theokit 0.12.0 → 0.12.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/web-shim.d.ts +67 -0
- package/dist/adapters/ws-shim.d.ts +55 -0
- package/dist/agent-events-DosDXkSV.d.ts +94 -0
- package/dist/audit-log-BQWM5YLG.d.ts +60 -0
- package/dist/boot/index.d.ts +39 -0
- package/dist/client/index.d.ts +362 -0
- package/dist/csrf-BBrEZSBW.d.ts +107 -0
- package/dist/csrf-readiness-store-CjIoub3U.d.ts +43 -0
- package/dist/define-websocket-CdK94O-D.d.ts +64 -0
- package/dist/devtools/entry.d.ts +5 -0
- package/dist/error-envelope-BsNzzAV5.d.ts +62 -0
- package/dist/health-route-C0hk64_U.d.ts +57 -0
- package/dist/index-B40qUSrQ.d.ts +575 -0
- package/dist/index.d.ts +361 -0
- package/dist/job-backend-CgC8Xf33.d.ts +68 -0
- package/dist/match-CfbEFRG4.d.ts +26 -0
- package/dist/plugin-runner-BGBkzgi0.d.ts +95 -0
- package/dist/plugin-types-DNJGxr4Z.d.ts +79 -0
- package/dist/rate-limit-BdNDZ3vt.d.ts +58 -0
- package/dist/rate-limit-store-BEJnhWdw.d.ts +72 -0
- package/dist/react-query/index.d.ts +33 -0
- package/dist/schema-BpH6ivDY.d.ts +74 -0
- package/dist/server/agent/index.d.ts +229 -0
- package/dist/server/auth/index.d.ts +419 -0
- package/dist/server/cost/index.d.ts +177 -0
- package/dist/server/cron/index.d.ts +208 -0
- package/dist/server/define/index.d.ts +313 -0
- package/dist/server/http/index.d.ts +11 -0
- package/dist/server/index.d.ts +848 -0
- package/dist/server/jobs/index.d.ts +348 -0
- package/dist/server/observability/index.d.ts +324 -0
- package/dist/server/plugins/index.d.ts +17 -0
- package/dist/server/rate-limit/index.d.ts +105 -0
- package/dist/server/realtime/index.d.ts +15 -0
- package/dist/server/scan/index.d.ts +106 -0
- package/dist/server/security/index.d.ts +193 -0
- package/dist/server/storage/index.d.ts +22 -0
- package/dist/server/webhook/index.d.ts +148 -0
- package/dist/storage-manager-C4jsO0Tp.d.ts +89 -0
- package/dist/storage-types-DsDTCPbp.d.ts +96 -0
- package/dist/vite-plugin/index.d.ts +115 -0
- package/package.json +4 -4
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
import { IncomingMessage } from 'node:http';
|
|
2
|
+
import { A as AuditLogger } from './audit-log-BQWM5YLG.js';
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* CSRF enforcement mode.
|
|
6
|
+
*
|
|
7
|
+
* - `off` — skip CSRF entirely. Use only when you have another defense
|
|
8
|
+
* (e.g. you don't ship session cookies, all auth is bearer).
|
|
9
|
+
* - `warn` — log a structured warning when the check would fail, but
|
|
10
|
+
* still serve the request. Default for 0.2.0. Migration mode.
|
|
11
|
+
* - `strict` — reject failing requests with 403 + code `CSRF_INVALID`.
|
|
12
|
+
* Will become the default in 0.3.0.
|
|
13
|
+
*/
|
|
14
|
+
type CsrfMode = 'off' | 'warn' | 'strict';
|
|
15
|
+
/**
|
|
16
|
+
* Per-request structured logger surface. Only `warn` is used by enforceCsrf;
|
|
17
|
+
* we don't require a full Logger here so callers can pass a mock or the
|
|
18
|
+
* console directly.
|
|
19
|
+
*/
|
|
20
|
+
interface CsrfLogger {
|
|
21
|
+
warn: (payload: CsrfWarnPayload) => void;
|
|
22
|
+
/** Optional path the request was destined for — used for log correlation. */
|
|
23
|
+
path?: string;
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* T5.1 — Rails-inspired per-route escalation.
