npm - vector-framework - Versions diffs - 1.2.2 → 1.2.3 - Mend

vector-framework 1.2.2 → 1.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (189) hide show

package/README.md +18 -6
package/dist/auth/protected.d.ts +4 -4
package/dist/auth/protected.d.ts.map +1 -1
package/dist/auth/protected.js +10 -7
package/dist/auth/protected.js.map +1 -1
package/dist/cache/manager.d.ts +2 -0
package/dist/cache/manager.d.ts.map +1 -1
package/dist/cache/manager.js +21 -4
package/dist/cache/manager.js.map +1 -1
package/dist/checkpoint/artifacts/compressor.d.ts +5 -0
package/dist/checkpoint/artifacts/compressor.d.ts.map +1 -0
package/dist/checkpoint/artifacts/compressor.js +24 -0
package/dist/checkpoint/artifacts/compressor.js.map +1 -0
package/dist/checkpoint/artifacts/decompress-worker.d.ts +2 -0
package/dist/checkpoint/artifacts/decompress-worker.d.ts.map +1 -0
package/dist/checkpoint/artifacts/decompress-worker.js +31 -0
package/dist/checkpoint/artifacts/decompress-worker.js.map +1 -0
package/dist/checkpoint/artifacts/hasher.d.ts +2 -0
package/dist/checkpoint/artifacts/hasher.d.ts.map +1 -0
package/dist/checkpoint/artifacts/hasher.js +7 -0
package/dist/checkpoint/artifacts/hasher.js.map +1 -0
package/dist/checkpoint/artifacts/manifest.d.ts +6 -0
package/dist/checkpoint/artifacts/manifest.d.ts.map +1 -0
package/dist/checkpoint/artifacts/manifest.js +55 -0
package/dist/checkpoint/artifacts/manifest.js.map +1 -0
package/dist/checkpoint/artifacts/materializer.d.ts +16 -0
package/dist/checkpoint/artifacts/materializer.d.ts.map +1 -0
package/dist/checkpoint/artifacts/materializer.js +168 -0
package/dist/checkpoint/artifacts/materializer.js.map +1 -0
package/dist/checkpoint/artifacts/packager.d.ts +12 -0
package/dist/checkpoint/artifacts/packager.d.ts.map +1 -0
package/dist/checkpoint/artifacts/packager.js +82 -0
package/dist/checkpoint/artifacts/packager.js.map +1 -0
package/dist/checkpoint/artifacts/repository.d.ts +11 -0
package/dist/checkpoint/artifacts/repository.d.ts.map +1 -0
package/dist/checkpoint/artifacts/repository.js +29 -0
package/dist/checkpoint/artifacts/repository.js.map +1 -0
package/dist/checkpoint/artifacts/store.d.ts +13 -0
package/dist/checkpoint/artifacts/store.d.ts.map +1 -0
package/dist/checkpoint/artifacts/store.js +85 -0
package/dist/checkpoint/artifacts/store.js.map +1 -0
package/dist/checkpoint/artifacts/types.d.ts +21 -0
package/dist/checkpoint/artifacts/types.d.ts.map +1 -0
package/dist/checkpoint/artifacts/types.js +2 -0
package/dist/checkpoint/artifacts/types.js.map +1 -0
package/dist/checkpoint/artifacts/worker-decompressor.d.ts +17 -0
package/dist/checkpoint/artifacts/worker-decompressor.d.ts.map +1 -0
package/dist/checkpoint/artifacts/worker-decompressor.js +148 -0
package/dist/checkpoint/artifacts/worker-decompressor.js.map +1 -0
package/dist/checkpoint/asset-store.d.ts +10 -0
package/dist/checkpoint/asset-store.d.ts.map +1 -0
package/dist/checkpoint/asset-store.js +46 -0
package/dist/checkpoint/asset-store.js.map +1 -0
package/dist/checkpoint/bundler.d.ts +15 -0
package/dist/checkpoint/bundler.d.ts.map +1 -0
package/dist/checkpoint/bundler.js +45 -0
package/dist/checkpoint/bundler.js.map +1 -0
package/dist/checkpoint/cli.d.ts +2 -0
package/dist/checkpoint/cli.d.ts.map +1 -0
package/dist/checkpoint/cli.js +157 -0
package/dist/checkpoint/cli.js.map +1 -0
package/dist/checkpoint/entrypoint-generator.d.ts +17 -0
package/dist/checkpoint/entrypoint-generator.d.ts.map +1 -0
package/dist/checkpoint/entrypoint-generator.js +251 -0
package/dist/checkpoint/entrypoint-generator.js.map +1 -0
package/dist/checkpoint/forwarder.d.ts +6 -0
package/dist/checkpoint/forwarder.d.ts.map +1 -0
package/dist/checkpoint/forwarder.js +74 -0
package/dist/checkpoint/forwarder.js.map +1 -0
package/dist/checkpoint/gateway.d.ts +11 -0
package/dist/checkpoint/gateway.d.ts.map +1 -0
package/dist/checkpoint/gateway.js +30 -0
package/dist/checkpoint/gateway.js.map +1 -0
package/dist/checkpoint/ipc.d.ts +12 -0
package/dist/checkpoint/ipc.d.ts.map +1 -0
package/dist/checkpoint/ipc.js +96 -0
package/dist/checkpoint/ipc.js.map +1 -0
package/dist/checkpoint/manager.d.ts +20 -0
