npm - hono-crud - Versions diffs - 0.3.2 → 0.4.0 - Mend

hono-crud 0.3.2 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/CHANGELOG.md +2 -0
package/dist/adapters/drizzle/index.d.ts +18 -30
package/dist/adapters/drizzle/index.js +12 -39
package/dist/adapters/memory/index.d.ts +2 -2
package/dist/adapters/memory/index.js +2 -2
package/dist/adapters/prisma/index.d.ts +1 -1
package/dist/adapters/prisma/index.js +1 -1
package/dist/auth/index.js +1 -1
package/dist/{bulk-patch-B6j0q_p_.d.ts → bulk-patch-f4TR8L-q.d.ts} +1 -1
package/dist/cache/index.js +1 -1
package/dist/{chunk-KP4HGONO.js → chunk-57J3NJYN.js} +5 -13
package/dist/{chunk-G7OXZ24G.js → chunk-G7IQ5DWC.js} +1 -1
package/dist/{chunk-IPGNLIJV.js → chunk-I36Y45QN.js} +1 -1
package/dist/{chunk-LCRNKT65.js → chunk-T6J4NSMC.js} +48 -5
package/dist/{chunk-WOFE46VS.js → chunk-Y74QJH7Y.js} +25 -19
package/dist/{import-B7KS4Wvh.d.ts → import-BZ05PJMa.d.ts} +11 -0
package/dist/{index-Dm8-ODYA.d.ts → index-431Ovi2o.d.ts} +2 -2
package/dist/{index-5BEg0ty5.d.ts → index-bSnRLgcs.d.ts} +1 -1
package/dist/index.d.ts +25 -10
package/dist/index.js +109 -32
package/dist/logging/index.d.ts +4 -4
package/dist/logging/index.js +2 -2
package/dist/rate-limit/index.d.ts +2 -2
package/dist/rate-limit/index.js +1 -1
package/dist/storage/index.d.ts +2 -2
package/dist/storage/index.js +1 -1
package/dist/{types-Bc7ebF5x.d.ts → types-BO3G_MZk.d.ts} +2 -2
package/dist/{types-B8CWg4nO.d.ts → types-DnQWCfXp.d.ts} +1 -1
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 %b
 %b
 %b
+%b
 ## [0.1.0] - 2025-01-29
 ### Added
@@ -42,3 +43,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [0.3.0]: https://github.com/kshdotdev/hono-crud/compare/v0.2.0...v0.3.0
 [0.3.1]: https://github.com/kshdotdev/hono-crud/compare/v0.3.0...v0.3.1
 [0.3.2]: https://github.com/kshdotdev/hono-crud/compare/v0.3.1...v0.3.2
+[0.4.0]: https://github.com/kshdotdev/hono-crud/compare/v0.3.2...v0.4.0

package/dist/adapters/drizzle/index.d.ts CHANGED Viewed

@@ -1,8 +1,8 @@
 import { Table, SQL, Column } from 'drizzle-orm';
 import { M as MetaInput, I as IncludeOptions, F as FilterCondition, g as RelationConfig, h as NestedUpdateInput, i as NestedWriteResult, L as ListFilters, P as PaginatedResult, j as AggregateOptions, k as AggregateResult, S as SearchOptions, l as SearchResult } from '../../types-CA784ZtV.js';
 import { Env } from 'hono';
-import { C as CreateEndpoint, M as ModelObject, R as ReadEndpoint, U as UpdateEndpoint, D as DeleteEndpoint, L as ListEndpoint, a as RestoreEndpoint, B as BatchCreateEndpoint, b as BatchDeleteEndpoint, c as BatchRestoreEndpoint, d as BatchUpdateEndpoint, e as BatchUpdateItem, A as AggregateEndpoint, f as BatchUpsertEndpoint, g as UpsertEndpoint, E as ExportEndpoint, I as ImportEndpoint, S as SearchEndpoint, V as VersionCompareEndpoint, h as VersionHistoryEndpoint, i as VersionReadEndpoint, j as VersionRollbackEndpoint } from '../../import-B7KS4Wvh.js';
-import { A as AdapterBundle } from '../../index-5BEg0ty5.js';
+import { C as CreateEndpoint, M as ModelObject, R as ReadEndpoint, U as UpdateEndpoint, D as DeleteEndpoint, L as ListEndpoint, a as RestoreEndpoint, B as BatchCreateEndpoint, b as BatchDeleteEndpoint, c as BatchRestoreEndpoint, d as BatchUpdateEndpoint, e as BatchUpdateItem, A as AggregateEndpoint, f as BatchUpsertEndpoint, g as UpsertEndpoint, E as ExportEndpoint, I as ImportEndpoint, S as SearchEndpoint, V as VersionCompareEndpoint, h as VersionHistoryEndpoint, i as VersionReadEndpoint, j as VersionRollbackEndpoint } from '../../import-BZ05PJMa.js';
+import { A as AdapterBundle } from '../../index-bSnRLgcs.js';
 import { z } from 'zod';
 import '@hono/zod-openapi';
 import '../../route-DwSID3du.js';
@@ -731,7 +731,7 @@ declare const DrizzleAdapters: AdapterBundle;
  *   createdAt: timestamp('created_at').defaultNow(),
  * });
  *
- * const { select: UserSchema, insert: CreateUserSchema } = createDrizzleSchemas(users);
+ * const { select: UserSchema, insert: CreateUserSchema } = await createDrizzleSchemas(users);
  * ```
  */
@@ -751,36 +751,36 @@ type DrizzleTable = {
  *
  * @param table - Drizzle table definition
  * @param refine - Optional refinements for specific columns
- * @returns Zod schema for the table's select type
+ * @returns Promise resolving to a Zod schema for the table's select type
  *
  * @example
  * ```ts
  * import { users } from './schema';
  * import { createSelectSchema } from 'hono-crud/adapters/drizzle';
  *
- * const UserSchema = createSelectSchema(users);
+ * const UserSchema = await createSelectSchema(users);
  * type User = z.infer<typeof UserSchema>;
  * ```
  */
-declare function createSelectSchema<T extends DrizzleTable>(table: T, refine?: Record<string, z.ZodTypeAny>): z.ZodObject<Record<string, z.ZodTypeAny>>;
+declare function createSelectSchema<T extends DrizzleTable>(table: T, refine?: Record<string, z.ZodTypeAny>): Promise<z.ZodObject<Record<string, z.ZodTypeAny>>>;
 /**
  * Re-export createInsertSchema from drizzle-zod.
  * Creates a Zod schema for INSERT queries (columns with defaults become optional).
  *
  * @param table - Drizzle table definition
  * @param refine - Optional refinements for specific columns
- * @returns Zod schema for the table's insert type
+ * @returns Promise resolving to a Zod schema for the table's insert type
  *
  * @example
  * ```ts
  * import { users } from './schema';
  * import { createInsertSchema } from 'hono-crud/adapters/drizzle';
  *
- * const CreateUserSchema = createInsertSchema(users);
+ * const CreateUserSchema = await createInsertSchema(users);
  * type CreateUser = z.infer<typeof CreateUserSchema>;
  * ```
  */
-declare function createInsertSchema<T extends DrizzleTable>(table: T, refine?: Record<string, z.ZodTypeAny>): z.ZodObject<Record<string, z.ZodTypeAny>>;
+declare function createInsertSchema<T extends DrizzleTable>(table: T, refine?: Record<string, z.ZodTypeAny>): Promise<z.ZodObject<Record<string, z.ZodTypeAny>>>;
 /**
  * Re-export createUpdateSchema from drizzle-zod (if available).
  * Creates a Zod schema for UPDATE queries (all columns become optional).
@@ -790,18 +790,18 @@ declare function createInsertSchema<T extends DrizzleTable>(table: T, refine?: R
  *
  * @param table - Drizzle table definition
  * @param refine - Optional refinements for specific columns
- * @returns Zod schema for the table's update type
+ * @returns Promise resolving to a Zod schema for the table's update type
  *
  * @example
  * ```ts
  * import { users } from './schema';
  * import { createUpdateSchema } from 'hono-crud/adapters/drizzle';
  *
- * const UpdateUserSchema = createUpdateSchema(users);
+ * const UpdateUserSchema = await createUpdateSchema(users);
  * type UpdateUser = z.infer<typeof UpdateUserSchema>;
  * ```
  */
-declare function createUpdateSchema<T extends DrizzleTable>(table: T, refine?: Record<string, z.ZodTypeAny>): z.ZodObject<Record<string, z.ZodTypeAny>>;
+declare function createUpdateSchema<T extends DrizzleTable>(table: T, refine?: Record<string, z.ZodTypeAny>): Promise<z.ZodObject<Record<string, z.ZodTypeAny>>>;
 /**
  * Result of createDrizzleSchemas helper.
  */
@@ -830,7 +830,7 @@ interface DrizzleSchemas {
  * @param options.selectRefine - Refinements for select schema
  * @param options.updateRefine - Refinements for update schema
  * @param options.coerceDates - Whether to coerce date strings to Date objects (default: true)
- * @returns Object containing select, insert, and update schemas
+ * @returns Promise resolving to object containing select, insert, and update schemas
  *
  * @example
  * ```ts
@@ -845,7 +845,7 @@ interface DrizzleSchemas {
  * });
  *
  * // Generate schemas from table
- * const schemas = createDrizzleSchemas(users, {
+ * const schemas = await createDrizzleSchemas(users, {
  *   insertRefine: {
  *     email: z.string().email(), // Add email validation
  *   },
@@ -866,24 +866,12 @@ declare function createDrizzleSchemas<T extends DrizzleTable>(table: T, options?
     updateRefine?: Record<string, z.ZodTypeAny>;
     /** Whether to coerce date strings to Date objects. Default: true */
     coerceDates?: boolean;
-}): DrizzleSchemas;
-/**
- * Async version of createDrizzleSchemas that handles lazy loading.
- * Use this if you're not sure drizzle-zod is already loaded.
- *
- * @param table - Drizzle table definition
- * @param options - Optional configuration
- * @returns Promise resolving to schemas object
- */
-declare function createDrizzleSchemasAsync<T extends DrizzleTable>(table: T, options?: {
-    insertRefine?: Record<string, z.ZodTypeAny>;
-    selectRefine?: Record<string, z.ZodTypeAny>;
-    updateRefine?: Record<string, z.ZodTypeAny>;
 }): Promise<DrizzleSchemas>;
 /**
- * Checks if drizzle-zod is available.
- * @returns true if drizzle-zod can be imported
+ * Checks if drizzle-zod is available (from cache only).
+ * Returns true only if drizzle-zod has been successfully loaded before.
+ * @returns true if drizzle-zod has been loaded
  */
 declare function isDrizzleZodAvailable(): boolean;
-export { type Database, DrizzleAdapters, DrizzleAggregateEndpoint, DrizzleBatchCreateEndpoint, DrizzleBatchDeleteEndpoint, DrizzleBatchRestoreEndpoint, DrizzleBatchUpdateEndpoint, DrizzleBatchUpsertEndpoint, DrizzleCreateEndpoint, type DrizzleCrudClasses, type DrizzleDB, type DrizzleDatabase, type DrizzleDatabaseConstraint, DrizzleDeleteEndpoint, type DrizzleEnv, DrizzleExportEndpoint, DrizzleImportEndpoint, DrizzleListEndpoint, DrizzleReadEndpoint, DrizzleRestoreEndpoint, type DrizzleSchemas, DrizzleSearchEndpoint, DrizzleUpdateEndpoint, DrizzleUpsertEndpoint, DrizzleVersionCompareEndpoint, DrizzleVersionHistoryEndpoint, DrizzleVersionReadEndpoint, DrizzleVersionRollbackEndpoint, type QueryBuilder, batchLoadDrizzleRelations, buildWhereCondition, cast, createDrizzleCrud, createDrizzleSchemas, createDrizzleSchemasAsync, createInsertSchema, createSelectSchema, createUpdateSchema, getColumn, getTable, isDrizzleZodAvailable, loadDrizzleRelation, loadDrizzleRelations };
+export { type Database, DrizzleAdapters, DrizzleAggregateEndpoint, DrizzleBatchCreateEndpoint, DrizzleBatchDeleteEndpoint, DrizzleBatchRestoreEndpoint, DrizzleBatchUpdateEndpoint, DrizzleBatchUpsertEndpoint, DrizzleCreateEndpoint, type DrizzleCrudClasses, type DrizzleDB, type DrizzleDatabase, type DrizzleDatabaseConstraint, DrizzleDeleteEndpoint, type DrizzleEnv, DrizzleExportEndpoint, DrizzleImportEndpoint, DrizzleListEndpoint, DrizzleReadEndpoint, DrizzleRestoreEndpoint, type DrizzleSchemas, DrizzleSearchEndpoint, DrizzleUpdateEndpoint, DrizzleUpsertEndpoint, DrizzleVersionCompareEndpoint, DrizzleVersionHistoryEndpoint, DrizzleVersionReadEndpoint, DrizzleVersionRollbackEndpoint, type QueryBuilder, batchLoadDrizzleRelations, buildWhereCondition, cast, createDrizzleCrud, createDrizzleSchemas, createInsertSchema, createSelectSchema, createUpdateSchema, getColumn, getTable, isDrizzleZodAvailable, loadDrizzleRelation, loadDrizzleRelations };

