@zintrust/core 0.1.18 → 0.1.20

package/src/templates/project/basic/config/microservices.ts.tpl

@@ -1,104 +1,18 @@
 /**
- * Microservices Configuration
- * Microservices architecture and service discovery settings
- * Sealed namespace for immutability
+ * Microservices Configuration (template)
+ *
+ * Keep this file declarative:
+ * - Core owns env parsing/default logic.
+ * - Projects can override values by editing `microservicesConfigObj`.
  */
 
-import { Env } from './env';
+import { microservicesConfig as coreMicroservicesConfig } from '@zintrust/core';
 
-const microservicesConfigObj = {
-  /**
-   * Enable microservices mode
-   */
-  enabled: Env.getBool('MICROSERVICES', false),
+type MicroservicesConfigShape = typeof coreMicroservicesConfig;
 
-  /**
-   * Enabled services (comma-separated)
-   */
-  services: Env.get('SERVICES', '')
-    .split(',')
-    .filter((s) => s.trim()),
-
-  /**
-   * Service discovery
-   */
-  discovery: {
-    type: Env.get('SERVICE_DISCOVERY_TYPE', 'filesystem') as 'filesystem' | 'consul' | 'etcd',
-    servicesPath: Env.get('SERVICES_PATH', 'services'),
-    refreshInterval: Env.getInt('SERVICE_DISCOVERY_REFRESH_INTERVAL', 30000),
-  },
-
-  /**
-   * Service Registry
-   */
-  registry: {
-    host: Env.get('SERVICE_REGISTRY_HOST', 'localhost'),
-    port: Env.getInt('SERVICE_REGISTRY_PORT', 8500),
-    deregisterCriticalServiceAfter: Env.get('SERVICE_DEREGISTER_CRITICAL_AFTER', '30s'),
-  },
-
-  /**
-   * Service Authentication
-   */
-  auth: {
-    strategy: Env.get('SERVICE_AUTH_STRATEGY', 'none') as 'api-key' | 'jwt' | 'none' | 'custom',
-    apiKey: Env.get('SERVICE_API_KEY'),
-    jwtSecret: Env.get('SERVICE_JWT_SECRET'),
-  },
-
-  /**
-   * Request Tracing
-   */
-  tracing: {
-    enabled: Env.getBool('MICROSERVICES_TRACING', false),
-    samplingRate: Env.getInt('MICROSERVICES_TRACING_RATE', 100) / 100,
-    exportInterval: Env.getInt('TRACING_EXPORT_INTERVAL', 10000),
-    jaegerEndpoint: Env.get('JAEGER_AGENT_HOST', 'localhost'),
-  },
-
-  /**
-   * Database Isolation
-   */
-  database: {
-    isolation: Env.get('DATABASE_ISOLATION', 'shared') as 'shared' | 'isolated',
-    schema: Env.get('DATABASE_SCHEMA_PREFIX', 'microservice'),
-  },
-
-  /**
-   * Service Health Check
-   */
-  healthCheck: {
-    enabled: Env.getBool('SERVICE_HEALTH_CHECK_ENABLED', true),
-    interval: Env.getInt('SERVICE_HEALTH_CHECK_INTERVAL', 30000),
-    timeout: Env.getInt('SERVICE_HEALTH_CHECK_TIMEOUT', 5000),
-    unhealthyThreshold: Env.getInt('SERVICE_UNHEALTHY_THRESHOLD', 3),
-    healthyThreshold: Env.getInt('SERVICE_HEALTHY_THRESHOLD', 2),
-  },
-
-  /**
-   * Service Communication
-   */
-  communication: {
-    timeout: Env.getInt('SERVICE_CALL_TIMEOUT', 30000),
-    retries: Env.getInt('SERVICE_CALL_RETRIES', 3),
-    retryDelay: Env.getInt('SERVICE_CALL_RETRY_DELAY', 1000),
-    circuitBreaker: {
-      enabled: Env.getBool('CIRCUIT_BREAKER_ENABLED', true),
-      threshold: Env.getInt('CIRCUIT_BREAKER_THRESHOLD', 5),
-      timeout: Env.getInt('CIRCUIT_BREAKER_TIMEOUT', 60000),
-    },
-  },
-
-  /**
-   * Service Mesh (Istio/Linkerd support)
-   */
-  mesh: {
-    enabled: Env.getBool('SERVICE_MESH_ENABLED', false),
-    type: Env.get('SERVICE_MESH_TYPE', 'istio') as 'istio' | 'linkerd',
-    namespace: Env.get('SERVICE_MESH_NAMESPACE', 'default'),
-  },
-} as const;
-
-export const microservicesConfig = Object.freeze(microservicesConfigObj);
+export const microservicesConfigObj = {
+  ...coreMicroservicesConfig,
+} satisfies MicroservicesConfigShape;
 
