npm - hi-secure - Versions diffs - 1.0.14 → 1.0.16 - Mend

hi-secure 1.0.14 → 1.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (99) hide show

package/dist/adapters/ArgonAdapter.d.ts +1 -1
package/dist/adapters/ArgonAdapter.d.ts.map +1 -1
package/dist/adapters/ArgonAdapter.js +43 -5
package/dist/adapters/ArgonAdapter.js.map +1 -1
package/dist/adapters/BcryptAdapter.d.ts.map +1 -1
package/dist/adapters/BcryptAdapter.js +43 -3
package/dist/adapters/BcryptAdapter.js.map +1 -1
package/dist/adapters/ExpressRLAdapter.d.ts.map +1 -1
package/dist/adapters/ExpressRLAdapter.js +48 -6
package/dist/adapters/ExpressRLAdapter.js.map +1 -1
package/dist/adapters/ExpressValidatorAdapter.d.ts.map +1 -1
package/dist/adapters/ExpressValidatorAdapter.js +50 -10
package/dist/adapters/ExpressValidatorAdapter.js.map +1 -1
package/dist/adapters/GoogleAdapter.d.ts.map +1 -1
package/dist/adapters/GoogleAdapter.js +82 -16
package/dist/adapters/GoogleAdapter.js.map +1 -1
package/dist/adapters/JWTAdapter.d.ts.map +1 -1
package/dist/adapters/JWTAdapter.js +104 -15
package/dist/adapters/JWTAdapter.js.map +1 -1
package/dist/adapters/RLFlexibleAdapter.d.ts.map +1 -1
package/dist/adapters/RLFlexibleAdapter.js +87 -12
package/dist/adapters/RLFlexibleAdapter.js.map +1 -1
package/dist/adapters/SanitizeHtmlAdapter.d.ts.map +1 -1
package/dist/adapters/SanitizeHtmlAdapter.js +81 -13
package/dist/adapters/SanitizeHtmlAdapter.js.map +1 -1
package/dist/adapters/XSSAdapter.d.ts +1 -1
package/dist/adapters/XSSAdapter.d.ts.map +1 -1
package/dist/adapters/XSSAdapter.js +137 -20
package/dist/adapters/XSSAdapter.js.map +1 -1
package/dist/adapters/ZodAdapter.d.ts +1 -1
package/dist/adapters/ZodAdapter.d.ts.map +1 -1
package/dist/adapters/ZodAdapter.js +13 -8
package/dist/adapters/ZodAdapter.js.map +1 -1
package/dist/core/HiSecure.d.ts +3 -4
package/dist/core/HiSecure.d.ts.map +1 -1
package/dist/core/HiSecure.js +108 -121
package/dist/core/HiSecure.js.map +1 -1
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +8 -1
package/dist/index.js.map +1 -1
package/dist/logging/index.d.ts.map +1 -1
package/dist/logging/index.js +2 -0
package/dist/logging/index.js.map +1 -1
package/dist/logging/morganSetup.d.ts.map +1 -1
package/dist/logging/morganSetup.js +22 -1
package/dist/logging/morganSetup.js.map +1 -1
package/dist/logging/winstonSetup.d.ts.map +1 -1
package/dist/logging/winstonSetup.js +61 -3
package/dist/logging/winstonSetup.js.map +1 -1
package/dist/managers/AuthManager.d.ts +2 -2
package/dist/managers/AuthManager.d.ts.map +1 -1
package/dist/managers/AuthManager.js +167 -31
package/dist/managers/AuthManager.js.map +1 -1
package/dist/managers/CorsManager.d.ts.map +1 -1
package/dist/managers/CorsManager.js +46 -11
package/dist/managers/CorsManager.js.map +1 -1
package/dist/managers/HashManager.d.ts +1 -1
package/dist/managers/HashManager.d.ts.map +1 -1
package/dist/managers/HashManager.js +127 -17
package/dist/managers/HashManager.js.map +1 -1
package/dist/managers/JsonManager.d.ts +1 -1
package/dist/managers/JsonManager.d.ts.map +1 -1
package/dist/managers/JsonManager.js +99 -16
package/dist/managers/JsonManager.js.map +1 -1
package/dist/managers/RateLimitManager.d.ts +1 -1
package/dist/managers/RateLimitManager.d.ts.map +1 -1
package/dist/managers/RateLimitManager.js +46 -22
package/dist/managers/RateLimitManager.js.map +1 -1
package/dist/managers/SanitizerManager.d.ts.map +1 -1
package/dist/managers/SanitizerManager.js +112 -15
package/dist/managers/SanitizerManager.js.map +1 -1
package/dist/managers/ValidatorManager.d.ts.map +1 -1
package/dist/managers/ValidatorManager.js +90 -7
package/dist/managers/ValidatorManager.js.map +1 -1
package/package.json +19 -1
package/readme.md +3 -6
package/src/adapters/ArgonAdapter.ts +55 -6
