@astrale-os/sdk 0.1.0 → 0.1.2

package/dist/method/class.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"class.js","sourceRoot":"","sources":["../../src/method/class.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAiGH,MAAM,UAAU,kBAAkB,CAAC,GAAG,IAAe;IACnD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,SAAoB,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IAClD,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,CAAC,CAAA;AAChB,CAAC;AA0BD,MAAM,UAAU,sBAAsB,CAAC,GAAG,IAAe;IACvD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,SAAoB,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IAClD,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,CAAC,CAAA;AAChB,CAAC"}

package/dist/method/context.d.ts

@@ -0,0 +1,43 @@
+/**
+ * `RemoteContext` — what every remote method handler receives at runtime.
+ *
+ * Assembled by the dispatch pipeline before calling `execute`. Carries the
+ * validated params, the resolved auth context, the bound node instance (for
+ * non-static methods), the typed dependency container, and a
+ * `BoundClientSessionView` to call back into the parent kernel.
+ */
+import type { FnMap } from '@astrale-os/kernel-client';
+import type { BoundClientSessionView } from '@astrale-os/kernel-client/session';
+import type { AuthContext } from '@astrale-os/kernel-core';
+import type { CallRemoteFn } from '../dispatch/call-remote';
+export type RemoteContext<TParams, TSelf, TDeps> = {
+    /** Validated params (Zod-checked against the method's `inputSchema`). */
+    params: TParams;
+    /** Auth context resolved from the inbound delegation credential. `null` for public or unauthenticated optional methods. */
+    auth: AuthContext | null;
+    /** Bound node instance — `undefined` for static methods. */
+    self: TSelf;
+    /** Typed dependency container injected at server startup. */
+    deps: TDeps;
+    /** The worker's own serving URL */
+    url: string;
+    /**
+     * `BoundClientSessionView` to the parent kernel, bound to the composed
+     * credential `union(delegation, self)`. `null` when `auth: 'public'`, or
+     * `auth: 'optional'` with no inbound credential. Use for kernel syscalls +
+     * same-domain methods. For ANOTHER worker's remote method use
+     * {@link RemoteContext.callRemote} — `kernel.call` to a remote method fails
+     * the audience check.
+     */
+    kernel: BoundClientSessionView<FnMap> | null;
+    /**
+     * Call another worker's remote method (a Function with `binding.remoteUrl`),
+     * re-minting the credential for the target's audience so it isn't rejected at
+     * authentication. Throws on a public/unauthenticated request (no credential
+     * to mint from). The calling Function's identity must hold `USE` on
+     * `Identity.mintDelegationCredential` AND the target method's own grants —
+     * `callRemote` fixes the audience, not authorization.
+     */
+    callRemote: CallRemoteFn;
+};
+//# sourceMappingURL=context.d.ts.map

package/dist/method/context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../../src/method/context.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,mCAAmC,CAAA;AAC/E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAE1D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAA;AAE3D,MAAM,MAAM,aAAa,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,IAAI;IACjD,yEAAyE;IACzE,MAAM,EAAE,OAAO,CAAA;IACf,2HAA2H;IAC3H,IAAI,EAAE,WAAW,GAAG,IAAI,CAAA;IACxB,4DAA4D;IAC5D,IAAI,EAAE,KAAK,CAAA;IACX,6DAA6D;IAC7D,IAAI,EAAE,KAAK,CAAA;IACX,mCAAmC;IACnC,GAAG,EAAE,MAAM,CAAA;IACX;;;;;;;OAOG;IACH,MAAM,EAAE,sBAAsB,CAAC,KAAK,CAAC,GAAG,IAAI,CAAA;IAC5C;;;;;;;OAOG;IACH,UAAU,EAAE,YAAY,CAAA;CACzB,CAAA"}

package/dist/method/context.js

@@ -0,0 +1,10 @@
+/**
+ * `RemoteContext` — what every remote method handler receives at runtime.
+ *
+ * Assembled by the dispatch pipeline before calling `execute`. Carries the
+ * validated params, the resolved auth context, the bound node instance (for
+ * non-static methods), the typed dependency container, and a
+ * `BoundClientSessionView` to call back into the parent kernel.
+ */
+export {};
+//# sourceMappingURL=context.js.map

package/dist/method/context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.js","sourceRoot":"","sources":["../../src/method/context.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG"}

package/dist/method/index.d.ts

@@ -0,0 +1,6 @@
+export type { RemoteContext } from './context';
+export type { RemoteHandler, AnyRemoteHandler, MethodImpl } from './single';
+export { remoteMethod } from './single';
+export type { ClassMethodsImpl, InterfaceMethodsImpl, SchemaMethodsImpl } from './class';
+export { remoteClassMethods, remoteInterfaceMethods } from './class';
+//# sourceMappingURL=index.d.ts.map

package/dist/method/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/method/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA;AAC9C,YAAY,EAAE,aAAa,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AACvC,YAAY,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAA;AACxF,OAAO,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,SAAS,CAAA"}

package/dist/method/index.js

@@ -0,0 +1,3 @@
+export { remoteMethod } from './single';
+export { remoteClassMethods, remoteInterfaceMethods } from './class';
+//# sourceMappingURL=index.js.map

package/dist/method/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/method/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AAEvC,OAAO,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,SAAS,CAAA"}

