vector-framework 1.0.0 → 1.2.0

package/src/dev/route-generator.ts

@@ -36,9 +36,7 @@ export class RouteGenerator {
 
       if (fileRoutes.some((r) => r.name === 'default')) {
         if (namedImports.length > 0) {
-          imports.push(
-            `import ${importName}, { ${namedImports.join(', ')} } from '${relativePath}';`
-          );
+          imports.push(`import ${importName}, { ${namedImports.join(', ')} } from '${relativePath}';`);
         } else {
           imports.push(`import ${importName} from '${relativePath}';`);
         }

package/src/dev/route-scanner.ts

@@ -1,32 +1,31 @@
-import { existsSync, promises as fs } from "node:fs";
-import { join, relative, resolve, sep } from "node:path";
-import type { GeneratedRoute } from "../types";
+import { existsSync, promises as fs } from 'node:fs';
+import { join, relative, resolve, sep } from 'node:path';
+import type { GeneratedRoute } from '../types';
 
 export class RouteScanner {
   private routesDir: string;
   private excludePatterns: string[];
   private static readonly DEFAULT_EXCLUDE_PATTERNS = [
-    "*.test.ts",
-    "*.test.js",
-    "*.test.tsx",
-    "*.test.jsx",
-    "*.spec.ts",
-    "*.spec.js",
-    "*.spec.tsx",
-    "*.spec.jsx",
-    "*.tests.ts",
-    "*.tests.js",
-    "**/__tests__/**",
-    "*.interface.ts",
-    "*.type.ts",
-    "*.d.ts",
+    '*.test.ts',
+    '*.test.js',
+    '*.test.tsx',
+    '*.test.jsx',
+    '*.spec.ts',
+    '*.spec.js',
+    '*.spec.tsx',
+    '*.spec.jsx',
+    '*.tests.ts',
+    '*.tests.js',
+    '**/__tests__/**',
+    '*.interface.ts',
+    '*.type.ts',
+    '*.d.ts',
   ];
 
-  constructor(routesDir = "./routes", excludePatterns?: string[]) {
+  constructor(routesDir = './routes', excludePatterns?: string[]) {
     // Always resolve from the current working directory (user's project)
     this.routesDir = resolve(process.cwd(), routesDir);
-    this.excludePatterns =
-      excludePatterns || RouteScanner.DEFAULT_EXCLUDE_PATTERNS;
+    this.excludePatterns = excludePatterns || RouteScanner.DEFAULT_EXCLUDE_PATTERNS;
   }
 
   async scan(): Promise<GeneratedRoute[]> {
@@ -40,7 +39,7 @@ export class RouteScanner {
     try {
       await this.scanDirectory(this.routesDir, routes);
     } catch (error) {
-      if ((error as any).code === "ENOENT") {
+      if ((error as any).code === 'ENOENT') {
         console.warn(`  ✗ Routes directory not accessible: ${this.routesDir}`);
         return [];
       }
@@ -56,15 +55,16 @@ export class RouteScanner {
     for (const pattern of this.excludePatterns) {
       // Convert glob pattern to regex
       const regexPattern = pattern
-        .replace(/\./g, "\\.") // Escape dots
-        .replace(/\*/g, "[^/]*") // * matches anything except /
-        .replace(/\*\*/g, ".*") // ** matches anything including /
-        .replace(/\?/g, "."); // ? matches single character
+        .replace(/\./g, '\\.') // Escape dots
+        .replace(/\*\*/g, '__GLOBSTAR__') // protect ** before * replacement
+        .replace(/\*/g, '[^/]*') // * matches anything except /
+        .replace(/__GLOBSTAR__/g, '.*') // ** matches anything including /
+        .replace(/\?/g, '.'); // ? matches single character
 
       const regex = new RegExp(`^${regexPattern}$`);
 
       // Check both the full relative path and just the filename
-      const filename = relativePath.split(sep).pop() || "";
+      const filename = relativePath.split(sep).pop() || '';
       if (regex.test(relativePath) || regex.test(filename)) {
         return true;
       }
@@ -73,11 +73,7 @@ export class RouteScanner {
     return false;
   }
 
