theokit 0.6.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{actions-virtual-module-DL74V6SR.js → actions-virtual-module-4WVKHQ2X.js} +5 -2
- package/dist/actions-virtual-module-4WVKHQ2X.js.map +1 -0
- package/dist/{actions-virtual-module-ZDD54ZZE.js → actions-virtual-module-LTOXBSCF.js} +16 -2
- package/dist/actions-virtual-module-LTOXBSCF.js.map +1 -0
- package/dist/{app-typed-client-4M4NVSK3.js → app-typed-client-4N5OGNOQ.js} +15 -4
- package/dist/app-typed-client-4N5OGNOQ.js.map +1 -0
- package/dist/{app-typed-client-4GIKUKRT.js → app-typed-client-SAETWZT5.js} +5 -4
- package/dist/app-typed-client-SAETWZT5.js.map +1 -0
- package/dist/{build-ZZAQV2ES.js → build-KQD2EDU4.js} +5 -6
- package/dist/build-KQD2EDU4.js.map +1 -0
- package/dist/chunk-223EFY5X.js +469 -0
- package/dist/chunk-223EFY5X.js.map +1 -0
- package/dist/{chunk-HDA6M7P4.js → chunk-3LVRAGAZ.js} +3 -5
- package/dist/{chunk-4NLIESWK.js → chunk-4I47JW5O.js} +24 -417
- package/dist/chunk-4I47JW5O.js.map +1 -0
- package/dist/{chunk-P2RS3WWY.js → chunk-6FYD34NX.js} +194 -22
- package/dist/chunk-6FYD34NX.js.map +1 -0
- package/dist/{chunk-SVSUUK4H.js → chunk-6VSKLYT6.js} +7 -9
- package/dist/chunk-6VSKLYT6.js.map +1 -0
- package/dist/chunk-CBGRFVF5.js +421 -0
- package/dist/chunk-CBGRFVF5.js.map +1 -0
- package/dist/{chunk-B3L3TJVF.js → chunk-JBCHWRKF.js} +50 -50
- package/dist/chunk-JBCHWRKF.js.map +1 -0
- package/dist/{chunk-XMS5VRIK.js → chunk-JQSFBJR5.js} +3 -3
- package/dist/chunk-JQSFBJR5.js.map +1 -0
- package/dist/{chunk-D4SV7JOG.js → chunk-MV4LKTW6.js} +97 -135
- package/dist/chunk-MV4LKTW6.js.map +1 -0
- package/dist/chunk-PBEH6NXR.js +44 -0
- package/dist/chunk-PBEH6NXR.js.map +1 -0
- package/dist/chunk-PPPR5DGR.js +1 -0
- package/dist/cli/index.js +5 -5
- package/dist/client/index.d.ts +81 -7
- package/dist/client/index.js +111 -3
- package/dist/client/index.js.map +1 -1
- package/dist/{dev-MHCQ5RD7.js → dev-NDEZA2MP.js} +8 -6
- package/dist/dev-NDEZA2MP.js.map +1 -0
- package/dist/{dev-emit-6DJUK6DT.js → dev-emit-O4EGOSNV.js} +2 -4
- package/dist/{dev-emit-6DJUK6DT.js.map → dev-emit-O4EGOSNV.js.map} +1 -1
- package/dist/{dev-emit-4WG3B5BM.js → dev-emit-OUPI7NAQ.js} +3 -4
- package/dist/{dev-emit-4WG3B5BM.js.map → dev-emit-OUPI7NAQ.js.map} +1 -1
- package/dist/{dist-KRW6OVD4.js → dist-6GPD6WCU.js} +10231 -8164
- package/dist/dist-6GPD6WCU.js.map +1 -0
- package/dist/{index-CuHICqb9.d.ts → index-DWZF8uQD.d.ts} +132 -132
- package/dist/index.js +6 -6
- package/dist/index.js.map +1 -1
- package/dist/{lib-NST3PNZX.js → lib-JBI3XXH3.js} +27 -27
- package/dist/{lib-NST3PNZX.js.map → lib-JBI3XXH3.js.map} +1 -1
- package/dist/{openapi-KSY272CW.js → openapi-NXGRXABL.js} +3 -4
- package/dist/{openapi-KSY272CW.js.map → openapi-NXGRXABL.js.map} +1 -1
- package/dist/{routes-NWJA5L5I.js → routes-6A5XFGF7.js} +4 -6
- package/dist/routes-6A5XFGF7.js.map +1 -0
- package/dist/server/auth/index.d.ts +20 -20
- package/dist/server/http/index.d.ts +2 -2
- package/dist/server/index.d.ts +2 -2
- package/dist/server/index.js +9 -13
- package/dist/server/index.js.map +1 -1
- package/dist/server/scan/index.d.ts +13 -13
- package/dist/server/scan/index.js +8 -12
- package/dist/server/security/index.d.ts +69 -69
- package/dist/server/security/index.js +1 -1
- package/dist/{start-OAAAQ7Z4.js → start-SPFWOGHL.js} +14 -14
- package/dist/vite-plugin/index.js +4 -4
- package/dist/{vite-plugin-IF2O6BJV.js → vite-plugin-43KQU5S7.js} +7 -5
- package/dist/vite-plugin-43KQU5S7.js.map +1 -0
- package/package.json +19 -19
