theokit 0.12.0 → 0.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{actions-virtual-module-SQDY3V5X.js → actions-virtual-module-3CDQTWOC.js} +6 -6
- package/dist/{actions-virtual-module-PNPRCEOS.js → actions-virtual-module-EIPXX4ZB.js} +3 -3
- package/dist/adapters/web-shim.d.ts +67 -0
- package/dist/adapters/ws-shim.d.ts +55 -0
- package/dist/agent-events-DosDXkSV.d.ts +94 -0
- package/dist/agents-typed-client-SAWAAH7K.js +142 -0
- package/dist/agents-typed-client-SAWAAH7K.js.map +1 -0
- package/dist/agents-typed-client-UTEQUA63.js +143 -0
- package/dist/agents-typed-client-UTEQUA63.js.map +1 -0
- package/dist/{app-typed-client-5GYEOYP3.js → app-typed-client-7PBFWZUE.js} +3 -3
- package/dist/{app-typed-client-QG7BVZYW.js → app-typed-client-CSOK7NPC.js} +6 -6
- package/dist/audit-log-BQWM5YLG.d.ts +60 -0
- package/dist/body-parser-web-FV5HWCY3.js +71 -0
- package/dist/body-parser-web-FV5HWCY3.js.map +1 -0
- package/dist/boot/index.d.ts +39 -0
- package/dist/{build-QFRLSEZ4.js → build-HXND27XG.js} +11 -11
- package/dist/{chunk-223EFY5X.js → chunk-2J7XU3PW.js} +68 -27
- package/dist/chunk-2J7XU3PW.js.map +1 -0
- package/dist/{chunk-RESN62GB.js → chunk-2KZQPDYR.js} +5 -48
- package/dist/chunk-2KZQPDYR.js.map +1 -0
- package/dist/chunk-3S3BNW5K.js +445 -0
- package/dist/chunk-3S3BNW5K.js.map +1 -0
- package/dist/{chunk-6FYD34NX.js → chunk-BQDGES7C.js} +28 -28
- package/dist/{chunk-6FYD34NX.js.map → chunk-BQDGES7C.js.map} +1 -1
- package/dist/chunk-EXP56GFQ.js +52 -0
- package/dist/chunk-EXP56GFQ.js.map +1 -0
- package/dist/chunk-F4YUPDJ2.js +115 -0
- package/dist/chunk-F4YUPDJ2.js.map +1 -0
- package/dist/{chunk-NAZ4E2GT.js → chunk-KXA37ONC.js} +2 -2
- package/dist/chunk-NHJMZCAS.js +32 -0
- package/dist/chunk-NHJMZCAS.js.map +1 -0
- package/dist/{chunk-43D6XNDR.js → chunk-O62MW4MT.js} +91 -18
- package/dist/chunk-O62MW4MT.js.map +1 -0
- package/dist/chunk-RSVN727G.js +1 -0
- package/dist/{chunk-7CBRKNQA.js → chunk-RYTZYFSD.js} +198 -6
- package/dist/chunk-RYTZYFSD.js.map +1 -0
- package/dist/chunk-UNLA45FY.js +235 -0
- package/dist/chunk-UNLA45FY.js.map +1 -0
- package/dist/{chunk-GFMQJHXX.js → chunk-WR4F4EEZ.js} +1082 -1074
- package/dist/chunk-WR4F4EEZ.js.map +1 -0
- package/dist/{chunk-AD74EAK3.js → chunk-ZSTZXR2D.js} +1 -30
- package/dist/chunk-ZSTZXR2D.js.map +1 -0
- package/dist/cli/index.js +5 -5
- package/dist/client/index.d.ts +418 -0
- package/dist/client/index.js +84 -3
- package/dist/client/index.js.map +1 -1
- package/dist/csrf-BBrEZSBW.d.ts +107 -0
- package/dist/csrf-readiness-store-CjIoub3U.d.ts +43 -0
- package/dist/define-websocket-CdK94O-D.d.ts +64 -0
- package/dist/{dev-GBXOTXUP.js → dev-OWW4XVIH.js} +10 -10
- package/dist/{dev-emit-FEFEDLZF.js → dev-emit-5MDSBP5D.js} +3 -3
- package/dist/{dev-emit-O4EGOSNV.js → dev-emit-QH2YGZXN.js} +2 -2
- package/dist/devtools/entry.d.ts +5 -0
- package/dist/error-envelope-BsNzzAV5.d.ts +62 -0
- package/dist/health-route-C0hk64_U.d.ts +57 -0
- package/dist/index-B40qUSrQ.d.ts +575 -0
- package/dist/index.d.ts +361 -0
- package/dist/index.js +6 -4
- package/dist/index.js.map +1 -1
- package/dist/internal-api-4YTJDITC.js +83 -0
- package/dist/internal-api-EFKZWIYZ.js +66 -0
- package/dist/internal-api-EFKZWIYZ.js.map +1 -0
- package/dist/job-backend-CgC8Xf33.d.ts +68 -0
- package/dist/match-CfbEFRG4.d.ts +26 -0
- package/dist/{openapi-VR6AFBLJ.js → openapi-FHY6HC6I.js} +7 -7
- package/dist/plugin-runner-BGBkzgi0.d.ts +95 -0
- package/dist/plugin-types-DNJGxr4Z.d.ts +79 -0
- package/dist/rate-limit-BdNDZ3vt.d.ts +58 -0
- package/dist/rate-limit-store-BEJnhWdw.d.ts +72 -0
- package/dist/react-query/index.d.ts +33 -0
- package/dist/{registry-Q2TZQLUH.js → registry-34LL7NF4.js} +1 -1
- package/dist/{routes-LRYOIIAI.js → routes-EW7TP7NJ.js} +2 -2
- package/dist/schema-BpH6ivDY.d.ts +74 -0
- package/dist/server/agent/index.d.ts +229 -0
- package/dist/server/agent/index.js +2 -1
- package/dist/server/auth/index.d.ts +419 -0
- package/dist/server/cost/index.d.ts +177 -0
- package/dist/server/cron/index.d.ts +208 -0
- package/dist/server/define/index.d.ts +313 -0
- package/dist/server/define/index.js +4 -2
- package/dist/server/http/index.d.ts +11 -0
- package/dist/server/index.d.ts +848 -0
- package/dist/server/index.js +9 -294
- package/dist/server/index.js.map +1 -1
