@concavejs/runtime-cf-base 0.0.1-alpha.10

package/dist/http/http-api.js

@@ -0,0 +1,399 @@
+import { ConcaveStubExecutor } from "../udf/executor/do-client-executor";
+import { createClientAdapter } from "@concavejs/core/udf/execution-adapter";
+import { loadConvexModule } from "@concavejs/core/udf";
+import { writtenTablesFromRanges } from "@concavejs/core/utils";
+import { applyCors, computeCorsHeaders, handleCoreHttpApiRequest, resolveAuthContext } from "@concavejs/core/http";
+import { AdminAuthError, JWTValidationError, createTenantAuthResolverFromEnv, AuthConfigService, } from "@concavejs/core/auth";
+import { InternalFunctionAccessError } from "@concavejs/core/errors";
+// Module-level cached auth.config.ts providers. The AuthConfigService
+// lazy-loads and caches internally; we keep a single instance so warm
+// worker invocations reuse the result.
+let _cachedAuthConfigProviders = null;
+let _authConfigLoadPromise = null;
+async function getCachedAuthConfigProviders() {
+    if (_cachedAuthConfigProviders !== null) {
+        return _cachedAuthConfigProviders;
+    }
+    if (!_authConfigLoadPromise) {
+        _authConfigLoadPromise = new AuthConfigService()
+            .getProviders()
+            .then((providers) => {
+            _cachedAuthConfigProviders = providers;
+            return providers;
+        })
+            .catch(() => {
+            _cachedAuthConfigProviders = [];
+            return [];
+        });
+    }
+    return _authConfigLoadPromise;
+}
+const VERSIONED_API_PREFIX = /^\/api\/\d+\.\d+(?:\.\d+)?(?=\/|$)/;
+function stripApiVersionPrefix(pathname) {
+    return pathname.replace(VERSIONED_API_PREFIX, "/api");
+}
+function isReservedApiPath(pathname) {
+    const normalizedPath = stripApiVersionPrefix(pathname);
+    if (normalizedPath === "/api/execute" ||
+        normalizedPath === "/api/sync" ||
+        normalizedPath === "/api/reset-test-state" ||
+        normalizedPath === "/api/query" ||
+        normalizedPath === "/api/query_ts" ||
+        normalizedPath === "/api/query_at_ts" ||
+        normalizedPath === "/api/mutation" ||
+        normalizedPath === "/api/action") {
+        return true;
+    }
+    if (normalizedPath === "/api/storage" || normalizedPath.startsWith("/api/storage/")) {
+        return true;
+    }
+    if (normalizedPath === "/api/http" || normalizedPath.startsWith("/api/http/")) {
+        return true;
+    }
+    if (normalizedPath === "/api/run" || normalizedPath.startsWith("/api/run/")) {
+        return true;
+    }
+    return false;
+}
+function shouldForwardApiPath(pathname) {
+    if (!pathname.startsWith("/api/")) {
+        return false;
+    }
+    return !isReservedApiPath(pathname);
+}
+function arrayBufferToBase64(buffer) {
+    const bytes = new Uint8Array(buffer);
+    const chunkSize = 0x8000;
+    let binary = "";
+    for (let offset = 0; offset < bytes.length; offset += chunkSize) {
+        const chunk = bytes.subarray(offset, Math.min(offset + chunkSize, bytes.length));
+        binary += String.fromCharCode(...chunk);
+    }
+    return btoa(binary);
+}
+function base64ToArrayBuffer(base64) {
+    const binary = atob(base64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes.buffer;
+}
+/**
+ * Create a storage adapter that routes through the ConcaveDO's storage syscall handler.
+ * This ensures storage operations are properly isolated within the DO.
+ */
+function createStorageAdapter(concaveDO) {
+    return {
+        store: async (blob) => {
+            const buffer = await blob.arrayBuffer();
+            const base64 = arrayBufferToBase64(buffer);
+            const response = await concaveDO.fetch("http://do/storage", {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify({
+                    method: "store",
+                    args: [{ __arrayBuffer: base64 }, { contentType: blob.type }],
+                }),
+            });
+            if (!response.ok) {
+                const error = await response.json();
+                throw new Error(error?.error?.message ?? "Storage store failed");
+            }
+            const result = await response.json();
+            return {
+                storageId: result.result.storageId,
