shokupan 0.0.1

package/dist/index.cjs

@@ -0,0 +1,2305 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const api = require("@opentelemetry/api");
+const exporterTraceOtlpProto = require("@opentelemetry/exporter-trace-otlp-proto");
+const resources = require("@opentelemetry/resources");
+const sdkTraceBase = require("@opentelemetry/sdk-trace-base");
+const sdkTraceNode = require("@opentelemetry/sdk-trace-node");
+const semanticConventions = require("@opentelemetry/semantic-conventions");
+const eta$2 = require("eta");
+const promises = require("fs/promises");
+const path = require("path");
+const node_async_hooks = require("node:async_hooks");
+const arctic = require("arctic");
+const jose = require("jose");
+const crypto = require("crypto");
+const events = require("events");
+function _interopNamespaceDefault(e) {
+  const n = Object.create(null, { [Symbol.toStringTag]: { value: "Module" } });
+  if (e) {
+    for (const k in e) {
+      if (k !== "default") {
+        const d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: () => e[k]
+        });
+      }
+    }
+  }
+  n.default = e;
+  return Object.freeze(n);
+}
+const jose__namespace = /* @__PURE__ */ _interopNamespaceDefault(jose);
+class ShokupanResponse {
+  _headers = new Headers();
+  _status = 200;
+  /**
+   * Get the current headers
+   */
+  get headers() {
+    return this._headers;
+  }
+  /**
+   * Get the current status code
+   */
+  get status() {
+    return this._status;
+  }
+  /**
+   * Set the status code
+   */
+  set status(code) {
+    this._status = code;
+  }
+  /**
+   * Set a response header
+   * @param key Header name
+   * @param value Header value
+   */
+  set(key, value) {
+    this._headers.set(key, value);
+    return this;
+  }
+  /**
+   * Append to a response header
+   * @param key Header name
+   * @param value Header value
+   */
+  append(key, value) {
+    this._headers.append(key, value);
+    return this;
+  }
+  /**
+   * Get a response header value
+   * @param key Header name
+   */
+  get(key) {
+    return this._headers.get(key);
+  }
+  /**
+   * Check if a header exists
+   * @param key Header name
+   */
+  has(key) {
+    return this._headers.has(key);
+  }
+}
+class ShokupanContext {
+  constructor(request, state) {
+    this.request = request;
+    this.url = new URL(request.url);
+    this.state = state || {};
+    this.response = new ShokupanResponse();
+  }
+  url;
+  params = {};
+  state;
+  response;
+  /**
+   * Base request
+   */
+  get req() {
+    return this.request;
+  }
+  /**
+   * HTTP method
+   */
+  get method() {
+    return this.request.method;
+  }
+  /**
+   * Request path
+   */
+  get path() {
+    return this.url.pathname;
+  }
+  /**
+   * Request query params
+   */
+  get query() {
+    return Object.fromEntries(this.url.searchParams);
+  }
+  /**
+   * Request headers
+   */
+  get headers() {
+    return this.request.headers;
+  }
+  /**
+   * Base response object
+   */
+  get res() {
+    return this.response;
+  }
+  /**
+   * Helper to set a header on the response
+   */
+  set(key, value) {
+    this.response.set(key, value);
+    return this;
+  }
+  /**
+   * Set a cookie
+   * @param name Cookie name
+   * @param value Cookie value
+   * @param options Cookie options
+   */
+  setCookie(name, value, options = {}) {
+    let cookie = `${encodeURIComponent(name)}=${encodeURIComponent(value)}`;
+    if (options.maxAge) cookie += `; Max-Age=${Math.floor(options.maxAge)}`;
+    if (options.expires) cookie += `; Expires=${options.expires.toUTCString()}`;
+    if (options.httpOnly) cookie += `; HttpOnly`;
+    if (options.secure) cookie += `; Secure`;
+    if (options.domain) cookie += `; Domain=${options.domain}`;
+    if (options.path) cookie += `; Path=${options.path || "/"}`;
+    if (options.sameSite) {
+      typeof options.sameSite === "string" ? options.sameSite.toLowerCase() : options.sameSite ? "strict" : "lax";
+      cookie += `; SameSite=${typeof options.sameSite === "boolean" ? "Strict" : options.sameSite.charAt(0).toUpperCase() + options.sameSite.slice(1)}`;
+    }
+    if (options.priority) {
+      cookie += `; Priority=${options.priority.charAt(0).toUpperCase() + options.priority.slice(1)}`;
+    }
+    this.response.append("Set-Cookie", cookie);
+    return this;
+  }
+  mergeHeaders(headers) {
+    const h = new Headers(this.response.headers);
+    if (headers) {
+      new Headers(headers).forEach((v, k) => h.set(k, v));
+    }
+    return h;
+  }
+  /**
+   * Send a response
+   * @param body Response body
+   * @param options Response options
+   * @returns Response
+   */
+  send(body, options) {
+    const headers = this.mergeHeaders(options?.headers);
+    const status = options?.status ?? this.response.status;
+    return new Response(body, { status, headers });
+  }
+  /**
+   * Read request body
+   */
+  async body() {
+    const contentType = this.request.headers.get("content-type");
+    if (contentType?.includes("application/json")) {
+      return this.request.json();
+    }
+    if (contentType?.includes("multipart/form-data") || contentType?.includes("application/x-www-form-urlencoded")) {
+      return this.request.formData();
+    }
+    return this.request.text();
+  }
+  /**
+   * Respond with a JSON object
+   */
+  json(data, status, headers) {
+    const finalHeaders = this.mergeHeaders(headers);
+    finalHeaders.set("content-type", "application/json");
+    const finalStatus = status ?? this.response.status;
+    return new Response(JSON.stringify(data), { status: finalStatus, headers: finalHeaders });
+  }
+  /**
+   * Respond with a text string
+   */
+  text(data, status, headers) {
+    const finalHeaders = this.mergeHeaders(headers);
+    finalHeaders.set("content-type", "text/plain");
+    const finalStatus = status ?? this.response.status;
+    return new Response(data, { status: finalStatus, headers: finalHeaders });
+  }
+  /**
+   * Respond with HTML content
+   */
+  html(html, status, headers) {
+    const finalHeaders = this.mergeHeaders(headers);
+    finalHeaders.set("content-type", "text/html");
+    const finalStatus = status ?? this.response.status;
+    return new Response(html, { status: finalStatus, headers: finalHeaders });
+  }
+  /**
+   * Respond with a redirect
+   */
+  redirect(url, status = 302) {
+    const headers = this.mergeHeaders();
+    headers.set("Location", url);
+    return new Response(null, { status, headers });
+  }
+  /**
+   * Respond with a status code
+   * DOES NOT CHAIN!
+   */
+  status(status) {
+    const headers = this.mergeHeaders();
+    return new Response(null, { status, headers });
+  }
+  /**
+   * Respond with a file
+   */
+  file(path2, fileOptions, responseOptions) {
+    const headers = this.mergeHeaders(responseOptions?.headers);
+    const status = responseOptions?.status ?? this.response.status;
+    return new Response(Bun.file(path2, fileOptions), { status, headers });
+  }
+}
+const $isApplication = /* @__PURE__ */ Symbol.for("Shokupan.app");
+const $appRoot = /* @__PURE__ */ Symbol.for("Shokupan.app-root");
+const $isMounted = /* @__PURE__ */ Symbol("Shokupan.isMounted");
+const $routeMethods = /* @__PURE__ */ Symbol("Shokupan.routeMethods");
+const $routeArgs = /* @__PURE__ */ Symbol("Shokupan.routeArgs");
+const $controllerPath = /* @__PURE__ */ Symbol("Shokupan.controllerPath");
+const $middleware = /* @__PURE__ */ Symbol("Shokupan.middleware");
+const $isRouter = /* @__PURE__ */ Symbol.for("Shokupan.router");
+const $parent = /* @__PURE__ */ Symbol.for("Shokupan.parent");
+const $childRouters = /* @__PURE__ */ Symbol.for("Shokupan.child-routers");
+const $childControllers = /* @__PURE__ */ Symbol.for("Shokupan.child-controllers");
+const $mountPath = /* @__PURE__ */ Symbol.for("Shokupan.mount-path");
+const $dispatch = /* @__PURE__ */ Symbol.for("Shokupan.dispatch");
+const HTTPMethods = ["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS", "ALL"];
+var RouteParamType = /* @__PURE__ */ ((RouteParamType2) => {
+  RouteParamType2["BODY"] = "BODY";
+  RouteParamType2["PARAM"] = "PARAM";
+  RouteParamType2["QUERY"] = "QUERY";
+  RouteParamType2["HEADER"] = "HEADER";
+  RouteParamType2["REQUEST"] = "REQUEST";
+  RouteParamType2["CONTEXT"] = "CONTEXT";
+  return RouteParamType2;
+})(RouteParamType || {});
+function Controller(path2 = "/") {
+  return (target) => {
+    target[$controllerPath] = path2;
+  };
+}
+function Use(...middleware) {
+  return (target, propertyKey, descriptor) => {
+    if (!propertyKey) {
+      const existing = target[$middleware] || [];
+      target[$middleware] = [...existing, ...middleware];
+    } else {
+      if (!target[$middleware]) {
+        target[$middleware] = /* @__PURE__ */ new Map();
+      }
+      const existing = target[$middleware].get(propertyKey) || [];
+      target[$middleware].set(propertyKey, [...existing, ...middleware]);
+    }
+  };
+}
+function createParamDecorator(type) {
+  return (name) => {
+    return (target, propertyKey, parameterIndex) => {
+      if (!target[$routeArgs]) {
+        target[$routeArgs] = /* @__PURE__ */ new Map();
+      }
+      if (!target[$routeArgs].has(propertyKey)) {
+        target[$routeArgs].set(propertyKey, []);
+      }
+      target[$routeArgs].get(propertyKey).push({
+        index: parameterIndex,
+        type,
+        name
+      });
+    };
+  };
+}
+const Body = createParamDecorator(RouteParamType.BODY);
+const Param = createParamDecorator(RouteParamType.PARAM);
+const Query = createParamDecorator(RouteParamType.QUERY);
+const Headers$1 = createParamDecorator(RouteParamType.HEADER);
+const Req = createParamDecorator(RouteParamType.REQUEST);
+const Ctx = createParamDecorator(RouteParamType.CONTEXT);
+function createMethodDecorator(method) {
+  return (path2 = "/") => {
+    return (target, propertyKey, descriptor) => {
+      if (!target[$routeMethods]) {
+        target[$routeMethods] = /* @__PURE__ */ new Map();
+      }
+      target[$routeMethods].set(propertyKey, {
+        method,
+        path: path2
+      });
+    };
+  };
+}
+const Get = createMethodDecorator("GET");
+const Post = createMethodDecorator("POST");
+const Put = createMethodDecorator("PUT");
+const Delete = createMethodDecorator("DELETE");
+const Patch = createMethodDecorator("PATCH");
+const Options = createMethodDecorator("OPTIONS");
+const Head = createMethodDecorator("HEAD");
+const All = createMethodDecorator("ALL");
+class Container {
+  static services = /* @__PURE__ */ new Map();
+  static register(target, instance) {
+    this.services.set(target, instance);
+  }
+  static get(target) {
+    return this.services.get(target);
+  }
+  static has(target) {
+    return this.services.has(target);
+  }
+  static resolve(target) {
+    if (this.services.has(target)) {
+      return this.services.get(target);
+    }
+    const instance = new target();
+    this.services.set(target, instance);
+    return instance;
+  }
+}
+function Injectable() {
+  return (target) => {
+  };
+}
+function Inject(token) {
+  return (target, key) => {
+    Object.defineProperty(target, key, {
+      get: () => Container.resolve(token),
+      enumerable: true,
+      configurable: true
+    });
+  };
+}
+const provider = new sdkTraceNode.NodeTracerProvider({
+  resource: resources.resourceFromAttributes({
+    [semanticConventions.ATTR_SERVICE_NAME]: "basic-service"
