gina 0.4.6 → 0.4.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (470) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/README.md +6 -8
  3. package/ROADMAP.md +2 -2
  4. package/framework/v0.4.7/VERSION +1 -0
  5. package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/csp/README.md +57 -2
  6. package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/csp/src/main.js +192 -27
  7. package/framework/{v0.4.6 → v0.4.7}/core/server.isaac.js +153 -5
  8. package/framework/{v0.4.6 → v0.4.7}/core/server.js +14 -0
  9. package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle/config/settings.server.json +3 -1
  10. package/framework/{v0.4.6 → v0.4.7}/core/template/conf/settings.json +15 -2
  11. package/framework/{v0.4.6 → v0.4.7}/lib/index.js +14 -0
  12. package/framework/v0.4.7/lib/ws-framing/package.json +10 -0
  13. package/framework/v0.4.7/lib/ws-framing/src/main.js +664 -0
  14. package/framework/v0.4.7/lib/ws-session/package.json +10 -0
  15. package/framework/v0.4.7/lib/ws-session/src/main.js +422 -0
  16. package/framework/{v0.4.6 → v0.4.7}/package.json +1 -1
  17. package/gna.js +4 -4
  18. package/llms.txt +9 -3
  19. package/package.json +2 -2
  20. package/playwright.config.js +4 -2
  21. package/framework/v0.4.6/VERSION +0 -1
  22. /package/framework/{v0.4.6 → v0.4.7}/AUTHORS +0 -0
  23. /package/framework/{v0.4.6 → v0.4.7}/LICENSE +0 -0
  24. /package/framework/{v0.4.6 → v0.4.7}/core/asset/html/nolayout.html +0 -0
  25. /package/framework/{v0.4.6 → v0.4.7}/core/asset/html/static.html +0 -0
  26. /package/framework/{v0.4.6 → v0.4.7}/core/asset/img/android-chrome-192x192.png +0 -0
  27. /package/framework/{v0.4.6 → v0.4.7}/core/asset/img/android-chrome-512x512.png +0 -0
  28. /package/framework/{v0.4.6 → v0.4.7}/core/asset/img/apple-touch-icon.png +0 -0
  29. /package/framework/{v0.4.6 → v0.4.7}/core/asset/img/favicon-16x16.png +0 -0
  30. /package/framework/{v0.4.6 → v0.4.7}/core/asset/img/favicon-32x32.png +0 -0
  31. /package/framework/{v0.4.6 → v0.4.7}/core/asset/img/favicon.ico +0 -0
  32. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/README.md +0 -0
  33. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.css +0 -0
  34. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.js +0 -0
  35. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/beemaster/index.html +0 -0
  36. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/css/gina.min.css +0 -0
  37. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/css/gina.min.css.br +0 -0
  38. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/css/gina.min.css.gz +0 -0
  39. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/html/statusbar.html +0 -0
  40. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.br +0 -0
  41. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.gz +0 -0
  42. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/inspector/have_heart_one-webfont.woff2 +0 -0
  43. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/inspector/index.html +0 -0
  44. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/inspector/inspector.css +0 -0
  45. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/inspector/inspector.js +0 -0
  46. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/inspector/logo.svg +0 -0
  47. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/js/gina.js +0 -0
  48. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/js/gina.min.js +0 -0
  49. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/js/gina.min.js.br +0 -0
  50. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/js/gina.min.js.gz +0 -0
  51. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js +0 -0
  52. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.br +0 -0
  53. /package/framework/{v0.4.6 → v0.4.7}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.gz +0 -0
  54. /package/framework/{v0.4.6 → v0.4.7}/core/config.js +0 -0
  55. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/ai/index.js +0 -0
  56. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/ai/lib/connector.js +0 -0
  57. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/couchbase/index.js +0 -0
  58. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/couchbase/lib/connector.js +0 -0
  59. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/couchbase/lib/connector.v3.js +0 -0
  60. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/couchbase/lib/connector.v4.js +0 -0
  61. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/couchbase/lib/n1ql.js +0 -0
  62. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/couchbase/lib/session-store.js +0 -0
  63. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/couchbase/lib/session-store.v3.js +0 -0
  64. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/couchbase/lib/session-store.v4.js +0 -0
  65. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/mongodb/index.js +0 -0
  66. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/mongodb/lib/connector.js +0 -0
  67. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/mongodb/lib/pipeline-loader.js +0 -0
  68. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/mongodb/lib/session-store.js +0 -0
  69. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/mysql/index.js +0 -0
  70. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/mysql/lib/connector.js +0 -0
  71. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/postgresql/index.js +0 -0
  72. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/postgresql/lib/connector.js +0 -0
  73. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/redis/index.js +0 -0
  74. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/redis/lib/session-store.js +0 -0
  75. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/scylladb/index.js +0 -0
  76. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/scylladb/lib/connector.js +0 -0
  77. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/scylladb/lib/session-store.js +0 -0
  78. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/sql-parser.js +0 -0
  79. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/sqlite/index.js +0 -0
  80. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/sqlite/lib/connector.js +0 -0
  81. /package/framework/{v0.4.6 → v0.4.7}/core/connectors/sqlite/lib/session-store.js +0 -0
  82. /package/framework/{v0.4.6 → v0.4.7}/core/content.encoding +0 -0
  83. /package/framework/{v0.4.6 → v0.4.7}/core/controller/controller.framework.js +0 -0
  84. /package/framework/{v0.4.6 → v0.4.7}/core/controller/controller.js +0 -0
  85. /package/framework/{v0.4.6 → v0.4.7}/core/controller/controller.render-json.js +0 -0
  86. /package/framework/{v0.4.6 → v0.4.7}/core/controller/controller.render-nunjucks-async.js +0 -0
  87. /package/framework/{v0.4.6 → v0.4.7}/core/controller/controller.render-nunjucks.js +0 -0
  88. /package/framework/{v0.4.6 → v0.4.7}/core/controller/controller.render-stream.js +0 -0
  89. /package/framework/{v0.4.6 → v0.4.7}/core/controller/controller.render-swig-async.js +0 -0
  90. /package/framework/{v0.4.6 → v0.4.7}/core/controller/controller.render-swig.js +0 -0
  91. /package/framework/{v0.4.6 → v0.4.7}/core/controller/controller.render-v1.js +0 -0
  92. /package/framework/{v0.4.6 → v0.4.7}/core/controller/index.js +0 -0
  93. /package/framework/{v0.4.6 → v0.4.7}/core/controller/inspector-window-emit.js +0 -0
  94. /package/framework/{v0.4.6 → v0.4.7}/core/deps/busboy-1.6.0/LICENSE +0 -0
  95. /package/framework/{v0.4.6 → v0.4.7}/core/deps/busboy-1.6.0/README.md +0 -0
  96. /package/framework/{v0.4.6 → v0.4.7}/core/deps/busboy-1.6.0/lib/index.js +0 -0
  97. /package/framework/{v0.4.6 → v0.4.7}/core/deps/busboy-1.6.0/lib/types/multipart.js +0 -0
  98. /package/framework/{v0.4.6 → v0.4.7}/core/deps/busboy-1.6.0/lib/types/urlencoded.js +0 -0
  99. /package/framework/{v0.4.6 → v0.4.7}/core/deps/busboy-1.6.0/lib/utils.js +0 -0
  100. /package/framework/{v0.4.6 → v0.4.7}/core/deps/busboy-1.6.0/package.json +0 -0
  101. /package/framework/{v0.4.6 → v0.4.7}/core/deps/streamsearch-1.1.0/LICENSE +0 -0
  102. /package/framework/{v0.4.6 → v0.4.7}/core/deps/streamsearch-1.1.0/lib/sbmh.js +0 -0
  103. /package/framework/{v0.4.6 → v0.4.7}/core/deps/streamsearch-1.1.0/package.json +0 -0
  104. /package/framework/{v0.4.6 → v0.4.7}/core/dev/index.js +0 -0
  105. /package/framework/{v0.4.6 → v0.4.7}/core/dev/lib/class.js +0 -0
  106. /package/framework/{v0.4.6 → v0.4.7}/core/dev/lib/factory.js +0 -0
  107. /package/framework/{v0.4.6 → v0.4.7}/core/dev/lib/tools.js +0 -0
  108. /package/framework/{v0.4.6 → v0.4.7}/core/gna.js +0 -0
  109. /package/framework/{v0.4.6 → v0.4.7}/core/locales/README.md +0 -0
  110. /package/framework/{v0.4.6 → v0.4.7}/core/locales/currency.json +0 -0
  111. /package/framework/{v0.4.6 → v0.4.7}/core/locales/dist/language/en.json +0 -0
  112. /package/framework/{v0.4.6 → v0.4.7}/core/locales/dist/language/fr.json +0 -0
  113. /package/framework/{v0.4.6 → v0.4.7}/core/locales/dist/region/en.json +0 -0
  114. /package/framework/{v0.4.6 → v0.4.7}/core/locales/dist/region/fr.json +0 -0
  115. /package/framework/{v0.4.6 → v0.4.7}/core/locales/index.js +0 -0
  116. /package/framework/{v0.4.6 → v0.4.7}/core/mime.types +0 -0
  117. /package/framework/{v0.4.6 → v0.4.7}/core/model/entity.js +0 -0
  118. /package/framework/{v0.4.6 → v0.4.7}/core/model/index.js +0 -0
  119. /package/framework/{v0.4.6 → v0.4.7}/core/model/template/entityFactory.js +0 -0
  120. /package/framework/{v0.4.6 → v0.4.7}/core/model/template/index.js +0 -0
  121. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/README.md +0 -0
  122. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/index.js +0 -0
  123. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/csrf/README.md +0 -0
  124. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/csrf/package.json +0 -0
  125. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/csrf/src/main.js +0 -0
  126. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/README.md +0 -0
  127. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/coep/README.md +0 -0
