npm - mega-framework - Versions diffs - 0.1.0 - Mend

mega-framework 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (322) hide show

package/.env +127 -0
package/.env.example +186 -0
package/.prettierrc.json +8 -0
package/CHANGELOG.md +259 -0
package/LICENSE +21 -0
package/README.md +153 -0
package/bin/mega-ws-hub.js +15 -0
package/bin/mega.js +38 -0
package/docker-compose.yml +201 -0
package/eslint.config.js +57 -0
package/infra/otel-collector-config.yaml +43 -0
package/jsconfig.json +18 -0
package/package.json +121 -0
package/sample/crud/.env +18 -0
package/sample/crud/.env.example +50 -0
package/sample/crud/README.md +85 -0
package/sample/crud/apps/main/app.config.js +114 -0
package/sample/crud/apps/main/channels/chat-bus.js +115 -0
package/sample/crud/apps/main/channels/chat-channel.js +145 -0
package/sample/crud/apps/main/controllers/auth-controller.js +144 -0
package/sample/crud/apps/main/controllers/cron-controller.js +34 -0
package/sample/crud/apps/main/controllers/guide-controller.js +37 -0
package/sample/crud/apps/main/controllers/jobs-controller.js +43 -0
package/sample/crud/apps/main/controllers/logs-controller.js +35 -0
package/sample/crud/apps/main/controllers/metrics-controller.js +22 -0
package/sample/crud/apps/main/controllers/note-controller.js +116 -0
package/sample/crud/apps/main/controllers/perf-controller.js +38 -0
package/sample/crud/apps/main/controllers/redis-controller.js +36 -0
package/sample/crud/apps/main/controllers/tracing-controller.js +43 -0
package/sample/crud/apps/main/controllers/upload-controller.js +98 -0
package/sample/crud/apps/main/controllers/user-controller.js +34 -0
package/sample/crud/apps/main/controllers/web-controller.js +137 -0
package/sample/crud/apps/main/controllers/worker-controller.js +57 -0
package/sample/crud/apps/main/controllers/ws-controller.js +29 -0
package/sample/crud/apps/main/jobs/email-job.js +72 -0
package/sample/crud/apps/main/locales/client/en.json +3 -0
package/sample/crud/apps/main/locales/client/ko.json +3 -0
package/sample/crud/apps/main/locales/server/en.json +316 -0
package/sample/crud/apps/main/locales/server/ko.json +316 -0
package/sample/crud/apps/main/middleware/web-auth.js +40 -0
package/sample/crud/apps/main/middleware/ws-auth.js +48 -0
package/sample/crud/apps/main/migrations/20260606000001-create-users.js +27 -0
package/sample/crud/apps/main/migrations/20260606000002-add-auth-to-users.js +30 -0
package/sample/crud/apps/main/models/note.js +71 -0
package/sample/crud/apps/main/models/user.js +86 -0
package/sample/crud/apps/main/public/css/app.css +101 -0
package/sample/crud/apps/main/public/css/guide.css +137 -0
package/sample/crud/apps/main/public/js/app.js +54 -0
package/sample/crud/apps/main/public/js/perf.js +129 -0
package/sample/crud/apps/main/public/js/theme-init.js +12 -0
package/sample/crud/apps/main/public/js/upload-demo.js +63 -0
package/sample/crud/apps/main/public/js/worker-demo.js +92 -0
package/sample/crud/apps/main/public/js/ws-chat.js +161 -0
package/sample/crud/apps/main/public/vendor/bootstrap/bootstrap.bundle.min.js +7 -0
package/sample/crud/apps/main/public/vendor/bootstrap/bootstrap.min.css +6 -0
package/sample/crud/apps/main/public/vendor/highlight/github-dark.css +109 -0
package/sample/crud/apps/main/public/vendor/highlight/github.css +118 -0
package/sample/crud/apps/main/public/vendor/mega-client-wasm/README.md +19 -0
package/sample/crud/apps/main/public/vendor/mega-client-wasm/mega_client_wasm.d.ts +196 -0
package/sample/crud/apps/main/public/vendor/mega-client-wasm/mega_client_wasm.js +1187 -0
package/sample/crud/apps/main/public/vendor/mega-client-wasm/mega_client_wasm_bg.wasm +0 -0
package/sample/crud/apps/main/routes/auth.js +15 -0
package/sample/crud/apps/main/routes/cron.js +14 -0
package/sample/crud/apps/main/routes/guide.js +25 -0
package/sample/crud/apps/main/routes/jobs.js +14 -0
package/sample/crud/apps/main/routes/logs.js +28 -0
package/sample/crud/apps/main/routes/metrics.js +13 -0
package/sample/crud/apps/main/routes/notes.js +19 -0
package/sample/crud/apps/main/routes/perf.js +47 -0
package/sample/crud/apps/main/routes/redis.js +14 -0
package/sample/crud/apps/main/routes/tracing.js +14 -0
package/sample/crud/apps/main/routes/upload.js +16 -0
package/sample/crud/apps/main/routes/users.js +54 -0
package/sample/crud/apps/main/routes/web.js +23 -0
package/sample/crud/apps/main/routes/worker.js +15 -0
package/sample/crud/apps/main/routes/ws.js +30 -0
package/sample/crud/apps/main/schedules/cron-counter-schedule.js +30 -0
package/sample/crud/apps/main/services/auth-service.js +74 -0
package/sample/crud/apps/main/services/cron-demo-service.js +66 -0
package/sample/crud/apps/main/services/guide-service.js +145 -0
package/sample/crud/apps/main/services/jobs-demo-service.js +83 -0
package/sample/crud/apps/main/services/logs-demo-service.js +59 -0
package/sample/crud/apps/main/services/metrics-demo-service.js +144 -0
package/sample/crud/apps/main/services/note-service.js +75 -0
package/sample/crud/apps/main/services/perf-service.js +302 -0
package/sample/crud/apps/main/services/redis-demo-service.js +75 -0
package/sample/crud/apps/main/services/tracing-demo-service.js +69 -0
package/sample/crud/apps/main/services/upload-demo-service.js +48 -0
package/sample/crud/apps/main/services/user-service.js +65 -0
package/sample/crud/apps/main/views/auth/login.ejs +57 -0
package/sample/crud/apps/main/views/auth/register.ejs +71 -0
package/sample/crud/apps/main/views/cron/index.ejs +92 -0
package/sample/crud/apps/main/views/guide/index.ejs +24 -0