+                writtenRanges: [],
+                writtenTables: ["_storage"],
+            };
+        },
+        get: async (storageId) => {
+            const response = await concaveDO.fetch("http://do/storage", {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify({
+                    method: "get",
+                    args: [storageId],
+                }),
+            });
+            if (!response.ok) {
+                const error = await response.json();
+                throw new Error(error?.error?.message ?? "Storage get failed");
+            }
+            const result = await response.json();
+            if (!result.result || !result.result.__arrayBuffer) {
+                return { blob: null };
+            }
+            const buffer = base64ToArrayBuffer(result.result.__arrayBuffer);
+            return { blob: new Blob([buffer]) };
+        },
+    };
+}
+function createNotifyWrites(env, syncDoNames, ctx, logicalInstance, projectId, dispatchSyncWrites) {
+    return async (writtenRanges, writtenTables, commitTimestamp) => {
+        if (!writtenRanges?.length && !writtenTables?.length) {
+            return;
+        }
+        const payload = {
+            logicalInstance,
+            projectId,
+            syncTargets: syncDoNames,
+            writtenRanges,
+            writtenTables: writtenTables ?? writtenTablesFromRanges(writtenRanges),
+            commitTimestamp: commitTimestamp ? commitTimestamp.toString() : undefined,
+        };
+        if (dispatchSyncWrites) {
+            ctx.waitUntil(dispatchSyncWrites(payload).catch((error) => {
+                console.warn("[notifyWrites] Custom sync write dispatch failed", error);
+            }));
+            return;
+        }
+        if (isQueueLike(env.SYNC_NOTIFY_QUEUE)) {
+            ctx.waitUntil(env.SYNC_NOTIFY_QUEUE.send(payload).catch((error) => {
+                console.warn("[notifyWrites] Queue-based sync write dispatch failed", error);
+            }));
+            return;
+        }
+        const doPayload = {
+            writtenRanges,
+            writtenTables: writtenTables ?? writtenTablesFromRanges(writtenRanges),
+            commitTimestamp: commitTimestamp ? commitTimestamp.toString() : undefined,
+        };
+        for (const syncDoName of syncDoNames) {
+            const syncDoId = env.SYNC_DO.idFromName(syncDoName);
+            const syncDo = env.SYNC_DO.get(syncDoId);
+            const headers = {
+                "Content-Type": "application/json",
+                "X-Concave-Instance": logicalInstance,
+            };
+            if (projectId) {
+                headers["X-Concave-Project-Id"] = projectId;
+            }
+            ctx.waitUntil(syncDo
+                .fetch("http://do/notify", {
+                method: "POST",
+                headers,
+                body: JSON.stringify(doPayload),
+            })
+                .catch((error) => {
+                console.warn("[notifyWrites] Direct SyncDO notify failed", error);
+            }));
+        }
+    };
+}
+function isQueueLike(value) {
+    if (!value || typeof value !== "object") {
+        return false;
+    }
+    const candidate = value;
+    return typeof candidate.send === "function";
+}
+export async function handleHttpApiRequest(request, env, ctx, instance = "singleton", routingTargets) {
+    const corsHeaders = computeCorsHeaders(request);
+    const apply = (response) => applyCors(response, corsHeaders);
+    const url = new URL(request.url);
+    const pathParts = url.pathname.slice(1).split("/");
+    if (pathParts[0] !== "api") {
+        return apply(new Response("Not found", { status: 404 }));
+    }
+    const logicalInstance = instance;
+    const concaveDoName = normalizeDoName(routingTargets?.concaveDoName ?? routingTargets?.concaveTargetName, logicalInstance);
+    const syncDoNames = normalizeSyncDoNames(routingTargets?.syncDoNames ?? routingTargets?.syncTargetNames, logicalInstance);
+    const projectId = request.headers.get("X-Concave-Project-Id") ?? undefined;
+    const authResolver = createTenantAuthResolverFromEnv(env, projectId);
+    // Wire auth.config.ts JWT providers into the resolver (non-blocking best-effort)
