@lunora/config 0.0.0 → 1.0.0-alpha.10

package/dist/packem_shared/reconcileWranglerBindings-DTHmqTbL.mjs

@@ -0,0 +1,277 @@
+import { writeFileSync } from 'node:fs';
+import { containerBuildTag } from '@lunora/container';
+import { modify, applyEdits } from 'jsonc-parser';
+import { findWranglerFile, readWranglerJsonc } from './WRANGLER_FILES-DwSuC-Kn.mjs';
+
+const FORMATTING = { formattingOptions: { insertSpaces: true, tabSize: 4 } };
+const D1_PLACEHOLDER_ID = "<replace-with-d1-create-id>";
+const collectExportGaps = (inferred) => {
+  const gaps = [];
+  for (const container of inferred.containers) {
+    if (!container.exported) {
+      gaps.push({ className: container.className, exportName: container.exportName, kind: "container", module: "containers" });
+    }
+  }
+  for (const workflow of inferred.workflows) {
+    if (!workflow.exported) {
+      gaps.push({ className: workflow.className, exportName: workflow.exportName, kind: "workflow", module: "workflows" });
+    }
+  }
+  return gaps;
+};
+const collectHintBindingWarnings = (inferred, parsed) => {
+  const rules = [
+    [
+      inferred.usesKv && (parsed?.kv_namespaces?.length ?? 0) === 0,
+      "@lunora/kv is used but no kv_namespaces binding exists; add a kv_namespaces entry ({ binding, id }) and pass env.<BINDING> to createKv() — the namespace id can't be auto-provisioned."
+    ],
+    [
+      inferred.usesHyperdrive && (parsed?.hyperdrive?.length ?? 0) === 0,
+      "@lunora/hyperdrive is used but no hyperdrive binding exists; run 'wrangler hyperdrive create' and add a 'hyperdrive' binding ({ binding, id }) — the id can't be auto-provisioned."
+    ],
+    [
+      inferred.usesPipelines && (parsed?.pipelines?.length ?? 0) === 0,
+      "@lunora/pipelines is used but no pipelines binding exists; run 'wrangler pipelines create <name>' and add a 'pipelines' binding ({ binding, pipeline }) — the pipeline resource can't be auto-provisioned."
+    ]
+  ];
+  return rules.filter(([active]) => active).map(([, warning]) => warning);
+};
+const collectWarnings = (inferred, parsed) => {
+  const exported = new Set(inferred.durableObjects.map((object) => object.className));
+  const warnings = [];
+  const hasR2Bucket = (parsed?.r2_buckets?.length ?? 0) > 0;
+  const hasSessionStore = (parsed?.d1_databases?.some((binding) => binding.binding === "DB") ?? false) || inferred.needsD1;
+  if (inferred.usesStorage && !hasR2Bucket) {
+    warnings.push(
+      "@lunora/storage is used but R2 bucket bindings have user-defined names; add an r2_buckets entry and pass env.<BINDING> to createStorage()."
+    );
+  }
+  if (inferred.usesAuth && !exported.has("SessionDO") && !hasSessionStore) {
+    warnings.push(
+      "@lunora/auth is used but the worker entry exports no SessionDO; sessions are D1-backed, or export SessionDO to enable DO-backed sessions."
+    );
+  }
+  if (inferred.usesScheduler && !exported.has("SchedulerDO")) {
+    warnings.push("@lunora/scheduler is used but the worker entry exports no SchedulerDO; export it so the SCHEDULER binding can be provisioned.");
+  }
+  for (const container of inferred.containers) {
+    if (!container.exported) {
+      warnings.push(
+        `container "${container.exportName}" is declared but ${container.className} is not exported by the worker entry; add \`export * from "./lunora/_generated/containers"\` so its binding can be provisioned.`
+      );
+    }
+  }
+  for (const workflow of inferred.workflows) {
+    if (!workflow.exported) {
+      warnings.push(
+        `workflow "${workflow.exportName}" is declared but ${workflow.className} is not exported by the worker entry; add \`export * from "./lunora/_generated/workflows"\` so its binding can be provisioned.`
+      );
+    }
+  }
+  if (inferred.containers.length > 0 && parsed?.observability?.enabled === false) {
+    warnings.push("containers are declared but observability is explicitly disabled in wrangler.jsonc — container logs will not be captured.");
+  }
+  if (inferred.usesPayment) {
+    warnings.push(
+      "@lunora/payment is used; set the provider secrets in .dev.vars — STRIPE_SECRET_KEY + STRIPE_WEBHOOK_SECRET (Stripe) or POLAR_ACCESS_TOKEN + POLAR_WEBHOOK_SECRET (Polar)."
