@concavejs/core 0.0.1-alpha.5 → 0.0.1-alpha.7

package/dist/auth/jwt.d.ts

@@ -36,6 +36,11 @@ export type JWTValidationConfig = {
     secret?: string;
     skipVerification?: boolean;
     clockTolerance?: number;
+    /**
+     * Optional TTL (in milliseconds) for cached remote JWKS resolvers.
+     * Defaults to 5 minutes when omitted.
+     */
+    jwksCacheTtlMs?: number;
 };
 export type JWTValidationErrorCode = "MISSING_CONFIG" | "INVALID_SIGNATURE" | "TOKEN_EXPIRED" | "TOKEN_NOT_ACTIVE" | "CLAIM_VALIDATION_FAILED" | "MISSING_SUBJECT" | "MISSING_ISSUER" | "INVALID_TOKEN";
 export declare class JWTValidationError extends Error {

package/dist/auth/jwt.js

@@ -123,12 +123,17 @@ export const WELL_KNOWN_JWKS_URLS = {
     firebase: () => "https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",
 };
 const DEFAULT_CLOCK_TOLERANCE_SECONDS = 60;
+const DEFAULT_JWKS_CACHE_TTL_MS = 5 * 60 * 1000;
+const MAX_JWKS_CACHE_TTL_MS = 24 * 60 * 60 * 1000;
 const JWKS_CACHE = new Map();
 let defaultValidationConfig;
 let adminAuthConfig;
 let systemAuthConfig;
 export function setJwtValidationConfig(config) {
     defaultValidationConfig = config;
+    // Config updates can change issuer/audience/JWKS source semantics.
+    // Clearing resolver cache avoids stale long-lived entries across reconfiguration.
+    JWKS_CACHE.clear();
 }
 export function getJwtValidationConfig() {
     return defaultValidationConfig;
@@ -268,7 +273,15 @@ export function resolveJwtValidationConfigFromEnv(env) {
         parseBoolean(getEnvValue("CONCAVE_JWT_SKIP_VERIFICATION", env));
     const clockTolerance = parseNumber(getEnvValue("AUTH_CLOCK_TOLERANCE", env)) ??
         parseNumber(getEnvValue("CONCAVE_JWT_CLOCK_TOLERANCE", env));
-    if (!jwksUrl && !issuer && !audience && !secret && skipVerification === undefined && clockTolerance === undefined) {
+    const jwksCacheTtlMs = parseNumber(getEnvValue("AUTH_JWKS_CACHE_TTL_MS", env)) ??
+        parseNumber(getEnvValue("CONCAVE_JWT_JWKS_CACHE_TTL_MS", env));
+    if (!jwksUrl &&
+        !issuer &&
+        !audience &&
+        !secret &&
+        skipVerification === undefined &&
+        clockTolerance === undefined &&
+        jwksCacheTtlMs === undefined) {
         return undefined;
     }
     return {
@@ -278,6 +291,7 @@ export function resolveJwtValidationConfigFromEnv(env) {
         secret,
         skipVerification,
         clockTolerance,
+        jwksCacheTtlMs,
     };
 }
 function normalizeList(value) {
@@ -324,15 +338,33 @@ function validateClaims(claims, config) {
         throw new JWTValidationError("CLAIM_VALIDATION_FAILED", "JWT claim validation failed: aud");
     }
 }
-function getRemoteJwks(jwksUrl) {
+function getRemoteJwks(jwksUrl, config) {
+    const now = Date.now();
     const cached = JWKS_CACHE.get(jwksUrl);
+    if (cached && cached.expiresAtMs > now) {
+        return cached.resolver;
+    }
     if (cached) {
-        return cached;
+        JWKS_CACHE.delete(jwksUrl);
     }
     const jwks = createRemoteJWKSet(new URL(jwksUrl));
-    JWKS_CACHE.set(jwksUrl, jwks);
+    const configuredTtl = config?.jwksCacheTtlMs ?? defaultValidationConfig?.jwksCacheTtlMs;
+    const ttlMs = resolveJwksCacheTtlMs(configuredTtl);
+    JWKS_CACHE.set(jwksUrl, {
+        resolver: jwks,
+        expiresAtMs: now + ttlMs,
+    });
     return jwks;
 }
+function resolveJwksCacheTtlMs(configuredTtl) {
+    if (configuredTtl === undefined) {
+        return DEFAULT_JWKS_CACHE_TTL_MS;
+    }
+    if (!Number.isFinite(configuredTtl)) {
+        return DEFAULT_JWKS_CACHE_TTL_MS;
+    }
+    return Math.max(0, Math.min(MAX_JWKS_CACHE_TTL_MS, Math.floor(configuredTtl)));
+}
 export function decodeJwtUnsafe(token) {
     if (!token)
         return null;
@@ -366,7 +398,7 @@ export async function verifyJwt(token, config) {
             ({ payload } = await jwtVerify(token, key, options));
         }
         else {
-            ({ payload } = await jwtVerify(token, getRemoteJwks(effectiveConfig.jwksUrl), options));
+            ({ payload } = await jwtVerify(token, getRemoteJwks(effectiveConfig.jwksUrl, effectiveConfig), options));
         }
         const claims = payload;
         validateClaims(claims, effectiveConfig);

