theokit 0.2.0 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/actions-virtual-module-E6PU47GV.js +175 -0
- package/dist/actions-virtual-module-E6PU47GV.js.map +1 -0
- package/dist/actions-virtual-module-E7IELVHL.js +174 -0
- package/dist/actions-virtual-module-E7IELVHL.js.map +1 -0
- package/dist/app-typed-client-RZMVWHJ3.js +289 -0
- package/dist/app-typed-client-RZMVWHJ3.js.map +1 -0
- package/dist/app-typed-client-YIBP6JWH.js +289 -0
- package/dist/app-typed-client-YIBP6JWH.js.map +1 -0
- package/dist/{aws-lambda-PONVF3UX.js → aws-lambda-XYCGZH3I.js} +2 -2
- package/dist/{build-IQQYCA3B.js → build-NCGIV4LL.js} +41 -14
- package/dist/build-NCGIV4LL.js.map +1 -0
- package/dist/build-request-body-preview-EOP2Y4F3.js +52 -0
- package/dist/build-request-body-preview-EOP2Y4F3.js.map +1 -0
- package/dist/build-request-body-preview-II2235E6.js +54 -0
- package/dist/build-request-body-preview-II2235E6.js.map +1 -0
- package/dist/{bun-DITMZMKL.js → bun-K73TQEWC.js} +2 -2
- package/dist/{chunk-GQSTRXXB.js → chunk-2BQYEBCK.js} +77 -68
- package/dist/chunk-2BQYEBCK.js.map +1 -0
- package/dist/chunk-7DHGV77J.js +140 -0
- package/dist/chunk-7DHGV77J.js.map +1 -0
- package/dist/{chunk-WQCPKA2L.js → chunk-C27AZN46.js} +570 -165
- package/dist/chunk-C27AZN46.js.map +1 -0
- package/dist/chunk-ERAZNHHR.js +73 -0
- package/dist/chunk-ERAZNHHR.js.map +1 -0
- package/dist/{chunk-ZK5JCE5J.js → chunk-EXJWO2HB.js} +201 -43
- package/dist/chunk-EXJWO2HB.js.map +1 -0
- package/dist/chunk-F3TG5FJV.js +97 -0
- package/dist/chunk-F3TG5FJV.js.map +1 -0
- package/dist/{chunk-OK2PJOLK.js → chunk-KJVEJILQ.js} +7 -3
- package/dist/chunk-KJVEJILQ.js.map +1 -0
- package/dist/{chunk-JBC7PFV4.js → chunk-M23FP2AS.js} +2 -2
- package/dist/chunk-M23FP2AS.js.map +1 -0
- package/dist/{chunk-FRBYJANT.js → chunk-M6MYZSD2.js} +195 -41
- package/dist/chunk-M6MYZSD2.js.map +1 -0
- package/dist/{chunk-S3JBIFKS.js → chunk-MG7H3LAW.js} +2 -2
- package/dist/chunk-MOT42NAH.js +165 -0
- package/dist/chunk-MOT42NAH.js.map +1 -0
- package/dist/{chunk-OEB3OIYP.js → chunk-OJHO2X7C.js} +497 -168
- package/dist/chunk-OJHO2X7C.js.map +1 -0
- package/dist/chunk-QLGES2HC.js +189 -0
- package/dist/chunk-QLGES2HC.js.map +1 -0
- package/dist/{chunk-JZ5WEG3S.js → chunk-SEVYARIU.js} +9 -5
- package/dist/chunk-SEVYARIU.js.map +1 -0
- package/dist/chunk-WSJKACWB.js +17 -0
- package/dist/chunk-WSJKACWB.js.map +1 -0
- package/dist/{chunk-3Q36SEDK.js → chunk-ZBWROIIO.js} +43 -2
- package/dist/{chunk-3Q36SEDK.js.map → chunk-ZBWROIIO.js.map} +1 -1
- package/dist/{chunk-Y5KE6YFP.js → chunk-ZJW5FFYJ.js} +3 -3
- package/dist/chunk-ZJW5FFYJ.js.map +1 -0
- package/dist/chunk-ZOXNJV2O.js +358 -0
- package/dist/chunk-ZOXNJV2O.js.map +1 -0
- package/dist/cli/index.js +22 -7
- package/dist/cli/index.js.map +1 -1
- package/dist/client/index.d.ts +31 -1
- package/dist/client/index.js +100 -0
- package/dist/client/index.js.map +1 -1
- package/dist/{cloudflare-RBANU3SE.js → cloudflare-LCAOTRYZ.js} +2 -2
- package/dist/{deno-deploy-J7LI6HNL.js → deno-deploy-ZN4RE5HF.js} +2 -2
- package/dist/{dev-VN6WS3CM.js → dev-WDXC74CK.js} +15 -7
- package/dist/dev-WDXC74CK.js.map +1 -0
- package/dist/dev-emit-3CHM73TV.js +390 -0
- package/dist/dev-emit-3CHM73TV.js.map +1 -0
- package/dist/dev-emit-I3CKOHML.js +44 -0
- package/dist/dev-emit-I3CKOHML.js.map +1 -0
- package/dist/devtools/entry.js +545 -181
- package/dist/devtools/entry.js.map +1 -1
- package/dist/{dispatcher-IK3FVMX5.js → dispatcher-AQJGI3HU.js} +2 -2
- package/dist/dispatcher-E6QV32BO.js +83 -0
- package/dist/dispatcher-E6QV32BO.js.map +1 -0
- package/dist/{dist-Q5VBFWVL.js → dist-R2Q7GVDW.js} +10357 -12068
- package/dist/dist-R2Q7GVDW.js.map +1 -0
- package/dist/{generate-SIO4JSKJ.js → generate-DT4IIAHF.js} +88 -22
- package/dist/generate-DT4IIAHF.js.map +1 -0
- package/dist/index.d.ts +108 -1
- package/dist/index.js +5 -2
- package/dist/index.js.map +1 -1
- package/dist/{info-B3UOXFUF.js → info-VM7EK4JC.js} +3 -3