|
|
27
|
+
*
|
|
28
|
+
* `routes` accepts string (exact match) or RegExp entries. When a request
|
|
29
|
+
* path matches AND the request would otherwise emit a warning, the
|
|
30
|
+
* `behavior` field decides what happens:
|
|
31
|
+
*
|
|
32
|
+
* - `'warn'` → normal warn dispatch (no-op vs default)
|
|
33
|
+
* - `'raise'` → escalate to 403 regardless of global `csrf` mode
|
|
34
|
+
*
|
|
35
|
+
* `'raise'` never downgrades: when global mode is `'off'`, validation is
|
|
36
|
+
* skipped entirely and disallowed dispatch never runs.
|
|
37
|
+
*/
|
|
38
|
+
interface DisallowedConfig {
|
|
39
|
+
routes: (string | RegExp)[];
|
|
40
|
+
behavior: 'warn' | 'raise';
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Test whether `path` matches any of the supplied patterns. String
|
|
44
|
+
* patterns are EXACT (trailing slash matters — use RegExp for tolerance).
|
|
45
|
+
*
|
|
46
|
+
* EC-5: when a RegExp carries the `/g` flag, `.test()` mutates
|
|
47
|
+
* `lastIndex` and the next invocation may miss. We reset `lastIndex`
|
|
48
|
+
* before each test so the matcher is a pure function.
|
|
49
|
+
*/
|
|
50
|
+
declare function matchDisallowed(path: string, patterns: readonly (string | RegExp)[]): boolean;
|
|
51
|
+
/**
|
|
52
|
+
* T2.2 — Stable cutover identifier shipped with every csrf.warn payload.
|
|
53
|
+
*
|
|
54
|
+
* Convention borrowed from Vite's `deprecations.ts:74` — a `code` plus a
|
|
55
|
+
* `docsUrl` lets users (a) grep their logs for a single stable identifier
|
|
56
|
+
* to find every csrf.warn line, and (b) click through directly to the
|
|
57
|
+
* migration guide. Strings are exported constants so the analyzer (T2.3)
|
|
58
|
+
* and migration guide can reference the same source of truth.
|
|
59
|
+
*/
|
|
60
|
+
declare const CSRF_WARN_CODE: "CSRF_STRICT_CUTOVER";
|
|
61
|
+
declare const CSRF_WARN_DOCS_URL: "https://theokit.dev/upgrade/csrf-strict-cutover";
|
|
62
|
+
interface CsrfWarnPayload {
|
|
63
|
+
event: 'csrf.warn';
|
|
64
|
+
method: string;
|
|
65
|
+
path: string | undefined;
|
|
66
|
+
reason: string;
|
|
67
|
+
/**
|
|
68
|
+
* Stable identifier for the 0.2 → 0.3 CSRF strict cutover. Always
|
|
69
|
+
* `'CSRF_STRICT_CUTOVER'`. Grep-able from prod logs.
|
|
70
|
+
*/
|
|
71
|
+
code: string;
|
|
72
|
+
/**
|
|
73
|
+
* Link to the section of the migration guide explaining how to clear
|
|
74
|
+
* this specific warning class.
|
|
75
|
+
*/
|
|
76
|
+
docsUrl: string;
|
|
77
|
+
}
|
|
78
|
+
declare function validateCsrf(req: IncomingMessage): {
|
|
79
|
+
valid: true;
|
|
80
|
+
} | {
|
|
81
|
+
valid: false;
|
|
82
|
+
reason: string;
|
|
83
|
+
};
|
|
84
|
+
/**
|
|
85
|
+
* T5a.2 Phase B (slice 1/6) — Web-Standards-shaped CSRF validator.
|
|
86
|
+
*
|
|
87
|
+
* Mirror of `validateCsrf(req: IncomingMessage)` for the Web `Request`
|
|
88
|
+
* shape. Consumes `request.headers.get(name)` (native Web `Headers` API)
|
|
89
|
+
* instead of `req.headers[name]` (Node `IncomingMessage` indexer). Same
|
|
90
|
+
* CSRF policy + same return shape — the difference is only the input
|
|
91
|
+
* extraction.
|
|
92
|
+
*
|
|
93
|
+
* Used by `executeWebRequest` (T5a.2 Phase A) to enforce CSRF on the
|
|
94
|
+
* Web-Standards request handler entry-point.
