@nubase/backend 0.1.34 → 0.1.37

package/dist/index.d.mts

@@ -1,7 +1,8 @@
 import * as hono from 'hono';
 import { Context, Hono } from 'hono';
-import { RequestSchema, InferRequestParams, InferRequestBody, InferResponseBody } from '@nubase/core';
+import { RequestSchema, InferRequestParams, InferRequestBody, InferResponseBody, BaseSchema, ObjectSchema } from '@nubase/core';
 import { ContentfulStatusCode } from 'hono/utils/http-status';
+import { StringReference, ExpressionBuilder, ExpressionWrapper, SqlBool } from 'kysely';
 
 /**
  * Represents an authenticated user on the backend.
@@ -318,6 +319,47 @@ declare function getUser<TUser extends BackendUser = BackendUser>(c: Context): T
  */
 declare function getAuthController<TUser extends BackendUser = BackendUser>(c: Context): BackendAuthController<TUser>;
 
+/**
+ * Configuration for the auth section of {@link NubaseBackendConfig}.
+ * Consumed by `BackendAuthController` implementations to derive JWT and
+ * cookie behaviour.
+ */
+interface NubaseBackendAuthConfig {
+    /** Secret used to sign and verify session JWTs. */
+    jwtSecret: string;
+    /**
+     * Lifetime of the session, in seconds. Applied to both the JWT `exp`
+     * claim and the session cookie's `Max-Age`.
+     */
+    sessionMaxAgeSeconds: number;
+    /** Name of the HttpOnly cookie that carries the session JWT. */
+    cookieName: string;
+}
+/**
+ * Backend application configuration for a Nubase app.
+ *
+ * An app declares this in `src/backend/backend-config.ts` and the wiring
+ * code (controller singletons, middleware factories) reads it. The type
+ * lives in the framework so all Nubase apps share one shape; apps may
+ * extend it with their own sections by intersecting with this type.
+ *
+ * @example
+ * ```ts
+ * import type { NubaseBackendConfig } from "@nubase/backend";
+ *
+ * export const config: NubaseBackendConfig = {
+ *   auth: {
+ *     jwtSecret: process.env.JWT_SECRET ?? "dev-secret",
+ *     sessionMaxAgeSeconds: 60 * 60 * 24 * 30,
+ *     cookieName: "nubase_auth",
+ *   },
+ * };
+ * ```
+ */
+interface NubaseBackendConfig {
+    auth: NubaseBackendAuthConfig;
+}
+
 /**
  * Custom HTTP error class that allows handlers to throw errors with specific status codes.
  * Use this to return proper HTTP error responses instead of generic 500 errors.
@@ -329,7 +371,19 @@ declare function getAuthController<TUser extends BackendUser = BackendUser>(c: C
  */
 declare class HttpError extends Error {
     statusCode: ContentfulStatusCode;
-    constructor(statusCode: ContentfulStatusCode, message: string);
+    /**
+     * Optional structured payload merged into the JSON response body under
+     * the `error` key. Use when the caller needs machine-readable details
+     * (error code, field, line/column, etc.) beyond the human message.
+     */
+    payload?: Record<string, unknown> | undefined;
+    constructor(statusCode: ContentfulStatusCode, message: string, 
+    /**
+     * Optional structured payload merged into the JSON response body under
+     * the `error` key. Use when the caller needs machine-readable details
+     * (error code, field, line/column, etc.) beyond the human message.
+     */
+    payload?: Record<string, unknown> | undefined);
 }
 /**
  * URL Parameter Coercion System (Backend)
@@ -565,6 +619,194 @@ type EndpointSelector<TEndpoints extends Record<string, RequestSchema>, T extend
  */
 declare function createHandlerFactory<TEndpoints extends Record<string, RequestSchema>, TUser extends BackendUser = BackendUser>(config: HandlerFactoryConfig<TEndpoints>): <TSelector extends (endpoints: TEndpoints) => RequestSchema, TAuth extends AuthLevel = "none">(selector: TSelector, options: FactoryHandlerOptions<ReturnType<TSelector>, TAuth, TUser>) => HttpHandler;
 