package/sample/crud/apps/main/views/guide/page.ejs +64 -0
package/sample/crud/apps/main/views/home.ejs +82 -0
package/sample/crud/apps/main/views/jobs/index.ejs +113 -0
package/sample/crud/apps/main/views/layouts/main.ejs +112 -0
package/sample/crud/apps/main/views/logs/index.ejs +80 -0
package/sample/crud/apps/main/views/metrics/index.ejs +123 -0
package/sample/crud/apps/main/views/notes/edit.ejs +45 -0
package/sample/crud/apps/main/views/notes/list.ejs +74 -0
package/sample/crud/apps/main/views/notes/new.ejs +45 -0
package/sample/crud/apps/main/views/perf/index.ejs +90 -0
package/sample/crud/apps/main/views/redis/index.ejs +65 -0
package/sample/crud/apps/main/views/tracing/index.ejs +106 -0
package/sample/crud/apps/main/views/upload/index.ejs +79 -0
package/sample/crud/apps/main/views/users/edit.ejs +48 -0
package/sample/crud/apps/main/views/users/list.ejs +81 -0
package/sample/crud/apps/main/views/users/new.ejs +48 -0
package/sample/crud/apps/main/views/worker/index.ejs +70 -0
package/sample/crud/apps/main/views/ws/index.ejs +62 -0
package/sample/crud/apps/main/workers/hash-worker.js +17 -0
package/sample/crud/apps/main/workers/hash.task.js +22 -0
package/sample/crud/ecosystem.config.cjs +9 -0
package/sample/crud/mega.config.js +105 -0
package/sample/crud/package-lock.json +5665 -0
package/sample/crud/package.json +28 -0
package/sample/crud/test/apps/main/auth-flow.integration.test.js +177 -0
package/sample/crud/test/apps/main/auth-service.test.js +93 -0
package/sample/crud/test/apps/main/chat-bus.test.js +101 -0
package/sample/crud/test/apps/main/chat-channel.test.js +144 -0
package/sample/crud/test/apps/main/cron-demo-service.test.js +93 -0
package/sample/crud/test/apps/main/demo-flow.integration.test.js +386 -0
package/sample/crud/test/apps/main/email-job.test.js +76 -0
package/sample/crud/test/apps/main/guide-service.test.js +68 -0
package/sample/crud/test/apps/main/hash-task.test.js +30 -0
package/sample/crud/test/apps/main/jobs-demo-service.test.js +88 -0
package/sample/crud/test/apps/main/logs-demo-service.test.js +85 -0
package/sample/crud/test/apps/main/metrics-demo-service.test.js +90 -0
package/sample/crud/test/apps/main/note-service.test.js +68 -0
package/sample/crud/test/apps/main/perf-service.test.js +121 -0
package/sample/crud/test/apps/main/perf.integration.test.js +202 -0
package/sample/crud/test/apps/main/redis-demo-service.test.js +98 -0
package/sample/crud/test/apps/main/tracing-demo-service.test.js +90 -0
package/sample/crud/test/apps/main/upload-demo-service.test.js +61 -0
package/sample/crud/test/apps/main/user-service.test.js +65 -0
package/sample/crud/test/apps/main/ws-chat.integration.test.js +232 -0
package/sample/crud/vitest.config.js +8 -0
package/sample/crud/yarn.lock +2142 -0
package/sample/simple/.env.example +15 -0
package/sample/simple/README.md +52 -0
package/sample/simple/apps/main/app.config.js +35 -0
package/sample/simple/apps/main/controllers/pages-controller.js +22 -0
package/sample/simple/apps/main/locales/client/en.json +3 -0
package/sample/simple/apps/main/locales/client/ko.json +3 -0
package/sample/simple/apps/main/locales/server/en.json +23 -0
package/sample/simple/apps/main/locales/server/ko.json +23 -0
package/sample/simple/apps/main/public/css/app.css +101 -0
package/sample/simple/apps/main/public/hello.txt +1 -0
package/sample/simple/apps/main/public/js/app.js +54 -0
package/sample/simple/apps/main/public/js/theme-init.js +12 -0
package/sample/simple/apps/main/public/vendor/bootstrap/bootstrap.bundle.min.js +7 -0
package/sample/simple/apps/main/public/vendor/bootstrap/bootstrap.min.css +6 -0
package/sample/simple/apps/main/routes/index.js +9 -0
package/sample/simple/apps/main/routes/pages.js +12 -0
package/sample/simple/apps/main/views/index.ejs +56 -0
package/sample/simple/apps/main/views/layouts/main.ejs +74 -0
package/sample/simple/ecosystem.config.cjs +10 -0
package/sample/simple/mega.config.js +27 -0
package/sample/simple/package-lock.json +1851 -0
package/sample/simple/package.json +25 -0
package/sample/simple/test/apps/main/index.test.js +13 -0
package/sample/simple/vitest.config.js +8 -0
package/src/adapters/adapter-manager.js +305 -0
package/src/adapters/adapter-options.js +208 -0
package/src/adapters/file-adapter.js +350 -0
package/src/adapters/file-session-adapter.js +363 -0
package/src/adapters/index.js +38 -0
package/src/adapters/maria-adapter.js +425 -0
package/src/adapters/mega-adapter.js +511 -0
package/src/adapters/mega-bus-adapter.js +81 -0
package/src/adapters/mega-cache-adapter.js +94 -0
package/src/adapters/mega-db-adapter.js +72 -0
package/src/adapters/mega-lock-adapter.js +118 -0
package/src/adapters/mega-log-sink-adapter.js +46 -0
package/src/adapters/mega-session-adapter.js +72 -0
package/src/adapters/mongo-adapter.js +396 -0
package/src/adapters/nats-adapter.js +370 -0
package/src/adapters/postgres-adapter.js +341 -0
package/src/adapters/redis-adapter.js +331 -0
package/src/adapters/redis-session-adapter.js +261 -0
package/src/adapters/redlock-adapter.js +385 -0
package/src/adapters/registry.js +157 -0
package/src/adapters/sqlite-adapter.js +309 -0
package/src/auth/index.js +103 -0
package/src/cli/commands/console-cmd.js +56 -0
package/src/cli/commands/new.js +101 -0
package/src/cli/commands/routes.js +107 -0
package/src/cli/commands/scaffold.js +120 -0
package/src/cli/commands/test-cmd.js +45 -0
package/src/cli/generators/index.js +368 -0
package/src/cli/index.js +472 -0
package/src/cli/template-engine.js +72 -0
package/src/cli/ws-hub.js +582 -0
