npm - gorsee - Versions diffs - 0.2.3 → 0.2.5 - Mend

gorsee 0.2.3 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (532) hide show

package/README.md +261 -213
package/dist-pkg/ai/artifact-lifecycle.d.ts +25 -0
package/dist-pkg/ai/artifact-lifecycle.js +98 -0
package/dist-pkg/ai/bridge.d.ts +26 -0
package/dist-pkg/ai/bridge.js +82 -0
package/dist-pkg/ai/bundle.d.ts +46 -0
package/dist-pkg/ai/bundle.js +247 -0
package/dist-pkg/ai/contracts.d.ts +1 -0
package/dist-pkg/ai/contracts.js +1 -0
package/dist-pkg/ai/ide.d.ts +37 -0
package/dist-pkg/ai/ide.js +56 -0
package/dist-pkg/ai/index.d.ts +85 -0
package/dist-pkg/ai/index.js +267 -0
package/dist-pkg/ai/json.d.ts +6 -0
package/dist-pkg/ai/json.js +14 -0
package/dist-pkg/ai/mcp.d.ts +28 -0
package/dist-pkg/ai/mcp.js +152 -0
package/dist-pkg/ai/session-pack.d.ts +28 -0
package/dist-pkg/ai/session-pack.js +57 -0
package/dist-pkg/ai/store.d.ts +67 -0
package/dist-pkg/ai/store.js +174 -0
package/dist-pkg/ai/summary.d.ts +57 -0
package/dist-pkg/ai/summary.js +148 -0
package/dist-pkg/ai/watch.d.ts +15 -0
package/dist-pkg/ai/watch.js +66 -0
package/dist-pkg/auth/action-tokens.d.ts +50 -0
package/dist-pkg/auth/action-tokens.js +79 -0
package/dist-pkg/auth/index.d.ts +70 -0
package/dist-pkg/auth/index.js +199 -0
package/dist-pkg/auth/redis-session-store.d.ts +7 -0
package/dist-pkg/auth/redis-session-store.js +42 -0
package/dist-pkg/auth/signing.d.ts +4 -0
package/dist-pkg/auth/signing.js +33 -0
package/dist-pkg/auth/sqlite-session-store.d.ts +12 -0
package/dist-pkg/auth/sqlite-session-store.js +83 -0
package/dist-pkg/auth/store-utils.d.ts +2 -0
package/dist-pkg/auth/store-utils.js +20 -0
package/dist-pkg/bin/gorsee.js +2 -0
package/dist-pkg/build/backends/experimental-rolldown.d.ts +6 -0
package/dist-pkg/build/backends/experimental-rolldown.js +9 -0
package/dist-pkg/build/backends/register.d.ts +7 -0
package/dist-pkg/build/backends/register.js +24 -0
package/dist-pkg/build/backends/rolldown.d.ts +16 -0
package/dist-pkg/build/backends/rolldown.js +176 -0
package/dist-pkg/build/client-backend.d.ts +31 -0
package/dist-pkg/build/client-backend.js +97 -0
package/dist-pkg/build/client.d.ts +12 -0
package/dist-pkg/build/client.js +93 -0
package/dist-pkg/build/css-modules.d.ts +10 -0
package/dist-pkg/build/css-modules.js +51 -0
package/dist-pkg/build/devalue-parse.d.ts +1 -0
package/dist-pkg/build/devalue-parse.js +1 -0
package/dist-pkg/build/diagnostics.d.ts +20 -0
package/dist-pkg/build/diagnostics.js +35 -0
package/dist-pkg/build/fixtures.d.ts +7 -0
package/dist-pkg/build/fixtures.js +60 -0
package/dist-pkg/build/framework-imports.d.ts +4 -0
package/dist-pkg/build/framework-imports.js +58 -0
package/dist-pkg/build/init.d.ts +1 -0
package/dist-pkg/build/init.js +6 -0
package/dist-pkg/build/manifest.d.ts +3 -0
package/dist-pkg/build/manifest.js +23 -0
package/dist-pkg/build/parity.d.ts +32 -0
package/dist-pkg/build/parity.js +71 -0
package/dist-pkg/build/plugin.d.ts +11 -0
package/dist-pkg/build/plugin.js +8 -0
package/dist-pkg/build/readiness.d.ts +11 -0
package/dist-pkg/build/readiness.js +18 -0
package/dist-pkg/build/route-client-transform.d.ts +17 -0
package/dist-pkg/build/route-client-transform.js +48 -0
package/dist-pkg/build/route-metadata.d.ts +6 -0
package/dist-pkg/build/route-metadata.js +8 -0
package/dist-pkg/build/rpc-transform.d.ts +1 -0
package/dist-pkg/build/rpc-transform.js +44 -0
package/dist-pkg/build/server-bundle.d.ts +4 -0
package/dist-pkg/build/server-bundle.js +261 -0
package/dist-pkg/build/server-strip.d.ts +2 -0
package/dist-pkg/build/server-strip.js +32 -0
package/dist-pkg/build/ssg.d.ts +12 -0
package/dist-pkg/build/ssg.js +36 -0
package/dist-pkg/cli/bun-plugin.d.ts +2 -0
package/dist-pkg/cli/bun-plugin.js +14 -0
package/dist-pkg/cli/canonical-import-rewrite.d.ts +18 -0
package/dist-pkg/cli/canonical-import-rewrite.js +94 -0
package/dist-pkg/cli/canonical-imports.d.ts +8 -0
package/dist-pkg/cli/canonical-imports.js +131 -0
package/dist-pkg/cli/check-ast.d.ts +20 -0
package/dist-pkg/cli/check-ast.js +126 -0
package/dist-pkg/cli/cmd-ai.d.ts +4 -0
package/dist-pkg/cli/cmd-ai.js +290 -0
package/dist-pkg/cli/cmd-build.d.ts +12 -0
package/dist-pkg/cli/cmd-build.js +198 -0
package/dist-pkg/cli/cmd-check.d.ts +25 -0
package/dist-pkg/cli/cmd-check.js +573 -0
package/dist-pkg/cli/cmd-create.d.ts +6 -0
package/dist-pkg/cli/cmd-create.js +600 -0
package/dist-pkg/cli/cmd-deploy.d.ts +6 -0
package/dist-pkg/cli/cmd-deploy.js +381 -0
package/dist-pkg/cli/cmd-dev.d.ts +5 -0
package/dist-pkg/cli/cmd-dev.js +5 -0
package/dist-pkg/cli/cmd-docs.d.ts +50 -0
package/dist-pkg/cli/cmd-docs.js +122 -0
package/dist-pkg/cli/cmd-generate.d.ts +12 -0
package/dist-pkg/cli/cmd-generate.js +320 -0
package/dist-pkg/cli/cmd-migrate.d.ts +7 -0
package/dist-pkg/cli/cmd-migrate.js +42 -0
package/dist-pkg/cli/cmd-routes.d.ts +6 -0
package/dist-pkg/cli/cmd-routes.js +24 -0
package/dist-pkg/cli/cmd-start.d.ts +13 -0
package/dist-pkg/cli/cmd-start.js +32 -0
package/dist-pkg/cli/cmd-test.d.ts +20 -0
package/dist-pkg/cli/cmd-test.js +103 -0
package/dist-pkg/cli/cmd-typegen.d.ts +7 -0
package/dist-pkg/cli/cmd-typegen.js +66 -0
package/dist-pkg/cli/cmd-upgrade.d.ts +38 -0
package/dist-pkg/cli/cmd-upgrade.js +232 -0
package/dist-pkg/cli/context.d.ts +4 -0
package/dist-pkg/cli/context.js +4 -0
package/dist-pkg/cli/framework-md.d.ts +1 -0
package/dist-pkg/cli/framework-md.js +391 -0
package/dist-pkg/cli/index.d.ts +6 -0
package/dist-pkg/cli/index.js +106 -0
package/dist-pkg/cli/release-version.d.ts +2 -0
package/dist-pkg/cli/release-version.js +33 -0
package/dist-pkg/client.d.ts +16 -0
package/dist-pkg/client.js +71 -0
package/dist-pkg/compat.d.ts +1 -0
package/dist-pkg/compat.js +1 -0
package/dist-pkg/compiler/analysis-backend.d.ts +20 -0
