theokit 0.5.3 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (114) hide show
  1. package/dist/{aws-lambda-SCRGTGF5.js → aws-lambda-WT4HRBNL.js} +3 -3
  2. package/dist/{build-R74EU6BP.js → build-ZZAQV2ES.js} +7 -7
  3. package/dist/{bun-FURRCQMS.js → bun-UTDVN6R4.js} +3 -3
  4. package/dist/{check-NXYPLM6M.js → check-F3UDYSZ4.js} +2 -2
  5. package/dist/{chunk-KJLECZWQ.js → chunk-3FYJ7R7N.js} +57 -14
  6. package/dist/chunk-3FYJ7R7N.js.map +1 -0
  7. package/dist/{chunk-JD7AQNJS.js → chunk-4NLIESWK.js} +18 -12
  8. package/dist/{chunk-JD7AQNJS.js.map → chunk-4NLIESWK.js.map} +1 -1
  9. package/dist/{chunk-H4J2LECY.js → chunk-6BUUZ2PK.js} +9 -9
  10. package/dist/chunk-6BUUZ2PK.js.map +1 -0
  11. package/dist/{chunk-FGOX37NB.js → chunk-BNGBG2SQ.js} +21 -2
  12. package/dist/chunk-BNGBG2SQ.js.map +1 -0
  13. package/dist/{chunk-X32KQH5C.js → chunk-CCVC6P6B.js} +3 -3
  14. package/dist/chunk-CCVC6P6B.js.map +1 -0
  15. package/dist/{chunk-S74FECKW.js → chunk-D4SV7JOG.js} +24 -20
  16. package/dist/chunk-D4SV7JOG.js.map +1 -0
  17. package/dist/{chunk-DNMSV3R3.js → chunk-D7ZH7DTG.js} +3 -3
  18. package/dist/chunk-D7ZH7DTG.js.map +1 -0
  19. package/dist/{chunk-MWYSRZI4.js → chunk-EQV67HZL.js} +2 -2
  20. package/dist/{chunk-CG563V5M.js → chunk-IEES3CHD.js} +39 -5
  21. package/dist/chunk-IEES3CHD.js.map +1 -0
  22. package/dist/{chunk-DUKXQNM7.js → chunk-IHMJV2OK.js} +2 -2
  23. package/dist/{chunk-WGHJD6I7.js → chunk-JAIKGP3Q.js} +76 -21
  24. package/dist/chunk-JAIKGP3Q.js.map +1 -0
  25. package/dist/{chunk-NZXH2LQQ.js → chunk-SJIRP73B.js} +18 -1
  26. package/dist/chunk-SJIRP73B.js.map +1 -0
  27. package/dist/{chunk-X3VNROZ7.js → chunk-SVSUUK4H.js} +73 -14
  28. package/dist/chunk-SVSUUK4H.js.map +1 -0
  29. package/dist/cli/index.js +25 -10
  30. package/dist/cli/index.js.map +1 -1
  31. package/dist/{cloudflare-IZ6VJ2OU.js → cloudflare-U5GYYI47.js} +3 -3
  32. package/dist/db-ZPDW3UCU.js +78 -0
  33. package/dist/db-ZPDW3UCU.js.map +1 -0
  34. package/dist/{deno-deploy-O73NBXIW.js → deno-deploy-3QHJ3AJQ.js} +3 -3
  35. package/dist/{dev-ZU46C5AZ.js → dev-MHCQ5RD7.js} +16 -8
  36. package/dist/dev-MHCQ5RD7.js.map +1 -0
  37. package/dist/{dev-emit-66FCOS7V.js → dev-emit-4WG3B5BM.js} +2 -2
  38. package/dist/{dev-emit-JBVINGHU.js → dev-emit-6DJUK6DT.js} +76 -21
  39. package/dist/dev-emit-6DJUK6DT.js.map +1 -0
  40. package/dist/devtools/entry.js +2 -3
  41. package/dist/devtools/entry.js.map +1 -1
  42. package/dist/generate-ODDAYXNR.js +494 -0
  43. package/dist/generate-ODDAYXNR.js.map +1 -0
  44. package/dist/index.d.ts +32 -3
  45. package/dist/index.js +3 -4
  46. package/dist/index.js.map +1 -1
  47. package/dist/{info-CORLCPEJ.js → info-CSGWIAXA.js} +5 -5
  48. package/dist/{netlify-O7G3RLK4.js → netlify-DUB7BZ4E.js} +3 -3
  49. package/dist/{node-LXPQLMVB.js → node-ELE236WK.js} +3 -3
  50. package/dist/{openapi-TEOUOIJ2.js → openapi-KSY272CW.js} +5 -5
  51. package/dist/registry-B7FA6KMI.js +25 -0
  52. package/dist/{routes-GAXVWJUK.js → routes-NWJA5L5I.js} +4 -4
  53. package/dist/{scan-NQFI5S7P.js → scan-I5PT6TUX.js} +2 -2
  54. package/dist/{schema-D3v8VB7o.d.ts → schema-BpH6ivDY.d.ts} +2 -4
  55. package/dist/{schema-Z5VJ2I76.js → schema-NPI4NJEF.js} +3 -3
  56. package/dist/server/auth/index.js +3 -5
  57. package/dist/server/define/index.d.ts +7 -0
  58. package/dist/server/define/index.js +1 -1
  59. package/dist/server/http/index.js +1 -2
  60. package/dist/server/index.d.ts +34 -1
  61. package/dist/server/index.js +57 -48
  62. package/dist/server/index.js.map +1 -1
  63. package/dist/{services-typed-client-ASZL7FQV.js → services-typed-client-24VBMDOF.js} +2 -2
  64. package/dist/{services-typed-client-KK6RHRDG.js → services-typed-client-IETY2SAK.js} +2 -2
  65. package/dist/{start-HGUNNF5X.js → start-OAAAQ7Z4.js} +84 -69
  66. package/dist/start-OAAAQ7Z4.js.map +1 -0
  67. package/dist/{static-EO73I4C7.js → static-YWF2M6YT.js} +4 -4
  68. package/dist/{theo-cloud-HBCYEODQ.js → theo-cloud-EUK56I7O.js} +2 -2
  69. package/dist/{vercel-GSFDMF7K.js → vercel-LGDQWYZD.js} +3 -3
  70. package/dist/vite-plugin/index.d.ts +1 -1
  71. package/dist/vite-plugin/index.js +3 -4
