theokit 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/actions-virtual-module-E6PU47GV.js +175 -0
- package/dist/actions-virtual-module-E6PU47GV.js.map +1 -0
- package/dist/actions-virtual-module-E7IELVHL.js +174 -0
- package/dist/actions-virtual-module-E7IELVHL.js.map +1 -0
- package/dist/app-typed-client-4L4L4BWD.js +289 -0
- package/dist/app-typed-client-4L4L4BWD.js.map +1 -0
- package/dist/app-typed-client-6PAT6VOL.js +289 -0
- package/dist/app-typed-client-6PAT6VOL.js.map +1 -0
- package/dist/{build-IQQYCA3B.js → build-EWZDEDT3.js} +37 -11
- package/dist/build-EWZDEDT3.js.map +1 -0
- package/dist/build-request-body-preview-EOP2Y4F3.js +52 -0
- package/dist/build-request-body-preview-EOP2Y4F3.js.map +1 -0
- package/dist/build-request-body-preview-II2235E6.js +54 -0
- package/dist/build-request-body-preview-II2235E6.js.map +1 -0
- package/dist/{chunk-GQSTRXXB.js → chunk-2BQYEBCK.js} +77 -68
- package/dist/chunk-2BQYEBCK.js.map +1 -0
- package/dist/{chunk-FRBYJANT.js → chunk-4W447H7M.js} +195 -41
- package/dist/chunk-4W447H7M.js.map +1 -0
- package/dist/chunk-7DHGV77J.js +140 -0
- package/dist/chunk-7DHGV77J.js.map +1 -0
- package/dist/{chunk-WQCPKA2L.js → chunk-C27AZN46.js} +570 -165
- package/dist/chunk-C27AZN46.js.map +1 -0
- package/dist/chunk-ERAZNHHR.js +73 -0
- package/dist/chunk-ERAZNHHR.js.map +1 -0
- package/dist/chunk-F3TG5FJV.js +97 -0
- package/dist/chunk-F3TG5FJV.js.map +1 -0
- package/dist/{chunk-OK2PJOLK.js → chunk-KJVEJILQ.js} +7 -3
- package/dist/chunk-KJVEJILQ.js.map +1 -0
- package/dist/{chunk-JBC7PFV4.js → chunk-M23FP2AS.js} +2 -2
- package/dist/chunk-M23FP2AS.js.map +1 -0
- package/dist/{chunk-S3JBIFKS.js → chunk-MG7H3LAW.js} +2 -2
- package/dist/chunk-MOT42NAH.js +165 -0
- package/dist/chunk-MOT42NAH.js.map +1 -0
- package/dist/{chunk-OEB3OIYP.js → chunk-OJHO2X7C.js} +497 -168
- package/dist/chunk-OJHO2X7C.js.map +1 -0
- package/dist/chunk-QLGES2HC.js +189 -0
- package/dist/chunk-QLGES2HC.js.map +1 -0
- package/dist/{chunk-JZ5WEG3S.js → chunk-SEVYARIU.js} +9 -5
- package/dist/chunk-SEVYARIU.js.map +1 -0
- package/dist/{chunk-ZK5JCE5J.js → chunk-TFECHXR5.js} +201 -43
- package/dist/chunk-TFECHXR5.js.map +1 -0
- package/dist/chunk-WSJKACWB.js +17 -0
- package/dist/chunk-WSJKACWB.js.map +1 -0
- package/dist/{chunk-3Q36SEDK.js → chunk-ZBWROIIO.js} +43 -2
- package/dist/{chunk-3Q36SEDK.js.map → chunk-ZBWROIIO.js.map} +1 -1
- package/dist/chunk-ZOXNJV2O.js +358 -0
- package/dist/chunk-ZOXNJV2O.js.map +1 -0
- package/dist/cli/index.js +22 -7
- package/dist/cli/index.js.map +1 -1
- package/dist/client/index.d.ts +31 -1
- package/dist/client/index.js +100 -0
- package/dist/client/index.js.map +1 -1
- package/dist/{dev-VN6WS3CM.js → dev-74KPI5C5.js} +15 -7
- package/dist/dev-74KPI5C5.js.map +1 -0
- package/dist/dev-emit-3CHM73TV.js +390 -0
- package/dist/dev-emit-3CHM73TV.js.map +1 -0
- package/dist/dev-emit-I3CKOHML.js +44 -0
- package/dist/dev-emit-I3CKOHML.js.map +1 -0
- package/dist/devtools/entry.js +545 -181
- package/dist/devtools/entry.js.map +1 -1
- package/dist/{dispatcher-IK3FVMX5.js → dispatcher-AQJGI3HU.js} +2 -2
- package/dist/dispatcher-E6QV32BO.js +83 -0
- package/dist/dispatcher-E6QV32BO.js.map +1 -0
- package/dist/{dist-Q5VBFWVL.js → dist-R2Q7GVDW.js} +10357 -12068
- package/dist/dist-R2Q7GVDW.js.map +1 -0
- package/dist/{generate-SIO4JSKJ.js → generate-DT4IIAHF.js} +88 -22
- package/dist/generate-DT4IIAHF.js.map +1 -0
- package/dist/index.d.ts +108 -1
- package/dist/index.js +5 -2
- package/dist/index.js.map +1 -1
- package/dist/{info-B3UOXFUF.js → info-VM7EK4JC.js} +3 -3
- package/dist/openapi-CBASKC7W.js +84 -0
- package/dist/openapi-CBASKC7W.js.map +1 -0
- package/dist/{registry-BB3UYAOG.js → registry-QGSNLJKJ.js} +2 -2
- package/dist/{routes-CAGFZKUK.js → routes-7O4NUDYS.js} +9 -7
- package/dist/{routes-CAGFZKUK.js.map → routes-7O4NUDYS.js.map} +1 -1
- package/dist/{schema-Cxq2qqwh.d.ts → schema-CjVly9c_.d.ts} +43 -1
- package/dist/{schema-MVB2FVK6.js → schema-JAKF23GR.js} +2 -2
- package/dist/server/cost/index.js +1 -1
- package/dist/server/index.d.ts +219 -47
- package/dist/server/index.js +35 -116
- package/dist/server/index.js.map +1 -1
- package/dist/{start-ZGWW5MOL.js → start-5JTFWF4T.js} +20 -14
- package/dist/start-5JTFWF4T.js.map +1 -0
- package/dist/{static-BH6JQNM2.js → static-6PZZBY7G.js} +4 -4
- package/dist/{upgrade-readiness-OHL36FQL.js → upgrade-readiness-Q46KTG2J.js} +6 -1
- package/dist/upgrade-readiness-Q46KTG2J.js.map +1 -0
- package/dist/vite-plugin/index.d.ts +25 -1
- package/dist/vite-plugin/index.js +5 -2
- package/dist/{vite-plugin-WA3G45YY.js → vite-plugin-3EQP2JYM.js} +7 -6
- package/package.json +4 -2
- package/dist/build-IQQYCA3B.js.map +0 -1
- package/dist/chunk-FRBYJANT.js.map +0 -1
- package/dist/chunk-GQSTRXXB.js.map +0 -1
- package/dist/chunk-JBC7PFV4.js.map +0 -1
- package/dist/chunk-JZ5WEG3S.js.map +0 -1
- package/dist/chunk-OEB3OIYP.js.map +0 -1
- package/dist/chunk-OK2PJOLK.js.map +0 -1
- package/dist/chunk-WQCPKA2L.js.map +0 -1
- package/dist/chunk-ZK5JCE5J.js.map +0 -1
- package/dist/dev-VN6WS3CM.js.map +0 -1
