expediate 1.0.4 → 1.0.6

package/dist/cjs/index.js

@@ -0,0 +1,4066 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  DESCRIBE_META: () => DESCRIBE_META,
+  apiBuilder: () => apis_default,
+  cacheControl: () => cacheControl,
+  compress: () => compress,
+  conditionalGet: () => conditionalGet,
+  cors: () => cors,
+  createJwtPlugin: () => jwt_auth_default,
+  createMapTokenStore: () => createMapTokenStore,
+  createRouter: () => router_default,
+  csrf: () => csrf,
+  defineController: () => defineController,
+  describe: () => describe,
+  formData: () => formData,
+  formEncoded: () => formEncoded,
+  gitCreate: () => gitCreate,
+  gitHandler: () => gitHandler,
+  json: () => json,
+  logger: () => logger,
+  mime: () => mime,
+  openApiSpec: () => openApiSpec,
+  parseBody: () => parseBody,
+  parseMultipartBody: () => parseMultipartBody,
+  rateLimit: () => rateLimit,
+  raw: () => raw,
+  requestId: () => requestId,
+  securityHeaders: () => securityHeaders,
+  sendFile: () => sendFile,
+  serializeSpec: () => serializeSpec,
+  serveFile: () => serveFile,
+  serveStatic: () => serveStatic,
+  streamFormData: () => streamFormData,
+  text: () => text
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/router.ts
+var http = __toESM(require("http"), 1);
+var https = __toESM(require("https"), 1);
+var http2 = __toESM(require("http2"), 1);
+
+// src/http-objects.ts
+var crypto = __toESM(require("crypto"), 1);
+var fs2 = __toESM(require("fs"), 1);
+var path = __toESM(require("path"), 1);
+
+// src/static.ts
+var import_fs = __toESM(require("fs"), 1);
+var import_path = __toESM(require("path"), 1);
+
+// src/mimetypes.json
+var mimetypes_default = {
+  "application/andrew-inset": ["ez"],
+  "application/applixware": ["aw"],
+  "application/atom+xml": ["atom"],
+  "application/atomcat+xml": ["atomcat"],
+  "application/atomsvc+xml": ["atomsvc"],
+  "application/bdoc": ["bdoc"],
+  "application/ccxml+xml": ["ccxml"],
+  "application/cdmi-capability": ["cdmia"],
+  "application/cdmi-container": ["cdmic"],
+  "application/cdmi-domain": ["cdmid"],
+  "application/cdmi-object": ["cdmio"],
+  "application/cdmi-queue": ["cdmiq"],
+  "application/cu-seeme": ["cu"],
+  "application/dash+xml": ["mpd"],
+  "application/davmount+xml": ["davmount"],
+  "application/docbook+xml": ["dbk"],
+  "application/dssc+der": ["dssc"],
+  "application/dssc+xml": ["xdssc"],
+  "application/ecmascript": ["ecma"],
+  "application/emma+xml": ["emma"],
+  "application/epub+zip": ["epub"],
+  "application/exi": ["exi"],
+  "application/font-tdpfr": ["pfr"],
+  "application/font-woff": [],
+  "application/font-woff2": [],
+  "application/geo+json": ["geojson"],
+  "application/gml+xml": ["gml"],
+  "application/gpx+xml": ["gpx"],
+  "application/gxf": ["gxf"],
+  "application/gzip": ["gz"],
+  "application/hyperstudio": ["stk"],
+  "application/inkml+xml": ["ink", "inkml"],
+  "application/ipfix": ["ipfix"],
+  "application/java-archive": ["jar", "war", "ear"],
+  "application/java-serialized-object": ["ser"],
+  "application/java-vm": ["class"],
+  "application/javascript": ["js", "mjs"],
+  "application/json": ["json", "map"],
+  "application/json5": ["json5"],
+  "application/jsonml+json": ["jsonml"],
+  "application/ld+json": ["jsonld"],
+  "application/lost+xml": ["lostxml"],
+  "application/mac-binhex40": ["hqx"],
+  "application/mac-compactpro": ["cpt"],
+  "application/mads+xml": ["mads"],
+  "application/manifest+json": ["webmanifest"],
+  "application/marc": ["mrc"],
+  "application/marcxml+xml": ["mrcx"],
+  "application/mathematica": ["ma", "nb", "mb"],
+  "application/mathml+xml": ["mathml"],
+  "application/mbox": ["mbox"],
+  "application/mediaservercontrol+xml": ["mscml"],
+  "application/metalink+xml": ["metalink"],
+  "application/metalink4+xml": ["meta4"],
+  "application/mets+xml": ["mets"],
+  "application/mods+xml": ["mods"],
+  "application/mp21": ["m21", "mp21"],
+  "application/mp4": ["mp4s", "m4p"],
+  "application/msword": ["doc", "dot", "wiz"],
+  "application/mxf": ["mxf"],
+  "application/octet-stream": ["bin", "dms", "lrf", "mar", "so", "dist", "distz", "pkg", "bpk", "dump", "elc", "deploy", "exe", "dll", "deb", "dmg", "iso", "img", "msi", "msp", "msm", "buffer", "a", "o"],
+  "application/oda": ["oda"],
+  "application/oebps-package+xml": ["opf"],
+  "application/ogg": ["ogx"],
+  "application/omdoc+xml": ["omdoc"],
+  "application/onenote": ["onetoc", "onetoc2", "onetmp", "onepkg"],
+  "application/oxps": ["oxps"],
+  "application/patch-ops-error+xml": ["xer"],
+  "application/pdf": ["pdf"],
+  "application/pgp-encrypted": ["pgp"],
+  "application/pgp-signature": ["asc", "sig"],
+  "application/pics-rules": ["prf"],
+  "application/pkcs10": ["p10"],
+  "application/pkcs7-mime": ["p7m", "p7c"],
+  "application/pkcs7-signature": ["p7s"],
+  "application/pkcs8": ["p8"],
+  "application/pkix-attr-cert": ["ac"],
+  "application/pkix-cert": ["cer"],
+  "application/pkix-crl": ["crl"],
+  "application/pkix-pkipath": ["pkipath"],
+  "application/pkixcmp": ["pki"],
+  "application/pls+xml": ["pls"],
+  "application/postscript": ["ai", "eps", "ps"],
+  "application/prql": ["prql"],
+  "application/prs.cww": ["cww"],
+  "application/pskc+xml": ["pskcxml"],
+  "application/raml+yaml": ["raml"],
+  "application/rdf+xml": ["rdf"],
+  "application/reginfo+xml": ["rif"],
+  "application/relax-ng-compact-syntax": ["rnc"],
+  "application/resource-lists+xml": ["rl"],
+  "application/resource-lists-diff+xml": ["rld"],
+  "application/rls-services+xml": ["rs"],
+  "application/rpki-ghostbusters": ["gbr"],
+  "application/rpki-manifest": ["mft"],
+  "application/rpki-roa": ["roa"],
+  "application/rsd+xml": ["rsd"],
+  "application/rss+xml": ["rss"],
+  "application/rtf": ["rtf"],
+  "application/sbml+xml": ["sbml"],
+  "application/scvp-cv-request": ["scq"],
+  "application/scvp-cv-response": ["scs"],
+  "application/scvp-vp-request": ["spq"],
+  "application/scvp-vp-response": ["spp"],
+  "application/sdp": ["sdp"],
+  "application/set-payment-initiation": ["setpay"],
+  "application/set-registration-initiation": ["setreg"],
+  "application/shf+xml": ["shf"],
+  "application/smil+xml": ["smi", "smil"],
+  "application/sparql-query": ["rq"],
+  "application/sparql-results+xml": ["srx"],
+  "application/srgs": ["gram"],
+  "application/srgs+xml": ["grxml"],
+  "application/sru+xml": ["sru"],
+  "application/ssdl+xml": ["ssdl"],
+  "application/ssml+xml": ["ssml"],
+  "application/tei+xml": ["tei", "teicorpus"],
+  "application/thraud+xml": ["tfi"],
+  "application/timestamped-data": ["tsd"],
+  "application/vnd.3gpp.pic-bw-large": ["plb"],
+  "application/vnd.3gpp.pic-bw-small": ["psb"],
+  "application/vnd.3gpp.pic-bw-var": ["pvb"],
+  "application/vnd.3gpp2.tcap": ["tcap"],
+  "application/vnd.3m.post-it-notes": ["pwn"],
+  "application/vnd.accpac.simply.aso": ["aso"],
+  "application/vnd.accpac.simply.imp": ["imp"],
+  "application/vnd.acucobol": ["acu"],
+  "application/vnd.acucorp": ["atc", "acutc"],
+  "application/vnd.adobe.air-application-installer-package+zip": ["air"],
+  "application/vnd.adobe.formscentral.fcdt": ["fcdt"],
+  "application/vnd.adobe.fxp": ["fxp", "fxpl"],
+  "application/vnd.adobe.xdp+xml": ["xdp"],
+  "application/vnd.adobe.xfdf": ["xfdf"],
+  "application/vnd.ahead.space": ["ahead"],
+  "application/vnd.airzip.filesecure.azf": ["azf"],
+  "application/vnd.airzip.filesecure.azs": ["azs"],
+  "application/vnd.amazon.ebook": ["azw"],
+  "application/vnd.americandynamics.acc": ["acc"],
+  "application/vnd.amiga.ami": ["ami"],
+  "application/vnd.android.package-archive": ["apk"],
+  "application/vnd.anser-web-certificate-issue-initiation": ["cii"],
+  "application/vnd.anser-web-funds-transfer-initiation": ["fti"],
+  "application/vnd.antix.game-component": ["atx"],
+  "application/vnd.apple.installer+xml": ["mpkg"],
+  "application/vnd.apple.mpegurl": ["m3u8"],
+  "application/vnd.apple.pkpass": ["pkpass"],
+  "application/vnd.aristanetworks.swi": ["swi"],
+  "application/vnd.astraea-software.iota": ["iota"],
+  "application/vnd.audiograph": ["aep"],
+  "application/vnd.blueice.multipass": ["mpm"],
+  "application/vnd.bmi": ["bmi"],
+  "application/vnd.businessobjects": ["rep"],
+  "application/vnd.chemdraw+xml": ["cdxml"],
+  "application/vnd.chipnuts.karaoke-mmd": ["mmd"],
+  "application/vnd.cinderella": ["cdy"],
+  "application/vnd.claymore": ["cla"],
+  "application/vnd.cloanto.rp9": ["rp9"],
+  "application/vnd.clonk.c4group": ["c4g", "c4d", "c4f", "c4p", "c4u"],
+  "application/vnd.cluetrust.cartomobile-config": ["c11amc"],
+  "application/vnd.cluetrust.cartomobile-config-pkg": ["c11amz"],
+  "application/vnd.commonspace": ["csp"],
+  "application/vnd.contact.cmsg": ["cdbcmsg"],
+  "application/vnd.cosmocaller": ["cmc"],
+  "application/vnd.crick.clicker": ["clkx"],
+  "application/vnd.crick.clicker.keyboard": ["clkk"],
+  "application/vnd.crick.clicker.palette": ["clkp"],
+  "application/vnd.crick.clicker.template": ["clkt"],
+  "application/vnd.crick.clicker.wordbank": ["clkw"],
+  "application/vnd.criticaltools.wbs+xml": ["wbs"],
+  "application/vnd.ctc-posml": ["pml"],
+  "application/vnd.cups-ppd": ["ppd"],
+  "application/vnd.curl.car": ["car"],
+  "application/vnd.curl.pcurl": ["pcurl"],
+  "application/vnd.dart": ["dart"],
+  "application/vnd.data-vision.rdz": ["rdz"],
+  "application/vnd.dece.data": ["uvf", "uvvf", "uvd", "uvvd"],
+  "application/vnd.dece.ttml+xml": ["uvt", "uvvt"],
+  "application/vnd.dece.unspecified": ["uvx", "uvvx"],
+  "application/vnd.dece.zip": ["uvz", "uvvz"],
+  "application/vnd.denovo.fcselayout-link": ["fe_launch"],
+  "application/vnd.dna": ["dna"],
+  "application/vnd.dolby.mlp": ["mlp"],
+  "application/vnd.dpgraph": ["dpg"],
+  "application/vnd.dreamfactory": ["dfac"],
+  "application/vnd.ds-keypoint": ["kpxx"],
+  "application/vnd.dvb.ait": ["ait"],
+  "application/vnd.dvb.service": ["svc"],
+  "application/vnd.dynageo": ["geo"],
+  "application/vnd.ecowin.chart": ["mag"],
+  "application/vnd.enliven": ["nml"],
+  "application/vnd.epson.esf": ["esf"],
+  "application/vnd.epson.msf": ["msf"],
+  "application/vnd.epson.quickanime": ["qam"],
+  "application/vnd.epson.salt": ["slt"],
+  "application/vnd.epson.ssf": ["ssf"],
+  "application/vnd.eszigno3+xml": ["es3", "et3"],
+  "application/vnd.ezpix-album": ["ez2"],
+  "application/vnd.ezpix-package": ["ez3"],
+  "application/vnd.fdf": ["fdf"],
+  "application/vnd.fdsn.mseed": ["mseed"],
+  "application/vnd.fdsn.seed": ["seed", "dataless"],
+  "application/vnd.flographit": ["gph"],
+  "application/vnd.fluxtime.clip": ["ftc"],
+  "application/vnd.framemaker": ["fm", "frame", "maker", "book"],
+  "application/vnd.frogans.fnc": ["fnc"],
+  "application/vnd.frogans.ltf": ["ltf"],
+  "application/vnd.fsc.weblaunch": ["fsc"],
+  "application/vnd.fujitsu.oasys": ["oas"],
+  "application/vnd.fujitsu.oasys2": ["oa2"],
+  "application/vnd.fujitsu.oasys3": ["oa3"],
+  "application/vnd.fujitsu.oasysgp": ["fg5"],
+  "application/vnd.fujitsu.oasysprs": ["bh2"],
+  "application/vnd.fujixerox.ddd": ["ddd"],
+  "application/vnd.fujixerox.docuworks": ["xdw"],
+  "application/vnd.fujixerox.docuworks.binder": ["xbd"],
+  "application/vnd.fuzzysheet": ["fzs"],
+  "application/vnd.genomatix.tuxedo": ["txd"],
+  "application/vnd.geogebra.file": ["ggb"],
+  "application/vnd.geogebra.tool": ["ggt"],
+  "application/vnd.geometry-explorer": ["gex", "gre"],
+  "application/vnd.geonext": ["gxt"],
+  "application/vnd.geoplan": ["g2w"],
+  "application/vnd.geospace": ["g3w"],
+  "application/vnd.gmx": ["gmx"],
+  "application/vnd.google-apps.document": ["gdoc"],
+  "application/vnd.google-apps.presentation": ["gslides"],
+  "application/vnd.google-apps.spreadsheet": ["gsheet"],
+  "application/vnd.google-earth.kml+xml": ["kml"],
+  "application/vnd.google-earth.kmz": ["kmz"],
+  "application/vnd.grafeq": ["gqf", "gqs"],
+  "application/vnd.groove-account": ["gac"],
+  "application/vnd.groove-help": ["ghf"],
+  "application/vnd.groove-identity-message": ["gim"],
+  "application/vnd.groove-injector": ["grv"],
+  "application/vnd.groove-tool-message": ["gtm"],
+  "application/vnd.groove-tool-template": ["tpl"],
+  "application/vnd.groove-vcard": ["vcg"],
+  "application/vnd.hal+xml": ["hal"],
+  "application/vnd.handheld-entertainment+xml": ["zmm"],
+  "application/vnd.hbci": ["hbci"],
+  "application/vnd.hhe.lesson-player": ["les"],
+  "application/vnd.hp-hpgl": ["hpgl"],
+  "application/vnd.hp-hpid": ["hpid"],
+  "application/vnd.hp-hps": ["hps"],
+  "application/vnd.hp-jlyt": ["jlt"],
+  "application/vnd.hp-pcl": ["pcl"],
+  "application/vnd.hp-pclxl": ["pclxl"],
+  "application/vnd.hydrostatix.sof-data": ["sfd-hdstx"],
+  "application/vnd.ibm.minipay": ["mpy"],
+  "application/vnd.ibm.modcap": ["afp", "listafp", "list3820"],
+  "application/vnd.ibm.rights-management": ["irm"],
+  "application/vnd.ibm.secure-container": ["sc"],
+  "application/vnd.iccprofile": ["icc", "icm"],
+  "application/vnd.igloader": ["igl"],
+  "application/vnd.immervision-ivp": ["ivp"],
+  "application/vnd.immervision-ivu": ["ivu"],
+  "application/vnd.insors.igm": ["igm"],
+  "application/vnd.intercon.formnet": ["xpw", "xpx"],
+  "application/vnd.intergeo": ["i2g"],
+  "application/vnd.intu.qbo": ["qbo"],
+  "application/vnd.intu.qfx": ["qfx"],
+  "application/vnd.ipunplugged.rcprofile": ["rcprofile"],
+  "application/vnd.irepository.package+xml": ["irp"],
+  "application/vnd.is-xpr": ["xpr"],
+  "application/vnd.isac.fcs": ["fcs"],
+  "application/vnd.jam": ["jam"],
+  "application/vnd.jcp.javame.midlet-rms": ["rms"],
+  "application/vnd.jisp": ["jisp"],
+  "application/vnd.joost.joda-archive": ["joda"],
+  "application/vnd.kahootz": ["ktz", "ktr"],
+  "application/vnd.kde.karbon": ["karbon"],
+  "application/vnd.kde.kchart": ["chrt"],
+  "application/vnd.kde.kformula": ["kfo"],
+  "application/vnd.kde.kivio": ["flw"],
+  "application/vnd.kde.kontour": ["kon"],
+  "application/vnd.kde.kpresenter": ["kpr", "kpt"],
+  "application/vnd.kde.kspread": ["ksp"],
+  "application/vnd.kde.kword": ["kwd", "kwt"],
+  "application/vnd.kenameaapp": ["htke"],
+  "application/vnd.kidspiration": ["kia"],
+  "application/vnd.kinar": ["kne", "knp"],
+  "application/vnd.koan": ["skp", "skd", "skt", "skm"],
+  "application/vnd.kodak-descriptor": ["sse"],
+  "application/vnd.las.las+xml": ["lasxml"],
+  "application/vnd.llamagraphics.life-balance.desktop": ["lbd"],
+  "application/vnd.llamagraphics.life-balance.exchange+xml": ["lbe"],
+  "application/vnd.lotus-1-2-3": ["123"],
+  "application/vnd.lotus-approach": ["apr"],
+  "application/vnd.lotus-freelance": ["pre"],
+  "application/vnd.lotus-notes": ["nsf"],
+  "application/vnd.lotus-organizer": ["org"],
+  "application/vnd.lotus-screencam": ["scm"],
+  "application/vnd.lotus-wordpro": ["lwp"],
+  "application/vnd.macports.portpkg": ["portpkg"],
+  "application/vnd.mcd": ["mcd"],
+  "application/vnd.medcalcdata": ["mc1"],
+  "application/vnd.mediastation.cdkey": ["cdkey"],
+  "application/vnd.mfer": ["mwf"],
+  "application/vnd.mfmp": ["mfm"],
+  "application/vnd.micrografx.flo": ["flo"],
+  "application/vnd.micrografx.igx": ["igx"],
+  "application/vnd.mif": ["mif"],
+  "application/vnd.mobius.daf": ["daf"],
+  "application/vnd.mobius.dis": ["dis"],
+  "application/vnd.mobius.mbk": ["mbk"],
+  "application/vnd.mobius.mqy": ["mqy"],
+  "application/vnd.mobius.msl": ["msl"],
+  "application/vnd.mobius.plc": ["plc"],
+  "application/vnd.mobius.txf": ["txf"],
+  "application/vnd.mophun.application": ["mpn"],
+  "application/vnd.mophun.certificate": ["mpc"],
+  "application/vnd.mozilla.xul+xml": ["xul"],
+  "application/vnd.ms-artgalry": ["cil"],
+  "application/vnd.ms-cab-compressed": ["cab"],
+  "application/vnd.ms-excel": ["xls", "xlm", "xla", "xlc", "xlt", "xlw", "xlb"],
+  "application/vnd.ms-excel.addin.macroenabled.12": ["xlam"],
+  "application/vnd.ms-excel.sheet.binary.macroenabled.12": ["xlsb"],
+  "application/vnd.ms-excel.sheet.macroenabled.12": ["xlsm"],
+  "application/vnd.ms-excel.template.macroenabled.12": ["xltm"],
+  "application/vnd.ms-fontobject": ["eot"],
+  "application/vnd.ms-htmlhelp": ["chm"],
+  "application/vnd.ms-ims": ["ims"],
+  "application/vnd.ms-lrm": ["lrm"],
+  "application/vnd.ms-officetheme": ["thmx"],
+  "application/vnd.ms-outlook": ["msg"],
+  "application/vnd.ms-pki.seccat": ["cat"],
+  "application/vnd.ms-pki.stl": ["stl"],
+  "application/vnd.ms-powerpoint": ["ppt", "pps", "pot", "ppa", "pwz"],
+  "application/vnd.ms-powerpoint.addin.macroenabled.12": ["ppam"],
+  "application/vnd.ms-powerpoint.presentation.macroenabled.12": ["pptm"],
+  "application/vnd.ms-powerpoint.slide.macroenabled.12": ["sldm"],
+  "application/vnd.ms-powerpoint.slideshow.macroenabled.12": ["ppsm"],
+  "application/vnd.ms-powerpoint.template.macroenabled.12": ["potm"],
+  "application/vnd.ms-project": ["mpp", "mpt"],
+  "application/vnd.ms-word.document.macroenabled.12": ["docm"],
+  "application/vnd.ms-word.template.macroenabled.12": ["dotm"],
+  "application/vnd.ms-works": ["wps", "wks", "wcm", "wdb"],
+  "application/vnd.ms-wpl": ["wpl"],
+  "application/vnd.ms-xpsdocument": ["xps"],
+  "application/vnd.mseq": ["mseq"],
+  "application/vnd.musician": ["mus"],
+  "application/vnd.muvee.style": ["msty"],
+  "application/vnd.mynfc": ["taglet"],
+  "application/vnd.neurolanguage.nlu": ["nlu"],
+  "application/vnd.nitf": ["ntf", "nitf"],
+  "application/vnd.noblenet-directory": ["nnd"],
+  "application/vnd.noblenet-sealer": ["nns"],
+  "application/vnd.noblenet-web": ["nnw"],
+  "application/vnd.nokia.n-gage.data": ["ngdat"],
+  "application/vnd.nokia.n-gage.symbian.install": ["n-gage"],
+  "application/vnd.nokia.radio-preset": ["rpst"],
+  "application/vnd.nokia.radio-presets": ["rpss"],
+  "application/vnd.novadigm.edm": ["edm"],