  128. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/coep/package.json +0 -0
  129. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/coep/src/main.js +0 -0
  130. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/coop/README.md +0 -0
  131. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/coop/package.json +0 -0
  132. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/coop/src/main.js +0 -0
  133. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/corp/README.md +0 -0
  134. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/corp/package.json +0 -0
  135. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/corp/src/main.js +0 -0
  136. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/csp/package.json +0 -0
  137. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/hide-powered-by/README.md +0 -0
  138. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/hide-powered-by/package.json +0 -0
  139. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/hide-powered-by/src/main.js +0 -0
  140. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/hsts/README.md +0 -0
  141. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/hsts/package.json +0 -0
  142. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/hsts/src/main.js +0 -0
  143. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/origin-agent-cluster/README.md +0 -0
  144. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/origin-agent-cluster/package.json +0 -0
  145. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/origin-agent-cluster/src/main.js +0 -0
  146. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/package.json +0 -0
  147. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/referrer-policy/README.md +0 -0
  148. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/referrer-policy/package.json +0 -0
  149. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/referrer-policy/src/main.js +0 -0
  150. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/src/main.js +0 -0
  151. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-content-type-options/README.md +0 -0
  152. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-content-type-options/package.json +0 -0
  153. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-content-type-options/src/main.js +0 -0
  154. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-dns-prefetch-control/README.md +0 -0
  155. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-dns-prefetch-control/package.json +0 -0
  156. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-dns-prefetch-control/src/main.js +0 -0
  157. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-download-options/README.md +0 -0
  158. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-download-options/package.json +0 -0
  159. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-download-options/src/main.js +0 -0
  160. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-frame-options/README.md +0 -0
  161. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-frame-options/package.json +0 -0
  162. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-frame-options/src/main.js +0 -0
  163. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/README.md +0 -0
  164. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/package.json +0 -0
  165. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/src/main.js +0 -0
  166. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-xss-protection/README.md +0 -0
  167. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-xss-protection/package.json +0 -0
  168. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/security-headers/x-xss-protection/src/main.js +0 -0
  169. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/session/README.md +0 -0
  170. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/session/package.json +0 -0
  171. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/session/src/main.js +0 -0
  172. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/storage/README.md +0 -0
  173. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/storage/build.json +0 -0
  174. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/storage/package.json +0 -0
  175. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/storage/src/main.js +0 -0
  176. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/validator/README.md +0 -0
  177. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/validator/build.json +0 -0
  178. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/validator/package.json +0 -0
  179. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/validator/src/form-validator.js +0 -0
  180. /package/framework/{v0.4.6 → v0.4.7}/core/plugins/lib/validator/src/main.js +0 -0
  181. /package/framework/{v0.4.6 → v0.4.7}/core/router.js +0 -0
  182. /package/framework/{v0.4.6 → v0.4.7}/core/server.express.js +0 -0
  183. /package/framework/{v0.4.6 → v0.4.7}/core/status.codes +0 -0
  184. /package/framework/{v0.4.6 → v0.4.7}/core/template/_gitignore +0 -0
  185. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle/config/app.json +0 -0
  186. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle/config/connectors.json +0 -0
  187. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle/config/routing.json +0 -0
  188. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle/config/settings.json +0 -0
  189. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle/config/templates.json +0 -0
  190. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle/config/watchers.json +0 -0
  191. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle/controllers/controller.content.js +0 -0
  192. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle/controllers/controller.js +0 -0
  193. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle/controllers/setup.js +0 -0
  194. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle/index.js +0 -0
  195. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle/locales/en.json +0 -0
  196. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle_namespace/controllers/controller.js +0 -0
  197. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle_public/css/default.css +0 -0
  198. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle_public/css/home.css +0 -0
  199. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle_public/css/vendor/readme.md +0 -0
  200. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle_public/favicon.ico +0 -0
  201. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle_public/js/vendor/readme.md +0 -0
  202. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle_public/manifest.webmanifest +0 -0
  203. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle_public/readme.md +0 -0
  204. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle_public/sw.js +0 -0
  205. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle_templates/handlers/main.js +0 -0
  206. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle_templates/html/content/homepage.html +0 -0
  207. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle_templates/html/includes/error-msg-noscript.html +0 -0
  208. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle_templates/html/includes/error-msg-outdated-browser.html +0 -0
  209. /package/framework/{v0.4.6 → v0.4.7}/core/template/boilerplate/bundle_templates/html/layouts/main.html +0 -0
  210. /package/framework/{v0.4.6 → v0.4.7}/core/template/command/gina.bat.tpl +0 -0
  211. /package/framework/{v0.4.6 → v0.4.7}/core/template/command/gina.tpl +0 -0
  212. /package/framework/{v0.4.6 → v0.4.7}/core/template/conf/env.json +0 -0
  213. /package/framework/{v0.4.6 → v0.4.7}/core/template/conf/manifest.json +0 -0
  214. /package/framework/{v0.4.6 → v0.4.7}/core/template/conf/package.json +0 -0
  215. /package/framework/{v0.4.6 → v0.4.7}/core/template/conf/statics.json +0 -0
  216. /package/framework/{v0.4.6 → v0.4.7}/core/template/conf/templates.json +0 -0
  217. /package/framework/{v0.4.6 → v0.4.7}/core/template/error/client/json/401.json +0 -0
  218. /package/framework/{v0.4.6 → v0.4.7}/core/template/error/client/json/403.json +0 -0
  219. /package/framework/{v0.4.6 → v0.4.7}/core/template/error/client/json/404.json +0 -0
  220. /package/framework/{v0.4.6 → v0.4.7}/core/template/error/server/html/50x.html +0 -0
  221. /package/framework/{v0.4.6 → v0.4.7}/core/template/error/server/json/500.json +0 -0
  222. /package/framework/{v0.4.6 → v0.4.7}/core/template/error/server/json/503.json +0 -0
  223. /package/framework/{v0.4.6 → v0.4.7}/core/template/extensions/logger/config.json +0 -0
  224. /package/framework/{v0.4.6 → v0.4.7}/helpers/console.js +0 -0
  225. /package/framework/{v0.4.6 → v0.4.7}/helpers/context.js +0 -0
  226. /package/framework/{v0.4.6 → v0.4.7}/helpers/data/LICENSE +0 -0
  227. /package/framework/{v0.4.6 → v0.4.7}/helpers/data/README.md +0 -0
  228. /package/framework/{v0.4.6 → v0.4.7}/helpers/data/package.json +0 -0
  229. /package/framework/{v0.4.6 → v0.4.7}/helpers/data/src/main.js +0 -0
  230. /package/framework/{v0.4.6 → v0.4.7}/helpers/dateFormat.js +0 -0
  231. /package/framework/{v0.4.6 → v0.4.7}/helpers/index.js +0 -0
  232. /package/framework/{v0.4.6 → v0.4.7}/helpers/json/LICENSE +0 -0
  233. /package/framework/{v0.4.6 → v0.4.7}/helpers/json/README.md +0 -0
  234. /package/framework/{v0.4.6 → v0.4.7}/helpers/json/package.json +0 -0
  235. /package/framework/{v0.4.6 → v0.4.7}/helpers/json/src/main.js +0 -0
  236. /package/framework/{v0.4.6 → v0.4.7}/helpers/path.js +0 -0
  237. /package/framework/{v0.4.6 → v0.4.7}/helpers/plugins/README.md +0 -0
  238. /package/framework/{v0.4.6 → v0.4.7}/helpers/plugins/package.json +0 -0
  239. /package/framework/{v0.4.6 → v0.4.7}/helpers/plugins/src/api-error.js +0 -0
  240. /package/framework/{v0.4.6 → v0.4.7}/helpers/plugins/src/main.js +0 -0
  241. /package/framework/{v0.4.6 → v0.4.7}/helpers/prototypes.js +0 -0
  242. /package/framework/{v0.4.6 → v0.4.7}/helpers/task.js +0 -0
  243. /package/framework/{v0.4.6 → v0.4.7}/helpers/text.js +0 -0
