@malloy-publisher/server 0.0.197-dev → 0.0.197

package/package.json

@@ -1,7 +1,7 @@
 {
    "name": "@malloy-publisher/server",
    "description": "Malloy Publisher Server",
-   "version": "0.0.197-dev",
+   "version": "0.0.197",
    "main": "dist/server.mjs",
    "bin": {
       "malloy-publisher": "dist/server.mjs"
@@ -34,16 +34,16 @@
       "@azure/identity": "^4.13.0",
       "@azure/storage-blob": "^12.26.0",
       "@google-cloud/storage": "^7.16.0",
-      "@malloydata/db-bigquery": "^0.0.383",
-      "@malloydata/db-databricks": "^0.0.383",
-      "@malloydata/db-duckdb": "^0.0.383",
-      "@malloydata/db-mysql": "^0.0.383",
-      "@malloydata/db-postgres": "^0.0.383",
-      "@malloydata/db-snowflake": "^0.0.383",
-      "@malloydata/db-trino": "^0.0.383",
-      "@malloydata/malloy": "^0.0.383",
-      "@malloydata/malloy-sql": "^0.0.383",
-      "@malloydata/render-validator": "^0.0.383",
+      "@malloydata/db-bigquery": "^0.0.394",
+      "@malloydata/db-databricks": "^0.0.394",
+      "@malloydata/db-duckdb": "^0.0.394",
+      "@malloydata/db-mysql": "^0.0.394",
+      "@malloydata/db-postgres": "^0.0.394",
+      "@malloydata/db-snowflake": "^0.0.394",
+      "@malloydata/db-trino": "^0.0.394",
+      "@malloydata/malloy": "^0.0.394",
+      "@malloydata/malloy-sql": "^0.0.394",
+      "@malloydata/render-validator": "^0.0.394",
       "@modelcontextprotocol/sdk": "^1.13.2",
       "@opentelemetry/api": "^1.9.0",
       "@opentelemetry/auto-instrumentations-node": "^0.57.0",
@@ -68,7 +68,6 @@
       "node-cron": "^3.0.3",
       "recursive-readdir": "^2.2.3",
       "simple-git": "^3.28.0",
-      "trino": "^1.1.1",
       "uuid": "^11.0.3"
    },
    "devDependencies": {

package/publisher.config.example.bigquery.json

@@ -0,0 +1,33 @@
+{
+  "frozenConfig": false,
+  "environments": [
+    {
+      "name": "malloy-samples",
+      "packages": [
+        {
+          "name": "ecommerce",
+          "location": "https://github.com/credibledata/malloy-samples/tree/main/ecommerce"
+        },
+        {
+          "name": "imdb",
+          "location": "https://github.com/credibledata/malloy-samples/tree/main/imdb"
+        },
+        {
+          "name": "faa",
+          "location": "https://github.com/credibledata/malloy-samples/tree/main/faa"
+        },
+        {
+          "name": "bigquery-hackernews",
+          "location": "https://github.com/credibledata/malloy-samples/tree/main/bigquery-hackernews"
+        }
+      ],
+      "connections": [
+        {
+          "name": "bigquery",
+          "type": "bigquery",
+          "bigqueryConnection": {}
+        }
+      ]
+    }
+  ]
+}

package/publisher.config.example.duckdb.json

@@ -0,0 +1,23 @@
+{
+  "frozenConfig": false,
+  "environments": [
+    {
+      "name": "malloy-samples",
+      "packages": [
+        {
+          "name": "ecommerce",
+          "location": "https://github.com/credibledata/malloy-samples/tree/main/ecommerce"
+        },
+        {
+          "name": "imdb",
+          "location": "https://github.com/credibledata/malloy-samples/tree/main/imdb"
+        },
+        {
+          "name": "faa",
+          "location": "https://github.com/credibledata/malloy-samples/tree/main/faa"
+        }
+      ],
+      "connections": []
+    }
+  ]
+}

