@hot-updater/cloudflare 0.30.12 → 0.31.1

package/src/d1Database.ts

@@ -1,6 +1,10 @@
 import {
   DEFAULT_ROLLOUT_COHORT_COUNT,
-  type SnakeCaseBundle,
+  getAssetBaseStorageUri,
+  getBundlePatches,
+  getManifestFileHash,
+  getManifestStorageUri,
+  stripBundleArtifactMetadata,
 } from "@hot-updater/core";
 import type {
   Bundle,
@@ -30,6 +34,36 @@ interface BuildQueryResult {
   params: any[];
 }
 
+interface D1BundleRow {
+  id: string;
+  channel: string;
+  enabled: number | boolean;
+  should_force_update: number | boolean;
+  file_hash: string;
+  git_commit_hash: string | null;
+  message: string | null;
+  platform: "ios" | "android";
+  target_app_version: string | null;
+  storage_uri: string;
+  fingerprint_hash: string | null;
+  metadata: unknown;
+  manifest_storage_uri?: string | null;
+  manifest_file_hash?: string | null;
+  asset_base_storage_uri?: string | null;
+  rollout_cohort_count: number | null;
+  target_cohorts: string | null;
+}
+
+interface D1BundlePatchRow {
+  id: string;
+  bundle_id: string;
+  base_bundle_id: string;
+  base_file_hash: string;
+  patch_file_hash: string;
+  patch_storage_uri: string;
+  order_index: number | null;
+}
+
 async function resolvePage<T>(singlePage: any): Promise<T[]> {
   const results: T[] = [];
   for await (const page of singlePage.iterPages()) {
@@ -152,8 +186,54 @@ function parseTargetCohorts(value: unknown): string[] | null {
   return null;
 }
 
-// Helper function to transform snake_case row to Bundle
-function transformRowToBundle(row: SnakeCaseBundle): Bundle {
+const parseMetadata = (value: unknown): Bundle["metadata"] => {
+  if (!value) return undefined;
+  if (typeof value === "string") {
+    try {
+      return parseMetadata(JSON.parse(value) as unknown);
+    } catch {
+      return undefined;
+    }
+  }
+  return typeof value === "object" && !Array.isArray(value)
+    ? (value as Bundle["metadata"])
+    : undefined;
+};
+
+const buildBundlePatchId = (bundleId: string, baseBundleId: string) =>
+  `${bundleId}:${baseBundleId}`;
+
+const bundleToPatchRows = (bundle: Bundle): D1BundlePatchRow[] =>
+  getBundlePatches(bundle).map((patch, index) => ({
+    id: buildBundlePatchId(bundle.id, patch.baseBundleId),
+    bundle_id: bundle.id,
+    base_bundle_id: patch.baseBundleId,
+    base_file_hash: patch.baseFileHash,
+    patch_file_hash: patch.patchFileHash,
+    patch_storage_uri: patch.patchStorageUri,
+    order_index: index,
+  }));
+
+function transformRowToBundle(
+  row: D1BundleRow,
+  patchRows: D1BundlePatchRow[] = [],
+): Bundle {
+  const rawMetadata = parseMetadata(row.metadata);
+  const patches = patchRows
+    .slice()
+    .sort(
+      (left, right) =>
+        (left.order_index ?? 0) - (right.order_index ?? 0) ||
+        left.base_bundle_id.localeCompare(right.base_bundle_id),
+    )
+    .map((patch) => ({
+      baseBundleId: patch.base_bundle_id,
+      baseFileHash: patch.base_file_hash,
+      patchFileHash: patch.patch_file_hash,
+      patchStorageUri: patch.patch_storage_uri,
+    }));
+  const primaryPatch = patches[0] ?? null;
+
   return {
     id: row.id,
     channel: row.channel,
@@ -166,7 +246,15 @@ function transformRowToBundle(row: SnakeCaseBundle): Bundle {
     targetAppVersion: row.target_app_version,
     storageUri: row.storage_uri,
     fingerprintHash: row.fingerprint_hash,
-    metadata: row?.metadata ? JSON.parse(row?.metadata as string) : {},
+    metadata: stripBundleArtifactMetadata(rawMetadata),
+    manifestStorageUri: row.manifest_storage_uri ?? null,
+    manifestFileHash: row.manifest_file_hash ?? null,
+    assetBaseStorageUri: row.asset_base_storage_uri ?? null,
+    patches,
+    patchBaseBundleId: primaryPatch?.baseBundleId ?? null,
+    patchBaseFileHash: primaryPatch?.baseFileHash ?? null,
+    patchFileHash: primaryPatch?.patchFileHash ?? null,
+    patchStorageUri: primaryPatch?.patchStorageUri ?? null,
     rolloutCohortCount:
       (row.rollout_cohort_count as number | null) ??
       DEFAULT_ROLLOUT_COHORT_COUNT,
@@ -180,6 +268,36 @@ export const d1Database = createDatabasePlugin<D1DatabaseConfig>({
     const cf = new Cloudflare({
       apiToken: config.cloudflareApiToken,
     });
+    const getPatchMap = async (bundleIds: string[]) => {
+      const patchMap = new Map<string, D1BundlePatchRow[]>();
+
+      if (bundleIds.length === 0) {
+        return patchMap;
+      }
+
+      const placeholders = bundleIds.map(() => "?").join(", ");
+      const sql = minify(`
+        SELECT *
+        FROM bundle_patches
+        WHERE bundle_id IN (${placeholders})
+        ORDER BY order_index ASC, base_bundle_id ASC
+      `);
+
+      const result = await cf.d1.database.query(config.databaseId, {
+        account_id: config.accountId,
+        sql,
+        params: bundleIds,
+      });
+      const rows = await resolvePage<D1BundlePatchRow>(result);
+
+      for (const row of rows) {
+        const current = patchMap.get(row.bundle_id) ?? [];
+        current.push(row);
+        patchMap.set(row.bundle_id, current);
+      }
+
+      return patchMap;
+    };
 
