@jakuta-inc/worker-proxy 4.0.0 → 5.0.1

package/dist/index.d.ts

@@ -1,3 +1,4 @@
-export type { VentureProxyConfig, CentralAdminProxyConfig, ProxyOutcome, ProxyHandler, ProxyError } from "./same-origin-proxy.js";
-export { ADMIN_API_BASE, createVentureProxyHandler, createCentralAdminProxyHandler } from "./same-origin-proxy.js";
+export type { Backend, PathRewrite, Route, HealthProbeResult, ProxyHealthCheck, ProxyHandlerConfig, ProxyOutcome, ProxyHandler, ProxyError, } from "./same-origin-proxy.js";
+export { ADMIN_API_BASE, createProxyHandler, createAdminAuthRoute, } from "./same-origin-proxy.js";
+export { VENTURE_API_PREFIX, createVentureApiRoute, } from "./venture_api_route.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,kBAAkB,EAAE,uBAAuB,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAClI,OAAO,EAAE,cAAc,EAAE,yBAAyB,EAAE,8BAA8B,EAAE,MAAM,wBAAwB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,OAAO,EACP,WAAW,EACX,KAAK,EACL,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,YAAY,EACZ,UAAU,GACX,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,kBAAkB,EAClB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC"}

package/dist/index.js

@@ -1,2 +1,3 @@
-export { ADMIN_API_BASE, createVentureProxyHandler, createCentralAdminProxyHandler } from "./same-origin-proxy.js";
+export { ADMIN_API_BASE, createProxyHandler, createAdminAuthRoute, } from "./same-origin-proxy.js";
+export { VENTURE_API_PREFIX, createVentureApiRoute, } from "./venture_api_route.js";
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,yBAAyB,EAAE,8BAA8B,EAAE,MAAM,wBAAwB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAWA,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,kBAAkB,EAClB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC"}

