gorsee 0.1.0

package/src/build/server-strip.ts

@@ -0,0 +1,87 @@
+// Bun.build plugin: strips server-only code from client bundles
+// - Removes export function loader() and its body
+// - Replaces server-only modules (gorsee/db) with empty stubs
+
+import type { BunPlugin } from "bun"
+import { transformServerCalls } from "./rpc-transform.ts"
+
+const SERVER_ONLY_MODULES = ["gorsee/db", "gorsee/log"]
+
+// Modules that need a lightweight client stub instead of full server code
+const SERVER_STUB_MODULES: Record<string, string> = {
+  "gorsee/server": `export function server(fn) { return fn; }
+export function middleware(fn) { return fn; }`,
+}
+
+// Regex to strip `export async function loader` or `export function loader`
+// Handles multi-line function bodies by counting braces
+function stripLoader(source: string): string {
+  const loaderRe = /export\s+(async\s+)?function\s+loader\s*\([^)]*\)\s*(\{)/g
+  const match = loaderRe.exec(source)
+  if (!match) return source
+
+  const start = match.index
+  let braces = 1
+  let i = loaderRe.lastIndex
+
+  while (i < source.length && braces > 0) {
+    if (source[i] === "{") braces++
+    else if (source[i] === "}") braces--
+    i++
+  }
+
+  return source.slice(0, start) + source.slice(i)
+}
+
+// Pre-compiled regexes for import stripping
+const SERVER_IMPORT_REGEXES = SERVER_ONLY_MODULES.map(
+  (mod) => new RegExp(`import\\s+.*?from\\s+["']${mod.replace("/", "\\/")}["'];?\\n?`, "g")
+)
+
+function stripUnusedServerImports(source: string): string {
+  for (const re of SERVER_IMPORT_REGEXES) {
+    re.lastIndex = 0
+    source = source.replace(re, "")
+  }
+  return source
+}
+
+export const serverStripPlugin: BunPlugin = {
+  name: "gorsee-server-strip",
+  setup(build) {
+    // Replace server-only modules with empty exports
+    for (const mod of SERVER_ONLY_MODULES) {
+      build.onResolve({ filter: new RegExp(`^${mod.replace("/", "\\/")}$`) }, () => ({
+        path: mod,
+        namespace: "gorsee-empty",
+      }))
+    }
+
+    build.onLoad({ filter: /.*/, namespace: "gorsee-empty" }, () => ({
+      contents: "export default {}",
+      loader: "js",
+    }))
+
+    // Replace server modules with lightweight client stubs
+    for (const mod of Object.keys(SERVER_STUB_MODULES)) {
+      build.onResolve({ filter: new RegExp(`^${mod.replace("/", "\\/")}$`) }, () => ({
+        path: mod,
+        namespace: "gorsee-stub",
+      }))
+    }
+
+    build.onLoad({ filter: /.*/, namespace: "gorsee-stub" }, (args) => ({
+      contents: SERVER_STUB_MODULES[args.path] ?? "export default {}",
+      loader: "js",
+    }))
+
+    // Strip loader + transform RPC calls in route files
+    build.onLoad({ filter: /routes\/.*\.tsx?$/ }, async (args) => {
+      let source = await Bun.file(args.path).text()
+      source = stripLoader(source)
+      source = stripUnusedServerImports(source)
+      source = transformServerCalls(source, args.path)
+      return { contents: source, loader: args.path.endsWith(".tsx") ? "tsx" : "ts" }
+    })
+  },
+}

package/src/build/ssg.ts

@@ -0,0 +1,100 @@
+// Static Site Generation -- pre-renders pages at build time
+// Routes with `export const prerender = true` are rendered to static HTML
+
+import { createRouter } from "../router/scanner.ts"
+import { renderToString, ssrJsx } from "../runtime/server.ts"
+import { createContext } from "../server/middleware.ts"
+import { resetServerHead, getServerHead } from "../runtime/head.ts"
+import { join } from "node:path"
+import { mkdir, writeFile } from "node:fs/promises"