-  private async scanDirectory(
-    dir: string,
-    routes: GeneratedRoute[],
-    basePath = ""
-  ): Promise<void> {
+  private async scanDirectory(dir: string, routes: GeneratedRoute[], basePath = ''): Promise<void> {
     const entries = await fs.readdir(dir);
 
     for (const entry of entries) {
@@ -87,32 +83,29 @@ export class RouteScanner {
       if (stats.isDirectory()) {
         const newBasePath = basePath ? `${basePath}/${entry}` : entry;
         await this.scanDirectory(fullPath, routes, newBasePath);
-      } else if (entry.endsWith(".ts") || entry.endsWith(".js")) {
+      } else if (entry.endsWith('.ts') || entry.endsWith('.js')) {
         // Skip excluded files (test files, etc.)
         if (this.isExcluded(fullPath)) {
           continue;
         }
         const routePath = relative(this.routesDir, fullPath)
-          .replace(/\.(ts|js)$/, "")
+          .replace(/\.(ts|js)$/, '')
           .split(sep)
-          .join("/");
+          .join('/');
 
         try {
           // Convert Windows paths to URLs for import
-          const importPath =
-            process.platform === "win32"
-              ? `file:///${fullPath.replace(/\\/g, "/")}`
-              : fullPath;
+          const importPath = process.platform === 'win32' ? `file:///${fullPath.replace(/\\/g, '/')}` : fullPath;
 
           const module = await import(importPath);
 
-          if (module.default && typeof module.default === "function") {
+          if (module.default && typeof module.default === 'function') {
             routes.push({
-              name: "default",
+              name: 'default',
               path: fullPath,
-              method: "GET",
+              method: 'GET',
               options: {
-                method: "GET",
+                method: 'GET',
                 path: `/${routePath}`,
                 expose: true,
               },
@@ -120,16 +113,10 @@ export class RouteScanner {
           }
 
           for (const [name, value] of Object.entries(module)) {
-            if (name === "default") continue;
+            if (name === 'default') continue;
 
             // Check for new RouteDefinition format
-            if (
-              value &&
-              typeof value === "object" &&
-              "entry" in value &&
-              "options" in value &&
-              "handler" in value
-            ) {
+            if (value && typeof value === 'object' && 'entry' in value && 'options' in value && 'handler' in value) {
               const routeDef = value as any;
               routes.push({
                 name,
@@ -161,7 +148,7 @@ export class RouteScanner {
   }
 
   enableWatch(callback: () => void) {
-    if (typeof Bun !== "undefined" && Bun.env.NODE_ENV === "development") {
+    if (typeof Bun !== 'undefined' && Bun.env.NODE_ENV === 'development') {
       console.log(`Watching for route changes in ${this.routesDir}`);
 
       setInterval(async () => {

package/src/http.ts

@@ -1,89 +1,66 @@
-import { cors, type IRequest, type RouteEntry, withContent } from "itty-router";
-import { CONTENT_TYPES, HTTP_STATUS } from "./constants";
+import { CONTENT_TYPES, HTTP_STATUS } from './constants';
 import type {
   CacheOptions,
   DefaultVectorTypes,
   GetAuthType,
+  InferRouteInputFromSchemaDefinition,
+  RouteSchemaDefinition,
   VectorRequest,
   VectorTypes,
-} from "./types";
-import { getVectorInstance } from "./core/vector";
+} from './types';
+import { getVectorInstance } from './core/vector';
 
-export interface ProtectedRequest<
-  TTypes extends VectorTypes = DefaultVectorTypes
-> extends IRequest {
-  authUser?: GetAuthType<TTypes>;
-}
-
-export const { preflight, corsify } = cors({
-  origin: "*",
-  credentials: true,
-  allowHeaders: "Content-Type, Authorization",
-  allowMethods: "GET, POST, PUT, PATCH, DELETE, OPTIONS",
-  exposeHeaders: "Authorization",
-  maxAge: 86_400,
-});
-
-interface ExtendedApiOptions extends ApiOptions {
+interface ExtendedApiOptions<TSchemaDef extends RouteSchemaDefinition | undefined = RouteSchemaDefinition | undefined>
+  extends ApiOptions<TSchemaDef> {
   method: string;
   path: string;
 }
 