package/publisher.config.json

@@ -15,19 +15,9 @@
         {
           "name": "faa",
           "location": "https://github.com/credibledata/malloy-samples/tree/main/faa"
-        },
-        {
-          "name": "bigquery-hackernews",
-          "location": "https://github.com/credibledata/malloy-samples/tree/main/bigquery-hackernews"
         }
       ],
-      "connections": [
-        {
-          "name": "bigquery",
-          "type": "bigquery",
-          "bigqueryConnection": {}
-        }
-      ]
+      "connections": []
     }
   ]
 }

package/src/config.spec.ts

@@ -856,3 +856,228 @@ describe("Config Environment Variable Substitution", () => {
       });
    });
 });
+
+// TODO: Remove this during projects cleanup
+describe("Config legacy 'projects' key back-compat", () => {
+   const testServerRoot = path.join(process.cwd(), "test-temp-legacy-config");
+   const configPath = path.join(testServerRoot, PUBLISHER_CONFIG_NAME);
+
+   beforeEach(() => {
+      if (!fs.existsSync(testServerRoot)) {
+         fs.mkdirSync(testServerRoot, { recursive: true });
+      }
+   });
+
+   afterEach(() => {
+      if (fs.existsSync(configPath)) {
+         fs.unlinkSync(configPath);
+      }
+      if (fs.existsSync(testServerRoot)) {
+         fs.rmdirSync(testServerRoot, { recursive: true });
+      }
+   });
+
+   it("reads from legacy 'projects' key when 'environments' is absent", async () => {
+      // Pre-rename on-disk shape: top-level key is `projects`, not
+      // `environments`. Without back-compat this silently parses as empty.
+      const legacyConfig = {
+         frozenConfig: false,
+         projects: [
+            {
+               name: "legacy-env",
+               packages: [
+                  {
+                     name: "p1",
+                     location: "./packages/p1",
+                  },
+               ],
+            },
+         ],
+      };
+
+      fs.writeFileSync(configPath, JSON.stringify(legacyConfig, null, 2));
+
+      // Spy on logger.warn so we can assert the deprecation message fired.
+      const { logger } = await import("./logger");
+      const originalWarn = logger.warn;
+      const warnings: string[] = [];
+      logger.warn = ((msg: unknown, ..._rest: unknown[]) => {
+         warnings.push(typeof msg === "string" ? msg : String(msg));
+         return logger;
+      }) as typeof logger.warn;
+
+      try {
+         const result = getPublisherConfig(testServerRoot);
+
+         expect(result.environments.length).toBe(1);
+         expect(result.environments[0].name).toBe("legacy-env");
+         expect(result.environments[0].packages[0].name).toBe("p1");
+
+         expect(
+            warnings.some((w) => w.includes('uses deprecated "projects" key')),
+         ).toBe(true);
+      } finally {
+         logger.warn = originalWarn;
+      }
+   });
+
+   it("prefers the new 'environments' key when both are present", async () => {
+      const config = {
+         frozenConfig: false,
+         environments: [
+            {
+               name: "new-env",
+               packages: [{ name: "p1", location: "./packages/p1" }],
+            },
+         ],
+         projects: [
+            {
+               name: "should-be-ignored",
+               packages: [{ name: "p2", location: "./packages/p2" }],
+            },
+         ],
+      };
+
+      fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
+
+      const { logger } = await import("./logger");
+      const originalWarn = logger.warn;
+      const warnings: string[] = [];
+      logger.warn = ((msg: unknown, ..._rest: unknown[]) => {
+         warnings.push(typeof msg === "string" ? msg : String(msg));
+         return logger;
+      }) as typeof logger.warn;
+
+      try {
+         const result = getPublisherConfig(testServerRoot);
+
+         expect(result.environments.length).toBe(1);
+         expect(result.environments[0].name).toBe("new-env");
+
+         // No deprecation warning should fire when `environments` is present.
+         expect(
+            warnings.some((w) => w.includes('uses deprecated "projects" key')),
+         ).toBe(false);
+      } finally {
+         logger.warn = originalWarn;
+      }
+   });
+});
+
+describe("Committed example configs", () => {
+   const serverDir = path.resolve(__dirname, "..");
+
+   it.each([
+      ["publisher.config.json", false],
+      ["publisher.config.example.duckdb.json", false],
