@valbuild/server 0.12.0

package/dist/valbuild-server.cjs.prod.js

@@ -0,0 +1,1500 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var quickjsEmscripten = require('quickjs-emscripten');
+var ts = require('typescript');
+var fp = require('@valbuild/core/fp');
+var core = require('@valbuild/core');
+var patch = require('@valbuild/core/patch');
+var path = require('path');
+var fs = require('fs');
+var express = require('express');
+var server = require('@valbuild/ui/server');
+var z = require('zod');
+var crypto = require('crypto');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { 'default': e }; }
+
+var ts__default = /*#__PURE__*/_interopDefault(ts);
+var path__default = /*#__PURE__*/_interopDefault(path);
+var fs__default = /*#__PURE__*/_interopDefault(fs);
+var express__default = /*#__PURE__*/_interopDefault(express);
+var z__default = /*#__PURE__*/_interopDefault(z);
+var crypto__default = /*#__PURE__*/_interopDefault(crypto);
+
+class ValSyntaxError {
+  constructor(message, node) {
+    this.message = message;
+    this.node = node;
+  }
+}
+function forEachError(tree, callback) {
+  if (Array.isArray(tree)) {
+    for (const subtree of tree) {
+      forEachError(subtree, callback);
+    }
+  } else {
+    callback(tree);
+  }
+}
+function flatMapErrors(tree, cb) {
+  const result = [];
+  forEachError(tree, error => result.push(cb(error)));
+  return result;
+}
+function formatSyntaxError(error, sourceFile) {
+  const pos = sourceFile.getLineAndCharacterOfPosition(error.node.pos);
+  return `${pos.line}:${pos.character} ${error.message}`;
+}
+function formatSyntaxErrorTree(tree, sourceFile) {
+  return flatMapErrors(tree, error => formatSyntaxError(error, sourceFile));
+}
+function isLiteralPropertyName(name) {
+  return ts__default["default"].isIdentifier(name) || ts__default["default"].isStringLiteral(name) || ts__default["default"].isNumericLiteral(name);
+}
+function validateObjectProperties(nodes) {
+  const errors = [];
+  for (const node of nodes) {
+    if (!ts__default["default"].isPropertyAssignment(node)) {
+      errors.push(new ValSyntaxError("Object literal element must be property assignment", node));
+    } else if (!isLiteralPropertyName(node.name)) {
+      errors.push(new ValSyntaxError("Object literal element key must be an identifier or a literal", node));
+    }
+  }
+  if (errors.length > 0) {
+    return fp.result.err(errors);
+  }
+  return fp.result.ok(nodes);
+}
+
+/**
+ * Validates that the expression is a JSON compatible type of expression without
+ * validating its children.
+ */
+function shallowValidateExpression(value) {
+  return ts__default["default"].isStringLiteralLike(value) || ts__default["default"].isNumericLiteral(value) || value.kind === ts__default["default"].SyntaxKind.TrueKeyword || value.kind === ts__default["default"].SyntaxKind.FalseKeyword || value.kind === ts__default["default"].SyntaxKind.NullKeyword || ts__default["default"].isArrayLiteralExpression(value) || ts__default["default"].isObjectLiteralExpression(value) || isValFileMethodCall(value) ? undefined : new ValSyntaxError("Expression must be a literal or call val.file", value);
+}
+
+/**
+ * Evaluates the expression as a JSON value
+ */
+function evaluateExpression(value) {
+  // The text property of a LiteralExpression stores the interpreted value of the literal in text form. For a StringLiteral,
+  // or any literal of a template, this means quotes have been removed and escapes have been converted to actual characters.
+  // For a NumericLiteral, the stored value is the toString() representation of the number. For example 1, 1.00, and 1e0 are all stored as just "1".
+  // https://github.com/microsoft/TypeScript/blob/4b794fe1dd0d184d3f8f17e94d8187eace57c91e/src/compiler/types.ts#L2127-L2131
+
+  if (ts__default["default"].isStringLiteralLike(value)) {
+    return fp.result.ok(value.text);
+  } else if (ts__default["default"].isNumericLiteral(value)) {
+    return fp.result.ok(Number(value.text));
+  } else if (value.kind === ts__default["default"].SyntaxKind.TrueKeyword) {
+    return fp.result.ok(true);
+  } else if (value.kind === ts__default["default"].SyntaxKind.FalseKeyword) {
+    return fp.result.ok(false);
+  } else if (value.kind === ts__default["default"].SyntaxKind.NullKeyword) {
+    return fp.result.ok(null);
+  } else if (ts__default["default"].isArrayLiteralExpression(value)) {
+    return fp.result.all(value.elements.map(evaluateExpression));
+  } else if (ts__default["default"].isObjectLiteralExpression(value)) {
+    return fp.pipe(validateObjectProperties(value.properties), fp.result.flatMap(assignments => fp.pipe(assignments.map(assignment => fp.pipe(evaluateExpression(assignment.initializer), fp.result.map(value => [assignment.name.text, value]))), fp.result.all)), fp.result.map(Object.fromEntries));
+  } else if (isValFileMethodCall(value)) {
+    return fp.pipe(findValFileNodeArg(value), fp.result.flatMap(ref => {
+      if (value.arguments.length === 2) {
+        return fp.pipe(evaluateExpression(value.arguments[1]), fp.result.map(metadata => ({
+          [core.FILE_REF_PROP]: ref.text,
+          _type: "file",
+          metadata
+        })));
+      } else {
+        return fp.result.ok({
+          [core.FILE_REF_PROP]: ref.text,
+          _type: "file"
+        });
+      }
+    }));
+  } else {
+    return fp.result.err(new ValSyntaxError("Expression must be a literal or call val.file", value));
+  }
+}
+function findObjectPropertyAssignment(value, key) {
+  return fp.pipe(validateObjectProperties(value.properties), fp.result.flatMap(assignments => {
+    const matchingAssignments = assignments.filter(assignment => assignment.name.text === key);
+    if (matchingAssignments.length === 0) return fp.result.ok(undefined);
+    if (matchingAssignments.length > 1) {
+      return fp.result.err(new ValSyntaxError(`Object key "${key}" is ambiguous`, value));
+    }
+    const [assignment] = matchingAssignments;
+    return fp.result.ok(assignment);
+  }));
+}
+function isValFileMethodCall(node) {
+  return ts__default["default"].isCallExpression(node) && ts__default["default"].isPropertyAccessExpression(node.expression) && ts__default["default"].isIdentifier(node.expression.expression) && node.expression.expression.text === "val" && node.expression.name.text === "file";
+}
+function findValFileNodeArg(node) {
+  if (node.arguments.length === 0) {
+    return fp.result.err(new ValSyntaxError(`Invalid val.file() call: missing ref argument`, node));
+  } else if (node.arguments.length > 2) {
+    return fp.result.err(new ValSyntaxError(`Invalid val.file() call: too many arguments ${node.arguments.length}}`, node));
+  } else if (!ts__default["default"].isStringLiteral(node.arguments[0])) {
+    return fp.result.err(new ValSyntaxError(`Invalid val.file() call: ref must be a string literal`, node));
+  }
+  const refNode = node.arguments[0];
+  return fp.result.ok(refNode);
+}
+function findValFileMetadataArg(node) {
+  if (node.arguments.length === 0) {
+    return fp.result.err(new ValSyntaxError(`Invalid val.file() call: missing ref argument`, node));
+  } else if (node.arguments.length > 2) {
+    return fp.result.err(new ValSyntaxError(`Invalid val.file() call: too many arguments ${node.arguments.length}}`, node));
+  } else if (node.arguments.length === 2) {
+    if (!ts__default["default"].isObjectLiteralExpression(node.arguments[1])) {
+      return fp.result.err(new ValSyntaxError(`Invalid val.file() call: metadata must be a object literal`, node));
+    }
+    return fp.result.ok(node.arguments[1]);
+  }
+  return fp.result.ok(undefined);
+}
+
+/**
+ * Given a list of expressions, validates that all the expressions are not
+ * spread elements. In other words, it ensures that the expressions are the
+ * initializers of the values at their respective indices in the evaluated list.