package/dist/method/single.d.ts

@@ -0,0 +1,88 @@
+/**
+ * Authoring a single remote method.
+ *
+ * `RemoteHandler` is the typed shape an author writes for ONE method:
+ * an `execute` body plus optional REST `route` (using the kernel's
+ * canonical `RouteBinding`) and optional anchor `remoteUrl`.
+ *
+ * `MethodImpl` resolves params/result/self from a schema for a given
+ * `(class, method)` pair. `remoteMethod` is the identity helper an author
+ * calls per method to get full inference without writing generics by hand.
+ */
+import type { AuthPolicy, RouteBinding } from '@astrale-os/kernel-api/routed';
+import type { MethodClassKeys, ClassMethodConfig, NonSealedMethodKeys, OwnMethodKeys } from '@astrale-os/kernel-core/domain';
+import type { Schema } from '@astrale-os/kernel-dsl';
+import type { SelfResult } from '../dispatch/self';
+import type { RemoteContext } from './context';
+/**
+ * Remote function handler — execute with full typed context.
+ *
+ * `execute` is **optional** at the type level: a handler may be a pure
+ * binding stub (only `remoteUrl` / `route` set) when authored as a spec-side
+ * declaration that never runs locally — the kernel resolver short-circuits
+ * via `binding.remoteUrl` before reaching the handler body. The worker-side
+ * declaration that actually serves the call MUST provide `execute`.
+ *
+ * Runtime guard: if dispatch routes to a handler that has no `execute`, the
+ * dispatcher throws — that's a programmer error indicating a stub leaked into
+ * a code path that was supposed to execute it.
+ */
+export type RemoteHandler<TParams, TResult, TSelf, TDeps> = {
+    /** The handler body. May be async or an async generator (for `output: 'stream'`). */
+    execute?: (ctx: RemoteContext<TParams, TSelf, TDeps>) => TResult | Promise<TResult> | AsyncGenerator<TResult>;
+    /**
+     * Optional REST binding — attaches a native HTTP route to this method.
+     * Uses the kernel's canonical `RouteBinding` type directly.
+     */
+    route?: RouteBinding;
+    /**
+     * Optional anchor URL — marks this method as anchored to a specific host.
+     * May contain `{name}` placeholders matching fields in the input schema.
+     * If absent, the method is ambient (mounts on whatever server loads the domain).
+     */
+    remoteUrl?: string;
+    /** Optional human-readable description. Appears in generated docs. */
+    description?: string;
+    /** Authentication policy. Defaults to `'required'` when absent. */
+    auth?: AuthPolicy;
+    /**
+     * Optional pre-execute authorization check. Runs after auth resolution and
+     * `_self` resolution, before `execute`. Throw any error to deny the call —
+     * the SDK wraps it as `AuthorizationDeniedError` (mapped to wire-level
+     * `PERMISSION_DENIED`).
+     *
+     * Use for fine-grained checks the kernel's bit-level perms can't express
+     * (e.g. "only the project lead can addMember"). For straight bit-level
+     * checks, prefer the helpers in `@astrale-os/sdk` (`assertPerm`,
+     * `requireOwnership`).
+     *
+     * The kernel still enforces `has_perm` independently — `authorize` is
+     * additive ergonomic gating on top, not a replacement.
+     */
+    authorize?: (ctx: RemoteContext<TParams, TSelf, TDeps>) => void | Promise<void>;
+};
+export type AnyRemoteHandler = RemoteHandler<any, any, any, any>;
+/**
+ * Fully typed method implementation — resolves params/result/self from the
+ * schema, wraps in `RemoteHandler` with deps.
+ */
+export type MethodImpl<S extends Schema, K extends MethodClassKeys<S> & string, M extends string, TDeps = unknown> = ClassMethodConfig<S, K, M> extends {
+    params: infer P;
+    result: infer R;
+    self: unknown;
+    isStatic: infer St;
+} ? RemoteHandler<P, R, St extends true ? undefined : SelfResult, TDeps> : never;
+type ImplementableMethodName<S extends Schema, K extends MethodClassKeys<S> & string> = (OwnMethodKeys<S, K> | NonSealedMethodKeys<S, K>) & string;
+/**
+ * Identity helper for authoring one remote method with full schema-driven typing.
+ *
+ * Two-form calling convention:
+ *  - `remoteMethod<TDeps>()` — curried form; captures deps type, returns a
+ *     per-schema helper. Use when you want deps typed.
+ *  - `remoteMethod(schema, className, methodName, impl)` — direct form with
+ *     `unknown` deps.
+ */
+export declare function remoteMethod<TDeps>(): <S extends Schema, K extends MethodClassKeys<S> & string, M extends ImplementableMethodName<S, K>>(schema: S, className: K, methodName: M, impl: MethodImpl<S, K, M, TDeps>) => MethodImpl<S, K, M, TDeps>;
+export declare function remoteMethod<S extends Schema, K extends MethodClassKeys<S> & string, M extends ImplementableMethodName<S, K>>(schema: S, className: K, methodName: M, impl: MethodImpl<S, K, M>): MethodImpl<S, K, M>;
+export {};
+//# sourceMappingURL=single.d.ts.map