+  "application/vnd.novadigm.edx": ["edx"],
+  "application/vnd.novadigm.ext": ["ext"],
+  "application/vnd.oasis.opendocument.chart": ["odc"],
+  "application/vnd.oasis.opendocument.chart-template": ["otc"],
+  "application/vnd.oasis.opendocument.database": ["odb"],
+  "application/vnd.oasis.opendocument.formula": ["odf"],
+  "application/vnd.oasis.opendocument.formula-template": ["odft"],
+  "application/vnd.oasis.opendocument.graphics": ["odg"],
+  "application/vnd.oasis.opendocument.graphics-template": ["otg"],
+  "application/vnd.oasis.opendocument.image": ["odi"],
+  "application/vnd.oasis.opendocument.image-template": ["oti"],
+  "application/vnd.oasis.opendocument.presentation": ["odp"],
+  "application/vnd.oasis.opendocument.presentation-template": ["otp"],
+  "application/vnd.oasis.opendocument.spreadsheet": ["ods"],
+  "application/vnd.oasis.opendocument.spreadsheet-template": ["ots"],
+  "application/vnd.oasis.opendocument.text": ["odt"],
+  "application/vnd.oasis.opendocument.text-master": ["odm", "otm"],
+  "application/vnd.oasis.opendocument.text-template": ["ott"],
+  "application/vnd.oasis.opendocument.text-web": ["oth"],
+  "application/vnd.olpc-sugar": ["xo"],
+  "application/vnd.oma.dd2+xml": ["dd2"],
+  "application/vnd.openofficeorg.extension": ["oxt"],
+  "application/vnd.openxmlformats-officedocument.presentationml.presentation": ["pptx"],
+  "application/vnd.openxmlformats-officedocument.presentationml.slide": ["sldx"],
+  "application/vnd.openxmlformats-officedocument.presentationml.slideshow": ["ppsx"],
+  "application/vnd.openxmlformats-officedocument.presentationml.template": ["potx"],
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": ["xlsx"],
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.template": ["xltx"],
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.document": ["docx"],
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.template": ["dotx"],
+  "application/vnd.osgeo.mapguide.package": ["mgp"],
+  "application/vnd.osgi.dp": ["dp"],
+  "application/vnd.osgi.subsystem": ["esa"],
+  "application/vnd.palm": ["pdb", "pqa", "oprc"],
+  "application/vnd.pawaafile": ["paw"],
+  "application/vnd.pg.format": ["str"],
+  "application/vnd.pg.osasli": ["ei6"],
+  "application/vnd.picsel": ["efif"],
+  "application/vnd.pmi.widget": ["wg"],
+  "application/vnd.pocketlearn": ["plf"],
+  "application/vnd.powerbuilder6": ["pbd"],
+  "application/vnd.previewsystems.box": ["box"],
+  "application/vnd.proteus.magazine": ["mgz"],
+  "application/vnd.publishare-delta-tree": ["qps"],
+  "application/vnd.pvi.ptid1": ["ptid"],
+  "application/vnd.quark.quarkxpress": ["qxd", "qxt", "qwd", "qwt", "qxl", "qxb"],
+  "application/vnd.realvnc.bed": ["bed"],
+  "application/vnd.recordare.musicxml": ["mxl"],
+  "application/vnd.recordare.musicxml+xml": ["musicxml"],
+  "application/vnd.rig.cryptonote": ["cryptonote"],
+  "application/vnd.rim.cod": ["cod"],
+  "application/vnd.rn-realmedia": ["rm"],
+  "application/vnd.rn-realmedia-vbr": ["rmvb"],
+  "application/vnd.route66.link66+xml": ["link66"],
+  "application/vnd.sailingtracker.track": ["st"],
+  "application/vnd.seemail": ["see"],
+  "application/vnd.sema": ["sema"],
+  "application/vnd.semd": ["semd"],
+  "application/vnd.semf": ["semf"],
+  "application/vnd.shana.informed.formdata": ["ifm"],
+  "application/vnd.shana.informed.formtemplate": ["itp"],
+  "application/vnd.shana.informed.interchange": ["iif"],
+  "application/vnd.shana.informed.package": ["ipk"],
+  "application/vnd.simtech-mindmapper": ["twd", "twds"],
+  "application/vnd.smaf": ["mmf"],
+  "application/vnd.smart.teacher": ["teacher"],
+  "application/vnd.solent.sdkm+xml": ["sdkm", "sdkd"],
+  "application/vnd.spotfire.dxp": ["dxp"],
+  "application/vnd.spotfire.sfs": ["sfs"],
+  "application/vnd.sqlite3": ["db", "sqlite", "sqlite3", "db-wal", "sqlite-wal", "db-shm", "sqlite-shm"],
+  "application/vnd.stardivision.calc": ["sdc"],
+  "application/vnd.stardivision.draw": ["sda"],
+  "application/vnd.stardivision.impress": ["sdd"],
+  "application/vnd.stardivision.math": ["smf"],
+  "application/vnd.stardivision.writer": ["sdw", "vor"],
+  "application/vnd.stardivision.writer-global": ["sgl"],
+  "application/vnd.stepmania.package": ["smzip"],
+  "application/vnd.stepmania.stepchart": ["sm"],
+  "application/vnd.sun.wadl+xml": ["wadl"],
+  "application/vnd.sun.xml.calc": ["sxc"],
+  "application/vnd.sun.xml.calc.template": ["stc"],
+  "application/vnd.sun.xml.draw": ["sxd"],
+  "application/vnd.sun.xml.draw.template": ["std"],
+  "application/vnd.sun.xml.impress": ["sxi"],
+  "application/vnd.sun.xml.impress.template": ["sti"],
+  "application/vnd.sun.xml.math": ["sxm"],
+  "application/vnd.sun.xml.writer": ["sxw"],
+  "application/vnd.sun.xml.writer.global": ["sxg"],
+  "application/vnd.sun.xml.writer.template": ["stw"],
+  "application/vnd.sus-calendar": ["sus", "susp"],
+  "application/vnd.svd": ["svd"],
+  "application/vnd.symbian.install": ["sis", "sisx"],
+  "application/vnd.syncml+xml": ["xsm"],
+  "application/vnd.syncml.dm+wbxml": ["bdm"],
+  "application/vnd.syncml.dm+xml": ["xdm"],
+  "application/vnd.tao.intent-module-archive": ["tao"],
+  "application/vnd.tcpdump.pcap": ["pcap", "cap", "dmp"],
+  "application/vnd.tmobile-livetv": ["tmo"],
+  "application/vnd.trid.tpt": ["tpt"],
+  "application/vnd.triscape.mxs": ["mxs"],
+  "application/vnd.trueapp": ["tra"],
+  "application/vnd.ufdl": ["ufd", "ufdl"],
+  "application/vnd.uiq.theme": ["utz"],
+  "application/vnd.umajin": ["umj"],
+  "application/vnd.unity": ["unityweb"],
+  "application/vnd.uoml+xml": ["uoml"],
+  "application/vnd.vcx": ["vcx"],
+  "application/vnd.visio": ["vsd", "vst", "vss", "vsw", "vsdx", "vssx", "vstx", "vssm", "vstm"],
+  "application/vnd.visionary": ["vis"],
+  "application/vnd.vsf": ["vsf"],
+  "application/vnd.wap.sic": ["sic"],
+  "application/vnd.wap.slc": ["slc"],
+  "application/vnd.wap.wbxml": ["wbxml"],
+  "application/vnd.wap.wmlc": ["wmlc"],
+  "application/vnd.wap.wmlscriptc": ["wmlsc"],
+  "application/vnd.webturbo": ["wtb"],
+  "application/vnd.wolfram.player": ["nbp"],
+  "application/vnd.wordperfect": ["wpd"],
+  "application/vnd.wqd": ["wqd"],
+  "application/vnd.wt.stf": ["stf"],
+  "application/vnd.xara": ["xar"],
+  "application/vnd.xfdl": ["xfdl"],
+  "application/vnd.yamaha.hv-dic": ["hvd"],
+  "application/vnd.yamaha.hv-script": ["hvs"],
+  "application/vnd.yamaha.hv-voice": ["hvp"],
+  "application/vnd.yamaha.openscoreformat": ["osf"],
+  "application/vnd.yamaha.openscoreformat.osfpvg+xml": ["osfpvg"],
+  "application/vnd.yamaha.smaf-audio": ["saf"],
+  "application/vnd.yamaha.smaf-phrase": ["spf"],
+  "application/vnd.yellowriver-custom-menu": ["cmp"],
+  "application/vnd.zul": ["zir", "zirz"],
+  "application/vnd.zzazz.deck+xml": ["zaz"],
+  "application/voicexml+xml": ["vxml"],
+  "application/wasm": ["wasm"],
+  "application/widget": ["wgt"],
+  "application/winhlp": ["hlp"],
+  "application/wsdl+xml": ["wsdl"],
+  "application/wspolicy+xml": ["wspolicy"],
+  "application/x-7z-compressed": ["7z"],
+  "application/x-abiword": ["abw", "zabw", "abw.gz"],
+  "application/x-ace-compressed": ["ace"],
+  "application/x-apple-diskimage": [],
+  "application/x-arj": ["arj"],
+  "application/x-authorware-bin": ["aab", "x32", "u32", "vox"],
+  "application/x-authorware-map": ["aam"],
+  "application/x-authorware-seg": ["aas"],
+  "application/x-bcpio": ["bcpio"],
+  "application/x-bdoc": [],
+  "application/x-bittorrent": ["torrent"],
+  "application/x-blorb": ["blb", "blorb"],
+  "application/x-bzip": ["bz"],
+  "application/x-bzip2": ["bz2", "boz"],
+  "application/x-cbr": ["cbr", "cba", "cbt", "cbz", "cb7"],
+  "application/x-cdlink": ["vcd"],
+  "application/x-cfs-compressed": ["cfs"],
+  "application/x-chat": ["chat"],
+  "application/x-chess-pgn": ["pgn"],
+  "application/x-chrome-extension": ["crx"],
+  "application/x-cocoa": ["cco"],
+  "application/x-conference": ["nsc"],
+  "application/x-cpio": ["cpio"],
+  "application/x-csh": ["csh"],
+  "application/x-debian-package": ["udeb"],
+  "application/x-dgc-compressed": ["dgc"],
+  "application/x-director": ["dir", "dcr", "dxr", "cst", "cct", "cxt", "w3d", "fgd", "swa"],
+  "application/x-doom": ["wad"],
+  "application/x-dtbncx+xml": ["ncx"],
+  "application/x-dtbook+xml": ["dtb"],
+  "application/x-dtbresource+xml": ["res"],
+  "application/x-dvi": ["dvi"],
+  "application/x-envoy": ["evy"],
+  "application/x-eva": ["eva"],
+  "application/x-font-bdf": ["bdf"],
+  "application/x-font-ghostscript": ["gsf"],
+  "application/x-font-linux-psf": ["psf"],
+  "application/x-font-pcf": ["pcf"],
+  "application/x-font-snf": ["snf"],
+  "application/x-font-type1": ["pfa", "pfb", "pfm", "afm"],
+  "application/x-freearc": ["arc"],
+  "application/x-futuresplash": ["spl"],
+  "application/x-gca-compressed": ["gca"],
+  "application/x-glulx": ["ulx"],
+  "application/x-gnumeric": ["gnumeric"],
+  "application/x-gramps-xml": ["gramps"],
+  "application/x-gtar": ["gtar"],
+  "application/x-gzip": ["tgz"],
+  "application/x-hdf": ["hdf"],
+  "application/x-httpd-php": ["php"],
+  "application/x-install-instructions": ["install"],
+  "application/x-iso9660-image": ["isoimg", "cdr"],
+  "application/x-java-archive-diff": ["jardiff"],
+  "application/x-java-jnlp-file": ["jnlp"],
+  "application/x-killustrator": ["kil"],
+  "application/x-krita": ["kra", "krz"],
+  "application/x-latex": ["latex"],
+  "application/x-lua-bytecode": ["luac"],
+  "application/x-lzh-compressed": ["lzh", "lha"],
+  "application/x-makeself": ["run"],
+  "application/x-mie": ["mie"],
+  "application/x-mobipocket-ebook": ["prc", "mobi"],
+  "application/x-ms-application": ["application"],
+  "application/x-ms-shortcut": ["lnk"],
+  "application/x-ms-wmd": ["wmd"],
+  "application/x-ms-wmz": ["wmz"],
+  "application/x-ms-xbap": ["xbap"],
+  "application/x-msaccess": ["mdb"],
+  "application/x-msbinder": ["obd"],
+  "application/x-mscardfile": ["crd"],
+  "application/x-msclip": ["clp"],
+  "application/x-msdos-program": [],
+  "application/x-msdownload": ["com", "bat"],
+  "application/x-msmediaview": ["mvb", "m13", "m14"],
+  "application/x-msmetafile": ["wmf", "emf", "emz"],
+  "application/x-msmoney": ["mny"],
+  "application/x-mspublisher": ["pub"],
+  "application/x-msschedule": ["scd"],
+  "application/x-msterminal": ["trm"],
+  "application/x-mswrite": ["wri"],
+  "application/x-netcdf": ["nc", "cdf"],
+  "application/x-ns-proxy-autoconfig": ["pac"],
+  "application/x-nzb": ["nzb"],
+  "application/x-perl": ["pl", "pm"],
+  "application/x-pilot": [],
+  "application/x-pkcs12": ["p12", "pfx"],
+  "application/x-pkcs7-certificates": ["p7b", "spc"],
+  "application/x-pkcs7-certreqresp": ["p7r"],
+  "application/x-rar-compressed": ["rar"],
+  "application/x-redhat-package-manager": ["rpm", "rpa"],
+  "application/x-research-info-systems": ["ris"],
+  "application/x-sea": ["sea"],
+  "application/x-sh": ["sh"],
+  "application/x-shar": ["shar"],
+  "application/x-shockwave-flash": ["swf"],
+  "application/x-silverlight-app": ["xap"],
+  "application/x-sql": ["sql"],
+  "application/x-stuffit": ["sit"],
+  "application/x-stuffitx": ["sitx"],
+  "application/x-subrip": ["srt"],
+  "application/x-sv4cpio": ["sv4cpio"],
+  "application/x-sv4crc": ["sv4crc"],
+  "application/x-t3vm-image": ["t3"],
+  "application/x-tads": ["gam"],
+  "application/x-tar": ["tar"],
+  "application/x-tcl": ["tcl", "tk"],
+  "application/x-tex": ["tex"],
+  "application/x-tex-tfm": ["tfm"],
+  "application/x-texinfo": ["texinfo", "texi"],
+  "application/x-tgif": ["obj"],
+  "application/x-ustar": ["ustar"],
+  "application/x-virtualbox-hdd": ["hdd"],
+  "application/x-virtualbox-ova": ["ova"],
+  "application/x-virtualbox-ovf": ["ovf"],
+  "application/x-virtualbox-vbox": ["vbox"],
+  "application/x-virtualbox-vbox-extpack": ["vbox-extpack"],
+  "application/x-virtualbox-vdi": ["vdi"],
+  "application/x-virtualbox-vhd": ["vhd"],
+  "application/x-virtualbox-vmdk": ["vmdk"],
+  "application/x-wais-source": ["src"],
+  "application/x-web-app-manifest+json": ["webapp"],
+  "application/x-x509-ca-cert": ["der", "crt", "pem"],
+  "application/x-xfig": ["fig"],
+  "application/x-xliff+xml": ["xlf"],
+  "application/x-xpinstall": ["xpi"],
+  "application/x-xz": ["xz"],
+  "application/x-zmachine": ["z1", "z2", "z3", "z4", "z5", "z6", "z7", "z8"],
+  "application/xaml+xml": ["xaml"],
+  "application/xcap-diff+xml": ["xdf"],
+  "application/xenc+xml": ["xenc"],
+  "application/xhtml+xml": ["xhtml", "xht"],
+  "application/xml": ["xml", "xsl", "xsd", "rng", "xpdl"],
+  "application/xml-dtd": ["dtd"],
+  "application/xop+xml": ["xop"],
+  "application/xproc+xml": ["xpl"],
+  "application/xslt+xml": ["xslt"],
+  "application/xspf+xml": ["xspf"],
+  "application/xv+xml": ["mxml", "xhvml", "xvml", "xvm"],
+  "application/yang": ["yang"],
+  "application/yin+xml": ["yin"],
+  "application/zip": ["zip"],
+  "audio/3gpp": [],
+  "audio/aacp": ["aacp"],
+  "audio/adpcm": ["adp"],
+  "audio/aiff": ["aff"],
+  "audio/basic": ["au", "snd"],
+  "audio/midi": ["mid", "midi", "kar", "rmi"],
+  "audio/mp3": [],
+  "audio/mp4": ["m4a", "mp4a", "m4b", "m4r", "3ga", "3gpa", "3gpp2", "3gp2"],
+  "audio/mpeg": ["mpga", "mp2", "mp2a", "mp3", "m2a", "m3a"],
+  "audio/ogg": ["oga", "ogg", "spx"],
+  "audio/opus": ["opus"],
+  "audio/s3m": ["s3m"],
+  "audio/silk": ["sil"],
+  "audio/vnd.dece.audio": ["uva", "uvva"],
+  "audio/vnd.digital-winds": ["eol"],
+  "audio/vnd.dra": ["dra"],
+  "audio/vnd.dts": ["dts"],
+  "audio/vnd.dts.hd": ["dtshd"],
+  "audio/vnd.lucent.voice": ["lvp"],
+  "audio/vnd.ms-playready.media.pya": ["pya"],
+  "audio/vnd.nuera.ecelp4800": ["ecelp4800"],
+  "audio/vnd.nuera.ecelp7470": ["ecelp7470"],
+  "audio/vnd.nuera.ecelp9600": ["ecelp9600"],
+  "audio/vnd.rip": ["rip"],
+  "audio/wav": ["wav"],
+  "audio/wave": [],
+  "audio/webm": ["weba"],
+  "audio/x-aac": ["aac"],
+  "audio/x-aiff": ["aif", "aiff", "aifc"],
+  "audio/x-caf": ["caf"],
+  "audio/x-flac": ["flac"],
+  "audio/x-m4a": [],
+  "audio/x-matroska": ["mka"],
+  "audio/x-mpegurl": ["m3u"],
+  "audio/x-ms-wax": ["wax"],
+  "audio/x-ms-wma": ["wma"],
+  "audio/x-pn-realaudio": ["ram", "ra"],
+  "audio/x-pn-realaudio-plugin": ["rmp"],
+  "audio/x-realaudio": [],
+  "audio/x-wav": [],
+  "audio/xm": ["xm"],
+  "chemical/x-cdx": ["cdx"],
+  "chemical/x-cif": ["cif"],
+  "chemical/x-cmdf": ["cmdf"],
+  "chemical/x-cml": ["cml"],
+  "chemical/x-csml": ["csml"],
+  "chemical/x-xyz": ["xyz"],
+  "font/collection": ["ttc"],
+  "font/otf": ["otf"],
+  "font/ttf": ["ttf"],
+  "font/woff": ["woff"],
+  "font/woff2": ["woff2"],
+  gcode: ["gcode"],
+  "image/apng": ["apng"],
+  "image/avif": ["avif"],
+  "image/avif-sequence": ["avifs"],
+  "image/bmp": ["bmp"],
+  "image/cgm": ["cgm"],
+  "image/g3fax": ["g3"],
+  "image/gif": ["gif"],
+  "image/heic": ["heif", "heic"],
+  "image/ief": ["ief"],
+  "image/jp2": ["jp2", "jpg2"],
+  "image/jpeg": ["jpeg", "jpg", "jpe", "pjpg", "jfif", "jfif-tbnl", "jif"],
+  "image/jpm": ["jpm"],
+  "image/jpx": ["jpx", "jpf"],
+  "image/ktx": ["ktx"],
+  "image/pjpeg": ["jfi"],
+  "image/png": ["png"],
+  "image/prs.btif": ["btif"],
+  "image/sgi": ["sgi"],
+  "image/svg+xml": ["svg", "svgz"],
+  "image/tiff": ["tiff", "tif"],
+  "image/vnd.adobe.photoshop": ["psd"],
+  "image/vnd.dece.graphic": ["uvi", "uvvi", "uvg", "uvvg"],
+  "image/vnd.djvu": ["djvu", "djv"],
+  "image/vnd.dvb.subtitle": [],
+  "image/vnd.dwg": ["dwg"],
+  "image/vnd.dxf": ["dxf"],
+  "image/vnd.fastbidsheet": ["fbs"],
+  "image/vnd.fpx": ["fpx"],
+  "image/vnd.fst": ["fst"],
+  "image/vnd.fujixerox.edmics-mmr": ["mmr"],
+  "image/vnd.fujixerox.edmics-rlc": ["rlc"],
+  "image/vnd.ms-modi": ["mdi"],
+  "image/vnd.ms-photo": ["wdp"],
+  "image/vnd.net-fpx": ["npx"],
+  "image/vnd.wap.wbmp": ["wbmp"],
+  "image/vnd.xiff": ["xif"],
+  "image/webp": ["webp"],
+  "image/x-3ds": ["3ds"],
+  "image/x-adobe-dng": ["dng"],
+  "image/x-canon-cr2": ["cr2"],
+  "image/x-canon-crw": ["crw"],
+  "image/x-cmu-raster": ["ras"],
+  "image/x-cmx": ["cmx"],
+  "image/x-epson-erf": ["erf"],
+  "image/x-freehand": ["fh", "fhc", "fh4", "fh5", "fh7"],
+  "image/x-fuji-raf": ["raf"],
+  "image/x-icns": ["icns"],
+  "image/x-icon": ["ico"],
+  "image/x-jng": ["jng"],
+  "image/x-kodak-k25": ["k25"],
+  "image/x-kodak-kdc": ["kdc"],
+  "image/x-minolta-mrw": ["mrw"],
+  "image/x-mrsid-image": ["sid"],
+  "image/x-ms-bmp": [],
+  "image/x-nikon-nef": ["nef"],
+  "image/x-olympus-orf": ["orf"],
+  "image/x-panasonic-raw": ["raw", "rw2", "rwl"],
+  "image/x-pcx": ["pcx"],
+  "image/x-pentax-pef": ["pef", "ptx"],
+  "image/x-pict": ["pic", "pct"],
+  "image/x-portable-anymap": ["pnm"],
+  "image/x-portable-bitmap": ["pbm"],
+  "image/x-portable-graymap": ["pgm"],
+  "image/x-portable-pixmap": ["ppm"],
+  "image/x-rgb": ["rgb"],
+  "image/x-sigma-x3f": ["x3f"],
+  "image/x-sony-arw": ["arw"],
+  "image/x-sony-sr2": ["sr2"],
+  "image/x-sony-srf": ["srf"],
+  "image/x-tga": ["tga"],
+  "image/x-xbitmap": ["xbm"],
+  "image/x-xpixmap": ["xpm"],
+  "image/x-xwindowdump": ["xwd"],
+  "message/rfc822": ["eml", "mime", "mht", "mhtml", "nws"],
+  "model/gltf+json": ["gltf"],
+  "model/gltf-binary": ["glb"],
+  "model/iges": ["igs", "iges"],
+  "model/mesh": ["msh", "mesh", "silo"],
+  "model/vnd.collada+xml": ["dae"],
+  "model/vnd.dwf": ["dwf"],
+  "model/vnd.gdl": ["gdl"],
+  "model/vnd.gtw": ["gtw"],
+  "model/vnd.mts": ["mts"],
+  "model/vnd.vtu": ["vtu"],
+  "model/vrml": ["wrl", "vrml"],
+  "model/x3d+binary": ["x3db", "x3dbz"],
+  "model/x3d+vrml": ["x3dv", "x3dvz"],
+  "model/x3d+xml": ["x3d", "x3dz"],
+  "test/mimetype": ["test"],
+  "text/cache-manifest": ["appcache", "manifest"],
+  "text/calendar": ["ics", "ifb"],
+  "text/coffeescript": ["coffee", "litcoffee"],