package/dist/http/api-router.d.ts

@@ -7,6 +7,7 @@ export interface FunctionExecutionParams {
     args: Record<string, any>;
     auth?: AuthContext | UserIdentityAttributes;
     componentPath?: string;
+    snapshotTimestamp?: bigint;
     request: Request;
 }
 export interface FunctionExecutionResult {
@@ -24,7 +25,7 @@ export interface StorageStoreResult {
 }
 export interface StorageGetResult {
     blob: Blob | null;
-    headers?: HeadersInit;
+    headers?: Record<string, string> | [string, string][] | Headers;
 }
 export interface StorageAdapter {
     store(blob: Blob, request: Request): Promise<StorageStoreResult>;
@@ -36,6 +37,7 @@ export interface CoreHttpApiOptions {
     notifyWrites?: (writtenRanges?: SerializedKeyRange[], writtenTables?: string[], commitTimestamp?: bigint) => Promise<void> | void;
     storage?: StorageAdapter;
     corsHeaders?: Record<string, string>;
+    getSnapshotTimestamp?: (request: Request) => Promise<bigint> | bigint;
 }
 export interface CoreHttpApiResult {
     handled: boolean;

package/dist/http/api-router.js

@@ -1,6 +1,5 @@
 import { AdminAuthError, assertAdminToken, assertSystemToken, identityFromToken, isAdminToken, isSystemToken, JWTValidationError, SystemAuthError, } from "../auth";
-import { stringToHex, writtenTablesFromRanges } from "../utils";
-import { isValidDocumentId } from "../id-codec";
+import { writtenTablesFromRanges } from "../utils";
 import { InternalFunctionAccessError } from "../errors";
 export function computeCorsHeaders(request) {
     const origin = request.headers.get("Origin");
@@ -82,6 +81,40 @@ export async function resolveAuthContext(bodyAuth, headerToken, headerIdentity)
     }
     return bodyAuth;
 }
+function parseTimestampInput(value) {
+    if (value === undefined || value === null) {
+        return undefined;
+    }
+    if (typeof value === "bigint") {
+        return value >= 0n ? value : undefined;
+    }
+    if (typeof value === "number") {
+        if (!Number.isFinite(value) || !Number.isInteger(value) || value < 0) {
+            return undefined;
+        }
+        return BigInt(value);
+    }
+    if (typeof value === "string") {
+        const trimmed = value.trim();
+        if (!/^\d+$/.test(trimmed)) {
+            return undefined;
+        }
+        try {
+            return BigInt(trimmed);
+        }
+        catch {
+            return undefined;
+        }
+    }
+    return undefined;
+}
+async function resolveSnapshotTimestamp(options, request) {
+    const fromCallback = options.getSnapshotTimestamp ? await options.getSnapshotTimestamp(request) : undefined;
+    if (typeof fromCallback === "bigint") {
+        return fromCallback;
+    }
+    return BigInt(Date.now());
+}
 export async function handleCoreHttpApiRequest(request, options) {
     const url = new URL(request.url);
     const segments = url.pathname.split("/").filter(Boolean);
@@ -125,6 +158,19 @@ export async function handleCoreHttpApiRequest(request, options) {
         throw error;
     }
     const route = routeSegments[0];
+    if (route === "query_ts") {
+        if (request.method !== "POST") {
+            return {
+                handled: true,
+                response: apply(Response.json({ error: "Method not allowed" }, { status: 405 })),
+            };
+        }
+        const snapshotTimestamp = await resolveSnapshotTimestamp(options, request);
+        return {
+            handled: true,
+            response: apply(Response.json({ ts: snapshotTimestamp.toString() })),
+        };
+    }
     if (route === "storage") {
         if (!options.storage) {
             return {
@@ -154,18 +200,10 @@ export async function handleCoreHttpApiRequest(request, options) {
         }
         if (request.method === "GET" && routeSegments.length === 2) {
