@invisibleloop/pulse 0.1.28 → 0.1.30

package/docs/public/dist/supabase.boot-BG4XXLZE.js

@@ -1,303 +0,0 @@
-import{a as t}from"./runtime-QFURDKA2.js";import{a as n,b as l,c as u,d as c,e as s,g as e,i as a}from"./runtime-L2HNXIHW.js";import{a as o,b as p}from"./runtime-B73WLANC.js";var{prev:d,next:m}=n("/supabase"),i={route:"/supabase",meta:{title:"Supabase \u2014 Pulse Docs",description:"Integrate Supabase database queries, authentication, and file storage with Pulse server fetchers, actions, and guard.",styles:["/docs.css"]},state:{},view:()=>l({currentHref:"/supabase",prev:d,next:m,content:`
-      ${u("Supabase")}
-      ${c("Supabase provides Postgres, authentication, and file storage. In Pulse, all Supabase queries run in server fetchers \u2014 credentials stay on the server, query results are filtered before serialisation, and <code>guard</code> enforces session checks before any data is fetched.")}
-
-      ${s("setup","Setup")}
-      ${e(t("npm install @supabase/supabase-js","bash"))}
-      ${e(t(`# .env
-SUPABASE_URL=https://your-project.supabase.co
-SUPABASE_ANON_KEY=your-anon-key
-SUPABASE_SERVICE_KEY=your-service-role-key   # server-side only`,"bash"))}
-      <p>Create two client helpers \u2014 one for public queries (respects Row Level Security), one for admin operations:</p>
-      ${e(t(`// src/lib/supabase.js
-import { createClient } from '@supabase/supabase-js'
-
-const { SUPABASE_URL, SUPABASE_ANON_KEY, SUPABASE_SERVICE_KEY } = process.env
-
-// Public client \u2014 use in server fetchers for user-scoped queries
-export function supabase(accessToken) {
-  const client = createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
-    global: accessToken
-      ? { headers: { Authorization: \`Bearer \${accessToken}\` } }
-      : {},
-  })
-  return client
-}
-
-// Admin client \u2014 bypasses RLS; use only for trusted server operations
-export const admin = createClient(SUPABASE_URL, SUPABASE_SERVICE_KEY)`,"js"))}
-      ${a("warning","The service key bypasses Row Level Security and has full database access. Keep it server-side only \u2014 in environment variables that are never sent to the browser or included in logs.")}
-
-      ${s("querying","Querying data")}
-      <p>Call Supabase inside <code>server</code> fetchers \u2014 they run on the server before every render. The result is passed to <code>view</code> as the second argument.</p>
-      ${e(t(`// src/pages/posts.js
-import { supabase } from '../lib/supabase.js'
-import { escHtml } from '@invisibleloop/pulse/html'
-
-export default {
-  route: '/posts',
-
-  server: {
-    posts: async () => {
-      const { data, error } = await supabase().from('posts')
-        .select('id, title, slug, created_at')
-        .order('created_at', { ascending: false })
-        .limit(20)
-
-      if (error) throw new Error(error.message)
-      return data
-    },
-  },
-
-  state: {},
-
-  view: (_state, server) => \`
-    <main id="main-content">
-      <h1>Posts</h1>
-      <ul>
-        \${server.posts.map(p => \`
-          <li><a href="/posts/\${escHtml(p.slug)}">\${escHtml(p.title)}</a></li>
-        \`).join('')}
-      </ul>
-    </main>
-  \`,
-}`,"js"))}
-      ${a("tip","Add <code>serverTtl</code> to cache the Supabase query result in-process. A 60-second TTL on a public listing page means one database hit per minute across all visitors \u2014 Supabase stays fast even under load.")}
-
-      ${s("auth-setup","Authentication")}
-      <p>Supabase Auth issues a JWT access token and a refresh token on login. Store both in <code>httpOnly</code> cookies \u2014 they are never accessible to JavaScript and survive page navigations.</p>
-
-      ${s("login","Login page")}
-      ${e(t(`// src/pages/auth/login.js
-import { supabase } from '../../lib/supabase.js'
