npm - gorsee - Versions diffs - 0.1.0 - Mend

gorsee 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (98) hide show

package/LICENSE +21 -0
package/README.md +139 -0
package/package.json +69 -0
package/src/auth/index.ts +147 -0
package/src/build/client.ts +121 -0
package/src/build/css-modules.ts +69 -0
package/src/build/devalue-parse.ts +2 -0
package/src/build/rpc-transform.ts +62 -0
package/src/build/server-strip.ts +87 -0
package/src/build/ssg.ts +100 -0
package/src/cli/bun-plugin.ts +37 -0
package/src/cli/cmd-build.ts +182 -0
package/src/cli/cmd-check.ts +225 -0
package/src/cli/cmd-create.ts +313 -0
package/src/cli/cmd-dev.ts +13 -0
package/src/cli/cmd-generate.ts +147 -0
package/src/cli/cmd-migrate.ts +45 -0
package/src/cli/cmd-routes.ts +29 -0
package/src/cli/cmd-start.ts +21 -0
package/src/cli/cmd-typegen.ts +83 -0
package/src/cli/framework-md.ts +196 -0
package/src/cli/index.ts +84 -0
package/src/db/index.ts +2 -0
package/src/db/migrate.ts +89 -0
package/src/db/sqlite.ts +40 -0
package/src/deploy/dockerfile.ts +38 -0
package/src/dev/error-overlay.ts +54 -0
package/src/dev/hmr.ts +31 -0
package/src/dev/partial-handler.ts +109 -0
package/src/dev/request-handler.ts +158 -0
package/src/dev/watcher.ts +48 -0
package/src/dev.ts +273 -0
package/src/env/index.ts +74 -0
package/src/errors/catalog.ts +48 -0
package/src/errors/formatter.ts +63 -0
package/src/errors/index.ts +2 -0
package/src/i18n/index.ts +72 -0
package/src/index.ts +27 -0
package/src/jsx-runtime-client.ts +13 -0
package/src/jsx-runtime.ts +20 -0
package/src/jsx-types-html.ts +242 -0
package/src/log/index.ts +44 -0
package/src/prod.ts +310 -0
package/src/reactive/computed.ts +7 -0
package/src/reactive/effect.ts +7 -0
package/src/reactive/index.ts +7 -0
package/src/reactive/live.ts +97 -0
package/src/reactive/optimistic.ts +83 -0
package/src/reactive/resource.ts +138 -0
package/src/reactive/signal.ts +20 -0
package/src/reactive/store.ts +36 -0
package/src/router/index.ts +2 -0
package/src/router/matcher.ts +53 -0
package/src/router/scanner.ts +206 -0
package/src/runtime/client.ts +28 -0
package/src/runtime/error-boundary.ts +35 -0
package/src/runtime/event-replay.ts +50 -0
package/src/runtime/form.ts +49 -0
package/src/runtime/head.ts +113 -0
package/src/runtime/html-escape.ts +30 -0
package/src/runtime/hydration.ts +95 -0
package/src/runtime/image.ts +48 -0
package/src/runtime/index.ts +12 -0
package/src/runtime/island-hydrator.ts +84 -0
package/src/runtime/island.ts +88 -0
package/src/runtime/jsx-runtime.ts +167 -0
package/src/runtime/link.ts +45 -0
package/src/runtime/router.ts +224 -0
package/src/runtime/server.ts +102 -0
package/src/runtime/stream.ts +182 -0
package/src/runtime/suspense.ts +37 -0
package/src/runtime/typed-routes.ts +26 -0
package/src/runtime/validated-form.ts +106 -0
package/src/security/cors.ts +80 -0
package/src/security/csrf.ts +85 -0
package/src/security/headers.ts +50 -0
package/src/security/index.ts +4 -0
package/src/security/rate-limit.ts +80 -0
package/src/server/action.ts +48 -0
package/src/server/cache.ts +102 -0
package/src/server/compress.ts +60 -0
package/src/server/etag.ts +23 -0
package/src/server/guard.ts +69 -0
package/src/server/index.ts +19 -0
package/src/server/middleware.ts +143 -0
package/src/server/mime.ts +48 -0
package/src/server/pipe.ts +46 -0
package/src/server/rpc-hash.ts +17 -0
package/src/server/rpc.ts +125 -0
package/src/server/sse.ts +96 -0
package/src/server/ws.ts +56 -0
package/src/testing/index.ts +74 -0
package/src/types/index.ts +4 -0
package/src/types/safe-html.ts +32 -0
package/src/types/safe-sql.ts +28 -0
package/src/types/safe-url.ts +40 -0
package/src/types/user-input.ts +12 -0
package/src/unsafe/index.ts +18 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Oleg Gorsky
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,139 @@