+    );
+  }
+  warnings.push(...collectHintBindingWarnings(inferred, parsed));
+  return warnings;
+};
+const applyModify = (text, path, value) => {
+  const edits = modify(text, [...path], value, FORMATTING);
+  return edits.length > 0 ? applyEdits(text, edits) : text;
+};
+const nextMigrationTag = (migrations) => {
+  const used = new Set(migrations.map((migration) => migration.tag));
+  let index = 1;
+  while (used.has(`v${String(index)}`)) {
+    index += 1;
+  }
+  return `v${String(index)}`;
+};
+const reconcileDurableObjects = (text, parsed, required) => {
+  const existingBindings = parsed.durable_objects?.bindings ?? [];
+  const existingNames = new Set(existingBindings.map((binding) => binding.name));
+  const missing = required.filter((object) => !existingNames.has(object.binding));
+  let nextText = text;
+  const added = [];
+  if (missing.length > 0) {
+    const nextBindings = [
+      ...existingBindings,
+      ...missing.map((object) => {
+        return { class_name: object.className, name: object.binding };
+      })
+    ];
+    nextText = applyModify(nextText, ["durable_objects", "bindings"], nextBindings);
+    added.push(...missing.map((object) => `${object.binding}/${object.className}`));
+  }
+  const migrations = parsed.migrations ?? [];
+  const registered = new Set(migrations.flatMap((migration) => [...migration.new_sqlite_classes ?? [], ...migration.new_classes ?? []]));
+  const missingClasses = required.map((object) => object.className).filter((className) => !registered.has(className));
+  if (missingClasses.length > 0) {
+    const nextMigrations = [...migrations, { new_sqlite_classes: missingClasses, tag: nextMigrationTag(migrations) }];
+    nextText = applyModify(nextText, ["migrations"], nextMigrations);
+  }
+  return { added, text: nextText };
+};
+const reconcileD1 = (text, parsed) => {
+  const d1Bindings = parsed.d1_databases ?? [];
+  if (d1Bindings.some((binding) => binding.binding === "DB")) {
+    return { added: [], text };
+  }
+  const databaseName = typeof parsed.name === "string" && parsed.name.length > 0 ? parsed.name : "lunora";
+  const nextD1 = [...d1Bindings, { binding: "DB", database_id: D1_PLACEHOLDER_ID, database_name: databaseName }];
+  return { added: ["DB (D1)"], text: applyModify(text, ["d1_databases"], nextD1) };
+};
+const reconcileSelfDescribing = (text, parsed, key, binding, label) => {
+  const current = parsed[key]?.binding;
+  if (typeof current === "string" && current.length > 0) {
+    return { added: [], text };
+  }
+  return { added: [label], text: applyModify(text, [key], { binding }) };
+};
+const reconcileAnalytics = (text, parsed) => {
+  if ((parsed.analytics_engine_datasets?.length ?? 0) > 0) {
+    return { added: [], text };
+  }
+  const nextDatasets = [{ binding: "ANALYTICS", dataset: "ANALYTICS" }];
+  return { added: ["ANALYTICS (Analytics Engine)"], text: applyModify(text, ["analytics_engine_datasets"], nextDatasets) };
+};
+const wranglerInstanceType = (instanceType) => {
+  if (typeof instanceType === "string") {
+    return instanceType;
+  }
+  const custom = {};
+  if (instanceType.diskMb !== void 0) {
+    custom.disk_mb = instanceType.diskMb;
+  }
+  if (instanceType.memoryMib !== void 0) {
+    custom.memory_mib = instanceType.memoryMib;
+  }
+  if (instanceType.vcpu !== void 0) {
+    custom.vcpu = instanceType.vcpu;
+  }
+  return custom;
+};
+const imageRefFor = (container) => {
+  if (container.image.kind === "dockerfile") {
+    return container.image.dockerfilePath;
+  }
+  if (container.image.kind === "registry") {
+    return container.image.reference;
+  }