-import { escHtml } from '@invisibleloop/pulse/html'
-
-export default {
-  route: '/login',
-
-  guard: async (ctx) => {
-    // Already logged in \u2014 send to dashboard
-    if (ctx.cookies.access_token) return { redirect: '/dashboard' }
-  },
-
-  state: { status: 'idle', error: '' },
-
-  view: (state) => \`
-    <main id="main-content">
-      <h1>Sign in</h1>
-      <form data-action="login">
-        <label for="email">Email</label>
-        <input id="email" name="email" type="email" required autocomplete="email">
-
-        <label for="password">Password</label>
-        <input id="password" name="password" type="password" required autocomplete="current-password">
-
-        \${state.error ? \`<p role="alert">\${escHtml(state.error)}</p>\` : ''}
-
-        <button type="submit">
-          \${state.status === 'loading' ? 'Signing in\u2026' : 'Sign in'}
-        </button>
-      </form>
-    </main>
-  \`,
-
-  actions: {
-    login: {
-      onStart: () => ({ status: 'loading', error: '' }),
-
-      run: async (_state, _server, formData) => {
-        const { data, error } = await supabase().auth.signInWithPassword({
-          email:    formData.get('email'),
-          password: formData.get('password'),
-        })
-        if (error) throw new Error(error.message)
-        return data.session
-      },
-
-      onSuccess: (state, session, ctx) => {
-        const opts = { httpOnly: true, sameSite: 'Lax', path: '/' }
-        ctx.setCookie('access_token',  session.access_token,  { ...opts, maxAge: 3600 })
-        ctx.setCookie('refresh_token', session.refresh_token, { ...opts, maxAge: 604800 })
-        ctx.setHeader('Location', '/dashboard')
-        return { status: 'success' }
-      },
-
-      onError: (_state, err) => ({
-        status: 'idle',
-        error:  err.message || 'Sign in failed',
-      }),
-    },
-  },
-}`,"js"))}
-
-      ${s("guard","Protecting routes")}
-      <p>Use <code>guard</code> to verify the session before any server data is fetched. Pass the token to your fetchers so Supabase enforces Row Level Security for that user.</p>
-      ${e(t(`// src/pages/dashboard.js
-import { supabase, admin } from '../lib/supabase.js'
-
-export default {
-  route: '/dashboard',
-
-  guard: async (ctx) => {
-    const token = ctx.cookies.access_token
-    if (!token) return { redirect: '/login' }
-
-    // Verify the token is still valid
-    const { error } = await supabase(token).auth.getUser()
-    if (error) return { redirect: '/login' }
-  },
-
-  server: {
-    // Token is available in guard ctx \u2014 pass it through server state or
-    // re-read from cookies in the fetcher
-    profile: async (ctx) => {
-      const { data } = await supabase(ctx.cookies.access_token)
-        .from('profiles')
-        .select('name, plan')
-        .single()
-      return data
-    },
-  },
-
-  state: {},
-  view: (_state, server) => \`
-    <main id="main-content">
-      <h1>Dashboard</h1>
-      <p>Welcome, \${server.profile.name}</p>
-    </main>
-  \`,
-}`,"js"))}
-      ${a("note","Row Level Security is enforced by Postgres, not by your application code. A policy that checks <code>auth.uid() = user_id</code> means a bug in your server code cannot accidentally expose another user's data \u2014 the database rejects the query before it returns anything.")}
-
-      ${s("logout","Logout")}
-      ${e(t(`// src/pages/auth/logout.js
-export default {
-  route: '/logout',
-  contentType: 'text/html',
-
-  render: (ctx) => {
-    const opts = { httpOnly: true, sameSite: 'Lax', path: '/', maxAge: 0 }
-    ctx.setCookie('access_token',  '', opts)
-    ctx.setCookie('refresh_token', '', opts)
-    return { redirect: '/login' }
-  },
-}`,"js"))}
-
-      ${s("signup","Sign up")}
-      ${e(t(`// src/pages/auth/signup.js
-import { supabase } from '../../lib/supabase.js'