|
|
95
|
+
*/
|
|
96
|
+
declare function validateCsrfRequest(request: Request): {
|
|
97
|
+
valid: true;
|
|
98
|
+
} | {
|
|
99
|
+
valid: false;
|
|
100
|
+
reason: string;
|
|
101
|
+
};
|
|
102
|
+
declare function enforceCsrf(req: IncomingMessage, mode: CsrfMode, logger?: CsrfLogger, disallowed?: DisallowedConfig, auditLogger?: AuditLogger): {
|
|
103
|
+
allow: boolean;
|
|
104
|
+
reason?: string;
|
|
105
|
+
};
|
|
106
|
+
|
|
107
|
+
export { CSRF_WARN_CODE as C, type DisallowedConfig as D, CSRF_WARN_DOCS_URL as a, type CsrfLogger as b, type CsrfMode as c, type CsrfWarnPayload as d, enforceCsrf as e, validateCsrfRequest as f, matchDisallowed as m, validateCsrf as v };
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* T2.2 — In-memory bounded counter for CSRF warn events.
|
|
3
|
+
*
|
|
4
|
+
* Aggregates `csrf.warn` payloads by `(method, path, reason)` triple.
|
|
5
|
+
* Used by the `/__theo/csrf-readiness` endpoint to expose a summary the
|
|
6
|
+
* developer (or devtools tab) can inspect, so users do NOT need to grep
|
|
7
|
+
* stdout to know which endpoints will break under 0.3.0 strict CSRF.
|
|
8
|
+
*
|
|
9
|
+
* Bounded at 1000 distinct keys (EC-22). Eviction is LRU-by-insertion —
|
|
10
|
+
* when the cap is hit, the oldest key is dropped and a re-record of an
|
|
11
|
+
* evicted key starts fresh (count: 1).
|
|
12
|
+
*
|
|
13
|
+
* Single-threaded by virtue of the JS event loop; Map operations are
|
|
14
|
+
* atomic. NOT shared across processes — each worker has its own store.
|
|
15
|
+
*/
|
|
16
|
+
interface CsrfWarnRecord {
|
|
17
|
+
method: string;
|
|
18
|
+
path: string;
|
|
19
|
+
reason: string;
|
|
20
|
+
}
|
|
21
|
+
interface CsrfReadinessRouteSummary {
|
|
22
|
+
method: string;
|
|
23
|
+
path: string;
|
|
24
|
+
reason: string;
|
|
25
|
+
count: number;
|
|
26
|
+
firstSeen: string;
|
|
27
|
+
lastSeen: string;
|
|
28
|
+
}
|
|
29
|
+
interface CsrfReadinessSummary {
|
|
30
|
+
generatedAt: string;
|
|
31
|
+
totalEvents: number;
|
|
32
|
+
routes: CsrfReadinessRouteSummary[];
|
|
33
|
+
}
|
|
34
|
+
declare class CsrfReadinessStore {
|
|
35
|
+
static readonly MAX_ENTRIES = 1000;
|
|
36
|
+
private readonly entries;
|
|
37
|
+
private keyFor;
|
|
38
|
+
record(event: CsrfWarnRecord): void;
|
|
39
|
+
summary(): CsrfReadinessSummary;
|
|
40
|
+
reset(): void;
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
export { CsrfReadinessStore as C, type CsrfReadinessRouteSummary as a, type CsrfReadinessSummary as b, type CsrfWarnRecord as c };
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
import { IncomingMessage } from 'node:http';
|
|
2
|
+
|
|
3
|
+
interface WebSocketLike {
|
|
4
|
+
send(data: string | Buffer): void;
|
|
5
|
+
close(code?: number, reason?: string): void;
|
|
6
|
+
}
|
|
7
|
+
interface WebSocketHandler {
|
|
8
|
+
onOpen?: (ws: WebSocketLike, req: IncomingMessage) => void;
|
|
9
|
+
onMessage?: (ws: WebSocketLike, data: string | Buffer) => void;
|
|
10
|
+
onClose?: (ws: WebSocketLike, code: number, reason: Buffer) => void;
|
|
11
|
+
onError?: (ws: WebSocketLike, error: Error) => void;
|
|
12
|
+
}
|
|
13
|
+
/**
|
|
14
|
+
* Define a WebSocket endpoint handler.
|
|
15
|
+
* Identity function — provides type inference for WebSocket handlers.
|
|
16
|
+
*/
|
|
17
|
+
declare function defineWebSocket(handler: WebSocketHandler): WebSocketHandler;
|
|
18
|
+
/**
|
|
19
|
+
* T5a.2 Phase F slice 3/3 — Web-Standards WebSocket endpoint handler.
