@invisibleloop/pulse 0.1.23 → 0.1.29

package/docs/public/dist/extending.boot-UA3CN243.js

@@ -1,159 +0,0 @@
-import{a as t}from"./runtime-QFURDKA2.js";import{a,b as d,c as l,d as h,e as r,g as e,h as n,i as s}from"./runtime-L2HNXIHW.js";import{a as c,b as p}from"./runtime-B73WLANC.js";var{prev:u,next:m}=a("/extending"),i={route:"/extending",meta:{title:"Extending Pulse \u2014 Pulse Docs",description:"Escape hatches for features outside the Pulse spec \u2014 onRequest middleware, raw server access, WebSockets, SSE, and custom error handling.",styles:["/docs.css"]},state:{},view:()=>d({currentHref:"/extending",prev:u,next:m,content:`
-      ${l("Extending Pulse")}
-      ${h("Pulse handles the standard request-response lifecycle through specs. For requirements outside that model \u2014 middleware, WebSockets, SSE, custom error pages \u2014 Pulse exposes deliberate integration points directly on the underlying Node.js server. There is no abstraction layer to fight through.")}
-
-      ${r("onrequest","Request interception with onRequest")}
-      <p><code>onRequest</code> is a hook on <code>createServer</code> that fires on every incoming request before Pulse handles it. Return <code>false</code> to short-circuit Pulse entirely and handle the response yourself.</p>
-      ${e(t(`// server.js
-import { createServer } from '@invisibleloop/pulse'
-import home from './src/pages/home.js'
-
-createServer([home], {
-  port: 3000,
-  onRequest(req, res) {
-    // Logging
-    console.log(req.method, req.url)
-
-    // Block a path entirely
-    if (req.url === '/internal') {
-      res.writeHead(403)
-      res.end('Forbidden')
-      return false  // stops Pulse processing this request
-    }
-
-    // Custom header on every response
-    res.setHeader('X-App-Version', '1.0.0')
-    // returning nothing (or undefined) lets Pulse continue normally
-  },
-})`,"js"))}
-      ${s("note","<code>onRequest</code> runs before routing, guard, and all server fetchers. Returning <code>false</code> gives full control of the response \u2014 Pulse steps aside entirely for that request.")}
-      <p>Common uses:</p>
-      ${n(["Use case","Approach"],[["Request logging","Log <code>req.method</code>, <code>req.url</code>, timing"],["IP allowlisting","Check <code>req.socket.remoteAddress</code>, return <code>false</code> with 403 if blocked"],["Rate limiting","Track request counts in a <code>Map</code>, return <code>false</code> with 429 when exceeded"],["Custom response headers","Call <code>res.setHeader()</code> before returning"],["Health check endpoint","Match <code>/healthz</code>, write <code>200 ok</code>, return <code>false</code>"]])}
-
-      ${r("raw-server","Accessing the raw server")}
-      <p><code>createServer</code> returns a <code>{ server }</code> object where <code>server</code> is a plain Node.js <code>http.Server</code>. You can attach any listener to it directly.</p>
-      ${e(t(`const { server } = createServer([home], { port: 3000 })
-
-// The server instance is available immediately after createServer() returns.
-// It starts listening automatically \u2014 no need to call server.listen().
