@alteran/astro 0.7.6 → 0.8.1

package/src/db/dal.ts

@@ -1,22 +1,35 @@
+import type { D1PreparedStatement } from '@cloudflare/workers-types';
 import { getDb } from './client';
-import { record, type NewRecordRow, blob_ref, blob_usage, blob_quota } from './schema';
+import { record, type NewRecordRow } from './schema';
 import type { Env } from '../env';
-import { eq, inArray, and, sql } from 'drizzle-orm';
+import { eq, inArray } from 'drizzle-orm';
 import { type AccountState, toRow, fromRow } from '../lib/account-state';
 
+export {
+  blobKeyHasUsage,
+  checkBlobQuota,
+  deleteBlobByKey,
+  deleteUnreferencedBlobKeys,
+  deleteUnreferencedBlobRef,
+  getBlobQuota,
+  getRecordBlobKeys,
+  listOrphanBlobKeys,
+  listOrphanBlobRefs,
+  putBlobRef,
+  registerBlobRefWithQuota,
+  sweepEligibleUnreferencedBlobKeys,
+  updateBlobQuota,
+} from './blob';
+export type { BlobKeyRef, BlobRefMetadata, BlobRegistrationResult } from './blob';
+
+export type CommitGuard = {
+  did: string;
+  commitCid: string;
+  rev: string;
+};
+
 export async function putRecord(env: Env, row: NewRecordRow) {
-  const db = getDb(env);
-  const toInsert: NewRecordRow = {
-    ...row,
-    createdAt: row.createdAt ?? Date.now(),
-  };
-  await db.insert(record).values(toInsert).onConflictDoUpdate({
-    target: record.uri,
-    set: {
-      cid: sql.raw(`excluded.${record.cid.name}`),
-      json: sql.raw(`excluded.${record.json.name}`)
-    }
-  });
+  await env.ALTERAN_DB.batch(putRecordStatements(env, row));
 }
 
 export async function getRecord(env: Env, uri: string) {
@@ -26,8 +39,7 @@ export async function getRecord(env: Env, uri: string) {
 }
 
 export async function deleteRecord(env: Env, uri: string) {
-  const db = getDb(env);
-  await db.delete(record).where(eq(record.uri, uri)).run();
+  await env.ALTERAN_DB.batch(deleteRecordStatements(env, uri));
 }
 
 export async function listRecords(env: Env) {
@@ -41,82 +53,216 @@ export async function getRecordsByCids(env: Env, cids: string[]) {
   return db.select().from(record).where(inArray(record.cid, cids)).all();
 }
 
-export async function putBlobRef(env: Env, did: string, cid: string, key: string, mime: string, size: number) {
-  const db = getDb(env);
-  await db
-    .insert(blob_ref)
-    .values({ did, cid, key, mime, size })
-    .onConflictDoUpdate({
-      target: blob_ref.cid,
-      set: {
-        did: sql.raw(`excluded.${blob_ref.did.name}`),
-        key: sql.raw(`excluded.${blob_ref.key.name}`),
-        mime: sql.raw(`excluded.${blob_ref.mime.name}`),
-        size: sql.raw(`excluded.${blob_ref.size.name}`)
-      }
-    });
+export async function setRecordBlobUsage(env: Env, did: string, uri: string, keys: string[]) {
+  await env.ALTERAN_DB.batch(setRecordBlobUsageStatements(env, did, uri, keys));
 }
 
