stratal 0.0.18 → 0.0.20

package/dist/{i18n.module-BpLLLCTg.mjs → i18n.module-BBlNNlcG.mjs}

@@ -1,12 +1,16 @@
-import { A as Scope, D as runWithContainer, E as getContainer, H as ApplicationError, V as ROUTER_TOKENS, a as createHttpExceptionContext, c as DEFAULT_CONTENT_TYPE, d as ROUTER_CONTEXT_KEYS, f as ROUTE_METADATA_KEYS, k as ERROR_CODES, l as HTTP_METHODS, m as VERSION_NEUTRAL, p as SECURITY_SCHEMES, s as RouterContext, u as METHOD_STATUS_CODES, w as I18N_TOKENS } from "./errors--RBIvDXr.mjs";
-import { a as __decorate, d as CONTAINER_TOKEN, f as DI_TOKENS, g as getMethodInjections, o as __decorateParam, p as Transient, s as __decorateMetadata, u as LOGGER_TOKENS } from "./logger-c0ftIK4G.mjs";
-import { S as Module, _ as OpenAPIRouteRegistrationError, b as ControllerMethodNotFoundError, c as InvalidSignatureError, d as ResponseValidationError, f as RouteNameNotFoundError, h as RouteNotFoundError, l as MissingEnvironmentVariableError, m as SchemaValidationError, o as DomainMismatchError, s as DuplicateRouteNameError, u as MissingRouteParamError, v as HonoAppAlreadyConfiguredError, y as ControllerRegistrationError } from "./module-C3YZ-kZN.mjs";
-import { i as z, o as backendErrorMap, r as validation_exports, s as runWithErrorMapContext, t as OpenAPIHono } from "./validation-B4bePOa_.mjs";
-import { n as OPENAPI_TOKENS } from "./openapi-tools.service-B77QXD56.mjs";
-import { t as en_exports } from "./en-3QnZwP-u.mjs";
-import { i as getMethodGuards, r as getControllerGuards, t as GuardExecutionService } from "./guards-MtDgcHnF.mjs";
-import { c as getWsOnMessageMethod, d as isGateway, m as getControllerRoute, o as getWsOnCloseMethod, p as getControllerOptions, s as getWsOnErrorMethod, t as GatewayContext } from "./gateway-context-BdBFoQd8.mjs";
-import { t as setupI18nCompiler } from "./setup-BRIN-iYT.mjs";
+import { A as Scope, D as runWithContainer, E as getContainer, H as ApplicationError, V as ROUTER_TOKENS, a as createHttpExceptionContext, c as DEFAULT_CONTENT_TYPE, d as ROUTER_CONTEXT_KEYS, f as ROUTE_METADATA_KEYS, k as ERROR_CODES, l as HTTP_METHODS, m as VERSION_NEUTRAL, p as SECURITY_SCHEMES, s as RouterContext, u as METHOD_STATUS_CODES, w as I18N_TOKENS } from "./errors-BdyV5PnY.mjs";
+import { a as __decorate, d as CONTAINER_TOKEN, f as DI_TOKENS, g as getMethodInjections, o as __decorateParam, p as Transient, s as __decorateMetadata, u as LOGGER_TOKENS } from "./logger-V6Ms3QnQ.mjs";
+import { S as createThrottleMiddleware, b as ControllerRegistrationError, c as InvalidSignatureError, d as MissingRouteParamError, f as ResponseValidationError, g as RouteNotFoundError, h as SchemaValidationError, k as Module, l as MiddlewareNextCalledMultipleTimesError, o as DomainMismatchError, p as RouteNameNotFoundError, s as DuplicateRouteNameError, u as MissingEnvironmentVariableError, v as OpenAPIRouteRegistrationError, x as ControllerMethodNotFoundError, y as HonoAppAlreadyConfiguredError } from "./module-Dk2qTa77.mjs";
+import { c as backendErrorMap, i as z, l as runWithErrorMapContext, r as validation_exports, t as OpenAPIHono } from "./validation-DtJwAv7O.mjs";
+import { n as OPENAPI_TOKENS } from "./openapi-tools.service-Zs-Ewv7F.mjs";
+import { t as en_exports } from "./en-DSH_bhh6.mjs";
+import { i as getMethodGuards, r as getControllerGuards, t as GuardExecutionService } from "./guards-DUk_Kzst.mjs";
+import { n as getControllerOptions, r as getControllerRoute } from "./controller.decorator-DQzenvSN.mjs";
+import { c as getWsOnMessageMethod, d as isGateway, o as getWsOnCloseMethod, s as getWsOnErrorMethod, t as GatewayContext } from "./gateway-context-CdJjpUCW.mjs";
+import "./http-method.decorator-DXwxAfb_.mjs";
+import { n as getRateLimits } from "./rate-limit.decorator--o6Q6p9w.mjs";
+import { n as verifySignedUrl, t as signUrl } from "./signed-url-BQPbv2In.mjs";
+import { t as setupI18nCompiler } from "./setup-CefZKV_e.mjs";
 import { inject } from "tsyringe";
 import { createCoreContext, translate } from "@intlify/core-base";
 import { swaggerUI } from "@hono/swagger-ui";
@@ -705,104 +709,88 @@ function createMiddlewareChain(classes) {
 		let current = next;
 		for (let i = classes.length - 1; i >= 0; i--) {
 			const prevNext = current;
-			const middleware = requestContainer.resolve(classes[i]);
-			current = () => middleware.handle(ctx, prevNext);
+			const middlewareClass = classes[i];
+			current = () => {
+				const middleware = requestContainer.resolve(middlewareClass);
+				let called = false;
+				const guardedNext = () => {
+					if (called) {
+						const err = new MiddlewareNextCalledMultipleTimesError(middlewareClass.name ?? "anonymous");
+						console.error("[STRATAL DEBUG] next() called multiple times for " + middlewareClass.name);
+						console.error("[STRATAL DEBUG] Stack trace:", (/* @__PURE__ */ new Error()).stack);
+						return Promise.reject(err);
+					}
+					called = true;
+					return prevNext();
+				};
+				return middleware.handle(ctx, guardedNext);
+			};
 		}
 		const result = await current();
 		if (result instanceof Response) return result;
 	};
 }
 //#endregion
-//#region src/router/decorators/http-method.decorator.ts
-/**
-* Creates an HTTP method decorator factory for the given HTTP method.
