weifuwu 0.15.0 → 0.16.1

package/README.md

@@ -24,10 +24,12 @@ Everything follows the same `(req, ctx) => Response` contract. The Router handle
 - **PostgreSQL** — schema builder with type-safe DDL, CRUD (`read`/`readMany`, `insertMany`, `update`/`updateMany`, `delete`/`deleteMany`), WHERE helpers (`eq`, `gte`, `contains`, `and`, `or`), transactions, vector search
 - **Auth** — password + JWT + OAuth2 Server (authorization code / PKCE / client_credentials)
 - **Real-time** — WebSocket, messaging channels with agent routing
-- **AI** — streaming endpoint, DAG workflow tool, AI agents with RAG and tool-use
+- **AI** — streaming endpoint, DAG workflow tool, AI agents with RAG and tool-use — re-exports `streamText`, `tool`, `openai` and more from AI SDK
 - **Data** — Redis client, job queue with cron scheduling
 - **Multi-tenant BaaS** — dynamic tables, auto REST + GraphQL, row-level isolation
 - **Deploy** — self-hosted PaaS: multi-app proxy, zero-downtime updates, auto SSL
+- **Security** — `helmet()` security headers, request ID tracing, rate limiting, CORS, auth
+- **SEO** — `robots.txt`, `sitemap.xml`, `X-Robots-Tag` middleware, `seoTags()` for meta / OG / Twitter Card
 - **i18n** — locale detection, JSON translations, `ctx.t()`
 - **Email** — SMTP or custom transport
 - **Health check** — configurable `/health` endpoint
@@ -47,8 +49,7 @@ serve((req, ctx) => new Response('Hello, World!'), { port: 3000 })
 ### Full app
 
 ```ts
-import { serve, Router, postgres, user, aiStream, graphql } from 'weifuwu'
-import { openai } from '@ai-sdk/openai'
+import { serve, Router, postgres, user, aiStream, graphql, openai } from 'weifuwu'
 
 const app = new Router()
 const pg = postgres()
@@ -106,6 +107,7 @@ All use the same pattern — `const m = module(options)` → `app.use('/path', m
 | `graphql(handler)` | GraphQL endpoint | — |
 | `logdb(options)` | Structured event logging | `log()`, `migrate()`, `clean()`, `close()` |
 | `health(options?)` | Health check | — |
+| `seo(options?)` | `robots.txt`, `sitemap.xml`, indexing control | `seoMiddleware()`, `seoTags()` |
 | `iii(options?)` | Worker/Function/Trigger service paradigm | `migrate()`, `trigger()`, `addWorker()`, `listWorkers()`, `listFunctions()`, `listTriggers()`, `shutdown()` |
 | `registerWorker(url)` | Pure WebSocket SDK (browser/Node) | `registerFunction()`, `registerTrigger()`, `trigger()`, `shutdown()` |
 
@@ -121,6 +123,9 @@ All use the same pattern — `const m = module(options)` → `app.use('/path', m
 | `validate(schemas)` | Zod validation (body, query, params) |
 | `upload(options?)` | Multipart file upload |
 | `i18n(options)` | Internationalization — `ctx.t()`, locale detection |
+| `seoMiddleware(options?)` | `X-Robots-Tag` header — string or path-based function |
+| `helmet(options?)` | Security headers — CSP, HSTS, X-Frame-Options, etc. |
+| `requestId(options?)` | `X-Request-ID` header + `ctx.requestId` |
 
 ## Utility functions
 
@@ -131,12 +136,21 @@ All use the same pattern — `const m = module(options)` → `app.use('/path', m
 | `getCookies(req)` / `setCookie(res, ...)` / `deleteCookie(res, ...)` | Cookie helpers |
 | `mailer(options)` | Email sender (SMTP or custom) |
 | `createTestServer(handler)` | Start test server → `{ server, url }` |
+| `seoTags(config)` | Generate `<title>`, `<meta>`, Open Graph, Twitter Card, canonical tags |
+| `createSSEStream(iterable, opts?)` | SSE response from `AsyncIterable` |
+| `formatSSE(event, data)` | Format SSE event string |
+| `formatSSEData(data)` | Format SSE data string |
 | `runWorkflow(options)` | DAG execution engine as AI SDK `Tool` |
 | `pgTable(name, columns)` | Type-safe table schema builder |
 | `pg.table(name, columns)` | Pre-bound table (no `sql` param needed) |
 | `serial()`, `uuid()`, `text()`, ... | Column type builders |
 | `eq()`, `gte()`, `contains()`, `and()` ... | WHERE clause helpers — same API as Drizzle |
 | `PgModule` | Base class for DB-backed modules |
+| `streamText()` / `generateText()` / `streamObject()` / `generateObject()` | AI SDK — text/structured generation |
+| `tool()` | AI SDK — tool definition |
+| `embed()` / `embedMany()` | AI SDK — text embeddings |
+| `smoothStream()` | AI SDK — smooth streaming middleware |
+| `openai` / `createOpenAI()` | OpenAI provider for AI SDK |
 
 ---
 
@@ -145,7 +159,7 @@ All use the same pattern — `const m = module(options)` → `app.use('/path', m
 Optional module that organizes service logic as **Worker + Function + Trigger**, plus a pure WebSocket SDK for connecting remote workers. Built-in `stream::*` functions for hierarchical real-time data.
 