- package/dist/dist-Q5VBFWVL.js.map +0 -1
- package/dist/generate-SIO4JSKJ.js.map +0 -1
- package/dist/start-ZGWW5MOL.js.map +0 -1
- package/dist/upgrade-readiness-OHL36FQL.js.map +0 -1
- /package/dist/{chunk-S3JBIFKS.js.map → chunk-MG7H3LAW.js.map} +0 -0
- /package/dist/{dispatcher-IK3FVMX5.js.map → dispatcher-AQJGI3HU.js.map} +0 -0
- /package/dist/{info-B3UOXFUF.js.map → info-VM7EK4JC.js.map} +0 -0
- /package/dist/{registry-BB3UYAOG.js.map → registry-QGSNLJKJ.js.map} +0 -0
- /package/dist/{schema-MVB2FVK6.js.map → schema-JAKF23GR.js.map} +0 -0
- /package/dist/{static-BH6JQNM2.js.map → static-6PZZBY7G.js.map} +0 -0
- /package/dist/{vite-plugin-WA3G45YY.js.map → vite-plugin-3EQP2JYM.js.map} +0 -0
package/dist/server/index.d.ts
CHANGED
|
@@ -8,8 +8,8 @@ import { ViteDevServer } from 'vite';
|
|
|
8
8
|
export { AuthRequiredError, BackupCode, BackupCodeOptions, OidcMetadata, PkceChallenge, SessionConfig, SessionManager, SessionMeta, ThrottleOptions, ThrottleState, TotpAlgorithm, TotpOptions, TotpUriOptions, VerifyTotpOptions, _resetKeyCacheForTests, assertProductionSecret, checkThrottle, clearOidcCache, createSessionManager, decrypt, discoverOidcProvider, encrypt, generateBackupCodes, generateNonce, generateOAuthState, generatePkceChallenge, generateTotp, generateTotpSecret, pkceChallengeFromVerifier, recordAttempt, requireAuth, rotateIfNeeded, totpUri, verifyBackupCode, verifyOAuthState, verifyTotp } from './auth/index.js';
|
|
9
9
|
export { InMemoryUsageStorage, ToolHookEvent, ToolUsageRecord, TrackAgentRunInput, TrackAgentRunOptions, TrackAgentToolsHooks, TrackAgentToolsOptions, UsageQuery, UsageRecord, UsageResult, UsageStorageAdapter, trackAgentRun, trackAgentTools } from './cost/index.js';
|
|
10
10
|
export { CRON_MANIFEST_SCHEMA_VERSION, CronConcurrencyPolicy, CronContext, CronDefinition, CronManifest, CronManifestEntry, CronNode, CronOptions, CronScheduler, DuplicateCronNameError, ExistingConfigUnparseableError, buildCronManifest, convertToAwsCron, createCronScheduler, defineCron, scanCrons, translateCronToAws, translateCronToCloudflare, translateCronToDeno, translateCronToVercel, validateCronSchedule, writeCronManifest } from './cron/index.js';
|
|
11
|
-
import { R as RateLimitConfig, a as RateLimitResult } from '../schema-
|
|
12
|
-
export { b as ServiceDefinition, S as ServicesConfig,
|
|
11
|
+
import { R as RateLimitConfig, a as RateLimitResult, C as CsrfReadinessStore } from '../schema-CjVly9c_.js';
|
|
12
|
+
export { b as CsrfReadinessRouteSummary, c as CsrfReadinessSummary, d as CsrfWarnRecord, e as ServiceDefinition, S as ServicesConfig, f as ServicesConfigInput, g as ServicesConfigOutput, h as createRateLimiter } from '../schema-CjVly9c_.js';
|
|
13
13
|
import { R as RateLimitStore } from '../rate-limit-store-BEJnhWdw.js';
|
|
14
14
|
export { I as InMemoryStore, a as RateLimitState } from '../rate-limit-store-BEJnhWdw.js';
|
|
15
15
|
export { G as GenericFactory, P as PoolLike, a as PostgresDatabaseConfig, R as RedisLike, b as RedisServerConfig, S as ServerConfig, c as StorageAdapter, d as StorageConfig, T as TlsConfig } from '../storage-types-DtIVejC1.js';
|
|
@@ -58,8 +58,28 @@ interface RouteConfig<TQuery extends z.ZodType = z.ZodUndefined, TBody extends z
|
|
|
58
58
|
*/
|
|
59
59
|
declare function defineRoute<TQuery extends z.ZodType = z.ZodUndefined, TBody extends z.ZodType = z.ZodUndefined, TParams extends z.ZodType = z.ZodUndefined, TCtx = unknown, TResponse = unknown>(config: RouteConfig<TQuery, TBody, TParams, TCtx, TResponse>): RouteConfig<TQuery, TBody, TParams, TCtx, TResponse>;
|
|
60
60
|
|
|
61
|
+
/**
|
|
62
|
+
* Action wire-protocol accept mode per plan g3-server-actions-and-useaction
|
|
63
|
+
* v1.2 ADR D1. Default behavior (when omitted) is `'json'`. `'form'` opts the
|
|
64
|
+
* action into FormData multipart parsing for progressive-enhancement forms;
|
|
65
|
+
* the runtime in `server/http/action-execute.ts` will coerce FormData entries
|
|
66
|
+
* against the `input` schema via `formDataToObject` (Astro pattern).
|
|
67
|
+
*/
|
|
68
|
+
type ActionAccept = 'form' | 'json';
|
|
61
69
|
interface ActionConfig<TInput extends z.ZodType, TCtx = unknown> {
|
|
70
|
+
/**
|
|
71
|
+
* Zod input schema. Required: every action declares its input contract via
|
|
72
|
+
* Zod (architecture rule: zod-is-SSOT). The shape becomes the handler's
|
|
73
|
+
* typed `input` parameter via `z.infer<TInput>`.
|
|
74
|
+
*/
|
|
62
75
|
input: TInput;
|
|
76
|
+
/**
|
|
77
|
+
* Wire-protocol accept mode. Defaults to `'json'` when omitted. Setting
|
|
78
|
+
* `'form'` switches the runtime to FormData multipart parsing — the input
|
|
79
|
+
* schema MUST be `z.object(...)` so field-by-field coercion can drive
|
|
80
|
+
* boolean string / number / array coercion (Astro pattern).
|
|
81
|
+
*/
|
|
82
|
+
accept?: ActionAccept;
|
|
63
83
|
handler: (ctx: {
|
|
64
84
|
input: z.infer<TInput>;
|
|
65
85
|
ctx: TCtx;
|
|
@@ -67,7 +87,15 @@ interface ActionConfig<TInput extends z.ZodType, TCtx = unknown> {
|
|
|
67
87
|
}
|
|
68
88
|
/**
|
|
69
89
|
* Define a typed server action.
