@zintrust/core 0.4.19 → 0.4.21

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zintrust/core",
-  "version": "0.4.19",
+  "version": "0.4.21",
   "description": "Production-grade TypeScript backend framework for JavaScript",
   "homepage": "https://zintrust.com",
   "repository": {

package/src/functions/cloudflare.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cloudflare.d.ts","sourceRoot":"","sources":["../../../src/functions/cloudflare.ts"],"names":[],"mappings":";mBA0JuB,OAAO,QAAQ,OAAO,QAAQ,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;;AADhF,wBAoCE"}
+{"version":3,"file":"cloudflare.d.ts","sourceRoot":"","sources":["../../../src/functions/cloudflare.ts"],"names":[],"mappings":";mBAwNuB,OAAO,QAAQ,OAAO,QAAQ,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;;AADhF,wBAoCE"}

package/src/functions/cloudflare.js

@@ -1,53 +1,93 @@
 import { Logger } from '../config/logger.js';
+import { clearMiddlewareConfigCache } from '../config/middleware.js';
 import { CloudflareAdapter } from '../runtime/adapters/CloudflareAdapter.js';
 import mergeOverrideValues from '../runtime/OverrideValueMerge.js';
 import { ProjectRuntime } from '../runtime/ProjectRuntime.js';
-import { StartupConfigFile } from '../runtime/StartupConfigFileRegistry.js';
+import { StartupConfigFile, StartupConfigFileRegistry, } from '../runtime/StartupConfigFileRegistry.js';
 import { WorkerAdapterImports } from '../runtime/WorkerAdapterImports.js';
 import { getKernel } from '../runtime/getKernel.js';
 const startupConfigModules = Object.freeze([
     {
         file: StartupConfigFile.Broadcast,
-        rootModuleId: '@runtime-config/' + 'broadcast.ts',
         serviceModuleId: '@service-runtime-config/' + 'broadcast.ts',
     },
     {
         file: StartupConfigFile.Cache,
-        rootModuleId: '@runtime-config/' + 'cache.ts',
         serviceModuleId: '@service-runtime-config/' + 'cache.ts',
     },
     {
         file: StartupConfigFile.Database,
-        rootModuleId: '@runtime-config/' + 'database.ts',
         serviceModuleId: '@service-runtime-config/' + 'database.ts',
     },
     {
         file: StartupConfigFile.Mail,
-        rootModuleId: '@runtime-config/' + 'mail.ts',
         serviceModuleId: '@service-runtime-config/' + 'mail.ts',
     },
     {
         file: StartupConfigFile.Middleware,
-        rootModuleId: '@runtime-config/' + 'middleware.ts',
         serviceModuleId: '@service-runtime-config/' + 'middleware.ts',
     },
     {
         file: StartupConfigFile.Notification,
-        rootModuleId: '@runtime-config/' + 'notification.ts',
         serviceModuleId: '@service-runtime-config/' + 'notification.ts',
     },
     {
         file: StartupConfigFile.Queue,
-        rootModuleId: '@runtime-config/' + 'queue.ts',
         serviceModuleId: '@service-runtime-config/' + 'queue.ts',
     },
     {
         file: StartupConfigFile.Storage,
-        rootModuleId: '@runtime-config/' + 'storage.ts',
         serviceModuleId: '@service-runtime-config/' + 'storage.ts',
     },
 ]);
-const importOptionalDefault = async (moduleId) => {
+const importRootBroadcastModule = async () => {
+    return (await import('@runtime-config/' + 'broadcast.ts'));
+};
+const importRootCacheModule = async () => {
+    return (await import('@runtime-config/' + 'cache.ts'));
+};
+const importRootDatabaseModule = async () => {
+    return (await import('@runtime-config/' + 'database.ts'));
+};
+const importRootMailModule = async () => {
+    return (await import('@runtime-config/' + 'mail.ts'));
+};
+const importRootMiddlewareModule = async () => {
+    return (await import('@runtime-config/' + 'middleware.ts'));
+};
+const importRootNotificationModule = async () => {
+    return (await import('@runtime-config/' + 'notification.ts'));
+};
+const importRootQueueModule = async () => {
+    return (await import('@runtime-config/' + 'queue.ts'));
+};
+const importRootStorageModule = async () => {
+    return (await import('@runtime-config/' + 'storage.ts'));
+};
+const importRootWorkersModule = async () => {
+    return (await import('@runtime-config/' + 'workers.ts'));
+};
+const rootStartupImporters = Object.freeze({
+    [StartupConfigFile.Broadcast]: importRootBroadcastModule,
+    [StartupConfigFile.Cache]: importRootCacheModule,
+    [StartupConfigFile.Database]: importRootDatabaseModule,
+    [StartupConfigFile.Mail]: importRootMailModule,
+    [StartupConfigFile.Middleware]: importRootMiddlewareModule,
+    [StartupConfigFile.Notification]: importRootNotificationModule,
+    [StartupConfigFile.Queue]: importRootQueueModule,
+    [StartupConfigFile.Storage]: importRootStorageModule,
+    [StartupConfigFile.Workers]: importRootWorkersModule,
+});
+const importOptionalDefault = async (importer) => {
+    try {
+        const module = await importer();
+        return module.default;
+    }
+    catch {
+        return undefined;
+    }
+};
+const importOptionalDefaultById = async (moduleId) => {
     try {
         const module = (await import(moduleId));
         return module.default;
@@ -57,10 +97,10 @@ const importOptionalDefault = async (moduleId) => {
     }
 };
 const resolveStartupOverrideValue = async (entry) => {
-    const rootOverride = await importOptionalDefault(entry.rootModuleId);
+    const rootOverride = await importOptionalDefault(rootStartupImporters[entry.file]);
     const serviceOverride = ProjectRuntime.getActiveService() === undefined
         ? undefined
-        : await importOptionalDefault(entry.serviceModuleId);
+        : await importOptionalDefaultById(entry.serviceModuleId);
     if (rootOverride === undefined)
         return serviceOverride;
     if (serviceOverride === undefined)
@@ -82,6 +122,9 @@ const applyStartupConfigOverrides = async () => {
             }
             globalAny.__zintrustStartupConfigOverrides.set(entry.file, entry.value);
         }
+        StartupConfigFileRegistry.clear();
+        clearMiddlewareConfigCache();
+        await StartupConfigFileRegistry.preload(startupConfigModules.map((entry) => entry.file));
     }
     catch (error) {
         Logger.error('Error applying startup config overrides:', error);