package/dist/checkpoint/manager.d.ts.map +1 -0
package/dist/checkpoint/manager.js +214 -0
package/dist/checkpoint/manager.js.map +1 -0
package/dist/checkpoint/process-manager.d.ts +35 -0
package/dist/checkpoint/process-manager.d.ts.map +1 -0
package/dist/checkpoint/process-manager.js +203 -0
package/dist/checkpoint/process-manager.js.map +1 -0
package/dist/checkpoint/resolver.d.ts +25 -0
package/dist/checkpoint/resolver.d.ts.map +1 -0
package/dist/checkpoint/resolver.js +95 -0
package/dist/checkpoint/resolver.js.map +1 -0
package/dist/checkpoint/socket-path.d.ts +2 -0
package/dist/checkpoint/socket-path.d.ts.map +1 -0
package/dist/checkpoint/socket-path.js +51 -0
package/dist/checkpoint/socket-path.js.map +1 -0
package/dist/checkpoint/types.d.ts +54 -0
package/dist/checkpoint/types.d.ts.map +1 -0
package/dist/checkpoint/types.js +2 -0
package/dist/checkpoint/types.js.map +1 -0
package/dist/cli/index.js +10 -2
package/dist/cli/index.js.map +1 -1
package/dist/cli/option-resolution.d.ts +1 -1
package/dist/cli/option-resolution.d.ts.map +1 -1
package/dist/cli/option-resolution.js.map +1 -1
package/dist/cli.js +3709 -328
package/dist/core/config-loader.d.ts +1 -0
package/dist/core/config-loader.d.ts.map +1 -1
package/dist/core/config-loader.js +10 -2
package/dist/core/config-loader.js.map +1 -1
package/dist/core/router.d.ts +24 -3
package/dist/core/router.d.ts.map +1 -1
package/dist/core/router.js +398 -249
package/dist/core/router.js.map +1 -1
package/dist/core/server.d.ts +2 -0
package/dist/core/server.d.ts.map +1 -1
package/dist/core/server.js +22 -8
package/dist/core/server.js.map +1 -1
package/dist/core/vector.d.ts +3 -0
package/dist/core/vector.d.ts.map +1 -1
package/dist/core/vector.js +51 -1
package/dist/core/vector.js.map +1 -1
package/dist/dev/route-scanner.d.ts.map +1 -1
package/dist/dev/route-scanner.js +2 -1
package/dist/dev/route-scanner.js.map +1 -1
package/dist/http.d.ts +32 -7
package/dist/http.d.ts.map +1 -1
package/dist/http.js +144 -13
package/dist/http.js.map +1 -1
package/dist/index.cjs +1297 -74
package/dist/index.d.ts +3 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js +2 -2
package/dist/index.js.map +1 -1
package/dist/index.mjs +1296 -73
package/dist/middleware/manager.d.ts +3 -3
package/dist/middleware/manager.d.ts.map +1 -1
package/dist/middleware/manager.js +9 -8
package/dist/middleware/manager.js.map +1 -1
package/dist/openapi/docs-ui.d.ts.map +1 -1
package/dist/openapi/docs-ui.js +1097 -61
package/dist/openapi/docs-ui.js.map +1 -1
package/dist/openapi/generator.d.ts +2 -1
package/dist/openapi/generator.d.ts.map +1 -1
package/dist/openapi/generator.js +240 -7
package/dist/openapi/generator.js.map +1 -1
package/dist/types/index.d.ts +71 -28
package/dist/types/index.d.ts.map +1 -1
package/dist/types/index.js +24 -1
package/dist/types/index.js.map +1 -1
package/dist/utils/validation.d.ts.map +1 -1
package/dist/utils/validation.js +3 -2
package/dist/utils/validation.js.map +1 -1
package/package.json +2 -1
package/src/auth/protected.ts +11 -8
package/src/cache/manager.ts +23 -4
package/src/checkpoint/artifacts/compressor.ts +30 -0
package/src/checkpoint/artifacts/decompress-worker.ts +49 -0
package/src/checkpoint/artifacts/hasher.ts +6 -0
package/src/checkpoint/artifacts/manifest.ts +72 -0
package/src/checkpoint/artifacts/materializer.ts +211 -0
package/src/checkpoint/artifacts/packager.ts +100 -0
package/src/checkpoint/artifacts/repository.ts +36 -0
package/src/checkpoint/artifacts/store.ts +102 -0
package/src/checkpoint/artifacts/types.ts +24 -0
package/src/checkpoint/artifacts/worker-decompressor.ts +192 -0
package/src/checkpoint/asset-store.ts +61 -0
package/src/checkpoint/bundler.ts +64 -0
package/src/checkpoint/cli.ts +177 -0
package/src/checkpoint/entrypoint-generator.ts +275 -0
package/src/checkpoint/forwarder.ts +84 -0
package/src/checkpoint/gateway.ts +40 -0
package/src/checkpoint/ipc.ts +107 -0
package/src/checkpoint/manager.ts +254 -0
package/src/checkpoint/process-manager.ts +250 -0
package/src/checkpoint/resolver.ts +124 -0
package/src/checkpoint/socket-path.ts +61 -0
package/src/checkpoint/types.ts +63 -0
package/src/cli/index.ts +11 -2
