weifuwu 0.16.2 → 0.16.4

package/dist/index.js

@@ -122,6 +122,14 @@ function serve(handler, options) {
   const ready = new Promise((r) => {
     resolveReady = r;
   });
+  if (options?.shutdown !== false) {
+    process.on("SIGTERM", () => {
+      server.close();
+    });
+    process.on("SIGINT", () => {
+      server.close();
+    });
+  }
   if (options?.signal) {
     if (options.signal.aborted) {
       server.close();
@@ -968,9 +976,16 @@ ${src}`;
         `import{createElement}from'react';`,
         `import P from${JSON.stringify(entryPath)};`,
         `const p=window.__WEIFUWU_PROPS;`,
-        `let el=createElement(P,p);`,
-        `hydrateRoot(document.getElementById('__weifuwu_root'),el);`
+        `const c=document.getElementById('__weifuwu_root');`,
+        `const r=hydrateRoot(c,createElement(P,p));`,
+        `window.__WEIFUWU_ROOT=r;`
       ].join("");
+      const publicEnv = {};
+      for (const key of Object.keys(process.env)) {
+        if (key.startsWith("WEIFUWU_PUBLIC_")) {
+          publicEnv[`process.env.${key}`] = JSON.stringify(process.env[key]);
+        }
+      }
       const result = await esbuild.build({
         stdin: { contents: code, loader: "tsx", resolveDir: pagesDir },
         bundle: true,
@@ -978,6 +993,8 @@ ${src}`;
         jsx: "automatic",
         jsxImportSource: "react",
         alias: resolveAliases(),
+        banner: { js: "self.process={env:{}};" },
+        define: Object.keys(publicEnv).length > 0 ? publicEnv : void 0,
         write: false,
         minify: true
       });
@@ -1028,9 +1045,13 @@ ${src}`;
       const loadFn = loadMod?.default;
       const loadProps = loadFn ? await loadFn({ params: ctx.params, query: ctx.query }) : {};
       const allProps = { ...loadProps, params: ctx.params, query: ctx.query };
-      let element = createElement(TsxContext.Provider, {
-        value: { params: ctx.params, query: ctx.query, user: ctx.user, parsed: ctx.parsed }
-      }, createElement(Component, allProps));
+      let element = createElement(
+        "div",
+        { id: "__weifuwu_root" },
+        createElement(TsxContext.Provider, {
+          value: { params: ctx.params, query: ctx.query, user: ctx.user, parsed: ctx.parsed }
+        }, createElement(Component, allProps))
+      );
       if (layoutPaths.length === 0) {
         element = createElement(
           "html",
@@ -1042,7 +1063,7 @@ ${src}`;
             createElement("meta", { name: "viewport", content: "width=device-width, initial-scale=1" }),
             createElement("title", null, "weifuwu")
           ),
-          createElement("body", null, createElement("div", { id: "__weifuwu_root" }, element))
+          createElement("body", null, element)
         );
       } else {
         for (let i = layoutPaths.length - 1; i >= 0; i--) {
@@ -1059,6 +1080,11 @@ ${src}`;
       }
       const stream = await renderToReadableStream(element);
       const body = await readStream(stream);
+      if (layoutPaths.length > 0 && (body.match(/__weifuwu_root/g) || []).length > 1) {
+        console.warn(
+          '[weifuwu/tsx] <div id="__weifuwu_root"> is auto-injected by the framework. Remove the duplicate from your root layout to avoid hydration conflicts.'