+      ["publisher.config.example.bigquery.json", true],
+   ])(
+      "%s parses as a valid PublisherConfig",
+      (filename, expectsBigQueryConnection) => {
+         const filePath = path.join(serverDir, filename);
+         expect(fs.existsSync(filePath)).toBe(true);
+
+         const raw = fs.readFileSync(filePath, "utf-8");
+         const parsed = JSON.parse(raw) as PublisherConfig;
+
+         expect(parsed).toHaveProperty("environments");
+         expect(Array.isArray(parsed.environments)).toBe(true);
+         expect(parsed.environments.length).toBeGreaterThan(0);
+
+         const env = parsed.environments[0];
+         expect(env.name).toBeTruthy();
+         expect(Array.isArray(env.packages)).toBe(true);
+         expect(env.packages.length).toBeGreaterThan(0);
+
+         if (expectsBigQueryConnection) {
+            expect(
+               (env.connections ?? []).some((c) => c.type === "bigquery"),
+            ).toBe(true);
+            expect(
+               env.packages.some((p) => p.name === "bigquery-hackernews"),
+            ).toBe(true);
+         } else {
+            expect(
+               env.packages.some((p) => p.name === "bigquery-hackernews"),
+            ).toBe(false);
+         }
+      },
+   );
+});
+
+describe("Config path resolution (--config and bundled default)", () => {
+   const emptyServerRoot = path.join(process.cwd(), "test-empty-server-root");
+   const customConfigPath = path.join(
+      process.cwd(),
+      "test-custom-publisher.config.json",
+   );
+
+   beforeEach(() => {
+      if (!fs.existsSync(emptyServerRoot)) {
+         fs.mkdirSync(emptyServerRoot, { recursive: true });
+      }
+      delete process.env.PUBLISHER_CONFIG_PATH;
+      delete process.env.PUBLISHER_USE_BUNDLED_DEFAULT;
+   });
+
+   afterEach(() => {
+      delete process.env.PUBLISHER_CONFIG_PATH;
+      delete process.env.PUBLISHER_USE_BUNDLED_DEFAULT;
+      if (fs.existsSync(customConfigPath)) {
+         fs.unlinkSync(customConfigPath);
+      }
+      if (fs.existsSync(emptyServerRoot)) {
+         fs.rmSync(emptyServerRoot, { recursive: true, force: true });
+      }
+   });
+
+   it("falls back to the bundled default config when serverRoot has no publisher.config.json and bundled-default opt-in is set", () => {
+      // The bundled default is opt-in (server.ts sets the env var when
+      // the user passed neither --server_root nor --config) so embedded
+      // callers don't get a surprise filesystem read.
+      process.env.PUBLISHER_USE_BUNDLED_DEFAULT = "true";
+      const result = getPublisherConfig(emptyServerRoot);
+
+      expect(result.environments.length).toBeGreaterThan(0);
+      const env = result.environments[0];
+      expect(env.name).toBe("malloy-samples");
+      expect(env.packages.some((p) => p.name === "ecommerce")).toBe(true);
+      expect(env.packages.some((p) => p.name === "bigquery-hackernews")).toBe(
+         false,
+      );
+   });
+
+   it("does NOT fall back to the bundled default when opt-in flag is unset (programmatic construction)", () => {
+      // No PUBLISHER_USE_BUNDLED_DEFAULT, no PUBLISHER_CONFIG_PATH, no
+      // file in emptyServerRoot — result should be the original empty
+      // shape, preserving prior behavior for embeds and tests.
+      const result = getPublisherConfig(emptyServerRoot);
+      expect(result.environments).toEqual([]);
+   });
+
+   it("honors PUBLISHER_CONFIG_PATH (set by --config) over the server root", () => {
+      const customConfig = {
+         frozenConfig: false,
+         environments: [
+            { name: "custom-env", packages: [{ name: "foo", location: "/x" }] },
+         ],
+      };
+      fs.writeFileSync(customConfigPath, JSON.stringify(customConfig));
+      process.env.PUBLISHER_CONFIG_PATH = customConfigPath;
+
+      const result = getPublisherConfig(emptyServerRoot);
+      expect(result.environments[0].name).toBe("custom-env");
+   });
+
+   it("returns empty environments (not the bundled default) when --config points at a missing file", () => {
+      process.env.PUBLISHER_CONFIG_PATH = path.join(
+         process.cwd(),
+         "does-not-exist.json",
+      );
+      // Even with bundled-default opt-in, --config with a missing target
+      // is a user error and we don't paper over it.
+      process.env.PUBLISHER_USE_BUNDLED_DEFAULT = "true";
+      const result = getPublisherConfig(emptyServerRoot);
+      expect(result.environments).toEqual([]);
+   });
+});