package/src/http/Kernel.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Kernel.d.ts","sourceRoot":"","sources":["../../../src/http/Kernel.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAEnD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAG9C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAEhD,OAAO,KAAK,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEhF,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAK7E,OAAO,KAAK,EAAE,SAAS,EAAmB,MAAM,mBAAmB,CAAC;AAGpE,MAAM,WAAW,OAAO;IACtB,MAAM,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACjE,aAAa,CAAC,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5D,SAAS,CAAC,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,GAAG,IAAI,CAAC;IAC/C,wBAAwB,CAAC,GAAG,UAAU,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;IAC5D,uBAAuB,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,GAAG,IAAI,CAAC;IACpE,SAAS,IAAI,OAAO,CAAC;IACrB,YAAY,IAAI,iBAAiB,CAAC;IAClC,kBAAkB,IAAI,gBAAgB,CAAC;IAGvC,gBAAgB,CAAC,QAAQ,EAAE,SAAS,GAAG,IAAI,CAAC;IAC5C,cAAc,IAAI,IAAI,CAAC;IACvB,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9C;AA4TD,eAAO,MAAM,MAAM;qBA1DK,OAAO,aAAa,iBAAiB,KAAG,OAAO;EA4DrE,CAAC;AAEH,eAAe,MAAM,CAAC"}
+{"version":3,"file":"Kernel.d.ts","sourceRoot":"","sources":["../../../src/http/Kernel.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,OAAO,EAAc,MAAM,qBAAqB,CAAC;AAE/D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAG9C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAEhD,OAAO,KAAK,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEhF,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAK7E,OAAO,KAAK,EAAE,SAAS,EAAmB,MAAM,mBAAmB,CAAC;AAGpE,MAAM,WAAW,OAAO;IACtB,MAAM,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACjE,aAAa,CAAC,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5D,SAAS,CAAC,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,GAAG,IAAI,CAAC;IAC/C,wBAAwB,CAAC,GAAG,UAAU,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;IAC5D,uBAAuB,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,GAAG,IAAI,CAAC;IACpE,SAAS,IAAI,OAAO,CAAC;IACrB,YAAY,IAAI,iBAAiB,CAAC;IAClC,kBAAkB,IAAI,gBAAgB,CAAC;IAGvC,gBAAgB,CAAC,QAAQ,EAAE,SAAS,GAAG,IAAI,CAAC;IAC5C,cAAc,IAAI,IAAI,CAAC;IACvB,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9C;AA6VD,eAAO,MAAM,MAAM;qBA1DK,OAAO,aAAa,iBAAiB,KAAG,OAAO;EA4DrE,CAAC;AAEH,eAAe,MAAM,CAAC"}

