@lunora/do 0.0.0 → 1.0.0-alpha.1

package/dist/packem_shared/ReactiveCache-ByVzgH3d.mjs

@@ -0,0 +1,259 @@
+import { depKey, SCAN_DEP } from './SCAN_DEP-DLJF8dsj.mjs';
+
+const compareKeys = (a, b) => {
+  if (a < b) {
+    return -1;
+  }
+  return a > b ? 1 : 0;
+};
+const DEFAULT_MAX_ENTRIES = 1e3;
+const DEFAULT_MAX_BYTES = 4 * 1024 * 1024;
+const estimateBytes = (value) => {
+  if (value === void 0 || value === null) {
+    return 0;
+  }
+  try {
+    return JSON.stringify(value).length;
+  } catch {
+    return DEFAULT_MAX_BYTES;
+  }
+};
+class ReactiveCache {
+  /** key -> entry. Map insertion order doubles as LRU order. */
+  entries = /* @__PURE__ */ new Map();
+  /** `table:id` (or `table:*scan`) -> set of cache keys that depend on it. */
+  tableIndex = /* @__PURE__ */ new Map();
+  /** Cumulative byte charge across `entries`. Tracked incrementally. */
+  totalBytes = 0;
+  /** Lifetime cache-hit count, surfaced via `stats()`. */
+  hits = 0;
+  /** Lifetime cache-miss count (callback ran), surfaced via `stats()`. */
+  misses = 0;
+  /** Lifetime count of entries dropped by the LRU evictor. */
+  evictions = 0;
+  maxEntries;
+  maxBytes;
+  now;
+  /**
+   * Monotonic counter — used as the default clock so `lastUsed` strictly
+   * orders calls even when they land in the same wall-clock millisecond.
+   */
+  monotonic = 0;
+  constructor(options = {}) {
+    this.maxEntries = options.maxEntries ?? DEFAULT_MAX_ENTRIES;
+    this.maxBytes = options.maxBytes ?? DEFAULT_MAX_BYTES;
+    this.now = options.now ?? (() => {
+      this.monotonic += 1;
+      return this.monotonic;
+    });
+  }
+  /**
+   * Return the cached result for `key` if present (and re-stamp it as
+   * most-recently-used); otherwise run the callback, store the result with
+   * `deps` as its invalidation footprint, and return it. The caller is
+   * responsible for collecting `deps` via a `DependencyTracker` during
+   * the callback and handing the same set in here — the cache stores the
+   * reference verbatim, so the caller MUST stop mutating it after this
+   * call returns.
+   *
+   * The callback is awaited inside the cache so concurrent callers for the
+   * same key still race the underlying handler — a real Convex-style
+   * "in-flight dedup" would add a `Map&lt;key, Promise>`; we keep this simpler
+   * and accept that the first uncached hit may run the handler twice when
+   * two callers arrive on the same tick. The single-DO concurrency model
+   * makes that race vanishingly rare in practice.
+   */
+  async run(key, deps, run) {
+    const existing = this.entries.get(key);
+    if (existing) {
+      this.hits += 1;
+      existing.lastUsed = this.now();
+      this.entries.delete(key);
+      this.entries.set(key, existing);
+      return existing.result;
+    }
+    this.misses += 1;
+    const result = await run();
+    const bytes = estimateBytes(result);
+    const entry = {
+      bytes,
+      deps,
+      lastUsed: this.now(),
+      result,
+      subscribers: /* @__PURE__ */ new Set()
+    };
+    this.entries.set(key, entry);
+    this.totalBytes += bytes;
+    for (const dep of deps) {
+      let bucket = this.tableIndex.get(dep);
+      if (!bucket) {
+        bucket = /* @__PURE__ */ new Set();
+        this.tableIndex.set(dep, bucket);
+      }
+      bucket.add(key);
+    }
+    this.evict();
+    return result;
+  }
+  /**
+   * Invalidate every entry that recorded a read of `(table, id)` OR a full
+   * scan of `table` (the `*scan` marker). Returns the keys removed so the
+   * caller can re-run their subscribers — see `ShardDO#flushChangedTables`
+   * for the wired-up consumer.
