zero-http 0.2.5 → 0.3.1

package/documentation/public/data/docs.json

@@ -0,0 +1,1139 @@
+[
+  {
+    "section": "Getting Started",
+    "icon": "rocket",
+    "items": [
+      {
+        "name": "Installation",
+        "description": "Install zero-http from npm. No external dependencies are required — everything is built in.",
+        "example": "npm install zero-http",
+        "exampleLang": "bash",
+        "tips": [
+          "zero-http has zero runtime dependencies — npm install is all you need.",
+          "Requires Node.js 18+ (uses crypto.randomUUID, structuredClone, etc.).",
+          "TypeScript definitions are included in the package under types/."
+        ]
+      },
+      {
+        "name": "Quickstart",
+        "description": "Create a minimal server with JSON parsing and static file serving in under 10 lines.",
+        "example": "const { createApp, json, static: serveStatic } = require('zero-http')\nconst path = require('path')\nconst app = createApp()\n\napp.use(json({ limit: '10kb' }))\napp.use(serveStatic(path.join(__dirname, 'public'), { index: 'index.html' }))\n\napp.get('/ping', (req, res) => res.json({ pong: true }))\n\napp.listen(3000, () => {\n\tconsole.log('Server listening on http://localhost:3000')\n})",
+        "tips": [
+          "Middleware runs in registration order — add parsers before route handlers.",
+          "All route methods (get, post, put, etc.) return the app, so you can chain them.",
+          "Use app.onError() to register a global error handler for uncaught errors."
+        ]
+      },
+      {
+        "name": "Full-Featured Server",
+        "description": "A complete production-ready skeleton combining security headers, CSRF, cookies, timeouts, request IDs, logging, CORS, compression, body parsing, rate limiting, validation, static serving, WebSocket, SSE, Router sub-apps, app settings, and error handling.",
+        "example": "const path = require('path')\nconst { createApp, cors, json, urlencoded, text, compress, helmet, timeout,\n\trequestId, cookieParser, csrf, validate, rateLimit, logger,\n\tstatic: serveStatic, Router, WebSocketPool } = require('zero-http')\n\nconst app = createApp()\n\n// App settings\napp.set('env', process.env.NODE_ENV || 'development')\napp.locals.appName = 'My App'\n\n// Middleware stack (order matters!)\napp.use(requestId())    // tag every request with a unique ID\napp.use(logger())       // log method, url, status, response time\napp.use(helmet())       // security headers (CSP, HSTS, X-Frame, etc.)\napp.use(cors())         // CORS with preflight handling\napp.use(compress())     // brotli/gzip/deflate response compression\napp.use(timeout(30000)) // 30s timeout → 408\napp.use(rateLimit())    // 100 req/min per IP\napp.use(cookieParser('my-secret'))  // signed cookies\napp.use(json({ limit: '1mb' }))     // JSON body parser\napp.use(urlencoded({ extended: true })) // form body parser\napp.use(text())         // plain text parser\napp.use(csrf())         // CSRF protection\napp.use(serveStatic(path.join(__dirname, 'public')))\n\n// API routes\nconst api = Router()\napi.get('/health', (req, res) => res.json({ status: 'ok', id: req.id }))\napi.post('/users', validate({\n\tbody: {\n\t\tname:  { type: 'string', required: true, minLength: 2 },\n\t\temail: { type: 'email', required: true }\n\t}\n}), (req, res) => res.status(201).json(req.body))\napp.use('/api', api)\n\n// WebSocket with rooms\nconst pool = new WebSocketPool()\napp.ws('/chat', (ws, req) => {\n\tpool.add(ws)\n\tpool.join(ws, 'general')\n\tws.on('message', msg => pool.toRoom('general', msg, ws))\n})\n\n// SSE\napp.get('/events', (req, res) => {\n\tconst sse = res.sse({ retry: 3000, autoId: true })\n\tsse.send('connected')\n\tsse.on('close', () => console.log('bye'))\n})\n\napp.onError((err, req, res) => {\n\tres.status(500).json({ error: err.message, requestId: req.id })\n})\n\napp.listen(3000)",
+        "tips": [
+          "Always place parsers (json, urlencoded) before route handlers.",
+          "helmet() should come early in the middleware stack to set security headers on all responses.",
+          "cookieParser must come before csrf() since CSRF reads the cookie token."
+        ]
+      }
+    ]
+  },
+  {
+    "section": "Core",
+    "icon": "box",
+    "items": [
+      {
+        "name": "createApp",
+        "description": "Creates an application instance — the central object for registering middleware, routes, and settings. Supports Express-like set/get, enable/disable, locals, param handlers, groups, chaining, and route introspection.",
+        "methods": [
+          { "method": "use", "signature": "use([path], ...handlers)", "description": "Register middleware or mount a Router at a prefix. Runs in registration order." },
+          { "method": "get", "signature": "get(path, [opts], ...handlers)", "description": "Register a GET route handler. Also: app.get(key) returns an app setting." },
+          { "method": "post", "signature": "post(path, [opts], ...handlers)", "description": "Register a POST route handler." },
+          { "method": "put", "signature": "put(path, [opts], ...handlers)", "description": "Register a PUT route handler." },
+          { "method": "delete", "signature": "delete(path, [opts], ...handlers)", "description": "Register a DELETE route handler." },
+          { "method": "patch", "signature": "patch(path, [opts], ...handlers)", "description": "Register a PATCH route handler." },
+          { "method": "options", "signature": "options(path, [opts], ...handlers)", "description": "Register an OPTIONS route handler." },
+          { "method": "head", "signature": "head(path, [opts], ...handlers)", "description": "Register a HEAD route handler." },
+          { "method": "all", "signature": "all(path, [opts], ...handlers)", "description": "Register a handler for ALL HTTP methods." },
+          { "method": "ws", "signature": "ws(path, [opts], handler)", "description": "Register a WebSocket upgrade handler. See Real-Time → WebSocket." },
+          { "method": "set", "signature": "set(key, value)", "description": "Set an application setting (also used as get(key) to retrieve)." },
+          { "method": "enable", "signature": "enable(key)", "description": "Set a boolean setting to true." },
+          { "method": "disable", "signature": "disable(key)", "description": "Set a boolean setting to false." },
+          { "method": "enabled", "signature": "enabled(key)", "description": "Check if a setting is truthy." },
+          { "method": "disabled", "signature": "disabled(key)", "description": "Check if a setting is falsy." },
+          { "method": "locals", "signature": "locals", "description": "A plain object for storing application-wide data. Merged into req.locals on each request." },
+          { "method": "param", "signature": "param(name, handler)", "description": "Register a parameter handler that fires when :name appears in a route." },
+          { "method": "group", "signature": "group(prefix, [...middleware], fn)", "description": "Group routes under a prefix with shared middleware." },
+          { "method": "chain", "signature": "chain(path)", "description": "Start a route chain for a single path. Returns { get, post, put, delete, ... }." },
+          { "method": "routes", "signature": "routes()", "description": "Return the full route table for introspection/debugging." },
+          { "method": "onError", "signature": "onError(handler)", "description": "Register a global error handler: (err, req, res, next) => {}." },
+          { "method": "listen", "signature": "listen(port, [tlsOpts], [cb])", "description": "Start the HTTP(S) server. Pass TLS options for HTTPS." },
+          { "method": "close", "signature": "close()", "description": "Shut down the server." },
+          { "method": "handler", "signature": "handler", "description": "The raw (req, res) handler for use with custom HTTP servers." }
+        ],
+        "example": "const { createApp, json } = require('zero-http')\nconst app = createApp()\n\n// App settings\napp.set('env', 'production')\napp.enable('trust proxy')\nconsole.log(app.get('env'))            // 'production'\nconsole.log(app.enabled('trust proxy')) // true\n\n// Shared locals\napp.locals.appName = 'My API'\n\n// Route chaining\napp.get('/', (req, res) => res.json({ app: req.locals.appName }))\n   .get('/health', (req, res) => res.sendStatus(200))\n\n// Route groups with shared middleware\napp.group('/api/v1', json(), (router) => {\n\trouter.get('/users', (req, res) => res.json([]))\n\trouter.post('/users', (req, res) => res.status(201).json(req.body))\n})\n\n// Param handlers\napp.param('id', (req, res, next, value) => {\n\tif (!/^\\d+$/.test(value)) return res.status(400).json({ error: 'Invalid ID' })\n\tnext()\n})\n\napp.listen(3000)",
+        "tips": [
+          "All route methods (get, post, etc.) return the app instance, allowing chaining.",
+          "app.set('key', value) and app.get('key') share a dual-purpose API like Express.",
+          "The { secure: true } route option rejects non-HTTPS requests with 403."
+        ]
+      },
+      {
+        "name": "Router",
+        "description": "Creates a standalone modular router instance for organizing routes into sub-apps. Mount routers with app.use(prefix, router). Supports all the same route methods as createApp, plus route chaining and introspection.",
+        "methods": [
+          { "method": "get", "signature": "get(path, [opts], ...handlers)", "description": "Register a GET route on this router." },
+          { "method": "post", "signature": "post(path, [opts], ...handlers)", "description": "Register a POST route." },
+          { "method": "put", "signature": "put(path, [opts], ...handlers)", "description": "Register a PUT route." },
+          { "method": "delete", "signature": "delete(path, [opts], ...handlers)", "description": "Register a DELETE route." },
+          { "method": "patch", "signature": "patch(path, [opts], ...handlers)", "description": "Register a PATCH route." },
+          { "method": "options", "signature": "options(path, [opts], ...handlers)", "description": "Register an OPTIONS route." },
+          { "method": "head", "signature": "head(path, [opts], ...handlers)", "description": "Register a HEAD route." },
+          { "method": "all", "signature": "all(path, [opts], ...handlers)", "description": "Register a handler for all HTTP methods." },
+          { "method": "use", "signature": "use([prefix], handler)", "description": "Mount middleware or a nested router." },
+          { "method": "route", "signature": "route(path)", "description": "Create a route chain: router.route('/items').get(fn).post(fn)." },
+          { "method": "routes", "signature": "routes()", "description": "Return the route table for this router." }
+        ],
+        "example": "const { createApp, Router, json } = require('zero-http')\nconst app = createApp()\napp.use(json())\n\nconst users = Router()\nusers.get('/', (req, res) => res.json([]))\nusers.get('/:id', (req, res) => res.json({ id: req.params.id }))\nusers.post('/', (req, res) => res.status(201).json(req.body))\n\nconst posts = Router()\nposts.route('/')\n\t.get((req, res) => res.json([]))\n\t.post((req, res) => res.status(201).json(req.body))\nposts.get('/:id', (req, res) => res.json({ id: req.params.id }))\n\napp.use('/api/users', users)\napp.use('/api/posts', posts)\n\napp.get('/debug/routes', (req, res) => res.json(app.routes()))\n\napp.listen(3000)",
+        "tips": [
+          "Routers can be nested — mount a Router inside another Router.",
+          "Use app.routes() to see the full merged route table for debugging.",
+          "The { secure } route option works on router-level routes too."
+        ]
+      },
+      {
+        "name": "Request",
+        "description": "The request object wraps Node's IncomingMessage with Express-compatible properties and helpers. Available as the first argument to every route handler and middleware.",
+        "methods": [
+          { "method": "method", "signature": "req.method", "description": "HTTP method string ('GET', 'POST', etc.)." },
+          { "method": "url", "signature": "req.url", "description": "Full URL including query string." },
+          { "method": "path", "signature": "req.path", "description": "URL path without query string." },
+          { "method": "headers", "signature": "req.headers", "description": "Lower-cased request headers object." },
+          { "method": "query", "signature": "req.query", "description": "Parsed query-string key/value pairs." },
+          { "method": "params", "signature": "req.params", "description": "Route parameters from path segments (e.g. /:id)." },
+          { "method": "body", "signature": "req.body", "description": "Request body (populated by body-parsing middleware)." },
+          { "method": "cookies", "signature": "req.cookies", "description": "Parsed cookies (populated by cookieParser)." },
+          { "method": "signedCookies", "signature": "req.signedCookies", "description": "Verified signed cookies (populated by cookieParser with a secret)." },
+          { "method": "secret", "signature": "req.secret", "description": "First signing secret (set by cookieParser). Used by res.cookie({ signed: true })." },
+          { "method": "ip", "signature": "req.ip", "description": "Remote IP address." },
+          { "method": "secure", "signature": "req.secure", "description": "true if the connection is over TLS." },
+          { "method": "protocol", "signature": "req.protocol", "description": "'https' or 'http'." },
+          { "method": "hostname", "signature": "req.hostname", "description": "Hostname from the Host header." },
+          { "method": "subdomains", "signature": "req.subdomains([offset])", "description": "Array of subdomains (offset defaults to 2)." },
+          { "method": "originalUrl", "signature": "req.originalUrl", "description": "Original URL as received — never rewritten by middleware." },
+          { "method": "baseUrl", "signature": "req.baseUrl", "description": "The URL prefix on which the current router was mounted." },
+          { "method": "locals", "signature": "req.locals", "description": "Request-scoped data store (merged from app.locals)." },
+          { "method": "id", "signature": "req.id", "description": "Unique request ID (set by requestId middleware)." },
+          { "method": "get", "signature": "req.get(name)", "description": "Get a request header (case-insensitive)." },
+          { "method": "is", "signature": "req.is(type)", "description": "Check if Content-Type matches (e.g. req.is('json'))." },
+          { "method": "accepts", "signature": "req.accepts(...types)", "description": "Content negotiation — which types the client accepts." },
+          { "method": "fresh", "signature": "req.fresh", "description": "true if the client cache is still valid (ETag/Last-Modified)." },
+          { "method": "stale", "signature": "req.stale", "description": "Inverse of fresh." },
+          { "method": "xhr", "signature": "req.xhr", "description": "true if X-Requested-With is XMLHttpRequest." },
+          { "method": "range", "signature": "req.range(size)", "description": "Parse the Range header. Returns object or -1/-2." },
+          { "method": "raw", "signature": "req.raw", "description": "The original Node IncomingMessage." }
+        ],
+        "tips": [
+          "req.query is always an object — even if no query string is present, it defaults to {}.",
+          "req.body is undefined until a body-parsing middleware populates it.",
+          "req.locals persists for the life of the request — use it to pass data between middleware."
