@astrale-os/sdk 0.1.1 → 0.1.3

package/dist/server/auxiliary-routes.js

@@ -0,0 +1,239 @@
+/**
+ * Mount worker-side routes for `defineView` and `defineRemoteFunction` entries.
+ *
+ * Each entry's effective `FunctionBinding` is resolved once at boot (host
+ * pattern, path, http verb) and a Hono route is registered that runs the
+ * shared SDK auth pipeline (verify inbound credential, optionally enforce /
+ * optional / public), Zod validation of input AND output (RemoteFunction
+ * only — Views are transport-only), the author's `authorize` hook, and
+ * finally `render` / `execute`.
+ *
+ * Bindings whose host is not a sub-domain of this worker's host are skipped
+ * (the graph node was still materialized; the route lives elsewhere).
+ */
+import { isKernelErrorClassifiable, KERNEL_ERROR_CODES, kernelErrorHttpStatus, } from '@astrale-os/kernel-api';
+import { isSubdomainOf, matchHost, compileHostMatcher, parseUrlTemplate, } from '@astrale-os/kernel-api/routed';
+import { buildCorsHeaders } from '@astrale-os/kernel-server';
+import { makeSelfKernel } from '../auth/kernel-client';
+import { resolveInboundAuth } from '../auth/resolve';
+import { runAuthorize } from '../dispatch/authorize';
+import { makeCallRemote } from '../dispatch/call-remote';
+import { SdkResultValidationError, SdkValidationError } from '../dispatch/errors';
+import { validateParams, validateResult } from '../dispatch/validate';
+export function mountAuxiliaryRoutes(config) {
+    const { app, url, views, viewBindings, remoteFunctions, remoteFunctionBindings, deps, identities, cors, } = config;
+    const workerHost = parseUrlTemplate(url).hostPattern;
+    const corsHeaders = buildCorsHeaders(cors);
+    if (views && viewBindings) {
+        for (const [slug, def] of Object.entries(views)) {
+            const binding = viewBindings[slug];
+            if (!binding || !def.render)
+                continue;
+            const identity = requireAuxIdentity('view', slug, identities.views[slug]);
+            mountEntry({
+                app,
+                binding,
+                workerHost,
+                defaultMethod: 'GET',
+                auth: def.auth,
+                identity,
+                corsHeaders,
+                // Views are transport-only (iframe HTML/redirect) — the kernel client
+                // built by `resolveInboundAuth` is intentionally NOT forwarded. Code
+                // inside the loaded iframe talks back to the kernel via the shell
+                // (WebSocket), not via this worker route.
+                run: async ({ c, params, auth }) => {
+                    if (def.authorize)
+                        await runAuthorize(def.authorize, { c, params, auth, deps });
+                    return def.render({ c, params, auth, deps });
+                },
+            });
+        }
+    }
+    if (remoteFunctions && remoteFunctionBindings) {
+        for (const [slug, def] of Object.entries(remoteFunctions)) {
+            const binding = remoteFunctionBindings[slug];
+            if (!binding)
+                continue;
+            const identity = requireAuxIdentity('remote function', slug, identities.remoteFunctions[slug]);
+            mountEntry({
+                app,
+                binding,
+                workerHost,
+                defaultMethod: 'POST',
+                auth: def.auth,
+                identity,
+                corsHeaders,
+                run: async ({ c, auth, kernel, callRemote }) => {
+                    const selfKernel = makeSelfKernel(identity, deps);
+                    const rawBody = await c.req.json().catch(() => ({}));
+                    const validation = validateParams(def.inputSchema, rawBody);
+                    if (!validation.ok) {
+                        throw new SdkValidationError(validation.issues);
+                    }
+                    const ctx = { params: validation.data, c, auth, deps, kernel, callRemote, selfKernel };
+                    if (def.authorize)
+                        await runAuthorize(def.authorize, ctx);
+                    const result = await def.execute(ctx);
+                    const outValidation = validateResult(def.outputSchema, result);
+                    if (!outValidation.ok) {
+                        throw new SdkResultValidationError(outValidation.issues, def.ref);
+                    }
+                    return c.json({ result: outValidation.data });
+                },
+            });
+        }
+    }
+}
+// ── Internal ───────────────────────────────────────────────────────────────
+/**
+ * Every materialized aux callable must have an identity in the install-time
+ * `subs` claim — a missing one means the build pipeline passed a compiled
+ * domain that doesn't include this callable to `buildAuxIdentityMap()`.
+ */
+function requireAuxIdentity(kind, slug, identity) {
+    if (identity)
+        return identity;
+    throw new Error(`mountAuxiliaryRoutes: no identity registered for ${kind} "${slug}". ` +
+        `Pass a compiled domain that includes this ${kind} to buildAuxIdentityMap().`);
+}
+const PLACEHOLDER_RE = /\{(\w+)([+*])?\}/g;
+function mountEntry(args) {
+    const { app, binding, workerHost, defaultMethod, run, auth, identity, corsHeaders } = args;
+    const remoteUrl = binding.remoteUrl;
+    if (!remoteUrl)
+        return;
+    const parsed = parseUrlTemplate(remoteUrl);
+    if (parsed.hostPattern && !isSubdomainOf(parsed.hostPattern, workerHost))
+        return;
+    const fullPath = joinPath(parsed.basePath, binding.route?.path ?? '');
+    const honoPath = toHonoPath(fullPath);
+    const httpMethod = binding.route?.method ?? defaultMethod;
+    // `route.method` can be any `HttpMethod` (PUT/PATCH/DELETE/*), but only GET
