theokit 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (112) hide show
  1. package/dist/actions-virtual-module-E6PU47GV.js +175 -0
  2. package/dist/actions-virtual-module-E6PU47GV.js.map +1 -0
  3. package/dist/actions-virtual-module-E7IELVHL.js +174 -0
  4. package/dist/actions-virtual-module-E7IELVHL.js.map +1 -0
  5. package/dist/app-typed-client-4L4L4BWD.js +289 -0
  6. package/dist/app-typed-client-4L4L4BWD.js.map +1 -0
  7. package/dist/app-typed-client-6PAT6VOL.js +289 -0
  8. package/dist/app-typed-client-6PAT6VOL.js.map +1 -0
  9. package/dist/{build-IQQYCA3B.js → build-EWZDEDT3.js} +37 -11
  10. package/dist/build-EWZDEDT3.js.map +1 -0
  11. package/dist/build-request-body-preview-EOP2Y4F3.js +52 -0
  12. package/dist/build-request-body-preview-EOP2Y4F3.js.map +1 -0
  13. package/dist/build-request-body-preview-II2235E6.js +54 -0
  14. package/dist/build-request-body-preview-II2235E6.js.map +1 -0
  15. package/dist/{chunk-GQSTRXXB.js → chunk-2BQYEBCK.js} +77 -68
  16. package/dist/chunk-2BQYEBCK.js.map +1 -0
  17. package/dist/{chunk-FRBYJANT.js → chunk-4W447H7M.js} +195 -41
  18. package/dist/chunk-4W447H7M.js.map +1 -0
  19. package/dist/chunk-7DHGV77J.js +140 -0
  20. package/dist/chunk-7DHGV77J.js.map +1 -0
  21. package/dist/{chunk-WQCPKA2L.js → chunk-C27AZN46.js} +570 -165
  22. package/dist/chunk-C27AZN46.js.map +1 -0
  23. package/dist/chunk-ERAZNHHR.js +73 -0
  24. package/dist/chunk-ERAZNHHR.js.map +1 -0
  25. package/dist/chunk-F3TG5FJV.js +97 -0
  26. package/dist/chunk-F3TG5FJV.js.map +1 -0
  27. package/dist/{chunk-OK2PJOLK.js → chunk-KJVEJILQ.js} +7 -3
  28. package/dist/chunk-KJVEJILQ.js.map +1 -0
  29. package/dist/{chunk-JBC7PFV4.js → chunk-M23FP2AS.js} +2 -2
  30. package/dist/chunk-M23FP2AS.js.map +1 -0
  31. package/dist/{chunk-S3JBIFKS.js → chunk-MG7H3LAW.js} +2 -2
  32. package/dist/chunk-MOT42NAH.js +165 -0
  33. package/dist/chunk-MOT42NAH.js.map +1 -0
  34. package/dist/{chunk-OEB3OIYP.js → chunk-OJHO2X7C.js} +497 -168
  35. package/dist/chunk-OJHO2X7C.js.map +1 -0
  36. package/dist/chunk-QLGES2HC.js +189 -0
  37. package/dist/chunk-QLGES2HC.js.map +1 -0
  38. package/dist/{chunk-JZ5WEG3S.js → chunk-SEVYARIU.js} +9 -5
  39. package/dist/chunk-SEVYARIU.js.map +1 -0
  40. package/dist/{chunk-ZK5JCE5J.js → chunk-TFECHXR5.js} +201 -43
  41. package/dist/chunk-TFECHXR5.js.map +1 -0
  42. package/dist/chunk-WSJKACWB.js +17 -0
  43. package/dist/chunk-WSJKACWB.js.map +1 -0
  44. package/dist/{chunk-3Q36SEDK.js → chunk-ZBWROIIO.js} +43 -2
  45. package/dist/{chunk-3Q36SEDK.js.map → chunk-ZBWROIIO.js.map} +1 -1
  46. package/dist/chunk-ZOXNJV2O.js +358 -0
  47. package/dist/chunk-ZOXNJV2O.js.map +1 -0
  48. package/dist/cli/index.js +22 -7
  49. package/dist/cli/index.js.map +1 -1
  50. package/dist/client/index.d.ts +31 -1
  51. package/dist/client/index.js +100 -0
  52. package/dist/client/index.js.map +1 -1
  53. package/dist/{dev-VN6WS3CM.js → dev-74KPI5C5.js} +15 -7
  54. package/dist/dev-74KPI5C5.js.map +1 -0
  55. package/dist/dev-emit-3CHM73TV.js +390 -0
  56. package/dist/dev-emit-3CHM73TV.js.map +1 -0
  57. package/dist/dev-emit-I3CKOHML.js +44 -0
  58. package/dist/dev-emit-I3CKOHML.js.map +1 -0
  59. package/dist/devtools/entry.js +545 -181
  60. package/dist/devtools/entry.js.map +1 -1
  61. package/dist/{dispatcher-IK3FVMX5.js → dispatcher-AQJGI3HU.js} +2 -2
  62. package/dist/dispatcher-E6QV32BO.js +83 -0
  63. package/dist/dispatcher-E6QV32BO.js.map +1 -0
  64. package/dist/{dist-Q5VBFWVL.js → dist-R2Q7GVDW.js} +10357 -12068
  65. package/dist/dist-R2Q7GVDW.js.map +1 -0
  66. package/dist/{generate-SIO4JSKJ.js → generate-DT4IIAHF.js} +88 -22
  67. package/dist/generate-DT4IIAHF.js.map +1 -0
  68. package/dist/index.d.ts +108 -1
  69. package/dist/index.js +5 -2
  70. package/dist/index.js.map +1 -1
  71. package/dist/{info-B3UOXFUF.js → info-VM7EK4JC.js} +3 -3
  72. package/dist/openapi-CBASKC7W.js +84 -0
  73. package/dist/openapi-CBASKC7W.js.map +1 -0
  74. package/dist/{registry-BB3UYAOG.js → registry-QGSNLJKJ.js} +2 -2
  75. package/dist/{routes-CAGFZKUK.js → routes-7O4NUDYS.js} +9 -7
  76. package/dist/{routes-CAGFZKUK.js.map → routes-7O4NUDYS.js.map} +1 -1
  77. package/dist/{schema-Cxq2qqwh.d.ts → schema-CjVly9c_.d.ts} +43 -1
  78. package/dist/{schema-MVB2FVK6.js → schema-JAKF23GR.js} +2 -2
  79. package/dist/server/cost/index.js +1 -1
  80. package/dist/server/index.d.ts +219 -47
  81. package/dist/server/index.js +35 -116
  82. package/dist/server/index.js.map +1 -1
  83. package/dist/{start-ZGWW5MOL.js → start-5JTFWF4T.js} +20 -14
  84. package/dist/start-5JTFWF4T.js.map +1 -0
  85. package/dist/{static-BH6JQNM2.js → static-6PZZBY7G.js} +4 -4
  86. package/dist/{upgrade-readiness-OHL36FQL.js → upgrade-readiness-Q46KTG2J.js} +6 -1
