npm - @bod.ee/db - Versions diffs - 0.9.1 → 0.10.2 - Mend

@bod.ee/db 0.9.1 → 0.10.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/.claude/settings.local.json +7 -1
package/.claude/skills/config-file.md +1 -0
package/.claude/skills/developing-bod-db.md +11 -5
package/.claude/skills/using-bod-db.md +125 -5
package/CLAUDE.md +11 -6
package/README.md +3 -3
package/admin/admin.ts +57 -0
package/admin/demo.config.ts +132 -0
package/admin/rules.ts +4 -1
package/admin/ui.html +530 -6
package/bun.lock +33 -0
package/cli.ts +4 -43
package/client.ts +5 -3
package/config.ts +10 -3
package/index.ts +5 -0
package/package.json +8 -2
package/src/client/BodClient.ts +225 -2
package/src/client/{CachedClient.ts → BodClientCached.ts} +115 -6
package/src/server/BodDB.ts +24 -8
package/src/server/KeyAuthEngine.ts +481 -0
package/src/server/ReplicationEngine.ts +1 -1
package/src/server/RulesEngine.ts +4 -2
package/src/server/Transport.ts +223 -0
package/src/server/VFSEngine.ts +78 -7
package/src/shared/keyAuth.browser.ts +80 -0
package/src/shared/keyAuth.ts +177 -0
package/src/shared/protocol.ts +28 -1
package/tests/cached-client.test.ts +123 -7
package/tests/keyauth.test.ts +1037 -0
package/admin/server.ts +0 -607

package/admin/server.ts DELETED Viewed

@@ -1,607 +0,0 @@
-import { BodDB } from '../src/server/BodDB.ts';
-import { join } from 'path';
-import { rules } from './rules.ts';
-const DB_PATH = process.env.DB_PATH ?? join(import.meta.dir, '../.tmp/bod-db-admin.sqlite');
-const PORT = process.env.PORT ? Number(process.env.PORT) : 4400;
-import { increment, serverTimestamp, arrayUnion, arrayRemove } from '../src/shared/transforms.ts';
-const ADMIN_TOKEN = process.env.ADMIN_TOKEN;
-const SOURCE_PORT = PORT + 1;
-// ── Source DB — a separate BodDB instance acting as a remote data source ─────
-const sourceDb = new BodDB({
-  path: ':memory:',
-  sweepInterval: 0,
-  replication: { role: 'primary' },
-});
-sourceDb.replication!.start();
-sourceDb.serve({ port: SOURCE_PORT });
-// Seed source with demo data
-sourceDb.set('catalog/widgets', { name: 'Widget A', price: 29.99, stock: 150 });
-sourceDb.set('catalog/gadgets', { name: 'Gadget B', price: 49.99, stock: 75 });
-sourceDb.set('catalog/gizmos', { name: 'Gizmo C', price: 19.99, stock: 300 });
-sourceDb.set('alerts/sys-1', { level: 'warn', msg: 'CPU spike detected', ts: Date.now() });
-sourceDb.set('alerts/sys-2', { level: 'info', msg: 'Backup completed', ts: Date.now() });
-console.log(`Source DB: :memory: on port ${SOURCE_PORT}`);
-// ── Main DB — subscribes to source via feed subscription ─────────────────────
-const db = new BodDB({
-  path: DB_PATH,
-  rules,
-  sweepInterval: 60000,
-  fts: {},
-  vectors: { dimensions: 384 },
-  vfs: { storageRoot: join(import.meta.dir, '../.tmp/vfs') },
-  replication: {
-    role: 'primary',
-    sources: [{
-      url: `ws://localhost:${SOURCE_PORT}`,
-      paths: ['catalog', 'alerts'],
-      localPrefix: 'source',
-      id: 'admin-demo-source',
-    }],
-  },
-});
-console.log(`DB: ${DB_PATH}`);
-// Seed only if empty
-if (!db.get('users/alice')) {
-  db.set('users/alice', { name: 'Alice', age: 30, role: 'admin' });
-  db.set('users/bob', { name: 'Bob', age: 25, role: 'user' });
-  db.set('users/carol', { name: 'Carol', age: 28, role: 'user' });
-  db.set('settings/theme', 'dark');
-  db.set('settings/lang', 'en');
-  // Seed push, FTS, and vector data
-  db.push('logs', { level: 'info', msg: 'Server started', ts: Date.now() });
-  db.set('counters/likes', 0);
-  db.set('counters/views', 0);
-  // FTS seed
-  db.index('users/alice', 'Alice is an admin user who manages the system');
