@zenithbuild/cli 0.7.3 → 0.7.5

package/dist/request-body.d.ts

@@ -0,0 +1 @@
+export function readRequestBodyBuffer(req: any): Promise<Buffer<ArrayBuffer>>;

package/dist/request-body.js

@@ -0,0 +1,7 @@
+export async function readRequestBodyBuffer(req) {
+    const chunks = [];
+    for await (const chunk of req) {
+        chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+    }
+    return Buffer.concat(chunks);
+}

package/dist/request-origin.d.ts

@@ -0,0 +1,2 @@
+export function publicHost(host: any): string;
+export function createTrustedOriginResolver(options?: {}): () => string;

package/dist/request-origin.js

@@ -0,0 +1,45 @@
+const DEFAULT_HOST = '127.0.0.1';
+export function publicHost(host) {
+    const normalized = String(host || DEFAULT_HOST).trim() || DEFAULT_HOST;
+    if (normalized === '0.0.0.0' || normalized === '::') {
+        return DEFAULT_HOST;
+    }
+    return normalized;
+}
+function normalizePublicOrigin(value, label) {
+    const raw = String(value || '').trim();
+    if (!raw) {
+        throw new Error(`[Zenith:Server] ${label} must be a non-empty absolute origin`);
+    }
+    let parsed;
+    try {
+        parsed = new URL(raw);
+    }
+    catch {
+        throw new Error(`[Zenith:Server] ${label} must be an absolute origin`);
+    }
+    if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
+        throw new Error(`[Zenith:Server] ${label} must use http or https`);
+    }
+    if (parsed.username || parsed.password) {
+        throw new Error(`[Zenith:Server] ${label} must not include credentials`);
+    }
+    if (parsed.pathname !== '/' || parsed.search || parsed.hash) {
+        throw new Error(`[Zenith:Server] ${label} must not include a path, query, or hash`);
+    }
+    return parsed.origin;
+}
+export function createTrustedOriginResolver(options = {}) {
+    const { publicOrigin = undefined, host = DEFAULT_HOST, port = undefined, getPort = undefined, label = 'server' } = options;
+    if (publicOrigin !== undefined && publicOrigin !== null && String(publicOrigin).trim().length > 0) {
+        const origin = normalizePublicOrigin(publicOrigin, `${label} publicOrigin`);
+        return () => origin;
+    }
+    return () => {
+        const resolvedPort = typeof getPort === 'function' ? getPort() : port;
+        if (!Number.isInteger(resolvedPort) || resolvedPort <= 0) {
+            throw new Error(`[Zenith:Server] ${label} requires "publicOrigin" when a trusted port is unavailable; raw Host headers are not trusted`);
+        }
+        return `http://${publicHost(host)}:${resolvedPort}`;
+    };
+}

package/dist/resource-manifest.d.ts

@@ -0,0 +1,16 @@
+export function writeResourceRouteManifest(staticDir: any, routeManifest: any, basePath?: string): Promise<({
+    path: any;
+    file: any;
+    route_kind: string;
+    server_script: any;
+    server_script_path: any;
+    has_guard: boolean;
+    has_load: boolean;
+    has_action: boolean;
+    params: any;
+    route_id: any;
+} | null)[]>;
+export function loadResourceRouteManifest(distDir: any, fallbackBasePath?: string): Promise<{
+    basePath: any;
+    routes: any;
+}>;

package/dist/resource-manifest.js

@@ -0,0 +1,53 @@
+import { mkdir, readFile, writeFile } from 'node:fs/promises';
+import { join } from 'node:path';
+import { compareRouteSpecificity } from './server/resolve-request-route.js';
+function sanitizeResourceRoute(entry) {
+    if (!entry || typeof entry !== 'object') {
+        return null;
+    }
+    if (typeof entry.path !== 'string' || typeof entry.server_script !== 'string') {
+        return null;
+    }
+    return {
+        path: entry.path,
+        file: typeof entry.file === 'string' ? entry.file : '',
+        route_kind: 'resource',
+        server_script: entry.server_script,
+        server_script_path: typeof entry.server_script_path === 'string' ? entry.server_script_path : '',
+        has_guard: entry.has_guard === true,
+        has_load: entry.has_load === true,
+        has_action: entry.has_action === true,
+        params: Array.isArray(entry.params) ? entry.params.filter((value) => typeof value === 'string') : [],
+        route_id: typeof entry.route_id === 'string' ? entry.route_id : null
+    };
+}
+export async function writeResourceRouteManifest(staticDir, routeManifest, basePath = '/') {
+    const routes = (Array.isArray(routeManifest) ? routeManifest : [])
+        .filter((entry) => entry?.route_kind === 'resource')
+        .map((entry) => sanitizeResourceRoute(entry))
+        .filter(Boolean)
+        .sort((left, right) => compareRouteSpecificity(left.path, right.path));
+    const manifestPath = join(staticDir, 'assets', 'resource-manifest.json');
+    await mkdir(join(staticDir, 'assets'), { recursive: true });
+    await writeFile(manifestPath, `${JSON.stringify({ base_path: basePath, routes }, null, 2)}\n`, 'utf8');
+    return routes;
+}
+export async function loadResourceRouteManifest(distDir, fallbackBasePath = '/') {
+    const manifestPath = join(distDir, 'assets', 'resource-manifest.json');
+    try {
+        const parsed = JSON.parse(await readFile(manifestPath, 'utf8'));
+        return {
+            basePath: typeof parsed?.base_path === 'string' ? parsed.base_path : fallbackBasePath,
+            routes: (Array.isArray(parsed?.routes) ? parsed.routes : [])
+                .map((entry) => sanitizeResourceRoute(entry))
+                .filter(Boolean)
+                .sort((left, right) => compareRouteSpecificity(left.path, right.path))
+        };
+    }
+    catch {
+        return {
+            basePath: fallbackBasePath,
+            routes: []
+        };
+    }
+}