             try {
-                let storageId = decodeURIComponent(routeSegments[1]);
-                const originalId = storageId;
-                // If the ID doesn't have a table prefix and isn't a valid Base32 document ID,
-                // it's likely a raw hex storage ID. Prepend the default _storage table prefix.
-                if (!storageId.includes(":") && !isValidDocumentId(storageId)) {
-                    const tableHex = stringToHex("_storage");
-                    storageId = `${tableHex}:${storageId}`;
-                }
+                const storageId = decodeURIComponent(routeSegments[1]);
                 const result = await options.storage.get(storageId, request);
                 const blob = result.blob;
                 if (!blob) {
-                    console.error(`[CoreHttpApi] Storage object not found. ID: ${storageId} (original: ${originalId})`);
                     return {
                         handled: true,
                         response: apply(new Response("Object not found", { status: 404 })),
@@ -192,7 +230,7 @@ export async function handleCoreHttpApiRequest(request, options) {
             }
         }
     }
-    if (route === "query" || route === "mutation" || route === "action") {
+    if (route === "query" || route === "mutation" || route === "action" || route === "query_at_ts") {
         if (request.method !== "POST") {
             return {
                 handled: true,
@@ -216,7 +254,7 @@ export async function handleCoreHttpApiRequest(request, options) {
                     response: apply(Response.json({ error: "Invalid request body" }, { status: 400 })),
                 };
             }
-            const { path, args, format, auth: bodyAuth, componentPath } = body;
+            const { path, args, format, auth: bodyAuth, componentPath, ts } = body;
             if (!path || typeof path !== "string") {
                 return {
                     handled: true,
@@ -245,6 +283,14 @@ export async function handleCoreHttpApiRequest(request, options) {
                 };
             }
             const jsonArgs = rawArgs ?? {};
+            const executionType = route === "query_at_ts" ? "query" : route;
+            const snapshotTimestamp = route === "query_at_ts" ? parseTimestampInput(ts) : undefined;
+            if (route === "query_at_ts" && snapshotTimestamp === undefined) {
+                return {
+                    handled: true,
+                    response: apply(Response.json({ error: "Invalid or missing ts" }, { status: 400 })),
+                };
+            }
             let authForExecution;
             try {
                 authForExecution = await resolveAuthContext(bodyAuth, headerToken, headerIdentity);
@@ -261,11 +307,12 @@ export async function handleCoreHttpApiRequest(request, options) {
                 throw error;
             }
             const executionParams = {
-                type: route,
+                type: executionType,
                 path,
                 args: jsonArgs,
                 auth: authForExecution,
                 componentPath,
+                snapshotTimestamp,
                 request,
             };
             try {
@@ -282,7 +329,7 @@ export async function handleCoreHttpApiRequest(request, options) {
             }
             const result = await options.executeFunction(executionParams);
             if (options.notifyWrites &&
-                (route === "mutation" || route === "action") &&
+                (executionType === "mutation" || executionType === "action") &&
                 (result.writtenRanges?.length || result.writtenTables?.length)) {
                 await options.notifyWrites(result.writtenRanges, result.writtenTables ?? writtenTablesFromRanges(result.writtenRanges));
             }

