npm - vector-framework - Versions diffs - 1.1.1 → 1.2.1 - Mend

vector-framework 1.1.1 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (128) hide show

package/README.md +99 -628
package/dist/auth/protected.d.ts +1 -0
package/dist/auth/protected.d.ts.map +1 -1
package/dist/auth/protected.js +3 -0
package/dist/auth/protected.js.map +1 -1
package/dist/cache/manager.d.ts +1 -0
package/dist/cache/manager.d.ts.map +1 -1
package/dist/cache/manager.js +5 -7
package/dist/cache/manager.js.map +1 -1
package/dist/cli/graceful-shutdown.d.ts +15 -0
package/dist/cli/graceful-shutdown.d.ts.map +1 -0
package/dist/cli/graceful-shutdown.js +42 -0
package/dist/cli/graceful-shutdown.js.map +1 -0
package/dist/cli/index.js +46 -97
package/dist/cli/index.js.map +1 -1
package/dist/cli/option-resolution.d.ts +4 -0
package/dist/cli/option-resolution.d.ts.map +1 -0
package/dist/cli/option-resolution.js +28 -0
package/dist/cli/option-resolution.js.map +1 -0
package/dist/cli.js +3423 -660
package/dist/constants/index.d.ts +3 -0
package/dist/constants/index.d.ts.map +1 -1
package/dist/constants/index.js +6 -0
package/dist/constants/index.js.map +1 -1
package/dist/core/config-loader.d.ts.map +1 -1
package/dist/core/config-loader.js +7 -2
package/dist/core/config-loader.js.map +1 -1
package/dist/core/router.d.ts +41 -17
package/dist/core/router.d.ts.map +1 -1
package/dist/core/router.js +432 -153
package/dist/core/router.js.map +1 -1
package/dist/core/server.d.ts +17 -1
package/dist/core/server.d.ts.map +1 -1
package/dist/core/server.js +471 -31
package/dist/core/server.js.map +1 -1
package/dist/core/vector.d.ts +8 -5
package/dist/core/vector.d.ts.map +1 -1
package/dist/core/vector.js +53 -14
package/dist/core/vector.js.map +1 -1
package/dist/dev/route-generator.d.ts.map +1 -1
package/dist/dev/route-generator.js.map +1 -1
package/dist/dev/route-scanner.d.ts.map +1 -1
package/dist/dev/route-scanner.js +1 -5
package/dist/dev/route-scanner.js.map +1 -1
package/dist/http.d.ts +14 -14
package/dist/http.d.ts.map +1 -1
package/dist/http.js +34 -41
package/dist/http.js.map +1 -1
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +1420 -8
package/dist/index.js.map +1 -1
package/dist/index.mjs +1420 -8
package/dist/middleware/manager.d.ts.map +1 -1
package/dist/middleware/manager.js +4 -0
package/dist/middleware/manager.js.map +1 -1
package/dist/openapi/docs-ui.d.ts +2 -0
package/dist/openapi/docs-ui.d.ts.map +1 -0
package/dist/openapi/docs-ui.js +1425 -0
package/dist/openapi/docs-ui.js.map +1 -0
package/dist/openapi/generator.d.ts +12 -0
package/dist/openapi/generator.d.ts.map +1 -0
package/dist/openapi/generator.js +502 -0
package/dist/openapi/generator.js.map +1 -0
package/dist/start-vector.d.ts +3 -0
package/dist/start-vector.d.ts.map +1 -0
package/dist/start-vector.js +38 -0
package/dist/start-vector.js.map +1 -0
package/dist/types/index.d.ts +95 -11
package/dist/types/index.d.ts.map +1 -1
package/dist/types/standard-schema.d.ts +118 -0
package/dist/types/standard-schema.d.ts.map +1 -0
package/dist/types/standard-schema.js +2 -0
package/dist/types/standard-schema.js.map +1 -0
package/dist/utils/cors.d.ts +13 -0
package/dist/utils/cors.d.ts.map +1 -0
package/dist/utils/cors.js +89 -0
package/dist/utils/cors.js.map +1 -0
package/dist/utils/logger.js +1 -1
package/dist/utils/path.d.ts +6 -0
package/dist/utils/path.d.ts.map +1 -1
package/dist/utils/path.js +5 -0
package/dist/utils/path.js.map +1 -1
package/dist/utils/schema-validation.d.ts +31 -0