-*
-* The returned decorator stores {@link ExplicitRouteMetadata} on the method and
-* tracks the method name under {@link ROUTE_METADATA_KEYS.DECORATED_METHODS}
-* on the controller prototype so they can be discovered at registration time.
-*/
-function createHttpMethodDecorator(method) {
-	return function(path, config) {
-		return function(target, propertyKey, descriptor) {
-			const metadata = {
-				type: "explicit",
-				method,
-				path,
-				config: config ?? { response: z.any() }
-			};
-			Reflect.defineMetadata(ROUTE_METADATA_KEYS.ROUTE_CONFIG, metadata, target, propertyKey);
-			const existing = Reflect.getOwnMetadata(ROUTE_METADATA_KEYS.DECORATED_METHODS, target) ?? [];
-			existing.push(propertyKey);
-			Reflect.defineMetadata(ROUTE_METADATA_KEYS.DECORATED_METHODS, existing, target);
-			return descriptor;
-		};
-	};
-}
+//#region src/router/trailing-slash.ts
 /**
-* Registers a GET route on the controller method.
-*
-* @param path - Route path relative to the controller base path
-* @param config - Optional route configuration (response schema, body, params, etc.)
-*
-* @example
-* ```typescript
-* @Controller('/api/v1/users')
-* class UsersController {
-*   @Get('/', { response: z.array(userSchema), summary: 'List users' })
-*   async list(ctx: RouterContext) { ... }
+* Apply a trailing-slash mode to a URL or path.
 *
-*   @Get('/:id', { params: z.object({ id: z.string().uuid() }), response: userSchema })
-*   async getUser(ctx: RouterContext) { ... }
-* }
-* ```
-*/
-const Get = createHttpMethodDecorator("get");
-/**
-* Registers a POST route on the controller method.
+* - `'ignore'` — return as-is.
+* - `'always'` — append `/` to the pathname unless it already has one.
+*   Skipped when the last segment contains `.` (file-like paths) and for the
+*   root `/` path.
+* - `'never'`  — strip a trailing `/` from the pathname. Skipped for root.
 *
-* @param path - Route path relative to the controller base path
-* @param config - Optional route configuration (response schema, body, params, etc.)
+* Preserves query string and hash. Handles both relative paths
+* (`/foo?x=1`) and absolute URLs (`https://host/foo?x=1`).
 *
-* @example
-* ```typescript
-* @Controller('/api/v1/users')
-* class UsersController {
-*   @Post('/', { body: createUserSchema, response: userSchema, statusCode: 201 })
-*   async createUser(ctx: RouterContext) { ... }
-* }
-* ```
+* Used by URL-generation helpers and the redirect middleware so canonical
+* form is computed in one place.
 */
-const Post = createHttpMethodDecorator("post");
+function applyTrailingSlash(url, mode) {
+	if (mode === "ignore") return url;
+	const isAbsolute = /^https?:\/\//i.test(url);
+	const parsed = isAbsolute ? new URL(url) : new URL(url, "http://placeholder.local");
+	const path = parsed.pathname;
+	if (path === "/") return url;
+	const hasTrailing = path.endsWith("/");
+	if (mode === "always" && !hasTrailing) {
+		if (path.slice(path.lastIndexOf("/") + 1).includes(".")) return url;
+		parsed.pathname = `${path}/`;
+	} else if (mode === "never" && hasTrailing) parsed.pathname = path.slice(0, -1);
+	else return url;
+	return isAbsolute ? parsed.toString() : `${parsed.pathname}${parsed.search}${parsed.hash}`;
+}
+//#endregion
+//#region src/router/middleware/trailing-slash-redirect.ts
+const REDIRECT_STATUS = 308;
 /**
-* Registers a PUT route on the controller method.
