@zintrust/core 0.1.19 → 0.1.20

package/src/common/utility.js

@@ -0,0 +1,101 @@
+import { ErrorFactory } from '../exceptions/ZintrustError.js';
+import { randomBytes } from '../node-singletons/crypto.js';
+export const generateUuid = () => {
+    if (typeof globalThis?.crypto?.randomUUID === 'function')
+        return globalThis.crypto.randomUUID();
+    return `${Date.now()}-${Math.random().toString(36).slice(2, 9)}`; // NOSONAR
+};
+export function generateSecureJobId(errMsg = 'Secure crypto API not available to generate a job id.') {
+    if (typeof globalThis.crypto?.randomUUID === 'function') {
+        return globalThis.crypto.randomUUID();
+    }
+    if (typeof globalThis.crypto?.getRandomValues === 'function') {
+        const bytes = new Uint8Array(16);
+        globalThis.crypto.getRandomValues(bytes);
+        return bytesToHex(bytes);
+    }
+    // Node fallback for environments without Web Crypto
+    try {
+        return randomBytes(16).toString('hex');
+    }
+    catch (error) {
+        throw ErrorFactory.createTryCatchError(errMsg || 'Secure crypto API not available to generate a job id.', error);
+    }
+}
+export const getString = (value) => (typeof value === 'string' ? value : '');
+function bytesToHex(bytes) {
+    let out = '';
+    for (const b of bytes)
+        out += b.toString(16).padStart(2, '0');
+    return out;
+}
+export function isEmpty(value) {
+    return (value === null ||
+        value === undefined ||
+        value === false ||
+        value === 0 ||
+        value === '' ||
+        value === '0');
+}
+export function toStr(value) {
+    return String(value ?? '');
+}
+export function stripSpaces(value) {
+    return toStr(value).replaceAll(' ', '');
+}
+export function sanitize(value, pattern, stripSpace = false) {
+    const input = stripSpace ? stripSpaces(value) : toStr(value);
+    return input.replace(pattern, '');
+}
+export function isNumericString(value) {
+    const trimmed = value.trim();
+    if (trimmed.length === 0)
+        return false;
+    const n = Number(trimmed);
+    return Number.isFinite(n);
+}
+export function toPlusDecimal(num, dec = 8) {
+    if (isEmpty(num))
+        return 0;
+    const numStr = toStr(num);
+    const hasDot = numStr.includes('.');
+    const hasExponent = /e/i.test(numStr);
+    const normalized = hasExponent ? Number(numStr).toFixed(dec + 1) : numStr;
+    const valueNew = hasDot
+        ? (() => {
+            const [whole, frac = ''] = normalized.split('.');
+            return Number.parseFloat(`${whole}.${frac.slice(0, dec)}`);
+        })()
+        : Number.parseFloat(normalized);
+    if (valueNew < 0 && String(valueNew).startsWith('-')) {
+        return 0;
+    }
+    return valueNew;
+}
+export function toMinusDecimal(num, dec = 8) {
+    if (isEmpty(num))
+        return 0;
+    const numStr = toStr(num);
+    const hasDot = numStr.includes('.');
+    const hasExponent = /e/i.test(numStr);
+    const normalized = hasExponent ? Number(numStr).toFixed(dec + 1) : numStr;
+    if (hasDot) {
+        const [whole, frac = ''] = normalized.split('.');
+        return Number.parseFloat(`${whole}.${frac.slice(0, dec)}`);
+    }
+    return Number.parseFloat(normalized);
+}
+export const nowIso = () => new Date().toISOString();
+export const Utilities = Object.freeze({
+    generateUuid,
+    getString,
+    generateSecureJobId,
+    isEmpty,
+    toStr,
+    stripSpaces,
+    sanitize,
+    isNumericString,
+    toPlusDecimal,
+    toMinusDecimal,
+    nowIso,
+});