-  db.index('users/bob', 'Bob is a regular user who writes articles');
-  db.index('users/carol', 'Carol is a user interested in design and UX');
-  db.set('_fts/users_alice', { path: 'users/alice', content: 'Alice is an admin user who manages the system', indexedAt: Date.now() });
-  db.set('_fts/users_bob', { path: 'users/bob', content: 'Bob is a regular user who writes articles', indexedAt: Date.now() });
-  db.set('_fts/users_carol', { path: 'users/carol', content: 'Carol is a user interested in design and UX', indexedAt: Date.now() });
-  // Vector seed (384d — simple deterministic embeddings for demo)
-  const makeEmb = (seed: number) => Array.from({length: 384}, (_, i) => Math.sin((i + seed) * 0.1) * 0.5);
-  db.vectors!.store('users/alice', makeEmb(0));
-  db.vectors!.store('users/bob', makeEmb(10));
-  db.vectors!.store('users/carol', makeEmb(20));
-  db.set('_vectors/users_alice', { path: 'users/alice', dimensions: 384, storedAt: Date.now() });
-  db.set('_vectors/users_bob', { path: 'users/bob', dimensions: 384, storedAt: Date.now() });
-  db.set('_vectors/users_carol', { path: 'users/carol', dimensions: 384, storedAt: Date.now() });
-  // Stream seed
-  db.push('events/orders', { orderId: 'o1', amount: 99, status: 'completed' });
-  db.push('events/orders', { orderId: 'o2', amount: 42, status: 'pending' });
-  db.push('events/orders', { orderId: 'o3', amount: 150, status: 'completed' });
-  // MQ seed
-  db.mq.push('queues/jobs', { type: 'email', to: 'alice@example.com', subject: 'Welcome' });
-  db.mq.push('queues/jobs', { type: 'sms', to: '+1234567890', body: 'Your code is 1234' });
-  db.mq.push('queues/jobs', { type: 'webhook', url: 'https://example.com/hook', payload: { event: 'signup' } });
-  // VFS seed
-  if (db.vfs) {
-    db.vfs.mkdir('docs');
-    db.vfs.write('docs/readme.txt', new TextEncoder().encode('Welcome to BodDB VFS!\nThis is a demo file.'));
-    db.vfs.write('docs/config.json', new TextEncoder().encode(JSON.stringify({ theme: 'dark', lang: 'en' }, null, 2)), 'application/json');
-    db.vfs.mkdir('images');
-  }
-}
-// ── Start replication (sources) ───────────────────────────────────────────────
-db.replication!.start().then(() => {
-  console.log(`[REPL] source feed connected → syncing catalog + alerts from :${SOURCE_PORT}`);
-}).catch(e => console.error('[REPL] source feed failed:', e));
-// Stats are now published automatically by BodDB when _admin has subscribers
-// ── Server (WS + REST /db/* + UI) ─────────────────────────────────────────────
-const UI_PATH = join(import.meta.dir, 'ui.html');
-import type { Server, ServerWebSocket } from 'bun';
-import type { ClientMessage } from '../src/shared/protocol.ts';
-import { Errors } from '../src/shared/errors.ts';
-import { normalizePath, reconstruct } from '../src/shared/pathUtils.ts';
-interface WsData {
-  auth: Record<string, unknown> | null;
-  valueSubs: Map<string, () => void>;
-  childSubs: Map<string, () => void>;
-  streamSubs: Map<string, () => void>;
-}
-const wsClients = new Set<ServerWebSocket<WsData>>();
-const server = Bun.serve({
-  port: PORT,
-  async fetch(req, server) {
-    const url = new URL(req.url);
-    // WebSocket upgrade (must be before UI/REST handlers)
-    if (req.headers.get('upgrade') === 'websocket') {
-      if (server.upgrade(req, { data: { auth: null, valueSubs: new Map(), childSubs: new Map(), streamSubs: new Map() } as WsData })) return;
-      return new Response('WS upgrade failed', { status: 400 });
-    }
-    // Serve UI
-    if (url.pathname === '/' || url.pathname === '/ui.html') {
-      return new Response(Bun.file(UI_PATH));
-    }
-    // REST: GET /rules