+        ]
+      },
+      {
+        "name": "Response",
+        "description": "The response object wraps Node's ServerResponse with chainable methods for setting status codes, headers, cookies, and sending various response types. Available as the second argument to every route handler.",
+        "methods": [
+          { "method": "status", "signature": "res.status(code)", "description": "Set the HTTP status code. Chainable." },
+          { "method": "set", "signature": "res.set(name, value)", "description": "Set a response header. Chainable." },
+          { "method": "get", "signature": "res.get(name)", "description": "Get a previously-set response header." },
+          { "method": "append", "signature": "res.append(name, value)", "description": "Append a value to a header." },
+          { "method": "vary", "signature": "res.vary(field)", "description": "Add a field to the Vary header." },
+          { "method": "type", "signature": "res.type(ct)", "description": "Set Content-Type. Chainable." },
+          { "method": "send", "signature": "res.send(body)", "description": "Send a response (string, Buffer, object, or null). Auto-sets Content-Type." },
+          { "method": "json", "signature": "res.json(obj)", "description": "Send a JSON response with Content-Type: application/json." },
+          { "method": "text", "signature": "res.text(str)", "description": "Send a plain text response." },
+          { "method": "html", "signature": "res.html(str)", "description": "Send an HTML response." },
+          { "method": "sendStatus", "signature": "res.sendStatus(code)", "description": "Send only the status code with its reason phrase as body." },
+          { "method": "sendFile", "signature": "res.sendFile(path, [opts], [cb])", "description": "Stream a file as the response with appropriate Content-Type." },
+          { "method": "download", "signature": "res.download(path, [filename], [cb])", "description": "Prompt a file download with Content-Disposition header." },
+          { "method": "cookie", "signature": "res.cookie(name, value, [opts])", "description": "Set a cookie. Supports signed (auto-sign via req.secret), priority (Low/Medium/High), partitioned (CHIPS), and auto-serializes objects as JSON cookies (j: prefix). Chainable." },
+          { "method": "clearCookie", "signature": "res.clearCookie(name, [opts])", "description": "Clear a cookie by setting it to expire. Chainable." },
+          { "method": "redirect", "signature": "res.redirect([status], url)", "description": "Send a redirect response. Default status: 302." },
+          { "method": "format", "signature": "res.format(types)", "description": "Content negotiation — respond based on Accept header. Keys are MIME types." },
+          { "method": "links", "signature": "res.links(links)", "description": "Set the Link header from { rel: url } pairs. Chainable." },
+          { "method": "location", "signature": "res.location(url)", "description": "Set the Location header. Chainable." },
+          { "method": "sse", "signature": "res.sse([opts])", "description": "Open a Server-Sent Events stream. See Real-Time → SSE." },
+          { "method": "headersSent", "signature": "res.headersSent", "description": "true if headers have already been sent." },
+          { "method": "locals", "signature": "res.locals", "description": "Request-scoped data store." },
+          { "method": "raw", "signature": "res.raw", "description": "The original Node ServerResponse." }
+        ],
+        "options": [
+          { "option": "domain", "type": "string", "default": "—", "notes": "Cookie domain scope." },
+          { "option": "path", "type": "string", "default": "'/'", "notes": "Cookie URL path scope." },
+          { "option": "expires", "type": "Date | number", "default": "—", "notes": "Cookie expiration date." },
+          { "option": "maxAge", "type": "number", "default": "—", "notes": "Cookie lifetime in seconds." },
+          { "option": "httpOnly", "type": "boolean", "default": "false", "notes": "Restrict cookie to HTTP(S) only — no JavaScript access." },
+          { "option": "secure", "type": "boolean", "default": "false", "notes": "Send cookie only over HTTPS." },
+          { "option": "sameSite", "type": "string", "default": "—", "notes": "'Strict', 'Lax', or 'None'. Controls cross-site cookie behavior." },
+          { "option": "signed", "type": "boolean", "default": "false", "notes": "Auto-sign the cookie value using req.secret (set by cookieParser)." },
+          { "option": "priority", "type": "string", "default": "—", "notes": "'Low', 'Medium', or 'High'. Browser cookie eviction priority." },
+          { "option": "partitioned", "type": "boolean", "default": "false", "notes": "CHIPS partitioned attribute. Requires secure: true. Isolates cookies per top-level site." }
+        ],
+        "example": "app.get('/data', (req, res) => {\n\t// Content negotiation\n\tres.format({\n\t\t'text/html': () => res.html('<h1>Data</h1>'),\n\t\t'application/json': () => res.json({ data: true }),\n\t\t'text/plain': () => res.text('data'),\n\t\tdefault: () => res.status(406).json({ error: 'Not Acceptable' })\n\t})\n})\n\n// Chaining\nres.status(201).set('X-Custom', 'value').json({ ok: true })\n\n// Cookies with new features\nres.cookie('session', 'abc', { signed: true, httpOnly: true, secure: true })\nres.cookie('prefs', { theme: 'dark' }, { maxAge: 86400 }) // auto JSON\nres.cookie('important', 'val', { priority: 'High', partitioned: true })",
+        "tips": [
+          "res.cookie() with signed: true requires cookieParser to be configured with a secret.",
+          "Object values passed to res.cookie() are auto-serialized with the j: prefix for JSON cookies.",
+          "res.send(object) calls res.json() automatically — you can use either interchangeably."
+        ]
+      }
+    ]
+  },
+  {
+    "section": "Body Parsers",
+    "icon": "parse",
+    "items": [
+      {
+        "name": "json",
+        "description": "Parses JSON request bodies into req.body. Matches Content-Type application/json by default. Supports size limits, strict mode (reject non-object/array roots), and custom reviver functions.",
+        "options": [
+          { "option": "limit", "type": "string | number", "default": "'1mb'", "notes": "Maximum body size (e.g. '10kb', '5mb', or bytes as number)." },
+          { "option": "strict", "type": "boolean", "default": "true", "notes": "Reject payloads whose root is not an object or array." },
+          { "option": "reviver", "type": "function", "default": "—", "notes": "JSON.parse reviver function for custom deserialization." },
+          { "option": "type", "type": "string | function", "default": "'application/json'", "notes": "Content-Type to match. Can be a function returning boolean." },
+          { "option": "requireSecure", "type": "boolean", "default": "false", "notes": "Reject non-HTTPS requests with 403." }
+        ],
+        "example": "const { createApp, json } = require('zero-http')\nconst app = createApp()\n\napp.use(json({ limit: '10kb', strict: true }))\n\napp.post('/data', (req, res) => {\n\tconsole.log(req.body) // parsed JSON object\n\tres.json({ received: req.body })\n})",
+        "tips": [
+          "With strict: true (default), primitives like '\"hello\"' or '42' are rejected — only {} and [] are allowed.",
+          "The limit option accepts human-readable strings: '100kb', '1mb', '500b'.",
+          "Use requireSecure: true on sensitive endpoints to enforce HTTPS-only body submission."
+        ]
+      },
+      {
+        "name": "urlencoded",
+        "description": "Parses URL-encoded form bodies (application/x-www-form-urlencoded) into req.body. Supports nested object parsing with the extended option.",
+        "options": [
+          { "option": "extended", "type": "boolean", "default": "false", "notes": "Enable nested bracket parsing (e.g. user[name]=Alice → { user: { name: 'Alice' } })." },
+          { "option": "limit", "type": "string | number", "default": "'1mb'", "notes": "Maximum body size." },
+          { "option": "type", "type": "string | function", "default": "'application/x-www-form-urlencoded'", "notes": "Content-Type to match." },
+          { "option": "requireSecure", "type": "boolean", "default": "false", "notes": "Reject non-HTTPS requests with 403." }
+        ],
+        "example": "const { createApp, urlencoded } = require('zero-http')\nconst app = createApp()\n\napp.use(urlencoded({ extended: true }))\n\napp.post('/form', (req, res) => {\n\tconsole.log(req.body) // { name: 'Alice', age: '30' }\n\tres.json(req.body)\n})"
+      },
+      {
+        "name": "text",
+        "description": "Reads the raw request body as a UTF-8 string into req.body. Matches Content-Type text/* by default.",
+        "options": [
+          { "option": "type", "type": "string | function", "default": "'text/*'", "notes": "Content-Type to match." },
+          { "option": "limit", "type": "string | number", "default": "'1mb'", "notes": "Maximum body size." },
+          { "option": "encoding", "type": "string", "default": "'utf8'", "notes": "Character encoding." },
+          { "option": "requireSecure", "type": "boolean", "default": "false", "notes": "Reject non-HTTPS requests with 403." }
+        ],
+        "example": "const { createApp, text } = require('zero-http')\nconst app = createApp()\n\napp.use(text())\n\napp.post('/log', (req, res) => {\n\tconsole.log(typeof req.body) // 'string'\n\tres.text('Received: ' + req.body)\n})"
+      },
+      {
+        "name": "raw",
+        "description": "Reads the raw request body as a Buffer into req.body. Useful for binary data, webhooks, or custom protocols.",
+        "options": [
+          { "option": "type", "type": "string | function", "default": "'application/octet-stream'", "notes": "Content-Type to match." },
+          { "option": "limit", "type": "string | number", "default": "'1mb'", "notes": "Maximum body size." },
+          { "option": "requireSecure", "type": "boolean", "default": "false", "notes": "Reject non-HTTPS requests with 403." }
+        ],
+        "example": "const { createApp, raw } = require('zero-http')\nconst app = createApp()\n\napp.use(raw({ type: 'application/octet-stream', limit: '5mb' }))\n\napp.post('/webhook', (req, res) => {\n\tconsole.log(Buffer.isBuffer(req.body)) // true\n\tres.sendStatus(200)\n})"
+      },
+      {
+        "name": "multipart",
+        "description": "Streams multipart/form-data file uploads to disk and populates req.body with { fields, files }. Each file entry includes the original filename, stored path, content type, and size.",
+        "options": [
+          { "option": "dir", "type": "string", "default": "os.tmpdir() + '/zero-http-uploads'", "notes": "Upload directory. Created automatically if it doesn't exist." },
+          { "option": "maxFileSize", "type": "number", "default": "—", "notes": "Maximum file size in bytes. Rejects oversized files with 413." },
+          { "option": "requireSecure", "type": "boolean", "default": "false", "notes": "Reject non-HTTPS requests with 403." }
+        ],
+        "example": "const path = require('path')\nconst { createApp, multipart } = require('zero-http')\nconst app = createApp()\n\napp.post('/upload', multipart({\n\tdir: path.join(__dirname, 'uploads'),\n\tmaxFileSize: 10 * 1024 * 1024 // 10 MB\n}), (req, res) => {\n\tres.json({\n\t\tfiles: req.body.files,   // [{ originalFilename, storedName, path, contentType, size }]\n\t\tfields: req.body.fields  // { description: 'My photo' }\n\t})\n})",
+        "tips": [
+          "Files are streamed to disk, not buffered in memory — safe for large uploads.",
+          "The upload directory is created automatically if it doesn't exist.",
+          "Each file object contains: originalFilename, storedName, path, contentType, size."
+        ]
+      }
+    ]
+  },
+  {
+    "section": "Middleware",
+    "icon": "layers",
+    "items": [
+      {
+        "name": "cors",
+        "description": "CORS middleware with automatic preflight handling. Supports exact origins, subdomain matching with dot-prefix syntax, credentials, and configurable allowed methods/headers.",
+        "options": [
+          { "option": "origin", "type": "string | string[]", "default": "'*'", "notes": "Allowed origins. Use '.example.com' for subdomain wildcards." },
+          { "option": "methods", "type": "string", "default": "'GET,POST,PUT,DELETE,PATCH,OPTIONS'", "notes": "Allowed HTTP methods." },
+          { "option": "allowedHeaders", "type": "string", "default": "—", "notes": "Allowed request headers." },
+          { "option": "exposedHeaders", "type": "string", "default": "—", "notes": "Headers exposed to the browser." },
+          { "option": "credentials", "type": "boolean", "default": "false", "notes": "Allow credentials (cookies, auth headers)." },
+          { "option": "maxAge", "type": "number", "default": "—", "notes": "Preflight cache duration in seconds." }
+        ],
+        "example": "const { createApp, cors, json } = require('zero-http')\nconst app = createApp()\n\napp.use(cors({\n\torigin: [\n\t\t'https://mysite.com',     // exact match\n\t\t'.mysite.com'             // matches api.mysite.com, www.mysite.com, etc.\n\t],\n\tcredentials: true,\n\tmethods: 'GET,POST,PUT,DELETE'\n}))\napp.use(json())\n\napp.get('/data', (req, res) => res.json({ secure: true }))",
+        "tips": [
+          "Use the dot-prefix '.example.com' to match all subdomains without listing each one.",
+          "When credentials: true, origin cannot be '*' — you must specify explicit origins.",
+          "Preflight OPTIONS requests are handled automatically — no extra route needed."
+        ]
+      },
+      {
+        "name": "compress",
+        "description": "Response compression middleware. Auto-negotiates the best encoding (brotli > gzip > deflate) based on the client's Accept-Encoding header. Brotli preferred when available (Node 11.7+). Automatically skips SSE streams.",
+        "options": [
+          { "option": "threshold", "type": "number", "default": "1024", "notes": "Minimum body size in bytes to compress." },
+          { "option": "level", "type": "number", "default": "-1 (zlib default)", "notes": "Compression level." },
+          { "option": "filter", "type": "function", "default": "—", "notes": "Return false to skip compression: (req, res) => boolean." }
+        ],
+        "example": "const { createApp, compress, json } = require('zero-http')\nconst app = createApp()\n\napp.use(compress({ threshold: 512, level: 6 }))\napp.use(json())\n\napp.get('/big', (req, res) => {\n\tres.json({ data: 'x'.repeat(10000) }) // compressed\n})\n\napp.get('/small', (req, res) => {\n\tres.json({ ok: true }) // below threshold — sent raw\n})",
+        "tips": [
+          "Brotli typically achieves 15-25% better compression than gzip at similar speeds.",
+          "SSE streams are automatically excluded from compression.",
+          "Set threshold: 0 to compress everything, but very small responses don't benefit."
+        ]
+      },
+      {
+        "name": "helmet",
+        "description": "Security headers middleware. Sets Content-Security-Policy, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and 11 more headers. Every header can be individually configured or disabled with false.",
+        "options": [
+          { "option": "contentSecurityPolicy", "type": "object | false", "default": "default policy", "notes": "CSP directives or false to disable." },
+          { "option": "frameguard", "type": "string | false", "default": "'deny'", "notes": "'deny', 'sameorigin', or false." },
+          { "option": "hsts", "type": "boolean | false", "default": "true", "notes": "Strict-Transport-Security header." },
+          { "option": "hstsMaxAge", "type": "number", "default": "15552000", "notes": "HSTS max-age in seconds (180 days)." },
+          { "option": "noSniff", "type": "boolean", "default": "true", "notes": "X-Content-Type-Options: nosniff." },
+          { "option": "referrerPolicy", "type": "string | false", "default": "'no-referrer'", "notes": "Referrer-Policy header value." },
+          { "option": "hidePoweredBy", "type": "boolean", "default": "true", "notes": "Remove X-Powered-By header." },
+          { "option": "xssFilter", "type": "boolean", "default": "false", "notes": "Legacy X-XSS-Protection header." }
+        ],
+        "example": "const { createApp, helmet, json } = require('zero-http')\nconst app = createApp()\n\n// Sensible defaults\napp.use(helmet())\n\n// Custom CSP + disable HSTS\napp.use(helmet({\n\tcontentSecurityPolicy: {\n\t\tdefaultSrc: [\"'self'\"],\n\t\tscriptSrc: [\"'self'\", 'cdn.example.com'],\n\t\timgSrc: [\"'self'\", 'data:', '*.cloudfront.net']\n\t},\n\thsts: false,\n\tframeguard: 'sameorigin'\n}))",
+        "tips": [
+          "helmet() with no options gives you a strong security baseline out of the box.",
+          "Set any header to false to disable it individually.",
+          "CSP headers are critical for preventing XSS — always configure explicitly for production apps."
+        ]
+      },
+      {
+        "name": "static",
+        "description": "Serves static files from a directory with automatic Content-Type detection (60+ MIME types), cache headers, dotfile protection, and HTML extension fallback.",
+        "options": [
+          { "option": "index", "type": "string | false", "default": "'index.html'", "notes": "Default file for directory requests. Set false to disable." },
+          { "option": "maxAge", "type": "number", "default": "0", "notes": "Cache-Control max-age in milliseconds." },
+          { "option": "dotfiles", "type": "string", "default": "'ignore'", "notes": "'allow', 'deny', or 'ignore'. Controls access to dotfiles." },
+          { "option": "extensions", "type": "string[]", "default": "—", "notes": "Try these extensions if the file isn't found (e.g. ['html', 'htm'])." },
+          { "option": "setHeaders", "type": "function", "default": "—", "notes": "Custom header setter: (res, filePath) => {}." }
+        ],
+        "example": "const path = require('path')\nconst { createApp, static: serveStatic } = require('zero-http')\nconst app = createApp()\n\napp.use(serveStatic(path.join(__dirname, 'public'), {\n\tindex: 'index.html',\n\tmaxAge: 3600000,          // 1 hour\n\tdotfiles: 'ignore',\n\textensions: ['html', 'htm'],\n\tsetHeaders: (res, filePath) => {\n\t\tres.setHeader('X-Served-By', 'zero-http')\n\t}\n}))",
+        "tips": [
+          "'static' is a reserved word in JavaScript — import as: const { static: serveStatic } = require('zero-http').",
+          "Set maxAge to at least 1 hour (3600000ms) in production for cache performance.",
+          "dotfiles: 'deny' returns 403 for requests like /.env or /.git — use in production."
