@zintrust/core 0.1.40 → 0.1.41

package/src/runtime/detectRuntime.js

@@ -0,0 +1,57 @@
+import { ZintrustLang } from '../lang/lang.js';
+export const isNodeRuntime = () => {
+    // Avoid importing any `node:*` modules so this file remains Worker-safe.
+    // In Workers/Deno, `process` is typically undefined.
+    return (typeof process !== ZintrustLang.UNDEFINED &&
+        typeof process === ZintrustLang.OBJECT &&
+        process !== null &&
+        typeof process.versions === ZintrustLang.OBJECT);
+};
+const getGlobalThis = () => {
+    if (typeof globalThis === ZintrustLang.UNDEFINED) {
+        return undefined;
+    }
+    return globalThis;
+};
+export const getRuntimeMode = () => {
+    // 1. Explicit override via env var (if available)
+    if (typeof process !== 'undefined' && process.env?.['RUNTIME_MODE'] !== undefined) {
+        return process.env['RUNTIME_MODE'];
+    }
+    // 2. Detect Cloudflare Workers
+    // @ts-ignore - navigator is available in workers
+    if (typeof navigator !== 'undefined' && navigator.userAgent === 'Cloudflare-Workers') {
+        return 'cloudflare-workers';
+    }
+    // 3. Detect Container (Docker/Kubernetes)
+    // Usually indicated by specific env vars or filesystem characteristics,
+    // but simpler to assume Node + invalidating CF check = Node/Container
+    if (isNodeRuntime()) {
+        // Check for Docker-specific env vars if possible, or default to containers/node-server
+        if (typeof process !== 'undefined' &&
+            (process.env?.['DOCKER'] !== undefined ||
+                process.env?.['KUBERNETES_SERVICE_HOST'] !== undefined)) {
+            return 'containers';
+        }
+        return 'node-server';
+    }
+    // Default fallback
+    return 'node-server';
+};
+export const detectRuntime = () => {
+    const globalRef = getGlobalThis();
+    const isNode = isNodeRuntime();
+    const isCloudflare = typeof globalRef !== ZintrustLang.UNDEFINED &&
+        globalRef !== null &&
+        ((globalRef.caches !== undefined &&
+            typeof globalRef.caches !== ZintrustLang.UNDEFINED) ||
+            typeof globalRef.WebSocketPair === 'function' ||
+            typeof globalRef.CF !== ZintrustLang.UNDEFINED);
+    const isDeno = typeof globalRef !== ZintrustLang.UNDEFINED &&
+        globalRef !== null &&
+        typeof globalRef.Deno !== ZintrustLang.UNDEFINED;
+    const isBun = typeof globalRef !== ZintrustLang.UNDEFINED &&
+        globalRef !== null &&
+        typeof globalRef.Bun !== ZintrustLang.UNDEFINED;
+    return { isCloudflare, isNode, isDeno, isBun };
+};

package/src/runtime/useFileLoader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"useFileLoader.d.ts","sourceRoot":"","sources":["../../../src/runtime/useFileLoader.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAUH,MAAM,MAAM,UAAU,GAAG,QAAQ,CAAC;IAChC,4DAA4D;IAC5D,UAAU,EAAE,MAAM,SAAS,MAAM,EAAE,CAAC;IACpC,wFAAwF;IACxF,IAAI,EAAE,MAAM,MAAM,CAAC;IACnB,4CAA4C;IAC5C,MAAM,EAAE,MAAM,OAAO,CAAC;IACtB;;;;OAIG;IACH,GAAG,EAAE,CAAC,CAAC,GAAG,OAAO,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC;CACpC,CAAC,CAAC;AAyIH,eAAO,MAAM,aAAa,GAAI,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,KAAG,UA+DzE,CAAC;AAEF,eAAe,aAAa,CAAC"}
+{"version":3,"file":"useFileLoader.d.ts","sourceRoot":"","sources":["../../../src/runtime/useFileLoader.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAUH,MAAM,MAAM,UAAU,GAAG,QAAQ,CAAC;IAChC,4DAA4D;IAC5D,UAAU,EAAE,MAAM,SAAS,MAAM,EAAE,CAAC;IACpC,wFAAwF;IACxF,IAAI,EAAE,MAAM,MAAM,CAAC;IACnB,4CAA4C;IAC5C,MAAM,EAAE,MAAM,OAAO,CAAC;IACtB;;;;OAIG;IACH,GAAG,EAAE,CAAC,CAAC,GAAG,OAAO,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC;CACpC,CAAC,CAAC;AA2IH,eAAO,MAAM,aAAa,GAAI,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,KAAG,UA8EzE,CAAC;AAEF,eAAe,aAAa,CAAC"}