package/src/config/FileLogWriter.d.ts

@@ -2,7 +2,7 @@
  * FileLogWriter (Node.js only)
  *
  * Provides best-effort file logging with daily + size-based rotation.
- * This module imports Node built-ins and should be loaded only in Node environments.
+ * Uses async write streams to avoid blocking the event loop.
  */
 type CleanOnceOptions = {
     logsDir?: string;
@@ -17,6 +17,7 @@ type CleanOnceOptions = {
 export declare const cleanOnce: (options?: CleanOnceOptions) => string[];
 export declare const FileLogWriter: Readonly<{
     write(line: string): void;
+    flush(): void;
 }>;
 export default FileLogWriter;
 //# sourceMappingURL=FileLogWriter.d.ts.map

package/src/config/FileLogWriter.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"FileLogWriter.d.ts","sourceRoot":"","sources":["../../../src/config/FileLogWriter.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA8EH,KAAK,gBAAgB,GAAG;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAiFF;;;GAGG;AACH,eAAO,MAAM,SAAS,GAAI,UAAU,gBAAgB,KAAG,MAAM,EAsB5D,CAAC;AAoBF,eAAO,MAAM,aAAa;gBACZ,MAAM,GAAG,IAAI;EAqBzB,CAAC;AAEH,eAAe,aAAa,CAAC"}
+{"version":3,"file":"FileLogWriter.d.ts","sourceRoot":"","sources":["../../../src/config/FileLogWriter.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAwGH,KAAK,gBAAgB,GAAG;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAiFF;;;GAGG;AACH,eAAO,MAAM,SAAS,GAAI,UAAU,gBAAgB,KAAG,MAAM,EAsB5D,CAAC;AAwEF,eAAO,MAAM,aAAa;gBACZ,MAAM,GAAG,IAAI;aAqChB,IAAI;EAQb,CAAC;AAEH,eAAe,aAAa,CAAC"}