package/src/http/Kernel.js

@@ -60,6 +60,32 @@ const resolveMiddlewareForRoute = (route, globalMiddleware, routeMiddleware) =>
         .filter((mw) => typeof mw === 'function');
     return [...globalMiddleware, ...resolvedRouteMiddleware];
 };
+const PREFLIGHT_FALLBACK_METHODS = Object.freeze([
+    'GET',
+    'HEAD',
+    'POST',
+    'PUT',
+    'PATCH',
+    'DELETE',
+    '*',
+]);
+const resolveRouteWithPreflightFallback = (router, method, path) => {
+    const direct = Router.match(router, method, path);
+    if (direct !== null || method !== 'OPTIONS')
+        return direct;
+    for (const fallbackMethod of PREFLIGHT_FALLBACK_METHODS) {
+        const matched = Router.match(router, fallbackMethod, path);
+        if (matched === null)
+            continue;
+        return {
+            ...matched,
+            handler: async () => {
+                await Promise.resolve();
+            },
+        };
+    }
+    return null;
+};
 const maybeStartKernelTraceSpan = (req, context) => {
     if (OpenTelemetry.isEnabled() === false)
         return undefined;
@@ -85,8 +111,8 @@ const maybeSetKernelTraceRoute = (traceSpan, method, routeLabel) => {
 };
 const runKernelPipeline = async (router, globalMiddleware, routeMiddleware, req, res, context, traceSpan) => {
     Logger.info(`[${req.getMethod()}] ${req.getPath()}`);
-    const route = Router.match(router, req.getMethod(), req.getPath());
-    if (!route) {
+    const route = resolveRouteWithPreflightFallback(router, req.getMethod(), req.getPath());
+    if (route === null) {
         const routeLabel = 'not_found';
         maybeSetKernelTraceRoute(traceSpan, context.method, routeLabel);
         const handleNotFound = ErrorRouting.handleNotFound;

package/src/index.js

@@ -1,11 +1,11 @@
 /**
- * @zintrust/core v0.4.19
+ * @zintrust/core v0.4.21
  *
  * ZinTrust Framework - Production-Grade TypeScript Backend
  * Built for performance, type safety, and exceptional developer experience
  *
  * Build Information:
- *   Built: 2026-03-26T07:03:17.846Z
+ *   Built: 2026-03-26T13:55:52.794Z
  *   Node: >=20.0.0
  *   License: MIT
  *
@@ -21,7 +21,7 @@
  * Available at runtime for debugging and health checks
  */
 export const ZINTRUST_VERSION = '0.1.41';
-export const ZINTRUST_BUILD_DATE = '2026-03-26T07:03:17.811Z'; // Replaced during build
+export const ZINTRUST_BUILD_DATE = '2026-03-26T13:55:52.759Z'; // Replaced during build
 export { Application } from './boot/Application.js';
 export { AwsSigV4 } from './common/index.js';
 export { SignedRequest } from './security/SignedRequest.js';

package/src/middleware/AuthMiddleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthMiddleware.d.ts","sourceRoot":"","sources":["../../../src/middleware/AuthMiddleware.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,KAAK,0BAA0B,EAChC,MAAM,wCAAwC,CAAC;AAChD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAE9D,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,0BAA0B,CAAC;CAC7C;AAED,eAAO,MAAM,cAAc;qBACT,WAAW,GAAQ,UAAU;EAsB7C,CAAC;AAEH,eAAe,cAAc,CAAC"}
+{"version":3,"file":"AuthMiddleware.d.ts","sourceRoot":"","sources":["../../../src/middleware/AuthMiddleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAEL,KAAK,0BAA0B,EAChC,MAAM,wCAAwC,CAAC;AAChD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAS9D,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,0BAA0B,CAAC;CAC7C;AAED,eAAO,MAAM,cAAc;qBACT,WAAW,GAAQ,UAAU;EAsB7C,CAAC;AAEH,eAAe,cAAc,CAAC"}

package/src/middleware/AuthMiddleware.js

@@ -1,4 +1,10 @@
 import { respondWithMiddlewareFailure, } from './MiddlewareFailureResponder.js';
+const createAuthFailureBody = (reason, message) => ({
+    error: {
+        code: reason,
+        message,
+    },
+});
 export const AuthMiddleware = Object.freeze({
     create(options = {}) {
         const headerName = (options.headerName ?? 'authorization').toLowerCase();
@@ -12,7 +18,7 @@ export const AuthMiddleware = Object.freeze({
                     reason: 'missing_authorization_header',
                     statusCode: 401,
                     message,
-                    body: { error: message },
+                    body: createAuthFailureBody('missing_authorization_header', message),
                 });
                 return;
             }

package/src/middleware/JwtAuthMiddleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"JwtAuthMiddleware.d.ts","sourceRoot":"","sources":["../../../src/middleware/JwtAuthMiddleware.ts"],"names":[],"mappings":"AAKA,OAAO,EAEL,KAAK,0BAA0B,EAChC,MAAM,wCAAwC,CAAC;AAChD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,KAAK,EAAe,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAItE,MAAM,WAAW,cAAc;IAC7B,SAAS,CAAC,EAAE,YAAY,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,CAAC,EAAE,0BAA0B,CAAC;CAC7C;AAuCD,eAAO,MAAM,iBAAiB;qBACZ,cAAc,GAAQ,UAAU;EA6FhD,CAAC;AAEH,eAAe,iBAAiB,CAAC"}
+{"version":3,"file":"JwtAuthMiddleware.d.ts","sourceRoot":"","sources":["../../../src/middleware/JwtAuthMiddleware.ts"],"names":[],"mappings":"AAMA,OAAO,EAEL,KAAK,0BAA0B,EAChC,MAAM,wCAAwC,CAAC;AAChD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,KAAK,EAAe,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAItE,MAAM,WAAW,cAAc;IAC7B,SAAS,CAAC,EAAE,YAAY,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,CAAC,EAAE,0BAA0B,CAAC;CAC7C;AAqJD,eAAO,MAAM,iBAAiB;qBACZ,cAAc,GAAQ,UAAU;EAWhD,CAAC;AAEH,eAAe,iBAAiB,CAAC"}