|
|
20
|
+
*
|
|
21
|
+
* Mirror of `WebSocketHandler` for the Web `Request` shape. `onOpen`
|
|
22
|
+
* receives `request: Request` instead of `req: IncomingMessage`. The
|
|
23
|
+
* rest of the lifecycle (onMessage, onClose, onError) is shape-agnostic
|
|
24
|
+
* (`WebSocketLike` is already Web-standards-compatible per the existing
|
|
25
|
+
* design — `send(string | Buffer)` works on both Node `ws` and Web
|
|
26
|
+
* `WebSocket` instances; CF Workers / Bun / Deno coerce as needed at
|
|
27
|
+
* the adapter boundary).
|
|
28
|
+
*
|
|
29
|
+
* Per `docs/plans/t5a2-incoming-message-to-request-shape-refactor-plan.md`
|
|
30
|
+
* v1.0 § Phase F (closes Phase F).
|
|
31
|
+
*
|
|
32
|
+
* **Architectural note — WebSocket upgrade semantics differ across runtimes:**
|
|
33
|
+
* - Node + `ws`: `WebSocketServer.handleUpgrade(req, socket, head, cb)` —
|
|
34
|
+
* `req` is `IncomingMessage`. Use `WebSocketHandler`.
|
|
35
|
+
* - CF Workers: `new WebSocketPair()` + `request.headers` (the upgrade
|
|
36
|
+
* handshake IS a Web Request). Use `WebSocketHandlerWeb`.
|
|
37
|
+
* - Bun: `server.upgrade(request, { data })` — same Web Request shape.
|
|
38
|
+
* - Deno: `Deno.upgradeWebSocket(request)` — same Web Request shape.
|
|
39
|
+
*
|
|
40
|
+
* Cross-runtime WebSocket endpoints ship BOTH `WebSocketHandler` +
|
|
41
|
+
* `WebSocketHandlerWeb` exports; the runtime adapter picks the matching
|
|
42
|
+
* one. This is the canonical Hono / Nitric pattern.
|
|
43
|
+
*/
|
|
44
|
+
interface WebSocketHandlerWeb {
|
|
45
|
+
onOpen?: (ws: WebSocketLike, request: Request) => void;
|
|
46
|
+
onMessage?: (ws: WebSocketLike, data: string | Uint8Array) => void;
|
|
47
|
+
onClose?: (ws: WebSocketLike, code: number, reason: string) => void;
|
|
48
|
+
onError?: (ws: WebSocketLike, error: Error) => void;
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* Web-Standards `defineWebSocket` sibling. Identity function — provides
|
|
52
|
+
* type inference for Web WebSocket handlers.
|
|
53
|
+
*
|
|
54
|
+
* **Type difference note vs Node path:**
|
|
55
|
+
* - `onMessage` data is `string | Uint8Array` instead of `string | Buffer`
|
|
56
|
+
* (Web standards have no `Buffer`; Node's Buffer is a Uint8Array
|
|
57
|
+
* subclass so the Node path's Buffer values flow through unchanged
|
|
58
|
+
* when adapters wrap them).
|
|
59
|
+
* - `onClose` reason is `string` instead of `Buffer` (Web `CloseEvent`
|
|
60
|
+
* exposes the reason as a UTF-8 string natively).
|
|
61
|
+
*/
|
|
62
|
+
declare function defineWebSocketWeb(handler: WebSocketHandlerWeb): WebSocketHandlerWeb;
|
|
63
|
+
|
|
64
|
+
export { type WebSocketHandler as W, type WebSocketHandlerWeb as a, type WebSocketLike as b, defineWebSocketWeb as c, defineWebSocket as d };
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Error envelope — canonical cross-layer contract for theokit framework, SDK,
|
|
3
|
+
* and UI per plan g5-error-envelope-cross-layer v1.0 § Phase 1 / T1.1.
|
|
4
|
+
*
|
|
5
|
+
* Blueprint G5 (SHIPPABLE_WITH_CAVEATS 89/100) — Form 4 Hybrid: shared CODE
|
|
6
|
+
* enum + per-domain extensions + 2-layer SDK boundary translation.
|
|
7
|
+
*
|
|
8
|
+
* 3/3 references convergence: code + message + cause base (trpc TRPCError
|
|
9
|
+
* + hono HTTPException + encore Error). Wasp confirms ecosystem gap.
