npm - alepha - Versions diffs - 0.14.3 → 0.15.0 - Mend

alepha 0.14.3 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (317) hide show

package/README.md +2 -5
package/dist/api/audits/index.d.ts +620 -811
package/dist/api/audits/index.d.ts.map +1 -1
package/dist/api/files/index.d.ts +185 -377
package/dist/api/files/index.d.ts.map +1 -1
package/dist/api/files/index.js +0 -1
package/dist/api/files/index.js.map +1 -1
package/dist/api/jobs/index.d.ts +245 -435
package/dist/api/jobs/index.d.ts.map +1 -1
package/dist/api/notifications/index.d.ts +238 -429
package/dist/api/notifications/index.d.ts.map +1 -1
package/dist/api/parameters/index.d.ts +236 -427
package/dist/api/parameters/index.d.ts.map +1 -1
package/dist/api/users/index.browser.js +1 -2
package/dist/api/users/index.browser.js.map +1 -1
package/dist/api/users/index.d.ts +1010 -1196
package/dist/api/users/index.d.ts.map +1 -1
package/dist/api/users/index.js +178 -151
package/dist/api/users/index.js.map +1 -1
package/dist/api/verifications/index.d.ts +17 -17
package/dist/api/verifications/index.d.ts.map +1 -1
package/dist/batch/index.d.ts +122 -122
package/dist/batch/index.d.ts.map +1 -1
package/dist/batch/index.js +1 -2
package/dist/batch/index.js.map +1 -1
package/dist/bucket/index.d.ts +163 -163
package/dist/bucket/index.d.ts.map +1 -1
package/dist/cache/core/index.d.ts +46 -46
package/dist/cache/core/index.d.ts.map +1 -1
package/dist/cache/redis/index.d.ts.map +1 -1
package/dist/cli/index.d.ts +384 -285
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +1113 -623
package/dist/cli/index.js.map +1 -1
package/dist/command/index.d.ts +299 -300
package/dist/command/index.d.ts.map +1 -1
package/dist/command/index.js +13 -9
package/dist/command/index.js.map +1 -1
package/dist/core/index.browser.js +445 -103
package/dist/core/index.browser.js.map +1 -1
package/dist/core/index.d.ts +733 -625
package/dist/core/index.d.ts.map +1 -1
package/dist/core/index.js +446 -103
package/dist/core/index.js.map +1 -1
package/dist/core/index.native.js +445 -103
package/dist/core/index.native.js.map +1 -1
package/dist/datetime/index.d.ts +44 -44
package/dist/datetime/index.d.ts.map +1 -1
package/dist/datetime/index.js +4 -4
package/dist/datetime/index.js.map +1 -1
package/dist/email/index.d.ts +97 -50
package/dist/email/index.d.ts.map +1 -1
package/dist/email/index.js +129 -33
package/dist/email/index.js.map +1 -1
package/dist/fake/index.d.ts +7981 -14
package/dist/fake/index.d.ts.map +1 -1
package/dist/file/index.d.ts +523 -390
package/dist/file/index.d.ts.map +1 -1
package/dist/file/index.js +253 -1
package/dist/file/index.js.map +1 -1
package/dist/lock/core/index.d.ts +208 -208
package/dist/lock/core/index.d.ts.map +1 -1
package/dist/lock/redis/index.d.ts.map +1 -1
package/dist/logger/index.d.ts +25 -26
package/dist/logger/index.d.ts.map +1 -1
package/dist/logger/index.js +12 -2
package/dist/logger/index.js.map +1 -1
package/dist/mcp/index.d.ts +197 -197
package/dist/mcp/index.d.ts.map +1 -1
package/dist/mcp/index.js +1 -1
package/dist/mcp/index.js.map +1 -1
package/dist/orm/chunk-DtkW-qnP.js +38 -0
package/dist/orm/index.browser.js.map +1 -1
package/dist/orm/index.bun.js +2814 -0
package/dist/orm/index.bun.js.map +1 -0
package/dist/orm/index.d.ts +1228 -1216
package/dist/orm/index.d.ts.map +1 -1
package/dist/orm/index.js +2041 -1967
package/dist/orm/index.js.map +1 -1
package/dist/queue/core/index.d.ts +248 -248
package/dist/queue/core/index.d.ts.map +1 -1
package/dist/queue/redis/index.d.ts.map +1 -1
package/dist/redis/index.bun.js +285 -0
package/dist/redis/index.bun.js.map +1 -0
package/dist/redis/index.d.ts +118 -136
package/dist/redis/index.d.ts.map +1 -1
package/dist/redis/index.js +18 -38
package/dist/redis/index.js.map +1 -1
package/dist/retry/index.d.ts +69 -69
package/dist/retry/index.d.ts.map +1 -1
package/dist/router/index.d.ts +6 -6
package/dist/router/index.d.ts.map +1 -1
package/dist/scheduler/index.d.ts +25 -25
package/dist/scheduler/index.d.ts.map +1 -1
package/dist/security/index.browser.js +5 -1
package/dist/security/index.browser.js.map +1 -1
package/dist/security/index.d.ts +417 -254
package/dist/security/index.d.ts.map +1 -1
package/dist/security/index.js +386 -86
package/dist/security/index.js.map +1 -1
package/dist/server/auth/index.d.ts +110 -110
package/dist/server/auth/index.d.ts.map +1 -1
package/dist/server/auth/index.js +20 -20
package/dist/server/auth/index.js.map +1 -1
package/dist/server/cache/index.d.ts +62 -47
package/dist/server/cache/index.d.ts.map +1 -1
package/dist/server/cache/index.js +56 -3
package/dist/server/cache/index.js.map +1 -1
package/dist/server/compress/index.d.ts +6 -0
package/dist/server/compress/index.d.ts.map +1 -1
package/dist/server/compress/index.js +36 -1
package/dist/server/compress/index.js.map +1 -1
package/dist/server/cookies/index.d.ts +6 -6
package/dist/server/cookies/index.d.ts.map +1 -1
package/dist/server/cookies/index.js +3 -3
package/dist/server/cookies/index.js.map +1 -1
package/dist/server/core/index.browser.js +2 -2
package/dist/server/core/index.browser.js.map +1 -1
