0x0LearnReferenceLibraries0x0.jmp0x1b.com

0x0 Live Framework

The 0x0 Live framework is the framework-facing layer for interactive

server-rendered applications. It joins the existing web runtime, generic Live

runtime, template tools, and live package family under one namespace:

frameworks/live.

Use this page as the current production baseline. The broader framework plan is

tracked in docs/zero-live-framework-roadmap.html, but this page describes only

implemented source, tests, documentation, and release evidence.

Current Shape

The baseline source namespace is frameworks/live/runtime.0x0.

It imports:

DOM patch, reconnect, heartbeat, upload, backpressure, and loopback

descriptors;

Live event, heartbeat, and backpressure routing;

live-component, live-router, live-socket, live-diff,

live-streams, live-form, live-uploads, and live-test.

The package map is source-owned at frameworks/live/package-map.tsv. It also

maps web, websocket, http-server, web-scaffold, and

pubsub-presence into the framework baseline because a Live app needs HTTP

values, WebSocket values, endpoint descriptors, generator descriptors, and

scoped realtime descriptors.

Baseline API Families

The framework namespace exposes wrappers for the implemented Live runtime

families:

runtime-backed web adapter;

These wrappers do not replace the existing packages. Existing imports remain

valid. The framework namespace gives applications and future generators a

single place to import the production Live surface.

App Directory Shape

A 0x0 Live app uses this source-owned directory contract:

Directory Purpose
src/ Pure domain and context modules.
web/ Web-facing app boundary.
web/live/ Live route and view modules.
web/components/ Shared component modules.
web/templates/ Checked *.html.0x0 template sources.
web/assets/ Static CSS and JavaScript assets.
web/auth/ Authentication and session modules.
web/scopes/ Scope identity and authorization modules.
test/ Tests and deterministic fixtures.

The machine-readable contract lives in

frameworks/live/app-directories.tsv.

App Metadata

Each Live app has a zero-live-app.tsv metadata file:


field	value
name	my-live-app
version	0.1.0
live-profile	production
routes-dir	web/live
templates-dir	web/templates
assets-dir	web/assets
tests-dir	test

Reusable Live framework packages use the package rows in

frameworks/live/package-metadata.tsv: package id, package kind, exports, and

capabilities.

App Discovery

Run local discovery with:


python3 tools/live-framework-app-discovery.py discover path/to/app \
  --report build/live-app/discovery.json

The discovery report records app metadata, required directories, route modules,

checked templates, CSS/JS assets, tests, and a deterministic manifest hash.

Discovery does not use network or remote services.

src/ and web/ are production paths. Files or directories with fixture

markers under those paths fail with LIVE_APP_FIXTURE_SCOPE. Test fixtures are

valid under test/.

Import Boundaries

Live apps should keep imports explicit:

descriptors, and frameworks/live/runtime.0x0;

frameworks/live/app.0x0 contains source descriptors for app directories,

metadata, route modules, templates, assets, tests, import boundaries, and

discovery reports.

Template Tokenizer And Parser

tools/html-template-source.py owns *.html.0x0 parsing.

Use parse when a tool needs structured template data:


python3 tools/html-template-source.py parse web/templates/home.html.0x0 \
  --out build/live/home.ast.json

The parser emits:

It rejects duplicate attributes, unknown zero-* directives, unsafe tags,

invalid event names, invalid handler names, invalid slot names, invalid

interpolation names, unbalanced interpolation braces, and invalid nesting.

Run:


make live-template-parser-check

tools/live-runtime.py template-check consumes the same parser AST, so runtime

template reports and future formatter/lowering/source-map work share one span

source.

Template Formatter

Format a checked template with:


python3 tools/html-template-source.py format web/templates/home.html.0x0 \
  --out web/templates/home.html.0x0

The formatter reads the parser AST and writes output only after parsing

succeeds. Formatting a template twice produces identical output.