  244. /package/framework/{v0.4.6 → v0.4.7}/lib/archiver/README.md +0 -0
  245. /package/framework/{v0.4.6 → v0.4.7}/lib/archiver/build.json +0 -0
  246. /package/framework/{v0.4.6 → v0.4.7}/lib/archiver/package.json +0 -0
  247. /package/framework/{v0.4.6 → v0.4.7}/lib/archiver/src/dep/jszip.min.js +0 -0
  248. /package/framework/{v0.4.6 → v0.4.7}/lib/archiver/src/main.js +0 -0
  249. /package/framework/{v0.4.6 → v0.4.7}/lib/async/package.json +0 -0
  250. /package/framework/{v0.4.6 → v0.4.7}/lib/async/src/main.js +0 -0
  251. /package/framework/{v0.4.6 → v0.4.7}/lib/cache/README.md +0 -0
  252. /package/framework/{v0.4.6 → v0.4.7}/lib/cache/build.json +0 -0
  253. /package/framework/{v0.4.6 → v0.4.7}/lib/cache/package.json +0 -0
  254. /package/framework/{v0.4.6 → v0.4.7}/lib/cache/src/main.js +0 -0
  255. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/aliases.json +0 -0
  256. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/add.js +0 -0
  257. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/arguments.json +0 -0
  258. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/build.js +0 -0
  259. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/copy.js +0 -0
  260. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/cp.js +0 -0
  261. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/help.js +0 -0
  262. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/help.txt +0 -0
  263. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/inc/name-rewrite.js +0 -0
  264. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/list.js +0 -0
  265. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/mcp-start.js +0 -0
  266. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/mcp.js +0 -0
  267. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/oas.js +0 -0
  268. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/openapi.js +0 -0
  269. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/remove.js +0 -0
  270. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/rename.js +0 -0
  271. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/restart.js +0 -0
  272. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/rm.js +0 -0
  273. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/start.js +0 -0
  274. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/status.js +0 -0
  275. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/bundle/stop.js +0 -0
  276. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/cache/stats.js +0 -0
  277. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/connector/add.js +0 -0
  278. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/connector/arguments.json +0 -0
  279. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/connector/help.js +0 -0
  280. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/connector/help.txt +0 -0
  281. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/connector/list.js +0 -0
  282. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/connector/migrate.js +0 -0
  283. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/connector/remove.js +0 -0
  284. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/connector/rm.js +0 -0
  285. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/env/add.js +0 -0
  286. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/env/get.js +0 -0
  287. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/env/help.js +0 -0
  288. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/env/help.txt +0 -0
  289. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/env/link-dev.js +0 -0
  290. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/env/list.js +0 -0
  291. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/env/remove.js +0 -0
  292. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/env/rm.js +0 -0
  293. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/env/set.js +0 -0
  294. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/env/unset.js +0 -0
  295. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/env/use.js +0 -0
  296. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/arguments.json +0 -0
  297. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/build.js +0 -0
  298. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/dot.js +0 -0
  299. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/get.js +0 -0
  300. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/help.js +0 -0
  301. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/help.txt +0 -0
  302. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/init.js +0 -0
  303. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/link-node-modules.js +0 -0
  304. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/link.js +0 -0
  305. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/msg.json +0 -0
  306. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/open.js +0 -0
  307. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/restart.js +0 -0
  308. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/set.js +0 -0
  309. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/start.js +0 -0
  310. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/status.js +0 -0
  311. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/stop.js +0 -0
  312. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/tail.js +0 -0
  313. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/update.js +0 -0
  314. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/framework/version.js +0 -0
  315. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/gina-dev.1.md +0 -0
  316. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/gina-framework.1.md +0 -0
  317. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/gina.1.md +0 -0
  318. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/helper.js +0 -0
  319. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/i18n/add.js +0 -0
  320. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/i18n/arguments.json +0 -0
  321. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/i18n/export.js +0 -0
  322. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/i18n/help.js +0 -0
  323. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/i18n/help.txt +0 -0
  324. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/i18n/import.js +0 -0
  325. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/i18n/scan.js +0 -0
  326. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/index.js +0 -0
  327. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/inspector/help.js +0 -0
  328. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/inspector/help.txt +0 -0
  329. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/inspector/open.js +0 -0
  330. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/minion/arguments.json +0 -0
  331. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/minion/help.js +0 -0
  332. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/minion/help.txt +0 -0
  333. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/minion/kill.js +0 -0
  334. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/minion/list.js +0 -0
  335. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/msg.json +0 -0
  336. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/port/help.js +0 -0
  337. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/port/help.txt +0 -0
  338. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/port/inc/scan.js +0 -0
  339. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/port/list.js +0 -0
  340. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/port/reset.js +0 -0
  341. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/port/set.js +0 -0
  342. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/project/add.js +0 -0
  343. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/project/arguments.json +0 -0
  344. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/project/build.js +0 -0
  345. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/project/help.js +0 -0
  346. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/project/help.txt +0 -0
  347. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/project/import.js +0 -0
  348. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/project/list.js +0 -0
  349. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/project/move.js +0 -0
  350. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/project/remove.js +0 -0
  351. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/project/rename.js +0 -0
  352. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/project/restart.js +0 -0
  353. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/project/rm.js +0 -0
  354. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/project/start.js +0 -0
  355. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/project/status.js +0 -0
  356. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/project/stop.js +0 -0
  357. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/protocol/arguments.json +0 -0
  358. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/protocol/help.js +0 -0
  359. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/protocol/help.txt +0 -0
  360. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/protocol/list.js +0 -0
  361. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/protocol/remove.js +0 -0
  362. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/protocol/set.js +0 -0
  363. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/scope/add.js +0 -0
  364. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/scope/help.js +0 -0
  365. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/scope/help.txt +0 -0
  366. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/scope/link-local.js +0 -0
  367. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/scope/link-production.js +0 -0
  368. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/scope/list.js +0 -0
  369. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/scope/remove.js +0 -0
  370. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/scope/rm.js +0 -0
  371. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/scope/use.js +0 -0
