@malloy-publisher/server 0.0.204 → 0.0.206

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (100) hide show
  1. package/build.ts +10 -1
  2. package/dist/app/api-doc.yaml +494 -397
  3. package/dist/app/assets/{EnvironmentPage-CX06cjOF.js → EnvironmentPage-BYwBeC2F.js} +1 -1
  4. package/dist/app/assets/HomePage-ivu4vdpj.js +1 -0
  5. package/dist/app/assets/{MainPage-nUJ9YatG.js → MainPage-B2DnHEDU.js} +2 -2
  6. package/dist/app/assets/MaterializationsPage-BZEuwF9P.js +1 -0
  7. package/dist/app/assets/ModelPage-Dpu3bfPg.js +1 -0
  8. package/dist/app/assets/{PackagePage-BaEVdEAG.js → PackagePage-B8PwcRHt.js} +1 -1
  9. package/dist/app/assets/{RouteError-BShQjZio.js → RouteError-BhbywAeC.js} +1 -1
  10. package/dist/app/assets/{WorkbookPage-CBn6ZjJW.js → WorkbookPage-C-JXsJG0.js} +1 -1
  11. package/dist/app/assets/{core-DECXYL4E.es-OaRfXwuQ.js → core-pPlPr7jK.es-CNEOlxKB.js} +1 -1
  12. package/dist/app/assets/{index-BLfPC1gy.js → index-BHEm8Egc.js} +1 -1
  13. package/dist/app/assets/{index-Dy3YhAZQ.js → index-BsvDrV14.js} +1 -1
  14. package/dist/app/assets/{index-DqiJ0bWp.js → index-ChR1fKR2.js} +134 -134
  15. package/dist/app/assets/{index.umd-DAN9K8yC.js → index.umd-BVLPYNuj.js} +1 -1
  16. package/dist/app/index.html +1 -1
  17. package/dist/instrumentation.mjs +18 -8
  18. package/dist/package_load_worker.mjs +19 -2
  19. package/dist/runtime/publisher.js +318 -0
  20. package/dist/server.mjs +1703 -1443
  21. package/package.json +5 -4
  22. package/scripts/bake-duckdb-extensions.js +104 -0
  23. package/src/constants.ts +12 -0
  24. package/src/controller/materialization.controller.ts +79 -35
  25. package/src/controller/package.controller.spec.ts +179 -0
  26. package/src/controller/package.controller.ts +60 -73
  27. package/src/controller/watch-mode.controller.ts +176 -46
  28. package/src/dto/package.dto.ts +16 -1
  29. package/src/errors.spec.ts +33 -0
  30. package/src/errors.ts +18 -0
  31. package/src/health.spec.ts +34 -1
  32. package/src/instrumentation.ts +33 -17
  33. package/src/materialization_metrics.ts +66 -0
  34. package/src/mcp/error_messages.spec.ts +35 -0
  35. package/src/mcp/error_messages.ts +14 -1
  36. package/src/mcp/handler_utils.ts +12 -0
  37. package/src/package_load/package_load_pool.ts +7 -1
  38. package/src/package_load/package_load_worker.ts +44 -4
  39. package/src/package_load/protocol.ts +7 -1
  40. package/src/runtime/publisher.js +318 -0
  41. package/src/server-old.ts +7 -149
  42. package/src/server.ts +488 -190
  43. package/src/service/authorize_integration.spec.ts +163 -2
  44. package/src/service/compile_authorize.spec.ts +85 -0
  45. package/src/service/environment.ts +270 -12
  46. package/src/service/environment_store.spec.ts +0 -81
  47. package/src/service/environment_store.ts +142 -34
  48. package/src/service/explore_visibility.spec.ts +434 -0
  49. package/src/service/exports_probe.spec.ts +107 -0
  50. package/src/service/manifest_loader.spec.ts +99 -0
  51. package/src/service/manifest_loader.ts +95 -0
  52. package/src/service/materialization_service.spec.ts +324 -512
  53. package/src/service/materialization_service.ts +816 -656
  54. package/src/service/model.ts +444 -13
  55. package/src/service/package.spec.ts +14 -2
  56. package/src/service/package.ts +271 -20
  57. package/src/service/package_rollback.spec.ts +190 -0
  58. package/src/service/package_worker_path.spec.ts +223 -0
  59. package/src/service/query_boundary.spec.ts +470 -0
  60. package/src/storage/DatabaseInterface.ts +35 -57
  61. package/src/storage/StorageManager.mock.ts +0 -9
  62. package/src/storage/StorageManager.ts +7 -290
  63. package/src/storage/duckdb/DuckDBConnection.ts +70 -124
  64. package/src/storage/duckdb/DuckDBRepository.ts +2 -35
  65. package/src/storage/duckdb/MaterializationRepository.ts +52 -27
  66. package/src/storage/duckdb/schema.ts +4 -20
  67. package/tests/fixtures/authorize-compile/model.malloy +9 -0
  68. package/tests/fixtures/authorize-compile/publisher.json +4 -0