package/src/middleware/JwtAuthMiddleware.js

@@ -38,6 +38,68 @@ const getOptionalStringOrNumberClaim = (payload, key) => {
         return String(value);
     return undefined;
 };
+const createJwtFailureBody = (reason, message) => ({
+    error: {
+        code: reason,
+        message,
+    },
+});
+const respondJwtUnauthorized = async (req, res, onUnauthorized, reason, message, error) => {
+    await respondWithMiddlewareFailure(req, res, onUnauthorized, {
+        middleware: 'jwt',
+        reason,
+        statusCode: 401,
+        message,
+        body: createJwtFailureBody(reason, message),
+        error,
+    });
+};
+const hydrateJwtRequestContext = (req, payload) => {
+    req.user = payload;
+    const subject = payload['sub'];
+    if (typeof subject === 'string' && subject.trim() !== '') {
+        RequestContext.setUserId(req, subject);
+    }
+    const tenantId = getOptionalStringOrNumberClaim(payload, 'tenantId') ??
+        getOptionalStringOrNumberClaim(payload, 'tenant_id');
+    if (tenantId !== undefined && tenantId.trim() !== '') {
+        RequestContext.setTenantId(req, tenantId);
+    }
+};
+const createJwtMiddlewareHandler = (jwt, algorithm, onUnauthorized) => {
+    return async (req, res, next) => {
+        if (req.context?.['authStrategy'] === 'bulletproof' && req.user !== undefined) {
+            await next();
+            return;
+        }
+        const authorizationHeader = getHeaderValue(req.getHeader('authorization'));
+        if (authorizationHeader === '') {
+            await respondJwtUnauthorized(req, res, onUnauthorized, 'missing_authorization_header', 'Missing authorization header');
+            return;
+        }
+        const token = getBearerToken(authorizationHeader);
+        if (token === null) {
+            await respondJwtUnauthorized(req, res, onUnauthorized, 'invalid_authorization_header_format', 'Invalid authorization header format');
+            return;
+        }
+        try {
+            const payload = jwt.verify(token, algorithm);
+            if (!(await JwtSessions.isActive(token))) {
+                await respondJwtUnauthorized(req, res, onUnauthorized, 'inactive_session', 'Invalid or expired token');
+                return;
+            }
+            hydrateJwtRequestContext(req, payload);
+            await next();
+        }
+        catch (error) {
+            Logger.debug('JWT verification failed', {
+                algorithm,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            await respondJwtUnauthorized(req, res, onUnauthorized, getJwtFailureReason(error), 'Invalid or expired token', error);
+        }
+    };
+};
 export const JwtAuthMiddleware = Object.freeze({
     create(options = {}) {
         const algorithm = options.algorithm ?? securityConfig.jwt.algorithm;
@@ -46,75 +108,7 @@ export const JwtAuthMiddleware = Object.freeze({
         if (algorithm === 'HS256' || algorithm === 'HS512') {
             jwt.setHmacSecret(secret);
         }
-        return async (req, res, next) => {
-            // If a stronger auth strategy already authenticated this request, do not re-verify.
-            if (req.context?.['authStrategy'] === 'bulletproof' && req.user !== undefined) {
-                await next();
-                return;
-            }
-            const authorizationHeader = getHeaderValue(req.getHeader('authorization'));
-            if (authorizationHeader === '') {
-                await respondWithMiddlewareFailure(req, res, options.onUnauthorized, {
-                    middleware: 'jwt',
-                    reason: 'missing_authorization_header',
-                    statusCode: 401,
-                    message: 'Missing authorization header',
-                    body: { error: 'Missing authorization header' },
-                });
-                return;
-            }
-            const token = getBearerToken(authorizationHeader);
-            if (token === null) {
-                await respondWithMiddlewareFailure(req, res, options.onUnauthorized, {
-                    middleware: 'jwt',
-                    reason: 'invalid_authorization_header_format',
-                    statusCode: 401,
-                    message: 'Invalid authorization header format',
-                    body: { error: 'Invalid authorization header format' },
-                });
-                return;
-            }
-            try {
-                const payload = jwt.verify(token, algorithm);
-                // Session allowlist: token must exist in the session store to be accepted.
-                if (!(await JwtSessions.isActive(token))) {
-                    await respondWithMiddlewareFailure(req, res, options.onUnauthorized, {
-                        middleware: 'jwt',
-                        reason: 'inactive_session',
-                        statusCode: 401,
-                        message: 'Invalid or expired token',
-                        body: { error: 'Invalid or expired token' },
-                    });
-                    return;
-                }
-                req.user = payload;
-                // Standardize request-scoped context fields.
-                if (typeof payload.sub === 'string' && payload.sub.trim() !== '') {
-                    RequestContext.setUserId(req, payload.sub);
-                }
-                // Optional: if a tenant claim exists, attach it. (Apps may use a different claim name.)
-                const tenantId = getOptionalStringOrNumberClaim(payload, 'tenantId') ??
-                    getOptionalStringOrNumberClaim(payload, 'tenant_id');
-                if (tenantId !== undefined && tenantId.trim() !== '') {
-                    RequestContext.setTenantId(req, tenantId);
-                }
-                await next();
-            }
-            catch (error) {
-                Logger.debug('JWT verification failed', {
-                    algorithm,
-                    error: error instanceof Error ? error.message : String(error),
-                });
-                await respondWithMiddlewareFailure(req, res, options.onUnauthorized, {
-                    middleware: 'jwt',
-                    reason: getJwtFailureReason(error),
-                    statusCode: 401,
-                    message: 'Invalid or expired token',
-                    body: { error: 'Invalid or expired token' },
-                    error,
-                });
-            }
-        };
+        return createJwtMiddlewareHandler(jwt, algorithm, options.onUnauthorized);
     },
 });
 export default JwtAuthMiddleware;