+* Create a Hono middleware that canonicalises trailing slashes via 308 redirects.
 *
-* @param path - Route path relative to the controller base path
-* @param config - Optional route configuration
-*/
-const Put = createHttpMethodDecorator("put");
-/**
-* Registers a PATCH route on the controller method.
+* - `'ignore'` — returns `null`; routes match both `/foo` and `/foo/` natively
+*   (Hono handles this when constructed with `strict: false`).
+* - `'always'` — non-trailing requests redirect to the trailing-slash form.
+*   Paths whose last segment contains `.` (e.g. `/api/openapi.json`) are skipped.
+* - `'never'`  — trailing requests redirect to the non-trailing form.
 *
-* @param path - Route path relative to the controller base path
-* @param config - Optional route configuration
-*/
-const Patch = createHttpMethodDecorator("patch");
-/**
-* Registers a DELETE route on the controller method.
+* Root (`/`) is always passed through unchanged.
 *
-* @param path - Route path relative to the controller base path
-* @param config - Optional route configuration
-*/
-const Delete = createHttpMethodDecorator("delete");
-/**
-* Registers an ALL (any HTTP method) route on the controller method.
-* Routes using @All are registered without OpenAPI validation
-* since OpenAPI does not support a catch-all HTTP method.
+* 308 is used so that POST/PUT/PATCH bodies survive the redirect.
 *
-* @param path - Route path relative to the controller base path
-* @param config - Optional route configuration
+* Location headers are emitted as path-relative URIs so the user agent
+* resolves them against the effective request URI — sidestepping scheme
+* mismatches behind HTTPS-terminating proxies that proxy HTTPS pages to an
+* HTTP-speaking backend (which would otherwise produce a mixed-content block).
 */
-const All = createHttpMethodDecorator("all");
+function createTrailingSlashRedirect(mode) {
+	if (mode === "ignore") return null;
+	return async (c, next) => {
+		const url = new URL(c.req.url);
+		const canonicalPath = applyTrailingSlash(url.pathname, mode);
+		if (canonicalPath === url.pathname) return next();
+		return c.redirect(`${canonicalPath}${url.search}`, REDIRECT_STATUS);
+	};
+}
 //#endregion
 //#region src/router/decorators/route.decorator.ts
 /**
@@ -1212,10 +1200,12 @@ let RouteRegistrationService = class RouteRegistrationService {
 		const controllerOpts = getControllerOptions(ControllerClass);
 		const controllerGuards = getControllerGuards(ControllerClass)?.guards ?? [];
 		const routerConfig = this.routerResolver?.resolveForController(ControllerClass) ?? { middleware: [] };
+		const classThrottleMiddleware = Array.from(new Set(getRateLimits(ControllerClass).map(createThrottleMiddleware)));
 		const basePath = routerConfig.prefix ? this.joinPaths(routerConfig.prefix, controllerRoute) : controllerRoute;
 		const effectiveVersion = controllerOpts?.version ?? routerConfig.version;
 		const effectiveDomain = controllerOpts?.domain ?? routerConfig.domain;
 		if (isWsGateway) {
+			const wsMiddleware = [...routerConfig.middleware, ...classThrottleMiddleware];
 			const expandedRoutes = this.registry.register({
 				method: "ws",
 				basePath,
@@ -1224,10 +1214,10 @@ let RouteRegistrationService = class RouteRegistrationService {
 				controller: ControllerClass.name,
 				action: "ws",
 				hidden: routerConfig.hideFromDocs ?? false,
-				middleware: routerConfig.middleware.map((m) => m.name)
+				middleware: wsMiddleware.map((m) => m.name)
 			});
 			for (const route of expandedRoutes) actions.set(route, () => {
-				if (routerConfig.middleware.length > 0) this.app.use(`${route.path}/*`, createMiddlewareChain(routerConfig.middleware));
+				if (wsMiddleware.length > 0) this.app.use(route.path, createMiddlewareChain(wsMiddleware));
 				if (effectiveDomain) {
 					const domainHandler = createDomainMiddleware(effectiveDomain);
 					this.app.use(route.path, domainHandler);
@@ -1241,6 +1231,7 @@ let RouteRegistrationService = class RouteRegistrationService {
 		this.controllerClasses.set(className, ControllerClass);
 		const prototype = ControllerClass.prototype;
 		if (prototype.handle) {
+			const wildcardMiddleware = [...routerConfig.middleware, ...classThrottleMiddleware];
 			const expandedRoutes = this.registry.register({
 				method: "all",
 				basePath,
@@ -1249,10 +1240,10 @@ let RouteRegistrationService = class RouteRegistrationService {
 				controller: className,
 				action: "handle",
 				hidden: routerConfig.hideFromDocs ?? false,
-				middleware: routerConfig.middleware.map((m) => m.name)
+				middleware: wildcardMiddleware.map((m) => m.name)
 			});
 			for (const route of expandedRoutes) actions.set(route, () => {
-				if (routerConfig.middleware.length > 0) this.app.use(`${route.path}/*`, createMiddlewareChain(routerConfig.middleware));
+				if (wildcardMiddleware.length > 0) this.app.use(route.path, createMiddlewareChain(wildcardMiddleware));
 				this.registerWildcardRoute(ControllerClass, route.path);
 			});
 			return;
@@ -1273,16 +1264,31 @@ let RouteRegistrationService = class RouteRegistrationService {