+ */
+function validateInitializers(nodes) {
+  for (const node of nodes) {
+    if (ts__default["default"].isSpreadElement(node)) {
+      return new ValSyntaxError("Unexpected spread element", node);
+    }
+  }
+  return undefined;
+}
+
+function isPath(node, path) {
+  let currentNode = node;
+  for (let i = path.length - 1; i > 0; --i) {
+    const name = path[i];
+    if (!ts__default["default"].isPropertyAccessExpression(currentNode)) {
+      return false;
+    }
+    if (!ts__default["default"].isIdentifier(currentNode.name) || currentNode.name.text !== name) {
+      return false;
+    }
+    currentNode = currentNode.expression;
+  }
+  return ts__default["default"].isIdentifier(currentNode) && currentNode.text === path[0];
+}
+function validateArguments(node, validators) {
+  return fp.result.allV([node.arguments.length === validators.length ? fp.result.voidOk : fp.result.err(new ValSyntaxError(`Expected ${validators.length} arguments`, node)), ...node.arguments.slice(0, validators.length).map((argument, index) => validators[index](argument))]);
+}
+function analyzeDefaultExport(node) {
+  const valContentCall = node.expression;
+  if (!ts__default["default"].isCallExpression(valContentCall)) {
+    return fp.result.err(new ValSyntaxError("Expected default expression to be a call expression", valContentCall));
+  }
+  if (!isPath(valContentCall.expression, ["val", "content"])) {
+    return fp.result.err(new ValSyntaxError("Expected default expression to be calling val.content", valContentCall.expression));
+  }
+  return fp.pipe(validateArguments(valContentCall, [id => {
+    // TODO: validate ID value here?
+    if (!ts__default["default"].isStringLiteralLike(id)) {
+      return fp.result.err(new ValSyntaxError("Expected first argument to val.content to be a string literal", id));
+    }
+    return fp.result.voidOk;
+  }, () => {
+    return fp.result.voidOk;
+  }, () => {
+    return fp.result.voidOk;
+  }]), fp.result.map(() => {
+    const [, schema, source] = valContentCall.arguments;
+    return {
+      schema,
+      source
+    };
+  }));
+}
+function analyzeValModule(sourceFile) {
+  const analysis = sourceFile.forEachChild(node => {
+    if (ts__default["default"].isExportAssignment(node)) {
+      return analyzeDefaultExport(node);
+    }
+  });
+  if (!analysis) {
+    throw Error("Failed to find fixed content node in val module");
+  }
+  return analysis;
+}
+
+function isValidIdentifier(text) {
+  if (text.length === 0) {
+    return false;
+  }
+  if (!ts__default["default"].isIdentifierStart(text.charCodeAt(0), ts__default["default"].ScriptTarget.ES2020)) {
+    return false;
+  }
+  for (let i = 1; i < text.length; ++i) {
+    if (!ts__default["default"].isIdentifierPart(text.charCodeAt(i), ts__default["default"].ScriptTarget.ES2020)) {
+      return false;
+    }
+  }
+  return true;
+}
+function createPropertyAssignment(key, value) {
+  return ts__default["default"].factory.createPropertyAssignment(isValidIdentifier(key) ? ts__default["default"].factory.createIdentifier(key) : ts__default["default"].factory.createStringLiteral(key), toExpression(value));
+}
+function createValFileReference(ref) {
+  return ts__default["default"].factory.createCallExpression(ts__default["default"].factory.createPropertyAccessExpression(ts__default["default"].factory.createIdentifier("val"), ts__default["default"].factory.createIdentifier("file")), undefined, [ts__default["default"].factory.createStringLiteral(ref)]);
+}
+function toExpression(value) {
+  if (typeof value === "string") {
+    // TODO: Use configuration/heuristics to determine use of single quote or double quote
+    return ts__default["default"].factory.createStringLiteral(value);
+  } else if (typeof value === "number") {
+    return ts__default["default"].factory.createNumericLiteral(value);
+  } else if (typeof value === "boolean") {
+    return value ? ts__default["default"].factory.createTrue() : ts__default["default"].factory.createFalse();
+  } else if (value === null) {
+    return ts__default["default"].factory.createNull();
+  } else if (Array.isArray(value)) {
+    return ts__default["default"].factory.createArrayLiteralExpression(value.map(toExpression));
+  } else if (typeof value === "object") {
+    if (isValFileValue(value)) {
+      return createValFileReference(value[core.FILE_REF_PROP]);
+    }
+    return ts__default["default"].factory.createObjectLiteralExpression(Object.entries(value).map(([key, value]) => createPropertyAssignment(key, value)));
+  } else {
+    return ts__default["default"].factory.createStringLiteral(value);
+  }
+}
+
+// TODO: Choose newline based on project settings/heuristics/system default?
+const newLine = ts__default["default"].NewLineKind.LineFeed;
+// TODO: Handle indentation of printed code
+const printer = ts__default["default"].createPrinter({
+  newLine: newLine
+  // neverAsciiEscape: true,
+});
+
+function replaceNodeValue(document, node, value) {
+  const replacementText = printer.printNode(ts__default["default"].EmitHint.Unspecified, toExpression(value), document);
+  const span = ts__default["default"].createTextSpanFromBounds(node.getStart(document, false), node.end);
+  const newText = `${document.text.substring(0, span.start)}${replacementText}${document.text.substring(ts__default["default"].textSpanEnd(span))}`;
+  return [document.update(newText, ts__default["default"].createTextChangeRange(span, replacementText.length)), node];
+}
+function isIndentation(s) {
+  for (let i = 0; i < s.length; ++i) {
+    const c = s.charAt(i);
+    if (c !== " " && c !== "\t") {
+      return false;
+    }
+  }
+  return true;
+}
+function newLineStr(kind) {
+  if (kind === ts__default["default"].NewLineKind.CarriageReturnLineFeed) {
+    return "\r\n";
+  } else {
+    return "\n";
+  }
+}
+function getSeparator(document, neighbor) {
+  const startPos = neighbor.getStart(document, true);
+  const basis = document.getLineAndCharacterOfPosition(startPos);
+  const lineStartPos = document.getPositionOfLineAndCharacter(basis.line, 0);
+  const maybeIndentation = document.getText().substring(lineStartPos, startPos);
+  if (isIndentation(maybeIndentation)) {
+    return `,${newLineStr(newLine)}${maybeIndentation}`;
+  } else {
+    return `, `;
+  }
+}
+function insertAt(document, nodes, index, node) {
+  let span;
+  let replacementText;
+  if (nodes.length === 0) {
+    // Replace entire range of nodes
+    replacementText = printer.printNode(ts__default["default"].EmitHint.Unspecified, node, document);
+    span = ts__default["default"].createTextSpanFromBounds(nodes.pos, nodes.end);
+  } else if (index === nodes.length) {
+    // Insert after last node
+    const neighbor = nodes[nodes.length - 1];
+    replacementText = `${getSeparator(document, neighbor)}${printer.printNode(ts__default["default"].EmitHint.Unspecified, node, document)}`;
+    span = ts__default["default"].createTextSpan(neighbor.end, 0);
+  } else {
+    // Insert before node
+    const neighbor = nodes[index];
+    replacementText = `${printer.printNode(ts__default["default"].EmitHint.Unspecified, node, document)}${getSeparator(document, neighbor)}`;
+    span = ts__default["default"].createTextSpan(neighbor.getStart(document, true), 0);
+  }
+  const newText = `${document.text.substring(0, span.start)}${replacementText}${document.text.substring(ts__default["default"].textSpanEnd(span))}`;
+  return document.update(newText, ts__default["default"].createTextChangeRange(span, replacementText.length));
+}
+function removeAt(document, nodes, index) {
+  const node = nodes[index];
+  let span;
+  if (nodes.length === 1) {
+    span = ts__default["default"].createTextSpanFromBounds(nodes.pos, nodes.end);