-export async function setRecordBlobUsage(env: Env, uri: string, keys: string[]) {
-  const db = getDb(env);
-  // remove existing usage for this record
-  await db.delete(blob_usage).where(eq(blob_usage.recordUri, uri)).run();
-  // insert new usage
-  for (const key of keys) {
-    await db.insert(blob_usage).values({ recordUri: uri, key }).run();
+export async function repairRecordBlobUsageForCurrentRecord(
+  env: Env,
+  did: string,
+  uri: string,
+  cid: string,
+  keys: string[],
+  expectedCommitCid: string,
+): Promise<RecordBlobUsageRepairResult> {
+  const uniqueKeys = Array.from(new Set(keys));
+  const blobPrecondition = blobKeyPreconditionSql(uniqueKeys, did);
+  const statements: D1PreparedStatement[] = [
+    env.ALTERAN_DB.prepare(
+      `UPDATE repo_root
+       SET commit_cid = commit_cid
+       WHERE did = ?
+         AND commit_cid = ?
+         AND EXISTS (
+           SELECT 1 FROM record
+           WHERE uri = ? AND did = ? AND cid = ?
+         )${blobPrecondition.clause}`,
+    ).bind(did, expectedCommitCid, uri, did, cid, ...blobPrecondition.binds),
+    env.ALTERAN_DB.prepare(
+      `DELETE FROM blob_usage
+       WHERE did = ?
+         AND record_uri = ?
+         AND EXISTS (
+           SELECT 1 FROM repo_root WHERE did = ? AND commit_cid = ?
+         )
+         AND EXISTS (
+           SELECT 1 FROM record WHERE uri = ? AND did = ? AND cid = ?
+         )${blobPrecondition.clause}`,
+    ).bind(did, uri, did, expectedCommitCid, uri, did, cid, ...blobPrecondition.binds),
+  ];
+  for (const key of uniqueKeys) {
+    statements.push(
+      env.ALTERAN_DB.prepare(
+        `INSERT OR IGNORE INTO blob_usage (did, record_uri, key, cid, repo_rev)
+         SELECT ?, ?, ?, b.cid, root.rev
+         FROM blob b
+         INNER JOIN repo_root root
+           ON root.did = ? AND root.commit_cid = ?
+         INNER JOIN record current_record
+           ON current_record.uri = ? AND current_record.did = ? AND current_record.cid = ?
+         WHERE b.did = ? AND b.key = ?${blobPrecondition.clause}`,
+      ).bind(did, uri, key, did, expectedCommitCid, uri, did, cid, did, key, ...blobPrecondition.binds),
+    );
   }
+  const results = await env.ALTERAN_DB.batch(statements);
+  if (changedRows(results[0]) === 1) return { tag: 'repaired' };
+  if (uniqueKeys.length > 0 && await hasMissingBlobKey(env, did, uniqueKeys)) {
+    return { tag: 'blobNotFound' };
+  }
+  return { tag: 'conflict' };
 }
 
-export async function listOrphanBlobKeys(env: Env): Promise<string[]> {
-  const db = getDb(env);
-  // select keys in blob that are not referenced in blob_usage
-  const all = await db.select().from(blob_ref).all();
-  const used = new Set((await db.select().from(blob_usage).all()).map((u) => u.key));
-  return all.map((b) => b.key).filter((k) => !used.has(k));
-}
+export type RecordBlobUsageRepairResult =
+  | { tag: 'repaired' }
+  | { tag: 'blobNotFound' }
+  | { tag: 'conflict' };
 
-export async function deleteBlobByKey(env: Env, key: string) {
-  const db = getDb(env);
-  await db.delete(blob_ref).where(eq(blob_ref.key, key)).run();
+export function putRecordStatements(
+  env: Env,
+  row: NewRecordRow,
+  guard?: CommitGuard,
+): D1PreparedStatement[] {
+  const toInsert: NewRecordRow = {
+    ...row,
+    createdAt: row.createdAt ?? Date.now(),
+  };
+  if (guard) {
+    return [
+      env.ALTERAN_DB.prepare(
+        `INSERT OR IGNORE INTO record (uri, did, cid, json, created_at)
+         SELECT ?, ?, ?, ?, ?
+         WHERE EXISTS (
+           SELECT 1 FROM repo_root WHERE did = ? AND commit_cid = ?
+         )`,
+      ).bind(
+        toInsert.uri,
+        toInsert.did,
+        toInsert.cid,
+        toInsert.json,
+        toInsert.createdAt ?? 0,
+        guard.did,
+        guard.commitCid,
+      ),
+      env.ALTERAN_DB.prepare(
+        `UPDATE record
+         SET cid = ?, json = ?
+         WHERE uri = ?
+           AND EXISTS (
+             SELECT 1 FROM repo_root WHERE did = ? AND commit_cid = ?
+           )`,
+      ).bind(toInsert.cid, toInsert.json, toInsert.uri, guard.did, guard.commitCid),
+    ];
+  }
+  return [
+    env.ALTERAN_DB.prepare(
+      `INSERT INTO record (uri, did, cid, json, created_at)
+       VALUES (?, ?, ?, ?, ?)
+       ON CONFLICT(uri) DO UPDATE SET
+         cid = excluded.cid,
+         json = excluded.json`,
+    ).bind(
+      toInsert.uri,
+      toInsert.did,
+      toInsert.cid,
+      toInsert.json,
+      toInsert.createdAt ?? 0,
+    ),
+  ];
 }
 