 			else if (meta.type === "explicit") hasExplicit = true;
 		}
 		if (hasConvention && hasExplicit) throw new ControllerRegistrationError(ControllerClass.name, "Cannot mix @Route() with HTTP method decorators (@Get, @Post, etc.) in the same controller. Use one pattern or the other.");
-		let scopedMiddlewareApplied = false;
 		const routerHidden = routerConfig.hideFromDocs;
 		const controllerHidden = controllerOpts?.hideFromDocs ?? false;
-		const effectiveNamePrefix = controllerOpts?.name ?? routerConfig.name;
-		const middlewareNames = routerConfig.middleware.map((m) => m.name);
+		const routerName = routerConfig.name;
+		const controllerName = controllerOpts?.name;
+		const effectiveNamePrefix = routerName && controllerName ? `${routerName}${controllerName}` : routerName ?? controllerName;
 		for (const { method: methodName, meta } of methodMetadata) {
 			const resolved = this.resolveMethodAndPath(meta, methodName, basePath, className);
 			if (!resolved) continue;
-			const { httpMethod, fullPath, routeConfig, statusCodeOverride } = resolved;
-			if (routerConfig.params) routeConfig.params = routeConfig.params ? routerConfig.params.extend(routeConfig.params.shape) : routerConfig.params;
+			const methodThrottleMiddleware = getRateLimits(prototype, methodName).map(createThrottleMiddleware);
+			const effectiveMiddleware = Array.from(new Set([
+				...routerConfig.middleware,
+				...classThrottleMiddleware,
+				...methodThrottleMiddleware
+			]));
+			const middlewareNames = effectiveMiddleware.map((m) => m.name);
+			const { httpMethod, fullPath, routeConfig: rawRouteConfig, statusCodeOverride } = resolved;
+			let mergedParams = rawRouteConfig.params;
+			if (routerConfig.params) {
+				const prefixShape = routerConfig.params.shape;
+				mergedParams = mergedParams ? mergedParams.extend(prefixShape) : routerConfig.params.extend({});
+			}
+			const routeConfig = mergedParams === rawRouteConfig.params ? rawRouteConfig : {
+				...rawRouteConfig,
+				params: mergedParams
+			};
 			const hideFromDocs = routeConfig.hideFromDocs ?? routerHidden ?? controllerHidden;
 			let routeName;
 			if (routeConfig.name) routeName = effectiveNamePrefix ? `${effectiveNamePrefix}${routeConfig.name}` : routeConfig.name;
@@ -1306,11 +1312,6 @@ let RouteRegistrationService = class RouteRegistrationService {
 			const responseSchema = httpMethod !== "all" ? this.extractResponseSchema(routeConfig) : null;
 			const handler = this.createControllerHandler(ControllerClass, methodName, responseSchema);
 			for (const route of expandedRoutes) actions.set(route, () => {
-				if (!scopedMiddlewareApplied && routerConfig.middleware.length > 0) {
-					const primaryRoute = expandedRoutes.find((r) => !r.isLocaleVariant) ?? expandedRoutes[0];
-					this.app.use(`${primaryRoute.path}/*`, createMiddlewareChain(routerConfig.middleware));
-					scopedMiddlewareApplied = true;
-				}
 				if (effectiveDomain) {
 					const domainHandler = createDomainMiddleware(effectiveDomain);
 					this.app.use(route.path, domainHandler);
@@ -1329,12 +1330,13 @@ let RouteRegistrationService = class RouteRegistrationService {
 						path: route.path,
 						methodName
 					});
-					if (allGuards.length > 0) this.app.all(route.path, this.createGuardMiddleware(allGuards), handler);
-					else this.app.all(route.path, handler);
+					if (effectiveMiddleware.length > 0) this.app.use(route.path, createMiddlewareChain(effectiveMiddleware));
+					if (allGuards.length > 0) this.app.use(route.path, this.createGuardMiddleware(allGuards));
+					this.app.all(route.path, handler);
 					return;
 				}
 				const metadata = this.mergeMetadata(controllerOpts, routeConfig, ControllerClass, methodName);
-				const openApiRoute = this.buildOpenAPIRoute(httpMethod, route.path, routeConfig, metadata, allGuards, meta.type === "convention" ? methodName : void 0, statusCodeOverride, route.isLocaleVariant ?? false);
+				const openApiRoute = this.buildOpenAPIRoute(httpMethod, route.path, routeConfig, metadata, meta.type === "convention" ? methodName : void 0, statusCodeOverride, route.isLocaleVariant ?? false);
 				this.logger.info(`Registering route`, {
 					controller: className,
 					method: httpMethod.toUpperCase(),
@@ -1343,7 +1345,8 @@ let RouteRegistrationService = class RouteRegistrationService {
 					tags: metadata.tags,
 					hidden: route.hidden
 				});
-				this.app.openapi(openApiRoute, handler);
+				const wrappedHandler = this.wrapHandlerWithChain(handler, effectiveMiddleware, allGuards);
+				this.app.openapi(openApiRoute, wrappedHandler);
 				if (!route.hidden) {
 					const { hide: _, ...specRoute } = openApiRoute;
 					this.app.openAPIRegistry.registerPath({
@@ -1416,6 +1419,31 @@ let RouteRegistrationService = class RouteRegistrationService {
 		};
 	}
 	/**
+	* Wrap a controller handler with a `scopedMiddleware → guards → handler`
+	* chain that runs *inside* the Hono route handler — after request
+	* validators have populated `c.req.valid(...)`. This is the only place
+	* we can run user middleware after `@hono/zod-openapi`'s validators in
+	* the same pipeline.