  72. package/dist/{vite-plugin-TX5H4MB6.js → vite-plugin-IF2O6BJV.js} +7 -7
  73. package/package.json +4 -1
  74. package/dist/chunk-4HBI7DHP.js +0 -20
  75. package/dist/chunk-4HBI7DHP.js.map +0 -1
  76. package/dist/chunk-CG563V5M.js.map +0 -1
  77. package/dist/chunk-DNMSV3R3.js.map +0 -1
  78. package/dist/chunk-FGOX37NB.js.map +0 -1
  79. package/dist/chunk-H4J2LECY.js.map +0 -1
  80. package/dist/chunk-KJLECZWQ.js.map +0 -1
  81. package/dist/chunk-NZXH2LQQ.js.map +0 -1
  82. package/dist/chunk-S74FECKW.js.map +0 -1
  83. package/dist/chunk-WGHJD6I7.js.map +0 -1
  84. package/dist/chunk-X32KQH5C.js.map +0 -1
  85. package/dist/chunk-X3VNROZ7.js.map +0 -1
  86. package/dist/dev-ZU46C5AZ.js.map +0 -1
  87. package/dist/dev-emit-JBVINGHU.js.map +0 -1
  88. package/dist/generate-AZ2K6Z2Z.js +0 -281
  89. package/dist/generate-AZ2K6Z2Z.js.map +0 -1
  90. package/dist/registry-KW4F4D2L.js +0 -25
  91. package/dist/start-HGUNNF5X.js.map +0 -1
  92. /package/dist/{aws-lambda-SCRGTGF5.js.map → aws-lambda-WT4HRBNL.js.map} +0 -0
  93. /package/dist/{build-R74EU6BP.js.map → build-ZZAQV2ES.js.map} +0 -0
  94. /package/dist/{bun-FURRCQMS.js.map → bun-UTDVN6R4.js.map} +0 -0
  95. /package/dist/{check-NXYPLM6M.js.map → check-F3UDYSZ4.js.map} +0 -0
  96. /package/dist/{chunk-MWYSRZI4.js.map → chunk-EQV67HZL.js.map} +0 -0
  97. /package/dist/{chunk-DUKXQNM7.js.map → chunk-IHMJV2OK.js.map} +0 -0
  98. /package/dist/{cloudflare-IZ6VJ2OU.js.map → cloudflare-U5GYYI47.js.map} +0 -0
  99. /package/dist/{deno-deploy-O73NBXIW.js.map → deno-deploy-3QHJ3AJQ.js.map} +0 -0
  100. /package/dist/{dev-emit-66FCOS7V.js.map → dev-emit-4WG3B5BM.js.map} +0 -0
  101. /package/dist/{info-CORLCPEJ.js.map → info-CSGWIAXA.js.map} +0 -0
  102. /package/dist/{netlify-O7G3RLK4.js.map → netlify-DUB7BZ4E.js.map} +0 -0
  103. /package/dist/{node-LXPQLMVB.js.map → node-ELE236WK.js.map} +0 -0
  104. /package/dist/{openapi-TEOUOIJ2.js.map → openapi-KSY272CW.js.map} +0 -0
  105. /package/dist/{registry-KW4F4D2L.js.map → registry-B7FA6KMI.js.map} +0 -0
  106. /package/dist/{routes-GAXVWJUK.js.map → routes-NWJA5L5I.js.map} +0 -0
  107. /package/dist/{scan-NQFI5S7P.js.map → scan-I5PT6TUX.js.map} +0 -0
  108. /package/dist/{schema-Z5VJ2I76.js.map → schema-NPI4NJEF.js.map} +0 -0
  109. /package/dist/{services-typed-client-ASZL7FQV.js.map → services-typed-client-24VBMDOF.js.map} +0 -0
  110. /package/dist/{services-typed-client-KK6RHRDG.js.map → services-typed-client-IETY2SAK.js.map} +0 -0
  111. /package/dist/{static-EO73I4C7.js.map → static-YWF2M6YT.js.map} +0 -0
  112. /package/dist/{theo-cloud-HBCYEODQ.js.map → theo-cloud-EUK56I7O.js.map} +0 -0
  113. /package/dist/{vercel-GSFDMF7K.js.map → vercel-LGDQWYZD.js.map} +0 -0
  114. /package/dist/{vite-plugin-TX5H4MB6.js.map → vite-plugin-IF2O6BJV.js.map} +0 -0
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/config/define-config.ts","../src/core/validate-structure.ts","../src/core/errors.ts"],"sourcesContent":["import type { TheoConfig } from './schema.js'\n\n/**\n * Define Theo framework configuration.\n * Identity function — provides type inference for theo.config.ts.\n * Runtime validation happens in loadConfig(), not here.\n */\nexport function defineConfig(config: Partial<TheoConfig>): Partial<TheoConfig> {\n return config\n}\n","/* eslint-disable security/detect-non-literal-fs-filename --\n * Project-structure validator. Reads paths joined onto `projectRoot`,\n * with names from a fixed `ValidationRule[]` table. No HTTP input.\n */\nimport { existsSync } from 'node:fs'\nimport { join } from 'node:path'\n\nimport { TheoProjectError } from './errors.js'\n\ninterface ValidationRule {\n path: string\n errorMessage: string\n}\n\nconst REQUIRED_DIRS: ValidationRule[] = [\n {\n path: 'app',\n errorMessage: 'Missing required directory: app/',\n },\n]\n\nconst REQUIRED_FILES: ValidationRule[] = [\n {\n path: 'theo.config.ts',\n errorMessage: 'Missing required file: theo.config.ts',\n },\n {\n path: 'package.json',\n errorMessage: 'Missing required file: package.json',\n },\n]\n\nexport function validateProjectStructure(rootDir: string): void {\n