- package/dist/server/jobs/index.d.ts +348 -0
- package/dist/server/observability/index.d.ts +324 -0
- package/dist/server/plugins/index.d.ts +17 -0
- package/dist/server/rate-limit/index.d.ts +105 -0
- package/dist/server/realtime/index.d.ts +15 -0
- package/dist/server/scan/index.d.ts +126 -0
- package/dist/server/scan/index.js +1 -1
- package/dist/server/security/index.d.ts +193 -0
- package/dist/server/storage/index.d.ts +22 -0
- package/dist/server/webhook/index.d.ts +148 -0
- package/dist/{start-3ZHAXSJE.js → start-KIQ5TTLR.js} +76 -13
- package/dist/start-KIQ5TTLR.js.map +1 -0
- package/dist/storage-manager-C4jsO0Tp.d.ts +89 -0
- package/dist/storage-types-DsDTCPbp.d.ts +96 -0
- package/dist/vite-plugin/index.d.ts +115 -0
- package/dist/vite-plugin/index.js +6 -4
- package/dist/{vite-plugin-WO72VLYR.js → vite-plugin-RK66K26Z.js} +7 -7
- package/dist/vite-plugin-RK66K26Z.js.map +1 -0
- package/package.json +4 -4
- package/dist/chunk-223EFY5X.js.map +0 -1
- package/dist/chunk-3LVRAGAZ.js +0 -73
- package/dist/chunk-3LVRAGAZ.js.map +0 -1
- package/dist/chunk-43D6XNDR.js.map +0 -1
- package/dist/chunk-7CBRKNQA.js.map +0 -1
- package/dist/chunk-AD74EAK3.js.map +0 -1
- package/dist/chunk-GFMQJHXX.js.map +0 -1
- package/dist/chunk-PBEH6NXR.js +0 -44
- package/dist/chunk-PBEH6NXR.js.map +0 -1
- package/dist/chunk-PIVX3DYW.js +0 -142
- package/dist/chunk-PIVX3DYW.js.map +0 -1
- package/dist/chunk-PPPR5DGR.js +0 -1
- package/dist/chunk-RESN62GB.js.map +0 -1
- package/dist/start-3ZHAXSJE.js.map +0 -1
- /package/dist/{actions-virtual-module-SQDY3V5X.js.map → actions-virtual-module-3CDQTWOC.js.map} +0 -0
- /package/dist/{actions-virtual-module-PNPRCEOS.js.map → actions-virtual-module-EIPXX4ZB.js.map} +0 -0
- /package/dist/{app-typed-client-5GYEOYP3.js.map → app-typed-client-7PBFWZUE.js.map} +0 -0
- /package/dist/{app-typed-client-QG7BVZYW.js.map → app-typed-client-CSOK7NPC.js.map} +0 -0
- /package/dist/{build-QFRLSEZ4.js.map → build-HXND27XG.js.map} +0 -0
- /package/dist/{chunk-NAZ4E2GT.js.map → chunk-KXA37ONC.js.map} +0 -0
- /package/dist/{chunk-PPPR5DGR.js.map → chunk-RSVN727G.js.map} +0 -0
- /package/dist/{dev-GBXOTXUP.js.map → dev-OWW4XVIH.js.map} +0 -0
- /package/dist/{dev-emit-FEFEDLZF.js.map → dev-emit-5MDSBP5D.js.map} +0 -0
- /package/dist/{dev-emit-O4EGOSNV.js.map → dev-emit-QH2YGZXN.js.map} +0 -0
- /package/dist/{vite-plugin-WO72VLYR.js.map → internal-api-4YTJDITC.js.map} +0 -0
- /package/dist/{openapi-VR6AFBLJ.js.map → openapi-FHY6HC6I.js.map} +0 -0
- /package/dist/{registry-Q2TZQLUH.js.map → registry-34LL7NF4.js.map} +0 -0
- /package/dist/{routes-LRYOIIAI.js.map → routes-EW7TP7NJ.js.map} +0 -0
|
@@ -0,0 +1,575 @@
|
|
|
1
|
+
import { a as TheoErrorCode, T as TheoErrorEnvelope } from './error-envelope-BsNzzAV5.js';
|
|
2
|
+
import { IncomingMessage, ServerResponse } from 'node:http';
|
|
3
|
+
import { P as PluginContext } from './plugin-types-DNJGxr4Z.js';
|
|
4
|
+
import { P as PluginRunner } from './plugin-runner-BGBkzgi0.js';
|
|
5
|
+
import { J as JobBackend } from './job-backend-CgC8Xf33.js';
|
|
6
|
+
import { L as LoadModule, S as ServerRouteNode } from './match-CfbEFRG4.js';
|
|
7
|
+
import { c as CsrfMode, D as DisallowedConfig } from './csrf-BBrEZSBW.js';
|
|
8
|
+
import { z } from 'zod';
|
|
9
|
+
|
|
10
|
+
interface ExecuteActionOptions {
|
|
11
|
+
filePath: string;
|
|
12
|
+
exportName: string;
|
|
13
|
+
req: IncomingMessage;
|
|
14
|
+
res: ServerResponse;
|
|
15
|
+
loadModule: LoadModule;
|
|
16
|
+
serverDir?: string;
|
|
17
|
+
requestId?: string;
|
|
18
|
+
pluginRunner?: PluginRunner;
|
|
19
|
+
csrfMode?: CsrfMode;
|
|
20
|
+
disallowed?: DisallowedConfig;
|
|
21
|
+
}
|
|
22
|
+
declare function executeAction(filePath: string, exportName: string, req: IncomingMessage, res: ServerResponse, loadModule: LoadModule, serverDir?: string, requestId?: string, pluginRunner?: PluginRunner, csrfMode?: CsrfMode, disallowed?: DisallowedConfig): Promise<void>;
|
|
23
|
+
|
|
24
|
+
/**
|
|
25
|
+
* T5.2 — pluggable response/request transformer.
|
|
26
|
+
*
|
|
27
|
+
* `superjson` is the default, preserving Date/Map/Set/BigInt/etc.
|
|
28
|
+
* `json` is the lightweight option (plain JSON.stringify/parse).
|
|
29
|
+
* Users can supply a custom object implementing this contract.