package/dist/adapters/drizzle/index.js CHANGED Viewed

@@ -1,10 +1,9 @@
-import { CreateEndpoint, ReadEndpoint, UpdateEndpoint, DeleteEndpoint, ListEndpoint, RestoreEndpoint, BatchCreateEndpoint, BatchUpdateEndpoint, BatchDeleteEndpoint, BatchRestoreEndpoint, UpsertEndpoint, BatchUpsertEndpoint, VersionHistoryEndpoint, VersionReadEndpoint, VersionCompareEndpoint, VersionRollbackEndpoint, AggregateEndpoint, computeAggregations, SearchEndpoint, searchInMemory, ExportEndpoint, ImportEndpoint } from '../../chunk-LCRNKT65.js';
+import { CreateEndpoint, ReadEndpoint, UpdateEndpoint, DeleteEndpoint, ListEndpoint, RestoreEndpoint, BatchCreateEndpoint, BatchUpdateEndpoint, BatchDeleteEndpoint, BatchRestoreEndpoint, UpsertEndpoint, BatchUpsertEndpoint, VersionHistoryEndpoint, VersionReadEndpoint, VersionCompareEndpoint, VersionRollbackEndpoint, AggregateEndpoint, computeAggregations, SearchEndpoint, searchInMemory, ExportEndpoint, ImportEndpoint } from '../../chunk-T6J4NSMC.js';
 import '../../chunk-CDCGYMC6.js';
 import '../../chunk-U3SUUXJK.js';
 import { getLogger } from '../../chunk-FST5S5UY.js';
 import { getTableColumns, eq, inArray, between, isNull, isNotNull, ilike, like, notInArray, lte, lt, gte, gt, ne, and, sql, or, desc, asc } from 'drizzle-orm';
 import { z } from 'zod';
-import { createRequire } from 'module';
 function cast(instance) {
   return instance;
@@ -1520,27 +1519,10 @@ var DrizzleAdapters = {
   UpdateEndpoint: DrizzleUpdateEndpoint,
   DeleteEndpoint: DrizzleDeleteEndpoint
 };
-var require2 = createRequire(import.meta.url);
 var _drizzleZod = null;
 var _loadAttempted = false;
 var _loadError = null;
-function tryLoadDrizzleZod() {
-  if (_loadAttempted) {
-    if (_loadError) throw _loadError;
-    return _drizzleZod;
-  }
-  _loadAttempted = true;
-  try {
-    _drizzleZod = require2("drizzle-zod");
-    return _drizzleZod;
-  } catch {
-    _loadError = new Error(
-      "drizzle-zod is not installed. Please install it: npm install drizzle-zod"
-    );
-    throw _loadError;
-  }
-}
-async function loadDrizzleZodAsync() {
+async function ensureDrizzleZod() {
   if (_loadAttempted) {
     if (_loadError) throw _loadError;
     return _drizzleZod;
@@ -1556,24 +1538,24 @@ async function loadDrizzleZodAsync() {
     throw _loadError;
   }
 }
-function createSelectSchema(table, refine) {
-  const drizzleZod = tryLoadDrizzleZod();
+async function createSelectSchema(table, refine) {
+  const drizzleZod = await ensureDrizzleZod();
   return drizzleZod.createSelectSchema(table, refine);
 }
-function createInsertSchema(table, refine) {
-  const drizzleZod = tryLoadDrizzleZod();
+async function createInsertSchema(table, refine) {
+  const drizzleZod = await ensureDrizzleZod();
   return drizzleZod.createInsertSchema(table, refine);
 }
-function createUpdateSchema(table, refine) {
-  const drizzleZod = tryLoadDrizzleZod();
+async function createUpdateSchema(table, refine) {
+  const drizzleZod = await ensureDrizzleZod();
   if (drizzleZod.createUpdateSchema) {
     return drizzleZod.createUpdateSchema(table, refine);
   }
   const insertSchema = drizzleZod.createInsertSchema(table, refine);
   return insertSchema.partial();
 }
-function createDrizzleSchemas(table, options) {
-  const drizzleZod = tryLoadDrizzleZod();
+async function createDrizzleSchemas(table, options) {
+  const drizzleZod = await ensureDrizzleZod();
   const shouldCoerceDates = options?.coerceDates !== false;
   const dateColumns = shouldCoerceDates ? getDateColumns(table) : /* @__PURE__ */ new Set();
   const select = drizzleZod.createSelectSchema(table, options?.selectRefine);
@@ -1590,17 +1572,8 @@ function createDrizzleSchemas(table, options) {
   }
   return { select, insert, update };
 }
-async function createDrizzleSchemasAsync(table, options) {
-  await loadDrizzleZodAsync();
-  return createDrizzleSchemas(table, options);
-}
 function isDrizzleZodAvailable() {
-  try {
-    tryLoadDrizzleZod();
-    return true;
-  } catch {
-    return false;
-  }
+  return _drizzleZod !== null;
 }
 var coercedDate = z.preprocess(
   (val) => {
@@ -1665,4 +1638,4 @@ function applyDateCoercion(schema, dateColumns) {
   return z.object(newShape);
 }
-export { DrizzleAdapters, DrizzleAggregateEndpoint, DrizzleBatchCreateEndpoint, DrizzleBatchDeleteEndpoint, DrizzleBatchRestoreEndpoint, DrizzleBatchUpdateEndpoint, DrizzleBatchUpsertEndpoint, DrizzleCreateEndpoint, DrizzleDeleteEndpoint, DrizzleExportEndpoint, DrizzleImportEndpoint, DrizzleListEndpoint, DrizzleReadEndpoint, DrizzleRestoreEndpoint, DrizzleSearchEndpoint, DrizzleUpdateEndpoint, DrizzleUpsertEndpoint, DrizzleVersionCompareEndpoint, DrizzleVersionHistoryEndpoint, DrizzleVersionReadEndpoint, DrizzleVersionRollbackEndpoint, batchLoadDrizzleRelations, buildWhereCondition, cast, createDrizzleCrud, createDrizzleSchemas, createDrizzleSchemasAsync, createInsertSchema, createSelectSchema, createUpdateSchema, getColumn, getTable, isDrizzleZodAvailable, loadDrizzleRelation, loadDrizzleRelations };
+export { DrizzleAdapters, DrizzleAggregateEndpoint, DrizzleBatchCreateEndpoint, DrizzleBatchDeleteEndpoint, DrizzleBatchRestoreEndpoint, DrizzleBatchUpdateEndpoint, DrizzleBatchUpsertEndpoint, DrizzleCreateEndpoint, DrizzleDeleteEndpoint, DrizzleExportEndpoint, DrizzleImportEndpoint, DrizzleListEndpoint, DrizzleReadEndpoint, DrizzleRestoreEndpoint, DrizzleSearchEndpoint, DrizzleUpdateEndpoint, DrizzleUpsertEndpoint, DrizzleVersionCompareEndpoint, DrizzleVersionHistoryEndpoint, DrizzleVersionReadEndpoint, DrizzleVersionRollbackEndpoint, batchLoadDrizzleRelations, buildWhereCondition, cast, createDrizzleCrud, createDrizzleSchemas, createInsertSchema, createSelectSchema, createUpdateSchema, getColumn, getTable, isDrizzleZodAvailable, loadDrizzleRelation, loadDrizzleRelations };

package/dist/adapters/memory/index.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { Env } from 'hono';
-import { C as CreateEndpoint, M as ModelObject, D as DeleteEndpoint, L as ListEndpoint, R as ReadEndpoint, a as RestoreEndpoint, U as UpdateEndpoint, B as BatchCreateEndpoint, b as BatchDeleteEndpoint, c as BatchRestoreEndpoint, d as BatchUpdateEndpoint, e as BatchUpdateItem, f as BatchUpsertEndpoint, A as AggregateEndpoint, E as ExportEndpoint, I as ImportEndpoint, S as SearchEndpoint, g as UpsertEndpoint, V as VersionCompareEndpoint, h as VersionHistoryEndpoint, i as VersionReadEndpoint, j as VersionRollbackEndpoint } from '../../import-B7KS4Wvh.js';
+import { C as CreateEndpoint, M as ModelObject, D as DeleteEndpoint, L as ListEndpoint, R as ReadEndpoint, a as RestoreEndpoint, U as UpdateEndpoint, B as BatchCreateEndpoint, b as BatchDeleteEndpoint, c as BatchRestoreEndpoint, d as BatchUpdateEndpoint, e as BatchUpdateItem, f as BatchUpsertEndpoint, A as AggregateEndpoint, E as ExportEndpoint, I as ImportEndpoint, S as SearchEndpoint, g as UpsertEndpoint, V as VersionCompareEndpoint, h as VersionHistoryEndpoint, i as VersionReadEndpoint, j as VersionRollbackEndpoint } from '../../import-BZ05PJMa.js';
 import { M as MetaInput, g as RelationConfig, L as ListFilters, P as PaginatedResult, I as IncludeOptions, h as NestedUpdateInput, i as NestedWriteResult, j as AggregateOptions, k as AggregateResult, S as SearchOptions, l as SearchResult } from '../../types-CA784ZtV.js';
-import { B as BulkPatchEndpoint, C as CloneEndpoint } from '../../bulk-patch-B6j0q_p_.js';
+import { B as BulkPatchEndpoint, C as CloneEndpoint } from '../../bulk-patch-f4TR8L-q.js';
 import 'zod';
 import '../../route-DwSID3du.js';
 import 'hono/utils/http-status';

