toiljs 0.0.55 → 0.0.57

package/examples/basic/client/public/images/logo.svg

@@ -1,37 +1,40 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<svg id="Layer_1" xmlns="http://www.w3.org/2000/svg" version="1.1" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 500 500">
-  <!-- Generator: Adobe Illustrator 30.4.0, SVG Export Plug-In . SVG Version: 2.1.4 Build 226)  -->
-  <defs>
-    <style>
-      .st0 {
-        fill: #fff;
-      }
+<svg id="Layer_1" xmlns="http://www.w3.org/2000/svg" version="1.1"
+     viewBox="0 0 500 500">
+    <!-- Generator: Adobe Illustrator 30.4.0, SVG Export Plug-In . SVG Version: 2.1.4 Build 226)  -->
+    <defs>
+        <style>
+            .st0 {
+            fill: #fff;
+            }
 
-      .st1 {
-        fill: url(#linear-gradient1);
-      }
+            .st1 {
+            fill: url(#linear-gradient1);
+            }
 
-      .st2 {
-        fill: url(#linear-gradient);
-      }
-    </style>
-    <linearGradient id="linear-gradient" x1="43.27" y1="43.27" x2="467.12" y2="467.12" gradientUnits="userSpaceOnUse">
-      <stop offset="0" stop-color="#6990ff"/>
-      <stop offset=".03" stop-color="#6479f9"/>
-      <stop offset=".08" stop-color="#5d57f0"/>
-      <stop offset=".12" stop-color="#583de9"/>
-      <stop offset=".17" stop-color="#542ae3"/>
-      <stop offset=".23" stop-color="#521ee0"/>
-      <stop offset=".28" stop-color="#521be0"/>
-      <stop offset=".66" stop-color="#6900f4"/>
-      <stop offset="1" stop-color="#7f00f6"/>
-    </linearGradient>
-    <linearGradient id="linear-gradient1" x1="149.99" y1="355.49" x2="149.99" y2="0" gradientUnits="userSpaceOnUse">
-      <stop offset=".15" stop-color="#6990ff" stop-opacity=".6"/>
-      <stop offset=".55" stop-color="#531ae1"/>
-    </linearGradient>
-  </defs>
-  <rect class="st2" width="500" height="500" rx="130" ry="130"/>
-  <path class="st1" d="M299.98,0L0,355.49v-225.49C0,58.2,58.2,0,130,0h169.98Z"/>
-  <path class="st0" d="M106.17,111.11h285.24c9.9,0,16.7,9.96,13.09,19.18l-17.98,45.96c-2.11,5.39-7.31,8.94-13.09,8.94h-74.65c-7.76,0-14.06,6.29-14.06,14.06v214.94c0,7.76-6.29,14.06-14.06,14.06h-45.96c-7.76,0-14.06-6.29-14.06-14.06v-217.25c0-7.76-6.29-14.06-14.06-14.06h-73.66c-5.82,0-11.04-3.59-13.12-9.02l-16.76-43.64c-3.54-9.21,3.26-19.1,13.12-19.1Z"/>
-</svg>
+            .st2 {
+            fill: url(#linear-gradient);
+            }
+        </style>
+        <linearGradient id="linear-gradient" x1="43.27" y1="43.27" x2="467.12" y2="467.12"
+                        gradientUnits="userSpaceOnUse">
+            <stop offset="0" stop-color="#6990ff"/>
+            <stop offset=".03" stop-color="#6479f9"/>
+            <stop offset=".08" stop-color="#5d57f0"/>
+            <stop offset=".12" stop-color="#583de9"/>
+            <stop offset=".17" stop-color="#542ae3"/>
+            <stop offset=".23" stop-color="#521ee0"/>
+            <stop offset=".28" stop-color="#521be0"/>
+            <stop offset=".66" stop-color="#6900f4"/>
+            <stop offset="1" stop-color="#7f00f6"/>
+        </linearGradient>
+        <linearGradient id="linear-gradient1" x1="149.99" y1="355.49" x2="149.99" y2="0" gradientUnits="userSpaceOnUse">
+            <stop offset=".15" stop-color="#6990ff" stop-opacity=".6"/>
+            <stop offset=".55" stop-color="#531ae1"/>
+        </linearGradient>
+    </defs>
+    <rect class="st2" width="500" height="500" rx="130" ry="130"/>
+    <path class="st1" d="M299.98,0L0,355.49v-225.49C0,58.2,58.2,0,130,0h169.98Z"/>
+    <path class="st0"
+          d="M106.17,111.11h285.24c9.9,0,16.7,9.96,13.09,19.18l-17.98,45.96c-2.11,5.39-7.31,8.94-13.09,8.94h-74.65c-7.76,0-14.06,6.29-14.06,14.06v214.94c0,7.76-6.29,14.06-14.06,14.06h-45.96c-7.76,0-14.06-6.29-14.06-14.06v-217.25c0-7.76-6.29-14.06-14.06-14.06h-73.66c-5.82,0-11.04-3.59-13.12-9.02l-16.76-43.64c-3.54-9.21,3.26-19.1,13.12-19.1Z"/>
+</svg>

