@zintrust/core 0.1.5 → 0.1.6

package/bin/z.d.ts

@@ -1,7 +1,7 @@
-#!/usr/bin/env -S npx tsx
+#!/usr/bin/env -S node --import tsx
 /**
  * Zintrust CLI Shortcut - 'z'
  * Mirrors bin/zintrust.ts for convenience
  */
-import './zintrust';
+export {};
 //# sourceMappingURL=z.d.ts.map

package/bin/z.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"z.d.ts","sourceRoot":"","sources":["../../bin/z.ts"],"names":[],"mappings":";AAEA;;;GAGG;AAEH,OAAO,YAAY,CAAC"}
+{"version":3,"file":"z.d.ts","sourceRoot":"","sources":["../../bin/z.ts"],"names":[],"mappings":";AAEA;;;GAGG"}

package/bin/z.js

@@ -1,6 +1,7 @@
-#!/usr/bin/env -S npx tsx
+#!/usr/bin/env node
 /**
  * Zintrust CLI Shortcut - 'z'
  * Mirrors bin/zintrust.ts for convenience
  */
-import './zintrust';
+import { run } from './zintrust-main.js';
+await run();

package/bin/zin.d.ts

@@ -1,7 +1,7 @@
-#!/usr/bin/env -S npx tsx
+#!/usr/bin/env -S node --import tsx
 /**
  * Zintrust CLI Shortcut - 'zin'
  * Mirrors bin/zintrust.ts for convenience
  */
-import './zintrust';
+export {};
 //# sourceMappingURL=zin.d.ts.map

package/bin/zin.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"zin.d.ts","sourceRoot":"","sources":["../../bin/zin.ts"],"names":[],"mappings":";AAEA;;;GAGG;AAEH,OAAO,YAAY,CAAC"}
+{"version":3,"file":"zin.d.ts","sourceRoot":"","sources":["../../bin/zin.ts"],"names":[],"mappings":";AAEA;;;GAGG"}

package/bin/zin.js

@@ -1,6 +1,7 @@
-#!/usr/bin/env -S npx tsx
+#!/usr/bin/env node
 /**
  * Zintrust CLI Shortcut - 'zin'
  * Mirrors bin/zintrust.ts for convenience
  */
-import './zintrust';
+import { run } from './zintrust-main.js';
+await run();

package/bin/zintrust-main.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Zintrust CLI - Main Entry Point (hashbang-free)
+ *
+ * This module contains the CLI implementation without a hashbang so that it can
+ * be imported by other bin shortcuts (zin/z/zt) without parse errors.
+ */
+export declare function run(): Promise<void>;
+export {};
+//# sourceMappingURL=zintrust-main.d.ts.map

package/bin/zintrust-main.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"zintrust-main.d.ts","sourceRoot":"","sources":["../../bin/zintrust-main.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAgFH,wBAAsB,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAiCzC;AAED,OAAO,EAAE,CAAC"}

