brustjs 0.1.23-alpha → 0.1.25-alpha

package/runtime/routes.ts

@@ -11,6 +11,8 @@ import { Buffer } from 'node:buffer'
 import * as native from './index.js'
 import { renderBranchStreaming } from './render/stream.ts'
 import { runInStoreContext, collectSnapshot } from './store/server-context.ts'
+import { runInRequestCache } from './loader-cache.ts'
+import { runInRequestScope, __scope } from './request-context.ts'
 import {
   loadIslandManifest,
   resolveIslandContext,
@@ -18,10 +20,21 @@ import {
   resolveComponentContext,
 } from './islands/native-render.ts'
 import type { IslandCache } from './islands/native-render.ts'
+import { isActionError, type ActionError, type ActionErrorBody } from './action-error.ts'
 import type { EndpointDef } from './define-actions.ts'
 import { isRespondSentinel, makeRespond } from './define-actions.ts'
 import { validate } from './standard-schema.ts'
 
+// S2 + B3 — unified per-request scope. The request scope (B3 cookies/context) is
+// the OUTERMOST layer, then the request-scoped loader cache/dedupe (S2: one Map
+// per request for `cachedFetch`/`dedupe` across loaders AND render), then the
+// store scope (per-request store instance). `reqCookies` is the parsed incoming
+// Cookie header so a loader's `cookies.get` reads it and `cookies.set` stages
+// onto this scope (flushed onto response headers via flushSetCookie).
+function runInRequestContext<T>(reqCookies: Record<string, string>, fn: () => T): T {
+  return runInRequestScope(reqCookies, () => runInRequestCache(() => runInStoreContext(fn)))
+}
+
 // Sub-project J — island ISR cache, backed by the Rust-side store (shared across
 // the worker pool) via NAPI. napi-rs maps snake→camel: island_cache_get →
 // islandCacheGet, island_cache_set → islandCacheSet. `as any` avoids depending on
@@ -180,6 +193,54 @@ export function isNativeVerdict(x: unknown): x is NativeVerdict {
   )
 }
 
+/** Loader context passed to native chain loaders. */
+export interface NativeLoaderCtx {
+  params: Record<string, string>
+  path: string
+  req: BrustRequest
+}
+
+/** Result of running a native route's chain loaders top-down: either a merged
+ * flat context object (all loader results shallow-merged, child keys win), or
+ * the first verdict encountered (top-down) which short-circuits the chain. */
+export type NativeChainResult = { data: Record<string, unknown> } | { verdict: NativeVerdict }
+
+/** Run a native route's `flat.chain` loaders top-down (parent → leaf) and merge
+ * their results into ONE flat context object.
+ *
+ * Semantics (T3 — native <Outlet> loader chain):
+ *  - Each chain node may lack a loader → skip it.
+ *  - Results merge shallow: `merged = { ...merged, ...result }` — later (child)
+ *    keys win over earlier (parent) keys.
+ *  - First verdict wins: if any loader returns a `notFound()`/`redirect()`
+ *    verdict (top-down), STOP — remaining loaders are NOT run — and return it.
+ *  - `chain.length === 1` (or only the leaf has a loader) → behaves exactly as
+ *    the old leaf-only read (no regression).
+ *
+ * The caller is responsible for wrapping this in a SINGLE `runInStoreContext`
+ * (one Map per request) so parent loader store writes are visible to child
+ * loaders — mirroring the React path. This helper itself does NOT open a store
+ * scope. */
+export async function runNativeChainLoaders(
+  chain: Route[],
+  ctx: NativeLoaderCtx,
+): Promise<NativeChainResult> {
+  let merged: Record<string, unknown> = {}
+  for (const node of chain) {
+    if (!node.loader) continue
+    // `as never` bypasses per-route Params narrowing — NativeLoaderCtx is the
+    // default-instantiated loader ctx shape ({ params, path, req }).
+    const result = await node.loader(ctx as never)
+    if (isNativeVerdict(result)) {
+      return { verdict: result }
+    }
+    if (result && typeof result === 'object') {
+      merged = { ...merged, ...(result as Record<string, unknown>) }
+    }
+  }
+  return { data: merged }
+}
+
 /** Middleware contract — Express/Koa-style chain. Receives a structured
  * request and a `next()` that runs the rest of the chain (eventually the
  * loader + render). Return a `RouteResponse` to short-circuit, or call
@@ -332,8 +393,12 @@ function validateRoute(r: Route, basePath: string): void {
     if (r.websocket !== undefined) {
       throw new Error(`Route ${where}: 'native: true' cannot coexist with 'websocket'`)
     }
+    // T2 — `native: true` MAY have children, but only if the ENTIRE subtree is
+    // also native. The build synthesizes a per-leaf wrapper that composes the
+    // whole route chain into one native template; a non-native node anywhere in
+    // that chain can't be inlined (it would render via React, breaking native).
     if (r.children !== undefined) {
-      throw new Error(`Route ${where}: 'native: true' cannot have nested children`)
+      assertNativeSubtree(r.children, where)
     }
     if (r.cache !== undefined) {
       throw new Error(`Route ${where}: 'native: true' cannot coexist with 'cache' (deferred)`)
@@ -369,6 +434,24 @@ function validateRoute(r: Route, basePath: string): void {
   }
 }
 