  372. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/secrets/arguments.json +0 -0
  373. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/secrets/check.js +0 -0
  374. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/secrets/help.js +0 -0
  375. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/secrets/help.txt +0 -0
  376. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/secrets/scan.js +0 -0
  377. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/service/help.js +0 -0
  378. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/service/help.txt +0 -0
  379. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/service/list.js +0 -0
  380. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/service/start.js +0 -0
  381. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd/view/add.js +0 -0
  382. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd-status-format/package.json +0 -0
  383. /package/framework/{v0.4.6 → v0.4.7}/lib/cmd-status-format/src/main.js +0 -0
  384. /package/framework/{v0.4.6 → v0.4.7}/lib/collection/README.md +0 -0
  385. /package/framework/{v0.4.6 → v0.4.7}/lib/collection/build.json +0 -0
  386. /package/framework/{v0.4.6 → v0.4.7}/lib/collection/package.json +0 -0
  387. /package/framework/{v0.4.6 → v0.4.7}/lib/collection/src/main.js +0 -0
  388. /package/framework/{v0.4.6 → v0.4.7}/lib/config.js +0 -0
  389. /package/framework/{v0.4.6 → v0.4.7}/lib/connector-registry/package.json +0 -0
  390. /package/framework/{v0.4.6 → v0.4.7}/lib/connector-registry/src/main.js +0 -0
  391. /package/framework/{v0.4.6 → v0.4.7}/lib/cron/README.md +0 -0
  392. /package/framework/{v0.4.6 → v0.4.7}/lib/cron/package.json +0 -0
  393. /package/framework/{v0.4.6 → v0.4.7}/lib/cron/src/main.js +0 -0
  394. /package/framework/{v0.4.6 → v0.4.7}/lib/domain/LICENSE +0 -0
  395. /package/framework/{v0.4.6 → v0.4.7}/lib/domain/README.md +0 -0
  396. /package/framework/{v0.4.6 → v0.4.7}/lib/domain/package.json +0 -0
  397. /package/framework/{v0.4.6 → v0.4.7}/lib/domain/src/main.js +0 -0
  398. /package/framework/{v0.4.6 → v0.4.7}/lib/generator/index.js +0 -0
  399. /package/framework/{v0.4.6 → v0.4.7}/lib/i18n/package.json +0 -0
  400. /package/framework/{v0.4.6 → v0.4.7}/lib/i18n/src/main.js +0 -0
  401. /package/framework/{v0.4.6 → v0.4.7}/lib/inherits/LICENSE +0 -0
  402. /package/framework/{v0.4.6 → v0.4.7}/lib/inherits/README.md +0 -0
  403. /package/framework/{v0.4.6 → v0.4.7}/lib/inherits/package.json +0 -0
  404. /package/framework/{v0.4.6 → v0.4.7}/lib/inherits/src/main.js +0 -0
  405. /package/framework/{v0.4.6 → v0.4.7}/lib/inspector-redact/package.json +0 -0
  406. /package/framework/{v0.4.6 → v0.4.7}/lib/inspector-redact/src/main.js +0 -0
  407. /package/framework/{v0.4.6 → v0.4.7}/lib/instrument/package.json +0 -0
  408. /package/framework/{v0.4.6 → v0.4.7}/lib/instrument/src/main.js +0 -0
  409. /package/framework/{v0.4.6 → v0.4.7}/lib/job/package.json +0 -0
  410. /package/framework/{v0.4.6 → v0.4.7}/lib/job/src/main.js +0 -0
  411. /package/framework/{v0.4.6 → v0.4.7}/lib/logger/README.md +0 -0
  412. /package/framework/{v0.4.6 → v0.4.7}/lib/logger/package.json +0 -0
  413. /package/framework/{v0.4.6 → v0.4.7}/lib/logger/src/containers/default/index.js +0 -0
  414. /package/framework/{v0.4.6 → v0.4.7}/lib/logger/src/containers/file/index.js +0 -0
  415. /package/framework/{v0.4.6 → v0.4.7}/lib/logger/src/containers/file/lib/logrotator/README.md +0 -0
  416. /package/framework/{v0.4.6 → v0.4.7}/lib/logger/src/containers/file/lib/logrotator/index.js +0 -0
  417. /package/framework/{v0.4.6 → v0.4.7}/lib/logger/src/containers/mq/index.js +0 -0
  418. /package/framework/{v0.4.6 → v0.4.7}/lib/logger/src/containers/mq/listener.js +0 -0
  419. /package/framework/{v0.4.6 → v0.4.7}/lib/logger/src/containers/mq/speaker.js +0 -0
  420. /package/framework/{v0.4.6 → v0.4.7}/lib/logger/src/helper.js +0 -0
  421. /package/framework/{v0.4.6 → v0.4.7}/lib/logger/src/main.js +0 -0
  422. /package/framework/{v0.4.6 → v0.4.7}/lib/math/index.js +0 -0
  423. /package/framework/{v0.4.6 → v0.4.7}/lib/mcp-dispatch/package.json +0 -0
  424. /package/framework/{v0.4.6 → v0.4.7}/lib/mcp-dispatch/src/main.js +0 -0
  425. /package/framework/{v0.4.6 → v0.4.7}/lib/mcp-http/package.json +0 -0
  426. /package/framework/{v0.4.6 → v0.4.7}/lib/mcp-http/src/main.js +0 -0
  427. /package/framework/{v0.4.6 → v0.4.7}/lib/mcp-server/package.json +0 -0
  428. /package/framework/{v0.4.6 → v0.4.7}/lib/mcp-server/src/main.js +0 -0
  429. /package/framework/{v0.4.6 → v0.4.7}/lib/merge/README.md +0 -0
  430. /package/framework/{v0.4.6 → v0.4.7}/lib/merge/package.json +0 -0
  431. /package/framework/{v0.4.6 → v0.4.7}/lib/merge/src/main.js +0 -0
  432. /package/framework/{v0.4.6 → v0.4.7}/lib/metrics/package.json +0 -0
  433. /package/framework/{v0.4.6 → v0.4.7}/lib/metrics/src/main.js +0 -0
  434. /package/framework/{v0.4.6 → v0.4.7}/lib/model.js +0 -0
  435. /package/framework/{v0.4.6 → v0.4.7}/lib/nunjucks-filters/README.md +0 -0
  436. /package/framework/{v0.4.6 → v0.4.7}/lib/nunjucks-filters/package.json +0 -0
  437. /package/framework/{v0.4.6 → v0.4.7}/lib/nunjucks-filters/src/main.js +0 -0
  438. /package/framework/{v0.4.6 → v0.4.7}/lib/nunjucks-resolver/package.json +0 -0
  439. /package/framework/{v0.4.6 → v0.4.7}/lib/nunjucks-resolver/src/main.js +0 -0
  440. /package/framework/{v0.4.6 → v0.4.7}/lib/proc.js +0 -0
  441. /package/framework/{v0.4.6 → v0.4.7}/lib/routing/README.md +0 -0
  442. /package/framework/{v0.4.6 → v0.4.7}/lib/routing/build.json +0 -0
  443. /package/framework/{v0.4.6 → v0.4.7}/lib/routing/package.json +0 -0
  444. /package/framework/{v0.4.6 → v0.4.7}/lib/routing/src/main.js +0 -0
  445. /package/framework/{v0.4.6 → v0.4.7}/lib/routing/src/radix.js +0 -0
  446. /package/framework/{v0.4.6 → v0.4.7}/lib/routing-introspect/package.json +0 -0
  447. /package/framework/{v0.4.6 → v0.4.7}/lib/routing-introspect/src/main.js +0 -0
  448. /package/framework/{v0.4.6 → v0.4.7}/lib/secrets/package.json +0 -0
  449. /package/framework/{v0.4.6 → v0.4.7}/lib/secrets/src/backends/env.js +0 -0
  450. /package/framework/{v0.4.6 → v0.4.7}/lib/secrets/src/main.js +0 -0
  451. /package/framework/{v0.4.6 → v0.4.7}/lib/session-store.js +0 -0
  452. /package/framework/{v0.4.6 → v0.4.7}/lib/shell.js +0 -0
  453. /package/framework/{v0.4.6 → v0.4.7}/lib/state.js +0 -0
  454. /package/framework/{v0.4.6 → v0.4.7}/lib/swig-filters/README.md +0 -0
  455. /package/framework/{v0.4.6 → v0.4.7}/lib/swig-filters/package.json +0 -0
  456. /package/framework/{v0.4.6 → v0.4.7}/lib/swig-filters/src/main.js +0 -0
  457. /package/framework/{v0.4.6 → v0.4.7}/lib/swig-resolver/package.json +0 -0
  458. /package/framework/{v0.4.6 → v0.4.7}/lib/swig-resolver/src/main.js +0 -0
  459. /package/framework/{v0.4.6 → v0.4.7}/lib/template-loaders/package.json +0 -0
  460. /package/framework/{v0.4.6 → v0.4.7}/lib/template-loaders/src/loaders/http.js +0 -0
  461. /package/framework/{v0.4.6 → v0.4.7}/lib/template-loaders/src/loaders/memory.js +0 -0
  462. /package/framework/{v0.4.6 → v0.4.7}/lib/template-loaders/src/main.js +0 -0
  463. /package/framework/{v0.4.6 → v0.4.7}/lib/url/README.md +0 -0
  464. /package/framework/{v0.4.6 → v0.4.7}/lib/url/index.js +0 -0
  465. /package/framework/{v0.4.6 → v0.4.7}/lib/url/routing.json +0 -0
  466. /package/framework/{v0.4.6 → v0.4.7}/lib/uuid/package.json +0 -0
  467. /package/framework/{v0.4.6 → v0.4.7}/lib/uuid/src/main.js +0 -0
  468. /package/framework/{v0.4.6 → v0.4.7}/lib/validator.js +0 -0
  469. /package/framework/{v0.4.6 → v0.4.7}/lib/watcher/package.json +0 -0
  470. /package/framework/{v0.4.6 → v0.4.7}/lib/watcher/src/main.js +0 -0
@@ -0,0 +1,422 @@
1
+ /**
2
+ * This file is part of the gina package.
3
+ * Copyright (c) 2009-2026 Rhinostone <contact@gina.io>
4
+ *
5
+ * For the full copyright and license information, please view the LICENSE
6
+ * file that was distributed with this source code.
7
+ */
8
+
9
+ /**
10
+ * @module gina/lib/ws-session
11
+ *
12
+ * WebSocket-over-HTTP/2 session bridge (RFC 8441 §5: the extended-CONNECT
13
+ * stream is used "as if it were the TCP connection" of RFC 6455).
14
+ *
15
+ * Responsibilities:
16
+ * - `accept(request)`: answer the extended CONNECT with `:status 200` on the
17
+ * raw Http2Stream and wrap the stream + a `lib/ws-framing` parser into a
18
+ * {@link WsSession} with a send / ping / close API.
19
+ * - Protocol housekeeping: auto-pong (§5.5.2), close-handshake echo and a
20
+ * timed initiated close (§5.5.1 / §7), protocol violations answered with
21
+ * the prescribed status code then torn down.
22
+ * - Lifecycle: teardown on stream `close` / `error` / `aborted` (the HTTP/2
23
+ * analogs of TCP close/RST per RFC 8441 §5), and registration into the
24
+ * framework's graceful-shutdown drain registry
25
+ * (`process.gina._sseConnections`) so SIGTERM closes live sessions with a
26
+ * `1001 going away` instead of blocking the server drain.
27
+ * - Containment: consumer callbacks and transport writes are guarded —
28
+ * nothing thrown by a handler or a dying stream escalates to an
29
+ * uncaughtException (which would take the whole bundle down).
30
+ *
31
+ * Out of scope (by design):
32
+ * - Frame parsing/building rules — `lib/ws-framing` owns RFC 6455 §5/§7/§8.
33
+ * - The extended-CONNECT detection and refusal table — the Isaac engine owns
34
+ * those; this module only ever sees an already-accepted websocket stream.
35
+ * - Authentication — the consumer decides from the request it is handed.
36
+ *
37
+ * @example
38
+ * // from a bundle's onInitialize (app is the raw HTTP/2 server):
39
+ * app.onWebSocket('/live', function(session, request) {
40
+ * session.onMessage(function(data, isBinary) { session.send('echo: ' + data); });
41
+ * session.onClose(function(code, reason) { ... });
42
+ * });
43
+ */
44
+
45
+ var wsf = require('../../ws-framing/src/main');
46
+
47
+ /** @private no-op default handler */
48
+ function noop() {}
49
+
50
+ /**
51
+ * Session options.
