alepha 0.15.0 → 0.15.1

package/src/logger/providers/PrettyFormatterProvider.ts

@@ -107,15 +107,6 @@ export class PrettyFormatterProvider extends LogFormatterProvider {
       return "";
     }
 
-    if (this.alepha.isViteDev()) {
-      // Node.js - try to fix stack trace with Vite SSR helper
-      // Actually, it works only because we have a global helper in viteAlephaDev.ts
-      const gl = globalThis as Record<string, unknown>;
-      if (typeof gl === "object" && typeof gl.ssrFixStacktrace === "function") {
-        gl.ssrFixStacktrace(error);
-      }
-    }
-
     let str = error.stack ?? error.message;
 
     const anyError = error as any;

package/src/mcp/errors/McpError.ts

@@ -2,6 +2,16 @@ import { JsonRpcErrorCodes } from "../helpers/jsonrpc.ts";
 
 // ---------------------------------------------------------------------------------------------------------------------
 
+/**
+ * MCP-specific error codes (application-specific codes in the -32000 to -32099 range).
+ */
+export const McpErrorCodes = {
+  UNAUTHORIZED: -32001,
+  FORBIDDEN: -32003,
+} as const;
+
+// ---------------------------------------------------------------------------------------------------------------------
+
 export class McpError extends Error {
   name = "McpError";
   code: number;
@@ -70,3 +80,23 @@ export class McpInvalidParamsError extends McpError {
     super(message, JsonRpcErrorCodes.INVALID_PARAMS);
   }
 }
+
+// ---------------------------------------------------------------------------------------------------------------------
+
+export class McpUnauthorizedError extends McpError {
+  name = "McpUnauthorizedError";
+
+  constructor(message = "Unauthorized") {
+    super(message, McpErrorCodes.UNAUTHORIZED);
+  }
+}
+
+// ---------------------------------------------------------------------------------------------------------------------
+
+export class McpForbiddenError extends McpError {
+  name = "McpForbiddenError";
+
+  constructor(message = "Forbidden") {
+    super(message, McpErrorCodes.FORBIDDEN);
+  }
+}

package/src/mcp/index.ts

@@ -10,11 +10,14 @@ import { StdioMcpTransport } from "./transports/StdioMcpTransport.ts";
 
 export {
   McpError,
+  McpErrorCodes,
+  McpForbiddenError,
   McpInvalidParamsError,
   McpMethodNotFoundError,
   McpPromptNotFoundError,
   McpResourceNotFoundError,
   McpToolNotFoundError,
+  McpUnauthorizedError,
 } from "./errors/McpError.ts";
 export {
   createErrorResponse,

package/src/mcp/transports/SseMcpTransport.ts

@@ -115,6 +115,11 @@ export class SseMcpTransport {
     secure: false,
     schema: {
       body: t.json(),
+      query: t.object({
+        token: t.optional(
+          t.text({ description: "API token for authentication" }),
+        ),
+      }),
     },
     handler: async (request) => {
       try {
@@ -131,12 +136,17 @@ export class SseMcpTransport {
         const rpcRequest = parseMessage(body);
 
         // Build context from request headers
-        const context: McpContext = {
-          headers: request.headers as Record<
-            string,
-            string | string[] | undefined
-          >,
-        };
+        const headers = { ...request.headers } as Record<
+          string,
+          string | string[] | undefined
+        >;
+
+        // Support token as query parameter (for clients that can't set headers)
+        if (request.query.token && !headers.authorization) {
+          headers.authorization = `Bearer ${request.query.token}`;
+        }
+
+        const context: McpContext = { headers };
 
         const response = await this.mcpServer.handleMessage(
           rpcRequest,

package/src/orm/providers/DrizzleKitProvider.ts

@@ -47,9 +47,7 @@ export class DrizzleKitProvider {
       await this.saveDevMigrations(provider, snapshot, entry);
     }
 
-    this.log.info(
-      `Db '${provider.name}' synchronization OK [${Date.now() - now}ms]`,
-    );
+    this.log.info(`Sync with '${provider.name}' OK [${Date.now() - now}ms]`);
   }
 
