npm - @alteran/astro - Versions diffs - 0.1.0 - Mend

@alteran/astro 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

package/README.md +558 -0
package/index.d.ts +12 -0
package/index.js +129 -0
package/package.json +75 -0
package/src/_worker.ts +44 -0
package/src/app.ts +10 -0
package/src/db/client.ts +7 -0
package/src/db/dal.ts +97 -0
package/src/db/repo.ts +135 -0
package/src/db/schema.ts +89 -0
package/src/db/seed.ts +14 -0
package/src/env.d.ts +4 -0
package/src/handlers/debug.ts +34 -0
package/src/handlers/health.ts +6 -0
package/src/handlers/ready.ts +14 -0
package/src/handlers/root.ts +5 -0
package/src/handlers/wellknown.ts +7 -0
package/src/handlers/xrpc.repo.core.ts +57 -0
package/src/handlers/xrpc.server.createSession.ts +25 -0
package/src/handlers/xrpc.server.refreshSession.ts +43 -0
package/src/lib/auth.ts +20 -0
package/src/lib/blockstore-gc.ts +197 -0
package/src/lib/cache.ts +236 -0
package/src/lib/car-reader.ts +157 -0
package/src/lib/commit-log-pruning.ts +76 -0
package/src/lib/commit.ts +162 -0
package/src/lib/config.ts +208 -0
package/src/lib/errors.ts +142 -0
package/src/lib/firehose/frames.ts +229 -0
package/src/lib/firehose/parse.ts +82 -0
package/src/lib/firehose/validation.ts +9 -0
package/src/lib/handle.ts +90 -0
package/src/lib/jwt.ts +150 -0
package/src/lib/logger.ts +73 -0
package/src/lib/metrics.ts +194 -0
package/src/lib/mst/blockstore.ts +105 -0
package/src/lib/mst/index.ts +3 -0
package/src/lib/mst/mst.ts +643 -0
package/src/lib/mst/util.ts +86 -0
package/src/lib/ratelimit.ts +34 -0
package/src/lib/sequencer.ts +10 -0
package/src/lib/streaming-car.ts +137 -0
package/src/lib/token-cleanup.ts +38 -0
package/src/lib/tracing.ts +136 -0
package/src/lib/util.ts +55 -0
package/src/middleware.ts +102 -0
package/src/pages/.well-known/atproto-did.ts +7 -0
package/src/pages/.well-known/did.json.ts +76 -0
package/src/pages/debug/blob/[...key].ts +27 -0
package/src/pages/debug/db/bootstrap.ts +23 -0
package/src/pages/debug/db/commits.ts +20 -0
package/src/pages/debug/gc/blobs.ts +16 -0
package/src/pages/debug/record.ts +33 -0
package/src/pages/health.ts +68 -0
package/src/pages/index.astro +57 -0
package/src/pages/index.ts +2 -0
package/src/pages/ready.ts +16 -0
package/src/pages/xrpc/com.atproto.identity.resolveHandle.ts +38 -0
package/src/pages/xrpc/com.atproto.identity.updateHandle.ts +45 -0
package/src/pages/xrpc/com.atproto.repo.applyWrites.ts +73 -0
package/src/pages/xrpc/com.atproto.repo.createRecord.ts +36 -0
package/src/pages/xrpc/com.atproto.repo.deleteRecord.ts +36 -0
package/src/pages/xrpc/com.atproto.repo.describeRepo.ts +51 -0
package/src/pages/xrpc/com.atproto.repo.getRecord.ts +25 -0
package/src/pages/xrpc/com.atproto.repo.listRecords.ts +57 -0
package/src/pages/xrpc/com.atproto.repo.putRecord.ts +36 -0
package/src/pages/xrpc/com.atproto.repo.uploadBlob.ts +53 -0
package/src/pages/xrpc/com.atproto.server.createSession.ts +92 -0
package/src/pages/xrpc/com.atproto.server.deleteSession.ts +25 -0
package/src/pages/xrpc/com.atproto.server.describeServer.ts +17 -0
package/src/pages/xrpc/com.atproto.server.getSession.ts +46 -0
package/src/pages/xrpc/com.atproto.server.refreshSession.ts +67 -0
package/src/pages/xrpc/com.atproto.sync.getBlocks.json.ts +16 -0
package/src/pages/xrpc/com.atproto.sync.getBlocks.ts +56 -0
package/src/pages/xrpc/com.atproto.sync.getCheckout.json.ts +20 -0
package/src/pages/xrpc/com.atproto.sync.getCheckout.ts +43 -0
package/src/pages/xrpc/com.atproto.sync.getHead.ts +11 -0
package/src/pages/xrpc/com.atproto.sync.getLatestCommit.ts +42 -0
package/src/pages/xrpc/com.atproto.sync.getRecord.ts +63 -0
package/src/pages/xrpc/com.atproto.sync.getRepo.json.ts +20 -0
package/src/pages/xrpc/com.atproto.sync.getRepo.range.ts +34 -0
package/src/pages/xrpc/com.atproto.sync.getRepo.ts +17 -0
package/src/pages/xrpc/com.atproto.sync.listBlobs.ts +53 -0
package/src/pages/xrpc/com.atproto.sync.listRepos.ts +31 -0
package/src/services/car.ts +249 -0
package/src/services/r2-blob-store.ts +87 -0
package/src/services/repo-manager.ts +339 -0
package/src/shims/astro-internal-handler.d.ts +4 -0
package/src/worker/sequencer.ts +563 -0
package/types/env.d.ts +48 -0

