theokit 0.4.0-beta.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{actions-virtual-module-HWNTIEPI.js → actions-virtual-module-IY46EEEX.js} +2 -2
- package/dist/{actions-virtual-module-SEIPACG5.js → actions-virtual-module-XNHDNCZ6.js} +2 -2
- package/dist/add-2ZFFGGE4.js +0 -0
- package/dist/{app-typed-client-ITIYTBXO.js → app-typed-client-OUJO3V5J.js} +10 -5
- package/dist/{app-typed-client-62FYBLVJ.js.map → app-typed-client-OUJO3V5J.js.map} +1 -1
- package/dist/{app-typed-client-62FYBLVJ.js → app-typed-client-YOMWSA3F.js} +11 -6
- package/dist/{app-typed-client-ITIYTBXO.js.map → app-typed-client-YOMWSA3F.js.map} +1 -1
- package/dist/audit-log-BQWM5YLG.d.ts +60 -0
- package/dist/{aws-lambda-XYCGZH3I.js → aws-lambda-GKSTX6HD.js} +3 -3
- package/dist/body-parser-web-MUWBKZ3F.js +70 -0
- package/dist/body-parser-web-MUWBKZ3F.js.map +1 -0
- package/dist/broadcast-QOQGUNNK.js +0 -0
- package/dist/{build-HIGHJQQV.js → build-D4J7XECU.js} +31 -22
- package/dist/build-D4J7XECU.js.map +1 -0
- package/dist/build-request-body-preview-II2235E6.js +0 -0
- package/dist/{bun-K73TQEWC.js → bun-ISHSNFIO.js} +3 -3
- package/dist/{check-PZR67OY5.js → check-NXYPLM6M.js} +2 -2
- package/dist/{chunk-WZ7CPVQB.js → chunk-27LWMYNK.js} +28 -24
- package/dist/chunk-27LWMYNK.js.map +1 -0
- package/dist/{chunk-BIGBFZSU.js → chunk-2F4FROEQ.js} +1689 -1521
- package/dist/chunk-2F4FROEQ.js.map +1 -0
- package/dist/chunk-4HBI7DHP.js +20 -0
- package/dist/chunk-4HBI7DHP.js.map +1 -0
- package/dist/{chunk-X4JAX2U3.js → chunk-4S2UCILN.js} +180 -125
- package/dist/chunk-4S2UCILN.js.map +1 -0
- package/dist/{chunk-C52GSJPF.js → chunk-4S6YHNG2.js} +11 -8
- package/dist/chunk-4S6YHNG2.js.map +1 -0
- package/dist/chunk-5ODOE6EF.js +0 -0
- package/dist/{chunk-KJVEJILQ.js → chunk-5PU65T5W.js} +9 -3
- package/dist/chunk-5PU65T5W.js.map +1 -0
- package/dist/chunk-5QW7IQQU.js +36 -0
- package/dist/chunk-5QW7IQQU.js.map +1 -0
- package/dist/chunk-5Z2727GV.js +1324 -0
- package/dist/chunk-5Z2727GV.js.map +1 -0
- package/dist/{chunk-YLBSSEHX.js → chunk-6NEXVBPY.js} +5 -15
- package/dist/chunk-6NEXVBPY.js.map +1 -0
- package/dist/chunk-7MQOHNHE.js +36 -0
- package/dist/chunk-7MQOHNHE.js.map +1 -0
- package/dist/{chunk-TPCT3MXV.js → chunk-ABVITXFH.js} +405 -272
- package/dist/chunk-ABVITXFH.js.map +1 -0
- package/dist/chunk-ASDXVRJD.js +185 -0
- package/dist/chunk-ASDXVRJD.js.map +1 -0
- package/dist/chunk-B3L3TJVF.js +406 -0
- package/dist/chunk-B3L3TJVF.js.map +1 -0
- package/dist/{chunk-PB4GR7EP.js → chunk-C3ZZ56YZ.js} +1 -18
- package/dist/chunk-C3ZZ56YZ.js.map +1 -0
- package/dist/{chunk-O7335ZGH.js → chunk-CG563V5M.js} +5 -3
- package/dist/chunk-CG563V5M.js.map +1 -0
- package/dist/{chunk-5OFPQK6N.js → chunk-COXLEZCN.js} +2 -1
- package/dist/chunk-COXLEZCN.js.map +1 -0
- package/dist/{chunk-O4BLVPML.js → chunk-DNMSV3R3.js} +22 -28
- package/dist/chunk-DNMSV3R3.js.map +1 -0
- package/dist/chunk-E3JH6YUM.js +1 -0
- package/dist/chunk-ESC54TAK.js +220 -0
- package/dist/chunk-ESC54TAK.js.map +1 -0
- package/dist/chunk-FI7MPTJW.js +77 -0
- package/dist/chunk-FI7MPTJW.js.map +1 -0
- package/dist/chunk-H4J2LECY.js +201 -0
- package/dist/chunk-H4J2LECY.js.map +1 -0
- package/dist/chunk-IAJ2JVEH.js +256 -0
- package/dist/chunk-IAJ2JVEH.js.map +1 -0
- package/dist/{chunk-F3TG5FJV.js → chunk-IEZCAT2I.js} +7 -1
- package/dist/{chunk-F3TG5FJV.js.map → chunk-IEZCAT2I.js.map} +1 -1
- package/dist/chunk-JHEAWR3L.js +1 -0
- package/dist/chunk-JQSKBMXP.js +17 -0
- package/dist/chunk-JQSKBMXP.js.map +1 -0
- package/dist/{chunk-4QTKSLTO.js → chunk-K4M64WD6.js} +9 -5
- package/dist/{chunk-4QTKSLTO.js.map → chunk-K4M64WD6.js.map} +1 -1
- package/dist/chunk-KI7OWQUX.js +293 -0
- package/dist/chunk-KI7OWQUX.js.map +1 -0
- package/dist/chunk-KT3MWNZG.js +0 -0
- package/dist/{chunk-ZJW5FFYJ.js → chunk-LC5PYNJP.js} +2 -2
- package/dist/{chunk-JAAHOGKI.js → chunk-M2EY7KDR.js} +1223 -1124
- package/dist/chunk-M2EY7KDR.js.map +1 -0
- package/dist/{chunk-2VQKDRVF.js → chunk-MR7OLIC6.js} +3 -3
- package/dist/chunk-NM4WF3XD.js +63 -0
- package/dist/chunk-NM4WF3XD.js.map +1 -0
- package/dist/chunk-NPMCKOX4.js +1 -0
- package/dist/{chunk-VRHXOKRP.js → chunk-NZXH2LQQ.js} +86 -83
- package/dist/chunk-NZXH2LQQ.js.map +1 -0
- package/dist/{chunk-B6RP57M3.js → chunk-OLPB36O2.js} +4 -4
- package/dist/chunk-PIVX3DYW.js +142 -0
- package/dist/chunk-PIVX3DYW.js.map +1 -0
- package/dist/{chunk-7TOMTMHT.js → chunk-R7OC6UDK.js} +2 -1
- package/dist/chunk-R7OC6UDK.js.map +1 -0
- package/dist/chunk-RESN62GB.js +269 -0
- package/dist/chunk-RESN62GB.js.map +1 -0
- package/dist/{chunk-64JI5LTO.js → chunk-RMU7EBRO.js} +2 -2
- package/dist/chunk-RMU7EBRO.js.map +1 -0
- package/dist/chunk-TQYSPYKU.js +131 -0
- package/dist/chunk-TQYSPYKU.js.map +1 -0
- package/dist/chunk-TSLSIRBR.js +107 -0
- package/dist/chunk-TSLSIRBR.js.map +1 -0
- package/dist/{chunk-XP7YXRHO.js → chunk-U6TPSW4L.js} +37 -5
- package/dist/chunk-U6TPSW4L.js.map +1 -0
- package/dist/chunk-UD3LFGDL.js +45 -0
- package/dist/chunk-UD3LFGDL.js.map +1 -0
- package/dist/chunk-UUFYP2UM.js +161 -0
- package/dist/chunk-UUFYP2UM.js.map +1 -0
- package/dist/{chunk-OXIQI2XZ.js → chunk-VBZCVFSA.js} +2 -2
- package/dist/chunk-VMEWD57H.js +137 -0
- package/dist/chunk-VMEWD57H.js.map +1 -0
- package/dist/{chunk-TRH2L3FI.js → chunk-WEGALZEU.js} +3 -3
- package/dist/{chunk-ZOXNJV2O.js → chunk-WGHJD6I7.js} +35 -138
- package/dist/chunk-WGHJD6I7.js.map +1 -0
- package/dist/chunk-XMS5VRIK.js +0 -0
- package/dist/chunk-Y4H3JNVK.js +18 -0
- package/dist/chunk-Y4H3JNVK.js.map +1 -0
- package/dist/chunk-Z5IGLBWE.js +329 -0
- package/dist/chunk-Z5IGLBWE.js.map +1 -0
- package/dist/chunk-ZEGYW52B.js +26 -0
- package/dist/chunk-ZEGYW52B.js.map +1 -0
- package/dist/chunk-ZJQ4O76G.js +87 -0
- package/dist/chunk-ZJQ4O76G.js.map +1 -0
- package/dist/cli/index.js +32 -21
- package/dist/cli/index.js.map +1 -1
- package/dist/client/index.d.ts +107 -1
- package/dist/client/index.js +152 -6
- package/dist/client/index.js.map +1 -1
- package/dist/{cloudflare-LCAOTRYZ.js → cloudflare-OJGJ7R2D.js} +3 -3
- package/dist/configure-agent-registry-6YGTJYBC.js +0 -0
- package/dist/cookies-MJKMGJ7N.js +22 -0
- package/dist/csrf-BBrEZSBW.d.ts +107 -0
- package/dist/csrf-readiness-store-CjIoub3U.d.ts +43 -0
- package/dist/define-websocket-CdK94O-D.d.ts +64 -0
- package/dist/{deno-deploy-ZN4RE5HF.js → deno-deploy-BHWKFTOW.js} +3 -3
- package/dist/{dev-266MVCVA.js → dev-MJVSRZGF.js} +11 -11
- package/dist/{dev-emit-RBSFZZNO.js → dev-emit-5VPRCHOD.js} +39 -142
- package/dist/dev-emit-5VPRCHOD.js.map +1 -0
- package/dist/{dev-emit-NO6OZJOQ.js → dev-emit-HHP2XJXE.js} +5 -5
- package/dist/devtools/entry.js +185 -131
- package/dist/devtools/entry.js.map +1 -1
- package/dist/{dispatcher-AQJGI3HU.js → dispatcher-63LBXYLE.js} +2 -2
- package/dist/{dispatcher-E6QV32BO.js → dispatcher-EJME6C6M.js} +5 -2
- package/dist/dispatcher-EJME6C6M.js.map +1 -0
- package/dist/{dist-5V77Z223.js → dist-KRW6OVD4.js} +7 -7
- package/dist/dist-KRW6OVD4.js.map +1 -0
- package/dist/docker-EZDA5FT7.js +0 -0
- package/dist/error-envelope-BsNzzAV5.d.ts +62 -0
- package/dist/{generate-DT4IIAHF.js → generate-AZ2K6Z2Z.js} +75 -2
- package/dist/generate-AZ2K6Z2Z.js.map +1 -0
- package/dist/index-DWWEdFh5.d.ts +399 -0
- package/dist/index.d.ts +161 -1391
- package/dist/index.js +20 -8
- package/dist/index.js.map +1 -1
- package/dist/{info-FJ4NXKTB.js → info-47VB62MV.js} +5 -5
- package/dist/job-backend-CgC8Xf33.d.ts +68 -0
- package/dist/{lib-NL5JXGEB.js → lib-NST3PNZX.js} +31 -31
- package/dist/lib-NST3PNZX.js.map +1 -0
- package/dist/module-loader-Cfz7dgCP.d.ts +26 -0
- package/dist/{netlify-5VQ22Z2P.js → netlify-GSNSJGMN.js} +3 -3
- package/dist/{node-3APTLGWB.js → node-6I5B6RL3.js} +3 -3
- package/dist/node-6I5B6RL3.js.map +1 -0
- package/dist/{openapi-FNVSWZOL.js → openapi-NFLSNNVQ.js} +10 -10
- package/dist/plugin-runner-BGBkzgi0.d.ts +95 -0
- package/dist/plugin-types-DNJGxr4Z.d.ts +79 -0
- package/dist/{proper-lockfile-4Y3DP3RP.js → proper-lockfile-MVKMQGFK.js} +27 -27
- package/dist/proper-lockfile-MVKMQGFK.js.map +1 -0
- package/dist/rate-limit-BdNDZ3vt.d.ts +58 -0
- package/dist/registry-QHEZ3BWB.js +25 -0
- package/dist/router-RGZFX75G.js +0 -0
- package/dist/{routes-H4SPLFHJ.js → routes-3A4XGIEJ.js} +6 -6
- package/dist/{scan-C2BOKLSY.js → scan-NQFI5S7P.js} +2 -2
- package/dist/scan-NQFI5S7P.js.map +1 -0
- package/dist/schema-D3v8VB7o.d.ts +76 -0
- package/dist/{schema-VR6YNVLQ.js → schema-KZVOV333.js} +5 -3
- package/dist/schema-KZVOV333.js.map +1 -0
- package/dist/server/agent/index.d.ts +229 -0
- package/dist/server/agent/index.js +16 -0
- package/dist/server/agent/index.js.map +1 -0
- package/dist/server/auth/index.d.ts +46 -1
- package/dist/server/auth/index.js +10 -3
- package/dist/server/cost/index.d.ts +1 -3
- package/dist/server/cost/index.js +1 -1
- package/dist/server/cron/index.js +4 -2
- package/dist/server/define/index.d.ts +281 -0
- package/dist/server/define/index.js +26 -0
- package/dist/server/define/index.js.map +1 -0
- package/dist/server/http/index.d.ts +10 -0
- package/dist/server/http/index.js +74 -0
- package/dist/server/http/index.js.map +1 -0
- package/dist/server/index.d.ts +151 -1677
- package/dist/server/index.js +558 -1102
- package/dist/server/index.js.map +1 -1
- package/dist/server/jobs/index.d.ts +348 -2
- package/dist/server/jobs/index.js +5 -3
- package/dist/server/observability/index.d.ts +324 -0
- package/dist/server/observability/index.js +48 -0
- package/dist/server/observability/index.js.map +1 -0
- package/dist/server/plugins/index.d.ts +17 -0
- package/dist/server/plugins/index.js +17 -0
- package/dist/server/plugins/index.js.map +1 -0
- package/dist/server/rate-limit/index.d.ts +105 -0
- package/dist/server/rate-limit/index.js +25 -0
- package/dist/server/rate-limit/index.js.map +1 -0
- package/dist/server/realtime/index.d.ts +15 -0
- package/dist/server/realtime/index.js +8 -0
- package/dist/server/realtime/index.js.map +1 -0
- package/dist/server/scan/index.d.ts +106 -0
- package/dist/server/scan/index.js +43 -0
- package/dist/server/scan/index.js.map +1 -0
- package/dist/server/security/index.d.ts +193 -0
- package/dist/server/security/index.js +50 -0
- package/dist/server/security/index.js.map +1 -0
- package/dist/server/storage/index.d.ts +22 -0
- package/dist/server/storage/index.js +14 -0
- package/dist/server/storage/index.js.map +1 -0
- package/dist/server/webhook/index.d.ts +148 -0
- package/dist/server/webhook/index.js +19 -0
- package/dist/server/webhook/index.js.map +1 -0
- package/dist/server-error-to-envelope-NO4CCAFQ.js +8 -0
- package/dist/server-error-to-envelope-NO4CCAFQ.js.map +1 -0
- package/dist/server-error-to-envelope-UJK6OWDJ.js +134 -0
- package/dist/server-error-to-envelope-UJK6OWDJ.js.map +1 -0
- package/dist/server-routes-hmr-GZJGPWMS.js +0 -0
- package/dist/services-json-Z2QNGVPW.js +142 -0
- package/dist/services-json-Z2QNGVPW.js.map +1 -0
- package/dist/{services-typed-client-XWYYBWGW.js → services-typed-client-KK6RHRDG.js} +2 -2
- package/dist/{services-typed-client-ZX5JUHH3.js → services-typed-client-T7M5VPBP.js} +2 -2
- package/dist/{sqlite-vec-ARPNUBWT.js → sqlite-vec-54KB4RD3.js} +2 -2
- package/dist/sqlite-vec-54KB4RD3.js.map +1 -0
- package/dist/{start-HX3QUSOS.js → start-CGSZPBAG.js} +23 -23
- package/dist/start-CGSZPBAG.js.map +1 -0
- package/dist/{static-TZBVBDTB.js → static-QI5NQT2X.js} +6 -6
- package/dist/storage-manager-C4jsO0Tp.d.ts +89 -0
- package/dist/storage-manager-D5KBXXKB.js +0 -0
- package/dist/{storage-types-DtIVejC1.d.ts → storage-types-DsDTCPbp.d.ts} +1 -1
- package/dist/{theo-cloud-3K4DGB3S.js → theo-cloud-RSQCBNXL.js} +4 -4
- package/dist/theo-cloud-RSQCBNXL.js.map +1 -0
- package/dist/upgrade-readiness-GUJBCJIS.js +0 -0
- package/dist/{vercel-MWW24ABC.js → vercel-TKPZK62A.js} +3 -3
- package/dist/vite-plugin/index.d.ts +3 -1
- package/dist/vite-plugin/index.js +20 -8
- package/dist/{vite-plugin-IK3NOWXS.js → vite-plugin-CR4JDFUQ.js} +9 -9
- package/dist/vite-plugin-CR4JDFUQ.js.map +1 -0
- package/package.json +61 -9
- package/LICENSE +0 -201
- package/dist/build-HIGHJQQV.js.map +0 -1
- package/dist/chunk-5OFPQK6N.js.map +0 -1
- package/dist/chunk-64JI5LTO.js.map +0 -1
- package/dist/chunk-7TOMTMHT.js.map +0 -1
- package/dist/chunk-BIGBFZSU.js.map +0 -1
- package/dist/chunk-C52GSJPF.js.map +0 -1
- package/dist/chunk-CZM6WWWS.js +0 -2450
- package/dist/chunk-CZM6WWWS.js.map +0 -1
- package/dist/chunk-JAAHOGKI.js.map +0 -1
- package/dist/chunk-KJVEJILQ.js.map +0 -1
- package/dist/chunk-O4BLVPML.js.map +0 -1
- package/dist/chunk-O7335ZGH.js.map +0 -1
- package/dist/chunk-PB4GR7EP.js.map +0 -1
- package/dist/chunk-TPCT3MXV.js.map +0 -1
- package/dist/chunk-VRHXOKRP.js.map +0 -1
- package/dist/chunk-WZ7CPVQB.js.map +0 -1
- package/dist/chunk-X4JAX2U3.js.map +0 -1
- package/dist/chunk-XP7YXRHO.js.map +0 -1
- package/dist/chunk-YLBSSEHX.js.map +0 -1
- package/dist/chunk-ZOXNJV2O.js.map +0 -1
- package/dist/dev-emit-RBSFZZNO.js.map +0 -1
- package/dist/dispatcher-E6QV32BO.js.map +0 -1
- package/dist/dist-5V77Z223.js.map +0 -1
- package/dist/generate-DT4IIAHF.js.map +0 -1
- package/dist/index-li83Swxa.d.ts +0 -506
- package/dist/lib-NL5JXGEB.js.map +0 -1
- package/dist/proper-lockfile-4Y3DP3RP.js.map +0 -1
- package/dist/registry-4MZ26TZD.js +0 -25
- package/dist/schema-CjVly9c_.d.ts +0 -274
- package/dist/sqlite-vec-ARPNUBWT.js.map +0 -1
- package/dist/start-HX3QUSOS.js.map +0 -1
- package/dist/theo-cloud-3K4DGB3S.js.map +0 -1
- /package/dist/{actions-virtual-module-HWNTIEPI.js.map → actions-virtual-module-IY46EEEX.js.map} +0 -0
- /package/dist/{actions-virtual-module-SEIPACG5.js.map → actions-virtual-module-XNHDNCZ6.js.map} +0 -0
- /package/dist/{aws-lambda-XYCGZH3I.js.map → aws-lambda-GKSTX6HD.js.map} +0 -0
- /package/dist/{bun-K73TQEWC.js.map → bun-ISHSNFIO.js.map} +0 -0