+	*
+	* Returns a Hono handler with the same signature as the original so
+	* `app.openapi(route, wrapped)` works transparently.
+	*/
+	wrapHandlerWithChain(handler, scopedMiddleware, guards) {
+		if (scopedMiddleware.length === 0 && guards.length === 0) return handler;
+		const scopedChain = scopedMiddleware.length > 0 ? createMiddlewareChain(scopedMiddleware) : null;
+		const guardChain = guards.length > 0 ? this.createGuardMiddleware(guards) : null;
+		return async (c) => {
+			let captured;
+			const runHandler = async () => {
+				captured = await handler(c);
+			};
+			const runGuards = guardChain ? () => guardChain(c, runHandler) : runHandler;
+			const result = await (scopedChain ? () => scopedChain(c, runGuards) : runGuards)();
+			if (result instanceof Response) return result;
+			return captured;
+		};
+	}
+	/**
 	* Register wildcard route for non-RESTful controllers
 	*/
 	registerWildcardRoute(ControllerClass, route) {
@@ -1453,9 +1481,9 @@ let RouteRegistrationService = class RouteRegistrationService {
 	* Join a base path and a route path, normalizing slashes
 	*/
 	joinPaths(basePath, routePath) {
-		if (routePath === "/") return basePath;
-		if (basePath !== "/" && basePath.endsWith("/")) basePath = basePath.slice(0, -1);
-		if (routePath && !routePath.startsWith("/")) routePath = "/" + routePath;
+		if (basePath.endsWith("/")) basePath = basePath.slice(0, -1);
+		if (routePath === "/" || routePath === "") return basePath || "/";
+		if (!routePath.startsWith("/")) routePath = "/" + routePath;
 		return basePath + routePath;
 	}
 	/**
@@ -1492,12 +1520,13 @@ let RouteRegistrationService = class RouteRegistrationService {
 	}
 	/**
 	* Build OpenAPI route configuration from metadata
-	* Creates a route definition compatible with @hono/zod-openapi
-	* Includes guard execution for proper access control
+	* Creates a route definition compatible with @hono/zod-openapi.
 	*
-	* Execution order: Global middlewares → Guards → Handler
+	* Scoped middleware and guards are NOT attached to `route.middleware`
+	* here — they're composed into a wrapped handler in `collectRoutes` so
+	* they run after Hono's request validators. See `wrapHandlerWithChain`.
 	*/
-	buildOpenAPIRoute(method, path, routeConfig, metadata, guards, methodName, statusCodeOverride, hasLocaleParam = false) {
+	buildOpenAPIRoute(method, path, routeConfig, metadata, methodName, statusCodeOverride, hasLocaleParam = false) {
 		try {
 			const route = {
 				method,
@@ -1506,7 +1535,6 @@ let RouteRegistrationService = class RouteRegistrationService {
 				responses: {},
 				hide: true
 			};
-			if (guards.length > 0) route.middleware = [this.createGuardMiddleware(guards)];
 			if (routeConfig.body) {
 				const bodySchema = this.isRouteBodyObject(routeConfig.body) ? routeConfig.body.schema : routeConfig.body;
 				const bodyContentType = this.isRouteBodyObject(routeConfig.body) ? routeConfig.body.contentType ?? "application/json" : DEFAULT_CONTENT_TYPE;
@@ -1680,12 +1708,16 @@ let HonoApp = class HonoApp extends OpenAPIHono {
 	* Used by private methods to register middleware without going through the override.
