@zintrust/core 0.9.6 → 1.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zintrust/core",
-  "version": "0.9.6",
+  "version": "1.2.0",
   "description": "Production-grade TypeScript backend framework for JavaScript",
   "homepage": "https://zintrust.com",
   "repository": {
@@ -73,9 +73,9 @@
     "axios": "^1.15.0",
     "@eslint/plugin-kit": "^0.7.1",
     "follow-redirects": "^1.16.0",
-    "@tootallnate/once": "^3.0.1",
+    "@tootallnate/once": "3.0.1",
     "node-forge": "^1.4.0",
-    "fast-xml-parser": "^5.7.1",
+    "fast-xml-parser": "5.7.1",
     "brace-expansion": "^5.0.5",
     "picomatch": "^4.0.4",
     "cross-spawn": "^7.0.5",
@@ -84,7 +84,7 @@
     "rollup": "^4.59.0",
     "vite": "^8.0.5",
     "flatted": "^3.4.2",
-    "uuid": "^14.0.0",
+    "uuid": "14.0.0",
     "@actions/github": {
       "undici": "^6.24.0"
     },
@@ -94,24 +94,10 @@
     "miniflare": {
       "undici": "^7.24.4"
     },
-    "@aws-sdk/xml-builder": {
-      "fast-xml-parser": "^5.7.1"
-    },
-    "@aws-sdk/xml-builder@3.972.18": {
-      "fast-xml-parser": "^5.7.1"
-    },
-    "@google-cloud/storage": {
-      "uuid": "^14.0.0"
-    },
-    "@google-cloud/storage@7.19.0": {
-      "uuid": "^14.0.0"
-    },
-    "gaxios": {
-      "uuid": "^14.0.0"
-    },
-    "teeny-request": {
-      "uuid": "^14.0.0"
-    }
+    "http-proxy-agent": "7.0.2",
+    "retry-request": "8.0.2",
+    "gaxios": "7.1.4",
+    "teeny-request": "10.1.2"
   },
   "bin": {
     "zintrust": "bin/zintrust.js",

package/src/cli/commands/EnvKeyGenerateCommand.js

@@ -78,7 +78,7 @@ export const EnvKeyGenerateCommand = Object.freeze({
                     }
                     envContent = upsertEnvValue(envContent, envKey, key);
                     await fs.writeFile(envPath, envContent);
-                    Logger.info(`${envKey} set successfully. [${key}]`);
+                    Logger.info(`${envKey} set successfully.`);
                 }
                 catch (error) {
                     Logger.error(`Failed to update ${envKey} in .env`, error);

package/src/index.js

@@ -1,11 +1,11 @@
 /**
- * @zintrust/core v0.9.6
+ * @zintrust/core v1.2.0
  *
  * ZinTrust Framework - Production-Grade TypeScript Backend
  * Built for performance, type safety, and exceptional developer experience
  *
  * Build Information:
- *   Built: 2026-04-23T13:47:55.338Z
+ *   Built: 2026-04-24T08:45:23.492Z
  *   Node: >=20.0.0
  *   License: MIT
  *
@@ -21,7 +21,7 @@
  * Available at runtime for debugging and health checks
  */
 export const ZINTRUST_VERSION = '0.1.41';
-export const ZINTRUST_BUILD_DATE = '2026-04-23T13:47:55.277Z'; // Replaced during build
+export const ZINTRUST_BUILD_DATE = '2026-04-24T08:45:23.460Z'; // Replaced during build
 export { Application } from './boot/Application.js';
 export { AwsSigV4 } from './common/index.js';
 export { SignedRequest } from './security/SignedRequest.js';

package/src/templates/project/basic/routes/storage.ts.tpl

@@ -8,6 +8,31 @@ import {
 } from '@zintrust/core';
 
 export function registerStorageRoutes(router: IRouter): void {
+  // Public file serving: /storage/<path>
+  Router.get(router, '/storage/:path*', async (req, res) => {
+    const raw = req.getParam('path') ?? '';
+    const key = typeof raw === 'string' ? decodeURIComponent(raw).replaceAll('\\\u005C', '/') : '';
+
+    if (key.trim() === '') {
+      res.setStatus(400).json({ message: 'Missing path' });
+      return;
+    }
+
+    // Respect private folder convention: do not expose keys under `private/`
+    if (key.startsWith('private/') || key === 'private') {
+      res.setStatus(404).json({ message: 'Not Found' });
+      return;
+    }
+
+    try {
+      const contents = await Storage.get('local', key);
+      res.setHeader(HTTP_HEADERS.CONTENT_TYPE, 'application/octet-stream');
+      res.setStatus(200).send(contents);
+    } catch {
+      res.setStatus(404).json({ message: 'Not Found' });
+    }
+  });
+
   Router.get(router, '/storage/download', async (req, res) => {
     const tokenRaw = req.getQueryParam('token');
     const token = typeof tokenRaw === 'string' ? tokenRaw : '';