+# Gorsee.js
+Full-stack TypeScript framework with features no one else has.
+## Quick Start
+```bash
+bunx gorsee create my-app
+cd my-app
+bun install
+bun run dev
+```
+Open [http://localhost:3000](http://localhost:3000).
+## Why Gorsee.js?
+| Feature | Gorsee.js | Next.js | Nuxt | SvelteKit |
+|---------|:---------:|:-------:|:----:|:---------:|
+| Islands (partial hydration) | ✅ | ❌ | ❌ | ❌ |
+| Reactive WebSocket signals | ✅ | ❌ | ❌ | ❌ |
+| Optimistic mutations + rollback | ✅ | ❌ | ❌ | ❌ |
+| Server-Sent Events (reactive) | ✅ | manual | manual | manual |
+| Route-level cache (SWR) | ✅ | ISR only | partial | ❌ |
+| Built-in auth (HMAC sessions) | ✅ | manual | manual | manual |
+| Guards (declarative ACL) | ✅ | manual | partial | ❌ |
+| Middleware pipe/compose | ✅ | ❌ | ❌ | ❌ |
+| Validated forms (client+server) | ✅ | ❌ | ❌ | ❌ |
+| Type-safe routes (generated) | ✅ | experimental | partial | ❌ |
+| Branded types (SafeSQL/HTML/URL) | ✅ | ❌ | ❌ | ❌ |
+**Zero-cost architecture** — every feature is a separate module. Don't use it? It's not in your bundle. Base client bundle: ~2-3 KB per route.
+## Features
+### Islands — partial hydration
+```tsx
+import { island, createSignal } from "gorsee"
+// Only THIS component gets JavaScript. Rest of the page = zero JS.
+export default island(function LikeButton({ postId }) {
+  const [count, setCount] = createSignal(0)
+  return <button on:click={() => setCount(c => c + 1)}>Like {count()}</button>
+})
+```
+### Reactive WebSocket
+```tsx
+import { createLive } from "gorsee"
+function StockPrice() {
+  const { value: price, connected } = createLive({
+    url: "wss://api.example.com/btc",
+    initialValue: 0,
+    reconnect: true,  // auto-reconnect with exponential backoff
+  })
+  return <span>{connected() ? price() : "..."}</span>
+}
+```
+### Optimistic Mutations
+```tsx
+import { createSignal, createMutation } from "gorsee"
+const [todos, setTodos] = createSignal(["Buy milk"])
+const addTodo = createMutation({
+  mutationFn: async (text) => fetch("/api/todos", { method: "POST", body: text }),
+})
+// UI updates instantly. Rolls back automatically on server error.
+await addTodo.optimistic(todos, setTodos, (list, text) => [...list, text], "New todo")
+```
+### Built-in Auth
+```tsx
+import { createAuth } from "gorsee/auth"
+const auth = createAuth({ secret: process.env.SESSION_SECRET })
+// In middleware:
+export default auth.middleware      // parses session
+export default auth.requireAuth    // redirects to /login if not authenticated
+```
+### File-Based Routing
+```
+routes/
+  index.tsx           → /
+  about.tsx           → /about
+  users/[id].tsx      → /users/:id
+  blog/[...slug].tsx  → /blog/*
+  (admin)/
+    dashboard.tsx     → /dashboard  (group — no /admin prefix)
+  _layout.tsx         → wraps all pages
+  _middleware.ts      → runs before all routes
+  _error.tsx          → error boundary
+  _loading.tsx        → loading state
+  404.tsx             → custom 404
+```
+### Middleware Pipe
+```tsx
+import { pipe, forPaths, forMethods } from "gorsee/server"
+import { cors } from "gorsee/security"
+export default pipe(
+  forPaths(["/api"], cors({ origin: "https://app.com" })),
+  forMethods(["POST"], rateLimit(100, "1m")),
+  auth.middleware,
+)
+```
+## CLI Commands
+| Command | Description |
+|---------|-------------|
+| `gorsee create <name>` | Scaffold new project |
+| `gorsee dev` | Dev server with HMR |
+| `gorsee build` | Production build |
+| `gorsee start` | Production server |
+| `gorsee check` | Type check + safety audit |
+| `gorsee routes` | Show route table |
+| `gorsee generate <entity>` | CRUD scaffold |
+| `gorsee typegen` | Generate typed routes |
+| `gorsee migrate` | Run DB migrations |
+## Requirements
+- [Bun](https://bun.sh) >= 1.0
+## License
+MIT