-    if (req.method === 'GET' && url.pathname === '/rules') {
-      const summary = Object.entries(rules).map(([pattern, rule]) => ({
-        pattern,
-        read: rule.read === undefined ? null : rule.read === false ? false : rule.read === true ? true : rule.read.toString(),
-        write: rule.write === undefined ? null : rule.write === false ? false : rule.write === true ? true : rule.write.toString(),
-      }));
-      return Response.json({ ok: true, rules: summary });
-    }
-    // REST: GET /db/<path>?shallow=true — shallow returns only immediate child keys
-    if (req.method === 'GET' && url.pathname.startsWith('/db/')) {
-      const path = normalizePath(url.pathname.slice(4));
-      const shallow = url.searchParams.get('shallow') === 'true';
-      if (shallow) {
-        return Response.json({ ok: true, children: db.getShallow(path || undefined) });
-      }
-      if (!path) {
-        const rows = db.storage.db.query("SELECT path, value FROM nodes ORDER BY path").all() as Array<{ path: string; value: string }>;
-        const data = rows.length ? reconstruct('', rows) : {};
-        return Response.json({ ok: true, data });
-      }
-      return Response.json({ ok: true, data: db.get(path) });
-    }
-    // REST: PUT /db/<path>
-    if (req.method === 'PUT' && url.pathname.startsWith('/db/')) {
-      const path = normalizePath(url.pathname.slice(4));
-      return (async () => {
-        db.set(path, await req.json());
-        return Response.json({ ok: true });
-      })();
-    }
-    // REST: DELETE /db/<path>
-    if (req.method === 'DELETE' && url.pathname.startsWith('/db/')) {
-      const path = normalizePath(url.pathname.slice(4));
-      db.delete(path);
-      return Response.json({ ok: true });
-    }
-    // REST: POST /transform — apply a transform sentinel
-    if (req.method === 'POST' && url.pathname === '/transform') {
-      return (async () => {
-        const { path, type, value } = await req.json() as { path: string; type: string; value?: unknown };
-        let sentinel: unknown;
-        switch (type) {
-          case 'increment': sentinel = increment(value as number); break;
-          case 'serverTimestamp': sentinel = serverTimestamp(); break;
-          case 'arrayUnion': sentinel = arrayUnion(...(Array.isArray(value) ? value : [value])); break;
-          case 'arrayRemove': sentinel = arrayRemove(...(Array.isArray(value) ? value : [value])); break;
-          default: return Response.json({ ok: false, error: `Unknown transform: ${type}` }, { status: 400 });
-        }
-        db.set(path, sentinel);
-        return Response.json({ ok: true, data: db.get(path) });
-      })();
-    }
-    // REST: POST /set-ttl — set a value with TTL
-    if (req.method === 'POST' && url.pathname === '/set-ttl') {
-      return (async () => {
-        const { path, value, ttl } = await req.json() as { path: string; value: unknown; ttl: number };
-        db.set(path, value, { ttl });
-        return Response.json({ ok: true });
-      })();
-    }
-    // REST: POST /sweep — manual TTL sweep
-    if (req.method === 'POST' && url.pathname === '/sweep') {
-      const expired = db.sweep();
-      return Response.json({ ok: true, expired });
-    }
-    // REST: POST /fts/index — index text for FTS
-    if (req.method === 'POST' && url.pathname === '/fts/index') {
-      return (async () => {
-        const { path, content } = await req.json() as { path: string; content: string };
-        db.index(path, content);
-        return Response.json({ ok: true });
-      })();
-    }
-    // REST: GET /fts/search?text=...&path=...&limit=...
