npm - @cat-factory/server - Versions diffs - 0.30.0 → 0.32.0 - Mend

@cat-factory/server 0.30.0 → 0.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (166) hide show

package/dist/github/GitHubPullRequestReviewProvider.js ADDED Viewed

@@ -0,0 +1,170 @@
+const EMPTY = {
+    headSha: null,
+    requiredApprovingReviewCount: 1,
+    assignedReviewers: [],
+    approvals: 0,
+    unresolvedThreads: [],
+    comments: [],
+};
+/** A GitHub App's own comments/reviews show as `<app-slug>[bot]`; treat those as the bot. */
+function isBotLogin(login) {
+    return login.endsWith('[bot]');
+}
+/** The standing review states that determine approval (a later COMMENTED/PENDING doesn't change it). */
+const STANDING = new Set(['APPROVED', 'CHANGES_REQUESTED', 'DISMISSED']);
+/**
+ * Reduce a PR's review event log to the count of distinct reviewers whose LATEST standing review
+ * is APPROVED. Mirrors GitHub's own rule: a `COMMENTED`/`PENDING` review after an approval does
+ * not dismiss it (only an explicit CHANGES_REQUESTED / DISMISSED does). Approvers are NOT filtered
+ * to the current requested-reviewer list — GitHub removes a reviewer from "requested" once they
+ * approve, so filtering there would never count an approval.
+ */
+function countApprovals(reviews) {
+    const latestByAuthor = new Map();
+    for (const r of reviews) {
+        if (!r.author || isBotLogin(r.author))
+            continue;
+        if (!STANDING.has(r.state))
+            continue;
+        latestByAuthor.set(r.author, r.state);
+    }
+    let approvals = 0;
+    for (const state of latestByAuthor.values())
+        if (state === 'APPROVED')
+            approvals++;
+    return approvals;
+}
+function toReviewThread(t) {
+    const first = t.comments[0];
+    const last = t.comments[t.comments.length - 1];
+    const body = (last?.body ?? '').trim();
+    return {
+        threadId: t.id,
+        author: first?.author ?? '',
+        bodyExcerpt: body.length > 280 ? `${body.slice(0, 277)}…` : body,
+        path: t.path,
+        line: t.line,
+        isBot: isBotLogin(last?.author ?? ''),
+        latestCommentAt: t.comments.reduce((m, c) => Math.max(m, c.createdAt), 0),
+    };
+}
+/**
+ * Reads a block's PR human-review state from GitHub for the `human-review` gate: assigned
+ * reviewers, the approval count (vs branch-protection's required count), the unresolved review
+ * threads and the plain PR comments. Reads LIVE each poll (no projection table), mirroring
+ * {@link GitHubCiStatusProvider}. Returns the empty snapshot (`headSha: null`) when there is no
+ * resolvable PR branch + number yet (the engine treats that as "nothing to gate").
+ */
+export class GitHubPullRequestReviewProvider {
+    deps;
+    constructor(deps) {
+        this.deps = deps;
+    }
+    async getReview(workspaceId, blockId, cachedRequiredApprovingReviewCount) {
+        const block = await this.deps.blockRepository.get(workspaceId, blockId);
+        const branch = block?.pullRequest?.branch;
+        const number = block?.pullRequest?.number;
+        if (!branch || number == null)
+            return EMPTY;
+        const target = await this.deps.resolveRepoTarget(workspaceId, blockId);
+        if (!target)
+            return EMPTY;
+        const ref = { owner: target.owner, repo: target.name };
+        const gh = this.deps.githubClient;
+        // Head commit of the PR branch (the latest commit on the ref), for the GateProbe. This gate
+        // polls indefinitely, so use the exact single-ref lookup (one API call, correctly 404→null on
+        // a deleted branch) rather than paginating the whole branch history just to read its tip.
+        const headSha = await gh.branchHeadSha(target.installationId, ref, branch);
+        if (!headSha)
+            return EMPTY;
+        // The required-approval count is static repo config (branch protection), so the gate caches
+        // it after the first probe and passes it back here — skip BOTH the base-branch lookup and the
+        // protection read on every subsequent poll. On the first probe (no cache) read protection
+        // against the PR's ACTUAL base branch (`pulls/{n}.base.ref`), not the repo default: a PR into
+        // a stricter protected branch (e.g. a release branch requiring 2 approvals) must be gated
+        // against its own rule. Fall back to the resolved repo default when the base ref is unreadable.
+        const requiredCount = cachedRequiredApprovingReviewCount != null
+            ? cachedRequiredApprovingReviewCount
+            : await this.resolveRequiredApprovingReviewCount(target, ref, number);
+        // The reviews (approval) + unresolved threads are needed on EVERY poll. The plain issue
+        // comments and the assigned-reviewer list are consulted by the gate ONLY while the PR is
+        // not yet approved — `classifyHumanReview` discards comments once approved, and the
+        // assigned-reviewer list only feeds the "assign a reviewer" awaiting-approval card — so
+        // skip those two reads once the PR is approved. Over an indefinite review wait that trims
+        // the per-poll GitHub reads in the approved-with-open-threads window. (The dominant
+        // not-yet-approved wait still needs all four; the GraphQL thread read has no etag, so it
+        // can't be made conditional.) `approved` MUST mirror the gate's `isApproved` floor
+        // (`max(1, requiredApprovingReviewCount)` — see review.logic.ts) so the provider never
+        // skips a read the gate would have consulted.
+        const [reviews, threads] = await Promise.all([
+            gh.listPullRequestReviews?.(target.installationId, ref, number) ?? Promise.resolve([]),
+            gh.listReviewThreads?.(target.installationId, ref, number) ?? Promise.resolve([]),
+        ]);
+        const approvals = countApprovals(reviews);
+        const approved = approvals >= Math.max(1, requiredCount);
+        const [assignedReviewers, comments] = approved
+            ? [[], []]
+            : await Promise.all([
+                gh.listRequestedReviewers?.(target.installationId, ref, number) ?? Promise.resolve([]),
+                gh.listIssueComments?.(target.installationId, ref, number) ?? Promise.resolve([]),
+            ]);
+        return {
+            headSha,
+            requiredApprovingReviewCount: requiredCount,
+            assignedReviewers,
+            approvals,
+            unresolvedThreads: threads.filter((t) => !t.isResolved).map(toReviewThread),
+            comments: comments.map((c) => ({
+                id: c.id,
+                author: c.author,
+                body: c.body,
+                createdAt: c.createdAt,
+                isBot: isBotLogin(c.author),
+            })),
+        };
+    }
+    /** Read branch-protection's required-approval count against the PR's actual base branch. */
+    async resolveRequiredApprovingReviewCount(target, ref, number) {
+        const gh = this.deps.githubClient;
+        if (!gh.getRequiredApprovingReviewCount)
+            return 1;
+        const baseRef = (await gh.getPullRequestBaseRef?.(target.installationId, ref, number)) ?? target.baseBranch;
+        return gh.getRequiredApprovingReviewCount(target.installationId, ref, baseRef);
+    }
+    async resolveThreads(workspaceId, blockId, threadIds, reply) {
+        if (threadIds.length === 0)
+            return;
+        const target = await this.deps.resolveRepoTarget(workspaceId, blockId);
+        if (!target)
+            return;
+        const ref = { owner: target.owner, repo: target.name };
+        const gh = this.deps.githubClient;
+        const wantsReply = reply.trim().length > 0;
+        const failed = [];
+        for (const threadId of threadIds) {
+            try {
+                // RESOLVE first, then (only if a reply was requested) post the courtesy reply. Doing the
+                // state-changing resolve before the cosmetic reply guarantees we never leave a bot reply
+                // as a thread's latest comment while it is still unresolved — that combination would hide
+                // the thread from the gate's outstanding set (bot-latest is treated as "addressed") yet
+                // leave it open forever. An empty `reply` means "resolve only" (the probe's reconcile
+                // retry passes ''), so a retry never double-posts the reply.
+                await gh.resolveReviewThread?.(target.installationId, ref, threadId);
+                if (wantsReply)
+                    await gh.replyToReviewThread?.(target.installationId, ref, threadId, reply);
+            }
+            catch {
+                // Best-effort per thread: keep going so a single bad thread doesn't strand the rest.
+                failed.push(threadId);
+            }
+        }
+        // Surface a partial failure to the caller. The gate's onHelperComplete RETAINS the handed
+        // thread ids when this throws so the next probe's reconcile retries exactly those (a
+        // swallowed failure here would let the gate clear its stash and re-dispatch a whole fixer
+        // round for an already-fixed thread instead of the cheap resolve-only reconcile).
+        if (failed.length > 0) {
+            throw new Error(`Failed to resolve ${failed.length} review thread(s): ${failed.join(', ')}`);
+        }
+    }
+}
+//# sourceMappingURL=GitHubPullRequestReviewProvider.js.map

