@yrest/cli 0.7.0 → 0.8.1

package/dist/cli/index.mjs

@@ -106,7 +106,7 @@ function registerInit(program2) {
 
 // src/cli/commands/serve.ts
 import { watchFile } from "fs";
-import { join, resolve as resolve3 } from "path";
+import { join as join2, resolve as resolve3 } from "path";
 
 // src/storage/yrestStorage.ts
 import { readFileSync, writeFileSync as writeFileSync2, renameSync } from "fs";
@@ -196,6 +196,11 @@ function createYrestStorage(filePath) {
 import Fastify from "fastify";
 import cors from "@fastify/cors";
 
+// src/router/templates/about.template.ts
+import { readFileSync as readFileSync2 } from "fs";
+import { dirname as dirname2, join } from "path";
+import { fileURLToPath } from "url";
+
 // src/utils/interpolate.ts
 import { randomUUID as randomUUID2 } from "crypto";
 function getPath(obj, path) {
@@ -243,6 +248,15 @@ function hasTemplates(value) {
 }
 
 // src/router/templates/about.template.ts
+var _dir = dirname2(fileURLToPath(import.meta.url));
+var LOGO_SRC = (() => {
+  try {
+    const buf = readFileSync2(join(_dir, "../../assets/logo-color.png"));
+    return `data:image/png;base64,${buf.toString("base64")}`;
+  } catch {
+    return "";
+  }
+})();
 var METHOD_COLOR = {
   GET: "#3fb950",
   POST: "#58a6ff",
@@ -251,8 +265,11 @@ var METHOD_COLOR = {
   DELETE: "#f85149",
   fn: "#f0883e"
 };
+function escapeHtml(str) {
+  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");
+}
 function badge(label, color, bg) {
-  return `<span class="badge" style="background:${bg};color:${color};border:1px solid ${color}40">${label}</span>`;
+  return `<span class="badge" style="background:${bg};color:${color};border:1px solid ${color}40">${escapeHtml(label)}</span>`;
 }
 function methodBadge(method) {
   const color = METHOD_COLOR[method] ?? "#7d8590";
@@ -262,7 +279,7 @@ function endpointRow(method, path, desc) {
   return `
     <tr>
       <td class="method-cell">${methodBadge(method)}</td>
-      <td class="path-cell"><code>${path}</code></td>
+      <td class="path-cell"><code>${escapeHtml(path)}</code></td>
       <td class="desc-cell">${desc}</td>
     </tr>`;
 }
@@ -296,7 +313,7 @@ function resourceAccordion(name, base, isOpen) {
   return `
   <details class="resource-card" ${isOpen ? "open" : ""}>
     <summary>
-      <span class="resource-name">/${name}</span>
+      <span class="resource-name">/${escapeHtml(name)}</span>
       <span class="route-count">6 routes</span>
     </summary>
     <table>
@@ -380,7 +397,7 @@ curl -X POST ${host}/_snapshot/reset`
   }
   if (firstCustomRoute) {
     const method = firstCustomRoute.method?.toUpperCase() ?? "GET";
-    const fullPath = `${host}${base}${firstCustomRoute.path}`;
+    const fullPath = `${host}${base}${escapeHtml(firstCustomRoute.path ?? "")}`;
     const curlFlag = method === "GET" ? "" : `-X ${method} `;
     examples.push(`# Custom route
 curl ${curlFlag}${fullPath}`);
@@ -401,6 +418,8 @@ function generateAboutHtml(storage, options, handlers = /* @__PURE__ */ new Map(
     modes.push(badge(`pageable \xB7 limit ${options.pageable.limit}`, "#34d399", "#34d39918"));
   if (options.snapshot) modes.push(badge("snapshot", "#c084fc", "#c084fc18"));
   if (handlers.size > 0) modes.push(badge(`handlers \xB7 ${handlers.size}`, "#f0883e", "#f0883e18"));
+  if (options.idStrategy !== "increment")
+    modes.push(badge(`id \xB7 ${options.idStrategy}`, "#a371f7", "#a371f718"));
   const accordions = collections.map((col, i) => resourceAccordion(col, base, i === 0)).join("");
   const nestedRows = [];
   for (const [child, fields] of Object.entries(relations)) {
@@ -443,6 +462,9 @@ function generateAboutHtml(storage, options, handlers = /* @__PURE__ */ new Map(
       ${customRoutes.map((r) => {
     const fullPath = `${base}${r.path}`;
     const tags = [];
+    if (r.error) {
+      tags.push(`<span style="color:#f85149;font-size:11px">error\xB7${r.error}</span>`);
+    }
     if (r.delay && r.delay > 0) {
       tags.push(`<span style="color:#fb923c;font-size:11px">delay\xB7${r.delay}ms</span>`);
     }
@@ -456,9 +478,12 @@ function generateAboutHtml(storage, options, handlers = /* @__PURE__ */ new Map(
       tags.push(`<span style="color:var(--text-muted);font-size:11px">otherwise</span>`);
     }
     let desc;
-    if (r.handler) {
+    if (r.error) {
+      desc = `Error injection \u2014 <code>${r.error}</code>`;
+    } else if (r.handler) {
       const found = handlers.has(r.handler);
-      desc = found ? `Handler \u2014 <code>${r.handler}()</code>` : `Handler \u2014 <code>${r.handler}()</code> <span style="color:#f85149">(not loaded)</span>`;
+      const handlerName = escapeHtml(r.handler);
+      desc = found ? `Handler \u2014 <code>${handlerName}()</code>` : `Handler \u2014 <code>${handlerName}()</code> <span style="color:#f85149">(not loaded)</span>`;
     } else if (r.scenarios?.length) {
       const hasTemplateInScenarios = r.scenarios.some((s) => s.response.body != null && hasTemplates(s.response.body)) || r.otherwise?.body != null && hasTemplates(r.otherwise.body);
       desc = hasTemplateInScenarios ? `Scenarios \u2014 <code>{{\u2026}}</code>` : `Scenarios`;
@@ -620,7 +645,7 @@ function generateAboutHtml(storage, options, handlers = /* @__PURE__ */ new Map(
 