 export interface RouteDefinition<
-  TTypes extends VectorTypes = DefaultVectorTypes
+  TTypes extends VectorTypes = DefaultVectorTypes,
+  TValidatedInput = undefined,
+  TSchemaDef extends RouteSchemaDefinition | undefined = RouteSchemaDefinition | undefined,
 > {
-  entry: RouteEntry;
-  options: ExtendedApiOptions;
-  handler: (req: VectorRequest<TTypes>) => Promise<unknown>;
+  entry: { method: string; path: string };
+  options: ExtendedApiOptions<TSchemaDef>;
+  handler: (req: VectorRequest<TTypes, TValidatedInput>) => Promise<unknown> | unknown;
 }
 
-export function route<TTypes extends VectorTypes = DefaultVectorTypes>(
-  options: ExtendedApiOptions,
-  fn: (req: VectorRequest<TTypes>) => Promise<unknown>
-): RouteDefinition<TTypes> {
-  const handler = api(options, fn);
-
-  const entry: RouteEntry = [
-    options.method.toUpperCase(),
-    RegExp(
-      `^${
-        options.path
-          .replace(/\/+(\/|$)/g, "$1") // strip double & trailing splash
-          .replace(/(\/?\.?):(\w+)\+/g, "($1(?<$2>*))") // greedy params
-          .replace(/(\/?\.?):(\w+)/g, "($1(?<$2>[^$1/]+?))") // named params and image format
-          .replace(/\./g, "\\.") // dot in path
-          .replace(/(\/?)\*/g, "($1.*)?") // wildcard
-      }/*$`
-    ),
-    [handler],
-    options.path,
-  ];
-
+export function route<
+  TTypes extends VectorTypes = DefaultVectorTypes,
+  TSchemaDef extends RouteSchemaDefinition | undefined = RouteSchemaDefinition | undefined,
+>(
+  options: ExtendedApiOptions<TSchemaDef>,
+  fn: (req: VectorRequest<TTypes, InferRouteInputFromSchemaDefinition<TSchemaDef>>) => Promise<unknown> | unknown
+): RouteDefinition<TTypes, InferRouteInputFromSchemaDefinition<TSchemaDef>, TSchemaDef> {
   return {
-    entry,
+    entry: {
+      method: options.method.toUpperCase(),
+      path: options.path,
+    },
     options,
     handler: fn,
   };
 }
 
 function stringifyData(data: unknown): string {
-  return JSON.stringify(data ?? null, (_key, value) =>
-    typeof value === "bigint" ? value.toString() : value
-  );
+  const val = data ?? null;
+  try {
+    return JSON.stringify(val);
+  } catch (e) {
+    if (e instanceof TypeError && /\bbigint\b/i.test(e.message)) {
+      return JSON.stringify(val, (_key, value) => (typeof value === 'bigint' ? value.toString() : value));
+    }
+    throw e;
+  }
 }
 
 const ApiResponse = {
-  success: <T>(data: T, contentType?: string) =>
-    createResponse(HTTP_STATUS.OK, data, contentType),
-  created: <T>(data: T, contentType?: string) =>
-    createResponse(HTTP_STATUS.CREATED, data, contentType),
+  success: <T>(data: T, contentType?: string) => createResponse(HTTP_STATUS.OK, data, contentType),
+  created: <T>(data: T, contentType?: string) => createResponse(HTTP_STATUS.CREATED, data, contentType),
 };
 
-function createErrorResponse(
-  code: number,
-  message: string,
-  contentType?: string
-): Response {
+function createErrorResponse(code: number, message: string, contentType?: string): Response {
   const errorBody = {
     error: true,
     message,
@@ -96,204 +73,152 @@ function createErrorResponse(
 
 export const APIError = {
   // 4xx Client Errors
-  badRequest: (msg = "Bad Request", contentType?: string) =>
+  badRequest: (msg = 'Bad Request', contentType?: string) =>
     createErrorResponse(HTTP_STATUS.BAD_REQUEST, msg, contentType),
 