package/bin/zintrust-main.js

@@ -0,0 +1,101 @@
+/**
+ * Zintrust CLI - Main Entry Point (hashbang-free)
+ *
+ * This module contains the CLI implementation without a hashbang so that it can
+ * be imported by other bin shortcuts (zin/z/zt) without parse errors.
+ */
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+const loadPackageVersionFast = () => {
+    try {
+        const here = path.dirname(fileURLToPath(import.meta.url));
+        const packagePath = path.join(here, '../package.json');
+        const packageJson = JSON.parse(fs.readFileSync(packagePath, 'utf8'));
+        return typeof packageJson.version === 'string' ? packageJson.version : '0.0.0';
+    }
+    catch {
+        return '0.0.0';
+    }
+};
+const stripLeadingScriptArg = (rawArgs) => {
+    if (rawArgs.length === 0)
+        return rawArgs;
+    const first = rawArgs[0];
+    const looksLikeScript = typeof first === 'string' && (first.endsWith('.ts') || first.endsWith('.js'));
+    return looksLikeScript ? rawArgs.slice(1) : rawArgs;
+};
+const getArgsFromProcess = () => {
+    const rawArgs = process.argv.slice(2);
+    return { rawArgs, args: stripLeadingScriptArg(rawArgs) };
+};
+const isVersionRequest = (args) => {
+    return args.includes('-v') || args.includes('--version');
+};
+const printFancyVersion = (version) => {
+    const framework = 'Zintrust Framework';
+    const bannerWidth = 46;
+    const env = (process.env['NODE_ENV'] ?? 'development').toString();
+    const db = (process.env['DB_CONNECTION'] ?? 'sqlite').toString();
+    // Keep this dependency-free and fast; version flags should return instantly.
+    // (No logger, no config boot, no CLI registration.)
+    console.log('┌' + '─'.repeat(bannerWidth) + '┐');
+    console.log(`│ Framework: ${framework.padEnd(bannerWidth - 11)}│`);
+    console.log(`│ Version:   ${version.padEnd(bannerWidth - 11)}│`);
+    console.log(`│ Env:       ${env.padEnd(bannerWidth - 11)}│`);
+    console.log(`│ Database:  ${db.padEnd(bannerWidth - 11)}│`);
+    console.log('└' + '─'.repeat(bannerWidth) + '┘');
+    console.log();
+};
+const shouldDebugArgs = (rawArgs) => {
+    return process.env['ZINTRUST_CLI_DEBUG_ARGS'] === '1' && rawArgs.includes('--verbose');
+};
+const handleCliFatal = async (error, context) => {
+    try {
+        const { Logger } = await import('../src/config/logger.js');
+        Logger.error(context, error);
+    }
+    catch {
+        // best-effort logging
+    }
+    try {
+        const { ErrorHandler } = await import('../src/cli/ErrorHandler.js');
+        ErrorHandler.handle(error);
+    }
+    catch {
+        // best-effort error handling
+    }
+    process.exit(1);
+};
+export async function run() {
+    try {
+        // Fast path: print version and exit without bootstrapping the CLI.
+        // This keeps `zin -v` / `zin --version` snappy and avoids any debug output.
+        const { rawArgs: _rawArgs0, args: args0 } = getArgsFromProcess();
+        if (isVersionRequest(args0)) {
+            printFancyVersion(loadPackageVersionFast());
+            return;
+        }
+        const { EnvFileLoader } = await import('../src/cli/utils/EnvFileLoader.js');
+        EnvFileLoader.ensureLoaded();
+        const { CLI } = await import('../src/cli/CLI.js');
+        const cli = CLI.create();
+        // When executing via tsx (e.g. `npx tsx bin/zin.ts ...`), the script path can
+        // appear as the first element of `process.argv.slice(2)`. Commander expects
+        // args to start at the command name, so we strip a leading script path if present.
+        const { rawArgs, args } = getArgsFromProcess();
+        if (shouldDebugArgs(rawArgs)) {
+            try {
+                process.stderr.write(`[zintrust-cli] process.argv=${JSON.stringify(process.argv)}\n`);
+                process.stderr.write(`[zintrust-cli] rawArgs=${JSON.stringify(rawArgs)}\n`);
+            }
+            catch {
+                // ignore
+            }
+        }
+        await cli.run(args);
+    }
+    catch (error) {
+        await handleCliFatal(error, 'CLI execution failed');
+    }
+}

package/bin/zintrust-microservices.js

@@ -3,13 +3,13 @@
  * Zintrust Microservices CLI
  * Commands for generating, bundling, and managing microservices
  */
-import { Logger } from '../src/config/logger';
-import { MicroserviceGenerator } from '../src/microservices/MicroserviceGenerator';
-import { MicroserviceManager } from '../src/microservices/MicroserviceManager';
-import { ServiceBundler } from '../src/microservices/ServiceBundler';
-import { readFileSync } from '../src/node-singletons/fs';
-import { dirname, join } from '../src/node-singletons/path';
-import { fileURLToPath } from '../src/node-singletons/url';
+import { Logger } from '../src/config/logger.js';
+import { MicroserviceGenerator } from '../src/microservices/MicroserviceGenerator.js';
+import { MicroserviceManager } from '../src/microservices/MicroserviceManager.js';
+import { ServiceBundler } from '../src/microservices/ServiceBundler.js';
+import { readFileSync } from '../src/node-singletons/fs.js';
+import { dirname, join } from '../src/node-singletons/path.js';
+import { fileURLToPath } from '../src/node-singletons/url.js';
 import { program } from 'commander';
 const getStringOption = (options, key, fallback) => {
     const value = options[key];