+/** T2 — recursively assert every node in a native subtree is also `native: true`.
+ * A native chain is composed into one native template at build time, so a
+ * non-native node anywhere in the subtree would have to render via React,
+ * breaking the native fast path. */
+function assertNativeSubtree(children: Route[], where: string): void {
+  for (const child of children) {
+    if (child.native !== true) {
+      // Name the offending CHILD, not the native parent — `where` is the parent.
+      throw new Error(
+        `native route cannot mix native and non-native components in one chain (offending child: ${child.path ?? child.Component?.name ?? '(no path)'}, under: ${where})`,
+      )
+    }
+    if (child.children !== undefined) {
+      assertNativeSubtree(child.children, child.path ?? where)
+    }
+  }
+}
+
 /** Walk the nested route tree, emitting one FlatRoute per leaf or index node.
  * Composes paths, middleware, errorBoundary, and cache per the rules in
  * the design spec (S3). */
@@ -416,6 +499,17 @@ function makeFlat(chain: Route[], fullPath: string): FlatRoute {
   }
   const leaf = chain[chain.length - 1]
   const cache = leaf.cache
+  // T2 — a native leaf demands an all-native chain (the build composes the
+  // whole chain into one native template). Reject a native leaf reached through
+  // a non-native ancestor. NOTE: this is the PRIMARY (not redundant) guard for the
+  // non-native-parent → native-child direction — `assertNativeSubtree` only runs
+  // from a native PARENT (validateRoute's `if (r.native)` block), so a non-native
+  // parent never triggers it; this check is what catches that case.
+  if (leaf.native === true && chain.some((node) => node.native !== true)) {
+    throw new Error(
+      `native route cannot mix native and non-native components in one chain (route: ${leaf.path ?? fullPath})`,
+    )
+  }
   const nativeTemplate = leaf.native === true && leaf.Component ? leaf.Component.name : undefined
   return { fullPath, chain, middleware, errorBoundary, cache, nativeTemplate }
 }
@@ -632,43 +726,57 @@ export function makeRenderer(
       // deferred to v2.x. If your middleware needs to mutate, use a React
       // route for now.
       if (flat.nativeTemplate !== undefined) {
-        let data: unknown = {}
-        const leaf = flat.chain[flat.chain.length - 1]
-        if (leaf.loader) {
-          const ctx = { params: call.params, path: call.path, req: call.req }
-          try {
-            // Native loaders may write to a defineStore; run them in a per-request
-            // store scope so those writes are isolated per request. No snapshot is
-            // collected and no <script> is injected on native paths — Spec B owns
-            // native store delivery (hard non-goal here).
-            data = await runInStoreContext(() => leaf.loader!(ctx as any))
-          } catch (err) {
-            console.error(`[brust] loader failed for native route ${flat.fullPath}:`, err)
-            // FAST LANE: native routes take dispatch_single_chunk (no chunk
-            // channel), so every native fallback MUST pack + return a length.
-            return packSingleChunkResponse(view, encoder, {
-              status: 500,
-              contentType: 'text/html; charset=utf-8',
-              body: 'internal error',
-            })
-          }
+        let data: Record<string, unknown>
+        const ctx = { params: call.params, path: call.path, req: call.req }
+        let chainResult: NativeChainResult
+        try {
+          // Run the WHOLE route chain's loaders top-down (parent → leaf) and
+          // merge into ONE flat context (child keys win), mirroring the React
+          // chain-loader path. Wrap the entire loop in a SINGLE per-request
+          // store scope so a parent loader's defineStore writes are visible to
+          // child loaders (one Map per request — NOT one per loader). No
+          // snapshot is collected and no <script> is injected on native paths —
+          // Spec B owns native store delivery (hard non-goal here).
+          chainResult = await runInRequestContext(call.req?.cookies ?? {}, () =>
+            runNativeChainLoaders(flat.chain, ctx),
+          )
+        } catch (err) {
+          console.error(`[brust] loader failed for native route ${flat.fullPath}:`, err)
+          // FAST LANE: native routes take dispatch_single_chunk (no chunk
+          // channel), so every native fallback MUST pack + return a length.
+          return packSingleChunkResponse(view, encoder, {
+            status: 500,
+            contentType: 'text/html; charset=utf-8',
+            body: 'internal error',
+          })
         }
         let renderStatus: number | undefined
