theokit 0.12.0 → 0.12.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/dist/adapters/web-shim.d.ts +67 -0
  2. package/dist/adapters/ws-shim.d.ts +55 -0
  3. package/dist/agent-events-DosDXkSV.d.ts +94 -0
  4. package/dist/audit-log-BQWM5YLG.d.ts +60 -0
  5. package/dist/boot/index.d.ts +39 -0
  6. package/dist/client/index.d.ts +362 -0
  7. package/dist/csrf-BBrEZSBW.d.ts +107 -0
  8. package/dist/csrf-readiness-store-CjIoub3U.d.ts +43 -0
  9. package/dist/define-websocket-CdK94O-D.d.ts +64 -0
  10. package/dist/devtools/entry.d.ts +5 -0
  11. package/dist/error-envelope-BsNzzAV5.d.ts +62 -0
  12. package/dist/health-route-C0hk64_U.d.ts +57 -0
  13. package/dist/index-B40qUSrQ.d.ts +575 -0
  14. package/dist/index.d.ts +361 -0
  15. package/dist/job-backend-CgC8Xf33.d.ts +68 -0
  16. package/dist/match-CfbEFRG4.d.ts +26 -0
  17. package/dist/plugin-runner-BGBkzgi0.d.ts +95 -0
  18. package/dist/plugin-types-DNJGxr4Z.d.ts +79 -0
  19. package/dist/rate-limit-BdNDZ3vt.d.ts +58 -0
  20. package/dist/rate-limit-store-BEJnhWdw.d.ts +72 -0
  21. package/dist/react-query/index.d.ts +33 -0
  22. package/dist/schema-BpH6ivDY.d.ts +74 -0
  23. package/dist/server/agent/index.d.ts +229 -0
  24. package/dist/server/auth/index.d.ts +419 -0
  25. package/dist/server/cost/index.d.ts +177 -0
  26. package/dist/server/cron/index.d.ts +208 -0
  27. package/dist/server/define/index.d.ts +313 -0
  28. package/dist/server/http/index.d.ts +11 -0
  29. package/dist/server/index.d.ts +848 -0
  30. package/dist/server/jobs/index.d.ts +348 -0
  31. package/dist/server/observability/index.d.ts +324 -0
  32. package/dist/server/plugins/index.d.ts +17 -0
  33. package/dist/server/rate-limit/index.d.ts +105 -0
  34. package/dist/server/realtime/index.d.ts +15 -0
  35. package/dist/server/scan/index.d.ts +106 -0
  36. package/dist/server/security/index.d.ts +193 -0
  37. package/dist/server/storage/index.d.ts +22 -0
  38. package/dist/server/webhook/index.d.ts +148 -0
  39. package/dist/storage-manager-C4jsO0Tp.d.ts +89 -0
  40. package/dist/storage-types-DsDTCPbp.d.ts +96 -0
  41. package/dist/vite-plugin/index.d.ts +115 -0
  42. package/package.json +4 -4
@@ -0,0 +1,107 @@
1
+ import { IncomingMessage } from 'node:http';
2
+ import { A as AuditLogger } from './audit-log-BQWM5YLG.js';
3
+
4
+ /**
5
+ * CSRF enforcement mode.
6
+ *
7
+ * - `off` — skip CSRF entirely. Use only when you have another defense
8
+ * (e.g. you don't ship session cookies, all auth is bearer).
9
+ * - `warn` — log a structured warning when the check would fail, but
10
+ * still serve the request. Default for 0.2.0. Migration mode.
11
+ * - `strict` — reject failing requests with 403 + code `CSRF_INVALID`.
12
+ * Will become the default in 0.3.0.
13
+ */
14
+ type CsrfMode = 'off' | 'warn' | 'strict';
15
+ /**
16
+ * Per-request structured logger surface. Only `warn` is used by enforceCsrf;
17
+ * we don't require a full Logger here so callers can pass a mock or the
18
+ * console directly.
19
+ */
20
+ interface CsrfLogger {
21
+ warn: (payload: CsrfWarnPayload) => void;
22
+ /** Optional path the request was destined for — used for log correlation. */
23
+ path?: string;
24
+ }
25
+ /**
26
+ * T5.1 — Rails-inspired per-route escalation.
27
+ *
28
+ * `routes` accepts string (exact match) or RegExp entries. When a request
29
+ * path matches AND the request would otherwise emit a warning, the
30
+ * `behavior` field decides what happens:
31
+ *
32
+ * - `'warn'` → normal warn dispatch (no-op vs default)
33
+ * - `'raise'` → escalate to 403 regardless of global `csrf` mode
34
+ *
35
+ * `'raise'` never downgrades: when global mode is `'off'`, validation is
36
+ * skipped entirely and disallowed dispatch never runs.