|
|
70
|
-
*
|
|
90
|
+
*
|
|
91
|
+
* Identity function — provides type inference for action handlers. The
|
|
92
|
+
* runtime that consumes the config (validation + invocation + serialization)
|
|
93
|
+
* lives in `server/http/action-execute.ts`.
|
|
94
|
+
*
|
|
95
|
+
* Per plan g3-server-actions-and-useaction v1.2 § Phase 1 / T1.2: the new
|
|
96
|
+
* `accept?: 'form' | 'json'` field is the only contract change vs the
|
|
97
|
+
* pre-G3 identity. Existing callsites (`defineAction({input, handler})`)
|
|
98
|
+
* continue to compile — `accept` is opt-in.
|
|
71
99
|
*/
|
|
72
100
|
declare function defineAction<TInput extends z.ZodType, TCtx = unknown>(config: ActionConfig<TInput, TCtx>): ActionConfig<TInput, TCtx>;
|
|
73
101
|
|
|
@@ -328,6 +356,10 @@ interface ServerRouteNode {
|
|
|
328
356
|
routePath: string;
|
|
329
357
|
paramNames: string[];
|
|
330
358
|
pattern: RegExp;
|
|
359
|
+
/** HTTP methods (uppercase) the route file exports. Optional for backward
|
|
360
|
+
* compatibility with manifests generated before G1. Empty array means the
|
|
361
|
+
* file has no HTTP exports (util-only); undefined means "not detected". */
|
|
362
|
+
methods?: string[];
|
|
331
363
|
}
|
|
332
364
|
declare function compilePattern(routePath: string): {
|
|
333
365
|
pattern: RegExp;
|
|
@@ -838,7 +870,43 @@ interface ActionNode {
|
|
|
838
870
|
filePath: string;
|
|
839
871
|
actionPath: string;
|
|
840
872
|
}
|
|
873
|
+
/**
|
|
874
|
+
* Enriched manifest entry per plan g3-server-actions-and-useaction v1.2
|
|
875
|
+
* § Phase 1 / T1.4 + ADR D4. Consumed by virtual module `@theo/actions`
|
|
876
|
+
* (T3.1) and G4 devtools "Actions" tab (T5.1).
|
|
877
|
+
*/
|
|
878
|
+
interface ActionManifestEntry$1 {
|
|
879
|
+
name: string;
|
|
880
|
+
filePath: string;
|
|
881
|
+
urlPath: string;
|
|
882
|
+
accept: 'form' | 'json';
|
|
883
|
+
hasInput: boolean;
|
|
884
|
+
}
|
|
885
|
+
/**
|
|
886
|
+
* EC-2: structured error for scan-time defects (name collision, reserved
|
|
887
|
+
* identifier, etc.). Throw at scan time to fail loud — silent shadowing is
|
|
888
|
+
* a security/correctness footgun.
|
|
889
|
+
*/
|
|
890
|
+
declare class ActionScanError extends Error {
|
|
891
|
+
readonly code: 'NAME_COLLISION' | 'RESERVED_NAME';
|
|
892
|
+
readonly conflictingPaths: readonly string[];
|
|
893
|
+
constructor(code: 'NAME_COLLISION' | 'RESERVED_NAME', message: string, conflictingPaths: readonly string[]);
|
|
894
|
+
}
|
|
895
|
+
/**
|
|
896
|
+
* Backward-compatible: original simple-shape scanner used by existing
|
|
897
|
+
* consumers. Preserved verbatim; new consumers should call
|
|
898
|
+
* `scanServerActionsEnriched`.
|
|
899
|
+
*/
|
|
841
900
|
declare function scanServerActions(serverDir: string): ActionNode[];
|
|
901
|
+
/**
|
|
902
|
+
* Enriched scan: light AST detection of `accept: 'form'|'json'` + `input:`
|
|
903
|
+
* presence via regex-after-comment-stripping (EC-9). Throws ActionScanError
|
|
904
|
+
* on file/dir name collision (EC-2) or reserved JS identifier names.
|
|
905
|
+
*
|
|
906
|
+
* Output `ActionManifestEntry[]` is sorted by `name` for deterministic
|
|
907
|
+
* `.theo/actions-manifest.json` emission.
|
|
908
|
+
*/
|
|
909
|
+
declare function scanServerActionsEnriched(serverDir: string): ActionManifestEntry$1[];
|
|
842
910
|
|
|
843
911
|
interface WebSocketRouteNode {
|
|
844
912
|
filePath: string;
|
|
@@ -859,6 +927,9 @@ interface ManifestRoute {
|
|
|
859
927
|
filePath: string;
|
|
860
928
|
routePath: string;
|
|
861
929
|
paramNames: string[];
|
|
930
|
+
/** HTTP methods (uppercase) the route file exports. Optional — manifests
|
|
931
|
+
* generated before G1 omit this; loaders treat absence as "unknown". */
|
|
932
|
+
methods?: string[];
|
|
862
933
|
}
|
|
863
934
|
interface ManifestAction {
|
|
864
935
|
filePath: string;
|
|
@@ -884,6 +955,148 @@ declare function generateManifest(serverDir: string): TheoManifest;
|
|
|
884
955
|
declare function writeManifest(manifest: TheoManifest, outputDir: string): void;
|
|
885
956
|
declare function loadManifest(distDir: string, serverDir: string): LoadedManifest;
|
|
886
957
|
|
|
958
|
+
/**
|
|
959
|
+
* Action protocol — cross-boundary contract for `defineAction` + `useAction`.
|
|
960
|
+
*
|
|
961
|
+
* Per plan g3-server-actions-and-useaction v1.2 § Phase 0 / T0.1, ADRs D1 (encoding)
|
|
962
|
+
* + D6 (full dot-notation path) + D7 (PII mask) — types and runtime referenced
|
|
963
|
+
* by server (`server/http/action-execute.ts`, `server/define/define-action.ts`)
|
|
964
|
+
* and client (`@usetheo/react/useAction`, `vite-plugin/actions-virtual-module`).
|
|
965
|
+
*
|
|
966
|
+
* Lives in `core/contracts/` per architecture.md v3.1 exception — cross-module
|
|
967
|
+
* deep imports ALLOWED for this file. Core depends on NOTHING intra-monorepo;
|
|
968
|
+
* `extractUniversalIssues` is implemented INLINE (NOT imported from `@usetheo/sdk`)
|
|
969
|
+
* to honor dep-cruiser `core-depends-on-nothing` invariant (EC-1 absorbed).
|
|
970
|
+
*
|
|
971
|
+
* Field-key convention (D6 + EC-13): dot-notation full path. Nested objects use
|
|
972
|
+
* `'user.address.zip'`; array indices use `'items.0.name'` (NOT bracket
|
|
973
|
+
* `'items[0].name'`). Root-level errors (path = []) use empty string `''`
|
|
974
|
+
* (EC-7). Consumers needing bracket notation can write a small `dotToBracket`
|
|
975
|
+
* helper in userland.