- package/dist/{netlify-IFY6ZGFV.js → netlify-5VQ22Z2P.js} +2 -2
- package/dist/{node-KWZI3CKV.js → node-3APTLGWB.js} +2 -2
- package/dist/openapi-CBASKC7W.js +84 -0
- package/dist/openapi-CBASKC7W.js.map +1 -0
- package/dist/registry-5QFTLOL2.js +25 -0
- package/dist/{routes-CAGFZKUK.js → routes-7O4NUDYS.js} +9 -7
- package/dist/{routes-CAGFZKUK.js.map → routes-7O4NUDYS.js.map} +1 -1
- package/dist/{schema-Cxq2qqwh.d.ts → schema-CjVly9c_.d.ts} +43 -1
- package/dist/{schema-MVB2FVK6.js → schema-JAKF23GR.js} +2 -2
- package/dist/server/cost/index.js +1 -1
- package/dist/server/index.d.ts +219 -47
- package/dist/server/index.js +35 -116
- package/dist/server/index.js.map +1 -1
- package/dist/{start-ZGWW5MOL.js → start-5JTFWF4T.js} +20 -14
- package/dist/start-5JTFWF4T.js.map +1 -0
- package/dist/{static-BH6JQNM2.js → static-TZBVBDTB.js} +4 -4
- package/dist/{upgrade-readiness-OHL36FQL.js → upgrade-readiness-Q46KTG2J.js} +6 -1
- package/dist/upgrade-readiness-Q46KTG2J.js.map +1 -0
- package/dist/{vercel-RHADE5IP.js → vercel-MWW24ABC.js} +2 -2
- package/dist/vite-plugin/index.d.ts +25 -1
- package/dist/vite-plugin/index.js +5 -2
- package/dist/{vite-plugin-WA3G45YY.js → vite-plugin-4WZ3C2AC.js} +7 -6
- package/package.json +4 -2
- package/dist/build-IQQYCA3B.js.map +0 -1
- package/dist/chunk-FRBYJANT.js.map +0 -1
- package/dist/chunk-GQSTRXXB.js.map +0 -1
- package/dist/chunk-JBC7PFV4.js.map +0 -1
- package/dist/chunk-JZ5WEG3S.js.map +0 -1
- package/dist/chunk-OEB3OIYP.js.map +0 -1
- package/dist/chunk-OK2PJOLK.js.map +0 -1
- package/dist/chunk-WQCPKA2L.js.map +0 -1
- package/dist/chunk-Y5KE6YFP.js.map +0 -1
- package/dist/chunk-ZK5JCE5J.js.map +0 -1
- package/dist/dev-VN6WS3CM.js.map +0 -1
- package/dist/dist-Q5VBFWVL.js.map +0 -1
- package/dist/generate-SIO4JSKJ.js.map +0 -1
- package/dist/registry-BB3UYAOG.js +0 -25
- package/dist/start-ZGWW5MOL.js.map +0 -1
- package/dist/upgrade-readiness-OHL36FQL.js.map +0 -1
- /package/dist/{aws-lambda-PONVF3UX.js.map → aws-lambda-XYCGZH3I.js.map} +0 -0
- /package/dist/{bun-DITMZMKL.js.map → bun-K73TQEWC.js.map} +0 -0
- /package/dist/{chunk-S3JBIFKS.js.map → chunk-MG7H3LAW.js.map} +0 -0
- /package/dist/{cloudflare-RBANU3SE.js.map → cloudflare-LCAOTRYZ.js.map} +0 -0
- /package/dist/{deno-deploy-J7LI6HNL.js.map → deno-deploy-ZN4RE5HF.js.map} +0 -0
- /package/dist/{dispatcher-IK3FVMX5.js.map → dispatcher-AQJGI3HU.js.map} +0 -0
- /package/dist/{info-B3UOXFUF.js.map → info-VM7EK4JC.js.map} +0 -0
- /package/dist/{netlify-IFY6ZGFV.js.map → netlify-5VQ22Z2P.js.map} +0 -0
- /package/dist/{node-KWZI3CKV.js.map → node-3APTLGWB.js.map} +0 -0
- /package/dist/{registry-BB3UYAOG.js.map → registry-5QFTLOL2.js.map} +0 -0
- /package/dist/{schema-MVB2FVK6.js.map → schema-JAKF23GR.js.map} +0 -0
- /package/dist/{static-BH6JQNM2.js.map → static-TZBVBDTB.js.map} +0 -0
- /package/dist/{vercel-RHADE5IP.js.map → vercel-MWW24ABC.js.map} +0 -0
- /package/dist/{vite-plugin-WA3G45YY.js.map → vite-plugin-4WZ3C2AC.js.map} +0 -0
|
@@ -32,6 +32,48 @@ declare function createRateLimiter(config: RateLimitConfig, opts?: {
|
|
|
32
32
|
store?: RateLimitStore;
|
|
33
33
|
}): (req: IncomingMessage) => RateLimitResult;
|
|
34
34
|
|
|
35
|
+
/**
|
|
36
|
+
* T2.2 — In-memory bounded counter for CSRF warn events.
|
|
37
|
+
*
|
|
38
|
+
* Aggregates `csrf.warn` payloads by `(method, path, reason)` triple.
|
|
39
|
+
* Used by the `/__theo/csrf-readiness` endpoint to expose a summary the
|
|
40
|
+
* developer (or devtools tab) can inspect, so users do NOT need to grep
|
|
41
|
+
* stdout to know which endpoints will break under 0.3.0 strict CSRF.
|
|
42
|
+
*
|
|
43
|
+
* Bounded at 1000 distinct keys (EC-22). Eviction is LRU-by-insertion —
|
|
44
|
+
* when the cap is hit, the oldest key is dropped and a re-record of an
|
|
45
|
+
* evicted key starts fresh (count: 1).
|
|
46
|
+
*
|
|
47
|
+
* Single-threaded by virtue of the JS event loop; Map operations are
|
|
48
|
+
* atomic. NOT shared across processes — each worker has its own store.