package/src/adapters/BcryptAdapter.ts +56 -8
package/src/adapters/ExpressRLAdapter.ts +62 -9
package/src/adapters/ExpressValidatorAdapter.ts +67 -11
package/src/adapters/GoogleAdapter.ts +106 -21
package/src/adapters/JWTAdapter.ts +129 -21
package/src/adapters/RLFlexibleAdapter.ts +113 -16
package/src/adapters/SanitizeHtmlAdapter.ts +111 -18
package/src/adapters/XSSAdapter.ts +183 -39
package/src/adapters/ZodAdapter.ts +56 -10
package/src/core/HiSecure.ts +496 -162
package/src/index.ts +4 -0
package/src/logging/index.ts +6 -0
package/src/logging/morganSetup.ts +36 -1
package/src/logging/winstonSetup.ts +97 -8
package/src/managers/AuthManager.ts +205 -34
package/src/managers/CorsManager.ts +63 -16
package/src/managers/HashManager.ts +156 -19
package/src/managers/JsonManager.ts +119 -15
package/src/managers/RateLimitManager.ts +174 -29
package/src/managers/SanitizerManager.ts +150 -25
package/src/managers/ValidatorManager.ts +115 -15

package/src/managers/HashManager.ts CHANGED Viewed

@@ -1,5 +1,113 @@
-import { AdapterError } from "../core/errors/AdapterError.js";
-import { HiSecureConfig } from "../core/types/HiSecureConfig.js";
+// import { AdapterError } from "../core/errors/AdapterError.js";
+// import { HiSecureConfig } from "../core/types/HiSecureConfig.js";
+// import { logger } from "../logging";
+// interface HashAdapter {
+//     hash(value: string): Promise<string>;
+//     verify(value: string, hashed: string): Promise<boolean>;
+// }
+// export interface HashResult {
+//     hash: string;
+//     algorithm: string;
+//     usedFallback: boolean;
+// }
+// export class HashManager {
+//     private config: HiSecureConfig["hashing"];
+//     private primaryAdapter: HashAdapter;
+//     private fallbackAdapter: HashAdapter | null;
+//     constructor(
+//         config: HiSecureConfig["hashing"],
+//         primaryAdapter: HashAdapter,
+//         fallbackAdapter: HashAdapter | null
+//     ) {
+//         this.config = config;
+//         this.primaryAdapter = primaryAdapter;
+//         this.fallbackAdapter = fallbackAdapter;
+//     }
+//     async hash(value: string, options?: { allowFallback?: boolean }): Promise<HashResult> {
+//         try {
+//             const hash = await this.primaryAdapter.hash(value);
+//             return {
+//                 hash,
+//                 algorithm: this.config.primary,
+//                 usedFallback: false
+//             };
+//         } catch (err: any) {
+//             logger.warn("Primary hashing failed", {
+//                 error: err.message,
+//                 algorithm: this.config.primary
+//             });
+//             if (!options?.allowFallback || !this.fallbackAdapter) {
+//                 throw new AdapterError(
+//                     `Primary hashing (${this.config.primary}) failed. Fallback not allowed.`
+//                 );
+//             }
+//             try {
+//                 const hash = await this.fallbackAdapter.hash(value);
+//                 // Log security downgrade warning
+//                 logger.warn("SECURITY DOWNGRADE: Using fallback hashing", {
+//                     from: this.config.primary,
+//                     to: this.config.fallback
+//                 });
+//                 return {
+//                     hash,
+//                     algorithm: this.config.fallback || 'bcrypt',
+//                     usedFallback: true
+//                 };
+//             } catch (fallbackErr: any) {
+//                 logger.error("Fallback hashing failed", {
+//                     error: fallbackErr?.message,
+//                 });
+//                 throw new AdapterError(
+//                     "Both primary and fallback hashing failed."
