@valbuild/server 0.58.0 → 0.59.0

package/dist/valbuild-server.esm.js

@@ -1,17 +1,19 @@
 import { newQuickJSWASMModule } from 'quickjs-emscripten';
-import ts from 'typescript';
+import * as ts from 'typescript';
+import ts__default from 'typescript';
 import { result, pipe } from '@valbuild/core/fp';
-import { FILE_REF_PROP, FILE_REF_SUBTYPE_TAG, RT_IMAGE_TAG, VAL_EXTENSION, derefPatch, Internal, Schema } from '@valbuild/core';
-import { deepEqual, isNotRoot, PatchError, parseAndValidateArrayIndex, applyPatch, parsePatch, sourceToPatchPath } from '@valbuild/core/patch';
+import { FILE_REF_PROP, FILE_REF_SUBTYPE_TAG, RT_IMAGE_TAG, VAL_EXTENSION, derefPatch, Internal, Schema, deserializeSchema } from '@valbuild/core';
+import { deepEqual, isNotRoot, PatchError, parseAndValidateArrayIndex, applyPatch, JSONOps, sourceToPatchPath } from '@valbuild/core/patch';
 import * as path from 'path';
 import path__default from 'path';
 import fs, { promises } from 'fs';
 import { transform } from 'sucrase';
 import z, { z as z$1 } from 'zod';
-import { VAL_ENABLE_COOKIE_NAME, VAL_STATE_COOKIE as VAL_STATE_COOKIE$1, VAL_SESSION_COOKIE as VAL_SESSION_COOKIE$1, MIME_TYPES_TO_EXT, filenameToMimeType } from '@valbuild/shared/internal';
+import { MIME_TYPES_TO_EXT, filenameToMimeType, VAL_ENABLE_COOKIE_NAME, VAL_STATE_COOKIE as VAL_STATE_COOKIE$1, VAL_SESSION_COOKIE as VAL_SESSION_COOKIE$1 } from '@valbuild/shared/internal';
+import sizeOf from 'image-size';
 import crypto from 'crypto';
+import minimatch from 'minimatch';
 import { createUIRequestHandler } from '@valbuild/ui/server';
-import sizeOf from 'image-size';
 
 class ValSyntaxError {
   constructor(message, node) {
@@ -41,12 +43,12 @@ function formatSyntaxErrorTree(tree, sourceFile) {
   return flatMapErrors(tree, error => formatSyntaxError(error, sourceFile));
 }
 function isLiteralPropertyName(name) {
-  return ts.isIdentifier(name) || ts.isStringLiteral(name) || ts.isNumericLiteral(name);
+  return ts__default.isIdentifier(name) || ts__default.isStringLiteral(name) || ts__default.isNumericLiteral(name);
 }
 function validateObjectProperties(nodes) {
   const errors = [];
   for (const node of nodes) {
-    if (!ts.isPropertyAssignment(node)) {
+    if (!ts__default.isPropertyAssignment(node)) {
       errors.push(new ValSyntaxError("Object literal element must be property assignment", node));
     } else if (!isLiteralPropertyName(node.name)) {
       errors.push(new ValSyntaxError("Object literal element key must be an identifier or a literal", node));
@@ -63,7 +65,7 @@ function validateObjectProperties(nodes) {
  * validating its children.
  */
 function shallowValidateExpression(value) {
-  return ts.isStringLiteralLike(value) || ts.isNumericLiteral(value) || value.kind === ts.SyntaxKind.TrueKeyword || value.kind === ts.SyntaxKind.FalseKeyword || value.kind === ts.SyntaxKind.NullKeyword || ts.isArrayLiteralExpression(value) || ts.isObjectLiteralExpression(value) || isValFileMethodCall(value) ? undefined : new ValSyntaxError("Expression must be a literal or call c.file", value);
+  return ts__default.isStringLiteralLike(value) || ts__default.isNumericLiteral(value) || value.kind === ts__default.SyntaxKind.TrueKeyword || value.kind === ts__default.SyntaxKind.FalseKeyword || value.kind === ts__default.SyntaxKind.NullKeyword || ts__default.isArrayLiteralExpression(value) || ts__default.isObjectLiteralExpression(value) || isValFileMethodCall(value) ? undefined : new ValSyntaxError("Expression must be a literal or call c.file", value);
 }
 
 /**
@@ -75,19 +77,19 @@ function evaluateExpression(value) {
   // For a NumericLiteral, the stored value is the toString() representation of the number. For example 1, 1.00, and 1e0 are all stored as just "1".
   // https://github.com/microsoft/TypeScript/blob/4b794fe1dd0d184d3f8f17e94d8187eace57c91e/src/compiler/types.ts#L2127-L2131
 
-  if (ts.isStringLiteralLike(value)) {
+  if (ts__default.isStringLiteralLike(value)) {
     return result.ok(value.text);
-  } else if (ts.isNumericLiteral(value)) {
+  } else if (ts__default.isNumericLiteral(value)) {
     return result.ok(Number(value.text));
-  } else if (value.kind === ts.SyntaxKind.TrueKeyword) {
+  } else if (value.kind === ts__default.SyntaxKind.TrueKeyword) {
     return result.ok(true);
-  } else if (value.kind === ts.SyntaxKind.FalseKeyword) {
+  } else if (value.kind === ts__default.SyntaxKind.FalseKeyword) {
     return result.ok(false);
-  } else if (value.kind === ts.SyntaxKind.NullKeyword) {
+  } else if (value.kind === ts__default.SyntaxKind.NullKeyword) {
     return result.ok(null);
-  } else if (ts.isArrayLiteralExpression(value)) {
+  } else if (ts__default.isArrayLiteralExpression(value)) {
     return result.all(value.elements.map(evaluateExpression));
-  } else if (ts.isObjectLiteralExpression(value)) {
+  } else if (ts__default.isObjectLiteralExpression(value)) {
     return pipe(validateObjectProperties(value.properties), result.flatMap(assignments => pipe(assignments.map(assignment => pipe(evaluateExpression(assignment.initializer), result.map(value => [assignment.name.text, value]))), result.all)), result.map(Object.fromEntries));
   } else if (isValFileMethodCall(value)) {
     return pipe(findValFileNodeArg(value), result.flatMap(ref => {
@@ -120,14 +122,14 @@ function findObjectPropertyAssignment(value, key) {
   }));
 }
 function isValFileMethodCall(node) {
-  return ts.isCallExpression(node) && ts.isPropertyAccessExpression(node.expression) && ts.isIdentifier(node.expression.expression) && node.expression.expression.text === "c" && node.expression.name.text === "file";
+  return ts__default.isCallExpression(node) && ts__default.isPropertyAccessExpression(node.expression) && ts__default.isIdentifier(node.expression.expression) && node.expression.expression.text === "c" && node.expression.name.text === "file";
 }
 function findValFileNodeArg(node) {
   if (node.arguments.length === 0) {
     return result.err(new ValSyntaxError(`Invalid c.file() call: missing ref argument`, node));
   } else if (node.arguments.length > 2) {
     return result.err(new ValSyntaxError(`Invalid c.file() call: too many arguments ${node.arguments.length}}`, node));
-  } else if (!ts.isStringLiteral(node.arguments[0])) {
+  } else if (!ts__default.isStringLiteral(node.arguments[0])) {
     return result.err(new ValSyntaxError(`Invalid c.file() call: ref must be a string literal`, node));
   }
   const refNode = node.arguments[0];
@@ -139,7 +141,7 @@ function findValFileMetadataArg(node) {
   } else if (node.arguments.length > 2) {
     return result.err(new ValSyntaxError(`Invalid c.file() call: too many arguments ${node.arguments.length}}`, node));
   } else if (node.arguments.length === 2) {
-    if (!ts.isObjectLiteralExpression(node.arguments[1])) {
+    if (!ts__default.isObjectLiteralExpression(node.arguments[1])) {
       return result.err(new ValSyntaxError(`Invalid c.file() call: metadata must be a object literal`, node));
     }
     return result.ok(node.arguments[1]);
@@ -154,7 +156,7 @@ function findValFileMetadataArg(node) {
  */
 function validateInitializers(nodes) {
   for (const node of nodes) {
-    if (ts.isSpreadElement(node)) {
+    if (ts__default.isSpreadElement(node)) {
       return new ValSyntaxError("Unexpected spread element", node);
     }
   }
@@ -165,22 +167,22 @@ function isPath(node, path) {
   let currentNode = node;
   for (let i = path.length - 1; i > 0; --i) {
     const name = path[i];
-    if (!ts.isPropertyAccessExpression(currentNode)) {
+    if (!ts__default.isPropertyAccessExpression(currentNode)) {
       return false;
     }
-    if (!ts.isIdentifier(currentNode.name) || currentNode.name.text !== name) {
+    if (!ts__default.isIdentifier(currentNode.name) || currentNode.name.text !== name) {
       return false;
     }
     currentNode = currentNode.expression;
   }
-  return ts.isIdentifier(currentNode) && currentNode.text === path[0];
+  return ts__default.isIdentifier(currentNode) && currentNode.text === path[0];
 }
 function validateArguments(node, validators) {
   return result.allV([node.arguments.length === validators.length ? result.voidOk : result.err(new ValSyntaxError(`Expected ${validators.length} arguments`, node)), ...node.arguments.slice(0, validators.length).map((argument, index) => validators[index](argument))]);
 }
 function analyzeDefaultExport(node) {
   const cDefine = node.expression;
-  if (!ts.isCallExpression(cDefine)) {
+  if (!ts__default.isCallExpression(cDefine)) {
     return result.err(new ValSyntaxError("Expected default expression to be a call expression", cDefine));
   }
   if (!isPath(cDefine.expression, ["c", "define"])) {
@@ -188,7 +190,7 @@ function analyzeDefaultExport(node) {
   }
   return pipe(validateArguments(cDefine, [id => {
     // TODO: validate ID value here?
-    if (!ts.isStringLiteralLike(id)) {
+    if (!ts__default.isStringLiteralLike(id)) {
       return result.err(new ValSyntaxError("Expected first argument to c.define to be a string literal", id));
     }
     return result.voidOk;
@@ -206,7 +208,7 @@ function analyzeDefaultExport(node) {
 }
 function analyzeValModule(sourceFile) {
   const analysis = sourceFile.forEachChild(node => {
-    if (ts.isExportAssignment(node)) {
+    if (ts__default.isExportAssignment(node)) {
       return analyzeDefaultExport(node);
     }
   });
@@ -220,62 +222,62 @@ function isValidIdentifier(text) {
   if (text.length === 0) {
     return false;
   }
-  if (!ts.isIdentifierStart(text.charCodeAt(0), ts.ScriptTarget.ES2020)) {
+  if (!ts__default.isIdentifierStart(text.charCodeAt(0), ts__default.ScriptTarget.ES2020)) {
     return false;
   }
   for (let i = 1; i < text.length; ++i) {
-    if (!ts.isIdentifierPart(text.charCodeAt(i), ts.ScriptTarget.ES2020)) {
+    if (!ts__default.isIdentifierPart(text.charCodeAt(i), ts__default.ScriptTarget.ES2020)) {
       return false;
     }
   }
   return true;
 }
 function createPropertyAssignment(key, value) {
-  return ts.factory.createPropertyAssignment(isValidIdentifier(key) ? ts.factory.createIdentifier(key) : ts.factory.createStringLiteral(key), toExpression(value));
+  return ts__default.factory.createPropertyAssignment(isValidIdentifier(key) ? ts__default.factory.createIdentifier(key) : ts__default.factory.createStringLiteral(key), toExpression(value));
 }
 function createValFileReference(value) {
-  const args = [ts.factory.createStringLiteral(value[FILE_REF_PROP])];
+  const args = [ts__default.factory.createStringLiteral(value[FILE_REF_PROP])];
   if (value.metadata) {
     args.push(toExpression(value.metadata));
   }
-  return ts.factory.createCallExpression(ts.factory.createPropertyAccessExpression(ts.factory.createIdentifier("c"), ts.factory.createIdentifier("file")), undefined, args);
+  return ts__default.factory.createCallExpression(ts__default.factory.createPropertyAccessExpression(ts__default.factory.createIdentifier("c"), ts__default.factory.createIdentifier("file")), undefined, args);
 }
 function createValRichTextImage(value) {
-  const args = [ts.factory.createStringLiteral(value[FILE_REF_PROP])];
+  const args = [ts__default.factory.createStringLiteral(value[FILE_REF_PROP])];
   if (value.metadata) {
     args.push(toExpression(value.metadata));
   }
-  return ts.factory.createCallExpression(ts.factory.createPropertyAccessExpression(ts.factory.createPropertyAccessExpression(ts.factory.createIdentifier("c"), "rt"), ts.factory.createIdentifier("image")), undefined, args);
+  return ts__default.factory.createCallExpression(ts__default.factory.createPropertyAccessExpression(ts__default.factory.createPropertyAccessExpression(ts__default.factory.createIdentifier("c"), "rt"), ts__default.factory.createIdentifier("image")), undefined, args);
 }
 function createValLink(value) {
-  const args = [ts.factory.createStringLiteral(value.children[0]), toExpression({
+  const args = [ts__default.factory.createStringLiteral(value.children[0]), toExpression({
     href: value.href
   })];
-  return ts.factory.createCallExpression(ts.factory.createPropertyAccessExpression(ts.factory.createPropertyAccessExpression(ts.factory.createIdentifier("c"), "rt"), ts.factory.createIdentifier("link")), undefined, args);
+  return ts__default.factory.createCallExpression(ts__default.factory.createPropertyAccessExpression(ts__default.factory.createPropertyAccessExpression(ts__default.factory.createIdentifier("c"), "rt"), ts__default.factory.createIdentifier("link")), undefined, args);
 }
 function createValRichTextTaggedStringTemplate(value) {
   const {
     templateStrings: [head, ...others],
     exprs
   } = value;
-  const tag = ts.factory.createPropertyAccessExpression(ts.factory.createIdentifier("c"), ts.factory.createIdentifier("richtext"));
+  const tag = ts__default.factory.createPropertyAccessExpression(ts__default.factory.createIdentifier("c"), ts__default.factory.createIdentifier("richtext"));
   if (exprs.length > 0) {
-    return ts.factory.createTaggedTemplateExpression(tag, undefined, ts.factory.createTemplateExpression(ts.factory.createTemplateHead(head, head), others.map((s, i) => ts.factory.createTemplateSpan(toExpression(exprs[i]), i < others.length - 1 ? ts.factory.createTemplateMiddle(s, s) : ts.factory.createTemplateTail(s, s)))));
+    return ts__default.factory.createTaggedTemplateExpression(tag, undefined, ts__default.factory.createTemplateExpression(ts__default.factory.createTemplateHead(head, head), others.map((s, i) => ts__default.factory.createTemplateSpan(toExpression(exprs[i]), i < others.length - 1 ? ts__default.factory.createTemplateMiddle(s, s) : ts__default.factory.createTemplateTail(s, s)))));
   }
-  return ts.factory.createTaggedTemplateExpression(tag, undefined, ts.factory.createNoSubstitutionTemplateLiteral(head, head));
+  return ts__default.factory.createTaggedTemplateExpression(tag, undefined, ts__default.factory.createNoSubstitutionTemplateLiteral(head, head));
 }
 function toExpression(value) {
   if (typeof value === "string") {
     // TODO: Use configuration/heuristics to determine use of single quote or double quote
-    return ts.factory.createStringLiteral(value);
+    return ts__default.factory.createStringLiteral(value);
   } else if (typeof value === "number") {
-    return ts.factory.createNumericLiteral(value);
+    return ts__default.factory.createNumericLiteral(value);
   } else if (typeof value === "boolean") {
-    return value ? ts.factory.createTrue() : ts.factory.createFalse();
+    return value ? ts__default.factory.createTrue() : ts__default.factory.createFalse();
   } else if (value === null) {
-    return ts.factory.createNull();
+    return ts__default.factory.createNull();
   } else if (Array.isArray(value)) {
-    return ts.factory.createArrayLiteralExpression(value.map(toExpression));
+    return ts__default.factory.createArrayLiteralExpression(value.map(toExpression));
   } else if (typeof value === "object") {
     if (isValFileValue(value)) {
       if (isValRichTextImageValue(value)) {
@@ -287,24 +289,24 @@ function toExpression(value) {
     } else if (isValRichTextValue(value)) {
       return createValRichTextTaggedStringTemplate(value);
     }
-    return ts.factory.createObjectLiteralExpression(Object.entries(value).map(([key, value]) => createPropertyAssignment(key, value)));
+    return ts__default.factory.createObjectLiteralExpression(Object.entries(value).map(([key, value]) => createPropertyAssignment(key, value)));
   } else {
-    return ts.factory.createStringLiteral(value);
+    return ts__default.factory.createStringLiteral(value);
   }
 }
 