+type ShapeOf = Record<string, BaseSchema<any>>;
+/**
+ * Runtime shape of an NQL field-to-column map. Keys are schema field names;
+ * values are Kysely column references (e.g. `"tickets.title"`).
+ *
+ * This type is intentionally loose at runtime. The strong typing is applied
+ * at binding-creation time via {@link createNqlBindings}, which constrains
+ * keys to the schema's shape and values to the Kysely `StringReference`
+ * union. Once built, the bindings object is carried through the NQL
+ * pipeline as a plain `Record<string, string>`.
+ */
+type FieldBindings = Record<string, string>;
+/**
+ * Curry a bindings factory for a specific Kysely DB type.
+ *
+ * The outer call pins `DB` (the generated Kysely database interface). The
+ * inner call takes the NQL schema and a map whose keys are checked against
+ * the schema's shape and whose values are checked against the Kysely
+ * `StringReference<DB, TB>` union — so a typo in either half is a compile
+ * error, and referencing a table you haven't joined in the current query
+ * is caught when the resulting bindings are passed to `compileNql`.
+ *
+ * @example
+ * ```ts
+ * import type { DB } from "./db-types";
+ * const ticketBindings = createNqlBindings<DB>()(ticketListSchema, {
+ *   id: "tickets.id",
+ *   title: "tickets.title",
+ *   assigneeName: "users.displayName", // cross-table, only valid if joined
+ * });
+ * ```
+ */
+declare function createNqlBindings<DB>(): <TShape extends ShapeOf, TB extends keyof DB>(schema: ObjectSchema<TShape>, mapping: Partial<Record<keyof TShape & string, StringReference<DB, TB>>>) => FieldBindings;
+
+/**
+ * Source position tracking. `line` and `column` are 1-based to match
+ * how most editors report positions. `offset` is a 0-based character
+ * offset into the original source string.
+ */
+interface SourceSpan {
+    line: number;
+    column: number;
+    offset: number;
+    length: number;
+}
+type NqlErrorCode = "TOKENIZE" | "PARSE" | "VALIDATE";
+interface NqlError {
+    code: NqlErrorCode;
+    message: string;
+    line: number;
+    column: number;
+    length?: number;
+}
+type Result<T, E> = {
+    ok: true;
+    value: T;
+} | {
+    ok: false;
+    error: E;
+};
+type ComparisonOp = "=" | "!=" | "<" | "<=" | ">" | ">=" | "CONTAINS" | "STARTS_WITH" | "ENDS_WITH";
+interface IdentifierRef {
+    raw: string;
+    span: SourceSpan;
+}
+interface StringLit {
+    kind: "string";
+    value: string;
+    span: SourceSpan;
+}
+interface NumberLit {
+    kind: "number";
+    value: number;
+    span: SourceSpan;
+}
+interface BoolLit {
+    kind: "boolean";
+    value: boolean;
+    span: SourceSpan;
+}
+interface NullLit {
+    kind: "null";
+    span: SourceSpan;
+}
+type Literal = StringLit | NumberLit | BoolLit | NullLit;
+interface ComparisonNode {
+    type: "comparison";
+    field: IdentifierRef;
+    op: ComparisonOp;
+    value: Literal;
+    span: SourceSpan;
+}
+interface NullCheckNode {
+    type: "nullCheck";
+    field: IdentifierRef;
+    negated: boolean;
+    span: SourceSpan;
+}
+interface InNode {
+    type: "in";
+    field: IdentifierRef;
+    negated: boolean;
+    values: Literal[];
+    span: SourceSpan;
+}
+interface LogicalNode {
+    type: "logical";
+    op: "AND" | "OR" | "NOT";
+    children: ParsedNode[];
+    span: SourceSpan;
+}
+type ParsedNode = ComparisonNode | NullCheckNode | InNode | LogicalNode;
+type ValidFieldType = "string" | "number" | "boolean";
+interface ValidFieldRef {
+    /** Canonical name from the schema (not the raw source text). */
+    name: string;
+    baseType: ValidFieldType;
+    /** True if the schema wraps this field in OptionalSchema. */
+    optional: boolean;
+    span: SourceSpan;
+}
+interface ValidComparisonNode {
+    type: "comparison";
+    field: ValidFieldRef;
+    op: ComparisonOp;
+    value: Literal;
+    span: SourceSpan;
+}
+interface ValidNullCheckNode {
+    type: "nullCheck";
+    field: ValidFieldRef;
+    negated: boolean;
+    span: SourceSpan;
+}
+interface ValidInNode {
+    type: "in";
+    field: ValidFieldRef;
+    negated: boolean;
+    values: Literal[];
+    span: SourceSpan;
+}
+interface ValidLogicalNode {
+    type: "logical";
+    op: "AND" | "OR" | "NOT";
+    children: ValidNode[];
+    span: SourceSpan;
+}
+type ValidNode = ValidComparisonNode | ValidNullCheckNode | ValidInNode | ValidLogicalNode;
+
+/**
+ * A compiled NQL expression, ready to be passed to Kysely's `.where(...)`.
+ * Calling it with an `ExpressionBuilder` yields a boolean `ExpressionWrapper`
+ * usable directly as a WHERE clause.
+ */
+type CompiledNql = (eb: ExpressionBuilder<any, any>) => ExpressionWrapper<any, any, SqlBool>;
+interface CompileNqlOptions {
+    /**
+     * Bindings map declaring which schema fields are queryable via NQL, and
+     * the Kysely column reference each one resolves to. Only fields whose
+     * keys appear here are queryable; anything else in the schema is
+     * rejected as an unknown field at validate time.
+     *
+     * Build this with {@link createNqlBindings} to get end-to-end type
+     * safety (schema keys on the key side, Kysely DB columns on the value
+     * side).
+     */
+    fields: FieldBindings;
+}
+/**
+ * End-to-end pipeline: tokenize → parse → validate → compile.
+ *
+ * Returns a discriminated-union Result. On success the `value` is a function
+ * that can be handed directly to `query.where(...)`. On failure the `error`
+ * carries a `code` identifying the stage (`TOKENIZE`, `PARSE`, `VALIDATE`)
+ * and a 1-based `line`/`column` for surfacing back to the user.
+ */
+declare function compileNql(source: string, schema: ObjectSchema<any>, options: CompileNqlOptions): Result<CompiledNql, NqlError>;
+
+interface CompileOptions {
+    /**
+     * Map of schema field name to Kysely column reference (e.g. `"tickets.title"`
+     * or `"users.displayName"`). Values here are trusted to be valid Kysely
+     * refs — type safety is enforced at binding-creation time, usually via
+     * {@link createNqlBindings}.
+     */
+    fields: FieldBindings;
+}
+
 /**
  * Parse a cookie header string into a key-value object.
  *
@@ -608,4 +850,4 @@ interface ValidateEnvironmentOptions {
  */
 declare function validateEnvironment(options?: ValidateEnvironmentOptions): Promise<void>;
 