-import { escHtml } from '@invisibleloop/pulse/html'
-
-export default {
-  route: '/signup',
-
-  state: { status: 'idle', error: '' },
-
-  view: (state) => \`
-    <main id="main-content">
-      <h1>Create account</h1>
-      \${state.status === 'success'
-        ? '<p role="status">Check your email to confirm your account.</p>'
-        : \`
-        <form data-action="signup">
-          <label for="email">Email</label>
-          <input id="email" name="email" type="email" required>
-
-          <label for="password">Password</label>
-          <input id="password" name="password" type="password" required minlength="8">
-
-          \${state.error ? \`<p role="alert">\${escHtml(state.error)}</p>\` : ''}
-
-          <button type="submit">
-            \${state.status === 'loading' ? 'Creating account\u2026' : 'Create account'}
-          </button>
-        </form>
-        \`}
-    </main>
-  \`,
-
-  actions: {
-    signup: {
-      onStart: () => ({ status: 'loading', error: '' }),
-
-      run: async (_state, _server, formData) => {
-        const { error } = await supabase().auth.signUp({
-          email:    formData.get('email'),
-          password: formData.get('password'),
-        })
-        if (error) throw new Error(error.message)
-      },
-
-      onSuccess: () => ({ status: 'success', error: '' }),
-      onError:   (_state, err) => ({ status: 'idle', error: err.message }),
-    },
-  },
-}`,"js"))}
-
-      ${s("storage","File storage")}
-      <p>Upload files to Supabase Storage from an action. The file arrives in <code>FormData</code> \u2014 convert it to an <code>ArrayBuffer</code> and pass it to the storage client.</p>
-      ${e(t(`// src/pages/upload.js
-import { admin } from '../lib/supabase.js'
-import { escHtml } from '@invisibleloop/pulse/html'
-
-export default {
-  route: '/upload',
-
-  state: { status: 'idle', url: '', error: '' },
-
-  view: (state) => \`
-    <main id="main-content">
-      <h1>Upload file</h1>
-      <form data-action="upload" enctype="multipart/form-data">
-        <input name="file" type="file" accept="image/*" required>
-        <button type="submit">
-          \${state.status === 'loading' ? 'Uploading\u2026' : 'Upload'}
-        </button>
-      </form>
-      \${state.url ? \`<img src="\${escHtml(state.url)}" alt="Uploaded file" width="400" height="300">\` : ''}
-      \${state.error ? \`<p role="alert">\${escHtml(state.error)}</p>\` : ''}
-    </main>
-  \`,
-
-  actions: {
-    upload: {
-      onStart: () => ({ status: 'loading', error: '' }),
-
-      run: async (_state, _server, formData) => {
-        const file = formData.get('file')
-        const buffer = await file.arrayBuffer()
-        const ext    = file.name.split('.').pop()
-        const path   = \`\${crypto.randomUUID()}.\${ext}\`
-
-        const { error } = await admin.storage
-          .from('uploads')
-          .upload(path, buffer, { contentType: file.type })
-
-        if (error) throw new Error(error.message)
-
-        const { data } = admin.storage.from('uploads').getPublicUrl(path)
-        return data.publicUrl
-      },
-
-      onSuccess: (_state, url) => ({ status: 'idle', url }),
-      onError:   (_state, err) => ({ status: 'idle', error: err.message }),
-    },
-  },
-}`,"js"))}
-
-      ${s("rls","Row Level Security")}
-      <p>Always enable RLS on tables that hold user data. A minimal policy that lets users read only their own rows:</p>
-      ${e(t(`-- Enable RLS on the table
-alter table posts enable row level security;
-
--- Users can only select their own posts
-create policy "users read own posts"
-  on posts for select
-  using (auth.uid() = user_id);
-
--- Users can only insert rows for themselves
-create policy "users insert own posts"
-  on posts for insert
-  with check (auth.uid() = user_id);`,"bash"))}
