balda 0.0.61 → 0.0.63

package/lib/index.d.cts

@@ -349,6 +349,12 @@ declare class Request<Params extends Record<string, string> = Record<string, str
     file(fieldName: string): FormFile | null;
     get cookies(): Record<string, string>;
     set cookies(value: Record<string, string>);
+    /**
+     * Returns cookies when the cookie middleware has populated them, otherwise undefined.
+     * Useful for compatibility layers that should not throw when cookies are unavailable.
+     * @internal
+     */
+    getOptionalCookies(): Record<string, string> | undefined;
     /**
      * The cookie of the request.
      * @cookie middleware is required
@@ -362,6 +368,12 @@ declare class Request<Params extends Record<string, string> = Record<string, str
     timeout?: boolean;
     get session(): Record<string, any> | undefined;
     set session(value: Record<string, any> | undefined);
+    /**
+     * Returns session data when the session middleware has populated it, otherwise undefined.
+     * Useful for compatibility layers that should not throw when sessions are unavailable.
+     * @internal
+     */
+    getOptionalSession(): Record<string, any> | undefined;
     /**
      * Shared throwing functions to avoid per-instance closure allocation.
      * @internal
@@ -1638,6 +1650,34 @@ declare class GraphQL {
     private ensureTypeDefsArray;
 }
 
+declare class MockResponse<T = any> {
+    readonly response: Response$1;
+    constructor(response: Response$1);
+    body(): T;
+    statusCode(): number;
+    headers(): Record<string, string>;
+    cookies(): Record<string, string>;
+    assertStatus(status: number): this;
+    assertHeader(header: string, value: string): this;
+    assertHeaderExists(header: string): this;
+    assertHeaderNotExists(header: string): this;
+    assertCookie(name: string, value: string): this;
+    assertCookieExists(name: string): this;
+    assertCookieNotExists(name: string): this;
+    assertBodySubset(subset: Partial<T>): this;
+    assertBodyDeepEqual(expected: T): this;
+    assertBodyNotSubset(subset: Partial<T>): this;
+    assertBodyNotDeepEqual(expected: T): this;
+    assertCustom(assertion: (response: Response$1) => void): this;
+    private assertSubset;
+    private assertDeepEqual;
+    private assertNotSubset;
+    private assertNotDeepEqual;
+    private assertArraySubset;
+    private assertArrayDeepEqual;
+    private isObject;
+}
+
 declare class NativeFs {
     glob(...args: Parameters<typeof glob>): Promise<string[]>;
     mkdir(path: string, options?: {
@@ -1976,6 +2016,7 @@ declare class Server<H extends NodeHttpClient = NodeHttpClient> implements Serve
     isListening: boolean;
     isProduction: boolean;
     graphql: GraphQL;
+    readonly inject: InjectFunction;
     /**
      * The constructor for the server
      * @warning Routes will only be defined after calling the `listen` method so you're free to define middlewares before calling it
@@ -2043,7 +2084,9 @@ declare class Server<H extends NodeHttpClient = NodeHttpClient> implements Serve
      * @returns A promise that resolves when the server is disconnected
      */
     disconnect(): Promise<void>;
-    getMockServer(options?: Pick<ServerOptions, "controllerPatterns">): Promise<MockServer>;
+    getMockServer(options?: Pick<ServerOptions, "controllerPatterns">): MockServer;
+    ensureBootstrapped(options?: Pick<ServerOptions, "controllerPatterns">): Promise<void>;
+    private createInjectFunction;
     private importControllers;
     private applyPlugins;
     /**
@@ -2069,34 +2112,6 @@ declare class Server<H extends NodeHttpClient = NodeHttpClient> implements Serve
     private setupAbortSignalHandler;
 }
 
-declare class MockResponse<T = any> {
-    readonly response: Response$1;
-    constructor(response: Response$1);
-    body(): T;
-    statusCode(): number;
-    headers(): Record<string, string>;
-    cookies(): Record<string, string>;
-    assertStatus(status: number): this;
-    assertHeader(header: string, value: string): this;
-    assertHeaderExists(header: string): this;
-    assertHeaderNotExists(header: string): this;
-    assertCookie(name: string, value: string): this;
-    assertCookieExists(name: string): this;
-    assertCookieNotExists(name: string): this;
-    assertBodySubset(subset: Partial<T>): this;
-    assertBodyDeepEqual(expected: T): this;
-    assertBodyNotSubset(subset: Partial<T>): this;
-    assertBodyNotDeepEqual(expected: T): this;
-    assertCustom(assertion: (response: Response$1) => void): this;
-    private assertSubset;
-    private assertDeepEqual;
-    private assertNotSubset;
-    private assertNotDeepEqual;
-    private assertArraySubset;
-    private assertArrayDeepEqual;
-    private isObject;
-}
-
 /**
  * Type-safe options for the mock server
  * @template TBody - The request body type
@@ -2140,7 +2155,8 @@ declare class MockServer {
     readonly server: Server<NodeHttpClient>;
     private readonly logger;
     private ensureGraphQLHandler;
-    constructor(server: Server<NodeHttpClient>);
+    private readonly bootstrapOptions?;
+    constructor(server: Server<NodeHttpClient>, options?: Pick<ServerOptions, "controllerPatterns">);
     /**
      * Simulates an HTTP request without making an actual network call, useful for testing purposes
      * Executes the middleware chain and handler of the route
@@ -2300,6 +2316,8 @@ type CorsOptions = {
     methods?: CorsMethods[] | string;
     /**
      * Configures the Access-Control-Allow-Headers CORS header. Defaults to allowing all requested headers.
