@webpieces/http-api 0.2.17 → 0.2.21

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@webpieces/http-api",
-  "version": "0.2.17",
+  "version": "0.2.21",
   "description": "HTTP API decorators for defining REST APIs",
   "type": "commonjs",
   "main": "./src/index.js",
@@ -21,5 +21,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "dependencies": {}
+  "dependencies": {
+    "@webpieces/core-util": "0.2.21"
+  }
 }

package/src/ContextReader.d.ts

@@ -0,0 +1 @@
+export {};

package/src/ContextReader.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=ContextReader.js.map

package/src/ContextReader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ContextReader.js","sourceRoot":"","sources":["../../../../../packages/http/http-api/src/ContextReader.ts"],"names":[],"mappings":"","sourcesContent":["import { PlatformHeader } from './PlatformHeader';\n\n\n"]}

package/src/HeaderMethods.d.ts

@@ -0,0 +1,94 @@
+import { PlatformHeader } from './PlatformHeader';
+/**
+ * ContextReader - Interface for reading header values from context.
+ *
+ * Different implementations for different environments:
+ * - RequestContextReader: Node.js with AsyncLocalStorage (in @webpieces/http-routing, server-side only)
+ * - StaticContextReader: Browser or testing with manual header management (in @webpieces/http-client)
+ * - CompositeContextReader: Combines multiple readers with priority (in @webpieces/http-client)
+ *
+ * This interface is defined in @webpieces/http-api so both http-routing and http-client
+ * can use it without creating circular dependencies.
+ *
+ * This interface is DI-independent so it works in both server (Inversify)
+ * and client (Angular, browser) environments.
+ */
+export interface ContextReader {
+    /**
+     * Read the value of a platform header.
+     * Returns undefined if header not available.
+     *
+     * @param header - The platform header to read
+     * @returns The header value, or undefined if not present
+     */
+    read(header: PlatformHeader): string | undefined;
+}
+/**
+ * HeaderMethods - Utility class for working with platform headers.
+ *
+ * This class can be injected in both server (Node.js) and client (Angular/browser) environments.
+ * It provides common operations for filtering and processing headers.
+ *
+ * Pattern: Stateless utility class (pure functions, can be instantiated or injected)
+ * - Server: Can inject empty instance, use static-like methods
+ * - Client: new HeaderMethods() (no DI needed)
+ *
+ * Usage:
+ * ```typescript
+ * // Server-side (ContextFilter)
+ * constructor(@inject() headerMethods: HeaderMethods) {
+ *     const allHeaders = [... flatten from extensions ...];
+ *     this.transferHeaders = headerMethods.findTransferHeaders(allHeaders);
+ * }
+ *
+ * // Client-side (ClientFactory)
+ * const headerMethods = new HeaderMethods();
+ * const loggableHeaders = headerMethods.findLoggableHeaders(allHeaders, requestHeaders);
+ * ```
+ */
+export declare class HeaderMethods {
+    /**
+     * Filter headers to only those that should be transferred (isWantTransferred=true).
+     *
+     * @param headers - Array of PlatformHeader definitions
+     * @returns Filtered array of headers with isWantTransferred=true
+     */
+    findTransferHeaders(headers: PlatformHeader[]): PlatformHeader[];
+    /**
+     * Split headers into secure and public categories.
+     *
+     * @param headers - Array of PlatformHeader definitions
+     * @returns SplitHeaders with secureHeaders (isSecured=true) and publicHeaders (isSecured=false)
+     */
+    secureHeaders(headers: PlatformHeader[]): PlatformHeader[];
+    /**
+     * Get all headers that should be logged.
+     * All headers are loggable - secure headers will be masked by formatHeadersForLogging.
+     *
+     * @param headers - Array of PlatformHeader definitions
+     * @returns All headers (they're all loggable, just some are masked)
+     */
+    findLoggableHeaders(headers: PlatformHeader[]): PlatformHeader[];
+    buildSecureMapForLogs(platformHeaders: PlatformHeader[], contextReader: ContextReader): Map<string, any>;
+    /**
+     * Format headers for logging with secure masking.
+     * Takes filtered PlatformHeaders and actual header values from request.
+     *
+     * Masking rules for secure headers (isSecured=true):
+     * - Length > 15: Show first 3 and last 3 characters with "..." between
+     * - Length 8-15: Show first 2 characters with "..."
+     * - Length < 8: Show "<secure key too short to log>"
+     *
+     * @param loggableHeaders - Filtered PlatformHeaders to log
+     * @param headerMap - Map of header name (lowercase) -> array of values from request
+     * @returns Record of header name -> masked or full value for logging
+     */
+    formatHeadersForLogging(loggableHeaders: PlatformHeader[], headerMap: Map<string, string[]>): Record<string, string>;
+    /**
+     * Mask a secure header value based on its length.
+     *
+     * @param value - The secure header value to mask
+     * @returns Masked value
+     */
+    private maskSecureValue;
+}

package/src/HeaderMethods.js

@@ -0,0 +1,122 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HeaderMethods = void 0;
+/**
+ * HeaderMethods - Utility class for working with platform headers.
+ *
+ * This class can be injected in both server (Node.js) and client (Angular/browser) environments.
+ * It provides common operations for filtering and processing headers.
+ *
+ * Pattern: Stateless utility class (pure functions, can be instantiated or injected)
+ * - Server: Can inject empty instance, use static-like methods
+ * - Client: new HeaderMethods() (no DI needed)
+ *
+ * Usage:
+ * ```typescript
+ * // Server-side (ContextFilter)
+ * constructor(@inject() headerMethods: HeaderMethods) {
+ *     const allHeaders = [... flatten from extensions ...];
+ *     this.transferHeaders = headerMethods.findTransferHeaders(allHeaders);
+ * }
+ *
+ * // Client-side (ClientFactory)
+ * const headerMethods = new HeaderMethods();
+ * const loggableHeaders = headerMethods.findLoggableHeaders(allHeaders, requestHeaders);
+ * ```
+ */
+class HeaderMethods {
+    /**
+     * Filter headers to only those that should be transferred (isWantTransferred=true).
+     *
+     * @param headers - Array of PlatformHeader definitions
+     * @returns Filtered array of headers with isWantTransferred=true
+     */
+    findTransferHeaders(headers) {
+        return headers.filter(h => h.isWantTransferred);
+    }
+    /**
+     * Split headers into secure and public categories.
+     *
+     * @param headers - Array of PlatformHeader definitions
+     * @returns SplitHeaders with secureHeaders (isSecured=true) and publicHeaders (isSecured=false)
+     */
+    secureHeaders(headers) {
+        return headers.filter(h => h.isSecured);
+    }
+    /**
+     * Get all headers that should be logged.
+     * All headers are loggable - secure headers will be masked by formatHeadersForLogging.
+     *
+     * @param headers - Array of PlatformHeader definitions
+     * @returns All headers (they're all loggable, just some are masked)
+     */
+    findLoggableHeaders(headers) {
+        return headers; // All headers are loggable, secure ones will be masked
+    }
+    buildSecureMapForLogs(platformHeaders, contextReader) {
+        const headers = new Map();
+        for (const header of platformHeaders) {
+            const value = contextReader.read(header);
+            if (value) {
+                if (!header.isSecured)
+                    headers.set(header.headerName, value);
+                else
+                    headers.set(header.headerName, this.maskSecureValue(value));
+            }
+        }
+        return headers;
+    }
+    /**
+     * Format headers for logging with secure masking.
+     * Takes filtered PlatformHeaders and actual header values from request.
+     *
+     * Masking rules for secure headers (isSecured=true):
+     * - Length > 15: Show first 3 and last 3 characters with "..." between
+     * - Length 8-15: Show first 2 characters with "..."
+     * - Length < 8: Show "<secure key too short to log>"
+     *
+     * @param loggableHeaders - Filtered PlatformHeaders to log
+     * @param headerMap - Map of header name (lowercase) -> array of values from request
+     * @returns Record of header name -> masked or full value for logging
+     */
+    formatHeadersForLogging(loggableHeaders, headerMap) {
+        const result = {};
+        for (const platformHeader of loggableHeaders) {
+            // Look for header in the map (case-insensitive)
+            const values = headerMap.get(platformHeader.headerName.toLowerCase());
+            if (!values || values.length === 0) {
+                continue;
+            }
+            const value = values[0]; // Take first value
+            if (platformHeader.isSecured) {
+                result[platformHeader.headerName] = this.maskSecureValue(value);
+            }
+            else {
+                result[platformHeader.headerName] = value;
+            }
+        }
+        return result;
+    }
+    /**
+     * Mask a secure header value based on its length.
+     *
+     * @param value - The secure header value to mask
+     * @returns Masked value
+     */
+    maskSecureValue(value) {
+        const len = value.length;
+        if (len < 8) {
+            return '<secure key too short to log>';
+        }
+        else if (len <= 15) {
+            // 8-15 characters: show first 2 + "..."
+            return `${value.substring(0, 2)}...`;
+        }
+        else {
+            // > 15 characters: show first 3 + "..." + last 3
+            return `${value.substring(0, 3)}...${value.substring(len - 3)}`;
+        }
+    }
+}
+exports.HeaderMethods = HeaderMethods;
+//# sourceMappingURL=HeaderMethods.js.map