+  } else if (index === nodes.length - 1) {
+    // Remove until previous node
+    const neighbor = nodes[index - 1];
+    span = ts__default["default"].createTextSpanFromBounds(neighbor.end, node.end);
+  } else {
+    // Remove before next node
+    const neighbor = nodes[index + 1];
+    span = ts__default["default"].createTextSpanFromBounds(node.getStart(document, true), neighbor.getStart(document, true));
+  }
+  const newText = `${document.text.substring(0, span.start)}${document.text.substring(ts__default["default"].textSpanEnd(span))}`;
+  return [document.update(newText, ts__default["default"].createTextChangeRange(span, 0)), node];
+}
+function parseAndValidateArrayInsertIndex(key, nodes) {
+  if (key === "-") {
+    // For insertion, all nodes up until the insertion index must be valid
+    // initializers
+    const err = validateInitializers(nodes);
+    if (err) {
+      return fp.result.err(err);
+    }
+    return fp.result.ok(nodes.length);
+  }
+  return fp.pipe(patch.parseAndValidateArrayIndex(key), fp.result.flatMap(index => {
+    // For insertion, all nodes up until the insertion index must be valid
+    // initializers
+    const err = validateInitializers(nodes.slice(0, index));
+    if (err) {
+      return fp.result.err(err);
+    }
+    if (index > nodes.length) {
+      return fp.result.err(new patch.PatchError("Array index out of bounds"));
+    } else {
+      return fp.result.ok(index);
+    }
+  }));
+}
+function parseAndValidateArrayInboundsIndex(key, nodes) {
+  return fp.pipe(patch.parseAndValidateArrayIndex(key), fp.result.flatMap(index => {
+    // For in-bounds operations, all nodes up until and including the index
+    // must be valid initializers
+    const err = validateInitializers(nodes.slice(0, index + 1));
+    if (err) {
+      return fp.result.err(err);
+    }
+    if (index >= nodes.length) {
+      return fp.result.err(new patch.PatchError("Array index out of bounds"));
+    } else {
+      return fp.result.ok(index);
+    }
+  }));
+}
+function replaceInNode(document, node, key, value) {
+  if (ts__default["default"].isArrayLiteralExpression(node)) {
+    return fp.pipe(parseAndValidateArrayInboundsIndex(key, node.elements), fp.result.map(index => replaceNodeValue(document, node.elements[index], value)));
+  } else if (ts__default["default"].isObjectLiteralExpression(node)) {
+    return fp.pipe(findObjectPropertyAssignment(node, key), fp.result.flatMap(assignment => {
+      if (!assignment) {
+        return fp.result.err(new patch.PatchError("Cannot replace object element which does not exist"));
+      }
+      return fp.result.ok(assignment);
+    }), fp.result.map(assignment => replaceNodeValue(document, assignment.initializer, value)));
+  } else if (isValFileMethodCall(node)) {
+    if (key === core.FILE_REF_PROP) {
+      if (typeof value !== "string") {
+        return fp.result.err(new patch.PatchError("Cannot replace val.file reference with non-string value"));
+      }
+      return fp.pipe(findValFileNodeArg(node), fp.result.map(refNode => replaceNodeValue(document, refNode, value)));
+    } else {
+      return fp.pipe(findValFileMetadataArg(node), fp.result.flatMap(metadataArgNode => {
+        if (!metadataArgNode) {
+          return fp.result.err(new patch.PatchError("Cannot replace in val.file metadata when it does not exist"));
+        }
+        if (key !== "metadata") {
+          return fp.result.err(new patch.PatchError(`Cannot replace val.file metadata key ${key} when it does not exist`));
+        }
+        return replaceInNode(document,
+        // TODO: creating a fake object here might not be right - seems to work though
+        ts__default["default"].factory.createObjectLiteralExpression([ts__default["default"].factory.createPropertyAssignment(key, metadataArgNode)]), key, value);
+      }));
+    }
+  } else {
+    return fp.result.err(shallowValidateExpression(node) ?? new patch.PatchError("Cannot replace in non-object/array"));
+  }
+}
+function replaceAtPath(document, rootNode, path, value) {
+  if (patch.isNotRoot(path)) {
+    return fp.pipe(getPointerFromPath(rootNode, path), fp.result.flatMap(([node, key]) => replaceInNode(document, node, key, value)));
+  } else {
+    return fp.result.ok(replaceNodeValue(document, rootNode, value));
+  }
+}
+function getFromNode(node, key) {
+  if (ts__default["default"].isArrayLiteralExpression(node)) {
+    return fp.pipe(parseAndValidateArrayInboundsIndex(key, node.elements), fp.result.map(index => node.elements[index]));
+  } else if (ts__default["default"].isObjectLiteralExpression(node)) {
+    return fp.pipe(findObjectPropertyAssignment(node, key), fp.result.map(assignment => assignment === null || assignment === void 0 ? void 0 : assignment.initializer));
+  } else if (isValFileMethodCall(node)) {
+    if (key === core.FILE_REF_PROP) {
+      return findValFileNodeArg(node);
+    }
+    return findValFileMetadataArg(node);
+  } else {
+    return fp.result.err(shallowValidateExpression(node) ?? new patch.PatchError("Cannot access non-object/array"));
+  }
+}
+function getPointerFromPath(node, path) {
+  let targetNode = node;
+  let key = path[0];
+  for (let i = 0; i < path.length - 1; ++i, key = path[i]) {
+    const childNode = getFromNode(targetNode, key);
+    if (fp.result.isErr(childNode)) {
+      return childNode;
+    }
+    if (childNode.value === undefined) {
+      return fp.result.err(new patch.PatchError("Path refers to non-existing object/array"));
+    }
+    targetNode = childNode.value;
+  }
+  return fp.result.ok([targetNode, key]);
+}
+function getAtPath(rootNode, path) {
+  return fp.pipe(path, fp.result.flatMapReduce((node, key) => fp.pipe(getFromNode(node, key), fp.result.filterOrElse(childNode => childNode !== undefined, () => new patch.PatchError("Path refers to non-existing object/array"))), rootNode));
+}
+function removeFromNode(document, node, key) {
+  if (ts__default["default"].isArrayLiteralExpression(node)) {
+    return fp.pipe(parseAndValidateArrayInboundsIndex(key, node.elements), fp.result.map(index => removeAt(document, node.elements, index)));
+  } else if (ts__default["default"].isObjectLiteralExpression(node)) {
+    return fp.pipe(findObjectPropertyAssignment(node, key), fp.result.flatMap(assignment => {
+      if (!assignment) {
+        return fp.result.err(new patch.PatchError("Cannot replace object element which does not exist"));
+      }
+      return fp.result.ok(assignment);
+    }), fp.result.map(assignment => [removeAt(document, node.properties, node.properties.indexOf(assignment))[0], assignment.initializer]));
+  } else if (isValFileMethodCall(node)) {
+    if (key === core.FILE_REF_PROP) {
+      return fp.result.err(new patch.PatchError("Cannot remove a ref from val.file"));
+    } else {
+      return fp.pipe(findValFileMetadataArg(node), fp.result.flatMap(metadataArgNode => {
+        if (!metadataArgNode) {
+          return fp.result.err(new patch.PatchError("Cannot remove from val.file metadata when it does not exist"));
+        }
+        return removeFromNode(document, metadataArgNode, key);
+      }));
+    }
+  } else {
+    return fp.result.err(shallowValidateExpression(node) ?? new patch.PatchError("Cannot remove from non-object/array"));
+  }
+}
+function removeAtPath(document, rootNode, path) {
+  return fp.pipe(getPointerFromPath(rootNode, path), fp.result.flatMap(([node, key]) => removeFromNode(document, node, key)));
+}
+function isValFileValue(value) {
+  return !!(typeof value === "object" && value && core.FILE_REF_PROP in value && typeof value[core.FILE_REF_PROP] === "string");
+}
+function addToNode(document, node, key, value) {