package/examples/basic/client/public/index.html

@@ -1,18 +1,18 @@
 <!doctype html>
 <html lang="en">
-    <head>
-        <meta charset="utf-8" />
-        <meta name="viewport" content="width=device-width, initial-scale=1" />
-        <meta name="theme-color" content="#080D11" />
-        <link rel="icon" type="image/x-icon" href="/favicon.ico" />
-        <title>ToilJS</title>
-        <link rel="preconnect" href="https://fonts.googleapis.com" />
-        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
-        <link
+<head>
+    <meta charset="utf-8"/>
+    <meta content="width=device-width, initial-scale=1" name="viewport"/>
+    <meta content="#080D11" name="theme-color"/>
+    <link href="/favicon.ico" rel="icon" type="image/x-icon"/>
+    <title>ToilJS</title>
+    <link href="https://fonts.googleapis.com" rel="preconnect"/>
+    <link crossorigin href="https://fonts.gstatic.com" rel="preconnect"/>
+    <link
             href="https://fonts.googleapis.com/css2?family=Montserrat:wght@700;800;900&display=swap"
-            rel="stylesheet" />
-    </head>
-    <body>
-        <div id="root"></div>
-    </body>
+            rel="stylesheet"/>
+</head>
+<body>
+<div id="root"></div>
+</body>
 </html>

package/examples/basic/client/routes/auth.tsx

@@ -56,7 +56,7 @@ function readCompanion(): Account | null {
 export const metadata: Toil.Metadata = {
     title: 'Auth',
     description:
-        'Sessions and the @user / @auth surface: a dev login mints a signed session cookie, the guarded /session/me returns the verified user, and getUser() reads the readable companion.',
+        'Sessions and the @user / @auth surface: a dev login mints a signed session cookie, the guarded /session/me returns the verified user, and getUser() reads the readable companion.'
 };
 
 /** Encode a bare string the way the server reads it (`DataReader.readString`). */
@@ -84,7 +84,11 @@ export default function Auth(): React.JSX.Element {
     const devLogin = useCallback(async () => {
         setBusy(true);
         try {
-            const res = await fetch('/session/dev-login', { method: 'POST', credentials: 'same-origin', body: encodeString(username) as BodyInit });
+            const res = await fetch('/session/dev-login', {
+                method: 'POST',
+                credentials: 'same-origin',
+                body: encodeString(username) as BodyInit
+            });
             setLog(`POST /session/dev-login -> ${res.status} ${(await res.text()).trim()}`);
             refreshCompanion();
             setVerified(null);
@@ -127,10 +131,10 @@ export default function Auth(): React.JSX.Element {
         <main style={{ maxWidth: 640, margin: '0 auto', padding: '2rem 1rem', lineHeight: 1.5 }}>
             <h1>Auth and sessions</h1>
             <p>
-                A dev login mints an HMAC-signed <code>__Host-toil_sess</code> session cookie plus a
-                readable <code>__Secure-toil_user</code> companion. The guarded <code>/session/me</code>{' '}
-                route ( <code>@auth</code> ) re-verifies the signed session; <code>getUser()</code> reads
-                only the companion (display-only, untrusted). Needs the server running.
+                A dev login mints an HMAC-signed <code>__Host-toil_sess</code> session cookie plus a readable{' '}
+                <code>__Secure-toil_user</code> companion. The guarded <code>/session/me</code> route ({' '}
+                <code>@auth</code> ) re-verifies the signed session; <code>getUser()</code> reads only the companion
+                (display-only, untrusted). Needs the server running.
             </p>
 