     // Helper function to get total count
     async function getTotalCount(conditions: QueryConditions): Promise<number> {
@@ -227,8 +345,9 @@ export const d1Database = createDatabasePlugin<D1DatabaseConfig>({
         params,
       });
 
-      const rows = await resolvePage<SnakeCaseBundle>(result);
-      return rows.map(transformRowToBundle);
+      const rows = await resolvePage<D1BundleRow>(result);
+      const patchMap = await getPatchMap(rows.map((row) => row.id));
+      return rows.map((row) => transformRowToBundle(row, patchMap.get(row.id)));
     }
 
     async function queryBundlesForUpdateInfo(
@@ -246,8 +365,9 @@ export const d1Database = createDatabasePlugin<D1DatabaseConfig>({
         params,
       });
 
-      const rows = await resolvePage<SnakeCaseBundle>(result);
-      return rows.map(transformRowToBundle);
+      const rows = await resolvePage<D1BundleRow>(result);
+      const patchMap = await getPatchMap(rows.map((row) => row.id));
+      return rows.map((row) => transformRowToBundle(row, patchMap.get(row.id)));
     }
 
     async function getTargetAppVersionsForUpdateInfo({
@@ -318,19 +438,22 @@ export const d1Database = createDatabasePlugin<D1DatabaseConfig>({
       async getBundleById(bundleId) {
         const sql = minify(/* sql */ `
           SELECT * FROM bundles WHERE id = ? LIMIT 1`);
-        const singlePage = await cf.d1.database.query(config.databaseId, {
-          account_id: config.accountId,
-          sql,
-          params: [bundleId],
-        });
+        const [singlePage, patchMap] = await Promise.all([
+          cf.d1.database.query(config.databaseId, {
+            account_id: config.accountId,
+            sql,
+            params: [bundleId],
+          }),
+          getPatchMap([bundleId]),
+        ]);
 