package/dist/same-origin-proxy.d.ts

@@ -1,20 +1,107 @@
 export declare const ADMIN_API_BASE = "https://jakuta-admin-api.fly.dev";
+interface BackendBase {
+    readonly base: string;
+}
+/**
+ * A backend identity. The `kind` discriminant determines the cookie-transform
+ * policy applied when forwarding a request to this backend:
+ *
+ * - `"admin"` — the admin backend owns the `admin_session` cookie, so the
+ *   inbound `Cookie` header is preserved verbatim on the outbound hop. Any
+ *   inbound `X-Admin-Session` header is stripped first, because that header
+ *   is a proxy-internal trust boundary and a client that sets it is
+ *   attempting forgery.
+ * - `"venture"` — a venture backend must never see the raw `admin_session`
+ *   cookie. The proxy deletes the `Cookie` header and, if an `admin_session`
+ *   was present, injects `X-Admin-Session: <session_id>` carrying the raw
+ *   session id for `admin-client`'s `extract_session_from_handoff_header`.
+ *   Any inbound `X-Admin-Session` header is stripped first (forgery defense).
+ *
+ * Cookie-transform semantics are an attribute of the Backend, not of the
+ * Route. There is no per-route override. Any caller that could point a route
+ * at the admin backend while running the venture cookie-stripping transform
+ * would break web session restore on admin-api; attaching the transform to
+ * backend identity makes that state unrepresentable.
+ */
+export type Backend = (BackendBase & {
+    readonly kind: "admin";
+}) | (BackendBase & {
+    readonly kind: "venture";
+});
 /**
- * @field ventureApiBase - Origin of the venture's Fly.io backend (e.g. "https://venoble-backend.fly.dev")
- * @field adminApiBase - Origin of the jakuta-admin API on Fly.io (e.g. "https://jakuta-admin-api.fly.dev")
+ * A path-rewrite policy applied to the incoming pathname before forwarding.
+ * Either an identity passthrough or an explicit transform function. Encoded
+ * as a discriminated union so `createProxyHandler` callers cannot omit the
+ * decision — every Route states its rewrite policy explicitly.
  */
-export interface VentureProxyConfig {
-    ventureApiBase: string;
-    adminApiBase: string;
+export type PathRewrite = {
+    readonly kind: "identity";
+} | {
+    readonly kind: "transform";
+    readonly apply: (incomingPath: string) => string;
+};
+/**
+ * A single proxy route. Matched by `pathPrefix` as exact-equal OR
+ * prefix-followed-by-slash (so `/api` matches `/api` and `/api/foo` but not
+ * `/apiary`). First match in the route list wins.
+ *
+ * @field pathPrefix - Path prefix to match against the incoming request pathname
+ * @field target - Backend to forward matched requests to
+ * @field rewrite - Path rewrite policy applied before forwarding
+ */
+export interface Route {
+    readonly pathPrefix: string;
+    readonly target: Backend;
+    readonly rewrite: PathRewrite;
 }
 /**
- * @field adminApiBase - Origin of the jakuta-admin API on Fly.io. The central
- *   admin frontend has no venture backend — /api/* resolves to the admin API
- *   directly.
+ * Result of probing a backend's `/health` endpoint.
+ *
+ * @field status - `"ok"` if the backend responded with a 2xx, `"error"` on non-2xx or network failure
+ * @field probeUrl - The full URL that was probed, useful for error reporting
  */
-export interface CentralAdminProxyConfig {
-    adminApiBase: string;
+export interface HealthProbeResult {
+    readonly status: "ok" | "error";
+    readonly probeUrl: string;
 }
+/**
+ * Health-check hook configuration. The unified proxy handler probes every
+ * backend in `probeTargets` in parallel and hands the results to
+ * `buildHealthResponse`, which is responsible for shaping the final response
+ * JSON and status code. Different frontends want different health payload
+ * shapes — the venture frontend reports both venture and admin, the central
+ * admin frontend reports admin only — so the handler does not hardcode a
+ * shape.
+ *
+ * The `results` map is keyed by backend kind (`"admin"` or `"venture"`). A
+ * `probeTargets` list that contains two backends of the same kind will have
+ * the later probe overwrite the earlier one in the map — do not pass
+ * duplicates.
+ */
+export type ProxyHealthCheck = {
+    readonly kind: "disabled";
+} | {
+    readonly kind: "enabled";
+    readonly path: string;
+    readonly probeTargets: readonly Backend[];
+    readonly buildHealthResponse: (results: Record<string, HealthProbeResult>) => Response;
+};
+/**
+ * Declarative configuration for `createProxyHandler`.
+ *
+ * @field routes - Ordered list of routes; first match wins
+ * @field healthCheck - Health-check hook configuration (use `{ kind: "disabled" }` to skip)
+ */
+export interface ProxyHandlerConfig {
+    readonly routes: readonly Route[];
+    readonly healthCheck: ProxyHealthCheck;
+}
+/**
+ * Outcome of `ProxyHandler.handleRequest`. Either the request was proxied
+ * (in which case the caller should return `proxiedResponse` to the client)
+ * or it was not matched by any route (in which case the caller should fall
+ * through to its next handler, typically OpenNext/Next.js).
+ */
 export type ProxyOutcome = {
     readonly proxied: true;
     readonly proxiedResponse: Response;
@@ -22,55 +109,54 @@ export type ProxyOutcome = {
     readonly proxied: false;
 };
 /**
+ * A structured proxy-internal error surfaced as a JSON 502 to the client.
+ *
  * @field kind - Discriminant tag for the error variant
  * @field target - Full URL that the proxy attempted to reach
- * @field backendName - Which backend was unreachable
+ * @field backendKind - Kind of backend that was unreachable
  */
-export type ProxyError = {
-    kind: "backend_unreachable";
-    target: string;
-    backendName: "venture" | "admin";
-};
+export interface ProxyError {
+    readonly kind: "backend_unreachable";
+    readonly target: string;
+    readonly backendKind: Backend["kind"];
+}
 /**
+ * The public proxy interface. Built by `createProxyHandler`.
+ *
  * @field handleRequest - Route an incoming worker request through the proxy, returning a proxied response or fall-through signal
  */
 export interface ProxyHandler {
     handleRequest(workerRequest: Request): Promise<ProxyOutcome>;
 }
 /**
- * Venture frontend proxy handler. Routes `/api/*` to the venture's own
- * backend and `/auth/*` to the admin backend (rewriting `/auth/*` to
- * `/api/auth/*`). This is the correct handler for every venture frontend.
+ * Build a `Route` that proxies `/auth/*` to the admin backend's `/api/auth/*`
+ * surface with cookies preserved. Every frontend that renders admin-shell's
+ * login UI needs this route, because admin-shell's `AdminRoute.*` constants
+ * (`/auth/login`, `/auth/logout`, `/auth/session`) are the single source of
+ * truth for the browser-facing path — the admin-api surface lives at
+ * `/api/auth/*`, and the rewrite connects the two.
  *
- * # Cookie-to-header handoff (venture `/api/*` branch)
+ * Spread the result into your `routes` array; do not hand-maintain the
+ * rewrite.
  *
- * On every inbound request the handler unconditionally strips any
- * `X-Admin-Session` header a client may have set — the header is an
- * internal trust boundary and a client that tries to set it is attempting
- * forgery. On the venture-api hop the handler then reads the
- * `admin_session` cookie, strips it (so venture backends never see it),
- * and — if present — injects an `X-Admin-Session: <session_id>` header
- * carrying the raw value for `jakuta-admin-client`'s
- * `extract_session_from_handoff_header` to consume on the Rust side.
- *
- * If no cookie is present, no header is injected, and venture-api returns
- * 401. There is deliberately no fallback path — see the integration guide
- * section 13 for the full trust model.
- *
- * @param proxyConfig - Backend origins to proxy to; bound once at Worker startup
- * @returns ProxyHandler that routes /api/*, /auth/*, and /_proxy/health requests
+ * @param adminBase - Origin of the jakuta-admin API (e.g. ADMIN_API_BASE)
+ * @returns A Route that matches `/auth` / `/auth/*` and forwards to `adminBase/api/auth/*`
  */
-export declare function createVentureProxyHandler(proxyConfig: VentureProxyConfig): ProxyHandler;
+export declare function createAdminAuthRoute(adminBase: string): Route;
 /**
- * Central admin frontend proxy handler. Routes `/api/*` to the admin backend
- * with cookies preserved — the central admin frontend IS the admin frontend,
- * so its `admin_session` cookie must reach `jakuta-admin-api` unmodified.
- * Does NOT handle `/auth/*` because the central admin frontend calls
- * `/api/auth/*` directly; any `/auth/*` hit falls through to the Next.js
- * handler.
+ * Build a `ProxyHandler` from a declarative `ProxyHandlerConfig`. This is the
+ * single handler constructor — there is no separate venture or central-admin
+ * handler. Consumers express their routing topology as a list of
+ * `Route`s pointing at `Backend`s, and the handler dispatches by first-match.
+ *
+ * The cookie transform applied on each hop is determined by the target
+ * backend's `kind` (`"admin"` → preserve cookie, `"venture"` → cookie-to-header
+ * handoff). There is no per-route override. See the `Backend` doc comment for
+ * why this is unrepresentable state, not a missing feature.
  *
- * @param proxyConfig - Admin backend origin to proxy to; bound once at Worker startup
- * @returns ProxyHandler that routes /api/* and /_proxy/health requests
+ * @param config - Declarative route list and health-check hook
+ * @returns A ProxyHandler whose `handleRequest` dispatches the inbound request
  */
-export declare function createCentralAdminProxyHandler(proxyConfig: CentralAdminProxyConfig): ProxyHandler;
+export declare function createProxyHandler(config: ProxyHandlerConfig): ProxyHandler;
+export {};
 //# sourceMappingURL=same-origin-proxy.d.ts.map