+    try {
+        const jwtProviders = await getCachedAuthConfigProviders();
+        if (jwtProviders.length > 0 && "updateJwtProviders" in authResolver) {
+            authResolver.updateJwtProviders(jwtProviders);
+        }
+    }
+    catch {
+        // auth.config.ts not available — proceed with env-only config
+    }
+    console.log(`[handleHttpApiRequest] logicalInstance=${logicalInstance} concaveDo=${concaveDoName} syncTargets=${syncDoNames.join(",")}`);
+    const concaveId = env.CONCAVE_DO.idFromName(concaveDoName);
+    const concaveRaw = env.CONCAVE_DO.get(concaveId);
+    const concave = wrapConcaveStub(concaveRaw, logicalInstance, projectId);
+    const executor = new ConcaveStubExecutor(concave);
+    const adapter = createClientAdapter(executor);
+    const notifyWrites = createNotifyWrites(env, syncDoNames, ctx, logicalInstance, projectId, routingTargets?.dispatchSyncWrites);
+    // Route storage operations through the DO's storage syscall handler
+    const storageAdapter = createStorageAdapter(concave);
+    const authHeader = request.headers.get("Authorization");
+    const headerToken = authHeader?.replace(/^Bearer\s+/i, "").trim() || undefined;
+    const headerIdentity = undefined;
+    // Note: Internal function access control is now handled by core executor (fail-closed)
+    const coreResult = await handleCoreHttpApiRequest(request, {
+        executeFunction: async ({ type, path, args, auth, componentPath, snapshotTimestamp }) => adapter.executeUdf(path, args, type, auth, componentPath, undefined, snapshotTimestamp),
+        notifyWrites,
+        storage: storageAdapter,
+        corsHeaders,
+        authResolver,
+        getSnapshotTimestamp: async () => {
+            try {
+                const response = await concave.fetch("http://do/query_ts", {
+                    method: "POST",
+                });
+                if (!response.ok) {
+                    throw new Error(`query_ts failed with status ${response.status}`);
+                }
+                const body = (await response.json());
+                if (typeof body.ts !== "string" || !/^\d+$/.test(body.ts)) {
+                    throw new Error("Invalid query_ts response");
+                }
+                return BigInt(body.ts);
+            }
+            catch {
+                return BigInt(Date.now());
+            }
+        },
+    });
+    if (coreResult?.handled) {
+        return coreResult.response;
+    }
+    // Handle /api/http/*
+    if (pathParts.length >= 2 && pathParts[1] === "http") {
+        const forwardUrl = new URL(request.url);
+        const forwardedRequest = new Request(forwardUrl.toString(), request);
+        const response = await concave.fetch(forwardedRequest);
+        return apply(response);
+    }
+    // Handle /api/run/{functionIdentifier}
+    if (pathParts.length > 2 && pathParts[1] === "run") {
+        const functionIdentifier = pathParts.slice(2).join("/");
+        const udfPath = functionIdentifier.replace(/\//g, ":");
+        let bodyArgs = {};
+        if (request.headers.get("Content-Type")?.includes("application/json") && request.body) {
+            try {
+                const body = await request.clone().json();
+                if (body.args && typeof body.args === "object") {
+                    bodyArgs = body.args;
+                }
+            }
+            catch (_error) {
+                // Ignore parse errors
+            }
+        }
+        const queryArgs = {};
+        for (const [key, value] of url.searchParams.entries()) {
+            try {
+                queryArgs[key] = JSON.parse(value);
+            }
+            catch {
+                queryArgs[key] = value;
+            }
+        }
+        const mergedArgs = { ...queryArgs, ...bodyArgs };
+        let authForExecution;
+        try {
+            authForExecution = await resolveAuthContext(undefined, headerToken, headerIdentity, authResolver);
+        }
+        catch (error) {
+            if (error instanceof JWTValidationError || error instanceof AdminAuthError) {
+                return apply(Response.json({ error: "Unauthorized" }, { status: 401 }));