|
|
30
|
+
*/
|
|
31
|
+
interface TheoTransformer {
|
|
32
|
+
name: string;
|
|
33
|
+
serialize: (value: unknown) => string;
|
|
34
|
+
deserialize: (raw: string) => unknown;
|
|
35
|
+
}
|
|
36
|
+
declare const superjsonTransformer: TheoTransformer;
|
|
37
|
+
declare const jsonTransformer: TheoTransformer;
|
|
38
|
+
declare function resolveTransformer(selector: 'json' | 'superjson' | TheoTransformer): TheoTransformer;
|
|
39
|
+
|
|
40
|
+
/**
|
|
41
|
+
* server/http/execute-context.ts
|
|
42
|
+
*
|
|
43
|
+
* `ExecuteRouteContext` — the parameter object passed to `executeRoute()`
|
|
44
|
+
* and `executeAction()` per ADR-0016 (T3.1 of architecture-cleanup).
|
|
45
|
+
*
|
|
46
|
+
* Replaces the 12-positional-param signature with a single named-field
|
|
47
|
+
* object, eliminating 3 of 4 eslint-disable comments on `executeRoute`.
|
|
48
|
+
*
|
|
49
|
+
* Location: lives in `server/http/` (not `core/contracts/`) because the
|
|
50
|
+
* shape references server-side types (CsrfMode, JobBackend, PluginRunner,
|
|
51
|
+
* TheoTransformer, ServerRouteNode, LoadModule, DisallowedConfig). Keeping
|
|
52
|
+
* the type here preserves the existing module direction graph — no new
|
|
53
|
+
* `core → server` edges.
|
|
54
|
+
*
|
|
55
|
+
* Consumers within server/ build this object once per request; external
|
|
56
|
+
* callers (router-runner) see the same shape via the `ExecuteRouteContext`
|
|
57
|
+
* named export.
|
|
58
|
+
*/
|
|
59
|
+
|
|
60
|
+
/**
|
|
61
|
+
* The request-execution context. Each request builds one of these and passes
|
|
62
|
+
* it to `executeRoute(ctx)`.
|
|
63
|
+
*
|
|
64
|
+
* All fields are required EXCEPT those with optional `?` markers; defaults
|
|
65
|
+
* are applied inside `executeRoute` via destructure (e.g., `csrfMode = 'strict'`).
|
|
66
|
+
*/
|
|
67
|
+
interface ExecuteRouteContext {
|
|
68
|
+
route: ServerRouteNode;
|
|
69
|
+
method: string;
|
|
70
|
+
params: Record<string, string>;
|
|
71
|
+
req: IncomingMessage;
|
|
72
|
+
res: ServerResponse;
|
|
73
|
+
loadModule: LoadModule;
|
|
74
|
+
serverDir?: string;
|
|
75
|
+
requestId?: string;
|
|
76
|
+
pluginRunner?: PluginRunner;
|
|
77
|
+
transformer?: TheoTransformer;
|
|
78
|
+
/** Defaults to `'strict'` when omitted. */
|
|
79
|
+
csrfMode?: CsrfMode;
|
|
80
|
+
disallowed?: DisallowedConfig;
|
|
81
|
+
/** When provided, `ctx.queue` auto-injects + outbox lifecycle hooks attach. */
|
|
82
|
+
jobBackend?: JobBackend;
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
/**
|
|
86
|
+
* Canonical HTTP response helpers (T5.1 extraction).
|
|
87
|
+
*
|
|
88
|
+
* Moved out of execute.ts so request-pipeline stages (execute-stages.ts,
|
|
89
|
+
* handle-request-error.ts, etc.) can depend on these helpers without
|
|
90
|
+
* creating a cycle through execute.ts.
|
|
91
|
+
*
|
|
92
|
+
* Public surface re-exported from execute.ts for backward compat — every
|
|
93
|
+
* existing caller of `sendError` / `sendJson` continues to work via the
|
|
94
|
+
* `theokit/server` barrel.
|
|
95
|
+
*/
|
|
96
|
+
declare function sendJson(res: ServerResponse, data: unknown, status?: number, transformer?: TheoTransformer): void;
|
|
97
|
+
interface SendErrorOptions {
|
|
98
|
+
custom404Html?: string;
|
|
99
|
+
custom500Html?: string;
|
|
100
|
+
}
|
|
101
|
+
/**
|
|
102
|
+
* Canonical error response.
|
|
103
|
+
*
|
|
104
|
+
* T6.3 (PV-17): the positional 7-param signature is preserved for backward
|
|
105
|
+
* compat. New call sites should use the options-bag form:
|
|
106
|
+
*
|
|
107
|
+
* sendError(res, { code, message, status, issues?, requestId?, options? })
|
|
108
|
+
*
|
|
109
|
+
* Both shapes resolve to the same implementation.
|
|
110
|
+
*/
|
|
111
|
+
interface SendErrorInput {
|
|
112
|
+
code: string;
|
|
113
|
+
message: string;
|
|
114
|
+
status: number;
|
|
115
|
+
issues?: unknown[];
|
|
116
|
+
requestId?: string;
|
|
117
|
+
options?: SendErrorOptions;
|
|
118
|
+
}
|
|
119
|
+
declare function sendError(res: ServerResponse, input: SendErrorInput): void;
|
|
120
|
+
declare function sendError(res: ServerResponse, code: string, message: string, status: number, issues?: unknown[], requestId?: string, options?: SendErrorOptions): void;
|
|
121
|
+
|
|
122
|
+
declare function executeRoute(ctx: ExecuteRouteContext): Promise<void>;
|
|
123
|
+
|
|
124
|
+
/**
|
|
125
|
+
* T1.4 — Server-side batch handler.
|
|
126
|
+
*
|
|
127
|
+
* Receives `{ requests: [...] }` POSTed to `/api/__theo_batch__` and returns
|
|
128
|
+
* `{ results: [...] }` with per-item error isolation. EC-2: items cannot
|
|
129
|
+
* override auth/forwarded headers (would be a session-bypass vector).
