blaizejs 0.2.3 → 0.3.0

package/dist/index.js

@@ -1,17 +1,26 @@
 /**
- * blaizejs v0.2.3
+ * blaizejs v0.3.0
  * A blazing-fast, TypeScript-first Node.js framework with HTTP/2 support, file-based routing, powerful middleware system, and end-to-end type safety for building modern APIs.
  * 
  * Copyright (c) 2025 BlaizeJS Contributors
  * @license MIT
  */
 
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
+import {
+  InternalServerError
+} from "./chunk-QQCQRHXJ.js";
+import {
+  ValidationError
+} from "./chunk-SRD3AB6T.js";
+import {
+  BlaizeError,
+  ErrorSeverity,
+  ErrorType,
+  __require,
+  generateCorrelationId,
+  getCurrentCorrelationId,
+  isBodyParseError
+} from "./chunk-TCPQMZ23.js";
 
 // src/middleware/execute.ts
 function execute(middleware, ctx, next) {
@@ -391,8 +400,474 @@ function runWithContext(context, callback) {
   return contextStorage.run(context, callback);
 }
 
+// src/upload/multipart-parser.ts
+import { randomUUID } from "node:crypto";
+import { createWriteStream } from "node:fs";
+import { tmpdir } from "node:os";
+import { join as join2 } from "node:path";
+import { Readable } from "node:stream";
+
+// src/upload/utils.ts
+var BOUNDARY_REGEX = /boundary=([^;]+)/i;
+var CONTENT_DISPOSITION_REGEX = /Content-Disposition:\s*form-data;\s*name="([^"]+)"(?:;[\s\r\n]*filename="([^"]*)")?/i;
+var CONTENT_TYPE_REGEX = /Content-Type:\s*([^\r\n]+)/i;
+var MULTIPART_REGEX = /multipart\/form-data/i;
+function extractBoundary(contentType) {
+  const match = contentType.match(BOUNDARY_REGEX);
+  if (!match || !match[1]) return null;
+  let boundary = match[1].trim();
+  if (boundary.startsWith('"') && boundary.endsWith('"')) {
+    boundary = boundary.slice(1, -1);
+  }
+  return boundary || null;
+}
+function parseContentDisposition(headers) {
+  const match = headers.match(CONTENT_DISPOSITION_REGEX);
+  if (!match || !match[1]) return null;
+  return {
+    name: match[1],
+    filename: match[2] !== void 0 ? match[2] : void 0
+  };
+}
+function parseContentType(headers) {
+  const match = headers.match(CONTENT_TYPE_REGEX);
+  return match && match[1]?.trim() ? match[1].trim() : "application/octet-stream";
+}
+function isMultipartContent(contentType) {
+  return MULTIPART_REGEX.test(contentType);
+}
+
+// src/upload/multipart-parser.ts
+var DEFAULT_OPTIONS = {
+  maxFileSize: 10 * 1024 * 1024,
+  // 10MB
+  maxFiles: 10,
+  maxFieldSize: 1 * 1024 * 1024,
+  // 1MB
+  allowedMimeTypes: [],
+  allowedExtensions: [],
+  strategy: "stream",
+  tempDir: tmpdir(),
+  computeHash: false
+};
+function createParserState(boundary, options = {}) {
+  return {
+    boundary: Buffer.from(`--${boundary}`),
+    options: { ...DEFAULT_OPTIONS, ...options },
+    fields: /* @__PURE__ */ new Map(),
+    files: /* @__PURE__ */ new Map(),
+    buffer: Buffer.alloc(0),
+    stage: "boundary",
+    currentHeaders: "",
+    currentField: null,
+    currentFilename: void 0,
+    currentMimetype: "application/octet-stream",
+    currentContentLength: 0,
+    fileCount: 0,
+    fieldCount: 0,
+    currentBufferChunks: [],
+    currentStream: null,
+    currentTempPath: null,
+    currentWriteStream: null,
+    streamController: null,
+    cleanupTasks: [],
+    // Track validation state
+    hasFoundValidBoundary: false,
+    hasProcessedAnyPart: false,
+    isFinished: false
+  };
+}
+async function processChunk(state, chunk) {
+  const newBuffer = Buffer.concat([state.buffer, chunk]);
+  let currentState = { ...state, buffer: newBuffer };
+  while (currentState.buffer.length > 0 && !currentState.isFinished) {
+    const nextState = await processCurrentStage(currentState);
+    if (nextState === currentState) break;
+    currentState = nextState;
+  }
+  return currentState;
+}
+async function processCurrentStage(state) {
+  switch (state.stage) {
+    case "boundary":
+      return processBoundary(state);
+    case "headers":
+      return processHeaders(state);
+    case "content":
+      return processContent(state);
+    default: {
+      const { InternalServerError: InternalServerError2 } = await import("./internal-server-error-CVRDTBLL.js");
+      throw new InternalServerError2(`Invalid parser stage`, {
+        operation: state.stage
+      });
+    }
+  }
+}
+function processBoundary(state) {
+  const boundaryIndex = state.buffer.indexOf(state.boundary);
+  if (boundaryIndex === -1) return state;
+  const hasFoundValidBoundary = true;
+  let buffer = state.buffer.subarray(boundaryIndex + state.boundary.length);
+  if (buffer.length >= 2 && buffer.subarray(0, 2).equals(Buffer.from("--"))) {
+    return {
+      ...state,
