@pyreon/zero 0.1.1 → 0.3.0

package/lib/index.js

@@ -1,10 +1,9 @@
-import { a as scanRouteFiles, i as parseFileRoutes, r as generateRouteModule, t as filePathToUrlPath } from "./fs-router-jfd1QGLB.js";
+import { a as parseFileRoutes, i as generateRouteModule, o as scanRouteFiles, r as generateMiddlewareModule, t as filePathToUrlPath } from "./fs-router-n4VA4lxu.js";
 import { Fragment, createRef, h, onMount, onUnmount } from "@pyreon/core";
 import { HeadProvider } from "@pyreon/head";
 import { RouterProvider, RouterView, createRouter, useRouter } from "@pyreon/router";
 import { createHandler } from "@pyreon/server";
 import { effect, signal } from "@pyreon/reactivity";
-import { jsx, jsxs } from "@pyreon/core/jsx-runtime";
 import { existsSync } from "node:fs";
 import { mkdir, readFile, writeFile } from "node:fs/promises";
 import { basename, extname, join } from "node:path";
@@ -35,20 +34,183 @@ function DefaultLayout(props) {
 	return h(Fragment, null, ...Array.isArray(props.children) ? props.children : [props.children]);
 }
 
+//#endregion
+//#region src/api-routes.ts
+/**
+* Match a URL path against an API route pattern.
+* Returns extracted params or null if no match.
+*/
+function matchApiRoute(pattern, path) {
+	const patternParts = pattern.split("/").filter(Boolean);
+	const pathParts = path.split("/").filter(Boolean);
+	const params = {};
+	for (let i = 0; i < patternParts.length; i++) {
+		const pp = patternParts[i];
+		if (pp.endsWith("*")) {
+			const paramName = pp.slice(1, -1);
+			params[paramName] = pathParts.slice(i).join("/");
+			return params;
+		}
+		if (i >= pathParts.length) return null;
+		if (pp.startsWith(":")) {
+			params[pp.slice(1)] = pathParts[i];
+			continue;
+		}
+		if (pp !== pathParts[i]) return null;
+	}
+	return patternParts.length === pathParts.length ? params : null;
+}
+const HTTP_METHODS = [
+	"GET",
+	"POST",
+	"PUT",
+	"PATCH",
+	"DELETE",
+	"HEAD",
+	"OPTIONS"
+];
+/**
+* Create a middleware that dispatches API route requests.
+* API routes are matched by URL pattern and HTTP method.
+*/
+function createApiMiddleware(routes) {
+	return async (ctx) => {
+		for (const route of routes) {
+			const params = matchApiRoute(route.pattern, ctx.path);
+			if (!params) continue;
+			const method = ctx.req.method.toUpperCase();
+			const handler = route.module[method];
+			if (!handler) {
+				const allowed = HTTP_METHODS.filter((m) => route.module[m]).join(", ");
+				return new Response(null, {
+					status: 405,
+					headers: {
+						Allow: allowed,
+						"Content-Type": "application/json"
+					}
+				});
+			}
+			return handler({
+				request: ctx.req,
+				url: ctx.url,
+				path: ctx.path,
+				params,
+				headers: ctx.req.headers
+			});
+		}
+	};
+}
+/**
+* Detect whether a route file is an API route.
+* API routes are `.ts` or `.js` files inside an `api/` directory.
+*/
+function isApiRoute(filePath) {
+	const normalized = filePath.replace(/\\/g, "/");
+	return normalized.startsWith("api/") && (normalized.endsWith(".ts") || normalized.endsWith(".js")) && !normalized.endsWith(".tsx") && !normalized.endsWith(".jsx");
+}
+/**
+* Convert an API route file path to a URL pattern.
+*
+* Examples:
+*   "api/posts.ts"        → "/api/posts"
+*   "api/posts/index.ts"  → "/api/posts"
+*   "api/posts/[id].ts"   → "/api/posts/:id"
+*   "api/[...path].ts"    → "/api/:path*"
+*/
+function apiFilePathToPattern(filePath) {
+	let route = filePath;
+	for (const ext of [".ts", ".js"]) if (route.endsWith(ext)) {
+		route = route.slice(0, -ext.length);
+		break;
+	}
+	const segments = route.split("/");
+	const urlSegments = [];
+	for (const seg of segments) {
+		if (seg === "index") continue;
+		const catchAll = seg.match(/^\[\.\.\.(\w+)\]$/);
+		if (catchAll) {
+			urlSegments.push(`:${catchAll[1]}*`);
+			continue;
+		}
+		const dynamic = seg.match(/^\[(\w+)\]$/);
+		if (dynamic) {
+			urlSegments.push(`:${dynamic[1]}`);
+			continue;
+		}
+		urlSegments.push(seg);
+	}
+	return `/${urlSegments.join("/")}`;
+}
+/**
+* Generate a virtual module that exports API route entries.