-      ${a("tip","The public client (with the user's access token) applies Row Level Security \u2014 queries are automatically scoped to that user's data. The admin client bypasses RLS entirely, which is what you want for webhook handlers, background jobs, and admin operations, but not for user-scoped queries.")}
-    `})};var r=document.getElementById("pulse-root");r&&!r.dataset.pulseMounted&&(r.dataset.pulseMounted="1",o(i,r,window.__PULSE_SERVER__||{},{ssr:!0}),p(r,o));var _=i;export{_ as default};

package/docs/public/dist/testing.boot-6U4WKMTE.js

@@ -1,130 +0,0 @@
-import{a as o}from"./runtime-QFURDKA2.js";import{a as d,b as a,c as i,d as l,e,g as t,h as s,i as u}from"./runtime-L2HNXIHW.js";import{a as c,b as m}from"./runtime-B73WLANC.js";var{prev:p,next:h}=d("/testing"),n={route:"/testing",meta:{title:"Testing \u2014 Pulse Docs",description:"Test Pulse view functions with renderSync and render \u2014 query the HTML output with CSS-like selectors, no DOM required.",styles:["/docs.css"]},state:{},view:()=>a({currentHref:"/testing",prev:p,next:h,content:`
-      ${i("Testing")}
-      ${l("Pulse ships a built-in testing helper at <code>@invisibleloop/pulse/testing</code>. Render a spec's view in tests and query the HTML output with CSS-like selectors \u2014 no DOM, no jsdom, no extra dependencies.")}
-
-      ${e("quick-start","Quick start")}
-      ${t(o(`import { renderSync, render } from '@invisibleloop/pulse/testing'
-import assert from 'node:assert/strict'
-import spec from './src/pages/counter.js'
-
-// Synchronous \u2014 calls view directly, mock state and server
-const result = renderSync(spec, { state: { count: 5 } })
-assert(result.has('button'))
-assert.equal(result.get('#count').text, '5')
-
-// Async \u2014 runs real spec.server fetchers (or pass server to mock them)
-const result = await render(productSpec, {
-  server: { product: { id: 1, name: 'Widget', price: 9.99 } }
-})
-assert.equal(result.get('h1').text, 'Widget')
-assert.equal(result.count('li'), 3)`,"js"))}
-
-      ${e("render-sync","renderSync(spec, options?)")}
-      <p>Synchronous. Calls the view function directly \u2014 no server fetcher resolution. The fastest path for unit testing pure view functions.</p>
-      ${s(["Option","Type","Default","Description"],[["<code>state</code>","<code>object</code>","<code>{}</code>","State overrides merged with <code>spec.state</code>."],["<code>server</code>","<code>object</code>","<code>{}</code>","Server state passed directly to the view. Fetchers are never called."]])}
-      ${t(o(`import { renderSync } from '@invisibleloop/pulse/testing'
-
-const result = renderSync(formSpec, {
-  state:  { name: 'Alice', email: 'alice@example.com' },
-  server: { plans: [{ id: 'pro', label: 'Pro' }] },
-})`,"js"))}
-
-      ${e("render-async","render(spec, options?)")}
-      <p>Async. Two modes \u2014 mock or integration:</p>
-      <ul>
-        <li><strong>Mock mode</strong> \u2014 pass <code>server</code> to use that data directly. Fetchers are not called. Fast and deterministic.</li>
-        <li><strong>Integration mode</strong> \u2014 omit <code>server</code> and real <code>spec.server</code> fetchers run. Pass <code>ctx</code> to set params, cookies, headers, etc.</li>
-      </ul>
-      ${s(["Option","Type","Default","Description"],[["<code>state</code>","<code>object</code>","<code>{}</code>","State overrides merged with <code>spec.state</code>."],["<code>server</code>","<code>object</code>","<code>undefined</code>","Server state passed directly to the view. When set, fetchers are skipped entirely."],["<code>ctx</code>","<code>object</code>","<code>{}</code>","Request context passed to <code>spec.server</code> fetchers (integration mode only). Accepts <code>params</code>, <code>query</code>, <code>cookies</code>, <code>headers</code>, etc."]])}