 	*/
 	nativeUse;
-	constructor(container, logger) {
-		super({ defaultHook: (result, c) => {
-			if (!result.success) throw new SchemaValidationError(result.error);
-			const override = c.get("validationSuccessResponse");
-			if (override) return override;
-		} });
+	constructor(container, logger, application) {
+		const trailingSlash = application.config.trailingSlash ?? "ignore";
+		super({
+			strict: false,
+			defaultHook: (result, c) => {
+				if (!result.success) throw new SchemaValidationError(result.error);
+				const override = c.get("validationSuccessResponse");
+				if (override) return override;
+			}
+		});
 		this._container = container;
 		this._logger = logger;
 		this.nativeUse = this.use;
@@ -1700,6 +1732,8 @@ let HonoApp = class HonoApp extends OpenAPIHono {
 			}
 			return this.nativeUse(...args);
 		});
+		const trailingSlashRedirect = createTrailingSlashRedirect(trailingSlash);
+		if (trailingSlashRedirect) this.nativeUse("*", trailingSlashRedirect);
 		this.setupRequestScope();
 		this.applyGlobalMiddleware();
 	}
@@ -1742,7 +1776,12 @@ HonoApp = __decorate([
 	Transient(),
 	__decorateParam(0, inject(CONTAINER_TOKEN)),
 	__decorateParam(1, inject(LOGGER_TOKENS.LoggerService)),
-	__decorateMetadata("design:paramtypes", [Object, Object])
+	__decorateParam(2, inject(DI_TOKENS.Application)),
+	__decorateMetadata("design:paramtypes", [
+		Object,
+		Object,
+		Object
+	])
 ], HonoApp);
 //#endregion
 //#region src/router/services/locale-path.service.ts
@@ -1891,10 +1930,21 @@ VersioningService = __decorate([
 ], VersioningService);
 //#endregion
 //#region src/router/route-registry.ts
+const CONCRETE_HTTP_METHODS = [
+	"get",
+	"post",
+	"put",
+	"delete",
+	"patch",
+	"head",
+	"options",
+	"trace"
+];
 let RouteRegistry = class RouteRegistry {
 	routes = [];
 	namedRoutes = /* @__PURE__ */ new Map();
 	_sortedCache = null;
+	_routeToNameCache = null;
 	constructor(versioningService, localePathService) {
 		this.versioningService = versioningService;
 		this.localePathService = localePathService;
@@ -1945,6 +1995,7 @@ let RouteRegistry = class RouteRegistry {
 			}
 		}
 		this._sortedCache = null;
+		this._routeToNameCache = null;
 		return expandedRoutes;
 	}
 	/** Get a named route by name */
@@ -1955,6 +2006,25 @@ let RouteRegistry = class RouteRegistry {
 	has(name) {
 		return this.namedRoutes.has(name);
 	}
+	/**
+	* Resolve a Hono-style route path pattern (e.g. as exposed by `c.req.routePath`)
+	* back to its registered name, scoped to the request's HTTP method. Locale variant
+	* paths resolve to the canonical primary route name. Method matching is
+	* case-insensitive; routes registered with `'all'` resolve under any verb.
+	*/
+	findNameByRoute(method, path) {
+		this._routeToNameCache ??= this.buildRouteToNameCache();
+		return this._routeToNameCache.get(`${method.toLowerCase()}:${path}`);
+	}
+	buildRouteToNameCache() {
+		const cache = /* @__PURE__ */ new Map();
+		for (const route of this.namedRoutes.values()) {
+			const methods = route.method === "all" ? CONCRETE_HTTP_METHODS : [route.method];
+			const paths = route.localePaths ? [route.path, ...route.localePaths] : [route.path];
+			for (const m of methods) for (const p of paths) cache.set(`${m}:${p}`, route.name);
+		}
+		return cache;
+	}
 	/** Get all routes sorted by specificity (static > param > wildcard, primary before locale) */
 	all() {
 		this._sortedCache ??= sortRoutesBySpecificity(this.routes);
@@ -1972,78 +2042,18 @@ RouteRegistry = __decorate([
 	__decorateMetadata("design:paramtypes", [Object, Object])
 ], RouteRegistry);
 //#endregion
-//#region src/router/signed-url.ts
-/**
-* Import a signing key for HMAC-SHA256.
-*/
-async function importKey(secret) {
-	const encoder = new TextEncoder();
-	return crypto.subtle.importKey("raw", encoder.encode(secret), {
-		name: "HMAC",
-		hash: "SHA-256"
-	}, false, ["sign", "verify"]);
-}
-/**
-* Encode an ArrayBuffer as base64url (URL-safe base64).
-*/
-function toBase64Url(buffer) {
-	const bytes = new Uint8Array(buffer);
-	let binary = "";
-	for (const byte of bytes) binary += String.fromCharCode(byte);
-	return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-}
-/**
-* Sign a URL with HMAC-SHA256.
-*
-* Appends `signature` and optionally `expires` query parameters.
-* The signature covers the pathname + search (excluding the signature params themselves).
-*
-* @param url - Full URL or path to sign
-* @param secret - HMAC secret key (e.g., from env.APP_SECRET)
-* @param options - Optional expiration
-* @returns URL string with `signature` (and `expires`) query params appended
-*/
-async function signUrl(url, secret, options) {
-	const parsedUrl = new URL(url, "https://placeholder.local");
-	const key = await importKey(secret);
-	if (options?.expiresIn) {
-		const expires = Math.floor(Date.now() / 1e3) + options.expiresIn;
-		parsedUrl.searchParams.set("expires", String(expires));
-	}
-	const dataToSign = `${parsedUrl.pathname}?${parsedUrl.searchParams.toString()}`;
-	const encoder = new TextEncoder();
-	const signature = toBase64Url(await crypto.subtle.sign("HMAC", key, encoder.encode(dataToSign)));
-	parsedUrl.searchParams.set("signature", signature);
-	return url.startsWith("http") ? parsedUrl.toString() : `${parsedUrl.pathname}?${parsedUrl.searchParams.toString()}`;
-}
+//#region src/router/uri.ts
 /**
-* Verify a signed URL using `crypto.subtle.verify()` (timing-attack-safe).
