mongodb 6.16.0 → 6.17.0

package/src/cmap/auth/mongodb_oidc/gcp_machine_workflow.ts

@@ -1,8 +1,6 @@
 import { MongoGCPError } from '../../../error';
 import { get } from '../../../utils';
-import { type MongoCredentials } from '../mongo_credentials';
-import { type AccessToken, MachineWorkflow } from './machine_workflow';
-import { type TokenCache } from './token_cache';
+import type { OIDCCallbackFunction, OIDCCallbackParams, OIDCResponse } from '../mongodb_oidc';
 
 /** GCP base URL. */
 const GCP_BASE_URL =
@@ -15,30 +13,25 @@ const GCP_HEADERS = Object.freeze({ 'Metadata-Flavor': 'Google' });
 const TOKEN_RESOURCE_MISSING_ERROR =
   'TOKEN_RESOURCE must be set in the auth mechanism properties when ENVIRONMENT is gcp.';
 
-export class GCPMachineWorkflow extends MachineWorkflow {
-  /**
-   * Instantiate the machine workflow.
-   */
-  constructor(cache: TokenCache) {
-    super(cache);
-  }
-
-  /**
-   * Get the token from the environment.
-   */
-  async getToken(credentials?: MongoCredentials): Promise<AccessToken> {
-    const tokenAudience = credentials?.mechanismProperties.TOKEN_RESOURCE;
-    if (!tokenAudience) {
-      throw new MongoGCPError(TOKEN_RESOURCE_MISSING_ERROR);
-    }
-    return await getGcpTokenData(tokenAudience);
+/**
+ * The callback function to be used in the automated callback workflow.
+ * @param params - The OIDC callback parameters.
+ * @returns The OIDC response.
+ */
+export const callback: OIDCCallbackFunction = async (
+  params: OIDCCallbackParams
+): Promise<OIDCResponse> => {
+  const tokenAudience = params.tokenAudience;
+  if (!tokenAudience) {
+    throw new MongoGCPError(TOKEN_RESOURCE_MISSING_ERROR);
   }
-}
+  return await getGcpTokenData(tokenAudience);
+};
 
 /**
  * Hit the GCP endpoint to get the token data.
  */
-async function getGcpTokenData(tokenAudience: string): Promise<AccessToken> {
+async function getGcpTokenData(tokenAudience: string): Promise<OIDCResponse> {
   const url = new URL(GCP_BASE_URL);
   url.searchParams.append('audience', tokenAudience);
   const response = await get(url, {
@@ -49,5 +42,5 @@ async function getGcpTokenData(tokenAudience: string): Promise<AccessToken> {
       `Status code ${response.status} returned from the GCP endpoint. Response body: ${response.body}`
     );
   }
-  return { access_token: response.body };
+  return { accessToken: response.body };
 }

package/src/cmap/auth/mongodb_oidc/k8s_machine_workflow.ts

@@ -1,7 +1,6 @@
 import { readFile } from 'fs/promises';
 
-import { type AccessToken, MachineWorkflow } from './machine_workflow';
-import { type TokenCache } from './token_cache';
+import type { OIDCCallbackFunction, OIDCResponse } from '../mongodb_oidc';
 
 /** The fallback file name */
 const FALLBACK_FILENAME = '/var/run/secrets/kubernetes.io/serviceaccount/token';
@@ -12,27 +11,20 @@ const AZURE_FILENAME = 'AZURE_FEDERATED_TOKEN_FILE';
 /** The AWS environment variable for the file name. */
 const AWS_FILENAME = 'AWS_WEB_IDENTITY_TOKEN_FILE';
 
-export class K8SMachineWorkflow extends MachineWorkflow {
-  /**
-   * Instantiate the machine workflow.
-   */
-  constructor(cache: TokenCache) {
-    super(cache);
+/**
+ * The callback function to be used in the automated callback workflow.
+ * @param params - The OIDC callback parameters.
+ * @returns The OIDC response.
+ */
+export const callback: OIDCCallbackFunction = async (): Promise<OIDCResponse> => {
+  let filename: string;
+  if (process.env[AZURE_FILENAME]) {
+    filename = process.env[AZURE_FILENAME];
+  } else if (process.env[AWS_FILENAME]) {
+    filename = process.env[AWS_FILENAME];
+  } else {
+    filename = FALLBACK_FILENAME;
   }
-
-  /**
-   * Get the token from the environment.
-   */
-  async getToken(): Promise<AccessToken> {
-    let filename: string;
-    if (process.env[AZURE_FILENAME]) {
-      filename = process.env[AZURE_FILENAME];
-    } else if (process.env[AWS_FILENAME]) {
-      filename = process.env[AWS_FILENAME];
-    } else {
-      filename = FALLBACK_FILENAME;
-    }
-    const token = await readFile(filename, 'utf8');
-    return { access_token: token };
-  }
-}
+  const token = await readFile(filename, 'utf8');
+  return { accessToken: token };
+};