package/dist-pkg/compiler/analysis-backend.js +164 -0
package/dist-pkg/compiler/backends/experimental-oxc.d.ts +6 -0
package/dist-pkg/compiler/backends/experimental-oxc.js +9 -0
package/dist-pkg/compiler/backends/oxc.d.ts +16 -0
package/dist-pkg/compiler/backends/oxc.js +198 -0
package/dist-pkg/compiler/backends/register.d.ts +7 -0
package/dist-pkg/compiler/backends/register.js +22 -0
package/dist-pkg/compiler/fixtures.d.ts +2 -0
package/dist-pkg/compiler/fixtures.js +118 -0
package/dist-pkg/compiler/init.d.ts +1 -0
package/dist-pkg/compiler/init.js +6 -0
package/dist-pkg/compiler/module-analysis.d.ts +13 -0
package/dist-pkg/compiler/module-analysis.js +50 -0
package/dist-pkg/compiler/parity.d.ts +35 -0
package/dist-pkg/compiler/parity.js +89 -0
package/dist-pkg/compiler/readiness.d.ts +11 -0
package/dist-pkg/compiler/readiness.js +18 -0
package/dist-pkg/compiler/route-facts.d.ts +34 -0
package/dist-pkg/compiler/route-facts.js +75 -0
package/dist-pkg/content/index.d.ts +27 -0
package/dist-pkg/content/index.js +287 -0
package/dist-pkg/db/index.d.ts +3 -0
package/dist-pkg/db/index.js +6 -0
package/dist-pkg/db/migrate.d.ts +7 -0
package/dist-pkg/db/migrate.js +53 -0
package/dist-pkg/db/postgres.d.ts +29 -0
package/dist-pkg/db/postgres.js +59 -0
package/dist-pkg/db/sqlite.d.ts +10 -0
package/dist-pkg/db/sqlite.js +22 -0
package/dist-pkg/deploy/cloudflare.d.ts +8 -0
package/{src/deploy/cloudflare.ts → dist-pkg/deploy/cloudflare.js} +24 -26
package/dist-pkg/deploy/conformance.d.ts +21 -0
package/dist-pkg/deploy/conformance.js +98 -0
package/dist-pkg/deploy/dockerfile.d.ts +3 -0
package/{src/deploy/dockerfile.ts → dist-pkg/deploy/dockerfile.js} +8 -10
package/dist-pkg/deploy/fly.d.ts +3 -0
package/{src/deploy/fly.ts → dist-pkg/deploy/fly.js} +11 -12
package/dist-pkg/deploy/index.d.ts +6 -0
package/dist-pkg/deploy/index.js +26 -0
package/dist-pkg/deploy/netlify.d.ts +2 -0
package/{src/deploy/netlify.ts → dist-pkg/deploy/netlify.js} +17 -11
package/dist-pkg/deploy/runtime.d.ts +2 -0
package/dist-pkg/deploy/runtime.js +3 -0
package/dist-pkg/deploy/vercel.d.ts +22 -0
package/dist-pkg/deploy/vercel.js +53 -0
package/dist-pkg/dev/error-overlay.d.ts +1 -0
package/{src/dev/error-overlay.ts → dist-pkg/dev/error-overlay.js} +13 -23
package/dist-pkg/dev/hmr.d.ts +30 -0
package/dist-pkg/dev/hmr.js +86 -0
package/dist-pkg/dev/partial-handler.d.ts +9 -0
package/dist-pkg/dev/partial-handler.js +24 -0
package/dist-pkg/dev/request-handler.d.ts +30 -0
package/dist-pkg/dev/request-handler.js +67 -0
package/dist-pkg/dev/watcher.d.ts +6 -0
package/dist-pkg/dev/watcher.js +34 -0
package/dist-pkg/dev.d.ts +11 -0
package/dist-pkg/dev.js +268 -0
package/dist-pkg/env/index.d.ts +3 -0
package/dist-pkg/env/index.js +57 -0
package/dist-pkg/errors/catalog.d.ts +9 -0
package/{src/errors/catalog.ts → dist-pkg/errors/catalog.js} +8 -24
package/dist-pkg/errors/formatter.d.ts +22 -0
package/dist-pkg/errors/formatter.js +43 -0
package/dist-pkg/errors/index.d.ts +2 -0
package/dist-pkg/errors/index.js +2 -0
package/dist-pkg/forms/action.d.ts +15 -0
package/dist-pkg/forms/action.js +20 -0
package/dist-pkg/forms/index.d.ts +4 -0
package/dist-pkg/forms/index.js +12 -0
package/dist-pkg/i18n/index.d.ts +61 -0
package/dist-pkg/i18n/index.js +147 -0
package/dist-pkg/index-client.d.ts +1 -0
package/dist-pkg/index-client.js +1 -0
package/dist-pkg/index.d.ts +32 -0
package/dist-pkg/index.js +79 -0
package/dist-pkg/jsx-runtime-client.d.ts +8 -0
package/dist-pkg/jsx-runtime-client.js +1 -0
package/dist-pkg/jsx-runtime.d.ts +13 -0
package/dist-pkg/jsx-runtime.js +5 -0
package/dist-pkg/jsx-types-html.d.ts +221 -0
package/dist-pkg/jsx-types-html.js +0 -0
package/dist-pkg/log/index.d.ts +8 -0
package/dist-pkg/log/index.js +55 -0
package/dist-pkg/plugins/drizzle.d.ts +16 -0
package/dist-pkg/plugins/drizzle.js +50 -0
package/dist-pkg/plugins/index.d.ts +62 -0
package/dist-pkg/plugins/index.js +147 -0
package/dist-pkg/plugins/lucia.d.ts +26 -0
package/dist-pkg/plugins/lucia.js +63 -0
package/dist-pkg/plugins/prisma.d.ts +14 -0
package/dist-pkg/plugins/prisma.js +57 -0
package/dist-pkg/plugins/resend.d.ts +21 -0
package/dist-pkg/plugins/resend.js +45 -0
package/dist-pkg/plugins/s3.d.ts +18 -0
package/dist-pkg/plugins/s3.js +63 -0
package/dist-pkg/plugins/stripe.d.ts +32 -0
package/dist-pkg/plugins/stripe.js +69 -0
package/dist-pkg/plugins/tailwind.d.ts +15 -0
package/dist-pkg/plugins/tailwind.js +58 -0
package/dist-pkg/prod.d.ts +21 -0
package/dist-pkg/prod.js +347 -0
package/dist-pkg/reactive/computed.d.ts +3 -0
package/dist-pkg/reactive/computed.js +15 -0
package/dist-pkg/reactive/data.d.ts +25 -0
package/dist-pkg/reactive/data.js +56 -0
package/dist-pkg/reactive/diagnostics.d.ts +100 -0
package/dist-pkg/reactive/diagnostics.js +363 -0
package/dist-pkg/reactive/effect.d.ts +3 -0
package/dist-pkg/reactive/effect.js +6 -0
package/dist-pkg/reactive/index.d.ts +9 -0
package/dist-pkg/reactive/index.js +18 -0
package/dist-pkg/reactive/live.d.ts +15 -0
package/dist-pkg/reactive/live.js +58 -0
package/dist-pkg/reactive/optimistic.d.ts +20 -0
package/dist-pkg/reactive/optimistic.js +54 -0
package/dist-pkg/reactive/resource.d.ts +25 -0
package/dist-pkg/reactive/resource.js +97 -0
package/dist-pkg/reactive/signal.d.ts +4 -0
package/dist-pkg/reactive/signal.js +17 -0
package/dist-pkg/reactive/store.d.ts +6 -0
package/dist-pkg/reactive/store.js +19 -0
package/dist-pkg/router/index.d.ts +2 -0
package/dist-pkg/router/index.js +2 -0
package/dist-pkg/router/matcher.d.ts +7 -0
package/dist-pkg/router/matcher.js +40 -0
package/dist-pkg/router/scanner.d.ts +14 -0
package/dist-pkg/router/scanner.js +141 -0
package/dist-pkg/routes/index.d.ts +1 -0
package/dist-pkg/routes/index.js +10 -0