-        if (isNativeVerdict(data)) {
-          if (!data.render) {
+        if ('verdict' in chainResult) {
+          // First verdict wins (top-down). Remaining loaders already skipped.
+          const verdict = chainResult.verdict
+          if (!verdict.render) {
             // redirect — no template render; fast-lane packed response with Location.
             return packSingleChunkResponse(view, encoder, {
-              status: data.status,
+              status: verdict.status,
               contentType: 'text/html; charset=utf-8',
               body: '',
-              headers: data.headers,
+              headers: verdict.headers,
             })
           }
           // notFound — render the route's own template, but with the verdict's status.
-          renderStatus = data.status
-          data = data.data ?? {}
+          renderStatus = verdict.status
+          data = (verdict.data ?? {}) as Record<string, unknown>
+        } else {
+          data = chainResult.data
+        }
+        const json = JSON.stringify(data)
+        // napiRenderJinja has no headers param — any Set-Cookie staged by a
+        // native loader is dropped on this path. Dev-warn so it's not silent.
+        if ((__scope()?.setCookies.length ?? 0) > 0 && process.env.BRUST_DEV === '1') {
+          console.warn(
+            `[brust] cookies.set in a native loader for "${flat.nativeTemplate}" is dropped — native render has no headers; use a React route to write cookies`,
+          )
         }
-        const json = JSON.stringify(data ?? {})
         // Sub-project J — islands + components. If this template has an enriched
         // islands manifest or a components manifest, merge per-island context vars
         // (island_<id>_props, plus island_<id>_html for ssr entries) and per-component
@@ -755,7 +863,7 @@ export function makeRenderer(
       // or render resolves the same per-request instance. Snapshot is collected
       // after loaders (buildRenderElement resolved) — that's where Spec A stores
       // are seeded — and threaded into the render for <script> injection.
-      return await runInStoreContext(async () => {
+      return await runInRequestContext(call.req?.cookies ?? {}, async () => {
         let element: ReactNode
         let errorBoundary: ComponentType<{ error: Error }>
         try {
@@ -782,7 +890,7 @@ export function makeRenderer(
           napi,
           errorBoundary,
           status: verdict.status,
-          headers: verdict.headers,
+          headers: flushSetCookie(verdict.headers),
           routePath: flat.fullPath,
           storeSnapshot,
         })
@@ -960,12 +1068,19 @@ async function navigationBranch(
     // nav payload so the client can apply it to its live stores. Native nav
     // collects no snapshot (Spec B owns native store delivery).
     let store: Record<string, Record<string, unknown>> | null = null
+    // Set-Cookie staged by a React nav loader, flushed onto the nav response
+    // below. The request scope is opened per-path (inside runInRequestContext),
+    // so capture the flushed headers inside that scope — the emit runs after the
+    // scope has closed. Native nav (renderNativeRouteToHtml) opens its own scope
+    // with no headers param, so staged cookies are dropped there (same as the
+    // full-document native render path).
+    let navHeaders: Record<string, string> | undefined
     if (flat.nativeTemplate !== undefined) {
       fullHtml = await renderNativeRouteToHtml(call, flat, view, encoder, workerId)
     } else {
       // Wrap loader run (inside buildRenderElement) + render in one store scope so
       // store reads resolve the per-request instance; collect after render.
-      fullHtml = await runInStoreContext(async () => {
+      fullHtml = await runInRequestContext(call.req?.cookies ?? {}, async () => {
         const element = await buildRenderElement(call as any, flat, getWorkerId)
         if (!element) throw new Error('render setup failed')
         // Use renderToPipeableStream + onAllReady so pages with <Suspense> emit
@@ -974,6 +1089,7 @@ async function navigationBranch(
         // would otherwise ship "loading…" and never recover.
         const html = await renderToAwaitedString(element)
         store = collectSnapshot()
+        navHeaders = flushSetCookie(undefined)
         return html
       })
     }
@@ -1000,6 +1116,7 @@ async function navigationBranch(
       status: 200,
       contentType: 'application/json; charset=utf-8',
       body,
+      headers: navHeaders,
     })
   } catch (err) {
     console.error('[brust] navigation render failed:', err)
@@ -1013,7 +1130,8 @@ async function navigationBranch(
 