Formatter configuration is JSON:


{
  "indent": "  ",
  "attribute_order": ["id", "class", "zero-if", "zero-on"],
  "wrap_attributes": 100
}

indent controls child indentation. attribute_order controls stable

attribute ordering; zero-on applies to all event attributes.

wrap_attributes controls multiline wrapping, with 0 meaning no wrapping.

Run:


make live-template-formatter-check

The gate proves formatter idempotence, configuration behavior, and

fail-closed invalid-template handling.

Template Lowering And Source Maps

Lower a checked template into ordinary 0x0 source with source-map and API

reference output:


python3 tools/live-runtime.py template-lower web/templates/home.html.0x0 \
  -o build/live/home.0x0 \
  --source-map build/live/home.map.json \
  --api-doc build/live/home.api.md \
  --debug-annotations \
  --report build/live/home.lower.json

The lowered source exports render-template, a typed function that returns a

LiveTemplateRender descriptor. Assigns become Text parameters. Event

bindings become stable event descriptor rows inside the render descriptor.

The source map is versioned and maps generated render parameters and event

symbols back to template line and column spans. The generated API document

lists the render function, parameters, event handlers, return descriptor, and

mapping hash. Invalid templates fail before generated source, source maps, or

API docs are written.

Run:


make live-template-lowering-check

The gate proves deterministic lowered output, source-map span coverage,

generated API docs, opt-in debug annotations, and fail-closed invalid-template

handling.

Component Attributes And Slots

Component boundaries are declared in

frameworks/live/component-boundaries.tsv. The table records component name,

attribute name, type, required/default status, global-attribute status, slot

name, and slot payload type.

Use <component zero-component="name"> to call a component:


<component zero-component="card" title="{{ title }}" class="panel">
  <slot name="header" zero-payload="Html">
    <h1>{{ title }}</h1>
  </slot>
  <slot name="footer">
    <p>Ready</p>
  </slot>
</component>

For the current card component:

defaults;

Validate component calls with:


python3 tools/live-component-boundary-check.py check web/templates/home.html.0x0 \
  --report build/live/home.components.json

Run:


make live-component-boundary-check

The gate rejects missing required attributes, unknown attributes, bad typed

attribute values, missing required slots, unknown slots, duplicate slots, and

bad slot payload declarations with stable diagnostics and template spans.

Layouts And Navigation

Live layout and navigation routes are declared in

frameworks/live/navigation.tsv. Each route records its view module, root

layout, app layout, page title, breadcrumb label, and redirect target metadata.

The runtime exposes descriptors for root layouts, app layouts, explicit layout

calls from live views, live links, patch navigation, redirect navigation, flash

messages, breadcrumbs, and route-aware active links.

Validate navigation evidence with:


python3 tools/live-navigation-check.py check \
  --report build/live/navigation.json

Run:


make live-navigation-check

The gate proves disconnected render, connected render, patch navigation,

redirect navigation, flash persistence, breadcrumbs, and active-link state. It

also rejects duplicate routes, missing required routes, invalid routes, and

routes that do not explicitly use the root and app layouts.

Colocated CSS Extraction

Live templates may colocate CSS in <style> blocks during authoring. Production

output extracts those blocks at compile time into hashed CSS assets and removes

the <style> blocks from the template.

Extract CSS with:


python3 tools/live-css-extract.py extract web/templates/card.html.0x0 \
  --out-dir build/live/assets \
  --template-out build/live/card.html.0x0 \
  --manifest build/live/card.css-manifest.json \
  --scope attribute \
  --report build/live/card.css-report.json

Supported scoping strategies are recorded in

frameworks/live/css-scope-policies.tsv:

prefix selectors with that attribute;

wrapper for future browser-native scope.

Inline style="..." attributes are rejected for production templates. The

asset manifest records content hashes and csp_safe: true.

Run:


make live-css-extraction-check

The gate proves hashed asset output, root ownership attributes, extracted

templates without <style> blocks, CSP-safe manifests, scope strategies, and a

browser-style scope probe showing scoped CSS does not match outside markup.