-        const rows = await resolvePage<SnakeCaseBundle>(singlePage);
+        const rows = await resolvePage<D1BundleRow>(singlePage);
 
         if (rows.length === 0) {
           return null;
         }
 
-        return transformRowToBundle(rows[0]);
+        return transformRowToBundle(rows[0], patchMap.get(bundleId));
       },
 
       async getBundles(options) {
@@ -388,6 +511,24 @@ export const d1Database = createDatabasePlugin<D1DatabaseConfig>({
               DELETE FROM bundles WHERE id = ?
             `);
 
+            const deletePatchSql = minify(/* sql */ `
+              DELETE FROM bundle_patches WHERE bundle_id = ?
+            `);
+            await cf.d1.database.query(config.databaseId, {
+              account_id: config.accountId,
+              sql: deletePatchSql,
+              params: [op.data.id],
+            });
+
+            const deleteBasePatchSql = minify(/* sql */ `
+              DELETE FROM bundle_patches WHERE base_bundle_id = ?
+            `);
+            await cf.d1.database.query(config.databaseId, {
+              account_id: config.accountId,
+              sql: deleteBasePatchSql,
+              params: [op.data.id],
+            });
+
             await cf.d1.database.query(config.databaseId, {
               account_id: config.accountId,
               sql: deleteSql,
@@ -410,10 +551,13 @@ export const d1Database = createDatabasePlugin<D1DatabaseConfig>({
                 storage_uri,
                 fingerprint_hash,
                 metadata,
+                manifest_storage_uri,
+                manifest_file_hash,
+                asset_base_storage_uri,
                 rollout_cohort_count,
                 target_cohorts
               )
-              VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+              VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
             `);
 
             const params = [
@@ -428,9 +572,12 @@ export const d1Database = createDatabasePlugin<D1DatabaseConfig>({
               bundle.targetAppVersion,
               bundle.storageUri,
               bundle.fingerprintHash,
-              bundle.metadata
-                ? JSON.stringify(bundle.metadata)
-                : JSON.stringify({}),
+              JSON.stringify(
+                stripBundleArtifactMetadata(bundle.metadata) ?? {},
+              ),
+              getManifestStorageUri(bundle),
+              getManifestFileHash(bundle),
+              getAssetBaseStorageUri(bundle),
               bundle.rolloutCohortCount ?? DEFAULT_ROLLOUT_COHORT_COUNT,
               bundle.targetCohorts
                 ? JSON.stringify(bundle.targetCohorts)
@@ -442,6 +589,46 @@ export const d1Database = createDatabasePlugin<D1DatabaseConfig>({
               sql: upsertSql,
               params: params as string[],
             });
+
+            await cf.d1.database.query(config.databaseId, {
+              account_id: config.accountId,
+              sql: minify(`
+                DELETE FROM bundle_patches WHERE bundle_id = ?
+              `),
+              params: [bundle.id],
+            });
+
+            const patchRows = bundleToPatchRows(bundle);
+            if (patchRows.length > 0) {
+              const patchInsertSql = minify(`
+                INSERT OR REPLACE INTO bundle_patches (
+                  id,
+                  bundle_id,
+                  base_bundle_id,
+                  base_file_hash,
+                  patch_file_hash,
+                  patch_storage_uri,
+                  order_index
+                )
+                VALUES (?, ?, ?, ?, ?, ?, ?)
+              `);
+
+              for (const patchRow of patchRows) {
+                await cf.d1.database.query(config.databaseId, {
+                  account_id: config.accountId,
+                  sql: patchInsertSql,
+                  params: [
+                    patchRow.id,
+                    patchRow.bundle_id,
+                    patchRow.base_bundle_id,
+                    patchRow.base_file_hash,
+                    patchRow.patch_file_hash,
+                    patchRow.patch_storage_uri,
+                    String(patchRow.order_index ?? 0),
+                  ],
+                });
+              }
+            }
           }
         }
       },