package/src/middleware/MiddlewareFailureBody.d.ts

@@ -0,0 +1,12 @@
+export type MiddlewareFailureBodyInput = Readonly<{
+    reason: string;
+    message: string;
+}>;
+export type DefaultMiddlewareFailureBody = Readonly<{
+    error: Readonly<{
+        code: string;
+        message: string;
+    }>;
+}>;
+export declare function createDefaultMiddlewareFailureBody(context: MiddlewareFailureBodyInput): DefaultMiddlewareFailureBody;
+//# sourceMappingURL=MiddlewareFailureBody.d.ts.map

package/src/middleware/MiddlewareFailureBody.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MiddlewareFailureBody.d.ts","sourceRoot":"","sources":["../../../src/middleware/MiddlewareFailureBody.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,0BAA0B,GAAG,QAAQ,CAAC;IAChD,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,QAAQ,CAAC;IAClD,KAAK,EAAE,QAAQ,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC,CAAC;CACJ,CAAC,CAAC;AAEH,wBAAgB,kCAAkC,CAChD,OAAO,EAAE,0BAA0B,GAClC,4BAA4B,CAO9B"}

package/src/middleware/MiddlewareFailureBody.js

@@ -0,0 +1,8 @@
+export function createDefaultMiddlewareFailureBody(context) {
+    return {
+        error: {
+            code: context.reason,
+            message: context.message,
+        },
+    };
+}

package/src/middleware/MiddlewareFailureResponder.d.ts

@@ -1,5 +1,6 @@
 import type { IRequest } from '../http/Request';
 import type { IResponse } from '../http/Response';
+export { createDefaultMiddlewareFailureBody, type DefaultMiddlewareFailureBody, type MiddlewareFailureBodyInput, } from './MiddlewareFailureBody';
 export type MiddlewareFailureContext = Readonly<{
     middleware: string;
     reason: string;

package/src/middleware/MiddlewareFailureResponder.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"MiddlewareFailureResponder.d.ts","sourceRoot":"","sources":["../../../src/middleware/MiddlewareFailureResponder.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAEhD,MAAM,MAAM,wBAAwB,GAAG,QAAQ,CAAC;IAC9C,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC,CAAC;AAEH,MAAM,MAAM,0BAA0B,GAAG,CACvC,GAAG,EAAE,QAAQ,EACb,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,wBAAwB,KAC9B,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE1B,eAAO,MAAM,iCAAiC,EAAE,0BAgB/C,CAAC;AAEF,eAAO,MAAM,4BAA4B,GACvC,KAAK,QAAQ,EACb,KAAK,SAAS,EACd,WAAW,0BAA0B,GAAG,SAAS,EACjD,SAAS,wBAAwB,KAChC,OAAO,CAAC,IAAI,CAEd,CAAC"}
+{"version":3,"file":"MiddlewareFailureResponder.d.ts","sourceRoot":"","sources":["../../../src/middleware/MiddlewareFailureResponder.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAEhD,OAAO,EACL,kCAAkC,EAClC,KAAK,4BAA4B,EACjC,KAAK,0BAA0B,GAChC,MAAM,mCAAmC,CAAC;AAE3C,MAAM,MAAM,wBAAwB,GAAG,QAAQ,CAAC;IAC9C,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC,CAAC;AAEH,MAAM,MAAM,0BAA0B,GAAG,CACvC,GAAG,EAAE,QAAQ,EACb,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,wBAAwB,KAC9B,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE1B,eAAO,MAAM,iCAAiC,EAAE,0BAgB/C,CAAC;AAEF,eAAO,MAAM,4BAA4B,GACvC,KAAK,QAAQ,EACb,KAAK,SAAS,EACd,WAAW,0BAA0B,GAAG,SAAS,EACjD,SAAS,wBAAwB,KAChC,OAAO,CAAC,IAAI,CAEd,CAAC"}