package/dist/utils/schema-validation.d.ts.map +1 -0
package/dist/utils/schema-validation.js +77 -0
package/dist/utils/schema-validation.js.map +1 -0
package/dist/utils/validation.d.ts.map +1 -1
package/dist/utils/validation.js +3 -0
package/dist/utils/validation.js.map +1 -1
package/package.json +15 -12
package/src/auth/protected.ts +7 -13
package/src/cache/manager.ts +8 -18
package/src/cli/graceful-shutdown.ts +60 -0
package/src/cli/index.ts +52 -115
package/src/cli/option-resolution.ts +40 -0
package/src/constants/index.ts +7 -0
package/src/core/config-loader.ts +7 -4
package/src/core/router.ts +502 -156
package/src/core/server.ts +610 -33
package/src/core/vector.ts +87 -33
package/src/dev/route-generator.ts +1 -3
package/src/dev/route-scanner.ts +2 -9
package/src/http.ts +85 -125
package/src/index.ts +4 -3
package/src/middleware/manager.ts +4 -0
package/src/openapi/assets/favicon/android-chrome-192x192.png +0 -0
package/src/openapi/assets/favicon/android-chrome-512x512.png +0 -0
package/src/openapi/assets/favicon/apple-touch-icon.png +0 -0
package/src/openapi/assets/favicon/favicon-16x16.png +0 -0
package/src/openapi/assets/favicon/favicon-32x32.png +0 -0
package/src/openapi/assets/favicon/favicon.ico +0 -0
package/src/openapi/assets/favicon/site.webmanifest +11 -0
package/src/openapi/assets/logo.svg +12 -0
package/src/openapi/assets/logo_dark.svg +6 -0
package/src/openapi/assets/logo_icon.png +0 -0
package/src/openapi/assets/logo_white.svg +6 -0
package/src/openapi/assets/tailwindcdn.js +83 -0
package/src/openapi/docs-ui.ts +1435 -0
package/src/openapi/generator.ts +586 -0
package/src/start-vector.ts +50 -0
package/src/types/index.ts +138 -17
package/src/types/standard-schema.ts +147 -0
package/src/utils/cors.ts +101 -0
package/src/utils/logger.ts +1 -1
package/src/utils/path.ts +6 -0
package/src/utils/schema-validation.ts +123 -0
package/src/utils/validation.ts +3 -0

package/src/core/server.ts CHANGED Viewed

@@ -1,28 +1,270 @@
 import type { Server } from 'bun';
-import { cors } from 'itty-router';
-import type { CorsOptions, DefaultVectorTypes, VectorConfig, VectorTypes } from '../types';
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { STATIC_RESPONSES } from '../constants';
+import { cors } from '../utils/cors';
+import { renderOpenAPIDocsHtml } from '../openapi/docs-ui';
+import { generateOpenAPIDocument } from '../openapi/generator';
+import type { CorsOptions, DefaultVectorTypes, OpenAPIOptions, VectorConfig, VectorTypes } from '../types';
 import type { VectorRouter } from './router';
+interface NormalizedOpenAPIConfig {
+  enabled: boolean;
+  path: string;
+  target: string;
+  docs: {
+    enabled: boolean;
+    path: string;
+    exposePaths?: string[];
+  };
+  info?: {
+    title?: string;
+    version?: string;
+    description?: string;
+  };
+}
+const OPENAPI_TAILWIND_ASSET_PATH = '/_vector/openapi/tailwindcdn.js';
+const OPENAPI_LOGO_DARK_ASSET_PATH = '/_vector/openapi/logo_dark.svg';
+const OPENAPI_LOGO_WHITE_ASSET_PATH = '/_vector/openapi/logo_white.svg';
+const OPENAPI_APPLE_TOUCH_ICON_ASSET_PATH = '/_vector/openapi/favicon/apple-touch-icon.png';
+const OPENAPI_FAVICON_32_ASSET_PATH = '/_vector/openapi/favicon/favicon-32x32.png';
+const OPENAPI_FAVICON_16_ASSET_PATH = '/_vector/openapi/favicon/favicon-16x16.png';
+const OPENAPI_FAVICON_ICO_ASSET_PATH = '/_vector/openapi/favicon/favicon.ico';
+const OPENAPI_WEBMANIFEST_ASSET_PATH = '/_vector/openapi/favicon/site.webmanifest';