package/dist/http/http-handler.js

@@ -4,6 +4,7 @@
  * Delegates Convex-style HTTP API routes to shared core logic while
  * wiring runtime execution adapters and docstore.
  */
+import { loadConvexModule } from "../udf";
 import { createClientAdapter } from "../udf/execution-adapter";
 import { UdfKernel } from "../queryengine";
 import { applyCors, computeCorsHeaders, handleCoreHttpApiRequest, resolveAuthContext } from "./index";
@@ -19,6 +20,8 @@ function isReservedApiPath(pathname) {
         normalizedPath === "/api/sync" ||
         normalizedPath === "/api/reset-test-state" ||
         normalizedPath === "/api/query" ||
+        normalizedPath === "/api/query_ts" ||
+        normalizedPath === "/api/query_at_ts" ||
         normalizedPath === "/api/mutation" ||
         normalizedPath === "/api/action") {
         return true;
@@ -107,7 +110,7 @@ export class HttpHandler {
             }
         };
         const coreResult = await handleCoreHttpApiRequest(request, {
-            executeFunction: async ({ type, path, args, auth, componentPath }) => this.adapter.executeUdf(path, args, type, auth, componentPath),
+            executeFunction: async ({ type, path, args, auth, componentPath, snapshotTimestamp }) => this.adapter.executeUdf(path, args, type, auth, componentPath, undefined, snapshotTimestamp),
             notifyWrites,
             storage: this.docstore && this.blobstore
                 ? {
@@ -129,6 +132,19 @@ export class HttpHandler {
                 }
                 : undefined,
             corsHeaders,
+            getSnapshotTimestamp: () => {
+                const oracle = this.docstore?.timestampOracle;
+                const oracleTimestamp = typeof oracle?.beginSnapshot === "function"
+                    ? oracle.beginSnapshot()
+                    : typeof oracle?.getCurrentTimestamp === "function"
+                        ? oracle.getCurrentTimestamp()
+                        : undefined;
+                const wallClock = BigInt(Date.now());
+                if (typeof oracleTimestamp === "bigint" && oracleTimestamp > wallClock) {
+                    return oracleTimestamp;
+                }
+                return wallClock;
+            },
         });
         if (coreResult?.handled) {
             return coreResult.response;
@@ -161,10 +177,43 @@ export class HttpHandler {
                 return apply(Response.json({ error: "Invalid function path" }, { status: 400 }));
             }
             const isFunctionHandle = body.path.startsWith("function://");
+            // Normalize slash-separated paths to colon format (e.g. "messages/list" → "messages:list")
+            if (!isFunctionHandle && !body.path.includes(":") && body.path.includes("/")) {
+                const lastSlash = body.path.lastIndexOf("/");
+                body.path = body.path.substring(0, lastSlash) + ":" + body.path.substring(lastSlash + 1);
+            }
             if (!isFunctionHandle && !body.path.includes(":")) {
                 return apply(Response.json({ error: "Invalid function path" }, { status: 400 }));
             }
-            if (body.type !== "query" && body.type !== "mutation" && body.type !== "action") {
+            let udfType;
+            if (body.type === "query" || body.type === "mutation" || body.type === "action") {
+                udfType = body.type;
+            }
+            else if (body.type === undefined || body.type === null) {
+                // Auto-detect type by loading the module and inspecting the export
+                try {
+                    const modulePath = body.path.split(":")[0];
+                    const functionName = body.path.split(":")[1] ?? "default";
+                    const module = await loadConvexModule(modulePath, { hint: "udf" });
+                    const func = module[functionName];
+                    if (!func) {
+                        return apply(Response.json({ error: `Function ${body.path} not found` }, { status: 404 }));
+                    }
+                    if (func.isQuery)
+                        udfType = "query";
+                    else if (func.isMutation)
+                        udfType = "mutation";
+                    else if (func.isAction)
+                        udfType = "action";
+                    else {
+                        return apply(Response.json({ error: `Function ${body.path} is not a valid query, mutation, or action` }, { status: 400 }));
+                    }
+                }
+                catch (error) {
+                    return apply(Response.json({ error: `Could not auto-detect function type: ${error.message}` }, { status: 400 }));
+                }
+            }
+            else {
                 return apply(Response.json({ error: "Invalid function type" }, { status: 400 }));
             }
             try {
@@ -216,10 +265,10 @@ export class HttpHandler {
                     return apply(Response.json({ error: "Invalid args" }, { status: 400 }));
                 }
                 const normalizedArgs = rawArgs ?? {};
-                const result = await this.adapter.executeUdf(body.path, normalizedArgs, body.type, authForExecution, body.componentPath);
+                const result = await this.adapter.executeUdf(body.path, normalizedArgs, udfType, authForExecution, body.componentPath);
                 const writtenTables = writtenTablesFromRanges(result.writtenRanges);
                 // Notify subscriptions for mutations/actions with writes
-                if ((body.type === "mutation" || body.type === "action") && result.writtenRanges?.length) {
+                if ((udfType === "mutation" || udfType === "action") && result.writtenRanges?.length) {
                     await notifyWrites(result.writtenRanges, writtenTables, result.commitTimestamp);
                 }
                 return apply(Response.json({

