM,iBAAiB,0BAAoB,CAAA"}
+{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,qBAAqB,EACrB,cAAc,EACd,UAAU,EACV,kBAAkB,EACnB,MAAM,qBAAqB,CAAA;AAE5B,OAAO,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAE5D;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,UAAU;IACzB,8DAA8D;IAC9D,IAAI,EAAE,MAAM,CAAA;IACZ,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,qEAAqE;IACrE,SAAS,CAAC,EAAE,gBAAgB,CAAA;IAC5B,gEAAgE;IAChE,OAAO,CAAC,EAAE,UAAU,EAAE,CAAA;IACtB,sEAAsE;IACtE,UAAU,CAAC,EAAE,aAAa,EAAE,CAAA;IAC5B,wEAAwE;IACxE,WAAW,CAAC,EAAE,UAAU,EAAE,CAAA;IAC1B,kDAAkD;IAClD,KAAK,CAAC,EAAE,cAAc,EAAE,CAAA;IACxB;;;;;;;;;OASG;IACH,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;IACpB;;;;OAIG;IACH,SAAS,CAAC,EAAE,SAAS,kBAAkB,EAAE,CAAA;IACzC;;;OAGG;IACH,YAAY,CAAC,EAAE,SAAS,qBAAqB,EAAE,CAAA;CAChD;AAED,6CAA6C;AAC7C,MAAM,MAAM,UAAU,GAAG,UAAU,CAAA;AAEnC;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,SAAS,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,CAEnE;AAED,mDAAmD;AACnD,eAAO,MAAM,gBAAgB,yBAAmB,CAAA;AAEhD,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,UAAU,EAAE,CAAA;IACrB,UAAU,EAAE,aAAa,EAAE,CAAA;IAC3B,WAAW,EAAE,UAAU,EAAE,CAAA;IACzB,KAAK,EAAE,cAAc,EAAE,CAAA;IACvB,sEAAsE;IACtE,cAAc,EAAE,MAAM,EAAE,CAAA;CACzB;AAED,sDAAsD;AACtD,MAAM,MAAM,mBAAmB,GAAG,mBAAmB,CAAA;AAErD;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,aAAa,CAAC,UAAU,CAAC,GAAG,mBAAmB,CAsBzF;AAED,oDAAoD;AACpD,eAAO,MAAM,iBAAiB,0BAAoB,CAAA"}

package/dist/plugin.js

@@ -17,6 +17,7 @@ export function expandHonoBundles(bundles) {
     const extensions = [];
     const subscribers = [];
     const links = [];
+    const anonymousPaths = [];
     for (const bundle of bundles) {
         if (seen.has(bundle.name)) {
             throw new Error(`Duplicate bundle name: "${bundle.name}"`);
@@ -30,8 +31,10 @@ export function expandHonoBundles(bundles) {
             subscribers.push(...bundle.subscribers);
         if (bundle.links)
             links.push(...bundle.links);
+        if (bundle.anonymous)
+            anonymousPaths.push(...bundle.anonymous);
     }
-    return { modules, extensions, subscribers, links };
+    return { modules, extensions, subscribers, links, anonymousPaths };
 }
 /** @deprecated Prefer {@link expandHonoBundles}. */
 export const expandHonoPlugins = expandHonoBundles;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@voyant-travel/hono",
-  "version": "0.115.0",
+  "version": "0.116.0",
   "license": "Apache-2.0",
   "type": "module",
   "exports": {
@@ -129,14 +129,14 @@
     "@voyant-travel/storage": "^0.105.0",
     "@voyant-travel/types": "^0.106.0",
     "@voyant-travel/utils": "^0.105.4",
-    "@voyant-travel/workflows": "^0.111.5"
+    "@voyant-travel/workflows": "^0.111.6"
   },
   "devDependencies": {
     "@cloudflare/workers-types": "^4.20260426.1",
     "typescript": "^6.0.2",
     "vitest": "^4.1.2",
     "@voyant-travel/voyant-typescript-config": "^0.1.0",
-    "@voyant-travel/workflows-orchestrator": "^0.111.5"
+    "@voyant-travel/workflows-orchestrator": "^0.111.6"
   },
   "files": [
     "dist"