|
|
49
|
+
*/
|
|
50
|
+
interface CsrfWarnRecord {
|
|
51
|
+
method: string;
|
|
52
|
+
path: string;
|
|
53
|
+
reason: string;
|
|
54
|
+
}
|
|
55
|
+
interface CsrfReadinessRouteSummary {
|
|
56
|
+
method: string;
|
|
57
|
+
path: string;
|
|
58
|
+
reason: string;
|
|
59
|
+
count: number;
|
|
60
|
+
firstSeen: string;
|
|
61
|
+
lastSeen: string;
|
|
62
|
+
}
|
|
63
|
+
interface CsrfReadinessSummary {
|
|
64
|
+
generatedAt: string;
|
|
65
|
+
totalEvents: number;
|
|
66
|
+
routes: CsrfReadinessRouteSummary[];
|
|
67
|
+
}
|
|
68
|
+
declare class CsrfReadinessStore {
|
|
69
|
+
static readonly MAX_ENTRIES = 1000;
|
|
70
|
+
private readonly entries;
|
|
71
|
+
private keyFor;
|
|
72
|
+
record(event: CsrfWarnRecord): void;
|
|
73
|
+
summary(): CsrfReadinessSummary;
|
|
74
|
+
reset(): void;
|
|
75
|
+
}
|
|
76
|
+
|
|
35
77
|
/**
|
|
36
78
|
* Wave 2 — Polyglot Services Orchestration (T1.1).
|
|
37
79
|
*
|
|
@@ -229,4 +271,4 @@ declare const servicesConfigSchema: z.ZodEffects<z.ZodEffects<z.ZodEffects<z.Zod
|
|
|
229
271
|
type ServicesConfigInput = z.input<typeof servicesConfigSchema>;
|
|
230
272
|
type ServicesConfigOutput = z.output<typeof servicesConfigSchema>;
|
|
231
273
|
|
|
232
|
-
export { type RateLimitConfig as R, type ServicesConfig as S, type RateLimitResult as a, type
|
|
274
|
+
export { CsrfReadinessStore as C, type RateLimitConfig as R, type ServicesConfig as S, type RateLimitResult as a, type CsrfReadinessRouteSummary as b, type CsrfReadinessSummary as c, type CsrfWarnRecord as d, type ServiceDefinition as e, type ServicesConfigInput as f, type ServicesConfigOutput as g, createRateLimiter as h };
|
|
@@ -11,7 +11,7 @@ import {
|
|
|
11
11
|
storageSchema,
|
|
12
12
|
theoConfigSchema,
|
|
13
13
|
uploadSchema
|
|
14
|
-
} from "./chunk-
|
|
14
|
+
} from "./chunk-ZBWROIIO.js";
|
|
15
15
|
import "./chunk-WZ7CPVQB.js";
|
|
16
16
|
import "./chunk-KT3MWNZG.js";
|
|
17
17
|
export {
|
|
@@ -26,4 +26,4 @@ export {
|
|
|
26
26
|
theoConfigSchema,
|
|
27
27
|
uploadSchema
|
|
28
28
|
};
|
|
29
|
-
//# sourceMappingURL=schema-
|
|
29
|
+
//# sourceMappingURL=schema-JAKF23GR.js.map
|
package/dist/server/index.d.ts
CHANGED
|
@@ -8,8 +8,8 @@ import { ViteDevServer } from 'vite';
|
|
|
8
8
|
export { AuthRequiredError, BackupCode, BackupCodeOptions, OidcMetadata, PkceChallenge, SessionConfig, SessionManager, SessionMeta, ThrottleOptions, ThrottleState, TotpAlgorithm, TotpOptions, TotpUriOptions, VerifyTotpOptions, _resetKeyCacheForTests, assertProductionSecret, checkThrottle, clearOidcCache, createSessionManager, decrypt, discoverOidcProvider, encrypt, generateBackupCodes, generateNonce, generateOAuthState, generatePkceChallenge, generateTotp, generateTotpSecret, pkceChallengeFromVerifier, recordAttempt, requireAuth, rotateIfNeeded, totpUri, verifyBackupCode, verifyOAuthState, verifyTotp } from './auth/index.js';
|
|
9
9
|
export { InMemoryUsageStorage, ToolHookEvent, ToolUsageRecord, TrackAgentRunInput, TrackAgentRunOptions, TrackAgentToolsHooks, TrackAgentToolsOptions, UsageQuery, UsageRecord, UsageResult, UsageStorageAdapter, trackAgentRun, trackAgentTools } from './cost/index.js';
|
|
10
10
|
export { CRON_MANIFEST_SCHEMA_VERSION, CronConcurrencyPolicy, CronContext, CronDefinition, CronManifest, CronManifestEntry, CronNode, CronOptions, CronScheduler, DuplicateCronNameError, ExistingConfigUnparseableError, buildCronManifest, convertToAwsCron, createCronScheduler, defineCron, scanCrons, translateCronToAws, translateCronToCloudflare, translateCronToDeno, translateCronToVercel, validateCronSchedule, writeCronManifest } from './cron/index.js';
|
|
11
|
-
import { R as RateLimitConfig, a as RateLimitResult } from '../schema-
|
|
12
|
-
export { b as ServiceDefinition, S as ServicesConfig,
|
|
11
|
+
import { R as RateLimitConfig, a as RateLimitResult, C as CsrfReadinessStore } from '../schema-CjVly9c_.js';
|
|
12
|
+
export { b as CsrfReadinessRouteSummary, c as CsrfReadinessSummary, d as CsrfWarnRecord, e as ServiceDefinition, S as ServicesConfig, f as ServicesConfigInput, g as ServicesConfigOutput, h as createRateLimiter } from '../schema-CjVly9c_.js';
|
|
13
13
|
import { R as RateLimitStore } from '../rate-limit-store-BEJnhWdw.js';
|
|
14
14
|
export { I as InMemoryStore, a as RateLimitState } from '../rate-limit-store-BEJnhWdw.js';
|
|
15
15
|
export { G as GenericFactory, P as PoolLike, a as PostgresDatabaseConfig, R as RedisLike, b as RedisServerConfig, S as ServerConfig, c as StorageAdapter, d as StorageConfig, T as TlsConfig } from '../storage-types-DtIVejC1.js';
|
|
@@ -58,8 +58,28 @@ interface RouteConfig<TQuery extends z.ZodType = z.ZodUndefined, TBody extends z
|
|
|
58
58
|
*/
|
|
59
59
|
declare function defineRoute<TQuery extends z.ZodType = z.ZodUndefined, TBody extends z.ZodType = z.ZodUndefined, TParams extends z.ZodType = z.ZodUndefined, TCtx = unknown, TResponse = unknown>(config: RouteConfig<TQuery, TBody, TParams, TCtx, TResponse>): RouteConfig<TQuery, TBody, TParams, TCtx, TResponse>;
|
|
60
60
|
|
|
61
|
+
/**
|
|
62
|
+
* Action wire-protocol accept mode per plan g3-server-actions-and-useaction
|
|
63
|
+
* v1.2 ADR D1. Default behavior (when omitted) is `'json'`. `'form'` opts the
|
|
64
|
+
* action into FormData multipart parsing for progressive-enhancement forms;
|
|
65
|
+
* the runtime in `server/http/action-execute.ts` will coerce FormData entries
|
|
66
|
+
* against the `input` schema via `formDataToObject` (Astro pattern).