- package/dist/actions-virtual-module-DL74V6SR.js.map +0 -1
- package/dist/actions-virtual-module-ZDD54ZZE.js.map +0 -1
- package/dist/app-typed-client-4GIKUKRT.js.map +0 -1
- package/dist/app-typed-client-4M4NVSK3.js.map +0 -1
- package/dist/build-ZZAQV2ES.js.map +0 -1
- package/dist/chunk-4NLIESWK.js.map +0 -1
- package/dist/chunk-B3L3TJVF.js.map +0 -1
- package/dist/chunk-D4SV7JOG.js.map +0 -1
- package/dist/chunk-GPF64ENM.js +0 -73
- package/dist/chunk-HDA6M7P4.js.map +0 -1
- package/dist/chunk-OLPB36O2.js +0 -259
- package/dist/chunk-OLPB36O2.js.map +0 -1
- package/dist/chunk-P2RS3WWY.js.map +0 -1
- package/dist/chunk-P3SGM4NR.js +0 -156
- package/dist/chunk-P3SGM4NR.js.map +0 -1
- package/dist/chunk-SVSUUK4H.js.map +0 -1
- package/dist/chunk-UVHRD33F.js +0 -181
- package/dist/chunk-UVHRD33F.js.map +0 -1
- package/dist/chunk-XMS5VRIK.js.map +0 -1
- package/dist/dev-MHCQ5RD7.js.map +0 -1
- package/dist/dist-KRW6OVD4.js.map +0 -1
- package/dist/routes-NWJA5L5I.js.map +0 -1
- package/dist/{chunk-GPF64ENM.js.map → chunk-3LVRAGAZ.js.map} +0 -0
- package/dist/{vite-plugin-IF2O6BJV.js.map → chunk-PPPR5DGR.js.map} +0 -0
- package/dist/{module-loader-Cfz7dgCP.d.ts → match-CfbEFRG4.d.ts} +4 -4
- /package/dist/{start-OAAAQ7Z4.js.map → start-SPFWOGHL.js.map} +0 -0
|
@@ -1,10 +1,24 @@
|
|
|
1
1
|
import { IncomingMessage, ServerResponse } from 'node:http';
|
|
2
2
|
import { J as JobBackend } from './job-backend-CgC8Xf33.js';
|
|
3
3
|
import { P as PluginRunner } from './plugin-runner-BGBkzgi0.js';
|
|
4
|
-
import {
|
|
4
|
+
import { L as LoadModule, S as ServerRouteNode } from './match-CfbEFRG4.js';
|
|
5
5
|
import { c as CsrfMode, D as DisallowedConfig } from './csrf-BBrEZSBW.js';
|
|
6
6
|
import { z } from 'zod';
|
|
7
7
|
|
|
8
|
+
interface ExecuteActionOptions {
|
|
9
|
+
filePath: string;
|
|
10
|
+
exportName: string;
|
|
11
|
+
req: IncomingMessage;
|
|
12
|
+
res: ServerResponse;
|
|
13
|
+
loadModule: LoadModule;
|
|
14
|
+
serverDir?: string;
|
|
15
|
+
requestId?: string;
|
|
16
|
+
pluginRunner?: PluginRunner;
|
|
17
|
+
csrfMode?: CsrfMode;
|
|
18
|
+
disallowed?: DisallowedConfig;
|
|
19
|
+
}
|
|
20
|
+
declare function executeAction(filePath: string, exportName: string, req: IncomingMessage, res: ServerResponse, loadModule: LoadModule, serverDir?: string, requestId?: string, pluginRunner?: PluginRunner, csrfMode?: CsrfMode, disallowed?: DisallowedConfig): Promise<void>;
|
|
21
|
+
|
|
8
22
|
/**
|
|
9
23
|
* T5.2 — pluggable response/request transformer.
|
|
10
24
|
*
|
|
@@ -105,26 +119,73 @@ declare function sendError(res: ServerResponse, code: string, message: string, s
|
|
|
105
119
|
|
|
106
120
|
declare function executeRoute(ctx: ExecuteRouteContext): Promise<void>;
|
|
107
121
|
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
requestId?: string;
|
|
116
|
-
pluginRunner?: PluginRunner;
|
|
117
|
-
csrfMode?: CsrfMode;
|
|
118
|
-
disallowed?: DisallowedConfig;
|
|
119
|
-
}
|
|
120
|
-
declare function executeAction(filePath: string, exportName: string, req: IncomingMessage, res: ServerResponse, loadModule: LoadModule, serverDir?: string, requestId?: string, pluginRunner?: PluginRunner, csrfMode?: CsrfMode, disallowed?: DisallowedConfig): Promise<void>;
|
|
122
|
+
/**
|
|
123
|
+
* T1.4 — Server-side batch handler.
|
|
124
|
+
*
|
|
125
|
+
* Receives `{ requests: [...] }` POSTed to `/api/__theo_batch__` and returns
|
|
126
|
+
* `{ results: [...] }` with per-item error isolation. EC-2: items cannot
|
|
127
|
+
* override auth/forwarded headers (would be a session-bypass vector).