package/dist/server/core/index.d.ts +242 -150
package/dist/server/core/index.d.ts.map +1 -1
package/dist/server/core/index.js +294 -125
package/dist/server/core/index.js.map +1 -1
package/dist/server/cors/index.d.ts +11 -12
package/dist/server/cors/index.d.ts.map +1 -1
package/dist/server/health/index.d.ts +0 -1
package/dist/server/health/index.d.ts.map +1 -1
package/dist/server/helmet/index.d.ts +2 -2
package/dist/server/helmet/index.d.ts.map +1 -1
package/dist/server/links/index.browser.js.map +1 -1
package/dist/server/links/index.d.ts +123 -124
package/dist/server/links/index.d.ts.map +1 -1
package/dist/server/links/index.js +1 -2
package/dist/server/links/index.js.map +1 -1
package/dist/server/metrics/index.d.ts.map +1 -1
package/dist/server/multipart/index.d.ts +6 -6
package/dist/server/multipart/index.d.ts.map +1 -1
package/dist/server/proxy/index.d.ts +102 -103
package/dist/server/proxy/index.d.ts.map +1 -1
package/dist/server/rate-limit/index.d.ts +16 -16
package/dist/server/rate-limit/index.d.ts.map +1 -1
package/dist/server/static/index.d.ts +44 -44
package/dist/server/static/index.d.ts.map +1 -1
package/dist/server/static/index.js +4 -0
package/dist/server/static/index.js.map +1 -1
package/dist/server/swagger/index.d.ts +48 -49
package/dist/server/swagger/index.d.ts.map +1 -1
package/dist/server/swagger/index.js +3 -5
package/dist/server/swagger/index.js.map +1 -1
package/dist/sms/index.d.ts +13 -11
package/dist/sms/index.d.ts.map +1 -1
package/dist/sms/index.js +7 -7
package/dist/sms/index.js.map +1 -1
package/dist/thread/index.d.ts +71 -72
package/dist/thread/index.d.ts.map +1 -1
package/dist/topic/core/index.d.ts +318 -318
package/dist/topic/core/index.d.ts.map +1 -1
package/dist/topic/redis/index.d.ts +6 -6
package/dist/topic/redis/index.d.ts.map +1 -1
package/dist/vite/index.d.ts +5805 -249
package/dist/vite/index.d.ts.map +1 -1
package/dist/vite/index.js +599 -513
package/dist/vite/index.js.map +1 -1
package/dist/websocket/index.browser.js +6 -6
package/dist/websocket/index.browser.js.map +1 -1
package/dist/websocket/index.d.ts +247 -247
package/dist/websocket/index.d.ts.map +1 -1
package/dist/websocket/index.js +6 -6
package/dist/websocket/index.js.map +1 -1
package/package.json +9 -14
package/src/api/files/controllers/AdminFileStatsController.ts +0 -1
package/src/api/users/atoms/realmAuthSettingsAtom.ts +5 -0
package/src/api/users/controllers/{UserRealmController.ts → RealmController.ts} +11 -11
package/src/api/users/entities/users.ts +1 -1
package/src/api/users/index.ts +8 -8
package/src/api/users/primitives/{$userRealm.ts → $realm.ts} +17 -19
package/src/api/users/providers/{UserRealmProvider.ts → RealmProvider.ts} +26 -30
package/src/api/users/schemas/{userRealmConfigSchema.ts → realmConfigSchema.ts} +2 -2
package/src/api/users/services/CredentialService.ts +7 -7
package/src/api/users/services/IdentityService.ts +4 -4
package/src/api/users/services/RegistrationService.spec.ts +25 -27
package/src/api/users/services/RegistrationService.ts +38 -27
package/src/api/users/services/SessionCrudService.ts +3 -3
package/src/api/users/services/SessionService.spec.ts +3 -3
package/src/api/users/services/SessionService.ts +28 -9
package/src/api/users/services/UserService.ts +7 -7
package/src/batch/providers/BatchProvider.ts +1 -2
package/src/cli/apps/AlephaCli.ts +0 -2
package/src/cli/apps/AlephaPackageBuilderCli.ts +38 -19
package/src/cli/assets/apiHelloControllerTs.ts +18 -0
package/src/cli/assets/apiIndexTs.ts +16 -0
package/src/cli/assets/claudeMd.ts +303 -0
package/src/cli/assets/mainBrowserTs.ts +2 -2
package/src/cli/assets/mainServerTs.ts +24 -0
package/src/cli/assets/webAppRouterTs.ts +15 -0
package/src/cli/assets/webHelloComponentTsx.ts +16 -0
package/src/cli/assets/webIndexTs.ts +16 -0
package/src/cli/atoms/buildOptions.ts +88 -0
package/src/cli/commands/build.ts +70 -87
package/src/cli/commands/db.ts +21 -22
package/src/cli/commands/deploy.ts +17 -5
package/src/cli/commands/dev.ts +22 -14
package/src/cli/commands/format.ts +8 -2
package/src/cli/commands/gen/env.ts +53 -0
package/src/cli/commands/gen/openapi.ts +1 -1
package/src/cli/commands/gen/resource.ts +15 -0
package/src/cli/commands/gen.ts +7 -1
package/src/cli/commands/init.ts +74 -30
package/src/cli/commands/lint.ts +8 -2
package/src/cli/commands/test.ts +8 -3
package/src/cli/commands/typecheck.ts +5 -1
package/src/cli/commands/verify.ts +5 -3
package/src/cli/defineConfig.ts +49 -7
package/src/cli/index.ts +0 -1
package/src/cli/services/AlephaCliUtils.ts +39 -589
package/src/cli/services/PackageManagerUtils.ts +301 -0
package/src/cli/services/ProjectScaffolder.ts +306 -0
package/src/command/helpers/Runner.spec.ts +2 -2
package/src/command/helpers/Runner.ts +16 -4
package/src/command/primitives/$command.ts +0 -6
package/src/command/providers/CliProvider.ts +1 -3
package/src/core/Alepha.ts +42 -0
package/src/core/__tests__/Alepha-graph.spec.ts +4 -0
package/src/core/index.shared.ts +1 -0
package/src/core/index.ts +2 -0
package/src/core/primitives/$hook.ts +6 -2
package/src/core/primitives/$module.spec.ts +4 -0