52
+ *
53
+ * @typedef {object} WsSessionOptions
54
+ * @property {number} [maxPayload] - forwarded to the ws-framing parser (§10.4 cap)
55
+ * @property {number} [maxFragments] - forwarded to the ws-framing parser (§10.4 cap)
56
+ * @property {number} [closeTimeout=5000] - ms to wait for the peer's Close frame after an initiated close before force-ending the stream
57
+ * @property {boolean} [autoPong=true] - answer inbound PINGs automatically (§5.5.2)
58
+ * @property {string} [protocol] - subprotocol to echo in the `sec-websocket-protocol` response header
59
+ */
60
+
61
+ /**
62
+ * One live WebSocket-over-HTTP/2 session. Construct via
63
+ * {@link module:gina/lib/ws-session~accept} — never directly.
64
+ *
65
+ * Consumer callbacks are registered with the chainable `onMessage` /
66
+ * `onPing` / `onPong` / `onClose` / `onError` setters. `onClose` is the
67
+ * single TERMINAL event (normal close, protocol failure, or transport
68
+ * teardown — exactly once); `onError` is diagnostic and may precede it.
69
+ *
70
+ * @class
71
+ * @constructor
72
+ * @param {object} stream - the raw Http2Stream of the accepted extended CONNECT
73
+ * @param {WsSessionOptions} [options]
74
+ */
75
+ function WsSession(stream, options) {
76
+ options = options || {};
77
+ var self = this;
78
+
79
+ /** @private */
80
+ this._stream = stream;
81
+ /** @private @type {number} */
82
+ this._closeTimeout = (typeof options.closeTimeout === 'number' && options.closeTimeout > 0)
83
+ ? options.closeTimeout
84
+ : 5000;
85
+ /** @private @type {boolean} */
86
+ this._autoPong = options.autoPong !== false;
87
+ /** @private consumer callbacks (chainable setters below) */
88
+ this._handlers = { message: noop, ping: noop, pong: noop, close: noop, error: noop, drain: noop };
89
+ /** @private @type {boolean} a Close frame has been written to the wire */
90
+ this._closeSent = false;
91
+ /** @private @type {boolean} the terminal onClose has been delivered */
92
+ this._finished = false;
93
+ /** @private @type {object|null} */
94
+ this._closeTimer = null;
95
+ /** @private graceful-shutdown drain callback registered on process.gina._sseConnections */
96
+ this._shutdownCloser = function() {
97
+ try { self.close(1001, 'server shutting down'); } catch (err) { /* already torn down */ }
98
+ };
99
+
100
+ /** @private the per-connection RFC 6455 parser */
101
+ this._parser = wsf.createParser({
102
+ maxPayload : options.maxPayload,
103
+ maxFragments : options.maxFragments,
104
+ isServer : true,
105
+ onMessage : function(data, isBinary) {
106
+ self._invoke('message', data, isBinary);
107
+ },
108
+ onPing : function(payload) {
109
+ if (self._autoPong) {
110
+ self._write(wsf.encodePong(payload));
111
+ }
112
+ self._invoke('ping', payload);
113
+ },
114
+ onPong : function(payload) {
115
+ self._invoke('pong', payload);
116
+ },
117
+ onClose : function(code, reason) {
118
+ // §5.5.1 — echo the peer's status code (empty body back when the
119
+ // peer sent none: 1005 is reserved and never goes on the wire).
120
+ if (!self._closeSent) {
121
+ self._closeSent = true;
122
+ self._write(
123
+ (code === 1005)
124
+ ? wsf.encodeFrame({ opcode: wsf.OPCODES.CLOSE })
125
+ : wsf.encodeClose(code)
126
+ );
127
+ }
128
+ self._endStream();
129
+ self._finish(code, reason);
130
+ },
131
+ onError : function(err) {
132
+ // Protocol violation: best-effort Close frame with the prescribed
133
+ // code ("Fail the WebSocket Connection", §7.1.7), then teardown.
134
+ if (!self._closeSent) {
135
+ self._closeSent = true;
136
+ try { self._write(wsf.encodeClose(err.closeCode || 1002)); } catch (encErr) { /* best-effort */ }
137
+ }
138
+ self._invoke('error', err);
139
+ self._endStream();
140
+ self._finish(err.closeCode || 1002, err.message);
141
+ }
142
+ });
143
+
144
+ stream.on('data', function(chunk) {
145
+ self._parser.feed(chunk);
146
+ });
147
+ // Transport teardown (HTTP/2 END_STREAM / RST_STREAM / session GOAWAY all
148
+ // surface here per RFC 8441 §5). 1006 = abnormal closure — reserved on the
149
+ // wire, legitimate as a LOCAL report (§7.4.1).
150
+ stream.on('close', function() {
151
+ self._finish(1006, '');
152
+ });
153
+ stream.on('error', function(err) {
154
+ // Absorb — a dying client stream must never escalate to uncaughtException.
155
+ self._finish(1006, String((err && err.message) || ''));
156
+ });
157
+ stream.on('aborted', function() {
158
+ self._finish(1006, '');
159
+ });
160
+ if (typeof stream.on === 'function') {
161
+ stream.on('drain', function() {
162
+ self._invoke('drain');
163
+ });
164
+ }
165
+
166
+ // Graceful-shutdown drain: proc.js's SIGTERM path iterates this registry
167
+ // and invokes every closer before _httpServer.close(), so live WebSocket
168
+ // sessions end with a clean `1001 going away` instead of blocking the
169
+ // drain until the hard shutdown timeout.
170
+ if (typeof process !== 'undefined' && process.gina) {
171
+ if (!process.gina._sseConnections) {
172
+ process.gina._sseConnections = new Set();
173
+ }
174
+ process.gina._sseConnections.add(this._shutdownCloser);
175
+ }
176
+ }
177
+
178
+ /**
179
+ * Registers the message handler — `(data, isBinary)`: text arrives as a
180
+ * validated UTF-8 string, binary as a Buffer.
181
+ *
182
+ * @param {function} fn
183
+ * @returns {WsSession} this (chainable)
184
+ * @example
185
+ * session.onMessage(function(data, isBinary) { ... });
186
+ */
187
+ WsSession.prototype.onMessage = function(fn) { this._handlers.message = (typeof fn === 'function') ? fn : noop; return this; };
188
+
189
+ /**
190
+ * Registers the ping handler — `(payload Buffer)`. The pong is already sent
191
+ * automatically unless the session was created with `autoPong: false`.
192
+ *
193
+ * @param {function} fn
194
+ * @returns {WsSession} this (chainable)
195
+ */
196
+ WsSession.prototype.onPing = function(fn) { this._handlers.ping = (typeof fn === 'function') ? fn : noop; return this; };
197
+
198
+ /**
199
+ * Registers the pong handler — `(payload Buffer)`.
200
+ *
201
+ * @param {function} fn
202
+ * @returns {WsSession} this (chainable)
203
+ */
204
+ WsSession.prototype.onPong = function(fn) { this._handlers.pong = (typeof fn === 'function') ? fn : noop; return this; };
205
+
206
+ /**
207
+ * Registers the TERMINAL close handler — `(code, reason)`, delivered exactly
208
+ * once: peer close (the peer's code; 1005 when its Close body was empty),
209
+ * protocol failure (the violation's code), initiated-close completion, or
210
+ * transport teardown (1006).
211
+ *
212
+ * @param {function} fn
213
+ * @returns {WsSession} this (chainable)
214
+ */
215
+ WsSession.prototype.onClose = function(fn) { this._handlers.close = (typeof fn === 'function') ? fn : noop; return this; };
216
+
217
+ /**
218
+ * Registers the diagnostic error handler — `(err)` with `err.closeCode` on
219
+ * protocol violations. Always followed by the terminal `onClose`.
220
+ *
221
+ * @param {function} fn
222
+ * @returns {WsSession} this (chainable)
223
+ */
224
+ WsSession.prototype.onError = function(fn) { this._handlers.error = (typeof fn === 'function') ? fn : noop; return this; };
225
+
226
+ /**
227
+ * Registers the backpressure-relief handler, forwarded from the underlying
228
+ * stream's `drain` event. Pair with {@link WsSession#send}'s boolean return.
229
+ *
230
+ * @param {function} fn
231
+ * @returns {WsSession} this (chainable)
232
+ */
233
+ WsSession.prototype.onDrain = function(fn) { this._handlers.drain = (typeof fn === 'function') ? fn : noop; return this; };
234
+
235
+ /**
236
+ * Sends a message: a string goes as a TEXT frame, a Buffer as a BINARY frame.
237
+ *
238
+ * @param {string|Buffer} data
239
+ * @returns {boolean} false when the frame could not be written or the
240
+ * underlying stream signalled backpressure (`stream.write` returned false —
241
+ * wait for {@link WsSession#onDrain}); true otherwise
242
+ * @example
243
+ * if (!session.send(bigPayload)) { session.onDrain(resumeSending); }
244
+ */
245
+ WsSession.prototype.send = function(data) {
246
+ if (this._finished || this._closeSent) {
247
+ return false;
248
+ }
249
+ var frame = (typeof data === 'string') ? wsf.encodeText(data) : wsf.encodeBinary(data);
250
+ return this._write(frame);
251
+ };
252
+
253
+ /**
254
+ * Sends a PING (§5.5.2). Payload must be <= 125 bytes.