             <section style={{ display: 'flex', gap: '0.5rem', alignItems: 'center', flexWrap: 'wrap' }}>
@@ -162,9 +166,13 @@ export default function Auth(): React.JSX.Element {
                     {companion ? (
                         <pre>
                             {JSON.stringify(
-                                { username: companion.username, admin: companion.admin, score: String(companion.score) },
+                                {
+                                    username: companion.username,
+                                    admin: companion.admin,
+                                    score: String(companion.score)
+                                },
                                 null,
-                                2,
+                                2
                             )}
                         </pre>
                     ) : (
@@ -194,8 +202,8 @@ export default function Auth(): React.JSX.Element {
             ) : null}
 
             <p style={{ marginTop: '1.5rem', fontSize: '0.85em', opacity: 0.7 }}>
-                The full post-quantum register/login (ML-DSA-44, password-derived) needs an account
-                store and is stubbed in <code>server/routes/Auth.ts</code>. See <code>docs/auth.md</code>.
+                The full post-quantum register/login (ML-DSA-44, password-derived) needs an account store and is stubbed
+                in <code>server/routes/Auth.ts</code>. See <code>docs/auth.md</code>.
             </p>
         </main>
     );

package/examples/basic/client/routes/cookies.tsx

@@ -3,14 +3,14 @@
 // surface plus HMAC signing and AES-256-GCM encryption, running in the server wasm.
 // These controls call the `/api/cookies/*` routes in `server/core/AppHandler.ts`.
 // Needs the server running to respond.
-import { useState, type CSSProperties } from 'react';
+import { type CSSProperties, useState } from 'react';
 
 import { useBrowserValue } from '../lib/useBrowserValue';
 
 export const metadata: Toil.Metadata = {
     title: 'Cookies',
     description:
-        'Server-side cookies as a global: the Cookie builder, parsing, HMAC signing, and AES-256-GCM encryption, running in the server wasm.',
+        'Server-side cookies as a global: the Cookie builder, parsing, HMAC signing, and AES-256-GCM encryption, running in the server wasm.'
 };
 
 interface SetResp {
@@ -39,7 +39,7 @@ const card: CSSProperties = {
     borderRadius: 8,
     padding: '12px 16px',
     margin: '12px 0',
-    background: '#0c1218',
+    background: '#0c1218'
 };
 const label: CSSProperties = { opacity: 0.7, fontSize: '0.8rem', marginTop: 6 };
 
@@ -94,22 +94,18 @@ export default function CookiesDemo() {
             readJs();
         });
     const doSeal = (): Promise<void> =>
-        guard(async () =>
-            setSeal(await getJSON<SealResp>('/api/cookies/seal?v=' + encodeURIComponent(sealInput))),
-        );
+        guard(async () => setSeal(await getJSON<SealResp>('/api/cookies/seal?v=' + encodeURIComponent(sealInput))));
 