   <div class="banner">
     <div class="banner-inner">
-      <h1><span class="y">y</span><span class="rest">Rest</span></h1>
+      ${LOGO_SRC ? `<img src="${LOGO_SRC}" alt="yRest" height="68" style="display:block;margin-bottom:0px" />` : `<h1><span class="y">y</span><span class="rest">Rest</span></h1>`}
       <p>Zero-config REST API mock server</p>
       <div class="banner-meta">
         <span>URL <strong>${host}</strong></span>
@@ -703,6 +728,10 @@ function nextId(items) {
   const ids = items.map((i) => i["id"]).filter((id) => typeof id === "number");
   return ids.length > 0 ? Math.max(...ids) + 1 : 1;
 }
+function generateId(items, strategy) {
+  if (strategy === "uuid") return crypto.randomUUID();
+  return nextId(items);
+}
 function firstParam(value) {
   if (value === void 0) return void 0;
   return Array.isArray(value) ? value[0] : value;
@@ -727,6 +756,7 @@ function applyOperator(itemValue, op, filterValue) {
     case "_start":
       return strItem.toLowerCase().startsWith(filterValue.toLowerCase());
     case "_regex": {
+      if (filterValue.length > 200) return false;
       try {
         return new RegExp(filterValue, "i").test(strItem);
       } catch {
@@ -790,10 +820,10 @@ function findById(items, id) {
 function findIndexById(items, id) {
   return items.findIndex((i) => String(i["id"]) === id);
 }
-function createItem(storage, resource, body) {
+function createItem(storage, resource, body, idStrategy = "increment") {
   const collection = storage.getCollection(resource) ?? [];
   const item = {
-    id: body["id"] !== void 0 ? body["id"] : nextId(collection),
+    id: body["id"] !== void 0 ? body["id"] : generateId(collection, idStrategy),
     ...body
   };
   storage.setCollection(resource, [...collection, item]);
@@ -971,7 +1001,12 @@ var CollectionRouteCommand = class {
       if (!req.body || typeof req.body !== "object" || Array.isArray(req.body)) {
         return reply.status(400).send({ error: "Request body must be a JSON object" });
       }
-      const item = createItem(this.storage, this.resource, req.body);
+      const item = createItem(
+        this.storage,
+        this.resource,
+        req.body,
+        this.options.idStrategy
+      );
       return reply.status(201).send(expandItems(item, req.query, this.resource, this.storage));
     });
   }
@@ -1061,6 +1096,10 @@ var CustomRouteCommand = class {
           if (route.delay && route.delay > 0) {
             await new Promise((resolve5) => setTimeout(resolve5, route.delay));
           }
+          if (route.error) {
+            const body2 = route.errorBody ?? { error: `Forced error ${route.error}` };
+            return reply.status(route.error).send(body2);
+          }
           for (const [key, value] of Object.entries(headers)) {
             reply.header(key, value);
           }
@@ -1357,22 +1396,36 @@ var yrestOptionsSchema = z.object({
   pageable: z.union([z.boolean(), z.coerce.number().int().positive()]).default(false).transform((v) => ({
     enabled: v !== false,
     limit: v === false || v === true ? 10 : v
-  }))
+  })),
+  /**
+   * Strategy used to generate `id` values for new items when no `id` is provided in the body.
+   *
+   * - `"increment"` (default) — next integer above the current max id in the collection.
+   * - `"uuid"` — a random UUID v4 string (`crypto.randomUUID()`).
+   */
+  idStrategy: z.enum(["increment", "uuid"]).default("increment")
 });
 