-export async function getBlobQuota(env: Env, did: string) {
-  const db = getDb(env);
-  const quota = await db.select().from(blob_quota).where(eq(blob_quota.did, did)).get();
-  return quota ?? { did, total_bytes: 0, blob_count: 0, updated_at: Date.now() };
+export function deleteRecordStatements(
+  env: Env,
+  uri: string,
+  guard?: CommitGuard,
+): D1PreparedStatement[] {
+  if (guard) {
+    return [
+      env.ALTERAN_DB.prepare(
+        `DELETE FROM record
+         WHERE uri = ?
+           AND EXISTS (
+             SELECT 1 FROM repo_root WHERE did = ? AND commit_cid = ?
+           )`,
+      ).bind(uri, guard.did, guard.commitCid),
+    ];
+  }
+  return [
+    env.ALTERAN_DB.prepare('DELETE FROM record WHERE uri = ?').bind(uri),
+  ];
 }
 
-export async function updateBlobQuota(env: Env, did: string, bytesAdded: number, countAdded: number) {
-  const db = getDb(env);
-  const current = await getBlobQuota(env, did);
-
-  const newTotalBytes = current.total_bytes + bytesAdded;
-  const newBlobCount = current.blob_count + countAdded;
-  const now = Date.now();
+export function setRecordBlobUsageStatements(
+  env: Env,
+  did: string,
+  uri: string,
+  keys: string[],
+  guard?: CommitGuard,
+): D1PreparedStatement[] {
+  const statements: D1PreparedStatement[] = [
+    guard
+      ? env.ALTERAN_DB.prepare(
+        `DELETE FROM blob_usage
+         WHERE did = ?
+           AND record_uri = ?
+           AND EXISTS (
+             SELECT 1 FROM repo_root WHERE did = ? AND commit_cid = ?
+           )`,
+      ).bind(did, uri, guard.did, guard.commitCid)
+      : env.ALTERAN_DB.prepare('DELETE FROM blob_usage WHERE did = ? AND record_uri = ?').bind(did, uri),
+  ];
+  for (const key of new Set(keys)) {
+    if (guard) {
+      statements.push(
+        env.ALTERAN_DB.prepare(
+          `INSERT OR IGNORE INTO blob_usage (did, record_uri, key, cid, repo_rev)
+           SELECT ?, ?, ?, b.cid, ?
+           FROM blob b
+           WHERE b.did = ?
+             AND b.key = ?
+             AND EXISTS (
+               SELECT 1 FROM repo_root WHERE did = ? AND commit_cid = ?
+             )`,
+        ).bind(did, uri, key, guard.rev, did, key, guard.did, guard.commitCid),
+      );
+    } else {
+      statements.push(
+        env.ALTERAN_DB.prepare(
+          `INSERT INTO blob_usage (did, record_uri, key, cid, repo_rev)
+           SELECT ?, ?, ?, b.cid, COALESCE((SELECT rev FROM repo_root WHERE did = ?), '')
+           FROM blob b
+           WHERE b.did = ? AND b.key = ?`,
+        ).bind(did, uri, key, did, did, key),
+      );
+    }
+  }
+  return statements;
+}
 
-  await db
-    .insert(blob_quota)
-    .values({
-      did,
-      total_bytes: newTotalBytes,
-      blob_count: newBlobCount,
-      updated_at: now,
-    })
-    .onConflictDoUpdate({
-      target: blob_quota.did,
-      set: {
-        total_bytes: sql.raw(`excluded.${blob_quota.total_bytes.name}`),
-        blob_count: sql.raw(`excluded.${blob_quota.blob_count.name}`),
-        updated_at: sql.raw(`excluded.${blob_quota.updated_at.name}`),
-      },
-    });
+function changedRows(result: unknown): number {
+  const meta = (result as { meta?: Record<string, unknown> } | undefined)?.meta;
+  const changes = meta?.changes ?? meta?.rows_written ?? meta?.rowsWritten;
+  return typeof changes === 'number' ? changes : 0;
 }
 