+        ]
+      },
+      {
+        "name": "rateLimit",
+        "description": "Per-IP rate limiter middleware. Tracks request counts in a sliding window and returns 429 Too Many Requests when exceeded. Sets X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, and Retry-After headers.",
+        "options": [
+          { "option": "windowMs", "type": "number", "default": "60000", "notes": "Time window in milliseconds (default: 1 minute)." },
+          { "option": "max", "type": "number", "default": "100", "notes": "Maximum requests per window per IP." },
+          { "option": "message", "type": "string", "default": "—", "notes": "Custom error message for rate-limited responses." },
+          { "option": "statusCode", "type": "number", "default": "429", "notes": "HTTP status code for rate-limited responses." },
+          { "option": "keyGenerator", "type": "function", "default": "req => req.ip", "notes": "Custom key extraction function for grouping requests." },
+          { "option": "skip", "type": "function", "default": "—", "notes": "(req) => boolean. Return true to skip rate limiting for the request (e.g. whitelisted IPs or admin users)." },
+          { "option": "handler", "type": "function", "default": "—", "notes": "(req, res) => void. Custom handler for rate-limited requests instead of the default JSON error response." }
+        ],
+        "example": "const { createApp, json, rateLimit } = require('zero-http')\nconst app = createApp()\n\n// Global: 200 req/min per IP\napp.use(rateLimit({ windowMs: 60000, max: 200 }))\napp.use(json())\n\n// Login: 5 attempts per minute\napp.post('/login', rateLimit({\n\twindowMs: 60000,\n\tmax: 5,\n\tmessage: 'Too many login attempts'\n}), (req, res) => {\n\tres.json({ ok: true })\n})",
+        "tips": [
+          "Apply strict limits to authentication endpoints (5-10 per minute).",
+          "Rate limit headers (X-RateLimit-*) are set automatically for all responses.",
+          "Use keyGenerator to rate-limit by API key instead of IP for authenticated APIs.",
+          "Use skip to bypass rate limiting for trusted clients: skip: (req) => req.ip === '127.0.0.1'.",
+          "Use handler to customize the rate-limited response (e.g. redirect, HTML page, or custom JSON)."
+        ]
+      },
+      {
+        "name": "timeout",
+        "description": "Request timeout middleware. If a handler doesn't respond within the specified duration, automatically sends a 408 response and sets req.timedOut to true.",
+        "options": [
+          { "option": "status", "type": "number", "default": "408", "notes": "HTTP status code for timeout responses." },
+          { "option": "message", "type": "string", "default": "'Request Timeout'", "notes": "Error message body." }
+        ],
+        "example": "const { createApp, timeout } = require('zero-http')\nconst app = createApp()\n\napp.use(timeout(10000)) // 10s timeout\n\napp.get('/slow', async (req, res) => {\n\tawait new Promise(r => setTimeout(r, 15000))\n\tif (req.timedOut) return // already sent 408\n\tres.json({ data: 'done' })\n})",
+        "tips": [
+          "Always check req.timedOut before responding in long-running handlers.",
+          "Set different timeouts per route by applying timeout() as route middleware.",
+          "30 seconds is a reasonable default for most APIs."
+        ]
+      },
+      {
+        "name": "requestId",
+        "description": "Generates a unique request ID (UUID v4 by default) for each request. Sets req.id and adds the ID as a response header for log correlation.",
+        "options": [
+          { "option": "header", "type": "string", "default": "'X-Request-Id'", "notes": "Response header name." },
+          { "option": "generator", "type": "function", "default": "crypto.randomUUID", "notes": "Custom ID generator function." },
+          { "option": "trustProxy", "type": "boolean", "default": "false", "notes": "Trust incoming X-Request-Id from upstream proxies." }
+        ],
+        "example": "const { createApp, requestId, logger } = require('zero-http')\nconst app = createApp()\n\napp.use(requestId()) // sets req.id + X-Request-Id header\napp.use(logger())    // logs include the request ID\n\napp.get('/info', (req, res) => {\n\tres.json({ requestId: req.id })\n})"
+      },
+      {
+        "name": "logger",
+        "description": "Request logger middleware with response timing. Logs method, URL, status code, and response time in configurable formats with optional colorized output.",
+        "options": [
+          { "option": "format", "type": "string", "default": "'dev'", "notes": "'dev' (verbose), 'short' (compact), or 'tiny' (minimal)." },
+          { "option": "logger", "type": "function", "default": "console.log", "notes": "Custom log function (e.g. write to file)." },
+          { "option": "colors", "type": "boolean", "default": "auto (TTY detection)", "notes": "Colorize output." }
+        ],
+        "example": "const fs = require('fs')\nconst { createApp, logger } = require('zero-http')\nconst app = createApp()\n\n// Colorized dev output to stdout\napp.use(logger({ format: 'dev' }))\n\n// Or: append to a log file\napp.use(logger({\n\tformat: 'short',\n\tcolors: false,\n\tlogger: (msg) => fs.appendFileSync('access.log', msg + '\\n')\n}))"
+      }
+    ]
+  },
+  {
+    "section": "Cookies & Security",
+    "icon": "shield",
+    "items": [
+      {
+        "name": "cookieParser",
+        "description": "Cookie parsing middleware with timing-safe HMAC-SHA256 signature verification, JSON cookie support, secret rotation, and static helper methods. Parses the Cookie header into req.cookies and req.signedCookies. When a secret is provided, signed cookies (s: prefix) are verified using crypto.timingSafeEqual to prevent timing attacks. JSON cookies (j: prefix) are automatically parsed into objects. Exposes req.secret and req.secrets for downstream middleware like res.cookie({ signed: true }) and csrf().",
+        "methods": [
+          { "method": "sign", "signature": "cookieParser.sign(value, secret)", "description": "Sign a value with HMAC-SHA256. Returns 's:<value>.<signature>'." },
+          { "method": "unsign", "signature": "cookieParser.unsign(value, secrets)", "description": "Verify and unsign a signed cookie. Tries all provided secrets (rotation support). Returns the original value or false." },
+          { "method": "jsonCookie", "signature": "cookieParser.jsonCookie(value)", "description": "Serialize a value as a JSON cookie string: 'j:' + JSON.stringify(value)." },
+          { "method": "parseJSON", "signature": "cookieParser.parseJSON(str)", "description": "Parse a JSON cookie string (j: prefix). Returns parsed value or original string." }
+        ],
+        "options": [
+          { "option": "secret", "type": "string | string[]", "default": "—", "notes": "Signing secret. Pass an array for key rotation — newest first. When set, populates req.secret and req.secrets." },
+          { "option": "decode", "type": "boolean", "default": "true", "notes": "URI-decode cookie values." }
+        ],
+        "example": "const { createApp, cookieParser, json } = require('zero-http')\nconst app = createApp()\n\n// Basic setup with signing secret\napp.use(cookieParser('super-secret-key'))\napp.use(json())\n\n// Reading cookies\napp.get('/read', (req, res) => {\n\tres.json({\n\t\tcookies: req.cookies,           // { theme: 'dark', prefs: { lang: 'en' } }\n\t\tsigned: req.signedCookies,       // { session: 'abc123' }\n\t\tsecret: req.secret               // available for downstream use\n\t})\n})\n\n// Setting cookies with new features\napp.get('/set', (req, res) => {\n\t// Auto-sign using req.secret\n\tres.cookie('session', 'abc123', { signed: true, httpOnly: true, secure: true })\n\n\t// JSON cookie — objects auto-serialize with j: prefix\n\tres.cookie('prefs', { lang: 'en', theme: 'dark' }, { maxAge: 86400 })\n\n\t// Priority + Partitioned (CHIPS)\n\tres.cookie('important', 'value', { priority: 'High', partitioned: true, secure: true })\n\n\tres.json({ ok: true })\n})\n\n// Secret rotation — verify with old key, sign with new key\napp.use(cookieParser(['new-secret', 'old-secret']))\n\n// Static helpers for manual use\nconst signed = cookieParser.sign('data', 'secret')\nconst value = cookieParser.unsign(signed, ['secret'])  // 'data' or false\nconst parsed = cookieParser.jsonCookie({ a: 1 })        // 'j:{\"a\":1}'",
+        "tips": [
+          "Always use signed cookies for session tokens and sensitive data.",
+          "For key rotation, pass secrets as an array: ['new-key', 'old-key']. Cookies are verified against all secrets but signed with the first.",
+          "Signature verification uses crypto.timingSafeEqual() to prevent timing attacks — never downgrade to string comparison.",
+          "JSON cookies (j: prefix) are auto-parsed — no need to manually JSON.parse cookie values.",
+          "res.cookie() with signed: true requires cookieParser to be configured with a secret. It reads req.secret automatically.",
+          "The partitioned attribute (CHIPS) isolates cookies per top-level site — useful for third-party embedded widgets."
+        ]
+      },
+      {
+        "name": "csrf",
+        "description": "Double-submit cookie CSRF protection. Generates a cryptographically random token, stores it in a cookie, and validates it on state-changing requests. GET, HEAD, and OPTIONS are automatically skipped. Tokens can be sent via header, body (_csrf field), or query parameter.",
+        "options": [
+          { "option": "cookie", "type": "string", "default": "'_csrf'", "notes": "Cookie name for the CSRF token." },
+          { "option": "header", "type": "string", "default": "'x-csrf-token'", "notes": "Request header to check for the token." },
+          { "option": "saltLength", "type": "number", "default": "18", "notes": "Token salt length in bytes." },
+          { "option": "secret", "type": "string", "default": "auto-generated", "notes": "Secret for token generation. Auto-generated if not provided." },
+          { "option": "ignoreMethods", "type": "string[]", "default": "['GET','HEAD','OPTIONS']", "notes": "HTTP methods that skip CSRF validation." },
+          { "option": "ignorePaths", "type": "string[]", "default": "[]", "notes": "URL paths to skip (e.g. webhook endpoints)." },
+          { "option": "onError", "type": "function", "default": "—", "notes": "Custom error handler: (err, req, res, next) => {}." }
+        ],
+        "example": "const { createApp, csrf, json, cookieParser } = require('zero-http')\nconst app = createApp()\n\napp.use(cookieParser())\napp.use(json())\napp.use(csrf())\n\n// GET is safe — use it to read the token\napp.get('/api/csrf-token', (req, res) => {\n\tres.json({ token: req.csrfToken })\n})\n\n// POST must include the token\napp.post('/api/transfer', (req, res) => {\n\tres.json({ success: true, amount: req.body.amount })\n})\n\n// Client-side:\n// const { token } = await fetch('/api/csrf-token').then(r => r.json())\n// await fetch('/api/transfer', {\n//   method: 'POST',\n//   headers: { 'Content-Type': 'application/json', 'x-csrf-token': token },\n//   body: JSON.stringify({ amount: 100 })\n// })",
+        "tips": [
+          "cookieParser() must be registered before csrf() even without a signing secret.",
+          "Use ignorePaths for webhook endpoints that receive external POST requests.",
+          "The token is available on req.csrfToken after the middleware runs."
+        ]
+      },
+      {
+        "name": "validate",
+        "description": "Request validation middleware with 11 types and auto-coercion. Validates req.body, req.query, and req.params against a declarative schema. Unknown fields are stripped by default. Returns 422 with structured error messages on failure.",
+        "methods": [
+          { "method": "validate.field", "signature": "validate.field(value, rules)", "description": "Validate a single value against rules. Returns { valid, errors, value }." },
+          { "method": "validate.object", "signature": "validate.object(data, schema)", "description": "Validate an object against a schema. Returns { valid, errors, sanitized }." }
+        ],
+        "options": [
+          { "option": "stripUnknown", "type": "boolean", "default": "true", "notes": "Remove fields not defined in the schema." },
+          { "option": "onError", "type": "function", "default": "—", "notes": "Custom error handler. Default sends 422 JSON." }
+        ],
+        "example": "const { createApp, json, validate } = require('zero-http')\nconst app = createApp()\napp.use(json())\n\n// Validate body\napp.post('/users', validate({\n\tbody: {\n\t\tname:  { type: 'string', required: true, minLength: 2, maxLength: 50 },\n\t\temail: { type: 'email', required: true },\n\t\tage:   { type: 'integer', min: 13, max: 120 },\n\t\trole:  { type: 'string', enum: ['user', 'admin'], default: 'user' },\n\t\ttags:  { type: 'array', minItems: 1, maxItems: 5 }\n\t}\n}), (req, res) => {\n\tres.status(201).json(req.body) // sanitized\n})\n\n// Validate query + params\napp.get('/search/:category', validate({\n\tparams: { category: { type: 'string', enum: ['books', 'music', 'films'] } },\n\tquery: {\n\t\tq:     { type: 'string', required: true },\n\t\tpage:  { type: 'integer', min: 1, default: 1 },\n\t\tlimit: { type: 'integer', min: 1, max: 100, default: 20 }\n\t}\n}), (req, res) => {\n\tres.json({ params: req.params, query: req.query })\n})\n// Validation failure → 422 { errors: ['name is required', ...] }",
+        "tips": [
+          "Supported types: string, integer, number, float, boolean, array, json, date, uuid, email, url.",
+          "Auto-coercion: '42' → 42 (integer), 'true' → true (boolean), etc.",
+          "stripUnknown: true (default) prevents mass-assignment attacks by removing unknown fields.",
+          "Use validate.field() and validate.object() for programmatic validation outside middleware."
+        ]
+      }
+    ]
+  },
+  {
+    "section": "Environment",
+    "icon": "settings",
+    "items": [
+      {
+        "name": "env",
+        "description": "Typed environment variable system with .env file loading, schema validation, and type coercion. Access variables via proxy (env.PORT), function call (env('PORT')), or method (env.get('PORT')). Supports 9 types: string, number, integer, port, boolean, array, json, url, enum. Loads .env files in precedence order with process.env always winning.",
+        "methods": [
+          { "method": "load", "signature": "env.load(schema, [opts])", "description": "Load and validate environment variables from .env files against a typed schema. Throws on validation failure with all errors." },
+          { "method": "get", "signature": "env.get(key)", "description": "Get a typed environment variable by key." },
+          { "method": "require", "signature": "env.require(key)", "description": "Get a variable or throw if it's not set. Use for critical config." },
+          { "method": "has", "signature": "env.has(key)", "description": "Check if a variable is set (not undefined)." },
+          { "method": "all", "signature": "env.all()", "description": "Get all loaded values as a plain object." },
+          { "method": "reset", "signature": "env.reset()", "description": "Reset the env store. Useful for testing." },
+          { "method": "parse", "signature": "env.parse(src)", "description": "Parse a .env file string into key-value pairs. Supports comments, quotes, multiline, interpolation, and export prefix." }
+        ],
+        "options": [
+          { "option": "path", "type": "string", "default": "process.cwd()", "notes": "Custom directory to load .env files from." },
+          { "option": "override", "type": "boolean", "default": "false", "notes": "Write file values into process.env (normally process.env takes precedence)." }
+        ],
+        "example": "const { createApp, env } = require('zero-http')\n\n// Load with typed schema — validates and coerces on startup\nenv.load({\n\tPORT:         { type: 'port', default: 3000 },\n\tDATABASE_URL: { type: 'url', required: true },\n\tDEBUG:        { type: 'boolean', default: false },\n\tALLOWED_IPS:  { type: 'array', separator: ',', default: [] },\n\tNODE_ENV:     { type: 'enum', values: ['development', 'production', 'test'], default: 'development' },\n\tMAX_UPLOAD_MB:{ type: 'integer', min: 1, max: 100, default: 10 },\n\tAPP_CONFIG:   { type: 'json', default: {} }\n})\n\nconst app = createApp()\n\napp.get('/config', (req, res) => res.json({\n\tport: env.PORT,           // number: 3000\n\tdebug: env.DEBUG,         // boolean: false\n\tips: env.ALLOWED_IPS,     // array: ['10.0.0.1', '10.0.0.2']\n\tenv: env.NODE_ENV         // string: 'development'\n}))\n\napp.listen(env.PORT)",
+        "tips": [
+          "env.load() should be called before createApp() — config errors are caught at startup, not at request time.",
+          "process.env always wins over .env file values. Use override: true to reverse this.",
+          "Schema types with examples: port (0-65535), boolean ('true'/'yes'/'1'/'on' → true), array ('a,b,c' → ['a','b','c']), json ('{\"key\":1}' → object).",
+          "Use env.require('KEY') for critical config that must exist — it throws immediately with a clear error message."
