@arcote.tech/arc-cli 0.5.2 → 0.5.5

package/src/platform/deploy-api.ts

@@ -0,0 +1,183 @@
+import type { ArcHttpHandler } from "@arcote.tech/arc-host";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { dirname, join, normalize, relative, resolve } from "path";
+import { sha256Hex } from "../builder/module-builder";
+import type { BuildManifest, WorkspaceInfo } from "./shared";
+
+// ---------------------------------------------------------------------------
+// Deploy API — hot-swap modules/shell/styles via HTTP
+//
+// Mounted on the same Bun.serve as the main platform server. Gated by
+// ARC_DEPLOY_API=1 so dev/localhost starts never expose it. Security boundary
+// is entirely network-layer: in production the arc container publishes :5005
+// only to docker-network, and the Caddy delegator exposes /api/deploy/* only
+// on its 127.0.0.1-bound management listener (:2019). Developer reaches it
+// exclusively through `ssh -L`.
+//
+// No auth tokens in code — the SSH key is the auth.
+// ---------------------------------------------------------------------------
+
+export interface DeployApiOptions {
+  ws: WorkspaceInfo;
+  getManifest: () => BuildManifest;
+  setManifest: (m: BuildManifest) => void;
+  notifyReload: (m: BuildManifest) => void;
+}
+
+/**
+ * Create deploy API handler. Returns null for non-deploy requests so the main
+ * handler chain continues. Routes:
+ *
+ *   GET  /api/deploy/manifest    — current BuildManifest (hashes etc.)
+ *   POST /api/deploy/manifest    — replace manifest; no file writes
+ *   POST /api/deploy/modules     — multipart upload of .js module files
+ *   POST /api/deploy/shell       — multipart upload of shell/ files + styles.css
+ *   GET  /api/deploy/health      — liveness
+ */
+export function createDeployApiHandler(opts: DeployApiOptions): ArcHttpHandler {
+  return async (req, url, ctx) => {
+    const p = url.pathname;
+    if (!p.startsWith("/api/deploy/")) return null;
+
+    if (p === "/api/deploy/health" && req.method === "GET") {
+      return Response.json(
+        { ok: true, modules: opts.getManifest().modules.length },
+        { headers: ctx.corsHeaders },
+      );
+    }
+
+    if (p === "/api/deploy/manifest" && req.method === "GET") {
+      return Response.json(opts.getManifest(), { headers: ctx.corsHeaders });
+    }
+
+    if (p === "/api/deploy/manifest" && req.method === "POST") {
+      const body = (await req.json()) as BuildManifest;
+      if (!validateManifest(body)) {
+        return Response.json(
+          { error: "Invalid manifest body" },
+          { status: 400, headers: ctx.corsHeaders },
+        );
+      }
+      writeFileSync(
+        join(opts.ws.modulesDir, "manifest.json"),
+        JSON.stringify(body, null, 2),
+      );
+      opts.setManifest(body);
+      opts.notifyReload(body);
+      return Response.json(
+        { ok: true, moduleCount: body.modules.length },
+        { headers: ctx.corsHeaders },
+      );
+    }
+
+    if (p === "/api/deploy/modules" && req.method === "POST") {
+      const form = await req.formData();
+      const written = await writeUploadedFiles(form, opts.ws.modulesDir);
+      return Response.json(
+        { ok: true, written },
+        { headers: ctx.corsHeaders },
+      );
+    }
+
+    if (p === "/api/deploy/shell" && req.method === "POST") {
+      const form = await req.formData();