package/src/HeaderMethods.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"HeaderMethods.js","sourceRoot":"","sources":["../../../../../packages/http/http-api/src/HeaderMethods.ts"],"names":[],"mappings":";;;AA2BA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAa,aAAa;IACtB;;;;;OAKG;IACH,mBAAmB,CAAC,OAAyB;QACzC,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC;IACpD,CAAC;IAED;;;;;OAKG;IACH,aAAa,CAAC,OAAyB;QACnC,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED;;;;;;OAMG;IACH,mBAAmB,CAAC,OAAyB;QACzC,OAAO,OAAO,CAAC,CAAC,uDAAuD;IAC3E,CAAC;IAED,qBAAqB,CAAC,eAAiC,EAAE,aAA4B;QACjF,MAAM,OAAO,GAAG,IAAI,GAAG,EAAe,CAAC;QAEvC,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;YACnC,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACzC,IAAG,KAAK,EAAE,CAAC;gBACP,IAAG,CAAC,MAAM,CAAC,SAAS;oBAChB,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;;oBAEtC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;YACpE,CAAC;QACL,CAAC;QAED,OAAO,OAAO,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,uBAAuB,CAAC,eAAiC,EAAE,SAAgC;QACvF,MAAM,MAAM,GAA2B,EAAE,CAAC;QAE1C,KAAK,MAAM,cAAc,IAAI,eAAe,EAAE,CAAC;YAC3C,gDAAgD;YAChD,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;YACtE,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjC,SAAS;YACb,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;YAE5C,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;gBAC3B,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YACpE,CAAC;iBAAM,CAAC;gBACJ,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC;YAC9C,CAAC;QACL,CAAC;QAED,OAAO,MAAM,CAAC;IAClB,CAAC;IAED;;;;;OAKG;IACK,eAAe,CAAC,KAAa;QACjC,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,CAAC;QAEzB,IAAI,GAAG,GAAG,CAAC,EAAE,CAAC;YACV,OAAO,+BAA+B,CAAC;QAC3C,CAAC;aAAM,IAAI,GAAG,IAAI,EAAE,EAAE,CAAC;YACnB,wCAAwC;YACxC,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC;QACzC,CAAC;aAAM,CAAC;YACJ,iDAAiD;YACjD,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,SAAS,CAAC,GAAG,GAAG,CAAC,CAAC,EAAE,CAAC;QACpE,CAAC;IACL,CAAC;CACJ;AAtGD,sCAsGC","sourcesContent":["import { PlatformHeader } from './PlatformHeader';\n\n/**\n * ContextReader - Interface for reading header values from context.\n *\n * Different implementations for different environments:\n * - RequestContextReader: Node.js with AsyncLocalStorage (in @webpieces/http-routing, server-side only)\n * - StaticContextReader: Browser or testing with manual header management (in @webpieces/http-client)\n * - CompositeContextReader: Combines multiple readers with priority (in @webpieces/http-client)\n *\n * This interface is defined in @webpieces/http-api so both http-routing and http-client\n * can use it without creating circular dependencies.\n *\n * This interface is DI-independent so it works in both server (Inversify)\n * and client (Angular, browser) environments.\n */\nexport interface ContextReader {\n    /**\n     * Read the value of a platform header.\n     * Returns undefined if header not available.\n     *\n     * @param header - The platform header to read\n     * @returns The header value, or undefined if not present\n     */\n    read(header: PlatformHeader): string | undefined;\n}\n\n/**\n * HeaderMethods - Utility class for working with platform headers.\n *\n * This class can be injected in both server (Node.js) and client (Angular/browser) environments.\n * It provides common operations for filtering and processing headers.\n *\n * Pattern: Stateless utility class (pure functions, can be instantiated or injected)\n * - Server: Can inject empty instance, use static-like methods\n * - Client: new HeaderMethods() (no DI needed)\n *\n * Usage:\n * ```typescript\n * // Server-side (ContextFilter)\n * constructor(@inject() headerMethods: HeaderMethods) {\n *     const allHeaders = [... flatten from extensions ...];\n *     this.transferHeaders = headerMethods.findTransferHeaders(allHeaders);\n * }\n *\n * // Client-side (ClientFactory)\n * const headerMethods = new HeaderMethods();\n * const loggableHeaders = headerMethods.findLoggableHeaders(allHeaders, requestHeaders);\n * ```\n */\nexport class HeaderMethods {\n    /**\n     * Filter headers to only those that should be transferred (isWantTransferred=true).\n     *\n     * @param headers - Array of PlatformHeader definitions\n     * @returns Filtered array of headers with isWantTransferred=true\n     */\n    findTransferHeaders(headers: PlatformHeader[]): PlatformHeader[] {\n        return headers.filter(h => h.isWantTransferred);\n    }\n\n    /**\n     * Split headers into secure and public categories.\n     *\n     * @param headers - Array of PlatformHeader definitions\n     * @returns SplitHeaders with secureHeaders (isSecured=true) and publicHeaders (isSecured=false)\n     */\n    secureHeaders(headers: PlatformHeader[]): PlatformHeader[] {\n        return headers.filter(h => h.isSecured);\n    }\n\n    /**\n     * Get all headers that should be logged.\n     * All headers are loggable - secure headers will be masked by formatHeadersForLogging.\n     *\n     * @param headers - Array of PlatformHeader definitions\n     * @returns All headers (they're all loggable, just some are masked)\n     */\n    findLoggableHeaders(headers: PlatformHeader[]): PlatformHeader[] {\n        return headers; // All headers are loggable, secure ones will be masked\n    }\n\n    buildSecureMapForLogs(platformHeaders: PlatformHeader[], contextReader: ContextReader): Map<string, any> {\n        const headers = new Map<string, any>();\n\n        for (const header of platformHeaders) {\n            const value = contextReader.read(header);\n            if(value) {\n                if(!header.isSecured)\n                    headers.set(header.headerName, value);\n                else\n                    headers.set(header.headerName, this.maskSecureValue(value));\n            }\n        }\n\n        return headers;\n    }\n\n    /**\n     * Format headers for logging with secure masking.\n     * Takes filtered PlatformHeaders and actual header values from request.\n     *\n     * Masking rules for secure headers (isSecured=true):\n     * - Length > 15: Show first 3 and last 3 characters with \"...\" between\n     * - Length 8-15: Show first 2 characters with \"...\"\n     * - Length < 8: Show \"<secure key too short to log>\"\n     *\n     * @param loggableHeaders - Filtered PlatformHeaders to log\n     * @param headerMap - Map of header name (lowercase) -> array of values from request\n     * @returns Record of header name -> masked or full value for logging\n     */\n    formatHeadersForLogging(loggableHeaders: PlatformHeader[], headerMap: Map<string, string[]>): Record<string, string> {\n        const result: Record<string, string> = {};\n\n        for (const platformHeader of loggableHeaders) {\n            // Look for header in the map (case-insensitive)\n            const values = headerMap.get(platformHeader.headerName.toLowerCase());\n            if (!values || values.length === 0) {\n                continue;\n            }\n\n            const value = values[0]; // Take first value\n\n            if (platformHeader.isSecured) {\n                result[platformHeader.headerName] = this.maskSecureValue(value);\n            } else {\n                result[platformHeader.headerName] = value;\n            }\n        }\n\n        return result;\n    }\n\n    /**\n     * Mask a secure header value based on its length.\n     *\n     * @param value - The secure header value to mask\n     * @returns Masked value\n     */\n    private maskSecureValue(value: string): string {\n        const len = value.length;\n\n        if (len < 8) {\n            return '<secure key too short to log>';\n        } else if (len <= 15) {\n            // 8-15 characters: show first 2 + \"...\"\n            return `${value.substring(0, 2)}...`;\n        } else {\n            // > 15 characters: show first 3 + \"...\" + last 3\n            return `${value.substring(0, 3)}...${value.substring(len - 3)}`;\n        }\n    }\n}\n\n\n"]}