 /** Render a native (jinja) route to its full HTML document for a SPA navigation.
  *
- * Mirrors the render-branch native path: run the leaf loader, merge island /
+ * Mirrors the render-branch native path: run the whole route chain's loaders
+ * (top-down, merged), merge island /
  * component manifest context, then call the SYNC `napiRenderJinja`, which writes
  * a framed `[meta_len u16 BE][meta JSON][body]` response into the SAB and returns
  * its length. Here — unlike the render branch, which returns that length so Rust
@@ -1030,24 +1148,25 @@ async function renderNativeRouteToHtml(
   workerId: bigint,
 ): Promise<string> {
   const templateName = flat.nativeTemplate as string
-  const leaf = flat.chain[flat.chain.length - 1]
-
-  let data: unknown = {}
-  if (leaf.loader) {
-    // Per-request store scope for native loader writes (isolation only). No
-    // snapshot collected / no <script> injected — Spec B owns native delivery.
-    data = await runInStoreContext(() =>
-      leaf.loader!({ params: call.params, path: call.path, req: call.req } as any),
-    )
-  }
 
-  if (isNativeVerdict(data)) {
+  // Run the WHOLE route chain's loaders top-down and merge into ONE flat context
+  // (child keys win), mirroring the full-render branch. One per-request store
+  // scope wraps the entire loop (isolation only — no snapshot / no <script>).
+  const chainResult = await runInRequestContext(call.req?.cookies ?? {}, () =>
+    runNativeChainLoaders(flat.chain, {
+      params: call.params,
+      path: call.path,
+      req: call.req,
+    }),
+  )
+
+  if ('verdict' in chainResult) {
     // SPA nav can't emit a redirect/404 in-place; force the client's full-reload
     // fallback so the document path produces the authoritative status.
     throw new Error('native verdict on SPA navigation — falling back to full reload')
   }
 
-  let ctx = (data ?? {}) as Record<string, unknown>
+  let ctx = chainResult.data
   const manifest = loadIslandManifest(templateName)
   const compManifest = loadComponentManifest(templateName)
   if ((manifest && manifest.length > 0) || (compManifest && compManifest.length > 0)) {
@@ -1295,6 +1414,55 @@ async function decodeActionBody(
   }
 }
 
