alepha 0.6.10 → 0.7.1

package/server.d.ts

@@ -1,41 +1,48 @@
 import * as _alepha_core from '@alepha/core';
-import { Static as Static$1, TObject as TObject$1, TSchema as TSchema$1, Async, StreamLike, Alepha, OPTIONS, KIND, FileLike } from '@alepha/core';
+import { Static as Static$1, TObject as TObject$1, TSchema as TSchema$2, Async, StreamLike, Alepha, FileLike, OPTIONS, KIND, Service } from '@alepha/core';
 export { KIND } from '@alepha/core';
-import { UserAccountToken, Permission, SecurityProvider, JwtProvider } from '@alepha/security';
+import * as _alepha_cache from '@alepha/cache';
+import { CacheDescriptorOptions } from '@alepha/cache';
+import { DurationLike, DateTimeProvider } from '@alepha/datetime';
+import { UserAccountToken, Permission, ServiceAccountDescriptor as ServiceAccountDescriptor$1, SecurityProvider, JwtProvider } from '@alepha/security';
 import { IncomingMessage, ServerResponse as ServerResponse$1 } from 'node:http';
 import { Readable } from 'node:stream';
 import { ReadableStream } from 'node:stream/web';
 import { Route, RouterProvider } from '@alepha/router';
-import * as _alepha_cache from '@alepha/cache';
-import { DurationLike } from '@alepha/datetime';
+import * as _alepha_retry from '@alepha/retry';
 import { BusboyConfig } from '@fastify/busboy';
 import * as http from 'http';
 
 /** Symbol key applied to readonly types */
-declare const ReadonlyKind: unique symbol;
+declare const ReadonlyKind$1: unique symbol;
 /** Symbol key applied to optional types */
-declare const OptionalKind: unique symbol;
+declare const OptionalKind$1: unique symbol;
 /** Symbol key applied to types */
-declare const Hint: unique symbol;
+declare const Hint$1: unique symbol;
 /** Symbol key applied to types */
-declare const Kind: unique symbol;
+declare const Kind$1: unique symbol;
+
+interface TAny extends TSchema$1 {
+    [Kind$1]: 'Any';
+    static: any;
+}
 
-type TReadonly<T extends TSchema> = T & {
-    [ReadonlyKind]: 'Readonly';
+type TReadonly<T extends TSchema$1> = T & {
+    [ReadonlyKind$1]: 'Readonly';
 };
 
-type UnionStatic<T extends TSchema[], P extends unknown[]> = {
-    [K in keyof T]: T[K] extends TSchema ? Static<T[K], P> : never;
+type UnionStatic<T extends TSchema$1[], P extends unknown[]> = {
+    [K in keyof T]: T[K] extends TSchema$1 ? Static<T[K], P> : never;
 }[number];
-interface TUnion<T extends TSchema[] = TSchema[]> extends TSchema {
-    [Kind]: 'Union';
+interface TUnion<T extends TSchema$1[] = TSchema$1[]> extends TSchema$1 {
+    [Kind$1]: 'Union';
     static: UnionStatic<T, this['params']>;
     anyOf: T;
 }
 
-type StringFormatOption = 'date-time' | 'time' | 'date' | 'email' | 'idn-email' | 'hostname' | 'idn-hostname' | 'ipv4' | 'ipv6' | 'uri' | 'uri-reference' | 'iri' | 'uuid' | 'iri-reference' | 'uri-template' | 'json-pointer' | 'relative-json-pointer' | 'regex' | ({} & string);
-type StringContentEncodingOption = '7bit' | '8bit' | 'binary' | 'quoted-printable' | 'base64' | ({} & string);
-interface StringOptions extends SchemaOptions {
+type StringFormatOption$1 = 'date-time' | 'time' | 'date' | 'email' | 'idn-email' | 'hostname' | 'idn-hostname' | 'ipv4' | 'ipv6' | 'uri' | 'uri-reference' | 'iri' | 'uuid' | 'iri-reference' | 'uri-template' | 'json-pointer' | 'relative-json-pointer' | 'regex' | ({} & string);
+type StringContentEncodingOption$1 = '7bit' | '8bit' | 'binary' | 'quoted-printable' | 'base64' | ({} & string);
+interface StringOptions$1 extends SchemaOptions$1 {
     /** The maximum string length */
     maxLength?: number;
     /** The minimum string length */
@@ -43,67 +50,80 @@ interface StringOptions extends SchemaOptions {
     /** A regular expression pattern this string should match */
     pattern?: string;
     /** A format this string should match */
-    format?: StringFormatOption;
+    format?: StringFormatOption$1;
     /** The content encoding for this string */
-    contentEncoding?: StringContentEncodingOption;
+    contentEncoding?: StringContentEncodingOption$1;
     /** The content media type for this string */
     contentMediaType?: string;
 }
-interface TString extends TSchema, StringOptions {
-    [Kind]: 'String';
+interface TString$1 extends TSchema$1, StringOptions$1 {
+    [Kind$1]: 'String';
     static: string;
     type: 'string';
 }
 
-interface TBoolean extends TSchema {
-    [Kind]: 'Boolean';
+interface TBoolean extends TSchema$1 {
+    [Kind$1]: 'Boolean';
     static: boolean;
     type: 'boolean';
 }
 
-interface NumberOptions extends SchemaOptions {
+interface NumberOptions extends SchemaOptions$1 {
     exclusiveMaximum?: number;
     exclusiveMinimum?: number;
     maximum?: number;
     minimum?: number;
     multipleOf?: number;
 }
-interface TNumber extends TSchema, NumberOptions {
-    [Kind]: 'Number';
+interface TNumber extends TSchema$1, NumberOptions {
+    [Kind$1]: 'Number';
     static: number;
     type: 'number';
 }
 
-interface IntegerOptions extends SchemaOptions {
+interface IntegerOptions extends SchemaOptions$1 {
     exclusiveMaximum?: number;
     exclusiveMinimum?: number;
     maximum?: number;
     minimum?: number;
     multipleOf?: number;
 }
-interface TInteger extends TSchema, IntegerOptions {
-    [Kind]: 'Integer';
+interface TInteger extends TSchema$1, IntegerOptions {
+    [Kind$1]: 'Integer';
     static: number;
     type: 'integer';
 }
 
-type TOptional<T extends TSchema> = T & {
-    [OptionalKind]: 'Optional';
+type TOptional<T extends TSchema$1> = T & {
+    [OptionalKind$1]: 'Optional';
 };
 
+type RecordStatic<Key extends TSchema$1, Type extends TSchema$1, P extends unknown[]> = (Evaluate<{
+    [_ in Assert<Static<Key>, PropertyKey>]: Static<Type, P>;
+}>);
+interface TRecord<Key extends TSchema$1 = TSchema$1, Type extends TSchema$1 = TSchema$1> extends TSchema$1 {
+    [Kind$1]: 'Record';
+    static: RecordStatic<Key, Type, this['params']>;
+    type: 'object';
+    patternProperties: {
+        [pattern: string]: Type;
+    };
+    additionalProperties: TAdditionalProperties;
+}
+
 /** Creates a static type from a TypeBox type */
-type Static<Type extends TSchema, Params extends unknown[] = [], Result = (Type & {
+type Static<Type extends TSchema$1, Params extends unknown[] = [], Result = (Type & {
     params: Params;
 })['static']> = Result;
 