package/dist/github/GitHubPullRequestReviewProvider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"GitHubPullRequestReviewProvider.js","sourceRoot":"","sources":["../../src/github/GitHubPullRequestReviewProvider.ts"],"names":[],"mappings":"AAmBA,MAAM,KAAK,GAA8B;IACvC,OAAO,EAAE,IAAI;IACb,4BAA4B,EAAE,CAAC;IAC/B,iBAAiB,EAAE,EAAE;IACrB,SAAS,EAAE,CAAC;IACZ,iBAAiB,EAAE,EAAE;IACrB,QAAQ,EAAE,EAAE;CACb,CAAA;AAED,6FAA6F;AAC7F,SAAS,UAAU,CAAC,KAAa;IAC/B,OAAO,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;AAChC,CAAC;AAED,wGAAwG;AACxG,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,EAAE,mBAAmB,EAAE,WAAW,CAAC,CAAC,CAAA;AAExE;;;;;;GAMG;AACH,SAAS,cAAc,CAAC,OAAkC;IACxD,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAA;IAChD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;YAAE,SAAQ;QAC/C,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC;YAAE,SAAQ;QACpC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAA;IACvC,CAAC;IACD,IAAI,SAAS,GAAG,CAAC,CAAA;IACjB,KAAK,MAAM,KAAK,IAAI,cAAc,CAAC,MAAM,EAAE;QAAE,IAAI,KAAK,KAAK,UAAU;YAAE,SAAS,EAAE,CAAA;IAClF,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,CAMvB;IACC,MAAM,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAA;IAC3B,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IAC9C,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;IACtC,OAAO;QACL,QAAQ,EAAE,CAAC,CAAC,EAAE;QACd,MAAM,EAAE,KAAK,EAAE,MAAM,IAAI,EAAE;QAC3B,WAAW,EAAE,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI;QAChE,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE,UAAU,CAAC,IAAI,EAAE,MAAM,IAAI,EAAE,CAAC;QACrC,eAAe,EAAE,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;KAC1E,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,+BAA+B;IACb,IAAI;IAAjC,YAA6B,IAAiD;oBAAjD,IAAI;IAAgD,CAAC;IAElF,KAAK,CAAC,SAAS,CACb,WAAmB,EACnB,OAAe,EACf,kCAAkD;QAElD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;QACvE,MAAM,MAAM,GAAG,KAAK,EAAE,WAAW,EAAE,MAAM,CAAA;QACzC,MAAM,MAAM,GAAG,KAAK,EAAE,WAAW,EAAE,MAAM,CAAA;QACzC,IAAI,CAAC,MAAM,IAAI,MAAM,IAAI,IAAI;YAAE,OAAO,KAAK,CAAA;QAE3C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;QACtE,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;QACzB,MAAM,GAAG,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAA;QACtD,MAAM,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,CAAA;QAEjC,4FAA4F;QAC5F,8FAA8F;QAC9F,0FAA0F;QAC1F,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QAC1E,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAA;QAE1B,4FAA4F;QAC5F,8FAA8F;QAC9F,0FAA0F;QAC1F,8FAA8F;QAC9F,0FAA0F;QAC1F,gGAAgG;QAChG,MAAM,aAAa,GACjB,kCAAkC,IAAI,IAAI;YACxC,CAAC,CAAC,kCAAkC;YACpC,CAAC,CAAC,MAAM,IAAI,CAAC,mCAAmC,CAAC,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QAEzE,wFAAwF;QACxF,yFAAyF;QACzF,oFAAoF;QACpF,wFAAwF;QACxF,0FAA0F;QAC1F,oFAAoF;QACpF,yFAAyF;QACzF,mFAAmF;QACnF,uFAAuF;QACvF,8CAA8C;QAC9C,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAC3C,EAAE,CAAC,sBAAsB,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,EAAE,MAAM,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACtF,EAAE,CAAC,iBAAiB,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,EAAE,MAAM,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;SAClF,CAAC,CAAA;QACF,MAAM,SAAS,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;QACzC,MAAM,QAAQ,GAAG,SAAS,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,aAAa,CAAC,CAAA;QACxD,MAAM,CAAC,iBAAiB,EAAE,QAAQ,CAAC,GAAG,QAAQ;YAC5C,CAAC,CAAC,CAAC,EAAc,EAAE,EAAgC,CAAC;YACpD,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC;gBAChB,EAAE,CAAC,sBAAsB,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,EAAE,MAAM,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtF,EAAE,CAAC,iBAAiB,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,EAAE,MAAM,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;aAClF,CAAC,CAAA;QAEN,OAAO;YACL,OAAO;YACP,4BAA4B,EAAE,aAAa;YAC3C,iBAAiB;YACjB,SAAS;YACT,iBAAiB,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC;YAC3E,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC7B,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;aAC5B,CAAC,CAAC;SACJ,CAAA;IACH,CAAC;IAED,4FAA4F;IACpF,KAAK,CAAC,mCAAmC,CAC/C,MAAsD,EACtD,GAAoC,EACpC,MAAc;QAEd,MAAM,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,CAAA;QACjC,IAAI,CAAC,EAAE,CAAC,+BAA+B;YAAE,OAAO,CAAC,CAAA;QACjD,MAAM,OAAO,GACX,CAAC,MAAM,EAAE,CAAC,qBAAqB,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC,IAAI,MAAM,CAAC,UAAU,CAAA;QAC7F,OAAO,EAAE,CAAC,+BAA+B,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IAChF,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,WAAmB,EACnB,OAAe,EACf,SAAmB,EACnB,KAAa;QAEb,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;YAAE,OAAM;QAClC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;QACtE,IAAI,CAAC,MAAM;YAAE,OAAM;QACnB,MAAM,GAAG,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAA;QACtD,MAAM,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,CAAA;QACjC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAA;QAC1C,MAAM,MAAM,GAAa,EAAE,CAAA;QAC3B,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC;gBACH,yFAAyF;gBACzF,yFAAyF;gBACzF,0FAA0F;gBAC1F,wFAAwF;gBACxF,sFAAsF;gBACtF,6DAA6D;gBAC7D,MAAM,EAAE,CAAC,mBAAmB,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAA;gBACpE,IAAI,UAAU;oBAAE,MAAM,EAAE,CAAC,mBAAmB,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAA;YAC7F,CAAC;YAAC,MAAM,CAAC;gBACP,qFAAqF;gBACrF,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;YACvB,CAAC;QACH,CAAC;QACD,0FAA0F;QAC1F,qFAAqF;QACrF,0FAA0F;QAC1F,kFAAkF;QAClF,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,qBAAqB,MAAM,CAAC,MAAM,sBAAsB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC9F,CAAC;IACH,CAAC;CACF"}