package/dist/adapters/memory/index.js CHANGED Viewed

@@ -1,5 +1,5 @@
-export { MemoryAggregateEndpoint, MemoryBatchCreateEndpoint, MemoryBatchDeleteEndpoint, MemoryBatchRestoreEndpoint, MemoryBatchUpdateEndpoint, MemoryBatchUpsertEndpoint, MemoryBulkPatchEndpoint, MemoryCloneEndpoint, MemoryCreateEndpoint, MemoryDeleteEndpoint, MemoryExportEndpoint, MemoryImportEndpoint, MemoryListEndpoint, MemoryReadEndpoint, MemoryRestoreEndpoint, MemorySearchEndpoint, MemoryUpdateEndpoint, MemoryUpsertEndpoint, MemoryVersionCompareEndpoint, MemoryVersionHistoryEndpoint, MemoryVersionReadEndpoint, MemoryVersionRollbackEndpoint, clearStorage, getStorage, getStore, storage } from '../../chunk-G7OXZ24G.js';
-import '../../chunk-LCRNKT65.js';
+export { MemoryAggregateEndpoint, MemoryBatchCreateEndpoint, MemoryBatchDeleteEndpoint, MemoryBatchRestoreEndpoint, MemoryBatchUpdateEndpoint, MemoryBatchUpsertEndpoint, MemoryBulkPatchEndpoint, MemoryCloneEndpoint, MemoryCreateEndpoint, MemoryDeleteEndpoint, MemoryExportEndpoint, MemoryImportEndpoint, MemoryListEndpoint, MemoryReadEndpoint, MemoryRestoreEndpoint, MemorySearchEndpoint, MemoryUpdateEndpoint, MemoryUpsertEndpoint, MemoryVersionCompareEndpoint, MemoryVersionHistoryEndpoint, MemoryVersionReadEndpoint, MemoryVersionRollbackEndpoint, clearStorage, getStorage, getStore, storage } from '../../chunk-G7IQ5DWC.js';
+import '../../chunk-T6J4NSMC.js';
 import '../../chunk-CDCGYMC6.js';
 import '../../chunk-U3SUUXJK.js';
 import '../../chunk-FST5S5UY.js';

package/dist/adapters/prisma/index.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { Env } from 'hono';
-import { C as CreateEndpoint, M as ModelObject, D as DeleteEndpoint, L as ListEndpoint, R as ReadEndpoint, U as UpdateEndpoint, B as BatchCreateEndpoint, b as BatchDeleteEndpoint, c as BatchRestoreEndpoint, d as BatchUpdateEndpoint, e as BatchUpdateItem, f as BatchUpsertEndpoint, a as RestoreEndpoint, A as AggregateEndpoint, E as ExportEndpoint, I as ImportEndpoint, S as SearchEndpoint, g as UpsertEndpoint, V as VersionCompareEndpoint, h as VersionHistoryEndpoint, i as VersionReadEndpoint, j as VersionRollbackEndpoint } from '../../import-B7KS4Wvh.js';
+import { C as CreateEndpoint, M as ModelObject, D as DeleteEndpoint, L as ListEndpoint, R as ReadEndpoint, U as UpdateEndpoint, B as BatchCreateEndpoint, b as BatchDeleteEndpoint, c as BatchRestoreEndpoint, d as BatchUpdateEndpoint, e as BatchUpdateItem, f as BatchUpsertEndpoint, a as RestoreEndpoint, A as AggregateEndpoint, E as ExportEndpoint, I as ImportEndpoint, S as SearchEndpoint, g as UpsertEndpoint, V as VersionCompareEndpoint, h as VersionHistoryEndpoint, i as VersionReadEndpoint, j as VersionRollbackEndpoint } from '../../import-BZ05PJMa.js';
 import { M as MetaInput, L as ListFilters, P as PaginatedResult, I as IncludeOptions, j as AggregateOptions, k as AggregateResult, m as AggregateField, S as SearchOptions, l as SearchResult } from '../../types-CA784ZtV.js';
 import 'zod';
 import '../../route-DwSID3du.js';

package/dist/adapters/prisma/index.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { CreateEndpoint, ReadEndpoint, UpdateEndpoint, DeleteEndpoint, ListEndpoint, RestoreEndpoint, BatchCreateEndpoint, BatchUpdateEndpoint, BatchDeleteEndpoint, BatchRestoreEndpoint, BatchUpsertEndpoint, SearchEndpoint, searchInMemory, ExportEndpoint, ImportEndpoint, UpsertEndpoint, VersionHistoryEndpoint, VersionReadEndpoint, VersionCompareEndpoint, VersionRollbackEndpoint, AggregateEndpoint, computeAggregations } from '../../chunk-LCRNKT65.js';
+import { CreateEndpoint, ReadEndpoint, UpdateEndpoint, DeleteEndpoint, ListEndpoint, RestoreEndpoint, BatchCreateEndpoint, BatchUpdateEndpoint, BatchDeleteEndpoint, BatchRestoreEndpoint, BatchUpsertEndpoint, SearchEndpoint, searchInMemory, ExportEndpoint, ImportEndpoint, UpsertEndpoint, VersionHistoryEndpoint, VersionReadEndpoint, VersionCompareEndpoint, VersionRollbackEndpoint, AggregateEndpoint, computeAggregations } from '../../chunk-T6J4NSMC.js';
 import '../../chunk-CDCGYMC6.js';
 import '../../chunk-U3SUUXJK.js';
 import '../../chunk-FST5S5UY.js';

package/dist/auth/index.js CHANGED Viewed

@@ -1,4 +1,4 @@
-export { AuthenticatedEndpoint, JWTClaimsSchema, allOf, allowAll, anyOf, createAPIKeyMiddleware, createAuthMiddleware, createJWTMiddleware, decodeJWT, defaultHashAPIKey, denyAll, optionalAuth, parseJWTClaims, requireAllRoles, requireAnyPermission, requireAuth, requireAuthenticated, requireAuthentication, requireOwnership, requireOwnershipOrRole, requirePermissions, requireRoles, safeParseJWTClaims, validateAPIKey, validateAPIKeyEntry, validateJWTClaims, verifyJWT, withAuth } from '../chunk-KP4HGONO.js';
+export { AuthenticatedEndpoint, JWTClaimsSchema, allOf, allowAll, anyOf, createAPIKeyMiddleware, createAuthMiddleware, createJWTMiddleware, decodeJWT, defaultHashAPIKey, denyAll, optionalAuth, parseJWTClaims, requireAllRoles, requireAnyPermission, requireAuth, requireAuthenticated, requireAuthentication, requireOwnership, requireOwnershipOrRole, requirePermissions, requireRoles, safeParseJWTClaims, validateAPIKey, validateAPIKeyEntry, validateJWTClaims, verifyJWT, withAuth } from '../chunk-57J3NJYN.js';
 export { MemoryAPIKeyStorage, generateAPIKey, getAPIKeyStorage, hashAPIKey, isValidAPIKeyFormat, setAPIKeyStorage } from '../chunk-6LS3LNIH.js';
 import '../chunk-CDCGYMC6.js';
 import '../chunk-FST5S5UY.js';

package/dist/{bulk-patch-B6j0q_p_.d.ts → bulk-patch-f4TR8L-q.d.ts} RENAMED Viewed

@@ -2,7 +2,7 @@ import { ZodObject, ZodRawShape } from 'zod';
 import { Env } from 'hono';
 import { O as OpenAPIRoute } from './route-DwSID3du.js';
 import { M as MetaInput, N as NormalizedSoftDeleteConfig, a as NormalizedMultiTenantConfig, O as OpenAPIRouteSchema, H as HookMode, L as ListFilters } from './types-CA784ZtV.js';
-import { M as ModelObject } from './import-B7KS4Wvh.js';
+import { M as ModelObject } from './import-BZ05PJMa.js';
 /**
  * Base endpoint for cloning/duplicating a resource.

package/dist/cache/index.js CHANGED Viewed

@@ -1,5 +1,5 @@
 export { RedisCacheStorage } from '../chunk-YJMGFVHZ.js';
-export { MemoryCacheStorage, createInvalidationPattern, createRelatedPatterns, generateCacheKey, getCacheStorage, matchesPattern, parseCacheKey, setCacheStorage, withCache, withCacheInvalidation } from '../chunk-WOFE46VS.js';
+export { MemoryCacheStorage, createInvalidationPattern, createRelatedPatterns, generateCacheKey, getCacheStorage, matchesPattern, parseCacheKey, setCacheStorage, withCache, withCacheInvalidation } from '../chunk-Y74QJH7Y.js';
 import '../chunk-6LS3LNIH.js';
 import '../chunk-U3SUUXJK.js';
 import '../chunk-FST5S5UY.js';

package/dist/{chunk-KP4HGONO.js → chunk-57J3NJYN.js} RENAMED Viewed

@@ -355,9 +355,7 @@ function requireRoles(...roles) {
     const userRoles = user.roles || [];
     const hasRole = roles.some((role) => userRoles.includes(role));
     if (!hasRole) {
-      throw new ForbiddenException(
-        `Required role: ${roles.join(" or ")}`
-      );
+      throw new ForbiddenException("Insufficient permissions");
     }
     await next();
   };
@@ -371,9 +369,7 @@ function requireAllRoles(...roles) {
     const userRoles = user.roles || [];
     const hasAllRoles = roles.every((role) => userRoles.includes(role));
     if (!hasAllRoles) {
-      throw new ForbiddenException(
-        `Required roles: ${roles.join(" and ")}`
-      );
+      throw new ForbiddenException("Insufficient permissions");
     }
     await next();
   };
@@ -387,9 +383,7 @@ function requirePermissions(...permissions) {
     const userPermissions = user.permissions || [];
     const hasAllPermissions = permissions.every((perm) => userPermissions.includes(perm));
     if (!hasAllPermissions) {
-      throw new ForbiddenException(
-        `Required permissions: ${permissions.join(", ")}`
-      );
+      throw new ForbiddenException("Insufficient permissions");
     }
     await next();
   };
@@ -403,9 +397,7 @@ function requireAnyPermission(...permissions) {
     const userPermissions = user.permissions || [];
     const hasAnyPermission = permissions.some((perm) => userPermissions.includes(perm));
     if (!hasAnyPermission) {
-      throw new ForbiddenException(
-        `Required permission: ${permissions.join(" or ")}`
-      );
+      throw new ForbiddenException("Insufficient permissions");
     }
     await next();
   };
@@ -453,7 +445,7 @@ function requireOwnershipOrRole(getOwnerId, ...roles) {
       await next();
       return;
     }
-    throw new ForbiddenException("Access denied: not resource owner and missing required role");
+    throw new ForbiddenException("Access denied");
   };
 }
 function allOf(...guards) {