+    // and POST are wired below. Fail loudly at mount time rather than silently
+    // registering no handler (which would 404 the real request while the OPTIONS
+    // preflight still reports the route exists).
+    if (httpMethod !== 'GET' && httpMethod !== 'POST') {
+        throw new Error(`mountAuxiliaryRoutes: unsupported HTTP method "${httpMethod}" for route "${honoPath}". ` +
+            `Aux routes (views / remote functions) support only GET and POST.`);
+    }
+    // Local-dev requests target literal `localhost`, but bindings reference a
+    // logical host (`dist.localhost`) — so only enforce a Host-header match
+    // when the binding has actual placeholders to extract.
+    const hostMatcher = parsed.hostPlaceholders.length > 0 ? compileHostMatcher(parsed.hostPattern) : null;
+    const pathParamNames = collectPlaceholderNames(fullPath);
+    const handler = async (c) => {
+        // Apply CORS to every response. `c.json(...)` / `c.body(...)` pick up the
+        // headers via the Hono context; raw `Response` objects — a View's `render`
+        // return, and `errorResponse` in the catch — do NOT, so the final returned
+        // Response is also passed through `applyCorsToResponse`.
+        applyCorsToContext(c, corsHeaders);
+        try {
+            let hostParams = {};
+            if (hostMatcher) {
+                const match = matchHost(hostMatcher, c.req.header('host') ?? '');
+                if (!match)
+                    return c.notFound();
+                hostParams = match;
+            }
+            const pathParams = {};
+            for (const name of pathParamNames) {
+                const value = c.req.param(name);
+                if (value !== undefined)
+                    pathParams[name] = decodeURIComponent(value);
+            }
+            const { auth: resolvedAuth, kernel } = await resolveInboundAuth(stripBearerPrefix(c.req.header('authorization') ?? ''), auth, identity);
+            const response = await run({
+                c,
+                params: { ...hostParams, ...pathParams },
+                auth: resolvedAuth,
+                kernel,
+                callRemote: makeCallRemote(kernel),
+            });
+            return applyCorsToResponse(response, corsHeaders);
+        }
+        catch (err) {
+            return applyCorsToResponse(errorResponse(err), corsHeaders);
+        }
+    };
+    if (httpMethod === 'GET')
+        app.get(honoPath, handler);
+    else if (httpMethod === 'POST')
+        app.post(honoPath, handler);
+    // Per-route preflight — mirrors `createKernelApp`'s per-route
+    // `app.options(...)` pattern (kernel/server/app/create.ts:112,145). Avoid
+    // a wildcard `app.options('*', ...)`: it would intercept the kernel
+    // envelope's own preflights mounted later on this same Hono instance.
+    app.options(honoPath, (c) => {
+        applyCorsToContext(c, corsHeaders);
+        return c.body(null, 204);
+    });
+}
+function applyCorsToContext(c, headers) {
+    for (const [name, value] of Object.entries(headers))
+        c.header(name, value);
+}
+function applyCorsToResponse(response, headers) {
+    try {
+        for (const [name, value] of Object.entries(headers))
+            response.headers.set(name, value);
+        return response;
+    }
+    catch {
+        // Some Responses have immutable headers — notably `Response.redirect(...)`,
+        // which a View's `render` is documented to return. Rebuild with a mutable
+        // header copy so CORS still applies (status / body / location preserved).
+        const merged = new Headers(response.headers);
+        for (const [name, value] of Object.entries(headers))
+            merged.set(name, value);
+        return new Response(response.body, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: merged,
+        });
+    }
+}
+function collectPlaceholderNames(path) {
+    return [...path.matchAll(PLACEHOLDER_RE)].map((m) => m[1]);
+}
+/**
+ * Serialize an error as the canonical kernel error envelope
+ * `{ error: { code, message, data } }` with the matching HTTP status. This is
+ * the exact shape the routed client (`kernel-client` HttpRoutedTransport.
+ * decodeError) parses — it routes on `error.code` and reads `error.data` for
+ * field-level detail (a flat `{ error: '<string>' }` body silently degrades to
+ * a generic INTERNAL_ERROR client-side). Every SDK error class (AuthMissingError,
+ * SdkValidationError, SdkResultValidationError, AuthorizationDeniedError, …) plus
+ * the kernel-core errors `resolveInboundAuth` rethrows all implement
+ * `toKernelErrorPayload`, so one branch covers them; only a raw non-classifiable
+ * Error falls back to 500.
+ */
+function errorResponse(err) {
+    const payload = isKernelErrorClassifiable(err)
+        ? err.toKernelErrorPayload()
+        : {
+            code: KERNEL_ERROR_CODES.INTERNAL_ERROR,
+            message: err instanceof Error ? err.message : 'Internal error',
+        };
+    return Response.json({ error: payload }, { status: kernelErrorHttpStatus(payload.code) });
+}
+function joinPath(a, b) {
+    if (!b)
+        return a;
+    if (!a)
+        return b;
+    const left = a.endsWith('/') ? a.slice(0, -1) : a;
+    const right = b.startsWith('/') ? b : `/${b}`;
+    return `${left}${right}` || '/';
+}
+/** Convert `/foo/{id}` / `/{name+}` / `/{name*}` to Hono syntax. */
+function toHonoPath(path) {
+    return path
+        .replace(/\{(\w+)\+\}/g, ':$1{.+}')
+        .replace(/\{(\w+)\*\}/g, ':$1{.*}')
+        .replace(/\{(\w+)\}/g, ':$1');
+}
+function stripBearerPrefix(value) {
+    return value.trim().replace(/^Bearer\s+/i, '');
+}
+//# sourceMappingURL=auxiliary-routes.js.map