package/dist/http/errorHandler.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"errorHandler.d.ts","sourceRoot":"","sources":["../../src/http/errorHandler.ts"],"names":[],"mappings":"~~AACA~~,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAanC,oEAAoE;AACpE,wBAAgB,WAAW,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,GAAG,QAAQ,~~CA2BhE~~"}
1	+ {"version":3,"file":"errorHandler.d.ts","sourceRoot":"","sources":["../../src/http/errorHandler.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAanC,oEAAoE;AACpE,wBAAgB,WAAW,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,GAAG,QAAQ,CAmDhE"}

package/dist/http/errorHandler.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { DomainError } from '@cat-factory/kernel';
+import { SchemaValidationError } from '@toad-contracts/core';
 import { logger } from '../observability/logger.js';
 const STATUS_BY_CODE = {
     not_found: 404,
@@ -10,6 +11,25 @@ const STATUS_BY_CODE = {
 };
 /** Maps domain errors to HTTP responses; anything else is a 500. */
 export function handleError(error, c) {
+    // A contract request schema (path/query/header/body) rejected the input. Surface the
+    // same `{ error: { code: 'validation', ... } }` envelope the old @hono/valibot-validator
+    // `jsonBody` middleware produced, so the wire shape is unchanged after the contract migration.
+    if (error instanceof SchemaValidationError) {
+        return c.json({
+            error: {
+                code: 'validation',
+                message: 'Request failed validation',
+                issues: error.issues.map((issue) => ({
+                    path: issue.path
+                        ?.map((segment) => typeof segment === 'object' && segment !== null && 'key' in segment
+                        ? String(segment.key)
+                        : String(segment))
+                        .join('.'),
+                    message: issue.message,
+                })),
+            },
+        }, 400);
+    }
     if (error instanceof DomainError) {
         return c.json({
             error: {

package/dist/http/errorHandler.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"errorHandler.js","sourceRoot":"","sources":["../../src/http/errorHandler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;~~AAGjD~~,OAAO,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAA;AAEnD,MAAM,cAAc,GAAsD;IACxE,SAAS,EAAE,GAAG;IACd,UAAU,EAAE,GAAG;IACf,QAAQ,EAAE,GAAG;IACb,mFAAmF;IACnF,qFAAqF;IACrF,mBAAmB,EAAE,GAAG;CACzB,CAAA;AAED,oEAAoE;AACpE,MAAM,UAAU,WAAW,CAAC,KAAc,EAAE,CAAU;IACpD,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;QACjC,OAAO,CAAC,CAAC,IAAI,CACX;YACE,KAAK,EAAE;gBACL,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACrD;SACF,EACD,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,CAC3B,CAAA;IACH,CAAC;IACD,6EAA6E;IAC7E,gCAAgC;IAChC,MAAM,CAAC,KAAK,CACV;QACE,GAAG,EACD,KAAK,YAAY,KAAK;YACpB,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE;YAChD,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE;QAChC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM;QACpB,IAAI,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ;KAClC,EACD,yBAAyB,CAC1B,CAAA;IACD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,uBAAuB,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;AACvF,CAAC"}
1	+ {"version":3,"file":"errorHandler.js","sourceRoot":"","sources":["../../src/http/errorHandler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AACjD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAA;AAG5D,OAAO,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAA;AAEnD,MAAM,cAAc,GAAsD;IACxE,SAAS,EAAE,GAAG;IACd,UAAU,EAAE,GAAG;IACf,QAAQ,EAAE,GAAG;IACb,mFAAmF;IACnF,qFAAqF;IACrF,mBAAmB,EAAE,GAAG;CACzB,CAAA;AAED,oEAAoE;AACpE,MAAM,UAAU,WAAW,CAAC,KAAc,EAAE,CAAU;IACpD,qFAAqF;IACrF,yFAAyF;IACzF,+FAA+F;IAC/F,IAAI,KAAK,YAAY,qBAAqB,EAAE,CAAC;QAC3C,OAAO,CAAC,CAAC,IAAI,CACX;YACE,KAAK,EAAE;gBACL,IAAI,EAAE,YAAY;gBAClB,OAAO,EAAE,2BAA2B;gBACpC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;oBACnC,IAAI,EAAE,KAAK,CAAC,IAAI;wBACd,EAAE,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAChB,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,IAAI,KAAK,IAAI,OAAO;wBACjE,CAAC,CAAC,MAAM,CAAE,OAAgC,CAAC,GAAG,CAAC;wBAC/C,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CACpB;yBACA,IAAI,CAAC,GAAG,CAAC;oBACZ,OAAO,EAAE,KAAK,CAAC,OAAO;iBACvB,CAAC,CAAC;aACJ;SACF,EACD,GAAG,CACJ,CAAA;IACH,CAAC;IACD,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;QACjC,OAAO,CAAC,CAAC,IAAI,CACX;YACE,KAAK,EAAE;gBACL,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACrD;SACF,EACD,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,CAC3B,CAAA;IACH,CAAC;IACD,6EAA6E;IAC7E,gCAAgC;IAChC,MAAM,CAAC,KAAK,CACV;QACE,GAAG,EACD,KAAK,YAAY,KAAK;YACpB,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE;YAChD,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE;QAChC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM;QACpB,IAAI,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ;KAClC,EACD,yBAAyB,CAC1B,CAAA;IACD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,uBAAuB,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;AACvF,CAAC"}