 // src/config/loadConfigFile.ts
-import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs";
+import { existsSync as existsSync2, readFileSync as readFileSync3 } from "fs";
 import { parse as parse2 } from "yaml";
 function loadConfigFile(configPath) {
   if (!existsSync2(configPath)) return {};
-  const raw = readFileSync2(configPath, "utf8");
+  const raw = readFileSync3(configPath, "utf8");
   return parse2(raw) ?? {};
 }
 
 // src/utils/handlers.ts
 import { existsSync as existsSync3 } from "fs";
+var ALLOWED_EXTENSIONS = [".js", ".mjs", ".cjs"];
 async function loadHandlers(filePath) {
   if (!existsSync3(filePath)) return /* @__PURE__ */ new Map();
+  if (!ALLOWED_EXTENSIONS.some((ext) => filePath.endsWith(ext))) {
+    console.error(
+      `  \x1B[31m[handlers] ${filePath} \u2014 only .js, .mjs and .cjs files are allowed\x1B[0m`
+    );
+    return /* @__PURE__ */ new Map();
+  }
   try {
     const mod = await import(filePath);
     const map = /* @__PURE__ */ new Map();
@@ -1402,8 +1455,12 @@ function registerServe(program2) {
   ).option(
     "--handlers <file>",
     "Path to a JavaScript file exporting custom route handler functions"
+  ).option(
+    "--id-strategy <strategy>",
+    "Id generation strategy for new items: increment (default) or uuid",
+    "increment"
   ).action(async (file, flags, cmd) => {
-    const fileConfig = loadConfigFile(join(process.cwd(), "yrest.config.yml"));
+    const fileConfig = loadConfigFile(join2(process.cwd(), "yrest.config.yml"));
     const cliOverrides = Object.fromEntries(
       Object.entries(flags).filter(([key]) => cmd.getOptionValueSource(key) === "cli")
     );
@@ -1506,8 +1563,8 @@ function registerServe(program2) {
 }
 
