@zuplo/cli 6.70.27 → 6.70.29

package/node_modules/@zuplo/runtime/out/esm/mocks/index.js

@@ -22,5 +22,5 @@
  *  DEALINGS IN THE SOFTWARE.
  *--------------------------------------------------------------------------------------------*/
     
-import{b as d}from"../chunk-H7UGARU6.js";import{_ as n,a as t}from"../chunk-JAEQKE5H.js";function g(u={request:new Request("https://api.example.com")}){let e=[];function o(i){e.push(Promise.resolve(i))}return t(o,"waitUntil"),{context:new s({event:{waitUntil:o},route:u.route}),invokeResponse:t(async()=>{await Promise.all(e)},"invokeResponse")}}t(g,"createMockContext");var p={path:"/",methods:["GET"],handler:{module:{},export:"default"},raw:t(()=>({}),"raw")},s=class extends EventTarget{static{t(this,"MockZuploContext")}#e;contextId;requestId;log;route;custom;incomingRequestProperties;parentContext;analyticsContext;constructor({event:e,route:o=p,parentContext:r}){super(),this.requestId=crypto.randomUUID(),this.contextId=crypto.randomUUID(),this.log={info:n.console.info,log:n.console.log,debug:n.console.debug,warn:n.console.warn,error:n.console.error,setLogProperties:t(()=>{},"setLogProperties")},this.custom={},this.route=o,this.incomingRequestProperties={asn:1234,asOrganization:"ORGANIZATION",city:"Seattle",region:"Washington",regionCode:"WA",colo:"SEA",continent:"NA",country:"US",postalCode:"98004",metroCode:"SEA",latitude:void 0,longitude:void 0,timezone:void 0,httpProtocol:void 0,clientCert:void 0,clientMtlsVerificationStatus:void 0,clientMtlsVerificationReason:void 0},this.parentContext=r,this.#e=e,this.analyticsContext=new d(this.requestId)}waitUntil(e){this.#e.waitUntil(e)}invokeInboundPolicy(e,o){throw new Error("Not implemented")}invokeOutboundPolicy(e,o,r){throw new Error("Not implemented")}invokeRoute(e,o){throw new Error("Not implemented")}addResponseSendingHook(e){throw new Error("Not implemented")}addResponseSendingFinalHook(e){throw new Error("Not implemented")}addEventListener(e,o,r){let l=t(i=>{try{typeof o=="function"?o(i):o.handleEvent(i)}catch(a){throw this.log.error(`Error invoking event ${e}. See following logs for details.`),a}},"wrapped");super.addEventListener(e,l,r)}};export{s as MockZuploContext,g as createMockContext};
+import{b as d}from"../chunk-F7DJMBWH.js";import{_ as n,a as t}from"../chunk-JAEQKE5H.js";function g(u={request:new Request("https://api.example.com")}){let e=[];function o(i){e.push(Promise.resolve(i))}return t(o,"waitUntil"),{context:new s({event:{waitUntil:o},route:u.route}),invokeResponse:t(async()=>{await Promise.all(e)},"invokeResponse")}}t(g,"createMockContext");var p={path:"/",methods:["GET"],handler:{module:{},export:"default"},raw:t(()=>({}),"raw")},s=class extends EventTarget{static{t(this,"MockZuploContext")}#e;contextId;requestId;log;route;custom;incomingRequestProperties;parentContext;analyticsContext;constructor({event:e,route:o=p,parentContext:r}){super(),this.requestId=crypto.randomUUID(),this.contextId=crypto.randomUUID(),this.log={info:n.console.info,log:n.console.log,debug:n.console.debug,warn:n.console.warn,error:n.console.error,setLogProperties:t(()=>{},"setLogProperties")},this.custom={},this.route=o,this.incomingRequestProperties={asn:1234,asOrganization:"ORGANIZATION",city:"Seattle",region:"Washington",regionCode:"WA",colo:"SEA",continent:"NA",country:"US",postalCode:"98004",metroCode:"SEA",latitude:void 0,longitude:void 0,timezone:void 0,httpProtocol:void 0,clientCert:void 0,clientMtlsVerificationStatus:void 0,clientMtlsVerificationReason:void 0},this.parentContext=r,this.#e=e,this.analyticsContext=new d(this.requestId)}waitUntil(e){this.#e.waitUntil(e)}invokeInboundPolicy(e,o){throw new Error("Not implemented")}invokeOutboundPolicy(e,o,r){throw new Error("Not implemented")}invokeRoute(e,o){throw new Error("Not implemented")}addResponseSendingHook(e){throw new Error("Not implemented")}addResponseSendingFinalHook(e){throw new Error("Not implemented")}addEventListener(e,o,r){let l=t(i=>{try{typeof o=="function"?o(i):o.handleEvent(i)}catch(a){throw this.log.error(`Error invoking event ${e}. See following logs for details.`),a}},"wrapped");super.addEventListener(e,l,r)}};export{s as MockZuploContext,g as createMockContext};
 //# sourceMappingURL=index.js.map