package/dist/resource-response.d.ts

@@ -0,0 +1,34 @@
+export function buildResourceResponseDescriptor(result: any, basePath?: string, setCookies?: any[]): {
+    status: any;
+    headers: {
+        Location: string;
+        'Cache-Control': string;
+        'Content-Type'?: undefined;
+        'Content-Disposition'?: undefined;
+        'Content-Length'?: undefined;
+    };
+    body: string;
+    setCookies: any[];
+} | {
+    status: any;
+    headers: {
+        'Content-Type': string;
+        Location?: undefined;
+        'Cache-Control'?: undefined;
+        'Content-Disposition'?: undefined;
+        'Content-Length'?: undefined;
+    };
+    body: any;
+    setCookies: any[];
+} | {
+    status: number;
+    headers: {
+        'Content-Type': any;
+        'Content-Disposition': string;
+        'Content-Length': string;
+        Location?: undefined;
+        'Cache-Control'?: undefined;
+    };
+    body: Buffer<ArrayBuffer>;
+    setCookies: any[];
+};

package/dist/resource-response.js

@@ -0,0 +1,71 @@
+import { appLocalRedirectLocation } from './base-path.js';
+import { buildAttachmentContentDisposition, decodeDownloadResultBody } from './download-result.js';
+import { clientFacingRouteMessage, defaultRouteDenyMessage } from './server-error.js';
+function serializeJsonBody(payload) {
+    return JSON.stringify(payload);
+}
+export function buildResourceResponseDescriptor(result, basePath = '/', setCookies = []) {
+    if (!result || typeof result !== 'object') {
+        return {
+            status: 500,
+            headers: { 'Content-Type': 'text/plain; charset=utf-8' },
+            body: defaultRouteDenyMessage(500),
+            setCookies
+        };
+    }
+    if (result.kind === 'redirect') {
+        return {
+            status: Number.isInteger(result.status) ? result.status : 302,
+            headers: {
+                Location: appLocalRedirectLocation(result.location, basePath),
+                'Cache-Control': 'no-store'
+            },
+            body: '',
+            setCookies
+        };
+    }
+    if (result.kind === 'deny') {
+        const status = Number.isInteger(result.status) ? result.status : 403;
+        return {
+            status,
+            headers: { 'Content-Type': 'text/plain; charset=utf-8' },
+            body: clientFacingRouteMessage(status, result.message),
+            setCookies
+        };
+    }
+    if (result.kind === 'json') {
+        return {
+            status: Number.isInteger(result.status) ? result.status : 200,
+            headers: { 'Content-Type': 'application/json; charset=utf-8' },
+            body: serializeJsonBody(result.data),
+            setCookies
+        };
+    }
+    if (result.kind === 'text') {
+        return {
+            status: Number.isInteger(result.status) ? result.status : 200,
+            headers: { 'Content-Type': 'text/plain; charset=utf-8' },
+            body: result.body,
+            setCookies
+        };
+    }
+    if (result.kind === 'download') {
+        const body = decodeDownloadResultBody(result, 'resource download response');
+        return {
+            status: 200,
+            headers: {
+                'Content-Type': result.contentType,
+                'Content-Disposition': buildAttachmentContentDisposition(result.filename),
+                'Content-Length': String(body.byteLength)
+            },
+            body,
+            setCookies
+        };
+    }
+    return {
+        status: 500,
+        headers: { 'Content-Type': 'text/plain; charset=utf-8' },
+        body: defaultRouteDenyMessage(500),
+        setCookies
+    };
+}