+  "text/css": ["css"],
+  "text/csv": ["csv"],
+  "text/hjson": ["hjson"],
+  "text/html": ["html", "htm", "shtml"],
+  "text/jade": ["jade"],
+  "text/jsx": ["jsx"],
+  "text/less": ["less"],
+  "text/markdown": ["markdown", "md", "mdown", "markdn"],
+  "text/mathml": ["mml"],
+  "text/n3": ["n3"],
+  "text/plain": ["txt", "text", "conf", "def", "list", "log", "in", "ini", "diff", "ksh"],
+  "text/prs.lines.tag": ["dsc"],
+  "text/richtext": ["rtx"],
+  "text/rtf": [],
+  "text/sgml": ["sgml", "sgm"],
+  "text/slim": ["slim", "slm"],
+  "text/stylus": ["stylus", "styl"],
+  "text/tab-separated-values": ["tsv"],
+  "text/troff": ["t", "tr", "roff", "man", "me", "ms"],
+  "text/turtle": ["ttl"],
+  "text/uri-list": ["uri", "uris", "urls"],
+  "text/vcard": ["vcard"],
+  "text/vnd.curl": ["curl"],
+  "text/vnd.curl.dcurl": ["dcurl"],
+  "text/vnd.curl.mcurl": ["mcurl"],
+  "text/vnd.curl.scurl": ["scurl"],
+  "text/vnd.dvb.subtitle": ["sub"],
+  "text/vnd.fly": ["fly"],
+  "text/vnd.fmi.flexstor": ["flx"],
+  "text/vnd.graphviz": ["gv"],
+  "text/vnd.in3d.3dml": ["3dml"],
+  "text/vnd.in3d.spot": ["spot"],
+  "text/vnd.sun.j2me.app-descriptor": ["jad"],
+  "text/vnd.wap.si": ["si"],
+  "text/vnd.wap.sl": ["sl"],
+  "text/vnd.wap.wml": ["wml"],
+  "text/vnd.wap.wmlscript": ["wmls"],
+  "text/vtt": ["vtt"],
+  "text/x-asm": ["s", "asm"],
+  "text/x-c": ["c", "cc", "cxx", "cpp", "h", "hh", "dic"],
+  "text/x-component": ["htc"],
+  "text/x-fortran": ["f", "for", "f77", "f90"],
+  "text/x-handlebars-template": ["hbs"],
+  "text/x-java-source": ["java"],
+  "text/x-lua": ["lua"],
+  "text/x-markdown": ["mkd"],
+  "text/x-nfo": ["nfo"],
+  "text/x-opml": ["opml"],
+  "text/x-org": [],
+  "text/x-pascal": ["p", "pas", "pp", "inc"],
+  "text/x-processing": ["pde"],
+  "text/x-python": ["py", "pyc", "pyo", "pyd", "whl"],
+  "text/x-sass": ["sass"],
+  "text/x-scss": ["scss"],
+  "text/x-setext": ["etx"],
+  "text/x-sfv": ["sfv"],
+  "text/x-suse-ymp": ["ymp"],
+  "text/x-uuencode": ["uu"],
+  "text/x-vcalendar": ["vcs"],
+  "text/x-vcard": ["vcf"],
+  "text/xml": [],
+  "text/yaml": ["yaml", "yml"],
+  "video/3gpp": ["3gp", "3gpp"],
+  "video/3gpp2": ["3g2"],
+  "video/h261": ["h261"],
+  "video/h263": ["h263"],
+  "video/h264": ["h264"],
+  "video/jpeg": ["jpgv"],
+  "video/jpm": ["jpgm"],
+  "video/mj2": ["mj2", "mjp2"],
+  "video/mp2t": ["ts"],
+  "video/mp4": ["mp4", "mp4v", "mpg4"],
+  "video/mpeg": ["mpeg", "mpg", "mpe", "m1v", "m2v", "mpa"],
+  "video/ogg": ["ogv"],
+  "video/quicktime": ["qt", "mov"],
+  "video/vnd.dece.hd": ["uvh", "uvvh"],
+  "video/vnd.dece.mobile": ["uvm", "uvvm"],
+  "video/vnd.dece.pd": ["uvp", "uvvp"],
+  "video/vnd.dece.sd": ["uvs", "uvvs"],
+  "video/vnd.dece.video": ["uvv", "uvvv"],
+  "video/vnd.dvb.file": ["dvb"],
+  "video/vnd.fvt": ["fvt"],
+  "video/vnd.mpegurl": ["mxu", "m4u"],
+  "video/vnd.ms-playready.media.pyv": ["pyv"],
+  "video/vnd.uvvu.mp4": ["uvu", "uvvu"],
+  "video/vnd.vivo": ["viv"],
+  "video/webm": ["webm"],
+  "video/x-f4v": ["f4v"],
+  "video/x-fli": ["fli"],
+  "video/x-flv": ["flv"],
+  "video/x-m4v": ["m4v"],
+  "video/x-matroska": ["mkv", "mk3d", "mks"],
+  "video/x-mng": ["mng"],
+  "video/x-ms-asf": ["asf", "asx"],
+  "video/x-ms-vob": ["vob"],
+  "video/x-ms-wm": ["wm"],
+  "video/x-ms-wmv": ["wmv"],
+  "video/x-ms-wmx": ["wmx"],
+  "video/x-ms-wvx": ["wvx"],
+  "video/x-msvideo": ["avi"],
+  "video/x-sgi-movie": ["movie"],
+  "video/x-smv": ["smv"],
+  "x-conference/x-cooltalk": ["ice"]
+};
+
+// src/static.ts
+var mime_types = /* @__PURE__ */ new Map();
+var mime_extensions = /* @__PURE__ */ new Map();
+function mime_define(map) {
+  for (const type in map) {
+    const exts = map[type];
+    for (const ext of exts)
+      mime_types.set(ext, type);
+    if (!mime_extensions.has(type))
+      mime_extensions.set(type, exts[0]);
+  }
+}
+var mime = {
+  lookup: (path2, fallback = null) => mime_types.get(path2.replace(/^.*[./\\]/, "").toLowerCase()) ?? fallback ?? "application/octet-stream",
+  charsets: (mimeType) => /^text\/|^application\/(javascript|json)/.test(mimeType) ? "UTF-8" : null
+};
+mime_define(mimetypes_default);
+var UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/;
+var CONTROL_CHAR_REGEXP = /[\x00-\x1f]/;
+var DEFAULT_OPTIONS = {
+  headers: {
+    "Content-Security-Policy": "default-src 'self'",
+    "X-Content-Type-Options": "nosniff"
+  },
+  fallthrough: false,
+  maxage: 0,
+  immutable: false,
+  etag: true,
+  lastModified: true,
+  contentType: null,
+  dotfiles: "hide",
+  redirect: true,
+  indexOf: false
+};
+var HTTP = {
+  /** 304 Not Modified — sent for conditional GET cache hits. */
+  NOT_MODIFIED: (res, opts) => {
+    res.status(304, opts.headers).end();
+  },
+  /** 400 Bad Request — sent when the URL path contains malformed percent-encoding. */
+  BAD_REQUEST: (res, opts) => res.status(400, opts.headers).send("Bad Request"),
+  /** 403 Forbidden — sent for denied dot-files or path traversal attempts. */
+  FORBIDDEN: (res, opts) => res.status(403, opts.headers).send("Forbidden"),
+  /** 404 Not Found — sent when the requested file does not exist. */
+  NOT_FOUND: (res, opts) => res.status(404, opts.headers).send("Not Found"),
+  /**
+   * 405 Method Not Allowed — sent when the HTTP method is neither GET nor
+   * HEAD and {@link ResolvedOptions.fallthrough} is `false`.
+   * Always includes an `Allow: GET, HEAD` header per RFC 7231 §6.5.5.
+   */
+  NOT_ALLOWED: (res, opts) => {
+    res.status(405, { ...opts.headers, Allow: "GET, HEAD" }).end();
+  },
+  /** 412 Precondition Failed — sent when `If-Match` / `If-Unmodified-Since` fails. */
+  PRECONDITION_FAILS: (res, opts) => res.status(412, opts.headers).send("Precondition Failed"),
+  /** 500 Internal Server Error — sent on unexpected filesystem or stream errors. */
+  INTERNAL_ERROR: (res, opts, err) => res.status(500, opts.headers).send(`Internal error: ${err}`)
+};
+function destroyReadStream(stream) {
+  stream.destroy();
+  if (typeof stream.close === "function") {
+    stream.on("open", () => {
+      if (typeof stream.fd === "number")
+        stream.close();
+    });
+  }
+}
+function removeContentHeaders(res) {
+  const keys = Object.keys(res.getHeaders() ?? {});
+  for (const key of keys) {
+    if (key.startsWith("content-") && key !== "content-location")
+      res.removeHeader(key);
+  }
+}
+function createETag(stat) {
+  const mtime = stat.mtime.getTime().toString(16);
+  const size = stat.size.toString(16);
+  return `W/"${size}-${mtime}"`;
+}
+function parseTokenList(str) {
+  const list = [];
+  let start = 0;
+  let end = 0;
+  for (let i = 0, len = str.length; i < len; i++) {
+    const ch = str.charCodeAt(i);
+    if (ch === 32) {
+      if (start === end) start = end = i + 1;
+    } else if (ch === 44) {
+      list.push(str.substring(start, end));
+      start = end = i + 1;
+    } else {
+      end = i + 1;
+    }
+  }
+  list.push(str.substring(start, end));
+  return list;
+}
+function parseHttpDate(date) {
+  const timestamp = date ? Date.parse(date) : NaN;
+  return typeof timestamp === "number" ? timestamp : NaN;
+}
+function htmlEscape(str) {
+  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+function encodePath(urlPath) {
+  return urlPath.split("/").map((s) => encodeURIComponent(s)).join("/");
+}
+function conditionMatch(reqHeaders, resHeaders) {
+  const match = reqHeaders["if-match"];
+  if (match) {
+    const etag = resHeaders.etag;
+    if (match === "*" || match === etag) return true;
+    for (const tag of parseTokenList(match)) {
+      if (tag === etag || `W/${tag}` === etag || tag === `W/${etag}`)
+        return true;
+    }
+    return false;
+  }
+  const lastModified = parseHttpDate(resHeaders["last-modified"]);
+  const unmodifiedSince = parseHttpDate(reqHeaders["if-unmodified-since"]);
+  if (!isNaN(unmodifiedSince) && !isNaN(lastModified))
+    return lastModified <= unmodifiedSince;
+  return false;
+}
+function isCacheFresh(reqHeaders, resHeaders) {
+  const CACHE_CONTROL_NO_CACHE_REGEXP = /(?:^|,)\s*?no-cache\s*?(?:,|$)/;
+  const modifiedSince = reqHeaders["if-modified-since"];
+  const noneMatch = reqHeaders["if-none-match"];
+  if (!modifiedSince && !noneMatch) return false;
+  const cacheControl2 = reqHeaders["cache-control"];
+  if (cacheControl2 && CACHE_CONTROL_NO_CACHE_REGEXP.test(cacheControl2))
+    return false;
+  if (noneMatch && noneMatch !== "*") {
+    const etag = resHeaders.etag;
+    if (!etag) return false;
+    let etagStale = true;
+    for (const match of parseTokenList(noneMatch)) {
+      if (match === etag || `W/${match}` === etag || match === `W/${etag}`) {
+        etagStale = false;
+        break;
+      }
+    }
+    if (etagStale) return false;
+  }
+  if (modifiedSince) {
+    const lastModified = resHeaders["last-modified"];
+    if (!lastModified) return false;
+    if (!(parseHttpDate(lastModified) <= parseHttpDate(modifiedSince)))
+      return false;
+  }
+  return true;
+}
+function resolveOptions(root, options) {
+  if (!root)
+    throw new TypeError("root path required");
+  if (typeof root !== "string")
+    throw new TypeError("root path must be a string");
+  const mergedHeaders = { ...DEFAULT_OPTIONS.headers, ...options?.headers ?? {} };
+  const opts = { ...DEFAULT_OPTIONS, ...options, headers: mergedHeaders };
+  opts.fallthrough = options?.fallthrough !== false;
+  opts.redirect = options?.redirect !== false;
+  opts.maxage = options?.maxage ?? options?.maxAge ?? 0;
+  opts.root = import_path.default.resolve(root);
+  return opts;
+}
+function writeIndexOf(urlPath, directoryPath, parentUrlPath, queryString, callback) {
+  import_fs.default.readdir(directoryPath, (err, files) => {
+    if (err) return callback(null, err);
+    const params = new URLSearchParams(queryString.replace(/;/g, "&"));
+    const rawCol = params.get("C") ?? "N";
+    const rawOrd = params.get("O") ?? "A";
+    const col = ["N", "M", "S"].includes(rawCol) ? rawCol : "N";
+    const ord = rawOrd === "D" ? "D" : "A";
+    const entries = [];
+    for (const file of files) {
+      const fullPath = import_path.default.join(directoryPath, file);
+      let stat;
+      try {
+        stat = import_fs.default.statSync(fullPath);
+      } catch {
+        continue;
+      }
+      entries.push({ file, stat, isDir: stat.isDirectory() });
+    }
+    const sign = ord === "A" ? 1 : -1;
+    entries.sort((a, b) => {
+      if (a.isDir !== b.isDir) return a.isDir ? -1 : 1;
+      let cmp = 0;
+      if (col === "N") cmp = a.file.localeCompare(b.file);
+      else if (col === "M") cmp = a.stat.mtime.getTime() - b.stat.mtime.getTime();
+      else if (col === "S") cmp = (a.isDir ? 0 : a.stat.size) - (b.isDir ? 0 : b.stat.size);
+      return cmp * sign;
+    });
+    function thLink(c, label) {
+      const nextOrd = c === col && ord === "A" ? "D" : "A";
+      return `<a href="?C=${c};O=${nextOrd}">${label}</a>`;
+    }
+    let html = '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">\n';
+    html += "<html>\n";
+    html += `<head><title>Index of ${htmlEscape(urlPath)}</title></head>
+`;
+    html += `<body><h1>Index of ${htmlEscape(urlPath)}</h1><table>
+`;
+    html += `<tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th>${thLink("N", "Name")}</th><th>${thLink("M", "Last modified")}</th><th>${thLink("S", "Size")}</th><th><a href="?C=D;O=A">Description</a></th></tr>
+`;
+    html += '<tr><th colspan="5"><hr></th></tr>\n';
+    if (parentUrlPath)
+      html += `<tr><td valign="top"><img src="/icons/back.gif" alt="[PARENTDIR]"></td><td><a href="${encodePath(parentUrlPath)}">Parent Directory</a></td><td>&nbsp;</td><td align="right">  - </td><td>&nbsp;</td></tr>
+`;
+    for (const { file, stat, isDir } of entries) {
+      const fullPath = import_path.default.join(directoryPath, file);
+      const mimeType = mime.lookup(fullPath, "");
+      const mediaType = mimeType.includes("/") ? mimeType.split("/")[0] : "";
+      const alt = isDir ? "folder" : mediaType || "unknown";
+      const icon = `/icons/${alt}.gif`;
+      const name = file + (isDir ? "/" : "");
+      const hrefName = encodeURIComponent(file) + (isDir ? "/" : "");
+      const displayName = htmlEscape(name);
+      const modified = stat.mtime.toUTCString();
+      const size = isDir ? "-" : String(stat.size);
+      html += `<tr><td valign="top"><img src="${icon}" alt="[${alt.toUpperCase()}]"></td><td><a href="${hrefName}">${displayName}</a></td><td align="right">${modified}</td><td align="right">${size}</td><td>&nbsp;</td></tr>
+`;
+    }
+    html += '<tr><th colspan="5"><hr></th></tr>\n';
+    html += "</table><address>Expediate/1.0.0</address></body></html>\n";
+    return callback(html, null);
+  });
+}
+function sendIt(req, res, pathname, stat, opts) {
+  const len = stat.size;
+  const etag = createETag(stat);
+  if (opts.headers) {
+    for (const [key, value] of Object.entries(opts.headers))
+      res.setHeader(key, value);
+  }
+  if (!res.getHeader("Cache-Control") && opts.maxage) {
+    let cacheControl2 = `public, max-age=${Math.floor(opts.maxage / 1e3)}`;
+    if (opts.immutable) cacheControl2 += ", immutable";
+    res.setHeader("Cache-Control", cacheControl2);
+  }
+  if (!res.getHeader("Last-Modified") && opts.lastModified !== false)
+    res.setHeader("Last-Modified", stat.mtime.toUTCString());
+  if (!res.getHeader("ETag") && opts.etag !== false)
+    res.setHeader("ETag", etag);
+  if (!res.getHeader("Content-Type")) {
+    if (opts.contentType) {
+      res.setHeader("Content-Type", opts.contentType);
+    } else {
+      const type = mime.lookup(pathname, "");
+      if (type) {
+        const charset = mime.charsets(type);
+        res.setHeader("Content-Type", charset ? `${type}; charset=${charset}` : type);
+      }
+    }
+  }
+  if (isCacheFresh(
+    req.headers,
+    res.getHeaders()
+  )) {
+    removeContentHeaders(res);
+    HTTP.NOT_MODIFIED(res, opts);
+    return;
+  }
+  const hasPrecondition = !!(req.headers["if-match"] ?? req.headers["if-unmodified-since"]);
+  if (hasPrecondition && !conditionMatch(
+    req.headers,
+    res.getHeaders()
+  )) {
+    HTTP.PRECONDITION_FAILS(res, opts);
+    return;
+  }
+  res.setHeader("Content-Length", len);
+  if (req.method === "HEAD") {
+    res.end();
+    return;
+  }
+  let finished = false;
+  const stream = import_fs.default.createReadStream(pathname);
+  res.on("finish", () => {
+    finished = true;
+    destroyReadStream(stream);
+  });
+  stream.on("error", (err) => {
+    if (finished) return;
+    console.warn("static stream error:", pathname, err);
+    HTTP.INTERNAL_ERROR(res, opts, err.code ?? "UNKNOWN");
+    finished = true;
+    destroyReadStream(stream);
+  });
+  stream.on("end", () => res.end());
+  stream.pipe(res);
+}
+function sendFile(req, res, pathname, opts) {
+  import_fs.default.stat(pathname, (err, stat) => {
+    if (err) {
+      if (err.code === "ENOENT" || err.code === "ENAMETOOLONG" || err.code === "ENOTDIR") return HTTP.NOT_FOUND(res, opts);
+      return HTTP.INTERNAL_ERROR(res, opts, err.code ?? "UNKNOWN");
+    }
+    if (stat.isDirectory()) {
+      if (opts.indexOf) {
+        const parentUrl = req.path !== "/" ? import_path.default.dirname(req.path) : null;
+        const queryString = (req.url ?? "").split("?")[1] ?? "";
+        return writeIndexOf(req.path, pathname, parentUrl, queryString, (html, indexErr) => {
+          if (indexErr)
+            return HTTP.INTERNAL_ERROR(res, opts, indexErr.code ?? "UNKNOWN");
+          return res.status(200, opts.headers).send(html);
+        });
+      }
+      return HTTP.NOT_FOUND(res, opts);
+    }
+    sendIt(req, res, pathname, stat, opts);
+  });
+}
+function serveStatic(root, options) {
+  const opts = resolveOptions(root, options);
+  return function(req, res, next) {
+    if (req.method !== "GET" && req.method !== "HEAD") {
+      if (opts.fallthrough)
+        return next();
+      return HTTP.NOT_ALLOWED(res, opts);
+    }
+    let originalUrl;
+    try {
+      originalUrl = decodeURIComponent(req.path ?? req.url ?? "/");
+    } catch {
+      return HTTP.BAD_REQUEST(res, opts);
+    }
+    let pathname = originalUrl;
+    if (pathname === "/" && !originalUrl.endsWith("/"))
+      pathname = "";
+    if (CONTROL_CHAR_REGEXP.test(pathname)) {
+      if (opts.fallthrough)
+        return next();
+      return HTTP.NOT_FOUND(res, opts);
+    }
+    if (UP_PATH_REGEXP.test(pathname))
+      return HTTP.FORBIDDEN(res, opts);
+    pathname = import_path.default.resolve(import_path.default.normalize(`${opts.root}/${pathname}`));
+    if (pathname !== opts.root && !pathname.startsWith(opts.root + import_path.default.sep))
+      return HTTP.FORBIDDEN(res, opts);
+    if (opts.dotfiles !== "allow" && pathname.includes("/.")) {
+      if (opts.dotfiles === "deny")
+        return HTTP.FORBIDDEN(res, opts);
+      return HTTP.NOT_FOUND(res, opts);
+    }
+    import_fs.default.stat(pathname, (err, stat) => {
+      if (err) {
+        if (err.code === "ENOENT" || err.code === "ENAMETOOLONG" || err.code === "ENOTDIR") {
+          if (opts.fallthrough)
+            return next();
+          return HTTP.NOT_FOUND(res, opts);
+        }
+        return HTTP.INTERNAL_ERROR(res, opts, err.code ?? "UNKNOWN");
+      }
+      if (stat.isDirectory()) {
+        if (!opts.redirect) {
+          if (opts.fallthrough)
+            return next();
+          return HTTP.NOT_FOUND(res, opts);
+        }
+        return sendFile(req, res, import_path.default.join(pathname, "index.html"), opts);
+      }
+      sendIt(req, res, pathname, stat, opts);
+    });
+  };
+}
+function serveFile(filePath, options) {
+  const opts = resolveOptions(filePath, options);
+  return function(req, res, next) {
+    if (req.method !== "GET" && req.method !== "HEAD") {
+      if (opts.fallthrough)