package/node_modules/@zuplo/runtime/out/types/index.d.ts

@@ -8957,6 +8957,42 @@ export declare interface SetStatusOutboundPolicyOptions {
   statusText?: string;
 }
 
+/**
+ * Sets a single header on the incoming request, typically used to attach an
+ * API key for the upstream service. A more directed version of the
+ * `SetHeadersInboundPolicy` that defaults the header name to `Authorization`
+ * and is intended to be used with an `$env()` reference for the value.
+ *
+ * @title Set Upstream API Key
+ * @product api-gateway
+ * @public
+ * @param request - The ZuploRequest
+ * @param context - The ZuploContext
+ * @param options - The policy options set in policies.json
+ * @param policyName - The name of the policy as set in policies.json
+ * @returns A Request or a Response
+ */
+export declare const SetUpstreamApiKeyInboundPolicy: InboundPolicyHandler<SetUpstreamApiKeyInboundPolicyOptions>;
+
+/**
+ * The options for this policy.
+ * @public
+ */
+export declare interface SetUpstreamApiKeyInboundPolicyOptions {
+  /**
+   * The name of the header to set on the request. Defaults to `Authorization`.
+   */
+  header?: string;
+  /**
+   * The value of the header. Most commonly an environment variable reference such as `Bearer $env(UPSTREAM_API_KEY)` so the secret is sourced from your environment.
+   */
+  value: string;
+  /**
+   * Overwrite the value if the header is already present in the request.
+   */
+  overwrite?: boolean;
+}
+
 /**
  * Function type for determining if a request should be logged
  * @public

package/node_modules/@zuplo/runtime/out/types/mcp-gateway/index.d.ts

@@ -973,7 +973,7 @@ export declare interface McpAuth0OAuthInboundPolicyOptions {
   /**
    * The Auth0 client_secret. Use $env(...) to source from a secret environment variable.
    */
-  clientSecret?: string;
+  clientSecret: string;
   /**
    * OIDC scopes requested during browser login.
    */
@@ -1076,9 +1076,9 @@ export declare interface McpOAuthInboundPolicyOptions {
      */
     jwksUrl: string;
     /**
-     * Expected audience claim on tokens issued for the gateway.
+     * Optional IdP audience value. Leave unset when browser login ID tokens use the OIDC client_id as their audience.
      */
-    audience: string;
+    audience?: string;
   };
   /**
    * Browser-side OAuth/OIDC settings used when the gateway redirects the user to the identity provider for login.
@@ -1097,7 +1097,7 @@ export declare interface McpOAuthInboundPolicyOptions {
      */
     clientId?: string;
     /**
-     * The OIDC client_secret. Use $env(...) to source from a secret environment variable.
+     * The OIDC client_secret. Required for federated browser login. Use $env(...) to source from a secret environment variable.
      */
     clientSecret?: string;
     /**