+     * When omitted, Balda echoes `Access-Control-Request-Headers` on preflight requests.
+     * Set this explicitly to override that default behavior.
      */
     allowedHeaders?: string[] | string;
     /**
@@ -2702,6 +2720,49 @@ type ResolvedServerOptions = {
     abortSignal?: AbortSignal;
 };
 type ServerErrorHandler = (req: Request, res: Response$1, next: NextFunction, error: Error) => SyncOrAsync;
+/**
+ * A callable function with HTTP method shortcuts for injecting requests directly into the server.
+ * Similar to Fastify's `inject`, it allows testing routes without network overhead.
+ */
+interface InjectFunction {
+    /**
+     * Simulates an HTTP request without making an actual network call
+     * @param method - The HTTP method (GET, POST, PUT, DELETE, PATCH)
+     * @param path - The request path
+     * @param options - Request options including body, headers, query params, etc.
+     */
+    <TResponse = any, TBody = any, TQuery extends Record<string, string> = any>(method: HttpMethod, path: string, options?: MockServerOptions<TBody, TQuery>): Promise<MockResponse<TResponse>>;
+    /**
+     * Type-safe GET request
+     * @example
+     * const res = await server.inject.get<UserResponse>("/users");
+     */
+    get<TResponse = any, TQuery extends Record<string, string> = any>(path: string, options?: Omit<MockServerOptions<never, TQuery>, "body" | "formData" | "urlencoded">): Promise<MockResponse<TResponse>>;
+    /**
+     * Type-safe POST request
+     * @example
+     * const res = await server.inject.post<UserResponse, CreateUserInput>("/users", { body: { name: "John" } });
+     */
+    post<TResponse = any, TBody = any, TQuery extends Record<string, string> = any>(path: string, options?: MockServerOptions<TBody, TQuery>): Promise<MockResponse<TResponse>>;
+    /**
+     * Type-safe PUT request
+     * @example
+     * const res = await server.inject.put<UserResponse>("/users/1", { body: { name: "Jane" } });
+     */
+    put<TResponse = any, TBody = any, TQuery extends Record<string, string> = any>(path: string, options?: MockServerOptions<TBody, TQuery>): Promise<MockResponse<TResponse>>;
+    /**
+     * Type-safe PATCH request
+     * @example
+     * const res = await server.inject.patch<UserResponse>("/users/1", { body: { name: "Jane" } });
+     */
+    patch<TResponse = any, TBody = any, TQuery extends Record<string, string> = any>(path: string, options?: MockServerOptions<TBody, TQuery>): Promise<MockResponse<TResponse>>;
+    /**
+     * Type-safe DELETE request
+     * @example
+     * const res = await server.inject.delete<DeleteResponse>("/users/1");
+     */
+    delete<TResponse = any, TQuery extends Record<string, string> = any>(path: string, options?: Omit<MockServerOptions<never, TQuery>, "body" | "formData">): Promise<MockResponse<TResponse>>;
+}
 interface ServerInterface {
     /**
      * Identifier for the balda server instance
@@ -2975,12 +3036,35 @@ interface ServerInterface {
      */
     disconnect: () => Promise<void>;
     /**
-     * Returns a mock server instance that can be used to test the server without starting it
-     * It will import the controllers and apply the plugins to the mock server
+     * Returns a mock server instance that can be used to test the server without starting it.
+     * The mock server lazily bootstraps (imports controllers, applies plugins) on the first request.
      * @param options - The options for the mock server
      * @param options.controllerPatterns - Custom controller patterns to import if the mock server must not be initialized with the same controller patterns as the server
      */
-    getMockServer: () => Promise<MockServer>;
+    getMockServer: (options?: Pick<ServerOptions, "controllerPatterns">) => MockServer;
+    /**
+     * Inject requests directly into the server without network overhead.
+     * Lazily bootstraps the server on the first call.
+     * Supports both generic `inject(method, path, options)` and typed shortcuts like `inject.get()`, `inject.post()`, etc.
+     *
+     * @example
+     * ```typescript
+     * // Generic inject
+     * const res = await server.inject("GET", "/users");
+     *
+     * // Typed shortcuts
+     * const res = await server.inject.get<User[]>("/users");
+     * const res = await server.inject.post<User, CreateUserInput>("/users", { body: { name: "John" } });
+     * ```
+     */
+    inject: InjectFunction;
+    /**
+     * Ensures the server is bootstrapped (controllers imported, plugins applied).
+     * This is called lazily by `inject()` and `MockServer.request()`, but can be called explicitly to pre-bootstrap.
+     * This method is idempotent — subsequent calls after the first have no effect.
+     * @param options - Optional controller patterns to import
+     */
+    ensureBootstrapped: (options?: Pick<ServerOptions, "controllerPatterns">) => Promise<void>;
     /**
      * Exit current runtime process with the given code based on the current runtime
      * @param code - The code to exit with, defaults to 0
@@ -4615,7 +4699,9 @@ declare const cookie: (options?: CookieMiddlewareOptions) => TypedMiddleware<{
  * ⚠️ SECURITY WARNING: By default, this plugin allows ALL origins ('*').
