@edge-base/server 0.2.3 → 0.2.5

package/src/lib/table-hook-runtime.ts

@@ -0,0 +1,62 @@
+import type { EdgeBaseConfig, HookCtx } from '@edge-base/shared';
+import { ensureAuthSchema } from './auth-d1.js';
+import { resolveAuthDb, type AuthDb } from './auth-db-adapter.js';
+import { sendToDatabaseLiveDO } from './database-live-emitter.js';
+import { createPushProvider } from './push-provider.js';
+import { getDevicesForUser } from './push-token.js';
+import type { Env } from '../types.js';
+
+type PushTokenStore = KVNamespace | { kv: KVNamespace; authDb?: AuthDb | null };
+
+async function resolvePushTokenStore(env: Env): Promise<PushTokenStore | null> {
+  if (!env.KV) {
+    return null;
+  }
+
+  try {
+    const authDb = resolveAuthDb(env as unknown as Record<string, unknown>);
+    await ensureAuthSchema(authDb);
+    return { kv: env.KV, authDb };
+  } catch {
+    return env.KV;
+  }
+}
+
+export function buildTableHookRuntimeServices(
+  config: EdgeBaseConfig,
+  env: Env,
+): Pick<HookCtx, 'databaseLive' | 'push'> {
+  return {
+    databaseLive: {
+      async broadcast(channel: string, event: string, data: unknown): Promise<void> {
+        await sendToDatabaseLiveDO(
+          env,
+          { channel, event, payload: data ?? {} },
+          '/internal/broadcast',
+        );
+      },
+    },
+    push: {
+      async send(userId: string, payload: { title?: string; body: string }): Promise<void> {
+        try {
+          const tokenStore = await resolvePushTokenStore(env);
+          if (!tokenStore) return;
+
+          const provider = createPushProvider(config.push, env);
+          if (!provider) return;
+
+          const devices = await getDevicesForUser(tokenStore, userId);
+          if (devices.length === 0) return;
+
+          await Promise.allSettled(
+            devices.map((device) =>
+              provider.send({ token: device.token, platform: device.platform, payload }),
+            ),
+          );
+        } catch (error) {
+          console.warn('[EdgeBase] table hook push.send failed:', error);
+        }
+      },
+    },
+  };
+}

package/src/routes/admin.ts

@@ -23,7 +23,16 @@ import {
 import { hashPassword, verifyPassword } from '../lib/password.js';
 import { generateId } from '../lib/uuid.js';
 import { validateKey, buildConstraintCtx, extractBearerToken, resolveServiceKeyCandidate } from '../lib/service-key.js';
-import { parseConfig, getDbDoName, getD1BindingName, shouldRouteToD1 } from '../lib/do-router.js';
+import {
+  formatDbTargetValidationIssue,
+  getD1BindingName,
+  getDbDoName,
+  isDynamicDbBlock,
+  normalizeDbInstanceId,
+  parseConfig,
+  resolveDbTarget,
+  shouldRouteToD1,
+} from '../lib/do-router.js';
 import { handleD1Request, d1BatchImport } from '../lib/d1-handler.js';
 import { fetchDOWithRetry } from '../lib/do-retry.js';
 import { dumpNamespaceTables } from '../lib/namespace-dump.js';
@@ -734,19 +743,6 @@ function getTableDO(env: Env, tableName: string, config: ReturnType<typeof parse
   return { stub: env.DATABASE.get(env.DATABASE.idFromName(doName)), doName };
 }
 