   /**
@@ -81,8 +79,8 @@ export class DrizzleKitProvider {
         };
       }
 
-      const prev = prevSnapshot ?? (await kit.generateDrizzleJson({}));
-      const curr = await kit.generateDrizzleJson(models);
+      const prev = prevSnapshot ?? kit.generateDrizzleJson({});
+      const curr = kit.generateDrizzleJson(models);
       return {
         models,
         statements: await kit.generateMigration(prev, curr),

package/src/orm/services/Repository.ts

@@ -69,6 +69,17 @@ export abstract class Repository<T extends TObject> {
   protected readonly dateTimeProvider = $inject(DateTimeProvider);
   protected readonly alepha = $inject(Alepha);
 
+  static of<T extends TObject>(
+    entity: EntityPrimitive<T>,
+    provider = DatabaseProvider,
+  ): new () => Repository<T> {
+    return class InlineRepository extends Repository<T> {
+      constructor() {
+        super(entity, provider);
+      }
+    };
+  }
+
   constructor(entity: EntityPrimitive<T>, provider = DatabaseProvider) {
     this.entity = entity;
     this.provider = this.alepha.inject(provider);

package/src/server/core/index.ts

@@ -141,7 +141,7 @@ export const AlephaServer = $module({
     ServerRouterProvider,
   ],
   register: (alepha: Alepha) => {
-    if (!alepha.isServerless() && !alepha.isViteDev()) {
+    if (!alepha.isServerless()) {
       if (alepha.isBun()) {
         alepha.with({
           optional: true,

package/src/server/core/providers/BunHttpServerProvider.ts

@@ -107,7 +107,7 @@ export class BunHttpServerProvider extends ServerProvider {
         },
       });
 
-      this.log.info(`Server listening on ${this.hostname}`);
+      this.log.info(`Server listening on ${this.hostname}/`);
     } catch (err) {
       this.log.error("Failed to start Bun server", err);
       throw err;

