@highstate/backend 0.9.19 → 0.9.21

package/dist/library/package-resolution-worker.js

@@ -1,7 +1,7 @@
-import { workerData, parentPort } from 'node:worker_threads';
-import { dirname } from 'node:path';
-import { findPackageJSON } from 'node:module';
 import { realpath } from 'node:fs/promises';
+import { findPackageJSON } from 'node:module';
+import { dirname } from 'node:path';
+import { workerData, parentPort } from 'node:worker_threads';
 import pino from 'pino';
 
 // src/library/package-resolution-worker.ts

package/dist/library/package-resolution-worker.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/library/package-resolution-worker.ts"],"names":[],"mappings":";;;;;;;AA8BA,IAAM,EAAE,YAAA,EAAc,QAAA,EAAS,GAAI,UAAA;AAEnC,IAAM,MAAA,GAAS,KAAK,EAAE,IAAA,EAAM,4BAA4B,KAAA,EAAO,QAAA,IAAY,UAAU,CAAA;AAErF,IAAM,UAA2B,EAAC;AAElC,KAAA,MAAW,eAAe,YAAA,EAAc;AACtC,EAAA,IAAI;AACF,IAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,WAAA,EAAa,MAAA,CAAA,IAAA,CAAY,GAAG,CAAA;AACzD,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,SAAA,EAAY,WAAW,CAAA,WAAA,CAAa,CAAA;AAAA,IACtD;AAEA,IAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,MACX,IAAA,EAAM,SAAA;AAAA,MACN,WAAA;AAAA,MACA,eAAA,EAAiB,MAAM,QAAA,CAAS,OAAA,CAAQ,IAAI,CAAC;AAAA,KAC9C,CAAA;AAAA,EACH,SAAS,KAAA,EAAO;AACd,IAAA,MAAA,CAAO,KAAA,CAAM,EAAE,KAAA,EAAM,EAAG,kCAAkC,WAAW,CAAA;AAErE,IAAA,IAAI,iBAAiB,KAAA,IAAS,KAAA,CAAM,OAAA,CAAQ,QAAA,CAAS,WAAW,CAAA,EAAG;AACjE,MAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,QACX,IAAA,EAAM,WAAA;AAAA,QACN;AAAA,OACD,CAAA;AAAA,IACH,CAAA,MAAO;AACL,MAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,QACX,IAAA,EAAM,OAAA;AAAA,QACN,WAAA;AAAA,QACA,OAAO,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK;AAAA,OAC7D,CAAA;AAAA,IACH;AAAA,EACF;AACF;AAEA,UAAA,EAAY,WAAA,CAAY;AAAA,EACtB,IAAA,EAAM,QAAA;AAAA,EACN;AACF,CAAC,CAAA","file":"package-resolution-worker.js","sourcesContent":["import { parentPort, workerData } from \"node:worker_threads\"\nimport { dirname } from \"node:path\"\nimport { findPackageJSON } from \"node:module\"\nimport { realpath } from \"node:fs/promises\"\nimport pino, { type Level } from \"pino\"\n\nexport type PackageResolutionWorkerData = {\n  packageNames: string[]\n  logLevel?: Level\n}\n\nexport type PackageResult = { packageName: string } & (\n  | {\n      type: \"success\"\n      packageRootPath: string\n    }\n  | {\n      type: \"not-found\"\n    }\n  | {\n      type: \"error\"\n      error: string\n    }\n)\n\nexport type PackageResolutionResponse = {\n  type: \"result\"\n  results: PackageResult[]\n}\n\nconst { packageNames, logLevel } = workerData as PackageResolutionWorkerData\n\nconst logger = pino({ name: \"source-resolution-worker\", level: logLevel ?? \"silent\" })\n\nconst results: PackageResult[] = []\n\nfor (const packageName of packageNames) {\n  try {\n    const path = findPackageJSON(packageName, import.meta.url)\n    if (!path) {\n      throw new Error(`Package \"${packageName}\" not found`)\n    }\n\n    results.push({\n      type: \"success\",\n      packageName,\n      packageRootPath: await realpath(dirname(path)),\n    })\n  } catch (error) {\n    logger.error({ error }, `failed to resolve package \"%s\"`, packageName)\n\n    if (error instanceof Error && error.message.includes(\"not found\")) {\n      results.push({\n        type: \"not-found\",\n        packageName,\n      })\n    } else {\n      results.push({\n        type: \"error\",\n        packageName,\n        error: error instanceof Error ? error.message : String(error),\n      })\n    }\n  }\n}\n\nparentPort?.postMessage({\n  type: \"result\",\n  results,\n})\n"]}
+{"version":3,"sources":["../../src/library/package-resolution-worker.ts"],"names":[],"mappings":";;;;;;;AA8BA,IAAM,EAAE,YAAA,EAAc,QAAA,EAAS,GAAI,UAAA;AAEnC,IAAM,MAAA,GAAS,KAAK,EAAE,IAAA,EAAM,4BAA4B,KAAA,EAAO,QAAA,IAAY,UAAU,CAAA;AAErF,IAAM,UAA2B,EAAC;AAElC,KAAA,MAAW,eAAe,YAAA,EAAc;AACtC,EAAA,IAAI;AACF,IAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,WAAA,EAAa,MAAA,CAAA,IAAA,CAAY,GAAG,CAAA;AACzD,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,SAAA,EAAY,WAAW,CAAA,WAAA,CAAa,CAAA;AAAA,IACtD;AAEA,IAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,MACX,IAAA,EAAM,SAAA;AAAA,MACN,WAAA;AAAA,MACA,eAAA,EAAiB,MAAM,QAAA,CAAS,OAAA,CAAQ,IAAI,CAAC;AAAA,KAC9C,CAAA;AAAA,EACH,SAAS,KAAA,EAAO;AACd,IAAA,MAAA,CAAO,KAAA,CAAM,EAAE,KAAA,EAAM,EAAG,kCAAkC,WAAW,CAAA;AAErE,IAAA,IAAI,iBAAiB,KAAA,IAAS,KAAA,CAAM,OAAA,CAAQ,QAAA,CAAS,WAAW,CAAA,EAAG;AACjE,MAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,QACX,IAAA,EAAM,WAAA;AAAA,QACN;AAAA,OACD,CAAA;AAAA,IACH,CAAA,MAAO;AACL,MAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,QACX,IAAA,EAAM,OAAA;AAAA,QACN,WAAA;AAAA,QACA,OAAO,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK;AAAA,OAC7D,CAAA;AAAA,IACH;AAAA,EACF;AACF;AAEA,UAAA,EAAY,WAAA,CAAY;AAAA,EACtB,IAAA,EAAM,QAAA;AAAA,EACN;AACF,CAAC,CAAA","file":"package-resolution-worker.js","sourcesContent":["import { realpath } from \"node:fs/promises\"\nimport { findPackageJSON } from \"node:module\"\nimport { dirname } from \"node:path\"\nimport { parentPort, workerData } from \"node:worker_threads\"\nimport pino, { type Level } from \"pino\"\n\nexport type PackageResolutionWorkerData = {\n  packageNames: string[]\n  logLevel?: Level\n}\n\nexport type PackageResult = { packageName: string } & (\n  | {\n      type: \"success\"\n      packageRootPath: string\n    }\n  | {\n      type: \"not-found\"\n    }\n  | {\n      type: \"error\"\n      error: string\n    }\n)\n\nexport type PackageResolutionResponse = {\n  type: \"result\"\n  results: PackageResult[]\n}\n\nconst { packageNames, logLevel } = workerData as PackageResolutionWorkerData\n\nconst logger = pino({ name: \"source-resolution-worker\", level: logLevel ?? \"silent\" })\n\nconst results: PackageResult[] = []\n\nfor (const packageName of packageNames) {\n  try {\n    const path = findPackageJSON(packageName, import.meta.url)\n    if (!path) {\n      throw new Error(`Package \"${packageName}\" not found`)\n    }\n\n    results.push({\n      type: \"success\",\n      packageName,\n      packageRootPath: await realpath(dirname(path)),\n    })\n  } catch (error) {\n    logger.error({ error }, `failed to resolve package \"%s\"`, packageName)\n\n    if (error instanceof Error && error.message.includes(\"not found\")) {\n      results.push({\n        type: \"not-found\",\n        packageName,\n      })\n    } else {\n      results.push({\n        type: \"error\",\n        packageName,\n        error: error instanceof Error ? error.message : String(error),\n      })\n    }\n  }\n}\n\nparentPort?.postMessage({\n  type: \"result\",\n  results,\n})\n"]}