+
+export interface SSGResult {
+  pages: Map<string, string>  // path → HTML content
+  errors: string[]
+}
+
+interface SSGOptions {
+  routesDir: string
+  outDir: string
+  wrapHTML: (body: string, opts?: Record<string, unknown>) => string
+}
+
+export async function generateStaticPages(options: SSGOptions): Promise<SSGResult> {
+  const { routesDir, outDir, wrapHTML } = options
+  const routes = await createRouter(routesDir)
+  const pages = new Map<string, string>()
+  const errors: string[] = []
+
+  for (const route of routes) {
+    if (route.isDynamic) continue
+
+    try {
+      const mod = await import(route.filePath)
+
+      // Skip routes that don't opt-in to prerendering
+      if (!mod.prerender) continue
+
+      const component = mod.default as Function | undefined
+      if (typeof component !== "function") continue
+
+      // Parallel loading: import layout modules + run page loader
+      const fakeRequest = new Request(`http://localhost${route.path}`)
+      const ctx = createContext(fakeRequest, {})
+      const layoutPaths = route.layoutPaths ?? []
+      const layoutImportPromises = layoutPaths.map((lp) => import(lp))
+      const pageLoaderPromise = typeof mod.loader === "function" ? mod.loader(ctx) : undefined
+
+      const [layoutMods, loaderData] = await Promise.all([
+        Promise.all(layoutImportPromises),
+        pageLoaderPromise,
+      ])
+
+      // Run layout loaders in parallel
+      const layoutLoaderPromises = layoutMods.map((lm) =>
+        typeof lm.loader === "function" ? lm.loader(ctx) : undefined,
+      )
+      const layoutLoaderResults = await Promise.all(layoutLoaderPromises)
+
+      // Nested layout wrapping: outermost first, innermost wraps page
+      let pageComponent: Function = component
+      for (let i = layoutMods.length - 1; i >= 0; i--) {
+        const Layout = layoutMods[i]!.default
+        if (typeof Layout === "function") {
+          const inner = pageComponent
+          const layoutData = layoutLoaderResults[i]
+          pageComponent = (props: Record<string, unknown>) =>
+            Layout({ ...props, data: layoutData, children: inner(props) })
+        }
+      }
+
+      // Render
+      resetServerHead()
+      const pageProps = { params: {}, ctx, data: loaderData }
+      const vnode = ssrJsx(pageComponent as any, pageProps)
+      const body = renderToString(vnode)
+      const headElements = getServerHead()
+
+      // Extract title
+      let title: string | undefined
+      for (const el of headElements) {
+        const m = el.match(/<title>(.+?)<\/title>/)
+        if (m) { title = m[1]; break }
+      }
+
+      const html = wrapHTML(body, { title, loaderData, headElements })
+
+      // Write file
+      const outPath = route.path === "/"
+        ? join(outDir, "index.html")
+        : join(outDir, route.path, "index.html")
+      await mkdir(join(outPath, ".."), { recursive: true })
+      await writeFile(outPath, html)
+
+      pages.set(route.path, outPath)
+    } catch (err) {
+      errors.push(`${route.path}: ${err instanceof Error ? err.message : String(err)}`)
+    }
+  }
+
+  return { pages, errors }
+}

package/src/cli/bun-plugin.ts

@@ -0,0 +1,37 @@
+// Bun plugin that resolves "gorsee/*" imports to framework source
+// and transforms JSX in route files to use our runtime
+
+import { plugin } from "bun"
+import { resolve } from "node:path"
+
+// Framework root — where gorsee source lives
+const FRAMEWORK_ROOT = resolve(import.meta.dir, "..")