package/src/server/core/providers/NodeHttpServerProvider.spec.ts

@@ -0,0 +1,125 @@
+import { Alepha } from "alepha";
+import { afterEach, describe, expect, test } from "vitest";
+import { NodeHttpServerProvider } from "./NodeHttpServerProvider.ts";
+
+describe("NodeHttpServerProvider", () => {
+  describe("graceful shutdown", () => {
+    let alepha: Alepha;
+    let server: NodeHttpServerProvider;
+
+    afterEach(async () => {
+      await alepha?.stop().catch(() => {});
+    });
+
+    test("dev mode: destroys connections immediately on close", async () => {
+      alepha = Alepha.create({ env: { NODE_ENV: "development" } });
+      alepha.with(NodeHttpServerProvider);
+
+      await alepha.start();
+      server = alepha.inject(NodeHttpServerProvider);
+
+      // Make a request to establish connection
+      await fetch(`${server.hostname}/`);
+
+      const startTime = Date.now();
+      await alepha.stop();
+      const elapsed = Date.now() - startTime;
+
+      // Should close instantly (under 100ms)
+      expect(elapsed).toBeLessThan(100);
+      expect(server.getConnectionsCount()).toBe(0);
+    });
+
+    test("production mode: waits for connections then closes", async () => {
+      alepha = Alepha.create({ env: { NODE_ENV: "production" } });
+      alepha.with(NodeHttpServerProvider);
+
+      await alepha.start();
+      server = alepha.inject(NodeHttpServerProvider);
+      server.options.shutdownTimeout = 500;
+
+      // Make a request to establish keep-alive connection
+      await fetch(`${server.hostname}/`);
+
+      const startTime = Date.now();
+      await alepha.stop();
+      const elapsed = Date.now() - startTime;
+
+      // In production, should not be instant (waits for graceful close or timeout)
+      // But should complete within timeout
+      expect(elapsed).toBeLessThan(server.options.shutdownTimeout + 100);
+      expect(server.getConnectionsCount()).toBe(0);
+    });
+
+    test("production mode: forces close after timeout", async () => {
+      alepha = Alepha.create({ env: { NODE_ENV: "production" } });
+      alepha.with(NodeHttpServerProvider);
+
+      await alepha.start();
+      server = alepha.inject(NodeHttpServerProvider);
+      server.options.shutdownTimeout = 50;
+
+      // Make a request to establish connection
+      await fetch(`${server.hostname}/`);
+
+      const startTime = Date.now();
+      await alepha.stop();
+      const elapsed = Date.now() - startTime;
+
+      // Should close around timeout
+      expect(elapsed).toBeLessThan(200);
+      expect(server.getConnectionsCount()).toBe(0);
+    });
+
+    test("connections are tracked and cleared", async () => {
+      alepha = Alepha.create({ env: { NODE_ENV: "development" } });
+      alepha.with(NodeHttpServerProvider);
+
+      await alepha.start();
+      server = alepha.inject(NodeHttpServerProvider);
+
+      // Make multiple requests
+      await fetch(`${server.hostname}/`);
+      await fetch(`${server.hostname}/`);
+
+      await alepha.stop();
+
+      // All connections cleared after stop
+      expect(server.getConnectionsCount()).toBe(0);
+    });
+
+    test("rejects new requests during shutdown", async () => {
+      alepha = Alepha.create({ env: { NODE_ENV: "production" } });
+      alepha.with(NodeHttpServerProvider);
+
+      await alepha.start();
+      server = alepha.inject(NodeHttpServerProvider);
+      server.options.shutdownTimeout = 500;
+
+      // Establish a connection to keep server busy
+      await fetch(`${server.hostname}/`);
+
+      // Start shutdown (don't await yet)
+      const stopPromise = alepha.stop();
+
+      // Give server.close() time to be called
+      await new Promise((r) => setTimeout(r, 10));
+
+      // New request should fail (server no longer accepting connections)
+      let error: Error | null = null;
+      try {
+        await fetch(`${server.hostname}/`, {
+          signal: AbortSignal.timeout(100),
+        });
+      } catch (e) {
+        error = e as Error;
+      }
+
+      // Should get a connection error (ECONNREFUSED or similar)
+      expect(error).not.toBeNull();
+
+      // Wait for shutdown to complete
+      await stopPromise;
+    });
+  });
+});

package/src/server/core/providers/NodeHttpServerProvider.ts

@@ -4,6 +4,7 @@ import {
   type Server,
   type ServerResponse,
 } from "node:http";
+import type { Socket } from "node:net";
 import { $env, $hook, $inject, Alepha, type Static, t } from "alepha";
 import { DateTimeProvider } from "alepha/datetime";
 import { $logger } from "alepha/logger";
@@ -34,6 +35,24 @@ export class NodeHttpServerProvider extends ServerProvider {
   protected readonly env = $env(envSchema);
   protected readonly router = $inject(ServerRouterProvider);
 
+  /** Track active connections for fast shutdown */
+  protected readonly connections = new Set<Socket>();
+
+  /** Get number of active connections */
+  public getConnectionsCount(): number {
+    return this.connections.size;
+  }
+
+  /** Server options */
+  public readonly options = {
+    /**
+     * Graceful shutdown timeout in ms.
+     * After this, remaining connections are forcefully closed.
+     * @default 30000
+     */
+    shutdownTimeout: 10000,
+  };
+
   public get hostname(): string {
     if (this.server.listening) {
       const address = this.server.address();
@@ -45,10 +64,7 @@ export class NodeHttpServerProvider extends ServerProvider {
   }
 
