@orpc/server 0.0.0-next.b45a533 → 0.0.0-next.b47b94e

package/dist/index.mjs

@@ -1,7 +1,8 @@
 import { mergeErrorMap, mergeMeta, mergeRoute, mergePrefix, mergeTags, isContractProcedure, getContractRouter } from '@orpc/contract';
 export { ValidationError, eventIterator, type } from '@orpc/contract';
-import { P as Procedure, d as addMiddleware, c as createProcedureClient, e as enhanceRouter, l as lazy, s as setHiddenRouterContract, i as isProcedure, f as isLazy, h as createAssertedLazyProcedure, g as getRouter } from './shared/server.B_5ZADvP.mjs';
-export { L as LAZY_SYMBOL, p as call, r as createAccessibleLazyRouter, b as createContractedProcedure, j as createORPCErrorConstructorMap, q as getHiddenRouterContract, k as getLazyMeta, n as isStartWithMiddlewares, o as mergeMiddlewares, m as middlewareOutputFn, w as resolveContractProcedures, a as toHttpPath, t as traverseContractProcedures, u as unlazy, x as unlazyRouter, v as validateORPCError } from './shared/server.B_5ZADvP.mjs';
+import { P as Procedure, b as addMiddleware, c as createProcedureClient, e as enhanceRouter, l as lazy, s as setHiddenRouterContract, i as isProcedure, d as isLazy, f as createAssertedLazyProcedure, g as getRouter } from './shared/server.DG7Tamti.mjs';
+export { L as LAZY_SYMBOL, p as call, r as createAccessibleLazyRouter, a as createContractedProcedure, h as createORPCErrorConstructorMap, q as getHiddenRouterContract, j as getLazyMeta, n as isStartWithMiddlewares, m as mergeCurrentContext, o as mergeMiddlewares, k as middlewareOutputFn, w as resolveContractProcedures, t as traverseContractProcedures, u as unlazy, x as unlazyRouter, v as validateORPCError } from './shared/server.DG7Tamti.mjs';
+import { toORPCError } from '@orpc/client';
 export { ORPCError, isDefinedError, safe } from '@orpc/client';
 export { onError, onFinish, onStart, onSuccess } from '@orpc/shared';
 export { getEventMeta, withEventMeta } from '@orpc/standard-server';
@@ -44,19 +45,53 @@ function decorateMiddleware(middleware) {
   return decorated;
 }
 
+function createActionableClient(client) {
+  const action = async (input) => {
+    try {
+      return [null, await client(input)];
+    } catch (error) {
+      if (error instanceof Error && "digest" in error && typeof error.digest === "string" && error.digest.startsWith("NEXT_")) {
+        throw error;
+      }
+      return [toORPCError(error).toJSON(), void 0];
+    }
+  };
+  return action;
+}
+
 class DecoratedProcedure extends Procedure {
+  /**
+   * Adds type-safe custom errors.
+   * The provided errors are spared-merged with any existing errors.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/error-handling#type%E2%80%90safe-error-handling Type-Safe Error Handling Docs}
+   */
   errors(errors) {
     return new DecoratedProcedure({
       ...this["~orpc"],
       errorMap: mergeErrorMap(this["~orpc"].errorMap, errors)
     });
   }
+  /**
+   * Sets or updates the metadata.
+   * The provided metadata is spared-merged with any existing metadata.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/metadata Metadata Docs}
+   */
   meta(meta) {
     return new DecoratedProcedure({
       ...this["~orpc"],
       meta: mergeMeta(this["~orpc"].meta, meta)
     });
   }
+  /**
+   * Sets or updates the route definition.
+   * The provided route is spared-merged with any existing route.
+   * This option is typically relevant when integrating with OpenAPI.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/openapi/routing OpenAPI Routing Docs}
+   * @see {@link https://orpc.unnoq.com/docs/openapi/input-output-structure OpenAPI Input/Output Structure Docs}
+   */
   route(route) {
     return new DecoratedProcedure({
       ...this["~orpc"],
@@ -72,9 +107,12 @@ class DecoratedProcedure extends Procedure {
   }
   /**
    * Make this procedure callable (works like a function while still being a procedure).
+   *
+   * @see {@link https://orpc.unnoq.com/docs/client/server-side Server-side Client Docs}
    */
   callable(...rest) {
-    return new Proxy(createProcedureClient(this, ...rest), {
+    const client = createProcedureClient(this, ...rest);
+    return new Proxy(client, {
       get: (target, key) => {
         return Reflect.has(this, key) ? Reflect.get(this, key) : Reflect.get(target, key);
       },
@@ -84,20 +122,36 @@ class DecoratedProcedure extends Procedure {
     });
   }
   /**
-   * Make this procedure compatible with server action (the same as .callable, but the type is compatible with server action).
+   * Make this procedure compatible with server action.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/server-action Server Action Docs}
    */
   actionable(...rest) {
-    return this.callable(...rest);
+    const action = createActionableClient(createProcedureClient(this, ...rest));
+    return new Proxy(action, {
+      get: (target, key) => {
+        return Reflect.has(this, key) ? Reflect.get(this, key) : Reflect.get(target, key);
+      },
+      has: (target, key) => {
+        return Reflect.has(this, key) || Reflect.has(target, key);
+      }
+    });
   }
 }
 