+
+const EXPORT_MAP: Record<string, string> = {
+  "gorsee": resolve(FRAMEWORK_ROOT, "index.ts"),
+  "gorsee/reactive": resolve(FRAMEWORK_ROOT, "reactive/index.ts"),
+  "gorsee/server": resolve(FRAMEWORK_ROOT, "server/index.ts"),
+  "gorsee/types": resolve(FRAMEWORK_ROOT, "types/index.ts"),
+  "gorsee/db": resolve(FRAMEWORK_ROOT, "db/index.ts"),
+  "gorsee/router": resolve(FRAMEWORK_ROOT, "router/index.ts"),
+  "gorsee/log": resolve(FRAMEWORK_ROOT, "log/index.ts"),
+  "gorsee/unsafe": resolve(FRAMEWORK_ROOT, "unsafe/index.ts"),
+  "gorsee/runtime": resolve(FRAMEWORK_ROOT, "runtime/index.ts"),
+  "gorsee/security": resolve(FRAMEWORK_ROOT, "security/index.ts"),
+  "gorsee/jsx-runtime": resolve(FRAMEWORK_ROOT, "jsx-runtime.ts"),
+  "gorsee/jsx-dev-runtime": resolve(FRAMEWORK_ROOT, "jsx-runtime.ts"),
+}
+
+plugin({
+  name: "gorsee-resolve",
+  setup(build) {
+    // Resolve gorsee/* imports
+    build.onResolve({ filter: /^gorsee(\/.*)?$/ }, (args) => {
+      const mapped = EXPORT_MAP[args.path]
+      if (mapped) {
+        return { path: mapped }
+      }
+      return undefined
+    })
+  },
+})

package/src/cli/cmd-build.ts

@@ -0,0 +1,182 @@
+// gorsee build -- production build
+// Bundles client JS, minifies, generates asset hashes
+
+import { join } from "node:path"
+import { mkdir, rm, writeFile, readdir, stat, watch } from "node:fs/promises"
+import { createRouter } from "../router/scanner.ts"
+import { buildClientBundles } from "../build/client.ts"
+import { generateStaticPages } from "../build/ssg.ts"
+import { createHash } from "node:crypto"
+
+interface BuildManifest {
+  routes: Record<string, { js?: string; hasLoader: boolean; prerendered?: boolean }>
+  chunks: string[]
+  prerendered: string[]
+  buildTime: string
+}
+
+async function hashFile(path: string): Promise<string> {
+  const content = await Bun.file(path).arrayBuffer()
+  return createHash("sha256").update(new Uint8Array(content)).digest("hex").slice(0, 8)
+}
+
+async function getAllFiles(dir: string): Promise<string[]> {
+  const files: string[] = []
+  try {
+    const entries = await readdir(dir, { withFileTypes: true })
+    for (const entry of entries) {
+      const full = join(dir, entry.name)
+      if (entry.isDirectory()) {
+        files.push(...await getAllFiles(full))
+      } else {
+        files.push(full)
+      }
+    }
+  } catch {}
+  return files
+}
+
+export async function runBuild(_args: string[]) {
+  if (_args.includes("--watch")) {
+    return runBuildWatch()
+  }
+  const cwd = process.cwd()
+  const startTime = performance.now()
+  console.log("\n  Gorsee Build\n")
+
+  const distDir = join(cwd, "dist")
+  await rm(distDir, { recursive: true, force: true })
+  await mkdir(join(distDir, "client"), { recursive: true })
+  await mkdir(join(distDir, "server"), { recursive: true })
+
+  // 1. Scan routes
+  const routesDir = join(cwd, "routes")
+  const routes = await createRouter(routesDir)
+  console.log(`  [1/5] Found ${routes.length} route(s)`)
+
+  // 2. Build client bundles (minified)
+  const build = await buildClientBundles(routes, cwd, { minify: true, sourcemap: true })
+  console.log(`  [2/5] Client bundles built (${build.entryMap.size} entries)`)
+
+  // 3. Hash and copy client files to dist
+  const clientSrc = join(cwd, ".gorsee", "client")
+  const clientFiles = await getAllFiles(clientSrc)
+  const hashMap = new Map<string, string>()
+
+  for (const file of clientFiles) {
+    const rel = file.slice(clientSrc.length + 1)
+    const hash = await hashFile(file)
+    const ext = rel.lastIndexOf(".")