  * For production environments, explicitly configure allowed origins.
  *
- * @param options CORS options (all optional)
+ * @param options CORS options (all optional). Omitted options keep Balda's defaults,
+ * including default methods and echoing `Access-Control-Request-Headers` on preflight
+ * requests unless `allowedHeaders` is explicitly overridden.
  *
  * @example
  * // Development (permissive)
@@ -4752,7 +4838,7 @@ declare const trustProxy: (options?: TrustProxyOptions) => ServerRouteMiddleware
  * @param options.urlencoded - The options for the URL-encoded middleware.
  * @param options.fileParser - The options for the file parser middleware.
  */
-declare const bodyParser: (options: BodyParserOptions) => ServerRouteMiddleware;
+declare const bodyParser: (options?: BodyParserOptions) => ServerRouteMiddleware;
 
 declare const createPolicyDecorator: <T extends Record<string, PolicyProvider>>(manager: PolicyManager<T>) => PolicyDecorator<T>;
 
@@ -4943,4 +5029,4 @@ declare enum CacheStatus {
  */
 declare const router: ClientRouter;
 
-export { type AsyncLocalStorageContextSetters, AzureBlobStorageProvider, BaseCron, BasePlugin, type BaseStorageProviderOptions, type BlobStorageProviderOptions, type BodyParserOptions, type BodylessMethodOptions, BullMQConfiguration, type BullMQConfigurationOptions, BullMQPubSub, CACHE_STATUS_HEADER, type CacheKeyIncludes, type CacheMiddlewareOptions, type CachePluginOptions, type CacheProvider, type CacheRedisOptions, type CacheRouteConfig, CacheService, type CacheServiceInterface, type CacheStats, CacheStatus, Command, type CommandOptions, CommandRegistry, type CompressionOptions, type CookieMiddlewareOptions, type CorsOptions, type CronSchedule, type CronScheduleParams, CronService, type CronUIOptions, CustomAdapter, type CustomQueueConfiguration, type CustomStorageProviderOptions, CustomTypedQueue, type CustomValidationError, DEFAULT_CACHE_OPTIONS, EdgeAdapter, EjsAdapter, type ExtractParams, GraphQL, type GraphQLContext, type GraphQLOptions, type GraphQLResolverFunction, type GraphQLResolverMap, type GraphQLResolverType, type GraphQLResolvers, type GraphQLSchemaInput, type GraphQLTypeDef, type GroupRouter, HandlebarsAdapter, type HelmetOptions, type HttpMethod, type HttpsOptions, type InferMiddlewareExtension, type InferMiddlewareExtensions, type InferResponseMap, type InferSchemaType, LocalStorageProvider, type LocalStorageProviderOptions, type LockBehavior, type LogOptions, type LoggerOptions, type MailOptions, MailOptionsBuilder, MailProvider, type MailProviderInterface, Mailer, type MailerInterface, type MailerOptions, type MailerProviderOptions, MemoryCacheProvider, MemoryPubSub, type MethodOverrideOptions, MockResponse, MockServer, type MockServerOptions, type MqttConnectionOptions, type MqttHandler, type MqttPublishOptions, MqttService, type MqttSubscribeOptions, type MqttSubscription, type MqttTopics, MustacheAdapter, type NextFunction, type NodeHttpClient, type NodeServer as NodeHttpServerClient, PGBossConfiguration, type PGBossConfigurationOptions, PGBossPubSub, type PolicyDecorator, type PolicyErrorHandlerOptions, PolicyManager, type PolicyProvider, type PolicyRouteConfig, type PublishTopic, QueueManager, QueueService, type RateLimiterKeyOptions, RedisCacheProvider, Request, type RequestSchema, Response$1 as Response, type ResponseBodyForStatus, type RuntimeServer, S3StorageProvider, type S3StorageProviderOptions, SQSConfiguration, type SQSConfigurationOptions, SQSPubSub, type CacheMetrics as SchemaCacheMetrics, type SerializeOptions, type SerializedValidationError, Server, type ServerConnectInput, type ServerErrorHandler, type ServerHook, type ServerInterface, type ServerListenCallback, type ServerOptions, type ServerPlugin, type ServerPluginConfig, type ServerRouteHandler, type ServerRouteMiddleware, type ServerTapOptions, type SessionOptions, type SignalEvent, type StandardMethodOptions, type StaticPluginOptions, Storage, type StorageInterface, type StorageOptions, type StorageProviderOptions, type TemplateMailOptions, type TimeoutOptions, type TrustProxyOptions, type TypedCacheKeyIncludes, type TypedCacheRouteConfig, type TypedHandler, type TypedMiddleware, TypedQueue, type TypedRouteMetadata, type ValidatedData, type ValidationErrorHandlerOptions, type ValidationOptions, arg, asyncLocalStorage, asyncStorage, bodyParser, bullmqQueue, cache, cacheMiddleware, clearAllCaches as clearAllSchemaCaches, commandRegistry, compression, controller, cookie, cors, createExpressAdapter, createPolicyDecorator, createQueue, cron, cronUIInstance, cronUi, Server as default, defineMiddleware, defineQueueConfiguration, del, expressHandler, expressMiddleware, flag, get, getCacheService, getCacheMetrics as getSchemaCacheMetrics, hash, helmet, initCacheService, log, logCacheMetrics as logSchemaCacheMetrics, logger, memoryQueue, methodOverride, middleware, mountExpressRouter, mqtt, patch, pgbossQueue, post, put, rateLimiter, resetCacheService, router, serialize, serveStatic, session, setCronGlobalErrorHandler, setMqttGlobalErrorHandler, sqsQueue, timeout as timeoutMw, trustProxy, validate };