+        ]
+      },
+      {
+        "name": ".env File Format",
+        "description": "The env module loads .env files in a specific precedence order with full parsing support. Files are loaded from the working directory (or custom path) in this order: .env → .env.local → .env.{NODE_ENV} → .env.{NODE_ENV}.local. Later files override earlier ones. process.env always takes final precedence.",
+        "example": "# .env — shared defaults\nPORT=3000\nDATABASE_URL=postgres://localhost:5432/mydb\nDEBUG=false\nALLOWED_ORIGINS=http://localhost:3000,http://localhost:5173\nAPP_NAME=My App\n\n# Comments start with #\nexport SECRET_KEY=my-secret  # 'export' prefix is stripped\n\n# Quoted values (single, double, backtick)\nGREETING=\"Hello World\"\nMESSAGE='Single quoted'\nTEMPLATE=`Backtick quoted`\n\n# Multiline values\nRSA_KEY=\"-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA...\n-----END RSA PRIVATE KEY-----\"\n\n# Variable interpolation\nAPI_URL=https://api.example.com\nHEALTH_URL=${API_URL}/health\n\n# .env.local — local overrides (gitignore this)\nDATABASE_URL=postgres://localhost:5432/mydb_local\nDEBUG=true\n\n# .env.production — production settings\nDATABASE_URL=postgres://prod-server:5432/mydb\nDEBUG=false\nNODE_ENV=production",
+        "exampleLang": "bash",
+        "tips": [
+          "File load order: .env → .env.local → .env.{NODE_ENV} → .env.{NODE_ENV}.local. Each subsequent file overrides previous values.",
+          "Always .gitignore .env.local and .env.*.local files — they contain machine-specific secrets.",
+          "Supports variable interpolation: API_URL=https://api.com then HEALTH=${API_URL}/health.",
+          "The 'export' keyword prefix is stripped automatically — compatible with shell sourceable .env files.",
+          "Multiline values are supported with quotes — the value continues until the matching closing quote.",
+          "Inline comments are supported in unquoted values: PORT=3000 # web server port."
+        ]
+      },
+      {
+        "name": "Schema Types",
+        "description": "The env.load() schema supports 9 typed field definitions with validation constraints. Each field can have type, required, default, and type-specific options like min/max, match, separator, and values.",
+        "options": [
+          { "option": "string", "type": "type", "default": "—", "notes": "Basic string. Supports min (min length), max (max length), match (RegExp pattern)." },
+          { "option": "number", "type": "type", "default": "—", "notes": "Floating-point number. Supports min, max range validation." },
+          { "option": "integer", "type": "type", "default": "—", "notes": "Whole number (parseInt). Supports min, max range validation." },
+          { "option": "port", "type": "type", "default": "—", "notes": "Integer 0-65535. Rejects values outside valid port range." },
+          { "option": "boolean", "type": "type", "default": "—", "notes": "Truthy: 'true', '1', 'yes', 'on'. Falsy: 'false', '0', 'no', 'off', ''." },
+          { "option": "array", "type": "type", "default": "—", "notes": "Split string by separator (default: ','). Trims items and removes empties." },
+          { "option": "json", "type": "type", "default": "—", "notes": "JSON.parse the value. Throws with clear error if invalid JSON." },
+          { "option": "url", "type": "type", "default": "—", "notes": "Validated URL string. Throws if not a valid URL (uses URL constructor)." },
+          { "option": "enum", "type": "type", "default": "—", "notes": "Must be one of values: []. Throws with allowed values in error message." }
+        ],
+        "example": "env.load({\n\t// String with pattern matching\n\tAPI_KEY:    { type: 'string', required: true, min: 32, match: /^sk_/ },\n\n\t// Number with range\n\tTIMEOUT_MS: { type: 'number', min: 100, max: 60000, default: 5000 },\n\n\t// Integer\n\tWORKERS:    { type: 'integer', min: 1, max: 16, default: 4 },\n\n\t// Port (validated 0-65535)\n\tPORT:       { type: 'port', default: 3000 },\n\n\t// Boolean (true/false/yes/no/1/0/on/off)\n\tDEBUG:      { type: 'boolean', default: false },\n\n\t// Array (split by separator)\n\tALLOWED:    { type: 'array', separator: ',', default: [] },\n\n\t// JSON (parsed to object)\n\tCONFIG:     { type: 'json', default: {} },\n\n\t// URL (validated)\n\tAPI_URL:    { type: 'url', required: true },\n\n\t// Enum (must match one of values)\n\tLOG_LEVEL:  { type: 'enum', values: ['debug','info','warn','error'], default: 'info' }\n})",
+        "tips": [
+          "If a required field is missing and has no default, env.load() throws immediately with all validation errors.",
+          "Defaults can be functions: { default: () => crypto.randomUUID() } — they're called lazily.",
+          "All type coercion happens at load() time — after that, env.PORT returns a real number, not a string."
+        ]
+      }
+    ]
+  },
+  {
+    "section": "ORM",
+    "icon": "database",
+    "items": [
+      {
+        "name": "Database",
+        "description": "The ORM entry point. Connect to a database using one of 6 built-in adapters (memory, json, sqlite, mysql, postgres, mongo), register your Model classes, and sync schemas. The Database instance manages the connection lifecycle and provides transaction support. All network-facing adapters (mysql, postgres, mongo) validate credentials on connect — invalid host, port, user, or database values throw immediately.",
+        "methods": [
+          { "method": "connect", "signature": "Database.connect(type, [opts])", "description": "Static factory method. Creates a Database instance with the specified adapter. Validates credentials for network adapters. Returns the Database instance." },
+          { "method": "register", "signature": "db.register(ModelClass)", "description": "Register a Model class with this database. Chainable." },
+          { "method": "registerAll", "signature": "db.registerAll(...models)", "description": "Register multiple Model classes. Chainable." },
+          { "method": "sync", "signature": "db.sync()", "description": "Create tables for all registered models. Returns Promise." },
+          { "method": "drop", "signature": "db.drop()", "description": "Drop tables for all registered models. Returns Promise." },
+          { "method": "close", "signature": "db.close()", "description": "Close the database connection. Returns Promise." },
+          { "method": "model", "signature": "db.model(name)", "description": "Get a registered model by class name." },
+          { "method": "transaction", "signature": "db.transaction(fn)", "description": "Run an async function inside a transaction. Auto-commits on success, rolls back on error. Falls back to direct execution if the adapter doesn't support transactions." }
+        ],
+        "options": [
+          { "option": "memory", "type": "adapter", "default": "—", "notes": "In-memory adapter. No options required. Great for testing and prototyping." },
+          { "option": "json", "type": "adapter", "default": "—", "notes": "File-based JSON adapter. Options: { path: 'data.json' }." },
+          { "option": "sqlite", "type": "adapter", "default": "—", "notes": "SQLite adapter. Options: { filename, readonly, fileMustExist, createDir, pragmas }. Requires better-sqlite3. Auto-creates parent directories." },
+          { "option": "mysql", "type": "adapter", "default": "—", "notes": "MySQL adapter. Options: { host, user, password, database, port }. Requires mysql2. Credentials validated on connect." },
+          { "option": "postgres", "type": "adapter", "default": "—", "notes": "PostgreSQL adapter. Options: { host, user, password, database, port, ssl }. Requires pg. Credentials validated on connect." },
+          { "option": "mongo", "type": "adapter", "default": "—", "notes": "MongoDB adapter. Options: { url, database, clientOptions }. Requires mongodb. URL and database validated on connect." }
+        ],
+        "example": "const { Database, Model, TYPES } = require('zero-http')\nconst path = require('path')\n\n// SQLite with file-based persistence (recommended for single-server apps)\nconst db = Database.connect('sqlite', {\n\tfilename: path.join(__dirname, 'Database', 'app.db'),\n\t// createDir: true (default) — auto-creates the Database/ folder\n\t// pragmas are production-tuned by default:\n\t//   journal_mode: WAL, foreign_keys: ON, busy_timeout: 5000,\n\t//   synchronous: NORMAL, cache_size: -64000 (64 MB),\n\t//   temp_store: MEMORY, mmap_size: 268435456 (256 MB)\n})\n\n// Override pragmas as needed\nconst testDb = Database.connect('sqlite', {\n\tfilename: ':memory:',\n\tpragmas: { cache_size: '-32000', wal_autocheckpoint: '500' }\n})\n\n// Network adapters validate credentials\n// Database.connect('mysql', { host: 123 }) → throws: host must be a non-empty string\n// Database.connect('postgres', { port: 99999 }) → throws: port must be 1-65535\n\nclass User extends Model {\n\tstatic table = 'users'\n\tstatic schema = {\n\t\tid:   { type: TYPES.INTEGER, primaryKey: true, autoIncrement: true },\n\t\tname: { type: TYPES.STRING, required: true }\n\t}\n}\n\ndb.register(User)\nawait db.sync()\n\n// Transaction — auto rollback on error\nawait db.transaction(async () => {\n\tconst sender = await User.findById(1)\n\tconst receiver = await User.findById(2)\n\tawait sender.decrement('balance', 100)\n\tawait receiver.increment('balance', 100)\n})",
+        "tips": [
+          "Use 'memory' for tests and prototyping — zero setup, instant startup.",
+          "SQLite with WAL mode handles concurrent reads and writes well for single-server apps.",
+          "All SQLite pragmas have production-ready defaults — you only need to set filename.",
+          "createDir: true (default) auto-creates parent directories for the database file.",
+          "Network adapter credentials (host, port, user, password, database) are type-checked on connect.",
+          "db.transaction() wraps your callback in begin/commit/rollback when the adapter supports it.",
+          "db.register() returns the Database instance — you can chain: db.register(User).register(Post).",
+          "Always call db.sync() after registering models to create the database tables."
+        ]
+      },
+      {
+        "name": "SQLite Adapter",
+        "description": "The SQLite adapter uses better-sqlite3 for synchronous, high-performance file-based persistence. It auto-creates parent directories, ships with production-tuned PRAGMA defaults (WAL, 64 MB cache, memory-mapped I/O), and exposes utility methods for database maintenance. Ideal for single-server apps, prototyping, and embedded use cases.",
+        "methods": [
+          { "method": "pragma", "signature": "adapter.pragma(key)", "description": "Read a single PRAGMA value (e.g. 'journal_mode' → 'wal')." },
+          { "method": "checkpoint", "signature": "adapter.checkpoint([mode])", "description": "Force a WAL checkpoint. Modes: PASSIVE (default), FULL, RESTART, TRUNCATE." },
+          { "method": "integrity", "signature": "adapter.integrity()", "description": "Run PRAGMA integrity_check. Returns 'ok' or a problem description." },
+          { "method": "vacuum", "signature": "adapter.vacuum()", "description": "Rebuild the database file, reclaiming unused pages." },
+          { "method": "fileSize", "signature": "adapter.fileSize()", "description": "Get the database file size in bytes. Returns 0 for in-memory databases." },
+          { "method": "tables", "signature": "adapter.tables()", "description": "List all user-created table names." },
+          { "method": "raw", "signature": "adapter.raw(sql, ...params)", "description": "Execute a raw SQL SELECT query with parameters." },
+          { "method": "close", "signature": "adapter.close()", "description": "Close the database connection." }
+        ],
+        "options": [
+          { "option": "filename", "type": "string", "default": "':memory:'", "notes": "Path to the SQLite file, or ':memory:' for an in-memory database." },
+          { "option": "readonly", "type": "boolean", "default": "false", "notes": "Open the database in read-only mode." },
+          { "option": "fileMustExist", "type": "boolean", "default": "false", "notes": "Throw if the database file does not exist." },
+          { "option": "createDir", "type": "boolean", "default": "true", "notes": "Auto-create parent directories for the database file." },
+          { "option": "pragmas.journal_mode", "type": "string", "default": "'WAL'", "notes": "WAL mode enables concurrent reads/writes. Options: WAL, DELETE, TRUNCATE, MEMORY, OFF." },
+          { "option": "pragmas.foreign_keys", "type": "string", "default": "'ON'", "notes": "Enforce foreign key constraints." },
+          { "option": "pragmas.busy_timeout", "type": "string", "default": "'5000'", "notes": "Milliseconds to wait when the database is locked." },
+          { "option": "pragmas.synchronous", "type": "string", "default": "'NORMAL'", "notes": "Sync mode: OFF, NORMAL, FULL, EXTRA." },
+          { "option": "pragmas.cache_size", "type": "string", "default": "'-64000'", "notes": "Page cache size. Negative = KiB (e.g. -64000 = 64 MB)." },
+          { "option": "pragmas.temp_store", "type": "string", "default": "'MEMORY'", "notes": "Store temp tables in memory for speed." },
+          { "option": "pragmas.mmap_size", "type": "string", "default": "'268435456'", "notes": "Memory-mapped I/O size (256 MB)." },
+          { "option": "pragmas.page_size", "type": "string", "default": "—", "notes": "Page size in bytes. Must be set before WAL is enabled." },
+          { "option": "pragmas.auto_vacuum", "type": "string", "default": "—", "notes": "Auto-vacuum mode: NONE, FULL, INCREMENTAL." },
+          { "option": "pragmas.secure_delete", "type": "string", "default": "—", "notes": "Overwrite deleted content with zeros." },
+          { "option": "pragmas.wal_autocheckpoint", "type": "string", "default": "—", "notes": "Number of pages before WAL auto-checkpoint (default 1000)." },
+          { "option": "pragmas.locking_mode", "type": "string", "default": "—", "notes": "NORMAL or EXCLUSIVE locking." }
+        ],
+        "example": "const { Database, Model, TYPES } = require('zero-http')\nconst path = require('path')\n\n// Production SQLite setup with Database/ folder\nconst db = Database.connect('sqlite', {\n\tfilename: path.join(__dirname, 'Database', 'app.db'),\n\t// Pragmas are auto-applied with production defaults\n\t// Override any as needed:\n\tpragmas: {\n\t\twal_autocheckpoint: '500',  // checkpoint every 500 pages\n\t\tsecure_delete: 'ON',        // zero-fill deleted content\n\t}\n})\n\n// Access adapter utilities\nconst adapter = db.adapter\nconsole.log(adapter.pragma('journal_mode'))  // 'wal'\nconsole.log(adapter.tables())                // ['users', 'posts', ...]\nconsole.log(adapter.fileSize())              // 49152 (bytes)\nconsole.log(adapter.integrity())             // 'ok'\n\n// Maintenance\nadapter.checkpoint('TRUNCATE')  // reset WAL file\nadapter.vacuum()                // reclaim free space\n\n// Read-only replica\nconst replica = Database.connect('sqlite', {\n\tfilename: path.join(__dirname, 'Database', 'app.db'),\n\treadonly: true,\n\tfileMustExist: true\n})",
+        "tips": [
+          "WAL mode (default) gives you concurrent reads while a single writer commits — ideal for web servers.",
+          "cache_size of -64000 means 64 MB of page cache — enough for most applications.",
+          "mmap_size of 256 MB uses memory-mapped I/O for fast reads on large databases.",
+          "Use checkpoint('TRUNCATE') periodically to reset the WAL file size.",
+          "integrity() is useful in health-check endpoints to verify database consistency.",
+          "readonly mode is perfect for read replicas — prevents accidental writes.",
+          "The adapter auto-creates parent directories — just point filename to 'Database/app.db'."
