alepha 0.9.4 → 0.10.0

package/server.d.ts

@@ -1,13 +1,13 @@
-import * as _alepha_core1 from "alepha";
-import { Alepha, AlephaError, Async, Descriptor, FileLike, KIND, Static, StreamLike, TObject, TSchema } from "alepha";
-import * as _alepha_logger0 from "alepha/logger";
+import * as _alepha_core11 from "alepha";
+import { Alepha, AlephaError, Async, Descriptor, FileLike, KIND, Static, StreamLike, TArray, TFile, TObject, TRecord, TSchema, TStream, TString, TVoid } from "alepha";
+import * as _alepha_logger3 from "alepha/logger";
 import { Readable } from "node:stream";
 import { ReadableStream } from "node:stream/web";
 import { Route, RouterProvider } from "alepha/router";
 import * as _alepha_cache0 from "alepha/cache";
 import { IncomingMessage, ServerResponse as ServerResponse$1 } from "node:http";
 import { DateTimeProvider, DurationLike } from "alepha/datetime";
-import * as _sinclair_typebox7 from "@sinclair/typebox";
+import * as typebox0 from "typebox";
 import * as http0 from "http";
 
 //#region src/constants/routeMethods.d.ts
@@ -15,15 +15,31 @@ declare const routeMethods: readonly ["GET", "POST", "PUT", "PATCH", "DELETE", "
 type RouteMethod = (typeof routeMethods)[number];
 //#endregion
 //#region src/helpers/ServerReply.d.ts
+/**
+ * Helper for building server replies.
+ */
 declare class ServerReply {
   headers: Record<string, string> & {
     "set-cookie"?: string[];
   };
   status?: number;
   body?: any;
+  /**
+   * Redirect to a given URL with optional status code (default 302).
+   */
   redirect(url: string, status?: number): void;
-  setStatus(status: number): void;
-  setHeader(name: string, value: string): void;
+  /**
+   * Set the response status code.
+   */
+  setStatus(status: number): this;
+  /**
+   * Set a response header.
+   */
+  setHeader(name: string, value: string): this;
+  /**
+   * Set the response body.
+   */
+  setBody(body: any): this;
 }
 //#endregion
 //#region src/services/UserAgentParser.d.ts
@@ -43,15 +59,17 @@ declare class UserAgentParser {
 }
 //#endregion
 //#region src/interfaces/ServerRequest.d.ts
+type TRequestBody = TObject | TString | TArray | TRecord | TStream;
+type TResponseBody = TObject | TString | TRecord | TFile | TArray | TStream | TVoid;
 interface RequestConfigSchema {
-  body?: TSchema;
+  body?: TRequestBody;
   params?: TObject;
   query?: TObject;
   headers?: TObject;
-  response?: TSchema;
+  response?: TResponseBody;
 }
 interface ServerRequestConfig<TConfig extends RequestConfigSchema = RequestConfigSchema> {
-  body: TConfig["body"] extends TSchema ? Static<TConfig["body"]> : any;
+  body: TConfig["body"] extends TRequestBody ? Static<TConfig["body"]> : any;
   headers: TConfig["headers"] extends TObject ? Static<TConfig["headers"]> : Record<string, string>;
   params: TConfig["params"] extends TObject ? Static<TConfig["params"]> : Record<string, string>;
   query: TConfig["query"] extends TObject ? Static<TConfig["query"]> : Record<string, string>;
@@ -60,7 +78,16 @@ type ServerRequestConfigEntry<TConfig extends RequestConfigSchema = RequestConfi
 interface ServerRequest<TConfig extends RequestConfigSchema = RequestConfigSchema> extends ServerRequestConfig<TConfig> {
   method: RouteMethod;
   url: URL;
+  requestId: string;
+  /**
+   * Client IP address.
+   * Will parse `X-Forwarded-For` header if present.
+   */
   ip?: string;
+  /**
+   * Value of the `Host` header sent by the client.
+   */
+  host?: string;
   /**
    * Browser user agent information.
    * Information are not guaranteed to be accurate. Use with caution.
@@ -69,10 +96,26 @@ interface ServerRequest<TConfig extends RequestConfigSchema = RequestConfigSchem
    */
   userAgent: UserAgentInfo;
   metadata: Record<string, any>;
+  /**
+   * Reply object to be used to send response.
+   */
   reply: ServerReply;
+  /**
+   * Raw request and response objects from platform.
+   * You should avoid using this property as much as possible to keep your code platform-agnostic.
+   */
   raw: {
+    /**
+     * Node.js request and response objects.