package/dist-pkg/runtime/app-config.d.ts +26 -0
package/dist-pkg/runtime/app-config.js +69 -0
package/dist-pkg/runtime/client.d.ts +3 -0
package/dist-pkg/runtime/client.js +31 -0
package/dist-pkg/runtime/devtools.d.ts +64 -0
package/dist-pkg/runtime/devtools.js +132 -0
package/dist-pkg/runtime/error-boundary.d.ts +6 -0
package/dist-pkg/runtime/error-boundary.js +17 -0
package/dist-pkg/runtime/event-replay.d.ts +3 -0
package/{src/runtime/event-replay.ts → dist-pkg/runtime/event-replay.js} +7 -22
package/dist-pkg/runtime/event-source.d.ts +7 -0
package/dist-pkg/runtime/event-source.js +24 -0
package/dist-pkg/runtime/form.d.ts +24 -0
package/dist-pkg/runtime/form.js +59 -0
package/dist-pkg/runtime/head.d.ts +7 -0
package/dist-pkg/runtime/head.js +90 -0
package/dist-pkg/runtime/html-escape.d.ts +7 -0
package/dist-pkg/runtime/html-escape.js +39 -0
package/dist-pkg/runtime/hydration.d.ts +15 -0
package/dist-pkg/runtime/hydration.js +103 -0
package/dist-pkg/runtime/image.d.ts +49 -0
package/dist-pkg/runtime/image.js +144 -0
package/dist-pkg/runtime/index.d.ts +17 -0
package/dist-pkg/runtime/index.js +59 -0
package/dist-pkg/runtime/island-hydrator.d.ts +12 -0
package/dist-pkg/runtime/island-hydrator.js +49 -0
package/dist-pkg/runtime/island.d.ts +19 -0
package/dist-pkg/runtime/island.js +36 -0
package/dist-pkg/runtime/jsx-runtime.d.ts +12 -0
package/dist-pkg/runtime/jsx-runtime.js +173 -0
package/dist-pkg/runtime/link.d.ts +16 -0
package/dist-pkg/runtime/link.js +47 -0
package/dist-pkg/runtime/project.d.ts +37 -0
package/dist-pkg/runtime/project.js +36 -0
package/dist-pkg/runtime/renderable.d.ts +6 -0
package/dist-pkg/runtime/renderable.js +0 -0
package/dist-pkg/runtime/router.d.ts +47 -0
package/dist-pkg/runtime/router.js +476 -0
package/dist-pkg/runtime/server.d.ts +8 -0
package/dist-pkg/runtime/server.js +71 -0
package/dist-pkg/runtime/stream.d.ts +29 -0
package/dist-pkg/runtime/stream.js +106 -0
package/dist-pkg/runtime/suspense.d.ts +6 -0
package/dist-pkg/runtime/suspense.js +16 -0
package/dist-pkg/runtime/typed-routes.d.ts +24 -0
package/dist-pkg/runtime/typed-routes.js +77 -0
package/dist-pkg/runtime/validated-form.d.ts +40 -0
package/dist-pkg/runtime/validated-form.js +120 -0
package/dist-pkg/security/cors.d.ts +10 -0
package/dist-pkg/security/cors.js +56 -0
package/dist-pkg/security/csrf.d.ts +9 -0
package/dist-pkg/security/csrf.js +53 -0
package/dist-pkg/security/headers.d.ts +11 -0
package/dist-pkg/security/headers.js +31 -0
package/dist-pkg/security/index.d.ts +5 -0
package/dist-pkg/security/index.js +5 -0
package/dist-pkg/security/rate-limit.d.ts +10 -0
package/dist-pkg/security/rate-limit.js +49 -0
package/dist-pkg/security/redis-rate-limit.d.ts +14 -0
package/dist-pkg/security/redis-rate-limit.js +23 -0
package/dist-pkg/server/action.d.ts +21 -0
package/dist-pkg/server/action.js +64 -0
package/dist-pkg/server/cache-utils.d.ts +2 -0
package/dist-pkg/server/cache-utils.js +26 -0
package/dist-pkg/server/cache.d.ts +33 -0
package/dist-pkg/server/cache.js +236 -0
package/dist-pkg/server/compress.d.ts +2 -0
package/dist-pkg/server/compress.js +49 -0
package/dist-pkg/server/endpoint-execution.d.ts +28 -0
package/dist-pkg/server/endpoint-execution.js +37 -0
package/dist-pkg/server/etag.d.ts +3 -0
package/dist-pkg/server/etag.js +18 -0
package/dist-pkg/server/guard.d.ts +16 -0
package/dist-pkg/server/guard.js +45 -0
package/dist-pkg/server/html-shell.d.ts +12 -0
package/dist-pkg/server/html-shell.js +52 -0
package/dist-pkg/server/index.d.ts +36 -0
package/dist-pkg/server/index.js +170 -0
package/dist-pkg/server/jobs.d.ts +41 -0
package/dist-pkg/server/jobs.js +81 -0
package/dist-pkg/server/manifest.d.ts +19 -0
package/dist-pkg/server/manifest.js +36 -0
package/dist-pkg/server/middleware.d.ts +39 -0
package/dist-pkg/server/middleware.js +122 -0
package/dist-pkg/server/mime.d.ts +1 -0
package/{src/server/mime.ts → dist-pkg/server/mime.js} +6 -17
package/dist-pkg/server/not-found.d.ts +6 -0
package/dist-pkg/server/not-found.js +24 -0
package/dist-pkg/server/page-render.d.ts +29 -0
package/dist-pkg/server/page-render.js +67 -0
package/dist-pkg/server/partial-navigation.d.ts +4 -0
package/dist-pkg/server/partial-navigation.js +16 -0
package/dist-pkg/server/pipe.d.ts +9 -0
package/dist-pkg/server/pipe.js +32 -0
package/dist-pkg/server/redis-cache-store.d.ts +10 -0
package/dist-pkg/server/redis-cache-store.js +73 -0
package/dist-pkg/server/redis-client.d.ts +37 -0
package/dist-pkg/server/redis-client.js +37 -0
package/dist-pkg/server/request-policy.d.ts +55 -0
package/dist-pkg/server/request-policy.js +216 -0
package/dist-pkg/server/request-preflight.d.ts +23 -0
package/dist-pkg/server/request-preflight.js +45 -0
package/dist-pkg/server/request-security-policy.d.ts +17 -0
package/dist-pkg/server/request-security-policy.js +34 -0
package/dist-pkg/server/request-surface.d.ts +8 -0
package/dist-pkg/server/request-surface.js +19 -0
package/dist-pkg/server/route-request.d.ts +31 -0
package/dist-pkg/server/route-request.js +112 -0
package/dist-pkg/server/route-response.d.ts +22 -0
package/dist-pkg/server/route-response.js +58 -0
package/dist-pkg/server/rpc-hash.d.ts +2 -0
package/dist-pkg/server/rpc-hash.js +7 -0
package/dist-pkg/server/rpc-protocol.d.ts +22 -0
package/dist-pkg/server/rpc-protocol.js +28 -0
package/dist-pkg/server/rpc-utils.d.ts +2 -0
package/dist-pkg/server/rpc-utils.js +26 -0
package/dist-pkg/server/rpc.d.ts +20 -0
package/dist-pkg/server/rpc.js +147 -0
package/dist-pkg/server/runtime-dispatch.d.ts +19 -0
package/dist-pkg/server/runtime-dispatch.js +67 -0
package/dist-pkg/server/server-execution.d.ts +22 -0
package/dist-pkg/server/server-execution.js +53 -0
package/dist-pkg/server/sqlite-cache-store.d.ts +13 -0