 // TODO: Choose newline based on project settings/heuristics/system default?
-const newLine = ts.NewLineKind.LineFeed;
+const newLine = ts__default.NewLineKind.LineFeed;
 // TODO: Handle indentation of printed code
-const printer = ts.createPrinter({
+const printer = ts__default.createPrinter({
   newLine: newLine
   // neverAsciiEscape: true,
 });
 function replaceNodeValue(document, node, value) {
-  const replacementText = printer.printNode(ts.EmitHint.Unspecified, toExpression(value), document);
-  const span = ts.createTextSpanFromBounds(node.getStart(document, false), node.end);
-  const newText = `${document.text.substring(0, span.start)}${replacementText}${document.text.substring(ts.textSpanEnd(span))}`;
-  return [document.update(newText, ts.createTextChangeRange(span, replacementText.length)), node];
+  const replacementText = printer.printNode(ts__default.EmitHint.Unspecified, toExpression(value), document);
+  const span = ts__default.createTextSpanFromBounds(node.getStart(document, false), node.end);
+  const newText = `${document.text.substring(0, span.start)}${replacementText}${document.text.substring(ts__default.textSpanEnd(span))}`;
+  return [document.update(newText, ts__default.createTextChangeRange(span, replacementText.length)), node];
 }
 function isIndentation(s) {
   for (let i = 0; i < s.length; ++i) {
@@ -316,7 +318,7 @@ function isIndentation(s) {
   return true;
 }
 function newLineStr(kind) {
-  if (kind === ts.NewLineKind.CarriageReturnLineFeed) {
+  if (kind === ts__default.NewLineKind.CarriageReturnLineFeed) {
     return "\r\n";
   } else {
     return "\n";
@@ -338,38 +340,38 @@ function insertAt(document, nodes, index, node) {
   let replacementText;
   if (nodes.length === 0) {
     // Replace entire range of nodes
-    replacementText = printer.printNode(ts.EmitHint.Unspecified, node, document);
-    span = ts.createTextSpanFromBounds(nodes.pos, nodes.end);
+    replacementText = printer.printNode(ts__default.EmitHint.Unspecified, node, document);
+    span = ts__default.createTextSpanFromBounds(nodes.pos, nodes.end);
   } else if (index === nodes.length) {
     // Insert after last node
     const neighbor = nodes[nodes.length - 1];
-    replacementText = `${getSeparator(document, neighbor)}${printer.printNode(ts.EmitHint.Unspecified, node, document)}`;
-    span = ts.createTextSpan(neighbor.end, 0);
+    replacementText = `${getSeparator(document, neighbor)}${printer.printNode(ts__default.EmitHint.Unspecified, node, document)}`;
+    span = ts__default.createTextSpan(neighbor.end, 0);
   } else {
     // Insert before node
     const neighbor = nodes[index];
-    replacementText = `${printer.printNode(ts.EmitHint.Unspecified, node, document)}${getSeparator(document, neighbor)}`;
-    span = ts.createTextSpan(neighbor.getStart(document, true), 0);
+    replacementText = `${printer.printNode(ts__default.EmitHint.Unspecified, node, document)}${getSeparator(document, neighbor)}`;
+    span = ts__default.createTextSpan(neighbor.getStart(document, true), 0);
   }
-  const newText = `${document.text.substring(0, span.start)}${replacementText}${document.text.substring(ts.textSpanEnd(span))}`;
-  return document.update(newText, ts.createTextChangeRange(span, replacementText.length));
+  const newText = `${document.text.substring(0, span.start)}${replacementText}${document.text.substring(ts__default.textSpanEnd(span))}`;
+  return document.update(newText, ts__default.createTextChangeRange(span, replacementText.length));
 }
 function removeAt(document, nodes, index) {
   const node = nodes[index];
   let span;
   if (nodes.length === 1) {
-    span = ts.createTextSpanFromBounds(nodes.pos, nodes.end);
+    span = ts__default.createTextSpanFromBounds(nodes.pos, nodes.end);
   } else if (index === nodes.length - 1) {
     // Remove until previous node
     const neighbor = nodes[index - 1];
-    span = ts.createTextSpanFromBounds(neighbor.end, node.end);
+    span = ts__default.createTextSpanFromBounds(neighbor.end, node.end);
   } else {
     // Remove before next node
     const neighbor = nodes[index + 1];
-    span = ts.createTextSpanFromBounds(node.getStart(document, true), neighbor.getStart(document, true));
+    span = ts__default.createTextSpanFromBounds(node.getStart(document, true), neighbor.getStart(document, true));
   }
-  const newText = `${document.text.substring(0, span.start)}${document.text.substring(ts.textSpanEnd(span))}`;
-  return [document.update(newText, ts.createTextChangeRange(span, 0)), node];
+  const newText = `${document.text.substring(0, span.start)}${document.text.substring(ts__default.textSpanEnd(span))}`;
+  return [document.update(newText, ts__default.createTextChangeRange(span, 0)), node];
 }
 function parseAndValidateArrayInsertIndex(key, nodes) {
   if (key === "-") {
@@ -411,9 +413,9 @@ function parseAndValidateArrayInboundsIndex(key, nodes) {
   }));
 }
 function replaceInNode(document, node, key, value) {
-  if (ts.isArrayLiteralExpression(node)) {
+  if (ts__default.isArrayLiteralExpression(node)) {
     return pipe(parseAndValidateArrayInboundsIndex(key, node.elements), result.map(index => replaceNodeValue(document, node.elements[index], value)));
-  } else if (ts.isObjectLiteralExpression(node)) {
+  } else if (ts__default.isObjectLiteralExpression(node)) {
     return pipe(findObjectPropertyAssignment(node, key), result.flatMap(assignment => {
       if (!assignment) {
         return result.err(new PatchError("Cannot replace object element which does not exist"));
@@ -436,7 +438,7 @@ function replaceInNode(document, node, key, value) {
         }
         return replaceInNode(document,
         // TODO: creating a fake object here might not be right - seems to work though
-        ts.factory.createObjectLiteralExpression([ts.factory.createPropertyAssignment(key, metadataArgNode)]), key, value);
+        ts__default.factory.createObjectLiteralExpression([ts__default.factory.createPropertyAssignment(key, metadataArgNode)]), key, value);
       }));
     }
   } else {
@@ -451,9 +453,9 @@ function replaceAtPath(document, rootNode, path, value) {
   }
 }
 function getFromNode(node, key) {
-  if (ts.isArrayLiteralExpression(node)) {
+  if (ts__default.isArrayLiteralExpression(node)) {
     return pipe(parseAndValidateArrayInboundsIndex(key, node.elements), result.map(index => node.elements[index]));
-  } else if (ts.isObjectLiteralExpression(node)) {
+  } else if (ts__default.isObjectLiteralExpression(node)) {
     return pipe(findObjectPropertyAssignment(node, key), result.map(assignment => assignment === null || assignment === void 0 ? void 0 : assignment.initializer));
   } else if (isValFileMethodCall(node)) {
     if (key === FILE_REF_PROP) {
@@ -483,9 +485,9 @@ function getAtPath(rootNode, path) {
   return pipe(path, result.flatMapReduce((node, key) => pipe(getFromNode(node, key), result.filterOrElse(childNode => childNode !== undefined, () => new PatchError("Path refers to non-existing object/array"))), rootNode));
 }
 function removeFromNode(document, node, key) {
-  if (ts.isArrayLiteralExpression(node)) {
+  if (ts__default.isArrayLiteralExpression(node)) {
     return pipe(parseAndValidateArrayInboundsIndex(key, node.elements), result.map(index => removeAt(document, node.elements, index)));
-  } else if (ts.isObjectLiteralExpression(node)) {
+  } else if (ts__default.isObjectLiteralExpression(node)) {
     return pipe(findObjectPropertyAssignment(node, key), result.flatMap(assignment => {
       if (!assignment) {
         return result.err(new PatchError("Cannot replace object element which does not exist"));
@@ -531,9 +533,9 @@ function isValRichTextValue(value) {
   return !!(typeof value === "object" && value && VAL_EXTENSION in value && value[VAL_EXTENSION] === "richtext" && "templateStrings" in value && typeof value.templateStrings === "object" && Array.isArray(value.templateStrings));
 }
 function addToNode(document, node, key, value) {
-  if (ts.isArrayLiteralExpression(node)) {
+  if (ts__default.isArrayLiteralExpression(node)) {
     return pipe(parseAndValidateArrayInsertIndex(key, node.elements), result.map(index => [insertAt(document, node.elements, index, toExpression(value))]));
-  } else if (ts.isObjectLiteralExpression(node)) {
+  } else if (ts__default.isObjectLiteralExpression(node)) {
     if (key === FILE_REF_PROP) {
       return result.err(new PatchError("Cannot add a key ref to object"));
     }
@@ -602,7 +604,7 @@ class TSOps {
   }
 }
 
-const ops = new TSOps(document => {
+const ops$1 = new TSOps(document => {
   return pipe(analyzeValModule(document), result.map(({
     source
   }) => source));
@@ -617,7 +619,7 @@ const patchValFile = async (id, valConfigPath, patch, sourceFileHandler, runtime
   if (!sourceFile) {
     throw Error(`Source file ${filePath} not found`);
   }
-  const derefRes = derefPatch(patch, sourceFile, ops);
+  const derefRes = derefPatch(patch, sourceFile, ops$1);
   if (result.isErr(derefRes)) {
     throw derefRes.error;
   }
@@ -655,9 +657,9 @@ function convertDataUrlToBase64(dataUrl) {
 }
 const patchSourceFile = (sourceFile, patch) => {
   if (typeof sourceFile === "string") {
-    return applyPatch(ts.createSourceFile("<val>", sourceFile, ts.ScriptTarget.ES2015), ops, patch);
+    return applyPatch(ts__default.createSourceFile("<val>", sourceFile, ts__default.ScriptTarget.ES2015), ops$1, patch);
   }
-  return applyPatch(sourceFile, ops, patch);
+  return applyPatch(sourceFile, ops$1, patch);
 };
 
 const readValFile = async (id, valConfigPath, runtime) => {
@@ -771,7 +773,7 @@ const getCompilerOptions = (rootDir, parseConfigHost) => {
   const {
     config,
     error
-  } = ts.readConfigFile(configFilePath, parseConfigHost.readFile.bind(parseConfigHost));
+  } = ts__default.readConfigFile(configFilePath, parseConfigHost.readFile.bind(parseConfigHost));
   if (error) {
     if (typeof error.messageText === "string") {
       throw Error(`Could not parse config file: ${configFilePath}. Error: ${error.messageText}`);
@@ -779,7 +781,7 @@ const getCompilerOptions = (rootDir, parseConfigHost) => {
     throw Error(`Could not parse config file: ${configFilePath}. Error: ${error.messageText.messageText}`);
   }
   const optionsOverrides = undefined;
-  const parsedConfigFile = ts.parseJsonConfigFileContent(config, parseConfigHost, rootDir, optionsOverrides, configFilePath);
+  const parsedConfigFile = ts__default.parseJsonConfigFileContent(config, parseConfigHost, rootDir, optionsOverrides, configFilePath);
   if (parsedConfigFile.errors.length > 0) {
     throw Error(`Could not parse config file: ${configFilePath}. Errors: ${parsedConfigFile.errors.map(e => e.messageText).join("\n")}`);
   }
@@ -788,8 +790,14 @@ const getCompilerOptions = (rootDir, parseConfigHost) => {
 