-server.on('listening', () => {
-  console.log('ready')
-})`,"js"))}
-
-      ${r("websockets","WebSockets")}
-      <p>Use the <code>upgrade</code> event on the server instance. The <code>ws</code> package handles the WebSocket handshake and framing.</p>
-      ${e(t("npm install ws","bash"))}
-      ${e(t(`// server.js
-import { WebSocketServer } from 'ws'
-import { createServer } from '@invisibleloop/pulse'
-import home from './src/pages/home.js'
-
-const { server } = createServer([home], { port: 3000 })
-
-const wss = new WebSocketServer({ noServer: true })
-
-server.on('upgrade', (req, socket, head) => {
-  if (req.url === '/ws') {
-    wss.handleUpgrade(req, socket, head, (ws) => {
-      wss.emit('connection', ws, req)
-    })
-  } else {
-    socket.destroy()
-  }
-})
-
-wss.on('connection', (ws) => {
-  ws.send('connected')
-  ws.on('message', (msg) => ws.send(\`echo: \${msg}\`))
-})`,"js"))}
-      <p>The Pulse-rendered page can connect to the WebSocket using an inline script. Pass <code>ctx.nonce</code> through a server fetcher so the script is allowed by the CSP:</p>
-      ${e(t(`server: {
-  meta: async (ctx) => ({ nonce: ctx.nonce }),
-},
-
-view: (_state, server) => \`
-  <main id="main-content">
-    <p id="status">Connecting\u2026</p>
-    <script nonce="\${server.meta.nonce}">
-      const ws = new WebSocket('ws://' + location.host + '/ws')
-      ws.onmessage = (e) => {
-        document.getElementById('status').textContent = e.data
-      }
-    <\/script>
-  </main>
-\`,`,"js"))}
-
-      ${r("sse","Server-Sent Events")}
-      <p>SSE keeps an HTTP connection open and streams events to the browser. Use <code>onRequest</code> to intercept the SSE path and write to the response directly.</p>
-      ${e(t(`onRequest(req, res) {
-  if (req.url !== '/events') return  // let Pulse handle everything else
-
-  res.writeHead(200, {
-    'Content-Type':  'text/event-stream',
-    'Cache-Control': 'no-cache',
-    'Connection':    'keep-alive',
-  })
-
-  // Send a keepalive comment every 15 seconds
-  const keepalive = setInterval(() => res.write(': keepalive\\n\\n'), 15000)
-
-  // Send an event
-  function send(event, data) {
-    res.write(\`event: \${event}\\ndata: \${JSON.stringify(data)}\\n\\n\`)
-  }
-
-  send('connected', { time: Date.now() })
-
-  req.on('close', () => clearInterval(keepalive))
-
-  return false
-},`,"js"))}
-
-      ${r("error","Custom error handling")}
-      <p><code>onError</code> in <code>createServer</code> receives unhandled errors from server fetchers and guard functions. Use it to log errors to an external service or render a custom error page.</p>
-      ${e(t(`createServer([home], {
-  port: 3000,
-
-  onError(err, req, res) {
-    // Log to your error tracking service
-    console.error(err)
-
-    // Respond with a custom error page
-    res.writeHead(500, { 'Content-Type': 'text/html' })
-    res.end(\`
-      <!doctype html>
-      <html lang="en">
-        <head><title>Error</title></head>
-        <body>
-          <main id="main-content">
-            <h1>Something went wrong</h1>
-            <p>We've been notified and are looking into it.</p>
-          </main>
-        </body>
-      </html>
-    \`)
-  },
-})`,"js"))}
-
-      ${r("client-js","Custom client-side JavaScript")}
-      <p>Pulse has no client-side JS of its own beyond the hydration runtime. For behaviour that genuinely needs to run in the browser \u2014 third-party widgets, analytics, canvas \u2014 use an inline script in the view with the request nonce. The nonce is unique per request and is required for the script to pass the CSP.</p>
-      ${e(t(`server: {
-  meta: async (ctx) => ({ nonce: ctx.nonce }),
-},
-
-view: (_state, server) => \`
-  <main id="main-content">
-    <canvas id="chart" width="600" height="300"></canvas>
-    <script nonce="\${server.meta.nonce}">
-      const ctx = document.getElementById('chart').getContext('2d')
-      // draw directly with Canvas API \u2014 no library needed for simple charts
-      ctx.fillStyle = '#9b8dff'
-      ctx.fillRect(10, 10, 100, 80)
-    <\/script>