+   */
+  invalidate(table, id) {
+    const removed = [];
+    this.collectAndDrop(depKey(table, id), removed);
+    this.collectAndDrop(depKey(table, SCAN_DEP), removed);
+    return removed;
+  }
+  /**
+   * Nuke every entry that depends on `table` in any form (rows + `*scan`).
+   * Wired in by the writer for operations that can't pinpoint a row id
+   * (e.g. bulk truncate). For the common single-row write path, prefer
+   * {@link invalidate} so per-id entries on other rows survive.
+   */
+  invalidateTable(table) {
+    const removed = [];
+    const prefix = `${table}:`;
+    for (const dep of this.tableIndex.keys()) {
+      if (dep.startsWith(prefix)) {
+        this.collectAndDrop(dep, removed);
+      }
+    }
+    return removed;
+  }
+  /**
+   * Register `subscriberId` as interested in re-runs of `key`. Subscribers
+   * pin the entry against eviction — see {@link evict}. A subscriber on a
+   * key that isn't cached yet is a no-op (the first `run()` will land the
+   * entry, but the subscription registration is lost). Callers SHOULD
+   * subscribe AFTER the first `run()` returns to avoid that gap.
+   */
+  subscribe(key, subscriberId) {
+    const entry = this.entries.get(key);
+    if (!entry) {
+      return;
+    }
+    entry.subscribers.add(subscriberId);
+  }
+  /** Detach a subscriber from `key`. Idempotent on missing entries. */
+  unsubscribe(key, subscriberId) {
+    const entry = this.entries.get(key);
+    if (!entry) {
+      return;
+    }
+    entry.subscribers.delete(subscriberId);
+  }
+  /** Read-only view of the cache's current resource usage. */
+  size() {
+    return { bytes: this.totalBytes, entries: this.entries.size };
+  }
+  /** Drop every cached entry. Used by tests for isolation. */
+  clear() {
+    this.entries.clear();
+    this.tableIndex.clear();
+    this.totalBytes = 0;
+  }
+  /**
+   * Look up the entry's subscribers without exposing the internal map.
+   * Returned as a snapshot so the caller can iterate without worrying about
+   * concurrent unsubscribes mid-loop.
+   */
+  subscribers(key) {
+    const entry = this.entries.get(key);
+    if (!entry) {
+      return [];
+    }
+    return [...entry.subscribers];
+  }
+  /**
+   * Snapshot of lifetime cache counters plus the current live size. Drives the
+   * studio's metrics panel; cheap, allocation-light, and side-effect-free.
+   */
+  stats() {
+    return {
+      bytes: this.totalBytes,
+      entries: this.entries.size,
+      evictions: this.evictions,
+      hits: this.hits,
+      misses: this.misses
+    };
+  }
+  /** Pull `dep`'s bucket from the index and remove every entry in it. */
+  collectAndDrop(dep, removed) {
+    const bucket = this.tableIndex.get(dep);
+    if (!bucket) {
+      return;
+    }
+    for (const key of bucket) {
+      const entry = this.entries.get(key);
+      if (!entry) {
+        continue;
+      }
+      this.dropEntry(key, entry);
+      removed.push(key);
+    }
+  }
+  /** Remove an entry from every index and decrement the byte charge. */
+  dropEntry(key, entry) {
+    this.entries.delete(key);
+    this.totalBytes -= entry.bytes;
+    for (const dep of entry.deps) {
+      const bucket = this.tableIndex.get(dep);
+      if (!bucket) {
+        continue;
+      }
+      bucket.delete(key);
+      if (bucket.size === 0) {
+        this.tableIndex.delete(dep);
+      }
+    }
+  }
+  /**
+   * Run LRU eviction until both caps hold. Subscribed entries are pinned —
+   * if every survivor has subscribers we exit with the caps still breached
+   * (better than ejecting an actively-watched query and forcing a re-run
+   * storm on its next refresh).
