diff --git a/README.md b/README.md
index b425243..51b116f 100644
--- a/README.md
+++ b/README.md
@@ -56,7 +56,7 @@ export type PRECHECK = (
 	request: Request,
 	meta: Record<string, any>
 ) => undefined | Response | Promise<undefined | Response>;
-export type PRECHECKS_TABLE = Record<'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH', PRECHECK>;
+export type PRECHECKS_TABLE = Record<'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH', PRECHECK[]>;
 export type ROUTE_HANDLER_METHOD = (request: Request, meta: Record<string, any>) => Promise<Response> | Response;
 
 export interface ROUTE_HANDLER {
@@ -73,7 +73,7 @@ export interface ROUTE_HANDLER {
 A default exported method will be called for any unspecified methods and can
 decide what to do with the request itself.
 
-`PRECHECKS` can defined a precheck per-method, eg: `PRECHECKS.GET = ( request, meta ) => ...`
+`PRECHECKS` can defined a precheck per-method, eg: `PRECHECKS.GET = [( request, meta ) => ...]`
 
 A precheck method should return a `Response` if there's an error that should stop
 the request from proceeding. For example, if you require a session for a given route,
@@ -82,6 +82,11 @@ session, perhaps adding it to the `meta` data that will be passed to the `GET`
 handler itself. If there is no session, however, it should return an HTTP `Response`
 object indicating permission is denied or similar.
 
+## TODO
+
+ - [ ] reload typescript if it is modified on disk
+
+
 #### NOTE ON WINDOWS
 
 Because Windows has more restrictions on filenames, you can use `___` in place of `:` in
diff --git a/deno.json b/deno.json
index 656b882..982405a 100644
--- a/deno.json
+++ b/deno.json
@@ -1,7 +1,7 @@
 {
 	"name": "@andyburke/serverus",
 	"description": "A flexible HTTP server for mixed content. Throw static files, markdown, Typescript and (hopefully, eventually) more into a directory and serverus can serve it up a bit more like old-school CGI.",
-	"version": "0.0.12",
+	"version": "0.1.0",
 	"license": "MIT",
 	"exports": {
 		".": "./serverus.ts",
diff --git a/handlers/typescript.ts b/handlers/typescript.ts
index ca02b82..8768ca9 100644
--- a/handlers/typescript.ts
+++ b/handlers/typescript.ts
@@ -15,8 +15,8 @@ export type PRECHECK = (
 	meta: Record<string, any>
 ) => undefined | Response | Promise<undefined | Response>;
 
-/** A `PRECHECK_TABLE` maps from HTTP methods to your `PRECHECK`s. */
-export type PRECHECKS_TABLE = Record<'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH', PRECHECK>;
+/** A `PRECHECK_TABLE` maps from HTTP methods to an array of `PRECHECK`s to be run. */
+export type PRECHECKS_TABLE = Record<'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH', PRECHECK[]>;
 
 /** A `ROUTE_HANDLER_METHOD` must take a `Request` and `meta` data and return a `Response`. */
 export type ROUTE_HANDLER_METHOD = (request: Request, meta: Record<string, any>) => Promise<Response> | Response;
@@ -108,11 +108,13 @@ export default async function handle_typescript(request: Request): Promise<Respo
 				query
 			};
 
-			const precheck: PRECHECK | undefined = handler_module.PRECHECKS?.[request.method as keyof PRECHECKS_TABLE];
-			if (precheck) {
-				const result = await precheck(request, metadata);
-				if (result) {
-					return result;
+			const prechecks: PRECHECK[] | undefined = handler_module.PRECHECKS?.[request.method as keyof PRECHECKS_TABLE];
+			if (Array.isArray(prechecks)) {
+				for (const precheck of prechecks) {
+					const result = await precheck(request, metadata);
+					if (result) {
+						return result;
+					}
 				}
 			}
 
diff --git a/tests/www/permissions/test.ts b/tests/www/permissions/test.ts
index 4dfa685..48b6c83 100644
--- a/tests/www/permissions/test.ts
+++ b/tests/www/permissions/test.ts
@@ -1,17 +1,19 @@
 type PRECHECK = (req: Request, meta: Record<string, any>) => Promise<Response | undefined> | Response | undefined;
-export const PRECHECKS: Record<string, PRECHECK> = {};
+export const PRECHECKS: Record<string, PRECHECK[]> = {};
 
-PRECHECKS.GET = (request: Request, _meta: Record<string, any>): Response | undefined => {
-	const secret = request.headers.get('x-secret');
-	if (secret !== 'very secret') {
-		return new Response('Permission Denied', {
-			status: 400,
-			headers: {
-				'Content-Type': 'text/plain'
-			}
-		});
+PRECHECKS.GET = [
+	(request: Request, _meta: Record<string, any>): Response | undefined => {
+		const secret = request.headers.get('x-secret');
+		if (secret !== 'very secret') {
+			return new Response('Permission Denied', {
+				status: 400,
+				headers: {
+					'Content-Type': 'text/plain'
+				}
+			});
+		}
 	}
-};
+];
 export function GET(_req: Request, _meta: Record<string, any>): Response {
 	return new Response('this is secret', {
 		status: 200,