package/dist/{chunk-G7OXZ24G.js → chunk-G7IQ5DWC.js} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { CreateEndpoint, ReadEndpoint, UpdateEndpoint, DeleteEndpoint, ListEndpoint, RestoreEndpoint, BatchCreateEndpoint, BatchUpdateEndpoint, BatchDeleteEndpoint, BatchRestoreEndpoint, BatchUpsertEndpoint, getSchemaFields, parseListFilters, UpsertEndpoint, VersionHistoryEndpoint, VersionReadEndpoint, VersionCompareEndpoint, VersionRollbackEndpoint, AggregateEndpoint, computeAggregations, SearchEndpoint, searchInMemory, ExportEndpoint, ImportEndpoint } from './chunk-LCRNKT65.js';
+import { CreateEndpoint, ReadEndpoint, UpdateEndpoint, DeleteEndpoint, ListEndpoint, RestoreEndpoint, BatchCreateEndpoint, BatchUpdateEndpoint, BatchDeleteEndpoint, BatchRestoreEndpoint, BatchUpsertEndpoint, getSchemaFields, parseListFilters, UpsertEndpoint, VersionHistoryEndpoint, VersionReadEndpoint, VersionCompareEndpoint, VersionRollbackEndpoint, AggregateEndpoint, computeAggregations, SearchEndpoint, searchInMemory, ExportEndpoint, ImportEndpoint } from './chunk-T6J4NSMC.js';
 import { OpenAPIRoute } from './chunk-CDCGYMC6.js';
 import { decodeCursor, encodeCursor, getSoftDeleteConfig, getMultiTenantConfig, extractTenantId, applyComputedFields } from './chunk-U3SUUXJK.js';
 import { NotFoundException } from './chunk-FST5S5UY.js';

package/dist/{chunk-IPGNLIJV.js → chunk-I36Y45QN.js} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { matchPath } from './chunk-WOFE46VS.js';
+import { matchPath } from './chunk-Y74QJH7Y.js';
 // src/logging/storage/memory.ts
 var MemoryLoggingStorage = class {

package/dist/{chunk-LCRNKT65.js → chunk-T6J4NSMC.js} RENAMED Viewed

@@ -4552,6 +4552,11 @@ var AggregateEndpoint = class extends OpenAPIRoute {
    * Override to restrict which fields can be aggregated.
    */
   aggregateConfig = {};
+  /**
+   * Maximum number of GROUP BY fields allowed per query.
+   * Prevents cardinality explosion from too many grouping dimensions.
+   */
+  maxGroupByFields = 5;
   /**
    * Fields that can be used for filtering.
    * Empty array means all fields are allowed.
@@ -4690,6 +4695,11 @@ var AggregateEndpoint = class extends OpenAPIRoute {
       }
     }
     if (options.groupBy) {
+      if (options.groupBy.length > this.maxGroupByFields) {
+        throw new InputValidationException(
+          `Maximum ${this.maxGroupByFields} GROUP BY fields allowed`
+        );
+      }
       for (const field of options.groupBy) {
         if (config.groupByFields.length > 0 && !config.groupByFields.includes(field)) {
           throw new Error(`Field '${field}' is not allowed for GROUP BY`);
@@ -5146,6 +5156,10 @@ var SearchEndpoint = class extends OpenAPIRoute {
    * Minimum query length required to perform search.
    */
   minQueryLength = 2;
+  /**
+   * Maximum query length allowed to prevent CPU exhaustion from long search strings.
+   */
+  maxQueryLength = 500;
   /**
    * HTML tag used to wrap highlighted matches.
    */
@@ -5242,7 +5256,7 @@ var SearchEndpoint = class extends OpenAPIRoute {
   getQuerySchema() {
     const shape = {
       // Search parameters
-      q: z.string().min(this.minQueryLength).describe("Search query"),
+      q: z.string().min(this.minQueryLength).max(this.maxQueryLength).describe("Search query"),
       fields: z.string().optional().describe(
         `Comma-separated fields to search. Available: ${Object.keys(this.getSearchableFields()).join(", ")}`
       ),
@@ -5564,6 +5578,11 @@ function escapeCsvValue(value, options = {}) {
     return value ? "true" : "false";
   }
   const str = String(value);
+  const firstChar = str.charAt(0);
+  if (firstChar === "=" || firstChar === "+" || firstChar === "-" || firstChar === "@" || firstChar === "	" || firstChar === "\r") {
+    const escaped = str.replace(/"/g, '""');
+    return `"	${escaped}"`;
+  }
   const needsQuoting = str.includes(delimiter) || str.includes('"') || str.includes("\n") || str.includes("\r");
   if (needsQuoting) {
     const escaped = str.replace(/"/g, '""');
@@ -5936,7 +5955,8 @@ var ExportEndpoint = class extends ListEndpoint {
    * Gets the filename for the export.
    */
   getExportFilename(format) {
-    const baseName = this.exportFilename || this._meta.model.tableName;
+    const rawName = this.exportFilename || this._meta.model.tableName;
+    const baseName = rawName.replace(/[^a-zA-Z0-9_-]/g, "_");
     const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
     return `${baseName}-export-${timestamp}.${format}`;
   }
@@ -6030,6 +6050,10 @@ var ExportEndpoint = class extends ListEndpoint {
    * Escapes a CSV field value for safe output.
    */
   escapeCsvField(value) {
+    const firstChar = value.charAt(0);
+    if (firstChar === "=" || firstChar === "+" || firstChar === "-" || firstChar === "@" || firstChar === "	" || firstChar === "\r") {
+      return `"	${value.replace(/"/g, '""')}"`;
+    }
     if (value.includes(",") || value.includes('"') || value.includes("\n") || value.includes("\r")) {
       return `"${value.replace(/"/g, '""')}"`;
     }
@@ -6080,12 +6104,13 @@ var ExportEndpoint = class extends ListEndpoint {
    * Overrides pagination to fetch up to maxExportRecords.
    */
   async fetchAllForExport(filters) {
+    const effectiveLimit = Math.min(this.maxExportRecords, 1e5);
     const exportFilters = {
       ...filters,
       options: {
         ...filters.options,
         page: 1,
-        per_page: this.maxExportRecords
+        per_page: effectiveLimit
       }
     };
     const result = await this.list(exportFilters);
@@ -6125,6 +6150,8 @@ var ImportEndpoint = class extends OpenAPIRoute {
   immutableFields = [];
   /** CSV parsing options. */
   csvOptions = {};
+  /** Maximum body size in bytes for import requests (default: 10MB). */
+  maxBodySize = 10 * 1024 * 1024;
   /** Fields that are optional during import (won't cause validation errors if missing). */
   optionalImportFields = [];
   // Audit logging
@@ -6322,6 +6349,9 @@ var ImportEndpoint = class extends OpenAPIRoute {
     }
     if (contentType.includes("text/csv")) {
       const csvContent = await ctx.req.text();
+      if (csvContent.length > this.maxBodySize) {
+        throw new InputValidationException(`Request body exceeds maximum size of ${this.maxBodySize} bytes`);
+      }
       return this.parseCsvData(csvContent);
     }
     if (contentType.includes("multipart/form-data")) {
@@ -6331,9 +6361,17 @@ var ImportEndpoint = class extends OpenAPIRoute {
         throw new InputValidationException("No file provided in form data");
       }
       const content = await file.text();
+      if (content.length > this.maxBodySize) {
+        throw new InputValidationException(`Uploaded file exceeds maximum size of ${this.maxBodySize} bytes`);
+      }
       const filename = file.name.toLowerCase();
       if (filename.endsWith(".json")) {
-        const body = JSON.parse(content);
+        let body;
+        try {
+          body = JSON.parse(content);
+        } catch {
+          throw new InputValidationException("Invalid JSON content in uploaded file");
+        }
         const items = Array.isArray(body) ? body : body.items;
         if (!items || !Array.isArray(items)) {
           throw new InputValidationException('JSON file must contain an array or an object with "items" array');
@@ -6348,7 +6386,12 @@ var ImportEndpoint = class extends OpenAPIRoute {
       }
       const trimmed = content.trim();
       if (trimmed.startsWith("[") || trimmed.startsWith("{")) {
-        const body = JSON.parse(content);
+        let body;
+        try {
+          body = JSON.parse(content);
+        } catch {
+          throw new InputValidationException("Invalid JSON content in uploaded file");
+        }
         const items = Array.isArray(body) ? body : body.items;
         if (!items || !Array.isArray(items)) {
           throw new InputValidationException('JSON file must contain an array or an object with "items" array');

package/dist/{chunk-WOFE46VS.js → chunk-Y74QJH7Y.js} RENAMED Viewed

@@ -85,24 +85,22 @@ function shouldExcludePath(path, includePaths, excludePaths) {
   }
   return true;
 }
-function extractClientIp(ctx, ipHeader = "X-Forwarded-For", trustProxy = true) {
-  if (trustProxy) {
-    const proxyHeader = ctx.req.header(ipHeader);
-    if (proxyHeader) {
-      const firstIP = proxyHeader.split(",")[0].trim();
-      if (firstIP) {
-        return firstIP;
-      }
-    }
-    const realIP = ctx.req.header("X-Real-IP");
-    if (realIP) {
-      return realIP.trim();
-    }
-    const cfIP = ctx.req.header("CF-Connecting-IP");
-    if (cfIP) {
-      return cfIP.trim();
+function extractClientIp(ctx, ipHeader = "X-Forwarded-For", _trustProxy = false) {
+  const proxyHeader = ctx.req.header(ipHeader);
+  if (proxyHeader) {
+    const firstIP = proxyHeader.split(",")[0].trim();
+    if (firstIP) {
+      return firstIP;
     }
   }
+  const realIP = ctx.req.header("X-Real-IP");
+  if (realIP) {
+    return realIP.trim();
+  }
+  const cfIP = ctx.req.header("CF-Connecting-IP");
+  if (cfIP) {
+    return cfIP.trim();
+  }
   const raw = ctx.req.raw;
   if (raw && "socket" in raw && raw.socket && typeof raw.socket === "object") {
     const socket = raw.socket;
@@ -166,6 +164,14 @@ function generateRequestId() {
   if (typeof crypto !== "undefined" && crypto.randomUUID) {
     return crypto.randomUUID();
   }
+  if (typeof crypto !== "undefined" && crypto.getRandomValues) {
+    const bytes = new Uint8Array(16);
+    crypto.getRandomValues(bytes);
+    bytes[6] = bytes[6] & 15 | 64;
+    bytes[8] = bytes[8] & 63 | 128;
+    const hex = Array.from(bytes, (b) => b.toString(16).padStart(2, "0")).join("");
+    return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
+  }
   return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
     const r = Math.random() * 16 | 0;
     const v = c === "x" ? r : r & 3 | 8;
@@ -182,7 +188,7 @@ var RateLimitExceededException = class extends ApiException {
 };
 // src/rate-limit/utils.ts
-function extractIP(ctx, ipHeader = "X-Forwarded-For", trustProxy = true) {
+function extractIP(ctx, ipHeader = "X-Forwarded-For", trustProxy = false) {
   if (trustProxy) {
     const proxyHeader = ctx.req.header(ipHeader);
     if (proxyHeader) {
@@ -317,7 +323,7 @@ function createLoggingMiddleware(config = {}) {
   const includeQuery = config.includeQuery ?? true;
   const includeClientIp = config.includeClientIp ?? true;
   const ipHeader = config.ipHeader ?? "X-Forwarded-For";
-  const trustProxy = config.trustProxy ?? true;
+  const trustProxy = config.trustProxy ?? false;
   const minResponseTimeMs = config.minResponseTimeMs ?? 0;
   const generateRequestId2 = config.generateRequestId ?? generateRequestId;
   return async (ctx, next) => {
@@ -609,7 +615,7 @@ var MemoryCacheStorage = class {
   maxEntries;
   constructor(options) {
     this.defaultTtl = options?.defaultTtl ?? 300;
-    this.maxEntries = options?.maxEntries ?? 0;
+    this.maxEntries = options?.maxEntries ?? 1e4;
   }
   /**
    * Get a cached entry by key.

