@comapeo/core 2.0.1 → 2.2.0

package/src/member-api.js

@@ -1,4 +1,6 @@
+import * as b4a from 'b4a'
 import * as crypto from 'node:crypto'
+import WebSocket from 'ws'
 import { TypedEmitter } from 'tiny-typed-emitter'
 import { pEvent } from 'p-event'
 import { InviteResponse_Decision } from './generated/rpc.js'
@@ -8,11 +10,15 @@ import {
   ExhaustivenessError,
   projectKeyToId,
   projectKeyToProjectInviteId,
+  projectKeyToPublicId,
 } from './utils.js'
 import { keyBy } from './lib/key-by.js'
 import { abortSignalAny } from './lib/ponyfills.js'
-import timingSafeEqual from './lib/timing-safe-equal.js'
-import { ROLES, isRoleIdForNewInvite } from './roles.js'
+import timingSafeEqual from 'string-timing-safe-equal'
+import { isHostnameIpAddress } from './lib/is-hostname-ip-address.js'
+import { ErrorWithCode, getErrorMessage } from './lib/error.js'
+import { wsCoreReplicator } from './lib/ws-core-replicator.js'
+import { MEMBER_ROLE_ID, ROLES, isRoleIdForNewInvite } from './roles.js'
 /**
  * @import {
  *   DeviceInfo,
@@ -21,11 +27,13 @@ import { ROLES, isRoleIdForNewInvite } from './roles.js'
  *   ProjectSettingsValue
  * } from '@comapeo/schema'
  */
+/** @import { Promisable } from 'type-fest' */
 /** @import { Invite, InviteResponse } from './generated/rpc.js' */
 /** @import { DataType } from './datatype/index.js' */
 /** @import { DataStore } from './datastore/index.js' */
 /** @import { deviceInfoTable } from './schema/project.js' */
 /** @import { projectSettingsTable } from './schema/client.js' */
+/** @import { ReplicationStream } from './types.js' */
 
 /** @typedef {DataType<DataStore<'config'>, typeof deviceInfoTable, "deviceInfo", DeviceInfo, DeviceInfoValue>} DeviceInfoDataType */
 /** @typedef {DataType<DataStore<'config'>, typeof projectSettingsTable, "projectSettings", ProjectSettings, ProjectSettingsValue>} ProjectDataType */
@@ -36,6 +44,8 @@ import { ROLES, isRoleIdForNewInvite } from './roles.js'
  * @prop {DeviceInfo['name']} [name]
  * @prop {DeviceInfo['deviceType']} [deviceType]
  * @prop {DeviceInfo['createdAt']} [joinedAt]
+ * @prop {object} [selfHostedServerDetails]
+ * @prop {string} selfHostedServerDetails.baseUrl
  */
 
 export class MemberApi extends TypedEmitter {
@@ -43,8 +53,11 @@ export class MemberApi extends TypedEmitter {
   #roles
   #coreOwnership
   #encryptionKeys
+  #getProjectName
   #projectKey
   #rpc
+  #getReplicationStream
+  #waitForInitialSyncWithPeer
   #dataTypes
 
   /** @type {Map<string, { abortController: AbortController }>} */
@@ -56,8 +69,11 @@ export class MemberApi extends TypedEmitter {
    * @param {import('./roles.js').Roles} opts.roles
    * @param {import('./core-ownership.js').CoreOwnership} opts.coreOwnership
    * @param {import('./generated/keys.js').EncryptionKeys} opts.encryptionKeys
+   * @param {() => Promisable<undefined | string>} opts.getProjectName
    * @param {Buffer} opts.projectKey
    * @param {import('./local-peers.js').LocalPeers} opts.rpc
+   * @param {() => ReplicationStream} opts.getReplicationStream
+   * @param {(deviceId: string, abortSignal: AbortSignal) => Promise<void>} opts.waitForInitialSyncWithPeer
    * @param {Object} opts.dataTypes
    * @param {Pick<DeviceInfoDataType, 'getByDocId' | 'getMany'>} opts.dataTypes.deviceInfo
    * @param {Pick<ProjectDataType, 'getByDocId'>} opts.dataTypes.project
@@ -67,8 +83,11 @@ export class MemberApi extends TypedEmitter {
     roles,
     coreOwnership,
     encryptionKeys,
+    getProjectName,
     projectKey,
     rpc,
+    getReplicationStream,
+    waitForInitialSyncWithPeer,
     dataTypes,
   }) {
     super()
@@ -76,8 +95,11 @@ export class MemberApi extends TypedEmitter {
     this.#roles = roles
     this.#coreOwnership = coreOwnership
     this.#encryptionKeys = encryptionKeys
+    this.#getProjectName = getProjectName
     this.#projectKey = projectKey
     this.#rpc = rpc
+    this.#getReplicationStream = getReplicationStream
+    this.#waitForInitialSyncWithPeer = waitForInitialSyncWithPeer
     this.#dataTypes = dataTypes
   }
 
