@voyantjs/hono 0.5.0 → 0.6.0

package/README.md

@@ -1,6 +1,7 @@
 # @voyantjs/hono
 
-Hono transport adapter for Voyant. Provides `createApp()`, middleware, auth helpers, and plugin expansion for mounting Voyant modules behind a Hono app.
+Hono transport adapter for Voyant. Provides `createApp()`, middleware, auth
+helpers, and plugin expansion for mounting Voyant modules behind a Hono app.
 
 ## Install
 
@@ -17,10 +18,19 @@ const app = createApp({
   db: (env) => getDb(env),
   auth: { handler, resolve },
   modules: [crmModule, productsModule, bookingsModule],
-  plugins: [payloadCmsPlugin({ /* ... */ })],
+  extensions: [smartbillFinanceExtension],
+  plugins: [
+    payloadCmsPlugin({
+      /* optional distribution bundle */
+    }),
+  ],
 })
 ```
 
+Use `modules`, `extensions`, and provider-backed route helpers as the default
+composition surface. Use `plugins` when you want to register a reusable
+distribution bundle that packages those pieces together.
+
 The middleware chain is: container → requestId → logger → errorBoundary → CORS → health → auth handler → requireAuth → db → actor guards → module routes.
 
 ## Exports

package/dist/app.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAS3B,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAElF,wBAAgB,SAAS,CAAC,SAAS,SAAS,cAAc,EACxD,MAAM,EAAE,eAAe,CAAC,SAAS,CAAC,GACjC,IAAI,CAAC;IAAE,QAAQ,EAAE,SAAS,CAAC;IAAC,SAAS,EAAE,eAAe,CAAA;CAAE,CAAC,CAsF3D"}
+{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAS3B,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAoBlF,wBAAgB,SAAS,CAAC,SAAS,SAAS,cAAc,EACxD,MAAM,EAAE,eAAe,CAAC,SAAS,CAAC,GACjC,IAAI,CAAC;IAAE,QAAQ,EAAE,SAAS,CAAC;IAAC,SAAS,EAAE,eAAe,CAAA;CAAE,CAAC,CAkI3D"}

package/dist/app.js

@@ -1,18 +1,35 @@
-import { createContainer } from "@voyantjs/core";
+import { createContainer, createEventBus, createQueryRunner } from "@voyantjs/core";
 import { Hono } from "hono";
 import { requireAuth } from "./middleware/auth.js";
 import { cors } from "./middleware/cors.js";
 import { db } from "./middleware/db.js";
-import { errorBoundary, requestId } from "./middleware/error-boundary.js";
+import { handleApiError, requestId } from "./middleware/error-boundary.js";
 import { logger } from "./middleware/logger.js";
 import { requireActor } from "./middleware/require-actor.js";
 import { expandHonoPlugins } from "./plugin.js";
+function resolveSurfaceMountPath(prefix, path, fallback) {
+    const normalized = path?.trim();
+    if (!normalized) {
+        return `${prefix}/${fallback}`;
+    }
+    if (normalized === "/") {
+        return prefix;
+    }
+    return `${prefix}/${normalized.replace(/^\/+|\/+$/g, "")}`;
+}
 export function createApp(config) {
     const app = new Hono();
+    app.onError(handleApiError);
     // Expand plugins into their constituent modules/extensions before mounting
     const expanded = config.plugins ? expandHonoPlugins(config.plugins) : null;
     const allModules = [...(config.modules ?? []), ...(expanded?.modules ?? [])];
     const allExtensions = [...(config.extensions ?? []), ...(expanded?.extensions ?? [])];
+    const eventBus = config.eventBus ?? createEventBus();
+    const query = typeof config.query === "function"
+        ? config.query
+        : config.query
+            ? createQueryRunner(config.query)
+            : undefined;
     // Module container — registered services are resolvable from routes
     const container = createContainer();
     for (const mod of allModules) {
@@ -20,16 +37,43 @@ export function createApp(config) {
             container.register(mod.module.name, mod.module.service);
         }
     }
+    for (const sub of expanded?.subscribers ?? []) {
+        eventBus.subscribe(sub.event, sub.handler);
+    }
+    let bootstrapPromise = null;
+    function ensureRuntimeBootstrapped(bindings) {
+        if (!bootstrapPromise) {
+            bootstrapPromise = (async () => {
+                const ctx = { bindings, container, eventBus };
+                for (const plugin of config.plugins ?? []) {
+                    await plugin.bootstrap?.(ctx);
+                }
+                for (const mod of allModules) {
+                    await mod.module.bootstrap?.(ctx);
+                }
+                for (const ext of allExtensions) {
+                    await ext.extension.bootstrap?.(ctx);
+                }
+            })();
+        }
+        return bootstrapPromise;
+    }
     app.use("*", async (c, next) => {
         c.set("container", container);
+        c.set("eventBus", eventBus);
+        if (config.link) {
+            c.set("link", config.link);
+        }
+        if (query) {
+            c.set("query", query);
+        }
+        await ensureRuntimeBootstrapped(c.env);
         return next();
     });
     // Request ID header
     app.use("*", requestId);
     // Structured logger
     app.use("*", logger(config.logger));
-    // Global error boundary
-    app.use("*", errorBoundary);
     // CORS (allowlist via env CORS_ALLOWLIST)
     app.use("*", cors());
     // Health check (public, no auth)
@@ -55,7 +99,7 @@ export function createApp(config) {
             app.route(`/v1/admin/${mod.module.name}`, mod.adminRoutes);
         }
         if (mod.publicRoutes) {
-            app.route(`/v1/public/${mod.module.name}`, mod.publicRoutes);
+            app.route(resolveSurfaceMountPath("/v1/public", mod.publicPath, mod.module.name), mod.publicRoutes);
         }
         if (mod.routes) {
             app.route(`/v1/${mod.module.name}`, mod.routes);
@@ -67,7 +111,7 @@ export function createApp(config) {
             app.route(`/v1/admin/${ext.extension.module}`, ext.adminRoutes);
         }
         if (ext.publicRoutes) {
-            app.route(`/v1/public/${ext.extension.module}`, ext.publicRoutes);
+            app.route(resolveSurfaceMountPath("/v1/public", ext.publicPath, ext.extension.module), ext.publicRoutes);
         }
         if (ext.routes) {
             app.route(`/v1/${ext.extension.module}`, ext.routes);