package/src/config.ts

@@ -1,9 +1,68 @@
 import fs from "fs";
 import path from "path";
+import { fileURLToPath } from "url";
 import { components } from "./api";
 import { API_PREFIX, PUBLISHER_CONFIG_NAME } from "./constants";
 import { logger } from "./logger";
 
+/**
+ * Path to the publisher.config.json file shipped inside the published
+ * package. Used as a last-resort fallback so `npx @malloy-publisher/server`
+ * with no args still boots with the DuckDB-only sample packages.
+ *
+ * The file is copied next to the running module by `build.ts` at production
+ * build time. In a source/dev checkout it lives alongside this file.
+ */
+const BUNDLED_DEFAULT_CONFIG_PATH = path.join(
+   path.dirname(fileURLToPath(import.meta.url)),
+   "default-publisher.config.json",
+);
+
+/**
+ * Decide which `publisher.config.json` to read.
+ *
+ * Precedence:
+ *   1. `--config <path>` (surfaced via `process.env.PUBLISHER_CONFIG_PATH`)
+ *   2. `<serverRoot>/publisher.config.json`
+ *   3. The bundled default shipped inside the package — ONLY when
+ *      `process.env.PUBLISHER_USE_BUNDLED_DEFAULT === "true"`. server.ts
+ *      sets that flag when the user passed neither `--server_root` nor
+ *      `--config`, so `npx @malloy-publisher/server` with zero args
+ *      boots into something usable. Callers that construct an
+ *      EnvironmentStore programmatically (tests, embeds) don't get
+ *      surprise filesystem fallbacks they didn't ask for.
+ *
+ * Returns `null` if step 1 was requested but the file doesn't exist —
+ * that's an explicit user mistake and the caller should surface it as
+ * an error rather than silently falling back.
+ */
+function resolvePublisherConfigPath(serverRoot: string): {
+   path: string;
+   isBundledDefault: boolean;
+} | null {
+   const explicitPath = process.env.PUBLISHER_CONFIG_PATH;
+   if (explicitPath && explicitPath.length > 0) {
+      if (!fs.existsSync(explicitPath)) {
+         return null;
+      }
+      return { path: explicitPath, isBundledDefault: false };
+   }
+
+   const serverRootPath = path.join(serverRoot, PUBLISHER_CONFIG_NAME);
+   if (fs.existsSync(serverRootPath)) {
+      return { path: serverRootPath, isBundledDefault: false };
+   }
+
+   if (
+      process.env.PUBLISHER_USE_BUNDLED_DEFAULT === "true" &&
+      fs.existsSync(BUNDLED_DEFAULT_CONFIG_PATH)
+   ) {
+      return { path: BUNDLED_DEFAULT_CONFIG_PATH, isBundledDefault: true };
+   }
+
+   return null;
+}
+
 type FilesystemPath = `./${string}` | `../${string}` | `/${string}`;
 type GcsPath = `gs://${string}`;
 type ApiConnection = components["schemas"]["Connection"];
@@ -77,13 +136,30 @@ function processConfigValue(value: unknown): unknown {
 }
 