-export { AUTH_CONTROLLER_KEY, AUTH_USER_KEY, type AuthHandlers, type AuthLevel, type AuthMiddlewareOptions, type AuthVariables, type BackendAuthController, type BackendUser, type CreateAuthHandlersOptions, type CreateHttpHandlerOptions, type EndpointSelector, type FactoryHandlerOptions, type HandlerFactoryConfig, HttpError, type HttpHandler, type HttpHandlers, type TokenPayload, type TypedHandler, type TypedHandlerContext, type TypedRouteDefinition, type TypedRoutes, type ValidateEnvironmentOptions, type VerifyTokenResult, createAuthHandlers, createAuthMiddleware, createHandlerFactory, createHttpHandler, createTypedHandler, createTypedRoutes, getAuthController, getCookie, getUser, parseCookies, registerHandlers, requireAuth, validateEnvironment };
+export { AUTH_CONTROLLER_KEY, AUTH_USER_KEY, type AuthHandlers, type AuthLevel, type AuthMiddlewareOptions, type AuthVariables, type BackendAuthController, type BackendUser, type CompileNqlOptions, type CompileOptions, type CompiledNql, type CreateAuthHandlersOptions, type CreateHttpHandlerOptions, type EndpointSelector, type FactoryHandlerOptions, type FieldBindings, type HandlerFactoryConfig, HttpError, type HttpHandler, type HttpHandlers, type NqlError, type NqlErrorCode, type NubaseBackendAuthConfig, type NubaseBackendConfig, type ParsedNode, type Result, type SourceSpan, type TokenPayload, type TypedHandler, type TypedHandlerContext, type TypedRouteDefinition, type TypedRoutes, type ValidFieldRef, type ValidFieldType, type ValidNode, type ValidateEnvironmentOptions, type VerifyTokenResult, compileNql, createAuthHandlers, createAuthMiddleware, createHandlerFactory, createHttpHandler, createNqlBindings, createTypedHandler, createTypedRoutes, getAuthController, getCookie, getUser, parseCookies, registerHandlers, requireAuth, validateEnvironment };

package/dist/index.d.ts

@@ -1,7 +1,8 @@
 import * as hono from 'hono';
 import { Context, Hono } from 'hono';
-import { RequestSchema, InferRequestParams, InferRequestBody, InferResponseBody } from '@nubase/core';
+import { RequestSchema, InferRequestParams, InferRequestBody, InferResponseBody, BaseSchema, ObjectSchema } from '@nubase/core';
 import { ContentfulStatusCode } from 'hono/utils/http-status';
+import { StringReference, ExpressionBuilder, ExpressionWrapper, SqlBool } from 'kysely';
 