|
|
130
|
+
*/
|
|
131
|
+
|
|
132
|
+
declare const STRIPPED_HEADERS: readonly ["authorization", "cookie", "x-forwarded-for", "x-forwarded-host", "x-forwarded-proto", "x-real-ip", "host"];
|
|
133
|
+
declare const BATCH_PATH = "/api/__theo_batch__";
|
|
134
|
+
declare class BatchPathConflictError extends Error {
|
|
135
|
+
constructor(path: string);
|
|
136
|
+
}
|
|
137
|
+
declare const batchRequestSchema: z.ZodObject<{
|
|
138
|
+
path: z.ZodString;
|
|
139
|
+
method: z.ZodString;
|
|
140
|
+
query: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
141
|
+
body: z.ZodOptional<z.ZodUnknown>;
|
|
142
|
+
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
143
|
+
}, z.core.$strip>;
|
|
144
|
+
declare const batchPayloadSchema: z.ZodObject<{
|
|
145
|
+
requests: z.ZodArray<z.ZodObject<{
|
|
146
|
+
path: z.ZodString;
|
|
147
|
+
method: z.ZodString;
|
|
148
|
+
query: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
149
|
+
body: z.ZodOptional<z.ZodUnknown>;
|
|
150
|
+
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
151
|
+
}, z.core.$strip>>;
|
|
152
|
+
}, z.core.$strip>;
|
|
153
|
+
type BatchRequestItem = z.infer<typeof batchRequestSchema>;
|
|
154
|
+
type BatchPayload = z.infer<typeof batchPayloadSchema>;
|
|
155
|
+
type BatchExecuteFn = (req: BatchRequestItem) => Promise<{
|
|
156
|
+
data: unknown;
|
|
157
|
+
} | {
|
|
158
|
+
error: {
|
|
159
|
+
message: string;
|
|
160
|
+
code?: string;
|
|
161
|
+
};
|
|
162
|
+
}>;
|
|
163
|
+
interface HandleBatchOptions {
|
|
164
|
+
execute: BatchExecuteFn;
|
|
165
|
+
/** Max number of items per batch. Default 32. */
|
|
166
|
+
max?: number;
|
|
167
|
+
/** Outer-request headers that override per-item headers in STRIPPED_HEADERS. */
|
|
168
|
+
outerHeaders?: Record<string, string>;
|
|
169
|
+
}
|
|
170
|
+
type BatchResultItem = {
|
|
171
|
+
data: unknown;
|
|
172
|
+
} | {
|
|
173
|
+
error: {
|
|
174
|
+
message: string;
|
|
175
|
+
code?: string;
|
|
176
|
+
};
|
|
177
|
+
};
|
|
178
|
+
interface BatchResponse {
|
|
179
|
+
results: BatchResultItem[];
|
|
180
|
+
}
|
|
181
|
+
/**
|
|
182
|
+
* Validate + execute a batch request.
|
|
183
|
+
*
|
|
184
|
+
* CR-028 fix: previously the signature was `payload: BatchPayload`,
|
|
185
|
+
* suggesting the caller had already validated. In reality `api-middleware`
|
|
186
|
+
* passes `JSON.parse(rawBody) as BatchPayload` — an unsafe cast over raw
|
|
187
|
+
* HTTP input. We widen the input type to `unknown` so the type system
|
|
188
|
+
* forces validation, then run Zod once at this single trust boundary.
|
|
189
|
+
*/
|
|
190
|
+
declare function handleBatchRequest(payload: unknown, options: HandleBatchOptions): Promise<BatchResponse>;
|
|
191
|
+
|
|
192
|
+
/**
|
|
193
|
+
* T1.2 — CORS middleware.
|
|
194
|
+
*
|
|
195
|
+
* Single global middleware that runs FIRST in the request pipeline:
|
|
196
|
+
* CORS preflight → rate limit → CSRF → security headers → handler
|
|
197
|
+
*
|
|
198
|
+
* Preflight (`OPTIONS` with `Access-Control-Request-Method`) is handled
|
|
199
|
+
* by `handlePreflight`, which short-circuits the response with 204 +
|
|
200
|
+
* Access-Control-* headers.
|
|
201
|
+
*
|
|
202
|
+
* Non-preflight requests pass through; `applyHeaders` adds
|
|
203
|
+
* `Access-Control-Allow-Origin` (echoing the request's Origin),
|
|
204
|
+
* `Access-Control-Expose-Headers`, and `Access-Control-Allow-Credentials`.
|
|
205
|
+
*
|
|
206
|
+
* Per ADR D3: preflight responses are deterministic and only the matched
|
|
207
|
+
* origin is echoed back (never `'*'` when credentials are enabled —
|
|
208
|
+
* required by the CORS spec).
|
|
209
|
+
*/
|
|
210
|
+
type CorsOrigin = string | RegExp | readonly (string | RegExp)[] | ((origin: string) => boolean);
|
|
211
|
+
interface CorsConfig {
|
|
212
|
+
origins: CorsOrigin;
|
|
213
|
+
methods?: readonly ('GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE' | 'OPTIONS' | 'HEAD')[];
|
|
214
|
+
allowedHeaders?: readonly string[];
|
|
215
|
+
exposedHeaders?: readonly string[];
|
|
216
|
+
credentials?: boolean;
|
|
217
|
+
maxAge?: number;
|
|
218
|
+
}
|
|
219
|
+
interface CorsHandler {
|
|
220
|
+
handlePreflight(req: IncomingMessage, res: ServerResponse): boolean;
|
|
221
|
+
applyHeaders(req: IncomingMessage, res: ServerResponse): void;
|
|
222
|
+
}
|
|
223
|
+
/**
|
|
224
|
+
* Test whether `origin` is allowed by `allowed`. Pure function — no I/O.
|
|
225
|
+
*
|
|
226
|
+
* EC-8: callback variants that throw are fail-closed (deny). Without
|
|
227
|
+
* this, a transient datastore outage would silently widen CORS during
|
|
228
|
+
* the failure window.
|
|
229
|
+
*/
|
|
230
|
+
declare function matchesOrigin(origin: string, allowed: CorsOrigin): boolean;
|
|
231
|
+
declare function createCorsHandler(config: CorsConfig): CorsHandler;
|
|
232
|
+
/**
|
|
233
|
+
* T5a.2 Phase B slice 5/6 — Web-Standards CORS handler.
|
|
234
|
+
*
|
|
235
|
+
* Mirror of `createCorsHandler(config): CorsHandler` for the Web `Request`
|
|
236
|
+
* shape. Same `CorsConfig`, same `matchesOrigin` logic (pure helper
|
|
237
|
+
* already), same security guarantees (echo matched origin only — never
|
|
238
|
+
* `'*'` when credentials enabled; EC-8 fail-closed on callback throw).