+//                 );
+//             }
+//         }
+//     }
+//     async verify(value: string, hashed: string): Promise<boolean> {
+//         //  primary adapter - first
+//         try {
+//             return await this.primaryAdapter.verify(value, hashed);
+//         } catch (primaryErr: any) {
+//             logger.warn("Primary verify failed", {
+//                 error: primaryErr?.message,
+//             });
+//             //  fallback exists -  try it
+//             if (this.fallbackAdapter) {
+//                 try {
+//                     return await this.fallbackAdapter.verify(value, hashed);
+//                 } catch (fallbackErr: any) {
+//                     logger.error(" Fallback verify failed", {
+//                         error: fallbackErr?.message,
+//                     });
+//                     throw new AdapterError(
+//                         "Both primary and fallback verify failed."
+//                     );
+//                 }
+//             }
+//             throw new AdapterError(
+//                 "Primary verify failed and no fallback adapter configured."
+//             );
+//         }
+//     }
+// }
+import { AdapterError } from "../core/errors/AdapterError";
+import { HiSecureConfig } from "../core/types/HiSecureConfig";
 import { logger } from "../logging";
 interface HashAdapter {
@@ -26,20 +134,33 @@ export class HashManager {
         this.config = config;
         this.primaryAdapter = primaryAdapter;
         this.fallbackAdapter = fallbackAdapter;
+        logger.info("HashManager initialized", {
+            layer: "hash-manager",
+            primary: config.primary,
+            fallbackEnabled: !!fallbackAdapter
+        });
     }
-    async hash(value: string, options?: { allowFallback?: boolean }): Promise<HashResult> {
+    async hash(
+        value: string,
+        options?: { allowFallback?: boolean }
+    ): Promise<HashResult> {
         try {
             const hash = await this.primaryAdapter.hash(value);
             return {
                 hash,
                 algorithm: this.config.primary,
                 usedFallback: false
             };
         } catch (err: any) {
             logger.warn("Primary hashing failed", {
-                error: err.message,
-                algorithm: this.config.primary
+                layer: "hash-manager",
+                operation: "hash",
+                algorithm: this.config.primary,
+                reason: err?.message
             });
             if (!options?.allowFallback || !this.fallbackAdapter) {
@@ -50,22 +171,30 @@ export class HashManager {
             try {
                 const hash = await this.fallbackAdapter.hash(value);
-                // Log security downgrade warning
-                logger.warn("SECURITY DOWNGRADE: Using fallback hashing", {
+                // ⚠️ security downgrade log (VERY GOOD PRACTICE)
+                logger.warn("Hashing fallback used (security downgrade)", {
+                    layer: "hash-manager",
+                    operation: "hash",
                     from: this.config.primary,
                     to: this.config.fallback
                 });
                 return {
                     hash,
-                    algorithm: this.config.fallback || 'bcrypt',
+                    algorithm: this.config.fallback || "bcrypt",
                     usedFallback: true
                 };
             } catch (fallbackErr: any) {
                 logger.error("Fallback hashing failed", {
-                    error: fallbackErr?.message,
+                    layer: "hash-manager",
+                    operation: "hash",
+                    from: this.config.primary,
+                    to: this.config.fallback,
+                    reason: fallbackErr?.message
                 });
                 throw new AdapterError(
                     "Both primary and fallback hashing failed."