package/dist/method/single.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"single.d.ts","sourceRoot":"","sources":["../../src/method/single.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAA;AAC7E,OAAO,KAAK,EACV,eAAe,EACf,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACd,MAAM,gCAAgC,CAAA;AACvC,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAA;AAEpD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAClD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA;AAE9C;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,IAAI;IAC1D,qFAAqF;IACrF,OAAO,CAAC,EAAE,CACR,GAAG,EAAE,aAAa,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,KACtC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;IACzD;;;OAGG;IACH,KAAK,CAAC,EAAE,YAAY,CAAA;IACpB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,sEAAsE;IACtE,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,mEAAmE;IACnE,IAAI,CAAC,EAAE,UAAU,CAAA;IACjB;;;;;;;;;;;;;OAaG;IACH,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,aAAa,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CAChF,CAAA;AAGD,MAAM,MAAM,gBAAgB,GAAG,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;AAEhE;;;GAGG;AACH,MAAM,MAAM,UAAU,CACpB,CAAC,SAAS,MAAM,EAChB,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,GAAG,MAAM,EACrC,CAAC,SAAS,MAAM,EAChB,KAAK,GAAG,OAAO,IAEf,iBAAiB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,SAAS;IACjC,MAAM,EAAE,MAAM,CAAC,CAAA;IACf,MAAM,EAAE,MAAM,CAAC,CAAA;IACf,IAAI,EAAE,OAAO,CAAA;IACb,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB,GACG,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,SAAS,IAAI,GAAG,SAAS,GAAG,UAAU,EAAE,KAAK,CAAC,GACpE,KAAK,CAAA;AAEX,KAAK,uBAAuB,CAAC,CAAC,SAAS,MAAM,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,CACpF,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,GACnB,mBAAmB,CAAC,CAAC,EAAE,CAAC,CAAC,CAC5B,GACC,MAAM,CAAA;AAER;;;;;;;;GAQG;AACH,wBAAgB,YAAY,CAAC,KAAK,KAAK,CACrC,CAAC,SAAS,MAAM,EAChB,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,GAAG,MAAM,EACrC,CAAC,SAAS,uBAAuB,CAAC,CAAC,EAAE,CAAC,CAAC,EAEvC,MAAM,EAAE,CAAC,EACT,SAAS,EAAE,CAAC,EACZ,UAAU,EAAE,CAAC,EACb,IAAI,EAAE,UAAU,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,KAC7B,UAAU,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,CAAA;AAC/B,wBAAgB,YAAY,CAC1B,CAAC,SAAS,MAAM,EAChB,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,GAAG,MAAM,EACrC,CAAC,SAAS,uBAAuB,CAAC,CAAC,EAAE,CAAC,CAAC,EACvC,MAAM,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAA"}

package/dist/method/single.js

@@ -0,0 +1,18 @@
+/**
+ * Authoring a single remote method.
+ *
+ * `RemoteHandler` is the typed shape an author writes for ONE method:
+ * an `execute` body plus optional REST `route` (using the kernel's
+ * canonical `RouteBinding`) and optional anchor `remoteUrl`.
+ *
+ * `MethodImpl` resolves params/result/self from a schema for a given
+ * `(class, method)` pair. `remoteMethod` is the identity helper an author
+ * calls per method to get full inference without writing generics by hand.
+ */
+export function remoteMethod(...args) {
+    if (args.length === 0) {
+        return (...innerArgs) => innerArgs[3];
+    }
+    return args[3];
+}
+//# sourceMappingURL=single.js.map

package/dist/method/single.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"single.js","sourceRoot":"","sources":["../../src/method/single.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAoHH,MAAM,UAAU,YAAY,CAAC,GAAG,IAAe;IAC7C,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,SAAoB,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IAClD,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,CAAC,CAAA;AAChB,CAAC"}

package/dist/server/auxiliary-routes.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Mount worker-side routes for `defineView` and `defineRemoteFunction` entries.
+ *
+ * Each entry's effective `FunctionBinding` is resolved once at boot (host
+ * pattern, path, http verb) and a Hono route is registered that runs the
+ * shared SDK auth pipeline (verify inbound credential, optionally enforce /
+ * optional / public), Zod validation of input AND output (RemoteFunction
+ * only — Views are transport-only), the author's `authorize` hook, and
+ * finally `render` / `execute`.
+ *
+ * Bindings whose host is not a sub-domain of this worker's host are skipped
+ * (the graph node was still materialized; the route lives elsewhere).
+ */
+import type { Hono } from 'hono';
+import { type FunctionBinding } from '@astrale-os/kernel-api/routed';
+import { type CorsConfig } from '@astrale-os/kernel-server';
+import type { AnyRemoteFunctionDef } from '../define/remote-function';
+import type { ViewDef } from '../define/view';
+import type { AuxIdentityMap } from '../dispatch/identity';
+export type AuxiliaryRoutesConfig<TDeps> = {
+    app: Hono;
+    /** This worker's serving URL — used to filter bindings that point elsewhere. */
+    url: string;
+    views?: Record<string, ViewDef<TDeps>>;
+    viewBindings?: Record<string, FunctionBinding>;
+    remoteFunctions?: Record<string, AnyRemoteFunctionDef>;
+    remoteFunctionBindings?: Record<string, FunctionBinding>;
+    deps: TDeps;
+    /**
+     * Per-route identity configs (keyed by slug) — one entry per View and
+     * one per RemoteFunction. Build via `buildAuxIdentityMap(compiled, key, issuer)`
+     * from `sdk/src/dispatch/identity.ts`.
+     */
+    identities: AuxIdentityMap;
+    /**
+     * CORS policy applied to every mounted route: per-route `app.options(...)`
+     * preflight and `Access-Control-Allow-*` headers on success + error
+     * responses. Required so callers (always `createRemoteServer`) keep the
+     * kernel-envelope and aux-route policies in sync.
+     */
+    cors: CorsConfig;
+};
+export declare function mountAuxiliaryRoutes<TDeps>(config: AuxiliaryRoutesConfig<TDeps>): void;
+//# sourceMappingURL=auxiliary-routes.d.ts.map