-    if (req.method === 'GET' && url.pathname === '/fts/search') {
-      const text = url.searchParams.get('text') ?? '';
-      const pathFilter = url.searchParams.get('path') ?? undefined;
-      const limit = url.searchParams.get('limit') ? Number(url.searchParams.get('limit')) : undefined;
-      const results = db.search({ text, path: pathFilter, limit });
-      return Response.json({ ok: true, data: results });
-    }
-    // REST: POST /vectors/store — store an embedding
-    if (req.method === 'POST' && url.pathname === '/vectors/store') {
-      return (async () => {
-        const { path, embedding } = await req.json() as { path: string; embedding: number[] };
-        db.vectors!.store(path, embedding);
-        return Response.json({ ok: true });
-      })();
-    }
-    // REST: POST /vectors/search — vector similarity search
-    if (req.method === 'POST' && url.pathname === '/vectors/search') {
-      return (async () => {
-        const { query, path: pathFilter, limit, threshold } = await req.json() as { query: number[]; path?: string; limit?: number; threshold?: number };
-        const results = db.vectorSearch({ query, path: pathFilter, limit, threshold });
-        return Response.json({ ok: true, data: results });
-      })();
-    }
-    // REST: GET /replication — source config + sync status
-    if (req.method === 'GET' && url.pathname === '/replication') {
-      const sources = (db.replication?.options.sources ?? []).map(s => ({
-        url: s.url,
-        paths: s.paths,
-        localPrefix: s.localPrefix,
-        id: s.id,
-      }));
-      // Check what data synced under each source prefix
-      const synced: Record<string, unknown> = {};
-      for (const s of sources) {
-        const prefix = s.localPrefix || '';
-        synced[prefix || '(root)'] = db.get(prefix) ?? null;
-      }
-      return Response.json({ ok: true, role: db.replication?.options.role, sources, synced });
-    }
-    // REST: POST /replication/source-write — write to the source DB (for demo)
-    if (req.method === 'POST' && url.pathname === '/replication/source-write') {
-      return (async () => {
-        const { path, value } = await req.json() as { path: string; value: unknown };
-        sourceDb.set(path, value);
-        return Response.json({ ok: true });
-      })();
-    }
-    // REST: DELETE /replication/source-delete — delete on source DB
-    if (req.method === 'DELETE' && url.pathname.startsWith('/replication/source-delete/')) {
-      const path = url.pathname.slice('/replication/source-delete/'.length);
-      sourceDb.delete(path);
-      return Response.json({ ok: true });
-    }
-    // ── VFS REST routes (/files/*) ───────────────────────────────────────────
-    if (url.pathname.startsWith('/files/') && db.vfs) {
-      const vfsPath = decodeURIComponent(url.pathname.slice(7));
-      // POST /files/<path>?mkdir=1 — create directory
-      if (req.method === 'POST' && url.searchParams.get('mkdir') === '1') {
-        db.vfs.mkdir(vfsPath);
-        return Response.json({ ok: true });
-      }
-      // POST /files/<path> — upload
-      if (req.method === 'POST') {
-        const buf = new Uint8Array(await req.arrayBuffer());
-        const mime = req.headers.get('content-type') || undefined;
-        const stat = await db.vfs.write(vfsPath, buf, mime);
-        return Response.json({ ok: true, data: stat });
-      }
-      // GET /files/<path>?stat=1 — metadata
-      if (req.method === 'GET' && url.searchParams.get('stat') === '1') {
-        const stat = db.vfs.stat(vfsPath);
-        if (!stat) return Response.json({ ok: false, error: 'Not found', code: Errors.NOT_FOUND }, { status: 404 });
-        return Response.json({ ok: true, data: stat });
-      }