package/dist/same-origin-proxy.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"same-origin-proxy.d.ts","sourceRoot":"","sources":["../src/same-origin-proxy.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,cAAc,qCAAqC,CAAC;AAEjE;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;;GAIG;AACH,MAAM,WAAW,uBAAuB;IACtC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,MAAM,YAAY,GACpB;IAAE,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC;IAAC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAA;CAAE,GAC9D;IAAE,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAA;CAAE,CAAC;AAEhC;;;;GAIG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB,IAAI,EAAE,qBAAqB,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,SAAS,GAAG,OAAO,CAAC;CAClC,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,aAAa,CAAC,aAAa,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CAC9D;AA8ID;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,yBAAyB,CAAC,WAAW,EAAE,kBAAkB,GAAG,YAAY,CAiDvF;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,8BAA8B,CAC5C,WAAW,EAAE,uBAAuB,GACnC,YAAY,CAgCd"}
+{"version":3,"file":"same-origin-proxy.d.ts","sourceRoot":"","sources":["../src/same-origin-proxy.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,cAAc,qCAAqC,CAAC;AAEjE,UAAU,WAAW;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,MAAM,OAAO,GACf,CAAC,WAAW,GAAG;IAAE,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAA;CAAE,CAAC,GAC1C,CAAC,WAAW,GAAG;IAAE,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAA;CAAE,CAAC,CAAC;AAEjD;;;;;GAKG;AACH,MAAM,MAAM,WAAW,GACnB;IAAE,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAA;CAAE,GAC7B;IAAE,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC;IAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,YAAY,EAAE,MAAM,KAAK,MAAM,CAAA;CAAE,CAAC;AAErF;;;;;;;;GAQG;AACH,MAAM,WAAW,KAAK;IACpB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC;CAC/B;AAED;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,MAAM,EAAE,IAAI,GAAG,OAAO,CAAC;IAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,MAAM,gBAAgB,GACxB;IAAE,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAA;CAAE,GAC7B;IACE,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,YAAY,EAAE,SAAS,OAAO,EAAE,CAAC;IAC1C,QAAQ,CAAC,mBAAmB,EAAE,CAC5B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,KACvC,QAAQ,CAAC;CACf,CAAC;AAEN;;;;;GAKG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,MAAM,EAAE,SAAS,KAAK,EAAE,CAAC;IAClC,QAAQ,CAAC,WAAW,EAAE,gBAAgB,CAAC;CACxC;AAED;;;;;GAKG;AACH,MAAM,MAAM,YAAY,GACpB;IAAE,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC;IAAC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAA;CAAE,GAC9D;IAAE,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAA;CAAE,CAAC;AAEhC;;;;;;GAMG;AACH,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,IAAI,EAAE,qBAAqB,CAAC;IACrC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;CACvC;AAED;;;;GAIG;AACH,MAAM,WAAW,YAAY;IAC3B,aAAa,CAAC,aAAa,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CAC9D;AAuMD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,MAAM,GAAG,KAAK,CAS7D;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,kBAAkB,GAAG,YAAY,CA+C3E"}