package/dist/server/auxiliary-routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auxiliary-routes.d.ts","sourceRoot":"","sources":["../../src/server/auxiliary-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,OAAO,KAAK,EAAW,IAAI,EAAE,MAAM,MAAM,CAAA;AAQzC,OAAO,EAKL,KAAK,eAAe,EAErB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAoB,KAAK,UAAU,EAAE,MAAM,2BAA2B,CAAA;AAG7E,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AACrE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAA;AAE7C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAQ1D,MAAM,MAAM,qBAAqB,CAAC,KAAK,IAAI;IACzC,GAAG,EAAE,IAAI,CAAA;IACT,gFAAgF;IAChF,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAA;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IAC9C,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAA;IACtD,sBAAsB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IACxD,IAAI,EAAE,KAAK,CAAA;IACX;;;;OAIG;IACH,UAAU,EAAE,cAAc,CAAA;IAC1B;;;;;OAKG;IACH,IAAI,EAAE,UAAU,CAAA;CACjB,CAAA;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,qBAAqB,CAAC,KAAK,CAAC,GAAG,IAAI,CA2EtF"}

package/dist/server/auxiliary-routes.js

@@ -0,0 +1,237 @@
+/**
+ * Mount worker-side routes for `defineView` and `defineRemoteFunction` entries.
+ *
+ * Each entry's effective `FunctionBinding` is resolved once at boot (host
+ * pattern, path, http verb) and a Hono route is registered that runs the
+ * shared SDK auth pipeline (verify inbound credential, optionally enforce /
+ * optional / public), Zod validation of input AND output (RemoteFunction
+ * only — Views are transport-only), the author's `authorize` hook, and
+ * finally `render` / `execute`.
+ *
+ * Bindings whose host is not a sub-domain of this worker's host are skipped
+ * (the graph node was still materialized; the route lives elsewhere).
+ */
+import { isKernelErrorClassifiable, KERNEL_ERROR_CODES, kernelErrorHttpStatus, } from '@astrale-os/kernel-api';
+import { isSubdomainOf, matchHost, compileHostMatcher, parseUrlTemplate, } from '@astrale-os/kernel-api/routed';
+import { buildCorsHeaders } from '@astrale-os/kernel-server';
+import { resolveInboundAuth } from '../auth/resolve';
+import { runAuthorize } from '../dispatch/authorize';
+import { makeCallRemote } from '../dispatch/call-remote';
+import { SdkResultValidationError, SdkValidationError } from '../dispatch/errors';
+import { validateParams, validateResult } from '../dispatch/validate';
+export function mountAuxiliaryRoutes(config) {
+    const { app, url, views, viewBindings, remoteFunctions, remoteFunctionBindings, deps, identities, cors, } = config;
+    const workerHost = parseUrlTemplate(url).hostPattern;
+    const corsHeaders = buildCorsHeaders(cors);
+    if (views && viewBindings) {
+        for (const [slug, def] of Object.entries(views)) {
+            const binding = viewBindings[slug];
+            if (!binding || !def.render)
+                continue;
+            const identity = requireAuxIdentity('view', slug, identities.views[slug]);
+            mountEntry({
+                app,
+                binding,
+                workerHost,
+                defaultMethod: 'GET',
+                auth: def.auth,
+                identity,
+                corsHeaders,
+                // Views are transport-only (iframe HTML/redirect) — the kernel client
+                // built by `resolveInboundAuth` is intentionally NOT forwarded. Code
+                // inside the loaded iframe talks back to the kernel via the shell
+                // (WebSocket), not via this worker route.
+                run: async ({ c, params, auth }) => {
+                    if (def.authorize)
+                        await runAuthorize(def.authorize, { c, params, auth, deps });
+                    return def.render({ c, params, auth, deps });
+                },
+            });
+        }
+    }
+    if (remoteFunctions && remoteFunctionBindings) {
+        for (const [slug, def] of Object.entries(remoteFunctions)) {
+            const binding = remoteFunctionBindings[slug];
+            if (!binding)
+                continue;
+            const identity = requireAuxIdentity('remote function', slug, identities.remoteFunctions[slug]);
+            mountEntry({
+                app,
+                binding,
+                workerHost,
+                defaultMethod: 'POST',
+                auth: def.auth,
+                identity,
+                corsHeaders,
+                run: async ({ c, auth, kernel, callRemote }) => {
+                    const rawBody = await c.req.json().catch(() => ({}));
+                    const validation = validateParams(def.inputSchema, rawBody);
+                    if (!validation.ok) {
+                        throw new SdkValidationError(validation.issues);
+                    }
+                    const ctx = { params: validation.data, c, auth, deps, kernel, callRemote };
+                    if (def.authorize)
+                        await runAuthorize(def.authorize, ctx);
+                    const result = await def.execute(ctx);
+                    const outValidation = validateResult(def.outputSchema, result);
+                    if (!outValidation.ok) {
+                        throw new SdkResultValidationError(outValidation.issues, def.ref);
+                    }
+                    return c.json({ result: outValidation.data });
+                },
+            });
+        }
+    }
+}
+// ── Internal ───────────────────────────────────────────────────────────────
+/**
+ * Every materialized aux callable must have an identity in the install-time
+ * `subs` claim — a missing one means the build pipeline passed a compiled
+ * domain that doesn't include this callable to `buildAuxIdentityMap()`.
+ */
+function requireAuxIdentity(kind, slug, identity) {
+    if (identity)
+        return identity;
+    throw new Error(`mountAuxiliaryRoutes: no identity registered for ${kind} "${slug}". ` +
+        `Pass a compiled domain that includes this ${kind} to buildAuxIdentityMap().`);
+}
+const PLACEHOLDER_RE = /\{(\w+)([+*])?\}/g;
+function mountEntry(args) {
+    const { app, binding, workerHost, defaultMethod, run, auth, identity, corsHeaders } = args;