|
|
128
|
+
*/
|
|
121
129
|
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
130
|
+
declare const STRIPPED_HEADERS: readonly ["authorization", "cookie", "x-forwarded-for", "x-forwarded-host", "x-forwarded-proto", "x-real-ip", "host"];
|
|
131
|
+
declare const BATCH_PATH = "/api/__theo_batch__";
|
|
132
|
+
declare class BatchPathConflictError extends Error {
|
|
133
|
+
constructor(path: string);
|
|
125
134
|
}
|
|
126
|
-
declare
|
|
127
|
-
|
|
135
|
+
declare const batchRequestSchema: z.ZodObject<{
|
|
136
|
+
path: z.ZodString;
|
|
137
|
+
method: z.ZodString;
|
|
138
|
+
query: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
139
|
+
body: z.ZodOptional<z.ZodUnknown>;
|
|
140
|
+
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
141
|
+
}, z.core.$strip>;
|
|
142
|
+
declare const batchPayloadSchema: z.ZodObject<{
|
|
143
|
+
requests: z.ZodArray<z.ZodObject<{
|
|
144
|
+
path: z.ZodString;
|
|
145
|
+
method: z.ZodString;
|
|
146
|
+
query: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
147
|
+
body: z.ZodOptional<z.ZodUnknown>;
|
|
148
|
+
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
149
|
+
}, z.core.$strip>>;
|
|
150
|
+
}, z.core.$strip>;
|
|
151
|
+
type BatchRequestItem = z.infer<typeof batchRequestSchema>;
|
|
152
|
+
type BatchPayload = z.infer<typeof batchPayloadSchema>;
|
|
153
|
+
type BatchExecuteFn = (req: BatchRequestItem) => Promise<{
|
|
154
|
+
data: unknown;
|
|
155
|
+
} | {
|
|
156
|
+
error: {
|
|
157
|
+
message: string;
|
|
158
|
+
code?: string;
|
|
159
|
+
};
|
|
160
|
+
}>;
|
|
161
|
+
interface HandleBatchOptions {
|
|
162
|
+
execute: BatchExecuteFn;
|
|
163
|
+
/** Max number of items per batch. Default 32. */
|
|
164
|
+
max?: number;
|
|
165
|
+
/** Outer-request headers that override per-item headers in STRIPPED_HEADERS. */
|
|
166
|
+
outerHeaders?: Record<string, string>;
|
|
167
|
+
}
|
|
168
|
+
type BatchResultItem = {
|
|
169
|
+
data: unknown;
|
|
170
|
+
} | {
|
|
171
|
+
error: {
|
|
172
|
+
message: string;
|
|
173
|
+
code?: string;
|
|
174
|
+
};
|
|
175
|
+
};
|
|
176
|
+
interface BatchResponse {
|
|
177
|
+
results: BatchResultItem[];
|
|
178
|
+
}
|
|
179
|
+
/**
|
|
180
|
+
* Validate + execute a batch request.
|
|
181
|
+
*
|
|
182
|
+
* CR-028 fix: previously the signature was `payload: BatchPayload`,
|
|
183
|
+
* suggesting the caller had already validated. In reality `api-middleware`
|
|
184
|
+
* passes `JSON.parse(rawBody) as BatchPayload` — an unsafe cast over raw
|
|
185
|
+
* HTTP input. We widen the input type to `unknown` so the type system
|
|
186
|
+
* forces validation, then run Zod once at this single trust boundary.
|
|
187
|
+
*/
|
|
188
|
+
declare function handleBatchRequest(payload: unknown, options: HandleBatchOptions): Promise<BatchResponse>;
|
|
128
189
|
|
|
129
190
|
/**
|
|
130
191
|
* T1.2 — CORS middleware.
|
|
@@ -188,6 +249,58 @@ interface CorsWebHandler {
|
|
|
188
249
|
}
|
|
189
250
|
declare function createCorsWebHandler(config: CorsConfig): CorsWebHandler;
|
|
190
251
|
|
|
252
|
+
/**
|
|
253
|
+
* Phase 7 — Observability: traceId propagation (D7).
|
|
254
|
+
*
|
|
255
|
+
* Extract a stable identifier from incoming requests so a single value
|
|
256
|
+
* correlates the client request, every server log line, the response
|
|
257
|
+
* envelope, and any downstream span. Precedence:
|
|
258
|
+
*
|
|
259
|
+
* 1. `traceparent` (W3C Trace Context — `00-{32-hex}-{16-hex}-{flags}`)
|
|
260
|
+
* 2. `x-request-id` (Heroku / GCP / generic proxy header)
|
|
261
|
+
* 3. Generated UUID (fresh per request)
|
|
262
|
+
*
|
|
263
|
+
* UUIDs are accepted as trace identifiers by every major vendor that
|
|
264
|
+
* does not enforce strict 32-hex (Datadog, Honeycomb, Sentry, Logflare,
|
|
265
|
+
* Axiom, etc). We don't need ULIDs to ship this surface.
|
|
266
|
+
*/
|
|
267
|
+
declare const TRACE_HEADER = "x-trace-id";
|
|
268
|
+
declare const TRACE_PARENT_HEADER = "traceparent";
|
|
269
|
+
/**
|
|
270
|
+
* Parse a W3C Trace Context `traceparent` header value. Returns the
|
|
271
|
+
* 32-hex trace-id when valid (and not the reserved all-zeros), else
|
|
272
|
+
* `null`.
|
|
273
|
+
*/
|
|
274
|
+
declare function parseTraceparent(value: string): string | null;
|
|
275
|
+
/**
|
|
276
|
+
* Resolve the request's traceId following the precedence above.
|
|
277
|
+
*/
|
|
278
|
+
declare function extractTraceId(req: IncomingMessage): string;
|
|
279
|
+
/**
|
|
280
|
+
* T5a.2 Phase C slice 1/2 — Web-Standards-shaped traceId resolver.
|
|
281
|
+
*
|
|
282
|
+
* Mirror of `extractTraceId(req: IncomingMessage)` for the Web `Request`
|
|
283
|
+
* shape. Same precedence (`traceparent` → `x-request-id` → generated
|
|
284
|
+
* UUID). Uses `request.headers.get(name)` (native Web `Headers` API)
|
|
285
|
+
* instead of the Node indexer.