+        );
+      }
       const scripts = [];
       scripts.push(`<script>window.__WEIFUWU_PROPS=${JSON.stringify(allProps)}</script>`);
       const bundle = await this.getOrBuildClientBundle(entryPath, layoutPaths, this.pagesDir);
@@ -1747,7 +1773,7 @@ function upload(options) {
 // rate-limit.ts
 function rateLimit(options) {
   const max = options?.max ?? 100;
-  const window = options?.window ?? 6e4;
+  const window2 = options?.window ?? 6e4;
   const getKey = options?.key ?? ((req) => {
     const forwarded = req.headers.get("x-forwarded-for");
     if (forwarded) return forwarded.split(",")[0].trim();
@@ -1764,19 +1790,19 @@ function rateLimit(options) {
     for (const [key, entry] of hits) {
       if (entry.reset < now) hits.delete(key);
     }
-  }, window);
+  }, window2);
   if (interval.unref) interval.unref();
   const mw = async (req, ctx, next) => {
     const key = getKey(req);
     const now = Date.now();
     const entry = hits.get(key);
     if (!entry || entry.reset < now) {
-      hits.set(key, { count: 1, reset: now + window });
+      hits.set(key, { count: 1, reset: now + window2 });
       const res2 = await next(req, ctx);
       const headers2 = new Headers(res2.headers);
       headers2.set("X-RateLimit-Limit", String(max));
       headers2.set("X-RateLimit-Remaining", String(max - 1));
-      headers2.set("X-RateLimit-Reset", String(Math.ceil((now + window) / 1e3)));
+      headers2.set("X-RateLimit-Reset", String(Math.ceil((now + window2) / 1e3)));
       return new Response(res2.body, { status: res2.status, statusText: res2.statusText, headers: headers2 });
     }
     entry.count++;
@@ -1910,10 +1936,10 @@ function helmet(options) {
 }
 
 // request-id.ts
-import crypto from "node:crypto";
+import crypto2 from "node:crypto";
 function requestId(options) {
   const header = options?.header ?? "X-Request-ID";
-  const gen = options?.generator ?? (() => crypto.randomUUID());
+  const gen = options?.generator ?? (() => crypto2.randomUUID());
   return async (req, ctx, next) => {
     const existing = req.headers.get(header);
     const id2 = existing ?? gen();
@@ -2949,7 +2975,7 @@ import jwt2 from "jsonwebtoken";
 import { z as z2 } from "zod";
 
 // user/oauth2.ts
-import crypto2 from "node:crypto";
+import crypto3 from "node:crypto";
 import jwt from "jsonwebtoken";
 function createOAuth2Server(deps) {
   const { pg, users, jwtSecret, expiresIn } = deps;
@@ -2968,8 +2994,8 @@ function createOAuth2Server(deps) {
     };
   }
   async function registerClient(data) {
-    const clientId = crypto2.randomUUID();
-    const clientSecret = crypto2.randomBytes(32).toString("hex");
+    const clientId = crypto3.randomUUID();
+    const clientSecret = crypto3.randomBytes(32).toString("hex");
     const [row] = await pg.sql`
       INSERT INTO "_oauth2_clients" ("name", "client_id", "client_secret", "redirect_uris")
       VALUES (${data.name}, ${clientId}, ${clientSecret}, ${pg.sql.array(data.redirectUris)})
@@ -3117,7 +3143,7 @@ h2{color:#dc2626}.desc{color:#555}</style>
       const loc2 = `${redirectUri}?error=access_denied${state ? `&state=${state}` : ""}`;
       return Response.redirect(loc2, 302);
     }
-    const code = crypto2.randomUUID();
+    const code = crypto3.randomUUID();
     const expiresAt = new Date(Date.now() + 10 * 60 * 1e3);
     await pg.sql`
       INSERT INTO "_oauth2_codes" ("code", "client_id", "user_id", "redirect_uri", "code_challenge", "code_challenge_method", "scope", "expires_at")
@@ -3182,7 +3208,7 @@ h2{color:#dc2626}.desc{color:#555}</style>
       if (stored.code_challenge_method === "plain") {
         expected = codeVerifier;
       } else {
-        expected = crypto2.createHash("sha256").update(codeVerifier).digest().toString("base64url");
+        expected = crypto3.createHash("sha256").update(codeVerifier).digest().toString("base64url");
       }
       if (expected !== stored.code_challenge) {
         return Response.json({ error: "invalid_grant", error_description: "code_verifier mismatch" }, { status: 400 });