+    const remoteUrl = binding.remoteUrl;
+    if (!remoteUrl)
+        return;
+    const parsed = parseUrlTemplate(remoteUrl);
+    if (parsed.hostPattern && !isSubdomainOf(parsed.hostPattern, workerHost))
+        return;
+    const fullPath = joinPath(parsed.basePath, binding.route?.path ?? '');
+    const honoPath = toHonoPath(fullPath);
+    const httpMethod = binding.route?.method ?? defaultMethod;
+    // `route.method` can be any `HttpMethod` (PUT/PATCH/DELETE/*), but only GET
+    // and POST are wired below. Fail loudly at mount time rather than silently
+    // registering no handler (which would 404 the real request while the OPTIONS
+    // preflight still reports the route exists).
+    if (httpMethod !== 'GET' && httpMethod !== 'POST') {
+        throw new Error(`mountAuxiliaryRoutes: unsupported HTTP method "${httpMethod}" for route "${honoPath}". ` +
+            `Aux routes (views / remote functions) support only GET and POST.`);
+    }
+    // Local-dev requests target literal `localhost`, but bindings reference a
+    // logical host (`dist.localhost`) — so only enforce a Host-header match
+    // when the binding has actual placeholders to extract.
+    const hostMatcher = parsed.hostPlaceholders.length > 0 ? compileHostMatcher(parsed.hostPattern) : null;
+    const pathParamNames = collectPlaceholderNames(fullPath);
+    const handler = async (c) => {
+        // Apply CORS to every response. `c.json(...)` / `c.body(...)` pick up the
+        // headers via the Hono context; raw `Response` objects — a View's `render`
+        // return, and `errorResponse` in the catch — do NOT, so the final returned
+        // Response is also passed through `applyCorsToResponse`.
+        applyCorsToContext(c, corsHeaders);
+        try {
+            let hostParams = {};
+            if (hostMatcher) {
+                const match = matchHost(hostMatcher, c.req.header('host') ?? '');
+                if (!match)
+                    return c.notFound();
+                hostParams = match;
+            }
+            const pathParams = {};
+            for (const name of pathParamNames) {
+                const value = c.req.param(name);
+                if (value !== undefined)
+                    pathParams[name] = decodeURIComponent(value);
+            }
+            const { auth: resolvedAuth, kernel } = await resolveInboundAuth(stripBearerPrefix(c.req.header('authorization') ?? ''), auth, identity);
+            const response = await run({
+                c,
+                params: { ...hostParams, ...pathParams },
+                auth: resolvedAuth,
+                kernel,
+                callRemote: makeCallRemote(kernel),
+            });
+            return applyCorsToResponse(response, corsHeaders);
+        }
+        catch (err) {
+            return applyCorsToResponse(errorResponse(err), corsHeaders);
+        }
+    };
+    if (httpMethod === 'GET')
+        app.get(honoPath, handler);
+    else if (httpMethod === 'POST')
+        app.post(honoPath, handler);
+    // Per-route preflight — mirrors `createKernelApp`'s per-route
+    // `app.options(...)` pattern (kernel/server/app/create.ts:112,145). Avoid
+    // a wildcard `app.options('*', ...)`: it would intercept the kernel
+    // envelope's own preflights mounted later on this same Hono instance.
+    app.options(honoPath, (c) => {
+        applyCorsToContext(c, corsHeaders);
+        return c.body(null, 204);
+    });
+}
+function applyCorsToContext(c, headers) {
+    for (const [name, value] of Object.entries(headers))
+        c.header(name, value);
+}
+function applyCorsToResponse(response, headers) {
+    try {
+        for (const [name, value] of Object.entries(headers))
+            response.headers.set(name, value);
+        return response;
+    }
+    catch {
+        // Some Responses have immutable headers — notably `Response.redirect(...)`,
+        // which a View's `render` is documented to return. Rebuild with a mutable
+        // header copy so CORS still applies (status / body / location preserved).
+        const merged = new Headers(response.headers);
+        for (const [name, value] of Object.entries(headers))
+            merged.set(name, value);
+        return new Response(response.body, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: merged,
+        });
+    }
+}
+function collectPlaceholderNames(path) {
+    return [...path.matchAll(PLACEHOLDER_RE)].map((m) => m[1]);
+}
+/**
+ * Serialize an error as the canonical kernel error envelope
+ * `{ error: { code, message, data } }` with the matching HTTP status. This is
+ * the exact shape the routed client (`kernel-client` HttpRoutedTransport.
+ * decodeError) parses — it routes on `error.code` and reads `error.data` for
+ * field-level detail (a flat `{ error: '<string>' }` body silently degrades to
+ * a generic INTERNAL_ERROR client-side). Every SDK error class (AuthMissingError,
+ * SdkValidationError, SdkResultValidationError, AuthorizationDeniedError, …) plus
+ * the kernel-core errors `resolveInboundAuth` rethrows all implement
+ * `toKernelErrorPayload`, so one branch covers them; only a raw non-classifiable
+ * Error falls back to 500.
+ */
+function errorResponse(err) {
+    const payload = isKernelErrorClassifiable(err)
+        ? err.toKernelErrorPayload()
+        : {
+            code: KERNEL_ERROR_CODES.INTERNAL_ERROR,
+            message: err instanceof Error ? err.message : 'Internal error',
+        };
+    return Response.json({ error: payload }, { status: kernelErrorHttpStatus(payload.code) });
+}
+function joinPath(a, b) {
+    if (!b)
+        return a;
+    if (!a)
+        return b;
+    const left = a.endsWith('/') ? a.slice(0, -1) : a;
+    const right = b.startsWith('/') ? b : `/${b}`;
+    return `${left}${right}` || '/';
+}
+/** Convert `/foo/{id}` / `/{name+}` / `/{name*}` to Hono syntax. */
+function toHonoPath(path) {
+    return path
+        .replace(/\{(\w+)\+\}/g, ':$1{.+}')
+        .replace(/\{(\w+)\*\}/g, ':$1{.*}')
+        .replace(/\{(\w+)\}/g, ':$1');
+}
+function stripBearerPrefix(value) {
+    return value.trim().replace(/^Bearer\s+/i, '');
+}
+//# sourceMappingURL=auxiliary-routes.js.map