+            }
+            throw error;
+        }
+        try {
+            const modulePath = udfPath.split(":")[0];
+            const functionName = udfPath.split(":")[1] ?? "default";
+            const module = await loadConvexModule(modulePath, { hint: "udf" });
+            const func = module[functionName];
+            if (!func) {
+                return apply(new Response(`Function ${udfPath} not found`, { status: 404 }));
+            }
+            // Note: Internal function access control is now handled by core executor (fail-closed)
+            let udfType = null;
+            if (func.isQuery)
+                udfType = "query";
+            else if (func.isMutation)
+                udfType = "mutation";
+            else if (func.isAction)
+                udfType = "action";
+            if (!udfType) {
+                console.error(`Function ${udfPath} is not a valid query, mutation, or action.`);
+                return apply(new Response(`Function ${udfPath} is not a valid query, mutation, or action.`, {
+                    status: 400,
+                }));
+            }
+            const result = await adapter.executeUdf(udfPath, mergedArgs, udfType, authForExecution);
+            if ((udfType === "mutation" || udfType === "action") && result.writtenRanges?.length) {
+                await notifyWrites(result.writtenRanges, writtenTablesFromRanges(result.writtenRanges));
+            }
+            return apply(Response.json({
+                status: "success",
+                value: result.result,
+                logLines: [],
+            }));
+        }
+        catch (error) {
+            // Handle internal function access errors with 403
+            if (error instanceof InternalFunctionAccessError) {
+                return apply(Response.json({
+                    status: "error",
+                    errorMessage: error.message,
+                }, { status: 403 }));
+            }
+            if (typeof error?.message === "string") {
+                const message = error.message.toLowerCase();
+                if (message.includes("module not found") ||
+                    message.includes("failed to load convex module") ||
+                    message.includes("unable to resolve module")) {
+                    return apply(new Response(`Module for function ${udfPath} not found.`, {
+                        status: 404,
+                    }));
+                }
+            }
+            if (error instanceof Response) {
+                return apply(error);
+            }
+            return apply(new Response(`Error determining function type: ${error?.message ?? String(error)}`, {
+                status: 500,
+            }));
+        }
+    }
+    if (shouldForwardApiPath(url.pathname)) {
+        const forwardUrl = new URL(request.url);
+        forwardUrl.pathname = stripApiVersionPrefix(forwardUrl.pathname);
+        const forwardedRequest = new Request(forwardUrl.toString(), request);
+        const response = await concave.fetch(forwardedRequest);
+        return apply(response);
+    }
+    return apply(new Response("Not found", { status: 404 }));
+}
+function wrapConcaveStub(stub, logicalInstance, projectId) {
+    return {
+        fetch: async (input, init) => {
+            const headers = new Headers(init?.headers);
+            headers.set("X-Concave-Instance", logicalInstance);
+            if (projectId) {
+                headers.set("X-Concave-Project-Id", projectId);
+            }
+            return stub.fetch(input, {
+                ...init,
+                headers,
+            });
+        },
+    };
+}
+function normalizeDoName(target, fallback) {
+    const trimmed = target?.trim();
+    return trimmed && trimmed.length > 0 ? trimmed : fallback;
+}
+function normalizeSyncDoNames(targets, fallback) {
+    if (targets === undefined) {
+        return [fallback];
+    }
+    if (targets.length === 0) {
+        return [];
+    }
+    const deduped = new Set();
+    for (const target of targets) {
+        const trimmed = target.trim();
+        if (trimmed.length > 0) {
+            deduped.add(trimmed);
+        }
+    }
+    return Array.from(deduped);
+}