package/bin/zintrust.d.ts

@@ -1,9 +1,10 @@
-#!/usr/bin/env -S npx tsx
+#!/usr/bin/env -S node --import tsx
 /**
  * Zintrust CLI - Main Entry Point
- * Command-line interface for Zintrust framework
- * Usage: zintrust [command] [options]
- * Shortcuts: zin, z
+ *
+ * This bin script is a thin wrapper around the hashbang-free implementation in
+ * bin/zintrust-main.ts. Keeping the implementation hashbang-free allows other
+ * shortcuts (zin/z/zt) to import it without parse issues.
  */
 export {};
 //# sourceMappingURL=zintrust.d.ts.map

package/bin/zintrust.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"zintrust.d.ts","sourceRoot":"","sources":["../../bin/zintrust.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AA8FH,OAAO,EAAE,CAAC"}
+{"version":3,"file":"zintrust.d.ts","sourceRoot":"","sources":["../../bin/zintrust.ts"],"names":[],"mappings":";AAEA;;;;;;GAMG;AAKH,OAAO,EAAE,CAAC"}

package/bin/zintrust.js

@@ -1,90 +1,10 @@
-#!/usr/bin/env -S npx tsx
+#!/usr/bin/env node
 /**
  * Zintrust CLI - Main Entry Point
- * Command-line interface for Zintrust framework
- * Usage: zintrust [command] [options]
- * Shortcuts: zin, z
+ *
+ * This bin script is a thin wrapper around the hashbang-free implementation in
+ * bin/zintrust-main.ts. Keeping the implementation hashbang-free allows other
+ * shortcuts (zin/z/zt) to import it without parse issues.
  */
-import fs from 'node:fs';
-import path from 'node:path';
-import { fileURLToPath } from 'node:url';
-const loadPackageVersionFast = () => {
-    try {
-        const here = path.dirname(fileURLToPath(import.meta.url));
-        const packagePath = path.join(here, '../package.json');
-        const packageJson = JSON.parse(fs.readFileSync(packagePath, 'utf8'));
-        return typeof packageJson.version === 'string' ? packageJson.version : '0.0.0';
-    }
-    catch {
-        return '0.0.0';
-    }
-};
-const stripLeadingScriptArg = (rawArgs) => {
-    if (rawArgs.length === 0)
-        return rawArgs;
-    const first = rawArgs[0];
-    const looksLikeScript = typeof first === 'string' && (first.endsWith('.ts') || first.endsWith('.js'));
-    return looksLikeScript ? rawArgs.slice(1) : rawArgs;
-};
-const getArgsFromProcess = () => {
-    const rawArgs = process.argv.slice(2);
-    return { rawArgs, args: stripLeadingScriptArg(rawArgs) };
-};
-const isVersionRequest = (args) => {
-    return args.includes('-v') || args.includes('--version');
-};
-const shouldDebugArgs = (rawArgs) => {
-    return process.env['ZINTRUST_CLI_DEBUG_ARGS'] === '1' && rawArgs.includes('--verbose');
-};
-const handleCliFatal = async (error, context) => {
-    try {
-        const { Logger } = await import('../src/config/logger');
-        Logger.error(context, error);
-    }
-    catch {
-        // best-effort logging
-    }
-    try {
-        const { ErrorHandler } = await import('../src/cli/ErrorHandler');
-        ErrorHandler.handle(error);
-    }
-    catch {
-        // best-effort error handling
-    }
-    process.exit(1);
-};
-async function main() {
-    try {
-        // Fast path: print version and exit without bootstrapping the CLI.
-        // This keeps `zin -v` / `zin --version` snappy and avoids any debug output.
-        const { rawArgs: _rawArgs0, args: args0 } = getArgsFromProcess();
-        if (isVersionRequest(args0)) {
-            process.stdout.write(`${loadPackageVersionFast()}\n`);
-            return;
-        }
-        const { EnvFileLoader } = await import('../src/cli/utils/EnvFileLoader');
-        EnvFileLoader.ensureLoaded();
-        const { CLI } = await import('../src/cli/CLI');
-        const cli = CLI.create();
-        // When executing via tsx (e.g. `npx tsx bin/zin.ts ...`), the script path can
-        // appear as the first element of `process.argv.slice(2)`. Commander expects
-        // args to start at the command name, so we strip a leading script path if present.
-        const { rawArgs, args } = getArgsFromProcess();
-        if (shouldDebugArgs(rawArgs)) {
-            try {
-                process.stderr.write(`[zintrust-cli] process.argv=${JSON.stringify(process.argv)}\n`);
-                process.stderr.write(`[zintrust-cli] rawArgs=${JSON.stringify(rawArgs)}\n`);
-            }
-            catch {
-                // ignore
-            }
-        }
-        await cli.run(args);
-    }
-    catch (error) {
-        await handleCliFatal(error, 'CLI execution failed');
-    }
-}
-await main().catch(async (error) => {
-    await handleCliFatal(error, 'CLI fatal error');
-});
+import { run } from './zintrust-main.js';
+await run();