package/src/core/providers/AlsProvider.ts +1 -1
package/src/core/providers/CodecManager.spec.ts +12 -6
package/src/core/providers/CodecManager.ts +26 -6
package/src/core/providers/EventManager.ts +169 -13
package/src/core/providers/KeylessJsonSchemaCodec.spec.ts +621 -0
package/src/core/providers/KeylessJsonSchemaCodec.ts +407 -0
package/src/core/providers/StateManager.spec.ts +27 -16
package/src/email/providers/LocalEmailProvider.spec.ts +111 -87
package/src/email/providers/LocalEmailProvider.ts +52 -15
package/src/email/providers/NodemailerEmailProvider.ts +167 -56
package/src/file/errors/FileError.ts +7 -0
package/src/file/index.ts +9 -1
package/src/file/providers/MemoryFileSystemProvider.ts +393 -0
package/src/logger/index.ts +15 -3
package/src/mcp/transports/StdioMcpTransport.ts +1 -1
package/src/orm/index.browser.ts +1 -19
package/src/orm/index.bun.ts +77 -0
package/src/orm/index.shared-server.ts +22 -0
package/src/orm/index.shared.ts +15 -0
package/src/orm/index.ts +13 -39
package/src/orm/providers/drivers/BunPostgresProvider.ts +3 -5
package/src/orm/providers/drivers/BunSqliteProvider.ts +1 -1
package/src/orm/providers/drivers/CloudflareD1Provider.ts +4 -0
package/src/orm/providers/drivers/DatabaseProvider.ts +4 -0
package/src/orm/providers/drivers/PglitePostgresProvider.ts +4 -0
package/src/orm/services/Repository.ts +8 -0
package/src/queue/core/providers/WorkerProvider.spec.ts +48 -32
package/src/redis/index.bun.ts +35 -0
package/src/redis/providers/BunRedisProvider.ts +12 -43
package/src/redis/providers/BunRedisSubscriberProvider.ts +2 -3
package/src/redis/providers/NodeRedisProvider.ts +16 -34
package/src/{server/security → security}/__tests__/BasicAuth.spec.ts +11 -11
package/src/{server/security → security}/__tests__/ServerSecurityProvider-realm.spec.ts +21 -16
package/src/{server/security/providers → security/__tests__}/ServerSecurityProvider.spec.ts +5 -5
package/src/security/index.browser.ts +5 -0
package/src/security/index.ts +90 -7
package/src/security/primitives/{$realm.spec.ts → $issuer.spec.ts} +11 -11
package/src/security/primitives/{$realm.ts → $issuer.ts} +20 -17
package/src/security/primitives/$role.ts +5 -5
package/src/security/primitives/$serviceAccount.spec.ts +5 -5
package/src/security/primitives/$serviceAccount.ts +3 -3
package/src/{server/security → security}/providers/ServerSecurityProvider.ts +5 -7
package/src/server/auth/primitives/$auth.ts +10 -10
package/src/server/auth/primitives/$authCredentials.ts +3 -3
package/src/server/auth/primitives/$authGithub.ts +3 -3
package/src/server/auth/primitives/$authGoogle.ts +3 -3
package/src/server/auth/providers/ServerAuthProvider.ts +13 -13
package/src/server/cache/providers/ServerCacheProvider.spec.ts +183 -0
package/src/server/cache/providers/ServerCacheProvider.ts +95 -10
package/src/server/compress/providers/ServerCompressProvider.ts +61 -2
package/src/server/cookies/providers/ServerCookiesProvider.ts +3 -3
package/src/server/core/helpers/ServerReply.ts +2 -2
package/src/server/core/providers/NodeHttpServerProvider.ts +25 -6
package/src/server/core/providers/ServerBodyParserProvider.ts +19 -23
package/src/server/core/providers/ServerLoggerProvider.ts +23 -19
package/src/server/core/providers/ServerProvider.ts +155 -22
package/src/server/core/providers/ServerRouterProvider.ts +259 -115
package/src/server/core/providers/ServerTimingProvider.ts +2 -2
package/src/server/links/index.ts +1 -1
package/src/server/links/providers/LinkProvider.ts +1 -1
package/src/server/static/providers/ServerStaticProvider.ts +10 -0
package/src/server/swagger/index.ts +1 -1
package/src/server/swagger/providers/ServerSwaggerProvider.ts +5 -8
package/src/sms/providers/LocalSmsProvider.spec.ts +153 -111
package/src/sms/providers/LocalSmsProvider.ts +8 -7
package/src/vite/helpers/boot.ts +28 -17
package/src/vite/helpers/importViteReact.ts +13 -0
package/src/vite/index.ts +1 -21
package/src/vite/plugins/viteAlephaDev.ts +16 -1
package/src/vite/plugins/viteAlephaSsrPreload.ts +222 -0
package/src/vite/tasks/buildClient.ts +11 -0
package/src/vite/tasks/buildServer.ts +59 -4
package/src/vite/tasks/devServer.ts +71 -0
package/src/vite/tasks/generateCloudflare.ts +7 -0
package/src/vite/tasks/index.ts +2 -1
package/dist/server/security/index.browser.js +0 -13
package/dist/server/security/index.browser.js.map +0 -1
package/dist/server/security/index.d.ts +0 -173
package/dist/server/security/index.d.ts.map +0 -1
package/dist/server/security/index.js +0 -311
package/dist/server/security/index.js.map +0 -1
package/src/cli/assets/appRouterTs.ts +0 -9
package/src/cli/assets/mainTs.ts +0 -13
package/src/cli/assets/viteConfigTs.ts +0 -14
package/src/cli/commands/run.ts +0 -24
package/src/server/security/index.browser.ts +0 -10
package/src/server/security/index.ts +0 -94
package/src/vite/plugins/viteAlepha.ts +0 -37
package/src/vite/plugins/viteAlephaBuild.ts +0 -281
/package/src/{server/security → security}/primitives/$basicAuth.ts +0 -0
/package/src/{server/security → security}/providers/ServerBasicAuthProvider.ts +0 -0