package/dist-pkg/server/sqlite-cache-store.js +88 -0
package/dist-pkg/server/sse.d.ts +9 -0
package/dist-pkg/server/sse.js +34 -0
package/dist-pkg/server/static-file.d.ts +9 -0
package/dist-pkg/server/static-file.js +43 -0
package/dist-pkg/server/ws.d.ts +18 -0
package/dist-pkg/server/ws.js +40 -0
package/dist-pkg/server-entry.d.ts +19 -0
package/dist-pkg/server-entry.js +93 -0
package/dist-pkg/testing/index.d.ts +98 -0
package/dist-pkg/testing/index.js +254 -0
package/dist-pkg/types/index.d.ts +4 -0
package/dist-pkg/types/index.js +4 -0
package/dist-pkg/types/safe-html.d.ts +7 -0
package/dist-pkg/types/safe-html.js +19 -0
package/dist-pkg/types/safe-sql.d.ts +8 -0
package/dist-pkg/types/safe-sql.js +14 -0
package/dist-pkg/types/safe-url.d.ts +7 -0
package/dist-pkg/types/safe-url.js +20 -0
package/dist-pkg/types/user-input.d.ts +9 -0
package/dist-pkg/types/user-input.js +3 -0
package/dist-pkg/unsafe/index.d.ts +12 -0
package/dist-pkg/unsafe/index.js +6 -0
package/package.json +102 -44
package/bin/gorsee.js +0 -14
package/src/auth/index.ts +0 -178
package/src/auth/redis-session-store.ts +0 -46
package/src/auth/sqlite-session-store.ts +0 -98
package/src/auth/store-utils.ts +0 -21
package/src/build/client.ts +0 -139
package/src/build/css-modules.ts +0 -69
package/src/build/devalue-parse.ts +0 -2
package/src/build/manifest.ts +0 -34
package/src/build/route-metadata.ts +0 -12
package/src/build/rpc-transform.ts +0 -62
package/src/build/server-strip.ts +0 -87
package/src/build/ssg.ts +0 -70
package/src/cli/bun-plugin.ts +0 -58
package/src/cli/cmd-build.ts +0 -153
package/src/cli/cmd-check.ts +0 -239
package/src/cli/cmd-create.ts +0 -328
package/src/cli/cmd-deploy.ts +0 -149
package/src/cli/cmd-dev.ts +0 -13
package/src/cli/cmd-docs.ts +0 -152
package/src/cli/cmd-generate.ts +0 -155
package/src/cli/cmd-migrate.ts +0 -53
package/src/cli/cmd-routes.ts +0 -36
package/src/cli/cmd-start.ts +0 -30
package/src/cli/cmd-test.ts +0 -129
package/src/cli/cmd-typegen.ts +0 -93
package/src/cli/cmd-upgrade.ts +0 -143
package/src/cli/context.ts +0 -12
package/src/cli/framework-md.ts +0 -223
package/src/cli/index.ts +0 -107
package/src/client.ts +0 -26
package/src/db/index.ts +0 -2
package/src/db/migrate.ts +0 -89
package/src/db/sqlite.ts +0 -40
package/src/deploy/index.ts +0 -31
package/src/deploy/vercel.ts +0 -94
package/src/dev/hmr.ts +0 -31
package/src/dev/partial-handler.ts +0 -52
package/src/dev/request-handler.ts +0 -127
package/src/dev/watcher.ts +0 -48
package/src/dev.ts +0 -208
package/src/env/index.ts +0 -74
package/src/errors/formatter.ts +0 -63
package/src/errors/index.ts +0 -2
package/src/i18n/index.ts +0 -72
package/src/index-client.ts +0 -4
package/src/index.ts +0 -43
package/src/jsx-runtime-client.ts +0 -13
package/src/jsx-runtime.ts +0 -20
package/src/jsx-types-html.ts +0 -242
package/src/log/index.ts +0 -44
package/src/plugins/drizzle.ts +0 -84
package/src/plugins/index.ts +0 -86
package/src/plugins/lucia.ts +0 -111
package/src/plugins/prisma.ts +0 -85
package/src/plugins/resend.ts +0 -78
package/src/plugins/s3.ts +0 -102
package/src/plugins/stripe.ts +0 -133
package/src/plugins/tailwind.ts +0 -92
package/src/prod.ts +0 -252
package/src/reactive/computed.ts +0 -7
package/src/reactive/effect.ts +0 -7
package/src/reactive/index.ts +0 -7
package/src/reactive/live.ts +0 -97
package/src/reactive/optimistic.ts +0 -83
package/src/reactive/resource.ts +0 -138
package/src/reactive/signal.ts +0 -20
package/src/reactive/store.ts +0 -36
package/src/router/index.ts +0 -2
package/src/router/matcher.ts +0 -53
package/src/router/scanner.ts +0 -206
package/src/runtime/client.ts +0 -28
package/src/runtime/error-boundary.ts +0 -35
package/src/runtime/form.ts +0 -49
package/src/runtime/head.ts +0 -113
package/src/runtime/html-escape.ts +0 -30
package/src/runtime/hydration.ts +0 -95
package/src/runtime/image.ts +0 -48
package/src/runtime/index.ts +0 -12
package/src/runtime/island-hydrator.ts +0 -84
package/src/runtime/island.ts +0 -88
package/src/runtime/jsx-runtime.ts +0 -167
package/src/runtime/link.ts +0 -45
package/src/runtime/project.ts +0 -73
package/src/runtime/router.ts +0 -224
package/src/runtime/server.ts +0 -102
package/src/runtime/stream.ts +0 -182
package/src/runtime/suspense.ts +0 -37
package/src/runtime/typed-routes.ts +0 -26
package/src/runtime/validated-form.ts +0 -106
package/src/security/cors.ts +0 -80
package/src/security/csrf.ts +0 -85
package/src/security/headers.ts +0 -50
package/src/security/index.ts +0 -4
package/src/security/rate-limit.ts +0 -80
package/src/server/action.ts +0 -48
package/src/server/cache-utils.ts +0 -23
package/src/server/cache.ts +0 -125
package/src/server/compress.ts +0 -60
package/src/server/etag.ts +0 -23
package/src/server/guard.ts +0 -69
package/src/server/html-shell.ts +0 -69
package/src/server/index.ts +0 -57
package/src/server/manifest.ts +0 -36
package/src/server/middleware.ts +0 -159
package/src/server/not-found.ts +0 -35
package/src/server/page-render.ts +0 -123
package/src/server/pipe.ts +0 -46
package/src/server/redis-cache-store.ts +0 -87
package/src/server/redis-client.ts +0 -71
package/src/server/request-preflight.ts +0 -45
package/src/server/route-request.ts +0 -72
package/src/server/rpc-hash.ts +0 -17
package/src/server/rpc-utils.ts +0 -27
package/src/server/rpc.ts +0 -177
package/src/server/sqlite-cache-store.ts +0 -109
package/src/server/sse.ts +0 -96
package/src/server/static-file.ts +0 -63
package/src/server/ws.ts +0 -56
package/src/server-entry.ts +0 -36
package/src/testing/index.ts +0 -74
package/src/types/index.ts +0 -4
package/src/types/safe-html.ts +0 -32
package/src/types/safe-sql.ts +0 -28
package/src/types/safe-url.ts +0 -40
package/src/types/user-input.ts +0 -12
package/src/unsafe/index.ts +0 -18