     return (
         <main style={{ maxWidth: 760 }}>
             <h1>Cookies</h1>
             <p>
-                <code>Cookie</code>, <code>Cookies</code>, and <code>SecureCookies</code> are globals in
-                the server (no import), exactly like <code>crypto</code>: the full RFC 6265bis surface
-                plus HMAC signing and AES-256-GCM encryption, running in the server wasm. See{' '}
-                <code>server/core/AppHandler.ts</code>. Needs the server running (<code>toiljs dev</code>).
+                <code>Cookie</code>, <code>Cookies</code>, and <code>SecureCookies</code> are globals in the server (no
+                import), exactly like <code>crypto</code>: the full RFC 6265bis surface plus HMAC signing and
+                AES-256-GCM encryption, running in the server wasm. See <code>server/core/AppHandler.ts</code>. Needs
+                the server running (<code>toiljs dev</code>).
             </p>
-
             {err ? <p style={{ color: '#ff6b6b', ...mono }}>{err}</p> : null}
-
             <h2>1. Everything you can do</h2>
             <p>Every attribute and cookie type, with the exact `Set-Cookie` string it serializes to.</p>
             <button onClick={showGallery}>Show the gallery</button>
@@ -123,12 +119,11 @@ export default function CookiesDemo() {
                     ))}
                 </div>
             ) : null}
-
             <h2>2. Set cookies</h2>
             <p>
                 Stores three real cookies: a plain <code>visits</code> counter, an HMAC-signed{' '}
-                <code>__Host-session</code>, and an AES-GCM-encrypted <code>secret</code>. The last two
-                are <code>HttpOnly</code>, so JavaScript cannot read them, only the server can.
+                <code>__Host-session</code>, and an AES-GCM-encrypted <code>secret</code>. The last two are{' '}
+                <code>HttpOnly</code>, so JavaScript cannot read them, only the server can.
             </p>
             <button onClick={doSet}>Set cookies</button>
             {setResp ? (
@@ -141,12 +136,11 @@ export default function CookiesDemo() {
                     ))}
                 </div>
             ) : null}
-
             <h2>3. What JS sees vs what the server sees</h2>
             <p>
-                <code>document.cookie</code> only exposes non-<code>HttpOnly</code> cookies, so the
-                signed session and encrypted secret are hidden from it. The server parses all of them
-                and verifies/decrypts the protected ones.
+                <code>document.cookie</code> only exposes non-<code>HttpOnly</code> cookies, so the signed session and
+                encrypted secret are hidden from it. The server parses all of them and verifies/decrypts the protected
+                ones.
             </p>
             <button onClick={readJs}>Read document.cookie</button>{' '}
             <button onClick={doInspect}>Ask the server (/inspect)</button>
@@ -163,7 +157,6 @@ export default function CookiesDemo() {
                     <div style={mono}>secret (AES-GCM-decrypted): {inspect.secret ?? 'null (missing or tampered)'}</div>
                 </div>
             ) : null}
-
             <h2>4. Clear</h2>
             <button onClick={doClear}>Clear the demo cookies</button>
             {cleared ? (
@@ -175,12 +168,11 @@ export default function CookiesDemo() {
                     ))}
                 </div>
             ) : null}
-
             <h2>5. Sign &amp; encrypt a value</h2>
             <p>
                 <code>SecureCookies.signed(key)</code> (HMAC-SHA256, readable but tamper-proof) and{' '}
-                <code>SecureCookies.encrypted(key)</code> (AES-256-GCM, confidential). Both bind the
-                value to the cookie name, and a tampered signature fails to verify.
+                <code>SecureCookies.encrypted(key)</code> (AES-256-GCM, confidential). Both bind the value to the cookie
+                name, and a tampered signature fails to verify.
             </p>
             <input
                 value={sealInput}
@@ -198,7 +190,6 @@ export default function CookiesDemo() {
                     <div style={mono}>tampered signature verifies? {String(seal.tamperVerifies)}</div>
                 </div>
             ) : null}
-
             <p style={{ marginTop: 24 }}>
                 <Toil.Link href="/features">Back to features</Toil.Link>
             </p>

package/examples/basic/client/routes/crypto.tsx

@@ -37,11 +37,10 @@ export default function CryptoDemo() {
         <main>
             <h1>Web Crypto</h1>
             <p>
-                <code>crypto</code> is a global in the server (no import), synchronous, the same
-                SubtleCrypto-style API as the browser, running in the server wasm via metered host
-                functions. These buttons call the server&apos;s <code>/api/hash</code> and{' '}
-                <code>/api/uuid</code> routes (see <code>server/HelloHandler.ts</code>). Needs the
-                server running to respond.
+                <code>crypto</code> is a global in the server (no import), synchronous, the same SubtleCrypto-style API
+                as the browser, running in the server wasm via metered host functions. These buttons call the
+                server&apos;s <code>/api/hash</code> and <code>/api/uuid</code> routes (see{' '}
+                <code>server/HelloHandler.ts</code>). Needs the server running to respond.
             </p>
             <button onClick={onHash}>SHA-256</button> <button onClick={onUuid}>random UUID</button>
             <ul style={{ marginTop: 16, listStyle: 'none', padding: 0 }}>

package/examples/basic/client/routes/features/template/template.tsx

@@ -1,4 +1,4 @@
-import { useState, type ReactNode } from 'react';
+import { type ReactNode, useState } from 'react';
 
