meadow-endpoints 4.0.7 → 4.0.10

package/docs/README.md

@@ -0,0 +1,326 @@
+# Meadow Endpoints
+
+> Automagic REST endpoints for CRUD operations on the Retold framework
+
+Meadow Endpoints generates a full suite of RESTful API routes from your Meadow data entities. Define your data model with Meadow, point Meadow Endpoints at it, and you get Create, Read, Update, Delete, Count, Schema, and Validate endpoints -- with authentication hooks, authorization, dynamic filtering, pagination, and behavior injection for customization. The design philosophy is to cover the 99% via configuration; the last 1% is easily hand-craftable.
+
+## Features
+
+- **Automatic Route Generation** - Full CRUD endpoints from a Meadow entity with zero boilerplate
+- **Behavior Injection** - Pre/post operation hooks for authentication, authorization, and custom logic
+- **Dynamic Filtering** - URL-based filter expressions for flexible querying
+- **Pagination** - Built-in Begin/Cap parameters with configurable default limits
+- **Bulk Operations** - Batch create, update, and upsert endpoints
+- **Schema Endpoints** - Serve JSON Schema, default objects, and validation
+- **Streaming Responses** - Large recordsets streamed as newline-delimited JSON
+- **Controller Architecture** - Extensible controller system with replaceable error handling, logging, and session management
+- **Fable Integration** - First-class service in the Fable/Orator ecosystem
+
+## Quick Start
+
+```javascript
+const libFable = require('fable');
+const libOrator = require('orator');
+const libOratorServiceServerRestify = require('orator-serviceserver-restify');
+const libMeadow = require('meadow');
+const libMeadowEndpoints = require('meadow-endpoints');
+
+const _Fable = new libFable({
+	Product: 'MyAPI',
+	ProductVersion: '1.0.0',
+	ServicePort: 8086
+});
+
+// Set up Orator
+_Fable.serviceManager.addServiceType('Orator', libOrator);
+_Fable.serviceManager.addServiceType('OratorServiceServer', libOratorServiceServerRestify);
+_Fable.serviceManager.instantiateServiceProvider('Orator');
+_Fable.serviceManager.instantiateServiceProvider('OratorServiceServer');
+
+// Create a Meadow DAL for "Book"
+const tmpMeadow = libMeadow.new(_Fable, 'Book')
+	.setProvider('MySQL')
+	.setDefaultIdentifier('IDBook')
+	.setSchema([
+		{ Column: 'IDBook', Type: 'AutoIdentity' },
+		{ Column: 'GUIDBook', Type: 'AutoGUID' },
+		{ Column: 'Title', Type: 'String', Size: '255' },
+		{ Column: 'Author', Type: 'String', Size: '128' },
+		{ Column: 'CreateDate', Type: 'CreateDate' },
+		{ Column: 'CreatingIDUser', Type: 'CreateIDUser' },
+		{ Column: 'UpdateDate', Type: 'UpdateDate' },
+		{ Column: 'UpdatingIDUser', Type: 'UpdateIDUser' },
+		{ Column: 'Deleted', Type: 'Deleted' }
+	]);
+
+// Generate and connect endpoints
+const tmpMeadowEndpoints = new libMeadowEndpoints(tmpMeadow);
+tmpMeadowEndpoints.connectRoutes(_Fable.Orator.serviceServer);
+
+// Start the server
+_Fable.Orator.startService(() =>
+{
+	console.log('API running on port 8086');
+	// Now available:
+	//   GET    /1.0/Book/:IDBook       - Read one
+	//   GET    /1.0/Book/s/:Begin/:Cap - Read many
+	//   POST   /1.0/Book               - Create
+	//   PUT    /1.0/Book               - Update
+	//   DELETE /1.0/Book/:IDBook       - Delete
+	//   GET    /1.0/Book/s/Count       - Count
+	//   GET    /1.0/Book/Schema        - Schema
+	//   ... and more
+});
+```
+
+## Installation
+
+```bash
+npm install meadow-endpoints
+```
+
+## How It Works
+
+Meadow Endpoints takes a configured Meadow DAL instance and registers HTTP routes with an Orator service server. Each route follows an async waterfall pattern with behavior injection points, allowing you to customize any step of the request lifecycle without replacing the endpoint implementation.