+        return next();
+      return HTTP.NOT_ALLOWED(res, opts);
+    }
+    const pathname = opts.root;
+    import_fs.default.stat(pathname, (err, stat) => {
+      if (err)
+        return HTTP.INTERNAL_ERROR(res, opts, err.code ?? "UNKNOWN");
+      if (stat.isDirectory())
+        return HTTP.INTERNAL_ERROR(res, opts, "EISDIR");
+      sendIt(req, res, pathname, stat, opts);
+    });
+  };
+}
+
+// src/misc.ts
+var import_stream = require("stream");
+var import_zlib = __toESM(require("zlib"), 1);
+function resolveBodyOptions(opts, defaultType) {
+  return {
+    inflate: opts?.inflate ?? true,
+    limit: opts?.limit ?? "100kb",
+    reviver: opts?.reviver ?? null,
+    strict: opts?.strict ?? true,
+    type: opts?.type ?? defaultType,
+    verify: opts?.verify ?? null
+  };
+}
+function matchesBodyType(req, matcher) {
+  if (matcher === null) return true;
+  if (typeof matcher === "function") return matcher(req);
+  const actual = (req.headers["content-type"] ?? "").split(";")[0].trim().toLowerCase();
+  if (!actual) return false;
+  const patterns = Array.isArray(matcher) ? matcher : [matcher];
+  return patterns.some((pattern) => matchMimePattern(actual, pattern.toLowerCase()));
+}
+function matchMimePattern(actual, pattern) {
+  if (pattern === "*/*" || pattern === "*") return true;
+  if (pattern === actual) return true;
+  const [pType, pSub] = pattern.split("/");
+  const [aType] = actual.split("/");
+  return pSub === "*" && pType === aType;
+}
+var DECOMPRESS_ALGO = {
+  gzip: import_zlib.default.gunzip,
+  deflate: import_zlib.default.inflate,
+  br: import_zlib.default.brotliDecompress
+};
+function readSize(value) {
+  if (typeof value === "number") return value;
+  const fmt = /^(\d+(\.\d+)?)([kmg]?b?)?$/i.exec(value);
+  if (!fmt) return 0;
+  const num = parseFloat(fmt[1] ?? "0");
+  const sfx = (fmt[3] ?? "b").toLowerCase();
+  if (sfx.startsWith("k")) return num * 1024;
+  if (sfx.startsWith("m")) return num * 1024 * 1024;
+  if (sfx.startsWith("g")) return num * 1024 * 1024 * 1024;
+  return num;
+}
+function splitBuffer(buffer, delimiter) {
+  const result = [];
+  let start = 0;
+  let index;
+  while ((index = buffer.indexOf(delimiter, start)) !== -1) {
+    result.push(buffer.slice(start, index));
+    start = index + delimiter.length;
+  }
+  result.push(buffer.slice(start));
+  return result;
+}
+function extractCharset(contentType) {
+  const param = contentType.split(";").map((s) => s.replace(/^\s+|\s+$/g, "")).find((s) => s.startsWith("charset="));
+  return param ? param.substring("charset=".length) : "utf8";
+}
+function readBody(req, res, opts, type, next, callback) {
+  const length = parseInt(req.headers["content-length"] ?? "0", 10);
+  const isChunked = req.headers["transfer-encoding"]?.split(",").map((v) => v.trim()).some((v) => v.toLowerCase() === "chunked") ?? false;
+  if (!isChunked && (!length || length === 0)) return next();
+  const maxLength = readSize(opts.limit) || 102400;
+  if (!isChunked && length > maxLength)
+    return void res.status(413).send("Content Too Large");
+  const encoding = req.headers["content-encoding"];
+  if (encoding && (opts.inflate === false || !DECOMPRESS_ALGO[encoding]))
+    return void res.status(415).send("Unsupported Media Type: Wrong Content-Encoding");
+  const decompress = (encoding ? DECOMPRESS_ALGO[encoding] : void 0) ?? ((d, c) => c(null, d));
+  const contentType = req.headers["content-type"] ?? "";
+  if (!matchesBodyType(req, type))
+    return next();
+  let data = Buffer.alloc(0);
+  req.on("data", (chunk) => {
+    if (data === null) return;
+    const next_ = Buffer.concat([data, chunk]);
+    if (next_.length > maxLength) {
+      data = null;
+      res.status(413).send("Content Too Large");
+      return;
+    }
+    data = next_;
+  });
+  req.on("end", () => {
+    if (data === null) return;
+    decompress(data, (err, decompressed) => {
+      if (err) return void res.status(500).send(err.message);
+      const body = decompressed;
+      if (opts.verify) {
+        try {
+          opts.verify(req, res, body, extractCharset(contentType));
+        } catch (e) {
+          const status = e.status ?? e.statusCode ?? 403;
+          return void res.status(status).send(e.message ?? "Forbidden");
+        }
+      }
+      callback(contentType, body);
+    });
+  });
+}
+function readReqBody(req, opts, mimetype, res) {
+  return new Promise((resolve, reject) => {
+    const length = parseInt(req.headers["content-length"] ?? "0", 10);
+    const isChunked = req.headers["transfer-encoding"]?.split(",").map((v) => v.trim()).some((v) => v.toLowerCase() === "chunked") ?? false;
+    if (!isChunked && (!length || length === 0)) return resolve(null);
+    const maxLength = readSize(opts.limit) || 102400;
+    if (!isChunked && length > maxLength)
+      return reject({ status: 413, message: "Content Too Large" });
+    const encoding = req.headers["content-encoding"];
+    if (encoding && (opts.inflate === false || !DECOMPRESS_ALGO[encoding]))
+      return reject({ status: 415, message: "Unsupported Media Type: Wrong Content-Encoding" });
+    const decompress = (encoding ? DECOMPRESS_ALGO[encoding] : void 0) ?? ((d, c) => c(null, d));
+    const contentType = req.headers["content-type"] ?? "";
+    if (mimetype && contentType.split(";")[0].trim() !== mimetype)
+      return reject({ status: 415, message: "Unsupported Media Type: Wrong Content-Type" });
+    let data = Buffer.alloc(0);
+    req.on("data", (chunk) => {
+      if (data === null) return;
+      const next_ = Buffer.concat([data, chunk]);
+      if (next_.length > maxLength) {
+        data = null;
+        reject({ status: 413, message: "Content Too Large" });
+        return;
+      }
+      data = next_;
+    });
+    req.on("end", () => {
+      if (data === null) return;
+      decompress(data, (err, decompressed) => {
+        if (err) return reject({ status: 500, message: err.message });
+        const body = decompressed;
+        if (opts.verify && res) {
+          try {
+            opts.verify(req, res, body, extractCharset(contentType));
+          } catch (e) {
+            const status = e.status ?? e.statusCode ?? 403;
+            return reject({ status, message: e.message ?? "Forbidden" });
+          }
+        }
+        resolve({ mimetype: contentType ?? "", content: body });
+      });
+    });
+  });
+}
+function readBodyAsPlainText(req, res, next, contentType, data) {
+  const charset = extractCharset(contentType);
+  try {
+    req.body = data.toString(charset);
+    next();
+  } catch (ex) {
+    res.status(500).send(ex.message);
+  }
+}
+function readBodyAsJson(req, res, next, opts, contentType, data) {
+  const charset = extractCharset(contentType);
+  try {
+    const parsed = JSON.parse(
+      data.toString(charset),
+      opts.reviver ?? void 0
+    );
+    if (opts.strict && (typeof parsed !== "object" || parsed === null)) {
+      return void res.status(400).send("Bad Request: JSON body must be an object or array");
+    }
+    req.body = parsed;
+    next();
+  } catch (ex) {
+    res.status(400).send("Bad Request: " + ex.message);
+  }
+}
+function parseMultipartBody(contentType, data) {
+  const boundary = contentType.split(";").map((s) => s.replace(/^\s+|\s+$/g, "")).find((s) => s.startsWith("boundary="))?.substring("boundary=".length);
+  if (!boundary)
+    throw { status: 400, message: "Bad Request: missing multipart boundary" };
+  const delimiter = Buffer.from(`\r
+--${boundary}`);
+  const normalized = Buffer.concat([Buffer.from("\r\n"), data]);
+  const rawParts = splitBuffer(normalized, delimiter);
+  const parts = [];
+  for (const part of rawParts) {
+    if (part.toString("utf8", 0, 2) === "--") continue;
+    const partContent = part.slice(2);
+    const blankLine = Buffer.from("\r\n\r\n");
+    const blankIdx = partContent.indexOf(blankLine);
+    if (blankIdx === -1) continue;
+    const headerSection = partContent.slice(0, blankIdx).toString("utf8");
+    const content = partContent.slice(blankIdx + blankLine.length);
+    const headers = {};
+    for (const line of headerSection.split("\r\n")) {
+      if (!line) continue;
+      const colonIdx = line.indexOf(":");
+      if (colonIdx === -1) continue;
+      const key = line.substring(0, colonIdx).replace(/^\s+|\s+$/g, "").toLowerCase();
+      const value = line.substring(colonIdx + 1).replace(/^\s+|\s+$/g, "");
+      headers[key] = value;
+    }
+    parts.push({ headers, content });
+  }
+  return parts;
+}
+function readBodyAsFormData(req, res, next, contentType, data) {
+  try {
+    req.body = parseMultipartBody(contentType, data);
+    next();
+  } catch (ex) {
+    const status = ex.status ?? 500;
+    res.status(status).send(ex.message ?? String(ex));
+  }
+}
+function readBodyAsFormEncoded(req, res, next, contentType, data) {
+  const charset = extractCharset(contentType);
+  try {
+    const params = new URLSearchParams(data.toString(charset));
+    const result = {};
+    for (const [key, value] of params.entries()) {
+      const existing = result[key];
+      if (existing === void 0) {
+        result[key] = value;
+      } else if (Array.isArray(existing)) {
+        existing.push(value);
+      } else {
+        result[key] = [existing, value];
+      }
+    }
+    req.body = result;
+    next();
+  } catch (ex) {
+    res.status(400).send("Bad Request: " + ex.message);
+  }
+}
+var BODY_READERS = {
+  "multipart/form-data": (req, res, next, _opts, ct, data) => readBodyAsFormData(req, res, next, ct, data),
+  "application/json": (req, res, next, opts, ct, data) => readBodyAsJson(req, res, next, opts, ct, data),
+  "application/x-www-form-urlencoded": (req, res, next, _opts, ct, data) => readBodyAsFormEncoded(req, res, next, ct, data),
+  "text/plain": (req, res, next, _opts, ct, data) => readBodyAsPlainText(req, res, next, ct, data)
+};
+function json(opts) {
+  const resolved = resolveBodyOptions(opts, "application/json");
+  return (req, res, next) => {
+    readBody(req, res, resolved, resolved.type, next, (contentType, body) => {
+      readBodyAsJson(req, res, next, resolved, contentType, body);
+    });
+  };
+}
+function formData(opts) {
+  const resolved = resolveBodyOptions(opts, "multipart/form-data");
+  return (req, res, next) => {
+    readBody(req, res, resolved, resolved.type, next, (contentType, body) => {
+      readBodyAsFormData(req, res, next, contentType, body);
+    });
+  };
+}
+function formEncoded(opts) {
+  const resolved = resolveBodyOptions(opts, "application/x-www-form-urlencoded");
+  return (req, res, next) => {
+    readBody(req, res, resolved, resolved.type, next, (contentType, body) => {
+      readBodyAsFormEncoded(req, res, next, contentType, body);
+    });
+  };
+}
+function parseBody(opts) {
+  const resolved = resolveBodyOptions(opts, null);
+  return (req, res, next) => {
+    readBody(req, res, resolved, resolved.type, next, (contentType, body) => {
+      const mimetype = contentType.split(";")[0].trim();
+      if (!BODY_READERS[mimetype])
+        return res.status(415).send("Unsupported Media Type");
+      BODY_READERS[mimetype](req, res, next, resolved, contentType, body);
+    });
+  };
+}
+function raw(opts) {
+  const resolved = resolveBodyOptions(opts, "application/octet-stream");
+  return (req, res, next) => {
+    readBody(req, res, resolved, resolved.type, next, (_contentType, body) => {
+      req.body = body;
+      next();
+    });
+  };
+}
+function text(opts) {
+  const resolved = resolveBodyOptions(opts, "text/plain");
+  return (req, res, next) => {
+    readBody(req, res, resolved, resolved.type, next, (contentType, body) => {
+      readBodyAsPlainText(req, res, next, contentType, body);
+    });
+  };
+}
+async function* streamFormData(req, opts) {
+  const maxSize = (opts?.limit !== void 0 ? readSize(opts.limit) : 0) || 102400;
+  const chunks = [];
+  let totalSize = 0;
+  for await (const chunk of req) {
+    totalSize += chunk.length;
+    if (totalSize > maxSize) throw { status: 413, message: "Content Too Large" };
+    chunks.push(chunk);
+  }
+  const body = Buffer.concat(chunks);
+  const contentType = req.headers["content-type"] ?? "";
+  const parts = parseMultipartBody(contentType, body);
+  for (const part of parts) {
+    yield { headers: part.headers, stream: import_stream.Readable.from(part.content) };
+  }
+}
+var STATUS_COLORS = [
+  "\x1B[0m",
+  // 0 — fallback / unknown
+  "\x1B[33m",
+  // 1xx — informational (yellow)
+  "\x1B[32m",
+  // 2xx — success (green)
+  "\x1B[33m",
+  // 3xx — redirection (yellow)
+  "\x1B[31m",
+  // 4xx — client error (red)
+  "\x1B[91m"
+  // 5xx — server error (bright red)
+];
+var ANSI_RESET = "\x1B[0m";
+function logger(opts) {
+  const options = opts ?? {};
+  const log = options.logger ?? console.log;
+  const formatter = new Intl.DateTimeFormat(
+    options.locale ?? "en-GB",
+    options.dateFormat ?? {
+      month: "short",
+      day: "2-digit",
+      hour: "2-digit",
+      minute: "2-digit"
+    }
+  );
+  return (req, res, next) => {
+    const timestamp = formatter.format(/* @__PURE__ */ new Date());
+    const requestPath = req.path ?? req.url ?? "/";
+    const ip = req.ip ?? "";
+    const user = options.user?.(req) ?? "-";
+    const receivedAt = Date.now();
+    const tracker = options.track === true ? setTimeout(() => {
+      log(`${timestamp} LOST ${req.method} ${requestPath} ${ip} <${user}>`);
+    }, options.trackTimeout ?? 3e4) : null;
+    res.on("finish", () => {
+      if (tracker !== null) clearTimeout(tracker);
+      const host = req.headers.host;
+      const elapsed = Date.now() - receivedAt;
+      const statusClass = Math.floor(res.statusCode / 100);
+      const colour = STATUS_COLORS[statusClass] ?? STATUS_COLORS[0];
+      const statusStr = `${colour}${res.statusCode}${ANSI_RESET}`;
+      const contentLen = res.getHeader("content-length") ?? "-";
+      if (options.json === true)
+        log({
+          timestamp,
+          status: res.statusCode,
+          method: req.method,
+          path: requestPath,
+          ip,
+          user,
+          elapsed,
+          host,
+          length: contentLen
+        });
+      else
+        log(`${timestamp} ${statusStr} ${req.method} ${requestPath} ${ip} <${user}> ${elapsed}ms (${String(contentLen)})`);
+    });
+    next();
+  };
+}
+function resolveAllowOrigin(origin, requestOrigin) {
+  if (typeof origin === "string") return origin;
+  return origin.includes(requestOrigin) ? requestOrigin : void 0;
+}
+function cors(opts) {
+  const options = {
+    origin: opts?.origin ?? "*",
+    allowHeaders: opts?.allowHeaders ?? "Accept, Content-Type, Authorization",
+    allowMethods: opts?.allowMethods ?? "GET,HEAD,PUT,PATCH,POST,DELETE",
+    allowCredentials: opts?.allowCredentials,
+    maxAge: opts?.maxAge,
+    vary: opts?.vary,
+    optionsStatus: opts?.optionsStatus ?? 204,
+    preflight: opts?.preflight
+  };
+  return (req, res, next) => {
+    if (options.preflight && !options.preflight(req)) {
+      res.status(req.method == "OPTIONS" ? 403 : 400).end();
+      return;
+    }
+    if (req.headers.origin) {
+      const allowOrigin = resolveAllowOrigin(options.origin, req.headers.origin);
+      if (allowOrigin !== void 0) {
+        res.setHeader("Access-Control-Allow-Origin", allowOrigin);
+        if (options.vary !== void 0)
+          res.setHeader("Vary", options.vary);
+      }
+    }
+    if (req.method == "OPTIONS") {
+      res.setHeader("Access-Control-Allow-Headers", options.allowHeaders);
+      res.setHeader("Access-Control-Allow-Methods", options.allowMethods);
+      if (options.allowCredentials !== void 0)
+        res.setHeader("Access-Control-Allow-Credentials", options.allowCredentials ? "true" : "false");
+      if (options.maxAge !== void 0)
+        res.setHeader("Access-Control-Max-Age", options.maxAge.toFixed(0));
+      res.status(options.optionsStatus).end();
+      return;
+    }
+    next();
+  };
+}
+
+// src/http-objects.ts
+function decodeJsonCookie(raw2) {
+  if (!raw2.startsWith("j:")) return raw2;
+  try {
+    return JSON.parse(raw2.slice(2));
+  } catch {
+    return raw2;
+  }
+}
+function encodeCookieValue(value) {
+  return encodeURIComponent(value);
+}
+function decodeCookieValue(raw2) {
+  let val = raw2;
+  if (val.length >= 2 && val.charCodeAt(0) === 34 && val.charCodeAt(val.length - 1) === 34)
+    val = val.slice(1, -1);
+  try {
+    return decodeURIComponent(val);
+  } catch {
+    return val;
+  }
+}
+function signCookieValue(value, secret) {
+  const sig = crypto.createHmac("sha256", secret).update(value).digest("base64url");
+  return `s:${value}.${sig}`;
+}
+function verifyCookieValue(signed, secret) {
+  if (!signed.startsWith("s:")) return false;
+  const withoutPrefix = signed.slice(2);
+  const lastDot = withoutPrefix.lastIndexOf(".");
+  if (lastDot === -1) return false;
+  const value = withoutPrefix.slice(0, lastDot);
+  const received = withoutPrefix.slice(lastDot + 1);
+  const expected = crypto.createHmac("sha256", secret).update(value).digest("base64url");
+  const receivedBuf = Buffer.from(received, "base64url");
+  const expectedBuf = Buffer.from(expected, "base64url");
+  if (receivedBuf.length !== expectedBuf.length) return false;
+  if (!crypto.timingSafeEqual(receivedBuf, expectedBuf)) return false;
+  return value;
+}
+var kSecret = /* @__PURE__ */ Symbol("expediate.secret");
+var kRes = /* @__PURE__ */ Symbol("expediate.res");
+function resolveReqOpts(opts) {
+  return {
+    limit: opts?.limit ?? "100kb",
+    inflate: opts?.inflate ?? true,
+    reviver: null,
+    strict: opts?.strict ?? false,
+    // readReqBody takes its expected mimetype as an explicit argument, so the
+    // type matcher here is unused; null keeps the object shape-compatible.
