Interface ModuleSpec<R, O>

Parameterised manifest type. The R / O generics are inferred at the call site of defineModule(...) and carry the literal key sets declared in requires / optional so providers and contribution factories receive a typed deps object.

Per A2-α §2.1, §3.1.

interface ModuleSpec<
    R extends ComponentKey = never,
    O extends ComponentKey = never,
> {
    configSchema?: ConfigSchema;
    contributes?: ContributesMap<ProviderDeps<R, O>>;
    lifecycle?: {
        accessTokenDenylist?: ComponentLifecycle<"accessTokenDenylist">;
        auditSink?: ComponentLifecycle<"auditSink">;
        challengeCeremony?: ComponentLifecycle<"challengeCeremony">;
        challengeStore?: ComponentLifecycle<"challengeStore">;
        clientRepository?: ComponentLifecycle<"clientRepository">;
        codeRepository?: ComponentLifecycle<"codeRepository">;
        config?: ComponentLifecycle<"config">;
        federationProviders?: ComponentLifecycle<"federationProviders">;
        federationTokenStore?: ComponentLifecycle<"federationTokenStore">;
        grantHandlerResolver?: ComponentLifecycle<"grantHandlerResolver">;
        grantPolicy?: ComponentLifecycle<"grantPolicy">;
        keyStore?: ComponentLifecycle<"keyStore">;
        lifecycleRegistrar?: ComponentLifecycle<"lifecycleRegistrar">;
        logger?: ComponentLifecycle<"logger">;
        pathResolver?: ComponentLifecycle<"pathResolver">;
        rateLimiter?: ComponentLifecycle<"rateLimiter">;
        refreshTokenFamilyRevocation?: ComponentLifecycle<
            "refreshTokenFamilyRevocation",
        >;
        refreshTokenFamilyRotation?: ComponentLifecycle<
            "refreshTokenFamilyRotation",
        >;
        refreshTokenFamilyStore?: ComponentLifecycle<"refreshTokenFamilyStore">;
        replaySeenSet?: ComponentLifecycle<"replaySeenSet">;
        sessionFamilyIndex?: ComponentLifecycle<"sessionFamilyIndex">;
        sessionFederationIndex?: ComponentLifecycle<"sessionFederationIndex">;
        sessionRPRegistry?: ComponentLifecycle<"sessionRPRegistry">;
        tokenExchangeValidatorResolver?: ComponentLifecycle<
            "tokenExchangeValidatorResolver",
        >;
        userRepository?: ComponentLifecycle<"userRepository">;
        userSessionStore?: ComponentLifecycle<"userSessionStore">;
        webauthnCredentialStore?: ComponentLifecycle<"webauthnCredentialStore">;
    };
    name: string;
    optional?: readonly O[];
    overrides?: ContributesMap<ProviderDeps<R, O>>;
    provides?: {
        accessTokenDenylist?: Provider<
            "accessTokenDenylist",
            ProviderDeps<R, O>,
        >;
        auditSink?: Provider<"auditSink", ProviderDeps<R, O>>;
        challengeCeremony?: Provider<"challengeCeremony", ProviderDeps<R, O>>;
        challengeStore?: Provider<"challengeStore", ProviderDeps<R, O>>;
        clientRepository?: Provider<"clientRepository", ProviderDeps<R, O>>;
        codeRepository?: Provider<"codeRepository", ProviderDeps<R, O>>;
        config?: Provider<"config", ProviderDeps<R, O>>;
        federationProviders?: Provider<"federationProviders", ProviderDeps<R, O>>;
        federationTokenStore?: Provider<
            "federationTokenStore",
            ProviderDeps<R, O>,
        >;
        grantHandlerResolver?: Provider<
            "grantHandlerResolver",
            ProviderDeps<R, O>,
        >;
        grantPolicy?: Provider<"grantPolicy", ProviderDeps<R, O>>;
        keyStore?: Provider<"keyStore", ProviderDeps<R, O>>;
        lifecycleRegistrar?: Provider<"lifecycleRegistrar", ProviderDeps<R, O>>;
        logger?: Provider<"logger", ProviderDeps<R, O>>;
        pathResolver?: Provider<"pathResolver", ProviderDeps<R, O>>;
        rateLimiter?: Provider<"rateLimiter", ProviderDeps<R, O>>;
        refreshTokenFamilyRevocation?: Provider<
            "refreshTokenFamilyRevocation",
            ProviderDeps<R, O>,
        >;
        refreshTokenFamilyRotation?: Provider<
            "refreshTokenFamilyRotation",
            ProviderDeps<R, O>,
        >;
        refreshTokenFamilyStore?: Provider<
            "refreshTokenFamilyStore",
            ProviderDeps<R, O>,
        >;
        replaySeenSet?: Provider<"replaySeenSet", ProviderDeps<R, O>>;
        sessionFamilyIndex?: Provider<"sessionFamilyIndex", ProviderDeps<R, O>>;
        sessionFederationIndex?: Provider<
            "sessionFederationIndex",
            ProviderDeps<R, O>,
        >;
        sessionRPRegistry?: Provider<"sessionRPRegistry", ProviderDeps<R, O>>;
        tokenExchangeValidatorResolver?: Provider<
            "tokenExchangeValidatorResolver",
            ProviderDeps<R, O>,
        >;
        userRepository?: Provider<"userRepository", ProviderDeps<R, O>>;
        userSessionStore?: Provider<"userSessionStore", ProviderDeps<R, O>>;
        webauthnCredentialStore?: Provider<
            "webauthnCredentialStore",
            ProviderDeps<R, O>,
        >;
    };
    requires?: readonly R[];
}