package/node_modules/@zuplo/runtime/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@zuplo/runtime",
   "type": "module",
-  "version": "6.70.27",
+  "version": "6.70.29",
   "repository": "https://github.com/zuplo/zuplo",
   "author": "Zuplo, Inc.",
   "exports": {

package/node_modules/hono/dist/adapter/bun/serve-static.js

@@ -2,7 +2,7 @@
 import { stat } from "node:fs/promises";
 import { join } from "node:path";
 import { serveStatic as baseServeStatic } from "../../middleware/serve-static/index.js";
-var serveStatic = (options) => {
+var serveStatic = (options = {}) => {
   return async function serveStatic2(c, next) {
     const getContent = async (path) => {
       const file = Bun.file(path);

package/node_modules/hono/dist/adapter/cloudflare-workers/serve-static.js

@@ -1,7 +1,7 @@
 // src/adapter/cloudflare-workers/serve-static.ts
 import { serveStatic as baseServeStatic } from "../../middleware/serve-static/index.js";
 import { getContentFromKVAsset } from "./utils.js";
-var serveStatic = (options) => {
+var serveStatic = (options = {}) => {
   return async function serveStatic2(c, next) {
     const getContent = async (path) => {
       return getContentFromKVAsset(path, {

package/node_modules/hono/dist/adapter/deno/serve-static.js

@@ -2,7 +2,7 @@
 import { join } from "node:path";
 import { serveStatic as baseServeStatic } from "../../middleware/serve-static/index.js";
 var { open, lstatSync, errors } = Deno;
-var serveStatic = (options) => {
+var serveStatic = (options = {}) => {
   return async function serveStatic2(c, next) {
     const getContent = async (path) => {
       try {

package/node_modules/hono/dist/cjs/adapter/bun/serve-static.js

@@ -23,7 +23,7 @@ module.exports = __toCommonJS(serve_static_exports);
 var import_promises = require("node:fs/promises");
 var import_node_path = require("node:path");
 var import_serve_static = require("../../middleware/serve-static");
-const serveStatic = (options) => {
+const serveStatic = (options = {}) => {
   return async function serveStatic2(c, next) {
     const getContent = async (path) => {
       const file = Bun.file(path);

package/node_modules/hono/dist/cjs/adapter/cloudflare-workers/serve-static.js

@@ -22,7 +22,7 @@ __export(serve_static_exports, {
 module.exports = __toCommonJS(serve_static_exports);
 var import_serve_static = require("../../middleware/serve-static");
 var import_utils = require("./utils");
-const serveStatic = (options) => {
+const serveStatic = (options = {}) => {
   return async function serveStatic2(c, next) {
     const getContent = async (path) => {
       return (0, import_utils.getContentFromKVAsset)(path, {

package/node_modules/hono/dist/cjs/adapter/deno/serve-static.js

@@ -23,7 +23,7 @@ module.exports = __toCommonJS(serve_static_exports);
 var import_node_path = require("node:path");
 var import_serve_static = require("../../middleware/serve-static");
 const { open, lstatSync, errors } = Deno;
-const serveStatic = (options) => {
+const serveStatic = (options = {}) => {
   return async function serveStatic2(c, next) {
     const getContent = async (path) => {
       try {