package/src/tools/http/Http.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Http.d.ts","sourceRoot":"","sources":["../../../../src/tools/http/Http.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAQH,OAAO,EAAsB,KAAK,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAElF,YAAY,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAE9D,MAAM,MAAM,eAAe,GACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACvB,MAAM,GACN,WAAW,GACX,eAAe,GACf,IAAI,GACJ,QAAQ,GACR,eAAe,CAAC;AAEpB,MAAM,MAAM,qBAAqB,GAAG,QAAQ,CAAC;IAC3C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,eAAe,GAAG,IAAI,GAAG,SAAS,KAAK,aAAa,GAAG,IAAI,GAAG,SAAS,CAAC;CAChG,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,YAAY,CAAC;IACtD,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,YAAY,CAAC;IAC3D,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,QAAQ,GAAG,OAAO,GAAG,YAAY,CAAC;IACnE,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,YAAY,CAAC;IAChE,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,YAAY,CAAC;IACtC,MAAM,IAAI,YAAY,CAAC;IACvB,MAAM,IAAI,YAAY,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,qBAAqB,GAAG,YAAY,CAAC;IACpD,IAAI,IAAI,OAAO,CAAC,aAAa,CAAC,CAAC;IAC/B,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7B,UAAU,IAAI,OAAO,CAAC;QAAE,QAAQ,EAAE,QAAQ,CAAC;QAAC,MAAM,EAAE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAA;KAAE,CAAC,CAAC;CAC1F;AAED;;GAEG;AACH,KAAK,aAAa,GAAG,WAAW,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;AAuXtD;;GAEG;AACH,eAAO,MAAM,UAAU;IACrB;;OAEG;aACM,MAAM,GAAG,YAAY;IAI9B;;OAEG;cACO,MAAM,SAAS,eAAe,GAAG,IAAI,GAAG,YAAY;IAQ9D;;OAEG;aACM,MAAM,SAAS,eAAe,GAAG,IAAI,GAAG,YAAY;IAQ7D;;OAEG;eACQ,MAAM,SAAS,eAAe,GAAG,IAAI,GAAG,YAAY;IAQ/D;;OAEG;gBACS,MAAM,SAAS,eAAe,GAAG,IAAI,GAAG,YAAY;EAOhE,CAAC;AAEH,eAAe,UAAU,CAAC"}
+{"version":3,"file":"Http.d.ts","sourceRoot":"","sources":["../../../../src/tools/http/Http.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAQH,OAAO,EAAsB,KAAK,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAElF,YAAY,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAE9D,MAAM,MAAM,eAAe,GACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACvB,MAAM,GACN,WAAW,GACX,eAAe,GACf,IAAI,GACJ,QAAQ,GACR,eAAe,CAAC;AAEpB,MAAM,MAAM,qBAAqB,GAAG,QAAQ,CAAC;IAC3C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,eAAe,GAAG,IAAI,GAAG,SAAS,KAAK,aAAa,GAAG,IAAI,GAAG,SAAS,CAAC;CAChG,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,YAAY,CAAC;IACtD,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,YAAY,CAAC;IAC3D,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,QAAQ,GAAG,OAAO,GAAG,YAAY,CAAC;IACnE,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,YAAY,CAAC;IAChE,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,YAAY,CAAC;IACtC,MAAM,IAAI,YAAY,CAAC;IACvB,MAAM,IAAI,YAAY,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,qBAAqB,GAAG,YAAY,CAAC;IACpD,IAAI,IAAI,OAAO,CAAC,aAAa,CAAC,CAAC;IAC/B,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7B,UAAU,IAAI,OAAO,CAAC;QAAE,QAAQ,EAAE,QAAQ,CAAC;QAAC,MAAM,EAAE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAA;KAAE,CAAC,CAAC;CAC1F;AAED;;GAEG;AACH,KAAK,aAAa,GAAG,WAAW,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;AA8dtD;;GAEG;AACH,eAAO,MAAM,UAAU;IACrB;;OAEG;aACM,MAAM,GAAG,YAAY;IAI9B;;OAEG;cACO,MAAM,SAAS,eAAe,GAAG,IAAI,GAAG,YAAY;IAQ9D;;OAEG;aACM,MAAM,SAAS,eAAe,GAAG,IAAI,GAAG,YAAY;IAQ7D;;OAEG;eACQ,MAAM,SAAS,eAAe,GAAG,IAAI,GAAG,YAAY;IAQ/D;;OAEG;gBACS,MAAM,SAAS,eAAe,GAAG,IAAI,GAAG,YAAY;EAOhE,CAAC;AAEH,eAAe,UAAU,CAAC"}