package/dist/auth/index.d.ts

@@ -1,4 +1,5 @@
 export { generateNumericCode, randomBytesHex, sha256Base64Url, sha256Hex, unsignCookie, } from "./crypto.js";
+export { requireUserId } from "./require-user.js";
 export type { SessionAuthContext } from "./session-jwt.js";
 export { extractBearerToken, verifySession } from "./session-jwt.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,SAAS,EACT,YAAY,GACb,MAAM,aAAa,CAAA;AACpB,YAAY,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAA;AAC1D,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,SAAS,EACT,YAAY,GACb,MAAM,aAAa,CAAA;AACpB,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AACjD,YAAY,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAA;AAC1D,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAA"}

package/dist/auth/index.js

@@ -1,2 +1,3 @@
 export { generateNumericCode, randomBytesHex, sha256Base64Url, sha256Hex, unsignCookie, } from "./crypto.js";
+export { requireUserId } from "./require-user.js";
 export { extractBearerToken, verifySession } from "./session-jwt.js";

package/dist/auth/require-user.d.ts

@@ -0,0 +1,3 @@
+import type { Context } from "hono";
+export declare function requireUserId(c: Context): string;
+//# sourceMappingURL=require-user.d.ts.map

package/dist/auth/require-user.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"require-user.d.ts","sourceRoot":"","sources":["../../src/auth/require-user.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAInC,wBAAgB,aAAa,CAAC,CAAC,EAAE,OAAO,GAAG,MAAM,CAOhD"}

package/dist/auth/require-user.js

@@ -0,0 +1,8 @@
+import { UnauthorizedApiError } from "../validation.js";
+export function requireUserId(c) {
+    const userId = c.get("userId");
+    if (!userId) {
+        throw new UnauthorizedApiError();
+    }
+    return userId;
+}

package/dist/index.d.ts

@@ -1,10 +1,11 @@
 export type { VoyantPermission } from "@voyantjs/core";
 export { createApp } from "./app.js";
 export type { SessionAuthContext } from "./auth/index.js";
-export { extractBearerToken, generateNumericCode, randomBytesHex, sha256Base64Url, sha256Hex, unsignCookie, verifySession, } from "./auth/index.js";
-export { consoleLoggerProvider, cors, db, errorBoundary, LIVE_LIMITS, logger, rateLimit, requestId, requireActor, requireAuth, requirePermission, } from "./middleware/index.js";
+export { extractBearerToken, generateNumericCode, randomBytesHex, requireUserId, sha256Base64Url, sha256Hex, unsignCookie, verifySession, } from "./auth/index.js";
+export { consoleLoggerProvider, cors, db, errorBoundary, handleApiError, LIVE_LIMITS, logger, rateLimit, requestId, requireActor, requireAuth, requirePermission, } from "./middleware/index.js";
 export type { HonoExtension, HonoModule } from "./module.js";
-export type { ExpandedHonoPlugins, HonoPlugin } from "./plugin.js";
-export { defineHonoPlugin, expandHonoPlugins } from "./plugin.js";
-export type { DbFactory, LogEntry, LoggerProvider, VoyantAppConfig, VoyantAuthIntegration, VoyantAuthPermissionArgs, VoyantAuthResolveArgs, VoyantBindings, VoyantDb, VoyantExecutionContext, VoyantRequestAuthContext, VoyantVariables, } from "./types.js";
+export type { ExpandedHonoBundles, ExpandedHonoPlugins, HonoBundle, HonoPlugin, } from "./plugin.js";
+export { defineHonoBundle, defineHonoPlugin, expandHonoBundles, expandHonoPlugins, } from "./plugin.js";
+export type { DbFactory, LogEntry, LoggerProvider, VoyantAppConfig, VoyantAuthIntegration, VoyantAuthPermissionArgs, VoyantAuthResolveArgs, VoyantBindings, VoyantDb, VoyantExecutionContext, VoyantQueryRuntime, VoyantRequestAuthContext, VoyantVariables, } from "./types.js";
+export { ApiHttpError, ForbiddenApiError, normalizeValidationError, parseJsonBody, parseOptionalJsonBody, parseQuery, RequestValidationError, UnauthorizedApiError, } from "./validation.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AACpC,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AACzD,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,SAAS,EACT,YAAY,EACZ,aAAa,GACd,MAAM,iBAAiB,CAAA;AACxB,OAAO,EACL,qBAAqB,EACrB,IAAI,EACJ,EAAE,EACF,aAAa,EACb,WAAW,EACX,MAAM,EACN,SAAS,EACT,SAAS,EACT,YAAY,EACZ,WAAW,EACX,iBAAiB,GAClB,MAAM,uBAAuB,CAAA;AAC9B,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAC5D,YAAY,EAAE,mBAAmB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAClE,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA;AACjE,YAAY,EACV,SAAS,EACT,QAAQ,EACR,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,wBAAwB,EACxB,qBAAqB,EACrB,cAAc,EACd,QAAQ,EACR,sBAAsB,EACtB,wBAAwB,EACxB,eAAe,GAChB,MAAM,YAAY,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AACpC,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AACzD,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,EACd,aAAa,EACb,eAAe,EACf,SAAS,EACT,YAAY,EACZ,aAAa,GACd,MAAM,iBAAiB,CAAA;AACxB,OAAO,EACL,qBAAqB,EACrB,IAAI,EACJ,EAAE,EACF,aAAa,EACb,cAAc,EACd,WAAW,EACX,MAAM,EACN,SAAS,EACT,SAAS,EACT,YAAY,EACZ,WAAW,EACX,iBAAiB,GAClB,MAAM,uBAAuB,CAAA;AAC9B,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAC5D,YAAY,EACV,mBAAmB,EACnB,mBAAmB,EACnB,UAAU,EACV,UAAU,GACX,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAA;AACpB,YAAY,EACV,SAAS,EACT,QAAQ,EACR,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,wBAAwB,EACxB,qBAAqB,EACrB,cAAc,EACd,QAAQ,EACR,sBAAsB,EACtB,kBAAkB,EAClB,wBAAwB,EACxB,eAAe,GAChB,MAAM,YAAY,CAAA;AACnB,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,wBAAwB,EACxB,aAAa,EACb,qBAAqB,EACrB,UAAU,EACV,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,iBAAiB,CAAA"}

package/dist/index.js

@@ -1,4 +1,5 @@
 export { createApp } from "./app.js";
-export { extractBearerToken, generateNumericCode, randomBytesHex, sha256Base64Url, sha256Hex, unsignCookie, verifySession, } from "./auth/index.js";
-export { consoleLoggerProvider, cors, db, errorBoundary, LIVE_LIMITS, logger, rateLimit, requestId, requireActor, requireAuth, requirePermission, } from "./middleware/index.js";
-export { defineHonoPlugin, expandHonoPlugins } from "./plugin.js";