package/src/cli/option-resolution.ts +5 -1
package/src/core/config-loader.ts +11 -2
package/src/core/router.ts +505 -264
package/src/core/server.ts +36 -9
package/src/core/vector.ts +60 -1
package/src/dev/route-scanner.ts +2 -1
package/src/http.ts +219 -19
package/src/index.ts +3 -2
package/src/middleware/manager.ts +10 -10
package/src/openapi/docs-ui.ts +1097 -61
package/src/openapi/generator.ts +265 -6
package/src/types/index.ts +83 -30
package/src/utils/validation.ts +5 -3

package/src/core/server.ts CHANGED Viewed

@@ -1,17 +1,25 @@
 import type { Server } from 'bun';
 import { existsSync } from 'node:fs';
 import { join } from 'node:path';
-import { STATIC_RESPONSES } from '../constants';
 import { cors } from '../utils/cors';
 import { renderOpenAPIDocsHtml } from '../openapi/docs-ui';
 import { generateOpenAPIDocument } from '../openapi/generator';
-import type { CorsOptions, DefaultVectorTypes, OpenAPIOptions, VectorConfig, VectorTypes } from '../types';
+import type {
+  CorsOptions,
+  DefaultVectorTypes,
+  OpenAPIAuthOptions,
+  OpenAPIOptions,
+  VectorConfig,
+  VectorTypes,
+} from '../types';
+import type { CheckpointGateway } from '../checkpoint/gateway';
 import type { VectorRouter } from './router';
 interface NormalizedOpenAPIConfig {
   enabled: boolean;
   path: string;
   target: string;
+  auth?: OpenAPIAuthOptions;
   docs: {
     enabled: boolean;
     path: string;
@@ -202,6 +210,7 @@ const OPENAPI_FAVICON_ASSETS = [
 const DOCS_HTML_CACHE_CONTROL = 'public, max-age=0, must-revalidate';
 const DOCS_ASSET_CACHE_CONTROL = 'public, max-age=31536000, immutable';
 const DOCS_ASSET_ERROR_CACHE_CONTROL = 'no-store';
+const DEFAULT_PORT = 3000;
 interface OpenAPIDocsHtmlCacheEntry {
   html: string;
@@ -209,6 +218,19 @@ interface OpenAPIDocsHtmlCacheEntry {
   etag: string;
 }
+function normalizePort(port: number | string | undefined): number {
+  if (port === undefined) {
+    return DEFAULT_PORT;
+  }
+  const normalized = Number(port);
+  if (!Number.isInteger(normalized) || normalized < 0 || normalized > 65535) {
+    throw new Error(`Invalid port: ${String(port)}. Port must be an integer between 0 and 65535.`);
+  }
+  return normalized;
+}
 function escapeRegex(value: string): string {
   return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
 }
@@ -283,6 +305,10 @@ export class VectorServer<TTypes extends VectorTypes = DefaultVectorTypes> {
     }
   }
+  setCheckpointGateway(gateway: CheckpointGateway): void {
+    this.router.setCheckpointGateway(gateway);
+  }
   private normalizeOpenAPIConfig(
     openapi: OpenAPIOptions | boolean | undefined,
     development: boolean | undefined
@@ -329,6 +355,7 @@ export class VectorServer<TTypes extends VectorTypes = DefaultVectorTypes> {
       target: openapiObject.target || 'openapi-3.0',
       docs,
       info: openapiObject.info,
+      auth: openapiObject.auth,
     };
   }
@@ -359,6 +386,7 @@ export class VectorServer<TTypes extends VectorTypes = DefaultVectorTypes> {
     const result = generateOpenAPIDocument(routes as any, {
       target: this.openapiConfig.target,
       info: this.openapiConfig.info,
+      auth: this.openapiConfig.auth,
     });
     if (!this.openapiWarningsLogged && result.warnings.length > 0) {
@@ -647,12 +675,12 @@ export class VectorServer<TTypes extends VectorTypes = DefaultVectorTypes> {
   }
   async start(): Promise<Server> {
-    const port = this.config.port ?? 3000;
+    const port = normalizePort(this.config.port);
     const hostname = this.config.hostname || 'localhost';
     this.validateReservedOpenAPIPaths();
-    const fallbackFetch = async (request: Request): Promise<Response> => {
+    const appFetch = async (request: Request): Promise<Response> => {
       try {
         // Handle CORS preflight for any path
         if (this.corsHandler && request.method === 'OPTIONS') {
@@ -665,8 +693,8 @@ export class VectorServer<TTypes extends VectorTypes = DefaultVectorTypes> {
           return this.applyCors(openapiResponse, request);
         }
-        // No route matched — return 404
-        return this.applyCors(STATIC_RESPONSES.NOT_FOUND.clone() as unknown as Response, request);