package/dist/library/worker/main.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/library/worker/evaluator.ts","../../../src/library/worker/loader.lite.ts","../../../src/library/worker/main.ts"],"names":["logger","error","input"],"mappings":";;;;;;AAWO,SAAS,eAAA,CACdA,OAAAA,EACA,UAAA,EACA,YAAA,EACA,cAAA,EACyB;AACzB,EAAA,MAAM,eAAA,GAAkB,IAAI,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,CAAA,QAAA,KAAY,CAAC,QAAA,CAAS,EAAA,EAAI,QAAQ,CAAC,CAAC,CAAA;AAErF,EAAA,MAAM,iBAA0C,EAAC;AACjD,EAAA,MAAM,iBAAyC,EAAC;AAEhD,EAAA,MAAM,eAAA,uBAAsB,GAAA,EAAqC;AAEjE,EAAA,KAAA,MAAW,YAAY,YAAA,EAAc;AACnC,IAAA,IAAI;AACF,MAAA,gBAAA,CAAiB,SAAS,EAAE,CAAA;AAAA,IAC9B,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,iBAAiB,yBAAA,EAA2B;AAE9C,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,KAAA,CAAM;AAAA,SACf;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,IAAA;AAAA,IAET,kBAAkB,mBAAA,EAAoB,CACnC,IAAI,CAAA,QAAA,KAAY,QAAA,CAAS,QAAQ,CAAA,CAEjC,MAAA,CAAO,CAAA,QAAA,KAAY,QAAA,CAAS,SAAS,WAAA,IAAe,CAAC,gBAAgB,GAAA,CAAI,QAAA,CAAS,EAAE,CAAC,CAAA;AAAA,IAExF;AAAA,GACF;AAEA,EAAA,SAAS,iBAAiB,UAAA,EAA0D;AAClF,IAAA,IAAI,OAAA,GAAU,eAAA,CAAgB,GAAA,CAAI,UAAU,CAAA;AAC5C,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,OAAO,OAAA;AAAA,IACT;AAGA,IAAA,MAAM,KAAA,GAAQ,eAAe,UAAU,CAAA;AACvC,IAAA,IAAI,KAAA,EAAO;AAET,MAAA,MAAM,KAAA;AAAA,IACR;AAEA,IAAA,MAAM,QAAA,GAAW,eAAA,CAAgB,GAAA,CAAI,UAAU,CAAA;AAC/C,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,oBAAA,EAAuB,UAAU,CAAA,CAAE,CAAA;AAAA,IACrD;AAEA,IAAA,IAAI;AACF,MAAA,OAAA,GAAU,kBAAkB,QAAQ,CAAA;AAEpC,MAAA,eAAA,CAAgB,GAAA,CAAI,YAAY,OAAO,CAAA;AACvC,MAAA,OAAO,OAAA;AAAA,IACT,SAASC,MAAAA,EAAO;AACd,MAAA,IAAI,QAAA,CAAS,SAAS,WAAA,IAAe,CAAC,gBAAgB,GAAA,CAAI,QAAA,CAAS,EAAE,CAAA,EAAG;AACtE,QAAA,cAAA,CAAe,QAAA,CAAS,EAAE,CAAA,GAAI,aAAA,CAAcA,MAAK,CAAA;AAAA,MACnD;AAEA,MAAA,cAAA,CAAe,UAAU,CAAA,GAAIA,MAAAA;AAC7B,MAAA,MAAMA,MAAAA;AAAA,IACR;AAAA,EACF;AAEA,EAAA,SAAS,kBAAkB,QAAA,EAAkD;AAC3E,IAAA,MAAM,SAAkC,EAAC;AAEzC,IAAAD,QAAO,KAAA,CAAM,qBAAA,EAAuB,EAAE,UAAA,EAAY,QAAA,CAAS,IAAI,CAAA;AAE/D,IAAA,KAAA,MAAW,CAAC,SAAA,EAAW,KAAK,CAAA,IAAK,MAAA,CAAO,OAAA,CAAQ,cAAA,CAAe,QAAA,CAAS,EAAE,CAAA,IAAK,EAAE,CAAA,EAAG;AAClF,MAAA,MAAA,CAAO,SAAS,CAAA,GAAI,KAAA,CAAM,GAAA,CAAI,CAAAE,MAAAA,KAAS;AACrC,QAAA,MAAM,SAAA,GAAY,gBAAA,CAAiBA,MAAAA,CAAM,KAAA,CAAM,UAAU,CAAA;AAEzD,QAAA,OAAO,SAAA,CAAUA,MAAAA,CAAM,KAAA,CAAM,MAAM,CAAA;AAAA,MACrC,CAAC,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,SAAA,GAAY,UAAA,CAAW,QAAA,CAAS,IAAI,CAAA;AAC1C,IAAA,IAAI,CAAC,SAAA,EAAW;AACd,MAAA,MAAM,IAAI,MAAM,CAAA,qBAAA,EAAwB,QAAA,CAAS,IAAI,CAAA,wBAAA,EAA2B,QAAA,CAAS,EAAE,CAAA,CAAE,CAAA;AAAA,IAC/F;AAEA,IAAA,OAAO,SAAA,CAAU;AAAA,MACf,MAAM,QAAA,CAAS,IAAA;AAAA,MACf,MAAM,QAAA,CAAS,IAAA;AAAA,MACf;AAAA,KACD,CAAA;AAAA,EACH;AACF;ACvGA,eAAsB,cAAA,CACpBF,SACA,WAAA,EAC8C;AAC9C,EAAA,MAAM,UAAmC,EAAC;AAC1C,EAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AACpC,IAAA,IAAI;AACF,MAAAA,OAAAA,CAAO,KAAA,CAAM,EAAE,UAAA,IAAc,gBAAgB,CAAA;AAC7C,MAAA,OAAA,CAAQ,UAAU,CAAA,GAAI,MAAM,OAAO,UAAA,CAAA;AAEnC,MAAAA,OAAAA,CAAO,KAAA,CAAM,EAAE,UAAA,IAAc,eAAe,CAAA;AAAA,IAC9C,SAAS,GAAA,EAAK;AACZ,MAAAA,QAAO,KAAA,CAAM,EAAE,UAAA,EAAY,GAAA,IAAO,oBAAoB,CAAA;AAAA,IACxD;AAAA,EACF;AAEA,EAAA,MAAM,aAAwC,EAAC;AAE/C,EAAA,MAAM,YAAA,CAAa,SAAS,UAAU,CAAA;AACtC,EAAAA,QAAO,KAAA,CAAM,mCAAA,EAAqC,OAAO,IAAA,CAAK,UAAU,EAAE,MAAM,CAAA;AAEhF,EAAA,OAAO,UAAA;AACT;AAEA,eAAe,YAAA,CAAa,OAAgB,UAAA,EAAsD;AAChG,EAAA,IAAI,WAAA,CAAY,KAAK,CAAA,EAAG;AACtB,IAAA,UAAA,CAAW,KAAA,CAAM,KAAA,CAAM,IAAI,CAAA,GAAI,KAAA;AAC/B,IAAA;AAAA,EACF;AAEA,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,KAAU,IAAA,EAAM;AAC/C,IAAA;AAAA,EACF;AAEA,EAAA,IAAI,UAAU,KAAA,EAAO;AAEnB,IAAA;AAAA,EACF;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AACxB,IAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,MAAA,MAAM,YAAA,CAAa,MAAM,UAAU,CAAA;AAAA,IACrC;AAEA,IAAA;AAAA,EACF;AAEA,EAAA,KAAA,MAAW,OAAO,KAAA,EAAO;AACvB,IAAA,MAAM,YAAA,CAAc,KAAA,CAAkC,GAAG,CAAA,EAAG,UAAU,CAAA;AAAA,EACxE;AACF;;;AC9CA,IAAM,IAAA,GAAO,UAAA;AAEb,IAAM,MAAA,GAAS,IAAA,CAAK,EAAE,IAAA,EAAM,kBAAkB,CAAA;AAE9C,IAAI;AACF,EAAA,MAAM,OAAA,GAAU,MAAM,cAAA,CAAe,MAAA,EAAQ,KAAK,kBAAkB,CAAA;AACpE,EAAA,MAAM,SAAS,eAAA,CAAgB,MAAA,EAAQ,SAAS,IAAA,CAAK,YAAA,EAAc,KAAK,cAAc,CAAA;AAEtF,EAAA,UAAA,EAAY,YAAY,MAAM,CAAA;AAChC,CAAA,CAAA,OAAS,KAAA,EAAO;AACd,EAAA,MAAA,CAAO,KAAA,CAAM,EAAE,KAAA,EAAM,EAAG,4BAA4B,CAAA;AAEpD,EAAA,UAAA,EAAY,WAAA,CAAY;AAAA,IACtB,OAAA,EAAS,KAAA;AAAA,IACT,KAAA,EAAO,cAAc,KAAK;AAAA,GAC3B,CAAA;AACH","file":"main.js","sourcesContent":["import type { Logger } from \"pino\"\nimport type { ProjectEvaluationResult } from \"../abstractions\"\nimport type { ResolvedInstanceInput } from \"../../shared\"\nimport {\n  getRuntimeInstances,\n  InstanceNameConflictError,\n  type Component,\n  type InstanceModel,\n} from \"@highstate/contract\"\nimport { errorToString } from \"../../common\"\n\nexport function evaluateProject(\n  logger: Logger,\n  components: Readonly<Record<string, Component>>,\n  allInstances: InstanceModel[],\n  resolvedInputs: Record<string, Record<string, ResolvedInstanceInput[]>>,\n): ProjectEvaluationResult {\n  const allInstancesMap = new Map(allInstances.map(instance => [instance.id, instance]))\n\n  const instanceErrors: Record<string, unknown> = {}\n  const topLevelErrors: Record<string, string> = {}\n\n  const instanceOutputs = new Map<string, Record<string, unknown>>()\n\n  for (const instance of allInstances) {\n    try {\n      evaluateInstance(instance.id)\n    } catch (error) {\n      if (error instanceof InstanceNameConflictError) {\n        // fail the whole evaluation if there's a name conflict\n        return {\n          success: false,\n          error: error.message,\n        }\n      }\n    }\n  }\n\n  return {\n    success: true,\n\n    virtualInstances: getRuntimeInstances()\n      .map(instance => instance.instance)\n      // only include top-level composite instances and their children\n      .filter(instance => instance.kind === \"composite\" || !allInstancesMap.has(instance.id)),\n\n    topLevelErrors,\n  }\n\n  function evaluateInstance(instanceId: InstanceModel[\"id\"]): Record<string, unknown> {\n    let outputs = instanceOutputs.get(instanceId)\n    if (outputs) {\n      return outputs\n    }\n\n    // do not evaluate instance if it has an error, just rethrow it\n    const error = instanceErrors[instanceId]\n    if (error) {\n      // eslint-disable-next-line @typescript-eslint/only-throw-error\n      throw error\n    }\n\n    const instance = allInstancesMap.get(instanceId)\n    if (!instance) {\n      throw new Error(`Instance not found: ${instanceId}`)\n    }\n\n    try {\n      outputs = _evaluateInstance(instance)\n\n      instanceOutputs.set(instanceId, outputs)\n      return outputs\n    } catch (error) {\n      if (instance.kind === \"composite\" || !allInstancesMap.has(instance.id)) {\n        topLevelErrors[instance.id] = errorToString(error)\n      }\n\n      instanceErrors[instanceId] = error\n      throw error\n    }\n  }\n\n  function _evaluateInstance(instance: InstanceModel): Record<string, unknown> {\n    const inputs: Record<string, unknown> = {}\n\n    logger.debug(\"evaluating instance\", { instanceId: instance.id })\n\n    for (const [inputName, input] of Object.entries(resolvedInputs[instance.id] ?? {})) {\n      inputs[inputName] = input.map(input => {\n        const evaluated = evaluateInstance(input.input.instanceId)\n\n        return evaluated[input.input.output]\n      })\n    }\n\n    const component = components[instance.type]\n    if (!component) {\n      throw new Error(`Component not found: ${instance.type}, required by instance: ${instance.id}`)\n    }\n\n    return component({\n      name: instance.name,\n      args: instance.args as Record<string, never>,\n      inputs: inputs as Record<string, never>,\n    })\n  }\n}\n","import type { Logger } from \"pino\"\nimport { type Component, isComponent } from \"@highstate/contract\"\n\nexport async function loadComponents(\n  logger: Logger,\n  modulePaths: string[],\n): Promise<Readonly<Record<string, Component>>> {\n  const modules: Record<string, unknown> = {}\n  for (const modulePath of modulePaths) {\n    try {\n      logger.debug({ modulePath }, \"loading module\")\n      modules[modulePath] = await import(modulePath)\n\n      logger.debug({ modulePath }, \"module loaded\")\n    } catch (err) {\n      logger.error({ modulePath, err }, \"module load failed\")\n    }\n  }\n\n  const components: Record<string, Component> = {}\n\n  await _loadLibrary(modules, components)\n  logger.debug(\"library loaded with %s components\", Object.keys(components).length)\n\n  return components\n}\n\nasync function _loadLibrary(value: unknown, components: Record<string, Component>): Promise<void> {\n  if (isComponent(value)) {\n    components[value.model.type] = value\n    return\n  }\n\n  if (typeof value !== \"object\" || value === null) {\n    return\n  }\n\n  if (\"_zod\" in value) {\n    // this is a zod schema, we can skip it\n    return\n  }\n\n  if (Array.isArray(value)) {\n    for (const item of value) {\n      await _loadLibrary(item, components)\n    }\n\n    return\n  }\n\n  for (const key in value) {\n    await _loadLibrary((value as Record<string, unknown>)[key], components)\n  }\n}\n","import type { WorkerData } from \"./protocol\"\nimport { parentPort, workerData } from \"node:worker_threads\"\nimport { pino } from \"pino\"\nimport { errorToString } from \"../../common\"\nimport { evaluateProject } from \"./evaluator\"\nimport { loadComponents } from \"./loader.lite\"\n\nconst data = workerData as WorkerData\n\nconst logger = pino({ name: \"library-worker\" })\n\ntry {\n  const library = await loadComponents(logger, data.libraryModulePaths)\n  const result = evaluateProject(logger, library, data.allInstances, data.resolvedInputs)\n\n  parentPort?.postMessage(result)\n} catch (error) {\n  logger.error({ error }, \"failed to evaluate project\")\n\n  parentPort?.postMessage({\n    success: false,\n    error: errorToString(error),\n  })\n}\n"]}