 // src/cli/commands/handler.ts
-import { existsSync as existsSync4, readFileSync as readFileSync3, appendFileSync, writeFileSync as writeFileSync3 } from "fs";
-import { join as join2, resolve as resolve4, basename } from "path";
+import { existsSync as existsSync4, readFileSync as readFileSync4, appendFileSync, writeFileSync as writeFileSync3 } from "fs";
+import { join as join3, resolve as resolve4, basename } from "path";
 import { parse as parse3, stringify as stringify2 } from "yaml";
 var HANDLERS_FILE_HEADER = `// yrest handlers \u2014 loaded via "handlers:" in yrest.config.yml
 // Handler signature: (req: HandlerRequest) => HandlerResponse | Promise<HandlerResponse>
@@ -1534,7 +1591,7 @@ function registerHandler(program2) {
     "--register",
     "Also add a _routes entry to db.yml linking this handler to method + path"
   ).action((name, flags) => {
-    const fileConfig = loadConfigFile(join2(process.cwd(), "yrest.config.yml"));
+    const fileConfig = loadConfigFile(join3(process.cwd(), "yrest.config.yml"));
     const handlersPath = resolve4(
       fileConfig.handlers ?? "yrest.handlers.js"
     );
@@ -1547,7 +1604,7 @@ function registerHandler(program2) {
       );
       console.log(`  Created ${basename(handlersPath)}`);
     } else {
-      const existing = readFileSync3(handlersPath, "utf8");
+      const existing = readFileSync4(handlersPath, "utf8");
       if (existing.includes(`function ${name}(`)) {
         console.error(`  Error: handler "${name}" already exists in ${basename(handlersPath)}`);
         process.exit(1);
@@ -1564,7 +1621,7 @@ function registerHandler(program2) {
         console.error(`  Error: database file not found at ${dbPath}`);
         process.exit(1);
       }
-      const raw = parse3(readFileSync3(dbPath, "utf8")) ?? {};
+      const raw = parse3(readFileSync4(dbPath, "utf8")) ?? {};
       if (!Array.isArray(raw["_routes"])) raw["_routes"] = [];
       const routes = raw["_routes"];
       const alreadyRegistered = routes.some((r) => r["handler"] === name);

package/dist/index.d.mts

@@ -112,6 +112,19 @@ type CustomRoute = {
      * Applied before any response is sent, regardless of which path resolved the response.
      */
     delay?: number;
+    /**
+     * Forces this route to always return the given HTTP status code as an error,
+     * bypassing handlers, scenarios and the static response entirely.
+     * Applied after `delay:` so slow-error scenarios still work.
+     *
+     * @example
+     * // Always return 503
+     * error: 503
+     * errorBody: { message: "Service unavailable" }
+     */
+    error?: number;
+    /** Optional body to return alongside `error:`. Defaults to `{ error: "Forced error <status>" }`. */
+    errorBody?: unknown;
 };
 /**
  * In-memory store backed by a YAML file.
@@ -251,6 +264,13 @@ declare const yrestOptionsSchema: z.ZodObject<{
         enabled: boolean;
         limit: number;
     }, number | boolean | undefined>;
+    /**
+     * Strategy used to generate `id` values for new items when no `id` is provided in the body.
+     *
+     * - `"increment"` (default) — next integer above the current max id in the collection.
+     * - `"uuid"` — a random UUID v4 string (`crypto.randomUUID()`).
+     */
+    idStrategy: z.ZodDefault<z.ZodEnum<["increment", "uuid"]>>;
 }, "strip", z.ZodTypeAny, {
     file: string;
     port: number;
@@ -264,6 +284,7 @@ declare const yrestOptionsSchema: z.ZodObject<{
         enabled: boolean;
         limit: number;
     };
+    idStrategy: "increment" | "uuid";
     handlers?: string | undefined;
 }, {
     file: string;
@@ -276,6 +297,7 @@ declare const yrestOptionsSchema: z.ZodObject<{
     delay?: number | undefined;
     handlers?: string | undefined;
     pageable?: number | boolean | undefined;
+    idStrategy?: "increment" | "uuid" | undefined;
 }>;
 /**
  * Resolved server configuration after Zod validation and transformation.