package/src/r2Storage.spec.ts

@@ -0,0 +1,85 @@
+import fs from "fs/promises";
+
+import { beforeEach, describe, expect, it, vi } from "vitest";
+
+import { r2Storage } from "./r2Storage";
+
+const { wrangler } = vi.hoisted(() => ({
+  wrangler: vi.fn(),
+}));
+
+vi.mock("./utils/createWrangler", () => ({
+  createWrangler: vi.fn(() => wrangler),
+}));
+
+describe("r2Storage", () => {
+  beforeEach(() => {
+    wrangler.mockReset();
+  });
+
+  it("downloads R2 objects with wrangler to the given file path", async () => {
+    wrangler.mockImplementation(async (...args: string[]) => {
+      const fileIndex = args.indexOf("--file");
+      const downloadPath = args[fileIndex + 1];
+
+      await fs.writeFile(
+        downloadPath,
+        JSON.stringify({
+          bundleId: "bundle-1",
+          assets: {},
+        }),
+      );
+
+      return {
+        exitCode: 0,
+        stderr: "",
+      };
+    });
+
+    const storage = r2Storage({
+      accountId: "account-id",
+      bucketName: "test-bucket",
+      cloudflareApiToken: "api-token",
+    })();
+
+    const downloadPath = "/tmp/hot-updater-test-manifest.json";
+    await fs.rm(downloadPath, { force: true });
+
+    await storage.profiles.node.downloadFile(
+      "r2://test-bucket/releases/bundle-1/manifest.json",
+      downloadPath,
+    );
+
+    expect(JSON.parse(await fs.readFile(downloadPath, "utf8"))).toEqual({
+      bundleId: "bundle-1",
+      assets: {},
+    });
+    expect(wrangler).toHaveBeenCalledWith(
+      "r2",
+      "object",
+      "get",
+      "test-bucket/releases/bundle-1/manifest.json",
+      "--file",
+      downloadPath,
+      "--remote",
+    );
+  });
+
+  it("rejects downloads from a different bucket", async () => {
+    const storage = r2Storage({
+      accountId: "account-id",
+      bucketName: "test-bucket",
+      cloudflareApiToken: "api-token",
+    })();
+
+    await expect(
+      storage.profiles.node.downloadFile(
+        "r2://other-bucket/releases/bundle-1/manifest.json",
+        "/tmp/hot-updater-test-manifest.json",
+      ),
+    ).rejects.toThrow(
+      'Bucket name mismatch: expected "test-bucket", but found "other-bucket".',
+    );
+    expect(wrangler).not.toHaveBeenCalled();
+  });
+});

package/src/r2Storage.ts

@@ -1,8 +1,9 @@
-import path from "path";
+import fs from "node:fs/promises";
+import path from "node:path";
 
 import {
   createStorageKeyBuilder,
-  createStoragePlugin,
+  createNodeStoragePlugin,
   getContentType,
   parseStorageUri,
 } from "@hot-updater/plugin-core";
@@ -22,28 +23,8 @@ export interface R2StorageConfig {
 