-function isDynamicDbBlock(
-  dbBlock: {
-    instance?: boolean;
-    access?: {
-      canCreate?: unknown;
-      access?: unknown;
-    };
-  } | undefined,
-): boolean {
-  if (!dbBlock) return false;
-  return !!(dbBlock.instance || dbBlock.access?.canCreate || dbBlock.access?.access);
-}
-
 function getEffectiveDbProvider(namespace: string, config: ReturnType<typeof parseConfig>): 'do' | 'd1' | 'postgres' | 'neon' {
   const dbBlock = config.databases?.[namespace];
   if (!dbBlock) return 'do';
@@ -763,10 +759,7 @@ function getEffectiveDbProvider(namespace: string, config: ReturnType<typeof par
 }
 
 function getRequestedInstanceId(c: { req: { query: (name: string) => string | undefined } }): string | undefined {
-  const raw = c.req.query('instanceId');
-  if (!raw) return undefined;
-  const trimmed = raw.trim();
-  return trimmed.length > 0 ? trimmed : undefined;
+  return normalizeDbInstanceId(c.req.query('instanceId'));
 }
 
 function validateAdminTableInstanceId(
@@ -774,28 +767,27 @@ function validateAdminTableInstanceId(
   config: ReturnType<typeof parseConfig>,
   instanceId: string | undefined,
 ): Response | null {
-  const dynamic = isDynamicDbBlock(config.databases?.[namespace]);
-  if (!instanceId) {
-    if (dynamic) {
-      return new Response(
-        JSON.stringify({
-          code: 400,
-          message: `instanceId is required for dynamic namespace '${namespace}'`,
-        }),
-        {
-          status: 400,
-          headers: { 'Content-Type': 'application/json' },
-        },
-      );
-    }
+  const target = resolveDbTarget(config, namespace, instanceId);
+  if (target.ok) {
     return null;
   }
-
-  if (instanceId.includes(':')) {
+  if (target.status !== 400) {
+    return new Response(
+      JSON.stringify({
+        code: target.status,
+        message: formatDbTargetValidationIssue(target.issue, namespace),
+      }),
+      {
+        status: target.status,
+        headers: { 'Content-Type': 'application/json' },
+      },
+    );
+  }
+  if (target.issue === 'instance_id_invalid') {
     return new Response(
       JSON.stringify({
         code: 400,
-        message: 'instanceId must not contain \':\'',
+        message: formatDbTargetValidationIssue(target.issue, namespace),
       }),
       {
         status: 400,
@@ -803,8 +795,16 @@ function validateAdminTableInstanceId(
       },
     );
   }
-
-  return null;
+  return new Response(
+    JSON.stringify({
+      code: 400,
+      message: formatDbTargetValidationIssue(target.issue, namespace),
+    }),
+    {
+      status: 400,
+      headers: { 'Content-Type': 'application/json' },
+    },
+  );
 }
 
 async function restoreAdminNamespaceTables(
@@ -974,7 +974,7 @@ api.openapi(adminGetTableRecords, async (c) => {
   const name = c.req.param('name')!;
   const config = parseConfig(c.env);
   const namespace = findNamespaceForTable(name, config);
-  const instanceId = isDynamicDbBlock(config.databases?.[namespace]) ? getRequestedInstanceId(c) : undefined;
+  const instanceId = getRequestedInstanceId(c);
   const instanceError = validateAdminTableInstanceId(namespace, config, instanceId);
   if (instanceError) return instanceError;
 
@@ -1027,7 +1027,7 @@ api.openapi(adminCreateTableRecord, async (c) => {
   const name = c.req.param('name')!;
   const config = parseConfig(c.env);
   const namespace = findNamespaceForTable(name, config);
-  const instanceId = isDynamicDbBlock(config.databases?.[namespace]) ? getRequestedInstanceId(c) : undefined;
+  const instanceId = getRequestedInstanceId(c);
   const instanceError = validateAdminTableInstanceId(namespace, config, instanceId);
   if (instanceError) return instanceError;
 
@@ -1081,7 +1081,7 @@ api.openapi(adminUpdateTableRecord, async (c) => {
   const id = c.req.param('id')!;
   const config = parseConfig(c.env);
   const namespace = findNamespaceForTable(name, config);
-  const instanceId = isDynamicDbBlock(config.databases?.[namespace]) ? getRequestedInstanceId(c) : undefined;
+  const instanceId = getRequestedInstanceId(c);
   const instanceError = validateAdminTableInstanceId(namespace, config, instanceId);
   if (instanceError) return instanceError;
 