Colocated JavaScript And Hooks

Live templates may colocate hook JavaScript during authoring with

<script type="0x0-live-hook" zero-hook="HookName">. Production output

extracts those scripts at compile time into hashed JavaScript assets and

removes the <script> blocks from the template before parser validation.

Extract hooks with:


python3 tools/live-js-extract.py extract web/templates/card.html.0x0 \
  --out-dir build/live/assets \
  --template-out build/live/card.html.0x0 \
  --registry build/live/card.hooks.json \
  --report build/live/card.hooks-report.json

Hook scripts must define mounted, updated, and destroyed callbacks and

must push at least one Live event. Inline event handler attributes such as

onclick="..." are rejected.

frameworks/live/js-commands.tsv defines the current 0x0.Live.JS command

surface: show, hide, toggle, focus, dispatch, push, patch, and navigate. The

hook registry emits JSON command values for those commands so events can carry

structured command payloads.

Run:


make live-js-hooks-check

The gate proves hook extraction, hashed JavaScript assets, hook registration,

mount/update/destroy lifecycle callbacks, event push behavior, command JSON

encoding, CSP inline-script blocking, and loaded extracted-hook evidence.

Live Session State

Live sessions are explicit state values. frameworks/live/session-policy.tsv

records the supported fields and lifecycle policy: session id, route, params,

assigns, temporary assigns, private data, revision, flash, lifecycle status,

capabilities, TTL, and cleanup reasons.

The runtime exposes descriptors for:

Validate session behavior with:


python3 tools/live-session-check.py check \
  --report build/live/session.json

Run:


make live-session-state-check

The gate proves normal lifecycle, expired session handling, stale token

rejection, reconnect after transport interruption, cleanup, flash preservation,

revision advancement, temporary-assign clearing, private-data redaction, and

required callback policy.

Wire Protocol

The Live wire protocol is source-owned at frameworks/live/wire-protocol.tsv.

It defines these version 1 message kinds:

Each protocol row records message direction, required fields, revision policy,

maximum encoded payload size, implementation status, and notes. Runtime and

framework descriptors cover wire versions, generic wire messages, replies,

errors, close frames, encoding, and decoding.

Validate the protocol table and message fixtures with:


python3 tools/live-wire-protocol-check.py check \
  --report build/live/wire-protocol.json

Validate a single encoded frame with:


python3 tools/live-wire-protocol-check.py validate \
  --message '{"version":1,"kind":"event","session_id":"s1","event":"save","payload":{},"revision":1}'

Run:


make live-wire-protocol-check

The gate proves message-kind coverage, version negotiation, deterministic

encoding and decoding, required-field checks, revision checks, size limits,

unknown-kind rejection, malformed-frame rejection, and protocol-table drift

rejection.

WebSocket Transport

The Live WebSocket transport policy is source-owned at

frameworks/live/websocket-transport.tsv. It records endpoint path, allowed

origins, accepted subprotocols, idle timeout, close timeout, frame size limit,

connection limit, rate limit, masking policy, and fragmentation policy.

Runtime and framework descriptors cover upgrade validation, frame values,

transport policy, close frames, and graceful shutdown.

Validate the full transport policy and deterministic loopback evidence with:


python3 tools/live-websocket-transport-check.py check \
  --report build/live/websocket-transport.json

Validate a single upgrade request with:


python3 tools/live-websocket-transport-check.py upgrade \
  --headers '{"Host":"0x0.jmp0x1b.com",":method":"GET","Upgrade":"websocket","Connection":"Upgrade","Sec-WebSocket-Key":"AQIDBAUGBwgJCgsMDQ4PEC==","Sec-WebSocket-Version":"13","Sec-WebSocket-Protocol":"0x0.live.v1","Origin":"https://0x0.jmp0x1b.com"}'

Validate a single client frame with:


python3 tools/live-websocket-transport-check.py frame \
  --frame-hex 81850102030469676f686e

Run:


make live-websocket-transport-check

The gate proves accepted and rejected upgrades, text, binary, ping, pong,

close, and fragmented frames, client masking, size limits, idle timeout,

rate-limit rejection, bounded concurrency, graceful close, and descriptor leak

checks.