-export async function checkBlobQuota(env: Env, did: string, additionalBytes: number): Promise<boolean> {
-  const quota = await getBlobQuota(env, did);
-  const maxBytes = parseInt(env.PDS_BLOB_QUOTA_BYTES || '10737418240', 10);
+function blobKeyPreconditionSql(keys: string[], did: string): { sql: string; clause: string; binds: Array<string | number> } {
+  if (keys.length === 0) return { sql: '1 = 1', clause: '', binds: [] };
+  const placeholders = keys.map(() => '?').join(', ');
+  const sql = `(SELECT COUNT(DISTINCT key) FROM blob WHERE did = ? AND key IN (${placeholders})) = ?`;
+  return {
+    sql,
+    clause: ` AND ${sql}`,
+    binds: [did, ...keys, keys.length],
+  };
+}
 
-  return (quota.total_bytes + additionalBytes) <= maxBytes;
+async function hasMissingBlobKey(env: Env, did: string, keys: string[]): Promise<boolean> {
+  const precondition = blobKeyPreconditionSql(keys, did);
+  const row = await env.ALTERAN_DB.prepare(
+    `SELECT ${precondition.sql} AS ok`,
+  )
+    .bind(...precondition.binds)
+    .first<{ ok: number }>();
+  return row?.ok !== 1;
 }
 
 // Account state management for migration support. Reads/writes route through

package/src/db/repo.ts

@@ -1,7 +1,9 @@
 import type { Env } from '../env';
+import type { D1PreparedStatement } from '@cloudflare/workers-types';
 import { drizzle } from 'drizzle-orm/d1';
-import { eq, sql } from 'drizzle-orm';
+import { eq } from 'drizzle-orm';
 import { repo_root, commit_log } from './schema';
+import type { CommitGuard } from './dal';
 import { RepoManager } from '../services/repo-manager';
 import { createCommit, signCommit, commitCid, generateTid, serializeCommit } from '../lib/commit';
 import { CID } from 'multiformats/cid';
@@ -9,18 +11,57 @@ import { resolveSecret } from '../lib/secrets';
 import { encodeBlocksForCommit } from '../services/car';
 import { ServerMisconfigured } from '../lib/errors';
 
+export class RepoCommitConflictError extends Error {
+  constructor(message = 'repo head changed') {
+    super(message);
+    this.name = 'RepoCommitConflictError';
+  }
+}
+
+export class RepoBlobNotFoundError extends Error {
+  constructor(message = 'blob not found') {
+    super(message);
+    this.name = 'RepoBlobNotFoundError';
+  }
+}
+
 export async function getRoot(env: Env) {
   const db = drizzle(env.ALTERAN_DB);
   const did = (await resolveSecret(env.PDS_DID)) ?? 'did:example:single-user';
   return db.select().from(repo_root).where(eq(repo_root.did, did)).get();
 }
 
+export async function assertRepoHead(
+  env: Env,
+  did: string,
+  expectedCommitCid: string | null | undefined,
+): Promise<void> {
+  if (expectedCommitCid === undefined) return;
+  if (expectedCommitCid === null) {
+    const row = await env.ALTERAN_DB.prepare(
+      'SELECT 1 FROM repo_root WHERE did = ? LIMIT 1',
+    ).bind(did).first();
+    if (row) throw new RepoCommitConflictError();
+    return;
+  }
+  const result = await env.ALTERAN_DB.prepare(
+    `UPDATE repo_root
+     SET commit_cid = commit_cid
+     WHERE did = ? AND commit_cid = ?`,
+  ).bind(did, expectedCommitCid).run();
+  if (changedRows(result) !== 1) throw new RepoCommitConflictError();
+}
+
 /**
  * Bump the repository root to a new revision with signed commit
  */
 export async function bumpRoot(env: Env, prevMstRoot?: CID, currentMstRoot?: CID, opts?: {
   ops?: import('../lib/firehose/frames').RepoOp[];
   newMstBlocks?: Array<[CID, Uint8Array]>;
+  newRecordBlocks?: Array<readonly [CID, Uint8Array]>;
+  sideEffectStatements?: (guard: CommitGuard) => D1PreparedStatement[];
+  expectedCommitCid?: string | null;
+  requiredBlobKeys?: string[];
 }): Promise<{
   commitCid: string;
   rev: string;
@@ -37,8 +78,13 @@ export async function bumpRoot(env: Env, prevMstRoot?: CID, currentMstRoot?: CID
   // without REPO_SIGNING_KEY; prod always requires the configured key.
   const signingKey = await getSigningKey(env);
 