 class Builder {
+  /**
+   * This property holds the defined options.
+   */
   "~orpc";
   constructor(def) {
     this["~orpc"] = def;
   }
   /**
-   * Reset config
+   * Sets or overrides the config.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/lifecycle#middlewares-order Middlewares Order Docs}
+   * @see {@link https://orpc.unnoq.com/docs/best-practices/dedupe-middleware#configuration Dedupe Middleware Docs}
    */
   $config(config) {
     const inputValidationCount = this["~orpc"].inputValidationIndex - fallbackConfig("initialInputValidationIndex", this["~orpc"].config.initialInputValidationIndex);
@@ -111,7 +165,9 @@ class Builder {
     });
   }
   /**
-   * Reset initial context
+   * Set or override the initial context.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/context Context Docs}
    */
   $context() {
     return new Builder({
@@ -122,7 +178,9 @@ class Builder {
     });
   }
   /**
-   * Reset initial meta
+   * Sets or overrides the initial meta.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/metadata Metadata Docs}
    */
   $meta(initialMeta) {
     return new Builder({
@@ -131,7 +189,11 @@ class Builder {
     });
   }
   /**
-   * Reset initial route
+   * Sets or overrides the initial route.
+   * This option is typically relevant when integrating with OpenAPI.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/openapi/routing OpenAPI Routing Docs}
+   * @see {@link https://orpc.unnoq.com/docs/openapi/input-output-structure OpenAPI Input/Output Structure Docs}
    */
   $route(initialRoute) {
     return new Builder({
@@ -139,15 +201,31 @@ class Builder {
       route: initialRoute
     });
   }
+  /**
+   * Sets or overrides the initial input schema.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/procedure#initial-configuration Initial Procedure Configuration Docs}
+   */
   $input(initialInputSchema) {
     return new Builder({
       ...this["~orpc"],
       inputSchema: initialInputSchema
     });
   }
+  /**
+   * Creates a middleware.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/middleware Middleware Docs}
+   */
   middleware(middleware) {
     return decorateMiddleware(middleware);
   }
+  /**
+   * Adds type-safe custom errors.
+   * The provided errors are spared-merged with any existing errors.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/error-handling#type%E2%80%90safe-error-handling Type-Safe Error Handling Docs}
+   */
   errors(errors) {
     return new Builder({
       ...this["~orpc"],
@@ -161,18 +239,37 @@ class Builder {
       middlewares: addMiddleware(this["~orpc"].middlewares, mapped)
     });
   }
+  /**
+   * Sets or updates the metadata.
+   * The provided metadata is spared-merged with any existing metadata.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/metadata Metadata Docs}
+   */
   meta(meta) {
     return new Builder({
       ...this["~orpc"],
       meta: mergeMeta(this["~orpc"].meta, meta)
     });
   }
+  /**
+   * Sets or updates the route definition.
+   * The provided route is spared-merged with any existing route.
+   * This option is typically relevant when integrating with OpenAPI.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/openapi/routing OpenAPI Routing Docs}
+   * @see {@link https://orpc.unnoq.com/docs/openapi/input-output-structure OpenAPI Input/Output Structure Docs}
+   */
   route(route) {
     return new Builder({
       ...this["~orpc"],
       route: mergeRoute(this["~orpc"].route, route)
     });
   }
+  /**
+   * Defines the input validation schema.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/procedure#input-output-validation Input Validation Docs}
+   */
   input(schema) {
     return new Builder({
       ...this["~orpc"],
@@ -180,6 +277,11 @@ class Builder {
       inputValidationIndex: fallbackConfig("initialInputValidationIndex", this["~orpc"].config.initialInputValidationIndex) + this["~orpc"].middlewares.length
     });
   }
+  /**
+   * Defines the output validation schema.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/procedure#input-output-validation Output Validation Docs}
+   */
   output(schema) {
     return new Builder({
       ...this["~orpc"],
@@ -187,27 +289,57 @@ class Builder {
       outputValidationIndex: fallbackConfig("initialOutputValidationIndex", this["~orpc"].config.initialOutputValidationIndex) + this["~orpc"].middlewares.length
     });
   }
+  /**
+   * Defines the handler of the procedure.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/procedure Procedure Docs}
+   */
   handler(handler) {
     return new DecoratedProcedure({
       ...this["~orpc"],
       handler
     });
   }
+  /**
+   * Prefixes all procedures in the router.
+   * The provided prefix is post-appended to any existing router prefix.
+   *
+   * @note This option does not affect procedures that do not define a path in their route definition.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/openapi/routing#route-prefixes OpenAPI Route Prefixes Docs}
+   */
   prefix(prefix) {
     return new Builder({
       ...this["~orpc"],
       prefix: mergePrefix(this["~orpc"].prefix, prefix)
     });
   }
+  /**
+   * Adds tags to all procedures in the router.
+   * This helpful when you want to group procedures together in the OpenAPI specification.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/openapi/openapi-specification#operation-metadata OpenAPI Operation Metadata Docs}
+   */
   tag(...tags) {
     return new Builder({
       ...this["~orpc"],
       tags: mergeTags(this["~orpc"].tags, tags)
     });
   }
+  /**
+   * Applies all of the previously defined options to the specified router.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/router#extending-router Extending Router Docs}
+   */
   router(router) {
     return enhanceRouter(router, this["~orpc"]);
   }
+  /**
+   * Create a lazy router
+   * And applies all of the previously defined options to the specified router.
+   *
+   * @see {@link https://orpc.unnoq.com/docs/router#extending-router Extending Router Docs}
+   */
   lazy(loader) {
     return enhanceRouter(lazy(loader), this["~orpc"]);
   }
@@ -223,10 +355,6 @@ const os = new Builder({
   dedupeLeadingMiddlewares: true
 });
 