|
|
286
|
+
*
|
|
287
|
+
* **Multi-value note:** Web `Headers` collapses repeated headers into a
|
|
288
|
+
* single comma-separated string at parse. The IncomingMessage path's
|
|
289
|
+
* `pickHeader` "first non-empty value" semantic is naturally satisfied
|
|
290
|
+
* because there's no array to pick from on the Web side — `.get()`
|
|
291
|
+
* returns the comma-joined value, which for `traceparent` / `x-request-id`
|
|
292
|
+
* is treated as a single string anyway (both headers are conventionally
|
|
293
|
+
* single-valued).
|
|
294
|
+
*/
|
|
295
|
+
declare function extractTraceIdFromRequest(request: Request): string;
|
|
296
|
+
|
|
297
|
+
interface MiddlewareResult {
|
|
298
|
+
ctx: unknown;
|
|
299
|
+
aborted: boolean;
|
|
300
|
+
}
|
|
301
|
+
declare function _resetMiddlewareCacheForTests(): void;
|
|
302
|
+
declare function runMiddlewareAndContext(req: IncomingMessage, res: ServerResponse, loadModule: LoadModule, serverDir: string): Promise<MiddlewareResult>;
|
|
303
|
+
|
|
191
304
|
interface CookieOptions {
|
|
192
305
|
httpOnly?: boolean;
|
|
193
306
|
secure?: boolean;
|
|
@@ -260,74 +373,6 @@ declare function appendDeleteCookieToHeaders(target: Headers, name: string, opti
|
|
|
260
373
|
path?: string;
|
|
261
374
|
}): void;
|
|
262
375
|
|
|
263
|
-
/**
|
|
264
|
-
* T1.4 — Server-side batch handler.
|
|
265
|
-
*
|
|
266
|
-
* Receives `{ requests: [...] }` POSTed to `/api/__theo_batch__` and returns
|
|
267
|
-
* `{ results: [...] }` with per-item error isolation. EC-2: items cannot
|
|
268
|
-
* override auth/forwarded headers (would be a session-bypass vector).
|
|
269
|
-
*/
|
|
270
|
-
|
|
271
|
-
declare const STRIPPED_HEADERS: readonly ["authorization", "cookie", "x-forwarded-for", "x-forwarded-host", "x-forwarded-proto", "x-real-ip", "host"];
|
|
272
|
-
declare const BATCH_PATH = "/api/__theo_batch__";
|
|
273
|
-
declare class BatchPathConflictError extends Error {
|
|
274
|
-
constructor(path: string);
|
|
275
|
-
}
|
|
276
|
-
declare const batchRequestSchema: z.ZodObject<{
|
|
277
|
-
path: z.ZodString;
|
|
278
|
-
method: z.ZodString;
|
|
279
|
-
query: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
280
|
-
body: z.ZodOptional<z.ZodUnknown>;
|
|
281
|
-
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
282
|
-
}, z.core.$strip>;
|
|
283
|
-
declare const batchPayloadSchema: z.ZodObject<{
|
|
284
|
-
requests: z.ZodArray<z.ZodObject<{
|
|
285
|
-
path: z.ZodString;
|
|
286
|
-
method: z.ZodString;
|
|
287
|
-
query: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
288
|
-
body: z.ZodOptional<z.ZodUnknown>;
|
|
289
|
-
headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
290
|
-
}, z.core.$strip>>;
|
|
291
|
-
}, z.core.$strip>;
|
|
292
|
-
type BatchRequestItem = z.infer<typeof batchRequestSchema>;
|
|
293
|
-
type BatchPayload = z.infer<typeof batchPayloadSchema>;
|
|
294
|
-
type BatchExecuteFn = (req: BatchRequestItem) => Promise<{
|
|
295
|
-
data: unknown;
|
|
296
|
-
} | {
|
|
297
|
-
error: {
|
|
298
|
-
message: string;
|
|
299
|
-
code?: string;
|
|
300
|
-
};
|
|
301
|
-
}>;
|
|
302
|
-
interface HandleBatchOptions {
|
|
303
|
-
execute: BatchExecuteFn;
|
|
304
|
-
/** Max number of items per batch. Default 32. */
|
|
305
|
-
max?: number;
|
|
306
|
-
/** Outer-request headers that override per-item headers in STRIPPED_HEADERS. */
|
|
307
|
-
outerHeaders?: Record<string, string>;
|
|
308
|
-
}
|
|
309
|
-
type BatchResultItem = {
|
|
310
|
-
data: unknown;
|
|
311
|
-
} | {
|
|
312
|
-
error: {
|
|
313
|
-
message: string;
|
|
314
|
-
code?: string;
|
|
315
|
-
};
|
|
316
|
-
};
|
|
317
|
-
interface BatchResponse {
|
|
318
|
-
results: BatchResultItem[];
|
|
319
|
-
}
|
|
320
|
-
/**
|
|
321
|
-
* Validate + execute a batch request.
|
|
322
|
-
*
|
|
323
|
-
* CR-028 fix: previously the signature was `payload: BatchPayload`,
|
|
324
|
-
* suggesting the caller had already validated. In reality `api-middleware`
|
|
325
|
-
* passes `JSON.parse(rawBody) as BatchPayload` — an unsafe cast over raw
|
|
326
|
-
* HTTP input. We widen the input type to `unknown` so the type system
|
|
327
|
-
* forces validation, then run Zod once at this single trust boundary.