+     */
     node?: {
+      /**
+       * Node.js IncomingMessage object. (request)
+       */
       req: IncomingMessage;
+      /**
+       * Node.js ServerResponse object. (response)
+       */
       res: ServerResponse$1;
     };
   };
@@ -86,18 +129,18 @@ interface ServerRoute<TConfig extends RequestConfigSchema = RequestConfigSchema>
    */
   silent?: boolean;
 }
-type ServerResponseBody<TConfig extends RequestConfigSchema = RequestConfigSchema> = TConfig["response"] extends TSchema ? Static<TConfig["response"]> : ResponseBodyType;
+type ServerResponseBody<TConfig extends RequestConfigSchema = RequestConfigSchema> = TConfig["response"] extends TResponseBody ? Static<TConfig["response"]> : ResponseBodyType;
 type ResponseKind = "json" | "text" | "void" | "file" | "any";
 type ResponseBodyType = string | Buffer | StreamLike | undefined | null | void;
 type ServerHandler<TConfig extends RequestConfigSchema = RequestConfigSchema> = (request: ServerRequest<TConfig>) => Async<ServerResponseBody<TConfig>>;
-type ServerMiddlewareHandler<TConfig extends RequestConfigSchema = RequestConfigSchema> = (request: ServerRequest<TConfig>) => Async<ServerResponseBody<TConfig> | undefined>;
 interface ServerResponse {
   body: string | Buffer | ArrayBuffer | Readable | ReadableStream;
   headers: Record<string, string>;
   status: number;
 }
+type ServerRouteRequestHandler = (request: ServerRawRequest) => Promise<ServerResponse>;
 interface ServerRouteMatcher extends Route {
-  handler: (request: ServerRawRequest) => Promise<ServerResponse>;
+  handler: ServerRouteRequestHandler;
 }
 interface ServerRawRequest {
   method: RouteMethod;
@@ -120,13 +163,26 @@ declare abstract class ServerProvider {
   protected isViteNotFound(url?: string, route?: Route, params?: Record<string, string>): boolean;
 }
 //#endregion
+//#region src/services/ServerRequestParser.d.ts
+declare class ServerRequestParser {
+  protected readonly alepha: Alepha;
+  protected readonly userAgentParser: UserAgentParser;
+  createServerRequest(rawRequest: ServerRawRequest): ServerRequest;
+  getRequestId(request: ServerRawRequest): string | undefined;
+  getRequestUserAgent(request: ServerRawRequest): UserAgentInfo;
+  getRequestIp(request: ServerRawRequest): string | undefined;
+}
+//#endregion
 //#region src/providers/ServerTimingProvider.d.ts
 type TimingMap = Record<string, [number, number]>;
 declare class ServerTimingProvider {
-  protected readonly log: _alepha_logger0.Logger;
+  protected readonly log: _alepha_logger3.Logger;
   protected readonly alepha: Alepha;
-  readonly onRequest: _alepha_core1.HookDescriptor<"server:onRequest">;
-  readonly onResponse: _alepha_core1.HookDescriptor<"server:onResponse">;
+  options: {
+    disabled: boolean;
+  };
+  readonly onRequest: _alepha_core11.HookDescriptor<"server:onRequest">;
+  readonly onResponse: _alepha_core11.HookDescriptor<"server:onResponse">;
   protected get handlerName(): string;
   beginTiming(name: string): void;
   endTiming(name: string): void;
@@ -145,11 +201,9 @@ declare class ServerRouterProvider extends RouterProvider<ServerRouteMatcher> {
   protected readonly alepha: Alepha;
   protected readonly routes: ServerRoute[];
   protected readonly serverTimingProvider: ServerTimingProvider;
-  protected readonly userAgentParser: UserAgentParser;
+  protected readonly serverRequestParser: ServerRequestParser;
   getRoutes(): ServerRoute[];
   createRoute<TConfig extends RequestConfigSchema = RequestConfigSchema>(route: ServerRoute<TConfig>): void;
-  onRequest(route: ServerRoute, rawRequest: ServerRawRequest, responseKind: ResponseKind): Promise<ServerResponse>;
-  protected getClientIp(request: ServerRawRequest): string | undefined;
   protected processRequest(request: ServerRequest, route: ServerRoute, responseKind: ResponseKind): Promise<{
     status: number;
     headers: Record<string, string> & {
@@ -168,16 +222,14 @@ declare class ServerRouterProvider extends RouterProvider<ServerRouteMatcher> {
 //#endregion
 //#region src/services/HttpClient.d.ts
 declare class HttpClient {
-  protected readonly log: _alepha_logger0.Logger;
+  protected readonly log: _alepha_logger3.Logger;
   protected readonly alepha: Alepha;
   readonly cache: _alepha_cache0.CacheDescriptorFn<HttpClientCache, any[]>;
   protected readonly pendingRequests: HttpClientPendingRequests;
-  clear(): Promise<void>;
   fetchAction(args: FetchActionArgs): Promise<FetchResponse>;
   fetch<T>(url: string, request?: RequestInit,
   // standard options
   options?: FetchOptions): Promise<FetchResponse<T>>;
-  json<T = any>(url: string, options?: RequestInit): Promise<T>;
   protected url(host: string, action: HttpAction, args: ServerRequestConfigEntry): string;
   protected body(init: RequestInit, headers: Record<string, string>, action: HttpAction, args?: ServerRequestConfigEntry): Promise<void>;
   protected responseData(response: Response, options: FetchOptions): Promise<any>;
@@ -234,28 +286,547 @@ interface HttpAction {
   schema?: {
     params?: TObject;
     query?: TObject;
-    body?: TSchema;
-    response?: TSchema;
+    body?: TRequestBody;
+    response?: TResponseBody;
   };
 }
 //#endregion
 //#region src/descriptors/$action.d.ts
 /**
- * Create an action endpoint.