 export const getPublisherConfig = (serverRoot: string): PublisherConfig => {
-   const publisherConfigPath = path.join(serverRoot, PUBLISHER_CONFIG_NAME);
-   if (!fs.existsSync(publisherConfigPath)) {
+   const resolved = resolvePublisherConfigPath(serverRoot);
+   if (!resolved) {
+      if (
+         process.env.PUBLISHER_CONFIG_PATH &&
+         process.env.PUBLISHER_CONFIG_PATH.length > 0
+      ) {
+         // Explicit --config was given but the path didn't exist. Loud
+         // failure here so a typo in the flag doesn't silently boot the
+         // server with an empty environment list.
+         logger.error(
+            `--config path not found: ${process.env.PUBLISHER_CONFIG_PATH}. Using default empty config.`,
+         );
+      }
       return {
          frozenConfig: false,
          environments: [],
       };
    }
+   const publisherConfigPath = resolved.path;
+   if (resolved.isBundledDefault) {
+      logger.info(
+         `No publisher.config.json found at ${path.join(serverRoot, PUBLISHER_CONFIG_NAME)}; falling back to bundled DuckDB-only default. Pass --config <path> or place a config in the server root to override.`,
+      );
+   }
 
    let rawConfig: unknown;
    try {
@@ -108,6 +184,24 @@ export const getPublisherConfig = (serverRoot: string): PublisherConfig => {
    // Process environment variables in config values
    const processedConfig = processConfigValue(rawConfig);
 
+   // TODO: Remove this during projects cleanup
+   // Back-compat: the top-level key was renamed `projects` → `environments`.
+   // If a config still uses the old key, accept it once with a deprecation
+   // warning so existing on-disk configs don't silently parse as empty.
+   if (
+      processedConfig &&
+      typeof processedConfig === "object" &&
+      !("environments" in processedConfig) &&
+      "projects" in processedConfig
+   ) {
+      logger.warn(
+         `${PUBLISHER_CONFIG_NAME} uses deprecated "projects" key; rename to "environments".`,
+      );
+      (processedConfig as Record<string, unknown>).environments = (
+         processedConfig as Record<string, unknown>
+      ).projects;
+   }
+
    if (
       processedConfig &&
       typeof processedConfig === "object" &&

package/src/controller/connection.controller.ts

@@ -91,7 +91,7 @@ function validateAdminAuthoredConnection(
 ): void {
    if (connectionName === "duckdb" || connectionConfig.name === "duckdb") {
       throw new BadRequestError(
-         "DuckDB connection name cannot be 'duckdb'; it is reserved for Publisher package sandboxes.",
+         "Connection name 'duckdb' is reserved for per-package sandboxes. Choose a different name for environment-level DuckDB connections (e.g. 'shared_duckdb').",
       );
    }
 

package/src/default-publisher.config.json

@@ -0,0 +1,23 @@
+{
+  "frozenConfig": false,
+  "environments": [
+    {
+      "name": "malloy-samples",
+      "packages": [
+        {
+          "name": "ecommerce",
+          "location": "https://github.com/credibledata/malloy-samples/tree/main/ecommerce"
+        },
+        {
+          "name": "imdb",
+          "location": "https://github.com/credibledata/malloy-samples/tree/main/imdb"
+        },
+        {
+          "name": "faa",
+          "location": "https://github.com/credibledata/malloy-samples/tree/main/faa"
+        }
+      ],
+      "connections": []
+    }
+  ]
+}