package/dist/same-origin-proxy.js

@@ -59,8 +59,9 @@ function stripInboundHandoffHeader(originalHeaders) {
     return stripped;
 }
 async function forwardToBackend(forwardInput) {
-    const targetUrl = new URL(forwardInput.targetPath + forwardInput.originalUrl.search, forwardInput.targetBase);
-    const forwardedHeaders = forwardInput.backendName === "venture"
+    const target = forwardInput.target;
+    const targetUrl = new URL(forwardInput.targetPath + forwardInput.originalUrl.search, target.base);
+    const forwardedHeaders = target.kind === "venture"
         ? buildVentureForwardedHeaders(forwardInput.originalRequest.headers)
         : stripInboundHandoffHeader(forwardInput.originalRequest.headers);
     try {
@@ -75,122 +76,142 @@ async function forwardToBackend(forwardInput) {
         const proxyError = {
             kind: "backend_unreachable",
             target: targetUrl.toString(),
-            backendName: forwardInput.backendName,
+            backendKind: target.kind,
         };
         return jsonErrorResponse({
             httpStatus: 502,
             errorBody: {
                 error: proxyError.kind,
                 target: proxyError.target,
-                backend: proxyError.backendName,
-                message: `Proxy couldn't reach the ${proxyError.backendName} backend at ${proxyError.target}. Check /_proxy/health to verify both backends are reachable.`,
+                backend: proxyError.backendKind,
+                message: `Proxy couldn't reach the ${proxyError.backendKind} backend at ${proxyError.target}. Check the configured health path to verify the backend is reachable.`,
             },
         });
     }
 }
+function matchPathPrefix(params) {
+    if (params.pathname === params.prefix) {
+        return { kind: "match" };
+    }
+    if (params.pathname.startsWith(params.prefix + "/")) {
+        return { kind: "match" };
+    }
+    return { kind: "no_match" };
+}
+function assertNeverPathRewrite(rewrite) {
+    throw new Error(`unreachable PathRewrite variant: ${JSON.stringify(rewrite)}`);
+}
+function applyPathRewrite(params) {
+    switch (params.rewrite.kind) {
+        case "identity":
+            return params.incomingPath;
+        case "transform":
+            return params.rewrite.apply(params.incomingPath);
+        default:
+            return assertNeverPathRewrite(params.rewrite);
+    }
+}
+function normalizeBackend(backend) {
+    return { kind: backend.kind, base: stripTrailingSlash(backend.base) };
+}
+function normalizeRoute(route) {
+    return {
+        pathPrefix: route.pathPrefix,
+        target: normalizeBackend(route.target),
+        rewrite: route.rewrite,
+    };
+}
+function assertNeverHealthCheck(healthCheck) {
+    throw new Error(`unreachable ProxyHealthCheck variant: ${JSON.stringify(healthCheck)}`);
+}
+function normalizeHealthCheck(healthCheck) {
+    switch (healthCheck.kind) {
+        case "disabled":
+            return healthCheck;
+        case "enabled":
+            return {
+                kind: "enabled",
+                path: healthCheck.path,
+                probeTargets: healthCheck.probeTargets.map(normalizeBackend),
+                buildHealthResponse: healthCheck.buildHealthResponse,
+            };
+        default:
+            return assertNeverHealthCheck(healthCheck);
+    }
+}
 /**
- * Venture frontend proxy handler. Routes `/api/*` to the venture's own
- * backend and `/auth/*` to the admin backend (rewriting `/auth/*` to
- * `/api/auth/*`). This is the correct handler for every venture frontend.
- *
- * # Cookie-to-header handoff (venture `/api/*` branch)
+ * Build a `Route` that proxies `/auth/*` to the admin backend's `/api/auth/*`
+ * surface with cookies preserved. Every frontend that renders admin-shell's
+ * login UI needs this route, because admin-shell's `AdminRoute.*` constants
+ * (`/auth/login`, `/auth/logout`, `/auth/session`) are the single source of
+ * truth for the browser-facing path — the admin-api surface lives at
+ * `/api/auth/*`, and the rewrite connects the two.
  *
- * On every inbound request the handler unconditionally strips any
- * `X-Admin-Session` header a client may have set — the header is an
- * internal trust boundary and a client that tries to set it is attempting
- * forgery. On the venture-api hop the handler then reads the
- * `admin_session` cookie, strips it (so venture backends never see it),
- * and — if present — injects an `X-Admin-Session: <session_id>` header
- * carrying the raw value for `jakuta-admin-client`'s
- * `extract_session_from_handoff_header` to consume on the Rust side.
+ * Spread the result into your `routes` array; do not hand-maintain the
+ * rewrite.
  *
- * If no cookie is present, no header is injected, and venture-api returns
- * 401. There is deliberately no fallback path — see the integration guide
- * section 13 for the full trust model.
- *
- * @param proxyConfig - Backend origins to proxy to; bound once at Worker startup
- * @returns ProxyHandler that routes /api/*, /auth/*, and /_proxy/health requests
+ * @param adminBase - Origin of the jakuta-admin API (e.g. ADMIN_API_BASE)
+ * @returns A Route that matches `/auth` / `/auth/*` and forwards to `adminBase/api/auth/*`
  */
-export function createVentureProxyHandler(proxyConfig) {
-    const ventureBase = stripTrailingSlash(proxyConfig.ventureApiBase);
-    const adminBase = stripTrailingSlash(proxyConfig.adminApiBase);
+export function createAdminAuthRoute(adminBase) {
     return {
-        async handleRequest(workerRequest) {
-            const requestUrl = new URL(workerRequest.url);
-            const pathname = requestUrl.pathname;
-            if (pathname === "/_proxy/health") {
-                const [venture, admin] = await Promise.all([
-                    probeHealth(ventureBase),
-                    probeHealth(adminBase),
-                ]);
