theokit 0.12.0 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (131) hide show
  1. package/dist/{actions-virtual-module-SQDY3V5X.js → actions-virtual-module-3CDQTWOC.js} +6 -6
  2. package/dist/{actions-virtual-module-PNPRCEOS.js → actions-virtual-module-EIPXX4ZB.js} +3 -3
  3. package/dist/adapters/web-shim.d.ts +67 -0
  4. package/dist/adapters/ws-shim.d.ts +55 -0
  5. package/dist/agent-events-DosDXkSV.d.ts +94 -0
  6. package/dist/agents-typed-client-SAWAAH7K.js +142 -0
  7. package/dist/agents-typed-client-SAWAAH7K.js.map +1 -0
  8. package/dist/agents-typed-client-UTEQUA63.js +143 -0
  9. package/dist/agents-typed-client-UTEQUA63.js.map +1 -0
  10. package/dist/{app-typed-client-5GYEOYP3.js → app-typed-client-7PBFWZUE.js} +3 -3
  11. package/dist/{app-typed-client-QG7BVZYW.js → app-typed-client-CSOK7NPC.js} +6 -6
  12. package/dist/audit-log-BQWM5YLG.d.ts +60 -0
  13. package/dist/body-parser-web-FV5HWCY3.js +71 -0
  14. package/dist/body-parser-web-FV5HWCY3.js.map +1 -0
  15. package/dist/boot/index.d.ts +39 -0
  16. package/dist/{build-QFRLSEZ4.js → build-HXND27XG.js} +11 -11
  17. package/dist/{chunk-223EFY5X.js → chunk-2J7XU3PW.js} +68 -27
  18. package/dist/chunk-2J7XU3PW.js.map +1 -0
  19. package/dist/{chunk-RESN62GB.js → chunk-2KZQPDYR.js} +5 -48
  20. package/dist/chunk-2KZQPDYR.js.map +1 -0
  21. package/dist/chunk-3S3BNW5K.js +445 -0
  22. package/dist/chunk-3S3BNW5K.js.map +1 -0
  23. package/dist/{chunk-6FYD34NX.js → chunk-BQDGES7C.js} +28 -28
  24. package/dist/{chunk-6FYD34NX.js.map → chunk-BQDGES7C.js.map} +1 -1
  25. package/dist/chunk-EXP56GFQ.js +52 -0
  26. package/dist/chunk-EXP56GFQ.js.map +1 -0
  27. package/dist/chunk-F4YUPDJ2.js +115 -0
  28. package/dist/chunk-F4YUPDJ2.js.map +1 -0
  29. package/dist/{chunk-NAZ4E2GT.js → chunk-KXA37ONC.js} +2 -2
  30. package/dist/chunk-NHJMZCAS.js +32 -0
  31. package/dist/chunk-NHJMZCAS.js.map +1 -0
  32. package/dist/{chunk-43D6XNDR.js → chunk-O62MW4MT.js} +91 -18
  33. package/dist/chunk-O62MW4MT.js.map +1 -0
  34. package/dist/chunk-RSVN727G.js +1 -0
  35. package/dist/{chunk-7CBRKNQA.js → chunk-RYTZYFSD.js} +198 -6
  36. package/dist/chunk-RYTZYFSD.js.map +1 -0
  37. package/dist/chunk-UNLA45FY.js +235 -0
  38. package/dist/chunk-UNLA45FY.js.map +1 -0
  39. package/dist/{chunk-GFMQJHXX.js → chunk-WR4F4EEZ.js} +1082 -1074
  40. package/dist/chunk-WR4F4EEZ.js.map +1 -0
  41. package/dist/{chunk-AD74EAK3.js → chunk-ZSTZXR2D.js} +1 -30
  42. package/dist/chunk-ZSTZXR2D.js.map +1 -0
  43. package/dist/cli/index.js +5 -5
  44. package/dist/client/index.d.ts +418 -0
  45. package/dist/client/index.js +84 -3
  46. package/dist/client/index.js.map +1 -1
  47. package/dist/csrf-BBrEZSBW.d.ts +107 -0
  48. package/dist/csrf-readiness-store-CjIoub3U.d.ts +43 -0
  49. package/dist/define-websocket-CdK94O-D.d.ts +64 -0
  50. package/dist/{dev-GBXOTXUP.js → dev-OWW4XVIH.js} +10 -10
  51. package/dist/{dev-emit-FEFEDLZF.js → dev-emit-5MDSBP5D.js} +3 -3
  52. package/dist/{dev-emit-O4EGOSNV.js → dev-emit-QH2YGZXN.js} +2 -2
  53. package/dist/devtools/entry.d.ts +5 -0
  54. package/dist/error-envelope-BsNzzAV5.d.ts +62 -0
  55. package/dist/health-route-C0hk64_U.d.ts +57 -0
  56. package/dist/index-B40qUSrQ.d.ts +575 -0
  57. package/dist/index.d.ts +361 -0
  58. package/dist/index.js +6 -4