-  </main>
-\`,`,"js"))}
-      ${s("note","External scripts loaded via <code>src</code> also need the nonce attribute, or their domain must be added to the <code>script-src</code> directive in the CSP. The nonce approach is simpler and does not require config changes.")}
-
-      ${r("when","Choosing the right approach")}
-      ${n(["What you need","Reach for"],[["Middleware \u2014 logging, rate limiting, custom headers","<code>onRequest</code>"],["Non-HTML responses \u2014 JSON APIs, webhooks, RSS, sitemaps","Raw response spec (<code>contentType</code> + <code>render</code>)"],["Real-time bidirectional communication","WebSockets via <code>server.on('upgrade')</code>"],["Server-pushed updates (read-only stream)","SSE via <code>onRequest</code>"],["Custom error pages","<code>onError</code>"],["Browser-only behaviour","Inline <code>&lt;script nonce&gt;</code> in the view"]])}
-    `})};var o=document.getElementById("pulse-root");o&&!o.dataset.pulseMounted&&(o.dataset.pulseMounted="1",c(i,o,window.__PULSE_SERVER__||{},{ssr:!0}),p(o,c));var q=i;export{q as default};

package/docs/public/dist/faq.boot-6EQAWLQR.js

@@ -1,43 +0,0 @@
-import{a as r,b as i,c as o,d as n}from"./runtime-L2HNXIHW.js";import{a,b as c}from"./runtime-B73WLANC.js";var{prev:l,next:u}=r("/faq");function e(d,p){return`
-    <div class="faq-item">
-      <h2 class="faq-q">${d}</h2>
-      <div class="faq-a">${p}</div>
-    </div>`}var s={route:"/faq",meta:{title:"FAQ \u2014 Pulse Docs",description:"Frequently asked questions about the Pulse framework.",styles:["/pulse-ui.css","/docs.css"]},state:{},view:()=>i({currentHref:"/faq",prev:l,next:u,content:`
-      ${o("FAQ")}
-      ${n("Common questions about Pulse \u2014 what it is, what it isn't, and whether it's right for your project.")}
-
-      ${e("Is Pulse ready for production?",`<p>The architecture is production-quality \u2014 streaming SSR, security headers, immutable caching, and zero runtime dependencies are built in and have been running reliably in real deployments. The framework itself targets Lighthouse 100 on every scaffolded page.</p>
-        <p>That said, Pulse is v0.1 early access. The core spec format is stable, but some APIs may change before v1. It is best suited to new projects where you control the stack, and to teams who are comfortable building on something that is still evolving. If you need a framework with a five-year stability guarantee, wait for v1.</p>`)}
-
-      ${e("Why plain JS objects instead of JSX or components?",`<p>JSX and component trees are designed for incremental DOM updates \u2014 the virtual DOM needs a tree to diff. Pulse does not have a virtual DOM. Views are pure functions that return an HTML string; the framework re-renders the whole page segment on state change.</p>
-        <p>Plain JS objects are also unambiguous for AI agents. There is no syntax to learn, no component abstraction to navigate \u2014 just a JS object with well-defined keys. An agent can read, write, and validate a spec without understanding any framework-specific idioms.</p>`)}
-
-      ${e("Why no virtual DOM?",`<p>A virtual DOM solves the problem of efficient incremental updates to a large, complex component tree. Pulse pages are server-rendered HTML strings \u2014 the client runtime re-renders a bounded section of the page when state changes, which is fast enough for the kinds of interactions Pulse is designed for.</p>
-        <p>Eliminating the virtual DOM means eliminating the ~40\u2013100 kB runtime that comes with it. Pulse ships ~2 kB brotli to the browser on first visit. That is not a compression trick \u2014 there is genuinely no framework runtime on the client.</p>`)}
-
-      ${e("Can I use npm packages in my specs?",`<p>Yes, on the server side. Server fetchers run in Node.js and can import any npm package \u2014 database clients, API SDKs, utility libraries. These never reach the browser.</p>
-        <p>Client-side code (mutations and actions) runs in the browser and is bundled by esbuild. You can import pure JS utilities here, but avoid packages that depend on Node.js built-ins or that are large \u2014 the goal is to keep the client bundle small. UI components come from the built-in component library, which covers most cases without external dependencies.</p>`)}