|
|
239
|
+
*
|
|
240
|
+
* Signature differences vs the IncomingMessage pair:
|
|
241
|
+
* - `handlePreflightRequest(request, config): Response | null` — returns
|
|
242
|
+
* `Response` when this is a CORS preflight; `null` when not. Caller
|
|
243
|
+
* short-circuits accordingly (same control-flow semantic as boolean).
|
|
244
|
+
* - `applyCorsHeaders(request, target, config): void` — mutates a
|
|
245
|
+
* `Headers` instance in place. Caller passes the headers they're
|
|
246
|
+
* building for their Response.
|
|
247
|
+
*/
|
|
248
|
+
interface CorsWebHandler {
|
|
249
|
+
handlePreflightRequest(request: Request): Response | null;
|
|
250
|
+
applyCorsHeaders(request: Request, target: Headers): void;
|
|
251
|
+
}
|
|
252
|
+
declare function createCorsWebHandler(config: CorsConfig): CorsWebHandler;
|
|
253
|
+
|
|
254
|
+
/**
|
|
255
|
+
* Phase 7 — Observability: traceId propagation (D7).
|
|
256
|
+
*
|
|
257
|
+
* Extract a stable identifier from incoming requests so a single value
|
|
258
|
+
* correlates the client request, every server log line, the response
|
|
259
|
+
* envelope, and any downstream span. Precedence:
|
|
260
|
+
*
|
|
261
|
+
* 1. `traceparent` (W3C Trace Context — `00-{32-hex}-{16-hex}-{flags}`)
|
|
262
|
+
* 2. `x-request-id` (Heroku / GCP / generic proxy header)
|
|
263
|
+
* 3. Generated UUID (fresh per request)
|
|
264
|
+
*
|
|
265
|
+
* UUIDs are accepted as trace identifiers by every major vendor that
|
|
266
|
+
* does not enforce strict 32-hex (Datadog, Honeycomb, Sentry, Logflare,
|
|
267
|
+
* Axiom, etc). We don't need ULIDs to ship this surface.
|
|
268
|
+
*/
|
|
269
|
+
declare const TRACE_HEADER = "x-trace-id";
|
|
270
|
+
declare const TRACE_PARENT_HEADER = "traceparent";
|
|
271
|
+
/**
|
|
272
|
+
* Parse a W3C Trace Context `traceparent` header value. Returns the
|
|
273
|
+
* 32-hex trace-id when valid (and not the reserved all-zeros), else
|
|
274
|
+
* `null`.
|
|
275
|
+
*/
|
|
276
|
+
declare function parseTraceparent(value: string): string | null;
|
|
277
|
+
/**
|
|
278
|
+
* Resolve the request's traceId following the precedence above.
|
|
279
|
+
*/
|
|
280
|
+
declare function extractTraceId(req: IncomingMessage): string;
|
|
281
|
+
/**
|
|
282
|
+
* T5a.2 Phase C slice 1/2 — Web-Standards-shaped traceId resolver.
|
|
283
|
+
*
|
|
284
|
+
* Mirror of `extractTraceId(req: IncomingMessage)` for the Web `Request`
|
|
285
|
+
* shape. Same precedence (`traceparent` → `x-request-id` → generated
|
|
286
|
+
* UUID). Uses `request.headers.get(name)` (native Web `Headers` API)
|
|
287
|
+
* instead of the Node indexer.
|
|
288
|
+
*
|
|
289
|
+
* **Multi-value note:** Web `Headers` collapses repeated headers into a
|
|
290
|
+
* single comma-separated string at parse. The IncomingMessage path's
|
|
291
|
+
* `pickHeader` "first non-empty value" semantic is naturally satisfied
|
|
292
|
+
* because there's no array to pick from on the Web side — `.get()`
|
|
293
|
+
* returns the comma-joined value, which for `traceparent` / `x-request-id`
|
|
294
|
+
* is treated as a single string anyway (both headers are conventionally
|
|
295
|
+
* single-valued).
|
|
296
|
+
*/
|
|
297
|
+
declare function extractTraceIdFromRequest(request: Request): string;
|
|
298
|
+
|
|
299
|
+
/**
|
|
300
|
+
* `TheoError` — envelope-emitting `Error` subclass per plan
|
|
301
|
+
* g5-error-envelope-cross-layer v1.0 § Phase 1 / T1.2.
|
|
302
|
+
*
|
|
303
|
+
* Mirrors trpc's TRPCError ergonomic pattern (referencia:
|
|
304
|
+
* trpc/packages/server/src/unstable-core-do-not-import/error/TRPCError.ts:65-87)
|
|
305
|
+
* adapted for theokit's hybrid envelope model (blueprint Form 4).
|
|
306
|
+
*
|
|
307
|
+
* Per ADR D5: `meta.stack` is auto-stripped in non-dev builds when serialized
|
|
308
|
+
* via `toJSON()` — defense against accidental stack leak to clients (encore
|
|
309
|
+
* `json:"-"` analog).
|
|
310
|
+
*
|
|
311
|
+
* Lives in `core/contracts/` per architecture.md v3 invariant #3.
|
|
312
|
+
*/
|
|
313
|
+
|
|
314
|
+
/**
|
|
315
|
+
* Constructor options. `code` and `message` are required; `cause` follows TC39
|
|
316
|
+
* proposal-error-cause; `meta` and `ext` are opt-in per blueprint ADR D2.
|
|
317
|
+
*/
|
|
318
|
+
interface TheoErrorOptions<TExt = unknown> {
|
|
319
|
+
readonly code: TheoErrorCode;
|
|
320
|
+
readonly message: string;
|
|
321
|
+
readonly cause?: unknown;
|
|
322
|
+
readonly meta?: Record<string, unknown>;
|
|
323
|
+
readonly ext?: TExt;
|
|
324
|
+
}
|
|
325
|
+
/**
|
|
326
|
+
* `TheoError` — envelope-emitting Error subclass. Use this anywhere in
|
|
327
|
+
* `theokit/server`, route handlers, or middleware to emit a typed,
|
|
328
|
+
* cross-layer-compatible error.