package/dist/{import-B7KS4Wvh.d.ts → import-BZ05PJMa.d.ts} RENAMED Viewed

@@ -2057,6 +2057,11 @@ declare abstract class AggregateEndpoint<E extends Env = Env, M extends MetaInpu
      * Override to restrict which fields can be aggregated.
      */
     protected aggregateConfig: AggregateConfig;
+    /**
+     * Maximum number of GROUP BY fields allowed per query.
+     * Prevents cardinality explosion from too many grouping dimensions.
+     */
+    protected maxGroupByFields: number;
     /**
      * Fields that can be used for filtering.
      * Empty array means all fields are allowed.
@@ -2162,6 +2167,10 @@ declare abstract class SearchEndpoint<E extends Env = Env, M extends MetaInput =
      * Minimum query length required to perform search.
      */
     protected minQueryLength: number;
+    /**
+     * Maximum query length allowed to prevent CPU exhaustion from long search strings.
+     */
+    protected maxQueryLength: number;
     /**
      * HTML tag used to wrap highlighted matches.
      */
@@ -2701,6 +2710,8 @@ declare abstract class ImportEndpoint<E extends Env = Env, M extends MetaInput =
     protected immutableFields: string[];
     /** CSV parsing options. */
     protected csvOptions: Partial<CsvParseOptions>;
+    /** Maximum body size in bytes for import requests (default: 10MB). */
+    protected maxBodySize: number;
     /** Fields that are optional during import (won't cause validation errors if missing). */
     protected optionalImportFields: string[];
     private _auditLogger?;

package/dist/{index-Dm8-ODYA.d.ts → index-431Ovi2o.d.ts} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { P as PathPattern, c as RateLimitConfig, f as RateLimitStorage, F as FixedWindowEntry, S as SlidingWindowEntry, d as RateLimitEntry } from './types-Bc7ebF5x.js';
+import { P as PathPattern, c as RateLimitConfig, f as RateLimitStorage, F as FixedWindowEntry, S as SlidingWindowEntry, d as RateLimitEntry } from './types-BO3G_MZk.js';
 import { HTTPException } from 'hono/http-exception';
 import { ZodError } from 'zod';
 import { ContentfulStatusCode } from 'hono/utils/http-status';
@@ -85,7 +85,7 @@ declare class RateLimitExceededException extends ApiException {
  *
  * @param ctx - Hono context
  * @param ipHeader - Header name for proxy IP (default: 'X-Forwarded-For')
- * @param trustProxy - Whether to trust proxy headers (default: true)
+ * @param trustProxy - Whether to trust proxy headers (default: false)
  * @returns The client IP address or 'unknown'
  */
 declare function extractIP<E extends Env>(ctx: Context<E>, ipHeader?: string, trustProxy?: boolean): string;

package/dist/{index-5BEg0ty5.d.ts → index-bSnRLgcs.d.ts} RENAMED Viewed

@@ -1,5 +1,5 @@
 import { M as MetaInput, H as HookMode } from './types-CA784ZtV.js';
-import { M as ModelObject } from './import-B7KS4Wvh.js';
+import { M as ModelObject } from './import-BZ05PJMa.js';
 /**
  * Config-Based API for defining CRUD endpoints.