+  if (ts__default["default"].isArrayLiteralExpression(node)) {
+    return fp.pipe(parseAndValidateArrayInsertIndex(key, node.elements), fp.result.map(index => [insertAt(document, node.elements, index, toExpression(value))]));
+  } else if (ts__default["default"].isObjectLiteralExpression(node)) {
+    if (key === core.FILE_REF_PROP) {
+      return fp.result.err(new patch.PatchError("Cannot add a key ref to object"));
+    }
+    return fp.pipe(findObjectPropertyAssignment(node, key), fp.result.map(assignment => {
+      if (!assignment) {
+        return [insertAt(document, node.properties, node.properties.length, createPropertyAssignment(key, value))];
+      } else {
+        return replaceNodeValue(document, assignment.initializer, value);
+      }
+    }));
+  } else if (isValFileMethodCall(node)) {
+    if (key === core.FILE_REF_PROP) {
+      if (typeof value !== "string") {
+        return fp.result.err(new patch.PatchError(`Cannot add ${core.FILE_REF_PROP} key to val.file with non-string value`));
+      }
+      return fp.pipe(findValFileNodeArg(node), fp.result.map(arg => replaceNodeValue(document, arg, value)));
+    } else {
+      return fp.pipe(findValFileMetadataArg(node), fp.result.flatMap(metadataArgNode => {
+        if (metadataArgNode) {
+          return fp.result.err(new patch.PatchError("Cannot add metadata to val.file when it already exists"));
+        }
+        if (key !== "metadata") {
+          return fp.result.err(new patch.PatchError(`Cannot add ${key} key to val.file: only metadata is allowed`));
+        }
+        return fp.result.ok([insertAt(document, node.arguments, node.arguments.length, toExpression(value))]);
+      }));
+    }
+  } else {
+    return fp.result.err(shallowValidateExpression(node) ?? new patch.PatchError("Cannot add to non-object/array"));
+  }
+}
+function addAtPath(document, rootNode, path, value) {
+  if (patch.isNotRoot(path)) {
+    return fp.pipe(getPointerFromPath(rootNode, path), fp.result.flatMap(([node, key]) => addToNode(document, node, key, value)));
+  } else {
+    return fp.result.ok(replaceNodeValue(document, rootNode, value));
+  }
+}
+function pickDocument([document]) {
+  return document;
+}
+class TSOps {
+  constructor(findRoot) {
+    this.findRoot = findRoot;
+  }
+  get(document, path) {
+    return fp.pipe(document, this.findRoot, fp.result.flatMap(rootNode => getAtPath(rootNode, path)), fp.result.flatMap(evaluateExpression));
+  }
+  add(document, path, value) {
+    return fp.pipe(document, this.findRoot, fp.result.flatMap(rootNode => addAtPath(document, rootNode, path, value)), fp.result.map(pickDocument));
+  }
+  remove(document, path) {
+    return fp.pipe(document, this.findRoot, fp.result.flatMap(rootNode => removeAtPath(document, rootNode, path)), fp.result.map(pickDocument));
+  }
+  replace(document, path, value) {
+    return fp.pipe(document, this.findRoot, fp.result.flatMap(rootNode => replaceAtPath(document, rootNode, path, value)), fp.result.map(pickDocument));
+  }
+  move(document, from, path) {
+    return fp.pipe(document, this.findRoot, fp.result.flatMap(rootNode => removeAtPath(document, rootNode, from)), fp.result.flatMap(([document, removedNode]) => fp.pipe(evaluateExpression(removedNode), fp.result.map(removedValue => [document, removedValue]))), fp.result.flatMap(([document, removedValue]) => fp.pipe(document, this.findRoot, fp.result.flatMap(root => addAtPath(document, root, path, removedValue)))), fp.result.map(pickDocument));
+  }
+  copy(document, from, path) {
+    return fp.pipe(document, this.findRoot, fp.result.flatMap(rootNode => fp.pipe(getAtPath(rootNode, from), fp.result.flatMap(evaluateExpression), fp.result.flatMap(value => addAtPath(document, rootNode, path, value)))), fp.result.map(pickDocument));
+  }
+  test(document, path, value) {
+    return fp.pipe(document, this.findRoot, fp.result.flatMap(rootNode => getAtPath(rootNode, path)), fp.result.flatMap(evaluateExpression), fp.result.map(documentValue => patch.deepEqual(value, documentValue)));
+  }
+}
+
+const readValFile = async (id, valConfigPath, runtime) => {
+  const context = runtime.newContext();
+  try {
+    const modulePath = `.${id}.val`;
+    const code = `import * as valModule from ${JSON.stringify(modulePath)};
+import { Internal } from "@valbuild/core";
+globalThis.valModule = { 
+  id: valModule?.default && Internal.getValPath(valModule?.default),
+  schema: valModule?.default && Internal.getSchema(valModule?.default)?.serialize(),
+  source: valModule?.default && Internal.getRawSource(valModule?.default),
+};
+`;
+    const result = context.evalCode(code,
+    // Synthetic module name
+    path__default["default"].join(path__default["default"].dirname(valConfigPath), "<val>"));
+    if (result.error) {
+      const error = result.error.consume(context.dump);
+      console.error("Got error", error); // TODO: use this to figure out how to strip out QuickJS specific errors and get the actual stack
+
+      throw new Error(`Could not read val id: ${id}. Cause:\n${error.name}: ${error.message}${error.stack ? error.stack : ""}`);
+    } else {
+      result.value.dispose();
+      const valModule = context.getProp(context.global, "valModule").consume(context.dump);
+      const errors = [];
+      if (!valModule) {
+        errors.push(`Could not find any modules at: ${id}`);
+      } else {
+        if (valModule.id !== id) {
+          errors.push(`Expected val id: '${id}' but got: '${valModule.id}'`);
+        }
+        if (!(valModule !== null && valModule !== void 0 && valModule.schema)) {
+          errors.push(`Expected val id: '${id}' to have a schema`);
+        }
+        if (!(valModule !== null && valModule !== void 0 && valModule.source)) {
+          errors.push(`Expected val id: '${id}' to have a source`);
+        }
+      }
+      if (errors.length > 0) {
+        throw Error(`While processing module of id: ${id}, we got the following errors:\n${errors.join("\n")}`);
+      }
+      return {
+        path: valModule.id,
+        // This might not be the asked id/path, however, that should be handled further up in the call chain
+        source: valModule.source,
+        schema: valModule.schema
+      };
+    }
+  } finally {
+    context.dispose();
+  }
+};
+
+const ops = new TSOps(document => {
+  return fp.pipe(analyzeValModule(document), fp.result.map(({
+    source
+  }) => source));
+});
+
+// TODO: rename to patchValFiles since we may write multiple files
+const patchValFile = async (id, valConfigPath, patch$1, sourceFileHandler, runtime) => {
+  const filePath = sourceFileHandler.resolveSourceModulePath(valConfigPath, `.${id}.val`);
+  const sourceFile = sourceFileHandler.getSourceFile(filePath);
+  if (!sourceFile) {
+    throw Error(`Source file ${filePath} not found`);
+  }
+  const derefRes = core.derefPatch(patch$1, sourceFile, ops);
+  if (fp.result.isErr(derefRes)) {
+    throw derefRes.error;
+  }
+  const dereferencedPatch = derefRes.value.dereferencedPatch; // TODO: add ref changes to remote replace/add, ...
+  const newSourceFile = patchSourceFile(sourceFile, dereferencedPatch);
+  if (fp.result.isErr(newSourceFile)) {
+    if (newSourceFile.error instanceof patch.PatchError) {
+      throw newSourceFile.error;
+    } else {
+      throw new Error(`${filePath}\n${flatMapErrors(newSourceFile.error, error => formatSyntaxError(error, sourceFile)).join("\n")}`);
+    }
+  }
+  for (const [filePath, content] of Object.entries(derefRes.value.fileUpdates)) {
+    // Evaluate if we want to make these writes (more) atomic with a temp file and a move.
+    // This can potentially fill mid-way if there is not enough space on disk for example...