 ```ts
-import { serve, Router, iii, createWorker as Worker, registerWorker } from 'weifuwu'
+import { serve, Router, iii, createWorker, registerWorker } from 'weifuwu'
 
 // Engine
 const engine = iii({ pg, redis })
@@ -154,7 +168,7 @@ app.use('/iii', engine.router())
 serve(app.handler(), { port: 3000, websocket: app.websocketHandler() })
 
 // Local worker
-const w = new Worker('orders')
+const w = createWorker('orders')
 w.registerFunction('orders::create', async (payload) => {
   return db.query('INSERT INTO orders ...', [payload.items])
 })
@@ -1086,8 +1100,7 @@ export default function NotFound() {
 Server-sent event streaming via the Vercel AI SDK:
 
 ```ts
-import { serve, Router, aiStream } from 'weifuwu'
-import { openai } from '@ai-sdk/openai'
+import { serve, Router, aiStream, openai } from 'weifuwu'
 
 const app = new Router()
 const chat = await aiStream(async (req, ctx) => {
@@ -1104,8 +1117,7 @@ serve(app.handler(), { port: 3000 })
 Multi-step DAG execution engine — packaged as a single AI SDK `Tool`. Use it with `streamText()` or `generateText()` when the LLM needs conditional logic, loops, or multi-step tool orchestration.
 
 ```ts
-import { tool, streamText } from 'ai'
-import { runWorkflow } from 'weifuwu'
+import { tool, streamText, runWorkflow } from 'weifuwu'
 import { z } from 'zod'
 