if (!existsSync(rootDir)) {\n throw new TheoProjectError([`Project directory does not exist: ${rootDir}`], rootDir)\n }\n\n const errors: string[] = []\n\n for (const rule of REQUIRED_DIRS) {\n if (!existsSync(join(rootDir, rule.path))) {\n errors.push(rule.errorMessage)\n }\n }\n\n for (const rule of REQUIRED_FILES) {\n if (!existsSync(join(rootDir, rule.path))) {\n errors.push(rule.errorMessage)\n }\n }\n\n if (errors.length > 0) {\n throw new TheoProjectError(errors, rootDir)\n }\n}\n","export class TheoProjectError extends Error {\n public readonly errors: string[]\n public readonly rootDir: string\n\n constructor(errors: string[], rootDir: string) {\n const errorLines = errors.map((e) => ` - ${e}`).join('\\n')\n\n super(\n `Invalid Theo project structure\\n\\n` +\n ` Root: ${rootDir}\\n\\n` +\n (errorLines ? ` Errors:\\n${errorLines}\\n` : ''),\n )\n\n this.name = 'TheoProjectError'\n this.errors = errors\n this.rootDir = rootDir\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAOO,SAAS,aAAa,QAAkD;AAC7E,SAAO;AACT;;;ACLA,SAAS,kBAAkB;AAC3B,SAAS,YAAY;;;ACLd,IAAM,mBAAN,cAA+B,MAAM;AAAA,EAC1B;AAAA,EACA;AAAA,EAEhB,YAAY,QAAkB,SAAiB;AAC7C,UAAM,aAAa,OAAO,IAAI,CAAC,MAAM,OAAO,CAAC,EAAE,EAAE,KAAK,IAAI;AAE1D;AAAA,MACE;AAAA;AAAA,UACa,OAAO;AAAA;AAAA,KACjB,aAAa;AAAA,EAAc,UAAU;AAAA,IAAO;AAAA,IACjD;AAEA,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,UAAU;AAAA,EACjB;AACF;;;ADHA,IAAM,gBAAkC;AAAA,EACtC;AAAA,IACE,MAAM;AAAA,IACN,cAAc;AAAA,EAChB;AACF;AAEA,IAAM,iBAAmC;AAAA,EACvC;AAAA,IACE,MAAM;AAAA,IACN,cAAc;AAAA,EAChB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,cAAc;AAAA,EAChB;AACF;AAEO,SAAS,yBAAyB,SAAuB;AAC9D,MAAI,CAAC,WAAW,OAAO,GAAG;AACxB,UAAM,IAAI,iBAAiB,CAAC,qCAAqC,OAAO,EAAE,GAAG,OAAO;AAAA,EACtF;AAEA,QAAM,SAAmB,CAAC;AAE1B,aAAW,QAAQ,eAAe;AAChC,QAAI,CAAC,WAAW,KAAK,SAAS,KAAK,IAAI,CAAC,GAAG;AACzC,aAAO,KAAK,KAAK,YAAY;AAAA,IAC/B;AAAA,EACF;AAEA,aAAW,QAAQ,gBAAgB;AACjC,QAAI,CAAC,WAAW,KAAK,SAAS,KAAK,IAAI,CAAC,GAAG;AACzC,aAAO,KAAK,KAAK,YAAY;AAAA,IAC/B;AAAA,EACF;AAEA,MAAI,OAAO,SAAS,GAAG;AACrB,UAAM,IAAI,iBAAiB,QAAQ,OAAO;AAAA,EAC5C;AACF;","names":[]}
1
+ {"version":3,"sources":["../src/config/define-config.ts","../src/core/validate-structure.ts","../src/core/errors.ts"],"sourcesContent":["import type { TheoConfig } from './schema.js'\n\n/**\n * Define Theo framework configuration.\n * Identity function — provides type inference for theo.config.ts.\n * Runtime validation happens in loadConfig(), not here.\n */\nexport function defineConfig(config: Partial<TheoConfig>): Partial<TheoConfig> {\n return config\n}\n","/* eslint-disable security/detect-non-literal-fs-filename --\n * Project-structure validator. Reads paths joined onto `projectRoot`,\n * with names from a fixed `ValidationRule[]` table. No HTTP input.\n */\nimport { existsSync } from 'node:fs'\nimport { join } from 'node:path'\n\nimport { TheoProjectError } from './errors.js'\n\ninterface ValidationRule {\n path: string\n errorMessage: string\n}\n\nconst REQUIRED_DIRS: ValidationRule[] = [\n {\n path: 'app',\n errorMessage: 'Missing required directory: app/',\n },\n]\n\nconst REQUIRED_FILES: ValidationRule[] = [\n {\n path: 'theo.config.ts',\n errorMessage: 'Missing required file: theo.config.ts',\n },\n {\n path: 'package.json',\n errorMessage: 'Missing required file: package.json',\n },\n]\n\nexport function validateProjectStructure(rootDir: string): void {\n if (!existsSync(rootDir)) {\n throw new TheoProjectError([`Project directory does not exist: ${rootDir}`], rootDir)\n }\n\n const errors: string[] = []\n\n for (const rule of REQUIRED_DIRS) {\n if (!existsSync(join(rootDir, rule.path))) {\n errors.push(rule.errorMessage)\n }\n }\n\n for (const rule of REQUIRED_FILES) {\n if (!existsSync(join(rootDir, rule.path))) {\n errors.push(rule.errorMessage)\n }\n }\n\n if (errors.length > 0) {\n throw new TheoProjectError(errors, rootDir)\n }\n}\n","export class TheoProjectError extends Error {\n public readonly errors: string[]\n public readonly rootDir: string\n\n constructor(errors: string[], rootDir: string) {\n const errorLines = errors.map((e) => ` - ${e}`).join('\\n')\n\n super(\n `Invalid Theo project structure\\n\\n` +\n ` Root: ${rootDir}\\n\\n` +\n (errorLines ? ` Errors:\\n${errorLines}\\n` : ''),\n )\n\n this.name = 'TheoProjectError'\n this.errors = errors\n this.rootDir = rootDir\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAOO,SAAS,aAAa,QAAkD;AAC7E,SAAO;AACT;;;ACLA,SAAS,kBAAkB;AAC3B,SAAS,YAAY;;;ACLd,IAAM,mBAAN,cAA+B,MAAM;AAAA,EAC1B;AAAA,EACA;AAAA,EAEhB,YAAY,QAAkB,SAAiB;AAC7C,UAAM,aAAa,OAAO,IAAI,CAAC,MAAM,OAAO,CAAC,EAAE,EAAE,KAAK,IAAI;AAE1D;AAAA,MACE;AAAA;AAAA,UACa,OAAO;AAAA;AAAA,KACjB,aAAa;AAAA,EAAc,UAAU;AAAA,IAAO;AAAA,IACjD;AAEA,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,UAAU;AAAA,EACjB;AACF;;;ADHA,IAAM,gBAAkC;AAAA,EACtC;AAAA,IACE,MAAM;AAAA,IACN,cAAc;AAAA,EAChB;AACF;AAEA,IAAM,iBAAmC;AAAA,EACvC;AAAA,IACE,MAAM;AAAA,IACN,cAAc;AAAA,EAChB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,cAAc;AAAA,EAChB;AACF;AAEO,SAAS,yBAAyB,SAAuB;AAC9D,MAAI,CAAC,WAAW,OAAO,GAAG;AACxB,UAAM,IAAI,iBAAiB,CAAC,qCAAqC,OAAO,EAAE,GAAG,OAAO;AAAA,EACtF;AAEA,QAAM,SAAmB,CAAC;AAE1B,aAAW,QAAQ,eAAe;AAChC,QAAI,CAAC,WAAW,KAAK,SAAS,KAAK,IAAI,CAAC,GAAG;AACzC,aAAO,KAAK,KAAK,YAAY;AAAA,IAC/B;AAAA,EACF;AAEA,aAAW,QAAQ,gBAAgB;AACjC,QAAI,CAAC,WAAW,KAAK,SAAS,KAAK,IAAI,CAAC,GAAG;AACzC,aAAO,KAAK,KAAK,YAAY;AAAA,IAC/B;AAAA,EACF;AAEA,MAAI,OAAO,SAAS,GAAG;AACrB,UAAM,IAAI,iBAAiB,QAAQ,OAAO;AAAA,EAC5C;AACF;","names":[]}
@@ -2,12 +2,12 @@
2
2
  import "tsx/esm";
3
3
  import {
4
4
  loadConfig
5
- } from "./chunk-DUKXQNM7.js";
6
- import "./chunk-FGOX37NB.js";
7
- import "./chunk-X32KQH5C.js";
5
+ } from "./chunk-IHMJV2OK.js";
6
+ import "./chunk-BNGBG2SQ.js";
7
+ import "./chunk-CCVC6P6B.js";
8
8
  import {
9
9
  scanRoutes
10
- } from "./chunk-CG563V5M.js";
10
+ } from "./chunk-IEES3CHD.js";
11
11
  import "./chunk-KT3MWNZG.js";
12
12
 
13
13
  // src/cli/commands/info.ts
@@ -101,4 +101,4 @@ export {
101
101
  buildInfo,
102
102
  infoCommand
103
103
  };
104
- //# sourceMappingURL=info-CORLCPEJ.js.map
104
+ //# sourceMappingURL=info-CSGWIAXA.js.map
@@ -2,11 +2,11 @@
2
2
  import "tsx/esm";
3
3
  import {
4
4
  nodeAdapter
5
- } from "./chunk-MWYSRZI4.js";
5
+ } from "./chunk-EQV67HZL.js";
6
6
  import {
7
7
  assertServicesUnsupported,
8
8
  readManifest
9
- } from "./chunk-X32KQH5C.js";
9
+ } from "./chunk-CCVC6P6B.js";
10
10
  import "./chunk-KT3MWNZG.js";
11
11
 
12
12
  // src/adapters/netlify.ts
@@ -148,4 +148,4 @@ export {
148
148
  netlifyAdapter,
149
149
  renderNetlifyFunction
150
150
  };
151
- //# sourceMappingURL=netlify-O7G3RLK4.js.map
151
+ //# sourceMappingURL=netlify-DUB7BZ4E.js.map
@@ -2,10 +2,10 @@
2
2
  import "tsx/esm";
3
3
  import {
4
4
  nodeAdapter
5
- } from "./chunk-MWYSRZI4.js";
6
- import "./chunk-X32KQH5C.js";
5
+ } from "./chunk-EQV67HZL.js";
6
+ import "./chunk-CCVC6P6B.js";
7
7
  import "./chunk-KT3MWNZG.js";
8
8
  export {
9
9
  nodeAdapter
10
10
  };
11
- //# sourceMappingURL=node-LXPQLMVB.js.map
11
+ //# sourceMappingURL=node-ELE236WK.js.map
@@ -2,13 +2,13 @@
2
2
  import "tsx/esm";
3
3
  import {
4
4
  loadConfig
5
- } from "./chunk-DUKXQNM7.js";
6
- import "./chunk-FGOX37NB.js";
7
- import "./chunk-X32KQH5C.js";
5
+ } from "./chunk-IHMJV2OK.js";
6
+ import "./chunk-BNGBG2SQ.js";
7
+ import "./chunk-CCVC6P6B.js";
8
8
  import {
9
9
  emitOpenApi,
10
10
  loadRoutesForOpenApi
11
- } from "./chunk-WGHJD6I7.js";
11
+ } from "./chunk-JAIKGP3Q.js";
12
12
  import {
13
13
  generateManifest
14
14
  } from "./chunk-HDA6M7P4.js";
@@ -81,4 +81,4 @@ function emitOpenApiInMemory(manifest, config) {
81
81
  export {
82
82
  openapiCommand
83
83
  };
84
- //# sourceMappingURL=openapi-TEOUOIJ2.js.map
84
+ //# sourceMappingURL=openapi-KSY272CW.js.map
@@ -0,0 +1,25 @@
1
+ #!/usr/bin/env node
2
+ import "tsx/esm";
3
+ import "./chunk-KT3MWNZG.js";
4
+
5
+ // src/adapters/registry.ts
6
+ var adapterRegistry = {
7
+ node: async () => (await import("./node-ELE236WK.js")).nodeAdapter,
8
+ vercel: async () => (await import("./vercel-LGDQWYZD.js")).vercelAdapter,
9
+ cloudflare: async () => (await import("./cloudflare-U5GYYI47.js")).cloudflareAdapter,
10
+ static: async () => (await import("./static-YWF2M6YT.js")).staticAdapter,
11
+ bun: async () => (await import("./bun-UTDVN6R4.js")).bunAdapter,