package/src/core/ajv-mapper.js +80 -0
package/src/core/boot.js +323 -0
package/src/core/cluster-metrics.js +278 -0
package/src/core/config-loader.js +115 -0
package/src/core/config-validator.js +322 -0
package/src/core/ctx-builder.js +253 -0
package/src/core/envelope.js +88 -0
package/src/core/error-mapper.js +116 -0
package/src/core/formbody.js +69 -0
package/src/core/hub-link.js +552 -0
package/src/core/i18n.js +525 -0
package/src/core/index.js +63 -0
package/src/core/mega-app.js +1138 -0
package/src/core/mega-cluster.js +232 -0
package/src/core/mega-server.js +176 -0
package/src/core/mega-service.js +41 -0
package/src/core/migration-runner.js +196 -0
package/src/core/multipart.js +282 -0
package/src/core/openapi.js +114 -0
package/src/core/router.js +388 -0
package/src/core/routes-loader.js +57 -0
package/src/core/scope-registry.js +53 -0
package/src/core/security.js +275 -0
package/src/core/services-loader.js +98 -0
package/src/core/session-cleanup-schedule.js +57 -0
package/src/core/session-store.js +55 -0
package/src/core/session.js +414 -0
package/src/core/static-assets.js +126 -0
package/src/core/template.js +294 -0
package/src/core/workers-manager.js +193 -0
package/src/core/ws-compression.js +112 -0
package/src/core/ws-controller.js +109 -0
package/src/core/ws-message.js +176 -0
package/src/core/ws-upgrade.js +445 -0
package/src/errors/config-error.js +16 -0
package/src/errors/http-errors.js +130 -0
package/src/errors/index.js +19 -0
package/src/errors/mega-error.js +34 -0
package/src/eslint-plugin/index.js +15 -0
package/src/eslint-plugin/no-direct-model-import.js +113 -0
package/src/index.js +131 -0
package/src/lib/asp/config.js +83 -0
package/src/lib/asp/crypto.js +145 -0
package/src/lib/asp/errors.js +49 -0
package/src/lib/asp/nonce-cache.js +94 -0
package/src/lib/asp/plugin.js +263 -0
package/src/lib/asp/ws-terminator.js +101 -0
package/src/lib/env-mapper.js +222 -0
package/src/lib/hub-protocol.js +322 -0
package/src/lib/index.js +42 -0
package/src/lib/logger/telegram-core.js +150 -0
package/src/lib/logger/telegram-transport.js +126 -0
package/src/lib/mega-brute-force.js +225 -0
package/src/lib/mega-circuit-breaker.js +412 -0
package/src/lib/mega-cron.js +169 -0
package/src/lib/mega-hash.js +179 -0
package/src/lib/mega-health.js +91 -0
package/src/lib/mega-job-queue.js +600 -0
package/src/lib/mega-job-worker.js +295 -0
package/src/lib/mega-job.js +140 -0
package/src/lib/mega-logger.js +128 -0
package/src/lib/mega-metrics.js +661 -0
package/src/lib/mega-plugin.js +650 -0
package/src/lib/mega-retry.js +95 -0
package/src/lib/mega-schedule.js +507 -0
package/src/lib/mega-shutdown.js +176 -0
package/src/lib/mega-tracing.js +715 -0
package/src/lib/mega-worker.js +653 -0
package/src/lib/worker-runner/process-entry.js +30 -0
package/src/lib/worker-runner/task-dispatch.js +72 -0
package/src/lib/worker-runner/thread-entry.js +26 -0
package/src/models/index.js +7 -0
package/src/models/mega-model.js +151 -0
package/src/test/index.js +288 -0
package/templates/adapter/code.tpl +40 -0
package/templates/adapter/test.tpl +13 -0
package/templates/app/app.config.tpl +10 -0
package/templates/app/route.tpl +10 -0
package/templates/app/test.tpl +13 -0
package/templates/channel/code.tpl +38 -0
package/templates/channel/test.tpl +19 -0
package/templates/controller/code.tpl +16 -0
package/templates/controller/route.tpl +9 -0
package/templates/controller/test.tpl +14 -0
package/templates/job/code.tpl +23 -0
package/templates/job/test.tpl +17 -0
package/templates/locale/code.tpl +3 -0
package/templates/locale/test.tpl +13 -0
package/templates/middleware/code.tpl +13 -0
package/templates/middleware/test.tpl +11 -0
package/templates/migration/code.tpl +20 -0
package/templates/migration/test.tpl +14 -0
package/templates/model/code.tpl +21 -0
package/templates/model/test.tpl +29 -0
package/templates/project/app.config.tpl +8 -0
package/templates/project/app.config.views.tpl +37 -0
package/templates/project/ecosystem.config.tpl +10 -0
package/templates/project/env.tpl +12 -0
package/templates/project/gitignore.tpl +8 -0
package/templates/project/locales/client/en.json.tpl +3 -0
package/templates/project/locales/client/ko.json.tpl +3 -0
package/templates/project/locales/server/en.json.tpl +17 -0
package/templates/project/locales/server/ko.json.tpl +17 -0
package/templates/project/mega.config.tpl +11 -0
package/templates/project/package.tpl +25 -0
package/templates/project/public/css/app.css +101 -0
package/templates/project/public/js/app.js +54 -0
package/templates/project/public/js/theme-init.js +12 -0
package/templates/project/public/vendor/bootstrap/bootstrap.bundle.min.js +7 -0
package/templates/project/public/vendor/bootstrap/bootstrap.min.css +6 -0
package/templates/project/readme.tpl +48 -0
package/templates/project/route.test.tpl +13 -0
package/templates/project/route.test.views.tpl +15 -0
package/templates/project/route.tpl +10 -0
package/templates/project/route.views.tpl +10 -0
package/templates/project/views/index.ejs.tpl +58 -0
package/templates/project/views/layout.ejs.tpl +73 -0
package/templates/project/vitest.config.tpl +8 -0
package/templates/route/code.tpl +11 -0
package/templates/route/test.tpl +26 -0
package/templates/schedule/code.tpl +19 -0
package/templates/schedule/test.tpl +17 -0
package/templates/service/code.tpl +18 -0
package/templates/service/test.tpl +17 -0
package/templates/worker/code.tpl +14 -0
package/templates/worker/task.tpl +13 -0
package/templates/worker/test.tpl +18 -0
package/vitest.config.js +33 -0

