theokit 0.2.4 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (303) hide show
  1. package/dist/{actions-virtual-module-HWNTIEPI.js → actions-virtual-module-IY46EEEX.js} +2 -2
  2. package/dist/{actions-virtual-module-SEIPACG5.js → actions-virtual-module-XNHDNCZ6.js} +2 -2
  3. package/dist/add-2ZFFGGE4.js +0 -0
  4. package/dist/{app-typed-client-6GC6VWXS.js → app-typed-client-OUJO3V5J.js} +10 -5
  5. package/dist/{app-typed-client-6GC6VWXS.js.map → app-typed-client-OUJO3V5J.js.map} +1 -1
  6. package/dist/{app-typed-client-US2ZXBEC.js → app-typed-client-YOMWSA3F.js} +11 -6
  7. package/dist/{app-typed-client-US2ZXBEC.js.map → app-typed-client-YOMWSA3F.js.map} +1 -1
  8. package/dist/audit-log-BQWM5YLG.d.ts +60 -0
  9. package/dist/{aws-lambda-XYCGZH3I.js → aws-lambda-GKSTX6HD.js} +3 -3
  10. package/dist/body-parser-web-MUWBKZ3F.js +70 -0
  11. package/dist/body-parser-web-MUWBKZ3F.js.map +1 -0
  12. package/dist/broadcast-QOQGUNNK.js +0 -0
  13. package/dist/{build-MREW6MVS.js → build-D4J7XECU.js} +33 -24
  14. package/dist/build-D4J7XECU.js.map +1 -0
  15. package/dist/build-request-body-preview-II2235E6.js +0 -0
  16. package/dist/{bun-K73TQEWC.js → bun-ISHSNFIO.js} +3 -3
  17. package/dist/{check-PZR67OY5.js → check-NXYPLM6M.js} +2 -2
  18. package/dist/{chunk-WZ7CPVQB.js → chunk-27LWMYNK.js} +28 -24
  19. package/dist/chunk-27LWMYNK.js.map +1 -0
  20. package/dist/{chunk-5OKZY2VL.js → chunk-2F4FROEQ.js} +1695 -1522
  21. package/dist/chunk-2F4FROEQ.js.map +1 -0
  22. package/dist/chunk-4HBI7DHP.js +20 -0
  23. package/dist/chunk-4HBI7DHP.js.map +1 -0
  24. package/dist/{chunk-X4JAX2U3.js → chunk-4S2UCILN.js} +180 -125
  25. package/dist/chunk-4S2UCILN.js.map +1 -0
  26. package/dist/{chunk-C52GSJPF.js → chunk-4S6YHNG2.js} +11 -8
  27. package/dist/chunk-4S6YHNG2.js.map +1 -0
  28. package/dist/chunk-5ODOE6EF.js +0 -0
  29. package/dist/{chunk-KJVEJILQ.js → chunk-5PU65T5W.js} +9 -3
  30. package/dist/chunk-5PU65T5W.js.map +1 -0
  31. package/dist/chunk-5QW7IQQU.js +36 -0
  32. package/dist/chunk-5QW7IQQU.js.map +1 -0
  33. package/dist/chunk-5Z2727GV.js +1324 -0
  34. package/dist/chunk-5Z2727GV.js.map +1 -0
  35. package/dist/{chunk-YLBSSEHX.js → chunk-6NEXVBPY.js} +5 -15
  36. package/dist/chunk-6NEXVBPY.js.map +1 -0
  37. package/dist/chunk-7MQOHNHE.js +36 -0
  38. package/dist/chunk-7MQOHNHE.js.map +1 -0
  39. package/dist/{chunk-TPCT3MXV.js → chunk-ABVITXFH.js} +405 -272
  40. package/dist/chunk-ABVITXFH.js.map +1 -0
  41. package/dist/chunk-ASDXVRJD.js +185 -0
  42. package/dist/chunk-ASDXVRJD.js.map +1 -0
  43. package/dist/chunk-B3L3TJVF.js +406 -0
  44. package/dist/chunk-B3L3TJVF.js.map +1 -0
  45. package/dist/{chunk-PB4GR7EP.js → chunk-C3ZZ56YZ.js} +1 -18
  46. package/dist/chunk-C3ZZ56YZ.js.map +1 -0
  47. package/dist/{chunk-O7335ZGH.js → chunk-CG563V5M.js} +5 -3
  48. package/dist/chunk-CG563V5M.js.map +1 -0
  49. package/dist/{chunk-5OFPQK6N.js → chunk-COXLEZCN.js} +2 -1
  50. package/dist/chunk-COXLEZCN.js.map +1 -0
  51. package/dist/{chunk-O4BLVPML.js → chunk-DNMSV3R3.js} +22 -28
  52. package/dist/chunk-DNMSV3R3.js.map +1 -0
  53. package/dist/chunk-E3JH6YUM.js +1 -0
  54. package/dist/chunk-ESC54TAK.js +220 -0
  55. package/dist/chunk-ESC54TAK.js.map +1 -0
  56. package/dist/chunk-FI7MPTJW.js +77 -0
  57. package/dist/chunk-FI7MPTJW.js.map +1 -0
  58. package/dist/chunk-H4J2LECY.js +201 -0
  59. package/dist/chunk-H4J2LECY.js.map +1 -0
  60. package/dist/chunk-IAJ2JVEH.js +256 -0
  61. package/dist/chunk-IAJ2JVEH.js.map +1 -0
  62. package/dist/{chunk-F3TG5FJV.js → chunk-IEZCAT2I.js} +7 -1
  63. package/dist/{chunk-F3TG5FJV.js.map → chunk-IEZCAT2I.js.map} +1 -1
  64. package/dist/chunk-JHEAWR3L.js +1 -0
  65. package/dist/chunk-JQSKBMXP.js +17 -0
  66. package/dist/chunk-JQSKBMXP.js.map +1 -0
  67. package/dist/{chunk-4QTKSLTO.js → chunk-K4M64WD6.js} +9 -5
  68. package/dist/{chunk-4QTKSLTO.js.map → chunk-K4M64WD6.js.map} +1 -1
  69. package/dist/chunk-KI7OWQUX.js +293 -0
  70. package/dist/chunk-KI7OWQUX.js.map +1 -0
  71. package/dist/chunk-KT3MWNZG.js +0 -0
  72. package/dist/{chunk-ZJW5FFYJ.js → chunk-LC5PYNJP.js} +2 -2
  73. package/dist/{chunk-X2OLD264.js → chunk-M2EY7KDR.js} +1228 -1124
  74. package/dist/chunk-M2EY7KDR.js.map +1 -0
  75. package/dist/{chunk-YWWHK7R6.js → chunk-MR7OLIC6.js} +3 -3
  76. package/dist/chunk-NM4WF3XD.js +63 -0
  77. package/dist/chunk-NM4WF3XD.js.map +1 -0
  78. package/dist/chunk-NPMCKOX4.js +1 -0
  79. package/dist/{chunk-VRHXOKRP.js → chunk-NZXH2LQQ.js} +86 -83
  80. package/dist/chunk-NZXH2LQQ.js.map +1 -0
  81. package/dist/{chunk-2BQYEBCK.js → chunk-OLPB36O2.js} +87 -5
  82. package/dist/chunk-OLPB36O2.js.map +1 -0
  83. package/dist/chunk-PIVX3DYW.js +142 -0
  84. package/dist/chunk-PIVX3DYW.js.map +1 -0
  85. package/dist/{chunk-7TOMTMHT.js → chunk-R7OC6UDK.js} +2 -1
  86. package/dist/chunk-R7OC6UDK.js.map +1 -0
  87. package/dist/chunk-RESN62GB.js +269 -0
  88. package/dist/chunk-RESN62GB.js.map +1 -0
  89. package/dist/{chunk-64JI5LTO.js → chunk-RMU7EBRO.js} +2 -2
  90. package/dist/chunk-RMU7EBRO.js.map +1 -0
  91. package/dist/chunk-TQYSPYKU.js +131 -0
  92. package/dist/chunk-TQYSPYKU.js.map +1 -0
  93. package/dist/chunk-TSLSIRBR.js +107 -0
  94. package/dist/chunk-TSLSIRBR.js.map +1 -0
  95. package/dist/{chunk-XP7YXRHO.js → chunk-U6TPSW4L.js} +37 -5
  96. package/dist/chunk-U6TPSW4L.js.map +1 -0
  97. package/dist/chunk-UD3LFGDL.js +45 -0
  98. package/dist/chunk-UD3LFGDL.js.map +1 -0
  99. package/dist/chunk-UUFYP2UM.js +161 -0
  100. package/dist/chunk-UUFYP2UM.js.map +1 -0
  101. package/dist/{chunk-SNDZQ64K.js → chunk-VBZCVFSA.js} +85 -3
  102. package/dist/chunk-VBZCVFSA.js.map +1 -0
  103. package/dist/chunk-VMEWD57H.js +137 -0
  104. package/dist/chunk-VMEWD57H.js.map +1 -0
  105. package/dist/{chunk-BE2LKDI7.js → chunk-WEGALZEU.js} +3 -3
  106. package/dist/{chunk-ZOXNJV2O.js → chunk-WGHJD6I7.js} +35 -138
  107. package/dist/chunk-WGHJD6I7.js.map +1 -0
  108. package/dist/chunk-XMS5VRIK.js +0 -0
  109. package/dist/chunk-Y4H3JNVK.js +18 -0
  110. package/dist/chunk-Y4H3JNVK.js.map +1 -0
  111. package/dist/chunk-Z5IGLBWE.js +329 -0
  112. package/dist/chunk-Z5IGLBWE.js.map +1 -0
  113. package/dist/chunk-ZEGYW52B.js +26 -0
  114. package/dist/chunk-ZEGYW52B.js.map +1 -0
  115. package/dist/chunk-ZJQ4O76G.js +87 -0
  116. package/dist/chunk-ZJQ4O76G.js.map +1 -0
  117. package/dist/cli/index.js +44 -9
  118. package/dist/cli/index.js.map +1 -1
  119. package/dist/client/index.d.ts +107 -1
  120. package/dist/client/index.js +152 -6
  121. package/dist/client/index.js.map +1 -1
  122. package/dist/{cloudflare-LCAOTRYZ.js → cloudflare-OJGJ7R2D.js} +3 -3
  123. package/dist/configure-agent-registry-6YGTJYBC.js +0 -0
  124. package/dist/cookies-MJKMGJ7N.js +22 -0
  125. package/dist/csrf-BBrEZSBW.d.ts +107 -0
  126. package/dist/csrf-readiness-store-CjIoub3U.d.ts +43 -0
  127. package/dist/define-websocket-CdK94O-D.d.ts +64 -0
  128. package/dist/{deno-deploy-ZN4RE5HF.js → deno-deploy-BHWKFTOW.js} +3 -3
  129. package/dist/{dev-6P2DM33Q.js → dev-MJVSRZGF.js} +13 -13
  130. package/dist/{dev-emit-MLDFOLUU.js → dev-emit-5VPRCHOD.js} +39 -142
  131. package/dist/dev-emit-5VPRCHOD.js.map +1 -0
  132. package/dist/{dev-emit-PRSRPDHA.js → dev-emit-HHP2XJXE.js} +5 -5
  133. package/dist/devtools/entry.js +185 -131
  134. package/dist/devtools/entry.js.map +1 -1
  135. package/dist/{dispatcher-AQJGI3HU.js → dispatcher-63LBXYLE.js} +2 -2
  136. package/dist/{dispatcher-E6QV32BO.js → dispatcher-EJME6C6M.js} +5 -2
  137. package/dist/dispatcher-EJME6C6M.js.map +1 -0
  138. package/dist/{dist-E6BL4ZVY.js → dist-KRW6OVD4.js} +7 -7
  139. package/dist/dist-KRW6OVD4.js.map +1 -0
  140. package/dist/docker-EZDA5FT7.js +0 -0
  141. package/dist/error-envelope-BsNzzAV5.d.ts +62 -0
  142. package/dist/{generate-DT4IIAHF.js → generate-AZ2K6Z2Z.js} +75 -2
  143. package/dist/generate-AZ2K6Z2Z.js.map +1 -0
  144. package/dist/index-DWWEdFh5.d.ts +399 -0
  145. package/dist/index.d.ts +161 -1391
  146. package/dist/index.js +20 -8
  147. package/dist/index.js.map +1 -1
  148. package/dist/{info-FJ4NXKTB.js → info-47VB62MV.js} +5 -5
  149. package/dist/job-backend-CgC8Xf33.d.ts +68 -0
  150. package/dist/{lib-NL5JXGEB.js → lib-NST3PNZX.js} +31 -31
  151. package/dist/lib-NST3PNZX.js.map +1 -0
  152. package/dist/module-loader-Cfz7dgCP.d.ts +26 -0
  153. package/dist/{netlify-5VQ22Z2P.js → netlify-GSNSJGMN.js} +3 -3