package/dist/server/auxiliary-routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auxiliary-routes.js","sourceRoot":"","sources":["../../src/server/auxiliary-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAOH,OAAO,EACL,yBAAyB,EACzB,kBAAkB,EAClB,qBAAqB,GAEtB,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EACL,aAAa,EACb,SAAS,EACT,kBAAkB,EAClB,gBAAgB,GAGjB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,gBAAgB,EAAmB,MAAM,2BAA2B,CAAA;AAQ7E,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAA;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AACxD,OAAO,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAA;AACjF,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AA0BrE,MAAM,UAAU,oBAAoB,CAAQ,MAAoC;IAC9E,MAAM,EACJ,GAAG,EACH,GAAG,EACH,KAAK,EACL,YAAY,EACZ,eAAe,EACf,sBAAsB,EACtB,IAAI,EACJ,UAAU,EACV,IAAI,GACL,GAAG,MAAM,CAAA;IAEV,MAAM,UAAU,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,WAAW,CAAA;IACpD,MAAM,WAAW,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAA;IAE1C,IAAI,KAAK,IAAI,YAAY,EAAE,CAAC;QAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAA;YAClC,IAAI,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM;gBAAE,SAAQ;YACrC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAA;YACzE,UAAU,CAAC;gBACT,GAAG;gBACH,OAAO;gBACP,UAAU;gBACV,aAAa,EAAE,KAAK;gBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,QAAQ;gBACR,WAAW;gBACX,sEAAsE;gBACtE,qEAAqE;gBACrE,kEAAkE;gBAClE,0CAA0C;gBAC1C,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE;oBACjC,IAAI,GAAG,CAAC,SAAS;wBAAE,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;oBAC/E,OAAO,GAAG,CAAC,MAAO,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;gBAC/C,CAAC;aACF,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,IAAI,eAAe,IAAI,sBAAsB,EAAE,CAAC;QAC9C,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;YAC1D,MAAM,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAA;YAC5C,IAAI,CAAC,OAAO;gBAAE,SAAQ;YACtB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,iBAAiB,EAAE,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAA;YAC9F,UAAU,CAAC;gBACT,GAAG;gBACH,OAAO;gBACP,UAAU;gBACV,aAAa,EAAE,MAAM;gBACrB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,QAAQ;gBACR,WAAW;gBACX,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE;oBAC7C,MAAM,OAAO,GAAY,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;oBAC7D,MAAM,UAAU,GAAG,cAAc,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;oBAC3D,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;wBACnB,MAAM,IAAI,kBAAkB,CAAC,UAAU,CAAC,MAAsC,CAAC,CAAA;oBACjF,CAAC;oBACD,MAAM,GAAG,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,CAAA;oBAC1E,IAAI,GAAG,CAAC,SAAS;wBAAE,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;oBACzD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;oBACrC,MAAM,aAAa,GAAG,cAAc,CAAC,GAAG,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;oBAC9D,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;wBACtB,MAAM,IAAI,wBAAwB,CAChC,aAAa,CAAC,MAA4C,EAC1D,GAAG,CAAC,GAAG,CACR,CAAA;oBACH,CAAC;oBACD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,aAAa,CAAC,IAAI,EAAE,CAAC,CAAA;gBAC/C,CAAC;aACF,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,8EAA8E;AAE9E;;;;GAIG;AACH,SAAS,kBAAkB,CACzB,IAAgC,EAChC,IAAY,EACZ,QAA0C;IAE1C,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAA;IAC7B,MAAM,IAAI,KAAK,CACb,oDAAoD,IAAI,KAAK,IAAI,KAAK;QACpE,6CAA6C,IAAI,4BAA4B,CAChF,CAAA;AACH,CAAC;AAqBD,MAAM,cAAc,GAAG,mBAAmB,CAAA;AAE1C,SAAS,UAAU,CAAC,IAAoB;IACtC,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,IAAI,CAAA;IAE1F,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;IACnC,IAAI,CAAC,SAAS;QAAE,OAAM;IAEtB,MAAM,MAAM,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAA;IAC1C,IAAI,MAAM,CAAC,WAAW,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC;QAAE,OAAM;IAEhF,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,KAAK,EAAE,IAAI,IAAI,EAAE,CAAC,CAAA;IACrE,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAA;IACrC,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,EAAE,MAAM,IAAI,aAAa,CAAA;IACzD,4EAA4E;IAC5E,2EAA2E;IAC3E,6EAA6E;IAC7E,6CAA6C;IAC7C,IAAI,UAAU,KAAK,KAAK,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CACb,kDAAkD,UAAU,gBAAgB,QAAQ,KAAK;YACvF,kEAAkE,CACrE,CAAA;IACH,CAAC;IACD,0EAA0E;IAC1E,wEAAwE;IACxE,uDAAuD;IACvD,MAAM,WAAW,GACf,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACpF,MAAM,cAAc,GAAG,uBAAuB,CAAC,QAAQ,CAAC,CAAA;IAExD,MAAM,OAAO,GAAG,KAAK,EAAE,CAAU,EAAqB,EAAE;QACtD,0EAA0E;QAC1E,2EAA2E;QAC3E,2EAA2E;QAC3E,yDAAyD;QACzD,kBAAkB,CAAC,CAAC,EAAE,WAAW,CAAC,CAAA;QAClC,IAAI,CAAC;YACH,IAAI,UAAU,GAA2B,EAAE,CAAA;YAC3C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,KAAK,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;gBAChE,IAAI,CAAC,KAAK;oBAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAA;gBAC/B,UAAU,GAAG,KAAK,CAAA;YACpB,CAAC;YAED,MAAM,UAAU,GAA2B,EAAE,CAAA;YAC7C,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;gBAClC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAC/B,IAAI,KAAK,KAAK,SAAS;oBAAE,UAAU,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAA;YACvE,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,MAAM,kBAAkB,CAC7D,iBAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,EACtD,IAAI,EACJ,QAAQ,CACT,CAAA;YAED,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC;gBACzB,CAAC;gBACD,MAAM,EAAE,EAAE,GAAG,UAAU,EAAE,GAAG,UAAU,EAAE;gBACxC,IAAI,EAAE,YAAY;gBAClB,MAAM;gBACN,UAAU,EAAE,cAAc,CAAC,MAAM,CAAC;aACnC,CAAC,CAAA;YACF,OAAO,mBAAmB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAA;QACnD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,mBAAmB,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,WAAW,CAAC,CAAA;QAC7D,CAAC;IACH,CAAC,CAAA;IAED,IAAI,UAAU,KAAK,KAAK;QAAE,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;SAC/C,IAAI,UAAU,KAAK,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IAE3D,8DAA8D;IAC9D,0EAA0E;IAC1E,oEAAoE;IACpE,sEAAsE;IACtE,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE;QAC1B,kBAAkB,CAAC,CAAC,EAAE,WAAW,CAAC,CAAA;QAClC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;IAC1B,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAU,EAAE,OAA+B;IACrE,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;AAC5E,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAkB,EAAE,OAA+B;IAC9E,IAAI,CAAC;QACH,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QACtF,OAAO,QAAQ,CAAA;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,4EAA4E;QAC5E,0EAA0E;QAC1E,0EAA0E;QAC1E,MAAM,MAAM,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;QAC5C,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QAC5E,OAAO,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE;YACjC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,OAAO,EAAE,MAAM;SAChB,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAAC,IAAY;IAC3C,OAAO,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,CAAA;AAC7D,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAS,aAAa,CAAC,GAAY;IACjC,MAAM,OAAO,GAAuB,yBAAyB,CAAC,GAAG,CAAC;QAChE,CAAC,CAAC,GAAG,CAAC,oBAAoB,EAAE;QAC5B,CAAC,CAAC;YACE,IAAI,EAAE,kBAAkB,CAAC,cAAc;YACvC,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB;SAC/D,CAAA;IACL,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,qBAAqB,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;AAC3F,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,CAAS;IACpC,IAAI,CAAC,CAAC;QAAE,OAAO,CAAC,CAAA;IAChB,IAAI,CAAC,CAAC;QAAE,OAAO,CAAC,CAAA;IAChB,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACjD,MAAM,KAAK,GAAG,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAA;IAC7C,OAAO,GAAG,IAAI,GAAG,KAAK,EAAE,IAAI,GAAG,CAAA;AACjC,CAAC;AAED,oEAAoE;AACpE,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,IAAI;SACR,OAAO,CAAC,cAAc,EAAE,SAAS,CAAC;SAClC,OAAO,CAAC,cAAc,EAAE,SAAS,CAAC;SAClC,OAAO,CAAC,YAAY,EAAE,KAAK,CAAC,CAAA;AACjC,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACtC,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAA;AAChD,CAAC"}