12
+ "deno-deploy": async () => (await import("./deno-deploy-3QHJ3AJQ.js")).denoDeployAdapter,
13
+ netlify: async () => (await import("./netlify-DUB7BZ4E.js")).netlifyAdapter,
14
+ "aws-lambda": async () => (await import("./aws-lambda-WT4HRBNL.js")).awsLambdaAdapter,
15
+ "theo-cloud": async () => (await import("./theo-cloud-EUK56I7O.js")).theoCloudAdapter
16
+ };
17
+ async function resolveAdapter(target) {
18
+ const factory = adapterRegistry[target];
19
+ return factory();
20
+ }
21
+ export {
22
+ adapterRegistry,
23
+ resolveAdapter
24
+ };
25
+ //# sourceMappingURL=registry-B7FA6KMI.js.map
@@ -5,9 +5,9 @@ import {
5
5
  } from "./chunk-XMS5VRIK.js";
6
6
  import {
7
7
  loadConfig
8
- } from "./chunk-DUKXQNM7.js";
9
- import "./chunk-FGOX37NB.js";
10
- import "./chunk-X32KQH5C.js";
8
+ } from "./chunk-IHMJV2OK.js";
9
+ import "./chunk-BNGBG2SQ.js";
10
+ import "./chunk-CCVC6P6B.js";
11
11
  import {
12
12
  scanServerRoutes,
13
13
  scanWebSocketRoutes
@@ -63,4 +63,4 @@ async function routesCommand() {
63
63
  export {
64
64
  routesCommand
65
65
  };
66
- //# sourceMappingURL=routes-GAXVWJUK.js.map
66
+ //# sourceMappingURL=routes-NWJA5L5I.js.map
@@ -2,9 +2,9 @@
2
2
  import "tsx/esm";
3
3
  import {
4
4
  scanRoutes
5
- } from "./chunk-CG563V5M.js";
5
+ } from "./chunk-IEES3CHD.js";
6
6
  import "./chunk-KT3MWNZG.js";
7
7
  export {
8
8
  scanRoutes
9
9
  };
10
- //# sourceMappingURL=scan-NQFI5S7P.js.map
10
+ //# sourceMappingURL=scan-I5PT6TUX.js.map
@@ -25,14 +25,13 @@ declare const ServiceDefinitionSchema: z.ZodObject<{
25
25
  type: z.ZodOptional<z.ZodEnum<{
26
26
  server: "server";
27
27
  worker: "worker";
28
- frontend: "frontend";
29
28
  }>>;
30
29
  port: z.ZodNumber;
31
30
  proxy: z.ZodString;
32
31
  dev: z.ZodString;
33
32
  build: z.ZodOptional<z.ZodString>;
34
33
  start: z.ZodString;
35
- openapi: z.ZodOptional<z.ZodString>;
34
+ openapi: z.ZodOptional<z.ZodURL>;
36
35
  healthcheck: z.ZodDefault<z.ZodString>;
37
36
  cors: z.ZodDefault<z.ZodBoolean>;
38
37
  env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
@@ -56,14 +55,13 @@ declare const servicesConfigSchema: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodO
56
55
  type: z.ZodOptional<z.ZodEnum<{
57
56
  server: "server";
58
57
  worker: "worker";
59
- frontend: "frontend";
60
58
  }>>;
61
59
  port: z.ZodNumber;
62
60
  proxy: z.ZodString;
63
61
  dev: z.ZodString;
64
62
  build: z.ZodOptional<z.ZodString>;
65
63
  start: z.ZodString;
66
- openapi: z.ZodOptional<z.ZodString>;
64
+ openapi: z.ZodOptional<z.ZodURL>;
67
65
  healthcheck: z.ZodDefault<z.ZodString>;
68
66
  cors: z.ZodDefault<z.ZodBoolean>;
69
67
  env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
@@ -12,8 +12,8 @@ import {
12
12
  storageSchema,
13
13
  theoConfigSchema,
14
14
  uploadSchema
15
- } from "./chunk-FGOX37NB.js";
16
- import "./chunk-X32KQH5C.js";
15
+ } from "./chunk-BNGBG2SQ.js";
16
+ import "./chunk-CCVC6P6B.js";
17
17
  import "./chunk-KT3MWNZG.js";
18
18
  export {
19
19
  cacheSchema,
@@ -28,4 +28,4 @@ export {
28
28
  theoConfigSchema,
29
29
  uploadSchema
30
30
  };
31
- //# sourceMappingURL=schema-Z5VJ2I76.js.map
31
+ //# sourceMappingURL=schema-NPI4NJEF.js.map
@@ -1,4 +1,5 @@
1
1
  import {
2
+ AuthRequiredError,
2
3
  _resetKeyCacheForTests,
3
4
  assertProductionSecret,
4
5
  checkThrottle,
@@ -15,21 +16,18 @@ import {
15
16
  generateTotpSecret,
16
17
  pkceChallengeFromVerifier,
17
18
  recordAttempt,
19
+ requireAuth,
18
20
  rotateIfNeeded,
19
21
  rotateIfNeededWeb,
20
22
  totpUri,
21
23
  verifyBackupCode,
22
24
  verifyOAuthState,
23
25
  verifyTotp
24
- } from "../../chunk-NZXH2LQQ.js";
26
+ } from "../../chunk-SJIRP73B.js";
25
27
  import {
26
28
  generateNonce
27
29
  } from "../../chunk-C3ZZ56YZ.js";
28
30
  import "../../chunk-ZJQ4O76G.js";
29
- import {
30
- AuthRequiredError,
31
- requireAuth
32
- } from "../../chunk-4HBI7DHP.js";
33
31
  import "../../chunk-DGUM43GV.js";
34
32
  export {
35
33
  AuthRequiredError,
@@ -71,6 +71,13 @@ interface ActionConfig<TInput extends z.ZodType, TCtx = unknown> {
71
71
  * boolean string / number / array coercion (Astro pattern).