+ * Creates a server action descriptor for defining type-safe HTTP endpoints.
+ *
+ * Server actions are the core building blocks for REST APIs in the Alepha framework. They provide
+ * a declarative way to define HTTP endpoints with full TypeScript type safety, automatic schema
+ * validation, and integrated security features. Actions automatically handle routing, request
+ * parsing, response serialization, and OpenAPI documentation generation.
+ *
+ * **Key Features**
+ *
+ * - **Type Safety**: Full TypeScript inference for request/response types
+ * - **Schema Validation**: Automatic validation using TypeBox schemas
+ * - **Auto-routing**: Convention-based URL generation with customizable paths
+ * - **Multiple Invocation**: Call directly (`run()`) or via HTTP (`fetch()`)
+ * - **OpenAPI Integration**: Automatic documentation generation
+ * - **Security Integration**: Built-in authentication and authorization support
+ * - **Content Type Detection**: Automatic handling of JSON, form-data, and plain text
+ *
+ * **URL Generation**
+ *
+ * By default, actions are prefixed with `/api` (configurable via `SERVER_API_PREFIX`):
+ * - Property name becomes the endpoint path
+ * - Path parameters are automatically detected from schema
+ * - HTTP method defaults to GET, or POST if body schema is provided
+ *
+ * **Use Cases**
+ *
+ * Perfect for building robust REST APIs:
+ * - CRUD operations with full type safety
+ * - File upload and download endpoints
+ * - Real-time data processing APIs
+ * - Integration with external services
+ * - Microservice communication
+ * - Admin and management interfaces
+ *
+ * @example
+ * **Basic CRUD operations:**
+ * ```ts
+ * import { $action } from "alepha/server";
+ * import { t } from "alepha";
+ *
+ * class UserController {
+ *   // GET /api/users
+ *   getUsers = $action({
+ *     description: "Retrieve all users with pagination",
+ *     schema: {
+ *       query: t.object({
+ *         page: t.optional(t.number({ default: 1 })),
+ *         limit: t.optional(t.number({ default: 10, maximum: 100 })),
+ *         search: t.optional(t.string())
+ *       }),
+ *       response: t.object({
+ *         users: t.array(t.object({
+ *           id: t.string(),
+ *           name: t.string(),
+ *           email: t.string(),
+ *           createdAt: t.datetime()
+ *         })),
+ *         total: t.number(),
+ *         hasMore: t.boolean()
+ *       })
+ *     },
+ *     handler: async ({ query }) => {
+ *       const { page, limit, search } = query;
+ *       const users = await this.userService.findUsers({ page, limit, search });
+ *
+ *       return {
+ *         users: users.items,
+ *         total: users.total,
+ *         hasMore: (page * limit) < users.total
+ *       };
+ *     }
+ *   });
+ *
+ *   // POST /api/users
+ *   createUser = $action({
+ *     description: "Create a new user account",
+ *     schema: {
+ *       body: t.object({
+ *         name: t.string({ minLength: 2, maxLength: 100 }),
+ *         email: t.string({ format: "email" }),
+ *         password: t.string({ minLength: 8 }),
+ *         role: t.optional(t.enum(["user", "admin"]))
+ *       }),
+ *       response: t.object({
+ *         id: t.string(),
+ *         name: t.string(),
+ *         email: t.string(),
+ *         role: t.string(),
+ *         createdAt: t.datetime()
+ *       })
+ *     },
+ *     handler: async ({ body }) => {
+ *       // Password validation and hashing
+ *       await this.authService.validatePassword(body.password);
+ *       const hashedPassword = await this.authService.hashPassword(body.password);
+ *
+ *       // Create user with default role
+ *       const user = await this.userService.create({
+ *         ...body,
+ *         password: hashedPassword,
+ *         role: body.role || "user"
+ *       });
+ *
+ *       // Return user without password
+ *       const { password, ...publicUser } = user;
+ *       return publicUser;
+ *     }
+ *   });
+ *
+ *   // GET /api/users/:id
+ *   getUser = $action({
+ *     description: "Retrieve user by ID",
+ *     schema: {
+ *       params: t.object({
+ *         id: t.string()
+ *       }),
+ *       response: t.object({
+ *         id: t.string(),
+ *         name: t.string(),
+ *         email: t.string(),
+ *         role: t.string(),
+ *         profile: t.optional(t.object({
+ *           bio: t.string(),
+ *           avatar: t.string({ format: "uri" }),
+ *           location: t.string()
+ *         }))
+ *       })
+ *     },
+ *     handler: async ({ params }) => {
+ *       const user = await this.userService.findById(params.id);
+ *       if (!user) {
+ *         throw new Error(`User not found: ${params.id}`);
+ *       }
+ *       return user;
+ *     }
+ *   });
+ *
+ *   // PUT /api/users/:id
+ *   updateUser = $action({
+ *     method: "PUT",
+ *     description: "Update user information",