+export { type AsyncLocalStorageContextSetters, AzureBlobStorageProvider, BaseCron, BasePlugin, type BaseStorageProviderOptions, type BlobStorageProviderOptions, type BodyParserOptions, type BodylessMethodOptions, BullMQConfiguration, type BullMQConfigurationOptions, BullMQPubSub, CACHE_STATUS_HEADER, type CacheKeyIncludes, type CacheMiddlewareOptions, type CachePluginOptions, type CacheProvider, type CacheRedisOptions, type CacheRouteConfig, CacheService, type CacheServiceInterface, type CacheStats, CacheStatus, Command, type CommandOptions, CommandRegistry, type CompressionOptions, type CookieMiddlewareOptions, type CorsOptions, type CronSchedule, type CronScheduleParams, CronService, type CronUIOptions, CustomAdapter, type CustomQueueConfiguration, type CustomStorageProviderOptions, CustomTypedQueue, type CustomValidationError, DEFAULT_CACHE_OPTIONS, EdgeAdapter, EjsAdapter, type ExtractParams, GraphQL, type GraphQLContext, type GraphQLOptions, type GraphQLResolverFunction, type GraphQLResolverMap, type GraphQLResolverType, type GraphQLResolvers, type GraphQLSchemaInput, type GraphQLTypeDef, type GroupRouter, HandlebarsAdapter, type HelmetOptions, type HttpMethod, type HttpsOptions, type InferMiddlewareExtension, type InferMiddlewareExtensions, type InferResponseMap, type InferSchemaType, type InjectFunction, LocalStorageProvider, type LocalStorageProviderOptions, type LockBehavior, type LogOptions, type LoggerOptions, type MailOptions, MailOptionsBuilder, MailProvider, type MailProviderInterface, Mailer, type MailerInterface, type MailerOptions, type MailerProviderOptions, MemoryCacheProvider, MemoryPubSub, type MethodOverrideOptions, MockResponse, MockServer, type MockServerOptions, type MqttConnectionOptions, type MqttHandler, type MqttPublishOptions, MqttService, type MqttSubscribeOptions, type MqttSubscription, type MqttTopics, MustacheAdapter, type NextFunction, type NodeHttpClient, type NodeServer as NodeHttpServerClient, PGBossConfiguration, type PGBossConfigurationOptions, PGBossPubSub, type PolicyDecorator, type PolicyErrorHandlerOptions, PolicyManager, type PolicyProvider, type PolicyRouteConfig, type PublishTopic, QueueManager, QueueService, type RateLimiterKeyOptions, RedisCacheProvider, Request, type RequestSchema, Response$1 as Response, type ResponseBodyForStatus, type RuntimeServer, S3StorageProvider, type S3StorageProviderOptions, SQSConfiguration, type SQSConfigurationOptions, SQSPubSub, type CacheMetrics as SchemaCacheMetrics, type SerializeOptions, type SerializedValidationError, Server, type ServerConnectInput, type ServerErrorHandler, type ServerHook, type ServerInterface, type ServerListenCallback, type ServerOptions, type ServerPlugin, type ServerPluginConfig, type ServerRouteHandler, type ServerRouteMiddleware, type ServerTapOptions, type SessionOptions, type SignalEvent, type StandardMethodOptions, type StaticPluginOptions, Storage, type StorageInterface, type StorageOptions, type StorageProviderOptions, type TemplateMailOptions, type TimeoutOptions, type TrustProxyOptions, type TypedCacheKeyIncludes, type TypedCacheRouteConfig, type TypedHandler, type TypedMiddleware, TypedQueue, type TypedRouteMetadata, type ValidatedData, type ValidationErrorHandlerOptions, type ValidationOptions, arg, asyncLocalStorage, asyncStorage, bodyParser, bullmqQueue, cache, cacheMiddleware, clearAllCaches as clearAllSchemaCaches, commandRegistry, compression, controller, cookie, cors, createExpressAdapter, createPolicyDecorator, createQueue, cron, cronUIInstance, cronUi, Server as default, defineMiddleware, defineQueueConfiguration, del, expressHandler, expressMiddleware, flag, get, getCacheService, getCacheMetrics as getSchemaCacheMetrics, hash, helmet, initCacheService, log, logCacheMetrics as logSchemaCacheMetrics, logger, memoryQueue, methodOverride, middleware, mountExpressRouter, mqtt, patch, pgbossQueue, post, put, rateLimiter, resetCacheService, router, serialize, serveStatic, session, setCronGlobalErrorHandler, setMqttGlobalErrorHandler, sqsQueue, timeout as timeoutMw, trustProxy, validate };

package/lib/index.d.ts

@@ -349,6 +349,12 @@ declare class Request<Params extends Record<string, string> = Record<string, str
     file(fieldName: string): FormFile | null;
     get cookies(): Record<string, string>;
     set cookies(value: Record<string, string>);
+    /**
+     * Returns cookies when the cookie middleware has populated them, otherwise undefined.