-
-      ${e("Does Pulse work with TypeScript?",`<p>Type definitions are included for all public APIs \u2014 <code>createServer</code>, the spec shape, UI components, and the testing utilities. You can write specs in TypeScript and import the <code>Spec</code> type to get full autocompletion and type checking.</p>
-        <p>The examples and docs are in plain JS for readability, but TypeScript is a first-class option.</p>`)}
-
-      ${e("Can I use a database directly in Pulse?",`<p>Yes. Server fetchers are plain async functions \u2014 you can query a database, call an ORM, or use any server-side library directly. There is no data layer abstraction to work around.</p>
-        <pre class="code-block"><code>server: {
-  posts: async (ctx) => {
-    return db.posts.findMany({ where: { published: true } })
-  },
-}</code></pre>
-        <p>The result is passed to your view as <code>server.posts</code>. See the <a href="/server-data">Server Data</a> and <a href="/supabase">Supabase</a> docs for worked examples.</p>`)}
-
-      ${e("How does Pulse compare to Next.js?",`<p>Next.js is a full-featured React framework designed for large teams building complex applications. It ships React to the browser on every page, supports many rendering strategies, and has a large ecosystem.</p>
-        <p>Pulse is opinionated in the other direction: one spec format, one rendering model, no client framework, no configuration. It is smaller, simpler, and faster to get a Lighthouse 100 result \u2014 but it does not have the ecosystem breadth or the component model that React provides. If your project needs React, use Next.js. If you want to ship fast, simple, server-rendered pages with minimal JS, Pulse is worth trying.</p>`)}
-
-      ${e("Can I build a multi-page app with client-side navigation?",`<p>Yes. <code>initNavigation</code> intercepts same-origin link clicks, fetches the new page, swaps the DOM, and re-mounts the spec \u2014 all without a full page reload. From the user's perspective it feels like an SPA; from the server's perspective every navigation is a standard HTTP request.</p>
-        <p>See the <a href="/navigation">Navigation</a> docs for details.</p>`)}
-
-      ${e("Does Pulse handle authentication?",`<p>Pulse has a <code>guard</code> function that runs before any server fetcher executes. It receives the request context (cookies, headers, params) and can redirect or return an error if the user is not authenticated. This makes it impossible to accidentally skip an auth check \u2014 the guard runs before data is fetched.</p>
-        <p>For a complete auth integration, see the <a href="/auth">Auth0 guide</a>. The pattern works the same with any auth provider.</p>`)}
-
-      ${e("What is the AI-native claim actually about?",`<p>Two things. First, the spec format was designed to be easy for an AI agent to generate correctly \u2014 one JS object per page, a validated schema, no ambiguous patterns. An agent that writes a Pulse spec either produces a valid spec or gets a schema error it can fix. There is no grey area.</p>
-        <p>Second, the CLI starts an MCP server alongside the dev server, giving the agent tools to create pages, validate specs, screenshot routes, and run Lighthouse audits \u2014 without leaving the editor. The agent can build and verify a page end-to-end without human intervention on the tooling side.</p>`)}
-    `})};var t=document.getElementById("pulse-root");t&&!t.dataset.pulseMounted&&(t.dataset.pulseMounted="1",a(s,t,window.__PULSE_SERVER__||{},{ssr:!0}),c(t,a));var b=s;export{b as default};

package/docs/public/dist/getting-started.boot-TDKIFL5U.js

@@ -1,86 +0,0 @@
-import{a as s}from"./runtime-QFURDKA2.js";import{a as n,b as l,c as d,d as c,e,g as t,i as a}from"./runtime-L2HNXIHW.js";import{a as r,b as u}from"./runtime-B73WLANC.js";var{prev:p,next:h}=n("/getting-started"),i={route:"/getting-started",meta:{title:"Getting Started \u2014 Pulse Docs",description:"Install Pulse and build your first page with an AI agent in minutes.",styles:["/docs.css"]},state:{},view:()=>l({currentHref:"/getting-started",prev:p,next:h,content:`
