@gmickel/gno 0.7.0 → 0.8.2

package/src/serve/security.ts

@@ -19,7 +19,7 @@
  * Cross-origin browser requests must originate from localhost/127.0.0.1.
  */
 export function validateOrigin(req: Request, port: number): boolean {
-  const origin = req.headers.get('Origin');
+  const origin = req.headers.get("Origin");
   // Same-origin requests (browser fetch, curl) have no Origin header
   if (!origin) {
     return true;
@@ -48,7 +48,7 @@ export function validateToken(req: Request): boolean {
     return false;
   }
 
-  const token = req.headers.get('X-GNO-Token');
+  const token = req.headers.get("X-GNO-Token");
   return token === expectedToken;
 }
 
@@ -64,7 +64,7 @@ export function isRequestAllowed(req: Request, port: number): boolean {
   const method = req.method.toUpperCase();
 
   // Safe methods - no CSRF protection needed
-  if (method === 'GET' || method === 'HEAD' || method === 'OPTIONS') {
+  if (method === "GET" || method === "HEAD" || method === "OPTIONS") {
     return true;
   }
 
@@ -78,7 +78,7 @@ export function isRequestAllowed(req: Request, port: number): boolean {
  */
 export function forbiddenResponse(): Response {
   return Response.json(
-    { error: { code: 'CSRF_VIOLATION', message: 'Forbidden' } },
+    { error: { code: "CSRF_VIOLATION", message: "Forbidden" } },
     { status: 403 }
   );
 }

package/src/serve/server.ts

@@ -6,13 +6,14 @@
  * @module src/serve/server
  */
 
-import { getIndexDbPath } from '../app/constants';
-import { getConfigPaths, isInitialized, loadConfig } from '../config';
-import { SqliteAdapter } from '../store/sqlite/adapter';
-import { createServerContext, disposeServerContext } from './context';
+import type { ContextHolder } from "./routes/api";
+
+import { getIndexDbPath } from "../app/constants";
+import { getConfigPaths, isInitialized, loadConfig } from "../config";
+import { SqliteAdapter } from "../store/sqlite/adapter";
+import { createServerContext, disposeServerContext } from "./context";
 // HTML import - Bun handles bundling TSX/CSS automatically via routes
-import homepage from './public/index.html';
-import type { ContextHolder } from './routes/api';
+import homepage from "./public/index.html";
 import {
   handleAsk,
   handleCapabilities,
@@ -33,8 +34,9 @@ import {
   handleSetPreset,
   handleStatus,
   handleSync,
-} from './routes/api';
-import { forbiddenResponse, isRequestAllowed } from './security';
+  handleUpdateDoc,
+} from "./routes/api";
+import { forbiddenResponse, isRequestAllowed } from "./security";
 
 export interface ServeOptions {
   /** Port to listen on (default: 3000) */
@@ -78,7 +80,7 @@ function getCspHeader(isDev: boolean): string {
     base.push("connect-src 'self'");
   }
 
-  return base.join('; ');
+  return base.join("; ");
 }
 
 /**
@@ -86,11 +88,11 @@ function getCspHeader(isDev: boolean): string {
  */
 function withSecurityHeaders(response: Response, isDev: boolean): Response {
   const headers = new Headers(response.headers);
-  headers.set('Content-Security-Policy', getCspHeader(isDev));
-  headers.set('X-Content-Type-Options', 'nosniff');
-  headers.set('X-Frame-Options', 'DENY');
-  headers.set('Referrer-Policy', 'no-referrer');
-  headers.set('Cross-Origin-Resource-Policy', 'same-origin');
+  headers.set("Content-Security-Policy", getCspHeader(isDev));
+  headers.set("X-Content-Type-Options", "nosniff");
+  headers.set("X-Frame-Options", "DENY");
+  headers.set("Referrer-Policy", "no-referrer");
+  headers.set("Cross-Origin-Resource-Policy", "same-origin");
 
   return new Response(response.body, {
     status: response.status,
@@ -107,12 +109,12 @@ export async function startServer(
   options: ServeOptions = {}
 ): Promise<ServeResult> {
   const port = options.port ?? 3000;
-  const isDev = process.env.NODE_ENV !== 'production';
+  const isDev = process.env.NODE_ENV !== "production";
 