package/src/runtime/useFileLoader.js

@@ -71,6 +71,8 @@ const normalizeProjectRelativePath = (raw) => {
 const resolveWithinProjectRoot = (projectRoot, relativePath) => {
     const rootAbs = resolve(projectRoot);
     const candidateAbs = resolve(projectRoot, relativePath);
+    if (rootAbs === sep)
+        return candidateAbs;
     if (candidateAbs === rootAbs)
         return candidateAbs;
     if (!candidateAbs.startsWith(rootAbs + sep)) {
@@ -127,6 +129,20 @@ const importModule = async (filePath) => {
     return (await import(url));
 };
 export const useFileLoader = (...args) => {
+    const isWorkersRuntime = () => {
+        const g = globalThis;
+        return g.CF !== undefined || g.caches !== undefined || g.WebSocketPair !== undefined;
+    };
+    if (isWorkersRuntime()) {
+        return Object.freeze({
+            candidates: () => [],
+            path: () => '',
+            exists: () => false,
+            get() {
+                throw ErrorFactory.createConfigError('File loading is not supported in Workers runtime');
+            },
+        });
+    }
     const relativePath = args.length === 1
         ? normalizeProjectRelativePath(args[0])
         : normalizeProjectRelativePath(args.join('/'));

package/src/scripts/TemplateImportsCheck.js

@@ -1,5 +1,5 @@
-import * as fs from 'node:fs';
-import * as path from 'node:path';
+import * as fs from '../node-singletons/fs.js';
+import * as path from '../node-singletons/path.js';
 import ts from 'typescript';
 const TEMPLATES_ROOT = path.resolve(process.cwd(), 'src/templates');
 const bannedPrefixes = [

package/src/scripts/TemplateSync.js

@@ -9,8 +9,7 @@ import { Logger } from '../config/logger.js';
 import { ErrorFactory } from '../exceptions/ZintrustError.js';
 import * as crypto from '../node-singletons/crypto.js';
 import fs from '../node-singletons/fs.js';
-import * as path from '../node-singletons/path.js';
-import * as nodePath from 'node:path';
+import path from '../node-singletons/path.js';
 const __dirname = esmDirname(import.meta.url);
 const ROOT_DIR = path.resolve(__dirname, '../../');
 /**
@@ -117,10 +116,10 @@ const rewriteStarterTemplateImports = (relPath, content) => {
         return content;
     }
     const rewriteConfigAlias = (aliasSuffix) => {
-        const currentDir = nodePath.posix.dirname(relPath);
+        const currentDir = path.posix.dirname(relPath);
         const from = currentDir === '.' ? '' : currentDir;
         const target = aliasSuffix;
-        const relative = nodePath.posix.relative(from, target);
+        const relative = path.posix.relative(from, target);
         return relative.startsWith('.') ? relative : `./${relative}`;
     };
     // Starter templates should import framework APIs from the public package surface,

package/src/security/CsrfTokenManager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"CsrfTokenManager.d.ts","sourceRoot":"","sources":["../../../src/security/CsrfTokenManager.ts"],"names":[],"mappings":"AACA;;;GAGG;AAQH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAErC,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAClE,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClD,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IAC/D,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACxD,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAC3B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACvB,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,OAAO,CAAC,EAAE,uBAAuB,GAAG,iBAAiB,CAAC;CAC9D;AAED,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,OAAO,CAAC;AAE/C,MAAM,MAAM,uBAAuB,GAAG;IACpC,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,KAAK,CAAC,EAAE,KAAK,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAwRF;;GAEG;AACH,eAAO,MAAM,gBAAgB,EAAE,oBAE7B,CAAC"}
+{"version":3,"file":"CsrfTokenManager.d.ts","sourceRoot":"","sources":["../../../src/security/CsrfTokenManager.ts"],"names":[],"mappings":"AACA;;;GAGG;AAQH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAErC,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAClE,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClD,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IAC/D,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACxD,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAC3B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACvB,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,OAAO,CAAC,EAAE,uBAAuB,GAAG,iBAAiB,CAAC;CAC9D;AAED,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,OAAO,CAAC;AAE/C,MAAM,MAAM,uBAAuB,GAAG;IACpC,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,KAAK,CAAC,EAAE,KAAK,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAkSF;;GAEG;AACH,eAAO,MAAM,gBAAgB,EAAE,oBAE7B,CAAC"}