package/node_modules/hono/dist/cjs/middleware/cache/index.js

@@ -21,19 +21,14 @@ __export(cache_exports, {
 });
 module.exports = __toCommonJS(cache_exports);
 const defaultCacheableStatusCodes = [200];
-const shouldSkipCache = (res) => {
-  if (res.headers.has("Vary")) {
-    return true;
+const shouldSkipCacheControl = (cacheControl) => !!cacheControl && /(?:^|,\s*)(?:private|no-(?:store|cache))(?:\s*(?:=|,|$))/i.test(cacheControl);
+const parseVaryDirectives = (vary) => {
+  if (vary == null) {
+    return [];
   }
-  const cacheControl = res.headers.get("Cache-Control");
-  if (cacheControl && /(?:^|,\s*)(?:private|no-(?:store|cache))(?:\s*(?:=|,|$))/i.test(cacheControl)) {
-    return true;
-  }
-  if (res.headers.has("Set-Cookie")) {
-    return true;
-  }
-  return false;
+  return (Array.isArray(vary) ? vary : vary.split(",")).map((directive) => directive.trim().toLowerCase()).filter(Boolean);
 };
+const shouldSkipCache = (res, optionsVaryDirectives, responseVary) => responseVary.length && (!optionsVaryDirectives || responseVary.some((name) => !optionsVaryDirectives.has(name))) || shouldSkipCacheControl(res.headers.get("Cache-Control")) || res.headers.has("Set-Cookie");
 const cache = (options) => {
   if (!globalThis.caches) {
     if (options.onCacheNotAvailable === false) {
@@ -48,8 +43,9 @@ const cache = (options) => {
     options.wait = false;
   }
   const cacheControlDirectives = options.cacheControl?.split(",").map((directive) => directive.toLowerCase());
-  const varyDirectives = Array.isArray(options.vary) ? options.vary : options.vary?.split(",").map((directive) => directive.trim());
-  if (options.vary?.includes("*")) {
+  const optionsVaryList = parseVaryDirectives(options.vary);
+  const varyDirectives = optionsVaryList.length ? new Set(optionsVaryList) : void 0;
+  if (varyDirectives?.has("*")) {
     throw new Error(
       'Middleware vary configuration cannot include "*", as it disallows effective caching.'
     );
@@ -57,7 +53,7 @@ const cache = (options) => {
   const cacheableStatusCodes = new Set(
     options.cacheableStatusCodes ?? defaultCacheableStatusCodes
   );
-  const addHeader = (c) => {
+  const addHeader = (c, responseVary) => {
     if (cacheControlDirectives) {
       const existingDirectives = c.res.headers.get("Cache-Control")?.split(",").map((d) => d.trim().split("=", 1)[0]) ?? [];
       for (const directive of cacheControlDirectives) {
@@ -69,16 +65,18 @@ const cache = (options) => {
       }
     }
     if (varyDirectives) {
-      const existingDirectives = c.res.headers.get("Vary")?.split(",").map((d) => d.trim()) ?? [];
-      const vary = Array.from(
-        new Set(
-          [...existingDirectives, ...varyDirectives].map((directive) => directive.toLowerCase())
-        )
-      ).sort();
-      if (vary.includes("*")) {
-        c.header("Vary", "*");
+      if (responseVary.length === 0) {
+        c.header("Vary", Array.from(varyDirectives).join(", "));
       } else {
-        c.header("Vary", vary.join(", "));
+        const merged = new Set(varyDirectives);
+        for (const directive of responseVary) {
+          merged.add(directive);
+        }
+        if (merged.has("*")) {
+          c.header("Vary", "*");
+        } else {
+          c.header("Vary", Array.from(merged).join(", "));
+        }
       }
     }
   };
@@ -91,6 +89,12 @@ const cache = (options) => {
     if (options.keyGenerator) {
       key = await options.keyGenerator(c);
     }
+    if (varyDirectives) {
+      for (const directive of varyDirectives) {
+        const value = c.req.raw.headers.get(directive) ?? "";
+        key += `::${directive}=${encodeURIComponent(value)}`;
+      }
+    }
     const cacheName = typeof options.cacheName === "function" ? await options.cacheName(c) : options.cacheName;
     const cache3 = await caches.open(cacheName);
     const response = await cache3.match(key);
@@ -101,8 +105,9 @@ const cache = (options) => {
     if (!cacheableStatusCodes.has(c.res.status)) {
       return;
     }
-    addHeader(c);
-    if (shouldSkipCache(c.res)) {
+    const responseVary = parseVaryDirectives(c.res.headers.get("Vary"));
+    addHeader(c, responseVary);
+    if (shouldSkipCache(c.res, varyDirectives, responseVary)) {
       return;
     }
     const res = c.res.clone();