package/dist/interfaces/execution-context.d.ts

@@ -7,9 +7,10 @@
  * - Distributed Mode: May read from cache or remote, writes go via coordinator
  */
 import type { Transactor, TransactionHandle } from "./transactor";
+import type { UserIdentityAttributes } from "convex/server";
 export interface AuthContext {
     type: "Admin" | "User" | "None";
-    userIdentity?: any;
+    userIdentity?: UserIdentityAttributes;
 }
 export interface ExecutionContext {
     /**

package/dist/kernel/blob-store-gateway.js

@@ -1,5 +1,5 @@
 import { encodeDocumentId, internalIdToHex } from "../id-codec";
-import { parseDeveloperId } from "../queryengine/developer-id";
+import { parseStorageId } from "../queryengine/developer-id";
 import { serializeDeveloperId, stringToHex } from "../utils/utils";
 export class BlobStoreGateway {
     context;
@@ -51,19 +51,19 @@ export class BlobStoreGateway {
         if (!this.storage) {
             return null;
         }
-        const docId = parseDeveloperId(storageId);
+        const docId = parseStorageId(storageId);
         if (!docId) {
-            console.error(`[BlobStoreGateway] Failed to parse storage ID: ${storageId}`);
+            console.debug(`[BlobStoreGateway] Failed to parse storage ID: ${storageId}`);
             return null;
         }
         const docValue = await this.queryRuntime.getVisibleDocumentById(storageId, docId);
         if (!docValue) {
-            console.error(`[BlobStoreGateway] Document not found for storage ID: ${storageId} (table: ${docId.table}, internalId: ${docId.internalId})`);
+            console.debug(`[BlobStoreGateway] Document not found for storage ID: ${storageId} (table: ${docId.table}, internalId: ${docId.internalId}, ts: ${this.context.snapshotTimestamp})`);
             return null;
         }
         const storedBlob = await this.storage.get(docId.internalId);
         if (!storedBlob) {
-            console.error(`[BlobStoreGateway] Blob not found in storage: ${docId.internalId}`);
+            console.debug(`[BlobStoreGateway] Blob not found in storage: ${docId.internalId}`);
             return null;
         }
         return storedBlob instanceof Blob ? storedBlob : new Blob([storedBlob]);
@@ -72,7 +72,7 @@ export class BlobStoreGateway {
         if (!this.storage) {
             return null;
         }
-        const docId = parseDeveloperId(storageId);
+        const docId = parseStorageId(storageId);
         if (!docId) {
             return null;
         }
@@ -85,7 +85,7 @@ export class BlobStoreGateway {
     }
     async delete(storageId) {
         const storage = this.requireStorage();
-        const docId = parseDeveloperId(storageId);
+        const docId = parseStorageId(storageId);
         if (!docId) {
             return;
         }

package/dist/kernel/context-storage.js

@@ -30,18 +30,24 @@ export class ContextStorage {
         }
         return this.stack.length > 0 ? this.stack[this.stack.length - 1] : undefined;
     }
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
     run(value, callback) {
         if (this.als) {
+            // ALS.run handles both sync and async callbacks correctly
             return this.als.run(value, callback);
         }
         this.stack.push(value);
         const result = callback();
         if (result && typeof result.then === "function") {
+            // For async callbacks, clean up the stack when the promise settles.
+            // The cast is safe: the callback returned a Promise<R> which is assignable to R
+            // when the caller expects a Promise return (which is always the case for async callbacks).
             return result.finally(() => {
                 this.stack.pop();
             });
         }
         this.stack.pop();
+        // At this point we've ruled out the Promise branch above, so result is R
         return result;
     }
 }

package/dist/kernel/syscalls/action-syscalls.js

@@ -34,19 +34,17 @@ export class ActionSyscalls {
     async handleRunUdf(args) {
         const target = resolveFunctionTarget(args, this.context.componentPath);
         const udfArguments = normalizeUdfArgsPayload(args.args);
-        const type = args.udfType ?? args.type ?? "mutation";
+        const type = (args.udfType ?? args.type ?? "mutation");
         return await this.invocationManager.execute(target.udfPath, udfArguments, type, target.componentPath);
     }
-    handleCreateFunctionHandle(args) {
+    async handleCreateFunctionHandle(args) {
         const target = resolveFunctionTarget(args, this.context.componentPath);
         return formatFunctionHandle(target.componentPath ?? "", target.udfPath);
     }
     async handleVectorSearch(args) {
-        const { query: vectorQuery } = args;
-        return this.queryRuntime.runVectorSearchAction(vectorQuery);
+        return this.queryRuntime.runVectorSearchAction(args.query);
     }
     async handleSearchAction(args) {
-        const { query: searchQuery } = args;
-        return this.queryRuntime.runSearchAction(searchQuery);
+        return this.queryRuntime.runSearchAction(args.query);
     }
 }