+  }),
+  spanProcessors: [
+    new sdkTraceBase.SimpleSpanProcessor(
+      new exporterTraceOtlpProto.OTLPTraceExporter({
+        url: "http://localhost:4318/v1/traces"
+        // Default OTLP port
+      })
+    )
+  ]
+});
+provider.register();
+const tracer = api.trace.getTracer("shokupan.middleware");
+function traceMiddleware(fn, name) {
+  const middlewareName = fn.name || "anonymous middleware";
+  return async (ctx, next) => {
+    return tracer.startActiveSpan(`middleware - ${middlewareName}`, {
+      kind: api.SpanKind.INTERNAL,
+      attributes: {
+        "code.function": middlewareName,
+        "component": "shokupan.middleware"
+      }
+    }, async (span) => {
+      try {
+        const result = await fn(ctx, next);
+        return result;
+      } catch (err) {
+        span.recordException(err);
+        span.setStatus({ code: api.SpanStatusCode.ERROR, message: err.message });
+        throw err;
+      } finally {
+        span.end();
+      }
+    });
+  };
+}
+function traceHandler(fn, name) {
+  return async function(...args) {
+    return tracer.startActiveSpan(`route handler - ${name}`, {
+      kind: api.SpanKind.INTERNAL,
+      attributes: {
+        "http.route": name,
+        "component": "shokupan.route"
+      }
+    }, async (span) => {
+      try {
+        const result = await fn.apply(this, args);
+        return result;
+      } catch (err) {
+        span.recordException(err);
+        span.setStatus({ code: api.SpanStatusCode.ERROR, message: err.message });
+        throw err;
+      } finally {
+        span.end();
+      }
+    });
+  };
+}
+const compose = (middleware) => {
+  function fn(context, next) {
+    let runner = next || (async () => {
+    });
+    for (let i = middleware.length - 1; i >= 0; i--) {
+      const fn2 = traceMiddleware(middleware[i]);
+      const nextStep = runner;
+      let called = false;
+      runner = async () => {
+        if (called) throw new Error("next() called multiple times");
+        called = true;
+        return fn2(context, nextStep);
+      };
+    }
+    return runner();
+  }
+  return fn;
+};
+class ShokupanRequestBase {
+  method;
+  url;
+  headers;
+  body;
+  async json() {
+    return JSON.parse(this.body);
+  }
+  async text() {
+    return this.body;
+  }
+  async formData() {
+    if (this.body instanceof FormData) {
+      return this.body;
+    }
+    return new Response(this.body, { headers: this.headers }).formData();
+  }
+  constructor(props) {
+    Object.assign(this, props);
+    if (!(this.headers instanceof Headers)) {
+      this.headers = new Headers(this.headers);
+    }
+  }
+}
+const ShokupanRequest = ShokupanRequestBase;
+const asyncContext = new node_async_hooks.AsyncLocalStorage();
+function isObject(item) {
+  return item && typeof item === "object" && !Array.isArray(item);
+}
+function deepMerge(target, ...sources) {
+  if (!sources.length) return target;
+  const source = sources.shift();
+  if (isObject(target) && isObject(source)) {
+    for (const key in source) {
+      if (isObject(source[key])) {
+        if (!target[key]) Object.assign(target, { [key]: {} });
+        deepMerge(target[key], source[key]);
+      } else if (Array.isArray(source[key])) {
+        if (!target[key]) Object.assign(target, { [key]: [] });
+        target[key] = target[key].concat(source[key]);
+      } else {
+        Object.assign(target, { [key]: source[key] });
+      }
+    }
+  }
+  return deepMerge(target, ...sources);
+}
+const eta$1 = new eta$2.Eta();
+const RouterRegistry = /* @__PURE__ */ new Map();
+const ShokupanApplicationTree = {};
+class ShokupanRouter {
+  constructor(config) {
+    this.config = config;
+  }
+  // Internal marker to identify Router vs. Application
+  [$isApplication] = false;
+  [$isMounted] = false;
+  [$isRouter] = true;
+  [$appRoot];
+  [$mountPath] = "/";
+  [$parent] = null;
+  [$childRouters] = [];
+  [$childControllers] = [];
+  get rootConfig() {
+    return this[$appRoot]?.applicationConfig;
+  }
+  get root() {
+    return this[$appRoot];
+  }
+  routes = [];
+  currentGuards = [];
+  isRouterInstance(target) {
+    return typeof target === "object" && target !== null && $isRouter in target;
+  }
+  /**
+   * Mounts a controller instance to a path prefix.
+   * 
+   * Controller can be a convection router or an arbitrary class.
+   * 
+   * Routes are derived from method names:
+   * - get(ctx) -> GET /prefix/
+   * - getUsers(ctx) -> GET /prefix/users
+   * - postCreate(ctx) -> POST /prefix/create
+   */
+  mount(prefix, controller) {
+    if (this.isRouterInstance(controller)) {
+      if (controller[$isMounted]) {
+        throw new Error("Router is already mounted");
+      }
+      controller[$mountPath] = prefix;
+      this[$childRouters].push(controller);
+      controller[$parent] = this;
+      const setRouterContext = (router) => {
+        router[$appRoot] = this.root;
+        router[$childRouters].forEach((child) => setRouterContext(child));
+      };
+      setRouterContext(controller);
+      if (this[$appRoot]) ;
+      controller[$appRoot] = this.root;
+      controller[$isMounted] = true;
+    } else {
+      let instance = controller;
+      if (typeof controller === "function") {
+        instance = Container.resolve(controller);
+        const controllerPath = controller[$controllerPath];
+        if (controllerPath) {
+          const p1 = prefix.endsWith("/") ? prefix.slice(0, -1) : prefix;
+          const p2 = controllerPath.startsWith("/") ? controllerPath : "/" + controllerPath;
+          prefix = p1 + p2;
+          if (!prefix) prefix = "/";
+        }
+      }
+      instance[$mountPath] = prefix;
+      this[$childControllers].push(instance);
+      const controllerMiddleware = (typeof controller === "function" ? controller[$middleware] : instance[$middleware]) || [];
+      const proto = Object.getPrototypeOf(instance);
+      const methods = /* @__PURE__ */ new Set();
+      let current = proto;
+      while (current && current !== Object.prototype) {
+        Object.getOwnPropertyNames(current).forEach((name) => methods.add(name));
+        current = Object.getPrototypeOf(current);
+      }
+      Object.getOwnPropertyNames(instance).forEach((name) => methods.add(name));
+      const decoratedRoutes = instance[$routeMethods] || proto && proto[$routeMethods];
+      const decoratedArgs = instance[$routeArgs] || proto && proto[$routeArgs];
+      const methodMiddlewareMap = instance[$middleware] || proto && proto[$middleware];
+      let routesAttached = 0;
+      for (const name of methods) {
+        if (name === "constructor") continue;
+        if (["arguments", "caller", "callee"].includes(name)) continue;
+        const originalHandler = instance[name];
+        if (typeof originalHandler !== "function") continue;
+        let method;
+        let subPath = "";
+        if (decoratedRoutes && decoratedRoutes.has(name)) {
+          const config = decoratedRoutes.get(name);
+          method = config.method;
+          subPath = config.path;
+        } else {
+          for (const m of HTTPMethods) {
+            if (name.toUpperCase().startsWith(m)) {
+              method = m;
+              const rest = name.slice(m.length);
+              if (rest.length === 0) {
+                subPath = "/";
+              } else {
+                subPath = "";
+                let buffer = "";
+                const flush = () => {
+                  if (buffer.length > 0) {
+                    subPath += "/" + buffer.toLowerCase();
+                    buffer = "";
+                  }
+                };
+                for (let i = 0; i < rest.length; i++) {
+                  const char = rest[i];
+                  if (char === "$") {
+                    flush();
+                    subPath += "/:";
+                    continue;
+                  }
+                }
+                subPath = rest.replace(/\$/g, "/:").replace(/([a-z0-9])([A-Z])/g, "$1/$2").toLowerCase();
+                if (!subPath.startsWith("/")) {
+                  subPath = "/" + subPath;
+                }
+              }
+              break;
+            }
+          }
+        }
+        if (method) {
+          routesAttached++;
+          const cleanPrefix = prefix.endsWith("/") ? prefix.slice(0, -1) : prefix;
+          const cleanSubPath = subPath === "/" ? "" : subPath;
+          let joined;
+          if (cleanSubPath.length === 0) {
+            joined = cleanPrefix;
+          } else if (cleanSubPath.startsWith("/")) {
+            joined = cleanPrefix + cleanSubPath;
+          } else {
+            joined = cleanPrefix + "/" + cleanSubPath;
+          }
+          const fullPath = joined || "/";
+          const normalizedPath = fullPath.replace(/\/+/g, "/");
+          const methodMw = methodMiddlewareMap instanceof Map ? methodMiddlewareMap.get(name) || [] : [];
+          const allMiddleware = [...controllerMiddleware, ...methodMw];
+          const routeArgs = decoratedArgs && decoratedArgs.get(name);
+          const wrappedHandler = async (ctx) => {
+            let args = [ctx];
+            if (routeArgs?.length > 0) {
+              args = [];
+              const sortedArgs = [...routeArgs].sort((a, b) => a.index - b.index);
+              for (const arg of sortedArgs) {
+                switch (arg.type) {
+                  case RouteParamType.BODY:
+                    args[arg.index] = await ctx.req.json().catch(() => ({}));
+                    break;
+                  case RouteParamType.PARAM:
+                    args[arg.index] = arg.name ? ctx.params[arg.name] : ctx.params;
+                    break;
+                  case RouteParamType.QUERY: {
+                    const url = new URL(ctx.req.url);
+                    args[arg.index] = arg.name ? url.searchParams.get(arg.name) : Object.fromEntries(url.searchParams);
+                    break;
+                  }
+                  case RouteParamType.HEADER:
+                    args[arg.index] = arg.name ? ctx.req.headers.get(arg.name) : ctx.req.headers;
+                    break;
+                  case RouteParamType.REQUEST:
+                    args[arg.index] = ctx.req;
+                    break;
+                  case RouteParamType.CONTEXT:
+                    args[arg.index] = ctx;
+                    break;
+                }
+              }
+            }
+            const tracedOriginalHandler = traceHandler(originalHandler, normalizedPath);
+            return tracedOriginalHandler.apply(instance, args);
+          };
+          let finalHandler = wrappedHandler;
+          if (allMiddleware.length > 0) {
+            const composed = compose(allMiddleware);
+            finalHandler = async (ctx) => {
+              return composed(ctx, () => wrappedHandler(ctx));
+            };
+          }
+          const tagName = instance.constructor.name;
+          const spec = { tags: [tagName] };
+          this.add({ method, path: normalizedPath, handler: finalHandler, spec });
+        }
+      }
+      if (routesAttached === 0) {
+        console.warn(`No routes attached to controller ${instance.constructor.name}`);
+      }
+      instance[$isMounted] = true;
+    }
+    return this;
+  }
+  /**
+   * Returns all routes attached to this router and its descendants.