+export { extractBearerToken, generateNumericCode, randomBytesHex, requireUserId, sha256Base64Url, sha256Hex, unsignCookie, verifySession, } from "./auth/index.js";
+export { consoleLoggerProvider, cors, db, errorBoundary, handleApiError, LIVE_LIMITS, logger, rateLimit, requestId, requireActor, requireAuth, requirePermission, } from "./middleware/index.js";
+export { defineHonoBundle, defineHonoPlugin, expandHonoBundles, expandHonoPlugins, } from "./plugin.js";
+export { ApiHttpError, ForbiddenApiError, normalizeValidationError, parseJsonBody, parseOptionalJsonBody, parseQuery, RequestValidationError, UnauthorizedApiError, } from "./validation.js";

package/dist/middleware/error-boundary.d.ts

@@ -1,4 +1,5 @@
-import type { MiddlewareHandler } from "hono";
+import type { Context, MiddlewareHandler } from "hono";
 export declare const requestId: MiddlewareHandler;
+export declare function handleApiError(err: unknown, c: Context): Response;
 export declare const errorBoundary: MiddlewareHandler;
 //# sourceMappingURL=error-boundary.d.ts.map

package/dist/middleware/error-boundary.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"error-boundary.d.ts","sourceRoot":"","sources":["../../src/middleware/error-boundary.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAU7C,eAAO,MAAM,SAAS,EAAE,iBAKvB,CAAA;AAID,eAAO,MAAM,aAAa,EAAE,iBAmC3B,CAAA"}
+{"version":3,"file":"error-boundary.d.ts","sourceRoot":"","sources":["../../src/middleware/error-boundary.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAYtD,eAAO,MAAM,SAAS,EAAE,iBAKvB,CAAA;AAID,wBAAgB,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,GAAG,QAAQ,CA+CjE;AAED,eAAO,MAAM,aAAa,EAAE,iBAM3B,CAAA"}

package/dist/middleware/error-boundary.js

@@ -1,4 +1,5 @@
 import { apiErrorSchema } from "@voyantjs/types";
+import { normalizeValidationError } from "../validation.js";
 function generateRequestId() {
     const bytes = new Uint8Array(16);
     crypto.getRandomValues(bytes);
@@ -13,35 +14,52 @@ export const requestId = async (c, next) => {
     await next();
 };
 const REDACT_HEADERS = new Set(["authorization", "x-api-key"]);
+export function handleApiError(err, c) {
+    const id = c.res.headers.get("X-Request-Id") || generateRequestId();
+    const apiError = normalizeValidationError(err);
+    const errRecord = err instanceof Object ? err : {};
+    const code = apiError?.code ?? (typeof errRecord.code === "string" ? errRecord.code : undefined);
+    const status = apiError?.status ?? (typeof errRecord.status === "number" ? errRecord.status : 500);
+    const details = apiError?.details ??
+        (status < 500 && errRecord.details && typeof errRecord.details === "object"
+            ? errRecord.details
+            : undefined);
+    const errorMessage = status < 500
+        ? (apiError?.message ??
+            (typeof errRecord.message === "string" ? errRecord.message : "Bad Request"))
+        : "Internal Server Error";
+    try {
+        const headers = {};
+        c.req.raw.headers.forEach((value, key) => {
+            const lowerKey = key.toLowerCase();
+            headers[lowerKey] = REDACT_HEADERS.has(lowerKey) ? "[redacted]" : value;
+        });
+        console.error("[API:error]", {
+            id,
+            status,
+            code,
+            path: c.req.path,
+            method: c.req.method,
+            headers,
+            err: err instanceof Error ? err.message : String(err),
+        });
+    }
+    catch {
+        /* ignore logging errors */
+    }
+    const statusCode = status >= 100 && status <= 599 ? status : 500;
+    return new Response(JSON.stringify(apiErrorSchema.parse({ error: errorMessage, code, requestId: id, details })), {
+        status: statusCode,
+        headers: {
+            "content-type": "application/json",
+        },
+    });
+}
 export const errorBoundary = async (c, next) => {
     try {
         await next();
     }
     catch (err) {
-        const id = c.res.headers.get("X-Request-Id") || generateRequestId();
-        const errRecord = err instanceof Object ? err : {};
-        const code = typeof errRecord.code === "string" ? errRecord.code : undefined;
-        const status = typeof errRecord.status === "number" ? errRecord.status : 500;
-        try {
-            const headers = {};
-            c.req.raw.headers.forEach((value, key) => {
-                const lowerKey = key.toLowerCase();
-                headers[lowerKey] = REDACT_HEADERS.has(lowerKey) ? "[redacted]" : value;
-            });
-            console.error("[API:error]", {
-                id,
-                status,
-                code,
-                path: c.req.path,
-                method: c.req.method,
-                headers,
-                err: err instanceof Error ? err.message : String(err),
-            });
-        }
-        catch {
-            /* ignore logging errors */
-        }
-        const statusCode = (status >= 100 && status <= 599 ? status : 500);
-        return c.json(apiErrorSchema.parse({ error: "Internal Server Error", code, requestId: id }), statusCode);
+        return handleApiError(err, c);
     }
 };

package/dist/middleware/index.d.ts

@@ -1,7 +1,7 @@
 export { requireAuth } from "./auth.js";
 export { cors } from "./cors.js";
 export { db } from "./db.js";
-export { errorBoundary, requestId } from "./error-boundary.js";
+export { errorBoundary, handleApiError, requestId } from "./error-boundary.js";
 export { consoleLoggerProvider, logger } from "./logger.js";
 export { LIVE_LIMITS, rateLimit } from "./rate-limit.js";
 export { requireActor } from "./require-actor.js";

package/dist/middleware/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAA;AACvC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,EAAE,EAAE,MAAM,SAAS,CAAA;AAC5B,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAC3D,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAA;AACvC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,EAAE,EAAE,MAAM,SAAS,CAAA;AAC5B,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAC9E,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAC3D,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA"}