package/src/lib/ratelimit.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import type { Env } from '../env';
+// Rate limiting (best-effort, D1 based)
+export async function checkRate(env: Env, request: Request, bucket: 'writes' | 'blob'): Promise<Response | null> {
+  try {
+    const limit = Number((env.PDS_RATE_LIMIT_PER_MIN as string | undefined) ?? (bucket === 'blob' ? 30 : 60));
+    const now = Date.now();
+    const windowMs = 60_000;
+    const win = Math.floor(now / windowMs);
+    const ip = request.headers.get('cf-connecting-ip') ?? request.headers.get('x-forwarded-for') ?? '127.0.0.1';
+    await env.DB.exec("CREATE TABLE IF NOT EXISTS rate_limit (ip TEXT NOT NULL, bucket TEXT NOT NULL, window INTEGER NOT NULL, count INTEGER NOT NULL, PRIMARY KEY (ip,bucket,window))");
+    const row: any = await env.DB.prepare('SELECT count FROM rate_limit WHERE ip=? AND bucket=? AND window=?').bind(ip, bucket, win).first();
+    const count = row?.count ? Number(row.count) : 0;
+    if (count >= limit) return rateLimited();
+    if (count === 0) {
+      await env.DB.prepare('INSERT OR REPLACE INTO rate_limit (ip,bucket,window,count) VALUES (?,?,?,1)').bind(ip, bucket, win).run();
+    } else {
+      await env.DB.prepare('UPDATE rate_limit SET count=count+1 WHERE ip=? AND bucket=? AND window=?').bind(ip, bucket, win).run();
+    }
+    const headers = new Headers();
+    headers.set('x-ratelimit-limit', String(limit));
+    headers.set('x-ratelimit-remaining', String(Math.max(0, limit - count - 1)));
+    headers.set('x-ratelimit-window', '60s');
+    return null;
+  } catch {
+    return null; // fail-open
+  }
+}
+function rateLimited() {
+  return new Response(JSON.stringify({ error: 'RateLimited' }), { status: 429 });
+}

package/src/lib/sequencer.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { Env } from '../env';
+export async function notifySequencer(env: Env, obj: unknown) {
+  if (!env.SEQUENCER) return;
+  try {
+    const id = env.SEQUENCER.idFromName('default');
+    const stub = env.SEQUENCER.get(id);
+    await stub.fetch('https://sequencer/commit', { method: 'POST', body: JSON.stringify(obj) });
+  } catch {}
+}