+* Each entry maps a URL pattern to a module with HTTP method handlers.
+*/
+function generateApiRouteModule(files, routesDir) {
+	const apiFiles = files.filter(isApiRoute);
+	if (apiFiles.length === 0) return "export const apiRoutes = []\n";
+	const imports = [];
+	const entries = [];
+	for (let i = 0; i < apiFiles.length; i++) {
+		const name = `_api${i}`;
+		const fullPath = `${routesDir}/${apiFiles[i]}`;
+		const pattern = apiFilePathToPattern(apiFiles[i]);
+		imports.push(`import * as ${name} from "${fullPath}"`);
+		entries.push(`  { pattern: ${JSON.stringify(pattern)}, module: ${name} }`);
+	}
+	return [
+		...imports,
+		"",
+		"export const apiRoutes = [",
+		entries.join(",\n"),
+		"]"
+	].join("\n");
+}
+
 //#endregion
 //#region src/entry-server.ts
 /**
+* Create a middleware that dispatches per-route middleware based on URL pattern matching.
+*/
+function createRouteMiddlewareDispatcher(entries) {
+	return async (ctx) => {
+		for (const entry of entries) if (matchPattern(entry.pattern, ctx.path)) {
+			const mw = Array.isArray(entry.middleware) ? entry.middleware : [entry.middleware];
+			for (const fn of mw) {
+				const result = await fn(ctx);
+				if (result) return result;
+			}
+		}
+	};
+}
+/** Simple URL pattern matcher supporting :param and :param* segments. */
+function matchPattern(pattern, path) {
+	const patternParts = pattern.split("/").filter(Boolean);
+	const pathParts = path.split("/").filter(Boolean);
+	for (let i = 0; i < patternParts.length; i++) {
+		const pp = patternParts[i];
+		if (pp.endsWith("*")) return true;
+		if (pp.startsWith(":")) continue;
+		if (pp !== pathParts[i]) return false;
+	}
+	return patternParts.length === pathParts.length;
+}
+/**
 * Create the SSR request handler for production.
 *
 * @example
 * import { routes } from "virtual:zero/routes"
+* import { routeMiddleware } from "virtual:zero/route-middleware"
 * import { createServer } from "@pyreon/zero"
 *
-* export default createServer({ routes })
+* export default createServer({ routes, routeMiddleware, apiRoutes })
 */
 function createServer(options) {
 	const config = options.config ?? {};
-	const allMiddleware = [...config.middleware ?? [], ...options.middleware ?? []];
+	const allMiddleware = [];
+	if (options.apiRoutes?.length) allMiddleware.push(createApiMiddleware(options.apiRoutes));
+	if (options.routeMiddleware?.length) allMiddleware.push(createRouteMiddlewareDispatcher(options.routeMiddleware));
+	allMiddleware.push(...config.middleware ?? []);
+	allMiddleware.push(...options.middleware ?? []);
 	const { App } = createApp({
 		routes: options.routes,
 		routerMode: "history"
@@ -96,10 +258,121 @@ function resolveConfig(userConfig = {}) {
 	};
 }
 
+//#endregion
+//#region src/error-overlay.ts
+/**
+* Dev-only error overlay for SSR/loader errors.
+* Renders a styled HTML page with the error stack trace.