package/dist/middleware/index.js

@@ -1,7 +1,7 @@
 export { requireAuth } from "./auth.js";
 export { cors } from "./cors.js";
 export { db } from "./db.js";
-export { errorBoundary, requestId } from "./error-boundary.js";
+export { errorBoundary, handleApiError, requestId } from "./error-boundary.js";
 export { consoleLoggerProvider, logger } from "./logger.js";
 export { LIVE_LIMITS, rateLimit } from "./rate-limit.js";
 export { requireActor } from "./require-actor.js";

package/dist/middleware/require-permission.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"require-permission.d.ts","sourceRoot":"","sources":["../../src/middleware/require-permission.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAE7C,OAAO,KAAK,EAAE,SAAS,EAAE,qBAAqB,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAcpG,wBAAgB,iBAAiB,CAAC,SAAS,SAAS,cAAc,EAChE,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,EAC/B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,IAAI,CAAC,EAAE;IACL,IAAI,CAAC,EAAE,qBAAqB,CAAC,SAAS,CAAC,CAAA;CACxC,GACA,iBAAiB,CAAC;IACnB,QAAQ,EAAE,SAAS,CAAA;IACnB,SAAS,EAAE,eAAe,CAAA;CAC3B,CAAC,CA6CD"}
+{"version":3,"file":"require-permission.d.ts","sourceRoot":"","sources":["../../src/middleware/require-permission.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAG7C,OAAO,KAAK,EAAE,SAAS,EAAE,qBAAqB,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAepG,wBAAgB,iBAAiB,CAAC,SAAS,SAAS,cAAc,EAChE,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,EAC/B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,IAAI,CAAC,EAAE;IACL,IAAI,CAAC,EAAE,qBAAqB,CAAC,SAAS,CAAC,CAAA;CACxC,GACA,iBAAiB,CAAC;IACnB,QAAQ,EAAE,SAAS,CAAA;IACnB,SAAS,EAAE,eAAe,CAAA;CAC3B,CAAC,CA0CD"}

package/dist/middleware/require-permission.js

@@ -1,3 +1,5 @@
+import { requireUserId } from "../auth/require-user.js";
+import { ForbiddenApiError } from "../validation.js";
 function hasScope(scopes, permission) {
     if (!scopes || scopes.length === 0)
         return false;
@@ -17,10 +19,7 @@ export function requirePermission(dbFactory, resource, action, opts) {
         if (hasScope(scopes, permission)) {
             return next();
         }
-        const userId = c.get("userId");
-        if (!userId) {
-            return c.json({ error: "Unauthorized" }, 401);
-        }
+        const userId = requireUserId(c);
         if (!opts?.auth?.hasPermission) {
             return c.json({ error: "No auth permission checker configured" }, 500);
         }
@@ -41,7 +40,7 @@ export function requirePermission(dbFactory, resource, action, opts) {
             permission,
         });
         if (!allowed) {
-            return c.json({ error: "Forbidden" }, 403);
+            throw new ForbiddenApiError();
         }
         return next();
     };

package/dist/module.d.ts

@@ -14,6 +14,13 @@ export interface HonoModule {
     adminRoutes?: Hono<any>;
     /** Customer/partner/supplier-facing routes — mounted at `/v1/public/{module.name}`. */
     publicRoutes?: Hono<any>;
+    /**
+     * Optional override for the public mount path relative to `/v1/public`.
+     *
+     * Defaults to `{module.name}`. Use `"/"` to mount a module directly at the
+     * public root and omit the extra module segment.
+     */
+    publicPath?: string;
 }
 export interface HonoExtension {
     extension: Extension;
@@ -23,5 +30,12 @@ export interface HonoExtension {
     adminRoutes?: Hono<any>;
     /** Customer/partner/supplier-facing routes — mounted at `/v1/public/{extension.module}`. */
     publicRoutes?: Hono<any>;
+    /**
+     * Optional override for the public mount path relative to `/v1/public`.
+     *
+     * Defaults to `{extension.module}`. Use `"/"` to mount an extension directly
+     * at the public root and omit the extra module segment.
+     */
+    publicPath?: string;
 }
 //# sourceMappingURL=module.d.ts.map

package/dist/module.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"module.d.ts","sourceRoot":"","sources":["../src/module.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AACvD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAEhC,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAA;IACd;;;;;;OAMG;IAEH,MAAM,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IAClB,kEAAkE;IAElE,WAAW,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IACvB,uFAAuF;IAEvF,YAAY,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;CACzB;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,SAAS,CAAA;IACpB,0DAA0D;IAE1D,MAAM,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IAClB,uEAAuE;IAEvE,WAAW,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IACvB,4FAA4F;IAE5F,YAAY,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;CACzB"}
+{"version":3,"file":"module.d.ts","sourceRoot":"","sources":["../src/module.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AACvD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAEhC,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAA;IACd;;;;;;OAMG;IAEH,MAAM,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IAClB,kEAAkE;IAElE,WAAW,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IACvB,uFAAuF;IAEvF,YAAY,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IACxB;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,SAAS,CAAA;IACpB,0DAA0D;IAE1D,MAAM,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IAClB,uEAAuE;IAEvE,WAAW,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IACvB,4FAA4F;IAE5F,YAAY,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAA;IACxB;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB"}

package/dist/plugin.d.ts

@@ -1,21 +1,24 @@
-import type { LinkDefinition, Subscriber } from "@voyantjs/core";
+import type { BootstrapHandler, LinkDefinition, Subscriber } from "@voyantjs/core";
 import type { HonoExtension, HonoModule } from "./module.js";
 /**
- * Hono-flavoured plugin bundle.