-function mergeCurrentContext(context, other) {
-  return { ...context, ...other };
-}
-
 function implementerInternal(contract, config, middlewares) {
   if (isContractProcedure(contract)) {
     const impl2 = new Builder({
@@ -319,12 +447,12 @@ function implement(contract, config = {}) {
   return impl;
 }
 
-function createRouterClient(router, ...[options]) {
+function createRouterClient(router, ...rest) {
   if (isProcedure(router)) {
-    const caller = createProcedureClient(router, options);
+    const caller = createProcedureClient(router, ...rest);
     return caller;
   }
-  const procedureCaller = isLazy(router) ? createProcedureClient(createAssertedLazyProcedure(router), options) : {};
+  const procedureCaller = isLazy(router) ? createProcedureClient(createAssertedLazyProcedure(router), ...rest) : {};
   const recursive = new Proxy(procedureCaller, {
     get(target, key) {
       if (typeof key !== "string") {
@@ -335,12 +463,12 @@ function createRouterClient(router, ...[options]) {
         return Reflect.get(target, key);
       }
       return createRouterClient(next, {
-        ...options,
-        path: [...options?.path ?? [], key]
+        ...rest[0],
+        path: [...rest[0]?.path ?? [], key]
       });
     }
   });
   return recursive;
 }
 
-export { Builder, DecoratedProcedure, Procedure, addMiddleware, createAssertedLazyProcedure, createProcedureClient, createRouterClient, decorateMiddleware, enhanceRouter, fallbackConfig, getRouter, implement, implementerInternal, isLazy, isProcedure, lazy, mergeCurrentContext, os, setHiddenRouterContract };
+export { Builder, DecoratedProcedure, Procedure, addMiddleware, createActionableClient, createAssertedLazyProcedure, createProcedureClient, createRouterClient, decorateMiddleware, enhanceRouter, fallbackConfig, getRouter, implement, implementerInternal, isLazy, isProcedure, lazy, os, setHiddenRouterContract };