 const tools = {
@@ -1485,6 +1497,176 @@ const oc = await opencode({
 
 ---
 
+# SEO
+
+Built-in SEO module — `robots.txt`, `sitemap.xml`, indexing headers, and meta tag utilities.
+
+```ts
+import { seo, seoMiddleware, seoTags } from 'weifuwu'
+
+const app = new Router()
+
+// robots.txt + sitemap.xml
+app.use(seo({
+  baseUrl: 'https://example.com',
+  robots: [
+    { userAgent: '*', allow: '/', disallow: ['/admin', '/api'] },
+  ],
+  sitemap: {
+    urls: [
+      { loc: '/', changefreq: 'daily', priority: 1.0 },
+      { loc: '/about', changefreq: 'monthly', priority: 0.8 },
+    ],
+    // Dynamic URLs from database
+    async resolve() {
+      const articles = await db.query('SELECT slug, updated_at FROM articles')
+      return articles.map(a => ({
+        loc: `/blog/${a.slug}`,
+        lastmod: a.updated_at,
+      }))
+    },
+    cacheTTL: 3_600_000,  // re-generate every hour (default)
+  },
+}))
+```
+
+### Endpoints
+
+| Path | Description |
+|------|-------------|
+| `GET /robots.txt` | Generated robots.txt with optional Sitemap reference |
+| `GET /sitemap.xml` | Generated XML sitemap with caching |
+
+### seoMiddleware — Indexing control
+
+```ts
+// Global — block all paths
+app.use(seoMiddleware({ headers: { 'X-Robots-Tag': 'noindex' } }))
+
+// Per-path via function
+app.use(seoMiddleware({
+  headers: {
+    'X-Robots-Tag': (path) => path.startsWith('/admin') ? 'noindex' : undefined,
+  },
+}))
+```
+
+### seoTags — Meta / OG / Twitter Card
+
+Generate SEO meta tags for SSR pages:
+
+```ts
+const tags = seoTags({
+  title: 'My Page',
+  description: 'A great page about things',
+  ogImage: 'https://example.com/og.png',
+  twitterCard: 'summary_large_image',
+  canonical: 'https://example.com/page',
+})
+// → <title>My Page</title>
+// → <meta property="og:title" content="My Page">
+// → <meta name="twitter:card" content="summary_large_image">
+// → <link rel="canonical" href="https://example.com/page">
+//   ...
+```
+
+Use in `layout.tsx` or `page.tsx` with `tsx()`:
+
+```tsx
+export default function RootLayout({ children }) {
+  return (
+    <html>
+      <head>{seoTags({ title: 'My App' })}</head>
+      <body>{children}</body>
+    </html>
+  )
+}
+```
+
+# Security
+
+## Helmet — Security headers
+
+```ts
+import { helmet } from 'weifuwu'
+
+// Apply all security headers with safe defaults
+app.use(helmet())
+
+// Customize individual headers (any can be set to false to remove)
+app.use(helmet({
+  contentSecurityPolicy: "default-src 'self'",
+  xFrameOptions: 'DENY',
+  strictTransportSecurity: 'max-age=63072000; includeSubDomains; preload',
+}))
+
+// Middleware-order: set after helmet to override
+app.use(helmet({ xFrameOptions: false }))  // remove a header
+```
+
+13 security headers set by default:
+
+| Header | Default |
+|--------|---------|
+| `Content-Security-Policy` | `default-src 'self'; ...` |
+| `X-Content-Type-Options` | `nosniff` |
+| `X-Frame-Options` | `SAMEORIGIN` |
+| `Strict-Transport-Security` | `max-age=15552000; includeSubDomains` |
+| `X-XSS-Protection` | `0` |
+| `Referrer-Policy` | `no-referrer` |
+| `Permissions-Policy` | `camera=(),geolocation=(),...` |
+| `Cross-Origin-Embedder-Policy` | `require-corp` |
+| `Cross-Origin-Opener-Policy` | `same-origin` |
+| `Cross-Origin-Resource-Policy` | `same-origin` |
+| `Origin-Agent-Cluster` | `?1` |
+| `X-DNS-Prefetch-Control` | `off` |
+| `X-Download-Options` | `noopen` |
+| `X-Permitted-Cross-Domain-Policies` | `none` |
+
+Does not override response headers already set by the application — your explicit headers take precedence.
+
+## Request ID
+
+```ts
+import { requestId } from 'weifuwu'
+
+// Every response gets X-Request-ID
+app.use(requestId())
+
+// Custom header name
+app.use(requestId({ header: 'X-Trace-Id' }))
+
+// Custom ID generator
+app.use(requestId({ generator: () => crypto.randomUUID() }))
+
+// Access the ID in handlers via ctx.requestId
+app.get('/log', (req, ctx) => {
+  console.log(`Handling request ${ctx.requestId}`)
+  return Response.json({ id: ctx.requestId })
+})
+```
+
+Preserves incoming `X-Request-ID` for distributed tracing — if the upstream service already set it, the value is reused and propagated.
+
+## Server-Sent Events
+
+```ts
+import { createSSEStream, formatSSE } from 'weifuwu'
+
+async function* eventStream() {
+  yield { type: 'ping', data: { time: Date.now() } }
+  yield { type: 'message', data: { text: 'hello' } }
+}
+
+app.get('/events', () => createSSEStream(eventStream()))
+```
+
+| Function | Description |
+|----------|-------------|
+| `createSSEStream(iterable, opts?)` | Returns a `Response` with `Content-Type: text/event-stream` |
+| `formatSSE(event, data)` | Formats an SSE event string (`event: ...\ndata: ...\n\n`) |
+| `formatSSEData(data)` | Formats SSE data-only string (`data: ...\n\n`) |
+
 # Health, i18n, Email & Testing
 