|
|
67
|
+
*/
|
|
68
|
+
type ActionAccept = 'form' | 'json';
|
|
61
69
|
interface ActionConfig<TInput extends z.ZodType, TCtx = unknown> {
|
|
70
|
+
/**
|
|
71
|
+
* Zod input schema. Required: every action declares its input contract via
|
|
72
|
+
* Zod (architecture rule: zod-is-SSOT). The shape becomes the handler's
|
|
73
|
+
* typed `input` parameter via `z.infer<TInput>`.
|
|
74
|
+
*/
|
|
62
75
|
input: TInput;
|
|
76
|
+
/**
|
|
77
|
+
* Wire-protocol accept mode. Defaults to `'json'` when omitted. Setting
|
|
78
|
+
* `'form'` switches the runtime to FormData multipart parsing — the input
|
|
79
|
+
* schema MUST be `z.object(...)` so field-by-field coercion can drive
|
|
80
|
+
* boolean string / number / array coercion (Astro pattern).
|
|
81
|
+
*/
|
|
82
|
+
accept?: ActionAccept;
|
|
63
83
|
handler: (ctx: {
|
|
64
84
|
input: z.infer<TInput>;
|
|
65
85
|
ctx: TCtx;
|
|
@@ -67,7 +87,15 @@ interface ActionConfig<TInput extends z.ZodType, TCtx = unknown> {
|
|
|
67
87
|
}
|
|
68
88
|
/**
|
|
69
89
|
* Define a typed server action.
|
|
70
|
-
*
|
|
90
|
+
*
|
|
91
|
+
* Identity function — provides type inference for action handlers. The
|
|
92
|
+
* runtime that consumes the config (validation + invocation + serialization)
|
|
93
|
+
* lives in `server/http/action-execute.ts`.
|
|
94
|
+
*
|
|
95
|
+
* Per plan g3-server-actions-and-useaction v1.2 § Phase 1 / T1.2: the new
|
|
96
|
+
* `accept?: 'form' | 'json'` field is the only contract change vs the
|
|
97
|
+
* pre-G3 identity. Existing callsites (`defineAction({input, handler})`)
|
|
98
|
+
* continue to compile — `accept` is opt-in.
|
|
71
99
|
*/
|
|
72
100
|
declare function defineAction<TInput extends z.ZodType, TCtx = unknown>(config: ActionConfig<TInput, TCtx>): ActionConfig<TInput, TCtx>;
|
|
73
101
|
|
|
@@ -328,6 +356,10 @@ interface ServerRouteNode {
|
|
|
328
356
|
routePath: string;
|
|
329
357
|
paramNames: string[];
|
|
330
358
|
pattern: RegExp;
|
|
359
|
+
/** HTTP methods (uppercase) the route file exports. Optional for backward
|
|
360
|
+
* compatibility with manifests generated before G1. Empty array means the
|
|
361
|
+
* file has no HTTP exports (util-only); undefined means "not detected". */
|
|
362
|
+
methods?: string[];
|
|
331
363
|
}
|
|
332
364
|
declare function compilePattern(routePath: string): {
|
|
333
365
|
pattern: RegExp;
|
|
@@ -838,7 +870,43 @@ interface ActionNode {
|
|
|
838
870
|
filePath: string;
|
|
839
871
|
actionPath: string;
|
|
840
872
|
}
|
|
873
|
+
/**
|
|
874
|
+
* Enriched manifest entry per plan g3-server-actions-and-useaction v1.2
|
|
875
|
+
* § Phase 1 / T1.4 + ADR D4. Consumed by virtual module `@theo/actions`
|
|
876
|
+
* (T3.1) and G4 devtools "Actions" tab (T5.1).
|
|
877
|
+
*/
|
|
878
|
+
interface ActionManifestEntry$1 {
|
|
879
|
+
name: string;
|
|
880
|
+
filePath: string;
|
|
881
|
+
urlPath: string;
|
|
882
|
+
accept: 'form' | 'json';
|
|
883
|
+
hasInput: boolean;
|
|
884
|
+
}
|
|
885
|
+
/**
|
|
886
|
+
* EC-2: structured error for scan-time defects (name collision, reserved
|
|
887
|
+
* identifier, etc.). Throw at scan time to fail loud — silent shadowing is
|
|
888
|
+
* a security/correctness footgun.
|
|
889
|
+
*/
|
|
890
|
+
declare class ActionScanError extends Error {
|
|
891
|
+
readonly code: 'NAME_COLLISION' | 'RESERVED_NAME';
|
|
892
|
+
readonly conflictingPaths: readonly string[];
|
|
893
|
+
constructor(code: 'NAME_COLLISION' | 'RESERVED_NAME', message: string, conflictingPaths: readonly string[]);
|
|
894
|
+
}
|
|
895
|
+
/**
|
|
896
|
+
* Backward-compatible: original simple-shape scanner used by existing
|
|
897
|
+
* consumers. Preserved verbatim; new consumers should call
|
|
898
|
+
* `scanServerActionsEnriched`.