package/dist/server/auxiliary-routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auxiliary-routes.js","sourceRoot":"","sources":["../../src/server/auxiliary-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAOH,OAAO,EACL,yBAAyB,EACzB,kBAAkB,EAClB,qBAAqB,GAEtB,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EACL,aAAa,EACb,SAAS,EACT,kBAAkB,EAClB,gBAAgB,GAGjB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,gBAAgB,EAAmB,MAAM,2BAA2B,CAAA;AAQ7E,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAA;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AACxD,OAAO,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAA;AACjF,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AA0BrE,MAAM,UAAU,oBAAoB,CAAQ,MAAoC;IAC9E,MAAM,EACJ,GAAG,EACH,GAAG,EACH,KAAK,EACL,YAAY,EACZ,eAAe,EACf,sBAAsB,EACtB,IAAI,EACJ,UAAU,EACV,IAAI,GACL,GAAG,MAAM,CAAA;IAEV,MAAM,UAAU,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,WAAW,CAAA;IACpD,MAAM,WAAW,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAA;IAE1C,IAAI,KAAK,IAAI,YAAY,EAAE,CAAC;QAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAA;YAClC,IAAI,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM;gBAAE,SAAQ;YACrC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAA;YACzE,UAAU,CAAC;gBACT,GAAG;gBACH,OAAO;gBACP,UAAU;gBACV,aAAa,EAAE,KAAK;gBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,QAAQ;gBACR,WAAW;gBACX,sEAAsE;gBACtE,qEAAqE;gBACrE,kEAAkE;gBAClE,0CAA0C;gBAC1C,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE;oBACjC,IAAI,GAAG,CAAC,SAAS;wBAAE,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;oBAC/E,OAAO,GAAG,CAAC,MAAO,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;gBAC/C,CAAC;aACF,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,IAAI,eAAe,IAAI,sBAAsB,EAAE,CAAC;QAC9C,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;YAC1D,MAAM,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAA;YAC5C,IAAI,CAAC,OAAO;gBAAE,SAAQ;YACtB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,iBAAiB,EAAE,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAA;YAC9F,UAAU,CAAC;gBACT,GAAG;gBACH,OAAO;gBACP,UAAU;gBACV,aAAa,EAAE,MAAM;gBACrB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,QAAQ;gBACR,WAAW;gBACX,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE;oBAC7C,MAAM,UAAU,GAAG,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;oBACjD,MAAM,OAAO,GAAY,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;oBAC7D,MAAM,UAAU,GAAG,cAAc,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;oBAC3D,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;wBACnB,MAAM,IAAI,kBAAkB,CAAC,UAAU,CAAC,MAAsC,CAAC,CAAA;oBACjF,CAAC;oBACD,MAAM,GAAG,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,CAAA;oBACtF,IAAI,GAAG,CAAC,SAAS;wBAAE,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;oBACzD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;oBACrC,MAAM,aAAa,GAAG,cAAc,CAAC,GAAG,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;oBAC9D,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;wBACtB,MAAM,IAAI,wBAAwB,CAChC,aAAa,CAAC,MAA4C,EAC1D,GAAG,CAAC,GAAG,CACR,CAAA;oBACH,CAAC;oBACD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,aAAa,CAAC,IAAI,EAAE,CAAC,CAAA;gBAC/C,CAAC;aACF,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,8EAA8E;AAE9E;;;;GAIG;AACH,SAAS,kBAAkB,CACzB,IAAgC,EAChC,IAAY,EACZ,QAA0C;IAE1C,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAA;IAC7B,MAAM,IAAI,KAAK,CACb,oDAAoD,IAAI,KAAK,IAAI,KAAK;QACpE,6CAA6C,IAAI,4BAA4B,CAChF,CAAA;AACH,CAAC;AAqBD,MAAM,cAAc,GAAG,mBAAmB,CAAA;AAE1C,SAAS,UAAU,CAAC,IAAoB;IACtC,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,IAAI,CAAA;IAE1F,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;IACnC,IAAI,CAAC,SAAS;QAAE,OAAM;IAEtB,MAAM,MAAM,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAA;IAC1C,IAAI,MAAM,CAAC,WAAW,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC;QAAE,OAAM;IAEhF,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,KAAK,EAAE,IAAI,IAAI,EAAE,CAAC,CAAA;IACrE,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAA;IACrC,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,EAAE,MAAM,IAAI,aAAa,CAAA;IACzD,4EAA4E;IAC5E,2EAA2E;IAC3E,6EAA6E;IAC7E,6CAA6C;IAC7C,IAAI,UAAU,KAAK,KAAK,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CACb,kDAAkD,UAAU,gBAAgB,QAAQ,KAAK;YACvF,kEAAkE,CACrE,CAAA;IACH,CAAC;IACD,0EAA0E;IAC1E,wEAAwE;IACxE,uDAAuD;IACvD,MAAM,WAAW,GACf,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACpF,MAAM,cAAc,GAAG,uBAAuB,CAAC,QAAQ,CAAC,CAAA;IAExD,MAAM,OAAO,GAAG,KAAK,EAAE,CAAU,EAAqB,EAAE;QACtD,0EAA0E;QAC1E,2EAA2E;QAC3E,2EAA2E;QAC3E,yDAAyD;QACzD,kBAAkB,CAAC,CAAC,EAAE,WAAW,CAAC,CAAA;QAClC,IAAI,CAAC;YACH,IAAI,UAAU,GAA2B,EAAE,CAAA;YAC3C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,KAAK,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;gBAChE,IAAI,CAAC,KAAK;oBAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAA;gBAC/B,UAAU,GAAG,KAAK,CAAA;YACpB,CAAC;YAED,MAAM,UAAU,GAA2B,EAAE,CAAA;YAC7C,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;gBAClC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAC/B,IAAI,KAAK,KAAK,SAAS;oBAAE,UAAU,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAA;YACvE,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,MAAM,kBAAkB,CAC7D,iBAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,EACtD,IAAI,EACJ,QAAQ,CACT,CAAA;YAED,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC;gBACzB,CAAC;gBACD,MAAM,EAAE,EAAE,GAAG,UAAU,EAAE,GAAG,UAAU,EAAE;gBACxC,IAAI,EAAE,YAAY;gBAClB,MAAM;gBACN,UAAU,EAAE,cAAc,CAAC,MAAM,CAAC;aACnC,CAAC,CAAA;YACF,OAAO,mBAAmB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAA;QACnD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,mBAAmB,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,WAAW,CAAC,CAAA;QAC7D,CAAC;IACH,CAAC,CAAA;IAED,IAAI,UAAU,KAAK,KAAK;QAAE,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;SAC/C,IAAI,UAAU,KAAK,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IAE3D,8DAA8D;IAC9D,0EAA0E;IAC1E,oEAAoE;IACpE,sEAAsE;IACtE,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE;QAC1B,kBAAkB,CAAC,CAAC,EAAE,WAAW,CAAC,CAAA;QAClC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;IAC1B,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAU,EAAE,OAA+B;IACrE,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;AAC5E,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAkB,EAAE,OAA+B;IAC9E,IAAI,CAAC;QACH,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QACtF,OAAO,QAAQ,CAAA;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,4EAA4E;QAC5E,0EAA0E;QAC1E,0EAA0E;QAC1E,MAAM,MAAM,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;QAC5C,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QAC5E,OAAO,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE;YACjC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,OAAO,EAAE,MAAM;SAChB,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAAC,IAAY;IAC3C,OAAO,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,CAAA;AAC7D,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAS,aAAa,CAAC,GAAY;IACjC,MAAM,OAAO,GAAuB,yBAAyB,CAAC,GAAG,CAAC;QAChE,CAAC,CAAC,GAAG,CAAC,oBAAoB,EAAE;QAC5B,CAAC,CAAC;YACE,IAAI,EAAE,kBAAkB,CAAC,cAAc;YACvC,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB;SAC/D,CAAA;IACL,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,qBAAqB,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;AAC3F,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,CAAS;IACpC,IAAI,CAAC,CAAC;QAAE,OAAO,CAAC,CAAA;IAChB,IAAI,CAAC,CAAC;QAAE,OAAO,CAAC,CAAA;IAChB,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACjD,MAAM,KAAK,GAAG,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAA;IAC7C,OAAO,GAAG,IAAI,GAAG,KAAK,EAAE,IAAI,GAAG,CAAA;AACjC,CAAC;AAED,oEAAoE;AACpE,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,IAAI;SACR,OAAO,CAAC,cAAc,EAAE,SAAS,CAAC;SAClC,OAAO,CAAC,cAAc,EAAE,SAAS,CAAC;SAClC,OAAO,CAAC,YAAY,EAAE,KAAK,CAAC,CAAA;AACjC,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACtC,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAA;AAChD,CAAC"}