package/dist-pkg/server/page-render.js ADDED Viewed

@@ -0,0 +1,67 @@
+import { resetServerHead, getServerHead } from "../runtime/head.js";
+import { renderToString, ssrJsx } from "../runtime/server.js";
+function resolvePageDataHook(mod) {
+  if (typeof mod.load === "function")
+    return mod.load;
+  if (typeof mod.loader === "function")
+    return mod.loader;
+  return;
+}
+export async function resolvePageRoute(mod, match, ctx) {
+  const component = mod.default;
+  if (typeof component !== "function")
+    return null;
+  const layoutImportPromises = (match.route.layoutPaths ?? []).map((layoutPath) => import(layoutPath)), pageLoaderPromise = resolvePageDataHook(mod)?.(ctx), [layoutMods, loaderData] = await Promise.all([
+    Promise.all(layoutImportPromises),
+    pageLoaderPromise
+  ]), layoutLoaderPromises = layoutMods.map((layoutMod) => resolvePageDataHook(layoutMod)?.(ctx)), layoutLoaderResults = await Promise.all(layoutLoaderPromises), cssFiles = [];
+  if (typeof mod.css === "string")
+    cssFiles.push(mod.css);
+  if (Array.isArray(mod.css))
+    cssFiles.push(...mod.css);
+  let pageComponent = component;
+  for (let i = layoutMods.length - 1;i >= 0; i--) {
+    const Layout = layoutMods[i].default;
+    if (typeof Layout === "function") {
+      const inner = pageComponent, layoutData = layoutLoaderResults[i];
+      pageComponent = (props) => Layout({ ...props, data: layoutData, children: () => inner(props) });
+    }
+  }
+  return {
+    component,
+    pageComponent,
+    loaderData,
+    cssFiles,
+    renderMode: mod.render ?? "async"
+  };
+}
+export function createClientScriptPath(entryFile) {
+  return entryFile ? `/_gorsee/${entryFile}` : void 0;
+}
+export function renderPageDocument(pageComponent, ctx, params, loaderData) {
+  resetServerHead();
+  const vnode = ssrJsx(pageComponent, { params, ctx, data: loaderData }), html = renderToString(vnode), headElements = getServerHead();
+  return {
+    html,
+    headElements,
+    title: extractTitle(headElements)
+  };
+}
+export function buildPartialResponsePayload(rendered, loaderData, params, cssFiles, clientScript) {
+  return {
+    html: rendered.html,
+    data: loaderData,
+    params: Object.keys(params).length > 0 ? params : void 0,
+    title: rendered.title,
+    css: cssFiles.length > 0 ? cssFiles : void 0,
+    script: clientScript
+  };
+}
+export function extractTitle(headElements) {
+  for (const element of headElements) {
+    const titleMatch = element.match(/<title>(.+?)<\/title>/);
+    if (titleMatch)
+      return titleMatch[1];
+  }
+  return;
+}

package/dist-pkg/server/partial-navigation.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export declare const PARTIAL_NAV_HEADER = "X-Gorsee-Navigate";
+export declare const PARTIAL_NAV_VALUE = "partial";
+export declare function isPartialNavigationRequest(request: Request): boolean;
+export declare function partialNavigationHeaders(extraHeaders?: Record<string, string>): Record<string, string>;

package/dist-pkg/server/partial-navigation.js ADDED Viewed

@@ -0,0 +1,16 @@
+export const PARTIAL_NAV_HEADER = "X-Gorsee-Navigate", PARTIAL_NAV_VALUE = "partial";
+export function isPartialNavigationRequest(request) {
+  if (request.method !== "GET")
+    return !1;
+  if (request.headers.get(PARTIAL_NAV_HEADER) !== PARTIAL_NAV_VALUE)
+    return !1;
+  return (request.headers.get("Accept") ?? "").includes("application/json");
+}
+export function partialNavigationHeaders(extraHeaders = {}) {
+  return {
+    "Content-Type": "application/json",
+    "Cache-Control": "no-store",
+    Vary: "Accept, X-Gorsee-Navigate",
+    ...extraHeaders
+  };
+}

package/dist-pkg/server/pipe.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { MiddlewareFn } from "./middleware.js";
+/** Compose multiple middleware into a single middleware function */
+export declare function pipe(...middlewares: MiddlewareFn[]): MiddlewareFn;
+/** Create a conditional middleware — runs inner only if predicate passes */
+export declare function when(predicate: (ctx: import("./middleware.js").Context) => boolean, middleware: MiddlewareFn): MiddlewareFn;
+/** Create a middleware that runs only for specific HTTP methods */
+export declare function forMethods(methods: string[], middleware: MiddlewareFn): MiddlewareFn;
+/** Create a middleware that runs only for specific path prefixes */
+export declare function forPaths(prefixes: string[], middleware: MiddlewareFn): MiddlewareFn;

package/dist-pkg/server/pipe.js ADDED Viewed

@@ -0,0 +1,32 @@
+export function pipe(...middlewares) {
+  if (middlewares.length === 0)
+    return async (_ctx, next) => next();
+  if (middlewares.length === 1)
+    return middlewares[0];
+  return async (ctx, next) => {
+    let index = 0;
+    const run = async () => {
+      if (index < middlewares.length) {
+        const mw = middlewares[index];
+        index++;
+        return mw(ctx, run);
+      }
+      return next();
+    };
+    return run();
+  };
+}
+export function when(predicate, middleware) {
+  return async (ctx, next) => {
+    if (predicate(ctx))
+      return middleware(ctx, next);
+    return next();
+  };
+}
+export function forMethods(methods, middleware) {
+  const methodSet = new Set(methods.map((m) => m.toUpperCase()));
+  return when((ctx) => methodSet.has(ctx.request.method), middleware);
+}
+export function forPaths(prefixes, middleware) {
+  return when((ctx) => prefixes.some((p) => ctx.url.pathname.startsWith(p)), middleware);
+}