 class ValSourceFileHandler {
   constructor(projectRoot, compilerOptions, host = {
-    ...ts.sys,
-    writeFile: fs.writeFileSync
+    ...ts__default.sys,
+    writeFile: (fileName, data, encoding) => {
+      fs.mkdirSync(path__default.dirname(fileName), {
+        recursive: true
+      });
+      fs.writeFileSync(fileName, data, encoding);
+    },
+    rmFile: fs.rmSync
   }) {
     this.projectRoot = projectRoot;
     this.compilerOptions = compilerOptions;
@@ -797,9 +805,9 @@ class ValSourceFileHandler {
   }
   getSourceFile(filePath) {
     const fileContent = this.host.readFile(filePath);
-    const scriptTarget = this.compilerOptions.target ?? ts.ScriptTarget.ES2020;
+    const scriptTarget = this.compilerOptions.target ?? ts__default.ScriptTarget.ES2020;
     if (fileContent) {
-      return ts.createSourceFile(filePath, fileContent, scriptTarget);
+      return ts__default.createSourceFile(filePath, fileContent, scriptTarget);
     }
   }
   writeSourceFile(sourceFile) {
@@ -811,7 +819,7 @@ class ValSourceFileHandler {
     this.host.writeFile(filePath, content, encoding);
   }
   resolveSourceModulePath(containingFilePath, requestedModuleName) {
-    const resolutionRes = ts.resolveModuleName(requestedModuleName, path__default.isAbsolute(containingFilePath) ? containingFilePath : path__default.resolve(this.projectRoot, containingFilePath), this.compilerOptions, this.host, undefined, undefined, ts.ModuleKind.ESNext);
+    const resolutionRes = ts__default.resolveModuleName(requestedModuleName, path__default.isAbsolute(containingFilePath) ? containingFilePath : path__default.resolve(this.projectRoot, containingFilePath), this.compilerOptions, this.host, undefined, undefined, ts__default.ModuleKind.ESNext);
     const resolvedModule = resolutionRes.resolvedModule;
     if (!resolvedModule) {
       throw Error(`Could not resolve module "${requestedModuleName}", base: "${containingFilePath}": No resolved modules returned: ${JSON.stringify(resolutionRes)}`);
@@ -823,7 +831,7 @@ class ValSourceFileHandler {
 const JsFileLookupMapping = [
 // NOTE: first one matching will be used
 [".cjs.d.ts", [".esm.js", ".mjs.js"]], [".cjs.js", [".esm.js", ".mjs.js"]], [".cjs", [".mjs"]], [".d.ts", [".js", ".esm.js", ".mjs.js"]]];
-const MAX_CACHE_SIZE = 10 * 1024 * 1024; // 10 mb
+const MAX_CACHE_SIZE = 100 * 1024 * 1024; // 100 mb
 const MAX_OBJECT_KEY_SIZE = 2 ** 27; // https://stackoverflow.com/questions/13367391/is-there-a-limit-on-length-of-the-key-string-in-js-object
 
 class ValModuleLoader {
@@ -832,8 +840,14 @@ class ValModuleLoader {
   compilerOptions,
   // TODO: remove this?
   sourceFileHandler, host = {
-    ...ts.sys,
-    writeFile: fs.writeFileSync
+    ...ts__default.sys,
+    writeFile: (fileName, data, encoding) => {
+      fs.mkdirSync(path__default.dirname(fileName), {
+        recursive: true
+      });
+      fs.writeFileSync(fileName, data, encoding);
+    },
+    rmFile: fs.rmSync
   }, disableCache = false) {
     this.projectRoot = projectRoot;
     this.compilerOptions = compilerOptions;
@@ -1086,8 +1100,14 @@ export const IS_DEV = false;2
 }
 
 async function createService(projectRoot, opts, host = {
-  ...ts.sys,
-  writeFile: fs.writeFileSync
+  ...ts__default.sys,
+  writeFile: (fileName, data, encoding) => {
+    fs.mkdirSync(path__default.dirname(fileName), {
+      recursive: true
+    });
+    fs.writeFileSync(fileName, data, encoding);
+  },
+  rmFile: fs.rmSync
 }, loader) {
   const compilerOptions = getCompilerOptions(projectRoot, host);
   const sourceFileHandler = new ValSourceFileHandler(projectRoot, compilerOptions, host);
@@ -1103,7 +1123,7 @@ class Service {
     this.runtime = runtime;
     this.valConfigPath = valConfigPath || "./val.config";
   }
-  async get(moduleId, modulePath) {
+  async get(moduleId, modulePath = "") {
     const valModule = await readValFile(moduleId, this.valConfigPath, this.runtime);
     if (valModule.source && valModule.schema) {
       const resolved = Internal.resolvePath(modulePath, valModule.source, valModule.schema);
@@ -1124,7 +1144,7 @@ class Service {
     }
   }
   async patch(moduleId, patch) {
-    return patchValFile(moduleId, this.valConfigPath, patch, this.sourceFileHandler, this.runtime);
+    await patchValFile(moduleId, this.valConfigPath, patch, this.sourceFileHandler, this.runtime);
   }
   dispose() {
     this.runtime.dispose();
@@ -1172,92 +1192,157 @@ const OperationJSONT = z.discriminatedUnion("op", [z.object({
   value: z.string()
 }).strict()]);
 const PatchJSON = z.array(OperationJSONT);
+/**
+ * Raw JSON patch operation.
+ */
+const OperationT = z.discriminatedUnion("op", [z.object({
+  op: z.literal("add"),
+  path: z.array(z.string()),
+  value: JSONValueT
+}).strict(), z.object({
+  op: z.literal("remove"),
+  path: z.array(z.string()).nonempty()
+}).strict(), z.object({
+  op: z.literal("replace"),
+  path: z.array(z.string()),
+  value: JSONValueT
+}).strict(), z.object({
+  op: z.literal("move"),
+  from: z.array(z.string()).nonempty(),
+  path: z.array(z.string())
+}).strict(), z.object({
+  op: z.literal("copy"),
+  from: z.array(z.string()),
+  path: z.array(z.string())
+}).strict(), z.object({
+  op: z.literal("test"),
+  path: z.array(z.string()),
+  value: JSONValueT
+}).strict(), z.object({
+  op: z.literal("file"),
+  path: z.array(z.string()),
+  filePath: z.string(),
+  value: z.union([z.string(), z.object({
+    sha256: z.string(),
+    mimeType: z.string()
+  })])
+}).strict()]);
+const Patch = z.array(OperationT);
 
-const ENABLE_COOKIE_VALUE = {
-  value: "true",
-  options: {
-    httpOnly: false,
-    sameSite: "lax"
-  }
-};
-function getRedirectUrl(query, overrideHost) {
-  if (typeof query.redirect_to !== "string") {
-    return {
-      status: 400,
-      json: {
-        message: "Missing redirect_to query param"
-      }
-    };
+function getValidationErrorFileRef(validationError) {
+  const maybeRef = validationError.value && typeof validationError.value === "object" && FILE_REF_PROP in validationError.value && typeof validationError.value[FILE_REF_PROP] === "string" ? validationError.value[FILE_REF_PROP] : undefined;
+  if (!maybeRef) {
+    return null;
   }
-  if (overrideHost) {
-    return overrideHost + "?redirect_to=" + encodeURIComponent(query.redirect_to);
+  return maybeRef;
+}
+
+const textEncoder$1 = new TextEncoder();
+async function extractImageMetadata(filename, input) {
+  const imageSize = sizeOf(input);
+  let mimeType = null;
+  if (imageSize.type) {
+    const possibleMimeType = `image/${imageSize.type}`;
+    if (MIME_TYPES_TO_EXT[possibleMimeType]) {
+      mimeType = possibleMimeType;
+    }
+    const filenameBasedLookup = filenameToMimeType(filename);
+    if (filenameBasedLookup) {
+      mimeType = filenameBasedLookup;
+    }
+  }
+  if (!mimeType) {
+    mimeType = "application/octet-stream";
+  }
+  let {
+    width,
+    height
+  } = imageSize;
+  if (!width || !height) {
+    width = 0;
+    height = 0;
+  }
+  const sha256 = getSha256(mimeType, input);
+  return {
+    width,
+    height,
+    sha256,
+    mimeType
+  };
+}
+function getSha256(mimeType, input) {
+  return Internal.getSHA256Hash(textEncoder$1.encode(
+  // TODO: we should probably store the mimetype in the metadata and reuse it here
+  `data:${mimeType};base64,${input.toString("base64")}`));
+}
+async function extractFileMetadata(filename, input) {
+  let mimeType = filenameToMimeType(filename);
+  if (!mimeType) {
+    mimeType = "application/octet-stream";
   }
-  return query.redirect_to;
+  const sha256 = getSha256(mimeType, input);
+  return {
+    sha256,
+    mimeType
+  };
 }
 
-class LocalValServer {
-  constructor(options, callbacks) {
-    this.options = options;
-    this.callbacks = callbacks;
+function validateMetadata(actualMetadata, expectedMetadata) {
+  const missingMetadata = [];
+  const erroneousMetadata = {};
+  if (typeof actualMetadata !== "object" || actualMetadata === null) {
+    return {
+      globalErrors: ["Metadata is wrong type: must be an object."]
+    };
   }
-  async session() {
+  if (Array.isArray(actualMetadata)) {
     return {
-      status: 200,
-      json: {
-        mode: "local",
-        enabled: await this.callbacks.isEnabled()
-      }
+      globalErrors: ["Metadata is wrong type: cannot be an array."]
     };
   }
-  async getTree(treePath,
-  // TODO: use the params: patch, schema, source
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  query) {
-    const rootDir = process.cwd();
-    const moduleIds = [];
-    // iterate over all .val files in the root directory
-    const walk = async dir => {
-      const files = await promises.readdir(dir);
-      for (const file of files) {
-        if ((await promises.stat(path__default.join(dir, file))).isDirectory()) {
-          if (file === "node_modules") continue;
-          await walk(path__default.join(dir, file));
-        } else {
-          const isValFile = file.endsWith(".val.js") || file.endsWith(".val.ts");
-          if (!isValFile) {
-            continue;
-          }
-          if (treePath && !path__default.join(dir, file).replace(rootDir, "").startsWith(treePath)) {
-            continue;
-          }
-          moduleIds.push(path__default.join(dir, file).replace(rootDir, "").replace(".val.js", "").replace(".val.ts", "").split(path__default.sep).join("/"));
+  const recordMetadata = actualMetadata;
+  const globalErrors = [];
+  for (const anyKey in expectedMetadata) {
+    if (typeof anyKey !== "string") {
+      globalErrors.push(`Expected metadata has key '${anyKey}' that is not typeof 'string', but: '${typeof anyKey}'. This is most likely a Val bug.`);
+    } else {
+      if (anyKey in actualMetadata) {
+        const key = anyKey;
+        if (expectedMetadata[key] !== recordMetadata[key]) {
+          erroneousMetadata[key] = `Expected metadata '${key}' to be ${JSON.stringify(expectedMetadata[key])}, but got ${JSON.stringify(recordMetadata[key])}.`;
         }
+      } else {
+        missingMetadata.push(anyKey);
       }
-    };
-    const serializedModuleContent = await walk(rootDir).then(async () => {
-      return Promise.all(moduleIds.map(async moduleId => {
-        return await this.options.service.get(moduleId, "");
-      }));
-    });
+    }
+  }
+  if (globalErrors.length === 0 && missingMetadata.length === 0 && Object.keys(erroneousMetadata).length === 0) {
+    return false;
+  }
+  return {
+    missingMetadata,
+    erroneousMetadata
+  };
+}
 
-    //
-    const modules = Object.fromEntries(serializedModuleContent.map(serializedModuleContent => {
-      const module = {
-        schema: serializedModuleContent.schema,
-        source: serializedModuleContent.source,
-        errors: serializedModuleContent.errors
-      };
-      return [serializedModuleContent.path, module];
-    }));
-    const apiTreeResponse = {
-      modules,
-      git: this.options.git
-    };
-    return {
-      status: 200,
-      json: apiTreeResponse
-    };
+function getValidationErrorMetadata(validationError) {
+  const maybeMetadata = validationError.value && typeof validationError.value === "object" && "metadata" in validationError.value && validationError.value.metadata && validationError.value.metadata;
+  if (!maybeMetadata) {
+    return null;
+  }
+  return maybeMetadata;
+}
+
+const ops = new JSONOps();
+class ValServer {
+  constructor(cwd, host, options, callbacks) {
+    this.cwd = cwd;
+    this.host = host;
+    this.options = options;
+    this.callbacks = callbacks;
   }
+
+  /* Auth endpoints: */
   async enable(query) {
     const redirectToRes = getRedirectUrl(query, this.options.valEnableRedirectUrl);
     if (typeof redirectToRes !== "string") {
@@ -1288,98 +1373,900 @@ class LocalValServer {
       redirectTo: redirectToRes
     };
   }
-  async postPatches(body) {
-    // First validate that the body has the right structure
-    const patchJSON = z$1.record(PatchJSON).safeParse(body);
-    if (!patchJSON.success) {
+  getAllModules(treePath) {
+    const moduleIds = this.host.readDirectory(this.cwd, ["ts", "js"], ["node_modules", ".*"], ["**/*.val.ts", "**/*.val.js"]).filter(file => {
+      if (treePath) {
+        return file.replace(this.cwd, "").startsWith(treePath);
+      }
+      return true;
+    }).map(file => file.replace(this.cwd, "").replace(".val.js", "").replace(".val.ts", "").split(path__default.sep).join("/"));
+    return moduleIds;
+  }
+  async getTree(treePath,
+  // TODO: use the params: patch, schema, source now we return everything, every time
+  query, cookies) {
+    const ensureRes = await this.ensureRemoteFSInitialized("getTree", cookies);
+    if (result.isErr(ensureRes)) {
+      return ensureRes.error;
+    }
+    const moduleIds = this.getAllModules(treePath);
+    const applyPatches = query.patch === "true";
+    let {
+      patchIdsByModuleId,
+      patchesById,
+      fileUpdates
+    } = {
+      patchIdsByModuleId: {},
+      patchesById: {},
+      fileUpdates: {}
+    };
+    if (applyPatches) {
+      const res = await this.readPatches(cookies);
+      if (result.isErr(res)) {
+        return res.error;
+      }
+      patchIdsByModuleId = res.value.patchIdsByModuleId;
+      patchesById = res.value.patchesById;
+      fileUpdates = res.value.fileUpdates;
+    }
+    const possiblyPatchedContent = await Promise.all(moduleIds.map(async moduleId => {
+      return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, applyPatches, cookies);
+    }));
+    const modules = Object.fromEntries(possiblyPatchedContent.map(serializedModuleContent => {
+      const module = {
+        schema: serializedModuleContent.schema,
+        source: serializedModuleContent.source,
+        errors: serializedModuleContent.errors
+      };
+      return [serializedModuleContent.path, module];
+    }));
+    const apiTreeResponse = {
+      modules,
+      git: this.options.git
+    };
+    return {
+      status: 200,
+      json: apiTreeResponse
+    };
+  }
+  async postValidate(rawBody, cookies) {
+    const ensureRes = await this.ensureRemoteFSInitialized("postValidate", cookies);
+    if (result.isErr(ensureRes)) {
+      return ensureRes.error;
+    }
+    return this.validateThenMaybeCommit(rawBody, false, cookies);
+  }
+  async postCommit(rawBody, cookies) {
+    const ensureRes = await this.ensureRemoteFSInitialized("postCommit", cookies);
+    if (result.isErr(ensureRes)) {
+      return ensureRes.error;
+    }
+    const res = await this.validateThenMaybeCommit(rawBody, true, cookies);
+    if (res.status === 200) {
+      if (res.json.validationErrors) {
+        return {
+          status: 400,
+          json: {
+            ...res.json
+          }
+        };
+      }
       return {
-        status: 404,
+        status: 200,
         json: {
-          message: `Invalid patch: ${patchJSON.error.message}`,
-          details: patchJSON.error.issues
+          ...res.json,
+          git: this.options.git
         }
       };
     }
+    return res;
+  }
 