package/bin/zt.d.ts

@@ -1,7 +1,7 @@
-#!/usr/bin/env -S npx tsx
+#!/usr/bin/env -S node --import tsx
 /**
  * Zintrust CLI Shortcut - 'z'
  * Mirrors bin/zintrust.ts for convenience
  */
-import './zintrust';
+export {};
 //# sourceMappingURL=zt.d.ts.map

package/bin/zt.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"zt.d.ts","sourceRoot":"","sources":["../../bin/zt.ts"],"names":[],"mappings":";AAEA;;;GAGG;AAEH,OAAO,YAAY,CAAC"}
+{"version":3,"file":"zt.d.ts","sourceRoot":"","sources":["../../bin/zt.ts"],"names":[],"mappings":";AAEA;;;GAGG"}

package/bin/zt.js

@@ -1,6 +1,7 @@
-#!/usr/bin/env -S npx tsx
+#!/usr/bin/env node
 /**
  * Zintrust CLI Shortcut - 'z'
  * Mirrors bin/zintrust.ts for convenience
  */
-import './zintrust';
+import { run } from './zintrust-main.js';
+await run();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zintrust/core",
-  "version": "0.1.5",
+  "version": "0.1.6",
   "description": "Production-grade TypeScript backend framework for JavaScript",
   "homepage": "https://zintrust.com",
   "repository": {
@@ -13,14 +13,24 @@
   "type": "module",
   "main": "src/index.js",
   "types": "src/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./src/index.d.ts",
+      "import": "./src/index.js"
+    },
+    "./node": {
+      "types": "./src/node.d.ts",
+      "import": "./src/node.js"
+    },
+    "./package.json": "./package.json"
+  },
   "dependencies": {
     "bcrypt": "^6.0.0",
     "better-sqlite3": "^12.5.0",
     "chalk": "^5.6.2",
     "commander": "^14.0.2",
     "inquirer": "^13.1.0",
-    "jsonwebtoken": "^9.0.3",
-    "tsx": "^4.21.0"
+    "jsonwebtoken": "^9.0.3"
   },
   "overrides": {
     "node-forge": "1.3.3",

package/public/index.html

@@ -3,6 +3,10 @@
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="script-src-elem 'self' 'unsafe-inline' https://cdn.tailwindcss.com; script-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com;"
+    />
     <title>ZinTrust Documentation</title>
     <link rel="icon" type="image/svg+xml" href="https://zintrust.com/zintrust.svg" />
     <script src="https://cdn.tailwindcss.com"></script>

package/src/boot/Application.js

@@ -2,16 +2,16 @@
  * Application - Framework core entry point
  * Handles application lifecycle, booting, and environment
  */
-import { appConfig } from '../config';
-import { ServiceContainer } from '../container/ServiceContainer';
-import { StartupHealthChecks } from '../health/StartupHealthChecks';
-import { MiddlewareStack } from '../middleware/MiddlewareStack';
-import { Router } from '../routing/Router';
-import { FeatureFlags } from '../config/features';
-import { Logger } from '../config/logger';
-import { StartupConfigValidator } from '../config/StartupConfigValidator';
-import * as path from '../node-singletons/path';
-import { pathToFileURL } from '../node-singletons/url';
+import { appConfig } from '../config/index.js';
+import { ServiceContainer } from '../container/ServiceContainer.js';
+import { StartupHealthChecks } from '../health/StartupHealthChecks.js';
+import { MiddlewareStack } from '../middleware/MiddlewareStack.js';
+import { Router } from '../routing/Router.js';
+import { FeatureFlags } from '../config/features.js';
+import { Logger } from '../config/logger.js';
+import { StartupConfigValidator } from '../config/StartupConfigValidator.js';
+import * as path from '../node-singletons/path.js';
+import { pathToFileURL } from '../node-singletons/url.js';
 const ShutdownManager = Object.freeze({
     create() {
         const hooks = [];
@@ -85,7 +85,7 @@ const registerRoutes = async (resolvedBasePath, router) => {
             mod.registerRoutes(router);
             return;
         }
-        const { registerRoutes: registerFrameworkRoutes } = await import('../../routes/api');
+        const { registerRoutes: registerFrameworkRoutes } = await import('../../routes/api.js');
         registerFrameworkRoutes(router);
     }
     catch (error) {
@@ -99,7 +99,7 @@ const initializeArtifactDirectories = async (resolvedBasePath) => {
         return;
     let nodeFs;
     try {
-        nodeFs = await import('../node-singletons/fs');
+        nodeFs = await import('../node-singletons/fs.js');
     }
     catch {
         return;
@@ -167,7 +167,7 @@ export const Application = Object.freeze({
         // Register framework-level shutdown hooks for long-lived resources
         // ConnectionManager may not be initialized; shutdownIfInitialized is safe
         // Use dynamic import without top-level await to avoid transforming the module into an async module
-        import('../orm/ConnectionManager')
+        import('../orm/ConnectionManager.js')
             .then(({ ConnectionManager }) => {
             shutdownManager.add(async () => ConnectionManager.shutdownIfInitialized());
         })