 type ReadonlyOptionalPropertyKeys<T extends TProperties> = {
-    [K in keyof T]: T[K] extends TReadonly<TSchema> ? (T[K] extends TOptional<T[K]> ? K : never) : never;
+    [K in keyof T]: T[K] extends TReadonly<TSchema$1> ? (T[K] extends TOptional<T[K]> ? K : never) : never;
 }[keyof T];
 type ReadonlyPropertyKeys<T extends TProperties> = {
-    [K in keyof T]: T[K] extends TReadonly<TSchema> ? (T[K] extends TOptional<T[K]> ? never : K) : never;
+    [K in keyof T]: T[K] extends TReadonly<TSchema$1> ? (T[K] extends TOptional<T[K]> ? never : K) : never;
 }[keyof T];
 type OptionalPropertyKeys<T extends TProperties> = {
-    [K in keyof T]: T[K] extends TOptional<TSchema> ? (T[K] extends TReadonly<T[K]> ? never : K) : never;
+    [K in keyof T]: T[K] extends TOptional<TSchema$1> ? (T[K] extends TReadonly<T[K]> ? never : K) : never;
 }[keyof T];
 type RequiredPropertyKeys<T extends TProperties> = keyof Omit<T, ReadonlyOptionalPropertyKeys<T> | ReadonlyPropertyKeys<T> | OptionalPropertyKeys<T>>;
 type ObjectStaticProperties<T extends TProperties, R extends Record<keyof any, unknown>> = Evaluate<(Readonly<Partial<Pick<R, ReadonlyOptionalPropertyKeys<T>>>> & Readonly<Pick<R, ReadonlyPropertyKeys<T>>> & Partial<Pick<R, OptionalPropertyKeys<T>>> & Required<Pick<R, RequiredPropertyKeys<T>>>)>;
@@ -111,9 +131,9 @@ type ObjectStatic<T extends TProperties, P extends unknown[]> = ObjectStaticProp
     [K in keyof T]: Static<T[K], P>;
 }>;
 type TPropertyKey = string | number;
-type TProperties = Record<TPropertyKey, TSchema>;
-type TAdditionalProperties = undefined | TSchema | boolean;
-interface ObjectOptions extends SchemaOptions {
+type TProperties = Record<TPropertyKey, TSchema$1>;
+type TAdditionalProperties = undefined | TSchema$1 | boolean;
+interface ObjectOptions extends SchemaOptions$1 {
     /** Additional property constraints for this object */
     additionalProperties?: TAdditionalProperties;
     /** The minimum number of properties allowed on this object */
@@ -121,8 +141,8 @@ interface ObjectOptions extends SchemaOptions {
     /** The maximum number of properties allowed on this object */
     maxProperties?: number;
 }
-interface TObject<T extends TProperties = TProperties> extends TSchema, ObjectOptions {
-    [Kind]: 'Object';
+interface TObject<T extends TProperties = TProperties> extends TSchema$1, ObjectOptions {
+    [Kind$1]: 'Object';
     static: ObjectStatic<T, this['params']>;
     additionalProperties?: TAdditionalProperties;
     type: 'object';
@@ -130,12 +150,13 @@ interface TObject<T extends TProperties = TProperties> extends TSchema, ObjectOp
     required?: string[];
 }
 
+type Assert<T, E> = T extends E ? T : never;
 type Evaluate<T> = T extends infer O ? {
     [K in keyof O]: O[K];
 } : never;
 type Ensure<T> = T extends infer U ? U : never;
 
-interface ArrayOptions extends SchemaOptions {
+interface ArrayOptions extends SchemaOptions$1 {
     /** The minimum number of items in this array */
     minItems?: number;
     /** The maximum number of items in this array */
@@ -143,21 +164,21 @@ interface ArrayOptions extends SchemaOptions {
     /** Should this schema contain unique items */
     uniqueItems?: boolean;
     /** A schema for which some elements should match */
-    contains?: TSchema;
+    contains?: TSchema$1;
     /** A minimum number of contains schema matches */
     minContains?: number;
     /** A maximum number of contains schema matches */
     maxContains?: number;
 }
-type ArrayStatic<T extends TSchema, P extends unknown[]> = Ensure<Static<T, P>[]>;
-interface TArray<T extends TSchema = TSchema> extends TSchema, ArrayOptions {
-    [Kind]: 'Array';
+type ArrayStatic<T extends TSchema$1, P extends unknown[]> = Ensure<Static<T, P>[]>;
+interface TArray<T extends TSchema$1 = TSchema$1> extends TSchema$1, ArrayOptions {
+    [Kind$1]: 'Array';
     static: ArrayStatic<T, this['params']>;
     type: 'array';
     items: T;
 }
 
-interface SchemaOptions {
+interface SchemaOptions$1 {
     $schema?: string;
     /** Id for this schema */
     $id?: string;
@@ -175,13 +196,13 @@ interface SchemaOptions {
     writeOnly?: boolean;
     [prop: string]: any;
 }
-interface TKind {
-    [Kind]: string;
+interface TKind$1 {
+    [Kind$1]: string;
 }
-interface TSchema extends TKind, SchemaOptions {
-    [ReadonlyKind]?: string;
-    [OptionalKind]?: string;
-    [Hint]?: string;
+interface TSchema$1 extends TKind$1, SchemaOptions$1 {
+    [ReadonlyKind$1]?: string;
+    [OptionalKind$1]?: string;
+    [Hint$1]?: string;
     params: unknown[];
     static: unknown;
 }
@@ -189,6 +210,8 @@ interface TSchema extends TKind, SchemaOptions {
 declare const routeMethods: readonly ["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS", "CONNECT", "TRACE"];
 type RouteMethod = (typeof routeMethods)[number];
 