package/sample/crud/apps/main/public/vendor/mega-client-wasm/mega_client_wasm_bg.wasm ADDED Viewed

Binary file

package/sample/crud/apps/main/routes/auth.js ADDED Viewed

@@ -0,0 +1,15 @@
+// @ts-check
+/**
+ * apps/main/routes/auth.js — 인증 라우트(자동 로딩, loadRoutes, ADR-155). 로그인/로그아웃/회원가입은
+ * `/admin/**` 보호 영역 **밖**에 둔다(보호 영역 안이면 비로그인 → 로그인 리다이렉트 루프). HTML 폼은
+ * GET/POST 만 쓰므로 로그아웃도 POST(+CSRF)다.
+ */
+import { AuthController } from '../controllers/auth-controller.js'
+export default (/** @type {any} */ router) => {
+  router.http.get('/auth/login', AuthController.loginForm)
+  router.http.post('/auth/login', AuthController.login)
+  router.http.post('/auth/logout', AuthController.logout)
+  router.http.get('/register', AuthController.registerForm)
+  router.http.post('/register', AuthController.register)
+}

package/sample/crud/apps/main/routes/cron.js ADDED Viewed

@@ -0,0 +1,14 @@
+// @ts-check
+/**
+ * apps/main/routes/cron.js — /demo/cron 스케줄러 데모 UI 라우트(자동 로딩, loadRoutes, ADR-157).
+ * `webRequireAuth`(ADR-155)로 보호한다(비로그인은 로그인 페이지로). 수동 실행은 HTML 폼이라 POST 다.
+ */
+import { CronController } from '../controllers/cron-controller.js'
+import { webRequireAuth } from '../middleware/web-auth.js'
+export default (/** @type {any} */ router) => {
+  /** @type {{ before: Function[] }} 데모 UI 보호 가드(로그인 필요). */
+  const guarded = { before: [webRequireAuth] }
+  router.http.get('/demo/cron', CronController.index, guarded)
+  router.http.post('/demo/cron/run', CronController.runNow, guarded)
+}

package/sample/crud/apps/main/routes/guide.js ADDED Viewed

@@ -0,0 +1,25 @@
+// @ts-check
+/**
+ * apps/main/routes/guide.js — /guide 가이드 뷰어(MPA) 라우트(자동 로딩, loadRoutes, ADR-157).
+ * `webRequireAuth`(ADR-155)로 보호한다(비로그인은 로그인 페이지로). 둘 다 읽기 전용 GET 이다.
+ */
+import { GuideController } from '../controllers/guide-controller.js'
+import { webRequireAuth } from '../middleware/web-auth.js'
+/**
+ * slug path 파라미터 스키마(ADR-019) — 라우터 AJV 가 형식을 1차 검증해 잘못된 slug 를 핸들러 진입 전에
+ * 400 으로 막는다(소문자·숫자로 시작, 이후 소문자·숫자·하이픈만). guide-service 의 화이트리스트·SLUG_RE
+ * 가드는 그대로 둔다 — 경로 조작 차단의 심층 방어이자, 형식은 맞지만 존재하지 않는 slug 의 404 처리를 맡는다.
+ */
+const slugParams = {
+  type: 'object',
+  required: ['slug'],
+  properties: { slug: { type: 'string', pattern: '^[a-z0-9][a-z0-9-]*$', maxLength: 100 } },
+}
+export default (/** @type {any} */ router) => {
+  /** @type {{ before: Function[] }} 가이드 뷰어 보호 가드(로그인 필요). */
+  const guarded = { before: [webRequireAuth] }
+  router.http.get('/guide', GuideController.index, guarded)
+  router.http.get('/guide/:slug', GuideController.page, { ...guarded, schema: { params: slugParams } })
+}

package/sample/crud/apps/main/routes/jobs.js ADDED Viewed

@@ -0,0 +1,14 @@
+// @ts-check
+/**
+ * apps/main/routes/jobs.js — /demo/jobs 잡 큐 데모 UI 라우트(자동 로딩, loadRoutes, ADR-157).
+ * `webRequireAuth`(ADR-155)로 보호한다. enqueue 는 HTML 폼이라 POST(CSRF 토큰 검증).
+ */
+import { JobsController } from '../controllers/jobs-controller.js'
+import { webRequireAuth } from '../middleware/web-auth.js'
+export default (/** @type {any} */ router) => {
+  /** @type {{ before: Function[] }} 데모 UI 보호 가드(로그인 필요). */
+  const guarded = { before: [webRequireAuth] }
+  router.http.get('/demo/jobs', JobsController.index, guarded)
+  router.http.post('/demo/jobs/enqueue', JobsController.enqueue, guarded)
+}

package/sample/crud/apps/main/routes/logs.js ADDED Viewed

@@ -0,0 +1,28 @@
+// @ts-check
+/**
+ * apps/main/routes/logs.js — /demo/logs 구조적 로깅 데모 UI 라우트(자동 로딩, loadRoutes, ADR-157/163).
+ * `webRequireAuth`(ADR-155)로 보호한다. 로그 emit 은 HTML 폼이라 POST(PRG).
+ */
+import { LogsController } from '../controllers/logs-controller.js'
+import { webRequireAuth } from '../middleware/web-auth.js'
+/**
+ * emit 폼 body 스키마(ADR-019) — 라우터 AJV 가 타입·길이를 검증한다. level 의 허용값(allowlist) 판정과
+ * 빈값 폴백은 logs-demo-service 가 도메인 규칙으로 계속 맡으므로(중복 금지) 여기선 타입만 본다. message 는
+ * 과대 페이로드(비치명적 본문) 차단용 상한만 둔다. CSRF 토큰(`_csrf`)이 같은 폼 body 로 오므로
+ * additionalProperties 는 닫지 않는다 — 글로벌 CSRF 가드(preHandler)가 검증 후 소비한다.
+ */
+const emitBody = {
+  type: 'object',
+  properties: {
+    level: { type: 'string' },
+    message: { type: 'string', maxLength: 500 },
+  },
+}
+export default (/** @type {any} */ router) => {
+  /** @type {{ before: Function[] }} 데모 UI 보호 가드(로그인 필요). */
+  const guarded = { before: [webRequireAuth] }
+  router.http.get('/demo/logs', LogsController.index, guarded)
+  router.http.post('/demo/logs/emit', LogsController.emit, { ...guarded, schema: { body: emitBody } })
+}