+     * Useful for compatibility layers that should not throw when cookies are unavailable.
+     * @internal
+     */
+    getOptionalCookies(): Record<string, string> | undefined;
     /**
      * The cookie of the request.
      * @cookie middleware is required
@@ -362,6 +368,12 @@ declare class Request<Params extends Record<string, string> = Record<string, str
     timeout?: boolean;
     get session(): Record<string, any> | undefined;
     set session(value: Record<string, any> | undefined);
+    /**
+     * Returns session data when the session middleware has populated it, otherwise undefined.
+     * Useful for compatibility layers that should not throw when sessions are unavailable.
+     * @internal
+     */
+    getOptionalSession(): Record<string, any> | undefined;
     /**
      * Shared throwing functions to avoid per-instance closure allocation.
      * @internal
@@ -1638,6 +1650,34 @@ declare class GraphQL {
     private ensureTypeDefsArray;
 }
 
+declare class MockResponse<T = any> {
+    readonly response: Response$1;
+    constructor(response: Response$1);
+    body(): T;
+    statusCode(): number;
+    headers(): Record<string, string>;
+    cookies(): Record<string, string>;
+    assertStatus(status: number): this;
+    assertHeader(header: string, value: string): this;
+    assertHeaderExists(header: string): this;
+    assertHeaderNotExists(header: string): this;
+    assertCookie(name: string, value: string): this;
+    assertCookieExists(name: string): this;
+    assertCookieNotExists(name: string): this;
+    assertBodySubset(subset: Partial<T>): this;
+    assertBodyDeepEqual(expected: T): this;
+    assertBodyNotSubset(subset: Partial<T>): this;
+    assertBodyNotDeepEqual(expected: T): this;
+    assertCustom(assertion: (response: Response$1) => void): this;
+    private assertSubset;
+    private assertDeepEqual;
+    private assertNotSubset;
+    private assertNotDeepEqual;
+    private assertArraySubset;
+    private assertArrayDeepEqual;
+    private isObject;
+}
+
 declare class NativeFs {
     glob(...args: Parameters<typeof glob>): Promise<string[]>;
     mkdir(path: string, options?: {
@@ -1976,6 +2016,7 @@ declare class Server<H extends NodeHttpClient = NodeHttpClient> implements Serve
     isListening: boolean;
     isProduction: boolean;
     graphql: GraphQL;
+    readonly inject: InjectFunction;
     /**
      * The constructor for the server
      * @warning Routes will only be defined after calling the `listen` method so you're free to define middlewares before calling it
@@ -2043,7 +2084,9 @@ declare class Server<H extends NodeHttpClient = NodeHttpClient> implements Serve
      * @returns A promise that resolves when the server is disconnected
      */
     disconnect(): Promise<void>;
-    getMockServer(options?: Pick<ServerOptions, "controllerPatterns">): Promise<MockServer>;
+    getMockServer(options?: Pick<ServerOptions, "controllerPatterns">): MockServer;
+    ensureBootstrapped(options?: Pick<ServerOptions, "controllerPatterns">): Promise<void>;
+    private createInjectFunction;
     private importControllers;
     private applyPlugins;
     /**
@@ -2069,34 +2112,6 @@ declare class Server<H extends NodeHttpClient = NodeHttpClient> implements Serve
     private setupAbortSignalHandler;
 }
 
-declare class MockResponse<T = any> {
-    readonly response: Response$1;
-    constructor(response: Response$1);
-    body(): T;
-    statusCode(): number;
-    headers(): Record<string, string>;
-    cookies(): Record<string, string>;
-    assertStatus(status: number): this;
-    assertHeader(header: string, value: string): this;
-    assertHeaderExists(header: string): this;
-    assertHeaderNotExists(header: string): this;
-    assertCookie(name: string, value: string): this;
-    assertCookieExists(name: string): this;
-    assertCookieNotExists(name: string): this;
-    assertBodySubset(subset: Partial<T>): this;
-    assertBodyDeepEqual(expected: T): this;
-    assertBodyNotSubset(subset: Partial<T>): this;
-    assertBodyNotDeepEqual(expected: T): this;
-    assertCustom(assertion: (response: Response$1) => void): this;
-    private assertSubset;
-    private assertDeepEqual;
-    private assertNotSubset;
-    private assertNotDeepEqual;
-    private assertArraySubset;
-    private assertArrayDeepEqual;
-    private isObject;
-}
-
 /**
  * Type-safe options for the mock server
  * @template TBody - The request body type
@@ -2140,7 +2155,8 @@ declare class MockServer {
     readonly server: Server<NodeHttpClient>;
     private readonly logger;
     private ensureGraphQLHandler;
-    constructor(server: Server<NodeHttpClient>);
+    private readonly bootstrapOptions?;
+    constructor(server: Server<NodeHttpClient>, options?: Pick<ServerOptions, "controllerPatterns">);
     /**
      * Simulates an HTTP request without making an actual network call, useful for testing purposes
      * Executes the middleware chain and handler of the route
@@ -2300,6 +2316,8 @@ type CorsOptions = {
     methods?: CorsMethods[] | string;
     /**
      * Configures the Access-Control-Allow-Headers CORS header. Defaults to allowing all requested headers.