@@ -245,6 +267,160 @@ export class MemberApi extends TypedEmitter {
     this.#outboundInvitesByDevice.get(deviceId)?.abortController.abort()
   }
 
+  /**
+   * Add a server peer.
+   *
+   * Can reject with any of the following error codes (accessed via `err.code`):
+   *
+   * - `INVALID_URL`: the base URL is invalid, likely due to user error.
+   * - `MISSING_DATA`: some required data is missing in order to add the server
+   *   peer. For example, the project must have a name.
+   * - `NETWORK_ERROR`: there was an issue connecting to the server. Is the
+   *   device online? Is the server online?
+   * - `SERVER_HAS_TOO_MANY_PROJECTS`: the server limits the number of projects
+   *   it can have, and it's at the limit.
+   * - `PROJECT_NOT_IN_SERVER_ALLOWLIST`: the server only allows specific
+   *   projects to be added and ours wasn't one of them.
+   * - `INVALID_SERVER_RESPONSE`: we connected to the server but it returned
+   *   an unexpected response. Is the server running a compatible version of
+   *   CoMapeo Cloud?
+   *
+   * If `err.code` is not specified, that indicates a bug in this module.
+   *
+   * @param {string} baseUrl
+   * @param {object} [options]
+   * @param {boolean} [options.dangerouslyAllowInsecureConnections] Allow insecure network connections. Should only be used in tests.
+   * @returns {Promise<void>}
+   */
+  async addServerPeer(
+    baseUrl,
+    { dangerouslyAllowInsecureConnections = false } = {}
+  ) {
+    if (
+      !isValidServerBaseUrl(baseUrl, { dangerouslyAllowInsecureConnections })
+    ) {
+      throw new ErrorWithCode('INVALID_URL', 'Server base URL is invalid')
+    }
+
+    const { serverDeviceId } = await this.#addServerToProject(baseUrl)
+
+    await this.#roles.assignRole(serverDeviceId, MEMBER_ROLE_ID)
+
+    await this.#waitForInitialSyncWithServer({
+      baseUrl,
+      serverDeviceId,
+      dangerouslyAllowInsecureConnections,
+    })
+  }
+
+  /**
+   * @param {string} baseUrl Server base URL. Should already be validated.
+   * @returns {Promise<{ serverDeviceId: string }>}
+   */
+  async #addServerToProject(baseUrl) {
+    const projectName = await this.#getProjectName()
+    if (!projectName) {
+      throw new ErrorWithCode(
+        'MISSING_DATA',
+        'Project must have name to add server peer'
+      )
+    }
+
+    const requestUrl = new URL('projects', baseUrl)
+    const requestBody = {
+      projectName,
+      projectKey: encodeBufferForServer(this.#projectKey),
+      encryptionKeys: {
+        auth: encodeBufferForServer(this.#encryptionKeys.auth),
+        data: encodeBufferForServer(this.#encryptionKeys.data),
+        config: encodeBufferForServer(this.#encryptionKeys.config),
+        blobIndex: encodeBufferForServer(this.#encryptionKeys.blobIndex),
+        blob: encodeBufferForServer(this.#encryptionKeys.blob),
+      },
+    }
+
+    /** @type {Response} */ let response
+    try {
+      response = await fetch(requestUrl, {
+        method: 'PUT',
+        body: JSON.stringify(requestBody),
+        headers: { 'Content-Type': 'application/json' },
+      })
+    } catch (err) {
+      throw new ErrorWithCode(
+        'NETWORK_ERROR',
+        `Failed to add server peer due to network error: ${getErrorMessage(
+          err
+        )}`
+      )
+    }
+
+    return await parseAddServerResponse(response)
+  }
+
+  /**
+   * @param {object} options
+   * @param {string} options.baseUrl
+   * @param {string} options.serverDeviceId
+   * @param {boolean} options.dangerouslyAllowInsecureConnections
+   * @returns {Promise<void>}
+   */
+  async #waitForInitialSyncWithServer({
+    baseUrl,
+    serverDeviceId,
+    dangerouslyAllowInsecureConnections,
+  }) {
+    const projectPublicId = projectKeyToPublicId(this.#projectKey)
+    const websocketUrl = new URL('sync/' + projectPublicId, baseUrl)
+    websocketUrl.protocol =
+      dangerouslyAllowInsecureConnections && websocketUrl.protocol === 'http:'
+        ? 'ws:'
+        : 'wss:'
+
+    const websocket = new WebSocket(websocketUrl)
+
+    try {
+      await pEvent(websocket, 'open', { rejectionEvents: ['error'] })
+    } catch (rejectionEvent) {
+      throw new ErrorWithCode(
+        // It's difficult for us to reliably disambiguate between "network error"
+        // and "invalid response from server" here, so we just say it was an
+        // invalid server response.
+        'INVALID_SERVER_RESPONSE',
+        'Failed to open the socket',
+        rejectionEvent &&
+        typeof rejectionEvent === 'object' &&
+        'error' in rejectionEvent
+          ? { cause: rejectionEvent.error }
+          : { cause: rejectionEvent }