|
|
976
|
+
*/
|
|
977
|
+
/**
|
|
978
|
+
* HTTP-status mapping per IANA HTTP Status Code Registry (subset relevant to
|
|
979
|
+
* action surface). VALIDATION_ERROR → 422 is preferred over Astro's BAD_REQUEST/400
|
|
980
|
+
* (more semantic for input-shape mismatch). PAYLOAD_TOO_LARGE → 413 covers EC-3
|
|
981
|
+
* (response-side size limit; request-side reuses standard 413).
|
|
982
|
+
*/
|
|
983
|
+
type ActionErrorCode = 'VALIDATION_ERROR' | 'BAD_REQUEST' | 'UNAUTHORIZED' | 'FORBIDDEN' | 'NOT_FOUND' | 'METHOD_NOT_ALLOWED' | 'CONFLICT' | 'CONTENT_TOO_LARGE' | 'PAYLOAD_TOO_LARGE' | 'UNSUPPORTED_MEDIA_TYPE' | 'TOO_MANY_REQUESTS' | 'INTERNAL_SERVER_ERROR';
|
|
984
|
+
/**
|
|
985
|
+
* Universal zod issue shape covering BOTH v3 (`z.ZodIssue`) and v4 (`$ZodIssue`).
|
|
986
|
+
* Duck-typed minimum surface: `{path, message}`. Implemented per EC-1 absorbed —
|
|
987
|
+
* consumers chain may ship either zod major; constructor accepts `unknown` and
|
|
988
|
+
* normalizes via `extractUniversalIssues`.
|
|
989
|
+
*/
|
|
990
|
+
interface UniversalZodIssue {
|
|
991
|
+
readonly path: readonly (string | number)[];
|
|
992
|
+
readonly message: string;
|
|
993
|
+
readonly code?: string;
|
|
994
|
+
}
|
|
995
|
+
/**
|
|
996
|
+
* `ActionError` — general server-side action failure. Discriminator `type` is
|
|
997
|
+
* literal `'TheoActionError'`; used by `ActionError.fromJson` to distinguish
|
|
998
|
+
* from `ActionInputError`.
|
|
999
|
+
*/
|
|
1000
|
+
declare class ActionError extends Error {
|
|
1001
|
+
readonly type: 'TheoActionError' | 'TheoActionInputError';
|
|
1002
|
+
readonly code: ActionErrorCode;
|
|
1003
|
+
readonly status: number;
|
|
1004
|
+
constructor(params: {
|
|
1005
|
+
code: ActionErrorCode;
|
|
1006
|
+
message?: string;
|
|
1007
|
+
stack?: string;
|
|
1008
|
+
});
|
|
1009
|
+
static codeToStatus(code: ActionErrorCode): number;
|
|
1010
|
+
static statusToCode(status: number): ActionErrorCode;
|
|
1011
|
+
/**
|
|
1012
|
+
* Parse a serialized error JSON back into the typed class hierarchy.
|
|
1013
|
+
* Distinguishes `TheoActionInputError` (with `issues` array) from
|
|
1014
|
+
* `TheoActionError` via the `type` discriminator. Falls back to
|
|
1015
|
+
* `INTERNAL_SERVER_ERROR` for malformed bodies (non-object, missing
|
|
1016
|
+
* `type`, unknown `code`).
|
|
1017
|
+
*/
|
|
1018
|
+
static fromJson(body: unknown): ActionError;
|
|
1019
|
+
}
|
|
1020
|
+
/**
|
|
1021
|
+
* `ActionInputError` — validation failure with field-level mapping.
|
|
1022
|
+
*
|
|
1023
|
+
* `fields` is auto-derived from `issues`: for each issue, key = full
|
|
1024
|
+
* dot-notation path (`'user.address.zip'`; root-level `path:[]` → `''`;
|
|
1025
|
+
* array indices as numeric segments → `'items.0.name'`). Multiple messages
|
|
1026
|
+
* for the same key accumulate; duplicate (path, message) tuples are deduped.
|
|
1027
|
+
*/
|
|
1028
|
+
declare class ActionInputError extends ActionError {
|
|
1029
|
+
readonly type: "TheoActionInputError";
|
|
1030
|
+
readonly issues: readonly UniversalZodIssue[];
|
|
1031
|
+
readonly fields: Record<string, string[]>;
|
|
1032
|
+
constructor(rawIssues: unknown);
|
|
1033
|
+
}
|
|
1034
|
+
/**
|
|
1035
|
+
* Normalize zod v3 (`z.ZodIssue`) and v4 (`$ZodIssue`) raw issues to
|
|
1036
|
+
* `UniversalZodIssue[]` (EC-1 absorbed). Duck-typed on `{path, message}` —
|
|
1037
|
+
* does NOT import zod types (`core/contracts/` depends on no intra-monorepo
|
|
1038
|
+
* + zod is consumer-controlled across the boundary).
|
|
1039
|
+
*
|
|
1040
|
+
* Silently skips entries missing required fields or shape mismatches; returns
|
|
1041
|
+
* empty array on non-array input.
|
|
1042
|
+
*/
|
|
1043
|
+
declare function extractUniversalIssues(raw: unknown): UniversalZodIssue[];
|
|
1044
|
+
/**
|
|
1045
|
+
* Type guard for `ActionError` (and its subclass `ActionInputError`). True
|
|
1046
|
+
* iff the value is an instance of `ActionError`. Use `isInputError` to
|
|
1047
|
+
* narrow specifically to validation failures.
|
|
1048
|
+
*/
|
|
1049
|
+
declare function isActionError(value: unknown): value is ActionError;
|
|
1050
|
+
/**
|
|
1051
|
+
* Type guard narrowing to `ActionInputError`. Requires `instanceof` check
|
|
1052
|
+
* (not duck-typing on `type`) to prevent attacker-controlled JSON from
|
|
1053
|
+
* being mistaken for a real error instance.
|
|
1054
|
+
*/
|
|
1055
|
+
declare function isInputError(value: unknown): value is ActionInputError;
|
|
1056
|
+
/**
|
|
1057
|
+
* `ActionResult<TData, TError>` — discriminated union returned by client-side
|
|
1058
|
+
* action invocation. Either `{data, error: undefined}` (success) or
|
|
1059
|
+
* `{data: undefined, error}` (failure). Mirrors Astro `SafeResult` shape.
|
|
1060
|
+
*/
|
|
1061
|
+
type ActionResult<TData = unknown, TError extends ActionError = ActionError> = {
|
|
1062
|
+
data: TData;
|
|
1063
|
+
error: undefined;
|
|
1064
|
+
} | {
|
|
1065
|
+
data: undefined;
|
|
1066
|
+
error: TError;
|
|
1067
|
+
};
|
|
1068
|
+
/**
|
|
1069
|
+
* `SerializedActionResult` — wire-shape emitted by `serializeActionResult`
|
|
1070
|
+
* in `server/http/serialize-action-result.ts` (T1.3). Discriminator `type`
|
|
1071
|
+
* distinguishes data (devalue-encoded), error (JSON), and empty (204) cases.