 ## Health check

package/cli.ts

@@ -1,5 +1,6 @@
 #!/usr/bin/env node
-import { mkdir, writeFile, copyFile, readdir } from 'node:fs/promises'
+import { mkdir, writeFile, copyFile, readFile } from 'node:fs/promises'
+import { existsSync } from 'node:fs'
 import { homedir } from 'node:os'
 import { join, dirname, resolve } from 'node:path'
 import { fileURLToPath } from 'node:url'
@@ -7,26 +8,20 @@ import { fileURLToPath } from 'node:url'
 const __filename = fileURLToPath(import.meta.url)
 const __dirname = dirname(__filename)
 
-const pkgRoot = resolve(__dirname, '..')
+const pkgRoot = existsSync(join(__dirname, 'package.json')) ? __dirname : resolve(__dirname, '..')
 
 async function cmdSkill() {
   const targetDir = join(homedir(), '.agents', 'skills', 'weifuwu')
-  const docsTarget = join(targetDir, 'docs')
-
-  await mkdir(docsTarget, { recursive: true })
+  await mkdir(targetDir, { recursive: true })
   await copyFile(join(pkgRoot, 'README.md'), join(targetDir, 'SKILL.md'))
-
-  const docDir = join(pkgRoot, 'docs')
-  const entries = await readdir(docDir)
-  for (const entry of entries) {
-    if (entry.endsWith('.md')) {
-      await copyFile(join(docDir, entry), join(docsTarget, entry))
-    }
-  }
-
   console.log('✅ Installed weifuwu skill to ~/.agents/skills/weifuwu/')
 }
 
+async function cmdVersion() {
+  const pkg = JSON.parse(await readFile(join(pkgRoot, 'package.json'), 'utf-8'))
+  console.log(pkg.version)
+}
+
 async function cmdInit(name: string) {
   const targetDir = resolve(process.cwd(), name)
   await mkdir(targetDir, { recursive: true })
@@ -78,7 +73,9 @@ async function cmdInit(name: string) {
 
 const cmd = process.argv[2]
 
-if (cmd === 'skill') {
+if (cmd === 'version' || cmd === '-v' || cmd === '--version') {
+  cmdVersion().catch(console.error)
+} else if (cmd === 'skill') {
   cmdSkill().catch(console.error)
 } else if (cmd === 'init') {
   const name = process.argv[3]
@@ -88,5 +85,5 @@ if (cmd === 'skill') {
   }
   cmdInit(name).catch(console.error)
 } else {
-  console.log('\nUsage:\n  npx weifuwu init <name>    Create a new weifuwu project\n  npx weifuwu skill           Install weifuwu skill to ~/.agents/skills/\n')
+  console.log('\nUsage:\n  npx weifuwu version          Print version\n  npx weifuwu init <name>    Create a new weifuwu project\n  npx weifuwu skill           Install weifuwu skill to ~/.agents/skills/\n')
 }

package/dist/ai-sdk.d.ts

@@ -0,0 +1,2 @@
+export { streamText, generateText, generateObject, streamObject, tool, embed, embedMany, smoothStream, } from 'ai';
+export { openai, createOpenAI, } from '@ai-sdk/openai';