+type ServiceRouteCache = boolean | DurationLike | Omit<CacheDescriptorOptions<any>, "handler" | "key">;
+
 declare const envSchema$4: TObject$1<{
     SERVER_ALS_ENABLED: TBoolean;
 }>;
@@ -196,6 +219,14 @@ declare module "alepha" {
     interface Env extends Partial<Static$1<typeof envSchema$4>> {
     }
 }
+/**
+ * Main router for all routes on the server side.
+ *
+ * Remember:
+ * - $route => generic route
+ * - $action => action route (for API calls)
+ * - $page => React route (for SSR)
+ */
 declare class ServerRouterProvider extends RouterProvider<ServerRouteWithHandler> {
     protected readonly alepha: Alepha;
     protected readonly env: {
@@ -203,7 +234,7 @@ declare class ServerRouterProvider extends RouterProvider<ServerRouteWithHandler
     };
     createRequestId(): string;
     route<TConfig extends RequestConfigSchema = RequestConfigSchema>(route: ServerRoute<TConfig>): Promise<void>;
-    handle(route: ServerRoute, rawRequest: ServerRawRequest, responseType: ResponseType, withAls: boolean): Promise<ServerResponse>;
+    onRequest(route: ServerRoute, rawRequest: ServerRawRequest, responseType: ResponseType, withAls: boolean): Promise<ServerResponse>;
     protected processRequest(request: ServerRequest, route: ServerRoute, responseType: ResponseType, withAls: boolean): Promise<{
         status: number;
         headers: Record<string, string> & {
@@ -211,7 +242,7 @@ declare class ServerRouterProvider extends RouterProvider<ServerRouteWithHandler
         };
         body: any;
     }>;
-    protected tryRequestProcessing(route: ServerRoute, request: ServerRequest, responseType: ResponseType, withAls: boolean): Promise<void>;
+    protected runRouteHandler(route: ServerRoute, request: ServerRequest, responseType: ResponseType, withAls: boolean): Promise<void>;
     protected getResponseType(schema?: RequestConfigSchema): ResponseType;
     protected errorHandler(route: ServerRoute, request: ServerRequest, error: Error): Promise<void>;
     validateRequest(route: {
@@ -220,14 +251,14 @@ declare class ServerRouterProvider extends RouterProvider<ServerRouteWithHandler
     serializeResponse(route: ServerRoute, reply: ServerReply, responseType: ResponseType): void;
 }
 interface RequestConfigSchema {
-    body?: TSchema$1;
+    body?: TSchema$2;
     params?: TObject$1;
     query?: TObject$1;
     headers?: TObject$1;
-    response?: TSchema$1;
+    response?: TSchema$2;
 }
 interface ServerRequestConfig<TConfig extends RequestConfigSchema = RequestConfigSchema> {
-    body: TConfig["body"] extends TSchema$1 ? Static$1<TConfig["body"]> : any;
+    body: TConfig["body"] extends TSchema$2 ? Static$1<TConfig["body"]> : any;
     headers: TConfig["headers"] extends TObject$1 ? Static$1<TConfig["headers"]> : Record<string, string>;
     params: TConfig["params"] extends TObject$1 ? Static$1<TConfig["params"]> : Record<string, string>;
     query: TConfig["query"] extends TObject$1 ? Static$1<TConfig["query"]> : Record<string, string>;
@@ -248,14 +279,26 @@ interface ServerRequest<TConfig extends RequestConfigSchema = RequestConfigSchem
 }
 interface ServerRoute<TConfig extends RequestConfigSchema = RequestConfigSchema> extends Route {
     method?: RouteMethod;
-    silent?: boolean;
     handler: ServerHandler<TConfig>;
     schema?: TConfig;
+    /**
+     * @see ServerLoggerProvider
+     */
+    silent?: boolean;
+    /**
+     * @see ServerSecurityProvider
+     */
+    secure?: ServerRouteSecure;
+    /**
+     * @see ServerCacheProvider
+     */
+    cache?: ServiceRouteCache;
 }
-type ServerResponseBody<TConfig extends RequestConfigSchema = RequestConfigSchema> = TConfig["response"] extends TSchema$1 ? Static$1<TConfig["response"]> : ResponseBodyType;
+type ServerResponseBody<TConfig extends RequestConfigSchema = RequestConfigSchema> = TConfig["response"] extends TSchema$2 ? Static$1<TConfig["response"]> : ResponseBodyType;
 type ResponseType = "json" | "text" | "void" | "file" | "any";
 type ResponseBodyType = string | Buffer | StreamLike | undefined | null | void;
 type ServerHandler<TConfig extends RequestConfigSchema = RequestConfigSchema> = (request: ServerRequest<TConfig>) => Async<ServerResponseBody<TConfig>>;
+type ServerMiddlewareHandler<TConfig extends RequestConfigSchema = RequestConfigSchema> = (request: ServerRequest<TConfig>) => Async<ServerResponseBody<TConfig> | undefined>;
 interface ServerReply {
     headers: Record<string, string> & {
         "set-cookie"?: string[];
@@ -265,7 +308,7 @@ interface ServerReply {
     redirect(url: string): void;
 }
 interface ServerResponse {
-    body: string | ArrayBuffer | Readable | ReadableStream;
+    body: string | Buffer | ArrayBuffer | Readable | ReadableStream;
     headers: Record<string, string>;
     status: number;
 }
@@ -285,11 +328,152 @@ interface ServerRawRequest {
         };
     };
 }
+type ServerRouteSecure = boolean | {
+    permissions?: string[];
+    roles?: string[];
+    realms?: string[];
+    organizations?: string[];
+};
 