package/src/HeaderTypes.d.ts

@@ -0,0 +1,29 @@
+/**
+ * DI symbols for platform headers system.
+ *
+ * Uses Symbol.for() to create global symbols that work across module boundaries.
+ * This is important for Inversify multiInject pattern where multiple modules
+ * bind to the same symbol.
+ */
+export declare const HEADER_TYPES: {
+    /**
+     * Symbol for PlatformHeadersExtension instances.
+     * Multiple modules can bind PlatformHeadersExtension instances to this symbol,
+     * and consumers can use @multiInject to collect all of them.
+     *
+     * Pattern: Extension (DI-level) vs Plugin (App-level)
+     * - Extensions contribute specific capabilities to framework (headers, converters, etc.)
+     * - Plugins provide complete features with modules + routes (Hibernate, Jackson, etc.)
+     *
+     * Usage:
+     * ```typescript
+     * // In a module
+     * const extension = new PlatformHeadersExtension([header1, header2]);
+     * bind<PlatformHeadersExtension>(HEADER_TYPES.PlatformHeadersExtension).toConstantValue(extension);
+     *
+     * // In a consumer
+     * constructor(@multiInject(HEADER_TYPES.PlatformHeadersExtension) extensions: PlatformHeadersExtension[]) {}
+     * ```
+     */
+    PlatformHeadersExtension: symbol;
+};

package/src/HeaderTypes.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HEADER_TYPES = void 0;
+/**
+ * DI symbols for platform headers system.
+ *
+ * Uses Symbol.for() to create global symbols that work across module boundaries.
+ * This is important for Inversify multiInject pattern where multiple modules
+ * bind to the same symbol.
+ */
+exports.HEADER_TYPES = {
+    /**
+     * Symbol for PlatformHeadersExtension instances.
+     * Multiple modules can bind PlatformHeadersExtension instances to this symbol,
+     * and consumers can use @multiInject to collect all of them.
+     *
+     * Pattern: Extension (DI-level) vs Plugin (App-level)
+     * - Extensions contribute specific capabilities to framework (headers, converters, etc.)
+     * - Plugins provide complete features with modules + routes (Hibernate, Jackson, etc.)
+     *
+     * Usage:
+     * ```typescript
+     * // In a module
+     * const extension = new PlatformHeadersExtension([header1, header2]);
+     * bind<PlatformHeadersExtension>(HEADER_TYPES.PlatformHeadersExtension).toConstantValue(extension);
+     *
+     * // In a consumer
+     * constructor(@multiInject(HEADER_TYPES.PlatformHeadersExtension) extensions: PlatformHeadersExtension[]) {}
+     * ```
+     */
+    PlatformHeadersExtension: Symbol.for('PlatformHeadersExtension'),
+};
+//# sourceMappingURL=HeaderTypes.js.map

package/src/HeaderTypes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"HeaderTypes.js","sourceRoot":"","sources":["../../../../../packages/http/http-api/src/HeaderTypes.ts"],"names":[],"mappings":";;;AAAA;;;;;;GAMG;AACU,QAAA,YAAY,GAAG;IACxB;;;;;;;;;;;;;;;;;;OAkBG;IACH,wBAAwB,EAAE,MAAM,CAAC,GAAG,CAAC,0BAA0B,CAAC;CACnE,CAAC","sourcesContent":["/**\n * DI symbols for platform headers system.\n *\n * Uses Symbol.for() to create global symbols that work across module boundaries.\n * This is important for Inversify multiInject pattern where multiple modules\n * bind to the same symbol.\n */\nexport const HEADER_TYPES = {\n    /**\n     * Symbol for PlatformHeadersExtension instances.\n     * Multiple modules can bind PlatformHeadersExtension instances to this symbol,\n     * and consumers can use @multiInject to collect all of them.\n     *\n     * Pattern: Extension (DI-level) vs Plugin (App-level)\n     * - Extensions contribute specific capabilities to framework (headers, converters, etc.)\n     * - Plugins provide complete features with modules + routes (Hibernate, Jackson, etc.)\n     *\n     * Usage:\n     * ```typescript\n     * // In a module\n     * const extension = new PlatformHeadersExtension([header1, header2]);\n     * bind<PlatformHeadersExtension>(HEADER_TYPES.PlatformHeadersExtension).toConstantValue(extension);\n     *\n     * // In a consumer\n     * constructor(@multiInject(HEADER_TYPES.PlatformHeadersExtension) extensions: PlatformHeadersExtension[]) {}\n     * ```\n     */\n    PlatformHeadersExtension: Symbol.for('PlatformHeadersExtension'),\n};\n"]}

package/src/LogApiCall.d.ts

@@ -0,0 +1,41 @@
+import { RouteMetadata } from "./decorators";
+/**
+ * LogApiCall - Generic API call logging utility.
+ *
+ * Used by both server-side (LogApiFilter) and client-side (ClientFactory) for
+ * consistent logging patterns across the framework.
+ *
+ * Logging format patterns:
+ * - [API-{type}-req] ClassName.methodName request={...} headers={...}
+ * - [API-{type}-resp-SUCCESS] ClassName.methodName response={...}
+ * - [API-{type}-resp-OTHER] ClassName.methodName errorType={...}  (user errors)
+ * - [API-{type}-resp-FAIL] ClassName.methodName error={...}  (server errors)
+ */
+export declare class LogApiCall {
+    /**
+     * Execute an API call with logging around it.
+     *
+     * @param type - 'SVR' or 'CLIENT'
+     * @param meta - Route metadata with controllerClassName and methodName
+     * @param requestDto - The request DTO
+     * @param headers - Map of header name -> values
+     * @param splitHeaders - SplitHeaders with secureHeaders and publicHeaders for masking
+     * @param method - The method to execute
+     */
+    execute(type: string, meta: RouteMetadata, requestDto: any, headers: Map<string, any>, method: (dto: any) => Promise<any>): Promise<any>;
+    /**
+     * Check if an error is a user error (expected behavior from server perspective).
+     * User errors are NOT failures - just users making mistakes or validation issues.
+     *
+     * User errors (logged as OTHER, no stack trace):
+     * - HttpBadRequestError (400)
+     * - HttpUnauthorizedError (401)
+     * - HttpForbiddenError (403)
+     * - HttpNotFoundError (404)
+     * - HttpUserError (266)
+     *
+     * @param error - The error to check
+     * @returns true if this is a user error, false for server errors
+     */
+    static isUserError(error: unknown): boolean;
+}