|
|
329
|
+
*
|
|
330
|
+
* Mirrors TRPCError pattern: `code` is required, `message` defaults to
|
|
331
|
+
* code if omitted, `cause` chain is preserved via TC39 proposal-error-cause.
|
|
332
|
+
*/
|
|
333
|
+
declare class TheoError<TExt = unknown> extends Error {
|
|
334
|
+
readonly name = "TheoError";
|
|
335
|
+
readonly code: TheoErrorCode;
|
|
336
|
+
readonly meta?: Record<string, unknown>;
|
|
337
|
+
readonly ext?: TExt;
|
|
338
|
+
constructor(opts: TheoErrorOptions<TExt>);
|
|
339
|
+
/**
|
|
340
|
+
* The canonical envelope view of this error. Use when crossing the wire
|
|
341
|
+
* boundary or feeding telemetry — exposes the shape consumers can rely on
|
|
342
|
+
* without depending on the class identity.
|
|
343
|
+
*/
|
|
344
|
+
get envelope(): TheoErrorEnvelope<TExt>;
|
|
345
|
+
/**
|
|
346
|
+
* JSON serialization — emits envelope shape only (no name/stack class
|
|
347
|
+
* internals). Per ADR D5, `meta.stack` is auto-stripped in non-dev to
|
|
348
|
+
* prevent accidental leak; other meta keys are preserved.
|
|
349
|
+
*/
|
|
350
|
+
toJSON(): TheoErrorEnvelope<TExt>;
|
|
351
|
+
}
|
|
352
|
+
/**
|
|
353
|
+
* Coerce any unknown value into a TheoError envelope.
|
|
354
|
+
*
|
|
355
|
+
* - If value is already a TheoError, returns it unchanged (no double-wrap).
|
|
356
|
+
* - If value is a plain Error, wraps it as `INTERNAL_SERVER_ERROR` with
|
|
357
|
+
* `cause` chain preserving the original.
|
|
358
|
+
* - Other values (string, undefined, object) are coerced safely with a
|
|
359
|
+
* meaningful message.
|
|
360
|
+
*
|
|
361
|
+
* Use at framework boundaries (route handler catch-all, middleware catch,
|
|
362
|
+
* SDK egress) to ensure every error crossing the wire carries an envelope.
|
|
363
|
+
*/
|
|
364
|
+
/**
|
|
365
|
+
* `NotFoundError` — typed 404. A `TheoError` with code `NOT_FOUND`, so it
|
|
366
|
+
* carries a stable `code` (not a bare status literal) and maps to HTTP 404 via
|
|
367
|
+
* `envelopeCodeToStatus`. Throw it from a `defineRoute` handler for ergonomic
|
|
368
|
+
* 404s (M7-1).
|
|
369
|
+
*/
|
|
370
|
+
declare class NotFoundError extends TheoError {
|
|
371
|
+
constructor(message?: string, meta?: Record<string, unknown>);
|
|
372
|
+
}
|
|
373
|
+
declare function fromUnknown(value: unknown): TheoError;
|
|
374
|
+
|
|
375
|
+
/**
|
|
376
|
+
* G5 T2.5 — server-side boundary translation per blueprint ADR D3.
|
|
377
|
+
*
|
|
378
|
+
* Translates ad-hoc Error class instances (FileTooLargeError,
|
|
379
|
+
* AuthRequiredError, RouterConventionError, etc.) into the canonical
|
|
380
|
+
* `TheoErrorEnvelope` shape at the wire boundary. This is the SINGLE
|
|
381
|
+
* boundary translation point — class identities stay in place inside the
|
|
382
|
+
* codebase (no invasive call-site rewrites), but the envelope is what
|
|
383
|
+
* crosses to clients.
|
|
384
|
+
*
|
|
385
|
+
* Pure; no I/O. Lives in `core/contracts/` per architecture.md v3
|
|
386
|
+
* invariant #3 (canonical home for shared client↔server types). This file
|
|
387
|
+
* is the EXCEPTION-of-an-exception: it intentionally inspects Error names
|
|
388
|
+
* by string instead of `instanceof` to avoid `core/contracts/` taking a
|
|
389
|
+
* dependency on `server/`. The mapping table is small and grep-discoverable.
|
|
390
|
+
*/
|
|
391
|
+
|
|
392
|
+
/**
|
|
393
|
+
* Translate any server-side Error instance into a canonical envelope.
|
|
394
|
+
*
|
|
395
|
+
* Pass-through behavior:
|
|
396
|
+
* - `TheoError` instances return their `.envelope` unchanged.
|
|
397
|
+
* - Plain `Error` with unknown name → `INTERNAL_SERVER_ERROR`.
|
|
398
|
+
* - Non-Error values → wrapped via `TheoError.fromUnknown` semantics.
|
|
399
|
+
*
|
|
400
|
+
* Meta carries the source class `name` plus class-specific fields when an
|
|
401
|
+
* extractor is registered. This keeps wire-side telemetry useful without
|
|
402
|
+
* leaking implementation details.
|
|
403
|
+
*/
|
|
404
|
+
declare function serverErrorToEnvelope(value: unknown): TheoErrorEnvelope;
|
|
405
|
+
|
|
406
|
+
/**
|
|
407
|
+
* Maps a TheoErrorEnvelope `code` to its canonical HTTP status.
|
|
408
|
+
*
|
|
409
|
+
* Single source of truth — previously duplicated in `web-handler.ts` and
|
|
410
|
+
* `handle-request-error.ts` (architecture-remediation plan T1.2, 2026-06-12).
|
|
411
|
+
*
|
|
412
|
+
* Every TheoErrorCode value MUST have an explicit entry here. SDK-domain codes
|
|
413
|
+
* (AGENT_RUN_ERROR, PROVIDER_KEY_MISSING, BUDGET_EXCEEDED, CREDENTIAL_POOL_EXHAUSTED)
|
|
414
|
+
* intentionally map to 500 — they represent internal failures, not client errors.
|
|
415
|
+
*/
|
|
416
|
+
declare function envelopeCodeToStatus(code: string): number;
|
|
417
|
+
|
|
418
|
+
/**
|
|
419
|
+
* Canonical error handler for HTTP request pipelines (T3.4 of
|
|
420
|
+
* architecture-review-remediation-plan, PV-9 DRY).