package/dist/kernel/syscalls/database-syscalls.js

@@ -181,7 +181,7 @@ export class DatabaseSyscalls {
             }
         }
         else {
-            for (const [key, val] of Object.entries(value ?? {})) {
+            for (const [key, val] of Object.entries((value ?? {}))) {
                 if (val === "$undefined" || val === undefined) {
                     delete newValue[key];
                 }

package/dist/kernel/syscalls/js-router.d.ts

@@ -1,8 +1,8 @@
-type JsSyscallHandler = (args: Record<string, any>) => Promise<any>;
+type JsSyscallHandler = (args: Record<string, unknown>) => Promise<unknown>;
 export declare class JsSyscallRouter {
     private readonly handlers;
     register(op: string, handler: JsSyscallHandler): void;
     has(op: string): boolean;
-    dispatch(op: string, args: Record<string, any>): Promise<any>;
+    dispatch(op: string, args: Record<string, unknown>): Promise<unknown>;
 }
 export {};

package/dist/kernel/syscalls/kernel-syscalls.d.ts

@@ -5,5 +5,5 @@ export declare class KernelSyscalls {
     constructor(resources: KernelResources);
     syscall(op: string, jsonArgs: string): string;
     asyncSyscall(op: string, jsonArgs: string): Promise<string>;
-    jsSyscall(op: string, args: Record<string, any>): Promise<any>;
+    jsSyscall(op: string, args: Record<string, unknown>): Promise<unknown>;
 }

package/dist/kernel/syscalls/query-syscalls.js

@@ -19,13 +19,13 @@ export class QuerySyscalls {
         return { queryId };
     }
     handleQueryCleanup(args) {
-        const { queryId } = args;
+        const queryId = args.queryId;
         delete this.pendingQueries[queryId];
         delete this.queryResults[queryId];
         return {};
     }
     async handleQueryStreamNext(args) {
-        const { queryId } = args;
+        const queryId = args.queryId;
         if (this.pendingQueries[queryId]) {
             const query = this.pendingQueries[queryId];
             delete this.pendingQueries[queryId];

package/dist/kernel/syscalls/router.d.ts

@@ -1,5 +1,6 @@
-type SyncSyscallHandler = (args: any) => any;
-type AsyncSyscallHandler = (args: any) => Promise<any>;
+type SyscallArgs = Record<string, unknown>;
+type SyncSyscallHandler = (args: SyscallArgs) => unknown;
+type AsyncSyscallHandler = (args: SyscallArgs) => Promise<unknown>;
 export declare class SyscallRouter {
     private readonly syncSyscalls;
     private readonly asyncSyscalls;

package/dist/kernel/syscalls/utils.d.ts

@@ -5,11 +5,11 @@ export interface FunctionTarget {
     componentPath?: string;
 }
 export declare function resolveTableName(docId: InternalDocumentId, tableRegistry: TableRegistry): Promise<string>;
-export declare function normalizeUdfArgsPayload(udfArgs: any): any;
-export declare function resolveFunctionTarget(callArgs: any, currentComponentPath: string): FunctionTarget;
+export declare function normalizeUdfArgsPayload(udfArgs: unknown): unknown;
+export declare function resolveFunctionTarget(callArgs: Record<string, unknown>, currentComponentPath: string): FunctionTarget;
 export declare function parseFunctionHandleTarget(handle: string): FunctionTarget;
 export declare function parseReferenceAddress(reference: string, currentComponentPath: string): FunctionTarget;
 export declare function joinComponentScope(base: string, child: string): string;
 export declare function normalizeComponentPathValue(path?: string | null): string | undefined;
 export declare function formatFunctionHandle(componentPath: string | undefined, udfPath: string): string;
-export declare function evaluatePatchValue(value: any): any;
+export declare function evaluatePatchValue(value: unknown): unknown;