package/src/LogApiCall.js

@@ -0,0 +1,77 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LogApiCall = void 0;
+const errors_1 = require("./errors");
+const core_util_1 = require("@webpieces/core-util");
+/**
+ * LogApiCall - Generic API call logging utility.
+ *
+ * Used by both server-side (LogApiFilter) and client-side (ClientFactory) for
+ * consistent logging patterns across the framework.
+ *
+ * Logging format patterns:
+ * - [API-{type}-req] ClassName.methodName request={...} headers={...}
+ * - [API-{type}-resp-SUCCESS] ClassName.methodName response={...}
+ * - [API-{type}-resp-OTHER] ClassName.methodName errorType={...}  (user errors)
+ * - [API-{type}-resp-FAIL] ClassName.methodName error={...}  (server errors)
+ */
+class LogApiCall {
+    /**
+     * Execute an API call with logging around it.
+     *
+     * @param type - 'SVR' or 'CLIENT'
+     * @param meta - Route metadata with controllerClassName and methodName
+     * @param requestDto - The request DTO
+     * @param headers - Map of header name -> values
+     * @param splitHeaders - SplitHeaders with secureHeaders and publicHeaders for masking
+     * @param method - The method to execute
+     */
+    async execute(type, meta, requestDto, headers, method) {
+        // Log request - convert Map to Object for JSON serialization
+        const headersObj = Object.fromEntries(headers);
+        console.log(`[API-${type}-req] ${meta.controllerClassName}.${meta.methodName} ${meta.path} request=${JSON.stringify(requestDto)} headers=${JSON.stringify(headersObj)}`);
+        // eslint-disable-next-line @webpieces/no-unmanaged-exceptions -- LogApiCall logs errors before re-throwing to caller
+        try {
+            const response = await method(requestDto);
+            // Log success response
+            console.log(`[API-${type}-resp-SUCCESS] ${meta.controllerClassName}.${meta.methodName} response=${JSON.stringify(response)}`);
+            return response;
+        }
+        catch (err) {
+            const error = (0, core_util_1.toError)(err);
+            const errorType = error.constructor.name;
+            const errorMessage = error.message;
+            // Log error based on type and re-throw
+            if (LogApiCall.isUserError(error)) {
+                console.log(`[API-${type}-resp-OTHER] ${meta.controllerClassName}.${meta.methodName} errorType=${errorType}`);
+            }
+            else {
+                console.error(`[API-${type}-resp-FAIL] ${meta.controllerClassName}.${meta.methodName} errorType=${errorType} error=${errorMessage}`);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Check if an error is a user error (expected behavior from server perspective).
+     * User errors are NOT failures - just users making mistakes or validation issues.
+     *
+     * User errors (logged as OTHER, no stack trace):
+     * - HttpBadRequestError (400)
+     * - HttpUnauthorizedError (401)
+     * - HttpForbiddenError (403)
+     * - HttpNotFoundError (404)
+     * - HttpUserError (266)
+     *
+     * @param error - The error to check
+     * @returns true if this is a user error, false for server errors
+     */
+    static isUserError(error) {
+        return (error instanceof errors_1.HttpBadRequestError ||
+            error instanceof errors_1.HttpUnauthorizedError ||
+            error instanceof errors_1.HttpForbiddenError ||
+            error instanceof errors_1.HttpNotFoundError ||
+            error instanceof errors_1.HttpUserError);
+    }
+}
+exports.LogApiCall = LogApiCall;
+//# sourceMappingURL=LogApiCall.js.map

package/src/LogApiCall.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"LogApiCall.js","sourceRoot":"","sources":["../../../../../packages/http/http-api/src/LogApiCall.ts"],"names":[],"mappings":";;;AACA,qCAMkB;AAClB,oDAA6C;AAG7C;;;;;;;;;;;GAWG;AACH,MAAa,UAAU;IAEnB;;;;;;;;;OASG;IACI,KAAK,CAAC,OAAO,CAChB,IAAY,EACZ,IAAmB,EACnB,UAAe,EACf,OAAyB,EACzB,MAAkC;QAElC,6DAA6D;QAC7D,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CACP,QAAQ,IAAI,SAAS,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,IAAI,YAAY,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,YAAY,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAC9J,CAAC;QAEF,qHAAqH;QACrH,IAAI,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;YAE1C,uBAAuB;YACvB,OAAO,CAAC,GAAG,CACP,QAAQ,IAAI,kBAAkB,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,UAAU,aAAa,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CACnH,CAAC;YAEF,OAAO,QAAQ,CAAC;QACpB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,IAAA,mBAAO,EAAC,GAAG,CAAC,CAAC;YAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC;YACzC,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC;YAEnC,uCAAuC;YACvC,IAAI,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,OAAO,CAAC,GAAG,CACP,QAAQ,IAAI,gBAAgB,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,UAAU,cAAc,SAAS,EAAE,CACnG,CAAC;YACN,CAAC;iBAAM,CAAC;gBACJ,OAAO,CAAC,KAAK,CACT,QAAQ,IAAI,eAAe,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,UAAU,cAAc,SAAS,UAAU,YAAY,EAAE,CACxH,CAAC;YACN,CAAC;YACD,MAAM,KAAK,CAAC;QAChB,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,MAAM,CAAC,WAAW,CAAC,KAAc;QAC7B,OAAO,CACH,KAAK,YAAY,4BAAmB;YACpC,KAAK,YAAY,8BAAqB;YACtC,KAAK,YAAY,2BAAkB;YACnC,KAAK,YAAY,0BAAiB;YAClC,KAAK,YAAY,sBAAa,CACjC,CAAC;IACN,CAAC;CACJ;AA7ED,gCA6EC","sourcesContent":["import {RouteMetadata} from \"./decorators\";\nimport {\n    HttpBadRequestError,\n    HttpUnauthorizedError,\n    HttpForbiddenError,\n    HttpNotFoundError,\n    HttpUserError,\n} from './errors';\nimport {toError} from \"@webpieces/core-util\";\n\n\n/**\n * LogApiCall - Generic API call logging utility.\n *\n * Used by both server-side (LogApiFilter) and client-side (ClientFactory) for\n * consistent logging patterns across the framework.\n *\n * Logging format patterns:\n * - [API-{type}-req] ClassName.methodName request={...} headers={...}\n * - [API-{type}-resp-SUCCESS] ClassName.methodName response={...}\n * - [API-{type}-resp-OTHER] ClassName.methodName errorType={...}  (user errors)\n * - [API-{type}-resp-FAIL] ClassName.methodName error={...}  (server errors)\n */\nexport class LogApiCall {\n\n    /**\n     * Execute an API call with logging around it.\n     *\n     * @param type - 'SVR' or 'CLIENT'\n     * @param meta - Route metadata with controllerClassName and methodName\n     * @param requestDto - The request DTO\n     * @param headers - Map of header name -> values\n     * @param splitHeaders - SplitHeaders with secureHeaders and publicHeaders for masking\n     * @param method - The method to execute\n     */\n    public async execute(\n        type: string,\n        meta: RouteMetadata,\n        requestDto: any,\n        headers: Map<string, any>,\n        method: (dto: any) => Promise<any>\n    ): Promise<any> {\n        // Log request - convert Map to Object for JSON serialization\n        const headersObj = Object.fromEntries(headers);\n        console.log(\n            `[API-${type}-req] ${meta.controllerClassName}.${meta.methodName} ${meta.path} request=${JSON.stringify(requestDto)} headers=${JSON.stringify(headersObj)}`\n        );\n\n        // eslint-disable-next-line @webpieces/no-unmanaged-exceptions -- LogApiCall logs errors before re-throwing to caller\n        try {\n            const response = await method(requestDto);\n\n            // Log success response\n            console.log(\n                `[API-${type}-resp-SUCCESS] ${meta.controllerClassName}.${meta.methodName} response=${JSON.stringify(response)}`\n            );\n\n            return response;\n        } catch (err: any) {\n            const error = toError(err);\n            const errorType = error.constructor.name;\n            const errorMessage = error.message;\n\n            // Log error based on type and re-throw\n            if (LogApiCall.isUserError(error)) {\n                console.log(\n                    `[API-${type}-resp-OTHER] ${meta.controllerClassName}.${meta.methodName} errorType=${errorType}`\n                );\n            } else {\n                console.error(\n                    `[API-${type}-resp-FAIL] ${meta.controllerClassName}.${meta.methodName} errorType=${errorType} error=${errorMessage}`\n                );\n            }\n            throw error;\n        }\n    }\n\n    /**\n     * Check if an error is a user error (expected behavior from server perspective).\n     * User errors are NOT failures - just users making mistakes or validation issues.\n     *\n     * User errors (logged as OTHER, no stack trace):\n     * - HttpBadRequestError (400)\n     * - HttpUnauthorizedError (401)\n     * - HttpForbiddenError (403)\n     * - HttpNotFoundError (404)\n     * - HttpUserError (266)\n     *\n     * @param error - The error to check\n     * @returns true if this is a user error, false for server errors\n     */\n    static isUserError(error: unknown): boolean {\n        return (\n            error instanceof HttpBadRequestError ||\n            error instanceof HttpUnauthorizedError ||\n            error instanceof HttpForbiddenError ||\n            error instanceof HttpNotFoundError ||\n            error instanceof HttpUserError\n        );\n    }\n}\n"]}