package/dist/index.d.ts CHANGED Viewed

@@ -1,9 +1,9 @@
 import { A as AuthEnv } from './memory-B_NZbOQP.js';
 export { a as APIKeyConfig, b as APIKeyEntry, c as APIKeyLookupResult, d as AuthConfig, e as AuthType, f as AuthUser, g as AuthorizationCheck, E as EndpointAuthConfig, G as Guard, J as JWTAlgorithm, h as JWTClaims, i as JWTClaimsSchema, j as JWTConfig, M as MemoryAPIKeyStorage, O as OwnershipExtractor, P as PathPattern, V as ValidatedJWTClaims, k as generateAPIKey, l as getAPIKeyStorage, m as hashAPIKey, n as isValidAPIKeyFormat, p as parseJWTClaims, s as safeParseJWTClaims, o as setAPIKeyStorage } from './memory-B_NZbOQP.js';
-import { L as LoggingEnv } from './types-B8CWg4nO.js';
-export { a as LogEntry, b as LogLevel, c as LogQueryOptions, d as LoggingConfig, P as LoggingPathPattern, e as LoggingStorage, R as RedactField, f as RequestBodyConfig, g as RequestLogEntry, h as ResponseBodyConfig, i as ResponseLogEntry } from './types-B8CWg4nO.js';
-import { R as RateLimitEnv } from './types-Bc7ebF5x.js';
-export { F as FixedWindowEntry, K as KeyExtractor, a as KeyStrategy, O as OnRateLimitExceeded, b as RateLimitAlgorithm, c as RateLimitConfig, d as RateLimitEntry, P as RateLimitPathPattern, e as RateLimitResult, f as RateLimitStorage, g as RateLimitTier, S as SlidingWindowEntry, T as TierFunction } from './types-Bc7ebF5x.js';
+import { L as LoggingEnv } from './types-DnQWCfXp.js';
+export { a as LogEntry, b as LogLevel, c as LogQueryOptions, d as LoggingConfig, P as LoggingPathPattern, e as LoggingStorage, R as RedactField, f as RequestBodyConfig, g as RequestLogEntry, h as ResponseBodyConfig, i as ResponseLogEntry } from './types-DnQWCfXp.js';
+import { R as RateLimitEnv } from './types-BO3G_MZk.js';
+export { F as FixedWindowEntry, K as KeyExtractor, a as KeyStrategy, O as OnRateLimitExceeded, b as RateLimitAlgorithm, c as RateLimitConfig, d as RateLimitEntry, P as RateLimitPathPattern, e as RateLimitResult, f as RateLimitStorage, g as RateLimitTier, S as SlidingWindowEntry, T as TierFunction } from './types-BO3G_MZk.js';
 import { StorageEnv } from './storage/index.js';
 export { StorageMiddlewareConfig, StorageRegistry, createAPIKeyStorageMiddleware, createAuditStorageMiddleware, createCacheStorageMiddleware, createLoggingStorageMiddleware, createNullableRegistry, createRateLimitStorageMiddleware, createRegistryWithDefault, createStorageMiddleware, createVersioningStorageMiddleware, resolveAPIKeyStorage, resolveAuditStorage, resolveCacheStorage, resolveLoggingStorage, resolveRateLimitStorage, resolveVersioningStorage } from './storage/index.js';
 import { O as OpenAPIRoute } from './route-DwSID3du.js';
@@ -12,12 +12,12 @@ import { Env, MiddlewareHandler, Hono, Context, ErrorHandler } from 'hono';
 import { OpenAPIHono, Hook } from '@hono/zod-openapi';
 import { O as OpenAPIRouteSchema, t as SearchFieldConfig, u as SearchMode, M as MetaInput, H as HookMode } from './types-CA784ZtV.js';
 export { s as AggregateConfig, m as AggregateField, w as AggregateOperation, j as AggregateOptions, k as AggregateResult, b as AuditAction, c as AuditConfig, f as AuditFieldChange, A as AuditLogEntry, C as CascadeAction, x as CascadeConfig, y as ComputedFieldConfig, z as ComputedFieldFn, B as ComputedFieldsConfig, E as ErrorResponse, F as FilterCondition, o as FilterConfig, p as FilterOperator, D as HandleArgs, G as HookConfig, J as HookFn, I as IncludeOptions, K as InferMeta, Q as InferModel, T as InferSchema, L as ListFilters, U as ListOptions, n as Model, W as ModelTable, X as MultiTenantConfig, Y as NestedCreateManyInput, Z as NestedCreateOneInput, h as NestedUpdateInput, _ as NestedWriteConfig, i as NestedWriteResult, $ as NestedWritesConfig, q as NormalizedAuditConfig, a as NormalizedMultiTenantConfig, N as NormalizedSoftDeleteConfig, r as NormalizedVersioningConfig, P as PaginatedResult, a0 as PartialBy, g as RelationConfig, a1 as RelationType, a2 as RelationsConfig, a3 as RequiredBy, R as RouteOptions, a4 as SchemaKeys, a5 as SearchConfig, S as SearchOptions, l as SearchResult, v as SearchResultItem, a6 as SoftDeleteConfig, a7 as SuccessResponse, V as ValidatedData, d as VersionHistoryEntry, e as VersioningConfig, a8 as applyComputedFields, a9 as applyComputedFieldsToArray, aa as calculateChanges, ab as decodeCursor, ac as defineMeta, ad as defineModel, ae as encodeCursor, af as extractNestedData, ag as extractTenantId, ah as getAuditConfig, ai as getMultiTenantConfig, aj as getSoftDeleteConfig, ak as getVersioningConfig, al as isDirectNestedData, am as parseAggregateField, an as parseAggregateQuery, ao as parseSearchMode } from './types-CA784ZtV.js';
-import { A as ApiException } from './index-Dm8-ODYA.js';
-export { a as AggregationException, C as CacheException, b as ConfigurationException, c as ConflictException, F as ForbiddenException, I as InputValidationException, M as MemoryRateLimitStorage, d as MemoryRateLimitStorageOptions, N as NotFoundException, R as RateLimitExceededException, e as RedisRateLimitClient, f as RedisRateLimitStorage, g as RedisRateLimitStorageOptions, U as UnauthorizedException, h as createRateLimitMiddleware, i as extractAPIKey, j as extractIP, k as extractUserId, l as generateKey, m as getRateLimitStorage, n as matchPath, r as resetRateLimit, s as setRateLimitStorage, o as shouldSkipPath } from './index-Dm8-ODYA.js';
+import { A as ApiException } from './index-431Ovi2o.js';
+export { a as AggregationException, C as CacheException, b as ConfigurationException, c as ConflictException, F as ForbiddenException, I as InputValidationException, M as MemoryRateLimitStorage, d as MemoryRateLimitStorageOptions, N as NotFoundException, R as RateLimitExceededException, e as RedisRateLimitClient, f as RedisRateLimitStorage, g as RedisRateLimitStorageOptions, U as UnauthorizedException, h as createRateLimitMiddleware, i as extractAPIKey, j as extractIP, k as extractUserId, l as generateKey, m as getRateLimitStorage, n as matchPath, r as resetRateLimit, s as setRateLimitStorage, o as shouldSkipPath } from './index-431Ovi2o.js';
 export { a as AuditLogStorage, A as AuditLogger, M as MemoryAuditLogStorage, b as MemoryVersioningStorage, V as VersionManager, c as VersioningStorage, d as createAuditLogger, e as createVersionManager, g as getAuditStorage, f as getVersioningStorage, s as setAuditStorage, h as setVersioningStorage } from './versioning-BG8-R7C0.js';
-import { M as ModelObject } from './import-B7KS4Wvh.js';
-export { A as AggregateEndpoint, B as BatchCreateEndpoint, b as BatchDeleteEndpoint, k as BatchDeleteResult, c as BatchRestoreEndpoint, l as BatchRestoreResult, d as BatchUpdateEndpoint, e as BatchUpdateItem, m as BatchUpdateResult, f as BatchUpsertEndpoint, n as BatchUpsertItemResult, o as BatchUpsertResult, p as CascadeResult, C as CreateEndpoint, q as CsvGenerateOptions, r as CsvParseError, s as CsvParseOptions, t as CsvParseResult, u as CsvValidationResult, D as DeleteEndpoint, E as ExportEndpoint, v as ExportFormat, w as ExportOptions, x as ExportResult, F as FieldSelection, y as FieldSelectionConfig, I as ImportEndpoint, z as ImportMode, G as ImportOptions, H as ImportResult, J as ImportRowResult, K as ImportRowStatus, N as ImportSummary, L as ListEndpoint, O as ListEndpointConfig, R as ReadEndpoint, a as RestoreEndpoint, S as SearchEndpoint, P as SingleEndpointConfig, U as UpdateEndpoint, Q as UpdateEndpointConfig, g as UpsertEndpoint, T as UpsertResult, V as VersionCompareEndpoint, h as VersionHistoryEndpoint, i as VersionReadEndpoint, j as VersionRollbackEndpoint, W as applyFieldSelection, X as applyFieldSelectionToArray, Y as computeAggregations, Z as createCsvStream, _ as csvToJson, $ as escapeCsvValue, a0 as generateCsv, a1 as getSchemaFields, a2 as inferCsvContentType, a3 as jsonToCsv, a4 as parseCsv, a5 as parseFieldSelection, a6 as parseFilterValue, a7 as parseListFilters, a8 as searchInMemory, a9 as validateCsvHeaders } from './import-B7KS4Wvh.js';
-export { B as BulkPatchEndpoint, a as BulkPatchResult, C as CloneEndpoint } from './bulk-patch-B6j0q_p_.js';
+import { M as ModelObject } from './import-BZ05PJMa.js';
+export { A as AggregateEndpoint, B as BatchCreateEndpoint, b as BatchDeleteEndpoint, k as BatchDeleteResult, c as BatchRestoreEndpoint, l as BatchRestoreResult, d as BatchUpdateEndpoint, e as BatchUpdateItem, m as BatchUpdateResult, f as BatchUpsertEndpoint, n as BatchUpsertItemResult, o as BatchUpsertResult, p as CascadeResult, C as CreateEndpoint, q as CsvGenerateOptions, r as CsvParseError, s as CsvParseOptions, t as CsvParseResult, u as CsvValidationResult, D as DeleteEndpoint, E as ExportEndpoint, v as ExportFormat, w as ExportOptions, x as ExportResult, F as FieldSelection, y as FieldSelectionConfig, I as ImportEndpoint, z as ImportMode, G as ImportOptions, H as ImportResult, J as ImportRowResult, K as ImportRowStatus, N as ImportSummary, L as ListEndpoint, O as ListEndpointConfig, R as ReadEndpoint, a as RestoreEndpoint, S as SearchEndpoint, P as SingleEndpointConfig, U as UpdateEndpoint, Q as UpdateEndpointConfig, g as UpsertEndpoint, T as UpsertResult, V as VersionCompareEndpoint, h as VersionHistoryEndpoint, i as VersionReadEndpoint, j as VersionRollbackEndpoint, W as applyFieldSelection, X as applyFieldSelectionToArray, Y as computeAggregations, Z as createCsvStream, _ as csvToJson, $ as escapeCsvValue, a0 as generateCsv, a1 as getSchemaFields, a2 as inferCsvContentType, a3 as jsonToCsv, a4 as parseCsv, a5 as parseFieldSelection, a6 as parseFilterValue, a7 as parseListFilters, a8 as searchInMemory, a9 as validateCsvHeaders } from './import-BZ05PJMa.js';
+export { B as BulkPatchEndpoint, a as BulkPatchResult, C as CloneEndpoint } from './bulk-patch-f4TR8L-q.js';
 export { S as ScalarConfig, a as ScalarTheme, U as UIOptions, s as scalarUI, b as setupDocs, c as setupDocsIndex, d as setupReDoc, e as setupScalar, f as setupSwaggerUI } from './ui-CNJUoCg1.js';
 import { z } from 'zod';
 export { AuthEndpointMethods, AuthenticatedEndpoint, JWTClaimsValidationOptions, allOf, allowAll, anyOf, createAPIKeyMiddleware, createAuthMiddleware, createJWTMiddleware, decodeJWT, defaultHashAPIKey, denyAll, optionalAuth, requireAllRoles, requireAnyPermission, requireAuth, requireAuthenticated, requireAuthentication, requireOwnership, requireOwnershipOrRole, requirePermissions, requireRoles, validateAPIKey, validateAPIKeyEntry, validateJWTClaims, verifyJWT, withAuth } from './auth/index.js';
@@ -25,7 +25,7 @@ export { C as CacheConfig, a as CacheEntry, b as CacheInvalidationConfig, c as C
 export { CacheEndpointMethods, CacheInvalidationMethods, MemoryCacheStorage, RedisCacheStorage, RedisCacheStorageOptions, RedisClient, createInvalidationPattern, createRelatedPatterns, generateCacheKey, getCacheStorage, matchesPattern, parseCacheKey, setCacheStorage, withCache, withCacheInvalidation } from './cache/index.js';
 export { MemoryLoggingStorage, MemoryLoggingStorageOptions, createLoggingMiddleware, extractClientIp, extractHeaders, extractUserId as extractLoggingUserId, extractQuery, generateRequestId, getLoggingStorage, getRequestId, getRequestStartTime, isAllowedContentType, matchPath as matchLoggingPath, redactHeaders, redactObject, setLoggingStorage, shouldExcludePath, shouldRedact, truncateBody } from './logging/index.js';
 import * as hono_types from 'hono/types';
-export { A as AdapterBundle, C as ConfigCreateEndpoint, D as ConfigDeleteEndpoint, L as ConfigListEndpoint, R as ConfigReadEndpoint, U as ConfigUpdateEndpoint, E as EndpointsConfig, G as GeneratedEndpoints, M as MemoryAdapters, d as defineEndpoints } from './index-5BEg0ty5.js';
+export { A as AdapterBundle, C as ConfigCreateEndpoint, D as ConfigDeleteEndpoint, L as ConfigListEndpoint, R as ConfigReadEndpoint, U as ConfigUpdateEndpoint, E as EndpointsConfig, G as GeneratedEndpoints, M as MemoryAdapters, d as defineEndpoints } from './index-bSnRLgcs.js';
 import 'hono/utils/http-status';
 import 'hono/http-exception';
@@ -484,6 +484,11 @@ declare class CrudEventEmitter {
     private tableListeners;
     /** Listeners for all events on all tables */
     private globalListeners;
+    /** Maximum listeners per event key. 0 = unlimited. */
+    private maxListeners;
+    constructor(options?: {
+        maxListeners?: number;
+    });
     /**
      * Subscribe to a specific event type on a specific table.
      */
@@ -546,10 +551,17 @@ interface SubscribeEndpointConfig {
     filter?: (event: CrudEventPayload, ctx: Context) => boolean;