-/**
- * Route descriptor options.
- */
-interface RouteDescriptorOptions<TConfig extends RequestConfigSchema = RequestConfigSchema> extends Omit<ServerRoute, "handler" | "path" | "schema"> {
+declare class ActionDescriptorHelper {
+    name(options: ActionDescriptorOptions, _instance: any, key: string): string;
+    path(options: ActionDescriptorOptions, _instance: any, key: string): string;
+    link(options: ActionDescriptorOptions, instance: any, key: string, prefix?: string): HttpClientLink;
+    method(options: {
+        method?: string;
+        schema?: any;
+    }): RouteMethod;
+    permission(options: ActionDescriptorOptions, instance: any, key: string): Permission;
+    group(options: ActionDescriptorOptions, instance: any): string;
+    isMultipart(options: {
+        schema?: RequestConfigSchema;
+    }): boolean;
+    bodyContentType(options: ActionDescriptorOptions): string | undefined;
+    protected short(name: string): string;
+    fetchLinks(_url: string): void;
+}
+
+declare const apiLinkSchema: TObject<{
+    name: TString$1;
+    path: TString$1;
+    method: TOptional<TString$1>;
+    group: TOptional<TString$1>;
+    requestBodyType: TOptional<TString$1>;
+    service: TOptional<TString$1>;
+}>;
+declare const apiLinksResponseSchema: TObject<{
+    prefix: TOptional<TString$1>;
+    links: TArray<TObject<{
+        name: TString$1;
+        path: TString$1;
+        method: TOptional<TString$1>;
+        group: TOptional<TString$1>;
+        requestBodyType: TOptional<TString$1>;
+        service: TOptional<TString$1>;
+    }>>;
+}>;
+type ApiLinksResponse = Static$1<typeof apiLinksResponseSchema>;
+type ApiLink = Static$1<typeof apiLinkSchema>;
+
+declare class HttpClient {
+    protected readonly log: _alepha_core.Logger;
+    protected readonly alepha: Alepha;
+    protected readonly helper: ActionDescriptorHelper;
+    readonly cache: _alepha_cache.CacheDescriptor<HttpClientCache, any[]>;
+    protected readonly pendingRequests: HttpClientPendingRequests;
+    readonly URL_LINKS = "/api/_links";
+    links?: Array<HttpClientLink>;
+    pushLink(link: HttpClientLink): void;
+    clear(): Promise<void>;
+    fetch<T>(url: string, request?: RequestInit, options?: FetchRunOptions): Promise<FetchResponse<T>>;
+    json<T = any>(url: string, options?: RequestInit): Promise<T>;
+    protected url(host: string, link: HttpClientLink, args: ServerRequestConfigEntry): string;
+    protected body(init: RequestInit, headers: Record<string, string>, link: HttpClientLink, args?: ServerRequestConfigEntry): Promise<void>;
+    protected responseData(response: Response, options: FetchRunOptions): Promise<any>;
+    protected isMaybeFile(response: Response): boolean;
+    protected createFileLike(response: Response, defaultFileName?: string): FileLike;
+    protected pathVariables(url: string, action: HttpClientLink, args?: ServerRequestConfigEntry): string;
+    protected queryParams(url: string, action: {
+        schema?: {
+            query?: TObject$1;
+        };
+    }, args?: ServerRequestConfigEntry): string;
+    /**
+     * Transform a link into a fetch-request then call fetch().
+     */
+    fetchLink(args: FetchLinkArgs): Promise<FetchResponse>;
+    /**
+     * Create a proxy client.
+     * This allows to call actions as methods, e.g. `client.actionName()`.
+     */
+    of<T extends object>(scope?: ClientScope): HttpVirtualClient<T>;
+    protected getLinkByName(name: string, options?: ClientScope): Promise<HttpClientLink>;
+    /**
+     * Resolve a link by its name and call it.
+     * - If link is local, it will call the local handler.
+     * - If link is remote, it will make a fetch request to the remote server.
+     */
+    follow(name: string, config?: Partial<ServerRequestConfigEntry>, options?: ClientRequestOptions & ClientScope): Promise<any>;
+    protected followRemote(link: HttpClientLink, config?: Partial<ServerRequestConfigEntry>, options?: ClientRequestOptions): Promise<FetchResponse>;
+    can(name: string): boolean;
+    getLinks(force?: boolean): Promise<HttpClientLink[]>;
+}
+type HttpClientPendingRequests = Record<string, Promise<any> | undefined>;
+interface FetchFactoryAdditionalOptions {
+    host?: string | (() => string);
+}
+interface FetchRunOptions {
+    /**
+     * Key to identify the request in the pending requests.
+     */
+    key?: string;
+    /**
+     * The schema to validate the response against.
+     */
+    schema?: TSchema$2;
+    /**
+     * Built-in cache options.
+     */
+    cache?: boolean | number | DurationLike;
+}
+interface HttpClientLink extends ApiLink {
+    secured?: boolean;
+    prefix?: string;
+    host?: string;
+    service?: string;
+    schema?: RequestConfigSchema;
+    handler?: ServerHandler;
+}
+interface ClientScope {
+    group?: string;
+    service?: string;
+}
+type HttpVirtualClient<T> = {
+    [K in keyof T as T[K] extends ActionDescriptor ? K : never]: T[K] extends ActionDescriptor<infer Schema> ? T[K] & {
+        can: () => boolean;
+        schema: Schema;
+    } : never;
+};
+interface HttpClientCache {
+    data: any;
+    etag?: string;
+}
+interface FetchResponse<T = any> {
+    data: T;
+    status: number;
+    statusText: string;
+    headers: Headers;
+    raw?: Response;
+}
+interface FetchLinkArgs {
+    link: HttpClientLink;
+    host?: string;
+    config?: ServerRequestConfigEntry;
+    options?: ClientRequestOptions;
+}
+
+declare const KEY$2 = "ACTION";
+interface ActionDescriptorOptions<TConfig extends RequestConfigSchema = RequestConfigSchema> extends Omit<ServerRoute, "handler" | "path" | "schema"> {
     /**
      * Name the route.
      */
@@ -304,6 +488,7 @@ interface RouteDescriptorOptions<TConfig extends RequestConfigSchema = RequestCo
      * If false, disabled the security check for this route.
      *
      * @default true when SecurityModule is enabled, false otherwise.
+     * @deprecated
      */
     security?: boolean;
     /**
@@ -314,7 +499,7 @@ interface RouteDescriptorOptions<TConfig extends RequestConfigSchema = RequestCo
      * Inherit options from another route.
      */
     use?: {
-        [OPTIONS]: RouteDescriptorOptions<TConfig>;
+        [OPTIONS]: ActionDescriptorOptions<TConfig>;
     };
     /**
      * The route method.
@@ -343,80 +528,70 @@ interface RouteDescriptorOptions<TConfig extends RequestConfigSchema = RequestCo
      */
     disabled?: boolean;
     /**
-     * Mark the route as private. It will not be exposed in the API documentation.
+     * Mark the route as private.
+     * - It won't be exposed in the API documentation.
+     * - It won't be exposed in _links.
      */
     internal?: boolean;
     /**
      * Main route handler. This is where the route logic is implemented.
      */
     handler?: ServerHandler<TConfig>;
+    /**
+     * If true, the route will be cached.
+     * - Number as seconds or boolean to enable cache.
+     */
+    cache?: boolean | DurationLike | Omit<CacheDescriptorOptions<any>, "handler" | "key">;
 }
-interface RouteDescriptor<TConfig extends RequestConfigSchema = RequestConfigSchema> {
-    [KIND]: "ROUTE";
-    [OPTIONS]: RouteDescriptorOptions<TConfig>;
+interface ActionDescriptor<TConfig extends RequestConfigSchema = RequestConfigSchema> {
+    [KIND]: typeof KEY$2;
+    [OPTIONS]: ActionDescriptorOptions<TConfig>;
     /**
      * Fetch or just call local route when available.
      */
-    (config?: ClientRequestEntry<TConfig>, opts?: ClientRequestOptions): ClientRequestResponse<TConfig>;
+    (config?: ClientRequestEntry<TConfig>, opts?: ClientRequestOptions): Promise<ClientRequestResponse<TConfig>>;
     /**
      * Just fetch the route. Skip any local route.
      */
-    fetch: (config?: ClientRequestEntry<TConfig>, opts?: ClientRequestOptions) => ClientRequestResponse<TConfig>;
+    fetch: (config?: ClientRequestEntry<TConfig>, opts?: ClientRequestOptions) => Promise<FetchResponse<ClientRequestResponse<TConfig>>>;
     /**
      * Name of the permission required to access this route.
      */
     permission: () => string;
+    /**
+     * Invalidate the cache for this action.
+     * This is only available if the action has cache enabled.
+     */
+    invalidate: () => Promise<void>;
 }
-/**
- * Declare a new route.
- *
- * ```ts
- * class A {
- *   hello = $route({
- *     url: "/hello",
- *     handler: () => "Hello, World!",
- *   });
- * }
- * ```
- *
- * @param options The route options.
- * @returns The route.
- */
-declare const $route: {
-    <TConfig extends RequestConfigSchema>(options: RouteDescriptorOptions<TConfig>): RouteDescriptor<TConfig>;
-    [KIND]: string;
-};
 declare const $action: {
-    <TConfig extends RequestConfigSchema>(options: RouteDescriptorOptions<TConfig>): RouteDescriptor<TConfig>;
+    <TConfig extends RequestConfigSchema>(options: ActionDescriptorOptions<TConfig>): ActionDescriptor<TConfig>;
     [KIND]: string;
 };
 type ClientRequestEntry<TConfig extends RequestConfigSchema = RequestConfigSchema, T = ClientRequestEntryContainer<TConfig>> = {
     [K in keyof T as T[K] extends undefined ? never : K]: T[K];
 };
 type ClientRequestEntryContainer<TConfig extends RequestConfigSchema = RequestConfigSchema> = {
-    body: TConfig["body"] extends TSchema$1 ? Static$1<TConfig["body"]> : undefined;
-    params: TConfig["params"] extends TSchema$1 ? Static$1<TConfig["params"]> : undefined;
-    headers?: TConfig["headers"] extends TSchema$1 ? Static$1<TConfig["headers"]> : undefined;
-    query?: TConfig["query"] extends TSchema$1 ? Partial<Static$1<TConfig["query"]>> : undefined;
+    body: TConfig["body"] extends TSchema$2 ? Static$1<TConfig["body"]> : undefined;
+    params: TConfig["params"] extends TSchema$2 ? Static$1<TConfig["params"]> : undefined;
+    headers?: TConfig["headers"] extends TSchema$2 ? Static$1<TConfig["headers"]> : undefined;
+    query?: TConfig["query"] extends TSchema$2 ? Partial<Static$1<TConfig["query"]>> : undefined;
 };
-interface ClientRequestOptions {
-    /**
-     * Built-in cache options.
-     * Number as seconds or boolean to enable cache.
-     */
-    cache?: number | boolean;
+interface ClientRequestOptions extends FetchRunOptions {
     /**
      * Forward user from the previous request.
+     * If "system", use system user. @see {ServerSecurityProvider.localSystemUser}
+     * If "context", use the user from the current context (e.g. request).
      *
-     * In testing environments, you can pass a partial user token.
+     * @default "system" is provided, else "context" is used.
      */
-    user?: Partial<UserAccountToken>;
+    user?: UserAccountToken | "system" | "context";
     /**
      * Standard request fetch options.
      */
     request?: RequestInit;
 }
-type ClientRequestResponse<TConfig extends RequestConfigSchema> = Promise<TConfig["response"] extends TSchema$1 ? Static$1<TConfig["response"]> : Response>;
+type ClientRequestResponse<TConfig extends RequestConfigSchema> = TConfig["response"] extends TSchema$2 ? Static$1<TConfig["response"]> : any;
 
 declare class HttpError extends Error {
     static toJSON(error: HttpError): {
@@ -450,155 +625,286 @@ declare class HttpError extends Error {
     }, cause?: unknown);
 }
 declare const errorNameByStatus: Record<number, string>;
+declare const isHttpError: (error: unknown) => error is HttpErrorLike;
+interface HttpErrorLike extends Error {
+    status: number;
+}
 