package/src/boot/Server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Server.d.ts","sourceRoot":"","sources":["../../../src/boot/Server.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AASjD,OAAO,KAAK,IAAI,MAAM,uBAAuB,CAAC;AAI9C,MAAM,WAAW,OAAO;IACtB,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACxB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACvB,aAAa,IAAI,IAAI,CAAC,MAAM,CAAC;CAC9B;AA2ND;;;GAGG;AACH,eAAO,MAAM,MAAM;IACjB;;OAEG;gBACS,YAAY,SAAS,MAAM,SAAS,MAAM,GAAG,OAAO;EA8BhE,CAAC;AAEH,eAAe,MAAM,CAAC"}
+{"version":3,"file":"Server.d.ts","sourceRoot":"","sources":["../../../src/boot/Server.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AASjD,OAAO,KAAK,IAAI,MAAM,uBAAuB,CAAC;AAK9C,MAAM,WAAW,OAAO;IACtB,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACxB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACvB,aAAa,IAAI,IAAI,CAAC,MAAM,CAAC;CAC9B;AA6MD;;;GAGG;AACH,eAAO,MAAM,MAAM;IACjB;;OAEG;gBACS,YAAY,SAAS,MAAM,SAAS,MAAM,GAAG,OAAO;EA4ChE,CAAC;AAEH,eAAe,MAAM,CAAC"}