+function actionErrorResponse(err: ActionError): RouteResponse {
+  // Flat domain-error body `{ code, message, data? }` — `code` is the client-side
+  // discriminator (vs the framework's enveloped `{ error: { … } }`). `data` is
+  // included only when present so the wire shape omits the key entirely otherwise.
+  const body: ActionErrorBody = { code: err.code, message: err.message }
+  if (err.data !== undefined) body.data = err.data
+  return {
+    status: err.status,
+    body: JSON.stringify(body),
+    contentType: 'application/json; charset=utf-8',
+  }
+}
+
+/** Flush any cookies staged via `cookies.set`/`cookies.delete` in the active
+ * request scope onto the response headers.
+ *
+ * The Rust response-header writer stores worker-response headers in a
+ * CASE-SENSITIVE map (no lowercase dedup), so a mix of 'Set-Cookie' /
+ * 'set-cookie' would emit two lines. We therefore use the SINGLE canonical key
+ * 'set-cookie' (lowercase) for ALL cookie writes.
+ *
+ * RouteResponse.headers is Record<string,string>, so only ONE Set-Cookie per
+ * response is representable. If multiple were staged, only the LAST is sent
+ * (documented limitation; dev-warn). If the handler already set a 'set-cookie'
+ * header explicitly (respond({ headers })), the explicit value WINS and staged
+ * cookies are dropped (dev-warn on conflict). */
+function flushSetCookie(
+  headers: Record<string, string> | undefined,
+): Record<string, string> | undefined {
+  const staged = __scope()?.setCookies ?? []
+  if (staged.length === 0) return headers
+  if (headers && 'set-cookie' in headers) {
+    if (process.env.BRUST_DEV === '1') {
+      console.warn(
+        '[brust] cookies.set conflicts with an explicit set-cookie header — explicit respond() wins',
+      )
+    }
+    return headers
+  }
+  if (staged.length > 1 && process.env.BRUST_DEV === '1') {
+    console.warn(
+      `[brust] ${staged.length} cookies staged but only one Set-Cookie per response is supported — only the last is sent`,
+    )
+  }
+  const out = { ...(headers ?? {}) }
+  out['set-cookie'] = staged[staged.length - 1]
+  return out
+}
+
 export async function dispatchAction(
   call: Extract<RouteCall, { kind: 'action' }>,
   byId: Map<string, EndpointDef>,
@@ -1374,6 +1542,7 @@ export async function dispatchAction(
         contentType: 'application/json; charset=utf-8',
       }
     } catch (err) {
+      if (isActionError(err)) return actionErrorResponse(err)
       const e = err instanceof Error ? err : new Error(String(err))
       console.error(`[brust] action ${def.method} ${def.path} threw:`, err)
       return {
@@ -1384,24 +1553,33 @@ export async function dispatchAction(
     }
   }
 
-  const chain = composeChain(call.req, def.middleware, terminal)
-  let response: RouteResponse
-  try {
-    response = await chain()
-  } catch (err) {
-    console.error('[brust] action middleware uncaught:', err)
-    response = {
-      status: 500,
-      body: '{"error":{"message":"internal error"}}',
-      contentType: 'application/json; charset=utf-8',
+  // Open a per-request scope (OUTER) so cookies.set during middleware/handler
+  // stage onto this request, then flush the staged Set-Cookie onto the response
+  // headers. The cache + store scopes wrap INNER — request-scope is outermost.
+  return await runInRequestContext(call.req.cookies ?? {}, async () => {
+    const chain = composeChain(call.req, def.middleware, terminal)
+    let response: RouteResponse
+    try {
+      response = await chain()
+    } catch (err) {
+      if (isActionError(err)) {
+        response = actionErrorResponse(err)
+      } else {
+        console.error('[brust] action middleware uncaught:', err)
+        response = {
+          status: 500,
+          body: '{"error":{"message":"internal error"}}',
+          contentType: 'application/json; charset=utf-8',
+        }
+      }
     }
-  }
-  return {
-    status: response.status,
-    body: response.body,
-    contentType: response.contentType ?? 'application/json; charset=utf-8',
-    headers: response.headers,
-  }
+    return {
+      status: response.status,
+      body: response.body,
+      contentType: response.contentType ?? 'application/json; charset=utf-8',
+      headers: flushSetCookie(response.headers),
+    }
+  })
 }
 