package/src/vite/plugins/viteAlephaSsrPreload.ts ADDED Viewed

@@ -0,0 +1,222 @@
+import { createHash } from "node:crypto";
+import { existsSync, mkdirSync, writeFileSync } from "node:fs";
+import { dirname, join, relative, resolve } from "node:path";
+import type { Plugin } from "vite";
+/**
+ * Preload manifest mapping short keys to source paths.
+ * Generated at build time, consumed by SSRManifestProvider at runtime.
+ */
+export interface PreloadManifest {
+  [key: string]: string;
+}
+/**
+ * Vite plugin that generates a preload manifest for SSR module preloading.
+ *
+ * Instead of injecting source paths directly into $page definitions (which would
+ * leak component paths in the browser bundle), this plugin:
+ *
+ * 1. Collects all lazy import paths from $page definitions during transform
+ * 2. Generates a manifest file mapping short keys to resolved source paths
+ * 3. Injects only the short key into $page definitions
+ *
+ * The manifest is written to `.vite/preload-manifest.json` alongside Vite's
+ * other manifests. The CLI build command moves all manifests to
+ * `dist/server/.ssr/` where SSRManifestProvider loads them at runtime.
+ *
+ * Before:
+ * ```typescript
+ * $page({
+ *   path: '/users/:id',
+ *   lazy: () => import('./UserDetail.tsx'),
+ * })
+ * ```
+ *
+ * After:
+ * ```typescript
+ * $page({
+ *   path: '/users/:id',
+ *   lazy: () => import('./UserDetail.tsx'),
+ *   [Symbol.for("alepha.page.preload")]: "a1b2c3",
+ * })
+ * ```
+ *
+ * Manifest (.alepha/preload-manifest.json):
+ * ```json
+ * {
+ *   "a1b2c3": "src/pages/UserDetail.tsx"
+ * }
+ * ```
+ */
+export function viteAlephaSsrPreload(): Plugin {
+  let root = "";
+  const preloadMap = new Map<string, string>(); // key -> sourcePath
+  /**
+   * Generate a short hash key for a source path.
+   * Uses first 8 chars of MD5 hash for brevity while avoiding collisions.
+   */
+  function generateKey(sourcePath: string): string {
+    return createHash("md5").update(sourcePath).digest("hex").slice(0, 8);
+  }
+  return {
+    name: "alepha-preload",
+    configResolved(config) {
+      root = config.root;
+    },
+    transform(code, id) {
+      // Only process TypeScript/JavaScript files
+      if (!id.match(/\.[tj]sx?$/)) {
+        return null;
+      }
+      // Skip node_modules
+      if (id.includes("node_modules")) {
+        return null;
+      }
+      // Quick check if file contains $page with lazy
+      if (!code.includes("$page") || !code.includes("lazy")) {
+        return null;
+      }
+      // Collect all insertions first, then apply in reverse order
+      const insertions: Array<{ position: number; text: string }> = [];
+      // Find all $page({ occurrences
+      const pageStartRegex = /\$page\s*\(\s*\{/g;
+      let pageMatch: RegExpExecArray | null = pageStartRegex.exec(code);
+      while (pageMatch !== null) {
+        const startIndex = pageMatch.index;
+        const objectStartIndex = startIndex + pageMatch[0].length - 1; // Position of '{'
+        // Find the matching closing brace using brace counting
+        let braceCount = 1;
+        let i = objectStartIndex + 1;
+        while (i < code.length && braceCount > 0) {
+          if (code[i] === "{") braceCount++;
+          else if (code[i] === "}") braceCount--;
+          i++;
+        }
+        // Malformed, skip
+        if (braceCount !== 0) {
+          pageMatch = pageStartRegex.exec(code);
+          continue;
+        }
+        const objectEndIndex = i - 1; // Position of matching '}'
+        const pageContent = code.slice(objectStartIndex, objectEndIndex + 1);
+        // Skip if already has preload symbol
+        if (pageContent.includes("alepha.page.preload")) {
+          pageMatch = pageStartRegex.exec(code);
+          continue;
+        }
+        // Find lazy: () => import('...') within this $page block
+        const lazyRegex =
+          /lazy\s*:\s*\(\s*\)\s*=>\s*import\s*\(\s*['"]([^'"]+)['"]\s*\)/;
+        const lazyMatch = lazyRegex.exec(pageContent);
+        if (!lazyMatch) {
+          pageMatch = pageStartRegex.exec(code);
+          continue;
+        }
+        const importPath = lazyMatch[1];
+        // Resolve the import path relative to the current file
+        const currentDir = dirname(id);
+        let resolvedPath: string;
+        if (importPath.startsWith(".")) {
+          // Relative import
+          resolvedPath = resolve(currentDir, importPath);
+        } else if (importPath.startsWith("/")) {
+          // Absolute import from root
+          resolvedPath = resolve(root, importPath.slice(1));
+        } else {
+          // Package import - skip preloading for external packages
+          pageMatch = pageStartRegex.exec(code);
+          continue;
+        }
+        // Make path relative to root for SSR manifest lookup
+        let relativePath = relative(root, resolvedPath);
+        // Normalize path separators for cross-platform compatibility
+        relativePath = relativePath.replace(/\\/g, "/");
+        // Handle extension - Vite resolves .jsx imports to .tsx files
+        // Try to use .tsx when the source has .jsx since TypeScript is more common
+        if (!relativePath.match(/\.[tj]sx?$/)) {
+          relativePath = `${relativePath}.tsx`;
+        } else if (relativePath.endsWith(".jsx")) {
+          // Import said .jsx but actual file is likely .tsx
+          relativePath = relativePath.replace(/\.jsx$/, ".tsx");
+        } else if (relativePath.endsWith(".js")) {
+          // Import said .js but actual file is likely .ts
+          relativePath = relativePath.replace(/\.js$/, ".ts");
+        }
+        // Generate short key and store mapping
+        const key = generateKey(relativePath);
+        preloadMap.set(key, relativePath);
+        // Check if we need a comma (look at character before closing brace)
+        const beforeBrace = code.slice(0, objectEndIndex).trimEnd();
+        const needsComma = !beforeBrace.endsWith(",");
+        // Use Symbol.for() so it can be looked up at runtime without importing
+        // Only inject the short key, not the full path
+        const preloadProperty = `${needsComma ? "," : ""} [Symbol.for("alepha.page.preload")]: "${key}"`;
+        insertions.push({ position: objectEndIndex, text: preloadProperty });
+        pageMatch = pageStartRegex.exec(code);
+      }
+      if (insertions.length === 0) {
+        return null;
+      }
+      // Apply insertions in reverse order to preserve positions
+      let result = code;
+      for (let j = insertions.length - 1; j >= 0; j--) {
+        const { position, text } = insertions[j];
+        result = result.slice(0, position) + text + result.slice(position);
+      }
+      return {
+        code: result,
+        map: null,
+      };
+    },
+    writeBundle(options) {
+      // Only process client build (outputs to dist/public or similar)
+      // Skip server build which outputs to dist/server
+      const outDir = options.dir || "";
+      if (outDir.includes("server")) {
+        return;
+      }
+      // Write the preload manifest to the same .vite directory Vite uses
+      // The CLI build command will move all manifests to dist/server/.ssr/
+      if (preloadMap.size > 0) {
+        const viteDir = join(outDir, ".vite");
+        // Ensure .vite directory exists
+        if (!existsSync(viteDir)) {
+          mkdirSync(viteDir, { recursive: true });
+        }
+        const manifest: PreloadManifest = Object.fromEntries(preloadMap);
+        const manifestPath = join(viteDir, "preload-manifest.json");
+        writeFileSync(manifestPath, JSON.stringify(manifest, null, 2));
+      }
+    },
+  };
+}