package/src/middleware/MiddlewareFailureResponder.js

@@ -1,4 +1,5 @@
 import { isObject } from '../helper/index.js';
+export { createDefaultMiddlewareFailureBody, } from './MiddlewareFailureBody.js';
 export const defaultMiddlewareFailureResponder = (_req, res, context) => {
     const statusTarget = res.setStatus(context.statusCode);
     const responseTarget = isObject(statusTarget) ? statusTarget : res;

package/src/middleware/SecurityMiddleware.d.ts

@@ -14,7 +14,7 @@ export interface SecurityOptions {
         action?: 'DENY' | 'SAMEORIGIN';
     };
     cors?: {
-        origin?: string;
+        origin?: string | string[];
         methods?: string[];
         allowedHeaders?: string[];
         credentials?: boolean;

package/src/middleware/SecurityMiddleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SecurityMiddleware.d.ts","sourceRoot":"","sources":["../../../src/middleware/SecurityMiddleware.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAE9D,MAAM,WAAW,eAAe;IAC9B,IAAI,CAAC,EAAE;QACL,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,iBAAiB,CAAC,EAAE,OAAO,CAAC;QAC5B,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;IACF,UAAU,CAAC,EAAE;QACX,MAAM,CAAC,EAAE,MAAM,GAAG,YAAY,CAAC;KAChC,CAAC;IACF,IAAI,CAAC,EAAE;QACL,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;QACnB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,GAAG,CAAC,EAAE;QACJ,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;KACvC,CAAC;CACH;AA+FD,eAAO,MAAM,kBAAkB;IAC7B;;OAEG;qBACa,eAAe,GAAQ,UAAU;EAgBjD,CAAC"}
+{"version":3,"file":"SecurityMiddleware.d.ts","sourceRoot":"","sources":["../../../src/middleware/SecurityMiddleware.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAE9D,MAAM,WAAW,eAAe;IAC9B,IAAI,CAAC,EAAE;QACL,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,iBAAiB,CAAC,EAAE,OAAO,CAAC;QAC5B,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;IACF,UAAU,CAAC,EAAE;QACX,MAAM,CAAC,EAAE,MAAM,GAAG,YAAY,CAAC;KAChC,CAAC;IACF,IAAI,CAAC,EAAE;QACL,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;QAC3B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;QACnB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,GAAG,CAAC,EAAE;QACJ,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;KACvC,CAAC;CACH;AAwID,eAAO,MAAM,kBAAkB;IAC7B;;OAEG;qBACa,eAAe,GAAQ,UAAU;EAgBjD,CAAC"}

package/src/middleware/SecurityMiddleware.js

@@ -3,6 +3,21 @@
  * Implements standard security headers and CORS protection
  * Zero-dependency implementation replacing helmet/cors
  */
+import { securityConfig } from '../config/security.js';
+const normalizeCorsList = (values, fallback) => {
+    const normalized = (values ?? [])
+        .map((value) => (typeof value === 'string' ? value.trim() : ''))
+        .filter((value) => value !== '');
+    return normalized.length > 0 ? normalized : fallback;
+};
+const getSecurityCorsConfig = () => {
+    const config = securityConfig;
+    return config?.cors ?? {};
+};
+const resolveCorsOrigin = () => {
+    const origins = normalizeCorsList(getSecurityCorsConfig().origins, ['*']);
+    return origins.includes('*') ? '*' : origins;
+};
 const DEFAULT_OPTIONS = {
     hsts: {
         maxAge: 15552000, // 180 days
@@ -13,13 +28,33 @@ const DEFAULT_OPTIONS = {
         action: 'SAMEORIGIN',
     },
     cors: {
-        origin: '*',
-        methods: ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE'],
-        allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With', 'X-CSRF-Token'],
-        credentials: true,
-        maxAge: 86400,
+        origin: resolveCorsOrigin(),
+        methods: normalizeCorsList(getSecurityCorsConfig().methods, [
+            'GET',
+            'HEAD',
+            'PUT',
+            'PATCH',
+            'POST',
+            'DELETE',
+        ]),
+        allowedHeaders: normalizeCorsList(getSecurityCorsConfig().allowedHeaders, [
+            'Content-Type',
+            'Authorization',
+            'X-Requested-With',
+            'X-CSRF-Token',
+        ]),
+        credentials: getSecurityCorsConfig().credentials,
+        maxAge: getSecurityCorsConfig().maxAge,
     },
 };
+const mergeSecurityOptions = (options) => {
+    return {
+        hsts: { ...DEFAULT_OPTIONS.hsts, ...options.hsts },
+        frameguard: { ...DEFAULT_OPTIONS.frameguard, ...options.frameguard },
+        cors: { ...DEFAULT_OPTIONS.cors, ...options.cors },
+        csp: options.csp ?? DEFAULT_OPTIONS.csp,
+    };
+};
 function applyHsts(res, hsts) {
     if (!hsts)
         return;
@@ -73,7 +108,7 @@ function applyCors(req, res, cors) {
         res.setHeader('Access-Control-Allow-Headers', cors.allowedHeaders.join(', '));
     }
     if (cors.credentials !== undefined) {
-        res.setHeader('Access-Control-Allow-Credentials', 'true');
+        res.setHeader('Access-Control-Allow-Credentials', cors.credentials ? 'true' : 'false');
     }
     if (cors.maxAge !== undefined) {
         res.setHeader('Access-Control-Max-Age', cors.maxAge.toString());
@@ -90,7 +125,7 @@ export const SecurityMiddleware = Object.freeze({
      * Create security middleware with options
      */
     create(options = {}) {
-        const config = { ...DEFAULT_OPTIONS, ...options };
+        const config = mergeSecurityOptions(options);
         return async (req, res, next) => {
             applyHsts(res, config.hsts);
             applyFrameguard(res, config.frameguard);