package/dist/resource-route-module.d.ts

@@ -0,0 +1,15 @@
+export function isResourceRouteFile(fileName: any): boolean;
+export function resourceRouteFileToRoute(filePath: any, root: any): string;
+export function analyzeResourceRouteModule(fullPath: any, root: any): {
+    path: string;
+    file: string;
+    path_kind: string;
+    render_mode: string;
+    route_kind: string;
+    params: string[];
+    server_script: string;
+    server_script_path: any;
+    has_guard: boolean;
+    has_load: boolean;
+    has_action: boolean;
+};

package/dist/resource-route-module.js

@@ -0,0 +1,129 @@
+import { readFileSync } from 'node:fs';
+import { relative, sep } from 'node:path';
+const RESOURCE_EXTENSIONS = ['.resource.ts', '.resource.js', '.resource.mts', '.resource.cts', '.resource.mjs', '.resource.cjs'];
+const FORBIDDEN_RESOURCE_EXPORT_RE = /\bexport\s+const\s+(?:data|prerender|exportPaths|ssr_data|props|ssr)\b/;
+function readSingleExport(source, name) {
+    const fnMatch = source.match(new RegExp(`\\bexport\\s+(?:async\\s+)?function\\s+${name}\\s*\\(([^)]*)\\)`));
+    const constParenMatch = source.match(new RegExp(`\\bexport\\s+const\\s+${name}\\s*=\\s*(?:async\\s*)?\\(([^)]*)\\)\\s*=>`));
+    const constSingleArgMatch = source.match(new RegExp(`\\bexport\\s+const\\s+${name}\\s*=\\s*(?:async\\s*)?([a-zA-Z_$][a-zA-Z0-9_$]*)\\s*=>`));
+    const matchCount = Number(Boolean(fnMatch)) +
+        Number(Boolean(constParenMatch)) +
+        Number(Boolean(constSingleArgMatch));
+    return {
+        fnMatch,
+        constParenMatch,
+        constSingleArgMatch,
+        hasExport: matchCount > 0,
+        matchCount
+    };
+}
+function assertSingleCtxArg(sourceFile, name, exportMatch) {
+    const singleArg = String(exportMatch.constSingleArgMatch?.[1] || '').trim();
+    const paramsText = String((exportMatch.fnMatch || exportMatch.constParenMatch)?.[1] || '').trim();
+    const arity = singleArg ? 1 : paramsText.length === 0 ? 0 : paramsText.split(',').length;
+    if (arity !== 1) {
+        throw new Error(`Zenith resource route contract violation:\n` +
+            `  File: ${sourceFile}\n` +
+            `  Reason: ${name}(ctx) must accept exactly one argument\n` +
+            `  Example: export async function ${name}(ctx) { ... }`);
+    }
+}
+function segmentsToRoute(segments) {
+    const routeSegments = segments.map((seg) => {
+        const optionalCatchAllMatch = seg.match(/^\[\[\.\.\.([a-zA-Z_][a-zA-Z0-9_]*)\]\]$/);
+        if (optionalCatchAllMatch) {
+            return `*${optionalCatchAllMatch[1]}?`;
+        }
+        const catchAllMatch = seg.match(/^\[\.\.\.([a-zA-Z_][a-zA-Z0-9_]*)\]$/);
+        if (catchAllMatch) {
+            return `*${catchAllMatch[1]}`;
+        }
+        const paramMatch = seg.match(/^\[([a-zA-Z_][a-zA-Z0-9_]*)\]$/);
+        if (paramMatch) {
+            return `:${paramMatch[1]}`;
+        }
+        return seg;
+    });
+    if (routeSegments.length > 0) {
+        const last = routeSegments[routeSegments.length - 1];
+        if (last === 'index' || last === 'page') {
+            routeSegments.pop();
+        }
+    }
+    return `/${routeSegments.join('/')}`;
+}
+export function isResourceRouteFile(fileName) {
+    return RESOURCE_EXTENSIONS.some((extension) => fileName.endsWith(extension));
+}
+export function resourceRouteFileToRoute(filePath, root) {
+    const rel = relative(root, filePath);
+    const extension = RESOURCE_EXTENSIONS.find((candidate) => rel.endsWith(candidate));
+    if (!extension) {
+        throw new Error(`[Zenith CLI] Resource route "${filePath}" does not use a supported .resource.* extension.`);
+    }
+    const withoutExt = rel.slice(0, -extension.length);
+    const segments = withoutExt.split(sep).filter(Boolean);
+    const route = segmentsToRoute(segments);
+    return route === '/' ? '/' : route.replace(/\/+/g, '/');
+}
+export function analyzeResourceRouteModule(fullPath, root) {
+    const source = readFileSync(fullPath, 'utf8').trim();
+    if (!source) {
+        throw new Error(`Zenith resource route contract violation:\n` +
+            `  File: ${fullPath}\n` +
+            `  Reason: resource route module is empty\n` +
+            `  Example: export async function load(ctx) { return ctx.json({ ok: true }); }`);
+    }
+    if (FORBIDDEN_RESOURCE_EXPORT_RE.test(source)) {
+        throw new Error(`Zenith resource route contract violation:\n` +
+            `  File: ${fullPath}\n` +
+            `  Reason: resource routes may only export guard(ctx), load(ctx), and action(ctx)\n` +
+            `  Example: remove page-only exports such as data/prerender/exportPaths`);
+    }
+    const guardExport = readSingleExport(source, 'guard');
+    const loadExport = readSingleExport(source, 'load');
+    const actionExport = readSingleExport(source, 'action');
+    for (const [name, exportMatch] of [
+        ['guard', guardExport],
+        ['load', loadExport],
+        ['action', actionExport]
+    ]) {
+        if (exportMatch.matchCount > 1) {
+            throw new Error(`Zenith resource route contract violation:\n` +
+                `  File: ${fullPath}\n` +
+                `  Reason: multiple ${name} exports detected\n` +
+                `  Example: keep exactly one export for ${name}(ctx)`);
+        }
+        if (exportMatch.hasExport) {
+            assertSingleCtxArg(fullPath, name, exportMatch);
+        }
+    }
+    if (!loadExport.hasExport && !actionExport.hasExport) {
+        throw new Error(`Zenith resource route contract violation:\n` +
+            `  File: ${fullPath}\n` +
+            `  Reason: resource routes must export load(ctx), action(ctx), or both\n` +
+            `  Example: export async function load(ctx) { return ctx.text('ok'); }`);
+    }
+    return {
+        path: resourceRouteFileToRoute(fullPath, root),
+        file: relative(root, fullPath).replaceAll('\\', '/'),
+        path_kind: resourceRouteFileToRoute(fullPath, root).split('/').some((segment) => segment.startsWith(':') || segment.startsWith('*'))
+            ? 'dynamic'
+            : 'static',
+        render_mode: 'server',
+        route_kind: 'resource',
+        params: resourceRouteFileToRoute(fullPath, root)
+            .split('/')
+            .filter(Boolean)
+            .filter((segment) => segment.startsWith(':') || segment.startsWith('*'))
+            .map((segment) => {
+            const raw = segment.slice(1);
+            return raw.endsWith('?') ? raw.slice(0, -1) : raw;
+        }),
+        server_script: source,
+        server_script_path: fullPath,
+        has_guard: guardExport.hasExport,
+        has_load: loadExport.hasExport,
+        has_action: actionExport.hasExport
+    };
+}