+        ]
+      },
+      {
+        "name": "MySQL Adapter",
+        "description": "MySQL / MariaDB adapter using the mysql2 driver with connection pooling, prepared statements, and utility methods for introspection and maintenance. Supports SSL, custom charsets, timezone configuration, and pool health monitoring.",
+        "methods": [
+          { "method": "raw", "signature": "adapter.raw(sql, ...params)", "description": "Execute a raw SQL SELECT query with parameterized inputs. Returns rows." },
+          { "method": "exec", "signature": "adapter.exec(sql, ...params)", "description": "Execute a raw statement (INSERT, UPDATE, DDL). Returns { affectedRows, insertId }." },
+          { "method": "tables", "signature": "adapter.tables()", "description": "List all tables in the current database." },
+          { "method": "columns", "signature": "adapter.columns(table)", "description": "Get column info for a table (Field, Type, Null, Key, Default, Extra)." },
+          { "method": "databaseSize", "signature": "adapter.databaseSize()", "description": "Get total database size in bytes (data + indexes)." },
+          { "method": "poolStatus", "signature": "adapter.poolStatus()", "description": "Get pool stats: { total, idle, used, queued }." },
+          { "method": "version", "signature": "adapter.version()", "description": "Get MySQL/MariaDB server version string." },
+          { "method": "ping", "signature": "adapter.ping()", "description": "Ping the server. Returns true if healthy." },
+          { "method": "transaction", "signature": "adapter.transaction(fn)", "description": "Run a function inside a transaction. Receives a connection object. Auto-commits/rollbacks." },
+          { "method": "close", "signature": "adapter.close()", "description": "Close the connection pool." }
+        ],
+        "options": [
+          { "option": "host", "type": "string", "default": "'localhost'", "notes": "Server hostname or IP address." },
+          { "option": "port", "type": "number", "default": "3306", "notes": "Server port." },
+          { "option": "user", "type": "string", "default": "'root'", "notes": "Database user." },
+          { "option": "password", "type": "string", "default": "''", "notes": "Database password. Validated as string on connect." },
+          { "option": "database", "type": "string", "default": "—", "notes": "Database name (required). Validated as non-empty string." },
+          { "option": "connectionLimit", "type": "number", "default": "10", "notes": "Maximum concurrent connections in the pool." },
+          { "option": "waitForConnections", "type": "boolean", "default": "true", "notes": "Queue requests when all connections are busy." },
+          { "option": "queueLimit", "type": "number", "default": "0", "notes": "Max queued requests (0 = unlimited)." },
+          { "option": "connectTimeout", "type": "number", "default": "10000", "notes": "Connection timeout in milliseconds." },
+          { "option": "charset", "type": "string", "default": "'utf8mb4'", "notes": "Default character set (utf8mb4 for full emoji support)." },
+          { "option": "timezone", "type": "string", "default": "'Z'", "notes": "Session timezone." },
+          { "option": "ssl", "type": "string|object", "default": "—", "notes": "SSL profile name or TLS options object." },
+          { "option": "multipleStatements", "type": "boolean", "default": "false", "notes": "Allow multiple statements per query (use with caution)." },
+          { "option": "decimalNumbers", "type": "boolean", "default": "false", "notes": "Return DECIMAL columns as JavaScript numbers instead of strings." }
+        ],
+        "example": "const { Database, Model, TYPES } = require('zero-http')\n\nconst db = Database.connect('mysql', {\n\thost: process.env.DB_HOST || 'localhost',\n\tport: Number(process.env.DB_PORT) || 3306,\n\tuser: process.env.DB_USER || 'root',\n\tpassword: process.env.DB_PASS || '',\n\tdatabase: process.env.DB_NAME,\n\tconnectionLimit: 20,\n\tcharset: 'utf8mb4',\n})\n\n// Health check endpoint\napp.get('/health', async (req, res) => {\n\tconst alive = await db.adapter.ping()\n\tconst pool = db.adapter.poolStatus()\n\tconst version = await db.adapter.version()\n\tres.json({ alive, pool, version })\n})\n\n// Introspection\nconst tables = await db.adapter.tables()    // ['users', 'posts', ...]\nconst cols = await db.adapter.columns('users') // [{ Field, Type, ... }]\nconst size = await db.adapter.databaseSize() // bytes\n\n// Raw queries with parameterized inputs (safe from injection)\nconst users = await db.adapter.raw(\n\t'SELECT * FROM users WHERE role = ? AND active = ?',\n\t'admin', true\n)\n\n// DDL / write operations\nawait db.adapter.exec(\n\t'ALTER TABLE users ADD COLUMN bio TEXT'\n)",
+        "tips": [
+          "Always use environment variables for credentials — never hardcode passwords!",
+          "connectionLimit of 10-20 is a safe default. Go higher only if you're seeing pool exhaustion.",
+          "poolStatus() is perfect for monitoring dashboards — track idle vs used connections.",
+          "Use charset: 'utf8mb4' (default) to support emojis and full Unicode.",
+          "ping() is ideal for health check endpoints in load balancers.",
+          "exec() is for writes that don't return rows — raw() is for SELECTs.",
+          "Credentials are validated on Database.connect() — bad host/port/user types throw immediately."
+        ]
+      },
+      {
+        "name": "PostgreSQL Adapter",
+        "description": "PostgreSQL adapter using the pg driver with connection pooling, $1/$2 parameterized queries, JSONB support, and utility methods for schema introspection, pool monitoring, and real-time LISTEN/NOTIFY subscriptions.",
+        "methods": [
+          { "method": "raw", "signature": "adapter.raw(sql, ...params)", "description": "Execute a raw SQL SELECT query with $1-style params. Returns rows." },
+          { "method": "exec", "signature": "adapter.exec(sql, ...params)", "description": "Execute a raw statement that doesn't return rows. Returns { rowCount }." },
+          { "method": "tables", "signature": "adapter.tables([schema])", "description": "List all tables in a schema (default: 'public')." },
+          { "method": "columns", "signature": "adapter.columns(table, [schema])", "description": "Get column info: column_name, data_type, is_nullable, column_default." },
+          { "method": "databaseSize", "signature": "adapter.databaseSize()", "description": "Get total database size in bytes." },
+          { "method": "tableSize", "signature": "adapter.tableSize(table)", "description": "Get total size of a table including indexes, in bytes." },
+          { "method": "poolStatus", "signature": "adapter.poolStatus()", "description": "Get pool stats: { total, idle, waiting }." },
+          { "method": "version", "signature": "adapter.version()", "description": "Get PostgreSQL server version string." },
+          { "method": "ping", "signature": "adapter.ping()", "description": "Ping the server. Returns true if healthy." },
+          { "method": "listen", "signature": "adapter.listen(channel, callback)", "description": "Subscribe to PG LISTEN/NOTIFY. Returns an unlisten function." },
+          { "method": "transaction", "signature": "adapter.transaction(fn)", "description": "Run a function inside a transaction. Receives a client. Auto-commits/rollbacks." },
+          { "method": "close", "signature": "adapter.close()", "description": "Close the connection pool." }
+        ],
+        "options": [
+          { "option": "host", "type": "string", "default": "'localhost'", "notes": "Server hostname." },
+          { "option": "port", "type": "number", "default": "5432", "notes": "Server port." },
+          { "option": "user", "type": "string", "default": "—", "notes": "Database user. Validated on connect." },
+          { "option": "password", "type": "string", "default": "—", "notes": "Database password. Validated on connect." },
+          { "option": "database", "type": "string", "default": "—", "notes": "Database name (required). Validated as non-empty." },
+          { "option": "connectionString", "type": "string", "default": "—", "notes": "Full connection URI (overrides individual host/port/user/password)." },
+          { "option": "max", "type": "number", "default": "10", "notes": "Maximum pool size." },
+          { "option": "idleTimeoutMillis", "type": "number", "default": "10000", "notes": "How long idle clients sit before being closed." },
+          { "option": "connectionTimeoutMillis", "type": "number", "default": "0", "notes": "Timeout for establishing new connections (0 = no limit)." },
+          { "option": "ssl", "type": "boolean|object", "default": "false", "notes": "Enable SSL or pass TLS options ({ rejectUnauthorized: false })." },
+          { "option": "application_name", "type": "string", "default": "—", "notes": "Shows up in pg_stat_activity — great for identifying your app." },
+          { "option": "statement_timeout", "type": "number", "default": "—", "notes": "Auto-cancel queries running longer than this (ms)." }
+        ],
+        "example": "const { Database } = require('zero-http')\n\n// Connection string style\nconst db = Database.connect('postgres', {\n\tconnectionString: process.env.DATABASE_URL,\n\tssl: { rejectUnauthorized: false }, // common on Heroku/Render\n\tmax: 20,\n\tapplication_name: 'my-api',\n\tstatement_timeout: 30000,\n})\n\n// Or individual options\nconst db2 = Database.connect('postgres', {\n\thost: 'localhost',\n\tport: 5432,\n\tuser: 'postgres',\n\tpassword: process.env.PG_PASS,\n\tdatabase: 'myapp',\n})\n\n// Health + monitoring\napp.get('/health', async (req, res) => {\n\tconst alive = await db.adapter.ping()\n\tconst pool = db.adapter.poolStatus()  // { total, idle, waiting }\n\tconst dbSize = await db.adapter.databaseSize()\n\tres.json({ alive, pool, dbSize })\n})\n\n// Schema introspection\nconst tables = await db.adapter.tables()           // ['users', 'posts']\nconst cols = await db.adapter.columns('users')     // [{ column_name, data_type, ... }]\nconst size = await db.adapter.tableSize('users')   // bytes\n\n// Real-time LISTEN/NOTIFY\nconst unlisten = await db.adapter.listen('new_order', (msg) => {\n\tconsole.log('New order:', msg.payload)\n})\n// Later: await unlisten()\n\n// Raw parameterized query ($1, $2 — safe from injection)\nconst admins = await db.adapter.raw(\n\t'SELECT * FROM users WHERE role = $1 AND active = $2',\n\t'admin', true\n)",
+        "tips": [
+          "Use connectionString for hosted databases (Heroku, Render, Supabase, Neon).",
+          "application_name shows up in pg_stat_activity — makes debugging production queries a breeze.",
+          "statement_timeout prevents runaway queries from hogging connections.",
+          "LISTEN/NOTIFY is PostgreSQL's built-in pub/sub — great for real-time features without polling.",
+          "PostgreSQL uses JSONB natively — the ORM maps TYPES.JSON to JSONB for indexable JSON columns.",
+          "poolStatus().waiting > 0 means clients are queued — consider increasing max pool size.",
+          "SERIAL PRIMARY KEY is auto-used for integer autoIncrement columns."
+        ]
+      },
+      {
+        "name": "MongoDB Adapter",
+        "description": "MongoDB adapter using the official mongodb driver with connection pooling, automatic reconnection, index management, and utility methods for collection introspection and database stats. Maps the ORM's relational model to MongoDB documents with auto-increment IDs.",
+        "methods": [
+          { "method": "raw", "signature": "adapter.raw(command)", "description": "Run a raw MongoDB command document. Returns the command result." },
+          { "method": "collections", "signature": "adapter.collections()", "description": "List all collections in the database." },
+          { "method": "stats", "signature": "adapter.stats()", "description": "Get database stats: { collections, objects, dataSize, storageSize, indexes, indexSize }." },
+          { "method": "collectionStats", "signature": "adapter.collectionStats(name)", "description": "Get stats for a specific collection: { count, size, avgObjSize, storageSize, nindexes }." },
+          { "method": "createIndex", "signature": "adapter.createIndex(collection, keys, [opts])", "description": "Create an index. keys: { email: 1 } for ascending. opts: { unique: true }." },
+          { "method": "indexes", "signature": "adapter.indexes(collection)", "description": "List all indexes on a collection." },
+          { "method": "dropIndex", "signature": "adapter.dropIndex(collection, indexName)", "description": "Drop a specific index by name." },
+          { "method": "ping", "signature": "adapter.ping()", "description": "Ping the MongoDB server. Returns true if healthy." },
+          { "method": "version", "signature": "adapter.version()", "description": "Get the MongoDB server version." },
+          { "method": "isConnected", "signature": "adapter.isConnected", "description": "Property — true if currently connected." },
+          { "method": "transaction", "signature": "adapter.transaction(fn)", "description": "Run operations in a transaction (requires replica set). Receives a session object." },
+          { "method": "close", "signature": "adapter.close()", "description": "Close the connection." }
+        ],
+        "options": [
+          { "option": "url", "type": "string", "default": "'mongodb://127.0.0.1:27017'", "notes": "MongoDB connection string. Supports SRV: mongodb+srv://..." },
+          { "option": "database", "type": "string", "default": "—", "notes": "Database name (required). Validated on connect." },
+          { "option": "maxPoolSize", "type": "number", "default": "10", "notes": "Maximum number of connections in the pool." },
+          { "option": "minPoolSize", "type": "number", "default": "0", "notes": "Keep this many connections warm." },
+          { "option": "connectTimeoutMS", "type": "number", "default": "10000", "notes": "Connection timeout." },
+          { "option": "socketTimeoutMS", "type": "number", "default": "0", "notes": "Socket timeout (0 = no limit)." },
+          { "option": "serverSelectionTimeoutMS", "type": "number", "default": "30000", "notes": "Timeout for selecting a server from a replica set." },
+          { "option": "retryWrites", "type": "boolean", "default": "true", "notes": "Retry write operations on transient errors." },
+          { "option": "retryReads", "type": "boolean", "default": "true", "notes": "Retry read operations on transient errors." },
+          { "option": "authSource", "type": "string", "default": "—", "notes": "Authentication database (default: the database name)." },
+          { "option": "replicaSet", "type": "string", "default": "—", "notes": "Replica set name (required for transactions)." },
+          { "option": "clientOptions", "type": "object", "default": "{}", "notes": "Extra MongoClient options passed directly to the driver." }
+        ],
+        "example": "const { Database, Model, TYPES } = require('zero-http')\n\nconst db = Database.connect('mongo', {\n\turl: process.env.MONGO_URI || 'mongodb://localhost:27017',\n\tdatabase: 'myapp',\n\tmaxPoolSize: 20,\n})\n\n// Health check\napp.get('/health', async (req, res) => {\n\tconst alive = await db.adapter.ping()\n\tconst ver = await db.adapter.version()\n\tconst s = await db.adapter.stats()\n\tres.json({ alive, version: ver, ...s })\n})\n\n// Introspection\nconst cols = await db.adapter.collections()  // ['users', 'posts']\nconst s = await db.adapter.collectionStats('users')\n// { count: 1500, size: 245760, avgObjSize: 163, ... }\n\n// Index management\nawait db.adapter.createIndex('users', { email: 1 }, { unique: true })\nawait db.adapter.createIndex('posts', { title: 'text' }) // full-text index\nconst idxs = await db.adapter.indexes('users')\n\n// Transactions (replica set required)\nawait db.transaction(async (session) => {\n\t// Use session for operations that need ACID\n})\n\n// Connection status\nconsole.log(db.adapter.isConnected) // true",
+        "tips": [
+          "Use mongodb+srv:// connection strings for Atlas — handles DNS seedlists automatically.",
+          "The ORM simulates auto-increment IDs for MongoDB — each insert finds the max(id) + 1.",
+          "Transactions require a replica set — use 'rs.initiate()' in mongosh for local dev.",
+          "createIndex with { unique: true } enforces uniqueness — like SQL UNIQUE constraints.",
+          "Full-text search: createIndex(collection, { field: 'text' }) then query with $text.",
+          "isConnected is a getter — it's a property, not a method (no parentheses).",
+          "collectionStats().avgObjSize tells you the average document size — useful for capacity planning."
+        ]
+      },
+      {
+        "name": "Memory Adapter",
+        "description": "Zero-dependency in-memory adapter — perfect for tests, prototyping, and ephemeral applications. All data lives in JavaScript Maps and arrays. Supports full CRUD, query builder, and utility methods for introspection, export/import, and cloning.",
+        "methods": [
+          { "method": "tables", "signature": "adapter.tables()", "description": "List all registered table names." },
+          { "method": "totalRows", "signature": "adapter.totalRows()", "description": "Count all rows across all tables." },
+          { "method": "stats", "signature": "adapter.stats()", "description": "Get memory stats: { tables, totalRows, estimatedBytes }." },
+          { "method": "toJSON", "signature": "adapter.toJSON()", "description": "Export all data as a plain object: { tableName: rows[], ... }." },
+          { "method": "fromJSON", "signature": "adapter.fromJSON(data)", "description": "Import data from a plain object. Merges with existing data." },
+          { "method": "clone", "signature": "adapter.clone()", "description": "Deep-copy the entire database state into a new MemoryAdapter." },
+          { "method": "clear", "signature": "adapter.clear()", "description": "Delete all rows from all tables (tables remain registered)." }
+        ],
+        "example": "const { Database, Model, TYPES } = require('zero-http')\n\nconst db = Database.connect('memory')\n\nclass User extends Model {\n\tstatic table = 'users'\n\tstatic schema = {\n\t\tid: { type: TYPES.INTEGER, primaryKey: true, autoIncrement: true },\n\t\tname: { type: TYPES.STRING, required: true },\n\t}\n}\n\ndb.register(User)\nawait db.sync()\n\n// Seed data for tests\nawait User.createMany([\n\t{ name: 'Alice' },\n\t{ name: 'Bob' },\n\t{ name: 'Charlie' },\n])\n\n// Introspection\nconsole.log(db.adapter.tables())     // ['users']\nconsole.log(db.adapter.totalRows())  // 3\nconsole.log(db.adapter.stats())      // { tables: 1, totalRows: 3, estimatedBytes: ... }\n\n// Snapshot & restore\nconst snapshot = db.adapter.toJSON()\n// ... run tests that mutate data ...\nawait db.adapter.clear()\ndb.adapter.fromJSON(snapshot)  // restore!\n\n// Independent clone for parallel testing\nconst fork = db.adapter.clone()\n// fork has its own isolated copy of all data",
+        "tips": [
+          "Memory adapter is the fastest — zero IO overhead, instant operations.",
+          "Use toJSON() + fromJSON() to snapshot and restore state between tests.",
+          "clone() creates a fully independent copy — mutations in one don't affect the other.",
+          "clear() keeps table registrations but empties all rows — great for beforeEach() in tests.",
+          "stats().estimatedBytes gives a rough size estimate — useful for memory-conscious apps.",
+          "Data doesn't survive process restarts. For persistence, switch to JSON or SQLite."