+const OPENAPI_ANDROID_192_ASSET_PATH = '/_vector/openapi/favicon/android-chrome-192x192.png';
+const OPENAPI_ANDROID_512_ASSET_PATH = '/_vector/openapi/favicon/android-chrome-512x512.png';
+const OPENAPI_TAILWIND_ASSET_RELATIVE_CANDIDATES = [
+  // Source execution (src/core/server.ts -> src/openapi/assets/tailwindcdn.js)
+  '../openapi/assets/tailwindcdn.js',
+  // Bundled dist entrypoints (dist/index.mjs|dist/cli.js -> src/openapi/assets/tailwindcdn.js)
+  '../src/openapi/assets/tailwindcdn.js',
+  // Unbundled dist/core/server.js execution (dist/core -> src/openapi/assets/tailwindcdn.js)
+  '../../src/openapi/assets/tailwindcdn.js',
+] as const;
+const OPENAPI_LOGO_DARK_ASSET_RELATIVE_CANDIDATES = [
+  // Source execution (src/core/server.ts -> src/openapi/assets/logo_dark.svg)
+  '../openapi/assets/logo_dark.svg',
+  // Bundled dist entrypoints (dist/index.mjs|dist/cli.js -> src/openapi/assets/logo_dark.svg)
+  '../src/openapi/assets/logo_dark.svg',
+  // Unbundled dist/core/server.js execution (dist/core -> src/openapi/assets/logo_dark.svg)
+  '../../src/openapi/assets/logo_dark.svg',
+] as const;
+const OPENAPI_LOGO_WHITE_ASSET_RELATIVE_CANDIDATES = [
+  // Source execution (src/core/server.ts -> src/openapi/assets/logo_white.svg)
+  '../openapi/assets/logo_white.svg',
+  // Bundled dist entrypoints (dist/index.mjs|dist/cli.js -> src/openapi/assets/logo_white.svg)
+  '../src/openapi/assets/logo_white.svg',
+  // Unbundled dist/core/server.js execution (dist/core -> src/openapi/assets/logo_white.svg)
+  '../../src/openapi/assets/logo_white.svg',
+] as const;
+const OPENAPI_TAILWIND_ASSET_CWD_CANDIDATES = [
+  'src/openapi/assets/tailwindcdn.js',
+  'openapi/assets/tailwindcdn.js',
+  'dist/openapi/assets/tailwindcdn.js',
+] as const;
+const OPENAPI_LOGO_DARK_ASSET_CWD_CANDIDATES = [
+  'src/openapi/assets/logo_dark.svg',
+  'openapi/assets/logo_dark.svg',
+  'dist/openapi/assets/logo_dark.svg',
+] as const;
+const OPENAPI_LOGO_WHITE_ASSET_CWD_CANDIDATES = [
+  'src/openapi/assets/logo_white.svg',
+  'openapi/assets/logo_white.svg',
+  'dist/openapi/assets/logo_white.svg',
+] as const;
+const OPENAPI_FAVICON_ASSET_RELATIVE_BASE_CANDIDATES = [
+  '../openapi/assets/favicon',
+  '../src/openapi/assets/favicon',
+  '../../src/openapi/assets/favicon',
+] as const;
+const OPENAPI_FAVICON_ASSET_CWD_BASE_CANDIDATES = [
+  'src/openapi/assets/favicon',
+  'openapi/assets/favicon',
+  'dist/openapi/assets/favicon',
+] as const;
+const OPENAPI_TAILWIND_ASSET_INLINE_FALLBACK = '/* OpenAPI docs runtime asset missing: tailwind disabled */';
+function buildOpenAPIAssetCandidatePaths(bases: readonly string[], filename: string): string[] {
+  return bases.map((base) => `${base}/${filename}`);
+}
+function resolveOpenAPIAssetFile(
+  relativeCandidates: readonly string[],
+  cwdCandidates: readonly string[]
+): ReturnType<typeof Bun.file> | null {
+  for (const relativePath of relativeCandidates) {
+    try {
+      const fileUrl = new URL(relativePath, import.meta.url);
+      if (existsSync(fileUrl)) {
+        return Bun.file(fileUrl);
+      }
+    } catch {
+      // Ignore resolution failures and try the next candidate.
+    }
+  }
+  const cwd = process.cwd();
+  for (const relativePath of cwdCandidates) {
+    const absolutePath = join(cwd, relativePath);
+    if (existsSync(absolutePath)) {
+      return Bun.file(absolutePath);
+    }
+  }
+  return null;
+}
+const OPENAPI_TAILWIND_ASSET_FILE = resolveOpenAPIAssetFile(
+  OPENAPI_TAILWIND_ASSET_RELATIVE_CANDIDATES,
