theokit 0.12.0 → 0.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{actions-virtual-module-SQDY3V5X.js → actions-virtual-module-3CDQTWOC.js} +6 -6
- package/dist/{actions-virtual-module-PNPRCEOS.js → actions-virtual-module-EIPXX4ZB.js} +3 -3
- package/dist/adapters/web-shim.d.ts +67 -0
- package/dist/adapters/ws-shim.d.ts +55 -0
- package/dist/agent-events-DosDXkSV.d.ts +94 -0
- package/dist/agents-typed-client-SAWAAH7K.js +142 -0
- package/dist/agents-typed-client-SAWAAH7K.js.map +1 -0
- package/dist/agents-typed-client-UTEQUA63.js +143 -0
- package/dist/agents-typed-client-UTEQUA63.js.map +1 -0
- package/dist/{app-typed-client-5GYEOYP3.js → app-typed-client-7PBFWZUE.js} +3 -3
- package/dist/{app-typed-client-QG7BVZYW.js → app-typed-client-CSOK7NPC.js} +6 -6
- package/dist/audit-log-BQWM5YLG.d.ts +60 -0
- package/dist/body-parser-web-FV5HWCY3.js +71 -0
- package/dist/body-parser-web-FV5HWCY3.js.map +1 -0
- package/dist/boot/index.d.ts +39 -0
- package/dist/{build-QFRLSEZ4.js → build-HXND27XG.js} +11 -11
- package/dist/{chunk-223EFY5X.js → chunk-2J7XU3PW.js} +68 -27
- package/dist/chunk-2J7XU3PW.js.map +1 -0
- package/dist/{chunk-RESN62GB.js → chunk-2KZQPDYR.js} +5 -48
- package/dist/chunk-2KZQPDYR.js.map +1 -0
- package/dist/chunk-3S3BNW5K.js +445 -0
- package/dist/chunk-3S3BNW5K.js.map +1 -0
- package/dist/{chunk-6FYD34NX.js → chunk-BQDGES7C.js} +28 -28
- package/dist/{chunk-6FYD34NX.js.map → chunk-BQDGES7C.js.map} +1 -1
- package/dist/chunk-EXP56GFQ.js +52 -0
- package/dist/chunk-EXP56GFQ.js.map +1 -0
- package/dist/chunk-F4YUPDJ2.js +115 -0
- package/dist/chunk-F4YUPDJ2.js.map +1 -0
- package/dist/{chunk-NAZ4E2GT.js → chunk-KXA37ONC.js} +2 -2
- package/dist/chunk-NHJMZCAS.js +32 -0
- package/dist/chunk-NHJMZCAS.js.map +1 -0
- package/dist/{chunk-43D6XNDR.js → chunk-O62MW4MT.js} +91 -18
- package/dist/chunk-O62MW4MT.js.map +1 -0
- package/dist/chunk-RSVN727G.js +1 -0
- package/dist/{chunk-7CBRKNQA.js → chunk-RYTZYFSD.js} +198 -6
- package/dist/chunk-RYTZYFSD.js.map +1 -0
- package/dist/chunk-UNLA45FY.js +235 -0
- package/dist/chunk-UNLA45FY.js.map +1 -0
- package/dist/{chunk-GFMQJHXX.js → chunk-WR4F4EEZ.js} +1082 -1074
- package/dist/chunk-WR4F4EEZ.js.map +1 -0
- package/dist/{chunk-AD74EAK3.js → chunk-ZSTZXR2D.js} +1 -30
- package/dist/chunk-ZSTZXR2D.js.map +1 -0
- package/dist/cli/index.js +5 -5
- package/dist/client/index.d.ts +418 -0
- package/dist/client/index.js +84 -3
- package/dist/client/index.js.map +1 -1
- package/dist/csrf-BBrEZSBW.d.ts +107 -0
- package/dist/csrf-readiness-store-CjIoub3U.d.ts +43 -0
- package/dist/define-websocket-CdK94O-D.d.ts +64 -0
- package/dist/{dev-GBXOTXUP.js → dev-OWW4XVIH.js} +10 -10
- package/dist/{dev-emit-FEFEDLZF.js → dev-emit-5MDSBP5D.js} +3 -3
- package/dist/{dev-emit-O4EGOSNV.js → dev-emit-QH2YGZXN.js} +2 -2
- package/dist/devtools/entry.d.ts +5 -0
- package/dist/error-envelope-BsNzzAV5.d.ts +62 -0
- package/dist/health-route-C0hk64_U.d.ts +57 -0
- package/dist/index-B40qUSrQ.d.ts +575 -0
- package/dist/index.d.ts +361 -0
- package/dist/index.js +6 -4
- package/dist/index.js.map +1 -1
- package/dist/internal-api-4YTJDITC.js +83 -0
- package/dist/internal-api-EFKZWIYZ.js +66 -0
- package/dist/internal-api-EFKZWIYZ.js.map +1 -0
- package/dist/job-backend-CgC8Xf33.d.ts +68 -0
- package/dist/match-CfbEFRG4.d.ts +26 -0
- package/dist/{openapi-VR6AFBLJ.js → openapi-FHY6HC6I.js} +7 -7
- package/dist/plugin-runner-BGBkzgi0.d.ts +95 -0
- package/dist/plugin-types-DNJGxr4Z.d.ts +79 -0
- package/dist/rate-limit-BdNDZ3vt.d.ts +58 -0
- package/dist/rate-limit-store-BEJnhWdw.d.ts +72 -0
- package/dist/react-query/index.d.ts +33 -0
- package/dist/{registry-Q2TZQLUH.js → registry-34LL7NF4.js} +1 -1
- package/dist/{routes-LRYOIIAI.js → routes-EW7TP7NJ.js} +2 -2
- package/dist/schema-BpH6ivDY.d.ts +74 -0
- package/dist/server/agent/index.d.ts +229 -0
- package/dist/server/agent/index.js +2 -1
- package/dist/server/auth/index.d.ts +419 -0
- package/dist/server/cost/index.d.ts +177 -0
- package/dist/server/cron/index.d.ts +208 -0
- package/dist/server/define/index.d.ts +313 -0
- package/dist/server/define/index.js +4 -2
- package/dist/server/http/index.d.ts +11 -0
- package/dist/server/index.d.ts +848 -0
- package/dist/server/index.js +9 -294
- package/dist/server/index.js.map +1 -1
- package/dist/server/jobs/index.d.ts +348 -0
- package/dist/server/observability/index.d.ts +324 -0
- package/dist/server/plugins/index.d.ts +17 -0
- package/dist/server/rate-limit/index.d.ts +105 -0
- package/dist/server/realtime/index.d.ts +15 -0
- package/dist/server/scan/index.d.ts +126 -0
- package/dist/server/scan/index.js +1 -1
- package/dist/server/security/index.d.ts +193 -0
- package/dist/server/storage/index.d.ts +22 -0
- package/dist/server/webhook/index.d.ts +148 -0
- package/dist/{start-3ZHAXSJE.js → start-KIQ5TTLR.js} +76 -13
- package/dist/start-KIQ5TTLR.js.map +1 -0
- package/dist/storage-manager-C4jsO0Tp.d.ts +89 -0
- package/dist/storage-types-DsDTCPbp.d.ts +96 -0
- package/dist/vite-plugin/index.d.ts +115 -0
- package/dist/vite-plugin/index.js +6 -4
- package/dist/{vite-plugin-WO72VLYR.js → vite-plugin-RK66K26Z.js} +7 -7
- package/dist/vite-plugin-RK66K26Z.js.map +1 -0
- package/package.json +4 -4
- package/dist/chunk-223EFY5X.js.map +0 -1
- package/dist/chunk-3LVRAGAZ.js +0 -73
- package/dist/chunk-3LVRAGAZ.js.map +0 -1
- package/dist/chunk-43D6XNDR.js.map +0 -1
- package/dist/chunk-7CBRKNQA.js.map +0 -1
- package/dist/chunk-AD74EAK3.js.map +0 -1
- package/dist/chunk-GFMQJHXX.js.map +0 -1
- package/dist/chunk-PBEH6NXR.js +0 -44
- package/dist/chunk-PBEH6NXR.js.map +0 -1
- package/dist/chunk-PIVX3DYW.js +0 -142
- package/dist/chunk-PIVX3DYW.js.map +0 -1
- package/dist/chunk-PPPR5DGR.js +0 -1
- package/dist/chunk-RESN62GB.js.map +0 -1
- package/dist/start-3ZHAXSJE.js.map +0 -1
- /package/dist/{actions-virtual-module-SQDY3V5X.js.map → actions-virtual-module-3CDQTWOC.js.map} +0 -0
- /package/dist/{actions-virtual-module-PNPRCEOS.js.map → actions-virtual-module-EIPXX4ZB.js.map} +0 -0
- /package/dist/{app-typed-client-5GYEOYP3.js.map → app-typed-client-7PBFWZUE.js.map} +0 -0
- /package/dist/{app-typed-client-QG7BVZYW.js.map → app-typed-client-CSOK7NPC.js.map} +0 -0
- /package/dist/{build-QFRLSEZ4.js.map → build-HXND27XG.js.map} +0 -0
- /package/dist/{chunk-NAZ4E2GT.js.map → chunk-KXA37ONC.js.map} +0 -0
- /package/dist/{chunk-PPPR5DGR.js.map → chunk-RSVN727G.js.map} +0 -0
- /package/dist/{dev-GBXOTXUP.js.map → dev-OWW4XVIH.js.map} +0 -0
- /package/dist/{dev-emit-FEFEDLZF.js.map → dev-emit-5MDSBP5D.js.map} +0 -0
- /package/dist/{dev-emit-O4EGOSNV.js.map → dev-emit-QH2YGZXN.js.map} +0 -0
- /package/dist/{vite-plugin-WO72VLYR.js.map → internal-api-4YTJDITC.js.map} +0 -0
- /package/dist/{openapi-VR6AFBLJ.js.map → openapi-FHY6HC6I.js.map} +0 -0
- /package/dist/{registry-Q2TZQLUH.js.map → registry-34LL7NF4.js.map} +0 -0
- /package/dist/{routes-LRYOIIAI.js.map → routes-EW7TP7NJ.js.map} +0 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/server/body-parser.ts","../src/server/observability/request-log.ts","../src/server/observability/logger.ts","../src/server/http/send-response.ts","../src/core/contracts/auth-error-guard.ts","../src/server/jobs/duplicate-context-key-error.ts","../src/server/jobs/outbox.ts","../src/server/jobs/queue-client.ts","../src/server/security/csrf-warn-dispatch.ts","../src/server/observability/audit-log.ts","../src/server/security/csrf.ts","../src/server/http/execute-stages.ts","../src/server/http/middleware-runner.ts","../src/server/scan/middleware-scan.ts","../src/server/http/execute.ts","../src/core/contracts/action-protocol.ts","../src/server/http/form-data-to-object.ts","../src/core/contracts/envelope-code-to-status.ts","../src/server/http/handle-request-error.ts","../src/server/http/serialize-action-result.ts","../src/server/http/action-execute.ts","../src/server/observability/suggest.ts","../src/server/plugins/plugin-runner.ts","../src/server/plugins/load-plugins.ts","../src/server/rate-limit/rate-limit-store.ts","../src/server/rate-limit/rate-limit.ts","../src/server/scan/module-loader.ts","../src/server/security/security-headers.ts","../src/server/auth/nonce.ts"],"sourcesContent":["import type { IncomingMessage } from 'node:http'\nimport { basename } from 'node:path'\n\nimport Busboy from 'busboy'\n\n// --- Types ---\n\nexport interface UploadedFile {\n fieldname: string\n filename: string\n encoding: string\n mimeType: string\n buffer: Buffer\n size: number\n}\n\nexport interface ParsedBody {\n fields: Record<string, string>\n files: UploadedFile[]\n json?: unknown\n}\n\nexport interface BodyParserOptions {\n maxFileSize?: number // bytes, default 10MB\n maxFiles?: number // default 10\n maxFieldSize?: number // bytes, default 1MB\n}\n\nconst METHODS_WITH_BODY = new Set(['POST', 'PUT', 'PATCH'])\n\nconst DEFAULT_MAX_FILE_SIZE = 10 * 1024 * 1024 // 10MB\nconst DEFAULT_MAX_FILES = 10\nconst DEFAULT_MAX_FIELD_SIZE = 1 * 1024 * 1024 // 1MB\n\nexport class FileTooLargeError extends Error {\n readonly code = 'FILE_TOO_LARGE'\n readonly status = 413\n constructor(\n message: string,\n readonly truncatedFilenames: string[],\n readonly maxFileSize: number,\n ) {\n super(message)\n this.name = 'FileTooLargeError'\n }\n}\n\n// --- JSON parsing ---\n\n/**\n * Stash the parsed body on the IncomingMessage for the devtools forwarder\n * to read at log time. Symbol-keyed so it never leaks into user-visible\n * surfaces. Best-effort — failures (e.g. frozen req) are swallowed.\n */\nfunction stashBodyPreview(req: IncomingMessage, body: unknown): void {\n try {\n ;(req as unknown as Record<symbol, unknown>)[DEVTOOLS_BODY_PREVIEW] = body\n } catch {\n // best-effort; never break the request\n }\n}\n\nfunction parseJsonBody(req: IncomingMessage): Promise<unknown> {\n return new Promise((resolve, reject) => {\n const chunks: Buffer[] = []\n req.on('data', (chunk: Buffer) => chunks.push(chunk))\n req.on('end', () => {\n const raw = Buffer.concat(chunks).toString()\n if (!raw) {\n resolve(undefined)\n return\n }\n try {\n resolve(JSON.parse(raw))\n } catch {\n reject(new Error('Invalid JSON body'))\n }\n })\n req.on('error', reject)\n })\n}\n\n// --- Multipart parsing ---\n\nfunction parseMultipartBody(\n req: IncomingMessage,\n contentType: string,\n options: Required<Pick<BodyParserOptions, 'maxFileSize' | 'maxFiles' | 'maxFieldSize'>>,\n): Promise<{ fields: Record<string, string>; files: UploadedFile[] }> {\n // EC-3: Validate boundary exists.\n if (!contentType.includes('boundary=')) {\n return Promise.reject(new Error('Missing multipart boundary'))\n }\n\n return new Promise((resolve, reject) => {\n const fields: Record<string, string> = {}\n const files: UploadedFile[] = []\n // CR-010: track filenames that were truncated mid-stream. The previous\n // implementation skipped truncated files from `files` and relied on\n // `files.some(f => f.size > maxFileSize)` to detect — but since the\n // file was never added, the guard never fired. Silent data loss.\n const truncatedFilenames: string[] = []\n let fileCount = 0\n\n const bb = Busboy({\n headers: req.headers,\n limits: {\n fileSize: options.maxFileSize,\n files: options.maxFiles,\n fieldSize: options.maxFieldSize,\n },\n })\n\n bb.on('field', (name: string, value: string) => {\n fields[name] = value\n })\n\n bb.on(\n 'file',\n (\n fieldname: string,\n stream: NodeJS.ReadableStream,\n info: { filename: string; encoding: string; mimeType: string },\n ) => {\n fileCount++\n if (fileCount > options.maxFiles) {\n stream.resume() // drain\n return\n }\n\n // EC-6: Sanitize filename — basename only, no path traversal.\n const safeName = basename(info.filename || 'unnamed')\n const chunks: Buffer[] = []\n let size = 0\n let truncated = false\n\n stream.on('data', (chunk: Buffer) => {\n size += chunk.length\n if (size > options.maxFileSize) {\n truncated = true\n stream.resume() // drain the rest\n return\n }\n chunks.push(chunk)\n })\n\n stream.on('end', () => {\n if (truncated) {\n truncatedFilenames.push(safeName)\n return\n }\n\n const buffer = Buffer.concat(chunks)\n files.push({\n fieldname,\n filename: safeName,\n encoding: info.encoding,\n mimeType: info.mimeType,\n buffer,\n size: buffer.length,\n })\n })\n },\n )\n\n bb.on('filesLimit', () => {\n reject(new Error(`Too many files. Maximum: ${options.maxFiles}`))\n })\n\n bb.on('error', (err: Error) => {\n reject(err)\n })\n\n bb.on('close', () => {\n if (truncatedFilenames.length > 0) {\n reject(\n new FileTooLargeError(\n `File too large (max ${options.maxFileSize} bytes): ${truncatedFilenames.join(', ')}`,\n truncatedFilenames,\n options.maxFileSize,\n ),\n )\n return\n }\n resolve({ fields, files })\n })\n\n req.pipe(bb)\n })\n}\n\n// --- Main parser ---\n\n/**\n * Symbol-keyed slot on IncomingMessage that the devtools request log\n * forwarder reads to enrich the broadcast payload with a body preview.\n * Symbol-keyed so it can't collide with user-land props and is invisible\n * to JSON.stringify / iteration. Always optional — readers must guard.\n */\nexport const DEVTOOLS_BODY_PREVIEW = Symbol('theo:devtools:bodyPreview')\n\nexport async function parseRequestBody(\n req: IncomingMessage,\n options?: BodyParserOptions,\n): Promise<ParsedBody> {\n const method = req.method?.toUpperCase() ?? 'GET'\n if (!METHODS_WITH_BODY.has(method)) {\n return { fields: {}, files: [], json: undefined }\n }\n\n const contentType = req.headers['content-type'] ?? ''\n\n // JSON\n if (contentType.includes('application/json')) {\n const json = await parseJsonBody(req)\n stashBodyPreview(req, json)\n return { fields: {}, files: [], json }\n }\n\n // Multipart\n if (contentType.includes('multipart/form-data')) {\n const limits = {\n maxFileSize: options?.maxFileSize ?? DEFAULT_MAX_FILE_SIZE,\n maxFiles: options?.maxFiles ?? DEFAULT_MAX_FILES,\n maxFieldSize: options?.maxFieldSize ?? DEFAULT_MAX_FIELD_SIZE,\n }\n const { fields, files } = await parseMultipartBody(req, contentType, limits)\n stashBodyPreview(req, {\n fields,\n files: files.map((f) => ({\n fieldname: f.fieldname,\n filename: f.filename,\n mimeType: f.mimeType,\n size: f.size,\n })),\n })\n return { fields, files }\n }\n\n // No body or empty\n if (!contentType) {\n return { fields: {}, files: [] }\n }\n\n // Unsupported content type\n throw new Error(`Unsupported Content-Type: ${contentType}`)\n}\n","/**\n * Request log primitive (T6.2 of architecture-review-remediation-plan).\n *\n * Split out from `logger.ts` per PV-12 (SRP) — the file previously mixed\n * 3 concerns (factory, warnOnce, request log). This module owns ONLY the\n * `logRequest` flow + the devtools broadcast best-effort forwarder.\n *\n * Public API surface is unchanged — `logger.ts` re-exports `logRequest`\n * + `RequestLog` + `LoggerFn` for backward compat.\n */\nimport type { IncomingMessage } from 'node:http'\n\nimport { DEVTOOLS_BODY_PREVIEW } from '../body-parser.js'\n\nexport interface RequestLog {\n level: string\n method: string\n url: string\n status: number\n duration: number\n requestId: string\n timestamp: string\n}\n\nexport type LoggerFn = (log: RequestLog) => void\n\nconst defaultLoggerFn: LoggerFn = (log) => {\n // eslint-disable-next-line no-console -- request-log default output IS the contract\n console.log(JSON.stringify(log))\n}\n\nexport function logRequest(\n info: Omit<RequestLog, 'level' | 'timestamp'>,\n customLogger?: LoggerFn,\n req?: IncomingMessage,\n): void {\n const log: RequestLog = {\n level: 'info',\n ...info,\n timestamp: new Date().toISOString(),\n }\n const logger = customLogger ?? defaultLoggerFn\n logger(log)\n // T2.1 — also broadcast to devtools (no-op in prod / when no dev server).\n // Pass `req` so the devtools forwarder can extract headers + body preview\n // stashed by body-parser (Symbol-keyed). Without `req`, only metadata\n // (method/path/status/duration) reaches the devtools UI — the expanded\n // row view then shows nothing useful.\n broadcastRequestToDevtools(info, req)\n}\n\n/**\n * T2.1 — Forward a request record to the devtools UI. Lazy import keeps\n * this module dep-free for prod; broadcast.ts internally guards on\n * `globalThis.__theoViteHotServer`.\n */\nfunction randomRequestId(): string {\n // eslint-disable-next-line sonarjs/pseudo-random -- non-secret correlation id for devtools UI\n return `req-${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`\n}\n\n/**\n * T5a.2 Phase C slice 2/2 — pure devtools broadcast that takes a\n * pre-extracted headers object + optional stashed body, so both\n * IncomingMessage and Web Request paths share the same dispatch logic.\n *\n * Errors here must not propagate — devtools forwarding is best-effort\n * and silenced.\n */\nfunction broadcastToDevtoolsCore(\n info: Omit<RequestLog, 'level' | 'timestamp'>,\n headers: Record<string, string> | undefined,\n stashedBody: unknown,\n): void {\n void Promise.all([\n import('../../devtools/server-side/broadcast.js'),\n import('../../devtools/server-side/build-request-body-preview.js'),\n ])\n .then(([{ broadcastRequest }, { buildRequestBodyPreview }]) => {\n const bodyInfo = buildRequestBodyPreview(stashedBody)\n broadcastRequest({\n id: randomRequestId(),\n traceId: info.requestId,\n method: info.method,\n path: info.url,\n status: info.status,\n durationMs: info.duration,\n startedAt: Date.now() - info.duration,\n ...(headers ? { headers } : {}),\n ...(bodyInfo\n ? {\n bodyPreview: bodyInfo.preview,\n bodyLength: bodyInfo.length,\n bodyTruncated: bodyInfo.truncated,\n }\n : {}),\n })\n })\n .catch(() => {\n // No-op: devtools forwarding is best-effort.\n })\n}\n\nfunction broadcastRequestToDevtools(\n info: Omit<RequestLog, 'level' | 'timestamp'>,\n req?: IncomingMessage,\n): void {\n // T2.1 forwarder. Errors here must not propagate.\n const headers = req?.headers\n ? Object.fromEntries(\n Object.entries(req.headers).map(([k, v]) => [\n k,\n Array.isArray(v) ? v.join(', ') : (v ?? ''),\n ]),\n )\n : undefined\n const stashedBody = req\n ? (req as unknown as Record<symbol, unknown>)[DEVTOOLS_BODY_PREVIEW]\n : undefined\n broadcastToDevtoolsCore(info, headers, stashedBody)\n}\n\n/**\n * T5a.2 Phase C slice 2/2 — Web-Standards request log + devtools\n * forward. Mirror of `logRequest(info, logger?, req?: IncomingMessage)`\n * accepting `request?: Request`.\n *\n * Extracts headers via `request.headers.entries()` (Web `Headers`\n * iterator). Body preview stash is NOT yet supported on the Web path —\n * `body-parser-web.ts` doesn't yet stash like `body-parser.ts` does for\n * the IncomingMessage path. That hookup is Phase E scope (body parsing\n * migration). Until then, the devtools UI shows headers but no body\n * preview for Web-handled requests — same surface as the IncomingMessage\n * path before the stash convention shipped.\n */\nexport function logRequestFromRequest(\n info: Omit<RequestLog, 'level' | 'timestamp'>,\n customLogger?: LoggerFn,\n request?: Request,\n): void {\n const log: RequestLog = {\n level: 'info',\n ...info,\n timestamp: new Date().toISOString(),\n }\n const logger = customLogger ?? defaultLoggerFn\n logger(log)\n\n let headers: Record<string, string> | undefined\n if (request) {\n headers = {}\n for (const [k, v] of request.headers.entries()) {\n headers[k] = v\n }\n }\n // Phase E will add body-preview stash on Web Request; for now no stash.\n broadcastToDevtoolsCore(info, headers, undefined)\n}\n","// --- Types ---\n\nexport type LogLevel = 'debug' | 'info' | 'warn' | 'error' | 'silent'\n\nexport interface StructuredLog {\n level: string\n msg: string\n timestamp: string\n [key: string]: unknown\n}\n\nexport interface TheoLogger {\n debug(msg: string, context?: Record<string, unknown>): void\n info(msg: string, context?: Record<string, unknown>): void\n warn(msg: string, context?: Record<string, unknown>): void\n error(msg: string, context?: Record<string, unknown>): void\n child(context: Record<string, unknown>): TheoLogger\n}\n\n// --- Level filtering ---\n\nconst LEVEL_ORDER: Record<string, number> = {\n debug: 0,\n info: 1,\n warn: 2,\n error: 3,\n silent: 4,\n}\n\nfunction shouldLog(msgLevel: string, configLevel: string): boolean {\n return LEVEL_ORDER[msgLevel] >= LEVEL_ORDER[configLevel]\n}\n\n// --- Default output ---\n\nfunction defaultOutput(log: StructuredLog): void {\n // eslint-disable-next-line no-console -- structured logger output IS the contract here\n console.log(JSON.stringify(log))\n}\n\n// --- Factory ---\n\nexport function createLogger(options?: {\n level?: LogLevel\n output?: (log: StructuredLog) => void\n context?: Record<string, unknown>\n}): TheoLogger {\n const level = options?.level ?? 'info'\n const output = options?.output ?? defaultOutput\n const baseContext = options?.context ?? {}\n\n function log(msgLevel: string, msg: string, context?: Record<string, unknown>): void {\n if (!shouldLog(msgLevel, level)) return\n\n const entry: StructuredLog = {\n level: msgLevel,\n msg,\n timestamp: new Date().toISOString(),\n ...baseContext,\n ...context,\n }\n\n // Serialize Error objects to stack string\n if (entry.error instanceof Error) {\n entry.error = entry.error.stack ?? entry.error.message\n }\n\n output(entry)\n }\n\n return {\n debug: (msg, ctx) => {\n log('debug', msg, ctx)\n },\n info: (msg, ctx) => {\n log('info', msg, ctx)\n },\n warn: (msg, ctx) => {\n log('warn', msg, ctx)\n },\n error: (msg, ctx) => {\n log('error', msg, ctx)\n },\n child(ctx) {\n return createLogger({\n level,\n output,\n context: { ...baseContext, ...ctx },\n })\n },\n }\n}\n\n// --- warnOnce (T2.1) ---\n\n/**\n * Per-key dedup state. Module-scoped — reset per-process at boot.\n *\n * CR-011 fix: previous implementation used an unbounded `Set` which grew\n * forever in long-running prod processes with high-cardinality keys\n * (e.g. dynamic path segments). The bound below uses LRU-by-insertion:\n * when the Set hits `MAX_SEEN`, the OLDEST key is evicted. Subsequent\n * occurrences of that key will warn ONCE more — acceptable in exchange\n * for bounded memory.\n */\nconst _warnOnceSeen = new Set<string>()\nconst MAX_SEEN = 1024\n\n/**\n * Reset internal state. Test-only export — do not call from production.\n */\nexport function _resetWarnOnceForTests(): void {\n _warnOnceSeen.clear()\n}\n\n/**\n * Emit a structured warning ONCE per key. Subsequent calls with the same\n * key are suppressed. Used for cutover-style warnings (e.g. CSRF warn)\n * that would otherwise flood logs under load.\n *\n * Convention: key is `<event>:<method>:<path>` — see callers in csrf.ts.\n *\n * EC-2: payload may contain circular references. Wrap `JSON.stringify`\n * in try/catch so a malformed payload doesn't crash the request handler.\n */\nexport function warnOnce(key: string, payload: Record<string, unknown>): void {\n if (_warnOnceSeen.has(key)) return\n // CR-011: bounded LRU. Evict oldest insertion when at capacity.\n if (_warnOnceSeen.size >= MAX_SEEN) {\n const oldest = _warnOnceSeen.values().next().value\n if (oldest !== undefined) _warnOnceSeen.delete(oldest)\n }\n _warnOnceSeen.add(key)\n\n let line: string\n try {\n line = JSON.stringify({ ...payload, warnOnce: true })\n } catch {\n // EC-2 fallback — preserve the key for grep-ability even when payload\n // can't serialize (e.g., circular references, BigInt, etc.).\n line = `[warnOnce] ${key} — (payload could not be serialized)`\n }\n console.warn(line)\n\n // T2.1 — also broadcast to devtools (no-op in prod / when no dev server).\n // Imported lazily to keep logger.ts dependency-free for non-dev contexts;\n // broadcastToDevtools internally guards on globalThis.__theoViteHotServer.\n broadcastWarnOnceToDevtools(key, payload)\n}\n\n/**\n * T2.1 — Forward a warnOnce payload to the devtools UI. Recognizes the\n * canonical CSRF warn shape and dispatches as 'csrf.warn'; otherwise\n * falls back to a generic 'error' broadcast.\n *\n * No-op when:\n * - globalThis.__theoViteHotServer is undefined (prod / no dev server)\n * - any error occurs (default-deny via broadcastToDevtools' try/catch)\n */\nfunction payloadField(payload: Record<string, unknown>, key: string, fallback = ''): string {\n const value = payload[key]\n if (typeof value === 'string') return value\n if (typeof value === 'number' || typeof value === 'boolean') return String(value)\n return fallback\n}\n\nfunction randomDevtoolsId(): string {\n // eslint-disable-next-line sonarjs/pseudo-random -- non-secret correlation id for devtools UI\n return `warn-${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`\n}\n\nfunction broadcastWarnOnceToDevtools(key: string, payload: Record<string, unknown>): void {\n // CR-021: removed dead `void key` statement.\n // T2.1 forwarder. Errors here must not propagate (default-deny).