  154. package/dist/{node-3APTLGWB.js → node-6I5B6RL3.js} +3 -3
  155. package/dist/node-6I5B6RL3.js.map +1 -0
  156. package/dist/{openapi-SOKZTFE3.js → openapi-NFLSNNVQ.js} +10 -10
  157. package/dist/plugin-runner-BGBkzgi0.d.ts +95 -0
  158. package/dist/plugin-types-DNJGxr4Z.d.ts +79 -0
  159. package/dist/{proper-lockfile-4Y3DP3RP.js → proper-lockfile-MVKMQGFK.js} +27 -27
  160. package/dist/proper-lockfile-MVKMQGFK.js.map +1 -0
  161. package/dist/rate-limit-BdNDZ3vt.d.ts +58 -0
  162. package/dist/registry-QHEZ3BWB.js +25 -0
  163. package/dist/router-RGZFX75G.js +274 -0
  164. package/dist/router-RGZFX75G.js.map +1 -0
  165. package/dist/{routes-XVRAUH6H.js → routes-3A4XGIEJ.js} +6 -6
  166. package/dist/{scan-C2BOKLSY.js → scan-NQFI5S7P.js} +2 -2
  167. package/dist/scan-NQFI5S7P.js.map +1 -0
  168. package/dist/schema-D3v8VB7o.d.ts +76 -0
  169. package/dist/{schema-VR6YNVLQ.js → schema-KZVOV333.js} +5 -3
  170. package/dist/schema-KZVOV333.js.map +1 -0
  171. package/dist/server/agent/index.d.ts +229 -0
  172. package/dist/server/agent/index.js +16 -0
  173. package/dist/server/agent/index.js.map +1 -0
  174. package/dist/server/auth/index.d.ts +46 -1
  175. package/dist/server/auth/index.js +10 -3
  176. package/dist/server/cost/index.d.ts +1 -3
  177. package/dist/server/cost/index.js +1 -1
  178. package/dist/server/cron/index.js +4 -2
  179. package/dist/server/define/index.d.ts +281 -0
  180. package/dist/server/define/index.js +26 -0
  181. package/dist/server/define/index.js.map +1 -0
  182. package/dist/server/http/index.d.ts +10 -0
  183. package/dist/server/http/index.js +74 -0
  184. package/dist/server/http/index.js.map +1 -0
  185. package/dist/server/index.d.ts +151 -1677
  186. package/dist/server/index.js +558 -1102
  187. package/dist/server/index.js.map +1 -1
  188. package/dist/server/jobs/index.d.ts +348 -2
  189. package/dist/server/jobs/index.js +5 -3
  190. package/dist/server/observability/index.d.ts +324 -0
  191. package/dist/server/observability/index.js +48 -0
  192. package/dist/server/observability/index.js.map +1 -0
  193. package/dist/server/plugins/index.d.ts +17 -0
  194. package/dist/server/plugins/index.js +17 -0
  195. package/dist/server/plugins/index.js.map +1 -0
  196. package/dist/server/rate-limit/index.d.ts +105 -0
  197. package/dist/server/rate-limit/index.js +25 -0
  198. package/dist/server/rate-limit/index.js.map +1 -0
  199. package/dist/server/realtime/index.d.ts +15 -0
  200. package/dist/server/realtime/index.js +8 -0
  201. package/dist/server/realtime/index.js.map +1 -0
  202. package/dist/server/scan/index.d.ts +106 -0
  203. package/dist/server/scan/index.js +43 -0
  204. package/dist/server/scan/index.js.map +1 -0
  205. package/dist/server/security/index.d.ts +193 -0
  206. package/dist/server/security/index.js +50 -0
  207. package/dist/server/security/index.js.map +1 -0
  208. package/dist/server/storage/index.d.ts +22 -0
  209. package/dist/server/storage/index.js +14 -0
  210. package/dist/server/storage/index.js.map +1 -0
  211. package/dist/server/webhook/index.d.ts +148 -0
  212. package/dist/server/webhook/index.js +19 -0
  213. package/dist/server/webhook/index.js.map +1 -0
  214. package/dist/server-error-to-envelope-NO4CCAFQ.js +8 -0
  215. package/dist/server-error-to-envelope-NO4CCAFQ.js.map +1 -0
  216. package/dist/server-error-to-envelope-UJK6OWDJ.js +134 -0
  217. package/dist/server-error-to-envelope-UJK6OWDJ.js.map +1 -0
  218. package/dist/server-routes-hmr-GZJGPWMS.js +44 -0
  219. package/dist/server-routes-hmr-GZJGPWMS.js.map +1 -0
  220. package/dist/server-routes-hmr-PBHSKCQJ.js +42 -0
  221. package/dist/server-routes-hmr-PBHSKCQJ.js.map +1 -0
  222. package/dist/services-json-Z2QNGVPW.js +142 -0
  223. package/dist/services-json-Z2QNGVPW.js.map +1 -0
  224. package/dist/{services-typed-client-XWYYBWGW.js → services-typed-client-KK6RHRDG.js} +2 -2
  225. package/dist/{services-typed-client-ZX5JUHH3.js → services-typed-client-T7M5VPBP.js} +2 -2
  226. package/dist/{sqlite-vec-ARPNUBWT.js → sqlite-vec-54KB4RD3.js} +2 -2
  227. package/dist/sqlite-vec-54KB4RD3.js.map +1 -0
  228. package/dist/{start-R7XSQL5L.js → start-CGSZPBAG.js} +23 -23
  229. package/dist/start-CGSZPBAG.js.map +1 -0
  230. package/dist/{static-TZBVBDTB.js → static-QI5NQT2X.js} +6 -6
  231. package/dist/storage-manager-C4jsO0Tp.d.ts +89 -0
  232. package/dist/storage-manager-D5KBXXKB.js +0 -0
  233. package/dist/{storage-types-DtIVejC1.d.ts → storage-types-DsDTCPbp.d.ts} +1 -1
  234. package/dist/{theo-cloud-3K4DGB3S.js → theo-cloud-RSQCBNXL.js} +4 -4
  235. package/dist/theo-cloud-RSQCBNXL.js.map +1 -0
  236. package/dist/upgrade-readiness-GUJBCJIS.js +0 -0
  237. package/dist/{vercel-MWW24ABC.js → vercel-TKPZK62A.js} +3 -3
  238. package/dist/vite-plugin/index.d.ts +3 -1
  239. package/dist/vite-plugin/index.js +20 -8
  240. package/dist/{vite-plugin-6MPHTKIW.js → vite-plugin-CR4JDFUQ.js} +9 -9
  241. package/dist/vite-plugin-CR4JDFUQ.js.map +1 -0
  242. package/package.json +59 -10
  243. package/LICENSE +0 -201
  244. package/dist/build-MREW6MVS.js.map +0 -1
  245. package/dist/chunk-2BQYEBCK.js.map +0 -1
  246. package/dist/chunk-5OFPQK6N.js.map +0 -1
  247. package/dist/chunk-5OKZY2VL.js.map +0 -1
  248. package/dist/chunk-64JI5LTO.js.map +0 -1
  249. package/dist/chunk-7TOMTMHT.js.map +0 -1
  250. package/dist/chunk-C52GSJPF.js.map +0 -1
  251. package/dist/chunk-CZM6WWWS.js +0 -2450
  252. package/dist/chunk-CZM6WWWS.js.map +0 -1
  253. package/dist/chunk-KJVEJILQ.js.map +0 -1
  254. package/dist/chunk-O4BLVPML.js.map +0 -1
  255. package/dist/chunk-O7335ZGH.js.map +0 -1
  256. package/dist/chunk-PB4GR7EP.js.map +0 -1
  257. package/dist/chunk-SNDZQ64K.js.map +0 -1
  258. package/dist/chunk-TPCT3MXV.js.map +0 -1
  259. package/dist/chunk-VRHXOKRP.js.map +0 -1
  260. package/dist/chunk-WZ7CPVQB.js.map +0 -1
  261. package/dist/chunk-X2OLD264.js.map +0 -1
  262. package/dist/chunk-X4JAX2U3.js.map +0 -1
  263. package/dist/chunk-XP7YXRHO.js.map +0 -1
  264. package/dist/chunk-YLBSSEHX.js.map +0 -1
  265. package/dist/chunk-ZOXNJV2O.js.map +0 -1
  266. package/dist/dev-emit-MLDFOLUU.js.map +0 -1
  267. package/dist/dispatcher-E6QV32BO.js.map +0 -1
  268. package/dist/dist-E6BL4ZVY.js.map +0 -1
  269. package/dist/generate-DT4IIAHF.js.map +0 -1
  270. package/dist/index-li83Swxa.d.ts +0 -506
  271. package/dist/lib-NL5JXGEB.js.map +0 -1
  272. package/dist/proper-lockfile-4Y3DP3RP.js.map +0 -1
  273. package/dist/registry-5QFTLOL2.js +0 -25
  274. package/dist/schema-CjVly9c_.d.ts +0 -274
  275. package/dist/sqlite-vec-ARPNUBWT.js.map +0 -1
  276. package/dist/start-R7XSQL5L.js.map +0 -1
  277. package/dist/theo-cloud-3K4DGB3S.js.map +0 -1
  278. /package/dist/{actions-virtual-module-HWNTIEPI.js.map → actions-virtual-module-IY46EEEX.js.map} +0 -0
  279. /package/dist/{actions-virtual-module-SEIPACG5.js.map → actions-virtual-module-XNHDNCZ6.js.map} +0 -0
  280. /package/dist/{aws-lambda-XYCGZH3I.js.map → aws-lambda-GKSTX6HD.js.map} +0 -0
  281. /package/dist/{bun-K73TQEWC.js.map → bun-ISHSNFIO.js.map} +0 -0
  282. /package/dist/{check-PZR67OY5.js.map → check-NXYPLM6M.js.map} +0 -0
  283. /package/dist/{dispatcher-AQJGI3HU.js.map → chunk-E3JH6YUM.js.map} +0 -0
  284. /package/dist/{node-3APTLGWB.js.map → chunk-JHEAWR3L.js.map} +0 -0
  285. /package/dist/{chunk-ZJW5FFYJ.js.map → chunk-LC5PYNJP.js.map} +0 -0
  286. /package/dist/{chunk-YWWHK7R6.js.map → chunk-MR7OLIC6.js.map} +0 -0
  287. /package/dist/{scan-C2BOKLSY.js.map → chunk-NPMCKOX4.js.map} +0 -0
  288. /package/dist/{chunk-BE2LKDI7.js.map → chunk-WEGALZEU.js.map} +0 -0
  289. /package/dist/{cloudflare-LCAOTRYZ.js.map → cloudflare-OJGJ7R2D.js.map} +0 -0
  290. /package/dist/{schema-VR6YNVLQ.js.map → cookies-MJKMGJ7N.js.map} +0 -0
  291. /package/dist/{deno-deploy-ZN4RE5HF.js.map → deno-deploy-BHWKFTOW.js.map} +0 -0
  292. /package/dist/{dev-6P2DM33Q.js.map → dev-MJVSRZGF.js.map} +0 -0
  293. /package/dist/{dev-emit-PRSRPDHA.js.map → dev-emit-HHP2XJXE.js.map} +0 -0
  294. /package/dist/{vite-plugin-6MPHTKIW.js.map → dispatcher-63LBXYLE.js.map} +0 -0
  295. /package/dist/{info-FJ4NXKTB.js.map → info-47VB62MV.js.map} +0 -0
  296. /package/dist/{netlify-5VQ22Z2P.js.map → netlify-GSNSJGMN.js.map} +0 -0
  297. /package/dist/{openapi-SOKZTFE3.js.map → openapi-NFLSNNVQ.js.map} +0 -0
  298. /package/dist/{registry-5QFTLOL2.js.map → registry-QHEZ3BWB.js.map} +0 -0
  299. /package/dist/{routes-XVRAUH6H.js.map → routes-3A4XGIEJ.js.map} +0 -0