-  unauthorized: (msg = "Unauthorized", contentType?: string) =>
+  unauthorized: (msg = 'Unauthorized', contentType?: string) =>
     createErrorResponse(HTTP_STATUS.UNAUTHORIZED, msg, contentType),
 
-  paymentRequired: (msg = "Payment Required", contentType?: string) =>
-    createErrorResponse(402, msg, contentType),
+  paymentRequired: (msg = 'Payment Required', contentType?: string) => createErrorResponse(402, msg, contentType),
 
-  forbidden: (msg = "Forbidden", contentType?: string) =>
-    createErrorResponse(HTTP_STATUS.FORBIDDEN, msg, contentType),
+  forbidden: (msg = 'Forbidden', contentType?: string) => createErrorResponse(HTTP_STATUS.FORBIDDEN, msg, contentType),
 
-  notFound: (msg = "Not Found", contentType?: string) =>
-    createErrorResponse(HTTP_STATUS.NOT_FOUND, msg, contentType),
+  notFound: (msg = 'Not Found', contentType?: string) => createErrorResponse(HTTP_STATUS.NOT_FOUND, msg, contentType),
 
-  methodNotAllowed: (msg = "Method Not Allowed", contentType?: string) =>
-    createErrorResponse(405, msg, contentType),
+  methodNotAllowed: (msg = 'Method Not Allowed', contentType?: string) => createErrorResponse(405, msg, contentType),
 
-  notAcceptable: (msg = "Not Acceptable", contentType?: string) =>
-    createErrorResponse(406, msg, contentType),
+  notAcceptable: (msg = 'Not Acceptable', contentType?: string) => createErrorResponse(406, msg, contentType),
 
-  requestTimeout: (msg = "Request Timeout", contentType?: string) =>
-    createErrorResponse(408, msg, contentType),
+  requestTimeout: (msg = 'Request Timeout', contentType?: string) => createErrorResponse(408, msg, contentType),
 
-  conflict: (msg = "Conflict", contentType?: string) =>
-    createErrorResponse(HTTP_STATUS.CONFLICT, msg, contentType),
+  conflict: (msg = 'Conflict', contentType?: string) => createErrorResponse(HTTP_STATUS.CONFLICT, msg, contentType),
 
-  gone: (msg = "Gone", contentType?: string) =>
-    createErrorResponse(410, msg, contentType),
+  gone: (msg = 'Gone', contentType?: string) => createErrorResponse(410, msg, contentType),
 
-  lengthRequired: (msg = "Length Required", contentType?: string) =>
-    createErrorResponse(411, msg, contentType),
+  lengthRequired: (msg = 'Length Required', contentType?: string) => createErrorResponse(411, msg, contentType),
 
-  preconditionFailed: (msg = "Precondition Failed", contentType?: string) =>
-    createErrorResponse(412, msg, contentType),
+  preconditionFailed: (msg = 'Precondition Failed', contentType?: string) => createErrorResponse(412, msg, contentType),
 
-  payloadTooLarge: (msg = "Payload Too Large", contentType?: string) =>
-    createErrorResponse(413, msg, contentType),
+  payloadTooLarge: (msg = 'Payload Too Large', contentType?: string) => createErrorResponse(413, msg, contentType),
 
-  uriTooLong: (msg = "URI Too Long", contentType?: string) =>
-    createErrorResponse(414, msg, contentType),
+  uriTooLong: (msg = 'URI Too Long', contentType?: string) => createErrorResponse(414, msg, contentType),
 
-  unsupportedMediaType: (
-    msg = "Unsupported Media Type",
-    contentType?: string
-  ) => createErrorResponse(415, msg, contentType),
+  unsupportedMediaType: (msg = 'Unsupported Media Type', contentType?: string) =>
+    createErrorResponse(415, msg, contentType),
 
-  rangeNotSatisfiable: (msg = "Range Not Satisfiable", contentType?: string) =>
+  rangeNotSatisfiable: (msg = 'Range Not Satisfiable', contentType?: string) =>
     createErrorResponse(416, msg, contentType),
 