package/src/errors.spec.ts

@@ -0,0 +1,42 @@
+import { describe, expect, it } from "bun:test";
+import {
+   BadRequestError,
+   ConnectionAuthError,
+   ConnectionError,
+   internalErrorToHttpError,
+} from "./errors";
+
+describe("internalErrorToHttpError", () => {
+   it("maps ConnectionAuthError to 422", () => {
+      const { status, json } = internalErrorToHttpError(
+         new ConnectionAuthError("creds rejected for db_x"),
+      );
+      expect(status).toBe(422);
+      expect(json).toEqual({
+         code: 422,
+         message: "creds rejected for db_x",
+      });
+   });
+
+   it("maps BadRequestError to 400", () => {
+      const { status, json } = internalErrorToHttpError(
+         new BadRequestError("bad input"),
+      );
+      expect(status).toBe(400);
+      expect(json).toEqual({ code: 400, message: "bad input" });
+   });
+
+   it("maps ConnectionError to 502 (distinct from auth, still retryable)", () => {
+      const { status, json } = internalErrorToHttpError(
+         new ConnectionError("upstream broken"),
+      );
+      expect(status).toBe(502);
+      expect(json).toEqual({ code: 502, message: "upstream broken" });
+   });
+
+   it("falls through to 500 for unrecognized errors", () => {
+      const { status, json } = internalErrorToHttpError(new Error("boom"));
+      expect(status).toBe(500);
+      expect(json.message).toBe("boom");
+   });
+});

package/src/errors.ts

@@ -16,6 +16,8 @@ export function internalErrorToHttpError(error: Error) {
       return httpError(400, error.message);
    } else if (error instanceof ConnectionNotFoundError) {
       return httpError(404, error.message);
+   } else if (error instanceof ConnectionAuthError) {
+      return httpError(422, error.message);
    } else if (error instanceof ModelCompilationError) {
       return httpError(424, error.message);
    } else if (error instanceof ConnectionError) {
@@ -83,6 +85,12 @@ export class ConnectionError extends Error {
    }
 }
 
+export class ConnectionAuthError extends Error {
+   constructor(message: string) {
+      super(message);
+   }
+}
+
 export class ModelCompilationError extends Error {
    constructor(error: MalloyError) {
       super(error.message);

package/src/health.ts

@@ -41,6 +41,32 @@ export function markReady(): void {
    }
 }
 
+/**
+ * Marks the service as degraded: one or more environments failed to
+ * initialize. The surviving environments are still queryable, and
+ * callers polling /api/v0/status see operationalState="degraded" plus
+ * a failedEnvironments list.
+ *
+ * Readiness probe (/health/readiness) returns 503 — degraded pods are
+ * pulled out of K8s load-balancer rotation so traffic does not get
+ * routed to a replica that can only serve a fraction of the configured
+ * environments. Operators should fix the failing config and restart
+ * the pod; if you want degraded traffic to be served anyway (e.g. for
+ * a single-replica local dev instance), poll /api/v0/status directly
+ * instead of /health/readiness.
+ */
+export function markDegraded(): void {
+   if (operationalState !== "draining") {
+      operationalState = "degraded";
+      ready = false;
+      logger.warn(
+         "Service marked as degraded; one or more environments failed to initialize. Readiness probe will fail until the config is fixed and the process restarts.",
+      );
+   } else {
+      logger.error("Service is already draining - cannot mark as degraded");
+   }
+}
+
 /**
  * Marks the service as not ready (readiness probe will return 503).
  */

package/src/logger.ts

@@ -28,9 +28,7 @@ export const logger = winston.createLogger({
       ? winston.format.combine(
            winston.format.uncolorize(),
            winston.format.timestamp(),
-           winston.format.metadata({
-              fillExcept: ["message", "level", "timestamp"],
-           }),
+           winston.format.errors({ stack: true }),
            winston.format.json(),
         )
       : winston.format.combine(