+      buffer,
+      hasFoundValidBoundary,
+      isFinished: true,
+      stage: "boundary"
+    };
+  }
+  if (buffer.length >= 2 && buffer.subarray(0, 2).equals(Buffer.from("\r\n"))) {
+    buffer = buffer.subarray(2);
+  }
+  return {
+    ...state,
+    buffer,
+    hasFoundValidBoundary,
+    stage: "headers",
+    currentHeaders: ""
+  };
+}
+async function processHeaders(state) {
+  const headerEnd = state.buffer.indexOf("\r\n\r\n");
+  if (headerEnd === -1) return state;
+  const headers = state.buffer.subarray(0, headerEnd).toString("utf8");
+  const buffer = state.buffer.subarray(headerEnd + 4);
+  const disposition = parseContentDisposition(headers);
+  if (!disposition) {
+    const { ValidationError: ValidationError2 } = await import("./validation-error-CM6IKIJU.js");
+    throw new ValidationError2("Missing or invalid Content-Disposition header");
+  }
+  const mimetype = parseContentType(headers);
+  const isFile = disposition.filename !== void 0;
+  if (isFile && state.fileCount >= state.options.maxFiles) {
+    const { PayloadTooLargeError } = await import("./payload-too-large-error-PAYLDBZT.js");
+    throw new PayloadTooLargeError("Too many files in upload", {
+      fileCount: state.fileCount + 1,
+      maxFiles: state.options.maxFiles,
+      filename: disposition.filename
+    });
+  }
+  if (isFile && state.options.allowedMimeTypes.length > 0 && !state.options.allowedMimeTypes.includes(mimetype)) {
+    const { UnsupportedMediaTypeError } = await import("./unsupported-media-type-error-MQZD7YQJ.js");
+    throw new UnsupportedMediaTypeError("File type not allowed", {
+      receivedMimeType: mimetype,
+      allowedMimeTypes: state.options.allowedMimeTypes,
+      filename: disposition.filename
+    });
+  }
+  return {
+    ...state,
+    buffer,
+    stage: "content",
+    currentHeaders: headers,
+    currentField: disposition.name,
+    currentFilename: disposition.filename,
+    currentMimetype: mimetype,
+    currentContentLength: 0,
+    fileCount: isFile ? state.fileCount + 1 : state.fileCount,
+    fieldCount: isFile ? state.fieldCount : state.fieldCount + 1,
+    currentBufferChunks: []
+  };
+}
+async function processContent(state) {
+  const nextBoundaryIndex = state.buffer.indexOf(state.boundary);
+  let contentChunk;
+  let isComplete = false;
+  let buffer = state.buffer;
+  if (nextBoundaryIndex === -1) {
+    const safeLength = Math.max(0, state.buffer.length - state.boundary.length);
+    if (safeLength === 0) return state;
+    contentChunk = state.buffer.subarray(0, safeLength);
+    buffer = state.buffer.subarray(safeLength);
+  } else {
+    const contentEnd = Math.max(0, nextBoundaryIndex - 2);
+    contentChunk = state.buffer.subarray(0, contentEnd);
+    buffer = state.buffer.subarray(nextBoundaryIndex);
+    isComplete = true;
+  }
+  let updatedState = { ...state, buffer };
+  if (contentChunk.length > 0) {
+    updatedState = await processContentChunk(updatedState, contentChunk);
+  }
+  if (isComplete) {
+    updatedState = await finalizeCurrentPart(updatedState);
+    updatedState = {
+      ...updatedState,
+      stage: "boundary",
+      hasProcessedAnyPart: true
+      // Mark that we've processed at least one part
+    };
+  }
+  return updatedState;
+}
+async function processContentChunk(state, chunk) {
+  const newContentLength = state.currentContentLength + chunk.length;
+  const maxSize = state.currentFilename !== void 0 ? state.options.maxFileSize : state.options.maxFieldSize;
+  if (newContentLength > maxSize) {
+    const isFile = state.currentFilename !== void 0;
+    const { PayloadTooLargeError } = await import("./payload-too-large-error-PAYLDBZT.js");
+    const payloadErrorDetals = state.currentField ? {
+      contentType: isFile ? "file" : "field",
+      currentSize: newContentLength,
+      maxSize,
+      field: state.currentField,
+      filename: state.currentFilename
+    } : {
+      contentType: isFile ? "file" : "field",
+      currentSize: newContentLength,
+      maxSize,
+      filename: state.currentFilename
+    };
+    throw new PayloadTooLargeError(
+      `${isFile ? "File" : "Field"} size exceeds limit`,
+      payloadErrorDetals
+    );
+  }
+  if (state.currentFilename !== void 0) {
+    return processFileChunk(state, chunk, newContentLength);
+  } else {
+    return {
+      ...state,
+      currentContentLength: newContentLength,
+      currentBufferChunks: [...state.currentBufferChunks, chunk]
+    };
+  }
+}
+async function processFileChunk(state, chunk, newContentLength) {
+  switch (state.options.strategy) {
+    case "memory":