package/dist/server/config.d.ts

@@ -0,0 +1,83 @@
+/**
+ * `RemoteServerConfig` — input shape for `createRemoteServer`.
+ *
+ * Identity is per-function: `iss` = the worker's serving URL (`config.url`),
+ * `sub` = the function path, signed on each dispatch. No single `subject`.
+ */
+import type { CorsConfig, WsAdapter } from '@astrale-os/kernel-server';
+import type { Context } from 'hono';
+import type { Hono } from 'hono';
+import type { RemoteDomain } from '../domain/define';
+export type RemoteServerConfig<TDeps> = {
+    /** Domain produced by `defineRemoteDomain(...)`. */
+    domain: RemoteDomain;
+    /** Dependency container passed to every handler as `ctx.deps`. */
+    deps: TDeps;
+    /**
+     * Server URL — the serving location AND the worker's JWT issuer identity
+     * (`iss`), decoupled from the addressing `origin` slug.
+     *
+     * The server's public key is published at `<url>/.well-known/jwks.json`
+     * so downstream verifiers can validate credentials signed by this server.
+     */
+    url: string;
+    /** Private key used to sign outbound credentials. Public form is exposed via JWKS. */
+    privateKey: JsonWebKey;
+    /** Allowed transports. `'http'` is mandatory. `'ws'` is opt-in. Defaults to `['http']`. */
+    transports?: readonly ('http' | 'ws')[];
+    /**
+     * Runtime-specific WS adapter (from `hono/bun`, `@hono/node-ws`, `hono/deno`).
+     * Required when `transports` includes `'ws'`.
+     */
+    ws?: WsAdapter;
+    /** CORS configuration. Defaults to `{ origin: '*' }`. */
+    cors?: CorsConfig;
+    /** Optional health endpoint path (defaults to `/health`; `false` disables). */
+    health?: string | false;
+    /** Pre-existing Hono app to attach to (for nesting the SDK under a parent router). */
+    app?: Hono;
+    /**
+     * Provenance stamped onto the auto-mounted `/meta` endpoint. Typically
+     * injected at build time by the bundler so downstream tooling can detect
+     * version drift between deployed server and expected schema.
+     */
+    meta?: {
+        sdkCommit?: string;
+        schemaHash?: string;
+        domainName?: string;
+    };
+    /**
+     * Typed colon-path to a callable the installing kernel calls ONCE as the
+     * system identity, immediately after the domain installs. Use it to seed
+     * nodes and self-grant. Must be a semantic domain path under this domain's
+     * own origin (`/:origin:class.X:seed` / `/:origin:interface.Ops:seed`) — the
+     * kernel's origin guard refuses absolute tree paths, which cannot prove
+     * their origin from the string alone. Returned verbatim in the install
+     * bundle (a routing hint — the signed `graph_hash` already constrains what
+     * the callable can be).
+     *
+     * Example: `/:crm.acme.dev:class.Note:seed`
+     */
+    postInstall?: string;
+    /**
+     * Cross-domain dependencies by origin. Returned in the install bundle; the
+     * kernel verifies each origin is already present on the instance before
+     * installing, and refuses with a clear error if one is missing.
+     */
+    requires?: readonly string[];
+    /**
+     * Optional private install hook. Throw to deny the install request.
+     * The public URL install contract still receives no caller kernel
+     * credential; private installs use the bearer token only.
+     */
+    install?: {
+        authorize?: (args: {
+            c: Context;
+            token?: string;
+            kernelIssuer: string;
+            nonce: string;
+            deps: TDeps;
+        }) => void | Promise<void>;
+    };
+};
+//# sourceMappingURL=config.d.ts.map