package/src/middleware/index.d.ts

@@ -5,6 +5,7 @@
 export * from './CsrfMiddleware';
 export * from './ErrorHandlerMiddleware';
 export * from './LoggingMiddleware';
+export * from './MiddlewareFailureBody';
 export * from './MiddlewareFailureResponder';
 export * from './MiddlewareStack';
 export * from './RateLimiter';

package/src/middleware/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/middleware/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,4BAA4B,CAAC;AAC3C,cAAc,oCAAoC,CAAC;AACnD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,wCAAwC,CAAC;AACvD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,yBAAyB,CAAC;AACxC,cAAc,gCAAgC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/middleware/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,4BAA4B,CAAC;AAC3C,cAAc,oCAAoC,CAAC;AACnD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,mCAAmC,CAAC;AAClD,cAAc,wCAAwC,CAAC;AACvD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,yBAAyB,CAAC;AACxC,cAAc,gCAAgC,CAAC"}

package/src/middleware/index.js

@@ -5,6 +5,7 @@
 export * from './CsrfMiddleware.js';
 export * from './ErrorHandlerMiddleware.js';
 export * from './LoggingMiddleware.js';
+export * from './MiddlewareFailureBody.js';
 export * from './MiddlewareFailureResponder.js';
 export * from './MiddlewareStack.js';
 export * from './RateLimiter.js';

package/src/runtime/RuntimeAdapter.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"RuntimeAdapter.d.ts","sourceRoot":"","sources":["../../../src/runtime/RuntimeAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAO7E,KAAK,KAAK,GAAG,MAAM,GAAG,MAAM,GAAG,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC;AAEjE;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAElC;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC3C,IAAI,CAAC,EAAE,KAAK,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAED,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC3C,IAAI,CAAC,EAAE,KAAK,CAAC;IACb,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,QAAQ,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,YAAY,GAAG,MAAM,CAAC;IAElE;;;OAGG;IACH,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAErE;;OAEG;IACH,YAAY,CAAC,KAAK,EAAE,OAAO,GAAG,eAAe,CAAC;IAE9C;;OAEG;IACH,cAAc,CAAC,QAAQ,EAAE,gBAAgB,GAAG,OAAO,CAAC;IAEpD;;OAEG;IACH,SAAS,IAAI;QACX,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACzC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACxC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACxC,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;KACvC,CAAC;IAEF;;OAEG;IACH,6BAA6B,IAAI,OAAO,CAAC;IAEzC;;OAEG;IACH,cAAc,IAAI;QAChB,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QACvC,OAAO,EAAE,MAAM,CAAC;QAChB,YAAY,EAAE,MAAM,CAAC;QACrB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,CAC5B,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,cAAc,EACnB,IAAI,EAAE,KAAK,KACR,OAAO,CAAC,IAAI,CAAC,CAAC;AAEnB;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,eAAe,CAAC;IACzB,MAAM,CAAC,EAAE;QACP,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACzC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACxC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACxC,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;KACvC,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC3C,IAAI,EAAE,KAAK,CAAC;IACZ,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,CAAC;IACvC,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,aAAa,CAAC;IAChE,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,GAAG,aAAa,CAAC;IACtE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,aAAa,CAAC;IACxD,OAAO,CAAC,IAAI,EAAE,OAAO,GAAG,aAAa,CAAC;IACtC,UAAU,IAAI,gBAAgB,CAAC;CAChC;AAED,eAAO,MAAM,YAAY;cACb,aAAa;EA0EvB,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,aAAa;uBACL,MAAM,WAAW,MAAM,YAAY,OAAO,GAAG,aAAa;EAW7E,CAAC;AAgGH,KAAK,OAAO,GAAG;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC3C,IAAI,EAAE,KAAK,CAAC;CACb,CAAC;AAwGF,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,eAAe,GAAG;IAC/D,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7B,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7B,YAAY,EAAE,OAAO,CAAC;CACvB,CAMA"}
+{"version":3,"file":"RuntimeAdapter.d.ts","sourceRoot":"","sources":["../../../src/runtime/RuntimeAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAO7E,KAAK,KAAK,GAAG,MAAM,GAAG,MAAM,GAAG,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC;AAEjE;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAElC;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC3C,IAAI,CAAC,EAAE,KAAK,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAED,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC3C,IAAI,CAAC,EAAE,KAAK,CAAC;IACb,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,QAAQ,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,YAAY,GAAG,MAAM,CAAC;IAElE;;;OAGG;IACH,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAErE;;OAEG;IACH,YAAY,CAAC,KAAK,EAAE,OAAO,GAAG,eAAe,CAAC;IAE9C;;OAEG;IACH,cAAc,CAAC,QAAQ,EAAE,gBAAgB,GAAG,OAAO,CAAC;IAEpD;;OAEG;IACH,SAAS,IAAI;QACX,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACzC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACxC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACxC,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;KACvC,CAAC;IAEF;;OAEG;IACH,6BAA6B,IAAI,OAAO,CAAC;IAEzC;;OAEG;IACH,cAAc,IAAI;QAChB,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QACvC,OAAO,EAAE,MAAM,CAAC;QAChB,YAAY,EAAE,MAAM,CAAC;QACrB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,CAC5B,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,cAAc,EACnB,IAAI,EAAE,KAAK,KACR,OAAO,CAAC,IAAI,CAAC,CAAC;AAEnB;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,eAAe,CAAC;IACzB,MAAM,CAAC,EAAE;QACP,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACzC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACxC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACxC,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;KACvC,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC3C,IAAI,EAAE,KAAK,CAAC;IACZ,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,CAAC;IACvC,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,aAAa,CAAC;IAChE,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,GAAG,aAAa,CAAC;IACtE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,aAAa,CAAC;IACxD,OAAO,CAAC,IAAI,EAAE,OAAO,GAAG,aAAa,CAAC;IACtC,UAAU,IAAI,gBAAgB,CAAC;CAChC;AAED,eAAO,MAAM,YAAY;cACb,aAAa;EA0EvB,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,aAAa;uBACL,MAAM,WAAW,MAAM,YAAY,OAAO,GAAG,aAAa;EAW7E,CAAC;AAgGH,KAAK,OAAO,GAAG;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC3C,IAAI,EAAE,KAAK,CAAC;CACb,CAAC;AAoIF,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,eAAe,GAAG;IAC/D,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7B,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7B,YAAY,EAAE,OAAO,CAAC;CACvB,CAMA"}