+      return {
+        ...state,
+        currentContentLength: newContentLength,
+        currentBufferChunks: [...state.currentBufferChunks, chunk]
+      };
+    case "stream":
+      if (state.streamController) {
+        state.streamController.enqueue(chunk);
+      }
+      return { ...state, currentContentLength: newContentLength };
+    case "temp":
+      if (state.currentWriteStream) {
+        await writeToStream(state.currentWriteStream, chunk);
+      }
+      return { ...state, currentContentLength: newContentLength };
+    default: {
+      const { ValidationError: ValidationError2 } = await import("./validation-error-CM6IKIJU.js");
+      throw new ValidationError2(`Invalid parsing strategy`);
+    }
+  }
+}
+async function initializeFileProcessing(state) {
+  if (state.currentFilename === void 0) return state;
+  switch (state.options.strategy) {
+    case "memory":
+      return { ...state, currentBufferChunks: [] };
+    case "stream": {
+      let streamController = null;
+      const stream = new ReadableStream({
+        start: (controller) => {
+          streamController = controller;
+        }
+      });
+      return {
+        ...state,
+        currentStream: stream,
+        // Type cast for Node.js compatibility
+        streamController
+      };
+    }
+    case "temp": {
+      const tempPath = join2(state.options.tempDir, `upload-${randomUUID()}`);
+      const writeStream = createWriteStream(tempPath);
+      const cleanupTask = async () => {
+        try {
+          const { unlink } = await import("node:fs/promises");
+          await unlink(tempPath);
+        } catch (error) {
+          console.warn(`Failed to cleanup temp file: ${tempPath}`, error);
+        }
+      };
+      return {
+        ...state,
+        currentTempPath: tempPath,
+        currentWriteStream: writeStream,
+        cleanupTasks: [...state.cleanupTasks, cleanupTask]
+      };
+    }
+    default: {
+      const { ValidationError: ValidationError2 } = await import("./validation-error-CM6IKIJU.js");
+      throw new ValidationError2(`Invalid file processing strategy`);
+    }
+  }
+}
+async function finalizeCurrentPart(state) {
+  if (!state.currentField) return resetCurrentPart(state);
+  if (state.currentFilename !== void 0) {
+    return finalizeFile(state);
+  } else {
+    return finalizeField(state);
+  }
+}
+async function finalizeFile(state) {
+  if (!state.currentField || state.currentFilename === void 0) {
+    return resetCurrentPart(state);
+  }
+  let stream;
+  let buffer;
+  let tempPath;
+  switch (state.options.strategy) {
+    case "memory":
+      buffer = Buffer.concat(state.currentBufferChunks);
+      stream = Readable.from(buffer);
+      break;
+    case "stream":
+      if (state.streamController) {
+        state.streamController.close();
+      }
+      stream = state.currentStream;
+      break;
+    case "temp":
+      if (state.currentWriteStream) {
+        await closeStream(state.currentWriteStream);
+      }
+      tempPath = state.currentTempPath;
+      stream = Readable.from(Buffer.alloc(0));
+      break;
+    default: {
+      const { ValidationError: ValidationError2 } = await import("./validation-error-CM6IKIJU.js");
+      throw new ValidationError2(`Invalid file finalization strategy`);
+    }
+  }
+  const file = {
+    filename: state.currentFilename,
+    fieldname: state.currentField,
+    mimetype: state.currentMimetype,
+    size: state.currentContentLength,
+    stream,
+    buffer,
+    tempPath
+  };
+  const updatedFiles = addToCollection(state.files, state.currentField, file);
+  return {
+    ...resetCurrentPart(state),
+    files: updatedFiles
+  };
+}
+function finalizeField(state) {
+  if (!state.currentField) return resetCurrentPart(state);
+  const value = Buffer.concat(state.currentBufferChunks).toString("utf8");
+  const updatedFields = addToCollection(state.fields, state.currentField, value);
+  return {
+    ...resetCurrentPart(state),
+    fields: updatedFields
+  };
+}
+function resetCurrentPart(state) {
+  return {
+    ...state,
+    currentField: null,
+    currentFilename: void 0,
+    currentContentLength: 0,
+    currentBufferChunks: [],
+    currentStream: null,
+    streamController: null,
+    currentTempPath: null,
+    currentWriteStream: null
+  };
+}
+function addToCollection(collection, key, value) {
+  const newCollection = new Map(collection);
+  const existing = newCollection.get(key) || [];
+  newCollection.set(key, [...existing, value]);
+  return newCollection;
+}
+async function finalize(state) {
+  if (!state.hasFoundValidBoundary) {