@@ -3199,7 +3225,7 @@ h2{color:#dc2626}.desc{color:#555}</style>
       jwtSecret,
       { expiresIn }
     );
-    const refreshToken = crypto2.randomUUID();
+    const refreshToken = crypto3.randomUUID();
     const refreshExpires = new Date(Date.now() + 30 * 24 * 60 * 60 * 1e3);
     await pg.sql`
       INSERT INTO "_oauth2_tokens" ("token", "client_id", "user_id", "scope", "expires_at")
@@ -3465,9 +3491,65 @@ function redis(opts) {
   return mw;
 }
 
+// hub.ts
+function createHub(opts) {
+  const prefix = opts?.prefix ?? "hub:";
+  const channels2 = /* @__PURE__ */ new Map();
+  let redisPub;
+  let redisSub = null;
+  if (opts?.redis) {
+    redisPub = opts.redis;
+    redisSub = opts.redis.duplicate();
+    redisSub.on("message", (rawChannel, rawData) => {
+      if (!rawChannel.startsWith(prefix)) return;
+      const key = rawChannel.slice(prefix.length);
+      const members = channels2.get(key);
+      if (!members) return;
+      for (const ws of members) {
+        try {
+          ws.send(rawData);
+        } catch {
+        }
+      }
+    });
+  }
+  function join5(key, ws) {
+    if (!channels2.has(key)) {
+      channels2.set(key, /* @__PURE__ */ new Set());
+      redisSub?.subscribe(`${prefix}${key}`);
+    }
+    channels2.get(key).add(ws);
+  }
+  function leave(ws) {
+    for (const [, members] of channels2) {
+      members.delete(ws);
+    }
+  }
+  function broadcast(key, data) {
+    const msg = JSON.stringify(data);
+    const members = channels2.get(key);
+    if (members) {
+      for (const ws of members) {
+        try {
+          ws.send(msg);
+        } catch {
+        }
+      }
+    }
+    redisPub?.publish(`${prefix}${key}`, msg);
+  }
+  async function close() {
+    channels2.clear();
+    if (redisSub) {
+      await redisSub.quit();
+    }
+  }
+  return { join: join5, leave, broadcast, close };
+}
+
 // queue/index.ts
 import { Redis as IORedis2 } from "ioredis";
-import crypto3 from "node:crypto";
+import crypto4 from "node:crypto";
 function cronNext(expr, from = /* @__PURE__ */ new Date()) {
   const parts = expr.trim().split(/\s+/);
   if (parts.length !== 5) throw new Error(`Invalid cron expression "${expr}": expected 5 fields`);
@@ -3558,7 +3640,7 @@ function queue(opts) {
             if (job.schedule) {
               try {
                 const nextRun = cronNext(job.schedule);
-                const nextJob = { ...job, id: crypto3.randomUUID(), runAt: nextRun, createdAt: Date.now() };
+                const nextJob = { ...job, id: crypto4.randomUUID(), runAt: nextRun, createdAt: Date.now() };
                 redis2.zadd(jobKey, nextRun, JSON.stringify(nextJob)).catch(() => {
                 });
               } catch {
@@ -3576,7 +3658,7 @@ function queue(opts) {
     }
   }
   mw.add = function add(type, payload, opts2) {
-    const id2 = crypto3.randomUUID();
+    const id2 = crypto4.randomUUID();
     let runAt;
     if (opts2?.schedule) {
       runAt = cronNext(opts2.schedule);
@@ -4809,40 +4891,17 @@ function agent(options) {
 }
 
 // messager/ws.ts
-var channels = /* @__PURE__ */ new Map();
 var userConnections = /* @__PURE__ */ new Map();
+var hub;
 function broadcastToChannel(channelId, data) {
-  const members = channels.get(channelId);
-  if (!members) return;
-  const msg = JSON.stringify(data);
-  for (const { ws } of members) {
-    try {
-      ws.send(msg);
-    } catch {
-    }
-  }
-}
-function subscribe(ws, userId, channelId) {
-  if (!channels.has(channelId)) channels.set(channelId, /* @__PURE__ */ new Set());
-  channels.get(channelId).add({ ws, userId });
-  if (!userConnections.has(userId)) userConnections.set(userId, /* @__PURE__ */ new Set());
-  userConnections.get(userId).add(ws);
-}
-function unsubscribe(ws) {
-  for (const [, members] of channels) {
-    for (const m of members) {
-      if (m.ws === ws) {
-        members.delete(m);
-        break;
-      }
-    }
-  }
-  for (const [, conns] of userConnections) {
-    conns.delete(ws);
-  }
+  hub?.broadcast(`messager:${channelId}`, data);
 }
