@concavejs/core 0.0.1-alpha.6 → 0.0.1-alpha.8

package/dist/sync/protocol-handler.js

@@ -7,6 +7,7 @@
 import { encodeServerMessage } from "../types";
 import { assertAdminToken, assertSystemToken, verifyJwtAndGetIdentity, JWTValidationError } from "../auth";
 import { SubscriptionManager } from "../subscriptions";
+import { nativeTimers } from "../kernel/native-timers";
 import { deserializeKeyRange } from "../queryengine";
 import { advanceSessionTimestamp, convertTablesToRanges, formatRangesForLog, longToBigIntTimestamp, makeStateVersion, makeTransitionMessage, toLongTimestamp, } from "./protocol-utils";
 import { executeReactiveQuery } from "./query-execution";
@@ -60,6 +61,11 @@ export const WEBSOCKET_READY_STATE_OPEN = 1;
 const BACKPRESSURE_HIGH_WATER_MARK = 100; // Max messages in queue before dropping
 const BACKPRESSURE_BUFFER_LIMIT = 1024 * 1024; // 1MB buffer limit
 const SLOW_CLIENT_TIMEOUT_MS = 30000; // 30 seconds to drain queue before disconnect
+const DEFAULT_RATE_LIMIT_WINDOW_MS = 5000;
+const DEFAULT_MAX_MESSAGES_PER_WINDOW = 1000;
+const DEFAULT_OPERATION_TIMEOUT_MS = 15000;
+const DEFAULT_MAX_ACTIVE_QUERIES_PER_SESSION = 1_000;
+const RATE_LIMIT_HARD_MULTIPLIER = 5;
 /**
  * Session state for a connected client
  */
@@ -96,15 +102,27 @@ export class SyncSession {
 export class SyncProtocolHandler {
     udfExecutor;
     sessions = new Map();
+    rateLimitStates = new Map();
     subscriptionManager;
     instanceName;
     backpressureController;
     heartbeatController;
     isDev;
+    maxMessagesPerWindow;
+    rateLimitWindowMs;
+    operationTimeoutMs;
+    maxActiveQueriesPerSession;
     constructor(instanceName, udfExecutor, options) {
         this.udfExecutor = udfExecutor;
         this.instanceName = instanceName;
         this.isDev = options?.isDev ?? true;
+        this.maxMessagesPerWindow = Math.max(1, options?.maxMessagesPerWindow ?? DEFAULT_MAX_MESSAGES_PER_WINDOW);
+        this.rateLimitWindowMs = Math.max(1, options?.rateLimitWindowMs ?? DEFAULT_RATE_LIMIT_WINDOW_MS);
+        const configuredOperationTimeout = options?.operationTimeoutMs ?? DEFAULT_OPERATION_TIMEOUT_MS;
+        this.operationTimeoutMs = Number.isFinite(configuredOperationTimeout)
+            ? Math.max(0, Math.floor(configuredOperationTimeout))
+            : DEFAULT_OPERATION_TIMEOUT_MS;
+        this.maxActiveQueriesPerSession = Math.max(1, options?.maxActiveQueriesPerSession ?? DEFAULT_MAX_ACTIVE_QUERIES_PER_SESSION);
         this.subscriptionManager = new SubscriptionManager();
         this.backpressureController = new SessionBackpressureController({
             websocketReadyStateOpen: WEBSOCKET_READY_STATE_OPEN,
@@ -125,6 +143,10 @@ export class SyncProtocolHandler {
     createSession(sessionId, websocket) {
         const session = new SyncSession(websocket);
         this.sessions.set(sessionId, session);
+        this.rateLimitStates.set(sessionId, {
+            windowStartedAt: Date.now(),
+            messagesInWindow: 0,
+        });
         return session;
     }
     /**
@@ -146,6 +168,7 @@ export class SyncProtocolHandler {
             session.isDraining = false;
             this.subscriptionManager.unsubscribeAll(sessionId);
             this.sessions.delete(sessionId);
+            this.rateLimitStates.delete(sessionId);
         }
     }
     /**
@@ -156,6 +179,11 @@ export class SyncProtocolHandler {
         if (session) {
             this.sessions.delete(oldSessionId);
             this.sessions.set(newSessionId, session);
+            const rateLimitState = this.rateLimitStates.get(oldSessionId);
+            if (rateLimitState) {
+                this.rateLimitStates.delete(oldSessionId);
+                this.rateLimitStates.set(newSessionId, rateLimitState);
+            }
             // Update subscription manager mappings
             this.subscriptionManager.updateSessionId(oldSessionId, newSessionId);
         }
@@ -169,6 +197,32 @@ export class SyncProtocolHandler {
         if (!session && message.type !== "Connect") {
             throw new Error("Session not found");
         }
+        if (session) {
+            const rateLimitDecision = this.consumeRateLimit(sessionId);
+            if (rateLimitDecision === "reject") {
+                return [
+                    {
+                        type: "FatalError",
+                        error: "Rate limit exceeded, retry shortly",
+                    },
+                ];
+            }
+            if (rateLimitDecision === "close") {
+                try {
+                    session.websocket.close(1013, "Rate limit exceeded");
+                }
+                catch {
+                    // Ignore close errors and still destroy local session state.
+                }
+                this.destroySession(sessionId);
+                return [
+                    {
+                        type: "FatalError",
+                        error: "Rate limit exceeded",
+                    },
+                ];
+            }
+        }
         switch (message.type) {
             case "Connect":
                 return this.handleConnect(sessionId, message);
@@ -229,6 +283,13 @@ export class SyncProtocolHandler {
     async handleModifyQuerySet(sessionId, message) {
         const session = this.sessions.get(sessionId);
         return this.withSessionLock(session, async () => {