+    const { ValidationError: ValidationError2 } = await import("./validation-error-CM6IKIJU.js");
+    throw new ValidationError2("No valid multipart boundary found");
+  }
+  if (state.hasFoundValidBoundary && !state.hasProcessedAnyPart) {
+    const { ValidationError: ValidationError2 } = await import("./validation-error-CM6IKIJU.js");
+    throw new ValidationError2("Empty multipart request");
+  }
+  const fields = {};
+  for (const [key, values] of state.fields.entries()) {
+    fields[key] = values.length === 1 ? values[0] : values;
+  }
+  const files = {};
+  for (const [key, fileList] of state.files.entries()) {
+    files[key] = fileList.length === 1 ? fileList[0] : fileList;
+  }
+  return { fields, files };
+}
+async function cleanup(state) {
+  await Promise.allSettled(state.cleanupTasks.map((task) => task()));
+  if (state.streamController) {
+    state.streamController.close();
+  }
+  if (state.currentWriteStream) {
+    await closeStream(state.currentWriteStream);
+  }
+}
+async function writeToStream(stream, chunk) {
+  return new Promise((resolve3, reject) => {
+    stream.write(chunk, (error) => {
+      if (error) reject(error);
+      else resolve3();
+    });
+  });
+}
+async function closeStream(stream) {
+  return new Promise((resolve3) => {
+    stream.end(() => resolve3());
+  });
+}
+async function parseMultipartRequest(request, options = {}) {
+  const contentType = request.headers["content-type"] || "";
+  const boundary = extractBoundary(contentType);
+  if (!boundary) {
+    const { UnsupportedMediaTypeError } = await import("./unsupported-media-type-error-MQZD7YQJ.js");
+    throw new UnsupportedMediaTypeError("Missing boundary in multipart content-type", {
+      receivedContentType: contentType,
+      expectedFormat: "multipart/form-data; boundary=..."
+    });
+  }
+  let state = createParserState(boundary, options);
+  if (state.currentFilename !== void 0) {
+    state = await initializeFileProcessing(state);
+  }
+  try {
+    for await (const chunk of request) {
+      state = await processChunk(state, chunk);
+    }
+    return finalize(state);
+  } finally {
+    await cleanup(state);
+  }
+}
+
 // src/context/create.ts
 var CONTENT_TYPE_HEADER = "Content-Type";
+var DEFAULT_BODY_LIMITS = {
+  json: 512 * 1024,
+  // 512KB - Most APIs should be much smaller
+  form: 1024 * 1024,
+  // 1MB - Reasonable for form submissions
+  text: 5 * 1024 * 1024,
+  // 5MB - Documents, logs, code files
+  multipart: {
+    maxFileSize: 50 * 1024 * 1024,
+    // 50MB per file
+    maxTotalSize: 100 * 1024 * 1024,
+    // 100MB total request
+    maxFiles: 10,
+    maxFieldSize: 1024 * 1024
+    // 1MB for form fields
+  },
+  raw: 10 * 1024 * 1024
+  // 10MB for unknown content types
+};
 function parseRequestUrl(req) {
   const originalUrl = req.url || "/";
   const host = req.headers.host || "localhost";
@@ -457,7 +932,7 @@ async function createContext(req, res, options = {}) {
   };
   ctx.response = createResponseObject(res, responseState, ctx);
   if (options.parseBody) {
-    await parseBodyIfNeeded(req, ctx);
+    await parseBodyIfNeeded(req, ctx, options);
   }
   return ctx;
 }
@@ -633,34 +1108,60 @@ function createStreamResponder(res, responseState) {
     });
   };
 }
-async function parseBodyIfNeeded(req, ctx) {
+async function parseBodyIfNeeded(req, ctx, options = {}) {
   if (shouldSkipParsing(req.method)) {
     return;
   }
   const contentType = req.headers["content-type"] || "";
   const contentLength = parseInt(req.headers["content-length"] || "0", 10);
-  if (contentLength === 0 || contentLength > 1048576) {
+  if (contentLength === 0) {
     return;
   }
+  const limits = {
+    json: options.bodyLimits?.json ?? DEFAULT_BODY_LIMITS.json,
+    form: options.bodyLimits?.form ?? DEFAULT_BODY_LIMITS.form,
+    text: options.bodyLimits?.text ?? DEFAULT_BODY_LIMITS.text,
+    raw: options.bodyLimits?.raw ?? DEFAULT_BODY_LIMITS.raw,
+    multipart: {
+      maxFileSize: options.bodyLimits?.multipart?.maxFileSize ?? DEFAULT_BODY_LIMITS.multipart.maxFileSize,
+      maxFiles: options.bodyLimits?.multipart?.maxFiles ?? DEFAULT_BODY_LIMITS.multipart.maxFiles,
+      maxFieldSize: options.bodyLimits?.multipart?.maxFieldSize ?? DEFAULT_BODY_LIMITS.multipart.maxFieldSize,
+      maxTotalSize: options.bodyLimits?.multipart?.maxTotalSize ?? DEFAULT_BODY_LIMITS.multipart.maxTotalSize
+    }
+  };
   try {
-    await parseBodyByContentType(req, ctx, contentType);
+    if (contentType.includes("application/json")) {
+      if (contentLength > limits.json) {