|
|
899
|
+
*/
|
|
841
900
|
declare function scanServerActions(serverDir: string): ActionNode[];
|
|
901
|
+
/**
|
|
902
|
+
* Enriched scan: light AST detection of `accept: 'form'|'json'` + `input:`
|
|
903
|
+
* presence via regex-after-comment-stripping (EC-9). Throws ActionScanError
|
|
904
|
+
* on file/dir name collision (EC-2) or reserved JS identifier names.
|
|
905
|
+
*
|
|
906
|
+
* Output `ActionManifestEntry[]` is sorted by `name` for deterministic
|
|
907
|
+
* `.theo/actions-manifest.json` emission.
|
|
908
|
+
*/
|
|
909
|
+
declare function scanServerActionsEnriched(serverDir: string): ActionManifestEntry$1[];
|
|
842
910
|
|
|
843
911
|
interface WebSocketRouteNode {
|
|
844
912
|
filePath: string;
|
|
@@ -859,6 +927,9 @@ interface ManifestRoute {
|
|
|
859
927
|
filePath: string;
|
|
860
928
|
routePath: string;
|
|
861
929
|
paramNames: string[];
|
|
930
|
+
/** HTTP methods (uppercase) the route file exports. Optional — manifests
|
|
931
|
+
* generated before G1 omit this; loaders treat absence as "unknown". */
|
|
932
|
+
methods?: string[];
|
|
862
933
|
}
|
|
863
934
|
interface ManifestAction {
|
|
864
935
|
filePath: string;
|
|
@@ -884,6 +955,148 @@ declare function generateManifest(serverDir: string): TheoManifest;
|
|
|
884
955
|
declare function writeManifest(manifest: TheoManifest, outputDir: string): void;
|
|
885
956
|
declare function loadManifest(distDir: string, serverDir: string): LoadedManifest;
|
|
886
957
|
|
|
958
|
+
/**
|
|
959
|
+
* Action protocol — cross-boundary contract for `defineAction` + `useAction`.
|
|
960
|
+
*
|
|
961
|
+
* Per plan g3-server-actions-and-useaction v1.2 § Phase 0 / T0.1, ADRs D1 (encoding)
|
|
962
|
+
* + D6 (full dot-notation path) + D7 (PII mask) — types and runtime referenced
|
|
963
|
+
* by server (`server/http/action-execute.ts`, `server/define/define-action.ts`)
|
|
964
|
+
* and client (`@usetheo/react/useAction`, `vite-plugin/actions-virtual-module`).
|
|
965
|
+
*
|
|
966
|
+
* Lives in `core/contracts/` per architecture.md v3.1 exception — cross-module
|
|
967
|
+
* deep imports ALLOWED for this file. Core depends on NOTHING intra-monorepo;
|
|
968
|
+
* `extractUniversalIssues` is implemented INLINE (NOT imported from `@usetheo/sdk`)
|
|
969
|
+
* to honor dep-cruiser `core-depends-on-nothing` invariant (EC-1 absorbed).
|
|
970
|
+
*
|
|
971
|
+
* Field-key convention (D6 + EC-13): dot-notation full path. Nested objects use
|
|
972
|
+
* `'user.address.zip'`; array indices use `'items.0.name'` (NOT bracket
|
|
973
|
+
* `'items[0].name'`). Root-level errors (path = []) use empty string `''`
|
|
974
|
+
* (EC-7). Consumers needing bracket notation can write a small `dotToBracket`
|
|
975
|
+
* helper in userland.
|
|
976
|
+
*/
|
|
977
|
+
/**
|
|
978
|
+
* HTTP-status mapping per IANA HTTP Status Code Registry (subset relevant to
|
|
979
|
+
* action surface). VALIDATION_ERROR → 422 is preferred over Astro's BAD_REQUEST/400
|
|
980
|
+
* (more semantic for input-shape mismatch). PAYLOAD_TOO_LARGE → 413 covers EC-3
|
|
981
|
+
* (response-side size limit; request-side reuses standard 413).
|
|
982
|
+
*/
|
|
983
|
+
type ActionErrorCode = 'VALIDATION_ERROR' | 'BAD_REQUEST' | 'UNAUTHORIZED' | 'FORBIDDEN' | 'NOT_FOUND' | 'METHOD_NOT_ALLOWED' | 'CONFLICT' | 'CONTENT_TOO_LARGE' | 'PAYLOAD_TOO_LARGE' | 'UNSUPPORTED_MEDIA_TYPE' | 'TOO_MANY_REQUESTS' | 'INTERNAL_SERVER_ERROR';
|
|
984
|
+
/**
|
|
985
|
+
* Universal zod issue shape covering BOTH v3 (`z.ZodIssue`) and v4 (`$ZodIssue`).
|
|
986
|
+
* Duck-typed minimum surface: `{path, message}`. Implemented per EC-1 absorbed —
|
|
987
|
+
* consumers chain may ship either zod major; constructor accepts `unknown` and
|
|
988
|
+
* normalizes via `extractUniversalIssues`.
|
|
989
|
+
*/
|
|
990
|
+
interface UniversalZodIssue {
|
|
991
|
+
readonly path: readonly (string | number)[];
|
|
992
|
+
readonly message: string;
|
|
993
|
+
readonly code?: string;
|
|
994
|
+
}
|
|
995
|
+
/**
|
|
996
|
+
* `ActionError` — general server-side action failure. Discriminator `type` is
|
|
997
|
+
* literal `'TheoActionError'`; used by `ActionError.fromJson` to distinguish
|
|
998
|
+
* from `ActionInputError`.
|
|
999
|
+
*/
|
|
1000
|
+
declare class ActionError extends Error {
|
|
1001
|
+
readonly type: 'TheoActionError' | 'TheoActionInputError';
|
|
1002
|
+
readonly code: ActionErrorCode;
|
|
1003
|
+
readonly status: number;
|
|
1004
|
+
constructor(params: {
|
|
1005
|
+
code: ActionErrorCode;
|
|
1006
|
+
message?: string;
|
|
1007
|
+
stack?: string;
|
|
1008
|
+
});
|
|
1009
|
+
static codeToStatus(code: ActionErrorCode): number;
|
|
1010
|
+
static statusToCode(status: number): ActionErrorCode;
|
|
1011
|
+
/**
|
|
1012
|
+
* Parse a serialized error JSON back into the typed class hierarchy.