package/dist/index.d.ts

@@ -112,6 +112,19 @@ type CustomRoute = {
      * Applied before any response is sent, regardless of which path resolved the response.
      */
     delay?: number;
+    /**
+     * Forces this route to always return the given HTTP status code as an error,
+     * bypassing handlers, scenarios and the static response entirely.
+     * Applied after `delay:` so slow-error scenarios still work.
+     *
+     * @example
+     * // Always return 503
+     * error: 503
+     * errorBody: { message: "Service unavailable" }
+     */
+    error?: number;
+    /** Optional body to return alongside `error:`. Defaults to `{ error: "Forced error <status>" }`. */
+    errorBody?: unknown;
 };
 /**
  * In-memory store backed by a YAML file.
@@ -251,6 +264,13 @@ declare const yrestOptionsSchema: z.ZodObject<{
         enabled: boolean;
         limit: number;
     }, number | boolean | undefined>;
+    /**
+     * Strategy used to generate `id` values for new items when no `id` is provided in the body.
+     *
+     * - `"increment"` (default) — next integer above the current max id in the collection.
+     * - `"uuid"` — a random UUID v4 string (`crypto.randomUUID()`).
+     */
+    idStrategy: z.ZodDefault<z.ZodEnum<["increment", "uuid"]>>;
 }, "strip", z.ZodTypeAny, {
     file: string;
     port: number;
@@ -264,6 +284,7 @@ declare const yrestOptionsSchema: z.ZodObject<{
         enabled: boolean;
         limit: number;
     };
+    idStrategy: "increment" | "uuid";
     handlers?: string | undefined;
 }, {
     file: string;
@@ -276,6 +297,7 @@ declare const yrestOptionsSchema: z.ZodObject<{
     delay?: number | undefined;
     handlers?: string | undefined;
     pageable?: number | boolean | undefined;
+    idStrategy?: "increment" | "uuid" | undefined;
 }>;
 /**
  * Resolved server configuration after Zod validation and transformation.

package/dist/index.js

@@ -31,9 +31,12 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // node_modules/tsup/assets/cjs_shims.js
+var getImportMetaUrl, importMetaUrl;
 var init_cjs_shims = __esm({
   "node_modules/tsup/assets/cjs_shims.js"() {
     "use strict";
+    getImportMetaUrl = () => typeof document === "undefined" ? new URL(`file:${__filename}`).href : document.currentScript && document.currentScript.tagName.toUpperCase() === "SCRIPT" ? document.currentScript.src : new URL("main.js", document.baseURI).href;
+    importMetaUrl = /* @__PURE__ */ getImportMetaUrl();
   }
 });
 
@@ -56,8 +59,8 @@ __export(yrestStorage_exports, {
   createYrestStorage: () => createYrestStorage
 });
 function createYrestStorage(filePath) {
-  const absPath = (0, import_node_path.resolve)(filePath);
-  const raw = (0, import_yaml2.parse)((0, import_node_fs2.readFileSync)(absPath, "utf8")) ?? {};
+  const absPath = (0, import_node_path2.resolve)(filePath);
+  const raw = (0, import_yaml2.parse)((0, import_node_fs3.readFileSync)(absPath, "utf8")) ?? {};
   const relations = raw["_rel"] ?? {};
   const routes = Array.isArray(raw["_routes"]) ? raw["_routes"] : [];
   const data = Object.fromEntries(
@@ -89,12 +92,12 @@ function createYrestStorage(filePath) {
       if (Object.keys(relations).length > 0) payload._rel = relations;
       if (routes.length > 0) payload._routes = routes;
       Object.assign(payload, data);
-      const tmp = (0, import_node_path.resolve)((0, import_node_path.dirname)(absPath), `.yrest-${(0, import_node_crypto2.randomUUID)()}.tmp`);
-      (0, import_node_fs2.writeFileSync)(tmp, (0, import_yaml2.stringify)(payload), "utf8");
-      (0, import_node_fs2.renameSync)(tmp, absPath);
+      const tmp = (0, import_node_path2.resolve)((0, import_node_path2.dirname)(absPath), `.yrest-${(0, import_node_crypto2.randomUUID)()}.tmp`);
+      (0, import_node_fs3.writeFileSync)(tmp, (0, import_yaml2.stringify)(payload), "utf8");
+      (0, import_node_fs3.renameSync)(tmp, absPath);
     },
     reload() {
-      const fresh = (0, import_yaml2.parse)((0, import_node_fs2.readFileSync)(absPath, "utf8")) ?? {};
+      const fresh = (0, import_yaml2.parse)((0, import_node_fs3.readFileSync)(absPath, "utf8")) ?? {};
       const freshRelations = fresh["_rel"] ?? {};
       const freshData = Object.fromEntries(
         Object.entries(fresh).filter(([key]) => key !== "_rel" && key !== "_routes")
@@ -124,13 +127,13 @@ function createYrestStorage(filePath) {
     }
   };
 }
-var import_node_fs2, import_node_path, import_node_crypto2, import_yaml2;
+var import_node_fs3, import_node_path2, import_node_crypto2, import_yaml2;
 var init_yrestStorage = __esm({
   "src/storage/yrestStorage.ts"() {
     "use strict";
     init_cjs_shims();
-    import_node_fs2 = require("fs");
-    import_node_path = require("path");
+    import_node_fs3 = require("fs");
+    import_node_path2 = require("path");
     import_node_crypto2 = require("crypto");
     import_yaml2 = require("yaml");
     init_deepCopy();
@@ -194,13 +197,20 @@ function dedent(str) {
 