+*/
+function renderErrorOverlay(error) {
+	return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>SSR Error — Pyreon Zero</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: ui-monospace, "Cascadia Code", "Source Code Pro", Menlo, Consolas, monospace;
+      background: #1a1a2e;
+      color: #e0e0e0;
+      min-height: 100vh;
+      padding: 2rem;
+    }
+    .overlay {
+      max-width: 900px;
+      margin: 0 auto;
+    }
+    .header {
+      display: flex;
+      align-items: center;
+      gap: 0.75rem;
+      margin-bottom: 1.5rem;
+    }
+    .badge {
+      background: #e74c3c;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      border-radius: 4px;
+      font-size: 0.75rem;
+      font-weight: 600;
+      text-transform: uppercase;
+      letter-spacing: 0.05em;
+    }
+    .label {
+      color: #888;
+      font-size: 0.85rem;
+    }
+    .message {
+      font-size: 1.25rem;
+      color: #ff6b6b;
+      margin-bottom: 1.5rem;
+      line-height: 1.5;
+      word-break: break-word;
+    }
+    .stack {
+      background: #16213e;
+      border: 1px solid #2a2a4a;
+      border-radius: 8px;
+      padding: 1.25rem;
+      overflow-x: auto;
+      font-size: 0.8rem;
+      line-height: 1.7;
+      white-space: pre-wrap;
+      word-break: break-all;
+    }
+    .stack .at { color: #888; }
+    .stack .file { color: #4ecdc4; }
+    .hint {
+      margin-top: 1.5rem;
+      padding: 1rem;
+      background: #1e2a45;
+      border-radius: 6px;
+      border-left: 3px solid #3498db;
+      font-size: 0.8rem;
+      color: #aaa;
+      line-height: 1.5;
+    }
+  </style>
+</head>
+<body>
+  <div class="overlay">
+    <div class="header">
+      <span class="badge">SSR Error</span>
+      <span class="label">Pyreon Zero — Dev Mode</span>
+    </div>
+    <div class="message">${escapeHtml(error.message || "Unknown error")}</div>
+    <pre class="stack">${formatStack(escapeHtml(error.stack || ""))}</pre>
+    <div class="hint">
+      This error occurred during server-side rendering. Check the terminal for
+      the full stack trace. This overlay is only shown in development.
+    </div>
+  </div>
+</body>
+</html>`;
+}
+function escapeHtml(str) {
+	return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+function formatStack(stack) {
+	return stack.split("\n").map((line) => {
+		if (line.includes("at ")) {
+			const fileMatch = line.match(/\(([^)]+)\)/);
+			if (fileMatch) return line.replace(fileMatch[0], `(<span class="file">${fileMatch[1]}</span>)`);
+		}
+		return line;
+	}).join("\n");
+}
+
 //#endregion
 //#region src/vite-plugin.ts
 const VIRTUAL_ROUTES_ID = "virtual:zero/routes";
 const RESOLVED_VIRTUAL_ROUTES_ID = `\0${VIRTUAL_ROUTES_ID}`;
+const VIRTUAL_MIDDLEWARE_ID = "virtual:zero/route-middleware";
+const RESOLVED_VIRTUAL_MIDDLEWARE_ID = `\0${VIRTUAL_MIDDLEWARE_ID}`;
+const VIRTUAL_API_ROUTES_ID = "virtual:zero/api-routes";
+const RESOLVED_VIRTUAL_API_ROUTES_ID = `\0${VIRTUAL_API_ROUTES_ID}`;
 /**
 * Zero Vite plugin — adds file-based routing and zero-config conventions
 * on top of @pyreon/vite-plugin.
@@ -127,6 +400,8 @@ function zeroPlugin(userConfig = {}) {
 		},
 		resolveId(id) {
 			if (id === VIRTUAL_ROUTES_ID) return RESOLVED_VIRTUAL_ROUTES_ID;
+			if (id === VIRTUAL_MIDDLEWARE_ID) return RESOLVED_VIRTUAL_MIDDLEWARE_ID;
+			if (id === VIRTUAL_API_ROUTES_ID) return RESOLVED_VIRTUAL_API_ROUTES_ID;
 		},
 		async load(id) {
 			if (id === RESOLVED_VIRTUAL_ROUTES_ID) try {
@@ -134,16 +409,52 @@ function zeroPlugin(userConfig = {}) {
 			} catch (_err) {
 				return `export const routes = []`;
 			}
+			if (id === RESOLVED_VIRTUAL_MIDDLEWARE_ID) try {
+				return generateMiddlewareModule(await scanRouteFiles(routesDir), routesDir);
+			} catch (_err) {
+				return `export const routeMiddleware = []`;
