@malloy-publisher/server 0.0.198-dev → 0.0.198-dev2

package/src/storage/duckdb/schema.ts

@@ -17,6 +17,15 @@ export async function initializeSchema(
       );
       await dropAllTables(db);
    } else {
+      // TODO: Remove this during projects cleanup
+      // If a pre-rename `projects` schema is on disk, the new
+      // CREATE TABLE IF NOT EXISTS pass below would silently leave child
+      // tables on the old `project_id` column and the first query against
+      // `environment_id` would crash. Drop the legacy tables (with a loud
+      // warning) so the fresh schema can be created cleanly. This is
+      // destructive — operators upgrading should re-create their environments
+      // and packages via the API after the upgrade.
+      await dropLegacyProjectSchema(db);
       logger.info("Creating database schema for the first time...");
    }
 
@@ -125,6 +134,38 @@ export async function initializeSchema(
    );
 }
 
+// TODO: Remove this during projects cleanup
+// Tables in the pre-rename schema, listed children-first so DROP order
+// satisfies foreign-key dependencies on the legacy `projects` table.
+const LEGACY_TABLES_DROP_ORDER = [
+   "build_manifests",
+   "materializations",
+   "packages",
+   "connections",
+   "projects",
+] as const;
+
+async function dropLegacyProjectSchema(db: DuckDBConnection): Promise<void> {
+   const legacy = await db.all<{ name: string }>(
+      "SELECT name FROM sqlite_master WHERE type='table' AND name='projects'",
+   );
+   if (!legacy || legacy.length === 0) {
+      return;
+   }
+
+   logger.warn(
+      "Detected legacy 'projects' schema. Dropping legacy tables; existing environments/packages/connections/materializations data will be lost. Re-create them via the API after upgrade.",
+   );
+
+   for (const table of LEGACY_TABLES_DROP_ORDER) {
+      try {
+         await db.run(`DROP TABLE IF EXISTS ${table}`);
+      } catch (err) {
+         logger.warn(`Failed to drop legacy table ${table}:`, err);
+      }
+   }
+}
+
 async function dropAllTables(db: DuckDBConnection): Promise<void> {
    const tables = [
       "build_manifests",

package/src/utils.ts

@@ -1,5 +1,6 @@
 import { URLReader } from "@malloydata/malloy";
 import * as fs from "fs";
+import * as path from "path";
 import { fileURLToPath } from "url";
 
 export const URL_READER: URLReader = {
@@ -11,3 +12,13 @@ export const URL_READER: URLReader = {
       return fs.promises.readFile(path, "utf8");
    },
 };
+
+/**
+ * Skip dotfiles/dotdirs (.vscode, .git, .DS_Store, etc.) when walking a
+ * package tree. These come from editors/VCS, never contain Malloy models
+ * or databases, and have been a source of spurious ENOENTs when their
+ * contents disappear mid-scan.
+ */
+export function ignoreDotfiles(file: string): boolean {
+   return path.basename(file).startsWith(".");
+}

package/tests/harness/rest_e2e.ts

@@ -12,8 +12,8 @@ export interface RestE2EEnv {
  * reuses the cached Express app and binds on an OS-assigned port
  * to avoid collisions.
  *
- * Callers are responsible for creating any test-specific projects
- * via the REST API (POST /api/v0/projects) and cleaning them up.
+ * Callers are responsible for creating any test-specific environments
+ * via the REST API (POST /api/v0/environments) and cleaning them up.
  */
 export async function startRestE2E(): Promise<
    RestE2EEnv & { stop(): Promise<void> }

package/tests/integration/concurrent_environment/concurrent_environment.integration.spec.ts