+{"version":3,"sources":["../../../src/library/worker/evaluator.ts","../../../src/library/worker/loader.lite.ts","../../../src/library/worker/main.ts"],"names":["logger","error","input"],"mappings":";;;;;;AAWO,SAAS,eAAA,CACdA,OAAAA,EACA,UAAA,EACA,YAAA,EACA,cAAA,EACyB;AACzB,EAAA,MAAM,eAAA,GAAkB,IAAI,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,CAAA,QAAA,KAAY,CAAC,QAAA,CAAS,EAAA,EAAI,QAAQ,CAAC,CAAC,CAAA;AAErF,EAAA,MAAM,iBAA0C,EAAC;AACjD,EAAA,MAAM,iBAAyC,EAAC;AAEhD,EAAA,MAAM,eAAA,uBAAsB,GAAA,EAAqC;AAEjE,EAAA,KAAA,MAAW,YAAY,YAAA,EAAc;AACnC,IAAA,IAAI;AACF,MAAA,gBAAA,CAAiB,SAAS,EAAE,CAAA;AAAA,IAC9B,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,iBAAiB,yBAAA,EAA2B;AAE9C,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,KAAA,CAAM;AAAA,SACf;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,IAAA;AAAA,IAET,kBAAkB,mBAAA,EAAoB,CACnC,IAAI,CAAA,QAAA,KAAY,QAAA,CAAS,QAAQ,CAAA,CAEjC,MAAA,CAAO,CAAA,QAAA,KAAY,QAAA,CAAS,SAAS,WAAA,IAAe,CAAC,gBAAgB,GAAA,CAAI,QAAA,CAAS,EAAE,CAAC,CAAA;AAAA,IAExF;AAAA,GACF;AAEA,EAAA,SAAS,iBAAiB,UAAA,EAA0D;AAClF,IAAA,IAAI,OAAA,GAAU,eAAA,CAAgB,GAAA,CAAI,UAAU,CAAA;AAC5C,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,OAAO,OAAA;AAAA,IACT;AAGA,IAAA,MAAM,KAAA,GAAQ,eAAe,UAAU,CAAA;AACvC,IAAA,IAAI,KAAA,EAAO;AAET,MAAA,MAAM,KAAA;AAAA,IACR;AAEA,IAAA,MAAM,QAAA,GAAW,eAAA,CAAgB,GAAA,CAAI,UAAU,CAAA;AAC/C,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,oBAAA,EAAuB,UAAU,CAAA,CAAE,CAAA;AAAA,IACrD;AAEA,IAAA,IAAI;AACF,MAAA,OAAA,GAAU,kBAAkB,QAAQ,CAAA;AAEpC,MAAA,eAAA,CAAgB,GAAA,CAAI,YAAY,OAAO,CAAA;AACvC,MAAA,OAAO,OAAA;AAAA,IACT,SAASC,MAAAA,EAAO;AACd,MAAA,IAAI,QAAA,CAAS,SAAS,WAAA,IAAe,CAAC,gBAAgB,GAAA,CAAI,QAAA,CAAS,EAAE,CAAA,EAAG;AACtE,QAAA,cAAA,CAAe,QAAA,CAAS,EAAE,CAAA,GAAI,aAAA,CAAcA,MAAK,CAAA;AAAA,MACnD;AAEA,MAAA,cAAA,CAAe,UAAU,CAAA,GAAIA,MAAAA;AAC7B,MAAA,MAAMA,MAAAA;AAAA,IACR;AAAA,EACF;AAEA,EAAA,SAAS,kBAAkB,QAAA,EAAkD;AAC3E,IAAA,MAAM,SAAkC,EAAC;AAEzC,IAAAD,QAAO,KAAA,CAAM,qBAAA,EAAuB,EAAE,UAAA,EAAY,QAAA,CAAS,IAAI,CAAA;AAE/D,IAAA,KAAA,MAAW,CAAC,SAAA,EAAW,KAAK,CAAA,IAAK,MAAA,CAAO,OAAA,CAAQ,cAAA,CAAe,QAAA,CAAS,EAAE,CAAA,IAAK,EAAE,CAAA,EAAG;AAClF,MAAA,MAAA,CAAO,SAAS,CAAA,GAAI,KAAA,CAAM,GAAA,CAAI,CAAAE,MAAAA,KAAS;AACrC,QAAA,MAAM,SAAA,GAAY,gBAAA,CAAiBA,MAAAA,CAAM,KAAA,CAAM,UAAU,CAAA;AAEzD,QAAA,OAAO,SAAA,CAAUA,MAAAA,CAAM,KAAA,CAAM,MAAM,CAAA;AAAA,MACrC,CAAC,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,SAAA,GAAY,UAAA,CAAW,QAAA,CAAS,IAAI,CAAA;AAC1C,IAAA,IAAI,CAAC,SAAA,EAAW;AACd,MAAA,MAAM,IAAI,MAAM,CAAA,qBAAA,EAAwB,QAAA,CAAS,IAAI,CAAA,wBAAA,EAA2B,QAAA,CAAS,EAAE,CAAA,CAAE,CAAA;AAAA,IAC/F;AAEA,IAAA,OAAO,SAAA,CAAU;AAAA,MACf,MAAM,QAAA,CAAS,IAAA;AAAA,MACf,MAAM,QAAA,CAAS,IAAA;AAAA,MACf;AAAA,KACD,CAAA;AAAA,EACH;AACF;ACvGA,eAAsB,cAAA,CACpBF,SACA,WAAA,EAC8C;AAC9C,EAAA,MAAM,UAAmC,EAAC;AAC1C,EAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AACpC,IAAA,IAAI;AACF,MAAAA,OAAAA,CAAO,KAAA,CAAM,EAAE,UAAA,IAAc,gBAAgB,CAAA;AAC7C,MAAA,OAAA,CAAQ,UAAU,CAAA,GAAI,MAAM,OAAO,UAAA,CAAA;AAEnC,MAAAA,OAAAA,CAAO,KAAA,CAAM,EAAE,UAAA,IAAc,eAAe,CAAA;AAAA,IAC9C,SAAS,GAAA,EAAK;AACZ,MAAAA,QAAO,KAAA,CAAM,EAAE,UAAA,EAAY,GAAA,IAAO,oBAAoB,CAAA;AAAA,IACxD;AAAA,EACF;AAEA,EAAA,MAAM,aAAwC,EAAC;AAE/C,EAAA,MAAM,YAAA,CAAa,SAAS,UAAU,CAAA;AACtC,EAAAA,QAAO,KAAA,CAAM,mCAAA,EAAqC,OAAO,IAAA,CAAK,UAAU,EAAE,MAAM,CAAA;AAEhF,EAAA,OAAO,UAAA;AACT;AAEA,eAAe,YAAA,CAAa,OAAgB,UAAA,EAAsD;AAChG,EAAA,IAAI,WAAA,CAAY,KAAK,CAAA,EAAG;AACtB,IAAA,UAAA,CAAW,KAAA,CAAM,KAAA,CAAM,IAAI,CAAA,GAAI,KAAA;AAC/B,IAAA;AAAA,EACF;AAEA,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,KAAU,IAAA,EAAM;AAC/C,IAAA;AAAA,EACF;AAEA,EAAA,IAAI,UAAU,KAAA,EAAO;AAEnB,IAAA;AAAA,EACF;AAEA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AACxB,IAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,MAAA,MAAM,YAAA,CAAa,MAAM,UAAU,CAAA;AAAA,IACrC;AAEA,IAAA;AAAA,EACF;AAEA,EAAA,KAAA,MAAW,OAAO,KAAA,EAAO;AACvB,IAAA,MAAM,YAAA,CAAc,KAAA,CAAkC,GAAG,CAAA,EAAG,UAAU,CAAA;AAAA,EACxE;AACF;;;AC9CA,IAAM,IAAA,GAAO,UAAA;AAEb,IAAM,MAAA,GAAS,IAAA,CAAK,EAAE,IAAA,EAAM,kBAAkB,CAAA;AAE9C,IAAI;AACF,EAAA,MAAM,OAAA,GAAU,MAAM,cAAA,CAAe,MAAA,EAAQ,KAAK,kBAAkB,CAAA;AACpE,EAAA,MAAM,SAAS,eAAA,CAAgB,MAAA,EAAQ,SAAS,IAAA,CAAK,YAAA,EAAc,KAAK,cAAc,CAAA;AAEtF,EAAA,UAAA,EAAY,YAAY,MAAM,CAAA;AAChC,CAAA,CAAA,OAAS,KAAA,EAAO;AACd,EAAA,MAAA,CAAO,KAAA,CAAM,EAAE,KAAA,EAAM,EAAG,4BAA4B,CAAA;AAEpD,EAAA,UAAA,EAAY,WAAA,CAAY;AAAA,IACtB,OAAA,EAAS,KAAA;AAAA,IACT,KAAA,EAAO,cAAc,KAAK;AAAA,GAC3B,CAAA;AACH","file":"main.js","sourcesContent":["import type { Logger } from \"pino\"\nimport type { ResolvedInstanceInput } from \"../../shared\"\nimport type { ProjectEvaluationResult } from \"../abstractions\"\nimport {\n  type Component,\n  getRuntimeInstances,\n  type InstanceModel,\n  InstanceNameConflictError,\n} from \"@highstate/contract\"\nimport { errorToString } from \"../../common\"\n\nexport function evaluateProject(\n  logger: Logger,\n  components: Readonly<Record<string, Component>>,\n  allInstances: InstanceModel[],\n  resolvedInputs: Record<string, Record<string, ResolvedInstanceInput[]>>,\n): ProjectEvaluationResult {\n  const allInstancesMap = new Map(allInstances.map(instance => [instance.id, instance]))\n\n  const instanceErrors: Record<string, unknown> = {}\n  const topLevelErrors: Record<string, string> = {}\n\n  const instanceOutputs = new Map<string, Record<string, unknown>>()\n\n  for (const instance of allInstances) {\n    try {\n      evaluateInstance(instance.id)\n    } catch (error) {\n      if (error instanceof InstanceNameConflictError) {\n        // fail the whole evaluation if there's a name conflict\n        return {\n          success: false,\n          error: error.message,\n        }\n      }\n    }\n  }\n\n  return {\n    success: true,\n\n    virtualInstances: getRuntimeInstances()\n      .map(instance => instance.instance)\n      // only include top-level composite instances and their children\n      .filter(instance => instance.kind === \"composite\" || !allInstancesMap.has(instance.id)),\n\n    topLevelErrors,\n  }\n\n  function evaluateInstance(instanceId: InstanceModel[\"id\"]): Record<string, unknown> {\n    let outputs = instanceOutputs.get(instanceId)\n    if (outputs) {\n      return outputs\n    }\n\n    // do not evaluate instance if it has an error, just rethrow it\n    const error = instanceErrors[instanceId]\n    if (error) {\n      // eslint-disable-next-line @typescript-eslint/only-throw-error\n      throw error\n    }\n\n    const instance = allInstancesMap.get(instanceId)\n    if (!instance) {\n      throw new Error(`Instance not found: ${instanceId}`)\n    }\n\n    try {\n      outputs = _evaluateInstance(instance)\n\n      instanceOutputs.set(instanceId, outputs)\n      return outputs\n    } catch (error) {\n      if (instance.kind === \"composite\" || !allInstancesMap.has(instance.id)) {\n        topLevelErrors[instance.id] = errorToString(error)\n      }\n\n      instanceErrors[instanceId] = error\n      throw error\n    }\n  }\n\n  function _evaluateInstance(instance: InstanceModel): Record<string, unknown> {\n    const inputs: Record<string, unknown> = {}\n\n    logger.debug(\"evaluating instance\", { instanceId: instance.id })\n\n    for (const [inputName, input] of Object.entries(resolvedInputs[instance.id] ?? {})) {\n      inputs[inputName] = input.map(input => {\n        const evaluated = evaluateInstance(input.input.instanceId)\n\n        return evaluated[input.input.output]\n      })\n    }\n\n    const component = components[instance.type]\n    if (!component) {\n      throw new Error(`Component not found: ${instance.type}, required by instance: ${instance.id}`)\n    }\n\n    return component({\n      name: instance.name,\n      args: instance.args as Record<string, never>,\n      inputs: inputs as Record<string, never>,\n    })\n  }\n}\n","import type { Logger } from \"pino\"\nimport { type Component, isComponent } from \"@highstate/contract\"\n\nexport async function loadComponents(\n  logger: Logger,\n  modulePaths: string[],\n): Promise<Readonly<Record<string, Component>>> {\n  const modules: Record<string, unknown> = {}\n  for (const modulePath of modulePaths) {\n    try {\n      logger.debug({ modulePath }, \"loading module\")\n      modules[modulePath] = await import(modulePath)\n\n      logger.debug({ modulePath }, \"module loaded\")\n    } catch (err) {\n      logger.error({ modulePath, err }, \"module load failed\")\n    }\n  }\n\n  const components: Record<string, Component> = {}\n\n  await _loadLibrary(modules, components)\n  logger.debug(\"library loaded with %s components\", Object.keys(components).length)\n\n  return components\n}\n\nasync function _loadLibrary(value: unknown, components: Record<string, Component>): Promise<void> {\n  if (isComponent(value)) {\n    components[value.model.type] = value\n    return\n  }\n\n  if (typeof value !== \"object\" || value === null) {\n    return\n  }\n\n  if (\"_zod\" in value) {\n    // this is a zod schema, we can skip it\n    return\n  }\n\n  if (Array.isArray(value)) {\n    for (const item of value) {\n      await _loadLibrary(item, components)\n    }\n\n    return\n  }\n\n  for (const key in value) {\n    await _loadLibrary((value as Record<string, unknown>)[key], components)\n  }\n}\n","import type { WorkerData } from \"./protocol\"\nimport { parentPort, workerData } from \"node:worker_threads\"\nimport { pino } from \"pino\"\nimport { errorToString } from \"../../common\"\nimport { evaluateProject } from \"./evaluator\"\nimport { loadComponents } from \"./loader.lite\"\n\nconst data = workerData as WorkerData\n\nconst logger = pino({ name: \"library-worker\" })\n\ntry {\n  const library = await loadComponents(logger, data.libraryModulePaths)\n  const result = evaluateProject(logger, library, data.allInstances, data.resolvedInputs)\n\n  parentPort?.postMessage(result)\n} catch (error) {\n  logger.error({ error }, \"failed to evaluate project\")\n\n  parentPort?.postMessage({\n    success: false,\n    error: errorToString(error),\n  })\n}\n"]}