package/dist/index.d.ts CHANGED Viewed

@@ -25,7 +25,6 @@ export { FanOutEventPublisher, type FanOutEventPublisherDependencies, } from './
 export { InAppNotificationChannel } from './events/InAppNotificationChannel.js';
 export { mountAuthGate } from './http/authGate.js';
 export { param } from './http/params.js';
-export { jsonBody } from './http/validation.js';
 export { handleError } from './http/errorHandler.js';
 export { parseAllowedOrigins, resolveCorsOrigin } from './http/cors.js';
 export { base64url, base64urlToBytes, pkcs8PemToDer, timingSafeEqual } from './crypto/encoding.js';
@@ -39,6 +38,7 @@ export { FetchGitHubClient, GitHubApiError, type FetchGitHubClientDependencies,
 export { FetchGitHubProvisioningClient, type FetchGitHubProvisioningClientDependencies, } from './github/FetchGitHubProvisioningClient.js';
 export { WebCryptoWebhookVerifier } from './github/WebCryptoWebhookVerifier.js';
 export { GitHubCiStatusProvider, type GitHubCiStatusProviderDependencies, } from './github/GitHubCiStatusProvider.js';
+export { GitHubPullRequestReviewProvider, type GitHubPullRequestReviewProviderDependencies, } from './github/GitHubPullRequestReviewProvider.js';
 export { GitHubMergeabilityProvider, classifyMergeability, type GitHubMergeabilityProviderDependencies, } from './github/GitHubMergeabilityProvider.js';
 export { GitHubBranchUpdater, type GitHubBranchUpdaterDependencies, } from './github/GitHubBranchUpdater.js';
 export { GitHubPullRequestMerger, type GitHubPullRequestMergerDependencies, } from './github/GitHubPullRequestMerger.js';

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,MAAM,EAAE,KAAK,MAAM,EAAE,MAAM,2BAA2B,CAAA;AAC/D,OAAO,EAAE,KAAK,MAAM,EAAE,KAAK,eAAe,EAAE,MAAM,eAAe,CAAA;AACjE,OAAO,EACL,KAAK,uBAAuB,EAC5B,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,eAAe,EACpB,KAAK,iBAAiB,GACvB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EACL,sBAAsB,EACtB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,GACzB,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAA;AAC/E,OAAO,EAAE,WAAW,EAAE,KAAK,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAClE,OAAO,EACL,WAAW,EACX,KAAK,uBAAuB,EAC5B,KAAK,cAAc,GACpB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EACL,WAAW,EACX,KAAK,uBAAuB,EAC5B,KAAK,cAAc,GACpB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAA;AAC7E,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAA;AACxF,OAAO,EAAE,kBAAkB,EAAE,MAAM,0CAA0C,CAAA;AAC7E,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,SAAS,GACf,MAAM,yCAAyC,CAAA;AAIhD,OAAO,EAAE,sBAAsB,EAAE,MAAM,oCAAoC,CAAA;AAC3E,OAAO,EACL,sBAAsB,EACtB,KAAK,kCAAkC,EACvC,KAAK,UAAU,EACf,KAAK,iBAAiB,EACtB,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,GACtB,MAAM,oCAAoC,CAAA;AAC3C,OAAO,EAAE,uBAAuB,EAAE,KAAK,qBAAqB,EAAE,MAAM,8BAA8B,CAAA;AAClG,OAAO,EAAE,eAAe,EAAE,KAAK,sBAAsB,EAAE,MAAM,6BAA6B,CAAA;AAC1F,OAAO,EACL,iCAAiC,EACjC,KAAK,0BAA0B,GAChC,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EACL,4BAA4B,EAC5B,KAAK,kBAAkB,GACxB,MAAM,kCAAkC,CAAA;AACzC,OAAO,EACL,yBAAyB,EACzB,KAAK,qCAAqC,GAC3C,MAAM,uCAAuC,CAAA;AAC9C,OAAO,EACL,sBAAsB,EACtB,KAAK,6BAA6B,GACnC,MAAM,+BAA+B,CAAA;AAGtC,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,yBAAyB,EACzB,UAAU,GACX,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAC9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAA;AAClD,OAAO,EACL,oBAAoB,EACpB,KAAK,gCAAgC,GACtC,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAA;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAA;AACxC,OAAO,EAAE,~~QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,~~WAAW,EAAE,MAAM,wBAAwB,CAAA;AACpD,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACvE,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AAIlG,OAAO,EACL,qBAAqB,EACrB,KAAK,4BAA4B,GAClC,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,6BAA6B,EAAE,MAAM,2CAA2C,CAAA;AACzF,OAAO,EAAE,aAAa,EAAE,KAAK,yBAAyB,EAAE,MAAM,2BAA2B,CAAA;AACzF,OAAO,EACL,iBAAiB,EACjB,KAAK,6BAA6B,EAClC,KAAK,aAAa,EAClB,KAAK,cAAc,GACpB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAA;AAKpF,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,KAAK,6BAA6B,GACnC,MAAM,+BAA+B,CAAA;AAGtC,OAAO,EACL,6BAA6B,EAC7B,KAAK,yCAAyC,GAC/C,MAAM,2CAA2C,CAAA;AAClD,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EACL,sBAAsB,EACtB,KAAK,kCAAkC,GACxC,MAAM,oCAAoC,CAAA;AAC3C,OAAO,EACL,0BAA0B,EAC1B,oBAAoB,EACpB,KAAK,sCAAsC,GAC5C,MAAM,wCAAwC,CAAA;AAC/C,OAAO,EACL,mBAAmB,EACnB,KAAK,+BAA+B,GACrC,MAAM,iCAAiC,CAAA;AACxC,OAAO,EACL,uBAAuB,EACvB,KAAK,mCAAmC,GACzC,MAAM,qCAAqC,CAAA;AAC5C,OAAO,EACL,UAAU,EACV,cAAc,EACd,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,aAAa,GACnB,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,KAAK,QAAQ,EACb,KAAK,aAAa,GACnB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,YAAY,EACZ,SAAS,EACT,UAAU,EACV,mBAAmB,EACnB,eAAe,EACf,WAAW,EACX,kBAAkB,EAClB,eAAe,EACf,qBAAqB,EACrB,YAAY,EACZ,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,mBAAmB,EACnB,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,WAAW,GACZ,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAA;AAI/D,cAAc,0BAA0B,CAAA;AACxC,cAAc,kCAAkC,CAAA"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,MAAM,EAAE,KAAK,MAAM,EAAE,MAAM,2BAA2B,CAAA;AAC/D,OAAO,EAAE,KAAK,MAAM,EAAE,KAAK,eAAe,EAAE,MAAM,eAAe,CAAA;AACjE,OAAO,EACL,KAAK,uBAAuB,EAC5B,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,eAAe,EACpB,KAAK,iBAAiB,GACvB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EACL,sBAAsB,EACtB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,GACzB,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAA;AAC/E,OAAO,EAAE,WAAW,EAAE,KAAK,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAClE,OAAO,EACL,WAAW,EACX,KAAK,uBAAuB,EAC5B,KAAK,cAAc,GACpB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EACL,WAAW,EACX,KAAK,uBAAuB,EAC5B,KAAK,cAAc,GACpB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAA;AAC7E,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAA;AACxF,OAAO,EAAE,kBAAkB,EAAE,MAAM,0CAA0C,CAAA;AAC7E,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,SAAS,GACf,MAAM,yCAAyC,CAAA;AAIhD,OAAO,EAAE,sBAAsB,EAAE,MAAM,oCAAoC,CAAA;AAC3E,OAAO,EACL,sBAAsB,EACtB,KAAK,kCAAkC,EACvC,KAAK,UAAU,EACf,KAAK,iBAAiB,EACtB,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,GACtB,MAAM,oCAAoC,CAAA;AAC3C,OAAO,EAAE,uBAAuB,EAAE,KAAK,qBAAqB,EAAE,MAAM,8BAA8B,CAAA;AAClG,OAAO,EAAE,eAAe,EAAE,KAAK,sBAAsB,EAAE,MAAM,6BAA6B,CAAA;AAC1F,OAAO,EACL,iCAAiC,EACjC,KAAK,0BAA0B,GAChC,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EACL,4BAA4B,EAC5B,KAAK,kBAAkB,GACxB,MAAM,kCAAkC,CAAA;AACzC,OAAO,EACL,yBAAyB,EACzB,KAAK,qCAAqC,GAC3C,MAAM,uCAAuC,CAAA;AAC9C,OAAO,EACL,sBAAsB,EACtB,KAAK,6BAA6B,GACnC,MAAM,+BAA+B,CAAA;AAGtC,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,yBAAyB,EACzB,UAAU,GACX,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAC9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAA;AAClD,OAAO,EACL,oBAAoB,EACpB,KAAK,gCAAgC,GACtC,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAA;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAA;AACxC,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA;AACpD,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACvE,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AAIlG,OAAO,EACL,qBAAqB,EACrB,KAAK,4BAA4B,GAClC,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,6BAA6B,EAAE,MAAM,2CAA2C,CAAA;AACzF,OAAO,EAAE,aAAa,EAAE,KAAK,yBAAyB,EAAE,MAAM,2BAA2B,CAAA;AACzF,OAAO,EACL,iBAAiB,EACjB,KAAK,6BAA6B,EAClC,KAAK,aAAa,EAClB,KAAK,cAAc,GACpB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAA;AAKpF,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,KAAK,6BAA6B,GACnC,MAAM,+BAA+B,CAAA;AAGtC,OAAO,EACL,6BAA6B,EAC7B,KAAK,yCAAyC,GAC/C,MAAM,2CAA2C,CAAA;AAClD,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EACL,sBAAsB,EACtB,KAAK,kCAAkC,GACxC,MAAM,oCAAoC,CAAA;AAC3C,OAAO,EACL,+BAA+B,EAC/B,KAAK,2CAA2C,GACjD,MAAM,6CAA6C,CAAA;AACpD,OAAO,EACL,0BAA0B,EAC1B,oBAAoB,EACpB,KAAK,sCAAsC,GAC5C,MAAM,wCAAwC,CAAA;AAC/C,OAAO,EACL,mBAAmB,EACnB,KAAK,+BAA+B,GACrC,MAAM,iCAAiC,CAAA;AACxC,OAAO,EACL,uBAAuB,EACvB,KAAK,mCAAmC,GACzC,MAAM,qCAAqC,CAAA;AAC5C,OAAO,EACL,UAAU,EACV,cAAc,EACd,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,aAAa,GACnB,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,KAAK,QAAQ,EACb,KAAK,aAAa,GACnB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,YAAY,EACZ,SAAS,EACT,UAAU,EACV,mBAAmB,EACnB,eAAe,EACf,WAAW,EACX,kBAAkB,EAClB,eAAe,EACf,qBAAqB,EACrB,YAAY,EACZ,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,mBAAmB,EACnB,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,WAAW,GACZ,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAA;AAI/D,cAAc,0BAA0B,CAAA;AACxC,cAAc,kCAAkC,CAAA"}