@@ -0,0 +1,235 @@
+/// <reference types="bun-types" />
+
+/**
+ * Regression test for per-environment load/scaffold races.
+ *
+ * Before fix: concurrent GET (especially ?reload=true), POST, and PATCH against
+ * the same environment name could enter `getEnvironment` / `addEnvironment` in
+ * parallel. Multiple callers would scaffold or re-load the same directory
+ * concurrently, leaving publisher.db and on-disk state inconsistent. Lazy loads
+ * then failed with `Environment "…" could not be resolved to a path.`
+ *
+ * After fix: environment operations serialize on a per-environment mutex in
+ * `EnvironmentStore.getEnvironment`, so concurrent callers share one load path.
+ * All N requests must succeed and the environment must remain usable afterwards.
+ */
+
+import { afterAll, beforeAll, describe, expect, it } from "bun:test";
+import { RestE2EEnv, startRestE2E } from "../../harness/rest_e2e";
+
+const ENV_NAME = `concurrent-environment-test-env-${Date.now()}`;
+const PACKAGE_NAME = "gcs_faa";
+const FIXTURE_LOCATION = "gs://publisher_test_packages/gcs_faa.zip";
+const CONCURRENCY = 12;
+
+const FORBIDDEN_ERROR_FRAGMENTS = [
+   "could not be resolved to a path",
+   "Package manifest for",
+   "does not exist",
+   "compiling model path not found",
+   "model path not found",
+];
+
+function findForbiddenError(body: unknown): string | undefined {
+   const text = typeof body === "string" ? body : JSON.stringify(body ?? "");
+   return FORBIDDEN_ERROR_FRAGMENTS.find((frag) => text.includes(frag));
+}
+
+function environmentPayload(description?: string) {
+   return {
+      name: ENV_NAME,
+      packages: [{ name: PACKAGE_NAME, location: FIXTURE_LOCATION }],
+      connections: [],
+      ...(description !== undefined ? { description } : {}),
+   };
+}
+
+async function waitForPackageReady(
+   baseUrl: string,
+   deadlineMs = 30_000,
+): Promise<void> {
+   const deadline = Date.now() + deadlineMs;
+   while (Date.now() < deadline) {
+      try {
+         const res = await fetch(
+            `${baseUrl}/api/v0/environments/${ENV_NAME}/packages/${PACKAGE_NAME}`,
+         );
+         if (res.ok) {
+            return;
+         }
+      } catch {
+         // not ready yet
+      }
+      await new Promise((r) => setTimeout(r, 250));
+   }
+   throw new Error("Seeded package did not become available in time");
+}
+
+describe("Concurrent environment operations (E2E)", () => {
+   let env: (RestE2EEnv & { stop(): Promise<void> }) | null = null;
+   let baseUrl: string;
+
+   beforeAll(async () => {
+      env = await startRestE2E();
+      baseUrl = env.baseUrl;
+
+      const createRes = await fetch(`${baseUrl}/api/v0/environments`, {
+         method: "POST",
+         headers: { "Content-Type": "application/json" },
+         body: JSON.stringify(environmentPayload()),
+      });
+      if (!createRes.ok) {
+         const body = await createRes.text();
+         throw new Error(
+            `Failed to seed test environment (${createRes.status}): ${body}`,
+         );
+      }
+      await waitForPackageReady(baseUrl);
+   });
+
+   afterAll(async () => {
+      if (baseUrl) {
+         try {
+            await fetch(`${baseUrl}/api/v0/environments/${ENV_NAME}`, {
+               method: "DELETE",
+            });
+         } catch {
+            // best-effort cleanup
+         }
+      }
+      await env?.stop();
+      env = null;
+   });
+
+   it("concurrent POST /environments for the same name all succeed", async () => {
+      const requests = Array.from({ length: CONCURRENCY }, () =>
+         fetch(`${baseUrl}/api/v0/environments`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(environmentPayload()),
+         }),
+      );
+
+      const responses = await Promise.all(requests);
+      const bodies = await Promise.all(
+         responses.map(async (r) => ({
+            status: r.status,
+            body: await r.json().catch(() => null),
+         })),
+      );
+
+      for (const { status, body } of bodies) {
+         expect(status).toBe(200);