- /package/dist/{check-PZR67OY5.js.map → check-NXYPLM6M.js.map} +0 -0
- /package/dist/{dispatcher-AQJGI3HU.js.map → chunk-E3JH6YUM.js.map} +0 -0
- /package/dist/{node-3APTLGWB.js.map → chunk-JHEAWR3L.js.map} +0 -0
- /package/dist/{chunk-ZJW5FFYJ.js.map → chunk-LC5PYNJP.js.map} +0 -0
- /package/dist/{chunk-2VQKDRVF.js.map → chunk-MR7OLIC6.js.map} +0 -0
- /package/dist/{scan-C2BOKLSY.js.map → chunk-NPMCKOX4.js.map} +0 -0
- /package/dist/{chunk-B6RP57M3.js.map → chunk-OLPB36O2.js.map} +0 -0
- /package/dist/{chunk-OXIQI2XZ.js.map → chunk-VBZCVFSA.js.map} +0 -0
- /package/dist/{chunk-TRH2L3FI.js.map → chunk-WEGALZEU.js.map} +0 -0
- /package/dist/{cloudflare-LCAOTRYZ.js.map → cloudflare-OJGJ7R2D.js.map} +0 -0
- /package/dist/{schema-VR6YNVLQ.js.map → cookies-MJKMGJ7N.js.map} +0 -0
- /package/dist/{deno-deploy-ZN4RE5HF.js.map → deno-deploy-BHWKFTOW.js.map} +0 -0
- /package/dist/{dev-266MVCVA.js.map → dev-MJVSRZGF.js.map} +0 -0
- /package/dist/{dev-emit-NO6OZJOQ.js.map → dev-emit-HHP2XJXE.js.map} +0 -0
- /package/dist/{vite-plugin-IK3NOWXS.js.map → dispatcher-63LBXYLE.js.map} +0 -0
- /package/dist/{info-FJ4NXKTB.js.map → info-47VB62MV.js.map} +0 -0
- /package/dist/{netlify-5VQ22Z2P.js.map → netlify-GSNSJGMN.js.map} +0 -0
- /package/dist/{openapi-FNVSWZOL.js.map → openapi-NFLSNNVQ.js.map} +0 -0
- /package/dist/{registry-4MZ26TZD.js.map → registry-QHEZ3BWB.js.map} +0 -0
- /package/dist/{routes-H4SPLFHJ.js.map → routes-3A4XGIEJ.js.map} +0 -0
- /package/dist/{services-typed-client-XWYYBWGW.js.map → services-typed-client-KK6RHRDG.js.map} +0 -0
- /package/dist/{services-typed-client-ZX5JUHH3.js.map → services-typed-client-T7M5VPBP.js.map} +0 -0
- /package/dist/{static-TZBVBDTB.js.map → static-QI5NQT2X.js.map} +0 -0
- /package/dist/{vercel-MWW24ABC.js.map → vercel-TKPZK62A.js.map} +0 -0
package/dist/server/index.d.ts
CHANGED
|
@@ -1,969 +1,38 @@
|
|
|
1
|
-
import {
|
|
2
|
-
|
|
3
|
-
export {
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
export {
|
|
7
|
-
import {
|
|
8
|
-
export {
|
|
1
|
+
import { RouteConfig } from './define/index.js';
|
|
2
|
+
export { ActionAccept, ActionConfig, AgentEndpointConfig, AgentEndpointHandlerArgs, ChannelHandler, CustomTool, DefineAgentToolSpec, MiddlewareHandler, WebChannelHandler, defineAction, defineAgentEndpoint, defineAgentTool, defineChannel, defineMiddleware, defineRoute, defineTheoPlugin, defineWebChannel } from './define/index.js';
|
|
3
|
+
export { W as WebSocketHandler, a as WebSocketHandlerWeb, b as WebSocketLike, d as defineWebSocket, c as defineWebSocketWeb } from '../define-websocket-CdK94O-D.js';
|
|
4
|
+
export { B as BATCH_PATH, a as BatchExecuteFn, b as BatchPathConflictError, c as BatchPayload, d as BatchRequestItem, e as BatchResponse, f as BatchResultItem, C as CookieOptions, g as CorsConfig, h as CorsHandler, i as CorsOrigin, j as CorsWebHandler, k as CustomErrorPages, E as ExecuteActionOptions, l as ExecuteRouteContext, H as HandleBatchOptions, M as MAX_ERROR_HTML_BYTES, m as MiddlewareResult, S as STRIPPED_HEADERS, n as SendErrorInput, o as SendErrorOptions, T as TRACE_HEADER, p as TRACE_PARENT_HEADER, q as TheoTransformer, _ as _resetMiddlewareCacheForTests, r as appendCookieToHeaders, s as appendDeleteCookieToHeaders, t as createCorsHandler, u as createCorsWebHandler, v as deleteCookie, w as executeAction, x as executeRoute, y as extractTraceId, z as extractTraceIdFromRequest, A as getCookie, D as getCookieFromRequest, F as handleBatchRequest, G as jsonTransformer, I as loadCustomErrorPages, J as matchesOrigin, K as parseCookieHeader, L as parseTraceparent, N as resolveTransformer, O as runMiddlewareAndContext, P as sendError, Q as sendJson, R as serializeCookie, U as serveStaticFile, V as setCookie, W as superjsonTransformer } from '../index-DWWEdFh5.js';
|
|
5
|
+
export { ActionNode, ActionScanError, LoadedManifest, ManifestAction, ManifestRoute, ManifestWebSocket, TheoManifest, WebSocketRouteNode, generateManifest, loadManifest, scanMiddlewares, scanServerActions, scanServerActionsEnriched, scanServerRoutes, scanWebSocketRoutes, writeManifest } from './scan/index.js';
|
|
6
|
+
export { L as LoadModule, S as ServerRouteNode, c as compilePattern, a as createProductionLoader, b as createViteLoader, m as matchRoute } from '../module-loader-Cfz7dgCP.js';
|
|
7
|
+
import { T as TheoErrorEnvelope, a as TheoErrorCode, V as ValidationFieldsExt } from '../error-envelope-BsNzzAV5.js';
|
|
8
|
+
export { AgentRunLike, AgentRunResult, AgentRunStreamMessage, ConversationHistoryArgs, ConversationHistoryResult, ConversationStorageLike, SdkAgent, SdkAgentOptions, SdkRunLike, createConversationHistory, errorToEvent, streamAgentRun } from './agent/index.js';
|
|
9
|
+
export { a as AgentErrorEvent, A as AgentEvent, b as AgentMessageEvent, e as AgentRunErrorCode, c as AgentToolCallEvent, d as AgentToolResultEvent } from '../agent-events-B3KNV9ER.js';
|
|
10
|
+
export { AuthRequiredError, BackupCode, BackupCodeOptions, OidcMetadata, PkceChallenge, SessionConfig, SessionManager, SessionManagerWeb, SessionMeta, ThrottleOptions, ThrottleState, TotpAlgorithm, TotpOptions, TotpUriOptions, VerifyTotpOptions, _resetKeyCacheForTests, assertProductionSecret, checkThrottle, clearOidcCache, createSessionManager, createSessionManagerWeb, decrypt, discoverOidcProvider, encrypt, generateBackupCodes, generateNonce, generateOAuthState, generatePkceChallenge, generateTotp, generateTotpSecret, pkceChallengeFromVerifier, recordAttempt, requireAuth, rotateIfNeeded, rotateIfNeededWeb, totpUri, verifyBackupCode, verifyOAuthState, verifyTotp } from './auth/index.js';
|
|
9
11
|
export { InMemoryUsageStorage, ToolHookEvent, ToolUsageRecord, TrackAgentRunInput, TrackAgentRunOptions, TrackAgentToolsHooks, TrackAgentToolsOptions, UsageQuery, UsageRecord, UsageResult, UsageStorageAdapter, trackAgentRun, trackAgentTools } from './cost/index.js';
|
|
10
12
|
export { CRON_MANIFEST_SCHEMA_VERSION, CronConcurrencyPolicy, CronContext, CronDefinition, CronManifest, CronManifestEntry, CronNode, CronOptions, CronScheduler, DuplicateCronNameError, ExistingConfigUnparseableError, buildCronManifest, convertToAwsCron, createCronScheduler, defineCron, scanCrons, translateCronToAws, translateCronToCloudflare, translateCronToDeno, translateCronToVercel, validateCronSchedule, writeCronManifest } from './cron/index.js';
|
|
11
|
-
|
|
12
|
-
export {
|
|
13
|
-
|
|
14
|
-
export {
|
|
15
|
-
export {
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
body?: TBody;
|
|
35
|
-
params?: TParams;
|
|
36
|
-
status?: number;
|
|
37
|
-
/**
|
|
38
|
-
* Opt out of CSRF enforcement for this route. Use for endpoints that
|
|
39
|
-
* legitimately receive third-party POSTs (Stripe webhooks, GitHub
|
|
40
|
-
* webhooks, OAuth callbacks). Defaults to enforced per `config.security.csrf`.
|
|
41
|
-
*
|
|
42
|
-
* Setting `csrf: false` only disables the per-route check — it does NOT
|
|
43
|
-
* disable the global mode setting for other routes.
|
|
44
|
-
*/
|
|
45
|
-
csrf?: false;
|
|
46
|
-
handler: (ctx: {
|
|
47
|
-
query: z.infer<TQuery>;
|
|
48
|
-
body: z.infer<TBody>;
|
|
49
|
-
params: z.infer<TParams>;
|
|
50
|
-
request: Request;
|
|
51
|
-
ctx: TCtx;
|
|
52
|
-
}) => TResponse | Promise<TResponse>;
|
|
53
|
-
}
|
|
54
|
-
|
|
55
|
-
/**
|
|
56
|
-
* Define a typed HTTP route.
|
|
57
|
-
* Identity function — provides type inference for route handlers.
|
|
58
|
-
*/
|
|
59
|
-
declare function defineRoute<TQuery extends z.ZodType = z.ZodUndefined, TBody extends z.ZodType = z.ZodUndefined, TParams extends z.ZodType = z.ZodUndefined, TCtx = unknown, TResponse = unknown>(config: RouteConfig<TQuery, TBody, TParams, TCtx, TResponse>): RouteConfig<TQuery, TBody, TParams, TCtx, TResponse>;
|
|
60
|
-
|
|
61
|
-
/**
|
|
62
|
-
* Action wire-protocol accept mode per plan g3-server-actions-and-useaction
|
|
63
|
-
* v1.2 ADR D1. Default behavior (when omitted) is `'json'`. `'form'` opts the
|
|
64
|
-
* action into FormData multipart parsing for progressive-enhancement forms;
|
|
65
|
-
* the runtime in `server/http/action-execute.ts` will coerce FormData entries
|
|
66
|
-
* against the `input` schema via `formDataToObject` (Astro pattern).
|
|
67
|
-
*/
|
|
68
|
-
type ActionAccept = 'form' | 'json';
|
|
69
|
-
interface ActionConfig<TInput extends z.ZodType, TCtx = unknown> {
|
|
70
|
-
/**
|
|
71
|
-
* Zod input schema. Required: every action declares its input contract via
|
|
72
|
-
* Zod (architecture rule: zod-is-SSOT). The shape becomes the handler's
|
|
73
|
-
* typed `input` parameter via `z.infer<TInput>`.
|
|
74
|
-
*/
|
|
75
|
-
input: TInput;
|
|
76
|
-
/**
|
|
77
|
-
* Wire-protocol accept mode. Defaults to `'json'` when omitted. Setting
|
|
78
|
-
* `'form'` switches the runtime to FormData multipart parsing — the input
|
|
79
|
-
* schema MUST be `z.object(...)` so field-by-field coercion can drive
|
|
80
|
-
* boolean string / number / array coercion (Astro pattern).
|
|
81
|
-
*/
|
|
82
|
-
accept?: ActionAccept;
|
|
83
|
-
handler: (ctx: {
|
|
84
|
-
input: z.infer<TInput>;
|
|
85
|
-
ctx: TCtx;
|
|
86
|
-
}) => unknown;
|
|
87
|
-
}
|
|
88
|
-
/**
|
|
89
|
-
* Define a typed server action.
|
|
90
|
-
*
|
|
91
|
-
* Identity function — provides type inference for action handlers. The
|
|
92
|
-
* runtime that consumes the config (validation + invocation + serialization)
|
|
93
|
-
* lives in `server/http/action-execute.ts`.
|
|
94
|
-
*
|
|
95
|
-
* Per plan g3-server-actions-and-useaction v1.2 § Phase 1 / T1.2: the new
|
|
96
|
-
* `accept?: 'form' | 'json'` field is the only contract change vs the
|
|
97
|
-
* pre-G3 identity. Existing callsites (`defineAction({input, handler})`)
|
|
98
|
-
* continue to compile — `accept` is opt-in.
|
|
99
|
-
*/
|
|
100
|
-
declare function defineAction<TInput extends z.ZodType, TCtx = unknown>(config: ActionConfig<TInput, TCtx>): ActionConfig<TInput, TCtx>;
|
|
101
|
-
|
|
102
|
-
type MiddlewareHandler = (request: Request, next: (request: Request) => Promise<Response>) => Response | Promise<Response>;
|
|
103
|
-
/**
|
|
104
|
-
* Define a middleware handler.
|
|
105
|
-
* Identity function — provides type annotation for middleware.
|
|
106
|
-
*/
|
|
107
|
-
declare function defineMiddleware(handler: MiddlewareHandler): MiddlewareHandler;
|
|
108
|
-
|
|
109
|
-
/**
|
|
110
|
-
* T5.1 — defineAgentEndpoint
|
|
111
|
-
*
|
|
112
|
-
* Sugar over defineRoute (ADR D4). Accepts an async generator that yields
|
|
113
|
-
* AgentEvents and produces a RouteConfig whose handler returns a Response
|
|
114
|
-
* streaming Server-Sent Events (SSE).
|
|
115
|
-
*
|
|
116
|
-
* Wire format: `data: <JSON>\n\n` per event. Standards-compliant.
|
|
117
|
-
*
|
|
118
|
-
* The generator may throw — the wrapper catches and emits a final
|
|
119
|
-
* `{ type: 'error', message }` event before closing the stream.
|
|
120
|
-
*
|
|
121
|
-
* The wrapper observes `request.signal` (EC-7) — when aborted, the
|
|
122
|
-
* underlying generator is told to `return()` and the stream closes
|
|
123
|
-
* promptly.
|
|
124
|
-
*
|
|
125
|
-
* Note (EC-12, Out of Scope): SSE backpressure (slow consumer) is not
|
|
126
|
-
* handled here. For high-frequency token streaming consider a different
|
|
127
|
-
* transport (WS) or a buffer policy. This MVP enqueues each event
|
|
128
|
-
* immediately.
|
|
129
|
-
*/
|
|
130
|
-
interface AgentEndpointHandlerArgs<TCtx = unknown, TBody = unknown> {
|
|
131
|
-
query: undefined;
|
|
132
|
-
body: TBody;
|
|
133
|
-
params: undefined;
|
|
134
|
-
request: Request;
|
|
135
|
-
ctx: TCtx;
|
|
136
|
-
/**
|
|
137
|
-
* Mutable headers bag that the wrapper merges into the SSE response BEFORE
|
|
138
|
-
* the stream starts. Used by `createConversationHistory` to issue a
|
|
139
|
-
* conversation-id cookie on first request. Append entries via
|
|
140
|
-
* `cookieHeaders.append('set-cookie', '<cookie-string>')`.
|
|
141
|
-
*
|
|
142
|
-
* Cookies appended AFTER the first yield are NOT applied — the response
|
|
143
|
-
* headers commit when the wrapper constructs the Response, before the
|
|
144
|
-
* async generator runs. This is per HTTP semantics, not a wrapper choice.
|
|
145
|
-
*/
|
|
146
|
-
cookieHeaders: Headers;
|
|
147
|
-
/**
|
|
148
|
-
* Phase 3 (Production-Readiness #5) — request abort signal.
|
|
149
|
-
*
|
|
150
|
-
* Fires when the SSE client disconnects (browser closes tab, abort fetch,
|
|
151
|
-
* etc.). Thread this to `agent.send(msg, { signal })` so the SDK cancels
|
|
152
|
-
* the in-flight provider call — STOPS TOKENS FROM CHARGING for output
|
|
153
|
-
* the user will never receive.
|
|
154
|
-
*
|
|
155
|
-
* EC-1 (MUST FIX): the signal is derived via duck-type detection
|
|
156
|
-
* (`'aborted' in r.signal && typeof r.signal.addEventListener === 'function'`)
|
|
157
|
-
* to survive cross-realm scenarios (Node 18 polyfills, undici, Edge
|
|
158
|
-
* runtimes with their own AbortSignal globals). `instanceof AbortSignal`
|
|
159
|
-
* would fail in those cases.
|
|
160
|
-
*/
|
|
161
|
-
signal: AbortSignal;
|
|
162
|
-
}
|
|
163
|
-
interface AgentEndpointConfig<TCtx = unknown, TBody = unknown> {
|
|
164
|
-
handler: (args: AgentEndpointHandlerArgs<TCtx, TBody>) => AsyncGenerator<AgentEvent, void, unknown>;
|
|
165
|
-
}
|
|
166
|
-
declare function defineAgentEndpoint<TBody = unknown, TCtx = unknown>(config: AgentEndpointConfig<TCtx, TBody>): RouteConfig<z.ZodUndefined, z.ZodUndefined, z.ZodUndefined, TCtx, Response>;
|
|
167
|
-
|
|
168
|
-
/**
|
|
169
|
-
* Item #4 — `defineAgentTool`
|
|
170
|
-
*
|
|
171
|
-
* Sugar over the `@theokit/sdk` `CustomTool` contract. Takes a Zod 3 schema +
|
|
172
|
-
* handler and produces a structurally-compatible `CustomTool` that
|
|
173
|
-
* `Agent.create({ tools: [...] })` accepts.