package/src/vite/tasks/buildClient.ts CHANGED Viewed

@@ -2,6 +2,8 @@ import type { UserConfig } from "vite";
 import { analyzer as viteAnalyzer } from "vite-bundle-analyzer";
 import { createBufferedLogger } from "../helpers/createBufferedLogger.ts";
 import { importVite } from "../helpers/importVite.ts";
+import { importViteReact } from "../helpers/importViteReact.ts";
+import { viteAlephaSsrPreload } from "../plugins/viteAlephaSsrPreload.ts";
 import {
   type ViteCompressOptions,
   viteCompress,
@@ -62,6 +64,12 @@ export async function buildClient(opts: BuildClientOptions): Promise<void> {
   const { build: viteBuild, mergeConfig } = await importVite();
   const plugins: any[] = [];
+  const viteReact = await importViteReact();
+  if (viteReact) plugins.push(viteReact());
+  // Add preload plugin for SSR module preloading
+  plugins.push(viteAlephaSsrPreload());
   const compress: ViteCompressOptions | undefined = opts.precompress
     ? typeof opts.precompress === "object"
       ? opts.precompress
@@ -93,6 +101,9 @@ export async function buildClient(opts: BuildClientOptions): Promise<void> {
     build: {
       chunkSizeWarningLimit: 1000,
       outDir: opts.dist,
+      // Generate manifest for SSR module preloading
+      manifest: true,
+      ssrManifest: true,
       rollupOptions: {
         output: {
           entryFileNames: "entry.[hash].js",

package/src/vite/tasks/buildServer.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { readFile, writeFile } from "node:fs/promises";
+import { readFile, rm, writeFile } from "node:fs/promises";
 import { join } from "node:path";
 import { AlephaError } from "alepha";
 import type * as vite from "vite";
@@ -6,6 +6,8 @@ import type { UserConfig } from "vite";
 import { analyzer as viteAnalyzer } from "vite-bundle-analyzer";
 import { createBufferedLogger } from "../helpers/createBufferedLogger.ts";
 import { importVite } from "../helpers/importVite.ts";
+import { importViteReact } from "../helpers/importViteReact.ts";
+import { viteAlephaSsrPreload } from "../plugins/viteAlephaSsrPreload.ts";
 import { generateExternals } from "./generateExternals.ts";
 export interface BuildServerOptions {
@@ -41,6 +43,11 @@ export interface BuildServerOptions {
    * @default false
    */
   silent?: boolean;
+  /**
+   * Add more entry point conditions for SSR module resolution (e.g., "bun").
+   */
+  conditions?: string[];
 }
 export interface BuildServerResult {
@@ -63,6 +70,13 @@ export async function buildServer(
   const { build: viteBuild, mergeConfig } = await importVite();
   const plugins: any[] = [];
+  const viteReact = await importViteReact();
+  if (viteReact && opts.clientDir) {
+    plugins.push(viteReact());
+  }
+  plugins.push(viteAlephaSsrPreload());
   if (opts.stats) {
     plugins.push(
       viteAnalyzer({
@@ -74,6 +88,11 @@ export async function buildServer(
   // Create buffered logger for silent mode
   const logger = opts.silent ? createBufferedLogger() : undefined;
+  const conditions = ["node", "import", "module", "default"];
+  if (opts.conditions) {
+    conditions.unshift(...opts.conditions);
+  }
   const viteBuildServerConfig: UserConfig = {
     mode: "production",
     logLevel: opts.silent ? "silent" : undefined,
@@ -83,15 +102,16 @@ export async function buildServer(
     publicDir: false,
     ssr: {
       noExternal: true,
+      resolve: { conditions },
     },
     build: {
-      sourcemap: true, // or "hidden" if you don't want to expose source maps
+      sourcemap: true,
       ssr: opts.entry,
       outDir: `${opts.distDir}/server`,
       minify: true,
       chunkSizeWarningLimit: 10000,
       rollupOptions: {
-        external: ["bun"],
+        external: [/^bun(:|$)/, /^cloudflare:/],
         output: {
           entryFileNames: "[hash].js",
           chunkFileNames: "[hash].js",
@@ -138,6 +158,29 @@ export async function buildServer(
     template = `__alepha.set("alepha.react.server.template", \`${index.replace(/>\s*</g, "><").trim()}\`);\n`;
   }
+  // Embed SSR manifests if client was built
+  // This bundles all manifest data into index.js for serverless deployments
+  let manifest = "";
+  if (opts.clientDir) {
+    const viteDir = `${opts.distDir}/${opts.clientDir}/.vite`;
+    const ssrManifest = await loadJsonFile(`${viteDir}/ssr-manifest.json`);
+    const clientManifest = await loadJsonFile(`${viteDir}/manifest.json`);
+    const preloadManifest = await loadJsonFile(
+      `${viteDir}/preload-manifest.json`,
+    );
+    const combined = {
+      ssr: ssrManifest,
+      client: clientManifest,
+      preload: preloadManifest,
+    };
+    manifest = `__alepha.set("alepha.react.ssr.manifest", ${JSON.stringify(combined)});\n`;
+    // Remove .vite directory - no longer needed at runtime
+    await rm(viteDir, { recursive: true, force: true });
+  }
   const warning =
     "// This file was automatically generated. DO NOT MODIFY." +
     "\n" +
@@ -145,12 +188,24 @@ export async function buildServer(
   await writeFile(
     `${opts.distDir}/index.js`,
-    `${warning}\nimport './server/${entryFile}';\n\n${template}`.trim(),
+    `${warning}\n${template}${manifest}import './server/${entryFile}';\n`.trim(),
   );
   return { entryFile };
 }
+/**
+ * Load a JSON file, returning undefined if it doesn't exist.
+ */
+async function loadJsonFile(path: string): Promise<any> {
+  try {
+    const content = await readFile(path, "utf-8");
+    return JSON.parse(content);
+  } catch {
+    return undefined;
+  }
+}
 /**
  * Extract entry filename from Vite build result.
  */