 // src/api/yrestServer.ts
 init_cjs_shims();
-var import_node_path2 = require("path");
+var import_node_path3 = require("path");
 
 // src/utils/handlers.ts
 init_cjs_shims();
 var import_node_fs = require("fs");
+var ALLOWED_EXTENSIONS = [".js", ".mjs", ".cjs"];
 async function loadHandlers(filePath) {
   if (!(0, import_node_fs.existsSync)(filePath)) return /* @__PURE__ */ new Map();
+  if (!ALLOWED_EXTENSIONS.some((ext) => filePath.endsWith(ext))) {
+    console.error(
+      `  \x1B[31m[handlers] ${filePath} \u2014 only .js, .mjs and .cjs files are allowed\x1B[0m`
+    );
+    return /* @__PURE__ */ new Map();
+  }
   try {
     const mod = await import(filePath);
     const map = /* @__PURE__ */ new Map();
@@ -237,6 +247,9 @@ init_cjs_shims();
 
 // src/router/templates/about.template.ts
 init_cjs_shims();
+var import_node_fs2 = require("fs");
+var import_node_path = require("path");
+var import_node_url = require("url");
 
 // src/utils/interpolate.ts
 init_cjs_shims();
@@ -286,6 +299,15 @@ function hasTemplates(value) {
 }
 