 function createWSHandler(deps) {
   const { sql: sql2, agents } = deps;
+  hub = createHub({
+    redis: deps.redis,
+    prefix: "messager:"
+  });
   return {
     open(ws, ctx) {
       const userId = ctx.user?.id;
@@ -4871,8 +4930,10 @@ function createWSHandler(deps) {
             RETURNING *
           `;
           const message = row;
+          hub.join(`messager:${channel_id}`, ws);
+          if (!userConnections.has(userId)) userConnections.set(userId, /* @__PURE__ */ new Set());
+          userConnections.get(userId).add(ws);
           broadcastToChannel(channel_id, { type: "message", data: message });
-          subscribe(ws, userId, channel_id);
           if (agents) {
             const agentMembers = await sql2`
               SELECT member_id FROM "_channel_members"
@@ -4898,7 +4959,9 @@ function createWSHandler(deps) {
           break;
         }
         case "typing": {
-          if (channel_id) subscribe(ws, userId, channel_id);
+          if (channel_id) {
+            hub.join(`messager:${channel_id}`, ws);
+          }
           broadcastToChannel(channel_id, {
             type: "typing",
             channel_id,
@@ -4909,7 +4972,7 @@ function createWSHandler(deps) {
         }
         case "read": {
           if (!channel_id || !last_message_id) return;
-          subscribe(ws, userId, channel_id);
+          hub.join(`messager:${channel_id}`, ws);
           await sql2`
             UPDATE "_channel_members"
             SET last_read_id = ${last_message_id}, last_read_at = NOW()
@@ -4926,22 +4989,28 @@ function createWSHandler(deps) {
       }
     },
     close(ws) {
-      unsubscribe(ws);
+      hub?.leave(ws);
+      for (const [, conns] of userConnections) {
+        conns.delete(ws);
+      }
     },
     error(ws) {
-      unsubscribe(ws);
+      hub?.leave(ws);
+      for (const [, conns] of userConnections) {
+        conns.delete(ws);
+      }
     }
   };
 }
 
 // messager/rest.ts
 function buildRouter3(deps) {
-  const { sql: sql2, channels: channels3, members, messages: messages2, agents } = deps;
+  const { sql: sql2, channels: channels2, members, messages: messages2, agents } = deps;
   const r = new Router();
   r.post("/channels", async (req) => {
     const body = await req.json();
     if (!body.name) return Response.json({ error: "name is required" }, { status: 400 });
-    const channel = await channels3.insert({
+    const channel = await channels2.insert({
       name: body.name,
       type: body.type || "channel",
       created_by: body.created_by || 1
@@ -4984,14 +5053,14 @@ function buildRouter3(deps) {
   });
   r.get("/channels/:id", async (_req, ctx) => {
     const id2 = parseInt(ctx.params.id, 10);
-    const ch = await channels3.read(id2);
+    const ch = await channels2.read(id2);
     if (!ch) return Response.json({ error: "Channel not found" }, { status: 404 });
     const { data: memberRows } = await members.readMany({ channel_id: id2 });
     return Response.json({ channel: ch, members: memberRows });
   });
   r.delete("/channels/:id", async (_req, ctx) => {
     const id2 = parseInt(ctx.params.id, 10);
-    await channels3.delete(id2);
+    await channels2.delete(id2);
     return Response.json({ ok: true });
   });
   r.post("/channels/:id/members", async (req, ctx) => {
@@ -5092,8 +5161,9 @@ function messager(options) {
   const pg = options.pg;
   const sql2 = pg.sql;
   const agents = options.agents;
+  const redis2 = options.redis;
   const base = new PgModule(pg);
-  const channels3 = pg.table("_channels", {
+  const channels2 = pg.table("_channels", {
     id: serial("id").primaryKey(),
     tenant_id: text("tenant_id"),
     name: text("name").notNull().default(""),
@@ -5125,16 +5195,16 @@ function messager(options) {
   });
   return {
     migrate: async () => {
-      await channels3.create();
-      await channels3.createIndex("tenant_id");
+      await channels2.create();
+      await channels2.createIndex("tenant_id");
       await members.create();
       await members.createIndex("member_id");