+
+```
+Orator (API Server)
+  └── Meadow Endpoints (Route Registration)
+        ├── Controller (Request Lifecycle)
+        │     ├── Session Marshaler (Authentication)
+        │     ├── Behavior Injection (Authorization & Custom Logic)
+        │     ├── Error Handler (Error Responses)
+        │     └── Log Controller (Request Logging)
+        ├── Endpoints (Route Handlers)
+        │     ├── Create / BulkCreate
+        │     ├── Read / Reads / ReadSelectList / ReadLiteList / ReadDistinctList
+        │     ├── Update / BulkUpdate / Upsert / BulkUpsert
+        │     ├── Delete / Undelete
+        │     ├── Count / CountBy
+        │     └── Schema / New / Validate
+        └── Meadow DAL (Data Access)
+              └── Database Provider
+```
+
+## Generated Routes
+
+### Create
+
+| Method | Route | Description |
+|--------|-------|-------------|
+| POST | `/{version}/{entity}` | Create a single record |
+| POST | `/{version}/{entity}/s` | Bulk create (array of records) |
+
+### Read
+
+| Method | Route | Description |
+|--------|-------|-------------|
+| GET | `/{version}/{entity}/:IDRecord` | Read a single record by ID |
+| GET | `/{version}/{entity}/s` | Read records (default cap: 250) |
+| GET | `/{version}/{entity}/s/:Begin/:Cap` | Read with pagination |
+| GET | `/{version}/{entity}/s/FilteredTo/:Filter` | Read with filter |
+| GET | `/{version}/{entity}/s/FilteredTo/:Filter/:Begin/:Cap` | Read with filter and pagination |
+| GET | `/{version}/{entity}/s/By/:ByField/:ByValue` | Read filtered by field value |
+| GET | `/{version}/{entity}/s/By/:ByField/:ByValue/:Begin/:Cap` | Field filter with pagination |
+| GET | `/{version}/{entity}/Max/:ColumnName` | Get maximum value for a column |
+
+### Specialized Read
+
+| Method | Route | Description |
+|--------|-------|-------------|
+| GET | `/{version}/{entity}/Select` | Select list ({Hash, Value} pairs) |
+| GET | `/{version}/{entity}/Select/:Begin/:Cap` | Paginated select list |
+| GET | `/{version}/{entity}/Select/FilteredTo/:Filter` | Filtered select list |
+| GET | `/{version}/{entity}/s/Lite` | Lite list (minimal columns) |
+| GET | `/{version}/{entity}/s/Lite/:Begin/:Cap` | Paginated lite list |
+| GET | `/{version}/{entity}/s/LiteExtended/:ExtraColumns` | Lite list with extra columns |
+| GET | `/{version}/{entity}/s/Distinct/:Columns` | Distinct values for columns |
+| GET | `/{version}/{entity}/s/Distinct/:Columns/:Begin/:Cap` | Paginated distinct list |
+| GET | `/{version}/{entity}/s/Distinct/:Columns/FilteredTo/:Filter` | Filtered distinct list |
+
+### Update
+
+| Method | Route | Description |
+|--------|-------|-------------|
+| PUT | `/{version}/{entity}` | Update a single record |
+| PUT | `/{version}/{entity}/s` | Bulk update (array of records) |
+| PUT | `/{version}/{entity}/Upsert` | Insert or update a record |
+| PUT | `/{version}/{entity}/Upserts` | Bulk upsert (array of records) |
+
+### Delete
+
+| Method | Route | Description |
+|--------|-------|-------------|
+| DELETE | `/{version}/{entity}/:IDRecord` | Delete a record |
+| DELETE | `/{version}/{entity}` | Delete (ID in request body) |
+| GET | `/{version}/{entity}/Undelete/:IDRecord` | Undelete a soft-deleted record |
+
+### Count
+
+| Method | Route | Description |
+|--------|-------|-------------|
+| GET | `/{version}/{entity}/s/Count` | Total record count |
+| GET | `/{version}/{entity}/s/Count/FilteredTo/:Filter` | Filtered count |
+| GET | `/{version}/{entity}/s/Count/By/:ByField/:ByValue` | Count by field value |
+
+### Schema
+
+| Method | Route | Description |
+|--------|-------|-------------|
+| GET | `/{version}/{entity}/Schema` | Return JSON Schema |
+| GET | `/{version}/{entity}/Schema/New` | Return empty default record |
+| POST | `/{version}/{entity}/Schema/Validate` | Validate a record against schema |
+
+## Behavior Injection
+
+Behavior injection lets you hook into any endpoint's lifecycle without replacing the endpoint itself. This is the primary mechanism for adding authentication, authorization, and custom business logic.