package/dist/server/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/server/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AACtE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AACnC,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAEhC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAEpD,MAAM,MAAM,kBAAkB,CAAC,KAAK,IAAI;IACtC,oDAAoD;IACpD,MAAM,EAAE,YAAY,CAAA;IACpB,kEAAkE;IAClE,IAAI,EAAE,KAAK,CAAA;IACX;;;;;;OAMG;IACH,GAAG,EAAE,MAAM,CAAA;IACX,sFAAsF;IACtF,UAAU,EAAE,UAAU,CAAA;IACtB,2FAA2F;IAC3F,UAAU,CAAC,EAAE,SAAS,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAA;IACvC;;;OAGG;IACH,EAAE,CAAC,EAAE,SAAS,CAAA;IACd,yDAAyD;IACzD,IAAI,CAAC,EAAE,UAAU,CAAA;IACjB,+EAA+E;IAC/E,MAAM,CAAC,EAAE,MAAM,GAAG,KAAK,CAAA;IACvB,sFAAsF;IACtF,GAAG,CAAC,EAAE,IAAI,CAAA;IACV;;;;OAIG;IACH,IAAI,CAAC,EAAE;QACL,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,UAAU,CAAC,EAAE,MAAM,CAAA;KACpB,CAAA;IACD;;;;;;;;;;;OAWG;IACH,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;IAC5B;;;;OAIG;IACH,OAAO,CAAC,EAAE;QACR,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE;YACjB,CAAC,EAAE,OAAO,CAAA;YACV,KAAK,CAAC,EAAE,MAAM,CAAA;YACd,YAAY,EAAE,MAAM,CAAA;YACpB,KAAK,EAAE,MAAM,CAAA;YACb,IAAI,EAAE,KAAK,CAAA;SACZ,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;KAC3B,CAAA;CACF,CAAA"}

package/dist/server/config.js

@@ -0,0 +1,8 @@
+/**
+ * `RemoteServerConfig` — input shape for `createRemoteServer`.
+ *
+ * Identity is per-function: `iss` = the worker's serving URL (`config.url`),
+ * `sub` = the function path, signed on each dispatch. No single `subject`.
+ */
+export {};
+//# sourceMappingURL=config.js.map

package/dist/server/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/server/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/dist/server/create.d.ts

@@ -0,0 +1,21 @@
+/**
+ * `createRemoteServer` — the SDK's entry point for running a remote domain.
+ *
+ * Identity is per-function: the dispatcher signs `iss` = the worker's serving
+ * URL (`effectiveIssuer`, decoupled from the addressing `origin`) and `sub` =
+ * the origin-addressed function path on each dispatch.
+ *
+ * Composes:
+ *   methods             ← Map keyed by BoundMethod.ref (built by dispatch/resolve)
+ *   effectiveIssuer     ← config.issuer ?? config.url
+ *   dispatcher          ← SdkDispatcher(compiled, methods, deps, privateKey)
+ *   jwks                ← derivePublicJwk(privateKey), keyed by effectiveIssuer
+ *   /meta               ← provenance endpoint (sdkCommit, schemaHash, domainName)
+ *   auxiliary routes    ← view / remote-function handlers from defineRemoteDomain
+ *   app                 ← createKernelApp(dispatcher, contracts, host, jwks, transports, ...)
+ *   start               ← startNodeServer(app, port)
+ */
+import type { RemoteServerConfig } from './config';
+import type { RemoteServer } from './handle';
+export declare function createRemoteServer<TDeps>(config: RemoteServerConfig<TDeps>): RemoteServer;
+//# sourceMappingURL=create.d.ts.map

package/dist/server/create.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../src/server/create.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAeH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAA;AAClD,OAAO,KAAK,EAAE,YAAY,EAAsB,MAAM,UAAU,CAAA;AAahE,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,kBAAkB,CAAC,KAAK,CAAC,GAAG,YAAY,CA+JzF"}