+        ]
+      },
+      {
+        "name": "JSON Adapter",
+        "description": "File-backed database adapter that persists data as JSON files on disk — one file per table. Zero-dependency, extends the Memory adapter with atomic writes, auto-flushing, backup support, and file management. Great for prototyping, small apps, and embedded scenarios.",
+        "methods": [
+          { "method": "flush", "signature": "adapter.flush()", "description": "Immediately write all pending changes to disk." },
+          { "method": "fileSize", "signature": "adapter.fileSize()", "description": "Get total size of all JSON files in bytes." },
+          { "method": "compact", "signature": "adapter.compact(table)", "description": "Re-serialize and save a table's JSON file." },
+          { "method": "backup", "signature": "adapter.backup(destDir)", "description": "Copy all JSON files to a target directory." },
+          { "method": "directory", "signature": "adapter.directory", "description": "Property — the resolved path where JSON files are stored." },
+          { "method": "hasPendingWrites", "signature": "adapter.hasPendingWrites", "description": "Property — true if there are unflushed writes." },
+          { "method": "tables", "signature": "adapter.tables()", "description": "List all registered table names (inherited from Memory)." },
+          { "method": "stats", "signature": "adapter.stats()", "description": "Get stats: { tables, totalRows, estimatedBytes } (inherited from Memory)." },
+          { "method": "toJSON", "signature": "adapter.toJSON()", "description": "Export all data (inherited from Memory)." }
+        ],
+        "options": [
+          { "option": "dir", "type": "string", "default": "—", "notes": "Directory to store JSON files (required). Created automatically if needed." },
+          { "option": "pretty", "type": "boolean", "default": "true", "notes": "Pretty-print JSON with 2-space indentation." },
+          { "option": "flushInterval", "type": "number", "default": "50", "notes": "Debounce interval for writes in milliseconds." },
+          { "option": "autoFlush", "type": "boolean", "default": "true", "notes": "Auto-write to disk. Set false for manual flush() control." }
+        ],
+        "example": "const { Database, Model, TYPES } = require('zero-http')\nconst path = require('path')\n\nconst db = Database.connect('json', {\n\tdir: path.join(__dirname, 'data'),\n\tpretty: true,      // human-readable files\n\tflushInterval: 100, // debounce writes to 100ms\n})\n\nclass Note extends Model {\n\tstatic table = 'notes'\n\tstatic schema = {\n\t\tid: { type: TYPES.INTEGER, primaryKey: true, autoIncrement: true },\n\t\ttitle: { type: TYPES.STRING, required: true },\n\t\tbody: { type: TYPES.TEXT },\n\t}\n\tstatic timestamps = true\n}\n\ndb.register(Note)\nawait db.sync()\n\n// CRUD works exactly like any other adapter\nawait Note.create({ title: 'Hello', body: 'World' })\n// Creates data/notes.json on disk\n\n// Backup before deployment\ndb.adapter.backup(path.join(__dirname, 'backups', Date.now().toString()))\n\n// Monitor disk usage\nconsole.log(db.adapter.fileSize())  // total bytes on disk\nconsole.log(db.adapter.directory)   // '/path/to/data'\n\n// Force immediate flush (useful before process.exit)\nawait db.adapter.flush()",
+        "tips": [
+          "JSON files are human-readable — you can edit them manually in an emergency.",
+          "Writes are atomic (tmp + rename) so you won't get corrupted files on crash.",
+          "flushInterval debounces rapid writes — higher values = fewer disk writes.",
+          "backup() is great for creating snapshots before risky operations.",
+          "Set autoFlush: false and call flush() manually for batch-heavy operations.",
+          "JSON adapter inherits ALL Memory adapter utilities (tables, stats, toJSON, fromJSON, clone).",
+          "For more performance, switch to SQLite — it handles concurrent access much better."
+        ]
+      },
+      {
+        "name": "Model",
+        "description": "The ORM base class — extend it to define your data models. Supports typed schemas with validation, timestamps, soft deletes, lifecycle hooks, hidden fields, reusable scopes, relationships (hasMany, hasOne, belongsTo, belongsToMany), and a full suite of CRUD operations.",
+        "methods": [
+          { "method": "create", "signature": "Model.create(data)", "description": "Insert a new record. Runs validation and beforeCreate/afterCreate hooks. Returns Promise<Model>." },
+          { "method": "createMany", "signature": "Model.createMany([data, ...])", "description": "Insert multiple records. Returns Promise<Model[]>." },
+          { "method": "find", "signature": "Model.find([conditions])", "description": "Find all records matching conditions. Returns Promise<Model[]>." },
+          { "method": "findOne", "signature": "Model.findOne(conditions)", "description": "Find a single record. Returns Promise<Model|null>." },
+          { "method": "findById", "signature": "Model.findById(id)", "description": "Find by primary key. Returns Promise<Model|null>." },
+          { "method": "findOrCreate", "signature": "Model.findOrCreate(conditions, [defaults])", "description": "Find or insert. Returns Promise<{ instance, created }>." },
+          { "method": "exists", "signature": "Model.exists([conditions])", "description": "Check if any matching records exist. Returns Promise<boolean>." },
+          { "method": "upsert", "signature": "Model.upsert(conditions, data)", "description": "Insert or update. Finds by conditions, creates with merged data if not found, updates if found. Returns Promise<{ instance, created }>." },
+          { "method": "updateWhere", "signature": "Model.updateWhere(conditions, data)", "description": "Update all matching records. Returns Promise<number> (affected count)." },
+          { "method": "deleteWhere", "signature": "Model.deleteWhere(conditions)", "description": "Delete all matching records (respects softDelete). Returns Promise<number>." },
+          { "method": "count", "signature": "Model.count([conditions])", "description": "Count matching records. Returns Promise<number>." },
+          { "method": "query", "signature": "Model.query()", "description": "Start a fluent Query builder. See ORM → Query." },
+          { "method": "scope", "signature": "Model.scope(name, [...args])", "description": "Start a query with a named scope applied. Returns Query." },
+          { "method": "save", "signature": "instance.save()", "description": "Insert (if new) or update dirty fields (if persisted). Returns Promise<Model>." },
+          { "method": "update", "signature": "instance.update(data)", "description": "Update specific fields on the instance. Returns Promise<Model>." },
+          { "method": "delete", "signature": "instance.delete()", "description": "Delete the instance (soft or hard depending on softDelete setting)." },
+          { "method": "restore", "signature": "instance.restore()", "description": "Restore a soft-deleted instance (sets deletedAt to null)." },
+          { "method": "reload", "signature": "instance.reload()", "description": "Re-fetch the instance from the database. Returns Promise<Model>." },
+          { "method": "toJSON", "signature": "instance.toJSON()", "description": "Return a plain object, excluding fields listed in static hidden." },
+          { "method": "load", "signature": "instance.load(relationName)", "description": "Eagerly load a relationship. Sets instance[relationName]. Returns Promise." },
+          { "method": "increment", "signature": "instance.increment(field, [by])", "description": "Increment a numeric field by amount (default 1). Saves immediately." },
+          { "method": "decrement", "signature": "instance.decrement(field, [by])", "description": "Decrement a numeric field by amount (default 1). Saves immediately." },
+          { "method": "hasMany", "signature": "Model.hasMany(Related, foreignKey, [localKey])", "description": "Define a one-to-many relationship." },
+          { "method": "hasOne", "signature": "Model.hasOne(Related, foreignKey, [localKey])", "description": "Define a one-to-one relationship." },
+          { "method": "belongsTo", "signature": "Model.belongsTo(Related, foreignKey, [otherKey])", "description": "Define an inverse belongs-to relationship." },
+          { "method": "belongsToMany", "signature": "Model.belongsToMany(Related, opts)", "description": "Define a many-to-many relationship through a junction table. Options: { through, foreignKey, otherKey, localKey, relatedKey }." },
+          { "method": "first", "signature": "Model.first([conditions])", "description": "Find the first record. Returns Promise<Model|null>." },
+          { "method": "last", "signature": "Model.last([conditions])", "description": "Find the last record (by PK descending). Returns Promise<Model|null>." },
+          { "method": "all", "signature": "Model.all([conditions])", "description": "Get all records (alias for find). Returns Promise<Model[]>." },
+          { "method": "paginate", "signature": "Model.paginate(page, [perPage], [conditions])", "description": "Rich pagination: returns { data, total, page, perPage, pages, hasNext, hasPrev }." },
+          { "method": "chunk", "signature": "Model.chunk(size, fn, [conditions])", "description": "Process all records in batches. fn(batch, batchIndex) — supports async." },
+          { "method": "random", "signature": "Model.random([conditions])", "description": "Get a random record. Returns Promise<Model|null>." },
+          { "method": "pluck", "signature": "Model.pluck(field, [conditions])", "description": "Pluck values for a single column. Returns Promise<Array>." }
+        ],
+        "options": [
+          { "option": "table", "type": "string", "default": "—", "notes": "Database table name (required)." },
+          { "option": "schema", "type": "object", "default": "—", "notes": "Column definitions with type, required, default, unique, primaryKey, autoIncrement, enum, min, max, minLength, maxLength, match, guarded." },
+          { "option": "timestamps", "type": "boolean", "default": "false", "notes": "Auto-manage createdAt and updatedAt columns." },
+          { "option": "softDelete", "type": "boolean", "default": "false", "notes": "Mark records as deleted (deletedAt) instead of removing them. Use .restore() to undelete." },
+          { "option": "hooks", "type": "object", "default": "{}", "notes": "Lifecycle hooks: beforeCreate, afterCreate, beforeUpdate, afterUpdate, beforeDelete, afterDelete." },
+          { "option": "hidden", "type": "string[]", "default": "[]", "notes": "Fields excluded from toJSON() output. Use for passwords, tokens, internal IDs." },
+          { "option": "scopes", "type": "object", "default": "{}", "notes": "Named reusable query conditions. Each scope is a function: (query, ...args) => query.where(...)." }
+        ],
+        "example": "const { Model, TYPES } = require('zero-http')\n\nclass User extends Model {\n\tstatic table = 'users'\n\tstatic timestamps = true\n\tstatic softDelete = true\n\tstatic hidden = ['password', 'resetToken']\n\tstatic scopes = {\n\t\tactive: (q) => q.where('active', true),\n\t\trole: (q, role) => q.where('role', role),\n\t\trecent: (q) => q.orderBy('createdAt', 'desc').limit(10)\n\t}\n\tstatic schema = {\n\t\tid:       { type: TYPES.INTEGER, primaryKey: true, autoIncrement: true },\n\t\tname:     { type: TYPES.STRING, required: true, minLength: 2 },\n\t\temail:    { type: TYPES.STRING, required: true, unique: true },\n\t\tpassword: { type: TYPES.STRING, guarded: true },\n\t\trole:     { type: TYPES.STRING, enum: ['user', 'admin'], default: 'user' },\n\t\tlogins:   { type: TYPES.INTEGER, default: 0 },\n\t\tactive:   { type: TYPES.BOOLEAN, default: true }\n\t}\n\tstatic hooks = {\n\t\tbeforeCreate: (data) => { data.email = data.email.toLowerCase() }\n\t}\n}\n\n// Static shortcuts — no query builder needed\nconst first = await User.first({ role: 'admin' })  // first admin\nconst last  = await User.last()                     // last user by PK\nconst all   = await User.all({ active: true })      // alias for find()\nconst pick  = await User.random()                   // random user\nconst names = await User.pluck('name')              // ['Alice','Bob',...]\n\n// Pagination with rich metadata\nconst page = await User.paginate(2, 10, { active: true })\n// { data: [...], total: 42, page: 2, perPage: 10, pages: 5, hasNext: true, hasPrev: true }\n\n// Batch processing — never loads all records at once\nawait User.chunk(100, async (batch, i) => {\n\tconsole.log(`Processing batch ${i}: ${batch.length} users`)\n})\n\n// Scoped queries\nconst activeAdmins = await User.scope('active')\nconst recentAdmins = await User.scope('role', 'admin')\n\n// Upsert — insert or update\nconst { instance, created } = await User.upsert(\n\t{ email: 'alice@example.com' },\n\t{ name: 'Alice', role: 'admin' }\n)\n\n// Increment/decrement\nconst user = await User.findById(1)\nawait user.increment('logins')      // logins + 1\nawait user.decrement('logins', 5)   // logins - 5\n\n// toJSON respects hidden — no password leak\nconsole.log(user.toJSON())",
+        "tips": [
+          "Model.first/last/all/random/pluck are shortcuts — they build queries internally so you don't have to.",
+          "Model.paginate() returns metadata (total, pages, hasNext, hasPrev) — perfect for REST API pagination endpoints.",
+          "Model.chunk() processes large tables in batches — avoids loading millions of records into memory at once.",
+          "static hidden = ['password'] prevents accidental password leaks in API responses.",
+          "Scopes are the most powerful feature for DRY queries — define once, reuse everywhere.",
+          "upsert() is atomic find-or-create-or-update — avoids race conditions in concurrent environments.",
+          "increment/decrement save immediately — no need to call instance.save() after.",
+          "guarded: true on a schema field prevents it from being set via mass-assignment (create/update with object).",
+          "Hooks are great for data normalization (lowercase emails) and audit logging.",
+          "belongsToMany requires a junction table name and the foreign keys for both sides."