+  OPENAPI_TAILWIND_ASSET_CWD_CANDIDATES
+);
+const OPENAPI_LOGO_DARK_ASSET_FILE = resolveOpenAPIAssetFile(
+  OPENAPI_LOGO_DARK_ASSET_RELATIVE_CANDIDATES,
+  OPENAPI_LOGO_DARK_ASSET_CWD_CANDIDATES
+);
+const OPENAPI_LOGO_WHITE_ASSET_FILE = resolveOpenAPIAssetFile(
+  OPENAPI_LOGO_WHITE_ASSET_RELATIVE_CANDIDATES,
+  OPENAPI_LOGO_WHITE_ASSET_CWD_CANDIDATES
+);
+const OPENAPI_APPLE_TOUCH_ICON_ASSET_FILE = resolveOpenAPIAssetFile(
+  buildOpenAPIAssetCandidatePaths(OPENAPI_FAVICON_ASSET_RELATIVE_BASE_CANDIDATES, 'apple-touch-icon.png'),
+  buildOpenAPIAssetCandidatePaths(OPENAPI_FAVICON_ASSET_CWD_BASE_CANDIDATES, 'apple-touch-icon.png')
+);
+const OPENAPI_FAVICON_32_ASSET_FILE = resolveOpenAPIAssetFile(
+  buildOpenAPIAssetCandidatePaths(OPENAPI_FAVICON_ASSET_RELATIVE_BASE_CANDIDATES, 'favicon-32x32.png'),
+  buildOpenAPIAssetCandidatePaths(OPENAPI_FAVICON_ASSET_CWD_BASE_CANDIDATES, 'favicon-32x32.png')
+);
+const OPENAPI_FAVICON_16_ASSET_FILE = resolveOpenAPIAssetFile(
+  buildOpenAPIAssetCandidatePaths(OPENAPI_FAVICON_ASSET_RELATIVE_BASE_CANDIDATES, 'favicon-16x16.png'),
+  buildOpenAPIAssetCandidatePaths(OPENAPI_FAVICON_ASSET_CWD_BASE_CANDIDATES, 'favicon-16x16.png')
+);
+const OPENAPI_FAVICON_ICO_ASSET_FILE = resolveOpenAPIAssetFile(
+  buildOpenAPIAssetCandidatePaths(OPENAPI_FAVICON_ASSET_RELATIVE_BASE_CANDIDATES, 'favicon.ico'),
+  buildOpenAPIAssetCandidatePaths(OPENAPI_FAVICON_ASSET_CWD_BASE_CANDIDATES, 'favicon.ico')
+);
+const OPENAPI_WEBMANIFEST_ASSET_FILE = resolveOpenAPIAssetFile(
+  buildOpenAPIAssetCandidatePaths(OPENAPI_FAVICON_ASSET_RELATIVE_BASE_CANDIDATES, 'site.webmanifest'),
+  buildOpenAPIAssetCandidatePaths(OPENAPI_FAVICON_ASSET_CWD_BASE_CANDIDATES, 'site.webmanifest')
+);
+const OPENAPI_ANDROID_192_ASSET_FILE = resolveOpenAPIAssetFile(
+  buildOpenAPIAssetCandidatePaths(OPENAPI_FAVICON_ASSET_RELATIVE_BASE_CANDIDATES, 'android-chrome-192x192.png'),
+  buildOpenAPIAssetCandidatePaths(OPENAPI_FAVICON_ASSET_CWD_BASE_CANDIDATES, 'android-chrome-192x192.png')
+);
+const OPENAPI_ANDROID_512_ASSET_FILE = resolveOpenAPIAssetFile(
+  buildOpenAPIAssetCandidatePaths(OPENAPI_FAVICON_ASSET_RELATIVE_BASE_CANDIDATES, 'android-chrome-512x512.png'),
+  buildOpenAPIAssetCandidatePaths(OPENAPI_FAVICON_ASSET_CWD_BASE_CANDIDATES, 'android-chrome-512x512.png')
+);
+const OPENAPI_FAVICON_ASSETS = [
+  {
+    path: OPENAPI_APPLE_TOUCH_ICON_ASSET_PATH,
+    file: OPENAPI_APPLE_TOUCH_ICON_ASSET_FILE,
+    contentType: 'image/png',
+    filename: 'apple-touch-icon.png',
+  },
+  {
+    path: OPENAPI_FAVICON_32_ASSET_PATH,
+    file: OPENAPI_FAVICON_32_ASSET_FILE,
+    contentType: 'image/png',
+    filename: 'favicon-32x32.png',
+  },
+  {
+    path: OPENAPI_FAVICON_16_ASSET_PATH,
+    file: OPENAPI_FAVICON_16_ASSET_FILE,
+    contentType: 'image/png',
+    filename: 'favicon-16x16.png',
+  },
+  {
+    path: OPENAPI_FAVICON_ICO_ASSET_PATH,
+    file: OPENAPI_FAVICON_ICO_ASSET_FILE,
+    contentType: 'image/x-icon',
+    filename: 'favicon.ico',
+  },
+  {
+    path: OPENAPI_WEBMANIFEST_ASSET_PATH,
+    file: OPENAPI_WEBMANIFEST_ASSET_FILE,
+    contentType: 'application/manifest+json; charset=utf-8',
+    filename: 'site.webmanifest',
+  },
+  {
+    path: OPENAPI_ANDROID_192_ASSET_PATH,
+    file: OPENAPI_ANDROID_192_ASSET_FILE,
+    contentType: 'image/png',
+    filename: 'android-chrome-192x192.png',
+  },
+  {
+    path: OPENAPI_ANDROID_512_ASSET_PATH,
+    file: OPENAPI_ANDROID_512_ASSET_FILE,
+    contentType: 'image/png',
+    filename: 'android-chrome-512x512.png',