+ *     schema: {
+ *       params: t.object({ id: t.string() }),
+ *       body: t.object({
+ *         name: t.optional(t.string({ minLength: 2 })),
+ *         email: t.optional(t.string({ format: "email" })),
+ *         profile: t.optional(t.object({
+ *           bio: t.optional(t.string()),
+ *           avatar: t.optional(t.string({ format: "uri" })),
+ *           location: t.optional(t.string())
+ *         }))
+ *       }),
+ *       response: t.object({
+ *         id: t.string(),
+ *         name: t.string(),
+ *         email: t.string(),
+ *         updatedAt: t.datetime()
+ *       })
+ *     },
+ *     handler: async ({ params, body }) => {
+ *       const updatedUser = await this.userService.update(params.id, body);
+ *       return updatedUser;
+ *     }
+ *   });
+ * }
+ * ```
+ *
+ * @example
+ * **File upload with multipart form data:**
+ * ```ts
+ * class FileController {
+ *   uploadAvatar = $action({
+ *     method: "POST",
+ *     description: "Upload user avatar image",
+ *     schema: {
+ *       body: t.object({
+ *         file: t.file({
+ *           maxSize: 5 * 1024 * 1024, // 5MB
+ *           allowedMimeTypes: ["image/jpeg", "image/png", "image/webp"]
+ *         }),
+ *         userId: t.string()
+ *       }),
+ *       response: t.object({
+ *         url: t.string({ format: "uri" }),
+ *         size: t.number(),
+ *         mimeType: t.string(),
+ *         uploadedAt: t.datetime()
+ *       })
+ *     },
+ *     handler: async ({ body }) => {
+ *       const { file, userId } = body;
+ *
+ *       // Validate file
+ *       await this.fileService.validateImage(file);
+ *
+ *       // Generate unique filename
+ *       const filename = `avatars/${userId}/${Date.now()}-${file.name}`;
+ *
+ *       // Upload to storage
+ *       const uploadResult = await this.storageService.upload(filename, file);
+ *
+ *       // Update user profile
+ *       await this.userService.updateAvatar(userId, uploadResult.url);
  *
- * By default, all actions are prefixed by `/api`.
- * If `name` is not provided, the action will be named after the property key.
- * If `path` is not provided, the action will be named after the function name.
+ *       return {
+ *         url: uploadResult.url,
+ *         size: file.size,
+ *         mimeType: file.type,
+ *         uploadedAt: new Date().toISOString()
+ *       };
+ *     }
+ *   });
+ *
+ *   downloadFile = $action({
+ *     method: "GET",
+ *     description: "Download file by ID",
+ *     schema: {
+ *       params: t.object({ id: t.string() }),
+ *       query: t.object({
+ *         download: t.optional(t.boolean()),
+ *         thumbnail: t.optional(t.boolean())
+ *       }),
+ *       response: t.file()
+ *     },
+ *     handler: async ({ params, query, reply, user }) => {
+ *       const file = await this.fileService.findById(params.id);
+ *       if (!file) {
+ *         throw new Error("File not found");
+ *       }
+ *
+ *       // Check permissions
+ *       await this.fileService.checkAccess(params.id, user.id);
+ *
+ *       const fileBuffer = query.thumbnail
+ *         ? await this.fileService.getThumbnail(file.id)
+ *         : await this.fileService.getBuffer(file.path);
+ *
+ *       // Set appropriate headers
+ *       reply.header("Content-Type", file.mimeType);
+ *       reply.header("Content-Length", fileBuffer.length);
+ *
+ *       if (query.download) {
+ *         reply.header("Content-Disposition", `attachment; filename="${file.name}"`);
+ *       }
+ *
+ *       return fileBuffer;
+ *     }
+ *   });
+ * }
+ * ```
  *
  * @example
+ * **Advanced API with custom paths and grouped operations:**
  * ```ts
- * class MyController {
- *   hello = $action({
- *     handler: () => "Hello World",
- *   })
+ * class OrderController {
+ *   group = "orders"; // Groups all actions under "orders" tag
+ *
+ *   // GET /api/orders/search
+ *   searchOrders = $action({
+ *     name: "search",
+ *     path: "/orders/search", // Custom path
+ *     description: "Advanced order search with filtering",
+ *     schema: {
+ *       query: t.object({
+ *         status: t.optional(t.union([
+ *           t.literal("pending"),
+ *           t.literal("processing"),
+ *           t.literal("shipped"),
+ *           t.literal("delivered"),
+ *           t.literal("cancelled")
+ *         ])),
+ *         customerId: t.optional(t.string()),
+ *         dateFrom: t.optional(t.date()),
+ *         dateTo: t.optional(t.date()),
+ *         minAmount: t.optional(t.number({ minimum: 0 })),
+ *         maxAmount: t.optional(t.number({ minimum: 0 })),
+ *         sortBy: t.optional(t.union([
+ *           t.literal("createdAt"),
+ *           t.literal("amount"),
+ *           t.literal("status")
+ *         ])),
+ *         sortOrder: t.optional(t.enum(["asc", "desc"]))
+ *       }),
+ *       response: t.object({