 /**
  * Cloudflare R2 storage plugin for Hot Updater.
- *
- * Note: This plugin does not support `getDownloadUrl()`.
- * If you need download URL generation, use `s3Storage` from `@hot-updater/aws` instead,
- * which is fully compatible with Cloudflare R2.
- *
- * @example
- * ```typescript
- * // Using s3Storage with Cloudflare R2 for download URL support
- * import { s3Storage } from "@hot-updater/aws";
- *
- * s3Storage({
- *   region: "auto",
- *   endpoint: "https://YOUR_ACCOUNT_ID.r2.cloudflarestorage.com",
- *   credentials: {
- *     accessKeyId: "YOUR_ACCESS_KEY_ID",
- *     secretAccessKey: "YOUR_SECRET_ACCESS_KEY",
- *   },
- *   bucketName: "YOUR_BUCKET_NAME",
- * })
- * ```
  */
-export const r2Storage = createStoragePlugin<R2StorageConfig>({
+export const r2Storage = createNodeStoragePlugin<R2StorageConfig>({
   name: "r2Storage",
   supportedProtocol: "r2",
   factory: (config) => {
@@ -110,20 +91,35 @@ export const r2Storage = createStoragePlugin<R2StorageConfig>({
           storageUri: `r2://${bucketName}/${Key}`,
         };
       },
-      async getDownloadUrl() {
-        throw new Error(
-          "`r2Storage` does not support `getDownloadUrl()`. Use `s3Storage` from `@hot-updater/aws` instead (compatible with Cloudflare R2).\n\n" +
-            "Example:\n" +
-            "s3Storage({\n" +
-            "  region: 'auto',\n" +
-            "  endpoint: 'https://YOUR_ACCOUNT_ID.r2.cloudflarestorage.com',\n" +
-            "  credentials: {\n" +
-            "    accessKeyId: 'YOUR_ACCESS_KEY_ID',\n" +
-            "    secretAccessKey: 'YOUR_SECRET_ACCESS_KEY',\n" +
-            "  },\n" +
-            "  bucketName: 'YOUR_BUCKET_NAME',\n" +
-            "})",
-        );
+      async downloadFile(storageUri, filePath) {
+        const { bucket, key } = parseStorageUri(storageUri, "r2");
+        if (bucket !== bucketName) {
+          throw new Error(
+            `Bucket name mismatch: expected "${bucketName}", but found "${bucket}".`,
+          );
+        }
+
+        try {
+          await fs.mkdir(path.dirname(filePath), { recursive: true });
+          const { stderr, exitCode } = await wrangler(
+            "r2",
+            "object",
+            "get",
+            [bucketName, key].join("/"),
+            "--file",
+            filePath,
+            "--remote",
+          );
+          if (exitCode !== 0 && stderr) {
+            throw new Error(stderr);
+          }
+        } catch (error) {
+          if (error instanceof ExecaError) {
+            throw new Error(error.stderr || error.stdout);
+          }
+
+          throw error;
+        }
       },
     };
   },

package/src/r2WorkerStorage.spec.ts

@@ -0,0 +1,50 @@
+import type { RequestEnvContext } from "@hot-updater/plugin-core";
+import { describe, expect, it, vi } from "vitest";
+
+import {
+  type CloudflareWorkerStorageEnv,
+  r2WorkerStorage,
+} from "./r2WorkerStorage";
+
+type TestContext = RequestEnvContext<CloudflareWorkerStorageEnv>;
+
+describe("r2WorkerStorage", () => {
+  it("reads manifest text directly from the R2 binding", async () => {
+    const get = vi.fn(async (key: string) => ({
+      text: async () => `text:${key}`,
+    }));
+    const storage = r2WorkerStorage({
+      jwtSecret: "secret",
+      publicBaseUrl: "https://assets.example.com",
+    })();
+
+    await expect(
+      storage.profiles.runtime.readText("r2://bundles/app/manifest.json", {
+        env: {
+          BUCKET: { get },
+          JWT_SECRET: "secret",
+        },
+        request: new Request("https://updates.example.com"),
+      } satisfies TestContext),
+    ).resolves.toBe("text:app/manifest.json");
+    expect(get).toHaveBeenCalledWith("app/manifest.json");
+  });
+
+  it("fails fast when the R2 binding is missing", async () => {
+    const storage = r2WorkerStorage({
+      jwtSecret: "secret",
+      publicBaseUrl: "https://assets.example.com",
+    })();
+
+    await expect(
+      storage.profiles.runtime.readText("r2://bundles/app/manifest.json", {
+        env: {
+          JWT_SECRET: "secret",
+        },
+        request: new Request("https://updates.example.com"),
+      } as TestContext),
+    ).rejects.toThrow(
+      "r2WorkerStorage requires env.BUCKET in the hot updater context.",
+    );
+  });
+});