package/src/vite/tasks/devServer.ts ADDED Viewed

@@ -0,0 +1,71 @@
+import type { InlineConfig } from "vite";
+import { importVite } from "../helpers/importVite.ts";
+import { importViteReact } from "../helpers/importViteReact.ts";
+import { viteAlephaDev } from "../plugins/viteAlephaDev.ts";
+import { viteAlephaSsrPreload } from "../plugins/viteAlephaSsrPreload.ts";
+export interface DevServerOptions {
+  /**
+   * Path to the server entry file.
+   * If not provided, will auto-detect.
+   */
+  entry?: string;
+  /**
+   * Port to run the dev server on.
+   */
+  port?: number;
+  /**
+   * Host to bind the dev server to.
+   */
+  host?: string | boolean;
+  /**
+   * Enable debug logging.
+   */
+  debug?: boolean;
+}
+/**
+ * Start Vite development server with Alepha plugins.
+ *
+ * This task starts the Vite dev server with all required plugins:
+ * - @vitejs/plugin-react (JSX/TSX compilation)
+ * - viteAlephaDev (Alepha server integration)
+ * - viteAlephaSsrPreload (SSR module preloading)
+ */
+export async function devServer(opts: DevServerOptions = {}): Promise<void> {
+  const { createServer, mergeConfig } = await importVite();
+  const plugins: any[] = [];
+  // Add React plugin for JSX/TSX compilation
+  const viteReact = await importViteReact();
+  if (viteReact) plugins.push(viteReact());
+  // Add SSR preload plugin
+  plugins.push(viteAlephaSsrPreload());
+  // Add Alepha dev plugin
+  plugins.push(
+    await viteAlephaDev({
+      serverEntry: opts.entry,
+      debug: opts.debug,
+    }),
+  );
+  const config: InlineConfig = {
+    plugins,
+    server: {
+      port: opts.port,
+      host: opts.host,
+    },
+  };
+  const server = await createServer(mergeConfig(config, {}));
+  await server.listen();
+  console.log(""); // blank line
+  server.printUrls();
+  server.bindCLIShortcuts({ print: true });
+}

package/src/vite/tasks/generateCloudflare.ts CHANGED Viewed

@@ -45,6 +45,13 @@ export async function generateCloudflare(
     main: "./main.cloudflare.js",
     compatibility_flags: ["nodejs_compat"],
     compatibility_date: "2025-11-17",
+    no_bundle: true,
+    rules: [
+      {
+        type: "ESModule",
+        globs: ["index.js", "server/*.js"],
+      },
+    ],
     ...opts.config,
   };

package/src/vite/tasks/index.ts CHANGED Viewed

@@ -2,7 +2,7 @@
  * Build tasks for Alepha applications.
  *
  * These tasks can be used by:
- * - Vite plugins (viteAlephaDev, viteAlephaBuild)
+ * - Vite plugins (viteAlephaDev, viteAlephaSsrPreload)
  * - CLI commands (alepha build, alepha dev)
  *
  * Each task is a standalone async function with explicit inputs and outputs.
@@ -13,6 +13,7 @@
 export * from "./buildClient.ts";
 export * from "./buildServer.ts";
 export * from "./copyAssets.ts";
+export * from "./devServer.ts";
 export * from "./generateCloudflare.ts";
 export * from "./generateDocker.ts";
 export * from "./generateExternals.ts";

package/dist/server/security/index.browser.js DELETED Viewed

@@ -1,13 +0,0 @@
-import { $module } from "alepha";
-import { AlephaSecurity } from "alepha/security";
-import { AlephaServer } from "alepha/server";
-//#region ../../src/server/security/index.browser.ts
-const AlephaServerSecurity = $module({
-	name: "alepha.server.security",
-	services: [AlephaServer, AlephaSecurity]
-});
-//#endregion
-export { AlephaServerSecurity };
-//# sourceMappingURL=index.browser.js.map

package/dist/server/security/index.browser.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.browser.js","names":[],"sources":["../../../src/server/security/index.browser.ts"],"sourcesContent":["import { $module } from \"alepha\";\nimport { AlephaSecurity } from \"alepha/security\";\nimport { AlephaServer } from \"alepha/server\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport const AlephaServerSecurity = $module({\n name: \"alepha.server.security\",\n services: [AlephaServer, AlephaSecurity],\n});\n"],"mappings":";;;;;AAMA,MAAa,uBAAuB,QAAQ;CAC1C,MAAM;CACN,UAAU,CAAC,cAAc,eAAe;CACzC,CAAC"}