+        // Route through Vector router (includes middleware/auth/validation + CORS).
+        return await this.router.handle(request);
       } catch (error) {
         console.error('Server error:', error);
         return this.applyCors(new Response('Internal Server Error', { status: 500 }), request);
@@ -678,8 +706,7 @@ export class VectorServer<TTypes extends VectorTypes = DefaultVectorTypes> {
         port,
         hostname,
         reusePort: this.config.reusePort !== false,
-        routes: this.router.getRouteTable(),
-        fetch: fallbackFetch,
+        fetch: appFetch,
         idleTimeout: this.config.idleTimeout ?? 60,
         error: (error, request?: Request) => {
           console.error('[ERROR] Server error:', error);
@@ -724,7 +751,7 @@ export class VectorServer<TTypes extends VectorTypes = DefaultVectorTypes> {
   }
   getPort(): number {
-    return this.server?.port ?? this.config.port ?? 3000;
+    return this.server?.port ?? normalizePort(this.config.port);
   }
   getHostname(): string {

package/src/core/vector.ts CHANGED Viewed

@@ -5,6 +5,7 @@ import { RouteGenerator } from '../dev/route-generator';
 import { RouteScanner } from '../dev/route-scanner';
 import { MiddlewareManager } from '../middleware/manager';
 import { toFileUrl } from '../utils/path';
+import type { CheckpointConfig } from '../checkpoint/types';
 import type {
   CacheHandler,
   DefaultVectorTypes,
@@ -40,6 +41,7 @@ export class Vector<TTypes extends VectorTypes = DefaultVectorTypes> {
   private _protectedHandler: ProtectedHandler<TTypes> | null = null;
   private _cacheHandler: CacheHandler | null = null;
   private shutdownPromise: Promise<void> | null = null;
+  private checkpointProcessManager: { stopAll: () => Promise<void> } | null = null;
   private constructor() {
     this.middlewareManager = new MiddlewareManager<TTypes>();
@@ -95,6 +97,11 @@ export class Vector<TTypes extends VectorTypes = DefaultVectorTypes> {
   // Internal method to start server - only called by CLI
   async startServer(config?: VectorConfig<TTypes>): Promise<Server> {
+    if (this.checkpointProcessManager) {
+      await this.checkpointProcessManager.stopAll();
+      this.checkpointProcessManager = null;
+    }
     this.config = { ...this.config, ...config };
     const routeDefaults = { ...this.config.defaults?.route };
     this.router.setRouteBooleanDefaults(routeDefaults);
@@ -126,6 +133,9 @@ export class Vector<TTypes extends VectorTypes = DefaultVectorTypes> {
     this.server = new VectorServer<TTypes>(this.router, this.config);
     const bunServer = await this.server.start();
+    if (this.config.checkpoint && this.config.checkpoint.enabled !== false) {
+      await this.enableCheckpointGateway(this.config.checkpoint);
+    }
     return bunServer;
   }
@@ -154,7 +164,7 @@ export class Vector<TTypes extends VectorTypes = DefaultVectorTypes> {
           try {
             const importPath = toFileUrl(route.path);
-            const module = await import(importPath);
+            const module = await import(`${importPath}?t=${Date.now()}`);
             const exported = route.name === 'default' ? module.default : module[route.name];
             if (exported) {
@@ -232,6 +242,49 @@ export class Vector<TTypes extends VectorTypes = DefaultVectorTypes> {
     // Silent - no logging
   }
+  async enableCheckpointGateway(checkpointConfig?: CheckpointConfig): Promise<void> {
+    if (!this.server) {
+      throw new Error('Cannot enable checkpoint gateway before server is started. Call startServer() first.');
+    }
+    const { CheckpointManager } = await import('../checkpoint/manager');
+    const { CheckpointProcessManager } = await import('../checkpoint/process-manager');
+    const { CheckpointResolver } = await import('../checkpoint/resolver');
+    const { CheckpointForwarder } = await import('../checkpoint/forwarder');
+    const { CheckpointGateway } = await import('../checkpoint/gateway');
+    if (this.checkpointProcessManager) {
+      await this.checkpointProcessManager.stopAll();
+      this.checkpointProcessManager = null;
+    }