|
|
174
|
-
*
|
|
175
|
-
* Why not delegate to SDK's `defineTool`?
|
|
176
|
-
* SDK's `defineTool` calls `z.toJSONSchema(...)` which only exists on Zod 4
|
|
177
|
-
* (at root) or `zod/v4` (Zod 3.25+ subpath). TheoKit pins Zod 3 framework-
|
|
178
|
-
* wide. Bumping to Zod 4 is a major breaking change touching every primitive
|
|
179
|
-
* — out of scope for this item. Instead, we convert the Zod schema to JSON
|
|
180
|
-
* Schema 7 with `zod-to-json-schema` (Zod 3 native, MIT, zero transitive
|
|
181
|
-
* deps, 3M weekly DLs) and build the `CustomTool` object directly. See ADR
|
|
182
|
-
* D1 in `docs/plans/item-4-define-agent-tool-plan.md`.
|
|
183
|
-
*
|
|
184
|
-
* Handler error propagation:
|
|
185
|
-
* `defineAgentTool` parses the input via the Zod schema BEFORE calling the
|
|
186
|
-
* user handler. Invalid input throws a `ZodError`, which the SDK's tool-
|
|
187
|
-
* dispatcher (or the `streamAgentRun` adapter) sees as a tool failure and
|
|
188
|
-
* surfaces as an `error` AgentEvent on the SSE wire (ADR D3).
|
|
189
|
-
*/
|
|
190
|
-
/**
|
|
191
|
-
* Local mirror of the SDK's `CustomTool` interface. We don't `import type`
|
|
192
|
-
* from `@theokit/sdk` because the SDK is an optional peer (consumers who
|
|
193
|
-
* never call `defineAgentTool` shouldn't need it installed). The shape is
|
|
194
|
-
* the wire contract; any structurally-matching object is accepted by
|
|
195
|
-
* `Agent.create({ tools })`.
|
|
196
|
-
*
|
|
197
|
-
* @public
|
|
198
|
-
*/
|
|
199
|
-
interface CustomTool {
|
|
200
|
-
name: string;
|
|
201
|
-
description: string;
|
|
202
|
-
inputSchema: Record<string, unknown>;
|
|
203
|
-
handler: (input: Record<string, unknown>) => string | Promise<string>;
|
|
204
|
-
}
|
|
205
|
-
/**
|
|
206
|
-
* Spec accepted by {@link defineAgentTool}. `inputSchema` is a Zod 3 schema
|
|
207
|
-
* rooted in `z.object(...)`. The `handler` argument type is inferred via
|
|
208
|
-
* `z.infer<T>`.
|
|
209
|
-
*
|
|
210
|
-
* @public
|
|
211
|
-
*/
|
|
212
|
-
interface DefineAgentToolSpec<T extends z.ZodType> {
|
|
213
|
-
/** Tool name surfaced to the LLM. Must match `^[a-zA-Z][a-zA-Z0-9_-]{0,63}$`. */
|
|
214
|
-
name: string;
|
|
215
|
-
/** Description surfaced to the LLM. Required — drives tool-selection accuracy. */
|
|
216
|
-
description: string;
|
|
217
|
-
/** Zod schema describing the input. Must be `z.object(...)` at the root. */
|
|
218
|
-
inputSchema: T;
|
|
219
|
-
/** Handler invoked with the parsed input. */
|
|
220
|
-
handler: (input: z.infer<T>) => string | Promise<string>;
|
|
221
|
-
}
|
|
222
|
-
/**
|
|
223
|
-
* Build a {@link CustomTool} from a Zod 3 schema + handler.
|
|
224
|
-
*
|
|
225
|
-
* Behavior:
|
|
226
|
-
* - Validates `name` matches the LLM tool-name regex.
|
|
227
|
-
* - Requires `inputSchema` to be a `ZodObject` (Anthropic + SDK contract).
|
|
228
|
-
* - Warns (not throws) if `description` is empty — empty descriptions
|
|
229
|
-
* degrade LLM tool selection.
|
|
230
|
-
* - Converts the Zod schema to JSON Schema 7 inline (no `$ref`s — LLMs handle
|
|
231
|
-
* inline schemas more reliably).
|
|
232
|
-
* - Strips the top-level `$schema` field (Anthropic rejects schemas with
|
|
233
|
-
* `$schema` at root in some provider modes).
|
|
234
|
-
* - Wraps the handler to parse the input via the Zod schema BEFORE invoking
|
|
235
|
-
* the user code — bad LLM-supplied input throws `ZodError`, which the SDK
|
|
236
|
-
* converts to `tool_result(isError)`.
|
|
237
|
-
*
|
|
238
|
-
* @public
|
|
239
|
-
*/
|
|
240
|
-
declare function defineAgentTool<T extends z.ZodType>(spec: DefineAgentToolSpec<T>): CustomTool;
|
|
241
|
-
|
|
242
|
-
interface WebSocketLike {
|
|
243
|
-
send(data: string | Buffer): void;
|
|
244
|
-
close(code?: number, reason?: string): void;
|
|
245
|
-
}
|
|
246
|
-
interface WebSocketHandler {
|
|
247
|
-
onOpen?: (ws: WebSocketLike, req: IncomingMessage) => void;
|
|
248
|
-
onMessage?: (ws: WebSocketLike, data: string | Buffer) => void;
|
|
249
|
-
onClose?: (ws: WebSocketLike, code: number, reason: Buffer) => void;
|
|
250
|
-
onError?: (ws: WebSocketLike, error: Error) => void;
|
|
251
|
-
}
|
|
252
|
-
/**
|
|
253
|
-
* Define a WebSocket endpoint handler.
|
|
254
|
-
* Identity function — provides type inference for WebSocket handlers.
|
|
255
|
-
*/
|
|
256
|
-
declare function defineWebSocket(handler: WebSocketHandler): WebSocketHandler;
|
|
257
|
-
|
|
258
|
-
interface ChannelHandler<TMessage = unknown> {
|
|
259
|
-
onSubscribe?: (ws: WebSocketLike, room: string, req: IncomingMessage) => void;
|
|
260
|
-
onMessage?: (ws: WebSocketLike, room: string, data: TMessage) => void;
|
|
261
|
-
onUnsubscribe?: (ws: WebSocketLike, room: string) => void;
|
|
262
|
-
}
|
|
263
|
-
/**
|
|
264
|
-
* Define a channel handler for WebSocket rooms.
|
|
265
|
-
* Identity function — provides type inference for channel handlers.
|
|
266
|
-
*/
|
|
267
|
-
declare function defineChannel<TMessage = unknown>(handler: ChannelHandler<TMessage>): ChannelHandler<TMessage>;
|
|
268
|
-
|
|
269
|
-
interface PluginContext {
|
|
270
|
-
request: IncomingMessage;
|
|
271
|
-
response: ServerResponse;
|
|
272
|
-
ctx: Record<string, unknown>;
|
|
273
|
-
requestId: string;
|
|
274
|
-
}
|
|
275
|
-
interface PluginErrorContext extends PluginContext {
|
|
276
|
-
error: unknown;
|
|
277
|
-
}
|
|
278
|
-
interface RunHookOptions {
|
|
279
|
-
inErrorPath?: boolean;
|
|
280
|
-
}
|
|
281
|
-
interface HookResult {
|
|
282
|
-
shortCircuited: boolean;
|
|
283
|
-
}
|
|
284
|
-
type OnRequestHook = (ctx: PluginContext) => void | Promise<void>;
|
|
285
|
-
type PreHandlerHook = (ctx: PluginContext) => void | Promise<void>;
|
|
286
|
-
type OnResponseHook = (ctx: PluginContext) => void | Promise<void>;
|
|
287
|
-
type OnErrorHook = (ctx: PluginErrorContext) => void | Promise<void>;
|
|
288
|
-
type HookName = 'onRequest' | 'preHandler' | 'onResponse' | 'onError';
|
|
289
|
-
type HookByName<K extends HookName> = K extends 'onError' ? OnErrorHook : K extends 'onRequest' ? OnRequestHook : K extends 'preHandler' ? PreHandlerHook : K extends 'onResponse' ? OnResponseHook : never;
|
|
290
|
-
interface TheoApp {
|
|
291
|
-
addHook<K extends HookName>(name: K, fn: HookByName<K>): void;
|
|
292
|
-
decorateRequest<T>(key: string, value: T): void;
|
|
293
|
-
}
|
|
294
|
-
interface TheoPlugin {
|
|
295
|
-
name: string;
|
|
296
|
-
register(app: TheoApp): void | Promise<void>;
|
|
297
|
-
}
|
|
298
|
-
/**
|
|
299
|
-
* Identity function for plugin authors. Provides auto-completion + type
|
|
300
|
-
* inference at the call site (TanStack/Vite/Astro pattern). Pure runtime
|
|
301
|
-
* no-op — returns the input unchanged.
|
|
302
|
-
*
|
|
303
|
-
* @example
|
|
304
|
-
* import { definePlugin } from 'theokit/server'
|
|
305
|
-
* export default definePlugin({
|
|
306
|
-
* name: 'my-plugin',
|
|
307
|
-
* register(app) {
|
|
308
|
-
* app.addHook('onRequest', (req) => { ... })
|
|
309
|
-
* },
|
|
310
|
-
* })
|
|
311
|
-
*
|
|
312
|
-
* Equivalent to `const p: TheoPlugin = {...}` but more ergonomic. See
|
|
313
|
-
* ADR-0008 (D1 + D6) for the rationale.
|
|
314
|
-
*/
|
|
315
|
-
declare function definePlugin(plugin: TheoPlugin): TheoPlugin;
|
|
316
|
-
|
|
317
|
-
/**
|
|
318
|
-
* Identity function for defining a Theo plugin.
|
|
319
|
-
*
|
|
320
|
-
* **Note:** Prefer `definePlugin` (shorter, canonical name per ADR-0008 D6).
|
|
321
|
-
* Both functions are identical — `defineTheoPlugin` is kept as an alias for
|
|
322
|
-
* existing in-tree consumers without forcing a migration sweep.
|
|
323
|
-
*/
|
|
324
|
-
declare function defineTheoPlugin(plugin: TheoPlugin): TheoPlugin;
|
|
325
|
-
|
|
326
|
-
declare class DuplicatePluginError extends Error {
|
|
327
|
-
constructor(name: string);
|
|
328
|
-
}
|
|
329
|
-
declare class DuplicateDecorationError extends Error {
|
|
330
|
-
constructor(key: string, existingPlugin: string, newPlugin: string);
|
|
331
|
-
}
|
|
332
|
-
declare class PluginRunner {
|
|
333
|
-
private plugins;
|
|
334
|
-
private onRequestHooks;
|
|
335
|
-
private preHandlerHooks;
|
|
336
|
-
private onResponseHooks;
|
|
337
|
-
private onErrorHooks;
|
|
338
|
-
private decorations;
|
|
339
|
-
has(name: string): boolean;
|
|
340
|
-
register(plugin: TheoPlugin): Promise<void>;
|
|
341
|
-
applyDecorations(ctx: Record<string, unknown>): void;
|
|
342
|
-
runOnRequest(ctx: PluginContext): Promise<HookResult>;
|
|
343
|
-
runPreHandler(ctx: PluginContext): Promise<HookResult>;
|
|
344
|
-
runOnResponse(ctx: PluginContext, options?: RunHookOptions): Promise<HookResult>;
|
|
345
|
-
/**
|
|
346
|
-
* Run all onError hooks. Swallows errors thrown inside hooks themselves to
|
|
347
|
-
* prevent recursion (an error in an error handler must not trigger onError
|
|
348
|
-
* again).
|
|
349
|
-
*/
|
|
350
|
-
runOnError(ctx: PluginContext, error: unknown): Promise<HookResult>;
|
|
351
|
-
private runHookList;
|
|
352
|
-
}
|
|
353
|
-
|
|
354
|
-
interface ServerRouteNode {
|
|
355
|
-
filePath: string;
|
|
356
|
-
routePath: string;
|
|
357
|
-
paramNames: string[];
|
|
358
|
-
pattern: RegExp;
|
|
359
|
-
/** HTTP methods (uppercase) the route file exports. Optional for backward
|
|
360
|
-
* compatibility with manifests generated before G1. Empty array means the
|
|
361
|
-
* file has no HTTP exports (util-only); undefined means "not detected". */
|
|
362
|
-
methods?: string[];
|
|
363
|
-
}
|
|
364
|
-
declare function compilePattern(routePath: string): {
|
|
365
|
-
pattern: RegExp;
|
|
366
|
-
paramNames: string[];
|
|
367
|
-
};
|
|
368
|
-
declare function matchRoute(url: string, routes: ServerRouteNode[]): {
|
|
369
|
-
route: ServerRouteNode;
|
|
370
|
-
params: Record<string, string>;
|
|
371
|
-
} | null;
|
|
372
|
-
|
|
373
|
-
type LoadModule = (path: string) => Promise<Record<string, unknown>>;
|
|
374
|
-
declare function createViteLoader(vite: ViteDevServer): LoadModule;
|
|
375
|
-
declare function createProductionLoader(): LoadModule;
|
|
376
|
-
|
|
377
|
-
/**
|
|
378
|
-
* T4.1 — Audit logging interface + default JSON stdout sink.
|
|
379
|
-
*
|
|
380
|
-
* Per ADR D4: define the interface; ship a zero-dep default; reserve
|
|
381
|
-
* adapter shapes for Postgres, File, OpenTelemetry, Sentry as follow-up
|
|
382
|
-
* packages. Persistence has heavy deps (`pg`, `better-sqlite3`); we
|
|
383
|
-
* keep core dep-free and let users opt in.
|
|
384
|
-
*
|
|
385
|
-
* Compatibility:
|
|
386
|
-
* - Node / Bun / Deno / Vercel — console.log is sync, captured.
|
|
387
|
-
* - Edge runtimes (CF Workers, Vercel Edge) — console.log is captured
|
|
388
|
-
* but may be rate-limited by the platform. For high-volume edge audit,
|
|
389
|
-
* implement a custom sink writing to a queue / HTTP endpoint.
|
|
390
|
-
*/
|
|
391
|
-
interface AuditEvent {
|
|
392
|
-
/** Domain-qualified verb. Convention: `<domain>.<verb>` (e.g. csrf.warn, session.rotated). */
|
|
393
|
-
action: string;
|
|
394
|
-
/** Who triggered the event. Anonymous = no auth at time of event. */
|
|
395
|
-
actor?: {
|
|
396
|
-
type: 'user' | 'system' | 'anonymous';
|
|
397
|
-
id?: string;
|
|
398
|
-
};
|
|
399
|
-
/** What was operated on (optional). */
|
|
400
|
-
resource?: {
|
|
401
|
-
type: string;
|
|
402
|
-
id?: string;
|
|
403
|
-
};
|
|
404
|
-
/** Arbitrary event-specific metadata. JSON-serializable. */
|
|
405
|
-
metadata?: Record<string, unknown>;
|
|
406
|
-
/** ISO 8601 timestamp. If absent, sink fills in `new Date().toISOString()`. */
|
|
407
|
-
timestamp?: string;
|
|
408
|
-
/** Optional trace id (populated by middleware from `x-trace-id`). */
|
|
409
|
-
traceId?: string;
|
|
410
|
-
}
|
|
411
|
-
interface AuditLogger {
|
|
412
|
-
log(event: AuditEvent): void | Promise<void>;
|
|
413
|
-
}
|
|
414
|
-
/**
|
|
415
|
-
* Default sink: one JSON line per event to stdout. Sync. Never throws.
|
|
416
|
-
*
|
|
417
|
-
* EC: circular refs / BigInt values fall back to a placeholder line so
|
|
418
|
-
* the event is still observable (action + traceId) without crashing the
|
|
419
|
-
* request lifecycle.
|
|
420
|
-
*/
|
|
421
|
-
declare class JsonStdoutSink implements AuditLogger {
|
|
422
|
-
log(event: AuditEvent): void;
|
|
423
|
-
}
|
|
424
|
-
/**
|
|
425
|
-
* No-op logger. Returned when `config.audit` is unset. Zero overhead;
|
|
426
|
-
* framework wiring sites null-check before calling.
|
|
427
|
-
*/
|
|
428
|
-
declare function createNoOpLogger(): AuditLogger;
|
|
429
|
-
/**
|
|
430
|
-
* T4.2 — Safe-emit wrapper. Used by framework wiring sites (csrf.ts,
|
|
431
|
-
* rate-limit.ts, session.ts) so a logger throw NEVER propagates into
|
|
432
|
-
* the request handler.
|
|
433
|
-
*/
|
|
434
|
-
declare function safeAudit(logger: AuditLogger | undefined, event: AuditEvent): void;
|
|
435
|
-
|
|
436
|
-
/**
|
|
437
|
-
* CSRF enforcement mode.
|
|
438
|
-
*
|
|
439
|
-
* - `off` — skip CSRF entirely. Use only when you have another defense
|
|
440
|
-
* (e.g. you don't ship session cookies, all auth is bearer).
|
|
441
|
-
* - `warn` — log a structured warning when the check would fail, but
|
|
442
|
-
* still serve the request. Default for 0.2.0. Migration mode.
|
|
443
|
-
* - `strict` — reject failing requests with 403 + code `CSRF_INVALID`.
|
|
444
|
-
* Will become the default in 0.3.0.
|
|
445
|
-
*/
|
|
446
|
-
type CsrfMode = 'off' | 'warn' | 'strict';
|
|
447
|
-
/**
|
|
448
|
-
* Per-request structured logger surface. Only `warn` is used by enforceCsrf;
|
|
449
|
-
* we don't require a full Logger here so callers can pass a mock or the
|
|
450
|
-
* console directly.
|
|
451
|
-
*/
|
|
452
|
-
interface CsrfLogger {
|
|
453
|
-
warn: (payload: CsrfWarnPayload) => void;
|
|
454
|
-
/** Optional path the request was destined for — used for log correlation. */
|
|
455
|
-
path?: string;
|
|
456
|
-
}
|
|
457
|
-
/**
|
|
458
|
-
* T5.1 — Rails-inspired per-route escalation.
|
|
459
|
-
*
|
|
460
|
-
* `routes` accepts string (exact match) or RegExp entries. When a request
|
|
461
|
-
* path matches AND the request would otherwise emit a warning, the
|
|
462
|
-
* `behavior` field decides what happens:
|
|
463
|
-
*
|
|
464
|
-
* - `'warn'` → normal warn dispatch (no-op vs default)
|
|
465
|
-
* - `'raise'` → escalate to 403 regardless of global `csrf` mode
|
|
466
|
-
*
|
|
467
|
-
* `'raise'` never downgrades: when global mode is `'off'`, validation is
|
|
468
|
-
* skipped entirely and disallowed dispatch never runs.