+    // However, that might be add add bit more complexity in our host and virtual file systems?
+    // Example:
+    // const tempFilePath = sourceFileHandler.writeTempFile(
+    //   Buffer.from(content, "base64").toString("binary")
+    // );
+    // sourceFileHandler.moveFile(tempFilePath, "." + filePath);
+    sourceFileHandler.writeFile("." + filePath, convertDataUrlToBase64(content).toString("binary"), "binary");
+  }
+  for (const [ref, patch] of Object.entries(derefRes.value.remotePatches)) {
+    throw Error(`Cannot update remote ${ref} with ${JSON.stringify(patch)}: not implemented`);
+  }
+  sourceFileHandler.writeSourceFile(newSourceFile.value);
+  return readValFile(id, valConfigPath, runtime);
+};
+function convertDataUrlToBase64(dataUrl) {
+  const base64 = dataUrl.slice(dataUrl.indexOf(",") + 1);
+  return Buffer.from(base64, "base64");
+}
+const patchSourceFile = (sourceFile, patch$1) => {
+  return patch.applyPatch(sourceFile, ops, patch$1);
+};
+
+const getCompilerOptions = (rootDir, parseConfigHost) => {
+  const tsConfigPath = path__default["default"].resolve(rootDir, "tsconfig.json");
+  const jsConfigPath = path__default["default"].resolve(rootDir, "jsconfig.json");
+  let configFilePath;
+  if (parseConfigHost.fileExists(jsConfigPath)) {
+    configFilePath = jsConfigPath;
+  } else if (parseConfigHost.fileExists(tsConfigPath)) {
+    configFilePath = tsConfigPath;
+  } else {
+    throw Error(`Could not read config from: "${tsConfigPath}" nor "${jsConfigPath}". Root dir: "${rootDir}"`);
+  }
+  const {
+    config,
+    error
+  } = ts__default["default"].readConfigFile(configFilePath, parseConfigHost.readFile.bind(parseConfigHost));
+  if (error) {
+    if (typeof error.messageText === "string") {
+      throw Error(`Could not parse config file: ${configFilePath}. Error: ${error.messageText}`);
+    }
+    throw Error(`Could not parse config file: ${configFilePath}. Error: ${error.messageText.messageText}`);
+  }
+  const optionsOverrides = undefined;
+  const parsedConfigFile = ts__default["default"].parseJsonConfigFileContent(config, parseConfigHost, rootDir, optionsOverrides, configFilePath);
+  if (parsedConfigFile.errors.length > 0) {
+    throw Error(`Could not parse config file: ${configFilePath}. Errors: ${parsedConfigFile.errors.map(e => e.messageText).join("\n")}`);
+  }
+  return parsedConfigFile.options;
+};
+
+class ValSourceFileHandler {
+  constructor(projectRoot, compilerOptions, host = {
+    ...ts__default["default"].sys,
+    writeFile: fs__default["default"].writeFileSync
+  }) {
+    this.projectRoot = projectRoot;
+    this.compilerOptions = compilerOptions;
+    this.host = host;
+  }
+  getSourceFile(filePath) {
+    const fileContent = this.host.readFile(filePath);
+    const scriptTarget = this.compilerOptions.target ?? ts__default["default"].ScriptTarget.ES2020;
+    if (fileContent) {
+      return ts__default["default"].createSourceFile(filePath, fileContent, scriptTarget);
+    }
+  }
+  writeSourceFile(sourceFile) {
+    return this.writeFile(sourceFile.fileName, sourceFile.text, "utf8");
+  }
+  writeFile(filePath, content, encoding) {
+    this.host.writeFile(filePath, content, encoding);
+  }
+  resolveSourceModulePath(containingFilePath, requestedModuleName) {
+    const resolutionRes = ts__default["default"].resolveModuleName(requestedModuleName, path__default["default"].isAbsolute(containingFilePath) ? containingFilePath : path__default["default"].resolve(this.projectRoot, containingFilePath), this.compilerOptions, this.host, undefined, undefined, ts__default["default"].ModuleKind.ESNext);
+    const resolvedModule = resolutionRes.resolvedModule;
+    if (!resolvedModule) {
+      throw Error(`Could not resolve module "${requestedModuleName}", base: "${containingFilePath}": No resolved modules returned: ${JSON.stringify(resolutionRes)}`);
+    }
+    return resolvedModule.resolvedFileName;
+  }
+}
+
+const JsFileLookupMapping = [
+// NOTE: first one matching will be used
+[".cjs.d.ts", [".esm.js", ".mjs.js"]], [".cjs.js", [".esm.js", ".mjs.js"]], [".cjs", [".mjs"]], [".d.ts", [".js"]]];
+class ValModuleLoader {
+  constructor(projectRoot, compilerOptions, sourceFileHandler, host = {
+    ...ts__default["default"].sys,
+    writeFile: fs__default["default"].writeFileSync
+  }) {
+    this.projectRoot = projectRoot;
+    this.compilerOptions = compilerOptions;
+    this.sourceFileHandler = sourceFileHandler;
+    this.host = host;
+  }
+  getModule(modulePath) {
+    if (!modulePath) {
+      throw Error(`Illegal module path: "${modulePath}"`);
+    }
+    const code = this.host.readFile(modulePath);
+    if (!code) {
+      throw Error(`Could not read file "${modulePath}"`);
+    }
+    return ts__default["default"].transpile(code, {
+      ...this.compilerOptions,
+      // allowJs: true,
+      // rootDir: this.compilerOptions.rootDir,
+      module: ts__default["default"].ModuleKind.ESNext,
+      target: ts__default["default"].ScriptTarget.ES2020 // QuickJS supports a lot of ES2020: https://test262.report/, however not all cases are in that report (e.g. export const {} = {})
+      // moduleResolution: ts.ModuleResolutionKind.NodeNext,
+      // target: ts.ScriptTarget.ES2020, // QuickJs runs in ES2020 so we must use that
+    });
+  }
+
+  resolveModulePath(containingFilePath, requestedModuleName) {
+    var _this$host$realpath, _this$host;
+    const sourceFileName = this.sourceFileHandler.resolveSourceModulePath(containingFilePath, requestedModuleName);
+    const matches = this.findMatchingJsFile(sourceFileName);
+    if (matches.match === false) {
+      throw Error(`Could not find matching js file for module "${requestedModuleName}". Tried:\n${matches.tried.join("\n")}`);
+    }
+    const filePath = matches.match;
+    // resolve all symlinks (preconstruct for example symlinks the dist folder)
+    const followedPath = ((_this$host$realpath = (_this$host = this.host).realpath) === null || _this$host$realpath === void 0 ? void 0 : _this$host$realpath.call(_this$host, filePath)) ?? filePath;
+    if (!followedPath) {
+      throw Error(`File path was empty: "${filePath}", containing file: "${containingFilePath}", requested module: "${requestedModuleName}"`);
+    }
+    return followedPath;
+  }
+  findMatchingJsFile(filePath) {
+    let requiresReplacements = false;
+    for (const [currentEnding] of JsFileLookupMapping) {
+      if (filePath.endsWith(currentEnding)) {
+        requiresReplacements = true;
+        break;
+      }
+    }
+    // avoid unnecessary calls to fileExists if we don't need to replace anything
+    if (!requiresReplacements) {
+      if (this.host.fileExists(filePath)) {
+        return {
+          match: filePath
+        };
+      }
+    }
+    const tried = [];
+    for (const [currentEnding, replacements] of JsFileLookupMapping) {
+      if (filePath.endsWith(currentEnding)) {
+        for (const replacement of replacements) {
+          const newFilePath = filePath.slice(0, -currentEnding.length) + replacement;
+          if (this.host.fileExists(newFilePath)) {
+            return {
+              match: newFilePath
+            };
+          } else {
+            tried.push(newFilePath);
+          }
+        }
+      }
+    }
+    return {
+      match: false,
+      tried: tried.concat(filePath)
+    };
+  }
+}
+
+async function newValQuickJSRuntime(quickJSModule, moduleLoader, {
+  maxStackSize = 1024 * 640,