-  const row = await db.select().from(repo_root).where(eq(repo_root.did, did)).get();
-  const prevCommitCid = row?.commitCid ? CID.parse(row.commitCid) : null;
+  const expectedCommitCid = opts && 'expectedCommitCid' in opts ? opts.expectedCommitCid : undefined;
+  const row = expectedCommitCid === undefined
+    ? await db.select().from(repo_root).where(eq(repo_root.did, did)).get()
+    : undefined;
+  const prevCommitCid = expectedCommitCid === undefined
+    ? (row?.commitCid ? CID.parse(row.commitCid) : null)
+    : (expectedCommitCid ? CID.parse(expectedCommitCid) : null);
 
   // Prefer caller-provided pointer to avoid an extra MST load on the
   // batched-write path that already knows the new root.
@@ -61,24 +107,6 @@ export async function bumpRoot(env: Env, prevMstRoot?: CID, currentMstRoot?: CID
   const cid = await commitCid(signedCommit);
   const cidString = cid.toString();
 
-  // sql.raw('excluded.X') references the just-inserted VALUES so the upsert
-  // updates with the new value rather than a stale parameter.
-  await db
-    .insert(repo_root)
-    .values({
-      did,
-      commitCid: cidString,
-      rev, // Store TID as text
-    })
-    .onConflictDoUpdate({
-      target: repo_root.did,
-      set: {
-        commitCid: sql.raw('excluded.commit_cid'),
-        rev: sql.raw('excluded.rev'),
-      },
-    })
-    .run();
-
   // Serialize commit for storage
   const commitBytes = serializeCommit(signedCommit);
   const commitData = JSON.stringify({
@@ -93,19 +121,171 @@ export async function bumpRoot(env: Env, prevMstRoot?: CID, currentMstRoot?: CID
   for (const b of signedCommit.sig) s += String.fromCharCode(b);
   const sigBase64 = btoa(s);
 
-  // Append to commit log
-  await appendCommit(env, cidString, rev, commitData, sigBase64);
-
   // Encode blocks as CAR for firehose
-  const blocksBytes = await encodeBlocksForCommit(env, cid, mstRootCid, ops, opts?.newMstBlocks);
+  const blocksBytes = await encodeBlocksForCommit(
+    env,
+    cid,
+    mstRootCid,
+    ops,
+    opts?.newMstBlocks,
+    commitBytes,
+    opts?.newRecordBlocks,
+  );
   // Encode to base64 (workers-safe)
   let blocksBase64 = '';
   for (const b of blocksBytes) blocksBase64 += String.fromCharCode(b);
   blocksBase64 = btoa(blocksBase64);
 
+  const ts = Date.now();
+  const guard = { did, commitCid: cidString, rev };
+  const requiredBlobKeys = Array.from(new Set(opts?.requiredBlobKeys ?? []));
+  const rootStatement = rootMutationStatement(env, did, cidString, rev, expectedCommitCid, requiredBlobKeys);
+  const blockStatements = blockstoreStatements(env, did, cidString, [
+    ...(opts?.newRecordBlocks ?? []),
+    ...(opts?.newMstBlocks ?? []),
+  ]);
+  const statements = [
+    rootStatement,
+    ...blockStatements,
+    ...(opts?.sideEffectStatements?.(guard) ?? []),
+    env.ALTERAN_DB.prepare(
+      `INSERT INTO commit_log (cid, rev, data, sig, ts)
+       SELECT ?, ?, ?, ?, ?
+       WHERE EXISTS (
+         SELECT 1 FROM repo_root WHERE did = ? AND commit_cid = ?
+       )`,
+    ).bind(cidString, rev, commitData, sigBase64, ts, did, cidString),
+  ];
+
+  const results = await env.ALTERAN_DB.batch(statements);
+  if ((expectedCommitCid !== undefined || requiredBlobKeys.length > 0) && changedRows(results[0]) !== 1) {
+    if (requiredBlobKeys.length > 0 && await hasMissingBlobKey(env, requiredBlobKeys)) {
+      throw new RepoBlobNotFoundError();
+    }
+    throw new RepoCommitConflictError();
+  }
+
   return { commitCid: cidString, rev, ops, mstRoot: mstRootCid, commitData, sig: sigBase64, blocks: blocksBase64 };
 }
 
