@arcote.tech/arc-cli 0.6.2 → 0.7.1

package/src/platform/deploy-api.ts

@@ -1,400 +0,0 @@
-import type { ArcHttpHandler } from "@arcote.tech/arc-host";
-import { spawn } from "bun";
-import {
-  cpSync,
-  existsSync,
-  mkdirSync,
-  readFileSync,
-  rmSync,
-  writeFileSync,
-} from "fs";
-import { dirname, join, normalize, resolve } from "path";
-import { sha256Hex } from "../builder/module-builder";
-import type { BuildManifest, WorkspaceInfo } from "./shared";
-
-// ---------------------------------------------------------------------------
-// Deploy API — v0.6 per-module push model.
-//
-// Mounted on the same Bun.serve as the main platform server. Gated by
-// ARC_DEPLOY_API=1 so dev/localhost starts never expose it. Security boundary
-// is network-layer: in production the arc container publishes :5005 only to
-// docker-network; Caddy exposes /api/deploy/* only on its 127.0.0.1:2019
-// management listener. Developer reaches it exclusively through `ssh -L`.
-// No auth tokens — the SSH key is the auth.
-//
-// Endpoints:
-//   GET  /api/deploy/health       — liveness + module count
-//   GET  /api/deploy/framework    — { depsHash } for diff vs local
-//   GET  /api/deploy/manifest     — full current manifest
-//   POST /api/deploy/framework    — multipart (package.json + bun.lock)
-//                                   → bun install w platform dir, response
-//                                     needsRestart=true (CLI does docker restart)
-//   POST /api/deploy/modules/:name — multipart (browser.js, server.js?,
-//                                   package.json, access.json?)
-//                                   → write to .staging/modules/<name>/,
-//                                     bun install jeśli deps changed
-//   POST /api/deploy/styles       — multipart (styles.css, theme.css?)
-//                                   → write to .staging/
-//   POST /api/deploy/manifest     — JSON commit phase: atomic swap staging→live,
-//                                   setManifest, SSE notify; response includes
-//                                   needsRestart when any module's server.js
-//                                   changed.
-// ---------------------------------------------------------------------------
-
-export interface DeployApiOptions {
-  ws: WorkspaceInfo;
-  getManifest: () => BuildManifest;
-  setManifest: (m: BuildManifest) => void;
-  notifyReload: (m: BuildManifest) => void;
-}
-
-export function createDeployApiHandler(opts: DeployApiOptions): ArcHttpHandler {
-  return async (req, url, ctx) => {
-    const p = url.pathname;
-    if (!p.startsWith("/api/deploy/")) return null;
-    const cors = ctx.corsHeaders;
-
-    // -----------------------------------------------------------------------
-    // GET endpoints — state probes
-    // -----------------------------------------------------------------------
-    if (p === "/api/deploy/health" && req.method === "GET") {
-      return Response.json(
-        { ok: true, modules: opts.getManifest().modules.length },
-        { headers: cors },
-      );
-    }
-
-    if (p === "/api/deploy/framework" && req.method === "GET") {
-      const hashPath = join(opts.ws.arcDir, ".deps-hash");
-      const depsHash = existsSync(hashPath)
-        ? readFileSync(hashPath, "utf-8").trim()
-        : null;
-      return Response.json({ depsHash }, { headers: cors });
-    }
-
-    if (p === "/api/deploy/manifest" && req.method === "GET") {
-      return Response.json(opts.getManifest(), { headers: cors });
-    }
-
-    // -----------------------------------------------------------------------
-    // POST /api/deploy/framework — install framework peers + rebuild shell
-    // -----------------------------------------------------------------------
-    if (p === "/api/deploy/framework" && req.method === "POST") {
-      const form = await req.formData();
-      const pkgFile = form.get("package.json");
-      const lockFile = form.get("bun.lock");
-      if (!isFile(pkgFile) || !isFile(lockFile)) {
-        return badRequest("framework requires package.json + bun.lock", cors);
-      }
-
-      mkdirSync(opts.ws.arcDir, { recursive: true });
-      writeFileSync(
-        join(opts.ws.arcDir, "package.json"),
-        Buffer.from(await pkgFile.arrayBuffer()),
-      );
-      writeFileSync(
-        join(opts.ws.arcDir, "bun.lock"),
-        Buffer.from(await lockFile.arrayBuffer()),
-      );
-
-      const start = Date.now();
-      // No --frozen-lockfile: workspace bun.lock from the source project
-      // contains the full dep graph, but our framework manifest is a subset.
-      // Bun would reject as "lockfile had changes". Let bun re-resolve against
-      // the framework-only package.json.