+  // TODO: these were randomly chosen, we should figure out what the right values are:
+  memoryLimit = 1024 * 640
+} = {}) {
+  const runtime = quickJSModule.newRuntime();
+  runtime.setMaxStackSize(maxStackSize);
+  runtime.setMemoryLimit(memoryLimit);
+  runtime.setModuleLoader(modulePath => {
+    try {
+      return {
+        value: moduleLoader.getModule(modulePath)
+      };
+    } catch (e) {
+      return {
+        error: Error(`Could not resolve module: ${modulePath}'`)
+      };
+    }
+  }, (baseModuleName, requestedName) => {
+    try {
+      const modulePath = moduleLoader.resolveModulePath(baseModuleName, requestedName);
+      return {
+        value: modulePath
+      };
+    } catch (e) {
+      console.debug(`Could not resolve ${requestedName} in ${baseModuleName}`, e);
+      return {
+        value: requestedName
+      };
+    }
+  });
+  return runtime;
+}
+
+async function createService(projectRoot, opts, host = {
+  ...ts__default["default"].sys,
+  writeFile: fs__default["default"].writeFileSync
+}) {
+  const compilerOptions = getCompilerOptions(projectRoot, host);
+  const sourceFileHandler = new ValSourceFileHandler(projectRoot, compilerOptions, host);
+  const loader = new ValModuleLoader(projectRoot, compilerOptions, sourceFileHandler, host);
+  const module = await quickjsEmscripten.newQuickJSWASMModule();
+  const runtime = await newValQuickJSRuntime(module, loader);
+  return new Service(opts, sourceFileHandler, runtime);
+}
+class Service {
+  constructor({
+    valConfigPath
+  }, sourceFileHandler, runtime) {
+    this.sourceFileHandler = sourceFileHandler;
+    this.runtime = runtime;
+    this.valConfigPath = valConfigPath;
+  }
+  async get(moduleId, modulePath) {
+    const valModule = await readValFile(moduleId, this.valConfigPath, this.runtime);
+    const resolved = core.Internal.resolvePath(modulePath, valModule.source, valModule.schema);
+    return {
+      path: [moduleId, resolved.path].join("."),
+      schema: resolved.schema instanceof core.Schema ? resolved.schema.serialize() : resolved.schema,
+      source: resolved.source
+    };
+  }
+  async patch(moduleId, patch) {
+    return patchValFile(moduleId, this.valConfigPath, patch, this.sourceFileHandler, this.runtime);
+  }
+  dispose() {
+    this.runtime.dispose();
+  }
+}
+
+function createRequestHandler(valServer) {
+  const router = express.Router();
+  router.use("/static", server.createRequestHandler());
+  router.get("/session", valServer.session.bind(valServer));
+  router.get("/authorize", valServer.authorize.bind(valServer));
+  router.get("/callback", valServer.callback.bind(valServer));
+  router.get("/logout", valServer.logout.bind(valServer));
+  router.get("/ids/*", valServer.getIds.bind(valServer));
+  router.patch("/ids/*", express__default["default"].json({
+    type: "application/json-patch+json",
+    limit: "10mb"
+  }), valServer.patchIds.bind(valServer));
+  router.post("/commit", valServer.commit.bind(valServer));
+  return router;
+}
+
+const JSONValueT = z__default["default"].lazy(() => z__default["default"].union([z__default["default"].string(), z__default["default"].number(), z__default["default"].boolean(), z__default["default"].null(), z__default["default"].array(JSONValueT), z__default["default"].record(JSONValueT)]));
+
+/**
+ * Raw JSON patch operation.
+ */
+const OperationJSONT = z__default["default"].discriminatedUnion("op", [z__default["default"].object({
+  op: z__default["default"].literal("add"),
+  path: z__default["default"].string(),
+  value: JSONValueT
+}).strict(), z__default["default"].object({
+  op: z__default["default"].literal("remove"),
+  /**
+   * Must be non-root
+   */
+  path: z__default["default"].string()
+}).strict(), z__default["default"].object({
+  op: z__default["default"].literal("replace"),
+  path: z__default["default"].string(),
+  value: JSONValueT
+}).strict(), z__default["default"].object({
+  op: z__default["default"].literal("move"),
+  /**
+   * Must be non-root and not a proper prefix of "path".
+   */
+  from: z__default["default"].string(),
+  path: z__default["default"].string()
+}).strict(), z__default["default"].object({
+  op: z__default["default"].literal("copy"),
+  from: z__default["default"].string(),
+  path: z__default["default"].string()
+}).strict(), z__default["default"].object({
+  op: z__default["default"].literal("test"),
+  path: z__default["default"].string(),
+  value: JSONValueT
+}).strict()]);
+const PatchJSON = z__default["default"].array(OperationJSONT);
+
+function getPathFromParams(params) {
+  return `/${params[0]}`;
+}
+
+class LocalValServer {
+  constructor(options) {
+    this.options = options;
+  }
+  async session(_req, res) {
+    res.json({
+      mode: "local"
+    });
+  }
+  async getIds(req, res) {
+    try {
+      console.log(req.params);
+      const path = getPathFromParams(req.params);
+      const [moduleId, modulePath] = core.Internal.splitModuleIdAndModulePath(path);
+      const valModule = await this.options.service.get(moduleId, modulePath);
+      res.json(valModule);
+    } catch (err) {
+      console.error(err);
+      res.sendStatus(500);
+    }
+  }
+  async patchIds(req, res) {
+    // First validate that the body has the right structure
+    const patchJSON = PatchJSON.safeParse(req.body);
+    if (!patchJSON.success) {
+      res.status(401).json(patchJSON.error.issues);
+      return;
+    }
+    // Then parse/validate
+    const patch$1 = patch.parsePatch(patchJSON.data);
+    if (fp.result.isErr(patch$1)) {
+      res.status(401).json(patch$1.error);
+      return;
+    }
+    const id = getPathFromParams(req.params);
+    try {
+      const valModule = await this.options.service.patch(id, patch$1.value);
+      res.json(valModule);
+    } catch (err) {
+      if (err instanceof patch.PatchError) {
+        res.status(401).send(err.message);
+      } else {
+        console.error(err);
+        res.status(500).send(err instanceof Error ? err.message : "Unknown error");
+      }
+    }
+  }
+  async badRequest(req, res) {
+    console.debug("Local server does handle this request", req.url);
+    res.sendStatus(400);
+  }
+  commit(req, res) {
+    return this.badRequest(req, res);
+  }
+  authorize(req, res) {
+    return this.badRequest(req, res);
+  }
+  callback(req, res) {
+    return this.badRequest(req, res);
+  }
+  logout(req, res) {
+    return this.badRequest(req, res);
+  }
+}
+
+function decodeJwt(token, secretKey) {
+  const [headerBase64, payloadBase64, signatureBase64, ...rest] = token.split(".");
+  if (!headerBase64 || !payloadBase64 || !signatureBase64 || rest.length > 0) {
+    console.debug("Invalid JWT: format is not exactly {header}.{payload}.{signature}", token);
+    return null;
+  }
+  try {
+    const parsedHeader = JSON.parse(Buffer.from(headerBase64, "base64").toString("utf8"));
+    const headerVerification = JwtHeaderSchema.safeParse(parsedHeader);
+    if (!headerVerification.success) {
+      console.debug("Invalid JWT: invalid header", parsedHeader);
+      return null;
+    }
+    if (headerVerification.data.typ !== jwtHeader.typ) {
+      console.debug("Invalid JWT: invalid header typ", parsedHeader);
+      return null;
+    }
+    if (headerVerification.data.alg !== jwtHeader.alg) {
+      console.debug("Invalid JWT: invalid header alg", parsedHeader);
+      return null;
+    }
+  } catch (err) {
+    console.debug("Invalid JWT: could not parse header", err);