+   */
+  getRoutes() {
+    const routes = this.routes.map((r) => ({
+      method: r.method,
+      path: r.path,
+      handler: r.handler
+    }));
+    for (const child of this[$childRouters]) {
+      const childRoutes = child.getRoutes();
+      for (const route of childRoutes) {
+        const cleanPrefix = child[$mountPath].endsWith("/") ? child[$mountPath].slice(0, -1) : child[$mountPath];
+        const cleanPath = route.path.startsWith("/") ? route.path : "/" + route.path;
+        const fullPath = cleanPrefix + cleanPath || "/";
+        routes.push({
+          method: route.method,
+          path: fullPath,
+          handler: route.handler
+        });
+      }
+    }
+    return routes;
+  }
+  /**
+   * Makes a sub request to this router.
+   * This is useful for triggering other methods or route handlers. 
+   * @param options The request options.
+   * @returns The response.
+   */
+  async subRequest(arg) {
+    const options = typeof arg === "string" ? { path: arg } : arg;
+    const store = asyncContext.getStore();
+    store?.get("req");
+    let url = options.path;
+    if (!url.startsWith("http")) {
+      const base = `http://${this.rootConfig?.hostname || "localhost"}:${this.rootConfig.port || 3e3}`;
+      const path2 = url.startsWith("/") ? url : "/" + url;
+      url = base + path2;
+    }
+    const req = new ShokupanRequest({
+      method: options.method || "GET",
+      url,
+      headers: options.headers,
+      body: options.body ? JSON.stringify(options.body) : void 0
+    });
+    return this.root[$dispatch](req);
+  }
+  /**
+   * Processes a request directly.
+   */
+  async processRequest(options) {
+    let url = options.url || options.path || "/";
+    if (!url.startsWith("http")) {
+      const base = `http://${this.rootConfig?.hostname || "localhost"}:${this.rootConfig?.port || 3e3}`;
+      const path2 = url.startsWith("/") ? url : "/" + url;
+      url = base + path2;
+    }
+    if (options.query) {
+      const u = new URL(url);
+      for (const [k, v] of Object.entries(options.query)) {
+        u.searchParams.set(k, v);
+      }
+      url = u.toString();
+    }
+    const req = new ShokupanRequest({
+      method: options.method || "GET",
+      url,
+      headers: options.headers,
+      body: options.body && typeof options.body === "object" ? JSON.stringify(options.body) : options.body
+    });
+    const ctx = new ShokupanContext(req);
+    let result = null;
+    let status = 200;
+    const headers = {};
+    const match = this.find(req.method, ctx.path);
+    if (match) {
+      ctx.params = match.params;
+      try {
+        result = await match.handler(ctx);
+      } catch (err) {
+        console.error(err);
+        status = err.status || err.statusCode || 500;
+        result = { error: err.message || "Internal Server Error" };
+        if (err.errors) result.errors = err.errors;
+      }
+    } else {
+      status = 404;
+      result = "Not Found";
+    }
+    if (result instanceof Response) {
+      status = result.status;
+      result.headers.forEach((v, k) => headers[k] = v);
+      if (headers["content-type"]?.includes("application/json")) {
+        result = await result.json();
+      } else {
+        result = await result.text();
+      }
+    }
+    return {
+      status,
+      headers,
+      data: result
+    };
+  }
+  /**
+   * Find a route matching the given method and path.
+   * @param method HTTP method
+   * @param path Request path
+   * @returns Route handler and parameters if found, otherwise null
+   */
+  find(method, path2) {
+    for (const route of this.routes) {
+      if (route.method !== "ALL" && route.method !== method) continue;
+      const match = route.regex.exec(path2);
+      if (match) {
+        const params = {};
+        route.keys.forEach((key, index) => {
+          params[key] = match[index + 1];
+        });
+        return { handler: route.handler, params };
+      }
+    }
+    for (const child of this[$childRouters]) {
+      const prefix = child[$mountPath];
+      if (path2 === prefix || path2.startsWith(prefix + "/")) {
+        const subPath = path2.slice(prefix.length) || "/";
+        const match = child.find(method, subPath);
+        if (match) return match;
+      }
+      if (prefix.endsWith("/")) {
+        if (path2.startsWith(prefix)) {
+          const subPath = path2.slice(prefix.length) || "/";
+          const match = child.find(method, subPath);
+          if (match) return match;
+        }
+      }
+    }
+    return null;
+  }
+  parsePath(path2) {
+    const keys = [];
+    const pattern = path2.replace(/:([a-zA-Z0-9_]+)/g, (_, key) => {
+      keys.push(key);
+      return "([^/]+)";
+    }).replace(/\*/g, ".*");
+    return {
+      regex: new RegExp(`^${pattern}$`),
+      keys
+    };
+  }
+  // --- Functional Routing ---
+  /**
+   * Adds a route to the router.
+   * 
+   * @param method - HTTP method
+   * @param path - URL path
+   * @param spec - OpenAPI specification for the route
+   * @param handler - Route handler function
+   */
+  add({ method, path: path2, spec, handler, regex: customRegex, group }) {
+    const { regex, keys } = customRegex ? { regex: customRegex, keys: [] } : this.parsePath(path2);
+    let wrappedHandler = handler;
+    const routeGuards = [...this.currentGuards];
+    if (routeGuards.length > 0) {
+      wrappedHandler = async (ctx) => {
+        for (const guard of routeGuards) {
+          let guardPassed = false;
+          let nextCalled = false;
+          const next = () => {
+            nextCalled = true;
+            return Promise.resolve();
+          };
+          try {
+            const result = await guard.handler(ctx, next);
+            if (result === true || nextCalled) {
+              guardPassed = true;
+            } else if (result !== void 0 && result !== null && result !== false) {
+              return result;
+            } else {
+              return ctx.json({ error: "Forbidden" }, 403);
+            }
+          } catch (error) {
+            throw error;
+          }
+          if (!guardPassed) {
+            return ctx.json({ error: "Forbidden" }, 403);
+          }
+        }
+        return handler(ctx);
+      };
+    }
+    this.routes.push({
+      method,
+      path: path2,
+      regex,
+      keys,
+      handler: wrappedHandler,
+      handlerSpec: spec,
+      group,
+      guards: routeGuards.length > 0 ? routeGuards : void 0
+    });
+    return this;
+  }
+  get(path2, ...args) {
+    this.attachVerb("GET", path2, ...args);
+    return this;
+  }
+  post(path2, ...args) {
+    this.attachVerb("POST", path2, ...args);
+    return this;
+  }
+  put(path2, ...args) {
+    this.attachVerb("PUT", path2, ...args);
+    return this;
+  }
+  delete(path2, ...args) {
+    this.attachVerb("DELETE", path2, ...args);
+    return this;
+  }
+  patch(path2, ...args) {
+    this.attachVerb("PATCH", path2, ...args);
+    return this;
+  }
+  options(path2, ...args) {
+    this.attachVerb("OPTIONS", path2, ...args);
+    return this;
+  }
+  head(path2, ...args) {
+    this.attachVerb("HEAD", path2, ...args);
+    return this;
+  }
+  guard(specOrHandler, handler) {
+    const spec = typeof specOrHandler === "function" ? void 0 : specOrHandler;
+    const guardHandler = typeof specOrHandler === "function" ? specOrHandler : handler;
+    this.currentGuards.push({ handler: guardHandler, spec });
+    return this;
+  }
+  /**
+   * Statically serves a directory with standard options.