package/dist/server/config.d.ts

@@ -0,0 +1,83 @@
+/**
+ * `RemoteServerConfig` — input shape for `createRemoteServer`.
+ *
+ * Identity is per-function: `iss` = the worker's serving URL (`config.url`),
+ * `sub` = the function path, signed on each dispatch. No single `subject`.
+ */
+import type { CorsConfig, WsAdapter } from '@astrale-os/kernel-server';
+import type { Context } from 'hono';
+import type { Hono } from 'hono';
+import type { RemoteDomain } from '../domain/define';
+export type RemoteServerConfig<TDeps> = {
+    /** Domain produced by `defineRemoteDomain(...)`. */
+    domain: RemoteDomain;
+    /** Dependency container passed to every handler as `ctx.deps`. */
+    deps: TDeps;
+    /**
+     * Server URL — the serving location AND the worker's JWT issuer identity
+     * (`iss`), decoupled from the addressing `origin` slug.
+     *
+     * The server's public key is published at `<url>/.well-known/jwks.json`
+     * so downstream verifiers can validate credentials signed by this server.
+     */
+    url: string;
+    /** Private key used to sign outbound credentials. Public form is exposed via JWKS. */
+    privateKey: JsonWebKey;
+    /** Allowed transports. `'http'` is mandatory. `'ws'` is opt-in. Defaults to `['http']`. */
+    transports?: readonly ('http' | 'ws')[];
+    /**
+     * Runtime-specific WS adapter (from `hono/bun`, `@hono/node-ws`, `hono/deno`).
+     * Required when `transports` includes `'ws'`.
+     */
+    ws?: WsAdapter;
+    /** CORS configuration. Defaults to `{ origin: '*' }`. */
+    cors?: CorsConfig;
+    /** Optional health endpoint path (defaults to `/health`; `false` disables). */
+    health?: string | false;
+    /** Pre-existing Hono app to attach to (for nesting the SDK under a parent router). */
+    app?: Hono;
+    /**
+     * Provenance stamped onto the auto-mounted `/meta` endpoint. Typically
+     * injected at build time by the bundler so downstream tooling can detect
+     * version drift between deployed server and expected schema.
+     */
+    meta?: {
+        sdkCommit?: string;
+        schemaHash?: string;
+        domainName?: string;
+    };
+    /**
+     * Typed colon-path to a callable the installing kernel calls ONCE as the
+     * system identity, immediately after the domain installs. Use it to seed
+     * nodes and self-grant. Must be a semantic domain path under this domain's
+     * own origin (`/:origin:class.X:seed` / `/:origin:interface.Ops:seed`) — the
+     * kernel's origin guard refuses absolute tree paths, which cannot prove
+     * their origin from the string alone. Returned verbatim in the install
+     * bundle (a routing hint — the signed `graph_hash` already constrains what
+     * the callable can be).
+     *
+     * Example: `/:crm.acme.dev:class.Note:seed`
+     */
+    postInstall?: string;
+    /**
+     * Cross-domain dependencies by origin. Returned in the install bundle; the
+     * kernel verifies each origin is already present on the instance before
+     * installing, and refuses with a clear error if one is missing.
+     */
+    requires?: readonly string[];
+    /**
+     * Optional private install hook. Throw to deny the install request.
+     * The public URL install contract still receives no caller kernel
+     * credential; private installs use the bearer token only.
+     */
+    install?: {
+        authorize?: (args: {
+            c: Context;
+            token?: string;
+            kernelIssuer: string;
+            nonce: string;
+            deps: TDeps;
+        }) => void | Promise<void>;
+    };
+};
+//# sourceMappingURL=config.d.ts.map