package/src/security/CsrfTokenManager.js

@@ -20,7 +20,19 @@ const normalizeStoreName = (name) => {
         return 'redis';
     return 'memory';
 };
+const isWorkersRuntime = () => {
+    const globalAny = globalThis;
+    if (globalAny.CF !== undefined)
+        return true;
+    if (typeof globalAny.WebSocketPair === 'function')
+        return true;
+    if (globalAny.caches !== undefined)
+        return true;
+    return false;
+};
 const resolveStoreName = (options) => {
+    if (isWorkersRuntime())
+        return 'memory';
     return normalizeStoreName(options?.store ?? Env.CSRF_STORE ?? Env.CSRF_DRIVER ?? Env.get('CSRF_STORE', 'memory'));
 };
 const toTokenData = (stored) => {

package/src/security/Hash.d.ts

@@ -2,7 +2,7 @@
  * Hash
  * bcrypt-based password hashing utility.
  *
- * Runtime-aware: uses dynamic import for bcrypt.
+ * Uses bcryptjs to avoid native module issues in edge runtimes.
  */
 export declare const Hash: Readonly<{
     isValidHash(hash: string): boolean;

package/src/security/Hash.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Hash.d.ts","sourceRoot":"","sources":["../../../src/security/Hash.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA+CH,eAAO,MAAM,IAAI;sBACG,MAAM,GAAG,OAAO;oBAIZ,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;8BAUd,MAAM,UAAU,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;sBAgBhD,MAAM,UAAU,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;EAWjE,CAAC;AAEH,eAAe,IAAI,CAAC"}
+{"version":3,"file":"Hash.d.ts","sourceRoot":"","sources":["../../../src/security/Hash.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA+BH,eAAO,MAAM,IAAI;sBACG,MAAM,GAAG,OAAO;oBAIZ,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;8BAcd,MAAM,UAAU,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;sBAmBhD,MAAM,UAAU,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;EAWjE,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/src/security/Hash.js