-      // GET /files/<path>?list=1 — list directory
-      if (req.method === 'GET' && url.searchParams.get('list') === '1') {
-        return Response.json({ ok: true, data: db.vfs.list(vfsPath) });
-      }
-      // GET /files/<path> — download
-      if (req.method === 'GET') {
-        const stat = db.vfs.stat(vfsPath);
-        if (!stat) return new Response('Not found', { status: 404 });
-        const data = await db.vfs.read(vfsPath);
-        return new Response(data, { headers: { 'Content-Type': stat.mime, 'Content-Length': String(stat.size) } });
-      }
-      // PUT /files/<path>?move=<dst> — move/rename
-      if (req.method === 'PUT' && url.searchParams.has('move')) {
-        const dst = url.searchParams.get('move')!;
-        db.vfs.move(vfsPath, dst);
-        return Response.json({ ok: true, data: db.vfs.stat(dst) });
-      }
-      // DELETE /files/<path> — delete
-      if (req.method === 'DELETE') {
-        db.vfs.remove(vfsPath);
-        return Response.json({ ok: true });
-      }
-    }
-    return new Response('Not found', { status: 404 });
-  },
-  websocket: {
-    open(ws: ServerWebSocket<WsData>) {
-      wsClients.add(ws);
-      console.log(`[WS] client connected (${wsClients.size} total)`);
-    },
-    close(ws: ServerWebSocket<WsData>) {
-      wsClients.delete(ws);
-      const vn = ws.data.valueSubs.size, cn = ws.data.childSubs.size, sn = ws.data.streamSubs.size;
-      for (const off of ws.data.valueSubs.values()) off();
-      for (const off of ws.data.childSubs.values()) off();
-      for (const off of ws.data.streamSubs.values()) off();
-      console.log(`[WS] client disconnected (${wsClients.size} total) — cleaned up ${vn + cn + sn} subs`);
-    },
-    async message(ws: ServerWebSocket<WsData>, raw: string | Buffer) {
-      let msg: ClientMessage;
-      try { msg = JSON.parse(typeof raw === 'string' ? raw : raw.toString()); }
-      catch { ws.send(JSON.stringify({ id: '?', ok: false, error: 'Invalid JSON', code: Errors.INTERNAL })); return; }
-      const { id } = msg;
-      const reply = (data: unknown) => ws.send(JSON.stringify({ id, ok: true, data }));
-      const error = (err: string, code: string) => {
-        console.warn(`[WS] error op=${msg.op} — ${err}`);
-        ws.send(JSON.stringify({ id, ok: false, error: err, code }));
-      };
-      const checkRule = (op: 'read' | 'write', path: string, newData?: unknown) => {
-        if (!db.rules.check(op, path, ws.data.auth, db.get(path), newData))
-          throw new Error(`Permission denied: ${op} ${path}`);
-      };
-      try {
-        switch (msg.op) {
-          case 'auth': {
-            if (ADMIN_TOKEN && msg.token === ADMIN_TOKEN) {
-              ws.data.auth = { role: 'admin' };
-              console.log(`[AUTH] authenticated as admin`);
-              return reply({ role: 'admin' });
-            }
-            if (typeof msg.token === 'string' && msg.token.startsWith('user:')) {
-              const uid = msg.token.slice(5);
-              ws.data.auth = { role: 'user', uid };
-              console.log(`[AUTH] authenticated as user:${uid}`);
-              return reply({ role: 'user', uid });
-            }
-            ws.data.auth = null;
-            return error('Invalid token', Errors.PERMISSION_DENIED);
-          }
-          case 'get': {
-            if (msg.shallow) return reply(db.getShallow(msg.path || undefined));
-            checkRule('read', msg.path); return reply(db.get(msg.path));
-          }
-          case 'set': checkRule('write', msg.path, msg.value); if (!msg.path.startsWith('_admin') && !msg.path.startsWith('stress/')) console.log(`[DB] set ${msg.path}`); db.set(msg.path, msg.value); return reply(null);
-          case 'update': {