package/src/config/FileLogWriter.js

@@ -2,12 +2,34 @@
  * FileLogWriter (Node.js only)
  *
  * Provides best-effort file logging with daily + size-based rotation.
- * This module imports Node built-ins and should be loaded only in Node environments.
+ * Uses async write streams to avoid blocking the event loop.
  */
 import { ensureDirSafe } from '../common/index.js';
 import { Env } from './env.js';
 import * as fs from '../node-singletons/fs.js';
 import * as path from '../node-singletons/path.js';
+// Write stream cache to avoid recreating streams
+const streamCache = new Map();
+const pendingWrites = new Map();
+const canUseWriteStreams = () => {
+    try {
+        // Vitest's ESM module mocks can throw when accessing missing exports.
+        // Treat missing createWriteStream as "no stream support".
+        return (typeof fs.createWriteStream === 'function');
+    }
+    catch {
+        return false;
+    }
+};
+const appendFileSafe = (logFile, content) => {
+    try {
+        // Some tests/mock environments provide only appendFileSync (no streams).
+        fs.appendFileSync(logFile, content);
+    }
+    catch {
+        // best-effort
+    }
+};
 const getCwdSafe = () => {
     try {
         if (typeof process === 'undefined' || typeof process.cwd !== 'function')
@@ -160,6 +182,12 @@ const rotateIfNeeded = (logFile, maxSizeBytes) => {
         const stat = fs.statSync(logFile);
         if (stat.size <= maxSizeBytes)
             return;
+        // Close and clear existing stream before rotation
+        const stream = streamCache.get(logFile);
+        if (stream !== undefined) {
+            stream.end();
+            streamCache.delete(logFile);
+        }
         const ext = '.log';
         const base = logFile.endsWith(ext) ? logFile.slice(0, -ext.length) : logFile;
         const rotated = `${base}-${Date.now()}${ext}`;
@@ -169,6 +197,38 @@ const rotateIfNeeded = (logFile, maxSizeBytes) => {
         // best-effort
     }
 };
+const getOrCreateStream = (logFile) => {
+    let stream = streamCache.get(logFile);
+    if (stream === undefined || stream.destroyed) {
+        const createWriteStream = fs
+            .createWriteStream;
+        stream = createWriteStream(logFile, { flags: 'a', encoding: 'utf-8' });
+        // Clean up on error
+        stream.on('error', () => {
+            streamCache.delete(logFile);
+        });
+        streamCache.set(logFile, stream);
+    }
+    return stream;
+};
+const flushPendingWrites = (logFile) => {
+    const pending = pendingWrites.get(logFile);
+    if (pending === undefined || pending.length === 0)
+        return;
+    const lines = pending.join('');
+    if (!canUseWriteStreams()) {
+        appendFileSafe(logFile, lines);
+        pendingWrites.delete(logFile);
+        return;
+    }
+    const stream = getOrCreateStream(logFile);
+    stream.write(lines, (error) => {
+        if (error !== null && error !== undefined) {
+            // Silent failure for best-effort logging
+        }
+    });
+    pendingWrites.delete(logFile);
+};
 export const FileLogWriter = Object.freeze({
     write(line) {
         const cwd = getCwdSafe();
@@ -179,8 +239,20 @@ export const FileLogWriter = Object.freeze({
         const dateStr = getDateStr(new Date());
         const logFile = path.join(logsDir, `app-${dateStr}.log`);
         rotateIfNeeded(logFile, Env.LOG_ROTATION_SIZE);
+        // In test environments we sometimes mock @node-singletons/fs without stream APIs.
+        // Fall back to synchronous append to avoid runtime crashes.
+        if (!canUseWriteStreams()) {
+            appendFileSafe(logFile, `${line}\n`);
+            cleanupOldLogs(logsDir, Env.LOG_ROTATION_DAYS);
+            return;
+        }
         try {
-            fs.appendFileSync(logFile, `${line}\n`);
+            // Buffer writes for async processing
+            const pending = pendingWrites.get(logFile) ?? [];
+            pending.push(`${line}\n`);
+            pendingWrites.set(logFile, pending);
+            // Flush on next tick to batch multiple rapid writes
+            process.nextTick(() => flushPendingWrites(logFile));
         }
         catch {
             // best-effort
@@ -188,5 +260,14 @@ export const FileLogWriter = Object.freeze({
         }
         cleanupOldLogs(logsDir, Env.LOG_ROTATION_DAYS);
     },
+    // Flush all streams (for graceful shutdown)
+    flush() {
+        for (const [logFile, stream] of streamCache.entries()) {
+            flushPendingWrites(logFile);
+            stream.end();
+        }
+        streamCache.clear();
+        pendingWrites.clear();
+    },
 });
 export default FileLogWriter;

package/src/config/app.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../../../src/config/app.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAA4B,SAAS,EAAE,MAAM,cAAc,CAAC;AAsCxE,QAAA,MAAM,UAAU,QAAO,MAAM,CAAC,UAuB7B,CAAC;AA0FF,eAAO,MAAM,SAAS;IA5EpB;;OAEG;;IAMH;;OAEG;;IAGH;;OAEG;;IAMH;;OAEG;;IAMH;;OAEG;kCACc,OAAO;IAIxB;;OAEG;iCACa,OAAO;IAIvB;;OAEG;8BACU,OAAO;IAIpB;;OAEG;;IAMH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;+BA3GkB,MAAM,CAAC,UAAU;EAiHY,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,CAAC;AAEtB,MAAM,MAAM,SAAS,GAAG,OAAO,SAAS,CAAC"}
+{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../../../src/config/app.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAA4B,SAAS,EAAE,MAAM,cAAc,CAAC;AAsCxE,QAAA,MAAM,UAAU,QAAO,MAAM,CAAC,UA0B7B,CAAC;AA0FF,eAAO,MAAM,SAAS;IA5EpB;;OAEG;;IAMH;;OAEG;;IAGH;;OAEG;;IAMH;;OAEG;;IAMH;;OAEG;kCACc,OAAO;IAIxB;;OAEG;iCACa,OAAO;IAIvB;;OAEG;8BACU,OAAO;IAIpB;;OAEG;;IAMH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;+BA9GkB,MAAM,CAAC,UAAU;EAoHY,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,CAAC;AAEtB,MAAM,MAAM,SAAS,GAAG,OAAO,SAAS,CAAC"}