package/src/cmap/auth/mongodb_oidc/token_machine_workflow.ts

@@ -1,34 +1,21 @@
 import * as fs from 'fs';
 
 import { MongoAWSError } from '../../../error';
-import { type AccessToken, MachineWorkflow } from './machine_workflow';
-import { type TokenCache } from './token_cache';
+import type { OIDCCallbackFunction, OIDCResponse } from '../mongodb_oidc';
 
 /** Error for when the token is missing in the environment. */
 const TOKEN_MISSING_ERROR = 'OIDC_TOKEN_FILE must be set in the environment.';
 
 /**
- * Device workflow implementation for AWS.
- *
- * @internal
+ * The callback function to be used in the automated callback workflow.
+ * @param params - The OIDC callback parameters.
+ * @returns The OIDC response.
  */
-export class TokenMachineWorkflow extends MachineWorkflow {
-  /**
-   * Instantiate the machine workflow.
-   */
-  constructor(cache: TokenCache) {
-    super(cache);
+export const callback: OIDCCallbackFunction = async (): Promise<OIDCResponse> => {
+  const tokenFile = process.env.OIDC_TOKEN_FILE;
+  if (!tokenFile) {
+    throw new MongoAWSError(TOKEN_MISSING_ERROR);
   }
-
-  /**
-   * Get the token from the environment.
-   */
-  async getToken(): Promise<AccessToken> {
-    const tokenFile = process.env.OIDC_TOKEN_FILE;
-    if (!tokenFile) {
-      throw new MongoAWSError(TOKEN_MISSING_ERROR);
-    }
-    const token = await fs.promises.readFile(tokenFile, 'utf8');
-    return { access_token: token };
-  }
-}
+  const token = await fs.promises.readFile(tokenFile, 'utf8');
+  return { accessToken: token };
+};

package/src/cmap/auth/mongodb_oidc.ts

@@ -4,11 +4,12 @@ import type { HandshakeDocument } from '../connect';
 import type { Connection } from '../connection';
 import { type AuthContext, AuthProvider } from './auth_provider';
 import type { MongoCredentials } from './mongo_credentials';
-import { AzureMachineWorkflow } from './mongodb_oidc/azure_machine_workflow';
-import { GCPMachineWorkflow } from './mongodb_oidc/gcp_machine_workflow';
-import { K8SMachineWorkflow } from './mongodb_oidc/k8s_machine_workflow';
+import { AutomatedCallbackWorkflow } from './mongodb_oidc/automated_callback_workflow';
+import { callback as azureCallback } from './mongodb_oidc/azure_machine_workflow';
+import { callback as gcpCallback } from './mongodb_oidc/gcp_machine_workflow';
+import { callback as k8sCallback } from './mongodb_oidc/k8s_machine_workflow';
 import { TokenCache } from './mongodb_oidc/token_cache';
-import { TokenMachineWorkflow } from './mongodb_oidc/token_machine_workflow';
+import { callback as testCallback } from './mongodb_oidc/token_machine_workflow';
 
 /** Error when credentials are missing. */
 const MISSING_CREDENTIALS_ERROR = 'AuthContext must provide credentials.';
@@ -78,6 +79,8 @@ export interface OIDCCallbackParams {
   idpInfo?: IdPInfo;
   /** The refresh token, if applicable, to be used by the callback to request a new token from the issuer. */
   refreshToken?: string;
+  /** The token audience for GCP and Azure. */
+  tokenAudience?: string;
 }
 
 /**
@@ -93,6 +96,8 @@ type EnvironmentName = 'test' | 'azure' | 'gcp' | 'k8s' | undefined;
 