+    const manager = new CheckpointManager(checkpointConfig);
+    const processManager = new CheckpointProcessManager({
+      idleTimeoutMs: checkpointConfig?.idleTimeoutMs,
+    });
+    this.checkpointProcessManager = processManager;
+    const resolver = new CheckpointResolver(manager, processManager, {
+      versionHeader: checkpointConfig?.versionHeader,
+      cacheKeyOverride: checkpointConfig?.cacheKeyOverride,
+    });
+    const forwarder = new CheckpointForwarder();
+    const gateway = new CheckpointGateway(resolver, forwarder);
+    this.server.setCheckpointGateway(gateway);
+    // Auto-start the active checkpoint if one exists
+    const active = await manager.getActive();
+    if (active) {
+      try {
+        const manifest = await manager.readManifest(active.version);
+        await processManager.spawn(manifest, manager.getStorageDir());
+      } catch (err) {
+        console.error(`[Checkpoint] Failed to start active checkpoint ${active.version}:`, err);
+      }
+    }
+  }
   stop(): void {
     if (this.server) {
       this.server.stop();
@@ -250,6 +303,12 @@ export class Vector<TTypes extends VectorTypes = DefaultVectorTypes> {
       // Stop accepting new traffic first.
       this.stop();
+      // Stop all checkpoint child processes
+      if (this.checkpointProcessManager) {
+        await this.checkpointProcessManager.stopAll();
+        this.checkpointProcessManager = null;
+      }
       if (typeof this.config.shutdown === 'function') {
         await this.config.shutdown();
       }

package/src/dev/route-scanner.ts CHANGED Viewed

@@ -95,9 +95,10 @@ export class RouteScanner {
         try {
           // Convert Windows paths to URLs for import
+          // Append cache-busting query to force re-import on dev reload
           const importPath = process.platform === 'win32' ? `file:///${fullPath.replace(/\\/g, '/')}` : fullPath;
-          const module = await import(importPath);
+          const module = await import(`${importPath}?t=${Date.now()}`);
           if (module.default && typeof module.default === 'function') {
             routes.push({

package/src/http.ts CHANGED Viewed

@@ -4,7 +4,9 @@ import type {
   DefaultVectorTypes,
   GetAuthType,
   InferRouteInputFromSchemaDefinition,
+  RouteAuthOption,
   RouteSchemaDefinition,
+  VectorContext,
   VectorRequest,
   VectorTypes,
 } from './types';
@@ -23,7 +25,7 @@ export interface RouteDefinition<
 > {
   entry: { method: string; path: string };
   options: ExtendedApiOptions<TSchemaDef>;
-  handler: (req: VectorRequest<TTypes, TValidatedInput>) => Promise<unknown> | unknown;
+  handler: (ctx: VectorContext<TTypes, TValidatedInput>) => Promise<unknown> | unknown;
 }
 export function route<
@@ -31,7 +33,7 @@ export function route<
   TSchemaDef extends RouteSchemaDefinition | undefined = RouteSchemaDefinition | undefined,
 >(
   options: ExtendedApiOptions<TSchemaDef>,
-  fn: (req: VectorRequest<TTypes, InferRouteInputFromSchemaDefinition<TSchemaDef>>) => Promise<unknown> | unknown
+  fn: (ctx: VectorContext<TTypes, InferRouteInputFromSchemaDefinition<TSchemaDef>>) => Promise<unknown> | unknown
 ): RouteDefinition<TTypes, InferRouteInputFromSchemaDefinition<TSchemaDef>, TSchemaDef> {
   return {
     entry: {
@@ -43,6 +45,22 @@ export function route<
   };
 }
+export function depRoute<
+  TTypes extends VectorTypes = DefaultVectorTypes,
+  TSchemaDef extends RouteSchemaDefinition | undefined = RouteSchemaDefinition | undefined,
+>(
+  options: ExtendedApiOptions<TSchemaDef>,
+  fn: (ctx: VectorContext<TTypes, InferRouteInputFromSchemaDefinition<TSchemaDef>>) => Promise<unknown> | unknown
+): RouteDefinition<TTypes, InferRouteInputFromSchemaDefinition<TSchemaDef>, TSchemaDef> {
+  return route<TTypes, TSchemaDef>(
+    {
+      ...options,
+      deprecated: true,
+    },
+    fn
+  );
+}
 function stringifyData(data: unknown): string {
   const val = data ?? null;
   try {
@@ -55,6 +73,93 @@ function stringifyData(data: unknown): string {
   }
 }
+export type ResponseCookieSameSite = 'Strict' | 'Lax' | 'None';
+export type ResponseCookiePriority = 'Low' | 'Medium' | 'High';