  300. /package/dist/{services-typed-client-XWYYBWGW.js.map → services-typed-client-KK6RHRDG.js.map} +0 -0
  301. /package/dist/{services-typed-client-ZX5JUHH3.js.map → services-typed-client-T7M5VPBP.js.map} +0 -0
  302. /package/dist/{static-TZBVBDTB.js.map → static-QI5NQT2X.js.map} +0 -0
  303. /package/dist/{vercel-MWW24ABC.js.map → vercel-TKPZK62A.js.map} +0 -0
@@ -2,152 +2,188 @@
2
2
  import "tsx/esm";
3
3
  import {
4
4
  servicesConfigSchema
5
- } from "./chunk-WZ7CPVQB.js";
5
+ } from "./chunk-27LWMYNK.js";
6
6
 
7
7
  // src/config/schema.ts
8
+ import { z as z8 } from "zod";
9
+
10
+ // src/config/schemas/header-safe.ts
8
11
  import { z } from "zod";
9
- var baseRateLimitSchema = z.object({
10
- windowMs: z.number().min(1),
11
- max: z.number().int().min(1)
12
+ var headerSafeString = z.string().refine((s) => !/[\r\n]/.test(s), { message: "Header value must not contain CR/LF" });
13
+
14
+ // src/config/schemas/rate-limit.ts
15
+ import { z as z2 } from "zod";
16
+ var baseRateLimitSchema = z2.object({
17
+ windowMs: z2.number().min(1),
18
+ max: z2.number().int().min(1)
12
19
  });
13
- var rateLimitSchema = z.union([
20
+ var rateLimitSchema = z2.union([
14
21
  baseRateLimitSchema,
15
- z.object({
22
+ z2.object({
16
23
  default: baseRateLimitSchema.optional(),
17
- routes: z.record(z.string(), baseRateLimitSchema).optional(),
18
- keyBy: z.union([
19
- z.enum(["ip", "session", "user"]),
20
- z.function().args(z.unknown()).returns(z.string())
24
+ routes: z2.record(z2.string(), baseRateLimitSchema).optional(),
25
+ keyBy: z2.union([
26
+ z2.enum(["ip", "session", "user"]),
27
+ z2.function({ input: z2.tuple([z2.unknown()]), output: z2.string() })
21
28
  ]).optional(),
22
- cookieName: z.string().min(1).optional()
29
+ cookieName: z2.string().min(1).optional()
23
30
  })
24
31
  ]);
25
- var uploadSchema = z.object({
26
- maxFileSize: z.number().min(1).default(10 * 1024 * 1024),
32
+
33
+ // src/config/schemas/upload.ts
34
+ import { z as z3 } from "zod";
35
+ var uploadSchema = z3.object({
36
+ maxFileSize: z3.number().min(1).default(10 * 1024 * 1024),
27
37
  // 10MB
28
- maxFiles: z.number().int().min(1).default(10),
29
- maxFieldSize: z.number().min(1).default(1 * 1024 * 1024)
38
+ maxFiles: z3.number().int().min(1).default(10),
39
+ maxFieldSize: z3.number().min(1).default(1 * 1024 * 1024)
30
40
  // 1MB
31
41
  });
32
- var loggingSchema = z.object({
33
- level: z.enum(["debug", "info", "warn", "error", "silent"]).default("info")
42
+
43
+ // src/config/schemas/logging.ts
44
+ import { z as z4 } from "zod";
45
+ var loggingSchema = z4.object({
46
+ level: z4.enum(["debug", "info", "warn", "error", "silent"]).default("info")
34
47
  });
35
- var routeRuleSchema = z.object({
36
- maxAge: z.number().nonnegative().finite().optional(),
37
- swr: z.number().nonnegative().finite().optional(),
38
- tags: z.array(z.string()).optional()
48
+
49
+ // src/config/schemas/cache.ts
50
+ import { z as z5 } from "zod";
51
+ var routeRuleSchema = z5.object({
52
+ maxAge: z5.number().nonnegative().finite().optional(),
53
+ swr: z5.number().nonnegative().finite().optional(),
54
+ tags: z5.array(z5.string()).optional()
39
55
  });
40
- var cacheSchema = z.object({
41
- enabled: z.boolean().default(true),
56
+ var cacheSchema = z5.object({
57
+ enabled: z5.boolean().default(true),
42
58
  /** 'memory' uses InMemoryCacheAdapter; otherwise pass a custom adapter instance. */
43
- storage: z.union([z.literal("memory"), z.custom()]).default("memory"),
44
- maxEntries: z.number().int().positive().default(1e3),
45
- defaults: z.object({
46
- maxAge: z.number().nonnegative().finite().default(1),
47
- swr: z.number().nonnegative().finite().optional(),
48
- cacheErrors: z.boolean().default(false)
49
- }).default({}),
50
- keyDerivation: z.object({
51
- excludeQuery: z.array(z.string()).optional(),
52
- sortQuery: z.boolean().default(true),
53
- lowercaseHost: z.boolean().default(true)
54
- }).default({}),
55
- routeRules: z.record(z.string(), routeRuleSchema).optional()
59
+ storage: z5.union([z5.literal("memory"), z5.custom()]).default("memory"),
60
+ maxEntries: z5.number().int().positive().default(1e3),
61
+ defaults: z5.object({
62
+ maxAge: z5.number().nonnegative().finite().default(1),
63
+ swr: z5.number().nonnegative().finite().optional(),
64
+ cacheErrors: z5.boolean().default(false)
65
+ }).default({ maxAge: 1, cacheErrors: false }),
66
+ keyDerivation: z5.object({
67
+ excludeQuery: z5.array(z5.string()).optional(),
68
+ sortQuery: z5.boolean().default(true),
69
+ lowercaseHost: z5.boolean().default(true)
70
+ }).default({ sortQuery: true, lowercaseHost: true }),
71
+ routeRules: z5.record(z5.string(), routeRuleSchema).optional()
56
72
  });
57
- var headerSafeString = z.string().refine((s) => !/[\r\n]/.test(s), { message: "Header value must not contain CR/LF" });
58
- var securityHeadersSchema = z.object({
59
- csp: z.union([headerSafeString, z.literal(false)]).optional(),
73
+
74
+ // src/config/schemas/security.ts
75
+ import { z as z6 } from "zod";
76
+ var securityHeadersSchema = z6.object({
77
+ csp: z6.union([headerSafeString, z6.literal(false)]).optional(),
60
78
  // T6.1 — default flipped from 'report-only' to 'enforce' for 0.3.0.
61
79
  // Users who want the old behaviour set `cspMode: 'report-only'`
62
80
  // explicitly. See docs/migrating/0.2-to-0.3.md.
63
- cspMode: z.enum(["enforce", "report-only", "off"]).default("enforce"),
64
- hsts: z.union([headerSafeString, z.literal(false)]).optional(),
65
- frameOptions: z.enum(["DENY", "SAMEORIGIN"]).default("DENY"),
66
- contentTypeOptions: z.literal("nosniff").default("nosniff"),
81
+ cspMode: z6.enum(["enforce", "report-only", "off"]).default("enforce"),
82
+ hsts: z6.union([headerSafeString, z6.literal(false)]).optional(),
83
+ frameOptions: z6.enum(["DENY", "SAMEORIGIN"]).default("DENY"),
84
+ contentTypeOptions: z6.literal("nosniff").default("nosniff"),
67
85
  referrerPolicy: headerSafeString.default("strict-origin-when-cross-origin"),
68
86
  /**
69
87
  * T1.1 — Permissions-Policy directive string. EC-3-refined: rejects CR/LF.
70
88
  * Pass `false` to suppress the header.
71
89
  */
72
- permissionsPolicy: z.union([headerSafeString, z.literal(false)]).optional()
90
+ permissionsPolicy: z6.union([headerSafeString, z6.literal(false)]).optional()
73
91
  });
74
- var disallowedConfigSchema = z.object({
75
- routes: z.array(z.union([z.string(), z.instanceof(RegExp)])),
76
- behavior: z.enum(["warn", "raise"]).default("raise")
92
+ var disallowedConfigSchema = z6.object({
93
+ routes: z6.array(z6.union([z6.string(), z6.instanceof(RegExp)])),
94
+ behavior: z6.enum(["warn", "raise"]).default("raise")
77
95
  });
78
- var corsSchema = z.object({
79
- origins: z.union([
80
- z.literal("*"),
96
+ var corsSchema = z6.object({
97
+ origins: z6.union([
98
+ z6.literal("*"),
81
99
  headerSafeString,
82
- z.instanceof(RegExp),
83
- z.array(z.union([headerSafeString, z.instanceof(RegExp)])),
84
- z.function().args(z.string()).returns(z.boolean())
100
+ z6.instanceof(RegExp),
101
+ z6.array(z6.union([headerSafeString, z6.instanceof(RegExp)])),
102
+ z6.function({ input: z6.tuple([z6.string()]), output: z6.boolean() })
85
103
  ]),
86
- methods: z.array(z.enum(["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD"])).optional(),
87
- allowedHeaders: z.array(headerSafeString).optional(),
88
- exposedHeaders: z.array(headerSafeString).optional(),
89
- credentials: z.boolean().default(false),
90
- maxAge: z.number().int().min(0).max(86400).default(600)
104
+ methods: z6.array(z6.enum(["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD"])).optional(),
105
+ allowedHeaders: z6.array(headerSafeString).optional(),
106
+ exposedHeaders: z6.array(headerSafeString).optional(),
107
+ credentials: z6.boolean().default(false),
108
+ maxAge: z6.number().int().min(0).max(86400).default(600)
91
109
  }).refine((c) => !(c.origins === "*" && c.credentials), {
92
110
  message: 'CORS spec forbids origins:"*" with credentials:true \u2014 browsers ignore the wildcard'
93
111
  });
94
- var securitySchema = z.object({
112
+ var securitySchema = z6.object({
95
113
  // T6.1 — default flipped from 'warn' to 'strict' for 0.3.0. Apps that
96
114
  // grep their warn-mode logs from 0.2.x already know which endpoints
97
115
  // break; opt back into 'warn' globally OR use disallowedRoutes for
98
116
  // surgical migration. See docs/migrating/0.2-to-0.3.md.