+
+### Injection Points
+
+Each endpoint has named injection points following the pattern `{Verb}-{Phase}`:
+
+| Injection Point | When It Runs |
+|----------------|--------------|
+| `Create-PreOperation` | Before record creation |
+| `Create-QueryConfiguration` | After query is built, before execution |
+| `Create-PostOperation` | After record is created |
+| `Read-PreOperation` | Before single record read |
+| `Read-QueryConfiguration` | After read query is built |
+| `Read-PostOperation` | After record is retrieved |
+| `Reads-QueryConfiguration` | After reads query is built |
+| `Reads-PostOperation` | After recordset is retrieved |
+| `Update-QueryConfiguration` | After update query is built |
+| `Delete-QueryConfiguration` | After delete query is built |
+| `Delete-PreOperation` | Before deletion (after pre-read) |
+| `Delete-PostOperation` | After deletion |
+| `Count-QueryConfiguration` | After count query is built |
+
+### Registering Behaviors
+
+```javascript
+const tmpEndpoints = new libMeadowEndpoints(tmpMeadow);
+
+// Add authorization: restrict reads to user's own customer
+tmpEndpoints.controller.BehaviorInjection.setBehavior('Reads-QueryConfiguration',
+	(pRequest, pRequestState, fCallback) =>
+	{
+		if (pRequestState.SessionData.UserRoleIndex < 5)
+		{
+			pRequestState.Query.addFilter('IDCustomer', pRequestState.SessionData.CustomerID);
+		}
+		return fCallback();
+	});
+
+// Add validation before create
+tmpEndpoints.controller.BehaviorInjection.setBehavior('Create-PreOperation',
+	(pRequest, pRequestState, fCallback) =>
+	{
+		if (!pRequest.body.Title)
+		{
+			return fCallback({ Code: 400, Message: 'Title is required' });
+		}
+		return fCallback();
+	});
+```
+
+## Dynamic Filtering
+
+Filter expressions can be passed in endpoint URLs using the `FilteredTo` parameter:
+
+```
+GET /1.0/Book/s/FilteredTo/Title~JavaScript
+GET /1.0/Book/s/FilteredTo/Author=Frank Herbert
+GET /1.0/Book/s/FilteredTo/Price>20
+```
+
+Supported operators: `=`, `!=`, `>`, `<`, `>=`, `<=`, `~` (contains)
+
+## Session Management
+
+Meadow Endpoints supports multiple session data sources, configured via `MeadowEndpointsSessionDataSource`:
+
+| Source | Description |
+|--------|-------------|
+| `Request` (default) | Session from `pRequest.UserSession` (set by Orator middleware) |
+| `Header` | JSON session from `x-trusted-session` HTTP header |
+| `None` | No session data, uses defaults |
+
+The session object provides `UserID`, `CustomerID`, `SessionID`, `UserRole`, `UserRoleIndex`, and `LoggedIn` to all endpoint operations.