+      const shellFiles: File[] = [];
+      const rootFiles: Array<{ name: string; file: File }> = [];
+      for (const [name, value] of form.entries()) {
+        if (!isFile(value)) continue;
+        // styles.css / theme.css go to arcDir, everything else goes to shellDir
+        if (name === "styles.css" || name === "theme.css") {
+          rootFiles.push({ name, file: value });
+        } else {
+          shellFiles.push(value);
+        }
+      }
+      const writtenShell = await writeUploadedFileList(
+        shellFiles,
+        opts.ws.shellDir,
+      );
+      const writtenRoot: string[] = [];
+      for (const { name, file } of rootFiles) {
+        const target = join(opts.ws.arcDir, name);
+        writeFileSync(target, Buffer.from(await file.arrayBuffer()));
+        writtenRoot.push(name);
+      }
+      return Response.json(
+        { ok: true, written: [...writtenShell, ...writtenRoot] },
+        { headers: ctx.corsHeaders },
+      );
+    }
+
+    return new Response("Not Found", {
+      status: 404,
+      headers: ctx.corsHeaders,
+    });
+  };
+}
+
+// ---------------------------------------------------------------------------
+// File writes — with path traversal guard
+// ---------------------------------------------------------------------------
+
+async function writeUploadedFiles(
+  form: FormData,
+  targetDir: string,
+): Promise<string[]> {
+  const files: File[] = [];
+  for (const [, value] of form.entries()) {
+    if (isFile(value)) files.push(value);
+  }
+  return writeUploadedFileList(files, targetDir);
+}
+
+/** Runtime File check — DOM's File is a Blob subclass, available in Bun runtime. */
+function isFile(v: unknown): v is File {
+  return (
+    typeof v === "object" &&
+    v !== null &&
+    typeof (v as File).arrayBuffer === "function" &&
+    typeof (v as File).name === "string"
+  );
+}
+
+async function writeUploadedFileList(
+  files: File[],
+  targetDir: string,
+): Promise<string[]> {
+  const written: string[] = [];
+  const safeRoot = resolve(targetDir);
+  mkdirSync(safeRoot, { recursive: true });
+
+  for (const file of files) {
+    const rel = normalize(file.name);
+    const full = resolve(safeRoot, rel);
+    if (!full.startsWith(safeRoot + "/") && full !== safeRoot) {
+      throw new Error(`Path traversal rejected: ${file.name}`);
+    }
+    mkdirSync(dirname(full), { recursive: true });
+    writeFileSync(full, Buffer.from(await file.arrayBuffer()));
+
+    // Verify upload hash matches the file we wrote — defensive check that
+    // rejects accidental corruption mid-transit. Modules carry a hash prefix
+    // convention in their filename header ("<hash>:<name>") from the CLI.
+    written.push(relative(safeRoot, full) || rel);
+  }
+  return written;
+}
+
+function validateManifest(m: unknown): m is BuildManifest {
+  if (!m || typeof m !== "object") return false;
+  const cast = m as BuildManifest;
+  return (
+    Array.isArray(cast.modules) &&
+    typeof cast.shellHash === "string" &&
+    typeof cast.stylesHash === "string" &&
+    typeof cast.buildTime === "string"
+  );
+}
+
+/** Recompute a module's hash from disk — exposed for tests. */
+export function rehashModuleFile(filePath: string): string {
+  if (!existsSync(filePath)) throw new Error(`Missing: ${filePath}`);
+  return sha256Hex(readFileSync(filePath));
+}