+export const microservicesConfig = microservicesConfigObj;
 export type MicroservicesConfig = typeof microservicesConfig;

package/src/templates/project/basic/config/middleware.ts.tpl

@@ -1,23 +1,32 @@
-import { MiddlewareConfigType } from './type';
+/**
+ * Middleware Configuration (template)
+ *
+ * Keep this file declarative:
+ * - Core owns middleware construction / any runtime behavior.
+ * - Projects can override by editing `middlewareConfigObj`.
+ */
+
+import { middlewareConfig as coreMiddlewareConfig } from '@zintrust/core';
 import { CsrfMiddleware } from '@zintrust/core';
-import { ErrorHandlerMiddleware } from '@zintrust/core';
-import { LoggingMiddleware } from '@zintrust/core';
-import type { Middleware } from '@zintrust/core';
-import { RateLimiter } from '@zintrust/core';
-import { SecurityMiddleware } from '@zintrust/core';
 
-const shared = Object.freeze({
-  log: LoggingMiddleware.create(),
-  error: ErrorHandlerMiddleware.create(),
-  security: SecurityMiddleware.create(),
-  rateLimit: RateLimiter.create(),
-  csrf: CsrfMiddleware.create(),
-} satisfies Record<string, Middleware>);
+type MiddlewareConfigShape = typeof coreMiddlewareConfig;
+
+// Optional: if you're building a pure Bearer-token API (no cookie auth),
+// you can bypass CSRF for API routes.
+// Example: ['\/api\/*'] skips CSRF for all API endpoints.
+const csrf = CsrfMiddleware.create({
+  skipPaths: [],
+});
 
-const middlewareConfigObj: MiddlewareConfigType = {
-  global: [shared.log, shared.error, shared.security, shared.rateLimit, shared.csrf],
-  route: shared,
-};
+export const middlewareConfigObj = {
+  ...coreMiddlewareConfig,
+  route: {
+    ...coreMiddlewareConfig.route,
+    csrf,
+  },
+  // Keep global middleware order but swap in the overridden CSRF middleware.
+  global: coreMiddlewareConfig.global.map((mw) => (mw === coreMiddlewareConfig.route.csrf ? csrf : mw)),
+} satisfies MiddlewareConfigShape;
 
-export const middlewareConfig = Object.freeze(middlewareConfigObj);
+export const middlewareConfig = middlewareConfigObj;
 export default middlewareConfig;

package/src/templates/project/basic/config/notification.ts.tpl

@@ -1,136 +1,23 @@
 /**
- * Notification Configuration
+ * Notification Configuration (template)
  *
- * Config-first mapping of notification providers/channels.
- * Driver selection must be dynamic (tests may mutate process.env).
+ * Keep this file declarative:
+ * - Core owns env parsing/default logic.
+ * - Projects can override values by editing `drivers` and `notificationConfigObj`.
  */
 
-import { Env } from './env';
-import type {
-  KnownNotificationDriverConfig,
-  NotificationConfigInput,
-  NotificationDrivers,
-  NotificationProviders,
-} from './type';
-import { ErrorFactory } from '@zintrust/core';
+import { notificationConfig as coreNotificationConfig } from '@zintrust/core';
 
-const normalizeName = (value: string): string => value.trim().toLowerCase();
+type NotificationConfigShape = typeof coreNotificationConfig;
 
-const hasOwn = (obj: Record<string, unknown>, key: string): boolean => {
-  return Object.prototype.hasOwnProperty.call(obj, key);
-};
+export const drivers = {
+  ...coreNotificationConfig.drivers,
+} satisfies NotificationConfigShape['drivers'];
 