37
+ */
38
+ interface DisallowedConfig {
39
+ routes: (string | RegExp)[];
40
+ behavior: 'warn' | 'raise';
41
+ }
42
+ /**
43
+ * Test whether `path` matches any of the supplied patterns. String
44
+ * patterns are EXACT (trailing slash matters — use RegExp for tolerance).
45
+ *
46
+ * EC-5: when a RegExp carries the `/g` flag, `.test()` mutates
47
+ * `lastIndex` and the next invocation may miss. We reset `lastIndex`
48
+ * before each test so the matcher is a pure function.
49
+ */
50
+ declare function matchDisallowed(path: string, patterns: readonly (string | RegExp)[]): boolean;
51
+ /**
52
+ * T2.2 — Stable cutover identifier shipped with every csrf.warn payload.
53
+ *
54
+ * Convention borrowed from Vite's `deprecations.ts:74` — a `code` plus a
55
+ * `docsUrl` lets users (a) grep their logs for a single stable identifier
56
+ * to find every csrf.warn line, and (b) click through directly to the
57
+ * migration guide. Strings are exported constants so the analyzer (T2.3)
58
+ * and migration guide can reference the same source of truth.
59
+ */
60
+ declare const CSRF_WARN_CODE: "CSRF_STRICT_CUTOVER";
61
+ declare const CSRF_WARN_DOCS_URL: "https://theokit.dev/upgrade/csrf-strict-cutover";
62
+ interface CsrfWarnPayload {
63
+ event: 'csrf.warn';
64
+ method: string;
65
+ path: string | undefined;
66
+ reason: string;
67
+ /**
68
+ * Stable identifier for the 0.2 → 0.3 CSRF strict cutover. Always
69
+ * `'CSRF_STRICT_CUTOVER'`. Grep-able from prod logs.
70
+ */
71
+ code: string;
72
+ /**
73
+ * Link to the section of the migration guide explaining how to clear
74
+ * this specific warning class.
75
+ */
76
+ docsUrl: string;
77
+ }
78
+ declare function validateCsrf(req: IncomingMessage): {
79
+ valid: true;
80
+ } | {
81
+ valid: false;
82
+ reason: string;
83
+ };
84
+ /**
85
+ * T5a.2 Phase B (slice 1/6) — Web-Standards-shaped CSRF validator.
86
+ *
87
+ * Mirror of `validateCsrf(req: IncomingMessage)` for the Web `Request`
88
+ * shape. Consumes `request.headers.get(name)` (native Web `Headers` API)
89
+ * instead of `req.headers[name]` (Node `IncomingMessage` indexer). Same
90
+ * CSRF policy + same return shape — the difference is only the input
91
+ * extraction.
92
+ *
93
+ * Used by `executeWebRequest` (T5a.2 Phase A) to enforce CSRF on the
94
+ * Web-Standards request handler entry-point.
95
+ */
96
+ declare function validateCsrfRequest(request: Request): {
97
+ valid: true;
98
+ } | {
99
+ valid: false;
100
+ reason: string;
101
+ };
102
+ declare function enforceCsrf(req: IncomingMessage, mode: CsrfMode, logger?: CsrfLogger, disallowed?: DisallowedConfig, auditLogger?: AuditLogger): {
103
+ allow: boolean;
104
+ reason?: string;
105
+ };
106
+
107
+ export { CSRF_WARN_CODE as C, type DisallowedConfig as D, CSRF_WARN_DOCS_URL as a, type CsrfLogger as b, type CsrfMode as c, type CsrfWarnPayload as d, enforceCsrf as e, validateCsrfRequest as f, matchDisallowed as m, validateCsrf as v };
@@ -0,0 +1,43 @@
1
+ /**
2
+ * T2.2 — In-memory bounded counter for CSRF warn events.
3
+ *
4
+ * Aggregates `csrf.warn` payloads by `(method, path, reason)` triple.
5
+ * Used by the `/__theo/csrf-readiness` endpoint to expose a summary the
6
+ * developer (or devtools tab) can inspect, so users do NOT need to grep
7
+ * stdout to know which endpoints will break under 0.3.0 strict CSRF.
8
+ *
9
+ * Bounded at 1000 distinct keys (EC-22). Eviction is LRU-by-insertion —
10
+ * when the cap is hit, the oldest key is dropped and a re-record of an
11
+ * evicted key starts fresh (count: 1).