-                const healthStatus = { venture, admin };
-                const allOk = venture.status === "ok" && admin.status === "ok";
-                const proxiedResponse = new Response(JSON.stringify(healthStatus), {
-                    status: allOk ? 200 : 503,
-                    headers: { "content-type": "application/json" },
-                });
-                return { proxied: true, proxiedResponse };
-            }
-            if (pathname === "/api" || pathname.startsWith("/api/")) {
-                const proxiedResponse = await forwardToBackend({
-                    originalRequest: workerRequest,
-                    originalUrl: requestUrl,
-                    targetBase: ventureBase,
-                    targetPath: pathname,
-                    backendName: "venture",
-                });
-                return { proxied: true, proxiedResponse };
-            }
-            if (pathname === "/auth" || pathname.startsWith("/auth/")) {
-                const adminPath = "/api" + pathname;
-                const proxiedResponse = await forwardToBackend({
-                    originalRequest: workerRequest,
-                    originalUrl: requestUrl,
-                    targetBase: adminBase,
-                    targetPath: adminPath,
-                    backendName: "admin",
-                });
-                return { proxied: true, proxiedResponse };
-            }
-            return { proxied: false };
+        pathPrefix: "/auth",
+        target: { kind: "admin", base: stripTrailingSlash(adminBase) },
+        rewrite: {
+            kind: "transform",
+            apply: (incomingPath) => "/api" + incomingPath,
         },
     };
 }
 /**
- * Central admin frontend proxy handler. Routes `/api/*` to the admin backend
- * with cookies preserved — the central admin frontend IS the admin frontend,
- * so its `admin_session` cookie must reach `jakuta-admin-api` unmodified.
- * Does NOT handle `/auth/*` because the central admin frontend calls
- * `/api/auth/*` directly; any `/auth/*` hit falls through to the Next.js
- * handler.
+ * Build a `ProxyHandler` from a declarative `ProxyHandlerConfig`. This is the
+ * single handler constructor — there is no separate venture or central-admin
+ * handler. Consumers express their routing topology as a list of
+ * `Route`s pointing at `Backend`s, and the handler dispatches by first-match.
+ *
+ * The cookie transform applied on each hop is determined by the target
+ * backend's `kind` (`"admin"` → preserve cookie, `"venture"` → cookie-to-header
+ * handoff). There is no per-route override. See the `Backend` doc comment for
+ * why this is unrepresentable state, not a missing feature.
  *
- * @param proxyConfig - Admin backend origin to proxy to; bound once at Worker startup
- * @returns ProxyHandler that routes /api/* and /_proxy/health requests
+ * @param config - Declarative route list and health-check hook
+ * @returns A ProxyHandler whose `handleRequest` dispatches the inbound request
  */
-export function createCentralAdminProxyHandler(proxyConfig) {
-    const adminBase = stripTrailingSlash(proxyConfig.adminApiBase);
+export function createProxyHandler(config) {
+    const normalizedRoutes = config.routes.map(normalizeRoute);
+    const normalizedHealthCheck = normalizeHealthCheck(config.healthCheck);
     return {
         async handleRequest(workerRequest) {
             const requestUrl = new URL(workerRequest.url);
             const pathname = requestUrl.pathname;
-            if (pathname === "/_proxy/health") {
-                const admin = await probeHealth(adminBase);
-                const healthStatus = { admin };
-                const proxiedResponse = new Response(JSON.stringify(healthStatus), {
-                    status: admin.status === "ok" ? 200 : 503,
-                    headers: { "content-type": "application/json" },
-                });
+            if (normalizedHealthCheck.kind === "enabled" &&
+                pathname === normalizedHealthCheck.path) {
+                const probeResults = await Promise.all(normalizedHealthCheck.probeTargets.map(async (backend) => {
+                    const result = await probeHealth(backend.base);
+                    return [backend.kind, result];
+                }));
+                const resultsByKind = {};
+                for (const [kind, result] of probeResults) {
+                    resultsByKind[kind] = result;
+                }
+                const proxiedResponse = normalizedHealthCheck.buildHealthResponse(resultsByKind);
                 return { proxied: true, proxiedResponse };
             }
-            if (pathname === "/api" || pathname.startsWith("/api/")) {
-                const proxiedResponse = await forwardToBackend({
-                    originalRequest: workerRequest,
-                    originalUrl: requestUrl,
-                    targetBase: adminBase,
-                    targetPath: pathname,
-                    backendName: "admin",
-                });
-                return { proxied: true, proxiedResponse };
+            for (const route of normalizedRoutes) {
+                const match = matchPathPrefix({ pathname, prefix: route.pathPrefix });
+                if (match.kind === "match") {
+                    const rewrittenPath = applyPathRewrite({
+                        rewrite: route.rewrite,
+                        incomingPath: pathname,
+                    });
+                    const proxiedResponse = await forwardToBackend({
+                        originalRequest: workerRequest,
+                        originalUrl: requestUrl,
+                        target: route.target,
+                        targetPath: rewrittenPath,
+                    });
+                    return { proxied: true, proxiedResponse };
+                }
             }
             return { proxied: false };
         },