package/src/lib/streaming-car.ts ADDED Viewed

@@ -0,0 +1,137 @@
+/**
+ * Streaming CAR encoder for Cloudflare Workers
+ *
+ * This module provides memory-efficient streaming CAR encoding to stay within
+ * the 128MB memory limit. Instead of buffering entire CAR files in memory,
+ * blocks are streamed as they're read from storage.
+ */
+import { CID } from 'multiformats/cid';
+import * as dagCbor from '@ipld/dag-cbor';
+export interface Block {
+  cid: CID;
+  bytes: Uint8Array;
+}
+/**
+ * Encode a varint (variable-length integer)
+ */
+function encodeVarint(n: number): Uint8Array {
+  const bytes: number[] = [];
+  while (n >= 0x80) {
+    bytes.push((n & 0x7f) | 0x80);
+    n >>>= 7;
+  }
+  bytes.push(n);
+  return new Uint8Array(bytes);
+}
+/**
+ * Concatenate Uint8Arrays efficiently
+ */
+function concat(parts: Uint8Array[]): Uint8Array {
+  const size = parts.reduce((n, p) => n + p.byteLength, 0);
+  const buf = new Uint8Array(size);
+  let off = 0;
+  for (const p of parts) {
+    buf.set(p, off);
+    off += p.byteLength;
+  }
+  return buf;
+}
+/**
+ * Create a streaming CAR encoder
+ *
+ * Usage:
+ * ```typescript
+ * const stream = createStreamingCarEncoder([rootCid]);
+ * const readable = new ReadableStream({
+ *   async start(controller) {
+ *     controller.enqueue(stream.header());
+ *     for await (const block of blocks) {
+ *       controller.enqueue(stream.encodeBlock(block));
+ *     }
+ *     controller.close();
+ *   }
+ * });
+ * ```
+ */
+export class StreamingCarEncoder {
+  private headerBytes: Uint8Array;
+  constructor(roots: CID[]) {
+    // Encode header once
+    const header = dagCbor.encode({ version: 1, roots });
+    const headerLength = encodeVarint(header.byteLength);
+    this.headerBytes = concat([headerLength, header]);
+  }
+  /**
+   * Get the CAR header bytes
+   */
+  header(): Uint8Array {
+    return this.headerBytes;
+  }
+  /**
+   * Encode a single block for streaming
+   */
+  encodeBlock(block: Block): Uint8Array {
+    const blockData = concat([block.cid.bytes, block.bytes]);
+    const blockLength = encodeVarint(blockData.byteLength);
+    return concat([blockLength, blockData]);
+  }
+}
+/**
+ * Create a ReadableStream that encodes blocks as CAR format
+ *
+ * @param roots - Root CIDs for the CAR file
+ * @param blockIterator - Async iterator that yields blocks
+ * @returns ReadableStream of CAR-encoded bytes
+ */
+export function createCarStream(
+  roots: CID[],
+  blockIterator: AsyncIterable<Block>
+): ReadableStream<Uint8Array> {
+  const encoder = new StreamingCarEncoder(roots);
+  let headerSent = false;
+  return new ReadableStream({
+    async start(controller) {
+      try {
+        // Send header first
+        controller.enqueue(encoder.header());
+        headerSent = true;
+        // Stream blocks
+        for await (const block of blockIterator) {
+          controller.enqueue(encoder.encodeBlock(block));
+        }
+        controller.close();
+      } catch (error) {
+        controller.error(error);
+      }
+    },
+  });
+}
+/**
+ * Create a block iterator from an array (for compatibility)
+ */
+export async function* blocksFromArray(blocks: Block[]): AsyncIterable<Block> {
+  for (const block of blocks) {
+    yield block;
+  }
+}
+/**
+ * Estimate memory usage for a block
+ */
+export function estimateBlockMemory(block: Block): number {
+  // CID bytes + block bytes + overhead
+  return block.cid.bytes.byteLength + block.bytes.byteLength + 100;
+}

package/src/lib/token-cleanup.ts ADDED Viewed

@@ -0,0 +1,38 @@
+import type { Env } from '../env';
+import { drizzle } from 'drizzle-orm/d1';
+import { token_revocation } from '../db/schema';
+import { lt } from 'drizzle-orm';
+/**
+ * Clean up expired tokens from the revocation table
+ * This prevents the table from growing indefinitely
+ */
+export async function cleanupExpiredTokens(env: Env): Promise<number> {
+  const db = drizzle(env.DB);
+  const now = Math.floor(Date.now() / 1000);
+  // Delete tokens where expiry is in the past
+  const result = await db.delete(token_revocation)
+    .where(lt(token_revocation.exp, now))
+    .run();
+  return result.meta.changes || 0;
+}
+/**
+ * Lazy cleanup - only runs cleanup occasionally (1% of requests)
+ * This spreads the cleanup load across requests
+ */
+export async function lazyCleanupExpiredTokens(env: Env): Promise<void> {
+  // Only run cleanup 1% of the time to avoid overhead
+  if (Math.random() > 0.01) return;
+  try {
+    const deleted = await cleanupExpiredTokens(env);
+    if (deleted > 0) {
+      console.log(`Cleaned up ${deleted} expired tokens`);
+    }
+  } catch (error) {
+    console.error('Failed to cleanup expired tokens:', error);
+  }
+}