|
|
1072
|
+
*/
|
|
1073
|
+
type SerializedActionResult = {
|
|
1074
|
+
type: 'data';
|
|
1075
|
+
status: number;
|
|
1076
|
+
contentType: 'application/json+devalue';
|
|
1077
|
+
body: string;
|
|
1078
|
+
} | {
|
|
1079
|
+
type: 'error';
|
|
1080
|
+
status: number;
|
|
1081
|
+
contentType: 'application/json';
|
|
1082
|
+
body: string;
|
|
1083
|
+
} | {
|
|
1084
|
+
type: 'empty';
|
|
1085
|
+
status: 204;
|
|
1086
|
+
};
|
|
1087
|
+
/**
|
|
1088
|
+
* `ActionManifestEntry` — per-action metadata emitted by `action-scan.ts`
|
|
1089
|
+
* (T1.4) into `.theo/actions-manifest.json`. Consumed by virtual module
|
|
1090
|
+
* `@theo/actions` (T3.1) and G4 devtools "Actions" tab (T5.1).
|
|
1091
|
+
*/
|
|
1092
|
+
interface ActionManifestEntry {
|
|
1093
|
+
readonly name: string;
|
|
1094
|
+
readonly filePath: string;
|
|
1095
|
+
readonly urlPath: string;
|
|
1096
|
+
readonly accept: 'form' | 'json';
|
|
1097
|
+
readonly hasInput: boolean;
|
|
1098
|
+
}
|
|
1099
|
+
|
|
887
1100
|
/**
|
|
888
1101
|
* Item #4 — `streamAgentRun`
|
|
889
1102
|
*
|
|
@@ -1128,6 +1341,7 @@ declare function createConversationHistory(args: ConversationHistoryArgs): Promi
|
|
|
1128
1341
|
* Public API surface is unchanged — `logger.ts` re-exports `logRequest`
|
|
1129
1342
|
* + `RequestLog` + `LoggerFn` for backward compat.
|
|
1130
1343
|
*/
|
|
1344
|
+
|
|
1131
1345
|
interface RequestLog {
|
|
1132
1346
|
level: string;
|
|
1133
1347
|
method: string;
|
|
@@ -1138,7 +1352,7 @@ interface RequestLog {
|
|
|
1138
1352
|
timestamp: string;
|
|
1139
1353
|
}
|
|
1140
1354
|
type LoggerFn = (log: RequestLog) => void;
|
|
1141
|
-
declare function logRequest(info: Omit<RequestLog, 'level' | 'timestamp'>, customLogger?: LoggerFn): void;
|
|
1355
|
+
declare function logRequest(info: Omit<RequestLog, 'level' | 'timestamp'>, customLogger?: LoggerFn, req?: IncomingMessage): void;
|
|
1142
1356
|
|
|
1143
1357
|
type LogLevel = 'debug' | 'info' | 'warn' | 'error' | 'silent';
|
|
1144
1358
|
interface StructuredLog {
|
|
@@ -1413,48 +1627,6 @@ declare function normalizeLegacy(raw: Record<string, unknown>): CspViolation;
|
|
|
1413
1627
|
declare function normalizeNew(entry: unknown): CspViolation | null;
|
|
1414
1628
|
declare function handleCspReport(req: IncomingMessage, res: ServerResponse, opts: CspReportHandlerOptions): Promise<void>;
|
|
1415
1629
|
|
|
1416
|
-
/**
|
|
1417
|
-
* T2.2 — In-memory bounded counter for CSRF warn events.
|
|
1418
|
-
*
|
|
1419
|
-
* Aggregates `csrf.warn` payloads by `(method, path, reason)` triple.
|
|
1420
|
-
* Used by the `/__theo/csrf-readiness` endpoint to expose a summary the
|
|
1421
|
-
* developer (or devtools tab) can inspect, so users do NOT need to grep
|
|
1422
|
-
* stdout to know which endpoints will break under 0.3.0 strict CSRF.
|
|
1423
|
-
*
|
|
1424
|
-
* Bounded at 1000 distinct keys (EC-22). Eviction is LRU-by-insertion —
|
|
1425
|
-
* when the cap is hit, the oldest key is dropped and a re-record of an
|
|
1426
|
-
* evicted key starts fresh (count: 1).
|
|
1427
|
-
*
|
|
1428
|
-
* Single-threaded by virtue of the JS event loop; Map operations are
|
|
1429
|
-
* atomic. NOT shared across processes — each worker has its own store.
|
|
1430
|
-
*/
|
|
1431
|
-
interface CsrfWarnRecord {
|
|
1432
|
-
method: string;
|
|
1433
|
-
path: string;
|
|
1434
|
-
reason: string;
|
|
1435
|
-
}
|
|
1436
|
-
interface CsrfReadinessRouteSummary {
|
|
1437
|
-
method: string;
|
|
1438
|
-
path: string;
|
|
1439
|
-
reason: string;
|
|
1440
|
-
count: number;
|
|
1441
|
-
firstSeen: string;
|
|
1442
|
-
lastSeen: string;
|
|
1443
|
-
}
|
|
1444
|
-
interface CsrfReadinessSummary {
|
|
1445
|
-
generatedAt: string;
|
|
1446
|
-
totalEvents: number;
|
|
1447
|
-
routes: CsrfReadinessRouteSummary[];
|
|
1448
|
-
}
|
|
1449
|
-
declare class CsrfReadinessStore {
|
|
1450
|
-
static readonly MAX_ENTRIES = 1000;
|
|
1451
|
-
private readonly entries;
|
|
1452
|
-
private keyFor;
|
|
1453
|
-
record(event: CsrfWarnRecord): void;
|
|
1454
|
-
summary(): CsrfReadinessSummary;
|
|
1455
|
-
reset(): void;
|
|
1456
|
-
}
|
|
1457
|
-
|
|
1458
1630
|
/**
|
|
1459
1631
|
* T2.2 — `/__theo/csrf-readiness` endpoint.