+
+## Configuration
+
+| Setting | Type | Default | Description |
+|---------|------|---------|-------------|
+| `MeadowEndpointVersion` | string | `"1.0"` | API version prefix in routes |
+| `MeadowDefaultMaxCap` | number | `250` | Default pagination limit for reads |
+| `MeadowEndpointsSessionDataSource` | string | `"Request"` | Session data source |
+| `MeadowEndpointsDefaultSessionObject` | object | `{CustomerID:0, UserID:0, ...}` | Default session template |
+| `SendErrorStatusCodes` | boolean | `false` | Set HTTP status codes on error responses |
+
+## Custom Controllers
+
+For deep customization, extend the base controller:
+
+```javascript
+const libMeadowEndpoints = require('meadow-endpoints');
+const BaseController = libMeadowEndpoints.BaseController;
+
+class CustomController extends BaseController
+{
+	constructor(pMeadowEndpoints, pOptions)
+	{
+		super(pMeadowEndpoints, pOptions);
+	}
+}
+
+const tmpEndpoints = new libMeadowEndpoints(tmpMeadow,
+	{ ControllerClass: CustomController });
+```
+
+## Disabling Endpoint Groups
+
+```javascript
+const tmpEndpoints = new libMeadowEndpoints(tmpMeadow);
+
+// Disable update and delete endpoints
+tmpEndpoints._EnabledBehaviorSets.Update = false;
+tmpEndpoints._EnabledBehaviorSets.Delete = false;
+
+tmpEndpoints.connectRoutes(serviceServer);
+// Only Create, Read, Count, and Schema endpoints will be registered
+```
+
+## CRUD Deep Dive
+
+For detailed documentation on each endpoint group, including request lifecycles, behavior injection examples, and real-world usage patterns, see the [CRUD documentation](crud/README.md):
+
+- [Create](crud/create.md) - Single and bulk record creation with pre/post hooks
+- [Read](crud/read.md) - Records, lists, pagination, filtering, select lists, lite and distinct projections
+- [Update](crud/update.md) - Single and bulk updates, upserts
+- [Delete](crud/delete.md) - Soft-delete and undelete with authorization hooks
+- [Count](crud/count.md) - Record counts with filtering
+- [Schema, New & Validate](crud/schema.md) - Metadata, default records, and validation with full hook examples
+
+## Testing
+
+```bash
+npm test
+```
+
+## Documentation
+
+Detailed documentation is available in the `docs/` folder and can be served locally:
+
+```bash
+npx docsify-cli serve docs
+```
+
+## Related Packages
+
+- [meadow](https://github.com/stevenvelozo/meadow) - Data access layer (required)
+- [meadow-filter](https://github.com/stevenvelozo/meadow-filter) - URL filter expression parser
+- [orator](https://github.com/stevenvelozo/orator) - API server abstraction
+- [orator-serviceserver-restify](https://github.com/stevenvelozo/orator-serviceserver-restify) - Restify service server
+- [stricture](https://github.com/stevenvelozo/stricture) - Schema definition language
+- [foxhound](https://github.com/stevenvelozo/foxhound) - Query DSL for SQL generation
+- [fable](https://github.com/stevenvelozo/fable) - Service provider framework

package/docs/_sidebar.md

@@ -0,0 +1,37 @@