|
|
328
|
-
*/
|
|
329
|
-
declare function handleBatchRequest(payload: unknown, options: HandleBatchOptions): Promise<BatchResponse>;
|
|
330
|
-
|
|
331
376
|
/**
|
|
332
377
|
* T2.4 — Custom error pages loader.
|
|
333
378
|
*
|
|
@@ -351,49 +396,4 @@ declare function loadCustomErrorPages(clientDir: string): CustomErrorPages;
|
|
|
351
396
|
|
|
352
397
|
declare function serveStaticFile(req: IncomingMessage, res: ServerResponse, clientDir: string): boolean;
|
|
353
398
|
|
|
354
|
-
/**
|
|
355
|
-
* Phase 7 — Observability: traceId propagation (D7).
|
|
356
|
-
*
|
|
357
|
-
* Extract a stable identifier from incoming requests so a single value
|
|
358
|
-
* correlates the client request, every server log line, the response
|
|
359
|
-
* envelope, and any downstream span. Precedence:
|
|
360
|
-
*
|
|
361
|
-
* 1. `traceparent` (W3C Trace Context — `00-{32-hex}-{16-hex}-{flags}`)
|
|
362
|
-
* 2. `x-request-id` (Heroku / GCP / generic proxy header)
|
|
363
|
-
* 3. Generated UUID (fresh per request)
|
|
364
|
-
*
|
|
365
|
-
* UUIDs are accepted as trace identifiers by every major vendor that
|
|
366
|
-
* does not enforce strict 32-hex (Datadog, Honeycomb, Sentry, Logflare,
|
|
367
|
-
* Axiom, etc). We don't need ULIDs to ship this surface.
|
|
368
|
-
*/
|
|
369
|
-
declare const TRACE_HEADER = "x-trace-id";
|
|
370
|
-
declare const TRACE_PARENT_HEADER = "traceparent";
|
|
371
|
-
/**
|
|
372
|
-
* Parse a W3C Trace Context `traceparent` header value. Returns the
|
|
373
|
-
* 32-hex trace-id when valid (and not the reserved all-zeros), else
|
|
374
|
-
* `null`.
|
|
375
|
-
*/
|
|
376
|
-
declare function parseTraceparent(value: string): string | null;
|
|
377
|
-
/**
|
|
378
|
-
* Resolve the request's traceId following the precedence above.
|
|
379
|
-
*/
|
|
380
|
-
declare function extractTraceId(req: IncomingMessage): string;
|
|
381
|
-
/**
|
|
382
|
-
* T5a.2 Phase C slice 1/2 — Web-Standards-shaped traceId resolver.
|
|
383
|
-
*
|
|
384
|
-
* Mirror of `extractTraceId(req: IncomingMessage)` for the Web `Request`
|
|
385
|
-
* shape. Same precedence (`traceparent` → `x-request-id` → generated
|
|
386
|
-
* UUID). Uses `request.headers.get(name)` (native Web `Headers` API)
|
|
387
|
-
* instead of the Node indexer.
|
|
388
|
-
*
|
|
389
|
-
* **Multi-value note:** Web `Headers` collapses repeated headers into a
|
|
390
|
-
* single comma-separated string at parse. The IncomingMessage path's
|
|
391
|
-
* `pickHeader` "first non-empty value" semantic is naturally satisfied
|
|
392
|
-
* because there's no array to pick from on the Web side — `.get()`
|
|
393
|
-
* returns the comma-joined value, which for `traceparent` / `x-request-id`
|
|
394
|
-
* is treated as a single string anyway (both headers are conventionally
|
|
395
|
-
* single-valued).
|
|
396
|
-
*/
|
|
397
|
-
declare function extractTraceIdFromRequest(request: Request): string;
|
|
398
|
-
|
|
399
399
|
export { getCookie as A, BATCH_PATH as B, type CookieOptions as C, getCookieFromRequest as D, type ExecuteActionOptions as E, handleBatchRequest as F, jsonTransformer as G, type HandleBatchOptions as H, loadCustomErrorPages as I, matchesOrigin as J, parseCookieHeader as K, parseTraceparent as L, MAX_ERROR_HTML_BYTES as M, resolveTransformer as N, runMiddlewareAndContext as O, sendError as P, sendJson as Q, serializeCookie as R, STRIPPED_HEADERS as S, TRACE_HEADER as T, serveStaticFile as U, setCookie as V, superjsonTransformer as W, _resetMiddlewareCacheForTests as _, type BatchExecuteFn as a, BatchPathConflictError as b, type BatchPayload as c, type BatchRequestItem as d, type BatchResponse as e, type BatchResultItem as f, type CorsConfig as g, type CorsHandler as h, type CorsOrigin as i, type CorsWebHandler as j, type CustomErrorPages as k, type ExecuteRouteContext as l, type MiddlewareResult as m, type SendErrorInput as n, type SendErrorOptions as o, TRACE_PARENT_HEADER as p, type TheoTransformer as q, appendCookieToHeaders as r, appendDeleteCookieToHeaders as s, createCorsHandler as t, createCorsWebHandler as u, deleteCookie as v, executeAction as w, executeRoute as x, extractTraceId as y, extractTraceIdFromRequest as z };