package/sample/crud/apps/main/routes/metrics.js ADDED Viewed

@@ -0,0 +1,13 @@
+// @ts-check
+/**
+ * apps/main/routes/metrics.js — /demo/metrics 관측 데모 UI 라우트(자동 로딩, loadRoutes, ADR-157/163).
+ * `webRequireAuth`(ADR-155)로 보호한다(비로그인은 로그인 페이지로).
+ */
+import { MetricsController } from '../controllers/metrics-controller.js'
+import { webRequireAuth } from '../middleware/web-auth.js'
+export default (/** @type {any} */ router) => {
+  /** @type {{ before: Function[] }} 데모 UI 보호 가드(로그인 필요). */
+  const guarded = { before: [webRequireAuth] }
+  router.http.get('/demo/metrics', MetricsController.index, guarded)
+}

package/sample/crud/apps/main/routes/notes.js ADDED Viewed

@@ -0,0 +1,19 @@
+// @ts-check
+/**
+ * apps/main/routes/notes.js — mongo notes 데모 UI(MPA) 라우트(자동 로딩, loadRoutes, ADR-157).
+ * users 의 web.js 와 같은 규약 — HTML 폼은 GET/POST 만 쓰므로 수정/삭제도 POST 다. `/demo/notes`
+ * 네임스페이스 전체를 `webRequireAuth`(ADR-155)로 보호한다(비로그인은 로그인 페이지로 리다이렉트).
+ */
+import { NoteController } from '../controllers/note-controller.js'
+import { webRequireAuth } from '../middleware/web-auth.js'
+export default (/** @type {any} */ router) => {
+  /** @type {{ before: Function[] }} 데모 UI 보호 가드(로그인 필요). */
+  const guarded = { before: [webRequireAuth] }
+  router.http.get('/demo/notes', NoteController.list, guarded)
+  router.http.get('/demo/notes/new', NoteController.newForm, guarded)
+  router.http.post('/demo/notes', NoteController.create, guarded)
+  router.http.get('/demo/notes/:id/edit', NoteController.editForm, guarded)
+  router.http.post('/demo/notes/:id', NoteController.update, guarded)
+  router.http.post('/demo/notes/:id/delete', NoteController.destroy, guarded)
+}

package/sample/crud/apps/main/routes/perf.js ADDED Viewed

@@ -0,0 +1,47 @@
+// @ts-check
+/**
+ * apps/main/routes/perf.js — /perf 성능 벤치마크 데모 UI + 실행 라우트(자동 로딩, loadRoutes, ADR-157).
+ * `webRequireAuth`(ADR-155)로 보호한다(비로그인은 로그인 페이지로). 실행(run)은 AJAX(JSON) 엔드포인트라
+ * CSRF 는 토큰 면제 + Origin 검증으로 통과한다(ADR-051). body 는 AJV 스키마로 검증한다(ADR-019).
+ */
+import { PerfController } from '../controllers/perf-controller.js'
+import { webRequireAuth } from '../middleware/web-auth.js'
+/**
+ * POST /perf/run body 스키마(AJV). scenario enum 은 서비스 SCENARIO_LIMITS 키와 동일 집합. iterations 는
+ * 필수, concurrency/payloadSize 는 선택(미지정 시 서비스가 시나리오별 디폴트·clamp 적용). additionalProperties:
+ * false — JSON 요청이라 폼 `_csrf` 필드가 섞이지 않으므로 엄격하게 닫는다(per ADR-051 JSON 토큰 면제).
+ */
+const runSchema = {
+  body: {
+    type: 'object',
+    required: ['scenario', 'iterations'],
+    additionalProperties: false,
+    properties: {
+      scenario: {
+        type: 'string',
+        enum: [
+          'http.echo',
+          'http.jsonSmall',
+          'http.jsonLarge',
+          'crypto.hash',
+          'crypto.aspRoundtrip',
+          'db.pg.insertSelect',
+          'db.mongo.insertFind',
+          'cache.redis.setGet',
+          'session.createRead',
+        ],
+      },
+      iterations: { type: 'integer', minimum: 1, maximum: 100000 },
+      concurrency: { type: 'integer', minimum: 1, maximum: 100 },
+      payloadSize: { type: 'integer', minimum: 0, maximum: 1048576 },
+    },
+  },
+}
+export default (/** @type {any} */ router) => {
+  /** @type {{ before: Function[] }} 데모 UI 보호 가드(로그인 필요). */
+  const guarded = { before: [webRequireAuth] }
+  router.http.get('/perf', PerfController.index, guarded)
+  router.http.post('/perf/run', PerfController.run, { before: [webRequireAuth], schema: runSchema })
+}

package/sample/crud/apps/main/routes/redis.js ADDED Viewed

@@ -0,0 +1,14 @@
+// @ts-check
+/**
+ * apps/main/routes/redis.js — /demo/redis 데모 UI(MPA) 라우트(자동 로딩, loadRoutes, ADR-157).
+ * `webRequireAuth`(ADR-155)로 보호한다(비로그인은 로그인 페이지로). 캐시 비우기는 HTML 폼이라 POST 다.
+ */
+import { RedisController } from '../controllers/redis-controller.js'
+import { webRequireAuth } from '../middleware/web-auth.js'
+export default (/** @type {any} */ router) => {
+  /** @type {{ before: Function[] }} 데모 UI 보호 가드(로그인 필요). */
+  const guarded = { before: [webRequireAuth] }
+  router.http.get('/demo/redis', RedisController.index, guarded)
+  router.http.post('/demo/redis/clear', RedisController.clearCache, guarded)
+}

package/sample/crud/apps/main/routes/tracing.js ADDED Viewed

@@ -0,0 +1,14 @@
+// @ts-check
+/**
+ * apps/main/routes/tracing.js — /demo/tracing 분산 추적 데모 UI 라우트(자동 로딩, loadRoutes, ADR-157/163).
+ * `webRequireAuth`(ADR-155)로 보호한다. trace 생성은 HTML 폼이라 POST(PRG).
+ */
+import { TracingController } from '../controllers/tracing-controller.js'
+import { webRequireAuth } from '../middleware/web-auth.js'
+export default (/** @type {any} */ router) => {
+  /** @type {{ before: Function[] }} 데모 UI 보호 가드(로그인 필요). */
+  const guarded = { before: [webRequireAuth] }
+  router.http.get('/demo/tracing', TracingController.index, guarded)
+  router.http.post('/demo/tracing/generate', TracingController.generate, guarded)
+}