+            // If the client restarts its local query set (baseVersion=0), align the
+            // server's initial transition timestamp with the zeroed client state.
+            // Without this, a carried maxObservedTimestamp can produce startVersion
+            // mismatches like "X:0:0 transitioning from 0:0:0" after reconnect.
+            if (session.querySetVersion === 0 && session.identityVersion === 0 && message.baseVersion === 0) {
+                session.timestamp = 0n;
+            }
             // For reconnections, accept the client's base version as the starting point
             if (session.querySetVersion === 0 && message.baseVersion > 0) {
                 session.querySetVersion = message.baseVersion;
@@ -241,6 +302,15 @@ export class SyncProtocolHandler {
                 return [fatalError];
             }
             const startVersion = makeStateVersion(session.querySetVersion, session.identityVersion, session.timestamp);
+            const projectedActiveQueryCount = this.computeProjectedActiveQueryCount(session, message);
+            if (projectedActiveQueryCount > this.maxActiveQueriesPerSession) {
+                return [
+                    {
+                        type: "FatalError",
+                        error: `Too many active queries: ${projectedActiveQueryCount} exceeds limit ${this.maxActiveQueriesPerSession}`,
+                    },
+                ];
+            }
             // Update version before async work
             session.querySetVersion = message.newVersion;
             const modifications = [];
@@ -514,6 +584,27 @@ export class SyncProtocolHandler {
         const endVersion = makeStateVersion(session.querySetVersion, session.identityVersion, endTimestamp);
         return makeTransitionMessage(startVersion, endVersion, modifications);
     }
+    /**
+     * Re-execute all active subscription queries across all sessions.
+     * Used during hot-reload to push fresh results after module code changes.
+     */
+    async rerunAllSubscriptions() {
+        for (const [sessionId, session] of this.sessions) {
+            if (session.activeQueries.size === 0)
+                continue;
+            await this.withSessionLock(session, async () => {
+                const allQueryIds = new Set(session.activeQueries.keys());
+                const modifications = await this.rerunSpecificQueries(session, sessionId, allQueryIds);
+                if (modifications.length > 0) {
+                    const startTimestamp = session.timestamp;
+                    const endTimestamp = advanceSessionTimestamp(session);
+                    const startVersion = makeStateVersion(session.querySetVersion, session.identityVersion, startTimestamp);
+                    const endVersion = makeStateVersion(session.querySetVersion, session.identityVersion, endTimestamp);
+                    this.send(session, makeTransitionMessage(startVersion, endVersion, modifications));
+                }
+            });
+        }
+    }
     /**
      * Broadcast updates using fine-grained range-based tracking
      * Sends messages directly to affected sessions (excluding the originating session)
@@ -614,7 +705,55 @@ export class SyncProtocolHandler {
             }
         });
         session.lock = run.then(() => undefined, () => undefined);
-        return run;
+        return this.withOperationTimeout(run);
+    }
+    withOperationTimeout(promise) {
+        if (this.operationTimeoutMs <= 0) {
+            return promise;
+        }
+        let timeoutHandle;
+        const timeoutPromise = new Promise((_, reject) => {
+            timeoutHandle = nativeTimers.setTimeout(() => {
+                reject(new Error(`Sync operation timed out after ${this.operationTimeoutMs}ms`));
+            }, this.operationTimeoutMs);
+        });
+        return Promise.race([promise, timeoutPromise]).finally(() => {
+            if (timeoutHandle) {
+                nativeTimers.clearTimeout(timeoutHandle);
+            }
+        });
+    }
+    consumeRateLimit(sessionId) {
+        const state = this.rateLimitStates.get(sessionId);
+        if (!state) {
+            return "allow";
+        }
+        const now = Date.now();
+        if (now - state.windowStartedAt >= this.rateLimitWindowMs) {
+            state.windowStartedAt = now;
+            state.messagesInWindow = 0;
+        }
+        state.messagesInWindow += 1;
+        if (state.messagesInWindow <= this.maxMessagesPerWindow) {
+            return "allow";
+        }
+        const hardLimit = Math.max(this.maxMessagesPerWindow + 1, this.maxMessagesPerWindow * RATE_LIMIT_HARD_MULTIPLIER);
+        if (state.messagesInWindow >= hardLimit) {
+            return "close";
+        }
+        return "reject";
+    }
+    computeProjectedActiveQueryCount(session, message) {
+        const projected = new Set(session.activeQueries.keys());
+        for (const mod of message.modifications) {
+            if (mod.type === "Add") {
+                projected.add(mod.queryId);
+            }
+            else if (mod.type === "Remove") {
+                projected.delete(mod.queryId);
+            }
+        }
+        return projected.size;
     }
     sendPing(session) {
         if (!session.websocket || session.websocket.readyState !== WEBSOCKET_READY_STATE_OPEN) {