+        throw new Error(`JSON body too large: ${contentLength} > ${limits.json} bytes`);
+      }
+      await parseJsonBody(req, ctx);
+    } else if (contentType.includes("application/x-www-form-urlencoded")) {
+      if (contentLength > limits.form) {
+        throw new Error(`Form body too large: ${contentLength} > ${limits.form} bytes`);
+      }
+      await parseFormUrlEncodedBody(req, ctx);
+    } else if (contentType.includes("text/")) {
+      if (contentLength > limits.text) {
+        throw new Error(`Text body too large: ${contentLength} > ${limits.text} bytes`);
+      }
+      await parseTextBody(req, ctx);
+    } else if (isMultipartContent(contentType)) {
+      await parseMultipartBody(req, ctx, limits.multipart);
+    } else {
+      if (contentLength > limits.raw) {
+        throw new Error(`Request body too large: ${contentLength} > ${limits.raw} bytes`);
+      }
+      return;
+    }
   } catch (error) {
-    setBodyError(ctx, "body_read_error", "Error reading request body", error);
+    const errorType = contentType.includes("multipart") ? "multipart_parse_error" : "body_read_error";
+    setBodyError(ctx, errorType, "Error reading request body", error);
   }
 }
 function shouldSkipParsing(method) {
   const skipMethods = ["GET", "HEAD", "OPTIONS"];
   return skipMethods.includes(method || "GET");
 }
-async function parseBodyByContentType(req, ctx, contentType) {
-  if (contentType.includes("application/json")) {
-    await parseJsonBody(req, ctx);
-  } else if (contentType.includes("application/x-www-form-urlencoded")) {
-    await parseFormUrlEncodedBody(req, ctx);
-  } else if (contentType.includes("text/")) {
-    await parseTextBody(req, ctx);
-  }
-}
 async function parseJsonBody(req, ctx) {
   const body = await readRequestBody(req);
   if (!body) {
@@ -712,8 +1213,27 @@ async function parseTextBody(req, ctx) {
     ctx.request.body = body;
   }
 }
+async function parseMultipartBody(req, ctx, multipartLimits) {
+  try {
+    const limits = multipartLimits || DEFAULT_BODY_LIMITS.multipart;
+    const multipartData = await parseMultipartRequest(req, {
+      strategy: "stream",
+      maxFileSize: limits.maxFileSize,
+      maxFiles: limits.maxFiles,
+      maxFieldSize: limits.maxFieldSize
+      // Could add total size validation here
+    });
+    ctx.request.multipart = multipartData;
+    ctx.request.files = multipartData.files;
+    ctx.request.body = multipartData.fields;
+  } catch (error) {
+    ctx.request.body = null;
+    setBodyError(ctx, "multipart_parse_error", "Failed to parse multipart data", error);
+  }
+}
 function setBodyError(ctx, type, message, error) {
-  ctx.state._bodyError = { type, message, error };
+  const bodyError = { type, message, error };
+  ctx.state._bodyError = bodyError;
 }
 async function readRequestBody(req) {
   return new Promise((resolve3, reject) => {
@@ -730,6 +1250,102 @@ async function readRequestBody(req) {
   });
 }
 
+// src/errors/not-found-error.ts
+var NotFoundError = class extends BlaizeError {
+  /**
+   * Creates a new NotFoundError instance
+   *
+   * @param title - Human-readable error message
+   * @param details - Optional context about the missing resource
+   * @param correlationId - Optional correlation ID (uses current context if not provided)
+   */
+  constructor(title, details = void 0, correlationId = void 0) {
+    super(
+      "NOT_FOUND" /* NOT_FOUND */,
+      title,
+      404,
+      // HTTP 404 Not Found
+      correlationId ?? getCurrentCorrelationId(),
+      details
+    );
+  }
+};
+
+// src/errors/boundary.ts
+function isHandledError(error) {
+  return error instanceof BlaizeError;
+}
+function formatErrorResponse(error) {
+  if (isHandledError(error)) {
+    return {
+      type: error.type,
+      title: error.title,
+      status: error.status,
+      correlationId: error.correlationId,
+      timestamp: error.timestamp.toISOString(),
+      details: error.details
+    };
+  }
+  const correlationId = generateCorrelationId();
+  let originalMessage;
+  if (error instanceof Error) {
+    originalMessage = error.message;
+  } else if (error === null || error === void 0) {
+    originalMessage = "Unknown error occurred";
+  } else {
+    originalMessage = String(error);
+  }
+  const wrappedError = new InternalServerError(
+    "Internal Server Error",
+    { originalMessage },
+    correlationId
+  );
+  return {
+    type: wrappedError.type,
+    title: wrappedError.title,
+    status: wrappedError.status,
+    correlationId: wrappedError.correlationId,
+    timestamp: wrappedError.timestamp.toISOString(),
+    details: wrappedError.details
+  };