package/dist/server/security/index.d.ts DELETED Viewed

@@ -1,173 +0,0 @@
-import * as alepha1 from "alepha";
-import { Alepha, KIND, Primitive } from "alepha";
-import { JwtProvider, Permission, SecurityProvider, UserAccount, UserAccountToken } from "alepha/security";
-import { FetchOptions, ServerRequest, ServerRouterProvider } from "alepha/server";
-import * as alepha_logger0 from "alepha/logger";
-//#region ../../src/server/security/providers/ServerBasicAuthProvider.d.ts
-interface BasicAuthOptions {
-  username: string;
-  password: string;
-}
-interface BasicAuthPrimitiveConfig extends BasicAuthOptions {
-  /** Name identifier for this basic auth (default: property key) */
-  name?: string;
-  /** Path patterns to match (supports wildcards like /devtools/*) */
-  paths?: string[];
-}
-declare class ServerBasicAuthProvider {
-  protected readonly alepha: Alepha;
-  protected readonly log: alepha_logger0.Logger;
-  protected readonly routerProvider: ServerRouterProvider;
-  protected readonly realm = "Secure Area";
-  /**
-   * Registered basic auth primitives with their configurations
-   */
-  readonly registeredAuths: BasicAuthPrimitiveConfig[];
-  /**
-   * Register a basic auth configuration (called by primitives)
-   */
-  registerAuth(config: BasicAuthPrimitiveConfig): void;
-  readonly onStart: alepha1.HookPrimitive<"start">;
-  /**
-   * Hook into server:onRequest to check basic auth
-   */
-  readonly onRequest: alepha1.HookPrimitive<"server:onRequest">;
-  /**
-   * Hook into action:onRequest to check basic auth for actions
-   */
-  readonly onActionRequest: alepha1.HookPrimitive<"action:onRequest">;
-  /**
-   * Check basic authentication
-   */
-  checkAuth(request: ServerRequest, options: BasicAuthOptions): void;
-  /**
-   * Performs a timing-safe comparison of credentials to prevent timing attacks.
-   * Always compares both username and password to avoid leaking which one is wrong.
-   */
-  protected timingSafeCredentialCheck(inputUsername: string, inputPassword: string, expectedUsername: string, expectedPassword: string): boolean;
-  /**
-   * Compares two buffers in constant time, handling different lengths safely.
-   * Returns 1 if equal, 0 if not equal.
-   */
-  protected safeCompare(input: Buffer, expected: Buffer): number;
-  /**
-   * Send WWW-Authenticate header
-   */
-  protected sendAuthRequired(request: ServerRequest): void;
-}
-declare const isBasicAuth: (value: unknown) => value is {
-  basic: BasicAuthOptions;
-};
-//#endregion
-//#region ../../src/server/security/providers/ServerSecurityProvider.d.ts
-declare class ServerSecurityProvider {
-  protected readonly log: alepha_logger0.Logger;
-  protected readonly securityProvider: SecurityProvider;
-  protected readonly jwtProvider: JwtProvider;
-  protected readonly alepha: Alepha;
-  protected readonly onConfigure: alepha1.HookPrimitive<"configure">;
-  protected readonly onActionRequest: alepha1.HookPrimitive<"action:onRequest">;
-  protected readonly onRequest: alepha1.HookPrimitive<"server:onRequest">;
-  protected check(user: UserAccountToken, secure: ServerRouteSecure): void;
-  /**
-   * Get the user account token for a local action call.
-   * There are three possible sources for the user:
-   * - `options.user`: the user passed in the options
-   * - `"system"`: the system user from the state (you MUST set state `server.security.system.user`)
-   * - `"context"`: the user from the request context (you MUST be in an HTTP request context)
-   *
-   * Priority order: `options.user` > `"system"` > `"context"`.
-   *
-   * In testing environment, if no user is provided, a test user is created based on the SecurityProvider's roles.
-   */
-  protected createUserFromLocalFunctionContext(options: {
-    user?: UserAccountToken | "system" | "context";
-  }, permission?: Permission): UserAccountToken;
-  protected createTestUser(): UserAccountToken;
-  protected readonly onClientRequest: alepha1.HookPrimitive<"client:onRequest">;
-}
-type ServerRouteSecure = {
-  realm?: string;
-  basic?: BasicAuthOptions;
-};
-//#endregion
-//#region ../../src/server/security/primitives/$basicAuth.d.ts
-/**
- * Declares HTTP Basic Authentication for server routes.
- * This primitive provides methods to protect routes with username/password authentication.
- */
-declare const $basicAuth: {
-  (options: BasicAuthPrimitiveConfig): AbstractBasicAuthPrimitive;
-  [KIND]: typeof BasicAuthPrimitive;
-};
-interface AbstractBasicAuthPrimitive {
-  readonly name: string;
-  readonly options: BasicAuthPrimitiveConfig;
-  check(request: ServerRequest, options?: BasicAuthOptions): void;
-}
-declare class BasicAuthPrimitive extends Primitive<BasicAuthPrimitiveConfig> implements AbstractBasicAuthPrimitive {
-  protected readonly serverBasicAuthProvider: ServerBasicAuthProvider;
-  get name(): string;
-  protected onInit(): void;
-  /**
-   * Checks basic auth for the given request using this primitive's configuration.
-   */
-  check(request: ServerRequest, options?: BasicAuthOptions): void;
-}
-//#endregion
-//#region ../../src/server/security/index.d.ts
-declare module "alepha" {
-  interface State {
-    /**
-     * Real (or fake) user account, used for internal actions.
-     *
-     * If you define this, you assume that all actions are executed by this user by default.
-     * > To force a different user, you need to pass it explicitly in the options.
-     */
-    "alepha.server.security.system.user"?: UserAccountToken;
-    /**
-     * The authenticated user account attached to the server request state.
-     *
-     * @internal
-     */
-    "alepha.server.request.user"?: UserAccount;
-  }
-}
-declare module "alepha/server" {
-  interface ServerRequest<TConfig> {
-    user?: UserAccountToken;
-  }
-  interface ServerActionRequest<TConfig> {
-    user: UserAccountToken;
-  }
-  interface ServerRoute {
-    /**
-     * If true, the route will be protected by the security provider.
-     * All actions are secure by default, but you can disable it for specific actions.
-     */
-    secure?: boolean | ServerRouteSecure;
-  }
-  interface ClientRequestOptions extends FetchOptions {
-    /**
-     * Forward user from the previous request.
-     * If "system", use system user. @see {ServerSecurityProvider.localSystemUser}
-     * If "context", use the user from the current context (e.g. request).
-     *
-     * @default "system" if provided, else "context" if available.
-     */
-    user?: UserAccountToken | "system" | "context";
-  }
-}
-/**
- * Plugin for Alepha Server that provides security features. Based on the Alepha Security module.
- *
- * By default, all $action will be guarded by a permission check.
- *
- * @see {@link ServerSecurityProvider}
- * @module alepha.server.security
- */
-declare const AlephaServerSecurity: alepha1.Service<alepha1.Module>;
-//#endregion
-export { $basicAuth, AbstractBasicAuthPrimitive, AlephaServerSecurity, BasicAuthOptions, BasicAuthPrimitive, BasicAuthPrimitiveConfig, ServerBasicAuthProvider, ServerRouteSecure, ServerSecurityProvider, isBasicAuth };
-//# sourceMappingURL=index.d.ts.map