package/src/lib/tracing.ts ADDED Viewed

@@ -0,0 +1,136 @@
+/**
+ * Performance Tracing
+ * Measures time spent in critical paths
+ */
+import { metrics, METRICS } from './metrics';
+import { logger } from './logger';
+export interface TraceSpan {
+  name: string;
+  startTime: number;
+  labels?: Record<string, string>;
+}
+/**
+ * Performance tracer for measuring operation durations
+ */
+export class Tracer {
+  private spans: Map<string, TraceSpan> = new Map();
+  /**
+   * Start a trace span
+   */
+  start(name: string, labels?: Record<string, string>): string {
+    const spanId = `${name}-${Date.now()}-${Math.random()}`;
+    this.spans.set(spanId, {
+      name,
+      startTime: Date.now(),
+      labels,
+    });
+    return spanId;
+  }
+  /**
+   * End a trace span and record metrics
+   */
+  end(spanId: string): number | null {
+    const span = this.spans.get(spanId);
+    if (!span) {
+      return null;
+    }
+    const duration = Date.now() - span.startTime;
+    this.spans.delete(spanId);
+    // Record metric based on span name
+    if (span.name.startsWith('db.')) {
+      metrics.observe(METRICS.DB_QUERY_DURATION_MS, duration, span.labels);
+    } else if (span.name.startsWith('r2.')) {
+      metrics.observe(METRICS.R2_OPERATION_DURATION_MS, duration, span.labels);
+    }
+    // Log slow operations (> 1 second)
+    if (duration > 1000) {
+      logger.warn(`Slow operation detected: ${span.name}`, {
+        duration,
+        ...span.labels,
+      });
+    }
+    return duration;
+  }
+  /**
+   * Trace an async function
+   */
+  async trace<T>(
+    name: string,
+    fn: () => Promise<T>,
+    labels?: Record<string, string>
+  ): Promise<T> {
+    const spanId = this.start(name, labels);
+    try {
+      return await fn();
+    } finally {
+      this.end(spanId);
+    }
+  }
+  /**
+   * Trace a synchronous function
+   */
+  traceSync<T>(
+    name: string,
+    fn: () => T,
+    labels?: Record<string, string>
+  ): T {
+    const spanId = this.start(name, labels);
+    try {
+      return fn();
+    } finally {
+      this.end(spanId);
+    }
+  }
+}
+// Global tracer instance
+export const tracer = new Tracer();
+/**
+ * Trace a database query
+ */
+export async function traceDbQuery<T>(
+  operation: string,
+  fn: () => Promise<T>
+): Promise<T> {
+  return tracer.trace(`db.${operation}`, fn, { operation });
+}
+/**
+ * Trace an R2 operation
+ */
+export async function traceR2Operation<T>(
+  operation: string,
+  fn: () => Promise<T>
+): Promise<T> {
+  return tracer.trace(`r2.${operation}`, fn, { operation });
+}
+/**
+ * Trace an auth operation
+ */
+export async function traceAuthOperation<T>(
+  operation: string,
+  fn: () => Promise<T>
+): Promise<T> {
+  return tracer.trace(`auth.${operation}`, fn, { operation });
+}
+/**
+ * Create a request-scoped tracer
+ */
+export function createRequestTracer(requestId: string): Tracer {
+  const requestTracer = new Tracer();
+  return requestTracer;
+}