+}
+function extractOrGenerateCorrelationId(headerGetter) {
+  return headerGetter("x-correlation-id") ?? generateCorrelationId();
+}
+function setErrorResponseHeaders(headerSetter, correlationId) {
+  headerSetter("x-correlation-id", correlationId);
+}
+
+// src/middleware/error-boundary.ts
+function createErrorBoundary(options = {}) {
+  const { debug = false } = options;
+  const middlewareFn = async (ctx, next) => {
+    try {
+      await next();
+    } catch (error) {
+      if (ctx.response.sent) {
+        if (debug) {
+          console.error("Error occurred after response was sent:", error);
+        }
+        return;
+      }
+      if (debug) {
+        console.error("Error boundary caught error:", error);
+      }
+      const correlationId = extractOrGenerateCorrelationId(ctx.request.header);
+      const errorResponse = formatErrorResponse(error);
+      errorResponse.correlationId = correlationId;
+      setErrorResponseHeaders(ctx.response.header, correlationId);
+      ctx.response.status(errorResponse.status).json(errorResponse);
+    }
+  };
+  return {
+    name: "ErrorBoundary",
+    execute: middlewareFn,
+    debug
+  };
+}
+
 // src/server/request-handler.ts
 function createRequestHandler(serverInstance) {
   return async (req, res) => {
@@ -738,32 +1354,20 @@ function createRequestHandler(serverInstance) {
         parseBody: true
         // Enable automatic body parsing
       });
-      const handler = compose(serverInstance.middleware);
+      const errorBoundary = createErrorBoundary();
+      const allMiddleware = [errorBoundary, ...serverInstance.middleware];
+      const handler = compose(allMiddleware);
       await runWithContext(context, async () => {
-        try {
-          await handler(context, async () => {
+        await handler(context, async () => {
+          if (!context.response.sent) {
+            await serverInstance.router.handleRequest(context);
             if (!context.response.sent) {
-              await serverInstance.router.handleRequest(context);
-              if (!context.response.sent) {
-                context.response.status(404).json({
-                  error: "Not Found",
-                  message: `Route not found: ${context.request.method} ${context.request.path}`
-                });
-              }
+              throw new NotFoundError(
+                `Route not found: ${context.request.method} ${context.request.path}`
+              );
             }
-          });
-        } catch (error) {
-          console.error("Error processing request:", error);
-          if (!context.response.sent) {
-            context.response.json(
-              {
-                error: "Internal Server Error",
-                message: process.env.NODE_ENV === "development" ? error || "Unknown error" : "An error occurred processing your request"
-              },
-              500
-            );
           }
-        }
+        });
       });
     } catch (error) {
       console.error("Error creating context:", error);
@@ -1604,81 +2208,8 @@ function watchRoutes(routesDir, options = {}) {
   };
 }
 
-// src/router/handlers/error.ts
-function handleRouteError(ctx, error, options = {}) {
-  if (options.log) {
-    console.error("Route error:", error);
-  }
-  const status = getErrorStatus(error);
-  const response = {
-    error: getErrorType(error),
-    message: getErrorMessage(error)
-  };
-  if (options.detailed) {
-    if (error instanceof Error) {
-      response.stack = error.stack;
-    }
-    if (error && typeof error === "object" && "details" in error && error.details) {
-      response.details = error.details;
-    }
-  }
-  ctx.response.status(status).json(response);
-}
-function getErrorStatus(error) {
-  if (error && typeof error === "object") {
-    if ("status" in error && typeof error.status === "number") {
-      return error.status;
-    }
-    if ("statusCode" in error && typeof error.statusCode === "number") {
-      return error.statusCode;
-    }
-    if ("code" in error && typeof error.code === "string") {
-      return getStatusFromCode(error.code);
-    }
-  }
-  return 500;
-}
-function getStatusFromCode(code) {
-  switch (code) {
-    case "NOT_FOUND":
-      return 404;
-    case "UNAUTHORIZED":
-      return 401;
-    case "FORBIDDEN":
-      return 403;
-    case "BAD_REQUEST":
-      return 400;
-    case "CONFLICT":
-      return 409;
-    default:
-      return 500;
-  }
-}
-function getErrorType(error) {
-  if (error && typeof error === "object") {
-    if ("type" in error && typeof error.type === "string") {
-      return error.type;