 async function mcpBranchToResponse(

package/runtime/treaty.ts

@@ -1,4 +1,4 @@
-import type { ActionsBuilder } from './define-actions.ts'
+import type { ActionsBuilder, EndpointEntry } from './define-actions.ts'
 
 const METHODS = new Set(['get', 'post', 'put', 'patch', 'delete', 'head'])
 
@@ -15,12 +15,6 @@ export interface ClientOptions {
   fetch?: typeof fetch
 }
 
-type FirstSegment<S extends string> = S extends `/${infer Rest}`
-  ? FirstSegment<Rest>
-  : S extends `${infer T}/${infer _U}`
-    ? T
-    : S
-
 export type PermissiveProxy = {
   (arg?: any): PermissiveProxy
   [key: string]: PermissiveProxy
@@ -33,10 +27,53 @@ export type PermissiveProxy = {
   head: (options?: any) => Promise<TreatyResponse<any, any>>
 }
 
+// ─── Typed Treaty<App> (B2, descoped) ───────────────────────────────────────
+// Static paths get fully-typed methods (output + discriminated error union);
+// any param path (`{...}`) or unknown segment falls through to PermissiveProxy.
+// Reference shape proven by spike5 (EXIT=0).
+
+/** Per-method client signatures for one endpoint-entry map (the `{ GET, POST, … }`
+ * object for a single path). Bodyless methods (GET/HEAD) take only options. */
+type Methods<E> = {
+  [M in keyof E & string as Lowercase<M>]: M extends 'GET' | 'HEAD'
+    ? E[M] extends EndpointEntry
+      ? (o?: {
+          query?: Record<string, string>
+          headers?: Record<string, string>
+        }) => Promise<TreatyResponse<E[M]['output'], E[M]['error']>>
+      : never
+    : E[M] extends EndpointEntry
+      ? (
+          b?: E[M]['input'],
+          o?: { headers?: Record<string, string> },
+        ) => Promise<TreatyResponse<E[M]['output'], E[M]['error']>>
+      : never
+}
+
+/** A path is static iff it contains no `{param}` segment. */
+type IsStatic<K extends string> = K extends `${string}{${string}}${string}` ? false : true
+/** Keep only the static path keys of the accumulator. */
+type StaticAcc<Acc> = {
+  [K in keyof Acc as K extends string ? (IsStatic<K> extends true ? K : never) : never]: Acc[K]
+}
+/** Given a path key `K` and the accumulated prefix `P`, the next segment after `P`. */
+type Tail<K extends string, P extends string> = K extends `${P}/${infer Rest}`
+  ? Rest extends `${infer H}/${string}`
+    ? H
+    : Rest
+  : never
+/** All immediate child segments under prefix `P`. */
+type ChildSegs<SA, P extends string> = { [K in keyof SA]: Tail<K & string, P> }[keyof SA]
+/** The entry map for the exact path `P`, if one exists. */
+// biome-ignore lint/complexity/noBannedTypes: `{}` is the empty-methods identity when no exact endpoint matches the prefix
+type ExactEntry<SA, P extends string> = P extends keyof SA ? SA[P] : {}
+/** A treaty node: methods of the exact path + child segment nodes + permissive fallback. */
+type TNode<SA, P extends string> = Methods<ExactEntry<SA, P>> & {
+  [Seg in ChildSegs<SA, P> & string]: TNode<SA, `${P}/${Seg}`>
+} & PermissiveProxy
+
 export type Treaty<App> =
-  App extends ActionsBuilder<infer Acc>
-    ? { [K in FirstSegment<keyof Acc & string>]: PermissiveProxy } & PermissiveProxy
-    : PermissiveProxy
+  App extends ActionsBuilder<infer Acc> ? TNode<StaticAcc<Acc>, ''> : PermissiveProxy
 