     /** Heartbeat interval in milliseconds. @default 30000 */
     heartbeatInterval?: number;
+    /** Maximum concurrent SSE connections per table. @default 1000 */
+    maxConnections?: number;
+    /** Connection timeout in milliseconds. @default 300000 (5 min) */
+    connectionTimeout?: number;
+    /** Fields to strip from event payloads before streaming. @default ['password', 'token', 'secret', 'apiKey', 'creditCard', 'ssn'] */
+    excludeFields?: string[];
 }
 /**
  * Create an SSE subscription handler for real-time CRUD events.
  * Uses Hono's built-in `streamSSE()` which works on Cloudflare Workers.
+ * Edge-compatible: uses stream.sleep() instead of setInterval/setTimeout.
  *
  * @example
  * ```ts
@@ -1535,8 +1547,11 @@ declare class MemoryIdempotencyStorage implements IdempotencyStorage {
     private cleanupInterval;
     /** Timestamp of last cleanup run */
     private lastCleanup;
+    /** Maximum number of entries before evicting oldest */
+    private maxEntries;
     constructor(options?: {
         cleanupInterval?: number;
+        maxEntries?: number;
     });
     private maybeCleanup;
     private cleanupExpired;

package/dist/index.js CHANGED Viewed

@@ -1,19 +1,19 @@
-import { MemoryDeleteEndpoint, MemoryUpdateEndpoint, MemoryReadEndpoint, MemoryListEndpoint, MemoryCreateEndpoint } from './chunk-G7OXZ24G.js';
-export { BulkPatchEndpoint, CloneEndpoint } from './chunk-G7OXZ24G.js';
+import { MemoryDeleteEndpoint, MemoryUpdateEndpoint, MemoryReadEndpoint, MemoryListEndpoint, MemoryCreateEndpoint } from './chunk-G7IQ5DWC.js';
+export { BulkPatchEndpoint, CloneEndpoint } from './chunk-G7IQ5DWC.js';
 export { scalarUI, setupDocs, setupDocsIndex, setupReDoc, setupScalar, setupSwaggerUI } from './chunk-CNE7UR5E.js';
-export { AuthenticatedEndpoint, JWTClaimsSchema, allOf, allowAll, anyOf, createAPIKeyMiddleware, createAuthMiddleware, createJWTMiddleware, decodeJWT, defaultHashAPIKey, denyAll, optionalAuth, parseJWTClaims, requireAllRoles, requireAnyPermission, requireAuth, requireAuthenticated, requireAuthentication, requireOwnership, requireOwnershipOrRole, requirePermissions, requireRoles, safeParseJWTClaims, validateAPIKey, validateAPIKeyEntry, validateJWTClaims, verifyJWT, withAuth } from './chunk-KP4HGONO.js';
+export { AuthenticatedEndpoint, JWTClaimsSchema, allOf, allowAll, anyOf, createAPIKeyMiddleware, createAuthMiddleware, createJWTMiddleware, decodeJWT, defaultHashAPIKey, denyAll, optionalAuth, parseJWTClaims, requireAllRoles, requireAnyPermission, requireAuth, requireAuthenticated, requireAuthentication, requireOwnership, requireOwnershipOrRole, requirePermissions, requireRoles, safeParseJWTClaims, validateAPIKey, validateAPIKeyEntry, validateJWTClaims, verifyJWT, withAuth } from './chunk-57J3NJYN.js';
 export { RedisCacheStorage } from './chunk-YJMGFVHZ.js';
-export { MemoryLoggingStorage } from './chunk-IPGNLIJV.js';
+export { MemoryLoggingStorage } from './chunk-I36Y45QN.js';
 export { MemoryRateLimitStorage, RedisRateLimitStorage } from './chunk-MANRQHEB.js';
 export { createAPIKeyStorageMiddleware, createAuditStorageMiddleware, createCacheStorageMiddleware, createLoggingStorageMiddleware, createRateLimitStorageMiddleware, createStorageMiddleware, createVersioningStorageMiddleware } from './chunk-ZCHXXN7T.js';
-import { getRequestId } from './chunk-WOFE46VS.js';
-export { MemoryCacheStorage, RateLimitExceededException, createInvalidationPattern, createLoggingMiddleware, createRateLimitMiddleware, createRelatedPatterns, extractAPIKey, extractClientIp, extractHeaders, extractIP, extractUserId as extractLoggingUserId, extractQuery, extractUserId2 as extractUserId, generateCacheKey, generateKey, generateRequestId, getCacheStorage, getErrorMessage, getLoggingStorage, getRateLimitStorage, getRequestId, getRequestStartTime, isAllowedContentType, matchPath as matchLoggingPath, matchPath2 as matchPath, matchesPattern, parseCacheKey, redactHeaders, redactObject, resetRateLimit, resolveAPIKeyStorage, resolveAuditStorage, resolveCacheStorage, resolveLoggingStorage, resolveRateLimitStorage, resolveVersioningStorage, setCacheStorage, setLoggingStorage, setRateLimitStorage, shouldExcludePath, shouldRedact, shouldSkipPath, toError, truncateBody, withCache, withCacheInvalidation, wrapError } from './chunk-WOFE46VS.js';
+import { getRequestId } from './chunk-Y74QJH7Y.js';
+export { MemoryCacheStorage, RateLimitExceededException, createInvalidationPattern, createLoggingMiddleware, createRateLimitMiddleware, createRelatedPatterns, extractAPIKey, extractClientIp, extractHeaders, extractIP, extractUserId as extractLoggingUserId, extractQuery, extractUserId2 as extractUserId, generateCacheKey, generateKey, generateRequestId, getCacheStorage, getErrorMessage, getLoggingStorage, getRateLimitStorage, getRequestId, getRequestStartTime, isAllowedContentType, matchPath as matchLoggingPath, matchPath2 as matchPath, matchesPattern, parseCacheKey, redactHeaders, redactObject, resetRateLimit, resolveAPIKeyStorage, resolveAuditStorage, resolveCacheStorage, resolveLoggingStorage, resolveRateLimitStorage, resolveVersioningStorage, setCacheStorage, setLoggingStorage, setRateLimitStorage, shouldExcludePath, shouldRedact, shouldSkipPath, toError, truncateBody, withCache, withCacheInvalidation, wrapError } from './chunk-Y74QJH7Y.js';
 export { MemoryAPIKeyStorage, generateAPIKey, getAPIKeyStorage, hashAPIKey, isValidAPIKeyFormat, setAPIKeyStorage } from './chunk-6LS3LNIH.js';
-export { AggregateEndpoint, BatchCreateEndpoint, BatchDeleteEndpoint, BatchRestoreEndpoint, BatchUpdateEndpoint, BatchUpsertEndpoint, CreateEndpoint, DeleteEndpoint, ExportEndpoint, ImportEndpoint, ListEndpoint, ReadEndpoint, RestoreEndpoint, SearchEndpoint, UpdateEndpoint, UpsertEndpoint, VersionCompareEndpoint, VersionHistoryEndpoint, VersionReadEndpoint, VersionRollbackEndpoint, applyFieldSelection, applyFieldSelectionToArray, buildSearchConfig, calculateScore, computeAggregations, createCsvStream, csvToJson, escapeCsvValue, generateCsv, generateETag, generateHighlights, getSchemaFields, inferCsvContentType, jsonToCsv, matchesIfMatch, matchesIfNoneMatch, parseCsv, parseFieldSelection, parseFilterValue, parseListFilters, parseSearchFields, searchInMemory, termFrequency, tokenize, tokenizeQuery, validateCsvHeaders } from './chunk-LCRNKT65.js';
+export { AggregateEndpoint, BatchCreateEndpoint, BatchDeleteEndpoint, BatchRestoreEndpoint, BatchUpdateEndpoint, BatchUpsertEndpoint, CreateEndpoint, DeleteEndpoint, ExportEndpoint, ImportEndpoint, ListEndpoint, ReadEndpoint, RestoreEndpoint, SearchEndpoint, UpdateEndpoint, UpsertEndpoint, VersionCompareEndpoint, VersionHistoryEndpoint, VersionReadEndpoint, VersionRollbackEndpoint, applyFieldSelection, applyFieldSelectionToArray, buildSearchConfig, calculateScore, computeAggregations, createCsvStream, csvToJson, escapeCsvValue, generateCsv, generateETag, generateHighlights, getSchemaFields, inferCsvContentType, jsonToCsv, matchesIfMatch, matchesIfNoneMatch, parseCsv, parseFieldSelection, parseFilterValue, parseListFilters, parseSearchFields, searchInMemory, termFrequency, tokenize, tokenizeQuery, validateCsvHeaders } from './chunk-T6J4NSMC.js';
 import { isRouteClass } from './chunk-CDCGYMC6.js';
 export { OpenAPIRoute, isRouteClass } from './chunk-CDCGYMC6.js';
 export { AuditLogger, MemoryAuditLogStorage, MemoryVersioningStorage, VersionManager, applyComputedFields, applyComputedFieldsToArray, calculateChanges, createAuditLogger, createVersionManager, decodeCursor, defineMeta, defineModel, encodeCursor, extractNestedData, extractTenantId, getAuditConfig, getAuditStorage, getMultiTenantConfig, getSoftDeleteConfig, getVersioningConfig, getVersioningStorage, isDirectNestedData, parseAggregateField, parseAggregateQuery, parseSearchMode, setAuditStorage, setVersioningStorage } from './chunk-U3SUUXJK.js';
-import { createRegistryWithDefault, ApiException, InputValidationException, getLogger } from './chunk-FST5S5UY.js';
+import { createRegistryWithDefault, ApiException, InputValidationException, getLogger, getContextVar } from './chunk-FST5S5UY.js';
 export { AggregationException, ApiException, CacheException, ConfigurationException, ConflictException, ForbiddenException, InputValidationException, NotFoundException, StorageRegistry, UnauthorizedException, createNullableRegistry, createRegistryWithDefault, getAuthType, getRequestId as getContextRequestId, getContextVar, getLogger, getTenantId, getUser, getUserId, getUserPermissions, getUserRoles, hasAllPermissions, hasAllRoles, hasAnyRole, hasPermission, hasRole, setContextVar, setLogger } from './chunk-FST5S5UY.js';
 import { OpenAPIHono, createRoute } from '@hono/zod-openapi';
 import { HTTPException } from 'hono/http-exception';
@@ -290,6 +290,11 @@ var CrudEventEmitter = class {
   tableListeners = /* @__PURE__ */ new Map();
   /** Listeners for all events on all tables */
   globalListeners = /* @__PURE__ */ new Set();
+  /** Maximum listeners per event key. 0 = unlimited. */
+  maxListeners;
+  constructor(options) {
+    this.maxListeners = options?.maxListeners ?? 100;
+  }
   /**
    * Subscribe to a specific event type on a specific table.
    */
@@ -298,7 +303,13 @@ var CrudEventEmitter = class {
     if (!this.listeners.has(key)) {
       this.listeners.set(key, /* @__PURE__ */ new Set());
     }
-    this.listeners.get(key).add(listener);
+    const set = this.listeners.get(key);
+    if (this.maxListeners > 0 && set.size >= this.maxListeners) {
+      getLogger().warn(`Max listeners (${this.maxListeners}) reached for event "${key}". Listener not added.`);
+      return { unsubscribe: () => {
+      } };
+    }
+    set.add(listener);
     return {
       unsubscribe: () => {
         this.listeners.get(key)?.delete(listener);
@@ -312,7 +323,13 @@ var CrudEventEmitter = class {
     if (!this.tableListeners.has(table)) {
       this.tableListeners.set(table, /* @__PURE__ */ new Set());
     }
-    this.tableListeners.get(table).add(listener);
+    const set = this.tableListeners.get(table);
+    if (this.maxListeners > 0 && set.size >= this.maxListeners) {
+      getLogger().warn(`Max listeners (${this.maxListeners}) reached for table "${table}". Listener not added.`);
+      return { unsubscribe: () => {
+      } };
+    }
+    set.add(listener);
     return {
       unsubscribe: () => {
         this.tableListeners.get(table)?.delete(listener);
@@ -323,6 +340,11 @@ var CrudEventEmitter = class {
    * Subscribe to all events on all tables.
    */
   onAny(listener) {
+    if (this.maxListeners > 0 && this.globalListeners.size >= this.maxListeners) {
+      getLogger().warn(`Max global listeners (${this.maxListeners}) reached. Listener not added.`);
+      return { unsubscribe: () => {
+      } };
+    }
     this.globalListeners.add(listener);
     return {
       unsubscribe: () => {
@@ -413,19 +435,46 @@ function setEventEmitter(emitter) {
 }
 // src/endpoints/subscribe.ts
+var connectionCounts = /* @__PURE__ */ new Map();
+var DEFAULT_EXCLUDE_FIELDS = ["password", "token", "secret", "apiKey", "creditCard", "ssn"];
+function stripSensitiveFields(data, excludeFields) {
+  if (data === null || data === void 0 || typeof data !== "object") {
+    return data;
+  }
+  if (Array.isArray(data)) {
+    return data.map((item) => stripSensitiveFields(item, excludeFields));
+  }
+  const result = {};
+  for (const [key, value] of Object.entries(data)) {
+    if (!excludeFields.includes(key)) {
+      result[key] = typeof value === "object" && value !== null ? stripSensitiveFields(value, excludeFields) : value;
+    }
+  }
+  return result;
+}
 function createSubscribeHandler(config) {
   const {
     table,
     events: eventFilter,
     emitter: customEmitter,
     filter,
-    heartbeatInterval = 3e4
+    heartbeatInterval = 3e4,
+    maxConnections = 1e3,
+    connectionTimeout = 3e5,
+    excludeFields = DEFAULT_EXCLUDE_FIELDS
   } = config;
   return (ctx) => {
+    const currentCount = connectionCounts.get(table) || 0;
+    if (currentCount >= maxConnections) {
+      return ctx.json(
+        { success: false, error: { code: "TOO_MANY_CONNECTIONS", message: "Too many SSE connections" } },
+        503
+      );
+    }
+    connectionCounts.set(table, currentCount + 1);
     return streamSSE(ctx, async (stream) => {
       const emitter = customEmitter ?? getEventEmitter();
       let subscription;
-      let heartbeatTimer = null;