+      )
+    }
+
+    const onErrorPromise = pEvent(websocket, 'error')
+
+    const replicationStream = this.#getReplicationStream()
+    wsCoreReplicator(websocket, replicationStream)
+
+    const syncAbortController = new AbortController()
+    const syncPromise = this.#waitForInitialSyncWithPeer(
+      serverDeviceId,
+      syncAbortController.signal
+    )
+
+    const errorEvent = await Promise.race([onErrorPromise, syncPromise])
+
+    if (errorEvent) {
+      syncAbortController.abort()
+      websocket.close()
+      throw errorEvent.error
+    } else {
+      const onClosePromise = pEvent(websocket, 'close')
+      onErrorPromise.cancel()
+      websocket.close()
+      await onClosePromise
+    }
+  }
+
   /**
    * @param {string} deviceId
    * @returns {Promise<MemberInfo>}
@@ -304,6 +480,8 @@ export class MemberApi extends TypedEmitter {
           memberInfo.name = deviceInfo?.name
           memberInfo.deviceType = deviceInfo?.deviceType
           memberInfo.joinedAt = deviceInfo?.createdAt
+          memberInfo.selfHostedServerDetails =
+            deviceInfo?.selfHostedServerDetails
         } catch (err) {
           // Attempting to get someone else may throw because sync hasn't occurred or completed
           // Only throw if attempting to get themself since the relevant information should be available
@@ -324,3 +502,118 @@ export class MemberApi extends TypedEmitter {
     return this.#roles.assignRole(deviceId, roleId)
   }
 }
+
+/**
+ * @param {string} baseUrl
+ * @param {object} options
+ * @param {boolean} options.dangerouslyAllowInsecureConnections
+ * @returns {boolean}
+ */
+function isValidServerBaseUrl(
+  baseUrl,
+  { dangerouslyAllowInsecureConnections }
+) {
+  if (baseUrl.length > 2000) return false
+
+  /** @type {URL} */ let url
+  try {
+    url = new URL(baseUrl)
+  } catch (_err) {
+    return false
+  }
+
+  const isProtocolValid =
+    url.protocol === 'https:' ||
+    (dangerouslyAllowInsecureConnections && url.protocol === 'http:')
+  if (!isProtocolValid) return false
+
+  if (url.username) return false
+  if (url.password) return false
+  if (url.search) return false
+  if (url.hash) return false
+
+  // We may want to support this someday. See <https://github.com/digidem/comapeo-core/issues/908>.
+  if (url.pathname !== '/') return false
+
+  if (
+    !isHostnameIpAddress(url.hostname) &&
+    !dangerouslyAllowInsecureConnections
+  ) {
+    const parts = url.hostname.split('.')
+    const isDomainValid = parts.length >= 2 && parts.every(Boolean)
+    if (!isDomainValid) return false
+  }
+
+  return true
+}
+
+/**
+ * @param {undefined | Uint8Array} buffer
+ * @returns {undefined | string}
+ */
+function encodeBufferForServer(buffer) {
+  return buffer ? b4a.toString(buffer, 'hex') : undefined
+}
+
+/**
+ * @param {Response} response
+ * @returns {Promise<{ serverDeviceId: string }>}
+ */
+async function parseAddServerResponse(response) {
+  if (response.status === 200) {
+    try {
+      const responseBody = await response.json()
+      assert(
+        responseBody &&
+          typeof responseBody === 'object' &&
+          'data' in responseBody &&
+          responseBody.data &&
+          typeof responseBody.data === 'object' &&
+          'deviceId' in responseBody.data &&
+          typeof responseBody.data.deviceId === 'string',
+        'Response body is valid'
+      )
+      return { serverDeviceId: responseBody.data.deviceId }
+    } catch (err) {
+      throw new ErrorWithCode(
+        'INVALID_SERVER_RESPONSE',
+        "Failed to add server peer because we couldn't parse the response"
+      )
+    }
+  }
+
+  let responseBody
+  try {
+    responseBody = await response.json()
+  } catch (_) {
+    responseBody = null
+  }
+  if (
+    responseBody &&
+    typeof responseBody === 'object' &&
+    'error' in responseBody &&
+    responseBody.error &&
+    typeof responseBody.error === 'object' &&
+    'code' in responseBody.error
+  ) {
+    switch (responseBody.error.code) {
+      case 'PROJECT_NOT_IN_ALLOWLIST':
+        throw new ErrorWithCode(
+          'PROJECT_NOT_IN_SERVER_ALLOWLIST',
+          "The server only allows specific projects to be added, and this isn't one of them"
+        )
+      case 'TOO_MANY_PROJECTS':
+        throw new ErrorWithCode(
+          'SERVER_HAS_TOO_MANY_PROJECTS',
+          "The server limits the number of projects it can have and it's at the limit"
+        )
+      default:
+        break
+    }
+  }
+
+  throw new ErrorWithCode(
+    'INVALID_SERVER_RESPONSE',
+    `Failed to add server peer due to HTTP status code ${response.status}`
+  )
+}