package/src/lib/util.ts ADDED Viewed

@@ -0,0 +1,55 @@
+import type { APIContext } from 'astro';
+import { CID } from 'multiformats/cid';
+import * as dagCbor from '@ipld/dag-cbor';
+import { sha256 } from 'multiformats/hashes/sha2';
+export function tryParse(json: string): unknown {
+  try {
+    return JSON.parse(json);
+  } catch {
+    return json;
+  }
+}
+// JSON helper with size cap
+export async function readJson(request: Request): Promise<any> {
+  const max = 64 * 1024;
+  const text = await request.text();
+  if (text.length > max) throw new Error('PayloadTooLarge');
+  return JSON.parse(text || '{}');
+}
+export async function readJsonBounded(env: any, request: Request): Promise<any> {
+  const raw = (env.PDS_MAX_JSON_BYTES as string | undefined) ?? '65536';
+  const max = Number(raw) > 0 ? Number(raw) : 65536;
+  const text = await request.text();
+  if (text.length > max) {
+    const err: any = new Error('PayloadTooLarge');
+    err.code = 'PayloadTooLarge';
+    throw err;
+  }
+  return JSON.parse(text || '{}');
+}
+export function bearerToken(request: Request): string | null {
+  const auth = request.headers.get('authorization');
+  if (!auth || !auth.startsWith('Bearer ')) return null;
+  return auth.slice(7);
+}
+export function isAllowedMime(env: any, mime: string): boolean {
+  const def = ['image/jpeg', 'image/png', 'image/gif', 'image/webp', 'image/avif'];
+  const raw = (env.PDS_ALLOWED_MIME as string | undefined) ?? def.join(',');
+  const set = new Set(raw.split(',').map((s) => s.trim()).filter(Boolean));
+  return set.has(mime.toLowerCase());
+}
+export function randomRkey(): string {
+  return crypto.randomUUID().replace(/-/g, '').substring(0, 13);
+}
+export async function cidFromJson(json: any): Promise<CID> {
+  const bytes = dagCbor.encode(json);
+  const hash = await sha256.digest(bytes);
+  return CID.create(1, dagCbor.code, hash);
+}

package/src/middleware.ts ADDED Viewed

@@ -0,0 +1,102 @@
+import { defineMiddleware, sequence } from 'astro:middleware';
+const cors = defineMiddleware(async ({ locals, request }, next) => {
+  const { env } = (locals as any).runtime ?? (locals as any);
+  const corsOrigins = (env.PDS_CORS_ORIGIN ?? '*').split(',').map((s: string) => s.trim()).filter(Boolean);
+  const origin = request.headers.get('origin') ?? '';
+  // In production, never allow wildcard - require explicit origins
+  const isProduction = env.PDS_HOSTNAME && !env.PDS_HOSTNAME.includes('localhost');
+  const allowWildcard = !isProduction && corsOrigins.includes('*');
+  // Check if origin is in allowlist
+  const isAllowed = allowWildcard || corsOrigins.includes(origin);
+  if (request.method === 'OPTIONS') {
+    if (!isAllowed) {
+      return new Response('CORS origin not allowed', { status: 403 });
+    }
+    const headers = new Headers({
+      'Access-Control-Allow-Origin': allowWildcard ? '*' : origin,
+      'Access-Control-Allow-Methods': 'GET, HEAD, POST, OPTIONS',
+      'Access-Control-Allow-Headers': 'Content-Type, Authorization',
+      'Access-Control-Max-Age': '86400', // 24 hours
+    });
+    return new Response(null, { status: 204, headers });
+  }
+  const response = await next();
+  if (isAllowed) {
+    response.headers.set('Access-Control-Allow-Origin', allowWildcard ? '*' : origin);
+    response.headers.set('Vary', 'Origin');
+  }
+  return response;
+});
+const logger = defineMiddleware(async ({ request, locals }, next) => {
+  const rid = crypto.randomUUID();
+  (locals as any).requestId = rid;
+  const start = Date.now();
+  const url = new URL(request.url);
+  try {
+    const response = await next();
+    const dur = Date.now() - start;
+    // Structured logging
+    console.log(JSON.stringify({
+      level: 'info',
+      type: 'request',
+      requestId: rid,
+      method: request.method,
+      path: url.pathname,
+      status: response.status,
+      duration: dur,
+      timestamp: new Date().toISOString(),
+    }));
+    // Track metrics (import dynamically to avoid circular deps)
+    try {
+      const { trackRequest } = await import('./lib/metrics');
+      trackRequest(request.method, url.pathname, response.status, dur);
+    } catch (e) {
+      // Metrics are optional, don't fail request
+    }
+    // Add request ID to response headers
+    response.headers.set('X-Request-ID', rid);
+    return response;
+  } catch (error) {
+    const dur = Date.now() - start;
+    // Log error
+    console.log(JSON.stringify({
+      level: 'error',
+      type: 'request',
+      requestId: rid,
+      method: request.method,
+      path: url.pathname,
+      duration: dur,
+      error: error instanceof Error ? error.message : String(error),
+      stack: error instanceof Error ? error.stack : undefined,
+      timestamp: new Date().toISOString(),
+    }));
+    // Track error metrics
+    try {
+      const { trackRequest } = await import('./lib/metrics');
+      trackRequest(request.method, url.pathname, 500, dur);
+    } catch (e) {
+      // Metrics are optional
+    }
+    throw error;
+  }
+});
+export const onRequest = sequence(cors, logger);