package/dist/index.js CHANGED Viewed

@@ -34,7 +34,6 @@ export { FanOutEventPublisher, } from './events/FanOutEventPublisher.js';
 export { InAppNotificationChannel } from './events/InAppNotificationChannel.js';
 export { mountAuthGate } from './http/authGate.js';
 export { param } from './http/params.js';
-export { jsonBody } from './http/validation.js';
 export { handleError } from './http/errorHandler.js';
 export { parseAllowedOrigins, resolveCorsOrigin } from './http/cors.js';
 export { base64url, base64urlToBytes, pkcs8PemToDer, timingSafeEqual } from './crypto/encoding.js';
@@ -57,6 +56,7 @@ export { FetchGitHubClient, GitHubApiError, } from './github/FetchGitHubClient.j
 export { FetchGitHubProvisioningClient, } from './github/FetchGitHubProvisioningClient.js';
 export { WebCryptoWebhookVerifier } from './github/WebCryptoWebhookVerifier.js';
 export { GitHubCiStatusProvider, } from './github/GitHubCiStatusProvider.js';
+export { GitHubPullRequestReviewProvider, } from './github/GitHubPullRequestReviewProvider.js';
 export { GitHubMergeabilityProvider, classifyMergeability, } from './github/GitHubMergeabilityProvider.js';
 export { GitHubBranchUpdater, } from './github/GitHubBranchUpdater.js';
 export { GitHubPullRequestMerger, } from './github/GitHubPullRequestMerger.js';