72
72
  */
73
73
  accept?: ActionAccept;
74
+ /**
75
+ * Opt OUT of CSRF enforcement for this action. Default (omitted) keeps the
76
+ * multi-header CSRF gate active. Set `false` for endpoints intentionally
77
+ * callable without the `X-Theo-Action` header (e.g. public webhooks). The
78
+ * runtime in `server/http/action-execute.ts` reads this flag.
79
+ */
80
+ csrf?: false;
74
81
  handler: (ctx: {
75
82
  input: z.infer<TInput>;
76
83
  ctx: TCtx;
@@ -9,7 +9,7 @@ import {
9
9
  defineWebChannel,
10
10
  defineWebSocket,
11
11
  defineWebSocketWeb
12
- } from "../../chunk-H4J2LECY.js";
12
+ } from "../../chunk-6BUUZ2PK.js";
13
13
  import "../../chunk-DGUM43GV.js";
14
14
  export {
15
15
  defineAction,
@@ -22,7 +22,7 @@ import {
22
22
  runMiddlewareAndContext,
23
23
  sendError,
24
24
  sendJson
25
- } from "../../chunk-KJLECZWQ.js";
25
+ } from "../../chunk-3FYJ7R7N.js";
26
26
  import "../../chunk-GY5Q27BJ.js";
27
27
  import "../../chunk-Z5IGLBWE.js";
28
28
  import "../../chunk-ZEGYW52B.js";
@@ -38,7 +38,6 @@ import {
38
38
  serializeCookie,
39
39
  setCookie
40
40
  } from "../../chunk-ZJQ4O76G.js";
41
- import "../../chunk-4HBI7DHP.js";
42
41
  import "../../chunk-DGUM43GV.js";
43
42
  export {
44
43
  BATCH_PATH,
@@ -31,7 +31,7 @@ import { z } from 'zod';
31
31
  import { IncomingMessage } from 'node:http';
32
32
  import { W as WebOnRequestHook, b as WebPreHandlerHook, c as WebOnResponseHook, d as WebOnErrorHook } from '../plugin-types-DNJGxr4Z.js';
33
33
  export { e as HookName, H as HookResult, O as OnErrorHook, f as OnRequestHook, g as OnResponseHook, P as PluginContext, h as PluginErrorContext, i as PreHandlerHook, R as RunHookOptions, a as TheoApp, T as TheoPlugin, j as definePlugin } from '../plugin-types-DNJGxr4Z.js';
34
- export { a as ServiceDefinition, S as ServicesConfig, b as ServicesConfigInput, c as ServicesConfigOutput } from '../schema-D3v8VB7o.js';
34
+ export { a as ServiceDefinition, S as ServicesConfig, b as ServicesConfigInput, c as ServicesConfigOutput } from '../schema-BpH6ivDY.js';
35
35
  import 'vite';
36
36
 
37
37
  /**
@@ -687,6 +687,25 @@ declare function serializeResponse(data: unknown): SerializedResponse;
687
687
  */
688
688
  declare function deserializeResponse(serialized: SerializedResponse): unknown;
689
689
 
690
+ /**
691
+ * T3.2 — Web-Standards middleware runner for the `executeWebRequest` path.
692
+ *
693
+ * The Node request path (`http/execute.ts`) runs middleware via
694
+ * `runMiddlewareAndContext`, which is coupled to Node `req`/`res`. Per G8
695
+ * (Web Standards over Node APIs) the Web path needs a `Request`-shaped runner;
696
+ * this is it. Extracted to a sibling so `web-handler.ts` stays under its LoC
697
+ * budget (G6).
698
+ *
699
+ * Ordering invariant (EC-3): the caller runs the CSRF gate BEFORE invoking this
700
+ * runner, mirroring the Node path (CSRF stage precedes user middleware).
701
+ *
702
+ * NOTE (D4 / EC-12): this is its own middleware contract — `(request, context)`.
703
+ * Full semantic parity with the Node `defineMiddleware` contract is part of the
704
+ * deferred Node→Web pipeline convergence, not this slice.