package/src/roles.js

@@ -2,6 +2,7 @@ import { currentSchemaVersions } from '@comapeo/schema'
 import mapObject from 'map-obj'
 import { kCreateWithDocId, kDataStore } from './datatype/index.js'
 import { assert, setHas } from './utils.js'
+import { nullIfNotFound } from './errors.js'
 import { TypedEmitter } from 'tiny-typed-emitter'
 /** @import { Namespace } from './types.js' */
 
@@ -98,6 +99,33 @@ export const CREATOR_ROLE = {
   },
 }
 
+/**
+ * @type {Role<typeof BLOCKED_ROLE_ID>}
+ */
+const BLOCKED_ROLE = {
+  roleId: BLOCKED_ROLE_ID,
+  name: 'Blocked',
+  docs: mapObject(currentSchemaVersions, (key) => {
+    return [
+      key,
+      {
+        readOwn: false,
+        writeOwn: false,
+        readOthers: false,
+        writeOthers: false,
+      },
+    ]
+  }),
+  roleAssignment: [],
+  sync: {
+    auth: 'blocked',
+    config: 'blocked',
+    data: 'blocked',
+    blobIndex: 'blocked',
+    blob: 'blocked',
+  },
+}
+
 /**
  * This is the role assumed for a device when no role record can be found. This
  * can happen when an invited device did not manage to sync with the device that
@@ -166,29 +194,7 @@ export const ROLES = {
       blob: 'allowed',
     },
   },
-  [BLOCKED_ROLE_ID]: {
-    roleId: BLOCKED_ROLE_ID,
-    name: 'Blocked',
-    docs: mapObject(currentSchemaVersions, (key) => {
-      return [
-        key,
-        {
-          readOwn: false,
-          writeOwn: false,
-          readOthers: false,
-          writeOthers: false,
-        },
-      ]
-    }),
-    roleAssignment: [],
-    sync: {
-      auth: 'blocked',
-      config: 'blocked',
-      data: 'blocked',
-      blobIndex: 'blocked',
-      blob: 'blocked',
-    },
-  },
+  [BLOCKED_ROLE_ID]: BLOCKED_ROLE,
   [LEFT_ROLE_ID]: {
     roleId: LEFT_ROLE_ID,
     name: 'Left',
@@ -264,12 +270,10 @@ export class Roles extends TypedEmitter {
    * @returns {Promise<Role>}
    */
   async getRole(deviceId) {
-    /** @type {string} */
-    let roleId
-    try {
-      const roleAssignment = await this.#dataType.getByDocId(deviceId)
-      roleId = roleAssignment.roleId
-    } catch (e) {
+    const roleRecord = await this.#dataType
+      .getByDocId(deviceId)
+      .catch(nullIfNotFound)
+    if (!roleRecord) {
       // The project creator will have the creator role
       const authCoreId = await this.#coreOwnership.getCoreId(deviceId, 'auth')
       if (authCoreId === this.#projectCreatorAuthCoreId) {
@@ -280,8 +284,10 @@ export class Roles extends TypedEmitter {
         return NO_ROLE
       }
     }
+
+    const { roleId } = roleRecord
     if (!isRoleId(roleId)) {
-      return ROLES[BLOCKED_ROLE_ID]
+      return BLOCKED_ROLE
     }
     return ROLES[roleId]
   }
@@ -383,7 +389,7 @@ export class Roles extends TypedEmitter {
 