+function blockstoreStatements(
+  env: Env,
+  did: string,
+  commitCid: string,
+  blocks: Array<readonly [CID, Uint8Array]>,
+): D1PreparedStatement[] {
+  const seen = new Set<string>();
+  const statements: D1PreparedStatement[] = [];
+  for (const [cid, bytes] of blocks) {
+    const cidString = cid.toString();
+    if (seen.has(cidString)) continue;
+    seen.add(cidString);
+    statements.push(
+      env.ALTERAN_DB.prepare(
+        `INSERT OR REPLACE INTO blockstore (cid, bytes)
+         SELECT ?, ?
+         WHERE EXISTS (
+           SELECT 1 FROM repo_root WHERE did = ? AND commit_cid = ?
+         )`,
+      ).bind(cidString, bytesToBase64(bytes), did, commitCid),
+    );
+  }
+  return statements;
+}
+
+function bytesToBase64(bytes: Uint8Array): string {
+  let binary = '';
+  const chunkSize = 0x8000;
+  for (let offset = 0; offset < bytes.length; offset += chunkSize) {
+    binary += String.fromCharCode(...bytes.subarray(offset, offset + chunkSize));
+  }
+  return btoa(binary);
+}
+
+function rootMutationStatement(
+  env: Env,
+  did: string,
+  commitCid: string,
+  rev: string,
+  expectedCommitCid: string | null | undefined,
+  requiredBlobKeys: string[] = [],
+): D1PreparedStatement {
+  const blobPrecondition = blobPreconditionSql(requiredBlobKeys, did);
+  if (expectedCommitCid === null) {
+    return env.ALTERAN_DB.prepare(
+      `INSERT INTO repo_root (did, commit_cid, rev)
+       SELECT ?, ?, ?
+       WHERE NOT EXISTS (
+         SELECT 1 FROM repo_root WHERE did = ?
+       )${blobPrecondition.clause}`,
+    ).bind(did, commitCid, rev, did, ...blobPrecondition.binds);
+  }
+  if (typeof expectedCommitCid === 'string') {
+    return env.ALTERAN_DB.prepare(
+      `UPDATE repo_root
+       SET commit_cid = ?, rev = ?
+       WHERE did = ? AND commit_cid = ?${blobPrecondition.clause}`,
+    ).bind(commitCid, rev, did, expectedCommitCid, ...blobPrecondition.binds);
+  }
+  if (requiredBlobKeys.length > 0) {
+    return env.ALTERAN_DB.prepare(
+      `INSERT INTO repo_root (did, commit_cid, rev)
+       SELECT ?, ?, ?
+       WHERE ${blobPrecondition.sql}
+       ON CONFLICT(did) DO UPDATE SET
+         commit_cid = excluded.commit_cid,
+         rev = excluded.rev
+       WHERE ${blobPrecondition.sql}`,
+    ).bind(
+      did,
+      commitCid,
+      rev,
+      ...blobPrecondition.binds,
+      ...blobPrecondition.binds,
+    );
+  }
+  return env.ALTERAN_DB.prepare(
+    `INSERT INTO repo_root (did, commit_cid, rev)
+     VALUES (?, ?, ?)
+     ON CONFLICT(did) DO UPDATE SET
+       commit_cid = excluded.commit_cid,
+       rev = excluded.rev`,
+  ).bind(did, commitCid, rev);
+}
+
+function blobPreconditionSql(requiredBlobKeys: string[], did?: string): { sql: string; clause: string; binds: Array<string | number> } {
+  if (requiredBlobKeys.length === 0) {
+    return { sql: '1 = 1', clause: '', binds: [] };
+  }
+  if (!did) {
+    throw new Error('did is required for blob preconditions');
+  }
+  const placeholders = requiredBlobKeys.map(() => '?').join(', ');
+  const sql = `(SELECT COUNT(DISTINCT key) FROM blob WHERE did = ? AND key IN (${placeholders})) = ?`;
+  return {
+    sql,
+    clause: ` AND ${sql}`,
+    binds: [did, ...requiredBlobKeys, requiredBlobKeys.length],
+  };
+}
+
+async function hasMissingBlobKey(env: Env, requiredBlobKeys: string[]): Promise<boolean> {
+  const did = (await resolveSecret(env.PDS_DID)) ?? 'did:example:single-user';
+  const precondition = blobPreconditionSql(requiredBlobKeys, did);
+  const row = await env.ALTERAN_DB.prepare(
+    `SELECT ${precondition.sql} AS ok`,
+  )
+    .bind(...precondition.binds)
+    .first<{ ok: number }>();
+  return row?.ok !== 1;
+}
+
+function changedRows(result: unknown): number {
+  const meta = (result as { meta?: Record<string, unknown> } | undefined)?.meta;
+  const changes = meta?.changes ?? meta?.rows_written ?? meta?.rowsWritten;
+  return typeof changes === 'number' ? changes : 0;
+}
+
 export async function appendCommit(env: Env, cid: string, rev: string, data: string, sig: string) {
   const db = drizzle(env.ALTERAN_DB);
   const ts = Date.now();