 /** @internal */
 export interface Workflow {
+  cache: TokenCache;
+
   /**
    * All device workflows must implement this method in order to get the access
    * token and then call authenticate with it.
@@ -116,10 +121,10 @@ export interface Workflow {
 
 /** @internal */
 export const OIDC_WORKFLOWS: Map<EnvironmentName, () => Workflow> = new Map();
-OIDC_WORKFLOWS.set('test', () => new TokenMachineWorkflow(new TokenCache()));
-OIDC_WORKFLOWS.set('azure', () => new AzureMachineWorkflow(new TokenCache()));
-OIDC_WORKFLOWS.set('gcp', () => new GCPMachineWorkflow(new TokenCache()));
-OIDC_WORKFLOWS.set('k8s', () => new K8SMachineWorkflow(new TokenCache()));
+OIDC_WORKFLOWS.set('test', () => new AutomatedCallbackWorkflow(new TokenCache(), testCallback));
+OIDC_WORKFLOWS.set('azure', () => new AutomatedCallbackWorkflow(new TokenCache(), azureCallback));
+OIDC_WORKFLOWS.set('gcp', () => new AutomatedCallbackWorkflow(new TokenCache(), gcpCallback));
+OIDC_WORKFLOWS.set('k8s', () => new AutomatedCallbackWorkflow(new TokenCache(), k8sCallback));
 
 /**
  * OIDC auth provider.

package/src/cmap/connect.ts

@@ -289,6 +289,7 @@ export const LEGAL_TLS_SOCKET_OPTIONS = [
 export const LEGAL_TCP_SOCKET_OPTIONS = [
   'autoSelectFamily',
   'autoSelectFamilyAttemptTimeout',
+  'keepAliveInitialDelay',
   'family',
   'hints',
   'localAddress',
@@ -306,6 +307,9 @@ function parseConnectOptions(options: ConnectionOptions): SocketConnectOpts {
       (result as Document)[name] = options[name];
     }
   }
+  result.keepAliveInitialDelay ??= 120000;
+  result.keepAlive = true;
+  result.noDelay = options.noDelay ?? true;
 
   if (typeof hostAddress.socketPath === 'string') {
     result.path = hostAddress.socketPath;
@@ -347,7 +351,6 @@ function parseSslOptions(options: MakeConnectionOptions): TLSConnectionOpts {
 
 export async function makeSocket(options: MakeConnectionOptions): Promise<Stream> {
   const useTLS = options.tls ?? false;
-  const noDelay = options.noDelay ?? true;
   const connectTimeoutMS = options.connectTimeoutMS ?? 30000;
   const existingSocket = options.existingSocket;
 
@@ -376,9 +379,7 @@ export async function makeSocket(options: MakeConnectionOptions): Promise<Stream
     socket = net.createConnection(parseConnectOptions(options));
   }
 
-  socket.setKeepAlive(true, 300000);
   socket.setTimeout(connectTimeoutMS);
-  socket.setNoDelay(noDelay);
 
   let cancellationHandler: ((err: Error) => void) | null = null;
 

package/src/cmap/connection.ts

@@ -247,9 +247,9 @@ export class Connection extends TypedEventEmitter<ConnectionEvents> {
     this.lastUseTime = now();
 
     this.messageStream = this.socket
-      .on('error', this.onError.bind(this))
+      .on('error', this.onSocketError.bind(this))
       .pipe(new SizedMessageTransform({ connection: this }))
-      .on('error', this.onError.bind(this));
+      .on('error', this.onTransformError.bind(this));
     this.socket.on('close', this.onClose.bind(this));
     this.socket.on('timeout', this.onTimeout.bind(this));
 
@@ -304,6 +304,14 @@ export class Connection extends TypedEventEmitter<ConnectionEvents> {
     this.lastUseTime = now();
   }
 