  59. package/dist/index.js.map +1 -1
  60. package/dist/internal-api-4YTJDITC.js +83 -0
  61. package/dist/internal-api-EFKZWIYZ.js +66 -0
  62. package/dist/internal-api-EFKZWIYZ.js.map +1 -0
  63. package/dist/job-backend-CgC8Xf33.d.ts +68 -0
  64. package/dist/match-CfbEFRG4.d.ts +26 -0
  65. package/dist/{openapi-VR6AFBLJ.js → openapi-FHY6HC6I.js} +7 -7
  66. package/dist/plugin-runner-BGBkzgi0.d.ts +95 -0
  67. package/dist/plugin-types-DNJGxr4Z.d.ts +79 -0
  68. package/dist/rate-limit-BdNDZ3vt.d.ts +58 -0
  69. package/dist/rate-limit-store-BEJnhWdw.d.ts +72 -0
  70. package/dist/react-query/index.d.ts +33 -0
  71. package/dist/{registry-Q2TZQLUH.js → registry-34LL7NF4.js} +1 -1
  72. package/dist/{routes-LRYOIIAI.js → routes-EW7TP7NJ.js} +2 -2
  73. package/dist/schema-BpH6ivDY.d.ts +74 -0
  74. package/dist/server/agent/index.d.ts +229 -0
  75. package/dist/server/agent/index.js +2 -1
  76. package/dist/server/auth/index.d.ts +419 -0
  77. package/dist/server/cost/index.d.ts +177 -0
  78. package/dist/server/cron/index.d.ts +208 -0
  79. package/dist/server/define/index.d.ts +313 -0
  80. package/dist/server/define/index.js +4 -2
  81. package/dist/server/http/index.d.ts +11 -0
  82. package/dist/server/index.d.ts +848 -0
  83. package/dist/server/index.js +9 -294
  84. package/dist/server/index.js.map +1 -1
  85. package/dist/server/jobs/index.d.ts +348 -0
  86. package/dist/server/observability/index.d.ts +324 -0
  87. package/dist/server/plugins/index.d.ts +17 -0
  88. package/dist/server/rate-limit/index.d.ts +105 -0
  89. package/dist/server/realtime/index.d.ts +15 -0
  90. package/dist/server/scan/index.d.ts +126 -0
  91. package/dist/server/scan/index.js +1 -1
  92. package/dist/server/security/index.d.ts +193 -0
  93. package/dist/server/storage/index.d.ts +22 -0
  94. package/dist/server/webhook/index.d.ts +148 -0
  95. package/dist/{start-3ZHAXSJE.js → start-KIQ5TTLR.js} +76 -13
  96. package/dist/start-KIQ5TTLR.js.map +1 -0
  97. package/dist/storage-manager-C4jsO0Tp.d.ts +89 -0
  98. package/dist/storage-types-DsDTCPbp.d.ts +96 -0
  99. package/dist/vite-plugin/index.d.ts +115 -0
  100. package/dist/vite-plugin/index.js +6 -4
  101. package/dist/{vite-plugin-WO72VLYR.js → vite-plugin-RK66K26Z.js} +7 -7
  102. package/dist/vite-plugin-RK66K26Z.js.map +1 -0
  103. package/package.json +4 -4
  104. package/dist/chunk-223EFY5X.js.map +0 -1
  105. package/dist/chunk-3LVRAGAZ.js +0 -73
  106. package/dist/chunk-3LVRAGAZ.js.map +0 -1
  107. package/dist/chunk-43D6XNDR.js.map +0 -1
  108. package/dist/chunk-7CBRKNQA.js.map +0 -1
  109. package/dist/chunk-AD74EAK3.js.map +0 -1
  110. package/dist/chunk-GFMQJHXX.js.map +0 -1
  111. package/dist/chunk-PBEH6NXR.js +0 -44
  112. package/dist/chunk-PBEH6NXR.js.map +0 -1
  113. package/dist/chunk-PIVX3DYW.js +0 -142
  114. package/dist/chunk-PIVX3DYW.js.map +0 -1
  115. package/dist/chunk-PPPR5DGR.js +0 -1
  116. package/dist/chunk-RESN62GB.js.map +0 -1
  117. package/dist/start-3ZHAXSJE.js.map +0 -1
  118. /package/dist/{actions-virtual-module-SQDY3V5X.js.map → actions-virtual-module-3CDQTWOC.js.map} +0 -0
  119. /package/dist/{actions-virtual-module-PNPRCEOS.js.map → actions-virtual-module-EIPXX4ZB.js.map} +0 -0
  120. /package/dist/{app-typed-client-5GYEOYP3.js.map → app-typed-client-7PBFWZUE.js.map} +0 -0