-    }
-    if ("name" in error && typeof error.name === "string") {
-      return error.name;
-    }
-    if (error instanceof Error) {
-      return error.constructor.name;
-    }
-  }
-  return "Error";
-}
-function getErrorMessage(error) {
-  if (error instanceof Error) {
-    return error.message;
-  }
-  if (error && typeof error === "object") {
-    if ("message" in error && typeof error.message === "string") {
-      return error.message;
-    }
-  }
-  return String(error);
-}
+// src/router/validation/schema.ts
+import { z as z6 } from "zod";
 
 // src/router/validation/body.ts
 import { z as z2 } from "zod";
@@ -1719,35 +2250,45 @@ function validateResponse(response, schema) {
 // src/router/validation/schema.ts
 function createRequestValidator(schema, debug = false) {
   const middlewareFn = async (ctx, next) => {
-    const errors = {};
     if (schema.params && ctx.request.params) {
       try {
         ctx.request.params = validateParams(ctx.request.params, schema.params);
       } catch (error) {
-        errors.params = formatValidationError(error);
+        const fieldErrors = extractZodFieldErrors(error);
+        const errorCount = fieldErrors.reduce((sum, fe) => sum + fe.messages.length, 0);
+        throw new ValidationError("Request validation failed", {
+          fields: fieldErrors,
+          errorCount,
+          section: "params"
+        });
       }
     }
     if (schema.query && ctx.request.query) {
       try {
         ctx.request.query = validateQuery(ctx.request.query, schema.query);
       } catch (error) {
-        errors.query = formatValidationError(error);
+        const fieldErrors = extractZodFieldErrors(error);
+        const errorCount = fieldErrors.reduce((sum, fe) => sum + fe.messages.length, 0);
+        throw new ValidationError("Request validation failed", {
+          fields: fieldErrors,
+          errorCount,
+          section: "query"
+        });
       }
     }
     if (schema.body) {
       try {
         ctx.request.body = validateBody(ctx.request.body, schema.body);
       } catch (error) {
-        errors.body = formatValidationError(error);
+        const fieldErrors = extractZodFieldErrors(error);
+        const errorCount = fieldErrors.reduce((sum, fe) => sum + fe.messages.length, 0);
+        throw new ValidationError("Request validation failed", {
+          fields: fieldErrors,
+          errorCount,
+          section: "body"
+        });
       }
     }
-    if (Object.keys(errors).length > 0) {
-      ctx.response.status(400).json({
-        error: "Validation Error",
-        details: errors
-      });
-      return;
-    }
     await next();
   };
   return {
@@ -1766,12 +2307,11 @@ function createResponseValidator(responseSchema, debug = false) {
         return originalJson.call(ctx.response, validatedBody, status);
       } catch (error) {
         ctx.response.json = originalJson;
-        console.error("Response validation error:", error);
-        ctx.response.status(500).json({
-          error: "Internal Server Error",
-          message: "Response validation failed"
+        throw new InternalServerError("Response validation failed", {
+          responseSchema: responseSchema.description || "Unknown schema",
+          validationError: extractZodFieldErrors(error),
+          originalResponse: body
         });
-        return ctx.response;
       }
     };
     await next();
@@ -1782,11 +2322,25 @@ function createResponseValidator(responseSchema, debug = false) {
     debug
   };
 }
-function formatValidationError(error) {
-  if (error && typeof error === "object" && "format" in error && typeof error.format === "function") {
-    return error.format();
+function extractZodFieldErrors(error) {
+  if (error instanceof z6.ZodError) {
+    const fieldErrorMap = /* @__PURE__ */ new Map();
+    for (const issue of error.issues) {
+      const fieldPath = issue.path.length > 0 ? issue.path.join(".") : "root";
+      if (!fieldErrorMap.has(fieldPath)) {
+        fieldErrorMap.set(fieldPath, []);
+      }
+      fieldErrorMap.get(fieldPath).push(issue.message);
+    }
+    return Array.from(fieldErrorMap.entries()).map(([field, messages]) => ({
+      field,
+      messages
+    }));
   }
-  return error instanceof Error ? error.message : String(error);
+  if (error instanceof Error) {
+    return [{ field: "unknown", messages: [error.message] }];
+  }
+  return [{ field: "unknown", messages: [String(error)] }];
 }
 
 // src/router/handlers/executor.ts
@@ -2221,8 +2775,7 @@ function createRouter(options) {
       const match = matcher.match(path6, method);