+ * Hono-flavoured bundle contribution surface.
  *
- * Unlike the transport-agnostic `Plugin` in `@voyantjs/core`, a
- * `HonoPlugin` contributes {@link HonoModule} / {@link HonoExtension}
- * wrappers that can carry HTTP routes.
+ * `@voyantjs/hono` is the default HTTP transport adapter for Voyant. The
+ * preferred `HonoBundle` term describes reusable packages that contribute
+ * {@link HonoModule} / {@link HonoExtension} wrappers that can carry HTTP
+ * routes. `HonoPlugin` remains as a compatibility alias for the same shape.
  *
  * Registered via `createApp({ plugins: [...] })` — the app factory expands
- * each plugin into the underlying modules, extensions, subscribers, and link
+ * each bundle into the underlying modules, extensions, subscribers, and link
  * definitions before mounting them.
  */
-export interface HonoPlugin {
-    /** Unique plugin identifier (e.g. "payload-cms", "bokun"). */
+export interface HonoBundle {
+    /** Unique bundle identifier (e.g. "payload-cms", "bokun"). */
     name: string;
     /** Optional version tag for diagnostics. */
     version?: string;
+    /** Optional lazy runtime bootstrap executed once per app/isolate. */
+    bootstrap?: BootstrapHandler;
     /** Hono modules (module + routes) contributed by the plugin. */
     modules?: HonoModule[];
     /** Hono extensions (extension + routes) contributed by the plugin. */
@@ -25,20 +28,28 @@ export interface HonoPlugin {
     /** Link definitions contributed by the plugin. */
     links?: LinkDefinition[];
 }
+/** @deprecated Prefer {@link HonoBundle}. */
+export type HonoPlugin = HonoBundle;
 /**
- * Identity helper — returns the plugin unchanged, purely for IDE inference.
+ * Identity helper — returns the bundle unchanged, purely for IDE inference.
  */
-export declare function defineHonoPlugin<P extends HonoPlugin>(plugin: P): P;
-export interface ExpandedHonoPlugins {
+export declare function defineHonoBundle<P extends HonoBundle>(bundle: P): P;
+/** @deprecated Prefer {@link defineHonoBundle}. */
+export declare const defineHonoPlugin: typeof defineHonoBundle;
+export interface ExpandedHonoBundles {
     modules: HonoModule[];
     extensions: HonoExtension[];
     subscribers: Subscriber[];
     links: LinkDefinition[];
 }
+/** @deprecated Prefer {@link ExpandedHonoBundles}. */
+export type ExpandedHonoPlugins = ExpandedHonoBundles;
 /**
- * Flatten a list of {@link HonoPlugin} values into their constituent pieces.
+ * Flatten a list of {@link HonoBundle} values into their constituent pieces.
  *
- * Throws if two plugins declare the same `name`.
+ * Throws if two bundles declare the same `name`.
  */
-export declare function expandHonoPlugins(plugins: ReadonlyArray<HonoPlugin>): ExpandedHonoPlugins;
+export declare function expandHonoBundles(bundles: ReadonlyArray<HonoBundle>): ExpandedHonoBundles;
+/** @deprecated Prefer {@link expandHonoBundles}. */
+export declare const expandHonoPlugins: typeof expandHonoBundles;
 //# sourceMappingURL=plugin.d.ts.map

package/dist/plugin.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAEhE,OAAO,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAE5D;;;;;;;;;;GAUG;AACH,MAAM,WAAW,UAAU;IACzB,8DAA8D;IAC9D,IAAI,EAAE,MAAM,CAAA;IACZ,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,gEAAgE;IAChE,OAAO,CAAC,EAAE,UAAU,EAAE,CAAA;IACtB,sEAAsE;IACtE,UAAU,CAAC,EAAE,aAAa,EAAE,CAAA;IAC5B,wEAAwE;IACxE,WAAW,CAAC,EAAE,UAAU,EAAE,CAAA;IAC1B,kDAAkD;IAClD,KAAK,CAAC,EAAE,cAAc,EAAE,CAAA;CACzB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,SAAS,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,CAEnE;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,UAAU,EAAE,CAAA;IACrB,UAAU,EAAE,aAAa,EAAE,CAAA;IAC3B,WAAW,EAAE,UAAU,EAAE,CAAA;IACzB,KAAK,EAAE,cAAc,EAAE,CAAA;CACxB;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,aAAa,CAAC,UAAU,CAAC,GAAG,mBAAmB,CAoBzF"}
+{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAElF,OAAO,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAE5D;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,UAAU;IACzB,8DAA8D;IAC9D,IAAI,EAAE,MAAM,CAAA;IACZ,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,qEAAqE;IACrE,SAAS,CAAC,EAAE,gBAAgB,CAAA;IAC5B,gEAAgE;IAChE,OAAO,CAAC,EAAE,UAAU,EAAE,CAAA;IACtB,sEAAsE;IACtE,UAAU,CAAC,EAAE,aAAa,EAAE,CAAA;IAC5B,wEAAwE;IACxE,WAAW,CAAC,EAAE,UAAU,EAAE,CAAA;IAC1B,kDAAkD;IAClD,KAAK,CAAC,EAAE,cAAc,EAAE,CAAA;CACzB;AAED,6CAA6C;AAC7C,MAAM,MAAM,UAAU,GAAG,UAAU,CAAA;AAEnC;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,SAAS,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,CAEnE;AAED,mDAAmD;AACnD,eAAO,MAAM,gBAAgB,yBAAmB,CAAA;AAEhD,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,UAAU,EAAE,CAAA;IACrB,UAAU,EAAE,aAAa,EAAE,CAAA;IAC3B,WAAW,EAAE,UAAU,EAAE,CAAA;IACzB,KAAK,EAAE,cAAc,EAAE,CAAA;CACxB;AAED,sDAAsD;AACtD,MAAM,MAAM,mBAAmB,GAAG,mBAAmB,CAAA;AAErD;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,aAAa,CAAC,UAAU,CAAC,GAAG,mBAAmB,CAoBzF;AAED,oDAAoD;AACpD,eAAO,MAAM,iBAAiB,0BAAoB,CAAA"}

package/dist/plugin.js

@@ -1,33 +1,37 @@
 /**
- * Identity helper — returns the plugin unchanged, purely for IDE inference.