-  expectationFailed: (msg = "Expectation Failed", contentType?: string) =>
-    createErrorResponse(417, msg, contentType),
+  expectationFailed: (msg = 'Expectation Failed', contentType?: string) => createErrorResponse(417, msg, contentType),
 
-  imATeapot: (msg = "I'm a teapot", contentType?: string) =>
-    createErrorResponse(418, msg, contentType),
+  imATeapot: (msg = "I'm a teapot", contentType?: string) => createErrorResponse(418, msg, contentType),
 
-  misdirectedRequest: (msg = "Misdirected Request", contentType?: string) =>
-    createErrorResponse(421, msg, contentType),
+  misdirectedRequest: (msg = 'Misdirected Request', contentType?: string) => createErrorResponse(421, msg, contentType),
 
-  unprocessableEntity: (msg = "Unprocessable Entity", contentType?: string) =>
+  unprocessableEntity: (msg = 'Unprocessable Entity', contentType?: string) =>
     createErrorResponse(HTTP_STATUS.UNPROCESSABLE_ENTITY, msg, contentType),
 
-  locked: (msg = "Locked", contentType?: string) =>
-    createErrorResponse(423, msg, contentType),
+  locked: (msg = 'Locked', contentType?: string) => createErrorResponse(423, msg, contentType),
 
-  failedDependency: (msg = "Failed Dependency", contentType?: string) =>
-    createErrorResponse(424, msg, contentType),
+  failedDependency: (msg = 'Failed Dependency', contentType?: string) => createErrorResponse(424, msg, contentType),
 
-  tooEarly: (msg = "Too Early", contentType?: string) =>
-    createErrorResponse(425, msg, contentType),
+  tooEarly: (msg = 'Too Early', contentType?: string) => createErrorResponse(425, msg, contentType),
 
-  upgradeRequired: (msg = "Upgrade Required", contentType?: string) =>
-    createErrorResponse(426, msg, contentType),
+  upgradeRequired: (msg = 'Upgrade Required', contentType?: string) => createErrorResponse(426, msg, contentType),
 
-  preconditionRequired: (msg = "Precondition Required", contentType?: string) =>
+  preconditionRequired: (msg = 'Precondition Required', contentType?: string) =>
     createErrorResponse(428, msg, contentType),
 
-  tooManyRequests: (msg = "Too Many Requests", contentType?: string) =>
-    createErrorResponse(429, msg, contentType),
+  tooManyRequests: (msg = 'Too Many Requests', contentType?: string) => createErrorResponse(429, msg, contentType),
 
-  requestHeaderFieldsTooLarge: (
-    msg = "Request Header Fields Too Large",
-    contentType?: string
-  ) => createErrorResponse(431, msg, contentType),
+  requestHeaderFieldsTooLarge: (msg = 'Request Header Fields Too Large', contentType?: string) =>
+    createErrorResponse(431, msg, contentType),
 
-  unavailableForLegalReasons: (
-    msg = "Unavailable For Legal Reasons",
-    contentType?: string
-  ) => createErrorResponse(451, msg, contentType),
+  unavailableForLegalReasons: (msg = 'Unavailable For Legal Reasons', contentType?: string) =>
+    createErrorResponse(451, msg, contentType),
 
   // 5xx Server Errors
-  internalServerError: (msg = "Internal Server Error", contentType?: string) =>
+  internalServerError: (msg = 'Internal Server Error', contentType?: string) =>
     createErrorResponse(HTTP_STATUS.INTERNAL_SERVER_ERROR, msg, contentType),
 
-  notImplemented: (msg = "Not Implemented", contentType?: string) =>
-    createErrorResponse(501, msg, contentType),
+  notImplemented: (msg = 'Not Implemented', contentType?: string) => createErrorResponse(501, msg, contentType),
 
-  badGateway: (msg = "Bad Gateway", contentType?: string) =>
-    createErrorResponse(502, msg, contentType),
+  badGateway: (msg = 'Bad Gateway', contentType?: string) => createErrorResponse(502, msg, contentType),
 
-  serviceUnavailable: (msg = "Service Unavailable", contentType?: string) =>
-    createErrorResponse(503, msg, contentType),
+  serviceUnavailable: (msg = 'Service Unavailable', contentType?: string) => createErrorResponse(503, msg, contentType),
 