+- Getting Started
+
+  - [Introduction](/)
+  - [Getting Started](getting-started.md)
+  - [Architecture](architecture.md)
+
+- Core Concepts
+
+  - [Generated Routes](generated-routes.md)
+  - [Behavior Injection](behavior-injection.md)
+  - [Dynamic Filtering](dynamic-filtering.md)
+  - [Session Management](session-management.md)
+
+- Endpoints
+
+  - [Create Endpoints](endpoints/create.md)
+  - [Read Endpoints](endpoints/read.md)
+  - [Update Endpoints](endpoints/update.md)
+  - [Delete Endpoints](endpoints/delete.md)
+  - [Count Endpoints](endpoints/count.md)
+  - [Schema Endpoints](endpoints/schema.md)
+
+- CRUD Deep Dive
+
+  - [Overview](crud/README.md)
+  - [Create](crud/create.md)
+  - [Read](crud/read.md)
+  - [Update](crud/update.md)
+  - [Delete](crud/delete.md)
+  - [Count](crud/count.md)
+  - [Schema, New & Validate](crud/schema.md)
+
+- Advanced
+
+  - [Custom Controllers](custom-controllers.md)
+  - [Error Handling](error-handling.md)
+  - [Configuration Reference](configuration.md)

package/docs/crud/README.md

@@ -0,0 +1,220 @@
+# CRUD Endpoints
+
+> Complete REST API lifecycle from a single entity definition
+
+Meadow Endpoints generates a full suite of RESTful routes from a configured Meadow entity. Every endpoint follows the same async waterfall pattern with behavior injection hooks, making the entire request lifecycle customizable without replacing any built-in logic.
+
+## Endpoint Groups
+
+| Group | Operations | Description |
+|-------|-----------|-------------|
+| [Create](crud/create.md) | Create, BulkCreate | Insert new records |
+| [Read](crud/read.md) | Read, Reads, ReadsBy, ReadMax, ReadSelectList, ReadLiteList, ReadDistinctList | Retrieve records with pagination, filtering, and projections |
+| [Update](crud/update.md) | Update, BulkUpdate, Upsert, BulkUpsert | Modify existing records |
+| [Delete](crud/delete.md) | Delete, Undelete | Soft-delete and restore records |
+| [Count](crud/count.md) | Count, CountBy | Aggregate record counts |
+| [Schema](crud/schema.md) | Schema, New, Validate | Serve schema metadata, default objects, and validation |
+
+## Complete Route Table
+
+All routes are prefixed with `/{version}/{entity}`, where `version` defaults to `1.0` and `entity` is the Meadow DAL scope (e.g., `Book`).
+
+### Create
+
+| Method | Route | Handler |
+|--------|-------|---------|
+| POST | `/{v}/{entity}` | Create a single record |
+| POST | `/{v}/{entity}/s` | Bulk create (array of records) |
+
+### Read
+
+| Method | Route | Handler |
+|--------|-------|---------|
+| GET | `/{v}/{entity}/:IDRecord` | Read one record by ID |
+| GET | `/{v}/{entity}/By/:GUIDRecord` | Read one record by GUID |
+| GET | `/{v}/{entity}/s` | Read list (default cap: 250) |
+| GET | `/{v}/{entity}/s/:Begin/:Cap` | Read list with pagination |
+| GET | `/{v}/{entity}/s/FilteredTo/:Filter` | Read list with filter |
+| GET | `/{v}/{entity}/s/FilteredTo/:Filter/:Begin/:Cap` | Filtered read with pagination |
+| GET | `/{v}/{entity}/s/By/:ByField/:ByValue` | Read by field value |