-            for (const [p, v] of Object.entries(msg.updates)) checkRule('write', p, v);
-            console.log(`[DB] update ${Object.keys(msg.updates).join(', ')}`); db.update(msg.updates); return reply(null);
-          }
-          case 'delete': checkRule('write', msg.path); console.log(`[DB] delete ${msg.path}`); db.delete(msg.path); return reply(null);
-          case 'query': {
-            let q = db.query(msg.path);
-            if (msg.filters) for (const f of msg.filters) q = q.where(f.field, f.op, f.value);
-            if (msg.order) q = q.order(msg.order.field, msg.order.dir);
-            if (msg.limit) q = q.limit(msg.limit);
-            if (msg.offset) q = q.offset(msg.offset);
-            const result = q.get();
-            console.log(`[DB] query ${msg.path} → ${Array.isArray(result) ? result.length + ' rows' : typeof result}`);
-            return reply(result);
-          }
-          case 'sub': {
-            const key = `${msg.event}:${msg.path}`;
-            if (msg.event === 'value') {
-              if (ws.data.valueSubs.has(key)) return reply(null);
-              const off = db.on(msg.path, (snap) => ws.send(JSON.stringify({ type: 'value', path: snap.path, data: snap.val() })));
-              ws.data.valueSubs.set(key, off);
-            } else if (msg.event === 'child') {
-              if (ws.data.childSubs.has(key)) return reply(null);
-              const off = db.onChild(msg.path, (ev) => ws.send(JSON.stringify({ type: 'child', path: msg.path, key: ev.key, data: ev.val(), event: ev.type })));
-              ws.data.childSubs.set(key, off);
-            }
-            if (!msg.path.startsWith('_admin')) console.log(`[SUB] +${msg.event} ${msg.path}`);
-            return reply(null);
-          }
-          case 'unsub': {
-            const key = `${msg.event}:${msg.path}`;
-            if (msg.event === 'value') { ws.data.valueSubs.get(key)?.(); ws.data.valueSubs.delete(key); }
-            else { ws.data.childSubs.get(key)?.(); ws.data.childSubs.delete(key); }
-            if (!msg.path.startsWith('_admin')) console.log(`[SUB] -${msg.event} ${msg.path}`);
-            return reply(null);
-          }
-          case 'batch': {
-            const results: unknown[] = [];
-            db.transaction((tx) => {
-              for (const batchOp of msg.operations) {
-                switch (batchOp.op) {
-                  case 'set': checkRule('write', batchOp.path, batchOp.value); tx.set(batchOp.path, batchOp.value); break;
-                  case 'update':
-                    for (const p of Object.keys(batchOp.updates)) checkRule('write', p);
-                    tx.update(batchOp.updates); break;
-                  case 'delete': checkRule('write', batchOp.path); tx.delete(batchOp.path); break;
-                  case 'push': {
-                    checkRule('write', batchOp.path);
-                    const key = db.push(batchOp.path, batchOp.value);
-                    results.push(key);
-                    break;
-                  }
-                }
-              }
-            });
-            console.log(`[DB] batch ${msg.operations.length} ops`);
-            return reply(results.length ? results : null);
-          }
-          case 'push': {
-            checkRule('write', msg.path);
-            const key = db.push(msg.path, msg.value, (msg as any).idempotencyKey ? { idempotencyKey: (msg as any).idempotencyKey } : undefined);
-            console.log(`[DB] push ${msg.path} → ${key}`);
-            return reply(key);
-          }
-          case 'stream-read': {
-            const { path: srPath, groupId, limit: srLimit } = msg as any;
-            const events = db.stream.read(srPath, groupId, srLimit);