-    // const id = randomUUID();
-    // console.time("patching:" + id);
-    for (const moduleId in patchJSON.data) {
-      // Then parse/validate
-      // TODO: validate all and then fail instead:
-      const patch = parsePatch(patchJSON.data[moduleId]);
-      if (result.isErr(patch)) {
-        console.error("Unexpected error parsing patch", patch.error);
-        throw new Error("Unexpected error parsing patch");
-      }
-      await this.options.service.patch(moduleId, patch.value);
-    }
-    // console.timeEnd("patching:" + id);
+  /* */
 
-    return {
-      status: 200,
-      json: {} // no patch ids created
-    };
-  }
-  badRequest() {
-    return {
-      status: 400,
-      json: {
-        message: "Local server does not handle this request"
+  async applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, applyPatches, cookies) {
+    const serializedModuleContent = await this.getModule(moduleId);
+    const schema = serializedModuleContent.schema;
+    const maybeSource = serializedModuleContent.source;
+    if (!applyPatches) {
+      return serializedModuleContent;
+    }
+    if (serializedModuleContent.errors && (serializedModuleContent.errors.fatal || serializedModuleContent.errors.invalidModuleId)) {
+      return serializedModuleContent;
+    }
+    if (!maybeSource || !schema) {
+      return serializedModuleContent;
+    }
+    let source = maybeSource;
+    for (const patchId of patchIdsByModuleId[moduleId] ?? []) {
+      const patch = patchesById[patchId];
+      if (!patch) {
+        continue;
+      }
+      const patchRes = applyPatch(source, ops, patch.filter(Internal.notFileOp));
+      if (result.isOk(patchRes)) {
+        source = patchRes.value;
+      } else {
+        console.error("Val: got an unexpected error while applying patch. Is there a mismatch in Val versions? Perhaps Val is misconfigured?", {
+          patchId,
+          moduleId,
+          patch: JSON.stringify(patch, null, 2),
+          error: patchRes.error
+        });
+        return {
+          path: moduleId,
+          schema,
+          source,
+          errors: {
+            fatal: [{
+              message: "Unexpected error applying patch",
+              type: "invalid-patch"
+            }]
+          }
+        };
       }
+    }
+    const validationErrors = deserializeSchema(schema).validate(moduleId, source);
+    if (validationErrors) {
+      const revalidated = await this.revalidateImageAndFileValidation(validationErrors, fileUpdates, cookies);
+      return {
+        path: moduleId,
+        schema,
+        source,
+        errors: revalidated && {
+          validation: revalidated
+        }
+      };
+    }
+    return {
+      path: moduleId,
+      schema,
+      source,
+      errors: false
     };
   }
 
-  // eslint-disable-next-line @typescript-eslint/ban-types
-  async postCommit() {
-    return this.badRequest();
-  }
-  async authorize() {
-    return this.badRequest();
-  }
-  async callback() {
-    return this.badRequest();
-  }
-  async logout() {
-    return this.badRequest();
-  }
-  async getFiles() {
-    return this.badRequest();
+  // TODO: name this better: we need to check for image and file validation errors
+  // since they cannot be handled directly inside the validation function.
+  // The reason is that validate will be called inside QuickJS (in the future, hopefully),
+  // which does not have access to the filesystem, at least not at the time of writing this comment.
+  // If you are reading this, and we still are not using QuickJS to validate, this assumption might be wrong.
+  async revalidateImageAndFileValidation(validationErrors, fileUpdates, cookies) {
+    const revalidatedValidationErrors = {};
+    for (const pathStr in validationErrors) {
+      const errorSourcePath = pathStr;
+      const errors = validationErrors[errorSourcePath];
+      revalidatedValidationErrors[errorSourcePath] = [];
+      for (const error of errors) {
+        var _error$fixes;
+        if ((_error$fixes = error.fixes) !== null && _error$fixes !== void 0 && _error$fixes.every(fix => fix === "file:check-metadata" || fix === "image:replace-metadata" // TODO: rename fix to: image:check-metadata
+        )) {
+          const fileRef = getValidationErrorFileRef(error);
+          if (fileRef) {
+            const filePath = path__default.join(this.cwd, fileRef);
+            let expectedMetadata;
+
+            // if this is a new file or we have an actual FS, we read the file and get the metadata
+            if (!expectedMetadata) {
+              let fileBuffer = undefined;
+              const updatedFileMetadata = fileUpdates[fileRef];
+              if (updatedFileMetadata) {
+                const fileRes = await this.getFiles(fileRef, {
+                  sha256: updatedFileMetadata.sha256
+                }, cookies);
+                if (fileRes.status === 200 && fileRes.body) {
+                  const res = new Response(fileRes.body);
+                  fileBuffer = Buffer.from(await res.arrayBuffer());
+                } else {
+                  console.error("Val: unexpected error while fetching image / file:", fileRef, {
+                    error: fileRes
+                  });
+                }
+              }
+              if (!fileBuffer) {
+                try {
+                  fileBuffer = await this.readStaticBinaryFile(filePath);
+                } catch (err) {
+                  console.error("Val: unexpected error while reading image / file:", filePath, {
+                    error: err
+                  });
+                }
+              }
+              if (!fileBuffer) {
+                revalidatedValidationErrors[errorSourcePath].push({
+                  message: `Could not read file: ${filePath}`
+                });
+                continue;
+              }
+              if (error.fixes.some(fix => fix === "image:replace-metadata")) {
+                expectedMetadata = await extractImageMetadata(filePath, fileBuffer);
+              } else {
+                expectedMetadata = await extractFileMetadata(filePath, fileBuffer);
+              }
+            }
+            if (!expectedMetadata) {
+              revalidatedValidationErrors[errorSourcePath].push({
+                message: `Could not read file metadata. Is the reference to the file: ${fileRef} correct?`
+              });
+            } else {
+              const actualMetadata = getValidationErrorMetadata(error);
+              const revalidatedError = validateMetadata(actualMetadata, expectedMetadata);
+              if (!revalidatedError) {
+                // no errors anymore:
+                continue;
+              }
+              const errorMsgs = (revalidatedError.globalErrors || []).concat(Object.values(revalidatedError.erroneousMetadata || {})).concat(Object.values(revalidatedError.missingMetadata || []).map(missingKey => {
+                var _expectedMetadata;
+                return `Required key: '${missingKey}' is not defined. Should be: '${JSON.stringify((_expectedMetadata = expectedMetadata) === null || _expectedMetadata === void 0 ? void 0 : _expectedMetadata[missingKey])}'`;
+              }));
+              revalidatedValidationErrors[errorSourcePath].push(...errorMsgs.map(message => ({
+                message
+              })));
+            }
+          } else {
+            revalidatedValidationErrors[errorSourcePath].push(error);
+          }
+        } else {
+          revalidatedValidationErrors[errorSourcePath].push(error);
+        }
+      }
+    }
+    const hasErrors = Object.values(revalidatedValidationErrors).some(errors => errors.length > 0);
+    if (hasErrors) {
+      return revalidatedValidationErrors;
+    }
+    return hasErrors;
   }
-  async getPatches() {
-    return this.badRequest();
+  sortPatchIds(patchesByModule) {
+    return Object.values(patchesByModule).flatMap(modulePatches => modulePatches).sort((a, b) => {
+      return a.created_at.localeCompare(b.created_at);
+    }).map(patchData => patchData.patch_id);
   }
-}
 