package/dist/server/create.js

@@ -0,0 +1,210 @@
+/**
+ * `createRemoteServer` — the SDK's entry point for running a remote domain.
+ *
+ * Identity is per-function: the dispatcher signs `iss` = the worker's serving
+ * URL (`effectiveIssuer`, decoupled from the addressing `origin`) and `sub` =
+ * the origin-addressed function path on each dispatch.
+ *
+ * Composes:
+ *   methods             ← Map keyed by BoundMethod.ref (built by dispatch/resolve)
+ *   effectiveIssuer     ← config.issuer ?? config.url
+ *   dispatcher          ← SdkDispatcher(compiled, methods, deps, privateKey)
+ *   jwks                ← derivePublicJwk(privateKey), keyed by effectiveIssuer
+ *   /meta               ← provenance endpoint (sdkCommit, schemaHash, domainName)
+ *   auxiliary routes    ← view / remote-function handlers from defineRemoteDomain
+ *   app                 ← createKernelApp(dispatcher, contracts, host, jwks, transports, ...)
+ *   start               ← startNodeServer(app, port)
+ */
+import { deriveAllowedAlgorithms } from '@astrale-os/kernel-core';
+import { collectFunctionSubs, domainInstallRequestSchema, hashInstallGraph, } from '@astrale-os/kernel-core/domain';
+import { createKernelApp } from '@astrale-os/kernel-server';
+import { Hono } from 'hono';
+import { importJWK, SignJWT } from 'jose';
+import { MetaSchema } from '../deploy/meta';
+import { SdkDispatcher } from '../dispatch/dispatcher';
+import { buildAuxIdentityMap } from '../dispatch/identity';
+import { buildMethodIndex } from '../dispatch/resolve';
+import { buildInstallGraph, buildInstallGraphHash } from '../domain/build-spec';
+import { toSdkContract } from '../domain/contract';
+import { materializeRemoteDomain } from '../domain/define';
+import { mountAuxiliaryRoutes } from './auxiliary-routes';
+import { derivePublicJwk } from './jwks';
+import { canonicalizeServingUrl } from './serving-url';
+export function createRemoteServer(config) {
+    const methods = buildMethodIndex(config.domain.methods);
+    // The worker's identity (`iss`) is its full serving URL (base path included,
+    // trailing slash stripped) — decoupled from the addressing `origin` slug. One
+    // canonical value drives outbound signing, the JWKS issuer, `/meta`, and the
+    // install credential. Must equal the URL the kernel fetched the domain at.
+    const iss = canonicalizeServingUrl(config.url);
+    // Re-materialize the domain with the real serving url (`iss`) so the aux
+    // View/Function `binding.remoteUrl` resolve to this host — the define-time
+    // placeholder is discarded. `compiled`/`auxiliary` drive everything below;
+    // `iss` is the single source for both bindings and identity.
+    const { compiled, auxiliary } = materializeRemoteDomain(config.domain, iss);
+    const dispatcher = new SdkDispatcher({
+        compiled,
+        methods,
+        deps: config.deps,
+        privateKey: config.privateKey,
+        issuer: iss,
+        // The canonicalized serving URL, NOT the raw config.url: `ctx.url` is
+        // documented as the worker's `iss` identity, so the two must be one value.
+        url: iss,
+    });
+    const publicJwk = derivePublicJwk(config.privateKey);
+    const jwks = {
+        issuer: iss,
+        loadOwnKeys: async () => [publicJwk],
+    };
+    // `/meta`'s `schemaHash` is computed from the LIVE domain graph (lazy +
+    // cached). `hashInstallGraph` is id-independent/deterministic, so an
+    // independent build (a deploy script) produces the SAME hash — `deployCheck`
+    // can compare its expected value against this and detect genuine schema drift.
+    // An explicit `config.meta.schemaHash` still wins as an override for
+    // offline/pinned spec producers, but normal deploys omit it.
+    let cachedSchemaHash = null;
+    const resolveSchemaHash = () => config.meta?.schemaHash !== undefined
+        ? Promise.resolve(config.meta.schemaHash)
+        : (cachedSchemaHash ??= buildInstallGraphHash(config.domain, iss));
+    // Register `/meta` on the host app before `createKernelApp` mounts its
+    // catch-all routes so the verbatim path wins.
+    const hostApp = config.app ?? new Hono();
+    const metaBase = {
+        iss,
+        sdkCommit: config.meta?.sdkCommit,
+        domainName: config.meta?.domainName ?? compiled.$.origin,
+    };
+    hostApp.get('/meta', async (c) => c.json(MetaSchema.parse({ ...metaBase, schemaHash: await resolveSchemaHash() })));
+    hostApp.post('/_astrale/install-domain', async (c) => {
+        const parsed = domainInstallRequestSchema.safeParse(await c.req.json().catch(() => null));
+        if (!parsed.success) {
+            return c.json({ error: 'Invalid install request', issues: parsed.error.issues }, 400);
+        }
+        const token = bearerToken(c.req.header('authorization'));
+        try {
+            await config.install?.authorize?.({
+                c,
+                ...(token ? { token } : {}),
+                kernelIssuer: parsed.data.kernelIssuer,
+                nonce: parsed.data.nonce,
+                deps: config.deps,
+            });
+        }
+        catch (err) {
+            return c.json({ error: 'Install denied', message: err.message }, 403);
+        }
+        // Build the install graph. `buildInstallGraph` re-materializes the domain
+        // with the serving url (`iss`), so every `binding.remoteUrl` points at this
+        // host — the same single value as the credential's `iss` below. The kernel
+        // hashes exactly this graph; no install-time rewrite.
+        const graph = buildInstallGraph(config.domain, iss);
+        const graphHash = await hashInstallGraph(graph);
+        const origin = compiled.$.origin;
+        // `postInstall` + `requires` ride in BOTH the signed credential claims and
+        // the bundle body, and the kernel rejects any bundle field that disagrees
+        // with its signed claim — so derive them once and reuse for both.
+        const bundleExtras = {
+            ...(config.postInstall ? { postInstall: config.postInstall } : {}),
+            ...(config.requires && config.requires.length > 0 ? { requires: config.requires } : {}),
+        };
+        // The credential's `iss` is the worker's serving URL (`iss`, computed above)
+        // — the kernel pins it to the URL it fetched the domain at and verifies this
+        // credential against that issuer's JWKS.
+        const credential = await signInstallCredential({
+            privateKey: config.privateKey,
+            issuer: iss,
+            audience: parsed.data.kernelIssuer,
+            nonce: parsed.data.nonce,
+            graphHash,
+            subs: collectFunctionSubs(compiled),
+            ...bundleExtras,
+        });
+        return c.json({
+            origin,
+            graph,
+            identity: { credential },
+            ...bundleExtras,
+        });
+    });
+    // Resolved once and shared between the kernel envelope (createKernelApp) and
+    // the aux routes (mountAuxiliaryRoutes) so both honor the same policy.
+    const cors = config.cors ?? { origin: '*' };
+    // Worker-side wires for defineView / defineRemoteFunction. Mounted before
+    // the kernel catch-all. Each aux route gets its own per-slug identity
+    // (issuer + key + the aux node's AbsolutePath as subject) so outbound
+    // `kernel.call(...)` from a handler signs with that path — matching the
+    // identity the install-time `subs` claim registered for the node, the
+    // same way Methods work.
+    if (auxiliary) {
+        const auxIdentities = buildAuxIdentityMap(compiled, config.privateKey, iss);
+        mountAuxiliaryRoutes({
+            app: hostApp,
+            url: auxiliary.url,
+            // oxlint-disable-next-line no-explicit-any
+            views: config.domain.views,
+            viewBindings: auxiliary.viewBindings,
+            remoteFunctions: config.domain.remoteFunctions,
+            remoteFunctionBindings: auxiliary.remoteFunctionBindings,
+            deps: config.deps,
+            identities: auxIdentities,
+            cors,
+        });
+    }
+    const { app } = createKernelApp({
+        kernel: dispatcher,
+        domain: config.domain.methods.map(toSdkContract),
+        host: { url: config.url },
+        jwks,
+        transports: config.transports,
+        cors,
+        health: config.health,
+        app: hostApp,
+        ws: config.ws,
+    });
+    return {
+        app,
+        // The canonical serving URL = the worker's `iss` identity. Exposed so a
+        // worker that also seeds `Identity.iss` on graph nodes (e.g. recruitment's
+        // self-seed) stamps the SAME canonical value the dispatcher signs with —
+        // never the raw env.WORKER_URL — so the kernel's exact-match lookup resolves.
+        iss,
+        async start(port) {
+            const nodeStartModule = './start';
+            const { startNodeServer } = await import(nodeStartModule);
+            return startNodeServer(app, port);
+        },
+    };
+}
+function bearerToken(header) {
+    if (!header)
+        return undefined;
+    const match = /^Bearer\s+(.+)$/i.exec(header.trim());
+    return match?.[1];
+}
+async function signInstallCredential(args) {
+    const alg = deriveAllowedAlgorithms(args.privateKey)[0];
+    if (!alg) {
+        throw new Error(`createRemoteServer: cannot derive install signing algorithm from JWK (kty=${args.privateKey.kty}).`);
+    }
+    const kid = args.privateKey.kid;
+    const header = typeof kid === 'string' ? { alg, kid } : { alg };
+    const key = await importJWK(args.privateKey, alg);
+    // `postInstall` + `requires` are signed (not just carried in the bundle) so a
+    // MITM can't retarget the system-authority hook or forge dependencies
+    return new SignJWT({
+        subs: args.subs,
+        nonce: args.nonce,
+        graph_hash: args.graphHash,
+        ...(args.postInstall ? { postInstall: args.postInstall } : {}),
+        ...(args.requires ? { requires: args.requires } : {}),
+    })
+        .setProtectedHeader(header)
+        .setIssuer(args.issuer)
+        .setSubject(args.issuer)
+        .setAudience(args.audience)
+        .setIssuedAt()
+        .setExpirationTime('10m')
+        .sign(key);
+}
+//# sourceMappingURL=create.js.map