+  private onSocketError(cause: Error) {
+    this.onError(new MongoNetworkError(cause.message, { cause }));
+  }
+
+  private onTransformError(error: Error) {
+    this.onError(error);
+  }
+
   public onError(error: Error) {
     this.cleanup(error);
   }
@@ -769,7 +777,6 @@ export class Connection extends TypedEventEmitter<ConnectionEvents> {
     } finally {
       this.dataEvents = null;
       this.messageStream.pause();
-      this.throwIfAborted();
     }
   }
 }
@@ -857,7 +864,7 @@ export class CryptoConnection extends Connection {
     ns: MongoDBNamespace,
     cmd: Document,
     options?: CommandOptions,
-    responseType?: T | undefined
+    responseType?: T
   ): Promise<Document> {
     const { autoEncrypter } = this;
     if (!autoEncrypter) {

package/src/cmap/connection_pool.ts

@@ -17,6 +17,7 @@ import {
 } from '../constants';
 import {
   type AnyError,
+  MongoClientClosedError,
   type MongoError,
   MongoInvalidArgumentError,
   MongoMissingCredentialsError,
@@ -484,11 +485,17 @@ export class ConnectionPool extends TypedEventEmitter<ConnectionPoolEvents> {
     for (const connection of this.checkedOut) {
       if (connection.generation <= minGeneration) {
         connection.onError(new PoolClearedOnNetworkError(this));
-        this.checkIn(connection);
       }
     }
   }
 
+  /** For MongoClient.close() procedures */
+  public closeCheckedOutConnections() {
+    for (const conn of this.checkedOut) {
+      conn.onError(new MongoClientClosedError());
+    }
+  }
+
   /** Close the pool */
   close(): void {
     if (this.closed) {

package/src/cmap/wire_protocol/constants.ts

@@ -1,6 +1,6 @@
-export const MIN_SUPPORTED_SERVER_VERSION = '4.0';
+export const MIN_SUPPORTED_SERVER_VERSION = '4.2';
 export const MAX_SUPPORTED_SERVER_VERSION = '8.0';
-export const MIN_SUPPORTED_WIRE_VERSION = 7;
+export const MIN_SUPPORTED_WIRE_VERSION = 8;
 export const MAX_SUPPORTED_WIRE_VERSION = 25;
 export const MIN_SUPPORTED_QE_WIRE_VERSION = 21;
 export const MIN_SUPPORTED_QE_SERVER_VERSION = '7.0';

package/src/cmap/wire_protocol/on_demand/document.ts

@@ -262,7 +262,7 @@ export class OnDemandDocument {
   public get<const T extends keyof JSTypeOf>(
     name: string | number,
     as: T,
-    required?: boolean | undefined
+    required?: boolean
   ): JSTypeOf[T] | null;
 
   /** `required` will make `get` throw if name does not exist or is null/undefined */

package/src/cmap/wire_protocol/responses.ts

@@ -77,7 +77,7 @@ export class MongoDBResponse extends OnDemandDocument {
   public override get<const T extends keyof JSTypeOf>(
     name: string | number,
     as: T,
-    required?: false | undefined
+    required?: false
   ): JSTypeOf[T] | null;
   public override get<const T extends keyof JSTypeOf>(
     name: string | number,
@@ -87,7 +87,7 @@ export class MongoDBResponse extends OnDemandDocument {
   public override get<const T extends keyof JSTypeOf>(
     name: string | number,
     as: T,
-    required?: boolean | undefined
+    required?: boolean
   ): JSTypeOf[T] | null {
     try {
       return super.get(name, as, required);

package/src/collection.ts

@@ -87,6 +87,7 @@ import {
 } from './operations/update';
 import { ReadConcern, type ReadConcernLike } from './read_concern';
 import { ReadPreference, type ReadPreferenceLike } from './read_preference';
+import { type Sort } from './sort';
 import {
   DEFAULT_PK_FACTORY,
   MongoDBCollectionNamespace,
@@ -365,7 +366,7 @@ export class Collection<TSchema extends Document = Document> {
   async updateOne(
     filter: Filter<TSchema>,
     update: UpdateFilter<TSchema> | Document[],
-    options?: UpdateOptions
+    options?: UpdateOptions & { sort?: Sort }
   ): Promise<UpdateResult<TSchema>> {
     return await executeOperation(
       this.client,

package/src/connection_string.ts

@@ -605,6 +605,7 @@ function setOption(
       if (values[0] == null) {
         break;
       }
+      // eslint-disable-next-line @typescript-eslint/no-base-to-string
       mongoOptions[name] = String(values[0]);
       break;
     case 'record':
@@ -1273,6 +1274,7 @@ export const OPTIONS = {
   requestCert: { type: 'any' },
   rejectUnauthorized: { type: 'any' },
   checkServerIdentity: { type: 'any' },
+  keepAliveInitialDelay: { type: 'any' },
   ALPNProtocols: { type: 'any' },
   SNICallback: { type: 'any' },
   session: { type: 'any' },