+ *         orders: t.array(t.object({
+ *           id: t.string(),
+ *           orderNumber: t.string(),
+ *           customerId: t.string(),
+ *           customerName: t.string(),
+ *           status: t.string(),
+ *           totalAmount: t.number(),
+ *           createdAt: t.datetime(),
+ *           itemCount: t.number()
+ *         })),
+ *         pagination: t.object({
+ *           page: t.number(),
+ *           limit: t.number(),
+ *           total: t.number(),
+ *           hasMore: t.boolean()
+ *         }),
+ *         filters: t.object({
+ *           appliedFilters: t.array(t.string()),
+ *           availableStatuses: t.array(t.string())
+ *         })
+ *       })
+ *     },
+ *     handler: async ({ query }) => {
+ *       // Build dynamic query based on filters
+ *       const searchCriteria = this.orderService.buildSearchCriteria(query);
+ *       const results = await this.orderService.searchOrders(searchCriteria);
+ *
+ *       return {
+ *         orders: results.orders,
+ *         pagination: results.pagination,
+ *         filters: {
+ *           appliedFilters: Object.keys(query).filter(key => query[key] !== undefined),
+ *           availableStatuses: await this.orderService.getAvailableStatuses()
+ *         }
+ *       };
+ *     }
+ *   });
+ *
+ *   // POST /api/orders/:id/process
+ *   processOrder = $action({
+ *     method: "POST",
+ *     path: "/orders/:id/process",
+ *     description: "Process an order through the fulfillment workflow",
+ *     schema: {
+ *       params: t.object({ id: t.string() }),
+ *       body: t.object({
+ *         notes: t.optional(t.string()),
+ *         priority: t.optional(t.union([
+ *           t.literal("low"),
+ *           t.literal("normal"),
+ *           t.literal("high"),
+ *           t.literal("urgent")
+ *         ])),
+ *         assignToWarehouse: t.optional(t.string())
+ *       }),
+ *       response: t.object({
+ *         orderId: t.string(),
+ *         status: t.string(),
+ *         processedAt: t.datetime(),
+ *         estimatedFulfillment: t.datetime(),
+ *         trackingInfo: t.optional(t.object({
+ *           trackingNumber: t.string(),
+ *           carrier: t.string(),
+ *           estimatedDelivery: t.date()
+ *         }))
+ *       })
+ *     },
+ *     handler: async ({ params, body, user }) => {
+ *       // Validate order can be processed
+ *       const order = await this.orderService.findById(params.id);
+ *       if (!order || order.status !== "pending") {
+ *         throw new Error("Order cannot be processed in current status");
+ *       }
+ *
+ *       // Check inventory availability
+ *       const inventoryCheck = await this.inventoryService.checkAvailability(order.items);
+ *       if (!inventoryCheck.available) {
+ *         throw new Error(`Insufficient inventory: ${inventoryCheck.missingItems.join(", ")}`);
+ *       }
+ *
+ *       // Process the order
+ *       const processResult = await this.fulfillmentService.processOrder({
+ *         orderId: params.id,
+ *         options: {
+ *           notes: body.notes,
+ *           priority: body.priority || "normal",
+ *           warehouse: body.assignToWarehouse
+ *         }
+ *       });
+ *
+ *       // Update order status
+ *       await this.orderService.updateStatus(params.id, "processing", {
+ *         processedBy: user.id,
+ *         processedAt: new Date(),
+ *         notes: body.notes
+ *       });
+ *
+ *       // Send notification
+ *       await this.notificationService.sendOrderUpdate(order.customerId, {
+ *         orderId: params.id,
+ *         status: "processing",
+ *         message: "Your order is now being processed"
+ *       });
+ *
+ *       return {
+ *         orderId: params.id,
+ *         status: "processing",
+ *         processedAt: new Date().toISOString(),
+ *         estimatedFulfillment: processResult.estimatedCompletion,
+ *         trackingInfo: processResult.trackingInfo
+ *       };
+ *     }
+ *   });
  * }
- * // GET /api/hello -> "Hello World"
  * ```
+ *
+ * @example
+ * **Actions with security integration and role-based access:**
+ * ```ts
+ * class AdminController {
+ *   group = "admin";
+ *
+ *   // Only accessible to users with "admin:users:read" permission
+ *   getUserStats = $action({
+ *     description: "Get comprehensive user statistics",
+ *     security: { permissions: ["admin:users:read"] },
+ *     schema: {
+ *       query: t.object({
+ *         includeInactive: t.optional(t.boolean())
+ *       }),
+ *       response: t.object({
+ *         totalUsers: t.number(),
+ *         activeUsers: t.number(),
+ *         newUsers: t.number(),
+ *         userGrowth: t.number(),
+ *         breakdown: t.object({
+ *           byRole: t.record(t.string(), t.number()),
+ *           byStatus: t.record(t.string(), t.number()),