|
|
469
|
-
*/
|
|
470
|
-
interface DisallowedConfig {
|
|
471
|
-
routes: (string | RegExp)[];
|
|
472
|
-
behavior: 'warn' | 'raise';
|
|
473
|
-
}
|
|
474
|
-
/**
|
|
475
|
-
* Test whether `path` matches any of the supplied patterns. String
|
|
476
|
-
* patterns are EXACT (trailing slash matters — use RegExp for tolerance).
|
|
477
|
-
*
|
|
478
|
-
* EC-5: when a RegExp carries the `/g` flag, `.test()` mutates
|
|
479
|
-
* `lastIndex` and the next invocation may miss. We reset `lastIndex`
|
|
480
|
-
* before each test so the matcher is a pure function.
|
|
481
|
-
*/
|
|
482
|
-
declare function matchDisallowed(path: string, patterns: readonly (string | RegExp)[]): boolean;
|
|
483
|
-
/**
|
|
484
|
-
* T2.2 — Stable cutover identifier shipped with every csrf.warn payload.
|
|
485
|
-
*
|
|
486
|
-
* Convention borrowed from Vite's `deprecations.ts:74` — a `code` plus a
|
|
487
|
-
* `docsUrl` lets users (a) grep their logs for a single stable identifier
|
|
488
|
-
* to find every csrf.warn line, and (b) click through directly to the
|
|
489
|
-
* migration guide. Strings are exported constants so the analyzer (T2.3)
|
|
490
|
-
* and migration guide can reference the same source of truth.
|
|
491
|
-
*/
|
|
492
|
-
declare const CSRF_WARN_CODE: "CSRF_STRICT_CUTOVER";
|
|
493
|
-
declare const CSRF_WARN_DOCS_URL: "https://theokit.dev/upgrade/csrf-strict-cutover";
|
|
494
|
-
interface CsrfWarnPayload {
|
|
495
|
-
event: 'csrf.warn';
|
|
496
|
-
method: string;
|
|
497
|
-
path: string | undefined;
|
|
498
|
-
reason: string;
|
|
499
|
-
/**
|
|
500
|
-
* Stable identifier for the 0.2 → 0.3 CSRF strict cutover. Always
|
|
501
|
-
* `'CSRF_STRICT_CUTOVER'`. Grep-able from prod logs.
|
|
502
|
-
*/
|
|
503
|
-
code: string;
|
|
504
|
-
/**
|
|
505
|
-
* Link to the section of the migration guide explaining how to clear
|
|
506
|
-
* this specific warning class.
|
|
507
|
-
*/
|
|
508
|
-
docsUrl: string;
|
|
509
|
-
}
|
|
510
|
-
declare function validateCsrf(req: IncomingMessage): {
|
|
511
|
-
valid: true;
|
|
512
|
-
} | {
|
|
513
|
-
valid: false;
|
|
514
|
-
reason: string;
|
|
515
|
-
};
|
|
516
|
-
declare function enforceCsrf(req: IncomingMessage, mode: CsrfMode, logger?: CsrfLogger, disallowed?: DisallowedConfig, auditLogger?: AuditLogger): {
|
|
517
|
-
allow: boolean;
|
|
518
|
-
reason?: string;
|
|
519
|
-
};
|
|
520
|
-
|
|
521
|
-
/**
|
|
522
|
-
* T5.2 — pluggable response/request transformer.
|
|
523
|
-
*
|
|
524
|
-
* `superjson` is the default, preserving Date/Map/Set/BigInt/etc.
|
|
525
|
-
* `json` is the lightweight option (plain JSON.stringify/parse).
|
|
526
|
-
* Users can supply a custom object implementing this contract.
|
|
527
|
-
*/
|
|
528
|
-
interface TheoTransformer {
|
|
529
|
-
name: string;
|
|
530
|
-
serialize: (value: unknown) => string;
|
|
531
|
-
deserialize: (raw: string) => unknown;
|
|
532
|
-
}
|
|
533
|
-
declare const superjsonTransformer: TheoTransformer;
|
|
534
|
-
declare const jsonTransformer: TheoTransformer;
|
|
535
|
-
declare function resolveTransformer(selector: 'json' | 'superjson' | TheoTransformer): TheoTransformer;
|
|
536
|
-
|
|
537
|
-
/**
|
|
538
|
-
* server/http/execute-context.ts
|
|
539
|
-
*
|
|
540
|
-
* `ExecuteRouteContext` — the parameter object passed to `executeRoute()`
|
|
541
|
-
* and `executeAction()` per ADR-0016 (T3.1 of architecture-cleanup).
|
|
542
|
-
*
|
|
543
|
-
* Replaces the 12-positional-param signature with a single named-field
|
|
544
|
-
* object, eliminating 3 of 4 eslint-disable comments on `executeRoute`.
|
|
545
|
-
*
|
|
546
|
-
* Location: lives in `server/http/` (not `core/contracts/`) because the
|
|
547
|
-
* shape references server-side types (CsrfMode, JobBackend, PluginRunner,
|
|
548
|
-
* TheoTransformer, ServerRouteNode, LoadModule, DisallowedConfig). Keeping
|
|
549
|
-
* the type here preserves the existing module direction graph — no new
|
|
550
|
-
* `core → server` edges.
|
|
551
|
-
*
|
|
552
|
-
* Consumers within server/ build this object once per request; external
|
|
553
|
-
* callers (router-runner) see the same shape via the `ExecuteRouteContext`
|
|
554
|
-
* named export.
|
|
555
|
-
*/
|
|
556
|
-
|
|
557
|
-
/**
|
|
558
|
-
* The request-execution context. Each request builds one of these and passes
|
|
559
|
-
* it to `executeRoute(ctx)`.
|
|
560
|
-
*
|
|
561
|
-
* All fields are required EXCEPT those with optional `?` markers; defaults
|
|
562
|
-
* are applied inside `executeRoute` via destructure (e.g., `csrfMode = 'strict'`).
|
|
563
|
-
*/
|
|
564
|
-
interface ExecuteRouteContext {
|
|
565
|
-
route: ServerRouteNode;
|
|
566
|
-
method: string;
|
|
567
|
-
params: Record<string, string>;
|
|
568
|
-
req: IncomingMessage;
|
|
569
|
-
res: ServerResponse;
|
|
570
|
-
loadModule: LoadModule;
|
|
571
|
-
serverDir?: string;
|
|
572
|
-
requestId?: string;
|
|
573
|
-
pluginRunner?: PluginRunner;
|
|
574
|
-
transformer?: TheoTransformer;
|
|
575
|
-
/** Defaults to `'strict'` when omitted. */
|
|
576
|
-
csrfMode?: CsrfMode;
|
|
577
|
-
disallowed?: DisallowedConfig;
|
|
578
|
-
/** When provided, `ctx.queue` auto-injects + outbox lifecycle hooks attach. */
|
|
579
|
-
jobBackend?: JobBackend;
|
|
580
|
-
}
|
|
581
|
-
|
|
582
|
-
/**
|
|
583
|
-
* Canonical HTTP response helpers (T5.1 extraction).
|
|
584
|
-
*
|
|
585
|
-
* Moved out of execute.ts so request-pipeline stages (execute-stages.ts,
|
|
586
|
-
* handle-request-error.ts, etc.) can depend on these helpers without
|
|
587
|
-
* creating a cycle through execute.ts.
|
|
588
|
-
*
|
|
589
|
-
* Public surface re-exported from execute.ts for backward compat — every
|
|
590
|
-
* existing caller of `sendError` / `sendJson` continues to work via the
|
|
591
|
-
* `theokit/server` barrel.
|
|
592
|
-
*/
|
|
593
|
-
declare function sendJson(res: ServerResponse, data: unknown, status?: number, transformer?: TheoTransformer): void;
|
|
594
|
-
interface SendErrorOptions {
|
|
595
|
-
custom404Html?: string;
|
|
596
|
-
custom500Html?: string;
|
|
597
|
-
}
|
|
598
|
-
/**
|
|
599
|
-
* Canonical error response.
|
|
600
|
-
*
|
|
601
|
-
* T6.3 (PV-17): the positional 7-param signature is preserved for backward
|
|
602
|
-
* compat. New call sites should use the options-bag form:
|
|
603
|
-
*
|
|
604
|
-
* sendError(res, { code, message, status, issues?, requestId?, options? })
|
|
605
|
-
*
|
|
606
|
-
* Both shapes resolve to the same implementation.
|
|
607
|
-
*/
|
|
608
|
-
interface SendErrorInput {
|
|
609
|
-
code: string;
|
|
610
|
-
message: string;
|
|
611
|
-
status: number;
|
|
612
|
-
issues?: unknown[];
|
|
613
|
-
requestId?: string;
|
|
614
|
-
options?: SendErrorOptions;
|
|
615
|
-
}
|
|
616
|
-
declare function sendError(res: ServerResponse, input: SendErrorInput): void;
|
|
617
|
-
declare function sendError(res: ServerResponse, code: string, message: string, status: number, issues?: unknown[], requestId?: string, options?: SendErrorOptions): void;
|
|
618
|
-
|
|
619
|
-
declare function executeRoute(ctx: ExecuteRouteContext): Promise<void>;
|
|
620
|
-
|
|
621
|
-
interface ExecuteActionOptions {
|
|
622
|
-
filePath: string;
|
|
623
|
-
exportName: string;
|
|
624
|
-
req: IncomingMessage;
|
|
625
|
-
res: ServerResponse;
|
|
626
|
-
loadModule: LoadModule;
|
|
627
|
-
serverDir?: string;
|
|
628
|
-
requestId?: string;
|
|
629
|
-
pluginRunner?: PluginRunner;
|
|
630
|
-
csrfMode?: CsrfMode;
|
|
631
|
-
disallowed?: DisallowedConfig;
|
|
632
|
-
}
|
|
633
|
-
declare function executeAction(filePath: string, exportName: string, req: IncomingMessage, res: ServerResponse, loadModule: LoadModule, serverDir?: string, requestId?: string, pluginRunner?: PluginRunner, csrfMode?: CsrfMode, disallowed?: DisallowedConfig): Promise<void>;
|
|
634
|
-
|
|
635
|
-
interface MiddlewareResult {
|
|
636
|
-
ctx: unknown;
|
|
637
|
-
aborted: boolean;
|
|
638
|
-
}
|
|
639
|
-
declare function _resetMiddlewareCacheForTests(): void;
|
|
640
|
-
declare function runMiddlewareAndContext(req: IncomingMessage, res: ServerResponse, loadModule: LoadModule, serverDir: string): Promise<MiddlewareResult>;
|
|
641
|
-
|
|
642
|
-
/**
|
|
643
|
-
* T1.2 — CORS middleware.
|
|
644
|
-
*
|
|
645
|
-
* Single global middleware that runs FIRST in the request pipeline:
|
|
646
|
-
* CORS preflight → rate limit → CSRF → security headers → handler
|
|
647
|
-
*
|
|
648
|
-
* Preflight (`OPTIONS` with `Access-Control-Request-Method`) is handled
|
|
649
|
-
* by `handlePreflight`, which short-circuits the response with 204 +
|
|
650
|
-
* Access-Control-* headers.
|
|
651
|
-
*
|
|
652
|
-
* Non-preflight requests pass through; `applyHeaders` adds
|
|
653
|
-
* `Access-Control-Allow-Origin` (echoing the request's Origin),
|
|
654
|
-
* `Access-Control-Expose-Headers`, and `Access-Control-Allow-Credentials`.
|
|
655
|
-
*
|
|
656
|
-
* Per ADR D3: preflight responses are deterministic and only the matched
|
|
657
|
-
* origin is echoed back (never `'*'` when credentials are enabled —
|
|
658
|
-
* required by the CORS spec).
|
|
659
|
-
*/
|
|
660
|
-
type CorsOrigin = string | RegExp | readonly (string | RegExp)[] | ((origin: string) => boolean);
|
|
661
|
-
interface CorsConfig {
|
|
662
|
-
origins: CorsOrigin;
|
|
663
|
-
methods?: readonly ('GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE' | 'OPTIONS' | 'HEAD')[];
|
|
664
|
-
allowedHeaders?: readonly string[];
|
|
665
|
-
exposedHeaders?: readonly string[];
|
|
666
|
-
credentials?: boolean;
|
|
667
|
-
maxAge?: number;
|
|
668
|
-
}
|
|
669
|
-
interface CorsHandler {
|
|
670
|
-
handlePreflight(req: IncomingMessage, res: ServerResponse): boolean;
|
|
671
|
-
applyHeaders(req: IncomingMessage, res: ServerResponse): void;
|
|
672
|
-
}
|
|
673
|
-
/**
|
|
674
|
-
* Test whether `origin` is allowed by `allowed`. Pure function — no I/O.
|
|
675
|
-
*
|
|
676
|
-
* EC-8: callback variants that throw are fail-closed (deny). Without
|
|
677
|
-
* this, a transient datastore outage would silently widen CORS during
|
|
678
|
-
* the failure window.
|
|
679
|
-
*/
|
|
680
|
-
declare function matchesOrigin(origin: string, allowed: CorsOrigin): boolean;
|
|
681
|
-
declare function createCorsHandler(config: CorsConfig): CorsHandler;
|
|
682
|
-
|
|
683
|
-
interface CookieOptions {
|
|
684
|
-
httpOnly?: boolean;
|
|
685
|
-
secure?: boolean;
|
|
686
|
-
sameSite?: 'strict' | 'lax' | 'none';
|
|
687
|
-
maxAge?: number;
|
|
688
|
-
path?: string;
|
|
689
|
-
domain?: string;
|
|
690
|
-
}
|
|
691
|
-
/**
|
|
692
|
-
* Parse a `Cookie` header into a Map (RFC 6265 §5.4).
|
|
693
|
-
* - Empty/missing input → empty Map.
|
|
694
|
-
* - Malformed entries (no `=`) skipped silently (defensive).
|
|
695
|
-
* - Duplicate names → last-wins.
|
|
696
|
-
* - Values URL-decoded if possible; raw on decode failure (CR-009 protection).
|
|
697
|
-
*
|
|
698
|
-
* Canonical helper (T3.2 of architecture-review-remediation-plan; PV-4 DRY).
|
|
699
|
-
* Consumed by `getCookie` here AND by `rate-limit/rate-limit-per-route.ts`.
|
|
700
|
-
*/
|
|
701
|
-
declare function parseCookieHeader(header: string | undefined): Map<string, string>;
|
|
702
|
-
declare function getCookie(req: IncomingMessage, name: string): string | undefined;
|
|
703
|
-
declare function setCookie(res: ServerResponse, name: string, value: string, options?: CookieOptions): void;
|
|
704
|
-
declare function deleteCookie(res: ServerResponse, name: string, options?: {
|
|
705
|
-
path?: string;
|
|
706
|
-
}): void;
|
|
707
|
-
|
|
708
|
-
/**
|
|
709
|
-
* T1.4 — Server-side batch handler.
|
|
710
|
-
*
|
|
711
|
-
* Receives `{ requests: [...] }` POSTed to `/api/__theo_batch__` and returns
|
|
712
|
-
* `{ results: [...] }` with per-item error isolation. EC-2: items cannot
|
|
713
|
-
* override auth/forwarded headers (would be a session-bypass vector).
|
|
714
|
-
*/
|
|
715
|
-
|
|
716
|
-
declare const STRIPPED_HEADERS: readonly ["authorization", "cookie", "x-forwarded-for", "x-forwarded-host", "x-forwarded-proto", "x-real-ip", "host"];
|
|
717
|
-
declare const BATCH_PATH = "/api/__theo_batch__";
|
|
718
|
-
declare class BatchPathConflictError extends Error {
|
|
719
|
-
constructor(path: string);
|
|
720
|
-
}
|
|
721
|
-
declare const batchRequestSchema: z.ZodObject<{
|
|
722
|
-
path: z.ZodString;
|
|
723
|
-
method: z.ZodString;
|
|
724
|
-
query: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
725
|
-
body: z.ZodOptional<z.ZodUnknown>;
|
|
726
|
-
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
727
|
-
}, "strip", z.ZodTypeAny, {
|
|
728
|
-
path: string;
|
|
729
|
-
method: string;
|
|
730
|
-
headers?: Record<string, string> | undefined;
|
|
731
|
-
query?: Record<string, unknown> | undefined;
|
|
732
|
-
body?: unknown;
|
|
733
|
-
}, {
|
|
734
|
-
path: string;
|
|
735
|
-
method: string;
|
|
736
|
-
headers?: Record<string, string> | undefined;
|
|
737
|
-
query?: Record<string, unknown> | undefined;
|
|
738
|
-
body?: unknown;
|
|
739
|
-
}>;
|
|
740
|
-
declare const batchPayloadSchema: z.ZodObject<{
|
|
741
|
-
requests: z.ZodArray<z.ZodObject<{
|
|
742
|
-
path: z.ZodString;
|
|
743
|
-
method: z.ZodString;
|
|
744
|
-
query: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
745
|
-
body: z.ZodOptional<z.ZodUnknown>;
|
|
746
|
-
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
747
|
-
}, "strip", z.ZodTypeAny, {
|
|
748
|
-
path: string;
|
|
749
|
-
method: string;
|
|
750
|
-
headers?: Record<string, string> | undefined;
|
|
751
|
-
query?: Record<string, unknown> | undefined;
|
|
752
|
-
body?: unknown;
|
|
753
|
-
}, {
|
|
754
|
-
path: string;
|
|
755
|
-
method: string;
|
|
756
|
-
headers?: Record<string, string> | undefined;
|
|
757
|
-
query?: Record<string, unknown> | undefined;
|
|
758
|
-
body?: unknown;
|
|
759
|
-
}>, "many">;
|
|
760
|
-
}, "strip", z.ZodTypeAny, {
|
|
761
|
-
requests: {
|
|
762
|
-
path: string;
|
|
763
|
-
method: string;
|
|
764
|
-
headers?: Record<string, string> | undefined;
|
|
765
|
-
query?: Record<string, unknown> | undefined;
|
|
766
|
-
body?: unknown;
|
|
767
|
-
}[];
|
|
768
|
-
}, {
|
|
769
|
-
requests: {
|
|
770
|
-
path: string;
|
|
771
|
-
method: string;
|
|
772
|
-
headers?: Record<string, string> | undefined;
|
|
773
|
-
query?: Record<string, unknown> | undefined;
|
|
774
|
-
body?: unknown;
|
|
775
|
-
}[];
|
|
776
|
-
}>;
|
|
777
|
-
type BatchRequestItem = z.infer<typeof batchRequestSchema>;
|
|
778
|
-
type BatchPayload = z.infer<typeof batchPayloadSchema>;
|
|
779
|
-
type BatchExecuteFn = (req: BatchRequestItem) => Promise<{
|
|
780
|
-
data: unknown;
|
|
781
|
-
} | {
|
|
782
|
-
error: {
|
|
783
|
-
message: string;
|
|
784
|
-
code?: string;
|
|
785
|
-
};
|
|
786
|
-
}>;
|
|
787
|
-
interface HandleBatchOptions {
|
|
788
|
-
execute: BatchExecuteFn;
|
|
789
|
-
/** Max number of items per batch. Default 32. */
|
|
790
|
-
max?: number;
|
|
791
|
-
/** Outer-request headers that override per-item headers in STRIPPED_HEADERS. */
|
|
792
|
-
outerHeaders?: Record<string, string>;
|
|
793
|
-
}
|
|
794
|
-
type BatchResultItem = {
|
|
795
|
-
data: unknown;
|
|
796
|
-
} | {
|
|
797
|
-
error: {
|
|
798
|
-
message: string;
|
|
799
|
-
code?: string;
|
|
800
|
-
};
|
|
801
|
-
};
|
|
802
|
-
interface BatchResponse {
|
|
803
|
-
results: BatchResultItem[];
|
|
804
|
-
}
|
|
805
|
-
/**
|
|
806
|
-
* Validate + execute a batch request.