+         const forbidden = findForbiddenError(body);
+         expect(forbidden).toBeUndefined();
+         const meta = body as { name?: string };
+         expect(meta.name).toBe(ENV_NAME);
+      }
+
+      await waitForPackageReady(baseUrl);
+
+      const getRes = await fetch(`${baseUrl}/api/v0/environments/${ENV_NAME}`);
+      expect(getRes.status).toBe(200);
+      const forbidden = findForbiddenError(
+         await getRes.json().catch(() => null),
+      );
+      expect(forbidden).toBeUndefined();
+   });
+
+   it("concurrent GET /environments/:name?reload=true all succeed", async () => {
+      const requests = Array.from({ length: CONCURRENCY }, () =>
+         fetch(`${baseUrl}/api/v0/environments/${ENV_NAME}?reload=true`),
+      );
+      const responses = await Promise.all(requests);
+      const bodies = await Promise.all(
+         responses.map(async (r) => ({
+            status: r.status,
+            body: await r.json().catch(() => null),
+         })),
+      );
+
+      for (const { status, body } of bodies) {
+         expect(status).toBe(200);
+         const forbidden = findForbiddenError(body);
+         expect(forbidden).toBeUndefined();
+         const meta = body as { name?: string };
+         expect(meta.name).toBe(ENV_NAME);
+      }
+
+      await waitForPackageReady(baseUrl);
+   });
+
+   it("simultaneous POST + PATCH for the same environment serialize cleanly", async () => {
+      const newReadme = `concurrent-env-update-${Date.now()}`;
+      const [postRes, patchRes] = await Promise.all([
+         fetch(`${baseUrl}/api/v0/environments`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(environmentPayload()),
+         }),
+         fetch(`${baseUrl}/api/v0/environments/${ENV_NAME}`, {
+            method: "PATCH",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+               name: ENV_NAME,
+               readme: newReadme,
+            }),
+         }),
+      ]);
+
+      expect(postRes.status).toBe(200);
+      expect(
+         findForbiddenError(await postRes.json().catch(() => null)),
+      ).toBeUndefined();
+
+      const patchBody = await patchRes.json().catch(() => null);
+      expect(findForbiddenError(patchBody)).toBeUndefined();
+      expect([200, 404]).toContain(patchRes.status);
+
+      const getRes = await fetch(`${baseUrl}/api/v0/environments/${ENV_NAME}`);
+      expect(getRes.status).toBe(200);
+      const meta = (await getRes.json()) as { name?: string; readme?: string };
+      expect(meta.name).toBe(ENV_NAME);
+   });
+
+   it("interleaved POST + GET-reload + package list never surface path errors", async () => {
+      const work: Array<Promise<{ status: number; body: unknown }>> = [];
+      for (let i = 0; i < CONCURRENCY; i++) {
+         work.push(
+            fetch(`${baseUrl}/api/v0/environments`, {
+               method: "POST",
+               headers: { "Content-Type": "application/json" },
+               body: JSON.stringify(environmentPayload()),
+            }).then(async (r) => ({
+               status: r.status,
+               body: await r.json().catch(() => null),
+            })),
+         );
+         work.push(
+            fetch(
+               `${baseUrl}/api/v0/environments/${ENV_NAME}?reload=true`,
+            ).then(async (r) => ({
+               status: r.status,
+               body: await r.json().catch(() => null),
+            })),
+         );
+         work.push(
+            fetch(`${baseUrl}/api/v0/environments/${ENV_NAME}/packages`).then(
+               async (r) => ({
+                  status: r.status,
+                  body: await r.json().catch(() => null),
+               }),
+            ),
+         );
+      }
+
+      const results = await Promise.all(work);
+      for (const { status, body } of results) {
+         const forbidden = findForbiddenError(body);
+         expect(forbidden).toBeUndefined();
+         expect(status).toBeLessThan(500);
+      }
+
+      await waitForPackageReady(baseUrl);
+   });
+});