 /**
  * Represents an authenticated user on the backend.
@@ -318,6 +319,47 @@ declare function getUser<TUser extends BackendUser = BackendUser>(c: Context): T
  */
 declare function getAuthController<TUser extends BackendUser = BackendUser>(c: Context): BackendAuthController<TUser>;
 
+/**
+ * Configuration for the auth section of {@link NubaseBackendConfig}.
+ * Consumed by `BackendAuthController` implementations to derive JWT and
+ * cookie behaviour.
+ */
+interface NubaseBackendAuthConfig {
+    /** Secret used to sign and verify session JWTs. */
+    jwtSecret: string;
+    /**
+     * Lifetime of the session, in seconds. Applied to both the JWT `exp`
+     * claim and the session cookie's `Max-Age`.
+     */
+    sessionMaxAgeSeconds: number;
+    /** Name of the HttpOnly cookie that carries the session JWT. */
+    cookieName: string;
+}
+/**
+ * Backend application configuration for a Nubase app.
+ *
+ * An app declares this in `src/backend/backend-config.ts` and the wiring
+ * code (controller singletons, middleware factories) reads it. The type
+ * lives in the framework so all Nubase apps share one shape; apps may
+ * extend it with their own sections by intersecting with this type.
+ *
+ * @example
+ * ```ts
+ * import type { NubaseBackendConfig } from "@nubase/backend";
+ *
+ * export const config: NubaseBackendConfig = {
+ *   auth: {
+ *     jwtSecret: process.env.JWT_SECRET ?? "dev-secret",
+ *     sessionMaxAgeSeconds: 60 * 60 * 24 * 30,
+ *     cookieName: "nubase_auth",
+ *   },
+ * };
+ * ```
+ */
+interface NubaseBackendConfig {
+    auth: NubaseBackendAuthConfig;
+}
+
 /**
  * Custom HTTP error class that allows handlers to throw errors with specific status codes.
  * Use this to return proper HTTP error responses instead of generic 500 errors.
@@ -329,7 +371,19 @@ declare function getAuthController<TUser extends BackendUser = BackendUser>(c: C
  */
 declare class HttpError extends Error {
     statusCode: ContentfulStatusCode;
-    constructor(statusCode: ContentfulStatusCode, message: string);
+    /**
+     * Optional structured payload merged into the JSON response body under
+     * the `error` key. Use when the caller needs machine-readable details
+     * (error code, field, line/column, etc.) beyond the human message.
+     */
+    payload?: Record<string, unknown> | undefined;
+    constructor(statusCode: ContentfulStatusCode, message: string, 
+    /**
+     * Optional structured payload merged into the JSON response body under
+     * the `error` key. Use when the caller needs machine-readable details
+     * (error code, field, line/column, etc.) beyond the human message.
+     */
+    payload?: Record<string, unknown> | undefined);
 }
 /**
  * URL Parameter Coercion System (Backend)
@@ -565,6 +619,194 @@ type EndpointSelector<TEndpoints extends Record<string, RequestSchema>, T extend
  */
 declare function createHandlerFactory<TEndpoints extends Record<string, RequestSchema>, TUser extends BackendUser = BackendUser>(config: HandlerFactoryConfig<TEndpoints>): <TSelector extends (endpoints: TEndpoints) => RequestSchema, TAuth extends AuthLevel = "none">(selector: TSelector, options: FactoryHandlerOptions<ReturnType<TSelector>, TAuth, TUser>) => HttpHandler;
 