     const existingRoleDoc = await this.#dataType
       .getByDocId(deviceId)
-      .catch(() => null)
+      .catch(nullIfNotFound)
 
     if (existingRoleDoc) {
       await this.#dataType.update(
@@ -403,7 +409,7 @@ export class Roles extends TypedEmitter {
     }
   }
 
-  async #isProjectCreator() {
+  #isProjectCreator() {
     const ownAuthCoreId = this.#coreManager
       .getWriterCore('auth')
       .key.toString('hex')

package/src/schema/client.js

@@ -1,7 +1,7 @@
 // These schemas are all in a "client" database. There is only one client
 // database and it contains information that is shared across all projects on a
 // device
-import { blob, sqliteTable, text } from 'drizzle-orm/sqlite-core'
+import { blob, sqliteTable, text, int } from 'drizzle-orm/sqlite-core'
 import { dereferencedDocSchemas as schemas } from '@comapeo/schema'
 import { jsonSchemaToDrizzleColumns as toColumns } from './schema-to-drizzle.js'
 import { backlinkTable, customJson } from './utils.js'
@@ -49,7 +49,8 @@ const deviceInfoColumn =
   )
 
 // This table only ever has one row in it.
-export const localDeviceInfoTable = sqliteTable('localDeviceInfo', {
+export const deviceSettingsTable = sqliteTable('deviceSettings', {
   deviceId: text('deviceId').notNull().unique(),
-  deviceInfo: deviceInfoColumn('deviceInfo').notNull(),
+  deviceInfo: deviceInfoColumn('deviceInfo'),
+  isArchiveDevice: int('isArchiveDevice', { mode: 'boolean' }),
 })

package/src/schema/project.js

@@ -15,6 +15,10 @@ export const observationTable = sqliteTable(
   toColumns(schemas.observation)
 )
 export const trackTable = sqliteTable('track', toColumns(schemas.track))
+export const remoteDetectionAlertTable = sqliteTable(
+  'remoteDetectionAlert',
+  toColumns(schemas.remoteDetectionAlert)
+)
 export const presetTable = sqliteTable('preset', toColumns(schemas.preset))
 export const fieldTable = sqliteTable('field', toColumns(schemas.field))
 export const coreOwnershipTable = sqliteTable(
@@ -31,6 +35,9 @@ export const iconTable = sqliteTable('icon', toColumns(schemas.icon))
 export const translationBacklinkTable = backlinkTable(translationTable)
 export const observationBacklinkTable = backlinkTable(observationTable)
 export const trackBacklinkTable = backlinkTable(trackTable)
+export const remoteDetectionAlertBacklinkTable = backlinkTable(
+  remoteDetectionAlertTable
+)
 export const presetBacklinkTable = backlinkTable(presetTable)
 export const fieldBacklinkTable = backlinkTable(fieldTable)
 export const coreOwnershipBacklinkTable = backlinkTable(coreOwnershipTable)

package/src/sync/core-sync-state.js

@@ -182,13 +182,23 @@ export class CoreSyncState {
    * blocks/ranges that are added here
    *
    * @param {PeerId} peerId
-   * @param {Array<{ start: number, length: number }>} ranges
+   * @param {number} start
+   * @param {number} length
+   * @returns {void}
    */
-  setPeerWants(peerId, ranges) {
+  addWantRange(peerId, start, length) {
     const peerState = this.#getOrCreatePeerState(peerId)
-    for (const { start, length } of ranges) {
-      peerState.setWantRange({ start, length })
-    }
+    peerState.addWantRange(start, length)
+    this.#update()
+  }
+
+  /**
+   * @param {PeerId} peerId
+   * @returns {void}
+   */
+  clearWantRanges(peerId) {
+    const peerState = this.#getOrCreatePeerState(peerId)
+    peerState.clearWantRanges()
     this.#update()
   }
 