+    const hashed = ext > 0 ? `${rel.slice(0, ext)}.${hash}${rel.slice(ext)}` : `${rel}.${hash}`
+    const dest = join(distDir, "client", hashed)
+    await mkdir(join(dest, ".."), { recursive: true })
+    await Bun.write(dest, Bun.file(file))
+    hashMap.set(rel, hashed)
+  }
+  console.log(`  [3/5] Assets hashed (${hashMap.size} files)`)
+
+  // 4. Generate manifest
+  const manifest: BuildManifest = {
+    routes: {},
+    chunks: [],
+    prerendered: [],
+    buildTime: new Date().toISOString(),
+  }
+
+  for (const route of routes) {
+    const jsRel = build.entryMap.get(route.path)
+    manifest.routes[route.path] = {
+      js: jsRel ? hashMap.get(jsRel) : undefined,
+      hasLoader: false, // will be detected at runtime
+    }
+  }
+
+  for (const [, hashed] of hashMap) {
+    if (hashed.includes("chunk-")) manifest.chunks.push(hashed)
+  }
+
+  await writeFile(join(distDir, "manifest.json"), JSON.stringify(manifest, null, 2))
+  console.log(`  [4/5] Manifest generated`)
+
+  // 5. Static Site Generation (prerender pages with `export const prerender = true`)
+  const ssgResult = await generateStaticPages({
+    routesDir,
+    outDir: join(distDir, "static"),
+    wrapHTML: (body, opts: Record<string, unknown> = {}) => {
+      const title = (opts.title as string) ?? "Gorsee App"
+      const headElements = (opts.headElements as string[]) ?? []
+      return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>${title}</title>
+  <link rel="stylesheet" href="/styles.css" />
+${headElements.join("\n")}
+</head>
+<body>
+  <div id="app">${body}</div>
+</body>
+</html>`
+    },
+  })
+  for (const path of ssgResult.pages.keys()) {
+    manifest.prerendered.push(path)
+    if (manifest.routes[path]) manifest.routes[path]!.prerendered = true
+  }
+  if (ssgResult.pages.size > 0) {
+    await writeFile(join(distDir, "manifest.json"), JSON.stringify(manifest, null, 2))
+  }
+  if (ssgResult.errors.length > 0) {
+    for (const err of ssgResult.errors) console.error(`  SSG error: ${err}`)
+  }
+  console.log(`  [5/5] SSG: ${ssgResult.pages.size} page(s) pre-rendered`)
+
+  // Stats
+  let totalSize = 0
+  for (const file of await getAllFiles(join(distDir, "client"))) {
+    const s = await stat(file)
+    totalSize += s.size
+  }
+
+  const elapsed = ((performance.now() - startTime) / 1000).toFixed(2)
+  console.log()
+  console.log(`  Output: dist/`)
+  console.log(`  Client size: ${(totalSize / 1024).toFixed(1)} KB`)
+  console.log(`  Built in ${elapsed}s`)
+  console.log()
+}
+
+async function runBuildWatch() {
+  const cwd = process.cwd()
+  const routesDir = join(cwd, "routes")
+
+  console.log("\n  Gorsee Build --watch\n")
+  console.log("  Performing initial build...")
+  await runBuild([])
+
+  let building = false
+  let queued = false
+
+  async function rebuild() {
+    if (building) { queued = true; return }
+    building = true
+    try {
+      const start = performance.now()
+      await runBuild([])
+      const ms = (performance.now() - start).toFixed(0)
+      console.log(`  Rebuilt in ${ms}ms`)
+    } catch (err) {
+      console.error("  Build error:", err)
+    } finally {
+      building = false
+      if (queued) { queued = false; await rebuild() }
+    }
+  }
+
+  console.log("  Watching for changes...")