+        ]
+      },
+      {
+        "name": "Query",
+        "description": "Fluent query builder returned by Model.query(). All filter/sort/limit methods are chainable. Execute with .exec(), .first(), .count(), .exists(), .pluck(), or aggregates (sum/avg/min/max). Also thenable — you can await the query directly without calling .exec().",
+        "methods": [
+          { "method": "select", "signature": "select(...fields)", "description": "Select specific columns. Chainable." },
+          { "method": "distinct", "signature": "distinct()", "description": "Return unique rows only. Chainable." },
+          { "method": "where", "signature": "where(field, [op], value)", "description": "Add a WHERE condition. Supports object form, (field, value), or (field, op, value). Operators: =, !=, >, <, >=, <=, LIKE, IN, NOT IN, BETWEEN, IS NULL, IS NOT NULL." },
+          { "method": "orWhere", "signature": "orWhere(field, [op], value)", "description": "Add an OR WHERE condition. Chainable." },
+          { "method": "whereNull", "signature": "whereNull(field)", "description": "WHERE field IS NULL. Chainable." },
+          { "method": "whereNotNull", "signature": "whereNotNull(field)", "description": "WHERE field IS NOT NULL. Chainable." },
+          { "method": "whereIn", "signature": "whereIn(field, values)", "description": "WHERE field IN (...values). Chainable." },
+          { "method": "whereNotIn", "signature": "whereNotIn(field, values)", "description": "WHERE field NOT IN (...values). Chainable." },
+          { "method": "whereBetween", "signature": "whereBetween(field, low, high)", "description": "WHERE field BETWEEN low AND high. Chainable." },
+          { "method": "whereNotBetween", "signature": "whereNotBetween(field, low, high)", "description": "WHERE field NOT BETWEEN low AND high. Chainable." },
+          { "method": "whereLike", "signature": "whereLike(field, pattern)", "description": "WHERE field LIKE pattern (% and _ wildcards). Chainable." },
+          { "method": "orderBy", "signature": "orderBy(field, [dir])", "description": "Sort results. dir: 'asc' (default) or 'desc'. Chainable." },
+          { "method": "limit", "signature": "limit(n)", "description": "Maximum number of results. Chainable." },
+          { "method": "offset", "signature": "offset(n)", "description": "Skip n records. Chainable." },
+          { "method": "page", "signature": "page(pageNum, [perPage])", "description": "Pagination helper. 1-indexed. perPage defaults to 20. Chainable." },
+          { "method": "groupBy", "signature": "groupBy(...fields)", "description": "Group results by columns. Chainable." },
+          { "method": "having", "signature": "having(field, [op], value)", "description": "Add a HAVING condition (use with groupBy). Chainable." },
+          { "method": "join", "signature": "join(table, localKey, foreignKey)", "description": "INNER JOIN. Chainable." },
+          { "method": "leftJoin", "signature": "leftJoin(table, localKey, foreignKey)", "description": "LEFT JOIN. Chainable." },
+          { "method": "rightJoin", "signature": "rightJoin(table, localKey, foreignKey)", "description": "RIGHT JOIN. Chainable." },
+          { "method": "withDeleted", "signature": "withDeleted()", "description": "Include soft-deleted records in results. Chainable." },
+          { "method": "scope", "signature": "scope(name, [...args])", "description": "Apply a named scope from the model's static scopes. Chainable." },
+          { "method": "exec", "signature": "exec()", "description": "Execute the query. Returns Promise<Model[]>." },
+          { "method": "first", "signature": "first()", "description": "Execute and return the first result. Returns Promise<Model|null>." },
+          { "method": "count", "signature": "count()", "description": "Execute and return the count. Returns Promise<number>." },
+          { "method": "exists", "signature": "exists()", "description": "Returns Promise<boolean> — true if any matching records exist." },
+          { "method": "pluck", "signature": "pluck(field)", "description": "Returns Promise<Array> of values for a single column." },
+          { "method": "sum", "signature": "sum(field)", "description": "Returns Promise<number> — sum of a numeric column." },
+          { "method": "avg", "signature": "avg(field)", "description": "Returns Promise<number> — average of a numeric column." },
+          { "method": "min", "signature": "min(field)", "description": "Returns Promise<*> — minimum value of a column." },
+          { "method": "max", "signature": "max(field)", "description": "Returns Promise<*> — maximum value of a column." },
+          { "method": "take", "signature": "take(n)", "description": "Alias for limit() — LINQ naming. Chainable." },
+          { "method": "skip", "signature": "skip(n)", "description": "Alias for offset() — LINQ naming. Chainable." },
+          { "method": "toArray", "signature": "toArray()", "description": "Alias for exec() — returns Promise<Model[]>." },
+          { "method": "orderByDesc", "signature": "orderByDesc(field)", "description": "Shorthand for orderBy(field, 'desc'). Chainable." },
+          { "method": "last", "signature": "last()", "description": "Execute and return the last result. Returns Promise<Model|null>." },
+          { "method": "when", "signature": "when(condition, fn)", "description": "Conditionally apply query logic if condition is truthy. Chainable." },
+          { "method": "unless", "signature": "unless(condition, fn)", "description": "Conditionally apply query logic if condition is falsy. Chainable." },
+          { "method": "tap", "signature": "tap(fn)", "description": "Inspect the query for debugging without breaking the chain. Chainable." },
+          { "method": "chunk", "signature": "chunk(size, fn)", "description": "Process results in batches. Calls fn(batch, batchIndex) for each chunk." },
+          { "method": "each", "signature": "each(fn)", "description": "Execute and iterate each result. fn(item, index) — supports async." },
+          { "method": "map", "signature": "map(fn)", "description": "Execute, transform each result. Returns Promise<Array>." },
+          { "method": "filter", "signature": "filter(fn)", "description": "Execute, post-filter results in JS. Returns Promise<Model[]>." },
+          { "method": "reduce", "signature": "reduce(fn, initial)", "description": "Execute and reduce results to a single value." },
+          { "method": "paginate", "signature": "paginate(page, [perPage])", "description": "Rich pagination: returns { data, total, page, perPage, pages, hasNext, hasPrev }." },
+          { "method": "whereRaw", "signature": "whereRaw(sql, ...params)", "description": "Inject raw SQL WHERE clause (SQL adapters only). Parameterized. Chainable." }
+        ],
+        "example": "// Filtering with negation\nconst results = await User.query()\n\t.whereNotIn('role', ['banned', 'suspended'])\n\t.whereNotBetween('age', 0, 12)\n\t.whereLike('email', '%@gmail.com')\n\t.orderBy('name')\n\t.exec()\n\n// Scoped queries (chainable)\nconst activeAdmins = await User.query()\n\t.scope('active')\n\t.scope('role', 'admin')\n\t.orderBy('name')\n\t.exec()\n\n// Aggregates\nconst avgAge = await User.query().avg('age')\nconst revenue = await Order.query().where('status', 'paid').sum('total')\nconst maxPrice = await Product.query().max('price')\nconst count = await User.query().where('role', 'admin').count()\n\n// LINQ-style aliases\nconst top5 = await User.query().orderByDesc('score').take(5)\nconst page3 = await User.query().skip(40).take(20)\nconst oldest = await User.query().orderBy('age').last()\n\n// Conditional query building (perfect for API endpoints)\nconst users = await User.query()\n\t.when(req.query.role, q => q.where('role', req.query.role))\n\t.when(req.query.minAge, q => q.where('age', '>=', req.query.minAge))\n\t.unless(req.query.showAll, q => q.limit(50))\n\t.tap(q => console.log('Query:', q.build()))\n\n// Rich pagination with metadata\nconst result = await User.query()\n\t.where('active', true)\n\t.paginate(2, 10)\n// { data: [...], total: 53, page: 2, perPage: 10,\n//   pages: 6, hasNext: true, hasPrev: true }\n\n// Batch processing for large datasets\nawait User.query().chunk(100, async (batch, i) => {\n\tconsole.log(`Batch ${i}: ${batch.length} users`)\n\tfor (const u of batch) await u.update({ migrated: true })\n})\n\n// Functional transforms\nconst names = await User.query().map(u => u.name)\nconst admins = await User.query().filter(u => u.role === 'admin')\nconst totalAge = await User.query().reduce((sum, u) => sum + u.age, 0)",
+        "tips": [
+          "Queries are thenable — 'await User.query().where(...)' works without calling .exec().",
+          "take() and skip() are LINQ aliases for limit() and offset() — use whichever feels natural.",
+          "when() is a game-changer for API endpoints — conditionally apply filters based on request params.",
+          "tap() is perfect for debugging — inspect the query state without breaking the chain.",
+          "paginate() returns everything you need for pagination UI: total, pages, hasNext, hasPrev.",
+          "chunk() processes large datasets in batches — no memory explosion on million-row tables.",
+          "map/filter/reduce work like Array methods but on query results — great for transformations.",
+          "last() reverses the first orderBy direction — or defaults to PK DESC if no order is set.",
+          "whereRaw() lets power users inject raw SQL — always parameterized for safety.",
+          "Scopes chain: .scope('active').scope('role', 'admin') applies both conditions."
+        ]
+      },
+      {
+        "name": "TYPES",
+        "description": "Column type constants for defining model schemas. Each type maps to the appropriate native type in the target database adapter.",
+        "options": [
+          { "option": "STRING", "type": "const", "default": "'string'", "notes": "Variable-length string (VARCHAR)." },
+          { "option": "INTEGER", "type": "const", "default": "'integer'", "notes": "Whole number (INT)." },
+          { "option": "FLOAT", "type": "const", "default": "'float'", "notes": "Floating-point number (REAL/DOUBLE)." },
+          { "option": "BOOLEAN", "type": "const", "default": "'boolean'", "notes": "True/false (BOOLEAN/TINYINT)." },
+          { "option": "DATE", "type": "const", "default": "'date'", "notes": "Date without time." },
+          { "option": "DATETIME", "type": "const", "default": "'datetime'", "notes": "Date with time (TIMESTAMP)." },
+          { "option": "JSON", "type": "const", "default": "'json'", "notes": "JSON column (auto-serialize/deserialize)." },
+          { "option": "TEXT", "type": "const", "default": "'text'", "notes": "Large text field (TEXT/CLOB)." },
+          { "option": "BLOB", "type": "const", "default": "'blob'", "notes": "Binary data (BLOB/BYTEA)." },
+          { "option": "UUID", "type": "const", "default": "'uuid'", "notes": "UUID string. Can auto-generate with default: () => crypto.randomUUID()." }
+        ],
+        "example": "const { TYPES } = require('zero-http')\n\nstatic schema = {\n\tid:        { type: TYPES.INTEGER, primaryKey: true, autoIncrement: true },\n\tuuid:      { type: TYPES.UUID, default: () => crypto.randomUUID() },\n\tname:      { type: TYPES.STRING, required: true, minLength: 2, maxLength: 100 },\n\tbio:       { type: TYPES.TEXT },\n\tage:       { type: TYPES.INTEGER, min: 0, max: 150 },\n\tscore:     { type: TYPES.FLOAT, default: 0.0 },\n\tactive:    { type: TYPES.BOOLEAN, default: true },\n\tbirthday:  { type: TYPES.DATE },\n\tloginAt:   { type: TYPES.DATETIME },\n\tsettings:  { type: TYPES.JSON, default: {} },\n\tavatar:    { type: TYPES.BLOB }\n}"
+      }
+    ]
+  },
+  {
+    "section": "Real-Time",
+    "icon": "zap",
+    "items": [
+      {
+        "name": "WebSocket",
+        "description": "Built-in RFC 6455 WebSocket server. Register handlers with app.ws(path, handler). Each connection receives a WebSocketConnection instance with send/receive, ping/pong, binary support, and event emitter methods. Configure max payload size, ping intervals, and client verification.",
+        "methods": [
+          { "method": "send", "signature": "ws.send(data)", "description": "Send a text or binary message." },
+          { "method": "sendJSON", "signature": "ws.sendJSON(obj)", "description": "Send a JSON-serialized message." },
+          { "method": "ping", "signature": "ws.ping([data])", "description": "Send a ping frame." },
+          { "method": "pong", "signature": "ws.pong([data])", "description": "Send a pong frame." },
+          { "method": "close", "signature": "ws.close([code], [reason])", "description": "Graceful close with optional status code and reason." },
+          { "method": "terminate", "signature": "ws.terminate()", "description": "Forcefully close the connection." },
+          { "method": "on", "signature": "ws.on(event, handler)", "description": "Listen for events: message, close, error, ping, pong, drain." },
+          { "method": "once", "signature": "ws.once(event, handler)", "description": "Listen for an event once." },
+          { "method": "off", "signature": "ws.off(event, handler)", "description": "Remove an event listener." }
+        ],
+        "options": [
+          { "option": "maxPayload", "type": "number", "default": "1048576 (1MB)", "notes": "Maximum incoming message size in bytes." },
+          { "option": "pingInterval", "type": "number", "default": "30000", "notes": "Automatic ping interval in ms (0 to disable)." },
+          { "option": "verifyClient", "type": "function", "default": "—", "notes": "Verification function: (req) => boolean. Return false to reject." }
+        ],
+        "example": "const { createApp } = require('zero-http')\nconst app = createApp()\n\nconst clients = new Set()\n\napp.ws('/chat', {\n\tmaxPayload: 64 * 1024,\n\tpingInterval: 20000\n}, (ws, req) => {\n\tws.data.name = req.query.name || 'anon'\n\tclients.add(ws)\n\tws.send('Welcome, ' + ws.data.name + '!')\n\n\tws.on('message', msg => {\n\t\tfor (const c of clients) {\n\t\t\tif (c !== ws && c.readyState === 1)\n\t\t\t\tc.send(ws.data.name + ': ' + msg)\n\t\t}\n\t})\n\n\tws.on('close', () => clients.delete(ws))\n})\n\napp.listen(3000)",
+        "tips": [
+          "ws.data is a plain object for storing per-connection user data (name, auth, etc.).",
+          "Check ws.readyState === 1 (OPEN) before sending to avoid errors.",
+          "Use verifyClient to enforce authentication before accepting the upgrade.",
+          "Properties: id, readyState, protocol, extensions, headers, ip, query, url, secure, connectedAt, uptime, bufferedAmount."
+        ]
+      },
+      {
+        "name": "WebSocketPool",
+        "description": "Connection and room manager for WebSocket apps. Automatically tracks connections, manages room membership, supports broadcast/targeted messaging, and cleans up on disconnect.",
+        "methods": [
+          { "method": "add", "signature": "pool.add(ws)", "description": "Add a connection to the pool. Auto-removed on close." },
+          { "method": "remove", "signature": "pool.remove(ws)", "description": "Remove a connection from the pool and all rooms." },
+          { "method": "join", "signature": "pool.join(ws, room)", "description": "Join a connection to a named room." },
+          { "method": "leave", "signature": "pool.leave(ws, room)", "description": "Leave a room." },
+          { "method": "broadcast", "signature": "pool.broadcast(msg, [exclude])", "description": "Send to all connections." },
+          { "method": "broadcastJSON", "signature": "pool.broadcastJSON(obj, [exclude])", "description": "Send JSON to all connections." },
+          { "method": "toRoom", "signature": "pool.toRoom(room, msg, [exclude])", "description": "Send to all in a room." },
+          { "method": "toRoomJSON", "signature": "pool.toRoomJSON(room, obj, [exclude])", "description": "Send JSON to all in a room." },
+          { "method": "in", "signature": "pool.in(room)", "description": "Get all connections in a room." },
+          { "method": "roomsOf", "signature": "pool.roomsOf(ws)", "description": "Get all rooms a connection is in." },
+          { "method": "closeAll", "signature": "pool.closeAll()", "description": "Close all connections." },
+          { "method": "size", "signature": "pool.size", "description": "Total connection count." },
+          { "method": "clients", "signature": "pool.clients", "description": "All connections as an iterable." },
+          { "method": "rooms", "signature": "pool.rooms", "description": "Array of all room names." },
+          { "method": "roomSize", "signature": "pool.roomSize(room)", "description": "Number of connections in a room." }
+        ],
+        "example": "const { createApp, WebSocketPool } = require('zero-http')\nconst app = createApp()\nconst pool = new WebSocketPool()\n\napp.ws('/chat', (ws, req) => {\n\tconst room = req.query.room || 'general'\n\tpool.add(ws)         // auto-removed on close\n\tpool.join(ws, room)\n\n\tws.data.name = req.query.name || 'anon'\n\tpool.toRoomJSON(room, { type: 'join', user: ws.data.name }, ws)\n\n\tws.on('message', msg => {\n\t\tpool.toRoom(room, ws.data.name + ': ' + msg, ws)\n\t})\n\n\tws.on('close', () => {\n\t\tpool.toRoomJSON(room, { type: 'leave', user: ws.data.name })\n\t})\n})\n\napp.get('/pool/status', (req, res) => res.json({\n\tconnections: pool.size,\n\trooms: pool.rooms,\n\troomSizes: pool.rooms.reduce((o, r) => (o[r] = pool.roomSize(r), o), {})\n}))"
+      },
+      {
+        "name": "SSE (Server-Sent Events)",
+        "description": "Push real-time events to browser clients via res.sse(). Returns an SSEStream instance with auto-IDs, named events, keep-alive pings, and graceful disconnect handling. The browser connects with new EventSource(url).",
+        "methods": [
+          { "method": "send", "signature": "sse.send(data)", "description": "Send a data-only event." },
+          { "method": "sendJSON", "signature": "sse.sendJSON(obj)", "description": "Send a JSON-serialized event." },
+          { "method": "event", "signature": "sse.event(name, data)", "description": "Send a named event. Browser listens with es.addEventListener(name, ...)." },
+          { "method": "comment", "signature": "sse.comment(text)", "description": "Send a comment line (not received by EventSource)." },
+          { "method": "retry", "signature": "sse.retry(ms)", "description": "Set the reconnection interval for the client." },
+          { "method": "keepAlive", "signature": "sse.keepAlive(ms)", "description": "Start sending periodic comment pings." },
+          { "method": "flush", "signature": "sse.flush()", "description": "Flush the response stream." },
+          { "method": "close", "signature": "sse.close()", "description": "Close the SSE stream." },
+          { "method": "on", "signature": "sse.on(event, handler)", "description": "Listen for events: close, error." }
+        ],
+        "options": [
+          { "option": "status", "type": "number", "default": "200", "notes": "HTTP status code." },
+          { "option": "retry", "type": "number", "default": "—", "notes": "Initial reconnection interval in ms." },
+          { "option": "keepAlive", "type": "number", "default": "0", "notes": "Keep-alive ping interval in ms (0 = disabled)." },
+          { "option": "keepAliveComment", "type": "string", "default": "'ping'", "notes": "Comment text for keep-alive pings." },
+          { "option": "autoId", "type": "boolean", "default": "false", "notes": "Auto-generate incrementing event IDs." },
+          { "option": "startId", "type": "number", "default": "1", "notes": "Starting ID for autoId." },
+          { "option": "pad", "type": "number", "default": "0", "notes": "Pad the response with whitespace for proxy compatibility." },
+          { "option": "headers", "type": "object", "default": "{}", "notes": "Extra response headers." }
+        ],
+        "example": "const { createApp } = require('zero-http')\nconst app = createApp()\n\napp.get('/events', (req, res) => {\n\tconst sse = res.sse({\n\t\tretry: 5000,\n\t\tautoId: true,\n\t\tkeepAlive: 30000\n\t})\n\n\tsse.send('connected')\n\n\tconst iv = setInterval(() => {\n\t\tsse.event('tick', { time: Date.now() })\n\t}, 1000)\n\n\tsse.on('close', () => {\n\t\tclearInterval(iv)\n\t\tconsole.log('client disconnected')\n\t})\n})\n\n// Browser:\n// const es = new EventSource('/events')\n// es.addEventListener('tick', e => console.log(JSON.parse(e.data)))",
+        "tips": [
+          "SSE is automatically excluded from response compression.",
+          "Use keepAlive to prevent proxy/load-balancer timeouts on idle connections.",
+          "Properties: connected, eventCount, bytesSent, connectedAt, uptime, lastEventId, data (user store)."