       const listener = async (event) => {
         if (eventFilter && eventFilter.length > 0 && !eventFilter.includes(event.type)) {
           return;
@@ -433,6 +482,8 @@ function createSubscribeHandler(config) {
         if (filter && !filter(event, ctx)) {
           return;
         }
+        const sanitizedData = excludeFields.length > 0 ? stripSensitiveFields(event.data, excludeFields) : event.data;
+        const sanitizedPreviousData = event.previousData && excludeFields.length > 0 ? stripSensitiveFields(event.previousData, excludeFields) : event.previousData;
         try {
           await stream.writeSSE({
             event: `${event.table}.${event.type}`,
@@ -440,8 +491,8 @@ function createSubscribeHandler(config) {
               type: event.type,
               table: event.table,
               recordId: event.recordId,
-              data: event.data,
-              previousData: event.previousData,
+              data: sanitizedData,
+              previousData: sanitizedPreviousData,
               timestamp: event.timestamp
             }),
             id: `${event.table}-${event.recordId}-${Date.now()}`
@@ -450,23 +501,38 @@ function createSubscribeHandler(config) {
         }
       };
       subscription = emitter.onTable(table, listener);
-      heartbeatTimer = setInterval(async () => {
-        try {
-          await stream.writeSSE({
-            event: "heartbeat",
-            data: JSON.stringify({ timestamp: (/* @__PURE__ */ new Date()).toISOString() })
-          });
-        } catch {
-        }
-      }, heartbeatInterval);
-      stream.onAbort(() => {
+      const cleanup = () => {
         subscription.unsubscribe();
-        if (heartbeatTimer) {
-          clearInterval(heartbeatTimer);
+        const count = connectionCounts.get(table) || 1;
+        if (count <= 1) {
+          connectionCounts.delete(table);
+        } else {
+          connectionCounts.set(table, count - 1);
         }
+      };
+      stream.onAbort(() => {
+        cleanup();
       });
+      const startTime = Date.now();
+      let lastHeartbeat = startTime;
       while (!stream.closed) {
         await stream.sleep(1e3);
+        const now = Date.now();
+        if (now - startTime >= connectionTimeout) {
+          stream.abort();
+          break;
+        }
+        if (now - lastHeartbeat >= heartbeatInterval) {
+          lastHeartbeat = now;
+          try {
+            await stream.writeSSE({
+              event: "heartbeat",
+              data: JSON.stringify({ timestamp: (/* @__PURE__ */ new Date()).toISOString() })
+            });
+          } catch {
+            break;
+          }
+        }
       }
     });
   };
@@ -756,8 +822,11 @@ var MemoryIdempotencyStorage = class {
   cleanupInterval;
   /** Timestamp of last cleanup run */
   lastCleanup = 0;
+  /** Maximum number of entries before evicting oldest */
+  maxEntries;
   constructor(options) {
     this.cleanupInterval = options?.cleanupInterval ?? 6e4;
+    this.maxEntries = options?.maxEntries ?? 1e4;
   }
   maybeCleanup() {
     if (this.cleanupInterval <= 0) return;
@@ -792,6 +861,12 @@ var MemoryIdempotencyStorage = class {
   }
   async set(key, entry, ttlMs) {
     this.maybeCleanup();
+    if (this.maxEntries > 0 && this.entries.size >= this.maxEntries && !this.entries.has(key)) {
+      const oldestKey = this.entries.keys().next().value;
+      if (oldestKey !== void 0) {
+        this.entries.delete(oldestKey);
+      }
+    }
     this.entries.set(key, {
       entry,
       expiresAt: Date.now() + ttlMs
@@ -866,7 +941,9 @@ function idempotency(config) {
     if (!storage) {
       return next();
     }
-    const existing = await storage.get(idempotencyKey);
+    const userId = getContextVar(ctx, "userId") || "anonymous";
+    const scopedKey = `${userId}:${idempotencyKey}`;
+    const existing = await storage.get(scopedKey);
     if (existing) {
       return new Response(existing.body, {
         status: existing.statusCode,
@@ -877,7 +954,7 @@ function idempotency(config) {
         }
       });
     }
-    const locked = await storage.isLocked(idempotencyKey);
+    const locked = await storage.isLocked(scopedKey);
     if (locked) {
       return ctx.json(
         {
@@ -890,7 +967,7 @@ function idempotency(config) {
         409
       );
     }
-    const acquired = await storage.lock(idempotencyKey, lockTimeoutMs);
+    const acquired = await storage.lock(scopedKey, lockTimeoutMs);
     if (!acquired) {
       return ctx.json(
         {
@@ -912,15 +989,15 @@ function idempotency(config) {
         headers[key] = value;
       });
       const entry = {
-        key: idempotencyKey,
+        key: scopedKey,
         statusCode: response.status,
         body,
         headers,
         createdAt: Date.now()
       };
-      await storage.set(idempotencyKey, entry, ttlMs);
+      await storage.set(scopedKey, entry, ttlMs);
     } finally {
-      await storage.unlock(idempotencyKey);
+      await storage.unlock(scopedKey);
     }
   };
 }

package/dist/logging/index.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { P as PathPattern, R as RedactField, d as LoggingConfig, e as LoggingStorage, a as LogEntry, c as LogQueryOptions } from '../types-B8CWg4nO.js';
-export { b as LogLevel, L as LoggingEnv, f as RequestBodyConfig, g as RequestLogEntry, h as ResponseBodyConfig, i as ResponseLogEntry } from '../types-B8CWg4nO.js';
+import { P as PathPattern, R as RedactField, d as LoggingConfig, e as LoggingStorage, a as LogEntry, c as LogQueryOptions } from '../types-DnQWCfXp.js';
+export { b as LogLevel, L as LoggingEnv, f as RequestBodyConfig, g as RequestLogEntry, h as ResponseBodyConfig, i as ResponseLogEntry } from '../types-DnQWCfXp.js';
 import { Env, Context, MiddlewareHandler } from 'hono';
 /**
@@ -50,10 +50,10 @@ declare function shouldExcludePath(path: string, includePaths: PathPattern[], ex
  *
  * @param ctx - Hono context
  * @param ipHeader - Header name for proxy IP (default: 'X-Forwarded-For')
- * @param trustProxy - Whether to trust proxy headers (default: true)
+ * @param trustProxy - Whether to trust proxy headers (default: false)
  * @returns The client IP address or undefined
  */
-declare function extractClientIp<E extends Env>(ctx: Context<E>, ipHeader?: string, trustProxy?: boolean): string | undefined;
+declare function extractClientIp<E extends Env>(ctx: Context<E>, ipHeader?: string, _trustProxy?: boolean): string | undefined;
 /**
  * Extract headers from a Headers object to a plain object.
  *

package/dist/logging/index.js CHANGED Viewed

@@ -1,5 +1,5 @@
-export { MemoryLoggingStorage } from '../chunk-IPGNLIJV.js';
-export { createLoggingMiddleware, extractClientIp, extractHeaders, extractQuery, extractUserId, generateRequestId, getLoggingStorage, getRequestId, getRequestStartTime, isAllowedContentType, matchPath, redactHeaders, redactObject, setLoggingStorage, shouldExcludePath, shouldRedact, truncateBody } from '../chunk-WOFE46VS.js';
+export { MemoryLoggingStorage } from '../chunk-I36Y45QN.js';
+export { createLoggingMiddleware, extractClientIp, extractHeaders, extractQuery, extractUserId, generateRequestId, getLoggingStorage, getRequestId, getRequestStartTime, isAllowedContentType, matchPath, redactHeaders, redactObject, setLoggingStorage, shouldExcludePath, shouldRedact, truncateBody } from '../chunk-Y74QJH7Y.js';
 import '../chunk-6LS3LNIH.js';
 import '../chunk-U3SUUXJK.js';
 import '../chunk-FST5S5UY.js';

package/dist/rate-limit/index.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-export { F as FixedWindowEntry, K as KeyExtractor, a as KeyStrategy, O as OnRateLimitExceeded, P as PathPattern, b as RateLimitAlgorithm, c as RateLimitConfig, d as RateLimitEntry, R as RateLimitEnv, e as RateLimitResult, f as RateLimitStorage, g as RateLimitTier, S as SlidingWindowEntry, T as TierFunction } from '../types-Bc7ebF5x.js';
-export { M as MemoryRateLimitStorage, d as MemoryRateLimitStorageOptions, R as RateLimitExceededException, e as RedisRateLimitClient, f as RedisRateLimitStorage, g as RedisRateLimitStorageOptions, h as createRateLimitMiddleware, i as extractAPIKey, j as extractIP, k as extractUserId, l as generateKey, m as getRateLimitStorage, n as matchPath, r as resetRateLimit, s as setRateLimitStorage, o as shouldSkipPath } from '../index-Dm8-ODYA.js';
+export { F as FixedWindowEntry, K as KeyExtractor, a as KeyStrategy, O as OnRateLimitExceeded, P as PathPattern, b as RateLimitAlgorithm, c as RateLimitConfig, d as RateLimitEntry, R as RateLimitEnv, e as RateLimitResult, f as RateLimitStorage, g as RateLimitTier, S as SlidingWindowEntry, T as TierFunction } from '../types-BO3G_MZk.js';
+export { M as MemoryRateLimitStorage, d as MemoryRateLimitStorageOptions, R as RateLimitExceededException, e as RedisRateLimitClient, f as RedisRateLimitStorage, g as RedisRateLimitStorageOptions, h as createRateLimitMiddleware, i as extractAPIKey, j as extractIP, k as extractUserId, l as generateKey, m as getRateLimitStorage, n as matchPath, r as resetRateLimit, s as setRateLimitStorage, o as shouldSkipPath } from '../index-431Ovi2o.js';
 import 'hono';
 import 'hono/http-exception';
 import 'zod';

package/dist/rate-limit/index.js CHANGED Viewed

@@ -1,5 +1,5 @@
 export { MemoryRateLimitStorage, RedisRateLimitStorage } from '../chunk-MANRQHEB.js';
-export { RateLimitExceededException, createRateLimitMiddleware, extractAPIKey, extractIP, extractUserId2 as extractUserId, generateKey, getRateLimitStorage, matchPath2 as matchPath, resetRateLimit, setRateLimitStorage, shouldSkipPath } from '../chunk-WOFE46VS.js';
+export { RateLimitExceededException, createRateLimitMiddleware, extractAPIKey, extractIP, extractUserId2 as extractUserId, generateKey, getRateLimitStorage, matchPath2 as matchPath, resetRateLimit, setRateLimitStorage, shouldSkipPath } from '../chunk-Y74QJH7Y.js';
 import '../chunk-6LS3LNIH.js';
 import '../chunk-U3SUUXJK.js';
 import '../chunk-FST5S5UY.js';

package/dist/storage/index.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { Env, MiddlewareHandler, Context } from 'hono';
-import { f as RateLimitStorage } from '../types-Bc7ebF5x.js';
-import { e as LoggingStorage } from '../types-B8CWg4nO.js';
+import { f as RateLimitStorage } from '../types-BO3G_MZk.js';
+import { e as LoggingStorage } from '../types-DnQWCfXp.js';
 import { f as CacheStorage } from '../types-DlIkjpdK.js';
 import { a as AuditLogStorage, c as VersioningStorage } from '../versioning-BG8-R7C0.js';
 import { M as MemoryAPIKeyStorage } from '../memory-B_NZbOQP.js';

package/dist/storage/index.js CHANGED Viewed

@@ -1,5 +1,5 @@
 export { createAPIKeyStorageMiddleware, createAuditStorageMiddleware, createCacheStorageMiddleware, createLoggingStorageMiddleware, createRateLimitStorageMiddleware, createStorageMiddleware, createVersioningStorageMiddleware } from '../chunk-ZCHXXN7T.js';
-export { resolveAPIKeyStorage, resolveAuditStorage, resolveCacheStorage, resolveLoggingStorage, resolveRateLimitStorage, resolveVersioningStorage } from '../chunk-WOFE46VS.js';
+export { resolveAPIKeyStorage, resolveAuditStorage, resolveCacheStorage, resolveLoggingStorage, resolveRateLimitStorage, resolveVersioningStorage } from '../chunk-Y74QJH7Y.js';
 import '../chunk-6LS3LNIH.js';
 import '../chunk-U3SUUXJK.js';
 export { StorageRegistry, createNullableRegistry, createRegistryWithDefault } from '../chunk-FST5S5UY.js';

package/dist/{types-Bc7ebF5x.d.ts → types-BO3G_MZk.d.ts} RENAMED Viewed

@@ -192,8 +192,8 @@ interface RateLimitConfig<E extends Env = Env> {
     ipHeader?: string;
     /**
      * Whether to trust the proxy header for IP extraction.
-     * Set to false if not behind a trusted proxy.
-     * @default true
+     * Set to true if behind a trusted proxy.
+     * @default false
      */
     trustProxy?: boolean;
     /**

package/dist/{types-B8CWg4nO.d.ts → types-DnQWCfXp.d.ts} RENAMED Viewed

@@ -257,7 +257,7 @@ interface LoggingConfig<E extends Env = Env> {
     ipHeader?: string;
     /**
      * Whether to trust the proxy header for IP extraction.
-     * @default true
+     * @default false
      */
     trustProxy?: boolean;
     /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "hono-crud",
-  "version": "0.3.2",
+  "version": "0.4.0",
   "description": "CRUD generator for Hono with Zod validation and OpenAPI generation",
   "author": "Kauan Guesser <contato@kauan.net>",
   "license": "MIT",