package/package.json ADDED Viewed

@@ -0,0 +1,69 @@
+{
+  "name": "gorsee",
+  "version": "0.1.0",
+  "description": "Full-stack TypeScript framework — islands, reactive WebSocket, optimistic mutations, built-in auth, type-safe routes",
+  "type": "module",
+  "license": "MIT",
+  "author": "Oleg Gorsky",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/AYKGorsee/gorsee-js"
+  },
+  "homepage": "https://github.com/AYKGorsee/gorsee-js#readme",
+  "keywords": [
+    "framework",
+    "typescript",
+    "fullstack",
+    "ssr",
+    "islands",
+    "reactive",
+    "bun",
+    "jsx",
+    "web-framework"
+  ],
+  "bin": {
+    "gorsee": "./src/cli/index.ts"
+  },
+  "exports": {
+    ".": "./src/index.ts",
+    "./reactive": "./src/reactive/index.ts",
+    "./server": "./src/server/index.ts",
+    "./types": "./src/types/index.ts",
+    "./db": "./src/db/index.ts",
+    "./router": "./src/router/index.ts",
+    "./log": "./src/log/index.ts",
+    "./unsafe": "./src/unsafe/index.ts",
+    "./runtime": "./src/runtime/index.ts",
+    "./security": "./src/security/index.ts",
+    "./jsx-runtime": "./src/jsx-runtime.ts",
+    "./jsx-dev-runtime": "./src/jsx-runtime.ts",
+    "./testing": "./src/testing/index.ts",
+    "./i18n": "./src/i18n/index.ts",
+    "./env": "./src/env/index.ts",
+    "./auth": "./src/auth/index.ts",
+    "./routes": "./src/runtime/typed-routes.ts",
+    "./cli/cmd-create": "./src/cli/cmd-create.ts"
+  },
+  "files": [
+    "src/",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "test": "bun test",
+    "check": "tsc --noEmit",
+    "dev": "bun run src/dev.ts",
+    "prepublishOnly": "bun run check"
+  },
+  "engines": {
+    "bun": ">=1.0.0"
+  },
+  "dependencies": {
+    "alien-signals": "^3.1.0",
+    "devalue": "^5.1.1"
+  },
+  "devDependencies": {
+    "@types/bun": "latest",
+    "typescript": "^5.7.0"
+  }
+}