-const getDefaultChannel = (drivers: NotificationDrivers): string => {
-  const envSelectedRaw = Env.get(
-    'NOTIFICATION_CONNECTION',
-    Env.get('NOTIFICATION_DRIVER', 'console')
-  );
-  const value = normalizeName(envSelectedRaw ?? 'console');
-
-  if (value.length > 0 && hasOwn(drivers, value)) return value;
-
-  if (envSelectedRaw.trim().length > 0) {
-    throw ErrorFactory.createConfigError(`Notification channel not configured: ${value}`);
-  }
-
-  return hasOwn(drivers, 'console') ? 'console' : (Object.keys(drivers)[0] ?? 'console');
-};
-
-const getNotificationDriver = (
-  config: NotificationConfigInput,
-  name?: string
-): KnownNotificationDriverConfig => {
-  const selected = normalizeName(String(name ?? config.default));
-  const channelName = selected === 'default' ? normalizeName(config.default) : selected;
-
-  const isExplicitSelection =
-    name !== undefined &&
-    String(name).trim().length > 0 &&
-    normalizeName(String(name)) !== 'default';
-
-  if (channelName.length > 0 && hasOwn(config.drivers, channelName)) {
-    const resolved = config.drivers[channelName];
-    if (resolved !== undefined) return resolved;
-  }
-
-  if (Object.keys(config.drivers ?? {}).length === 0) {
-    throw ErrorFactory.createConfigError('No notification channels are configured');
-  }
-
-  if (isExplicitSelection) {
-    throw ErrorFactory.createConfigError(`Notification channel not configured: ${channelName}`);
-  }
-
-  // Default selection is strict: if `default` points at an unconfigured channel, throw.
-  throw ErrorFactory.createConfigError(`Notification channel not configured: ${channelName}`);
-};
-
-const getBaseProviders = (): NotificationProviders => {
-  return {
-    console: { driver: 'console' as const },
-    termii: {
-      driver: 'termii' as const,
-      apiKey: Env.get('TERMII_API_KEY', ''),
-      sender: Env.get('TERMII_SENDER', 'Zintrust'),
-      endpoint: Env.get('TERMII_ENDPOINT', 'https://api.termii.com/sms/send'),
-    },
-    twilio: {
-      driver: 'twilio' as const,
-      accountSid: Env.get('TWILIO_ACCOUNT_SID', ''),
-      authToken: Env.get('TWILIO_AUTH_TOKEN', ''),
-      fromNumber: Env.get('TWILIO_FROM_NUMBER', ''),
-    },
-    slack: {
-      driver: 'slack' as const,
-      webhookUrl: Env.get('SLACK_WEBHOOK_URL', ''),
-    },
-  };
-};
-
-const notificationConfigObj = {
-  /**
-   * Default notification channel name (normalized).
-   */
-  get default(): string {
-    return getDefaultChannel(this.drivers);
-  },
-
-  /**
-   * Notification channels.
-   *
-   * You may add custom named channels (e.g. `opsSlack`, `smsMarketing`) that
-   * point to any known driver config.
-   */
-  get drivers(): NotificationDrivers {
-    // Return a record of channels; can be extended by app-level config.
-    return getBaseProviders() as unknown as NotificationDrivers;
-  },
-
-  /**
-   * Legacy provider configs (kept for backwards compatibility with wrappers).
-   */
-  get providers(): NotificationProviders {
-    return getBaseProviders();
-  },
-
-  /**
-   * Normalized notification channel name.
-   */
-  getDriverName(): string {
-    return normalizeName(this.default);
-  },
-
-  /**
-   * Resolve a channel config.
-   * - Unknown names throw when explicitly selected.
-   * - `default` is a reserved alias of the configured default.
-   */
-  getDriverConfig(name?: string): KnownNotificationDriverConfig {
-    return getNotificationDriver(this, name);
-  },
-} as const;
-
-export const notificationConfig = Object.freeze(notificationConfigObj);
-export type NotificationConfig = typeof notificationConfig;
+export const notificationConfigObj = {
+  ...coreNotificationConfig,
+  drivers,
+} satisfies NotificationConfigShape;
 
+const notificationConfig = notificationConfigObj;
 export default notificationConfig;

package/src/templates/project/basic/config/queue.ts.tpl

@@ -1,86 +1,23 @@
 /**
- * Queue Configuration
- * Background job and message queue settings
- * Sealed namespace for immutability
+ * Queue Configuration (template)
+ *
+ * Keep this file declarative:
+ * - Core owns env parsing/default logic.
+ * - Projects can override values by editing `connections` and `queueConfigObj`.
  */
 
-import { Env } from './env';
+import { queueConfig as coreQueueConfig } from '@zintrust/core';
 
-import type { QueueConfigWithDrivers, QueueDriverName, QueueDriversConfig } from './type';
+type QueueConfigShape = typeof coreQueueConfig;
 