+     * When omitted, Balda echoes `Access-Control-Request-Headers` on preflight requests.
+     * Set this explicitly to override that default behavior.
      */
     allowedHeaders?: string[] | string;
     /**
@@ -2702,6 +2720,49 @@ type ResolvedServerOptions = {
     abortSignal?: AbortSignal;
 };
 type ServerErrorHandler = (req: Request, res: Response$1, next: NextFunction, error: Error) => SyncOrAsync;
+/**
+ * A callable function with HTTP method shortcuts for injecting requests directly into the server.
+ * Similar to Fastify's `inject`, it allows testing routes without network overhead.
+ */
+interface InjectFunction {
+    /**
+     * Simulates an HTTP request without making an actual network call
+     * @param method - The HTTP method (GET, POST, PUT, DELETE, PATCH)
+     * @param path - The request path
+     * @param options - Request options including body, headers, query params, etc.
+     */
+    <TResponse = any, TBody = any, TQuery extends Record<string, string> = any>(method: HttpMethod, path: string, options?: MockServerOptions<TBody, TQuery>): Promise<MockResponse<TResponse>>;
+    /**
+     * Type-safe GET request
+     * @example
+     * const res = await server.inject.get<UserResponse>("/users");
+     */
+    get<TResponse = any, TQuery extends Record<string, string> = any>(path: string, options?: Omit<MockServerOptions<never, TQuery>, "body" | "formData" | "urlencoded">): Promise<MockResponse<TResponse>>;
+    /**
+     * Type-safe POST request
+     * @example
+     * const res = await server.inject.post<UserResponse, CreateUserInput>("/users", { body: { name: "John" } });
+     */
+    post<TResponse = any, TBody = any, TQuery extends Record<string, string> = any>(path: string, options?: MockServerOptions<TBody, TQuery>): Promise<MockResponse<TResponse>>;
+    /**
+     * Type-safe PUT request
+     * @example
+     * const res = await server.inject.put<UserResponse>("/users/1", { body: { name: "Jane" } });
+     */
+    put<TResponse = any, TBody = any, TQuery extends Record<string, string> = any>(path: string, options?: MockServerOptions<TBody, TQuery>): Promise<MockResponse<TResponse>>;
+    /**
+     * Type-safe PATCH request
+     * @example
+     * const res = await server.inject.patch<UserResponse>("/users/1", { body: { name: "Jane" } });
+     */
+    patch<TResponse = any, TBody = any, TQuery extends Record<string, string> = any>(path: string, options?: MockServerOptions<TBody, TQuery>): Promise<MockResponse<TResponse>>;
+    /**
+     * Type-safe DELETE request
+     * @example
+     * const res = await server.inject.delete<DeleteResponse>("/users/1");
+     */
+    delete<TResponse = any, TQuery extends Record<string, string> = any>(path: string, options?: Omit<MockServerOptions<never, TQuery>, "body" | "formData">): Promise<MockResponse<TResponse>>;
+}
 interface ServerInterface {
     /**
      * Identifier for the balda server instance
@@ -2975,12 +3036,35 @@ interface ServerInterface {
      */
     disconnect: () => Promise<void>;
     /**
-     * Returns a mock server instance that can be used to test the server without starting it
-     * It will import the controllers and apply the plugins to the mock server
+     * Returns a mock server instance that can be used to test the server without starting it.
+     * The mock server lazily bootstraps (imports controllers, applies plugins) on the first request.
      * @param options - The options for the mock server
      * @param options.controllerPatterns - Custom controller patterns to import if the mock server must not be initialized with the same controller patterns as the server
      */
-    getMockServer: () => Promise<MockServer>;
+    getMockServer: (options?: Pick<ServerOptions, "controllerPatterns">) => MockServer;
+    /**
+     * Inject requests directly into the server without network overhead.
+     * Lazily bootstraps the server on the first call.
+     * Supports both generic `inject(method, path, options)` and typed shortcuts like `inject.get()`, `inject.post()`, etc.
+     *
+     * @example
+     * ```typescript
+     * // Generic inject
+     * const res = await server.inject("GET", "/users");
+     *
+     * // Typed shortcuts
+     * const res = await server.inject.get<User[]>("/users");
+     * const res = await server.inject.post<User, CreateUserInput>("/users", { body: { name: "John" } });
+     * ```
+     */
+    inject: InjectFunction;
+    /**
+     * Ensures the server is bootstrapped (controllers imported, plugins applied).
+     * This is called lazily by `inject()` and `MockServer.request()`, but can be called explicitly to pre-bootstrap.
+     * This method is idempotent — subsequent calls after the first have no effect.
+     * @param options - Optional controller patterns to import
+     */
+    ensureBootstrapped: (options?: Pick<ServerOptions, "controllerPatterns">) => Promise<void>;
     /**
      * Exit current runtime process with the given code based on the current runtime
      * @param code - The code to exit with, defaults to 0
@@ -4615,7 +4699,9 @@ declare const cookie: (options?: CookieMiddlewareOptions) => TypedMiddleware<{
  * ⚠️ SECURITY WARNING: By default, this plugin allows ALL origins ('*').