package/src/auth/index.ts ADDED Viewed

@@ -0,0 +1,147 @@
+// Built-in session-based auth with HMAC-signed cookies
+import type { Context, MiddlewareFn } from "../server/middleware.ts"
+export interface AuthConfig {
+  secret: string
+  cookieName?: string
+  maxAge?: number
+  loginPath?: string
+}
+export interface Session {
+  id: string
+  userId: string
+  data: Record<string, unknown>
+  expiresAt: number
+}
+const sessions = new Map<string, Session>()
+let cachedKey: CryptoKey | null = null
+let cachedSecret = ""
+async function getSigningKey(secret: string): Promise<CryptoKey> {
+  if (cachedKey && cachedSecret === secret) return cachedKey
+  const enc = new TextEncoder()
+  cachedKey = await crypto.subtle.importKey(
+    "raw",
+    enc.encode(secret),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign", "verify"],
+  )
+  cachedSecret = secret
+  return cachedKey
+}
+async function sign(value: string, secret: string): Promise<string> {
+  const key = await getSigningKey(secret)
+  const enc = new TextEncoder()
+  const signature = await crypto.subtle.sign("HMAC", key, enc.encode(value))
+  const sigHex = Array.from(new Uint8Array(signature))
+    .map((b) => b.toString(16).padStart(2, "0"))
+    .join("")
+  return `${value}.${sigHex}`
+}
+async function verify(
+  signed: string,
+  secret: string,
+): Promise<string | null> {
+  const dotIndex = signed.lastIndexOf(".")
+  if (dotIndex === -1) return null
+  const value = signed.slice(0, dotIndex)
+  const expected = await sign(value, secret)
+  // Constant-time-ish comparison via re-signing
+  if (expected === signed) return value
+  return null
+}
+function pruneExpired(): void {
+  const now = Date.now()
+  for (const [id, session] of sessions) {
+    if (session.expiresAt <= now) sessions.delete(id)
+  }
+}
+function resolveConfig(config: AuthConfig) {
+  return {
+    secret: config.secret,
+    cookieName: config.cookieName ?? "gorsee_session",
+    maxAge: config.maxAge ?? 86400,
+    loginPath: config.loginPath ?? "/login",
+  }
+}
+export function createAuth(config: AuthConfig): {
+  middleware: MiddlewareFn
+  requireAuth: MiddlewareFn
+  login: (ctx: Context, userId: string, data?: Record<string, unknown>) => Promise<void>
+  logout: (ctx: Context) => void
+  getSession: (ctx: Context) => Session | null
+} {
+  const cfg = resolveConfig(config)
+  const middleware: MiddlewareFn = async (ctx, next) => {
+    const cookie = ctx.cookies.get(cfg.cookieName)
+    if (cookie) {
+      const sessionId = await verify(cookie, cfg.secret)
+      if (sessionId) {
+        const session = sessions.get(sessionId)
+        if (session && session.expiresAt > Date.now()) {
+          ctx.locals.session = session
+        } else if (session) {
+          sessions.delete(sessionId)
+        }
+      }
+    }
+    return next()
+  }
+  const requireAuth: MiddlewareFn = async (ctx, next) => {
+    if (!ctx.locals.session) {
+      return ctx.redirect(cfg.loginPath)
+    }
+    return next()
+  }
+  async function login(
+    ctx: Context,
+    userId: string,
+    data: Record<string, unknown> = {},
+  ): Promise<void> {
+    pruneExpired()
+    const id = crypto.randomUUID()
+    const session: Session = {
+      id,
+      userId,
+      data,
+      expiresAt: Date.now() + cfg.maxAge * 1000,
+    }
+    sessions.set(id, session)
+    ctx.locals.session = session
+    const signed = await sign(id, cfg.secret)
+    ctx.setCookie(cfg.cookieName, signed, {
+      maxAge: cfg.maxAge,
+      httpOnly: true,
+      sameSite: "Lax",
+      path: "/",
+    })
+  }
+  function logout(ctx: Context): void {
+    const session = ctx.locals.session as Session | undefined
+    if (session) {
+      sessions.delete(session.id)
+      ctx.locals.session = undefined
+    }
+    ctx.deleteCookie(cfg.cookieName)
+  }
+  function getSession(ctx: Context): Session | null {
+    return (ctx.locals.session as Session) ?? null
+  }
+  return { middleware, requireAuth, login, logout, getSession }
+}