+   */
+  evict() {
+    if (this.entries.size <= this.maxEntries && this.totalBytes <= this.maxBytes) {
+      return;
+    }
+    for (const [key, entry] of this.entries) {
+      if (this.entries.size <= this.maxEntries && this.totalBytes <= this.maxBytes) {
+        return;
+      }
+      if (entry.subscribers.size > 0) {
+        continue;
+      }
+      this.dropEntry(key, entry);
+      this.evictions += 1;
+    }
+  }
+}
+const stableStringify = (value) => {
+  if (value === void 0) {
+    return "null";
+  }
+  if (value === null || typeof value !== "object") {
+    return JSON.stringify(value);
+  }
+  if (Array.isArray(value)) {
+    return `[${value.map((item) => stableStringify(item)).join(",")}]`;
+  }
+  const record = value;
+  const keys = Object.keys(record).toSorted(compareKeys);
+  const parts = [];
+  for (const key of keys) {
+    const raw = record[key];
+    if (raw === void 0) {
+      continue;
+    }
+    parts.push(`${JSON.stringify(key)}:${stableStringify(raw)}`);
+  }
+  return `{${parts.join(",")}}`;
+};
+const reactiveCacheKey = (functionPath, args, identity) => `${identity ?? "\0anon"}\0${functionPath}:${stableStringify(args)}`;
+
+export { ReactiveCache, reactiveCacheKey, stableStringify };

package/dist/packem_shared/SCAN_DEP-DLJF8dsj.mjs

@@ -0,0 +1,19 @@
+const SCAN_DEP = "*scan";
+const depKey = (table, idOrScan) => `${table}:${idOrScan}`;
+const tableFromDepKey = (dep) => {
+  const colon = dep.indexOf(":");
+  return colon === -1 ? dep : dep.slice(0, colon);
+};
+const createDependencyTracker = () => {
+  const deps = /* @__PURE__ */ new Set();
+  return {
+    collect() {
+      return deps;
+    },
+    recordRead(table, idOrScan) {
+      deps.add(depKey(table, idOrScan));
+    }
+  };
+};
+
+export { SCAN_DEP, createDependencyTracker, depKey, tableFromDepKey };

package/dist/packem_shared/SESSION_DO_TTL_DEFAULT-ilPZsVwu.mjs

@@ -0,0 +1,180 @@
+const SESSION_DO_TTL_DEFAULT = 7 * 24 * 60 * 60;
+const SESSION_DO_TTL_MAX = 90 * 24 * 60 * 60;
+const SESSION_GC_INTERVAL_MS = 24 * 60 * 60 * 1e3;
+const SESSION_SECRET_HEADER = "x-lunora-session-do-secret";
+const SESSION_TOKEN_HEADER = "x-lunora-session-token";
+const SESSION_TOKEN_PATTERN = /^[\w-]+$/;
+const MIN_TOKEN_LENGTH = 32;
+const MAX_TOKEN_LENGTH = 256;
+const MAX_USER_ID_LENGTH = 256;
+const jsonResponse = (status, body) => Response.json(body, {
+  headers: { "content-type": "application/json" },
+  status
+});
+const constantTimeEqual = (a, b) => {
+  const max = Math.max(a.length, b.length);
+  let diff = a.length ^ b.length;
+  for (let index = 0; index < max; index += 1) {
+    const charA = index < a.length ? a.charCodeAt(index) : 0;
+    const charB = index < b.length ? b.charCodeAt(index) : 0;
+    diff |= charA ^ charB;
+  }
+  return diff === 0;
+};
+const isAuthorized = (request, env) => {
+  const expected = env.SESSION_DO_SECRET;
+  if (typeof expected !== "string" || expected.length === 0) {
+    return false;
+  }
+  const supplied = request.headers.get(SESSION_SECRET_HEADER);
+  if (typeof supplied !== "string" || supplied.length === 0) {
+    return false;
+  }
+  return constantTimeEqual(expected, supplied);
+};
+const resolveTtlSeconds = (raw) => {
+  let ttlSeconds;
+  if (raw === void 0 || raw === null) {
+    ttlSeconds = SESSION_DO_TTL_DEFAULT;
+  } else if (typeof raw === "number") {
+    ttlSeconds = raw;
+  } else {
+    return void 0;