\n void import('../../devtools/server-side/broadcast.js')\n .then(({ broadcastCsrfWarn, broadcastError }) => {\n if (\n payload.event === 'csrf.warn' &&\n typeof payload.code === 'string' &&\n typeof payload.docsUrl === 'string'\n ) {\n broadcastCsrfWarn({\n event: 'csrf.warn',\n code: payload.code,\n docsUrl: payload.docsUrl,\n method: payloadField(payload, 'method'),\n path: payloadField(payload, 'path'),\n reason: payloadField(payload, 'reason'),\n })\n } else {\n broadcastError({\n id: randomDevtoolsId(),\n type: 'console',\n message: payloadField(payload, 'event', key),\n timestamp: Date.now(),\n })\n }\n })\n .catch(() => {\n // No-op: devtools forwarding is best-effort.\n })\n}\n\n// --- Backward compat re-exports ---\n//\n// T6.2 (PV-12 SRP): `logRequest` + `RequestLog` + `LoggerFn` moved to a\n// dedicated `request-log.ts`. Re-exported here so consumers importing\n// from `theokit/server` see no change.\n\nexport { logRequest } from './request-log.js'\nexport type { RequestLog, LoggerFn } from './request-log.js'\n","import type { ServerResponse } from 'node:http'\n\nimport type { TheoTransformer } from '../transformer.js'\n\n/**\n * Canonical HTTP response helpers (T5.1 extraction).\n *\n * Moved out of execute.ts so request-pipeline stages (execute-stages.ts,\n * handle-request-error.ts, etc.) can depend on these helpers without\n * creating a cycle through execute.ts.\n *\n * Public surface re-exported from execute.ts for backward compat — every\n * existing caller of `sendError` / `sendJson` continues to work via the\n * `theokit/server` barrel.\n */\n\nexport function sendJson(\n res: ServerResponse,\n data: unknown,\n status = 200,\n transformer?: TheoTransformer,\n): void {\n // T1.2 — transformer-aware serialization. Default (no transformer) uses\n // JSON.stringify direct for backward compat.\n const body = transformer ? transformer.serialize(data) : JSON.stringify(data)\n res.writeHead(status, {\n 'Content-Type': 'application/json',\n 'Content-Length': Buffer.byteLength(body),\n })\n res.end(body)\n}\n\nexport interface SendErrorOptions {\n custom404Html?: string\n custom500Html?: string\n}\n\n/**\n * Canonical error response.\n *\n * T6.3 (PV-17): the positional 7-param signature is preserved for backward\n * compat. New call sites should use the options-bag form:\n *\n * sendError(res, { code, message, status, issues?, requestId?, options? })\n *\n * Both shapes resolve to the same implementation.\n */\nexport interface SendErrorInput {\n code: string\n message: string\n status: number\n issues?: unknown[]\n requestId?: string\n options?: SendErrorOptions\n}\n\nexport function sendError(res: ServerResponse, input: SendErrorInput): void\n/* eslint-disable-next-line max-params -- T6.3: positional overload preserved\n for backward compat (callers across cli/server still use positional). The\n options-bag overload above is the recommended path. */\nexport function sendError(\n res: ServerResponse,\n code: string,\n message: string,\n status: number,\n issues?: unknown[],\n requestId?: string,\n options?: SendErrorOptions,\n): void\n/* eslint-disable-next-line max-params, complexity -- delegates to two\n surface overloads above; the branch density mirrors the back-compat\n contract, not internal complexity. */\nexport function sendError(\n res: ServerResponse,\n codeOrInput: string | SendErrorInput,\n message?: string,\n status?: number,\n issues?: unknown[],\n requestId?: string,\n options?: SendErrorOptions,\n): void {\n let code: string\n if (typeof codeOrInput === 'string') {\n code = codeOrInput\n message = message ?? ''\n status = status ?? 500\n } else {\n code = codeOrInput.code\n message = codeOrInput.message\n status = codeOrInput.status\n issues = codeOrInput.issues\n requestId = codeOrInput.requestId\n options = codeOrInput.options\n }\n const errorMessage =\n code === 'INTERNAL_ERROR' && process.env.NODE_ENV === 'production'\n ? 'Internal server error'\n : message\n\n if (code === 'INTERNAL_ERROR') {\n console.error(`[${requestId ?? 'no-id'}] ${message}`)\n }\n\n if (status === 404 && options?.custom404Html) {\n const body = options.custom404Html\n res.writeHead(404, {\n 'Content-Type': 'text/html; charset=utf-8',\n 'Content-Length': Buffer.byteLength(body),\n })\n res.end(body)\n return\n }\n if (status === 500 && options?.custom500Html) {\n const body = options.custom500Html\n res.writeHead(500, {\n 'Content-Type': 'text/html; charset=utf-8',\n 'Content-Length': Buffer.byteLength(body),\n })\n res.end(body)\n return\n }\n\n sendJson(\n res,\n {\n error: {\n code,\n message: errorMessage,\n ...(requestId ? { requestId } : {}),\n ...(issues ? { issues } : {}),\n },\n },\n status,\n )\n}\n\n/**\n * T5a.2 Phase G slice 4/N — Web-Standards response helpers.\n *\n * Mirror of `sendJson` + `sendError` for the Web `Request`/`Response`\n * shape. Returns a native `Response` directly instead of mutating a\n * `ServerResponse`.\n *\n * Per `docs/plans/t5a2-incoming-message-to-request-shape-refactor-plan.md`\n * v1.0 § Phase G.\n *\n * **Difference vs IncomingMessage path:**\n * - No `Content-Length` set explicitly — the runtime computes it from\n * the body when needed. CF Workers / Bun / Deno all do this; setting\n * it manually risks conflict if the body is a stream rather than a\n * fixed string.\n * - Custom 404/500 HTML options preserved (same opts shape).\n * - `requestId` flows into the response body's error envelope AND\n * surfaces as `x-request-id` header (parity with handleWebRequestError\n * Phase G slice 3/N).\n */\nexport function buildJsonResponse(\n data: unknown,\n status = 200,\n transformer?: TheoTransformer,\n): Response {\n const body = transformer ? transformer.serialize(data) : JSON.stringify(data)\n return new Response(body, {\n status,\n headers: { 'content-type': 'application/json' },\n })\n}\n\nexport function buildErrorResponse(input: SendErrorInput): Response {\n const { code, message, status, issues, requestId, options } = input\n const errorMessage =\n code === 'INTERNAL_ERROR' && process.env.NODE_ENV === 'production'\n ? 'Internal server error'\n : message\n\n if (code === 'INTERNAL_ERROR') {\n console.error(`[${requestId ?? 'no-id'}] ${message}`)\n }\n\n const headers: Record<string, string> = {}\n if (requestId !== undefined) headers['x-request-id'] = requestId\n\n if (status === 404 && options?.custom404Html !== undefined) {\n headers['content-type'] = 'text/html; charset=utf-8'\n return new Response(options.custom404Html, { status: 404, headers })\n }\n if (status === 500 && options?.custom500Html !== undefined) {\n headers['content-type'] = 'text/html; charset=utf-8'\n return new Response(options.custom500Html, { status: 500, headers })\n }\n\n headers['content-type'] = 'application/json'\n const body = JSON.stringify({\n error: {\n code,\n message: errorMessage,\n ...(requestId ? { requestId } : {}),\n ...(issues ? { issues } : {}),\n },\n })\n return new Response(body, { status, headers })\n}\n","/**\n * Shape-based guard for AuthRequiredError detection.\n *\n * Uses duck-type check ONLY — no class import from `server/auth/` to\n * preserve `core` INVARIANT 1 (core depends on nothing intra-monorepo).\n *\n * The `instanceof AuthRequiredError` check is intentionally omitted:\n * Vite HMR can duplicate class identity across module boundaries,\n * making `instanceof` unreliable. The shape check (`code` + `status`)\n * is the canonical detection path.\n *\n * Single source of truth — previously duplicated in handle-request-error.ts\n * and execute.ts (architecture-remediation plan T1.3, 2026-06-12).\n */\nexport function isAuthRequiredError(err: unknown): boolean {\n if (err == null || typeof err !== 'object') return false\n const e = err as Record<string, unknown>\n return e.code === 'AUTH_REQUIRED' && e.status === 401\n}\n","/**\n * Thrown when a plugin or middleware decorates `ctx.<key>` with a value\n * that the framework would also like to inject (e.g., `ctx.queue` from\n * the jobs backend wiring).\n *\n * Per EC-202 of system-100-percent-functional-plan: silent override is a\n * latent bug class. Fail loud so the conflict surfaces immediately.\n */\nexport class DuplicateContextKeyError extends Error {\n readonly code = 'DUPLICATE_CONTEXT_KEY'\n constructor(\n public readonly key: string,\n opts?: { reason?: string },\n ) {\n super(\n `Duplicate context key \"${key}\". ${opts?.reason ?? 'The framework cannot inject a value for a key already decorated by middleware or a plugin.'}`,\n )\n this.name = 'DuplicateContextKeyError'\n }\n}\n","import type { JobEnqueueInput } from './job-backend.js'\n\n/**\n * Transactional outbox buffer for `ctx.queue.enqueue` (T2.5).\n *\n * Lifecycle (wired in `http/execute.ts` by T2.5 integration step):\n * 1. Request handler invoked → create per-request outbox.\n * 2. Handler calls `ctx.queue.enqueue(...)` → outbox.push(entry).\n * 3a. Response committed (`res.on('finish')` + statusCode < 400) →\n * outbox.flush(backend.enqueue).\n * 3b. Response errors (statusCode >= 400, handler throws, `res.on('close')`\n * without finish) → outbox.discard().\n *\n * Invariants:\n * - Outbox NEVER dispatches before commit. Backend.enqueue is NEVER\n * called on the request hot path.\n * - Handler throws → ZERO jobs dispatched. KEY guarantee from ADR-0003.\n *\n * EC-107: when `backend.enqueue` throws DURING flush (after response\n * committed), we log + continue. The response is already gone; partial\n * dispatch is better than zero. Each failure goes to `onError` (default:\n * `console.warn`).\n */\n\nexport interface OutboxFlushOptions {\n /**\n * Called once per failed entry. Default: `console.warn` with the\n * entry name (NOT input — privacy). Throw nothing back to caller —\n * flush always completes.\n */\n onError?: (entryName: string, errorMessage: string) => void\n}\n\nexport interface Outbox {\n push(entry: JobEnqueueInput): void\n drain(): JobEnqueueInput[]\n discard(): void\n size(): number\n /**\n * Dispatch all buffered entries via `dispatcher`. Returns after all\n * entries attempted. Per-entry failures invoke `opts.onError` (or\n * default warn) and do NOT abort the loop.\n */\n flush(\n dispatcher: (entry: JobEnqueueInput) => Promise<unknown>,\n opts?: OutboxFlushOptions,\n ): Promise<void>\n}\n\nexport function createOutbox(): Outbox {\n let buffer: JobEnqueueInput[] = []\n\n return {\n push(entry) {\n buffer.push(entry)\n },\n drain() {\n const out = buffer\n buffer = []\n return out\n },\n discard() {\n buffer = []\n },\n size() {\n return buffer.length\n },\n async flush(dispatcher, opts) {\n const entries = buffer\n buffer = []\n const onError =\n opts?.onError ??\n ((name, msg) => {\n console.warn(`[theokit:jobs:outbox] flush error for \"${name}\": ${msg}`)\n })\n for (const e of entries) {\n try {\n await dispatcher(e)\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err)\n onError(e.name, message)\n }\n }\n },\n }\n}\n","import type { JobBackend, JobEnqueueInput } from './job-backend.js'\nimport type { JobRegistry } from './job-types.js'\nimport type { Outbox } from './outbox.js'\n\n/**\n * Options forwarded to `backend.enqueue` at outbox flush time.\n */\nexport interface EnqueueOptions {\n /** Optional idempotency key for at-most-once dispatch within TTL. */\n idempotencyKey?: string\n /** Optional delay before the job becomes available. */\n delaySeconds?: number\n}\n\n/**\n * Typed queue client. Per ADR-0003, `enqueue` returns `void` and buffers\n * to the per-request outbox. `enqueueWithId` is the log-correlation\n * variant that resolves to `{ jobId }` AFTER the outbox flushes.\n *\n * Type inference: `JobName extends keyof JobRegistry`. Users extend the\n * `JobRegistry` interface via module augmentation (see `job-types.ts`).\n * Without augmentation, all enqueue calls compile-error with \"Type X is\n * not assignable to type never\" — documented in EC-110 as a known onboarding\n * friction.\n */\nexport interface QueueClient {\n /** Buffer a job to the outbox. Returns void (fire-and-forget). */\n enqueue<JobName extends keyof JobRegistry>(\n name: JobName,\n input: JobRegistry[JobName],\n opts?: EnqueueOptions,\n ): void\n /**\n * Buffer a job AND return a Promise that resolves with the jobId\n * AFTER the outbox flushes (i.e., after the response commits). NOT a\n * handle to await the job result — there is no result API.\n */\n enqueueWithId<JobName extends keyof JobRegistry>(\n name: JobName,\n input: JobRegistry[JobName],\n opts?: EnqueueOptions,\n ): Promise<{ jobId: string }>\n}\n\nexport interface CreateQueueClientOptions {\n /** W3C traceparent to propagate to enqueued jobs. */\n traceparent?: string\n}\n\n/**\n * Create a per-request queue client wired to a backend + outbox.\n *\n * The backend is referenced only to resolve `enqueueWithId` jobIds at\n * flush time — `enqueue` itself does NOT call backend on the hot path\n * (transactional outbox guarantee per ADR-0003).\n */\nexport function createQueueClient(\n backend: JobBackend,\n outbox: Outbox,\n opts: CreateQueueClientOptions = {},\n): QueueClient {\n const traceparent = opts.traceparent\n\n return {\n enqueue(name, input, enqueueOpts) {\n const entry: JobEnqueueInput = {\n name: name,\n input,\n idempotencyKey: enqueueOpts?.idempotencyKey,\n delaySeconds: enqueueOpts?.delaySeconds,\n traceparent,\n }\n outbox.push(entry)\n },\n\n enqueueWithId(name, input, enqueueOpts) {\n let resolveJobId!: (v: { jobId: string }) => void\n let rejectJobId!: (e: unknown) => void\n const promise = new Promise<{ jobId: string }>((resolve, reject) => {\n resolveJobId = resolve\n rejectJobId = reject\n })\n // Prevent unhandled rejection if the response is discarded\n void promise.catch(() => {\n /* swallow — jobId promise is best-effort log correlation */\n })\n\n // Wrap the entry so the outbox flush resolves the promise.\n const entry: JobEnqueueInput & {\n readonly __resolveJobId?: (v: { jobId: string }) => void\n readonly __rejectJobId?: (e: unknown) => void\n } = {\n name: name,\n input,\n idempotencyKey: enqueueOpts?.idempotencyKey,\n delaySeconds: enqueueOpts?.delaySeconds,\n traceparent,\n __resolveJobId: resolveJobId,\n __rejectJobId: rejectJobId,\n }\n outbox.push(entry)\n return promise\n },\n }\n}\n\n/**\n * Outbox dispatcher that bridges enqueueWithId's hidden promise channel\n * (`__resolveJobId` / `__rejectJobId`) to the backend.enqueue result.\n *\n * Use this when the request lifecycle hooks call `outbox.flush(...)`.\n */\nexport function createOutboxDispatcher(\n backend: JobBackend,\n): (entry: JobEnqueueInput) => Promise<unknown> {\n return async (entry) => {\n const augmented = entry as JobEnqueueInput & {\n __resolveJobId?: (v: { jobId: string }) => void\n __rejectJobId?: (e: unknown) => void\n }\n try {\n const result = await backend.enqueue(entry)\n augmented.__resolveJobId?.(result)\n return result\n } catch (err) {\n augmented.__rejectJobId?.(err)\n throw err\n }\n }\n}\n","/**\n * Canonical CSRF warn dispatcher (T3.3 of architecture-review-remediation-plan).\n *\n * Consolidates the duplicated `warn: (payload) => { warnOnce(...) }` closure\n * that previously appeared in both `http/execute.ts` and\n * `http/action-execute.ts`. Resolves PV-10 (DRY).\n *\n * `warnOnce` dedupes by `event:method:path` so a request loop with 1000 POSTs\n * doesn't flood logs with identical warnings. Apps grep for `event\":\"csrf.warn\"`\n * (stable event shape — see [[enforcement-cutover.md]]).\n */\nimport { warnOnce } from '../observability/logger.js'\n\nexport interface CsrfWarnPayload {\n event: string\n method: string\n path?: string\n reason: string\n code?: string\n docsUrl?: string\n warnOnce?: boolean\n}\n\n/**\n * Build the warn callback that `enforceCsrf` invokes for soft-mode warnings.\n * Returned function is suitable for the `warn` field of `enforceCsrf`'s options.\n */\nexport function dispatchCsrfWarn(payload: CsrfWarnPayload): void {\n const key = `${payload.event}:${payload.method}:${payload.path ?? ''}`\n warnOnce(key, payload as unknown as Record<string, unknown>)\n}\n","/**\n * T4.1 — Audit logging interface + default JSON stdout sink.\n *\n * Per ADR D4: define the interface; ship a zero-dep default; reserve\n * adapter shapes for Postgres, File, OpenTelemetry, Sentry as follow-up\n * packages. Persistence has heavy deps (`pg`, `better-sqlite3`); we\n * keep core dep-free and let users opt in.\n *\n * Compatibility:\n * - Node / Bun / Deno / Vercel — console.log is sync, captured.\n * - Edge runtimes (CF Workers, Vercel Edge) — console.log is captured\n * but may be rate-limited by the platform. For high-volume edge audit,\n * implement a custom sink writing to a queue / HTTP endpoint.\n */\n\nexport interface AuditEvent {\n /** Domain-qualified verb. Convention: `<domain>.<verb>` (e.g. csrf.warn, session.rotated). */\n action: string\n /** Who triggered the event. Anonymous = no auth at time of event. */\n actor?: { type: 'user' | 'system' | 'anonymous'; id?: string }\n /** What was operated on (optional). */\n resource?: { type: string; id?: string }\n /** Arbitrary event-specific metadata. JSON-serializable. */\n metadata?: Record<string, unknown>\n /** ISO 8601 timestamp. If absent, sink fills in `new Date().toISOString()`. */\n timestamp?: string\n /** Optional trace id (populated by middleware from `x-trace-id`). */\n traceId?: string\n}\n\nexport interface AuditLogger {\n log(event: AuditEvent): void | Promise<void>\n}\n\n/**\n * Default sink: one JSON line per event to stdout. Sync. Never throws.\n *\n * EC: circular refs / BigInt values fall back to a placeholder line so\n * the event is still observable (action + traceId) without crashing the\n * request lifecycle.\n */\nexport class JsonStdoutSink implements AuditLogger {\n log(event: AuditEvent): void {\n const enriched = {\n level: 'audit' as const,\n ...event,\n timestamp: event.timestamp ?? new Date().toISOString(),\n }\n try {\n // eslint-disable-next-line no-console -- JsonStdoutSink IS the audit output\n console.log(JSON.stringify(enriched, jsonReplacer))\n } catch {\n // eslint-disable-next-line no-console -- fallback when payload won't serialize\n console.log(\n `{\"level\":\"audit\",\"action\":${JSON.stringify(event.action)},\"timestamp\":${JSON.stringify(enriched.timestamp)},\"note\":\"payload could not be serialized\"}`,\n )\n }\n }\n}\n\n/**\n * Replacer that walks BigInt → string. Circular ref handling is via the\n * outer try/catch (JSON.stringify throws TypeError on cycles; we drop to\n * the fallback line). We don't implement custom cycle-breaking walker\n * because the audit payload is meant to be JSON — if user metadata has\n * a cycle, the right answer is to fix the caller, not silently lose\n * the structure.\n */\nfunction jsonReplacer(_key: string, value: unknown): unknown {\n if (typeof value === 'bigint') return value.toString()\n return value\n}\n\n/**\n * No-op logger. Returned when `config.audit` is unset. Zero overhead;\n * framework wiring sites null-check before calling.\n */\nexport function createNoOpLogger(): AuditLogger {\n return {\n log() {\n // intentionally empty\n },\n }\n}\n\n/**\n * T4.2 — Safe-emit wrapper. Used by framework wiring sites (csrf.ts,\n * rate-limit.ts, session.ts) so a logger throw NEVER propagates into\n * the request handler.\n */\nexport function safeAudit(logger: AuditLogger | undefined, event: AuditEvent): void {\n if (!logger) return\n try {\n const r = logger.log(event)\n // Discard the Promise — async sinks are fire-and-forget by design.\n if (r && typeof r.then === 'function') {\n r.catch(() => {\n // swallow async sink failures — audit must never crash the request\n })\n }\n } catch {\n // swallow sync sink failures — audit must never crash the request\n }\n}\n","import type { IncomingMessage } from 'node:http'\n\nimport type { AuditLogger } from '../observability/audit-log.js'\nimport { safeAudit } from '../observability/audit-log.js'\n\n/**\n * CSRF enforcement mode.\n *\n * - `off` — skip CSRF entirely. Use only when you have another defense\n * (e.g. you don't ship session cookies, all auth is bearer).\n * - `warn` — log a structured warning when the check would fail, but\n * still serve the request. Default for 0.2.0. Migration mode.\n * - `strict` — reject failing requests with 403 + code `CSRF_INVALID`.\n * Will become the default in 0.3.0.\n */\nexport type CsrfMode = 'off' | 'warn' | 'strict'\n\n/**\n * Per-request structured logger surface. Only `warn` is used by enforceCsrf;\n * we don't require a full Logger here so callers can pass a mock or the\n * console directly.\n */\nexport interface CsrfLogger {\n warn: (payload: CsrfWarnPayload) => void\n /** Optional path the request was destined for — used for log correlation. */\n path?: string\n}\n\n/**\n * T5.1 — Rails-inspired per-route escalation.\n *\n * `routes` accepts string (exact match) or RegExp entries. When a request\n * path matches AND the request would otherwise emit a warning, the\n * `behavior` field decides what happens:\n *\n * - `'warn'` → normal warn dispatch (no-op vs default)\n * - `'raise'` → escalate to 403 regardless of global `csrf` mode\n *\n * `'raise'` never downgrades: when global mode is `'off'`, validation is\n * skipped entirely and disallowed dispatch never runs.\n */\nexport interface DisallowedConfig {\n routes: (string | RegExp)[]\n behavior: 'warn' | 'raise'\n}\n\n/**\n * Test whether `path` matches any of the supplied patterns. String\n * patterns are EXACT (trailing slash matters — use RegExp for tolerance).\n *\n * EC-5: when a RegExp carries the `/g` flag, `.test()` mutates\n * `lastIndex` and the next invocation may miss. We reset `lastIndex`\n * before each test so the matcher is a pure function.\n */\nexport function matchDisallowed(path: string, patterns: readonly (string | RegExp)[]): boolean {\n for (const p of patterns) {\n if (typeof p === 'string') {\n if (path === p) return true\n } else if (p instanceof RegExp) {\n p.lastIndex = 0\n if (p.test(path)) return true\n }\n // Neither string nor RegExp: ignore silently (defensive — the public\n // type forbids it but runtime data may slip past).\n }\n return false\n}\n\n/**\n * T2.2 — Stable cutover identifier shipped with every csrf.warn payload.\n *\n * Convention borrowed from Vite's `deprecations.ts:74` — a `code` plus a\n * `docsUrl` lets users (a) grep their logs for a single stable identifier\n * to find every csrf.warn line, and (b) click through directly to the\n * migration guide. Strings are exported constants so the analyzer (T2.3)\n * and migration guide can reference the same source of truth.\n */\nexport const CSRF_WARN_CODE = 'CSRF_STRICT_CUTOVER' as const\nexport const CSRF_WARN_DOCS_URL = 'https://theokit.dev/upgrade/csrf-strict-cutover' as const\n\n/**\n * Pick a header value, choosing the first entry when an array (Node sets\n * arrays for headers that legitimately appear multiple times). Returns\n * `''` when the header is absent or empty — callers treat `''` as \"skip\".\n */\nfunction pickHeader(value: string | string[] | undefined): string {\n if (typeof value === 'string') return value\n if (Array.isArray(value) && value.length > 0) return value[0]\n return ''\n}\n\nexport interface CsrfWarnPayload {\n event: 'csrf.warn'\n method: string\n path: string | undefined\n reason: string\n /**\n * Stable identifier for the 0.2 → 0.3 CSRF strict cutover. Always\n * `'CSRF_STRICT_CUTOVER'`. Grep-able from prod logs.\n */\n code: string\n /**\n * Link to the section of the migration guide explaining how to clear\n * this specific warning class.\n */\n docsUrl: string\n}\n\n/**\n * T5a.2 Phase B (slice 1/6): pure header-only CSRF check extracted from\n * `validateCsrf(req: IncomingMessage)` so it can be re-used by the Web-\n * Standards `validateCsrfRequest(request: Request)` sibling. Per the T5a.2\n * plan v1.0 § Phase B, header-only leaves are first to migrate. This is\n * the dual-signature pattern (anti-pattern #2 avoidance): IncomingMessage\n * consumers unchanged; new Request consumers go through the same logic\n * via the shared helper.\n *\n * Pure logic — accepts pre-extracted header values as strings or null.\n */\nfunction isCsrfValidFromHeaders(opts: {\n csrfActionHeader: string | null\n origin: string | null\n host: string | null\n}): { valid: true } | { valid: false; reason: string } {\n // 1. Custom header must be present (primary defense — simple form posts\n // cannot set custom headers, browsers gate via CORS preflight)\n if (opts.csrfActionHeader !== '1') {\n return { valid: false, reason: 'Missing X-Theo-Action header' }\n }\n\n // 2. Origin matching (secondary defense)\n if (opts.origin === null || opts.origin === '') {\n // Browsers omit Origin for same-origin requests — treat as valid\n return { valid: true }\n }\n\n if (opts.host === null || opts.host === '') {\n return { valid: true }\n }\n\n try {\n const originHost = new URL(opts.origin).host\n if (originHost !