  * For production environments, explicitly configure allowed origins.
  *
- * @param options CORS options (all optional)
+ * @param options CORS options (all optional). Omitted options keep Balda's defaults,
+ * including default methods and echoing `Access-Control-Request-Headers` on preflight
+ * requests unless `allowedHeaders` is explicitly overridden.
  *
  * @example
  * // Development (permissive)
@@ -4752,7 +4838,7 @@ declare const trustProxy: (options?: TrustProxyOptions) => ServerRouteMiddleware
  * @param options.urlencoded - The options for the URL-encoded middleware.
  * @param options.fileParser - The options for the file parser middleware.
  */
-declare const bodyParser: (options: BodyParserOptions) => ServerRouteMiddleware;
+declare const bodyParser: (options?: BodyParserOptions) => ServerRouteMiddleware;
 
 declare const createPolicyDecorator: <T extends Record<string, PolicyProvider>>(manager: PolicyManager<T>) => PolicyDecorator<T>;
 
@@ -4943,4 +5029,4 @@ declare enum CacheStatus {
  */
 declare const router: ClientRouter;
 
-export { type AsyncLocalStorageContextSetters, AzureBlobStorageProvider, BaseCron, BasePlugin, type BaseStorageProviderOptions, type BlobStorageProviderOptions, type BodyParserOptions, type BodylessMethodOptions, BullMQConfiguration, type BullMQConfigurationOptions, BullMQPubSub, CACHE_STATUS_HEADER, type CacheKeyIncludes, type CacheMiddlewareOptions, type CachePluginOptions, type CacheProvider, type CacheRedisOptions, type CacheRouteConfig, CacheService, type CacheServiceInterface, type CacheStats, CacheStatus, Command, type CommandOptions, CommandRegistry, type CompressionOptions, type CookieMiddlewareOptions, type CorsOptions, type CronSchedule, type CronScheduleParams, CronService, type CronUIOptions, CustomAdapter, type CustomQueueConfiguration, type CustomStorageProviderOptions, CustomTypedQueue, type CustomValidationError, DEFAULT_CACHE_OPTIONS, EdgeAdapter, EjsAdapter, type ExtractParams, GraphQL, type GraphQLContext, type GraphQLOptions, type GraphQLResolverFunction, type GraphQLResolverMap, type GraphQLResolverType, type GraphQLResolvers, type GraphQLSchemaInput, type GraphQLTypeDef, type GroupRouter, HandlebarsAdapter, type HelmetOptions, type HttpMethod, type HttpsOptions, type InferMiddlewareExtension, type InferMiddlewareExtensions, type InferResponseMap, type InferSchemaType, LocalStorageProvider, type LocalStorageProviderOptions, type LockBehavior, type LogOptions, type LoggerOptions, type MailOptions, MailOptionsBuilder, MailProvider, type MailProviderInterface, Mailer, type MailerInterface, type MailerOptions, type MailerProviderOptions, MemoryCacheProvider, MemoryPubSub, type MethodOverrideOptions, MockResponse, MockServer, type MockServerOptions, type MqttConnectionOptions, type MqttHandler, type MqttPublishOptions, MqttService, type MqttSubscribeOptions, type MqttSubscription, type MqttTopics, MustacheAdapter, type NextFunction, type NodeHttpClient, type NodeServer as NodeHttpServerClient, PGBossConfiguration, type PGBossConfigurationOptions, PGBossPubSub, type PolicyDecorator, type PolicyErrorHandlerOptions, PolicyManager, type PolicyProvider, type PolicyRouteConfig, type PublishTopic, QueueManager, QueueService, type RateLimiterKeyOptions, RedisCacheProvider, Request, type RequestSchema, Response$1 as Response, type ResponseBodyForStatus, type RuntimeServer, S3StorageProvider, type S3StorageProviderOptions, SQSConfiguration, type SQSConfigurationOptions, SQSPubSub, type CacheMetrics as SchemaCacheMetrics, type SerializeOptions, type SerializedValidationError, Server, type ServerConnectInput, type ServerErrorHandler, type ServerHook, type ServerInterface, type ServerListenCallback, type ServerOptions, type ServerPlugin, type ServerPluginConfig, type ServerRouteHandler, type ServerRouteMiddleware, type ServerTapOptions, type SessionOptions, type SignalEvent, type StandardMethodOptions, type StaticPluginOptions, Storage, type StorageInterface, type StorageOptions, type StorageProviderOptions, type TemplateMailOptions, type TimeoutOptions, type TrustProxyOptions, type TypedCacheKeyIncludes, type TypedCacheRouteConfig, type TypedHandler, type TypedMiddleware, TypedQueue, type TypedRouteMetadata, type ValidatedData, type ValidationErrorHandlerOptions, type ValidationOptions, arg, asyncLocalStorage, asyncStorage, bodyParser, bullmqQueue, cache, cacheMiddleware, clearAllCaches as clearAllSchemaCaches, commandRegistry, compression, controller, cookie, cors, createExpressAdapter, createPolicyDecorator, createQueue, cron, cronUIInstance, cronUi, Server as default, defineMiddleware, defineQueueConfiguration, del, expressHandler, expressMiddleware, flag, get, getCacheService, getCacheMetrics as getSchemaCacheMetrics, hash, helmet, initCacheService, log, logCacheMetrics as logSchemaCacheMetrics, logger, memoryQueue, methodOverride, middleware, mountExpressRouter, mqtt, patch, pgbossQueue, post, put, rateLimiter, resetCacheService, router, serialize, serveStatic, session, setCronGlobalErrorHandler, setMqttGlobalErrorHandler, sqsQueue, timeout as timeoutMw, trustProxy, validate };