 // A template wraps a segment like a layout, but RE-MOUNTS on every navigation within it (a layout
 // persists). This counter increments each time the template mounts, so navigating between the two

package/examples/basic/client/routes/hello.tsx

@@ -19,7 +19,7 @@ interface HelloData {
 
 export const loader = ({ params }: { params: Record<string, string> }): HelloData => ({
     name: params.name ?? 'world',
-    items: ['alpha', 'beta', 'gamma'],
+    items: ['alpha', 'beta', 'gamma']
 });
 
 export default function Hello(): React.JSX.Element {

package/examples/basic/client/routes/pq.tsx

@@ -49,7 +49,7 @@ interface VerifiedUser {
 export const metadata: Toil.Metadata = {
     title: 'Post-quantum auth',
     description:
-        'A server-keyed-salt OPRF + ML-DSA-44 (FIPS 204) auth + ML-KEM-768 (FIPS 203) mutual auth. The password never leaves the browser.',
+        'A server-keyed-salt OPRF + ML-DSA-44 (FIPS 204) auth + ML-KEM-768 (FIPS 203) mutual auth. The password never leaves the browser.'
 };
 
 type Note = { kind: 'ok' | 'err'; text: string } | null;
@@ -73,7 +73,7 @@ export default function Pq(): React.JSX.Element {
             await Auth.register(username, password);
             setNote({
                 kind: 'ok',
-                text: 'registered: the server stored only your public key and a proof-of-possession. Now log in to run the ML-KEM-768 mutual-auth step.',
+                text: 'registered: the server stored only your public key and a proof-of-possession. Now log in to run the ML-KEM-768 mutual-auth step.'
             });
         } catch (e) {
             setNote({ kind: 'err', text: e instanceof Error ? e.message : String(e) });
@@ -91,7 +91,7 @@ export default function Pq(): React.JSX.Element {
             await Auth.login(username, password);
             setNote({
                 kind: 'ok',
-                text: 'logged in: ML-KEM-768 mutual auth verified (the server proved it holds the KEM secret key).',
+                text: 'logged in: ML-KEM-768 mutual auth verified (the server proved it holds the KEM secret key).'
             });
             refreshCompanion();
         } catch (e) {
@@ -151,11 +151,7 @@ export default function Pq(): React.JSX.Element {
                 </label>
                 <label>
                     Password
-                    <input
-                        value={password}
-                        onChange={(e) => setPassword(e.target.value)}
-                        style={{ width: '100%' }}
-                    />
+                    <input value={password} onChange={(e) => setPassword(e.target.value)} style={{ width: '100%' }} />
                 </label>
                 <div style={{ display: 'flex', gap: 8 }}>
                     <button onClick={doRegister} disabled={busy}>
@@ -167,8 +163,8 @@ export default function Pq(): React.JSX.Element {
                 </div>
                 <p style={{ fontSize: '0.8rem', opacity: 0.7, margin: 0 }}>
                     Demo: pre-filled <code>ada</code> / <code>correct horse battery staple</code>. Register once, then
-                    log in. A wrong password fails at login (the derived key won&apos;t match the stored one). Storage is
-                    the DEV-only in-process KV (<code>src/devserver/kv.ts</code>); a real deployment wires an atomic
+                    log in. A wrong password fails at login (the derived key won&apos;t match the stored one). Storage
+                    is the DEV-only in-process KV (<code>src/devserver/kv.ts</code>); a real deployment wires an atomic
                     store, <code>server/routes/Auth.ts</code>.
                 </p>
             </div>
@@ -188,9 +184,13 @@ export default function Pq(): React.JSX.Element {
                             <div style={{ fontSize: '0.8em', opacity: 0.7 }}>readable companion, untrusted</div>
                             <pre>
                                 {JSON.stringify(
-                                    { username: companion.username, admin: companion.admin, score: String(companion.score) },
+                                    {
+                                        username: companion.username,
+                                        admin: companion.admin,
+                                        score: String(companion.score)
+                                    },
                                     null,
-                                    2,
+                                    2
                                 )}
                             </pre>
                         </div>
@@ -220,8 +220,8 @@ export default function Pq(): React.JSX.Element {
             )}
 