+   * @param uriPath URL path prefix
+   * @param options Configuration options or root directory string
+   */
+  static(uriPath, options) {
+    const config = typeof options === "string" ? { root: options } : options;
+    const rootPath = path.resolve(config.root || ".");
+    const prefix = uriPath.startsWith("/") ? uriPath : "/" + uriPath;
+    const normalizedPrefix = prefix.endsWith("/") && prefix !== "/" ? prefix.slice(0, -1) : prefix;
+    const handler = async (ctx) => {
+      let relative = ctx.path.slice(normalizedPrefix.length);
+      if (!relative.startsWith("/") && relative.length > 0) relative = "/" + relative;
+      if (relative.length === 0) relative = "/";
+      relative = decodeURIComponent(relative);
+      const requestPath = path.join(rootPath, relative);
+      if (!requestPath.startsWith(rootPath)) {
+        return ctx.json({ error: "Forbidden" }, 403);
+      }
+      if (requestPath.includes("\0")) {
+        return ctx.json({ error: "Forbidden" }, 403);
+      }
+      if (config.hooks?.onRequest) {
+        const res = await config.hooks.onRequest(ctx);
+        if (res) return res;
+      }
+      if (config.exclude) {
+        for (const pattern2 of config.exclude) {
+          if (pattern2 instanceof RegExp) {
+            if (pattern2.test(relative)) return ctx.json({ error: "Forbidden" }, 403);
+          } else if (typeof pattern2 === "string") {
+            if (relative.includes(pattern2)) return ctx.json({ error: "Forbidden" }, 403);
+          }
+        }
+      }
+      if (path.basename(requestPath).startsWith(".")) {
+        const behavior = config.dotfiles || "ignore";
+        if (behavior === "deny") return ctx.json({ error: "Forbidden" }, 403);
+        if (behavior === "ignore") return ctx.json({ error: "Not Found" }, 404);
+      }
+      let finalPath = requestPath;
+      let stats;
+      try {
+        stats = await promises.stat(requestPath);
+      } catch (e) {
+        if (config.extensions) {
+          for (const ext of config.extensions) {
+            const p = requestPath + (ext.startsWith(".") ? ext : "." + ext);
+            try {
+              const s = await promises.stat(p);
+              if (s.isFile()) {
+                finalPath = p;
+                stats = s;
+                break;
+              }
+            } catch {
+            }
+          }
+        }
+        if (!stats) return ctx.json({ error: "Not Found" }, 404);
+      }
+      if (stats.isDirectory()) {
+        if (!ctx.path.endsWith("/")) {
+          const query = ctx.url.search;
+          return ctx.redirect(ctx.path + "/" + query, 302);
+        }
+        let indexes = [];
+        if (config.index === void 0) {
+          indexes = ["index.html", "index.htm"];
+        } else if (Array.isArray(config.index)) {
+          indexes = config.index;
+        } else if (config.index) {
+          indexes = [config.index];
+        }
+        let foundIndex = false;
+        for (const idx of indexes) {
+          const idxPath = path.join(finalPath, idx);
+          try {
+            const idxStats = await promises.stat(idxPath);
+            if (idxStats.isFile()) {
+              finalPath = idxPath;
+              foundIndex = true;
+              break;
+            }
+          } catch {
+          }
+        }
+        if (!foundIndex) {
+          if (config.listDirectory) {
+            try {
+              const files = await promises.readdir(requestPath);
+              const listing = eta$1.renderString(`
+                                <!DOCTYPE html>
+                                <html>
+                                <head>
+                                    <title>Index of <%= it.relative %></title>
+                                    <style>
+                                        body { font-family: system-ui, -apple-system, sans-serif; padding: 2rem; max-width: 800px; margin: 0 auto; }
+                                        ul { list-style: none; padding: 0; }
+                                        li { padding: 0.5rem 0; border-bottom: 1px solid #eee; }
+                                        a { text-decoration: none; color: #0066cc; }
+                                        a:hover { text-decoration: underline; }
+                                        h1 { font-size: 1.5rem; margin-bottom: 1rem; }
+                                    </style>
+                                </head>
+                                <body>
+                                <h1>Index of <%= it.relative %></h1>
+                                <ul>
+                                    <% if (it.relative !== '/') { %>
+                                        <li><a href="../">../</a></li>
+                                    <% } %>
+                                    <% it.files.forEach(function(f) { %>
+                                        <li><a href="<%= f %>"><%= f %></a></li>
+                                    <% }) %>
+                                </ul>
+                                </body>
+                                </html>
+                            `, { relative, files, join: path.join });
+              return new Response(listing, { headers: { "Content-Type": "text/html" } });
+            } catch (e) {
+              return ctx.json({ error: "Internal Server Error" }, 500);
+            }
+          } else {
+            return ctx.json({ error: "Forbidden" }, 403);
+          }
+        }
+      }
+      const file = Bun.file(finalPath);
+      let response = new Response(file);
+      if (config.hooks?.onResponse) {
+        const hooked = await config.hooks.onResponse(ctx, response);
+        if (hooked) response = hooked;
+      }
+      return response;
+    };
+    let groupName = "Static";
+    const segments = normalizedPrefix.split("/").filter(Boolean);
+    if (segments.length > 0) {
+      const last = segments[segments.length - 1];
+      groupName = last.charAt(0).toUpperCase() + last.slice(1);
+    }
+    const defaultSpec = {
+      summary: "Static Content",
+      description: "Serves static files from " + normalizedPrefix,
+      tags: [groupName]
+    };
+    const spec = config.openapi ? config.openapi : defaultSpec;
+    if (!spec.tags) spec.tags = [groupName];
+    else if (!spec.tags.includes(groupName)) spec.tags.push(groupName);
+    const pattern = `^${normalizedPrefix}(/.*)?$`;
+    const regex = new RegExp(pattern);
+    const displayPath = normalizedPrefix === "/" ? "/*" : normalizedPrefix + "/*";
+    this.add({ method: "GET", path: displayPath, handler, spec, regex });
+    this.add({ method: "HEAD", path: displayPath, handler, spec, regex });
+    return this;
+  }
+  /**
+   * Attach the verb routes with their overload signatures.
+   * Use compose to handle multiple handlers (middleware).
+   */
+  attachVerb(method, path2, ...args) {
+    let spec;
+    let handlers = [];
+    if (args.length > 0) {
+      if (typeof args[0] === "object" && args[0] !== null) {
+        spec = args[0];
+        handlers = args.slice(1);
+      } else {
+        handlers = args;
+      }
+    }
+    if (handlers.length === 0) {
+      return;
+    }
+    let finalHandler = handlers[handlers.length - 1];
+    if (handlers.length > 1) {
+      const fn = compose(handlers);
+      finalHandler = (ctx) => fn(ctx);
+    }
+    this.add({
+      method,
+      path: path2,
+      spec,
+      handler: finalHandler
+    });
+  }
+  /**
+   * Generates an OpenAPI 3.1 Document by recursing through the router and its descendants.
+   */
+  generateApiSpec(options = {}) {
+    const paths = {};
+    const tagGroups = /* @__PURE__ */ new Map();
+    const defaultTagGroup = options.defaultTagGroup || "General";
+    const defaultTagName = options.defaultTag || "Application";
+    const collect = (router, prefix = "", currentGroup = defaultTagGroup, defaultTag = defaultTagName) => {
+      let group = currentGroup;
+      let tag = defaultTag;
+      if (router.config?.group) {
+        group = router.config.group;
+      }
+      if (router.config?.name) {
+        tag = router.config.name;
+      } else {
+        const mountPath = router[$mountPath];
+        if (mountPath && mountPath !== "/") {
+          const segments = mountPath.split("/").filter(Boolean);
+          if (segments.length > 0) {
+            const lastSegment = segments[segments.length - 1];
+            const humanized = lastSegment.replace(/[-_]/g, " ").replace(/\b\w/g, (c) => c.toUpperCase());
+            tag = humanized;
+          }
+        }
+      }
+      if (!tagGroups.has(group)) {
+        tagGroups.set(group, /* @__PURE__ */ new Set());
+      }
+      for (const route of router.routes) {
+        const routeGroup = route.group || group;
+        const cleanPrefix = prefix.endsWith("/") ? prefix.slice(0, -1) : prefix;
+        const cleanSubPath = route.path.startsWith("/") ? route.path : "/" + route.path;
+        let fullPath = cleanPrefix + cleanSubPath || "/";
+        fullPath = fullPath.replace(/:([a-zA-Z0-9_]+)/g, "{$1}");
+        if (!paths[fullPath]) {
+          paths[fullPath] = {};
+        }
+        const operation = {
+          responses: {
+            200: { description: "OK" }
+          }
+        };
+        if (route.keys.length > 0) {
+          operation.parameters = route.keys.map((key) => ({
+            name: key,
+            in: "path",
+            required: true,
+            schema: { type: "string" }
+          }));
+        }
+        if (route.guards) {
+          for (const guard of route.guards) {
+            if (guard.spec) {
+              deepMerge(operation, guard.spec);
+            }
+          }
+        }
+        if (route.handlerSpec) {
+          deepMerge(operation, route.handlerSpec);
+        }
+        if (!operation.tags || operation.tags.length === 0) {
+          operation.tags = [tag];
+        }
+        if (operation.tags) {
+          operation.tags = Array.from(new Set(operation.tags));
+          for (const t of operation.tags) {
+            if (!tagGroups.has(routeGroup)) {
+              tagGroups.set(routeGroup, /* @__PURE__ */ new Set());
+            }
+            tagGroups.get(routeGroup)?.add(t);
+          }
+        }
+        const methodLower = route.method.toLowerCase();
+        if (methodLower === "all") {
+          ["get", "post", "put", "delete", "patch"].forEach((m) => {
+            if (!paths[fullPath][m]) {
+              paths[fullPath][m] = { ...operation };
+            }
+          });
+        } else {
+          paths[fullPath][methodLower] = operation;
+        }
+      }
+      for (const controller of router[$childControllers]) {
+        const mountPath = controller[$mountPath] || "";
+        prefix.endsWith("/") ? prefix.slice(0, -1) : prefix;
+        mountPath.startsWith("/") ? mountPath : "/" + mountPath;
+        const controllerName = controller.constructor.name || "UnknownController";
+        tagGroups.get(group)?.add(controllerName);
+      }
+      for (const child of router[$childRouters]) {
+        const mountPath = child[$mountPath];
+        const cleanPrefix = prefix.endsWith("/") ? prefix.slice(0, -1) : prefix;
+        const cleanMount = mountPath.startsWith("/") ? mountPath : "/" + mountPath;
+        const nextPrefix = cleanPrefix + cleanMount || "/";
+        collect(child, nextPrefix, group, tag);
+      }
+    };
+    collect(this);
+    const xTagGroups = [];
+    for (const [name, tags] of tagGroups) {
+      xTagGroups.push({
+        name,
+        tags: Array.from(tags).sort()
+      });
+    }
+    return {
+      openapi: "3.1.0",
+      info: {
+        title: "Shokupan API",
+        version: "1.0.0",
+        ...options.info
+      },
+      paths,
+      components: options.components,
+      servers: options.servers,
+      tags: options.tags,
+      externalDocs: options.externalDocs,
+      "x-tagGroups": xTagGroups
+    };
+  }
+}
+const defaults = {
+  port: 3e3,
+  hostname: "localhost",
+  development: process.env.NODE_ENV !== "production",
+  enableAsyncLocalStorage: false
+};
+api.trace.getTracer("shokupan.application");
+class Shokupan extends ShokupanRouter {
+  applicationConfig = {};
+  middleware = [];
+  get logger() {
+    return this.applicationConfig.logger;
+  }
+  constructor(applicationConfig = {}) {
+    super();
+    this[$isApplication] = true;
+    this[$appRoot] = this;
+    Object.assign(this.applicationConfig, defaults, applicationConfig);
+  }
+  /**
+   * Adds middleware to the application.