@@ -2,66 +2,61 @@
  * Hash
  * bcrypt-based password hashing utility.
  *
- * Runtime-aware: uses dynamic import for bcrypt.
+ * Uses bcryptjs to avoid native module issues in edge runtimes.
  */
 import { Logger } from '../config/logger.js';
 import { ErrorFactory } from '../exceptions/ZintrustError.js';
-function isBcryptModule(value) {
-    if (typeof value !== 'object' || value === null)
-        return false;
-    const record = value;
-    return typeof record['hash'] === 'function' && typeof record['compare'] === 'function';
-}
-let bcrypt;
-let loadingPromise;
-async function loadBcrypt() {
-    const imported = await import('bcrypt');
-    const module = imported;
-    const candidate = module.default ?? module;
-    if (!isBcryptModule(candidate)) {
-        throw ErrorFactory.createConfigError('Invalid bcrypt module shape');
+const BCRYPT_HASH_RE = /^\$2[aby]\$\d{2}\$[./A-Za-z0-9]{53}$/;
+let bcryptModule = null;
+const loadBcrypt = async () => {
+    if (bcryptModule !== null)
+        return bcryptModule;
+    try {
+        const mod = (await import('bcryptjs'));
+        const resolved = (mod.default ?? mod);
+        if (typeof resolved?.hash !== 'function' || typeof resolved?.compare !== 'function') {
+            throw ErrorFactory.createConfigError('Invalid bcryptjs module shape');
+        }
+        bcryptModule = resolved;
+        return resolved;
     }
-    bcrypt = candidate;
-}
-async function ensureBcrypt() {
-    if (bcrypt !== undefined)
-        return bcrypt;
-    loadingPromise ??= loadBcrypt().catch((error) => {
-        Logger.error('bcrypt unavailable', error);
-        throw ErrorFactory.createConfigError('bcrypt unavailable', error);
-    });
-    await loadingPromise;
-    if (bcrypt === undefined) {
-        throw ErrorFactory.createConfigError('bcrypt unavailable');
+    catch (error) {
+        throw ErrorFactory.createConfigError('bcryptjs module unavailable', error);
     }
-    return bcrypt;
-}
-const BCRYPT_HASH_RE = /^\$2[aby]\$\d{2}\$[./A-Za-z0-9]{53}$/;
+};
 export const Hash = Object.freeze({
     isValidHash(hash) {
         return BCRYPT_HASH_RE.test(hash);
     },
     async hash(plaintext) {
-        const bcryptModule = await ensureBcrypt();
         try {
-            return await bcryptModule.hash(plaintext, 12);
+            const bcrypt = await loadBcrypt();
+            return await bcrypt.hash(plaintext, 12);
         }
         catch (error) {
             Logger.error('Password hashing failed', error);
+            const err = error;
+            if (err?.name === 'ConfigError' || err?.code === 'CONFIG_ERROR') {
+                throw ErrorFactory.createConfigError('Password hashing failed', error);
+            }
             throw ErrorFactory.createSecurityError('Password hashing failed', error);
         }
     },
     async hashWithRounds(plaintext, rounds) {
-        const bcryptModule = await ensureBcrypt();
         const normalizedRounds = Number.isFinite(rounds) ? Math.trunc(rounds) : 0;
         if (normalizedRounds <= 0) {
             throw ErrorFactory.createConfigError('Invalid bcrypt rounds', { rounds });
         }
         try {
-            return await bcryptModule.hash(plaintext, normalizedRounds);
+            const bcrypt = await loadBcrypt();
+            return await bcrypt.hash(plaintext, normalizedRounds);
         }
         catch (error) {
             Logger.error('Password hashing failed', error);
+            const err = error;
+            if (err?.name === 'ConfigError' || err?.code === 'CONFIG_ERROR') {
+                throw ErrorFactory.createConfigError('Password hashing failed', error);
+            }
             throw ErrorFactory.createSecurityError('Password hashing failed', error);
         }
     },
@@ -69,8 +64,8 @@ export const Hash = Object.freeze({
         if (!Hash.isValidHash(hashed))
             return false;
         try {
-            const bcryptModule = await ensureBcrypt();
-            return await bcryptModule.compare(plaintext, hashed);
+            const bcrypt = await loadBcrypt();
+            return await bcrypt.compare(plaintext, hashed);
         }
         catch (error) {
             Logger.error('Password verify failed', error);

package/src/seeders/SeederLoader.js

@@ -1,6 +1,6 @@
 import { ErrorFactory } from '../exceptions/ZintrustError.js';
 import * as path from '../node-singletons/path.js';
-import { pathToFileURL } from 'node:url';
+import { pathToFileURL } from '../node-singletons/url.js';
 function isFunction(value) {
     return typeof value === 'function';
 }

package/src/session/SessionManager.d.ts

@@ -26,11 +26,14 @@ export interface ISessionManager {
     get(sessionId: string): ISession;
     destroy(sessionId: string): void;
     cleanup(): number;
+    dispose(): void;
 }
 export interface SessionManagerOptions {
     cookieName?: string;
     headerName?: string;
     ttlMs?: number;
+    maxSessions?: number;
+    cleanupIntervalMs?: number;
 }
 export declare const SessionManager: Readonly<{
     create(options?: SessionManagerOptions): ISessionManager;