package/src/PlatformHeader.d.ts

@@ -0,0 +1,43 @@
+import { Header } from '@webpieces/core-util';
+/**
+ * PlatformHeader - Defines an HTTP header that can be transferred between services.
+ *
+ * Simplified from Java PlatformHeaders:
+ * - Single headerName field (used for both HTTP header and MDC logging key)
+ * - No separate getLoggerMDCKey() - just use headerName
+ *
+ * Implements Header interface from core-util to avoid circular dependencies.
+ *
+ * Per CLAUDE.md: "All data-only structures MUST be classes, not interfaces."
+ * This is a data-only class with no business logic methods.
+ */
+export declare class PlatformHeader implements Header {
+    /**
+     * The HTTP header name (e.g., 'x-request-id', 'x-tenant-id').
+     * Also used as the MDC logging key in RequestContext.
+     * Case-insensitive per HTTP spec, but stored in canonical form.
+     */
+    readonly headerName: string;
+    /**
+     * Whether this header should be transferred from HTTP request to RequestContext.
+     * If false, header is defined but not automatically transferred.
+     * Only headers with isWantTransferred=true are copied from incoming requests.
+     */
+    readonly isWantTransferred: boolean;
+    /**
+     * Whether this header contains sensitive data that should be secured/masked in logs.
+     * Examples: Authorization tokens, passwords, API keys.
+     */
+    readonly isSecured: boolean;
+    /**
+     * Whether this header should be used as a dimension for metrics/monitoring.
+     * Examples: x-tenant-id, x-request-id (for distributed tracing).
+     */
+    readonly isDimensionForMetrics: boolean;
+    constructor(headerName: string, isWantTransferred?: boolean, isSecured?: boolean, isDimensionForMetrics?: boolean);
+    /**
+     * Get the header name (implements Header interface).
+     * @returns The HTTP header name
+     */
+    getHeaderName(): string;
+}

package/src/PlatformHeader.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PlatformHeader = void 0;
+/**
+ * PlatformHeader - Defines an HTTP header that can be transferred between services.
+ *
+ * Simplified from Java PlatformHeaders:
+ * - Single headerName field (used for both HTTP header and MDC logging key)
+ * - No separate getLoggerMDCKey() - just use headerName
+ *
+ * Implements Header interface from core-util to avoid circular dependencies.
+ *
+ * Per CLAUDE.md: "All data-only structures MUST be classes, not interfaces."
+ * This is a data-only class with no business logic methods.
+ */
+class PlatformHeader {
+    constructor(headerName, isWantTransferred = true, isSecured = false, isDimensionForMetrics = false) {
+        this.headerName = headerName;
+        this.isWantTransferred = isWantTransferred;
+        this.isSecured = isSecured;
+        this.isDimensionForMetrics = isDimensionForMetrics;
+    }
+    /**
+     * Get the header name (implements Header interface).
+     * @returns The HTTP header name
+     */
+    getHeaderName() {
+        return this.headerName;
+    }
+}
+exports.PlatformHeader = PlatformHeader;
+//# sourceMappingURL=PlatformHeader.js.map

package/src/PlatformHeader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PlatformHeader.js","sourceRoot":"","sources":["../../../../../packages/http/http-api/src/PlatformHeader.ts"],"names":[],"mappings":";;;AAEA;;;;;;;;;;;GAWG;AACH,MAAa,cAAc;IA2BvB,YACI,UAAkB,EAClB,oBAA6B,IAAI,EACjC,YAAqB,KAAK,EAC1B,wBAAiC,KAAK;QAEtC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC3C,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,qBAAqB,GAAG,qBAAqB,CAAC;IACvD,CAAC;IAED;;;OAGG;IACH,aAAa;QACT,OAAO,IAAI,CAAC,UAAU,CAAC;IAC3B,CAAC;CACJ;AA9CD,wCA8CC","sourcesContent":["import { Header } from '@webpieces/core-util';\n\n/**\n * PlatformHeader - Defines an HTTP header that can be transferred between services.\n *\n * Simplified from Java PlatformHeaders:\n * - Single headerName field (used for both HTTP header and MDC logging key)\n * - No separate getLoggerMDCKey() - just use headerName\n *\n * Implements Header interface from core-util to avoid circular dependencies.\n *\n * Per CLAUDE.md: \"All data-only structures MUST be classes, not interfaces.\"\n * This is a data-only class with no business logic methods.\n */\nexport class PlatformHeader implements Header {\n    /**\n     * The HTTP header name (e.g., 'x-request-id', 'x-tenant-id').\n     * Also used as the MDC logging key in RequestContext.\n     * Case-insensitive per HTTP spec, but stored in canonical form.\n     */\n    readonly headerName: string;\n\n    /**\n     * Whether this header should be transferred from HTTP request to RequestContext.\n     * If false, header is defined but not automatically transferred.\n     * Only headers with isWantTransferred=true are copied from incoming requests.\n     */\n    readonly isWantTransferred: boolean;\n\n    /**\n     * Whether this header contains sensitive data that should be secured/masked in logs.\n     * Examples: Authorization tokens, passwords, API keys.\n     */\n    readonly isSecured: boolean;\n\n    /**\n     * Whether this header should be used as a dimension for metrics/monitoring.\n     * Examples: x-tenant-id, x-request-id (for distributed tracing).\n     */\n    readonly isDimensionForMetrics: boolean;\n\n    constructor(\n        headerName: string,\n        isWantTransferred: boolean = true,\n        isSecured: boolean = false,\n        isDimensionForMetrics: boolean = false\n    ) {\n        this.headerName = headerName;\n        this.isWantTransferred = isWantTransferred;\n        this.isSecured = isSecured;\n        this.isDimensionForMetrics = isDimensionForMetrics;\n    }\n\n    /**\n     * Get the header name (implements Header interface).\n     * @returns The HTTP header name\n     */\n    getHeaderName(): string {\n        return this.headerName;\n    }\n}\n"]}