package/dist/route-check-support.d.ts

@@ -0,0 +1 @@
+export function supportsTargetRouteCheck(target: any): boolean;

package/dist/route-check-support.js

@@ -0,0 +1,4 @@
+const ROUTE_CHECK_UNSUPPORTED_TARGETS = new Set(['vercel', 'netlify', 'static-export']);
+export function supportsTargetRouteCheck(target) {
+    return !ROUTE_CHECK_UNSUPPORTED_TARGETS.has(String(target || '').trim());
+}

package/dist/server-contract.d.ts

@@ -15,22 +15,45 @@ export function data(payload: any): {
     kind: string;
     data: any;
 };
-export function validateServerExports({ exports, filePath }: {
+export function invalid(payload: any, status?: number): {
+    kind: string;
+    data: any;
+    status: number;
+};
+export function json(payload: any, status?: number): {
+    kind: string;
+    data: any;
+    status: number;
+};
+export function text(body: any, status?: number): {
+    kind: string;
+    body: string;
+    status: number;
+};
+export function download(body: any, options?: {}): {
+    kind: string;
+    body: any;
+    bodyEncoding: string;
+    bodySize: number;
+    filename: string;
+    contentType: string;
+    status: number;
+};
+export function validateServerExports({ exports, filePath, routeKind }: {
     exports: any;
     filePath: any;
+    routeKind?: string | undefined;
 }): void;
 export function assertJsonSerializable(value: any, where?: string): void;
-export function resolveRouteResult({ exports, ctx, filePath, guardOnly }: {
+export function resolveRouteResult({ exports, ctx, filePath, guardOnly, routeKind }: {
     exports: any;
     ctx: any;
     filePath: any;
     guardOnly?: boolean | undefined;
+    routeKind?: string | undefined;
 }): Promise<{
     result: any;
-    trace: {
-        guard: string;
-        load: string;
-    };
+    trace: any;
 }>;
 export function resolveServerPayload({ exports, ctx, filePath }: {
     exports: any;