12
+ *
13
+ * Single-threaded by virtue of the JS event loop; Map operations are
14
+ * atomic. NOT shared across processes — each worker has its own store.
15
+ */
16
+ interface CsrfWarnRecord {
17
+ method: string;
18
+ path: string;
19
+ reason: string;
20
+ }
21
+ interface CsrfReadinessRouteSummary {
22
+ method: string;
23
+ path: string;
24
+ reason: string;
25
+ count: number;
26
+ firstSeen: string;
27
+ lastSeen: string;
28
+ }
29
+ interface CsrfReadinessSummary {
30
+ generatedAt: string;
31
+ totalEvents: number;
32
+ routes: CsrfReadinessRouteSummary[];
33
+ }
34
+ declare class CsrfReadinessStore {
35
+ static readonly MAX_ENTRIES = 1000;
36
+ private readonly entries;
37
+ private keyFor;
38
+ record(event: CsrfWarnRecord): void;
39
+ summary(): CsrfReadinessSummary;
40
+ reset(): void;
41
+ }
42
+
43
+ export { CsrfReadinessStore as C, type CsrfReadinessRouteSummary as a, type CsrfReadinessSummary as b, type CsrfWarnRecord as c };
@@ -0,0 +1,64 @@
1
+ import { IncomingMessage } from 'node:http';
2
+
3
+ interface WebSocketLike {
4
+ send(data: string | Buffer): void;
5
+ close(code?: number, reason?: string): void;
6
+ }
7
+ interface WebSocketHandler {
8
+ onOpen?: (ws: WebSocketLike, req: IncomingMessage) => void;
9
+ onMessage?: (ws: WebSocketLike, data: string | Buffer) => void;
10
+ onClose?: (ws: WebSocketLike, code: number, reason: Buffer) => void;
11
+ onError?: (ws: WebSocketLike, error: Error) => void;
12
+ }
13
+ /**
14
+ * Define a WebSocket endpoint handler.
15
+ * Identity function — provides type inference for WebSocket handlers.
16
+ */
17
+ declare function defineWebSocket(handler: WebSocketHandler): WebSocketHandler;
18
+ /**
19
+ * T5a.2 Phase F slice 3/3 — Web-Standards WebSocket endpoint handler.
20
+ *
21
+ * Mirror of `WebSocketHandler` for the Web `Request` shape. `onOpen`
22
+ * receives `request: Request` instead of `req: IncomingMessage`. The
23
+ * rest of the lifecycle (onMessage, onClose, onError) is shape-agnostic
24
+ * (`WebSocketLike` is already Web-standards-compatible per the existing
25
+ * design — `send(string | Buffer)` works on both Node `ws` and Web
26
+ * `WebSocket` instances; CF Workers / Bun / Deno coerce as needed at
27
+ * the adapter boundary).
28
+ *
29
+ * Per `docs/plans/t5a2-incoming-message-to-request-shape-refactor-plan.md`
30
+ * v1.0 § Phase F (closes Phase F).
31
+ *
32
+ * **Architectural note — WebSocket upgrade semantics differ across runtimes:**
33
+ * - Node + `ws`: `WebSocketServer.handleUpgrade(req, socket, head, cb)` —
34
+ * `req` is `IncomingMessage`. Use `WebSocketHandler`.
35
+ * - CF Workers: `new WebSocketPair()` + `request.headers` (the upgrade
36
+ * handshake IS a Web Request). Use `WebSocketHandlerWeb`.
37
+ * - Bun: `server.upgrade(request, { data })` — same Web Request shape.
38
+ * - Deno: `Deno.upgradeWebSocket(request)` — same Web Request shape.
39
+ *
40
+ * Cross-runtime WebSocket endpoints ship BOTH `WebSocketHandler` +
41
+ * `WebSocketHandlerWeb` exports; the runtime adapter picks the matching
42
+ * one. This is the canonical Hono / Nitric pattern.
43
+ */
44
+ interface WebSocketHandlerWeb {
45
+ onOpen?: (ws: WebSocketLike, request: Request) => void;
46
+ onMessage?: (ws: WebSocketLike, data: string | Uint8Array) => void;
47
+ onClose?: (ws: WebSocketLike, code: number, reason: string) => void;
48
+ onError?: (ws: WebSocketLike, error: Error) => void;
49
+ }
50
+ /**
51
+ * Web-Standards `defineWebSocket` sibling. Identity function — provides
52
+ * type inference for Web WebSocket handlers.