package/src/config/app.js

@@ -42,7 +42,9 @@ const getSafeEnv = () => {
             readEnvString('NODE_ENV', 'development'),
         USE_RAW_QRY: baseEnv.USE_RAW_QRY ?? (readEnvString('USE_RAW_QRY', '') || undefined),
         SERVICE_API_KEY: baseEnv.SERVICE_API_KEY ?? readEnvString('SERVICE_API_KEY', ''),
-        SERVICE_JWT_SECRET: baseEnv.SERVICE_JWT_SECRET ?? readEnvString('SERVICE_JWT_SECRET', ''),
+        SERVICE_JWT_SECRET: baseEnv.SERVICE_JWT_SECRET ??
+            readEnvString('SERVICE_JWT_SECRET', '') ??
+            readEnvString('APP_KEY', ''),
         BASE_URL: baseEnv['BASE_URL'] ?? readEnvString('BASE_URL', ''),
         MODE: baseEnv['MODE'] ?? readEnvString('MODE', ''),
         // Hardening for child-process usage

package/src/config/broadcast.d.ts

@@ -4,7 +4,7 @@
  * Centralizes broadcast driver selection and provider env mappings.
  * Driver selection must be dynamic (tests may mutate process.env).
  */
-import { InMemoryBroadcastDriverConfig, KnownBroadcastDriverConfig, PusherBroadcastDriverConfig, RedisBroadcastDriverConfig, RedisHttpsBroadcastDriverConfig } from './type';
+import type { InMemoryBroadcastDriverConfig, KnownBroadcastDriverConfig, PusherBroadcastDriverConfig, RedisBroadcastDriverConfig, RedisHttpsBroadcastDriverConfig } from './type';
 declare const _default: Readonly<{
     /**
      * Default broadcaster name (normalized).

package/src/config/broadcast.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"broadcast.d.ts","sourceRoot":"","sources":["../../../src/config/broadcast.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAGL,6BAA6B,EAC7B,0BAA0B,EAC1B,2BAA2B,EAC3B,0BAA0B,EAC1B,+BAA+B,EAChC,MAAM,cAAc,CAAC;;IA4EpB;;OAEG;sBACY,MAAM;IAIrB;;;;;OAKG;;2BAEe,6BAA6B;;;;;IAc/C;;OAEG;kCACc,MAAM;IAIvB;;;OAGG;sCACoB,MAAM,KAAG,0BAA0B;;AAK5D,wBAAiD"}
+{"version":3,"file":"broadcast.d.ts","sourceRoot":"","sources":["../../../src/config/broadcast.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAGV,6BAA6B,EAC7B,0BAA0B,EAC1B,2BAA2B,EAC3B,0BAA0B,EAC1B,+BAA+B,EAChC,MAAM,cAAc,CAAC;;IA4EpB;;OAEG;sBACY,MAAM;IAIrB;;;;;OAKG;;2BAEe,6BAA6B;;;;;IAc/C;;OAEG;kCACc,MAAM;IAIvB;;;OAGG;sCACoB,MAAM,KAAG,0BAA0B;;AAK5D,wBAAiD"}

package/src/config/cache.d.ts

@@ -3,7 +3,7 @@
  * Caching drivers and settings
  * Sealed namespace for immutability
  */
-import { CacheDriverConfig } from './type';
+import type { CacheDriverConfig } from './type';
 export declare const cacheConfig: Readonly<{
     /**
      * Default cache driver