-      ${t(o(`import { render } from '@invisibleloop/pulse/testing'
-
-// Mock \u2014 skip fetchers
-const result = await render(productSpec, {
-  server: { product: { id: 42, name: 'Gadget' } }
-})
-
-// Integration \u2014 real fetchers, with ctx
-const result = await render(productSpec, {
-  ctx: { params: { id: '42' }, cookies: { session: 'abc' } }
-})`,"js"))}
-
-      ${e("render-result","RenderResult")}
-      <p>Both functions return the same <code>RenderResult</code> object.</p>
-      ${s(["Property / method","Returns","Description"],[["<code>.html</code>","<code>string</code>","Raw HTML string from the view."],["<code>.state</code>","<code>object</code>","Client state used for rendering."],["<code>.server</code>","<code>object</code>","Server state used for rendering."],["<code>.text()</code>","<code>string</code>","All text content \u2014 tags stripped, entities decoded, whitespace collapsed."],["<code>.has(selector)</code>","<code>boolean</code>","True if any element matches selector."],["<code>.find(selector)</code>","<code>Element | null</code>","First matching element, or null."],["<code>.get(selector)</code>","<code>Element</code>","First matching element. Throws with a clear message if not found."],["<code>.findAll(selector)</code>","<code>Element[]</code>","All matching elements."],["<code>.count(selector)</code>","<code>number</code>","Number of matching elements."],["<code>.attr(selector, name)</code>","<code>string | null</code>","Attribute value of the first matching element. Null if element or attribute absent."]])}
-
-      ${e("element","Element")}
-      <p>Elements returned by <code>find()</code>, <code>get()</code>, and <code>findAll()</code> support the same query methods scoped to their own subtree.</p>
-      ${s(["Property / method","Returns","Description"],[["<code>.tag</code>","<code>string</code>","Tag name (lowercase)."],["<code>.text</code>","<code>string</code>","All text content within the element, whitespace-collapsed."],["<code>.attrs</code>","<code>object</code>","Parsed attribute map. Boolean attrs (e.g. <code>disabled</code>) have value <code>true</code>."],["<code>.attr(name)</code>","<code>string | null</code>",'Get one attribute. Returns <code>""</code> for boolean attrs, <code>null</code> if absent \u2014 mirrors <code>getAttribute()</code>.'],["<code>.find(selector)</code>","<code>Element | null</code>","First matching descendant."],["<code>.findAll(selector)</code>","<code>Element[]</code>","All matching descendants."],["<code>.has(selector)</code>","<code>boolean</code>","True if any descendant matches selector."]])}
-
-      ${e("selectors","Supported selectors")}
-      <p>The selector engine supports the most common patterns. Descendant combinators (<code>div p</code>) are not supported \u2014 use <code>element.findAll()</code> to search within a matched element instead.</p>
-      ${s(["Selector","Example","Matches"],[["Tag","<code>button</code>","Any <code>&lt;button&gt;</code>"],["Class","<code>.ui-btn</code>","Elements with that class"],["ID","<code>#submit</code>","Element with that id"],["Attribute present","<code>[disabled]</code>","Elements with a <code>disabled</code> attribute"],["Attribute value",'<code>[type="submit"]</code>',"Elements where <code>type</code> equals <code>submit</code>"],["Compound","<code>button.primary[disabled]</code>","All conditions on the same element"]])}
-      ${t(o(`result.has('button')                         // any <button>
-result.has('.ui-btn--primary')               // BEM modifier class
-result.has('[data-action="submit"]')         // data attribute
-result.has('input[type="email"][required]')  // compound
-result.get('form').findAll('input')          // inputs inside form`,"js"))}
-
-      ${e("patterns","Common patterns")}