   // Pre-bound error handler to avoid function allocation per request
-  protected readonly handleRequestError = (
-    res: import("node:http").ServerResponse,
-    err: Error,
-  ) => {
+  protected readonly handleRequestError = (res: ServerResponse, err: Error) => {
     this.log.error("Error handling request", err);
     res.statusCode = 500;
     res.end("Internal Server Error");
@@ -83,25 +99,27 @@ export class NodeHttpServerProvider extends ServerProvider {
   protected createHttpServer(
     func: (req: IncomingMessage, res: ServerResponse) => void,
   ): Server {
-    return createServer(
+    const server = createServer(
       {
         // nov 25 - keep connections alive for better performance, cuz we http/1.1 by default
         keepAlive: this.alepha.isProduction(),
       },
       func,
     );
+
+    // Track connections for fast shutdown
+    server.on("connection", (socket) => {
+      this.connections.add(socket);
+      socket.on("close", () => this.connections.delete(socket));
+    });
+
+    return server;
   }
 
   protected readonly stop = $hook({
     on: "stop",
     handler: async () => {
-      if (this.alepha.isProduction()) {
-        await this.close();
-        return;
-      }
-
-      // do not await in development & test
-      this.close().catch(() => {});
+      await this.close();
     },
   });
 
@@ -115,7 +133,7 @@ export class NodeHttpServerProvider extends ServerProvider {
 
     await new Promise<void>((resolve, reject) => {
       this.server?.listen(port, this.env.SERVER_HOST, () => {
-        this.log.info(`Server listening on ${this.hostname}`);
+        this.log.info(`Server listening on ${this.hostname}/`);
         resolve();
       });
 
@@ -126,18 +144,49 @@ export class NodeHttpServerProvider extends ServerProvider {
   }
 
   protected async close() {
-    const promise = new Promise<void>((resolve, reject) => {
-      this.server?.close((err) => {
-        if (err) {
-          reject(err);
-        } else {
-          resolve();
-        }
-      });
+    // Dev/Test: instant shutdown (destroy connections immediately)
+    // Production: graceful shutdown (wait for requests to complete, then close)
+    if (!this.alepha.isProduction()) {
+      this.destroyAllConnections();
+    }
+
+    // Stop accepting new connections
+    const closePromise = new Promise<void>((resolve, reject) => {
+      this.server?.close((err) => (err ? reject(err) : resolve()));
     });
 
-    await Promise.race([this.dateTimeProvider.wait(2000), promise]);
+    if (this.alepha.isProduction() && this.connections.size > 0) {
+      // In production, wait for connections with timeout
+      const timeout = this.options.shutdownTimeout;
+
+      // Set up timeout to force-close connections
+      const timeoutId = setTimeout(() => {
+        if (this.connections.size > 0) {
+          this.log.warn(
+            `Shutdown timeout (${timeout}ms) reached, forcing ${this.connections.size} connections to close`,
+          );
+          // Destroy sockets - this triggers 'close' events which eventually resolves closePromise
+          for (const socket of this.connections) {
+            socket.destroy();
+          }
+        }
+      }, timeout);
+
+      // Wait for server to fully close (all connections closed)
+      await closePromise;
+      clearTimeout(timeoutId);
+      this.connections.clear();
+    } else {
+      await closePromise;
+    }
 
     this.log.info("Server closed");
   }
+
+  protected destroyAllConnections() {
+    for (const socket of this.connections) {
+      socket.destroy();
+    }
+    this.connections.clear();
+  }
 }

package/src/server/core/providers/ServerLoggerProvider.ts

@@ -9,7 +9,7 @@ export class ServerLoggerProvider {
     on: "server:onRequest",
     priority: "first",
     handler: ({ route, request }) => {
-      if (route.silent) {
+      if (route.silent || request.metadata.vite) {
         return;
       }
 
@@ -44,7 +44,7 @@ export class ServerLoggerProvider {
     on: "server:onResponse",
     priority: "last",
     handler: ({ route, request, response }) => {
-      if (route.silent) {
+      if (route.silent || request.metadata.vite) {
         return;
       }
 

package/src/server/core/providers/ServerProvider.ts

@@ -140,14 +140,6 @@ export class ServerProvider {
     }
   }
 
-  /**
-   * Extract pathname from URL without creating URL object.
-   */
-  protected getPathname(rawUrl: string): string {
-    const qIndex = rawUrl.indexOf("?");
-    return qIndex === -1 ? rawUrl : rawUrl.slice(0, qIndex);
-  }
-
   public get hostname(): string {
     if (this.alepha.isViteDev()) {
       return `http://localhost:${this.alepha.env.SERVER_PORT}`;
@@ -185,11 +177,11 @@ export class ServerProvider {
     const rawUrl = req.url!;
     const { route, params } = this.router.match(`/${req.method}${rawUrl}`);
 