package/src/constants.ts

@@ -1,4 +1,3 @@
-/* eslint-disable @typescript-eslint/no-unnecessary-type-assertion */
 export const SYSTEM_NAMESPACE_COLLECTION = 'system.namespaces';
 export const SYSTEM_INDEX_COLLECTION = 'system.indexes';
 export const SYSTEM_PROFILE_COLLECTION = 'system.profile';

package/src/encrypter.ts

@@ -1,11 +1,8 @@
-import { callbackify } from 'util';
-
 import { AutoEncrypter, type AutoEncryptionOptions } from './client-side-encryption/auto_encrypter';
 import { MONGO_CLIENT_EVENTS } from './constants';
 import { getMongoDBClientEncryption } from './deps';
 import { MongoInvalidArgumentError, MongoMissingDependencyError } from './error';
 import { MongoClient, type MongoClientOptions } from './mongo_client';
-import { type Callback } from './utils';
 
 /** @internal */
 export interface EncrypterOptions {
@@ -98,20 +95,16 @@ export class Encrypter {
     }
   }
 
-  closeCallback(client: MongoClient, force: boolean, callback: Callback<void>) {
-    callbackify(this.close.bind(this))(client, force, callback);
-  }
-
-  async close(client: MongoClient, force: boolean): Promise<void> {
+  async close(client: MongoClient): Promise<void> {
     let error;
     try {
-      await this.autoEncrypter.teardown(force);
+      await this.autoEncrypter.close();
     } catch (autoEncrypterError) {
       error = autoEncrypterError;
     }
     const internalClient = this.internalClient;
     if (internalClient != null && client !== internalClient) {
-      return await internalClient.close(force);
+      return await internalClient.close();
     }
     if (error != null) {
       throw error;

package/src/error.ts

@@ -1018,6 +1018,34 @@ export class MongoTopologyClosedError extends MongoAPIError {
   }
 }
 
+/**
+ * An error generated when the MongoClient is closed and async
+ * operations are interrupted.
+ *
+ * @public
+ * @category Error
+ */
+export class MongoClientClosedError extends MongoAPIError {
+  /**
+   * **Do not use this constructor!**
+   *
+   * Meant for internal use only.
+   *
+   * @remarks
+   * This class is only meant to be constructed within the driver. This constructor is
+   * not subject to semantic versioning compatibility guarantees and may change at any time.
+   *
+   * @public
+   **/
+  constructor() {
+    super('Operation interrupted because client was closed');
+  }
+
+  override get name(): string {
+    return 'MongoClientClosedError';
+  }
+}
+
 /** @public */
 export interface MongoNetworkErrorOptions {
   /** Indicates the timeout happened before a connection handshake completed */

package/src/index.ts

@@ -53,6 +53,7 @@ export {
   MongoClientBulkWriteCursorError,
   MongoClientBulkWriteError,
   MongoClientBulkWriteExecutionError,
+  MongoClientClosedError,
   MongoCompatibilityError,
   MongoCursorExhaustedError,
   MongoCursorInUseError,

package/src/mongo_client.ts

@@ -115,7 +115,12 @@ export type SupportedTLSSocketOptions = Pick<
 
 /** @public */
 export type SupportedSocketOptions = Pick<
-  TcpNetConnectOpts & { autoSelectFamily?: boolean; autoSelectFamilyAttemptTimeout?: number },
+  TcpNetConnectOpts & {
+    autoSelectFamily?: boolean;
+    autoSelectFamilyAttemptTimeout?: number;
+    /** Node.JS socket option to set the time the first keepalive probe is sent on an idle socket. Defaults to 120000ms */
+    keepAliveInitialDelay?: number;
+  },
   (typeof LEGAL_TCP_SOCKET_OPTIONS)[number]
 >;
 
@@ -342,22 +347,35 @@ export type MongoClientEvents = Pick<TopologyEvents, (typeof MONGO_CLIENT_EVENTS
 };
 