255
+ *
256
+ * @param {string|Buffer} [payload]
257
+ * @returns {boolean} as {@link WsSession#send}
258
+ */
259
+ WsSession.prototype.ping = function(payload) {
260
+ if (this._finished || this._closeSent) {
261
+ return false;
262
+ }
263
+ return this._write(wsf.encodePing(payload));
264
+ };
265
+
266
+ /**
267
+ * Initiates the close handshake (§7): sends a Close frame, then waits up to
268
+ * `closeTimeout` ms for the peer's echo before force-ending the stream.
269
+ * Idempotent.
270
+ *
271
+ * @param {number} [code] - §7.4 status code; omit for an empty Close body
272
+ * @param {string} [reason]
273
+ * @returns {void}
274
+ * @example
275
+ * session.close(1000, 'done');
276
+ */
277
+ WsSession.prototype.close = function(code, reason) {
278
+ if (this._finished || this._closeSent) {
279
+ return;
280
+ }
281
+ this._closeSent = true;
282
+ try {
283
+ this._write(
284
+ (typeof code === 'undefined')
285
+ ? wsf.encodeFrame({ opcode: wsf.OPCODES.CLOSE })
286
+ : wsf.encodeClose(code, reason)
287
+ );
288
+ } catch (err) {
289
+ // invalid code/reason from the consumer — still proceed with teardown
290
+ }
291
+ var self = this;
292
+ this._closeTimer = setTimeout(function() {
293
+ self._endStream();
294
+ self._finish((typeof code === 'undefined') ? 1000 : code, reason || '');
295
+ }, this._closeTimeout);
296
+ if (typeof this._closeTimer.unref === 'function') {
297
+ this._closeTimer.unref();
298
+ }
299
+ };
300
+
301
+ /**
302
+ * Whether the session has delivered its terminal close.
303
+ *
304
+ * @returns {boolean}
305
+ */
306
+ WsSession.prototype.isClosed = function() {
307
+ return this._finished;
308
+ };
309
+
310
+ /**
311
+ * Invokes a consumer callback with containment: a throwing handler is
312
+ * reported (diagnostic onError, itself guarded) and the session is closed
313
+ * with `1011 internal error` — never an uncaughtException.
314
+ *
315
+ * @private
316
+ */
317
+ WsSession.prototype._invoke = function(name) {
318
+ var args = Array.prototype.slice.call(arguments, 1);
319
+ try {
320
+ this._handlers[name].apply(null, args);
321
+ } catch (err) {
322
+ if (name !== 'error') {
323
+ try { this._handlers.error(err); } catch (err2) { /* contained */ }
324
+ }
325
+ console.warn('[ WS-SESSION ] handler `' + name + '` threw: ' + (err && err.message));
326
+ if (name !== 'close') {
327
+ this.close(1011, 'internal error');
328
+ }
329
+ }
330
+ };
331
+
332
+ /**
333
+ * Guarded write to the underlying stream.
334
+ *
335
+ * @private
336
+ * @param {Buffer} buf
337
+ * @returns {boolean} stream.write's backpressure boolean; false when the
338
+ * stream is gone or the write threw
339
+ */
340
+ WsSession.prototype._write = function(buf) {
341
+ var stream = this._stream;
342
+ if (!stream || stream.destroyed || stream.closed || stream.writableEnded) {
343
+ return false;
344
+ }
345
+ try {
346
+ return stream.write(buf) !== false;
347
+ } catch (err) {
348
+ return false;
349
+ }
350
+ };
351
+
352
+ /**
353
+ * Half-closes the transport (HTTP/2 END_STREAM).
354
+ *
355
+ * @private
356
+ */
357
+ WsSession.prototype._endStream = function() {
358
+ var stream = this._stream;
359
+ try {
360
+ if (stream && !stream.destroyed && !stream.writableEnded) {
361
+ stream.end();
362
+ }
363
+ } catch (err) { /* already gone */ }
364
+ };
365
+
366
+ /**
367
+ * Delivers the terminal onClose exactly once and releases session resources
368
+ * (close timer, shutdown-drain registration).
369
+ *
370
+ * @private
371
+ * @param {number} code
372
+ * @param {string} reason
373
+ */
374
+ WsSession.prototype._finish = function(code, reason) {
375
+ if (this._finished) {
376
+ return;
377
+ }
378
+ this._finished = true;
379
+ if (this._closeTimer) {
380
+ clearTimeout(this._closeTimer);
381
+ this._closeTimer = null;
382
+ }
383
+ if (typeof process !== 'undefined' && process.gina && process.gina._sseConnections) {
384
+ process.gina._sseConnections.delete(this._shutdownCloser);
385
+ }
386
+ this._invoke('close', code, reason || '');
387
+ };
388
+
389
+ /**
390
+ * Accepts an extended-CONNECT websocket request: answers `:status 200`
391
+ * (RFC 8441 §5 — the stream then IS the bidirectional WebSocket channel) and
392
+ * returns the wrapped session.
393
+ *
394
+ * @function accept
395
+ * @param {object} request - the Http2ServerRequest of the extended CONNECT (`request.stream` is the raw Http2Stream)
396
+ * @param {WsSessionOptions} [options]
397
+ * @returns {WsSession}
398
+ * @throws {TypeError} when the request carries no respondable HTTP/2 stream
399
+ * @throws {Error} when the stream is already closed
400
+ * @example
401
+ * var session = lib.wsSession.accept(request, { maxPayload: 262144 });
402
+ */
403
+ function accept(request, options) {
404
+ var stream = request && request.stream;
405
+ if (!stream || typeof stream.respond !== 'function') {
406
+ throw new TypeError('accept(request) requires an HTTP/2 extended-CONNECT request carrying a respondable request.stream');
407
+ }
408
+ if (stream.destroyed || stream.closed) {
409
+ throw new Error('accept(request): the stream is already closed');
410
+ }
411
+ var headers = { ':status': 200 };
412
+ if (options && typeof options.protocol === 'string' && options.protocol.length > 0) {
413
+ headers['sec-websocket-protocol'] = options.protocol;
414
+ }
415
+ stream.respond(headers);
416
+ return new WsSession(stream, options);
417
+ }
418
+
419
+ module.exports = {
420
+ accept : accept,
421
+ WsSession : WsSession
422
+ };
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "gina-framework",
3
- "version": "0.4.6-alpha.2",
3
+ "version": "0.4.7-alpha.2",
4
4
  "dependencies": {
5
5
  "@rhinostone/swig": "^2.7.2",
6
6
  "intl-messageformat": "^11.2.4",
package/gna.js CHANGED
@@ -15,14 +15,14 @@
15
15
  'use strict';
16
16
 
17
17
  // Framework core — the main gna module (lifecycle hooks, lib, etc.)
18
- var _gna = require('./framework/v0.4.6/core/gna');
18
+ var _gna = require('./framework/v0.4.7/core/gna');
19
19
 
20
20
  // SuperController and EntitySuper — loaded from their source modules
21
- var SuperController = require('./framework/v0.4.6/core/controller');
22
- var EntitySuper = require('./framework/v0.4.6/core/model/entity');
21
+ var SuperController = require('./framework/v0.4.7/core/controller');
22
+ var EntitySuper = require('./framework/v0.4.7/core/model/entity');
23
23
 
24
24
  // uuid — from the lib registry
25
- var uuid = require('./framework/v0.4.6/lib/uuid');
25
+ var uuid = require('./framework/v0.4.7/lib/uuid');
26
26
 
27
27
  module.exports = {
28
28
 
package/llms.txt CHANGED
@@ -369,11 +369,13 @@ var jobId = self.inferAsync([{ role: 'user', content: prompt }], { connector: 'm
369
369
  "maxConcurrentStreams": 256,
370
370
  "initialWindowSize": 655350,
371
371
  "maxSessionRejectedStreams": 100,
372
- "maxSessionInvalidFrames": 1000
372
+ "maxSessionInvalidFrames": 1000,
373
+ "maxStreamsPerSecond": 200,
374
+ "enableConnectProtocol": false
373
375
  }
374
376
  }
375
377
  ```
376
- Security-critical settings that are hardcoded and not user-overridable: `maxHeaderListSize: 65536` (HPACK bomb), `enablePush: false`.
378
+ Security-critical settings that are hardcoded and not user-overridable: `maxHeaderListSize: 65536` (HPACK bomb), `enablePush: false`. All of the above apply to both https and cleartext h2c bundles (the full `http2Options` reaches createSecureServer and createServer alike).