|
package/dist/index.js
CHANGED
|
@@ -8,18 +8,18 @@ import {
|
|
|
8
8
|
scanRoutes,
|
|
9
9
|
theoConfigSchema,
|
|
10
10
|
theoPlugin
|
|
11
|
-
} from "./chunk-
|
|
11
|
+
} from "./chunk-6VSKLYT6.js";
|
|
12
12
|
import "./chunk-D7ZH7DTG.js";
|
|
13
|
+
import "./chunk-PPPR5DGR.js";
|
|
13
14
|
import "./chunk-7BIM27LV.js";
|
|
14
15
|
import "./chunk-PIVX3DYW.js";
|
|
15
16
|
import "./chunk-5QW7IQQU.js";
|
|
16
17
|
import "./chunk-IAJ2JVEH.js";
|
|
17
18
|
import "./chunk-VMEWD57H.js";
|
|
18
19
|
import "./chunk-JQSKBMXP.js";
|
|
19
|
-
import "./chunk-
|
|
20
|
-
import "./chunk-P3SGM4NR.js";
|
|
20
|
+
import "./chunk-223EFY5X.js";
|
|
21
21
|
import "./chunk-WSJKACWB.js";
|
|
22
|
-
import "./chunk-
|
|
22
|
+
import "./chunk-JBCHWRKF.js";
|
|
23
23
|
import "./chunk-C3ZZ56YZ.js";
|
|
24
24
|
import "./chunk-7MQOHNHE.js";
|
|
25
25
|
import "./chunk-X2VVCJ4V.js";
|
|
@@ -36,7 +36,7 @@ function defineConfig(config) {
|
|
|
36
36
|
return config;
|
|
37
37
|
}
|
|
38
38
|
|
|
39
|
-
// src/
|
|
39
|
+
// src/config/validate-structure.ts
|
|
40
40
|
import { existsSync } from "fs";
|
|
41
41
|
import { join } from "path";
|
|
42
42
|
|
|
@@ -61,7 +61,7 @@ ${errorLines}
|
|
|
61
61
|
}
|
|
62
62
|
};
|
|
63
63
|
|
|
64
|
-
// src/
|
|
64
|
+
// src/config/validate-structure.ts
|
|
65
65
|
var REQUIRED_DIRS = [
|
|
66
66
|
{
|
|
67
67
|
path: "app",
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/config/define-config.ts","../src/
|
|
1
|
+
{"version":3,"sources":["../src/config/define-config.ts","../src/config/validate-structure.ts","../src/core/errors.ts"],"sourcesContent":["import type { TheoConfig } from './schema.js'\n\n/**\n * Define Theo framework configuration.\n * Identity function — provides type inference for theo.config.ts.\n * Runtime validation happens in loadConfig(), not here.\n */\nexport function defineConfig(config: Partial<TheoConfig>): Partial<TheoConfig> {\n return config\n}\n","/* eslint-disable security/detect-non-literal-fs-filename --\n * Project-structure validator. Reads paths joined onto `projectRoot`,\n * with names from a fixed `ValidationRule[]` table. No HTTP input.\n */\nimport { existsSync } from 'node:fs'\nimport { join } from 'node:path'\n\nimport { TheoProjectError } from '../core/errors.js'\n\ninterface ValidationRule {\n path: string\n errorMessage: string\n}\n\nconst REQUIRED_DIRS: ValidationRule[] = [\n {\n path: 'app',\n errorMessage: 'Missing required directory: app/',\n },\n]\n\nconst REQUIRED_FILES: ValidationRule[] = [\n {\n path: 'theo.config.ts',\n errorMessage: 'Missing required file: theo.config.ts',\n },\n {\n path: 'package.json',\n errorMessage: 'Missing required file: package.json',\n },\n]\n\nexport function validateProjectStructure(rootDir: string): void {\n if (!existsSync(rootDir)) {\n throw new TheoProjectError([`Project directory does not exist: ${rootDir}`], rootDir)\n }\n\n const errors: string[] = []\n\n for (const rule of REQUIRED_DIRS) {\n if (!existsSync(join(rootDir, rule.path))) {\n errors.push(rule.errorMessage)\n }\n }\n\n for (const rule of REQUIRED_FILES) {\n if (!existsSync(join(rootDir, rule.path))) {\n errors.push(rule.errorMessage)\n }\n }\n\n if (errors.length > 0) {\n throw new TheoProjectError(errors, rootDir)\n }\n}\n","export class TheoProjectError extends Error {\n public readonly errors: string[]\n public readonly rootDir: string\n\n constructor(errors: string[], rootDir: string) {\n const errorLines = errors.map((e) => ` - ${e}`).join('\\n')\n\n super(\n `Invalid Theo project structure\\n\\n` +\n ` Root: ${rootDir}\\n\\n` +\n (errorLines ? ` Errors:\\n${errorLines}\\n` : ''),\n )\n\n this.name = 'TheoProjectError'\n this.errors = errors\n this.rootDir = rootDir\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAOO,SAAS,aAAa,QAAkD;AAC7E,SAAO;AACT;;;ACLA,SAAS,kBAAkB;AAC3B,SAAS,YAAY;;;ACLd,IAAM,mBAAN,cAA+B,MAAM;AAAA,EAC1B;AAAA,EACA;AAAA,EAEhB,YAAY,QAAkB,SAAiB;AAC7C,UAAM,aAAa,OAAO,IAAI,CAAC,MAAM,OAAO,CAAC,EAAE,EAAE,KAAK,IAAI;AAE1D;AAAA,MACE;AAAA;AAAA,UACa,OAAO;AAAA;AAAA,KACjB,aAAa;AAAA,EAAc,UAAU;AAAA,IAAO;AAAA,IACjD;AAEA,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,UAAU;AAAA,EACjB;AACF;;;ADHA,IAAM,gBAAkC;AAAA,EACtC;AAAA,IACE,MAAM;AAAA,IACN,cAAc;AAAA,EAChB;AACF;AAEA,IAAM,iBAAmC;AAAA,EACvC;AAAA,IACE,MAAM;AAAA,IACN,cAAc;AAAA,EAChB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,cAAc;AAAA,EAChB;AACF;AAEO,SAAS,yBAAyB,SAAuB;AAC9D,MAAI,CAAC,WAAW,OAAO,GAAG;AACxB,UAAM,IAAI,iBAAiB,CAAC,qCAAqC,OAAO,EAAE,GAAG,OAAO;AAAA,EACtF;AAEA,QAAM,SAAmB,CAAC;AAE1B,aAAW,QAAQ,eAAe;AAChC,QAAI,CAAC,WAAW,KAAK,SAAS,KAAK,IAAI,CAAC,GAAG;AACzC,aAAO,KAAK,KAAK,YAAY;AAAA,IAC/B;AAAA,EACF;AAEA,aAAW,QAAQ,gBAAgB;AACjC,QAAI,CAAC,WAAW,KAAK,SAAS,KAAK,IAAI,CAAC,GAAG;AACzC,aAAO,KAAK,KAAK,YAAY;AAAA,IAC/B;AAAA,EACF;AAEA,MAAI,OAAO,SAAS,GAAG;AACrB,UAAM,IAAI,iBAAiB,QAAQ,OAAO;AAAA,EAC5C;AACF;","names":[]}
|
|
@@ -5,9 +5,9 @@ import {
|
|
|
5
5
|
__require
|
|
6
6
|
} from "./chunk-KT3MWNZG.js";
|
|
7
7
|
|
|
8
|
-
// ../../node_modules/.pnpm/better-sqlite3@12.
|
|
8
|
+
// ../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/util.js
|
|
9
9
|
var require_util = __commonJS({
|
|
10
|
-
"../../node_modules/.pnpm/better-sqlite3@12.
|
|
10
|
+
"../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/util.js"(exports) {
|
|
11
11
|
"use strict";
|
|
12
12
|
exports.getBooleanOption = (options, key) => {
|
|
13
13
|
let value = false;
|
|
@@ -21,9 +21,9 @@ var require_util = __commonJS({
|
|
|
21
21
|
}
|
|
22
22
|
});
|
|
23
23
|
|
|
24
|
-
// ../../node_modules/.pnpm/better-sqlite3@12.
|
|
24
|
+
// ../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/sqlite-error.js
|
|
25
25
|
var require_sqlite_error = __commonJS({
|
|
26
|
-
"../../node_modules/.pnpm/better-sqlite3@12.
|
|
26
|
+
"../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/sqlite-error.js"(exports, module) {
|
|
27
27
|
"use strict";
|
|
28
28
|
var descriptor = { value: "SqliteError", writable: true, enumerable: false, configurable: true };
|
|
29
29
|
function SqliteError(message, code) {
|
|
@@ -220,9 +220,9 @@ var require_bindings = __commonJS({
|
|
|
220
220
|
}
|
|
221
221
|
});
|
|
222
222
|
|
|
223
|
-
// ../../node_modules/.pnpm/better-sqlite3@12.
|
|
223
|
+
// ../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/wrappers.js
|
|
224
224
|
var require_wrappers = __commonJS({
|
|
225
|
-
"../../node_modules/.pnpm/better-sqlite3@12.
|
|
225
|
+
"../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/wrappers.js"(exports) {
|
|
226
226
|
"use strict";
|
|
227
227
|
var { cppdb } = require_util();
|
|
228
228
|
exports.prepare = function prepare(sql) {
|
|
@@ -283,9 +283,9 @@ var require_wrappers = __commonJS({
|
|
|
283
283
|
}
|
|
284
284
|
});
|
|
285
285
|
|
|
286
|
-
// ../../node_modules/.pnpm/better-sqlite3@12.
|
|
286
|
+
// ../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/transaction.js
|
|
287
287
|
var require_transaction = __commonJS({
|
|
288
|
-
"../../node_modules/.pnpm/better-sqlite3@12.
|
|
288
|
+
"../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/transaction.js"(exports, module) {
|
|
289
289
|
"use strict";
|
|
290
290
|
var { cppdb } = require_util();
|
|
291
291
|
var controllers = /* @__PURE__ */ new WeakMap();
|
|
@@ -356,9 +356,9 @@ var require_transaction = __commonJS({
|
|
|
356
356
|
}
|
|
357
357
|
});
|
|
358
358
|
|
|
359
|
-
// ../../node_modules/.pnpm/better-sqlite3@12.
|
|
359
|
+
// ../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/pragma.js
|
|
360
360
|
var require_pragma = __commonJS({
|
|
361
|
-
"../../node_modules/.pnpm/better-sqlite3@12.
|
|
361
|
+
"../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/pragma.js"(exports, module) {
|
|
362
362
|
"use strict";
|
|
363
363
|
var { getBooleanOption, cppdb } = require_util();
|
|
364
364
|
module.exports = function pragma(source, options) {
|
|
@@ -372,9 +372,9 @@ var require_pragma = __commonJS({
|
|
|
372
372
|
}
|
|
373
373
|
});
|
|
374
374
|
|
|
375
|
-
// ../../node_modules/.pnpm/better-sqlite3@12.