   // Check initialization
   const initialized = await isInitialized(options.configPath);
   if (!initialized) {
-    return { success: false, error: 'GNO not initialized. Run: gno init' };
+    return { success: false, error: "GNO not initialized. Run: gno init" };
   }
 
   // Load config
@@ -159,21 +161,21 @@ export async function startServer(
 
   // Graceful shutdown handler
   const shutdown = async () => {
-    console.log('\nShutting down...');
+    console.log("\nShutting down...");
     await disposeServerContext(ctxHolder.current);
     await store.close();
     shutdownController.abort();
   };
 
-  process.once('SIGINT', shutdown);
-  process.once('SIGTERM', shutdown);
+  process.once("SIGINT", shutdown);
+  process.once("SIGTERM", shutdown);
 
   // Start server with try/catch for port-in-use etc.
   let server: ReturnType<typeof Bun.serve>;
   try {
     server = Bun.serve({
       port,
-      hostname: '127.0.0.1', // Loopback only - no LAN exposure
+      hostname: "127.0.0.1", // Loopback only - no LAN exposure
 
       // Enable development mode for HMR and console logging
       development: isDev,
@@ -181,21 +183,23 @@ export async function startServer(
       // Static routes - Bun handles HTML bundling and /_bun/* assets automatically
       routes: {
         // SPA routes - all serve the same React app
-        '/': homepage,
-        '/search': homepage,
-        '/browse': homepage,
-        '/doc': homepage,
-        '/ask': homepage,
+        "/": homepage,
+        "/search": homepage,
+        "/browse": homepage,
+        "/doc": homepage,
+        "/edit": homepage,
+        "/collections": homepage,
+        "/ask": homepage,
 