+    type: null,
+    verify: opts?.verify ?? null
+  };
+}
+var STATUS_MESSAGES = {
+  100: "Continue",
+  101: "Switching Protocols",
+  102: "Processing",
+  200: "OK",
+  201: "Created",
+  202: "Accepted",
+  204: "No Content",
+  206: "Partial Content",
+  207: "Multi-Status",
+  300: "Multiple Choices",
+  301: "Moved Permanently",
+  302: "Found",
+  303: "See Other",
+  304: "Not Modified",
+  307: "Temporary Redirect",
+  308: "Permanent Redirect",
+  400: "Bad Request",
+  401: "Unauthorized",
+  402: "Payment Required",
+  403: "Forbidden",
+  404: "Not Found",
+  405: "Method Not Allowed",
+  406: "Not Acceptable",
+  408: "Request Timeout",
+  409: "Conflict",
+  410: "Gone",
+  411: "Length Required",
+  413: "Payload Too Large",
+  415: "Unsupported Media Type",
+  422: "Unprocessable Entity",
+  429: "Too Many Requests",
+  500: "Internal Server Error",
+  501: "Not Implemented",
+  502: "Bad Gateway",
+  503: "Service Unavailable",
+  504: "Gateway Timeout"
+};
+var requestHelpers = {
+  /** Read and parse the request body as JSON (cached after first read). */
+  json(opts) {
+    if ("body" in this) return Promise.resolve(this.body ?? null);
+    return readReqBody(this, resolveReqOpts(opts), "application/json", this[kRes]).then((ret) => {
+      if (ret == null) return null;
+      const charset = extractCharset(ret.mimetype);
+      try {
+        const parsed = JSON.parse(
+          ret.content.toString(charset),
+          opts?.reviver ?? void 0
+        );
+        this.body = parsed;
+        return parsed;
+      } catch (ex) {
+        return Promise.reject({ status: 400, message: "Bad Request: " + ex.message });
+      }
+    });
+  },
+  /** Read and decode the request body as plain text (cached after first read). */
+  text(opts) {
+    const cached = this.body;
+    if (typeof cached === "string") return Promise.resolve(cached);
+    return readReqBody(this, resolveReqOpts(opts), null, this[kRes]).then((ret) => {
+      if (ret == null) return null;
+      const charset = extractCharset(ret.mimetype);
+      return ret.content.toString(charset);
+    });
+  },
+  /** Read and parse the request body as `multipart/form-data` (cached). */
+  formData(opts) {
+    const cached = this.body;
+    if (Array.isArray(cached)) return Promise.resolve(cached);
+    return readReqBody(this, resolveReqOpts(opts), "multipart/form-data", this[kRes]).then((ret) => {
+      if (ret == null) return null;
+      try {
+        const parts = parseMultipartBody(ret.mimetype, ret.content);
+        this.body = parts;
+        return parts;
+      } catch (ex) {
+        const e = ex;
+        return Promise.reject({ status: e.status ?? 500, message: e.message ?? String(ex) });
+      }
+    });
+  },
+  /** Read a request header by name (case-insensitive; referer/referrer alias). */
+  header(name) {
+    const key = name.toLowerCase();
+    if (key === "referer" || key === "referrer")
+      return this.headers.referer ?? this.headers.referrer;
+    return this.headers[key];
+  }
+};
+var responseHelpers = {
+  send(data) {
+    if (data) this.write(data);
+    this.end();
+  },
+  json(data) {
+    this.setHeader("Content-Type", "application/json");
+    this.write(JSON.stringify(data));
+    this.end();
+  },
+  status(code, headers) {
+    if (!Number.isInteger(code) || code < 100 || code > 999)
+      throw new RangeError(`Invalid status code: ${code}. Must be an integer between 100 and 999.`);
+    this.statusCode = code;
+    if (headers)
+      for (const [k, v] of Object.entries(headers)) this.setHeader(k, v);
+    return this;
+  },
+  redirect(url) {
+    this.setHeader("location", url);
+    this.writeHead(302);
+    this.write(`Found. Redirecting to ${url}`);
+    this.end();
+  },
+  cookie(name, value, options) {
+    const opts = options ?? {};
+    let val = typeof value === "object" ? "j:" + JSON.stringify(value) : String(value);
+    if (opts.signed) {
+      const secret = this[kSecret];
+      if (!secret)
+        throw new Error(
+          "Signed cookies require a secret \u2014 pass { secret } to createRouter()"
+        );
+      val = signCookieValue(val, secret);
+    }
+    let txt = `${name}=${encodeCookieValue(val)}`;
+    if (opts.maxAge != null) {
+      const maxAgeMs = opts.maxAge;
+      const maxAgeSec = Math.floor(maxAgeMs / 1e3);
+      if (maxAgeMs > 0) opts.expires = new Date(Date.now() + maxAgeMs);
+      txt += `; Max-Age=${maxAgeSec}`;
+    }
+    if (opts.expires) txt += `; Expires=${opts.expires.toUTCString()}`;
+    txt += `; Path=${opts.path ?? "/"}`;
+    if (opts.httpOnly) txt += "; HttpOnly";
+    if (opts.secure) txt += "; Secure";
+    if (opts.sameSite) txt += `; SameSite=${opts.sameSite}`;
+    const existing = this.getHeader("Set-Cookie");
+    if (existing == null) {
+      this.setHeader("Set-Cookie", txt);
+    } else if (Array.isArray(existing)) {
+      this.setHeader("Set-Cookie", [...existing, txt]);
+    } else {
+      this.setHeader("Set-Cookie", [existing, txt]);
+    }
+    return this;
+  },
+  download(filepath, filename) {
+    const rReq = this.req;
+    const name = filename ?? path.basename(filepath);
+    const safeName = name.replace(/"/g, '\\"');
+    this.setHeader("Content-Disposition", `attachment; filename="${safeName}"`);
+    fs2.access(filepath, fs2.constants.F_OK, (err) => {
+      if (err) {
+        if (!this.writableEnded) this.status(404).end("Not Found");
+        return;
+      }
+      serveFile(filepath)(rReq, this, () => {
+      });
+    });
+  },
+  type(mimeType) {
+    this.setHeader("Content-Type", mimeType);
+    return this;
+  },
+  etag(value, strong = false) {
+    this.setHeader("ETag", strong ? `"${value}"` : `W/"${value}"`);
+    return this;
+  },
+  header(field, value) {
+    this.setHeader(field, value);
+    return this;
+  },
+  append(field, value) {
+    const existing = this.getHeader(field);
+    if (existing == null) {
+      this.setHeader(field, value);
+    } else if (field.toLowerCase() === "set-cookie") {
+      const prev = Array.isArray(existing) ? existing : [String(existing)];
+      const next = Array.isArray(value) ? value : [value];
+      this.setHeader(field, [...prev, ...next]);
+    } else {
+      const prev = Array.isArray(existing) ? existing.join(", ") : String(existing);
+      const added = Array.isArray(value) ? value.join(", ") : value;
+      this.setHeader(field, `${prev}, ${added}`);
+    }
+    return this;
+  },
+  vary(field) {
+    const fields = Array.isArray(field) ? field : [field];
+    const existing = this.getHeader("Vary");
+    const current = existing ? (Array.isArray(existing) ? existing : [String(existing)]).join(", ").split(",").map((s) => s.trim().toLowerCase()) : [];
+    for (const f of fields) {
+      if (!current.includes(f.toLowerCase())) {
+        current.push(f.toLowerCase());
+      }
+    }
+    this.setHeader("Vary", current.join(", "));
+    return this;
+  },
+  location(url) {
+    this.setHeader("Location", url);
+    return this;
+  },
+  clearCookie(name, options) {
+    const opts = { ...options, expires: /* @__PURE__ */ new Date(0), maxAge: 0 };
+    delete opts.signed;
+    this.cookie(name, "", opts);
+    return this;
+  },
+  sendStatus(code) {
+    this.setHeader("Content-Type", "text/plain");
+    this.statusCode = code;
+    this.end(STATUS_MESSAGES[code] ?? String(code));
+  },
+  attachment(filename) {
+    if (filename) {
+      const mimeType = mime.lookup(filename, "application/octet-stream");
+      this.setHeader("Content-Type", mimeType);
+      const safeName = path.basename(filename).replace(/"/g, '\\"');
+      this.setHeader("Content-Disposition", `attachment; filename="${safeName}"`);
+    } else {
+      this.setHeader("Content-Disposition", "attachment");
+    }
+    return this;
+  }
+};
+var reqProtoCache = /* @__PURE__ */ new WeakMap();
+var resProtoCache = /* @__PURE__ */ new WeakMap();
+function ensureProto(cache, obj, helpers) {
+  const base = Object.getPrototypeOf(obj);
+  let proto = cache.get(base);
+  if (proto === void 0) {
+    proto = Object.assign(Object.create(base), helpers);
+    cache.set(base, proto);
+  }
+  return proto;
+}
+function updateHttpObjects(req, res, secret, trustProxy) {
+  const rReq = req;
+  const rRes = res;
+  if (rReq.queries) return;
+  Object.setPrototypeOf(req, ensureProto(reqProtoCache, req, requestHelpers));
+  Object.setPrototypeOf(res, ensureProto(resProtoCache, res, responseHelpers));
+  rReq.queries = {};
+  if (trustProxy) {
+    const xff = req.headers["x-forwarded-for"];
+    const xffStr = Array.isArray(xff) ? xff.join(",") : xff ?? "";
+    rReq.ips = xffStr ? xffStr.split(",").map((s) => s.trim()) : [];
+    rReq.ip = rReq.ips[0] ?? req.socket?.remoteAddress ?? "";
+    const xProto = req.headers["x-forwarded-proto"];
+    rReq.protocol = (Array.isArray(xProto) ? xProto[0] : xProto)?.split(",")[0].trim() ?? "http";
+    const xHost = req.headers["x-forwarded-host"];
+    const hostHeader = (Array.isArray(xHost) ? xHost[0] : xHost) ?? req.headers.host ?? "";
+    rReq.hostname = hostHeader.replace(/:\d+$/, "");
+  } else {
+    rReq.ip = req.socket?.remoteAddress ?? "";
+    rReq.ips = [];
+    rReq.protocol = req.socket?.encrypted ? "https" : "http";
+    rReq.hostname = (req.headers.host ?? "").replace(/:\d+$/, "");
+  }
+  rReq.secure = rReq.protocol === "https";
+  rReq.baseUrl = rReq.baseUrl ?? "";
+  const qry = new URL(`http://${req.headers.host}${req.url}`);
+  rReq.originalUrl = req.url;
+  rReq.path = qry.pathname;
+  const urlParams = {};
+  for (const [key, value] of qry.searchParams.entries()) {
+    const existing = urlParams[key];
+    if (existing === void 0) {
+      urlParams[key] = value;
+    } else if (Array.isArray(existing)) {
+      existing.push(value);
+    } else {
+      urlParams[key] = [existing, value];
+    }
+  }
+  rReq.queries.url = urlParams;
+  const flatParams = {};
+  for (const [key, value] of Object.entries(urlParams)) {
+    flatParams[key] = Array.isArray(value) ? value[0] : value;
+  }
+  rReq.params = flatParams;
+  rReq.query = urlParams;
+  if (rReq.cookies == null) {
+    rReq.cookies = {};
+    if (req.headers.cookie) {
+      for (const part of req.headers.cookie.split(";")) {
+        const eqIdx = part.indexOf("=");
+        if (eqIdx === -1) continue;
+        const name = part.slice(0, eqIdx).trim();
+        const rawVal = decodeCookieValue(part.slice(eqIdx + 1).trim());
+        if (rawVal.startsWith("s:")) {
+          if (secret) {
+            const inner = verifyCookieValue(rawVal, secret);
+            if (inner === false) continue;
+            rReq.cookies[name] = decodeJsonCookie(inner);
+          } else {
+            rReq.cookies[name] = rawVal;
+          }
+        } else {
+          rReq.cookies[name] = decodeJsonCookie(rawVal);
+        }
+      }
+    }
+  }
+  rRes[kSecret] = secret;
+  rReq[kRes] = rRes;
+  rRes.locals = {};
+  rRes.setHeader("X-Powered-By", "Expediate");
+}
+
+// src/router.ts
+function isGlobPattern(pattern) {
+  let i = 0;
+  while (i < pattern.length) {
+    const ch = pattern[i];
+    if (ch === "\\") {
+      i += 2;
+      continue;
+    }
+    if (ch === ":") {
+      i++;
+      while (i < pattern.length && /\w/.test(pattern[i])) i++;
+      if (i < pattern.length && pattern[i] === "(") {
+        let depth = 1;
+        i++;
+        while (i < pattern.length && depth > 0) {
+          if (pattern[i] === "\\") {
+            i += 2;
+            continue;
+          }
+          if (pattern[i] === "(") depth++;
+          else if (pattern[i] === ")") depth--;
+          i++;
+        }
+      }
+      continue;
+    }
+    if (ch === "*" || ch === "?") return true;
+    i++;
+  }
+  return false;
+}
+function compileGlob(glob, exact = false) {
+  let src = glob.replace(/[.+^${}()|[\]\\]/g, "\\$&");
+  src = src.replace(/\*\*/g, "\0GLOBSTAR\0").replace(/\*/g, "[^/]*").replace(/\?/g, "[^/]").replace(/\x00GLOBSTAR\x00/g, ".*");
+  return new RegExp("^" + src + (exact ? "$" : ""));
+}
+function extractInlinePattern(str, openIdx) {
+  let depth = 0;
+  let i = openIdx;
+  for (; i < str.length; i++) {
+    if (str[i] === "\\") {
+      i++;
+      continue;
+    }
+    if (str[i] === "(") {
+      depth++;
+      continue;
+    }
+    if (str[i] === ")") {
+      depth--;
+      if (depth === 0) break;
+    }
+  }
+  if (depth !== 0)
+    throw new SyntaxError(`Unbalanced parentheses in route segment '${str}'`);
+  return { pattern: str.slice(openIdx + 1, i), closeIdx: i };
+}
+function compilePlainPath(path2, exact = false) {
+  const segments = path2.split("/").filter((s) => s.length > 0);
+  const src = segments.map((seg) => {
+    if (!seg.startsWith(":"))
+      return seg.replace(/[.+^${}()|[\]\\]/g, "\\$&");
+    const parenIdx = seg.indexOf("(", 1);
+    if (parenIdx === -1) {
+      return `(?<${seg.slice(1)}>[^/]+)`;
+    }
+    const name = seg.slice(1, parenIdx);
+    if (!name)
+      throw new SyntaxError(`Route parameter missing name before '(' in segment '${seg}'`);
+    const { pattern, closeIdx } = extractInlinePattern(seg, parenIdx);
+    if (/\(\?<[^>]+>/.test(pattern))
+      throw new SyntaxError(
+        `Inline constraint for ':${name}' must not contain named capture groups.`
+      );
+    const suffix = seg.slice(closeIdx + 1);
+    const escapedSuffix = suffix.replace(/[.+^${}()|[\]\\]/g, "\\$&");
+    return `(?<${name}>${pattern})${escapedSuffix}`;
+  }).join("/");
+  try {
+    return new RegExp(exact ? "^/?" + src + (src ? "/?" : "") + "$" : "^/?" + src + "(?=/|$)");
+  } catch (e) {
+    throw new SyntaxError(
+      `Invalid inline regex constraint in path '${path2}': ${e.message}`,
+      { cause: e }
+    );
+  }
+}
+function compilePattern(path2, exact = false) {
+  if (path2 instanceof RegExp) return path2;
+  if (isGlobPattern(path2)) return compileGlob(path2, exact);
+  return compilePlainPath(path2, exact);
+}
+function buildRouteLayer(method, path2, middleware, stripPath) {
+  if (typeof middleware !== "function")
+    throw new TypeError("Incorrect middleware type: expected a function");
+  if (path2 instanceof RegExp && (path2.global || path2.sticky))
+    throw new TypeError(
+      `Route RegExp /${path2.source}/${path2.flags} must not use the g (global) or y (sticky) flag \u2014 these flags make exec() stateful and cause intermittent routing failures.`
+    );
+  return { method, path: path2, regex: compilePattern(path2, !stripPath), stripPath, middleware };
+}
+function matchRouteLayer(layer, req, path2) {
+  if (layer.method && layer.method !== req.method && !(req.method === "HEAD" && layer.method === "GET"))
+    return false;
+  const m = layer.regex.exec(path2);
+  if (m === null) return false;
+  const captured = m.groups ?? {};
+  if (layer.stripPath) {
+    req.path = path2.slice(m[0].length) || "/";
+  }
+  req.queries.route = captured;
+  Object.assign(req.params, captured);
+  return true;
+}
+function pathMatchesLayer(layer, path2) {
+  return layer.regex.test(path2);
+}
+function registerRoute(routes, method, path2, arg, stripPath) {
+  if (Array.isArray(arg)) {
+    for (const item of arg) registerRoute(routes, method, path2, item, stripPath);
+  } else if (typeof arg === "function") {
+    routes.push(buildRouteLayer(method, path2, arg, stripPath));
+  } else if (arg && typeof arg.listener === "function") {
+    routes.push(buildRouteLayer(method, path2, arg.listener, stripPath));
+  } else {
+    throw new TypeError(
+      "Unexpected value registered as middleware: expected a Middleware function, a Router instance, or an array of either"
+    );
+  }
+}
+function extractRouterPrefix(arg) {
+  if (Array.isArray(arg) || typeof arg === "function") return void 0;
+  return arg.prefix;
+}
+function createRouter(prefixOrOpts, opts) {
+  const routerPrefix = typeof prefixOrOpts === "string" ? prefixOrOpts : void 0;
+  const options = typeof prefixOrOpts === "object" ? prefixOrOpts : opts ?? {};
+  const secret = options.secret;
+  const timeoutMs = options.timeout;
+  const trustProxy = options.trustProxy ?? false;
+  const routes = [];
+  const errorHandlers = [];
+  let errorHandler;
+  let activeServer = null;
+  const activeSockets = /* @__PURE__ */ new Set();
+  const listener = (req, res, done) => {
+    const method = req.method;
+    const url = req.url;
+    let idx = 0;
+    updateHttpObjects(req, res, secret, trustProxy);
+    if (timeoutMs) {
+      if (req.socket) req.socket.setTimeout(timeoutMs);
+      const timer = setTimeout(() => {
+        if (!res.writableEnded) res.status(408).end("Request Timeout");
+      }, timeoutMs);
+      res.once("finish", () => {
+        clearTimeout(timer);
+        if (req.socket) req.socket.setTimeout(0);
+      });
+    }
+    const invokeErrorHandler = (e) => {
+      if (res.writableEnded) return;
+      let i = 0;
+      const runNext = (err) => {
+        if (res.writableEnded) return;
+        if (i < errorHandlers.length) {
+          const handler = errorHandlers[i++];
+          try {
+            handler(err, req, res, (nextErr) => runNext(nextErr ?? err));
+          } catch (e2) {
+            runNext(e2);
+          }
+          return;
+        }
+        if (errorHandler) {
+          try {
+            errorHandler(err, req, res);
+          } catch {
+            if (!res.writableEnded) res.status(500).end(`Error ${method} ${url}`);
+          }
+          return;
+        }
+        if (done) {
+          done(err);
+          return;
+        }
+        res.status(500).end(`Error ${method} ${url}`);
+      };
+      runNext(e);
+    };
+    const invoke = (mw, nextFn) => {
+      try {
+        const ret = mw(req, res, nextFn);
+        if (ret instanceof Promise) ret.catch(invokeErrorHandler);
+      } catch (e) {
+        invokeErrorHandler(e);
+      }
+    };
+    const allowedMethods = /* @__PURE__ */ new Set();
+    const next = (err) => {
+      if (err != null) {
+        invokeErrorHandler(err);
+        return;
+      }
+      while (idx < routes.length) {
+        const layer = routes[idx++];
+        const pathBefore = req.path;
+        if (matchRouteLayer(layer, req, req.path)) {
+          if (layer.stripPath) {
+            const baseUrlBefore = req.baseUrl;
+            const strippedPrefix = pathBefore.slice(0, pathBefore.length - req.path.length);
+            req.baseUrl = baseUrlBefore + strippedPrefix;
+            invoke(layer.middleware, (err2) => {
+              req.path = pathBefore;
+              req.baseUrl = baseUrlBefore;
+              next(err2);
+            });
+            return;
+          }
+          invoke(layer.middleware, next);
+          return;
+        }
+        if (layer.method !== null && pathMatchesLayer(layer, pathBefore)) {
+          allowedMethods.add(layer.method);
+        }
+      }
+      if (allowedMethods.size > 0) {
+        if (allowedMethods.has("GET")) allowedMethods.add("HEAD");
+        allowedMethods.add("OPTIONS");
+        const allow = [...allowedMethods].sort().join(", ");
+        if (method === "OPTIONS") {
+          res.status(204, { Allow: allow }).end();
+          return;
+        }
+        res.status(405, { Allow: allow }).end(`Cannot ${method} ${url}`);
+        return;
+      }
+      if (done) return done();
+      res.status(404).end(`Cannot ${method} ${url}`);
+    };
+    try {
+      next();
+    } catch (e) {
+      invokeErrorHandler(e);
+    }
+  };
+  function makeRegister(method, stripPath) {
+    return (path2, ...args) => {
+      for (const arg of args) registerRoute(routes, method, path2, arg, stripPath);
+    };
+  }
+  const use = (pathOrFirst, ...args) => {
+    if (typeof pathOrFirst === "string" || pathOrFirst instanceof RegExp) {
+      for (const arg of args) registerRoute(routes, null, pathOrFirst, arg, true);
+    } else {
+      const inferredPath = extractRouterPrefix(pathOrFirst) ?? "/";
+      registerRoute(routes, null, inferredPath, pathOrFirst, true);
+      for (const arg of args) registerRoute(routes, null, "/", arg, true);
+    }
+  };
+  const router = {
+    prefix: routerPrefix,
+    listener,
+    use,
+    all: makeRegister(null, false),
+    get: makeRegister("GET", false),
+    put: makeRegister("PUT", false),
+    post: makeRegister("POST", false),
+    delete: makeRegister("DELETE", false),
+    patch: makeRegister("PATCH", false),
+    head: makeRegister("HEAD", false),
+    options: makeRegister("OPTIONS", false),
+    // ── route ────────────────────────────────────────────────────────────────
+    route(path2) {
+      const builder = {
+        all(...args) {
+          router.all(path2, ...args);
+          return builder;
+        },
+        get(...args) {
+          router.get(path2, ...args);
+          return builder;
+        },
+        put(...args) {
+          router.put(path2, ...args);
+          return builder;
+        },
+        post(...args) {
+          router.post(path2, ...args);
+          return builder;
+        },
+        delete(...args) {
+          router.delete(path2, ...args);
+          return builder;
+        },
+        patch(...args) {
+          router.patch(path2, ...args);
+          return builder;
+        },
+        head(...args) {
+          router.head(path2, ...args);
+          return builder;
+        },
+        options(...args) {
+          router.options(path2, ...args);
+          return builder;
+        }
+      };
+      return builder;
+    },
+    // ── onError ─────────────────────────────────────────────────────────────
+    onError(handler) {
+      errorHandler = handler;
+    },
+    // ── error ────────────────────────────────────────────────────────────────
+    error(handler) {
+      errorHandlers.push(handler);
+    },
+    // ── routes ───────────────────────────────────────────────────────────────
+    routes() {
+      return routes.map((l) => ({
+        method: l.method,
+        path: l.path,
+        stripPath: l.stripPath
+      }));
+    },
+    // ── shutdown ─────────────────────────────────────────────────────────────
+    shutdown(timeout = 5e3) {
+      if (!activeServer) return Promise.resolve();
+      return new Promise((resolve, reject) => {
+        activeServer.close((err) => {
+          if (err) reject(err);
+          else resolve();
+        });
+        if (timeout > 0) {
+          setTimeout(() => {
+            for (const socket of activeSockets) socket.destroy();