package/dist/sync/session-backpressure.js

@@ -1,3 +1,4 @@
+import { nativeTimers } from "../kernel/native-timers";
 export class SessionBackpressureController {
     options;
     constructor(options) {
@@ -27,7 +28,7 @@ export class SessionBackpressureController {
     }
     clearDrainTimeout(session) {
         if (session.drainTimeout) {
-            clearTimeout(session.drainTimeout);
+            nativeTimers.clearTimeout(session.drainTimeout);
             session.drainTimeout = undefined;
         }
     }
@@ -35,7 +36,7 @@ export class SessionBackpressureController {
         if (session.isDraining)
             return;
         session.isDraining = true;
-        session.drainTimeout = setTimeout(() => {
+        session.drainTimeout = nativeTimers.setTimeout(() => {
             if (session.messageQueue.length > 0) {
                 this.options.warn(`[SyncProtocolHandler] Slow client timeout - disconnecting. ` +
                     `Queue depth: ${session.messageQueue.length}, dropped: ${session.droppedMessages}`);
@@ -68,7 +69,7 @@ export class SessionBackpressureController {
             this.clearDrainTimeout(session);
         }
         else {
-            setTimeout(() => this.drainQueue(session), 10);
+            nativeTimers.setTimeout(() => this.drainQueue(session), 10);
         }
     }
 }