  87. package/dist/upgrade-readiness-Q46KTG2J.js.map +1 -0
  88. package/dist/vite-plugin/index.d.ts +25 -1
  89. package/dist/vite-plugin/index.js +5 -2
  90. package/dist/{vite-plugin-WA3G45YY.js → vite-plugin-3EQP2JYM.js} +7 -6
  91. package/package.json +4 -2
  92. package/dist/build-IQQYCA3B.js.map +0 -1
  93. package/dist/chunk-FRBYJANT.js.map +0 -1
  94. package/dist/chunk-GQSTRXXB.js.map +0 -1
  95. package/dist/chunk-JBC7PFV4.js.map +0 -1
  96. package/dist/chunk-JZ5WEG3S.js.map +0 -1
  97. package/dist/chunk-OEB3OIYP.js.map +0 -1
  98. package/dist/chunk-OK2PJOLK.js.map +0 -1
  99. package/dist/chunk-WQCPKA2L.js.map +0 -1
  100. package/dist/chunk-ZK5JCE5J.js.map +0 -1
  101. package/dist/dev-VN6WS3CM.js.map +0 -1
  102. package/dist/dist-Q5VBFWVL.js.map +0 -1
  103. package/dist/generate-SIO4JSKJ.js.map +0 -1
  104. package/dist/start-ZGWW5MOL.js.map +0 -1
  105. package/dist/upgrade-readiness-OHL36FQL.js.map +0 -1
  106. /package/dist/{chunk-S3JBIFKS.js.map → chunk-MG7H3LAW.js.map} +0 -0
  107. /package/dist/{dispatcher-IK3FVMX5.js.map → dispatcher-AQJGI3HU.js.map} +0 -0
  108. /package/dist/{info-B3UOXFUF.js.map → info-VM7EK4JC.js.map} +0 -0
  109. /package/dist/{registry-BB3UYAOG.js.map → registry-QGSNLJKJ.js.map} +0 -0
  110. /package/dist/{schema-MVB2FVK6.js.map → schema-JAKF23GR.js.map} +0 -0
  111. /package/dist/{static-BH6JQNM2.js.map → static-6PZZBY7G.js.map} +0 -0
  112. /package/dist/{vite-plugin-WA3G45YY.js.map → vite-plugin-3EQP2JYM.js.map} +0 -0
@@ -8,8 +8,8 @@ import { ViteDevServer } from 'vite';
8
8
  export { AuthRequiredError, BackupCode, BackupCodeOptions, OidcMetadata, PkceChallenge, SessionConfig, SessionManager, SessionMeta, ThrottleOptions, ThrottleState, TotpAlgorithm, TotpOptions, TotpUriOptions, VerifyTotpOptions, _resetKeyCacheForTests, assertProductionSecret, checkThrottle, clearOidcCache, createSessionManager, decrypt, discoverOidcProvider, encrypt, generateBackupCodes, generateNonce, generateOAuthState, generatePkceChallenge, generateTotp, generateTotpSecret, pkceChallengeFromVerifier, recordAttempt, requireAuth, rotateIfNeeded, totpUri, verifyBackupCode, verifyOAuthState, verifyTotp } from './auth/index.js';
9
9
  export { InMemoryUsageStorage, ToolHookEvent, ToolUsageRecord, TrackAgentRunInput, TrackAgentRunOptions, TrackAgentToolsHooks, TrackAgentToolsOptions, UsageQuery, UsageRecord, UsageResult, UsageStorageAdapter, trackAgentRun, trackAgentTools } from './cost/index.js';
10
10
  export { CRON_MANIFEST_SCHEMA_VERSION, CronConcurrencyPolicy, CronContext, CronDefinition, CronManifest, CronManifestEntry, CronNode, CronOptions, CronScheduler, DuplicateCronNameError, ExistingConfigUnparseableError, buildCronManifest, convertToAwsCron, createCronScheduler, defineCron, scanCrons, translateCronToAws, translateCronToCloudflare, translateCronToDeno, translateCronToVercel, validateCronSchedule, writeCronManifest } from './cron/index.js';
11
- import { R as RateLimitConfig, a as RateLimitResult } from '../schema-Cxq2qqwh.js';
12
- export { b as ServiceDefinition, S as ServicesConfig, c as ServicesConfigInput, d as ServicesConfigOutput, e as createRateLimiter } from '../schema-Cxq2qqwh.js';
11
+ import { R as RateLimitConfig, a as RateLimitResult, C as CsrfReadinessStore } from '../schema-CjVly9c_.js';
12
+ export { b as CsrfReadinessRouteSummary, c as CsrfReadinessSummary, d as CsrfWarnRecord, e as ServiceDefinition, S as ServicesConfig, f as ServicesConfigInput, g as ServicesConfigOutput, h as createRateLimiter } from '../schema-CjVly9c_.js';
13
13
  import { R as RateLimitStore } from '../rate-limit-store-BEJnhWdw.js';
14
14
  export { I as InMemoryStore, a as RateLimitState } from '../rate-limit-store-BEJnhWdw.js';
15
15
  export { G as GenericFactory, P as PoolLike, a as PostgresDatabaseConfig, R as RedisLike, b as RedisServerConfig, S as ServerConfig, c as StorageAdapter, d as StorageConfig, T as TlsConfig } from '../storage-types-DtIVejC1.js';
@@ -58,8 +58,28 @@ interface RouteConfig<TQuery extends z.ZodType = z.ZodUndefined, TBody extends z
58
58
  */
59
59
  declare function defineRoute<TQuery extends z.ZodType = z.ZodUndefined, TBody extends z.ZodType = z.ZodUndefined, TParams extends z.ZodType = z.ZodUndefined, TCtx = unknown, TResponse = unknown>(config: RouteConfig<TQuery, TBody, TParams, TCtx, TResponse>): RouteConfig<TQuery, TBody, TParams, TCtx, TResponse>;
60
60
 
61
+ /**
62
+ * Action wire-protocol accept mode per plan g3-server-actions-and-useaction
63
+ * v1.2 ADR D1. Default behavior (when omitted) is `'json'`. `'form'` opts the
64
+ * action into FormData multipart parsing for progressive-enhancement forms;
65
+ * the runtime in `server/http/action-execute.ts` will coerce FormData entries
66
+ * against the `input` schema via `formDataToObject` (Astro pattern).