package/dist/kernel/syscalls/utils.js

@@ -37,8 +37,9 @@ export function resolveFunctionTarget(callArgs, currentComponentPath) {
         return parseFunctionHandleTarget(callArgs.functionHandle);
     }
     if (callArgs && typeof callArgs.functionHandle === "object" && callArgs.functionHandle !== null) {
-        if (typeof callArgs.functionHandle.handle === "string") {
-            return parseFunctionHandleTarget(callArgs.functionHandle.handle);
+        const handle = callArgs.functionHandle;
+        if (typeof handle.handle === "string") {
+            return parseFunctionHandleTarget(handle.handle);
         }
     }
     if (callArgs && typeof callArgs.reference === "string") {

package/dist/queryengine/developer-id.d.ts

@@ -14,6 +14,14 @@ import type { InternalDocumentId } from "../docstore/interface";
  * @returns The parsed InternalDocumentId or null if invalid
  */
 export declare function parseDeveloperId(developerId: string): InternalDocumentId | null;
+/**
+ * Parse a storage ID, which may be a full developer ID or a raw internal ID.
+ * If it's a raw internal ID (32-char hex), it defaults to the _storage table.
+ *
+ * @param storageId - The storage ID string
+ * @returns The parsed InternalDocumentId or null if invalid
+ */
+export declare function parseStorageId(storageId: string): InternalDocumentId | null;
 /**
  * Check if an InternalDocumentId uses the component format (has tableNumber).
  */

package/dist/queryengine/developer-id.js

@@ -1,5 +1,5 @@
-import { deserializeDeveloperId } from "../utils/utils";
-import { isValidDocumentId, decodeDocumentId, internalIdToHex } from "../id-codec";
+import { deserializeDeveloperId, stringToHex } from "../utils/utils";
+import { isValidDocumentId, decodeDocumentId, internalIdToHex, INTERNAL_ID_LENGTH } from "../id-codec";
 /**
  * Parse a developer-facing ID string into an InternalDocumentId.
  *
@@ -38,6 +38,27 @@ export function parseDeveloperId(developerId) {
     }
     return { table: parts.table, internalId: parts.internalId };
 }
+/**
+ * Parse a storage ID, which may be a full developer ID or a raw internal ID.
+ * If it's a raw internal ID (32-char hex), it defaults to the _storage table.
+ *
+ * @param storageId - The storage ID string
+ * @returns The parsed InternalDocumentId or null if invalid
+ */
+export function parseStorageId(storageId) {
+    const parsed = parseDeveloperId(storageId);
+    if (parsed) {
+        return parsed;
+    }
+    // If it's a 32-character hex string, it's likely a raw internal ID for storage
+    if (storageId.length === INTERNAL_ID_LENGTH * 2 && /^[0-9a-fA-F]+$/.test(storageId)) {
+        return {
+            table: stringToHex("_storage"),
+            internalId: storageId.toLowerCase(),
+        };
+    }
+    return null;
+}
 /**
  * Check if an InternalDocumentId uses the component format (has tableNumber).
  */

package/dist/router/router.d.ts

@@ -2,14 +2,19 @@
  * Runtime adapter for Concave CLI
  * This is a minimal runtime library used by the generated entry module
  */
+/** Minimal execution context compatible with Cloudflare Workers, Bun, and Node.js */
+export interface RuntimeExecutionContext {
+    waitUntil(promise: Promise<unknown>): void;
+    passThroughOnException?(): void;
+}
 export type ConcaveContext = {
     env: any;
     request: Request;
-    ctx: ExecutionContext;
+    ctx: RuntimeExecutionContext;
 };
 export type UdfFunction = (ctx: ConcaveContext, args: unknown) => Promise<unknown>;
 export interface ConcaveRouter {
-    fetch: (request: Request, env: any, ctx: ExecutionContext) => Promise<Response>;
+    fetch: (request: Request, env: any, ctx: RuntimeExecutionContext) => Promise<Response>;
 }
 export interface RouterOptions {
     /**
@@ -17,7 +22,7 @@ export interface RouterOptions {
      * If provided, this handler is called first and can choose to handle the request
      * or delegate to the default router by returning null
      */
-    customFetch?: (request: Request, env: any, ctx: ExecutionContext, registry: Record<string, UdfFunction>) => Promise<Response | null>;
+    customFetch?: (request: Request, env: any, ctx: RuntimeExecutionContext, registry: Record<string, UdfFunction>) => Promise<Response | null>;
     /**
      * Base path for routes (default: "")
      * Example: "/api" would make routes accessible at /api/convex/...