       await members.createIndex(["channel_id", "member_id", "member_type"], { unique: true });
       await messages2.create();
       await messages2.createIndex(["channel_id", "created_at"], { desc: true });
     },
-    router: () => buildRouter3({ sql: sql2, channels: channels3, members, messages: messages2, agents }),
-    wsHandler: () => createWSHandler({ sql: sql2, agents }),
+    router: () => buildRouter3({ sql: sql2, channels: channels2, members, messages: messages2, agents }),
+    wsHandler: () => createWSHandler({ sql: sql2, agents, redis: redis2 }),
     async send(channelId, content, opts) {
       const msg = await messages2.insert({
         channel_id: channelId,
@@ -5242,7 +5312,7 @@ function createGateway(config, getPort) {
 }
 
 // deploy/manager.ts
-import crypto4 from "node:crypto";
+import crypto5 from "node:crypto";
 function createManager(config, apps, manager) {
   const router = new Router();
   const auth2 = (req, ctx, next) => {
@@ -5251,7 +5321,7 @@ function createManager(config, apps, manager) {
     const token = header.replace("Bearer ", "");
     const tokenBuf = Buffer.from(token);
     const secretBuf = Buffer.from(config.deployToken);
-    if (tokenBuf.length !== secretBuf.length || !crypto4.timingSafeEqual(tokenBuf, secretBuf)) {
+    if (tokenBuf.length !== secretBuf.length || !crypto5.timingSafeEqual(tokenBuf, secretBuf)) {
       return Response.json({ error: "Unauthorized" }, { status: 401 });
     }
     return next(req, ctx);
@@ -5350,10 +5420,10 @@ function createManager(config, apps, manager) {
     const rawBody = await req.text();
     if (config.webhookSecret) {
       const sig = req.headers.get("x-hub-signature-256") ?? "";
-      const expected = `sha256=${crypto4.createHmac("sha256", config.webhookSecret).update(rawBody).digest("hex")}`;
+      const expected = `sha256=${crypto5.createHmac("sha256", config.webhookSecret).update(rawBody).digest("hex")}`;
       const sigBuf = Buffer.from(sig);
       const expectedBuf = Buffer.from(expected);
-      if (sigBuf.length !== expectedBuf.length || !crypto4.timingSafeEqual(sigBuf, expectedBuf)) {
+      if (sigBuf.length !== expectedBuf.length || !crypto5.timingSafeEqual(sigBuf, expectedBuf)) {
         return Response.json({ error: "invalid signature" }, { status: 401 });
       }
     }
@@ -6310,7 +6380,7 @@ async function buildRouter4(deps) {
       skills: allSkills,
       systemPrompt: session.system_prompt || systemPrompt
     });
-    const history = await getHistory(sql2, sessionId);
+    const history2 = await getHistory(sql2, sessionId);
     await addTextMessage(sql2, sessionId, "user", content);
     const stream = executeGenerator({
       sessionId,
@@ -6318,7 +6388,7 @@ async function buildRouter4(deps) {
       model,
       tools,
       systemPrompt: sysPrompt,
-      messages: history,
+      messages: history2,
       sql: sql2
     });
     return createSSEStream(stream);
@@ -6398,7 +6468,7 @@ function createWSHandler2(deps) {
               skills: allSkills,
               systemPrompt: session.system_prompt || systemPrompt
             });
-            const history = await getHistory(sql2, session_id);
+            const history2 = await getHistory(sql2, session_id);
             await addTextMessage(sql2, session_id, "user", content);
             const stream = executeGenerator({
               sessionId: session_id,
@@ -6406,7 +6476,7 @@ function createWSHandler2(deps) {
               model,
               tools,
               systemPrompt: sysPrompt,
-              messages: history,
+              messages: history2,
               sql: sql2,
               abortSignal: controller.signal
             });
@@ -6843,6 +6913,251 @@ function mailer(options) {
   return { send, close };
 }
 
+// use-websocket.ts
+import { useEffect, useRef, useCallback, useState } from "react";
+var RECONNECT_DELAY = 3e3;
+var MAX_RETRIES = 10;
+function resolveUrl(url) {
+  return typeof url === "function" ? url() : url;
+}
+function useWebsocket(url, options) {