|
|
10
|
+
*
|
|
11
|
+
* Reference anchors (verified file:line):
|
|
12
|
+
* - referencia: trpc/packages/server/src/unstable-core-do-not-import/error/TRPCError.ts:65-87
|
|
13
|
+
* - referencia: trpc/packages/server/src/unstable-core-do-not-import/rpc/codes.ts:11-44,76-81
|
|
14
|
+
* - referencia: hono/src/http-exception.ts:46-78
|
|
15
|
+
* - referencia: encore/runtimes/go/beta/errs/error.go:38-55 (Go — D4 disclaimer applied)
|
|
16
|
+
*
|
|
17
|
+
* Per blueprint ADR D2: retryable + hint are extension slots, NOT base fields
|
|
18
|
+
* (3/3 references derive retryability from code identity; no reference ships
|
|
19
|
+
* a `retryable: boolean` on envelope; `hint` is novel).
|
|
20
|
+
*
|
|
21
|
+
* Per blueprint ADR D5: server-only `meta` filtered at serializer boundary
|
|
22
|
+
* (encore `json:"-"` analog).
|
|
23
|
+
*
|
|
24
|
+
* Lives in `core/contracts/` per architecture.md v3 — canonical home for
|
|
25
|
+
* shared client↔server types. Zero intra-monorepo deps; zero runtime deps
|
|
26
|
+
* (trpc + hono ship envelope with zero runtime deps per blueprint Q5).
|
|
27
|
+
*/
|
|
28
|
+
/**
|
|
29
|
+
* Canonical TheoKit error code union. HTTP-status flavor + SDK/agent-domain
|
|
30
|
+
* additions per blueprint Recommendations § concrete shape.
|
|
31
|
+
*
|
|
32
|
+
* String-literal union mirrors trpc's TRPC_ERROR_CODE_KEY pattern — enables
|
|
33
|
+
* exhaustive `switch (env.code)` narrowing in consumer code (UI display
|
|
34
|
+
* dispatch, retry-policy gates, telemetry classification).
|
|
35
|
+
*/
|
|
36
|
+
type TheoErrorCode = 'BAD_REQUEST' | 'UNAUTHORIZED' | 'FORBIDDEN' | 'NOT_FOUND' | 'METHOD_NOT_ALLOWED' | 'CONFLICT' | 'PRECONDITION_FAILED' | 'PAYLOAD_TOO_LARGE' | 'UNSUPPORTED_MEDIA_TYPE' | 'UNPROCESSABLE_ENTITY' | 'TOO_MANY_REQUESTS' | 'INTERNAL_SERVER_ERROR' | 'NOT_IMPLEMENTED' | 'BAD_GATEWAY' | 'SERVICE_UNAVAILABLE' | 'GATEWAY_TIMEOUT' | 'AGENT_RUN_ERROR' | 'PROVIDER_KEY_MISSING' | 'BUDGET_EXCEEDED' | 'RATE_LIMITED' | 'CREDENTIAL_POOL_EXHAUSTED';
|
|
37
|
+
/**
|
|
38
|
+
* Base envelope shape — `{ code, message, cause?, meta?, ext? }`.
|
|
39
|
+
*
|
|
40
|
+
* `cause` follows TC39 proposal-error-cause (universal pattern, 3/3 references).
|
|
41
|
+
* `meta` is server-only metadata filtered at serializer boundary per ADR D5
|
|
42
|
+
* (`stack` is auto-stripped in non-dev builds — see T1.2 `TheoError.toJSON()`).
|
|
43
|
+
* `ext` carries opt-in per-domain extensions (`ValidationFieldsExt`,
|
|
44
|
+
* `RetryableExt`, `HintExt`, or arbitrary user-defined types via formatter hook).
|
|
45
|
+
*/
|
|
46
|
+
interface TheoErrorEnvelope<TExt = unknown> {
|
|
47
|
+
readonly code: TheoErrorCode;
|
|
48
|
+
readonly message: string;
|
|
49
|
+
readonly cause?: unknown;
|
|
50
|
+
readonly meta?: Record<string, unknown>;
|
|
51
|
+
readonly ext?: TExt;
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* `ValidationFieldsExt` — validation-failure extension carrying the dot-notation
|
|
55
|
+
* field map identical to G3 `ActionInputError.fields`. Empty-string key for
|
|
56
|
+
* root-level errors (mirrors G3 EC-7). Multiple messages per key are preserved.