package/src/pages/.well-known/atproto-did.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { APIContext } from 'astro';
+export const prerender = false;
+export function GET({ locals }: APIContext) {
+  return new Response(locals.runtime.env.PDS_DID ?? '');
+}

package/src/pages/.well-known/did.json.ts ADDED Viewed

@@ -0,0 +1,76 @@
+import type { APIContext } from 'astro';
+import { withCache, CACHE_CONFIGS } from '../../lib/cache';
+import { base58btc } from 'multiformats/bases/base58';
+export const prerender = false;
+/**
+ * DID Document endpoint for did:web
+ *
+ * Returns a DID document with:
+ * - Service endpoints (PDS, firehose)
+ * - Verification methods (signing key)
+ *
+ * Spec: https://w3c-ccg.github.io/did-method-web/
+ */
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  return withCache(
+    request,
+    async () => {
+      const did = env.PDS_DID ?? 'did:example:single-user';
+      const handle = env.PDS_HANDLE ?? 'user.example.com';
+      const hostname = env.PDS_HOSTNAME ?? new URL(request.url).hostname;
+      // Public repository signing key (raw 32-byte Ed25519) base64-encoded
+      const pubKeyB64: string | undefined = (env as any).REPO_SIGNING_PUBLIC_KEY;
+      let publicKeyMultibase: string | undefined;
+      if (pubKeyB64) {
+        try {
+          const bin = atob(pubKeyB64.replace(/\s+/g, ''));
+          const raw = new Uint8Array(bin.length);
+          for (let i = 0; i < bin.length; i++) raw[i] = bin.charCodeAt(i);
+          if (raw.byteLength === 32) {
+            // multicodec: ed25519-pub = 0xED 0x01 prefix
+            const prefixed = new Uint8Array(2 + raw.byteLength);
+            prefixed[0] = 0xed; prefixed[1] = 0x01; prefixed.set(raw, 2);
+            publicKeyMultibase = base58btc.encode(prefixed);
+          }
+        } catch {}
+      }
+      // Build DID document
+      const didDocument = {
+        '@context': [
+          'https://www.w3.org/ns/did/v1',
+          'https://w3id.org/security/suites/ed25519-2020/v1',
+        ],
+        id: did,
+        alsoKnownAs: [`at://${handle}`],
+        verificationMethod: publicKeyMultibase ? [
+          {
+            id: `${did}#atproto`,
+            type: 'Ed25519VerificationKey2020',
+            controller: did,
+            publicKeyMultibase,
+          },
+        ] : [],
+        service: [
+          {
+            id: `${did}#atproto_pds`,
+            type: 'AtprotoPersonalDataServer',
+            serviceEndpoint: `https://${hostname}`,
+          },
+        ],
+      };
+      return new Response(JSON.stringify(didDocument, null, 2), {
+        headers: {
+          'Content-Type': 'application/json',
+        },
+      });
+    },
+    CACHE_CONFIGS.DID_DOCUMENT
+  );
+}