377
379
 
378
380
  **Session metrics** — exposed at `/_gina/info` under `"http2"` key:
379
381
  ```json
@@ -863,7 +865,7 @@ Dev-mode query instrumentation captures every database query tied to the current
863
865
  127. **Web Security Headers (`#HDR` plugin family) — 10 lessons consolidated** (replaces individual entries #114, #115, #116, #118, #120, #121, #122, #124, #141, #157):
864
866
  - **HTTP security response-header plugins follow the Csrf middleware-return shape, NOT the Session factory-wrap shape** — they emit a header on the response rather than wrapping an upstream module factory. Csrf returns an express middleware directly; each HDR plugin does the same. Settings.json convention stays flat top-level (each plugin gets its own top-level key, sibling of `session.cookie.*` / `csrf.*`). Idempotent-by-default: every header plugin checks `res.getHeader(name)` first and skips writing if a value is already present. No `enabled: false` shortcut — registration IS opt-in; not registering IS opt-out. Throw-on-invalid at factory call time (NOT request time). Multi-field cross-invariant validation in `_resolveOptions` helpers (e.g. #HDR4 `preload=true` requires `includeSubDomains=true` AND `maxAge>=31536000`). Spec-deviation documentation pattern: name the spec section + offsetting receiver behaviour + design tradeoff + operator escape hatch (e.g. #HDR4 RFC 6797 §7.2 vs §8.1). Per-plugin commit shape: 9 touchpoints on gina (src + package.json + README + registry entry + settings template + boilerplate adoption block + ROADMAP row + changie YAML + tests) + 3 on docs-repo (guide + migration + roadmap) in a SEPARATE commit per session.
865
867
  - **CSP per-response nonce (#HDR16)** — `gina.plugins.Csp({ useNonce: true })` (opt-in, default off) generates a fresh per-response nonce on the per-request carrier `req._ginaCspNonce` (NOT `res.locals` / `process.gina.*` — the latter would leak across concurrent requests), appends `'nonce-<v>'` to `script-src` (fallback `default-src`; the factory THROWS at call time if neither directive is present), and the swig/nunjucks render delegates stamp it on framework-injected inline scripts and expose `{{ page.cspNonce }}` / `{{ cspNonce }}` so application templates can mark their own inline `<script>`s. The static (no-nonce) path precomputes the header once and writes no `req` slot — byte-identical + zero per-request allocation for non-opt-in bundles.
866
- - **CSP report-only-inert directive omission (#HDR5)** — in `reportOnly` mode `Csp` omits directives browsers ignore there (`REPORT_ONLY_IGNORED_DIRECTIVES`, currently just `sandbox` — the only directive ignored in report-only by every engine: CSP2 spec text, MDN's Report-Only page, Chromium source, WebKit) and warns once naming what was dropped; `frame-ancestors` is deliberately KEPT — its report-only behaviour is engine-divergent (the CSP3 spec, Gecko and Blink evaluate it and send violation reports; WebKit alone ignores it with a console warning and no report, retaining the CSP2 ignore-when-monitoring rule that CSP3 dropped), so omitting it would lose the Chrome + Firefox observation-phase signal — WebKit-heavy consumers can leave it out of their own report-only set; the configured `directives` keep `sandbox`, so an enforcing factory from the same config still emits it; throws if every directive is report-only-inert.
868
+ - **CSP report-only-inert directive omission (#HDR5)** — in `reportOnly` mode `Csp` omits directives browsers ignore there (`REPORT_ONLY_IGNORED_DIRECTIVES`, currently just `sandbox` — the only directive ignored in report-only by every engine: CSP2 spec text, MDN's Report-Only page, Chromium source, WebKit) and warns once naming what was dropped; `frame-ancestors` is deliberately KEPT — its report-only behaviour is engine-divergent (the CSP3 spec, Gecko and Blink evaluate it and send violation reports; WebKit alone ignores it with a console warning and no report, retaining the CSP2 ignore-when-monitoring rule that CSP3 dropped), so omitting it would lose the Chrome + Firefox observation-phase signal — WebKit-heavy consumers can leave it out of their own report-only set; the configured `directives` keep `sandbox`, so an enforcing factory from the same config still emits it; throws if every directive is report-only-inert. The opt-in `reportOnlyOmit: ['frame-ancestors']` packages the consumer-side omission for engine-divergent directives: named directives are omitted from the report-only header (factory warn with wording distinct from the browser-inert omission — these are NOT browser-ignored; the consumer is forgoing the Gecko/Blink report signal) and emitted again automatically at the enforce flip, so one directive set covers both modes; entries are validated against the same CSP3 whitelist (unknown names throw); silent-inert under reportOnly:false (carrying it there is the expected lifecycle state, never warned); throws if the omissions empty the report-only set or omit the useNonce target directive.
867
869
  - **Helmet-parity audit pattern: WebFetch the upstream README before claiming feature parity** — memory of vendor surfaces goes stale fast. When assessing parity, `WebFetch` the canonical README URL before claiming. Triage gaps on 4 axes: (a) modern-and-default-on-in-upstream → strong candidate to add; (b) modern-and-opt-in → moderate; (c) legacy-but-default-on → defense-in-depth-only; (d) legacy-and-opt-in-everywhere → likely skip. Audit cost: 1 WebFetch + ~5 min triage. Cost of skipping: parity-narrative gap a consumer will notice. Precedent: 2026-05-17 #HDR7 (`Origin-Agent-Cluster`) caught via helmet README audit; would have been silently missed otherwise.
868
870
  - **Wrapper / orchestrator plugins inherit "batteries-included" default behaviour from sibling wrappers (Session, Csrf, SecurityHeaders), NOT the "register to opt in" rule that single-concern per-feature plugins follow** — `gina.plugins.SecurityHeaders()` with no opts mounts the 7 non-footgun headers (HDR1/2/3/4/7/13/14) with per-plugin defaults. CSP (#HDR5) and COEP (#HDR6) are opt-in-only WITHIN the orchestrator because of known footguns (CSP throws on missing directives; COEP `require-corp` BREAKS embeds without CORP). Default to batteries-included with the "safe" subset of children mounted-by-default; opt-in-only the children with known footguns; preserve the individual-plugin escape hatch via the idempotent first-writer-wins pattern.
869
871
  - **gina-bundle plugin adoption ALWAYS uses `myapp.onInitialize(function(event, app){ app.use(<plugin>); event.emit('complete', app); })` — NEVER the standalone-Express idiom** — bundle authors do NOT `require('express')` or call `express()` themselves; gina builds the Express app and passes it via the `onInitialize` callback's `app` parameter. The standalone-Express idiom (`var express = require('express'); var app = express();`) is the recurrence-prone failure mode — universally familiar so it propagates by static-analogy when new docs are added mirroring wrong examples. When adding to an existing docs guide family, cross-check the adoption convention against sibling guides (`csrf.md`, `sessions.md`) AND against the boilerplate (`core/template/boilerplate/bundle/index.js`) BEFORE mirroring an existing example. Sibling sweep needed for Mermaid `participant` declarations: `grep -rn 'participant.*express\|App as express' docs/` — prose-only sweeps miss diagram syntax.
@@ -945,3 +947,7 @@ Dev-mode query instrumentation captures every database query tied to the current
945
947
  166. **`project:add`'s gina-symlink step (`linkGina`) no longer shells out to a PATH-resolved `gina` binary, and a failed link now fails the command instead of printing success (`2966a823`, 2026-06-10).** The project's `node_modules/gina` symlink was created by spawning `gina link @<project>` resolved from the PATH; on hosts where no `gina` is on PATH — a repo checkout where `npm install --ignore-scripts` skipped bin linking (CI), or any non-global install — the spawn failed, the failure was routed through the SUCCESS callback (`onSuccess(err)`; the `onError` parameter was dead code), `project:add` printed "Project has been added", and the scaffolded bundle later crashed at boot with `MODULE_NOT_FOUND` on its framework require (the daemonless container-boot integration test was red on CI from its very first run there — never a regression of the commits it first ran against). Three-part fix in `lib/cmd/project/add.js::linkGina`: (a) spawn the running install's OWN CLI — `[process.execPath, <gina root>/bin/cli, 'link', '@<project>']`, the root resolved from the handler's own location (the same self-resolution rationale `framework/link.js` documents for its symlink source; `bin/cli` rewrites a bare `link` task to `framework:link`, which is offline-allowed, so no daemon is needed); the ARRAY form of `Shell.run` matters because the string form is split on spaces with no shell; (b) verify the actual POSTCONDITION (`fs.existsSync` on the project's `node_modules/gina`) instead of trusting the Shell's err channel — the Shell helper reports ANY stderr output as an error even on success, so postcondition-wins is what keeps stderr noise from failing a healthy link; (c) route genuine failures through `onError` so `project:add` exits non-zero. **Two general lessons: never self-invoke your own CLI via a PATH-resolved name (resolve from your own location — PATH may carry no copy or a different version), and when a spawn wrapper's error channel is noisy, assert the operation's postcondition rather than the channel.** Repro recipe for the class: re-run the failing flow with `PATH=/usr/bin:/bin` — a green-locally/red-on-CI integration test whose CI log shows `MODULE_NOT_FOUND` from generated code is the signature. Tests: `test/lib/project-add-link.test.js` (spawn-shape + postcondition + onError source pins, comment-stripped negative on the old PATH form, resolved-CLI-exists check against the real tree, onComplete decision replica); the container-boot integration test is the end-to-end CI guard. Established 2026-06-10.