                 );
@@ -74,31 +203,39 @@ export class HashManager {
     }
     async verify(value: string, hashed: string): Promise<boolean> {
-        //  primary adapter - first
         try {
             return await this.primaryAdapter.verify(value, hashed);
         } catch (primaryErr: any) {
-            logger.warn("Primary verify failed", {
-                error: primaryErr?.message,
+            logger.warn("Primary hash verification failed", {
+                layer: "hash-manager",
+                operation: "verify",
+                algorithm: this.config.primary,
+                reason: primaryErr?.message
             });
-            //  fallback exists -  try it
             if (this.fallbackAdapter) {
                 try {
                     return await this.fallbackAdapter.verify(value, hashed);
                 } catch (fallbackErr: any) {
-                    logger.error(" Fallback verify failed", {
-                        error: fallbackErr?.message,
+                    logger.error("Fallback hash verification failed", {
+                        layer: "hash-manager",
+                        operation: "verify",
+                        from: this.config.primary,
+                        to: this.config.fallback,
+                        reason: fallbackErr?.message
                     });
                     throw new AdapterError(
                         "Both primary and fallback verify failed."
                     );
                 }
             }
             throw new AdapterError(
                 "Primary verify failed and no fallback adapter configured."
             );
         }
     }
-}
+}

package/src/managers/JsonManager.ts CHANGED Viewed

@@ -1,19 +1,97 @@
+// import express from "express";
+// import qs from "qs";
+// import { logger } from "../logging";
+// import { AdapterError } from "../core/errors/AdapterError.js";
+// export class JsonManager {
+//     middleware(options?: any) {
+//         try {
+//             const defaultOptions = {
+//                 limit: '1mb',
+//                 inflate: true,
+//                 strict: true
+//             };
+//             return express.json({ ...defaultOptions, ...(options || {}) });
+//         } catch (err: any) {
+//             logger.error("JSON Manager: failed to create JSON parser");
+//             throw new AdapterError("JSON parser initialization failed.");
+//         }
+//     }
+//     urlencoded(options?: any) {
+//         try {
+//             const defaultOptions = {
+//                 extended: true,
+//                 limit: '1mb',
+//                 parameterLimit: 1000
+//             };
+//             const opts = { ...defaultOptions, ...(options || {}) };
+//             return express.urlencoded(opts);
+//         } catch (err: any) {
+//             logger.error("URL-encoded parser failed");
+//             throw new AdapterError("URL-encoded parser initialization failed.");
+//         }
+//     }
+//     queryParser(options?: any) {
+//         return (req: any, res: any, next: any) => {
+//             try {
+//                 if (!req.parsedQuery && req.url.includes('?')) {
+//                     const queryString = req.url.split("?")[1] || "";
+//                     const parsed = qs.parse(queryString, {
+//                         depth: 5,
+//                         parameterLimit: 100,
+//                         ...options
+//                     });
+//                     req.parsedQuery = parsed;
+//                     logger.debug(" Query parsed", {
+//                         keys: Object.keys(parsed)
+//                     });
+//                 }
+//                 next();
+//             } catch (err: any) {
+//                 logger.error("Failed to parse query", { error: err?.message });
+//                 next(new AdapterError("Query parsing failed."));
+//             }
+//         };
+//     }
+// }
 import express from "express";
 import qs from "qs";
 import { logger } from "../logging";
-import { AdapterError } from "../core/errors/AdapterError.js";
+import { AdapterError } from "../core/errors/AdapterError";
 export class JsonManager {
     middleware(options?: any) {
         try {
             const defaultOptions = {
-                limit: '1mb',
+                limit: "1mb",
                 inflate: true,
                 strict: true
             };
-            return express.json({ ...defaultOptions, ...(options || {}) });
+            const finalOptions = { ...defaultOptions, ...(options || {}) };
+            logger.info("JSON body parser configured", {