|
|
1460
1632
|
*
|
|
@@ -2154,4 +2326,4 @@ interface LoadEnvResult {
|
|
|
2154
2326
|
declare function _resetEnvCache(): void;
|
|
2155
2327
|
declare function loadEnv(options?: LoadEnvOptions): LoadEnvResult;
|
|
2156
2328
|
|
|
2157
|
-
export { type ActionConfig, type ActionNode, type AgentEndpointConfig, type AgentEndpointHandlerArgs, AgentErrorEvent, AgentEvent, type AgentRunLike, type AgentRunResult, type AgentRunStreamMessage, type AuditEvent, type AuditLogger, BATCH_PATH, type BatchExecuteFn, BatchPathConflictError, type BatchPayload, type BatchRequestItem, type BatchResponse, type BatchResultItem, type BodyParserOptions, BodyTooLargeError, DEFAULT_MAX_AGE as CACHE_DEFAULT_MAX_AGE, DEFAULT_MAX_ENTRY_SIZE as CACHE_DEFAULT_MAX_ENTRY_SIZE, DEFAULT_SWR_MULTIPLIER as CACHE_DEFAULT_SWR_MULTIPLIER, CACHE_TAG_MAX_ITEMS, CACHE_TAG_MAX_LENGTH, CSP_REPORT_PATH, CSRF_READINESS_PATH, CSRF_READINESS_RESET_PATH, CSRF_WARN_CODE, CSRF_WARN_DOCS_URL, type CacheControlInput, type CacheEngine, type CacheEngineOptions, type CacheEntry, type CacheStatus, type CacheStorageAdapter, type CacheStore, type CacheStoreAdmin, type ValidationResult as CacheValidationResult, type CachedFunction, type CachedRouteConfig, type ChannelHandler, ChannelManager, type CompiledRouteRule, type ConversationHistoryArgs, type ConversationHistoryResult, type ConversationStorageLike, type CookieOptions, type CorsConfig, type CorsHandler, type CorsOrigin, type CspMode, type CspReportHandlerOptions, type CspViolation, type CsrfLogger, type CsrfMode,
|
|
2329
|
+
export { type ActionAccept, type ActionConfig, ActionError, type ActionErrorCode, ActionInputError, type ActionManifestEntry, type ActionNode, type ActionResult, ActionScanError, type AgentEndpointConfig, type AgentEndpointHandlerArgs, AgentErrorEvent, AgentEvent, type AgentRunLike, type AgentRunResult, type AgentRunStreamMessage, type AuditEvent, type AuditLogger, BATCH_PATH, type BatchExecuteFn, BatchPathConflictError, type BatchPayload, type BatchRequestItem, type BatchResponse, type BatchResultItem, type BodyParserOptions, BodyTooLargeError, DEFAULT_MAX_AGE as CACHE_DEFAULT_MAX_AGE, DEFAULT_MAX_ENTRY_SIZE as CACHE_DEFAULT_MAX_ENTRY_SIZE, DEFAULT_SWR_MULTIPLIER as CACHE_DEFAULT_SWR_MULTIPLIER, CACHE_TAG_MAX_ITEMS, CACHE_TAG_MAX_LENGTH, CSP_REPORT_PATH, CSRF_READINESS_PATH, CSRF_READINESS_RESET_PATH, CSRF_WARN_CODE, CSRF_WARN_DOCS_URL, type CacheControlInput, type CacheEngine, type CacheEngineOptions, type CacheEntry, type CacheStatus, type CacheStorageAdapter, type CacheStore, type CacheStoreAdmin, type ValidationResult as CacheValidationResult, type CachedFunction, type CachedRouteConfig, type ChannelHandler, ChannelManager, type CompiledRouteRule, type ConversationHistoryArgs, type ConversationHistoryResult, type ConversationStorageLike, type CookieOptions, type CorsConfig, type CorsHandler, type CorsOrigin, type CspMode, type CspReportHandlerOptions, type CspViolation, type CsrfLogger, type CsrfMode, CsrfReadinessStore, type CsrfWarnPayload, type CustomErrorPages, type CustomTool, DEFAULT_CSP, DEFAULT_EXCLUDED_QUERY_PARAMS, DEFAULT_MAX_BODY_BYTES, DEFAULT_PERMISSIONS_POLICY, type Db0Database, type DefineAgentToolSpec, type DefineCachedFunctionOptions, type DefineWebhookOptions, type DisallowedConfig, DuplicateDecorationError, DuplicatePluginError, type ExecuteActionOptions, type ExecuteRouteContext, FileTooLargeError, type GetOrComputeOptions, type HandleBatchOptions, type HookName, type HookResult, InMemoryCacheAdapter, type InMemoryCacheAdapterOptions, InvalidPluginShapeError, JobBackend, JsonStdoutSink, type KeyByMode, type KeyDerivationOptions, type LoadEnvOptions, type LoadEnvResult, type LoadModule, type LoadedManifest, type LogLevel, type LoggerFn, MAX_ERROR_HTML_BYTES, type ManifestAction, type ManifestRoute, type ManifestWebSocket, type MiddlewareHandler, type MiddlewareResult, type NormalizedCacheConfig, type OnErrorHook, type OnRequestHook, type OnResponseHook, type ParsedBody, type PluginContext, type PluginErrorContext, PluginRunner, type PreHandlerHook, RateLimitConfig, RateLimitResult, RateLimitStore, type RawBodyResult, type ReadRawBodyOptions, type RequestLog, type RevalidateResult, type RouteCacheOptions, type RouteConfig, type RouteRateLimitConfig, type RouteRule, type RouteRules, type RunHookOptions, STRIPPED_HEADERS, type SdkAgent, type SdkAgentOptions, type SdkRunLike, type SecurityEnv, type SecurityHeadersConfig, type SecurityHeadersOptions, type SendErrorInput, type SendErrorOptions, type SerializedActionResult, type SerializedResponse, type ServerRouteNode, type StructuredLog, THEO_T_PREFIX, TRACE_HEADER, TRACE_PARENT_HEADER, type TheoApp, type TheoLogger, type TheoManifest, type TheoPlugin, type TheoTransformer, type UniversalZodIssue, type UnstorageInstance, type UploadedFile, type VerifyFn, type VerifyResult, type WebSocketHandler, type WebSocketLike, type WebSocketRouteNode, type WebhookContext, type WebhookDefinition, __resetSdkForTests, __setSdkForTests, _resetCacheEngine, _resetEnvCache, _resetMiddlewareCacheForTests, _resetWarnOnceForTests, applySecurityHeaders, buildSecurityHeaders, compilePattern, compileRouteRules, createCacheEngine, createConversationHistory, createCorsHandler, createLogger, createNoOpLogger, createPluginRunnerFromConfig, createProductionLoader, createRouteRateLimiter, createViteLoader, defineAction, defineAgentEndpoint, defineAgentTool, defineCachedFunction, defineCachedRoute, defineChannel, defineMiddleware, definePlugin, defineRoute, defineTheoPlugin, defineWebSocket, defineWebhook, deleteCookie, deriveKey