== opts.host) {\n return { valid: false, reason: `Origin ${opts.origin} does not match host ${opts.host}` }\n }\n } catch {\n return { valid: false, reason: `Invalid origin: ${opts.origin}` }\n }\n\n return { valid: true }\n}\n\nexport function validateCsrf(\n req: IncomingMessage,\n): { valid: true } | { valid: false; reason: string } {\n // IncomingMessage adapter — normalize Node header shape to the pure\n // helper's input shape (string|null).\n const action = req.headers['x-theo-action']\n const origin = req.headers.origin\n const host = req.headers.host\n return isCsrfValidFromHeaders({\n csrfActionHeader: typeof action === 'string' ? action : null,\n origin: origin !== undefined ? pickHeader(origin) || null : null,\n host: host !== undefined ? pickHeader(host) || null : null,\n })\n}\n\n/**\n * T5a.2 Phase B (slice 1/6) — Web-Standards-shaped CSRF validator.\n *\n * Mirror of `validateCsrf(req: IncomingMessage)` for the Web `Request`\n * shape. Consumes `request.headers.get(name)` (native Web `Headers` API)\n * instead of `req.headers[name]` (Node `IncomingMessage` indexer). Same\n * CSRF policy + same return shape — the difference is only the input\n * extraction.\n *\n * Used by `executeWebRequest` (T5a.2 Phase A) to enforce CSRF on the\n * Web-Standards request handler entry-point.\n */\nexport function validateCsrfRequest(\n request: Request,\n): { valid: true } | { valid: false; reason: string } {\n return isCsrfValidFromHeaders({\n csrfActionHeader: request.headers.get('x-theo-action'),\n origin: request.headers.get('origin'),\n host: request.headers.get('host'),\n })\n}\n\n/**\n * Enforce CSRF policy with mode-aware behavior. Wrapper over `validateCsrf`\n * that turns the boolean valid/invalid into a request-level allow decision,\n * gated by mode + structured warning in warn mode.\n *\n * Phase 5 — CSRF warn-first (EC-1). See plan docs/plans/nextjs-maturity-plan.md.\n */\n/**\n * Dispatch the csrf.warn payload to both the structured logger and the\n * audit sink (when configured). Extracted from `enforceCsrf` to keep that\n * function's complexity within ceiling.\n */\nfunction dispatchCsrfWarn(\n req: IncomingMessage,\n reason: string,\n logger: CsrfLogger | undefined,\n auditLogger: AuditLogger | undefined,\n pathFallback = '',\n): void {\n const payload: CsrfWarnPayload = {\n event: 'csrf.warn',\n method: req.method ?? 'UNKNOWN',\n path: logger?.path ?? pathFallback,\n reason,\n code: CSRF_WARN_CODE,\n docsUrl: CSRF_WARN_DOCS_URL,\n }\n logger?.warn(payload)\n // `metadata` is typed as Record<string, unknown>; CsrfWarnPayload is a\n // structurally-equivalent shape but lacks the index signature.\n safeAudit(auditLogger, {\n action: 'csrf.warn',\n actor: { type: 'anonymous' },\n metadata: { ...payload },\n })\n}\n\nexport function enforceCsrf(\n req: IncomingMessage,\n mode: CsrfMode,\n logger?: CsrfLogger,\n disallowed?: DisallowedConfig,\n auditLogger?: AuditLogger,\n): { allow: boolean; reason?: string } {\n if (mode === 'off') {\n // `off` short-circuits before disallowed dispatch — users who set\n // csrf: 'off' globally have explicitly turned validation off, and\n // disallowed must never re-introduce it. The escape hatch is to\n // set csrf: 'warn' and use disallowed for surgical strict pockets.\n return { allow: true }\n }\n\n const check = validateCsrf(req)\n if (check.valid) {\n return { allow: true }\n }\n\n // T5.1 — disallowed dispatch: when the failing request matches a\n // disallowed pattern AND behavior is 'raise', escalate to 403 even if\n // global mode is 'warn'. Strict mode would 403 anyway, so the branch\n // is a no-op there.\n if (disallowed?.behavior === 'raise') {\n const path = logger?.path ?? req.url ?? ''\n if (matchDisallowed(path, disallowed.routes)) {\n return { allow: false, reason: check.reason }\n }\n }\n\n if (mode === 'warn') {\n // T2.1: emit via warnOnce by default — callers can override via the\n // injected logger.warn (tests, custom log routers).\n // T2.2: include the stable cutover code + docsUrl so logs are\n // grep-able and click-through-able.\n dispatchCsrfWarn(req, check.reason, logger, auditLogger)\n return { allow: true, reason: check.reason }\n }\n\n // strict — 403 the request, AND emit a warn payload so the dev (and\n // devtools UI) sees WHY it was blocked + the docsUrl to fix it.\n // Without this, strict-mode users get a silent 403 with no context.\n dispatchCsrfWarn(req, check.reason, logger, auditLogger)\n return { allow: false, reason: check.reason }\n}\n","import type { IncomingMessage, ServerResponse } from 'node:http'\n\nimport { parseRequestBody } from '../body-parser.js'\n\nimport { sendError } from './send-response.js'\n\n/**\n * T5.1 (partial Pipeline extraction) — request-parsing + Zod-validation\n * stages extracted from the executeRoute monolith.\n *\n * Each stage returns `{ ok: true, ...data }` on success OR `{ ok: false }`\n * on short-circuit (in which case the stage already sent an error response).\n *\n * Per EC-5 (plugin hook ordering) and EC-15 (AsyncLocalStorage), these\n * stages do NOT invoke plugin hooks — the orchestrator (`executeRoute`)\n * keeps that responsibility in one place.\n */\n\nexport type StageResult<T> = { ok: true; data: T } | { ok: false }\n\n/**\n * Parse URL query + request body (multipart/form-data or JSON).\n * On parse failure, sends 400 or 415 (Unsupported Content-Type) + returns\n * `{ ok: false }`. Otherwise returns `{ query, body }`.\n */\nexport async function parseQueryAndBody(\n req: IncomingMessage,\n res: ServerResponse,\n requestId: string | undefined,\n): Promise<StageResult<{ query: Record<string, string>; body: unknown }>> {\n // Query\n const url = new URL(req.url ?? '/', `http://${req.headers.host ?? 'localhost'}`)\n const query: Record<string, string> = Object.fromEntries(url.searchParams)\n\n // Body (JSON + multipart/form-data)\n let body: unknown\n try {\n const parsed = await parseRequestBody(req)\n if (parsed.json !== undefined) {\n body = parsed.json\n } else if (parsed.files.length > 0 || Object.keys(parsed.fields).length > 0) {\n body = { ...parsed.fields, _files: parsed.files }\n } else {\n body = undefined\n }\n } catch (err) {\n const message = (err as Error).message\n const status = message.includes('Unsupported Content-Type') ? 415 : 400\n sendError(res, 'VALIDATION_ERROR', message, status, undefined, requestId)\n return { ok: false }\n }\n\n return { ok: true, data: { query, body } }\n}\n\n/**\n * Validate query, body, params against the route's Zod schemas (when present).\n * On validation failure, sends 400 with Zod issues + returns `{ ok: false }`.\n * On success, returns the (possibly-transformed) values from `schema.safeParse(...).data`.\n */\nexport interface ZodLike {\n safeParse: (value: unknown) => {\n success: boolean\n data?: unknown\n error?: { issues: unknown[] }\n }\n}\nexport const isZodLike = (value: unknown): value is ZodLike =>\n typeof value === 'object' &&\n value !== null &&\n typeof (value as { safeParse?: unknown }).safeParse === 'function'\n\nexport function runZodValidation(\n routeConfig: Record<string, unknown>,\n res: ServerResponse,\n requestId: string | undefined,\n input: {\n query: Record<string, string>\n body: unknown\n params: Record<string, string>\n },\n): StageResult<{ query: Record<string, string>; body: unknown; params: Record<string, string> }> {\n const { query, params } = input\n let { body } = input\n\n if (isZodLike(routeConfig.query)) {\n const result = routeConfig.query.safeParse(query)\n if (!result.success) {\n sendError(\n res,\n 'VALIDATION_ERROR',\n 'Invalid query parameters',\n 400,\n result.error?.issues,\n requestId,\n )\n return { ok: false }\n }\n Object.assign(query, result.data)\n }\n\n if (isZodLike(routeConfig.body)) {\n const result = routeConfig.body.safeParse(body)\n if (!result.success) {\n sendError(\n res,\n 'VALIDATION_ERROR',\n 'Invalid request body',\n 400,\n result.error?.issues,\n requestId,\n )\n return { ok: false }\n }\n body = result.data\n }\n\n if (isZodLike(routeConfig.params)) {\n const result = routeConfig.params.safeParse(params)\n if (!result.success) {\n sendError(\n res,\n 'VALIDATION_ERROR',\n 'Invalid route parameters',\n 400,\n result.error?.issues,\n requestId,\n )\n return { ok: false }\n }\n Object.assign(params, result.data)\n }\n\n return { ok: true, data: { query, body, params } }\n}\n","/* eslint-disable security/detect-non-literal-fs-filename --\n * Middleware runner. Checks for `serverDir/middleware.ts` + `context.ts`,\n * cached by CR-017. Paths are derived from `serverDir` (cwd-derived). No\n * HTTP input.\n */\nimport { existsSync } from 'node:fs'\nimport type { IncomingMessage, ServerResponse } from 'node:http'\nimport { join } from 'node:path'\n\nimport { scanMiddlewares } from '../scan/middleware-scan.js'\nimport type { LoadModule } from '../scan/module-loader.js'\n\nexport interface MiddlewareResult {\n ctx: unknown\n aborted: boolean\n}\n\n// CR-017 fix: in dev `existsSync` + `scanMiddlewares` ran on EVERY request,\n// turning a constant filesystem read into per-request overhead. We cache\n// the scan result by serverDir. In prod the same scan should be done once\n// at boot — `theo build` already emits a manifest, but the dev path uses\n// this runtime cache as a defense-in-depth. The cache is invalidated by\n// process restart (Vite HMR replaces the module, clearing this map).\ninterface MiddlewareCacheEntry {\n singleFilePath: string\n singleFileExists: boolean\n dirMiddlewares: string[]\n}\nconst middlewareCache = new Map<string, MiddlewareCacheEntry>()\n\nexport function _resetMiddlewareCacheForTests(): void {\n middlewareCache.clear()\n}\n\n// Middleware default-export contract: a function (req, res, next).\ntype MiddlewareFn = (\n req: IncomingMessage,\n res: ServerResponse,\n next: () => void,\n) => void | Promise<void>\ntype ContextFactory = (args: { request: IncomingMessage; response: ServerResponse }) => unknown // Promise<unknown> is structurally `unknown`; one arm covers both.\n\nfunction getCachedScan(serverDir: string): MiddlewareCacheEntry {\n let cached = middlewareCache.get(serverDir)\n if (!cached) {\n const singleFilePath = join(serverDir, 'middleware.ts')\n cached = {\n singleFilePath,\n singleFileExists: existsSync(singleFilePath),\n dirMiddlewares: scanMiddlewares(serverDir),\n }\n middlewareCache.set(serverDir, cached)\n }\n return cached\n}\n\nasync function runOneMiddleware(\n mw: MiddlewareFn,\n req: IncomingMessage,\n res: ServerResponse,\n): Promise<{ nextCalled: boolean }> {\n // Object-held flag avoids TS narrowing `let nextCalled = false` to the\n // literal `false`, which would make `!nextCalled` an \"always-truthy\"\n // condition under control-flow analysis.\n const state = { nextCalled: false }\n await mw(req, res, () => {\n state.nextCalled = true\n })\n return state\n}\n\nexport async function runMiddlewareAndContext(\n req: IncomingMessage,\n res: ServerResponse,\n loadModule: LoadModule,\n serverDir: string,\n): Promise<MiddlewareResult> {\n const { singleFilePath, singleFileExists, dirMiddlewares } = getCachedScan(serverDir)\n const dirExists = dirMiddlewares.length > 0\n\n // 1. Ambiguity check — both file and directory is a configuration error\n if (singleFileExists && dirExists) {\n throw new Error(\n 'Ambiguous middleware configuration: found both server/middleware.ts and server/middleware/ directory. ' +\n 'Use one or the other, not both.',\n )\n }\n\n // 2. Run middleware chain from directory\n if (dirExists) {\n for (const mwPath of dirMiddlewares) {\n const mod = await loadModule(mwPath)\n const mw = mod.default as MiddlewareFn | undefined\n if (typeof mw !== 'function') continue\n\n const { nextCalled } = await runOneMiddleware(mw, req, res)\n if (!nextCalled || res.writableEnded) {\n return { ctx: {}, aborted: true }\n }\n }\n }\n\n // 3. Run single middleware file (backward compat)\n if (singleFileExists) {\n const mod = await loadModule(singleFilePath)\n const mw = mod.default as MiddlewareFn | undefined\n if (typeof mw === 'function') {\n const { nextCalled } = await runOneMiddleware(mw, req, res)\n if (!nextCalled || res.writableEnded) {\n return { ctx: {}, aborted: true }\n }\n }\n }\n\n // 4. Create context (if exists)\n let ctx: unknown = {}\n const contextPath = join(serverDir, 'context.ts')\n if (existsSync(contextPath)) {\n const mod = await loadModule(contextPath)\n const createContext = mod.createContext as ContextFactory | undefined\n if (typeof createContext === 'function') {\n ctx = await createContext({ request: req, response: res })\n }\n }\n\n return { ctx, aborted: false }\n}\n","/* eslint-disable security/detect-non-literal-fs-filename --\n * Build-time scanner: walks `serverDir/middleware/` derived from cwd.\n * No HTTP input ever reaches these fs calls.\n */\nimport { readdirSync, existsSync, statSync } from 'node:fs'\nimport { join, extname } from 'node:path'\n\nconst MW_EXTENSIONS = new Set(['.ts', '.tsx', '.js', '.jsx'])\n\n/**\n * Scan the server/middleware/ directory for middleware files.\n * Files are returned sorted alphabetically — use numeric prefixes\n * (e.g. 01-cors.ts, 02-auth.ts) to control execution order.\n *\n * Files starting with '_' or '.' are ignored (helpers, hidden files).\n */\nexport function scanMiddlewares(serverDir: string): string[] {\n const mwDir = join(serverDir, 'middleware')\n if (!existsSync(mwDir) || !statSync(mwDir).isDirectory()) {\n return []\n }\n\n const entries = readdirSync(mwDir, { withFileTypes: true })\n const files: string[] = []\n\n for (const entry of entries) {\n if (!entry.isFile()) continue\n if (entry.name.startsWith('_') || entry.name.startsWith('.')) continue\n const ext = extname(entry.name)\n if (!MW_EXTENSIONS.has(ext)) continue\n files.push(join(mwDir, entry.name))\n }\n\n // Sort alphabetically — numeric prefix (01-, 02-) guarantees order.\n // Use `localeCompare` for stable, locale-aware ordering.\n files.sort((a, b) => a.localeCompare(b))\n return files\n}\n","import type { IncomingMessage, ServerResponse } from 'node:http'\n\nimport { isAuthRequiredError } from '../../core/contracts/auth-error-guard.js'\nimport { TheoError } from '../../core/contracts/theo-error.js'\nimport { DuplicateContextKeyError } from '../jobs/duplicate-context-key-error.js'\nimport { createOutbox } from '../jobs/outbox.js'\nimport { createOutboxDispatcher, createQueueClient } from '../jobs/queue-client.js'\nimport { warnOnce } from '../observability/logger.js'\nimport type { PluginContext } from '../plugin-types.js'\nimport type { PluginRunner } from '../plugins/plugin-runner.js'\nimport { dispatchCsrfWarn } from '../security/csrf-warn-dispatch.js'\nimport { enforceCsrf } from '../security/csrf.js'\n\nimport type { ExecuteRouteContext } from './execute-context.js'\nimport { isZodLike, parseQueryAndBody, runZodValidation } from './execute-stages.js'\nimport { runMiddlewareAndContext } from './middleware-runner.js'\nimport { sendError, sendJson } from './send-response.js'\n\n// CSRF policy applies to every state-mutating method, including DELETE.\nconst CSRF_PROTECTED_METHODS = new Set(['POST', 'PUT', 'PATCH', 'DELETE'])\n\n// T5.1: sendJson + sendError + SendErrorOptions moved to send-response.ts\n// to break the execute ↔ execute-stages cycle. Re-exported below for\n// backward compat.\nexport { sendJson, sendError } from './send-response.js'\nexport type { SendErrorOptions, SendErrorInput } from './send-response.js'\n// T3.1 — ExecuteRouteContext (ADR-0016)\nexport type { ExecuteRouteContext } from './execute-context.js'\n\ninterface StreamPipeCtx {\n buildPluginCtx: (ctxObj: Record<string, unknown>) => PluginContext\n ctx: Record<string, unknown>\n method: string\n pluginRunner: PluginRunner | undefined\n requestId: string | undefined\n routePath: string\n}\n\n/**\n * Pipe a Web Standard ReadableStream into a Node ServerResponse. Stream\n * errors after headers are sent cannot change the response status, but\n * MUST be logged + reported (CR-004 fix). Extracted from `executeRoute`\n * to keep that function's nesting under the max-depth ceiling.\n */\nasync function pipeWebStreamToResponse(\n body: ReadableStream<Uint8Array>,\n res: ServerResponse,\n ctx: StreamPipeCtx,\n): Promise<void> {\n const reader = body.getReader()\n try {\n let done = false\n while (!done) {\n const chunk = await reader.read()\n done = chunk.done\n if (!done) res.write(chunk.value)\n }\n } catch (streamErr) {\n warnOnce(`stream-error:${ctx.routePath}:${ctx.method}`, {\n event: 'stream.error',\n requestId: ctx.requestId ?? 'no-id',\n route: ctx.routePath,\n method: ctx.method,\n message: streamErr instanceof Error ? streamErr.message : String(streamErr),\n })\n if (ctx.pluginRunner) {\n try {\n await ctx.pluginRunner.runOnError(ctx.buildPluginCtx(ctx.ctx), streamErr)\n } catch {\n // onError plugins must never destabilize the response close.\n }\n }\n } finally {\n try {\n reader.releaseLock()\n } catch {\n /* lock may already be released by abort */\n }\n }\n}\n\n// sendError moved to send-response.ts (T5.1) — re-exported above.\n\n// CR-007/Knip cleanup: `parseBody` (legacy JSON-only parser) was exported\n// but had no remaining consumers — the route pipeline uses\n// `parseRequestBody` (multipart + JSON) directly. Removed to shrink the\n// public surface and remove the duplicated METHODS_WITH_BODY constant.\n\n// eslint-disable-next-line max-lines-per-function, sonarjs/cognitive-complexity, complexity -- `executeRoute` is the framework's central request pipeline; its body length + branch density mirror the actual request lifecycle. T3.1 / ADR-0016 retired `max-params` (context object replaces 12 positional args). Branch complexity remains intentional: the request lifecycle has irreducible state machine arms (CSRF stage → Zod validate → middleware → handler → stream/JSON response). Remaining helpers `runCsrfStage`, `parseQueryAndBody`, `runHandlerStage`, etc. were extracted in earlier waves.\nexport async function executeRoute(ctx: ExecuteRouteContext): Promise<void> {\n // T3.1 — destructure the context with defaults applied\n const {\n route,\n method,\n params,\n req,\n res,\n loadModule,\n serverDir,\n requestId,\n pluginRunner,\n transformer,\n csrfMode = 'strict',\n disallowed,\n jobBackend,\n } = ctx\n const buildPluginCtx = (ctxObj: Record<string, unknown>): PluginContext => ({\n request: req,\n response: res,\n ctx: ctxObj,\n requestId: requestId ?? 'no-id',\n })\n\n // T1.2 — emit x-theo-transformer header when a non-default transformer is in use.\n // 'json' is treated as default (no header); any named transformer emits.\n if (transformer && transformer.name !== 'json') {\n res.setHeader('x-theo-transformer', transformer.name)\n }\n\n try {\n // T4.2 — onRequest hook (runs before middleware)\n let ctx: Record<string, unknown> = {}\n if (pluginRunner) {\n pluginRunner.applyDecorations(ctx)\n const onReqResult = await pluginRunner.runOnRequest(buildPluginCtx(ctx))\n if (onReqResult.shortCircuited) return\n }\n\n // Run middleware + context pipeline\n if (serverDir) {\n const result = await runMiddlewareAndContext(req, res, loadModule, serverDir)\n if (result.aborted) return\n ctx = (result.ctx ?? {}) as Record<string, unknown>\n // Re-apply decorations on top of middleware-produced ctx so plugin\n // decorations win when middleware did not set the same key.\n if (pluginRunner) pluginRunner.applyDecorations(ctx)\n }\n\n // T2.1 — wire ctx.queue + outbox lifecycle when jobBackend is configured.\n // EC-202: throw on collision instead of silent override.\n if (jobBackend) {\n if (ctx.queue !== undefined) {\n throw new DuplicateContextKeyError('queue', {\n reason:\n 'A plugin or middleware already decorated ctx.queue; choose a different key OR remove jobs.backend from theo.config.ts.',\n })\n }\n const outbox = createOutbox()\n const queueClient = createQueueClient(jobBackend, outbox)\n ctx.queue = queueClient\n\n // Discard on abort or 4xx (handler throws cascade to 500 via catch\n // below, where statusCode is already >= 400).\n res.on('close', () => {\n if (!res.writableFinished) outbox.discard()\n })\n // Flush on commit, only when response indicates success.\n res.on('finish', () => {\n if (res.statusCode >= 400) {\n outbox.discard()\n return\n }\n void outbox.flush(createOutboxDispatcher(jobBackend))\n })\n }\n\n const mod = await loadModule(route.filePath)\n const routeConfig = mod[method]\n\n if (!routeConfig) {\n sendError(\n res,\n 'METHOD_NOT_ALLOWED',\n `Method ${method} not allowed`,\n 405,\n undefined,\n requestId,\n )\n return\n }\n\n const handler =\n typeof routeConfig === 'function'\n ? routeConfig\n : (routeConfig as Record<string, unknown>).handler\n if (typeof handler !== 'function') {\n sendError(res, 'INTERNAL_ERROR', 'Route handler is not a function', 500, undefined, requestId)\n return\n }\n\n // Phase 5 — CSRF enforcement (warn-first default; strict in 0.3.0).\n // Skips: safe methods (GET/HEAD/OPTIONS), per-route opt-out (`csrf: false`),\n // and bare function exports (legacy style — no opt-out hook available).\n const routeOptOut =\n typeof routeConfig === 'object' && (routeConfig as { csrf?: unknown }).csrf === false\n if (CSRF_PROTECTED_METHODS.has(method) && !routeOptOut) {\n const decision = enforceCsrf(\n req,\n csrfMode,\n {\n // T3.3 DRY — see security/csrf-warn-dispatch.ts\n warn: dispatchCsrfWarn,\n path: req.url,\n },\n disallowed,\n )\n if (!decision.allow) {\n sendError(\n res,\n 'CSRF_INVALID',\n decision.reason ?? 'CSRF check failed',\n 403,\n undefined,\n requestId,\n )\n return\n }\n }\n\n // T5.1 — extracted stages (parseQueryAndBody + runZodValidation).\n // Each stage either succeeds (returns parsed data) OR short-circuits\n // (sends the error response inline + returns ok:false).\n const rc = routeConfig as Record<string, unknown>\n\n const parseResult = await parseQueryAndBody(req, res, requestId)\n if (!parseResult.ok) return\n const { query } = parseResult.data\n let { body } = parseResult.data\n\n const validationResult = runZodValidation(rc, res, requestId, { query, body, params })\n if (!validationResult.ok) return\n body = validationResult.data.body\n\n // T4.3 — preHandler hook (after Zod validation, before handler)\n if (pluginRunner) {\n const preResult = await pluginRunner.runPreHandler(buildPluginCtx(ctx))\n if (preResult.shortCircuited) return\n }\n\n // Execute handler. `handler` is structurally typed as `unknown` at\n // this point (came out of a duck-typed module). Cast through a narrow\n // type so the call is properly typed.\n type RouteHandlerCallable = (args: {\n query: Record<string, string>\n body: unknown\n params: Record<string, string>\n request: IncomingMessage\n ctx: Record<string, unknown>\n }) => unknown\n const callableHandler = handler as RouteHandlerCallable\n const handlerResult = await callableHandler({ query, body, params, request: req, ctx })\n\n // Handle result\n if (handlerResult === undefined || handlerResult === null) {\n sendJson(res, null, (rc.status as number | undefined) ?? 204, transformer)\n if (pluginRunner) await pluginRunner.runOnResponse(buildPluginCtx(ctx))\n return\n }\n\n if (handlerResult instanceof Response) {\n // `Object.fromEntries(Headers)` collapses multi-valued headers like\n // `Set-Cookie` to a single string. Set Set-Cookie via setHeader array\n // overload BEFORE writeHead (writeHead flushes headers; later setHeader\n // is a no-op or throws). Then writeHead with the remaining singletons.\n const headersBag: Record<string, string> = {}\n for (const [k, v] of handlerResult.headers) {\n if (k.toLowerCase() !== 'set-cookie') headersBag[k] = v\n }\n const setCookies = handlerResult.headers.getSetCookie()\n if (setCookies.length > 0) {\n res.setHeader('Set-Cookie', setCookies)\n }\n res.writeHead(handlerResult.status, headersBag)\n\n if (handlerResult.body) {\n await pipeWebStreamToResponse(handlerResult.body, res, {\n buildPluginCtx,\n ctx,\n method,\n pluginRunner,\n requestId,\n routePath: route.routePath,\n })\n }\n\n res.end()\n if (pluginRunner) await pluginRunner.runOnResponse(buildPluginCtx(ctx))\n return\n }\n\n // Validate the plain-object return against config.response when declared\n // (D1/D2). A mismatch is a SERVER fault → throw TheoError, routed to a 500\n // by the catch below. Response-instance + 204 branches above are untouched.\n let responseBody: unknown = handlerResult\n if (isZodLike(rc.response)) {\n const parsed = rc.response.safeParse(handlerResult)\n if (!parsed.success) {\n throw new TheoError({\n code: 'INTERNAL_SERVER_ERROR',\n message: 'response validation failed',\n ext: { issues: parsed.error?.issues },\n })\n }\n responseBody = parsed.data\n }\n sendJson(res, responseBody, (rc.status as number | undefined) ?? 