package/dist/plugins/index.d.mts

@@ -1,31 +1,156 @@
-import { a as StandardHandlerInterceptorOptions, H as HandlerPlugin, b as StandardHandlerOptions } from '../shared/server.CL84X8p4.mjs';
-export { C as CompositePlugin } from '../shared/server.CL84X8p4.mjs';
 import { Value } from '@orpc/shared';
-import { C as Context } from '../shared/server.DnmJuN02.mjs';
-import '@orpc/contract';
-import '@orpc/standard-server';
-import '@orpc/client';
+import { StandardRequest, StandardHeaders } from '@orpc/standard-server';
+import { BatchResponseBodyItem } from '@orpc/standard-server/batch';
+import { S as StandardHandlerInterceptorOptions, a as StandardHandlerPlugin, b as StandardHandlerOptions } from '../shared/server.eWLxY3lq.mjs';
+import { C as Context, F as ProcedureClientInterceptorOptions } from '../shared/server.DPWk5pjW.mjs';
+import { Meta, ORPCError as ORPCError$1 } from '@orpc/contract';
+import { ORPCError } from '@orpc/client';
 
-interface CORSOptions<TContext extends Context> {
-    origin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<TContext>]>;
-    timingOrigin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<TContext>]>;
+interface BatchHandlerOptions<T extends Context> {
+    /**
+     * The max size of the batch allowed.
+     *
+     * @default 10
+     */
+    maxSize?: Value<number, [StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * Map the request before processing it.
+     *
+     * @default merged back batch request headers into the request
+     */
+    mapRequestItem?(request: StandardRequest, batchOptions: StandardHandlerInterceptorOptions<T>): StandardRequest;
+    /**
+     * Success batch response status code.
+     *
+     * @default 207
+     */
+    successStatus?: Value<number, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * success batch response headers.
+     *
+     * @default {}
+     */
+    headers?: Value<StandardHeaders, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
+}
+/**
+ * The Batch Request/Response Plugin allows you to combine multiple requests and responses into a single batch,
+ * reducing the overhead of sending each one separately.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/batch-request-response Batch Request/Response Plugin Docs}
+ */
+declare class BatchHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly maxSize;
+    private readonly mapRequestItem;
+    private readonly successStatus;
+    private readonly headers;
+    order: number;
+    constructor(options?: BatchHandlerOptions<T>);
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface CORSOptions<T extends Context> {
+    origin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
+    timingOrigin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
     allowMethods?: readonly string[];
     allowHeaders?: readonly string[];
     maxAge?: number;
     credentials?: boolean;
     exposeHeaders?: readonly string[];
 }
-declare class CORSPlugin<TContext extends Context> implements HandlerPlugin<TContext> {
+/**
+ * CORSPlugin is a plugin for oRPC that allows you to configure CORS for your API.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/cors CORS Plugin Docs}
+ */
+declare class CORSPlugin<T extends Context> implements StandardHandlerPlugin<T> {
     private readonly options;
-    constructor(options?: CORSOptions<TContext>);
-    init(options: StandardHandlerOptions<TContext>): void;
+    order: number;
+    constructor(options?: CORSOptions<T>);
+    init(options: StandardHandlerOptions<T>): void;
 }
 