@@ -1129,7 +1129,7 @@ api.openapi(adminDeleteTableRecord, async (c) => {
   const id = c.req.param('id')!;
   const config = parseConfig(c.env);
   const namespace = findNamespaceForTable(name, config);
-  const instanceId = isDynamicDbBlock(config.databases?.[namespace]) ? getRequestedInstanceId(c) : undefined;
+  const instanceId = getRequestedInstanceId(c);
   const instanceError = validateAdminTableInstanceId(namespace, config, instanceId);
   if (instanceError) return instanceError;
 

package/src/routes/database-live.ts

@@ -9,7 +9,12 @@ import {
   DATABASE_LIVE_HUB_DO_NAME,
   isDbLiveChannel,
 } from '../lib/database-live-emitter.js';
-import { parseConfig } from '../lib/do-router.js';
+import {
+  formatDbTargetValidationIssue,
+  isDynamicDbBlock,
+  parseConfig,
+  resolveDbTarget,
+} from '../lib/do-router.js';
 import { validateKey, buildConstraintCtx } from '../lib/service-key.js';
 import { getTrustedClientIp } from '../lib/client-ip.js';
 import {
@@ -50,18 +55,107 @@ const dbConnectDiagnosticSchema = z.object({
   maxPending: z.number().optional(),
 });
 
-function resolveDatabaseLiveChannel(query: {
+function resolveStructuredDatabaseLiveChannel(
+  config: ReturnType<typeof parseConfig>,
+  query: {
+    namespace?: string;
+    instanceId?: string;
+    table?: string;
+    docId?: string;
+  },
+): { ok: true; channel: string } | { ok: false; message: string } {
+  if (!query.namespace || !query.table) {
+    return { ok: false, message: 'Database subscription target required' };
+  }
+
+  const target = resolveDbTarget(config, query.namespace, query.instanceId);
+  if (!target.ok) {
+    return {
+      ok: false,
+      message: formatDbTargetValidationIssue(target.issue, query.namespace),
+    };
+  }
+  if (!target.value.dbBlock.tables?.[query.table]) {
+    return {
+      ok: false,
+      message: `Table '${query.table}' not found in database '${query.namespace}'`,
+    };
+  }
+
+  const channel = buildDbLiveChannel(
+    query.namespace,
+    query.table,
+    target.value.instanceId,
+    query.docId,
+  );
+  if (!isDbLiveChannel(channel)) {
+    return { ok: false, message: 'Invalid database subscription target' };
+  }
+
+  return { ok: true, channel };
+}
+
+function resolveDatabaseLiveChannel(
+  config: ReturnType<typeof parseConfig>,
+  query: {
   channel?: string;
   namespace?: string;
   instanceId?: string;
   table?: string;
   docId?: string;
-}): string | null {
+}): { ok: true; channel: string } | { ok: false; message: string } {
   if (query.channel) {
-    return isDbLiveChannel(query.channel) ? query.channel : null;
+    if (!isDbLiveChannel(query.channel)) {
+      return {
+        ok: false,
+        message: `Database live only supports DB channels: ${query.channel}`,
+      };
+    }
+
+    const parts = query.channel.split(':');
+    const namespace = parts[1];
+    if (!namespace) {
+      return { ok: false, message: 'Database subscription target required' };
+    }
+
+    const dbBlock = config.databases?.[namespace];
+    if (!dbBlock) {
+      return {
+        ok: false,
+        message: formatDbTargetValidationIssue('namespace_not_found', namespace),
+      };
+    }
+
+    const dynamic = isDynamicDbBlock(dbBlock);
+    if (dynamic && parts.length < 4) {
+      return {
+        ok: false,
+        message: formatDbTargetValidationIssue('instance_id_required', namespace),
+      };
+    }
+    if (!dynamic && parts.length > 4) {
+      return {
+        ok: false,
+        message: formatDbTargetValidationIssue('instance_id_not_allowed', namespace),
+      };
+    }
+
+    const structured = dynamic
+      ? {
+          namespace,
+          instanceId: parts[2],
+          table: parts[3],
+          docId: parts[4],
+        }
+      : {
+          namespace,
+          table: parts[2],
+          docId: parts[3],
+        };
+    return resolveStructuredDatabaseLiveChannel(config, structured);
   }
-  if (!query.namespace || !query.table) return null;
-  return buildDbLiveChannel(query.namespace, query.table, query.instanceId, query.docId);
+
+  return resolveStructuredDatabaseLiveChannel(config, query);
 }
 