package/sample/crud/apps/main/routes/upload.js ADDED Viewed

@@ -0,0 +1,16 @@
+// @ts-check
+/**
+ * apps/main/routes/upload.js — /demo/upload 파일 업로드 데모 UI 라우트(자동 로딩, loadRoutes, ADR-157/163).
+ * `webRequireAuth`(ADR-155)로 보호한다. 업로드는 multipart POST(fetch + csrf-token 헤더).
+ */
+import { UploadController } from '../controllers/upload-controller.js'
+import { webRequireAuth } from '../middleware/web-auth.js'
+export default (/** @type {any} */ router) => {
+  /** @type {{ before: Function[] }} 데모 UI 보호 가드(로그인 필요). */
+  const guarded = { before: [webRequireAuth] }
+  router.http.get('/demo/upload', UploadController.index, guarded)
+  router.http.post('/demo/upload', UploadController.upload, guarded)
+  // 다운로드 — 소스에서 파일 읽어 전송(인증 필요). 가드를 떼면 공개 다운로드로 전환된다.
+  router.http.get('/demo/upload/file/:name', UploadController.download, guarded)
+}

package/sample/crud/apps/main/routes/users.js ADDED Viewed

@@ -0,0 +1,54 @@
+// @ts-check
+/**
+ * apps/main/routes/users.js — users REST 라우트(자동 로딩, loadRoutes). 단일 시그니처
+ * `router.http.<method>(path, handler)`(ADR-074). 핸들러는 컨트롤러 정적 메서드 참조 — 라우트·컨트롤러는
+ * 모델을 직접 import 하지 않는다(ADR-022, `mega/no-direct-model-import`).
+ *
+ * JSON API 는 프레임워크 `requireAuth`(mega-framework/auth, ADR-143/155)로 보호한다 — 비로그인 호출은
+ * 401 `auth.required` envelope. 세션 쿠키(`mega.sid`)를 가진 요청만 통과한다(웹 UI 와 같은 세션).
+ */
+import { requireAuth } from 'mega-framework/auth'
+import { UserController } from '../controllers/user-controller.js'
+/**
+ * users REST 라우트의 OpenAPI 메타·schema(ADR-070/140/163). openapi 메타(tags/summary/description)는 명세에
+ * 그대로 반영되고, body schema 는 명세 표시용으로 **비강제**(required 없음)라 기존 검증 동작을 바꾸지 않는다
+ * (필드 검증은 user-service 가 담당, ADR). path 파라미터(id)는 문자열로 문서화한다.
+ */
+const idParams = { type: 'object', properties: { id: { type: 'string', description: '사용자 id' } } }
+const userBody = {
+  type: 'object',
+  properties: {
+    name: { type: 'string', description: '사용자 이름' },
+    email: { type: 'string', format: 'email', description: '이메일' },
+  },
+}
+export default (/** @type {any} */ router) => {
+  /** @type {{ before: Function[] }} REST API 인증 가드(401 throw). */
+  const guarded = { before: [requireAuth] }
+  router.http.get('/users', UserController.index, {
+    ...guarded,
+    openapi: { tags: ['users'], summary: '사용자 목록', description: '모든 사용자를 반환한다.' },
+  })
+  router.http.get('/users/:id', UserController.show, {
+    ...guarded,
+    schema: { params: idParams },
+    openapi: { tags: ['users'], summary: '사용자 조회', description: 'id 로 단일 사용자를 반환한다.' },
+  })
+  router.http.post('/users', UserController.create, {
+    ...guarded,
+    schema: { body: userBody },
+    openapi: { tags: ['users'], summary: '사용자 생성', description: 'name·email 로 사용자를 생성한다.' },
+  })
+  router.http.put('/users/:id', UserController.update, {
+    ...guarded,
+    schema: { params: idParams, body: userBody },
+    openapi: { tags: ['users'], summary: '사용자 수정', description: 'id 사용자를 수정한다.' },
+  })
+  router.http.delete('/users/:id', UserController.destroy, {
+    ...guarded,
+    schema: { params: idParams },
+    openapi: { tags: ['users'], summary: '사용자 삭제', description: 'id 사용자를 삭제한다.' },
+  })
+}

package/sample/crud/apps/main/routes/web.js ADDED Viewed

@@ -0,0 +1,23 @@
+// @ts-check
+/**
+ * apps/main/routes/web.js — 관리 UI(MPA) 라우트(자동 로딩, loadRoutes). JSON REST API(`/users`,
+ * routes/users.js)와 충돌하지 않도록 UI 는 `/admin/users` 네임스페이스를 쓴다. HTML 폼은 GET/POST 만
+ * 쓰므로 수정/삭제도 POST 다(브라우저 폼 제약 — PUT/DELETE 는 JSON API 쪽이 RESTful 하게 제공).
+ *
+ * `/admin/**` 는 `webRequireAuth`(ADR-155)로 보호한다 — 비로그인 접근은 로그인 페이지로 리다이렉트.
+ * 랜딩(`/`)은 공개라 가드를 걸지 않는다.
+ */
+import { WebController } from '../controllers/web-controller.js'
+import { webRequireAuth } from '../middleware/web-auth.js'
+export default (/** @type {any} */ router) => {
+  /** @type {{ before: Function[] }} 관리 UI 보호 가드(로그인 필요). */
+  const guarded = { before: [webRequireAuth] }
+  router.http.get('/', WebController.home)
+  router.http.get('/admin/users', WebController.list, guarded)
+  router.http.get('/admin/users/new', WebController.newForm, guarded)
+  router.http.post('/admin/users', WebController.create, guarded)
+  router.http.get('/admin/users/:id/edit', WebController.editForm, guarded)
+  router.http.post('/admin/users/:id', WebController.update, guarded)
+  router.http.post('/admin/users/:id/delete', WebController.destroy, guarded)
+}

package/sample/crud/apps/main/routes/worker.js ADDED Viewed

@@ -0,0 +1,15 @@
+// @ts-check
+/**
+ * apps/main/routes/worker.js — /demo/worker CPU 워커 풀 데모 UI 라우트(자동 로딩, loadRoutes, ADR-157).
+ * `webRequireAuth`(ADR-155)로 보호한다. 실행(run)·하트비트(ping)는 AJAX(JSON) 엔드포인트다.
+ */
+import { WorkerController } from '../controllers/worker-controller.js'
+import { webRequireAuth } from '../middleware/web-auth.js'
+export default (/** @type {any} */ router) => {
+  /** @type {{ before: Function[] }} 데모 UI 보호 가드(로그인 필요). */
+  const guarded = { before: [webRequireAuth] }
+  router.http.get('/demo/worker', WorkerController.index, guarded)
+  router.http.post('/demo/worker/run', WorkerController.run, guarded)
+  router.http.get('/demo/worker/ping', WorkerController.ping, guarded)
+}