package/dist/cli.js

@@ -1,27 +1,24 @@
 #!/usr/bin/env node
 
 // cli.ts
-import { mkdir, writeFile, copyFile, readdir } from "node:fs/promises";
+import { mkdir, writeFile, copyFile, readFile } from "node:fs/promises";
+import { existsSync } from "node:fs";
 import { homedir } from "node:os";
 import { join, dirname, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 var __filename = fileURLToPath(import.meta.url);
 var __dirname = dirname(__filename);
-var pkgRoot = resolve(__dirname, "..");
+var pkgRoot = existsSync(join(__dirname, "package.json")) ? __dirname : resolve(__dirname, "..");
 async function cmdSkill() {
   const targetDir = join(homedir(), ".agents", "skills", "weifuwu");
-  const docsTarget = join(targetDir, "docs");
-  await mkdir(docsTarget, { recursive: true });
+  await mkdir(targetDir, { recursive: true });
   await copyFile(join(pkgRoot, "README.md"), join(targetDir, "SKILL.md"));
-  const docDir = join(pkgRoot, "docs");
-  const entries = await readdir(docDir);
-  for (const entry of entries) {
-    if (entry.endsWith(".md")) {
-      await copyFile(join(docDir, entry), join(docsTarget, entry));
-    }
-  }
   console.log("\u2705 Installed weifuwu skill to ~/.agents/skills/weifuwu/");
 }
+async function cmdVersion() {
+  const pkg = JSON.parse(await readFile(join(pkgRoot, "package.json"), "utf-8"));
+  console.log(pkg.version);
+}
 async function cmdInit(name) {
   const targetDir = resolve(process.cwd(), name);
   await mkdir(targetDir, { recursive: true });
@@ -65,7 +62,9 @@ async function cmdInit(name) {
   console.log(`\u2705 Created ${name}/ \u2014 cd ${name} && npm install && npm run dev`);
 }
 var cmd = process.argv[2];
-if (cmd === "skill") {
+if (cmd === "version" || cmd === "-v" || cmd === "--version") {
+  cmdVersion().catch(console.error);
+} else if (cmd === "skill") {
   cmdSkill().catch(console.error);
 } else if (cmd === "init") {
   const name = process.argv[3];
@@ -75,5 +74,5 @@ if (cmd === "skill") {
   }
   cmdInit(name).catch(console.error);
 } else {
-  console.log("\nUsage:\n  npx weifuwu init <name>    Create a new weifuwu project\n  npx weifuwu skill           Install weifuwu skill to ~/.agents/skills/\n");
+  console.log("\nUsage:\n  npx weifuwu version          Print version\n  npx weifuwu init <name>    Create a new weifuwu project\n  npx weifuwu skill           Install weifuwu skill to ~/.agents/skills/\n");
 }

package/dist/helmet.d.ts

@@ -0,0 +1,18 @@
+import type { Middleware } from './types.ts';
+export interface HelmetOptions {
+    contentSecurityPolicy?: string | false;
+    crossOriginEmbedderPolicy?: string | false;
+    crossOriginOpenerPolicy?: string | false;
+    crossOriginResourcePolicy?: string | false;
+    originAgentCluster?: string | false;
+    referrerPolicy?: string | false;
+    strictTransportSecurity?: string | false;
+    xContentTypeOptions?: string | false;
+    xDnsPrefetchControl?: string | false;
+    xDownloadOptions?: string | false;
+    xFrameOptions?: string | false;
+    xPermittedCrossDomainPolicies?: string | false;
+    xXssProtection?: string | false;
+    permissionsPolicy?: string | false;
+}
+export declare function helmet(options?: HelmetOptions): Middleware;

package/dist/iii/stream.d.ts

@@ -4,6 +4,7 @@ import type { StreamUpdateOp, StreamSubscription } from './types.ts';
 export declare function createStream(opts?: {
     pg?: PostgresClient;
     redis?: Redis;
+    streamTTL?: number;
 }): {
     subscribe(ws: WebSocket, sub: StreamSubscription): void;
     unsubscribe(ws: WebSocket): void;

package/dist/iii/types.d.ts

@@ -17,6 +17,8 @@ export interface TriggerInput {
 export interface IIIOptions {
     pg?: PostgresClient;
     redis?: Redis;
+    /** TTL in seconds for Redis stream keys. Default: 3600 (1 hour). Set to 0 for no expiration. */
+    streamTTL?: number;
 }
 export interface TriggerRequest {
     function_id: string;