+			}
+			if (id === RESOLVED_VIRTUAL_API_ROUTES_ID) try {
+				return generateApiRouteModule(await scanRouteFiles(routesDir), routesDir);
+			} catch (_err) {
+				return `export const apiRoutes = []`;
+			}
 		},
 		configureServer(server) {
+			server.middlewares.use((req, res, next) => {
+				if (!(req.headers.accept ?? "").includes("text/html")) return next();
+				const originalEnd = res.end.bind(res);
+				let errored = false;
+				const handleError = (err) => {
+					if (errored) return;
+					errored = true;
+					const error = err instanceof Error ? err : new Error(String(err));
+					server.ssrFixStacktrace(error);
+					const html = renderErrorOverlay(error);
+					res.statusCode = 500;
+					res.setHeader("Content-Type", "text/html; charset=utf-8");
+					res.setHeader("Content-Length", Buffer.byteLength(html));
+					originalEnd(html);
+				};
+				res.on("error", handleError);
+				try {
+					next();
+				} catch (err) {
+					handleError(err);
+				}
+			});
 			server.watcher.add(`${routesDir}/**/*.{tsx,jsx,ts,js}`);
 			server.watcher.on("all", (event, path) => {
 				if (path.startsWith(routesDir) && (event === "add" || event === "unlink")) {
-					const mod = server.moduleGraph.getModuleById(RESOLVED_VIRTUAL_ROUTES_ID);
-					if (mod) {
-						server.moduleGraph.invalidateModule(mod);
-						server.ws.send({ type: "full-reload" });
+					for (const resolvedId of [
+						RESOLVED_VIRTUAL_ROUTES_ID,
+						RESOLVED_VIRTUAL_MIDDLEWARE_ID,
+						RESOLVED_VIRTUAL_API_ROUTES_ID
+					]) {
+						const mod = server.moduleGraph.getModuleById(resolvedId);
+						if (mod) server.moduleGraph.invalidateModule(mod);
 					}
+					server.ws.send({ type: "full-reload" });
 				}
 			});
 		},
@@ -448,6 +759,56 @@ function useIntersectionObserver(getElement, onIntersect, rootMargin = "200px")
 	});
 }
 
+//#endregion
+//#region ../../node_modules/.bun/@pyreon+core@0.7.0/node_modules/@pyreon/core/lib/jsx-runtime.js
+/**
+* Hyperscript function — the compiled output of JSX.
+* `<div class="x">hello</div>` → `h("div", { class: "x" }, "hello")`
+*
+* Generic on P so TypeScript validates props match the component's signature
+* at the call site, then stores the result in the loosely-typed VNode.
+*/
+/** Shared empty props sentinel — identity-checked in mountElement to skip applyProps. */
+const EMPTY_PROPS = {};
+function h$1(type, props, ...children) {
+	return {
+		type,
+		props: props ?? EMPTY_PROPS,
+		children: normalizeChildren(children),
+		key: props?.key ?? null
+	};
+}
+function normalizeChildren(children) {
+	for (let i = 0; i < children.length; i++) if (Array.isArray(children[i])) return flattenChildren(children);
+	return children;
+}
+function flattenChildren(children) {
+	const result = [];
+	for (const child of children) if (Array.isArray(child)) result.push(...flattenChildren(child));
+	else result.push(child);
+	return result;
+}
+/**
+* JSX automatic runtime.
+*
+* When tsconfig has `"jsxImportSource": "@pyreon/core"`, the TS/bundler compiler
+* rewrites JSX to imports from this file automatically:
+*   <div class="x" />  →  jsx("div", { class: "x" })
+*/
+function jsx(type, props, key) {
+	const { children, ...rest } = props;
+	const propsWithKey = key != null ? {
+		...rest,
+		key
+	} : rest;
+	if (typeof type === "function") return h$1(type, children !== void 0 ? {
+		...propsWithKey,
+		children
+	} : propsWithKey);
+	return h$1(type, propsWithKey, ...children === void 0 ? [] : Array.isArray(children) ? children : [children]);
+}
+const jsxs = jsx;
+
 //#endregion
 //#region src/image.tsx
 /**
@@ -1623,7 +1984,7 @@ function seoPlugin(config = {}) {
 		apply: "build",
 		async generateBundle(_, _bundle) {
 			if (config.sitemap) {
-				const { scanRouteFiles } = await import("./fs-router-jfd1QGLB.js").then((n) => n.n);