package/src/PlatformHeadersExtension.d.ts

@@ -0,0 +1,51 @@
+import { PlatformHeader } from './PlatformHeader';
+/**
+ * PlatformHeadersExtension - Extension that contributes platform headers to the framework.
+ *
+ * This is a DI-level extension (not an app-level Plugin).
+ * Multiple modules can bind PlatformHeadersExtension instances, and the framework
+ * collects them via Inversify @multiInject.
+ *
+ * Two-level plugin system:
+ * 1. **Extensions** (DI-level): Contribute specific capabilities to framework
+ *    - Examples: PlatformHeadersExtension, BodyContentExtension, EntityLookupExtension
+ *    - Pattern: Bound via multiInject, consumed by framework
+ *    - Java equivalent: Multibinder<AddPlatformHeaders>, Multibinder<BodyContentBinder>
+ *
+ * 2. **Plugins** (App-level): Provide complete features with modules + routes
+ *    - Examples: HibernatePlugin, JacksonPlugin, Auth0Plugin
+ *    - Pattern: Implements getGuiceModules() + getRouteModules()
+ *    - Java equivalent: Plugin interface with getGuiceModules() + getRouteModules()
+ *
+ * Usage:
+ * ```typescript
+ * // In WebpiecesModule
+ * const coreExtension = new PlatformHeadersExtension([
+ *     WebpiecesCoreHeaders.REQUEST_ID,
+ *     WebpiecesCoreHeaders.CORRELATION_ID,
+ * ]);
+ * bind(HEADER_TYPES.PlatformHeadersExtension).toConstantValue(coreExtension);
+ *
+ * // In CompanyModule
+ * const companyExtension = new PlatformHeadersExtension([
+ *     CompanyHeaders.TENANT_ID,
+ *     CompanyHeaders.API_VERSION,
+ * ]);
+ * bind(HEADER_TYPES.PlatformHeadersExtension).toConstantValue(companyExtension);
+ *
+ * // Framework collects all extensions
+ * constructor(@multiInject(HEADER_TYPES.PlatformHeadersExtension) extensions: PlatformHeadersExtension[]) {}
+ * ```
+ */
+export declare class PlatformHeadersExtension {
+    /**
+     * The set of platform headers contributed by this extension.
+     */
+    readonly headers: PlatformHeader[];
+    constructor(headers: PlatformHeader[]);
+    /**
+     * Get all headers from this extension.
+     * @returns Array of platform headers
+     */
+    getHeaders(): PlatformHeader[];
+}

package/src/PlatformHeadersExtension.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PlatformHeadersExtension = void 0;
+/**
+ * PlatformHeadersExtension - Extension that contributes platform headers to the framework.
+ *
+ * This is a DI-level extension (not an app-level Plugin).
+ * Multiple modules can bind PlatformHeadersExtension instances, and the framework
+ * collects them via Inversify @multiInject.
+ *
+ * Two-level plugin system:
+ * 1. **Extensions** (DI-level): Contribute specific capabilities to framework
+ *    - Examples: PlatformHeadersExtension, BodyContentExtension, EntityLookupExtension
+ *    - Pattern: Bound via multiInject, consumed by framework
+ *    - Java equivalent: Multibinder<AddPlatformHeaders>, Multibinder<BodyContentBinder>
+ *
+ * 2. **Plugins** (App-level): Provide complete features with modules + routes
+ *    - Examples: HibernatePlugin, JacksonPlugin, Auth0Plugin
+ *    - Pattern: Implements getGuiceModules() + getRouteModules()
+ *    - Java equivalent: Plugin interface with getGuiceModules() + getRouteModules()
+ *
+ * Usage:
+ * ```typescript
+ * // In WebpiecesModule
+ * const coreExtension = new PlatformHeadersExtension([
+ *     WebpiecesCoreHeaders.REQUEST_ID,
+ *     WebpiecesCoreHeaders.CORRELATION_ID,
+ * ]);
+ * bind(HEADER_TYPES.PlatformHeadersExtension).toConstantValue(coreExtension);
+ *
+ * // In CompanyModule
+ * const companyExtension = new PlatformHeadersExtension([
+ *     CompanyHeaders.TENANT_ID,
+ *     CompanyHeaders.API_VERSION,
+ * ]);
+ * bind(HEADER_TYPES.PlatformHeadersExtension).toConstantValue(companyExtension);
+ *
+ * // Framework collects all extensions
+ * constructor(@multiInject(HEADER_TYPES.PlatformHeadersExtension) extensions: PlatformHeadersExtension[]) {}
+ * ```
+ */
+class PlatformHeadersExtension {
+    constructor(headers) {
+        this.headers = headers;
+    }
+    /**
+     * Get all headers from this extension.
+     * @returns Array of platform headers
+     */
+    getHeaders() {
+        return this.headers;
+    }
+}
+exports.PlatformHeadersExtension = PlatformHeadersExtension;
+//# sourceMappingURL=PlatformHeadersExtension.js.map

package/src/PlatformHeadersExtension.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PlatformHeadersExtension.js","sourceRoot":"","sources":["../../../../../packages/http/http-api/src/PlatformHeadersExtension.ts"],"names":[],"mappings":";;;AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,MAAa,wBAAwB;IAMjC,YAAY,OAAyB;QACjC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,UAAU;QACN,OAAO,IAAI,CAAC,OAAO,CAAC;IACxB,CAAC;CACJ;AAjBD,4DAiBC","sourcesContent":["import { PlatformHeader } from './PlatformHeader';\n\n/**\n * PlatformHeadersExtension - Extension that contributes platform headers to the framework.\n *\n * This is a DI-level extension (not an app-level Plugin).\n * Multiple modules can bind PlatformHeadersExtension instances, and the framework\n * collects them via Inversify @multiInject.\n *\n * Two-level plugin system:\n * 1. **Extensions** (DI-level): Contribute specific capabilities to framework\n *    - Examples: PlatformHeadersExtension, BodyContentExtension, EntityLookupExtension\n *    - Pattern: Bound via multiInject, consumed by framework\n *    - Java equivalent: Multibinder<AddPlatformHeaders>, Multibinder<BodyContentBinder>\n *\n * 2. **Plugins** (App-level): Provide complete features with modules + routes\n *    - Examples: HibernatePlugin, JacksonPlugin, Auth0Plugin\n *    - Pattern: Implements getGuiceModules() + getRouteModules()\n *    - Java equivalent: Plugin interface with getGuiceModules() + getRouteModules()\n *\n * Usage:\n * ```typescript\n * // In WebpiecesModule\n * const coreExtension = new PlatformHeadersExtension([\n *     WebpiecesCoreHeaders.REQUEST_ID,\n *     WebpiecesCoreHeaders.CORRELATION_ID,\n * ]);\n * bind(HEADER_TYPES.PlatformHeadersExtension).toConstantValue(coreExtension);\n *\n * // In CompanyModule\n * const companyExtension = new PlatformHeadersExtension([\n *     CompanyHeaders.TENANT_ID,\n *     CompanyHeaders.API_VERSION,\n * ]);\n * bind(HEADER_TYPES.PlatformHeadersExtension).toConstantValue(companyExtension);\n *\n * // Framework collects all extensions\n * constructor(@multiInject(HEADER_TYPES.PlatformHeadersExtension) extensions: PlatformHeadersExtension[]) {}\n * ```\n */\nexport class PlatformHeadersExtension {\n    /**\n     * The set of platform headers contributed by this extension.\n     */\n    readonly headers: PlatformHeader[];\n\n    constructor(headers: PlatformHeader[]) {\n        this.headers = headers;\n    }\n\n    /**\n     * Get all headers from this extension.\n     * @returns Array of platform headers\n     */\n    getHeaders(): PlatformHeader[] {\n        return this.headers;\n    }\n}\n"]}