package/src/runtime/RuntimeAdapter.js

@@ -157,26 +157,57 @@ const applyWriteHead = (responseData, statusCode, headers) => {
     }
     return null;
 };
+const closeWriterOnAbort = (request, response) => {
+    if (!request.signal || !response._writer)
+        return;
+    request.signal.addEventListener('abort', () => {
+        if (response._writer) {
+            try {
+                response._writer.close();
+            }
+            catch {
+                // Ignore close errors
+            }
+        }
+        response.emit('close');
+    });
+};
+const writeToResponseWriter = (response, chunk) => {
+    if (!response._writer)
+        return false;
+    try {
+        response._writer.write(new TextEncoder().encode(String(chunk)));
+        return true;
+    }
+    catch {
+        return false;
+    }
+};
+const emitResponseListeners = (listeners, event, args) => {
+    if (listeners[event] === undefined)
+        return;
+    [...listeners[event]].forEach((fn) => {
+        fn(...args);
+    });
+};
+const isRequestAborted = (request) => request.signal?.aborted === true;
 const resData = (responseData, request) => {
     return {
-        statusCode: 200,
-        headers: responseData.headers,
+        get statusCode() {
+            return responseData.statusCode;
+        },
+        set statusCode(value) {
+            responseData.statusCode = value;
+        },
+        get headers() {
+            return responseData.headers;
+        },
+        set headers(value) {
+            responseData.headers = value;
+        },
         writeHead: function (statusCode, headers) {
             this._writer = applyWriteHead(responseData, statusCode, headers);
-            // Handle abortion if signal is present
-            if (request.signal && this._writer) {
-                request.signal.addEventListener('abort', () => {
-                    if (this._writer) {
-                        try {
-                            this._writer.close();
-                        }
-                        catch {
-                            // Ignore close errors
-                        }
-                    }
-                    this.emit('close');
-                });
-            }
+            closeWriterOnAbort(request, this);
             return this;
         },
         setHeader: function (name, value) {
@@ -199,16 +230,10 @@ const resData = (responseData, request) => {
         },
         write: function (chunk) {
             if (this._writer) {
-                try {
-                    this._writer.write(new TextEncoder().encode(String(chunk)));
-                    return true;
-                }
-                catch {
-                    return false;
-                }
+                return writeToResponseWriter(this, chunk);
             }
             responseData.body = chunk;
-            return true;
+            return isRequestAborted(request) === false;
         },
         on: function (event, listener) {
             this._listeners ??= {};
@@ -230,12 +255,7 @@ const resData = (responseData, request) => {
             return this;
         },
         emit: function (event, ...args) {
-            if (this._listeners?.[event] !== undefined) {
-                // Create a copy to avoid issues if listeners remove themselves
-                [...this._listeners[event]].forEach((fn) => {
-                    fn(...args);
-                });
-            }
+            emitResponseListeners(this._listeners, event, args);
         },
         _writer: null,
         _listeners: {},