-const getQueueDriver = (config: QueueConfigWithDrivers): QueueDriversConfig[QueueDriverName] => {
-  const driverName = config.default;
-  return config.drivers[driverName];
-};
+export const connections = {
+  ...coreQueueConfig.connections,
+} satisfies QueueConfigShape['connections'];
 
-const queueConfigObj = {
-  /**
-   * Default queue driver
-   */
-  default: Env.get('QUEUE_DRIVER', 'sync') as QueueDriverName,
+export const queueConfigObj = {
+  ...coreQueueConfig,
+  connections,
+} satisfies QueueConfigShape;
 
-  /**
-   * Queue drivers
-   */
-  drivers: {
-    sync: {
-      driver: 'sync' as const,
-    },
-    database: {
-      driver: 'database' as const,
-      table: Env.get('QUEUE_TABLE', 'jobs'),
-      connection: Env.get('QUEUE_DB_CONNECTION', 'default'),
-    },
-    redis: {
-      driver: 'redis' as const,
-      host: Env.get('REDIS_HOST', 'localhost'),
-      port: Env.getInt('REDIS_PORT', 6379),
-      password: Env.get('REDIS_PASSWORD'),
-      database: Env.getInt('REDIS_QUEUE_DB', 1),
-    },
-    rabbitmq: {
-      driver: 'rabbitmq' as const,
-      host: Env.get('RABBITMQ_HOST', 'localhost'),
-      port: Env.getInt('RABBITMQ_PORT', 5672),
-      username: Env.get('RABBITMQ_USER', 'guest'),
-      password: Env.get('RABBITMQ_PASSWORD', 'guest'),
-      vhost: Env.get('RABBITMQ_VHOST', '/'),
-    },
-    sqs: {
-      driver: 'sqs' as const,
-      key: Env.get('AWS_ACCESS_KEY_ID'),
-      secret: Env.get('AWS_SECRET_ACCESS_KEY'),
-      region: Env.AWS_REGION,
-      queueUrl: Env.get('AWS_SQS_QUEUE_URL'),
-    },
-  } satisfies QueueDriversConfig,
-
-  /**
-   * Get queue driver config
-   */
-  getDriver(): QueueDriversConfig[QueueDriverName] {
-    return getQueueDriver(this);
-  },
-
-  /**
-   * Failed jobs table
-   */
-  failed: {
-    database: Env.get('FAILED_JOBS_DB_CONNECTION', 'default'),
-    table: Env.get('FAILED_JOBS_TABLE', 'failed_jobs'),
-  },
-
-  /**
-   * Job processing
-   */
-  processing: {
-    timeout: Env.getInt('QUEUE_JOB_TIMEOUT', 60),
-    retries: Env.getInt('QUEUE_JOB_RETRIES', 3),
-    backoff: Env.getInt('QUEUE_JOB_BACKOFF', 0),
-    workers: Env.getInt('QUEUE_WORKERS', 1),
-  },
-};
-
-export const queueConfig = Object.freeze(queueConfigObj);
-
-export type QueueConfig = typeof queueConfig;
+const queueConfig = queueConfigObj;
+export default queueConfig;

package/src/templates/project/basic/config/security.ts.tpl

@@ -1,170 +1,18 @@
 /**
- * Security Configuration
- * JWT, CSRF, encryption and other security settings
- * Sealed namespace for immutability
+ * Security Configuration (template)
  *
- * APP_KEY: Primary encryption key for storage signing and app-level encryption.
- *          Set automatically during project scaffolding.
- *
- * Security keys can be configured per domain:
- * - APP_KEY: Default encryption key for all operations (auto-generated)
- * - API_KEY_SECRET: Optional API key authentication (if API_KEY_ENABLED=true)
- * - ENCRYPTION_CIPHER: Cipher for encrypted envelope interoperability
- * - JWT_SECRET: JWT token signing key
- *
- * Developers can use a single APP_KEY or configure separate keys for different
- * security domains (e.g., different keys for different microservices).
+ * Keep this file declarative:
+ * - Core owns env parsing/default logic.
+ * - Projects can override values by editing `securityConfigObj`.
  */
 