67
+ */
68
+ type ActionAccept = 'form' | 'json';
61
69
  interface ActionConfig<TInput extends z.ZodType, TCtx = unknown> {
70
+ /**
71
+ * Zod input schema. Required: every action declares its input contract via
72
+ * Zod (architecture rule: zod-is-SSOT). The shape becomes the handler's
73
+ * typed `input` parameter via `z.infer<TInput>`.
74
+ */
62
75
  input: TInput;
76
+ /**
77
+ * Wire-protocol accept mode. Defaults to `'json'` when omitted. Setting
78
+ * `'form'` switches the runtime to FormData multipart parsing — the input
79
+ * schema MUST be `z.object(...)` so field-by-field coercion can drive
80
+ * boolean string / number / array coercion (Astro pattern).
81
+ */
82
+ accept?: ActionAccept;
63
83
  handler: (ctx: {
64
84
  input: z.infer<TInput>;
65
85
  ctx: TCtx;
@@ -67,7 +87,15 @@ interface ActionConfig<TInput extends z.ZodType, TCtx = unknown> {
67
87
  }
68
88
  /**
69
89
  * Define a typed server action.
70
- * Identity function — provides type inference for action handlers.
90
+ *
91
+ * Identity function — provides type inference for action handlers. The
92
+ * runtime that consumes the config (validation + invocation + serialization)
93
+ * lives in `server/http/action-execute.ts`.
94
+ *
95
+ * Per plan g3-server-actions-and-useaction v1.2 § Phase 1 / T1.2: the new
96
+ * `accept?: 'form' | 'json'` field is the only contract change vs the
97
+ * pre-G3 identity. Existing callsites (`defineAction({input, handler})`)
98
+ * continue to compile — `accept` is opt-in.
71
99
  */
72
100
  declare function defineAction<TInput extends z.ZodType, TCtx = unknown>(config: ActionConfig<TInput, TCtx>): ActionConfig<TInput, TCtx>;
73
101
 
@@ -328,6 +356,10 @@ interface ServerRouteNode {
328
356
  routePath: string;
329
357
  paramNames: string[];
330
358
  pattern: RegExp;
359
+ /** HTTP methods (uppercase) the route file exports. Optional for backward
360
+ * compatibility with manifests generated before G1. Empty array means the
361
+ * file has no HTTP exports (util-only); undefined means "not detected". */
362
+ methods?: string[];
331
363
  }
332
364
  declare function compilePattern(routePath: string): {
333
365
  pattern: RegExp;
@@ -838,7 +870,43 @@ interface ActionNode {
838
870
  filePath: string;
839
871
  actionPath: string;
840
872
  }
873
+ /**
874
+ * Enriched manifest entry per plan g3-server-actions-and-useaction v1.2
875
+ * § Phase 1 / T1.4 + ADR D4. Consumed by virtual module `@theo/actions`
876
+ * (T3.1) and G4 devtools "Actions" tab (T5.1).
877
+ */
878
+ interface ActionManifestEntry$1 {
879
+ name: string;
880
+ filePath: string;
881
+ urlPath: string;
882
+ accept: 'form' | 'json';
883
+ hasInput: boolean;
884
+ }
885
+ /**
886
+ * EC-2: structured error for scan-time defects (name collision, reserved
887
+ * identifier, etc.). Throw at scan time to fail loud — silent shadowing is
888
+ * a security/correctness footgun.
889
+ */
890
+ declare class ActionScanError extends Error {
891
+ readonly code: 'NAME_COLLISION' | 'RESERVED_NAME';
892
+ readonly conflictingPaths: readonly string[];
893
+ constructor(code: 'NAME_COLLISION' | 'RESERVED_NAME', message: string, conflictingPaths: readonly string[]);
894
+ }
895
+ /**
896
+ * Backward-compatible: original simple-shape scanner used by existing
897
+ * consumers. Preserved verbatim; new consumers should call
898
+ * `scanServerActionsEnriched`.
899
+ */
841
900
  declare function scanServerActions(serverDir: string): ActionNode[];
901
+ /**
902
+ * Enriched scan: light AST detection of `accept: 'form'|'json'` + `input:`
903
+ * presence via regex-after-comment-stripping (EC-9). Throws ActionScanError
904
+ * on file/dir name collision (EC-2) or reserved JS identifier names.
905
+ *
906
+ * Output `ActionManifestEntry[]` is sorted by `name` for deterministic
907
+ * `.theo/actions-manifest.json` emission.
908
+ */
909
+ declare function scanServerActionsEnriched(serverDir: string): ActionManifestEntry$1[];
842
910
 
843
911
  interface WebSocketRouteNode {
844
912
  filePath: string;
@@ -859,6 +927,9 @@ interface ManifestRoute {
859
927
  filePath: string;
860
928
  routePath: string;
861
929
  paramNames: string[];
930
+ /** HTTP methods (uppercase) the route file exports. Optional — manifests
931
+ * generated before G1 omit this; loaders treat absence as "unknown". */
932
+ methods?: string[];
862
933
  }
863
934
  interface ManifestAction {
864
935
  filePath: string;
@@ -884,6 +955,148 @@ declare function generateManifest(serverDir: string): TheoManifest;
884
955
  declare function writeManifest(manifest: TheoManifest, outputDir: string): void;
885
956
  declare function loadManifest(distDir: string, serverDir: string): LoadedManifest;
886
957
 
958
+ /**
959
+ * Action protocol — cross-boundary contract for `defineAction` + `useAction`.
960
+ *
961
+ * Per plan g3-server-actions-and-useaction v1.2 § Phase 0 / T0.1, ADRs D1 (encoding)
962
+ * + D6 (full dot-notation path) + D7 (PII mask) — types and runtime referenced
963
+ * by server (`server/http/action-execute.ts`, `server/define/define-action.ts`)
964
+ * and client (`@usetheo/react/useAction`, `vite-plugin/actions-virtual-module`).
965
+ *
966
+ * Lives in `core/contracts/` per architecture.md v3.1 exception — cross-module
967
+ * deep imports ALLOWED for this file. Core depends on NOTHING intra-monorepo;
968
+ * `extractUniversalIssues` is implemented INLINE (NOT imported from `@usetheo/sdk`)
969
+ * to honor dep-cruiser `core-depends-on-nothing` invariant (EC-1 absorbed).
970
+ *
971
+ * Field-key convention (D6 + EC-13): dot-notation full path. Nested objects use
972
+ * `'user.address.zip'`; array indices use `'items.0.name'` (NOT bracket
973
+ * `'items[0].name'`). Root-level errors (path = []) use empty string `''`
974
+ * (EC-7). Consumers needing bracket notation can write a small `dotToBracket`
975
+ * helper in userland.