 // src/router/templates/about.template.ts
+var _dir = (0, import_node_path.dirname)((0, import_node_url.fileURLToPath)(importMetaUrl));
+var LOGO_SRC = (() => {
+  try {
+    const buf = (0, import_node_fs2.readFileSync)((0, import_node_path.join)(_dir, "../../assets/logo-color.png"));
+    return `data:image/png;base64,${buf.toString("base64")}`;
+  } catch {
+    return "";
+  }
+})();
 var METHOD_COLOR = {
   GET: "#3fb950",
   POST: "#58a6ff",
@@ -294,8 +316,11 @@ var METHOD_COLOR = {
   DELETE: "#f85149",
   fn: "#f0883e"
 };
+function escapeHtml(str) {
+  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");
+}
 function badge(label, color, bg) {
-  return `<span class="badge" style="background:${bg};color:${color};border:1px solid ${color}40">${label}</span>`;
+  return `<span class="badge" style="background:${bg};color:${color};border:1px solid ${color}40">${escapeHtml(label)}</span>`;
 }
 function methodBadge(method) {
   const color = METHOD_COLOR[method] ?? "#7d8590";
@@ -305,7 +330,7 @@ function endpointRow(method, path, desc) {
   return `
     <tr>
       <td class="method-cell">${methodBadge(method)}</td>
-      <td class="path-cell"><code>${path}</code></td>
+      <td class="path-cell"><code>${escapeHtml(path)}</code></td>
       <td class="desc-cell">${desc}</td>
     </tr>`;
 }
@@ -339,7 +364,7 @@ function resourceAccordion(name, base, isOpen) {
   return `
   <details class="resource-card" ${isOpen ? "open" : ""}>
     <summary>
-      <span class="resource-name">/${name}</span>
+      <span class="resource-name">/${escapeHtml(name)}</span>
       <span class="route-count">6 routes</span>
     </summary>
     <table>
@@ -423,7 +448,7 @@ curl -X POST ${host}/_snapshot/reset`
   }
   if (firstCustomRoute) {
     const method = firstCustomRoute.method?.toUpperCase() ?? "GET";
-    const fullPath = `${host}${base}${firstCustomRoute.path}`;
+    const fullPath = `${host}${base}${escapeHtml(firstCustomRoute.path ?? "")}`;
     const curlFlag = method === "GET" ? "" : `-X ${method} `;
     examples.push(`# Custom route
 curl ${curlFlag}${fullPath}`);
@@ -444,6 +469,8 @@ function generateAboutHtml(storage, options, handlers = /* @__PURE__ */ new Map(
     modes.push(badge(`pageable \xB7 limit ${options.pageable.limit}`, "#34d399", "#34d39918"));
   if (options.snapshot) modes.push(badge("snapshot", "#c084fc", "#c084fc18"));
   if (handlers.size > 0) modes.push(badge(`handlers \xB7 ${handlers.size}`, "#f0883e", "#f0883e18"));
+  if (options.idStrategy !== "increment")
+    modes.push(badge(`id \xB7 ${options.idStrategy}`, "#a371f7", "#a371f718"));
   const accordions = collections.map((col, i) => resourceAccordion(col, base, i === 0)).join("");
   const nestedRows = [];
   for (const [child, fields] of Object.entries(relations)) {
@@ -486,6 +513,9 @@ function generateAboutHtml(storage, options, handlers = /* @__PURE__ */ new Map(
       ${customRoutes.map((r) => {
     const fullPath = `${base}${r.path}`;
     const tags = [];
+    if (r.error) {
+      tags.push(`<span style="color:#f85149;font-size:11px">error\xB7${r.error}</span>`);
+    }
     if (r.delay && r.delay > 0) {
       tags.push(`<span style="color:#fb923c;font-size:11px">delay\xB7${r.delay}ms</span>`);
     }
@@ -499,9 +529,12 @@ function generateAboutHtml(storage, options, handlers = /* @__PURE__ */ new Map(
       tags.push(`<span style="color:var(--text-muted);font-size:11px">otherwise</span>`);
     }
     let desc;
-    if (r.handler) {
+    if (r.error) {
+      desc = `Error injection \u2014 <code>${r.error}</code>`;
+    } else if (r.handler) {
       const found = handlers.has(r.handler);
-      desc = found ? `Handler \u2014 <code>${r.handler}()</code>` : `Handler \u2014 <code>${r.handler}()</code> <span style="color:#f85149">(not loaded)</span>`;
+      const handlerName = escapeHtml(r.handler);
+      desc = found ? `Handler \u2014 <code>${handlerName}()</code>` : `Handler \u2014 <code>${handlerName}()</code> <span style="color:#f85149">(not loaded)</span>`;
     } else if (r.scenarios?.length) {
       const hasTemplateInScenarios = r.scenarios.some((s) => s.response.body != null && hasTemplates(s.response.body)) || r.otherwise?.body != null && hasTemplates(r.otherwise.body);
       desc = hasTemplateInScenarios ? `Scenarios \u2014 <code>{{\u2026}}</code>` : `Scenarios`;
@@ -663,7 +696,7 @@ function generateAboutHtml(storage, options, handlers = /* @__PURE__ */ new Map(
 