package/src/tools/http/Http.js

@@ -80,6 +80,56 @@ const normalizeBodyInit = (body) => {
     }
     return body;
 };
+const hasAuthorizationHeader = (headers) => {
+    return Object.keys(headers).some((name) => name.toLowerCase() === 'authorization');
+};
+const decodeCredentialComponent = (value) => {
+    try {
+        return decodeURIComponent(value);
+    }
+    catch {
+        return value;
+    }
+};
+const encodeBase64Utf8 = (value) => {
+    if (typeof Buffer !== 'undefined') {
+        return Buffer.from(value, 'utf8').toString('base64');
+    }
+    if (typeof globalThis.btoa === 'function') {
+        const bytes = new TextEncoder().encode(value);
+        let binary = '';
+        for (const byte of bytes) {
+            binary += String.fromCodePoint(byte);
+        }
+        return globalThis.btoa(binary);
+    }
+    throw ErrorFactory.createTryCatchError('HTTP basic auth encoding is unavailable');
+};
+const normalizeCredentialUrl = (url, headers) => {
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        return { url, headers };
+    }
+    const username = parsed.username;
+    const password = parsed.password;
+    if (username === '' && password === '') {
+        return { url, headers };
+    }
+    const nextHeaders = { ...headers };
+    if (!hasAuthorizationHeader(nextHeaders)) {
+        const credentials = encodeBase64Utf8(`${decodeCredentialComponent(username)}:${decodeCredentialComponent(password)}`);
+        nextHeaders['Authorization'] = `Basic ${credentials}`;
+    }
+    parsed.username = '';
+    parsed.password = '';
+    return {
+        url: parsed.toString(),
+        headers: nextHeaders,
+    };
+};
 const serializeFormBody = (body) => {
     if (body === null || body === undefined)
         return body;
@@ -153,8 +203,8 @@ const captureTraceResponseBody = async (response) => {
  * Perform the actual request for a given state. Separated to keep the builder small
  */
 async function performRequest(state) {
-    const { response, bodyText, durationMs } = await performRequestRaw(state);
-    Logger.debug(`HTTP ${state.method} ${state.url}`, {
+    const { response, bodyText, durationMs, effectiveState } = await performRequestRaw(state);
+    Logger.debug(`HTTP ${effectiveState.method} ${effectiveState.url}`, {
         status: response.status,
         duration: `${durationMs}ms`,
         size: bodyText.length,
@@ -162,31 +212,45 @@ async function performRequest(state) {
     return createHttpResponse(response, bodyText);
 }
 async function performRequestRaw(state) {
-    const { response, durationMs, requestBody } = await performFetch(state);
+    const { response, durationMs, requestBody, effectiveState } = await performFetch(state);
     const bodyText = await response.text();
-    emitHttpClientTrace({ state, requestBody, response, responseBody: bodyText, durationMs });
-    return { response, bodyText, durationMs, requestBody };
+    emitHttpClientTrace({
+        state: effectiveState,
+        requestBody,
+        response,
+        responseBody: bodyText,
+        durationMs,
+    });
+    return { response, bodyText, durationMs, requestBody, effectiveState };
 }
 async function performFetch(state) {
     const timeout = state.timeout ?? Env.getInt('HTTP_TIMEOUT', 30000);
     const controller = new AbortController();
+    const normalizedTarget = normalizeCredentialUrl(state.url, state.headers);
+    const effectiveState = normalizedTarget.url === state.url && normalizedTarget.headers === state.headers
+        ? state
+        : {
+            ...state,
+            url: normalizedTarget.url,
+            headers: normalizedTarget.headers,
+        };
     let timeoutId;
     if (timeout > 0) {
         timeoutId = globalThis.setTimeout(() => controller.abort(), timeout);
     }
     const buildInit = () => {
         if (OpenTelemetry.isEnabled()) {
-            OpenTelemetry.injectTraceHeaders(state.headers);
+            OpenTelemetry.injectTraceHeaders(effectiveState.headers);
         }
-        const requestBody = serializeRequestBody(state);
+        const requestBody = serializeRequestBody(effectiveState);
         const init = {
-            method: state.method,
-            headers: state.headers,
+            method: effectiveState.method,
+            headers: effectiveState.headers,
             signal: controller.signal,
         };
         if (requestBody !== undefined &&
             requestBody !== null &&
-            ['POST', 'PUT', 'PATCH', 'DELETE'].includes(state.method)) {
+            ['POST', 'PUT', 'PATCH', 'DELETE'].includes(effectiveState.method)) {
             init.body = requestBody;
         }
         return { init, requestBody };
@@ -194,28 +258,28 @@ async function performFetch(state) {
     const startTime = Date.now();
     try {
         const { init, requestBody } = buildInit();
-        const response = await globalThis.fetch(state.url, init);
+        const response = await globalThis.fetch(effectiveState.url, init);
         const duration = Date.now() - startTime;
-        return { response, durationMs: duration, requestBody };
+        return { response, durationMs: duration, requestBody, effectiveState };
     }
     catch (error) {
         const duration = Date.now() - startTime;
         emitHttpClientTrace({
-            state,
-            requestBody: serializeRequestBody(state),
+            state: effectiveState,
+            requestBody: serializeRequestBody(effectiveState),
             durationMs: duration,
             error: error instanceof Error ? error.message : String(error),
         });
         if (error instanceof Error && error.name === 'AbortError') {
             throw ErrorFactory.createConnectionError(`HTTP request timeout after ${timeout}ms`, {
-                url: state.url,
-                method: state.method,
+                url: effectiveState.url,
+                method: effectiveState.method,
                 timeout,
             });
         }
         throw ErrorFactory.createTryCatchError(`HTTP request failed: ${error.message}`, {
-            url: state.url,
-            method: state.method,
+            url: effectiveState.url,
+            method: effectiveState.method,
             error: error instanceof Error ? error.message : String(error),
         });
     }
@@ -225,6 +289,18 @@ async function performFetch(state) {
         }
     }
 }
+async function performFetchWithTrace(state) {
+    const result = await performFetch(state);
+    const responseBody = await captureTraceResponseBody(result.response);
+    emitHttpClientTrace({
+        state: result.effectiveState,
+        requestBody: result.requestBody,
+        response: result.response,
+        responseBody,
+        durationMs: result.durationMs,
+    });
+    return result;
+}
 /**
  * Create request builder with fluent API
  */
@@ -251,7 +327,7 @@ function createRequestBuilder(method, url, initialBody) {
             return self;
         },
         withBasicAuth(username, password) {
-            const credentials = Buffer.from(`${username}:${password}`).toString('base64');
+            const credentials = encodeBase64Utf8(`${username}:${password}`);
             state.headers['Authorization'] = `Basic ${credentials}`;
             return self;
         },
@@ -281,15 +357,11 @@ function createRequestBuilder(method, url, initialBody) {
             return performRequest(state);
         },
         async sendRaw() {
-            const { response, durationMs, requestBody } = await performFetch(state);
-            const responseBody = await captureTraceResponseBody(response);
-            emitHttpClientTrace({ state, requestBody, response, responseBody, durationMs });
+            const { response } = await performFetchWithTrace(state);
             return response;
         },
         async sendStream() {
-            const { response, durationMs, requestBody } = await performFetch(state);
-            const responseBody = await captureTraceResponseBody(response);
-            emitHttpClientTrace({ state, requestBody, response, responseBody, durationMs });
+            const { response } = await performFetchWithTrace(state);
             return { response, stream: response.body };
         },
     };