-declare class RouteDescriptorHelper {
-    name(options: RouteDescriptorOptions, instance: any, key: string): string;
-    path(options: RouteDescriptorOptions, instance: any, key: string, prefix?: string): string;
-    link(options: RouteDescriptorOptions, instance: any, key: string, prefix?: string): HttpClientLink;
-    method(options: {
-        method?: string;
-        schema?: any;
-    }): RouteMethod;
-    permission(options: RouteDescriptorOptions, instance: any, key: string, prefix?: string): Permission;
-    group(options: RouteDescriptorOptions, instance: any): string;
-    isMultipart(options: {
-        schema?: RequestConfigSchema;
-    }): boolean;
-    bodyContentType(options: RouteDescriptorOptions): string | undefined;
-    protected short(name: string): string;
+declare const $client: <T extends object>(scope?: ClientScope) => HttpVirtualClient<T>;
+
+type ProxyDescriptorOptions = {
+    path: string;
+    target: string;
+    disabled?: boolean;
+    beforeRequest?: (request: ServerRequest, proxyRequest: RequestInit) => Async<void>;
+    afterResponse?: (request: ServerRequest, proxyResponse: Response) => Async<void>;
+    rewrite?: (url: URL) => void;
+};
+interface ProxyDescriptor {
+    [KIND]: "PROXY";
+    [OPTIONS]: ProxyDescriptorOptions;
 }
+declare const $proxy: {
+    (options: ProxyDescriptorOptions): ProxyDescriptor;
+    [KIND]: string;
+};
 
-declare class HttpClient {
-    protected readonly alepha: Alepha;
-    protected readonly env: {
-        SERVER_API_URL: string;
-        CLIENT_API_PREFIX: string;
-    };
-    protected readonly helper: RouteDescriptorHelper;
-    readonly URL_LINKS = "/_links";
-    readonly cache: _alepha_cache.CacheDescriptor<any, any[]>;
-    links?: Array<HttpClientLink>;
-    protected readonly pendingRequests: HttpClientPendingRequests;
-    json<T = any>(url: string, options?: RequestInit): Promise<T>;
-    clear(): Promise<void>;
-    createFetchFunction(link: HttpClientLink, options?: FetchFactoryAdditionalOptions): (config?: Partial<ClientRequestEntry>, request?: ClientRequestOptions) => Promise<any>;
-    request(args: {
-        config?: ServerRequestConfigEntry;
-        link: HttpClientLink;
-        request?: ClientRequestOptions;
-        host?: string;
-    }): Promise<any>;
-    protected url(host: string, link: HttpClientLink, args: ServerRequestConfigEntry): string;
-    protected body(init: RequestInit, headers: Record<string, string>, link: HttpClientLink, args?: ServerRequestConfigEntry): Promise<void>;
-    fetch<T>(url: string, request: RequestInit, options?: FetchRunOptions): Promise<T>;
+/**
+ * Represents a User Account extracted from JWT.
+ */
+interface UserAccountInfo {
     /**
-     * Parse the response.
-     *
-     * @param response
-     * @param options
-     * @protected
+     * ID of user account. Based on JWT.sub.
      */
-    protected response(response: Response, options: FetchRunOptions): Promise<Response | any>;
-    protected isMaybeFile(response: Response): boolean;
-    protected getFileLike(response: Response, defaultFileName?: string): FileLike;
-    protected pathVariables(url: string, action: HttpClientLink, args?: ServerRequestConfigEntry): string;
-    queryParams(url: string, action: {
-        schema?: {
-            query?: TObject$1;
-        };
-    }, args?: ServerRequestConfigEntry): string;
-    of<T extends object>(options?: {
-        group?: string;
-        host?: string | (() => string);
-    }): HttpVirtualClient<T>;
-    follow(name: string, config?: any, options?: {
-        request?: ClientRequestOptions;
-        group?: string;
-        host?: string | (() => string);
-    }): Promise<any>;
-    can(name: string): boolean;
-    getLinks(opts?: {
-        force?: boolean;
-        host?: string;
-    }): Promise<HttpClientLink[]>;
+    id: string;
+    /**
+     * Represents the roles assigned to a user.
+     */
+    roles?: string[];
+    /**
+     * User full name, if available.
+     */
+    name?: string;
+    /**
+     * User email, if available.
+     */
+    email?: string;
+    /**
+     * User profile picture URL, if available.
+     */
+    picture?: string;
+    /**
+     * Organization ID, if available.
+     */
+    organization?: string;
 }
-type HttpClientPendingRequests = Record<string, Promise<any> | undefined>;
-interface FetchFactoryAdditionalOptions {
-    host?: string | (() => string);
+
+/** Symbol key applied to readonly types */
+declare const ReadonlyKind: unique symbol;
+/** Symbol key applied to optional types */
+declare const OptionalKind: unique symbol;
+/** Symbol key applied to types */
+declare const Hint: unique symbol;
+/** Symbol key applied to types */
+declare const Kind: unique symbol;
+
+type StringFormatOption = 'date-time' | 'time' | 'date' | 'email' | 'idn-email' | 'hostname' | 'idn-hostname' | 'ipv4' | 'ipv6' | 'uri' | 'uri-reference' | 'iri' | 'uuid' | 'iri-reference' | 'uri-template' | 'json-pointer' | 'relative-json-pointer' | 'regex' | ({} & string);
+type StringContentEncodingOption = '7bit' | '8bit' | 'binary' | 'quoted-printable' | 'base64' | ({} & string);
+interface StringOptions extends SchemaOptions {
+    /** The maximum string length */
+    maxLength?: number;
+    /** The minimum string length */
+    minLength?: number;
+    /** A regular expression pattern this string should match */
+    pattern?: string;
+    /** A format this string should match */
+    format?: StringFormatOption;
+    /** The content encoding for this string */
+    contentEncoding?: StringContentEncodingOption;
+    /** The content media type for this string */
+    contentMediaType?: string;
 }
-interface FetchRunOptions {
-    schema?: TSchema$1;
-    raw?: boolean;
-    cache?: boolean | DurationLike;
+interface TString extends TSchema, StringOptions {
+    [Kind]: 'String';
+    static: string;
+    type: 'string';
 }
-interface HttpClientLink {
-    method: RouteMethod;
-    path: string;
-    name: string;
-    group?: string;
-    contentType?: string;
-    protected?: boolean;
-    schema?: RequestConfigSchema;
-    handler?: ServerHandler;
-    host?: string;
-    proxy?: boolean;
+
+interface SchemaOptions {
+    $schema?: string;
+    /** Id for this schema */
+    $id?: string;
+    /** Title of this schema */
+    title?: string;
+    /** Description of this schema */
+    description?: string;
+    /** Default value for this schema */
+    default?: any;
+    /** Example values matching this schema */
+    examples?: any;
+    /** Optional annotation for readOnly */
+    readOnly?: boolean;
+    /** Optional annotation for writeOnly */
+    writeOnly?: boolean;
+    [prop: string]: any;
+}
+interface TKind {
+    [Kind]: string;
+}
+interface TSchema extends TKind, SchemaOptions {
+    [ReadonlyKind]?: string;
+    [OptionalKind]?: string;
+    [Hint]?: string;
+    params: unknown[];
+    static: unknown;
+}
+
+declare const envSchema$3: _alepha_core.TObject<{
+    SECURITY_SECRET_KEY: TString;
+}>;
+interface ServiceAccountDescriptor {
+    token: () => Promise<string>;
+}
+declare module "alepha/core" {
+    interface Env extends Partial<Static$1<typeof envSchema$3>> {
+    }
+}
+
+declare module "@alepha/core" {
+    interface Hooks {
+        "security:user:created": {
+            realm: string;
+            user: UserAccountInfo;
+        };
+    }
 }
-type HttpVirtualClient<T> = {
-    [K in keyof T as T[K] extends RouteDescriptor ? K : never]: T[K] & {
-        can: () => boolean;
-    };
-};
 