 function getPendingKey(ip: string): string {
@@ -85,7 +179,8 @@ const checkDatabaseConnection = createRoute({
 });
 
 databaseLiveRoute.openapi(checkDatabaseConnection, async (c) => {
-  const channel = resolveDatabaseLiveChannel({
+  const config = parseConfig(c.env);
+  const channelResult = resolveDatabaseLiveChannel(config, {
     channel: c.req.query('channel') ?? undefined,
     namespace: c.req.query('namespace') ?? undefined,
     instanceId: c.req.query('instanceId') ?? undefined,
@@ -93,14 +188,15 @@ databaseLiveRoute.openapi(checkDatabaseConnection, async (c) => {
     docId: c.req.query('docId') ?? undefined,
   });
 
-  if (!channel) {
+  if (!channelResult.ok) {
     return c.json({
       ok: false,
       type: 'db_connect_invalid_request',
       category: 'request',
-      message: 'Database subscription target required',
+      message: channelResult.message,
     }, 400);
   }
+  const channel = channelResult.channel;
 
   const ip = getTrustedClientIp(c.env, c.req) ?? 'unknown';
   const kvKey = getPendingKey(ip);
@@ -224,16 +320,18 @@ databaseLiveRoute.openapi(connectDatabaseSubscription, async (c) => {
     return c.json({ code: 400, message: 'Expected WebSocket upgrade' }, 400);
   }
 
-  const channel = resolveDatabaseLiveChannel({
+  const config = parseConfig(c.env);
+  const channelResult = resolveDatabaseLiveChannel(config, {
     channel: c.req.query('channel') ?? undefined,
     namespace: c.req.query('namespace') ?? undefined,
     instanceId: c.req.query('instanceId') ?? undefined,
     table: c.req.query('table') ?? undefined,
     docId: c.req.query('docId') ?? undefined,
   });
-  if (!channel) {
-    return c.json({ code: 400, message: 'Database subscription target required' }, 400);
+  if (!channelResult.ok) {
+    return c.json({ code: 400, message: channelResult.message }, 400);
   }
+  const channel = channelResult.channel;
 
   const ip = getTrustedClientIp(c.env, c.req) ?? 'unknown';
   const kvKey = getPendingKey(ip);

package/src/routes/sql.ts

@@ -23,7 +23,11 @@
  *    { namespace: 'workspace', id: 'ws-456', sql: 'SELECT * FROM documents', params: [] }
  */
 import { OpenAPIHono, createRoute, type HonoEnv } from '../lib/hono.js';
-import { parseConfig } from '../lib/do-router.js';
+import {
+  formatDbTargetValidationIssue,
+  parseConfig,
+  resolveDbTarget,
+} from '../lib/do-router.js';
 import { validateKey, buildConstraintCtx } from '../lib/service-key.js';
 import {
   zodDefaultHook,
@@ -65,6 +69,10 @@ const executeSql = createRoute({
       description: 'Forbidden',
       content: { 'application/json': { schema: errorResponseSchema } },
     },
+    404: {
+      description: 'Namespace not found',
+      content: { 'application/json': { schema: errorResponseSchema } },
+    },
   },
 });
 
@@ -84,30 +92,27 @@ sqlRoute.openapi(executeSql, async (c) => {
   if (id !== undefined && id !== null && typeof id !== 'string') {
     return c.json({ code: 400, message: 'id must be a string' }, 400);
   }
-  if (id && id.includes(':')) {
-    return c.json({ code: 400, message: "id must not contain ':' (§2)" }, 400);
-  }
   if (!sql || typeof sql !== 'string') {
     return c.json({ code: 400, message: 'sql is required' }, 400);
   }
 