+  return containerBuildTag(container.exportName);
+};
+const containerEntryFor = (container) => {
+  const entry = {
+    class_name: container.className,
+    image: imageRefFor(container)
+  };
+  if (container.image.kind === "dockerfile") {
+    entry.image_build_context = container.image.buildContext;
+  }
+  if (container.buildArgs !== void 0 && container.image.kind !== "registry") {
+    entry.image_vars = container.buildArgs;
+  }
+  if (container.instanceType !== void 0) {
+    entry.instance_type = wranglerInstanceType(container.instanceType);
+  }
+  if (container.maxInstances !== void 0) {
+    entry.max_instances = container.maxInstances;
+  }
+  if (container.name !== void 0) {
+    entry.name = container.name;
+  }
+  if (container.rollout?.stepPercentage !== void 0) {
+    entry.rollout_step_percentage = container.rollout.stepPercentage;
+  }
+  if (container.rollout?.gracePeriodSeconds !== void 0) {
+    entry.rollout_active_grace_period = container.rollout.gracePeriodSeconds;
+  }
+  return entry;
+};
+const reconcileContainers = (text, parsed, containers) => {
+  const existing = parsed.containers ?? [];
+  const existingClasses = new Set(existing.map((entry) => entry.class_name));
+  const missing = containers.filter((container) => !existingClasses.has(container.className));
+  if (missing.length === 0) {
+    return { added: [], text };
+  }
+  const nextText = applyModify(text, ["containers"], [...existing, ...missing.map((container) => containerEntryFor(container))]);
+  return { added: missing.map((container) => `containers/${container.className}`), text: nextText };
+};
+const reconcileObservability = (text, parsed) => {
+  if (parsed.observability !== void 0) {
+    return { added: [], text };
+  }
+  const nextText = applyModify(text, ["observability"], { enabled: true, head_sampling_rate: 1 });
+  return { added: ["observability"], text: nextText };
+};
+const workflowEntryFor = (workflow) => {
+  return { binding: workflow.bindingName, class_name: workflow.className, name: workflow.name };
+};
+const reconcileWorkflows = (text, parsed, workflows) => {
+  const existing = parsed.workflows ?? [];
+  const existingClasses = new Set(existing.map((entry) => entry.class_name));
+  const missing = workflows.filter((workflow) => !existingClasses.has(workflow.className));
+  if (missing.length === 0) {
+    return { added: [], text };
+  }
+  const nextText = applyModify(text, ["workflows"], [...existing, ...missing.map((workflow) => workflowEntryFor(workflow))]);
+  return { added: missing.map((workflow) => `workflows/${workflow.className}`), text: nextText };
+};
+const reconcileWranglerBindings = (projectRoot, inferred) => {
+  const wranglerPath = findWranglerFile(projectRoot);
+  const exportGaps = collectExportGaps(inferred);
+  if (!wranglerPath) {
+    return { added: [], changed: false, exportGaps, reason: "wrangler.jsonc not found", warnings: collectWarnings(inferred) };
+  }
+  const { parsed, text: original } = readWranglerJsonc(wranglerPath);
+  if (parsed === void 0) {
+    return { added: [], changed: false, exportGaps, reason: `failed to parse ${wranglerPath} as JSONC`, warnings: collectWarnings(inferred), wranglerPath };
+  }
+  const warnings = collectWarnings(inferred, parsed);
+  const exportedContainers = inferred.containers.filter((container) => container.exported);
+  const requiredDurableObjects = [
+    ...inferred.durableObjects,
+    ...exportedContainers.map((container) => {
+      return { binding: container.bindingName, className: container.className };
+    })
+  ];
+  const exportedWorkflows = inferred.workflows.filter((workflow) => workflow.exported);