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAClF,gFAAgF;AAChF,8EAA8E;AAC9E,qEAAqE;AACrE,OAAO,EAAE,MAAM,EAAe,MAAM,2BAA2B,CAAA;AAC/D,OAAO,EAAqC,MAAM,eAAe,CAAA;AACjE,OAAO,EAYN,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EACL,sBAAsB,EACtB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,GACzB,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAA;AAC/E,OAAO,EAAE,WAAW,EAAqB,MAAM,mBAAmB,CAAA;AAClE,OAAO,EACL,WAAW,GAGZ,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EACL,WAAW,GAGZ,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAA;AAC7E,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAA;AACxF,OAAO,EAAE,kBAAkB,EAAE,MAAM,0CAA0C,CAAA;AAC7E,OAAO,EACL,uBAAuB,EACvB,sBAAsB,GAGvB,MAAM,yCAAyC,CAAA;AAChD,mFAAmF;AACnF,kFAAkF;AAClF,oFAAoF;AACpF,OAAO,EAAE,sBAAsB,EAAE,MAAM,oCAAoC,CAAA;AAC3E,OAAO,EACL,sBAAsB,GAMvB,MAAM,oCAAoC,CAAA;AAC3C,OAAO,EAAE,uBAAuB,EAA8B,MAAM,8BAA8B,CAAA;AAClG,OAAO,EAAE,eAAe,EAA+B,MAAM,6BAA6B,CAAA;AAC1F,OAAO,EACL,iCAAiC,GAElC,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EACL,4BAA4B,GAE7B,MAAM,kCAAkC,CAAA;AACzC,OAAO,EACL,yBAAyB,GAE1B,MAAM,uCAAuC,CAAA;AAC9C,OAAO,EACL,sBAAsB,GAEvB,MAAM,+BAA+B,CAAA;AACtC,qFAAqF;AACrF,4FAA4F;AAC5F,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,yBAAyB,EACzB,UAAU,GACX,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAC9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAA;AAClD,OAAO,EACL,oBAAoB,GAErB,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAA;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAA;AACxC,OAAO,EAAE,~~QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,~~WAAW,EAAE,MAAM,wBAAwB,CAAA;AACpD,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACvE,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AAClG,kFAAkF;AAClF,8EAA8E;AAC9E,kEAAkE;AAClE,OAAO,EACL,qBAAqB,GAEtB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,6BAA6B,EAAE,MAAM,2CAA2C,CAAA;AACzF,OAAO,EAAE,aAAa,EAAkC,MAAM,2BAA2B,CAAA;AACzF,OAAO,EACL,iBAAiB,GAIlB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAA;AACpF,gFAAgF;AAChF,kFAAkF;AAClF,qFAAqF;AACrF,6BAA6B;AAC7B,OAAO,EACL,iBAAiB,EACjB,cAAc,GAEf,MAAM,+BAA+B,CAAA;AACtC,oFAAoF;AACpF,qEAAqE;AACrE,OAAO,EACL,6BAA6B,GAE9B,MAAM,2CAA2C,CAAA;AAClD,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EACL,sBAAsB,GAEvB,MAAM,oCAAoC,CAAA;AAC3C,OAAO,EACL,0BAA0B,EAC1B,oBAAoB,GAErB,MAAM,wCAAwC,CAAA;AAC/C,OAAO,EACL,mBAAmB,GAEpB,MAAM,iCAAiC,CAAA;AACxC,OAAO,EACL,uBAAuB,GAExB,MAAM,qCAAqC,CAAA;AAC5C,OAAO,EACL,UAAU,EACV,cAAc,GAIf,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,GAGb,MAAM,oBAAoB,CAAA;AAqB3B,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAA;AAE/D,mFAAmF;AACnF,iEAAiE;AACjE,cAAc,0BAA0B,CAAA;AACxC,cAAc,kCAAkC,CAAA"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAClF,gFAAgF;AAChF,8EAA8E;AAC9E,qEAAqE;AACrE,OAAO,EAAE,MAAM,EAAe,MAAM,2BAA2B,CAAA;AAC/D,OAAO,EAAqC,MAAM,eAAe,CAAA;AACjE,OAAO,EAYN,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EACL,sBAAsB,EACtB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,GACzB,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAA;AAC/E,OAAO,EAAE,WAAW,EAAqB,MAAM,mBAAmB,CAAA;AAClE,OAAO,EACL,WAAW,GAGZ,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EACL,WAAW,GAGZ,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAA;AAC7E,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAA;AACxF,OAAO,EAAE,kBAAkB,EAAE,MAAM,0CAA0C,CAAA;AAC7E,OAAO,EACL,uBAAuB,EACvB,sBAAsB,GAGvB,MAAM,yCAAyC,CAAA;AAChD,mFAAmF;AACnF,kFAAkF;AAClF,oFAAoF;AACpF,OAAO,EAAE,sBAAsB,EAAE,MAAM,oCAAoC,CAAA;AAC3E,OAAO,EACL,sBAAsB,GAMvB,MAAM,oCAAoC,CAAA;AAC3C,OAAO,EAAE,uBAAuB,EAA8B,MAAM,8BAA8B,CAAA;AAClG,OAAO,EAAE,eAAe,EAA+B,MAAM,6BAA6B,CAAA;AAC1F,OAAO,EACL,iCAAiC,GAElC,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EACL,4BAA4B,GAE7B,MAAM,kCAAkC,CAAA;AACzC,OAAO,EACL,yBAAyB,GAE1B,MAAM,uCAAuC,CAAA;AAC9C,OAAO,EACL,sBAAsB,GAEvB,MAAM,+BAA+B,CAAA;AACtC,qFAAqF;AACrF,4FAA4F;AAC5F,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,yBAAyB,EACzB,UAAU,GACX,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAC9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAA;AAClD,OAAO,EACL,oBAAoB,GAErB,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAA;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAA;AACxC,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA;AACpD,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACvE,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AAClG,kFAAkF;AAClF,8EAA8E;AAC9E,kEAAkE;AAClE,OAAO,EACL,qBAAqB,GAEtB,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,6BAA6B,EAAE,MAAM,2CAA2C,CAAA;AACzF,OAAO,EAAE,aAAa,EAAkC,MAAM,2BAA2B,CAAA;AACzF,OAAO,EACL,iBAAiB,GAIlB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAA;AACpF,gFAAgF;AAChF,kFAAkF;AAClF,qFAAqF;AACrF,6BAA6B;AAC7B,OAAO,EACL,iBAAiB,EACjB,cAAc,GAEf,MAAM,+BAA+B,CAAA;AACtC,oFAAoF;AACpF,qEAAqE;AACrE,OAAO,EACL,6BAA6B,GAE9B,MAAM,2CAA2C,CAAA;AAClD,OAAO,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AAC/E,OAAO,EACL,sBAAsB,GAEvB,MAAM,oCAAoC,CAAA;AAC3C,OAAO,EACL,+BAA+B,GAEhC,MAAM,6CAA6C,CAAA;AACpD,OAAO,EACL,0BAA0B,EAC1B,oBAAoB,GAErB,MAAM,wCAAwC,CAAA;AAC/C,OAAO,EACL,mBAAmB,GAEpB,MAAM,iCAAiC,CAAA;AACxC,OAAO,EACL,uBAAuB,GAExB,MAAM,qCAAqC,CAAA;AAC5C,OAAO,EACL,UAAU,EACV,cAAc,GAIf,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,GAGb,MAAM,oBAAoB,CAAA;AAqB3B,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAA;AAE/D,mFAAmF;AACnF,iEAAiE;AACjE,cAAc,0BAA0B,CAAA;AACxC,cAAc,kCAAkC,CAAA"}

package/dist/modules/accounts/AccountController.d.ts CHANGED Viewed

@@ -5,6 +5,10 @@ import type { AppEnv } from '../../http/env.js';
  * plus any orgs they belong to), org creation, and membership management. Accounts
  * are an authenticated concept; with auth disabled (no signed-in user) there is a
  * single implicit dev context, so the list is empty and mutations are refused.
+ *
+ * Every route is mounted from its `@cat-factory/contracts` contract via
+ * `buildHonoRoute`: the method/path and request validation come from the contract,
+ * and `c.req.valid(...)` + the `c.json(body, status)` return are typed from it.
  */
 export declare function accountController(): Hono<AppEnv>;
 //# sourceMappingURL=AccountController.d.ts.map

package/dist/modules/accounts/AccountController.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"AccountController.d.ts","sourceRoot":"","sources":["../../../src/modules/accounts/AccountController.ts"],"names":[],"mappings":"~~AAWA~~,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAE3B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;~~AAc~~/C~~;;;;;GAKG~~;AACH,wBAAgB,iBAAiB,IAAI,IAAI,CAAC,MAAM,CAAC,~~CAuOhD~~"}
1	+ {"version":3,"file":"AccountController.d.ts","sourceRoot":"","sources":["../../../src/modules/accounts/AccountController.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAE3B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAgB/C;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,IAAI,IAAI,CAAC,MAAM,CAAC,CAwOhD"}