package/tests/integration/concurrent_package/concurrent_package.integration.spec.ts

@@ -0,0 +1,280 @@
+/// <reference types="bun-types" />
+
+/**
+ * Regression test for the per-package download/unzip race.
+ *
+ * Before fix: concurrent POST/PATCH/GET-with-reload against the same package
+ * name landed in `downloadPackage` *before* acquiring the per-package mutex.
+ * Multiple callers would `rm -rf <targetPath>` and then `cp -r` / `extractAllTo`
+ * in parallel, leaving the directory in an inconsistent state. Subsequent
+ * reads failed with "Package manifest for ... does not exist" and any
+ * in-flight model compilation would 500 with "compiling model path not found".
+ *
+ * After fix: download is run inside the per-package mutex, so concurrent
+ * callers serialize on the same target path. All N requests must succeed
+ * and the package must be usable afterwards.
+ */
+
+import { afterAll, beforeAll, describe, expect, it } from "bun:test";
+import path from "path";
+import { fileURLToPath } from "url";
+import { RestE2EEnv, startRestE2E } from "../../harness/rest_e2e";
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+// Use a unique env name per run so stale state from a previous run (env
+// directory, persisted env metadata in publisher.db) can't poison startup.
+const ENV_NAME = `concurrent-package-test-env-${Date.now()}`;
+const PACKAGE_NAME = "gcs_faa";
+const CONCURRENCY = 12;
+
+const FORBIDDEN_ERROR_FRAGMENTS = [
+   "Package manifest for",
+   "does not exist",
+   "compiling model path not found",
+   "model path not found",
+];
+
+function findForbiddenError(body: unknown): string | undefined {
+   const text = typeof body === "string" ? body : JSON.stringify(body ?? "");
+   return FORBIDDEN_ERROR_FRAGMENTS.find((frag) => text.includes(frag));
+}
+
+describe("Concurrent package operations (E2E)", () => {
+   let env: (RestE2EEnv & { stop(): Promise<void> }) | null = null;
+   let baseUrl: string;
+   let fixtureDir: string;
+
+   beforeAll(async () => {
+      env = await startRestE2E();
+      baseUrl = env.baseUrl;
+      fixtureDir = "gs://publisher_test_packages/gcs_faa.zip";
+
+      // Seed the environment with the package once so the env exists on disk.
+      // addEnvironment requires at least one package.
+      const createRes = await fetch(`${baseUrl}/api/v0/environments`, {
+         method: "POST",
+         headers: { "Content-Type": "application/json" },
+         body: JSON.stringify({
+            name: ENV_NAME,
+            packages: [{ name: PACKAGE_NAME, location: fixtureDir }],
+            connections: [],
+         }),
+      });
+      if (!createRes.ok) {
+         const body = await createRes.text();
+         throw new Error(
+            `Failed to seed test environment (${createRes.status}): ${body}`,
+         );
+      }
+
+      // Wait for the seeded package to be loadable.
+      const deadline = Date.now() + 30_000;
+      let ready = false;
+      while (!ready && Date.now() < deadline) {
+         try {
+            const res = await fetch(
+               `${baseUrl}/api/v0/environments/${ENV_NAME}/packages/${PACKAGE_NAME}`,
+            );
+            if (res.ok) {
+               ready = true;
+               break;
+            }
+         } catch {
+            // not ready yet
+         }
+         await new Promise((r) => setTimeout(r, 250));
+      }
+      if (!ready) {
+         throw new Error("Seeded package did not become available in time");
+      }
+   });
+
+   afterAll(async () => {
+      if (baseUrl) {
+         try {
+            await fetch(`${baseUrl}/api/v0/environments/${ENV_NAME}`, {
+               method: "DELETE",
+            });
+         } catch {
+            // best-effort cleanup
+         }
+      }
+      await env?.stop();
+      env = null;
+   });
+
+   it("concurrent POST /packages for the same name all succeed", async () => {
+      const requests = Array.from({ length: CONCURRENCY }, () =>
+         fetch(`${baseUrl}/api/v0/environments/${ENV_NAME}/packages`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+               name: PACKAGE_NAME,
+               location: fixtureDir,
+            }),
+         }),
+      );
+
+      const responses = await Promise.all(requests);
+      const bodies = await Promise.all(
+         responses.map(async (r) => ({
+            status: r.status,
+            body: await r.json().catch(() => null),
+         })),
+      );
+
+      for (const { status, body } of bodies) {
+         expect(status).toBe(200);
+         const forbidden = findForbiddenError(body);
+         expect(forbidden).toBeUndefined();
+      }
+
+      // Package must be loadable after the storm.
+      const res = await fetch(
+         `${baseUrl}/api/v0/environments/${ENV_NAME}/packages/${PACKAGE_NAME}`,
+      );
+      expect(res.status).toBe(200);
+      const meta = (await res.json()) as { name?: string };
+      expect(meta.name).toBe(PACKAGE_NAME);
+
+      // Models must be listable — proves the model files survived the unzip
+      // race and Package.create read a consistent directory.
+      const modelsRes = await fetch(
+         `${baseUrl}/api/v0/environments/${ENV_NAME}/packages/${PACKAGE_NAME}/models`,
+      );
+      expect(modelsRes.status).toBe(200);