+  const { onMessage, reconnect: reconnectOpt = true, protocols, enabled = true } = options ?? {};
+  const [lastMessage, setLastMessage] = useState(null);
+  const [readyState, setReadyState] = useState(WebSocket.CLOSED);
+  const wsRef = useRef(null);
+  const retryRef = useRef(0);
+  const timerRef = useRef(void 0);
+  const mountedRef = useRef(true);
+  const shouldReconnectRef = useRef(true);
+  const urlRef = useRef(url);
+  const optsRef = useRef({ onMessage, reconnectOpt, protocols });
+  urlRef.current = url;
+  optsRef.current = { onMessage, reconnectOpt, protocols };
+  const cleanup = useCallback(() => {
+    clearTimeout(timerRef.current);
+    wsRef.current?.close();
+    wsRef.current = null;
+  }, []);
+  const connect = useCallback(() => {
+    if (!mountedRef.current || !enabled) return;
+    const resolved = resolveUrl(urlRef.current);
+    if (!resolved) return;
+    wsRef.current?.close();
+    const ws = new WebSocket(resolved, optsRef.current.protocols);
+    wsRef.current = ws;
+    setReadyState(WebSocket.CONNECTING);
+    ws.addEventListener("open", () => {
+      if (!mountedRef.current) return;
+      retryRef.current = 0;
+      setReadyState(WebSocket.OPEN);
+    });
+    ws.addEventListener("message", (e) => {
+      if (!mountedRef.current) return;
+      const data = typeof e.data === "string" ? e.data : String(e.data);
+      setLastMessage(data);
+      optsRef.current.onMessage?.(data);
+    });
+    ws.addEventListener("close", () => {
+      if (!mountedRef.current) return;
+      setReadyState(WebSocket.CLOSED);
+      const ro = optsRef.current.reconnectOpt;
+      if (ro && shouldReconnectRef.current && mountedRef.current) {
+        const maxRetries = typeof ro === "object" ? ro.maxRetries ?? MAX_RETRIES : MAX_RETRIES;
+        const delay = typeof ro === "object" ? ro.delay ?? RECONNECT_DELAY : RECONNECT_DELAY;
+        if (retryRef.current < maxRetries) {
+          retryRef.current++;
+          timerRef.current = setTimeout(() => connect(), delay);
+        }
+      }
+    });
+  }, [enabled]);
+  useEffect(() => {
+    mountedRef.current = true;
+    shouldReconnectRef.current = true;
+    if (enabled) connect();
+    return () => {
+      mountedRef.current = false;
+      cleanup();
+    };
+  }, [enabled, connect, cleanup]);
+  const send = useCallback((data) => {
+    wsRef.current?.send(data);
+  }, []);
+  const close = useCallback(() => {
+    shouldReconnectRef.current = false;
+    cleanup();
+    setReadyState(WebSocket.CLOSED);
+  }, [cleanup]);
+  const reconnectFn = useCallback(() => {
+    retryRef.current = 0;
+    shouldReconnectRef.current = true;
+    cleanup();
+    connect();
+  }, [cleanup, connect]);
+  return { send, close, readyState, lastMessage, reconnect: reconnectFn };
+}
+
+// use-action.ts
+import { useState as useState2, useCallback as useCallback2, useRef as useRef2 } from "react";
+function getCsrfToken() {
+  if (typeof document === "undefined") return void 0;
+  const match = document.cookie.match(/(?:^|;\s*)_csrf=([^;]+)/);
+  return match ? decodeURIComponent(match[1]) : void 0;
+}
+function useAction(url, options) {
+  const { method = "POST", headers, onSuccess, onError } = options ?? {};
+  const [data, setData] = useState2(null);
+  const [error, setError] = useState2(null);
+  const [pending, setPending] = useState2(false);
+  const mountedRef = useRef2(true);
+  const submit = useCallback2(async (body) => {
+    setPending(true);
+    setError(null);
+    try {
+      const csrfToken = getCsrfToken();
+      const hdrs = { ...headers };
+      if (csrfToken) hdrs["x-csrf-token"] = csrfToken;
+      if (body && typeof body === "object" && !(body instanceof FormData)) {
+        hdrs["content-type"] = "application/json";
+      }
+      const res = await fetch(url, {
+        method,
+        headers: hdrs,
+        body: body instanceof FormData ? body : body !== void 0 ? JSON.stringify(body) : void 0
+      });
+      if (!res.ok) {
+        const text2 = await res.text();
+        throw new Error(text2 || `HTTP ${res.status}`);