package/dist/sync/session-heartbeat.js

@@ -1,3 +1,4 @@
+import { nativeTimers } from "../kernel/native-timers";
 export class SessionHeartbeatController {
     options;
     constructor(options) {
@@ -9,7 +10,7 @@ export class SessionHeartbeatController {
     }
     clear(session) {
         if (session.pingTimer) {
-            clearTimeout(session.pingTimer);
+            nativeTimers.clearTimeout(session.pingTimer);
             session.pingTimer = undefined;
         }
     }
@@ -18,7 +19,7 @@ export class SessionHeartbeatController {
         if (!session.websocket || session.websocket.readyState !== this.options.websocketReadyStateOpen) {
             return;
         }
-        session.pingTimer = setTimeout(() => {
+        session.pingTimer = nativeTimers.setTimeout(() => {
             this.options.onPing(session);
         }, this.options.intervalMs);
     }

package/dist/system/internal.js

@@ -21,7 +21,7 @@
  */
 import { v } from "convex/values";
 import { loadConvexModule, listRegisteredModules } from "../udf/module-loader/module-loader";
-import { isMissingSchemaModuleError } from "../kernel/schema-service";
+import { isMissingSchemaModuleError } from "../kernel/missing-schema-error";
 import { listSystemFunctions } from "./function-introspection";
 import { getFullTableName } from "../tables/interface";
 import { queryExecutionLog, clearExecutionLog } from "./execution-log";
@@ -505,8 +505,11 @@ export function createSystemFunctions(deps) {
         systemListFunctions: query({
             args: { componentPath: v.optional(v.string()) },
             handler: async (ctx, args) => {
-                const componentPath = args.componentPath ?? ctx?.componentPath ?? undefined;
-                const functions = await listSystemFunctions({ componentPath });
+                const requestedComponentPath = args.componentPath ?? ctx?.componentPath ?? undefined;
+                const normalizedComponentPath = typeof requestedComponentPath === "string" && requestedComponentPath.trim().length === 0
+                    ? undefined
+                    : requestedComponentPath;
+                const functions = await listSystemFunctions({ componentPath: normalizedComponentPath });
                 return functions.map((fn) => ({
                     name: fn.name,
                     path: fn.path,

package/dist/system/system-functions.js

@@ -4,7 +4,7 @@
  */
 import { hexToString, stringToHex } from "../utils/utils";
 import { loadConvexModule } from "../udf/module-loader/module-loader";
-import { isMissingSchemaModuleError } from "../kernel/schema-service";
+import { isMissingSchemaModuleError } from "../kernel/missing-schema-error";
 import { listSystemFunctions } from "./function-introspection";
 import { Order } from "../docstore/interface";
 /**

package/dist/transactor/occ-transaction.js

@@ -1,7 +1,8 @@
 import { ConflictError } from "./transaction-manager";
 import { RangeSet } from "../queryengine/indexing/read-write-set";
 import { decodeIndexId, indexKeyspaceId, parseKeyspaceId } from "../utils/keyspace";
-import { arrayBufferToHex, readVersionKey } from "../utils/utils";
+import { arrayBufferToHex } from "../utils/utils";
+import { documentIdKey } from "../docstore/interface";
 import { UncommittedWrites } from "../ryow/uncommitted-writes";
 import { validateReadSetForCommit } from "./occ-validation";
 /**
@@ -73,7 +74,7 @@ export class OccMutationTransaction {
      * @returns The same latest document (for convenience)
      */
     recordDocumentRead(id, latest) {
-        const key = readVersionKey(id);
+        const key = documentIdKey(id);
         // Only record the first read of each document
         if (!this.readSet.has(key)) {
             const version = latest ? latest.ts : null;
@@ -93,7 +94,7 @@ export class OccMutationTransaction {
      * @returns The same latest document (for convenience)
      */
     recordDocumentReadForOccOnly(id, latest) {
-        const key = readVersionKey(id);
+        const key = documentIdKey(id);
         // Only record the first read of each document
         if (!this.readSet.has(key)) {
             const version = latest ? latest.ts : null;
@@ -121,7 +122,7 @@ export class OccMutationTransaction {
         // Add to staged writes - using Map to automatically merge multiple writes to same document
         // Only the latest write to each document will be kept, preventing duplicate timestamps
         for (const doc of documents) {
-            const key = readVersionKey(doc.id);
+            const key = documentIdKey(doc.id);
             const existing = this.stagedDocuments.get(key);
             if (existing) {
                 // When merging writes to the same document, preserve the original prev_ts
@@ -190,7 +191,7 @@ export class OccMutationTransaction {
      * @returns Latest document version, or null if document doesn't exist
      */
     async getLatest(id) {
-        const key = readVersionKey(id);
+        const key = documentIdKey(id);
         // Check if we have a pending write for this document
         if (this.pendingDocuments.has(key)) {
             const pending = this.pendingDocuments.get(key);
@@ -244,7 +245,7 @@ export class OccMutationTransaction {
         const scanKey = `table_scan:${tableId}`;
         const documentIds = new Set();
         for (const doc of docs) {
-            documentIds.add(readVersionKey(doc.value.id));
+            documentIds.add(documentIdKey(doc.value.id));
         }
         this.readSet.set(scanKey, {
             type: "table_scan",
@@ -262,7 +263,7 @@ export class OccMutationTransaction {
         const rangeKey = `index_range:${indexId}:${arrayBufferToHex(startKey)}`;
         const documentIds = new Set();
         for (const doc of docs) {
-            documentIds.add(readVersionKey(doc.value.id));
+            documentIds.add(documentIdKey(doc.value.id));
         }
         this.readSet.set(rangeKey, {
             type: "index_range",
@@ -303,7 +304,7 @@ export class OccMutationTransaction {
             const docId = doc.value.id;
             // Record read for OCC validation (skip adding to readRanges since table scan covers it)
             this.recordDocumentReadForOccOnly(docId, doc);
-            const key = readVersionKey(docId);
+            const key = documentIdKey(docId);
             visible.set(key, doc);
         }
         // Apply pending writes using consolidated RYOW helper