+ * Identity helper — returns the bundle unchanged, purely for IDE inference.
  */
-export function defineHonoPlugin(plugin) {
-    return plugin;
+export function defineHonoBundle(bundle) {
+    return bundle;
 }
+/** @deprecated Prefer {@link defineHonoBundle}. */
+export const defineHonoPlugin = defineHonoBundle;
 /**
- * Flatten a list of {@link HonoPlugin} values into their constituent pieces.
+ * Flatten a list of {@link HonoBundle} values into their constituent pieces.
  *
- * Throws if two plugins declare the same `name`.
+ * Throws if two bundles declare the same `name`.
  */
-export function expandHonoPlugins(plugins) {
+export function expandHonoBundles(bundles) {
     const seen = new Set();
     const modules = [];
     const extensions = [];
     const subscribers = [];
     const links = [];
-    for (const plugin of plugins) {
-        if (seen.has(plugin.name)) {
-            throw new Error(`Duplicate plugin name: "${plugin.name}"`);
+    for (const bundle of bundles) {
+        if (seen.has(bundle.name)) {
+            throw new Error(`Duplicate bundle name: "${bundle.name}"`);
         }
-        seen.add(plugin.name);
-        if (plugin.modules)
-            modules.push(...plugin.modules);
-        if (plugin.extensions)
-            extensions.push(...plugin.extensions);
-        if (plugin.subscribers)
-            subscribers.push(...plugin.subscribers);
-        if (plugin.links)
-            links.push(...plugin.links);
+        seen.add(bundle.name);
+        if (bundle.modules)
+            modules.push(...bundle.modules);
+        if (bundle.extensions)
+            extensions.push(...bundle.extensions);
+        if (bundle.subscribers)
+            subscribers.push(...bundle.subscribers);
+        if (bundle.links)
+            links.push(...bundle.links);
     }
     return { modules, extensions, subscribers, links };
 }
+/** @deprecated Prefer {@link expandHonoBundles}. */
+export const expandHonoPlugins = expandHonoBundles;

package/dist/types.d.ts

@@ -1,10 +1,10 @@
-import type { VoyantVariables as CoreVoyantVariables, ModuleContainer, VoyantAuthContext, VoyantPermission } from "@voyantjs/core";
+import type { VoyantVariables as CoreVoyantVariables, EventBus, LinkService, ModuleContainer, QueryGraphContext, QueryRunner, VoyantAuthContext, VoyantPermission } from "@voyantjs/core";
 import type { KVStore } from "@voyantjs/utils/cache";
 import type { NeonHttpDatabase } from "drizzle-orm/neon-http";
 import type { PostgresJsDatabase } from "drizzle-orm/postgres-js";
 import type { Hono } from "hono";
 import type { HonoExtension, HonoModule } from "./module.js";
-import type { HonoPlugin } from "./plugin.js";
+import type { HonoBundle } from "./plugin.js";
 export interface VoyantExecutionContext {
     waitUntil?: (promise: Promise<unknown>) => void;
     passThroughOnException?: () => void;
@@ -22,9 +22,16 @@ export interface VoyantBindings {
     CACHE?: KVStore;
 }
 export type VoyantDb = PostgresJsDatabase | NeonHttpDatabase;
+export type VoyantQueryRuntime = QueryRunner;
 export type VoyantVariables = CoreVoyantVariables & {
     db: VoyantDb;
+    /** Shared app/runtime container for explicit service resolution. */
     container: ModuleContainer;
+    eventBus: EventBus;
+    /** Shared cross-module link runtime, when the app wires one in. */
+    link?: LinkService;
+    /** Shared cross-module query runtime, when the app wires one in. */
+    query?: VoyantQueryRuntime;
 };
 export type DbFactory<TBindings extends VoyantBindings = VoyantBindings> = (env: TBindings) => VoyantDb;
 export type VoyantRequestAuthContext = VoyantAuthContext & {
@@ -60,7 +67,10 @@ export interface VoyantAppConfig<TBindings extends VoyantBindings = VoyantBindin
     db: DbFactory<TBindings>;
     modules?: HonoModule[];
     extensions?: HonoExtension[];
-    plugins?: HonoPlugin[];
+    plugins?: HonoBundle[];
+    eventBus?: EventBus;
+    link?: LinkService;
+    query?: QueryGraphContext | VoyantQueryRuntime;
     auth?: VoyantAuthIntegration<TBindings>;
     publicPaths?: string[];
     logger?: LoggerProvider;

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,eAAe,IAAI,mBAAmB,EACtC,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,gBAAgB,CAAA;AACvB,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AACpD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AAC7D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AACjE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAEhC,OAAO,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAC5D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAE7C,MAAM,WAAW,sBAAsB;IACrC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,IAAI,CAAA;IAC/C,sBAAsB,CAAC,EAAE,MAAM,IAAI,CAAA;CACpC;AAED,MAAM,WAAW,cAAc;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB;AAED,MAAM,MAAM,QAAQ,GAAG,kBAAkB,GAAG,gBAAgB,CAAA;AAC5D,MAAM,MAAM,eAAe,GAAG,mBAAmB,GAAG;IAClD,EAAE,EAAE,QAAQ,CAAA;IACZ,SAAS,EAAE,eAAe,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,SAAS,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,IAAI,CACzE,GAAG,EAAE,SAAS,KACX,QAAQ,CAAA;AAEb,MAAM,MAAM,wBAAwB,GAAG,iBAAiB,GAAG;IACzD,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI,CAAA;CAC3B;AAED,MAAM,WAAW,qBAAqB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IACtF,OAAO,EAAE,OAAO,CAAA;IAChB,GAAG,EAAE,SAAS,CAAA;IACd,EAAE,EAAE,QAAQ,CAAA;IACZ,GAAG,CAAC,EAAE,sBAAsB,CAAA;CAC7B;AAED,MAAM,WAAW,wBAAwB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,CACzF,SAAQ,qBAAqB,CAAC,SAAS,CAAC;IACxC,UAAU,EAAE,gBAAgB,CAAA;IAC5B,IAAI,EAAE,wBAAwB,CAAA;CAC/B;AAED,MAAM,WAAW,qBAAqB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IACtF,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,SAAS,KAAK;QAC5B,KAAK,EAAE,CACL,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,SAAS,EACd,GAAG,CAAC,EAAE,sBAAsB,KACzB,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;KAClC,CAAA;IACD,OAAO,CAAC,EAAE,CACR,IAAI,EAAE,qBAAqB,CAAC,SAAS,CAAC,KACnC,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC,GAAG,wBAAwB,GAAG,IAAI,CAAA;IAC/E,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,wBAAwB,CAAC,SAAS,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAA;CAC1F;AAED,MAAM,WAAW,eAAe,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IAChF,EAAE,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IACxB,OAAO,CAAC,EAAE,UAAU,EAAE,CAAA;IACtB,UAAU,CAAC,EAAE,aAAa,EAAE,CAAA;IAC5B,OAAO,CAAC,EAAE,UAAU,EAAE,CAAA;IACtB,IAAI,CAAC,EAAE,qBAAqB,CAAC,SAAS,CAAC,CAAA;IACvC,WAAW,CAAC,EAAE,MAAM,EAAE,CAAA;IACtB,MAAM,CAAC,EAAE,cAAc,CAAA;IAEvB,gBAAgB,CAAC,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAA;CAC5C"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,eAAe,IAAI,mBAAmB,EACtC,QAAQ,EACR,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,WAAW,EACX,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,gBAAgB,CAAA;AACvB,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AACpD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AAC7D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AACjE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAEhC,OAAO,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAC5D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAE7C,MAAM,WAAW,sBAAsB;IACrC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,IAAI,CAAA;IAC/C,sBAAsB,CAAC,EAAE,MAAM,IAAI,CAAA;CACpC;AAED,MAAM,WAAW,cAAc;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB;AAED,MAAM,MAAM,QAAQ,GAAG,kBAAkB,GAAG,gBAAgB,CAAA;AAC5D,MAAM,MAAM,kBAAkB,GAAG,WAAW,CAAA;AAE5C,MAAM,MAAM,eAAe,GAAG,mBAAmB,GAAG;IAClD,EAAE,EAAE,QAAQ,CAAA;IACZ,oEAAoE;IACpE,SAAS,EAAE,eAAe,CAAA;IAC1B,QAAQ,EAAE,QAAQ,CAAA;IAClB,mEAAmE;IACnE,IAAI,CAAC,EAAE,WAAW,CAAA;IAClB,oEAAoE;IACpE,KAAK,CAAC,EAAE,kBAAkB,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,SAAS,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,IAAI,CACzE,GAAG,EAAE,SAAS,KACX,QAAQ,CAAA;AAEb,MAAM,MAAM,wBAAwB,GAAG,iBAAiB,GAAG;IACzD,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI,CAAA;CAC3B;AAED,MAAM,WAAW,qBAAqB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IACtF,OAAO,EAAE,OAAO,CAAA;IAChB,GAAG,EAAE,SAAS,CAAA;IACd,EAAE,EAAE,QAAQ,CAAA;IACZ,GAAG,CAAC,EAAE,sBAAsB,CAAA;CAC7B;AAED,MAAM,WAAW,wBAAwB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,CACzF,SAAQ,qBAAqB,CAAC,SAAS,CAAC;IACxC,UAAU,EAAE,gBAAgB,CAAA;IAC5B,IAAI,EAAE,wBAAwB,CAAA;CAC/B;AAED,MAAM,WAAW,qBAAqB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IACtF,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,SAAS,KAAK;QAC5B,KAAK,EAAE,CACL,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,SAAS,EACd,GAAG,CAAC,EAAE,sBAAsB,KACzB,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;KAClC,CAAA;IACD,OAAO,CAAC,EAAE,CACR,IAAI,EAAE,qBAAqB,CAAC,SAAS,CAAC,KACnC,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC,GAAG,wBAAwB,GAAG,IAAI,CAAA;IAC/E,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,wBAAwB,CAAC,SAAS,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAA;CAC1F;AAED,MAAM,WAAW,eAAe,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc;IAChF,EAAE,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IACxB,OAAO,CAAC,EAAE,UAAU,EAAE,CAAA;IACtB,UAAU,CAAC,EAAE,aAAa,EAAE,CAAA;IAC5B,OAAO,CAAC,EAAE,UAAU,EAAE,CAAA;IACtB,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,IAAI,CAAC,EAAE,WAAW,CAAA;IAClB,KAAK,CAAC,EAAE,iBAAiB,GAAG,kBAAkB,CAAA;IAC9C,IAAI,CAAC,EAAE,qBAAqB,CAAC,SAAS,CAAC,CAAA;IACvC,WAAW,CAAC,EAAE,MAAM,EAAE,CAAA;IACtB,MAAM,CAAC,EAAE,cAAc,CAAA;IAEvB,gBAAgB,CAAC,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAA;CAC5C"}

package/dist/validation.d.ts

@@ -0,0 +1,34 @@
+import type { Context } from "hono";
+import { type ZodType } from "zod";
+export declare class ApiHttpError extends Error {
+    readonly status: number;
+    readonly code?: string;
+    readonly details?: Record<string, unknown>;
+    constructor(message: string, options: {
+        status: number;
+        code?: string;
+        details?: Record<string, unknown>;
+    });
+}
+export declare class RequestValidationError extends ApiHttpError {
+    constructor(message: string, details?: Record<string, unknown>);
+}
+export declare class UnauthorizedApiError extends ApiHttpError {
+    constructor(message?: string);
+}
+export declare class ForbiddenApiError extends ApiHttpError {
+    constructor(message?: string);
+}
+export declare function parseJsonBody<T>(c: Context, schema: ZodType<T>, options?: {
+    invalidJsonMessage?: string;