+  },
+] as const;
+const DOCS_HTML_CACHE_CONTROL = 'public, max-age=0, must-revalidate';
+const DOCS_ASSET_CACHE_CONTROL = 'public, max-age=31536000, immutable';
+const DOCS_ASSET_ERROR_CACHE_CONTROL = 'no-store';
+interface OpenAPIDocsHtmlCacheEntry {
+  html: string;
+  gzip: Uint8Array;
+  etag: string;
+}
+function escapeRegex(value: string): string {
+  return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+function wildcardPatternToRegex(pattern: string): RegExp {
+  let regexSource = '^';
+  for (const char of pattern) {
+    if (char === '*') {
+      regexSource += '.*';
+      continue;
+    }
+    regexSource += escapeRegex(char);
+  }
+  regexSource += '$';
+  return new RegExp(regexSource);
+}
+function matchesExposePath(path: string, exposePathPattern: string): boolean {
+  if (!exposePathPattern.includes('*')) {
+    return path === exposePathPattern;
+  }
+  return wildcardPatternToRegex(exposePathPattern).test(path);
+}
 export class VectorServer<TTypes extends VectorTypes = DefaultVectorTypes> {
   private server: Server | null = null;
   private router: VectorRouter<TTypes>;
   private config: VectorConfig<TTypes>;
-  private corsHandler: any;
-  private corsHeaders: Record<string, string> | null = null;
+  private openapiConfig: NormalizedOpenAPIConfig;
+  private openapiDocCache: Record<string, unknown> | null = null;
+  private openapiDocsHtmlCache: OpenAPIDocsHtmlCacheEntry | null = null;
+  private openapiWarningsLogged = false;
+  private openapiTailwindMissingLogged = false;
+  private openapiLogoDarkMissingLogged = false;
+  private openapiLogoWhiteMissingLogged = false;
+  private corsHandler: {
+    preflight: (request: Request) => Response;
+    corsify: (response: Response, request: Request) => Response;
+  } | null = null;
+  private corsHeadersEntries: [string, string][] | null = null;
   constructor(router: VectorRouter<TTypes>, config: VectorConfig<TTypes>) {
     this.router = router;
     this.config = config;
+    this.openapiConfig = this.normalizeOpenAPIConfig(config.openapi, config.development);
     if (config.cors) {
       const opts = this.normalizeCorsOptions(config.cors);
       const { preflight, corsify } = cors(opts);
       this.corsHandler = { preflight, corsify };
-      // Pre-build static CORS headers when origin is a fixed string.
-      // Avoids cloning the Response on every request via corsify().
-      if (typeof opts.origin === 'string') {
-        this.corsHeaders = {
+      // Pre-build static CORS headers when origin does not require per-request reflection.
+      const canUseStaticCorsHeaders = typeof opts.origin === 'string' && (opts.origin !== '*' || !opts.credentials);
+      if (canUseStaticCorsHeaders) {
+        const corsHeaders: Record<string, string> = {
           'access-control-allow-origin': opts.origin,
           'access-control-allow-methods': opts.allowMethods,
           'access-control-allow-headers': opts.allowHeaders,
@@ -30,10 +272,333 @@ export class VectorServer<TTypes extends VectorTypes = DefaultVectorTypes> {
           'access-control-max-age': String(opts.maxAge),
         };
         if (opts.credentials) {
-          this.corsHeaders['access-control-allow-credentials'] = 'true';
+          corsHeaders['access-control-allow-credentials'] = 'true';
+        }
+        this.corsHeadersEntries = Object.entries(corsHeaders);
+      }
+      // Pass CORS behavior to router so matched routes also receive CORS headers.