|
|
807
|
-
*
|
|
808
|
-
* CR-028 fix: previously the signature was `payload: BatchPayload`,
|
|
809
|
-
* suggesting the caller had already validated. In reality `api-middleware`
|
|
810
|
-
* passes `JSON.parse(rawBody) as BatchPayload` — an unsafe cast over raw
|
|
811
|
-
* HTTP input. We widen the input type to `unknown` so the type system
|
|
812
|
-
* forces validation, then run Zod once at this single trust boundary.
|
|
813
|
-
*/
|
|
814
|
-
declare function handleBatchRequest(payload: unknown, options: HandleBatchOptions): Promise<BatchResponse>;
|
|
815
|
-
|
|
816
|
-
/**
|
|
817
|
-
* T2.4 — Custom error pages loader.
|
|
818
|
-
*
|
|
819
|
-
* Loads optional `.theo/client/404.html` and `500.html` from disk so adapters
|
|
820
|
-
* (Node, CF, Vercel, Bun, Netlify, AWS Lambda, Deno) can pass them to the
|
|
821
|
-
* shared `sendError` pipeline.
|
|
822
|
-
*
|
|
823
|
-
* EC-9: caps file size at 1MB. Files beyond the limit are skipped with a
|
|
824
|
-
* console.warn and the default JSON error path is used.
|
|
825
|
-
*/
|
|
826
|
-
declare const MAX_ERROR_HTML_BYTES = 1048576;
|
|
827
|
-
interface CustomErrorPages {
|
|
828
|
-
custom404Html?: string;
|
|
829
|
-
custom500Html?: string;
|
|
830
|
-
}
|
|
831
|
-
/**
|
|
832
|
-
* Load `.theo/client/{404,500}.html` from the given client directory.
|
|
833
|
-
* Returns object with both fields when present; missing pages remain undefined.
|
|
834
|
-
*/
|
|
835
|
-
declare function loadCustomErrorPages(clientDir: string): CustomErrorPages;
|
|
836
|
-
|
|
837
|
-
declare function serveStaticFile(req: IncomingMessage, res: ServerResponse, clientDir: string): boolean;
|
|
838
|
-
|
|
839
|
-
/**
|
|
840
|
-
* Phase 7 — Observability: traceId propagation (D7).
|
|
841
|
-
*
|
|
842
|
-
* Extract a stable identifier from incoming requests so a single value
|
|
843
|
-
* correlates the client request, every server log line, the response
|
|
844
|
-
* envelope, and any downstream span. Precedence:
|
|
845
|
-
*
|
|
846
|
-
* 1. `traceparent` (W3C Trace Context — `00-{32-hex}-{16-hex}-{flags}`)
|
|
847
|
-
* 2. `x-request-id` (Heroku / GCP / generic proxy header)
|
|
848
|
-
* 3. Generated UUID (fresh per request)
|
|
849
|
-
*
|
|
850
|
-
* UUIDs are accepted as trace identifiers by every major vendor that
|
|
851
|
-
* does not enforce strict 32-hex (Datadog, Honeycomb, Sentry, Logflare,
|
|
852
|
-
* Axiom, etc). We don't need ULIDs to ship this surface.
|
|
853
|
-
*/
|
|
854
|
-
declare const TRACE_HEADER = "x-trace-id";
|
|
855
|
-
declare const TRACE_PARENT_HEADER = "traceparent";
|
|
856
|
-
/**
|
|
857
|
-
* Parse a W3C Trace Context `traceparent` header value. Returns the
|
|
858
|
-
* 32-hex trace-id when valid (and not the reserved all-zeros), else
|
|
859
|
-
* `null`.
|
|
860
|
-
*/
|
|
861
|
-
declare function parseTraceparent(value: string): string | null;
|
|
862
|
-
/**
|
|
863
|
-
* Resolve the request's traceId following the precedence above.
|
|
864
|
-
*/
|
|
865
|
-
declare function extractTraceId(req: IncomingMessage): string;
|
|
866
|
-
|
|
867
|
-
declare function scanServerRoutes(serverDir: string): ServerRouteNode[];
|
|
868
|
-
|
|
869
|
-
interface ActionNode {
|
|
870
|
-
filePath: string;
|
|
871
|
-
actionPath: string;
|
|
872
|
-
}
|
|
873
|
-
/**
|
|
874
|
-
* Enriched manifest entry per plan g3-server-actions-and-useaction v1.2
|
|
875
|
-
* § Phase 1 / T1.4 + ADR D4. Consumed by virtual module `@theo/actions`
|
|
876
|
-
* (T3.1) and G4 devtools "Actions" tab (T5.1).
|
|
877
|
-
*/
|
|
878
|
-
interface ActionManifestEntry$1 {
|
|
879
|
-
name: string;
|
|
880
|
-
filePath: string;
|
|
881
|
-
urlPath: string;
|
|
882
|
-
accept: 'form' | 'json';
|
|
883
|
-
hasInput: boolean;
|
|
884
|
-
/**
|
|
885
|
-
* P#4 plugin-forms shared-schema convention (per plan p4-plugin-forms v1.1 T1.1).
|
|
886
|
-
* When present, points to an isomorphic schema file at
|
|
887
|
-
* `<serverDir>/actions/schemas/<basename>.ts` exporting `export const schema = z.object(...)`.
|
|
888
|
-
* Virtual module emits `import {schema} from '<schemaFilePath>'` + attaches as
|
|
889
|
-
* `actions.X.__zodSchema` so client-side <TheoForm> can drive zodResolver.
|
|
890
|
-
* Undefined when convention not followed (graceful degrade — TheoForm still
|
|
891
|
-
* works via explicit `schema={...}` prop escape hatch).
|
|
892
|
-
*/
|
|
893
|
-
schemaFilePath?: string;
|
|
894
|
-
}
|
|
895
|
-
/**
|
|
896
|
-
* EC-2: structured error for scan-time defects (name collision, reserved
|
|
897
|
-
* identifier, etc.). Throw at scan time to fail loud — silent shadowing is
|
|
898
|
-
* a security/correctness footgun.
|
|
899
|
-
*/
|
|
900
|
-
declare class ActionScanError extends Error {
|
|
901
|
-
readonly code: 'NAME_COLLISION' | 'RESERVED_NAME';
|
|
902
|
-
readonly conflictingPaths: readonly string[];
|
|
903
|
-
constructor(code: 'NAME_COLLISION' | 'RESERVED_NAME', message: string, conflictingPaths: readonly string[]);
|
|
904
|
-
}
|
|
905
|
-
/**
|
|
906
|
-
* Backward-compatible: original simple-shape scanner used by existing
|
|
907
|
-
* consumers. Preserved verbatim; new consumers should call
|
|
908
|
-
* `scanServerActionsEnriched`.
|
|
909
|
-
*/
|
|
910
|
-
declare function scanServerActions(serverDir: string): ActionNode[];
|
|
911
|
-
/**
|
|
912
|
-
* Enriched scan: light AST detection of `accept: 'form'|'json'` + `input:`
|
|
913
|
-
* presence via regex-after-comment-stripping (EC-9). Throws ActionScanError
|
|
914
|
-
* on file/dir name collision (EC-2) or reserved JS identifier names.
|
|
915
|
-
*
|
|
916
|
-
* Output `ActionManifestEntry[]` is sorted by `name` for deterministic
|
|
917
|
-
* `.theo/actions-manifest.json` emission.
|
|
918
|
-
*/
|
|
919
|
-
declare function scanServerActionsEnriched(serverDir: string): ActionManifestEntry$1[];
|
|
920
|
-
|
|
921
|
-
interface WebSocketRouteNode {
|
|
922
|
-
filePath: string;
|
|
923
|
-
wsPath: string;
|
|
924
|
-
}
|
|
925
|
-
declare function scanWebSocketRoutes(serverDir: string): WebSocketRouteNode[];
|
|
926
|
-
|
|
927
|
-
/**
|
|
928
|
-
* Scan the server/middleware/ directory for middleware files.
|
|
929
|
-
* Files are returned sorted alphabetically — use numeric prefixes
|
|
930
|
-
* (e.g. 01-cors.ts, 02-auth.ts) to control execution order.
|
|
931
|
-
*
|
|
932
|
-
* Files starting with '_' or '.' are ignored (helpers, hidden files).
|
|
933
|
-
*/
|
|
934
|
-
declare function scanMiddlewares(serverDir: string): string[];
|
|
935
|
-
|
|
936
|
-
interface ManifestRoute {
|
|
937
|
-
filePath: string;
|
|
938
|
-
routePath: string;
|
|
939
|
-
paramNames: string[];
|
|
940
|
-
/** HTTP methods (uppercase) the route file exports. Optional — manifests
|
|
941
|
-
* generated before G1 omit this; loaders treat absence as "unknown". */
|
|
942
|
-
methods?: string[];
|
|
943
|
-
}
|
|
944
|
-
interface ManifestAction {
|
|
945
|
-
filePath: string;
|
|
946
|
-
actionPath: string;
|
|
947
|
-
}
|
|
948
|
-
interface ManifestWebSocket {
|
|
949
|
-
filePath: string;
|
|
950
|
-
wsPath: string;
|
|
951
|
-
}
|
|
952
|
-
interface TheoManifest {
|
|
953
|
-
version: 1;
|
|
954
|
-
generatedAt: string;
|
|
955
|
-
routes: ManifestRoute[];
|
|
956
|
-
actions: ManifestAction[];
|
|
957
|
-
websockets: ManifestWebSocket[];
|
|
958
|
-
}
|
|
959
|
-
interface LoadedManifest {
|
|
960
|
-
routes: ServerRouteNode[];
|
|
961
|
-
actions: ActionNode[];
|
|
962
|
-
websockets: WebSocketRouteNode[];
|
|
963
|
-
}
|
|
964
|
-
declare function generateManifest(serverDir: string): TheoManifest;
|
|
965
|
-
declare function writeManifest(manifest: TheoManifest, outputDir: string): void;
|
|
966
|
-
declare function loadManifest(distDir: string, serverDir: string): LoadedManifest;
|
|
13
|
+
export { DuplicateContextKeyError, DuplicateJobNameError, EnqueueOptions, InMemoryJobBackend, InMemoryJobBackendOptions, JOB_MANIFEST_SCHEMA_VERSION, JobContext, JobDefinition, JobManifest, JobManifestEntry, JobNode, JobOptions, JobRegistry, JobRunner, Outbox, OutboxFlushOptions, PostgresJobBackend, PostgresJobBackendOptions, QueueClient, buildJobManifest, createJobRunner, createOutbox, createOutboxDispatcher, createQueueClient, defineJob, scanJobs, writeJobManifest } from './jobs/index.js';
|
|
14
|
+
export { J as JobBackend, a as JobEnqueueInput, b as JobLease, N as NonRetryableError } from '../job-backend-CgC8Xf33.js';
|
|
15
|
+
export { ConsoleObservabilityAdapter, LogLevel, LoggerFn, NoopObservabilityAdapter, NoopSpan, ObservabilityAdapter, RequestLog, SpanAttributes, SpanHandle, SpanImpl, StructuredLog, TheoCloudObservabilityAdapter, TheoLogger, _resetWarnOnceForTests, createLogger, createObservabilityPlugin, defineObservabilityAdapter, findSuggestion, levenshtein, logRequest, resolveAdapter, serializeSpansToOtlp, warnOnce } from './observability/index.js';
|
|
16
|
+
export { a as AuditEvent, A as AuditLogger, J as JsonStdoutSink, c as createNoOpLogger, s as safeAudit } from '../audit-log-BQWM5YLG.js';
|
|
17
|
+
export { D as DuplicateDecorationError, a as DuplicatePluginError, P as PluginRunner } from '../plugin-runner-BGBkzgi0.js';
|
|
18
|
+
export { InvalidPluginShapeError, createPluginRunnerFromConfig } from './plugins/index.js';
|
|
19
|
+
export { R as RateLimitConfig, a as RateLimitResult, c as createRateLimiter, b as createRateLimiterWeb } from '../rate-limit-BdNDZ3vt.js';
|
|
20
|
+
export { I as InMemoryStore, a as RateLimitState, R as RateLimitStore } from '../rate-limit-store-BEJnhWdw.js';
|
|
21
|
+
export { DeriveKeyRequestContext, KeyByMode, RouteRateLimitConfig, createRouteRateLimiter, createRouteRateLimiterWeb, deriveKey, deriveKeyFromRequest, matchRoutePattern } from './rate-limit/index.js';
|
|
22
|
+
export { ChannelManager } from './realtime/index.js';
|
|
23
|
+
export { CSP_REPORT_PATH, CSRF_READINESS_PATH, CSRF_READINESS_RESET_PATH, CspMode, CspReportHandlerOptions, CspViolation, DEFAULT_CSP, DEFAULT_PERMISSIONS_POLICY, SecurityEnv, SecurityHeadersConfig, SecurityHeadersOptions, applySecurityHeaders, buildSecurityHeaders, handleCspReport, handleCspReportRequest, handleCsrfReadiness, handleCsrfReadinessRequest, normalizeLegacy, normalizeNew } from './security/index.js';
|
|
24
|
+
export { C as CSRF_WARN_CODE, a as CSRF_WARN_DOCS_URL, b as CsrfLogger, c as CsrfMode, d as CsrfWarnPayload, D as DisallowedConfig, e as enforceCsrf, m as matchDisallowed, v as validateCsrf, f as validateCsrfRequest } from '../csrf-BBrEZSBW.js';
|
|
25
|
+
export { a as CsrfReadinessRouteSummary, C as CsrfReadinessStore, b as CsrfReadinessSummary, c as CsrfWarnRecord } from '../csrf-readiness-store-CjIoub3U.js';
|
|
26
|
+
export { P as PostgresFactory, R as RedisFactory, S as StorageManager, g as getStorageManager } from '../storage-manager-C4jsO0Tp.js';
|
|
27
|
+
export { Db0Database, UnstorageInstance, useDatabase, useUnstorage } from './storage/index.js';
|
|
28
|
+
export { G as GenericFactory, a as PoolLike, P as PostgresDatabaseConfig, c as RedisLike, R as RedisServerConfig, S as ServerConfig, d as StorageAdapter, b as StorageConfig, T as TlsConfig } from '../storage-types-DsDTCPbp.js';
|
|
29
|
+
export { BodyTooLargeError, DEFAULT_MAX_BODY_BYTES, DefineWebhookOptions, RawBodyResult, ReadRawBodyOptions, VerifyFn, VerifyResult, WebhookContext, WebhookDefinition, defineWebhook, dispatchWebhook, readRawBody, timingSafeEqual } from './webhook/index.js';
|
|
30
|
+
import { z } from 'zod';
|
|
31
|
+
import { IncomingMessage } from 'node:http';
|
|
32
|
+
import { W as WebOnRequestHook, b as WebPreHandlerHook, c as WebOnResponseHook, d as WebOnErrorHook } from '../plugin-types-DNJGxr4Z.js';
|
|
33
|
+
export { e as HookName, H as HookResult, O as OnErrorHook, f as OnRequestHook, g as OnResponseHook, P as PluginContext, h as PluginErrorContext, i as PreHandlerHook, R as RunHookOptions, a as TheoApp, T as TheoPlugin, j as definePlugin } from '../plugin-types-DNJGxr4Z.js';
|
|
34
|
+
export { a as ServiceDefinition, S as ServicesConfig, b as ServicesConfigInput, c as ServicesConfigOutput } from '../schema-D3v8VB7o.js';
|
|
35
|
+
import 'vite';
|
|
967
36
|
|
|
968
37
|
/**
|
|
969
38
|
* Action protocol — cross-boundary contract for `defineAction` + `useAction`.
|
|
@@ -984,6 +53,7 @@ declare function loadManifest(distDir: string, serverDir: string): LoadedManifes
|
|
|
984
53
|
* (EC-7). Consumers needing bracket notation can write a small `dotToBracket`
|
|
985
54
|
* helper in userland.
|
|
986
55
|
*/
|
|
56
|
+
|
|
987
57
|
/**
|
|
988
58
|
* HTTP-status mapping per IANA HTTP Status Code Registry (subset relevant to
|
|
989
59
|
* action surface). VALIDATION_ERROR → 422 is preferred over Astro's BAD_REQUEST/400
|
|
@@ -1016,6 +86,20 @@ declare class ActionError extends Error {
|
|
|
1016
86
|
message?: string;
|
|
1017
87
|
stack?: string;
|
|
1018
88
|
});
|
|
89
|
+
/**
|
|
90
|
+
* G5 T2.4 — canonical envelope view of the action error. Maps the G3
|
|
91
|
+
* ActionErrorCode to a canonical TheoErrorCode (VALIDATION_ERROR ↔
|
|
92
|
+
* UNPROCESSABLE_ENTITY, CONTENT_TOO_LARGE ↔ PAYLOAD_TOO_LARGE) so consumer
|
|
93
|
+
* UI / SDK code can switch on the unified envelope.
|
|
94
|
+
*
|
|
95
|
+
* Subclasses override to populate `ext` (see `ActionInputError.envelope`).
|
|
96
|
+
*/
|
|
97
|
+
get envelope(): TheoErrorEnvelope;
|
|
98
|
+
/**
|
|
99
|
+
* Translate G3 ActionErrorCode → canonical TheoErrorCode (blueprint
|
|
100
|
+
* Recommendations § "G3 ActionError becomes inaugural envelope user").
|
|
101
|
+
*/
|
|
102
|
+
static toTheoErrorCode(code: ActionErrorCode): TheoErrorCode;
|
|
1019
103
|
static codeToStatus(code: ActionErrorCode): number;
|
|
1020
104
|
static statusToCode(status: number): ActionErrorCode;
|
|
1021
105
|
/**
|
|
@@ -1040,6 +124,12 @@ declare class ActionInputError extends ActionError {
|
|
|
1040
124
|
readonly issues: readonly UniversalZodIssue[];
|
|
1041
125
|
readonly fields: Record<string, string[]>;
|
|
1042
126
|
constructor(rawIssues: unknown);
|
|
127
|
+
/**
|
|
128
|
+
* G5 T2.4 — envelope view with ValidationFieldsExt populated from .fields.
|
|
129
|
+
* UI consumers can `switch (env.code)` on `UNPROCESSABLE_ENTITY` and read
|
|
130
|
+
* `(env.ext as ValidationFieldsExt).fields` for field-level rendering.