99
- csrf: z.enum(["off", "warn", "strict"]).default("strict"),
117
+ csrf: z6.enum(["off", "warn", "strict"]).default("strict"),
100
118
  headers: securityHeadersSchema.optional(),
101
119
  /** T5.1 — per-route escalation (Rails disallowed_warnings pattern). */
102
120
  disallowed: disallowedConfigSchema.optional(),
103
121
  /** T1.2 — Cross-Origin Resource Sharing. Single global config; runs first in pipeline. */
104
122
  cors: corsSchema.optional()
105
123
  });
106
- var tlsConfigSchema = z.object({
107
- rejectUnauthorized: z.boolean().optional(),
108
- caCert: z.string().optional(),
109
- clientCert: z.string().optional(),
110
- clientKey: z.string().optional()
124
+
125
+ // src/config/schemas/storage.ts
126
+ import { z as z7 } from "zod";
127
+ var tlsConfigSchema = z7.object({
128
+ rejectUnauthorized: z7.boolean().optional(),
129
+ caCert: z7.string().optional(),
130
+ clientCert: z7.string().optional(),
131
+ clientKey: z7.string().optional()
111
132
  });
112
- var serverConfigSchema = z.object({
113
- host: z.string().min(1),
114
- port: z.number().int().positive().max(65535).optional(),
115
- user: z.string().min(1),
133
+ var serverConfigSchema = z7.object({
134
+ host: z7.string().min(1),
135
+ port: z7.number().int().positive().max(65535).optional(),
136
+ user: z7.string().min(1),
116
137
  /** Password may be the empty string (some providers permit it). */
117
- password: z.string(),
138
+ password: z7.string(),
118
139
  tls: tlsConfigSchema.optional()
119
140
  });
120
- var postgresPoolConfigSchema = z.object({
121
- min: z.number().int().nonnegative().optional(),
122
- max: z.number().int().positive().optional(),
123
- connectionTimeoutMillis: z.number().int().positive().optional(),
124
- idleTimeoutMillis: z.number().int().nonnegative().optional()
141
+ var postgresPoolConfigSchema = z7.object({
142
+ min: z7.number().int().nonnegative().optional(),
143
+ max: z7.number().int().positive().optional(),
144
+ connectionTimeoutMillis: z7.number().int().positive().optional(),
145
+ idleTimeoutMillis: z7.number().int().nonnegative().optional()
125
146
  });
126
- var postgresDatabaseConfigSchema = z.object({
147
+ var postgresDatabaseConfigSchema = z7.object({
127
148
  /** References a key in `storage.servers`. Resolved at `usePostgres()` call time. */
128
- server: z.string().min(1),
129
- database: z.string().min(1),
149
+ server: z7.string().min(1),
150
+ database: z7.string().min(1),
130
151
  pool: postgresPoolConfigSchema.optional()
131
152
  });
132
153
  var redisServerConfigSchema = serverConfigSchema.extend({
133
- db: z.number().int().nonnegative().optional(),
134
- maxRetriesPerRequest: z.number().int().nonnegative().optional()
154
+ db: z7.number().int().nonnegative().optional(),
155
+ maxRetriesPerRequest: z7.number().int().nonnegative().optional()
135
156
  });
136
- var storageSchema = z.object({
137
- servers: z.record(z.string(), serverConfigSchema).optional(),
138
- databases: z.record(z.string(), postgresDatabaseConfigSchema).optional(),
139
- redis: z.record(z.string(), redisServerConfigSchema).optional()
157
+ var storageSchema = z7.object({
158
+ servers: z7.record(z7.string(), serverConfigSchema).optional(),
159
+ databases: z7.record(z7.string(), postgresDatabaseConfigSchema).optional(),
160
+ redis: z7.record(z7.string(), redisServerConfigSchema).optional()
140
161
  });
141
- var theoConfigSchema = z.object({
142
- appDir: z.string().default("app"),
143
- serverDir: z.string().default("server"),
162
+
163
+ // src/config/schema.ts
164
+ var theoConfigSchema = z8.object({
165
+ /**
166
+ * Plan v1.2 T2.1 — project identifier propagated into
167
+ * `.theo/services.json` v2 `project` field. DNS-1123 compatible (drives
168
+ * Gitea repo + ArgoCD App naming on TheoCloud). When omitted, the build
169
+ * emits services.json v1 with the legacy `services-bundle` fallback
170
+ * (ADR D10) and logs a deprecation warning.
171
+ */
172
+ name: z8.string().max(63).refine(
173
+ // DNS-1123 equivalent expressed as explicit single-char anchors so
174
+ // security/detect-unsafe-regex stays clean (no backtracking).
175
+ (value) => value.length > 0 && /^[a-z0-9-]+$/u.test(value) && !value.startsWith("-") && !value.endsWith("-"),
176
+ "name must match DNS-1123 (lowercase alphanumeric+hyphens, 1-63 chars, no leading/trailing hyphen)"
177
+ ).optional(),
178
+ appDir: z8.string().default("app"),
179
+ serverDir: z8.string().default("server"),
144
180
  /**
145
181
  * T2.2 / EC-4 — Build output directory. Must be a relative path inside
146
182
  * the project root. Refused absolute or parent-relative paths to prevent
147
183
  * `cleanOutDir` from wiping arbitrary locations (defense-in-depth on
148
184
  * top of cleanOutDir's runtime EC-3 guard).
149
185
  */
150
- distDir: z.string().default(".theo").refine(
186
+ distDir: z8.string().default(".theo").refine(
151
187
  (d) => !/^([A-Za-z]:)?[/\\]/.test(d) && !d.startsWith(".."),
152
188
  'distDir must be a relative path inside the project root (e.g., ".theo")'
153
189
  ),
@@ -166,46 +202,46 @@ var theoConfigSchema = z.object({
166
202
  * * `idleTimeoutMs` — auto-evict idle agents (default 30 min). 0 disables
167
203
  * idle eviction (LRU only).
168
204
  */
169
- agents: z.object({
170
- maxRegistries: z.number().int().positive().default(100),
171
- registry: z.object({
205
+ agents: z8.object({
206
+ maxRegistries: z8.number().int().positive().default(100),
207
+ registry: z8.object({
172
208
  /** LRU cap — MUST be ≥ max-concurrent-active-conversations. */
173
- maxAgents: z.number().int().positive().max(1e4).default(100),
209
+ maxAgents: z8.number().int().positive().max(1e4).default(100),
174
210
  /** Idle eviction window in ms. 0 disables idle eviction (LRU only). */
175
- idleTimeoutMs: z.number().int().nonnegative().default(30 * 6e4)
211
+ idleTimeoutMs: z8.number().int().nonnegative().default(30 * 6e4)
176
212
  }).optional()
177
213
  }).optional(),
178
- port: z.number().int().min(1).max(65535).default(3e3),
179
- ssr: z.boolean().default(false),
214
+ port: z8.number().int().min(1).max(65535).default(3e3),
215
+ ssr: z8.boolean().default(false),
180
216
  /** When true (and ssr === true), use renderToPipeableStream with progressive
181
217
  * shell flush instead of single-shot renderToString. Opt-in for streaming
182
218
  * SSR; default false preserves the current behavior. */
183
- ssrStreaming: z.boolean().default(false),
219
+ ssrStreaming: z8.boolean().default(false),
184
220
  rateLimit: rateLimitSchema.optional(),
185
221
  upload: uploadSchema.optional(),
186
222
  logging: loggingSchema.optional(),
187
223
  security: securitySchema.optional(),
188
- serialization: z.enum(["json", "superjson"]).default("json"),
224
+ serialization: z8.enum(["json", "superjson"]).default("json"),
189
225
  // Plugins are validated structurally at runtime by createPluginRunnerFromConfig.
190
226
  // Zod only checks the shape minimally (must be array). Type-level safety is
191
227
  // provided through defineConfig at the user surface.
192
- plugins: z.array(z.unknown()).optional(),
228
+ plugins: z8.array(z8.unknown()).optional(),
193
229
  /** Enable client-side batching of theoFetch calls and the
194
230
  * /api/__theo_batch__ server endpoint. */
195
- batching: z.union([z.boolean(), z.object({ max: z.number().int().positive().optional() })]).optional(),
231
+ batching: z8.union([z8.boolean(), z8.object({ max: z8.number().int().positive().optional() })]).optional(),
196
232
  /** T4.1 — Audit log. When `logger` is provided, framework events
197
233
  * (csrf.warn, rate-limit.exceeded, session.rotated, csp.violation) are
198
234
  * emitted to it. Default: noop. */
199
- audit: z.object({
200
- logger: z.unknown().optional()
235
+ audit: z8.object({
236
+ logger: z8.unknown().optional()
201
237
  }).optional(),
202
238
  /** TheoUI auto-wire (T2.1). `false` = opt-out; object = explicit theme/fonts;
203
239
  * undefined = enabled when @theokit/ui is detected in node_modules. */
204
- ui: z.union([
205
- z.literal(false),
206
- z.object({
207
- theme: z.enum(["violet-forge", "noir", "paper"]).optional(),
208
- fonts: z.enum(["bundled", "cdn"]).optional()
240
+ ui: z8.union([
241
+ z8.literal(false),
242
+ z8.object({
243
+ theme: z8.enum(["violet-forge", "noir", "paper"]).optional(),
244
+ fonts: z8.enum(["bundled", "cdn"]).optional()
209
245
  })
210
246
  ]).optional(),
211
247
  /**
@@ -224,11 +260,11 @@ var theoConfigSchema = z.object({
224
260
  * Tree-shaken to noop in prod via the dual-export pattern in
225
261
  * `packages/theo/src/devtools/index.ts` (EC-17 positive prod check).
226
262
  */
227
- devtools: z.union([
228
- z.literal(false),
229
- z.object({
230
- position: z.enum(["top-left", "top-right", "bottom-left", "bottom-right"]).optional(),
231
- theme: z.enum(["light", "dark", "system"]).optional()
263
+ devtools: z8.union([
264
+ z8.literal(false),
265
+ z8.object({
266
+ position: z8.enum(["top-left", "top-right", "bottom-left", "bottom-right"]).optional(),
267
+ theme: z8.enum(["light", "dark", "system"]).optional()
232
268
  })
233
269
  ]).optional(),
234
270
  /**
@@ -237,7 +273,7 @@ var theoConfigSchema = z.object({
237
273
  * (EC-201 / ADR D2). If `config.adapters` includes a target NOT
238
274
  * matching `--target`, `theokit build` emits a cross-reference note.
239
275
  */
240
- adapters: z.array(z.string()).optional(),
276
+ adapters: z8.array(z8.string()).optional(),
241
277
  /**
242
278
  * Extra package names to pre-bundle via Vite's `optimizeDeps.include`.