package/dist/http/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * HTTP Module
+ *
+ * HTTP API handlers and request processing
+ */
+export * from "./http-api";
+export * from "./dx-http";

package/dist/http/index.js

@@ -0,0 +1,7 @@
+/**
+ * HTTP Module
+ *
+ * HTTP API handlers and request processing
+ */
+export * from "./http-api";
+export * from "./dx-http";

package/dist/index.d.ts

@@ -0,0 +1,18 @@
+export * from "@concavejs/core";
+export type { ConcaveEnv, ConcaveStorageEnv, ConcaveD1Env } from "./env";
+export { UdfExecutorRpc } from "./worker/udf-worker";
+export { createConcaveWorker, resolveNamespaceBinding, createScopedNamespace, type ConcaveWorkerOptions, type ConcaveWorkerBindings, type ConcaveWorker, type ConcaveWorkerRouteContext, type ConcaveWorkerRouteTargets, } from "./worker/create-concave-worker";
+export { DEFAULT_INSTANCE_KEY, DEFAULT_INSTANCE_VALUE, DEFAULT_INSTANCE_COOKIE_PATH, resolveInstanceFromRequest, maybeAttachInstanceCookie, readCookieValue, buildInstanceCookie, type InstanceResolution, type InstanceResolutionOptions, type InstanceCookieOptions, } from "./routing/instance";
+export { createCfSyncTopologyRuntime, buildPooledInstanceName as buildSyncPooledInstanceName, parseNodeIds as parseSyncNodeIds, parseNodeIdsByRegion as parseSyncNodeIdsByRegion, normalizeTargetList as normalizeSyncTargetList, type CfSyncTopologyConfig, type BuildShardMapFromReportsOptions as SyncBuildShardMapFromReportsOptions, type ResolveSyncFanoutDoNamesAsyncOptions, type CreateCfSyncTopologyRuntimeOptions, type CfSyncTopologyRuntime, } from "./routing/sync-topology";
+export { UdfExecInline } from "./udf/executor/inline-executor";
+export { UdfExecIsolated } from "./udf/executor/isolated-executor";
+export { ConcaveDOBase, type ConcaveDOConfig, type ConcaveDOAdapterContext, type ConcaveDOExecutorContext, } from "./durable-objects/concave-do-base";
+export { createDocStoreProxy, createBlobStoreProxy, createGatewayDocStoreProxy, createGatewayBlobStoreProxy, } from "./rpc";
+export { CFWebSocketAdapter } from "./adapters/cf-websocket-adapter";
+export { CFWebSocketAdapter as SyncWebSocketAdapter } from "./sync/cf-websocket-adapter";
+export { ConcaveDOUdfExecutor } from "./sync/concave-do-udf-executor";
+export { SHIM_SOURCE } from "./udf/executor/shim-content";
+export { DODocStore } from "@concavejs/docstore-cf-do";
+export { D1DocStore } from "@concavejs/docstore-cf-d1";
+export { HyperdriveDocStore } from "@concavejs/docstore-cf-hyperdrive";
+export { R2BlobStore } from "@concavejs/blobstore-cf-r2";

package/dist/index.js

@@ -0,0 +1,27 @@
+// Re-export core functionality
+export * from "@concavejs/core";
+// Export Cloudflare Workers utilities
+export { UdfExecutorRpc } from "./worker/udf-worker";
+export { createConcaveWorker, resolveNamespaceBinding, createScopedNamespace, } from "./worker/create-concave-worker";
+// Export instance routing helpers
+export { DEFAULT_INSTANCE_KEY, DEFAULT_INSTANCE_VALUE, DEFAULT_INSTANCE_COOKIE_PATH, resolveInstanceFromRequest, maybeAttachInstanceCookie, readCookieValue, buildInstanceCookie, } from "./routing/instance";
+export { createCfSyncTopologyRuntime, buildPooledInstanceName as buildSyncPooledInstanceName, parseNodeIds as parseSyncNodeIds, parseNodeIdsByRegion as parseSyncNodeIdsByRegion, normalizeTargetList as normalizeSyncTargetList, } from "./routing/sync-topology";
+// Export UDF executors
+export { UdfExecInline } from "./udf/executor/inline-executor";
+export { UdfExecIsolated } from "./udf/executor/isolated-executor";
+// Export Durable Object base classes
+export { ConcaveDOBase, } from "./durable-objects/concave-do-base";
+// Export RPC proxy utilities
+export { createDocStoreProxy, createBlobStoreProxy, createGatewayDocStoreProxy, createGatewayBlobStoreProxy, } from "./rpc";
+// Export CF-specific adapters
+export { CFWebSocketAdapter } from "./adapters/cf-websocket-adapter";
+// Export sync protocol adapters
+export { CFWebSocketAdapter as SyncWebSocketAdapter } from "./sync/cf-websocket-adapter";
+export { ConcaveDOUdfExecutor } from "./sync/concave-do-udf-executor";
+// Export embedded shim source
+export { SHIM_SOURCE } from "./udf/executor/shim-content";
+// Export CF-specific DocStore implementations
+export { DODocStore } from "@concavejs/docstore-cf-do";
+export { D1DocStore } from "@concavejs/docstore-cf-d1";
+export { HyperdriveDocStore } from "@concavejs/docstore-cf-hyperdrive";
+export { R2BlobStore } from "@concavejs/blobstore-cf-r2";