package/src/session/SessionManager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SessionManager.d.ts","sourceRoot":"","sources":["../../../src/session/SessionManager.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAElD,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,CAAC,GAAG,SAAS,CAAC;IAC7C,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;IACvC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAC1B,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,GAAG,IAAI,WAAW,CAAC;IACnB,KAAK,IAAI,IAAI,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,qBAAqB,CAAC,YAAY,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;IAC5E,gBAAgB,CAAC,GAAG,EAAE;QACpB,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;QACrC,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACnC,GAAG,MAAM,GAAG,SAAS,CAAC;IACvB,eAAe,CACb,GAAG,EAAE;QACH,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;QACrC,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KAClC,EACD,GAAG,EAAE;QACH,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;QACrC,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,KAAK,OAAO,CAAC;KAChE,GACA,OAAO,CAAC,MAAM,CAAC,CAAC;IACnB,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,QAAQ,CAAC;IACjC,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,OAAO,IAAI,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,qBAAqB;IACpC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAyHD,eAAO,MAAM,cAAc;qBACT,qBAAqB,GAAQ,eAAe;EA2E5D,CAAC;AAEH,eAAe,cAAc,CAAC"}
+{"version":3,"file":"SessionManager.d.ts","sourceRoot":"","sources":["../../../src/session/SessionManager.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAElD,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,CAAC,GAAG,SAAS,CAAC;IAC7C,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;IACvC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAC1B,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,GAAG,IAAI,WAAW,CAAC;IACnB,KAAK,IAAI,IAAI,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,qBAAqB,CAAC,YAAY,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;IAC5E,gBAAgB,CAAC,GAAG,EAAE;QACpB,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;QACrC,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACnC,GAAG,MAAM,GAAG,SAAS,CAAC;IACvB,eAAe,CACb,GAAG,EAAE;QACH,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;QACrC,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KAClC,EACD,GAAG,EAAE;QACH,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;QACrC,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,KAAK,OAAO,CAAC;KAChE,GACA,OAAO,CAAC,MAAM,CAAC,CAAC;IACnB,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,QAAQ,CAAC;IACjC,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,OAAO,IAAI,MAAM,CAAC;IAClB,OAAO,IAAI,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,qBAAqB;IACpC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAwKD,eAAO,MAAM,cAAc;qBACT,qBAAqB,GAAQ,eAAe;EAkF5D,CAAC;AAEH,eAAe,cAAc,CAAC"}

package/src/session/SessionManager.js

@@ -3,7 +3,39 @@ const DEFAULT_OPTIONS = {
     cookieName: 'ZIN_SESSION_ID',
     headerName: 'x-session-id',
     ttlMs: 7 * 24 * 60 * 60 * 1000,
+    maxSessions: 10000,
+    cleanupIntervalMs: 60000,
 };
+function isUnrefableTimer(value) {
+    return (typeof value === 'object' &&
+        value !== null &&
+        'unref' in value &&
+        typeof value.unref === 'function');
+}
+function cleanupExpiredSessions(sessions) {
+    const now = Date.now();
+    let removed = 0;
+    for (const [id, stored] of sessions.entries()) {
+        if (stored.expiresAt <= now) {
+            sessions.delete(id);
+            removed++;
+        }
+    }
+    return removed;
+}
+function enforceSessionCapacity(sessions, maxSessions, preserveId) {
+    if (sessions.size < maxSessions)
+        return;
+    cleanupExpiredSessions(sessions);
+    if (sessions.size < maxSessions)
+        return;
+    for (const id of sessions.keys()) {
+        if (id === preserveId)
+            continue;
+        sessions.delete(id);
+        break;
+    }
+}
 function parseCookies(cookieHeader) {
     const list = {};
     if (cookieHeader.length === 0)
@@ -39,7 +71,7 @@ function buildSessionCookie(cookieName, sessionId) {
     // HttpOnly prevents JS access; SameSite=Lax is a reasonable default for app sessions.
     return `${cookieName}=${encodeURIComponent(sessionId)}; Path=/; HttpOnly; SameSite=Lax`;
 }
-function createSessionApi(sessions, sessionId, ttlMs) {
+function createSessionApi(sessions, sessionId, ttlMs, maxSessions) {
     const withoutKey = (data, key) => {
         if (!Object.prototype.hasOwnProperty.call(data, key))
             return data;
@@ -53,6 +85,7 @@ function createSessionApi(sessions, sessionId, ttlMs) {
         if (existing !== undefined && existing.expiresAt > now) {
             return existing;
         }
+        enforceSessionCapacity(sessions, maxSessions, sessionId);
         const created = { data: {}, expiresAt: now + ttlMs };
         sessions.set(sessionId, created);
         return created;
@@ -89,6 +122,14 @@ export const SessionManager = Object.freeze({
     create(options = {}) {
         const config = { ...DEFAULT_OPTIONS, ...options };
         const sessions = new Map();
+        const cleanupInterval = config.cleanupIntervalMs > 0
+            ? globalThis.setInterval(() => {
+                cleanupExpiredSessions(sessions);
+            }, config.cleanupIntervalMs)
+            : undefined;
+        if (cleanupInterval && isUnrefableTimer(cleanupInterval)) {
+            cleanupInterval.unref();
+        }
         return {
             getIdFromCookieHeader(cookieHeader) {
                 if (cookieHeader === undefined || cookieHeader.length === 0)
@@ -127,21 +168,19 @@ export const SessionManager = Object.freeze({
                 return sessionId;
             },
             get(sessionId) {
-                return createSessionApi(sessions, sessionId, config.ttlMs);
+                return createSessionApi(sessions, sessionId, config.ttlMs, config.maxSessions);
             },
             destroy(sessionId) {
                 sessions.delete(sessionId);
             },
             cleanup() {
-                const now = Date.now();
-                let removed = 0;
-                for (const [id, stored] of sessions.entries()) {
-                    if (stored.expiresAt <= now) {
-                        sessions.delete(id);
-                        removed++;
-                    }
+                return cleanupExpiredSessions(sessions);
+            },
+            dispose() {
+                if (cleanupInterval !== undefined) {
+                    clearInterval(cleanupInterval);
                 }
-                return removed;
+                sessions.clear();
             },
         };
     },