         // API routes with CSRF protection wrapper
-        '/api/health': {
+        "/api/health": {
           GET: () => withSecurityHeaders(handleHealth(), isDev),
         },
-        '/api/status': {
+        "/api/status": {
           GET: async () =>
             withSecurityHeaders(await handleStatus(store), isDev),
         },
-        '/api/collections': {
+        "/api/collections": {
           GET: async () =>
             withSecurityHeaders(await handleCollections(store), isDev),
           POST: async (req: Request) => {
@@ -208,7 +212,7 @@ export async function startServer(
             );
           },
         },
-        '/api/sync': {
+        "/api/sync": {
           POST: async (req: Request) => {
             if (!isRequestAllowed(req, port)) {
               return withSecurityHeaders(forbiddenResponse(), isDev);
@@ -219,7 +223,7 @@ export async function startServer(
             );
           },
         },
-        '/api/docs': {
+        "/api/docs": {
           GET: async (req: Request) => {
             const url = new URL(req.url);
             return withSecurityHeaders(await handleDocs(store, url), isDev);
@@ -234,28 +238,42 @@ export async function startServer(
             );
           },
         },
-        '/api/docs/:id/deactivate': {
+        "/api/docs/:id/deactivate": {
           POST: async (req: Request) => {
             if (!isRequestAllowed(req, port)) {
               return withSecurityHeaders(forbiddenResponse(), isDev);
             }
             const url = new URL(req.url);
             // Extract id from /api/docs/:id/deactivate
-            const parts = url.pathname.split('/');
-            const id = decodeURIComponent(parts[3] || '');
+            const parts = url.pathname.split("/");
+            const id = decodeURIComponent(parts[3] || "");
             return withSecurityHeaders(
               await handleDeactivateDoc(store, id),
               isDev
             );
           },
         },
-        '/api/doc': {
+        "/api/docs/:id": {
+          PUT: async (req: Request) => {
+            if (!isRequestAllowed(req, port)) {
+              return withSecurityHeaders(forbiddenResponse(), isDev);
+            }
+            const url = new URL(req.url);
+            // Extract id from /api/docs/:id
+            const id = decodeURIComponent(url.pathname.split("/").pop() || "");
+            return withSecurityHeaders(
+              await handleUpdateDoc(ctxHolder, store, id, req),
+              isDev
+            );
+          },
+        },
+        "/api/doc": {
           GET: async (req: Request) => {
             const url = new URL(req.url);
             return withSecurityHeaders(await handleDoc(store, url), isDev);
           },
         },
-        '/api/search': {
+        "/api/search": {
           POST: async (req: Request) => {
             if (!isRequestAllowed(req, port)) {
               return withSecurityHeaders(forbiddenResponse(), isDev);
@@ -263,7 +281,7 @@ export async function startServer(
             return withSecurityHeaders(await handleSearch(store, req), isDev);
           },
         },
-        '/api/query': {
+        "/api/query": {
           POST: async (req: Request) => {
             if (!isRequestAllowed(req, port)) {
               return withSecurityHeaders(forbiddenResponse(), isDev);
@@ -274,7 +292,7 @@ export async function startServer(
             );
           },
         },
-        '/api/ask': {
+        "/api/ask": {
           POST: async (req: Request) => {
             if (!isRequestAllowed(req, port)) {
               return withSecurityHeaders(forbiddenResponse(), isDev);
@@ -285,11 +303,11 @@ export async function startServer(
             );
           },
         },
-        '/api/capabilities': {
+        "/api/capabilities": {
           GET: () =>
             withSecurityHeaders(handleCapabilities(ctxHolder.current), isDev),
         },
-        '/api/presets': {
+        "/api/presets": {
           GET: () =>
             withSecurityHeaders(handlePresets(ctxHolder.current), isDev),
           POST: async (req: Request) => {
@@ -302,10 +320,10 @@ export async function startServer(
             );
           },
         },
-        '/api/models/status': {
+        "/api/models/status": {
           GET: () => withSecurityHeaders(handleModelStatus(), isDev),
         },
-        '/api/models/pull': {
+        "/api/models/pull": {
           POST: (req: Request) => {
             if (!isRequestAllowed(req, port)) {
               return withSecurityHeaders(forbiddenResponse(), isDev);
@@ -313,21 +331,21 @@ export async function startServer(
             return withSecurityHeaders(handleModelPull(ctxHolder), isDev);
           },
         },
-        '/api/jobs/:id': {
+        "/api/jobs/:id": {
           GET: (req: Request) => {
             const url = new URL(req.url);
-            const id = decodeURIComponent(url.pathname.split('/').pop() || '');
+            const id = decodeURIComponent(url.pathname.split("/").pop() || "");
             return withSecurityHeaders(handleJob(id), isDev);
           },
         },
-        '/api/collections/:name': {
+        "/api/collections/:name": {
           DELETE: async (req: Request) => {
             if (!isRequestAllowed(req, port)) {
               return withSecurityHeaders(forbiddenResponse(), isDev);
             }
             const url = new URL(req.url);
             const name = decodeURIComponent(
-              url.pathname.split('/').pop() || ''
+              url.pathname.split("/").pop() || ""
             );
             return withSecurityHeaders(
               await handleDeleteCollection(ctxHolder, store, name),
@@ -346,15 +364,15 @@ export async function startServer(
   }
 
   console.log(`GNO server running at http://localhost:${server.port}`);
-  console.log('Press Ctrl+C to stop');
+  console.log("Press Ctrl+C to stop");
 
   // Block until shutdown signal
   await new Promise<void>((resolve) => {
-    shutdownController.signal.addEventListener('abort', () => resolve(), {
+    shutdownController.signal.addEventListener("abort", () => resolve(), {
       once: true,
     });
   });
 