   // Validate namespace is declared in databases config (§1)
   const config = parseConfig(c.env);
-  const dbBlock = config.databases?.[namespace];
-  if (!dbBlock) {
-    return c.json({ code: 404, message: `Namespace '${namespace}' not found in config` }, 404);
-  }
-  const isDynamicNamespace = !!(
-    dbBlock.instance ||
-    dbBlock.access?.canCreate ||
-    dbBlock.access?.access
-  );
-  if (isDynamicNamespace && !id) {
+  const target = resolveDbTarget(config, namespace, id);
+  if (!target.ok) {
     return c.json(
-      { code: 400, message: `id is required for dynamic namespace '${namespace}'` },
-      400,
+      {
+        code: target.status,
+        message: formatDbTargetValidationIssue(target.issue, namespace, {
+          namespaceLabel: 'Namespace',
+          instanceIdLabel: 'id',
+          includeSectionRef: target.issue === 'instance_id_invalid',
+        }),
+      },
+      target.status,
     );
   }
+  const { instanceId } = target.value;
 
   // Service Key required AND validated
   const { result: skResult } = validateKey(
@@ -133,7 +138,7 @@ sqlRoute.openapi(executeSql, async (c) => {
         databaseNamespace: c.env.DATABASE,
       },
       namespace,
-      id,
+      instanceId,
       sql,
       params ?? [],
     );

package/src/routes/tables.ts

@@ -22,7 +22,13 @@
  */
 import { OpenAPIHono, createRoute, z, type HonoEnv } from '../lib/hono.js';
 import type { Context } from 'hono';
-import { getDbDoName, parseConfig, shouldRouteToD1 } from '../lib/do-router.js';
+import {
+  formatDbTargetValidationIssue,
+  getDbDoName,
+  parseConfig,
+  resolveDbTarget,
+  shouldRouteToD1,
+} from '../lib/do-router.js';
 import { fetchDOWithRetry } from '../lib/do-retry.js';
 import {
   queryParamsSchema, listResponseSchema, recordResponseSchema,
@@ -562,7 +568,8 @@ tablesRoute.openapi(dbDeleteRecord, async (c) => {
  * - provider='do' (default): forwards to DatabaseDO instance
  * - provider='neon'|'postgres': handles in Worker via postgres-handler
  *
- * Handles §36 canCreate 2-RTT flow for dynamic DOs.
+ * Handles §36 canCreate 2-RTT flow for dynamic DOs and auto-retries bootstrap
+ * for single-instance provider='do' namespaces.
  */
 async function routeToDO(
   c: Context<HonoEnv>,
@@ -574,14 +581,17 @@ async function routeToDO(
   const tableName = decodeURIComponent(_tableName);
   // Check provider — route to D1 or PostgreSQL handler if not DO
   const config = parseConfig(c.env);
-  const dbBlock = config.databases?.[namespace];
-
-  if (!dbBlock) {
-    return c.json({ code: 404, message: `Database '${namespace}' not found in config.` }, 404);
+  const target = resolveDbTarget(config, namespace, instanceId);
+  if (!target.ok) {
+    return c.json({
+      code: target.status,
+      message: formatDbTargetValidationIssue(target.issue, namespace),
+    }, target.status);
   }
+  const { dbBlock, dynamic: dynamicDbBlock, instanceId: normalizedInstanceId } = target.value;
 
   // D1 route: single-instance namespaces without dynamic instanceId
-  if (!instanceId && shouldRouteToD1(namespace, config)) {
+  if (!normalizedInstanceId && shouldRouteToD1(namespace, config)) {
     return handleD1Request(c as unknown as Context<HonoEnv>, namespace, tableName, doPath);
   }
 