-  gatewayTimeout: (msg = "Gateway Timeout", contentType?: string) =>
-    createErrorResponse(504, msg, contentType),
+  gatewayTimeout: (msg = 'Gateway Timeout', contentType?: string) => createErrorResponse(504, msg, contentType),
 
-  httpVersionNotSupported: (
-    msg = "HTTP Version Not Supported",
-    contentType?: string
-  ) => createErrorResponse(505, msg, contentType),
+  httpVersionNotSupported: (msg = 'HTTP Version Not Supported', contentType?: string) =>
+    createErrorResponse(505, msg, contentType),
 
-  variantAlsoNegotiates: (
-    msg = "Variant Also Negotiates",
-    contentType?: string
-  ) => createErrorResponse(506, msg, contentType),
+  variantAlsoNegotiates: (msg = 'Variant Also Negotiates', contentType?: string) =>
+    createErrorResponse(506, msg, contentType),
 
-  insufficientStorage: (msg = "Insufficient Storage", contentType?: string) =>
+  insufficientStorage: (msg = 'Insufficient Storage', contentType?: string) =>
     createErrorResponse(507, msg, contentType),
 
-  loopDetected: (msg = "Loop Detected", contentType?: string) =>
-    createErrorResponse(508, msg, contentType),
+  loopDetected: (msg = 'Loop Detected', contentType?: string) => createErrorResponse(508, msg, contentType),
 
-  notExtended: (msg = "Not Extended", contentType?: string) =>
-    createErrorResponse(510, msg, contentType),
+  notExtended: (msg = 'Not Extended', contentType?: string) => createErrorResponse(510, msg, contentType),
 
-  networkAuthenticationRequired: (
-    msg = "Network Authentication Required",
-    contentType?: string
-  ) => createErrorResponse(511, msg, contentType),
+  networkAuthenticationRequired: (msg = 'Network Authentication Required', contentType?: string) =>
+    createErrorResponse(511, msg, contentType),
 
   // Aliases for common use cases
-  invalidArgument: (msg = "Invalid Argument", contentType?: string) =>
+  invalidArgument: (msg = 'Invalid Argument', contentType?: string) =>
     createErrorResponse(HTTP_STATUS.UNPROCESSABLE_ENTITY, msg, contentType),
 
-  rateLimitExceeded: (msg = "Rate Limit Exceeded", contentType?: string) =>
-    createErrorResponse(429, msg, contentType),
+  rateLimitExceeded: (msg = 'Rate Limit Exceeded', contentType?: string) => createErrorResponse(429, msg, contentType),
 
-  maintenance: (msg = "Service Under Maintenance", contentType?: string) =>
-    createErrorResponse(503, msg, contentType),
+  maintenance: (msg = 'Service Under Maintenance', contentType?: string) => createErrorResponse(503, msg, contentType),
 
   // Helper to create custom error with any status code
-  custom: (statusCode: number, msg: string, contentType?: string) =>
-    createErrorResponse(statusCode, msg, contentType),
+  custom: (statusCode: number, msg: string, contentType?: string) => createErrorResponse(statusCode, msg, contentType),
 };
 
-export function createResponse(
-  statusCode: number,
-  data?: unknown,
-  contentType: string = CONTENT_TYPES.JSON
-): Response {
+export function createResponse(statusCode: number, data?: unknown, contentType: string = CONTENT_TYPES.JSON): Response {
   const body = contentType === CONTENT_TYPES.JSON ? stringifyData(data) : data;
 
   return new Response(body as string, {
     status: statusCode,
-    headers: { "content-type": contentType },
+    headers: { 'content-type': contentType },
   });
 }
 