package/dist/transactor/occ-validation.js

@@ -1,5 +1,5 @@
 import { Order } from "../docstore/interface";
-import { readVersionKey } from "../utils/utils";
+import { documentIdKey } from "../docstore/interface";
 import { decodeIndexId } from "../utils/keyspace";
 import { ConflictError } from "./transaction-manager";
 export async function validateReadSetForCommit(docstore, readChecks, writtenDocKeys) {
@@ -43,7 +43,7 @@ async function validateTableScanRead(docstore, tableId, readDocumentIds, written
     const currentDocs = await docstore.scan(tableId);
     const currentDocIds = new Set();
     for (const doc of currentDocs) {
-        currentDocIds.add(readVersionKey(doc.value.id));
+        currentDocIds.add(documentIdKey(doc.value.id));
     }
     for (const docId of currentDocIds) {
         if (!readDocumentIds.has(docId) && !writtenDocKeys.has(docId)) {
@@ -62,7 +62,7 @@ async function validateIndexRangeRead(docstore, indexId, startKey, endKey, readD
     const currentDocIds = new Set();
     for await (const [, doc] of docstore.index_scan(indexId, table, // table as hex-encoded tableId
     BigInt(Date.now()), interval, Order.Asc)) {
-        currentDocIds.add(readVersionKey(doc.value.id));
+        currentDocIds.add(documentIdKey(doc.value.id));
     }
     for (const docId of currentDocIds) {
         if (!readDocumentIds.has(docId) && !writtenDocKeys.has(docId)) {

package/dist/udf/analysis/validator.js

@@ -1,7 +1,7 @@
 import { hexToString, deserializeDeveloperId } from "../../utils/utils";
 import { getFullTableName, parseFullTableName } from "../../tables/interface";
 import { loadConvexModule } from "../module-loader/module-loader";
-import { isMissingSchemaModuleError } from "../../kernel/schema-service";
+import { isMissingSchemaModuleError } from "../../kernel/missing-schema-error";
 export class ValidatorError extends Error {
     path;
     constructor(message, path = "") {

package/dist/udf/execution-adapter.d.ts

@@ -42,7 +42,7 @@ export declare class UdfExecutionAdapter {
      * @param requestId - Optional request ID for tracing
      * @returns UDF execution result
      */
-    executeUdf(path: string, jsonArgs: JsonArgs, type: "query" | "mutation" | "action", auth?: AuthContext | UserIdentityAttributes, componentPath?: string, requestId?: string): Promise<UdfResult>;
+    executeUdf(path: string, jsonArgs: JsonArgs, type: "query" | "mutation" | "action", auth?: AuthContext | UserIdentityAttributes, componentPath?: string, requestId?: string, snapshotTimestamp?: bigint): Promise<UdfResult>;
 }
 /**
  * Factory function to create a client-side adapter (for HTTP/WebSocket requests)