+      }
+      const result = res.status === 204 ? void 0 : await res.json();
+      if (mountedRef.current) {
+        setData(result);
+        onSuccess?.(result);
+      }
+      return result;
+    } catch (err) {
+      const e = err instanceof Error ? err : new Error(String(err));
+      if (mountedRef.current) {
+        setError(e);
+        onError?.(e);
+      }
+      return void 0;
+    } finally {
+      if (mountedRef.current) setPending(false);
+    }
+  }, [url, method, headers, onSuccess, onError]);
+  const reset = useCallback2(() => {
+    setData(null);
+    setError(null);
+  }, []);
+  return { submit, data, error, pending, reset };
+}
+
+// client-router.ts
+import { createElement as createElement2, useCallback as useCallback3 } from "react";
+async function navigate(href) {
+  if (typeof document === "undefined") return;
+  const url = new URL(href, location.origin);
+  if (url.origin !== location.origin) {
+    location.href = href;
+    return;
+  }
+  const html = await fetch(url.pathname + url.search, {
+    headers: { accept: "text/html" }
+  }).then((r) => r.text());
+  const doc = new DOMParser().parseFromString(html, "text/html");
+  const rootEl = doc.getElementById("__weifuwu_root");
+  if (!rootEl) {
+    location.href = href;
+    return;
+  }
+  const newHtml = rootEl.innerHTML;
+  const propsMatch = html.match(/window\.__WEIFUWU_PROPS=(.+?)<\/script>/);
+  if (!propsMatch) {
+    location.href = href;
+    return;
+  }
+  const bundleMatch = html.match(/src="(\/__wfw\/client\/[^"]+\.js)"/);
+  const bundleUrl = bundleMatch ? bundleMatch[1] : null;
+  const currentRoot = document.getElementById("__weifuwu_root");
+  if (!currentRoot) {
+    location.href = href;
+    return;
+  }
+  ;
+  window.__WEIFUWU_ROOT?.unmount();
+  currentRoot.innerHTML = newHtml;
+  window.__WEIFUWU_PROPS = JSON.parse(propsMatch[1]);
+  history.pushState(null, "", url.pathname + url.search);
+  if (bundleUrl) {
+    const cacheBust = bundleUrl.includes("?") ? "&_t=" : "?_t=";
+    try {
+      await import(
+        /* @vite-ignore */
+        `${bundleUrl}${cacheBust}${Date.now()}`
+      );
+    } catch (e) {
+      console.error("[weifuwu/router] hydration failed:", e);
+    }
+  }
+}
+function useNavigate() {
+  return useCallback3((href) => navigate(href), []);
+}
+function Link({ href, children, onClick, ...props }) {
+  const handleClick = useCallback3((e) => {
+    if (e.button !== 0 || e.metaKey || e.ctrlKey || e.shiftKey || e.altKey) return;
+    e.preventDefault();
+    navigate(href);
+    onClick?.(e);
+  }, [href, onClick]);
+  return createElement2("a", { href, onClick: handleClick, ...props }, children);
+}
+
+// csrf.ts
+function csrf(options) {
+  const cookieName = options?.cookie ?? "_csrf";
+  const headerName = options?.header ?? "x-csrf-token";
+  const bodyKey = options?.key ?? "_csrf";
+  const excluded = new Set(options?.excludeMethods ?? ["GET", "HEAD", "OPTIONS"]);
+  return async (req, ctx, next) => {
+    const method = req.method.toUpperCase();
+    if (excluded.has(method)) {
+      let token = getCookies(req)[cookieName];
+      if (!token) {
+        token = crypto.randomUUID();
+        ctx.csrfToken = token;
+      } else {
+        ;
+        ctx.csrfToken = token;
+      }
+      const res = await next(req, ctx);
+      const tokenToSet = ctx.csrfToken;
+      if (tokenToSet && !getCookies(req)[cookieName]) {
+        return setCookie(res, cookieName, tokenToSet, {
+          httpOnly: true,
+          sameSite: "strict",
+          path: "/"
+        });
+      }
+      return res;
+    }
+    const cookieToken = getCookies(req)[cookieName];
+    let headerToken = req.headers.get(headerName);
+    if (!headerToken) {
+      try {
+        const body = await req.clone().json();
+        headerToken = body[bodyKey];
+      } catch {
+      }
+    }
+    if (!cookieToken || !headerToken || cookieToken !== headerToken) {
+      return new Response("CSRF token mismatch", { status: 403 });
+    }
+    return next(req, ctx);
+  };
+}
+
 // logdb/rest.ts