-declare const REMOTE_DESCRIPTOR_KEY = "REMOTE";
+declare const KEY$1 = "REMOTE";
 interface RemoteDescriptorOptions {
     /**
      * The URL of the remote service.
+     * You can use a function to generate the URL dynamically.
+     * You probably should use $inject(env) to get the URL from the environment.
+     *
+     * @example
+     * ```ts
+     * import { $remote } from "@alepha/server";
+     * import { $inject, t } from "@alepha/core";
+     *
+     * class App {
+     *   env = $inject(t.object({
+     *     REMOTE_URL: t.string({default: "http://localhost:3000"}),
+     *   }));
+     *   remote = $remote({
+     *     url: this.env.REMOTE_URL,
+     *   });
+     * }
+     * ```
      */
     url: string | (() => string);
-    /**
-     * @default "/api/_links"
-     */
-    linkPath?: string;
-    /**
-     * If true, all methods of the remote service will be exposed as actions.
-     */
-    proxy?: boolean | {
-        beforeRequest?: (request: ServerRequest, proxyRequest: RequestInit) => Async<void>;
-        afterResponse?: (request: ServerRequest, proxyResponse: Response) => Async<void>;
-        rewrite?: (url: URL) => void;
-    };
-    /**
-     * One or many instance of classes to be registered as remote services.
-     * Services must contain some $action() descriptors.
-     */
-    services?: object | Array<object>;
     /**
      * The name of the remote service.
      *
      * @default Member of the class containing the remote service.
      */
     name?: string;
+    /**
+     * If true, all methods of the remote service will be exposed as actions in this context.
+     * > Note: Proxy will never use the service account, it just... proxies the request.
+     */
+    proxy?: boolean | Partial<ProxyDescriptorOptions & {
+        /**
+         * If true, the remote service won't be available internally, only through the proxy.
+         */
+        noInternal: boolean;
+    }>;
+    /**
+     * For communication between the server and the remote service with a security layer.
+     * This will be used for internal communication and will not be exposed to the client.
+     */
+    serviceAccount?: ServiceAccountDescriptor;
 }
 interface RemoteDescriptor {
-    [KIND]: typeof REMOTE_DESCRIPTOR_KEY;
+    [KIND]: typeof KEY$1;
     [OPTIONS]: RemoteDescriptorOptions;
 }
+/**
+ * $remote is a descriptor that allows you to define a remote service access.
+ *
+ * Use it only when you have 2 or more services that need to communicate with each other.
+ *
+ * All remote services can be exposed as actions, ... or not.
+ *
+ * You can add a service account if you want to use a security layer.
+ */
 declare const $remote: {
     (options: RemoteDescriptorOptions): RemoteDescriptor;
     [KIND]: string;
 };
 
+declare const KEY = "ROUTE";
+interface RouteDescriptorOptions<TConfig extends RequestConfigSchema = RequestConfigSchema> extends ServerRoute<TConfig> {
+}
+type RouteDescriptor<TConfig extends RequestConfigSchema = RequestConfigSchema> = {
+    [KIND]: typeof KEY;
+    [OPTIONS]: RouteDescriptorOptions<TConfig>;
+};
+declare const $route: {
+    <TConfig extends RequestConfigSchema = RequestConfigSchema>(options: RouteDescriptorOptions<TConfig>): RouteDescriptor<TConfig>;
+    [KIND]: string;
+};
+
+declare class BadRequestError extends HttpError {
+    constructor(message?: string, cause?: unknown);
+}
+
+declare class ConflictError extends HttpError {
+    constructor(message?: string, cause?: unknown);
+}
+
+declare class ForbiddenError extends HttpError {
+    constructor(message?: string, cause?: unknown);
+}
+
+declare class NotFoundError extends HttpError {
+    constructor(message?: string, cause?: unknown);
+}
+
+declare class UnauthorizedError extends HttpError {
+    constructor(message?: string, cause?: unknown);
+}
+
+declare class ValidationError extends HttpError {
+    constructor(message?: string, cause?: unknown);
+}
+
+/**
+ * Register `/health` endpoint.
+ *
+ * - Provides basic health information about the server.
+ */
+declare class ServerHealthProvider {
+    protected readonly dateTimeProvider: DateTimeProvider;
+    protected readonly alepha: Alepha;
+    readonly health: RouteDescriptor<{
+        response: TObject<{
+            message: TString$1;
+            uptime: TNumber;
+            date: TString$1;
+            ready: TBoolean;
+        }>;
+    }>;
+}
+
+declare class ProxyDescriptorProvider {
+    protected readonly log: _alepha_core.Logger;
+    protected readonly routerProvider: ServerRouterProvider;
+    protected readonly alepha: Alepha;
+    readonly configure: _alepha_core.HookDescriptor<"configure">;
+    createProxyHandler(options: Omit<ProxyDescriptorOptions, "path">): ServerHandler;
+    proxy(options: ProxyDescriptorOptions): Promise<void>;
+    private getRawRequestBody;
+}
+
 declare class ServerProvider {
     constructor();
     get hostname(): string;
 }
 