+| GET | `/{v}/{entity}/s/By/:ByField/:ByValue/:Begin/:Cap` | Read by field with pagination |
+| GET | `/{v}/{entity}/Max/:ColumnName` | Maximum value for a column |
+
+### Specialized Read
+
+| Method | Route | Handler |
+|--------|-------|---------|
+| GET | `/{v}/{entity}/Select` | Select list ({Hash, Value} pairs) |
+| GET | `/{v}/{entity}/Select/:Begin/:Cap` | Paginated select list |
+| GET | `/{v}/{entity}/Select/FilteredTo/:Filter` | Filtered select list |
+| GET | `/{v}/{entity}/Select/FilteredTo/:Filter/:Begin/:Cap` | Filtered paginated select list |
+| GET | `/{v}/{entity}/s/Lite` | Lite list (minimal columns) |
+| GET | `/{v}/{entity}/s/Lite/:Begin/:Cap` | Paginated lite list |
+| GET | `/{v}/{entity}/s/LiteExtended/:ExtraColumns` | Lite list with extra columns |
+| GET | `/{v}/{entity}/s/Distinct/:Columns` | Distinct values for columns |
+| GET | `/{v}/{entity}/s/Distinct/:Columns/:Begin/:Cap` | Paginated distinct list |
+| GET | `/{v}/{entity}/s/Distinct/:Columns/FilteredTo/:Filter` | Filtered distinct list |
+
+### Update
+
+| Method | Route | Handler |
+|--------|-------|---------|
+| PUT | `/{v}/{entity}` | Update a single record |
+| PUT | `/{v}/{entity}/s` | Bulk update (array of records) |
+| PUT | `/{v}/{entity}/Upsert` | Insert or update a record |
+| PUT | `/{v}/{entity}/Upserts` | Bulk upsert (array of records) |
+
+### Delete
+
+| Method | Route | Handler |
+|--------|-------|---------|
+| DELETE | `/{v}/{entity}/:IDRecord` | Delete a record by URL param |
+| DELETE | `/{v}/{entity}` | Delete a record (ID in body) |
+| GET | `/{v}/{entity}/Undelete/:IDRecord` | Undelete a soft-deleted record |
+
+### Count
+
+| Method | Route | Handler |
+|--------|-------|---------|
+| GET | `/{v}/{entity}/s/Count` | Total record count |
+| GET | `/{v}/{entity}/s/Count/FilteredTo/:Filter` | Filtered count |
+| GET | `/{v}/{entity}/s/Count/By/:ByField/:ByValue` | Count by field value |
+
+### Schema
+
+| Method | Route | Handler |
+|--------|-------|---------|
+| GET | `/{v}/{entity}/Schema` | Return JSON Schema |
+| GET | `/{v}/{entity}/Schema/New` | Return empty default record |
+| POST | `/{v}/{entity}/Schema/Validate` | Validate a record against schema |
+
+## Request Lifecycle
+
+Every endpoint follows the same async waterfall pattern:
+
+```
+HTTP Request
+  |
+  v
+initializeRequestState(pRequest, 'OperationName')
+  |
+  v
+[Pre-Operation Behavior Injection]     <-- authenticate, authorize, validate
+  |
+  v
+Build/Configure Query
+  |
+  v
+[Query-Configuration Behavior Injection]  <-- modify query, add filters
+  |
+  v
+Execute DAL Operation (doCreate, doRead, doReads, etc.)
+  |
+  v
+[Post-Operation Behavior Injection]    <-- transform results, audit, notify
+  |
+  v
+Send Response
+  |
+  v
+ErrorHandler.handleErrorIfSet()        <-- catch any errors from waterfall
+```
+
+Not every endpoint has all three injection points. See the individual endpoint documentation for the specific hooks available.