package/dist-pkg/server/redis-cache-store.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { CacheStore } from "./cache.js";
+import { type RedisLikeClient } from "./redis-client.js";
+interface RedisCacheStoreOptions {
+    prefix?: string;
+    maxEntryAgeMs?: number;
+}
+export declare function createRedisCacheStore(client: RedisLikeClient, options?: RedisCacheStoreOptions): CacheStore & {
+    deleteExpired(): Promise<number>;
+};
+export {};

package/dist-pkg/server/redis-cache-store.js ADDED Viewed

@@ -0,0 +1,73 @@
+import {
+  buildRedisKey,
+  deleteExpiredRedisKeys,
+  stripRedisPrefix
+} from "./redis-client.js";
+import { safeJSONParse } from "../ai/json.js";
+function isExpired(entry, maxEntryAgeMs) {
+  return Date.now() - entry.createdAt > maxEntryAgeMs;
+}
+export function createRedisCacheStore(client, options = {}) {
+  const prefix = options.prefix ?? "gorsee:cache", maxEntryAgeMs = options.maxEntryAgeMs ?? 86400000;
+  return {
+    async get(key) {
+      const raw = await client.get(buildRedisKey(prefix, key));
+      if (!raw)
+        return;
+      const payload = safeJSONParse(raw);
+      if (!payload?.entry) {
+        await client.del(buildRedisKey(prefix, key));
+        return;
+      }
+      if (isExpired(payload.entry, maxEntryAgeMs)) {
+        await client.del(buildRedisKey(prefix, key));
+        return;
+      }
+      return payload.entry;
+    },
+    async set(key, entry) {
+      const redisKey = buildRedisKey(prefix, key);
+      await client.set(redisKey, JSON.stringify({ entry }));
+      if (client.expire)
+        await client.expire(redisKey, Math.max(1, Math.ceil(maxEntryAgeMs / 1000)));
+    },
+    async delete(key) {
+      await client.del(buildRedisKey(prefix, key));
+    },
+    async clear() {
+      const keys = await client.keys(`${prefix}:*`);
+      if (keys.length === 0)
+        return;
+      for (const key of keys)
+        await client.del(key);
+    },
+    async keys() {
+      const keys = await client.keys(`${prefix}:*`), visibleKeys = [];
+      for (const key of keys) {
+        const raw = await client.get(key);
+        if (!raw)
+          continue;
+        const payload = safeJSONParse(raw);
+        if (!payload?.entry) {
+          await client.del(key);
+          continue;
+        }
+        if (isExpired(payload.entry, maxEntryAgeMs)) {
+          await client.del(key);
+          continue;
+        }
+        visibleKeys.push(stripRedisPrefix(prefix, key));
+      }
+      return visibleKeys;
+    },
+    async deleteExpired() {
+      return deleteExpiredRedisKeys(client, `${prefix}:*`, Date.now(), (raw) => {
+        try {
+          return JSON.parse(raw).entry.createdAt;
+        } catch {
+          return;
+        }
+      }, maxEntryAgeMs);
+    }
+  };
+}

package/dist-pkg/server/redis-client.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+type Awaitable<T> = T | Promise<T>;
+export interface RedisLikeClient {
+    get(key: string): Awaitable<string | null>;
+    set(key: string, value: string): Awaitable<unknown>;
+    del(key: string): Awaitable<number>;
+    keys(pattern: string): Awaitable<string[]>;
+    incr?(key: string): Awaitable<number>;
+    expire?(key: string, seconds: number): Awaitable<number>;
+    pttl?(key: string): Awaitable<number>;
+    ttl?(key: string): Awaitable<number>;
+}
+export declare function buildRedisKey(prefix: string, key: string): string;
+export declare function stripRedisPrefix(prefix: string, key: string): string;
+export interface NodeRedisClientLike {
+    get(key: string): Awaitable<string | null>;
+    set(key: string, value: string): Awaitable<unknown>;
+    del(key: string): Awaitable<number>;
+    keys(pattern: string): Awaitable<string[]>;
+    incr?(key: string): Awaitable<number>;
+    expire?(key: string, seconds: number): Awaitable<number>;
+    pttl?(key: string): Awaitable<number>;
+    ttl?(key: string): Awaitable<number>;
+}
+export interface IORedisClientLike {
+    get(key: string): Awaitable<string | null>;
+    set(key: string, value: string): Awaitable<unknown>;
+    del(key: string): Awaitable<number>;
+    keys(pattern: string): Awaitable<string[]>;
+    incr?(key: string): Awaitable<number>;
+    expire?(key: string, seconds: number): Awaitable<number>;
+    pttl?(key: string): Awaitable<number>;
+    ttl?(key: string): Awaitable<number>;
+}
+export declare function createNodeRedisLikeClient(client: NodeRedisClientLike): RedisLikeClient;
+export declare function createIORedisLikeClient(client: IORedisClientLike): RedisLikeClient;
+export declare function deleteExpiredRedisKeys(client: RedisLikeClient, pattern: string, now: number, parseCreatedAt: (value: string) => number | undefined, maxEntryAgeMs: number): Promise<number>;
+export {};

package/dist-pkg/server/redis-client.js ADDED Viewed

@@ -0,0 +1,37 @@
+export function buildRedisKey(prefix, key) {
+  return `${prefix}:${key}`;
+}
+export function stripRedisPrefix(prefix, key) {
+  const expected = `${prefix}:`;
+  return key.startsWith(expected) ? key.slice(expected.length) : key;
+}
+export function createNodeRedisLikeClient(client) {
+  return {
+    get: (key) => client.get(key),
+    set: (key, value) => client.set(key, value),
+    del: (key) => client.del(key),
+    keys: (pattern) => client.keys(pattern),
+    incr: client.incr ? (key) => client.incr(key) : void 0,
+    expire: client.expire ? (key, seconds) => client.expire(key, seconds) : void 0,
+    pttl: client.pttl ? (key) => client.pttl(key) : void 0,
+    ttl: client.ttl ? (key) => client.ttl(key) : void 0
+  };
+}
+export function createIORedisLikeClient(client) {
+  return createNodeRedisLikeClient(client);
+}
+export async function deleteExpiredRedisKeys(client, pattern, now, parseCreatedAt, maxEntryAgeMs) {
+  let deleted = 0;
+  for (const key of await client.keys(pattern)) {
+    const raw = await client.get(key);
+    if (raw === null)
+      continue;
+    const createdAt = parseCreatedAt(raw);
+    if (createdAt === void 0)
+      continue;
+    if (createdAt > now - maxEntryAgeMs)
+      continue;
+    deleted += await client.del(key);
+  }
+  return deleted;
+}