Diff Engine

The Live diff engine is source-owned at frameworks/live/diff-operations.tsv.

It defines append, prepend, replace, remove, attribute, text, and noop

operations. Runtime and framework descriptors cover diff operations, patches,

revision checks, and recovery snapshots.

The engine uses keyed node identity. Node records include static and dynamic

segment metadata so unchanged static structure can remain stable while dynamic

assign-backed segments update.

Validate diff behavior with:


python3 tools/live-diff-engine-check.py check \
  --report build/live/diff-engine.json

Apply a single patch request with:


python3 tools/live-diff-engine-check.py apply \
  --request '{"base_revision":1,"state":{"revision":1,"root":"root","order":{"root":["title"]},"nodes":{"root":{"tag":"main","attrs":{},"text":"","static":true,"dynamic":["title"]},"title":{"tag":"h1","attrs":{},"text":"Old","static":false,"dynamic":[]}}},"operations":[{"op":"text","key":"title","value":"New"}]}'

Run:


make live-diff-engine-check

The gate proves all operation kinds, deterministic unchanged/noop

serialization, keyed node checks, stale-revision rejection, and recovery patch

generation.

Browser Client Bridge

The source-owned browser client is

frameworks/live/client/zero-live-client.js. Its capability policy is

frameworks/live/browser-client.tsv.

The client exposes createClient and implements:

Bundle and validate the client asset with:


python3 tools/live-browser-client-check.py check \
  --out-dir build/live/browser-assets \
  --report build/live/browser-client.json

Run:


make live-browser-client-check

The gate emits a hashed external JavaScript asset, records no-inline-script

CSP mode, rejects unsafe eval-style source, and runs the client against a

deterministic browser model that proves initial join, event round trip,

heartbeat, patch application, reconnect, upload frames, hook lifecycle, debug

logging, and CSP-safe asset loading.

Forms And Validation

Live form input requirements are source-owned at

frameworks/live/form-fields.tsv. Runtime and framework descriptors cover

form state, field state, validation, submit status, and input components.

Implemented input kinds:

Run:


make live-form-check

The gate proves value changes, blur/touched tracking, dirty tracking, live

validation, server validation, submit status, text/textarea/checkbox/radio/

select/file/hidden component coverage, aria-invalid, aria-describedby,

missing-accessibility rejection, and unknown-field rejection.

Streams And Collections

Live stream operations are source-owned at

frameworks/live/stream-operations.tsv. Runtime and framework descriptors

cover stream state, stream operations, stream patches, scoped PubSub, and

memory/payload budgets.

Implemented operations:

Run:


make live-streams-check

The gate applies stream operations to a 1000-item keyed list, proves ordering,

records patch byte size, validates scoped PubSub topics, enforces memory and

payload budgets, and rejects duplicate keys, unknown operations, bad budgets,

and missing operation rows.

Uploads

Live upload policy is source-owned at frameworks/live/upload-policy.tsv.

Runtime and framework descriptors cover upload entries, chunks, progress,

cancel, consume, and error states.

Run:


make live-uploads-check

The gate proves accepted uploads, chunk metadata, progress events,

cancellation, consume state, temporary-file cleanup, direct-to-object-store

handoff metadata, rejected MIME types, oversized files, denied path traversal,

bad extensions, and missing cleanup policy rejection.

Async Tasks

Live async task policy is source-owned at frameworks/live/async-policy.tsv.

Runtime and framework descriptors cover task state, progress, result, failure,

timeout, and cancellation.

Run:


make live-async-check

The gate proves success, failure, cancellation, timeout, disconnect, reconnect,

supervised restart, backpressure, terminal task cleanup, invalid progress

rejection, and bad policy rejection.