+  const watcher = watch(routesDir, { recursive: true })
+  for await (const _event of watcher) {
+    await rebuild()
+  }
+}

package/src/cli/cmd-check.ts

@@ -0,0 +1,225 @@
+// gorsee check -- validate project structure, types, and safety
+
+import { join, relative } from "node:path"
+import { readdir, stat, readFile } from "node:fs/promises"
+import { createRouter } from "../router/scanner.ts"
+
+interface CheckResult {
+  errors: CheckIssue[]
+  warnings: CheckIssue[]
+  info: string[]
+}
+
+interface CheckIssue {
+  code: string
+  file: string
+  line?: number
+  message: string
+  fix?: string
+}
+
+const MAX_FILE_LINES = 500
+
+async function getAllTsFiles(dir: string): Promise<string[]> {
+  const files: string[] = []
+  let entries: string[]
+  try {
+    entries = await readdir(dir)
+  } catch {
+    return files
+  }
+
+  for (const entry of entries) {
+    if (entry === "node_modules" || entry === "dist" || entry === ".git") continue
+    const fullPath = join(dir, entry)
+    const s = await stat(fullPath)
+    if (s.isDirectory()) {
+      files.push(...(await getAllTsFiles(fullPath)))
+    } else if (entry.endsWith(".ts") || entry.endsWith(".tsx")) {
+      files.push(fullPath)
+    }
+  }
+  return files
+}
+
+async function checkFileSize(file: string, cwd: string): Promise<CheckIssue[]> {
+  const issues: CheckIssue[] = []
+  const content = await readFile(file, "utf-8")
+  const lines = content.split("\n").length
+  const rel = relative(cwd, file)
+
+  if (lines > MAX_FILE_LINES) {
+    issues.push({
+      code: "E901",
+      file: rel,
+      message: `File has ${lines} lines (limit: ${MAX_FILE_LINES}). Must split before merge.`,
+      fix: "Extract logic into focused modules by responsibility",
+    })
+  } else if (lines > 300) {
+    issues.push({
+      code: "W901",
+      file: rel,
+      message: `File has ${lines} lines (warning threshold: 300). Plan to split.`,
+      fix: "Consider extracting into separate modules",
+    })
+  }
+
+  return issues
+}
+
+async function checkUnsafePatterns(file: string, cwd: string): Promise<CheckIssue[]> {
+  const issues: CheckIssue[] = []
+  const content = await readFile(file, "utf-8")
+  const lines = content.split("\n")
+  const rel = relative(cwd, file)
+
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i]!
+    const lineNum = i + 1
+
+    // Check for string concatenation in SQL-like contexts
+    if (line.match(/db\.(get|all|run)\s*\(\s*`/) && !line.includes("SafeSQL")) {
+      issues.push({
+        code: "E001",
+        file: rel,
+        line: lineNum,
+        message: "Raw template literal in database query (SQL injection risk)",
+        fix: "Use SafeSQL`...` tagged template: db.get(SafeSQL`SELECT ...`)",
+      })
+    }
+
+    // Check for string concat in db calls
+    if (line.match(/db\.(get|all|run)\s*\(\s*["']/) || line.match(/db\.(get|all|run)\s*\([^S]*\+/)) {
+      issues.push({
+        code: "E001",
+        file: rel,
+        line: lineNum,
+        message: "String concatenation in database query (SQL injection risk)",
+        fix: "Use SafeSQL`...` tagged template with parameterized values",
+      })
+    }
+
+    // Check for innerHTML usage
+    if (line.includes(".innerHTML") && !line.includes("unsafeHTML")) {
+      issues.push({
+        code: "E002",
+        file: rel,
+        line: lineNum,