+* Encode a value for use as a path parameter.
 *
-* @param url - Full URL or path with signature query param
-* @param secret - HMAC secret key (same key used for signing)
-* @returns true if signature is valid and not expired
+* Splits on `/` and encodes each segment with `encodeURIComponent`, so callers
+* can pass slash-containing values for catch-all params (e.g. `:slug{.+}`) and
+* still get a usable URL — `'auth/login'` becomes `'auth/login'`, not
+* `'auth%2Flogin'`. Single segments behave exactly like `encodeURIComponent`.
 */
-async function verifySignedUrl(url, secret) {
-	const parsedUrl = new URL(url, "https://placeholder.local");
-	const signature = parsedUrl.searchParams.get("signature");
-	if (!signature) return false;
-	const expires = parsedUrl.searchParams.get("expires");
-	if (expires) {
-		const expiryTime = parseInt(expires, 10);
-		if (isNaN(expiryTime) || Math.floor(Date.now() / 1e3) > expiryTime) return false;
-	}
-	parsedUrl.searchParams.delete("signature");
-	const dataToVerify = `${parsedUrl.pathname}?${parsedUrl.searchParams.toString()}`;
-	const base64 = signature.replace(/-/g, "+").replace(/_/g, "/");
-	const binaryStr = atob(base64);
-	const signatureBytes = new Uint8Array(binaryStr.length);
-	for (let i = 0; i < binaryStr.length; i++) signatureBytes[i] = binaryStr.charCodeAt(i);
-	const key = await importKey(secret);
-	const encoder = new TextEncoder();
-	return crypto.subtle.verify("HMAC", key, signatureBytes, encoder.encode(dataToVerify));
+function encodePathParam(value) {
+	return value.split("/").map(encodeURIComponent).join("/");
 }
-//#endregion
-//#region src/router/uri.ts
 /**
 * Build a URL from a registered route, filling path/domain params and appending extras as query string.
 *
@@ -2067,7 +2077,7 @@ function buildRouteUrl(route, name, params) {
 	for (const paramName of route.paramNames) {
 		const value = allParams[paramName];
 		if (value === void 0) throw new MissingRouteParamError(paramName, name, route.path);
-		url = url.replace(new RegExp(`:${paramName}(\\{[^}]*\\})?`), encodeURIComponent(value));
+		url = url.replace(new RegExp(`:${paramName}(\\{[^}]*\\})?`), encodePathParam(value));
 		consumedKeys.add(paramName);
 	}
 	let domain;
@@ -2090,9 +2100,11 @@ function buildRouteUrl(route, name, params) {
 }
 let Uri = class Uri {
 	_defaults = {};
-	constructor(registry, routerContext) {
+	trailingSlash;
+	constructor(registry, routerContext, application) {
 		this.registry = registry;
 		this.routerContext = routerContext;
+		this.trailingSlash = application.config.trailingSlash ?? "ignore";
 	}
 	/**
 	* Set default URL parameters for this request.
@@ -2107,6 +2119,16 @@ let Uri = class Uri {
 		};
 	}
 	/**
+	* Read the currently configured default URL parameters.
+	*
+	* Used by frameworks that need to share these with the client (e.g. the
+	* Inertia adapter ships them as a shared prop so `route()` calls in the
+	* browser auto-fill the same sticky params as the server).
+	*/
+	getDefaults() {
+		return { ...this._defaults };
+	}
+	/**
 	* Generate a URL from a named route.
 	*
 	* Keys matching `:param` placeholders fill the path.
@@ -2125,10 +2147,10 @@ let Uri = class Uri {
 	route(name, params, options) {
 		const registeredRoute = this.registry.get(name);
 		if (!registeredRoute) throw new RouteNameNotFoundError(name);
-		let url = buildRouteUrl(registeredRoute, name, {
+		let url = applyTrailingSlash(buildRouteUrl(registeredRoute, name, {
 			...this._defaults,
 			...params
-		});
+		}), this.trailingSlash);
 		if (options?.absolute && !url.startsWith("http")) url = `${new URL(this.routerContext.c.req.url).origin}${url}`;
 		return url;
 	}
@@ -2176,14 +2198,14 @@ let Uri = class Uri {
 	* Get the current request URL pathname (without query string).
 	*/
 	current() {
-		return new URL(this.routerContext.c.req.url).pathname;
+		return applyTrailingSlash(new URL(this.routerContext.c.req.url).pathname, this.trailingSlash);
 	}
 	/**
 	* Get the current request URL with query string (pathname + search).
 	*/
 	full() {
 		const parsed = new URL(this.routerContext.c.req.url);
-		return `${parsed.pathname}${parsed.search}`;
+		return applyTrailingSlash(`${parsed.pathname}${parsed.search}`, this.trailingSlash);
 	}
 	/**
 	* Get the previous request URL from the Referer header.