package/dist/server/security/index.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.d.ts","names":[],"sources":["../../../src/server/security/providers/ServerBasicAuthProvider.ts","../../../src/server/security/providers/ServerSecurityProvider.ts","../../../src/server/security/primitives/$basicAuth.ts","../../../src/server/security/index.ts"],"sourcesContent":[],"mappings":";;;;;;;UAWiB,gBAAA;;;;UAKA,wBAAA,SAAiC;EALjC;EAKA,IAAA,CAAA,EAAA,MAAA;EASJ;EACc,KAAA,CAAA,EAAA,MAAA,EAAA;;AAEQ,cAHtB,uBAAA,CAGsB;EAMA,mBAAA,MAAA,EARR,MAQQ;EAKL,mBAAA,GAAA,EAbH,cAAA,CACH,MAYM;EAAwB,mBAI7B,cAAA,EAfU,oBAeV;EAAA,mBA8BE,KAAA,GAAA,aAAA;EAAA;;;EAuGI,SAAA,eAAA,EA9II,wBA8IJ,EAAA;EAAkB;;;EAoBpC,YAAA,CAAA,MAMZ,EAnK6B,wBA+JO,CAAA,EAAA,IAAA;oBA/JiB,OAAA,CAI7B;;;ACtBzB;EAAmC,SAAA,SACX,EDqBC,OAAA,CA8BE,aCnDH,CAAA,kBAAA,CAAA;EACa;;;EAEV,SAEK,eAAA,ED8CL,OAAA,CAiBM,aC/DD,CAAA,kBAAA,CAAA;EAAA;;;EA4IkB,SAAA,CAAA,OAAA,EDhEtB,aCgEsB,EAAA,OAAA,EDhEE,gBCgEF,CAAA,EAAA,IAAA;EAsB5B;;;;EA+DwB,UAQV,yBAAA,CAAA,aAAA,EAAA,MAAA,EAAA,aAAA,EAAA,MAAA,EAAA,gBAAA,EAAA,MAAA,EAAA,gBAAA,EAAA,MAAA,CAAA,EAAA,OAAA;EAAA;AAmCpC;;;+BDvH+B,kBAAkB;EEpKpC;;;sCFmLyB;;cAKzB;EEhLI,KAAA,EFkLI,gBElLJ;CAEG;;;cDDP,sBAAA;0BAAsB,cAAA,CACX;uCACa;kCACL;EDbf,mBAAgB,MAAA,ECcN,MDdM;EAKhB,mBAAA,WAAyB,ECSf,OAAA,CAEK,aDXkC,CAAA,WAAA,CAAA;EASrD,mBAAA,eAAuB,ECEJ,OAAA,CA8BI,aDhCA,CAAA,kBAAA,CAAA;EACT,mBAAA,SAAA,EC+BS,OAAA,CA8CN,aD7EH,CAAA,kBAAA,CAAA;EAAA,UAAA,KACH,CAAA,IAAA,EC4IA,gBD5IA,EAAA,MAAA,EC4I0B,iBD5I1B,CAAA,EAAA,IAAA;EACW;;;;;;;;;;;EAmKgB,UAAA,kCAAA,CAAA,OAAA,EAAA;IAKtC,IAAA,CAAA,ECPS,gBDSD,GAAA,QAAA,GAAA,SAAgB;kBCRpB,aACZ;8BA6DyB;sCAAgB,OAAA,CAQV;AA/OpC;AAAmC,KAkRvB,iBAAA,GAjRY;EACa,KAAA,CAAA,EAAA,MAAA;EACL,KAAA,CAAA,EAiRtB,gBAjRsB;CACL;;;;;;ADd3B;AAKiB,cEJJ,UFI6B,EAAA;EAS7B,CAAA,OAAA,EEZF,wBFYyB,CAAA,EEXjC,0BFWiC;EACT,MAAA,EAAA,yBAAA;CAAA;AAEQ,UERlB,0BAAA,CFQkB;EAMA,SAAA,IAAA,EAAA,MAAA;EAKL,SAAA,OAAA,EEjBV,wBFiBU;EAAwB,KAI7B,CAAA,OAAA,EEpBR,aFoBQ,EAAA,OAAA,CAAA,EEpBiB,gBFoBjB,CAAA,EAAA,IAAA;;AA8BE,cE/Cd,kBAAA,SACH,SF+DuB,CE/Db,wBF+Da,CAAA,YE9DpB,0BF8DoB,CAAA;EAaL,mBAAA,uBAAA,EEzEgB,uBFyEhB;EAAwB,IAAA,IAAA,CAAA,CAAA,EAAA,MAAA;EAyErB,UAAA,MAAA,CAAA,CAAA,EAAA,IAAA;EAAkB;;;EAoBpC,KAAA,CAAA,OAAA,EExJW,aF0JH,EAAA,OAAgB,CAAhB,EE1J4B,gBF0JZ,CAAA,EAAA,IAAA;;;;;EA3LpB,UAAA,KAAA,CAAA;IAKA;AASjB;;;;;IAc8B,oCAAA,CAAA,EGLa,gBHKb;IAAwB;;;;;IAyIvB,4BAAA,CAAA,EGvII,WHuIJ;EAAkB;;eAeE,eAAA,CAAA;EAKtC,UAAA,aAMZ,CAAA,OAJoB,CAAA,CAAA;WGvJV;;;IF1BE,IAAA,EE8BH,gBF9ByB;EAAA;EAEE,UAAA,WAAA,CAAA;IACL;;;;IAiCI,MA8CN,CAAA,EAAA,OAAA,GE5CP,iBF4CO;EAgEN;EAA0B,UAAA,oBAAA,SEzGT,YFyGS,CAAA;IAsB5B;;;;;;AA0GtB;WEjOW;;;AD1DX;;;;;;AAQA;;AAGiB,cC6DJ,oBD7DI,EC6DgB,OAAA,CAAA,OD7DhB,CCsEf,OAAA,CAT+B,MAAA,CD7DhB"}