+  }
+  if (!Number.isFinite(ttlSeconds) || !Number.isInteger(ttlSeconds) || ttlSeconds <= 0 || ttlSeconds > SESSION_DO_TTL_MAX) {
+    return void 0;
+  }
+  return ttlSeconds;
+};
+const validateToken = (value) => {
+  if (typeof value !== "string") {
+    return void 0;
+  }
+  if (value.length < MIN_TOKEN_LENGTH || value.length > MAX_TOKEN_LENGTH) {
+    return void 0;
+  }
+  if (!SESSION_TOKEN_PATTERN.test(value)) {
+    return void 0;
+  }
+  return value;
+};
+class SessionDO {
+  state;
+  env;
+  constructor(state, env) {
+    this.state = state;
+    this.env = env;
+  }
+  async fetch(request) {
+    const env = this.env ?? {};
+    if (!isAuthorized(request, env)) {
+      return jsonResponse(401, { error: { code: "UNAUTHORIZED", message: "missing or invalid SessionDO secret" } });
+    }
+    const url = new URL(request.url);
+    if (request.method === "POST" && url.pathname === "/create") {
+      return this.handleCreate(request);
+    }
+    if (request.method === "GET" && url.pathname === "/get") {
+      return this.handleGet(request);
+    }
+    if (request.method === "DELETE" && url.pathname === "/revoke") {
+      return this.handleRevoke(request);
+    }
+    return jsonResponse(404, { error: { code: "NOT_FOUND", message: "no such session route" } });
+  }
+  /**
+   * Sweep expired session records. Lazy expiry-on-read ({@link handleGet})
+   * already keeps reads correct; this reclaims storage for sessions that are
+   * never read again. Re-arms itself while any sessions remain so the DO goes
+   * fully idle (no billable alarm) once it's empty.
+   */
+  async alarm() {
+    const { storage } = this.state;
+    if (!storage.list) {
+      return;
+    }
+    const now = Date.now();
+    const entries = await storage.list({ prefix: "s:" });
+    const expired = [];
+    let remaining = 0;
+    for (const [key, record] of entries) {
+      if (record.expiresAt < now) {
+        expired.push(key);
+      } else {
+        remaining += 1;
+      }
+    }
+    for (const key of expired) {
+      await storage.delete(key);
+    }
+    if (remaining > 0 && storage.setAlarm) {
+      await storage.setAlarm(now + SESSION_GC_INTERVAL_MS);
+    }
+  }
+  async handleCreate(request) {
+    let body;
+    try {
+      body = await request.json();
+    } catch {
+      return jsonResponse(400, { error: "invalid_request" });
+    }
+    const token = validateToken(body.token);
+    if (token === void 0) {
+      return jsonResponse(400, { error: "invalid_request" });
+    }
+    const { userId } = body;
+    if (typeof userId !== "string" || userId.length === 0 || userId.length > MAX_USER_ID_LENGTH) {
+      return jsonResponse(400, { error: "invalid_request" });
+    }
+    const ttlSeconds = resolveTtlSeconds(body.ttlSeconds);
+    if (ttlSeconds === void 0) {
+      return jsonResponse(400, { error: "invalid_request" });
+    }
+    const now = Date.now();
+    const record = { createdAt: now, expiresAt: now + ttlSeconds * 1e3, userId };
+    await this.state.storage.put(`s:${token}`, record);
+    await this.armGcAlarm();
+    return jsonResponse(201, { token, ...record });
+  }
+  /**
+   * Ensure a GC alarm is pending. Only sets one when none is currently
+   * scheduled, so a burst of `create`s arms a single recurring sweep rather
+   * than thrashing the alarm. A no-op when the runtime/double doesn't expose
+   * the alarm API.