976
+ */
977
+ /**
978
+ * HTTP-status mapping per IANA HTTP Status Code Registry (subset relevant to
979
+ * action surface). VALIDATION_ERROR → 422 is preferred over Astro's BAD_REQUEST/400
980
+ * (more semantic for input-shape mismatch). PAYLOAD_TOO_LARGE → 413 covers EC-3
981
+ * (response-side size limit; request-side reuses standard 413).
982
+ */
983
+ type ActionErrorCode = 'VALIDATION_ERROR' | 'BAD_REQUEST' | 'UNAUTHORIZED' | 'FORBIDDEN' | 'NOT_FOUND' | 'METHOD_NOT_ALLOWED' | 'CONFLICT' | 'CONTENT_TOO_LARGE' | 'PAYLOAD_TOO_LARGE' | 'UNSUPPORTED_MEDIA_TYPE' | 'TOO_MANY_REQUESTS' | 'INTERNAL_SERVER_ERROR';
984
+ /**
985
+ * Universal zod issue shape covering BOTH v3 (`z.ZodIssue`) and v4 (`$ZodIssue`).
986
+ * Duck-typed minimum surface: `{path, message}`. Implemented per EC-1 absorbed —
987
+ * consumers chain may ship either zod major; constructor accepts `unknown` and
988
+ * normalizes via `extractUniversalIssues`.
989
+ */
990
+ interface UniversalZodIssue {
991
+ readonly path: readonly (string | number)[];
992
+ readonly message: string;
993
+ readonly code?: string;
994
+ }
995
+ /**
996
+ * `ActionError` — general server-side action failure. Discriminator `type` is
997
+ * literal `'TheoActionError'`; used by `ActionError.fromJson` to distinguish
998
+ * from `ActionInputError`.
999
+ */
1000
+ declare class ActionError extends Error {
1001
+ readonly type: 'TheoActionError' | 'TheoActionInputError';
1002
+ readonly code: ActionErrorCode;
1003
+ readonly status: number;
1004
+ constructor(params: {
1005
+ code: ActionErrorCode;
1006
+ message?: string;
1007
+ stack?: string;
1008
+ });
1009
+ static codeToStatus(code: ActionErrorCode): number;
1010
+ static statusToCode(status: number): ActionErrorCode;
1011
+ /**
1012
+ * Parse a serialized error JSON back into the typed class hierarchy.
1013
+ * Distinguishes `TheoActionInputError` (with `issues` array) from
1014
+ * `TheoActionError` via the `type` discriminator. Falls back to
1015
+ * `INTERNAL_SERVER_ERROR` for malformed bodies (non-object, missing
1016
+ * `type`, unknown `code`).
1017
+ */
1018
+ static fromJson(body: unknown): ActionError;
1019
+ }
1020
+ /**
1021
+ * `ActionInputError` — validation failure with field-level mapping.
1022
+ *
1023
+ * `fields` is auto-derived from `issues`: for each issue, key = full
1024
+ * dot-notation path (`'user.address.zip'`; root-level `path:[]` → `''`;
1025
+ * array indices as numeric segments → `'items.0.name'`). Multiple messages
1026
+ * for the same key accumulate; duplicate (path, message) tuples are deduped.
1027
+ */
1028
+ declare class ActionInputError extends ActionError {
1029
+ readonly type: "TheoActionInputError";
1030
+ readonly issues: readonly UniversalZodIssue[];
1031
+ readonly fields: Record<string, string[]>;
1032
+ constructor(rawIssues: unknown);
1033
+ }
1034
+ /**
1035
+ * Normalize zod v3 (`z.ZodIssue`) and v4 (`$ZodIssue`) raw issues to
1036
+ * `UniversalZodIssue[]` (EC-1 absorbed). Duck-typed on `{path, message}` —
1037
+ * does NOT import zod types (`core/contracts/` depends on no intra-monorepo
1038
+ * + zod is consumer-controlled across the boundary).
1039
+ *
1040
+ * Silently skips entries missing required fields or shape mismatches; returns
1041
+ * empty array on non-array input.
1042
+ */
1043
+ declare function extractUniversalIssues(raw: unknown): UniversalZodIssue[];
1044
+ /**
1045
+ * Type guard for `ActionError` (and its subclass `ActionInputError`). True
1046
+ * iff the value is an instance of `ActionError`. Use `isInputError` to
1047
+ * narrow specifically to validation failures.
1048
+ */
1049
+ declare function isActionError(value: unknown): value is ActionError;
1050
+ /**
1051
+ * Type guard narrowing to `ActionInputError`. Requires `instanceof` check
1052
+ * (not duck-typing on `type`) to prevent attacker-controlled JSON from
1053
+ * being mistaken for a real error instance.
1054
+ */
1055
+ declare function isInputError(value: unknown): value is ActionInputError;
1056
+ /**
1057
+ * `ActionResult<TData, TError>` — discriminated union returned by client-side
1058
+ * action invocation. Either `{data, error: undefined}` (success) or
1059
+ * `{data: undefined, error}` (failure). Mirrors Astro `SafeResult` shape.
1060
+ */
1061
+ type ActionResult<TData = unknown, TError extends ActionError = ActionError> = {
1062
+ data: TData;
1063
+ error: undefined;
1064
+ } | {
1065
+ data: undefined;
1066
+ error: TError;
1067
+ };
1068
+ /**
1069
+ * `SerializedActionResult` — wire-shape emitted by `serializeActionResult`
1070
+ * in `server/http/serialize-action-result.ts` (T1.3). Discriminator `type`
1071
+ * distinguishes data (devalue-encoded), error (JSON), and empty (204) cases.
1072
+ */
1073
+ type SerializedActionResult = {
1074
+ type: 'data';
1075
+ status: number;
1076
+ contentType: 'application/json+devalue';
1077
+ body: string;
1078
+ } | {
1079
+ type: 'error';
1080
+ status: number;
1081
+ contentType: 'application/json';
1082
+ body: string;
1083
+ } | {
1084
+ type: 'empty';
1085
+ status: 204;
1086
+ };
1087
+ /**
1088
+ * `ActionManifestEntry` — per-action metadata emitted by `action-scan.ts`
1089
+ * (T1.4) into `.theo/actions-manifest.json`. Consumed by virtual module
1090
+ * `@theo/actions` (T3.1) and G4 devtools "Actions" tab (T5.1).