+    return null;
+  }
+  if (secretKey) {
+    const signature = crypto__default["default"].createHmac("sha256", secretKey).update(`${headerBase64}.${payloadBase64}`).digest("base64");
+    if (signature !== signatureBase64) {
+      console.debug("Invalid JWT: invalid signature");
+      return null;
+    }
+  }
+  try {
+    const parsedPayload = JSON.parse(Buffer.from(payloadBase64, "base64").toString("utf8"));
+    return parsedPayload;
+  } catch (err) {
+    console.debug("Invalid JWT: could not parse payload", err);
+    return null;
+  }
+}
+function getExpire() {
+  return Math.floor(Date.now() / 1000) + 60 * 60 * 24 * 4; // 4 days
+}
+
+const JwtHeaderSchema = z.z.object({
+  alg: z.z.literal("HS256"),
+  typ: z.z.literal("JWT")
+});
+const jwtHeader = {
+  alg: "HS256",
+  typ: "JWT"
+};
+const jwtHeaderBase64 = Buffer.from(JSON.stringify(jwtHeader)).toString("base64");
+function encodeJwt(payload, sessionKey) {
+  // NOTE: this is only used for authentication, not for authorization (i.e. what a user can do) - this is handled when actually doing operations
+  const payloadBase64 = Buffer.from(JSON.stringify(payload)).toString("base64");
+  return `${jwtHeaderBase64}.${payloadBase64}.${crypto__default["default"].createHmac("sha256", sessionKey).update(`${jwtHeaderBase64}.${payloadBase64}`).digest("base64")}`;
+}
+
+const VAL_SESSION_COOKIE = "val_session";
+const VAL_STATE_COOKIE = "val_state";
+class ProxyValServer {
+  constructor(options) {
+    this.options = options;
+  }
+  async authorize(req, res) {
+    const {
+      redirect_to
+    } = req.query;
+    if (typeof redirect_to !== "string") {
+      res.redirect(this.getAppErrorUrl("Login failed: missing redirect_to param"));
+      return;
+    }
+    const token = crypto__default["default"].randomUUID();
+    const redirectUrl = new URL(redirect_to);
+    const appAuthorizeUrl = this.getAuthorizeUrl(`${redirectUrl.origin}/${this.options.route}`, token);
+    res.cookie(VAL_STATE_COOKIE, createStateCookie({
+      redirect_to,
+      token
+    }), {
+      httpOnly: true,
+      sameSite: "lax",
+      expires: new Date(Date.now() + 1000 * 60 * 60) // 1 hour
+    }).redirect(appAuthorizeUrl);
+  }
+  async callback(req, res) {
+    const {
+      success: callbackReqSuccess,
+      error: callbackReqError
+    } = verifyCallbackReq(req.cookies[VAL_STATE_COOKIE], req.query);
+    res.clearCookie(VAL_STATE_COOKIE); // we don't need this anymore
+
+    if (callbackReqError !== null) {
+      res.redirect(this.getAppErrorUrl(`Authorization callback failed. Details: ${callbackReqError}`));
+      return;
+    }
+    const data = await this.consumeCode(callbackReqSuccess.code);
+    if (data === null) {
+      res.redirect(this.getAppErrorUrl("Failed to exchange code for user"));
+      return;
+    }
+    const exp = getExpire();
+    const cookie = encodeJwt({
+      ...data,
+      exp // this is the client side exp
+    }, this.options.valSecret);
+    res.cookie(VAL_SESSION_COOKIE, cookie, {
+      httpOnly: true,
+      sameSite: "strict",
+      secure: true,
+      expires: new Date(exp * 1000) // NOTE: this is not used for authorization, only for authentication
+    }).redirect(callbackReqSuccess.redirect_uri || "/");
+  }
+  async logout(_req, res) {
+    res.clearCookie(VAL_SESSION_COOKIE).clearCookie(VAL_STATE_COOKIE).sendStatus(200);
+  }
+  async withAuth(req, res, handler) {
+    const cookie = req.cookies[VAL_SESSION_COOKIE];
+    if (typeof cookie === "string") {
+      const verification = IntegratedServerJwtPayload.safeParse(decodeJwt(cookie, this.options.valSecret));
+      if (!verification.success) {
+        res.sendStatus(401);
+        return;
+      }
+      return handler(verification.data);
+    } else {
+      res.sendStatus(401);
+    }
+  }
+  async session(req, res) {
+    return this.withAuth(req, res, async data => {
+      const url = new URL("/api/val/auth/user/session", this.options.valBuildUrl);
+      const fetchRes = await fetch(url, {
+        headers: this.getAuthHeaders(data.token, "application/json")
+      });
+      if (fetchRes.ok) {
+        res.status(fetchRes.status).json({
+          mode: "proxy",
+          ...(await fetchRes.json())
+        });
+      } else {
+        res.sendStatus(fetchRes.status);
+      }
+    });
+  }
+  async getIds(req, res) {
+    return this.withAuth(req, res, async ({
+      token
+    }) => {
+      const id = getPathFromParams(req.params);
+      const url = new URL(`/api/val/modules/${encodeURIComponent(this.options.gitCommit)}${id}`, this.options.valBuildUrl);
+      const fetchRes = await fetch(url, {
+        headers: this.getAuthHeaders(token)
+      });
+      if (fetchRes.ok) {
+        res.status(fetchRes.status).json(await fetchRes.json());
+      } else {
+        res.sendStatus(fetchRes.status);
+      }
+    }).catch(e => {
+      res.status(500).send({
+        error: {
+          message: e === null || e === void 0 ? void 0 : e.message,
+          status: 500
+        }
+      });
+    });
+  }
+  async patchIds(req, res) {
+    this.withAuth(req, res, async ({
+      token
+    }) => {
+      // First validate that the body has the right structure
+      const patchJSON = PatchJSON.safeParse(req.body);
+      if (!patchJSON.success) {
+        res.status(401).json(patchJSON.error.issues);
+        return;
+      }
+      // Then parse/validate
+      const patch$1 = patch.parsePatch(patchJSON.data);
+      if (fp.result.isErr(patch$1)) {
+        res.status(401).json(patch$1.error);
+        return;
+      }
+      const id = getPathFromParams(req.params);
+      const url = new URL(`/api/val/modules/${encodeURIComponent(this.options.gitCommit)}${id}`, this.options.valBuildUrl);
+      // Proxy patch to val.build
+      const fetchRes = await fetch(url, {
+        method: "PATCH",
+        headers: this.getAuthHeaders(token, "application/json-patch+json"),
+        body: JSON.stringify(patch$1)
+      });
+      if (fetchRes.ok) {
+        res.status(fetchRes.status).json(await fetchRes.json());
+      } else {
+        res.sendStatus(fetchRes.status);
+      }
+    }).catch(e => {
+      res.status(500).send({
+        error: {
+          message: e === null || e === void 0 ? void 0 : e.message,
+          status: 500
+        }
+      });
+    });
+  }
+  async commit(req, res) {
+    this.withAuth(req, res, async ({
+      token
+    }) => {
+      const url = new URL(`/api/val/commit/${encodeURIComponent(this.options.gitBranch)}`, this.options.valBuildUrl);
+      const fetchRes = await fetch(url, {
+        method: "POST",
+        headers: this.getAuthHeaders(token)
+      });
+      if (fetchRes.ok) {
+        res.status(fetchRes.status).json(await fetchRes.json());
+      } else {
+        res.sendStatus(fetchRes.status);
+      }
+    });
+  }
+  getAuthHeaders(token, type) {
+    if (!type) {
+      return {
+        Authorization: `Bearer ${token}`
+      };
+    }
+    return {
+      "Content-Type": type,
+      Authorization: `Bearer ${token}`
+    };
+  }
+  async consumeCode(code) {
+    const url = new URL("/api/val/auth/user/token", this.options.valBuildUrl);
+    url.searchParams.set("code", encodeURIComponent(code));
+    return fetch(url, {
+      method: "POST",
+      headers: this.getAuthHeaders(this.options.apiKey, "application/json") // NOTE: we use apiKey as auth on this endpoint (we do not have a token yet)