-declare const envSchema$3: _alepha_core.TObject<{
-    SERVER_API_PREFIX: TString;
+declare const envSchema$2: _alepha_core.TObject<{
+    SERVER_API_PREFIX: TString$1;
     SERVER_SECURITY_ENABLED: TBoolean;
 }>;
-declare module "alepha/core" {
-    interface Env extends Partial<Static$1<typeof envSchema$3>> {
+declare module "@alepha/core" {
+    interface Env extends Partial<Static$1<typeof envSchema$2>> {
+    }
+    interface State {
+        /**
+         * Real (or fake) user account, used for internal actions.
+         * If you define this, you assume that all actions are executed by this user by default.
+         * And to force a different user, you need to pass it explicitly in the options.
+         */
+        "ServerSecurityProvider.localSystemUser"?: UserAccountToken;
     }
 }
 declare class ServerActionDescriptorProvider {
@@ -610,130 +916,110 @@ declare class ServerActionDescriptorProvider {
     };
     protected readonly client: HttpClient;
     protected readonly serverProvider: ServerProvider;
-    protected readonly helper: RouteDescriptorHelper;
+    protected readonly helper: ActionDescriptorHelper;
     protected readonly routerProvider: ServerRouterProvider;
-    protected readonly remotes: Array<ServerRemote>;
     protected readonly actions: ServerRouteAction[];
     getActions(): ServerRouteAction<RequestConfigSchema>[];
+    getPrefix(): string;
     readonly configure: _alepha_core.HookDescriptor<"configure">;
-    registerRemote(value: RemoteDescriptor, key: string): Promise<void>;
-    loadRemoteLinks: (options: RemoteDescriptorOptions) => Promise<Promise<void>>;
-    proxy(url: string, link: HttpClientLink, options: {
-        beforeRequest?: (request: ServerRequest, proxyRequest: RequestInit) => Async<void>;
-        afterResponse?: (request: ServerRequest, proxyResponse: Response) => Async<void>;
-        rewrite?: (url: URL) => void;
-    }): Promise<void>;
-    private getRawRequestBody;
-    registerAction(value: RouteDescriptor, key: string, instance: any, prefix?: string): Promise<void>;
-    /**
-     * When your action has no handler, it's considered as an 'API'.
-     * Instead of creating an http route, create a bridge to a local or remote function.
-     *
-     * ```ts
-     * class Api {
-     *   hello = $action(); // <- route 'Api'
-     * }
-     *
-     * class Controller {
-     *   api = $inject(Api);
-     *   hello = $action({ // <-- route
-     *     use: this.api.hello,
-     *     handler: () => new Response("Hello world"),
-     *   })
-     * }
-     *
-     * const api = alepha.get(Api);
-     *
-     * api.hello(); // <-- call the local controller function if available
-     *
-     * // or with $remote
-     * class Remotes {
-     *   api = $remote({ url: "http://localhost:8080", services: [Api] });
-     * }
-     *
-     * // or with future auto-discovery
-     * ```
-     */
-    registerActionApi(routeDescriptor: RouteDescriptor, instance: any, key: string): void;
+    registerAction(value: ActionDescriptor, key: string, instance: any, prefix?: string): Promise<void>;
     /**
      * Check a mock function for the specified route.
      *
      * This is mostly used for testing purposes.
-     *
-     * @param value
-     * @param permission
-     * @protected
      */
-    protected createLocalFunction(value: RouteDescriptor, permission: Permission): (config?: ServerRequestConfigEntry, options?: ClientRequestOptions) => Promise<any>;
+    protected createLocalFunction(action: ActionDescriptorOptions, permission: Permission): (config?: ServerRequestConfigEntry, options?: ClientRequestOptions) => Promise<any>;
     /**
-     * Security adapted for local function.
+     * Get the user account token for a local action call.
+     * It will check the options, context, and system user.
      */
     protected getUserFromLocalFunctionContext(options: {
-        user?: Partial<UserAccountToken>;
-    }, permission: Permission, security: boolean): UserAccountToken | undefined;
-    /**
-     * TODO: remove it, this is a hack for testing purposes
-     */
-    protected createSystemUser(): UserAccountToken;
+        user?: UserAccountToken | "system" | "context";
+    }, permission: Permission, isRouteSecure: boolean): UserAccountToken | undefined;
 }
 declare const isServerAction: (value: any) => value is ServerRouteAction;
 interface ServerRemote {
     url: string;
-    services: object[];
     name: string;
     proxy: boolean;
+    internal: boolean;
+    links: (args: {
+        authorization?: string;
+    }) => Promise<ApiLinksResponse>;
+    schema: (args: {
+        name: string;
+        authorization?: string;
+    }) => Promise<any>;
+    serviceAccount?: ServiceAccountDescriptor$1;
+    prefix: string;
 }
 interface ServerRouteAction<TConfig extends RequestConfigSchema = RequestConfigSchema> extends ServerRoute<TConfig> {
+    prefix: string;
     method: RouteMethod;
     name: string;
     group: string;
     permission: Permission;
-    options: RouteDescriptorOptions;
+    options: ActionDescriptorOptions;
 }
 
-declare const envSchema$2: _alepha_core.TObject<{
-    SERVER_API_URL: TString;
-}>;
-declare module "@alepha/core" {
-    interface Env extends Partial<Static$1<typeof envSchema$2>> {
-    }
-}
-declare class BrowserActionDescriptorProvider {
-    protected readonly log: _alepha_core.Logger;
+declare class RemoteDescriptorProvider {
+    static path: {
+        apiLinks: string;
+    };
     protected readonly alepha: Alepha;
     protected readonly client: HttpClient;
-    protected readonly env: {
-        SERVER_API_URL: string;
-    };
-    protected readonly helper: RouteDescriptorHelper;
-    readonly configure: _alepha_core.HookDescriptor<"configure">;
-    configureActions(): void;
-    registerAction(value: RouteDescriptor, instance: any, key: string): void;
-}
-
-declare class ServerSecurityProvider {
+    protected readonly proxyProvider: ProxyDescriptorProvider;
+    protected readonly remotes: Array<ServerRemote>;
     protected readonly log: _alepha_core.Logger;
-    protected readonly securityProvider: SecurityProvider;
-    protected readonly jwtProvider: JwtProvider;
-    protected readonly alepha: Alepha;
-    readonly onClientRequest: _alepha_core.HookDescriptor<"client:onRequest">;
-    protected readonly onRequest: _alepha_core.HookDescriptor<"server:onRequest">;
-    protected readonly onRoute: _alepha_core.HookDescriptor<"server:onRoute">;
+    getRemotes(): ServerRemote[];
+    readonly configure: _alepha_core.HookDescriptor<"configure">;
+    readonly start: _alepha_core.HookDescriptor<"start">;
+    registerRemote(value: RemoteDescriptor, key: string): Promise<void>;
+    protected readonly fetchLinks: _alepha_retry.RetryDescriptor<(opts: {
+        service: string;
+        url: string;
+        authorization?: string;
+    }) => Promise<{
+        prefix?: string | undefined;
+        links: {
+            group?: string | undefined;
+            method?: string | undefined;
+            requestBodyType?: string | undefined;
+            service?: string | undefined;
+            path: string;
+            name: string;
+        }[];
+    }>>;
 }
 
 declare class ServerLinksProvider {
     protected readonly alepha: Alepha;
     protected readonly client: HttpClient;
+    protected readonly remoteProvider: RemoteDescriptorProvider;
+    protected readonly serverActionDescriptorProvider: ServerActionDescriptorProvider;
     readonly links: RouteDescriptor<{
-        response: TArray<TObject<{
-            name: TString;
-            method: TOptional<TString>;
-            path: TOptional<TString>;
-            group: TOptional<TString>;
-            protected: TOptional<TBoolean>;
-            contentType: TOptional<TString>;
-        }>>;
+        response: TObject<{
+            prefix: TOptional<TString$1>;
+            links: TArray<TObject<{
+                name: TString$1;
+                path: TString$1;
+                method: TOptional<TString$1>;
+                group: TOptional<TString$1>;
+                requestBodyType: TOptional<TString$1>;
+                service: TOptional<TString$1>;
+            }>>;
+        }>;
     }>;
+    readonly schema: RouteDescriptor<{
+        params: TObject<{
+            name: TString$1;
+        }>;
+        response: TRecord<TString$1, TAny>;
+    }>;
+    getLinks(options: {
+        user?: UserAccountToken;
+        authorization?: string;
+    }): Promise<ApiLinksResponse>;
 }
 
 declare class ServerLoggerProvider {
@@ -745,7 +1031,7 @@ declare class ServerLoggerProvider {
 }
 
 declare class ServerMultipartProvider {
-    protected readonly helper: RouteDescriptorHelper;
+    protected readonly helper: ActionDescriptorHelper;
     protected readonly alepha: Alepha;
     readonly onRequest: _alepha_core.HookDescriptor<"server:onRequest">;
     readonly onSend: _alepha_core.HookDescriptor<"server:onResponse">;
@@ -767,21 +1053,44 @@ interface HybridFile extends FileLike {
         tmpPath: string;
     };
 }
+
 /**
- * Create a file-like object from various sources.
+ * On every request, this provider checks if the server is ready.
+ *
+ * If the server is not ready, it responds with a 503 status code and a message indicating that the server is not ready yet.
+ *
+ * The response also includes a `Retry-After` header indicating that the client should retry after 5 seconds.
  */
-declare const file: (source: string | Buffer | ArrayBuffer | StreamLike, options?: {
-    type?: string;
-    name?: string;
-}) => FileLike;
-declare const bufferToStream: (buffer: Buffer) => Readable;
-declare const streamToBuffer: (stream: Readable) => Promise<Buffer>;
-declare const bufferToArrayBuffer: (buffer: Buffer) => ArrayBuffer;
-declare const getContentType: (filename: string) => string;
+declare class ServerNotReadyProvider {
+    protected readonly alepha: Alepha;
+    readonly onRequest: _alepha_core.HookDescriptor<"server:onRequest">;
+}
+
+declare class ServerSecurityProvider {
+    protected readonly log: _alepha_core.Logger;
+    protected readonly securityProvider: SecurityProvider;
+    protected readonly jwtProvider: JwtProvider;
+    protected readonly alepha: Alepha;
+    readonly onClientRequest: _alepha_core.HookDescriptor<"client:onRequest">;
+    protected readonly onRequest: _alepha_core.HookDescriptor<"server:onRequest">;
+    protected readonly onRoute: _alepha_core.HookDescriptor<"server:onRoute">;
+}
+
+type TimingMap = Record<string, [number, number]>;
+declare class ServerTimingProvider {
+    protected readonly log: _alepha_core.Logger;
+    protected readonly alepha: Alepha;
+    readonly onRequest: _alepha_core.HookDescriptor<"server:onRequest">;
+    readonly onResponse: _alepha_core.HookDescriptor<"server:onResponse">;
+    protected get handlerName(): string;
+    beginTiming(name: string): void;
+    endTiming(name: string): void;
+    protected setDuration(name: string, timing: TimingMap): void;
+}
 