  121. /package/dist/{app-typed-client-QG7BVZYW.js.map → app-typed-client-CSOK7NPC.js.map} +0 -0
  122. /package/dist/{build-QFRLSEZ4.js.map → build-HXND27XG.js.map} +0 -0
  123. /package/dist/{chunk-NAZ4E2GT.js.map → chunk-KXA37ONC.js.map} +0 -0
  124. /package/dist/{chunk-PPPR5DGR.js.map → chunk-RSVN727G.js.map} +0 -0
  125. /package/dist/{dev-GBXOTXUP.js.map → dev-OWW4XVIH.js.map} +0 -0
  126. /package/dist/{dev-emit-FEFEDLZF.js.map → dev-emit-5MDSBP5D.js.map} +0 -0
  127. /package/dist/{dev-emit-O4EGOSNV.js.map → dev-emit-QH2YGZXN.js.map} +0 -0
  128. /package/dist/{vite-plugin-WO72VLYR.js.map → internal-api-4YTJDITC.js.map} +0 -0
  129. /package/dist/{openapi-VR6AFBLJ.js.map → openapi-FHY6HC6I.js.map} +0 -0
  130. /package/dist/{registry-Q2TZQLUH.js.map → registry-34LL7NF4.js.map} +0 -0
  131. /package/dist/{routes-LRYOIIAI.js.map → routes-EW7TP7NJ.js.map} +0 -0
@@ -55,11 +55,12 @@ import "../chunk-E3JH6YUM.js";
55
55
  import "../chunk-JHEAWR3L.js";
56
56
  import {
57
57
  _resetEnvCache,
58
+ executeWebRequest,
58
59
  jsonTransformer,
59
60
  loadEnv,
60
61
  resolveTransformer,
61
62
  superjsonTransformer
62
- } from "../chunk-PIVX3DYW.js";
63
+ } from "../chunk-3S3BNW5K.js";
63
64
  import {
64
65
  ActionError,
65
66
  ActionInputError,
@@ -81,7 +82,6 @@ import {
81
82
  handleWebRequestError,
82
83
  isActionError,
83
84
  isInputError,
84
- isZodLike,
85
85
  matchesOrigin,
86
86
  parseTraceparent,
87
87
  runMiddlewareAndContext,
@@ -133,7 +133,7 @@ import {
133
133
  scanServerRoutes,
134
134
  scanWebSocketRoutes,
135
135
  writeManifest
136
- } from "../chunk-223EFY5X.js";
136
+ } from "../chunk-2J7XU3PW.js";
137
137
  import "../chunk-WSJKACWB.js";
138
138
  import {
139
139
  scanMiddlewares
@@ -182,7 +182,8 @@ import {
182
182
  createConversationHistory,
183
183
  errorToEvent,
184
184
  streamAgentRun
185
- } from "../chunk-RESN62GB.js";
185
+ } from "../chunk-2KZQPDYR.js";
186
+ import "../chunk-EXP56GFQ.js";
186
187
  import {
187
188
  AuthRequiredError,
188
189
  _resetKeyCacheForTests,
@@ -257,9 +258,11 @@ import {
257
258
  defineTheoPlugin,
258
259
  defineWebChannel,
259
260
  defineWebSocket,
260
- defineWebSocketWeb,
261
+ defineWebSocketWeb
262
+ } from "../chunk-ZSTZXR2D.js";
263
+ import {
261
264
  uiMessageStreamResponse
262
- } from "../chunk-AD74EAK3.js";
265
+ } from "../chunk-NHJMZCAS.js";
263
266
  import {
264
267
  HEALTH_PATH,
265
268
  READY_PATH,
@@ -1110,294 +1113,6 @@ function deserializeResponse(serialized) {
1110
1113
  return superjson.deserialize(serialized);
1111
1114
  }
1112
1115
 
1113
- // src/server/http/web-middleware-runner.ts
1114
- async function runWebMiddleware(request, middleware, context) {
1115
- for (const mw of middleware) {
1116
- const result = await mw(request, context);
1117
- if (result instanceof Response) return result;
1118
- }
1119
- return void 0;
1120
- }
1121
-
1122
- // src/server/web-handler.ts
1123
- function searchParamsToObject(params) {
1124
- const out = {};
1125
- for (const [key, value] of params.entries()) {
1126
- if (!Object.hasOwn(out, key)) {
1127
- out[key] = value;
1128
- continue;
1129
- }
1130
- const existing = out[key];
1131
- if (Array.isArray(existing)) {
1132
- existing.push(value);