-function decodeJwt(token, secretKey) {
-  const [headerBase64, payloadBase64, signatureBase64, ...rest] = token.split(".");
-  if (!headerBase64 || !payloadBase64 || !signatureBase64 || rest.length > 0) {
-    console.debug("Invalid JWT: format is not exactly {header}.{payload}.{signature}", token);
-    return null;
+  // can be overridden if FS cannot read from static assets / public folder (because of bundlers or what not)
+  async readStaticBinaryFile(filePath) {
+    return fs.promises.readFile(filePath);
+  }
+  async readPatches(cookies) {
+    const res = await this.getPatches({},
+    // {} means no ids, so get all patches
+    cookies);
+    if (res.status === 400 || res.status === 401 || res.status === 403 || res.status === 404 || res.status === 500 || res.status === 501) {
+      return result.err(res);
+    } else if (res.status === 200 || res.status === 201) {
+      const patchesByModule = res.json;
+      const patches = [];
+      const patchIdsByModuleId = {};
+      const patchesById = {};
+      for (const [moduleIdS, modulePatchData] of Object.entries(patchesByModule)) {
+        const moduleId = moduleIdS;
+        patchIdsByModuleId[moduleId] = modulePatchData.map(patch => patch.patch_id);
+        for (const patchData of modulePatchData) {
+          patches.push([patchData.patch_id, moduleId, patchData.patch]);
+          patchesById[patchData.patch_id] = patchData.patch;
+        }
+      }
+      const fileUpdates = {};
+      const sortedPatchIds = this.sortPatchIds(patchesByModule);
+      for (const sortedPatchId of sortedPatchIds) {
+        const patchId = sortedPatchId;
+        for (const op of patchesById[patchId] || []) {
+          if (op.op === "file") {
+            const parsedFileOp = z$1.object({
+              sha256: z$1.string(),
+              mimeType: z$1.string()
+            }).safeParse(op.value);
+            if (!parsedFileOp.success) {
+              return result.err({
+                status: 500,
+                json: {
+                  message: "Unexpected error: file op value must be transformed into object",
+                  details: {
+                    value: "First 200 chars: " + JSON.stringify(op.value).slice(0, 200),
+                    patchId
+                  }
+                }
+              });
+            }
+            fileUpdates[op.filePath] = {
+              ...parsedFileOp.data
+            };
+          }
+        }
+      }
+      return result.ok({
+        patches,
+        patchIdsByModuleId,
+        patchesById,
+        fileUpdates
+      });
+    } else {
+      return result.err({
+        status: 500,
+        json: {
+          message: "Unknown error"
+        }
+      });
+    }
   }
-  try {
-    const parsedHeader = JSON.parse(Buffer.from(headerBase64, "base64").toString("utf8"));
-    const headerVerification = JwtHeaderSchema.safeParse(parsedHeader);
-    if (!headerVerification.success) {
-      console.debug("Invalid JWT: invalid header", parsedHeader);
-      return null;
+  async validateThenMaybeCommit(rawBody, commit, cookies) {
+    const filterPatchesByModuleIdRes = z$1.object({
+      patches: z$1.record(z$1.array(z$1.string())).optional()
+    }).safeParse(rawBody);
+    if (!filterPatchesByModuleIdRes.success) {
+      return {
+        status: 404,
+        json: {
+          message: "Could not parse body",
+          details: filterPatchesByModuleIdRes.error
+        }
+      };
     }
-    if (headerVerification.data.typ !== jwtHeader.typ) {
-      console.debug("Invalid JWT: invalid header typ", parsedHeader);
-      return null;
+    const res = await this.readPatches(cookies);
+    if (result.isErr(res)) {
+      return res.error;
     }
-    if (headerVerification.data.alg !== jwtHeader.alg) {
-      console.debug("Invalid JWT: invalid header alg", parsedHeader);
-      return null;
+    const {
+      patchIdsByModuleId,
+      patchesById,
+      patches,
+      fileUpdates
+    } = res.value;
+    const validationErrorsByModuleId = {};
+    for (const moduleIdStr of this.getAllModules("/")) {
+      const moduleId = moduleIdStr;
+      const serializedModuleContent = await this.applyAllPatchesThenValidate(moduleId, filterPatchesByModuleIdRes.data.patches ||
+      // TODO: refine to ModuleId and PatchId when parsing
+      patchIdsByModuleId, patchesById, fileUpdates, true, cookies);
+      if (serializedModuleContent.errors) {
+        validationErrorsByModuleId[moduleId] = serializedModuleContent;
+      }
+    }
+    if (Object.keys(validationErrorsByModuleId).length > 0) {
+      const modules = {};
+      for (const [patchId, moduleId] of patches) {
+        if (!modules[moduleId]) {
+          modules[moduleId] = {
+            patches: {
+              applied: []
+            }
+          };
+        }
+        if (validationErrorsByModuleId[moduleId]) {
+          var _modules$moduleId$pat;
+          if (!modules[moduleId].patches.failed) {
+            modules[moduleId].patches.failed = [];
+          }
+          (_modules$moduleId$pat = modules[moduleId].patches.failed) === null || _modules$moduleId$pat === void 0 || _modules$moduleId$pat.push(patchId);
+        } else {
+          modules[moduleId].patches.applied.push(patchId);
+        }
+      }
+      return {
+        status: 200,
+        json: {
+          modules,
+          validationErrors: validationErrorsByModuleId
+        }
+      };
     }
-  } catch (err) {
-    console.debug("Invalid JWT: could not parse header", err);
-    return null;
-  }
-  if (secretKey) {
-    const signature = crypto.createHmac("sha256", secretKey).update(`${headerBase64}.${payloadBase64}`).digest("base64");
-    if (signature !== signatureBase64) {
-      console.debug("Invalid JWT: invalid signature");
-      return null;
+    let modules;
+    if (commit) {
+      modules = await this.execCommit(patches, cookies);
+    } else {
+      modules = await this.getPatchedModules(patches);
+    }
+    return {
+      status: 200,
+      json: {
+        modules,
+        validationErrors: false
+      }
+    };
+  }
+  async getPatchedModules(patches) {
+    const modules = {};
+    for (const [patchId, moduleId] of patches) {
+      if (!modules[moduleId]) {
+        modules[moduleId] = {
+          patches: {
+            applied: []
+          }
+        };
+      }
+      modules[moduleId].patches.applied.push(patchId);
+    }
+    return modules;
+  }
+
+  /* Abstract methods */
+
+  /**
+   * Runs before remoteFS dependent methods (e.g.getModule, ...) are called to make sure that:
+   * 1) The remote FS, if applicable, is initialized
+   * 2) The error is returned via API if the remote FS could not be initialized
+   * */
+
+  /* Abstract endpoints */
+
+  /* Abstract auth endpoints: */
+
+  /* Abstract patch endpoints: */
+}
+
+// From slightly modified ChatGPT generated
+function bufferToReadableStream(buffer) {
+  const stream = new ReadableStream({
+    start(controller) {
+      const chunkSize = 1024; // Adjust the chunk size as needed
+      let offset = 0;
+      function push() {
+        const chunk = buffer.subarray(offset, offset + chunkSize);
+        offset += chunkSize;
+        if (chunk.length > 0) {
+          controller.enqueue(new Uint8Array(chunk));
+          setTimeout(push, 0); // Enqueue the next chunk asynchronously
+        } else {
+          controller.close();
+        }
+      }
+      push();
+    }
+  });
+  return stream;
+}
+const ENABLE_COOKIE_VALUE = {
+  value: "true",
+  options: {
+    httpOnly: false,
+    sameSite: "lax"
+  }
+};
+function getRedirectUrl(query, overrideHost) {
+  if (typeof query.redirect_to !== "string") {
+    return {
+      status: 400,
+      json: {
+        message: "Missing redirect_to query param"
+      }
+    };
+  }
+  if (overrideHost) {
+    return overrideHost + "?redirect_to=" + encodeURIComponent(query.redirect_to);
+  }
+  return query.redirect_to;
+}
+const base64DataAttr = "data:";
+function getMimeTypeFromBase64(content) {
+  const dataIndex = content.indexOf(base64DataAttr);
+  const base64Index = content.indexOf(";base64,");
+  if (dataIndex > -1 || base64Index > -1) {
+    const mimeType = content.slice(dataIndex + base64DataAttr.length, base64Index);
+    return mimeType;
+  }
+  return null;
+}
+function bufferFromDataUrl(dataUrl, contentType) {
+  let base64Data;
+  if (!contentType) {
+    const base64Index = dataUrl.indexOf(";base64,");
+    if (base64Index > -1) {
+      base64Data = dataUrl.slice(base64Index + ";base64,".length);
+    }
+  } else {
+    const dataUrlEncodingHeader = `${base64DataAttr}${contentType};base64,`;
+    if (dataUrl.slice(0, dataUrlEncodingHeader.length) === dataUrlEncodingHeader) {
+      base64Data = dataUrl.slice(dataUrlEncodingHeader.length);
+    }
+  }
+  if (base64Data) {
+    return Buffer.from(base64Data, "base64" // TODO: why does it not work with base64url?
+    );
+  }
+}
+// https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types
+const COMMON_MIME_TYPES = {
+  aac: "audio/aac",
+  abw: "application/x-abiword",
+  arc: "application/x-freearc",
+  avif: "image/avif",
+  avi: "video/x-msvideo",
+  azw: "application/vnd.amazon.ebook",
+  bin: "application/octet-stream",
+  bmp: "image/bmp",
+  bz: "application/x-bzip",
+  bz2: "application/x-bzip2",
+  cda: "application/x-cdf",
+  csh: "application/x-csh",
+  css: "text/css",
+  csv: "text/csv",
+  doc: "application/msword",
+  docx: "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+  eot: "application/vnd.ms-fontobject",
+  epub: "application/epub+zip",
+  gz: "application/gzip",
+  gif: "image/gif",
+  htm: "text/html",
+  html: "text/html",
+  ico: "image/vnd.microsoft.icon",
+  ics: "text/calendar",
+  jar: "application/java-archive",
+  jpeg: "image/jpeg",
+  jpg: "image/jpeg",
+  js: "text/javascript",
+  json: "application/json",
+  jsonld: "application/ld+json",
+  mid: "audio/midi",
+  midi: "audio/midi",
+  mjs: "text/javascript",
+  mp3: "audio/mpeg",
+  mp4: "video/mp4",
+  mpeg: "video/mpeg",
+  mpkg: "application/vnd.apple.installer+xml",
+  odp: "application/vnd.oasis.opendocument.presentation",
+  ods: "application/vnd.oasis.opendocument.spreadsheet",
+  odt: "application/vnd.oasis.opendocument.text",
+  oga: "audio/ogg",
+  ogv: "video/ogg",
+  ogx: "application/ogg",
+  opus: "audio/opus",
+  otf: "font/otf",
+  png: "image/png",
+  pdf: "application/pdf",
+  php: "application/x-httpd-php",
+  ppt: "application/vnd.ms-powerpoint",
+  pptx: "application/vnd.openxmlformats-officedocument.presentationml.presentation",
+  rar: "application/vnd.rar",
+  rtf: "application/rtf",
+  sh: "application/x-sh",
+  svg: "image/svg+xml",
+  tar: "application/x-tar",
+  tif: "image/tiff",
+  tiff: "image/tiff",
+  ts: "video/mp2t",
+  ttf: "font/ttf",
+  txt: "text/plain",
+  vsd: "application/vnd.visio",
+  wav: "audio/wav",
+  weba: "audio/webm",
+  webm: "video/webm",
+  webp: "image/webp",
+  woff: "font/woff",
+  woff2: "font/woff2",
+  xhtml: "application/xhtml+xml",
+  xls: "application/vnd.ms-excel",
+  xlsx: "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+  xml: "application/xml",
+  xul: "application/vnd.mozilla.xul+xml",
+  zip: "application/zip",
+  "3gp": "video/3gpp; audio/3gpp if it doesn't contain video",
+  "3g2": "video/3gpp2; audio/3gpp2 if it doesn't contain video",
+  "7z": "application/x-7z-compressed"
+};
+function guessMimeTypeFromPath(filePath) {
+  const fileExt = filePath.split(".").pop();
+  if (fileExt) {
+    return COMMON_MIME_TYPES[fileExt.toLowerCase()] || null;
+  }
+  return null;
+}
+
+const textEncoder = new TextEncoder();
+class LocalValServer extends ValServer {
+  static PATCHES_DIR = "patches";
+  static FILES_DIR = "files";
+  constructor(options, callbacks) {
+    super(options.service.sourceFileHandler.projectRoot, options.service.sourceFileHandler.host, options, callbacks);
+    this.options = options;
+    this.callbacks = callbacks;
+    this.patchesRootPath = options.cacheDir || path__default.join(options.service.sourceFileHandler.projectRoot, ".val");
+  }
+  async session() {
+    return {
+      status: 200,
+      json: {
+        mode: "local",
+        enabled: await this.callbacks.isEnabled()
+      }
+    };
+  }
+  async deletePatches(query) {
+    const deletedPatches = [];
+    for (const patchId of query.id ?? []) {
+      const rawPatchFileContent = this.host.readFile(this.getPatchFilePath(patchId));
+      if (!rawPatchFileContent) {
+        console.warn("Val: Patch not found", patchId);
+        continue;
+      }
+      const parsedPatchesRes = z$1.record(Patch).safeParse(JSON.parse(rawPatchFileContent));
+      if (!parsedPatchesRes.success) {
+        console.warn("Val: Could not parse patch file", patchId, parsedPatchesRes.error);
+        continue;
+      }
+      const files = Object.values(parsedPatchesRes.data).flatMap(ops => ops.filter(isCachedPatchFileOp).map(op => ({
+        filePath: op.filePath,
+        sha256: op.value.sha256
+      })));
+      for (const file of files) {
+        this.host.rmFile(this.getFilePath(file.filePath, file.sha256));
+        this.host.rmFile(this.getFileMetadataPath(file.filePath, file.sha256));
+      }
+      this.host.rmFile(path__default.join(this.patchesRootPath, LocalValServer.PATCHES_DIR, patchId));
+      deletedPatches.push(patchId);
+    }
+    return {
+      status: 200,
+      json: deletedPatches
+    };
+  }
+  async postPatches(body) {
+    const patches = z$1.record(Patch).safeParse(body);
+    if (!patches.success) {
+      return {
+        status: 404,
+        json: {
+          message: `Invalid patch: ${patches.error.message}`,
+          details: patches.error.issues
+        }
+      };
+    }
+    let fileId = Date.now();
+    while (this.host.fileExists(this.getPatchFilePath(fileId.toString()))) {
+      // ensure unique file / patch id
+      fileId++;
+    }
+    const patchId = fileId.toString();
+    const res = {};
+    const parsedPatches = {};
+    for (const moduleIdStr in patches.data) {
+      const moduleId = moduleIdStr; // TODO: validate that this is a valid module id
+      res[moduleId] = {
+        patch_id: patchId
+      };
+      parsedPatches[moduleId] = [];
+      for (const op of patches.data[moduleId]) {
+        // We do not want to include value of a file op in the patch as they potentially contain a lot of data,
+        // therefore we store the file in a separate file and only store the sha256 hash in the patch.
+        // I.e. the patch that frontend sends is not the same as the one stored.
+        // Large amount of text is one thing, but one could easily imagine a lot of patches being accumulated over time with a lot of images which would then consume a non-negligible amount of memory.
+        //
+        // This is potentially confusing for us working on Val internals, however, the alternative was expected to cause a lot of issues down the line: low performance, a lot of data moved, etc
+        // In the worst scenario we imagine this being potentially crashing the server runtime, especially on smaller edge runtimes.
+        // Potential crashes are bad enough to warrant this workaround.
+        if (Internal.isFileOp(op)) {
+          const sha256 = Internal.getSHA256Hash(textEncoder.encode(op.value));
+          const mimeType = getMimeTypeFromBase64(op.value);
+          if (!mimeType) {
+            console.error("Val: Cannot determine mimeType from base64 data", op);
+            throw Error("Cannot determine mimeType from base64 data: " + op.filePath);
+          }
+          const buffer = bufferFromDataUrl(op.value, mimeType);
+          if (!buffer) {
+            console.error("Val: Cannot parse base64 data", op);
+            throw Error("Cannot parse base64 data: " + op.filePath);
+          }
+          this.host.writeFile(this.getFilePath(op.filePath, sha256), buffer, "binary");
+          this.host.writeFile(this.getFileMetadataPath(op.filePath, sha256), JSON.stringify({
+            mimeType,
+            sha256,
+            // useful for debugging / manual inspection
+            patchId,
+            createdAt: new Date().toISOString()
+          }, null, 2), "utf8");
+          parsedPatches[moduleId].push({
+            ...op,
+            value: {
+              sha256,
+              mimeType
+            }
+          });
+        } else {
+          parsedPatches[moduleId].push(op);
+        }
+      }
+    }
+    this.host.writeFile(this.getPatchFilePath(patchId), JSON.stringify(parsedPatches), "utf8");
+    return {
+      status: 200,
+      json: res
+    };
+  }
+  async getFiles(filePath, query) {
+    if (query.sha256) {
+      const fileExists = this.host.fileExists(this.getFilePath(filePath, query.sha256));
+      if (fileExists) {
+        const metadataFileContent = this.host.readFile(this.getFileMetadataPath(filePath, query.sha256));
+        const fileContent = await this.readStaticBinaryFile(this.getFilePath(filePath, query.sha256));
+        if (!fileContent) {
+          throw Error("Could not read cached patch file / asset. Cache corrupted?");
+        }
+        if (!metadataFileContent) {
+          throw Error("Missing metadata of cached patch file / asset. Cache corrupted?");
+        }
+        const metadata = JSON.parse(metadataFileContent);
+        return {
+          status: 200,
+          headers: {
+            "Content-Type": metadata.mimeType,
+            "Content-Length": fileContent.byteLength.toString()
+          },
+          body: bufferToReadableStream(fileContent)
+        };
+      }
+    }
+    const buffer = await this.readStaticBinaryFile(path__default.join(this.cwd, filePath));
+    const mimeType = guessMimeTypeFromPath(filePath) || "application/octet-stream";
+    if (!buffer) {
+      return {
+        status: 404,
+        json: {
+          message: "File not found"
+        }
+      };
+    }
+    return {
+      status: 200,
+      headers: {
+        "Content-Type": mimeType,
+        "Content-Length": buffer.byteLength.toString()
+      },
+      body: bufferToReadableStream(buffer)
+    };
+  }
+  async getPatches(query) {
+    const patchesCacheDir = path__default.join(this.patchesRootPath, LocalValServer.PATCHES_DIR);
+    let files = [];
+    try {
+      if (!this.host.directoryExists || this.host.directoryExists && this.host.directoryExists(patchesCacheDir)) {
+        files = this.host.readDirectory(patchesCacheDir, [""], [], []);
+      }
+    } catch (e) {
+      console.debug("Failed to read directory (no patches yet?)", e);
+    }
+    const res = {};
+    const sortedPatchIds = files.map(file => parseInt(path__default.basename(file), 10)).sort();
+    for (const patchIdStr of sortedPatchIds) {
+      const patchId = patchIdStr.toString();
+      if (query.id && query.id.length > 0 && !query.id.includes(patchId)) {
+        continue;
+      }
+      try {
+        const currentParsedPatches = z$1.record(Patch).safeParse(JSON.parse(this.host.readFile(path__default.join(this.patchesRootPath, LocalValServer.PATCHES_DIR, `${patchId}`)) || ""));
+        if (!currentParsedPatches.success) {
+          const msg = "Unexpected error reading patch. Patch did not parse correctly. Is there a mismatch in Val versions? Perhaps Val is misconfigured?";
+          console.error(`Val: ${msg}`, {
+            patchId,
+            error: currentParsedPatches.error
+          });
+          return {
+            status: 500,
+            json: {
+              message: msg,
+              details: {
+                patchId,
+                error: currentParsedPatches.error
+              }
+            }
+          };
+        }
+        const createdAt = patchId;
+        for (const moduleIdStr in currentParsedPatches.data) {
+          const moduleId = moduleIdStr;
+          if (!res[moduleId]) {
+            res[moduleId] = [];
+          }
+          res[moduleId].push({
+            patch: currentParsedPatches.data[moduleId],
+            patch_id: patchId,
+            created_at: new Date(Number(createdAt)).toISOString()
+          });
+        }
+      } catch (err) {
+        const msg = `Unexpected error while reading patch file. The cache may be corrupted or Val may be misconfigured. Try deleting the cache directory.`;
+        console.error(`Val: ${msg}`, {
+          patchId,
+          error: err,
+          dir: this.patchesRootPath
+        });
+        return {
+          status: 500,
+          json: {
+            message: msg,
+            details: {
+              patchId,
+              error: err === null || err === void 0 ? void 0 : err.toString()
+            }
+          }
+        };
+      }
+    }
+    return {
+      status: 200,
+      json: res
+    };
+  }
+  getFilePath(filename, sha256) {
+    return path__default.join(this.patchesRootPath, LocalValServer.FILES_DIR, filename, sha256, "file");
+  }
+  getFileMetadataPath(filename, sha256) {
+    return path__default.join(this.patchesRootPath, LocalValServer.FILES_DIR, filename, sha256, "metadata.json");
+  }
+  getPatchFilePath(patchId) {
+    return path__default.join(this.patchesRootPath, LocalValServer.PATCHES_DIR, patchId.toString());
+  }
+  badRequest() {
+    return {
+      status: 400,
+      json: {
+        message: "Local server does not handle this request"
+      }
+    };
+  }
+  async ensureRemoteFSInitialized() {
+    // No RemoteFS so nothing to ensure
+    return result.ok(undefined);
+  }
+  getModule(moduleId) {
+    return this.options.service.get(moduleId);
+  }
+  async execCommit(patches) {
+    for (const [patchId, moduleId, patch] of patches) {
+      // TODO: patch the entire module content directly by using a { path: "", op: "replace", value: patchedData }?
+      // Reason: that would be more atomic? Not doing it now, because there are currently already too many moving pieces.
+      // Other things we could do would be to patch in a temp directory and ONLY when all patches are applied we move back in.
+      // This would improve reliability
+      this.host.rmFile(this.getPatchFilePath(patchId));
+      await this.options.service.patch(moduleId, patch);
+    }
+    return this.getPatchedModules(patches);
+  }
+
+  /* Bad requests on Local Server: */
+
+  async authorize() {
+    return this.badRequest();
+  }
+  async callback() {
+    return this.badRequest();
+  }
+  async logout() {
+    return this.badRequest();
+  }
+}
+function isCachedPatchFileOp(op) {
+  return !!(op.op === "file" && typeof op.filePath === "string" && op.value && typeof op.value === "object" && !Array.isArray(op.value) && "sha256" in op.value && typeof op.value.sha256 === "string");
+}
+
+function decodeJwt(token, secretKey) {
+  const [headerBase64, payloadBase64, signatureBase64, ...rest] = token.split(".");
+  if (!headerBase64 || !payloadBase64 || !signatureBase64 || rest.length > 0) {
+    console.debug("Invalid JWT: format is not exactly {header}.{payload}.{signature}", token);
+    return null;
+  }
+  try {
+    const parsedHeader = JSON.parse(Buffer.from(headerBase64, "base64").toString("utf8"));
+    const headerVerification = JwtHeaderSchema.safeParse(parsedHeader);
+    if (!headerVerification.success) {
+      console.debug("Invalid JWT: invalid header", parsedHeader);
+      return null;
+    }
+    if (headerVerification.data.typ !== jwtHeader.typ) {
+      console.debug("Invalid JWT: invalid header typ", parsedHeader);
+      return null;
+    }
+    if (headerVerification.data.alg !== jwtHeader.alg) {
+      console.debug("Invalid JWT: invalid header alg", parsedHeader);
+      return null;
+    }
+  } catch (err) {
+    console.debug("Invalid JWT: could not parse header", err);
+    return null;
+  }
+  if (secretKey) {
+    const signature = crypto.createHmac("sha256", secretKey).update(`${headerBase64}.${payloadBase64}`).digest("base64");
+    if (signature !== signatureBase64) {
+      console.debug("Invalid JWT: invalid signature");
+      return null;
     }
   }
   try {
@@ -1408,108 +2295,368 @@ function encodeJwt(payload, sessionKey) {
   return `${jwtHeaderBase64}.${payloadBase64}.${crypto.createHmac("sha256", sessionKey).update(`${jwtHeaderBase64}.${payloadBase64}`).digest("base64")}`;
 }
 