 interface ResponseHeadersPluginContext {
     resHeaders?: Headers;
 }
-declare class ResponseHeadersPlugin<TContext extends ResponseHeadersPluginContext & Context> implements HandlerPlugin<TContext> {
-    init(options: StandardHandlerOptions<TContext>): void;
+/**
+ * The Response Headers Plugin allows you to set response headers in oRPC.
+ * It injects a resHeaders instance into the context, enabling you to modify response headers easily.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/response-headers Response Headers Plugin Docs}
+ */
+declare class ResponseHeadersPlugin<T extends ResponseHeadersPluginContext> implements StandardHandlerPlugin<T> {
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface SimpleCsrfProtectionHandlerPluginOptions<T extends Context> {
+    /**
+     * The name of the header to check.
+     *
+     * @default 'x-csrf-token'
+     */
+    headerName?: Value<string, [options: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * The value of the header to check.
+     *
+     * @default 'orpc'
+     *
+     */
+    headerValue?: Value<string, [options: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * Exclude a procedure from the plugin.
+     *
+     * @default false
+     *
+     */
+    exclude?: Value<boolean, [options: ProcedureClientInterceptorOptions<T, Record<never, never>, Meta>]>;
+    /**
+     * The error thrown when the CSRF token is invalid.
+     *
+     * @default new ORPCError('CSRF_TOKEN_MISMATCH', {
+     *   status: 403,
+     *   message: 'Invalid CSRF token',
+     * })
+     */
+    error?: InstanceType<typeof ORPCError>;
+}
+/**
+ * This plugin adds basic Cross-Site Request Forgery (CSRF) protection to your oRPC application.
+ * It helps ensure that requests to your procedures originate from JavaScript code,
+ * not from other sources like standard HTML forms or direct browser navigation.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/simple-csrf-protection Simple CSRF Protection Plugin Docs}
+ */
+declare class SimpleCsrfProtectionHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly headerName;
+    private readonly headerValue;
+    private readonly exclude;
+    private readonly error;
+    constructor(options?: SimpleCsrfProtectionHandlerPluginOptions<T>);
+    order: number;
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface StrictGetMethodPluginOptions {
+    /**
+     * The error thrown when a GET request is made to a procedure that doesn't allow GET.
+     *
+     * @default new ORPCError('METHOD_NOT_SUPPORTED')
+     */
+    error?: InstanceType<typeof ORPCError$1>;
+}
+/**
+ * This plugin enhances security by ensuring only procedures explicitly marked to accept GET requests
+ * can be called using the HTTP GET method for RPC Protocol. This helps prevent certain types of
+ * Cross-Site Request Forgery (CSRF) attacks.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/strict-get-method Strict Get Method Plugin Docs}
+ */
+declare class StrictGetMethodPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly error;
+    order: number;
+    constructor(options?: StrictGetMethodPluginOptions);
+    init(options: StandardHandlerOptions<T>): void;
 }
 
-export { type CORSOptions, CORSPlugin, HandlerPlugin, ResponseHeadersPlugin, type ResponseHeadersPluginContext };
+export { BatchHandlerPlugin, CORSPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin, StrictGetMethodPlugin };
+export type { BatchHandlerOptions, CORSOptions, ResponseHeadersPluginContext, SimpleCsrfProtectionHandlerPluginOptions, StrictGetMethodPluginOptions };

package/dist/plugins/index.d.ts

@@ -1,31 +1,156 @@
-import { a as StandardHandlerInterceptorOptions, H as HandlerPlugin, b as StandardHandlerOptions } from '../shared/server.hqPWnakL.js';
-export { C as CompositePlugin } from '../shared/server.hqPWnakL.js';
 import { Value } from '@orpc/shared';
-import { C as Context } from '../shared/server.DnmJuN02.js';
-import '@orpc/contract';
-import '@orpc/standard-server';
-import '@orpc/client';
+import { StandardRequest, StandardHeaders } from '@orpc/standard-server';
+import { BatchResponseBodyItem } from '@orpc/standard-server/batch';
+import { S as StandardHandlerInterceptorOptions, a as StandardHandlerPlugin, b as StandardHandlerOptions } from '../shared/server.YZzrREz9.js';
+import { C as Context, F as ProcedureClientInterceptorOptions } from '../shared/server.DPWk5pjW.js';
+import { Meta, ORPCError as ORPCError$1 } from '@orpc/contract';
+import { ORPCError } from '@orpc/client';
 
-interface CORSOptions<TContext extends Context> {
-    origin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<TContext>]>;
-    timingOrigin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<TContext>]>;
+interface BatchHandlerOptions<T extends Context> {
+    /**
+     * The max size of the batch allowed.
+     *
+     * @default 10
+     */
+    maxSize?: Value<number, [StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * Map the request before processing it.
+     *
+     * @default merged back batch request headers into the request
+     */
+    mapRequestItem?(request: StandardRequest, batchOptions: StandardHandlerInterceptorOptions<T>): StandardRequest;
+    /**
+     * Success batch response status code.
+     *
+     * @default 207
+     */
+    successStatus?: Value<number, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * success batch response headers.
+     *
+     * @default {}
+     */
+    headers?: Value<StandardHeaders, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
+}
+/**
+ * The Batch Request/Response Plugin allows you to combine multiple requests and responses into a single batch,
+ * reducing the overhead of sending each one separately.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/batch-request-response Batch Request/Response Plugin Docs}
+ */
+declare class BatchHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly maxSize;
+    private readonly mapRequestItem;
+    private readonly successStatus;
+    private readonly headers;
+    order: number;
+    constructor(options?: BatchHandlerOptions<T>);
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface CORSOptions<T extends Context> {
+    origin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
+    timingOrigin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
     allowMethods?: readonly string[];
     allowHeaders?: readonly string[];
     maxAge?: number;
     credentials?: boolean;
     exposeHeaders?: readonly string[];
 }
-declare class CORSPlugin<TContext extends Context> implements HandlerPlugin<TContext> {
+/**
+ * CORSPlugin is a plugin for oRPC that allows you to configure CORS for your API.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/cors CORS Plugin Docs}
+ */
+declare class CORSPlugin<T extends Context> implements StandardHandlerPlugin<T> {
     private readonly options;
-    constructor(options?: CORSOptions<TContext>);
-    init(options: StandardHandlerOptions<TContext>): void;
+    order: number;
+    constructor(options?: CORSOptions<T>);
+    init(options: StandardHandlerOptions<T>): void;
 }
 