package/dist/shared/index.js

@@ -1,4 +1,4 @@
-export { AccessError, BackendError, CannotDeleteLastUnlockMethodError, GraphResolver, InputHashResolver, InputResolver, InstanceLockLostError, InstanceLockedError, InstanceNotFoundError, InstanceStateNotFoundError, InvalidInstanceKindError, MAX_WORKER_START_ATTEMPTS, OperationNotFoundError, ProjectLockedError, ProjectNotFoundError, PromiseTracker, SystemSecretNames, ValidationResolver, WorkerVersionNotFoundError, apiKeyMetaSchema, apiKeyOutputSchema, apiKeyQuerySchema, applyLibraryUpdate, artifactOutputSchema, artifactQuerySchema, backendUnlockMethodSchema, codebaseLibrary, codebaseProjectModelStorage, collectionQueryResult, collectionQuerySchema, createAsyncBatcher, databaseProjectModelStorage, diffLibraries, extractDigestFromImage, finalInstanceOperationStatuses, finalOperationStatuses, forSchema, getAllDependents, getMatchedInjectionInstanceInputs, getResolvedHubInputs, getResolvedInjectionInstanceInputs, getResolvedInstanceInputs, getResolvedInstanceOutputs, getWorkerIdentity, globalProjectSpace, hasObjectMeta, hostPulumiBackend, instanceCustomStatusInputSchema, instanceLockEventSchema, instanceLockOutputSchema, instanceStateEventSchema, int32ToBytes, isFinalOperationStatus, isInstanceDeployed, isTransientInstanceOperationStatus, isTransientOperationStatus, isVirtualGhostInstance, librarySpecSchema, operationEventSchema, operationInputSchema, operationMetaSchema, operationOptionsSchema, operationOutputSchema, operationPhaseInstanceSchema, operationPhaseSchema, operationPhaseTypeSchema, operationStatusSchema, operationTypeSchema, pageDetailsOutputSchema, pageOutputSchema, pageQuerySchema, projectInputSchema, projectModelEventSchema, projectModelStorageSpecSchema, projectOutputSchema, projectUnlockStateSchema, projectUnlockSuiteSchema, pulumiBackendSpecSchema, resolverFactories, secretOutputSchema, secretQuerySchema, serviceAccountOutputSchema, serviceAccountQuerySchema, terminalDetailsOutputSchema, terminalOutputSchema, terminalQuerySchema, terminalSessionOutputSchema, terminalStatusSchema, toApiKeyOutput, toPageOutput, toSecretOutput, toTerminalDetailsOutput, toTerminalOutput, toTerminalSessionOutput, toWorkerOutput, toWorkerVersionOutput, triggerOutputSchema, triggerQuerySchema, unlockMethodInputSchema, unlockMethodMetaSchema, unlockMethodOutputSchema, unlockMethodType, waitAll, workerOutputSchema, workerQuerySchema, workerUnitRegistrationEventSchema, workerVersionOutputSchema, workerVersionStatusSchema } from '../chunk-5WVU2AK4.js';
+export { AccessError, BackendError, CannotDeleteLastUnlockMethodError, GraphResolver, InputHashResolver, InputResolver, InstanceLockLostError, InstanceLockedError, InstanceNotFoundError, InstanceStateNotFoundError, InvalidInstanceKindError, MAX_WORKER_START_ATTEMPTS, OperationNotFoundError, ProjectLockedError, ProjectNotFoundError, PromiseTracker, SystemSecretNames, ValidationResolver, WorkerVersionNotFoundError, apiKeyMetaSchema, apiKeyOutputSchema, apiKeyQuerySchema, applyLibraryUpdate, artifactOutputSchema, artifactQuerySchema, backendUnlockMethodSchema, codebaseLibrary, codebaseProjectModelStorage, collectionQueryResult, collectionQuerySchema, createAsyncBatcher, databaseProjectModelStorage, diffLibraries, extractDigestFromImage, finalInstanceOperationStatuses, finalOperationStatuses, forSchema, getAllDependents, getMatchedInjectionInstanceInputs, getResolvedHubInputs, getResolvedInjectionInstanceInputs, getResolvedInstanceInputs, getResolvedInstanceOutputs, getWorkerIdentity, globalProjectSpace, hasObjectMeta, hostPulumiBackend, instanceCustomStatusInputSchema, instanceLockEventSchema, instanceLockOutputSchema, instanceStateEventSchema, int32ToBytes, isFinalOperationStatus, isInstanceDeployed, isTransientInstanceOperationStatus, isTransientOperationStatus, isVirtualGhostInstance, librarySpecSchema, operationEventSchema, operationInputSchema, operationMetaSchema, operationOptionsSchema, operationOutputSchema, operationPhaseInstanceSchema, operationPhaseSchema, operationPhaseTypeSchema, operationStatusSchema, operationTypeSchema, pageDetailsOutputSchema, pageOutputSchema, pageQuerySchema, projectInputSchema, projectModelEventSchema, projectModelStorageSpecSchema, projectOutputSchema, projectUnlockStateSchema, projectUnlockSuiteSchema, pulumiBackendSpecSchema, resolverFactories, secretOutputSchema, secretQuerySchema, serviceAccountOutputSchema, serviceAccountQuerySchema, terminalDetailsOutputSchema, terminalOutputSchema, terminalQuerySchema, terminalSessionOutputSchema, terminalStatusSchema, toApiKeyOutput, toPageOutput, toSecretOutput, toTerminalDetailsOutput, toTerminalOutput, toTerminalSessionOutput, toWorkerOutput, toWorkerVersionOutput, triggerOutputSchema, triggerQuerySchema, unlockMethodInputSchema, unlockMethodMetaSchema, unlockMethodOutputSchema, unlockMethodType, waitAll, workerOutputSchema, workerQuerySchema, workerUnitRegistrationEventSchema, workerVersionOutputSchema, workerVersionStatusSchema } from '../chunk-JNUJ4LTX.js';
 import '../chunk-I7BWSAN6.js';
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@highstate/backend",
-  "version": "0.9.19",
+  "version": "0.9.21",
   "type": "module",
   "highstate": {
     "sourceHash": {
@@ -31,7 +31,9 @@
   },
   "scripts": {
     "build": "highstate build",
-    "typecheck": "tsc --noEmit --skipLibCheck",
+    "typecheck": "tsgo --noEmit --skipLibCheck",
+    "biome": "biome check --write --unsafe --error-on-warnings",
+    "biome:check": "biome check --error-on-warnings",
     "test": "vitest --run",
     "generate:project": "yarn prisma generate --schema prisma/project",
     "generate:backend": "yarn prisma generate --schema prisma/backend/postgresql && yarn prisma generate --schema prisma/backend/sqlite",
@@ -39,7 +41,7 @@
   },
   "dependencies": {
     "@aws-crypto/crc32": "^5.2.0",
-    "@highstate/contract": "^0.9.19",
+    "@highstate/contract": "^0.9.21",
     "@msgpack/msgpack": "^3.1.2",
     "@napi-rs/keyring": "^1.1.8",
     "@noble/ciphers": "^1.3.0",
@@ -85,6 +87,8 @@
     }
   },
   "devDependencies": {
+    "@biomejs/biome": "2.2.0",
+    "@typescript/native-preview": "^7.0.0-dev.20250920.1",
     "classic-level": "^3.0.0",
     "highstate-cli-bootstrap": "patch:@highstate/cli@npm%3A0.9.16#~/.yarn/patches/@highstate-cli-npm-0.9.16-e03b564691.patch",
     "pino-pretty": "^13.0.0",
@@ -92,8 +96,7 @@
     "rollup": "^4.28.1",
     "ts-markdown-builder": "^0.4.1",
     "type-fest": "^4.41.0",
-    "typescript": "^5.7.2",
     "vitest": "^3.2.4"
   },
-  "gitHead": "e77d292335556c6e5b6275acda1a3d1609d786a1"
+  "gitHead": "390ff15c0e0076822a682f9d4e19260942a8d6c2"
 }

package/prisma/project/api-key.prisma

@@ -1,3 +1,8 @@
+/// The API key provides authentication tokens for accessing the platform API.
+///
+/// Each API key impersonates a service account, inheriting its permissions and access scope.
+/// Keys are automatically created for worker versions and can be manually created for
+/// external integrations. The token is a 32-byte random hex string that can be regenerated.
 model ApiKey {
     /// The CUIDv2 of the API key.
     id String @id @default(cuid(2))

package/prisma/project/evaluation.prisma

@@ -7,6 +7,16 @@ enum InstanceEvaluationStatus {
     error
 }
 
+/// The evaluation state tracks the result of evaluating composite instances to produce virtual instances.
+///
+/// Composite instances are template components that generate other instances (virtual instances) when evaluated.
+/// The evaluation process executes the composite's create function with resolved inputs to produce a tree
+/// of child instances. These virtual instances exist in the source "virtual" state and can be units
+/// (mapping to Pulumi resources) or other composites (producing more virtual instances recursively).
+///
+/// Evaluation happens automatically after project unlock and library reloads to keep virtual instances
+/// synchronized with their composite definitions. Evaluation state persists the produced instance model
+/// and tracks success/error status with descriptive messages showing the instance tree or error details.
 model InstanceEvaluationState {
     /// The ID of the state of the instance.
     stateId String @id

package/prisma/project/instance.prisma

@@ -1,28 +1,28 @@
 enum InstanceStatus {
     /// The instance is exists in the model (resident or virtual), but not yet deployed or was completely destroyed.
     ///
-    /// "attempted", "deployed" and "failed" instances cannot be transitioned back to "undeployed" after
+    /// "partial", "deployed" and "failed" instances can be transitioned back to "undeployed" after
     /// successful "destroy" operation.
     undeployed
 
-    /// The instance was tryied to be initially deployed.
+    /// The instance is partially deployed (attempted, but not yet successful).
     ///
     /// Normally, this status is very short-lived, and here to indicate that the instance
     /// cannot be safely deleted from the the model until it will be completely destroyed.
-    attempted
+    partial
 
     /// The initial deployment of the instance was successful.
     ///
     /// The transition of "deployed -> failed" is not possible, so consequent failed operations
     /// will not affect this status.
     ///
-    /// Like "attempted", that instance cannot be safely deleted from the model until it will be completely destroyed.
+    /// Like "partial", that instance cannot be safely deleted from the model until it will be completely destroyed.
     deployed
 
     /// The initial deployment of the instance failed.
     /// It can still be transitioned to "deployed" by a successful operation
     ///
-    /// Like "attempted", that instance cannot be safely deleted from the model until it will be completely destroyed.
+    /// Like "partial", that instance cannot be safely deleted from the model until it will be completely destroyed.
     failed
 }
 
@@ -60,21 +60,16 @@ model InstanceState {
     /// The 32-bit nonce used to invalidate the input hash when secrets are updated.
     inputHashNonce Int?
 
-    /// The status fields produced by the last operation.
-    ///
-    /// [InstanceStatusFields]
-    statusFields Json?
-
     /// The calculated instance CRC32 input hash at the moment of last operation completion.
     ///
     /// This hash covers:
     /// - the instance's configuration (name, args, secret hashes);
-    /// - tWorkerVersionponent definition hash;
+    /// - component definition hash;
     /// - the unit's source hash (if applicable);
     /// - the input hashes and output hashes of all input instances.
     inputHash Int?
 