+   */
+  async armGcAlarm() {
+    const { storage } = this.state;
+    if (!storage.getAlarm || !storage.setAlarm) {
+      return;
+    }
+    const existing = await storage.getAlarm();
+    if (existing === null) {
+      await storage.setAlarm(Date.now() + SESSION_GC_INTERVAL_MS);
+    }
+  }
+  async handleGet(request) {
+    const token = request.headers.get(SESSION_TOKEN_HEADER);
+    if (!token) {
+      return jsonResponse(400, { error: { code: "INVALID_INPUT", message: "token required" } });
+    }
+    const record = await this.state.storage.get(`s:${token}`);
+    if (!record) {
+      return jsonResponse(404, { error: { code: "NOT_FOUND", message: "session not found" } });
+    }
+    if (record.expiresAt < Date.now()) {
+      await this.state.storage.delete(`s:${token}`);
+      return jsonResponse(404, { error: { code: "EXPIRED", message: "session expired" } });
+    }
+    return jsonResponse(200, { token, ...record });
+  }
+  async handleRevoke(request) {
+    const token = request.headers.get(SESSION_TOKEN_HEADER);
+    if (!token) {
+      return jsonResponse(400, { error: { code: "INVALID_INPUT", message: "token required" } });
+    }
+    await this.state.storage.delete(`s:${token}`);
+    return jsonResponse(200, { ok: true });
+  }
+}
+
+export { SESSION_DO_TTL_DEFAULT, SESSION_DO_TTL_MAX, SessionDO };

package/dist/packem_shared/SHARD_REGISTRY_DO_NAME-BsAbi5Mn.mjs

@@ -0,0 +1,146 @@
+const SHARD_REGISTRY_DO_NAME = "__lunora_shard_registry__";
+const STORAGE_KEY = "__tables__";
+const jsonResponse = (status, body) => Response.json(body, {
+  headers: { "content-type": "application/json" },
+  status
+});
+const readTableShardBody = async (request) => {
+  let body;
+  try {
+    body = await request.json();
+  } catch {
+    return { kind: "error", response: jsonResponse(400, { error: { code: "BAD_REQUEST", message: "invalid JSON body" } }) };
+  }
+  const table = typeof body.table === "string" ? body.table.trim() : "";
+  const shardKey = typeof body.shardKey === "string" ? body.shardKey.trim() : "";
+  if (!table || !shardKey) {
+    return {
+      kind: "error",
+      response: jsonResponse(400, { error: { code: "BAD_REQUEST", message: "table and shardKey required" } })
+    };
+  }
+  return { kind: "ok", value: { shardKey, table } };
+};
+class ShardRegistryDO {
+  env;
+  state;
+  /**
+   * In-memory snapshot. The single `__tables__` key is persisted on every
+   * mutation; the in-memory copy is the source of truth for reads so
+   * `/list` never pays a storage round-trip.
+   */
+  tables = /* @__PURE__ */ new Map();
+  /**
+   * Lazy-loaded — populated on the first `fetch` via
+   * `blockConcurrencyWhile`. We can't load in the constructor (eslint:
+   * `sonarjs/no-async-constructor`) and don't need to: until the first
+   * fetch arrives the in-memory map is unread anyway.
+   */
+  loaded = false;
+  constructor(state, env) {
+    this.state = state;
+    this.env = env;
+  }
+  async fetch(request) {
+    await this.ensureLoaded();
+    const url = new URL(request.url);
+    if (request.method === "POST" && url.pathname === "/register") {
+      return this.handleRegister(request);
+    }
+    if (request.method === "POST" && url.pathname === "/unregister") {
+      return this.handleUnregister(request);
+    }
+    if (request.method === "GET" && url.pathname === "/list") {
+      return this.handleList(url);
+    }
+    if (request.method === "GET" && url.pathname === "/snapshot") {
+      return this.handleSnapshot();
+    }
+    return jsonResponse(404, { error: { code: "NOT_FOUND", message: `unknown shard-registry route ${request.method} ${url.pathname}` } });
+  }
+  /**
+   * Load the persisted snapshot exactly once. `blockConcurrencyWhile`
+   * suspends concurrent fetch dispatches on this DO until the load
+   * finishes, so the `loaded` flag doesn't need an additional mutex.