-  server.stop(true);
+  await server.stop(true);
   return { success: true };
 }

package/src/store/index.ts

@@ -5,7 +5,7 @@
  * @module src/store
  */
 
-export type { Migration } from './migrations';
+export type { Migration } from "./migrations";
 // Migrations
 export {
   getDbFtsTokenizer,
@@ -13,10 +13,10 @@ export {
   migrations,
   needsFtsRebuild,
   runMigrations,
-} from './migrations';
+} from "./migrations";
 
 // SQLite adapter
-export { SqliteAdapter } from './sqlite';
+export { SqliteAdapter } from "./sqlite";
 // Types and interfaces
 export type {
   ChunkInput,
@@ -37,5 +37,5 @@ export type {
   StoreErrorCode,
   StorePort,
   StoreResult,
-} from './types';
-export { err, ok } from './types';
+} from "./types";
+export { err, ok } from "./types";

package/src/store/migrations/001-initial.ts

@@ -5,13 +5,14 @@
  * @module src/store/migrations/001_initial
  */
 
-import type { Database } from 'bun:sqlite';
-import type { FtsTokenizer } from '../../config/types';
-import type { Migration } from './runner';
+import type { Database } from "bun:sqlite";
+
+import type { FtsTokenizer } from "../../config/types";
+import type { Migration } from "./runner";
 
 export const migration: Migration = {
   version: 1,
-  name: 'initial_schema',
+  name: "initial_schema",
 
   up(db: Database, ftsTokenizer: FtsTokenizer): void {
     // Collections (synced from YAML config)
@@ -78,18 +79,18 @@ export const migration: Migration = {
     `);
 
     db.exec(
-      'CREATE INDEX IF NOT EXISTS idx_documents_collection ON documents(collection)'
+      "CREATE INDEX IF NOT EXISTS idx_documents_collection ON documents(collection)"
     );
     db.exec(
-      'CREATE INDEX IF NOT EXISTS idx_documents_active ON documents(active)'
+      "CREATE INDEX IF NOT EXISTS idx_documents_active ON documents(active)"
     );
     db.exec(
-      'CREATE INDEX IF NOT EXISTS idx_documents_mirror_hash ON documents(mirror_hash)'
+      "CREATE INDEX IF NOT EXISTS idx_documents_mirror_hash ON documents(mirror_hash)"
     );
     db.exec(
-      'CREATE INDEX IF NOT EXISTS idx_documents_docid ON documents(docid)'
+      "CREATE INDEX IF NOT EXISTS idx_documents_docid ON documents(docid)"
     );
-    db.exec('CREATE INDEX IF NOT EXISTS idx_documents_uri ON documents(uri)');
+    db.exec("CREATE INDEX IF NOT EXISTS idx_documents_uri ON documents(uri)");
 
     // Content (content-addressed markdown mirrors)
     db.exec(`
@@ -118,7 +119,7 @@ export const migration: Migration = {
     `);
 
     db.exec(
-      'CREATE INDEX IF NOT EXISTS idx_chunks_mirror_hash ON content_chunks(mirror_hash)'
+      "CREATE INDEX IF NOT EXISTS idx_chunks_mirror_hash ON content_chunks(mirror_hash)"
     );
 
     // FTS5 virtual table with configurable tokenizer
@@ -143,7 +144,7 @@ export const migration: Migration = {
     `);
 
     db.exec(
-      'CREATE INDEX IF NOT EXISTS idx_vectors_model ON content_vectors(model)'
+      "CREATE INDEX IF NOT EXISTS idx_vectors_model ON content_vectors(model)"
     );
 
     // LLM cache (EPIC 6+)
@@ -157,7 +158,7 @@ export const migration: Migration = {
     `);
 
     db.exec(
-      'CREATE INDEX IF NOT EXISTS idx_llm_cache_expires ON llm_cache(expires_at)'
+      "CREATE INDEX IF NOT EXISTS idx_llm_cache_expires ON llm_cache(expires_at)"
     );
 