package/node_modules/hono/dist/cjs/request.js

@@ -169,6 +169,21 @@ class HonoRequest {
   arrayBuffer() {
     return this.#cachedBody("arrayBuffer");
   }
+  /**
+   * `.bytes()` parses the request body as a `Uint8Array`.
+   *
+   * @see {@link https://hono.dev/docs/api/request#bytes}
+   *
+   * @example
+   * ```ts
+   * app.post('/entry', async (c) => {
+   *   const body = await c.req.bytes()
+   * })
+   * ```
+   */
+  bytes() {
+    return this.#cachedBody("arrayBuffer").then((buffer) => new Uint8Array(buffer));
+  }
   /**
    * Parses the request body as a `Blob`.
    * @example

package/node_modules/hono/dist/cjs/utils/cookie.js

@@ -72,14 +72,14 @@ const parse = (cookie, name) => {
     return {};
   }
   const pairs = cookie.split(";");
-  const parsedCookie = {};
+  const parsedCookie = /* @__PURE__ */ Object.create(null);
   for (const pairStr of pairs) {
     const valueStartPos = pairStr.indexOf("=");
     if (valueStartPos === -1) {
       continue;
     }
     const cookieName = trimCookieWhitespace(pairStr.substring(0, valueStartPos));
-    if (name && name !== cookieName || !validCookieNameRegEx.test(cookieName)) {
+    if (name && name !== cookieName || !validCookieNameRegEx.test(cookieName) || cookieName in parsedCookie) {
       continue;
     }
     let cookieValue = trimCookieWhitespace(pairStr.substring(valueStartPos + 1));
@@ -96,7 +96,7 @@ const parse = (cookie, name) => {
   return parsedCookie;
 };
 const parseSigned = async (cookie, secret, name) => {
-  const parsedCookie = {};
+  const parsedCookie = /* @__PURE__ */ Object.create(null);
   const secretKey = await getCryptoKey(secret);
   for (const [key, value] of Object.entries(parse(cookie, name))) {
     const signatureStartPos = value.lastIndexOf(".");

package/node_modules/hono/dist/cjs/utils/stream.js

@@ -48,7 +48,9 @@ class StreamingApi {
         done ? controller.close() : controller.enqueue(value);
       },
       cancel: () => {
-        this.abort();
+        if (!this.closed) {
+          this.abort();
+        }
       }
     });
   }
@@ -70,11 +72,11 @@ class StreamingApi {
     return new Promise((res) => setTimeout(res, ms));
   }
   async close() {
+    this.closed = true;
     try {
       await this.writer.close();
     } catch {
     }
-    this.closed = true;
   }
   async pipe(body) {
     this.writer.releaseLock();