+      this.router.setCorsHeaders(this.corsHeadersEntries);
+      this.router.setCorsHandler(this.corsHeadersEntries ? null : this.corsHandler.corsify);
+    }
+  }
+  private normalizeOpenAPIConfig(
+    openapi: OpenAPIOptions | boolean | undefined,
+    development: boolean | undefined
+  ): NormalizedOpenAPIConfig {
+    const isDev = development !== false && process.env.NODE_ENV !== 'production';
+    const defaultEnabled = isDev;
+    if (openapi === false) {
+      return {
+        enabled: false,
+        path: '/openapi.json',
+        target: 'openapi-3.0',
+        docs: { enabled: false, path: '/docs' },
+      };
+    }
+    if (openapi === true) {
+      return {
+        enabled: true,
+        path: '/openapi.json',
+        target: 'openapi-3.0',
+        docs: { enabled: false, path: '/docs' },
+      };
+    }
+    const openapiObject = openapi || {};
+    const docsValue = openapiObject.docs;
+    const docs =
+      typeof docsValue === 'boolean'
+        ? { enabled: docsValue, path: '/docs', exposePaths: undefined }
+        : {
+            enabled: docsValue?.enabled === true,
+            path: docsValue?.path || '/docs',
+            exposePaths: Array.isArray(docsValue?.exposePaths)
+              ? docsValue.exposePaths
+                  .map((path) => (typeof path === 'string' ? path.trim() : ''))
+                  .filter((path) => path.length > 0)
+              : undefined,
+          };
+    return {
+      enabled: openapiObject.enabled ?? defaultEnabled,
+      path: openapiObject.path || '/openapi.json',
+      target: openapiObject.target || 'openapi-3.0',
+      docs,
+      info: openapiObject.info,
+    };
+  }
+  private isDocsReservedPath(path: string): boolean {
+    return (
+      path === this.openapiConfig.path || (this.openapiConfig.docs.enabled && path === this.openapiConfig.docs.path)
+    );
+  }
+  private getOpenAPIDocument(): Record<string, unknown> {
+    if (this.openapiDocCache) {
+      return this.openapiDocCache;
+    }
+    const routes = this.router.getRouteDefinitions().filter((route) => !this.isDocsReservedPath(route.path));
+    const result = generateOpenAPIDocument(routes as any, {
+      target: this.openapiConfig.target,
+      info: this.openapiConfig.info,
+    });
+    if (!this.openapiWarningsLogged && result.warnings.length > 0) {
+      for (const warning of result.warnings) {
+        console.warn(warning);
+      }
+      this.openapiWarningsLogged = true;
+    }
+    this.openapiDocCache = result.document;
+    return this.openapiDocCache;
+  }
+  private getOpenAPIDocumentForDocs(): Record<string, unknown> {
+    const exposePaths = this.openapiConfig.docs.exposePaths;
+    const document = this.getOpenAPIDocument();
+    if (!Array.isArray(exposePaths) || exposePaths.length === 0) {
+      return document;
+    }
+    const existingPaths =
+      document.paths && typeof document.paths === 'object' && !Array.isArray(document.paths)
+        ? (document.paths as Record<string, unknown>)
+        : {};
+    const filteredPaths: Record<string, unknown> = {};
+    for (const [path, value] of Object.entries(existingPaths)) {
+      if (exposePaths.some((pattern) => matchesExposePath(path, pattern))) {
+        filteredPaths[path] = value;
+      }
+    }
+    return {
+      ...document,
+      paths: filteredPaths,
+    };
+  }
+  private getOpenAPIDocsHtmlCacheEntry(): OpenAPIDocsHtmlCacheEntry {
+    if (this.openapiDocsHtmlCache) {
+      return this.openapiDocsHtmlCache;
+    }
+    const html = renderOpenAPIDocsHtml(
+      this.getOpenAPIDocumentForDocs(),
+      this.openapiConfig.path,
+      OPENAPI_TAILWIND_ASSET_PATH,
+      OPENAPI_LOGO_DARK_ASSET_PATH,
+      OPENAPI_LOGO_WHITE_ASSET_PATH,
+      OPENAPI_APPLE_TOUCH_ICON_ASSET_PATH,
+      OPENAPI_FAVICON_32_ASSET_PATH,
+      OPENAPI_FAVICON_16_ASSET_PATH,
+      OPENAPI_WEBMANIFEST_ASSET_PATH
+    );
+    const gzip = Bun.gzipSync(html);
+    const etag = `"${Bun.hash(html).toString(16)}"`;
+    this.openapiDocsHtmlCache = { html, gzip, etag };
+    return this.openapiDocsHtmlCache;
+  }
+  private requestAcceptsGzip(request: Request): boolean {
+    const acceptEncoding = request.headers.get('accept-encoding');
+    return Boolean(acceptEncoding && /\bgzip\b/i.test(acceptEncoding));
+  }
+  private validateReservedOpenAPIPaths(): void {
+    if (!this.openapiConfig.enabled) {
+      return;
+    }
+    const reserved = new Set<string>([this.openapiConfig.path]);
+    if (this.openapiConfig.docs.enabled) {
+      reserved.add(this.openapiConfig.docs.path);
+      reserved.add(OPENAPI_TAILWIND_ASSET_PATH);
+      reserved.add(OPENAPI_LOGO_DARK_ASSET_PATH);
+      reserved.add(OPENAPI_LOGO_WHITE_ASSET_PATH);
+      for (const asset of OPENAPI_FAVICON_ASSETS) {
+        reserved.add(asset.path);
+      }
+    }