package/src/index.d.ts

@@ -20,3 +20,8 @@ export { ApiInterface, Get, Post, Put, Delete, Patch, Path, getRoutes, isApiInte
 export { ValidateImplementation } from './validators';
 export { ProtocolError, HttpError, HttpNotFoundError, EndpointNotFoundError, HttpBadRequestError, HttpUnauthorizedError, HttpForbiddenError, HttpTimeoutError, HttpBadGatewayError, HttpGatewayTimeoutError, HttpInternalServerError, HttpVendorError, HttpUserError, ENTITY_NOT_FOUND, WRONG_LOGIN_TYPE, WRONG_LOGIN, NOT_APPROVED, EMAIL_NOT_CONFIRMED, WRONG_DOMAIN, WRONG_COMPANY, NO_REG_CODE, } from './errors';
 export { InstantDto, DateDto, TimeDto, DateTimeDto, InstantUtil, DateUtil, TimeUtil, DateTimeUtil, } from './datetime';
+export { PlatformHeader } from './PlatformHeader';
+export { PlatformHeadersExtension } from './PlatformHeadersExtension';
+export { HeaderMethods, ContextReader } from './HeaderMethods';
+export { HEADER_TYPES } from './HeaderTypes';
+export { LogApiCall } from './LogApiCall';