+
+## Behavior Injection Summary
+
+| Injection Point | Available On | Phase |
+|-----------------|-------------|-------|
+| `Create-PreOperation` | Create, BulkCreate | Before create query is built |
+| `Create-QueryConfiguration` | Create, BulkCreate | After query is built, before execution |
+| `Create-PostOperation` | Create, BulkCreate | After record is created and re-read |
+| `Read-PreOperation` | Read | Before filter criteria are applied |
+| `Read-QueryConfiguration` | Read | After filter criteria, before DAL call |
+| `Read-PostOperation` | Read | After record is retrieved |
+| `Reads-QueryConfiguration` | Reads, ReadsBy, ReadSelectList, ReadLiteList, ReadDistinctList, ReadMax | After pagination/filter, before DAL call |
+| `Reads-PostOperation` | Reads, ReadsBy | After recordset is retrieved |
+| `Update-PostOperation` | Update, BulkUpdate | After record is updated and re-read |
+| `Delete-QueryConfiguration` | Delete | After delete query filter is built |
+| `Delete-PreOperation` | Delete | After record is loaded, before delete |
+| `Delete-PostOperation` | Delete | After record is deleted |
+| `Undelete-PreOperation` | Undelete | After deleted record is loaded |
+| `Undelete-PostOperation` | Undelete | After record is undeleted |
+| `Count-QueryConfiguration` | Count | After filter is parsed |
+| `CountBy-QueryConfiguration` | CountBy | After field filter is applied |
+| `Schema-PreOperation` | Schema | Before schema is loaded |
+| `Schema-PostOperation` | Schema | After schema is loaded |
+| `New-PreOperation` | New | Before default object is built |
+| `New-PostOperation` | New | After default object is built |
+| `Validate-PreOperation` | Validate | Before validation runs |
+| `Validate-PostOperation` | Validate | After validation completes |
+
+## Registering Behaviors
+
+```javascript
+const tmpEndpoints = new libMeadowEndpoints(tmpMeadow);
+
+tmpEndpoints.controller.BehaviorInjection.setBehavior('Create-PreOperation',
+	(pRequest, pRequestState, fCallback) =>
+	{
+		// pRequest     - the HTTP request object (params, body, headers)
+		// pRequestState - endpoint state (Query, Record, SessionData, etc.)
+		// fCallback    - call with no args to continue, or with error to halt
+
+		if (!pRequest.body.Title)
+		{
+			return fCallback({ Code: 400, Message: 'Title is required' });
+		}
+		return fCallback();
+	});
+```
+
+## Request State Object
+
+The `pRequestState` object is initialized by `initializeRequestState()` and carries state through the waterfall. Key properties:
+
+| Property | Type | Description |
+|----------|------|-------------|
+| `SessionData` | object | Session data (UserID, CustomerID, UserRole, etc.) |
+| `Query` | object | FoxHound query object for the current operation |
+| `Record` | object | The current record (after read/create/update) |
+| `Records` | array | Record array (for Reads operations) |
+| `Result` | object | Result object (for Count: `{Count: N}`) |
+| `RecordCount` | object | Delete result: `{Count: N}` |
+| `JSONSchema` | object | Schema object (for Schema endpoint) |
+| `EmptyEntityRecord` | object | Default record (for New endpoint) |
+| `RecordValidation` | object | Validation result (for Validate endpoint) |
+| `RecordToCreate` | object | Record being created (in Create operation) |
+| `RecordToModify` | object | Record being updated (in Update operation) |
+
+## Disabling Endpoint Groups
+
+You can selectively disable any endpoint group before connecting routes:
+
+```javascript
+const tmpEndpoints = new libMeadowEndpoints(tmpMeadow);
+
+// Disable specific operations
+tmpEndpoints._EnabledBehaviorSets.Update = false;
+tmpEndpoints._EnabledBehaviorSets.Delete = false;
+
+// Connect only the remaining routes
+tmpEndpoints.connectRoutes(serviceServer);
+```
+
+Available behavior sets: `Create`, `Read`, `Update`, `Delete`, `Count`, `Schema`.
+
+## Session Data
+
+Every endpoint has access to session data through `pRequestState.SessionData`:
+
+| Property | Type | Default | Description |
+|----------|------|---------|-------------|
+| `UserID` | number | `0` | Authenticated user ID |
+| `CustomerID` | number | `0` | Customer/tenant ID |
+| `SessionID` | string | `""` | Session identifier |
+| `UserRole` | string | `"User"` | Role name |
+| `UserRoleIndex` | number | `0` | Numeric role level |
+| `LoggedIn` | boolean | `false` | Authentication status |
+
+Session data is populated by the session marshaler before any behavior injection runs. Configure the source via `MeadowEndpointsSessionDataSource` (`Request`, `Header`, or `None`).