|
|
421
|
+
*
|
|
422
|
+
* Replaces the duplicated catch-block logic in `executeRoute` (1 site) and
|
|
423
|
+
* `executeAction` (1 site, via `handleActionError`). Both code paths now
|
|
424
|
+
* share this implementation.
|
|
425
|
+
*
|
|
426
|
+
* Behavior contract (preserved from previous inline catches):
|
|
427
|
+
* - Plugin `onError` fires first (swallowed if it throws — never amplify failure).
|
|
428
|
+
* - `AuthRequiredError` is detected via `instanceof` AND a duck-type shape
|
|
429
|
+
* check (`code === 'AUTH_REQUIRED' && status === 401`) — required because
|
|
430
|
+
* under Vite dev / vitest the module-loader can produce a duplicate
|
|
431
|
+
* AuthRequiredError class identity, breaking `instanceof`.
|
|
432
|
+
* - `onResponse({ inErrorPath: true })` always fires at the end (swallowed
|
|
433
|
+
* if it throws — EC-9).
|
|
434
|
+
*/
|
|
435
|
+
interface HandleRequestErrorCtx {
|
|
436
|
+
req: IncomingMessage;
|
|
437
|
+
res: ServerResponse;
|
|
438
|
+
requestId: string | undefined;
|
|
439
|
+
pluginRunner: PluginRunner | undefined;
|
|
440
|
+
buildPluginCtx: (ctxObj: Record<string, unknown>) => PluginContext;
|
|
441
|
+
}
|
|
442
|
+
declare function handleRequestError(err: unknown, c: HandleRequestErrorCtx): Promise<void>;
|
|
443
|
+
/**
|
|
444
|
+
* T5a.2 Phase G slice 3/N — Web-Standards request error handler.
|
|
445
|
+
*
|
|
446
|
+
* Mirror of `handleRequestError(err, c: HandleRequestErrorCtx)` for the
|
|
447
|
+
* Web `Request` shape. Returns a native `Response` directly instead of
|
|
448
|
+
* mutating `res`. Same behavioral contract:
|
|
449
|
+
*
|
|
450
|
+
* 1. Auth-error detection via `instanceof AuthRequiredError` PLUS a
|
|
451
|
+
* duck-type fallback (`code === 'AUTH_REQUIRED' && status === 401`)
|
|
452
|
+
* — needed because Vite dev / vitest can produce duplicate class
|
|
453
|
+
* identities, breaking `instanceof`.
|
|
454
|
+
* 2. Envelope-shaped JSON body using `serverErrorToEnvelope` (G5 D3
|
|
455
|
+
* boundary translation).
|
|
456
|
+
* 3. Status code derived from envelope.code via `envelopeCodeToStatus`
|
|
457
|
+
* mirror (already implemented inline in web-handler.ts; this slice
|
|
458
|
+
* uses the same mapping table).
|
|
459
|
+
*
|
|
460
|
+
* **Difference vs IncomingMessage path:** the Web path's plugin runner
|
|
461
|
+
* orchestration lives in `executeWebRequest`'s `runWithHooks` /
|
|
462
|
+
* `runErrorHooks` (Phase G slice 1/N) — `handleWebRequestError` is the
|
|
463
|
+
* leaf that builds the error Response WITHOUT touching plugin hooks.
|
|
464
|
+
* Callers compose: `executeWebRequest` (or future Web execute pipeline)
|
|
465
|
+
* catches a throw, calls `handleWebRequestError(err, { requestId })` to
|
|
466
|
+
* build the Response, then routes through onError hooks separately.
|
|
467
|
+
*/
|
|
468
|
+
interface HandleWebRequestErrorCtx {
|
|
469
|
+
requestId?: string;
|
|
470
|
+
}
|
|
471
|
+
declare function handleWebRequestError(err: unknown, ctx?: HandleWebRequestErrorCtx): Promise<Response>;
|
|
472
|
+
|
|
473
|
+
interface MiddlewareResult {
|
|
474
|
+
ctx: unknown;
|
|
475
|
+
aborted: boolean;
|
|
476
|
+
}
|
|
477
|
+
declare function _resetMiddlewareCacheForTests(): void;
|
|
478
|
+
declare function runMiddlewareAndContext(req: IncomingMessage, res: ServerResponse, loadModule: LoadModule, serverDir: string): Promise<MiddlewareResult>;
|
|
479
|
+
|
|
480
|
+
interface CookieOptions {
|
|
481
|
+
httpOnly?: boolean;
|
|
482
|
+
secure?: boolean;
|
|
483
|
+
sameSite?: 'strict' | 'lax' | 'none';
|
|
484
|
+
maxAge?: number;
|
|
485
|
+
path?: string;
|
|
486
|
+
domain?: string;
|
|
487
|
+
}
|
|
488
|
+
/**
|
|
489
|
+
* Parse a `Cookie` header into a Map (RFC 6265 §5.4).
|
|
490
|
+
* - Empty/missing input → empty Map.
|
|
491
|
+
* - Malformed entries (no `=`) skipped silently (defensive).
|
|
492
|
+
* - Duplicate names → last-wins.
|
|
493
|
+
* - Values URL-decoded if possible; raw on decode failure (CR-009 protection).
|
|
494
|
+
*
|
|
495
|
+
* Canonical helper (T3.2 of architecture-review-remediation-plan; PV-4 DRY).
|
|
496
|
+
* Consumed by `getCookie` here AND by `rate-limit/rate-limit-per-route.ts`.
|
|
497
|
+
*/
|
|
498
|
+
declare function parseCookieHeader(header: string | undefined): Map<string, string>;
|
|
499
|
+
declare function getCookie(req: IncomingMessage, name: string): string | undefined;
|
|
500
|
+
/**
|
|
501
|
+
* T5a.2 Phase B slice 6/6 — pure Set-Cookie serializer. Extracted from
|
|
502
|
+
* `setCookie(res, ...)` so the IncomingMessage path AND the Web Headers
|
|
503
|
+
* path can share the cookie attribute composition.
|
|
504
|
+
*
|
|
505
|
+
* Returns the canonical `Set-Cookie` header value string (no surrounding
|
|
506
|
+
* `Set-Cookie:` prefix — caller wraps via `res.setHeader('Set-Cookie', ...)`
|
|
507
|
+
* or `headers.append('Set-Cookie', ...)`).