-export const protectedRoute = async <
-  TTypes extends VectorTypes = DefaultVectorTypes
->(
+export const protectedRoute = async <TTypes extends VectorTypes = DefaultVectorTypes>(
   request: VectorRequest<TTypes>,
   responseContentType?: string
 ) => {
-  // Get the Vector instance to access the protected handler
   const vector = getVectorInstance();
 
   const protectedHandler = vector.getProtectedHandler();
   if (!protectedHandler) {
-    throw APIError.unauthorized(
-      "Authentication not configured",
-      responseContentType
-    );
+    throw APIError.unauthorized('Authentication not configured', responseContentType);
   }
 
   try {
     const authUser = await protectedHandler(request as any);
     request.authUser = authUser as GetAuthType<TTypes>;
   } catch (error) {
-    throw APIError.unauthorized(
-      error instanceof Error ? error.message : "Authentication failed",
-      responseContentType
-    );
+    throw APIError.unauthorized(error instanceof Error ? error.message : 'Authentication failed', responseContentType);
   }
 };
 
-export interface ApiOptions {
+export interface ApiOptions<TSchemaDef extends RouteSchemaDefinition | undefined = RouteSchemaDefinition | undefined> {
   auth?: boolean;
   expose?: boolean;
   rawRequest?: boolean;
+  validate?: boolean;
   rawResponse?: boolean;
   cache?: CacheOptions | number | null;
   responseContentType?: string;
+  schema?: TSchemaDef;
 }
 
-export function api<TTypes extends VectorTypes = DefaultVectorTypes>(
+export function api<TTypes extends VectorTypes = DefaultVectorTypes, TValidatedInput = undefined>(
   options: ApiOptions,
-  fn: (request: VectorRequest<TTypes>) => Promise<unknown>
+  fn: (request: VectorRequest<TTypes, TValidatedInput>) => Promise<unknown> | unknown
 ) {
   const {
     auth = false,
@@ -303,37 +228,42 @@ export function api<TTypes extends VectorTypes = DefaultVectorTypes>(
     responseContentType = CONTENT_TYPES.JSON,
   } = options;
 
-  // For backward compatibility with direct route usage (not auto-discovered)
-  // This wrapper is only used when routes are NOT auto-discovered
-  return async (request: IRequest) => {
+  return async (request: Request) => {
+    const req = request as unknown as VectorRequest<TTypes>;
+
     if (!expose) {
-      return APIError.forbidden("Forbidden");
+      return APIError.forbidden('Forbidden');
     }
 
     try {
       if (auth) {
-        await protectedRoute(
-          request as any as VectorRequest<TTypes>,
-          responseContentType
-        );
+        await protectedRoute(req, responseContentType);
       }
 
-      if (!rawRequest) {
-        await withContent(request);
+      if (!rawRequest && req.method !== 'GET' && req.method !== 'HEAD') {
+        try {
+          const contentType = req.headers.get('content-type');
+          if (contentType?.startsWith('application/json')) {
+            req.content = await req.json();
+          } else if (contentType?.startsWith('application/x-www-form-urlencoded')) {
+            req.content = Object.fromEntries(await req.formData());
+          } else if (contentType?.startsWith('multipart/form-data')) {
+            req.content = await req.formData();
+          } else {
+            req.content = await req.text();
+          }
+        } catch {
+          req.content = null;
+        }
       }
 
-      // Cache handling is now done in the router
-      const result = await fn(request as any as VectorRequest<TTypes>);
+      const result = await fn(req as unknown as VectorRequest<TTypes, TValidatedInput>);
 
-      return rawResponse
-        ? result
-        : ApiResponse.success(result, responseContentType);
+      return rawResponse ? result : ApiResponse.success(result, responseContentType);
     } catch (err: unknown) {
-      // Ensure we return a Response object
       if (err instanceof Response) {
         return err;
       }
-      // For non-Response errors, wrap them
       return APIError.internalServerError(String(err), responseContentType);
     }
   };

package/src/index.ts

@@ -1,14 +1,14 @@
 // Public exports for route definitions only
-import { route } from "./http";
+import { route } from './http';
 
 // Export route function for defining routes
 export { route };
 
 // Export utilities for route handlers
-export { APIError, createResponse } from "./http";
+export { APIError, createResponse } from './http';
 
 // Export types for TypeScript users
-export * from "./types";
+export * from './types';
 
 // Note: Vector framework is now config-driven and runs via CLI
 // Usage: Create vector.config.ts and run 'vector dev' or 'vector start'