+				const { scanRouteFiles } = await import("./fs-router-n4VA4lxu.js").then((n) => n.n);
 				const routesDir = `${process.cwd()}/src/routes`;
 				try {
 					const sitemap = generateSitemap(await scanRouteFiles(routesDir), config.sitemap);
@@ -1653,7 +2014,7 @@ function seoMiddleware(config = {}) {
 	return async (ctx) => {
 		if (ctx.url.pathname === "/robots.txt" && config.robots) return new Response(generateRobots(config.robots), { headers: { "Content-Type": "text/plain" } });
 		if (ctx.url.pathname === "/sitemap.xml" && config.sitemap) try {
-			const { scanRouteFiles } = await import("./fs-router-jfd1QGLB.js").then((n) => n.n);
+			const { scanRouteFiles } = await import("./fs-router-n4VA4lxu.js").then((n) => n.n);
 			const sitemap = generateSitemap(await scanRouteFiles(`${process.cwd()}/src/routes`), config.sitemap);
 			return new Response(sitemap, { headers: { "Content-Type": "application/xml" } });
 		} catch {}
@@ -1661,5 +2022,284 @@ function seoMiddleware(config = {}) {
 }
 
 //#endregion
-export { Image, Link, Script, ThemeToggle, bunAdapter, cacheMiddleware, createApp, createISRHandler, createLink, createServer, zeroPlugin as default, defineConfig, filePathToUrlPath, fontPlugin, fontVariables, generateRobots, generateRouteModule, generateSitemap, imagePlugin, initTheme, jsonLd, nodeAdapter, parseFileRoutes, resolveAdapter, resolveConfig, resolvedTheme, scanRouteFiles, securityHeaders, seoMiddleware, seoPlugin, setTheme, staticAdapter, theme, themeScript, toggleTheme, useLink, varyEncoding };
+//#region src/cors.ts
+const DEFAULT_METHODS = [
+	"GET",
+	"POST",
+	"PUT",
+	"PATCH",
+	"DELETE",
+	"OPTIONS"
+];
+const DEFAULT_HEADERS = ["Content-Type", "Authorization"];
+/**
+* CORS middleware — handles preflight requests and sets appropriate
+* Access-Control headers on all responses.
+*
+* @example
+* import { corsMiddleware } from "@pyreon/zero/cors"
+*
+* corsMiddleware({ origin: "https://example.com", credentials: true })
+*
+* // Allow any origin
+* corsMiddleware({ origin: "*" })
+*
+* // Multiple origins
+* corsMiddleware({ origin: ["https://app.com", "https://admin.com"] })
+*/
+function corsMiddleware(config = {}) {
+	const { origin = "*", methods = DEFAULT_METHODS, allowedHeaders = DEFAULT_HEADERS, exposedHeaders = [], credentials = false, maxAge = 86400 } = config;
+	return (ctx) => {
+		const resolvedOrigin = resolveOrigin(origin, ctx.req.headers.get("origin") ?? "");
+		if (!resolvedOrigin) return;
+		ctx.headers.set("Access-Control-Allow-Origin", resolvedOrigin);
+		if (credentials) ctx.headers.set("Access-Control-Allow-Credentials", "true");
+		if (exposedHeaders.length > 0) ctx.headers.set("Access-Control-Expose-Headers", exposedHeaders.join(", "));
+		if (resolvedOrigin !== "*") ctx.headers.append("Vary", "Origin");
+		if (ctx.req.method === "OPTIONS") return new Response(null, {
+			status: 204,
+			headers: {
+				"Access-Control-Allow-Origin": resolvedOrigin,
+				"Access-Control-Allow-Methods": methods.join(", "),
+				"Access-Control-Allow-Headers": allowedHeaders.join(", "),
+				"Access-Control-Max-Age": String(maxAge),
+				...credentials ? { "Access-Control-Allow-Credentials": "true" } : {}
+			}
+		});
+	};
+}
+function resolveOrigin(config, requestOrigin) {
+	if (config === "*") return "*";
+	if (typeof config === "string") return config === requestOrigin ? config : null;
+	if (typeof config === "function") return config(requestOrigin) ? requestOrigin : null;
+	if (Array.isArray(config)) return config.includes(requestOrigin) ? requestOrigin : null;
+	return null;
+}
+
+//#endregion
+//#region src/rate-limit.ts
+/**
+* Rate limiting middleware — limits requests per client within a time window.
+* Uses an in-memory store (suitable for single-instance deployments).