+                layer: "json-manager",
+                operation: "json",
+                limit: finalOptions.limit,
+                strict: finalOptions.strict
+            });
+            return express.json(finalOptions);
         } catch (err: any) {
-            logger.error("JSON Manager: failed to create JSON parser");
+            logger.error("JSON body parser initialization failed", {
+                layer: "json-manager",
+                operation: "json",
+                reason: err?.message
+            });
             throw new AdapterError("JSON parser initialization failed.");
         }
     }
@@ -22,38 +100,64 @@ export class JsonManager {
         try {
             const defaultOptions = {
                 extended: true,
-                limit: '1mb',
+                limit: "1mb",
                 parameterLimit: 1000
             };
-            const opts = { ...defaultOptions, ...(options || {}) };
-            return express.urlencoded(opts);
+            const finalOptions = { ...defaultOptions, ...(options || {}) };
+            logger.info("URL-encoded parser configured", {
+                layer: "json-manager",
+                operation: "urlencoded",
+                limit: finalOptions.limit,
+                parameterLimit: finalOptions.parameterLimit
+            });
+            return express.urlencoded(finalOptions);
         } catch (err: any) {
-            logger.error("URL-encoded parser failed");
+            logger.error("URL-encoded parser initialization failed", {
+                layer: "json-manager",
+                operation: "urlencoded",
+                reason: err?.message
+            });
             throw new AdapterError("URL-encoded parser initialization failed.");
         }
     }
     queryParser(options?: any) {
-        return (req: any, res: any, next: any) => {
+        return (req: any, _res: any, next: any) => {
             try {
-                if (!req.parsedQuery && req.url.includes('?')) {
+                if (!req.parsedQuery && req.url.includes("?")) {
                     const queryString = req.url.split("?")[1] || "";
                     const parsed = qs.parse(queryString, {
                         depth: 5,
                         parameterLimit: 100,
                         ...options
                     });
                     req.parsedQuery = parsed;
-                    logger.debug(" Query parsed", {
-                        keys: Object.keys(parsed)
+                    // ✅ visible + safe info
+                    logger.info("Query parameters parsed", {
+                        layer: "json-manager",
+                        operation: "query-parse",
+                        keyCount: Object.keys(parsed).length
                     });
                 }
                 next();
             } catch (err: any) {
-                logger.error("Failed to parse query", { error: err?.message });
+                logger.error("Query parsing failed", {
+                    layer: "json-manager",
+                    operation: "query-parse",
+                    reason: err?.message
+                });
                 next(new AdapterError("Query parsing failed."));
             }
         };
     }
-}
+}

package/src/managers/RateLimitManager.ts CHANGED Viewed

@@ -1,5 +1,118 @@
-import { HiSecureConfig } from "../core/types/HiSecureConfig.js";
-import { AdapterError } from "../core/errors/AdapterError.js";
+// import { HiSecureConfig } from "../core/types/HiSecureConfig.js";
+// import { AdapterError } from "../core/errors/AdapterError.js";
+// import { logger } from "../logging";
+// interface RateLimiterAdapter {
+//     getMiddleware: (options?: any) => any;
+// }
+// export class RateLimitManager {
+//     private config: HiSecureConfig["rateLimiter"];
+//     private primaryAdapter: RateLimiterAdapter;
+//     private fallbackAdapter: RateLimiterAdapter | null;
+//     constructor(
+//         config: HiSecureConfig["rateLimiter"],
+//         primaryAdapter: RateLimiterAdapter,
+//         fallbackAdapter: RateLimiterAdapter | null
+//     ) {
+//         this.config = config;
+//         this.primaryAdapter = primaryAdapter;
+//         this.fallbackAdapter = fallbackAdapter;
+//     }
+//     middleware(opts?: { mode?: "strict" | "relaxed" | "api"; options?: any }) {
+//         let finalOptions: any = {};
+//         if (opts?.mode === "strict") {
+//             finalOptions = {
+//                 windowMs: 10_000,
+//                 max: 5,
+//                 message: "Too many requests, please slow down."