     // Ingest errors
@@ -174,23 +175,23 @@ export const migration: Migration = {
     `);
 
     db.exec(
-      'CREATE INDEX IF NOT EXISTS idx_ingest_errors_occurred ON ingest_errors(occurred_at DESC)'
+      "CREATE INDEX IF NOT EXISTS idx_ingest_errors_occurred ON ingest_errors(occurred_at DESC)"
     );
     db.exec(
-      'CREATE INDEX IF NOT EXISTS idx_ingest_errors_collection ON ingest_errors(collection, rel_path)'
+      "CREATE INDEX IF NOT EXISTS idx_ingest_errors_collection ON ingest_errors(collection, rel_path)"
     );
   },
 
   down(db: Database): void {
     // Drop in reverse order of creation
-    db.exec('DROP TABLE IF EXISTS ingest_errors');
-    db.exec('DROP TABLE IF EXISTS llm_cache');
-    db.exec('DROP TABLE IF EXISTS content_vectors');
-    db.exec('DROP TABLE IF EXISTS content_fts');
-    db.exec('DROP TABLE IF EXISTS content_chunks');
-    db.exec('DROP TABLE IF EXISTS content');
-    db.exec('DROP TABLE IF EXISTS documents');
-    db.exec('DROP TABLE IF EXISTS contexts');
-    db.exec('DROP TABLE IF EXISTS collections');
+    db.exec("DROP TABLE IF EXISTS ingest_errors");
+    db.exec("DROP TABLE IF EXISTS llm_cache");
+    db.exec("DROP TABLE IF EXISTS content_vectors");
+    db.exec("DROP TABLE IF EXISTS content_fts");
+    db.exec("DROP TABLE IF EXISTS content_chunks");
+    db.exec("DROP TABLE IF EXISTS content");
+    db.exec("DROP TABLE IF EXISTS documents");
+    db.exec("DROP TABLE IF EXISTS contexts");
+    db.exec("DROP TABLE IF EXISTS collections");
   },
 };

package/src/store/migrations/002-documents-fts.ts

@@ -7,17 +7,18 @@
  * @module src/store/migrations/002-documents-fts
  */
 
-import type { Database } from 'bun:sqlite';
-import type { FtsTokenizer } from '../../config/types';
-import type { Migration } from './runner';
+import type { Database } from "bun:sqlite";
+
+import type { FtsTokenizer } from "../../config/types";
+import type { Migration } from "./runner";
 
 export const migration: Migration = {
   version: 2,
-  name: 'documents_fts',
+  name: "documents_fts",
 
   up(db: Database, ftsTokenizer: FtsTokenizer): void {
     // Drop old chunk-level FTS (no backwards compat needed per epic)
-    db.exec('DROP TABLE IF EXISTS content_fts');
+    db.exec("DROP TABLE IF EXISTS content_fts");
 
     // Create document-level FTS with snowball stemmer
     // Indexes: filepath (for path searches), title, body (full content)
@@ -34,7 +35,7 @@ export const migration: Migration = {
   },
 
   down(db: Database): void {
-    db.exec('DROP TABLE IF EXISTS documents_fts');
+    db.exec("DROP TABLE IF EXISTS documents_fts");
     // Note: Cannot restore content_fts - would need full reindex
   },
 };

package/src/store/migrations/index.ts

@@ -5,17 +5,17 @@
  * @module src/store/migrations
  */
 
-export type { Migration } from './runner';
+export type { Migration } from "./runner";
 export {
   getDbFtsTokenizer,
   getSchemaVersion,
   needsFtsRebuild,
   runMigrations,
-} from './runner';
+} from "./runner";
 
 // Import all migrations
-import { migration as m001 } from './001-initial';
-import { migration as m002 } from './002-documents-fts';
+import { migration as m001 } from "./001-initial";
+import { migration as m002 } from "./002-documents-fts";
 