1091
+ */
1092
+ interface ActionManifestEntry {
1093
+ readonly name: string;
1094
+ readonly filePath: string;
1095
+ readonly urlPath: string;
1096
+ readonly accept: 'form' | 'json';
1097
+ readonly hasInput: boolean;
1098
+ }
1099
+
887
1100
  /**
888
1101
  * Item #4 — `streamAgentRun`
889
1102
  *
@@ -1128,6 +1341,7 @@ declare function createConversationHistory(args: ConversationHistoryArgs): Promi
1128
1341
  * Public API surface is unchanged — `logger.ts` re-exports `logRequest`
1129
1342
  * + `RequestLog` + `LoggerFn` for backward compat.
1130
1343
  */
1344
+
1131
1345
  interface RequestLog {
1132
1346
  level: string;
1133
1347
  method: string;
@@ -1138,7 +1352,7 @@ interface RequestLog {
1138
1352
  timestamp: string;
1139
1353
  }
1140
1354
  type LoggerFn = (log: RequestLog) => void;
1141
- declare function logRequest(info: Omit<RequestLog, 'level' | 'timestamp'>, customLogger?: LoggerFn): void;
1355
+ declare function logRequest(info: Omit<RequestLog, 'level' | 'timestamp'>, customLogger?: LoggerFn, req?: IncomingMessage): void;
1142
1356
 
1143
1357
  type LogLevel = 'debug' | 'info' | 'warn' | 'error' | 'silent';
1144
1358
  interface StructuredLog {
@@ -1413,48 +1627,6 @@ declare function normalizeLegacy(raw: Record<string, unknown>): CspViolation;
1413
1627
  declare function normalizeNew(entry: unknown): CspViolation | null;
1414
1628
  declare function handleCspReport(req: IncomingMessage, res: ServerResponse, opts: CspReportHandlerOptions): Promise<void>;
1415
1629
 
1416
- /**
1417
- * T2.2 — In-memory bounded counter for CSRF warn events.
1418
- *
1419
- * Aggregates `csrf.warn` payloads by `(method, path, reason)` triple.
1420
- * Used by the `/__theo/csrf-readiness` endpoint to expose a summary the
1421
- * developer (or devtools tab) can inspect, so users do NOT need to grep
1422
- * stdout to know which endpoints will break under 0.3.0 strict CSRF.
1423
- *
1424
- * Bounded at 1000 distinct keys (EC-22). Eviction is LRU-by-insertion —
1425
- * when the cap is hit, the oldest key is dropped and a re-record of an
1426
- * evicted key starts fresh (count: 1).
1427
- *
1428
- * Single-threaded by virtue of the JS event loop; Map operations are
1429
- * atomic. NOT shared across processes — each worker has its own store.
1430
- */
1431
- interface CsrfWarnRecord {
1432
- method: string;
1433
- path: string;
1434
- reason: string;
1435
- }
1436
- interface CsrfReadinessRouteSummary {
1437
- method: string;
1438
- path: string;
1439
- reason: string;
1440
- count: number;
1441
- firstSeen: string;
1442
- lastSeen: string;
1443
- }
1444
- interface CsrfReadinessSummary {
1445
- generatedAt: string;
1446
- totalEvents: number;
1447
- routes: CsrfReadinessRouteSummary[];
1448
- }
1449
- declare class CsrfReadinessStore {
1450
- static readonly MAX_ENTRIES = 1000;
1451
- private readonly entries;
1452
- private keyFor;
1453
- record(event: CsrfWarnRecord): void;
1454
- summary(): CsrfReadinessSummary;
1455
- reset(): void;
1456
- }
1457
-
1458
1630
  /**
1459
1631
  * T2.2 — `/__theo/csrf-readiness` endpoint.
1460
1632
  *
@@ -2154,4 +2326,4 @@ interface LoadEnvResult {
2154
2326
  declare function _resetEnvCache(): void;
2155
2327
  declare function loadEnv(options?: LoadEnvOptions): LoadEnvResult;
2156
2328
 
2157
- export { type ActionConfig, type ActionNode, type AgentEndpointConfig, type AgentEndpointHandlerArgs, AgentErrorEvent, AgentEvent, type AgentRunLike, type AgentRunResult, type AgentRunStreamMessage, type AuditEvent, type AuditLogger, BATCH_PATH, type BatchExecuteFn, BatchPathConflictError, type BatchPayload, type BatchRequestItem, type BatchResponse, type BatchResultItem, type BodyParserOptions, BodyTooLargeError, DEFAULT_MAX_AGE as CACHE_DEFAULT_MAX_AGE, DEFAULT_MAX_ENTRY_SIZE as CACHE_DEFAULT_MAX_ENTRY_SIZE, DEFAULT_SWR_MULTIPLIER as CACHE_DEFAULT_SWR_MULTIPLIER, CACHE_TAG_MAX_ITEMS, CACHE_TAG_MAX_LENGTH, CSP_REPORT_PATH, CSRF_READINESS_PATH, CSRF_READINESS_RESET_PATH, CSRF_WARN_CODE, CSRF_WARN_DOCS_URL, type CacheControlInput, type CacheEngine, type CacheEngineOptions, type CacheEntry, type CacheStatus, type CacheStorageAdapter, type CacheStore, type CacheStoreAdmin, type ValidationResult as CacheValidationResult, type CachedFunction, type CachedRouteConfig, type ChannelHandler, ChannelManager, type CompiledRouteRule, type ConversationHistoryArgs, type ConversationHistoryResult, type ConversationStorageLike, type CookieOptions, type CorsConfig, type CorsHandler, type CorsOrigin, type CspMode, type CspReportHandlerOptions, type CspViolation, type CsrfLogger, type CsrfMode, type CsrfReadinessRouteSummary, CsrfReadinessStore, type CsrfReadinessSummary, type CsrfWarnPayload, type CsrfWarnRecord, type CustomErrorPages, type CustomTool, DEFAULT_CSP, DEFAULT_EXCLUDED_QUERY_PARAMS, DEFAULT_MAX_BODY_BYTES, DEFAULT_PERMISSIONS_POLICY, type Db0Database, type DefineAgentToolSpec, type DefineCachedFunctionOptions, type DefineWebhookOptions, type DisallowedConfig, DuplicateDecorationError, DuplicatePluginError, type ExecuteActionOptions, type ExecuteRouteContext, FileTooLargeError, type GetOrComputeOptions, type HandleBatchOptions, type HookName, type HookResult, InMemoryCacheAdapter, type InMemoryCacheAdapterOptions, InvalidPluginShapeError, JobBackend, JsonStdoutSink, type KeyByMode, type KeyDerivationOptions, type LoadEnvOptions, type LoadEnvResult, type LoadModule, type LoadedManifest, type LogLevel, type LoggerFn, MAX_ERROR_HTML_BYTES, type