package/dist/udf/execution-adapter.js

@@ -58,7 +58,7 @@ export class UdfExecutionAdapter {
      * @param requestId - Optional request ID for tracing
      * @returns UDF execution result
      */
-    async executeUdf(path, jsonArgs, type, auth, componentPath, requestId) {
+    async executeUdf(path, jsonArgs, type, auth, componentPath, requestId, snapshotTimestamp) {
         // Step 1: Convert args with type safety
         const convexArgs = convertClientArgs(jsonArgs);
         const target = normalizeExecutionTarget(path, componentPath);
@@ -104,7 +104,7 @@ export class UdfExecutionAdapter {
             const executeWithContext = this.callType === "client" ? runAsClientCall : runAsServerCall;
             // Step 4: Execute with all context properly set
             return executeWithContext(async () => {
-                return await this.executor.execute(target.path, convexArgs, type, authContext ?? userIdentity, normalizeComponentPath(target.componentPath), requestId);
+                return await this.executor.execute(target.path, convexArgs, type, authContext ?? userIdentity, normalizeComponentPath(target.componentPath), requestId, snapshotTimestamp);
             });
         });
     }

package/dist/udf/executor/inline.d.ts

@@ -1,7 +1,7 @@
 import type { UserIdentityAttributes } from "convex/server";
 import type { DocStore } from "../../docstore";
 import type { BlobStore } from "../../abstractions";
-import { type UdfResult } from "..";
+import { type UdfResult } from "../runtime/udf-setup";
 import type { AuthContext } from "../../sync/protocol-handler";
 import type { UdfExec } from "./interface";
 import { type ModuleRegistry } from "../module-loader/module-loader";
@@ -22,7 +22,7 @@ export declare class InlineUdfExecutor implements UdfExec {
     private moduleRegistry?;
     private readonly logSink?;
     constructor(options: InlineUdfExecutorOptions);
-    execute(functionPath: string, args: Record<string, any>, udfType: "query" | "mutation" | "action", auth?: AuthContext | UserIdentityAttributes, componentPath?: string, requestId?: string): Promise<UdfResult>;
+    execute(functionPath: string, args: Record<string, any>, udfType: "query" | "mutation" | "action", auth?: AuthContext | UserIdentityAttributes, componentPath?: string, requestId?: string, snapshotTimestamp?: bigint): Promise<UdfResult>;
     executeHttp(request: Request, auth?: AuthContext | UserIdentityAttributes, requestId?: string): Promise<Response>;
     setModuleRegistry(moduleRegistry?: ModuleRegistry): void;
     protected loadModule(moduleName: string, componentPath?: string): Promise<any>;