-      ${d("Getting Started")}
-      ${c("Install Pulse, run one command, and have Claude building your first page \u2014 with streaming SSR, security headers, and a 100 Lighthouse score already in place.")}
-
-      ${e("requirements","Requirements")}
-      <ul>
-        <li><strong>Node.js 22 or later</strong> \u2014 <a href="https://nodejs.org" target="_blank" rel="noopener">nodejs.org</a></li>
-        <li><strong>Claude Code</strong> \u2014 the CLI for Claude, installed and authenticated \u2014 <a href="https://docs.anthropic.com/en/docs/claude-code/getting-started" target="_blank" rel="noopener">installation guide</a></li>
-      </ul>
-      <p>Claude Code provides the <code>claude</code> command. Pulse launches it automatically with the Pulse MCP server wired in \u2014 so the agent has instant access to the framework reference, your project structure, and all Pulse tools without any manual configuration.</p>
-      ${a("note","GitHub Copilot integration is coming soon. For now, Pulse works exclusively with Claude Code.")}
-
-      ${e("install","Install Pulse")}
-      <p>Install the Pulse CLI globally:</p>
-      ${t(s("npm install -g @invisibleloop/pulse","bash"))}
-
-      ${e("create","Create your project")}
-      <p>Run <code>pulse</code> in any empty directory:</p>
-      ${t(s(`mkdir my-app
-cd my-app
-pulse`,"bash"))}
-      <p>Pulse detects the directory is empty and scaffolds a project there. It creates the project files, installs dependencies, and exits with:</p>
-      ${t(s("\u2713 Project ready. Run `pulse` again to start your AI session.","bash"))}
-      ${a("tip","Running <code>pulse</code> in a non-empty directory prompts for a project name, then creates and scaffolds a subdirectory with that name \u2014 so you can run it from anywhere.")}
-
-      ${e("session","Start a session")}
-      <p>Run <code>pulse</code> again from inside your project directory:</p>
-      ${t(s("pulse","bash"))}
-      <p>This time, Pulse detects the existing project and launches Claude Code with the Pulse MCP server already connected. Claude opens with the complete framework guide loaded, your project structure visible, and all Pulse tools available \u2014 ready to build immediately.</p>
-      ${a("note","Run <code>pulse</code> every time you open a working session. It handles starting Claude and wiring up the MCP server. Once Claude is open, use <code>/pulse-dev</code> to start the dev server.")}
-
-      ${e("first-build","Build your first page")}
-      <p>Once Claude opens, start the dev server and ask for something:</p>
-      ${t(s(`/pulse-dev
-
-"Create a contact form with name, email, and message fields.
-Validate the email format before submitting."`,"bash"))}
-      <p>The agent will:</p>
-      <ol>
-        <li>Fetch the Pulse guide from the MCP server \u2014 spec format, component library, quality rules</li>
-        <li>Check what pages already exist in your project</li>
-        <li>Write the spec \u2014 route, state, validation, action lifecycle, view</li>
-        <li>Validate it against the schema and fix every error and warning</li>
-        <li>Open the page in the browser and confirm it looks right</li>
-      </ol>
-      <p>You do not need to explain Pulse to the agent. The MCP server supplies the reference. Just describe what you want.</p>
-
-      ${e("what-was-created","What got created")}
-      <p>When you ran <code>pulse</code> in step 2, these files were written to your directory:</p>
-      ${t(s(`my-app/
-\u251C\u2500\u2500 src/
-\u2502   \u251C\u2500\u2500 pages/
-\u2502   \u2502   \u2514\u2500\u2500 home.js          \u2190 your first page spec (a working counter)
-\u2502   \u2514\u2500\u2500 components/          \u2190 shared view components go here
-\u251C\u2500\u2500 public/
-\u2502   \u251C\u2500\u2500 app.css              \u2190 global stylesheet