946
948
 
947
949
  167. **Two follow-on rules from completing the PATH-resolved self-invocation sweep (`884ee7cd` + `96ca2d03`, 2026-06-10).** (a) **Never guard `execSync` with `instanceof Error`** — `execSync` THROWS on non-zero exit and never returns an Error, so the shape `err = execSync(...); if (err instanceof Error) {...}` is dead code: the "handled" branch can never fire and a real failure escapes as an uncaught throw instead of reaching the command's error path. Wrap in try/catch, and prefer `err.stderr.toString().trim()` for the operator-facing message when present (execSync attaches the child's stderr to the thrown error). Three live instances of this dead shape were removed (framework:link's stale-node_modules repair and CmdHelper's auto-link step). (b) **When self-invoking, pick the entry point that preserves spawn semantics:** plain CLI commands (`link`, `link-node-modules`) are invoked through `bin/cli` directly, but daemon-lifecycle commands (`start`, `stop`, `bundle:restart` inside framework start/restart) must go through the `bin/gina` wrapper — it is the daemonizing "fake daemon" entry point and `start` relies on its detached spawn; `bin/gina` self-locates its cli via its own directory, so an absolute-path invocation stays PATH-independent end-to-end. Deliberate exceptions kept out of the sweep: deriving an npm install PREFIX from `which gina` for project:import registry metadata (semantically "where is gina installed on this machine" — meaningless on a repo checkout, and a wrong self-derived guess would corrupt project metadata; kept with its existing try/catch), and `$(which npm)` (a third-party binary — PATH is the normal resolution). Tests: `test/lib/project-add-link.test.js` §05-07. Established 2026-06-10.
950
+
951
+ 168. **Never hardcode `framework/v<version>` paths in test fixtures, test harnesses, or CI workflows — derive the dir from `package.json` at runtime; enforced by `test/lib/e2e-no-version-pins.test.js`.** The framework directory is renamed at every release cut (the stable rename plus two alpha bumps), so a version-pinned path is green on every CI run between cuts and breaks exactly at the release — polluting the cut's CI signal — and the tag's tree (merged to master, which only moves via tag merges) then carries a deterministic red until the NEXT tag. Incident shape (v0.4.6): an e2e fixture linked the built stylesheet via a literal `framework/v0.4.6-alpha.2/...` href; both post-rename pushes went red with CSS-initial-value failures (`overflow: visible` where the scroll-lock expects `hidden`, `transition-property: all` where the enter transition expects `opacity`) — the diagnostic tell that the page's JS ran but its stylesheet didn't load. Fix: serve fixtures through `test/e2e/runtime-server.js`, which resolves `framework/v<version>` from `package.json` (the same idiom as the CI workflows' `FW_DIR="framework/v${VERSION}"`). The guard test sweeps `test/e2e/**`, `.github/workflows/**`, and `playwright.config.js` for `framework/v<digit>` literals in the gated suite, so a reintroduced pin fails at commit time instead of at the cut; the regex is digit-anchored so `framework/v<version>` prose, `v${VERSION}` interpolation, and `v*` glob pathspecs never match, and it carries per-directory non-empty-sweep pins so a dir move cannot hollow it into a silent always-green no-op. `gna.js` and the root `package.json` `main` field carry the literal BY DESIGN — the release scripts rewrite them atomically with the dir rename (dir name == `package.json` version at every commit), so they are maintained surfaces, deliberately not swept. A post-rename pre-publish Playwright smoke was measured and declined: with zero literals enforced, every committed tree is rename-consistent by construction, and dist staleness (the other tag-tree drift class) is the bundle-freshness gate's job. Established 2026-06-11 (commits `37281177` + `26ff8e83`).
952
+
953
+ 169. **WebSocket over HTTP/2 shipped (develop 2026-06-11, target `0.5.0`; commits `a1bf4d95` transport + `a5f29e5f` codec + `f6ebca90` bridge/API).** Three layers, each with a measured lesson. (1) Transport (Isaac engine): strict `=== true` opt-in `http2Options.enableConnectProtocol` — a boolean settings key must NEVER reuse the `|| default` idiom of its numeric siblings (the string `"true"` or `1` must not flip a SETTINGS advert); the key lives in the `http2Options.settings` literal, which reaches `createSecureServer` (https) and the cleartext `createServer` branches alike since the h2c flood-defense parity fix (2026-06-11 — before it, the cleartext branches passed a bare `{ allowHTTP1 }` literal, dropping the SETTINGS advert AND the session flood caps `maxSessionRejectedStreams`/`maxSessionInvalidFrames`, so h2c bundles ran protocol-default limits — effectively unlimited concurrent streams, server push enabled — and silently ignored their settings.json `http2Options` overrides; passing `http2Options` verbatim is safe because TLS material only merges under `/https/` scheme gates). **Extended-CONNECT streams must be handled on the compat `connect` event, not `session.on('stream')`** — Node's http2 compat layer auto-responds 405 to every CONNECT stream and its internal listener is attached at session setup, before any userland session-level listener, so a stream-handler design loses the race with `ERR_HTTP2_HEADERS_SENT`. Registering a `connect` listener suppresses that auto-405 for ALL CONNECT, so every handler path must terminate the stream (an unanswered CONNECT hangs forever), including the HTTP/1.1 CONNECT signature (`(req, socket, head)`, no `request.stream`) the same event receives under `allowHTTP1`. Refusals are HTTP statuses (405 plain-CONNECT byte-parity — the compat default is just `:status`+`date`; 501 unclaimed; 404 unregistered path), not `close(NGHTTP2_REFUSED_STREAM)`: measured client-side, the RST shape yields an opaque stream error with no loggable status and carries retry semantics. With the flag off, nghttp2 rejects extended CONNECT before any app event — default-off deployments are byte-identical. (2) `lib/ws-framing`: dependency-free RFC 6455 codec (UTF-8 via core `buffer.isUtf8`; maxPayload enforced from the DECLARED frame length before buffering; close-code table mirrors the ws predicate). Write-own was chosen after measuring that ws's `exports` map blocks deep-requiring its internals and that conforming vendoring is whole-tarball-only — which would ship a second copy of a package that is already a framework dependency. The maturity gap is covered by a differential oracle in the tests: ws's root export exposes `Receiver`/`Sender` publicly, so frames are cross-checked in both directions and both parsers must refuse unmasked client frames. (3) `lib/ws-session` + `app.onWebSocket(path, handler)`: `onInitialize`'s `app` IS the raw engine server, so the registration API needs zero routing-layer changes; the dispatcher installs lazily (zero registrations keep the 501-unclaimed refusal); handler exceptions are contained (1011 close, never an uncaughtException); sessions register a closer in the SIGTERM drain registry so shutdown sends `1001 going away` instead of blocking the drain — and since the WS shutdown-drain fix (2026-06-11) the pre-existing engine.io and `/_gina/agent` WS sockets register there too (engine.io with a graceful `socket.close()` — its API takes no status code; the agent WS with `ws.close(1001, 'server shutting down')`), each closer added at socket setup and removed in the socket's own close handler, so no live socket surface blocks SIGTERM until the hard timeout anymore. A routing.json-declared WS surface was measured and deferred: the route matcher's allowed-methods list and exact-method gate sit on the hot path and reject CONNECT, and controller dispatch is render-lifecycle-only — every streaming endpoint bypasses routing, and so does this one. Established 2026-06-11.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "gina",
3
- "version": "0.4.6",
3
+ "version": "0.4.7",
4
4
  "description": "Node.js MVC framework with built-in HTTP/2, multi-bundle architecture, and scope-based data isolation — no Express dependency",
5
5
  "keywords": [
6
6
  "nodejs",
@@ -72,7 +72,7 @@
72
72
  "gina-container": "bin/gina-container",
73
73
  "gina-init": "bin/gina-init"
74
74
  },
75
- "main": "./framework/v0.4.6/core/gna",
75
+ "main": "./framework/v0.4.7/core/gna",
76
76
  "types": "./types/index.d.ts",
77
77
  "typesVersions": {
78
78
  "*": {
@@ -20,8 +20,10 @@ module.exports = defineConfig({
20
20
  trace: 'on-first-retry'
21
21
  },
22
22
  // Starts the runtime harness (test/e2e/runtime-server.js) that serves the REAL
23
- // built gina bundle for popin-dialog.runtime.spec.js. The framework-free
24
- // popin-dialog.a11y.spec.js drives file:// fixtures and ignores it.
23
+ // built gina bundle for popin-dialog.runtime.spec.js, plus the framework-free
24
+ // a11y fixture at /a11y its stylesheet link resolves through the server's
25
+ // /css route, which derives framework/v<version> from package.json so the
26
+ // per-release framework-dir rename can't break it.
25
27
  webServer: {
26
28
  command: 'node test/e2e/runtime-server.js',
27
29
  url: 'http://localhost:' + E2E_PORT + '/',
@@ -1 +0,0 @@
1
- 0.4.6
File without changes
File without changes
File without changes