package/dist/udf/executor/inline.js

@@ -1,12 +1,16 @@
 import { convexToJson } from "convex/values";
-import { runUdfQuery, runUdfMutation, runUdfAction, runUdfHttpAction, loadConvexModule, validateValidator, ValidatorError, getCallContext, } from "..";
+import { runUdfQuery, runUdfMutation, runUdfAction, runUdfHttpAction, } from "../runtime/udf-setup";
+import { loadConvexModule } from "../module-loader/module-loader";
+import { validateValidator, ValidatorError } from "../analysis/validator";
+import { getCallContext } from "../module-loader/call-context";
 import { InternalFunctionAccessError } from "../../errors";
 import { withModuleRegistry } from "../module-loader/module-loader";
 import { pushExecutionLog } from "../../system/execution-log";
+import { randomUuid } from "../../utils/crypto";
 let inlineRequestCounter = 0;
 function defaultRequestId(udfType, functionPath) {
     inlineRequestCounter += 1;
-    return `${udfType}:${functionPath}:${Date.now()}:${inlineRequestCounter}:${crypto.randomUUID()}`;
+    return `${udfType}:${functionPath}:${Date.now()}:${inlineRequestCounter}:${randomUuid()}`;
 }
 export class InlineUdfExecutor {
     docstore;
@@ -21,7 +25,7 @@ export class InlineUdfExecutor {
         this.moduleRegistry = options.moduleRegistry;
         this.logSink = options.logSink;
     }
-    async execute(functionPath, args, udfType, auth, componentPath, requestId) {
+    async execute(functionPath, args, udfType, auth, componentPath, requestId, snapshotTimestamp) {
         const [moduleName, functionName] = this.parseUdfPath(functionPath);
         const finalRequestId = requestId ?? this.requestIdFactory(udfType, functionPath);
         // Skip logging for system functions to avoid recursion
@@ -47,7 +51,7 @@ export class InlineUdfExecutor {
         const runWithType = () => {
             switch (udfType) {
                 case "query":
-                    return runUdfQuery(this.docstore, runUdf, auth, this.blobstore, finalRequestId, this, componentPath);
+                    return runUdfQuery(this.docstore, runUdf, auth, this.blobstore, finalRequestId, this, componentPath, snapshotTimestamp);
                 case "mutation":
                     return runUdfMutation(this.docstore, runUdf, auth, this.blobstore, finalRequestId, this, componentPath);
                 case "action":
@@ -106,7 +110,7 @@ export class InlineUdfExecutor {
     async executeHttp(request, auth, requestId) {
         const url = new URL(request.url);
         const runHttpUdf = async () => {
-            const httpModule = await this.loadModule("http", request.url);
+            const httpModule = await this.loadModule("http");
             const router = httpModule?.default;
             if (!router?.isRouter || typeof router.lookup !== "function") {
                 throw new Error("convex/http.ts must export a default httpRouter()");

package/dist/udf/executor/interface.d.ts

@@ -3,6 +3,6 @@ import type { AuthContext } from "../../sync/protocol-handler";
 import type { UserIdentityAttributes } from "convex/server";
 export type { UdfResult };
 export interface UdfExec {
-    execute(path: string, args: Record<string, unknown>, type: "query" | "mutation" | "action", auth?: AuthContext | UserIdentityAttributes, componentPath?: string, requestId?: string): Promise<UdfResult>;
+    execute(path: string, args: Record<string, unknown>, type: "query" | "mutation" | "action", auth?: AuthContext | UserIdentityAttributes, componentPath?: string, requestId?: string, snapshotTimestamp?: bigint): Promise<UdfResult>;
     executeHttp(request: Request, auth?: AuthContext | UserIdentityAttributes, requestId?: string): Promise<Response>;
 }

package/dist/udf/module-loader/call-context.d.ts

@@ -1,11 +1,10 @@
 /**
  * Call context tracking for UDF execution.
  *
- * This module provides AsyncLocalStorage-based tracking of whether a function
- * is being called from a client (HTTP request) or from another server function.
- * This is used to enforce that internal functions can only be called from server.
+ * This module tracks whether a function is being called from a client
+ * (HTTP request) or from another server function.
  */
-import { AsyncLocalStorage } from "node:async_hooks";
+import { ContextStorage } from "../../kernel/context-storage";
 export type CallContext = {
     /**
      * Where the call originated from:
@@ -20,9 +19,9 @@ export type CallContext = {
 };
 /**
  * Use a Symbol.for singleton so separately bundled copies of this module
- * share the same AsyncLocalStorage instance.
+ * share the same context storage instance.
  */
-export declare const callContext: AsyncLocalStorage<CallContext>;
+export declare const callContext: ContextStorage<CallContext>;
 /**
  * Get the current call context
  */