+ *           byRegistrationSource: t.record(t.string(), t.number())
+ *         }),
+ *         trends: t.array(t.object({
+ *           date: t.date(),
+ *           registrations: t.number(),
+ *           activations: t.number()
+ *         }))
+ *       })
+ *     },
+ *     handler: async ({ query, user }) => {
+ *       // user is available through security integration
+ *       this.auditLogger.log({
+ *         action: "admin.getUserStats",
+ *         userId: user.id,
+ *         userRole: user.role,
+ *         timestamp: new Date()
+ *       });
+ *
+ *       const period = query.period || "month";
+ *       const stats = await this.analyticsService.getUserStatistics({
+ *         period,
+ *         includeInactive: query.includeInactive || false
+ *       });
+ *
+ *       return stats;
+ *     }
+ *   });
+ *
+ *   // Bulk operations with transaction support
+ *   bulkUpdateUsers = $action({
+ *     method: "POST",
+ *     path: "/admin/users/bulk-update",
+ *     description: "Bulk update user properties",
+ *     security: { permissions: ["admin:users:write"] },
+ *     schema: {
+ *       body: t.object({
+ *         userIds: t.array(t.string(), { minItems: 1, maxItems: 1000 }),
+ *         updates: t.object({
+ *           status: t.optional(t.union([t.literal("active"), t.literal("inactive")])),
+ *           role: t.optional(t.string()),
+ *           tags: t.optional(t.array(t.string())),
+ *           customFields: t.optional(t.record(t.string(), t.any()))
+ *         }),
+ *         reason: t.string({ minLength: 10, maxLength: 500 })
+ *       }),
+ *       response: t.object({
+ *         updated: t.number(),
+ *         failed: t.number(),
+ *         errors: t.array(t.object({
+ *           userId: t.string(),
+ *           error: t.string()
+ *         })),
+ *         auditLogId: t.string()
+ *       })
+ *     },
+ *     handler: async ({ body, user }) => {
+ *       const results = { updated: 0, failed: 0, errors: [] };
+ *
+ *       // Create audit log entry
+ *       const auditLogId = await this.auditService.logBulkOperation({
+ *         operation: "bulk_user_update",
+ *         initiatedBy: user.id,
+ *         targetCount: body.userIds.length,
+ *         reason: body.reason,
+ *         changes: body.updates
+ *       });
+ *
+ *       // Process in batches to avoid overwhelming the database
+ *       const batchSize = 50;
+ *       for (let i = 0; i < body.userIds.length; i += batchSize) {
+ *         const batch = body.userIds.slice(i, i + batchSize);
+ *
+ *         try {
+ *           const updateResult = await this.userService.bulkUpdate(batch, body.updates);
+ *           results.updated += updateResult.success;
+ *           results.failed += updateResult.failed;
+ *           results.errors.push(...updateResult.errors);
+ *         } catch (error) {
+ *           // Log batch failure but continue processing
+ *           this.logger.error(`Bulk update batch failed`, {
+ *             batch: i / batchSize + 1,
+ *             userIds: batch,
+ *             error: error.message
+ *           });
+ *
+ *           results.failed += batch.length;
+ *           results.errors.push(...batch.map(userId => ({
+ *             userId,
+ *             error: error.message
+ *           })));
+ *         }
+ *       }
+ *
+ *       // Update audit log with results
+ *       await this.auditService.updateBulkOperationResults(auditLogId, results);
+ *
+ *       return { ...results, auditLogId };
+ *     }
+ *   });
+ * }
+ * ```
+ *
+ * **Important Notes**:
+ * - Actions are automatically registered with the HTTP server when the service is initialized
+ * - Use `run()` for direct invocation (testing, internal calls, or remote services)
+ * - Use `fetch()` for explicit HTTP requests (client-side, external services)
+ * - Schema validation occurs automatically for all requests and responses
+ * - Path parameters are automatically extracted from schema definitions
+ * - Content-Type headers are automatically set based on schema types
+ * - Actions can be disabled via the `disabled` option for maintenance or feature flags
+ *
+ * @stability 2
  */
 declare const $action: {
   <TConfig extends RequestConfigSchema>(options: ActionDescriptorOptions<TConfig>): ActionDescriptor<TConfig>;
@@ -328,7 +899,7 @@ interface ActionDescriptorOptions<TConfig extends RequestConfigSchema> extends O
   handler: ServerActionHandler<TConfig>;
 }
 declare class ActionDescriptor<TConfig extends RequestConfigSchema> extends Descriptor<ActionDescriptorOptions<TConfig>> {
-  protected readonly log: _alepha_logger0.Logger;
+  protected readonly log: _alepha_logger3.Logger;
   protected readonly env: {
     SERVER_API_PREFIX: string;
   };
@@ -362,7 +933,7 @@ declare class ActionDescriptor<TConfig extends RequestConfigSchema> extends Desc
    * Call the action handler directly.
    * There is no HTTP layer involved.