+export interface ResponseCookie {
+  name: string;
+  value: string;
+  domain?: string;
+  path?: string;
+  maxAge?: number;
+  expires?: Date | string;
+  httpOnly?: boolean;
+  secure?: boolean;
+  sameSite?: ResponseCookieSameSite;
+  partitioned?: boolean;
+  priority?: ResponseCookiePriority;
+}
+export type ResponseCookieInput = ResponseCookie | string;
+export type ResponseHeadersInit = Headers | Array<[string, string]> | Record<string, string>;
+export interface CreateResponseOptions {
+  contentType?: string;
+  headers?: ResponseHeadersInit;
+  cookies?: ResponseCookieInput[];
+  statusText?: string;
+}
+function isJsonContentType(contentType: string): boolean {
+  const mimeType = contentType.split(';', 1)[0] ?? contentType;
+  return mimeType.trim().toLowerCase() === CONTENT_TYPES.JSON;
+}
+function serializeCookie(cookie: ResponseCookie): string {
+  const segments = [`${cookie.name}=${cookie.value}`];
+  if (cookie.maxAge !== undefined && Number.isFinite(cookie.maxAge)) {
+    segments.push(`Max-Age=${Math.trunc(cookie.maxAge)}`);
+  }
+  if (cookie.domain) {
+    segments.push(`Domain=${cookie.domain}`);
+  }
+  if (cookie.path) {
+    segments.push(`Path=${cookie.path}`);
+  }
+  if (cookie.expires !== undefined) {
+    const expiresAt = cookie.expires instanceof Date ? cookie.expires : new Date(cookie.expires);
+    if (!Number.isNaN(expiresAt.getTime())) {
+      segments.push(`Expires=${expiresAt.toUTCString()}`);
+    }
+  }
+  if (cookie.httpOnly) {
+    segments.push('HttpOnly');
+  }
+  if (cookie.secure) {
+    segments.push('Secure');
+  }
+  if (cookie.sameSite) {
+    segments.push(`SameSite=${cookie.sameSite}`);
+  }
+  if (cookie.partitioned) {
+    segments.push('Partitioned');
+  }
+  if (cookie.priority) {
+    segments.push(`Priority=${cookie.priority}`);
+  }
+  return segments.join('; ');
+}
+function appendSetCookieHeaders(headers: Headers, cookies?: ResponseCookieInput[]): void {
+  if (!cookies || cookies.length === 0) {
+    return;
+  }
+  for (const cookie of cookies) {
+    headers.append('set-cookie', typeof cookie === 'string' ? cookie : serializeCookie(cookie));
+  }
+}
 const ApiResponse = {
   success: <T>(data: T, contentType?: string) => createResponse(HTTP_STATUS.OK, data, contentType),
   created: <T>(data: T, contentType?: string) => createResponse(HTTP_STATUS.CREATED, data, contentType),
@@ -177,17 +282,36 @@ export const APIError = {
   custom: (statusCode: number, msg: string, contentType?: string) => createErrorResponse(statusCode, msg, contentType),
 };
-export function createResponse(statusCode: number, data?: unknown, contentType: string = CONTENT_TYPES.JSON): Response {
-  const body = contentType === CONTENT_TYPES.JSON ? stringifyData(data) : data;
+export function createResponse(
+  statusCode: number,
+  data?: unknown,
+  optionsOrContentType: string | CreateResponseOptions = CONTENT_TYPES.JSON
+): Response {
+  const options =
+    typeof optionsOrContentType === 'string'
+      ? ({ contentType: optionsOrContentType } as CreateResponseOptions)
+      : (optionsOrContentType ?? {});
+  const headers = new Headers(options.headers);
+  const contentType = options.contentType ?? headers.get('content-type') ?? CONTENT_TYPES.JSON;
+  if (options.contentType || !headers.has('content-type')) {
+    headers.set('content-type', contentType);
+  }
-  return new Response(body as string, {
+  appendSetCookieHeaders(headers, options.cookies);
+  const body = isJsonContentType(contentType) ? stringifyData(data) : data;
+  return new Response(body as any, {
     status: statusCode,
-    headers: { 'content-type': contentType },
+    statusText: options.statusText,
+    headers,
   });
 }
 export const protectedRoute = async <TTypes extends VectorTypes = DefaultVectorTypes>(
-  request: VectorRequest<TTypes>,
+  context: VectorContext<TTypes>,
   responseContentType?: string
 ) => {
   const vector = getVectorInstance();
@@ -198,16 +322,17 @@ export const protectedRoute = async <TTypes extends VectorTypes = DefaultVectorT
   }
   try {
-    const authUser = await protectedHandler(request as any);
-    request.authUser = authUser as GetAuthType<TTypes>;