-            console.log(`[STREAM] read ${srPath}:${groupId} → ${events.length} events`);
-            return reply(events);
-          }
-          case 'stream-ack': {
-            const { path: saPath, groupId: saGroup, key: saKey } = msg as any;
-            db.stream.ack(saPath, saGroup, saKey);
-            console.log(`[STREAM] ack ${saPath}:${saGroup} → ${saKey}`);
-            return reply(null);
-          }
-          case 'stream-sub': {
-            const { path: ssPath, groupId: ssGroup } = msg as any;
-            const streamKey = `${ssPath}:${ssGroup}`;
-            ws.data.streamSubs.get(streamKey)?.();
-            const unsub = db.stream.subscribe(ssPath, ssGroup, (events) => {
-              ws.send(JSON.stringify({ type: 'stream', path: ssPath, groupId: ssGroup, events }));
-            });
-            ws.data.streamSubs.set(streamKey, unsub);
-            console.log(`[STREAM] +sub ${ssPath}:${ssGroup}`);
-            return reply(null);
-          }
-          case 'stream-unsub': {
-            const { path: suPath, groupId: suGroup } = msg as any;
-            const suKey = `${suPath}:${suGroup}`;
-            ws.data.streamSubs.get(suKey)?.();
-            ws.data.streamSubs.delete(suKey);
-            console.log(`[STREAM] -sub ${suPath}:${suGroup}`);
-            return reply(null);
-          }
-          case 'stream-compact': {
-            const { path: scPath, maxAge, maxCount, keepKey } = msg as any;
-            const opts: Record<string, unknown> = {};
-            if (maxAge != null) opts.maxAge = maxAge;
-            if (maxCount != null) opts.maxCount = maxCount;
-            if (keepKey) opts.keepKey = keepKey;
-            const result = db.stream.compact(scPath, opts as any);
-            console.log(`[STREAM] compact ${scPath} → deleted ${result.deleted}, snapshot ${result.snapshotSize} keys`);
-            return reply(result);
-          }
-          case 'stream-reset': {
-            const { path: srPath } = msg as any;
-            db.stream.reset(srPath);
-            console.log(`[STREAM] reset ${srPath}`);
-            return reply(null);
-          }
-          case 'stream-snapshot': {
-            const { path: snPath } = msg as any;
-            const snap = db.stream.snapshot(snPath);
-            return reply(snap);
-          }
-          case 'stream-materialize': {
-            const { path: smPath, keepKey: smKey } = msg as any;
-            const view = db.stream.materialize(smPath, smKey ? { keepKey: smKey } : undefined);
-            return reply(view);
-          }
-          // Admin-specific ops
-          case 'transform': {
-            const { path: tPath, type, value: tVal } = msg as any;
-            let sentinel: unknown;
-            switch (type) {
-              case 'increment': sentinel = increment(tVal as number); break;
-              case 'serverTimestamp': sentinel = serverTimestamp(); break;
-              case 'arrayUnion': sentinel = arrayUnion(...(Array.isArray(tVal) ? tVal : [tVal])); break;
-              case 'arrayRemove': sentinel = arrayRemove(...(Array.isArray(tVal) ? tVal : [tVal])); break;
-              default: return error(`Unknown transform: ${type}`, Errors.INTERNAL);
-            }
-            db.set(tPath, sentinel);
-            return reply(db.get(tPath));
-          }
-          case 'set-ttl': {
-            const { path: ttlPath, value: ttlVal, ttl } = msg as any;
-            db.set(ttlPath, ttlVal, { ttl });
-            return reply(null);
-          }
-          case 'sweep': {
-            const expired = db.sweep();
-            return reply(expired);
-          }
-          case 'fts-index': {
-            const { path: fPath, content } = msg as any;
-            db.index(fPath, content);