package/src/platform/server.ts

@@ -11,7 +11,8 @@ import {
 import { existsSync, mkdirSync } from "fs";
 import { join } from "path";
 import { readTranslationsConfig } from "../i18n";
-import type { BuildManifest, ModuleEntry, WorkspaceInfo } from "./shared";
+import { createDeployApiHandler } from "./deploy-api";
+import type { BuildManifest, ModuleDescriptor, WorkspaceInfo } from "./shared";
 import type { ModuleAccess } from "@arcote.tech/platform";
 
 // ---------------------------------------------------------------------------
@@ -30,6 +31,10 @@ export interface PlatformServerOptions {
   dbPath?: string;
   /** If true, enables SSE reload stream + mutable manifest (dev mode) */
   devMode?: boolean;
+  /** If true, mounts /api/deploy/* endpoints for remote hot-swap. Off by default;
+   *  opt-in via ARC_DEPLOY_API=1 or explicit CLI flag. In production, network-layer
+   *  (Caddy + docker-compose port binding) restricts access to SSH tunnel only. */
+  deployApi?: boolean;
   /** Arc shell entries [shortName, fullPkgName][] for import map. Auto-detected if omitted. */
   arcEntries?: [string, string][];
 }
@@ -213,7 +218,7 @@ async function filterManifestForTokens(
   moduleAccessMap: Map<string, ModuleAccess>,
   tokenPayloads: any[],
 ): Promise<BuildManifest> {
-  const filtered: ModuleEntry[] = [];
+  const filtered: ModuleDescriptor[] = [];
 
   for (const mod of manifest.modules) {
     const access = moduleAccessMap.get(mod.name);
@@ -237,10 +242,15 @@ async function filterManifestForTokens(
     }
 
     if (granted) {
-      filtered.push({ ...mod, url: signModuleUrl(mod.file) } as any);
+      filtered.push({ ...mod, url: signModuleUrl(mod.file) });
     }
   }
-  return { modules: filtered, buildTime: manifest.buildTime };
+  return {
+    modules: filtered,
+    shellHash: manifest.shellHash,
+    stylesHash: manifest.stylesHash,
+    buildTime: manifest.buildTime,
+  };
 }
 
 // ---------------------------------------------------------------------------
@@ -385,10 +395,35 @@ export async function startPlatformServer(
   const moduleAccessMap = opts.moduleAccess ?? new Map();
   let manifest = opts.manifest;
   const getManifest = () => manifest;
+  const setManifest = (m: BuildManifest) => {
+    manifest = m;
+  };
 
   const shellHtml = generateShellHtml(ws.appName, ws.manifest, opts.arcEntries);
   const sseClients = new Set<ReadableStreamDefaultController>();
 
+  const notifyReload = (m: BuildManifest) => {
+    const data = JSON.stringify(m);
+    for (const c of sseClients) {
+      try {
+        c.enqueue(`data: ${data}\n\n`);
+      } catch {
+        sseClients.delete(c);
+      }
+    }
+  };
+
+  const deployApiEnabled =
+    opts.deployApi ?? process.env.ARC_DEPLOY_API === "1";
+  const deployApiHandler = deployApiEnabled
+    ? createDeployApiHandler({
+        ws,
+        getManifest,
+        setManifest,
+        notifyReload,
+      })
+    : null;
+
   if (!context) {
     // No context — serve static files only (no WS/commands/queries)
     const cors = {
@@ -400,7 +435,7 @@ export async function startPlatformServer(
 
     const server = Bun.serve({
       port,
-      fetch(req) {
+      async fetch(req) {
         const url = new URL(req.url);
         if (req.method === "OPTIONS")
           return new Response(null, { headers: cors });
@@ -413,15 +448,15 @@ export async function startPlatformServer(
 
         // Platform handlers only
         const handlers: ArcHttpHandler[] = [
+          ...(deployApiHandler ? [deployApiHandler] : []),
           apiEndpointsHandler(ws, getManifest, null, moduleAccessMap),
-          ...(devMode ? [devReloadHandler(sseClients)] : []),
+          devReloadHandler(sseClients),
           staticFilesHandler(ws, !!devMode, moduleAccessMap),
           spaFallbackHandler(shellHtml),
         ];
 
         for (const handler of handlers) {
-          const response = handler(req, url, ctx);
-          if (response instanceof Promise) return response;
+          const response = await handler(req, url, ctx);
           if (response) return response;
         }
 