+export { type AsyncLocalStorageContextSetters, AzureBlobStorageProvider, BaseCron, BasePlugin, type BaseStorageProviderOptions, type BlobStorageProviderOptions, type BodyParserOptions, type BodylessMethodOptions, BullMQConfiguration, type BullMQConfigurationOptions, BullMQPubSub, CACHE_STATUS_HEADER, type CacheKeyIncludes, type CacheMiddlewareOptions, type CachePluginOptions, type CacheProvider, type CacheRedisOptions, type CacheRouteConfig, CacheService, type CacheServiceInterface, type CacheStats, CacheStatus, Command, type CommandOptions, CommandRegistry, type CompressionOptions, type CookieMiddlewareOptions, type CorsOptions, type CronSchedule, type CronScheduleParams, CronService, type CronUIOptions, CustomAdapter, type CustomQueueConfiguration, type CustomStorageProviderOptions, CustomTypedQueue, type CustomValidationError, DEFAULT_CACHE_OPTIONS, EdgeAdapter, EjsAdapter, type ExtractParams, GraphQL, type GraphQLContext, type GraphQLOptions, type GraphQLResolverFunction, type GraphQLResolverMap, type GraphQLResolverType, type GraphQLResolvers, type GraphQLSchemaInput, type GraphQLTypeDef, type GroupRouter, HandlebarsAdapter, type HelmetOptions, type HttpMethod, type HttpsOptions, type InferMiddlewareExtension, type InferMiddlewareExtensions, type InferResponseMap, type InferSchemaType, type InjectFunction, LocalStorageProvider, type LocalStorageProviderOptions, type LockBehavior, type LogOptions, type LoggerOptions, type MailOptions, MailOptionsBuilder, MailProvider, type MailProviderInterface, Mailer, type MailerInterface, type MailerOptions, type MailerProviderOptions, MemoryCacheProvider, MemoryPubSub, type MethodOverrideOptions, MockResponse, MockServer, type MockServerOptions, type MqttConnectionOptions, type MqttHandler, type MqttPublishOptions, MqttService, type MqttSubscribeOptions, type MqttSubscription, type MqttTopics, MustacheAdapter, type NextFunction, type NodeHttpClient, type NodeServer as NodeHttpServerClient, PGBossConfiguration, type PGBossConfigurationOptions, PGBossPubSub, type PolicyDecorator, type PolicyErrorHandlerOptions, PolicyManager, type PolicyProvider, type PolicyRouteConfig, type PublishTopic, QueueManager, QueueService, type RateLimiterKeyOptions, RedisCacheProvider, Request, type RequestSchema, Response$1 as Response, type ResponseBodyForStatus, type RuntimeServer, S3StorageProvider, type S3StorageProviderOptions, SQSConfiguration, type SQSConfigurationOptions, SQSPubSub, type CacheMetrics as SchemaCacheMetrics, type SerializeOptions, type SerializedValidationError, Server, type ServerConnectInput, type ServerErrorHandler, type ServerHook, type ServerInterface, type ServerListenCallback, type ServerOptions, type ServerPlugin, type ServerPluginConfig, type ServerRouteHandler, type ServerRouteMiddleware, type ServerTapOptions, type SessionOptions, type SignalEvent, type StandardMethodOptions, type StaticPluginOptions, Storage, type StorageInterface, type StorageOptions, type StorageProviderOptions, type TemplateMailOptions, type TimeoutOptions, type TrustProxyOptions, type TypedCacheKeyIncludes, type TypedCacheRouteConfig, type TypedHandler, type TypedMiddleware, TypedQueue, type TypedRouteMetadata, type ValidatedData, type ValidationErrorHandlerOptions, type ValidationOptions, arg, asyncLocalStorage, asyncStorage, bodyParser, bullmqQueue, cache, cacheMiddleware, clearAllCaches as clearAllSchemaCaches, commandRegistry, compression, controller, cookie, cors, createExpressAdapter, createPolicyDecorator, createQueue, cron, cronUIInstance, cronUi, Server as default, defineMiddleware, defineQueueConfiguration, del, expressHandler, expressMiddleware, flag, get, getCacheService, getCacheMetrics as getSchemaCacheMetrics, hash, helmet, initCacheService, log, logCacheMetrics as logSchemaCacheMetrics, logger, memoryQueue, methodOverride, middleware, mountExpressRouter, mqtt, patch, pgbossQueue, post, put, rateLimiter, resetCacheService, router, serialize, serveStatic, session, setCronGlobalErrorHandler, setMqttGlobalErrorHandler, sqsQueue, timeout as timeoutMw, trustProxy, validate };