Skip to content

Feature Overview

TS Server Foundation is an application runtime and toolkit for TypeScript services. It combines its own reflected type metadata, dependency injection, HTTP runtime, database layer, operational services, and development tools behind one package. The detailed guides are the source of truth; this page is the map of what the package provides and how the pieces fit together.

The project is built and maintained primarily for Zyno Consulting's own production systems. We publish it openly in the hope that it is useful to others, while its roadmap and maintenance priorities remain guided by the needs of those systems rather than a promise of general-purpose framework support.

Application Foundation

createApp() assembles a service from explicit configuration, controllers, providers, listeners, modules, and an optional database. It owns application startup, HTTP startup, signal handling, workers, DevConsole, health checks, and orderly shutdown.

AreaIncluded behaviorDetailed guide
Application lifecycleBootstrap and shutdown events, signal handling, idempotent start/stop, and rollback after failed startupDependency Injection
Dependency injectionConstructor injection, value/class/factory providers, singleton/request/transient scopes, modules, and global exportsDependency Injection
ConfigurationReflected config classes, env-file loading, typed coercion, encrypted _SECRET values, and environment snapshotsConfiguration, Environment
Type reflectionRuntime type metadata, annotations, custom validators, custom deserializers, aliases, and compiler boundariesType Reflection, Architecture
CLI and scaffoldingApp creation, TypeScript 7 compiler setup, build/watch/run workflows, tests, migrations, OpenAPI, and proto generationCLI Tools

Use constructor injection inside application code. resolve() and its r() alias are available for app-level code that cannot receive a constructor dependency. Register @AutoConstruct() classes as providers when they must be created during startup.

HTTP And API Contracts

TSF owns its HTTP router and request pipeline. Controllers use decorators for routing and explicit reflected annotations for wire inputs.

AreaIncluded behaviorDetailed guide
HTTP routingControllers, exact methods, path parameters, middleware, CORS, workflows, static files, upgrades, and in-memory requestsHTTP
InputsBody/query/path/header annotations, reflected coercion and validation, custom parameter resolvers, and request-scoped cachingHTTP
Uploads and streamsGuarded multipart files, size/MIME constraints, temporary-file cleanup, compressed bodies, and raw request streamsUploads
Responses and errorsJSON/raw/redirect/empty results, response annotations, normalized HTTP errors, and streaming responsesHTTP
OpenAPISchemas generated from the same reflected metadata used by validation, explicit response status types, runtime routes, and YAML generationOpenAPI
AuthenticationHS256/EdDSA JWTs, entity auth middleware, custom resolvers, Basic auth, password hashing, and reset tokensAuthentication

The HTTP input pipeline deserializes and validates reflected values before controller invocation. Controller outputs use ordinary JSON serialization; OpenAPI response types describe the contract but do not add runtime output validation.

Database And Persistence

The database layer is a thin active-record and query system over mysql2 and pg, with dialect-aware schema and migration tooling.

AreaIncluded behaviorDetailed guide
Databases and entitiesMySQL/PostgreSQL adapters, reflected entity schemas, column conversion, active-record helpers, and retrieval APIsDatabase
QueriesTyped filters, joins, selection, paging, patch/delete operations, relations, batched loading, and query observationDatabase
SessionsTransactions, nested savepoints, post-commit/post-rollback hooks, and dialect-specific session locksDatabase
SQLSafe values and identifiers, composable fragments, raw database methods, and explicit unsafe escape hatchesSQL
Schema and migrationsMulti-dialect schema builder, live-schema diffs, generated migration files, runners, reset, charset, and PostgreSQL schemasMigrations
Storage annotationsUUIDs, defaults, update expressions, unsigned values, lengths, dates, coordinates, indexes, and referencesTypes

Database I/O performs column-aware storage conversion rather than the HTTP input validation pipeline. Database constraints enforce storage rules; call the reflected validation helpers explicitly when application code needs API-style validation outside HTTP.

Background And Distributed Services

AreaIncluded behaviorDetailed guide
WorkersBullMQ queues, in-process tests, inline execution, cron jobs, dedicated runners, execution records, observers, and DevConsole inspectionWorkers
RedisClient configuration, cache helpers, distributed mutexes, broadcasts, and distributed methodsRedis
Leader electionRedis-backed ownership with renewal, loss callbacks, and failoverLeader Service
MeshTyped cross-node requests, responses, broadcasts, membership, heartbeats, and leader-backed cleanupMesh Service
Client trackingCross-node client reservation, activation, metadata, lookup, targeted calls, broadcasts, and SRPC integrationMesh Client Tracking
SRPCHMAC-authenticated bidirectional WebSocket RPC, protobuf codecs, duplicate-client policy, reconnects, observers, and byte streamsSRPC
MailSMTP/Postmark providers, direct and template messages, prepared messages, and typed templatesMail

Redis is feature-dependent, not a requirement for the base HTTP application. Configure it when enabling BullMQ workers, mutexes, caches, broadcasts, leader election, or mesh services.

Operations And Development

AreaIncluded behaviorDetailed guide
Health/healthz, application version, built-in database checks, custom checks, and individual resultsHealth Checks
LoggingScoped Pino loggers, async context, structured errors, custom sinks, HTTP request modes, and Sentry forwardingLogging
TelemetryOpenTelemetry HTTP/Undici/DNS/Redis/MySQL/PostgreSQL instrumentation, OTLP export, Prometheus metrics, spans, and SentryTelemetry
DevConsoleLocal-only routes, OpenAPI, requests, SRPC, database queries/entities, health, mutex, worker, environment, and REPL viewsDevConsole
TestingNode test runner, app facades, in-memory HTTP, MySQL/PostgreSQL isolation, savepoints, migrations, fixtures, mocks, and assertionsTesting
HelpersAsync/process tools, data transforms, JSON, streams, resource cleanup, crypto, validation, dates, UUIDs, errors, and Redis helpersHelpers

Process Model

The generated application exports an App through its package entrypoint and accepts explicit runtime commands:

bash
node . server:start       # HTTP/API process
node . worker:start       # dedicated worker process, with health listener
node . migrate:run        # release-time migrations
node . openapi:generate   # write openapi.yaml without starting HTTP

Production deployments should build once, run migrations as a release step, and separate API and worker processes when workers are enabled. Normal production server processes do not start the worker runner unless ENABLE_JOB_RUNNER=true; worker:start forces runner ownership.

APP_ENV is required when NODE_ENV=production. Importing either TSF runtime entrypoint—the package root or the early /otel bootstrap—forces the process timezone to UTC and throws at startup if the runtime does not adopt that timezone. Tests additionally launch with APP_ENV=test and TZ=UTC. Database date and timestamp formatting also uses UTC.

In development, DevConsole is available at /_devconsole/ after the app listens. Its localhost socket check is the security boundary, so do not expose or proxy it to untrusted clients.

Start Here

Released under the MIT License.