200, transformer)\n if (pluginRunner) await pluginRunner.runOnResponse(buildPluginCtx(ctx))\n } catch (err) {\n // T4.4 — onError hook (runs before default error response)\n if (pluginRunner) {\n // Best-effort: capture a ctx snapshot for plugins. Decorations were\n // applied to local `ctx` above, but if the error came before that, we\n // pass an empty ctx — the request/response are what matters here.\n const errCtxObj: Record<string, unknown> = {}\n pluginRunner.applyDecorations(errCtxObj)\n await pluginRunner.runOnError(buildPluginCtx(errCtxObj), err)\n // EC-9: response may already have been ended by an onError hook\n if (res.writableEnded) {\n // Still run onResponse but mark inErrorPath to prevent recursion\n await pluginRunner.runOnResponse(buildPluginCtx(errCtxObj), { inErrorPath: true })\n return\n }\n }\n // Auth error detection (shape-based guard from core/contracts — Vite HMR\n // can break instanceof, so shape check is the canonical path).\n if (isAuthRequiredError(err)) {\n const authErr = err as { code: string; message: string; status: number }\n sendError(res, authErr.code, authErr.message, authErr.status, undefined, requestId)\n if (pluginRunner) {\n const errCtxObj: Record<string, unknown> = {}\n pluginRunner.applyDecorations(errCtxObj)\n await pluginRunner.runOnResponse(buildPluginCtx(errCtxObj), { inErrorPath: true })\n }\n return\n }\n sendError(\n res,\n 'INTERNAL_ERROR',\n err instanceof Error && err.message ? err.message : 'Internal server error',\n 500,\n undefined,\n requestId,\n )\n if (pluginRunner) {\n const errCtxObj: Record<string, unknown> = {}\n pluginRunner.applyDecorations(errCtxObj)\n await pluginRunner.runOnResponse(buildPluginCtx(errCtxObj), { inErrorPath: true })\n }\n }\n}\n","/**\n * Action protocol — cross-boundary contract for `defineAction` + `useAction`.\n *\n * Per plan g3-server-actions-and-useaction v1.2 § Phase 0 / T0.1, ADRs D1 (encoding)\n * + D6 (full dot-notation path) + D7 (PII mask) — types and runtime referenced\n * by server (`server/http/action-execute.ts`, `server/define/define-action.ts`)\n * and client (`@theokit/react/useAction`, `vite-plugin/actions-virtual-module`).\n *\n * Lives in `core/contracts/` per architecture.md v3.1 exception — cross-module\n * deep imports ALLOWED for this file. Core depends on NOTHING intra-monorepo;\n * `extractUniversalIssues` is implemented INLINE (NOT imported from `@theokit/sdk`)\n * to honor dep-cruiser `core-depends-on-nothing` invariant (EC-1 absorbed).\n *\n * Field-key convention (D6 + EC-13): dot-notation full path. Nested objects use\n * `'user.address.zip'`; array indices use `'items.0.name'` (NOT bracket\n * `'items[0].name'`). Root-level errors (path = []) use empty string `''`\n * (EC-7). Consumers needing bracket notation can write a small `dotToBracket`\n * helper in userland.\n */\n\nimport type { TheoErrorCode, TheoErrorEnvelope, ValidationFieldsExt } from './error-envelope.js'\n\n/**\n * HTTP-status mapping per IANA HTTP Status Code Registry (subset relevant to\n * action surface). VALIDATION_ERROR → 422 is preferred over Astro's BAD_REQUEST/400\n * (more semantic for input-shape mismatch). PAYLOAD_TOO_LARGE → 413 covers EC-3\n * (response-side size limit; request-side reuses standard 413).\n */\nexport type ActionErrorCode =\n | 'VALIDATION_ERROR'\n | 'BAD_REQUEST'\n | 'UNAUTHORIZED'\n | 'FORBIDDEN'\n | 'NOT_FOUND'\n | 'METHOD_NOT_ALLOWED'\n | 'CONFLICT'\n | 'CONTENT_TOO_LARGE'\n | 'PAYLOAD_TOO_LARGE'\n | 'UNSUPPORTED_MEDIA_TYPE'\n | 'TOO_MANY_REQUESTS'\n | 'INTERNAL_SERVER_ERROR'\n\nconst CODE_TO_STATUS: Record<ActionErrorCode, number> = {\n VALIDATION_ERROR: 422,\n BAD_REQUEST: 400,\n UNAUTHORIZED: 401,\n FORBIDDEN: 403,\n NOT_FOUND: 404,\n METHOD_NOT_ALLOWED: 405,\n CONFLICT: 409,\n CONTENT_TOO_LARGE: 413,\n PAYLOAD_TOO_LARGE: 413,\n UNSUPPORTED_MEDIA_TYPE: 415,\n TOO_MANY_REQUESTS: 429,\n INTERNAL_SERVER_ERROR: 500,\n}\n\nconst STATUS_TO_CODE: Record<number, ActionErrorCode> = {\n 400: 'BAD_REQUEST',\n 401: 'UNAUTHORIZED',\n 403: 'FORBIDDEN',\n 404: 'NOT_FOUND',\n 405: 'METHOD_NOT_ALLOWED',\n 409: 'CONFLICT',\n 413: 'PAYLOAD_TOO_LARGE',\n 415: 'UNSUPPORTED_MEDIA_TYPE',\n 422: 'VALIDATION_ERROR',\n 429: 'TOO_MANY_REQUESTS',\n 500: 'INTERNAL_SERVER_ERROR',\n}\n\n/**\n * Universal zod issue shape covering BOTH v3 (`z.ZodIssue`) and v4 (`$ZodIssue`).\n * Duck-typed minimum surface: `{path, message}`. Implemented per EC-1 absorbed —\n * consumers chain may ship either zod major; constructor accepts `unknown` and\n * normalizes via `extractUniversalIssues`.\n */\nexport interface UniversalZodIssue {\n readonly path: readonly (string | number)[]\n readonly message: string\n readonly code?: string\n}\n\n/**\n * `ActionError` — general server-side action failure. Discriminator `type` is\n * literal `'TheoActionError'`; used by `ActionError.fromJson` to distinguish\n * from `ActionInputError`.\n */\nexport class ActionError extends Error {\n // Discriminator widened to the full union so subclasses can narrow to their\n // specific literal (TypeScript would otherwise reject the override). Concrete\n // values are still always exact literals at runtime.\n readonly type: 'TheoActionError' | 'TheoActionInputError' = 'TheoActionError'\n readonly code: ActionErrorCode\n readonly status: number\n\n constructor(params: { code: ActionErrorCode; message?: string; stack?: string }) {\n super(params.message ?? params.code)\n this.code = params.code\n this.status = ActionError.codeToStatus(params.code)\n if (params.stack) {\n this.stack = params.stack\n }\n }\n\n /**\n * G5 T2.4 — canonical envelope view of the action error. Maps the G3\n * ActionErrorCode to a canonical TheoErrorCode (VALIDATION_ERROR ↔\n * UNPROCESSABLE_ENTITY, CONTENT_TOO_LARGE ↔ PAYLOAD_TOO_LARGE) so consumer\n * UI / SDK code can switch on the unified envelope.\n *\n * Subclasses override to populate `ext` (see `ActionInputError.envelope`).\n */\n get envelope(): TheoErrorEnvelope {\n return {\n code: ActionError.toTheoErrorCode(this.code),\n message: this.message,\n }\n }\n\n /**\n * Translate G3 ActionErrorCode → canonical TheoErrorCode (blueprint\n * Recommendations § \"G3 ActionError becomes inaugural envelope user\").\n */\n static toTheoErrorCode(code: ActionErrorCode): TheoErrorCode {\n if (code === 'VALIDATION_ERROR') return 'UNPROCESSABLE_ENTITY'\n if (code === 'CONTENT_TOO_LARGE') return 'PAYLOAD_TOO_LARGE'\n // The other ActionErrorCode members (BAD_REQUEST/UNAUTHORIZED/FORBIDDEN/\n // NOT_FOUND/METHOD_NOT_ALLOWED/CONFLICT/PAYLOAD_TOO_LARGE/\n // UNSUPPORTED_MEDIA_TYPE/TOO_MANY_REQUESTS/INTERNAL_SERVER_ERROR) are\n // identical strings in TheoErrorCode. Narrow via a type predicate\n // instead of assertion.\n return code\n }\n\n static codeToStatus(code: ActionErrorCode): number {\n return CODE_TO_STATUS[code]\n }\n\n static statusToCode(status: number): ActionErrorCode {\n return STATUS_TO_CODE[status] ?? 'INTERNAL_SERVER_ERROR'\n }\n\n /**\n * Parse a serialized error JSON back into the typed class hierarchy.\n * Distinguishes `TheoActionInputError` (with `issues` array) from\n * `TheoActionError` via the `type` discriminator. Falls back to\n * `INTERNAL_SERVER_ERROR` for malformed bodies (non-object, missing\n * `type`, unknown `code`).\n */\n static fromJson(body: unknown): ActionError {\n if (typeof body !== 'object' || body === null) {\n return new ActionError({ code: 'INTERNAL_SERVER_ERROR' })\n }\n const obj = body as Record<string, unknown>\n if (obj.type === 'TheoActionInputError' && Array.isArray(obj.issues)) {\n return new ActionInputError(obj.issues as unknown[])\n }\n if (\n obj.type === 'TheoActionError' &&\n typeof obj.code === 'string' &&\n obj.code in CODE_TO_STATUS\n ) {\n return new ActionError({\n code: obj.code as ActionErrorCode,\n message: typeof obj.message === 'string' ? obj.message : undefined,\n })\n }\n return new ActionError({ code: 'INTERNAL_SERVER_ERROR' })\n }\n}\n\n/**\n * `ActionInputError` — validation failure with field-level mapping.\n *\n * `fields` is auto-derived from `issues`: for each issue, key = full\n * dot-notation path (`'user.address.zip'`; root-level `path:[]` → `''`;\n * array indices as numeric segments → `'items.0.name'`). Multiple messages\n * for the same key accumulate; duplicate (path, message) tuples are deduped.\n */\nexport class ActionInputError extends ActionError {\n override readonly type = 'TheoActionInputError' as const\n readonly issues: readonly UniversalZodIssue[]\n readonly fields: Record<string, string[]>\n\n constructor(rawIssues: unknown) {\n super({ code: 'VALIDATION_ERROR', message: 'Validation failed' })\n this.issues = extractUniversalIssues(rawIssues)\n this.fields = buildFieldsMap(this.issues)\n }\n\n /**\n * G5 T2.4 — envelope view with ValidationFieldsExt populated from .fields.\n * UI consumers can `switch (env.code)` on `UNPROCESSABLE_ENTITY` and read\n * `(env.ext as ValidationFieldsExt).fields` for field-level rendering.\n */\n override get envelope(): TheoErrorEnvelope<ValidationFieldsExt> {\n return {\n code: 'UNPROCESSABLE_ENTITY',\n message: this.message,\n ext: { fields: this.fields },\n }\n }\n}\n\nfunction buildFieldsMap(issues: readonly UniversalZodIssue[]): Record<string, string[]> {\n const fields: Record<string, string[]> = {}\n const seen = new Set<string>()\n for (const issue of issues) {\n // EC-7: root path → empty string key. EC-8: numeric segments preserved as strings.\n const key = issue.path.length === 0 ? '' : issue.path.join('.')\n const dedupeKey = `${key}\u0000${issue.message}`\n if (seen.has(dedupeKey)) continue\n seen.add(dedupeKey)\n const bucket = fields[key] ?? []\n bucket.push(issue.message)\n fields[key] = bucket\n }\n return fields\n}\n\n/**\n * Normalize zod v3 (`z.ZodIssue`) and v4 (`$ZodIssue`) raw issues to\n * `UniversalZodIssue[]` (EC-1 absorbed). Duck-typed on `{path, message}` —\n * does NOT import zod types (`core/contracts/` depends on no intra-monorepo\n * + zod is consumer-controlled across the boundary).\n *\n * Silently skips entries missing required fields or shape mismatches; returns\n * empty array on non-array input.\n */\nexport function extractUniversalIssues(raw: unknown): UniversalZodIssue[] {\n if (!Array.isArray(raw)) return []\n const out: UniversalZodIssue[] = []\n for (const entry of raw) {\n if (typeof entry !== 'object' || entry === null) continue\n const obj = entry as Record<string, unknown>\n if (!Array.isArray(obj.path)) continue\n if (typeof obj.message !== 'string') continue\n // Path entries must be string or number\n const path: (string | number)[] = []\n let pathValid = true\n for (const seg of obj.path) {\n if (typeof seg === 'string' || typeof seg === 'number') {\n path.push(seg)\n } else {\n pathValid = false\n break\n }\n }\n if (!pathValid) continue\n out.push({\n path,\n message: obj.message,\n code: typeof obj.code === 'string' ? obj.code : undefined,\n })\n }\n return out\n}\n\n/**\n * Type guard for `ActionError` (and its subclass `ActionInputError`). True\n * iff the value is an instance of `ActionError`. Use `isInputError` to\n * narrow specifically to validation failures.\n */\nexport function isActionError(value: unknown): value is ActionError {\n return value instanceof ActionError\n}\n\n/**\n * Type guard narrowing to `ActionInputError`. Requires `instanceof` check\n * (not duck-typing on `type`) to prevent attacker-controlled JSON from\n * being mistaken for a real error instance.\n */\nexport function isInputError(value: unknown): value is ActionInputError {\n return value instanceof ActionInputError\n}\n\n/**\n * `ActionResult<TData, TError>` — discriminated union returned by client-side\n * action invocation. Either `{data, error: undefined}` (success) or\n * `{data: undefined, error}` (failure). Mirrors Astro `SafeResult` shape.\n */\nexport type ActionResult<TData = unknown, TError extends ActionError = ActionError> =\n | { data: TData; error: undefined }\n | { data: undefined; error: TError }\n\n/**\n * `SerializedActionResult` — wire-shape emitted by `serializeActionResult`\n * in `server/http/serialize-action-result.ts` (T1.3). Discriminator `type`\n * distinguishes data (devalue-encoded), error (JSON), and empty (204) cases.\n */\nexport type SerializedActionResult =\n | {\n type: 'data'\n status: number\n contentType: 'application/json+devalue'\n body: string\n }\n | {\n type: 'error'\n status: number\n contentType: 'application/json'\n body: string\n }\n | { type: 'empty'; status: 204 }\n\n/**\n * `ActionManifestEntry` — per-action metadata emitted by `action-scan.ts`\n * (T1.4) into `.theokit/actions-manifest.json`. Consumed by virtual module\n * `@theo/actions` (T3.1) and G4 devtools \"Actions\" tab (T5.1).\n */\nexport interface ActionManifestEntry {\n readonly name: string\n readonly filePath: string\n readonly urlPath: string\n readonly accept: 'form' | 'json'\n readonly hasInput: boolean\n}\n","/**\n * FormData → ZodObject coercion driven by the declared schema.\n *\n * Per plan g3-server-actions-and-useaction v1.2 § Phase 1 / T1.3 + Astro\n * runtime/server.ts:323-397 pattern (adapted to Zod 4 shape access via\n * `.def.shape`). FormData entries arrive as strings (or File for binary);\n * we walk the schema field-by-field and coerce to the declared zod type\n * before letting `safeParse` finalize validation.\n *\n * Supports: ZodString, ZodNumber, ZodBoolean, ZodArray (via getAll), nested\n * ZodObject (via dot-notation prefix), ZodOptional / ZodNullable / ZodDefault\n * wrappers. Skips: ZodDiscriminatedUnion + ZodPipe + ZodIntersection (deferred\n * to consumer's safeParse fallback — values returned as-is, zod will validate\n * or coerce).\n */\nimport { z } from 'zod'\n\n/**\n * Walk the declared ZodObject schema and pull values from `formData`,\n * coercing per-field. Returns a plain object suitable for `schema.safeParse`.\n *\n * `prefix` is used for recursive nested-object resolution: a nested field at\n * `user.address.zip` is read from formData key `user.address.zip` (top-level\n * call uses empty prefix).\n */\nexport function formDataToObject(\n formData: FormData,\n schema: z.ZodObject<z.ZodRawShape>,\n prefix = '',\n): Record<string, unknown> {\n // Zod 4: `.shape` is a direct property on ZodObject.\n const shape = schema.shape as Record<string, z.ZodType>\n const out: Record<string, unknown> = {}\n\n for (const [key, rawValidator] of Object.entries(shape)) {\n const fullKey = prefix + key\n const validator = unwrapWrappers(rawValidator)\n\n if (validator instanceof z.ZodObject) {\n // Recurse for nested object types\n const nestedPrefix = `${fullKey}.`\n const hasNestedKeys = [...formData.keys()].some((k) => k.startsWith(nestedPrefix))\n if (hasNestedKeys) {\n out[key] = formDataToObject(formData, validator, nestedPrefix)\n continue\n }\n // No nested keys present — apply default / nullable / undefined semantics\n out[key] = unwrapMissingDefault(rawValidator)\n continue\n }\n\n if (validator instanceof z.ZodArray) {\n const values = formData.getAll(fullKey)\n out[key] = coerceArrayElements(values, validator as z.ZodArray<z.ZodType>)\n continue\n }\n\n if (validator instanceof z.ZodBoolean) {\n out[key] = coerceBoolean(formData, fullKey)\n continue\n }\n\n // Scalar (string / number / etc.)\n if (formData.has(fullKey)) {\n const raw = formData.get(fullKey)\n out[key] = coerceScalar(raw, validator)\n } else {\n out[key] = unwrapMissingDefault(rawValidator)\n }\n }\n\n return out\n}\n\n/** Strip ZodOptional / ZodNullable / ZodDefault to reach the inner validator. */\nfunction unwrapWrappers(validator: z.ZodType): z.ZodType {\n let inner: z.ZodType = validator\n while (\n inner instanceof z.ZodOptional ||\n inner instanceof z.ZodNullable ||\n inner instanceof z.ZodDefault\n ) {\n inner = getInnerType(inner)\n }\n return inner\n}\n\nfunction getInnerType(wrapper: z.ZodType): z.ZodType {\n // Zod 4 stores inner type in def.innerType\n const def = wrapper.def as unknown as { innerType?: z.ZodType }\n if (def.innerType) return def.innerType\n // Fallback: try _def for cross-version compat\n const legacyDef = (wrapper as unknown as { _def?: { innerType?: z.ZodType } })._def\n if (legacyDef?.innerType) return legacyDef.innerType\n return wrapper\n}\n\n/**\n * What to return when a field is missing from FormData:\n * - ZodDefault → the default value (evaluated if function)\n * - ZodNullable → null\n * - ZodOptional → undefined\n * - else → undefined (consumer safeParse will likely error)\n */\nfunction unwrapMissingDefault(validator: z.ZodType): unknown {\n let cursor: z.ZodType = validator\n while (\n cursor instanceof z.ZodOptional ||\n cursor instanceof z.ZodNullable ||\n cursor instanceof z.ZodDefault\n ) {\n if (cursor instanceof z.ZodDefault) {\n const def = cursor.def as unknown as { defaultValue: unknown }\n return typeof def.defaultValue === 'function'\n ? (def.defaultValue as () => unknown)()\n : def.defaultValue\n }\n if (cursor instanceof z.ZodNullable) return null\n cursor = getInnerType(cursor)\n }\n return undefined\n}\n\nfunction coerceScalar(raw: FormDataEntryValue | null, validator: z.ZodType): unknown {\n if (raw === null) return undefined\n if (validator instanceof z.ZodNumber) {\n return typeof raw === 'string' ? Number(raw) : raw\n }\n // String, File, default — pass through (zod will validate File via .instanceof if used)\n return raw\n}\n\nfunction coerceArrayElements(\n values: FormDataEntryValue[],\n arrayValidator: z.ZodArray<z.ZodType>,\n): unknown[] {\n // zod 4 stores the array element schema in `def.element` (`def.type` is the\n // discriminator string 'array'). Fall back to `def.type` for older shapes.\n const def = arrayValidator.def as unknown as { element?: z.ZodType; type?: unknown }\n const elementSchema = def.element ?? (def.type instanceof z.ZodType ? def.type : undefined)\n const elementType = elementSchema ? unwrapWrappers(elementSchema) : undefined\n if (elementType instanceof z.ZodNumber) {\n return values.map((v) => (typeof v === 'string' ? Number(v) : v))\n }\n if (elementType instanceof z.ZodBoolean) {\n return values.map((v) => {\n if (v === 'true') return true\n if (v === 'false') return false\n return Boolean(v)\n })\n }\n // String / File / unknown — pass through\n return values\n}\n\nfunction coerceBoolean(formData: FormData, key: string): boolean | undefined {\n if (!formData.has(key)) return undefined\n const val = formData.get(key)\n if (val === 'true') return true\n if (val === 'false') return false\n // Presence with truthy non-boolean string (e.g., HTML checkbox \"on\") → true\n return Boolean(val)\n}\n","/**\n * Maps a TheoErrorEnvelope `code` to its canonical HTTP status.\n *\n * Single source of truth — previously duplicated in `web-handler.ts` and\n * `handle-request-error.ts` (architecture-remediation plan T1.2, 2026-06-12).\n *\n * Every TheoErrorCode value MUST have an explicit entry here. SDK-domain codes\n * (AGENT_RUN_ERROR, PROVIDER_KEY_MISSING, BUDGET_EXCEEDED, CREDENTIAL_POOL_EXHAUSTED)\n * intentionally map to 500 — they represent internal failures, not client errors.\n */\n\nconst CODE_TO_STATUS: Record<string, number> = {\n // 4xx — client errors\n BAD_REQUEST: 400,\n UNAUTHORIZED: 401,\n FORBIDDEN: 403,\n NOT_FOUND: 404,\n METHOD_NOT_ALLOWED: 405,\n CONFLICT: 409,\n PRECONDITION_FAILED: 412,\n PAYLOAD_TOO_LARGE: 413,\n UNSUPPORTED_MEDIA_TYPE: 415,\n UNPROCESSABLE_ENTITY: 422,\n TOO_MANY_REQUESTS: 429,\n RATE_LIMITED: 429,\n\n // 5xx — server errors\n INTERNAL_SERVER_ERROR: 500,\n NOT_IMPLEMENTED: 501,\n BAD_GATEWAY: 502,\n SERVICE_UNAVAILABLE: 503,\n GATEWAY_TIMEOUT: 504,\n\n // SDK-domain codes — intentionally 500\n AGENT_RUN_ERROR: 500,\n PROVIDER_KEY_MISSING: 500,\n BUDGET_EXCEEDED: 500,\n CREDENTIAL_POOL_EXHAUSTED: 500,\n}\n\nexport function envelopeCodeToStatus(code: string): number {\n return CODE_TO_STATUS[code] ?? 500\n}\n","import type { IncomingMessage, ServerResponse } from 'node:http'\n\nimport { isAuthRequiredError } from '../../core/contracts/auth-error-guard.js'\nimport { envelopeCodeToStatus } from '../../core/contracts/envelope-code-to-status.js'\nimport { serverErrorToEnvelope } from '../../core/contracts/server-error-to-envelope.js'\nimport type { PluginContext } from '../plugin-types.js'\nimport type { PluginRunner } from '../plugins/plugin-runner.js'\n\nimport { sendError } from './send-response.js'\n\n/**\n * Canonical error handler for HTTP request pipelines (T3.4 of\n * architecture-review-remediation-plan, PV-9 DRY).\n *\n * Replaces the duplicated catch-block logic in `executeRoute` (1 site) and\n * `executeAction` (1 site, via `handleActionError`). Both code paths now\n * share this implementation.\n *\n * Behavior contract (preserved from previous inline catches):\n * - Plugin `onError` fires first (swallowed if it throws — never amplify failure).\n * - `AuthRequiredError` is detected via `instanceof` AND a duck-type shape\n * check (`code === 'AUTH_REQUIRED' && status === 401`) — required because\n * under Vite dev / vitest the module-loader can produce a duplicate\n * AuthRequiredError class identity, breaking `instanceof`.\n * - `onResponse({ inErrorPath: true })` always fires at the end (swallowed\n * if it throws — EC-9).\n */\nexport interface HandleRequestErrorCtx {\n req: IncomingMessage\n res: ServerResponse\n requestId: string | undefined\n pluginRunner: PluginRunner | undefined\n buildPluginCtx: (ctxObj: Record<string, unknown>) => PluginContext\n}\n\nexport async function handleRequestError(err: unknown, c: HandleRequestErrorCtx): Promise<void> {\n // 1. onError hook — swallowed on failure (EC-9 — never amplify)\n if (c.pluginRunner) {\n const errCtxObj: Record<string, unknown> = {}\n c.pluginRunner.applyDecorations(errCtxObj)\n try {\n await c.pluginRunner.runOnError(c.buildPluginCtx(errCtxObj), err)\n } catch {\n // onError handlers must never destabilize the response.\n }\n // EC-9: response may already have been ended by an onError hook\n if (c.res.writableEnded) {\n try {\n await c.pluginRunner.runOnResponse(c.buildPluginCtx(errCtxObj), {\n inErrorPath: true,\n })\n } catch {\n // Containment (same as above).\n }\n return\n }\n }\n\n // 2. Auth error detection (shape-based guard from core/contracts)\n if (isAuthRequiredError(err)) {\n const authErr = err as { code: string; message: string; status: number }\n sendError(c.res, authErr.code, authErr.message, authErr.status, undefined, c.requestId)\n } else {\n // M7-1: a thrown TheoError (incl. NotFoundError) carries a typed code that\n // maps to a real status — emit it. An untyped/unknown error has no typed\n // code (serverErrorToEnvelope falls back to INTERNAL_SERVER_ERROR), so we\n // preserve the legacy INTERNAL_ERROR path, which `sendError` special-cases\n // for production message masking + structured logging. This keeps generic\n // 500s backward-compatible while giving typed errors their proper envelope.\n const envelope = serverErrorToEnvelope(err)\n if (envelope.code === 'INTERNAL_SERVER_ERROR') {\n sendError(\n c.res,\n 'INTERNAL_ERROR',\n err instanceof Error ? err.message : 'Internal server error',\n 500,\n undefined,\n c.requestId,\n )\n } else {\n sendError(\n c.res,\n envelope.code,\n envelope.message,\n envelopeCodeToStatus(envelope.code),\n undefined,\n c.requestId,\n )\n }\n }\n\n // 3. onResponse(inErrorPath) — swallowed on failure (EC-9)\n if (c.pluginRunner) {\n const errCtxObj: Record<string, unknown> = {}\n c.pluginRunner.applyDecorations(errCtxObj)\n try {\n await c.pluginRunner.runOnResponse(c.buildPluginCtx(errCtxObj), {\n inErrorPath: true,\n })\n } catch {\n // Containment.\n }\n }\n}\n\n/**\n * T5a.2 Phase G slice 3/N — Web-Standards request error handler.\n *\n * Mirror of `handleRequestError(err, c: HandleRequestErrorCtx)` for the\n * Web `Request` shape. Returns a native `Response` directly instead of\n * mutating `res`. Same behavioral contract:\n *\n * 1. Auth-error detection via `instanceof AuthRequiredError` PLUS a\n * duck-type fallback (`code === 'AUTH_REQUIRED' && status === 401`)\n * — needed because Vite dev / vitest can produce duplicate class\n * identities, breaking `instanceof`.\n * 2. Envelope-shaped JSON body using `serverErrorToEnvelope` (G5 D3\n * boundary translation).\n * 3. Status code derived from envelope.code via `envelopeCodeToStatus`\n * mirror (already implemented inline in web-handler.ts; this slice\n * uses the same mapping table).\n *\n * **Difference vs IncomingMessage path:** the Web path's plugin runner\n * orchestration lives in `executeWebRequest`'s `runWithHooks` /\n * `runErrorHooks` (Phase G slice 1/N) — `handleWebRequestError` is the\n * leaf that builds the error Response WITHOUT touching plugin hooks.\n * Callers compose: `executeWebRequest` (or future Web execute pipeline)\n * catches a throw, calls `handleWebRequestError(err, { requestId })` to\n * build the Response, then routes through onError hooks separately.