Type Parameters

R extends ComponentKey = never
O extends ComponentKey = never

Index

Properties

configSchema? contributes? lifecycle? name optional? overrides? provides? requires?

Properties

`Optional` `Readonly`configSchema

configSchema?: ConfigSchema

Optional Zod schema declaring this module's config slice.

`Optional` `Readonly`contributes

contributes?: ContributesMap<ProviderDeps<R, O>>

Protocol-level features this module adds (grants, routes, federations, etc.). Per A2-α §4.

`Optional` `Readonly`lifecycle

lifecycle?: {
    accessTokenDenylist?: ComponentLifecycle<"accessTokenDenylist">;
    auditSink?: ComponentLifecycle<"auditSink">;
    challengeCeremony?: ComponentLifecycle<"challengeCeremony">;
    challengeStore?: ComponentLifecycle<"challengeStore">;
    clientRepository?: ComponentLifecycle<"clientRepository">;
    codeRepository?: ComponentLifecycle<"codeRepository">;
    config?: ComponentLifecycle<"config">;
    federationProviders?: ComponentLifecycle<"federationProviders">;
    federationTokenStore?: ComponentLifecycle<"federationTokenStore">;
    grantHandlerResolver?: ComponentLifecycle<"grantHandlerResolver">;
    grantPolicy?: ComponentLifecycle<"grantPolicy">;
    keyStore?: ComponentLifecycle<"keyStore">;
    lifecycleRegistrar?: ComponentLifecycle<"lifecycleRegistrar">;
    logger?: ComponentLifecycle<"logger">;
    pathResolver?: ComponentLifecycle<"pathResolver">;
    rateLimiter?: ComponentLifecycle<"rateLimiter">;
    refreshTokenFamilyRevocation?: ComponentLifecycle<
        "refreshTokenFamilyRevocation",
    >;
    refreshTokenFamilyRotation?: ComponentLifecycle<
        "refreshTokenFamilyRotation",
    >;
    refreshTokenFamilyStore?: ComponentLifecycle<"refreshTokenFamilyStore">;
    replaySeenSet?: ComponentLifecycle<"replaySeenSet">;
    sessionFamilyIndex?: ComponentLifecycle<"sessionFamilyIndex">;
    sessionFederationIndex?: ComponentLifecycle<"sessionFederationIndex">;
    sessionRPRegistry?: ComponentLifecycle<"sessionRPRegistry">;
    tokenExchangeValidatorResolver?: ComponentLifecycle<
        "tokenExchangeValidatorResolver",
    >;
    userRepository?: ComponentLifecycle<"userRepository">;
    userSessionStore?: ComponentLifecycle<"userSessionStore">;
    webauthnCredentialStore?: ComponentLifecycle<"webauthnCredentialStore">;
}

Per-component lifecycle hooks. Each key K in this map MUST also appear in provides; the boot planner's validate-manifests stage throws "lifecycle-without-provides" for any orphaned lifecycle entry (Phase 4 §6.1).

The absence of this field is valid — all existing (deps) => value provider forms remain unaffected.

Per A2-β §4.1.

`Readonly`name

name: string

Module identity — unique across all modules in a single createApp call.

`Optional` `Readonly`optional

optional?: readonly O[]

Component keys this module reads opportunistically. Optional keys appear as readonly K?: ComponentMap[K] on the typed deps.