-      ${t(o(`// Assert an element exists and check its text
-assert.equal(result.get('h1').text, 'Page Title')
-
-// Assert an element does NOT exist
-assert(!result.has('.error-message'))
-
-// Check an attribute value
-assert.equal(result.attr('input[name="email"]', 'type'), 'email')
-
-// Boolean attributes \u2014 attr() returns '' (not 'disabled')
-assert.equal(result.attr('[disabled]', 'disabled'), '')
-assert(result.get('[disabled]').attr('disabled') === '')
-
-// Count elements
-assert.equal(result.count('li'), 3)
-
-// Inspect all items
-const items = result.findAll('li')
-assert.equal(items[0].text, 'Alpha')
-assert.equal(items[1].text, 'Beta')
-
-// Scope a search to a subtree
-const form = result.get('form')
-assert(form.has('button[type="submit"]'))
-assert.equal(form.count('input'), 2)
-
-// Text content decodes entities
-// <p>&lt;b&gt;bold&lt;/b&gt;</p> \u2192 text === '<b>bold</b>'
-assert.equal(result.get('p').text, '<b>bold</b>')`,"js"))}
-
-      ${e("test-file","Example test file")}
-      ${t(o(`/**
- * src/pages/counter.test.js
- * run: node src/pages/counter.test.js
- */
-import { test } from 'node:test'
-import assert from 'node:assert/strict'
-import { renderSync } from '@invisibleloop/pulse/testing'
-import spec from './counter.js'
-
-test('renders the current count', () => {
-  const result = renderSync(spec, { state: { count: 7 } })
-  assert.equal(result.get('#count').text, '7')
-})
-
-test('increment mutation returns count + 1', () => {
-  const next = spec.mutations.increment({ count: 0 })
-  assert.equal(next.count, 1)
-})
-
-test('decrement mutation returns count - 1', () => {
-  const next = spec.mutations.decrement({ count: 5 })
-  assert.equal(next.count, 4)
-})
-
-test('view renders increment and decrement buttons', () => {
-  const result = renderSync(spec)
-  assert(result.has('[data-event="increment"]'))
-  assert(result.has('[data-event="decrement"]'))
-})`,"js"))}
-      ${u("note","Use <code>renderSync</code> for mutations and pure view tests \u2014 it's synchronous and needs no <code>await</code>. Use <code>render</code> when your spec has <code>server</code> fetchers you want to exercise for integration coverage.")}
-    `})};var r=document.getElementById("pulse-root");r&&!r.dataset.pulseMounted&&(r.dataset.pulseMounted="1",c(n,r,window.__PULSE_SERVER__||{},{ssr:!0}),m(r,c));var S=n;export{S as default};

package/docs/public/dist/validation.boot-PQHYGW5B.js

@@ -1,100 +0,0 @@
-import{a as r}from"./runtime-QFURDKA2.js";import{a as s,b as l,c as n,d as c,e,g as t,h as o,i as u}from"./runtime-L2HNXIHW.js";import{a as i,b as m}from"./runtime-B73WLANC.js";var{prev:p,next:f}=s("/validation"),d={route:"/validation",meta:{title:"Validation \u2014 Pulse Docs",description:"Declarative validation rules in Pulse \u2014 syntax, formats, dot-path notation, and error handling.",styles:["/docs.css"]},state:{},view:()=>l({currentHref:"/validation",prev:p,next:f,content:`
-      ${n("Validation")}
-      ${c("Validation rules are declared in the spec, co-located with the state they guard. When an action sets <code>validate: true</code>, Pulse enforces every rule before the async work runs. Invalid data cannot reach <code>run()</code>.")}
-
-      ${e("declaring","Declaring validation rules")}
-      <p>The <code>validation</code> field maps dot-path state keys to rule objects:</p>
-      ${t(r(`export default {
-  route: '/signup',
-  state: {
-    fields: { name: '', email: '', age: '', website: '' },
-  },
-  validation: {
-    'fields.name':    { required: true, minLength: 2, maxLength: 100 },
-    'fields.email':   { required: true, format: 'email' },
-    'fields.age':     { required: true, min: 18, max: 120 },
-    'fields.website': { format: 'url' },   // optional field, but must be valid URL if provided
-  },
-  // ...