+*
+* @example
+* import { rateLimitMiddleware } from "@pyreon/zero/rate-limit"
+*
+* // 100 requests per minute (default)
+* rateLimitMiddleware()
+*
+* // Strict API rate limiting
+* rateLimitMiddleware({
+*   max: 20,
+*   window: 60,
+*   include: ["/api/*"],
+* })
+*/
+function rateLimitMiddleware(config = {}) {
+	const { max = 100, window: windowSec = 60, keyFn = defaultKeyFn, onLimit, include, exclude } = config;
+	const windowMs = windowSec * 1e3;
+	const store = /* @__PURE__ */ new Map();
+	const cleanupInterval = setInterval(() => {
+		const now = Date.now();
+		for (const [key, entry] of store) if (entry.resetAt <= now) store.delete(key);
+	}, windowMs);
+	if (typeof cleanupInterval === "object" && "unref" in cleanupInterval) cleanupInterval.unref();
+	return (ctx) => {
+		if (include && !include.some((p) => matchSimpleGlob(p, ctx.path))) return;
+		if (exclude?.some((p) => matchSimpleGlob(p, ctx.path))) return;
+		const key = keyFn(ctx);
+		const now = Date.now();
+		let entry = store.get(key);
+		if (!entry || entry.resetAt <= now) {
+			entry = {
+				count: 0,
+				resetAt: now + windowMs
+			};
+			store.set(key, entry);
+		}
+		entry.count++;
+		const remaining = Math.max(0, max - entry.count);
+		const resetSeconds = Math.ceil((entry.resetAt - now) / 1e3);
+		ctx.headers.set("X-RateLimit-Limit", String(max));
+		ctx.headers.set("X-RateLimit-Remaining", String(remaining));
+		ctx.headers.set("X-RateLimit-Reset", String(resetSeconds));
+		if (entry.count > max) {
+			if (onLimit) return onLimit(ctx);
+			return new Response(JSON.stringify({ error: "Too many requests" }), {
+				status: 429,
+				headers: {
+					"Content-Type": "application/json",
+					"Retry-After": String(resetSeconds),
+					"X-RateLimit-Limit": String(max),
+					"X-RateLimit-Remaining": "0",
+					"X-RateLimit-Reset": String(resetSeconds)
+				}
+			});
+		}
+	};
+}
+function defaultKeyFn(ctx) {
+	return ctx.req.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ?? ctx.req.headers.get("x-real-ip") ?? "unknown";
+}
+/** Simple glob matching for path patterns. Supports trailing `*`. */
+function matchSimpleGlob(pattern, path) {
+	if (pattern.endsWith("/*")) return path.startsWith(pattern.slice(0, -1));
+	return pattern === path;
+}
+
+//#endregion
+//#region src/compression.ts
+/**
+* Compression middleware — compresses responses using gzip or deflate
+* based on the client's Accept-Encoding header.
+*
+* Only compresses text-based content types (HTML, JSON, JS, CSS, XML, SVG).
+* Skips responses below the size threshold and already-encoded responses.
+*
+* @example
+* import { compressionMiddleware } from "@pyreon/zero/compression"
+*
+* compressionMiddleware() // gzip with 1KB threshold
+* compressionMiddleware({ threshold: 512, encodings: ["gzip"] })
+*/
+function compressionMiddleware(config = {}) {
+	const { threshold = 1024, encodings = ["gzip", "deflate"] } = config;
+	return (ctx) => {
+		const acceptEncoding = ctx.req.headers.get("accept-encoding") ?? "";
+		const encoding = encodings.find((enc) => acceptEncoding.includes(enc));
+		if (!encoding) return;
+		ctx.locals.__compressionEncoding = encoding;
+		ctx.locals.__compressionThreshold = threshold;
+		ctx.headers.append("Vary", "Accept-Encoding");
+	};
+}
+/**
+* Compress a Response body if it meets the criteria.
+* Use this to post-process responses after the handler runs.