+    const authUser = await protectedHandler(context as any);
+    context.authUser = authUser as GetAuthType<TTypes>;
   } catch (error) {
     throw APIError.unauthorized(error instanceof Error ? error.message : 'Authentication failed', responseContentType);
   }
 };
 export interface ApiOptions<TSchemaDef extends RouteSchemaDefinition | undefined = RouteSchemaDefinition | undefined> {
-  auth?: boolean;
+  auth?: RouteAuthOption;
   expose?: boolean;
+  deprecated?: boolean;
   rawRequest?: boolean;
   validate?: boolean;
   rawResponse?: boolean;
@@ -218,7 +343,7 @@ export interface ApiOptions<TSchemaDef extends RouteSchemaDefinition | undefined
 export function api<TTypes extends VectorTypes = DefaultVectorTypes, TValidatedInput = undefined>(
   options: ApiOptions,
-  fn: (request: VectorRequest<TTypes, TValidatedInput>) => Promise<unknown> | unknown
+  fn: (context: VectorContext<TTypes, TValidatedInput>) => Promise<unknown> | unknown
 ) {
   const {
     auth = false,
@@ -229,7 +354,20 @@ export function api<TTypes extends VectorTypes = DefaultVectorTypes, TValidatedI
   } = options;
   return async (request: Request) => {
-    const req = request as unknown as VectorRequest<TTypes>;
+    const req = request as unknown as VectorRequest<TTypes, TValidatedInput>;
+    let query: Record<string, string | string[]> = {};
+    try {
+      query = parseQuery(new URL(request.url));
+    } catch {
+      query = {};
+    }
+    const ctx = {
+      request: req,
+      metadata: {} as any,
+      params: {} as any,
+      query: query as any,
+      cookies: parseCookies(request.headers.get('cookie')) as any,
+    } as VectorContext<TTypes, TValidatedInput>;
     if (!expose) {
       return APIError.forbidden('Forbidden');
@@ -237,27 +375,31 @@ export function api<TTypes extends VectorTypes = DefaultVectorTypes, TValidatedI
     try {
       if (auth) {
-        await protectedRoute(req, responseContentType);
+        await protectedRoute(ctx as unknown as VectorContext<TTypes>, responseContentType);
       }
       if (!rawRequest && req.method !== 'GET' && req.method !== 'HEAD') {
         try {
           const contentType = req.headers.get('content-type');
           if (contentType?.startsWith('application/json')) {
-            req.content = await req.json();
+            setContextField(ctx as unknown as Record<string, unknown>, 'content', await req.json());
           } else if (contentType?.startsWith('application/x-www-form-urlencoded')) {
-            req.content = Object.fromEntries(await req.formData());
+            setContextField(
+              ctx as unknown as Record<string, unknown>,
+              'content',
+              Object.fromEntries(await req.formData())
+            );
           } else if (contentType?.startsWith('multipart/form-data')) {
-            req.content = await req.formData();
+            setContextField(ctx as unknown as Record<string, unknown>, 'content', await req.formData());
           } else {
-            req.content = await req.text();
+            setContextField(ctx as unknown as Record<string, unknown>, 'content', await req.text());
           }
         } catch {
-          req.content = null;
+          setContextField(ctx as unknown as Record<string, unknown>, 'content', null);
         }
       }
-      const result = await fn(req as unknown as VectorRequest<TTypes, TValidatedInput>);
+      const result = await fn(ctx);
       return rawResponse ? result : ApiResponse.success(result, responseContentType);
     } catch (err: unknown) {
@@ -269,4 +411,62 @@ export function api<TTypes extends VectorTypes = DefaultVectorTypes, TValidatedI
   };
 }
+function setContextField(target: Record<string, unknown>, key: string, value: unknown): void {
+  const ownDescriptor = Object.getOwnPropertyDescriptor(target as object, key);
+  if (ownDescriptor && ownDescriptor.writable === false && typeof ownDescriptor.set !== 'function') {
+    return;
+  }
+  try {
+    target[key] = value;
+    return;
+  } catch {
+    // Fall back to defining an own property when inherited Request fields are readonly accessors.