-\u2502   \u251C\u2500\u2500 pulse-ui.css         \u2190 Pulse component library styles
-\u2502   \u2514\u2500\u2500 pulse-ui.js          \u2190 Pulse component library behaviour
-\u251C\u2500\u2500 .claude/
-\u2502   \u251C\u2500\u2500 CLAUDE.md            \u2190 session instructions Claude reads on startup
-\u2502   \u251C\u2500\u2500 settings.json        \u2190 hooks: syntax checks, colour guards, package blocklist
-\u2502   \u2514\u2500\u2500 pulse-checklist.md   \u2190 spec review checklist, kept in sync by Pulse
-\u251C\u2500\u2500 package.json
-\u2514\u2500\u2500 pulse.config.js          \u2190 port and project settings`,"bash"))}
-      <p><code>src/pages/home.js</code> is a complete working spec \u2014 a counter with increment and decrement buttons. Open <a href="http://localhost:3000">localhost:3000</a> after running <code>/pulse-dev</code> to see it. Every new page you create goes into <code>src/pages/</code> and is discovered automatically.</p>
-      <p>The <code>.claude/</code> directory contains the agent's operating context. <code>CLAUDE.md</code> tells Claude how the project is structured, <code>settings.json</code> configures hooks that catch common mistakes before they reach you \u2014 hardcoded hex colours, emoji in UI output, and installing client-side rendering libraries are all flagged or blocked automatically.</p>
-
-      ${e("commands","Agent commands")}
-      <p>These slash commands are available once Claude is open:</p>
-      ${t(s(`/pulse-dev     # start (or restart) the dev server
-/pulse-stop    # stop the dev server
-/pulse-build   # production build \u2192 public/dist/
-/pulse-start   # run the production server
-/pulse-report  # Lighthouse audit + performance report`,"bash"))}
-      <p>You can also skip the commands entirely \u2014 just describe what you want and the agent handles the rest, including starting the dev server when needed.</p>
-
-      ${e("next-steps","Next steps")}
-      <ul>
-        <li><a href="/how-it-works">How It Works</a> \u2014 the MCP server, what the agent knows, and the full build cycle</li>
-        <li><a href="/project-structure">Project Structure</a> \u2014 where files live and how pages are discovered</li>
-        <li><a href="/spec">Spec Reference</a> \u2014 every field the spec supports</li>
-        <li><a href="/state">State</a> \u2014 client state and mutations</li>
-        <li><a href="/server-data">Server Data</a> \u2014 fetch data on the server before the page renders</li>
-        <li><a href="/prompt-examples">Prompt Examples</a> \u2014 real prompts with the output they produce</li>
-      </ul>
-    `})};var o=document.getElementById("pulse-root");o&&!o.dataset.pulseMounted&&(o.dataset.pulseMounted="1",r(i,o,window.__PULSE_SERVER__||{},{ssr:!0}),u(o,r));var C=i;export{C as default};

package/docs/public/dist/guard.boot-AUHAWTG4.js

@@ -1,80 +0,0 @@
-import{a as r}from"./runtime-QFURDKA2.js";import{a as i,b as u,c as h,d as l,e,f as s,g as t,h as a,i as d}from"./runtime-L2HNXIHW.js";import{a as c,b as p}from"./runtime-B73WLANC.js";var{prev:f,next:g}=i("/guard"),n={route:"/guard",meta:{title:"Guard \u2014 Pulse Docs",description:"Per-route authorization in Pulse. Guard functions run before server data fetchers and redirect unauthorized requests.",styles:["/docs.css"]},state:{},view:()=>u({currentHref:"/guard",prev:f,next:g,content:`
-      ${h("Guard")}
-      ${l("A <code>guard</code> function runs on every request to a route, before any server data is fetched. It is the enforced access control point \u2014 unauthorized requests are redirected before any database queries or data fetchers execute.")}
-
-      ${e("basics","Basic usage")}
-      <p>A <code>guard</code> function on any spec receives the same <code>ctx</code> object as server data fetchers \u2014 params, query, headers, and cookies.</p>
-      ${t(r(`export default {
-  route: '/dashboard',
-
-  guard: async (ctx) => {
-    if (!ctx.cookies.session) return { redirect: '/login' }
-  },
-
-  server: {
-    user: async (ctx) => getCurrentUser(ctx.cookies.session),
-  },
-
-  state: {},
-  view: (state, server) => \`
-    <main id="main-content">