 function createHandler(entries) {
   return async (req, ctx) => {
@@ -7010,10 +7325,10 @@ function logdb(options) {
 }
 
 // iii/client.ts
-import crypto5 from "node:crypto";
+import crypto6 from "node:crypto";
 
 // iii/stream.ts
-var channels2 = /* @__PURE__ */ new Map();
+var channels = /* @__PURE__ */ new Map();
 function notify(stream, group, item, event, data) {
   const keys = [
     `${stream}`,
@@ -7022,7 +7337,7 @@ function notify(stream, group, item, event, data) {
   ];
   const msg = JSON.stringify({ type: "stream", stream_name: stream, group_id: group, item_id: item, event, data });
   for (const key of keys) {
-    const subs = channels2.get(key);
+    const subs = channels.get(key);
     if (!subs) continue;
     for (const ws of subs) {
       try {
@@ -7347,14 +7662,14 @@ function createStream(opts) {
     ...store,
     subscribe(ws, sub) {
       const key = sub.item_id ? `${sub.stream_name}:${sub.group_id}:${sub.item_id}` : sub.group_id ? `${sub.stream_name}:${sub.group_id}` : sub.stream_name;
-      if (!channels2.has(key)) channels2.set(key, /* @__PURE__ */ new Set());
-      channels2.get(key).add(ws);
+      if (!channels.has(key)) channels.set(key, /* @__PURE__ */ new Set());
+      channels.get(key).add(ws);
       if (redisSub && sub.stream_name) {
         redisSub.subscribe(`iii:stream:${sub.stream_name}`);
       }
     },
     unsubscribe(ws) {
-      for (const [, subs] of channels2) subs.delete(ws);
+      for (const [, subs] of channels) subs.delete(ws);
     },
     async migrate() {
       if (opts?.pg) {
@@ -7536,7 +7851,7 @@ function iii(opts = {}) {
   registerBuiltin("stream::send", (p) => stream.send(p.stream_name, p.group_id, p.type, p.data, p.id));
   registerBuiltin("stream::update", (p) => stream.update(p.stream_name, p.group_id, p.item_id, p.ops));
   function addLocalWorker(worker) {
-    const workerId = crypto5.randomUUID();
+    const workerId = crypto6.randomUUID();
     const reg = {
       id: workerId,
       name: worker.name,
@@ -7551,7 +7866,7 @@ function iii(opts = {}) {
       const triggerIds = [];
       for (const t of worker.getTriggers()) {
         if (t.input.function_id === fn.id) {
-          const tid = crypto5.randomUUID();
+          const tid = crypto6.randomUUID();
           triggers.set(tid, {
             id: tid,
             type: t.input.type,
@@ -7580,7 +7895,7 @@ function iii(opts = {}) {
     if (!worker) return;
     const handler = async (payload) => {
       if (!worker.ws) throw new Error(`Worker "${worker.name}" disconnected`);
-      const invocationId = crypto5.randomUUID();
+      const invocationId = crypto6.randomUUID();
       return new Promise((resolve11, reject) => {
         const timer = setTimeout(() => {
           pending.delete(invocationId);
@@ -7614,7 +7929,7 @@ function iii(opts = {}) {
   }
   const wsHandler = createWsHandler({
     registerRemoteWorker(ws, name) {
-      const id2 = crypto5.randomUUID();
+      const id2 = crypto6.randomUUID();
       workers.set(id2, { id: id2, name, ws, functions: [], triggers: [] });
       return id2;
     },
@@ -7625,7 +7940,7 @@ function iii(opts = {}) {
       addRemoteFunction(workerId, id2);
     },
     registerRemoteTrigger(workerId, input) {
-      const tid = crypto5.randomUUID();
+      const tid = crypto6.randomUUID();
       const reg = { id: tid, ...input, workerId };
       triggers.set(tid, reg);
       const worker = workers.get(workerId);
@@ -7990,6 +8305,7 @@ function registerWorker(url) {
   };
 }
 export {
+  Link,
   Router,
   TsxContext,
   agent,
@@ -7997,10 +8313,12 @@ export {
   auth,
   compress,
   cors,
+  createHub,
   createOpenAI,
   createSSEStream,
   createTestServer,
   createWorker,
+  csrf,
   defineConfig,
   deleteCookie,
   deploy,
@@ -8021,6 +8339,7 @@ export {
   logger,
   mailer,
   messager,
+  navigate,
   openai,
   opencode,
   postgres,
@@ -8043,7 +8362,10 @@ export {
   tool2 as tool,
   tsx,
   upload,
+  useAction,
+  useNavigate,
   useTsx,
+  useWebsocket,
   user,
   validate
 };