package/dist/modules/accounts/AccountController.js CHANGED Viewed

@@ -1,9 +1,12 @@
-import { addApiKeySchema, addMemberSchema, connectEmailSchema, createAccountSchema, createInvitationSchema, setMemberRolesSchema, testEmailSchema, updateAccountSchema, updateAccountSettingsSchema, } from '@cat-factory/contracts';
+import { addAccountApiKeyContract, addAccountMemberContract, connectEmailContract, createAccountContract, createInvitationContract, disconnectEmailContract, getAccountSettingsContract, getEmailConnectionContract, listAccountApiKeysContract, listAccountMembersContract, listAccountsContract, listInvitationsContract, removeAccountApiKeyContract, revokeInvitationContract, setMemberRolesContract, testEmailContract, updateAccountContract, updateAccountSettingsContract, } from '@cat-factory/contracts';
+import { buildHonoRoute } from '@toad-contracts/hono';
 import { Hono } from 'hono';
-import { param } from '../../http/params.js';
-import { jsonBody } from '../../http/validation.js';
 import { apiKeyToWire } from '../providers/ApiKeyController.js';
-/** The signed-in user, narrowed to what the tenancy layer needs. */
+/**
+ * The signed-in user, narrowed to what the tenancy layer needs. Generic over the
+ * env so it accepts a contract-typed handler context (`ContractEnv<T> & AppEnv`),
+ * which Hono treats as a distinct, non-assignable env from the bare `AppEnv`.
+ */
 function accountUser(c) {
     const user = c.get('user');
     return user ? { id: user.id, login: user.login, name: user.name } : null;
@@ -14,74 +17,81 @@ const signInRequired = (c) => c.json({ error: { code: 'unauthorized', message: '
  * plus any orgs they belong to), org creation, and membership management. Accounts
  * are an authenticated concept; with auth disabled (no signed-in user) there is a
  * single implicit dev context, so the list is empty and mutations are refused.
+ *
+ * Every route is mounted from its `@cat-factory/contracts` contract via
+ * `buildHonoRoute`: the method/path and request validation come from the contract,
+ * and `c.req.valid(...)` + the `c.json(body, status)` return are typed from it.
  */
 export function accountController() {
     const app = new Hono();
-    app.get('/accounts', async (c) => {
+    buildHonoRoute(app, listAccountsContract, async (c) => {
         const user = accountUser(c);
         if (!user)
-            return c.json([]);
-        return c.json(await c.get('container').accountService.listForUser(user));
+            return c.json([], 200);
+        return c.json(await c.get('container').accountService.listForUser(user), 200);
     });
-    app.post('/accounts', jsonBody(createAccountSchema), async (c) => {
+    buildHonoRoute(app, createAccountContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
         const account = await c.get('container').accountService.createOrg(user, c.req.valid('json'));
         return c.json(account, 201);
     });
-    app.patch('/accounts/:accountId', jsonBody(updateAccountSchema), async (c) => {
+    buildHonoRoute(app, updateAccountContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
         const account = await c
             .get('container')
-            .accountService.updateSettings(param(c, 'accountId'), user.id, c.req.valid('json'));
-        return c.json(account);
+            .accountService.updateSettings(c.req.valid('param').accountId, user.id, c.req.valid('json'));
+        return c.json(account, 200);
     });
-    app.get('/accounts/:accountId/members', async (c) => {
+    buildHonoRoute(app, listAccountMembersContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
         const accounts = c.get('container').accountService;
+        const { accountId } = c.req.valid('param');
         // Membership in the account is required to see its roster (404 otherwise).
-        await accounts.requireMember(param(c, 'accountId'), user.id);
-        return c.json(await accounts.members(param(c, 'accountId')));
+        await accounts.requireMember(accountId, user.id);
+        return c.json(await accounts.members(accountId), 200);
     });
-    app.post('/accounts/:accountId/members', jsonBody(addMemberSchema), async (c) => {
+    buildHonoRoute(app, addAccountMemberContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
         const body = c.req.valid('json');
         const member = await c
             .get('container')
-            .accountService.addMember(param(c, 'accountId'), user.id, body.userId, body.roles);
+            .accountService.addMember(c.req.valid('param').accountId, user.id, body.userId, body.roles);
         return c.json(member, 201);
     });
     // Set a member's role set (admin-only). The acting admin can't drop their own admin.
-    app.patch('/accounts/:accountId/members/:userId/roles', jsonBody(setMemberRolesSchema), async (c) => {
+    buildHonoRoute(app, setMemberRolesContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
+        const { accountId, userId } = c.req.valid('param');
         const member = await c
             .get('container')
-            .accountService.setMemberRoles(param(c, 'accountId'), user.id, param(c, 'userId'), c.req.valid('json').roles);
-        return c.json(member);
+            .accountService.setMemberRoles(accountId, user.id, userId, c.req.valid('json').roles);
+        return c.json(member, 200);
     });
     // ---- Invitations (email-based org onboarding) ---------------------------
     // Available only when the invitation repository is wired (opt-in feature).
-    app.get('/accounts/:accountId/invitations', async (c) => {
+    buildHonoRoute(app, listInvitationsContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
         const container = c.get('container');
         if (!container.invitations)
-            return c.json([]);
+            return c.json([], 200);
+        const { accountId } = c.req.valid('param');
         // Membership is required to view the account's pending invitations.
-        await container.accountService.requireMember(param(c, 'accountId'), user.id);
-        return c.json(await container.invitations.list(param(c, 'accountId')));
+        await container.accountService.requireMember(accountId, user.id);
+        return c.json(await container.invitations.list(accountId), 200);
     });
-    app.post('/accounts/:accountId/invitations', jsonBody(createInvitationSchema), async (c) => {
+    buildHonoRoute(app, createInvitationContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
@@ -90,19 +100,20 @@ export function accountController() {
             return c.json({ error: { code: 'unavailable', message: 'Invitations are not configured' } }, 503);
         }
         const body = c.req.valid('json');
-        const created = await container.invitations.invite(param(c, 'accountId'), user.id, body.email, body.roles);
+        const created = await container.invitations.invite(c.req.valid('param').accountId, user.id, body.email, body.roles);
         // The raw accept link is returned so an operator can share it manually when no
         // email transport is configured; never re-derivable afterwards.
         return c.json({ invitation: created.invitation, acceptUrl: created.acceptUrl }, 201);
     });
-    app.delete('/accounts/:accountId/invitations/:invitationId', async (c) => {
+    buildHonoRoute(app, revokeInvitationContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
         const container = c.get('container');
         if (!container.invitations)
             return c.body(null, 204);
-        await container.invitations.revoke(param(c, 'accountId'), user.id, param(c, 'invitationId'));
+        const { accountId, invitationId } = c.req.valid('param');
+        await container.invitations.revoke(accountId, user.id, invitationId);
         return c.body(null, 204);
     });
     // ---- Account-scoped provider API keys (admin-onboarded, shared org pool) ----
@@ -111,53 +122,57 @@ export function accountController() {
     // the raw key is write-only — only secret-free metadata is ever returned. Available
