Download Latest Version v1.0.0-beta.4 source code.tar.gz (3.0 MB)
Email in envelope

Get an email when there's a new version of DaloyJS

Home / v1.0.0-beta.4
Name Modified Size InfoDownloads / Week
Parent folder
README.md 2026-06-26 2.9 kB
v1.0.0-beta.4 source code.tar.gz 2026-06-26 3.0 MB
v1.0.0-beta.4 source code.zip 2026-06-26 3.7 MB
Totals: 3 Items   6.7 MB 3

The fifth 1.0.0 beta. Keeps the 1.0 line in beta while adding a handler escape hatch, a routing-safety guard, and a broad documentation accuracy pass. Projects on ^1.0.0-beta.3 upgrade with a version bump. @daloyjs/core, create-daloy, and the JSR package @daloyjs/daloy move to 1.0.0-beta.4 in lockstep, and every create-daloy template now pins @daloyjs/core@^1.0.0-beta.4.

Added

  • Raw Response return from handlers. A route handler (or an afterHandle transform) may now return a web-standard Response directly, an escape hatch for streaming, proxying, or pre-built bodies (for example a Vercel AI SDK result.toUIMessageStreamResponse() or a forwarded upstream fetch()). A returned Response bypasses response-schema validation by design (no schema can describe an opaque stream), but is finalized through the exact same pipeline as every other response, so no security control is skipped: ctx.set headers (secureHeaders / CORS) are copied on, x-request-id is added when absent, onSend / onResponse hooks run, server-fingerprint headers are stripped, and a HEAD request still yields an empty body. Prefer the structured { status, body } result whenever a schema can describe the payload.
  • AI SDK, auth, and database guides. New website docs for the Vercel AI SDK integration, Better Auth, LoginRadius, DuckDB, and Replit deployment, plus a streaming docs refresh.

Fixed

  • Routing-safety guard: array or keyless hooks no longer silently no-op. app.route({ hooks }) now throws when hooks is an array, or an object that carries none of the recognized hook keys (onRequest, beforeHandle, afterHandle, onError, onSend, onResponse). Previously such a value was read as undefined and applied nothing, so a route that looked guarded (hooks: [ipRestriction(...), bearerAuth(...)]) could ship wide open. Compose multiple bundles with every(...) (all must pass) or some(...) (any may pass). An empty {} stays an explicit, allowed no-op.
  • Documentation accuracy pass. Verified and corrected concrete examples across the docs against the published framework: the errors page now lists ConflictError (409) and RequestHeaderFieldsTooLargeError (431); the response-cache X-Cache marker claim is scoped to requests the cache actually handles; and the API reference plus the security, auth, geo-block, webhook-delivery, and database guides were corrected to match the real route, hook, and middleware APIs.

Changed

  • Version: 1.0.0-beta.31.0.0-beta.4 across the lockstep packages (@daloyjs/core, create-daloy, and JSR @daloyjs/daloy), with the create-daloy templates, workshop, README status line, website version reference, Deno adapter docs, and SBOMs synced to 1.0.0-beta.4.

Full changelog: https://github.com/daloyjs/daloy/compare/v1.0.0-beta.3...v1.0.0-beta.4

Source: README.md, updated 2026-06-26