-      const installOk = await runBun(
-        ["install", "--production"],
-        opts.ws.arcDir,
-      );
-      if (!installOk) {
-        return Response.json(
-          { error: "bun install failed" },
-          { status: 500, headers: cors },
-        );
-      }
-
-      // Rebuild shell from freshly-installed framework peers. Hidden _build-shell
-      // subcommand discovers @arcote.tech/* + react under --from.
-      const cliBin = process.argv[1] ?? "arc";
-      const shellOk = await runBun(
-        [
-          "run",
-          cliBin,
-          "_build-shell",
-          "--out",
-          opts.ws.shellDir,
-          "--from",
-          join(opts.ws.arcDir, "node_modules"),
-        ],
-        opts.ws.arcDir,
-      );
-      if (!shellOk) {
-        return Response.json(
-          { error: "shell build failed" },
-          { status: 500, headers: cors },
-        );
-      }
-
-      // Compute fresh deps-hash and persist
-      const newHash = sha256Hex(
-        Buffer.concat([
-          readFileSync(join(opts.ws.arcDir, "package.json")),
-          readFileSync(join(opts.ws.arcDir, "bun.lock")),
-        ]),
-      );
-      writeFileSync(join(opts.ws.arcDir, ".deps-hash"), newHash + "\n");
-
-      return Response.json(
-        {
-          changed: true,
-          tookMs: Date.now() - start,
-          needsRestart: true,
-        },
-        { headers: cors },
-      );
-    }
-
-    // -----------------------------------------------------------------------
-    // POST /api/deploy/modules/:name — per-module push (browser + server +
-    //   deps + access) into staging
-    // -----------------------------------------------------------------------
-    const moduleMatch = p.match(/^\/api\/deploy\/modules\/([^/]+)$/);
-    if (moduleMatch && req.method === "POST") {
-      const safeName = sanitizeName(moduleMatch[1]);
-      if (!safeName) return badRequest("invalid module name", cors);
-
-      const form = await req.formData();
-      const browser = form.get("browser.js");
-      if (!isFile(browser)) {
-        return badRequest("modules/<name> requires browser.js", cors);
-      }
-
-      const stagingDir = join(
-        opts.ws.arcDir,
-        ".staging",
-        "modules",
-        safeName,
-      );
-      mkdirSync(stagingDir, { recursive: true });
-
-      await writeField(stagingDir, "browser.js", browser);
-      const server = form.get("server.js");
-      if (isFile(server)) {
-        await writeField(stagingDir, "server.js", server);
-      }
-      const pkg = form.get("package.json");
-      if (isFile(pkg)) {
-        await writeField(stagingDir, "package.json", pkg);
-      }
-      const access = form.get("access.json");
-      if (isFile(access)) {
-        await writeField(stagingDir, "access.json", access);
-      }
-
-      // Compare staging deps-hash vs live; install only when different.
-      const stagingPkgPath = join(stagingDir, "package.json");
-      const livePkgPath = join(opts.ws.arcDir, "modules", safeName, "package.json");
-      const stagingPkgBytes = existsSync(stagingPkgPath)
-        ? readFileSync(stagingPkgPath)
-        : Buffer.from("");
-      const livePkgBytes = existsSync(livePkgPath)
-        ? readFileSync(livePkgPath)
-        : Buffer.from("");
-      const depsChanged =
-        sha256Hex(stagingPkgBytes) !== sha256Hex(livePkgBytes);
-
-      writeFileSync(
-        join(stagingDir, ".deps-hash"),
-        sha256Hex(stagingPkgBytes) + "\n",
-      );
-
-      if (depsChanged && existsSync(stagingPkgPath)) {
-        const ok = await runBun(["install", "--production"], stagingDir);
-        if (!ok) {
-          rmSync(stagingDir, { recursive: true, force: true });
-          return Response.json(
-            { error: `bun install failed for module ${safeName}` },
-            { status: 500, headers: cors },
-          );
-        }
-      } else if (!depsChanged) {
-        // Preserve previous node_modules so atomic swap doesn't blow it away.