+  const pipeline = [
+    { enabled: true, run: (text2) => reconcileDurableObjects(text2, parsed, requiredDurableObjects) },
+    { enabled: inferred.needsD1, run: (text2) => reconcileD1(text2, parsed) },
+    { enabled: inferred.usesAi, run: (text2) => reconcileSelfDescribing(text2, parsed, "ai", "AI", "AI (Workers AI)") },
+    { enabled: inferred.usesBrowser, run: (text2) => reconcileSelfDescribing(text2, parsed, "browser", "BROWSER", "BROWSER (Browser Rendering)") },
+    { enabled: inferred.usesImages, run: (text2) => reconcileSelfDescribing(text2, parsed, "images", "IMAGES", "IMAGES (Cloudflare Images)") },
+    { enabled: inferred.usesAnalytics, run: (text2) => reconcileAnalytics(text2, parsed) },
+    { enabled: true, run: (text2) => reconcileObservability(text2, parsed) },
+    { enabled: exportedContainers.length > 0, run: (text2) => reconcileContainers(text2, parsed, exportedContainers) },
+    { enabled: exportedWorkflows.length > 0, run: (text2) => reconcileWorkflows(text2, parsed, exportedWorkflows) }
+  ];
+  let text = original;
+  const added = [];
+  for (const step of pipeline) {
+    if (!step.enabled) {
+      continue;
+    }
+    const result = step.run(text);
+    text = result.text;
+    added.push(...result.added);
+  }
+  if (added.includes("DB (D1)")) {
+    warnings.push(
+      `wrote a DB binding with a placeholder database_id ("${D1_PLACEHOLDER_ID}") — run \`wrangler d1 create <name>\` and replace it before deploying.`
+    );
+  }
+  if (text === original) {
+    return { added: [], changed: false, exportGaps, reason: "bindings already in sync", warnings, wranglerPath };
+  }
+  writeFileSync(wranglerPath, text, "utf8");
+  return { added, changed: true, exportGaps, warnings, wranglerPath };
+};
+
+export { reconcileWranglerBindings };

package/dist/packem_shared/renderStudioHtml-449Ysn75.mjs

@@ -0,0 +1,37 @@
+const forInlineScript = (value) => JSON.stringify(value).replaceAll("<", String.raw`\u003c`);
+const forAttribute = (value) => value.replaceAll("&", "&amp;").replaceAll('"', "&quot;").replaceAll("<", "&lt;");
+const renderStudioHtml = (config) => {
+  const settings = [`window.__LUNORA_BASE_PATH__=${forInlineScript(config.basePath)};`];
+  if (config.adminToken !== void 0 && config.adminToken !== "") {
+    settings.push(`window.__LUNORA_ADMIN_TOKEN__=${forInlineScript(config.adminToken)};`);
+  }
+  if (config.dataEditable === true) {
+    settings.push("window.__LUNORA_DATA_EDITABLE__=true;");
+  }
+  if (config.runAsIdentity === true) {
+    settings.push("window.__LUNORA_RUN_AS_IDENTITY__=true;");
+  }
+  if (config.schemaEditable === true) {
+    settings.push("window.__LUNORA_SCHEMA_EDITABLE__=true;");
+  }
+  if (config.rulesInstalled === false) {
+    settings.push("window.__LUNORA_RULES_INSTALLED__=false;");
+  }
+  return `<!doctype html>
+<html lang="en">
+    <head>
+        <meta charset="UTF-8" />
+        <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+        <title>Lunora Studio</title>
+        <script>${settings.join("")}<\/script>
+        <link rel="stylesheet" href="${forAttribute(config.styleHref)}" />
+    </head>
+    <body>
+        <div id="root"></div>
+        <script type="module" src="${forAttribute(config.scriptSrc)}"><\/script>
+    </body>
+</html>
+`;
+};
+
+export { renderStudioHtml as default };

package/dist/packem_shared/serveJsonHandler-B4OLTGLS.mjs

@@ -0,0 +1,86 @@
+const MAX_BODY_BYTES = 1e6;
+const readBody = async (request) => await new Promise((resolve, reject) => {
+  const chunks = [];
+  let size = 0;
+  request.on("data", (chunk) => {
+    size += chunk.length;