package/src/index.js

@@ -18,7 +18,7 @@
  * ```
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DateTimeUtil = exports.TimeUtil = exports.DateUtil = exports.InstantUtil = exports.NO_REG_CODE = exports.WRONG_COMPANY = exports.WRONG_DOMAIN = exports.EMAIL_NOT_CONFIRMED = exports.NOT_APPROVED = exports.WRONG_LOGIN = exports.WRONG_LOGIN_TYPE = exports.ENTITY_NOT_FOUND = exports.HttpUserError = exports.HttpVendorError = exports.HttpInternalServerError = exports.HttpGatewayTimeoutError = exports.HttpBadGatewayError = exports.HttpTimeoutError = exports.HttpForbiddenError = exports.HttpUnauthorizedError = exports.HttpBadRequestError = exports.EndpointNotFoundError = exports.HttpNotFoundError = exports.HttpError = exports.ProtocolError = exports.METADATA_KEYS = exports.RouteMetadata = exports.isApiInterface = exports.getRoutes = exports.Path = exports.Patch = exports.Delete = exports.Put = exports.Post = exports.Get = exports.ApiInterface = void 0;
+exports.LogApiCall = exports.HEADER_TYPES = exports.HeaderMethods = exports.PlatformHeadersExtension = exports.PlatformHeader = exports.DateTimeUtil = exports.TimeUtil = exports.DateUtil = exports.InstantUtil = exports.NO_REG_CODE = exports.WRONG_COMPANY = exports.WRONG_DOMAIN = exports.EMAIL_NOT_CONFIRMED = exports.NOT_APPROVED = exports.WRONG_LOGIN = exports.WRONG_LOGIN_TYPE = exports.ENTITY_NOT_FOUND = exports.HttpUserError = exports.HttpVendorError = exports.HttpInternalServerError = exports.HttpGatewayTimeoutError = exports.HttpBadGatewayError = exports.HttpTimeoutError = exports.HttpForbiddenError = exports.HttpUnauthorizedError = exports.HttpBadRequestError = exports.EndpointNotFoundError = exports.HttpNotFoundError = exports.HttpError = exports.ProtocolError = exports.METADATA_KEYS = exports.RouteMetadata = exports.isApiInterface = exports.getRoutes = exports.Path = exports.Patch = exports.Delete = exports.Put = exports.Post = exports.Get = exports.ApiInterface = void 0;
 // API definition decorators
 var decorators_1 = require("./decorators");
 Object.defineProperty(exports, "ApiInterface", { enumerable: true, get: function () { return decorators_1.ApiInterface; } });
@@ -62,4 +62,16 @@ Object.defineProperty(exports, "InstantUtil", { enumerable: true, get: function
 Object.defineProperty(exports, "DateUtil", { enumerable: true, get: function () { return datetime_1.DateUtil; } });
 Object.defineProperty(exports, "TimeUtil", { enumerable: true, get: function () { return datetime_1.TimeUtil; } });
 Object.defineProperty(exports, "DateTimeUtil", { enumerable: true, get: function () { return datetime_1.DateTimeUtil; } });
+// Platform Headers
+var PlatformHeader_1 = require("./PlatformHeader");
+Object.defineProperty(exports, "PlatformHeader", { enumerable: true, get: function () { return PlatformHeader_1.PlatformHeader; } });
+var PlatformHeadersExtension_1 = require("./PlatformHeadersExtension");
+Object.defineProperty(exports, "PlatformHeadersExtension", { enumerable: true, get: function () { return PlatformHeadersExtension_1.PlatformHeadersExtension; } });
+var HeaderMethods_1 = require("./HeaderMethods");
+Object.defineProperty(exports, "HeaderMethods", { enumerable: true, get: function () { return HeaderMethods_1.HeaderMethods; } });
+var HeaderTypes_1 = require("./HeaderTypes");
+Object.defineProperty(exports, "HEADER_TYPES", { enumerable: true, get: function () { return HeaderTypes_1.HEADER_TYPES; } });
+// Logging
+var LogApiCall_1 = require("./LogApiCall");
+Object.defineProperty(exports, "LogApiCall", { enumerable: true, get: function () { return LogApiCall_1.LogApiCall; } });
 //# sourceMappingURL=index.js.map

package/src/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/http/http-api/src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;GAiBG;;;AAEH,4BAA4B;AAC5B,2CAYsB;AAXlB,0GAAA,YAAY,OAAA;AACZ,iGAAA,GAAG,OAAA;AACH,kGAAA,IAAI,OAAA;AACJ,iGAAA,GAAG,OAAA;AACH,oGAAA,MAAM,OAAA;AACN,mGAAA,KAAK,OAAA;AACL,kGAAA,IAAI,OAAA;AACJ,uGAAA,SAAS,OAAA;AACT,4GAAA,cAAc,OAAA;AACd,2GAAA,aAAa,OAAA;AACb,2GAAA,aAAa,OAAA;AAMjB,cAAc;AACd,mCAuBkB;AAtBd,uGAAA,aAAa,OAAA;AACb,mGAAA,SAAS,OAAA;AACT,2GAAA,iBAAiB,OAAA;AACjB,+GAAA,qBAAqB,OAAA;AACrB,6GAAA,mBAAmB,OAAA;AACnB,+GAAA,qBAAqB,OAAA;AACrB,4GAAA,kBAAkB,OAAA;AAClB,0GAAA,gBAAgB,OAAA;AAChB,6GAAA,mBAAmB,OAAA;AACnB,iHAAA,uBAAuB,OAAA;AACvB,iHAAA,uBAAuB,OAAA;AACvB,yGAAA,eAAe,OAAA;AACf,uGAAA,aAAa,OAAA;AACb,0BAA0B;AAC1B,0GAAA,gBAAgB,OAAA;AAChB,0GAAA,gBAAgB,OAAA;AAChB,qGAAA,WAAW,OAAA;AACX,sGAAA,YAAY,OAAA;AACZ,6GAAA,mBAAmB,OAAA;AACnB,sGAAA,YAAY,OAAA;AACZ,uGAAA,aAAa,OAAA;AACb,qGAAA,WAAW,OAAA;AAGf,iEAAiE;AACjE,uCASoB;AAJhB,uGAAA,WAAW,OAAA;AACX,oGAAA,QAAQ,OAAA;AACR,oGAAA,QAAQ,OAAA;AACR,wGAAA,YAAY,OAAA","sourcesContent":["/**\n * @webpieces/http-api\n *\n * Core HTTP API definition package.\n * Contains decorators and utilities for defining HTTP APIs.\n *\n * This package is used by:\n * - @webpieces/http-routing (server-side): Routes HTTP requests to controllers\n * - @webpieces/http-client (client-side): Generates HTTP clients from API definitions\n *\n * Architecture:\n * ```\n * http-api (defines the contract)\n *    ↑\n *    ├── http-routing (server: contract → handlers)\n *    └── http-client (client: contract → HTTP requests)\n * ```\n */\n\n// API definition decorators\nexport {\n    ApiInterface,\n    Get,\n    Post,\n    Put,\n    Delete,\n    Patch,\n    Path,\n    getRoutes,\n    isApiInterface,\n    RouteMetadata,\n    METADATA_KEYS,\n} from './decorators';\n\n// Type validators\nexport { ValidateImplementation } from './validators';\n\n// HTTP errors\nexport {\n    ProtocolError,\n    HttpError,\n    HttpNotFoundError,\n    EndpointNotFoundError,\n    HttpBadRequestError,\n    HttpUnauthorizedError,\n    HttpForbiddenError,\n    HttpTimeoutError,\n    HttpBadGatewayError,\n    HttpGatewayTimeoutError,\n    HttpInternalServerError,\n    HttpVendorError,\n    HttpUserError,\n    // Error subtype constants\n    ENTITY_NOT_FOUND,\n    WRONG_LOGIN_TYPE,\n    WRONG_LOGIN,\n    NOT_APPROVED,\n    EMAIL_NOT_CONFIRMED,\n    WRONG_DOMAIN,\n    WRONG_COMPANY,\n    NO_REG_CODE,\n} from './errors';\n\n// Date/Time DTOs and Utilities (inspired by Java Time / JSR-310)\nexport {\n    InstantDto,\n    DateDto,\n    TimeDto,\n    DateTimeDto,\n    InstantUtil,\n    DateUtil,\n    TimeUtil,\n    DateTimeUtil,\n} from './datetime';\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/http/http-api/src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;GAiBG;;;AAEH,4BAA4B;AAC5B,2CAYsB;AAXlB,0GAAA,YAAY,OAAA;AACZ,iGAAA,GAAG,OAAA;AACH,kGAAA,IAAI,OAAA;AACJ,iGAAA,GAAG,OAAA;AACH,oGAAA,MAAM,OAAA;AACN,mGAAA,KAAK,OAAA;AACL,kGAAA,IAAI,OAAA;AACJ,uGAAA,SAAS,OAAA;AACT,4GAAA,cAAc,OAAA;AACd,2GAAA,aAAa,OAAA;AACb,2GAAA,aAAa,OAAA;AAMjB,cAAc;AACd,mCAuBkB;AAtBd,uGAAA,aAAa,OAAA;AACb,mGAAA,SAAS,OAAA;AACT,2GAAA,iBAAiB,OAAA;AACjB,+GAAA,qBAAqB,OAAA;AACrB,6GAAA,mBAAmB,OAAA;AACnB,+GAAA,qBAAqB,OAAA;AACrB,4GAAA,kBAAkB,OAAA;AAClB,0GAAA,gBAAgB,OAAA;AAChB,6GAAA,mBAAmB,OAAA;AACnB,iHAAA,uBAAuB,OAAA;AACvB,iHAAA,uBAAuB,OAAA;AACvB,yGAAA,eAAe,OAAA;AACf,uGAAA,aAAa,OAAA;AACb,0BAA0B;AAC1B,0GAAA,gBAAgB,OAAA;AAChB,0GAAA,gBAAgB,OAAA;AAChB,qGAAA,WAAW,OAAA;AACX,sGAAA,YAAY,OAAA;AACZ,6GAAA,mBAAmB,OAAA;AACnB,sGAAA,YAAY,OAAA;AACZ,uGAAA,aAAa,OAAA;AACb,qGAAA,WAAW,OAAA;AAGf,iEAAiE;AACjE,uCASoB;AAJhB,uGAAA,WAAW,OAAA;AACX,oGAAA,QAAQ,OAAA;AACR,oGAAA,QAAQ,OAAA;AACR,wGAAA,YAAY,OAAA;AAGhB,mBAAmB;AACnB,mDAAkD;AAAzC,gHAAA,cAAc,OAAA;AACvB,uEAAsE;AAA7D,oIAAA,wBAAwB,OAAA;AACjC,iDAA+D;AAAtD,8GAAA,aAAa,OAAA;AACtB,6CAA6C;AAApC,2GAAA,YAAY,OAAA;AAErB,UAAU;AACV,2CAA0C;AAAjC,wGAAA,UAAU,OAAA","sourcesContent":["/**\n * @webpieces/http-api\n *\n * Core HTTP API definition package.\n * Contains decorators and utilities for defining HTTP APIs.\n *\n * This package is used by:\n * - @webpieces/http-routing (server-side): Routes HTTP requests to controllers\n * - @webpieces/http-client (client-side): Generates HTTP clients from API definitions\n *\n * Architecture:\n * ```\n * http-api (defines the contract)\n *    ↑\n *    ├── http-routing (server: contract → handlers)\n *    └── http-client (client: contract → HTTP requests)\n * ```\n */\n\n// API definition decorators\nexport {\n    ApiInterface,\n    Get,\n    Post,\n    Put,\n    Delete,\n    Patch,\n    Path,\n    getRoutes,\n    isApiInterface,\n    RouteMetadata,\n    METADATA_KEYS,\n} from './decorators';\n\n// Type validators\nexport { ValidateImplementation } from './validators';\n\n// HTTP errors\nexport {\n    ProtocolError,\n    HttpError,\n    HttpNotFoundError,\n    EndpointNotFoundError,\n    HttpBadRequestError,\n    HttpUnauthorizedError,\n    HttpForbiddenError,\n    HttpTimeoutError,\n    HttpBadGatewayError,\n    HttpGatewayTimeoutError,\n    HttpInternalServerError,\n    HttpVendorError,\n    HttpUserError,\n    // Error subtype constants\n    ENTITY_NOT_FOUND,\n    WRONG_LOGIN_TYPE,\n    WRONG_LOGIN,\n    NOT_APPROVED,\n    EMAIL_NOT_CONFIRMED,\n    WRONG_DOMAIN,\n    WRONG_COMPANY,\n    NO_REG_CODE,\n} from './errors';\n\n// Date/Time DTOs and Utilities (inspired by Java Time / JSR-310)\nexport {\n    InstantDto,\n    DateDto,\n    TimeDto,\n    DateTimeDto,\n    InstantUtil,\n    DateUtil,\n    TimeUtil,\n    DateTimeUtil,\n} from './datetime';\n\n// Platform Headers\nexport { PlatformHeader } from './PlatformHeader';\nexport { PlatformHeadersExtension } from './PlatformHeadersExtension';\nexport { HeaderMethods, ContextReader } from './HeaderMethods';\nexport { HEADER_TYPES } from './HeaderTypes';\n\n// Logging\nexport { LogApiCall } from './LogApiCall';\n"]}