|
|
1013
|
+
* Distinguishes `TheoActionInputError` (with `issues` array) from
|
|
1014
|
+
* `TheoActionError` via the `type` discriminator. Falls back to
|
|
1015
|
+
* `INTERNAL_SERVER_ERROR` for malformed bodies (non-object, missing
|
|
1016
|
+
* `type`, unknown `code`).
|
|
1017
|
+
*/
|
|
1018
|
+
static fromJson(body: unknown): ActionError;
|
|
1019
|
+
}
|
|
1020
|
+
/**
|
|
1021
|
+
* `ActionInputError` — validation failure with field-level mapping.
|
|
1022
|
+
*
|
|
1023
|
+
* `fields` is auto-derived from `issues`: for each issue, key = full
|
|
1024
|
+
* dot-notation path (`'user.address.zip'`; root-level `path:[]` → `''`;
|
|
1025
|
+
* array indices as numeric segments → `'items.0.name'`). Multiple messages
|
|
1026
|
+
* for the same key accumulate; duplicate (path, message) tuples are deduped.
|
|
1027
|
+
*/
|
|
1028
|
+
declare class ActionInputError extends ActionError {
|
|
1029
|
+
readonly type: "TheoActionInputError";
|
|
1030
|
+
readonly issues: readonly UniversalZodIssue[];
|
|
1031
|
+
readonly fields: Record<string, string[]>;
|
|
1032
|
+
constructor(rawIssues: unknown);
|
|
1033
|
+
}
|
|
1034
|
+
/**
|
|
1035
|
+
* Normalize zod v3 (`z.ZodIssue`) and v4 (`$ZodIssue`) raw issues to
|
|
1036
|
+
* `UniversalZodIssue[]` (EC-1 absorbed). Duck-typed on `{path, message}` —
|
|
1037
|
+
* does NOT import zod types (`core/contracts/` depends on no intra-monorepo
|
|
1038
|
+
* + zod is consumer-controlled across the boundary).
|
|
1039
|
+
*
|
|
1040
|
+
* Silently skips entries missing required fields or shape mismatches; returns
|
|
1041
|
+
* empty array on non-array input.
|
|
1042
|
+
*/
|
|
1043
|
+
declare function extractUniversalIssues(raw: unknown): UniversalZodIssue[];
|
|
1044
|
+
/**
|
|
1045
|
+
* Type guard for `ActionError` (and its subclass `ActionInputError`). True
|
|
1046
|
+
* iff the value is an instance of `ActionError`. Use `isInputError` to
|
|
1047
|
+
* narrow specifically to validation failures.
|
|
1048
|
+
*/
|
|
1049
|
+
declare function isActionError(value: unknown): value is ActionError;
|
|
1050
|
+
/**
|
|
1051
|
+
* Type guard narrowing to `ActionInputError`. Requires `instanceof` check
|
|
1052
|
+
* (not duck-typing on `type`) to prevent attacker-controlled JSON from
|
|
1053
|
+
* being mistaken for a real error instance.
|
|
1054
|
+
*/
|
|
1055
|
+
declare function isInputError(value: unknown): value is ActionInputError;
|
|
1056
|
+
/**
|
|
1057
|
+
* `ActionResult<TData, TError>` — discriminated union returned by client-side
|
|
1058
|
+
* action invocation. Either `{data, error: undefined}` (success) or
|
|
1059
|
+
* `{data: undefined, error}` (failure). Mirrors Astro `SafeResult` shape.
|
|
1060
|
+
*/
|
|
1061
|
+
type ActionResult<TData = unknown, TError extends ActionError = ActionError> = {
|
|
1062
|
+
data: TData;
|
|
1063
|
+
error: undefined;
|
|
1064
|
+
} | {
|
|
1065
|
+
data: undefined;
|
|
1066
|
+
error: TError;
|
|
1067
|
+
};
|
|
1068
|
+
/**
|
|
1069
|
+
* `SerializedActionResult` — wire-shape emitted by `serializeActionResult`
|
|
1070
|
+
* in `server/http/serialize-action-result.ts` (T1.3). Discriminator `type`
|
|
1071
|
+
* distinguishes data (devalue-encoded), error (JSON), and empty (204) cases.
|
|
1072
|
+
*/
|
|
1073
|
+
type SerializedActionResult = {
|
|
1074
|
+
type: 'data';
|
|
1075
|
+
status: number;
|
|
1076
|
+
contentType: 'application/json+devalue';
|
|
1077
|
+
body: string;
|
|
1078
|
+
} | {
|
|
1079
|
+
type: 'error';
|
|
1080
|
+
status: number;
|
|
1081
|
+
contentType: 'application/json';
|
|
1082
|
+
body: string;
|
|
1083
|
+
} | {
|
|
1084
|
+
type: 'empty';
|
|
1085
|
+
status: 204;
|
|
1086
|
+
};
|
|
1087
|
+
/**
|
|
1088
|
+
* `ActionManifestEntry` — per-action metadata emitted by `action-scan.ts`
|
|
1089
|
+
* (T1.4) into `.theo/actions-manifest.json`. Consumed by virtual module
|
|
1090
|
+
* `@theo/actions` (T3.1) and G4 devtools "Actions" tab (T5.1).
|
|
1091
|
+
*/
|
|
1092
|
+
interface ActionManifestEntry {
|
|
1093
|
+
readonly name: string;
|
|
1094
|
+
readonly filePath: string;
|
|
1095
|
+
readonly urlPath: string;
|
|
1096
|
+
readonly accept: 'form' | 'json';
|
|
1097
|
+
readonly hasInput: boolean;
|
|
1098
|
+
}
|
|
1099
|
+
|
|
887
1100
|
/**
|
|
888
1101
|
* Item #4 — `streamAgentRun`
|
|
889
1102
|
*
|
|
@@ -1128,6 +1341,7 @@ declare function createConversationHistory(args: ConversationHistoryArgs): Promi
|
|
|
1128
1341
|
* Public API surface is unchanged — `logger.ts` re-exports `logRequest`
|
|
1129
1342
|
* + `RequestLog` + `LoggerFn` for backward compat.