-class ProxyValServer {
-  constructor(options, callbacks) {
+const SEPARATOR = "/";
+class RemoteFS {
+  initialized = false;
+  constructor() {
+    this.data = {};
+    this.modifiedFiles = [];
+    this.deletedFiles = [];
+  }
+  useCaseSensitiveFileNames = true;
+  isInitialized() {
+    return this.initialized;
+  }
+  async initializeWith(data) {
+    this.data = data;
+    this.initialized = true;
+  }
+  async getPendingOperations() {
+    const modified = {};
+    for (const modifiedFile in this.modifiedFiles) {
+      modified[modifiedFile] = this.data[modifiedFile].utf8Files[modifiedFile];
+    }
+    return {
+      modified: modified,
+      deleted: this.deletedFiles
+    };
+  }
+  changedDirectories = {};
+  readDirectory = (rootDir, extensions, excludes, includes, depth) => {
+    // TODO: rewrite this! And make some tests! This is a mess!
+    // Considered using glob which typescript seems to use, but that works on an entire typeof fs
+    // glob uses minimatch internally, so using that instead
+    const files = [];
+    for (const dir in this.data) {
+      const depthExceeded = depth ? dir.replace(rootDir, "").split(SEPARATOR).length > depth : false;
+      if (dir.startsWith(rootDir) && !depthExceeded) {
+        for (const file in this.data[dir].utf8Files) {
+          for (const extension of extensions) {
+            if (file.endsWith(extension)) {
+              const path = `${dir}/${file}`;
+              for (const include of includes ?? []) {
+                // TODO: should default includes be ['**/*']?
+                if (minimatch(path, include)) {
+                  let isExcluded = false;
+                  for (const exlude of excludes ?? []) {
+                    if (minimatch(path, exlude)) {
+                      isExcluded = true;
+                      break;
+                    }
+                  }
+                  if (!isExcluded) {
+                    files.push(path);
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+    return ts.sys.readDirectory(rootDir, extensions, excludes, includes, depth).concat(files);
+  };
+  writeFile = (filePath, data, encoding) => {
+    // never write real fs
+    const {
+      directory,
+      filename
+    } = RemoteFS.parsePath(filePath);
+    if (this.data[directory] === undefined) {
+      throw new Error(`Directory not found: ${directory}`);
+    }
+    this.changedDirectories[directory] = this.changedDirectories[directory] ?? new Set();
+
+    // if it fails below this should not be added, so maybe a try/catch?
+    this.changedDirectories[directory].add(filename);
+    this.data[directory].utf8Files[filename] = data;
+    this.modifiedFiles.push(filePath);
+  };
+  rmFile(filePath) {
+    // never remove from real fs
+    const {
+      directory,
+      filename
+    } = RemoteFS.parsePath(filePath);
+    if (this.data[directory] === undefined) {
+      throw new Error(`Directory not found: ${directory}`);
+    }
+    this.changedDirectories[directory] = this.changedDirectories[directory] ?? new Set();
+
+    // if it fails below this should not be added, so maybe a try/catch?
+    this.changedDirectories[directory].add(filename);
+    delete this.data[directory].utf8Files[filename];
+    delete this.data[directory].symlinks[filename];
+    this.deletedFiles.push(filePath);
+  }
+  fileExists = filePath => {
+    var _this$data$directory;
+    if (ts.sys.fileExists(filePath)) {
+      return true;
+    }
+    const {
+      directory,
+      filename
+    } = RemoteFS.parsePath(this.realpath(filePath) // ts.sys seems to resolve symlinks while calling fileExists, i.e. a broken symlink (pointing to a non-existing file) is not considered to exist
+    );
+    return !!((_this$data$directory = this.data[directory]) !== null && _this$data$directory !== void 0 && _this$data$directory.utf8Files[filename]);
+  };
+  readFile = filePath => {
+    const realFile = ts.sys.readFile(filePath);
+    if (realFile !== undefined) {
+      return realFile;
+    }
+    const {
+      directory,
+      filename
+    } = RemoteFS.parsePath(filePath);
+    const dirNode = this.data[directory];
+    if (!dirNode) {
+      return undefined;
+    }
+    const content = dirNode.utf8Files[filename];
+    return content;
+  };
+  realpath(fullPath) {
+    if (ts.sys.fileExists(fullPath) && ts.sys.realpath) {
+      return ts.sys.realpath(fullPath);
+    }
+    // TODO: this only works in a very limited way.
+    // It does not support symlinks to symlinks nor symlinked directories for instance.
+    const {
+      directory,
+      filename
+    } = RemoteFS.parsePath(fullPath);
+    if (this.data[directory] === undefined) {
+      return fullPath;
+    }
+    if (this.data[directory].utf8Files[filename] === undefined) {
+      const link = this.data[directory].symlinks[filename];
+      if (link === undefined) {
+        return fullPath;
+      } else {
+        return link;
+      }
+    } else {
+      return path__default.join(directory, filename);
+    }
+  }
+
+  /**
+   *
+   * @param path
+   * @returns directory and filename. NOTE: directory might be empty string
+   */
+  static parsePath(path) {
+    const pathParts = path.split(SEPARATOR);
+    const filename = pathParts.pop();
+    if (!filename) {
+      throw new Error(`Invalid path: '${path}'. Node filename: '${filename}'`);
+    }
+    const directory = pathParts.join(SEPARATOR);
+    return {
+      directory,
+      filename
+    };
+  }
+}
+
+/**
+ * Represents directories
+ * NOTE: the keys of directory nodes are the "full" path, i.e. "foo/bar"
+ * NOTE: the keys of file nodes are the "filename" only, i.e. "baz.txt"
+ *
+ * @example
+ * {
+ *  "foo/bar": { // <- directory. NOTE: this is the "full" path
+ *     gitHubSha: "123",
+ *     files: {
+ *       "baz.txt": "hello world" // <- file. NOTE: this is the "filename" only
+ *     },
+ *   },
+ * };
+ */
+// TODO: a Map would be better here
+
+class ProxyValServer extends ValServer {
+  constructor(cwd, options, apiOptions, callbacks) {
+    const remoteFS = new RemoteFS();
+    super(cwd, remoteFS, options, callbacks);
+    this.cwd = cwd;
     this.options = options;
+    this.apiOptions = apiOptions;
     this.callbacks = callbacks;
+    this.remoteFS = remoteFS;
   }
-  async getFiles(treePath, query, cookies) {
-    return this.withAuth(cookies, "getFiles", async data => {
-      const url = new URL(`/v1/files/${this.options.valName}${treePath}`, this.options.valContentUrl);
-      if (typeof query.sha256 === "string") {
-        url.searchParams.append("sha256", query.sha256);
-      } else {
-        console.warn("Missing sha256 query param");
+
+  /** Remote FS dependent methods: */
+
+  async getModule(moduleId) {
+    if (!this.lazyService) {
+      this.lazyService = await createService(this.cwd, this.apiOptions, this.remoteFS);
+    }
+    return this.lazyService.get(moduleId);
+  }
+  execCommit(patches, cookies) {
+    return withAuth(this.options.valSecret, cookies, "execCommit", async ({
+      token
+    }) => {
+      const commit = this.options.git.commit;
+      if (!commit) {
+        return {
+          status: 400,
+          json: {
+            message: "Could not detect the git commit. Check if env is missing VAL_GIT_COMMIT."
+          }
+        };
       }
+      const params = `commit=${encodeURIComponent(commit)}`;
+      const url = new URL(`/v1/commit/${this.options.valName}/heads/${this.options.git.branch}/~?${params}`, this.options.valContentUrl);
+
+      // Creates a fresh copy of the fs. We cannot touch the existing fs, since we might still want to do
+      // other operations on it.
+      // We could perhaps free up the other fs while doing this operation, but uncertain if we can actually do that and if that would actually help on memory.
+      // It is a concern we have, since we might be using quite a lot of memory when having the whole FS in memory. In particular because of images / files.
+      const remoteFS = new RemoteFS();
+      const initRes = await this.initRemoteFS(commit, remoteFS, token);
+      if (initRes.status !== 200) {
+        return initRes;
+      }
+      const service = await createService(this.cwd, this.apiOptions, remoteFS);
+      for (const [, moduleId, patch] of patches) {
+        await service.patch(moduleId, patch);
+      }
+      const fileOps = await remoteFS.getPendingOperations();
       const fetchRes = await fetch(url, {
-        headers: this.getAuthHeaders(data.token)
+        method: "POST",
+        headers: getAuthHeaders(token, "application/json"),
+        body: JSON.stringify({
+          fileOps
+        })
       });
       if (fetchRes.status === 200) {
-        if (fetchRes.body) {
-          return {
-            status: fetchRes.status,
-            headers: {
-              "Content-Type": fetchRes.headers.get("Content-Type") || "",
-              "Content-Length": fetchRes.headers.get("Content-Length") || "0"
-            },
-            json: fetchRes.body
-          };
-        } else {
-          return {
-            status: 500,
-            json: {
-              message: "No body in response"
-            }
-          };
-        }
+        return {
+          status: fetchRes.status,
+          json: await fetchRes.json()
+        };
       } else {
+        console.error("Failed to get patches", fetchRes.status, await fetchRes.text());
         return {
           status: fetchRes.status,
           json: {
-            message: "Failed to get files"
+            message: "Failed to get patches"
           }
         };
       }
     });
   }
-  async authorize(query) {
-    if (typeof query.redirect_to !== "string") {
+  async initRemoteFS(commit, remoteFS, token) {
+    const params = new URLSearchParams(this.apiOptions.root ? {
+      root: this.apiOptions.root,
+      commit,
+      cwd: this.cwd
+    } : {
+      commit,
+      cwd: this.cwd
+    });
+    const url = new URL(`/v1/fs/${this.options.valName}/heads/${this.options.git.branch}/~?${params}`, this.options.valContentUrl);
+    try {
+      const fetchRes = await fetch(url, {
+        headers: getAuthHeaders(token, "application/json")
+      });
+      if (fetchRes.status === 200) {
+        const json = await fetchRes.json();
+        remoteFS.initializeWith(json);
+        return {
+          status: 200
+        };
+      } else {
+        try {
+          var _fetchRes$headers$get;
+          if ((_fetchRes$headers$get = fetchRes.headers.get("Content-Type")) !== null && _fetchRes$headers$get !== void 0 && _fetchRes$headers$get.includes("application/json")) {
+            const json = await fetchRes.json();
+            return {
+              status: fetchRes.status,
+              json: {
+                message: "Failed to fetch remote files",
+                details: json
+              }
+            };
+          }
+        } catch (err) {
+          console.error(err);
+        }
+        return {
+          status: fetchRes.status,
+          json: {
+            message: "Unknown failure while fetching remote files"
+          }
+        };
+      }
+    } catch (err) {
       return {
-        status: 400,
+        status: 500,
         json: {
-          message: "Missing redirect_to query param"
+          message: "Failed to fetch: check network connection"
         }
       };
     }
-    const token = crypto.randomUUID();
-    const redirectUrl = new URL(query.redirect_to);
-    const appAuthorizeUrl = this.getAuthorizeUrl(`${redirectUrl.origin}/${this.options.route}`, token);
-    return {
-      cookies: {
-        [VAL_STATE_COOKIE$1]: {
-          value: createStateCookie({
-            redirect_to: query.redirect_to,
-            token
-          }),
-          options: {
-            httpOnly: true,
-            sameSite: "lax",
-            expires: new Date(Date.now() + 1000 * 60 * 60) // 1 hour
-          }
-        }
-      },
-      status: 302,
-      redirectTo: appAuthorizeUrl
-    };
   }
-  async enable(query) {
-    const redirectToRes = getRedirectUrl(query, this.options.valEnableRedirectUrl);
-    if (typeof redirectToRes !== "string") {
-      return redirectToRes;
+  async ensureRemoteFSInitialized(errorMessageType, cookies) {
+    const commit = this.options.git.commit;
+    if (!commit) {
+      return result.err({
+        status: 400,
+        json: {
+          message: "Could not detect the git commit. Check if env is missing VAL_GIT_COMMIT."
+        }
+      });
+    }
+    const res = await withAuth(this.options.valSecret, cookies, errorMessageType, async data => {
+      if (!this.remoteFS.isInitialized()) {
+        return this.initRemoteFS(commit, this.remoteFS, data.token);
+      } else {
+        return {
+          status: 200
+        };
+      }
+    });
+    if (res.status === 200) {
+      return result.ok(undefined);
+    } else {
+      return result.err(res);
     }
-    await this.callbacks.onEnable(true);
-    return {
-      cookies: {
-        [VAL_ENABLE_COOKIE_NAME]: ENABLE_COOKIE_VALUE
-      },
-      status: 302,
-      redirectTo: redirectToRes
-    };
   }
-  async disable(query) {
-    const redirectToRes = getRedirectUrl(query, this.options.valDisableRedirectUrl);
-    if (typeof redirectToRes !== "string") {
-      return redirectToRes;
+  /* Auth endpoints */
+
+  async authorize(query) {
+    if (typeof query.redirect_to !== "string") {
+      return {
+        status: 400,
+        json: {
+          message: "Missing redirect_to query param"
+        }
+      };
     }
-    await this.callbacks.onDisable(true);
+    const token = crypto.randomUUID();
+    const redirectUrl = new URL(query.redirect_to);
+    const appAuthorizeUrl = this.getAuthorizeUrl(`${redirectUrl.origin}/${this.options.route}`, token);
     return {
       cookies: {
-        [VAL_ENABLE_COOKIE_NAME]: {
-          value: null
+        [VAL_STATE_COOKIE$1]: {
+          value: createStateCookie({
+            redirect_to: query.redirect_to,
+            token
+          }),
+          options: {
+            httpOnly: true,
+            sameSite: "lax",
+            expires: new Date(Date.now() + 1000 * 60 * 60) // 1 hour
+          }
         }
       },
       status: 302,
-      redirectTo: redirectToRes
+      redirectTo: appAuthorizeUrl
     };
   }
   async callback(query, cookies) {
@@ -1579,51 +2726,11 @@ class ProxyValServer {
       }
     };
   }
-  async withAuth(cookies, errorMessageType, handler) {
-    const cookie = cookies[VAL_SESSION_COOKIE$1];
-    if (typeof cookie === "string") {
-      const decodedToken = decodeJwt(cookie, this.options.valSecret);
-      if (!decodedToken) {
-        return {
-          status: 401,
-          json: {
-            message: "Invalid JWT token"
-          }
-        };
-      }
-      const verification = IntegratedServerJwtPayload.safeParse(decodedToken);
-      if (!verification.success) {
-        return {
-          status: 401,
-          json: {
-            message: "Could not parse JWT",
-            details: verification.error
-          }
-        };
-      }
-      return handler(verification.data).catch(err => {
-        console.error(`Failed while processing: ${errorMessageType}`, err);
-        return {
-          status: 500,
-          json: {
-            message: err.message
-          }
-        };
-      });
-    } else {
-      return {
-        status: 401,
-        json: {
-          message: "No token"
-        }
-      };
-    }
-  }
   async session(cookies) {
-    return this.withAuth(cookies, "session", async data => {
+    return withAuth(this.options.valSecret, cookies, "session", async data => {
       const url = new URL(`/api/val/${this.options.valName}/auth/session`, this.options.valBuildUrl);
       const fetchRes = await fetch(url, {
-        headers: this.getAuthHeaders(data.token, "application/json")
+        headers: getAuthHeaders(data.token, "application/json")
       });
       if (fetchRes.status === 200) {
         return {
@@ -1645,73 +2752,81 @@ class ProxyValServer {
       }
     });
   }
-  async getTree(treePath, query, cookies) {
-    return this.withAuth(cookies, "getTree", async data => {
-      const {
-        patch,
-        schema,
-        source
-      } = query;
-      const commit = this.options.gitCommit;
-      if (!commit) {
+  async consumeCode(code) {
+    const url = new URL(`/api/val/${this.options.valName}/auth/token`, this.options.valBuildUrl);
+    url.searchParams.set("code", encodeURIComponent(code));
+    return fetch(url, {
+      method: "POST",
+      headers: getAuthHeaders(this.options.apiKey, "application/json") // NOTE: we use apiKey as auth on this endpoint (we do not have a token yet)
+    }).then(async res => {
+      if (res.status === 200) {
+        const token = await res.text();
+        const verification = ValAppJwtPayload.safeParse(decodeJwt(token));
+        if (!verification.success) {
+          return null;
+        }
         return {
-          status: 400,
-          json: {
-            message: "Could not detect the git commit. Check if env is missing VAL_GIT_COMMIT."
-          }
+          ...verification.data,
+          token
         };
+      } else {
+        console.debug("Failed to get data from code: ", res.status);
+        return null;
       }
-      const params = new URLSearchParams({
-        patch: (patch === "true").toString(),
-        schema: (schema === "true").toString(),
-        source: (source === "true").toString(),
-        commit
+    }).catch(err => {
+      console.debug("Failed to get user from code: ", err);
+      return null;
+    });
+  }
+  getAuthorizeUrl(publicValApiRoute, token) {
+    const url = new URL(`/auth/${this.options.valName}/authorize`, this.options.valBuildUrl);
+    url.searchParams.set("redirect_uri", encodeURIComponent(`${publicValApiRoute}/callback`));
+    url.searchParams.set("state", token);
+    return url.toString();
+  }
+  getAppErrorUrl(error) {
+    const url = new URL(`/auth/${this.options.valName}/authorize`, this.options.valBuildUrl);
+    url.searchParams.set("error", encodeURIComponent(error));
+    return url.toString();
+  }
+
+  /* Patch endpoints */
+  async deletePatches(
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  query,
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  cookies) {
+    return withAuth(this.options.valSecret, cookies, "deletePatches", async ({
+      token
+    }) => {
+      const patchIds = query.id || [];
+      const params = `${patchIds.map(id => `id=${encodeURIComponent(id)}`).join("&")}`;
+      const url = new URL(`/v1/patches/${this.options.valName}/heads/${this.options.git.branch}/~?${params}`, this.options.valContentUrl);
+      const fetchRes = await fetch(url, {
+        method: "GET",
+        headers: getAuthHeaders(token, "application/json")
       });
-      const url = new URL(`/v1/tree/${this.options.valName}/heads/${this.options.gitBranch}/~${treePath}/?${params}`, this.options.valContentUrl);
-      try {
-        const fetchRes = await fetch(url, {
-          headers: this.getAuthHeaders(data.token, "application/json")
-        });
-        if (fetchRes.status === 200) {
-          return {
-            status: fetchRes.status,
-            json: await fetchRes.json()
-          };
-        } else {
-          try {
-            var _fetchRes$headers$get;
-            if ((_fetchRes$headers$get = fetchRes.headers.get("Content-Type")) !== null && _fetchRes$headers$get !== void 0 && _fetchRes$headers$get.includes("application/json")) {
-              const json = await fetchRes.json();
-              return {
-                status: fetchRes.status,
-                json
-              };
-            }
-          } catch (err) {
-            console.error(err);
-          }
-          return {
-            status: fetchRes.status,
-            json: {
-              message: "Unknown failure while accessing Val"
-            }
-          };
-        }
-      } catch (err) {
+      if (fetchRes.status === 200) {
         return {
-          status: 500,
+          status: fetchRes.status,
+          json: await fetchRes.json()
+        };
+      } else {
+        console.error("Failed to delete patches", fetchRes.status, await fetchRes.text());
+        return {
+          status: fetchRes.status,
           json: {
-            message: "Failed to fetch: check network connection"
+            message: "Failed to delete patches"
           }
         };
       }
     });
   }
   async getPatches(query, cookies) {
-    return this.withAuth(cookies, "getPatches", async ({
+    return withAuth(this.options.valSecret, cookies, "getPatches", async ({
       token
     }) => {
-      const commit = this.options.gitCommit;
+      const commit = this.options.git.commit;
       if (!commit) {
         return {
           status: 400,
@@ -1722,11 +2837,11 @@ class ProxyValServer {
       }
       const patchIds = query.id || [];
       const params = patchIds.length > 0 ? `commit=${encodeURIComponent(commit)}&${patchIds.map(id => `id=${encodeURIComponent(id)}`).join("&")}` : `commit=${encodeURIComponent(commit)}`;
-      const url = new URL(`/v1/patches/${this.options.valName}/heads/${this.options.gitBranch}/~?${params}`, this.options.valContentUrl);
+      const url = new URL(`/v1/patches/${this.options.valName}/heads/${this.options.git.branch}/~?${params}`, this.options.valContentUrl);
       // Proxy patch to val.build
       const fetchRes = await fetch(url, {
         method: "GET",
-        headers: this.getAuthHeaders(token, "application/json")
+        headers: getAuthHeaders(token, "application/json")
       });
       if (fetchRes.status === 200) {
         return {
@@ -1734,6 +2849,7 @@ class ProxyValServer {
           json: await fetchRes.json()
         };
       } else {
+        console.error("Failed to get patches", fetchRes.status, await fetchRes.text());
         return {
           status: fetchRes.status,
           json: {
@@ -1744,7 +2860,7 @@ class ProxyValServer {
     });
   }
   async postPatches(body, cookies) {
-    const commit = this.options.gitCommit;
+    const commit = this.options.git.commit;
     if (!commit) {
       return {
         status: 401,
@@ -1756,34 +2872,27 @@ class ProxyValServer {
     const params = new URLSearchParams({
       commit
     });
-    return this.withAuth(cookies, "postPatches", async ({
+    return withAuth(this.options.valSecret, cookies, "postPatches", async ({
       token
     }) => {
       // First validate that the body has the right structure
-      const patchJSON = z$1.record(PatchJSON).safeParse(body);
-      if (!patchJSON.success) {
+      const parsedPatches = z$1.record(Patch).safeParse(body);
+      if (!parsedPatches.success) {
         return {
           status: 400,
           json: {
-            message: "Invalid patch",
-            details: patchJSON.error.issues
+            message: "Invalid patch(es)",
+            details: parsedPatches.error.issues
           }
         };
       }
-      // Then parse/validate
-      // TODO:
-      const patch = patchJSON.data;
-      // const patch = parsePatch(patchJSON.data);
-      // if (result.isErr(patch)) {
-      //   res.status(401).json(patch.error);
-      //   return;
-      // }
-      const url = new URL(`/v1/patches/${this.options.valName}/heads/${this.options.gitBranch}/~?${params}`, this.options.valContentUrl);
+      const patches = parsedPatches.data;
+      const url = new URL(`/v1/patches/${this.options.valName}/heads/${this.options.git.branch}/~?${params}`, this.options.valContentUrl);
       // Proxy patch to val.build
       const fetchRes = await fetch(url, {
         method: "POST",
-        headers: this.getAuthHeaders(token, "application/json"),
-        body: JSON.stringify(patch)
+        headers: getAuthHeaders(token, "application/json"),
+        body: JSON.stringify(patches)
       });
       if (fetchRes.status === 200) {
         return {
@@ -1797,89 +2906,62 @@ class ProxyValServer {
       }
     });
   }
-  async postCommit(rawBody, cookies) {
-    const commit = this.options.gitCommit;
-    if (!commit) {
-      return {
-        status: 401,
-        json: {
-          message: "Could not detect the git commit. Check if env is missing VAL_GIT_COMMIT."
-        }
-      };
-    }
-    const params = new URLSearchParams({
-      commit
-    });
-    return this.withAuth(cookies, "postCommit", async ({
-      token
-    }) => {
-      const url = new URL(`/v1/commit/${this.options.valName}/heads/${this.options.gitBranch}/~?${params}`, this.options.valContentUrl);
-      const body = JSON.stringify(rawBody);
+  async getFiles(filePath, query, cookies) {
+    return withAuth(this.options.valSecret, cookies, "getFiles", async data => {
+      const url = new URL(`/v1/files/${this.options.valName}${filePath}`, this.options.valContentUrl);
+      if (typeof query.sha256 === "string") {
+        url.searchParams.append("sha256", query.sha256);
+      } else {
+        console.warn("Missing sha256 query param");
+      }
       const fetchRes = await fetch(url, {
-        method: "POST",
-        headers: this.getAuthHeaders(token, "application/json"),
-        body
+        headers: getAuthHeaders(data.token)
       });
       if (fetchRes.status === 200) {
-        return {
-          status: fetchRes.status,
-          json: await fetchRes.json()
-        };
+        // TODO: does this stream data?
+        if (fetchRes.body) {
+          return {
+            status: fetchRes.status,
+            headers: {
+              "Content-Type": fetchRes.headers.get("Content-Type") || "",
+              "Content-Length": fetchRes.headers.get("Content-Length") || "0"
+            },
+            body: fetchRes.body
+          };
+        } else {
+          return {
+            status: 500,
+            json: {
+              message: "No body in response"
+            }
+          };
+        }
       } else {
-        return {
-          status: fetchRes.status
-        };
-      }
-    });
-  }
-  getAuthHeaders(token, type) {
-    if (!type) {
-      return {
-        Authorization: `Bearer ${token}`
-      };
-    }
-    return {
-      "Content-Type": type,
-      Authorization: `Bearer ${token}`
-    };
-  }
-  async consumeCode(code) {
-    const url = new URL(`/api/val/${this.options.valName}/auth/token`, this.options.valBuildUrl);
-    url.searchParams.set("code", encodeURIComponent(code));
-    return fetch(url, {
-      method: "POST",
-      headers: this.getAuthHeaders(this.options.apiKey, "application/json") // NOTE: we use apiKey as auth on this endpoint (we do not have a token yet)
-    }).then(async res => {
-      if (res.status === 200) {
-        const token = await res.text();
-        const verification = ValAppJwtPayload.safeParse(decodeJwt(token));
-        if (!verification.success) {
-          return null;
+        const fileExists = this.remoteFS.fileExists(path__default.join(this.cwd, filePath));
+        let buffer;
+        if (fileExists) {
+          buffer = await this.readStaticBinaryFile(path__default.join(this.cwd, filePath));
+        }
+        if (!buffer) {
+          return {
+            status: 404,
+            json: {
+              message: "File not found"
+            }
+          };
         }
+        const mimeType = guessMimeTypeFromPath(filePath) || "application/octet-stream";
         return {
-          ...verification.data,
-          token
+          status: 200,
+          headers: {
+            "Content-Type": mimeType,
+            "Content-Length": buffer.byteLength.toString()
+          },
+          body: bufferToReadableStream(buffer)
         };
-      } else {
-        console.debug("Failed to get data from code: ", res.status);
-        return null;
       }
-    }).catch(err => {
-      console.debug("Failed to get user from code: ", err);
-      return null;
     });
   }
-  getAuthorizeUrl(publicValApiRoute, token) {
-    const url = new URL(`/auth/${this.options.valName}/authorize`, this.options.valBuildUrl);
-    url.searchParams.set("redirect_uri", encodeURIComponent(`${publicValApiRoute}/callback`));
-    url.searchParams.set("state", token);
-    return url.toString();
-  }
-  getAppErrorUrl(error) {
-    const url = new URL(`/auth/${this.options.valName}/authorize`, this.options.valBuildUrl);
-    url.searchParams.set("error", encodeURIComponent(error));
-    return url.toString();
-  }
 }
 function verifyCallbackReq(stateCookie, queryParams) {
   if (typeof stateCookie !== "string") {
@@ -1997,11 +3079,67 @@ const IntegratedServerJwtPayload = z$1.object({
   org: z$1.string(),
   project: z$1.string()
 });
+async function withAuth(secret, cookies, errorMessageType, handler) {
+  const cookie = cookies[VAL_SESSION_COOKIE$1];
+  if (typeof cookie === "string") {
+    const decodedToken = decodeJwt(cookie, secret);
+    if (!decodedToken) {
+      return {
+        status: 401,
+        json: {
+          message: "Could not verify session. You will need to login again.",
+          details: "Invalid token"
+        }
+      };
+    }
+    const verification = IntegratedServerJwtPayload.safeParse(decodedToken);
+    if (!verification.success) {
+      return {
+        status: 401,
+        json: {
+          message: "Session invalid or, most likely, expired. You will need to login again.",
+          details: verification.error
+        }
+      };
+    }
+    return handler(verification.data).catch(err => {
+      console.error(`Failed while processing: ${errorMessageType}`, err);
+      return {
+        status: 500,
+        json: {
+          message: err.message
+        }
+      };
+    });
+  } else {
+    return {
+      status: 401,
+      json: {
+        message: "Login required",
+        details: {
+          reason: "Cookie not found"
+        }
+      }
+    };
+  }
+}
+function getAuthHeaders(token, type) {
+  if (!type) {
+    return {
+      Authorization: `Bearer ${token}`
+    };
+  }
+  return {
+    "Content-Type": type,
+    Authorization: `Bearer ${token}`
+  };
+}
 