+            activeSockets.clear();
+          }, timeout);
+        }
+      });
+    },
+    // ── listen ───────────────────────────────────────────────────────────────
+    listen(port, opts2, cb) {
+      if (typeof opts2 === "function") {
+        cb = opts2;
+        opts2 = void 0;
+      }
+      const rawListener = listener;
+      let server;
+      const tlsOpts = opts2;
+      if (tlsOpts?.key && tlsOpts?.cert) {
+        if (tlsOpts.http2) {
+          server = http2.createSecureServer(tlsOpts, rawListener);
+        } else {
+          server = https.createServer(tlsOpts, rawListener);
+        }
+      } else {
+        server = http.createServer(rawListener);
+      }
+      server.on("connection", (socket) => {
+        activeSockets.add(socket);
+        socket.once("close", () => activeSockets.delete(socket));
+      });
+      activeServer = server;
+      server.listen(port, cb);
+      return server;
+    }
+  };
+  return router;
+}
+var router_default = createRouter;
+
+// src/jwt-auth.ts
+var import_crypto = __toESM(require("crypto"), 1);
+function hashPassword(password) {
+  return import_crypto.default.createHash("sha256").update(password).digest("hex");
+}
+var userDatabase = /* @__PURE__ */ new Map([
+  ["alice", {
+    id: "usr_001",
+    username: "alice",
+    passwordHash: hashPassword("password123"),
+    roles: ["admin", "editor"],
+    permissions: ["read", "write", "delete", "manage_users"]
+  }],
+  ["bob", {
+    id: "usr_002",
+    username: "bob",
+    passwordHash: hashPassword("secret456"),
+    roles: ["editor"],
+    permissions: ["read", "write"]
+  }],
+  ["charlie", {
+    id: "usr_003",
+    username: "charlie",
+    passwordHash: hashPassword("pass789"),
+    roles: ["viewer"],
+    permissions: ["read"]
+  }]
+]);
+function createMapTokenStore() {
+  const map = /* @__PURE__ */ new Map();
+  return {
+    set(jti, record) {
+      map.set(jti, record);
+    },
+    get(jti) {
+      const record = map.get(jti);
+      if (!record) return void 0;
+      if (Date.now() > record.expiresAt) {
+        map.delete(jti);
+        return void 0;
+      }
+      return record;
+    },
+    delete(jti) {
+      map.delete(jti);
+    },
+    deleteBySubject(sub) {
+      for (const [jti, record] of map) {
+        if (record.sub === sub) map.delete(jti);
+      }
+    }
+  };
+}
+var DEFAULT_CONFIG = {
+  accessTokenSecret: "access-secret-change-in-production",
+  refreshTokenSecret: "refresh-secret-change-in-production",
+  accessTokenExpiry: 15 * 60,
+  // 15 minutes
+  refreshTokenExpiry: 7 * 24 * 3600,
+  // 7 days
+  issuer: "jwt-auth",
+  checkIssuer: false,
+  alg: "HS256",
+  username: (user) => user.username,
+  fetchUser: (sub) => userDatabase.get(sub),
+  isPasswordValid: (user, password) => user.passwordHash === hashPassword(password),
+  payload: (user) => ({
+    sub: user.username,
+    roles: user.roles,
+    permissions: user.permissions
+  })
+};
+function isHmac(alg) {
+  return alg.startsWith("H");
+}
+function isEc(alg) {
+  return alg.startsWith("E");
+}
+function nodeHashAlg(alg) {
+  return `SHA${alg.slice(2)}`;
+}
+function ecByteLength(alg) {
+  if (alg === "ES256") return 32;
+  if (alg === "ES384") return 48;
+  if (alg === "ES512") return 66;
+  throw new Error(`Not an EC algorithm: ${alg}`);
+}
+function encodeDerLength(len) {
+  if (len < 128) return Buffer.from([len]);
+  if (len < 256) return Buffer.from([129, len]);
+  return Buffer.from([130, len >> 8, len & 255]);
+}
+function derToJose(der, alg) {
+  const n = ecByteLength(alg);
+  let i = 0;
+  if (der[i++] !== 48) throw new Error("ECDSA DER: expected SEQUENCE tag 0x30");
+  if (der[i] & 128) i += (der[i] & 127) + 1;
+  else i++;
+  function readInt() {
+    if (der[i++] !== 2) throw new Error("ECDSA DER: expected INTEGER tag 0x02");
+    let len = der[i++];
+    if (len & 128) {
+      const nb = len & 127;
+      len = 0;
+      for (let k = 0; k < nb; k++) len = len << 8 | der[i++];
+    }
+    if (der[i] === 0 && len > 1) {
+      i++;
+      len--;
+    }
+    const val = der.slice(i, i + len);
+    i += len;
+    return val;
+  }
+  const r = readInt();
+  const s = readInt();
+  const out = Buffer.alloc(2 * n, 0);
+  r.copy(out, n - r.length);
+  s.copy(out, 2 * n - s.length);
+  return out;
+}
+function joseToDer(jose, alg) {
+  const n = ecByteLength(alg);
+  const r = jose.slice(0, n);
+  const s = jose.slice(n);
+  function encodeInt(buf) {
+    let start = 0;
+    while (start < buf.length - 1 && buf[start] === 0) start++;
+    const trimmed = buf.slice(start);
+    const padded = trimmed[0] & 128 ? Buffer.concat([Buffer.from([0]), trimmed]) : trimmed;
+    return Buffer.concat([Buffer.from([2, padded.length]), padded]);
+  }
+  const rDer = encodeInt(r);
+  const sDer = encodeInt(s);
+  const content = Buffer.concat([rDer, sDer]);
+  const lenBuf = encodeDerLength(content.length);
+  return Buffer.concat([Buffer.from([48]), lenBuf, content]);
+}
+function base64UrlEncode(data) {
+  return Buffer.from(JSON.stringify(data)).toString("base64").replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+function base64UrlDecode(str) {
+  const padded = str + "=".repeat((4 - str.length % 4) % 4);
+  return JSON.parse(
+    Buffer.from(padded.replace(/-/g, "+").replace(/_/g, "/"), "base64").toString("utf8")
+  );
+}
+function computeSignature(encodedHeader, encodedPayload, key, alg) {
+  const signingInput = `${encodedHeader}.${encodedPayload}`;
+  if (isHmac(alg)) {
+    return import_crypto.default.createHmac(`sha${alg.slice(2)}`, key).update(signingInput).digest("base64").replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+  }
+  const hashAlg = nodeHashAlg(alg);
+  const derOrRaw = import_crypto.default.sign(hashAlg, Buffer.from(signingInput), key);
+  const sigBytes = isEc(alg) ? derToJose(derOrRaw, alg) : derOrRaw;
+  return sigBytes.toString("base64").replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+function checkSignature(encodedHeader, encodedPayload, b64sig, key, alg) {
+  if (isHmac(alg)) {
+    const expected = computeSignature(encodedHeader, encodedPayload, key, alg);
+    const sigBuf = Buffer.from(b64sig);
+    const expectedBuf = Buffer.from(expected);
+    return sigBuf.length === expectedBuf.length && import_crypto.default.timingSafeEqual(sigBuf, expectedBuf);
+  }
+  try {
+    const hashAlg = nodeHashAlg(alg);
+    const rawSig = Buffer.from(b64sig.replace(/-/g, "+").replace(/_/g, "/"), "base64");
+    const verBuf = isEc(alg) ? joseToDer(rawSig, alg) : rawSig;
+    const input = Buffer.from(`${encodedHeader}.${encodedPayload}`);
+    return import_crypto.default.verify(hashAlg, input, key, verBuf);
+  } catch {
+    return false;
+  }
+}
+function signToken(payload, key, expiresIn, alg = "HS256") {
+  const now = Math.floor(Date.now() / 1e3);
+  const encodedHeader = base64UrlEncode({ alg, typ: "JWT" });
+  const fullPayload = base64UrlEncode({ ...payload, iat: now, exp: now + expiresIn });
+  const signature = computeSignature(encodedHeader, fullPayload, key, alg);
+  return `${encodedHeader}.${fullPayload}.${signature}`;
+}
+function verifyToken(token, key, alg) {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 3)
+      return { valid: false, error: "Invalid token format" };
+    const [encodedHeader, encodedPayload, signature] = parts;
+    const decodedHeader = base64UrlDecode(encodedHeader);
+    if (decodedHeader.alg !== alg)
+      return { valid: false, error: "Unauthorised signing algorithm" };
+    if (!checkSignature(encodedHeader, encodedPayload, signature, key, alg))
+      return { valid: false, error: "Invalid signature" };
+    const payload = base64UrlDecode(encodedPayload);
+    const now = Math.floor(Date.now() / 1e3);
+    if (payload.exp && payload.exp < now)
+      return { valid: false, error: "Token expired" };
+    return { valid: true, payload };
+  } catch {
+    return { valid: false, error: "Malformed token" };
+  }
+}
+function accessSignKey(cfg) {
+  return isHmac(cfg.alg) ? cfg.accessTokenSecret : cfg.accessTokenPrivateKey;
+}
+function accessVerifyKey(cfg) {
+  return isHmac(cfg.alg) ? cfg.accessTokenSecret : cfg.accessTokenPublicKey;
+}
+function refreshSignKey(cfg) {
+  return isHmac(cfg.alg) ? cfg.refreshTokenSecret : cfg.refreshTokenPrivateKey ?? cfg.accessTokenPrivateKey;
+}
+function refreshVerifyKey(cfg) {
+  return isHmac(cfg.alg) ? cfg.refreshTokenSecret : cfg.refreshTokenPublicKey ?? cfg.accessTokenPublicKey;
+}
+async function authenticateUser(username, password, config) {
+  const user = await config.fetchUser(username);
+  if (!user) return { success: false, error: "User not found" };
+  if (!await config.isPasswordValid(user, password))
+    return { success: false, error: "Incorrect password" };
+  return issueTokenPair(user, config);
+}
+async function issueTokenPair(user, config) {
+  const claims = await config.payload(user);
+  const fullClaims = {
+    sub: config.username(user),
+    // fallback subject — overridden by payload() if it sets sub
+    ...claims,
+    iss: config.issuer
+  };
+  const accessToken = signToken(fullClaims, accessSignKey(config), config.accessTokenExpiry, config.alg);
+  if (!config.refreshTokenStore) {
+    return { success: true, accessToken, expiresIn: config.accessTokenExpiry, tokenType: "Bearer" };
+  }
+  const jti = import_crypto.default.randomUUID();
+  const sub = fullClaims.sub;
+  const refreshClaims = {
+    sub,
+    jti,
+    type: "refresh",
+    iss: config.issuer
+  };
+  const refreshToken = signToken(refreshClaims, refreshSignKey(config), config.refreshTokenExpiry, config.alg);
+  await config.refreshTokenStore.set(jti, {
+    sub,
+    issuedAt: Date.now(),
+    expiresAt: Date.now() + config.refreshTokenExpiry * 1e3
+  });
+  return {
+    success: true,
+    accessToken,
+    refreshToken,
+    expiresIn: config.accessTokenExpiry,
+    tokenType: "Bearer"
+  };
+}
+async function renewAccessToken(refreshToken, config) {
+  if (!config.refreshTokenStore)
+    return { success: false, error: "Refresh tokens are not configured" };
+  const result = verifyToken(refreshToken, refreshVerifyKey(config), config.alg);
+  if (!result.valid)
+    return { success: false, error: "Invalid or revoked refresh token" };
+  const refreshPayload = result.payload;
+  if (refreshPayload.type !== "refresh")
+    return { success: false, error: "Invalid token type" };
+  const jti = refreshPayload.jti;
+  if (!jti)
+    return { success: false, error: "Invalid refresh token: missing jti" };
+  const record = await config.refreshTokenStore.get(jti);
+  if (!record)
+    return { success: false, error: "Invalid or revoked refresh token" };
+  const user = await config.fetchUser(record.sub);
+  if (!user) {
+    await config.refreshTokenStore.delete(jti);
+    return { success: false, error: "User not found" };
+  }
+  await config.refreshTokenStore.delete(jti);
+  return issueTokenPair(user, config);
+}
+async function revokeRefreshToken(refreshToken, config) {
+  if (!config.refreshTokenStore) return;
+  const result = verifyToken(refreshToken, refreshVerifyKey(config), config.alg);
+  if (!result.valid) return;
+  const jti = result.payload.jti;
+  if (jti) await config.refreshTokenStore.delete(jti);
+}
+function createJwtPlugin(userConfig = {}) {
+  const config = { ...DEFAULT_CONFIG, ...userConfig };
+  if (!isHmac(config.alg)) {
+    if (!config.accessTokenPrivateKey || !config.accessTokenPublicKey) {
+      throw new Error(
+        `Algorithm '${config.alg}' requires both 'accessTokenPrivateKey' and 'accessTokenPublicKey' in JwtConfig.`
+      );
+    }
+  }
+  function sendJson2(res, status, data) {
+    const body = JSON.stringify(data);
+    res.setHeader("Content-Type", "application/json; charset=utf-8");
+    res.status(status).send(body);
+  }
+  const login = (req, res) => {
+    (async () => {
+      const { username, password } = req.body ?? {};
+      if (!username || !password) {
+        sendJson2(res, 400, { error: "Fields 'username' and 'password' are required" });
+        return;
+      }
+      const result = await authenticateUser(username, password, config);
+      if (!result.success) {
+        sendJson2(res, 401, { error: result.error });
+        return;
+      }
+      const body = {
+        message: "Authentication successful",
+        accessToken: result.accessToken,
+        expiresIn: result.expiresIn,
+        tokenType: result.tokenType
+      };
+      if (result.refreshToken !== void 0) body.refreshToken = result.refreshToken;
+      sendJson2(res, 200, body);
+    })().catch(() => sendJson2(res, 500, { error: "Internal server error" }));
+  };
+  const refresh = (req, res) => {
+    (async () => {
+      if (!config.refreshTokenStore) {
+        sendJson2(res, 501, { error: "Refresh tokens are not configured" });
+        return;
+      }
+      const { refreshToken } = req.body ?? {};
+      if (!refreshToken) {
+        sendJson2(res, 400, { error: "Field 'refreshToken' is required" });
+        return;
+      }
+      const result = await renewAccessToken(refreshToken, config);
+      if (!result.success) {
+        sendJson2(res, 401, { error: result.error });
+        return;
+      }
+      sendJson2(res, 200, {
+        message: "Token renewed successfully",
+        accessToken: result.accessToken,
+        refreshToken: result.refreshToken,
+        expiresIn: result.expiresIn,
+        tokenType: result.tokenType
+      });
+    })().catch(() => sendJson2(res, 500, { error: "Internal server error" }));
+  };
+  const logout = (req, res) => {
+    (async () => {
+      const { refreshToken } = req.body ?? {};
+      if (refreshToken && config.refreshTokenStore) {
+        await revokeRefreshToken(refreshToken, config);
+      }
+      sendJson2(res, 200, { message: "Logged out successfully" });
+    })().catch(() => sendJson2(res, 500, { error: "Internal server error" }));
+  };
+  const authenticate = (req, res, next) => {
+    delete req.user;
+    const authHeader = req.headers.authorization;
+    if (!authHeader?.startsWith("Bearer ")) return next();
+    const token = authHeader.slice(7);
+    const result = verifyToken(token, accessVerifyKey(config), config.alg);
+    if (!result.valid) return next();
+    if (config.checkIssuer && result.payload.iss !== config.issuer) return next();
+    req.user = result.payload;
+    next();
+  };
+  const authorize = (req, res, next) => {
+    if (!req.user) {
+      sendJson2(res, 401, { error: "Authentication required" });
+      return;
+    }
+    next();
+  };
+  function requireRole(...roles) {
+    return [
+      authenticate,
+      (req, res, next) => {
+        const user = req.user;
+        if (!user) {
+          sendJson2(res, 401, { error: "Authentication required" });
+          return;
+        }
+        const userRoles = user.roles ?? [];
+        if (!roles.some((r) => userRoles.includes(r))) {
+          sendJson2(res, 403, {
+            error: `Access denied. Required role(s): ${roles.join(", ")}`,
+            yourRoles: userRoles
+          });
+          return;
+        }
+        next();
+      }
+    ];
+  }
+  function requirePermission(...permissions) {
+    return [
+      authenticate,
+      (req, res, next) => {
+        const user = req.user;
+        if (!user) {
+          sendJson2(res, 401, { error: "Authentication required" });
+          return;
+        }
+        const userPerms = user.permissions ?? [];
+        if (!permissions.every((p) => userPerms.includes(p))) {
+          sendJson2(res, 403, {
+            error: `Insufficient permissions. Required: ${permissions.join(", ")}`,
+            yourPermissions: userPerms
+          });
+          return;
+        }
+        next();
+      }
+    ];
+  }
+  return {
+    login,
+    refresh,
+    logout,
+    authenticate,
+    authorize,
+    requireRole,
+    requirePermission
+  };
+}
+var jwt_auth_default = createJwtPlugin;
+
+// src/git.ts
+var import_child_process = require("child_process");
+var import_zlib2 = require("zlib");
+var import_fs2 = require("fs");
+function pktLine(str) {
+  const byteLen = Buffer.byteLength(str, "utf8") + 4;
+  return byteLen.toString(16).padStart(4, "0") + str;
+}
+var PKT_FLUSH = "0000";
+function gitHandler(opt) {
+  if (typeof opt.repository !== "function")
+    throw new TypeError("gitHandler: opt.repository must be a function");
+  const gitHome = opt.gitPath ?? "";
+  return async (req, res) => {
+    const gitDirectory = await opt.repository(req);
+    if (!gitDirectory) {
+      res.status(404).send("Repository not found");
+      return;
+    }
+    const urlPath = req.path;
+    if (req.method === "GET" && urlPath === "/info/refs") {
+      let args;
+      const service = req.queries?.url?.service;
+      if (service === "git-upload-pack")
+        args = buildArgs(opt, ["--stateless-rpc", "--advertise-refs", gitDirectory]);
+      else if (service === "git-receive-pack")
+        args = ["--stateless-rpc", "--advertise-refs", gitDirectory];
+      else {
+        res.status(403).send(`Service ${String(service)} is not supported`);
+        return;
+      }
+      res.setHeader("Content-Type", `application/x-${service}-advertisement`);
+      res.setHeader("Cache-Control", "no-cache");
+      res.write(pktLine(`# service=${service}
+`));
+      res.write(PKT_FLUSH);
+      const proc = (0, import_child_process.spawn)(gitHome + service, args, {
+        env: { ...process.env, GIT_PROTOCOL: req.headers["git-protocol"] || "" }
+      });
+      proc.on("error", (err) => {
+        console.error(`[${service} GET] spawn error:`, err.message);
+        if (!res.writableEnded) res.status(500).send(`${service} unavailable: ${err.message}`);
+      });
+      proc.stdout.pipe(res);
+      proc.stdout.on("error", (err) => {
+        console.warn(`[${service} GET] stdout error:`, err.message);
+      });
+      proc.stderr.on(
+        "data",
+        (d) => console.error(`[${service} GET]`, d.toString())
+      );
+      proc.on("close", (code) => {
+        if (code !== 0) {
+          console.error(`[${service} GET] exited with code ${code}`);
+          if (!res.writableEnded) res.status(500).send(`${service} failed`);
+        }
+      });
+      return;
+    }
+    if (req.method === "POST" && (urlPath === "/git-upload-pack" || urlPath === "/git-receive-pack")) {
+      const contentType = req.headers["content-type"] || "";
+      const service = urlPath.substring(1);
+      if (contentType !== `application/x-${service}-request`) {
+        res.status(415).send("Unsupported Media Type");
+        return;
+      }
+      let args;
+      if (service === "git-upload-pack")
+        args = buildArgs(opt, ["--stateless-rpc", gitDirectory]);
+      else if (service === "git-receive-pack")
+        args = ["--stateless-rpc", gitDirectory];
+      else {
+        res.status(403).send(`Service ${service} is not supported`);
+        return;
+      }
+      res.setHeader("Content-Type", `application/x-${service}-result`);
+      res.setHeader("Cache-Control", "no-cache");
+      const proc = (0, import_child_process.spawn)(gitHome + service, args, {
+        env: { ...process.env, GIT_PROTOCOL: req.headers["git-protocol"] || "" }
+      });
+      proc.on("error", (err) => {
+        console.error(`[${service} POST] spawn error:`, err.message);
+        if (!res.writableEnded) res.status(500).send(`${service} unavailable: ${err.message}`);
+      });
+      const encoding = req.headers["content-encoding"];
+      if (encoding === "gzip") {
+        const gunzip = (0, import_zlib2.createGunzip)();
+        gunzip.on("error", (err) => {
+          console.warn(`[${service} POST] gunzip error:`, err.message);
+          if (!res.writableEnded) res.status(400).send("Failed to decompress request body");
+        });
+        req.pipe(gunzip).pipe(proc.stdin);
+      } else {
+        req.pipe(proc.stdin);
+      }
+      proc.stdout.pipe(res);
+      proc.stdout.on("error", (err) => {
+        console.warn(`[${service} POST] stdout error:`, err.message);
+      });
+      proc.stderr.on(
+        "data",
+        (d) => console.error(`[${service} POST]`, d.toString())
+      );
+      proc.on("close", (code) => {
+        if (code !== 0) {
+          console.error(`[${service} POST] exited with code ${code}`);
+          if (!res.writableEnded) res.status(500).send(`${service} failed`);
+        }
+      });
+      proc.stdin.on("error", (err) => {
+        if (err.code !== "EPIPE")
+          console.warn(`[${service} POST] stdin error:`, err.message);
+      });
+      return;
+    }
+    res.status(404).send("Not found");
+  };
+}
+function gitCreate(gitDirectory, opt) {
+  return new Promise((resolve, reject) => {
+    const gitHome = opt.gitPath ?? "";
+    const isBare = opt.bare !== false;
+    const args = isBare ? ["init", "--bare", gitDirectory] : ["init", gitDirectory];
+    const proc = (0, import_child_process.spawn)(gitHome + "git", args, {
+      env: { ...process.env }
+    });
+    proc.on("error", (err) => {
+      console.error(`[git init] spawn error:`, err.message);
+      reject(`git unavailable: ${err.message}`);
+    });
+    proc.stdout.on("error", (err) => {
+      console.warn(`[git init] stdout error:`, err.message);
+    });
+    proc.stderr.on(
+      "data",
+      (d) => console.error(`[git init]`, d.toString())
+    );
+    proc.on("close", (code) => {
+      if (code !== 0) {
+        return reject("git failed");
+      }
+      if (opt.description) {
+        const descPath = isBare ? `${gitDirectory}/description` : `${gitDirectory}/.git/description`;
+        (0, import_fs2.writeFileSync)(descPath, opt.description);
+      }
+      resolve();
+    });
+  });
+}
+function buildArgs(opt, trailing) {
+  const args = [];
+  if (opt.timeout) {
+    const seconds = parseInt(String(opt.timeout), 10);
+    if (!isNaN(seconds) && seconds > 0)
+      args.push(`--timeout=${seconds}`);
+  }
+  if (!opt.strict)
+    args.push("--no-strict");
+  return [...args, ...trailing];
+}
+
+// src/openapi.ts
+var YAML_KW = /* @__PURE__ */ new Set([
+  "true",
+  "false",
+  "yes",
+  "no",
+  "on",
+  "off",
+  "null",
+  "~"
+]);
+var LOOKS_LIKE_NUMBER = /^[-+]?(\d+\.?\d*|\.\d+)([eE][+-]?\d+)?$|^0x[0-9a-fA-F]+$|^0o[0-7]+$/;
+function yamlString(s) {
+  if (s === "") return '""';
+  const needsQuote = (
+    // Would be misinterpreted as a YAML typed value.