 declare const envSchema$1: _alepha_core.TObject<{
     SERVER_PORT: TNumber;
-    SERVER_HOST: TString;
+    SERVER_HOST: TString$1;
 }>;
 declare module "@alepha/core" {
     interface Env extends Partial<Static$1<typeof envSchema$1>> {
@@ -798,6 +1107,7 @@ declare class NodeHttpServerProvider implements ServerProvider {
     protected readonly server: http.Server<typeof IncomingMessage, typeof ServerResponse$1>;
     handle(req: IncomingMessage, res: ServerResponse$1): Promise<number | void>;
     createRouterRequest(req: IncomingMessage, res: ServerResponse$1, params?: Record<string, string>): ServerRawRequest;
+    getProtocol(req: IncomingMessage): "http" | "https";
     shouldHaveBody(method: string): boolean;
     get hostname(): string;
     readonly start: _alepha_core.HookDescriptor<"start">;
@@ -807,49 +1117,28 @@ declare class NodeHttpServerProvider implements ServerProvider {
 }
 
 declare const errorSchema: TObject<{
-    error: TString;
+    error: TString$1;
     status: TNumber;
-    message: TString;
-    details: TOptional<TString>;
+    message: TString$1;
+    details: TOptional<TString$1>;
     cause: TOptional<TObject<{
-        name: TString;
-        message: TString;
+        name: TString$1;
+        message: TString$1;
     }>>;
 }>;
 
 declare const okSchema: TObject<{
     ok: TBoolean;
-    id: TOptional<TUnion<[TString, TInteger]>>;
+    id: TOptional<TUnion<[TString$1, TInteger]>>;
     count: TOptional<TNumber>;
 }>;
 type Ok = Static$1<typeof okSchema>;
 
-declare class BadRequestError extends HttpError {
-    constructor(message?: string, cause?: unknown);
-}
-
-declare class ConflictError extends HttpError {
-    constructor(message?: string, cause?: unknown);
-}
-
-declare class ForbiddenError extends HttpError {
-    constructor(message?: string, cause?: unknown);
-}
-
-declare class NotFoundError extends HttpError {
-    constructor(message?: string, cause?: unknown);
-}
-
-declare class UnauthorizedError extends HttpError {
-    constructor(message?: string, cause?: unknown);
-}
-
-declare class ValidationError extends HttpError {
-    constructor(message?: string, cause?: unknown);
-}
-
 declare const envSchema: _alepha_core.TObject<{
     SERVER_LINKS_ENABLED: TBoolean;
+    SERVER_HEALTH_ENABLED: TBoolean;
+    SERVER_NOT_READY_ENABLED: TBoolean;
+    SERVER_TIMING_ENABLED: TOptional<TBoolean>;
 }>;
 declare module "@alepha/core" {
     interface Hooks {
@@ -897,11 +1186,15 @@ declare module "@alepha/core" {
     }
 }
 declare class ServerModule {
+    static plugins: Array<Service>;
     protected readonly env: {
+        SERVER_TIMING_ENABLED?: boolean | undefined;
         SERVER_LINKS_ENABLED: boolean;
+        SERVER_HEALTH_ENABLED: boolean;
+        SERVER_NOT_READY_ENABLED: boolean;
     };
     protected readonly alepha: Alepha;
     constructor();
 }
 
-export { $action, $remote, $route, BadRequestError, BrowserActionDescriptorProvider, type ClientRequestEntry, type ClientRequestEntryContainer, type ClientRequestOptions, type ClientRequestResponse, ConflictError, type FetchFactoryAdditionalOptions, type FetchRunOptions, ForbiddenError, HttpClient, type HttpClientLink, type HttpClientPendingRequests, HttpError, type HttpVirtualClient, NodeHttpServerProvider, NotFoundError, type Ok, REMOTE_DESCRIPTOR_KEY, type RemoteDescriptor, type RemoteDescriptorOptions, type RequestConfigSchema, type ResponseBodyType, type ResponseType, type RouteDescriptor, type RouteDescriptorOptions, type RouteMethod, ServerActionDescriptorProvider, type ServerHandler, ServerLinksProvider, ServerLoggerProvider, ServerModule, ServerMultipartProvider, ServerProvider, type ServerRawRequest, type ServerRemote, type ServerReply, type ServerRequest, type ServerRequestConfig, type ServerRequestConfigEntry, type ServerResponse, type ServerResponseBody, type ServerRoute, type ServerRouteAction, type ServerRouteWithHandler, ServerRouterProvider, ServerSecurityProvider, UnauthorizedError, ValidationError, bufferToArrayBuffer, bufferToStream, errorNameByStatus, errorSchema, file, getContentType, isServerAction, okSchema, routeMethods, streamToBuffer };
+export { $action, $client, $proxy, $remote, $route, type ActionDescriptor, type ActionDescriptorOptions, type ApiLink, type ApiLinksResponse, BadRequestError, type ClientRequestEntry, type ClientRequestEntryContainer, type ClientRequestOptions, type ClientRequestResponse, type ClientScope, ConflictError, type FetchFactoryAdditionalOptions, type FetchLinkArgs, type FetchResponse, type FetchRunOptions, ForbiddenError, HttpClient, type HttpClientLink, type HttpClientPendingRequests, HttpError, type HttpErrorLike, type HttpVirtualClient, NodeHttpServerProvider, NotFoundError, type Ok, type ProxyDescriptor, type ProxyDescriptorOptions, ProxyDescriptorProvider, type RemoteDescriptor, type RemoteDescriptorOptions, RemoteDescriptorProvider, type RequestConfigSchema, type ResponseBodyType, type ResponseType, type RouteDescriptor, type RouteDescriptorOptions, type RouteMethod, ServerActionDescriptorProvider, type ServerHandler, ServerHealthProvider, ServerLinksProvider, ServerLoggerProvider, type ServerMiddlewareHandler, ServerModule, ServerMultipartProvider, ServerNotReadyProvider, ServerProvider, type ServerRawRequest, type ServerRemote, type ServerReply, type ServerRequest, type ServerRequestConfig, type ServerRequestConfigEntry, type ServerResponse, type ServerResponseBody, type ServerRoute, type ServerRouteAction, type ServerRouteSecure, type ServerRouteWithHandler, ServerRouterProvider, ServerSecurityProvider, ServerTimingProvider, UnauthorizedError, ValidationError, apiLinkSchema, apiLinksResponseSchema, errorNameByStatus, errorSchema, isHttpError, isServerAction, okSchema, routeMethods };