package/src/config/cache.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../../../src/config/cache.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAoB,iBAAiB,EAAE,MAAM,cAAc,CAAC;AA2FnE,eAAO,MAAM,WAAW;IA/DtB;;OAEG;;IAaH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;IA4BH;;OAEG;qBACc,MAAM,GAAG,iBAAiB;IAI3C;;OAEG;;IAGH;;OAEG;;EAImD,CAAC;AACzD,MAAM,MAAM,WAAW,GAAG,OAAO,WAAW,CAAC"}
+{"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../../../src/config/cache.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAoB,iBAAiB,EAAE,MAAM,cAAc,CAAC;AA2FxE,eAAO,MAAM,WAAW;IA/DtB;;OAEG;;IAaH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;IA4BH;;OAEG;qBACc,MAAM,GAAG,iBAAiB;IAI3C;;OAEG;;IAGH;;OAEG;;EAImD,CAAC;AACzD,MAAM,MAAM,WAAW,GAAG,OAAO,WAAW,CAAC"}

package/src/config/cloudflare.d.ts

@@ -4,7 +4,7 @@
  * Centralizes access to Workers bindings via globalThis.env.
  * This keeps runtime-specific globals out of adapters/drivers.
  */
-import { KVNamespace, WorkersEnv } from './type';
+import type { KVNamespace, WorkersEnv } from './type';
 import type { DatabaseConfig, ID1Database } from '../orm/DatabaseAdapter';
 export declare const Cloudflare: Readonly<{
     getWorkersEnv: () => WorkersEnv | null;

package/src/config/cloudflare.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cloudflare.d.ts","sourceRoot":"","sources":["../../../src/config/cloudflare.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACvD,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AA8BxE,eAAO,MAAM,UAAU;yBA5BG,UAAU,GAAG,IAAI;2BAOb,cAAc,KAAG,WAAW,GAAG,IAAI;4CAanB,WAAW,GAAG,IAAI;EAY9D,CAAC"}
+{"version":3,"file":"cloudflare.d.ts","sourceRoot":"","sources":["../../../src/config/cloudflare.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC5D,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AA8BxE,eAAO,MAAM,UAAU;yBA5BG,UAAU,GAAG,IAAI;2BAOb,cAAc,KAAG,WAAW,GAAG,IAAI;4CAanB,WAAW,GAAG,IAAI;EAY9D,CAAC"}

package/src/config/database.d.ts

@@ -3,7 +3,7 @@
  * Database connections and pooling settings
  * Sealed namespace for immutability
  */
-import { DatabaseConfigShape, DatabaseConnectionConfig } from './type';
+import type { DatabaseConfigShape, DatabaseConnectionConfig } from './type';
 export declare const databaseConfig: Readonly<{
     /**
      * Default database connection

package/src/config/database.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../../../src/config/database.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,mBAAmB,EAAE,wBAAwB,EAAuB,MAAM,cAAc,CAAC;AA0HlG,eAAO,MAAM,cAAc;IAzCzB;;OAEG;;IAGH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAGH;;OAEG;wBACiB,mBAAmB,GAAG,wBAAwB;IAIlE;;OAEG;;;;;IAMH;;OAEG;;;;;IAMH;;OAEG;;;;EAMyD,CAAC;AAC/D,MAAM,MAAM,cAAc,GAAG,OAAO,cAAc,CAAC"}
+{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../../../src/config/database.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EACV,mBAAmB,EACnB,wBAAwB,EAEzB,MAAM,cAAc,CAAC;AAkNtB,eAAO,MAAM,cAAc;IAzCzB;;OAEG;;IAGH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAGH;;OAEG;wBACiB,mBAAmB,GAAG,wBAAwB;IAIlE;;OAEG;;;;;IAMH;;OAEG;;;;;IAMH;;OAEG;;;;EAMyD,CAAC;AAC/D,MAAM,MAAM,cAAc,GAAG,OAAO,cAAc,CAAC"}

package/src/config/database.js

@@ -5,6 +5,92 @@
  */
 import { Env } from './env.js';
 import { ErrorFactory } from '../exceptions/ZintrustError.js';
+const isNodeProcess = () => {
+    return typeof process !== 'undefined' && typeof process.cwd === 'function';
+};
+const isExplicitEnvValue = (key) => {
+    if (!isNodeProcess())
+        return false;
+    const raw = process.env[key];
+    return typeof raw === 'string' && raw.trim() !== '';
+};
+const looksLikeSqliteFilePath = (value) => {
+    const v = value.trim();
+    if (v === '')
+        return false;
+    if (v === ':memory:')
+        return true;
+    // Heuristic: if it's a path, has an extension, or is explicitly relative.
+    if (v.includes('/') || v.includes('\\'))
+        return true;
+    if (v.startsWith('.'))
+        return true;
+    if (v.startsWith('~'))
+        return true;
+    if (v.endsWith('.sqlite') || v.endsWith('.db'))
+        return true;
+    // Otherwise it's likely a placeholder name (e.g. "zintrust"), not a file path.
+    return false;
+};
+const toSafeDbBasename = (raw) => {
+    const trimmed = raw.trim();
+    if (trimmed === '')
+        return 'zintrust';
+    // Conservative filename allowlist: letters/numbers/_/-, collapse everything else.
+    // Avoid regexes that can exhibit catastrophic backtracking; do deterministic collapsing/trimming.
+    const collapsed = trimmed.toLowerCase().replaceAll(/[^a-z0-9_-]+/g, '-');
+    // Collapse consecutive hyphens deterministically without regex backtracking.
+    let normalized = '';
+    let prevHyphen = false;
+    for (const element of collapsed) {
+        const ch = element;
+        if (ch === '-') {
+            if (!prevHyphen) {
+                normalized += ch;
+                prevHyphen = true;
+            }
+        }
+        else {
+            normalized += ch;
+            prevHyphen = false;
+        }
+    }
+    // Trim leading/trailing hyphens deterministically without regex.
+    let start = 0;
+    let end = normalized.length;
+    while (start < end && normalized.charAt(start) === '-')
+        start++;
+    while (end > start && normalized.charAt(end - 1) === '-')
+        end--;
+    const result = normalized.slice(start, end);
+    return result === '' ? 'zintrust' : result;
+};
+const resolveSqliteDefaultBasename = () => {
+    const service = typeof process.env['SERVICE_NAME'] === 'string' ? process.env['SERVICE_NAME'] : '';
+    if (service.trim() !== '')
+        return toSafeDbBasename(service);
+    const app = typeof process.env['APP_NAME'] === 'string' ? process.env['APP_NAME'] : '';
+    if (app.trim() !== '')
+        return toSafeDbBasename(app);
+    return 'zintrust';
+};
+const resolveDefaultSqliteDatabasePath = () => {
+    // Respect explicit sqlite *file path* configuration.
+    // Note: we intentionally treat plain names like "zintrust" as placeholders, not file paths,
+    // to avoid creating stray DB files in the project root.
+    if (isExplicitEnvValue('DB_DATABASE') || isExplicitEnvValue('DB_PATH')) {
+        const configured = Env.DB_DATABASE;
+        if (looksLikeSqliteFilePath(configured))
+            return configured;
+    }
+    // Only change the default behavior for dev/testing; production should be explicit.
+    if (!isNodeProcess() || Env.NODE_ENV === 'production')
+        return Env.DB_DATABASE;
+    // Store dev sqlite files in project-local metadata folder.
+    // Note: the SQLite adapter ensures the parent directory exists.
+    const base = resolveSqliteDefaultBasename();
+    return `.zintrust/dbs/${base}.sqlite`;
+};
 const hasOwn = (obj, key) => {
     return Object.hasOwn(obj, key);
 };
@@ -35,7 +121,7 @@ const getDatabaseConnection = (config) => {
 const connections = {
     sqlite: {
         driver: 'sqlite',
-        database: Env.DB_DATABASE,
+        database: resolveDefaultSqliteDatabasePath(),
         migrations: 'database/migrations',
     },
     d1: {
@@ -47,10 +133,10 @@ const connections = {
     postgresql: {
         driver: 'postgresql',
         host: Env.DB_HOST,
-        port: Env.DB_PORT,
-        database: Env.DB_DATABASE,
-        username: Env.DB_USERNAME,
-        password: Env.DB_PASSWORD,
+        port: Env.DB_PORT_POSTGRESQL,
+        database: Env.DB_DATABASE_POSTGRESQL,
+        username: Env.DB_USERNAME_POSTGRESQL,
+        password: Env.DB_PASSWORD_POSTGRESQL,
         ssl: Env.getBool('DB_SSL', false),
         pooling: {
             enabled: Env.getBool('DB_POOLING', true),
@@ -93,7 +179,7 @@ const databaseConfigObj = {
      * Enable query logging
      */
     logging: {
-        enabled: Env.DEBUG,
+        enabled: Env.getBool('DB_LOG_QUERIES', Env.DEBUG),
         level: Env.get('DB_LOG_LEVEL', 'debug'),
     },
     /**

package/src/config/env.d.ts

@@ -12,6 +12,7 @@ export declare const Env: Readonly<{
     NODE_ENV: string;
     PORT: number;
     HOST: string;
+    BASE_URL: string;
     APP_NAME: string;
     APP_KEY: string;
     APP_PREVIOUS_KEYS: string;
@@ -22,6 +23,11 @@ export declare const Env: Readonly<{
     DB_USERNAME: string;
     DB_PASSWORD: string;
     DB_READ_HOSTS: string;
+    DB_PORT_POSTGRESQL: number;
+    DB_DATABASE_POSTGRESQL: string;
+    DB_USERNAME_POSTGRESQL: string;
+    DB_PASSWORD_POSTGRESQL: string;
+    DB_READ_HOSTS_POSTGRESQL: string;
     D1_DATABASE_ID: string;
     KV_NAMESPACE_ID: string;
     D1_REMOTE_URL: string;

package/src/config/env.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../../src/config/env.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA+CH,eAAO,MAAM,GAAG;eA/BE,MAAM,iBAAiB,MAAM,KAAG,MAAM;kBAMnC,MAAM,iBAAiB,MAAM,KAAG,MAAM;mBASrC,MAAM,iBAAiB,OAAO,KAAG,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;eAqGP,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO;;;;;;;;;EAkCxF,CAAC"}
+{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../../src/config/env.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA+CH,eAAO,MAAM,GAAG;eA/BE,MAAM,iBAAiB,MAAM,KAAG,MAAM;kBAMnC,MAAM,iBAAiB,MAAM,KAAG,MAAM;mBASrC,MAAM,iBAAiB,OAAO,KAAG,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;eA4GP,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO;;;;;;;;;EAkCxF,CAAC"}

package/src/config/env.js

@@ -58,6 +58,7 @@ export const Env = Object.freeze({
     // Prefer PORT, fallback to APP_PORT for compatibility
     PORT: getInt('PORT', getInt('APP_PORT', 3000)),
     HOST: get('HOST', 'localhost'),
+    BASE_URL: get('BASE_URL', ''),
     APP_NAME: get('APP_NAME', 'ZinTrust'),
     APP_KEY: get('APP_KEY', ''),
     // Optional key rotation support (comma-separated or JSON array of keys)
@@ -71,6 +72,12 @@ export const Env = Object.freeze({
     DB_USERNAME: get('DB_USERNAME', 'postgres'),
     DB_PASSWORD: get('DB_PASSWORD', ''),
     DB_READ_HOSTS: get('DB_READ_HOSTS', ''),
+    // PostgreSQL-specific configuration (with _POSTGRESQL suffix to avoid conflicts with MySQL)
+    DB_PORT_POSTGRESQL: getInt('DB_PORT_POSTGRESQL', 5432),
+    DB_DATABASE_POSTGRESQL: get('DB_DATABASE_POSTGRESQL', 'postgres'),
+    DB_USERNAME_POSTGRESQL: get('DB_USERNAME_POSTGRESQL', 'postgres'),
+    DB_PASSWORD_POSTGRESQL: get('DB_PASSWORD_POSTGRESQL', ''),
+    DB_READ_HOSTS_POSTGRESQL: get('DB_READ_HOSTS_POSTGRESQL', ''),
     // Cloudflare
     D1_DATABASE_ID: get('D1_DATABASE_ID'),
     KV_NAMESPACE_ID: get('KV_NAMESPACE_ID'),

package/src/config/index.d.ts

@@ -130,7 +130,7 @@ export declare const config: Readonly<{
             readonly enabled: boolean;
             readonly secret: string;
             readonly algorithm: "HS256" | "HS512" | "RS256";
-            readonly expiresIn: string;
+            readonly expiresIn: number;
             readonly refreshExpiresIn: string;
             readonly issuer: string;
             readonly audience: string;

package/src/config/logging/KvLogger.js

@@ -125,7 +125,7 @@ const flushSoon = async () => {
 export const KvLogger = Object.freeze({
     async enqueue(event) {
         if (!isEnabled())
-            return Promise.resolve();
+            return;
         buffer.push(event);
         // Basic size guard: flush if it gets too large
         const maxBatch = 100;

package/src/config/logging/SlackLogger.js

@@ -104,10 +104,10 @@ const scheduleFlush = async () => {
 export const SlackLogger = Object.freeze({
     async enqueue(event) {
         if (!isEnabled())
-            return Promise.resolve();
+            return;
         const levels = getLevels();
         if (!levels.has(event.level))
-            return Promise.resolve();
+            return;
         const key = dedupeKeyFor(event);
         if (dedupeKeys.has(key))
             return scheduleFlush();

package/src/config/middleware.d.ts

@@ -1,4 +1,23 @@
-import { MiddlewareConfigType } from './type';
+import type { MiddlewareConfigType } from './type';
+export declare const MiddlewareKeys: Readonly<{
+    log: true;
+    error: true;
+    security: true;
+    rateLimit: true;
+    sanitizeBody: true;
+    fillRateLimit: true;
+    authRateLimit: true;
+    userMutationRateLimit: true;
+    csrf: true;
+    auth: true;
+    jwt: true;
+    validateLogin: true;
+    validateRegister: true;
+    validateUserStore: true;
+    validateUserUpdate: true;
+    validateUserFill: true;
+}>;
+export type MiddlewareKey = keyof typeof MiddlewareKeys;
 export declare function createMiddlewareConfig(): MiddlewareConfigType;
 export declare const middlewareConfig: MiddlewareConfigType;
 export default middlewareConfig;

package/src/config/middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/config/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AA0BpD,wBAAgB,sBAAsB,IAAI,oBAAoB,CAS7D;AA0BD,eAAO,MAAM,gBAAgB,EAAE,oBAY7B,CAAC;AAEH,eAAe,gBAAgB,CAAC"}
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/config/middleware.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AA8DzD,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;EAiBuB,CAAC;AAEnD,MAAM,MAAM,aAAa,GAAG,MAAM,OAAO,cAAc,CAAC;AA2KxD,wBAAgB,sBAAsB,IAAI,oBAAoB,CAkB7D;AA0BD,eAAO,MAAM,gBAAgB,EAAE,oBAY7B,CAAC;AAEH,eAAe,gBAAgB,CAAC"}