|
|
57
|
+
*/
|
|
58
|
+
interface ValidationFieldsExt {
|
|
59
|
+
readonly fields: Record<string, string[]>;
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
export type { TheoErrorEnvelope as T, ValidationFieldsExt as V, TheoErrorCode as a };
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* M7-2 — health/ready reserved routes for the convention/filesystem-route
|
|
3
|
+
* server. Liveness (`/__theo/health`, always 200) and readiness
|
|
4
|
+
* (`/__theo/ready`, 200/503 from a probe) are registered on a reserved
|
|
5
|
+
* namespace BEFORE the user-route catch-all + 404 branch — mirroring nitro's
|
|
6
|
+
* `/_nitro/*` reserved-namespace pattern (knowledge-base/references/nitro/src/
|
|
7
|
+
* runtime/internal/routes/dev-tasks.ts). Liveness and readiness are kept
|
|
8
|
+
* separate by design: liveness says "the process is up", readiness says
|
|
9
|
+
* "dependencies are up".
|
|
10
|
+
*
|
|
11
|
+
* @public
|
|
12
|
+
*/
|
|
13
|
+
/** Reserved path for the liveness endpoint. */
|
|
14
|
+
declare const HEALTH_PATH = "/__theo/health";
|
|
15
|
+
/** Reserved path for the readiness endpoint. */
|
|
16
|
+
declare const READY_PATH = "/__theo/ready";
|
|
17
|
+
/** Config produced by {@link defineHealthRoute}. */
|
|
18
|
+
interface HealthRouteConfig {
|
|
19
|
+
readonly kind: 'health';
|
|
20
|
+
/** Returns the liveness body (auto-serialized to JSON). Default: `{ status: 'ok' }`. */
|
|
21
|
+
readonly handler: () => unknown;
|
|
22
|
+
}
|
|
23
|
+
/** Config produced by {@link defineReadyRoute}. */
|
|
24
|
+
interface ReadyRouteConfig {
|
|
25
|
+
readonly kind: 'ready';
|
|
26
|
+
/** Resolves `true` when dependencies are ready. A throw/reject is treated as not-ready (503). */
|
|
27
|
+
readonly probe: () => boolean | Promise<boolean>;
|
|
28
|
+
}
|
|
29
|
+
/** The reserved-route registry consulted by {@link serveReservedRoute}. */
|
|
30
|
+
interface ReservedRoutes {
|
|
31
|
+
readonly health?: HealthRouteConfig;
|
|
32
|
+
readonly ready?: ReadyRouteConfig;
|
|
33
|
+
}
|
|
34
|
+
/** A reserved-route response: an HTTP status + a JSON-serializable body. */
|
|
35
|
+
interface ReservedResponse {
|
|
36
|
+
readonly status: number;
|
|
37
|
+
readonly body: unknown;
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Define the liveness route. The default handler returns `{ status: 'ok' }`.
|
|
41
|
+
* Liveness is always 200 — it asserts the process is up, not that dependencies are.
|
|
42
|
+
*/
|
|
43
|
+
declare function defineHealthRoute(handler?: () => unknown): HealthRouteConfig;
|
|
44
|
+
/**
|
|
45
|
+
* Define the readiness route. The `probe` decides 200 (ready) vs 503 (not-ready).
|
|
46
|
+
* A probe that throws/rejects is treated as not-ready (503) — never a 500 crash.
|
|
47
|
+
*/
|
|
48
|
+
declare function defineReadyRoute(probe: () => boolean | Promise<boolean>): ReadyRouteConfig;
|
|
49
|
+
/**
|
|
50
|
+
* Pure dispatcher: map a request pathname to a reserved-route response, or
|
|
51
|
+
* `null` when the path is not reserved (so the user catch-all + 404 take over).
|
|
52
|
+
* Liveness defaults to 200 `{status:'ok'}`; readiness without a probe is
|
|
53
|
+
* trivially ready (200). Registered BEFORE the user catch-all by the caller.
|
|
54
|
+
*/
|
|
55
|
+
declare function serveReservedRoute(pathname: string, routes?: ReservedRoutes): Promise<ReservedResponse | null>;
|
|
56
|
+
|
|
57
|
+
export { HEALTH_PATH as H, type ReservedRoutes as R, type HealthRouteConfig as a, READY_PATH as b, type ReadyRouteConfig as c, type ReservedResponse as d, defineHealthRoute as e, defineReadyRoute as f, serveReservedRoute as s };
|