+        message: "Direct innerHTML assignment (XSS risk)",
+        fix: "Use SafeHTML`...` or sanitize() from gorsee/types",
+      })
+    }
+  }
+
+  return issues
+}
+
+async function checkProjectStructure(cwd: string): Promise<CheckIssue[]> {
+  const issues: CheckIssue[] = []
+
+  // Check routes/ exists
+  try {
+    await stat(join(cwd, "routes"))
+  } catch {
+    issues.push({
+      code: "E902",
+      file: ".",
+      message: "Missing routes/ directory",
+      fix: "Create routes/ directory with at least routes/index.ts",
+    })
+  }
+
+  // Check app.config.ts exists
+  try {
+    await stat(join(cwd, "app.config.ts"))
+  } catch {
+    issues.push({
+      code: "W902",
+      file: ".",
+      message: "Missing app.config.ts",
+      fix: "Create app.config.ts with project configuration",
+    })
+  }
+
+  return issues
+}
+
+export async function runCheck(_args: string[]) {
+  const cwd = process.cwd()
+  console.log("\n  Gorsee Check\n")
+
+  const result: CheckResult = { errors: [], warnings: [], info: [] }
+
+  // 1. Project structure
+  const structIssues = await checkProjectStructure(cwd)
+  for (const issue of structIssues) {
+    if (issue.code.startsWith("E")) result.errors.push(issue)
+    else result.warnings.push(issue)
+  }
+
+  // 2. Routes
+  try {
+    const routes = await createRouter(join(cwd, "routes"))
+    result.info.push(`Found ${routes.length} route(s)`)
+  } catch {
+    result.info.push("Could not scan routes")
+  }
+
+  // 3. File checks
+  const files = await getAllTsFiles(join(cwd, "routes"))
+  files.push(...(await getAllTsFiles(join(cwd, "shared"))))
+  files.push(...(await getAllTsFiles(join(cwd, "middleware"))))
+
+  for (const file of files) {
+    const sizeIssues = await checkFileSize(file, cwd)
+    const safetyIssues = await checkUnsafePatterns(file, cwd)
+    for (const issue of [...sizeIssues, ...safetyIssues]) {
+      if (issue.code.startsWith("E")) result.errors.push(issue)
+      else result.warnings.push(issue)
+    }
+  }
+
+  // 4. TypeScript check
+  console.log("  Running TypeScript check...")
+  const tsc = Bun.spawn(["bun", "x", "tsc", "--noEmit"], {
+    cwd,
+    stdout: "pipe",
+    stderr: "pipe",
+  })
+  const tscExit = await tsc.exited
+  if (tscExit !== 0) {
+    const stderr = await new Response(tsc.stderr).text()
+    result.errors.push({
+      code: "TSC",
+      file: ".",
+      message: `TypeScript errors:\n${stderr.trim()}`,
+    })
+  } else {
+    result.info.push("TypeScript: no errors")
+  }
+
+  // Report
+  for (const info of result.info) {
+    console.log(`  [info] ${info}`)
+  }
+  for (const warn of result.warnings) {
+    const loc = warn.line ? `${warn.file}:${warn.line}` : warn.file
+    console.log(`  [warn] ${warn.code} ${loc}: ${warn.message}`)
+    if (warn.fix) console.log(`         Fix: ${warn.fix}`)
+  }
+  for (const err of result.errors) {
+    const loc = err.line ? `${err.file}:${err.line}` : err.file
+    console.log(`  [ERROR] ${err.code} ${loc}: ${err.message}`)
+    if (err.fix) console.log(`          Fix: ${err.fix}`)
+  }
+
+  console.log()
+  if (result.errors.length === 0) {
+    console.log(`  Result: PASS (${result.warnings.length} warning(s))`)
+  } else {
+    console.log(`  Result: FAIL (${result.errors.length} error(s), ${result.warnings.length} warning(s))`)
+  }
+  console.log()
+
+  process.exit(result.errors.length > 0 ? 1 : 0)
+}