package/sample/crud/apps/main/routes/ws.js ADDED Viewed

@@ -0,0 +1,30 @@
+// @ts-check
+/**
+ * apps/main/routes/ws.js — /demo/ws 채팅 데모 페이지 + /ws/chat WebSocket 엔드포인트(자동 로딩, ADR-158).
+ *
+ * 페이지(`/demo/ws`)는 webRequireAuth 로, WS upgrade(`/ws/chat`)는 makeWsRequireAuth(세션 직접 확인)로
+ * 보호한다 — 둘 다 로그인 필요. WS 채널 메시지 `chat.send` 의 payload(text)는 schemas 로 사전 검증된다(M2).
+ */
+import { WsController } from '../controllers/ws-controller.js'
+import { ChatChannel } from '../channels/chat-channel.js'
+import { webRequireAuth } from '../middleware/web-auth.js'
+import { makeWsRequireAuth } from '../middleware/ws-auth.js'
+/** chat.send payload 스키마 — text 1~500자만 허용(빈 메시지·과대 페이로드 차단). */
+const CHAT_SEND_SCHEMA = {
+  type: 'object',
+  required: ['text'],
+  properties: { text: { type: 'string', minLength: 1, maxLength: 500 } },
+  additionalProperties: false,
+}
+export default (/** @type {any} */ router) => {
+  // 데모 셸 페이지(MPA) — 로그인 가드(비로그인은 로그인 페이지로).
+  router.http.get('/demo/ws', WsController.index, { before: [webRequireAuth] })
+  // 실 WS 엔드포인트 — upgrade 시 세션 인증(makeWsRequireAuth). ns=/ws/chat 는 ASP E: 로 종단(app.config asp).
+  router.ws('/ws/chat', ChatChannel, {
+    before: [makeWsRequireAuth(router.app)],
+    schemas: { 'chat.send': CHAT_SEND_SCHEMA },
+  })
+}

package/sample/crud/apps/main/schedules/cron-counter-schedule.js ADDED Viewed

@@ -0,0 +1,30 @@
+// @ts-check
+import { MegaSchedule } from 'mega-framework'
+import { CronDemoService } from '../services/cron-demo-service.js'
+/**
+ * CronCounterSchedule — /demo/cron 정기 작업(ADR-028/118). `mega scheduler` 프로세스가 실행한다(config.schedules).
+ *
+ * 30초마다 'demo' 캐시(redis)의 누적 카운터를 1 올리고 실행 이력을 남긴다(CronDemoService.tick). 웹 페이지는
+ * 같은 redis 를 읽어 실행 이력과 다음 실행 시각을 보여준다.
+ *
+ * # 클러스터 중복방지 (leader election)
+ *   같은 스케줄을 scheduler 프로세스 여러 개에 띄우면(ecosystem 의 instances>1) 한 tick 에 양쪽이 동시에
+ *   카운터를 올려 **중복 실행**된다. `static lock` 을 선언하면 MegaScheduler 가 실행 직전 분산 락(redlock)을
+ *   딱 1개만 잡게 해(retryCount:0 — 못 잡으면 즉시 skip), tick 당 한 인스턴스만 실행한다(ADR-118/113).
+ *   ttl(ms)은 tick(원자적 INCR, 수 ms) 소요보다 넉넉하면서 다음 주기(30초)보다는 짧게 둬, 락 해제가 실패해도
+ *   다음 주기엔 자동 만료돼 재경쟁한다.
+ */
+export class CronCounterSchedule extends MegaSchedule {
+  static cron = CronDemoService.CRON_EXPR
+  static timezone = CronDemoService.TIMEZONE
+  static lock = { lock: 'main', ttl: 20_000 }
+  /**
+   * @param {Record<string, any>} ctx - scheduler 프로세스 컨텍스트(ctx.cache('demo') 글로벌 키).
+   * @returns {Promise<void>}
+   */
+  async run(ctx) {
+    await new CronDemoService(ctx).tick('schedule')
+  }
+}

package/sample/crud/apps/main/services/auth-service.js ADDED Viewed

@@ -0,0 +1,74 @@
+// @ts-check
+import { MegaService } from 'mega-framework'
+import { MegaHash } from 'mega-framework'
+import { MegaValidationError, MegaConflictError } from 'mega-framework/errors'
+import { User } from '../models/user.js'
+/**
+ * AuthService — 회원가입·로그인 검증 로직(ADR-155). 파일명 `auth-service.js` → 자동 DI 이름 `auth`
+ * (ctx.services.auth, ADR-148). 비밀번호는 scrypt(MegaHash, ADR-130)로 해시해 저장하고, 검증은 상수
+ * 시간 비교로 한다 — 평문은 어디에도 저장·로그하지 않는다.
+ *
+ * brute-force(반복 시도 잠금)는 이 서비스가 아니라 컨트롤러가 `ctx.bruteForce`(redis, ADR-049/130)로
+ * 다룬다 — 잠금은 HTTP 요청(IP)·세션 흐름에 묶여 있어 컨트롤러 책임이기 때문이다.
+ */
+export class AuthService extends MegaService {
+  /** 비밀번호 최소 길이(OWASP Password Storage Cheat Sheet — 최소 8자 권장). */
+  static MIN_PASSWORD = 8
+  /**
+   * 새 계정을 만든다. name·email·password 를 검증하고 비밀번호를 해시해 저장한다.
+   * @param {{ name?: unknown, email?: unknown, password?: unknown }} input
+   * @returns {Promise<{ id: number, name: string, email: string, created_at: string }>}
+   * @throws {MegaValidationError} `auth.invalid` - 필수값 누락 또는 비밀번호가 너무 짧음.
+   * @throws {MegaConflictError} `user.email_taken` - 이메일 중복.
+   */
+  async register(input) {
+    const name = typeof input?.name === 'string' ? input.name.trim() : ''
+    const email = typeof input?.email === 'string' ? input.email.trim().toLowerCase() : ''
+    const password = typeof input?.password === 'string' ? input.password : ''
+    if (!name || !email) {
+      throw new MegaValidationError('auth.invalid', 'name and email are required', { details: { name: !!name, email: !!email, password: password.length >= AuthService.MIN_PASSWORD } })
+    }
+    if (password.length < AuthService.MIN_PASSWORD) {
+      throw new MegaValidationError('auth.invalid', `password must be at least ${AuthService.MIN_PASSWORD} characters`, { details: { name: !!name, email: !!email, password: false } })
+    }
+    const passwordHash = await MegaHash.password.hash(password)
+    this.log.debug?.({ email }, 'auth.register')
+    try {
+      return await User.register({ name, email, passwordHash })
+    } catch (err) {
+      // 이메일 중복(postgres unique_violation 23505)은 도메인 충돌(409)로 매핑(P4 — 명시 처리 후 throw).
+      if (/** @type {any} */ (err)?.code === '23505') {
+        throw new MegaConflictError('user.email_taken', `email '${email}' already exists`, { details: { email }, cause: err })
+      }
+      throw err
+    }
+  }
+  /**
+   * 이메일+비밀번호를 검증한다. 일치하면 마지막 로그인 시각을 갱신하고 사용자 식별 정보를 돌려준다.
+   * 실패(없는 이메일·비밀번호 미설정 계정·불일치)는 **이유를 구분하지 않고** null 을 돌려준다
+   * (user enumeration 방지 — 어느 쪽이 틀렸는지 노출하지 않는다, OWASP Authentication Cheat Sheet).
+   * @param {{ email?: unknown, password?: unknown }} input
+   * @returns {Promise<{ id: number, name: string } | null>}
+   */
+  async authenticate(input) {
+    const email = typeof input?.email === 'string' ? input.email.trim().toLowerCase() : ''
+    const password = typeof input?.password === 'string' ? input.password : ''
+    if (!email || !password) return null
+    const row = await User.findByEmailWithHash(email)
+    this.log.debug?.({ email, found: row !== null }, 'auth.authenticate lookup')
+    if (row === null || typeof row.password_hash !== 'string') {
+      // 없는 이메일이거나 비밀번호 미설정(admin CRUD 로 만든 계정) — 둘 다 로그인 불가.
+      return null
+    }
+    const ok = await MegaHash.password.verify(password, row.password_hash)
+    if (!ok) {
+      this.log.debug?.({ email }, 'auth.authenticate mismatch')
+      return null
+    }
+    await User.touchLastLogin(row.id)
+    return { id: row.id, name: row.name }
+  }
+}