 async function createValServer(route, opts, callbacks) {
   const serverOpts = await initHandlerOptions(route, opts);
   if (serverOpts.mode === "proxy") {
-    return new ProxyValServer(serverOpts, callbacks);
+    const projectRoot = process.cwd(); //[process.cwd(), opts.root || ""]      .filter((seg) => seg)      .join("/");
+    return new ProxyValServer(projectRoot, serverOpts, opts, callbacks);
   } else {
     return new LocalValServer(serverOpts, callbacks);
   }
@@ -2035,8 +3173,10 @@ async function initHandlerOptions(route, opts) {
       valSecret: maybeValSecret,
       valBuildUrl,
       valContentUrl,
-      gitCommit: maybeGitCommit,
-      gitBranch: maybeGitBranch,
+      git: {
+        commit: maybeGitCommit,
+        branch: maybeGitBranch
+      },
       valName: maybeValName,
       valEnableRedirectUrl: opts.valEnableRedirectUrl || process.env.VAL_ENABLE_REDIRECT_URL,
       valDisableRedirectUrl: opts.valDisableRedirectUrl || process.env.VAL_DISABLE_REDIRECT_URL
@@ -2189,6 +3329,9 @@ function createValApiRouter(route, valServerPromise, convert) {
     } else if (method === "POST" && path === "/commit") {
       const body = await req.json();
       return convert(await valServer.postCommit(body, getCookies(req, [VAL_SESSION_COOKIE])));
+    } else if (method === "POST" && path === "/validate") {
+      const body = await req.json();
+      return convert(await valServer.postValidate(body, getCookies(req, [VAL_SESSION_COOKIE])));
     } else if (method === "GET" && path.startsWith(TREE_PATH_PREFIX)) {
       return withTreePath(path, TREE_PATH_PREFIX)(async treePath => convert(await valServer.getTree(treePath, {
         patch: url.searchParams.get("patch") || undefined,
@@ -2202,6 +3345,10 @@ function createValApiRouter(route, valServerPromise, convert) {
     } else if (method === "POST" && path.startsWith(PATCHES_PATH_PREFIX)) {
       const body = await req.json();
       return withTreePath(path, PATCHES_PATH_PREFIX)(async () => convert(await valServer.postPatches(body, getCookies(req, [VAL_SESSION_COOKIE]))));
+    } else if (method === "DELETE" && path.startsWith(PATCHES_PATH_PREFIX)) {
+      return withTreePath(path, PATCHES_PATH_PREFIX)(async () => convert(await valServer.deletePatches({
+        id: url.searchParams.getAll("id")
+      }, getCookies(req, [VAL_SESSION_COOKIE]))));
     } else if (path.startsWith(FILES_PATH_PREFIX)) {
       const treePath = path.slice(FILES_PATH_PREFIX.length);
       return convert(await valServer.getFiles(treePath, {
@@ -2248,6 +3395,9 @@ class ValFSHost {
   readDirectory(rootDir, extensions, excludes, includes, depth) {
     return this.valFS.readDirectory(rootDir, extensions, excludes, includes, depth);
   }
+  rmFile(fileName) {
+    this.valFS.rmFile(fileName);
+  }
   writeFile(fileName, text, encoding) {
     this.valFS.writeFile(fileName, text, encoding);
   }
@@ -2272,67 +3422,26 @@ class ValFSHost {
 }
 