-import { appConfig } from './app';
-import { Env } from './env';
-import { Logger } from './logger';
-import { ErrorFactory } from '@zintrust/core';
-
-/**
- * Helper to warn about missing secrets
- */
-function warnMissingSecret(secretName: string): string {
-  Logger.error(`❌ CRITICAL: ${secretName} environment variable is not set!`);
-  Logger.error('⚠️  Application may not function correctly. Set this in production immediately.');
-  if (appConfig.isProduction()) {
-    throw ErrorFactory.createConfigError(`Missing required secret: ${secretName}`, { secretName });
-  }
-
-  // In non-production environments, allow the app/CLI to start while still warning loudly.
-  // This is intentionally predictable for local development and test tooling.
-  return 'dev-unsafe-jwt-secret';
-}
-
-let cachedJwtSecret: string | undefined;
-
-const securityConfigObj = {
-  /**
-   * JWT Configuration
-   */
-  jwt: {
-    enabled: Env.getBool('JWT_ENABLED', true),
-    get secret(): string {
-      if (cachedJwtSecret !== undefined) return cachedJwtSecret;
-      const isEnabled = Env.getBool('JWT_ENABLED', true);
-      cachedJwtSecret = isEnabled
-        ? Env.get('JWT_SECRET') || warnMissingSecret('JWT_SECRET')
-        : Env.get('JWT_SECRET') || '';
-      return cachedJwtSecret;
-    },
-    algorithm: Env.get('JWT_ALGORITHM', 'HS256') as 'HS256' | 'HS512' | 'RS256',
-    expiresIn: Env.get('JWT_EXPIRES_IN', '1h'),
-    refreshExpiresIn: Env.get('JWT_REFRESH_EXPIRES_IN', '7d'),
-    issuer: Env.get('JWT_ISSUER', 'zintrust'),
-    audience: Env.get('JWT_AUDIENCE', 'zintrust-api'),
-  },
-
-  /**
-   * CSRF Protection
-   */
-  csrf: {
-    enabled: Env.getBool('CSRF_ENABLED', true),
-    headerName: Env.get('CSRF_HEADER_NAME', 'x-csrf-token'),
-    tokenName: Env.get('CSRF_TOKEN_NAME', '_csrf'),
-    cookieName: Env.get('CSRF_COOKIE_NAME', 'XSRF-TOKEN'),
-    cookieHttpOnly: Env.getBool('CSRF_COOKIE_HTTP_ONLY', true),
-    cookieSecure: Env.getBool('CSRF_COOKIE_SECURE', true),
-    cookieSameSite: Env.get('CSRF_COOKIE_SAME_SITE', 'strict') as 'strict' | 'lax' | 'none',
-  },
-
-  /**
-   * Encryption
-   */
-  encryption: {
-    // Required for framework-compatible encrypted payloads.
-    // Supported values: aes-256-cbc | aes-256-gcm (case-insensitive)
-    cipher: Env.get('ENCRYPTION_CIPHER', ''),
-
-    // Primary key used for encryption interoperability (framework-compatible envelopes).
-    // APP_KEY supports both `base64:...` and raw base64.
-    appKey: Env.get('APP_KEY', ''),
-    appPreviousKeys: Env.get('APP_PREVIOUS_KEYS', ''),
-
-    // Back-compat fields (not used by EncryptedEnvelope)
-    algorithm: Env.get('ENCRYPTION_ALGORITHM', 'aes-256-cbc'),
-    key: Env.get('ENCRYPTION_KEY', 'your-encryption-key'),
-  },
-
-  /**
-   * API Key Authentication
-   */
-  apiKey: {
-    enabled: Env.getBool('API_KEY_ENABLED', false),
-    headerName: Env.get('API_KEY_HEADER', 'x-api-key'),
-    secret: Env.get('API_KEY_SECRET'),
-  },
-
-  /**
-   * CORS Configuration
-   */
-  cors: {
-    enabled: Env.getBool('CORS_ENABLED', true),
-    origins: Env.get('CORS_ORIGINS', '*').split(','),
-    methods: Env.get('CORS_METHODS', 'GET,POST,PUT,PATCH,DELETE').split(','),
-    allowedHeaders: Env.get('CORS_ALLOWED_HEADERS', 'Content-Type,Authorization').split(','),
-    exposedHeaders: Env.get('CORS_EXPOSED_HEADERS', '').split(','),
-    credentials: Env.getBool('CORS_CREDENTIALS', false),
-    maxAge: Env.getInt('CORS_MAX_AGE', 86400),
-  },
-
-  /**
-   * Rate Limiting
-   */
-  rateLimit: {
-    enabled: Env.getBool('RATE_LIMIT_ENABLED', true),
-    windowMs: Env.getInt('RATE_LIMIT_WINDOW_MS', 900000), // 15 minutes
-    maxRequests: Env.getInt('RATE_LIMIT_MAX_REQUESTS', 100),
-    message: Env.get('RATE_LIMIT_MESSAGE', 'Too many requests, please try again later'),
-  },
-
-  /**
-   * XSS Protection
-   */
-  xss: {
-    enabled: Env.getBool('XSS_ENABLED', true),
-    reportUri: Env.get('XSS_REPORT_URI'),
-  },
-
-  /**
-   * Helmet Security Headers
-   */
-  helmet: {
-    enabled: Env.getBool('HELMET_ENABLED', true),
-    contentSecurityPolicy: Env.getBool('CSP_ENABLED', true),
-    hsts: {
-      enabled: Env.getBool('HSTS_ENABLED', true),
-      maxAge: Env.getInt('HSTS_MAX_AGE', 31536000),
-      includeSubDomains: Env.getBool('HSTS_INCLUDE_SUBDOMAINS', true),
-    },
-  },
+import { securityConfig as coreSecurityConfig } from '@zintrust/core';
 