ManifestAction, type ManifestRoute, type ManifestWebSocket, type MiddlewareHandler, type MiddlewareResult, type NormalizedCacheConfig, type OnErrorHook, type OnRequestHook, type OnResponseHook, type ParsedBody, type PluginContext, type PluginErrorContext, PluginRunner, type PreHandlerHook, RateLimitConfig, RateLimitResult, RateLimitStore, type RawBodyResult, type ReadRawBodyOptions, type RequestLog, type RevalidateResult, type RouteCacheOptions, type RouteConfig, type RouteRateLimitConfig, type RouteRule, type RouteRules, type RunHookOptions, STRIPPED_HEADERS, type SdkAgent, type SdkAgentOptions, type SdkRunLike, type SecurityEnv, type SecurityHeadersConfig, type SecurityHeadersOptions, type SendErrorInput, type SendErrorOptions, type SerializedResponse, type ServerRouteNode, type StructuredLog, THEO_T_PREFIX, TRACE_HEADER, TRACE_PARENT_HEADER, type TheoApp, type TheoLogger, type TheoManifest, type TheoPlugin, type TheoTransformer, type UnstorageInstance, type UploadedFile, type VerifyFn, type VerifyResult, type WebSocketHandler, type WebSocketLike, type WebSocketRouteNode, type WebhookContext, type WebhookDefinition, __resetSdkForTests, __setSdkForTests, _resetCacheEngine, _resetEnvCache, _resetMiddlewareCacheForTests, _resetWarnOnceForTests, applySecurityHeaders, buildSecurityHeaders, compilePattern, compileRouteRules, createCacheEngine, createConversationHistory, createCorsHandler, createLogger, createNoOpLogger, createPluginRunnerFromConfig, createProductionLoader, createRouteRateLimiter, createViteLoader, defineAction, defineAgentEndpoint, defineAgentTool, defineCachedFunction, defineCachedRoute, defineChannel, defineMiddleware, definePlugin, defineRoute, defineTheoPlugin, defineWebSocket, defineWebhook, deleteCookie, deriveKey as deriveCacheKey, deriveKey$1 as deriveKey, deserializeResponse, dispatchWebhook, enforceCsrf, errorToEvent, executeAction, executeRoute, extractTraceId, findSuggestion, generateManifest, getCacheControlHeader, getCacheEngine, getCookie, handleBatchRequest, handleCspReport, handleCsrfReadiness, initCacheEngine, jsonTransformer, levenshtein, loadCustomErrorPages, loadEnv, loadManifest, logRequest, matchDisallowed, matchRoute, matchRoutePattern, matchesOrigin, normalizeLegacy, normalizeNew, parseCookieHeader, parseRequestBody, parseTraceparent, readRawBody, resolveRouteRule, resolveTransformer, revalidatePath, revalidateTag, runMiddlewareAndContext, safeAudit, scanMiddlewares, scanServerActions, scanServerRoutes, scanWebSocketRoutes, sendError, sendJson, serializeResponse, serveStaticFile, setCookie, streamAgentRun, superjsonTransformer, timingSafeEqual, updateTag, useDatabase, useUnstorage, validateExpire as validateCacheExpire, validateMaxAge as validateCacheMaxAge, validateTags as validateCacheTags, validateCsrf, warnOnce, writeManifest };
2329
+ export { type ActionAccept, type ActionConfig, ActionError, type ActionErrorCode, ActionInputError, type ActionManifestEntry, type ActionNode, type ActionResult, ActionScanError, type AgentEndpointConfig, type AgentEndpointHandlerArgs, AgentErrorEvent, AgentEvent, type AgentRunLike, type AgentRunResult, type AgentRunStreamMessage, type AuditEvent, type AuditLogger, BATCH_PATH, type BatchExecuteFn, BatchPathConflictError, type BatchPayload, type BatchRequestItem, type BatchResponse, type BatchResultItem, type BodyParserOptions, BodyTooLargeError, DEFAULT_MAX_AGE as CACHE_DEFAULT_MAX_AGE, DEFAULT_MAX_ENTRY_SIZE as CACHE_DEFAULT_MAX_ENTRY_SIZE, DEFAULT_SWR_MULTIPLIER as CACHE_DEFAULT_SWR_MULTIPLIER, CACHE_TAG_MAX_ITEMS, CACHE_TAG_MAX_LENGTH, CSP_REPORT_PATH, CSRF_READINESS_PATH, CSRF_READINESS_RESET_PATH, CSRF_WARN_CODE, CSRF_WARN_DOCS_URL, type CacheControlInput, type CacheEngine, type CacheEngineOptions, type CacheEntry, type CacheStatus, type CacheStorageAdapter, type CacheStore, type CacheStoreAdmin, type ValidationResult as CacheValidationResult, type CachedFunction, type CachedRouteConfig, type ChannelHandler, ChannelManager, type CompiledRouteRule, type ConversationHistoryArgs, type ConversationHistoryResult, type ConversationStorageLike, type CookieOptions, type CorsConfig, type CorsHandler, type CorsOrigin, type CspMode, type CspReportHandlerOptions, type CspViolation, type CsrfLogger, type CsrfMode, CsrfReadinessStore, type CsrfWarnPayload, type CustomErrorPages, type CustomTool, DEFAULT_CSP, DEFAULT_EXCLUDED_QUERY_PARAMS, DEFAULT_MAX_BODY_BYTES, DEFAULT_PERMISSIONS_POLICY, type Db0Database, type DefineAgentToolSpec, type DefineCachedFunctionOptions, type DefineWebhookOptions, type DisallowedConfig, DuplicateDecorationError, DuplicatePluginError, type ExecuteActionOptions, type ExecuteRouteContext, FileTooLargeError, type GetOrComputeOptions, type HandleBatchOptions, type HookName, type HookResult, InMemoryCacheAdapter, type InMemoryCacheAdapterOptions, InvalidPluginShapeError, JobBackend, JsonStdoutSink, type KeyByMode, type KeyDerivationOptions, type LoadEnvOptions, type LoadEnvResult, type LoadModule, type LoadedManifest, type LogLevel, type LoggerFn, MAX_ERROR_HTML_BYTES, type ManifestAction, type ManifestRoute, type ManifestWebSocket, type MiddlewareHandler, type MiddlewareResult, type NormalizedCacheConfig, type OnErrorHook, type OnRequestHook, type OnResponseHook, type ParsedBody, type PluginContext, type PluginErrorContext, PluginRunner, type PreHandlerHook, RateLimitConfig, RateLimitResult, RateLimitStore, type RawBodyResult, type ReadRawBodyOptions, type