 // TODO: find a better name? transformFixesToPatch?
-const textEncoder = new TextEncoder();
 async function createFixPatch(config, apply, sourcePath, validationError) {
   async function getImageMetadata() {
-    const maybeRef = validationError.value && typeof validationError.value === "object" && FILE_REF_PROP in validationError.value && typeof validationError.value[FILE_REF_PROP] === "string" ? validationError.value[FILE_REF_PROP] : undefined;
-    if (!maybeRef) {
+    const fileRef = getValidationErrorFileRef(validationError);
+    if (!fileRef) {
       // TODO:
       throw Error("Cannot fix image without a file reference");
     }
-    const filename = path__default.join(config.projectRoot, maybeRef);
+    const filename = path__default.join(config.projectRoot, fileRef);
     const buffer = fs.readFileSync(filename);
-    const imageSize = sizeOf(buffer);
-    let mimeType = null;
-    if (imageSize.type) {
-      const possibleMimeType = `image/${imageSize.type}`;
-      if (MIME_TYPES_TO_EXT[possibleMimeType]) {
-        mimeType = possibleMimeType;
-      }
-      const filenameBasedLookup = filenameToMimeType(filename);
-      if (filenameBasedLookup) {
-        mimeType = filenameBasedLookup;
-      }
-    }
-    if (!mimeType) {
-      throw Error("Cannot determine mimetype of image");
-    }
-    const {
-      width,
-      height
-    } = imageSize;
-    if (!width || !height) {
-      throw Error("Cannot determine image size");
-    }
-    const sha256 = Internal.getSHA256Hash(textEncoder.encode(
-    // TODO: we should probably store the mimetype in the metadata and reuse it here
-    `data:${mimeType};base64,${buffer.toString("base64")}`));
-    return {
-      width,
-      height,
-      sha256,
-      mimeType
-    };
+    return extractImageMetadata(filename, buffer);
   }
   async function getFileMetadata() {
-    const maybeRef = validationError.value && typeof validationError.value === "object" && FILE_REF_PROP in validationError.value && typeof validationError.value[FILE_REF_PROP] === "string" ? validationError.value[FILE_REF_PROP] : undefined;
-    if (!maybeRef) {
+    const fileRef = getValidationErrorFileRef(validationError);
+    if (!fileRef) {
       // TODO:
-      throw Error("Cannot fix image without a file reference");
+      throw Error("Cannot fix file without a file reference");
     }
-    const filename = path__default.join(config.projectRoot, maybeRef);
+    const filename = path__default.join(config.projectRoot, fileRef);
     const buffer = fs.readFileSync(filename);
-    let mimeType = filenameToMimeType(filename);
-    if (!mimeType) {
-      mimeType = "application/octet-stream";
-    }
-    const sha256 = Internal.getSHA256Hash(textEncoder.encode(
-    // TODO: we should probably store the mimetype in the metadata and reuse it here
-    `data:${mimeType};base64,${buffer.toString("base64")}`));
-    return {
-      sha256,
-      mimeType
-    };
+    return extractFileMetadata(fileRef, buffer);
   }
   const remainingErrors = [];
   const patch = [];
@@ -2496,4 +3605,4 @@ async function createFixPatch(config, apply, sourcePath, validationError) {
   };
 }
 
-export { LocalValServer, PatchJSON, Service, ValFSHost, ValModuleLoader, ValSourceFileHandler, createFixPatch, createService, createValApiRouter, createValServer, decodeJwt, encodeJwt, formatSyntaxErrorTree, getCompilerOptions, getExpire, patchSourceFile, safeReadGit };
+export { LocalValServer, Patch, PatchJSON, Service, ValFSHost, ValModuleLoader, ValSourceFileHandler, createFixPatch, createService, createValApiRouter, createValServer, decodeJwt, encodeJwt, formatSyntaxErrorTree, getCompilerOptions, getExpire, patchSourceFile, safeReadGit };