@@ -291,14 +301,13 @@ export class PeerState {
   #preHaves = new RemoteBitfield()
   /** @type {HypercoreRemoteBitfield | undefined} */
   #haves
-  /** @type {Bitfield} */
-  #wants = new RemoteBitfield()
+  /**
+   * What blocks do we want? If `null`, we want everything.
+   * @type {null | Bitfield}
+   */
+  #wants = null
   /** @type {PeerNamespaceState['status']} */
   status = 'stopped'
-  #wantAll
-  constructor({ wantAll = true } = {}) {
-    this.#wantAll = wantAll
-  }
   get preHavesBitfield() {
     return this.#preHaves
   }
@@ -316,18 +325,27 @@ export class PeerState {
     this.#haves = bitfield
   }
   /**
-   * Set a range of blocks that a peer wants. This is not part of the Hypercore
+   * Add a range of blocks that a peer wants. This is not part of the Hypercore
    * protocol, so we need our own extension messages that a peer can use to
    * inform us which blocks they are interested in. For most cores peers always
-   * want all blocks, but for blob cores often peers only want preview or
+   * want all blocks, but for blob cores peers may only want preview or
    * thumbnail versions of media
    *
-   * @param {{ start: number, length: number }} range
+   * @param {number} start
+   * @param {number} length
+   * @returns {void}
    */
-  setWantRange({ start, length }) {
-    this.#wantAll = false
+  addWantRange(start, length) {
+    this.#wants ??= new RemoteBitfield()
     this.#wants.setRange(start, length, true)
   }
+  /**
+   * Set the range of blocks that this peer wants to the empty set. In other
+   * words, this peer wants nothing from this core.
+   */
+  clearWantRanges() {
+    this.#wants = new RemoteBitfield()
+  }
   /**
    * Returns whether the peer has the block at `index`. If a pre-have bitfield
    * has been passed, this is used if no connected peer bitfield is available.
@@ -355,8 +373,7 @@ export class PeerState {
    * @param {number} index
    */
   want(index) {
-    if (this.#wantAll) return true
-    return this.#wants.get(index)
+    return this.#wants ? this.#wants.get(index) : true
   }
   /**
    * Return the "wants" for the 32 blocks from `index`, as a 32-bit integer
@@ -366,11 +383,10 @@ export class PeerState {
    * the 32 blocks from `index`
    */
   wantWord(index) {
-    if (this.#wantAll) {
-      // This is a 32-bit number with all bits set
-      return 2 ** 32 - 1
-    }
-    return getBitfieldWord(this.#wants, index)
+    return this.#wants
+      ? getBitfieldWord(this.#wants, index)
+      : // This is a 32-bit number with all bits set
+        2 ** 32 - 1
   }
 }
 

package/src/sync/namespace-sync-state.js

@@ -136,6 +136,28 @@ export class NamespaceSyncState {
     this.#getCoreState(coreDiscoveryId).insertPreHaves(peerId, start, bitfield)
   }
 
+  /**
+   * @param {string} peerId
+   * @param {number} start
+   * @param {number} length
+   * @returns {void}
+   */
+  addWantRange(peerId, start, length) {
+    for (const coreState of this.#coreStates.values()) {
+      coreState.addWantRange(peerId, start, length)
+    }
+  }
+
+  /**
+   * @param {string} peerId
+   * @returns {void}
+   */
+  clearWantRanges(peerId) {
+    for (const coreState of this.#coreStates.values()) {
+      coreState.clearWantRanges(peerId)
+    }
+  }
+
   /**
    * @param {string} discoveryId
    */

package/src/sync/peer-sync-controller.js

@@ -152,6 +152,7 @@ export class PeerSyncController {
 
     if (didUpdate.auth) {
       try {
+        this.#log('reading role for %h', this.peerId)
         const cap = await this.#roles.getRole(this.peerId)
         this.#syncCapability = cap.sync
       } catch (e) {