+*
+* @example
+* const response = await handler(request)
+* const compressed = await compressResponse(response, 'gzip', 1024)
+*/
+async function compressResponse(response, encoding, threshold) {
+	if (!isCompressible(response.headers.get("content-type") ?? "")) return response;
+	if (response.headers.get("content-encoding")) return response;
+	const body = await response.arrayBuffer();
+	if (body.byteLength < threshold) return response;
+	const compressed = await compress(body, encoding);
+	const headers = new Headers(response.headers);
+	headers.set("Content-Encoding", encoding);
+	headers.delete("Content-Length");
+	headers.append("Vary", "Accept-Encoding");
+	return new Response(compressed, {
+		status: response.status,
+		statusText: response.statusText,
+		headers
+	});
+}
+const COMPRESSIBLE_TYPES = [
+	"text/",
+	"application/json",
+	"application/javascript",
+	"application/xml",
+	"application/xhtml+xml",
+	"image/svg+xml"
+];
+/** Check if a content type is compressible. Exported for testing. */
+function isCompressible(contentType) {
+	return COMPRESSIBLE_TYPES.some((t) => contentType.includes(t));
+}
+async function compress(data, encoding) {
+	const format = encoding === "gzip" ? "gzip" : "deflate";
+	const stream = new Blob([data]).stream().pipeThrough(new CompressionStream(format));
+	return new Response(stream).arrayBuffer();
+}
+
+//#endregion
+//#region src/actions.ts
+const actionRegistry = /* @__PURE__ */ new Map();
+let actionCounter = 0;
+/**
+* Define a server action. Returns a callable function that:
+* - On the **client**: sends a POST request to `/_zero/actions/<id>`
+* - On the **server** (SSR): executes the handler directly (no fetch)
+*
+* @example
+* // In a route file or module:
+* export const createPost = defineAction(async (ctx) => {
+*   const data = ctx.json as { title: string; body: string }
+*   // ... save to database
+*   return { success: true, id: 123 }
+* })
+*
+* // In a component:
+* const result = await createPost({ title: 'Hello', body: '...' })
+*/
+function defineAction(handler) {
+	const id = `action_${actionCounter++}`;
+	actionRegistry.set(id, {
+		id,
+		handler
+	});
+	const callable = async (data) => {
+		if (typeof globalThis.window === "undefined") return handler({
+			request: new Request(`http://localhost/_zero/actions/${id}`, {
+				method: "POST",
+				headers: { "Content-Type": "application/json" },
+				body: JSON.stringify(data ?? null)
+			}),
+			formData: null,
+			json: data ?? null,
+			headers: new Headers({ "Content-Type": "application/json" })
+		});
+		const response = await fetch(`/_zero/actions/${id}`, {
+			method: "POST",
+			headers: { "Content-Type": "application/json" },
+			body: JSON.stringify(data ?? null)
+		});
+		if (!response.ok) {
+			const body = await response.json().catch(() => ({}));
+			throw new Error(body.error ?? `Action failed: ${response.statusText}`);
+		}
+		return response.json();
+	};
+	callable.actionId = id;
+	return callable;
+}
+/**
+* Create a middleware that handles action requests at `/_zero/actions/*`.
+* Mount this before the SSR handler in the server entry.
+*/
+function createActionMiddleware() {
+	return async (ctx) => {
+		if (!ctx.path.startsWith("/_zero/actions/")) return;
+		const actionId = ctx.path.slice(15);
+		const action = actionRegistry.get(actionId);
+		if (!action) return Response.json({ error: "Action not found" }, { status: 404 });
+		if (ctx.req.method !== "POST") return Response.json({ error: "Method not allowed" }, { status: 405 });
+		return executeAction(action, ctx.req);
+	};
+}
+async function executeAction(action, req) {
+	try {
+		const contentType = req.headers.get("content-type") ?? "";
+		let formData = null;
+		let json = null;
+		if (contentType.includes("application/json")) json = await req.json();
+		else if (contentType.includes("multipart/form-data") || contentType.includes("application/x-www-form-urlencoded")) formData = await req.formData();
+		const result = await action.handler({
+			request: req,
+			formData,
+			json,
+			headers: req.headers
+		});
+		return Response.json(result ?? null);
+	} catch (err) {
+		const message = err instanceof Error ? err.message : "Internal server error";
+		return Response.json({ error: message }, { status: 500 });
+	}
+}
+
+//#endregion
+export { Image, Link, Script, ThemeToggle, bunAdapter, cacheMiddleware, compressResponse, compressionMiddleware, corsMiddleware, createActionMiddleware, createApiMiddleware, createApp, createISRHandler, createLink, createServer, zeroPlugin as default, defineAction, defineConfig, filePathToUrlPath, fontPlugin, fontVariables, generateApiRouteModule, generateMiddlewareModule, generateRobots, generateRouteModule, generateSitemap, imagePlugin, initTheme, isCompressible, jsonLd, nodeAdapter, parseFileRoutes, rateLimitMiddleware, resolveAdapter, resolveConfig, resolvedTheme, scanRouteFiles, securityHeaders, seoMiddleware, seoPlugin, setTheme, staticAdapter, theme, themeScript, toggleTheme, useLink, varyEncoding };
 //# sourceMappingURL=index.js.map