705
+ */
706
+ /** A Web-path middleware: mutate `context`, or return a `Response` to short-circuit. */
707
+ type WebMiddleware = (request: Request, context: Record<string, unknown>) => Promise<Response | undefined> | Response | undefined | void;
708
+
690
709
  /**
691
710
  * The route module exported by a `server/routes/*.ts` file (after T2.6 G6
692
711
  * router lockdown). Method-named exports map to `defineRoute` results.
@@ -710,6 +729,20 @@ type WebRouteModule = Partial<Record<'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE'
710
729
  */
711
730
  interface ExecuteWebRequestOptions {
712
731
  csrfMode?: 'off' | 'strict';
732
+ /**
733
+ * T3.1 — route params resolved upstream by `matchRoute` (e.g. `{ id: '42' }`
734
+ * for `/users/:id`). Threaded to the handler's `params` input and validated
735
+ * against `config.params` (Zod) when declared. Defaults to `{}` — callers
736
+ * that don't supply params keep the prior behavior (additive, backward-compat).
737
+ */
738
+ params?: Record<string, string>;
739
+ /**
740
+ * T3.2 — Web-Standards middleware chain. Runs in order AFTER the CSRF gate
741
+ * (EC-3) and BEFORE the handler. A middleware returning a `Response`
742
+ * short-circuits (handler not reached); mutating `context` passes data to
743
+ * the handler. Omitted → zero overhead (handler runs directly).
744
+ */
745
+ middleware?: readonly WebMiddleware[];
713
746
  /**
714
747
  * T5a.2 Phase E — body parser strategy.
715
748
  *
@@ -119,6 +119,7 @@ import {
119
119
  streamAgentRun
120
120
  } from "../chunk-RESN62GB.js";
121
121
  import {
122
+ AuthRequiredError,
122
123
  _resetKeyCacheForTests,
123
124
  assertProductionSecret,
124
125
  checkThrottle,
@@ -135,13 +136,14 @@ import {
135
136
  generateTotpSecret,
136
137
  pkceChallengeFromVerifier,
137
138
  recordAttempt,
139
+ requireAuth,
138
140
  rotateIfNeeded,
139
141
  rotateIfNeededWeb,
140
142
  totpUri,
141
143
  verifyBackupCode,
142
144
  verifyOAuthState,
143
145
  verifyTotp
144
- } from "../chunk-NZXH2LQQ.js";
146
+ } from "../chunk-SJIRP73B.js";
145
147
  import {
146
148
  generateNonce
147
149
  } from "../chunk-C3ZZ56YZ.js";
@@ -181,7 +183,7 @@ import {
181
183
  defineWebChannel,
182
184
  defineWebSocket,
183
185
  defineWebSocketWeb
184
- } from "../chunk-H4J2LECY.js";
186
+ } from "../chunk-6BUUZ2PK.js";
185
187
  import {
186
188
  MAX_ERROR_HTML_BYTES,
187
189
  loadCustomErrorPages,
@@ -198,6 +200,7 @@ import {
198
200
  _resetMiddlewareCacheForTests,
199
201
  createCorsHandler,
200
202
  createCorsWebHandler,
203
+ envelopeCodeToStatus,
201
204
  executeAction,
202
205
  executeRoute,
203
206
  extractTraceId,
@@ -211,7 +214,7 @@ import {
211
214
  runMiddlewareAndContext,
212
215
  sendError,
213
216
  sendJson
214
- } from "../chunk-KJLECZWQ.js";
217
+ } from "../chunk-3FYJ7R7N.js";
215
218
  import {
216
219
  DuplicateContextKeyError,
217
220
  createOutbox,
@@ -252,10 +255,6 @@ import {
252
255
  serializeCookie,
253
256
  setCookie
254
257
  } from "../chunk-ZJQ4O76G.js";
255
- import {
256
- AuthRequiredError,
257
- requireAuth
258
- } from "../chunk-4HBI7DHP.js";
259
258
  import "../chunk-DGUM43GV.js";
260
259
 
261
260
  // src/server/openapi/serve-docs.ts
@@ -266,12 +265,13 @@ var DEFAULT_CDN = "https://cdn.jsdelivr.net/npm/@scalar/api-reference";
266
265
  function createOpenApiHandler(opts = {}) {
267
266
  const docsPath = opts.docsPath ?? "/api/docs";
268
267
  const jsonPath = opts.openapiJsonPath ?? "/api/docs/openapi.json";
269
- const specFile = resolve(opts.specFilePath ?? ".theokit/openapi.json");
268
+ const rawSpecFile = opts.specFilePath ?? ".theokit/openapi.json";
270
269
  const title = opts.pageTitle ?? "API Reference";
271
270
  const cdn = opts.cdnUrl ?? DEFAULT_CDN;
272
- if (specFile.includes("..")) {
273
- throw new Error(`[theokit:openapi] specFilePath must not contain ".." segments: ${specFile}`);
271
+ if (hasDotDotSegment(rawSpecFile)) {
272
+ throw new Error(`[theokit:openapi] specFilePath must not contain ".." segments: ${rawSpecFile}`);
274
273
  }
274
+ const specFile = resolve(rawSpecFile);
275
275
  return (request) => {
276
276
  if (request.method !== "GET") return null;
277
277
  const url = new URL(request.url);
@@ -291,6 +291,9 @@ function createOpenApiHandler(opts = {}) {
291
291
  return null;
292
292
  };
293
293
  }
294
+ function hasDotDotSegment(p) {
295
+ return p.split(/[/\\]/).includes("..");
296
+ }
294
297
  function escapeHtml(s) {
295
298
  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
296
299
  }
@@ -1095,6 +1098,15 @@ function deserializeResponse(serialized) {
1095
1098
  return superjson.deserialize(serialized);
1096
1099
  }
1097
1100
 
1101
+ // src/server/http/web-middleware-runner.ts
1102
+ async function runWebMiddleware(request, middleware, context) {
1103
+ for (const mw of middleware) {
1104