+    if (size > MAX_BODY_BYTES) {
+      reject(new Error("request body too large"));
+      return;
+    }
+    chunks.push(chunk);
+  });
+  request.on("end", () => {
+    resolve(Buffer.concat(chunks).toString("utf8"));
+  });
+  request.on("error", reject);
+});
+const respondJson = (response, status, body) => {
+  response.statusCode = status;
+  response.setHeader("Content-Type", "application/json; charset=utf-8");
+  response.end(JSON.stringify(body));
+};
+const headerValue = (raw) => {
+  const value = Array.isArray(raw) ? raw[0] : raw;
+  return typeof value === "string" ? value.trim().toLowerCase() : void 0;
+};
+const SAME_SITE_FETCH_VALUES = /* @__PURE__ */ new Set(["none", "same-origin", "same-site"]);
+const originRejectionReason = (request) => {
+  const secFetchSite = headerValue(request.headers["sec-fetch-site"]);
+  if (secFetchSite !== void 0) {
+    return SAME_SITE_FETCH_VALUES.has(secFetchSite) ? void 0 : "cross-origin request rejected";
+  }
+  const origin = headerValue(request.headers.origin);
+  if (origin === void 0 || origin === "null") {
+    return void 0;
+  }
+  let originHost;
+  try {
+    originHost = new URL(origin).host.toLowerCase();
+  } catch {
+    return "invalid origin header";
+  }
+  return originHost === headerValue(request.headers.host) ? void 0 : "cross-origin request rejected";
+};
+const csrfRejectionReason = (request) => {
+  const method = (request.method ?? "GET").toUpperCase();
+  const isStateChanging = method !== "GET" && method !== "HEAD";
+  const originReason = originRejectionReason(request);
+  if (originReason !== void 0) {
+    return originReason;
+  }
+  if (isStateChanging) {
+    const contentType = headerValue(request.headers["content-type"]);
+    if (!contentType?.startsWith("application/json")) {
+      return "content-type must be application/json";
+    }
+  }
+  return void 0;
+};
+const serveJsonHandler = (request, response, handle, projectRoot) => {
+  const run = async () => {
+    try {
+      const rejection = csrfRejectionReason(request);
+      if (rejection !== void 0) {
+        respondJson(response, 403, { error: rejection, ok: false });
+        return;
+      }
+      const raw = request.method === "GET" ? "" : await readBody(request);
+      let parsed;
+      try {
+        parsed = raw === "" ? void 0 : JSON.parse(raw);
+      } catch {
+        respondJson(response, 400, { error: "invalid-json", ok: false });
+        return;
+      }
+      const result = handle({ body: parsed, method: request.method ?? "POST", projectRoot });
+      respondJson(response, result.status, result.body);
+    } catch (error) {
+      respondJson(response, 500, { error: error instanceof Error ? error.message : String(error), ok: false });
+    }
+  };
+  run().catch(() => {
+  });
+};
+
+export { serveJsonHandler };

package/dist/studio-host/index.d.mts

@@ -0,0 +1,227 @@
+import { D as DestructivePolicyEdit, S as ScaffoldPolicyEdit, W as WireRlsEdit } from "../packem_shared/policy-scaffold.d-DCmwn7zQ.mjs";
+import { IncomingMessage, ServerResponse } from 'node:http';
+/** Parse a single `KEY=value` (optionally quoted) out of a `.dev.vars` body. */
+declare const parseDevVariable: (contents: string, key: string) => string | undefined;
+/**
+* Resolve the worker's admin token so the studio can auto-authenticate in
+* dev. Prefers the `LUNORA_ADMIN_TOKEN` env var, then the project's `.dev.vars`
+* — the same file `@cloudflare/vite-plugin` / `wrangler dev` feed the worker, so
+* the token the studio sends matches the one the worker's admin gate
+* verifies. Returns `undefined` when neither is set (the studio then prompts).