             <p style={{ marginTop: 24, opacity: 0.7, fontSize: '0.9rem' }}>
-                This is the full augmented-PAKE chain: OPRF keyed salt + ML-DSA client auth + ML-KEM mutual auth, with an
-                atomic single-use challenge consume. The OPRF layer is classical ristretto255 (the one non-PQ piece);
+                This is the full augmented-PAKE chain: OPRF keyed salt + ML-DSA client auth + ML-KEM mutual auth, with
+                an atomic single-use challenge consume. The OPRF layer is classical ristretto255 (the one non-PQ piece);
                 auth and key agreement are post-quantum. Plain sessions are on the{' '}
                 <Toil.Link href="/auth">Auth</Toil.Link> page.
             </p>

package/examples/basic/client/routes/rest.tsx

@@ -17,7 +17,7 @@ export default function RestDemo() {
     // page, and the total is still there.
     const [book, setBook] = useState<{ total: bigint; entries: { author: string; message: string }[] }>({
         total: 0n,
-        entries: [],
+        entries: []
     });
 
     // POST /players  ->  typed Promise<Player>, body is a @data class. The server returns the
@@ -116,7 +116,6 @@ export default function RestDemo() {
                     <li key={i}>{line}</li>
                 ))}
             </ul>
-
             <h2>Guestbook (persisted via ToilDB)</h2>
             <p>
                 The same <code>Server.REST.*</code> client, but the route stores each signature in a ToilDB{' '}
@@ -133,7 +132,6 @@ export default function RestDemo() {
                     </li>
                 ))}
             </ul>
-
             <Toil.Link href="/">Back home</Toil.Link>
         </main>
     );

package/examples/basic/client/styles/main.css

@@ -23,10 +23,9 @@ body {
     min-height: 100vh;
     background: var(--bg);
     color: var(--text);
-    font-family:
-        system-ui,
-        -apple-system,
-        sans-serif;
+    font-family: system-ui,
+    -apple-system,
+    sans-serif;
     line-height: 1.6;
 }
 
@@ -34,6 +33,7 @@ a {
     color: var(--accent);
     text-decoration: none;
 }
+
 a:hover {
     color: var(--accent3);
 }
@@ -99,6 +99,7 @@ a:hover {
 .nav-links a {
     color: var(--muted);
 }
+
 .nav-links a:hover {
     color: var(--text);
 }
@@ -117,9 +118,8 @@ a:hover {
     border-radius: 6px;
     font-size: 0.9rem;
     color: var(--muted) !important;
-    transition:
-        color 150ms,
-        background 150ms;
+    transition: color 150ms,
+    background 150ms;
 }
 
 .nav-center-link:hover {
@@ -182,10 +182,9 @@ a:hover {
     transform: scale(1.1);
     filter: blur(18px) saturate(1.4);
     opacity: 0.65;
-    transition:
-        opacity 300ms,
-        filter 300ms,
-        transform 300ms;
+    transition: opacity 300ms,
+    filter 300ms,
+    transform 300ms;
 }
 
 .hero-logo:hover .hero-logo-glow {
@@ -248,9 +247,8 @@ a:hover {
     border-radius: 999px;
     font-size: 0.88rem;
     color: var(--muted);
-    transition:
-        border-color 200ms,
-        color 200ms;
+    transition: border-color 200ms,
+    color 200ms;
 }
 
 .feature-badge svg {
@@ -289,10 +287,9 @@ a:hover {
     font-weight: 600;
     font-family: inherit;
     cursor: pointer;
-    transition:
-        filter 200ms,
-        background 200ms,
-        border-color 200ms;
+    transition: filter 200ms,
+    background 200ms,
+    border-color 200ms;
     text-decoration: none !important;
 }
 
@@ -422,10 +419,9 @@ code {
     display: flex;
     flex-direction: column;
     gap: 0.6rem;
-    transition:
-        border-color 200ms,
-        transform 200ms,
-        box-shadow 200ms;
+    transition: border-color 200ms,
+    transform 200ms,
+    box-shadow 200ms;
 }
 