package/src/sockets/CloudflareSocket.d.ts

@@ -0,0 +1,24 @@
+import { EventEmitter } from '../node-singletons/index.js';
+export type CloudflareSocketOptions = {
+    tls?: boolean;
+    timeoutMs?: number;
+};
+export type CloudflareSocketInstance = EventEmitter & {
+    write: (data: Buffer | Uint8Array) => boolean;
+    end: () => void;
+    destroy: () => void;
+    connect: (..._args: unknown[]) => CloudflareSocketInstance;
+    startTls: () => Promise<void>;
+    pause: () => void;
+    resume: () => void;
+    setTimeout: (timeoutMs: number, callback?: () => void) => void;
+    setNoDelay: (_noDelay?: boolean) => void;
+    setKeepAlive: (_enable?: boolean, _initialDelay?: number) => void;
+    ref: () => void;
+    unref: () => void;
+};
+export type CloudflareSocketFactory = {
+    create: (hostname: string, port: number, options?: CloudflareSocketOptions) => CloudflareSocketInstance;
+};
+export declare const CloudflareSocket: CloudflareSocketFactory;
+//# sourceMappingURL=CloudflareSocket.d.ts.map

package/src/sockets/CloudflareSocket.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CloudflareSocket.d.ts","sourceRoot":"","sources":["../../../src/sockets/CloudflareSocket.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAehD,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG,YAAY,GAAG;IACpD,KAAK,EAAE,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,KAAK,OAAO,CAAC;IAC9C,GAAG,EAAE,MAAM,IAAI,CAAC;IAChB,OAAO,EAAE,MAAM,IAAI,CAAC;IACpB,OAAO,EAAE,CAAC,GAAG,KAAK,EAAE,OAAO,EAAE,KAAK,wBAAwB,CAAC;IAC3D,QAAQ,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9B,KAAK,EAAE,MAAM,IAAI,CAAC;IAClB,MAAM,EAAE,MAAM,IAAI,CAAC;IACnB,UAAU,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,IAAI,KAAK,IAAI,CAAC;IAC/D,UAAU,EAAE,CAAC,QAAQ,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IACzC,YAAY,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,aAAa,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IAClE,GAAG,EAAE,MAAM,IAAI,CAAC;IAChB,KAAK,EAAE,MAAM,IAAI,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,MAAM,EAAE,CACN,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,uBAAuB,KAC9B,wBAAwB,CAAC;CAC/B,CAAC;AAoSF,eAAO,MAAM,gBAAgB,EAAE,uBAE7B,CAAC"}