+   */
+  use(middleware) {
+    this.middleware.push(middleware);
+    return this;
+  }
+  /**
+   * Starts the application server.
+   * 
+   * @param port - The port to listen on. If not specified, the port from the configuration is used. If that is not specified, port 3000 is used.
+   * @returns The server instance.
+   */
+  listen(port) {
+    const finalPort = port ?? this.applicationConfig.port ?? 3e3;
+    if (finalPort < 0 || finalPort > 65535) {
+      throw new Error("Invalid port number");
+    }
+    if (port === 0 && process.platform === "linux") ;
+    const server = Bun.serve({
+      port: finalPort,
+      hostname: this.applicationConfig.hostname,
+      development: this.applicationConfig.development,
+      fetch: this.fetch.bind(this)
+    });
+    console.log(`Shokupan server listening on http://${server.hostname}:${server.port}`);
+    return server;
+  }
+  [$dispatch](req) {
+    return this.fetch(req);
+  }
+  /**
+   * Processes a request by wrapping the standard fetch method.
+   */
+  async processRequest(options) {
+    let url = options.url || options.path || "/";
+    if (!url.startsWith("http")) {
+      const base = `http://${this.applicationConfig.hostname || "localhost"}:${this.applicationConfig.port || 3e3}`;
+      const path2 = url.startsWith("/") ? url : "/" + url;
+      url = base + path2;
+    }
+    if (options.query) {
+      const u = new URL(url);
+      for (const [k, v] of Object.entries(options.query)) {
+        u.searchParams.set(k, v);
+      }
+      url = u.toString();
+    }
+    const req = new ShokupanRequest({
+      method: options.method || "GET",
+      url,
+      headers: options.headers,
+      body: options.body && typeof options.body === "object" ? JSON.stringify(options.body) : options.body
+    });
+    const res = await this.fetch(req);
+    const status = res.status;
+    const headers = {};
+    res.headers.forEach((v, k) => headers[k] = v);
+    let data;
+    if (headers["content-type"]?.includes("application/json")) {
+      data = await res.json();
+    } else {
+      data = await res.text();
+    }
+    return {
+      status,
+      headers,
+      data
+    };
+  }
+  /**
+   * Handles an incoming request (Bun.serve interface).
+   * This logic contains the middleware chain and router dispatch.
+   * 
+   * @param req - The request to handle.
+   * @returns The response to send.
+   */
+  async fetch(req) {
+    const tracer2 = api.trace.getTracer("shokupan.application");
+    const store = asyncContext.getStore();
+    const attrs = {
+      attributes: {
+        "http.url": req.url,
+        "http.method": req.method
+      }
+    };
+    const parent = store?.get("span");
+    const ctx = parent ? api.trace.setSpan(api.context.active(), parent) : void 0;
+    return tracer2.startActiveSpan(`${req.method} ${new URL(req.url).pathname}`, attrs, ctx, (span) => {
+      const ctxMap = /* @__PURE__ */ new Map();
+      ctxMap.set("span", span);
+      ctxMap.set("request", req);
+      const runCallback = () => {
+        const request = req;
+        const handle = async () => {
+          const ctx2 = new ShokupanContext(request);
+          const fn = compose(this.middleware);
+          try {
+            const result = await fn(ctx2, async () => {
+              const match = this.find(req.method, ctx2.path);
+              if (match) {
+                ctx2.params = match.params;
+                return match.handler(ctx2);
+              }
+              return null;
+            });
+            if (result instanceof Response) {
+              return result;
+            }
+            if (result === null || result === void 0) {
+              span.setAttribute("http.status_code", 404);
+              return ctx2.text("Not Found", 404);
+            }
+            if (typeof result === "object") {
+              return ctx2.json(result);
+            }
+            return ctx2.text(String(result));
+          } catch (err) {
+            console.error(err);
+            span.recordException(err);
+            span.setStatus({ code: 2 });
+            const status = err.status || err.statusCode || 500;
+            const body = { error: err.message || "Internal Server Error" };
+            if (err.errors) body.errors = err.errors;
+            return ctx2.json(body, status);
+          }
+        };
+        return handle().finally(() => span.end());
+      };
+      if (this.applicationConfig.enableAsyncLocalStorage) {
+        return asyncContext.run(ctxMap, runCallback);
+      } else {
+        return runCallback();
+      }
+    });
+  }
+}
+class AuthPlugin extends ShokupanRouter {
+  constructor(authConfig) {
+    super();
+    this.authConfig = authConfig;
+    this.secret = typeof authConfig.jwtSecret === "string" ? new TextEncoder().encode(authConfig.jwtSecret) : authConfig.jwtSecret;
+    this.init();
+  }
+  secret;
+  getProviderInstance(name, p) {
+    switch (name) {
+      case "github":
+        return new arctic.GitHub(p.clientId, p.clientSecret, p.redirectUri);
+      case "google":
+        return new arctic.Google(p.clientId, p.clientSecret, p.redirectUri);
+      case "microsoft":
+        return new arctic.MicrosoftEntraId(p.tenantId, p.clientId, p.clientSecret, p.redirectUri);
+      case "apple":
+        return new arctic.Apple(
+          p.clientId,
+          p.teamId,
+          p.keyId,
+          p.clientSecret,
+          p.redirectUri
+        );
+      case "auth0":
+        return new arctic.Auth0(p.domain, p.clientId, p.clientSecret, p.redirectUri);
+      case "okta":
+        return new arctic.Okta(p.domain, p.authUrl, p.clientId, p.clientSecret, p.redirectUri);
+      case "oauth2":
+        return new arctic.OAuth2Client(p.clientId, p.clientSecret, p.redirectUri);
+      default:
+        return null;
+    }
+  }
+  async createSession(user, ctx) {
+    const alg = "HS256";
+    const jwt = await new jose__namespace.SignJWT({ ...user }).setProtectedHeader({ alg }).setIssuedAt().setExpirationTime(this.authConfig.jwtExpiration || "24h").sign(this.secret);
+    const opts = this.authConfig.cookieOptions || {};
+    let cookie = `auth_token=${jwt}; Path=${opts.path || "/"}; HttpOnly`;
+    if (opts.secure) cookie += "; Secure";
+    if (opts.sameSite) cookie += `; SameSite=${opts.sameSite}`;
+    if (opts.maxAge) cookie += `; Max-Age=${opts.maxAge}`;
+    ctx.set("Set-Cookie", cookie);
+    return jwt;
+  }
+  init() {
+    for (const [providerName, providerConfig] of Object.entries(this.authConfig.providers)) {
+      if (!providerConfig) continue;
+      const provider2 = this.getProviderInstance(providerName, providerConfig);
+      if (!provider2) {
+        continue;
+      }
+      this.get(`/auth/${providerName}/login`, async (ctx) => {
+        const state = arctic.generateState();
+        const codeVerifier = providerName === "google" || providerName === "microsoft" || providerName === "auth0" || providerName === "okta" ? arctic.generateCodeVerifier() : void 0;
+        const scopes = providerConfig.scopes || [];
+        let url;
+        if (provider2 instanceof arctic.GitHub) {
+          url = await provider2.createAuthorizationURL(state, scopes);
+        } else if (provider2 instanceof arctic.Google || provider2 instanceof arctic.MicrosoftEntraId || provider2 instanceof arctic.Auth0 || provider2 instanceof arctic.Okta) {
+          url = await provider2.createAuthorizationURL(state, codeVerifier, scopes);
+        } else if (provider2 instanceof arctic.Apple) {
+          url = await provider2.createAuthorizationURL(state, scopes);
+        } else if (provider2 instanceof arctic.OAuth2Client) {
+          if (!providerConfig.authUrl) return ctx.text("Config error: authUrl required for oauth2", 500);
+          url = await provider2.createAuthorizationURL(providerConfig.authUrl, state, scopes);
+        } else {
+          return ctx.text("Provider config error", 500);
+        }
+        ctx.res.headers.set("Set-Cookie", `oauth_state=${state}; Path=/; HttpOnly; Max-Age=600`);
+        if (codeVerifier) {
+          ctx.res.headers.append("Set-Cookie", `oauth_verifier=${codeVerifier}; Path=/; HttpOnly; Max-Age=600`);
+        }
+        return ctx.redirect(url.toString());
+      });
+      this.get(`/auth/${providerName}/callback`, async (ctx) => {
+        const url = new URL(ctx.req.url);
+        const code = url.searchParams.get("code");
+        const state = url.searchParams.get("state");
+        const cookieHeader = ctx.req.headers.get("Cookie");
+        const storedState = cookieHeader?.match(/oauth_state=([^;]+)/)?.[1];
+        const storedVerifier = cookieHeader?.match(/oauth_verifier=([^;]+)/)?.[1];
+        if (!code || !state || !storedState || state !== storedState) {
+          return ctx.text("Invalid state or code", 400);
+        }
+        try {
+          let tokens;
+          let idToken;
+          if (provider2 instanceof arctic.GitHub) {
+            tokens = await provider2.validateAuthorizationCode(code);
+          } else if (provider2 instanceof arctic.Google || provider2 instanceof arctic.MicrosoftEntraId) {
+            if (!storedVerifier) return ctx.text("Missing verifier", 400);
+            tokens = await provider2.validateAuthorizationCode(code, storedVerifier);