package/dist/same-origin-proxy.js.map

@@ -1 +1 @@
-{"version":3,"file":"same-origin-proxy.js","sourceRoot":"","sources":["../src/same-origin-proxy.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,cAAc,GAAG,kCAAkC,CAAC;AAwDjE,MAAM,iBAAiB,GAAG,IAAI,CAAC;AAE/B,SAAS,kBAAkB,CAAC,SAAiB;IAC3C,OAAO,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AACtE,CAAC;AAOD,SAAS,iBAAiB,CAAC,UAAkC;IAC3D,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;QACxD,MAAM,EAAE,UAAU,CAAC,UAAU;QAC7B,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,OAAe;IACxC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IACxD,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YAC3C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,iBAAiB,CAAC;SAC/C,CAAC,CAAC;QACH,OAAO,EAAE,MAAM,EAAE,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC;IAClE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;IACvC,CAAC;AACH,CAAC;AAED,MAAM,yBAAyB,GAAG,eAAe,CAAC;AAClD,MAAM,4BAA4B,GAAG,iBAAiB,CAAC;AAMvD,SAAS,2BAA2B,CAAC,YAAoB;IACvD,MAAM,MAAM,GAAG,yBAAyB,GAAG,GAAG,CAAC;IAC/C,KAAK,MAAM,aAAa,IAAI,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACpD,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,EAAE,CAAC;QACrC,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QACvE,CAAC;IACH,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAC5B,CAAC;AAMD,SAAS,gBAAgB,CAAC,OAAgB;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACpC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC5B,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;AACpC,CAAC;AAED,SAAS,4BAA4B,CAAC,eAAwB;IAC5D,MAAM,SAAS,GAAG,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;IAC/C,SAAS,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IACjD,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC3B,IAAI,YAAY,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACpC,MAAM,aAAa,GAAG,2BAA2B,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACtE,IAAI,aAAa,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YACnC,SAAS,CAAC,GAAG,CAAC,4BAA4B,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;QAC1E,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,yBAAyB,CAAC,eAAwB;IACzD,MAAM,QAAQ,GAAG,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;IAC9C,QAAQ,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC;IAC9C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAUD,KAAK,UAAU,gBAAgB,CAAC,YAA0B;IACxD,MAAM,SAAS,GAAG,IAAI,GAAG,CACvB,YAAY,CAAC,UAAU,GAAG,YAAY,CAAC,WAAW,CAAC,MAAM,EACzD,YAAY,CAAC,UAAU,CACxB,CAAC;IAEF,MAAM,gBAAgB,GACpB,YAAY,CAAC,WAAW,KAAK,SAAS;QACpC,CAAC,CAAC,4BAA4B,CAAC,YAAY,CAAC,eAAe,CAAC,OAAO,CAAC;QACpE,CAAC,CAAC,yBAAyB,CAAC,YAAY,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IAEtE,IAAI,CAAC;QACH,OAAO,MAAM,KAAK,CAChB,IAAI,OAAO,CAAC,SAAS,EAAE;YACrB,MAAM,EAAE,YAAY,CAAC,eAAe,CAAC,MAAM;YAC3C,OAAO,EAAE,gBAAgB;YACzB,IAAI,EAAE,YAAY,CAAC,eAAe,CAAC,IAAI;YACvC,QAAQ,EAAE,QAAQ;SACnB,CAAC,CACH,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,UAAU,GAAe;YAC7B,IAAI,EAAE,qBAAqB;YAC3B,MAAM,EAAE,SAAS,CAAC,QAAQ,EAAE;YAC5B,WAAW,EAAE,YAAY,CAAC,WAAW;SACtC,CAAC;QACF,OAAO,iBAAiB,CAAC;YACvB,UAAU,EAAE,GAAG;YACf,SAAS,EAAE;gBACT,KAAK,EAAE,UAAU,CAAC,IAAI;gBACtB,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,OAAO,EAAE,UAAU,CAAC,WAAW;gBAC/B,OAAO,EAAE,4BAA4B,UAAU,CAAC,WAAW,eAAe,UAAU,CAAC,MAAM,+DAA+D;aAC3J;SACF,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,yBAAyB,CAAC,WAA+B;IACvE,MAAM,WAAW,GAAG,kBAAkB,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACnE,MAAM,SAAS,GAAG,kBAAkB,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IAE/D,OAAO;QACL,KAAK,CAAC,aAAa,CAAC,aAAsB;YACxC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;YAC9C,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;YAErC,IAAI,QAAQ,KAAK,gBAAgB,EAAE,CAAC;gBAClC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;oBACzC,WAAW,CAAC,WAAW,CAAC;oBACxB,WAAW,CAAC,SAAS,CAAC;iBACvB,CAAC,CAAC;gBACH,MAAM,YAAY,GAAwB,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;gBAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,KAAK,IAAI,IAAI,KAAK,CAAC,MAAM,KAAK,IAAI,CAAC;gBAC/D,MAAM,eAAe,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE;oBACjE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;oBACzB,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;iBAChD,CAAC,CAAC;gBACH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;YAC5C,CAAC;YAED,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxD,MAAM,eAAe,GAAG,MAAM,gBAAgB,CAAC;oBAC7C,eAAe,EAAE,aAAa;oBAC9B,WAAW,EAAE,UAAU;oBACvB,UAAU,EAAE,WAAW;oBACvB,UAAU,EAAE,QAAQ;oBACpB,WAAW,EAAE,SAAS;iBACvB,CAAC,CAAC;gBACH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;YAC5C,CAAC;YAED,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1D,MAAM,SAAS,GAAG,MAAM,GAAG,QAAQ,CAAC;gBACpC,MAAM,eAAe,GAAG,MAAM,gBAAgB,CAAC;oBAC7C,eAAe,EAAE,aAAa;oBAC9B,WAAW,EAAE,UAAU;oBACvB,UAAU,EAAE,SAAS;oBACrB,UAAU,EAAE,SAAS;oBACrB,WAAW,EAAE,OAAO;iBACrB,CAAC,CAAC;gBACH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;YAC5C,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC5B,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,8BAA8B,CAC5C,WAAoC;IAEpC,MAAM,SAAS,GAAG,kBAAkB,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IAE/D,OAAO;QACL,KAAK,CAAC,aAAa,CAAC,aAAsB;YACxC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;YAC9C,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;YAErC,IAAI,QAAQ,KAAK,gBAAgB,EAAE,CAAC;gBAClC,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,CAAC;gBAC3C,MAAM,YAAY,GAA6B,EAAE,KAAK,EAAE,CAAC;gBACzD,MAAM,eAAe,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE;oBACjE,MAAM,EAAE,KAAK,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;oBACzC,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;iBAChD,CAAC,CAAC;gBACH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;YAC5C,CAAC;YAED,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxD,MAAM,eAAe,GAAG,MAAM,gBAAgB,CAAC;oBAC7C,eAAe,EAAE,aAAa;oBAC9B,WAAW,EAAE,UAAU;oBACvB,UAAU,EAAE,SAAS;oBACrB,UAAU,EAAE,QAAQ;oBACpB,WAAW,EAAE,OAAO;iBACrB,CAAC,CAAC;gBACH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;YAC5C,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC5B,CAAC;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"same-origin-proxy.js","sourceRoot":"","sources":["../src/same-origin-proxy.