243
279
  *
@@ -252,14 +288,14 @@ var theoConfigSchema = z.object({
252
288
  * Example:
253
289
  * viteOptimizeDeps: ['mermaid']
254
290
  */
255
- viteOptimizeDeps: z.array(z.string()).optional(),
291
+ viteOptimizeDeps: z8.array(z8.string()).optional(),
256
292
  /**
257
293
  * Jobs backend (ADR D3 + T2.1). When configured, every request gets
258
294
  * `ctx.queue.enqueue` auto-wired via the outbox lifecycle. Pass a
259
295
  * `JobBackend` instance (InMemoryJobBackend, PostgresJobBackend, etc.).
260
296
  */
261
- jobs: z.object({
262
- backend: z.custom((v) => typeof v === "object" && v !== null)
297
+ jobs: z8.object({
298
+ backend: z8.custom((v) => typeof v === "object" && v !== null)
263
299
  }).optional(),
264
300
  /**
265
301
  * StorageManager configuration (T1.1 / ADR-0007).
@@ -294,17 +330,35 @@ var theoConfigSchema = z.object({
294
330
  * The env var `THEOKIT_OPENAPI_SERVERS` (CSV of URLs) overrides
295
331
  * `servers[].url` at emit time without rebuilding the config.
296
332
  */
297
- openapi: z.object({
298
- servers: z.array(
299
- z.object({
300
- url: z.string().url(),
301
- description: z.string().optional()
333
+ openapi: z8.object({
334
+ servers: z8.array(
335
+ z8.object({
336
+ url: z8.string().url(),
337
+ description: z8.string().optional()
302
338
  })
303
339
  ).default([{ url: "http://localhost:3000", description: "Local development" }]),
304
- specVersion: z.enum(["3.1.0", "3.0.3"]).default("3.1.0"),
305
- title: z.string().default("TheoKit App"),
306
- version: z.string().default("0.0.0"),
307
- outDir: z.string().default(".theo")
340
+ specVersion: z8.enum(["3.1.0", "3.0.3"]).default("3.1.0"),
341
+ title: z8.string().default("TheoKit App"),
342
+ version: z8.string().default("0.0.0"),
343
+ outDir: z8.string().default(".theo")
344
+ }).optional(),
345
+ /**
346
+ * G5 T1.3 — error envelope transformer hook (blueprint ADR D3).
347
+ *
348
+ * When present, runs at framework error-boundary time to enrich the
349
+ * envelope with consumer-defined extensions (`hint`, custom telemetry
350
+ * tags, etc.) BEFORE the envelope is serialized to the client. The
351
+ * function signature is preserved via the explicit `FormatErrorHook`
352
+ * type — TS inference flows from `theo.config.ts` into `@theo/client`
353
+ * codegen and `@theokit/ui` AgentErrorCard consumers.
354
+ *
355
+ * Use `z.custom<FormatErrorHook>(...)` because Zod's built-in
356
+ * `z.function()` discards its TS signature after parse; `z.custom`
357
+ * with a function-typed runtime guard preserves the call-site type
358
+ * without trading off Zod runtime validation.
359
+ */
360
+ formatError: z8.custom((val) => typeof val === "function", {
361
+ message: "formatError must be a function"
308
362
  }).optional()
309
363
  }).refine((cfg) => !Object.values(cfg.services).some((s) => s.port === cfg.port), {
310
364
  message: "service.port collides with TheoKit web port \u2014 change one of them",
@@ -312,6 +366,7 @@ var theoConfigSchema = z.object({
312
366
  });
313
367
 
314
368
  export {
369
+ headerSafeString,
315
370
  rateLimitSchema,
316
371
  uploadSchema,
317
372
  loggingSchema,
@@ -323,4 +378,4 @@ export {
323
378
  storageSchema,
324
379
  theoConfigSchema
325
380
  };
326
- //# sourceMappingURL=chunk-X4JAX2U3.js.map
381
+ //# sourceMappingURL=chunk-4S2UCILN.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/config/schema.ts","../src/config/schemas/header-safe.ts","../src/config/schemas/rate-limit.ts","../src/config/schemas/upload.ts","../src/config/schemas/logging.ts","../src/config/schemas/cache.ts","../src/config/schemas/security.ts","../src/config/schemas/storage.ts"],"sourcesContent":["import { z } from 'zod'\n\nimport { servicesConfigSchema } from '../services/index.js'\n\nimport {\n cacheSchema,\n loggingSchema,\n rateLimitSchema,\n securitySchema,\n storageSchema,\n uploadSchema,\n type FormatErrorContext,\n type FormatErrorHook,\n} from './schemas/index.js'\n\n// Re-export per-concern schemas + types so downstream consumers\n// (`adapters/*`, vite-plugin, generators, tests) keep their existing\n// imports valid. Per plan T2.3 — pure structural split; zero behavior\n// change at the call site.\nexport {\n cacheSchema,\n corsSchema,\n disallowedConfigSchema,\n headerSafeString,\n loggingSchema,\n rateLimitSchema,\n securityHeadersSchema,\n securitySchema,\n storageSchema,\n uploadSchema,\n} from './schemas/index.js'\n\nexport type { FormatErrorContext, FormatErrorHook, StorageConfig } from './schemas/index.js'\n\n/**\n * Root `theo.config.ts` schema — composer assembled from the per-concern\n * primitives re-exported above.\n *\n * Embedded blocks that exist ONLY as part of the root config (`agents`,\n * `ui`, `devtools`, `jobs`, `openapi`) stay inline below. They have no\n * external consumers; splitting them would create lonely files (M5\n * smell) without comprehension benefit.\n */\nexport const theoConfigSchema = z\n .object({\n /**\n * Plan v1.2 T2.1 — project identifier propagated into\n * `.theo/services.json` v2 `project` field. DNS-1123 compatible (drives\n * Gitea repo + ArgoCD App naming on TheoCloud). When omitted, the build\n * emits services.json v1 with the legacy `services-bundle` fallback\n * (ADR D10) and logs a deprecation warning.\n */\n name: z\n .string()\n .max(63)\n .refine(\n // DNS-1123 equivalent expressed as explicit single-char anchors so\n // security/detect-unsafe-regex stays clean (no backtracking).\n (value) =>\n value.length > 0 &&\n /^[a-z0-9-]+$/u.test(value) &&\n !value.startsWith('-') &&\n !value.endsWith('-'),\n 'name must match DNS-1123 (lowercase alphanumeric+hyphens, 1-63 chars, no leading/trailing hyphen)',\n )\n .optional(),\n appDir: z.string().default('app'),\n serverDir: z.string().default('server'),\n /**\n * T2.2 / EC-4 — Build output directory. Must be a relative path inside\n * the project root. Refused absolute or parent-relative paths to prevent\n * `cleanOutDir` from wiping arbitrary locations (defense-in-depth on\n * top of cleanOutDir's runtime EC-3 guard).\n */\n distDir: z\n .string()\n .default('.theo')\n .refine(\n (d) => !/^([A-Za-z]:)?[/\\\\]/.test(d) && !d.startsWith('..'),\n 'distDir must be a relative path inside the project root (e.g., \".theo\")',\n ),\n /**\n * Agent runtime configuration.\n *\n * - `maxRegistries` (T2.3, legacy): dev-mode cleanup of stale\n * `.theokit/agents/<id>/` dirs by mtime. Now superseded by SDK's\n * native registry GC but kept for backward-compat.\n * - `registry` (Phase 6, Production-Readiness #2): forwarded to\n * `Agent.registry.configure()` lazily on first request.\n * * `maxAgents` — LRU cap. MUST be ≥ max-concurrent-active-conversations\n * (EC-17 DOCUMENT): with maxAgents:1 and 2 concurrent chats, LRU evicts\n * mid-stream → SDK aborts with code:'aborted'. Default 100 covers\n * indie/small-team; tune up for high-traffic.\n * * `idleTimeoutMs` — auto-evict idle agents (default 30 min). 0 disables\n * idle eviction (LRU only).\n */\n agents: z\n .object({\n maxRegistries: z.number().int().positive().default(100),\n registry: z\n .object({\n /** LRU cap — MUST be ≥ max-concurrent-active-conversations. */\n maxAgents: z.number().int().positive().max(10_000).default(100),\n /** Idle eviction window in ms. 0 disables idle eviction (LRU only). */\n idleTimeoutMs: z\n .number()\n .int()\n .nonnegative()\n .default(30 * 60_000),\n })\n .optional(),\n })\n .optional(),\n port: z.number().int().min(1).max(65535).default(3000),\n ssr: z.boolean().default(false),\n /** When true (and ssr === true), use renderToPipeableStream with progressive\n * shell flush instead of single-shot renderToString. Opt-in for streaming\n * SSR; default false preserves the current behavior. */\n ssrStreaming: z.boolean().default(false),\n rateLimit: rateLimitSchema.optional(),\n upload: uploadSchema.optional(),\n logging: loggingSchema.optional(),\n security: securitySchema.optional(),\n serialization: z.enum(['json', 'superjson']).default('json'),\n // Plugins are validated structurally at runtime by createPluginRunnerFromConfig.\n // Zod only checks the shape minimally (must be array). Type-level safety is\n // provided through defineConfig at the user surface.\n plugins: z.array(z.unknown()).optional(),\n /** Enable client-side batching of theoFetch calls and the\n * /api/__theo_batch__ server endpoint. */\n batching: z\n .union([z.boolean(), z.object({ max: z.number().int().positive().optional() })])\n .optional(),\n /** T4.1 — Audit log. When `logger` is provided, framework events\n * (csrf.warn, rate-limit.exceeded, session.rotated, csp.violation) are\n * emitted to it. Default: noop. */\n audit: z\n .object({\n logger: z.unknown().optional(),\n })\n .optional(),\n /** TheoUI auto-wire (T2.1). `false` = opt-out; object = explicit theme/fonts;\n * undefined = enabled when @theokit/ui is detected in node_modules. */\n ui: z\n .union([\n z.literal(false),\n z.object({\n theme: z.enum(['violet-forge', 'noir', 'paper']).optional(),\n fonts: z.enum(['bundled', 'cdn']).optional(),\n }),\n ])\n .optional(),\n /**\n * Cache subsystem (caching-and-revalidation-plan).