1133
- } else {
1134
- out[key] = [existing, value];
1135
- }
1136
- }
1137
- return out;
1138
- }
1139
- async function parseBodyInline(request) {
1140
- if (request.method === "GET" || request.method === "HEAD") return void 0;
1141
- const contentType = request.headers.get("content-type") ?? "";
1142
- if (contentType.includes("application/json")) {
1143
- const text = await request.text();
1144
- if (text.length === 0) return void 0;
1145
- try {
1146
- return JSON.parse(text);
1147
- } catch {
1148
- return void 0;
1149
- }
1150
- }
1151
- if (contentType.startsWith("text/")) {
1152
- const text = await request.text();
1153
- return text.length === 0 ? void 0 : text;
1154
- }
1155
- return void 0;
1156
- }
1157
- async function parseBodyFull(request) {
1158
- if (request.method === "GET" || request.method === "HEAD") return void 0;
1159
- const { parseWebRequestBody } = await import("../body-parser-web-MUWBKZ3F.js");
1160
- try {
1161
- const parsed = await parseWebRequestBody(request);
1162
- if (parsed.json === void 0 && Object.keys(parsed.fields).length === 0 && parsed.files.length === 0) {
1163
- return void 0;
1164
- }
1165
- return parsed;
1166
- } catch {
1167
- return void 0;
1168
- }
1169
- }
1170
- function validationErrorResponse(zodError, field) {
1171
- const envelope = {
1172
- code: "BAD_REQUEST",
1173
- message: `Validation failed: ${field}`,
1174
- ext: {
1175
- fields: zodError.issues.map((issue) => ({
1176
- path: issue.path.join("."),
1177
- message: issue.message
1178
- }))
1179
- }
1180
- };
1181
- return new Response(JSON.stringify(envelope), {
1182
- status: 400,
1183
- headers: { "content-type": "application/json" }
1184
- });
1185
- }
1186
- async function runHandler(config, request, bodyParser = "inline", paramsInput = {}, context = {}) {
1187
- const url = new URL(request.url);
1188
- const queryRaw = searchParamsToObject(url.searchParams);
1189
- const bodyRaw = bodyParser === "full" ? await parseBodyFull(request) : await parseBodyInline(request);
1190
- const paramsRaw = paramsInput;
1191
- let query = queryRaw;
1192
- if (config.query !== void 0) {
1193
- const parsed = config.query.safeParse(queryRaw);
1194
- if (!parsed.success)
1195
- return { ok: false, response: validationErrorResponse(parsed.error, "query") };
1196
- query = parsed.data;
1197
- }
1198
- let body = bodyRaw;
1199
- if (config.body !== void 0) {
1200
- const parsed = config.body.safeParse(bodyRaw);
1201
- if (!parsed.success)
1202
- return { ok: false, response: validationErrorResponse(parsed.error, "body") };
1203
- body = parsed.data;
1204
- }
1205
- let params = paramsRaw;
1206
- if (config.params !== void 0) {
1207
- const parsed = config.params.safeParse(paramsRaw);
1208
- if (!parsed.success)
1209
- return { ok: false, response: validationErrorResponse(parsed.error, "params") };
1210
- params = parsed.data;
1211
- }
1212
- const result = await config.handler({ query, body, params, request, context });
1213
- return validateResponseOutput(config.response, result) ?? { ok: true, result };
1214
- }
1215
- function validateResponseOutput(response, result) {
1216
- const validatable = result !== void 0 && result !== null && !(result instanceof Response);
1217
- if (!validatable || !isZodLike(response)) return void 0;
1218