+    invalidBodyMessage?: string;
+}): Promise<T>;
+export declare function parseOptionalJsonBody<T>(c: Context, schema: ZodType<T>, options?: {
+    defaultValue?: unknown;
+    invalidBodyMessage?: string;
+}): Promise<T>;
+export declare function parseQuery<T>(c: Context, schema: ZodType<T>, options?: {
+    invalidQueryMessage?: string;
+}): T;
+export declare function normalizeValidationError(error: unknown): ApiHttpError | undefined;
+//# sourceMappingURL=validation.d.ts.map

package/dist/validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../src/validation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AACnC,OAAO,EAAY,KAAK,OAAO,EAAE,MAAM,KAAK,CAAA;AAE5C,qBAAa,YAAa,SAAQ,KAAK;IACrC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;gBAGxC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE;QACP,MAAM,EAAE,MAAM,CAAA;QACd,IAAI,CAAC,EAAE,MAAM,CAAA;QACb,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAClC;CAQJ;AAED,qBAAa,sBAAuB,SAAQ,YAAY;gBAC1C,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;CAQ/D;AAED,qBAAa,oBAAqB,SAAQ,YAAY;gBACxC,OAAO,SAAiB;CAOrC;AAED,qBAAa,iBAAkB,SAAQ,YAAY;gBACrC,OAAO,SAAc;CAOlC;AAqBD,wBAAsB,aAAa,CAAC,CAAC,EACnC,CAAC,EAAE,OAAO,EACV,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,EAClB,OAAO,CAAC,EAAE;IAAE,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAAC,kBAAkB,CAAC,EAAE,MAAM,CAAA;CAAE,GACrE,OAAO,CAAC,CAAC,CAAC,CAUZ;AAED,wBAAsB,qBAAqB,CAAC,CAAC,EAC3C,CAAC,EAAE,OAAO,EACV,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,EAClB,OAAO,CAAC,EAAE;IACR,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB,kBAAkB,CAAC,EAAE,MAAM,CAAA;CAC5B,GACA,OAAO,CAAC,CAAC,CAAC,CAUZ;AAED,wBAAgB,UAAU,CAAC,CAAC,EAC1B,CAAC,EAAE,OAAO,EACV,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,EAClB,OAAO,CAAC,EAAE;IAAE,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAAE,GACzC,CAAC,CAMH;AAED,wBAAgB,wBAAwB,CAAC,KAAK,EAAE,OAAO,GAAG,YAAY,GAAG,SAAS,CAUjF"}

package/dist/validation.js

@@ -0,0 +1,86 @@
+import { ZodError } from "zod";
+export class ApiHttpError extends Error {
+    status;
+    code;
+    details;
+    constructor(message, options) {
+        super(message);
+        this.name = "ApiHttpError";
+        this.status = options.status;
+        this.code = options.code;
+        this.details = options.details;
+    }
+}
+export class RequestValidationError extends ApiHttpError {
+    constructor(message, details) {
+        super(message, {
+            status: 400,
+            code: "invalid_request",
+            details,
+        });
+        this.name = "RequestValidationError";
+    }
+}
+export class UnauthorizedApiError extends ApiHttpError {
+    constructor(message = "Unauthorized") {
+        super(message, {
+            status: 401,
+            code: "unauthorized",
+        });
+        this.name = "UnauthorizedApiError";
+    }
+}
+export class ForbiddenApiError extends ApiHttpError {
+    constructor(message = "Forbidden") {
+        super(message, {
+            status: 403,
+            code: "forbidden",
+        });
+        this.name = "ForbiddenApiError";
+    }
+}
+function toValidationError(error, fallbackMessage = "Invalid request") {
+    return new RequestValidationError(error.issues[0]?.message ?? fallbackMessage, {
+        issues: error.issues,
+        fields: error.flatten(),
+    });
+}
+function validate(schema, input, fallbackMessage) {
+    const parsed = schema.safeParse(input);
+    if (!parsed.success) {
+        throw toValidationError(parsed.error, fallbackMessage);
+    }
+    return parsed.data;
+}
+export async function parseJsonBody(c, schema, options) {
+    let input;
+    try {
+        input = await c.req.json();
+    }
+    catch {
+        throw new RequestValidationError(options?.invalidJsonMessage ?? "Invalid JSON body");
+    }
+    return validate(schema, input, options?.invalidBodyMessage);
+}
+export async function parseOptionalJsonBody(c, schema, options) {
+    let input;
+    try {
+        input = await c.req.json();
+    }
+    catch {
+        input = options?.defaultValue ?? {};
+    }
+    return validate(schema, input, options?.invalidBodyMessage);
+}
+export function parseQuery(c, schema, options) {
+    return validate(schema, Object.fromEntries(new URL(c.req.url).searchParams), options?.invalidQueryMessage ?? "Invalid query parameters");
+}
+export function normalizeValidationError(error) {
+    if (error instanceof ApiHttpError) {
+        return error;
+    }
+    if (error instanceof ZodError) {
+        return toValidationError(error);
+    }
+    return undefined;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@voyantjs/hono",
-  "version": "0.5.0",
+  "version": "0.6.0",
   "license": "FSL-1.1-Apache-2.0",
   "type": "module",
   "exports": {
@@ -76,10 +76,11 @@
   "dependencies": {
     "drizzle-orm": "^0.45.2",
     "hono": "^4.12.10",
-    "@voyantjs/core": "0.5.0",
-    "@voyantjs/db": "0.5.0",
-    "@voyantjs/types": "0.5.0",
-    "@voyantjs/utils": "0.5.0"
+    "zod": "^4.3.6",
+    "@voyantjs/core": "0.6.0",
+    "@voyantjs/db": "0.6.0",
+    "@voyantjs/types": "0.6.0",
+    "@voyantjs/utils": "0.6.0"
   },
   "devDependencies": {
     "@cloudflare/workers-types": "^4.20260403.1",