+    }).then(async res => {
+      if (res.status === 200) {
+        const token = await res.text();
+        const verification = ValAppJwtPayload.safeParse(decodeJwt(token));
+        if (!verification.success) {
+          return null;
+        }
+        return {
+          ...verification.data,
+          token
+        };
+      } else {
+        console.debug("Failed to get data from code: ", res.status);
+        return null;
+      }
+    }).catch(err => {
+      console.debug("Failed to get user from code: ", err);
+      return null;
+    });
+  }
+  getAuthorizeUrl(publicValApiRoute, token) {
+    const url = new URL("/authorize", this.options.valBuildUrl);
+    url.searchParams.set("redirect_uri", encodeURIComponent(`${publicValApiRoute}/callback`));
+    url.searchParams.set("state", token);
+    return url.toString();
+  }
+  getAppErrorUrl(error) {
+    const url = new URL("/authorize", this.options.valBuildUrl);
+    url.searchParams.set("error", encodeURIComponent(error));
+    return url.toString();
+  }
+}
+function verifyCallbackReq(stateCookie, queryParams) {
+  if (typeof stateCookie !== "string") {
+    return {
+      success: false,
+      error: "No state cookie"
+    };
+  }
+  const {
+    code,
+    state: tokenFromQuery
+  } = queryParams;
+  if (typeof code !== "string") {
+    return {
+      success: false,
+      error: "No code query param"
+    };
+  }
+  if (typeof tokenFromQuery !== "string") {
+    return {
+      success: false,
+      error: "No state query param"
+    };
+  }
+  const {
+    success: cookieStateSuccess,
+    error: cookieStateError
+  } = getStateFromCookie(stateCookie);
+  if (cookieStateError !== null) {
+    return {
+      success: false,
+      error: cookieStateError
+    };
+  }
+  if (cookieStateSuccess.token !== tokenFromQuery) {
+    return {
+      success: false,
+      error: "Invalid state token"
+    };
+  }
+  return {
+    success: {
+      code,
+      redirect_uri: cookieStateSuccess.redirect_to
+    },
+    error: null
+  };
+}
+function getStateFromCookie(stateCookie) {
+  try {
+    const decoded = Buffer.from(stateCookie, "base64").toString("utf8");
+    const parsed = JSON.parse(decoded);
+    if (!parsed) {
+      return {
+        success: false,
+        error: "Invalid state cookie: could not parse"
+      };
+    }
+    if (typeof parsed !== "object") {
+      return {
+        success: false,
+        error: "Invalid state cookie: parsed object is not an object"
+      };
+    }
+    if ("token" in parsed && "redirect_to" in parsed) {
+      const {
+        token,
+        redirect_to
+      } = parsed;
+      if (typeof token !== "string") {
+        return {
+          success: false,
+          error: "Invalid state cookie: no token in parsed object"
+        };
+      }
+      if (typeof redirect_to !== "string") {
+        return {
+          success: false,
+          error: "Invalid state cookie: no redirect_to in parsed object"
+        };
+      }
+      return {
+        success: {
+          token,
+          redirect_to
+        },
+        error: null
+      };
+    } else {
+      return {
+        success: false,
+        error: "Invalid state cookie: no token or redirect_to in parsed object"
+      };
+    }
+  } catch (err) {
+    return {
+      success: false,
+      error: "Invalid state cookie: could not parse"
+    };
+  }
+}
+function createStateCookie(state) {
+  return Buffer.from(JSON.stringify(state), "utf8").toString("base64");
+}
+const ValAppJwtPayload = z.z.object({
+  sub: z.z.string(),
+  exp: z.z.number(),
+  project: z.z.string(),
+  org: z.z.string()
+});
+const IntegratedServerJwtPayload = z.z.object({
+  sub: z.z.string(),
+  exp: z.z.number(),
+  token: z.z.string(),
+  org: z.z.string(),
+  project: z.z.string()
+});
+
+async function _createRequestListener(route, opts) {
+  const serverOpts = await initHandlerOptions(route, opts);
+  let valServer;
+  if (serverOpts.mode === "proxy") {
+    valServer = new ProxyValServer(serverOpts);
+  } else {
+    valServer = new LocalValServer(serverOpts);
+  }
+  const reqHandler = createRequestHandler(valServer);
+  return express__default["default"]().use(route, reqHandler);
+}
+async function initHandlerOptions(route, opts) {
+  const maybeApiKey = opts.apiKey || process.env.VAL_API_KEY;
+  const maybeValSecret = opts.valSecret || process.env.VAL_SECRET;
+  const isProxyMode = opts.mode === "proxy" || opts.mode === undefined && (maybeApiKey || maybeValSecret);
+  if (isProxyMode) {
+    const valBuildUrl = opts.valBuildUrl || process.env.VAL_BUILD_URL || "https://app.val.build";
+    if (!maybeApiKey || !maybeValSecret) {
+      throw new Error("VAL_API_KEY and VAL_SECRET env vars must both be set in proxy mode");
+    }
+    const maybeGitCommit = opts.gitCommit || process.env.VAL_GIT_COMMIT;
+    if (!maybeGitCommit) {
+      throw new Error("VAL_GIT_COMMIT env var must be set in proxy mode");
+    }
+    const maybeGitBranch = opts.gitBranch || process.env.VAL_GIT_BRANCH;
+    if (!maybeGitBranch) {
+      throw new Error("VAL_GIT_BRANCH env var must be set in proxy mode");
+    }
+    return {
+      mode: "proxy",
+      route,
+      apiKey: maybeApiKey,
+      valSecret: maybeValSecret,
+      valBuildUrl,
+      gitCommit: maybeGitCommit,
+      gitBranch: maybeGitBranch
+    };
+  } else {
+    const service = await createService(process.cwd(), opts);
+    return {
+      mode: "local",
+      service
+    };
+  }
+}
+
+// TODO: rename to createValApiHandlers?
+function createRequestListener(route, opts) {
+  const handler = _createRequestListener(route, opts);
+  return async (req, res) => {
+    try {
+      return (await handler)(req, res);
+    } catch (e) {
+      res.statusCode = 500;
+      res.write(e instanceof Error ? e.message : "Unknown error");
+      res.end();
+      return;
+    }
+  };
+}
+
+/**
+ * An implementation of methods in the various ts.*Host interfaces
+ * that uses ValFS to resolve modules and read/write files.
+ */
+
+class ValFSHost {
+  constructor(valFS, currentDirectory) {
+    this.valFS = valFS;
+    this.currentDirectory = currentDirectory;
+  }
+  useCaseSensitiveFileNames = true;
+  readDirectory(rootDir, extensions, excludes, includes, depth) {
+    return this.valFS.readDirectory(rootDir, extensions, excludes, includes, depth);
+  }
+  writeFile(fileName, text, encoding) {
+    this.valFS.writeFile(fileName, text, encoding);
+  }
+  getCurrentDirectory() {
+    return this.currentDirectory;
+  }
+  getCanonicalFileName(fileName) {
+    if (path__default["default"].isAbsolute(fileName)) {
+      return path__default["default"].normalize(fileName);
+    }
+    return path__default["default"].resolve(this.getCurrentDirectory(), fileName);
+  }
+  fileExists(fileName) {
+    return this.valFS.fileExists(fileName);
+  }
+  readFile(fileName) {
+    return this.valFS.readFile(fileName);
+  }
+  realpath(path) {
+    return this.valFS.realpath(path);
+  }
+}
+
+exports.Service = Service;
+exports.ValFSHost = ValFSHost;
+exports.ValModuleLoader = ValModuleLoader;
+exports.ValSourceFileHandler = ValSourceFileHandler;
+exports.createRequestHandler = createRequestHandler;
+exports.createRequestListener = createRequestListener;
+exports.createService = createService;
+exports.formatSyntaxErrorTree = formatSyntaxErrorTree;
+exports.getCompilerOptions = getCompilerOptions;
+exports.patchSourceFile = patchSourceFile;