|
|
508
|
+
*
|
|
509
|
+
* Defaults: `httpOnly: true`, `secure: NODE_ENV === 'production'`,
|
|
510
|
+
* `sameSite: 'lax'`, `path: '/'`.
|
|
511
|
+
*/
|
|
512
|
+
declare function serializeCookie(name: string, value: string, options?: CookieOptions): string;
|
|
513
|
+
declare function setCookie(res: ServerResponse, name: string, value: string, options?: CookieOptions): void;
|
|
514
|
+
declare function deleteCookie(res: ServerResponse, name: string, options?: {
|
|
515
|
+
path?: string;
|
|
516
|
+
}): void;
|
|
517
|
+
/**
|
|
518
|
+
* T5a.2 Phase B slice 6/6 — Web-Standards cookie getter.
|
|
519
|
+
*
|
|
520
|
+
* Mirror of `getCookie(req: IncomingMessage, name)` for the Web `Request`
|
|
521
|
+
* shape. Consumes `request.headers.get('cookie')` (native `Headers` API)
|
|
522
|
+
* instead of `req.headers.cookie`. Same parse logic + same malformed
|
|
523
|
+
* percent-encoding sanity (returns undefined when raw value contains a
|
|
524
|
+
* lone `%` that didn't decode, preserving the IncomingMessage path's
|
|
525
|
+
* "treat as unreadable" CR-009 semantics).
|
|
526
|
+
*/
|
|
527
|
+
declare function getCookieFromRequest(request: Request, name: string): string | undefined;
|
|
528
|
+
/**
|
|
529
|
+
* T5a.2 Phase B slice 6/6 — Web-Standards cookie setter.
|
|
530
|
+
*
|
|
531
|
+
* Mirror of `setCookie(res, name, value, options)` for the Web `Headers`
|
|
532
|
+
* shape. Appends a `Set-Cookie` entry to the caller's `Headers` instance
|
|
533
|
+
* via `headers.append('Set-Cookie', ...)`. Multiple appends produce
|
|
534
|
+
* multiple `Set-Cookie` headers per the Web spec; `headers.getSetCookie()`
|
|
535
|
+
* retrieves them as an array (the one multi-value header the Web API
|
|
536
|
+
* exposes natively).
|
|
537
|
+
*
|
|
538
|
+
* Uses the shared `serializeCookie` pure helper — same defaults and
|
|
539
|
+
* attribute composition as the IncomingMessage path.
|
|
540
|
+
*/
|
|
541
|
+
declare function appendCookieToHeaders(target: Headers, name: string, value: string, options?: CookieOptions): void;
|
|
542
|
+
/**
|
|
543
|
+
* T5a.2 Phase B slice 6/6 — Web-Standards cookie deleter.
|
|
544
|
+
*
|
|
545
|
+
* Mirror of `deleteCookie(res, name, options)` — emits a Set-Cookie with
|
|
546
|
+
* `Max-Age=0` so the browser drops the cookie immediately.
|
|
547
|
+
*/
|
|
548
|
+
declare function appendDeleteCookieToHeaders(target: Headers, name: string, options?: {
|
|
549
|
+
path?: string;
|
|
550
|
+
}): void;
|
|
551
|
+
|
|
552
|
+
/**
|
|
553
|
+
* T2.4 — Custom error pages loader.
|
|
554
|
+
*
|
|
555
|
+
* Loads optional `.theokit/client/404.html` and `500.html` from disk so adapters
|
|
556
|
+
* (Node, CF, Vercel, Bun, Netlify, AWS Lambda, Deno) can pass them to the
|
|
557
|
+
* shared `sendError` pipeline.
|
|
558
|
+
*
|
|
559
|
+
* EC-9: caps file size at 1MB. Files beyond the limit are skipped with a
|
|
560
|
+
* console.warn and the default JSON error path is used.
|
|
561
|
+
*/
|
|
562
|
+
declare const MAX_ERROR_HTML_BYTES = 1048576;
|
|
563
|
+
interface CustomErrorPages {
|
|
564
|
+
custom404Html?: string;
|
|
565
|
+
custom500Html?: string;
|
|
566
|
+
}
|
|
567
|
+
/**
|
|
568
|
+
* Load `.theokit/client/{404,500}.html` from the given client directory.
|
|
569
|
+
* Returns object with both fields when present; missing pages remain undefined.
|
|
570
|
+
*/
|
|
571
|
+
declare function loadCustomErrorPages(clientDir: string): CustomErrorPages;
|
|
572
|
+
|
|
573
|
+
declare function serveStaticFile(req: IncomingMessage, res: ServerResponse, clientDir: string): boolean;
|
|
574
|
+
|
|
575
|
+
export { serveStaticFile as $, extractTraceId as A, BATCH_PATH as B, type CookieOptions as C, extractTraceIdFromRequest as D, type ExecuteActionOptions as E, fromUnknown as F, getCookie as G, type HandleBatchOptions as H, getCookieFromRequest as I, handleBatchRequest as J, handleRequestError as K, handleWebRequestError as L, MAX_ERROR_HTML_BYTES as M, NotFoundError as N, jsonTransformer as O, loadCustomErrorPages as P, matchesOrigin as Q, parseCookieHeader as R, STRIPPED_HEADERS as S, TRACE_HEADER as T, parseTraceparent as U, resolveTransformer as V, runMiddlewareAndContext as W, sendError as X, sendJson as Y, serializeCookie as Z, _resetMiddlewareCacheForTests as _, type BatchExecuteFn as a, serverErrorToEnvelope as a0, setCookie as a1, superjsonTransformer as a2, BatchPathConflictError as b, type BatchPayload as c, type BatchRequestItem as d, type BatchResponse as e, type BatchResultItem as f, type CorsConfig as g, type CorsHandler as h, type CorsOrigin as i, type CorsWebHandler as j, type CustomErrorPages as k, type ExecuteRouteContext as l, type MiddlewareResult as m, type SendErrorInput as n, type SendErrorOptions as o, TRACE_PARENT_HEADER as p, TheoError as q, type TheoTransformer as r, appendCookieToHeaders as s, appendDeleteCookieToHeaders as t, createCorsHandler as u, createCorsWebHandler as v, deleteCookie as w, envelopeCodeToStatus as x, executeAction as y, executeRoute as z };
|