PubSub And Scoped Broadcast

Live PubSub policy is source-owned at frameworks/live/pubsub-policy.tsv.

Runtime and framework descriptors cover topics, subscriptions, broadcasts,

presence, leave events, and replay for reconnecting clients.

Run:


make live-pubsub-check

The gate proves scoped topic construction, subscription, broadcast delivery,

presence registration, leave cleanup, bounded replay, cross-scope delivery

denial, invalid scope rejection, and incomplete policy rejection.

Scoped Data Access

Live scoped data policy is source-owned at frameworks/live/scope-policy.tsv.

Runtime and framework descriptors cover request scope, route scope, session

scope, scoped context calls, system scopes, and scope denial.

Run:


make live-scope-check

The gate proves current-user scope shape, organization and session metadata,

IP and request id capture, capability lists, route assignment, session

assignment, context calls with scope as the first argument, system scopes,

missing-scope denial, tenant-mismatch denial, missing-capability denial, and

incomplete policy rejection.

Authentication And Session Security

Live auth policy is source-owned at frameworks/live/auth-policy.tsv. Runtime

and framework descriptors cover magic-link login, registration, optional

password auth, recent-auth, session renewal, logout-all, token rotation, CSRF,

origin checks, remember-me, and a local-only dev mailbox.

Run:


make live-auth-check

The gate proves signed and expiring magic links, registration tokens, optional

password verification, recent-auth checks for sensitive actions, CSRF

validation, same-origin enforcement, session renewal, token rotation,

logout-all revocation, signed remember-me tokens, local-only dev mailbox

behavior, replayed-token denial, bad-password denial, expired recent-auth

denial, CSRF denial, origin denial, production mailbox denial, and incomplete

policy rejection.

Router And Endpoint

Live endpoint policy is source-owned at

frameworks/live/endpoint-policy.tsv, and routes are source-owned at

frameworks/live/routes.tsv. Runtime and framework descriptors cover endpoint

configuration, HTTP routes, Live routes, pipelines, plugs, route

introspection, and endpoint dispatch.

Run:


make live-endpoint-check

The gate proves host, port, TLS profile, static root, WebSocket path, Live

session path, request id, compression, health route, HTTP route, Live route,

static asset route, 404, 405, middleware ordering, route introspection,

duplicate-route denial, bad middleware order denial, and incomplete policy

rejection.

Generators

Live generator metadata is source-owned at frameworks/live/generators.tsv.

Runtime and framework descriptors cover generator kind, generated files, and

generated apps.

Run:


make live-generator-check

The gate proves generators for new app, Live resource, HTML resource, JSON

resource, auth, scope, component, layout, and package. The generated app is

validated through tools/live-framework-app-discovery.py, so it includes app

metadata, routes, templates, assets, auth, scopes, tests, package metadata,

docs, and release evidence rows without manual edits. The gate also rejects

unknown generator kinds, unsafe names, unsafe overwrites, and incomplete

catalogs.

Developer Server

Live developer server policy is source-owned at

frameworks/live/dev-server-policy.tsv. Runtime and framework descriptors

cover the zero serve command, development server state, bounded file watches,

reload events, browser error overlays, and resource caps.

Run:


make live-dev-server-check

The gate proves template reload, component reload, CSS rebuild, JavaScript

rebuild, route reload, browser reload messages, error overlay payloads, local

host/port policy, watch-file caps, event-batch caps, RSS caps, unknown watched

path denial, cap overflow denial, and incomplete policy rejection. The gate is

bounded and does not leave a watcher or server process running.

Testing Framework

Live test helper metadata is source-owned at

frameworks/live/test-helpers.tsv. Runtime and framework descriptors cover

test helpers, render helpers, event helpers, assertions, reconnect, auth scope,

and browser tests.