package/src/boot/Server.js

@@ -2,17 +2,17 @@
  * Server - HTTP Server implementation
  * Uses Node.js built-in HTTP server with no external dependencies
  */
-import { esmDirname } from '../common/index';
-import { appConfig } from '../config/app';
-import { HTTP_HEADERS, MIME_TYPES } from '../config/constants';
-import { Logger } from '../config/logger';
-import { ErrorFactory } from '../exceptions/ZintrustError';
-import { Request } from '../http/Request';
-import { Response } from '../http/Response';
-import * as fs from '../node-singletons/fs';
-import * as http from '../node-singletons/http';
-import * as path from '../node-singletons/path';
-import { Router } from '../routing/Router';
+import { esmDirname } from '../common/index.js';
+import { appConfig } from '../config/app.js';
+import { HTTP_HEADERS, MIME_TYPES } from '../config/constants.js';
+import { Logger } from '../config/logger.js';
+import { ErrorFactory } from '../exceptions/ZintrustError.js';
+import { Request } from '../http/Request.js';
+import { Response } from '../http/Response.js';
+import * as fs from '../node-singletons/fs.js';
+import * as http from '../node-singletons/http.js';
+import * as path from '../node-singletons/path.js';
+import { Router } from '../routing/Router.js';
 const MIME_TYPES_MAP = {
     '.html': MIME_TYPES.HTML,
     '.js': MIME_TYPES.JS,
@@ -47,40 +47,42 @@ const getFrameworkPublicRoots = () => {
     const packageRoot = findPackageRoot(thisDir);
     return [
         path.join(packageRoot, 'dist/public'),
-        path.join(packageRoot, 'docs-website/public'),
         path.join(packageRoot, 'public'), // Fallback for shipped package
     ];
 };
 const getDocsPublicRoot = () => {
-    const isProduction = appConfig.isProduction();
     // First try app-local roots (developer app override), then fall back to framework-shipped assets.
-    const appRoots = isProduction
-        ? [path.join(process.cwd(), 'public')]
-        : [path.join(process.cwd(), 'docs-website/public')];
+    const appRoots = [path.join(process.cwd(), 'public')];
     const candidates = [...appRoots, ...getFrameworkPublicRoots()];
+    const hasDocsEntrypoint = (root) => {
+        const directIndex = path.join(root, 'index.html');
+        return fs.existsSync(directIndex);
+    };
+    // Prefer a root that actually contains docs assets.
+    for (const candidate of candidates) {
+        if (fs.existsSync(candidate) && hasDocsEntrypoint(candidate))
+            return candidate;
+    }
+    // Fall back to the first existing directory.
     for (const candidate of candidates) {
         if (fs.existsSync(candidate))
             return candidate;
     }
-    return appRoots[0];
+    return candidates[0];
 };
-const stripLeadingSlashes = (value) => value.replace(/^\/+/, '');
 /**
  * Map URL path to physical file path
  */
 const mapStaticPath = (urlPath) => {
     const publicRoot = getDocsPublicRoot();
-    if (urlPath.startsWith('/doc')) {
-        const rest = stripLeadingSlashes(urlPath.slice('/doc'.length));
-        const docPath = path.join(publicRoot, 'doc');
-        // If a 'doc' folder exists inside publicRoot, use it.
-        // Otherwise, assume publicRoot contains the docs directly.
-        if (fs.existsSync(docPath)) {
-            return rest === '' ? docPath : path.join(docPath, rest);
-        }
-        return rest === '' ? publicRoot : path.join(publicRoot, rest);
-    }
-    return '';
+    const normalize = (p) => (p.startsWith('/') ? p.slice(1) : p);
+    // /doc acts as a mount for the docs/static site.
+    if (urlPath === '/doc' || urlPath === '/doc/')
+        return publicRoot;
+    if (urlPath.startsWith('/doc/'))
+        return path.join(publicRoot, normalize(urlPath.slice('/doc/'.length)));
+    // Also serve app-local static files from the same public root.
+    return path.join(publicRoot, normalize(urlPath));
 };
 /**
  * Send static file to response
@@ -99,13 +101,6 @@ const sendStaticFile = (filePath, response) => {
 // eslint-disable-next-line @typescript-eslint/require-await
 const serveStatic = async (request, response) => {
     const urlPath = request.getPath();
-    // Canonicalize docs base path (VitePress expects trailing slash for correct relative resolution)
-    if (urlPath === '/doc') {
-        response.setStatus(302);
-        response.setHeader('Location', '/doc/');
-        response.send('');
-        return true;
-    }
     let filePath = mapStaticPath(urlPath);
     if (!filePath)
         return false;
@@ -146,8 +141,8 @@ const getContentSecurityPolicyForPath = (requestPath) => {
     if (!requestPath.startsWith('/doc'))
         return baseCsp;
     return ("default-src 'self'; " +
-        "script-src 'self' 'unsafe-inline' 'unsafe-eval'; " +
-        "script-src-elem 'self' 'unsafe-inline'; " +
+        "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.tailwindcss.com; " +
+        "script-src-elem 'self' 'unsafe-inline' https://cdn.tailwindcss.com; " +
         "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; " +
         "style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; " +
         "img-src 'self' data: https:; " +
@@ -209,11 +204,15 @@ export const Server = Object.freeze({
         const serverPort = port ?? appConfig.port;
         const serverHost = host ?? appConfig.host;
         const httpServer = http.createServer(async (req, res) => handleRequest(app, req, res));
+        const sockets = new Set();
+        httpServer.on('connection', (socket) => {
+            sockets.add(socket);
+            socket.on('close', () => sockets.delete(socket));
+        });
         return {
             async listen() {
                 return new Promise((resolve) => {
                     httpServer.listen(serverPort, serverHost, () => {
-                        Logger.info(`Zintrust server running at http://${serverHost}:${serverPort}`);
                         resolve();
                     });
                 });
@@ -224,6 +223,15 @@ export const Server = Object.freeze({
                         Logger.info('Zintrust server stopped');
                         resolve();
                     });
+                    // Ensure keep-alive / hanging connections don't block shutdown
+                    for (const socket of sockets) {
+                        try {
+                            socket.destroy();
+                        }
+                        catch {
+                            // best-effort
+                        }
+                    }
                 });
             },
             getHttpServer() {