+//             };
+//         } else if (opts?.mode === "relaxed") {
+//             finalOptions = {
+//                 windowMs: 60_000,
+//                 max: 100,
+//                 message: "Rate limit exceeded."
+//             };
+//         } else if (opts?.mode === "api") {
+//             finalOptions = {
+//                 windowMs: 15 * 60 * 1000,
+//                 max: 100,
+//                 message: "API rate limit exceeded."
+//             };
+//         } else {
+//             finalOptions = {
+//                 windowMs: this.config.windowMs,
+//                 max: this.config.maxRequests,
+//                 message: this.config.message,
+//                 standardHeaders: true,
+//                 legacyHeaders: false
+//             };
+//         }
+//         if (opts?.options) {
+//             const allowedOverrides = ['message', 'skipFailedRequests', 'standardHeaders', 'legacyHeaders'];
+//             for (const key of allowedOverrides) {
+//                 if (opts.options[key] !== undefined) {
+//                     finalOptions[key] = opts.options[key];
+//                 }
+//             }
+//             const attemptedOverrides = Object.keys(opts.options).filter(
+//                 k => !allowedOverrides.includes(k) && k !== 'mode'
+//             );
+//             if (attemptedOverrides.length > 0) {
+//                 logger.warn("Rate limit overrides ignored", {
+//                     preset: opts?.mode || 'default',
+//                     ignoredOptions: attemptedOverrides
+//                 });
+//             }
+//         }
+//         if (finalOptions.standardHeaders === undefined) {
+//             finalOptions.standardHeaders = true;
+//         }
+//         if (finalOptions.legacyHeaders === undefined) {
+//             finalOptions.legacyHeaders = false;
+//         }
+//         try {
+//             logger.info("Applying rate limiting", {
+//                 mode: opts?.mode || 'default',
+//                 windowMs: finalOptions.windowMs,
+//                 max: finalOptions.max
+//             });
+//             return this.primaryAdapter.getMiddleware(finalOptions);
+//         } catch (err: any) {
+//             logger.warn("Primary rate limiter failed → fallback", {
+//                 error: err?.message
+//             });
+//             if (!this.fallbackAdapter) {
+//                 throw new AdapterError("Rate limiters failed; no fallback adapter.");
+//             }
+//             try {
+//                 logger.info("Using fallback rate limiter");
+//                 return this.fallbackAdapter.getMiddleware(finalOptions);
+//             } catch (fallbackErr: any) {
+//                 logger.error("Fallback limiter also failed", {
+//                     error: fallbackErr?.message
+//                 });
+//                 throw new AdapterError("Both primary and fallback limiters failed.");
+//             }
+//         }
+//     }
+// }
+import { HiSecureConfig } from "../core/types/HiSecureConfig";
+import { AdapterError } from "../core/errors/AdapterError";
 import { logger } from "../logging";
 interface RateLimiterAdapter {
@@ -19,26 +132,33 @@ export class RateLimitManager {
         this.config = config;
         this.primaryAdapter = primaryAdapter;
         this.fallbackAdapter = fallbackAdapter;
+        logger.info("RateLimitManager initialized", {
+            layer: "rate-limit-manager",
+            primaryConfigured: true,
+            fallbackConfigured: !!fallbackAdapter
+        });
     }
     middleware(opts?: { mode?: "strict" | "relaxed" | "api"; options?: any }) {
         let finalOptions: any = {};
+        const mode = opts?.mode || "default";
-        if (opts?.mode === "strict") {
+        if (mode === "strict") {
             finalOptions = {
                 windowMs: 10_000,
                 max: 5,
                 message: "Too many requests, please slow down."