-        const liveNodeModules = join(
-          opts.ws.arcDir,
-          "modules",
-          safeName,
-          "node_modules",
-        );
-        if (existsSync(liveNodeModules)) {
-          cpSync(liveNodeModules, join(stagingDir, "node_modules"), {
-            recursive: true,
-          });
-        }
-      }
-
-      return Response.json(
-        {
-          ok: true,
-          name: safeName,
-          depsChanged,
-          serverIncluded: isFile(server),
-        },
-        { headers: cors },
-      );
-    }
-
-    // -----------------------------------------------------------------------
-    // POST /api/deploy/styles — global styles to staging
-    // -----------------------------------------------------------------------
-    if (p === "/api/deploy/styles" && req.method === "POST") {
-      const form = await req.formData();
-      const stagingDir = join(opts.ws.arcDir, ".staging");
-      mkdirSync(stagingDir, { recursive: true });
-      const written: string[] = [];
-      for (const name of ["styles.css", "theme.css"] as const) {
-        const f = form.get(name);
-        if (isFile(f)) {
-          await writeField(stagingDir, name, f);
-          written.push(name);
-        }
-      }
-      return Response.json({ ok: true, written }, { headers: cors });
-    }
-
-    // -----------------------------------------------------------------------
-    // POST /api/deploy/manifest — commit phase
-    // -----------------------------------------------------------------------
-    if (p === "/api/deploy/manifest" && req.method === "POST") {
-      const body = (await req.json()) as BuildManifest;
-      if (!validateManifest(body)) {
-        return badRequest("invalid manifest body", cors);
-      }
-
-      const stagingRoot = join(opts.ws.arcDir, ".staging");
-      const stagingModules = join(stagingRoot, "modules");
-      let serverSideChanged = false;
-
-      // Per-module atomic swap. We don't use rename(2) across volumes; cp+rm
-      // is good enough on a single docker volume.
-      if (existsSync(stagingModules)) {
-        const stagedNames = readDir(stagingModules);
-        for (const name of stagedNames) {
-          const src = join(stagingModules, name);
-          const dst = join(opts.ws.arcDir, "modules", name);
-          if (existsSync(join(src, "server.js"))) serverSideChanged = true;
-          if (existsSync(dst)) {
-            rmSync(dst, { recursive: true, force: true });
-          }
-          mkdirSync(dirname(dst), { recursive: true });
-          cpSync(src, dst, { recursive: true });
-        }
-      }
-
-      // Styles swap
-      for (const name of ["styles.css", "theme.css"] as const) {
-        const src = join(stagingRoot, name);
-        if (existsSync(src)) {
-          cpSync(src, join(opts.ws.arcDir, name));
-        }
-      }
-
-      // Persist new manifest
-      writeFileSync(
-        join(opts.ws.modulesDir, "manifest.json"),
-        JSON.stringify(body, null, 2),
-      );
-      opts.setManifest(body);
-
-      // Cleanup staging
-      rmSync(stagingRoot, { recursive: true, force: true });
-
-      if (!serverSideChanged) {
-        // Browser-only change → SSE notify clients, zero restart.
-        opts.notifyReload(body);
-      }
-
-      return Response.json(
-        {
-          ok: true,
-          moduleCount: body.modules.length,
-          needsRestart: serverSideChanged,
-        },
-        { headers: cors },
-      );
-    }
-
-    return new Response("Not Found", { status: 404, headers: cors });
-  };
-}
-
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-
-function badRequest(msg: string, cors: HeadersInit): Response {
-  return Response.json({ error: msg }, { status: 400, headers: cors });
-}
-
-function isFile(v: unknown): v is File {
-  return (
-    typeof v === "object" &&
-    v !== null &&
-    typeof (v as File).arrayBuffer === "function" &&
-    typeof (v as File).name === "string"
-  );
-}
-
-async function writeField(
-  targetDir: string,
-  name: string,
-  file: File,
-): Promise<void> {
-  // Safety: reject names attempting traversal. Field names are CLI-controlled
-  // but treat as untrusted anyway (network-facing endpoint).
-  const safe = normalize(name);
-  const safeRoot = resolve(targetDir);
-  const full = resolve(safeRoot, safe);
-  if (!full.startsWith(safeRoot + "/") && full !== safeRoot) {
-    throw new Error(`Path traversal rejected: ${name}`);
-  }
-  mkdirSync(dirname(full), { recursive: true });
-  writeFileSync(full, Buffer.from(await file.arrayBuffer()));
-}
-
-function sanitizeName(name: string): string | null {
-  if (!/^[a-zA-Z0-9_-]+$/.test(name)) return null;
-  return name;
-}
-
-function readDir(dir: string): string[] {
-  if (!existsSync(dir)) return [];
-  return require("fs").readdirSync(dir) as string[];
-}
-
-async function runBun(args: string[], cwd: string): Promise<boolean> {
-  const proc = spawn({
-    cmd: ["bun", ...args],
-    cwd,
-    stdout: "inherit",
-    stderr: "inherit",
-  });
-  const exit = await proc.exited;
-  return exit === 0;
-}
-
-function validateManifest(m: unknown): m is BuildManifest {
-  if (!m || typeof m !== "object") return false;
-  const cast = m as BuildManifest;
-  return (
-    Array.isArray(cast.modules) &&
-    typeof cast.shellHash === "string" &&
-    typeof cast.stylesHash === "string" &&
-    typeof cast.buildTime === "string"
-  );
-}
-
-/** Recompute a module's hash from disk — exposed for tests. */
-export function rehashModuleFile(filePath: string): string {
-  if (!existsSync(filePath)) throw new Error(`Missing: ${filePath}`);
-  return sha256Hex(readFileSync(filePath));
-}