+*/
+declare const resolveAdminToken: (root: string) => string | undefined;
+/** Config injected into the studio document before the bundle loads. */
+interface StudioHtmlConfig {
+  /** Admin token sent with admin requests; omitted (and not injected) when unset. */
+  readonly adminToken?: string;
+  /** Router basepath the studio mounts under (e.g. `/__lunora`, or `/` for a root server). */
+  readonly basePath: string;
+  /**
+  * Make the data browser editable (insert/edit/delete rows). Injected as
+  * `window.__LUNORA_DATA_EDITABLE__` for the bundle to read. The loopback-only
+  * dev hosts (the Vite `/__lunora` route, the CLI studio server) set this so a
+  * developer can edit; a static deploy leaves it off (read-only) by default.
+  */
+  readonly dataEditable?: boolean;
+  /**
+  * Whether the project's Lunora agent skills ("rules") are installed. Injected
+  * as `window.__LUNORA_RULES_INSTALLED__` **only when `false`**, so the studio
+  * shows a "rules not installed" banner on the loopback dev hosts (which detect
+  * it) and stays quiet on a static deploy (which leaves it unset).
+  */
+  readonly rulesInstalled?: boolean;
+  /**
+  * Enable the function runner's "Run as identity" tool (execute a function as a
+  * chosen user to test auth/RLS). Injected as `window.__LUNORA_RUN_AS_IDENTITY__`.
+  * Like {@link StudioHtmlConfig.dataEditable}, only the loopback-only dev hosts set
+  * this — forging an identity is a developer-only affordance; a static deploy
+  * leaves it off so the control never renders.
+  */
+  readonly runAsIdentity?: boolean;
+  /**
+  * Enable the visual schema editor (add table / column / index, written back to
+  * `lunora/schema.ts` + codegen). Injected as `window.__LUNORA_SCHEMA_EDITABLE__`.
+  * Like {@link StudioHtmlConfig.dataEditable}, only the loopback-only dev hosts
+  * set this — editing source + running codegen needs the project's filesystem and
+  * toolchain, so a static deploy leaves it off and the diagram stays read-only.
+  */
+  readonly schemaEditable?: boolean;
+  /** URL the studio bundle is served from (absolute, host-relative). */
+  readonly scriptSrc: string;
+  /** URL the compiled stylesheet is served from (absolute, host-relative). */
+  readonly styleHref: string;
+}
+/** Minimal logger surface both Vite's `Logger` and the CLI's logger satisfy. */
+interface WarnLogger {
+  warnOnce?: (message: string) => void;
+}
+/** Prebuilt studio asset bytes, resolved from `@lunora/studio`'s dist. */
+interface StudioAssets {
+  readonly script: Buffer;
+  readonly styles: Buffer;
+}
+/**
+* Read the prebuilt static studio files shipped by `@lunora/studio`
+* (`dist/standalone/studio.js` + `dist/styles.css`). Returns `undefined` —
+* with a one-time warning — when the optional package isn't installed or hasn't
+* been built, so a missing studio never breaks the dev server.
+*
+* `resolveFrom` controls where `@lunora/studio` is resolved from. It defaults
+* to this module's own location, which is correct once this code is inlined into
+* a host package (`@lunora/vite` / `@lunora/cli`) that has `@lunora/studio`
+* installed — node walks up from the host's `dist` to find it.
+*/
+declare const loadStudioAssets: (logger?: WarnLogger, resolveFrom?: string) => StudioAssets | undefined;
+/**
+* A freshness stamp for the studio assets: the latest mtime (ms) of the resolved
+* `studio.js` / `styles.css`, or `undefined` when they can't be resolved. Hosts
+* cache {@link loadStudioAssets} for the dev session but compare this stamp per
+* request, so a `@lunora/studio` rebuild mid-session is picked up live — no dev
+* server restart needed.