@@ -433,14 +468,8 @@ export async function startPlatformServer(
       server,
       contextHandler: null,
       connectionManager: null,
-      setManifest: (m) => { manifest = m; },
-      notifyReload: (m) => {
-        const data = JSON.stringify(m);
-        for (const c of sseClients) {
-          try { c.enqueue(`data: ${data}\n\n`); }
-          catch { sseClients.delete(c); }
-        }
-      },
+      setManifest,
+      notifyReload,
       stop: () => server.stop(),
     };
   }
@@ -459,8 +488,9 @@ export async function startPlatformServer(
     port,
     httpHandlers: [
       // Platform-specific handlers (checked AFTER arc handlers)
+      ...(deployApiHandler ? [deployApiHandler] : []),
       apiEndpointsHandler(ws, getManifest, null, moduleAccessMap),
-      ...(devMode ? [devReloadHandler(sseClients)] : []),
+      devReloadHandler(sseClients),
       staticFilesHandler(ws, !!devMode, moduleAccessMap),
       spaFallbackHandler(shellHtml),
     ],
@@ -471,14 +501,8 @@ export async function startPlatformServer(
     server: arcServer.server,
     contextHandler: arcServer.contextHandler,
     connectionManager: arcServer.connectionManager,
-    setManifest: (m) => { manifest = m; },
-    notifyReload: (m) => {
-      const data = JSON.stringify(m);
-      for (const c of sseClients) {
-        try { c.enqueue(`data: ${data}\n\n`); }
-        catch { sseClients.delete(c); }
-      }
-    },
+    setManifest,
+    notifyReload,
     stop: () => arcServer.stop(),
   };
 }

package/src/platform/shared.ts

@@ -1,19 +1,21 @@
 import { findUpSync } from "find-up";
-import { copyFileSync, existsSync, mkdirSync, readFileSync } from "fs";
+import { copyFileSync, existsSync, mkdirSync, readFileSync, readdirSync, writeFileSync } from "fs";
 import { dirname, join } from "path";
 import {
   buildPackages,
   buildStyles,
   discoverPackages,
   isContextPackage,
+  sha256OfFiles,
   type BuildManifest,
+  type ModuleDescriptor,
   type ModuleEntry,
   type WorkspacePackage,
 } from "../builder/module-builder";
 
 // Re-export for convenience
 export { buildPackages, buildStyles, isContextPackage };
-export type { BuildManifest, ModuleEntry, WorkspacePackage };
+export type { BuildManifest, ModuleDescriptor, ModuleEntry, WorkspacePackage };
 
 // ---------------------------------------------------------------------------
 // Logging
@@ -138,7 +140,47 @@ export async function buildAll(ws: WorkspaceInfo): Promise<BuildManifest> {
   await buildShell(ws.shellDir, ws.packages);
   ok("Shell built");
 
-  return manifest;
+  // Compute aggregate hashes now that all artifacts are on disk, then rewrite
+  // manifest.json with full hash data (modules + shellHash + stylesHash).
+  const finalManifest = finalizeManifest(ws, manifest);
+  writeFileSync(
+    join(ws.modulesDir, "manifest.json"),
+    JSON.stringify(finalManifest, null, 2),
+  );
+  return finalManifest;
+}
+
+/**
+ * Compute shellHash + stylesHash and produce the final manifest.
+ * Pure function — does not touch disk.
+ */
+export function finalizeManifest(
+  ws: WorkspaceInfo,
+  manifest: BuildManifest,
+): BuildManifest {
+  const shellFiles = listFilesRec(ws.shellDir);
+  const stylesFiles = [
+    join(ws.arcDir, "styles.css"),
+    join(ws.arcDir, "theme.css"),
+  ].filter((p) => existsSync(p));
+
+  return {
+    modules: manifest.modules,
+    shellHash: sha256OfFiles(shellFiles),
+    stylesHash: sha256OfFiles(stylesFiles),
+    buildTime: manifest.buildTime,
+  };
+}
+
+function listFilesRec(dir: string): string[] {
+  if (!existsSync(dir)) return [];
+  const out: string[] = [];
+  for (const entry of readdirSync(dir, { withFileTypes: true })) {
+    const p = join(dir, entry.name);
+    if (entry.isDirectory()) out.push(...listFilesRec(p));
+    else if (entry.isFile()) out.push(p);
+  }
+  return out;
 }
 
 // ---------------------------------------------------------------------------