53
+ *
54
+ * **Type difference note vs Node path:**
55
+ * - `onMessage` data is `string | Uint8Array` instead of `string | Buffer`
56
+ * (Web standards have no `Buffer`; Node's Buffer is a Uint8Array
57
+ * subclass so the Node path's Buffer values flow through unchanged
58
+ * when adapters wrap them).
59
+ * - `onClose` reason is `string` instead of `Buffer` (Web `CloseEvent`
60
+ * exposes the reason as a UTF-8 string natively).
61
+ */
62
+ declare function defineWebSocketWeb(handler: WebSocketHandlerWeb): WebSocketHandlerWeb;
63
+
64
+ export { type WebSocketHandler as W, type WebSocketHandlerWeb as a, type WebSocketLike as b, defineWebSocketWeb as c, defineWebSocket as d };
@@ -0,0 +1,5 @@
1
+ declare global {
2
+ interface Window {
3
+ __theoDevtoolsMounted?: boolean;
4
+ }
5
+ }
@@ -0,0 +1,62 @@
1
+ /**
2
+ * Error envelope — canonical cross-layer contract for theokit framework, SDK,
3
+ * and UI per plan g5-error-envelope-cross-layer v1.0 § Phase 1 / T1.1.
4
+ *
5
+ * Blueprint G5 (SHIPPABLE_WITH_CAVEATS 89/100) — Form 4 Hybrid: shared CODE
6
+ * enum + per-domain extensions + 2-layer SDK boundary translation.
7
+ *
8
+ * 3/3 references convergence: code + message + cause base (trpc TRPCError
9
+ * + hono HTTPException + encore Error). Wasp confirms ecosystem gap.
10
+ *
11
+ * Reference anchors (verified file:line):
12
+ * - referencia: trpc/packages/server/src/unstable-core-do-not-import/error/TRPCError.ts:65-87
13
+ * - referencia: trpc/packages/server/src/unstable-core-do-not-import/rpc/codes.ts:11-44,76-81
14
+ * - referencia: hono/src/http-exception.ts:46-78
15
+ * - referencia: encore/runtimes/go/beta/errs/error.go:38-55 (Go — D4 disclaimer applied)
16
+ *
17
+ * Per blueprint ADR D2: retryable + hint are extension slots, NOT base fields
18
+ * (3/3 references derive retryability from code identity; no reference ships
19
+ * a `retryable: boolean` on envelope; `hint` is novel).
20
+ *
21
+ * Per blueprint ADR D5: server-only `meta` filtered at serializer boundary
22
+ * (encore `json:"-"` analog).
23
+ *
24
+ * Lives in `core/contracts/` per architecture.md v3 — canonical home for
25
+ * shared client↔server types. Zero intra-monorepo deps; zero runtime deps
26
+ * (trpc + hono ship envelope with zero runtime deps per blueprint Q5).
27
+ */
28
+ /**
29
+ * Canonical TheoKit error code union. HTTP-status flavor + SDK/agent-domain
30
+ * additions per blueprint Recommendations § concrete shape.
31
+ *
32
+ * String-literal union mirrors trpc's TRPC_ERROR_CODE_KEY pattern — enables
33
+ * exhaustive `switch (env.code)` narrowing in consumer code (UI display
34
+ * dispatch, retry-policy gates, telemetry classification).
35
+ */
36
+ type TheoErrorCode = 'BAD_REQUEST' | 'UNAUTHORIZED' | 'FORBIDDEN' | 'NOT_FOUND' | 'METHOD_NOT_ALLOWED' | 'CONFLICT' | 'PRECONDITION_FAILED' | 'PAYLOAD_TOO_LARGE' | 'UNSUPPORTED_MEDIA_TYPE' | 'UNPROCESSABLE_ENTITY' | 'TOO_MANY_REQUESTS' | 'INTERNAL_SERVER_ERROR' | 'NOT_IMPLEMENTED' | 'BAD_GATEWAY' | 'SERVICE_UNAVAILABLE' | 'GATEWAY_TIMEOUT' | 'AGENT_RUN_ERROR' | 'PROVIDER_KEY_MISSING' | 'BUDGET_EXCEEDED' | 'RATE_LIMITED' | 'CREDENTIAL_POOL_EXHAUSTED';
37
+ /**
38
+ * Base envelope shape — `{ code, message, cause?, meta?, ext? }`.
39
+ *
40
+ * `cause` follows TC39 proposal-error-cause (universal pattern, 3/3 references).
41
+ * `meta` is server-only metadata filtered at serializer boundary per ADR D5
42
+ * (`stack` is auto-stripped in non-dev builds — see T1.2 `TheoError.toJSON()`).