|
|
1130
1343
|
*/
|
|
1344
|
+
|
|
1131
1345
|
interface RequestLog {
|
|
1132
1346
|
level: string;
|
|
1133
1347
|
method: string;
|
|
@@ -1138,7 +1352,7 @@ interface RequestLog {
|
|
|
1138
1352
|
timestamp: string;
|
|
1139
1353
|
}
|
|
1140
1354
|
type LoggerFn = (log: RequestLog) => void;
|
|
1141
|
-
declare function logRequest(info: Omit<RequestLog, 'level' | 'timestamp'>, customLogger?: LoggerFn): void;
|
|
1355
|
+
declare function logRequest(info: Omit<RequestLog, 'level' | 'timestamp'>, customLogger?: LoggerFn, req?: IncomingMessage): void;
|
|
1142
1356
|
|
|
1143
1357
|
type LogLevel = 'debug' | 'info' | 'warn' | 'error' | 'silent';
|
|
1144
1358
|
interface StructuredLog {
|
|
@@ -1413,48 +1627,6 @@ declare function normalizeLegacy(raw: Record<string, unknown>): CspViolation;
|
|
|
1413
1627
|
declare function normalizeNew(entry: unknown): CspViolation | null;
|
|
1414
1628
|
declare function handleCspReport(req: IncomingMessage, res: ServerResponse, opts: CspReportHandlerOptions): Promise<void>;
|
|
1415
1629
|
|
|
1416
|
-
/**
|
|
1417
|
-
* T2.2 — In-memory bounded counter for CSRF warn events.
|
|
1418
|
-
*
|
|
1419
|
-
* Aggregates `csrf.warn` payloads by `(method, path, reason)` triple.
|
|
1420
|
-
* Used by the `/__theo/csrf-readiness` endpoint to expose a summary the
|
|
1421
|
-
* developer (or devtools tab) can inspect, so users do NOT need to grep
|
|
1422
|
-
* stdout to know which endpoints will break under 0.3.0 strict CSRF.
|
|
1423
|
-
*
|
|
1424
|
-
* Bounded at 1000 distinct keys (EC-22). Eviction is LRU-by-insertion —
|
|
1425
|
-
* when the cap is hit, the oldest key is dropped and a re-record of an
|
|
1426
|
-
* evicted key starts fresh (count: 1).
|
|
1427
|
-
*
|
|
1428
|
-
* Single-threaded by virtue of the JS event loop; Map operations are
|
|
1429
|
-
* atomic. NOT shared across processes — each worker has its own store.
|
|
1430
|
-
*/
|
|
1431
|
-
interface CsrfWarnRecord {
|
|
1432
|
-
method: string;
|
|
1433
|
-
path: string;
|
|
1434
|
-
reason: string;
|
|
1435
|
-
}
|
|
1436
|
-
interface CsrfReadinessRouteSummary {
|
|
1437
|
-
method: string;
|
|
1438
|
-
path: string;
|
|
1439
|
-
reason: string;
|
|
1440
|
-
count: number;
|
|
1441
|
-
firstSeen: string;
|
|
1442
|
-
lastSeen: string;
|
|
1443
|
-
}
|
|
1444
|
-
interface CsrfReadinessSummary {
|
|
1445
|
-
generatedAt: string;
|
|
1446
|
-
totalEvents: number;
|
|
1447
|
-
routes: CsrfReadinessRouteSummary[];
|
|
1448
|
-
}
|
|
1449
|
-
declare class CsrfReadinessStore {
|
|
1450
|
-
static readonly MAX_ENTRIES = 1000;
|
|
1451
|
-
private readonly entries;
|
|
1452
|
-
private keyFor;
|
|
1453
|
-
record(event: CsrfWarnRecord): void;
|
|
1454
|
-
summary(): CsrfReadinessSummary;
|
|
1455
|
-
reset(): void;
|
|
1456
|
-
}
|
|
1457
|
-
|
|
1458
1630
|
/**
|
|
1459
1631
|
* T2.2 — `/__theo/csrf-readiness` endpoint.
|
|
1460
1632
|
*
|
|
@@ -2154,4 +2326,4 @@ interface LoadEnvResult {
|
|
|
2154
2326
|
declare function _resetEnvCache(): void;
|
|
2155
2327
|
declare function loadEnv(options?: LoadEnvOptions): LoadEnvResult;
|
|
2156
2328
|
|
|
2157
|
-
export { type ActionConfig, type ActionNode, type AgentEndpointConfig, type AgentEndpointHandlerArgs, AgentErrorEvent, AgentEvent, type AgentRunLike, type AgentRunResult, type AgentRunStreamMessage, type AuditEvent, type AuditLogger, BATCH_PATH, type BatchExecuteFn, BatchPathConflictError, type BatchPayload, type BatchRequestItem, type BatchResponse, type BatchResultItem, type BodyParserOptions, BodyTooLargeError, DEFAULT_MAX_AGE as CACHE_DEFAULT_MAX_AGE, DEFAULT_MAX_ENTRY_SIZE as CACHE_DEFAULT_MAX_ENTRY_SIZE, DEFAULT_SWR_MULTIPLIER as CACHE_DEFAULT_SWR_MULTIPLIER, CACHE_TAG_MAX_ITEMS, CACHE_TAG_MAX_LENGTH, CSP_REPORT_PATH, CSRF_READINESS_PATH, CSRF_READINESS_RESET_PATH, CSRF_WARN_CODE, CSRF_WARN_DOCS_URL, type CacheControlInput, type CacheEngine, type CacheEngineOptions, type CacheEntry, type CacheStatus, type CacheStorageAdapter, type CacheStore, type CacheStoreAdmin, type ValidationResult as CacheValidationResult, type CachedFunction, type CachedRouteConfig, type ChannelHandler, ChannelManager, type CompiledRouteRule, type ConversationHistoryArgs, type ConversationHistoryResult, type ConversationStorageLike, type CookieOptions, type CorsConfig, type CorsHandler, type CorsOrigin, type CspMode, type CspReportHandlerOptions, type CspViolation, type CsrfLogger, type CsrfMode,
|
|
2329
|
+