package/dist/server/create.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create.js","sourceRoot":"","sources":["../../src/server/create.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAA;AACjE,OAAO,EACL,mBAAmB,EACnB,0BAA0B,EAC1B,gBAAgB,GACjB,MAAM,gCAAgC,CAAA;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAA;AAC3D,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAMzC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AACtD,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAA;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAA;AAClD,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAA;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAA;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAA;AACxC,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAA;AAEtD,MAAM,UAAU,kBAAkB,CAAQ,MAAiC;IACzE,MAAM,OAAO,GAAG,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IACvD,6EAA6E;IAC7E,8EAA8E;IAC9E,6EAA6E;IAC7E,2EAA2E;IAC3E,MAAM,GAAG,GAAG,sBAAsB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IAE9C,yEAAyE;IACzE,2EAA2E;IAC3E,2EAA2E;IAC3E,6DAA6D;IAC7D,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,uBAAuB,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAE3E,MAAM,UAAU,GAAG,IAAI,aAAa,CAAQ;QAC1C,QAAQ;QACR,OAAO;QACP,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,MAAM,EAAE,GAAG;QACX,sEAAsE;QACtE,2EAA2E;QAC3E,GAAG,EAAE,GAAG;KACT,CAAC,CAAA;IAEF,MAAM,SAAS,GAAG,eAAe,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;IACpD,MAAM,IAAI,GAAa;QACrB,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,SAAS,CAAC;KACrC,CAAA;IAED,wEAAwE;IACxE,qEAAqE;IACrE,6EAA6E;IAC7E,+EAA+E;IAC/E,qEAAqE;IACrE,6DAA6D;IAC7D,IAAI,gBAAgB,GAA2B,IAAI,CAAA;IACnD,MAAM,iBAAiB,GAAG,GAAoB,EAAE,CAC9C,MAAM,CAAC,IAAI,EAAE,UAAU,KAAK,SAAS;QACnC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QACzC,CAAC,CAAC,CAAC,gBAAgB,KAAK,qBAAqB,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAA;IAEtE,uEAAuE;IACvE,8CAA8C;IAC9C,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAA;IACxC,MAAM,QAAQ,GAAG;QACf,GAAG;QACH,SAAS,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS;QACjC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,UAAU,IAAI,QAAQ,CAAC,CAAC,CAAC,MAAM;KACzD,CAAA;IACD,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAC/B,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,GAAG,QAAQ,EAAE,UAAU,EAAE,MAAM,iBAAiB,EAAE,EAAE,CAAC,CAAC,CACjF,CAAA;IACD,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACnD,MAAM,MAAM,GAAG,0BAA0B,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAA;QACzF,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,CAAA;QACvF,CAAC;QAED,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAA;QACxD,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,EAAE,SAAS,EAAE,CAAC;gBAChC,CAAC;gBACD,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3B,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY;gBACtC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK;gBACxB,IAAI,EAAE,MAAM,CAAC,IAAI;aAClB,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,OAAO,EAAG,GAAa,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAA;QAClF,CAAC;QAED,0EAA0E;QAC1E,4EAA4E;QAC5E,2EAA2E;QAC3E,sDAAsD;QACtD,MAAM,KAAK,GAAG,iBAAiB,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;QACnD,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,KAAK,CAAC,CAAA;QAC/C,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAA;QAChC,2EAA2E;QAC3E,0EAA0E;QAC1E,kEAAkE;QAClE,MAAM,YAAY,GAAG;YACnB,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxF,CAAA;QACD,6EAA6E;QAC7E,6EAA6E;QAC7E,yCAAyC;QACzC,MAAM,UAAU,GAAG,MAAM,qBAAqB,CAAC;YAC7C,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,MAAM,EAAE,GAAG;YACX,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY;YAClC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK;YACxB,SAAS;YACT,IAAI,EAAE,mBAAmB,CAAC,QAAQ,CAAC;YACnC,GAAG,YAAY;SAChB,CAAC,CAAA;QAEF,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM;YACN,KAAK;YACL,QAAQ,EAAE,EAAE,UAAU,EAAE;YACxB,GAAG,YAAY;SAChB,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,6EAA6E;IAC7E,uEAAuE;IACvE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAA;IAE3C,0EAA0E;IAC1E,sEAAsE;IACtE,sEAAsE;IACtE,wEAAwE;IACxE,sEAAsE;IACtE,yBAAyB;IACzB,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,aAAa,GAAG,mBAAmB,CAAC,QAAQ,EAAE,MAAM,CAAC,UAAU,EAAE,GAAG,CAAC,CAAA;QAC3E,oBAAoB,CAAQ;YAC1B,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,SAAS,CAAC,GAAG;YAClB,2CAA2C;YAC3C,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,KAAmD;YACxE,YAAY,EAAE,SAAS,CAAC,YAAY;YACpC,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe;YAC9C,sBAAsB,EAAE,SAAS,CAAC,sBAAsB;YACxD,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,UAAU,EAAE,aAAa;YACzB,IAAI;SACL,CAAC,CAAA;IACJ,CAAC;IAED,MAAM,EAAE,GAAG,EAAE,GAAG,eAAe,CAAC;QAC9B,MAAM,EAAE,UAAU;QAClB,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;QAChD,IAAI,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE;QACzB,IAAI;QACJ,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,IAAI;QACJ,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,GAAG,EAAE,OAAO;QACZ,EAAE,EAAE,MAAM,CAAC,EAAE;KACd,CAAC,CAAA;IAEF,OAAO;QACL,GAAG;QACH,wEAAwE;QACxE,2EAA2E;QAC3E,yEAAyE;QACzE,8EAA8E;QAC9E,GAAG;QACH,KAAK,CAAC,KAAK,CAAC,IAAa;YACvB,MAAM,eAAe,GAAG,SAAS,CAAA;YACjC,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAA;YACzD,OAAO,eAAe,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QACnC,CAAC;KACF,CAAA;AACH,CAAC;AAED,SAAS,WAAW,CAAC,MAA0B;IAC7C,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAA;IAC7B,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;IACpD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAA;AACnB,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,IASpC;IACC,MAAM,GAAG,GAAG,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAA;IACvD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CACb,6EAA6E,IAAI,CAAC,UAAU,CAAC,GAAG,IAAI,CACrG,CAAA;IACH,CAAC;IACD,MAAM,GAAG,GAAI,IAAI,CAAC,UAAiD,CAAC,GAAG,CAAA;IACvE,MAAM,MAAM,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAA;IAC/D,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,CAAC,CAAA;IAEjD,8EAA8E;IAC9E,sEAAsE;IACtE,OAAO,IAAI,OAAO,CAAC;QACjB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,UAAU,EAAE,IAAI,CAAC,SAAS;QAC1B,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACtD,CAAC;SACC,kBAAkB,CAAC,MAAM,CAAC;SAC1B,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC;SACtB,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC;SACvB,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC1B,WAAW,EAAE;SACb,iBAAiB,CAAC,KAAK,CAAC;SACxB,IAAI,CAAC,GAAG,CAAC,CAAA;AACd,CAAC"}

