feat(typedserver): Remove legacy Express-based servertools, drop express deps, and refactor TypedServer to SmartServe + typedrouter with CORS support

ts/classes.typedserver.ts

@@ -381,6 +381,25 @@ export class TypedServer {
     };
   }
 
+  /**
+   * Add CORS headers to a response
+   */
+  private addCorsHeaders(response: Response): Response {
+    if (!this.options.cors) return response;
+
+    const headers = new Headers(response.headers);
+    headers.set('Access-Control-Allow-Origin', '*');
+    headers.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS, PATCH');
+    headers.set('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With');
+    headers.set('Access-Control-Max-Age', '86400');
+
+    return new Response(response.body, {
+      status: response.status,
+      statusText: response.statusText,
+      headers
+    });
+  }
+
   /**
    * Main request handler - routes to appropriate sub-handlers
    */
@@ -389,6 +408,25 @@ export class TypedServer {
     const path = url.pathname;
     const method = request.method.toUpperCase() as THttpMethod;
 
+    // Handle OPTIONS preflight for CORS
+    if (method === 'OPTIONS' && this.options.cors) {
+      return this.addCorsHeaders(new Response(null, { status: 204 }));
+    }
+
+    // Process the request and wrap response with CORS headers
+    const response = await this.handleRequestInternal(request, url, path, method);
+    return this.addCorsHeaders(response);
+  }
+
+  /**
+   * Internal request handler - routes to appropriate sub-handlers
+   */
+  private async handleRequestInternal(
+    request: Request,
+    url: URL,
+    path: string,
+    method: THttpMethod
+  ): Promise<Response> {
     // First, try to match via ControllerRegistry (decorated routes)
     const match = plugins.smartserve.ControllerRegistry.matchRoute(path, method);
     if (match) {