+    YAML_KW.has(s.toLowerCase()) || LOOKS_LIKE_NUMBER.test(s) || // Starts with a YAML indicator that has special meaning at the start of a
+    // plain scalar (block context).
+    /^[-?:,[\]{}#&*!|>'"%@`~]/.test(s) || // Inline sequences that break block-mapping parsing.
+    s.includes(": ") || s.endsWith(":") || s.includes(" #") || // Leading / trailing whitespace.
+    s !== s.trim() || // Flow indicator characters anywhere — present in path patterns such as
+    // `/items/{id}` and must be quoted to avoid flow-collection ambiguity.
+    /[{}[\]]/.test(s) || // Control characters.
+    /[\x00-\x1f\x7f]/.test(s)
+  );
+  if (!needsQuote) return s;
+  return '"' + s.replace(/\\/g, "\\\\").replace(/"/g, '\\"').replace(/\n/g, "\\n").replace(/\r/g, "\\r").replace(/\t/g, "\\t").replace(/[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/g, (c) => `\\u${c.charCodeAt(0).toString(16).padStart(4, "0")}`) + '"';
+}
+function yamlKey(key) {
+  return yamlString(key);
+}
+function toYamlLines(value) {
+  if (value === null || value === void 0) return ["null"];
+  if (typeof value === "boolean") return [String(value)];
+  if (typeof value === "number") return [isFinite(value) ? String(value) : ".inf"];
+  if (typeof value === "string") return [yamlString(value)];
+  if (Array.isArray(value)) {
+    if (value.length === 0) return ["[]"];
+    const lines = [];
+    for (const item of value) {
+      const itemLines = toYamlLines(item);
+      lines.push(`- ${itemLines[0]}`);
+      for (const l of itemLines.slice(1)) lines.push(`  ${l}`);
+    }
+    return lines;
+  }
+  if (typeof value === "object") {
+    const obj = value;
+    const entries = Object.entries(obj).filter(([, v]) => v !== void 0);
+    if (entries.length === 0) return ["{}"];
+    const lines = [];
+    for (const [key, val] of entries) {
+      const k = yamlKey(key);
+      const valLines = toYamlLines(val);
+      const isComplex = typeof val === "object" && val !== null;
+      const isEmptyCollection = valLines.length === 1 && (valLines[0] === "{}" || valLines[0] === "[]");
+      if (!isComplex || isEmptyCollection) {
+        lines.push(`${k}: ${valLines[0]}`);
+      } else {
+        lines.push(`${k}:`);
+        for (const l of valLines) lines.push(`  ${l}`);
+      }
+    }
+    return lines;
+  }
+  return [String(value)];
+}
+function serializeSpec(doc, format = "json") {
+  if (format === "yaml") return toYamlLines(doc).join("\n") + "\n";
+  return JSON.stringify(doc, null, 2);
+}
+var DESCRIBE_META = /* @__PURE__ */ Symbol("expediate.openapi.meta");
+function describe(handler, meta) {
+  const described = function(ctx, body) {
+    return handler.apply(this, [ctx, body]);
+  };
+  Object.defineProperty(described, DESCRIBE_META, {
+    value: meta,
+    enumerable: false,
+    configurable: true,
+    writable: false
+  });
+  return described;
+}
+function toOpenApiPath(pattern, basePath) {
+  const converted = pattern.replace(/:([A-Za-z_][A-Za-z0-9_]*)/g, "{$1}");
+  if (!basePath) return converted;
+  const base = basePath.replace(/\/+$/, "");
+  const path2 = converted.replace(/^\/+/, "/");
+  return base + (path2.startsWith("/") ? path2 : `/${path2}`);
+}
+function extractPathParams(pattern, annotated) {
+  const annotatedNames = new Set(annotated.map((p) => p.name));
+  const params = [];
+  for (const match of pattern.matchAll(/:([A-Za-z_][A-Za-z0-9_]*)/g)) {
+    const name = match[1];
+    if (!annotatedNames.has(name)) {
+      params.push({
+        name,
+        in: "path",
+        required: true,
+        schema: { type: "string" }
+      });
+    }
+  }
+  return params;
+}
+function buildOperationId(verb, pattern) {
+  const parts = pattern.split(/[/:{} ]+/).filter(Boolean);
+  let result = verb.toLowerCase();
+  for (const part of parts) {
+    const isParam = pattern.includes(`:${part}`) || pattern.includes(`{${part}}`);
+    const pascal = part.charAt(0).toUpperCase() + part.slice(1);
+    result += isParam ? `By${pascal}` : pascal;
+  }
+  return result;
+}
+function buildDefaultResponses(verb) {
+  const ok = verb === "POST" ? { description: "Created" } : { description: "OK", content: { "application/json": {} } };
+  return {
+    [verb === "POST" ? "201" : "200"]: ok,
+    "500": { $ref: "#/components/responses/ApiError" }
+  };
+}
+function buildAnnotatedResponses(responses) {
+  const result = { ...responses };
+  if (!result["500"]) {
+    result["500"] = { $ref: "#/components/responses/ApiError" };
+  }
+  return result;
+}
+var VERBS = ["GET", "POST", "PUT", "DELETE", "PATCH"];
+function collectOpenApiRoutes(sources) {
+  const routes = [];
+  const seen = /* @__PURE__ */ new Map();
+  sources.forEach((source, sourceIndex) => {
+    const defaultTag = source.openapi?.tag;
+    const permissionsExtension = source.auth?.permissionsExtension ?? "x-required-permissions";
+    const rootController = {
+      prefix: "",
+      GET: source.GET,
+      POST: source.POST,
+      PUT: source.PUT,
+      DELETE: source.DELETE,
+      PATCH: source.PATCH
+    };
+    const controllers = [rootController, ...source.controllers ?? []];
+    controllers.forEach((controller, controllerIndex) => {
+      const label = controllerIndex === 0 ? `source #${sourceIndex}` : controller.tags?.[0] ?? controller.prefix ?? `source #${sourceIndex} controller #${controllerIndex}`;
+      const prefix = controller.prefix ?? "";
+      for (const verb of VERBS) {
+        const routeMap = controller[verb];
+        if (!routeMap) continue;
+        for (const [pattern, value] of Object.entries(routeMap)) {
+          const path2 = joinPath(prefix, pattern);
+          const dupKey = `${verb} ${path2}`;
+          const declarer = seen.get(dupKey);
+          if (declarer !== void 0) {
+            throw new Error(
+              `openApiSpec: duplicate route ${verb} ${path2}
+  declared by '${declarer}' and '${label}'`
+            );
+          }
+          seen.set(dupKey, label);
+          const meta = typeof value === "function" ? value[DESCRIBE_META] : value;
+          routes.push({
+            verb,
+            path: path2,
+            meta,
+            tags: meta?.tags ?? controller.tags,
+            permission: normalizePermission(meta?.permission ?? controller.permission),
+            defaultTag,
+            permissionsExtension
+          });
+        }
+      }
+    });
+  });
+  routes.sort((a, b) => routeScore(b.path) - routeScore(a.path) || b.path.localeCompare(a.path));
+  return routes;
+}
+var DEFAULT_SECURITY_SCHEME = {
+  type: "http",
+  scheme: "bearer",
+  bearerFormat: "JWT"
+};
+function openApiSpec(service, opts) {
+  const sources = Array.isArray(service) ? service : [service];
+  const basePath = opts.basePath ?? "";
+  const builtinSchemas = {
+    ApiError: {
+      type: "object",
+      properties: {
+        status: { type: "integer", description: "HTTP status code" },
+        message: { type: "string", description: "Human-readable error message" },
+        data: { description: "Structured error payload (overrides message when present)" }
+      }
+    }
+  };
+  const builtinResponses = {
+    ApiError: {
+      description: "API error response",
+      content: {
+        "application/json": { schema: { $ref: "#/components/schemas/ApiError" } }
+      }
+    }
+  };
+  let schemas = { ...builtinSchemas };
+  for (const source of sources) schemas = { ...schemas, ...source.openapi?.schemas };
+  schemas = { ...schemas, ...opts.schemas };
+  for (const source of sources) schemas = { ...schemas, ...source.schemas };
+  let responses = { ...builtinResponses };
+  for (const source of sources) responses = { ...responses, ...source.openapi?.responses };
+  const tags = [];
+  const seenTags = /* @__PURE__ */ new Set();
+  for (const source of sources) {
+    const tag = source.openapi?.tag;
+    if (tag && !seenTags.has(tag)) {
+      seenTags.add(tag);
+      tags.push({ name: tag, description: source.openapi?.tagDescription });
+    }
+  }
+  const securityScheme = sources.find((s) => s.auth?.scheme)?.auth?.scheme ?? DEFAULT_SECURITY_SCHEME;
+  const paths = {};
+  const routes = collectOpenApiRoutes(sources);
+  let securedRoutes = false;
+  for (const route of routes) {
+    const { verb, path: pattern, meta } = route;
+    const openApiPath = toOpenApiPath(pattern, basePath);
+    if (!paths[openApiPath]) paths[openApiPath] = {};
+    const annotatedParams = meta?.parameters ?? [];
+    const inferredParams = extractPathParams(pattern, annotatedParams);
+    const parameters = [...annotatedParams, ...inferredParams];
+    const operationResponses = meta?.responses ? buildAnnotatedResponses(meta.responses) : buildDefaultResponses(verb);
+    const operation = {
+      operationId: meta?.operationId ?? buildOperationId(verb, pattern),
+      ...meta?.summary && { summary: meta.summary },
+      ...meta?.description && { description: meta.description },
+      ...meta?.deprecated && { deprecated: true },
+      ...parameters.length > 0 && { parameters },
+      ...meta?.requestBody && { requestBody: meta.requestBody },
+      responses: operationResponses
+    };
+    const opTags = route.tags ?? (route.defaultTag ? [route.defaultTag] : void 0);
+    if (opTags) operation.tags = opTags;
+    if (meta) {
+      for (const [k, v] of Object.entries(meta)) {
+        if (k.startsWith("x-")) operation[k] = v;
+      }
+    }
+    if (route.permission) {
+      securedRoutes = true;
+      operation.security = [{ bearerAuth: [] }];
+      operation[route.permissionsExtension] = route.permission;
+    }
+    paths[openApiPath][verb.toLowerCase()] = operation;
+  }
+  const doc = {
+    openapi: "3.1.0",
+    info: {
+      title: opts.title,
+      version: opts.version,
+      ...opts.description && { description: opts.description }
+    },
+    ...opts.servers && { servers: opts.servers },
+    ...tags.length > 0 && { tags },
+    paths,
+    components: {
+      schemas,
+      responses,
+      // Emitted once when at least one operation declares a permission.