 .gs-card {
@@ -436,6 +432,7 @@ code {
 .gs-card--accent1 {
     border-top: 2px solid var(--accent);
 }
+
 .gs-card--accent1:hover {
     box-shadow: 0 8px 32px rgba(37, 99, 255, 0.15);
 }
@@ -443,6 +440,7 @@ code {
 .gs-card--accent2 {
     border-top: 2px solid var(--accent2);
 }
+
 .gs-card--accent2:hover {
     box-shadow: 0 8px 32px rgba(124, 58, 237, 0.15);
 }
@@ -450,6 +448,7 @@ code {
 .gs-card--accent3 {
     border-top: 2px solid var(--accent3);
 }
+
 .gs-card--accent3:hover {
     box-shadow: 0 8px 32px rgba(34, 227, 171, 0.12);
 }
@@ -457,6 +456,7 @@ code {
 .gs-card--accent4 {
     border-top: 2px solid #f59e0b;
 }
+
 .gs-card--accent4:hover {
     box-shadow: 0 8px 32px rgba(245, 158, 11, 0.12);
 }
@@ -464,6 +464,7 @@ code {
 .gs-card--flat {
     border-top: 2px solid var(--accent);
 }
+
 .gs-card--flat:hover {
     border-color: var(--accent);
     box-shadow: 0 8px 32px rgba(37, 99, 255, 0.12);
@@ -485,10 +486,12 @@ code {
     background: rgba(124, 58, 237, 0.1);
     color: var(--accent2);
 }
+
 .gs-card--accent3 .gs-card-icon {
     background: rgba(34, 227, 171, 0.1);
     color: var(--accent3);
 }
+
 .gs-card--accent4 .gs-card-icon {
     background: rgba(245, 158, 11, 0.1);
     color: #f59e0b;

package/examples/basic/client/toil.tsx

@@ -1,4 +1,4 @@
-import { routes, layout, notFound, globalError, slots } from 'toiljs/routes';
+import { globalError, layout, notFound, routes, slots } from 'toiljs/routes';
 
 import './styles/main.css';
 

package/examples/basic/server/README.md

@@ -2,14 +2,14 @@
 
 Your ToilScript backend, compiled to a single WebAssembly module. One folder per concern:
 
-| Folder | What lives here |
-| --- | --- |
-| `main.ts` | The entry point: wires the handler and imports the surface modules. |
-| `core/` | The request handler and shared app logic (state, helpers). |
-| `models/` | `@data` classes, the typed wire model shared by HTTP and RPC. One type per file. |
-| `routes/` | `@rest` controllers (HTTP). One controller per file, named after its class. |
-| `services/` | `@service` classes and free `@remote` functions (typed RPC). |
-| `scheduled/` | Reserved for scheduled tasks (see its README). |
+| Folder       | What lives here                                                                  |
+|--------------|----------------------------------------------------------------------------------|
+| `main.ts`    | The entry point: wires the handler and imports the surface modules.              |
+| `core/`      | The request handler and shared app logic (state, helpers).                       |
+| `models/`    | `@data` classes, the typed wire model shared by HTTP and RPC. One type per file. |
+| `routes/`    | `@rest` controllers (HTTP). One controller per file, named after its class.      |
+| `services/`  | `@service` classes and free `@remote` functions (typed RPC).                     |
+| `scheduled/` | Reserved for scheduled tasks (see its README).                                   |
 
 Conventions:
 

package/examples/basic/server/core/AppHandler.ts

@@ -104,7 +104,7 @@ export class AppHandler extends ToilHandler {
                     .partitioned()
                     .priority('Medium')
                     .extension('CustomFlag')
-                    .serialize(),
+                    .serialize()
             );
 
             let json = '{';
@@ -127,10 +127,10 @@ export class AppHandler extends ToilHandler {
 
             const visits = Cookie.create('visits', next).path('/').sameSite(SameSite.Lax).maxAge(86400);
             const session = SecureCookies.signed(this.demoKey()).seal(
-                Cookie.create('session', 'user-42').httpOnly().sameSite(SameSite.Strict).asHostPrefixed(),
+                Cookie.create('session', 'user-42').httpOnly().sameSite(SameSite.Strict).asHostPrefixed()
             );
             const secret = SecureCookies.encrypted(this.demoKey()).seal(
-                Cookie.create('secret', 'top-secret-value').httpOnly().path('/'),
+                Cookie.create('secret', 'top-secret-value').httpOnly().path('/')
             );
 
             const json =
@@ -189,10 +189,7 @@ export class AppHandler extends ToilHandler {
                 '","' +
                 this.esc(this.clearString('secret')) +
                 '"]}';
-            return Response.json(json)
-                .clearCookie('visits')
-                .clearCookie('__Host-session')
-                .clearCookie('secret');
+            return Response.json(json).clearCookie('visits').clearCookie('__Host-session').clearCookie('secret');
         }
 
         // SEAL: sign and encrypt a value (from `?v=`), then recover both and show