    */
-  run(config: ClientRequestEntry<TConfig>, options?: ClientRequestOptions): Promise<ClientRequestResponse<TConfig>>;
+  run(config?: ClientRequestEntry<TConfig>, options?: ClientRequestOptions): Promise<ClientRequestResponse<TConfig>>;
   /**
    * Works like `run`, but always fetches (http request) the route.
    */
@@ -395,40 +966,35 @@ type ServerActionHandler<TConfig extends RequestConfigSchema = RequestConfigSche
  */
 interface ServerActionRequest<TConfig extends RequestConfigSchema> extends ServerRequest<TConfig> {}
 //#endregion
+//#region src/schemas/errorSchema.d.ts
+declare const errorSchema: typebox0.TObject<{
+  error: typebox0.TString;
+  status: typebox0.TInteger;
+  message: typebox0.TString;
+  details: typebox0.TOptional<typebox0.TString>;
+  requestId: typebox0.TOptional<typebox0.TString>;
+  cause: typebox0.TOptional<typebox0.TObject<{
+    name: typebox0.TString;
+    message: typebox0.TString;
+  }>>;
+}>;
+type ErrorSchema = Static<typeof errorSchema>;
+//#endregion
 //#region src/errors/HttpError.d.ts
 declare const isHttpError: (error: unknown, status?: number) => error is HttpErrorLike;
 declare class HttpError extends AlephaError {
   name: string;
   static is: (error: unknown, status?: number) => error is HttpErrorLike;
-  static toJSON(error: HttpError): {
-    status: number;
-    error: string | undefined;
-    message: string;
-    cause: {
-      name: string;
-      message: string;
-    };
-  } | {
-    status: number;
-    error: string | undefined;
-    message: string;
-    cause?: undefined;
-  };
+  static toJSON(error: HttpError): ErrorSchema;
+  readonly error: string;
   readonly status: number;
-  readonly error?: string;
+  readonly requestId?: string;
+  readonly details?: string;
   readonly reason?: {
     name: string;
     message: string;
   };
-  constructor(options: {
-    error?: string;
-    message: string;
-    status: number;
-    cause?: {
-      name: string;
-      message: string;
-    } | unknown;
-  }, cause?: unknown);
+  constructor(options: Partial<ErrorSchema>, cause?: unknown);
 }
 declare const errorNameByStatus: Record<number, string>;
 interface HttpErrorLike extends Error {
@@ -485,35 +1051,26 @@ declare class ValidationError extends HttpError {
 }
 //#endregion
 //#region src/helpers/isMultipart.d.ts
+/**
+ * Checks if the route has multipart/form-data request body.
+ */
 declare const isMultipart: (options: {
   schema?: RequestConfigSchema;
   requestBodyType?: string;
 }) => boolean;
 //#endregion
-//#region src/schemas/errorSchema.d.ts
-declare const errorSchema: _sinclair_typebox7.TObject<{
-  error: _sinclair_typebox7.TString;
-  status: _sinclair_typebox7.TNumber;
-  message: _sinclair_typebox7.TString;
-  details: _sinclair_typebox7.TOptional<_sinclair_typebox7.TString>;
-  cause: _sinclair_typebox7.TOptional<_sinclair_typebox7.TObject<{
-    name: _sinclair_typebox7.TString;
-    message: _sinclair_typebox7.TString;
-  }>>;
-}>;
-//#endregion
 //#region src/schemas/okSchema.d.ts
-declare const okSchema: _sinclair_typebox7.TObject<{
-  ok: _sinclair_typebox7.TBoolean;
-  id: _sinclair_typebox7.TOptional<_sinclair_typebox7.TUnion<[_sinclair_typebox7.TString, _sinclair_typebox7.TInteger]>>;
-  count: _sinclair_typebox7.TOptional<_sinclair_typebox7.TNumber>;
+declare const okSchema: typebox0.TObject<{
+  ok: typebox0.TBoolean;
+  id: typebox0.TOptional<typebox0.TUnion<[typebox0.TString, typebox0.TInteger]>>;
+  count: typebox0.TOptional<typebox0.TNumber>;
 }>;
 type Ok = Static<typeof okSchema>;
 //#endregion
 //#region src/providers/NodeHttpServerProvider.d.ts
-declare const envSchema: _alepha_core1.TObject<{
-  SERVER_PORT: _alepha_core1.TNumber;
-  SERVER_HOST: _alepha_core1.TString;
+declare const envSchema: _alepha_core11.TObject<{
+  SERVER_PORT: _alepha_core11.TInteger;
+  SERVER_HOST: _alepha_core11.TString;
 }>;
 declare module "alepha" {
   interface Env extends Partial<Static<typeof envSchema>> {}
@@ -521,31 +1078,31 @@ declare module "alepha" {
 declare class NodeHttpServerProvider extends ServerProvider {
   protected readonly alepha: Alepha;
   protected readonly dateTimeProvider: DateTimeProvider;
-  protected readonly log: _alepha_logger0.Logger;
+  protected readonly log: _alepha_logger3.Logger;
   protected readonly env: {
     SERVER_PORT: number;