+   */
+  async ensureLoaded() {
+    if (this.loaded) {
+      return;
+    }
+    await this.state.blockConcurrencyWhile(async () => {
+      if (this.loaded) {
+        return;
+      }
+      const stored = await this.state.storage.get(STORAGE_KEY);
+      if (stored) {
+        for (const [table, keys] of Object.entries(stored)) {
+          this.tables.set(table, new Set(keys));
+        }
+      }
+      this.loaded = true;
+    });
+  }
+  handleList(url) {
+    const table = url.searchParams.get("table");
+    if (!table) {
+      return jsonResponse(400, { error: { code: "BAD_REQUEST", message: "missing required query parameter: table" } });
+    }
+    return jsonResponse(200, { shardKeys: [...this.tables.get(table) ?? []] });
+  }
+  async handleRegister(request) {
+    const parsed = await readTableShardBody(request);
+    if (parsed.kind === "error") {
+      return parsed.response;
+    }
+    const { shardKey, table } = parsed.value;
+    return this.state.blockConcurrencyWhile(async () => {
+      let set = this.tables.get(table);
+      if (!set) {
+        set = /* @__PURE__ */ new Set();
+        this.tables.set(table, set);
+      }
+      if (set.has(shardKey)) {
+        return jsonResponse(200, { changed: false, ok: true });
+      }
+      set.add(shardKey);
+      await this.persist();
+      return jsonResponse(200, { changed: true, ok: true });
+    });
+  }
+  handleSnapshot() {
+    const out = {};
+    for (const [table, set] of this.tables) {
+      out[table] = [...set];
+    }
+    return jsonResponse(200, { tables: out });
+  }
+  async handleUnregister(request) {
+    const parsed = await readTableShardBody(request);
+    if (parsed.kind === "error") {
+      return parsed.response;
+    }
+    const { shardKey, table } = parsed.value;
+    return this.state.blockConcurrencyWhile(async () => {
+      const set = this.tables.get(table);
+      if (!set?.has(shardKey)) {
+        return jsonResponse(200, { changed: false, ok: true });
+      }
+      set.delete(shardKey);
+      if (set.size === 0) {
+        this.tables.delete(table);
+      }
+      await this.persist();
+      return jsonResponse(200, { changed: true, ok: true });
+    });
+  }
+  /** Serialize the in-memory map to a single JSON-safe object and put. */
+  async persist() {
+    const out = {};
+    for (const [table, set] of this.tables) {
+      out[table] = [...set];
+    }
+    await this.state.storage.put(STORAGE_KEY, out);
+  }
+}
+
+export { SHARD_REGISTRY_DO_NAME, ShardRegistryDO };

package/dist/packem_shared/aggregateTableName-CxNqY1Sl.mjs

@@ -0,0 +1,64 @@
+const compareStrings = (a, b) => {
+  if (a < b) {
+    return -1;
+  }
+  return a > b ? 1 : 0;
+};
+const aggregateTableName = (table, indexName) => `${table}__agg_${indexName}`;
+const coerceAggregateNumber = (value) => {
+  if (typeof value === "number") {
+    return Number.isFinite(value) ? value : void 0;
+  }
+  return void 0;
+};
+const foldAggregateTally = (tallies, encoded, index, record) => {
+  const tally = tallies.get(encoded) ?? { count: 0, value: null };
+  if (index.op === "count") {
+    tally.count += 1;
+    tally.value = tally.count;
+    tallies.set(encoded, tally);
+    return;
+  }
+  const numeric = coerceAggregateNumber(record[index.field ?? ""]);
+  if (index.op === "sum" || index.op === "avg") {
+    if (numeric !== void 0) {
+      tally.value = (tally.value ?? 0) + numeric;
+      tally.count += 1;
+    }
+    tallies.set(encoded, tally);
+    return;
+  }
+  tally.count += 1;
+  if (numeric !== void 0) {
+    if (tally.value === null) {
+      tally.value = numeric;
+    } else {
+      tally.value = index.op === "min" ? Math.min(tally.value, numeric) : Math.max(tally.value, numeric);
+    }
+  }
+  tallies.set(encoded, tally);
+};
+const readAggregateValue = (op, row) => {
+  if (op === "count") {
+    return row?.value ?? 0;
+  }
+  if (!row || row.count === 0) {
+    return null;
+  }
+  if (op === "avg") {
+    return row.value === null ? null : row.value / row.count;
+  }
+  return row.value;
+};
+const encodeAggregateKey = (by, source) => {
+  if (by.length === 0) {
+    return "";
+  }
+  const ordered = {};
+  for (const field of [...by].toSorted(compareStrings)) {
+    ordered[field] = source[field] ?? null;
+  }
+  return JSON.stringify(ordered);
+};
+
+export { aggregateTableName, coerceAggregateNumber, encodeAggregateKey, foldAggregateTally, readAggregateValue };