package/src/pages/debug/blob/[...key].ts ADDED Viewed

@@ -0,0 +1,27 @@
+import type { APIContext } from 'astro';
+export const prerender = false;
+export async function GET({ locals, params }: APIContext) {
+  const { env } = locals.runtime;
+  const key = params.key;
+  if (!key) return new Response('missing key', { status: 400 });
+  const obj = await env.BLOBS.get(key);
+  if (!obj) return new Response('not found', { status: 404 });
+  const body = obj.body as unknown as BodyInit | null;
+  return new Response(body ?? undefined, {
+    headers: { 'content-type': obj.httpMetadata?.contentType ?? 'application/octet-stream' },
+  });
+}
+export async function PUT({ locals, request, params }: APIContext) {
+  const { env } = locals.runtime;
+  const key = params.key;
+  if (!key) return new Response('missing key', { status: 400 });
+  const body = await request.arrayBuffer();
+  await env.BLOBS.put(key, body, { httpMetadata: { contentType: request.headers.get('content-type') ?? 'application/octet-stream' } });
+  return new Response('uploaded');
+}

package/src/pages/debug/db/bootstrap.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import type { APIContext } from 'astro';
+export const prerender = false;
+export async function POST({ locals }: APIContext) {
+  const { env } = locals.runtime;
+  // Gate to development by default. In production, require local hostname explicitly.
+  const envName = (env as any).ENVIRONMENT as string | undefined;
+  const host = env.PDS_HOSTNAME as string | undefined;
+  const isLocal = envName !== 'production' && (!host || host.includes('localhost') || host.startsWith('127.') || host === '::1');
+  if (!isLocal) {
+    return new Response('Not Found', { status: 404 });
+  }
+  const db = env.DB;
+  await db.exec("CREATE TABLE IF NOT EXISTS record (uri TEXT PRIMARY KEY, cid TEXT NOT NULL, json TEXT NOT NULL, created_at INTEGER DEFAULT (strftime('%s','now')));");
+  await db.exec("CREATE TABLE IF NOT EXISTS blob (cid TEXT PRIMARY KEY, key TEXT NOT NULL, mime TEXT NOT NULL, size INTEGER NOT NULL);");
+  await db.exec("CREATE TABLE IF NOT EXISTS blob_usage (record_uri TEXT NOT NULL, key TEXT NOT NULL);");
+  await db.exec("CREATE TABLE IF NOT EXISTS repo_root (did TEXT PRIMARY KEY, commit_cid TEXT NOT NULL, rev INTEGER NOT NULL);");
+  // Indexes
+  await db.exec("CREATE INDEX IF NOT EXISTS record_cid_idx ON record(cid);");
+  await db.exec("CREATE INDEX IF NOT EXISTS blob_usage_record_idx ON blob_usage(record_uri);");
+  return new Response('ok');
+}

package/src/pages/debug/db/commits.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import type { APIContext } from 'astro';
+import { drizzle } from 'drizzle-orm/d1';
+import { commit_log } from '@alteran/db/schema';
+import { desc } from 'drizzle-orm';
+export const prerender = false;
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  const host = env.PDS_HOSTNAME as string | undefined;
+  const envName = (env as any).ENVIRONMENT as string | undefined;
+  const isLocal = envName !== 'production' && (!host || host.includes('localhost') || host.startsWith('127.') || host === '::1');
+  if (!isLocal) return new Response('Not Found', { status: 404 });
+  const url = new URL(request.url);
+  const n = Math.min(Number(url.searchParams.get('n') ?? '20') || 20, 200);
+  const db = drizzle(env.DB);
+  const rows = await db.select().from(commit_log).orderBy(desc(commit_log.seq)).limit(n).all();
+  return new Response(JSON.stringify({ commits: rows }), { headers: { 'content-type': 'application/json' } });
+}

package/src/pages/debug/gc/blobs.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import type { APIContext } from 'astro';
+import { listOrphanBlobKeys, deleteBlobByKey } from '@alteran/db/dal';
+export const prerender = false;
+export async function POST({ locals }: APIContext) {
+  const { env } = locals.runtime;
+  const keys = await listOrphanBlobKeys(env);
+  let deleted = 0;
+  for (const key of keys) {
+    await env.BLOBS.delete(key).catch(() => {});
+    await deleteBlobByKey(env, key);
+    deleted++;
+  }
+  return new Response(JSON.stringify({ deleted }), { headers: { 'Content-Type': 'application/json' } });
+}