+    const methodConflicts = this.router
+      .getRouteDefinitions()
+      .filter((route) => reserved.has(route.path))
+      .map((route) => `${route.method} ${route.path}`);
+    const staticConflicts = Object.entries(this.router.getRouteTable())
+      .filter(([path, value]) => reserved.has(path) && value instanceof Response)
+      .map(([path]) => `STATIC ${path}`);
+    const conflicts = [...methodConflicts, ...staticConflicts];
+    if (conflicts.length > 0) {
+      throw new Error(
+        `OpenAPI reserved path conflict: ${conflicts.join(
+          ', '
+        )}. Change your route path(s) or reconfigure openapi.path/docs.path.`
+      );
+    }
+  }
+  private tryHandleOpenAPIRequest(request: Request): Response | null {
+    if (!this.openapiConfig.enabled || request.method !== 'GET') {
+      return null;
+    }
+    const pathname = new URL(request.url).pathname;
+    if (pathname === this.openapiConfig.path) {
+      return Response.json(this.getOpenAPIDocument());
+    }
+    if (this.openapiConfig.docs.enabled && pathname === this.openapiConfig.docs.path) {
+      const { html, gzip, etag } = this.getOpenAPIDocsHtmlCacheEntry();
+      if (request.headers.get('if-none-match') === etag) {
+        return new Response(null, {
+          status: 304,
+          headers: {
+            etag,
+            'cache-control': DOCS_HTML_CACHE_CONTROL,
+            vary: 'accept-encoding',
+          },
+        });
+      }
+      if (this.requestAcceptsGzip(request)) {
+        return new Response(gzip, {
+          status: 200,
+          headers: {
+            'content-type': 'text/html; charset=utf-8',
+            'content-encoding': 'gzip',
+            etag,
+            'cache-control': DOCS_HTML_CACHE_CONTROL,
+            vary: 'accept-encoding',
+          },
+        });
+      }
+      return new Response(html, {
+        status: 200,
+        headers: {
+          'content-type': 'text/html; charset=utf-8',
+          etag,
+          'cache-control': DOCS_HTML_CACHE_CONTROL,
+          vary: 'accept-encoding',
+        },
+      });
+    }
+    if (this.openapiConfig.docs.enabled && pathname === OPENAPI_TAILWIND_ASSET_PATH) {
+      if (!OPENAPI_TAILWIND_ASSET_FILE) {
+        if (!this.openapiTailwindMissingLogged) {
+          this.openapiTailwindMissingLogged = true;
+          console.warn(
+            '[OpenAPI] Missing docs runtime asset "tailwindcdn.js". Serving inline fallback script instead.'
+          );
+        }
+        return new Response(OPENAPI_TAILWIND_ASSET_INLINE_FALLBACK, {
+          status: 200,
+          headers: {
+            'content-type': 'application/javascript; charset=utf-8',
+            'cache-control': DOCS_ASSET_CACHE_CONTROL,
+          },
+        });
+      }
+      return new Response(OPENAPI_TAILWIND_ASSET_FILE, {
+        status: 200,
+        headers: {
+          'content-type': 'application/javascript; charset=utf-8',
+          'cache-control': DOCS_ASSET_CACHE_CONTROL,
+        },
+      });
+    }
+    if (this.openapiConfig.docs.enabled && pathname === OPENAPI_LOGO_DARK_ASSET_PATH) {
+      if (!OPENAPI_LOGO_DARK_ASSET_FILE) {
+        if (!this.openapiLogoDarkMissingLogged) {
+          this.openapiLogoDarkMissingLogged = true;
+          console.warn('[OpenAPI] Missing docs runtime asset "logo_dark.svg".');
         }
+        return new Response('OpenAPI docs runtime asset missing: logo_dark.svg', {
+          status: 404,
+          headers: {
+            'content-type': 'text/plain; charset=utf-8',
+            'cache-control': DOCS_ASSET_ERROR_CACHE_CONTROL,
+          },
+        });
       }
+      return new Response(OPENAPI_LOGO_DARK_ASSET_FILE, {
+        status: 200,
+        headers: {
+          'content-type': 'image/svg+xml; charset=utf-8',
+          'cache-control': DOCS_ASSET_CACHE_CONTROL,
+        },
+      });
+    }
+    if (this.openapiConfig.docs.enabled && pathname === OPENAPI_LOGO_WHITE_ASSET_PATH) {
+      if (!OPENAPI_LOGO_WHITE_ASSET_FILE) {
+        if (!this.openapiLogoWhiteMissingLogged) {
+          this.openapiLogoWhiteMissingLogged = true;
+          console.warn('[OpenAPI] Missing docs runtime asset "logo_white.svg".');
+        }
+        return new Response('OpenAPI docs runtime asset missing: logo_white.svg', {
+          status: 404,
+          headers: {
+            'content-type': 'text/plain; charset=utf-8',
+            'cache-control': DOCS_ASSET_ERROR_CACHE_CONTROL,
+          },
+        });
+      }
+      return new Response(OPENAPI_LOGO_WHITE_ASSET_FILE, {
+        status: 200,
+        headers: {
+          'content-type': 'image/svg+xml; charset=utf-8',
+          'cache-control': DOCS_ASSET_CACHE_CONTROL,
+        },
+      });
     }
+    if (this.openapiConfig.docs.enabled) {