package/dist-pkg/server/request-policy.d.ts ADDED Viewed

@@ -0,0 +1,55 @@
+type RouteModule = Record<string, unknown>;
+export type RequestExecutionKind = "page" | "partial" | "action" | "route-handler" | "rpc" | "static";
+export type RouteRequestExecutionKind = Exclude<RequestExecutionKind, "rpc" | "static">;
+export type RequestVisibility = "public" | "internal";
+export type RequestAccess = "public" | "internal";
+export type RequestMutation = "read" | "write";
+export type RequestResponseShape = "document" | "data" | "raw";
+export interface RequestMetadata {
+    request: Request;
+    url: URL;
+    pathname: string;
+    method: string;
+    host: string;
+    protocol: string;
+    trustedOrigin?: string;
+    effectiveOrigin: string;
+    effectiveHost: string;
+    effectiveProto: string;
+    origin?: string;
+    forwarded?: string;
+    forwardedHost?: string;
+    forwardedProto?: string;
+    forwardedFor?: string;
+    proxyTrusted: boolean;
+    kind: RequestExecutionKind;
+    visibility: RequestVisibility;
+    access: RequestAccess;
+    mutation: RequestMutation;
+    isStateChanging: boolean;
+}
+export interface RequestExecutionPolicy {
+    kind: RequestExecutionKind;
+    visibility: RequestVisibility;
+    access: RequestAccess;
+    mutation: RequestMutation;
+    responseShape: RequestResponseShape;
+    requiresTrustedOrigin: boolean;
+    allowedContentTypes?: string[];
+}
+export interface RequestPolicyOptions {
+    trustedOrigin?: string;
+    kind: RequestExecutionKind;
+    visibility?: RequestVisibility;
+    trustForwardedHeaders?: boolean;
+    trustedForwardedHops?: number;
+}
+export interface RequestPolicyValidationOptions {
+    allowedContentTypes?: string[];
+}
+export declare function resolveRequestMetadata(request: Request, options: RequestPolicyOptions): RequestMetadata;
+export declare function classifyRouteRequest(mod: RouteModule, request: Request): RouteRequestExecutionKind;
+export declare function validateRequestPolicy(metadata: RequestMetadata, options?: RequestPolicyValidationOptions & Partial<Pick<RequestExecutionPolicy, "requiresTrustedOrigin">>): Response | null;
+export declare function resolveRequestExecutionPolicy(kind: RequestExecutionKind): RequestExecutionPolicy;
+export declare function attachRequestMetadata(locals: Record<string, unknown>, metadata: RequestMetadata, policy?: RequestExecutionPolicy): void;
+export {};

package/dist-pkg/server/request-policy.js ADDED Viewed

@@ -0,0 +1,216 @@
+import { isAllowedRequestOrigin } from "./middleware.js";
+import { isPartialNavigationRequest } from "./partial-navigation.js";
+import { RPC_ACCEPTED_CONTENT_TYPES } from "./rpc.js";
+export function resolveRequestMetadata(request, options) {
+  const url = new URL(request.url), endpointContract = resolveRequestExecutionPolicy(options.kind), urlProtocol = url.protocol.replace(/:$/, ""), trustedForwardedHops = options.trustForwardedHeaders === !0 ? Math.max(1, options.trustedForwardedHops ?? 1) : 0, forwarded = parseForwardedHeader(request.headers.get("forwarded"), trustedForwardedHops), forwardedHost = normalizeForwardedHost(getTrustedForwardedValue(request.headers.get("x-forwarded-host"), trustedForwardedHops) ?? forwarded.host) ?? forwarded.host ?? void 0, forwardedProto = normalizeForwardedProto(getTrustedForwardedValue(request.headers.get("x-forwarded-proto"), trustedForwardedHops) ?? forwarded.proto) ?? forwarded.proto ?? void 0, forwardedFor = normalizeForwardedFor(getTrustedForwardedValue(request.headers.get("x-forwarded-for"), trustedForwardedHops) ?? forwarded.for) ?? forwarded.for ?? void 0, proxyTrusted = options.trustForwardedHeaders === !0, effectiveHost = proxyTrusted ? forwardedHost ?? (request.headers.get("host") ?? url.host) : request.headers.get("host") ?? url.host, effectiveProto = proxyTrusted ? forwardedProto ?? urlProtocol : urlProtocol;
+  return {
+    request,
+    url,
+    pathname: url.pathname,
+    method: request.method,
+    host: request.headers.get("host") ?? url.host,
+    protocol: urlProtocol,
+    trustedOrigin: options.trustedOrigin,
+    effectiveOrigin: options.trustedOrigin ?? `${effectiveProto}://${effectiveHost}`,
+    effectiveHost,
+    effectiveProto,
+    origin: request.headers.get("origin") ?? void 0,
+    forwarded: request.headers.get("forwarded") ?? void 0,
+    forwardedHost,
+    forwardedProto,
+    forwardedFor,
+    proxyTrusted,
+    kind: options.kind,
+    visibility: options.visibility ?? defaultVisibilityForKind(options.kind),
+    access: endpointContract.access,
+    mutation: endpointContract.mutation,
+    isStateChanging: isStateChangingMethod(request.method)
+  };
+}
+export function classifyRouteRequest(mod, request) {
+  if (typeof mod.GET === "function" && request.method === "GET" || typeof mod.POST === "function" && request.method === "POST")
+    return "route-handler";
+  if (request.method === "POST" && typeof mod.action === "function")
+    return "action";
+  if (isPartialNavigationRequest(request))
+    return "partial";
+  return "page";
+}
+export function validateRequestPolicy(metadata, options = {}) {
+  if (metadata.isStateChanging && options.requiresTrustedOrigin !== !1 && metadata.trustedOrigin && !isAllowedRequestOrigin(metadata.request, metadata.trustedOrigin))
+    return new Response("Forbidden", { status: 403 });
+  if (options.allowedContentTypes && hasRequestBody(metadata.request)) {
+    const contentType = metadata.request.headers.get("content-type") ?? "";
+    if (!contentType)
+      return new Response("Unsupported Media Type", { status: 415 });
+    if (!options.allowedContentTypes.some((allowedType) => contentType.includes(allowedType)))
+      return new Response("Unsupported Media Type", { status: 415 });
+  }
+  return null;
+}
+export function resolveRequestExecutionPolicy(kind) {
+  switch (kind) {
+    case "rpc":
+      return {
+        kind,
+        visibility: "internal",
+        access: "internal",
+        mutation: "write",
+        responseShape: "data",
+        requiresTrustedOrigin: !0,
+        allowedContentTypes: [...RPC_ACCEPTED_CONTENT_TYPES]
+      };
+    case "action":
+      return {
+        kind,
+        visibility: "public",
+        access: "public",
+        mutation: "write",
+        responseShape: "data",
+        requiresTrustedOrigin: !0,
+        allowedContentTypes: [
+          "application/x-www-form-urlencoded",
+          "multipart/form-data",
+          "application/json"
+        ]
+      };
+    case "partial":
+      return {
+        kind,
+        visibility: "internal",
+        access: "internal",
+        mutation: "read",
+        responseShape: "data",
+        requiresTrustedOrigin: !1
+      };
+    case "route-handler":
+      return {
+        kind,
+        visibility: "public",
+        access: "public",
+        mutation: "write",
+        responseShape: "raw",
+        requiresTrustedOrigin: !0
+      };
+    case "page":
+    case "static":
+      return {
+        kind,
+        visibility: "public",
+        access: "public",
+        mutation: "read",
+        responseShape: kind === "static" ? "raw" : "document",
+        requiresTrustedOrigin: !1
+      };
+  }
+}
+export function attachRequestMetadata(locals, metadata, policy = resolveRequestExecutionPolicy(metadata.kind)) {
+  locals.requestKind = metadata.kind;
+  locals.requestVisibility = policy.visibility;
+  locals.requestPolicy = policy;
+  locals.requestAccess = policy.access;
+  locals.requestMutation = policy.mutation;
+  locals.requestResponseShape = policy.responseShape;
+  locals.requestHost = metadata.host;
+  locals.requestProtocol = metadata.protocol;
+  locals.requestOrigin = metadata.origin;
+  locals.requestEffectiveOrigin = metadata.effectiveOrigin;
+  locals.requestEffectiveHost = metadata.effectiveHost;
+  locals.requestEffectiveProto = metadata.effectiveProto;
+  locals.requestProxyTrusted = metadata.proxyTrusted;
+  locals.requestForwarded = metadata.forwarded;
+  locals.forwardedHost = metadata.forwardedHost;
+  locals.forwardedProto = metadata.forwardedProto;
+  locals.forwardedFor = metadata.forwardedFor;
+}
+function defaultVisibilityForKind(kind) {
+  return kind === "partial" || kind === "rpc" ? "internal" : "public";
+}
+function isStateChangingMethod(method) {
+  return !["GET", "HEAD", "OPTIONS"].includes(method.toUpperCase());
+}
+function hasRequestBody(request) {
+  return Number(request.headers.get("content-length") ?? "0") > 0 || request.body !== null;
+}
+function parseForwardedHeader(header, trustedHops = 1) {
+  if (!header)
+    return {};
+  const entries = splitHeaderList(header, ",");
+  if (entries.length === 0)
+    return {};
+  const trustedEntry = entries[Math.max(0, entries.length - trustedHops)] ?? entries[entries.length - 1];
+  if (!trustedEntry)
+    return {};
+  const result = {};
+  for (const segment of splitHeaderList(trustedEntry, ";")) {
+    const [rawKey, rawValue] = segment.split("=", 2);
+    if (!rawKey || !rawValue)
+      continue;
+    const key = rawKey.trim().toLowerCase(), value = normalizeForwardedValue(rawValue);
+    if (!value)
+      continue;
+    if (key === "for")
+      result.for = normalizeForwardedFor(value);
+    if (key === "host")
+      result.host = normalizeForwardedHost(value);
+    if (key === "proto")
+      result.proto = normalizeForwardedProto(value);
+  }
+  return result;
+}
+function getTrustedForwardedValue(header, trustedHops) {
+  if (!header)
+    return;
+  const values = splitHeaderList(header, ",");
+  if (values.length === 0)
+    return;
+  return normalizeForwardedValue(values[Math.max(0, values.length - trustedHops)] ?? values[values.length - 1]);
+}
+function splitHeaderList(input, separator) {
+  const parts = [];
+  let current = "", quoted = !1;
+  for (const char of input) {
+    if (char === '"')
+      quoted = !quoted;
+    if (char === separator && !quoted) {
+      const trimmed = current.trim();
+      if (trimmed)
+        parts.push(trimmed);
+      current = "";
+      continue;
+    }
+    current += char;
+  }
+  const trimmed = current.trim();
+  if (trimmed)
+    parts.push(trimmed);
+  return parts;
+}
+function normalizeForwardedValue(value) {
+  if (typeof value !== "string")
+    return;
+  const normalized = value.trim().replace(/^"|"$/g, "").trim();
+  return normalized ? normalized : void 0;
+}
+function normalizeForwardedHost(value) {
+  const normalized = normalizeForwardedValue(value);
+  if (!normalized)
+    return;
+  if (/[/?#\s]/.test(normalized))
+    return;
+  return normalized.toLowerCase();
+}
+function normalizeForwardedProto(value) {
+  const normalized = normalizeForwardedValue(value)?.replace(/:$/, "").toLowerCase();
+  if (!normalized)
+    return;
+  return ["http", "https", "ws", "wss"].includes(normalized) ? normalized : void 0;
+}
+function normalizeForwardedFor(value) {
+  const normalized = normalizeForwardedValue(value);
+  if (!normalized)
+    return;
+  if (/[/?#\s]/.test(normalized))
+    return;
+  return normalized;
+}