+type ShapeOf = Record<string, BaseSchema<any>>;
+/**
+ * Runtime shape of an NQL field-to-column map. Keys are schema field names;
+ * values are Kysely column references (e.g. `"tickets.title"`).
+ *
+ * This type is intentionally loose at runtime. The strong typing is applied
+ * at binding-creation time via {@link createNqlBindings}, which constrains
+ * keys to the schema's shape and values to the Kysely `StringReference`
+ * union. Once built, the bindings object is carried through the NQL
+ * pipeline as a plain `Record<string, string>`.
+ */
+type FieldBindings = Record<string, string>;
+/**
+ * Curry a bindings factory for a specific Kysely DB type.
+ *
+ * The outer call pins `DB` (the generated Kysely database interface). The
+ * inner call takes the NQL schema and a map whose keys are checked against
+ * the schema's shape and whose values are checked against the Kysely
+ * `StringReference<DB, TB>` union — so a typo in either half is a compile
+ * error, and referencing a table you haven't joined in the current query
+ * is caught when the resulting bindings are passed to `compileNql`.
+ *
+ * @example
+ * ```ts
+ * import type { DB } from "./db-types";
+ * const ticketBindings = createNqlBindings<DB>()(ticketListSchema, {
+ *   id: "tickets.id",
+ *   title: "tickets.title",
+ *   assigneeName: "users.displayName", // cross-table, only valid if joined
+ * });
+ * ```
+ */
+declare function createNqlBindings<DB>(): <TShape extends ShapeOf, TB extends keyof DB>(schema: ObjectSchema<TShape>, mapping: Partial<Record<keyof TShape & string, StringReference<DB, TB>>>) => FieldBindings;
+
+/**
+ * Source position tracking. `line` and `column` are 1-based to match
+ * how most editors report positions. `offset` is a 0-based character
+ * offset into the original source string.
+ */
+interface SourceSpan {
+    line: number;
+    column: number;
+    offset: number;
+    length: number;
+}
+type NqlErrorCode = "TOKENIZE" | "PARSE" | "VALIDATE";
+interface NqlError {
+    code: NqlErrorCode;
+    message: string;
+    line: number;
+    column: number;
+    length?: number;
+}
+type Result<T, E> = {
+    ok: true;
+    value: T;
+} | {
+    ok: false;
+    error: E;
+};
+type ComparisonOp = "=" | "!=" | "<" | "<=" | ">" | ">=" | "CONTAINS" | "STARTS_WITH" | "ENDS_WITH";
+interface IdentifierRef {
+    raw: string;
+    span: SourceSpan;
+}
+interface StringLit {
+    kind: "string";
+    value: string;
+    span: SourceSpan;
+}
+interface NumberLit {
+    kind: "number";
+    value: number;
+    span: SourceSpan;
+}
+interface BoolLit {
+    kind: "boolean";
+    value: boolean;
+    span: SourceSpan;
+}
+interface NullLit {
+    kind: "null";
+    span: SourceSpan;
+}
+type Literal = StringLit | NumberLit | BoolLit | NullLit;
+interface ComparisonNode {
+    type: "comparison";
+    field: IdentifierRef;
+    op: ComparisonOp;
+    value: Literal;
+    span: SourceSpan;
+}
+interface NullCheckNode {
+    type: "nullCheck";
+    field: IdentifierRef;
+    negated: boolean;
+    span: SourceSpan;
+}
+interface InNode {
+    type: "in";
+    field: IdentifierRef;
+    negated: boolean;
+    values: Literal[];
+    span: SourceSpan;
+}
+interface LogicalNode {
+    type: "logical";
+    op: "AND" | "OR" | "NOT";
+    children: ParsedNode[];
+    span: SourceSpan;
+}
+type ParsedNode = ComparisonNode | NullCheckNode | InNode | LogicalNode;
+type ValidFieldType = "string" | "number" | "boolean";
+interface ValidFieldRef {
+    /** Canonical name from the schema (not the raw source text). */
+    name: string;
+    baseType: ValidFieldType;
+    /** True if the schema wraps this field in OptionalSchema. */
+    optional: boolean;
+    span: SourceSpan;
+}
+interface ValidComparisonNode {
+    type: "comparison";
+    field: ValidFieldRef;
+    op: ComparisonOp;
+    value: Literal;
+    span: SourceSpan;
+}
+interface ValidNullCheckNode {
+    type: "nullCheck";
+    field: ValidFieldRef;
+    negated: boolean;
+    span: SourceSpan;
+}
+interface ValidInNode {
+    type: "in";
+    field: ValidFieldRef;
+    negated: boolean;
+    values: Literal[];
+    span: SourceSpan;
+}
+interface ValidLogicalNode {
+    type: "logical";
+    op: "AND" | "OR" | "NOT";
+    children: ValidNode[];
+    span: SourceSpan;
+}
+type ValidNode = ValidComparisonNode | ValidNullCheckNode | ValidInNode | ValidLogicalNode;
+
+/**
+ * A compiled NQL expression, ready to be passed to Kysely's `.where(...)`.
+ * Calling it with an `ExpressionBuilder` yields a boolean `ExpressionWrapper`
+ * usable directly as a WHERE clause.
+ */
+type CompiledNql = (eb: ExpressionBuilder<any, any>) => ExpressionWrapper<any, any, SqlBool>;
+interface CompileNqlOptions {
+    /**
+     * Bindings map declaring which schema fields are queryable via NQL, and
+     * the Kysely column reference each one resolves to. Only fields whose
+     * keys appear here are queryable; anything else in the schema is
+     * rejected as an unknown field at validate time.
+     *
+     * Build this with {@link createNqlBindings} to get end-to-end type
+     * safety (schema keys on the key side, Kysely DB columns on the value
+     * side).
+     */
+    fields: FieldBindings;
+}
+/**
+ * End-to-end pipeline: tokenize → parse → validate → compile.
+ *
+ * Returns a discriminated-union Result. On success the `value` is a function
+ * that can be handed directly to `query.where(...)`. On failure the `error`
+ * carries a `code` identifying the stage (`TOKENIZE`, `PARSE`, `VALIDATE`)
+ * and a 1-based `line`/`column` for surfacing back to the user.
+ */
+declare function compileNql(source: string, schema: ObjectSchema<any>, options: CompileNqlOptions): Result<CompiledNql, NqlError>;
+
+interface CompileOptions {
+    /**
+     * Map of schema field name to Kysely column reference (e.g. `"tickets.title"`
+     * or `"users.displayName"`). Values here are trusted to be valid Kysely
+     * refs — type safety is enforced at binding-creation time, usually via
+     * {@link createNqlBindings}.
+     */
+    fields: FieldBindings;
+}
+
 /**
  * Parse a cookie header string into a key-value object.
  *
@@ -608,4 +850,4 @@ interface ValidateEnvironmentOptions {
  */
 declare function validateEnvironment(options?: ValidateEnvironmentOptions): Promise<void>;
 