43
+ * `ext` carries opt-in per-domain extensions (`ValidationFieldsExt`,
44
+ * `RetryableExt`, `HintExt`, or arbitrary user-defined types via formatter hook).
45
+ */
46
+ interface TheoErrorEnvelope<TExt = unknown> {
47
+ readonly code: TheoErrorCode;
48
+ readonly message: string;
49
+ readonly cause?: unknown;
50
+ readonly meta?: Record<string, unknown>;
51
+ readonly ext?: TExt;
52
+ }
53
+ /**
54
+ * `ValidationFieldsExt` — validation-failure extension carrying the dot-notation
55
+ * field map identical to G3 `ActionInputError.fields`. Empty-string key for
56
+ * root-level errors (mirrors G3 EC-7). Multiple messages per key are preserved.
57
+ */
58
+ interface ValidationFieldsExt {
59
+ readonly fields: Record<string, string[]>;
60
+ }
61
+
62
+ export type { TheoErrorEnvelope as T, ValidationFieldsExt as V, TheoErrorCode as a };
@@ -0,0 +1,57 @@
1
+ /**
2
+ * M7-2 — health/ready reserved routes for the convention/filesystem-route
3
+ * server. Liveness (`/__theo/health`, always 200) and readiness
4
+ * (`/__theo/ready`, 200/503 from a probe) are registered on a reserved
5
+ * namespace BEFORE the user-route catch-all + 404 branch — mirroring nitro's
6
+ * `/_nitro/*` reserved-namespace pattern (knowledge-base/references/nitro/src/
7
+ * runtime/internal/routes/dev-tasks.ts). Liveness and readiness are kept
8
+ * separate by design: liveness says "the process is up", readiness says
9
+ * "dependencies are up".
10
+ *
11
+ * @public
12
+ */
13
+ /** Reserved path for the liveness endpoint. */
14
+ declare const HEALTH_PATH = "/__theo/health";
15
+ /** Reserved path for the readiness endpoint. */
16
+ declare const READY_PATH = "/__theo/ready";
17
+ /** Config produced by {@link defineHealthRoute}. */
18
+ interface HealthRouteConfig {
19
+ readonly kind: 'health';
20
+ /** Returns the liveness body (auto-serialized to JSON). Default: `{ status: 'ok' }`. */
21
+ readonly handler: () => unknown;
22
+ }
23
+ /** Config produced by {@link defineReadyRoute}. */
24
+ interface ReadyRouteConfig {
25
+ readonly kind: 'ready';
26
+ /** Resolves `true` when dependencies are ready. A throw/reject is treated as not-ready (503). */
27
+ readonly probe: () => boolean | Promise<boolean>;
28
+ }
29
+ /** The reserved-route registry consulted by {@link serveReservedRoute}. */
30
+ interface ReservedRoutes {
31
+ readonly health?: HealthRouteConfig;
32
+ readonly ready?: ReadyRouteConfig;
33
+ }
34
+ /** A reserved-route response: an HTTP status + a JSON-serializable body. */
35
+ interface ReservedResponse {
36
+ readonly status: number;
37
+ readonly body: unknown;
38
+ }
39
+ /**
40
+ * Define the liveness route. The default handler returns `{ status: 'ok' }`.
41
+ * Liveness is always 200 — it asserts the process is up, not that dependencies are.
42
+ */
43
+ declare function defineHealthRoute(handler?: () => unknown): HealthRouteConfig;
44
+ /**
45
+ * Define the readiness route. The `probe` decides 200 (ready) vs 503 (not-ready).
46
+ * A probe that throws/rejects is treated as not-ready (503) — never a 500 crash.
47
+ */
48
+ declare function defineReadyRoute(probe: () => boolean | Promise<boolean>): ReadyRouteConfig;
49
+ /**
50
+ * Pure dispatcher: map a request pathname to a reserved-route response, or
51
+ * `null` when the path is not reserved (so the user catch-all + 404 take over).
52
+ * Liveness defaults to 200 `{status:'ok'}`; readiness without a probe is
53
+ * trivially ready (200). Registered BEFORE the user catch-all by the caller.
54
+ */
55
+ declare function serveReservedRoute(pathname: string, routes?: ReservedRoutes): Promise<ReservedResponse | null>;
56
+
57
+ export { HEALTH_PATH as H, type ReservedRoutes as R, type HealthRouteConfig as a, READY_PATH as b, type ReadyRouteConfig as c, type ReservedResponse as d, defineHealthRoute as e, defineReadyRoute as f, serveReservedRoute as s };