RequestLog, type RevalidateResult, type RouteCacheOptions, type RouteConfig, type RouteRateLimitConfig, type RouteRule, type RouteRules, type RunHookOptions, STRIPPED_HEADERS, type SdkAgent, type SdkAgentOptions, type SdkRunLike, type SecurityEnv, type SecurityHeadersConfig, type SecurityHeadersOptions, type SendErrorInput, type SendErrorOptions, type SerializedActionResult, type SerializedResponse, type ServerRouteNode, type StructuredLog, THEO_T_PREFIX, TRACE_HEADER, TRACE_PARENT_HEADER, type TheoApp, type TheoLogger, type TheoManifest, type TheoPlugin, type TheoTransformer, type UniversalZodIssue, type UnstorageInstance, type UploadedFile, type VerifyFn, type VerifyResult, type WebSocketHandler, type WebSocketLike, type WebSocketRouteNode, type WebhookContext, type WebhookDefinition, __resetSdkForTests, __setSdkForTests, _resetCacheEngine, _resetEnvCache, _resetMiddlewareCacheForTests, _resetWarnOnceForTests, applySecurityHeaders, buildSecurityHeaders, compilePattern, compileRouteRules, createCacheEngine, createConversationHistory, createCorsHandler, createLogger, createNoOpLogger, createPluginRunnerFromConfig, createProductionLoader, createRouteRateLimiter, createViteLoader, defineAction, defineAgentEndpoint, defineAgentTool, defineCachedFunction, defineCachedRoute, defineChannel, defineMiddleware, definePlugin, defineRoute, defineTheoPlugin, defineWebSocket, defineWebhook, deleteCookie, deriveKey as deriveCacheKey, deriveKey$1 as deriveKey, deserializeResponse, dispatchWebhook, enforceCsrf, errorToEvent, executeAction, executeRoute, extractTraceId, extractUniversalIssues, findSuggestion, generateManifest, getCacheControlHeader, getCacheEngine, getCookie, handleBatchRequest, handleCspReport, handleCsrfReadiness, initCacheEngine, isActionError, isInputError, jsonTransformer, levenshtein, loadCustomErrorPages, loadEnv, loadManifest, logRequest, matchDisallowed, matchRoute, matchRoutePattern, matchesOrigin, normalizeLegacy, normalizeNew, parseCookieHeader, parseRequestBody, parseTraceparent, readRawBody, resolveRouteRule, resolveTransformer, revalidatePath, revalidateTag, runMiddlewareAndContext, safeAudit, scanMiddlewares, scanServerActions, scanServerActionsEnriched, scanServerRoutes, scanWebSocketRoutes, sendError, sendJson, serializeResponse, serveStaticFile, setCookie, streamAgentRun, superjsonTransformer, timingSafeEqual, updateTag, useDatabase, useUnstorage, validateExpire as validateCacheExpire, validateMaxAge as validateCacheMaxAge, validateTags as validateCacheTags, validateCsrf, warnOnce, writeManifest };
@@ -1,3 +1,8 @@
1
+ import {
2
+ generateManifest,
3
+ loadManifest,
4
+ writeManifest
5
+ } from "../chunk-ERAZNHHR.js";
1
6
  import {
2
7
  _resetKeyCacheForTests,
3
8
  assertProductionSecret,
@@ -28,7 +33,7 @@ import {
28
33
  InMemoryUsageStorage,
29
34
  trackAgentRun,
30
35
  trackAgentTools
31
- } from "../chunk-JBC7PFV4.js";
36
+ } from "../chunk-M23FP2AS.js";
32
37
  import {
33
38
  CRON_MANIFEST_SCHEMA_VERSION,
34
39
  DuplicateCronNameError,
@@ -62,6 +67,8 @@ import {
62
67
  generateNewTraceContext
63
68
  } from "../chunk-YLBSSEHX.js";
64
69
  import {
70
+ ActionError,
71
+ ActionInputError,
65
72
  BATCH_PATH,
66
73
  BatchPathConflictError,
67
74
  CSP_REPORT_PATH,
@@ -69,6 +76,7 @@ import {
69
76
  CSRF_READINESS_RESET_PATH,
70
77
  CSRF_WARN_CODE,
71
78
  CSRF_WARN_DOCS_URL,
79
+ CsrfReadinessStore,
72
80
  DEFAULT_CSP,
73
81
  DEFAULT_PERMISSIONS_POLICY,
74
82
  DuplicateDecorationError,
@@ -86,7 +94,6 @@ import {
86
94
  _resetWarnOnceForTests,
87
95
  applySecurityHeaders,
88
96
  buildSecurityHeaders,
89
- compilePattern,
90
97
  createCorsHandler,
91
98
  createLogger,
92
99
  createNoOpLogger,
@@ -98,16 +105,18 @@ import {
98
105
  executeAction,
99
106
  executeRoute,
100
107
  extractTraceId,
108
+ extractUniversalIssues,
101
109
  findSuggestion,
102
110
  handleBatchRequest,
103
111
  handleCspReport,
104
112
  handleCsrfReadiness,
113
+ isActionError,
114
+ isInputError,
105
115
  jsonTransformer,
106
116
  levenshtein,
107
117
  loadEnv,
108
118
  logRequest,
109
119
  matchDisallowed,
110
- matchRoute,
111
120
  matchesOrigin,
112
121
  normalizeLegacy,
113
122
  normalizeNew,
@@ -117,15 +126,23 @@ import {
117
126
  runMiddlewareAndContext,
118
127
  safeAudit,
119
128
  scanMiddlewares,
120
- scanServerActions,
121
- scanServerRoutes,
122
- scanWebSocketRoutes,
123
129
  sendError,
124
130
  sendJson,
125
131
  superjsonTransformer,
126
132
  validateCsrf,
127
133
  warnOnce
128
- } from "../chunk-OEB3OIYP.js";
134
+ } from "../chunk-OJHO2X7C.js";
135
+ import {
136
+ compilePattern,
137
+ matchRoute,
138
+ scanServerRoutes,
139
+ scanWebSocketRoutes
140
+ } from "../chunk-2BQYEBCK.js";
141
+ import {
142
+ ActionScanError,
143
+ scanServerActions,
144
+ scanServerActionsEnriched
145
+ } from "../chunk-7DHGV77J.js";
129
146
  import {
130
147
  AuthRequiredError,
131
148
  generateNonce,
@@ -138,6 +155,7 @@ import {
138
155
  createQueueClient
139
156
  } from "../chunk-GY5Q27BJ.js";
140
157
  import "../chunk-X2VVCJ4V.js";
158
+ import "../chunk-WSJKACWB.js";
141
159
  import {
142
160
  __require
143
161
  } from "../chunk-DGUM43GV.js";
@@ -399,62 +417,6 @@ function serveStaticFile(req, res, clientDir) {
399
417
  return true;
400
418
  }
401
419
 
402
- // src/server/scan/manifest.ts
403
- import { existsSync as existsSync3, readFileSync as readFileSync3, writeFileSync, mkdirSync } from "fs";
404