 /**
- * The **MongoClient** class is a class that allows for making Connections to MongoDB.
  * @public
  *
+ * The **MongoClient** class is a class that allows for making Connections to MongoDB.
+ *
+ * **NOTE:** The programmatically provided options take precedence over the URI options.
+ *
  * @remarks
- * The programmatically provided options take precedence over the URI options.
+ *
+ * A MongoClient is the entry point to connecting to a MongoDB server.
+ *
+ * It handles a multitude of features on your application's behalf:
+ * - **Server Host Connection Configuration**: A MongoClient is responsible for reading TLS cert, ca, and crl files if provided.
+ * - **SRV Record Polling**: A "`mongodb+srv`" style connection string is used to have the MongoClient resolve DNS SRV records of all server hostnames which the driver periodically monitors for changes and adjusts its current view of hosts correspondingly.
+ * - **Server Monitoring**: The MongoClient automatically keeps monitoring the health of server nodes in your cluster to reach out to the correct and lowest latency one available.
+ * - **Connection Pooling**: To avoid paying the cost of rebuilding a connection to the server on every operation the MongoClient keeps idle connections preserved for reuse.
+ * - **Session Pooling**: The MongoClient creates logical sessions that enable retryable writes, causal consistency, and transactions. It handles pooling these sessions for reuse in subsequent operations.
+ * - **Cursor Operations**: A MongoClient's cursors use the health monitoring system to send the request for more documents to the same server the query began on.
+ * - **Mongocryptd process**: When using auto encryption, a MongoClient will launch a `mongocryptd` instance for handling encryption if the mongocrypt shared library isn't in use.
+ *
+ * There are many more features of a MongoClient that are not listed above.
+ *
+ * In order to enable these features, a number of asynchronous Node.js resources are established by the driver: Timers, FS Requests, Sockets, etc.
+ * For details on cleanup, please refer to the MongoClient `close()` documentation.
  *
  * @example
  * ```ts
  * import { MongoClient } from 'mongodb';
- *
  * // Enable command monitoring for debugging
- * const client = new MongoClient('mongodb://localhost:27017', { monitorCommands: true });
- *
- * client.on('commandStarted', started => console.log(started));
- * client.db().collection('pets');
- * await client.insertOne({ name: 'spot', kind: 'dog' });
+ * const client = new MongoClient('mongodb://localhost:27017?appName=mflix', { monitorCommands: true });
  * ```
  */
 export class MongoClient extends TypedEventEmitter<MongoClientEvents> implements AsyncDisposable {
@@ -636,25 +654,57 @@ export class MongoClient extends TypedEventEmitter<MongoClientEvents> implements
   }
 