- const parsed = response.safeParse(result);
1219
- if (parsed.success) return { ok: true, result: parsed.data };
1220
- const err = new TheoError({
1221
- code: "INTERNAL_SERVER_ERROR",
1222
- message: "response validation failed",
1223
- ext: { issues: parsed.error?.issues }
1224
- });
1225
- return { ok: false, response: handlerErrorResponse(err) };
1226
- }
1227
- function toResponse(result, status) {
1228
- if (result === void 0) {
1229
- return new Response(null, { status: 204 });
1230
- }
1231
- if (result instanceof Response) {
1232
- return result;
1233
- }
1234
- return new Response(JSON.stringify(result), {
1235
- status: status ?? 200,
1236
- headers: { "content-type": "application/json" }
1237
- });
1238
- }
1239
- function handlerErrorResponse(err) {
1240
- const envelope = serverErrorToEnvelope(err);
1241
- const status = envelopeCodeToStatus(envelope.code);
1242
- return new Response(JSON.stringify(envelope), {
1243
- status,
1244
- headers: { "content-type": "application/json" }
1245
- });
1246
- }
1247
- var CSRF_PROTECTED_METHODS = /* @__PURE__ */ new Set(["POST", "PUT", "PATCH", "DELETE"]);
1248
- function mergeHookHeaders(response, hookHeaders) {
1249
- if ([...hookHeaders].length === 0) return response;
1250
- const merged = new Headers(response.headers);
1251
- for (const [k, v] of hookHeaders.entries()) {
1252
- if (k.toLowerCase() === "set-cookie") continue;
1253
- if (!merged.has(k)) merged.set(k, v);
1254
- }
1255
- for (const sc of hookHeaders.getSetCookie()) {
1256
- merged.append("Set-Cookie", sc);
1257
- }
1258
- return new Response(response.body, {
1259
- status: response.status,
1260
- statusText: response.statusText,
1261
- headers: merged
1262
- });
1263
- }
1264
- function methodNotAllowedResponse(method) {
1265
- const envelope = {
1266
- code: "METHOD_NOT_ALLOWED",
1267
- message: `Method ${method} not allowed`
1268
- };
1269
- return new Response(JSON.stringify(envelope), {
1270
- status: 405,
1271
- headers: { "content-type": "application/json" }
1272
- });
1273
- }
1274
- function csrfFailedResponse(reason) {
1275
- const envelope = {
1276
- code: "FORBIDDEN",
1277
- message: `CSRF check failed: ${reason}`
1278
- };
1279
- return new Response(JSON.stringify(envelope), {
1280
- status: 403,
1281
- headers: { "content-type": "application/json" }
1282
- });
1283
- }
1284
- async function executeWebRequest(request, routeModule, opts = {}) {
1285
- const method = request.method.toUpperCase();
1286
- const config = routeModule[method];
1287
- if (opts.hooks === void 0) {
1288
- if (config === void 0 || typeof config.handler !== "function") {
1289
- return methodNotAllowedResponse(method);
1290
- }
1291
- if (opts.csrfMode === "strict" && CSRF_PROTECTED_METHODS.has(method)) {
1292
- const csrfCheck = validateCsrfRequest(request);
1293
- if (!csrfCheck.valid) return csrfFailedResponse(csrfCheck.reason);
1294
- }
1295
- try {
1296
- const context = {};
1297
- if (opts.middleware?.length) {
1298
- const shortCircuit = await runWebMiddleware(request, opts.middleware, context);
1299
- if (shortCircuit) return shortCircuit;
1300
- }
1301
- const outcome = await runHandler(
1302
- config,
1303
- request,
1304
- opts.bodyParser ?? "inline",
1305
- opts.params ?? {},
1306
- context
1307
- );
1308