+      ...securedRoutes && {
+        securitySchemes: {
+          bearerAuth: securityScheme
+        }
+      }
+    }
+  };
+  return doc;
+}
+
+// src/apis.ts
+function defineController(c) {
+  return c;
+}
+var VERBS2 = ["GET", "POST", "PUT", "DELETE", "PATCH"];
+function joinPath(prefix, path2) {
+  const joined = `/${prefix}/${path2}`.replace(/\/+/g, "/");
+  return joined.length > 1 ? joined.replace(/\/$/, "") : joined;
+}
+function routeScore(path2) {
+  const segs = path2.split("/").filter((s) => s.length > 0);
+  return segs.length * 100 - segs.filter((s) => s.startsWith(":")).length * 10;
+}
+function normalizePermission(permission) {
+  if (permission === void 0) return void 0;
+  return Array.isArray(permission) ? permission : [permission];
+}
+function collectRoutes(service) {
+  const rootController = {
+    prefix: "",
+    GET: service.GET,
+    POST: service.POST,
+    PUT: service.PUT,
+    DELETE: service.DELETE,
+    PATCH: service.PATCH
+  };
+  const controllers = [rootController, ...service.controllers ?? []];
+  const nameOf = (c, index) => index === 0 ? "<root>" : c.tags?.[0] ?? c.prefix ?? `#${index}`;
+  const routes = [];
+  const seen = /* @__PURE__ */ new Map();
+  controllers.forEach((controller, index) => {
+    const controllerName = nameOf(controller, index);
+    const prefix = controller.prefix ?? "";
+    for (const verb of VERBS2) {
+      const routeMap = controller[verb];
+      if (!routeMap) continue;
+      for (const [pattern, handler] of Object.entries(routeMap)) {
+        const path2 = joinPath(prefix, pattern);
+        const dupKey = `${verb} ${path2}`;
+        const declarer = seen.get(dupKey);
+        if (declarer !== void 0) {
+          throw new Error(
+            `apiBuilder: duplicate route ${verb} ${path2}
+  declared by controllers '${declarer}' and '${controllerName}'`
+          );
+        }
+        seen.set(dupKey, controllerName);
+        const meta = handler[DESCRIBE_META];
+        routes.push({
+          verb,
+          path: path2,
+          handler,
+          meta,
+          tags: meta?.tags ?? controller.tags,
+          guards: [
+            ...service.guards ?? [],
+            ...controller.guards ?? [],
+            ...meta?.guards ?? []
+          ],
+          permission: normalizePermission(meta?.permission ?? controller.permission),
+          controller: controllerName
+        });
+      }
+    }
+  });
+  routes.sort((a, b) => routeScore(b.path) - routeScore(a.path) || b.path.localeCompare(a.path));
+  return routes;
+}
+function resolveRef(schema, components) {
+  let current = schema;
+  for (let depth = 0; depth < 16 && current.$ref; depth++) {
+    const match = /^#\/components\/schemas\/(.+)$/.exec(current.$ref);
+    const next = match ? components[match[1]] : void 0;
+    if (!next) return {};
+    current = next;
+  }
+  return current;
+}
+function addError(errors, path2, message) {
+  const key = path2 || "$";
+  if (!(key in errors)) errors[key] = message;
+}
+function childPath(path2, key) {
+  return path2 ? `${path2}.${key}` : String(key);
+}
+function jsonTypeOf(value) {
+  if (value === null) return "null";
+  if (Array.isArray(value)) return "array";
+  return typeof value;
+}
+function validateSchema(value, schema, components = {}, path2 = "", errors = {}) {
+  const s = resolveRef(schema, components);
+  if (s.allOf) {
+    for (const sub of s.allOf) validateSchema(value, sub, components, path2, errors);
+  }
+  if (s.anyOf) {
+    const passes = s.anyOf.some((sub) => Object.keys(validateSchema(value, sub, components, path2, {})).length === 0);
+    if (!passes) addError(errors, path2, "does not match any of the expected schemas (anyOf)");
+  }
+  if (s.oneOf) {
+    const matches = s.oneOf.filter((sub) => Object.keys(validateSchema(value, sub, components, path2, {})).length === 0).length;
+    if (matches !== 1)
+      addError(errors, path2, `must match exactly one schema (oneOf), matched ${matches}`);
+  }
+  if (s.type !== void 0) {
+    const actual = jsonTypeOf(value);
+    const ok = s.type === "integer" ? actual === "number" && Number.isInteger(value) : actual === s.type;
+    if (!ok) {
+      addError(errors, path2, `must be of type ${s.type}`);
+      return errors;
+    }
+  }
+  if (s.enum && !s.enum.some((e) => e === value || typeof e === "object" && JSON.stringify(e) === JSON.stringify(value))) {
+    addError(errors, path2, `must be one of: ${s.enum.map((e) => JSON.stringify(e)).join(", ")}`);
+  }
+  if (typeof value === "string") {
+    if (typeof s.pattern === "string" && !new RegExp(s.pattern).test(value))
+      addError(errors, path2, `does not match pattern ${s.pattern}`);
+    if (typeof s.minLength === "number" && value.length < s.minLength)
+      addError(errors, path2, `must be at least ${s.minLength} characters`);
+    if (typeof s.maxLength === "number" && value.length > s.maxLength)
+      addError(errors, path2, `must be at most ${s.maxLength} characters`);
+  }
+  if (typeof value === "number") {
+    if (typeof s.minimum === "number" && value < s.minimum)
+      addError(errors, path2, `must be >= ${s.minimum}`);
+    if (typeof s.maximum === "number" && value > s.maximum)
+      addError(errors, path2, `must be <= ${s.maximum}`);
+  }
+  if (Array.isArray(value) && s.items) {
+    value.forEach((item, i) => validateSchema(item, s.items, components, childPath(path2, i), errors));
+  }
+  if (jsonTypeOf(value) === "object") {
+    const obj = value;
+    if (s.required) {
+      for (const prop of s.required) {
+        if (obj[prop] === void 0)
+          addError(errors, childPath(path2, prop), "is required");
+      }
+    }
+    if (s.properties) {
+      for (const [prop, sub] of Object.entries(s.properties)) {
+        if (obj[prop] !== void 0)
+          validateSchema(obj[prop], sub, components, childPath(path2, prop), errors);
+      }
+    }
+    if (s.additionalProperties !== void 0 && s.additionalProperties !== true) {
+      const known = new Set(Object.keys(s.properties ?? {}));
+      for (const prop of Object.keys(obj)) {
+        if (known.has(prop)) continue;
+        if (s.additionalProperties === false)
+          addError(errors, childPath(path2, prop), "unknown property");
+        else
+          validateSchema(
+            obj[prop],
+            s.additionalProperties,
+            components,
+            childPath(path2, prop),
+            errors
+          );
+      }
+    }
+  }
+  return errors;
+}
+function validateRequestBody(requestBody, body, components) {
+  const content = requestBody.content?.["application/json"] ?? Object.values(requestBody.content ?? {})[0];
+  const schema = content?.schema;
+  if (body === void 0 || body === null) {
+    if (requestBody.required) {
+      throw {
+        status: 400,
+        data: {
+          message: "Request body validation failed",
+          fieldErrors: { $: "request body is required" }
+        }
+      };
+    }
+    return;
+  }
+  if (!schema) return;
+  const fieldErrors = validateSchema(body, schema, components);
+  if (Object.keys(fieldErrors).length > 0) {
+    throw {
+      status: 400,
+      data: { message: "Request body validation failed", fieldErrors }
+    };
+  }
+}
+function validateResponseBody(responses, status, value, components, mode) {
+  const response = responses[String(status)] ?? responses.default;
+  const content = response?.content?.["application/json"] ?? Object.values(response?.content ?? {})[0];
+  const schema = content?.schema;
+  if (!schema) return;
+  const fieldErrors = validateSchema(value, schema, components);
+  if (Object.keys(fieldErrors).length === 0) return;
+  if (mode === "warn") {
+    console.warn("[apiBuilder] response body validation failed:", fieldErrors);
+    return;
+  }
+  throw {
+    status: 500,
+    data: { message: "Response body validation failed", fieldErrors }
+  };
+}
+async function buildModule(service, key) {
+  const instance = service.data ? service.data(key) : { $key: key };
+  if (service.methods) {
+    for (const methodName of Object.keys(service.methods)) {
+      const method = service.methods[methodName];
+      instance[methodName] = function(...args) {
+        return method.apply(instance, args);
+      };
+    }
+  }
+  if (service.setup)
+    await service.setup.apply(instance, []);
+  return instance;
+}
+async function resolveInstance(service, modules, building, req) {
+  if (typeof service.scope !== "function") {
+    return modules.singleton;
+  }
+  const key = service.scope(req);
+  if (key === null) {
+    return buildModule(service, null);
+  }
+  if (modules[key]) return modules[key];
+  building[key] ??= buildModule(service, key).then((instance) => {
+    modules[key] = instance;
+    delete building[key];
+    return instance;
+  });
+  return building[key];
+}
+function sendJson(res, data) {
+  res.setHeader("Content-Type", "application/json; charset=utf-8");
+  res.send(JSON.stringify(data));
+}
+function sendError(res, err) {
+  const e = err;
+  const status = e?.status ?? 500;
+  if (e?.data !== void 0) {
+    res.setHeader("Content-Type", "application/json; charset=utf-8");
+    res.status(status).send(JSON.stringify(e.data));
+  } else {
+    res.status(status).send(e?.message ?? "Internal error");
+  }
+}
+function apiBuilder(service, options) {
+  const api = router_default();
+  const modules = {};
+  const building = {};
+  const routes = collectRoutes(service);
+  if (service.auth?.authenticate)
+    api.use("/", service.auth.authenticate);
+  const defaultCheck = (ctx, required) => {
+    const user = ctx.user;
+    if (!user)
+      throw { status: 401, message: "Authentication required" };
+    const perms = user.permissions ?? [];
+    if (!required.every((p) => perms.includes(p))) {
+      throw {
+        status: 403,
+        message: `Insufficient permissions. Required: ${required.join(", ")}`
+      };
+    }
+  };
+  const check = service.auth?.check ?? defaultCheck;
+  const validation = options ?? service.validate;
+  const validateRequests = validation === true || typeof validation === "object" && validation.validateRequests !== false;
+  const validateResponses = typeof validation === "object" ? validation.validateResponses ?? false : false;
+  const schemaComponents = {
+    ...service.openapi?.schemas,
+    ...service.schemas
+  };
+  function buildRoutes(verbRoutes, register) {
+    for (const route of verbRoutes) {
+      register(route.path, (req, res, next) => {
+        const routeParams = req.queries?.route ?? {};
+        const ctx = {
+          query: {
+            route: routeParams,
+            url: req.queries?.url ?? {}
+          },
+          params: routeParams,
+          path: req.path,
+          user: req.user,
+          state: {}
+        };
+        const body = req.body;
+        resolveInstance(service, modules, building, req).then(async (instance) => {
+          if (route.permission)
+            await check(ctx, route.permission);
+          if (validateRequests && route.meta?.requestBody)
+            validateRequestBody(route.meta.requestBody, body, schemaComponents);
+          for (const guard of route.guards) {
+            const produced = await guard(ctx, req);
+            if (produced && typeof produced === "object")
+              Object.assign(ctx.state, produced);
+          }
+          const val = await route.handler.apply(instance, [ctx, body]);
+          if (val !== void 0 && val !== null && val !== false && val !== 0 && val !== "") {
+            if (validateResponses && route.meta?.responses)
+              validateResponseBody(route.meta.responses, 200, val, schemaComponents, validateResponses);
+            sendJson(res, val);
+          } else {
+            res.status(201).end();
+          }
+        }).catch((err) => {
+          if (service.onError) {
+            let override;
+            try {
+              override = service.onError(err, ctx, req);
+            } catch (hookErr) {
+              next(hookErr);
+              return;
+            }
+            if (override !== void 0) {
+              sendError(res, override);
+              return;
+            }
+          }
+          sendError(res, err);
+        });
+      });
+    }
+  }
+  function registerAllRoutes() {
+    buildRoutes(routes.filter((r) => r.verb === "GET"), (path2, h) => api.get(path2, h));
+    buildRoutes(routes.filter((r) => r.verb === "POST"), (path2, h) => api.post(path2, h));
+    buildRoutes(routes.filter((r) => r.verb === "PUT"), (path2, h) => api.put(path2, h));
+    buildRoutes(routes.filter((r) => r.verb === "DELETE"), (path2, h) => api.delete(path2, h));
+    buildRoutes(routes.filter((r) => r.verb === "PATCH"), (path2, h) => api.patch(path2, h));
+  }
+  if (typeof service.scope !== "function") {
+    let ready = false;
+    api.use("/", (_req, res, next) => {
+      if (!ready) {
+        res.statusCode = 503;
+        res.end("Service not ready");
+        return;
+      }
+      next();
+    });
+    buildModule(service, "singleton").then((instance) => {
+      modules.singleton = instance;
+      ready = true;
+      registerAllRoutes();
+    }).catch((err) => {
+      console.error("[apiBuilder] singleton setup() rejected:", err);
+    });
+  } else {
+    registerAllRoutes();
+  }
+  api.spec = function(opts) {
+    return openApiSpec(service, opts);
+  };
+  api.specHandler = function(opts, format = "json") {
+    let cached = null;
+    const contentType = format === "yaml" ? "application/yaml; charset=utf-8" : "application/json; charset=utf-8";
+    return function(_req, res) {
+      cached ??= serializeSpec(openApiSpec(service, opts), format);
+      res.setHeader("Content-Type", contentType);
+      res.end(cached);
+    };
+  };
+  return api;
+}
+var apis_default = apiBuilder;
+
+// src/middleware.ts
+var crypto3 = __toESM(require("crypto"), 1);
+var zlib2 = __toESM(require("zlib"), 1);
+function toBuffer(chunk, encoding = "utf8") {
+  return Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk, encoding);
+}
+function compress(opts) {
+  const threshold = opts?.threshold ?? 1024;
+  const brEnabled = opts?.br !== false;
+  const brotliQuality = opts?.brotliQuality ?? 4;
+  const gzipLevel = opts?.gzipLevel ?? zlib2.constants.Z_DEFAULT_COMPRESSION;
+  return (req, res, next) => {
+    if (opts?.filter && !opts.filter(req, res)) return next();
+    const ae = req.headers["accept-encoding"] ?? "";
+    let compressor = null;
+    let encoding = "";
+    if (brEnabled && /\bbr\b/.test(ae)) {
+      compressor = zlib2.createBrotliCompress({
+        params: { [zlib2.constants.BROTLI_PARAM_QUALITY]: brotliQuality }
+      });
+      encoding = "br";
+    } else if (/\bgzip\b/.test(ae)) {
+      compressor = zlib2.createGzip({ level: gzipLevel });
+      encoding = "gzip";
+    } else if (/\bdeflate\b/.test(ae)) {
+      compressor = zlib2.createDeflate({ level: gzipLevel });
+      encoding = "deflate";
+    }
+    if (!compressor) return next();
+    const comp = compressor;
+    const rawRes = res;
+    const origWrite = rawRes.write.bind(rawRes);
+    const origEnd = rawRes.end.bind(rawRes);
+    comp.on("data", (chunk) => {
+      origWrite(chunk);
+    });
+    comp.on("end", () => {
+      origEnd();
+    });
+    comp.on("error", (e) => {
+      console.error("[compress] stream error:", e.message);
+      if (!rawRes.writableEnded) origEnd();
+    });
+    const pending = [];
+    let totalBytes = 0;
+    let decided = false;
+    let doCompress = false;
+    const startCompressing = (andEnd) => {
+      decided = true;
+      doCompress = true;
+      res.setHeader("Content-Encoding", encoding);
+      res.setHeader("Vary", "Accept-Encoding");
+      res.removeHeader("Content-Length");
+      for (const buf of pending) comp.write(buf);
+      if (andEnd) comp.end();
+    };
+    const skipCompression = () => {
+      decided = true;
+      doCompress = false;
+      comp.destroy();
+      if (totalBytes > 0) res.setHeader("Content-Length", totalBytes);
+      for (const buf of pending) origWrite(buf);
+    };
+    res.write = (chunk, encOrCb, _cb) => {
+      const enc = typeof encOrCb === "string" ? encOrCb : "utf8";
+      const buf = toBuffer(chunk, enc);
+      if (decided) {
+        return doCompress ? comp.write(buf) : origWrite(buf);
+      }
+      pending.push(buf);
+      totalBytes += buf.length;
+      if (totalBytes >= threshold) startCompressing(false);
+      return true;
+    };
+    res.end = (chunk, encOrCb, _cb) => {
+      if (typeof chunk === "function") chunk = void 0;
+      if (typeof encOrCb === "function") encOrCb = void 0;
+      if (chunk != null) {
+        const enc = typeof encOrCb === "string" ? encOrCb : "utf8";
+        const buf = toBuffer(chunk, enc);
+        if (decided) {
+          if (doCompress) comp.write(buf);
+          else origWrite(buf);
+        } else {
+          pending.push(buf);
+          totalBytes += buf.length;
+        }
+      }
+      if (!decided) {
+        if (totalBytes >= threshold) startCompressing(true);
+        else {
+          skipCompression();
+          origEnd();
+        }
+      } else if (doCompress) {
+        comp.end();
+      } else {
+        origEnd();
+      }
+      return rawRes;
+    };
+    next();
+  };
+}
+function requestId(opts) {
+  const header = (opts?.header ?? "x-request-id").toLowerCase();
+  const allowFromHeader = opts?.allowFromHeader !== false;
+  const generator = opts?.generator ?? (() => crypto3.randomUUID());
+  return (req, res, next) => {
+    const incoming = req.headers[header];
+    const id = allowFromHeader && incoming ? incoming : generator();
+    req.id = id;
+    res.setHeader(header, id);
+    next();
+  };
+}
+function rateLimit(opts) {
+  const windowMs = opts.windowMs;
+  const max = opts.max;
+  const keyBy = opts.keyBy ?? ((req) => req.ip ?? "");
+  const message = opts.message ?? "Too Many Requests";
+  const statusCode = opts.statusCode ?? 429;
+  const sendHeaders = opts.headers !== false;
+  const store = /* @__PURE__ */ new Map();
+  return (req, res, next) => {
+    const key = keyBy(req);
+    const now = Date.now();
+    const windowStart = now - windowMs;
+    const timestamps = (store.get(key) ?? []).filter((t) => t > windowStart);
+    timestamps.push(now);
+    store.set(key, timestamps);
+    const count = timestamps.length;
+    const remaining = Math.max(0, max - count);
+    const resetAt = timestamps.length > 0 ? Math.ceil((timestamps[0] + windowMs) / 1e3) : Math.ceil((now + windowMs) / 1e3);
+    if (sendHeaders) {
+      res.setHeader("X-RateLimit-Limit", String(max));
+      res.setHeader("X-RateLimit-Remaining", String(remaining));
+      res.setHeader("X-RateLimit-Reset", String(resetAt));
+    }
+    if (count > max) {
+      res.setHeader("Retry-After", String(Math.ceil(windowMs / 1e3)));
+      res.statusCode = statusCode;
+      res.end(message);
+      return;
+    }
+    next();
+  };
+}
+function cacheControl(opts = {}) {
+  const directives = [];
+  if (opts.private) directives.push("private");
+  if (opts.public) directives.push("public");
+  if (opts.noStore) directives.push("no-store");
+  if (opts.noCache) directives.push("no-cache");
+  if (opts.mustRevalidate) directives.push("must-revalidate");
+  if (opts.immutable) directives.push("immutable");
+  if (opts.maxAge != null) directives.push(`max-age=${opts.maxAge}`);
+  if (opts.sMaxAge != null) directives.push(`s-maxage=${opts.sMaxAge}`);
+  const cacheControlValue = directives.join(", ");
+  const varyValue = Array.isArray(opts.vary) ? opts.vary.join(", ") : opts.vary ?? null;
+  return (_req, res, next) => {
+    if (cacheControlValue) res.setHeader("Cache-Control", cacheControlValue);
+    if (opts.maxAge != null) {
+      const expires = new Date(Date.now() + opts.maxAge * 1e3);
+      res.setHeader("Expires", expires.toUTCString());
+    }
+    if (varyValue) res.setHeader("Vary", varyValue);
+    next();
+  };
+}
+var SAFE_CSRF_METHODS = /* @__PURE__ */ new Set(["GET", "HEAD", "OPTIONS", "TRACE"]);
+function csrf(opts) {
+  const cookieName = opts?.cookieName ?? "_csrf";
+  const headerName = (opts?.headerName ?? "x-csrf-token").toLowerCase();
+  const fieldName = opts?.fieldName ?? "_csrf";
+  const secure = opts?.secure ?? false;
+  const sameSite = opts?.sameSite ?? "Strict";
+  return (req, res, next) => {
+    const existing = req.cookies?.[cookieName];
+    const token = typeof existing === "string" && existing.length > 0 ? existing : crypto3.randomBytes(32).toString("hex");
+    if (!existing) {
+      let cookieStr = `${cookieName}=${token}; Path=/; SameSite=${sameSite}`;
+      if (secure) cookieStr += "; Secure";
+      const prev = res.getHeader("Set-Cookie");
+      if (prev == null) res.setHeader("Set-Cookie", cookieStr);
+      else if (Array.isArray(prev)) res.setHeader("Set-Cookie", [...prev, cookieStr]);
+      else res.setHeader("Set-Cookie", [prev, cookieStr]);
+    }
+    req.csrfToken = () => token;
+    if (SAFE_CSRF_METHODS.has(req.method ?? "")) return next();
+    const submitted = req.headers[headerName] ?? req.body?.[fieldName] ?? "";
+    if (!submitted || submitted !== token) {
+      res.statusCode = 403;
+      res.end("Forbidden: invalid CSRF token");
+      return;
+    }
+    next();
+  };
+}
+function isFreshResponse(etag, lastModified, ifNoneMatch, ifModSince) {
+  const inm = Array.isArray(ifNoneMatch) ? ifNoneMatch[0] : ifNoneMatch;
+  if (inm) {
+    if (!etag) return false;
+    if (inm.trim() === "*") return true;
+    const normalize = (tag) => tag.startsWith("W/") ? tag.slice(2) : tag;
+    const tags = inm.split(",").map((t) => normalize(t.trim()));
+    return tags.includes(normalize(etag));
+  }
+  const ims = Array.isArray(ifModSince) ? ifModSince[0] : ifModSince;
+  if (ims && lastModified) {
+    const imsMs = new Date(ims).getTime();
+    const lmMs = new Date(lastModified).getTime();
+    if (!isNaN(imsMs) && !isNaN(lmMs)) return lmMs <= imsMs;
+  }
+  return false;
+}
+function conditionalGet() {
+  return (req, res, next) => {
+    const method = req.method ?? "GET";
+    if (method !== "GET" && method !== "HEAD") return next();
+    const rawRes = res;
+    const origWrite = rawRes.write.bind(rawRes);
+    const origEnd = rawRes.end.bind(rawRes);
+    const pending = [];
+    res.write = (chunk, encOrCb, _cb) => {
+      const enc = typeof encOrCb === "string" ? encOrCb : "utf8";
+      const buf = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk, enc);
+      pending.push(buf);
+      return true;
+    };
+    res.end = (chunk, encOrCb, _cb) => {
+      if (typeof chunk === "function") chunk = void 0;
+      if (typeof encOrCb === "function") encOrCb = void 0;
+      if (chunk != null) {
+        const enc = typeof encOrCb === "string" ? encOrCb : "utf8";
+        const buf = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk, enc);
+        pending.push(buf);
+      }
+      const etag = rawRes.getHeader("etag");
+      const lastMod = rawRes.getHeader("last-modified");
+      const ifNoneMatch = req.headers["if-none-match"];
+      const ifModSince = req.headers["if-modified-since"];
+      if (isFreshResponse(etag, lastMod, ifNoneMatch, ifModSince)) {
+        rawRes.removeHeader("content-type");
+        rawRes.removeHeader("content-length");
+        rawRes.removeHeader("content-encoding");
+        rawRes.statusCode = 304;
+        origEnd();
+      } else {
+        for (const buf of pending) origWrite(buf);
+        origEnd();
+      }
+      return rawRes;
+    };
+    next();
+  };
+}
+function securityHeaders(opts) {
+  const headers = [];
+  const hsts = opts?.hsts;
+  if (hsts !== false) {
+    const h = typeof hsts === "object" ? hsts : {};
+    const maxAge = h.maxAge ?? 15552e3;
+    const subdomain = h.includeSubDomains !== false;
+    let value = `max-age=${maxAge}`;
+    if (subdomain) value += "; includeSubDomains";
+    if (h.preload) value += "; preload";
+    headers.push(["Strict-Transport-Security", value]);
+  }
+  const fo = opts?.frameOptions;
+  if (fo !== false) {
+    headers.push(["X-Frame-Options", fo ?? "SAMEORIGIN"]);
+  }
+  if (opts?.contentTypeOptions !== false) {
+    headers.push(["X-Content-Type-Options", "nosniff"]);
+  }
+  const rp = opts?.referrerPolicy;
+  if (rp !== false) {
+    headers.push(["Referrer-Policy", typeof rp === "string" ? rp : "strict-origin-when-cross-origin"]);
+  }
+  const pp = opts?.permissionsPolicy;
+  if (pp !== false) {
+    headers.push(["Permissions-Policy", typeof pp === "string" ? pp : "geolocation=(), microphone=(), camera=()"]);
+  }
+  const xxp = opts?.xssProtection;
+  if (xxp !== false) {
+    headers.push(["X-XSS-Protection", typeof xxp === "string" ? xxp : "0"]);
+  }
+  return (_req, res, next) => {
+    for (const [name, value] of headers) res.setHeader(name, value);
+    next();
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  DESCRIBE_META,
+  apiBuilder,
+  cacheControl,
+  compress,
+  conditionalGet,
+  cors,
+  createJwtPlugin,
+  createMapTokenStore,
+  createRouter,
+  csrf,
+  defineController,
+  describe,
+  formData,
+  formEncoded,
+  gitCreate,
+  gitHandler,
+  json,
+  logger,
+  mime,
+  openApiSpec,
+  parseBody,
+  parseMultipartBody,
+  rateLimit,
+  raw,
+  requestId,
+  securityHeaders,
+  sendFile,
+  serializeSpec,
+  serveFile,
+  serveStatic,
+  streamFormData,
+  text
+});