package/sample/crud/apps/main/services/cron-demo-service.js ADDED Viewed

@@ -0,0 +1,66 @@
+// @ts-check
+import { MegaService, MegaCron } from 'mega-framework'
+/**
+ * CronDemoService — /demo/cron 스케줄러 데모 로직(ADR-028/118). 파일명 `cron-demo-service.js` → 자동 DI
+ * 이름 `cronDemo`(ctx.services.cronDemo, ADR-148).
+ *
+ * `CronCounterSchedule`(mega scheduler 프로세스)과 웹 수동 실행 버튼(mega start 프로세스)이 **같은 tick()
+ * 로직**을 공유한다 — 둘 다 'demo' 캐시(redis db1)에 원자적 카운터(INCR)를 올리고 최근 실행 이력을 redis
+ * LIST(LPUSH + LTRIM)에 남긴다. 두 프로세스가 같은 redis 를 보므로 스케줄 자동 실행과 수동 실행이 한 화면에
+ * 함께 쌓인다. 다음 실행 시각은 croner 래퍼(MegaCron)로 계산한다(타이머 없는 순수 계산).
+ *
+ * 키는 'demo' 캐시 안에서 `demo:cron:*` 네임스페이스로 두어 /demo/redis 의 `demo:redis:*` 와 분리한다.
+ */
+export class CronDemoService extends MegaService {
+  /** cron 표현식(6필드 = 초 분 시 일 월 요일) — 30초마다. CronCounterSchedule 과 공유하는 정본. */
+  static CRON_EXPR = '*/30 * * * * *'
+  /** IANA 타임존 — 다음 실행 시각 계산·표시에 쓴다. */
+  static TIMEZONE = 'Asia/Seoul'
+  /** 누적 실행 카운터 키(원자적 INCR). */
+  static COUNT_KEY = 'demo:cron:count'
+  /** 최근 실행 이력 LIST 키(LPUSH 머리쪽 삽입 → 최신이 앞). */
+  static HISTORY_KEY = 'demo:cron:history'
+  /** 이력 보관 최대 건수(LTRIM 으로 유지). */
+  static HISTORY_MAX = 10
+  /**
+   * 실행 1회 기록 — 누적 카운터를 원자적으로 1 올리고, 실행 이력 1건을 LIST 머리에 넣은 뒤 최근 N건만 남긴다.
+   * 스케줄 자동 실행(source='schedule')과 웹 수동 실행(source='manual')이 같은 경로를 쓴다.
+   * @param {'schedule'|'manual'} source - 실행 출처(이력에 함께 저장 — 화면에서 구분 표시).
+   * @returns {Promise<{ count: number, at: string, source: 'schedule'|'manual' }>}
+   */
+  async tick(source) {
+    const redis = this.ctx.cache('demo').native
+    const count = await redis.incr(CronDemoService.COUNT_KEY)
+    const at = new Date().toISOString()
+    await redis.lpush(CronDemoService.HISTORY_KEY, JSON.stringify({ at, count, source }))
+    // 머리쪽(0)부터 N-1 까지만 남기고 나머지(오래된 꼬리)는 버린다 — 무한 적재 방지.
+    await redis.ltrim(CronDemoService.HISTORY_KEY, 0, CronDemoService.HISTORY_MAX - 1)
+    this.ctx.log?.debug?.({ count, source }, 'cron-demo.tick')
+    return { count, at, source }
+  }
+  /**
+   * 화면 렌더용 스냅샷 — 누적 카운터 + 최근 실행 이력(최신순) + 다음 실행 시각 N개.
+   * @returns {Promise<{ count: number, history: Array<{ at: string, count: number, source: string }>, nextRuns: Date[], cron: string, timezone: string }>}
+   */
+  async snapshot() {
+    const redis = this.ctx.cache('demo').native
+    const rawCount = await redis.get(CronDemoService.COUNT_KEY)
+    const count = rawCount === null || rawCount === undefined ? 0 : Number(rawCount)
+    const rawList = await redis.lrange(CronDemoService.HISTORY_KEY, 0, CronDemoService.HISTORY_MAX - 1)
+    const history = rawList.map((/** @type {string} */ s) => JSON.parse(s))
+    // 다음 5개 발생 시각(타이머 미가동 순수 계산). 표현식이 무효면 register 단계에서 이미 throw 됐을 것.
+    const nextRuns = MegaCron.nextRuns(CronDemoService.CRON_EXPR, 5, undefined, {
+      timezone: CronDemoService.TIMEZONE,
+    })
+    return {
+      count,
+      history,
+      nextRuns,
+      cron: CronDemoService.CRON_EXPR,
+      timezone: CronDemoService.TIMEZONE,
+    }
+  }
+}