\n */\nexport interface HandleWebRequestErrorCtx {\n requestId?: string\n}\n\nexport async function handleWebRequestError(\n err: unknown,\n ctx: HandleWebRequestErrorCtx = {},\n): Promise<Response> {\n // Lazy import to avoid pulling the full envelope translator into the\n // bundle for consumers who don't hit the error path. Same dynamic-\n // import pattern as web-handler.ts's parseBodyFull.\n const { serverErrorToEnvelope } = await import('../../core/contracts/server-error-to-envelope.js')\n\n // 1. Auth-error detection (shape-based guard from core/contracts)\n if (isAuthRequiredError(err)) {\n const authErr = err as { code?: string; message?: string; status?: number }\n return new Response(\n JSON.stringify({\n code: authErr.code ?? 'AUTH_REQUIRED',\n message: authErr.message ?? 'Authentication required',\n }),\n {\n status: authErr.status ?? 401,\n headers: {\n 'content-type': 'application/json',\n ...(ctx.requestId !== undefined ? { 'x-request-id': ctx.requestId } : {}),\n },\n },\n )\n }\n\n // 2. Envelope translation for everything else (G5 D3 boundary).\n const envelope = serverErrorToEnvelope(err)\n return new Response(JSON.stringify(envelope), {\n status: envelopeCodeToStatus(envelope.code),\n headers: {\n 'content-type': 'application/json',\n ...(ctx.requestId !== undefined ? { 'x-request-id': ctx.requestId } : {}),\n },\n })\n}\n\n// envelopeCodeToStatus extracted to core/contracts/envelope-code-to-status.ts\n// (architecture-remediation T1.2, 2026-06-12)\n","/**\n * Server-side action result serializer.\n *\n * Per plan g3-server-actions-and-useaction v1.2 § Phase 1 / T1.3 + ADR D1.\n * Wraps `devalue.stringify` for success payloads (preserves Date/Set/URL/bigint\n * roundtrip) and JSON-encodes error envelopes for `ActionError` /\n * `ActionInputError`. Returns a `SerializedActionResult` discriminated union\n * consumed by the HTTP send layer (`action-execute.ts`).\n *\n * EC absorbed:\n * - EC-3 (response side): `responseBodySizeLimit` default 5 MB; throws\n * `ActionError({code:'PAYLOAD_TOO_LARGE'})` when the serialized body\n * exceeds the limit. Prevents handler-returns-100MB DoS.\n */\nimport { stringify as devalueStringify } from 'devalue'\n\nimport {\n ActionError,\n ActionInputError,\n type ActionResult,\n type SerializedActionResult,\n} from '../../core/contracts/action-protocol.js'\n\nconst DEFAULT_RESPONSE_BODY_SIZE_LIMIT = 5 * 1024 * 1024 // 5 MB\n\nexport interface SerializeOptions {\n /**\n * Maximum allowed length of the serialized response body in BYTES (UTF-8\n * length of `body` string is checked, not the JS string length). Default\n * 5 MB. Configurable via `defineConfig({security:{responseBodySizeLimit}})`.\n */\n responseBodySizeLimit?: number\n}\n\n/**\n * Serialize an action result for the wire.\n *\n * - Success with data: `application/json+devalue` body via devalue.stringify\n * with a `URL` reviver for round-tripping URL instances.\n * - Success with `undefined` data: status 204 empty.\n * - Error: `application/json` JSON body with type discriminator\n * (`TheoActionError` or `TheoActionInputError`) + code + message\n * (+ fields/issues for input errors).\n *\n * Throws `ActionError({code:'PAYLOAD_TOO_LARGE'})` if the serialized body\n * exceeds the configured size limit (EC-3).\n *\n * Throws on `Response` instance as data (Astro guard — handler must return\n * plain JSON-serializable values, not Web Response objects).\n */\nexport function serializeActionResult(\n result: ActionResult,\n options: SerializeOptions = {},\n): SerializedActionResult {\n const limit = options.responseBodySizeLimit ?? DEFAULT_RESPONSE_BODY_SIZE_LIMIT\n\n if (result.error !== undefined) {\n const body =\n result.error instanceof ActionInputError\n ? JSON.stringify({\n type: result.error.type,\n code: result.error.code,\n message: result.error.message,\n issues: result.error.issues,\n fields: result.error.fields,\n })\n : JSON.stringify({\n type: result.error.type,\n code: result.error.code,\n message: result.error.message,\n })\n if (Buffer.byteLength(body, 'utf8') > limit) {\n throw new ActionError({\n code: 'PAYLOAD_TOO_LARGE',\n message: `Serialized error body exceeds limit (${limit} bytes)`,\n })\n }\n return {\n type: 'error',\n status: result.error.status,\n contentType: 'application/json',\n body,\n }\n }\n\n if (result.data === undefined) {\n return { type: 'empty', status: 204 }\n }\n\n if (result.data instanceof Response) {\n throw new ActionError({\n code: 'INTERNAL_SERVER_ERROR',\n message: 'Action handler cannot serialize Response objects — return plain data instead',\n })\n }\n\n let body: string\n try {\n body = devalueStringify(result.data, {\n URL: (value: unknown) => value instanceof URL && value.href,\n })\n } catch (e) {\n throw new ActionError({\n code: 'INTERNAL_SERVER_ERROR',\n message: `Action data not serializable: ${e instanceof Error ? e.message : String(e)}`,\n })\n }\n\n if (Buffer.byteLength(body, 'utf8') > limit) {\n throw new ActionError({\n code: 'PAYLOAD_TOO_LARGE',\n message: `Serialized response body exceeds limit (${limit} bytes)`,\n })\n }\n\n return {\n type: 'data',\n status: 200,\n contentType: 'application/json+devalue',\n body,\n }\n}\n","import type { IncomingMessage, ServerResponse } from 'node:http'\n\nimport type { z } from 'zod'\n\nimport {\n ActionError,\n ActionInputError,\n type ActionErrorCode,\n} from '../../core/contracts/action-protocol.js'\nimport { parseRequestBody, type ParsedBody } from '../body-parser.js'\nimport type { PluginContext } from '../plugin-types.js'\nimport type { PluginRunner } from '../plugins/plugin-runner.js'\nimport type { LoadModule } from '../scan/module-loader.js'\nimport { dispatchCsrfWarn } from '../security/csrf-warn-dispatch.js'\nimport { enforceCsrf, type CsrfMode, type DisallowedConfig } from '../security/csrf.js'\n\nimport { sendError } from './execute.js'\nimport { formDataToObject } from './form-data-to-object.js'\nimport { handleRequestError } from './handle-request-error.js'\nimport { runMiddlewareAndContext } from './middleware-runner.js'\nimport { serializeActionResult } from './serialize-action-result.js'\n\n// Universal dev gate — same IIFE pattern as track-agent-run (EC-11 tree-shake).\n// Both checks are statically replaceable by bundlers in prod build, so the\n// devtools dispatcher import is eliminated from prod bundles entirely.\nconst __IS_DEV = (() => {\n try {\n return (import.meta as { env?: { DEV?: boolean } }).env?.DEV === true\n } catch {\n return process.env.NODE_ENV !== 'production'\n }\n})()\n\n// Minimal Zod-shaped contract — we only need `safeParse`, not the whole API.\ninterface ZodLike {\n safeParse: (value: unknown) => {\n success: boolean\n data?: unknown\n error?: { issues: z.ZodIssue[] }\n }\n}\n\n// Shape of a `defineAction` export. Anchored by structural typing — we do\n// not import the action factory's return type to avoid module cycles, but\n// we do reject inputs that fail the structural test.\ninterface ActionConfig {\n input: ZodLike\n handler: (params: { input: unknown; ctx: unknown }) => unknown\n csrf?: false\n /** T1.3 sub-C: wire-protocol accept mode (defaults to 'json' when omitted). */\n accept?: 'form' | 'json'\n}\n\nfunction isActionConfig(value: unknown): value is ActionConfig {\n if (typeof value !== 'object' || value === null) return false\n const candidate = value as Record<string, unknown>\n if (typeof candidate.handler !== 'function') return false\n const input = candidate.input as ZodLike | undefined\n return typeof input?.safeParse === 'function'\n}\n\nexport interface ExecuteActionOptions {\n filePath: string\n exportName: string\n req: IncomingMessage\n res: ServerResponse\n loadModule: LoadModule\n serverDir?: string\n requestId?: string\n pluginRunner?: PluginRunner\n csrfMode?: CsrfMode\n disallowed?: DisallowedConfig\n}\n\n// Backwards-compatible positional signature; the options-shape is the new\n// preferred entry point and what the framework uses internally.\n// eslint-disable-next-line max-params -- public API surface; existing callers pass positional args\nexport async function executeAction(\n filePath: string,\n exportName: string,\n req: IncomingMessage,\n res: ServerResponse,\n loadModule: LoadModule,\n serverDir?: string,\n requestId?: string,\n pluginRunner?: PluginRunner,\n csrfMode: CsrfMode = 'strict',\n disallowed?: DisallowedConfig,\n): Promise<void> {\n return executeActionWithOptions({\n filePath,\n exportName,\n req,\n res,\n loadModule,\n serverDir,\n requestId,\n pluginRunner,\n csrfMode,\n disallowed,\n })\n}\n\nasync function loadActionConfig(\n loadModule: LoadModule,\n filePath: string,\n exportName: string,\n res: ServerResponse,\n requestId: string | undefined,\n): Promise<ActionConfig | null> {\n const mod = await loadModule(filePath)\n const exportedValue = mod[exportName]\n if (!isActionConfig(exportedValue)) {\n sendError(res, 'NOT_FOUND', `Action \"${exportName}\" not found`, 404, undefined, requestId)\n return null\n }\n return exportedValue\n}\n\ninterface CsrfActionCtx {\n actionConfig: ActionConfig\n csrfMode: CsrfMode\n disallowed: DisallowedConfig | undefined\n requestId: string | undefined\n}\n\nfunction enforceCsrfForAction(\n req: IncomingMessage,\n res: ServerResponse,\n ctx: CsrfActionCtx,\n): boolean {\n if (ctx.actionConfig.csrf === false) return true\n const decision = enforceCsrf(\n req,\n ctx.csrfMode,\n {\n // T3.3 DRY — canonical dispatcher\n warn: dispatchCsrfWarn,\n path: req.url,\n },\n ctx.disallowed,\n )\n if (decision.allow) return true\n sendError(\n res,\n 'CSRF_INVALID',\n decision.reason ?? 'CSRF check failed',\n 403,\n undefined,\n ctx.requestId,\n )\n return false\n}\n\ninterface ActionPipeline {\n ctx: Record<string, unknown>\n buildPluginCtx: (ctxObj: Record<string, unknown>) => PluginContext\n pluginRunner: PluginRunner | undefined\n serverDir: string | undefined\n loadModule: LoadModule\n req: IncomingMessage\n res: ServerResponse\n}\n\nasync function runPreHandlerPipeline(p: ActionPipeline): Promise<boolean> {\n if (p.serverDir) {\n const result = await runMiddlewareAndContext(p.req, p.res, p.loadModule, p.serverDir)\n if (result.aborted) return false\n Object.assign(p.ctx, (result.ctx ?? {}) as Record<string, unknown>)\n p.pluginRunner?.applyDecorations(p.ctx)\n }\n if (p.pluginRunner) {\n const preResult = await p.pluginRunner.runPreHandler(p.buildPluginCtx(p.ctx))\n if (preResult.shortCircuited) return false\n }\n return true\n}\n\nasync function readActionBody(\n req: IncomingMessage,\n res: ServerResponse,\n requestId: string | undefined,\n actionConfig: ActionConfig,\n): Promise<{ ok: true; body: unknown } | { ok: false }> {\n try {\n const parsed = await parseRequestBody(req)\n const accept = actionConfig.accept ?? 'json'\n let body: unknown\n if (accept === 'form') {\n body = formDataToObject(\n synthesizeFormData(parsed),\n actionConfig.input as unknown as z.ZodObject<z.ZodRawShape>,\n )\n } else if (parsed.json !== undefined) {\n body = parsed.json\n } else {\n body = parsed.fields\n }\n return { ok: true, body }\n } catch (err) {\n sendError(res, 'VALIDATION_ERROR', (err as Error).message, 400, undefined, requestId)\n return { ok: false }\n }\n}\n\n/**\n * Build a FormData instance from the body-parser's `ParsedBody`. Fields become\n * string entries; files become Blob entries with the original filename. Used\n * only when `accept === 'form'` to feed `formDataToObject`.\n */\nfunction synthesizeFormData(parsed: ParsedBody): FormData {\n const fd = new FormData()\n for (const [name, value] of Object.entries(parsed.fields)) {\n fd.append(name, value)\n }\n for (const file of parsed.files) {\n const blob = new Blob([file.buffer as unknown as ArrayBuffer], {\n type: file.mimeType,\n })\n fd.append(file.fieldname, blob, file.filename)\n }\n return fd\n}\n\n/**\n * Write a serialized ActionResult to the response. Sets content-type, status,\n * and body. Returns void; caller must not write further after invoking.\n */\nfunction writeSerialized(\n res: ServerResponse,\n serialized: ReturnType<typeof serializeActionResult>,\n): void {\n if (serialized.type === 'empty') {\n res.statusCode = serialized.status\n res.end()\n return\n }\n res.statusCode = serialized.status\n res.setHeader('Content-Type', serialized.contentType)\n res.end(serialized.body)\n}\n\n/**\n * Dev-only telemetry: dispatch ACTION_CALL_ADD so the devtools Actions tab\n * (T5.1) can render this call. Tree-shaken in prod via __IS_DEV guard.\n * Mirrors trackAgentRun pattern. Never throws (swallow + log).\n */\nasync function emitActionCallTelemetry(\n name: string,\n startedAt: number,\n input: unknown,\n outcome: { status: 'success'; output: unknown } | { status: 'error'; error: ActionError },\n): Promise<void> {\n if (!__IS_DEV) return\n try {\n const mod = (await import('../../devtools/bridge/dispatcher.js')) as {\n dispatcher: {\n onActionCall: (r: {\n id: string\n timestamp: number\n name: string\n input: unknown\n output?: unknown\n error?: { code: string; message: string; fields?: Record<string, string[]> }\n durationMs: number\n status: 'success' | 'error'\n }) => void\n }\n }\n mod.dispatcher.onActionCall({\n // eslint-disable-next-line sonarjs/pseudo-random -- non-secret correlation id\n id: `act-${String(Date.now())}-${Math.random().toString(36).slice(2, 8)}`,\n timestamp: startedAt,\n name,\n input,\n output: outcome.status === 'success' ? outcome.output : undefined,\n error:\n outcome.status === 'error'\n ? {\n code: outcome.error.code,\n message: outcome.error.message,\n fields: outcome.error instanceof ActionInputError ? outcome.error.fields : undefined,\n }\n : undefined,\n durationMs: Date.now() - startedAt,\n status: outcome.status,\n })\n } catch {\n // devtools dispatcher missing in some prod-like bundle — silently skip\n }\n}\n\nasync function executeActionWithOptions(opts: ExecuteActionOptions): Promise<void> {\n const {\n filePath,\n exportName,\n req,\n res,\n loadModule,\n serverDir,\n requestId,\n pluginRunner,\n csrfMode = 'strict',\n disallowed,\n } = opts\n\n const buildPluginCtx = (ctxObj: Record<string, unknown>): PluginContext => ({\n request: req,\n response: res,\n ctx: ctxObj,\n requestId: requestId ?? 'no-id',\n })\n\n let ctx: Record<string, unknown> = {}\n\n try {\n // 1. Only POST.\n if ((req.method ?? 'GET').toUpperCase() !== 'POST') {\n sendError(res, 'METHOD_NOT_ALLOWED', 'Actions only accept POST', 405, undefined, requestId)\n return\n }\n\n // 2. Plugin onRequest hook (parity with executeRoute).\n if (pluginRunner) {\n pluginRunner.applyDecorations(ctx)\n const onReqResult = await pluginRunner.runOnRequest(buildPluginCtx(ctx))\n if (onReqResult.shortCircuited) return\n }\n\n // 3. Load module + locate action export.\n const actionConfig = await loadActionConfig(loadModule, filePath, exportName, res, requestId)\n if (!actionConfig) return\n\n // 4. CSRF enforcement\n if (!enforceCsrfForAction(req, res, { actionConfig, csrfMode, disallowed, requestId })) {\n return\n }\n\n // 5+6. Middleware + context pipeline, then plugin preHandler.\n const pipeline: ActionPipeline = {\n ctx,\n buildPluginCtx,\n pluginRunner,\n serverDir,\n loadModule,\n req,\n res,\n }\n if (!(await runPreHandlerPipeline(pipeline))) return\n ctx = pipeline.ctx\n\n // 7. Parse body (supports JSON and multipart/form-data).\n const bodyOutcome = await readActionBody(req, res, requestId, actionConfig)\n if (!bodyOutcome.ok) return\n\n // T1.3 sub-C action name derived from exportName for telemetry.\n const actionName = exportName === 'default' ? deriveActionNameFromPath(filePath) : exportName\n const startedAt = Date.now()\n\n // 8. Validate input with Zod — failure → ActionInputError envelope (T0.1 + ADR D6).\n const result = actionConfig.input.safeParse(bodyOutcome.body)\n if (!result.success) {\n const inputErr = new ActionInputError(result.error?.issues ?? [])\n writeSerialized(res, serializeActionResult({ data: undefined, error: inputErr }))\n await emitActionCallTelemetry(actionName, startedAt, bodyOutcome.body, {\n status: 'error',\n error: inputErr,\n })\n return\n }\n\n await runActionHandler({\n actionConfig,\n actionName,\n startedAt,\n input: result.data,\n ctx,\n res,\n pluginRunner,\n buildPluginCtx,\n })\n } catch (err) {\n await handleActionError(err, { req, res, ctx, requestId, pluginRunner, buildPluginCtx })\n }\n}\n\n/** Derive a stable display name from filePath when handler exported as default. */\nfunction deriveActionNameFromPath(filePath: string): string {\n const base = filePath.split(/[\\\\/]/).pop() ?? 'unknown'\n return base.replace(/\\.[jt]sx?$/, '')\n}\n\n/**\n * Duck-typed guard for ActionError-shaped throws. Necessary because Vite SSR\n * may load multiple module copies of `core/contracts/action-protocol.ts` when\n * the fixture resolves `theokit/server` via a different path than the runtime\n * import — `err instanceof ActionError` then fails even though the user\n * legitimately threw `new ActionError(...)`.\n *\n * Server-only: only invoked on handler-thrown errors (trust boundary already\n * inside the action runtime). Not safe to use on client-parsed JSON — for\n * that path keep `isActionError` (the instanceof guard) from action-protocol.\n */\nfunction isActionErrorLike(err: unknown): err is ActionError {\n if (err === null || typeof err !== 'object') return false\n const obj = err as Record<string, unknown>\n return (\n (obj.type === 'TheoActionError' || obj.type === 'TheoActionInputError') &&\n typeof obj.code === 'string' &&\n typeof obj.status === 'number'\n )\n}\n\ninterface HandlerCtx {\n actionConfig: ActionConfig\n actionName: string\n startedAt: number\n input: unknown\n ctx: Record<string, unknown>\n res: ServerResponse\n pluginRunner: PluginRunner | undefined\n buildPluginCtx: (ctxObj: Record<string, unknown>) => PluginContext\n}\n\nasync function runActionHandler(args: HandlerCtx): Promise<void> {\n try {\n const handlerResult = await args.actionConfig.handler({ input: args.input, ctx: args.ctx })\n // T1.3 sub-C — wire devalue serialization (ADR D1). Undefined → 204; data → 200 + json+devalue.\n writeSerialized(args.res, serializeActionResult({ data: handlerResult, error: undefined }))\n if (args.pluginRunner) {\n await args.pluginRunner.runOnResponse(args.buildPluginCtx(args.ctx))\n }\n await emitActionCallTelemetry(args.actionName, args.startedAt, args.input, {\n status: 'success',\n output: handlerResult,\n })\n } catch (err) {\n // Handler-thrown ActionError → use the typed envelope; other throws bubble\n // up to executeActionWithOptions for handleActionError fallback chain.\n // Duck-type the `type` discriminator (not instanceof): Vite SSR can load\n // multiple module copies of action-protocol.ts when fixture and runtime\n // resolve different paths; `err instanceof ActionError` then fails even\n // when the handler legitimately threw via `new ActionError(...)`.\n if (isActionErrorLike(err)) {\n writeSerialized(args.res, serializeActionResult({ data: undefined, error: err }))\n await emitActionCallTelemetry(args.actionName, args.startedAt, args.input, {\n status: 'error',\n error: err,\n })\n return\n }\n // Wrap unknown throws as INTERNAL_SERVER_ERROR with the original message\n // preserved for telemetry; production error handler still consumes via\n // handleActionError fallback (preserves AuthRequiredError duck-type).\n const wrapped = new ActionError({\n code: 'INTERNAL_SERVER_ERROR' satisfies ActionErrorCode,\n message: err instanceof Error ? err.message : 'Action handler threw',\n })\n await emitActionCallTelemetry(args.actionName, args.startedAt, args.input, {\n status: 'error',\n error: wrapped,\n })\n throw err\n }\n}\n\ninterface ActionErrorCtx {\n req: IncomingMessage\n res: ServerResponse\n ctx: Record<string, unknown>\n requestId: string | undefined\n pluginRunner: PluginRunner | undefined\n buildPluginCtx: (ctxObj: Record<string, unknown>) => PluginContext\n}\n\n// T3.4 (PV-9 DRY): delegate to the shared `handleRequestError` helper.\n// Adds the duck-type AuthRequiredError fallback (latent bug fix — was\n// missing from action-execute, present in execute).\nasync function handleActionError(err: unknown, c: ActionErrorCtx): Promise<void> {\n return handleRequestError(err, {\n req: c.req,\n res: c.res,\n requestId: c.requestId,\n pluginRunner: c.pluginRunner,\n buildPluginCtx: c.buildPluginCtx,\n })\n}\n","export function levenshtein(a: string, b: string): number {\n const m = a.length\n const n = b.length\n const dp: number[][] = Array.from({ length: m + 1 }, () =>\n Array.from<number>({ length: n + 1 }).fill(0),\n )\n\n for (let i = 0; i <= m; i++) dp[i][0] = i\n for (let j = 0; j <= n; j++) dp[0][j] = j\n\n for (let i = 1; i <= m; i++) {\n for (let j = 1; j <= n; j++) {\n const cost = a[i - 1] === b[j - 1] ? 0 : 1\n dp[i][j] = Math.min(dp[i - 1][j] + 1, dp[i][j - 1] + 1, dp[i - 1][j - 1] + cost)\n }\n }\n\n return dp[m][n]\n}\n\nexport function findSuggestion(\n input: string,\n candidates: string[],\n maxDistance = 3,\n): string | null {\n let best: string | null = null\n let bestDist = maxDistance + 1\n\n for (const c of candidates) {\n const d = levenshtein(input, c)\n if (d < bestDist) {\n bestDist = d\n best = c\n }\n }\n\n return best\n}\n","import type {\n HookName,\n HookResult,\n OnErrorHook,\n OnRequestHook,\n OnResponseHook,\n PluginContext,\n PluginErrorContext,\n PreHandlerHook,\n RunHookOptions,\n TheoApp,\n TheoPlugin,\n} from '../plugin-types.js'\n\nexport class DuplicatePluginError extends Error {\n constructor(name: string) {\n super(`Plugin \"${name}\" is already registered.`)\n this.name = 'DuplicatePluginError'\n }\n}\n\n/**\n * @deprecated Per T3.1 (C1 plugin scope encapsulation) — duplicate decoration\n * keys across sibling plugins are now PERMITTED because each plugin gets its\n * own child scope via `Object.create(parent)` (Fastify pattern, ADR-0028\n * blueprint D1). This class is retained for one minor cycle so consumers who\n * `instanceof DuplicateDecorationError` continue to compile; the constructor\n * is no longer reachable from `PluginRunner.register()`. Removal scheduled\n * for 0.x+2 per CHANGELOG.\n */\nexport class DuplicateDecorationError extends Error {\n constructor(key: string, existingPlugin: string, newPlugin: string) {\n super(\n `Plugin \"${newPlugin}\" tried to decorate ctx.${key}, but it is already declared by plugin \"${existingPlugin}\".`,\n )\n this.name = 'DuplicateDecorationError'\n }\n}\n\n/**\n * Per-plugin scope built by `Object.create(parentApp)` at `register()` time\n * (T3.1 / Fastify `plugin-override.js:38` pattern). Each plugin's\n * `decorateRequest` calls populate THIS scope's `decorations` map only —\n * parent + sibling scopes are isolated through the JavaScript prototype chain.\n */\ninterface PluginScope {\n /** The child TheoApp instance whose proto chain points at `parentApp`. */\n app: TheoApp\n /** Per-plugin decorations map. Cross-plugin key collision is permitted. */\n decorations: Map<string, unknown>\n}\n\nexport class PluginRunner {\n private plugins = new Set<string>()\n private pluginScopes = new Map<string, PluginScope>()\n private onRequestHooks: OnRequestHook[] = []\n private preHandlerHooks: PreHandlerHook[] = []\n private onResponseHooks: OnResponseHook[] = []\n private onErrorHooks: OnErrorHook[] = []\n\n /**\n * Parent app — proto-chain root for all child scopes. Has its OWN empty\n * decorations map (parent never receives `decorateRequest` calls under\n * the T3.1 contract; only child scopes do).\n */\n private parentDecorations = new Map<string, unknown>()\n private parentApp: TheoApp = this.buildParentAppFacade()\n\n has(name: string): boolean {\n return this.plugins.has(name)\n }\n\n /**\n * Per T3.1 (C1 plugin scope encapsulation):\n * 1. Reserve the plugin name (still rejects duplicates).\n * 2. Build a CHILD TheoApp via `Object.create(parentApp)` — Fastify\n * `plugin-override.js:38` pattern. The child's own `decorateRequest`\n * populates per-scope `decorations`; the child's `addHook` still\n * forwards into the shared hook lists (hooks ARE process-global —\n * only decorations are scoped, mirroring Fastify's decoration vs\n * hook semantics).\n * 3. Invoke `plugin.register(childApp)`.\n *\n * Cross-plugin decoration-key collisions are PERMITTED (per blueprint\n * D1). The legacy `DuplicateDecorationError` is no longer thrown.\n */\n async register(plugin: TheoPlugin): Promise<void> {\n if (this.plugins.has(plugin.name)) {\n throw new DuplicatePluginError(plugin.name)\n }\n // Add to registry FIRST so duplicate detection works even if register throws.\n this.plugins.add(plugin.name)\n\n const scope = this.buildPluginScope(plugin.name)\n this.pluginScopes.set(plugin.name, scope)\n\n try {\n await plugin.register(scope.app)\n } catch (err) {\n // Roll back partial registration so a failed plugin does not leave\n // half-mounted state (T1.1 BDD \"error scenario: plugin throws in\n // register → parent recovery is clean\").