+          } else if (provider2 instanceof arctic.Auth0 || provider2 instanceof arctic.Okta) {
+            tokens = await provider2.validateAuthorizationCode(code, storedVerifier || "");
+          } else if (provider2 instanceof arctic.Apple) {
+            tokens = await provider2.validateAuthorizationCode(code);
+            idToken = tokens.idToken;
+          } else if (provider2 instanceof arctic.OAuth2Client) {
+            if (!providerConfig.tokenUrl) return ctx.text("Config error: tokenUrl required for oauth2", 500);
+            tokens = await provider2.validateAuthorizationCode(providerConfig.tokenUrl, code, null);
+          }
+          const accessToken = tokens.accessToken || tokens.access_token;
+          const user = await this.fetchUser(providerName, accessToken, providerConfig, idToken);
+          if (this.authConfig.onSuccess) {
+            const res = await this.authConfig.onSuccess(user, ctx);
+            if (res) return res;
+          }
+          const jwt = await this.createSession(user, ctx);
+          return ctx.json({ token: jwt, user });
+        } catch (e) {
+          console.error("Auth Error", e);
+          return ctx.text("Authentication failed: " + e.message + "\n" + e.stack, 500);
+        }
+      });
+    }
+  }
+  async fetchUser(provider2, token, config, idToken) {
+    let user = { id: "unknown", provider: provider2 };
+    if (provider2 === "github") {
+      const res = await fetch("https://api.github.com/user", {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      const data = await res.json();
+      user = {
+        id: String(data.id),
+        name: data.name || data.login,
+        email: data.email,
+        picture: data.avatar_url,
+        provider: provider2,
+        raw: data
+      };
+    } else if (provider2 === "google") {
+      const res = await fetch("https://openidconnect.googleapis.com/v1/userinfo", {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      const data = await res.json();
+      user = {
+        id: data.sub,
+        name: data.name,
+        email: data.email,
+        picture: data.picture,
+        provider: provider2,
+        raw: data
+      };
+    } else if (provider2 === "microsoft") {
+      const res = await fetch("https://graph.microsoft.com/v1.0/me", {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      const data = await res.json();
+      user = {
+        id: data.id,
+        name: data.displayName,
+        email: data.mail || data.userPrincipalName,
+        provider: provider2,
+        raw: data
+      };
+    } else if (provider2 === "auth0" || provider2 === "okta") {
+      const domain = config.domain.startsWith("http") ? config.domain : `https://${config.domain}`;
+      const endpoint = provider2 === "auth0" ? `${domain}/userinfo` : `${domain}/oauth2/v1/userinfo`;
+      const res = await fetch(endpoint, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      const data = await res.json();
+      user = {
+        id: data.sub,
+        name: data.name,
+        email: data.email,
+        picture: data.picture,
+        provider: provider2,
+        raw: data
+      };
+    } else if (provider2 === "apple") {
+      if (idToken) {
+        const payload = jose__namespace.decodeJwt(idToken);
+        user = {
+          id: payload.sub,
+          email: payload["email"],
+          provider: provider2,
+          raw: payload
+        };
+      }
+    } else if (provider2 === "oauth2") {
+      if (config.userInfoUrl) {
+        const res = await fetch(config.userInfoUrl, {
+          headers: { Authorization: `Bearer ${token}` }
+        });
+        const data = await res.json();
+        user = {
+          id: data.id || data.sub || "unknown",
+          name: data.name,
+          email: data.email,
+          picture: data.picture,
+          provider: provider2,
+          raw: data
+        };
+      }
+    }
+    return user;
+  }
+  /**
+   * Middleware to verify JWT
+   */
+  middleware() {
+    return async (ctx, next) => {
+      const authHeader = ctx.req.headers.get("Authorization");
+      let token = authHeader?.startsWith("Bearer ") ? authHeader.substring(7) : null;
+      if (!token) {
+        const cookieHeader = ctx.req.headers.get("Cookie");
+        token = cookieHeader?.match(/auth_token=([^;]+)/)?.[1] || null;
+      }
+      if (token) {
+        try {
+          const { payload } = await jose__namespace.jwtVerify(token, this.secret);
+          ctx.user = payload;
+        } catch {
+        }
+      }
+      return next();
+    };
+  }
+}
+function Compression(options = {}) {
+  const threshold = options.threshold ?? 1024;
+  return async (ctx, next) => {
+    const acceptEncoding = ctx.headers.get("accept-encoding") || "";
+    let method = null;
+    if (acceptEncoding.includes("br")) method = "br";
+    else if (acceptEncoding.includes("gzip")) method = "gzip";
+    else if (acceptEncoding.includes("deflate")) method = "deflate";
+    if (!method) return next();
+    const response = await next();
+    if (response instanceof Response) {
+      if (response.headers.has("Content-Encoding")) return response;
+      const body = await response.arrayBuffer();
+      if (body.byteLength < threshold) {
+        return new Response(body, {
+          status: response.status,
+          statusText: response.statusText,
+          headers: response.headers
+        });
+      }
+      let compressed;
+      if (method === "br") {
+        compressed = require("node:zlib").brotliCompressSync(body);
+      } else if (method === "gzip") {
+        compressed = Bun.gzipSync(body);
+      } else {
+        compressed = Bun.deflateSync(body);
+      }
+      const headers = new Headers(response.headers);
+      headers.set("Content-Encoding", method);
+      headers.set("Content-Length", String(compressed.length));
+      headers.delete("Content-Length");
+      return new Response(compressed, {
+        status: response.status,
+        statusText: response.statusText,
+        headers
+      });
+    }
+    return response;
+  };
+}
+function Cors(options = {}) {
+  const defaults2 = {
+    origin: "*",
+    methods: "GET,HEAD,PUT,PATCH,POST,DELETE",
+    preflightContinue: false,
+    optionsSuccessStatus: 204
+  };
+  const opts = { ...defaults2, ...options };
+  return async (ctx, next) => {
+    const headers = new Headers();
+    const origin = ctx.headers.get("origin");
+    const set = (k, v) => headers.set(k, v);
+    const append = (k, v) => headers.append(k, v);
+    if (opts.origin === "*") {
+      set("Access-Control-Allow-Origin", "*");
+    } else if (typeof opts.origin === "string") {
+      set("Access-Control-Allow-Origin", opts.origin);
+    } else if (Array.isArray(opts.origin)) {
+      if (origin && opts.origin.includes(origin)) {
+        set("Access-Control-Allow-Origin", origin);
+        append("Vary", "Origin");
+      }
+    } else if (typeof opts.origin === "function") {
+      const allowed = opts.origin(ctx);
+      if (allowed === true && origin) {
+        set("Access-Control-Allow-Origin", origin);
+        append("Vary", "Origin");
+      } else if (typeof allowed === "string") {
+        set("Access-Control-Allow-Origin", allowed);
+        append("Vary", "Origin");
+      }
+    }
+    if (opts.credentials) {
+      set("Access-Control-Allow-Credentials", "true");
+    }
+    if (opts.exposedHeaders) {
+      const exposed = Array.isArray(opts.exposedHeaders) ? opts.exposedHeaders.join(",") : opts.exposedHeaders;
+      if (exposed) set("Access-Control-Expose-Headers", exposed);
+    }
+    if (ctx.method === "OPTIONS") {
+      if (opts.methods) {
+        const methods = Array.isArray(opts.methods) ? opts.methods.join(",") : opts.methods;
+        set("Access-Control-Allow-Methods", methods);
+      }
+      if (opts.allowedHeaders) {
+        const h = Array.isArray(opts.allowedHeaders) ? opts.allowedHeaders.join(",") : opts.allowedHeaders;
+        set("Access-Control-Allow-Headers", h);
+      } else {
+        const reqHeaders = ctx.headers.get("access-control-request-headers");
+        if (reqHeaders) {
+          set("Access-Control-Allow-Headers", reqHeaders);
+          append("Vary", "Access-Control-Request-Headers");
+        }
+      }
+      if (opts.maxAge) {
+        set("Access-Control-Max-Age", String(opts.maxAge));
+      }
+      return new Response(null, {
+        status: opts.optionsSuccessStatus || 204,
+        headers
+      });
+    }
+    const response = await next();
+    if (response instanceof Response) {
+      for (const [key, value] of headers.entries()) {
+        response.headers.set(key, value);
+      }
+    }
+    return response;
+  };
+}
+function RateLimit(options = {}) {
+  const windowMs = options.windowMs || 60 * 1e3;
+  const max = options.max || 5;
+  const message = options.message || "Too many requests, please try again later.";
+  const statusCode = options.statusCode || 429;
+  const headers = options.headers !== false;
+  const keyGenerator = options.keyGenerator || ((ctx) => {
+    return ctx.headers.get("x-forwarded-for") || ctx.url.hostname || "unknown";
+  });
+  const skip = options.skip || (() => false);
+  const hits = /* @__PURE__ */ new Map();
+  const interval = setInterval(() => {