Run:


make live-test-framework-check

The gate proves disconnected render, connected render, click, submit, change,

upload, patch, redirect, assert HTML, assert patch, assert push event,

reconnect, auth scope, generated CRUD flow, generated auth flow, and

production browser client behavior through tests/live-browser-client-node.js.

It also rejects missing selectors and incomplete helper catalogs.

Accessibility And Design System

Live design metadata is source-owned at

frameworks/live/design-components.tsv, and theme tokens are source-owned at

frameworks/live/theme-tokens.tsv. Runtime and framework descriptors cover

design components, themes, focus handling, keyboard navigation, and WCAG

checks.

Run:


make live-accessibility-check

The gate proves accessible button, link, modal, table, form, flash,

navigation, dropdown, tabs, pagination, and empty-state components. It also

proves light and dark theme tokens, focus handling, keyboard navigation,

generated UI checks for forms, modals, navigation, and live updates, missing

attribute denial, missing component denial, and bad theme denial.

Observability And Debugging

Live observability policy is source-owned at

frameworks/live/observability-policy.tsv. Runtime and framework descriptors

cover structured logs, metrics, trace spans, debug annotations, error classes,

and session/request/event/trace correlation.

Run:


make live-observability-check

The gate proves that a failing Live session emits correlated route, event,

diff, and transport evidence. The report includes session id, request id, event

id, trace id, route, patch size, queue depth, reconnect count, stable error

class, dev-mode debug annotations, production redaction mode, missing

correlation denial, missing policy denial, and unsafe secret-policy denial.

Security Hardening

Live security policy is source-owned at frameworks/live/security-policy.tsv.

Runtime and framework descriptors cover CSP, asset integrity, XSS checks,

origin policy, host policy, request body limits, upload scan hooks, rate

limits, capability denial, session secret rotation, and key management.

Run:


make live-security-check

The gate proves production CSP denies inline assets, generated assets carry

SHA-256 integrity, user-controlled template output is escaped, unsafe event

names are denied, origins and hosts are allowlisted, oversized request bodies

are rejected, upload scanning fails closed, rate limits reject excess traffic,

capability and scope denials happen before runtime work, session secrets rotate

with active and previous keys, and key custody is explicit.

Performance And Load

Live performance budgets are source-owned at

frameworks/live/performance-budgets.tsv. Runtime and framework descriptors

cover performance budgets, load scenarios, payload compression policy, and

regression thresholds.

Run:


make live-performance-check

The gate proves initial render, connect, event latency, patch size, reconnect,

streams, uploads, concurrent sessions, memory, CPU, compression, and regression

budgets. It rejects over-budget rows, missing workloads, and failed regression

status.

Evidence Ledger

release/live-framework-surface.tsv is the source of truth for this baseline.

Each row records:

The ledger includes rows for the framework namespace, generic runtime, web

runtime adapter, Live template tools, documentation, tests, and package family.

Gate

Run:


make live-framework-surface-check

The gate is bounded and local. It does not run heavy compilers, browser

automation, remote deployment, or public site publishing. It verifies that:

implemented status;

smoke tests, READMEs, and registry pages;

entries, ADR, and RFC are present.

Run the existing runtime probe too when changing runtime behavior:


make live-runtime-check

make live-runtime-check validates checked template discovery/lowering,

loopback Live transport evidence, malformed frame rejection, unauthorized token

denial, client bridge reports, and app hook reports.

Run the app shape gate when changing generators, app layout, metadata, or

discovery behavior:


make live-framework-app-shape-check

The gate creates a minimal Live app locally, discovers it without network

services, and proves misplaced production fixtures and missing metadata fail

closed.

Current Boundary

This baseline is production evidence for the unified namespace and ledger. It

does not claim that every future framework capability is complete. Template

parser hardening, formatter behavior, component slots, colocated assets, full

browser client behavior, forms, streams, uploads, scoped data access, auth,

generators, developer server, accessibility, observability, performance, and

Kukulkan adoption each have their own roadmap milestone and must close through

their own implementation and tests before they are listed as implemented.