package/node_modules/hono/dist/middleware/cache/index.js

@@ -1,18 +1,13 @@
 // src/middleware/cache/index.ts
 var defaultCacheableStatusCodes = [200];
-var shouldSkipCache = (res) => {
-  if (res.headers.has("Vary")) {
-    return true;
+var shouldSkipCacheControl = (cacheControl) => !!cacheControl && /(?:^|,\s*)(?:private|no-(?:store|cache))(?:\s*(?:=|,|$))/i.test(cacheControl);
+var parseVaryDirectives = (vary) => {
+  if (vary == null) {
+    return [];
   }
-  const cacheControl = res.headers.get("Cache-Control");
-  if (cacheControl && /(?:^|,\s*)(?:private|no-(?:store|cache))(?:\s*(?:=|,|$))/i.test(cacheControl)) {
-    return true;
-  }
-  if (res.headers.has("Set-Cookie")) {
-    return true;
-  }
-  return false;
+  return (Array.isArray(vary) ? vary : vary.split(",")).map((directive) => directive.trim().toLowerCase()).filter(Boolean);
 };
+var shouldSkipCache = (res, optionsVaryDirectives, responseVary) => responseVary.length && (!optionsVaryDirectives || responseVary.some((name) => !optionsVaryDirectives.has(name))) || shouldSkipCacheControl(res.headers.get("Cache-Control")) || res.headers.has("Set-Cookie");
 var cache = (options) => {
   if (!globalThis.caches) {
     if (options.onCacheNotAvailable === false) {
@@ -27,8 +22,9 @@ var cache = (options) => {
     options.wait = false;
   }
   const cacheControlDirectives = options.cacheControl?.split(",").map((directive) => directive.toLowerCase());
-  const varyDirectives = Array.isArray(options.vary) ? options.vary : options.vary?.split(",").map((directive) => directive.trim());
-  if (options.vary?.includes("*")) {
+  const optionsVaryList = parseVaryDirectives(options.vary);
+  const varyDirectives = optionsVaryList.length ? new Set(optionsVaryList) : void 0;
+  if (varyDirectives?.has("*")) {
     throw new Error(
       'Middleware vary configuration cannot include "*", as it disallows effective caching.'
     );
@@ -36,7 +32,7 @@ var cache = (options) => {
   const cacheableStatusCodes = new Set(
     options.cacheableStatusCodes ?? defaultCacheableStatusCodes
   );
-  const addHeader = (c) => {
+  const addHeader = (c, responseVary) => {
     if (cacheControlDirectives) {
       const existingDirectives = c.res.headers.get("Cache-Control")?.split(",").map((d) => d.trim().split("=", 1)[0]) ?? [];
       for (const directive of cacheControlDirectives) {
@@ -48,16 +44,18 @@ var cache = (options) => {
       }
     }
     if (varyDirectives) {
-      const existingDirectives = c.res.headers.get("Vary")?.split(",").map((d) => d.trim()) ?? [];
-      const vary = Array.from(
-        new Set(
-          [...existingDirectives, ...varyDirectives].map((directive) => directive.toLowerCase())
-        )
-      ).sort();
-      if (vary.includes("*")) {
-        c.header("Vary", "*");
+      if (responseVary.length === 0) {
+        c.header("Vary", Array.from(varyDirectives).join(", "));
       } else {
-        c.header("Vary", vary.join(", "));
+        const merged = new Set(varyDirectives);
+        for (const directive of responseVary) {
+          merged.add(directive);
+        }
+        if (merged.has("*")) {
+          c.header("Vary", "*");
+        } else {
+          c.header("Vary", Array.from(merged).join(", "));
+        }
       }
     }
   };
@@ -70,6 +68,12 @@ var cache = (options) => {
     if (options.keyGenerator) {
       key = await options.keyGenerator(c);
     }
+    if (varyDirectives) {
+      for (const directive of varyDirectives) {
+        const value = c.req.raw.headers.get(directive) ?? "";
+        key += `::${directive}=${encodeURIComponent(value)}`;
+      }
+    }
     const cacheName = typeof options.cacheName === "function" ? await options.cacheName(c) : options.cacheName;
     const cache3 = await caches.open(cacheName);
     const response = await cache3.match(key);
@@ -80,8 +84,9 @@ var cache = (options) => {
     if (!cacheableStatusCodes.has(c.res.status)) {
       return;
     }
-    addHeader(c);
-    if (shouldSkipCache(c.res)) {
+    const responseVary = parseVaryDirectives(c.res.headers.get("Vary"));
+    addHeader(c, responseVary);
+    if (shouldSkipCache(c.res, varyDirectives, responseVary)) {
       return;
     }
     const res = c.res.clone();

package/node_modules/hono/dist/request.js

@@ -147,6 +147,21 @@ var HonoRequest = class {
   arrayBuffer() {
     return this.#cachedBody("arrayBuffer");
   }
+  /**
+   * `.bytes()` parses the request body as a `Uint8Array`.
+   *
+   * @see {@link https://hono.dev/docs/api/request#bytes}
+   *
+   * @example
+   * ```ts
+   * app.post('/entry', async (c) => {
+   *   const body = await c.req.bytes()
+   * })
+   * ```
+   */
+  bytes() {
+    return this.#cachedBody("arrayBuffer").then((buffer) => new Uint8Array(buffer));
+  }
   /**
    * Parses the request body as a `Blob`.
    * @example