-  /**
-   * Session Configuration
-   */
-  session: {
-    name: Env.get('SESSION_NAME', 'zintrust_session'),
-    secret: Env.get('SESSION_SECRET', 'your-session-secret'),
-    expiresIn: Env.getInt('SESSION_EXPIRES_IN', 1800000), // 30 minutes
-    secure: Env.getBool('SESSION_SECURE', true),
-    httpOnly: Env.getBool('SESSION_HTTP_ONLY', true),
-    sameSite: Env.get('SESSION_SAME_SITE', 'strict') as 'strict' | 'lax' | 'none',
-  },
+type SecurityConfigShape = typeof coreSecurityConfig;
 
-  /**
-   * Password settings
-   */
-  password: {
-    minLength: Env.getInt('PASSWORD_MIN_LENGTH', 8),
-    requireUppercase: Env.getBool('PASSWORD_REQUIRE_UPPERCASE', true),
-    requireNumbers: Env.getBool('PASSWORD_REQUIRE_NUMBERS', true),
-    requireSpecialChars: Env.getBool('PASSWORD_REQUIRE_SPECIAL_CHARS', true),
-    bcryptRounds: Env.getInt('BCRYPT_ROUNDS', 10),
-  },
-} as const;
+export const securityConfigObj = {
+  ...coreSecurityConfig,
+} satisfies SecurityConfigShape;
 
-export const securityConfig = Object.freeze(securityConfigObj);
+const securityConfig = securityConfigObj;
+export default securityConfig;

package/src/templates/project/basic/config/startup.ts.tpl

@@ -1,29 +1,18 @@
 /**
- * Startup Configuration
+ * Startup Configuration (template)
  *
- * Startup-only controls (evaluated during Application.boot()).
+ * Keep this file declarative:
+ * - Core owns env parsing/default logic.
+ * - Projects can override values by editing `startupConfigObj`.
  */
 
-import { Env } from './env';
+import { startupConfig as coreStartupConfig } from '@zintrust/core';
 
-export type StartupConfig = {
-  healthChecksEnabled: boolean;
-  validateSecrets: boolean;
-  requireEnv: boolean;
-  checkDatabase: boolean;
-  checkCache: boolean;
-  timeoutMs: number;
-  continueOnFailure: boolean;
-};
+export type StartupConfig = typeof coreStartupConfig;
 
-export const startupConfig = Object.freeze({
-  healthChecksEnabled: Env.getBool('STARTUP_HEALTH_CHECKS', true),
-  validateSecrets: Env.getBool('STARTUP_VALIDATE_SECRETS', true),
-  requireEnv: Env.getBool('STARTUP_REQUIRE_ENV', false),
-  checkDatabase: Env.getBool('STARTUP_CHECK_DB', false),
-  checkCache: Env.getBool('STARTUP_CHECK_CACHE', false),
-  timeoutMs: Env.getInt('STARTUP_HEALTH_TIMEOUT_MS', 2500),
-  continueOnFailure: Env.getBool('STARTUP_CONTINUE_ON_FAILURE', false),
-} satisfies StartupConfig);
+export const startupConfigObj = {
+  ...coreStartupConfig,
+} satisfies StartupConfig;
 
+export const startupConfig = startupConfigObj;
 export default startupConfig;