   <div class="banner">
     <div class="banner-inner">
-      <h1><span class="y">y</span><span class="rest">Rest</span></h1>
+      ${LOGO_SRC ? `<img src="${LOGO_SRC}" alt="yRest" height="68" style="display:block;margin-bottom:0px" />` : `<h1><span class="y">y</span><span class="rest">Rest</span></h1>`}
       <p>Zero-config REST API mock server</p>
       <div class="banner-meta">
         <span>URL <strong>${host}</strong></span>
@@ -750,6 +783,10 @@ function nextId(items) {
   const ids = items.map((i) => i["id"]).filter((id) => typeof id === "number");
   return ids.length > 0 ? Math.max(...ids) + 1 : 1;
 }
+function generateId(items, strategy) {
+  if (strategy === "uuid") return crypto.randomUUID();
+  return nextId(items);
+}
 function firstParam(value) {
   if (value === void 0) return void 0;
   return Array.isArray(value) ? value[0] : value;
@@ -775,6 +812,7 @@ function applyOperator(itemValue, op, filterValue) {
     case "_start":
       return strItem.toLowerCase().startsWith(filterValue.toLowerCase());
     case "_regex": {
+      if (filterValue.length > 200) return false;
       try {
         return new RegExp(filterValue, "i").test(strItem);
       } catch {
@@ -839,10 +877,10 @@ function findById(items, id) {
 function findIndexById(items, id) {
   return items.findIndex((i) => String(i["id"]) === id);
 }
-function createItem(storage, resource, body) {
+function createItem(storage, resource, body, idStrategy = "increment") {
   const collection = storage.getCollection(resource) ?? [];
   const item = {
-    id: body["id"] !== void 0 ? body["id"] : nextId(collection),
+    id: body["id"] !== void 0 ? body["id"] : generateId(collection, idStrategy),
     ...body
   };
   storage.setCollection(resource, [...collection, item]);
@@ -1021,7 +1059,12 @@ var CollectionRouteCommand = class {
       if (!req.body || typeof req.body !== "object" || Array.isArray(req.body)) {
         return reply.status(400).send({ error: "Request body must be a JSON object" });
       }
-      const item = createItem(this.storage, this.resource, req.body);
+      const item = createItem(
+        this.storage,
+        this.resource,
+        req.body,
+        this.options.idStrategy
+      );
       return reply.status(201).send(expandItems(item, req.query, this.resource, this.storage));
     });
   }
@@ -1115,6 +1158,10 @@ var CustomRouteCommand = class {
           if (route.delay && route.delay > 0) {
             await new Promise((resolve3) => setTimeout(resolve3, route.delay));
           }
+          if (route.error) {
+            const body2 = route.errorBody ?? { error: `Forced error ${route.error}` };
+            return reply.status(route.error).send(body2);
+          }
           for (const [key, value] of Object.entries(headers)) {
             reply.header(key, value);
           }
@@ -1385,7 +1432,7 @@ function createYrestServer(options) {
   return {
     async start() {
       const storage = "data" in options && options.data !== void 0 ? createInMemoryStorage(options.data) : (await Promise.resolve().then(() => (init_yrestStorage(), yrestStorage_exports))).createYrestStorage(resolvedOptions.file);
-      const handlers = resolvedOptions.handlers ? await loadHandlers((0, import_node_path2.resolve)(resolvedOptions.handlers)) : /* @__PURE__ */ new Map();
+      const handlers = resolvedOptions.handlers ? await loadHandlers((0, import_node_path3.resolve)(resolvedOptions.handlers)) : /* @__PURE__ */ new Map();
       _inner = createYrestServerFromStorage(storage, resolvedOptions, handlers);
       await _inner.start();
     },
@@ -1412,7 +1459,8 @@ function buildOptions(opts) {
     readonly: opts.readonly ?? false,
     delay: opts.delay ?? 0,
     handlers: opts.handlers,
-    pageable: typeof pageable === "number" ? { enabled: true, limit: pageable } : pageable ? { enabled: true, limit: 10 } : { enabled: false, limit: 10 }
+    pageable: typeof pageable === "number" ? { enabled: true, limit: pageable } : pageable ? { enabled: true, limit: 10 } : { enabled: false, limit: 10 },
+    idStrategy: "increment"
   };
 }
 function createInMemoryStorage(data) {
@@ -1496,7 +1544,14 @@ var yrestOptionsSchema = import_zod.z.object({
   pageable: import_zod.z.union([import_zod.z.boolean(), import_zod.z.coerce.number().int().positive()]).default(false).transform((v) => ({
     enabled: v !== false,
     limit: v === false || v === true ? 10 : v
-  }))
+  })),
+  /**
+   * Strategy used to generate `id` values for new items when no `id` is provided in the body.
+   *
+   * - `"increment"` (default) — next integer above the current max id in the collection.
+   * - `"uuid"` — a random UUID v4 string (`crypto.randomUUID()`).
+   */
+  idStrategy: import_zod.z.enum(["increment", "uuid"]).default("increment")
 });
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {