@zintrust/core 0.1.19 → 0.1.21

package/src/observability/OpenTelemetry.js

@@ -0,0 +1,167 @@
+/**
+ * Optional OpenTelemetry integration.
+ *
+ * Design goals:
+ * - No hard dependency on SDKs/exporters (apps bring their own).
+ * - Safe to import in runtimes without tracing configured (no-op behavior).
+ * - Best-effort: never breaks request handling.
+ *
+ * Tiny Node enablement snippet (exporter is app-owned):
+ *
+ *   npm i @opentelemetry/sdk-node @opentelemetry/auto-instrumentations-node \
+ *     @opentelemetry/exporter-trace-otlp-http
+ *
+ *   // in your app entrypoint (before creating the server)
+ *   import { NodeSDK } from '@opentelemetry/sdk-node';
+ *   import { getNodeAutoInstrumentations } from '@opentelemetry/auto-instrumentations-node';
+ *   import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http';
+ *
+ *   const sdk = new NodeSDK({
+ *     traceExporter: new OTLPTraceExporter({ url: process.env.OTEL_EXPORTER_OTLP_ENDPOINT }),
+ *     instrumentations: [getNodeAutoInstrumentations()],
+ *   });
+ *   await sdk.start();
+ *   process.env.OTEL_ENABLED = 'true';
+ */
+import { Env } from '../config/env.js';
+import { context, propagation, SpanKind, SpanStatusCode, trace, } from '@opentelemetry/api';
+const isEnabled = () => {
+    return Env.getBool('OTEL_ENABLED', false);
+};
+const extractContextFromHeaders = (req) => {
+    const active = context.active();
+    try {
+        return propagation.extract(active, req, {
+            get(carrier, key) {
+                const value = carrier.getHeader(key);
+                if (typeof value === 'string')
+                    return value;
+                if (Array.isArray(value))
+                    return value.join(',');
+                return undefined;
+            },
+            keys() {
+                return [];
+            },
+        });
+    }
+    catch {
+        return active;
+    }
+};
+const startHttpServerSpan = (req, input) => {
+    const parent = extractContextFromHeaders(req);
+    const tracer = trace.getTracer('zintrust');
+    const span = tracer.startSpan(`${input.method} unmatched`, {
+        kind: SpanKind.SERVER,
+        attributes: {
+            'http.method': input.method,
+            'http.target': input.path,
+            'http.user_agent': input.userAgent ?? '',
+            'service.name': input.serviceName ?? '',
+            'enduser.id': input.userId ?? '',
+            'zintrust.tenant_id': input.tenantId ?? '',
+            'zintrust.request_id': input.requestId ?? '',
+        },
+    }, parent);
+    const spanContext = trace.setSpan(parent, span);
+    return { span, context: spanContext };
+};
+const runWithContext = async (ctx, fn) => {
+    return context.with(ctx, fn);
+};
+const setHttpRoute = (span, method, route) => {
+    try {
+        span.setAttribute('http.route', route);
+        span.updateName(`${method} ${route}`);
+    }
+    catch {
+        // best-effort
+    }
+};
+const endHttpServerSpan = (span, input) => {
+    try {
+        if (input.route !== undefined && input.route.trim() !== '') {
+            span.setAttribute('http.route', input.route);
+        }
+        if (typeof input.status === 'number') {
+            span.setAttribute('http.status_code', input.status);
+            if (input.status >= 500) {
+                span.setStatus({ code: SpanStatusCode.ERROR });
+            }
+            else {
+                span.setStatus({ code: SpanStatusCode.OK });
+            }
+        }
+        if (input.error !== undefined) {
+            // Avoid throwing; represent as a string attribute.
+            span.setAttribute('zintrust.error', input.error instanceof Error ? input.error.message : String(input.error));
+            span.setStatus({ code: SpanStatusCode.ERROR });
+        }
+        span.end();
+    }
+    catch {
+        // best-effort
+    }
+};
+const injectTraceHeaders = (headers) => {
+    try {
+        propagation.inject(context.active(), headers);
+    }
+    catch {
+        // best-effort
+    }
+    return headers;
+};
+const mapDbSystem = (driver) => {
+    switch (driver) {
+        case 'postgresql':
+            return 'postgresql';
+        case 'mysql':
+            return 'mysql';
+        case 'sqlserver':
+            return 'mssql';
+        case 'd1':
+        case 'd1-remote':
+        case 'sqlite':
+        default:
+            return 'sqlite';
+    }
+};
+const recordDbQuerySpan = (input) => {
+    if (isEnabled() === false)
+        return;
+    try {
+        // Only create a DB span if we're already inside a request trace.
+        const parentSpan = trace.getSpan(context.active());
+        if (!parentSpan)
+            return;
+        const tracer = trace.getTracer('zintrust');
+        const now = Date.now();
+        const durationMs = Number.isFinite(input.durationMs) ? Math.max(0, input.durationMs) : 0;
+        const startTime = now - durationMs;
+        const span = tracer.startSpan('db.query', {
+            kind: SpanKind.CLIENT,
+            startTime,
+            attributes: {
+                'db.system': mapDbSystem(input.driver),
+                'db.operation': 'query',
+                'zintrust.db.driver': input.driver,
+            },
+        }, context.active());
+        span.end(now);
+    }
+    catch {
+        // best-effort
+    }
+};
+export const OpenTelemetry = Object.freeze({
+    isEnabled,
+    startHttpServerSpan,
+    runWithContext,
+    setHttpRoute,
+    endHttpServerSpan,
+    injectTraceHeaders,
+    recordDbQuerySpan,
+});
+export default OpenTelemetry;

package/src/observability/PrometheusMetrics.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Prometheus Metrics (prom-client)
+ *
+ * Lazy-initialized so importing this module is safe in non-Node runtimes.
+ */
+export type ObserveHttpRequestInput = {
+    method: string;
+    route: string;
+    status: number;
+    durationMs: number;
+};
+export type ObserveDbQueryInput = {
+    driver: string;
+    durationMs: number;
+};
+export declare const PrometheusMetrics: Readonly<{
+    getMetricsText(): Promise<{
+        contentType: string;
+        body: string;
+    }>;
+    observeHttpRequest(input: ObserveHttpRequestInput): Promise<void>;
+    observeDbQuery(input: ObserveDbQueryInput): Promise<void>;
+}>;
+export default PrometheusMetrics;
+//# sourceMappingURL=PrometheusMetrics.d.ts.map

package/src/observability/PrometheusMetrics.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PrometheusMetrics.d.ts","sourceRoot":"","sources":["../../../src/observability/PrometheusMetrics.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AA6GH,MAAM,MAAM,uBAAuB,GAAG;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,eAAO,MAAM,iBAAiB;sBACJ,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;8BAWtC,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC;0BAY3C,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC;EAS/D,CAAC;AAEH,eAAe,iBAAiB,CAAC"}

package/src/observability/PrometheusMetrics.js

@@ -0,0 +1,114 @@
+/**
+ * Prometheus Metrics (prom-client)
+ *
+ * Lazy-initialized so importing this module is safe in non-Node runtimes.
+ */
+import { Env } from '../config/env.js';
+let statePromise = null;
+const DEFAULT_CONTENT_TYPE = 'text/plain; version=0.0.4; charset=utf-8';
+const createNoopState = () => {
+    const noopCounter = { inc: () => undefined };
+    const noopHistogram = { observe: () => undefined };
+    const noopRegistry = {
+        contentType: DEFAULT_CONTENT_TYPE,
+        metrics: () => '',
+    };
+    return {
+        client: {},
+        registry: noopRegistry,
+        httpRequestsTotal: noopCounter,
+        httpRequestDurationSeconds: noopHistogram,
+        dbQueriesTotal: noopCounter,
+        dbQueryDurationSeconds: noopHistogram,
+    };
+};
+async function ensureState() {
+    if (statePromise !== null)
+        return statePromise;
+    statePromise = (async () => {
+        let client;
+        try {
+            client = await import('prom-client');
+        }
+        catch {
+            // prom-client is intentionally optional at runtime.
+            return createNoopState();
+        }
+        const registry = new client.Registry();
+        const appName = Env.get('APP_NAME', 'ZinTrust');
+        if (appName.trim() !== '') {
+            registry.setDefaultLabels({ app: appName });
+        }
+        // Default metrics (process/memory/event loop) for Node runtimes.
+        // `collectDefaultMetrics` exists in prom-client; keep this lazy and best-effort.
+        try {
+            client.collectDefaultMetrics({ register: registry });
+        }
+        catch {
+            // ignore
+        }
+        const httpRequestsTotal = new client.Counter({
+            name: 'http_requests_total',
+            help: 'Total number of HTTP requests',
+            labelNames: ['method', 'route', 'status'],
+            registers: [registry],
+        });
+        const httpRequestDurationSeconds = new client.Histogram({
+            name: 'http_request_duration_seconds',
+            help: 'HTTP request duration in seconds',
+            labelNames: ['method', 'route', 'status'],
+            // Sensible default buckets for web apps (in seconds)
+            buckets: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10],
+            registers: [registry],
+        });
+        const dbQueriesTotal = new client.Counter({
+            name: 'db_queries_total',
+            help: 'Total number of database queries',
+            labelNames: ['driver'],
+            registers: [registry],
+        });
+        const dbQueryDurationSeconds = new client.Histogram({
+            name: 'db_query_duration_seconds',
+            help: 'Database query duration in seconds',
+            labelNames: ['driver'],
+            buckets: [0.001, 0.0025, 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5],
+            registers: [registry],
+        });
+        return {
+            client,
+            registry,
+            httpRequestsTotal,
+            httpRequestDurationSeconds,
+            dbQueriesTotal,
+            dbQueryDurationSeconds,
+        };
+    })();
+    return statePromise;
+}
+export const PrometheusMetrics = Object.freeze({
+    async getMetricsText() {
+        const state = await ensureState();
+        const body = await state.registry.metrics();
+        const contentType = typeof state.registry.contentType === 'string'
+            ? state.registry.contentType
+            : DEFAULT_CONTENT_TYPE;
+        return { contentType, body };
+    },
+    async observeHttpRequest(input) {
+        const state = await ensureState();
+        const method = input.method || 'UNKNOWN';
+        const route = input.route || 'unknown';
+        const status = Number.isFinite(input.status) ? String(input.status) : '0';
+        const durationSeconds = Math.max(0, input.durationMs / 1000);
+        state.httpRequestsTotal.inc({ method, route, status }, 1);
+        state.httpRequestDurationSeconds.observe({ method, route, status }, durationSeconds);
+    },
+    async observeDbQuery(input) {
+        const state = await ensureState();
+        const driver = input.driver || 'unknown';
+        const durationSeconds = Math.max(0, input.durationMs / 1000);
+        state.dbQueriesTotal.inc({ driver }, 1);
+        state.dbQueryDurationSeconds.observe({ driver }, durationSeconds);
+    },
+});
+export default PrometheusMetrics;

package/src/openapi/OpenApiGenerator.d.ts

@@ -0,0 +1,68 @@
+import type { RouteRegistration } from '../routing/RouteRegistry';
+type OpenApiSchema = {
+    type?: string;
+    format?: string;
+    properties?: Record<string, OpenApiSchema>;
+    required?: string[];
+    items?: OpenApiSchema;
+    enum?: Array<string | number | boolean | null>;
+    minimum?: number;
+    maximum?: number;
+    minLength?: number;
+    maxLength?: number;
+    pattern?: string;
+    [key: string]: unknown;
+};
+type OpenApiParameter = {
+    name: string;
+    in: 'path' | 'query' | 'header';
+    required: boolean;
+    schema: OpenApiSchema;
+};
+type OpenApiOperation = {
+    summary?: string;
+    description?: string;
+    tags?: string[];
+    operationId?: string;
+    parameters?: OpenApiParameter[];
+    requestBody?: {
+        required?: boolean;
+        content: {
+            'application/json': {
+                schema: OpenApiSchema;
+            };
+        };
+    };
+    responses: Record<string, {
+        description: string;
+        content?: {
+            'application/json': {
+                schema: OpenApiSchema;
+            };
+        };
+    }>;
+};
+type OpenApiDocument = {
+    openapi: '3.0.3';
+    info: {
+        title: string;
+        version: string;
+        description?: string;
+    };
+    servers?: Array<{
+        url: string;
+    }>;
+    paths: Record<string, Record<string, OpenApiOperation>>;
+};
+export type OpenApiGeneratorOptions = {
+    title: string;
+    version: string;
+    description?: string;
+    serverUrl?: string;
+    excludePaths?: readonly string[];
+};
+export declare const OpenApiGenerator: Readonly<{
+    generate(routes: RouteRegistration[], options: OpenApiGeneratorOptions): OpenApiDocument;
+}>;
+export default OpenApiGenerator;
+//# sourceMappingURL=OpenApiGenerator.d.ts.map

package/src/openapi/OpenApiGenerator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenApiGenerator.d.ts","sourceRoot":"","sources":["../../../src/openapi/OpenApiGenerator.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAoB,MAAM,wBAAwB,CAAC;AAGlF,KAAK,aAAa,GAAG;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAC3C,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,IAAI,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,CAAC,CAAC;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;IAChC,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,aAAa,CAAC;CACvB,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAChC,WAAW,CAAC,EAAE;QACZ,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,OAAO,EAAE;YACP,kBAAkB,EAAE;gBAClB,MAAM,EAAE,aAAa,CAAC;aACvB,CAAC;SACH,CAAC;KACH,CAAC;IACF,SAAS,EAAE,MAAM,CACf,MAAM,EACN;QACE,WAAW,EAAE,MAAM,CAAC;QACpB,OAAO,CAAC,EAAE;YACR,kBAAkB,EAAE;gBAClB,MAAM,EAAE,aAAa,CAAC;aACvB,CAAC;SACH,CAAC;KACH,CACF,CAAC;CACH,CAAC;AAEF,KAAK,eAAe,GAAG;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,OAAO,CAAC,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACjC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;CACzD,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAClC,CAAC;AAkVF,eAAO,MAAM,gBAAgB;qBACV,iBAAiB,EAAE,WAAW,uBAAuB,GAAG,eAAe;EAyCxF,CAAC;AAEH,eAAe,gBAAgB,CAAC"}

package/src/openapi/OpenApiGenerator.js

@@ -0,0 +1,287 @@
+const resolveSchema = (schema) => 'getRules' in schema ? schema : schema.create();
+const normalizeOpenApiPath = (path) => {
+    const paramNames = [];
+    const openApiPath = path.replaceAll(/:([a-zA-Z_]\w*)/g, (_match, name) => {
+        paramNames.push(name);
+        return `{${name}}`;
+    });
+    return { openApiPath, paramNames };
+};
+const replaceBracesSafely = (s) => {
+    let out = '';
+    let i = 0;
+    while (i < s.length) {
+        const start = s.indexOf('{', i);
+        if (start === -1) {
+            out += s.slice(i);
+            break;
+        }
+        const close = s.indexOf('}', start + 1);
+        if (close === -1) {
+            // No closing brace, append rest and stop.
+            out += s.slice(i);
+            break;
+        }
+        // Append text before '{'
+        out += s.slice(i, start);
+        // Extract the name between braces without using regex to avoid backtracking issues.
+        const name = s.slice(start + 1, close);
+        out += `_${name}_`;
+        i = close + 1;
+    }
+    return out;
+};
+const trimUnderscores = (s) => {
+    let start = 0;
+    let end = s.length - 1;
+    while (start <= end && s.charAt(start) === '_')
+        start++;
+    while (end >= start && s.charAt(end) === '_')
+        end--;
+    return start > end ? '' : s.slice(start, end + 1);
+};
+const operationIdFrom = (method, path) => {
+    const intermediate = replaceBracesSafely(path).replaceAll(/\W+/g, '_');
+    const safe = trimUnderscores(intermediate);
+    return `${method.toLowerCase()}_${safe}`;
+};
+const summarizeRules = (rules) => {
+    const summary = {
+        required: false,
+        types: new Set(),
+        constraints: {},
+    };
+    const numericConstraintMap = {
+        min: 'minimum',
+        max: 'maximum',
+        minLength: 'minLength',
+        maxLength: 'maxLength',
+    };
+    for (const r of rules) {
+        summary.types.add(r.rule);
+        if (r.rule === 'required') {
+            summary.required = true;
+            continue;
+        }
+        const numericKey = numericConstraintMap[r.rule];
+        if (numericKey && typeof r.value === 'number') {
+            // numericKey is one of 'minimum'|'maximum'|'minLength'|'maxLength', so assigning a number is safe
+            summary.constraints[numericKey] = r.value;
+            continue;
+        }
+        if (r.rule === 'regex' && r.value instanceof RegExp) {
+            summary.constraints.pattern = r.value.source;
+            continue;
+        }
+        if (r.rule === 'in' && Array.isArray(r.value)) {
+            summary.enumValues = r.value;
+        }
+    }
+    return summary;
+};
+const openApiTypeFor = (types) => {
+    if (types.has('boolean'))
+        return { type: 'boolean' };
+    if (types.has('integer') || types.has('digits'))
+        return { type: 'integer' };
+    if (types.has('number') || types.has('decimal') || types.has('positiveNumber'))
+        return { type: 'number' };
+    if (types.has('array'))
+        return { type: 'array' };
+    if (types.has('uuid'))
+        return { type: 'string', format: 'uuid' };
+    if (types.has('email'))
+        return { type: 'string', format: 'email' };
+    if (types.has('url'))
+        return { type: 'string', format: 'uri' };
+    if (types.has('ipAddress'))
+        return { type: 'string', format: 'ipv4' };
+    if (types.has('date'))
+        return { type: 'string', format: 'date-time' };
+    if (types.size > 0)
+        return { type: 'string' };
+    return {};
+};
+const schemaToOpenApi = (schema) => {
+    const s = resolveSchema(schema);
+    const rules = s.getRules();
+    const properties = {};
+    const required = [];
+    for (const [field, fieldRules] of rules.entries()) {
+        const summary = summarizeRules(fieldRules);
+        const base = openApiTypeFor(summary.types);
+        const out = {
+            ...base,
+            ...summary.constraints,
+        };
+        if (summary.enumValues !== undefined) {
+            // Only include enum values that are JSON-serializable primitives.
+            const primitives = summary.enumValues.filter((v) => v === null || typeof v === 'string' || typeof v === 'number' || typeof v === 'boolean');
+            if (primitives.length > 0)
+                out.enum = primitives;
+        }
+        if (out.type === 'array') {
+            // We don't have element typing information in Validator today.
+            out.items = {};
+        }
+        properties[field] = out;
+        if (summary.required)
+            required.push(field);
+    }
+    const obj = {
+        type: 'object',
+        properties,
+    };
+    if (required.length > 0)
+        obj.required = required;
+    return obj;
+};
+const fieldSchemasFromSchema = (schema) => {
+    const s = resolveSchema(schema);
+    const rules = s.getRules();
+    const out = {};
+    for (const [field, fieldRules] of rules.entries()) {
+        const summary = summarizeRules(fieldRules);
+        const typeInfo = openApiTypeFor(summary.types);
+        const schemaOut = {
+            ...typeInfo,
+            ...summary.constraints,
+        };
+        if (summary.enumValues !== undefined) {
+            const primitives = summary.enumValues.filter((v) => v === null || typeof v === 'string' || typeof v === 'number' || typeof v === 'boolean');
+            if (primitives.length > 0)
+                schemaOut.enum = primitives;
+        }
+        if (schemaOut.type === 'array') {
+            schemaOut.items = {};
+        }
+        out[field] = schemaOut;
+    }
+    return out;
+};
+const parametersFromSchema = (schema, location) => {
+    const s = resolveSchema(schema);
+    const rules = s.getRules();
+    const params = [];
+    for (const [field, fieldRules] of rules.entries()) {
+        const summary = summarizeRules(fieldRules);
+        const typeInfo = openApiTypeFor(summary.types);
+        const schemaOut = {
+            ...typeInfo,
+            ...summary.constraints,
+        };
+        if (summary.enumValues !== undefined) {
+            const primitives = summary.enumValues.filter((v) => v === null || typeof v === 'string' || typeof v === 'number' || typeof v === 'boolean');
+            if (primitives.length > 0)
+                schemaOut.enum = primitives;
+        }
+        params.push({
+            name: field,
+            in: location,
+            required: summary.required,
+            schema: schemaOut,
+        });
+    }
+    return params;
+};
+const buildPathParameters = (paramNames, paramSchemas) => paramNames.map((name) => ({
+    name,
+    in: 'path',
+    required: true,
+    schema: paramSchemas?.[name] ?? { type: 'string' },
+}));
+const buildOperationParameters = (meta, paramNames, paramSchemas) => {
+    const parameters = [];
+    parameters.push(...buildPathParameters(paramNames, paramSchemas));
+    if (meta?.request?.querySchema !== undefined) {
+        parameters.push(...parametersFromSchema(meta.request.querySchema, 'query'));
+    }
+    if (meta?.request?.headersSchema !== undefined) {
+        parameters.push(...parametersFromSchema(meta.request.headersSchema, 'header'));
+    }
+    return parameters.length > 0 ? parameters : undefined;
+};
+const buildOperationResponses = (meta) => {
+    // Default response
+    if (meta?.response === undefined ||
+        (meta.response.schema === undefined && meta.response.status === undefined)) {
+        return {
+            '200': {
+                description: 'OK',
+            },
+        };
+    }
+    const status = String(meta.response.status ?? 200);
+    return {
+        [status]: {
+            description: status === '204' ? 'No Content' : 'OK',
+            ...(meta.response.schema === undefined
+                ? {}
+                : {
+                    content: {
+                        'application/json': {
+                            schema: meta.response.schema,
+                        },
+                    },
+                }),
+        },
+    };
+};
+const createOperation = (meta, method, openApiPath, paramNames, paramSchemas) => {
+    const responses = buildOperationResponses(meta);
+    const parameters = buildOperationParameters(meta, paramNames, paramSchemas);
+    const op = {
+        summary: meta?.summary,
+        description: meta?.description,
+        tags: meta?.tags ? Array.from(meta.tags) : undefined,
+        operationId: operationIdFrom(method, openApiPath),
+        responses,
+    };
+    if (parameters !== undefined)
+        op.parameters = parameters;
+    if (meta?.request?.bodySchema !== undefined) {
+        op.requestBody = {
+            required: true,
+            content: {
+                'application/json': {
+                    schema: schemaToOpenApi(meta.request.bodySchema),
+                },
+            },
+        };
+    }
+    return op;
+};
+export const OpenApiGenerator = Object.freeze({
+    generate(routes, options) {
+        const excluded = new Set(options.excludePaths ?? []);
+        const doc = {
+            openapi: '3.0.3',
+            info: {
+                title: options.title,
+                version: options.version,
+                description: options.description,
+            },
+            paths: {},
+        };
+        if (typeof options.serverUrl === 'string' && options.serverUrl.trim() !== '') {
+            doc.servers = [{ url: options.serverUrl.trim() }];
+        }
+        for (const r of routes) {
+            if (excluded.has(r.path))
+                continue;
+            const { openApiPath, paramNames } = normalizeOpenApiPath(r.path);
+            const method = r.method.toLowerCase();
+            if (!Object.prototype.hasOwnProperty.call(doc.paths, openApiPath)) {
+                doc.paths[openApiPath] = {};
+            }
+            const meta = r.meta;
+            const paramSchemas = meta?.request?.paramsSchema === undefined
+                ? undefined
+                : fieldSchemasFromSchema(meta.request.paramsSchema);
+            const op = createOperation(meta, method, openApiPath, paramNames, paramSchemas);
+            doc.paths[openApiPath][method] = op;
+        }
+        return doc;
+    },
+});
+export default OpenApiGenerator;