-}`,"js"))}
-
-      ${e("rules","Available rules")}
-      ${o(["Rule","Type","Description"],[["<code>required</code>","<code>boolean</code>","Field must be present and non-empty."],["<code>minLength</code>","<code>number</code>","String must be at least N characters."],["<code>maxLength</code>","<code>number</code>","String must be at most N characters."],["<code>min</code>","<code>number</code>","Numeric value must be \u2265 N."],["<code>max</code>","<code>number</code>","Numeric value must be \u2264 N."],["<code>pattern</code>","<code>RegExp | string</code>","Value must match the regular expression."],["<code>format</code>","<code>string</code>","Named format: <code>email</code>, <code>url</code>, or <code>numeric</code>."]])}
-
-      ${e("formats","Named formats")}
-      ${o(["Format","What it checks"],[["<code>email</code>","Basic email structure \u2014 must contain <code>@</code> and a domain."],["<code>url</code>","Must start with <code>http://</code> or <code>https://</code>."],["<code>numeric</code>","Must consist entirely of digit characters."]])}
-
-      ${e("dot-paths","Dot-path notation")}
-      <p>Validation keys are dot-paths into the current <code>state</code>, allowing nested fields to be validated without any special syntax:</p>
-      ${t(r(`state: {
-  billing: {
-    address: { street: '', city: '', postcode: '' },
-    card:    { number: '', expiry: '' },
-  },
-}
-
-validation: {
-  'billing.address.street':   { required: true },
-  'billing.address.city':     { required: true },
-  'billing.address.postcode': { required: true, pattern: /^[A-Z]{1,2}\\d[A-Z\\d]? \\d[A-Z]{2}$/i },
-  'billing.card.number':      { required: true, format: 'numeric', minLength: 16, maxLength: 16 },
-  'billing.card.expiry':      { required: true },
-}`,"js"))}
-
-      ${e("when-runs","When validation runs")}
-      <p>Validation only runs when an action declares <code>validate: true</code>. The order is enforced by the framework:</p>
-      <ol>
-        <li><code>onStart</code> captures <code>FormData</code> values into state</li>
-        <li>Validation reads those values from state using dot-paths</li>
-        <li>If any rules fail, <code>onError</code> is called immediately \u2014 <code>run</code> is skipped</li>
-      </ol>
-      ${u("note","Validation reads from <strong>state</strong>, not from raw <code>FormData</code>. <code>onStart</code> must copy form values into state first \u2014 this is what makes them available to dot-path rules.")}
-
-      ${e("error-structure","Error structure")}
-      <p>When validation fails, the runtime throws an error object with a <code>validation</code> array:</p>
-      ${t(r(`{
-  message: 'Validation failed',
-  validation: [
-    { field: 'fields.email',   rule: 'format',   message: 'Must be a valid email address' },
-    { field: 'fields.name',    rule: 'required',  message: 'Required' },
-    { field: 'fields.age',     rule: 'min',       message: 'Must be at least 18' },
-  ]
-}`,"js"))}
-      <p>In your action's <code>onError</code>, check for <code>err?.validation</code> to distinguish validation errors from other failures:</p>
-      ${t(r(`onError: (state, err) => ({
-  status: 'error',
-  errors: err?.validation ?? [{ message: err.message }],
-})`,"js"))}
-
-      ${e("rendering","Rendering errors")}
-      <p>The errors array maps to UI in the view \u2014 a global error list, or inline errors using the <code>field</code> property to place them next to each input:</p>
-      ${t(r(`view: (state) => {
-  const errFor = (field) => {
-    const e = state.errors.find(e => e.field === field)
-    return e ? \`<p class="field-error">\${e.message}</p>\` : ''
-  }
-
-  return \`
-    <form data-action="submit">
-      <label>
-        Email
-        <input name="email" type="email" value="\${state.fields.email}">
-        \${errFor('fields.email')}
-      </label>
-      <label>
-        Name
-        <input name="name" type="text" value="\${state.fields.name}">
-        \${errFor('fields.name')}
-      </label>
-      <button>Submit</button>
-    </form>
-  \`
-}`,"js"))}
-
-      ${e("optional-fields","Optional fields")}
-      <p>Omit <code>required: true</code> for optional fields. Other rules (format, minLength, etc.) are only enforced when the field has a value \u2014 empty optional fields always pass:</p>
-      ${t(r(`validation: {
-  // website is optional, but must be a valid URL if provided
-  'fields.website': { format: 'url' },
-}`,"js"))}
-    `})};var a=document.getElementById("pulse-root");a&&!a.dataset.pulseMounted&&(a.dataset.pulseMounted="1",i(d,a,window.__PULSE_SERVER__||{},{ssr:!0}),m(a,i));var q=d;export{q as default};