+        ]
+      }
+    ]
+  },
+  {
+    "section": "Networking",
+    "icon": "globe",
+    "items": [
+      {
+        "name": "fetch",
+        "description": "Built-in HTTP/HTTPS client for server-side requests. Returns a Response-like object with ok, status, json(), text(), arrayBuffer(). Supports timeouts, abort signals, upload/download progress tracking, automatic JSON body serialization, and custom TLS options for HTTPS URLs.",
+        "methods": [
+          { "method": "ok", "signature": "res.ok", "description": "true if status is 200-299." },
+          { "method": "status", "signature": "res.status", "description": "HTTP status code." },
+          { "method": "statusText", "signature": "res.statusText", "description": "HTTP status text." },
+          { "method": "secure", "signature": "res.secure", "description": "true if the request was over HTTPS." },
+          { "method": "url", "signature": "res.url", "description": "Final URL after redirects." },
+          { "method": "headers.get", "signature": "res.headers.get(name)", "description": "Get a response header value." },
+          { "method": "text", "signature": "res.text()", "description": "Read body as text. Returns Promise<string>." },
+          { "method": "json", "signature": "res.json()", "description": "Read body as parsed JSON. Returns Promise<any>." },
+          { "method": "arrayBuffer", "signature": "res.arrayBuffer()", "description": "Read body as ArrayBuffer. Returns Promise<ArrayBuffer>." }
+        ],
+        "options": [
+          { "option": "method", "type": "string", "default": "'GET'", "notes": "HTTP method." },
+          { "option": "headers", "type": "object", "default": "{}", "notes": "Request headers." },
+          { "option": "body", "type": "string | Buffer | object", "default": "—", "notes": "Request body. Objects are auto-serialized to JSON." },
+          { "option": "timeout", "type": "number", "default": "—", "notes": "Request timeout in milliseconds." },
+          { "option": "signal", "type": "AbortSignal", "default": "—", "notes": "AbortController signal for cancellation." },
+          { "option": "onDownloadProgress", "type": "function", "default": "—", "notes": "Progress callback: ({ loaded, total }) => {}." },
+          { "option": "onUploadProgress", "type": "function", "default": "—", "notes": "Upload progress callback." },
+          { "option": "rejectUnauthorized", "type": "boolean", "default": "true", "notes": "TLS: reject self-signed certs." },
+          { "option": "ca", "type": "string | Buffer", "default": "—", "notes": "TLS: custom CA certificate." },
+          { "option": "cert", "type": "string | Buffer", "default": "—", "notes": "TLS: client certificate." },
+          { "option": "key", "type": "string | Buffer", "default": "—", "notes": "TLS: client private key." }
+        ],
+        "example": "const { fetch } = require('zero-http')\n\nasync function download(url) {\n\tconst controller = new AbortController()\n\tsetTimeout(() => controller.abort(), 10000)\n\n\tconst res = await fetch(url, {\n\t\ttimeout: 5000,\n\t\tsignal: controller.signal,\n\t\trejectUnauthorized: false,  // accept self-signed certs\n\t\tonDownloadProgress: ({ loaded, total }) =>\n\t\t\tconsole.log(`${loaded}/${total || '?'} bytes`)\n\t})\n\n\tconsole.log(res.ok, res.status, res.secure, res.url)\n\tconst data = await res.json()\n\treturn data\n}\n\ndownload('https://jsonplaceholder.typicode.com/todos/1')\n\t.then(console.log)",
+        "tips": [
+          "Object bodies are auto-serialized to JSON and Content-Type is set automatically.",
+          "Use rejectUnauthorized: false only for development — never in production.",
+          "Timeout and AbortSignal can be used together — whichever fires first cancels the request."
+        ]
+      },
+      {
+        "name": "Error Classes",
+        "description": "Built-in HTTP error classes with status codes, machine-readable codes, and optional details. Every error extends HttpError which carries statusCode, code, and details. Throw them in route handlers — the router catches and sends the correct HTTP response automatically.",
+        "methods": [
+          { "method": "HttpError", "signature": "new HttpError(statusCode, [message], [opts])", "description": "Base class. opts: { code, details }." },
+          { "method": "BadRequestError", "signature": "new BadRequestError([message], [opts])", "description": "400 Bad Request." },
+          { "method": "UnauthorizedError", "signature": "new UnauthorizedError([message], [opts])", "description": "401 Unauthorized." },
+          { "method": "ForbiddenError", "signature": "new ForbiddenError([message], [opts])", "description": "403 Forbidden." },
+          { "method": "NotFoundError", "signature": "new NotFoundError([message], [opts])", "description": "404 Not Found." },
+          { "method": "MethodNotAllowedError", "signature": "new MethodNotAllowedError([message], [opts])", "description": "405 Method Not Allowed." },
+          { "method": "ConflictError", "signature": "new ConflictError([message], [opts])", "description": "409 Conflict." },
+          { "method": "GoneError", "signature": "new GoneError([message], [opts])", "description": "410 Gone." },
+          { "method": "PayloadTooLargeError", "signature": "new PayloadTooLargeError([message], [opts])", "description": "413 Payload Too Large." },
+          { "method": "UnprocessableEntityError", "signature": "new UnprocessableEntityError([message], [opts])", "description": "422 Unprocessable Entity." },
+          { "method": "ValidationError", "signature": "new ValidationError([message], [errors], [opts])", "description": "422 with field-level errors. errors: object or array stored in .errors and .details." },
+          { "method": "TooManyRequestsError", "signature": "new TooManyRequestsError([message], [opts])", "description": "429 Too Many Requests." },
+          { "method": "InternalError", "signature": "new InternalError([message], [opts])", "description": "500 Internal Server Error." },
+          { "method": "NotImplementedError", "signature": "new NotImplementedError([message], [opts])", "description": "501 Not Implemented." },
+          { "method": "BadGatewayError", "signature": "new BadGatewayError([message], [opts])", "description": "502 Bad Gateway." },
+          { "method": "ServiceUnavailableError", "signature": "new ServiceUnavailableError([message], [opts])", "description": "503 Service Unavailable." },
+          { "method": "createError", "signature": "createError(statusCode, [message], [opts])", "description": "Factory — creates the correct error class for any status code." },
+          { "method": "isHttpError", "signature": "isHttpError(err)", "description": "Returns true if err is an HttpError or has a statusCode. Type guard." },
+          { "method": "toJSON", "signature": "err.toJSON()", "description": "Serialize: { error, code, statusCode, details? }." }
+        ],
+        "example": "const { NotFoundError, ValidationError, createError, isHttpError } = require('zero-http')\n\n// Throw in route handlers — automatically caught!\napp.get('/users/:id', async (req, res) => {\n\tconst user = await User.findById(req.params.id)\n\tif (!user) throw new NotFoundError('User not found')\n\tres.json(user)\n})\n\n// Validation with field-level errors\napp.post('/users', async (req, res) => {\n\tconst errors = {}\n\tif (!req.body.email) errors.email = 'required'\n\tif (!req.body.name) errors.name = 'required'\n\tif (Object.keys(errors).length > 0) {\n\t\tthrow new ValidationError('Invalid input', errors)\n\t\t// Response: { error: 'Invalid input', code: 'VALIDATION_FAILED',\n\t\t//   statusCode: 422, details: { email: 'required', name: 'required' } }\n\t}\n\tres.json(await User.create(req.body))\n})\n\n// Factory — create by status code\nthrow createError(409, 'Duplicate entry', { details: { id: 42 } })\n\n// Custom error code\nthrow new HttpError(503, 'Database offline', { code: 'DB_DOWN' })\n\n// Type checking in error handlers\napp.onError((err, req, res, next) => {\n\tif (isHttpError(err)) {\n\t\tres.status(err.statusCode).json(err.toJSON())\n\t} else {\n\t\tres.status(500).json({ error: 'Unexpected error' })\n\t}\n})",
+        "tips": [
+          "Just throw — the router wraps all handlers in try/catch and catches async rejections too.",
+          "Every error auto-generates a code from the status text: 404 → NOT_FOUND, 422 → UNPROCESSABLE_ENTITY.",
+          "ValidationError.errors stores field-level details — perfect for form validation feedback.",
+          "createError(statusCode) returns the correct typed class: createError(404) returns NotFoundError.",
+          "Use opts.details to attach any structured data (IDs, field names, debug info) to the error.",
+          "isHttpError() works as a TypeScript type guard — narrows the type to HttpError."
+        ]
+      },
+      {
+        "name": "errorHandler",
+        "description": "Configurable error-handling middleware. Formats error responses based on environment (dev vs production), includes stack traces in dev, hides internal details in production, and supports custom formatters and logging. Use with app.onError().",
+        "methods": [],
+        "options": [
+          { "option": "stack", "type": "boolean", "default": "true (non-production)", "notes": "Include stack traces in responses. Auto-detected from NODE_ENV." },
+          { "option": "log", "type": "boolean", "default": "true", "notes": "Log errors to console." },
+          { "option": "logger", "type": "function", "default": "console.error", "notes": "Custom log function." },
+          { "option": "formatter", "type": "function", "default": "—", "notes": "Custom response formatter: (err, req, isDev) => responseBody." },
+          { "option": "onError", "type": "function", "default": "—", "notes": "Callback on every error: (err, req, res) => void." }
+        ],
+        "example": "const { createApp, errorHandler } = require('zero-http')\nconst app = createApp()\n\n// Basic — dev mode with stack traces\napp.onError(errorHandler())\n\n// Production — hide internals\napp.onError(errorHandler({ stack: false }))\n\n// Custom formatter\napp.onError(errorHandler({\n\tformatter: (err, req, isDev) => ({\n\t\tsuccess: false,\n\t\tmessage: err.message,\n\t\t...(isDev && { stack: err.stack })\n\t})\n}))\n\n// Error monitoring callback\napp.onError(errorHandler({\n\tonError: (err, req) => {\n\t\t// Send to Sentry, DataDog, etc.\n\t\terrorTracker.capture(err, { url: req.url, method: req.method })\n\t}\n}))",
+        "tips": [
+          "In production (NODE_ENV=production), 5xx errors show 'Internal Server Error' instead of the real message.",
+          "4xx errors always show the real message — they're client errors, not secrets.",
+          "The formatter option gives you full control over the response shape for your API style.",
+          "onError is perfect for error monitoring (Sentry, DataDog) without changing response format.",
+          "Headers-already-sent errors are silently skipped — no double-response crashes."
+        ]
+      },
+      {
+        "name": "debug",
+        "description": "Lightweight namespaced debug logger with levels, colors, and timestamps. Enable via DEBUG env var or programmatically. Each namespace gets a unique color. Supports text and structured JSON output.",
+        "methods": [
+          { "method": "debug(namespace)", "signature": "debug('app:routes')", "description": "Create a namespaced logger. Returns a function with level methods." },
+          { "method": "log()", "signature": "log(...args)", "description": "Log at debug level (default call). Supports %s, %d, %j format specifiers." },
+          { "method": "log.trace()", "signature": "log.trace(...args)", "description": "Log at trace level (most verbose)." },
+          { "method": "log.info()", "signature": "log.info(...args)", "description": "Log at info level." },
+          { "method": "log.warn()", "signature": "log.warn(...args)", "description": "Log at warn level." },
+          { "method": "log.error()", "signature": "log.error(...args)", "description": "Log at error level." },
+          { "method": "log.fatal()", "signature": "log.fatal(...args)", "description": "Log at fatal level (most severe)." },
+          { "method": "debug.level()", "signature": "debug.level('info')", "description": "Set minimum log level globally. Levels: trace, debug, info, warn, error, fatal, silent." },
+          { "method": "debug.enable()", "signature": "debug.enable('app:*')", "description": "Enable namespaces by pattern. Same syntax as DEBUG env var." },
+          { "method": "debug.disable()", "signature": "debug.disable()", "description": "Disable all debug output." },
+          { "method": "debug.json()", "signature": "debug.json(true)", "description": "Enable structured JSON output (for log aggregators)." },
+          { "method": "debug.timestamps()", "signature": "debug.timestamps(false)", "description": "Toggle timestamps." },
+          { "method": "debug.colors()", "signature": "debug.colors(false)", "description": "Toggle ANSI colors." },
+          { "method": "debug.output()", "signature": "debug.output(stream)", "description": "Set custom output stream (default: stderr)." },
+          { "method": "debug.reset()", "signature": "debug.reset()", "description": "Reset all settings to defaults." }
+        ],
+        "options": [
+          { "option": "DEBUG", "type": "env var", "default": "—", "notes": "Comma-separated namespace patterns. Supports * glob and -prefix to exclude." },
+          { "option": "DEBUG_LEVEL", "type": "env var", "default": "debug", "notes": "Minimum log level: trace, debug, info, warn, error, fatal, silent." }
+        ],
+        "example": "const { debug } = require('zero-http')\n\nconst log = debug('app:routes')\nconst dbLog = debug('db:queries')\n\n// Log at different levels\nlog.info('server started on port %d', 3000)\nlog.warn('deprecated endpoint hit: %s', req.url)\nlog.error('request failed', err)\nlog.trace('entering handler for %s %s', req.method, req.url)\n\n// Conditional logging\nif (log.enabled) {\n\tlog('expensive debug data: %j', buildDebugPayload())\n}\n\n// JSON mode for production log aggregators\ndebug.json(true)\ndebug.level('info')\n// Output: {\"timestamp\":\"...\",\"level\":\"INFO\",\"namespace\":\"app:routes\",\"message\":\"server started on port 3000\"}\n\n// Enable specific namespaces\ndebug.enable('app:*,db:*')     // only app and db\ndebug.enable('*,-db:queries')  // everything except db:queries\n\n// Environment variables\n// DEBUG=app:* node server.js\n// DEBUG_LEVEL=warn node server.js",
+        "tips": [
+          "Set DEBUG=* to see all debug output, or DEBUG=app:* to filter by namespace.",
+          "Use debug.json(true) in production for structured JSON logs — pipe to ELK, Datadog, etc.",
+          "Format specifiers: %s (string), %d (number), %j (JSON), %o (object).",
+          "Each namespace gets a unique color — makes it easy to scan logs visually.",
+          "debug.level('warn') filters out trace/debug/info — only show warnings and above.",
+          "log.enabled is a boolean — use it to skip expensive debug payload construction."
+        ]
+      }
+    ]
+  }
+]