package/dist/udf/module-loader/call-context.js

@@ -1,21 +1,17 @@
 /**
  * Call context tracking for UDF execution.
  *
- * This module provides AsyncLocalStorage-based tracking of whether a function
- * is being called from a client (HTTP request) or from another server function.
- * This is used to enforce that internal functions can only be called from server.
- */
-import { AsyncLocalStorage } from "node:async_hooks";
-/**
- * AsyncLocalStorage for call context
+ * This module tracks whether a function is being called from a client
+ * (HTTP request) or from another server function.
  */
+import { ContextStorage } from "../../kernel/context-storage";
 const CALL_CONTEXT_SYMBOL = Symbol.for("@concavejs/core/call-context");
 const globalCallContext = globalThis;
 /**
  * Use a Symbol.for singleton so separately bundled copies of this module
- * share the same AsyncLocalStorage instance.
+ * share the same context storage instance.
  */
-export const callContext = globalCallContext[CALL_CONTEXT_SYMBOL] ?? new AsyncLocalStorage();
+export const callContext = globalCallContext[CALL_CONTEXT_SYMBOL] ?? new ContextStorage();
 if (!globalCallContext[CALL_CONTEXT_SYMBOL]) {
     globalCallContext[CALL_CONTEXT_SYMBOL] = callContext;
 }

package/dist/udf/module-loader/module-loader.js

@@ -1,8 +1,27 @@
-import { getSystemFunctionsModule } from "../../system/system-functions-module";
-import { AsyncLocalStorage } from "node:async_hooks";
+import { ContextStorage } from "../../kernel/context-storage";
 const MODULE_STATE_SYMBOL = Symbol.for("concave.moduleLoader.state");
 const MODULE_LOADER_METADATA_SYMBOL = Symbol.for("concave.moduleLoader.metadata");
-const MODULE_REGISTRY_CONTEXT = new AsyncLocalStorage();
+const MODULE_REGISTRY_CONTEXT = new ContextStorage();
+const SYSTEM_FUNCTIONS_MODULE_PATH = "../../system/system-functions-module.js";
+let builtInSystemFunctionsModulePromise;
+let browserConvexFunctionsAllowed = false;
+function allowConvexFunctionsInBrowser() {
+    if (browserConvexFunctionsAllowed) {
+        return;
+    }
+    browserConvexFunctionsAllowed = true;
+    const globalAny = globalThis;
+    if (globalAny.window && typeof globalAny.window === "object") {
+        globalAny.window.__convexAllowFunctionsInBrowser = true;
+    }
+}
+async function getBuiltInSystemFunctionsModule() {
+    if (!builtInSystemFunctionsModulePromise) {
+        allowConvexFunctionsInBrowser();
+        builtInSystemFunctionsModulePromise = import("../../system/system-functions-module.js").then((mod) => mod.getSystemFunctionsModule());
+    }
+    return builtInSystemFunctionsModulePromise;
+}
 class ModuleRegistry {
     scopedLoaders = new Map();
     constructor(defaults = []) {
@@ -55,6 +74,7 @@ class ModuleRegistry {
         };
     }
     async load(request) {
+        allowConvexFunctionsInBrowser();
         const scopes = expandComponentScopes(request.componentPath);
         const errors = [];
         let attempted = false;
@@ -160,6 +180,8 @@ function getModuleState() {
 export function resetModuleState() {
     const globalAny = globalThis;
     delete globalAny[MODULE_STATE_SYMBOL];
+    builtInSystemFunctionsModulePromise = undefined;
+    browserConvexFunctionsAllowed = false;
 }
 export function getModuleRegistry() {
     return MODULE_REGISTRY_CONTEXT.getStore() ?? getModuleState().registry;
@@ -206,7 +228,7 @@ export async function loadConvexModule(specifier, options = {}) {
         catch (error) {
             // Fallback to built-in system functions when the project hasn't provided its own module.
             if (error?.message?.includes("Unable to resolve")) {
-                return getSystemFunctionsModule();
+                return await getBuiltInSystemFunctionsModule();
             }
             throw error;
         }

package/dist/udf/runtime/udf-rand.js

@@ -53,7 +53,7 @@ function udfCryptoRandomUUID(sfc32) {
 }
 function udfCryptoGetRandomValues(sfc32) {
     return (array) => {
-        const bytes = new Uint8Array(array.buffer);
+        const bytes = new Uint8Array(array.buffer, array.byteOffset, array.byteLength);
         for (let i = 0; i < bytes.length; i++) {
             bytes[i] = Math.floor(sfc32() * 256);
         }