as deriveCacheKey, deriveKey$1 as deriveKey, deserializeResponse, dispatchWebhook, enforceCsrf, errorToEvent, executeAction, executeRoute, extractTraceId, extractUniversalIssues, findSuggestion, generateManifest, getCacheControlHeader, getCacheEngine, getCookie, handleBatchRequest, handleCspReport, handleCsrfReadiness, initCacheEngine, isActionError, isInputError, jsonTransformer, levenshtein, loadCustomErrorPages, loadEnv, loadManifest, logRequest, matchDisallowed, matchRoute, matchRoutePattern, matchesOrigin, normalizeLegacy, normalizeNew, parseCookieHeader, parseRequestBody, parseTraceparent, readRawBody, resolveRouteRule, resolveTransformer, revalidatePath, revalidateTag, runMiddlewareAndContext, safeAudit, scanMiddlewares, scanServerActions, scanServerActionsEnriched, scanServerRoutes, scanWebSocketRoutes, sendError, sendJson, serializeResponse, serveStaticFile, setCookie, streamAgentRun, superjsonTransformer, timingSafeEqual, updateTag, useDatabase, useUnstorage, validateExpire as validateCacheExpire, validateMaxAge as validateCacheMaxAge, validateTags as validateCacheTags, validateCsrf, warnOnce, writeManifest };
|
package/dist/server/index.js
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
import {
|
|
2
|
+
generateManifest,
|
|
3
|
+
loadManifest,
|
|
4
|
+
writeManifest
|
|
5
|
+
} from "../chunk-ERAZNHHR.js";
|
|
1
6
|
import {
|
|
2
7
|
_resetKeyCacheForTests,
|
|
3
8
|
assertProductionSecret,
|
|
@@ -28,7 +33,7 @@ import {
|
|
|
28
33
|
InMemoryUsageStorage,
|
|
29
34
|
trackAgentRun,
|
|
30
35
|
trackAgentTools
|
|
31
|
-
} from "../chunk-
|
|
36
|
+
} from "../chunk-M23FP2AS.js";
|
|
32
37
|
import {
|
|
33
38
|
CRON_MANIFEST_SCHEMA_VERSION,
|
|
34
39
|
DuplicateCronNameError,
|
|
@@ -62,6 +67,8 @@ import {
|
|
|
62
67
|
generateNewTraceContext
|
|
63
68
|
} from "../chunk-YLBSSEHX.js";
|
|
64
69
|
import {
|
|
70
|
+
ActionError,
|
|
71
|
+
ActionInputError,
|
|
65
72
|
BATCH_PATH,
|
|
66
73
|
BatchPathConflictError,
|
|
67
74
|
CSP_REPORT_PATH,
|
|
@@ -69,6 +76,7 @@ import {
|
|
|
69
76
|
CSRF_READINESS_RESET_PATH,
|
|
70
77
|
CSRF_WARN_CODE,
|
|
71
78
|
CSRF_WARN_DOCS_URL,
|
|
79
|
+
CsrfReadinessStore,
|
|
72
80
|
DEFAULT_CSP,
|
|
73
81
|
DEFAULT_PERMISSIONS_POLICY,
|
|
74
82
|
DuplicateDecorationError,
|
|
@@ -86,7 +94,6 @@ import {
|
|
|
86
94
|
_resetWarnOnceForTests,
|
|
87
95
|
applySecurityHeaders,
|
|
88
96
|
buildSecurityHeaders,
|
|
89
|
-
compilePattern,
|
|
90
97
|
createCorsHandler,
|
|
91
98
|
createLogger,
|
|
92
99
|
createNoOpLogger,
|
|
@@ -98,16 +105,18 @@ import {
|
|
|
98
105
|
executeAction,
|
|
99
106
|
executeRoute,
|
|
100
107
|
extractTraceId,
|
|
108
|
+
extractUniversalIssues,
|
|
101
109
|
findSuggestion,
|
|
102
110
|
handleBatchRequest,
|
|
103
111
|
handleCspReport,
|
|
104
112
|
handleCsrfReadiness,
|
|
113
|
+
isActionError,
|
|
114
|
+
isInputError,
|
|
105
115
|
jsonTransformer,
|
|
106
116
|
levenshtein,
|
|
107
117
|
loadEnv,
|
|
108
118
|
logRequest,
|
|
109
119
|
matchDisallowed,
|
|
110
|
-
matchRoute,
|
|
111
120
|
matchesOrigin,
|
|
112
121
|
normalizeLegacy,
|
|
113
122
|
normalizeNew,
|
|
@@ -117,15 +126,23 @@ import {
|
|
|
117
126
|
runMiddlewareAndContext,
|
|
118
127
|
safeAudit,
|
|
119
128
|
scanMiddlewares,
|
|
120
|
-
scanServerActions,
|
|
121
|
-
scanServerRoutes,
|
|
122
|
-
scanWebSocketRoutes,
|
|
123
129
|
sendError,
|
|
124
130
|
sendJson,
|
|
125
131
|
superjsonTransformer,
|
|
126
132
|
validateCsrf,
|
|
127
133
|
warnOnce
|
|
128
|
-
} from "../chunk-
|
|
134
|
+
} from "../chunk-OJHO2X7C.js";
|
|
135
|
+
import {
|
|
136
|
+
compilePattern,
|
|
137
|
+
matchRoute,
|
|
138
|
+
scanServerRoutes,
|
|
139
|
+
scanWebSocketRoutes
|
|
140
|
+
} from "../chunk-2BQYEBCK.js";
|
|
141
|
+
import {
|
|
142
|
+
ActionScanError,
|
|
143
|
+
scanServerActions,
|
|
144
|
+
scanServerActionsEnriched
|
|
145
|
+
} from "../chunk-7DHGV77J.js";
|
|
129
146
|
import {
|
|
130
147
|
AuthRequiredError,
|
|
131
148
|
generateNonce,
|
|
@@ -138,6 +155,7 @@ import {
|
|
|
138
155
|
createQueueClient
|
|
139
156
|
} from "../chunk-GY5Q27BJ.js";
|
|
140
157
|
import "../chunk-X2VVCJ4V.js";
|
|
158
|
+
import "../chunk-WSJKACWB.js";
|
|
141
159
|
import {
|
|
142
160
|
__require
|
|
143
161
|
} from "../chunk-DGUM43GV.js";
|
|
@@ -399,62 +417,6 @@ function serveStaticFile(req, res, clientDir) {
|
|
|
399
417
|
return true;
|
|
400
418
|
}
|
|
401
419
|
|
|
402
|
-
// src/server/scan/manifest.ts
|
|
403
|
-
import { existsSync as existsSync3, readFileSync as readFileSync3, writeFileSync, mkdirSync } from "fs";
|
|
404
|
-
import { join, resolve as resolve3, relative } from "path";
|
|
405
|
-
function generateManifest(serverDir) {
|
|
406
|
-
const routes = scanServerRoutes(serverDir);
|
|
407
|
-
const actions = scanServerActions(serverDir);
|
|
408
|
-
const websockets = scanWebSocketRoutes(serverDir);
|
|
409
|
-
return {
|
|
410
|
-
version: 1,
|
|
411
|
-
generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
412
|
-
routes: routes.map((r) => ({
|
|
413
|
-
filePath: relative(serverDir, r.filePath),
|
|
414
|
-
routePath: r.routePath,
|
|
415
|
-
paramNames: r.paramNames
|
|
416
|
-
})),
|
|
417
|
-
actions: actions.map((a) => ({
|
|
418
|
-
filePath: relative(serverDir, a.filePath),
|
|
419
|
-
actionPath: a.actionPath
|
|
420
|
-
})),
|
|
421
|
-
websockets: websockets.map((w) => ({
|
|
422
|
-
filePath: relative(serverDir, w.filePath),
|
|
423
