| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2026-06-26 | 2.9 kB | |
| v1.0.0-beta.4 source code.tar.gz | 2026-06-26 | 3.0 MB | |
| v1.0.0-beta.4 source code.zip | 2026-06-26 | 3.7 MB | |
| Totals: 3 Items | 6.7 MB | 3 | |
The fifth 1.0.0 beta. Keeps the 1.0 line in beta while adding a handler
escape hatch, a routing-safety guard, and a broad documentation accuracy pass.
Projects on ^1.0.0-beta.3 upgrade with a version bump. @daloyjs/core,
create-daloy, and the JSR package @daloyjs/daloy move to 1.0.0-beta.4 in
lockstep, and every create-daloy template now pins
@daloyjs/core@^1.0.0-beta.4.
Added
- Raw
Responsereturn from handlers. A route handler (or anafterHandletransform) may now return a web-standardResponsedirectly, an escape hatch for streaming, proxying, or pre-built bodies (for example a Vercel AI SDKresult.toUIMessageStreamResponse()or a forwarded upstreamfetch()). A returnedResponsebypasses response-schema validation by design (no schema can describe an opaque stream), but is finalized through the exact same pipeline as every other response, so no security control is skipped:ctx.setheaders (secureHeaders/ CORS) are copied on,x-request-idis added when absent,onSend/onResponsehooks run, server-fingerprint headers are stripped, and aHEADrequest still yields an empty body. Prefer the structured{ status, body }result whenever a schema can describe the payload. - AI SDK, auth, and database guides. New website docs for the Vercel AI SDK integration, Better Auth, LoginRadius, DuckDB, and Replit deployment, plus a streaming docs refresh.
Fixed
- Routing-safety guard: array or keyless
hooksno longer silently no-op.app.route({ hooks })now throws whenhooksis an array, or an object that carries none of the recognized hook keys (onRequest,beforeHandle,afterHandle,onError,onSend,onResponse). Previously such a value was read asundefinedand applied nothing, so a route that looked guarded (hooks: [ipRestriction(...), bearerAuth(...)]) could ship wide open. Compose multiple bundles withevery(...)(all must pass) orsome(...)(any may pass). An empty{}stays an explicit, allowed no-op. - Documentation accuracy pass. Verified and corrected concrete examples
across the docs against the published framework: the errors page now lists
ConflictError(409) andRequestHeaderFieldsTooLargeError(431); the response-cacheX-Cachemarker claim is scoped to requests the cache actually handles; and the API reference plus the security, auth, geo-block, webhook-delivery, and database guides were corrected to match the real route, hook, and middleware APIs.
Changed
- Version:
1.0.0-beta.3→1.0.0-beta.4across the lockstep packages (@daloyjs/core,create-daloy, and JSR@daloyjs/daloy), with thecreate-daloytemplates, workshop, README status line, website version reference, Deno adapter docs, and SBOMs synced to1.0.0-beta.4.
Full changelog: https://github.com/daloyjs/daloy/compare/v1.0.0-beta.3...v1.0.0-beta.4