- import { join, resolve as resolve3, relative } from "path";
405
- function generateManifest(serverDir) {
406
- const routes = scanServerRoutes(serverDir);
407
- const actions = scanServerActions(serverDir);
408
- const websockets = scanWebSocketRoutes(serverDir);
409
- return {
410
- version: 1,
411
- generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
412
- routes: routes.map((r) => ({
413
- filePath: relative(serverDir, r.filePath),
414
- routePath: r.routePath,
415
- paramNames: r.paramNames
416
- })),
417
- actions: actions.map((a) => ({
418
- filePath: relative(serverDir, a.filePath),
419
- actionPath: a.actionPath
420
- })),
421
- websockets: websockets.map((w) => ({
422
- filePath: relative(serverDir, w.filePath),
423
- wsPath: w.wsPath
424
- }))
425
- };
426
- }
427
- function writeManifest(manifest, outputDir) {
428
- mkdirSync(outputDir, { recursive: true });
429
- const manifestPath = join(outputDir, "manifest.json");
430
- writeFileSync(manifestPath, JSON.stringify(manifest, null, 2));
431
- }
432
- function loadManifest(distDir, serverDir) {
433
- const manifestPath = join(distDir, "manifest.json");
434
- if (!existsSync3(manifestPath)) {
435
- throw new Error(`No manifest found at ${manifestPath}. Run "theo build" first.`);
436
- }
437
- const raw = JSON.parse(readFileSync3(manifestPath, "utf-8"));
438
- const routes = raw.routes.map((r) => {
439
- const { pattern, paramNames } = compilePattern(r.routePath);
440
- return {
441
- filePath: resolve3(serverDir, r.filePath),
442
- routePath: r.routePath,
443
- paramNames,
444
- pattern
445
- };
446
- });
447
- const actions = raw.actions.map((a) => ({
448
- filePath: resolve3(serverDir, a.filePath),
449
- actionPath: a.actionPath
450
- }));
451
- const websockets = raw.websockets.map((w) => ({
452
- filePath: resolve3(serverDir, w.filePath),
453
- wsPath: w.wsPath
454
- }));
455
- return { routes, actions, websockets };
456
- }
457
-
458
420
  // src/server/agent/stream-agent-run.ts
459
421
  function safeJsonStringify(value) {
460
422
  try {
@@ -711,9 +673,7 @@ function autoResolveProviderIfNeeded(options) {
711
673
  ...options,
712
674
  apiKey: resolved.apiKey,
713
675
  providers: {
714
- routes: [
715
- { capability: "chat", provider: resolved.name, baseUrl: resolved.baseUrl }
716
- ]
676
+ routes: [{ capability: "chat", provider: resolved.name, baseUrl: resolved.baseUrl }]
717
677
  }
718
678
  };
719
679
  }
@@ -871,54 +831,6 @@ var ChannelManager = class {
871
831
  }
872
832
  };
873
833
 
874
- // src/server/security/csrf-readiness-store.ts
875
- var CsrfReadinessStore = class _CsrfReadinessStore {
876
- static MAX_ENTRIES = 1e3;
877
- entries = /* @__PURE__ */ new Map();
878
- keyFor(event) {
879
- return `${event.method}\0${event.path}\0${event.reason}`;
880
- }
881
- record(event) {
882
- const key = this.keyFor(event);
883
- const now = (/* @__PURE__ */ new Date()).toISOString();
884
- const existing = this.entries.get(key);
885
- if (existing) {
886
- existing.count++;
887
- existing.lastSeen = now;
888
- return;
889
- }
890
- if (this.entries.size >= _CsrfReadinessStore.MAX_ENTRIES) {
891
- const firstKey = this.entries.keys().next().value;
892
- if (firstKey !== void 0) this.entries.delete(firstKey);
893
- }
894
- this.entries.set(key, { count: 1, firstSeen: now, lastSeen: now });
895
- }
896
- summary() {
897
- let total = 0;
898
- const routes = [];
899
- for (const [key, entry] of this.entries) {
900
- const [method, path, reason] = key.split("\0");
901
- routes.push({
902
- method,
903
- path,
904
- reason,
905
- count: entry.count,
906
- firstSeen: entry.firstSeen,
907
- lastSeen: entry.lastSeen
908
- });
909
- total += entry.count;
910
- }
911
- return {
912
- generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
913
- totalEvents: total,
914
- routes
915
- };
916
- }
917
- reset() {
918
- this.entries.clear();
919
- }
920
- };
921
-
922
834
  // src/server/storage/storage-manager.ts
923
835
  var StorageManager = class {
924
836
  #config;
@@ -1689,8 +1601,8 @@ function createCacheEngine(opts) {
1689
1601
  function claimAndRun(key, fn, options, skipWrite) {
1690
1602
  let resolveOuter;
1691
1603
  let rejectOuter;
1692
- const outerPromise = new Promise((resolve4, reject) => {
1693
- resolveOuter = resolve4;
1604
+ const outerPromise = new Promise((resolve3, reject) => {
1605
+ resolveOuter = resolve3;
1694
1606
  rejectOuter = reject;
1695
1607
  });
1696
1608
  void outerPromise.catch(() => {
@@ -2033,6 +1945,9 @@ function definePlugin(plugin) {
2033
1945
  return plugin;
2034
1946
  }
2035
1947
  export {
1948
+ ActionError,
1949
+ ActionInputError,
1950
+ ActionScanError,
2036
1951
  AuthRequiredError,
2037
1952
  BATCH_PATH,
2038
1953
  BatchPathConflictError,
@@ -2138,6 +2053,7 @@ export {
2138
2053
  executeAction,
2139
2054
  executeRoute,
2140
2055
  extractTraceId,
2056
+ extractUniversalIssues,
2141
2057
  findSuggestion,
2142
2058
  generateBackupCodes,
2143
2059
  generateManifest,
@@ -2154,6 +2070,8 @@ export {
2154
2070
  handleCspReport,
2155
2071
  handleCsrfReadiness,
2156
2072
  initCacheEngine,
2073
+ isActionError,
2074
+ isInputError,
2157
2075
  jsonTransformer,
2158
2076
  levenshtein,
2159
2077
  loadCustomErrorPages,
@@ -2184,6 +2102,7 @@ export {
2184
2102
  scanJobs,
2185
2103
  scanMiddlewares,
2186
2104
  scanServerActions,
2105
+ scanServerActionsEnriched,
2187
2106
  scanServerRoutes,
2188
2107
  scanWebSocketRoutes,
2189
2108
  sendError,