-      <h1>Welcome, \${server.user.name}</h1>
-    </main>
-  \`,
-}`,"js"))}
-
-      <p>When the guard returns <code>{ redirect }</code>, the server responds with a <strong>302</strong> and all server data fetchers are skipped \u2014 no data is fetched for unauthorized requests. When the guard returns nothing, the request proceeds normally.</p>
-
-      ${e("ctx","What ctx contains")}
-      ${a(["Property / Method","Type","Description"],[["<code>ctx.cookies</code>","object","Parsed cookies from the <code>Cookie</code> header"],["<code>ctx.headers</code>","object","Raw request headers"],["<code>ctx.params</code>","object",'Route params e.g. <code>{ id: "42" }</code>'],["<code>ctx.query</code>","object","Parsed query string"],["<code>ctx.pathname</code>","string","URL path e.g. <code>/dashboard</code>"],["<code>ctx.method</code>","string","HTTP method e.g. <code>GET</code>, <code>POST</code>"],["<code>ctx.store</code>","object","Resolved global store state (if a store is registered)"],["<code>ctx.nonce</code>","string","CSP nonce for the current request"],["<code>await ctx.json()</code>","object | null","Parse a JSON request body"],["<code>await ctx.text()</code>","string","Read the body as a plain string"],["<code>await ctx.formData()</code>","object | null","Parse a URL-encoded body into a plain object"],["<code>await ctx.buffer()</code>","Buffer","Read the raw body as a Node.js Buffer"]])}
-
-      ${e("examples","Common patterns")}
-
-      ${s("Session check")}
-      <p>Redirect to login when no session cookie is present.</p>
-      ${t(r(`guard: async (ctx) => {
-  if (!ctx.cookies.session) return { redirect: '/login' }
-}`,"js"))}
-
-      ${s("Role-based access")}
-      <p>Fetch the user from the session and check their role. Keep the lookup fast \u2014 guard runs on every request to the route.</p>
-      ${t(r(`guard: async (ctx) => {
-  const user = await getUserFromSession(ctx.cookies.session)
-  if (!user)            return { redirect: '/login' }
-  if (!user.isAdmin)    return { redirect: '/403'   }
-}`,"js"))}
-
-      ${s("Redirect authenticated users away from login")}
-      <p>Useful for login and signup pages \u2014 send already-authenticated users somewhere useful.</p>
-      ${t(r(`export default {
-  route: '/login',
-
-  guard: async (ctx) => {
-    if (ctx.cookies.session) return { redirect: '/dashboard' }
-  },
-
-  state: {},
-  view: () => \`<main id="main-content">...</main>\`,
-}`,"js"))}
-
-      ${d("info","Guard runs server-side on every request, including client-side navigation requests \u2014 those go through the same server pipeline. There is no way to bypass guard from the browser.")}
-
-      ${e("custom-responses","Custom status responses")}
-      <p>Guard can return a custom HTTP response instead of (or alongside) a redirect. Return <code>{ status, json?, body?, headers? }</code> to send any status code with an optional JSON or text body. This is useful for POST handlers that need to signal validation errors or API-style rejections:</p>
-      ${t(r(`guard: async (ctx) => {
-  const token = ctx.headers.authorization
-  if (!token) return { status: 401, json: { error: 'Unauthorized' } }
-
-  if (ctx.method === 'POST') {
-    const data = await ctx.formData()
-    if (!data.email) return { status: 422, json: { error: 'Email required' } }
-    await db.leads.create(data)
-    return { redirect: '/contact?sent=1' }
-  }
-  // return nothing to let a GET request proceed to the view
-}`,"js"))}
-      ${d("note","To use <code>guard</code> as a POST handler, the spec must declare <code>methods: ['GET', 'POST']</code>. Without it, POST requests are rejected with 405 before guard runs.")}
-
-      ${e("reference","Reference")}
-      ${a(["Property","Type","Required"],[["<code>guard</code>","<code>async (ctx) =&gt; { redirect?: string } | { status, json?, body?, headers? } | void</code>","No"]])}
-    `})};var o=document.getElementById("pulse-root");o&&!o.dataset.pulseMounted&&(o.dataset.pulseMounted="1",c(n,o,window.__PULSE_SERVER__||{},{ssr:!0}),p(o,c));var P=n;export{P as default};