+*/
+declare const studioAssetsStamp: (resolveFrom?: string) => number | undefined;
+/**
+* Endpoint path both dev hosts mount the handler at. A sibling of the schema
+* editor's `/__lunora/schema-edit`; the double underscore keeps it clear of the
+* CLI's `/_lunora/*` worker proxy (single underscore).
+*/
+declare const POLICY_SCAFFOLD_ENDPOINT = "/__lunora/policy-scaffold";
+/** A `wireRls` request additionally carries the procedure's source-file path. */
+interface WirePolicyEdit extends WireRlsEdit {
+  /** Lunora-relative module path of the procedure file (no extension), e.g. `messages/list`. */
+  readonly filePath: string;
+}
+/** Body the host transport adapts from a `POST` — one scaffolder request. */
+type PolicyScaffoldBody = DestructivePolicyEdit | ScaffoldPolicyEdit | WirePolicyEdit;
+/** A request adapted from the host transport. */
+interface PolicyScaffoldRequest {
+  /** Parsed JSON body of the `POST`. */
+  readonly body?: unknown;
+  /** HTTP method — only `POST` is handled. */
+  readonly method: string;
+  /** Project root containing the `lunora/` directory. */
+  readonly projectRoot: string;
+  /** Override the lunora subdirectory name. Defaults to `"lunora"`. */
+  readonly schemaDirectory?: string;
+}
+/** A response the host transport serialises back as JSON with `status`. */
+interface PolicyScaffoldResponse {
+  readonly body: unknown;
+  readonly status: number;
+}
+/**
+* Handle a policy-scaffold request. Pure over its inputs apart from the file
+* I/O + codegen it performs on an applied edit; safe to unit-test against a
+* temp project directory.
+*/
+declare const handlePolicyScaffoldRequest: (request: PolicyScaffoldRequest) => PolicyScaffoldResponse;
+/**
+* Render the single-page document that boots the studio. Emitted verbatim —
+* never through a bundler/transform — so the studio stays a static tool,
+* decoupled from the host project's build. A small inline script publishes the
+* per-server config on `globalThis` before the bundle loads: the mount basepath
+* (so the router stays under its mount), the admin token when present (so the
+* studio auto-authenticates instead of prompting), and an editable flag when the
+* host is a loopback dev server (so the data browser allows edits).
+*/
+declare const renderStudioHtml: (config: StudioHtmlConfig) => string;
+/**
+* Endpoint path both dev hosts mount the handler at. Distinct from the CLI's
+* `/_lunora/*` worker proxy (single underscore), so a schema edit is never
+* forwarded to the worker.
+*/
+declare const SCHEMA_EDIT_ENDPOINT = "/__lunora/schema-edit";
+/** A request adapted from the host transport. */
+interface SchemaEditRequest {
+  /** Parsed JSON body for a `POST`; ignored for `GET`. */
+  readonly body?: unknown;
+  /** HTTP method (`GET` / `POST`). */
+  readonly method: string;
+  /** Project root containing the `lunora/` directory. */
+  readonly projectRoot: string;
+  /** Override the lunora subdirectory name. Defaults to `"lunora"`. */
+  readonly schemaDirectory?: string;
+}
+/** A response the host transport serialises back as JSON with `status`. */
+interface SchemaEditResponse {
+  readonly body: unknown;
+  readonly status: number;
+}
+/**
+* Handle a schema-edit request. Pure over its inputs apart from the file I/O +
+* codegen it performs on a `POST` additive edit; safe to unit-test against a
+* temp project directory.
+*/
+declare const handleSchemaEditRequest: (request: SchemaEditRequest) => SchemaEditResponse;
+/**
+* Endpoint path both dev hosts mount the handler at. A sibling of the schema
+* editor's `/__lunora/schema-edit`; the double underscore keeps it clear of the
+* CLI's `/_lunora/*` worker proxy (single underscore).