-    /// The CRC32 of the output produced by the instance at the moment of last operation completion.
+    /// The CRC32 of the SHA256 of the output produced by the instance at the moment of last operation completion.
     ///
     /// Does not depend on anything except the instance's output.
     outputHash Int?
@@ -96,12 +91,6 @@ model InstanceState {
     /// [InstanceArtifactIds]
     exportedArtifactIds Json?
 
-    /// The count of Pulumi resources currently managed by this instance.
-    currentResourceCount Int?
-
-    /// The message describing the current state of the instance.
-    message String?
-
     /// The snapshot of the instance model at the moment of last non-preview operation start.
     ///
     /// Null if the instance was never operated on.
@@ -116,6 +105,14 @@ model InstanceState {
     /// [InstanceResolvedInputs]
     resolvedInputs Json?
 
+    /// The count of Pulumi resources currently managed by this instance.
+    currentResourceCount Int?
+
+    /// The status fields produced by the last operation.
+    ///
+    /// [InstanceStatusFields]
+    statusFields Json?
+
     /// The parent instance.
     parent InstanceState? @relation("InstanceHierarchy", fields: [parentId], references: [id])
 

package/prisma/project/page.prisma

@@ -1,3 +1,9 @@
+/// The page provides custom UI content for instances and service accounts.
+///
+/// Pages can be created by units to display instance-specific information or by service accounts.
+/// The content consists of blocks that support markdown text, QR codes with optional content display,
+/// and file attachments (inline or artifact references). Instance pages are explicitly deleted
+/// when instances are destroyed.
 model Page {
     /// The CUIDv2 of the page.
     id String @id @default(cuid(2))
@@ -17,7 +23,9 @@ model Page {
     /// The ID of the service account that owns this page.
     serviceAccountId String?
 
-    /// The content of the page managed by the backend.
+    /// The content of the page as an array of blocks.
+    ///
+    /// Supports markdown, QR codes, and file blocks.
     ///
     /// [PageContent]
     content Json

package/prisma/project/secret.prisma

@@ -1,3 +1,15 @@
+/// The secret stores sensitive configuration values for instances, service accounts, and system components.
+///
+/// Secrets can be instance-owned (for unit configuration), service account-owned, or system-level
+/// (like Pulumi passwords). 
+///
+/// Secrets persist through normal destroy (recreate) operations
+/// and are only deleted when explicitly forgetting instance state with the deleteSecrets flag or when manually deleted.
+///
+/// Secret updates invalidate instance input hashes via inputHashNonce, triggering re-execution
+/// during operations. But the content of the secrets itself do not contribute to the input hash.
+///
+/// System secrets like Pulumi passwords are created on-demand and persist for the whole project lifetime.
 model Secret {
     /// The CUIDv2 of the secret.
     id String @id @default(cuid(2))

package/prisma/project/service-account.prisma

@@ -1,3 +1,9 @@
+/// The service account represents an identity for non-human actors in the system.
+///
+/// Service accounts are automatically created for workers and can be manually created
+/// for external integrations. They define the access scope for resources like artifacts,
+/// secrets, terminals, and pages. Multiple API keys can impersonate the same service account,
+/// allowing different authentication tokens to share the same permissions.
 model ServiceAccount {
     /// The CUIDv2 of the service account.
     id String @id @default(cuid(2))

package/prisma/project/terminal.prisma

@@ -1,11 +1,20 @@
+/// The terminal status indicates whether a terminal can accept new connections.
 enum TerminalStatus {
     /// The terminal is currently active and can create new sessions.
     active
 
-    /// The instance was destroyed and the tertminal is no longer available, but here for historical purposes.
+    /// The instance was destroyed and the terminal is no longer available, but here for historical purposes.
     unavailable
 }
 
+/// The terminal provides interactive shell access to infrastructure resources.
+///
+/// Terminals can be created by units (owned by instances) or by service accounts.
+/// Each terminal maintains a specification for creating containers that power the terminal,
+/// including image, command, environment, and mounted files.
+///
+/// Instance-owned terminals are marked unavailable when the instance is destroyed, preserving session history.
+/// Service account terminals persist independently.
 model Terminal {
     /// The CUIDv2 of the terminal.
     id String @id @default(cuid(2))
@@ -18,7 +27,9 @@ model Terminal {
     /// The status of the terminal.
     status TerminalStatus @default(active)
 
-    /// The specification of the terminal managed by the backend.
+    /// The specification for creating the container that powers this terminal.
+    ///
+    /// Includes image, command, working directory, environment variables, and files.
     ///
     /// [TerminalSpec]
     spec Json
@@ -55,6 +66,9 @@ model Terminal {
     @@unique([stateId, name]) // the name is unique within the instance
 }
 
+/// The terminal session represents a single interactive connection to a terminal.
+///
+/// Each session tracks when it started and finished. All session output is preserved in logs.
 model TerminalSession {
     /// The CUIDv2 of the terminal session.
     id String @id @default(cuid(2))
@@ -75,6 +89,9 @@ model TerminalSession {
     logs TerminalSessionLog[]
 }
 
+/// The terminal session log captures all input and output from a terminal session.
+///
+/// Logs are stored with ULID identifiers for timestamp ordering.
 model TerminalSessionLog {
     /// The ULID of the session log. Also used to extract the timestamp.
     id String @id

package/prisma/project/trigger.prisma

@@ -1,3 +1,9 @@
+/// The trigger defines automated actions that execute in response to specific events.
+///
+/// Triggers are created by units to perform actions at defined points in the instance lifecycle
+/// or on schedule. The spec field determines the trigger type and behavior - currently supporting
+/// before-destroy triggers, with planned support for additional types like cron scheduling.
+/// Triggers are deleted along with their instance.
 model Trigger {
     /// The CUIDv2 of the trigger.
     id String @id @default(cuid(2))
@@ -13,7 +19,7 @@ model Trigger {
     /// The name of the trigger within the instance.
     name String
 
-    /// The specification of the trigger describing its behavior and configuration.
+    /// The specification of the trigger describing its type and behavior.
     ///
     /// [TriggerSpec]
     spec Json

package/prisma/project/unlock-method.prisma

@@ -1,3 +1,4 @@
+/// The unlock method type determines how users authenticate to decrypt project databases.
 enum UnlockMethodType {
     /// The password is used to unlock the project.
     password
@@ -6,6 +7,19 @@ enum UnlockMethodType {
     passkey
 }
 
+/// The unlock method enables decryption of project databases through user authentication.
+///
+/// Each project database is encrypted with a master key, which is then encrypted for each
+/// unlock method's recipient using AGE encryption. Users authenticate (password or passkey)
+/// to decrypt their specific AGE identity, which then decrypts the master key.
+///
+/// Multiple unlock methods can exist per project, allowing different authentication paths
+/// to the same encrypted database. When unlock methods are added/removed, the master key
+/// is re-encrypted for the new set of recipients.
+///
+/// The encryptedIdentity contains the AGE identity encrypted with the user's authentication
+/// method (password-derived key or WebAuthn), while the recipient is the public key
+/// corresponding to that identity.
 model UnlockMethod {
     /// The CUIDv2 of the unlock method.
     id String @id @default(cuid(2))

package/prisma/project/worker.prisma

@@ -1,8 +1,18 @@
+/// The worker represents a containerized application that extends unit capabilities beyond Pulumi execution.
+///
+/// Workers enable units to perform runtime operations after Pulumi program completion,
+/// such as attaching custom statuses, monitoring resources, or triggering unit reconfigurations.
+/// Since Pulumi programs cannot affect instances after execution, workers bypass this limitation
+/// by providing persistent runtime behavior.
+///
+/// The worker identity (fully qualified image name) indicates the same publisher/party and services as natural authentication mechanism.
+/// All versions of a worker share the same service account, meaning they operate over
+/// the same resources and have the same access scope within the platform.
 model Worker {
     /// The CUIDv2 of the worker.
     id String @id @default(cuid(2))
 
-    /// The ID of the worker.
+    /// The identity of the worker derived from the container image.
     ///
     /// This is the fully qualified image name without the tag or digest.
     /// The format is `{<registry>/}[<namespace>/]<name>`.
@@ -43,6 +53,15 @@ enum WorkerVersionStatus {
     error
 }
 