package/dist/server/handle.d.ts

@@ -0,0 +1,35 @@
+/**
+ * `RemoteServer` and `RemoteServerHandle` — output shapes for the SDK server.
+ *
+ * `RemoteServer` is what `createRemoteServer` returns: the assembled Hono
+ * app plus a Node convenience helper. `RemoteServerHandle` is what `start()`
+ * resolves to: the bound port and a `close()` function for graceful shutdown.
+ */
+import type { Hono } from 'hono';
+export type RemoteServer = {
+    /**
+     * The assembled Hono app. Use `app.fetch` for any runtime
+     * (Bun, Deno, Cloudflare Workers, or Node via `@hono/node-server`).
+     */
+    app: Hono;
+    /**
+     * The worker's canonical serving URL — its `iss` identity (full URL, trailing
+     * slash stripped, base path preserved). The single value the dispatcher signs
+     * with and the kernel pins. Read it to seed `Identity.iss` on graph nodes so
+     * the seeded value matches the signing issuer (never re-derive from a raw env).
+     */
+    iss: string;
+    /**
+     * Convenience helper: start a Node HTTP server on the given port using
+     * `@hono/node-server` (loaded via dynamic import). For other runtimes,
+     * use `app.fetch` directly.
+     */
+    start: (port?: number) => Promise<RemoteServerHandle>;
+};
+export type RemoteServerHandle = {
+    /** The port the server is listening on (resolved even if `port: 0` was requested). */
+    port: number;
+    /** Stop the server and release the port. */
+    close: () => Promise<void>;
+};
+//# sourceMappingURL=handle.d.ts.map

package/dist/server/handle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handle.d.ts","sourceRoot":"","sources":["../../src/server/handle.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAEhC,MAAM,MAAM,YAAY,GAAG;IACzB;;;OAGG;IACH,GAAG,EAAE,IAAI,CAAA;IACT;;;;;OAKG;IACH,GAAG,EAAE,MAAM,CAAA;IACX;;;;OAIG;IACH,KAAK,EAAE,CAAC,IAAI,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAA;CACtD,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,sFAAsF;IACtF,IAAI,EAAE,MAAM,CAAA;IACZ,4CAA4C;IAC5C,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;CAC3B,CAAA"}