+      const faviconAsset = OPENAPI_FAVICON_ASSETS.find((asset) => asset.path === pathname);
+      if (faviconAsset) {
+        if (!faviconAsset.file) {
+          return new Response(`OpenAPI docs runtime asset missing: ${faviconAsset.filename}`, {
+            status: 404,
+            headers: {
+              'content-type': 'text/plain; charset=utf-8',
+              'cache-control': DOCS_ASSET_ERROR_CACHE_CONTROL,
+            },
+          });
+        }
+        return new Response(faviconAsset.file, {
+          status: 200,
+          headers: {
+            'content-type': faviconAsset.contentType,
+            'cache-control': DOCS_ASSET_CACHE_CONTROL,
+          },
+        });
+      }
+    }
+    return null;
   }
   private normalizeCorsOptions(options: CorsOptions): any {
@@ -53,33 +618,45 @@ export class VectorServer<TTypes extends VectorTypes = DefaultVectorTypes> {
     };
   }
+  private applyCors(response: Response, request?: Request): Response {
+    if (this.corsHeadersEntries) {
+      for (const [k, v] of this.corsHeadersEntries) {
+        response.headers.set(k, v);
+      }
+      return response;
+    }
+    if (this.corsHandler && request) {
+      return this.corsHandler.corsify(response, request);
+    }
+    return response;
+  }
   async start(): Promise<Server> {
-    const port = this.config.port || 3000;
+    const port = this.config.port ?? 3000;
     const hostname = this.config.hostname || 'localhost';
-    const fetch = async (request: Request): Promise<Response> => {
+    this.validateReservedOpenAPIPaths();
+    const fallbackFetch = async (request: Request): Promise<Response> => {
       try {
-        // Handle CORS preflight
+        // Handle CORS preflight for any path
         if (this.corsHandler && request.method === 'OPTIONS') {
           return this.corsHandler.preflight(request);
         }
-        // Try to handle the request with our router
-        let response = await this.router.handle(request);
-        // Apply CORS headers if configured
-        if (this.corsHeaders) {
-          for (const [k, v] of Object.entries(this.corsHeaders)) {
-            response.headers.set(k, v);
-          }
-        } else if (this.corsHandler) {
-          response = this.corsHandler.corsify(response, request);
+        // Handle built-in docs endpoints for requests that fell through the Bun route table.
+        const openapiResponse = this.tryHandleOpenAPIRequest(request);
+        if (openapiResponse) {
+          return this.applyCors(openapiResponse, request);
         }
-        return response;
+        // No route matched — return 404
+        return this.applyCors(STATIC_RESPONSES.NOT_FOUND.clone() as unknown as Response, request);
       } catch (error) {
         console.error('Server error:', error);
-        return new Response('Internal Server Error', { status: 500 });
+        return this.applyCors(new Response('Internal Server Error', { status: 500 }), request);
       }
     };
@@ -88,24 +665,21 @@ export class VectorServer<TTypes extends VectorTypes = DefaultVectorTypes> {
         port,
         hostname,
         reusePort: this.config.reusePort !== false,
-        fetch,
-        idleTimeout: this.config.idleTimeout || 60,
-        error: (error) => {
+        routes: this.router.getRouteTable(),
+        fetch: fallbackFetch,
+        idleTimeout: this.config.idleTimeout ?? 60,
+        error: (error, request?: Request) => {
           console.error('[ERROR] Server error:', error);
-          return new Response('Internal Server Error', { status: 500 });
+          return this.applyCors(new Response('Internal Server Error', { status: 500 }), request);
         },
       });
-      // Validate that the server actually started
       if (!this.server || !this.server.port) {
         throw new Error(`Failed to start server on ${hostname}:${port} - server object is invalid`);
       }
-      // Server logs are handled by CLI
       return this.server;
     } catch (error: any) {
-      // Enhance error message with context for common issues
       if (error.code === 'EADDRINUSE' || error.message?.includes('address already in use')) {
         error.message = `Port ${port} is already in use`;
         error.port = port;
@@ -125,6 +699,9 @@ export class VectorServer<TTypes extends VectorTypes = DefaultVectorTypes> {
     if (this.server) {
       this.server.stop();
       this.server = null;
+      this.openapiDocCache = null;
+      this.openapiDocsHtmlCache = null;
+      this.openapiWarningsLogged = false;
       console.log('Server stopped');
     }
   }
@@ -134,7 +711,7 @@ export class VectorServer<TTypes extends VectorTypes = DefaultVectorTypes> {
   }
   getPort(): number {
-    return this.server?.port || this.config.port || 3000;
+    return this.server?.port ?? this.config.port ?? 3000;
   }
   getHostname(): string {