     SERVER_HOST: string;
   };
   protected readonly router: ServerRouterProvider;
   protected readonly server: http0.Server<typeof IncomingMessage, typeof ServerResponse$1>;
-  protected readonly onNodeRequest: _alepha_core1.HookDescriptor<"node:request">;
+  protected readonly onNodeRequest: _alepha_core11.HookDescriptor<"node:request">;
   handle(req: IncomingMessage, res: ServerResponse$1): Promise<void>;
   createRouterRequest(req: IncomingMessage, res: ServerResponse$1, params?: Record<string, string>): ServerRawRequest;
   getProtocol(req: IncomingMessage): "http" | "https";
   get hostname(): string;
-  readonly start: _alepha_core1.HookDescriptor<"start">;
-  protected readonly stop: _alepha_core1.HookDescriptor<"stop">;
+  readonly start: _alepha_core11.HookDescriptor<"start">;
+  protected readonly stop: _alepha_core11.HookDescriptor<"stop">;
   protected listen(): Promise<void>;
   protected close(): Promise<void>;
 }
 //#endregion
 //#region src/providers/ServerLoggerProvider.d.ts
 declare class ServerLoggerProvider {
-  protected readonly log: _alepha_logger0.Logger;
+  protected readonly log: _alepha_logger3.Logger;
   protected readonly alepha: Alepha;
-  readonly onRequest: _alepha_core1.HookDescriptor<"server:onRequest">;
-  readonly onError: _alepha_core1.HookDescriptor<"server:onError">;
-  readonly onResponse: _alepha_core1.HookDescriptor<"server:onResponse">;
+  readonly onRequest: _alepha_core11.HookDescriptor<"server:onRequest">;
+  readonly onError: _alepha_core11.HookDescriptor<"server:onError">;
+  readonly onResponse: _alepha_core11.HookDescriptor<"server:onResponse">;
 }
 //#endregion
 //#region src/providers/ServerNotReadyProvider.d.ts
@@ -558,7 +1115,7 @@ declare class ServerLoggerProvider {
  */
 declare class ServerNotReadyProvider {
   protected readonly alepha: Alepha;
-  readonly onRequest: _alepha_core1.HookDescriptor<"server:onRequest">;
+  readonly onRequest: _alepha_core11.HookDescriptor<"server:onRequest">;
 }
 //#endregion
 //#region src/index.d.ts
@@ -626,7 +1183,7 @@ declare module "alepha" {
  * @see {@link $action}
  * @module alepha.server
  */
-declare const AlephaServer: _alepha_core1.Service<_alepha_core1.Module>;
+declare const AlephaServer: _alepha_core11.Service<_alepha_core11.Module>;
 //#endregion
-export { $action, $route, ActionDescriptor, ActionDescriptorOptions, AlephaServer, BadRequestError, ClientRequestEntry, ClientRequestEntryContainer, ClientRequestOptions, ClientRequestResponse, ConflictError, FetchActionArgs, FetchOptions, FetchResponse, ForbiddenError, HttpAction, HttpClient, HttpClientPendingRequests, HttpError, HttpErrorLike, NodeHttpServerProvider, NotFoundError, Ok, RequestConfigSchema, ResponseBodyType, ResponseKind, RouteDescriptor, RouteDescriptorOptions, RouteMethod, ServerActionHandler, ServerActionRequest, ServerHandler, ServerLoggerProvider, ServerMiddlewareHandler, ServerNotReadyProvider, ServerProvider, ServerRawRequest, ServerReply, ServerRequest, ServerRequestConfig, ServerRequestConfigEntry, ServerResponse, ServerResponseBody, ServerRoute, ServerRouteMatcher, ServerRouterProvider, ServerTimingProvider, UnauthorizedError, ValidationError, errorNameByStatus, errorSchema, isHttpError, isMultipart, okSchema, routeMethods };
+export { $action, $route, ActionDescriptor, ActionDescriptorOptions, AlephaServer, BadRequestError, ClientRequestEntry, ClientRequestEntryContainer, ClientRequestOptions, ClientRequestResponse, ConflictError, ErrorSchema, FetchActionArgs, FetchOptions, FetchResponse, ForbiddenError, HttpAction, HttpClient, HttpClientPendingRequests, HttpError, HttpErrorLike, NodeHttpServerProvider, NotFoundError, Ok, RequestConfigSchema, ResponseBodyType, ResponseKind, RouteDescriptor, RouteDescriptorOptions, RouteMethod, ServerActionHandler, ServerActionRequest, ServerHandler, ServerLoggerProvider, ServerNotReadyProvider, ServerProvider, ServerRawRequest, ServerReply, ServerRequest, ServerRequestConfig, ServerRequestConfigEntry, ServerResponse, ServerResponseBody, ServerRoute, ServerRouteMatcher, ServerRouteRequestHandler, ServerRouterProvider, ServerTimingProvider, TRequestBody, TResponseBody, UnauthorizedError, ValidationError, errorNameByStatus, errorSchema, isHttpError, isMultipart, okSchema, routeMethods };
 //# sourceMappingURL=index.d.ts.map