 interface ResponseHeadersPluginContext {
     resHeaders?: Headers;
 }
-declare class ResponseHeadersPlugin<TContext extends ResponseHeadersPluginContext & Context> implements HandlerPlugin<TContext> {
-    init(options: StandardHandlerOptions<TContext>): void;
+/**
+ * The Response Headers Plugin allows you to set response headers in oRPC.
+ * It injects a resHeaders instance into the context, enabling you to modify response headers easily.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/response-headers Response Headers Plugin Docs}
+ */
+declare class ResponseHeadersPlugin<T extends ResponseHeadersPluginContext> implements StandardHandlerPlugin<T> {
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface SimpleCsrfProtectionHandlerPluginOptions<T extends Context> {
+    /**
+     * The name of the header to check.
+     *
+     * @default 'x-csrf-token'
+     */
+    headerName?: Value<string, [options: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * The value of the header to check.
+     *
+     * @default 'orpc'
+     *
+     */
+    headerValue?: Value<string, [options: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * Exclude a procedure from the plugin.
+     *
+     * @default false
+     *
+     */
+    exclude?: Value<boolean, [options: ProcedureClientInterceptorOptions<T, Record<never, never>, Meta>]>;
+    /**
+     * The error thrown when the CSRF token is invalid.
+     *
+     * @default new ORPCError('CSRF_TOKEN_MISMATCH', {
+     *   status: 403,
+     *   message: 'Invalid CSRF token',
+     * })
+     */
+    error?: InstanceType<typeof ORPCError>;
+}
+/**
+ * This plugin adds basic Cross-Site Request Forgery (CSRF) protection to your oRPC application.
+ * It helps ensure that requests to your procedures originate from JavaScript code,
+ * not from other sources like standard HTML forms or direct browser navigation.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/simple-csrf-protection Simple CSRF Protection Plugin Docs}
+ */
+declare class SimpleCsrfProtectionHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly headerName;
+    private readonly headerValue;
+    private readonly exclude;
+    private readonly error;
+    constructor(options?: SimpleCsrfProtectionHandlerPluginOptions<T>);
+    order: number;
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface StrictGetMethodPluginOptions {
+    /**
+     * The error thrown when a GET request is made to a procedure that doesn't allow GET.
+     *
+     * @default new ORPCError('METHOD_NOT_SUPPORTED')
+     */
+    error?: InstanceType<typeof ORPCError$1>;
+}
+/**
+ * This plugin enhances security by ensuring only procedures explicitly marked to accept GET requests
+ * can be called using the HTTP GET method for RPC Protocol. This helps prevent certain types of
+ * Cross-Site Request Forgery (CSRF) attacks.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/strict-get-method Strict Get Method Plugin Docs}
+ */
+declare class StrictGetMethodPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly error;
+    order: number;
+    constructor(options?: StrictGetMethodPluginOptions);
+    init(options: StandardHandlerOptions<T>): void;
 }
 
-export { type CORSOptions, CORSPlugin, HandlerPlugin, ResponseHeadersPlugin, type ResponseHeadersPluginContext };
+export { BatchHandlerPlugin, CORSPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin, StrictGetMethodPlugin };
+export type { BatchHandlerOptions, CORSOptions, ResponseHeadersPluginContext, SimpleCsrfProtectionHandlerPluginOptions, StrictGetMethodPluginOptions };