 function resolvePrefix(opts?: ClientOptions): string {
   if (opts?.prefix) return opts.prefix

package/runtime/treaty.type-test.ts

@@ -0,0 +1,69 @@
+// Isolated TYPE TEST for the B2 typed treaty client. Not executed — every
+// assertion is a pure type check inside an un-called async function. Run via:
+//   bun run typecheck:treaty   →   tsc -p tsconfig.typecheck.json --noEmit
+//
+// It exercises: (1) static-path methods are fully typed (output + error union),
+// (2) the discriminated error union narrows on `code`, (3) accessing a
+// non-existent output field is a type error, (4) a wrong error code / field is a
+// type error, (5) param paths stay permissive (no type error, the fallback).
+import { z } from 'zod'
+import { defineActions } from './define-actions.ts'
+import { client } from './treaty.ts'
+
+const actions = defineActions()
+  .get('/team', () => ({ team: [{ id: 1 }], max: 6 }))
+  .post('/team', ({ body }: { body: { id: number } }) => ({ team: [{ id: body.id }], max: 6 }), {
+    body: z.object({ id: z.number() }),
+    errors: {
+      TEAM_FULL: z.object({ max: z.number() }),
+      DUPLICATE: z.object({ existingId: z.number() }),
+    },
+  })
+  .delete('/team/{id}', () => ({ ok: true }))
+
+const api = client<typeof actions>()
+
+// Never called — purely for type checking.
+export async function _typeTest() {
+  // (1) static POST → output typed.
+  const r = await api.team.post({ id: 5 })
+  if (r.data) {
+    const max: number = r.data.max
+    void max
+    // (3) non-existent output field → must be a type error.
+    // @ts-expect-error `nope` is not a field of the typed output
+    void r.data.nope
+  }
+
+  // (2) error union narrows on the discriminant `code` to the SPECIFIC branch,
+  // and that branch's `data` is typed (multi-member union: TEAM_FULL | DUPLICATE).
+  if (r.error && r.error.value.code === 'TEAM_FULL') {
+    const m: number = r.error.value.data.max
+    void m
+    // (4a) non-existent error-data field → must be a type error.
+    // @ts-expect-error `min` is not a field of the TEAM_FULL error data
+    void r.error.value.data.min
+    // (4c) narrowing is per-branch: DUPLICATE's `existingId` is NOT on TEAM_FULL.
+    // @ts-expect-error `existingId` belongs to the DUPLICATE branch, not TEAM_FULL
+    void r.error.value.data.existingId
+  }
+  if (r.error && r.error.value.code === 'DUPLICATE') {
+    const e: number = r.error.value.data.existingId
+    void e
+  }
+  // (4b) comparing against an undeclared error code → must be a type error.
+  if (r.error) {
+    // @ts-expect-error 'NOPE' is not a declared error code
+    void (r.error.value.code === 'NOPE')
+  }
+
+  // GET → output typed.
+  const g = await api.team.get()
+  if (g.data) {
+    const max2: number = g.data.max
+    void max2
+  }
+
+  // (5) param path stays permissive — MUST NOT error (locks the fallback).
+  await api.team({ id: '5' }).delete()
+}

package/runtime/tsconfig.typecheck.json

@@ -0,0 +1,15 @@
+{
+  "compilerOptions": {
+    "strict": true,
+    "skipLibCheck": true,
+    "target": "ES2022",
+    "lib": ["ES2022", "DOM"],
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "noEmit": true,
+    "jsx": "react-jsx",
+    "types": []
+  },
+  "files": ["treaty.ts", "define-actions.ts", "standard-schema.ts", "treaty.type-test.ts"]
+}