|
|
131
|
+
*/
|
|
132
|
+
get envelope(): TheoErrorEnvelope<ValidationFieldsExt>;
|
|
1043
133
|
}
|
|
1044
134
|
/**
|
|
1045
135
|
* Normalize zod v3 (`z.ZodIssue`) and v4 (`$ZodIssue`) raw issues to
|
|
@@ -1107,721 +197,23 @@ interface ActionManifestEntry {
|
|
|
1107
197
|
readonly hasInput: boolean;
|
|
1108
198
|
}
|
|
1109
199
|
|
|
1110
|
-
|
|
1111
|
-
|
|
1112
|
-
|
|
1113
|
-
|
|
1114
|
-
|
|
1115
|
-
|
|
1116
|
-
|
|
1117
|
-
|
|
1118
|
-
|
|
1119
|
-
|
|
1120
|
-
|
|
1121
|
-
*
|
|
1122
|
-
* Mapping table (SDK → AgentEvent):
|
|
1123
|
-
*
|
|
1124
|
-
* | SDK message | AgentEvent yielded |
|
|
1125
|
-
* |---|---|
|
|
1126
|
-
* | assistant.content[].type==='text' | { type: 'message', content } |
|
|
1127
|
-
* | assistant.content[].type==='tool_use'| (none — covered by tool_call below) |
|
|
1128
|
-
* | tool_call(status='running') | { type: 'tool_call', name, args, id } |
|
|
1129
|
-
* | tool_call(status='completed') | { type: 'tool_result', name, data, id }|
|
|
1130
|
-
* | tool_call(status='error') | { type: 'error', message, id } |
|
|
1131
|
-
* | run.wait() status==='error' | { type: 'error', message } |
|
|
1132
|
-
* | run.wait() status==='cancelled' | (none — cancel ≠ error) |
|
|
1133
|
-
* | system / user / thinking / status / | (none — internal SDK telemetry) |
|
|
1134
|
-
* | task / request / object_delta | |
|
|
1135
|
-
*
|
|
1136
|
-
* Abort semantics: when the consumer calls `generator.return()` on the
|
|
1137
|
-
* outer `defineAgentEndpoint` generator, `streamAgentRun` exits the
|
|
1138
|
-
* `for await` loop and does NOT call `run.wait()`. Cleanup of in-flight
|
|
1139
|
-
* SDK resources is the SDK consumer's responsibility (`run.cancel()`).
|
|
1140
|
-
*/
|
|
1141
|
-
/**
|
|
1142
|
-
* Local mirror of the SDK's `Run` interface — only the surfaces we consume.
|
|
1143
|
-
* The message contract is minimal (just `{ type: string }`) so the SDK's
|
|
1144
|
-
* `SDKMessage` discriminated union IS structurally assignable without any
|
|
1145
|
-
* cast at the consumer site (covariant — TS accepts the SDK's typed message
|
|
1146
|
-
* as the wider `{ type: string }`). Property access inside `streamAgentRun`
|
|
1147
|
-
* narrows via runtime type guards.
|
|
1148
|
-
*
|
|
1149
|
-
* `import type` from `@theokit/sdk` would couple TheoKit to the SDK at type-
|
|
1150
|
-
* resolution time even for consumers who never use the agent surface.
|
|
1151
|
-
*/
|
|
1152
|
-
interface AgentRunLike {
|
|
1153
|
-
stream: () => AsyncIterable<{
|
|
1154
|
-
type: string;
|
|
1155
|
-
}>;
|
|
1156
|
-
wait: () => Promise<AgentRunResult>;
|
|
1157
|
-
}
|
|
1158
|
-
/**
|
|
1159
|
-
* Re-exported as a convenience for test fixtures. Production code typically
|
|
1160
|
-
* passes an SDK `Run` directly (structural match via `{ type: string }`).
|
|
1161
|
-
*/
|
|
1162
|
-
type AgentRunStreamMessage = {
|
|
1163
|
-
type: 'assistant';
|
|
1164
|
-
message: {
|
|
1165
|
-
role: 'assistant';
|
|
1166
|
-
content: {
|
|
1167
|
-
type: string;
|
|
1168
|
-
text?: string;
|
|
1169
|
-
}[];
|
|
1170
|
-
};
|
|
1171
|
-
} | {
|
|
1172
|
-
type: 'tool_call';
|
|
1173
|
-
name: string;
|
|
1174
|
-
status: 'running' | 'completed' | 'error';
|
|
1175
|
-
args?: unknown;
|
|
1176
|
-
result?: unknown;
|
|
1177
|
-
call_id: string;
|
|
1178
|
-
} | {
|
|
1179
|
-
type: string;
|
|
1180
|
-
[k: string]: unknown;
|
|
1181
|
-
};
|
|
1182
|
-
/** Subset of the SDK `RunResult` we consume. */
|
|
1183
|
-
interface AgentRunResult {
|
|
1184
|
-
status: 'finished' | 'error' | 'cancelled';
|
|
1185
|
-
error?: {
|
|
1186
|
-
message: string;
|
|
1187
|
-
code?: string;
|
|
1188
|
-
cause?: unknown;
|
|
1189
|
-
};
|
|
1190
|
-
}
|
|
1191
|
-
/**
|
|
1192
|
-
* Map an SDK error to the AgentErrorEvent shape. Pure function — easy to test.
|
|
1193
|
-
*
|
|
1194
|
-
* Backward compat (D4): non-AgentRunError throws yield only `message` field
|
|
1195
|
-
* (legacy shape); discriminated fields stay `undefined`.
|
|
1196
|
-
*
|
|
1197
|
-
* Return type is the specific `AgentErrorEvent` (not the union) for ergonomic
|
|
1198
|
-
* call-site access — `errorToEvent(err).code` works without narrowing.
|
|
1199
|
-
*/
|
|
1200
|
-
declare function errorToEvent(err: unknown, id?: string): AgentErrorEvent;
|
|
1201
|
-
declare function streamAgentRun(run: AgentRunLike): AsyncGenerator<AgentEvent, void, unknown>;
|
|
1202
|
-
|
|
1203
|
-
/**
|
|
1204
|
-
* Item #5 — `createConversationHistory`
|
|
1205
|
-
*
|
|
1206
|
-
* Orchestrator that resolves a stable `agentId` from (explicit → session →
|
|
1207
|
-
* cookie → fresh UUID), then returns an `@theokit/sdk` `Agent` via
|
|
1208
|
-
* `Agent.getOrCreate(agentId, options)`. Conversation turns auto-persist in
|
|
1209
|
-
* `<cwd>/.theokit/agents/<agentId>/messages.jsonl` — SDK owns the storage
|
|
1210
|
-
* (ADR D1). `MemorySettings` (facts recall layer) is opt-in passthrough via
|
|
1211
|
-
* `options.memory` (ADR D2).
|
|
1212
|
-
*
|
|
1213
|
-
* Security: agentId from cookie/explicit is attacker-controlled. The SDK
|
|
1214
|
-
* uses it as a filesystem path component AND we serialize it into Set-Cookie.
|
|
1215
|
-
* EC-1 enforces a strict regex `^[a-zA-Z0-9_-]{1,128}$` at every entry point;
|
|
1216
|
-
* invalid values fall through (treated as "missing") rather than throw.
|
|
1217
|
-
*/
|
|
1218
|
-
/**
|
|
1219
|
-
* Minimum surface of an SDK Agent that consumers care about post-creation.
|
|
1220
|
-
* Structural match — any object with `send` + `dispose` of compatible
|
|
1221
|
-
* shape works. `send` returns a `SdkRunLike` (a Run-shaped object) that
|
|
1222
|
-
* `streamAgentRun` can consume. Permissive `unknown` for now; consumers
|
|
1223
|
-
* who want stricter types can cast to the SDK's own types.
|
|
1224
|
-
*
|
|
1225
|
-
* **T5.2 (architecture-cleanup) — DP-7 decision: KEEP (Opt B).** The 5 duck-typed
|
|
1226
|
-
* mirrors below were flagged as "over-engineered" by the 2026-05-27 architecture
|
|
1227
|
-
* review. Decision: KEEP them because `@theokit/sdk` is `devDependency` (not
|
|
1228
|
-
* required at runtime for consumers that don't use agent features). Removing
|
|
1229
|
-
* the mirrors would force a hard runtime dep on the SDK, breaking consumers
|
|
1230
|
-
* who build TheoKit apps without the agent layer.
|
|
1231
|
-
*
|
|
1232
|
-
* @kept Defensive duck-type. Do NOT replace with direct SDK type imports unless
|
|
1233
|
-
* `@theokit/sdk` is promoted from devDependency to dependency. If promoting,
|
|
1234
|
-
* ALSO drop the mirrors (Opt A from the architecture-cleanup plan T5.2).
|
|
1235
|
-
*/
|
|
1236
|
-
interface SdkRunLike {
|
|
1237
|
-
stream: () => AsyncIterable<{
|
|
1238
|
-
type: string;
|
|
1239
|
-
}>;
|
|
1240
|
-
wait: () => Promise<{
|
|
1241
|
-
status: 'finished' | 'error' | 'cancelled';
|
|
1242
|
-
error?: {
|
|
1243
|
-
message: string;
|
|
1244
|
-
};
|
|
1245
|
-
}>;
|
|
1246
|
-
}
|
|
1247
|
-
interface SdkAgent {
|
|
1248
|
-
send: (message: string, options?: unknown) => Promise<SdkRunLike>;
|
|
1249
|
-
dispose: () => Promise<void>;
|
|
1250
|
-
}
|
|
1251
|
-
/**
|
|
1252
|
-
* Phase 2 — structural duck-type of `@theokit/sdk`'s `ConversationStorageAdapter`.
|
|
1253
|
-
*
|
|
1254
|
-
* D2 (decoupling): we mirror the SDK's shape locally rather than hard-import
|
|
1255
|
-
* the SDK type. This lets consumers pass any object matching the structural
|
|
1256
|
-
* contract (own implementation, SDK's `FileSystemConversationStorage`,
|
|
1257
|
-
* `InMemoryConversationStorage`, or a Postgres/Redis recipe).
|
|
1258
|
-
*
|
|
1259
|
-
* EC-5 (SHOULD TEST — sync drift detection): the SDK type MUST be assignable
|
|
1260
|
-
* to this interface AND vice-versa. A contract test asserts both directions.
|
|
1261
|
-
*
|
|
1262
|
-
* `unknown` for the message payload avoids coupling to the SDK's `SDKMessage`
|
|
1263
|
-
* shape. Real consumers cast at the call site if they need stricter types.
|
|
1264
|
-
*/
|
|
1265
|
-
interface ConversationStorageLike {
|
|
1266
|
-
getMessages(conversationId: string): Promise<readonly unknown[]>;
|
|
1267
|
-
appendMessage(conversationId: string, message: unknown): Promise<void>;
|
|
1268
|
-
deleteConversation(conversationId: string): Promise<void>;
|
|
1269
|
-
listConversationIds?(opts?: {
|
|
1270
|
-
limit?: number;
|
|
1271
|
-
}): Promise<readonly string[] | undefined>;
|
|
1272
|
-
dispose?(): Promise<void>;
|
|
1273
|
-
}
|
|
1274
|
-
/**
|
|
1275
|
-
* Minimum surface of `AgentOptions` accepted by `Agent.getOrCreate`. Forward-
|
|
1276
|
-
* compatible: callers pass whatever the SDK supports (memory, tools, etc.).
|
|
1277
|
-
*
|
|
1278
|
-
* Phase 2 adds typed `conversationStorage` slot. The index signature still
|
|
1279
|
-
* passes everything else opaquely.
|
|
1280
|
-
*/
|
|
1281
|
-
interface SdkAgentOptions {
|
|
1282
|
-
apiKey?: string;
|
|
1283
|
-
model?: {
|
|
1284
|
-
id: string;
|
|
1285
|
-
};
|
|
1286
|
-
tools?: readonly unknown[];
|
|
1287
|
-
memory?: Record<string, unknown>;
|
|
1288
|
-
/**
|
|
1289
|
-
* Phase 2 (Production-Readiness #1) — pluggable conversation persistence.
|
|
1290
|
-
* Default (when omitted): SDK falls back to `FileSystemConversationStorage`.
|
|
1291
|
-
* Required for serverless / multi-host deploys.
|
|
1292
|
-
*/
|
|
1293
|
-
conversationStorage?: ConversationStorageLike;
|
|
1294
|
-
[key: string]: unknown;
|
|
1295
|
-
}
|
|
1296
|
-
interface SdkModule {
|
|
1297
|
-
Agent: {
|
|
1298
|
-
getOrCreate: (agentId: string, options: SdkAgentOptions) => Promise<SdkAgent>;
|
|
1299
|
-
};
|
|
1300
|
-
}
|
|
1301
|
-
interface ConversationHistoryArgs {
|
|
1302
|
-
/** Request — for reading the conversation cookie. */
|
|
1303
|
-
request: Request | {
|
|
1304
|
-
headers?: {
|
|
1305
|
-
cookie?: string;
|
|
1306
|
-
} | Headers;
|
|
1307
|
-
};
|
|
1308
|
-
/**
|
|
1309
|
-
* Response-like surface that accepts a `Set-Cookie` header. The primitive
|
|
1310
|
-
* appends a Set-Cookie line when issuing a new conversation id. If absent,
|
|
1311
|
-
* the primitive still reads the existing cookie but cannot issue a new
|
|
1312
|
-
* one — useful for read-only contexts.
|
|
1313
|
-
*/
|
|
1314
|
-
response?: {
|
|
1315
|
-
headers: Headers;
|
|
1316
|
-
};
|
|
1317
|
-
/** Explicit override — wins over session/cookie/uuid (ADR D3 step 1). */
|
|
1318
|
-
agentId?: string;
|
|
1319
|
-
/** Auth session containing a `conversationId` field — ADR D3 step 2. */
|
|
1320
|
-
session?: {
|
|
1321
|
-
conversationId?: string;
|
|
1322
|
-
} | null;
|
|
1323
|
-
/** SDK AgentOptions forwarded to Agent.getOrCreate. apiKey + model required. */
|
|
1324
|
-
options: SdkAgentOptions;
|
|
1325
|
-
/** Cookie name override. Default: 'theo_conversation'. */
|
|
1326
|
-
cookieName?: string;
|
|
1327
|
-
/** Cookie max-age in seconds. Default + min: 30 days. Non-positive coerced to default (EC-4). */
|
|
1328
|
-
cookieMaxAge?: number;
|
|
1329
|
-
}
|
|
1330
|
-
interface ConversationHistoryResult {
|
|
1331
|
-
/** The SDK Agent, ready to receive `agent.send(message)`. */
|
|
1332
|
-
agent: SdkAgent;
|
|
1333
|
-
/** The resolved conversation id (useful for logging / debugging). */
|
|
1334
|
-
conversationId: string;
|
|
1335
|
-
/** True when the id was newly generated (no prior cookie / session). */
|
|
1336
|
-
isNew: boolean;
|
|
1337
|
-
}
|
|
1338
|
-
/** @internal */
|
|
1339
|
-
declare function __setSdkForTests(sdk: SdkModule | null): void;
|
|
1340
|
-
/** @internal */
|
|
1341
|
-
declare function __resetSdkForTests(): void;
|
|
1342
|
-
declare function createConversationHistory(args: ConversationHistoryArgs): Promise<ConversationHistoryResult>;
|
|
1343
|
-
|
|
1344
|
-
/**
|
|
1345
|
-
* Request log primitive (T6.2 of architecture-review-remediation-plan).
|
|
1346
|
-
*
|
|
1347
|
-
* Split out from `logger.ts` per PV-12 (SRP) — the file previously mixed
|
|
1348
|
-
* 3 concerns (factory, warnOnce, request log). This module owns ONLY the
|
|
1349
|
-
* `logRequest` flow + the devtools broadcast best-effort forwarder.
|
|
1350
|
-
*
|
|
1351
|
-
* Public API surface is unchanged — `logger.ts` re-exports `logRequest`
|
|
1352
|
-
* + `RequestLog` + `LoggerFn` for backward compat.
|
|
1353
|
-
*/
|
|
1354
|
-
|
|
1355
|
-
interface RequestLog {
|
|
1356
|
-
level: string;
|
|
1357
|
-
method: string;
|
|
1358
|
-
url: string;
|
|
1359
|
-
status: number;
|
|
1360
|
-
duration: number;
|
|
1361
|
-
requestId: string;
|
|
1362
|
-
timestamp: string;
|
|
1363
|
-
}
|
|
1364
|
-
type LoggerFn = (log: RequestLog) => void;
|
|
1365
|
-
declare function logRequest(info: Omit<RequestLog, 'level' | 'timestamp'>, customLogger?: LoggerFn, req?: IncomingMessage): void;
|
|
1366
|
-
|
|
1367
|
-
type LogLevel = 'debug' | 'info' | 'warn' | 'error' | 'silent';
|
|
1368
|
-
interface StructuredLog {
|
|
1369
|
-
level: string;
|
|
1370
|
-
msg: string;
|
|
1371
|
-
timestamp: string;
|
|
1372
|
-
[key: string]: unknown;
|
|
1373
|
-
}
|
|
1374
|
-
interface TheoLogger {
|
|
1375
|
-
debug(msg: string, context?: Record<string, unknown>): void;
|
|
1376
|
-
info(msg: string, context?: Record<string, unknown>): void;
|
|
1377
|
-
warn(msg: string, context?: Record<string, unknown>): void;
|
|
1378
|
-
error(msg: string, context?: Record<string, unknown>): void;
|
|
1379
|
-
child(context: Record<string, unknown>): TheoLogger;
|
|
1380
|
-
}
|
|
1381
|
-
declare function createLogger(options?: {
|
|
1382
|
-
level?: LogLevel;
|
|
1383
|
-
output?: (log: StructuredLog) => void;
|
|
1384
|
-
context?: Record<string, unknown>;
|
|
1385
|
-
}): TheoLogger;
|
|
1386
|
-
/**
|
|
1387
|
-
* Reset internal state. Test-only export — do not call from production.
|
|
1388
|
-
*/
|
|
1389
|
-
declare function _resetWarnOnceForTests(): void;
|
|
1390
|
-
/**
|
|
1391
|
-
* Emit a structured warning ONCE per key. Subsequent calls with the same
|
|
1392
|
-
* key are suppressed. Used for cutover-style warnings (e.g. CSRF warn)
|
|
1393
|
-
* that would otherwise flood logs under load.
|
|
1394
|
-
*
|
|
1395
|
-
* Convention: key is `<event>:<method>:<path>` — see callers in csrf.ts.
|
|
1396
|
-
*
|
|
1397
|
-
* EC-2: payload may contain circular references. Wrap `JSON.stringify`
|
|
1398
|
-
* in try/catch so a malformed payload doesn't crash the request handler.