package/src/db/schema.ts

@@ -78,21 +78,30 @@ export const record = sqliteTable('record', {
 }));
 
 export const blob_ref = sqliteTable('blob', {
-  cid: text('cid').primaryKey().notNull(),
+  cid: text('cid').notNull(),
   did: text('did').notNull(),
   key: text('key').notNull(),
   mime: text('mime').notNull(),
   size: integer('size').notNull(),
-});
+  uploadedAt: integer('uploaded_at', { mode: 'number' }).notNull().default(0),
+}, (table) => ({
+  pk: primaryKey({ columns: [table.did, table.cid] }),
+  keyIdx: index('blob_key_idx').on(table.key),
+}));
 
 export const blob_usage = sqliteTable('blob_usage', {
+  did: text('did').notNull(),
   recordUri: text('record_uri').notNull(),
   key: text('key').notNull(),
+  cid: text('cid').notNull(),
+  repoRev: text('repo_rev').notNull(),
 }, (table) => ({
-  // Composite primary key on recordUri and key
-  pk: primaryKey({ columns: [table.recordUri, table.key] }),
+  // Composite primary key on did, recordUri, and key
+  pk: primaryKey({ columns: [table.did, table.recordUri, table.key] }),
   // Index for GC queries (finding blobs by record)
-  recordUriIdx: index('blob_usage_record_uri_idx').on(table.recordUri),
+  recordUriIdx: index('blob_usage_record_uri_idx').on(table.did, table.recordUri),
+  didKeyIdx: index('blob_usage_did_key_idx').on(table.did, table.key),
+  didRepoRevCidIdx: index('blob_usage_did_repo_rev_cid_idx').on(table.did, table.repoRev, table.cid),
 }));
 
 // Commit log stores full commit history for firehose and sync

package/src/handlers/debug.ts

@@ -5,11 +5,12 @@ export async function POST_db_bootstrap(ctx: APIContext) {
   const env: any = (ctx.locals as any).runtime?.env ?? (ctx.locals as any) ?? (globalThis as any);
   const db = env.ALTERAN_DB;
   await db.exec("CREATE TABLE IF NOT EXISTS record (uri TEXT PRIMARY KEY, cid TEXT NOT NULL, json TEXT NOT NULL, created_at INTEGER DEFAULT (strftime('%s','now')));");
-  await db.exec("CREATE TABLE IF NOT EXISTS blob (cid TEXT PRIMARY KEY, key TEXT NOT NULL, mime TEXT NOT NULL, size INTEGER NOT NULL);");
-  await db.exec("CREATE TABLE IF NOT EXISTS blob_usage (record_uri TEXT NOT NULL, key TEXT NOT NULL);");
+  await db.exec("CREATE TABLE IF NOT EXISTS blob (cid TEXT NOT NULL, did TEXT NOT NULL, key TEXT NOT NULL, mime TEXT NOT NULL, size INTEGER NOT NULL, uploaded_at INTEGER NOT NULL DEFAULT 0, PRIMARY KEY (did, cid));");
+  await db.exec("CREATE TABLE IF NOT EXISTS blob_usage (did TEXT NOT NULL, record_uri TEXT NOT NULL, key TEXT NOT NULL, PRIMARY KEY (did, record_uri, key));");
   await db.exec("CREATE TABLE IF NOT EXISTS repo_root (did TEXT PRIMARY KEY, commit_cid TEXT NOT NULL, rev INTEGER NOT NULL);");
   await db.exec("CREATE INDEX IF NOT EXISTS record_cid_idx ON record(cid);");
-  await db.exec("CREATE INDEX IF NOT EXISTS blob_usage_record_idx ON blob_usage(record_uri);");
+  await db.exec("CREATE INDEX IF NOT EXISTS blob_usage_record_idx ON blob_usage(did, record_uri);");
+  await db.exec("CREATE INDEX IF NOT EXISTS blob_usage_did_key_idx ON blob_usage(did, key);");
   return new Response('ok');
 }