package/dist-pkg/server/request-preflight.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { type RPCRegistry } from "./rpc.js";
+import type { MiddlewareFn } from "./middleware.js";
+import { type RequestSecurityPolicy } from "./request-security-policy.js";
+interface RateLimitResult {
+    allowed: boolean;
+    resetAt: number;
+}
+interface RateLimiterLike {
+    check(key: string): RateLimitResult | Promise<RateLimitResult>;
+}
+export declare function createRateLimitResponse(rateLimiter: RateLimiterLike, key: string): Promise<Response | null>;
+export declare function applyResponseHeaders(response: Response, headers: Record<string, string>): Response;
+export interface RPCRequestOptions {
+    registry?: Pick<RPCRegistry, "getHandler">;
+    middlewares?: MiddlewareFn[];
+    trustedOrigin?: string;
+    trustForwardedHeaders?: boolean;
+    trustedForwardedHops?: number;
+    securityPolicy?: RequestSecurityPolicy;
+}
+export declare function handleRPCWithHeaders(request: Request, headers: Record<string, string>, options?: RPCRequestOptions): Promise<Response | null>;
+export declare function handleRPCRequestWithPolicy(request: Request, options?: RPCRequestOptions): Promise<Response | null>;
+export {};

package/dist-pkg/server/request-preflight.js ADDED Viewed

@@ -0,0 +1,45 @@
+import { handleRPCRequest, handleRPCRequestWithRegistry } from "./rpc.js";
+import { executeServerExecution } from "./server-execution.js";
+import {
+  createRequestSecurityPolicy
+} from "./request-security-policy.js";
+export async function createRateLimitResponse(rateLimiter, key) {
+  const result = await rateLimiter.check(key);
+  if (result.allowed)
+    return null;
+  return new Response("Too Many Requests", {
+    status: 429,
+    headers: {
+      "Retry-After": String(Math.ceil((result.resetAt - Date.now()) / 1000))
+    }
+  });
+}
+export function applyResponseHeaders(response, headers) {
+  for (const key in headers)
+    response.headers.set(key, headers[key]);
+  return response;
+}
+export async function handleRPCWithHeaders(request, headers, options = {}) {
+  const response = await handleRPCRequestWithPolicy(request, options);
+  if (!response)
+    return null;
+  return applyResponseHeaders(response, headers);
+}
+export async function handleRPCRequestWithPolicy(request, options = {}) {
+  const { registry, middlewares = [] } = options, pathname = new URL(request.url).pathname;
+  if (!/^\/api\/_rpc\/[a-zA-Z0-9]+$/.test(pathname))
+    return null;
+  const securityPolicy = options.securityPolicy ?? createRequestSecurityPolicy({
+    trustedOrigin: options.trustedOrigin,
+    trustForwardedHeaders: options.trustForwardedHeaders,
+    trustedForwardedHops: options.trustedForwardedHops
+  });
+  return await executeServerExecution({
+    request,
+    kind: "rpc",
+    securityPolicy,
+    middlewares,
+    route: pathname,
+    handler: async () => registry ? await handleRPCRequestWithRegistry(request, registry) : await handleRPCRequest(request)
+  });
+}

package/dist-pkg/server/request-security-policy.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import type { RequestExecutionPolicy, RequestMetadata } from "./request-policy.js";
+export interface RequestSecurityPolicy {
+    trustedOrigin?: string;
+    trustForwardedHeaders: boolean;
+    trustedForwardedHops: number;
+    trustedHosts: string[];
+    enforceTrustedHosts: boolean;
+}
+export interface RequestSecurityPolicyOptions {
+    trustedOrigin?: string;
+    trustForwardedHeaders?: boolean;
+    trustedForwardedHops?: number;
+    trustedHosts?: string[];
+    enforceTrustedHosts?: boolean;
+}
+export declare function createRequestSecurityPolicy(options?: RequestSecurityPolicyOptions): RequestSecurityPolicy;
+export declare function validateRequestSecurityPolicy(metadata: RequestMetadata, executionPolicy: RequestExecutionPolicy, securityPolicy: RequestSecurityPolicy): Response | null;