\n * Default `undefined` keeps caching disabled (backward compatible).\n * Pass `cache: {}` to opt in with defaults.\n */\n cache: cacheSchema.optional(),\n /**\n * Devtools overlay (Phase 0.4.0+ — see docs/plans/devtools-plan.md).\n *\n * - `undefined` (default): devtools auto-injects in `pnpm dev`, NEVER in `vite build`.\n * - `false`: devtools disabled entirely (Vite plugin skips injection even in dev).\n * - `{ ... }`: devtools enabled with explicit defaults (position, theme).\n *\n * Tree-shaken to noop in prod via the dual-export pattern in\n * `packages/theo/src/devtools/index.ts` (EC-17 positive prod check).\n */\n devtools: z\n .union([\n z.literal(false),\n z.object({\n position: z.enum(['top-left', 'top-right', 'bottom-left', 'bottom-right']).optional(),\n theme: z.enum(['light', 'dark', 'system']).optional(),\n }),\n ])\n .optional(),\n /**\n * Informative list of deploy adapters the app supports. Does NOT\n * trigger per-build translations — only the `--target` CLI flag does\n * (EC-201 / ADR D2). If `config.adapters` includes a target NOT\n * matching `--target`, `theokit build` emits a cross-reference note.\n */\n adapters: z.array(z.string()).optional(),\n /**\n * Extra package names to pre-bundle via Vite's `optimizeDeps.include`.\n *\n * Framework auto-includes `@theokit/ui` and `lucide-react` when present.\n * Apps adding plugin peer-deps that rely on a runtime `import('<pkg>')`\n * (dynamic specifier) — e.g. `@theokit/plugin-canvas` consumers\n * installing `mermaid` for Mermaid SVG rendering — must declare those\n * here so Vite can resolve the literal in dev mode without\n * \"Failed to resolve module specifier\" errors. Production builds use\n * tsup/esbuild bundling and are not affected.\n *\n * Example:\n * viteOptimizeDeps: ['mermaid']\n */\n viteOptimizeDeps: z.array(z.string()).optional(),\n /**\n * Jobs backend (ADR D3 + T2.1). When configured, every request gets\n * `ctx.queue.enqueue` auto-wired via the outbox lifecycle. Pass a\n * `JobBackend` instance (InMemoryJobBackend, PostgresJobBackend, etc.).\n */\n jobs: z\n .object({\n backend: z.custom<unknown>((v) => typeof v === 'object' && v !== null),\n })\n .optional(),\n /**\n * StorageManager configuration (T1.1 / ADR-0007).\n *\n * Declares Postgres servers + databases + Redis servers. Consumed by\n * `getStorageManager().configure()` at boot via `start.ts`.\n *\n * Default `undefined` means manager exists but is not configured — adapters\n * relying on the manager (PostgresJobBackend.fromStorageManager, etc.) will\n * throw with an actionable error on first use.\n */\n storage: storageSchema.optional(),\n /**\n * Wave 2 — Polyglot services orchestration (T1.1 / ADR-0012/0013/0014/0015).\n *\n * Declarative external sidecar processes (Python FastAPI / Node Hono)\n * that boot alongside the TheoKit TS app. Empty `services: {}` is the\n * default and preserves Wave 1 behavior.\n */\n services: servicesConfigSchema,\n /**\n * G2 — OpenAPI emit (build-time only).\n *\n * When present, `theokit build` writes a generated `openapi.json` from\n * every `defineRoute()` body/query/params Zod schema. `undefined` keeps\n * the framework backward-compatible (no emit). Pass `openapi: {}` to\n * opt in with defaults.\n *\n * Defaults: spec 3.1.0 · servers `http://localhost:3000` · title\n * \"TheoKit App\" · version \"0.0.0\" · outDir \".theo\" (next to dist).\n *\n * The env var `THEOKIT_OPENAPI_SERVERS` (CSV of URLs) overrides\n * `servers[].url` at emit time without rebuilding the config.\n */\n openapi: z\n .object({\n servers: z\n .array(\n z.object({\n url: z.string().url(),\n description: z.string().optional(),\n }),\n )\n .default([{ url: 'http://localhost:3000', description: 'Local development' }]),\n specVersion: z.enum(['3.1.0', '3.0.3']).default('3.1.0'),\n title: z.string().default('TheoKit App'),\n version: z.string().default('0.0.0'),\n outDir: z.string().default('.theo'),\n })\n .optional(),\n /**\n * G5 T1.3 — error envelope transformer hook (blueprint ADR D3).\n *\n * When present, runs at framework error-boundary time to enrich the\n * envelope with consumer-defined extensions (`hint`, custom telemetry\n * tags, etc.) BEFORE the envelope is serialized to the client. The\n * function signature is preserved via the explicit `FormatErrorHook`\n * type — TS inference flows from `theo.config.ts` into `@theo/client`\n * codegen and `@theokit/ui` AgentErrorCard consumers.\n *\n * Use `z.custom<FormatErrorHook>(...)` because Zod's built-in\n * `z.function()` discards its TS signature after parse; `z.custom`\n * with a function-typed runtime guard preserves the call-site type\n * without trading off Zod runtime validation.\n */\n formatError: z\n .custom<FormatErrorHook>((val) => typeof val === 'function', {\n message: 'formatError must be a function',\n })\n .optional(),\n })\n // EC-2 fix: cross-config refine — no service may share TheoKit's web port.\n .refine((cfg) => !Object.values(cfg.services).some((s) => s.port === cfg.port), {\n message: 'service.port collides with TheoKit web port — change one of them',\n path: ['services'],\n })\n\nexport type TheoConfig = z.infer<typeof theoConfigSchema>\n\nexport type OpenApiConfig = NonNullable<TheoConfig['openapi']>\n\n// Silence unused-import warnings for type-only re-exports — TS strips at compile,\n// but exports above re-introduce them for downstream consumers.\nexport type _FormatErrorContext = FormatErrorContext\n","import { z } from 'zod'\n\n/**\n * EC-3 — CWE-113 HTTP Response Splitting mitigation.\n *\n * Every string that becomes a header value must reject CR/LF. Apps that\n * derive header values from untrusted input (feature flags, tenant config,\n * URL params) would otherwise let attackers inject Set-Cookie / Location\n * headers via `\\r\\n`. Apply this refinement to every header-bound string\n * field: permissionsPolicy, csp, hsts, referrerPolicy, CORS allow/expose.\n */\nexport const headerSafeString = z\n .string()\n .refine((s) => !/[\\r\\n]/.test(s), { message: 'Header value must not contain CR/LF' })\n","import { z } from 'zod'\n\n/**\n * Base bucket config — legacy shape preserved for backwards compatibility.\n */\nconst baseRateLimitSchema = z.object({\n windowMs: z.number().min(1),\n max: z.number().int().min(1),\n})\n\n/**\n * T2.2 — Per-route + per-user rate limit. The new shape adds `routes`\n * (path map), `keyBy`, and `cookieName`. The legacy flat shape is still\n * accepted via the union — see `createRouteRateLimiter` for normalization.\n */\nexport const rateLimitSchema = z.union([\n baseRateLimitSchema,\n z.object({\n default: baseRateLimitSchema.optional(),\n routes: z.record(z.string(), baseRateLimitSchema).optional(),\n keyBy: z\n .union([\n z.enum(['ip', 'session', 'user']),\n z.function({ input: z.tuple([z.unknown()]), output: z.string() }),\n ])\n .optional(),\n cookieName: z.string().min(1).optional(),\n }),\n])\n","import { z } from 'zod'\n\nexport const uploadSchema = z.object({\n maxFileSize: z\n .number()\n .min(1)\n .default(10 * 1024 * 1024), // 10MB\n maxFiles: z.number().int().min(1).default(10),\n maxFieldSize: z\n .number()\n .min(1)\n .default(1 * 1024 * 1024), // 1MB\n})\n","import { z } from 'zod'\n\nexport const loggingSchema = z.object({\n level: z.enum(['debug', 'info', 'warn', 'error', 'silent']).default('info'),\n})\n","import { z } from 'zod'\n\n/**\n * Cache subsystem config (caching-and-revalidation-plan).\n * Default `cache: undefined` keeps the framework backward-compatible\n * (no engine initialized → no cache primitives available).\n *\n * Setting `cache: {}` opts in with all defaults.\n */\nconst routeRuleSchema = z.object({\n maxAge: z.number().nonnegative().finite().optional(),\n swr: z.number().nonnegative().finite().optional(),\n tags: z.array(z.string()).optional(),\n})\n\nexport const cacheSchema = z.object({\n enabled: z.boolean().default(true),\n /** 'memory' uses InMemoryCacheAdapter; otherwise pass a custom adapter instance. */\n storage: z.union([z.literal('memory'), z.custom<unknown>()]).default('memory'),\n maxEntries: z.number().int().positive().default(1000),\n defaults: z\n .object({\n maxAge: z.number().nonnegative().finite().default(1),\n swr: z.number().nonnegative().finite().optional(),\n cacheErrors: z.boolean().default(false),\n })\n .default({ maxAge: 1, cacheErrors: false }),\n keyDerivation: z\n .object({\n excludeQuery: z.array(z.string()).optional(),\n sortQuery: z.boolean().default(true),\n lowercaseHost: z.boolean().default(true),\n })\n .default({ sortQuery: true, lowercaseHost: true }),\n routeRules: z.record(z.string(), routeRuleSchema).optional(),\n})\n","import { z } from 'zod'\n\nimport { headerSafeString } from './header-safe.js'\n\n/**\n * Phase 5 — CSRF warn-first (EC-1).