package/dist/internal.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Internal exports re-exported from core
+ */
+export * from "@concavejs/core/system/internal";

package/dist/internal.js

@@ -0,0 +1,4 @@
+/**
+ * Internal exports re-exported from core
+ */
+export * from "@concavejs/core/system/internal";

package/dist/routing/instance.d.ts

@@ -0,0 +1,25 @@
+export declare const DEFAULT_INSTANCE_KEY = "x-concave-instance";
+export declare const DEFAULT_INSTANCE_VALUE = "singleton";
+export declare const DEFAULT_INSTANCE_COOKIE_PATH = "/";
+export type InstanceResolutionSource = "query" | "header" | "cookie" | "default";
+export type InstanceResolution = {
+    value: string;
+    source: InstanceResolutionSource;
+    queryValue?: string;
+    headerValue?: string;
+    cookieValue?: string;
+};
+export type InstanceResolutionOptions = {
+    instanceKey?: string;
+    defaultInstance?: string;
+};
+export type InstanceCookieOptions = {
+    path?: string;
+    sameSite?: "Lax" | "Strict" | "None";
+    secure?: boolean;
+    httpOnly?: boolean;
+};
+export declare function resolveInstanceFromRequest(request: Request, options?: InstanceResolutionOptions): InstanceResolution;
+export declare function maybeAttachInstanceCookie(response: Response, request: Request, resolution: InstanceResolution, options?: InstanceResolutionOptions & InstanceCookieOptions): Response;
+export declare function readCookieValue(cookieHeader: string | null, name: string): string | undefined;
+export declare function buildInstanceCookie(request: Request, name: string, value: string, options?: InstanceCookieOptions): string;

package/dist/routing/instance.js

@@ -0,0 +1,101 @@
+// Centralized instance routing rules for HTTP + WS entry points.
+// Precedence: query param -> header -> cookie -> default.
+export const DEFAULT_INSTANCE_KEY = "x-concave-instance";
+export const DEFAULT_INSTANCE_VALUE = "singleton";
+export const DEFAULT_INSTANCE_COOKIE_PATH = "/";
+export function resolveInstanceFromRequest(request, options = {}) {
+    const instanceKey = options.instanceKey ?? DEFAULT_INSTANCE_KEY;
+    const defaultInstance = options.defaultInstance ?? DEFAULT_INSTANCE_VALUE;
+    const url = new URL(request.url);
+    const queryValue = url.searchParams.get(instanceKey) ?? undefined;
+    if (queryValue) {
+        return {
+            value: queryValue,
+            source: "query",
+            queryValue,
+            headerValue: request.headers.get(instanceKey) ?? undefined,
+            cookieValue: readCookieValue(request.headers.get("Cookie"), instanceKey),
+        };
+    }
+    const headerValue = request.headers.get(instanceKey) ?? undefined;
+    if (headerValue) {
+        return {
+            value: headerValue,
+            source: "header",
+            queryValue: undefined,
+            headerValue,
+            cookieValue: readCookieValue(request.headers.get("Cookie"), instanceKey),
+        };
+    }
+    const cookieValue = readCookieValue(request.headers.get("Cookie"), instanceKey);
+    if (cookieValue) {
+        return {
+            value: cookieValue,
+            source: "cookie",
+            queryValue: undefined,
+            headerValue: undefined,
+            cookieValue,
+        };
+    }
+    return {
+        value: defaultInstance,
+        source: "default",
+    };
+}
+export function maybeAttachInstanceCookie(response, request, resolution, options = {}) {
+    // Only persist explicit instance selections (query/header) into cookies.
+    if (resolution.source !== "query" && resolution.source !== "header") {
+        return response;
+    }
+    const instanceKey = options.instanceKey ?? DEFAULT_INSTANCE_KEY;
+    const existingCookie = readCookieValue(request.headers.get("Cookie"), instanceKey);
+    if (existingCookie === resolution.value) {
+        return response;
+    }
+    const headers = new Headers(response.headers);
+    const cookie = buildInstanceCookie(request, instanceKey, resolution.value, options);
+    headers.append("Set-Cookie", cookie);
+    const webSocket = response.webSocket;
+    return new Response(response.body, {
+        status: response.status,
+        statusText: response.statusText,
+        headers,
+        ...(webSocket ? { webSocket } : {}),
+    });
+}
+export function readCookieValue(cookieHeader, name) {
+    if (!cookieHeader) {
+        return undefined;
+    }
+    const target = name.toLowerCase();
+    const entries = cookieHeader.split(";").map((part) => part.trim());
+    for (const entry of entries) {
+        if (!entry) {
+            continue;
+        }
+        const equals = entry.indexOf("=");
+        if (equals === -1) {
+            continue;
+        }
+        const key = entry.slice(0, equals).trim().toLowerCase();
+        if (key !== target) {
+            continue;
+        }
+        return decodeURIComponent(entry.slice(equals + 1).trim());
+    }
+    return undefined;
+}
+export function buildInstanceCookie(request, name, value, options = {}) {
+    const path = options.path ?? DEFAULT_INSTANCE_COOKIE_PATH;
+    const sameSite = options.sameSite ?? "Lax";
+    const secure = options.secure ?? new URL(request.url).protocol === "https:";
+    const httpOnly = options.httpOnly ?? true;
+    const parts = [`${name}=${encodeURIComponent(value)}`, `Path=${path}`, `SameSite=${sameSite}`];
+    if (secure) {
+        parts.push("Secure");
+    }
+    if (httpOnly) {
+        parts.push("HttpOnly");
+    }
+    return parts.join("; ");
+}