package/dist/index.d.ts

@@ -20,36 +20,45 @@ export { rateLimit } from './rate-limit.ts';
 export type { RateLimitOptions } from './rate-limit.ts';
 export { compress } from './compress.ts';
 export type { CompressOptions } from './compress.ts';
+export { helmet } from './helmet.ts';
+export type { HelmetOptions } from './helmet.ts';
+export { requestId } from './request-id.ts';
+export type { RequestIdOptions } from './request-id.ts';
+export { createSSEStream, formatSSE, formatSSEData } from './sse.ts';
+export type { SSEEvent } from './sse.ts';
 export { graphql } from './graphql.ts';
 export type { GraphQLOptions, GraphQLHandler } from './graphql.ts';
 export { aiStream } from './ai.ts';
 export type { AIHandler } from './ai.ts';
 export { runWorkflow } from './ai/workflow.ts';
+export { streamText, generateText, generateObject, streamObject, tool, embed, embedMany, smoothStream, openai, createOpenAI, } from './ai-sdk.ts';
 export { postgres } from './postgres/index.ts';
 export type { PostgresOptions, PostgresClient } from './postgres/types.ts';
 export { user } from './user/index.ts';
-export type { UserOptions, UserData, UserModule, OAuth2Client } from './user/types.ts';
+export type { UserOptions, UserData, UserModule, OAuth2Client, } from './user/types.ts';
 export { redis } from './redis/index.ts';
 export type { RedisOptions, RedisClient } from './redis/types.ts';
 export { queue } from './queue/index.ts';
 export type { QueueOptions, QueueJob, Queue } from './queue/types.ts';
 export { tenant } from './tenant/index.ts';
-export type { TenantOptions, TenantModule, TenantContext, FieldDef, FieldType, RelationDef, UserTableRow } from './tenant/types.ts';
+export type { TenantOptions, TenantModule, TenantContext, FieldDef, FieldType, RelationDef, UserTableRow, } from './tenant/types.ts';
 export { agent } from './agent/index.ts';
-export type { AgentOptions, AgentModule, AgentConfig, RunParams, RunResult, KnowledgeDoc } from './agent/types.ts';
+export type { AgentOptions, AgentModule, AgentConfig, RunParams, RunResult, KnowledgeDoc, } from './agent/types.ts';
 export { messager } from './messager/index.ts';
-export type { MessagerOptions, MessagerModule, Channel, ChannelMember, Message } from './messager/types.ts';
+export type { MessagerOptions, MessagerModule, Channel, ChannelMember, Message, } from './messager/types.ts';
 export { deploy, defineConfig } from './deploy/index.ts';
-export type { DeployConfig, AppConfig, DeployServer, AppStatus } from './deploy/types.ts';
+export type { DeployConfig, AppConfig, DeployServer, AppStatus, } from './deploy/types.ts';
 export { opencode } from './opencode/index.ts';
-export type { OpencodeOptions, OpencodeModule, SkillDef, OpencodePermissions, Session as OpencodeSession } from './opencode/types.ts';
+export type { OpencodeOptions, OpencodeModule, SkillDef, OpencodePermissions, Session as OpencodeSession, } from './opencode/types.ts';
 export { health } from './health.ts';
 export type { HealthOptions } from './health.ts';
 export { i18n } from './i18n.ts';
 export type { I18nOptions } from './i18n.ts';
+export { seo, seoMiddleware, seoTags } from './seo.ts';
+export type { SeoOptions, RobotsRule, SitemapUrl, SitemapConfig, SeoHeadersConfig, SeoTagsConfig, } from './seo.ts';
 export { mailer } from './mailer.ts';
 export type { MailerOptions, MailOptions, Mailer } from './mailer.ts';
 export { logdb } from './logdb/index.ts';
-export type { LogdbOptions, LogdbModule, LogEntry, LogEntryInput } from './logdb/types.ts';
-export { iii, createWorker as Worker, registerWorker } from './iii/index.ts';
-export type { IIIModule, IIIOptions, WorkerInfo, FunctionInfo, TriggerInfo, FunctionHandler, FunctionContext, TriggerInput, RemoteWorker, TriggerRequest } from './iii/types.ts';
+export type { LogdbOptions, LogdbModule, LogEntry, LogEntryInput, } from './logdb/types.ts';
+export { iii, createWorker, registerWorker } from './iii/index.ts';
+export type { IIIModule, IIIOptions, WorkerInfo, FunctionInfo, TriggerInfo, FunctionHandler, FunctionContext, TriggerInput, RemoteWorker, TriggerRequest, } from './iii/types.ts';