+ const result = await mw(request, context);
1105
+ if (result instanceof Response) return result;
1106
+ }
1107
+ return void 0;
1108
+ }
1109
+
1098
1110
  // src/server/web-handler.ts
1099
1111
  function searchParamsToObject(params) {
1100
1112
  const out = {};
@@ -1159,11 +1171,11 @@ function validationErrorResponse(zodError, field) {
1159
1171
  headers: { "content-type": "application/json" }
1160
1172
  });
1161
1173
  }
1162
- async function runHandler(config, request, bodyParser = "inline") {
1174
+ async function runHandler(config, request, bodyParser = "inline", paramsInput = {}, context = {}) {
1163
1175
  const url = new URL(request.url);
1164
1176
  const queryRaw = searchParamsToObject(url.searchParams);
1165
1177
  const bodyRaw = bodyParser === "full" ? await parseBodyFull(request) : await parseBodyInline(request);
1166
- const paramsRaw = {};
1178
+ const paramsRaw = paramsInput;
1167
1179
  let query = queryRaw;
1168
1180
  if (config.query !== void 0) {
1169
1181
  const parsed = config.query.safeParse(queryRaw);
@@ -1185,7 +1197,7 @@ async function runHandler(config, request, bodyParser = "inline") {
1185
1197
  return { ok: false, response: validationErrorResponse(parsed.error, "params") };
1186
1198
  params = parsed.data;
1187
1199
  }
1188
- const result = await config.handler({ query, body, params, request });
1200
+ const result = await config.handler({ query, body, params, request, context });
1189
1201
  return { ok: true, result };
1190
1202
  }
1191
1203
  function toResponse(result) {
@@ -1208,36 +1220,6 @@ function handlerErrorResponse(err) {
1208
1220
  headers: { "content-type": "application/json" }
1209
1221
  });
1210
1222
  }
1211
- function envelopeCodeToStatus(code) {
1212
- switch (code) {
1213
- case "BAD_REQUEST":
1214
- return 400;
1215
- case "UNAUTHORIZED":
1216
- return 401;
1217
- case "FORBIDDEN":
1218
- return 403;
1219
- case "NOT_FOUND":
1220
- return 404;
1221
- case "METHOD_NOT_ALLOWED":
1222
- return 405;
1223
- case "PAYLOAD_TOO_LARGE":
1224
- return 413;
1225
- case "UNPROCESSABLE_ENTITY":
1226
- return 422;
1227
- case "TOO_MANY_REQUESTS":
1228
- case "RATE_LIMITED":
1229
- return 429;
1230
- case "BAD_GATEWAY":
1231
- return 502;
1232
- case "SERVICE_UNAVAILABLE":
1233
- return 503;
1234
- case "GATEWAY_TIMEOUT":
1235
- return 504;
1236
- case "INTERNAL_SERVER_ERROR":
1237
- default:
1238
- return 500;
1239
- }
1240
- }
1241
1223
  var CSRF_PROTECTED_METHODS = /* @__PURE__ */ new Set(["POST", "PUT", "PATCH", "DELETE"]);
1242
1224
  function mergeHookHeaders(response, hookHeaders) {
1243
1225
  if ([...hookHeaders].length === 0) return response;
@@ -1287,7 +1269,18 @@ async function executeWebRequest(request, routeModule, opts = {}) {
1287
1269
  if (!csrfCheck.valid) return csrfFailedResponse(csrfCheck.reason);
1288
1270
  }
1289
1271
  try {
1290
- const outcome = await runHandler(config, request, opts.bodyParser ?? "inline");
1272
+ const context = {};
1273
+ if (opts.middleware?.length) {
1274
+ const shortCircuit = await runWebMiddleware(request, opts.middleware, context);
1275
+ if (shortCircuit) return shortCircuit;
1276
+ }
1277
+ const outcome = await runHandler(
1278
+ config,
1279
+ request,
1280
+ opts.bodyParser ?? "inline",
1281
+ opts.params ?? {},
1282
+ context
1283
+ );
1291
1284
  if (!outcome.ok) return outcome.response;
1292
1285
  return toResponse(outcome.result);
1293
1286
  } catch (err) {
@@ -1313,13 +1306,29 @@ async function runPreHandlerPipeline(hookCtx, request, config, opts, hooks) {
1313
1306
  await runList(hooks.preHandler);
1314
1307
  }
1315
1308
  if (hookCtx.response === void 0) {
1316
- if (config === void 0 || typeof config.handler !== "function") {
1317
- hookCtx.response = methodNotAllowedResponse(method);
1309
+ await runHandlerStage(hookCtx, request, config, opts, method);
1310
+ }
1311
+ }
1312
+ async function runHandlerStage(hookCtx, request, config, opts, method) {
1313
+ if (config === void 0 || typeof config.handler !== "function") {
1314
+ hookCtx.response = methodNotAllowedResponse(method);
1315
+ return;
1316
+ }
1317
+ if (opts.middleware?.length) {
1318
+ const shortCircuit = await runWebMiddleware(request, opts.middleware, hookCtx.ctx);
1319
+ if (shortCircuit) {
1320
+ hookCtx.response = shortCircuit;
1318
1321
  return;
1319
1322
  }
1320
- const outcome = await runHandler(config, request, opts.bodyParser ?? "inline");
1321
- hookCtx.response = outcome.ok ? toResponse(outcome.result) : outcome.response;
1322
1323
  }
1324
+ const outcome = await runHandler(
1325
+ config,
1326
+ request,
1327
+ opts.bodyParser ?? "inline",
1328
+ opts.params ?? {},
1329
+ hookCtx.ctx
1330
+ );
1331
+ hookCtx.response = outcome.ok ? toResponse(outcome.result) : outcome.response;
1323
1332
  }
1324
1333
  async function runWithHooks(request, config, opts, hooks) {
1325
1334
  const hookCtx = {