       if (!match) {
         console.log(`\u274C No match found for: ${method} ${path6}`);
-        ctx.response.status(404).json({ error: "Not Found" });
-        return;
+        throw new NotFoundError("Not found");
       }
       console.log(`\u2705 Route matched: ${method} ${path6}`);
       console.log(`   Params: ${JSON.stringify(match.params)}`);
@@ -2237,14 +2790,7 @@ function createRouter(options) {
         return;
       }
       ctx.request.params = match.params;
-      try {
-        await executeHandler(ctx, match.route, match.params);
-      } catch (error) {
-        handleRouteError(ctx, error, {
-          detailed: process.env.NODE_ENV !== "production",
-          log: true
-        });
-      }
+      await executeHandler(ctx, match.route, match.params);
     },
     /**
      * Get all registered routes (using optimized registry)
@@ -2305,7 +2851,7 @@ function createRouter(options) {
 }
 
 // src/server/create.ts
-var DEFAULT_OPTIONS = {
+var DEFAULT_OPTIONS2 = {
   port: 3e3,
   host: "localhost",
   routesDir: "./routes",
@@ -2316,7 +2862,7 @@ var DEFAULT_OPTIONS = {
   plugins: []
 };
 function createServerOptions(options = {}) {
-  const baseOptions = { ...DEFAULT_OPTIONS };
+  const baseOptions = { ...DEFAULT_OPTIONS2 };
   setRuntimeConfig({ routesDir: options.routesDir || baseOptions.routesDir });
   return {
     port: options.port ?? baseOptions.port,
@@ -2436,6 +2982,90 @@ function create3(options = {}) {
   return serverInstance;
 }
 
+// src/errors/unauthorized-error.ts
+var UnauthorizedError = class extends BlaizeError {
+  /**
+   * Creates a new UnauthorizedError instance
+   *
+   * @param title - Human-readable error message
+   * @param details - Optional authentication context
+   * @param correlationId - Optional correlation ID (uses current context if not provided)
+   */
+  constructor(title, details = void 0, correlationId = void 0) {
+    super(
+      "UNAUTHORIZED" /* UNAUTHORIZED */,
+      title,
+      401,
+      // HTTP 401 Unauthorized
+      correlationId ?? getCurrentCorrelationId(),
+      details
+    );
+  }
+};
+
+// src/errors/forbidden-error.ts
+var ForbiddenError = class extends BlaizeError {
+  /**
+   * Creates a new ForbiddenError instance
+   *
+   * @param title - Human-readable error message
+   * @param details - Optional permission context
+   * @param correlationId - Optional correlation ID (uses current context if not provided)
+   */
+  constructor(title, details = void 0, correlationId = void 0) {
+    super(
+      "FORBIDDEN" /* FORBIDDEN */,
+      title,
+      403,
+      // HTTP 403 Forbidden
+      correlationId ?? getCurrentCorrelationId(),
+      details
+    );
+  }
+};
+
+// src/errors/conflict-error.ts
+var ConflictError = class extends BlaizeError {
+  /**
+   * Creates a new ConflictError instance
+   *
+   * @param title - Human-readable error message
+   * @param details - Optional conflict context
+   * @param correlationId - Optional correlation ID (uses current context if not provided)
+   */
+  constructor(title, details = void 0, correlationId = void 0) {
+    super(
+      "CONFLICT" /* CONFLICT */,
+      title,
+      409,
+      // HTTP 409 Conflict
+      correlationId ?? getCurrentCorrelationId(),
+      details
+    );
+  }
+};
+
+// src/errors/rate-limit-error.ts
+var RateLimitError = class extends BlaizeError {
+  /**
+   * Creates a new RateLimitError instance
+   *
+   * @param title - Human-readable error message
+   * @param details - Optional rate limit context
+   * @param correlationId - Optional correlation ID (uses current context if not provided)
+   */
+  constructor(title, details = void 0, correlationId = void 0) {
+    super(
+      "RATE_LIMITED" /* RATE_LIMITED */,
+      title,
+      429,
+      // HTTP 429 Too Many Requests
+      correlationId ?? getCurrentCorrelationId(),
+      details
+    );
+  }
+};
+
 // src/index.ts
 var VERSION = "0.1.0";
 var ServerAPI = { createServer: create3 };
@@ -2466,11 +3096,21 @@ var Blaize = {
 var index_default = Blaize;
 export {
   Blaize,
+  BlaizeError,
+  ConflictError,
+  ErrorSeverity,
+  ErrorType,
+  ForbiddenError,
+  InternalServerError,
   MiddlewareAPI,
+  NotFoundError,
   PluginsAPI,
+  RateLimitError,
   RouterAPI,
   ServerAPI,
+  UnauthorizedError,
   VERSION,
+  ValidationError,
   compose,
   createDeleteRoute,
   createGetRoute,
@@ -2482,6 +3122,7 @@ export {
   createPostRoute,
   createPutRoute,
   create3 as createServer,
-  index_default as default
+  index_default as default,
+  isBodyParseError
 };
 //# sourceMappingURL=index.js.map