- if (!outcome.ok) return outcome.response;
1309
- return toResponse(outcome.result, config.status);
1310
- } catch (err) {
1311
- return handlerErrorResponse(err);
1312
- }
1313
- }
1314
- return runWithHooks(request, config, opts, opts.hooks);
1315
- }
1316
- async function runPreHandlerPipeline(hookCtx, request, config, opts, hooks) {
1317
- const method = request.method.toUpperCase();
1318
- const runList = async (list) => {
1319
- for (const hook of list) {
1320
- if (hookCtx.response !== void 0) return;
1321
- await hook(hookCtx);
1322
- }
1323
- };
1324
- if (hooks.onRequest) await runList(hooks.onRequest);
1325
- if (hookCtx.response === void 0 && opts.csrfMode === "strict" && CSRF_PROTECTED_METHODS.has(method)) {
1326
- const csrfCheck = validateCsrfRequest(request);
1327
- if (!csrfCheck.valid) hookCtx.response = csrfFailedResponse(csrfCheck.reason);
1328
- }
1329
- if (hookCtx.response === void 0 && hooks.preHandler) {
1330
- await runList(hooks.preHandler);
1331
- }
1332
- if (hookCtx.response === void 0) {
1333
- await runHandlerStage(hookCtx, request, config, opts, method);
1334
- }
1335
- }
1336
- async function runHandlerStage(hookCtx, request, config, opts, method) {
1337
- if (config === void 0 || typeof config.handler !== "function") {
1338
- hookCtx.response = methodNotAllowedResponse(method);
1339
- return;
1340
- }
1341
- if (opts.middleware?.length) {
1342
- const shortCircuit = await runWebMiddleware(request, opts.middleware, hookCtx.ctx);
1343
- if (shortCircuit) {
1344
- hookCtx.response = shortCircuit;
1345
- return;
1346
- }
1347
- }
1348
- const outcome = await runHandler(
1349
- config,
1350
- request,
1351
- opts.bodyParser ?? "inline",
1352
- opts.params ?? {},
1353
- hookCtx.ctx
1354
- );
1355
- hookCtx.response = outcome.ok ? toResponse(outcome.result, config.status) : outcome.response;
1356
- }
1357
- async function runWithHooks(request, config, opts, hooks) {
1358
- const hookCtx = {
1359
- request,
1360
- responseHeaders: new Headers(),
1361
- ctx: {},
1362
- requestId: opts.requestId ?? globalThis.crypto.randomUUID()
1363
- };
1364
- try {
1365
- await runPreHandlerPipeline(hookCtx, request, config, opts, hooks);
1366
- if (hooks.onResponse) {
1367
- for (const hook of hooks.onResponse) {
1368
- await hook(hookCtx);
1369
- }
1370
- }
1371
- const finalResponse = hookCtx.response ?? new Response(
1372
- JSON.stringify({ code: "INTERNAL_SERVER_ERROR", message: "No response built" }),
1373
- {
1374
- status: 500,
1375
- headers: { "content-type": "application/json" }
1376
- }
1377
- );
1378
- return mergeHookHeaders(finalResponse, hookCtx.responseHeaders);
1379
- } catch (err) {
1380
- return runErrorHooks(err, hookCtx, hooks.onError);
1381
- }
1382
- }
1383
- async function runErrorHooks(err, hookCtx, onError) {
1384
- const errorResponse = handlerErrorResponse(err);
1385
- if (onError !== void 0) {
1386
- const errorCtx = {
1387
- ...hookCtx,
1388
- response: errorResponse,
1389
- error: err
1390
- };
1391
- for (const hook of onError) {
1392
- try {
1393
- await hook(errorCtx);
1394
- } catch {
1395
- }
1396
- }
1397
- }
1398
- return mergeHookHeaders(errorResponse, hookCtx.responseHeaders);
1399
- }
1400
-
1401
1116
  // src/server/plugin-types.ts
1402
1117
  function definePlugin(plugin) {
1403
1118
  return plugin;