package/src/build/client.ts ADDED Viewed

@@ -0,0 +1,121 @@
+// Client bundle builder -- uses Bun.build() to create browser-ready JS per route
+import { join, resolve, relative } from "node:path"
+import { mkdir, rm } from "node:fs/promises"
+import { serverStripPlugin } from "./server-strip.ts"
+import { cssModulesPlugin, getCollectedCSS, resetCollectedCSS } from "./css-modules.ts"
+import type { Route } from "../router/scanner.ts"
+const FRAMEWORK_ROOT = resolve(import.meta.dir, "..")
+const CLIENT_JSX_RUNTIME = resolve(FRAMEWORK_ROOT, "jsx-runtime-client.ts")
+const GORSEE_CLIENT_RESOLVE: Record<string, string> = {
+  "gorsee": resolve(FRAMEWORK_ROOT, "index.ts"),
+  "gorsee/reactive": resolve(FRAMEWORK_ROOT, "reactive/index.ts"),
+  "gorsee/types": resolve(FRAMEWORK_ROOT, "types/index.ts"),
+  "gorsee/runtime": resolve(FRAMEWORK_ROOT, "runtime/index.ts"),
+  "gorsee/unsafe": resolve(FRAMEWORK_ROOT, "unsafe/index.ts"),
+  "gorsee/jsx-runtime": CLIENT_JSX_RUNTIME,
+  "gorsee/jsx-dev-runtime": CLIENT_JSX_RUNTIME,
+}
+function routeToEntryName(route: Route, cwd: string): string {
+  const rel = relative(join(cwd, "routes"), route.filePath)
+  return rel.replace(/\.(tsx?|jsx?)$/, "").replace(/[\[\]]/g, "_")
+}
+function generateEntryCode(routeFile: string, hydrateImport: string, routerImport: string): string {
+  return `
+import Component from "${routeFile}";
+import { hydrate } from "${hydrateImport}";
+import { initRouter } from "${routerImport}";
+var container = document.getElementById("app");
+var dataEl = document.getElementById("__GORSEE_DATA__");
+var data = dataEl ? JSON.parse(dataEl.textContent) : {};
+var params = window.__GORSEE_PARAMS__ || {};
+hydrate(function() { return Component({ data: data, params: params }); }, container);
+initRouter();
+`
+}
+export interface BuildResult {
+  entryMap: Map<string, string>  // routePath → client JS path (relative to outdir)
+  cssModules?: string  // collected CSS from .module.css files
+}
+export interface BuildOptions {
+  minify?: boolean
+  sourcemap?: boolean
+}
+export async function buildClientBundles(
+  routes: Route[],
+  cwd: string,
+  options?: BuildOptions,
+): Promise<BuildResult> {
+  const outDir = join(cwd, ".gorsee", "client")
+  await rm(outDir, { recursive: true, force: true })
+  await mkdir(outDir, { recursive: true })
+  const entryDir = join(cwd, ".gorsee", "entries")
+  await rm(entryDir, { recursive: true, force: true })
+  await mkdir(entryDir, { recursive: true })
+  const entryMap = new Map<string, string>()
+  const pageRoutes = routes.filter((r) => !r.filePath.includes("/api/"))
+  if (pageRoutes.length === 0) return { entryMap }
+  resetCollectedCSS()
+  const entrypoints: string[] = []
+  for (const route of pageRoutes) {
+    const name = routeToEntryName(route, cwd)
+    const entryPath = join(entryDir, `${name}.ts`)
+    const clientModule = resolve(FRAMEWORK_ROOT, "runtime/client.ts")
+    const routerModule = resolve(FRAMEWORK_ROOT, "runtime/router.ts")
+    const code = generateEntryCode(route.filePath, clientModule, routerModule)
+    await Bun.write(entryPath, code)
+    entrypoints.push(entryPath)
+    entryMap.set(route.path, `${name}.js`)
+  }
+  const result = await Bun.build({
+    entrypoints,
+    outdir: outDir,
+    target: "browser",
+    format: "esm",
+    minify: options?.minify ?? false,
+    sourcemap: options?.sourcemap ? "external" : "none",
+    splitting: true,
+    plugins: [
+      {
+        name: "gorsee-client-resolve",
+        setup(build) {
+          build.onResolve({ filter: /^gorsee(\/.*)?$/ }, (args) => {
+            const mapped = GORSEE_CLIENT_RESOLVE[args.path]
+            if (mapped) return { path: mapped }
+            return undefined
+          })
+        },
+      },
+      serverStripPlugin,
+      cssModulesPlugin,
+    ],
+  })
+  if (!result.success) {
+    for (const log of result.logs) {
+      console.error("[build]", log.message)
+    }
+    throw new Error("Client build failed")
+  }
+  // Write collected CSS modules output
+  const cssModules = getCollectedCSS()
+  if (cssModules) {
+    await Bun.write(join(outDir, "modules.css"), cssModules)
+  }
+  return { entryMap, cssModules }
+}