+*/
+declare const SEED_ENDPOINT = "/__lunora/seed";
+/** Body the host transport adapts from a `POST` — one generate-rows request. */
+interface SeedRequestBody {
+  /** How many rows to generate (clamped to `[1, MAX_SEED_ROWS]`). */
+  readonly count?: number;
+  /**
+  * Ids of rows that already exist in the live DB, keyed by referenced table.
+  * Foreign keys resolve against these, and every referenced parent table
+  * present here is treated as covered — so the generator links to existing
+  * rows instead of fabricating new parent rows. The studio samples these from
+  * the target table's FK columns before calling.
+  */
+  readonly existingIds?: Readonly<Record<string, ReadonlyArray<string>>>;
+  /** Deterministic mapping selector — same value yields identical rows. */
+  readonly seed?: number;
+  /** The table to generate rows for. */
+  readonly table?: string;
+}
+/** A request adapted from the host transport. */
+interface SeedRequest {
+  /** Parsed JSON body of the `POST`. */
+  readonly body?: unknown;
+  /** HTTP method — only `POST` is handled. */
+  readonly method: string;
+  /** Project root containing the `lunora/` directory. */
+  readonly projectRoot: string;
+  /** Override the lunora subdirectory name. Defaults to `"lunora"`. */
+  readonly schemaDirectory?: string;
+}
+/** A response the host transport serialises back as JSON with `status`. */
+interface SeedResponse {
+  readonly body: unknown;
+  readonly status: number;
+}
+/**
+* Handle a generate-rows request: statically lift the schema, generate `count`
+* rows for `table` (linking foreign keys to the supplied existing ids rather
+* than fabricating parents), and return them JSON-safe for the client to insert.
+*/
+declare const handleSeedRequest: (request: SeedRequest) => SeedResponse;
+/** A request adapted from a host transport, passed to a local-dev handler. */
+interface LocalEndpointRequest {
+  /** Parsed JSON body of the request (`undefined` for `GET` / an empty body). */
+  readonly body?: unknown;
+  /** HTTP method. */
+  readonly method: string;
+  /** Project root containing the `lunora/` directory. */
+  readonly projectRoot: string;
+  /** Override the lunora subdirectory name. Defaults to `"lunora"`. */
+  readonly schemaDirectory?: string;
+}
+/** A response a local-dev handler returns, serialised back as JSON with its status. */
+interface LocalEndpointResponse {
+  readonly body: unknown;
+  readonly status: number;
+}
+/** A transport-agnostic local-dev handler (schema edit, policy scaffold). */
+type LocalEndpointHandler = (request: LocalEndpointRequest) => LocalEndpointResponse;
+/**
+* Adapt a `node:http` request/response pair to a transport-agnostic local-dev
+* handler. `GET` carries no body (the schema editor uses it to read the parsed
+* schema); every other method has its body read + JSON-parsed first. The
+* handler's `{ status, body }` is serialised back as JSON. A malformed body is a
+* `400`; an unexpected throw (e.g. the body-size guard) is a `500`.
+*/
+declare const serveJsonHandler: (request: IncomingMessage, response: ServerResponse, handle: LocalEndpointHandler, projectRoot: string) => void;
+export { type LocalEndpointHandler, type LocalEndpointRequest, type LocalEndpointResponse, POLICY_SCAFFOLD_ENDPOINT, type PolicyScaffoldBody, type PolicyScaffoldRequest, type PolicyScaffoldResponse, SCHEMA_EDIT_ENDPOINT, SEED_ENDPOINT, type SchemaEditRequest, type SchemaEditResponse, type SeedRequest, type SeedRequestBody, type SeedResponse, type StudioAssets, type StudioHtmlConfig, type WarnLogger, type WirePolicyEdit, handlePolicyScaffoldRequest, handleSchemaEditRequest, handleSeedRequest, loadStudioAssets, parseDevVariable, renderStudioHtml, resolveAdminToken, serveJsonHandler, studioAssetsStamp };