\n this.plugins.delete(plugin.name)\n this.pluginScopes.delete(plugin.name)\n throw err\n }\n }\n\n /**\n * Build the parent app facade. Hooks forward to shared lists.\n * `decorateRequest` writes into the parent decorations map — used only\n * if a future consumer registers a non-plugin \"app-level\" decoration\n * directly. T3.1 contract: plugins decorate ONLY through child scopes.\n */\n private buildParentAppFacade(): TheoApp {\n const facade: TheoApp = {\n addHook: (name: HookName, fn: unknown) => {\n this.routeHookByName(name, fn)\n },\n // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-parameters -- T documents the per-decoration type for consumers\n decorateRequest: <T>(key: string, value: T) => {\n this.parentDecorations.set(key, value)\n },\n }\n return facade\n }\n\n /**\n * Build a child scope via `Object.create(parentApp)` so the child\n * inherits the parent's facade methods through the prototype chain.\n * Then override `decorateRequest` on the child instance so writes\n * land in the per-scope `decorations` map (parent is NOT mutated).\n */\n private buildPluginScope(_pluginName: string): PluginScope {\n const decorations = new Map<string, unknown>()\n const childApp: TheoApp = Object.create(this.parentApp) as TheoApp\n // Override decorateRequest on the child instance — parent's facade\n // method stays untouched, so `getParentApp().decorateRequest` still\n // writes to parentDecorations. This is the canonical Fastify pattern.\n // `_pluginName` reserved for future per-scope diagnostics (underscore\n // prefix marks intentional unused param per project lint convention).\n Object.defineProperty(childApp, 'decorateRequest', {\n // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-parameters -- T documents the per-decoration type for consumers\n value: <T>(key: string, value: T) => {\n if (typeof key !== 'string') {\n throw new TypeError(\n `decorateRequest: invalid key (expected string, got ${typeof key}). ` +\n `Plugin authors MUST pass string keys.`,\n )\n }\n decorations.set(key, value)\n },\n enumerable: false,\n writable: false,\n configurable: false,\n })\n // Expose `decorations` on the child instance so `getPluginScope()`\n // consumers (devtools, tests) can introspect without touching this\n // private map. Read-only property — the JS prototype chain rule means\n // child.decorations shadows any parent.decorations the proto exposes.\n Object.defineProperty(childApp, 'decorations', {\n get: () => Object.fromEntries(decorations),\n enumerable: false,\n configurable: false,\n })\n return { app: childApp, decorations }\n }\n\n private routeHookByName(name: HookName, fn: unknown): void {\n switch (name) {\n case 'onRequest':\n this.onRequestHooks.push(fn as OnRequestHook)\n return\n case 'preHandler':\n this.preHandlerHooks.push(fn as PreHandlerHook)\n return\n case 'onResponse':\n this.onResponseHooks.push(fn as OnResponseHook)\n return\n case 'onError':\n this.onErrorHooks.push(fn as OnErrorHook)\n return\n }\n }\n\n /**\n * Apply ALL plugin scopes' decorations into the request ctx. Per T3.1,\n * sibling plugins MAY decorate the same key — last-writer-wins at apply\n * time (ordering = registration order). This keeps the legacy\n * `ctx.<key>` flat surface working for consumers that already aggregate\n * decorations into a single bag.\n */\n applyDecorations(ctx: Record<string, unknown>): void {\n for (const scope of this.pluginScopes.values()) {\n for (const [key, value] of scope.decorations.entries()) {\n ctx[key] = value\n }\n }\n }\n\n /**\n * Apply ONLY one plugin's scoped decorations into `target`. Used by\n * the T1.1 RED-3 test (sibling isolation proof) and by future scope-aware\n * dispatch paths. Throws if the plugin name isn't registered.\n */\n applyScopedDecorations(pluginName: string, target: Record<string, unknown>): void {\n const scope = this.pluginScopes.get(pluginName)\n if (!scope) throw new Error(`PluginRunner: unknown plugin \"${pluginName}\"`)\n for (const [key, value] of scope.decorations.entries()) {\n target[key] = value\n }\n }\n\n /** T1.1 RED-1/RED-4 introspection: returns the child TheoApp built for `pluginName`. */\n getPluginScope(pluginName: string): TheoApp {\n const scope = this.pluginScopes.get(pluginName)\n if (!scope) throw new Error(`PluginRunner: unknown plugin \"${pluginName}\"`)\n return scope.app\n }\n\n /** T1.1 RED-4: returns the parent TheoApp (root of every child's proto chain). */\n getParentApp(): TheoApp {\n return this.parentApp\n }\n\n /** T1.1 RED-2: returns the parent's decorations map (NEVER touched by plugin decorate calls under T3.1 contract). */\n getParentDecorations(): Map<string, unknown> {\n return this.parentDecorations\n }\n\n async runOnRequest(ctx: PluginContext): Promise<HookResult> {\n return this.runHookList(this.onRequestHooks, ctx)\n }\n\n async runPreHandler(ctx: PluginContext): Promise<HookResult> {\n return this.runHookList(this.preHandlerHooks, ctx)\n }\n\n async runOnResponse(ctx: PluginContext, options: RunHookOptions = {}): Promise<HookResult> {\n return this.runHookList(this.onResponseHooks, ctx, options)\n }\n\n /**\n * Run all onError hooks. Swallows errors thrown inside hooks themselves to\n * prevent recursion (an error in an error handler must not trigger onError\n * again).\n */\n async runOnError(ctx: PluginContext, error: unknown): Promise<HookResult> {\n const errorCtx: PluginErrorContext = { ...ctx, error }\n for (const hook of this.onErrorHooks) {\n try {\n await hook(errorCtx)\n } catch (innerErr) {\n // EC-9 + onError-safety: swallow to avoid recursion. Diagnostic\n // surface only — error context is preserved via innerErr arg.\n console.error(\n `[plugin-runner] onError hook threw; suppressed to avoid recursion:`,\n innerErr,\n )\n }\n }\n return { shortCircuited: false }\n }\n\n private async runHookList(\n hooks: readonly ((ctx: PluginContext) => void | Promise<void>)[],\n ctx: PluginContext,\n options: RunHookOptions = {},\n ): Promise<HookResult> {\n for (const hook of hooks) {\n try {\n await hook(ctx)\n } catch (err) {\n if (options.inErrorPath) {\n // EC-9: we're already handling an error; do NOT trigger onError again.\n // Diagnostic surface only — original error preserved via err arg.\n console.error(`[plugin-runner] hook threw during error path; suppressed (EC-9):`, err)\n continue\n }\n throw err\n }\n if (ctx.response.writableEnded || ctx.response.headersSent) {\n return { shortCircuited: true }\n }\n }\n return { shortCircuited: false }\n }\n}\n","import type { TheoPlugin } from '../plugin-types.js'\n\nimport { PluginRunner } from './plugin-runner.js'\n\nexport class InvalidPluginShapeError extends Error {\n constructor(index: number, reason: string) {\n super(`plugins[${index}] is not a valid TheoPlugin: ${reason}`)\n this.name = 'InvalidPluginShapeError'\n }\n}\n\nfunction isPlugin(value: unknown, index: number): value is TheoPlugin {\n if (value == null || typeof value !== 'object') {\n throw new InvalidPluginShapeError(index, 'expected an object')\n }\n const v = value as Record<string, unknown>\n if (typeof v.name !== 'string' || v.name.length === 0) {\n throw new InvalidPluginShapeError(index, 'missing \"name\" string')\n }\n if (typeof v.register !== 'function') {\n throw new InvalidPluginShapeError(index, 'missing \"register\" function')\n }\n return true\n}\n\n/**\n * Build a PluginRunner from a list of plugins typically declared in\n * `theo.config.ts` under the `plugins` field. Returns `undefined` when no\n * plugins are configured so callers can pass `undefined` to `executeRoute`\n * and preserve the zero-overhead path.\n */\nexport async function createPluginRunnerFromConfig(\n plugins: unknown,\n): Promise<PluginRunner | undefined> {\n if (plugins == null) return undefined\n if (!Array.isArray(plugins)) return undefined\n if (plugins.length === 0) return undefined\n\n const runner = new PluginRunner()\n const pluginsArray: unknown[] = plugins\n for (let i = 0; i < pluginsArray.length; i++) {\n const candidate: unknown = pluginsArray[i]\n if (!isPlugin(candidate, i)) {\n // Unreachable in practice — `isPlugin` throws on invalid input.\n // The branch exists to narrow `candidate` to TheoPlugin below.\n continue\n }\n await runner.register(candidate)\n }\n return runner\n}\n","/**\n * T2.1 — RateLimitStore interface.\n *\n * Pluggable backend for the rate limiter. The default `InMemoryStore`\n * preserves current single-instance behavior. Multi-instance deployments\n * (TheoCloud canary, K8s replicas) opt in to a distributed adapter\n * (Redis, Cloudflare KV) without bloating single-instance apps.\n *\n * Contract per ADR D1:\n * - `incr` is atomic — concurrent calls for the same key both observe\n * the same `resetAt` and increment count by 1.\n * - `get` returns `null` for expired entries (not just absent — checks\n * `now > resetAt`).\n * - `reset` removes the key entirely; next `incr` creates fresh.\n *\n * Async signature is honest about Redis adapters even though in-memory\n * implementation is synchronous. Callers MUST await.\n */\n\nexport interface RateLimitState {\n /** Number of requests counted in the current window. */\n count: number\n /** Absolute timestamp (ms since epoch) when this window expires. */\n resetAt: number\n}\n\nexport interface RateLimitStore {\n /**\n * Atomic increment-and-get. If the key is missing OR the previous\n * window expired (`now >= resetAt`), create with `count=1, resetAt=now+windowMs`.\n * Otherwise increment count by 1, preserving the original resetAt.\n */\n incr(key: string, windowMs: number): Promise<RateLimitState>\n\n /** Read current state. Returns `null` for missing or expired entries. */\n get(key: string): Promise<RateLimitState | null>\n\n /** Remove a key. Used by login throttling on success (T6.1). */\n reset(key: string): Promise<void>\n}\n\n/**\n * Default in-memory store. Backed by `Map<string, RateLimitState>`.\n *\n * GC: every 1000 `incr` calls, expired entries are removed. Pathological\n * key explosion is bounded by `MAX_ENTRIES` (LRU-evict oldest insertion).\n *\n * Single-thread by virtue of Node's event loop — `incr` is atomic at the\n * JavaScript level (no preemption between Map.get and Map.set).\n */\nexport class InMemoryStore implements RateLimitStore {\n private store = new Map<string, RateLimitState>()\n /** Bound the map to prevent unbounded growth from pathological inputs. */\n static readonly MAX_ENTRIES = 100_000\n /** GC sweep interval, milliseconds. */\n static readonly GC_INTERVAL_MS = 30_000\n\n private gcTimer: ReturnType<typeof setInterval> | null = null\n\n constructor() {\n // CR-007 fix: GC runs on a timer OUTSIDE the request hot path.\n // Pre-fix, every 1000th `incrSync` triggered a synchronous Map sweep\n // of up to 100K entries — an attacker with diverse client IPs could\n // keep the Map full and force a blocking sweep predictably.\n if (typeof setInterval !== 'undefined') {\n const timer = setInterval(() => {\n this.sweepExpired()\n }, InMemoryStore.GC_INTERVAL_MS)\n this.gcTimer = timer\n // Allow the process to exit even with the timer pending. `unref` is\n // Node-only; not present on browser/Cloudflare `setInterval`.\n const maybeUnref = (timer as { unref?: () => void }).unref\n if (typeof maybeUnref === 'function') maybeUnref.call(timer)\n }\n }\n\n /**\n * Synchronous fast-path used by the legacy sync `createRateLimiter`\n * surface (`api-middleware.ts` is sync). The async `incr` delegates to\n * this for in-memory; external adapters override `incr` directly.\n */\n incrSync(key: string, windowMs: number): RateLimitState {\n if (!Number.isFinite(windowMs) || windowMs <= 0) {\n throw new Error(\n `InMemoryStore.incr: windowMs must be a positive finite number (got ${windowMs})`,\n )\n }\n const now = Date.now()\n\n // Bounded LRU-ish: when over cap, drop oldest insertion.\n if (this.store.size >= InMemoryStore.MAX_ENTRIES) {\n const first = this.store.keys().next().value\n if (first !== undefined) this.store.delete(first)\n }\n\n const entry = this.store.get(key)\n if (!entry || now >= entry.resetAt) {\n const fresh = { count: 1, resetAt: now + windowMs }\n this.store.set(key, fresh)\n return { ...fresh }\n }\n entry.count++\n return { count: entry.count, resetAt: entry.resetAt }\n }\n\n /** Sweep expired entries. Called by the GC timer; safe to call manually. */\n sweepExpired(): void {\n const now = Date.now()\n for (const [k, v] of this.store) {\n if (v.resetAt <= now) this.store.delete(k)\n }\n }\n\n /**\n * Stop the GC timer. Call from tests or when discarding the store. After\n * `dispose`, the store still works but no longer auto-sweeps.\n */\n dispose(): void {\n if (this.gcTimer) {\n clearInterval(this.gcTimer)\n this.gcTimer = null\n }\n }\n\n // The async surface is required by the `RateLimitStore` interface\n // (Redis/etc. adapters are inherently async). For the in-memory case\n // we just adapt the sync implementations to Promises.\n // eslint-disable-next-line @typescript-eslint/require-await -- interface contract: async return\n async incr(key: string, windowMs: number): Promise<RateLimitState> {\n return this.incrSync(key, windowMs)\n }\n\n // eslint-disable-next-line @typescript-eslint/require-await -- interface contract: async return\n async get(key: string): Promise<RateLimitState | null> {\n const now = Date.now()\n const entry = this.store.get(key)\n if (!entry) return null\n if (now >= entry.resetAt) return null\n return { count: entry.count, resetAt: entry.resetAt }\n }\n\n // eslint-disable-next-line @typescript-eslint/require-await -- interface contract: async return\n async reset(key: string): Promise<void> {\n this.store.delete(key)\n }\n}\n","import type { IncomingMessage } from 'node:http'\n\nimport { InMemoryStore, type RateLimitStore } from './rate-limit-store.js'\n\n/**\n * Rate limit configuration — basic single-bucket shape. Per ADR D2, the\n * per-route + per-user variant is layered on top via T2.2; this base\n * struct is the smallest unit.\n */\nexport interface RateLimitConfig {\n windowMs: number\n max: number\n}\n\nexport interface RateLimitResult {\n limited: boolean\n headers: Record<string, string>\n}\n\n/**\n * Create a rate limiter that consumes a pluggable `RateLimitStore`.\n *\n * Backwards-compatible signature: callers passing only `config` get the\n * default `InMemoryStore`. Distributed deployments pass a Redis adapter\n * (or any other `RateLimitStore` implementation) via `opts.store`.\n *\n * T2.1: synchronous return for back-compat with the current\n * `api-middleware.ts` integration point. The async store contract is\n * exercised lazily — we use a sync fast-path against the in-memory store\n * (single-thread JS makes this safe). External stores remain async and\n * would require a different async wrapper at the middleware layer.\n */\nexport function createRateLimiter(config: RateLimitConfig, opts: { store?: RateLimitStore } = {}) {\n const store = opts.store ?? new InMemoryStore()\n const isInMemory = store instanceof InMemoryStore\n\n return function checkRateLimit(req: IncomingMessage): RateLimitResult {\n // `req.socket` is typed as always-present in Node typings; defensive\n // for test doubles (object literals without `socket`).\n // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- defensive for test doubles\n const key = req.socket?.remoteAddress ?? 'unknown'\n\n if (isInMemory) {\n // Sync fast-path: the in-memory store exposes a sync incr.\n const state = store.incrSync(key, config.windowMs)\n return resultFromState(state, config)\n }\n\n // External stores are NOT supported via this synchronous façade in\n // 0.3.x. Users plugging Redis adapters today must wire it via a\n // dedicated async middleware path (out-of-scope for T2.1; tracked\n // for the follow-up `@theokit/rate-limit-redis` package).\n throw new Error(\n 'createRateLimiter: async RateLimitStore implementations are not supported by this sync façade. ' +\n 'Use the InMemoryStore default or build a custom middleware around the async store directly.',\n )\n }\n}\n\nfunction resultFromState(\n state: { count: number; resetAt: number },\n config: RateLimitConfig,\n): RateLimitResult {\n if (state.count > config.max) {\n const retryAfter = Math.ceil((state.resetAt - Date.now()) / 1000)\n return {\n limited: true,\n headers: {\n 'X-RateLimit-Limit': String(config.max),\n 'X-RateLimit-Remaining': '0',\n 'Retry-After': String(retryAfter),\n },\n }\n }\n return {\n limited: false,\n headers: {\n 'X-RateLimit-Limit': String(config.max),\n 'X-RateLimit-Remaining': String(Math.max(0, config.max - state.count)),\n },\n }\n}\n\n/**\n * T5a.2 Phase D slice 2/3 — Web-Standards single-bucket rate limiter.\n *\n * Mirror of `createRateLimiter(config, opts)` returning a checker that\n * accepts `(clientIp: string)` instead of `(req: IncomingMessage)`. Web\n * `Request` has no `req.socket.remoteAddress` — the IP is resolved by\n * the caller per-runtime (Node adapter from socket; CF Workers from\n * `cf-connecting-ip`; etc., same convention as Phase D slice 1/3's\n * `DeriveKeyRequestContext.clientIp`).\n *\n * Same `RateLimitConfig`, same `InMemoryStore` default, same async\n * store rejection (use a dedicated async middleware for external stores).\n * Same `RateLimitResult` return shape.\n *\n * **Signature difference from `createRateLimiter`:** this Web factory's\n * checker takes a raw IP string instead of a Request object. The IP is\n * the ONLY input the bucket needs; passing a Request object would force\n * the caller to populate `request.headers.get('x-forwarded-for')` or\n * similar without giving us any safer extraction. KISS — accept the IP\n * directly, document the per-runtime resolution at the adapter boundary.\n */\nexport function createRateLimiterWeb(\n config: RateLimitConfig,\n opts: { store?: RateLimitStore } = {},\n) {\n const store = opts.store ?? new InMemoryStore()\n const isInMemory = store instanceof InMemoryStore\n\n return function checkRateLimitWeb(clientIp: string): RateLimitResult {\n const key = clientIp.length > 0 ? clientIp : 'unknown'\n if (isInMemory) {\n const state = store.incrSync(key, config.windowMs)\n return resultFromState(state, config)\n }\n throw new Error(\n 'createRateLimiterWeb: async RateLimitStore implementations are not supported by this sync façade. ' +\n 'Use the InMemoryStore default or build a custom middleware around the async store directly.',\n )\n }\n}\n","import { pathToFileURL } from 'node:url'\n\nimport type { ViteDevServer } from 'vite'\n\nexport type LoadModule = (path: string) => Promise<Record<string, unknown>>\n\nexport function createViteLoader(vite: ViteDevServer): LoadModule {\n return (path) => vite.ssrLoadModule(path) as Promise<Record<string, unknown>>\n}\n\nexport function createProductionLoader(): LoadModule {\n return async (path) => {\n const url = pathToFileURL(path).href\n return import(url) as Promise<Record<string, unknown>>\n }\n}\n","import type { ServerResponse } from 'node:http'\n\n/**\n * Phase 6 — Default Security Headers (D4 / EC-2).\n *\n * Per-response security baseline. The framework applies these BEFORE the\n * route handler runs so a handler can still override via `res.setHeader`.\n *\n * EC-2 backward-compatibility: CSP ships in `report-only` mode by default\n * for 0.2.0. Existing apps with inline scripts or third-party CDN scripts\n * keep working but consumers see violation reports via their CSP report\n * collector (or browser DevTools). 0.3.0 will flip the default to\n * `enforce` after a release of visibility.\n */\n\n/**\n * Default Content-Security-Policy. Conservative-but-not-paralyzing:\n *\n * - default-src 'self' — every fetch falls back to same-origin\n * - script-src 'self' — T6.1 (0.3.0): `'unsafe-inline'`\n * dropped. The SSR pipeline issues a\n * per-request nonce that REPLACES\n * this directive at runtime\n * (`'nonce-<token>'`). For static /\n * non-SSR contexts where no nonce is\n * available, the policy is strict-\n * no-inline — user inline scripts\n * must be migrated to external\n * `<script src=\"...\">` or threaded\n * through `ctx.nonce`.\n * - style-src 'self' 'unsafe-inline' — Tailwind + TheoUI use style attrs\n * in animation directives\n * - img-src 'self' data: blob: — supports inline data URIs, blobs\n * from canvas exports\n * - font-src 'self' data: — Geist fonts inline-base64\n * - connect-src 'self' ws: wss: — WebSocket dev HMR + agent streams\n * - frame-ancestors 'none' — clickjacking defense\n */\n/**\n * T5.1 — default CSP includes the built-in report endpoint so violations\n * are visible without extra config. Apps that ship a custom `csp` string\n * override the report-uri.\n */\nexport const DEFAULT_CSP =\n \"default-src 'self'; \" +\n \"script-src 'self'; \" +\n \"style-src 'self' 'unsafe-inline'; \" +\n \"img-src 'self' data: blob:; \" +\n \"font-src 'self' data:; \" +\n \"connect-src 'self' ws: wss:; \" +\n \"frame-ancestors 'none'; \" +\n 'report-uri /__theo/csp-report'\n\n/**\n * T1.1 — Default Permissions-Policy header (default-deny stance).\n *\n * Disables sensitive Web APIs that the vast majority of apps don't use.\n * Apps that DO need any of these opt in by overriding `permissionsPolicy`\n * in `config.security.headers`.\n *\n * The seven features listed are the most-abused for: tracking\n * (geolocation, accelerometer, gyroscope), spyware (camera, microphone),\n * fraud (payment), and hardware exfiltration (usb).\n *\n * Aligns with Mozilla baseline + OWASP Secure Headers + Lighthouse PWA.\n */\nexport const DEFAULT_PERMISSIONS_POLICY =\n 'geolocation=(), camera=(), microphone=(), payment=(), usb=(), accelerometer=(), gyroscope=()'\n\nexport type CspMode = 'enforce' | 'report-only' | 'off'\n\nexport interface SecurityHeadersConfig {\n /**\n * Custom CSP policy string. When set, replaces the default verbatim.\n * Pass `false` to disable CSP entirely (alias for `cspMode: 'off'`).\n */\n csp?: string | false\n /**\n * Enforcement mode for CSP. Default `report-only` for 0.2.0 (EC-2).\n * 0.3.0 will default to `enforce`.\n */\n cspMode?: CspMode\n /**\n * Strict-Transport-Security value. Defaults to\n * `max-age=31536000; includeSubDomains` in production. Pass `false` to\n * suppress (e.g. internal LANs without TLS).\n */\n hsts?: string | false\n /** X-Frame-Options. Default DENY. */\n frameOptions?: 'DENY' | 'SAMEORIGIN'\n /** X-Content-Type-Options. Default `nosniff`. */\n contentTypeOptions?: 'nosniff'\n /** Referrer-Policy. Default `strict-origin-when-cross-origin`. */\n referrerPolicy?: string\n /**\n * T1.1 — Permissions-Policy directive string. When set, replaces the\n * default verbatim (no merge — see ADR-EC-12). Pass `false` to disable\n * the header entirely. Schema-level refinement rejects any string\n * containing CR/LF (EC-3 — CWE-113 HTTP Response Splitting mitigation).\n */\n permissionsPolicy?: string | false\n}\n\nexport interface SecurityEnv {\n production: boolean\n}\n\n/**\n * T4.1 — Per-request options passed by the SSR pipeline.\n *\n * - `nonce`: when set, the framework substitutes the `'unsafe-inline'`\n * token in `script-src` with `'nonce-<nonce>'`. EC-3 forces\n * `Cache-Control: private, no-store` so a CDN cannot cache the HTML\n * (carrying one nonce) and re-serve it with a freshly-generated CSP\n * header (carrying a different nonce).\n * - `prerender`: when true, the nonce is IGNORED. Prerendered HTML is\n * generated at build time with no nonce in the script tags; mixing a\n * runtime nonce in the header would block every script. EC-4.\n */\nexport interface SecurityHeadersOptions {\n nonce?: string\n prerender?: boolean\n}\n\nconst DEFAULT_HSTS = 'max-age=31536000; includeSubDomains'\n\n/**\n * Apply a nonce to the script-src directive of an existing CSP policy\n * string. Replaces `'unsafe-inline'` (if present) with `'nonce-<value>'`;\n * otherwise appends the nonce directive to the script-src line.\n */\nfunction applyNonceToCsp(policy: string, nonce: string): string {\n return policy\n .split(';')\n .map((directive) => {\n const trimmed = directive.trim()\n if (!trimmed.startsWith('script-src')) return directive\n if (trimmed.includes(\"'unsafe-inline'\")) {\n return directive.replace(\"'unsafe-inline'\", `'nonce-${nonce}'`)\n }\n return `${directive} 'nonce-${nonce}'`\n })\n .join(';')\n}\n\n/**\n * Apply Content-Security-Policy header(s) to `out`. Extracted from\n * `buildSecurityHeaders` to keep that function's complexity within ceiling.\n * Handles the four shapes:\n * csp: false → opt out\n * cspMode: 'off' → opt out\n * cspMode: 'enforce' → Content-Security-Policy (T6.1 default for 0.3.0)\n * cspMode: 'report-only' → Content-Security-Policy-Report-Only (legacy 0.2.x)\n */\nfunction applyCsp(\n out: Record<string, string>,\n config: SecurityHeadersConfig,\n effectiveNonce: string | undefined,\n): void {\n if (config.csp === false || config.cspMode === 'off') return\n let policy = typeof config.csp === 'string' ? config.csp : DEFAULT_CSP\n if (effectiveNonce) {\n policy = applyNonceToCsp(policy, effectiveNonce)\n }\n // T6.1 — default flipped from 'report-only' to 'enforce' for 0.3.0.