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,cAAc,GAAG,kCAAkC,CAAC;AAuIjE,MAAM,iBAAiB,GAAG,IAAI,CAAC;AAE/B,SAAS,kBAAkB,CAAC,SAAiB;IAC3C,OAAO,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AACtE,CAAC;AAOD,SAAS,iBAAiB,CAAC,UAAkC;IAC3D,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;QACxD,MAAM,EAAE,UAAU,CAAC,UAAU;QAC7B,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,OAAe;IACxC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IACxD,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YAC3C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,iBAAiB,CAAC;SAC/C,CAAC,CAAC;QACH,OAAO,EAAE,MAAM,EAAE,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC;IAClE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;IACvC,CAAC;AACH,CAAC;AAED,MAAM,yBAAyB,GAAG,eAAe,CAAC;AAClD,MAAM,4BAA4B,GAAG,iBAAiB,CAAC;AAMvD,SAAS,2BAA2B,CAAC,YAAoB;IACvD,MAAM,MAAM,GAAG,yBAAyB,GAAG,GAAG,CAAC;IAC/C,KAAK,MAAM,aAAa,IAAI,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACpD,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,EAAE,CAAC;QACrC,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QACvE,CAAC;IACH,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAC5B,CAAC;AAMD,SAAS,gBAAgB,CAAC,OAAgB;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACpC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC5B,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;AACpC,CAAC;AAED,SAAS,4BAA4B,CAAC,eAAwB;IAC5D,MAAM,SAAS,GAAG,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;IAC/C,SAAS,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IACjD,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC3B,IAAI,YAAY,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACpC,MAAM,aAAa,GAAG,2BAA2B,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACtE,IAAI,aAAa,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YACnC,SAAS,CAAC,GAAG,CAAC,4BAA4B,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;QAC1E,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,yBAAyB,CAAC,eAAwB;IACzD,MAAM,QAAQ,GAAG,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;IAC9C,QAAQ,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC;IAC9C,OAAO,QAAQ,CAAC;AAClB,CAAC;AASD,KAAK,UAAU,gBAAgB,CAAC,YAA0B;IACxD,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;IACnC,MAAM,SAAS,GAAG,IAAI,GAAG,CACvB,YAAY,CAAC,UAAU,GAAG,YAAY,CAAC,WAAW,CAAC,MAAM,EACzD,MAAM,CAAC,IAAI,CACZ,CAAC;IAEF,MAAM,gBAAgB,GACpB,MAAM,CAAC,IAAI,KAAK,SAAS;QACvB,CAAC,CAAC,4BAA4B,CAAC,YAAY,CAAC,eAAe,CAAC,OAAO,CAAC;QACpE,CAAC,CAAC,yBAAyB,CAAC,YAAY,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IAEtE,IAAI,CAAC;QACH,OAAO,MAAM,KAAK,CAChB,IAAI,OAAO,CAAC,SAAS,EAAE;YACrB,MAAM,EAAE,YAAY,CAAC,eAAe,CAAC,MAAM;YAC3C,OAAO,EAAE,gBAAgB;YACzB,IAAI,EAAE,YAAY,CAAC,eAAe,CAAC,IAAI;YACvC,QAAQ,EAAE,QAAQ;SACnB,CAAC,CACH,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,UAAU,GAAe;YAC7B,IAAI,EAAE,qBAAqB;YAC3B,MAAM,EAAE,SAAS,CAAC,QAAQ,EAAE;YAC5B,WAAW,EAAE,MAAM,CAAC,IAAI;SACzB,CAAC;QACF,OAAO,iBAAiB,CAAC;YACvB,UAAU,EAAE,GAAG;YACf,SAAS,EAAE;gBACT,KAAK,EAAE,UAAU,CAAC,IAAI;gBACtB,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,OAAO,EAAE,UAAU,CAAC,WAAW;gBAC/B,OAAO,EAAE,4BAA4B,UAAU,CAAC,WAAW,eAAe,UAAU,CAAC,MAAM,wEAAwE;aACpK;SACF,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAWD,SAAS,eAAe,CAAC,MAA6B;IACpD,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;QACtC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IAC3B,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,GAAG,GAAG,CAAC,EAAE,CAAC;QACpD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IAC3B,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AAC9B,CAAC;AAOD,SAAS,sBAAsB,CAAC,OAAc;IAC5C,MAAM,IAAI,KAAK,CAAC,oCAAoC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;AACjF,CAAC;AAED,SAAS,gBAAgB,CAAC,MAA8B;IACtD,QAAQ,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5B,KAAK,UAAU;YACb,OAAO,MAAM,CAAC,YAAY,CAAC;QAC7B,KAAK,WAAW;YACd,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QACnD;YACE,OAAO,sBAAsB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAClD,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAgB;IACxC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,kBAAkB,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;AACxE,CAAC;AAED,SAAS,cAAc,CAAC,KAAY;IAClC,OAAO;QACL,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,MAAM,EAAE,gBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC;QACtC,OAAO,EAAE,KAAK,CAAC,OAAO;KACvB,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,WAAkB;IAChD,MAAM,IAAI,KAAK,CAAC,yCAAyC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;AAC1F,CAAC;AAED,SAAS,oBAAoB,CAAC,WAA6B;IACzD,QAAQ,WAAW,CAAC,IAAI,EAAE,CAAC;QACzB,KAAK,UAAU;YACb,OAAO,WAAW,CAAC;QACrB,KAAK,SAAS;YACZ,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,WAAW,CAAC,IAAI;gBACtB,YAAY,EAAE,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,CAAC;gBAC5D,mBAAmB,EAAE,WAAW,CAAC,mBAAmB;aACrD,CAAC;QACJ;YACE,OAAO,sBAAsB,CAAC,WAAW,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,oBAAoB,CAAC,SAAiB;IACpD,OAAO;QACL,UAAU,EAAE,OAAO;QACnB,MAAM,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,kBAAkB,CAAC,SAAS,CAAC,EAAE;QAC9D,OAAO,EAAE;YACP,IAAI,EAAE,WAAW;YACjB,KAAK,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,MAAM,GAAG,YAAY;SAC/C;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAA0B;IAC3D,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC3D,MAAM,qBAAqB,GAAG,oBAAoB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAEvE,OAAO;QACL,KAAK,CAAC,aAAa,CAAC,aAAsB;YACxC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;YAC9C,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;YAErC,IACE,qBAAqB,CAAC,IAAI,KAAK,SAAS;gBACxC,QAAQ,KAAK,qBAAqB,CAAC,IAAI,EACvC,CAAC;gBACD,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CACpC,qBAAqB,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;oBACvD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAC/C,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAU,CAAC;gBACzC,CAAC,CAAC,CACH,CAAC;gBACF,MAAM,aAAa,GAAsC,EAAE,CAAC;gBAC5D,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;oBAC1C,aAAa,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC;gBAC/B,CAAC;gBACD,MAAM,eAAe,GAAG,qBAAqB,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC;gBACjF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;YAC5C,CAAC;YAED,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;gBACrC,MAAM,KAAK,GAAG,eAAe,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;gBACtE,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC3B,MAAM,aAAa,GAAG,gBAAgB,CAAC;wBACrC,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,YAAY,EAAE,QAAQ;qBACvB,CAAC,CAAC;oBACH,MAAM,eAAe,GAAG,MAAM,gBAAgB,CAAC;wBAC7C,eAAe,EAAE,aAAa;wBAC9B,WAAW,EAAE,UAAU;wBACvB,MAAM,EAAE,KAAK,CAAC,MAAM;wBACpB,UAAU,EAAE,aAAa;qBAC1B,CAAC,CAAC;oBACH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;gBAC5C,CAAC;YACH,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC5B,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/venture_api_route.d.ts