@@ -590,9 +600,10 @@ async function routeToDO(
   if (provider === 'neon' || provider === 'postgres') {
     return handlePgRequest(c as unknown as Context<HonoEnv>, namespace, tableName, doPath);
   }
+  const requiresCreateAuthorization = dynamicDbBlock;
 
   // Build DO name: 'shared' | 'workspace:ws-456' (§2)
-  const doName = getDbDoName(namespace, instanceId);
+  const doName = getDbDoName(namespace, normalizedInstanceId);
 
   const doId = c.env.DATABASE.idFromName(doName);
   const stub = c.env.DATABASE.get(doId);
@@ -648,26 +659,33 @@ async function routeToDO(
     body: bodyText,
   }, { safeToRetry });
 
-  // §36: Handle needsCreate 2-RTT flow for dynamic DOs (not 'shared' or static)
-  if (res.status === 201 && instanceId) {
+  // §36: Handle needsCreate 2-RTT flow for dynamic DOs and bootstrap retry for
+  // single-instance provider='do' namespaces.
+  if (res.status === 201) {
     const body = await res.clone().json().catch(() => null) as
       | { needsCreate?: boolean; namespace?: string; id?: string }
       | null;
     if (body?.needsCreate) {
-      // Evaluate DbLevelRules.canCreate(auth, id) in Worker (#133 §36)
-      const config = parseConfig(c.env);
-      const dbBlock = config.databases?.[namespace];
-      const canCreateFn = dbBlock?.access?.canCreate;
-
-      // Internal/admin DB proxy calls already bypass row-level rules.
-      // Dynamic DB bootstrap must honor that bypass too, otherwise
-      // context.admin.db(namespace, id).table(...).insert() fails on first write.
-      let allowed = isServiceKey;
-      if (!allowed && canCreateFn) {
-        try {
-          allowed = await Promise.resolve(canCreateFn(auth ?? null, body.id ?? instanceId));
-        } catch {
-          allowed = false; // fail-closed
+      let allowed = !requiresCreateAuthorization;
+
+      if (!allowed) {
+        // Evaluate DbLevelRules.canCreate(auth, id) in Worker (#133 §36)
+        const config = parseConfig(c.env);
+        const currentDbBlock = config.databases?.[namespace];
+        const canCreateFn = currentDbBlock?.access?.canCreate;
+
+        // Internal/admin DB proxy calls already bypass row-level rules.
+        // Dynamic DB bootstrap must honor that bypass too, otherwise
+        // context.admin.db(namespace, id).table(...).insert() fails on first write.
+        allowed = isServiceKey;
+        if (!allowed && canCreateFn) {
+          try {
+            allowed = await Promise.resolve(
+              canCreateFn(auth ?? null, body.id ?? normalizedInstanceId ?? namespace),
+            );
+          } catch {
+            allowed = false; // fail-closed
+          }
         }
       }
 
@@ -681,11 +699,6 @@ async function routeToDO(
       // Authorized — retry with X-DO-Create-Authorized header
       const retryHeaders = new Headers(headers);
       retryHeaders.set('X-DO-Create-Authorized', '1');
-      const retryInit: RequestInit = { method: c.req.raw.method, headers: retryHeaders };
-      // BUG-008 fix: use pre-read body text (stream already consumed above)
-      if (c.req.raw.method !== 'GET' && c.req.raw.method !== 'HEAD') {
-        retryInit.body = bodyText ?? null;
-      }
       // needsCreate 2-RTT: DO is empty at this point, safe to retry
       return fetchDOWithRetry(stub, doUrl, {
         method: c.req.raw.method,

package/admin-build/_app/immutable/entry/start.l1WvHznQ.js

@@ -1 +0,0 @@
-import{a as r}from"../chunks/byv2rTy8.js";import{w as t}from"../chunks/DiyBpamp.js";export{t as load_css,r as start};

package/admin-build/_app/immutable/nodes/21.DuDYelMY.js

@@ -1 +0,0 @@
-import{_ as m}from"../chunks/BxoNtYHK.js";export{m as component};