 /** All migrations in order */
 export const migrations = [m001, m002];

package/src/store/migrations/runner.ts

@@ -5,10 +5,12 @@
  * @module src/store/migrations/runner
  */
 
-import type { Database } from 'bun:sqlite';
-import type { FtsTokenizer } from '../../config/types';
-import type { MigrationResult, StoreResult } from '../types';
-import { err, ok } from '../types';
+import type { Database } from "bun:sqlite";
+
+import type { FtsTokenizer } from "../../config/types";
+import type { MigrationResult, StoreResult } from "../types";
+
+import { err, ok } from "../types";
 
 // ─────────────────────────────────────────────────────────────────────────────
 // Types
@@ -38,7 +40,7 @@ const BOOTSTRAP_META_TABLE = `
   )
 `;
 
-const GET_META = 'SELECT value FROM schema_meta WHERE key = ?';
+const GET_META = "SELECT value FROM schema_meta WHERE key = ?";
 
 const SET_META = `
   INSERT INTO schema_meta (key, value, updated_at)
@@ -58,7 +60,7 @@ const SET_META = `
  */
 export function getSchemaVersion(db: Database): number {
   try {
-    const row = db.query<{ value: string }, [string]>(GET_META).get('version');
+    const row = db.query<{ value: string }, [string]>(GET_META).get("version");
     return row ? Number.parseInt(row.value, 10) : 0;
   } catch {
     // Table doesn't exist yet
@@ -74,7 +76,7 @@ export function getDbFtsTokenizer(db: Database): FtsTokenizer | null {
   try {
     const row = db
       .query<{ value: string }, [string]>(GET_META)
-      .get('fts_tokenizer');
+      .get("fts_tokenizer");
     return row ? (row.value as FtsTokenizer) : null;
   } catch {
     return null;
@@ -114,9 +116,9 @@ export function runMigrations(
       // Tokenizer mismatch - this requires special handling
       // For now, we error out. EPIC 5 will handle FTS rebuild.
       return err(
-        'MIGRATION_FAILED',
+        "MIGRATION_FAILED",
         `FTS tokenizer mismatch: DB has '${dbTokenizer}', config has '${ftsTokenizer}'. ` +
-          'Run `gno index --rebuild-fts` to recreate FTS index with new tokenizer.'
+          "Run `gno index --rebuild-fts` to recreate FTS index with new tokenizer."
       );
     }
 
@@ -128,7 +130,7 @@ export function runMigrations(
       const migration = sorted[i];
       if (migration && migration.version !== i + 1) {
         return err(
-          'MIGRATION_FAILED',
+          "MIGRATION_FAILED",
           `Migration versions must be sequential. Expected ${i + 1}, got ${migration.version}`
         );
       }
@@ -150,14 +152,14 @@ export function runMigrations(
     const transaction = db.transaction(() => {
       for (const migration of pending) {
         migration.up(db, ftsTokenizer);
-        setMeta(db, 'version', migration.version.toString());
+        setMeta(db, "version", migration.version.toString());
         applied.push(migration.version);
       }
 
       // Set FTS tokenizer if not already set
       if (dbTokenizer === null) {
-        setMeta(db, 'fts_tokenizer', ftsTokenizer);
-        setMeta(db, 'created_at', new Date().toISOString());
+        setMeta(db, "fts_tokenizer", ftsTokenizer);
+        setMeta(db, "created_at", new Date().toISOString());
       }
     });
 
@@ -170,8 +172,8 @@ export function runMigrations(
     });
   } catch (cause) {
     const message =
-      cause instanceof Error ? cause.message : 'Unknown migration error';
-    return err('MIGRATION_FAILED', message, cause);
+      cause instanceof Error ? cause.message : "Unknown migration error";
+    return err("MIGRATION_FAILED", message, cause);
   }
 }