+    const now = Date.now();
+    for (const [key, record] of hits.entries()) {
+      if (record.resetTime <= now) {
+        hits.delete(key);
+      }
+    }
+  }, windowMs);
+  if (interval.unref) interval.unref();
+  return async (ctx, next) => {
+    if (skip(ctx)) return next();
+    const key = keyGenerator(ctx);
+    const now = Date.now();
+    let record = hits.get(key);
+    if (!record || record.resetTime <= now) {
+      record = {
+        hits: 0,
+        resetTime: now + windowMs
+      };
+      hits.set(key, record);
+    }
+    record.hits++;
+    const remaining = Math.max(0, max - record.hits);
+    const resetTime = Math.ceil(record.resetTime / 1e3);
+    if (record.hits > max) {
+      if (headers) {
+        const res = typeof message === "object" ? ctx.json(message, statusCode) : ctx.text(String(message), statusCode);
+        res.headers.set("X-RateLimit-Limit", String(max));
+        res.headers.set("X-RateLimit-Remaining", "0");
+        res.headers.set("X-RateLimit-Reset", String(resetTime));
+        return res;
+      }
+      return typeof message === "object" ? ctx.json(message, statusCode) : ctx.text(String(message), statusCode);
+    }
+    const response = await next();
+    if (response instanceof Response && headers) {
+      response.headers.set("X-RateLimit-Limit", String(max));
+      response.headers.set("X-RateLimit-Remaining", String(remaining));
+      response.headers.set("X-RateLimit-Reset", String(resetTime));
+    }
+    return response;
+  };
+}
+const eta = new eta$2.Eta();
+class ScalarPlugin extends ShokupanRouter {
+  constructor(pluginOptions) {
+    super();
+    this.pluginOptions = pluginOptions;
+    this.init();
+  }
+  init() {
+    this.get("/", (ctx) => {
+      let path2 = ctx.url.toString();
+      if (!path2.endsWith("/")) path2 += "/";
+      return ctx.html(eta.renderString(`<!doctype html>
+                <html>
+                <head>
+                    <title>API Reference</title>
+                    <meta charset = "utf-8" />
+                    <meta name="viewport" content = "width=device-width, initial-scale=1" />
+                </head>
+
+                <body>
+                    <div id="app"></div>
+
+                    <script src="<%= it.path %>scalar.js"><\/script>
+                    <script>
+                        Scalar.createApiReference('#app', [{ ...<%~ JSON.stringify(it.config.baseDocument) %>,
+                            url: "<%= it.path %>openapi.json",
+                        }
+                    ])
+                    <\/script>
+                </body>
+
+                </html>`, { path: path2, config: this.pluginOptions }));
+    });
+    this.get("/scalar.js", (ctx) => {
+      return ctx.file(__dirname + "/../../node_modules/@scalar/api-reference/dist/browser/standalone.js");
+    });
+    this.get("/openapi.json", (ctx) => {
+      return (this.root || this).generateApiSpec();
+    });
+  }
+}
+function SecurityHeaders(options = {}) {
+  return async (ctx, next) => {
+    const headers = {};
+    const set = (k, v) => headers[k] = v;
+    if (options.dnsPrefetchControl !== false) {
+      const allow = options.dnsPrefetchControl?.allow;
+      set("X-DNS-Prefetch-Control", allow ? "on" : "off");
+    }
+    if (options.frameguard !== false) {
+      const opt = options.frameguard || {};
+      const action = opt.action || "sameorigin";
+      if (action === "sameorigin") set("X-Frame-Options", "SAMEORIGIN");
+      else if (action === "deny") set("X-Frame-Options", "DENY");
+    }
+    if (options.hsts !== false) {
+      const opt = options.hsts || {};
+      const maxAge = opt.maxAge || 15552e3;
+      let header = `max-age=${maxAge}`;
+      if (opt.includeSubDomains !== false) header += "; includeSubDomains";
+      if (opt.preload) header += "; preload";
+      set("Strict-Transport-Security", header);
+    }
+    if (options.ieNoOpen !== false) {
+      set("X-Download-Options", "noopen");
+    }
+    if (options.noSniff !== false) {
+      set("X-Content-Type-Options", "nosniff");
+    }
+    if (options.xssFilter !== false) {
+      set("X-XSS-Protection", "0");
+    }
+    if (options.referrerPolicy !== false) {
+      const opt = options.referrerPolicy || {};
+      const policy = opt.policy || "no-referrer";
+      set("Referrer-Policy", Array.isArray(policy) ? policy.join(",") : policy);
+    }
+    if (options.contentSecurityPolicy !== false) {
+      const opt = options.contentSecurityPolicy;
+      if (opt === void 0 || opt === true) {
+        set("Content-Security-Policy", "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests");
+      } else if (typeof opt === "object") {
+        for (const [key, val] of Object.entries(opt)) {
+        }
+      }
+    }
+    if (options.hidePoweredBy !== false) ;
+    const response = await next();
+    if (response instanceof Response) {
+      for (const [k, v] of Object.entries(headers)) {
+        response.headers.set(k, v);
+      }
+      return response;
+    }
+    return response;
+  };
+}
+class Cookie {
+  maxAge;
+  signed;
+  expires;
+  httpOnly;
+  path;
+  domain;
+  secure;
+  sameSite;
+  originalMaxAge;
+  constructor(options = {}) {
+    this.path = options.path || "/";
+    this.httpOnly = options.httpOnly !== void 0 ? options.httpOnly : true;
+    this.secure = options.secure;
+    this.maxAge = options.maxAge;
+    this.sameSite = options.sameSite;
+    this.domain = options.domain;
+    this.expires = options.expires;
+    if (this.maxAge !== void 0) {
+      this.originalMaxAge = this.maxAge;
+      this.expires = new Date(Date.now() + this.maxAge);
+    }
+  }
+  serialize(name, val) {
+    let str = `${name}=${encodeURIComponent(val)}`;
+    if (this.maxAge) {
+      const expires = new Date(Date.now() + this.maxAge);
+      str += `; Expires=${expires.toUTCString()}`;
+      str += `; Max-Age=${Math.floor(this.maxAge / 1e3)}`;
+    } else if (this.expires) {
+      str += `; Expires=${this.expires.toUTCString()}`;
+    }
+    if (this.domain) str += `; Domain=${this.domain}`;
+    if (this.path) str += `; Path=${this.path}`;
+    if (this.httpOnly) str += `; HttpOnly`;
+    if (this.secure) str += `; Secure`;
+    if (this.sameSite) {
+      const sameSite = typeof this.sameSite === "string" ? this.sameSite.charAt(0).toUpperCase() + this.sameSite.slice(1) : "Strict";
+      str += `; SameSite=${sameSite}`;
+    }
+    return str;
+  }
+}
+class MemoryStore extends events.EventEmitter {
+  sessions = {};
+  get(sid, cb) {
+    const sess = this.sessions[sid];
+    if (!sess) return cb(null, null);
+    try {
+      const data = JSON.parse(sess);
+      if (data.cookie && data.cookie.expires) {
+        data.cookie.expires = new Date(data.cookie.expires);
+      }
+      cb(null, data);
+    } catch (e) {
+      cb(e);
+    }
+  }
+  set(sid, sess, cb) {
+    this.sessions[sid] = JSON.stringify(sess);
+    cb && cb();
+  }
+  destroy(sid, cb) {
+    delete this.sessions[sid];
+    cb && cb();
+  }
+  touch(sid, sess, cb) {
+    const current = this.sessions[sid];
+    if (current) {
+      this.sessions[sid] = JSON.stringify(sess);
+    }
+    cb && cb();
+  }
+  all(cb) {
+    const result = {};
+    for (const sid in this.sessions) {
+      try {
+        result[sid] = JSON.parse(this.sessions[sid]);
+      } catch {
+      }
+    }
+    cb(null, result);
+  }
+  clear(cb) {
+    this.sessions = {};
+    cb && cb();
+  }
+}
+function sign(val, secret) {
+  if (typeof val !== "string") throw new TypeError("Cookie value must be provided as a string.");
+  if (typeof secret !== "string") throw new TypeError("Secret string must be provided.");
+  return val + "." + crypto.createHmac("sha256", secret).update(val).digest("base64").replace(/\=+$/, "");
+}
+function unsign(input, secret) {
+  if (typeof input !== "string") throw new TypeError("Signed cookie string must be provided.");
+  if (typeof secret !== "string") throw new TypeError("Secret string must be provided.");
+  const tentValue = input.slice(0, input.lastIndexOf("."));
+  const expectedInput = sign(tentValue, secret);
+  const expectedBuffer = Buffer.from(expectedInput);
+  const inputBuffer = Buffer.from(input);
+  if (expectedBuffer.length !== inputBuffer.length) return false;
+  const valid = require("crypto").timingSafeEqual(expectedBuffer, inputBuffer);
+  return valid ? tentValue : false;
+}
+function Session(options) {
+  const store = options.store || new MemoryStore();
+  const name = options.name || "connect.sid";
+  const secrets = Array.isArray(options.secret) ? options.secret : [options.secret];
+  const generateId = options.genid || (() => crypto.randomUUID());
+  const resave = options.resave === void 0 ? true : options.resave;
+  const saveUninitialized = options.saveUninitialized === void 0 ? true : options.saveUninitialized;
+  const rolling = options.rolling || false;
+  return async (ctx, next) => {
+    let reqSessionId = null;
+    const cookieHeader = ctx.req.headers.get("cookie");
+    const cookies = {};
+    if (cookieHeader) {
+      cookieHeader.split(";").forEach((c) => {
+        const [k, v] = c.split("=").map((s) => s.trim());
+        if (k && v) cookies[k] = decodeURIComponent(v);
+      });
+    }
+    const rawCookie = cookies[name];
+    if (rawCookie) {