\n const mode: CspMode = config.cspMode ?? 'enforce'\n if (mode === 'enforce') {\n out['Content-Security-Policy'] = policy\n } else {\n out['Content-Security-Policy-Report-Only'] = policy\n }\n}\n\n/**\n * Build the security headers map for a given config + env. Pure function —\n * returned object can be inspected, logged, or applied to a response.\n */\nexport function buildSecurityHeaders(\n config: SecurityHeadersConfig,\n env: SecurityEnv,\n options: SecurityHeadersOptions = {},\n): Record<string, string> {\n const out: Record<string, string> = {}\n\n // EC-4: prerendered routes must NOT receive a nonce — the build-time\n // HTML carries no nonce, so a runtime nonce would mismatch.\n const effectiveNonce = options.prerender ? undefined : options.nonce\n\n applyCsp(out, config, effectiveNonce)\n\n // X-Frame-Options\n out['X-Frame-Options'] = config.frameOptions ?? 'DENY'\n\n // X-Content-Type-Options\n out['X-Content-Type-Options'] = config.contentTypeOptions ?? 'nosniff'\n\n // Referrer-Policy\n out['Referrer-Policy'] = config.referrerPolicy ?? 'strict-origin-when-cross-origin'\n\n // T1.1 — Permissions-Policy. Default-deny on geo/camera/mic/payment/usb;\n // configurable via `permissionsPolicy`; suppressed via `permissionsPolicy: false`.\n if (config.permissionsPolicy !== false) {\n out['Permissions-Policy'] =\n typeof config.permissionsPolicy === 'string'\n ? config.permissionsPolicy\n : DEFAULT_PERMISSIONS_POLICY\n }\n\n // HSTS — production only, suppressible via hsts: false\n if (env.production && config.hsts !== false) {\n out['Strict-Transport-Security'] = typeof config.hsts === 'string' ? config.hsts : DEFAULT_HSTS\n }\n\n // EC-3: when a nonce is in play, the response carries a one-shot CSP\n // header AND inline scripts in the HTML body. A CDN that caches the\n // HTML and proxies a fresh CSP per request would block every script\n // (nonces wouldn't match). Force no-store to prevent that class of\n // silent prod-only failure. Prerendered routes (which carry no nonce\n // by design — EC-4) are exempt; their HTML is meant to be cacheable.\n if (effectiveNonce) {\n out['Cache-Control'] = 'private, no-store'\n }\n\n return out\n}\n\n/**\n * Apply security headers to a Node ServerResponse. Called by the\n * api-middleware before the route handler runs. The handler can override\n * any header via `res.setHeader()` — last write wins by Node convention.\n */\nexport function applySecurityHeaders(\n res: ServerResponse,\n config: SecurityHeadersConfig,\n env: SecurityEnv,\n options: SecurityHeadersOptions = {},\n): void {\n const headers = buildSecurityHeaders(config, env, options)\n for (const [key, value] of Object.entries(headers)) {\n res.setHeader(key, value)\n }\n}\n","/**\n * T4.1 — Per-request CSP nonce generation.\n *\n * Returns a 22–24 character base64-encoded string carrying 16 bytes of\n * cryptographic entropy. Used by the SSR pipeline to nonce the inline\n * hydration data script so the default CSP can drop `'unsafe-inline'`\n * from `script-src` in 0.3.0.\n *\n * Runtime portability: prefers Web Crypto (`globalThis.crypto`) because\n * it is available on every target runtime (Node 19+, Bun, Deno, Vercel\n * Edge, Cloudflare Workers). Falls back to `node:crypto` for older Node\n * builds where `globalThis.crypto` is absent.\n *\n * NOT a security primitive in the cryptographic sense — the nonce is a\n * one-shot, single-request value that defeats trivial XSS injection by\n * making the attacker guess a 128-bit string per request. It is NOT\n * suitable for signing or session tokens.\n */\n\nfunction bytesToBase64(bytes: Uint8Array): string {\n // Prefer Buffer when available (Node, Bun) — its base64 encoder is fast\n // and well-tested. In Edge runtimes that lack Buffer, fall back to the\n // standard btoa(String.fromCharCode(...)) trick.\n if (typeof Buffer !== 'undefined') {\n return Buffer.from(bytes).toString('base64')\n }\n let binary = ''\n for (const b of bytes) {\n binary += String.fromCharCode(b)\n }\n // `btoa` exists in browsers + edge runtimes; if it doesn't, the caller\n // is on a JS runtime we don't support — let the ReferenceError bubble.\n return btoa(binary)\n}\n\n// CR-027 fix: the previous fallback path used `require('node:crypto')`,\n// which throws ReferenceError in strict ESM contexts (Bun, Deno, Vercel\n// Edge) when reached. Web Crypto has been a hard requirement since Node\n// 19; for older Node we now throw a clear error at module load time\n// instead of failing on first SSR request.\nlet cachedWebCrypto: Crypto | null | undefined\n\nfunction getWebCrypto(): Crypto {\n if (cachedWebCrypto === undefined) {\n const candidate = (globalThis as { crypto?: Crypto }).crypto\n cachedWebCrypto =\n candidate && typeof candidate.getRandomValues === 'function' ? candidate : null\n }\n if (!cachedWebCrypto) {\n throw new Error(\n 'generateNonce: Web Crypto unavailable. TheoKit requires Node.js 19+, Bun, Deno, ' +\n 'or any modern Edge runtime where `globalThis.crypto.getRandomValues` is present.',\n )\n }\n return cachedWebCrypto\n}\n\nexport function generateNonce(): string {\n const buf = new Uint8Array(16)\n getWebCrypto().getRandomValues(buf)\n return bytesToBase64(buf)\n}\n"],"mappings":";;;;;;;;AACA,SAAS,gBAAgB;AAEzB,OAAO,YAAY;AAyBnB,IAAM,oBAAoB,oBAAI,IAAI,CAAC,QAAQ,OAAO,OAAO,CAAC;AAE1D,IAAM,wBAAwB,KAAK,OAAO;AAC1C,IAAM,oBAAoB;AAC1B,IAAM,yBAAyB,IAAI,OAAO;AAEnC,IAAM,oBAAN,cAAgC,MAAM;AAAA,EAG3C,YACE,SACS,oBACA,aACT;AACA,UAAM,OAAO;AAHJ;AACA;AAGT,SAAK,OAAO;AAAA,EACd;AAAA,EALW;AAAA,EACA;AAAA,EALF,OAAO;AAAA,EACP,SAAS;AASpB;AASA,SAAS,iBAAiB,KAAsB,MAAqB;AACnE,MAAI;AACF;AAAC,IAAC,IAA2C,qBAAqB,IAAI;AAAA,EACxE,QAAQ;AAAA,EAER;AACF;AAEA,SAAS,cAAc,KAAwC;AAC7D,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,SAAmB,CAAC;AAC1B,QAAI,GAAG,QAAQ,CAAC,UAAkB,OAAO,KAAK,KAAK,CAAC;AACpD,QAAI,GAAG,OAAO,MAAM;AAClB,YAAM,MAAM,OAAO,OAAO,MAAM,EAAE,SAAS;AAC3C,UAAI,CAAC,KAAK;AACR,gBAAQ,MAAS;AACjB;AAAA,MACF;AACA,UAAI;AACF,gBAAQ,KAAK,MAAM,GAAG,CAAC;AAAA,MACzB,QAAQ;AACN,eAAO,IAAI,MAAM,mBAAmB,CAAC;AAAA,MACvC;AAAA,IACF,CAAC;AACD,QAAI,GAAG,SAAS,MAAM;AAAA,EACxB,CAAC;AACH;AAIA,SAAS,mBACP,KACA,aACA,SACoE;AAEpE,MAAI,CAAC,YAAY,SAAS,WAAW,GAAG;AACtC,WAAO,QAAQ,OAAO,IAAI,MAAM,4BAA4B,CAAC;AAAA,EAC/D;AAEA,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,SAAiC,CAAC;AACxC,UAAM,QAAwB,CAAC;AAK/B,UAAM,qBAA+B,CAAC;AACtC,QAAI,YAAY;AAEhB,UAAM,KAAK,OAAO;AAAA,MAChB,SAAS,IAAI;AAAA,MACb,QAAQ;AAAA,QACN,UAAU,QAAQ;AAAA,QAClB,OAAO,QAAQ;AAAA,QACf,WAAW,QAAQ;AAAA,MACrB;AAAA,IACF,CAAC;AAED,OAAG,GAAG,SAAS,CAAC,MAAc,UAAkB;AAC9C,aAAO,IAAI,IAAI;AAAA,IACjB,CAAC;AAED,OAAG;AAAA,MACD;AAAA,MACA,CACE,WACA,QACA,SACG;AACH;AACA,YAAI,YAAY,QAAQ,UAAU;AAChC,iBAAO,OAAO;AACd;AAAA,QACF;AAGA,cAAM,WAAW,SAAS,KAAK,YAAY,SAAS;AACpD,cAAM,SAAmB,CAAC;AAC1B,YAAI,OAAO;AACX,YAAI,YAAY;AAEhB,eAAO,GAAG,QAAQ,CAAC,UAAkB;AACnC,kBAAQ,MAAM;AACd,cAAI,OAAO,QAAQ,aAAa;AAC9B,wBAAY;AACZ,mBAAO,OAAO;AACd;AAAA,UACF;AACA,iBAAO,KAAK,KAAK;AAAA,QACnB,CAAC;AAED,eAAO,GAAG,OAAO,MAAM;AACrB,cAAI,WAAW;AACb,+BAAmB,KAAK,QAAQ;AAChC;AAAA,UACF;AAEA,gBAAM,SAAS,OAAO,OAAO,MAAM;AACnC,gBAAM,KAAK;AAAA,YACT;AAAA,YACA,UAAU;AAAA,YACV,UAAU,KAAK;AAAA,YACf,UAAU,KAAK;AAAA,YACf;AAAA,YACA,MAAM,OAAO;AAAA,UACf,CAAC;AAAA,QACH,CAAC;AAAA,MACH;AAAA,IACF;AAEA,OAAG,GAAG,cAAc,MAAM;AACxB,aAAO,IAAI,MAAM,4BAA4B,QAAQ,QAAQ,EAAE,CAAC;AAAA,IAClE,CAAC;AAED,OAAG,GAAG,SAAS,CAAC,QAAe;AAC7B,aAAO,GAAG;AAAA,IACZ,CAAC;AAED,OAAG,GAAG,SAAS,MAAM;AACnB,UAAI,mBAAmB,SAAS,GAAG;AACjC;AAAA,UACE,IAAI;AAAA,YACF,uBAAuB,QAAQ,WAAW,YAAY,mBAAmB,KAAK,IAAI,CAAC;AAAA,YACnF;AAAA,YACA,QAAQ;AAAA,UACV;AAAA,QACF;AACA;AAAA,MACF;AACA,cAAQ,EAAE,QAAQ,MAAM,CAAC;AAAA,IAC3B,CAAC;AAED,QAAI,KAAK,EAAE;AAAA,EACb,CAAC;AACH;AAUO,IAAM,wBAAwB,uBAAO,2BAA2B;AAEvE,eAAsB,iBACpB,KACA,SACqB;AACrB,QAAM,SAAS,IAAI,QAAQ,YAAY,KAAK;AAC5C,MAAI,CAAC,kBAAkB,IAAI,MAAM,GAAG;AAClC,WAAO,EAAE,QAAQ,CAAC,GAAG,OAAO,CAAC,GAAG,MAAM,OAAU;AAAA,EAClD;AAEA,QAAM,cAAc,IAAI,QAAQ,cAAc,KAAK;AAGnD,MAAI,YAAY,SAAS,kBAAkB,GAAG;AAC5C,UAAM,OAAO,MAAM,cAAc,GAAG;AACpC,qBAAiB,KAAK,IAAI;AAC1B,WAAO,EAAE,QAAQ,CAAC,GAAG,OAAO,CAAC,GAAG,KAAK;AAAA,EACvC;AAGA,MAAI,YAAY,SAAS,qBAAqB,GAAG;AAC/C,UAAM,SAAS;AAAA,MACb,aAAa,SAAS,eAAe;AAAA,MACrC,UAAU,SAAS,YAAY;AAAA,MAC/B,cAAc,SAAS,gBAAgB;AAAA,IACzC;AACA,UAAM,EAAE,QAAQ,MAAM,IAAI,MAAM,mBAAmB,KAAK,aAAa,MAAM;AAC3E,qBAAiB,KAAK;AAAA,MACpB;AAAA,MACA,OAAO,MAAM,IAAI,CAAC,OAAO;AAAA,QACvB,WAAW,EAAE;AAAA,QACb,UAAU,EAAE;AAAA,QACZ,UAAU,EAAE;AAAA,QACZ,MAAM,EAAE;AAAA,MACV,EAAE;AAAA,IACJ,CAAC;AACD,WAAO,EAAE,QAAQ,MAAM;AAAA,EACzB;AAGA,MAAI,CAAC,aAAa;AAChB,WAAO,EAAE,QAAQ,CAAC,GAAG,OAAO,CAAC,EAAE;AAAA,EACjC;AAGA,QAAM,IAAI,MAAM,6BAA6B,WAAW,EAAE;AAC5D;;;AC5NA,IAAM,kBAA4B,CAAC,QAAQ;AAEzC,UAAQ,IAAI,KAAK,UAAU,GAAG,CAAC;AACjC;AAEO,SAAS,WACd,MACA,cACA,KACM;AACN,QAAM,MAAkB;AAAA,IACtB,OAAO;AAAA,IACP,GAAG;AAAA,IACH,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,EACpC;AACA,QAAM,SAAS,gBAAgB;AAC/B,SAAO,GAAG;AAMV,6BAA2B,MAAM,GAAG;AACtC;AAOA,SAAS,kBAA0B;AAEjC,SAAO,OAAO,OAAO,KAAK,IAAI,CAAC,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,GAAG,CAAC,CAAC;AAC5E;AAUA,SAAS,wBACP,MACA,SACA,aACM;AACN,OAAK,QAAQ,IAAI;AAAA,IACf,OAAO,yBAAyC;AAAA,IAChD,OAAO,0CAA0D;AAAA,EACnE,CAAC,EACE,KAAK,CAAC,CAAC,EAAE,iBAAiB,GAAG,EAAE,wBAAwB,CAAC,MAAM;AAC7D,UAAM,WAAW,wBAAwB,WAAW;AACpD,qBAAiB;AAAA,MACf,IAAI,gBAAgB;AAAA,MACpB,SAAS,KAAK;AAAA,MACd,QAAQ,KAAK;AAAA,MACb,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,MACb,YAAY,KAAK;AAAA,MACjB,WAAW,KAAK,IAAI,IAAI,KAAK;AAAA,MAC7B,GAAI,UAAU,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC7B,GAAI,WACA;AAAA,QACE,aAAa,SAAS;AAAA,QACtB,YAAY,SAAS;AAAA,QACrB,eAAe,SAAS;AAAA,MAC1B,IACA,CAAC;AAAA,IACP,CAAC;AAAA,EACH,CAAC,EACA,MAAM,MAAM;AAAA,EAEb,CAAC;AACL;AAEA,SAAS,2BACP,MACA,KACM;AAEN,QAAM,UAAU,KAAK,UACjB,OAAO;AAAA,IACL,OAAO,QAAQ,IAAI,OAAO,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM;AAAA,MAC1C;AAAA,MACA,MAAM,QAAQ,CAAC,IAAI,EAAE,KAAK,IAAI,IAAK,KAAK;AAAA,IAC1C,CAAC;AAAA,EACH,IACA;AACJ,QAAM,cAAc,MACf,IAA2C,qBAAqB,IACjE;AACJ,0BAAwB,MAAM,SAAS,WAAW;AACpD;;;ACfA,IAAM,gBAAgB,oBAAI,IAAY;AACtC,IAAM,WAAW;AAmBV,SAAS,SAAS,KAAa,SAAwC;AAC5E,MAAI,cAAc,IAAI,GAAG,EAAG;AAE5B,MAAI,cAAc,QAAQ,UAAU;AAClC,UAAM,SAAS,cAAc,OAAO,EAAE,KAAK,EAAE;AAC7C,QAAI,WAAW,OAAW,eAAc,OAAO,MAAM;AAAA,EACvD;AACA,gBAAc,IAAI,GAAG;AAErB,MAAI;AACJ,MAAI;AACF,WAAO,KAAK,UAAU,EAAE,GAAG,SAAS,UAAU,KAAK,CAAC;AAAA,EACtD,QAAQ;AAGN,WAAO,cAAc,GAAG;AAAA,EAC1B;AACA,UAAQ,KAAK,IAAI;AAKjB,8BAA4B,KAAK,OAAO;AAC1C;AAWA,SAAS,aAAa,SAAkC,KAAa,WAAW,IAAY;AAC1F,QAAM,QAAQ,QAAQ,GAAG;AACzB,MAAI,OAAO,UAAU,SAAU,QAAO;AACtC,MAAI,OAAO,UAAU,YAAY,OAAO,UAAU,UAAW,QAAO,OAAO,KAAK;AAChF,SAAO;AACT;AAEA,SAAS,mBAA2B;AAElC,SAAO,QAAQ,OAAO,KAAK,IAAI,CAAC,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,GAAG,CAAC,CAAC;AAC7E;AAEA,SAAS,4BAA4B,KAAa,SAAwC;AAGxF,OAAK,OAAO,yBAAyC,EAClD,KAAK,CAAC,EAAE,mBAAmB,eAAe,MAAM;AAC/C,QACE,QAAQ,UAAU,eAClB,OAAO,QAAQ,SAAS,YACxB,OAAO,QAAQ,YAAY,UAC3B;AACA,wBAAkB;AAAA,QAChB,OAAO;AAAA,QACP,MAAM,QAAQ;AAAA,QACd,SAAS,QAAQ;AAAA,QACjB,QAAQ,aAAa,SAAS,QAAQ;AAAA,QACtC,MAAM,aAAa,SAAS,MAAM;AAAA,QAClC,QAAQ,aAAa,SAAS,QAAQ;AAAA,MACxC,CAAC;AAAA,IACH,OAAO;AACL,qBAAe;AAAA,QACb,IAAI,iBAAiB;AAAA,QACrB,MAAM;AAAA,QACN,SAAS,aAAa,SAAS,SAAS,GAAG;AAAA,QAC3C,WAAW,KAAK,IAAI;AAAA,MACtB,CAAC;AAAA,IACH;AAAA,EACF,CAAC,EACA,MAAM,MAAM;AAAA,EAEb,CAAC;AACL;;;ACzLO,SAAS,SACd,KACA,MACA,SAAS,KACT,aACM;AAGN,QAAM,OAAO,cAAc,YAAY,UAAU,IAAI,IAAI,KAAK,UAAU,IAAI;AAC5E,MAAI,UAAU,QAAQ;AAAA,IACpB,gBAAgB;AAAA,IAChB,kBAAkB,OAAO,WAAW,IAAI;AAAA,EAC1C,CAAC;AACD,MAAI,IAAI,IAAI;AACd;AA0CO,SAAS,UACd,KACA,aACA,SACA,QACA,QACA,WACA,SACM;AACN,MAAI;AACJ,MAAI,OAAO,gBAAgB,UAAU;AACnC,WAAO;AACP,cAAU,WAAW;AACrB,aAAS,UAAU;AAAA,EACrB,OAAO;AACL,WAAO,YAAY;AACnB,cAAU,YAAY;AACtB,aAAS,YAAY;AACrB,aAAS,YAAY;AACrB,gBAAY,YAAY;AACxB,cAAU,YAAY;AAAA,EACxB;AACA,QAAM,eACJ,SAAS,oBAAoB,QAAQ,IAAI,aAAa,eAClD,0BACA;AAEN,MAAI,SAAS,kBAAkB;AAC7B,YAAQ,MAAM,IAAI,aAAa,OAAO,KAAK,OAAO,EAAE;AAAA,EACtD;AAEA,MAAI,WAAW,OAAO,SAAS,eAAe;AAC5C,UAAM,OAAO,QAAQ;AACrB,QAAI,UAAU,KAAK;AAAA,MACjB,gBAAgB;AAAA,MAChB,kBAAkB,OAAO,WAAW,IAAI;AAAA,IAC1C,CAAC;AACD,QAAI,IAAI,IAAI;AACZ;AAAA,EACF;AACA,MAAI,WAAW,OAAO,SAAS,eAAe;AAC5C,UAAM,OAAO,QAAQ;AACrB,QAAI,UAAU,KAAK;AAAA,MACjB,gBAAgB;AAAA,MAChB,kBAAkB,OAAO,WAAW,IAAI;AAAA,IAC1C,CAAC;AACD,QAAI,IAAI,IAAI;AACZ;AAAA,EACF;AAEA;AAAA,IACE;AAAA,IACA;AAAA,MACE,OAAO;AAAA,QACL;AAAA,QACA,SAAS;AAAA,QACT,GAAI,YAAY,EAAE,UAAU,IAAI,CAAC;AAAA,QACjC,GAAI,SAAS,EAAE,OAAO,IAAI,CAAC;AAAA,MAC7B;AAAA,IACF;AAAA,IACA;AAAA,EACF;AACF;;;ACxHO,SAAS,oBAAoB,KAAuB;AACzD,MAAI,OAAO,QAAQ,OAAO,QAAQ,SAAU,QAAO;AACnD,QAAM,IAAI;AACV,SAAO,EAAE,SAAS,mBAAmB,EAAE,WAAW;AACpD;;;ACVO,IAAM,2BAAN,cAAuC,MAAM;AAAA,EAElD,YACkB,KAChB,MACA;AACA;AAAA,MACE,0BAA0B,GAAG,MAAM,MAAM,UAAU,4FAA4F;AAAA,IACjJ;AALgB;AAMhB,SAAK,OAAO;AAAA,EACd;AAAA,EAPkB;AAAA,EAFT,OAAO;AAUlB;;;AC8BO,SAAS,eAAuB;AACrC,MAAI,SAA4B,CAAC;AAEjC,SAAO;AAAA,IACL,KAAK,OAAO;AACV,aAAO,KAAK,KAAK;AAAA,IACnB;AAAA,IACA,QAAQ;AACN,YAAM,MAAM;AACZ,eAAS,CAAC;AACV,aAAO;AAAA,IACT;AAAA,IACA,UAAU;AACR,eAAS,CAAC;AAAA,IACZ;AAAA,IACA,OAAO;AACL,aAAO,OAAO;AAAA,IAChB;AAAA,IACA,MAAM,MAAM,YAAY,MAAM;AAC5B,YAAM,UAAU;AAChB,eAAS,CAAC;AACV,YAAM,UACJ,MAAM,YACL,CAAC,MAAM,QAAQ;AACd,gBAAQ,KAAK,0CAA0C,IAAI,MAAM,GAAG,EAAE;AAAA,MACxE;AACF,iBAAW,KAAK,SAAS;AACvB,YAAI;AACF,gBAAM,WAAW,CAAC;AAAA,QACpB,SAAS,KAAK;AACZ,gBAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,kBAAQ,EAAE,MAAM,OAAO;AAAA,QACzB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;AC7BO,SAAS,kBACd,SACA,QACA,OAAiC,CAAC,GACrB;AACb,QAAM,cAAc,KAAK;AAEzB,SAAO;AAAA,IACL,QAAQ,MAAM,OAAO,aAAa;AAChC,YAAM,QAAyB;AAAA,QAC7B;AAAA,QACA;AAAA,QACA,gBAAgB,aAAa;AAAA,QAC7B,cAAc,aAAa;AAAA,QAC3B;AAAA,MACF;AACA,aAAO,KAAK,KAAK;AAAA,IACnB;AAAA,IAEA,cAAc,MAAM,OAAO,aAAa;AACtC,UAAI;AACJ,UAAI;AACJ,YAAM,UAAU,IAAI,QAA2B,CAAC,SAAS,WAAW;AAClE,uBAAe;AACf,sBAAc;AAAA,MAChB,CAAC;AAED,WAAK,QAAQ,MAAM,MAAM;AAAA,MAEzB,CAAC;AAGD,YAAM,QAGF;AAAA,QACF;AAAA,QACA;AAAA,QACA,gBAAgB,aAAa;AAAA,QAC7B,cAAc,aAAa;AAAA,QAC3B;AAAA,QACA,gBAAgB;AAAA,QAChB,eAAe;AAAA,MACjB;AACA,aAAO,KAAK,KAAK;AACjB,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAQO,SAAS,uBACd,SAC8C;AAC9C,SAAO,OAAO,UAAU;AACtB,UAAM,YAAY;AAIlB,QAAI;AACF,YAAM,SAAS,MAAM,QAAQ,QAAQ,KAAK;AAC1C,gBAAU,iBAAiB,MAAM;AACjC,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,gBAAU,gBAAgB,GAAG;AAC7B,YAAM;AAAA,IACR;AAAA,EACF;AACF;;;ACtGO,SAAS,iBAAiB,SAAgC;AAC/D,QAAM,MAAM,GAAG,QAAQ,KAAK,IAAI,QAAQ,MAAM,IAAI,QAAQ,QAAQ,EAAE;AACpE,WAAS,KAAK,OAA6C;AAC7D;;;AC4DO,SAAS,UAAU,QAAiC,OAAyB;AAClF,MAAI,CAAC,OAAQ;AACb,MAAI;AACF,UAAM,IAAI,OAAO,IAAI,KAAK;AAE1B,QAAI,KAAK,OAAO,EAAE,SAAS,YAAY;AACrC,QAAE,MAAM,MAAM;AAAA,MAEd,CAAC;AAAA,IACH;AAAA,EACF,QAAQ;AAAA,EAER;AACF;;;ACjDO,SAAS,gBAAgB,MAAc,UAAiD;AAC7F,aAAW,KAAK,UAAU;AACxB,QAAI,OAAO,MAAM,UAAU;AACzB,UAAI,SAAS,EAAG,QAAO;AAAA,IACzB,WAAW,aAAa,QAAQ;AAC9B,QAAE,YAAY;AACd,UAAI,EAAE,KAAK,IAAI,EAAG,QAAO;AAAA,IAC3B;AAAA,EAGF;AACA,SAAO;AACT;AAWO,IAAM,iBAAiB;AACvB,IAAM,qBAAqB;AAOlC,SAAS,WAAW,OAA8C;AAChE,MAAI,OAAO,UAAU,SAAU,QAAO;AACtC,MAAI,MAAM,QAAQ,KAAK,KAAK,MAAM,SAAS,EAAG,QAAO,MAAM,CAAC;AAC5D,SAAO;AACT;AA8BA,SAAS,uBAAuB,MAIuB;AAGrD,MAAI,KAAK,qBAAqB,KAAK;AACjC,WAAO,EAAE,OAAO,OAAO,QAAQ,+BAA+B;AAAA,EAChE;AAGA,MAAI,KAAK,WAAW,QAAQ,KAAK,WAAW,IAAI;AAE9C,WAAO,EAAE,OAAO,KAAK;AAAA,EACvB;AAEA,MAAI,KAAK,SAAS,QAAQ,KAAK,SAAS,IAAI;AAC1C,WAAO,EAAE,OAAO,KAAK;AAAA,EACvB;AAEA,MAAI;AACF,UAAM,aAAa,IAAI,IAAI,KAAK,MAAM,EAAE;AACxC,QAAI,eAAe,KAAK,MAAM;AAC5B,aAAO,EAAE,OAAO,OAAO,QAAQ,UAAU,KAAK,MAAM,wBAAwB,KAAK,IAAI,GAAG;AAAA,IAC1F;AAAA,EACF,QAAQ;AACN,WAAO,EAAE,OAAO,OAAO,QAAQ,mBAAmB,KAAK,MAAM,GAAG;AAAA,EAClE;AAEA,SAAO,EAAE,OAAO,KAAK;AACvB;AAEO,SAAS,aACd,KACoD;AAGpD,QAAM,SAAS,IAAI,QAAQ,eAAe;AAC1C,QAAM,SAAS,IAAI,QAAQ;AAC3B,QAAM,OAAO,IAAI,QAAQ;AACzB,SAAO,uBAAuB;AAAA,IAC5B,kBAAkB,OAAO,WAAW,WAAW,SAAS;AAAA,IACxD,QAAQ,WAAW,SAAY,WAAW,MAAM,KAAK,OAAO;AAAA,IAC5D,MAAM,SAAS,SAAY,WAAW,IAAI,KAAK,OAAO;AAAA,EACxD,CAAC;AACH;AAcO,SAAS,oBACd,SACoD;AACpD,SAAO,uBAAuB;AAAA,IAC5B,kBAAkB,QAAQ,QAAQ,IAAI,eAAe;AAAA,IACrD,QAAQ,QAAQ,QAAQ,IAAI,QAAQ;AAAA,IACpC,MAAM,QAAQ,QAAQ,IAAI,MAAM;AAAA,EAClC,CAAC;AACH;AAcA,SAASA,kBACP,KACA,QACA,QACA,aACA,eAAe,IACT;AACN,QAAM,UAA2B;AAAA,IAC/B,OAAO;AAAA,IACP,QAAQ,IAAI,UAAU;AAAA,IACtB,MAAM,QAAQ,QAAQ;AAAA,IACtB;AAAA,IACA,MAAM;AAAA,IACN,SAAS;AAAA,EACX;AACA,UAAQ,KAAK,OAAO;AAGpB,YAAU,aAAa;AAAA,IACrB,QAAQ;AAAA,IACR,OAAO,EAAE,MAAM,YAAY;AAAA,IAC3B,UAAU,EAAE,GAAG,QAAQ;AAAA,EACzB,CAAC;AACH;AAEO,SAAS,YACd,KACA,MACA,QACA,YACA,aACqC;AACrC,MAAI,SAAS,OAAO;AAKlB,WAAO,EAAE,OAAO,KAAK;AAAA,EACvB;AAEA,QAAM,QAAQ,aAAa,GAAG;AAC9B,MAAI,MAAM,OAAO;AACf,WAAO,EAAE,OAAO,KAAK;AAAA,EACvB;AAMA,MAAI,YAAY,aAAa,SAAS;AACpC,UAAM,OAAO,QAAQ,QAAQ,IAAI,OAAO;AACxC,QAAI,gBAAgB,MAAM,WAAW,MAAM,GAAG;AAC5C,aAAO,EAAE,OAAO,OAAO,QAAQ,MAAM,OAAO;AAAA,IAC9C;AAAA,EACF;AAEA,MAAI,SAAS,QAAQ;AAKnB,IAAAA,kBAAiB,KAAK,MAAM,QAAQ,QAAQ,WAAW;AACvD,WAAO,EAAE,OAAO,MAAM,QAAQ,MAAM,OAAO;AAAA,EAC7C;AAKA,EAAAA,kBAAiB,KAAK,MAAM,QAAQ,QAAQ,WAAW;AACvD,SAAO,EAAE,OAAO,OAAO,QAAQ,MAAM,OAAO;AAC9C;;;ACtPA,eAAsB,kBACpB,KACA,KACA,WACwE;AAExE,QAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,UAAU,IAAI,QAAQ,QAAQ,WAAW,EAAE;AAC/E,QAAM,QAAgC,OAAO,YAAY,IAAI,YAAY;AAGzE,MAAI;AACJ,MAAI;AACF,UAAM,SAAS,MAAM,iBAAiB,GAAG;AACzC,QAAI,OAAO,SAAS,QAAW;AAC7B,aAAO,OAAO;AAAA,IAChB,WAAW,OAAO,MAAM,SAAS,KAAK,OAAO,KAAK,OAAO,MAAM,EAAE,SAAS,GAAG;AAC3E,aAAO,EAAE,GAAG,OAAO,QAAQ,QAAQ,OAAO,MAAM;AAAA,IAClD,OAAO;AACL,aAAO;AAAA,IACT;AAAA,EACF,SAAS,KAAK;AACZ,UAAM,UAAW,IAAc;AAC/B,UAAM,SAAS,QAAQ,SAAS,0BAA0B,IAAI,MAAM;AACpE,cAAU,KAAK,oBAAoB,SAAS,QAAQ,QAAW,SAAS;AACxE,WAAO,EAAE,IAAI,MAAM;AAAA,EACrB;AAEA,SAAO,EAAE,IAAI,MAAM,MAAM,EAAE,OAAO,KAAK,EAAE;AAC3C;AAcO,IAAM,YAAY,CAAC,UACxB,OAAO,UAAU,YACjB,UAAU,QACV,OAAQ,MAAkC,cAAc;AAEnD,SAAS,iBACd,aACA,KACA,WACA,OAK+F;AAC/F,QAAM,EAAE,OAAO,OAAO,IAAI;AAC1B,MAAI,EAAE,KAAK,IAAI;AAEf,MAAI,UAAU,YAAY,KAAK,GAAG;AAChC,UAAM,SAAS,YAAY,MAAM,UAAU,KAAK;AAChD,QAAI,CAAC,OAAO,SAAS;AACnB;AAAA,QACE;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,OAAO,OAAO;AAAA,QACd;AAAA,MACF;AACA,aAAO,EAAE,IAAI,MAAM;AAAA,IACrB;AACA,WAAO,OAAO,OAAO,OAAO,IAAI;AAAA,EAClC;AAEA,MAAI,UAAU,YAAY,IAAI,GAAG;AAC/B,UAAM,SAAS,YAAY,KAAK,UAAU,IAAI;AAC9C,QAAI,CAAC,OAAO,SAAS;AACnB;AAAA,QACE;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,OAAO,OAAO;AAAA,QACd;AAAA,MACF;AACA,aAAO,EAAE,IAAI,MAAM;AAAA,IACrB;AACA,WAAO,OAAO;AAAA,EAChB;AAEA,MAAI,UAAU,YAAY,MAAM,GAAG;AACjC,UAAM,SAAS,YAAY,OAAO,UAAU,MAAM;AAClD,QAAI,CAAC,OAAO,SAAS;AACnB;AAAA,QACE;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,OAAO,OAAO;AAAA,QACd;AAAA,MACF;AACA,aAAO,EAAE,IAAI,MAAM;AAAA,IACrB;AACA,WAAO,OAAO,QAAQ,OAAO,IAAI;AAAA,EACnC;AAEA,SAAO,EAAE,IAAI,MAAM,MAAM,EAAE,OAAO,MAAM,OAAO,EAAE;AACnD;;;ACjIA,SAAS,cAAAC,mBAAkB;AAE3B,SAAS,QAAAC,aAAY;;;ACHrB,SAAS,aAAa,YAAY,gBAAgB;AAClD,SAAS,MAAM,eAAe;AAE9B,IAAM,gBAAgB,oBAAI,IAAI,CAAC,OAAO,QAAQ,OAAO,MAAM,CAAC;AASrD,SAAS,gBAAgB,WAA6B;AAC3D,QAAM,QAAQ,KAAK,WAAW,YAAY;AAC1C,MAAI,CAAC,WAAW,KAAK,KAAK,CAAC,SAAS,KAAK,EAAE,YAAY,GAAG;AACxD,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,UAAU,YAAY,OAAO,EAAE,eAAe,KAAK,CAAC;AAC1D,QAAM,QAAkB,CAAC;AAEzB,aAAW,SAAS,SAAS;AAC3B,QAAI,CAAC,MAAM,OAAO,EAAG;AACrB,QAAI,MAAM,KAAK,WAAW,GAAG,KAAK,MAAM,KAAK,WAAW,GAAG,EAAG;AAC9D,UAAM,MAAM,QAAQ,MAAM,IAAI;AAC9B,QAAI,CAAC,cAAc,IAAI,GAAG,EAAG;AAC7B,UAAM,KAAK,KAAK,OAAO,MAAM,IAAI,CAAC;AAAA,EACpC;AAIA,QAAM,KAAK,CAAC,GAAG,MAAM,EAAE,cAAc,CAAC,CAAC;AACvC,SAAO;AACT;;;ADTA,IAAM,kBAAkB,oBAAI,IAAkC;AAc9D,SAAS,cAAc,WAAyC;AAC9D,MAAI,SAAS,gBAAgB,IAAI,SAAS;AAC1C,MAAI,CAAC,QAAQ;AACX,UAAM,iBAAiBC,MAAK,WAAW,eAAe;AACtD,aAAS;AAAA,MACP;AAAA,MACA,kBAAkBC,YAAW,cAAc;AAAA,MAC3C,gBAAgB,gBAAgB,SAAS;AAAA,IAC3C;AACA,oBAAgB,IAAI,WAAW,MAAM;AAAA,EACvC;AACA,SAAO;AACT;AAEA,eAAe,iBACb,IACA,KACA,KACkC;AAIlC,QAAM,QAAQ,EAAE,YAAY,MAAM;AAClC,QAAM,GAAG,KAAK,KAAK,MAAM;AACvB,UAAM,aAAa;AAAA,EACrB,CAAC;AACD,SAAO;AACT;AAEA,eAAsB,wBACpB,KACA,KACA,YACA,WAC2B;AAC3B,QAAM,EAAE,gBAAgB,kBAAkB,eAAe,IAAI,cAAc,SAAS;AACpF,QAAM,YAAY,eAAe,SAAS;AAG1C,MAAI,oBAAoB,WAAW;AACjC,UAAM,IAAI;AAAA,MACR;AAAA,IAEF;AAAA,EACF;AAGA,MAAI,WAAW;AACb,eAAW,UAAU,gBAAgB;AACnC,YAAM,MAAM,MAAM,WAAW,MAAM;AACnC,YAAM,KAAK,IAAI;AACf,UAAI,OAAO,OAAO,WAAY;AAE9B,YAAM,EAAE,WAAW,IAAI,MAAM,iBAAiB,IAAI,KAAK,GAAG;AAC1D,UAAI,CAAC,cAAc,IAAI,eAAe;AACpC,eAAO,EAAE,KAAK,CAAC,GAAG,SAAS,KAAK;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAGA,MAAI,kBAAkB;AACpB,UAAM,MAAM,MAAM,WAAW,cAAc;AAC3C,UAAM,KAAK,IAAI;AACf,QAAI,OAAO,OAAO,YAAY;AAC5B,YAAM,EAAE,WAAW,IAAI,MAAM,iBAAiB,IAAI,KAAK,GAAG;AAC1D,UAAI,CAAC,cAAc,IAAI,eAAe;AACpC,eAAO,EAAE,KAAK,CAAC,GAAG,SAAS,KAAK;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAGA,MAAI,MAAe,CAAC;AACpB,QAAM,cAAcD,MAAK,WAAW,YAAY;AAChD,MAAIC,YAAW,WAAW,GAAG;AAC3B,UAAM,MAAM,MAAM,WAAW,WAAW;AACxC,UAAM,gBAAgB,IAAI;AAC1B,QAAI,OAAO,kBAAkB,YAAY;AACvC,YAAM,MAAM,cAAc,EAAE,SAAS,KAAK,UAAU,IAAI,CAAC;AAAA,IAC3D;AAAA,EACF;AAEA,SAAO,EAAE,KAAK,SAAS,MAAM;AAC/B;;;AE3GA,IAAM,yBAAyB,oBAAI,IAAI,CAAC,QAAQ,OAAO,SAAS,QAAQ,CAAC;AAyBzE,eAAe,wBACb,MACA,KACA,KACe;AACf,QAAM,SAAS,KAAK,UAAU;AAC9B,MAAI;AACF,QAAI,OAAO;AACX,WAAO,CAAC,MAAM;AACZ,YAAM,QAAQ,MAAM,OAAO,KAAK;AAChC,aAAO,MAAM;AACb,UAAI,CAAC,KAAM,KAAI,MAAM,MAAM,KAAK;AAAA,IAClC;AAAA,EACF,SAAS,WAAW;AAClB,aAAS,gBAAgB,IAAI,SAAS,IAAI,IAAI,MAAM,IAAI;AAAA,MACtD,OAAO;AAAA,MACP,WAAW,IAAI,aAAa;AAAA,MAC5B,OAAO,IAAI;AAAA,MACX,QAAQ,IAAI;AAAA,MACZ,SAAS,qBAAqB,QAAQ,UAAU,UAAU,OAAO,SAAS;AAAA,IAC5E,CAAC;AACD,QAAI,IAAI,cAAc;AACpB,UAAI;AACF,cAAM,IAAI,aAAa,WAAW,IAAI,eAAe,IAAI,GAAG,GAAG,SAAS;AAAA,MAC1E,QAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF,UAAE;AACA,QAAI;AACF,aAAO,YAAY;AAAA,IACrB,QAAQ;AAAA,IAER;AAAA,EACF;AACF;AAUA,eAAsB,aAAa,KAAyC;AAE1E,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,WAAW;AAAA,IACX;AAAA,IACA;AAAA,EACF,IAAI;AACJ,QAAM,iBAAiB,CAAC,YAAoD;AAAA,IAC1E,SAAS;AAAA,IACT,UAAU;AAAA,IACV,KAAK;AAAA,IACL,WAAW,aAAa;AAAA,EAC1B;AAIA,MAAI,eAAe,YAAY,SAAS,QAAQ;AAC9C,QAAI,UAAU,sBAAsB,YAAY,IAAI;AAAA,EACtD;AAEA,MAAI;AAEF,QAAIC,OAA+B,CAAC;AACpC,QAAI,cAAc;AAChB,mBAAa,iBAAiBA,IAAG;AACjC,YAAM,cAAc,MAAM,aAAa,aAAa,eAAeA,IAAG,CAAC;AACvE,UAAI,YAAY,eAAgB;AAAA,IAClC;AAGA,QAAI,WAAW;AACb,YAAM,SAAS,MAAM,wBAAwB,KAAK,KAAK,YAAY,SAAS;AAC5E,UAAI,OAAO,QAAS;AACpB,MAAAA,OAAO,OAAO,OAAO,CAAC;AAGtB,UAAI,aAAc,cAAa,iBAAiBA,IAAG;AAAA,IACrD;AAIA,QAAI,YAAY;AACd,UAAIA,KAAI,UAAU,QAAW;AAC3B,cAAM,IAAI,yBAAyB,SAAS;AAAA,UAC1C,QACE;AAAA,QACJ,CAAC;AAAA,MACH;AACA,YAAM,SAAS,aAAa;AAC5B,YAAM,cAAc,kBAAkB,YAAY,MAAM;AACxD,MAAAA,KAAI,QAAQ;AAIZ,UAAI,GAAG,SAAS,MAAM;AACpB,YAAI,CAAC,IAAI,iBAAkB,QAAO,QAAQ;AAAA,MAC5C,CAAC;AAED,UAAI,GAAG,UAAU,MAAM;AACrB,YAAI,IAAI,cAAc,KAAK;AACzB,iBAAO,QAAQ;AACf;AAAA,QACF;AACA,aAAK,OAAO,MAAM,uBAAuB,UAAU,CAAC;AAAA,MACtD,CAAC;AAAA,IACH;AAEA,UAAM,MAAM,MAAM,WAAW,MAAM,QAAQ;AAC3C,UAAM,cAAc,IAAI,MAAM;AAE9B,QAAI,CAAC,aAAa;AAChB;AAAA,QACE;AAAA,QACA;AAAA,QACA,UAAU,MAAM;AAAA,QAChB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA;AAAA,IACF;AAEA,UAAM,UACJ,OAAO,gBAAgB,aACnB,cACC,YAAwC;AAC/C,QAAI,OAAO,YAAY,YAAY;AACjC,gBAAU,KAAK,kBAAkB,mCAAmC,KAAK,QAAW,SAAS;AAC7F;AAAA,IACF;AAKA,UAAM,cACJ,OAAO,gBAAgB,YAAa,YAAmC,SAAS;AAClF,QAAI,uBAAuB,IAAI,MAAM,KAAK,CAAC,aAAa;AACtD,YAAM,WAAW;AAAA,QACf;AAAA,QACA;AAAA,QACA;AAAA;AAAA,UAEE,MAAM;AAAA,UACN,MAAM,IAAI;AAAA,QACZ;AAAA,QACA;AAAA,MACF;AACA,UAAI,CAAC,SAAS,OAAO;AACnB;AAAA,UACE;AAAA,UACA;AAAA,UACA,SAAS,UAAU;AAAA,UACnB;AAAA,UACA;AAAA,UACA;AAAA,QACF;AACA;AAAA,MACF;AAAA,IACF;AAKA,UAAM,KAAK;AAEX,UAAM,cAAc,MAAM,kBAAkB,KAAK,KAAK,SAAS;AAC/D,QAAI,CAAC,YAAY,GAAI;AACrB,UAAM,EAAE,MAAM,IAAI,YAAY;AAC9B,QAAI,EAAE,KAAK,IAAI,YAAY;AAE3B,UAAM,mBAAmB,iBAAiB,IAAI,KAAK,WAAW,EAAE,OAAO,MAAM,OAAO,CAAC;AACrF,QAAI,CAAC,iBAAiB,GAAI;AAC1B,WAAO,iBAAiB,KAAK;AAG7B,QAAI,cAAc;AAChB,YAAM,YAAY,MAAM,aAAa,cAAc,eAAeA,IAAG,CAAC;AACtE,UAAI,UAAU,eAAgB;AAAA,IAChC;AAYA,UAAM,kBAAkB;AACxB,UAAM,gBAAgB,MAAM,gBAAgB,EAAE,OAAO,MAAM,QAAQ,SAAS,KAAK,KAAAA,KAAI,CAAC;AAGtF,QAAI,kBAAkB,UAAa,kBAAkB,MAAM;AACzD,eAAS,KAAK,MAAO,GAAG,UAAiC,KAAK,WAAW;AACzE,UAAI,aAAc,OAAM,aAAa,cAAc,eAAeA,IAAG,CAAC;AACtE;AAAA,IACF;AAEA,QAAI,yBAAyB,UAAU;AAKrC,YAAM,aAAqC,CAAC;AAC5C,iBAAW,CAAC,GAAG,CAAC,KAAK,cAAc,SAAS;AAC1C,YAAI,EAAE,YAAY,MAAM,aAAc,YAAW,CAAC,IAAI;AAAA,MACxD;AACA,YAAM,aAAa,cAAc,QAAQ,aAAa;AACtD,UAAI,WAAW,SAAS,GAAG;AACzB,YAAI,UAAU,cAAc,UAAU;AAAA,MACxC;AACA,UAAI,UAAU,cAAc,QAAQ,UAAU;AAE9C,UAAI,cAAc,MAAM;AACtB,cAAM,wBAAwB,cAAc,MAAM,KAAK;AAAA,UACrD;AAAA,UACA,KAAAA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA,WAAW,MAAM;AAAA,QACnB,CAAC;AAAA,MACH;AAEA,UAAI,IAAI;AACR,UAAI,aAAc,OAAM,aAAa,cAAc,eAAeA,IAAG,CAAC;AACtE;AAAA,IACF;AAKA,QAAI,eAAwB;AAC5B,QAAI,UAAU,GAAG,QAAQ,GAAG;AAC1B,YAAM,SAAS,GAAG,SAAS,UAAU,aAAa;AAClD,UAAI,CAAC,OAAO,SAAS;AACnB,cAAM,IAAI,UAAU;AAAA,UAClB,MAAM;AAAA,UACN,SAAS;AAAA,UACT,KAAK,EAAE,QAAQ,OAAO,OAAO,OAAO;AAAA,QACtC,CAAC;AAAA,MACH;AACA,qBAAe,OAAO;AAAA,IACxB;AACA,aAAS,KAAK,cAAe,GAAG,UAAiC,KAAK,WAAW;AACjF,QAAI,aAAc,OAAM,aAAa,cAAc,eAAeA,IAAG,CAAC;AAAA,EACxE,SAAS,KAAK;AAEZ,QAAI,cAAc;AAIhB,YAAM,YAAqC,CAAC;AAC5C,mBAAa,iBAAiB,SAAS;AACvC,YAAM,aAAa,WAAW,eAAe,SAAS,GAAG,GAAG;AAE5D,UAAI,IAAI,eAAe;AAErB,cAAM,aAAa,cAAc,eAAe,SAAS,GAAG,EAAE,aAAa,KAAK,CAAC;AACjF;AAAA,MACF;AAAA,IACF;AAGA,QAAI,oBAAoB,GAAG,GAAG;AAC5B,YAAM,UAAU;AAChB,gBAAU,KAAK,QAAQ,MAAM,QAAQ,SAAS,QAAQ,QAAQ,QAAW,SAAS;AAClF,UAAI,cAAc;AAChB,cAAM,YAAqC,CAAC;AAC5C,qBAAa,iBAAiB,SAAS;AACvC,cAAM,aAAa,cAAc,eAAe,SAAS,GAAG,EAAE,aAAa,KAAK,CAAC;AAAA,MACnF;AACA;AAAA,IACF;AACA;AAAA,MACE;AAAA,MACA;AAAA,MACA,eAAe,SAAS,IAAI,UAAU,IAAI,UAAU;AAAA,MACpD;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,QAAI,cAAc;AAChB,YAAM,YAAqC,CAAC;AAC5C,mBAAa,iBAAiB,SAAS;AACvC,YAAM,aAAa,cAAc,eAAe,SAAS,GAAG,EAAE,aAAa,KAAK,CAAC;AAAA,IACnF;AAAA,EACF;AACF;;;ACnTA,IAAM,iBAAkD;AAAA,EACtD,kBAAkB;AAAA,EAClB,aAAa;AAAA,EACb,cAAc;AAAA,EACd,WAAW;AAAA,EACX,WAAW;AAAA,EACX,oBAAoB;AAAA,EACpB,UAAU;AAAA,EACV,mBAAmB;AAAA,EACnB,mBAAmB;AAAA,EACnB,wBAAwB;AAAA,EACxB,mBAAmB;AAAA,EACnB,uBAAuB;AACzB;AAEA,IAAM,iBAAkD;AAAA,EACtD,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AACP;AAmBO,IAAM,cAAN,MAAM,qBAAoB,MAAM;AAAA;AAAA;AAAA;AAAA,EAI5B,OAAmD;AAAA,EACnD;AAAA,EACA;AAAA,EAET,YAAY,QAAqE;AAC/E,UAAM,OAAO,WAAW,OAAO,IAAI;AACnC,SAAK,OAAO,OAAO;AACnB,SAAK,SAAS,aAAY,aAAa,OAAO,IAAI;AAClD,QAAI,OAAO,OAAO;AAChB,WAAK,QAAQ,OAAO;AAAA,IACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,IAAI,WAA8B;AAChC,WAAO;AAAA,MACL,MAAM,aAAY,gBAAgB,KAAK,IAAI;AAAA,MAC3C,SAAS,KAAK;AAAA,IAChB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,gBAAgB,MAAsC;AAC3D,QAAI,SAAS,mBAAoB,QAAO;AACxC,QAAI,SAAS,oBAAqB,QAAO;AAMzC,WAAO;AAAA,EACT;AAAA,EAEA,OAAO,aAAa,MAA+B;AACjD,WAAO,eAAe,IAAI;AAAA,EAC5B;AAAA,EAEA,OAAO,aAAa,QAAiC;AACnD,WAAO,eAAe,MAAM,KAAK;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,SAAS,MAA4B;AAC1C,QAAI,OAAO,SAAS,YAAY,SAAS,MAAM;AAC7C,aAAO,IAAI,aAAY,EAAE,MAAM,wBAAwB,CAAC;AAAA,IAC1D;AACA,UAAM,MAAM;AACZ,QAAI,IAAI,SAAS,0BAA0B,MAAM,QAAQ,IAAI,MAAM,GAAG;AACpE,aAAO,IAAI,iBAAiB,IAAI,MAAmB;AAAA,IACrD;AACA,QACE,IAAI,SAAS,qBACb,OAAO,IAAI,SAAS,YACpB,IAAI,QAAQ,gBACZ;AACA,aAAO,IAAI,aAAY;AAAA,QACrB,MAAM,IAAI;AAAA,QACV,SAAS,OAAO,IAAI,YAAY,WAAW,IAAI,UAAU;AAAA,MAC3D,CAAC;AAAA,IACH;AACA,WAAO,IAAI,aAAY,EAAE,MAAM,wBAAwB,CAAC;AAAA,EAC1D;AACF;AAUO,IAAM,mBAAN,cAA+B,YAAY;AAAA,EAC9B,OAAO;AAAA,EAChB;AAAA,EACA;AAAA,EAET,YAAY,WAAoB;AAC9B,UAAM,EAAE,MAAM,oBAAoB,SAAS,oBAAoB,CAAC;AAChE,SAAK,SAAS,uBAAuB,SAAS;AAC9C,SAAK,SAAS,eAAe,KAAK,MAAM;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAa,WAAmD;AAC9D,WAAO;AAAA,MACL,MAAM;AAAA,MACN,SAAS,KAAK;AAAA,MACd,KAAK,EAAE,QAAQ,KAAK,OAAO;AAAA,IAC7B;AAAA,EACF;AACF;AAEA,SAAS,eAAe,QAAgE;AACtF,QAAM,SAAmC,CAAC;AAC1C,QAAM,OAAO,oBAAI,IAAY;AAC7B,aAAW,SAAS,QAAQ;AAE1B,UAAM,MAAM,MAAM,KAAK,WAAW,IAAI,KAAK,MAAM,KAAK,KAAK,GAAG;AAC9D,UAAM,YAAY,GAAG,GAAG,KAAI,MAAM,OAAO;AACzC,QAAI,KAAK,IAAI,SAAS,EAAG;AACzB,SAAK,IAAI,SAAS;AAClB,UAAM,SAAS,OAAO,GAAG,KAAK,CAAC;AAC/B,WAAO,KAAK,MAAM,OAAO;AACzB,WAAO,GAAG,IAAI;AAAA,EAChB;AACA,SAAO;AACT;AAWO,SAAS,uBAAuB,KAAmC;AACxE,MAAI,CAAC,MAAM,QAAQ,GAAG,EAAG,QAAO,CAAC;AACjC,QAAM,MAA2B,CAAC;AAClC,aAAW,SAAS,KAAK;AACvB,QAAI,OAAO,UAAU,YAAY,UAAU,KAAM;AACjD,UAAM,MAAM;AACZ,QAAI,CAAC,MAAM,QAAQ,IAAI,IAAI,EAAG;AAC9B,QAAI,OAAO,IAAI,YAAY,SAAU;AAErC,UAAM,OAA4B,CAAC;AACnC,QAAI,YAAY;AAChB,eAAW,OAAO,IAAI,MAAM;AAC1B,UAAI,OAAO,QAAQ,YAAY,OAAO,QAAQ,UAAU;AACtD,aAAK,KAAK,GAAG;AAAA,MACf,OAAO;AACL,oBAAY;AACZ;AAAA,MACF;AAAA,IACF;AACA,QAAI,CAAC,UAAW;AAChB,QAAI,KAAK;AAAA,MACP;AAAA,MACA,SAAS,IAAI;AAAA,MACb,MAAM,OAAO,IAAI,SAAS,WAAW,IAAI,OAAO;AAAA,IAClD,CAAC;AAAA,EACH;AACA,SAAO;AACT;;;AClPA,SAAS,SAAS;AAUX,SAAS,iBACd,UACA,QACA,SAAS,IACgB;AAEzB,QAAM,QAAQ,OAAO;AACrB,QAAM,MAA+B,CAAC;AAEtC,aAAW,CAAC,KAAK,YAAY,KAAK,OAAO,QAAQ,KAAK,GAAG;AACvD,UAAM,UAAU,SAAS;AACzB,UAAM,YAAY,eAAe,YAAY;AAE7C,QAAI,qBAAqB,EAAE,WAAW;AAEpC,YAAM,eAAe,GAAG,OAAO;AAC/B,YAAM,gBAAgB,CAAC,GAAG,SAAS,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,EAAE,WAAW,YAAY,CAAC;AACjF,UAAI,eAAe;AACjB,YAAI,GAAG,IAAI,iBAAiB,UAAU,WAAW,YAAY;AAC7D;AAAA,MACF;AAEA,UAAI,GAAG,IAAI,qBAAqB,YAAY;AAC5C;AAAA,IACF;AAEA,QAAI,qBAAqB,EAAE,UAAU;AACnC,YAAM,SAAS,SAAS,OAAO,OAAO;AACtC,UAAI,GAAG,IAAI,oBAAoB,QAAQ,SAAkC;AACzE;AAAA,IACF;AAEA,QAAI,qBAAqB,EAAE,YAAY;AACrC,UAAI,GAAG,IAAI,cAAc,UAAU,OAAO;AAC1C;AAAA,IACF;AAGA,QAAI,SAAS,IAAI,OAAO,GAAG;AACzB,YAAM,MAAM,SAAS,IAAI,OAAO;AAChC,UAAI,GAAG,IAAI,aAAa,KAAK,SAAS;AAAA,IACxC,OAAO;AACL,UAAI,GAAG,IAAI,qBAAqB,YAAY;AAAA,IAC9C;AAAA,EACF;AAEA,SAAO;AACT;AAGA,SAAS,eAAe,WAAiC;AACvD,MAAI,QAAmB;AACvB,SACE,iBAAiB,EAAE,eACnB,iBAAiB,EAAE,eACnB,iBAAiB,EAAE,YACnB;AACA,YAAQ,aAAa,KAAK;AAAA,EAC5B;AACA,SAAO;AACT;AAEA,SAAS,aAAa,SAA+B;AAEnD,QAAM,MAAM,QAAQ;AACpB,MAAI,IAAI,UAAW,QAAO,IAAI;AAE9B,QAAM,YAAa,QAA4D;AAC/E,MAAI,WAAW,UAAW,QAAO,UAAU;AAC3C,SAAO;AACT;AASA,SAAS,qBAAqB,WAA+B;AAC3D,MAAI,SAAoB;AACxB,SACE,kBAAkB,EAAE,eACpB,kBAAkB,EAAE,eACpB,kBAAkB,EAAE,YACpB;AACA,QAAI,kBAAkB,EAAE,YAAY;AAClC,YAAM,MAAM,OAAO;AACnB,aAAO,OAAO,IAAI,iBAAiB,aAC9B,IAAI,aAA+B,IACpC,IAAI;AAAA,IACV;AACA,QAAI,kBAAkB,EAAE,YAAa,QAAO;AAC5C,aAAS,aAAa,MAAM;AAAA,EAC9B;AACA,SAAO;AACT;AAEA,SAAS,aAAa,KAAgC,WAA+B;AACnF,MAAI,QAAQ,KAAM,QAAO;AACzB,MAAI,qBAAqB,EAAE,WAAW;AACpC,WAAO,OAAO,QAAQ,WAAW,OAAO,GAAG,IAAI;AAAA,EACjD;AAEA,SAAO;AACT;AAEA,SAAS,oBACP,QACA,gBACW;AAGX,QAAM,MAAM,eAAe;AAC3B,QAAM,gBAAgB,IAAI,YAAY,IAAI,gBAAgB,EAAE,UAAU,IAAI,OAAO;AACjF,QAAM,cAAc,gBAAgB,eAAe,aAAa,IAAI;AACpE,MAAI,uBAAuB,EAAE,WAAW;AACtC,WAAO,OAAO,IAAI,CAAC,MAAO,OAAO,MAAM,WAAW,OAAO,CAAC,IAAI,CAAE;AAAA,EAClE;AACA,MAAI,uBAAuB,EAAE,YAAY;AACvC,WAAO,OAAO,IAAI,CAAC,MAAM;AACvB,UAAI,MAAM,OAAQ,QAAO;AACzB,UAAI,MAAM,QAAS,QAAO;AAC1B,aAAO,QAAQ,CAAC;AAAA,IAClB,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAEA,SAAS,cAAc,UAAoB,KAAkC;AAC3E,MAAI,CAAC,SAAS,IAAI,GAAG,EAAG,QAAO;AAC/B,QAAM,MAAM,SAAS,IAAI,GAAG;AAC5B,MAAI,QAAQ,OAAQ,QAAO;AAC3B,MAAI,QAAQ,QAAS,QAAO;AAE5B,SAAO,QAAQ,GAAG;AACpB;;;ACvJA,IAAMC,kBAAyC;AAAA;AAAA,EAE7C,aAAa;AAAA,EACb,cAAc;AAAA,EACd,WAAW;AAAA,EACX,WAAW;AAAA,EACX,oBAAoB;AAAA,EACpB,UAAU;AAAA,EACV,qBAAqB;AAAA,EACrB,mBAAmB;AAAA,EACnB,wBAAwB;AAAA,EACxB,sBAAsB;AAAA,EACtB,mBAAmB;AAAA,EACnB,cAAc;AAAA;AAAA,EAGd,uBAAuB;AAAA,EACvB,iBAAiB;AAAA,EACjB,aAAa;AAAA,EACb,qBAAqB;AAAA,EACrB,iBAAiB;AAAA;AAAA,EAGjB,iBAAiB;AAAA,EACjB,sBAAsB;AAAA,EACtB,iBAAiB;AAAA,EACjB,2BAA2B;AAC7B;AAEO,SAAS,qBAAqB,MAAsB;AACzD,SAAOA,gBAAe,IAAI,KAAK;AACjC;;;ACPA,eAAsB,mBAAmB,KAAc,GAAyC;AAE9F,MAAI,EAAE,cAAc;AAClB,UAAM,YAAqC,CAAC;AAC5C,MAAE,aAAa,iBAAiB,SAAS;AACzC,QAAI;AACF,YAAM,EAAE,aAAa,WAAW,EAAE,eAAe,SAAS,GAAG,GAAG;AAAA,IAClE,QAAQ;AAAA,IAER;AAEA,QAAI,EAAE,IAAI,eAAe;AACvB,UAAI;AACF,cAAM,EAAE,aAAa,cAAc,EAAE,eAAe,SAAS,GAAG;AAAA,UAC9D,aAAa;AAAA,QACf,CAAC;AAAA,MACH,QAAQ;AAAA,MAER;AACA;AAAA,IACF;AAAA,EACF;AAGA,MAAI,oBAAoB,GAAG,GAAG;AAC5B,UAAM,UAAU;AAChB,cAAU,EAAE,KAAK,QAAQ,MAAM,QAAQ,SAAS,QAAQ,QAAQ,QAAW,EAAE,SAAS;AAAA,EACxF,OAAO;AAOL,UAAM,WAAW,sBAAsB,GAAG;AAC1C,QAAI,SAAS,SAAS,yBAAyB;AAC7C;AAAA,QACE,EAAE;AAAA,QACF;AAAA,QACA,eAAe,QAAQ,IAAI,UAAU;AAAA,QACrC;AAAA,QACA;AAAA,QACA,EAAE;AAAA,MACJ;AAAA,IACF,OAAO;AACL;AAAA,QACE,EAAE;AAAA,QACF,SAAS;AAAA,QACT,SAAS;AAAA,QACT,qBAAqB,SAAS,IAAI;AAAA,QAClC;AAAA,QACA,EAAE;AAAA,MACJ;AAAA,IACF;AAAA,EACF;AAGA,MAAI,EAAE,cAAc;AAClB,UAAM,YAAqC,CAAC;AAC5C,MAAE,aAAa,iBAAiB,SAAS;AACzC,QAAI;AACF,YAAM,EAAE,aAAa,cAAc,EAAE,eAAe,SAAS,GAAG;AAAA,QAC9D,aAAa;AAAA,MACf,CAAC;AAAA,IACH,QAAQ;AAAA,IAER;AAAA,EACF;AACF;;;ACzFA,SAAS,aAAa,wBAAwB;AAS9C,IAAM,mCAAmC,IAAI,OAAO;AA2B7C,SAAS,sBACd,QACA,UAA4B,CAAC,GACL;AACxB,QAAM,QAAQ,QAAQ,yBAAyB;AAE/C,MAAI,OAAO,UAAU,QAAW;AAC9B,UAAMC,QACJ,OAAO,iBAAiB,mBACpB,KAAK,UAAU;AAAA,MACb,MAAM,OAAO,MAAM;AAAA,MACnB,MAAM,OAAO,MAAM;AAAA,MACnB,SAAS,OAAO,MAAM;AAAA,MACtB,QAAQ,OAAO,MAAM;AAAA,MACrB,QAAQ,OAAO,MAAM;AAAA,IACvB,CAAC,IACD,KAAK,UAAU;AAAA,MACb,MAAM,OAAO,MAAM;AAAA,MACnB,MAAM,OAAO,MAAM;AAAA,MACnB,SAAS,OAAO,MAAM;AAAA,IACxB,CAAC;AACP,QAAI,OAAO,WAAWA,OAAM,MAAM,IAAI,OAAO;AAC3C,YAAM,IAAI,YAAY;AAAA,QACpB,MAAM;AAAA,QACN,SAAS,wCAAwC,KAAK;AAAA,MACxD,CAAC;AAAA,IACH;AACA,WAAO;AAAA,MACL,MAAM;AAAA,MACN,QAAQ,OAAO,MAAM;AAAA,MACrB,aAAa;AAAA,MACb,MAAAA;AAAA,IACF;AAAA,EACF;AAEA,MAAI,OAAO,SAAS,QAAW;AAC7B,WAAO,EAAE,MAAM,SAAS,QAAQ,IAAI;AAAA,EACtC;AAEA,MAAI,OAAO,gBAAgB,UAAU;AACnC,UAAM,IAAI,YAAY;AAAA,MACpB,MAAM;AAAA,MACN,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,iBAAiB,OAAO,MAAM;AAAA,MACnC,KAAK,CAAC,UAAmB,iBAAiB,OAAO,MAAM;AAAA,IACzD,CAAC;AAAA,EACH,SAAS,GAAG;AACV,UAAM,IAAI,YAAY;AAAA,MACpB,MAAM;AAAA,MACN,SAAS,iCAAiC,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC,CAAC;AAAA,IACtF,CAAC;AAAA,EACH;AAEA,MAAI,OAAO,WAAW,MAAM,MAAM,IAAI,OAAO;AAC3C,UAAM,IAAI,YAAY;AAAA,MACpB,MAAM;AAAA,MACN,SAAS,2CAA2C,KAAK;AAAA,IAC3D,CAAC;AAAA,EACH;AAEA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,aAAa;AAAA,IACb;AAAA,EACF;AACF;;;AChGA,IAAM,YAAY,MAAM;AACtB,MAAI;AACF,WAAQ,YAA4C,KAAK,QAAQ;AAAA,EACnE,QAAQ;AACN,WAAO,QAAQ,IAAI,aAAa;AAAA,EAClC;AACF,GAAG;AAsBH,SAAS,eAAe,OAAuC;AAC7D,MAAI,OAAO,UAAU,YAAY,UAAU,KAAM,QAAO;AACxD,QAAM,YAAY;AAClB,MAAI,OAAO,UAAU,YAAY,WAAY,QAAO;AACpD,QAAM,QAAQ,UAAU;AACxB,SAAO,OAAO,OAAO,cAAc;AACrC;AAkBA,eAAsB,cACpB,UACA,YACA,KACA,KACA,YACA,WACA,WACA,cACA,WAAqB,UACrB,YACe;AACf,SAAO,yBAAyB;AAAA,IAC9B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAEA,eAAe,iBACb,YACA,UACA,YACA,KACA,WAC8B;AAC9B,QAAM,MAAM,MAAM,WAAW,QAAQ;AACrC,QAAM,gBAAgB,IAAI,UAAU;AACpC,MAAI,CAAC,eAAe,aAAa,GAAG;AAClC,cAAU,KAAK,aAAa,WAAW,UAAU,eAAe,KAAK,QAAW,SAAS;AACzF,WAAO;AAAA,EACT;AACA,SAAO;AACT;AASA,SAAS,qBACP,KACA,KACA,KACS;AACT,MAAI,IAAI,aAAa,SAAS,MAAO,QAAO;AAC5C,QAAM,WAAW;AAAA,IACf;AAAA,IACA,IAAI;AAAA,IACJ;AAAA;AAAA,MAEE,MAAM;AAAA,MACN,MAAM,IAAI;AAAA,IACZ;AAAA,IACA,IAAI;AAAA,EACN;AACA,MAAI,SAAS,MAAO,QAAO;AAC3B;AAAA,IACE;AAAA,IACA;AAAA,IACA,SAAS,UAAU;AAAA,IACnB;AAAA,IACA;AAAA,IACA,IAAI;AAAA,EACN;AACA,SAAO;AACT;AAYA,eAAe,sBAAsB,GAAqC;AACxE,MAAI,EAAE,WAAW;AACf,UAAM,SAAS,MAAM,wBAAwB,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,SAAS;AACpF,QAAI,OAAO,QAAS,QAAO;AAC3B,WAAO,OAAO,EAAE,KAAM,OAAO,OAAO,CAAC,CAA6B;AAClE,MAAE,cAAc,iBAAiB,EAAE,GAAG;AAAA,EACxC;AACA,MAAI,EAAE,cAAc;AAClB,UAAM,YAAY,MAAM,EAAE,aAAa,cAAc,EAAE,eAAe,EAAE,GAAG,CAAC;AAC5E,QAAI,UAAU,eAAgB,QAAO;AAAA,EACvC;AACA,SAAO;AACT;AAEA,eAAe,eACb,KACA,KACA,WACA,cACsD;AACtD,MAAI;AACF,UAAM,SAAS,MAAM,iBAAiB,GAAG;AACzC,UAAM,SAAS,aAAa,UAAU;AACtC,QAAI;AACJ,QAAI,WAAW,QAAQ;AACrB,aAAO;AAAA,QACL,mBAAmB,MAAM;AAAA,QACzB,aAAa;AAAA,MACf;AAAA,IACF,WAAW,OAAO,SAAS,QAAW;AACpC,aAAO,OAAO;AAAA,IAChB,OAAO;AACL,aAAO,OAAO;AAAA,IAChB;AACA,WAAO,EAAE,IAAI,MAAM,KAAK;AAAA,EAC1B,SAAS,KAAK;AACZ,cAAU,KAAK,oBAAqB,IAAc,SAAS,KAAK,QAAW,SAAS;AACpF,WAAO,EAAE,IAAI,MAAM;AAAA,EACrB;AACF;AAOA,SAAS,mBAAmB,QAA8B;AACxD,QAAM,KAAK,IAAI,SAAS;AACxB,aAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,OAAO,MAAM,GAAG;AACzD,OAAG,OAAO,MAAM,KAAK;AAAA,EACvB;AACA,aAAW,QAAQ,OAAO,OAAO;AAC/B,UAAM,OAAO,IAAI,KAAK,CAAC,KAAK,MAAgC,GAAG;AAAA,MAC7D,MAAM,KAAK;AAAA,IACb,CAAC;AACD,OAAG,OAAO,KAAK,WAAW,MAAM,KAAK,QAAQ;AAAA,EAC/C;AACA,SAAO;AACT;AAMA,SAAS,gBACP,KACA,YACM;AACN,MAAI,WAAW,SAAS,SAAS;AAC/B,QAAI,aAAa,WAAW;AAC5B,QAAI,IAAI;AACR;AAAA,EACF;AACA,MAAI,aAAa,WAAW;AAC5B,MAAI,UAAU,gBAAgB,WAAW,WAAW;AACpD,MAAI,IAAI,WAAW,IAAI;AACzB;AAOA,eAAe,wBACb,MACA,WACA,OACA,SACe;AACf,MAAI,CAAC,SAAU;AACf,MAAI;AACF,UAAM,MAAO,MAAM,OAAO,0BAAqC;AAc/D,QAAI,WAAW,aAAa;AAAA;AAAA,MAE1B,IAAI,OAAO,OAAO,KAAK,IAAI,CAAC,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,GAAG,CAAC,CAAC;AAAA,MACvE,WAAW;AAAA,MACX;AAAA,MACA;AAAA,MACA,QAAQ,QAAQ,WAAW,YAAY,QAAQ,SAAS;AAAA,MACxD,OACE,QAAQ,WAAW,UACf;AAAA,QACE,MAAM,QAAQ,MAAM;AAAA,QACpB,SAAS,QAAQ,MAAM;AAAA,QACvB,QAAQ,QAAQ,iBAAiB,mBAAmB,QAAQ,MAAM,SAAS;AAAA,MAC7E,IACA;AAAA,MACN,YAAY,KAAK,IAAI,IAAI;AAAA,MACzB,QAAQ,QAAQ;AAAA,IAClB,CAAC;AAAA,EACH,QAAQ;AAAA,EAER;AACF;AAEA,eAAe,yBAAyB,MAA2C;AACjF,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,WAAW;AAAA,IACX;AAAA,EACF,IAAI;AAEJ,QAAM,iBAAiB,CAAC,YAAoD;AAAA,IAC1E,SAAS;AAAA,IACT,UAAU;AAAA,IACV,KAAK;AAAA,IACL,WAAW,aAAa;AAAA,EAC1B;AAEA,MAAI,MAA+B,CAAC;AAEpC,MAAI;AAEF,SAAK,IAAI,UAAU,OAAO,YAAY,MAAM,QAAQ;AAClD,gBAAU,KAAK,sBAAsB,4BAA4B,KAAK,QAAW,SAAS;AAC1F;AAAA,IACF;AAGA,QAAI,cAAc;AAChB,mBAAa,iBAAiB,GAAG;AACjC,YAAM,cAAc,MAAM,aAAa,aAAa,eAAe,GAAG,CAAC;AACvE,UAAI,YAAY,eAAgB;AAAA,IAClC;AAGA,UAAM,eAAe,MAAM,iBAAiB,YAAY,UAAU,YAAY,KAAK,SAAS;AAC5F,QAAI,CAAC,aAAc;AAGnB,QAAI,CAAC,qBAAqB,KAAK,KAAK,EAAE,cAAc,UAAU,YAAY,UAAU,CAAC,GAAG;AACtF;AAAA,IACF;AAGA,UAAM,WAA2B;AAAA,MAC/B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,QAAI,CAAE,MAAM,sBAAsB,QAAQ,EAAI;AAC9C,UAAM,SAAS;AAGf,UAAM,cAAc,MAAM,eAAe,KAAK,KAAK,WAAW,YAAY;AAC1E,QAAI,CAAC,YAAY,GAAI;AAGrB,UAAM,aAAa,eAAe,YAAY,yBAAyB,QAAQ,IAAI;AACnF,UAAM,YAAY,KAAK,IAAI;AAG3B,UAAM,SAAS,aAAa,MAAM,UAAU,YAAY,IAAI;AAC5D,QAAI,CAAC,OAAO,SAAS;AACnB,YAAM,WAAW,IAAI,iBAAiB,OAAO,OAAO,UAAU,CAAC,CAAC;AAChE,sBAAgB,KAAK,sBAAsB,EAAE,MAAM,QAAW,OAAO,SAAS,CAAC,CAAC;AAChF,YAAM,wBAAwB,YAAY,WAAW,YAAY,MAAM;AAAA,QACrE,QAAQ;AAAA,QACR,OAAO;AAAA,MACT,CAAC;AACD;AAAA,IACF;AAEA,UAAM,iBAAiB;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA,MACA,OAAO,OAAO;AAAA,MACd;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,UAAM,kBAAkB,KAAK,EAAE,KAAK,KAAK,KAAK,WAAW,cAAc,eAAe,CAAC;AAAA,EACzF;AACF;AAGA,SAAS,yBAAyB,UAA0B;AAC1D,QAAM,OAAO,SAAS,MAAM,OAAO,EAAE,IAAI,KAAK;AAC9C,SAAO,KAAK,QAAQ,cAAc,EAAE;AACtC;AAaA,SAAS,kBAAkB,KAAkC;AAC3D,MAAI,QAAQ,QAAQ,OAAO,QAAQ,SAAU,QAAO;AACpD,QAAM,MAAM;AACZ,UACG,IAAI,SAAS,qBAAqB,IAAI,SAAS,2BAChD,OAAO,IAAI,SAAS,YACpB,OAAO,IAAI,WAAW;AAE1B;AAaA,eAAe,iBAAiB,MAAiC;AAC/D,MAAI;AACF,UAAM,gBAAgB,MAAM,KAAK,aAAa,QAAQ,EAAE,OAAO,KAAK,OAAO,KAAK,KAAK,IAAI,CAAC;AAE1F,oBAAgB,KAAK,KAAK,sBAAsB,EAAE,MAAM,eAAe,OAAO,OAAU,CAAC,CAAC;AAC1F,QAAI,KAAK,cAAc;AACrB,YAAM,KAAK,aAAa,cAAc,KAAK,eAAe,KAAK,GAAG,CAAC;AAAA,IACrE;AACA,UAAM,wBAAwB,KAAK,YAAY,KAAK,WAAW,KAAK,OAAO;AAAA,MACzE,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV,CAAC;AAAA,EACH,SAAS,KAAK;AAOZ,QAAI,kBAAkB,GAAG,GAAG;AAC1B,sBAAgB,KAAK,KAAK,sBAAsB,EAAE,MAAM,QAAW,OAAO,IAAI,CAAC,CAAC;AAChF,YAAM,wBAAwB,KAAK,YAAY,KAAK,WAAW,KAAK,OAAO;AAAA,QACzE,QAAQ;AAAA,QACR,OAAO;AAAA,MACT,CAAC;AACD;AAAA,IACF;AAIA,UAAM,UAAU,IAAI,YAAY;AAAA,MAC9B,MAAM;AAAA,MACN,SAAS,eAAe,QAAQ,IAAI,UAAU;AAAA,IAChD,CAAC;AACD,UAAM,wBAAwB,KAAK,YAAY,KAAK,WAAW,KAAK,OAAO;AAAA,MACzE,QAAQ;AAAA,MACR,OAAO;AAAA,IACT,CAAC;AACD,UAAM;AAAA,EACR;AACF;AAcA,eAAe,kBAAkB,KAAc,GAAkC;AAC/E,SAAO,mBAAmB,KAAK;AAAA,IAC7B,KAAK,EAAE;AAAA,IACP,KAAK,EAAE;AAAA,IACP,WAAW,EAAE;AAAA,IACb,cAAc,EAAE;AAAA,IAChB,gBAAgB,EAAE;AAAA,EACpB,CAAC;AACH;;;ACteO,SAAS,YAAY,GAAW,GAAmB;AACxD,QAAM,IAAI,EAAE;AACZ,QAAM,IAAI,EAAE;AACZ,QAAM,KAAiB,MAAM;AAAA,IAAK,EAAE,QAAQ,IAAI,EAAE;AAAA,IAAG,MACnD,MAAM,KAAa,EAAE,QAAQ,IAAI,EAAE,CAAC,EAAE,KAAK,CAAC;AAAA,EAC9C;AAEA,WAAS,IAAI,GAAG,KAAK,GAAG,IAAK,IAAG,CAAC,EAAE,CAAC,IAAI;AACxC,WAAS,IAAI,GAAG,KAAK,GAAG,IAAK,IAAG,CAAC,EAAE,CAAC,IAAI;AAExC,WAAS,IAAI,GAAG,KAAK,GAAG,KAAK;AAC3B,aAAS,IAAI,GAAG,KAAK,GAAG,KAAK;AAC3B,YAAM,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,IAAI;AACzC,SAAG,CAAC,EAAE,CAAC,IAAI,KAAK,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,IAAI,GAAG,GAAG,CAAC,EAAE,IAAI,CAAC,IAAI,GAAG,GAAG,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,IAAI;AAAA,IACjF;AAAA,EACF;AAEA,SAAO,GAAG,CAAC,EAAE,CAAC;AAChB;AAEO,SAAS,eACd,OACA,YACA,cAAc,GACC;AACf,MAAI,OAAsB;AAC1B,MAAI,WAAW,cAAc;AAE7B,aAAW,KAAK,YAAY;AAC1B,UAAM,IAAI,YAAY,OAAO,CAAC;AAC9B,QAAI,IAAI,UAAU;AAChB,iBAAW;AACX,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;;;ACvBO,IAAM,uBAAN,cAAmC,MAAM;AAAA,EAC9C,YAAY,MAAc;AACxB,UAAM,WAAW,IAAI,0BAA0B;AAC/C,SAAK,OAAO;AAAA,EACd;AACF;AAiCO,IAAM,eAAN,MAAmB;AAAA,EAChB,UAAU,oBAAI,IAAY;AAAA,EAC1B,eAAe,oBAAI,IAAyB;AAAA,EAC5C,iBAAkC,CAAC;AAAA,EACnC,kBAAoC,CAAC;AAAA,EACrC,kBAAoC,CAAC;AAAA,EACrC,eAA8B,CAAC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAO/B,oBAAoB,oBAAI,IAAqB;AAAA,EAC7C,YAAqB,KAAK,qBAAqB;AAAA,EAEvD,IAAI,MAAuB;AACzB,WAAO,KAAK,QAAQ,IAAI,IAAI;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,SAAS,QAAmC;AAChD,QAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,GAAG;AACjC,YAAM,IAAI,qBAAqB,OAAO,IAAI;AAAA,IAC5C;AAEA,SAAK,QAAQ,IAAI,OAAO,IAAI;AAE5B,UAAM,QAAQ,KAAK,iBAAiB,OAAO,IAAI;AAC/C,SAAK,aAAa,IAAI,OAAO,MAAM,KAAK;AAExC,QAAI;AACF,YAAM,OAAO,SAAS,MAAM,GAAG;AAAA,IACjC,SAAS,KAAK;AAIZ,WAAK,QAAQ,OAAO,OAAO,IAAI;AAC/B,WAAK,aAAa,OAAO,OAAO,IAAI;AACpC,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,uBAAgC;AACtC,UAAM,SAAkB;AAAA,MACtB,SAAS,CAAC,MAAgB,OAAgB;AACxC,aAAK,gBAAgB,MAAM,EAAE;AAAA,MAC/B;AAAA;AAAA,MAEA,iBAAiB,CAAI,KAAa,UAAa;AAC7C,aAAK,kBAAkB,IAAI,KAAK,KAAK;AAAA,MACvC;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,iBAAiB,aAAkC;AACzD,UAAM,cAAc,oBAAI,IAAqB;AAC7C,UAAM,WAAoB,OAAO,OAAO,KAAK,SAAS;AAMtD,WAAO,eAAe,UAAU,mBAAmB;AAAA;AAAA,MAEjD,OAAO,CAAI,KAAa,UAAa;AACnC,YAAI,OAAO,QAAQ,UAAU;AAC3B,gBAAM,IAAI;AAAA,YACR,sDAAsD,OAAO,GAAG;AAAA,UAElE;AAAA,QACF;AACA,oBAAY,IAAI,KAAK,KAAK;AAAA,MAC5B;AAAA,MACA,YAAY;AAAA,MACZ,UAAU;AAAA,MACV,cAAc;AAAA,IAChB,CAAC;AAKD,WAAO,eAAe,UAAU,eAAe;AAAA,MAC7C,KAAK,MAAM,OAAO,YAAY,WAAW;AAAA,MACzC,YAAY;AAAA,MACZ,cAAc;AAAA,IAChB,CAAC;AACD,WAAO,EAAE,KAAK,UAAU,YAAY;AAAA,EACtC;AAAA,EAEQ,gBAAgB,MAAgB,IAAmB;AACzD,YAAQ,MAAM;AAAA,MACZ,KAAK;AACH,aAAK,eAAe,KAAK,EAAmB;AAC5C;AAAA,MACF,KAAK;AACH,aAAK,gBAAgB,KAAK,EAAoB;AAC9C;AAAA,MACF,KAAK;AACH,aAAK,gBAAgB,KAAK,EAAoB;AAC9C;AAAA,MACF,KAAK;AACH,aAAK,aAAa,KAAK,EAAiB;AACxC;AAAA,IACJ;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,iBAAiB,KAAoC;AACnD,eAAW,SAAS,KAAK,aAAa,OAAO,GAAG;AAC9C,iBAAW,CAAC,KAAK,KAAK,KAAK,MAAM,YAAY,QAAQ,GAAG;AACtD,YAAI,GAAG,IAAI;AAAA,MACb;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,uBAAuB,YAAoB,QAAuC;AAChF,UAAM,QAAQ,KAAK,aAAa,IAAI,UAAU;AAC9C,QAAI,CAAC,MAAO,OAAM,IAAI,MAAM,iCAAiC,UAAU,GAAG;AAC1E,eAAW,CAAC,KAAK,KAAK,KAAK,MAAM,YAAY,QAAQ,GAAG;AACtD,aAAO,GAAG,IAAI;AAAA,IAChB;AAAA,EACF;AAAA;AAAA,EAGA,eAAe,YAA6B;AAC1C,UAAM,QAAQ,KAAK,aAAa,IAAI,UAAU;AAC9C,QAAI,CAAC,MAAO,OAAM,IAAI,MAAM,iCAAiC,UAAU,GAAG;AAC1E,WAAO,MAAM;AAAA,EACf;AAAA;AAAA,EAGA,eAAwB;AACtB,WAAO,KAAK;AAAA,EACd;AAAA;AAAA,EAGA,uBAA6C;AAC3C,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAM,aAAa,KAAyC;AAC1D,WAAO,KAAK,YAAY,KAAK,gBAAgB,GAAG;AAAA,EAClD;AAAA,EAEA,MAAM,cAAc,KAAyC;AAC3D,WAAO,KAAK,YAAY,KAAK,iBAAiB,GAAG;AAAA,EACnD;AAAA,EAEA,MAAM,cAAc,KAAoB,UAA0B,CAAC,GAAwB;AACzF,WAAO,KAAK,YAAY,KAAK,iBAAiB,KAAK,OAAO;AAAA,EAC5D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,WAAW,KAAoB,OAAqC;AACxE,UAAM,WAA+B,EAAE,GAAG,KAAK,MAAM;AACrD,eAAW,QAAQ,KAAK,cAAc;AACpC,UAAI;AACF,cAAM,KAAK,QAAQ;AAAA,MACrB,SAAS,UAAU;AAGjB,gBAAQ;AAAA,UACN;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,WAAO,EAAE,gBAAgB,MAAM;AAAA,EACjC;AAAA,EAEA,MAAc,YACZ,OACA,KACA,UAA0B,CAAC,GACN;AACrB,eAAW,QAAQ,OAAO;AACxB,UAAI;AACF,cAAM,KAAK,GAAG;AAAA,MAChB,SAAS,KAAK;AACZ,YAAI,QAAQ,aAAa;AAGvB,kBAAQ,MAAM,oEAAoE,GAAG;AACrF;AAAA,QACF;AACA,cAAM;AAAA,MACR;AACA,UAAI,IAAI,SAAS,iBAAiB,IAAI,SAAS,aAAa;AAC1D,eAAO,EAAE,gBAAgB,KAAK;AAAA,MAChC;AAAA,IACF;AACA,WAAO,EAAE,gBAAgB,MAAM;AAAA,EACjC;AACF;;;AC3RO,IAAM,0BAAN,cAAsC,MAAM;AAAA,EACjD,YAAY,OAAe,QAAgB;AACzC,UAAM,WAAW,KAAK,gCAAgC,MAAM,EAAE;AAC9D,SAAK,OAAO;AAAA,EACd;AACF;AAEA,SAAS,SAAS,OAAgB,OAAoC;AACpE,MAAI,SAAS,QAAQ,OAAO,UAAU,UAAU;AAC9C,UAAM,IAAI,wBAAwB,OAAO,oBAAoB;AAAA,EAC/D;AACA,QAAM,IAAI;AACV,MAAI,OAAO,EAAE,SAAS,YAAY,EAAE,KAAK,WAAW,GAAG;AACrD,UAAM,IAAI,wBAAwB,OAAO,uBAAuB;AAAA,EAClE;AACA,MAAI,OAAO,EAAE,aAAa,YAAY;AACpC,UAAM,IAAI,wBAAwB,OAAO,6BAA6B;AAAA,EACxE;AACA,SAAO;AACT;AAQA,eAAsB,6BACpB,SACmC;AACnC,MAAI,WAAW,KAAM,QAAO;AAC5B,MAAI,CAAC,MAAM,QAAQ,OAAO,EAAG,QAAO;AACpC,MAAI,QAAQ,WAAW,EAAG,QAAO;AAEjC,QAAM,SAAS,IAAI,aAAa;AAChC,QAAM,eAA0B;AAChC,WAAS,IAAI,GAAG,IAAI,aAAa,QAAQ,KAAK;AAC5C,UAAM,YAAqB,aAAa,CAAC;AACzC,QAAI,CAAC,SAAS,WAAW,CAAC,GAAG;AAG3B;AAAA,IACF;AACA,UAAM,OAAO,SAAS,SAAS;AAAA,EACjC;AACA,SAAO;AACT;;;ACAO,IAAM,gBAAN,MAAM,eAAwC;AAAA,EAC3C,QAAQ,oBAAI,IAA4B;AAAA;AAAA,EAEhD,OAAgB,cAAc;AAAA;AAAA,EAE9B,OAAgB,iBAAiB;AAAA,EAEzB,UAAiD;AAAA,EAEzD,cAAc;AAKZ,QAAI,OAAO,gBAAgB,aAAa;AACtC,YAAM,QAAQ,YAAY,MAAM;AAC9B,aAAK,aAAa;AAAA,MACpB,GAAG,eAAc,cAAc;AAC/B,WAAK,UAAU;AAGf,YAAM,aAAc,MAAiC;AACrD,UAAI,OAAO,eAAe,WAAY,YAAW,KAAK,KAAK;AAAA,IAC7D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,SAAS,KAAa,UAAkC;AACtD,QAAI,CAAC,OAAO,SAAS,QAAQ,KAAK,YAAY,GAAG;AAC/C,YAAM,IAAI;AAAA,QACR,sEAAsE,QAAQ;AAAA,MAChF;AAAA,IACF;AACA,UAAM,MAAM,KAAK,IAAI;AAGrB,QAAI,KAAK,MAAM,QAAQ,eAAc,aAAa;AAChD,YAAM,QAAQ,KAAK,MAAM,KAAK,EAAE,KAAK,EAAE;AACvC,UAAI,UAAU,OAAW,MAAK,MAAM,OAAO,KAAK;AAAA,IAClD;AAEA,UAAM,QAAQ,KAAK,MAAM,IAAI,GAAG;AAChC,QAAI,CAAC,SAAS,OAAO,MAAM,SAAS;AAClC,YAAM,QAAQ,EAAE,OAAO,GAAG,SAAS,MAAM,SAAS;AAClD,WAAK,MAAM,IAAI,KAAK,KAAK;AACzB,aAAO,EAAE,GAAG,MAAM;AAAA,IACpB;AACA,UAAM;AACN,WAAO,EAAE,OAAO,MAAM,OAAO,SAAS,MAAM,QAAQ;AAAA,EACtD;AAAA;AAAA,EAGA,eAAqB;AACnB,UAAM,MAAM,KAAK,IAAI;AACrB,eAAW,CAAC,GAAG,CAAC,KAAK,KAAK,OAAO;AAC/B,UAAI,EAAE,WAAW,IAAK,MAAK,MAAM,OAAO,CAAC;AAAA,IAC3C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,UAAgB;AACd,QAAI,KAAK,SAAS;AAChB,oBAAc,KAAK,OAAO;AAC1B,WAAK,UAAU;AAAA,IACjB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,KAAK,KAAa,UAA2C;AACjE,WAAO,KAAK,SAAS,KAAK,QAAQ;AAAA,EACpC;AAAA;AAAA,EAGA,MAAM,IAAI,KAA6C;AACrD,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,QAAQ,KAAK,MAAM,IAAI,GAAG;AAChC,QAAI,CAAC,MAAO,QAAO;AACnB,QAAI,OAAO,MAAM,QAAS,QAAO;AACjC,WAAO,EAAE,OAAO,MAAM,OAAO,SAAS,MAAM,QAAQ;AAAA,EACtD;AAAA;AAAA,EAGA,MAAM,MAAM,KAA4B;AACtC,SAAK,MAAM,OAAO,GAAG;AAAA,EACvB;AACF;;;ACjHO,SAAS,kBAAkB,QAAyB,OAAmC,CAAC,GAAG;AAChG,QAAM,QAAQ,KAAK,SAAS,IAAI,cAAc;AAC9C,QAAM,aAAa,iBAAiB;AAEpC,SAAO,SAAS,eAAe,KAAuC;AAIpE,UAAM,MAAM,IAAI,QAAQ,iBAAiB;AAEzC,QAAI,YAAY;AAEd,YAAM,QAAQ,MAAM,SAAS,KAAK,OAAO,QAAQ;AACjD,aAAO,gBAAgB,OAAO,MAAM;AAAA,IACtC;AAMA,UAAM,IAAI;AAAA,MACR;AAAA,IAEF;AAAA,EACF;AACF;AAEA,SAAS,gBACP,OACA,QACiB;AACjB,MAAI,MAAM,QAAQ,OAAO,KAAK;AAC5B,UAAM,aAAa,KAAK,MAAM,MAAM,UAAU,KAAK,IAAI,KAAK,GAAI;AAChE,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS;AAAA,QACP,qBAAqB,OAAO,OAAO,GAAG;AAAA,QACtC,yBAAyB;AAAA,QACzB,eAAe,OAAO,UAAU;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AACA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,SAAS;AAAA,MACP,qBAAqB,OAAO,OAAO,GAAG;AAAA,MACtC,yBAAyB,OAAO,KAAK,IAAI,GAAG,OAAO,MAAM,MAAM,KAAK,CAAC;AAAA,IACvE;AAAA,EACF;AACF;;;ACjFA,SAAS,qBAAqB;AAMvB,SAAS,iBAAiB,MAAiC;AAChE,SAAO,CAAC,SAAS,KAAK,cAAc,IAAI;AAC1C;AAEO,SAAS,yBAAqC;AACnD,SAAO,OAAO,SAAS;AACrB,UAAM,MAAM,cAAc,IAAI,EAAE;AAChC,WAAO,OAAO;AAAA,EAChB;AACF;;;AC4BO,IAAM,cACX;AAsBK,IAAM,6BACX;AAyDF,IAAM,eAAe;AAOrB,SAAS,gBAAgB,QAAgB,OAAuB;AAC9D,SAAO,OACJ,MAAM,GAAG,EACT,IAAI,CAAC,cAAc;AAClB,UAAM,UAAU,UAAU,KAAK;AAC/B,QAAI,CAAC,QAAQ,WAAW,YAAY,EAAG,QAAO;AAC9C,QAAI,QAAQ,SAAS,iBAAiB,GAAG;AACvC,aAAO,UAAU,QAAQ,mBAAmB,UAAU,KAAK,GAAG;AAAA,IAChE;AACA,WAAO,GAAG,SAAS,WAAW,KAAK;AAAA,EACrC,CAAC,EACA,KAAK,GAAG;AACb;AAWA,SAAS,SACP,KACA,QACA,gBACM;AACN,MAAI,OAAO,QAAQ,SAAS,OAAO,YAAY,MAAO;AACtD,MAAI,SAAS,OAAO,OAAO,QAAQ,WAAW,OAAO,MAAM;AAC3D,MAAI,gBAAgB;AAClB,aAAS,gBAAgB,QAAQ,cAAc;AAAA,EACjD;AAEA,QAAM,OAAgB,OAAO,WAAW;AACxC,MAAI,SAAS,WAAW;AACtB,QAAI,yBAAyB,IAAI;AAAA,EACnC,OAAO;AACL,QAAI,qCAAqC,IAAI;AAAA,EAC/C;AACF;AAMO,SAAS,qBACd,QACA,KACA,UAAkC,CAAC,GACX;AACxB,QAAM,MAA8B,CAAC;AAIrC,QAAM,iBAAiB,QAAQ,YAAY,SAAY,QAAQ;AAE/D,WAAS,KAAK,QAAQ,cAAc;AAGpC,MAAI,iBAAiB,IAAI,OAAO,gBAAgB;AAGhD,MAAI,wBAAwB,IAAI,OAAO,sBAAsB;AAG7D,MAAI,iBAAiB,IAAI,OAAO,kBAAkB;AAIlD,MAAI,OAAO,sBAAsB,OAAO;AACtC,QAAI,oBAAoB,IACtB,OAAO,OAAO,sBAAsB,WAChC,OAAO,oBACP;AAAA,EACR;AAGA,MAAI,IAAI,cAAc,OAAO,SAAS,OAAO;AAC3C,QAAI,2BAA2B,IAAI,OAAO,OAAO,SAAS,WAAW,OAAO,OAAO;AAAA,EACrF;AAQA,MAAI,gBAAgB;AAClB,QAAI,eAAe,IAAI;AAAA,EACzB;AAEA,SAAO;AACT;AAOO,SAAS,qBACd,KACA,QACA,KACA,UAAkC,CAAC,GAC7B;AACN,QAAM,UAAU,qBAAqB,QAAQ,KAAK,OAAO;AACzD,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,GAAG;AAClD,QAAI,UAAU,KAAK,KAAK;AAAA,EAC1B;AACF;;;AC9NA,SAAS,cAAc,OAA2B;AAIhD,MAAI,OAAO,WAAW,aAAa;AACjC,WAAO,OAAO,KAAK,KAAK,EAAE,SAAS,QAAQ;AAAA,EAC7C;AACA,MAAI,SAAS;AACb,aAAW,KAAK,OAAO;AACrB,cAAU,OAAO,aAAa,CAAC;AAAA,EACjC;AAGA,SAAO,KAAK,MAAM;AACpB;AAOA,IAAI;AAEJ,SAAS,eAAuB;AAC9B,MAAI,oBAAoB,QAAW;AACjC,UAAM,YAAa,WAAmC;AACtD,sBACE,aAAa,OAAO,UAAU,oBAAoB,aAAa,YAAY;AAAA,EAC/E;AACA,MAAI,CAAC,iBAAiB;AACpB,UAAM,IAAI;AAAA,MACR;AAAA,IAEF;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,gBAAwB;AACtC,QAAM,MAAM,IAAI,WAAW,EAAE;AAC7B,eAAa,EAAE,gBAAgB,GAAG;AAClC,SAAO,cAAc,GAAG;AAC1B;","names":["dispatchCsrfWarn","existsSync","join","join","existsSync","ctx","CODE_TO_STATUS","body"]}
|
|
@@ -126,34 +126,6 @@ function defineAgentEndpoint(config) {
|
|
|
126
126
|
};
|
|
127
127
|
}
|
|
128
128
|
|
|
129
|
-
// src/server/define/ui-message-stream-response.ts
|
|
130
|
-
var UI_MESSAGE_STREAM_HEADERS = {
|
|
131
|
-
"content-type": "text/event-stream",
|
|
132
|
-
"x-vercel-ai-ui-message-stream": "v1"
|
|
133
|
-
};
|
|
134
|
-
var DONE_FRAME = "data: [DONE]\n\n";
|
|
135
|
-
function encode(text) {
|
|
136
|
-
return new TextEncoder().encode(text);
|
|
137
|
-
}
|
|
138
|
-
function uiMessageStreamResponse(chunks) {
|
|
139
|
-
const stream = new ReadableStream({
|
|
140
|
-
async start(controller) {
|
|
141
|
-
try {
|
|
142
|
-
for await (const chunk of chunks) {
|
|
143
|
-
controller.enqueue(encode(`data: ${JSON.stringify(chunk)}
|
|
144
|
-
|
|
145
|
-
`));
|
|
146
|
-
}
|
|
147
|
-
} catch {
|
|
148
|
-
} finally {
|
|
149
|
-
controller.enqueue(encode(DONE_FRAME));
|
|
150
|
-
controller.close();
|
|
151
|
-
}
|
|
152
|
-
}
|
|
153
|
-
});
|
|
154
|
-
return new Response(stream, { headers: UI_MESSAGE_STREAM_HEADERS });
|
|
155
|
-
}
|
|
156
|
-
|
|
157
129
|
// src/server/define/define-agent-tool.ts
|
|
158
130
|
import { z } from "zod";
|
|
159
131
|
var TOOL_NAME_REGEX = /^[a-zA-Z][a-zA-Z0-9_-]{0,63}$/;
|
|
@@ -226,7 +198,6 @@ export {
|
|
|
226
198
|
defineAction,
|
|
227
199
|
defineMiddleware,
|
|
228
200
|
defineAgentEndpoint,
|
|
229
|
-
uiMessageStreamResponse,
|
|
230
201
|
defineAgentTool,
|
|
231
202
|
defineWebSocket,
|
|
232
203
|
defineWebSocketWeb,
|
|
@@ -234,4 +205,4 @@ export {
|
|
|
234
205
|
defineWebChannel,
|
|
235
206
|
defineTheoPlugin
|
|
236
207
|
};
|
|
237
|
-
//# sourceMappingURL=chunk-
|
|
208
|
+
//# sourceMappingURL=chunk-ZSTZXR2D.js.map
|