package/dist/routing/sync-topology.d.ts

@@ -0,0 +1,40 @@
+import type { ConcaveWorkerRouteContext, ConcaveWorkerRouteTargets } from "../worker/create-concave-worker";
+import { type BuildShardMapFromReportsOptions as SharedBuildShardMapFromReportsOptions, type SyncShardMap, type SyncTopologyConfig } from "@concavejs/runtime-base";
+export interface CfSyncTopologyConfig extends SyncTopologyConfig {
+    syncAffinityKey: string;
+    regionKey: string;
+    regionByColo: Record<string, string>;
+    useColoAsRegion: boolean;
+}
+export interface BuildShardMapFromReportsOptions extends Omit<SharedBuildShardMapFromReportsOptions, "config"> {
+    logicalInstance: string;
+    env: Record<string, unknown>;
+}
+export interface ResolveSyncFanoutDoNamesAsyncOptions {
+    request?: Request;
+    projectId?: string;
+}
+export interface CreateCfSyncTopologyRuntimeOptions {
+    logPrefix?: string;
+    projectHeaderName?: string;
+    coordinatorBindingName?: string;
+    shardMapKvBindingName?: string;
+    resolveProjectId?: (request: Request, env: Record<string, unknown>) => string | undefined;
+    buildCoordinatorDoName: (logicalInstance: string, projectId?: string) => string;
+    buildShardMapKvKey: (logicalInstance: string, projectId?: string) => string;
+    buildShardMapCacheKey?: (logicalInstance: string, projectId?: string) => string;
+}
+export interface CfSyncTopologyRuntime {
+    resolveRouteTargets(context: ConcaveWorkerRouteContext): Promise<ConcaveWorkerRouteTargets>;
+    resolveSyncFanoutDoNames(logicalInstance: string, env: Record<string, unknown>): string[];
+    resolveSyncFanoutDoNamesAsync(logicalInstance: string, env: Record<string, unknown>, options?: ResolveSyncFanoutDoNamesAsyncOptions): Promise<string[]>;
+    resolveStaticSyncShardMap(logicalInstance: string, env: Record<string, unknown>, nowMs?: number): SyncShardMap;
+    buildShardMapFromReports(options: BuildShardMapFromReportsOptions): SyncShardMap;
+    resolveTopologyConfig(env: Record<string, unknown>): CfSyncTopologyConfig;
+    resolveRequestRegion(request: Request, env: Record<string, unknown>): string;
+}
+export declare function createCfSyncTopologyRuntime(options: CreateCfSyncTopologyRuntimeOptions): CfSyncTopologyRuntime;
+export declare function buildPooledInstanceName(logicalInstance: string, poolKind: "sync" | "udf", nodeId: string): string;
+export declare function parseNodeIds(raw: unknown): string[];
+export declare function parseNodeIdsByRegion(raw: unknown): Record<string, string[]>;
+export declare function normalizeTargetList(targets: string[] | undefined): string[];