+/// The worker version represents a specific container image digest of a worker.
+///
+/// Each version corresponds to an immutable container image identified by its SHA256 digest.
+/// Versions are automatically created when units reference new image digests and deleted
+/// when no longer referenced by any unit registrations.
+///
+/// Each version has its own API key for isolation, but all versions of a worker
+/// share the same service account and thus the same access scope within the platform.
+/// The runtime starts containers when registrations exist and stops them when removed.
 model WorkerVersion {
     /// The CUIDv2 of the worker version.
     id String @id @default(cuid(2))
@@ -90,11 +109,19 @@ model WorkerVersion {
     logs WorkerVersionLog[]
 }
 
+/// The worker unit registration tracks which unit instances require specific worker versions.
+///
+/// Units declare worker dependencies through their outputs, creating registrations that
+/// trigger the runtime to start corresponding worker containers. Each registration
+/// includes parameters passed to the worker for unit-specific configuration.
+///
+/// Registrations are managed during operation execution - created when units declare workers
+/// and removed when units are destroyed. Worker versions without registrations are garbage collected.
 model WorkerUnitRegistration {
     /// The ID of the state of the unit instance requesting the registration.
     stateId String
 
-    /// The name of the workor within the instance.
+    /// The name of the worker within the instance.
     name String
 
     /// The parameters of the registration passed by the unit.
@@ -120,6 +147,10 @@ model WorkerUnitRegistration {
     @@id([stateId, name]) // the registration is identified by the instance and name
 }
 
+/// The worker version log captures output from running worker containers.
+///
+/// Logs include both worker-generated output and system messages from the runtime.
+/// The ULID identifier provides timestamp ordering. Logs are deleted with the worker version.
 model WorkerVersionLog {
     /// The ULID of the worker log. Also used to extract the timestamp.
     id String @id @default(ulid())
@@ -129,7 +160,7 @@ model WorkerVersionLog {
 
     /// The log content.
     content String
-    
+
     /// Whether this log is a system/runtime message (vs worker output).
     isSystem Boolean @default(false)
 

package/src/artifact/index.ts

@@ -1,3 +1,3 @@
+export * from "../business/artifact"
 export * from "./abstractions"
 export * from "./factory"
-export * from "../business/artifact"

package/src/business/evaluation.ts

@@ -164,7 +164,6 @@ export class ProjectEvaluationSubsystem {
       // 2. convert EvaluatedInstance[] to InstanceEvaluationStateUncheckedCreateInput[]
       const states: InstanceEvaluationStateUncheckedCreateInput[] = evaluatedInstances.map(ei => {
         return {
-          // biome-ignore lint/style/noNonNullAssertion: we ensure this is always set
           stateId: instanceIdToStateMap.get(ei.instanceId)!.id,
           status: ei.status,
           message: ei.message,

package/src/business/secret.test.ts

@@ -186,7 +186,7 @@ describe("updateInstanceSecrets", () => {
   )
 
   secretTest(
-    "deletes all secrets when called with empty object",
+    "preserves existing secrets when called with empty object",
     async ({ secretService, projectDatabase, project, createInstanceState, expect }) => {
       // arrange
       const instance = await createInstanceState(project.id)
@@ -218,12 +218,12 @@ describe("updateInstanceSecrets", () => {
       const secrets = await projectDatabase.secret.findMany({
         where: { stateId: instance.id },
       })
-      expect(secrets).toHaveLength(0)
+      expect(secrets).toHaveLength(2)
     },
   )
 
   secretTest(
-    "handles mixed create, update, and delete operations",
+    "handles mixed create and update operations while preserving existing secrets",
     async ({ secretService, projectDatabase, project, createInstanceState, expect }) => {
       // arrange
       const instance = await createInstanceState(project.id)
@@ -241,9 +241,9 @@ describe("updateInstanceSecrets", () => {
           {
             id: createId(),
             stateId: instance.id,
-            name: "to-delete",
-            meta: { title: "To Delete" },
-            content: "delete-me",
+            name: "to-preserve",
+            meta: { title: "To Preserve" },
+            content: "preserve-me",
           },
         ],
       })
@@ -261,7 +261,7 @@ describe("updateInstanceSecrets", () => {
         where: { stateId: instance.id },
         orderBy: { name: "asc" },
       })
-      expect(secrets).toHaveLength(2)
+      expect(secrets).toHaveLength(3)
 
       expect(secrets[0].name).toBe("existing-key")
       expect(secrets[0].content).toBe("updated-value")
@@ -278,6 +278,10 @@ describe("updateInstanceSecrets", () => {
         description: "Newly generated access token for service authentication",
         icon: "mdi:shield-key",
       })
+
+      expect(secrets[2].name).toBe("to-preserve")
+      expect(secrets[2].content).toBe("preserve-me")
+      expect(secrets[2].meta).toEqual({ title: "To Preserve" })
     },
   )
 

package/src/business/secret.ts

@@ -3,7 +3,7 @@ import type { DatabaseManager, ProjectTransaction } from "../database"
 import type { LibraryBackend } from "../library"
 import type { PubSubManager } from "../pubsub"
 import { randomBytes } from "node:crypto"
-import { isUnitModel, parseInstanceId, type CommonObjectMeta } from "@highstate/contract"
+import { type CommonObjectMeta, isUnitModel, parseInstanceId } from "@highstate/contract"
 import {
   InstanceStateNotFoundError,
   InvalidInstanceKindError,
@@ -26,7 +26,7 @@ export class SecretService {
    * @param tx The database transaction to use.
    * @param libraryId The ID of the library containing the component.
    * @param stateId The ID of the instance state.
-   * @param secretValues The secrets to create or update. Missing secrets will be deleted.
+   * @param secretValues The secrets to create or update. Existing secrets not in this update are preserved.
    * @returns The list of secret names that were updated or created.
    */
   async updateInstanceSecretsCore(
@@ -97,25 +97,16 @@ export class SecretService {
       })
     }
 
-    // delete secrets that are no longer provided
-    const providedSecretNames = Object.keys(secretValues)
-    await tx.secret.deleteMany({
-      where: {
-        stateId,
-        name: { notIn: providedSecretNames },
-      },
-    })
-
     return Object.keys(secretValues)
   }
 
   /**
-   * Updates secrets for a specific instance, handling both creation/updates and deletions.
+   * Updates secrets for a specific instance, handling creation and updates.
    * Only works with unit instances.
    *
    * @param projectId The project ID containing the instance.
    * @param stateId The ID of the instance state.
-   * @param secretValues The secrets to create or update. Missing secrets will be deleted.
+   * @param secretValues The secrets to create or update. Existing secrets not in this update are preserved.
    */
   async updateInstanceSecrets(
     projectId: string,

package/src/library/package-resolution-worker.ts

@@ -1,7 +1,7 @@
-import { parentPort, workerData } from "node:worker_threads"
-import { dirname } from "node:path"
-import { findPackageJSON } from "node:module"
 import { realpath } from "node:fs/promises"
+import { findPackageJSON } from "node:module"
+import { dirname } from "node:path"
+import { parentPort, workerData } from "node:worker_threads"
 import pino, { type Level } from "pino"
 
 export type PackageResolutionWorkerData = {

package/src/library/worker/evaluator.ts

@@ -1,11 +1,11 @@
 import type { Logger } from "pino"
-import type { ProjectEvaluationResult } from "../abstractions"
 import type { ResolvedInstanceInput } from "../../shared"
+import type { ProjectEvaluationResult } from "../abstractions"
 import {
-  getRuntimeInstances,
-  InstanceNameConflictError,
   type Component,
+  getRuntimeInstances,
   type InstanceModel,
+  InstanceNameConflictError,
 } from "@highstate/contract"
 import { errorToString } from "../../common"
 

package/src/lock/memory.ts

@@ -1,5 +1,5 @@
-import type { LockBackend } from "./abstractions"
 import type { BetterLock as BetterLockType } from "better-lock/dist/better_lock"
+import type { LockBackend } from "./abstractions"
 import { BetterLock } from "better-lock"
 
 export class MemoryLockBackend implements LockBackend {