package/dist/server/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/server/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AACtE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AACnC,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAEhC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAEpD,MAAM,MAAM,kBAAkB,CAAC,KAAK,IAAI;IACtC,oDAAoD;IACpD,MAAM,EAAE,YAAY,CAAA;IACpB,kEAAkE;IAClE,IAAI,EAAE,KAAK,CAAA;IACX;;;;;;OAMG;IACH,GAAG,EAAE,MAAM,CAAA;IACX,sFAAsF;IACtF,UAAU,EAAE,UAAU,CAAA;IACtB,2FAA2F;IAC3F,UAAU,CAAC,EAAE,SAAS,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAA;IACvC;;;OAGG;IACH,EAAE,CAAC,EAAE,SAAS,CAAA;IACd,yDAAyD;IACzD,IAAI,CAAC,EAAE,UAAU,CAAA;IACjB,+EAA+E;IAC/E,MAAM,CAAC,EAAE,MAAM,GAAG,KAAK,CAAA;IACvB,sFAAsF;IACtF,GAAG,CAAC,EAAE,IAAI,CAAA;IACV;;;;OAIG;IACH,IAAI,CAAC,EAAE;QACL,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,UAAU,CAAC,EAAE,MAAM,CAAA;KACpB,CAAA;IACD;;;;;;;;;;;OAWG;IACH,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;IAC5B;;;;OAIG;IACH,OAAO,CAAC,EAAE;QACR,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE;YACjB,CAAC,EAAE,OAAO,CAAA;YACV,KAAK,CAAC,EAAE,MAAM,CAAA;YACd,YAAY,EAAE,MAAM,CAAA;YACpB,KAAK,EAAE,MAAM,CAAA;YACb,IAAI,EAAE,KAAK,CAAA;SACZ,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;KAC3B,CAAA;CACF,CAAA"}

package/dist/server/config.js

@@ -0,0 +1,8 @@
+/**
+ * `RemoteServerConfig` — input shape for `createRemoteServer`.
+ *
+ * Identity is per-function: `iss` = the worker's serving URL (`config.url`),
+ * `sub` = the function path, signed on each dispatch. No single `subject`.
+ */
+export {};
+//# sourceMappingURL=config.js.map

package/dist/server/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/server/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/dist/server/create.d.ts

@@ -0,0 +1,21 @@
+/**
+ * `createRemoteServer` — the SDK's entry point for running a remote domain.
+ *
+ * Identity is per-function: the dispatcher signs `iss` = the worker's serving
+ * URL (`effectiveIssuer`, decoupled from the addressing `origin`) and `sub` =
+ * the origin-addressed function path on each dispatch.
+ *
+ * Composes:
+ *   methods             ← Map keyed by BoundMethod.ref (built by dispatch/resolve)
+ *   effectiveIssuer     ← config.issuer ?? config.url
+ *   dispatcher          ← SdkDispatcher(compiled, methods, deps, privateKey)
+ *   jwks                ← derivePublicJwk(privateKey), keyed by effectiveIssuer
+ *   /meta               ← provenance endpoint (sdkCommit, schemaHash, domainName)
+ *   auxiliary routes    ← view / remote-function handlers from defineRemoteDomain
+ *   app                 ← createKernelApp(dispatcher, contracts, host, jwks, transports, ...)
+ *   start               ← startNodeServer(app, port)
+ */
+import type { RemoteServerConfig } from './config';
+import type { RemoteServer } from './handle';
+export declare function createRemoteServer<TDeps>(config: RemoteServerConfig<TDeps>): RemoteServer;
+//# sourceMappingURL=create.d.ts.map

package/dist/server/create.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../src/server/create.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAeH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAA;AAClD,OAAO,KAAK,EAAE,YAAY,EAAsB,MAAM,UAAU,CAAA;AAahE,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,kBAAkB,CAAC,KAAK,CAAC,GAAG,YAAY,CA+JzF"}