@@ -2215,7 +2237,7 @@ let Uri = class Uri {
 	* @param options - URL generation options
 	*/
 	to(path, queryParams, options) {
-		let url = path;
+		let url = applyTrailingSlash(path, this.trailingSlash);
 		if (queryParams) {
 			const entries = Object.entries(queryParams);
 			if (entries.length > 0) {
@@ -2235,7 +2257,7 @@ let Uri = class Uri {
 	query(path, queryParams) {
 		const parsed = new URL(path, "https://placeholder.local");
 		for (const [key, value] of Object.entries(queryParams)) parsed.searchParams.set(key, value);
-		return `${parsed.pathname}${parsed.search}`;
+		return applyTrailingSlash(`${parsed.pathname}${parsed.search}`, this.trailingSlash);
 	}
 	getAppSecret() {
 		const secret = this.routerContext.c.env.APP_SECRET;
@@ -2247,7 +2269,12 @@ Uri = __decorate([
 	Transient(),
 	__decorateParam(0, inject(ROUTER_TOKENS.RouteRegistry)),
 	__decorateParam(1, inject(ROUTER_TOKENS.RouterContext)),
-	__decorateMetadata("design:paramtypes", [Object, Object])
+	__decorateParam(2, inject(DI_TOKENS.Application)),
+	__decorateMetadata("design:paramtypes", [
+		Object,
+		Object,
+		Object
+	])
 ], Uri);
 //#endregion
 //#region src/router/route-url.ts
@@ -2277,9 +2304,12 @@ Uri = __decorate([
 * ```
 */
 function route(name, params) {
-	const registeredRoute = getContainer().resolve(ROUTER_TOKENS.RouteRegistry).get(name);
+	const container = getContainer();
+	const registry = container.resolve(ROUTER_TOKENS.RouteRegistry);
+	const application = container.resolve(DI_TOKENS.Application);
+	const registeredRoute = registry.get(name);
 	if (!registeredRoute) throw new RouteNameNotFoundError(name);
-	return buildRouteUrl(registeredRoute, name, params);
+	return applyTrailingSlash(buildRouteUrl(registeredRoute, name, params), application.config.trailingSlash ?? "ignore");
 }
 //#endregion
 //#region src/router/middleware/verify-signature.middleware.ts
@@ -2457,6 +2487,6 @@ I18nModule = _I18nModule = __decorate([Module({ providers: [
 	}
 ] })], I18nModule);
 //#endregion
-export { Delete as A, MessageRegistry as B, successMessageSchema as C, getRouteDecoratedMethods as D, Route as E, createMiddlewareChain as F, buildDetectorOptions as G, getLocales as H, createDomainMiddleware as I, LocaleNotSupportedError as J, resolveI18nOptions as K, parseDomainPattern as L, Patch as M, Post as N, getRouteMetadata as O, Put as P, OpenAPIModule as R, paginationQuerySchema as S, validationErrorResponseSchema as T, getMessages as U, MessageLoaderService as V, messages as W, I18nContextMiddleware as X, OpenAPIConfigService as Y, sortRoutesBySpecificity as _, buildRouteUrl as a, errorResponseSchema as b, RouteRegistry as c, HonoApp as d, RouteRegistrationService as f, getPathSpecificityScore as g, generateConventionRouteName as h, Uri as i, Get as j, All as k, VersioningService as l, extractParamNames as m, VerifySignatureMiddleware as n, signUrl as o, extractDomainParamNames as p, TranslationMissingError as q, route as r, verifySignedUrl as s, I18nModule as t, LocalePathService as u, toOpenAPIPath as v, uuidParamSchema as w, paginatedResponseSchema as x, commonErrorSchemas as y, OpenAPIService as z };
+export { OpenAPIModule as A, LocaleNotSupportedError as B, validationErrorResponseSchema as C, createMiddlewareChain as D, getRouteMetadata as E, getMessages as F, I18nContextMiddleware as H, messages as I, buildDetectorOptions as L, MessageRegistry as M, MessageLoaderService as N, createDomainMiddleware as O, getLocales as P, resolveI18nOptions as R, uuidParamSchema as S, getRouteDecoratedMethods as T, OpenAPIConfigService as V, commonErrorSchemas as _, buildRouteUrl as a, paginationQuerySchema as b, LocalePathService as c, extractDomainParamNames as d, extractParamNames as f, toOpenAPIPath as g, sortRoutesBySpecificity as h, Uri as i, OpenAPIService as j, parseDomainPattern as k, HonoApp as l, getPathSpecificityScore as m, VerifySignatureMiddleware as n, RouteRegistry as o, generateConventionRouteName as p, route as r, VersioningService as s, I18nModule as t, RouteRegistrationService as u, errorResponseSchema as v, Route as w, successMessageSchema as x, paginatedResponseSchema as y, TranslationMissingError as z };
 
-//# sourceMappingURL=i18n.module-BpLLLCTg.mjs.map
+//# sourceMappingURL=i18n.module-BBlNNlcG.mjs.map