   /**
-   * Cleans up client-side resources used by the MongoCLient and .  This includes:
+   * Cleans up resources managed by the MongoClient.
+   *
+   * The close method clears and closes all resources whose lifetimes are managed by the MongoClient.
+   * Please refer to the `MongoClient` class documentation for a high level overview of the client's key features and responsibilities.
+   *
+   * **However,** the close method does not handle the cleanup of resources explicitly created by the user.
+   * Any user-created driver resource with its own `close()` method should be explicitly closed by the user before calling MongoClient.close().
+   * This method is written as a "best effort" attempt to leave behind the least amount of resources server-side when possible.
    *
-   * - Closes all open, unused connections (see note).
-   * - Ends all in-use sessions with {@link ClientSession#endSession|ClientSession.endSession()}.
-   * - Ends all unused sessions server-side.
-   * - Cleans up any resources being used for auto encryption if auto encryption is enabled.
+   * The following list defines ideal preconditions and consequent pitfalls if they are not met.
+   * The MongoClient, ClientSession, Cursors and ChangeStreams all support [explicit resource management](https://www.typescriptlang.org/docs/handbook/release-notes/typescript-5-2.html).
+   * By using explicit resource management to manage the lifetime of driver resources instead of manually managing their lifetimes, the pitfalls outlined below can be avoided.
    *
-   * @remarks Any in-progress operations are not killed and any connections used by in progress operations
-   * will be cleaned up lazily as operations finish.
+   * The close method performs the following in the order listed:
+   * - Client-side:
+   *   - **Close in-use connections**: Any connections that are currently waiting on a response from the server will be closed.
+   *     This is performed _first_ to avoid reaching the next step (server-side clean up) and having no available connections to check out.
+   *     - _Ideal_: All operations have been awaited or cancelled, and the outcomes, regardless of success or failure, have been processed before closing the client servicing the operation.
+   *     - _Pitfall_: When `client.close()` is called and all connections are in use, after closing them, the client must create new connections for cleanup operations, which comes at the cost of new TLS/TCP handshakes and authentication steps.
+   * - Server-side:
+   *   - **Close active cursors**: All cursors that haven't been completed will have a `killCursor` operation sent to the server they were initialized on, freeing the server-side resource.
+   *     - _Ideal_: Cursors are explicitly closed or completed before `client.close()` is called.
+   *     - _Pitfall_: `killCursors` may have to build a new connection if the in-use closure ended all pooled connections.
+   *   - **End active sessions**: In-use sessions created with `client.startSession()` or `client.withSession()` or implicitly by the driver will have their `.endSession()` method called.
+   *     Contrary to the name of the method, `endSession()` returns the session to the client's pool of sessions rather than end them on the server.
+   *     - _Ideal_: Transaction outcomes are awaited and their corresponding explicit sessions are ended before `client.close()` is called.
+   *     - _Pitfall_: **This step aborts in-progress transactions**. It is advisable to observe the outcome of a transaction before closing your client.
+   *   - **End all pooled sessions**: The `endSessions` command with all session IDs the client has pooled is sent to the server to inform the cluster it can clean them up.
+   *     - _Ideal_: No user intervention is expected.
+   *     - _Pitfall_: None.
    *
-   * @param force - Force close, emitting no events
+   * The remaining shutdown is of the MongoClient resources that are intended to be entirely internal but is documented here as their existence relates to the JS event loop.
+   *
+   * - Client-side (again):
+   *   - **Stop all server monitoring**: Connections kept live for detecting cluster changes and roundtrip time measurements are shutdown.
+   *   - **Close all pooled connections**: Each server node in the cluster has a corresponding connection pool and all connections in the pool are closed. Any operations waiting to check out a connection will have an error thrown instead of a connection returned.
+   *   - **Clear out server selection queue**: Any operations that are in the process of waiting for a server to be selected will have an error thrown instead of a server returned.
+   *   - **Close encryption-related resources**: An internal MongoClient created for communicating with `mongocryptd` or other encryption purposes is closed. (Using this same method of course!)
+   *
+   * After the close method completes there should be no MongoClient related resources [ref-ed in Node.js' event loop](https://docs.libuv.org/en/v1.x/handle.html#reference-counting).
+   * This should allow Node.js to exit gracefully if MongoClient resources were the only active handles in the event loop.
+   *
+   * @param _force - currently an unused flag that has no effect. Defaults to `false`.
    */
-  async close(force = false): Promise<void> {
+  async close(_force = false): Promise<void> {
     if (this.closeLock) {
       return await this.closeLock;
     }
 
     try {
-      this.closeLock = this._close(force);
+      this.closeLock = this._close();
       await this.closeLock;
     } finally {
       // release
@@ -663,7 +713,7 @@ export class MongoClient extends TypedEventEmitter<MongoClientEvents> implements
   }
 
   /* @internal */
-  private async _close(force = false): Promise<void> {
+  private async _close(): Promise<void> {
     // There's no way to set hasBeenClosed back to false
     Object.defineProperty(this.s, 'hasBeenClosed', {
       value: true,
@@ -672,6 +722,8 @@ export class MongoClient extends TypedEventEmitter<MongoClientEvents> implements
       writable: false
     });
 
+    this.topology?.closeCheckedOutConnections();
+
     const activeCursorCloses = Array.from(this.s.activeCursors, cursor => cursor.close());
     this.s.activeCursors.clear();
 
@@ -717,7 +769,7 @@ export class MongoClient extends TypedEventEmitter<MongoClientEvents> implements
 
     const { encrypter } = this.options;
     if (encrypter) {
-      await encrypter.close(this, force);
+      await encrypter.close(this);
     }
   }
 

package/src/operations/aggregate.ts

@@ -12,7 +12,6 @@ import { type CollationOptions, CommandOperation, type CommandOperationOptions }
 import { Aspect, defineAspects, type Hint } from './operation';
 
 /** @internal */
-// eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
 export const DB_AGGREGATE_COLLECTION = 1 as const;
 const MIN_WIRE_VERSION_$OUT_READ_CONCERN_SUPPORT = 8;