`Optional` `Readonly`overrides

overrides?: ContributesMap<ProviderDeps<R, O>>

Protocol-level features this module REPLACES on an already-registered key. Mirrors contributes shape. Missing target key throws at boot. Per A2-α §5.

`Optional` `Readonly`provides

provides?: {
    accessTokenDenylist?: Provider<
        "accessTokenDenylist",
        ProviderDeps<R, O>,
    >;
    auditSink?: Provider<"auditSink", ProviderDeps<R, O>>;
    challengeCeremony?: Provider<"challengeCeremony", ProviderDeps<R, O>>;
    challengeStore?: Provider<"challengeStore", ProviderDeps<R, O>>;
    clientRepository?: Provider<"clientRepository", ProviderDeps<R, O>>;
    codeRepository?: Provider<"codeRepository", ProviderDeps<R, O>>;
    config?: Provider<"config", ProviderDeps<R, O>>;
    federationProviders?: Provider<"federationProviders", ProviderDeps<R, O>>;
    federationTokenStore?: Provider<"federationTokenStore", ProviderDeps<R, O>>;
    grantHandlerResolver?: Provider<"grantHandlerResolver", ProviderDeps<R, O>>;
    grantPolicy?: Provider<"grantPolicy", ProviderDeps<R, O>>;
    keyStore?: Provider<"keyStore", ProviderDeps<R, O>>;
    lifecycleRegistrar?: Provider<"lifecycleRegistrar", ProviderDeps<R, O>>;
    logger?: Provider<"logger", ProviderDeps<R, O>>;
    pathResolver?: Provider<"pathResolver", ProviderDeps<R, O>>;
    rateLimiter?: Provider<"rateLimiter", ProviderDeps<R, O>>;
    refreshTokenFamilyRevocation?: Provider<
        "refreshTokenFamilyRevocation",
        ProviderDeps<R, O>,
    >;
    refreshTokenFamilyRotation?: Provider<
        "refreshTokenFamilyRotation",
        ProviderDeps<R, O>,
    >;
    refreshTokenFamilyStore?: Provider<
        "refreshTokenFamilyStore",
        ProviderDeps<R, O>,
    >;
    replaySeenSet?: Provider<"replaySeenSet", ProviderDeps<R, O>>;
    sessionFamilyIndex?: Provider<"sessionFamilyIndex", ProviderDeps<R, O>>;
    sessionFederationIndex?: Provider<
        "sessionFederationIndex",
        ProviderDeps<R, O>,
    >;
    sessionRPRegistry?: Provider<"sessionRPRegistry", ProviderDeps<R, O>>;
    tokenExchangeValidatorResolver?: Provider<
        "tokenExchangeValidatorResolver",
        ProviderDeps<R, O>,
    >;
    userRepository?: Provider<"userRepository", ProviderDeps<R, O>>;
    userSessionStore?: Provider<"userSessionStore", ProviderDeps<R, O>>;
    webauthnCredentialStore?: Provider<
        "webauthnCredentialStore",
        ProviderDeps<R, O>,
    >;
}

Component values this module materialises into the DI graph. Each value is (deps) => ComponentMap[K] | Promise<ComponentMap[K]>.

`Optional` `Readonly`requires

requires?: readonly R[]

Component keys this module reads from DI. Required keys appear as readonly K: ComponentMap[K] on the typed deps object passed to every provider in provides and every factory in contributes.

Interface ModuleSpec<R, O>

Type Parameters

Index

Properties

Properties

`Optional` `Readonly`configSchema

`Optional` `Readonly`contributes

`Optional` `Readonly`lifecycle

`Readonly`name

`Optional` `Readonly`optional

`Optional` `Readonly`overrides

`Optional` `Readonly`provides

`Optional` `Readonly`requires

Settings

On This Page

Interface ModuleSpec<R, O>

Type Parameters

Index

Properties

Properties

Optional ReadonlyconfigSchema

Optional Readonlycontributes

Optional Readonlylifecycle

Readonlyname

Optional Readonlyoptional

Optional Readonlyoverrides

Optional Readonlyprovides

Optional Readonlyrequires

Settings

On This Page

`Optional` `Readonly`configSchema

`Optional` `Readonly`contributes

`Optional` `Readonly`lifecycle

`Readonly`name

`Optional` `Readonly`optional

`Optional` `Readonly`overrides

`Optional` `Readonly`provides

`Optional` `Readonly`requires