package/src/build/css-modules.ts ADDED Viewed

@@ -0,0 +1,69 @@
+// CSS Modules plugin for Bun.build
+// Transforms .module.css imports to scoped class names
+// Input:  import styles from "./button.module.css"
+// Output: styles = { container: "button_container_a1b2c" }
+import type { BunPlugin } from "bun"
+import { createHash } from "node:crypto"
+import { readFile } from "node:fs/promises"
+import { basename, join, dirname } from "node:path"
+function hashClassName(filePath: string, className: string): string {
+  const hash = createHash("md5")
+    .update(filePath + className)
+    .digest("hex")
+    .slice(0, 5)
+  const base = basename(filePath, ".module.css")
+  return `${base}_${className}_${hash}`
+}
+function transformCSS(filePath: string, source: string): { css: string; classMap: Record<string, string> } {
+  const classMap: Record<string, string> = {}
+  const css = source.replace(/\.([a-zA-Z_][\w-]*)/g, (match, className) => {
+    // Don't transform pseudo-classes and pseudo-elements
+    if (match.startsWith("::") || match.startsWith(":.")) return match
+    const scoped = hashClassName(filePath, className)
+    classMap[className] = scoped
+    return `.${scoped}`
+  })
+  return { css, classMap }
+}
+// Collected CSS from all modules (used during build)
+const collectedCSS: string[] = []
+export function getCollectedCSS(): string {
+  return collectedCSS.join("\n")
+}
+export function resetCollectedCSS(): void {
+  collectedCSS.length = 0
+}
+export const cssModulesPlugin: BunPlugin = {
+  name: "gorsee-css-modules",
+  setup(build) {
+    build.onResolve({ filter: /\.module\.css$/ }, (args) => ({
+      path: join(dirname(args.importer), args.path),
+      namespace: "css-module",
+    }))
+    build.onLoad({ filter: /.*/, namespace: "css-module" }, async (args) => {
+      const source = await readFile(args.path, "utf-8")
+      const { css, classMap } = transformCSS(args.path, source)
+      collectedCSS.push(css)
+      const exports = Object.entries(classMap)
+        .map(([k, v]) => `  "${k}": "${v}"`)
+        .join(",\n")
+      return {
+        contents: `export default {\n${exports}\n};`,
+        loader: "js",
+      }
+    })
+  },
+}

package/src/build/devalue-parse.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ // Re-export devalue.parse for client bundles (tree-shakeable)
2	+ export { parse } from "devalue"

package/src/build/rpc-transform.ts ADDED Viewed

@@ -0,0 +1,62 @@
+// RPC transform plugin for client bundles
+// Replaces server() calls with fetch-based RPC stubs
+// server(async (args) => { ... }) → async (args) => fetch("/_rpc/hash", ...)
+import { hashRPC } from "../server/rpc-hash.ts"
+const DEVALUE_PARSE_MODULE = new URL("./devalue-parse.ts", import.meta.url).pathname
+// Strip TypeScript type annotations from function args: "count: number, name: string" → "count, name"
+function stripTypeAnnotations(args: string): string {
+  return args.split(",").map((arg) => {
+    const trimmed = arg.trim()
+    // Handle destructuring, rest params, defaults — just strip ": Type" suffix
+    return trimmed.replace(/\s*:\s*[^,=]+$/, "").replace(/\s*:\s*[^,=]+(?=\s*=)/, "")
+  }).join(", ")
+}
+export function transformServerCalls(source: string, filePath: string): string {
+  // Match server( followed by async/function — not inside strings
+  const matches = [...source.matchAll(/\bserver\s*\(\s*(?=async\s|function\s)/g)]
+  if (matches.length === 0) return source
+  // Process in reverse order to preserve indices
+  let result = source
+  for (let i = matches.length - 1; i >= 0; i--) {
+    const match = matches[i]!
+    const start = match.index!
+    const id = hashRPC(filePath, i)
+    // Find the matching closing paren for server(...)
+    let depth = 0
+    let end = start
+    for (let j = start; j < source.length; j++) {
+      if (source[j] === "(") depth++
+      else if (source[j] === ")") {
+        depth--
+        if (depth === 0) { end = j + 1; break }
+      }
+    }
+    const inner = source.slice(start + match[0].length, end - 1)
+    const argsMatch = inner.match(/^(async\s+)?(?:\(([^)]*)\)|(\w+))\s*=>/)
+    const rawArgs = argsMatch ? (argsMatch[2] ?? argsMatch[3] ?? "") : ""
+    const args = rawArgs ? stripTypeAnnotations(rawArgs) : "...args"
+    const stub = `(async (${args}) => {
+  const res = await fetch("/api/_rpc/${id}", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify([${args}])
+  });
+  if (!res.ok) throw new Error("RPC failed: " + res.status);
+  return __gorseeDevalParse(await res.text());
+})`
+    result = result.slice(0, start) + stub + result.slice(end)
+  }
+  // Add devalue parse import at top
+  return `import { parse as __gorseeDevalParse } from "${DEVALUE_PARSE_MODULE}";\n` + result
+}