+      if (rawCookie.substr(0, 2) === "s:") {
+        const val = unsign(rawCookie.slice(2), secrets[0]);
+        if (val) {
+          reqSessionId = val;
+        }
+      } else {
+        reqSessionId = rawCookie;
+      }
+    }
+    let sessionID = reqSessionId;
+    let isNew = false;
+    if (!sessionID) {
+      sessionID = generateId(ctx);
+      isNew = true;
+    }
+    const createSessionObject = (data) => {
+      const existing = data || { cookie: new Cookie(options.cookie) };
+      if (!existing.cookie) existing.cookie = new Cookie(options.cookie);
+      else {
+        const c = new Cookie(options.cookie);
+        Object.assign(c, existing.cookie);
+        if (c.expires && typeof c.expires === "string") c.expires = new Date(c.expires);
+        existing.cookie = c;
+      }
+      const sessObj = existing;
+      Object.defineProperty(sessObj, "id", { value: sessionID, configurable: true });
+      sessObj.save = (cb) => {
+        store.set(sessObj.id, sessObj, cb);
+      };
+      sessObj.destroy = (cb) => {
+        store.destroy(sessObj.id, (err) => {
+          if (cb) cb(err);
+        });
+      };
+      sessObj.regenerate = (cb) => {
+        store.destroy(sessObj.id, (err) => {
+          sessionID = generateId(ctx);
+          for (const key in sessObj) {
+            if (key !== "cookie" && key !== "id" && typeof sessObj[key] !== "function") {
+              delete sessObj[key];
+            }
+          }
+          Object.defineProperty(sessObj, "id", { value: sessionID, configurable: true });
+          if (cb) cb(err);
+        });
+      };
+      sessObj.undefined = () => {
+      };
+      sessObj.reload = (cb) => {
+        store.get(sessObj.id, (err, sess2) => {
+          if (err) return cb(err);
+          if (!sess2) return cb(new Error("Session not found"));
+          for (const key in sessObj) {
+            if (key !== "cookie" && key !== "id" && typeof sessObj[key] !== "function") {
+              delete sessObj[key];
+            }
+          }
+          Object.assign(sessObj, sess2);
+          cb(null);
+        });
+      };
+      sessObj.touch = () => {
+        sessObj.cookie.expires = new Date(Date.now() + (sessObj.cookie.maxAge || 0));
+        if (store.touch) store.touch(sessObj.id, sessObj);
+      };
+      return sessObj;
+    };
+    let sessionData = null;
+    if (!isNew && sessionID) {
+      await new Promise((resolve) => {
+        store.get(sessionID, (err, sess2) => {
+          if (err) {
+            sessionID = generateId(ctx);
+            isNew = true;
+          } else if (!sess2) {
+            sessionID = generateId(ctx);
+            isNew = true;
+          } else {
+            sessionData = sess2;
+          }
+          resolve();
+        });
+      });
+    }
+    const sess = createSessionObject(sessionData);
+    ctx.session = sess;
+    ctx.sessionID = sessionID;
+    ctx.sessionStore = store;
+    const originalHash = JSON.stringify(sess);
+    const result = await next();
+    const currentHash = JSON.stringify(sess);
+    const isModified = originalHash !== currentHash;
+    if (!sessionID) return result;
+    let shouldSave = false;
+    if (isModified) {
+      shouldSave = true;
+    } else if (isNew && saveUninitialized) {
+      shouldSave = true;
+    } else if (!isNew && resave) {
+      shouldSave = true;
+    }
+    if (shouldSave) {
+      await new Promise((resolve, reject) => {
+        store.set(sessionID, sess, (err) => {
+          if (err) console.error("Failed to save session", err);
+          resolve();
+        });
+      });
+    }
+    if (rolling && sess.cookie.maxAge) {
+      sess.cookie.expires = new Date(Date.now() + sess.cookie.maxAge);
+    }
+    const shouldSetCookie = shouldSave || !isNew && rolling;
+    if (shouldSetCookie) {
+      let val = sessionID;
+      if (secrets.length > 0) {
+        val = "s:" + sign(val, secrets[0]);
+      }
+      const options2 = sess.cookie;
+      const str = options2.serialize(name, val);
+      ctx.set("Set-Cookie", str);
+    }
+    return result;
+  };
+}
+class ValidationError extends Error {
+  constructor(errors) {
+    super("Validation Error");
+    this.errors = errors;
+  }
+  status = 400;
+}
+function isZod(schema) {
+  return typeof schema?.safeParse === "function";
+}
+async function validateZod(schema, data) {
+  const result = await schema.safeParseAsync(data);
+  if (!result.success) {
+    throw new ValidationError(result.error.errors);
+  }
+  return result.data;
+}
+function isTypeBox(schema) {
+  return typeof schema?.Check === "function" && typeof schema?.Errors === "function";
+}
+function validateTypeBox(schema, data) {
+  if (!schema.Check(data)) {
+    throw new ValidationError([...schema.Errors(data)]);
+  }
+  return data;
+}
+function isAjv(schema) {
+  return typeof schema === "function" && "errors" in schema;
+}
+function validateAjv(schema, data) {
+  const valid = schema(data);
+  if (!valid) {
+    throw new ValidationError(schema.errors);
+  }
+  return data;
+}
+const valibot = (schema, parser) => {
+  return {
+    _valibot: true,
+    schema,
+    parser
+  };
+};
+function isValibotWrapper(schema) {
+  return schema?._valibot === true;
+}
+async function validateValibotWrapper(wrapper, data) {
+  const result = await wrapper.parser(wrapper.schema, data);
+  if (!result.success) {
+    throw new ValidationError(result.issues);
+  }
+  return result.output;
+}
+const safelyGetBody = async (ctx) => {
+  const req = ctx.req;
+  if (req._bodyParsed) {
+    return req._bodyValue;
+  }
+  try {
+    let data;
+    if (typeof req.json === "function") {
+      data = await req.json();
+    } else {
+      data = req.body;
+      if (typeof data === "string") {
+        try {
+          data = JSON.parse(data);
+        } catch {
+        }
+      }
+    }
+    req._bodyParsed = true;
+    req._bodyValue = data;
+    Object.defineProperty(req, "json", {
+      value: async () => req._bodyValue,
+      configurable: true
+    });
+    return data;
+  } catch (e) {
+    return {};
+  }
+};
+function validate(config) {
+  return async (ctx, next) => {
+    if (config.params) {
+      ctx.params = await runValidation(config.params, ctx.params);
+    }
+    if (config.query) {
+      const url = new URL(ctx.req.url);
+      const queryObj = Object.fromEntries(url.searchParams.entries());
+      await runValidation(config.query, queryObj);
+    }
+    if (config.headers) {
+      const headersObj = Object.fromEntries(ctx.req.headers.entries());
+      await runValidation(config.headers, headersObj);
+    }
+    if (config.body) {
+      const body = await safelyGetBody(ctx);
+      const validBody = await runValidation(config.body, body);
+      const req = ctx.req;
+      req._bodyValue = validBody;
+      Object.defineProperty(req, "json", {
+        value: async () => validBody,
+        configurable: true
+      });
+      ctx.body = validBody;
+    }
+    return next();
+  };
+}
+async function runValidation(schema, data) {
+  if (isZod(schema)) {
+    return validateZod(schema, data);
+  }
+  if (isTypeBox(schema)) {
+    return validateTypeBox(schema, data);
+  }
+  if (isAjv(schema)) {
+    return validateAjv(schema, data);
+  }
+  if (isValibotWrapper(schema)) {
+    return validateValibotWrapper(schema, data);
+  }
+  if (typeof schema === "function") {
+    return schema(data);
+  }
+  throw new Error("Unknown validator type provided. Please use a supported library (Zod, Ajv, TypeBox) or a custom function.");
+}
+exports.$appRoot = $appRoot;
+exports.$childControllers = $childControllers;
+exports.$childRouters = $childRouters;
+exports.$controllerPath = $controllerPath;
+exports.$dispatch = $dispatch;
+exports.$isApplication = $isApplication;
+exports.$isMounted = $isMounted;
+exports.$isRouter = $isRouter;
+exports.$middleware = $middleware;
+exports.$mountPath = $mountPath;
+exports.$parent = $parent;
+exports.$routeArgs = $routeArgs;
+exports.$routeMethods = $routeMethods;
+exports.All = All;
+exports.AuthPlugin = AuthPlugin;
+exports.Body = Body;
+exports.Compression = Compression;
+exports.Container = Container;
+exports.Controller = Controller;
+exports.Cors = Cors;
+exports.Ctx = Ctx;
+exports.Delete = Delete;
+exports.Get = Get;
+exports.HTTPMethods = HTTPMethods;
+exports.Head = Head;
+exports.Headers = Headers$1;
+exports.Inject = Inject;
+exports.Injectable = Injectable;
+exports.MemoryStore = MemoryStore;
+exports.Options = Options;
+exports.Param = Param;
+exports.Patch = Patch;
+exports.Post = Post;
+exports.Put = Put;
+exports.Query = Query;
+exports.RateLimit = RateLimit;
+exports.Req = Req;
+exports.RouteParamType = RouteParamType;
+exports.RouterRegistry = RouterRegistry;
+exports.ScalarPlugin = ScalarPlugin;
+exports.SecurityHeaders = SecurityHeaders;
+exports.Session = Session;
+exports.Shokupan = Shokupan;
+exports.ShokupanApplicationTree = ShokupanApplicationTree;
+exports.ShokupanContext = ShokupanContext;
+exports.ShokupanRequest = ShokupanRequest;
+exports.ShokupanResponse = ShokupanResponse;
+exports.ShokupanRouter = ShokupanRouter;
+exports.Use = Use;
+exports.ValidationError = ValidationError;
+exports.compose = compose;
+exports.valibot = valibot;
+exports.validate = validate;
+//# sourceMappingURL=index.cjs.map