+  }
+  try {
+    Object.defineProperty(target, key, {
+      value,
+      writable: true,
+      configurable: true,
+      enumerable: true,
+    });
+  } catch {
+    // Ignore when target is non-extensible.
+  }
+}
 export default ApiResponse;
+function parseQuery(url: URL): Record<string, string | string[]> {
+  const query: Record<string, string | string[]> = {};
+  for (const [key, value] of url.searchParams) {
+    if (key in query) {
+      const existing = query[key];
+      if (Array.isArray(existing)) {
+        existing.push(value);
+      } else {
+        query[key] = [existing as string, value];
+      }
+    } else {
+      query[key] = value;
+    }
+  }
+  return query;
+}
+function parseCookies(cookieHeader: string | null): Record<string, string> {
+  const cookies: Record<string, string> = {};
+  if (!cookieHeader) {
+    return cookies;
+  }
+  for (const pair of cookieHeader.split(';')) {
+    const idx = pair.indexOf('=');
+    if (idx > 0) {
+      cookies[pair.slice(0, idx).trim()] = pair.slice(idx + 1).trim();
+    }
+  }
+  return cookies;
+}

package/src/index.ts CHANGED Viewed

@@ -1,13 +1,14 @@
 // Public exports for route definitions and Vector startup API
-import { route } from './http';
+import { depRoute, route } from './http';
 import { startVector } from './start-vector';
 // Export route function for defining routes
-export { route };
+export { depRoute, route };
 export { startVector };
 // Export utilities for route handlers
 export { APIError, createResponse } from './http';
+export type { CreateResponseOptions, ResponseCookie, ResponseCookieInput } from './http';
 // Export types for TypeScript users
 export * from './types';

package/src/middleware/manager.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import type {
   AfterMiddlewareHandler,
   BeforeMiddlewareHandler,
   DefaultVectorTypes,
-  VectorRequest,
+  VectorContext,
   VectorTypes,
 } from '../types';
@@ -18,32 +18,32 @@ export class MiddlewareManager<TTypes extends VectorTypes = DefaultVectorTypes>
     this.finallyHandlers.push(...handlers);
   }
-  async executeBefore(request: VectorRequest<TTypes>): Promise<VectorRequest<TTypes> | Response> {
-    if (this.beforeHandlers.length === 0) return request;
-    let currentRequest = request;
+  async executeBefore(context: VectorContext<TTypes>): Promise<Response | null> {
+    if (this.beforeHandlers.length === 0) return null;
     for (const handler of this.beforeHandlers) {
-      const result = await handler(currentRequest);
+      const result = await handler(context);
       if (result instanceof Response) {
         return result;
       }
-      currentRequest = result;
+      if (result !== undefined) {
+        throw new TypeError('Before middleware must return void or Response');
+      }
     }
-    return currentRequest;
+    return null;
   }
-  async executeFinally(response: Response, request: VectorRequest<TTypes>): Promise<Response> {
+  async executeFinally(response: Response, context: VectorContext<TTypes>): Promise<Response> {
     if (this.finallyHandlers.length === 0) return response;
     let currentResponse = response;
     for (const handler of this.finallyHandlers) {
       try {
-        currentResponse = await handler(currentResponse, request);
+        currentResponse = await handler(currentResponse, context);
       } catch (error) {
         // Log but don't throw - we don't want to break the response chain
         console.error('After middleware error:', error);