|
|
375
|
+
// ../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/backup.js
|
|
376
376
|
var require_backup = __commonJS({
|
|
377
|
-
"../../node_modules/.pnpm/better-sqlite3@12.
|
|
377
|
+
"../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/backup.js"(exports, module) {
|
|
378
378
|
"use strict";
|
|
379
379
|
var fs = __require("fs");
|
|
380
380
|
var path = __require("path");
|
|
@@ -433,9 +433,9 @@ var require_backup = __commonJS({
|
|
|
433
433
|
}
|
|
434
434
|
});
|
|
435
435
|
|
|
436
|
-
// ../../node_modules/.pnpm/better-sqlite3@12.
|
|
436
|
+
// ../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/serialize.js
|
|
437
437
|
var require_serialize = __commonJS({
|
|
438
|
-
"../../node_modules/.pnpm/better-sqlite3@12.
|
|
438
|
+
"../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/serialize.js"(exports, module) {
|
|
439
439
|
"use strict";
|
|
440
440
|
var { cppdb } = require_util();
|
|
441
441
|
module.exports = function serialize(options) {
|
|
@@ -449,9 +449,9 @@ var require_serialize = __commonJS({
|
|
|
449
449
|
}
|
|
450
450
|
});
|
|
451
451
|
|
|
452
|
-
// ../../node_modules/.pnpm/better-sqlite3@12.
|
|
452
|
+
// ../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/function.js
|
|
453
453
|
var require_function = __commonJS({
|
|
454
|
-
"../../node_modules/.pnpm/better-sqlite3@12.
|
|
454
|
+
"../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/function.js"(exports, module) {
|
|
455
455
|
"use strict";
|
|
456
456
|
var { getBooleanOption, cppdb } = require_util();
|
|
457
457
|
module.exports = function defineFunction(name, options, fn) {
|
|
@@ -480,9 +480,9 @@ var require_function = __commonJS({
|
|
|
480
480
|
}
|
|
481
481
|
});
|
|
482
482
|
|
|
483
|
-
// ../../node_modules/.pnpm/better-sqlite3@12.
|
|
483
|
+
// ../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/aggregate.js
|
|
484
484
|
var require_aggregate = __commonJS({
|
|
485
|
-
"../../node_modules/.pnpm/better-sqlite3@12.
|
|
485
|
+
"../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/aggregate.js"(exports, module) {
|
|
486
486
|
"use strict";
|
|
487
487
|
var { getBooleanOption, cppdb } = require_util();
|
|
488
488
|
module.exports = function defineAggregate(name, options) {
|
|
@@ -520,9 +520,9 @@ var require_aggregate = __commonJS({
|
|
|
520
520
|
}
|
|
521
521
|
});
|
|
522
522
|
|
|
523
|
-
// ../../node_modules/.pnpm/better-sqlite3@12.
|
|
523
|
+
// ../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/table.js
|
|
524
524
|
var require_table = __commonJS({
|
|
525
|
-
"../../node_modules/.pnpm/better-sqlite3@12.
|
|
525
|
+
"../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/table.js"(exports, module) {
|
|
526
526
|
"use strict";
|
|
527
527
|
var { cppdb } = require_util();
|
|
528
528
|
module.exports = function defineTable(name, factory) {
|
|
@@ -682,9 +682,9 @@ var require_table = __commonJS({
|
|
|
682
682
|
}
|
|
683
683
|
});
|
|
684
684
|
|
|
685
|
-
// ../../node_modules/.pnpm/better-sqlite3@12.
|
|
685
|
+
// ../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/inspect.js
|
|
686
686
|
var require_inspect = __commonJS({
|
|
687
|
-
"../../node_modules/.pnpm/better-sqlite3@12.
|
|
687
|
+
"../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/methods/inspect.js"(exports, module) {
|
|
688
688
|
"use strict";
|
|
689
689
|
var DatabaseInspection = function Database() {
|
|
690
690
|
};
|
|
@@ -694,9 +694,9 @@ var require_inspect = __commonJS({
|
|
|
694
694
|
}
|
|
695
695
|
});
|
|
696
696
|
|
|
697
|
-
// ../../node_modules/.pnpm/better-sqlite3@12.
|
|
697
|
+
// ../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/database.js
|
|
698
698
|
var require_database = __commonJS({
|
|
699
|
-
"../../node_modules/.pnpm/better-sqlite3@12.
|
|
699
|
+
"../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/database.js"(exports, module) {
|
|
700
700
|
"use strict";
|
|
701
701
|
var fs = __require("fs");
|
|
702
702
|
var path = __require("path");
|
|
@@ -770,12 +770,12 @@ var require_database = __commonJS({
|
|
|
770
770
|
}
|
|
771
771
|
});
|
|
772
772
|
|
|
773
|
-
// ../../node_modules/.pnpm/better-sqlite3@12.
|
|
773
|
+
// ../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/index.js
|
|
774
774
|
var require_lib = __commonJS({
|
|
775
|
-
"../../node_modules/.pnpm/better-sqlite3@12.
|
|
775
|
+
"../../node_modules/.pnpm/better-sqlite3@12.11.1/node_modules/better-sqlite3/lib/index.js"(exports, module) {
|
|
776
776
|
module.exports = require_database();
|
|
777
777
|
module.exports.SqliteError = require_sqlite_error();
|
|
778
778
|
}
|
|
779
779
|
});
|
|
780
780
|
export default require_lib();
|
|
781
|
-
//# sourceMappingURL=lib-
|
|
781
|
+
//# sourceMappingURL=lib-JBI3XXH3.js.map
|