|
|
1399
|
-
*/
|
|
1400
|
-
declare function warnOnce(key: string, payload: Record<string, unknown>): void;
|
|
1401
|
-
|
|
1402
|
-
declare function levenshtein(a: string, b: string): number;
|
|
1403
|
-
declare function findSuggestion(input: string, candidates: string[], maxDistance?: number): string | null;
|
|
1404
|
-
|
|
1405
|
-
declare class InvalidPluginShapeError extends Error {
|
|
1406
|
-
constructor(index: number, reason: string);
|
|
1407
|
-
}
|
|
1408
|
-
/**
|
|
1409
|
-
* Build a PluginRunner from a list of plugins typically declared in
|
|
1410
|
-
* `theo.config.ts` under the `plugins` field. Returns `undefined` when no
|
|
1411
|
-
* plugins are configured so callers can pass `undefined` to `executeRoute`
|
|
1412
|
-
* and preserve the zero-overhead path.
|
|
1413
|
-
*/
|
|
1414
|
-
declare function createPluginRunnerFromConfig(plugins: unknown): Promise<PluginRunner | undefined>;
|
|
1415
|
-
|
|
1416
|
-
/**
|
|
1417
|
-
* T2.2 — Per-route + per-user rate limiting.
|
|
1418
|
-
*
|
|
1419
|
-
* Layered on top of `rate-limit-store.ts`. The route map allows
|
|
1420
|
-
* declarative policies ("strict /api/login, loose everything else")
|
|
1421
|
-
* driven by config, not handler-decorated. `keyBy` selects what
|
|
1422
|
-
* identifier the limiter buckets on.
|
|
1423
|
-
*
|
|
1424
|
-
* ADR D2: per-route via path matching, NOT per-handler decorator.
|
|
1425
|
-
* Operators can tune policies without touching route definitions.
|
|
1426
|
-
*/
|
|
1427
|
-
type KeyByMode = 'ip' | 'session' | 'user' | ((req: IncomingMessage) => string);
|
|
1428
|
-
interface RouteRateLimitConfig {
|
|
1429
|
-
/** Fallback config used when no per-route entry matches. */
|
|
1430
|
-
default?: RateLimitConfig;
|
|
1431
|
-
/** Map of path pattern → config. Exact-string keys (RegExp via API). */
|
|
1432
|
-
routes?: Record<string, RateLimitConfig>;
|
|
1433
|
-
/** Same as `routes` but each entry is a [pattern, config] tuple, RegExp allowed. */
|
|
1434
|
-
routePatterns?: readonly [string | RegExp, RateLimitConfig][];
|
|
1435
|
-
/** Bucket identifier strategy. Default 'ip'. */
|
|
1436
|
-
keyBy?: KeyByMode;
|
|
1437
|
-
/** Cookie name used by keyBy='session'. Defaults to 'theo_session'. */
|
|
1438
|
-
cookieName?: string;
|
|
1439
|
-
/** Optional shared store (for multi-route correlation). Default per-limiter InMemoryStore. */
|
|
1440
|
-
store?: RateLimitStore;
|
|
1441
|
-
}
|
|
1442
|
-
/**
|
|
1443
|
-
* Test whether `path` matches `pattern`. String patterns are compared
|
|
1444
|
-
* after trailing-slash normalization (EC-5). RegExp uses `.test` after
|
|
1445
|
-
* resetting `lastIndex` (defensive against `/g` flag).
|
|
1446
|
-
*/
|
|
1447
|
-
declare function matchRoutePattern(path: string, pattern: string | RegExp): boolean;
|
|
1448
|
-
/**
|
|
1449
|
-
* Build the rate-limit bucket key for the request based on `keyBy`.
|
|
1450
|
-
*
|
|
1451
|
-
* EC-6: session mode reads the configured `cookieName`. With the wrong
|
|
1452
|
-
* cookie name (e.g., default 'theo_session' but app uses 'app_session'),
|
|
1453
|
-
* we fall back to IP so anonymous users still get rate-limited rather
|
|
1454
|
-
* than sharing an empty bucket.
|
|
1455
|
-
*/
|
|
1456
|
-
declare function deriveKey$1(req: IncomingMessage, keyBy: KeyByMode, cookieName: string): string;
|
|
1457
|
-
/**
|
|
1458
|
-
* Per-route rate limiter factory. Returns a sync checker compatible with
|
|
1459
|
-
* the existing api-middleware shape.
|
|
1460
|
-
*
|
|
1461
|
-
* Backwards-compatibility (ADR D2): a flat `{ windowMs, max }` config is
|
|
1462
|
-
* accepted and treated as `default` (no per-route variants).
|
|
1463
|
-
*/
|
|
1464
|
-
declare function createRouteRateLimiter(config: RouteRateLimitConfig | RateLimitConfig): (req: IncomingMessage) => RateLimitResult;
|
|
1465
|
-
|
|
1466
|
-
declare class ChannelManager {
|
|
1467
|
-
private rooms;
|
|
1468
|
-
private wsRooms;
|
|
1469
|
-
subscribe(ws: WebSocketLike, room: string): void;
|
|
1470
|
-
unsubscribe(ws: WebSocketLike, room: string): void;
|
|
1471
|
-
broadcast(room: string, data: unknown, exclude?: WebSocketLike): void;
|
|
1472
|
-
broadcastAll(data: unknown): void;
|
|
1473
|
-
getRoomSize(room: string): number;
|
|
1474
|
-
cleanup(ws: WebSocketLike): void;
|
|
200
|
+
interface OpenApiDocsOptions {
|
|
201
|
+
/** Path to serve Scalar UI (default: '/api/docs'). */
|
|
202
|
+
docsPath?: string;
|
|
203
|
+
/** Path to serve the JSON spec (default: '/api/docs/openapi.json'). */
|
|
204
|
+
openapiJsonPath?: string;
|
|
205
|
+
/** Path to the spec file on disk (default: '.theo/openapi.json'). */
|
|
206
|
+
specFilePath?: string;
|
|
207
|
+
/** Page title (default: 'API Reference'). */
|
|
208
|
+
pageTitle?: string;
|
|
209
|
+
/** Scalar CDN URL (default: jsdelivr). Must be HTTPS. */
|
|
210
|
+
cdnUrl?: string;
|
|
1475
211
|
}
|
|
1476
|
-
|
|
1477
|
-
/**
|
|
1478
|
-
* Phase 6 — Default Security Headers (D4 / EC-2).
|
|
1479
|
-
*
|
|
1480
|
-
* Per-response security baseline. The framework applies these BEFORE the
|
|
1481
|
-
* route handler runs so a handler can still override via `res.setHeader`.
|
|
1482
|
-
*
|
|
1483
|
-
* EC-2 backward-compatibility: CSP ships in `report-only` mode by default
|
|
1484
|
-
* for 0.2.0. Existing apps with inline scripts or third-party CDN scripts
|
|
1485
|
-
* keep working but consumers see violation reports via their CSP report
|
|
1486
|
-
* collector (or browser DevTools). 0.3.0 will flip the default to
|
|
1487
|
-
* `enforce` after a release of visibility.
|
|
1488
|
-
*/
|
|
1489
|
-
/**
|
|
1490
|
-
* Default Content-Security-Policy. Conservative-but-not-paralyzing:
|
|
1491
|
-
*
|
|
1492
|
-
* - default-src 'self' — every fetch falls back to same-origin
|
|
1493
|
-
* - script-src 'self' — T6.1 (0.3.0): `'unsafe-inline'`
|
|
1494
|
-
* dropped. The SSR pipeline issues a
|
|
1495
|
-
* per-request nonce that REPLACES
|
|
1496
|
-
* this directive at runtime
|
|
1497
|
-
* (`'nonce-<token>'`). For static /
|
|
1498
|
-
* non-SSR contexts where no nonce is
|
|
1499
|
-
* available, the policy is strict-
|
|
1500
|
-
* no-inline — user inline scripts
|
|
1501
|
-
* must be migrated to external
|
|
1502
|
-
* `<script src="...">` or threaded
|
|
1503
|
-
* through `ctx.nonce`.
|
|
1504
|
-
* - style-src 'self' 'unsafe-inline' — Tailwind + TheoUI use style attrs
|
|
1505
|
-
* in animation directives
|
|
1506
|
-
* - img-src 'self' data: blob: — supports inline data URIs, blobs
|
|
1507
|
-
* from canvas exports
|
|
1508
|
-
* - font-src 'self' data: — Geist fonts inline-base64
|
|
1509
|
-
* - connect-src 'self' ws: wss: — WebSocket dev HMR + agent streams
|
|
1510
|
-
* - frame-ancestors 'none' — clickjacking defense
|
|
1511
|
-
*/
|
|
1512
|
-
/**
|
|
1513
|
-
* T5.1 — default CSP includes the built-in report endpoint so violations
|
|
1514
|
-
* are visible without extra config. Apps that ship a custom `csp` string
|
|
1515
|
-
* override the report-uri.
|
|
1516
|
-
*/
|
|
1517
|
-
declare const DEFAULT_CSP: string;
|
|
1518
212
|
/**
|
|
1519
|
-
*
|
|
1520
|
-
*
|
|
1521
|
-
* Disables sensitive Web APIs that the vast majority of apps don't use.
|
|
1522
|
-
* Apps that DO need any of these opt in by overriding `permissionsPolicy`
|
|
1523
|
-
* in `config.security.headers`.
|
|
1524
|
-
*
|
|
1525
|
-
* The seven features listed are the most-abused for: tracking
|
|
1526
|
-
* (geolocation, accelerometer, gyroscope), spyware (camera, microphone),
|
|
1527
|
-
* fraud (payment), and hardware exfiltration (usb).
|
|
1528
|
-
*
|
|
1529
|
-
* Aligns with Mozilla baseline + OWASP Secure Headers + Lighthouse PWA.
|
|
213
|
+
* Creates a request handler that serves OpenAPI docs.
|
|
214
|
+
* Returns `null` for non-matching requests (passthrough).
|
|
1530
215
|
*/
|
|
1531
|
-
declare
|
|
1532
|
-
type CspMode = 'enforce' | 'report-only' | 'off';
|
|
1533
|
-
interface SecurityHeadersConfig {
|
|
1534
|
-
/**
|
|
1535
|
-
* Custom CSP policy string. When set, replaces the default verbatim.
|
|
1536
|
-
* Pass `false` to disable CSP entirely (alias for `cspMode: 'off'`).
|
|
1537
|
-
*/
|
|
1538
|
-
csp?: string | false;
|
|
1539
|
-
/**
|
|
1540
|
-
* Enforcement mode for CSP. Default `report-only` for 0.2.0 (EC-2).
|
|
1541
|
-
* 0.3.0 will default to `enforce`.
|
|
1542
|
-
*/
|
|
1543
|
-
cspMode?: CspMode;
|
|
1544
|
-
/**
|
|
1545
|
-
* Strict-Transport-Security value. Defaults to
|
|
1546
|
-
* `max-age=31536000; includeSubDomains` in production. Pass `false` to
|
|
1547
|
-
* suppress (e.g. internal LANs without TLS).
|
|
1548
|
-
*/
|
|
1549
|
-
hsts?: string | false;
|
|
1550
|
-
/** X-Frame-Options. Default DENY. */
|
|
1551
|
-
frameOptions?: 'DENY' | 'SAMEORIGIN';
|
|
1552
|
-
/** X-Content-Type-Options. Default `nosniff`. */
|
|
1553
|
-
contentTypeOptions?: 'nosniff';
|
|
1554
|
-
/** Referrer-Policy. Default `strict-origin-when-cross-origin`. */
|
|
1555
|
-
referrerPolicy?: string;
|
|
1556
|
-
/**
|
|
1557
|
-
* T1.1 — Permissions-Policy directive string. When set, replaces the
|
|
1558
|
-
* default verbatim (no merge — see ADR-EC-12). Pass `false` to disable
|
|
1559
|
-
* the header entirely. Schema-level refinement rejects any string
|
|
1560
|
-
* containing CR/LF (EC-3 — CWE-113 HTTP Response Splitting mitigation).
|
|
1561
|
-
*/
|
|
1562
|
-
permissionsPolicy?: string | false;
|
|
1563
|
-
}
|
|
1564
|
-
interface SecurityEnv {
|
|
1565
|
-
production: boolean;
|
|
1566
|
-
}
|
|
1567
|
-
/**
|
|
1568
|
-
* T4.1 — Per-request options passed by the SSR pipeline.
|
|
1569
|
-
*
|
|
1570
|
-
* - `nonce`: when set, the framework substitutes the `'unsafe-inline'`
|
|
1571
|
-
* token in `script-src` with `'nonce-<nonce>'`. EC-3 forces
|
|
1572
|
-
* `Cache-Control: private, no-store` so a CDN cannot cache the HTML
|
|
1573
|
-
* (carrying one nonce) and re-serve it with a freshly-generated CSP
|
|
1574
|
-
* header (carrying a different nonce).
|
|
1575
|
-
* - `prerender`: when true, the nonce is IGNORED. Prerendered HTML is
|
|
1576
|
-
* generated at build time with no nonce in the script tags; mixing a
|
|
1577
|
-
* runtime nonce in the header would block every script. EC-4.
|
|
1578
|
-
*/
|
|
1579
|
-
interface SecurityHeadersOptions {
|
|
1580
|
-
nonce?: string;
|
|
1581
|
-
prerender?: boolean;
|
|
1582
|
-
}
|
|
1583
|
-
/**
|
|
1584
|
-
* Build the security headers map for a given config + env. Pure function —
|
|
1585
|
-
* returned object can be inspected, logged, or applied to a response.
|
|
1586
|
-
*/
|
|
1587
|
-
declare function buildSecurityHeaders(config: SecurityHeadersConfig, env: SecurityEnv, options?: SecurityHeadersOptions): Record<string, string>;
|
|
1588
|
-
/**
|
|
1589
|
-
* Apply security headers to a Node ServerResponse. Called by the
|
|
1590
|
-
* api-middleware before the route handler runs. The handler can override
|
|
1591
|
-
* any header via `res.setHeader()` — last write wins by Node convention.
|
|
1592
|
-
*/
|
|
1593
|
-
declare function applySecurityHeaders(res: ServerResponse, config: SecurityHeadersConfig, env: SecurityEnv, options?: SecurityHeadersOptions): void;
|
|
1594
|
-
|
|
1595
|
-
/**
|
|
1596
|
-
* T5.1 — Built-in CSP report endpoint.
|
|
1597
|
-
*
|
|
1598
|
-
* Browsers POST violation reports to `report-uri` (legacy `application/csp-report`)
|
|
1599
|
-
* or `Reporting API` (`application/reports+json`). Framework auto-registers this
|
|
1600
|
-
* endpoint so `cspMode: 'report-only'` is actually useful out of the box.
|
|
1601
|
-
*
|
|
1602
|
-
* Forwards normalized violations to:
|
|
1603
|
-
* - audit logger (`csp.violation`)
|
|
1604
|
-
* - devtools dispatcher (dev only, for Errors tab)
|
|
1605
|
-
* - optional user hook (Sentry, etc.)
|
|
1606
|
-
*
|
|
1607
|
-
* EC-2: browser MAY send `{"csp-report": null}`, empty `{}`, or
|
|
1608
|
-
* reports+json entries lacking `body`. Handler MUST short-circuit to
|
|
1609
|
-
* 204 (valid format, no violation), NEVER crash via null deref.
|
|
1610
|
-
*/
|
|
1611
|
-
declare const CSP_REPORT_PATH = "/__theo/csp-report";
|
|
1612
|
-
interface CspViolation {
|
|
1613
|
-
blockedUrl: string;
|
|
1614
|
-
documentUrl: string;
|
|
1615
|
-
violatedDirective: string;
|
|
1616
|
-
effectiveDirective?: string;
|
|
1617
|
-
originalPolicy?: string;
|
|
1618
|
-
disposition?: 'enforce' | 'report';
|
|
1619
|
-
statusCode?: number;
|
|
1620
|
-
sourceFile?: string;
|
|
1621
|
-
lineNumber?: number;
|
|
1622
|
-
columnNumber?: number;
|
|
1623
|
-
}
|
|
1624
|
-
interface CspReportHandlerOptions {
|
|
1625
|
-
auditLogger?: AuditLogger;
|
|
1626
|
-
devtoolsDispatcher?: {
|
|
1627
|
-
onCspViolation?: (v: CspViolation) => void;
|
|
1628
|
-
};
|
|
1629
|
-
/** Optional user-provided sink (Sentry, custom log router). Errors here are swallowed. */
|
|
1630
|
-
onViolation?: (v: CspViolation) => void;
|
|
1631
|
-
}
|
|
1632
|
-
declare function normalizeLegacy(raw: Record<string, unknown>): CspViolation;
|
|
1633
|
-
/**
|
|
1634
|
-
* Map a `reports+json` entry to the internal shape. Returns `null` if
|
|
1635
|
-
* the entry lacks a usable `body` object (EC-2).
|
|
1636
|
-
*/
|
|
1637
|
-
declare function normalizeNew(entry: unknown): CspViolation | null;
|
|
1638
|
-
declare function handleCspReport(req: IncomingMessage, res: ServerResponse, opts: CspReportHandlerOptions): Promise<void>;
|
|
1639
|
-
|
|
1640
|
-
/**
|
|
1641
|
-
* T2.2 — `/__theo/csrf-readiness` endpoint.
|
|
1642
|
-
*
|
|
1643
|
-
* GET /__theo/csrf-readiness → 200 + JSON summary
|
|
1644
|
-
* POST /__theo/csrf-readiness/reset → 204; clears the store
|
|
1645
|
-
*
|
|
1646
|
-
* The reset endpoint enforces CSRF (own dog food) — requires
|
|
1647
|
-
* `X-Theo-Action: 1` AND a matching Origin header (EC-15). This avoids
|
|
1648
|
-
* the endpoint being weaponizable from a cross-origin page when the
|
|
1649
|
-
* endpoint is opt-in exposed in production.
|
|
1650
|
-
*
|
|
1651
|
-
* Mount opt-in: in dev mode, the host wires this in unconditionally. In
|
|
1652
|
-
* production, only mount when `config.security.csrfTelemetry.exposeReadinessEndpoint === true`.
|
|
1653
|
-
* EC-10 parallel: returns 404 (via boolean false return) when the URL
|
|
1654
|
-
* does not match — the caller continues normal request handling.
|
|
1655
|
-
*/
|
|
1656
|
-
|
|
1657
|
-
declare const CSRF_READINESS_PATH = "/__theo/csrf-readiness";
|
|
1658
|
-
declare const CSRF_READINESS_RESET_PATH = "/__theo/csrf-readiness/reset";
|
|
1659
|
-
declare function handleCsrfReadiness(req: IncomingMessage, res: ServerResponse, store: CsrfReadinessStore): Promise<boolean>;
|
|
1660
|
-
|
|
1661
|
-
interface UnstorageInstance<T> {
|
|
1662
|
-
getItem(key: string): Promise<T | null>;
|
|
1663
|
-
setItem(key: string, value: T): Promise<void>;
|
|
1664
|
-
removeItem(key: string): Promise<void>;
|
|
1665
|
-
keys(prefix?: string): Promise<string[]>;
|
|
1666
|
-
hasItem(key: string): Promise<boolean>;
|
|
1667
|
-
clear(prefix?: string): Promise<void>;
|
|
1668
|
-
dispose?(): Promise<void>;
|
|
1669
|
-
}
|
|
1670
|
-
declare function useUnstorage<T = unknown>(name: string, driver?: unknown): Promise<UnstorageInstance<T>>;
|
|
1671
|
-
|
|
1672
|
-
interface Db0Database {
|
|
1673
|
-
exec: (sql: string) => Promise<unknown>;
|
|
1674
|
-
prepare: (sql: string) => unknown;
|
|
1675
|
-
sql: (strings: TemplateStringsArray, ...args: unknown[]) => Promise<unknown>;
|
|
1676
|
-
}
|
|
1677
|
-
declare function useDatabase(name: string, connector: unknown): Promise<Db0Database>;
|
|
1678
|
-
|
|
1679
|
-
/**
|
|
1680
|
-
* Constant-time byte comparison.