+      const models = (await modelsRes.json()) as Array<{ path?: string }>;
+      expect(Array.isArray(models)).toBe(true);
+      expect(models.length).toBeGreaterThan(0);
+   });
+
+   it("concurrent GET /packages/:name?reload=true all succeed", async () => {
+      const requests = Array.from({ length: CONCURRENCY }, () =>
+         fetch(
+            `${baseUrl}/api/v0/environments/${ENV_NAME}/packages/${PACKAGE_NAME}?reload=true`,
+         ),
+      );
+      const responses = await Promise.all(requests);
+      const bodies = await Promise.all(
+         responses.map(async (r) => ({
+            status: r.status,
+            body: await r.json().catch(() => null),
+         })),
+      );
+      for (const { status, body } of bodies) {
+         expect(status).toBe(200);
+         const forbidden = findForbiddenError(body);
+         expect(forbidden).toBeUndefined();
+      }
+
+      // Models must still list cleanly.
+      const modelsRes = await fetch(
+         `${baseUrl}/api/v0/environments/${ENV_NAME}/packages/${PACKAGE_NAME}/models`,
+      );
+      expect(modelsRes.status).toBe(200);
+   });
+
+   it("simultaneous POST + PATCH for the same package serialize cleanly", async () => {
+      // Fire create and update at the same time. Both should land under the
+      // same per-package mutex. Whichever wins the mutex first runs first;
+      // the loser sees a coherent post-condition. After both settle the
+      // package must be loadable and the description must reflect the PATCH
+      // when the PATCH ran *after* a successful POST.
+      const newDescription = `concurrent-update-${Date.now()}`;
+      const [postRes, patchRes] = await Promise.all([
+         fetch(`${baseUrl}/api/v0/environments/${ENV_NAME}/packages`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+               name: PACKAGE_NAME,
+               location: fixtureDir,
+            }),
+         }),
+         fetch(
+            `${baseUrl}/api/v0/environments/${ENV_NAME}/packages/${PACKAGE_NAME}`,
+            {
+               method: "PATCH",
+               headers: { "Content-Type": "application/json" },
+               body: JSON.stringify({
+                  name: PACKAGE_NAME,
+                  description: newDescription,
+               }),
+            },
+         ),
+      ]);
+
+      // POST is idempotent here — always succeeds.
+      expect(postRes.status).toBe(200);
+      const postBody = await postRes.json().catch(() => null);
+      expect(findForbiddenError(postBody)).toBeUndefined();
+
+      // PATCH either succeeds (ran after POST loaded the package) or 404s
+      // (ran before POST populated `this.packages`). It must NOT silently
+      // rewrite disk and then 404, and must never surface the forbidden
+      // error fragments.
+      const patchBody = await patchRes.json().catch(() => null);
+      expect(findForbiddenError(patchBody)).toBeUndefined();
+      expect([200, 404]).toContain(patchRes.status);
+
+      // Whatever happened, the package must remain loadable.
+      const getRes = await fetch(
+         `${baseUrl}/api/v0/environments/${ENV_NAME}/packages/${PACKAGE_NAME}`,
+      );
+      expect(getRes.status).toBe(200);
+      const meta = (await getRes.json()) as {
+         name?: string;
+         description?: string;
+      };
+      expect(meta.name).toBe(PACKAGE_NAME);
+   });
+
+   it("interleaved POST + GET-reload + model list never surface stale-dir errors", async () => {
+      // Worst-case interleave: writers and readers hammering the same
+      // package. None of them should observe a missing manifest or a
+      // half-extracted directory.
+      const work: Array<Promise<{ status: number; body: unknown }>> = [];
+      for (let i = 0; i < CONCURRENCY; i++) {
+         work.push(
+            fetch(`${baseUrl}/api/v0/environments/${ENV_NAME}/packages`, {
+               method: "POST",
+               headers: { "Content-Type": "application/json" },
+               body: JSON.stringify({
+                  name: PACKAGE_NAME,
+                  location: fixtureDir,
+               }),
+            }).then(async (r) => ({
+               status: r.status,
+               body: await r.json().catch(() => null),
+            })),
+         );
+         work.push(
+            fetch(
+               `${baseUrl}/api/v0/environments/${ENV_NAME}/packages/${PACKAGE_NAME}?reload=true`,
+            ).then(async (r) => ({
+               status: r.status,
+               body: await r.json().catch(() => null),
+            })),
+         );
+         work.push(
+            fetch(
+               `${baseUrl}/api/v0/environments/${ENV_NAME}/packages/${PACKAGE_NAME}/models`,
+            ).then(async (r) => ({
+               status: r.status,
+               body: await r.json().catch(() => null),
+            })),
+         );
+      }
+
+      const results = await Promise.all(work);
+      for (const { status, body } of results) {
+         const forbidden = findForbiddenError(body);
+         expect(forbidden).toBeUndefined();
+         // Model list while the package is being rewritten can transiently
+         // return 404 (the package is unloaded mid-rewrite), but never 5xx,
+         // and never with the forbidden error fragments.
+         expect(status).toBeLessThan(500);
+      }
+   });
+});