             };
-        } else if (opts?.mode === "relaxed") {
+        } else if (mode === "relaxed") {
             finalOptions = {
                 windowMs: 60_000,
                 max: 100,
                 message: "Rate limit exceeded."
             };
-        } else if (opts?.mode === "api") {
+        } else if (mode === "api") {
             finalOptions = {
-                windowMs: 15 * 60 * 1000,
+                windowMs: 15 * 60 * 1000,
                 max: 100,
                 message: "API rate limit exceeded."
             };
@@ -47,63 +167,88 @@ export class RateLimitManager {
                 windowMs: this.config.windowMs,
                 max: this.config.maxRequests,
                 message: this.config.message,
-                standardHeaders: true,
-                legacyHeaders: false
+                standardHeaders: true,
+                legacyHeaders: false
             };
         }
         if (opts?.options) {
-            const allowedOverrides = ['message', 'skipFailedRequests', 'standardHeaders', 'legacyHeaders'];
+            const allowedOverrides = [
+                "message",
+                "skipFailedRequests",
+                "standardHeaders",
+                "legacyHeaders"
+            ];
             for (const key of allowedOverrides) {
                 if (opts.options[key] !== undefined) {
                     finalOptions[key] = opts.options[key];
                 }
             }
             const attemptedOverrides = Object.keys(opts.options).filter(
-                k => !allowedOverrides.includes(k) && k !== 'mode'
+                k => !allowedOverrides.includes(k) && k !== "mode"
             );
             if (attemptedOverrides.length > 0) {
                 logger.warn("Rate limit overrides ignored", {
-                    preset: opts?.mode || 'default',
+                    layer: "rate-limit-manager",
+                    operation: "configure",
+                    mode,
                     ignoredOptions: attemptedOverrides
                 });
             }
         }
-        if (finalOptions.standardHeaders === undefined) {
-            finalOptions.standardHeaders = true;
-        }
-        if (finalOptions.legacyHeaders === undefined) {
-            finalOptions.legacyHeaders = false;
-        }
+        finalOptions.standardHeaders ??= true;
+        finalOptions.legacyHeaders ??= false;
         try {
-            logger.info("Applying rate limiting", {
-                mode: opts?.mode || 'default',
+            logger.info("Rate limiting applied", {
+                layer: "rate-limit-manager",
+                operation: "apply",
+                mode,
                 windowMs: finalOptions.windowMs,
                 max: finalOptions.max
             });
             return this.primaryAdapter.getMiddleware(finalOptions);
         } catch (err: any) {
-            logger.warn("Primary rate limiter failed → fallback", {
-                error: err?.message
+            logger.warn("Primary rate limiter failed", {
+                layer: "rate-limit-manager",
+                operation: "apply",
+                mode,
+                reason: err?.message
             });
             if (!this.fallbackAdapter) {
-                throw new AdapterError("Rate limiters failed; no fallback adapter.");
+                throw new AdapterError(
+                    "Rate limiters failed; no fallback adapter configured."
+                );
             }
             try {
-                logger.info("Using fallback rate limiter");
+                logger.warn("Using fallback rate limiter", {
+                    layer: "rate-limit-manager",
+                    operation: "fallback",
+                    mode
+                });
                 return this.fallbackAdapter.getMiddleware(finalOptions);
             } catch (fallbackErr: any) {
-                logger.error("Fallback limiter also failed", {
-                    error: fallbackErr?.message
+                logger.error("Fallback rate limiter failed", {
+                    layer: "rate-limit-manager",
+                    operation: "fallback",
+                    mode,
+                    reason: fallbackErr?.message
                 });
-                throw new AdapterError("Both primary and fallback limiters failed.");
+                throw new AdapterError(
+                    "Both primary and fallback rate limiters failed."
+                );
             }
         }
     }
-}
+}