     // only when the API-key store is wired (ENCRYPTION_KEY).
     const apiKeysUnavailable = (c) => c.json({ error: { code: 'unavailable', message: 'API key storage is not configured' } }, 503);
-    app.get('/accounts/:accountId/api-keys', async (c) => {
+    buildHonoRoute(app, listAccountApiKeysContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
         const container = c.get('container');
         if (!container.apiKeys)
             return apiKeysUnavailable(c);
-        await container.accountService.requireAdmin(param(c, 'accountId'), user.id);
-        const keys = await container.apiKeys.listKeys('account', param(c, 'accountId'));
-        return c.json({ keys: keys.map(apiKeyToWire) });
+        const { accountId } = c.req.valid('param');
+        await container.accountService.requireAdmin(accountId, user.id);
+        const keys = await container.apiKeys.listKeys('account', accountId);
+        return c.json({ keys: keys.map(apiKeyToWire) }, 200);
     });
-    app.post('/accounts/:accountId/api-keys', jsonBody(addApiKeySchema), async (c) => {
+    buildHonoRoute(app, addAccountApiKeyContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
         const container = c.get('container');
         if (!container.apiKeys)
             return apiKeysUnavailable(c);
-        await container.accountService.requireAdmin(param(c, 'accountId'), user.id);
-        const summary = await container.apiKeys.addKey('account', param(c, 'accountId'), c.req.valid('json'));
+        const { accountId } = c.req.valid('param');
+        await container.accountService.requireAdmin(accountId, user.id);
+        const summary = await container.apiKeys.addKey('account', accountId, c.req.valid('json'));
         return c.json(apiKeyToWire(summary), 201);
     });
-    app.delete('/accounts/:accountId/api-keys/:id', async (c) => {
+    buildHonoRoute(app, removeAccountApiKeyContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
         const container = c.get('container');
         if (!container.apiKeys)
             return apiKeysUnavailable(c);
-        await container.accountService.requireAdmin(param(c, 'accountId'), user.id);
-        await container.apiKeys.removeKey('account', param(c, 'accountId'), param(c, 'id'));
+        const { accountId, id } = c.req.valid('param');
+        await container.accountService.requireAdmin(accountId, user.id);
+        await container.apiKeys.removeKey('account', accountId, id);
         return c.body(null, 204);
     });
     // ---- Email sender connection (per-account, UI-onboarded) ----------------
     // Owner-only mutations; available only when the email module is wired.
-    app.get('/accounts/:accountId/email-connection', async (c) => {
+    buildHonoRoute(app, getEmailConnectionContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
         const container = c.get('container');
         if (!container.email)
-            return c.json({ connection: null, configured: false });
-        await container.accountService.requireMember(param(c, 'accountId'), user.id);
-        const connection = await container.email.getConnection(param(c, 'accountId'));
-        return c.json({ connection, configured: true });
+            return c.json({ connection: null, configured: false }, 200);
+        const { accountId } = c.req.valid('param');
+        await container.accountService.requireMember(accountId, user.id);
+        const connection = await container.email.getConnection(accountId);
+        return c.json({ connection, configured: true }, 200);
     });
-    app.post('/accounts/:accountId/email-connection', jsonBody(connectEmailSchema), async (c) => {
+    buildHonoRoute(app, connectEmailContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
@@ -165,22 +180,24 @@ export function accountController() {
         if (!container.email) {
             return c.json({ error: { code: 'unavailable', message: 'Email is not configured' } }, 503);
         }
-        await c.get('container').accountService.requireAdmin(param(c, 'accountId'), user.id);
-        const connection = await container.email.connect(param(c, 'accountId'), c.req.valid('json'));
+        const { accountId } = c.req.valid('param');
+        await container.accountService.requireAdmin(accountId, user.id);
+        const connection = await container.email.connect(accountId, c.req.valid('json'));
         return c.json(connection, 201);
     });
-    app.delete('/accounts/:accountId/email-connection', async (c) => {
+    buildHonoRoute(app, disconnectEmailContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
         const container = c.get('container');
         if (!container.email)
             return c.body(null, 204);
-        await c.get('container').accountService.requireAdmin(param(c, 'accountId'), user.id);
-        await container.email.disconnect(param(c, 'accountId'));
+        const { accountId } = c.req.valid('param');
+        await container.accountService.requireAdmin(accountId, user.id);
+        await container.email.disconnect(accountId);
         return c.body(null, 204);
     });
-    app.post('/accounts/:accountId/email-connection/test', jsonBody(testEmailSchema), async (c) => {
+    buildHonoRoute(app, testEmailContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
@@ -188,9 +205,10 @@ export function accountController() {
         if (!container.email) {
             return c.json({ error: { code: 'unavailable', message: 'Email is not configured' } }, 503);
         }
-        await c.get('container').accountService.requireAdmin(param(c, 'accountId'), user.id);
-        await container.email.sendTest(param(c, 'accountId'), c.req.valid('json').to);
-        return c.json({ ok: true });
+        const { accountId } = c.req.valid('param');
+        await container.accountService.requireAdmin(accountId, user.id);
+        await container.email.sendTest(accountId, c.req.valid('json').to);
+        return c.json({ ok: true }, 200);
     });
     // ---- Deployment settings (per-account, admin-only) ----------------------
     // The integration secrets (Slack OAuth / web-search / Langfuse) + tuning (retention,
@@ -199,25 +217,27 @@ export function accountController() {
     // settings store is wired (ENCRYPTION_KEY). Admin-gated for BOTH read and write —
     // these are sensitive deployment knobs.
     const settingsUnavailable = (c) => c.json({ error: { code: 'unavailable', message: 'Account settings storage is not configured' } }, 503);
-    app.get('/accounts/:accountId/settings', async (c) => {
+    buildHonoRoute(app, getAccountSettingsContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
         const container = c.get('container');
         if (!container.accountSettings)
             return settingsUnavailable(c);
-        await container.accountService.requireAdmin(param(c, 'accountId'), user.id);
-        return c.json(await container.accountSettings.service.read(param(c, 'accountId')));
+        const { accountId } = c.req.valid('param');
+        await container.accountService.requireAdmin(accountId, user.id);
+        return c.json(await container.accountSettings.service.read(accountId), 200);
     });
-    app.put('/accounts/:accountId/settings', jsonBody(updateAccountSettingsSchema), async (c) => {
+    buildHonoRoute(app, updateAccountSettingsContract, async (c) => {
         const user = accountUser(c);
         if (!user)
             return signInRequired(c);
         const container = c.get('container');
         if (!container.accountSettings)
             return settingsUnavailable(c);
-        await container.accountService.requireAdmin(param(c, 'accountId'), user.id);
-        return c.json(await container.accountSettings.service.write(param(c, 'accountId'), c.req.valid('json')));
+        const { accountId } = c.req.valid('param');
+        await container.accountService.requireAdmin(accountId, user.id);
+        return c.json(await container.accountSettings.service.write(accountId, c.req.valid('json')), 200);
     });
     return app;
 }