-            db.set(`_fts/${fPath.replace(/\//g, '_')}`, { path: fPath, content, indexedAt: Date.now() });
-            return reply(null);
-          }
-          case 'fts-search': {
-            const { text, path: fPrefix, limit: fLimit } = msg as any;
-            return reply(db.search({ text, path: fPrefix, limit: fLimit }));
-          }
-          case 'vec-store': {
-            const { path: vPath, embedding } = msg as any;
-            db.vectors!.store(vPath, embedding);
-            db.set(`_vectors/${vPath.replace(/\//g, '_')}`, { path: vPath, dimensions: embedding.length, storedAt: Date.now() });
-            return reply(null);
-          }
-          case 'vec-search': {
-            const { query: vQuery, path: vPrefix, limit: vLimit, threshold } = msg as any;
-            return reply(db.vectorSearch({ query: vQuery, path: vPrefix, limit: vLimit, threshold }));
-          }
-          // MQ ops
-          case 'mq-push': {
-            const { path: mqPath, value: mqVal, idempotencyKey: mqIdem } = msg as any;
-            const mqKey = db.mq.push(mqPath, mqVal, mqIdem ? { idempotencyKey: mqIdem } : undefined);
-            console.log(`[MQ] push ${mqPath} → ${mqKey}`);
-            return reply(mqKey);
-          }
-          case 'mq-fetch': {
-            const { path: mqfPath, count: mqfCount } = msg as any;
-            const msgs = db.mq.fetch(mqfPath, mqfCount);
-            console.log(`[MQ] fetch ${mqfPath} → ${msgs.length} msgs`);
-            return reply(msgs);
-          }
-          case 'mq-ack': {
-            const { path: mqaPath, key: mqaKey } = msg as any;
-            db.mq.ack(mqaPath, mqaKey);
-            console.log(`[MQ] ack ${mqaPath}/${mqaKey}`);
-            return reply(null);
-          }
-          case 'mq-nack': {
-            const { path: mqnPath, key: mqnKey } = msg as any;
-            db.mq.nack(mqnPath, mqnKey);
-            console.log(`[MQ] nack ${mqnPath}/${mqnKey}`);
-            return reply(null);
-          }
-          case 'mq-peek': {
-            const { path: mqpPath, count: mqpCount } = msg as any;
-            const peeked = db.mq.peek(mqpPath, mqpCount);
-            console.log(`[MQ] peek ${mqpPath} → ${peeked.length} msgs`);
-            return reply(peeked);
-          }
-          case 'mq-dlq': {
-            const { path: mqdPath } = msg as any;
-            const dlqMsgs = db.mq.dlq(mqdPath);
-            console.log(`[MQ] dlq ${mqdPath} → ${dlqMsgs.length} msgs`);
-            return reply(dlqMsgs);
-          }
-          case 'mq-purge': {
-            const { path: mqpurgePath, all: mqpurgeAll } = msg as any;
-            const purged = db.mq.purge(mqpurgePath, { all: mqpurgeAll });
-            console.log(`[MQ] purge ${mqpurgePath} → ${purged} deleted`);
-            return reply(purged);
-          }
-          case 'get-rules': {
-            const summary = Object.entries(rules).map(([pattern, rule]) => ({
-              pattern,
-              read: rule.read === undefined ? null : rule.read === false ? false : rule.read === true ? true : rule.read.toString(),
-              write: rule.write === undefined ? null : rule.write === false ? false : rule.write === true ? true : rule.write.toString(),
-            }));
-            return reply(summary);
-          }
-          default: return error('Unknown op', Errors.INTERNAL);
-        }
-      } catch (e: unknown) {
-        return error(e instanceof Error ? e.message : 'Internal error', Errors.INTERNAL);
-      }
-    },
-  },
-});
-console.log(`BodDB Admin UI → http://localhost:${server.port}`);
-if (ADMIN_TOKEN) console.log(`Auth: ADMIN_TOKEN set — use "user:<uid>" for user tokens`);
-else console.log(`Auth: ADMIN_TOKEN not set — admin auth disabled, user:<uid> tokens still work`);