-export { AUTH_CONTROLLER_KEY, AUTH_USER_KEY, type AuthHandlers, type AuthLevel, type AuthMiddlewareOptions, type AuthVariables, type BackendAuthController, type BackendUser, type CreateAuthHandlersOptions, type CreateHttpHandlerOptions, type EndpointSelector, type FactoryHandlerOptions, type HandlerFactoryConfig, HttpError, type HttpHandler, type HttpHandlers, type TokenPayload, type TypedHandler, type TypedHandlerContext, type TypedRouteDefinition, type TypedRoutes, type ValidateEnvironmentOptions, type VerifyTokenResult, createAuthHandlers, createAuthMiddleware, createHandlerFactory, createHttpHandler, createTypedHandler, createTypedRoutes, getAuthController, getCookie, getUser, parseCookies, registerHandlers, requireAuth, validateEnvironment };
+export { AUTH_CONTROLLER_KEY, AUTH_USER_KEY, type AuthHandlers, type AuthLevel, type AuthMiddlewareOptions, type AuthVariables, type BackendAuthController, type BackendUser, type CompileNqlOptions, type CompileOptions, type CompiledNql, type CreateAuthHandlersOptions, type CreateHttpHandlerOptions, type EndpointSelector, type FactoryHandlerOptions, type FieldBindings, type HandlerFactoryConfig, HttpError, type HttpHandler, type HttpHandlers, type NqlError, type NqlErrorCode, type NubaseBackendAuthConfig, type NubaseBackendConfig, type ParsedNode, type Result, type SourceSpan, type TokenPayload, type TypedHandler, type TypedHandlerContext, type TypedRouteDefinition, type TypedRoutes, type ValidFieldRef, type ValidFieldType, type ValidNode, type ValidateEnvironmentOptions, type VerifyTokenResult, compileNql, createAuthHandlers, createAuthMiddleware, createHandlerFactory, createHttpHandler, createNqlBindings, createTypedHandler, createTypedRoutes, getAuthController, getCookie, getUser, parseCookies, registerHandlers, requireAuth, validateEnvironment };