export { type ActionAccept, type ActionConfig, ActionError, type ActionErrorCode, ActionInputError, type ActionManifestEntry, type ActionNode, type ActionResult, ActionScanError, type AgentEndpointConfig, type AgentEndpointHandlerArgs, AgentErrorEvent, AgentEvent, type AgentRunLike, type AgentRunResult, type AgentRunStreamMessage, type AuditEvent, type AuditLogger, BATCH_PATH, type BatchExecuteFn, BatchPathConflictError, type BatchPayload, type BatchRequestItem, type BatchResponse, type BatchResultItem, type BodyParserOptions, BodyTooLargeError, DEFAULT_MAX_AGE as CACHE_DEFAULT_MAX_AGE, DEFAULT_MAX_ENTRY_SIZE as CACHE_DEFAULT_MAX_ENTRY_SIZE, DEFAULT_SWR_MULTIPLIER as CACHE_DEFAULT_SWR_MULTIPLIER, CACHE_TAG_MAX_ITEMS, CACHE_TAG_MAX_LENGTH, CSP_REPORT_PATH, CSRF_READINESS_PATH, CSRF_READINESS_RESET_PATH, CSRF_WARN_CODE, CSRF_WARN_DOCS_URL, type CacheControlInput, type CacheEngine, type CacheEngineOptions, type CacheEntry, type CacheStatus, type CacheStorageAdapter, type CacheStore, type CacheStoreAdmin, type ValidationResult as CacheValidationResult, type CachedFunction, type CachedRouteConfig, type ChannelHandler, ChannelManager, type CompiledRouteRule, type ConversationHistoryArgs, type ConversationHistoryResult, type ConversationStorageLike, type CookieOptions, type CorsConfig, type CorsHandler, type CorsOrigin, type CspMode, type CspReportHandlerOptions, type CspViolation, type CsrfLogger, type CsrfMode, CsrfReadinessStore, type CsrfWarnPayload, type CustomErrorPages, type CustomTool, DEFAULT_CSP, DEFAULT_EXCLUDED_QUERY_PARAMS, DEFAULT_MAX_BODY_BYTES, DEFAULT_PERMISSIONS_POLICY, type Db0Database, type DefineAgentToolSpec, type DefineCachedFunctionOptions, type DefineWebhookOptions, type DisallowedConfig, DuplicateDecorationError, DuplicatePluginError, type ExecuteActionOptions, type ExecuteRouteContext, FileTooLargeError, type GetOrComputeOptions, type HandleBatchOptions, type HookName, type HookResult, InMemoryCacheAdapter, type InMemoryCacheAdapterOptions, InvalidPluginShapeError, JobBackend, JsonStdoutSink, type KeyByMode, type KeyDerivationOptions, type LoadEnvOptions, type LoadEnvResult, type LoadModule, type LoadedManifest, type LogLevel, type LoggerFn, MAX_ERROR_HTML_BYTES, type ManifestAction, type ManifestRoute, type ManifestWebSocket, type MiddlewareHandler, type MiddlewareResult, type NormalizedCacheConfig, type OnErrorHook, type OnRequestHook, type OnResponseHook, type ParsedBody, type PluginContext, type PluginErrorContext, PluginRunner, type PreHandlerHook, RateLimitConfig, RateLimitResult, RateLimitStore, type RawBodyResult, type ReadRawBodyOptions, type RequestLog, type RevalidateResult, type RouteCacheOptions, type RouteConfig, type RouteRateLimitConfig, type RouteRule, type RouteRules, type RunHookOptions, STRIPPED_HEADERS, type SdkAgent, type SdkAgentOptions, type SdkRunLike, type SecurityEnv, type SecurityHeadersConfig, type SecurityHeadersOptions, type SendErrorInput, type SendErrorOptions, type SerializedActionResult, type SerializedResponse, type ServerRouteNode, type StructuredLog, THEO_T_PREFIX, TRACE_HEADER, TRACE_PARENT_HEADER, type TheoApp, type TheoLogger, type TheoManifest, type TheoPlugin, type TheoTransformer, type UniversalZodIssue, type UnstorageInstance, type UploadedFile, type VerifyFn, type VerifyResult, type WebSocketHandler, type WebSocketLike, type WebSocketRouteNode, type WebhookContext, type WebhookDefinition, __resetSdkForTests, __setSdkForTests, _resetCacheEngine, _resetEnvCache, _resetMiddlewareCacheForTests, _resetWarnOnceForTests, applySecurityHeaders, buildSecurityHeaders, compilePattern, compileRouteRules, createCacheEngine, createConversationHistory, createCorsHandler, createLogger, createNoOpLogger, createPluginRunnerFromConfig, createProductionLoader, createRouteRateLimiter, createViteLoader, defineAction, defineAgentEndpoint, defineAgentTool, defineCachedFunction, defineCachedRoute, defineChannel, defineMiddleware, definePlugin, defineRoute, defineTheoPlugin, defineWebSocket, defineWebhook, deleteCookie, deriveKey as deriveCacheKey, deriveKey$1 as deriveKey, deserializeResponse, dispatchWebhook, enforceCsrf, errorToEvent, executeAction, executeRoute, extractTraceId, extractUniversalIssues, findSuggestion, generateManifest, getCacheControlHeader, getCacheEngine, getCookie, handleBatchRequest, handleCspReport, handleCsrfReadiness, initCacheEngine, isActionError, isInputError, jsonTransformer, levenshtein, loadCustomErrorPages, loadEnv, loadManifest, logRequest, matchDisallowed, matchRoute, matchRoutePattern, matchesOrigin, normalizeLegacy, normalizeNew, parseCookieHeader, parseRequestBody, parseTraceparent, readRawBody, resolveRouteRule, resolveTransformer, revalidatePath, revalidateTag, runMiddlewareAndContext, safeAudit, scanMiddlewares, scanServerActions, scanServerActionsEnriched, scanServerRoutes, scanWebSocketRoutes, sendError, sendJson, serializeResponse, serveStaticFile, setCookie, streamAgentRun, superjsonTransformer, timingSafeEqual, updateTag, useDatabase, useUnstorage, validateExpire as validateCacheExpire, validateMaxAge as validateCacheMaxAge, validateTags as validateCacheTags, validateCsrf, warnOnce, writeManifest };
|