\n *\n * 0.2.0 default: `warn`. Existing apps keep working but get structured\n * warnings about every state-mutating request that does not carry the\n * `X-Theo-Action: 1` header. 0.3.0 will flip the default to `strict`.\n *\n * Set explicitly to `strict` to opt into the future default early,\n * or `off` to disable CSRF entirely (only valid when you have another\n * defense — bearer auth, no session cookies, etc).\n */\n\n/**\n * Phase 6 — Default security headers (D4 / EC-2).\n *\n * 0.2.0 defaults:\n * - CSP in `report-only` mode (EC-2: don't break existing apps)\n * - X-Frame-Options: DENY · X-Content-Type-Options: nosniff\n * - Referrer-Policy: strict-origin-when-cross-origin\n * - HSTS in production only (no TLS on localhost)\n *\n * Users override individual headers, swap CSP to `enforce`, or disable\n * CSP entirely (`csp: false` / `cspMode: 'off'`).\n */\nexport const securityHeadersSchema = z.object({\n csp: z.union([headerSafeString, z.literal(false)]).optional(),\n // T6.1 — default flipped from 'report-only' to 'enforce' for 0.3.0.\n // Users who want the old behaviour set `cspMode: 'report-only'`\n // explicitly. See docs/migrating/0.2-to-0.3.md.\n cspMode: z.enum(['enforce', 'report-only', 'off']).default('enforce'),\n hsts: z.union([headerSafeString, z.literal(false)]).optional(),\n frameOptions: z.enum(['DENY', 'SAMEORIGIN']).default('DENY'),\n contentTypeOptions: z.literal('nosniff').default('nosniff'),\n referrerPolicy: headerSafeString.default('strict-origin-when-cross-origin'),\n /**\n * T1.1 — Permissions-Policy directive string. EC-3-refined: rejects CR/LF.\n * Pass `false` to suppress the header.\n */\n permissionsPolicy: z.union([headerSafeString, z.literal(false)]).optional(),\n})\n\n/**\n * T5.1 — Disallowed-routes escalation pattern (Rails-inspired).\n *\n * `routes` accepts string (exact match — trailing slash matters) or\n * RegExp entries. Matched routes that would otherwise emit `csrf.warn`\n * dispatch through `disallowedBehavior` instead:\n * - `'warn'` : no-op vs the default warn-mode behavior\n * - `'raise'` : escalate to 403, even when global `csrf` mode is 'warn'\n *\n * Use to roll out strict mode per-route (e.g., flip /api/auth/* first)\n * without committing the entire surface to strict at once.\n */\nexport const disallowedConfigSchema = z.object({\n routes: z.array(z.union([z.string(), z.instanceof(RegExp)])),\n behavior: z.enum(['warn', 'raise']).default('raise'),\n})\n\n/**\n * T1.2 — CORS configuration.\n *\n * `origins` accepts a single value (`'*'`, string, RegExp, callback) OR an\n * array of (string | RegExp). The spec-violating `origins: '*'` +\n * `credentials: true` combination is rejected at parse time (browsers\n * ignore wildcards when credentials are sent).\n *\n * EC-3 — `allowedHeaders` and `exposedHeaders` entries go through the\n * header-safe refinement (CR/LF rejected — CWE-113 mitigation).\n */\nexport const corsSchema = z\n .object({\n origins: z.union([\n z.literal('*'),\n headerSafeString,\n z.instanceof(RegExp),\n z.array(z.union([headerSafeString, z.instanceof(RegExp)])),\n z.function({ input: z.tuple([z.string()]), output: z.boolean() }),\n ]),\n methods: z\n .array(z.enum(['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS', 'HEAD']))\n .optional(),\n allowedHeaders: z.array(headerSafeString).optional(),\n exposedHeaders: z.array(headerSafeString).optional(),\n credentials: z.boolean().default(false),\n maxAge: z.number().int().min(0).max(86400).default(600),\n })\n .refine((c) => !(c.origins === '*' && c.credentials), {\n message: 'CORS spec forbids origins:\"*\" with credentials:true — browsers ignore the wildcard',\n })\n\nexport const securitySchema = z.object({\n // T6.1 — default flipped from 'warn' to 'strict' for 0.3.0. Apps that\n // grep their warn-mode logs from 0.2.x already know which endpoints\n // break; opt back into 'warn' globally OR use disallowedRoutes for\n // surgical migration. See docs/migrating/0.2-to-0.3.md.\n csrf: z.enum(['off', 'warn', 'strict']).default('strict'),\n headers: securityHeadersSchema.optional(),\n /** T5.1 — per-route escalation (Rails disallowed_warnings pattern). */\n disallowed: disallowedConfigSchema.optional(),\n /** T1.2 — Cross-Origin Resource Sharing. Single global config; runs first in pipeline. */\n cors: corsSchema.optional(),\n})\n","import { z } from 'zod'\n\n/**\n * StorageManager schemas (T1.1 / ADR-0007 D4).\n *\n * `theo.config.ts > storage` declares Postgres servers (credentials), the\n * databases on each server (TheoCloud / managed PG / self-host), and Redis\n * servers. The runtime `StorageManager` consumes this block; adapters\n * (PostgresJobBackend, PostgresConversationStorage, etc.) request pools by\n * database name and never see raw credentials at the call site.\n *\n * EC-1 (DOCUMENT in concept doc T4.1): Zod default strip-unknown mode\n * silently drops typo keys (`databasees` instead of `databases`). The\n * concept doc warns users to use exact names; runtime errors are still\n * actionable (`Database \"X\" not configured`).\n *\n * EC-2 (DEFERRED to use-time): `databases.X.server` references a key in\n * `servers`. Cross-field validation is intentionally NOT enforced at parse\n * time — `StorageManager.usePostgres()` throws an actionable error on the\n * first call with the dangling reference, matching Rails / Nitro behavior.\n */\nconst tlsConfigSchema = z.object({\n rejectUnauthorized: z.boolean().optional(),\n caCert: z.string().optional(),\n clientCert: z.string().optional(),\n clientKey: z.string().optional(),\n})\n\nconst serverConfigSchema = z.object({\n host: z.string().min(1),\n port: z.number().int().positive().max(65535).optional(),\n user: z.string().min(1),\n /** Password may be the empty string (some providers permit it). */\n password: z.string(),\n tls: tlsConfigSchema.optional(),\n})\n\nconst postgresPoolConfigSchema = z.object({\n min: z.number().int().nonnegative().optional(),\n max: z.number().int().positive().optional(),\n connectionTimeoutMillis: z.number().int().positive().optional(),\n idleTimeoutMillis: z.number().int().nonnegative().optional(),\n})\n\nconst postgresDatabaseConfigSchema = z.object({\n /** References a key in `storage.servers`. Resolved at `usePostgres()` call time. */\n server: z.string().min(1),\n database: z.string().min(1),\n pool: postgresPoolConfigSchema.optional(),\n})\n\nconst redisServerConfigSchema = serverConfigSchema.extend({\n db: z.number().int().nonnegative().optional(),\n maxRetriesPerRequest: z.number().int().nonnegative().optional(),\n})\n\nexport const storageSchema = z.object({\n servers: z.record(z.string(), serverConfigSchema).optional(),\n databases: z.record(z.string(), postgresDatabaseConfigSchema).optional(),\n redis: z.record(z.string(), redisServerConfigSchema).optional(),\n})\n\nexport type StorageConfig = z.infer<typeof storageSchema>\n"],"mappings":";;;;;;;AAAA,SAAS,KAAAA,UAAS;;;ACAlB,SAAS,SAAS;AAWX,IAAM,mBAAmB,EAC7B,OAAO,EACP,OAAO,CAAC,MAAM,CAAC,SAAS,KAAK,CAAC,GAAG,EAAE,SAAS,sCAAsC,CAAC;;;ACbtF,SAAS,KAAAC,UAAS;AAKlB,IAAM,sBAAsBA,GAAE,OAAO;AAAA,EACnC,UAAUA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B,KAAKA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC;AAC7B,CAAC;AAOM,IAAM,kBAAkBA,GAAE,MAAM;AAAA,EACrC;AAAA,EACAA,GAAE,OAAO;AAAA,IACP,SAAS,oBAAoB,SAAS;AAAA,IACtC,QAAQA,GAAE,OAAOA,GAAE,OAAO,GAAG,mBAAmB,EAAE,SAAS;AAAA,IAC3D,OAAOA,GACJ,MAAM;AAAA,MACLA,GAAE,KAAK,CAAC,MAAM,WAAW,MAAM,CAAC;AAAA,MAChCA,GAAE,SAAS,EAAE,OAAOA,GAAE,MAAM,CAACA,GAAE,QAAQ,CAAC,CAAC,GAAG,QAAQA,GAAE,OAAO,EAAE,CAAC;AAAA,IAClE,CAAC,EACA,SAAS;AAAA,IACZ,YAAYA,GAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACzC,CAAC;AACH,CAAC;;;AC5BD,SAAS,KAAAC,UAAS;AAEX,IAAM,eAAeA,GAAE,OAAO;AAAA,EACnC,aAAaA,GACV,OAAO,EACP,IAAI,CAAC,EACL,QAAQ,KAAK,OAAO,IAAI;AAAA;AAAA,EAC3B,UAAUA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,QAAQ,EAAE;AAAA,EAC5C,cAAcA,GACX,OAAO,EACP,IAAI,CAAC,EACL,QAAQ,IAAI,OAAO,IAAI;AAAA;AAC5B,CAAC;;;ACZD,SAAS,KAAAC,UAAS;AAEX,IAAM,gBAAgBA,GAAE,OAAO;AAAA,EACpC,OAAOA,GAAE,KAAK,CAAC,SAAS,QAAQ,QAAQ,SAAS,QAAQ,CAAC,EAAE,QAAQ,MAAM;AAC5E,CAAC;;;ACJD,SAAS,KAAAC,UAAS;AASlB,IAAM,kBAAkBA,GAAE,OAAO;AAAA,EAC/B,QAAQA,GAAE,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EACnD,KAAKA,GAAE,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChD,MAAMA,GAAE,MAAMA,GAAE,OAAO,CAAC,EAAE,SAAS;AACrC,CAAC;AAEM,IAAM,cAAcA,GAAE,OAAO;AAAA,EAClC,SAASA,GAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA;AAAA,EAEjC,SAASA,GAAE,MAAM,CAACA,GAAE,QAAQ,QAAQ,GAAGA,GAAE,OAAgB,CAAC,CAAC,EAAE,QAAQ,QAAQ;AAAA,EAC7E,YAAYA,GAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,GAAI;AAAA,EACpD,UAAUA,GACP,OAAO;AAAA,IACN,QAAQA,GAAE,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,CAAC;AAAA,IACnD,KAAKA,GAAE,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,IAChD,aAAaA,GAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EACxC,CAAC,EACA,QAAQ,EAAE,QAAQ,GAAG,aAAa,MAAM,CAAC;AAAA,EAC5C,eAAeA,GACZ,OAAO;AAAA,IACN,cAAcA,GAAE,MAAMA,GAAE,OAAO,CAAC,EAAE,SAAS;AAAA,IAC3C,WAAWA,GAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,IACnC,eAAeA,GAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,EACzC,CAAC,EACA,QAAQ,EAAE,WAAW,MAAM,eAAe,KAAK,CAAC;AAAA,EACnD,YAAYA,GAAE,OAAOA,GAAE,OAAO,GAAG,eAAe,EAAE,SAAS;AAC7D,CAAC;;;ACnCD,SAAS,KAAAC,UAAS;AA4BX,IAAM,wBAAwBC,GAAE,OAAO;AAAA,EAC5C,KAAKA,GAAE,MAAM,CAAC,kBAAkBA,GAAE,QAAQ,KAAK,CAAC,CAAC,EAAE,SAAS;AAAA;AAAA;AAAA;AAAA,EAI5D,SAASA,GAAE,KAAK,CAAC,WAAW,eAAe,KAAK,CAAC,EAAE,QAAQ,SAAS;AAAA,EACpE,MAAMA,GAAE,MAAM,CAAC,kBAAkBA,GAAE,QAAQ,KAAK,CAAC,CAAC,EAAE,SAAS;AAAA,EAC7D,cAAcA,GAAE,KAAK,CAAC,QAAQ,YAAY,CAAC,EAAE,QAAQ,MAAM;AAAA,EAC3D,oBAAoBA,GAAE,QAAQ,SAAS,EAAE,QAAQ,SAAS;AAAA,EAC1D,gBAAgB,iBAAiB,QAAQ,iCAAiC;AAAA;AAAA;AAAA;AAAA;AAAA,EAK1E,mBAAmBA,GAAE,MAAM,CAAC,kBAAkBA,GAAE,QAAQ,KAAK,CAAC,CAAC,EAAE,SAAS;AAC5E,CAAC;AAcM,IAAM,yBAAyBA,GAAE,OAAO;AAAA,EAC7C,QAAQA,GAAE,MAAMA,GAAE,MAAM,CAACA,GAAE,OAAO,GAAGA,GAAE,WAAW,MAAM,CAAC,CAAC,CAAC;AAAA,EAC3D,UAAUA,GAAE,KAAK,CAAC,QAAQ,OAAO,CAAC,EAAE,QAAQ,OAAO;AACrD,CAAC;AAaM,IAAM,aAAaA,GACvB,OAAO;AAAA,EACN,SAASA,GAAE,MAAM;AAAA,IACfA,GAAE,QAAQ,GAAG;AAAA,IACb;AAAA,IACAA,GAAE,WAAW,MAAM;AAAA,IACnBA,GAAE,MAAMA,GAAE,MAAM,CAAC,kBAAkBA,GAAE,WAAW,MAAM,CAAC,CAAC,CAAC;AAAA,IACzDA,GAAE,SAAS,EAAE,OAAOA,GAAE,MAAM,CAACA,GAAE,OAAO,CAAC,CAAC,GAAG,QAAQA,GAAE,QAAQ,EAAE,CAAC;AAAA,EAClE,CAAC;AAAA,EACD,SAASA,GACN,MAAMA,GAAE,KAAK,CAAC,OAAO,QAAQ,OAAO,SAAS,UAAU,WAAW,MAAM,CAAC,CAAC,EAC1E,SAAS;AAAA,EACZ,gBAAgBA,GAAE,MAAM,gBAAgB,EAAE,SAAS;AAAA,EACnD,gBAAgBA,GAAE,MAAM,gBAAgB,EAAE,SAAS;AAAA,EACnD,aAAaA,GAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EACtC,QAAQA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,KAAK,EAAE,QAAQ,GAAG;AACxD,CAAC,EACA,OAAO,CAAC,MAAM,EAAE,EAAE,YAAY,OAAO,EAAE,cAAc;AAAA,EACpD,SAAS;AACX,CAAC;AAEI,IAAM,iBAAiBA,GAAE,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA,EAKrC,MAAMA,GAAE,KAAK,CAAC,OAAO,QAAQ,QAAQ,CAAC,EAAE,QAAQ,QAAQ;AAAA,EACxD,SAAS,sBAAsB,SAAS;AAAA;AAAA,EAExC,YAAY,uBAAuB,SAAS;AAAA;AAAA,EAE5C,MAAM,WAAW,SAAS;AAC5B,CAAC;;;ACzGD,SAAS,KAAAC,UAAS;AAqBlB,IAAM,kBAAkBA,GAAE,OAAO;AAAA,EAC/B,oBAAoBA,GAAE,QAAQ,EAAE,SAAS;AAAA,EACzC,QAAQA,GAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,YAAYA,GAAE,OAAO,EAAE,SAAS;AAAA,EAChC,WAAWA,GAAE,OAAO,EAAE,SAAS;AACjC,CAAC;AAED,IAAM,qBAAqBA,GAAE,OAAO;AAAA,EAClC,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACtB,MAAMA,GAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,KAAK,EAAE,SAAS;AAAA,EACtD,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA;AAAA,EAEtB,UAAUA,GAAE,OAAO;AAAA,EACnB,KAAK,gBAAgB,SAAS;AAChC,CAAC;AAED,IAAM,2BAA2BA,GAAE,OAAO;AAAA,EACxC,KAAKA,GAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS;AAAA,EAC7C,KAAKA,GAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,yBAAyBA,GAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EAC9D,mBAAmBA,GAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS;AAC7D,CAAC;AAED,IAAM,+BAA+BA,GAAE,OAAO;AAAA;AAAA,EAE5C,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACxB,UAAUA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B,MAAM,yBAAyB,SAAS;AAC1C,CAAC;AAED,IAAM,0BAA0B,mBAAmB,OAAO;AAAA,EACxD,IAAIA,GAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS;AAAA,EAC5C,sBAAsBA,GAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS;AAChE,CAAC;AAEM,IAAM,gBAAgBA,GAAE,OAAO;AAAA,EACpC,SAASA,GAAE,OAAOA,GAAE,OAAO,GAAG,kBAAkB,EAAE,SAAS;AAAA,EAC3D,WAAWA,GAAE,OAAOA,GAAE,OAAO,GAAG,4BAA4B,EAAE,SAAS;AAAA,EACvE,OAAOA,GAAE,OAAOA,GAAE,OAAO,GAAG,uBAAuB,EAAE,SAAS;AAChE,CAAC;;;APjBM,IAAM,mBAAmBC,GAC7B,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQN,MAAMA,GACH,OAAO,EACP,IAAI,EAAE,EACN;AAAA;AAAA;AAAA,IAGC,CAAC,UACC,MAAM,SAAS,KACf,gBAAgB,KAAK,KAAK,KAC1B,CAAC,MAAM,WAAW,GAAG,KACrB,CAAC,MAAM,SAAS,GAAG;AAAA,IACrB;AAAA,EACF,EACC,SAAS;AAAA,EACZ,QAAQA,GAAE,OAAO,EAAE,QAAQ,KAAK;AAAA,EAChC,WAAWA,GAAE,OAAO,EAAE,QAAQ,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOtC,SAASA,GACN,OAAO,EACP,QAAQ,OAAO,EACf;AAAA,IACC,CAAC,MAAM,CAAC,qBAAqB,KAAK,CAAC,KAAK,CAAC,EAAE,WAAW,IAAI;AAAA,IAC1D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBF,QAAQA,GACL,OAAO;AAAA,IACN,eAAeA,GAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,GAAG;AAAA,IACtD,UAAUA,GACP,OAAO;AAAA;AAAA,MAEN,WAAWA,GAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,GAAM,EAAE,QAAQ,GAAG;AAAA;AAAA,MAE9D,eAAeA,GACZ,OAAO,EACP,IAAI,EACJ,YAAY,EACZ,QAAQ,KAAK,GAAM;AAAA,IACxB,CAAC,EACA,SAAS;AAAA,EACd,CAAC,EACA,SAAS;AAAA,EACZ,MAAMA,GAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,KAAK,EAAE,QAAQ,GAAI;AAAA,EACrD,KAAKA,GAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA,EAI9B,cAAcA,GAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EACvC,WAAW,gBAAgB,SAAS;AAAA,EACpC,QAAQ,aAAa,SAAS;AAAA,EAC9B,SAAS,cAAc,SAAS;AAAA,EAChC,UAAU,eAAe,SAAS;AAAA,EAClC,eAAeA,GAAE,KAAK,CAAC,QAAQ,WAAW,CAAC,EAAE,QAAQ,MAAM;AAAA;AAAA;AAAA;AAAA,EAI3D,SAASA,GAAE,MAAMA,GAAE,QAAQ,CAAC,EAAE,SAAS;AAAA;AAAA;AAAA,EAGvC,UAAUA,GACP,MAAM,CAACA,GAAE,QAAQ,GAAGA,GAAE,OAAO,EAAE,KAAKA,GAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAC9E,SAAS;AAAA;AAAA;AAAA;AAAA,EAIZ,OAAOA,GACJ,OAAO;AAAA,IACN,QAAQA,GAAE,QAAQ,EAAE,SAAS;AAAA,EAC/B,CAAC,EACA,SAAS;AAAA;AAAA;AAAA,EAGZ,IAAIA,GACD,MAAM;AAAA,IACLA,GAAE,QAAQ,KAAK;AAAA,IACfA,GAAE,OAAO;AAAA,MACP,OAAOA,GAAE,KAAK,CAAC,gBAAgB,QAAQ,OAAO,CAAC,EAAE,SAAS;AAAA,MAC1D,OAAOA,GAAE,KAAK,CAAC,WAAW,KAAK,CAAC,EAAE,SAAS;AAAA,IAC7C,CAAC;AAAA,EACH,CAAC,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMZ,OAAO,YAAY,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAW5B,UAAUA,GACP,MAAM;AAAA,IACLA,GAAE,QAAQ,KAAK;AAAA,IACfA,GAAE,OAAO;AAAA,MACP,UAAUA,GAAE,KAAK,CAAC,YAAY,aAAa,eAAe,cAAc,CAAC,EAAE,SAAS;AAAA,MACpF,OAAOA,GAAE,KAAK,CAAC,SAAS,QAAQ,QAAQ,CAAC,EAAE,SAAS;AAAA,IACtD,CAAC;AAAA,EACH,CAAC,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOZ,UAAUA,GAAE,MAAMA,GAAE,OAAO,CAAC,EAAE,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAevC,kBAAkBA,GAAE,MAAMA,GAAE,OAAO,CAAC,EAAE,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAM/C,MAAMA,GACH,OAAO;AAAA,IACN,SAASA,GAAE,OAAgB,CAAC,MAAM,OAAO,MAAM,YAAY,MAAM,IAAI;AAAA,EACvE,CAAC,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWZ,SAAS,cAAc,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQhC,UAAU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeV,SAASA,GACN,OAAO;AAAA,IACN,SAASA,GACN;AAAA,MACCA,GAAE,OAAO;AAAA,QACP,KAAKA,GAAE,OAAO,EAAE,IAAI;AAAA,QACpB,aAAaA,GAAE,OAAO,EAAE,SAAS;AAAA,MACnC,CAAC;AAAA,IACH,EACC,QAAQ,CAAC,EAAE,KAAK,yBAAyB,aAAa,oBAAoB,CAAC,CAAC;AAAA,IAC/E,aAAaA,GAAE,KAAK,CAAC,SAAS,OAAO,CAAC,EAAE,QAAQ,OAAO;AAAA,IACvD,OAAOA,GAAE,OAAO,EAAE,QAAQ,aAAa;AAAA,IACvC,SAASA,GAAE,OAAO,EAAE,QAAQ,OAAO;AAAA,IACnC,QAAQA,GAAE,OAAO,EAAE,QAAQ,OAAO;AAAA,EACpC,CAAC,EACA,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBZ,aAAaA,GACV,OAAwB,CAAC,QAAQ,OAAO,QAAQ,YAAY;AAAA,IAC3D,SAAS;AAAA,EACX,CAAC,EACA,SAAS;AACd,CAAC,EAEA,OAAO,CAAC,QAAQ,CAAC,OAAO,OAAO,IAAI,QAAQ,EAAE,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI,IAAI,GAAG;AAAA,EAC9E,SAAS;AAAA,EACT,MAAM,CAAC,UAAU;AACnB,CAAC;","names":["z","z","z","z","z","z","z","z","z"]}
@@ -1,8 +1,13 @@
1
1
  import {
2
- extractTraceContext,
3
- generateNewTraceContext,
4
2
  writeAtomic
5
- } from "./chunk-YLBSSEHX.js";
3
+ } from "./chunk-Y4H3JNVK.js";
4
+ import {
5
+ extractTraceContext,
6
+ generateNewTraceContext
7
+ } from "./chunk-6NEXVBPY.js";
8
+ import {
9
+ importUserModule
10
+ } from "./chunk-7MQOHNHE.js";
6
11
  import {
7
12
  walkSourceFiles
8
13
  } from "./chunk-X2VVCJ4V.js";
@@ -37,7 +42,6 @@ var NonRetryableError = class extends Error {
37
42
  };
38
43
 
39
44
  // src/server/jobs/job-backend-memory.ts
40
- import { randomUUID } from "crypto";
41
45
  var DEFAULT_MAX_PENDING = 1e4;
42
46
  var InMemoryJobBackend = class {
43
47
  name = "memory";
@@ -72,7 +76,7 @@ var InMemoryJobBackend = class {
72
76
  return { jobId: existing.jobId };
73
77
  }
74
78
  }
75
- const jobId = randomUUID();
79
+ const jobId = globalThis.crypto.randomUUID();
76
80
  const now = Date.now();
77
81
  const availableAt = now + (input.delaySeconds ?? 0) * 1e3;
78
82
  const entry = {
@@ -444,7 +448,6 @@ function relativize(absPath, root) {
444
448
  // src/server/jobs/job-scan.ts
445
449
  import { existsSync } from "fs";
446
450
  import { basename } from "path";
447
- import { pathToFileURL } from "url";
448
451
  var DuplicateJobNameError = class extends Error {
449
452
  constructor(jobName, filePaths) {
450
453
  super(
@@ -476,7 +479,7 @@ async function scanJobs(jobsDir) {
476
479
  for (const filePath of filePaths) {
477
480
  let mod;
478
481
  try {
479
- mod = await import(pathToFileURL(filePath).href);
482
+ mod = await importUserModule(filePath);
480
483
  } catch (err) {
481
484
  const reason = err instanceof Error ? err.message : String(err);
482
485
  throw new Error(`Failed to import job file "${filePath}": ${reason}`);
@@ -520,4 +523,4 @@ export {
520
523
  DuplicateJobNameError,
521
524
  scanJobs
522
525
  };
523
- //# sourceMappingURL=chunk-C52GSJPF.js.map
526
+ //# sourceMappingURL=chunk-4S6YHNG2.js.map