|
-
wsPath: w.wsPath
|
|
424
|
-
}))
|
|
425
|
-
};
|
|
426
|
-
}
|
|
427
|
-
function writeManifest(manifest, outputDir) {
|
|
428
|
-
mkdirSync(outputDir, { recursive: true });
|
|
429
|
-
const manifestPath = join(outputDir, "manifest.json");
|
|
430
|
-
writeFileSync(manifestPath, JSON.stringify(manifest, null, 2));
|
|
431
|
-
}
|
|
432
|
-
function loadManifest(distDir, serverDir) {
|
|
433
|
-
const manifestPath = join(distDir, "manifest.json");
|
|
434
|
-
if (!existsSync3(manifestPath)) {
|
|
435
|
-
throw new Error(`No manifest found at ${manifestPath}. Run "theo build" first.`);
|
|
436
|
-
}
|
|
437
|
-
const raw = JSON.parse(readFileSync3(manifestPath, "utf-8"));
|
|
438
|
-
const routes = raw.routes.map((r) => {
|
|
439
|
-
const { pattern, paramNames } = compilePattern(r.routePath);
|
|
440
|
-
return {
|
|
441
|
-
filePath: resolve3(serverDir, r.filePath),
|
|
442
|
-
routePath: r.routePath,
|
|
443
|
-
paramNames,
|
|
444
|
-
pattern
|
|
445
|
-
};
|
|
446
|
-
});
|
|
447
|
-
const actions = raw.actions.map((a) => ({
|
|
448
|
-
filePath: resolve3(serverDir, a.filePath),
|
|
449
|
-
actionPath: a.actionPath
|
|
450
|
-
}));
|
|
451
|
-
const websockets = raw.websockets.map((w) => ({
|
|
452
|
-
filePath: resolve3(serverDir, w.filePath),
|
|
453
|
-
wsPath: w.wsPath
|
|
454
|
-
}));
|
|
455
|
-
return { routes, actions, websockets };
|
|
456
|
-
}
|
|
457
|
-
|
|
458
420
|
// src/server/agent/stream-agent-run.ts
|
|
459
421
|
function safeJsonStringify(value) {
|
|
460
422
|
try {
|
|
@@ -711,9 +673,7 @@ function autoResolveProviderIfNeeded(options) {
|
|
|
711
673
|
...options,
|
|
712
674
|
apiKey: resolved.apiKey,
|
|
713
675
|
providers: {
|
|
714
|
-
routes: [
|
|
715
|
-
{ capability: "chat", provider: resolved.name, baseUrl: resolved.baseUrl }
|
|
716
|
-
]
|
|
676
|
+
routes: [{ capability: "chat", provider: resolved.name, baseUrl: resolved.baseUrl }]
|
|
717
677
|
}
|
|
718
678
|
};
|
|
719
679
|
}
|
|
@@ -871,54 +831,6 @@ var ChannelManager = class {
|
|
|
871
831
|
}
|
|
872
832
|
};
|
|
873
833
|
|
|
874
|
-
// src/server/security/csrf-readiness-store.ts
|
|
875
|
-
var CsrfReadinessStore = class _CsrfReadinessStore {
|
|
876
|
-
static MAX_ENTRIES = 1e3;
|
|
877
|
-
entries = /* @__PURE__ */ new Map();
|
|
878
|
-
keyFor(event) {
|
|
879
|
-
return `${event.method}\0${event.path}\0${event.reason}`;
|
|
880
|
-
}
|
|
881
|
-
record(event) {
|
|
882
|
-
const key = this.keyFor(event);
|
|
883
|
-
const now = (/* @__PURE__ */ new Date()).toISOString();
|
|
884
|
-
const existing = this.entries.get(key);
|
|
885
|
-
if (existing) {
|
|
886
|
-
existing.count++;
|
|
887
|
-
existing.lastSeen = now;
|
|
888
|
-
return;
|
|
889
|
-
}
|
|
890
|
-
if (this.entries.size >= _CsrfReadinessStore.MAX_ENTRIES) {
|
|
891
|
-
const firstKey = this.entries.keys().next().value;
|
|
892
|
-
if (firstKey !== void 0) this.entries.delete(firstKey);
|
|
893
|
-
}
|
|
894
|
-
this.entries.set(key, { count: 1, firstSeen: now, lastSeen: now });
|
|
895
|
-
}
|
|
896
|
-
summary() {
|
|
897
|
-
let total = 0;
|
|
898
|
-
const routes = [];
|
|
899
|
-
for (const [key, entry] of this.entries) {
|
|
900
|
-
const [method, path, reason] = key.split("\0");
|
|
901
|
-
routes.push({
|
|
902
|
-
method,
|
|
903
|
-
path,
|
|
904
|
-
reason,
|
|
905
|
-
count: entry.count,
|
|
906
|
-
firstSeen: entry.firstSeen,
|
|
907
|
-
lastSeen: entry.lastSeen
|
|
908
|
-
});
|
|
909
|
-
total += entry.count;
|
|
910
|
-
}
|
|
911
|
-
return {
|
|
912
|
-
generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
913
|
-
totalEvents: total,
|
|
914
|
-
routes
|
|
915
|
-
};
|
|
916
|
-
}
|
|
917
|
-
reset() {
|
|
918
|
-
this.entries.clear();
|
|
919
|
-
}
|
|
920
|
-
};
|
|
921
|
-
|
|
922
834
|
// src/server/storage/storage-manager.ts
|
|
923
835
|
var StorageManager = class {
|
|
924
836
|
#config;
|
|
@@ -1689,8 +1601,8 @@ function createCacheEngine(opts) {
|
|
|
1689
1601
|
function claimAndRun(key, fn, options, skipWrite) {
|
|
1690
1602
|
let resolveOuter;
|
|
1691
1603
|
let rejectOuter;
|
|
1692
|
-
const outerPromise = new Promise((
|
|
1693
|
-
resolveOuter =
|
|
1604
|
+
const outerPromise = new Promise((resolve3, reject) => {
|
|
1605
|
+
resolveOuter = resolve3;
|
|
1694
1606
|
rejectOuter = reject;
|
|
1695
1607
|
});
|
|
1696
1608
|
void outerPromise.catch(() => {
|
|
@@ -2033,6 +1945,9 @@ function definePlugin(plugin) {
|
|
|
2033
1945
|
return plugin;
|
|
2034
1946
|
}
|
|
2035
1947
|
export {
|
|
1948
|
+
ActionError,
|
|
1949
|
+
ActionInputError,
|
|
1950
|
+
ActionScanError,
|
|
2036
1951
|
AuthRequiredError,
|
|
2037
1952
|
BATCH_PATH,
|
|
2038
1953
|
BatchPathConflictError,
|
|
@@ -2138,6 +2053,7 @@ export {
|
|
|
2138
2053
|
executeAction,
|
|
2139
2054
|
executeRoute,
|
|
2140
2055
|
extractTraceId,
|
|
2056
|
+
extractUniversalIssues,
|
|
2141
2057
|
findSuggestion,
|
|
2142
2058
|
generateBackupCodes,
|
|
2143
2059
|
generateManifest,
|
|
@@ -2154,6 +2070,8 @@ export {
|
|
|
2154
2070
|
handleCspReport,
|
|
2155
2071
|
handleCsrfReadiness,
|
|
2156
2072
|
initCacheEngine,
|
|
2073
|
+
isActionError,
|
|
2074
|
+
isInputError,
|
|
2157
2075
|
jsonTransformer,
|
|
2158
2076
|
levenshtein,
|
|
2159
2077
|
loadCustomErrorPages,
|
|
@@ -2184,6 +2102,7 @@ export {
|
|
|
2184
2102
|
scanJobs,
|
|
2185
2103
|
scanMiddlewares,
|
|
2186
2104
|
scanServerActions,
|
|
2105
|
+
scanServerActionsEnriched,
|
|
2187
2106
|
scanServerRoutes,
|
|
2188
2107
|
scanWebSocketRoutes,
|
|
2189
2108
|
sendError,
|