@@ -0,0 +1,13 @@
+import type { Route } from "./same-origin-proxy.js";
+export declare const VENTURE_API_PREFIX = "/api";
+/**
+ * @why Builds the canonical venture-api route from a venture origin so
+ * every venture Worker proxy mounts `/api/*` the same way, keeping the
+ * Worker-side path contract aligned with the Rust `VENTURE_API_PREFIX`
+ * constant.
+ *
+ * @param ventureBase - Origin of the venture backend (scheme + host, no path).
+ * @returns A Route that matches `/api` / `/api/*` and forwards to `ventureBase`.
+ */
+export declare function createVentureApiRoute(ventureBase: string): Route;
+//# sourceMappingURL=venture_api_route.d.ts.map

package/dist/venture_api_route.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"venture_api_route.d.ts","sourceRoot":"","sources":["../src/venture_api_route.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,wBAAwB,CAAC;AAKpD,eAAO,MAAM,kBAAkB,SAAS,CAAC;AAEzC;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CAAC,WAAW,EAAE,MAAM,GAAG,KAAK,CAMhE"}

package/dist/venture_api_route.js

@@ -0,0 +1,21 @@
+// Mirror of `crates/jakuta-cli-core/src/venture_api_prefix.rs` — the two
+// constants MUST stay byte-identical so venture backends, venture plugins,
+// and venture Worker proxies all agree on where the admin surface is nested.
+export const VENTURE_API_PREFIX = "/api";
+/**
+ * @why Builds the canonical venture-api route from a venture origin so
+ * every venture Worker proxy mounts `/api/*` the same way, keeping the
+ * Worker-side path contract aligned with the Rust `VENTURE_API_PREFIX`
+ * constant.
+ *
+ * @param ventureBase - Origin of the venture backend (scheme + host, no path).
+ * @returns A Route that matches `/api` / `/api/*` and forwards to `ventureBase`.
+ */
+export function createVentureApiRoute(ventureBase) {
+    return {
+        pathPrefix: VENTURE_API_PREFIX,
+        target: { kind: "venture", base: ventureBase },
+        rewrite: { kind: "identity" },
+    };
+}
+//# sourceMappingURL=venture_api_route.js.map

package/dist/venture_api_route.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"venture_api_route.js","sourceRoot":"","sources":["../src/venture_api_route.ts"],"names":[],"mappings":"AAEA,yEAAyE;AACzE,2EAA2E;AAC3E,6EAA6E;AAC7E,MAAM,CAAC,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAEzC;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CAAC,WAAmB;IACrD,OAAO;QACH,UAAU,EAAE,kBAAkB;QAC9B,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE;QAC9C,OAAO,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE;KAChC,CAAC;AACN,CAAC"}

package/package.json

@@ -1,28 +1,28 @@
-{
-  "name": "@jakuta-inc/worker-proxy",
-  "version": "4.0.0",
-  "description": "Same-origin reverse proxy for Jakuta admin panel Cloudflare Workers",
-  "type": "module",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
-  "files": [
-    "dist"
-  ],
-  "scripts": {
-    "build": "tsc",
-    "prepublishOnly": "tsc",
-    "test": "vitest run"
-  },
-  "publishConfig": {
-    "access": "restricted"
-  },
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/Jakuta-Inc/jakuta-admin.git",
-    "directory": "packages/worker-proxy"
-  },
-  "devDependencies": {
-    "@cloudflare/workers-types": "^4.20250327.0",
-    "typescript": "^5.7.0"
-  }
-}
+{
+  "name": "@jakuta-inc/worker-proxy",
+  "version": "5.0.1",
+  "description": "Same-origin reverse proxy for Jakuta admin panel Cloudflare Workers",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "prepublishOnly": "tsc",
+    "test": "vitest run"
+  },
+  "publishConfig": {
+    "access": "restricted"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Jakuta-Inc/jakuta-admin.git",
+    "directory": "packages/worker-proxy"
+  },
+  "devDependencies": {
+    "@cloudflare/workers-types": "^4.20250327.0",
+    "typescript": "^5.7.0"
+  }
+}