package/src/r2WorkerStorage.ts

@@ -1,12 +1,15 @@
 import { signToken } from "@hot-updater/js";
-import type {
-  HotUpdaterContext,
-  RequestEnvContext,
-  StoragePlugin,
+import {
+  createRuntimeStoragePlugin,
+  type HotUpdaterContext,
+  type RequestEnvContext,
 } from "@hot-updater/plugin-core";
 
 export interface CloudflareWorkerStorageEnv {
   JWT_SECRET: string;
+  BUCKET: {
+    get: (key: string) => Promise<{ text: () => Promise<string> } | null>;
+  };
 }
 
 type ContextResolver<TContext, TValue> = (
@@ -43,25 +46,54 @@ const resolveJwtSecretFromContext = (
   return jwtSecret;
 };
 
+const resolveR2BucketFromContext = (
+  context?: RequestEnvContext<CloudflareWorkerStorageEnv>,
+) => {
+  const bucket = context?.env?.BUCKET;
+
+  if (!bucket) {
+    throw new Error(
+      "r2WorkerStorage requires env.BUCKET in the hot updater context.",
+    );
+  }
+
+  return bucket;
+};
+
+const createPublicObjectPath = (storageUrl: URL) =>
+  `${storageUrl.host}${storageUrl.pathname}`;
+
+const createR2ObjectKey = (storageUrl: URL) =>
+  storageUrl.pathname.replace(/^\/+/, "");
+
 export const r2WorkerStorage = <
   TContext extends RequestEnvContext<CloudflareWorkerStorageEnv> =
     RequestEnvContext<CloudflareWorkerStorageEnv>,
 >(
   config: CloudflareWorkerStorageConfig<TContext>,
 ) => {
-  return (): StoragePlugin<TContext> => {
-    return {
-      name: "r2WorkerStorage",
-      supportedProtocol: "r2",
-      async upload() {
-        throw new Error(
-          "r2WorkerStorage does not support upload() in the worker runtime.",
-        );
-      },
-      async delete() {
-        throw new Error(
-          "r2WorkerStorage does not support delete() in the worker runtime.",
-        );
+  return createRuntimeStoragePlugin<
+    CloudflareWorkerStorageConfig<TContext>,
+    TContext
+  >({
+    name: "r2WorkerStorage",
+    supportedProtocol: "r2",
+    factory: (config) => ({
+      async readText(storageUri, context) {
+        const storageUrl = new URL(storageUri);
+
+        if (storageUrl.protocol !== "r2:") {
+          throw new Error("Invalid R2 storage URI protocol");
+        }
+
+        const bucket = resolveR2BucketFromContext(context);
+        const key = createR2ObjectKey(storageUrl);
+        const object = await bucket.get(key);
+        if (!object) {
+          return null;
+        }
+
+        return object.text();
       },
       async getDownloadUrl(storageUri, context) {
         const storageUrl = new URL(storageUri);
@@ -70,7 +102,7 @@ export const r2WorkerStorage = <
           throw new Error("Invalid R2 storage URI protocol");
         }
 
-        const key = `${storageUrl.host}${storageUrl.pathname}`;
+        const key = createPublicObjectPath(storageUrl);
         const [jwtSecret, publicBaseUrl] = await Promise.all([
           resolveContextValue(
             config.jwtSecret ?? resolveJwtSecretFromContext,
@@ -89,6 +121,6 @@ export const r2WorkerStorage = <
           fileUrl: url.toString(),
         };
       },
-    };
-  };
+    }),
+  })(config);
 };

package/worker/dist/README.md

@@ -1 +1 @@
-This folder contains the built output assets for the worker "hot-updater" generated at 2026-05-15T15:32:08.967Z.
+This folder contains the built output assets for the worker "hot-updater" generated at 2026-05-16T10:12:39.005Z.