|
|
1681
|
-
*
|
|
1682
|
-
* Wraps `node:crypto.timingSafeEqual` when available (Node 6.6+) and falls
|
|
1683
|
-
* back to a constant-time XOR loop for runtimes without `node:crypto`
|
|
1684
|
-
* (Cloudflare Workers, Deno, Bun edge). Required to defeat timing attacks
|
|
1685
|
-
* on webhook signature verification — a naive `===` or `Buffer.equals`
|
|
1686
|
-
* would short-circuit on first mismatch byte and leak signature position
|
|
1687
|
-
* via wall-clock timing.
|
|
1688
|
-
*
|
|
1689
|
-
* Web Crypto's `crypto.subtle.verify` would also work, but requires a
|
|
1690
|
-
* `CryptoKey` object and is asymmetric (verify a signature against a key).
|
|
1691
|
-
* For our case — comparing two pre-computed digests — raw byte equality
|
|
1692
|
-
* is the correct primitive.
|
|
1693
|
-
*
|
|
1694
|
-
* @see https://nodejs.org/api/crypto.html#cryptotimingsafeequala-b
|
|
1695
|
-
* @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/verify
|
|
1696
|
-
*/
|
|
1697
|
-
/**
|
|
1698
|
-
* Returns true iff `a` and `b` have identical bytes. Takes time
|
|
1699
|
-
* proportional to `a.length` regardless of where bytes differ.
|
|
1700
|
-
*
|
|
1701
|
-
* @throws TypeError if either argument is not a Uint8Array.
|
|
1702
|
-
*/
|
|
1703
|
-
declare function timingSafeEqual(a: Uint8Array, b: Uint8Array): boolean;
|
|
1704
|
-
|
|
1705
|
-
/**
|
|
1706
|
-
* Read a Web `Request` body as a raw string EXACTLY ONCE and expose it
|
|
1707
|
-
* alongside the original request (which remains readable by downstream
|
|
1708
|
-
* code). Enforces a configurable `maxBodyBytes` cap to prevent OOM via
|
|
1709
|
-
* pathological POST.
|
|
1710
|
-
*
|
|
1711
|
-
* MUST be called FIRST in the webhook pipeline, before any other code
|
|
1712
|
-
* touches the body (`request.text()`, `request.json()`, parsers). Once
|
|
1713
|
-
* the body is consumed, `Request.clone()` throws and this function fails.
|
|
1714
|
-
*
|
|
1715
|
-
* EC-101: default `maxBodyBytes = 1_000_000` (1 MB) covers Stripe
|
|
1716
|
-
* (256 KB max), Slack (4 MB but compressed), and is well below Node
|
|
1717
|
-
* memory thresholds. GitHub webhooks up to 25 MB MUST opt in
|
|
1718
|
-
* (`maxBodyBytes: 25_000_000`).
|
|
1719
|
-
*
|
|
1720
|
-
* @see https://docs.stripe.com/webhooks/signatures
|
|
1721
|
-
* @see https://docs.github.com/en/webhooks/using-webhooks/best-practices-for-using-webhooks
|
|
1722
|
-
*/
|
|
1723
|
-
declare const DEFAULT_MAX_BODY_BYTES = 1000000;
|
|
1724
|
-
interface ReadRawBodyOptions {
|
|
1725
|
-
/** Maximum bytes to read before throwing `BodyTooLargeError`. Defaults to 1 MB. */
|
|
1726
|
-
maxBodyBytes?: number;
|
|
1727
|
-
}
|
|
1728
|
-
interface RawBodyResult {
|
|
1729
|
-
/** UTF-8 decoded body (or empty string when no body present). */
|
|
1730
|
-
rawBody: string;
|
|
1731
|
-
/** The ORIGINAL request, still readable by downstream code. */
|
|
1732
|
-
bodyClone: Request;
|
|
1733
|
-
}
|
|
1734
|
-
/**
|
|
1735
|
-
* Thrown when the request body exceeds `maxBodyBytes`. Carries status
|
|
1736
|
-
* 413 (Payload Too Large) and stable code `BODY_TOO_LARGE` so callers
|
|
1737
|
-
* can map it to an HTTP response without sniffing the message.
|
|
1738
|
-
*/
|
|
1739
|
-
declare class BodyTooLargeError extends Error {
|
|
1740
|
-
readonly limit: number;
|
|
1741
|
-
readonly actualSeen: number;
|
|
1742
|
-
readonly status = 413;
|
|
1743
|
-
readonly code = "BODY_TOO_LARGE";
|
|
1744
|
-
constructor(limit: number, actualSeen: number);
|
|
1745
|
-
}
|
|
1746
|
-
declare function readRawBody(request: Request, options?: ReadRawBodyOptions): Promise<RawBodyResult>;
|
|
1747
|
-
|
|
1748
|
-
/**
|
|
1749
|
-
* Webhook primitive types (R0.5.10).
|
|
1750
|
-
*
|
|
1751
|
-
* @see docs/adr/0005-webhook-verify-inline-function.md
|
|
1752
|
-
*/
|
|
1753
|
-
type VerifyResult = {
|
|
1754
|
-
ok: true;
|
|
1755
|
-
} | {
|
|
1756
|
-
ok: false;
|
|
1757
|
-
reason: string;
|
|
1758
|
-
};
|
|
1759
|
-
/**
|
|
1760
|
-
* A verify function — pure, async-or-sync. Takes the cloned request
|
|
1761
|
-
* (raw body NOT yet consumed by handler), returns ok/notOk + reason.
|
|
1762
|
-
*
|
|
1763
|
-
* Per ADR-0005, helper factories (`stripe`, `github`, `slack`) return
|
|
1764
|
-
* this shape. Users can also write inline `verify: async (req) => ...`
|
|
1765
|
-
* for custom providers.
|
|
1766
|
-
*/
|
|
1767
|
-
type VerifyFn = (req: Request) => Promise<VerifyResult> | VerifyResult;
|
|
1768
|
-
interface WebhookContext {
|
|
1769
|
-
/** The cloned Request (still readable by user code). */
|
|
1770
|
-
readonly request: Request;
|
|
1771
|
-
/** Raw body bytes as UTF-8 string — already-verified at this point. */
|
|
1772
|
-
readonly rawBody: string;
|
|
1773
|
-
/** W3C trace_id propagated from request. */
|
|
1774
|
-
readonly traceId: string;
|
|
1775
|
-
/** Abort signal triggered by client disconnect or server stop. */
|
|
1776
|
-
readonly signal: AbortSignal;
|
|
1777
|
-
}
|
|
1778
|
-
interface DefineWebhookOptions {
|
|
1779
|
-
verify: VerifyFn;
|
|
1780
|
-
handler: (ctx: WebhookContext) => unknown;
|
|
1781
|
-
/** Override `readRawBody` body size cap (EC-101). Default 1MB. */
|
|
1782
|
-
maxBodyBytes?: number;
|
|
1783
|
-
}
|
|
1784
|
-
interface WebhookDefinition {
|
|
1785
|
-
readonly verify: VerifyFn;
|
|
1786
|
-
readonly handler: (ctx: WebhookContext) => unknown;
|
|
1787
|
-
readonly maxBodyBytes?: number;
|
|
1788
|
-
/** Discriminator for runtime dispatch. */
|
|
1789
|
-
readonly __theokit_kind: 'webhook';
|
|
1790
|
-
}
|
|
1791
|
-
|
|
1792
|
-
/**
|
|
1793
|
-
* Declare a webhook handler with first-class signature verification
|
|
1794
|
-
* (R0.5.10, ADR-0005). Pure identity helper — returns the definition
|
|
1795
|
-
* unchanged for downstream dispatch.
|
|
1796
|
-
*
|
|
1797
|
-
* @example
|
|
1798
|
-
* ```ts
|
|
1799
|
-
* // server/webhooks/stripe.ts
|
|
1800
|
-
* import { defineWebhook } from 'theokit/server'
|
|
1801
|
-
* import { stripe } from 'theokit/server/webhook/providers'
|
|
1802
|
-
*
|
|
1803
|
-
* export default defineWebhook({
|
|
1804
|
-
* verify: stripe({ secret: process.env.STRIPE_WEBHOOK_SECRET! }),
|
|
1805
|
-
* async handler({ rawBody }) {
|
|
1806
|
-
* const event = JSON.parse(rawBody)
|
|
1807
|
-
* // ...
|
|
1808
|
-
* return new Response('ok')
|
|
1809
|
-
* },
|
|
1810
|
-
* })
|
|
1811
|
-
* ```
|
|
1812
|
-
*/
|
|
1813
|
-
declare function defineWebhook(opts: DefineWebhookOptions): WebhookDefinition;
|
|
1814
|
-
/**
|
|
1815
|
-
* Dispatch a webhook request through the definition's verify → handler
|
|
1816
|
-
* pipeline. Returns the handler's `Response` (or a wrapped one), or a
|
|
1817
|
-
* 401/413 response when verification or body size guards trip.
|
|
1818
|
-
*
|
|
1819
|
-
* EC-101: enforces `maxBodyBytes` (default 1MB via readRawBody).
|
|
1820
|
-
* EC-103: every throw from `verify` (sync or async) is treated as
|
|
1821
|
-
* `{ok: false, reason: 'verify threw: <message>'}`. Handler NEVER
|
|
1822
|
-
* invoked on verify failure.
|
|
1823
|
-
*/
|
|
1824
|
-
declare function dispatchWebhook(def: WebhookDefinition, request: Request): Promise<Response>;
|
|
216
|
+
declare function createOpenApiHandler(opts?: OpenApiDocsOptions): (request: Request) => Response | null;
|
|
1825
217
|
|
|
1826
218
|
/**
|
|
1827
219
|
* A cached value persisted by a CacheStorageAdapter.
|
|
@@ -2295,6 +687,88 @@ declare function serializeResponse(data: unknown): SerializedResponse;
|
|
|
2295
687
|
*/
|
|
2296
688
|
declare function deserializeResponse(serialized: SerializedResponse): unknown;
|
|
2297
689
|
|
|
690
|
+
/**
|
|
691
|
+
* The route module exported by a `server/routes/*.ts` file (after T2.6 G6
|
|
692
|
+
* router lockdown). Method-named exports map to `defineRoute` results.
|
|
693
|
+
*/
|
|
694
|
+
type WebRouteModule = Partial<Record<'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE', unknown>>;
|
|
695
|
+
/**
|
|
696
|
+
* Optional behavior knobs for `executeWebRequest`. Each knob defaults to
|
|
697
|
+
* the safe "no-op" stance so existing Phase A consumers (T1.2 fixture
|
|
698
|
+
* tests) keep working unchanged.
|
|
699
|
+
*
|
|
700
|
+
* **`csrfMode`** (T5a.2 Phase B slice 1/6) — when set to `'strict'`, the
|
|
701
|
+
* Web-Standards request gate runs `validateCsrfRequest` BEFORE method
|
|
702
|
+
* dispatch on state-changing methods (POST/PUT/PATCH/DELETE) and emits a
|
|
703
|
+
* `403 FORBIDDEN` envelope when the check fails. Default: `'off'` (no
|
|
704
|
+
* CSRF enforcement) to preserve Phase A backward compat. Production
|
|
705
|
+
* consumers SHOULD pass `csrfMode: 'strict'`.
|
|
706
|
+
*
|
|
707
|
+
* Per the T5a.2 plan v1.0 § Phase B header-only leaves: csrf.ts is the
|
|
708
|
+
* first leaf to be migrated (slice 1/6); 5 more sibling leaves remain
|
|
709
|
+
* (csrf-multi-header, csrf-readiness-endpoint, csp-report, cors, cookies).
|
|
710
|
+
*/
|
|
711
|
+
interface ExecuteWebRequestOptions {
|
|
712
|
+
csrfMode?: 'off' | 'strict';
|
|
713
|
+
/**
|
|
714
|
+
* T5a.2 Phase E — body parser strategy.
|
|
715
|
+
*
|
|
716
|
+
* - `'inline'` (default): handle `application/json` + `text/*` only.
|
|
717
|
+
* Returns the parsed value (object for JSON, string for text). Other
|
|
718
|
+
* content-types (e.g., multipart) return `undefined`.
|
|
719
|
+
* - `'full'`: delegate to `parseWebRequestBody` for multipart support
|
|
720
|
+
* + per-file size caps + max-files cap (Web Standards `request.formData()`
|
|
721
|
+
* under the hood). Returns a `ParsedWebBody` object:
|
|
722
|
+
* `{ json?, fields, files }`. Multipart consumers MUST opt into this
|
|
723
|
+
* mode; JSON-only routes pay zero cost staying on `'inline'`.
|
|
724
|
+
*/
|
|
725
|
+
bodyParser?: 'inline' | 'full';
|
|
726
|
+
/**
|
|
727
|
+
* T5a.2 Phase G slice 1/N — plugin lifecycle hooks.
|
|
728
|
+
*
|
|
729
|
+
* Adapters (Node, CF Workers, Bun, Deno) wire `WebPluginContext`-shaped
|
|
730
|
+
* hooks at the executeWebRequest lifecycle. Lifecycle order mirrors the
|
|
731
|
+
* Fastify / Hono convention:
|
|
732
|
+
*
|
|
733
|
+
* 1. CSRF check (when opts.csrfMode === 'strict')
|
|
734
|
+
* 2. onRequest — earliest, before body parsing. Plugins can short-circuit
|
|
735
|
+
* by setting `ctx.response` (handler skipped; subsequent hooks see
|
|
736
|
+
* the short-circuit response).
|
|
737
|
+
* 3. body parse (inline OR full per opts.bodyParser)
|
|
738
|
+
* 4. preHandler — after body parsed, before handler runs. Same
|
|
739
|
+
* short-circuit semantic.
|
|
740
|
+
* 5. handler invocation
|
|
741
|
+
* 6. onResponse — after handler returns OR after a hook short-circuit.
|
|
742
|
+
* `ctx.response` is populated.
|
|
743
|
+
* 7. onError — fires if any of (handler, onRequest, preHandler) throws.
|
|
744
|
+
* `ctx.response` is the envelope-shaped error response built via
|
|
745
|
+
* serverErrorToEnvelope.
|
|
746
|
+
*
|
|
747
|
+
* `responseHeaders` is shared across hooks; the final Response merges
|
|
748
|
+
* them with the handler's Response headers (handler headers win on
|
|
749
|
+
* conflict; hook headers add new ones). Decorations made via
|
|
750
|
+
* `ctx.ctx[key] = value` persist across hooks (request-scoped state).
|
|
751
|
+
*
|
|
752
|
+
* `hooks: undefined` (default) → no plugin lifecycle, Phase A behavior
|
|
753
|
+
* preserved. Production consumers wire via the WebPluginRunner facade
|
|
754
|
+
* (a future Phase G slice).
|
|
755
|
+
*/
|
|
756
|
+
hooks?: {
|
|
757
|
+
onRequest?: readonly WebOnRequestHook[];
|
|
758
|
+
preHandler?: readonly WebPreHandlerHook[];
|
|
759
|
+
onResponse?: readonly WebOnResponseHook[];
|
|
760
|
+
onError?: readonly WebOnErrorHook[];
|
|
761
|
+
};
|
|
762
|
+
/**
|
|
763
|
+
* Stable request identifier propagated into hook contexts. Adapters
|
|
764
|
+
* resolve via traceparent / x-request-id / generated UUID (see
|
|
765
|
+
* `extractTraceIdFromRequest` from Phase C slice 1/2). Default:
|
|
766
|
+
* `globalThis.crypto.randomUUID()`.
|
|
767
|
+
*/
|
|
768
|
+
requestId?: string;
|
|
769
|
+
}
|
|
770
|
+
declare function executeWebRequest(request: Request, routeModule: WebRouteModule, opts?: ExecuteWebRequestOptions): Promise<Response>;
|
|
771
|
+
|
|
2298
772
|
/**
|
|
2299
773
|
* Types for `loadEnv()` — env auto-load utility (Phase 1 of
|
|
2300
774
|
* docs/plans/framework-zero-config-polish-plan.md).
|
|
@@ -2336,4 +810,4 @@ interface LoadEnvResult {
|
|
|
2336
810
|
declare function _resetEnvCache(): void;
|
|
2337
811
|
declare function loadEnv(options?: LoadEnvOptions): LoadEnvResult;
|
|
2338
812
|
|
|
2339
|
-
export {
|
|
813
|
+
export { ActionError, type ActionErrorCode, ActionInputError, type ActionManifestEntry, type ActionResult, type BodyParserOptions, DEFAULT_MAX_AGE as CACHE_DEFAULT_MAX_AGE, DEFAULT_MAX_ENTRY_SIZE as CACHE_DEFAULT_MAX_ENTRY_SIZE, DEFAULT_SWR_MULTIPLIER as CACHE_DEFAULT_SWR_MULTIPLIER, CACHE_TAG_MAX_ITEMS, CACHE_TAG_MAX_LENGTH, type CacheControlInput, type CacheEngine, type CacheEngineOptions, type CacheEntry, type CacheStatus, type CacheStorageAdapter, type CacheStore, type CacheStoreAdmin, type ValidationResult as CacheValidationResult, type CachedFunction, type CachedRouteConfig, type CompiledRouteRule, DEFAULT_EXCLUDED_QUERY_PARAMS, type DefineCachedFunctionOptions, FileTooLargeError, type GetOrComputeOptions, InMemoryCacheAdapter, type InMemoryCacheAdapterOptions, type KeyDerivationOptions, type LoadEnvOptions, type LoadEnvResult, type NormalizedCacheConfig, type OpenApiDocsOptions, type ParsedBody, type RevalidateResult, type RouteCacheOptions, RouteConfig, type RouteRule, type RouteRules, type SerializedActionResult, type SerializedResponse, THEO_T_PREFIX, type UniversalZodIssue, type UploadedFile, _resetCacheEngine, _resetEnvCache, compileRouteRules, createCacheEngine, createOpenApiHandler, defineCachedFunction, defineCachedRoute, deriveKey as deriveCacheKey, deserializeResponse, executeWebRequest, extractUniversalIssues, getCacheControlHeader, getCacheEngine, initCacheEngine, isActionError, isInputError, loadEnv, parseRequestBody, resolveRouteRule, revalidatePath, revalidateTag, serializeResponse, updateTag, validateExpire as validateCacheExpire, validateMaxAge as validateCacheMaxAge, validateTags as validateCacheTags };
|