-    if (this.isViteNotFound(rawUrl, route, params)) {
-      return;
-    }
-
     if (!route) {
+      // Skip if response was already sent (e.g., by Vite middleware)
+      if (res.headersSent) {
+        return;
+      }
       // if no route is found, return basic 404
       // note: you should not use this in production, use a custom 404 page instead by adding a route /*
       res.writeHead(404, { "content-type": "text/plain" });
@@ -221,6 +213,11 @@ export class ServerProvider {
       .handler(request)
       .catch(this.handleInternalError);
 
+    // Skip if response was already sent (e.g., by Vite middleware)
+    if (res.headersSent) {
+      return;
+    }
+
     // empty body - just send status & headers
     if (!response.body) {
       res.writeHead(response.status, response.headers).end();

package/src/server/links/atoms/apiLinksAtom.ts

@@ -0,0 +1,7 @@
+import { $atom, t } from "alepha";
+import { apiLinksResponseSchema } from "../schemas/apiLinksResponseSchema.ts";
+
+export const apiLinksAtom = $atom({
+  name: "alepha.server.request.apiLinks",
+  schema: t.optional(apiLinksResponseSchema),
+});

package/src/server/links/index.browser.ts

@@ -1,4 +1,5 @@
 import { $module } from "alepha";
+import { apiLinksAtom } from "./atoms/apiLinksAtom.ts";
 import { $client } from "./primitives/$client.ts";
 import { $remote } from "./primitives/$remote.ts";
 import { LinkProvider } from "./providers/LinkProvider.ts";
@@ -14,6 +15,7 @@ export * from "./schemas/apiLinksResponseSchema.ts";
 
 export const AlephaServerLinks = $module({
   name: "alepha.server.links",
+  atoms: [apiLinksAtom],
   primitives: [$remote, $client],
   services: [LinkProvider],
 });

package/src/server/links/index.ts

@@ -1,6 +1,7 @@
 import "alepha/security";
 import { $module } from "alepha";
 import { AlephaServer } from "alepha/server";
+import { apiLinksAtom } from "./atoms/apiLinksAtom.ts";
 import { $client } from "./primitives/$client.ts";
 import { $remote } from "./primitives/$remote.ts";
 import { LinkProvider } from "./providers/LinkProvider.ts";
@@ -46,6 +47,7 @@ declare module "alepha" {
  */
 export const AlephaServerLinks = $module({
   name: "alepha.server.links",
+  atoms: [apiLinksAtom],
   primitives: [$remote, $client],
   services: [
     AlephaServer,

package/src/vite/index.ts

@@ -1,15 +1,16 @@
 import type { Alepha } from "alepha";
 
 // Helpers (for advanced use)
-export * from "./helpers/boot.ts";
 export * from "./helpers/createBufferedLogger.ts";
+export * from "./helpers/importVite.ts";
+export * from "./helpers/importViteReact.ts";
 // Plugins (public API)
-export * from "./plugins/viteAlephaDev.ts";
 export * from "./plugins/viteAlephaSsrPreload.ts";
 export * from "./plugins/viteCompress.ts";
 // Tasks (for CLI integration)
 export * from "./tasks/index.ts";
 
 declare global {
+  var __alepha: Alepha;
   var __cli_alepha: Alepha;
 }

package/src/vite/tasks/buildClient.ts

@@ -103,7 +103,6 @@ export async function buildClient(opts: BuildClientOptions): Promise<void> {
       outDir: opts.dist,
       // Generate manifest for SSR module preloading
       manifest: true,
-      ssrManifest: true,
       rollupOptions: {
         output: {
           entryFileNames: "entry.[hash].js",