package/src/zintrust.plugins.d.ts

@@ -1,10 +1,7 @@
 /**
- * ZinTrust plugin auto-imports
- *
- * In real projects, this file is managed by `zin plugin install` and contains
- * side-effect imports (e.g. `@zintrust/db-sqlite/register`) that register
- * optional adapters/drivers into core registries.
- *
+ * Auto-generated fallback module.
+ * This file is created by scripts/ensure-worker-plugins.mjs when missing.
+ * It allows optional runtime plugin imports to resolve in CI/scaffolded setups.
  */
 export type {};
 export declare const __zintrustGeneratedPluginStub = "zintrust.plugins.ts";

package/src/zintrust.plugins.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"zintrust.plugins.d.ts","sourceRoot":"","sources":["../../src/zintrust.plugins.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,YAAY,EAAE,CAAC;AAgBf,eAAO,MAAM,6BAA6B,wBAAwB,CAAC;;AACnE,wBAAkB"}
+{"version":3,"file":"zintrust.plugins.d.ts","sourceRoot":"","sources":["../../src/zintrust.plugins.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,YAAY,EAAE,CAAC;AAgBf,eAAO,MAAM,6BAA6B,wBAAwB,CAAC;;AACnE,wBAAkB"}

package/src/zintrust.plugins.js

@@ -1,10 +1,7 @@
 /**
- * ZinTrust plugin auto-imports
- *
- * In real projects, this file is managed by `zin plugin install` and contains
- * side-effect imports (e.g. `@zintrust/db-sqlite/register`) that register
- * optional adapters/drivers into core registries.
- *
+ * Auto-generated fallback module.
+ * This file is created by scripts/ensure-worker-plugins.mjs when missing.
+ * It allows optional runtime plugin imports to resolve in CI/scaffolded setups.
  */
 import * as TraceRuntime from './runtime/plugins/trace-runtime.js';
 globalThis.__zintrust_system_trace_plugin_requested__ = true;