  69. package/tests/fixtures/html-pages-nopublic/model.malloy +1 -0
  70. package/tests/fixtures/html-pages-nopublic/publisher.json +5 -0
  71. package/tests/fixtures/html-pages-test/data.csv +3 -0
  72. package/tests/fixtures/html-pages-test/public/assets/app.css +3 -0
  73. package/tests/fixtures/html-pages-test/public/data.json +1 -0
  74. package/tests/fixtures/html-pages-test/public/index.html +9 -0
  75. package/tests/fixtures/html-pages-test/public/sub/page2.html +9 -0
  76. package/tests/fixtures/html-pages-test/publisher.json +5 -0
  77. package/tests/fixtures/html-pages-test/report.malloy +1 -0
  78. package/tests/integration/authorize/compile_authorize_http.integration.spec.ts +92 -0
  79. package/tests/integration/duckdb_storage/duckdb_storage.integration.spec.ts +138 -0
  80. package/tests/integration/html_pages/html_pages.integration.spec.ts +378 -0
  81. package/tests/integration/materialization/manifest_binding.integration.spec.ts +175 -0
  82. package/tests/integration/materialization/materialization_lifecycle.integration.spec.ts +277 -266
  83. package/tests/integration/watch-mode/watch_mode.integration.spec.ts +421 -0
  84. package/tests/unit/duckdb/attached_databases.test.ts +111 -0
  85. package/tests/unit/duckdb/duckdb_connection.test.ts +181 -0
  86. package/tests/unit/duckdb/legacy_schema_migration.test.ts +7 -4
  87. package/tests/unit/duckdb/repositories.test.ts +208 -0
  88. package/dist/app/assets/HomePage-CNFt_eUU.js +0 -1
  89. package/dist/app/assets/MaterializationsPage-B5goxVXW.js +0 -1
  90. package/dist/app/assets/ModelPage-Ba7Xh4lL.js +0 -1
  91. package/src/controller/manifest.controller.ts +0 -38
  92. package/src/service/manifest_service.spec.ts +0 -206
  93. package/src/service/manifest_service.ts +0 -117
  94. package/src/service/materialized_table_gc.spec.ts +0 -384
  95. package/src/service/materialized_table_gc.ts +0 -231
  96. package/src/storage/duckdb/DuckDBManifestStore.ts +0 -70
  97. package/src/storage/duckdb/ManifestRepository.ts +0 -120
  98. package/src/storage/duckdb/manifest_store.spec.ts +0 -133
  99. package/src/storage/ducklake/DuckLakeManifestStore.ts +0 -155
  100. package/tests/unit/storage/StorageManager.test.ts +0 -166
@@ -0,0 +1,378 @@
1
+ /// <reference types="bun-types" />
2
+
3
+ /**
4
+ * E2E coverage for in-package HTML data apps:
5
+ * - static-file serving (`serveFromPackage`) from the package's public/
6
+ * directory only, with realpath containment and HTML-only CSP framing,
7
+ * - the `/pages` list endpoint (bare `Page[]`, the house list shape),
8
+ * - the `/events` SSE stream and its input validation.
9
+ *
10
+ * These routes touch the live filesystem and carry the security-relevant
11
+ * branches (403 containment, 404 for files outside public/, 400 name
12
+ * validation), so they're exercised against the real Express app.
13
+ */
14
+
15
+ import { afterAll, beforeAll, describe, expect, it } from "bun:test";
16
+ import fs from "fs";
17
+ import path from "path";
18
+ import { fileURLToPath } from "url";
19
+ import { RestE2EEnv, startRestE2E } from "../../harness/rest_e2e";
20
+
21
+ const __filename = fileURLToPath(import.meta.url);
22
+ const __dirname = path.dirname(__filename);
23
+
24
+ const ENV_NAME = "html-pages-test-env";
25
+ const PACKAGE_NAME = "html-pages-test";
26
+ // A second package in the same env that ships NO public/ directory, to pin the
27
+ // "package without public/" behavior (file requests 404, /pages returns []).
28
+ const NOPUBLIC_PACKAGE = "html-pages-nopublic";
29
+
30
+ const fixtureDir = path.resolve(__dirname, "../../fixtures/html-pages-test");
31
+ const nopublicFixtureDir = path.resolve(
32
+ __dirname,
33
+ "../../fixtures/html-pages-nopublic",
34
+ );
35
+ // The "malicious package" escape class: a symlink inside the served public/
36
+ // directory that points outside it. We plant it in the *served* copy under
37
+ // publisher_data AFTER the package mounts — never in the source fixture — so it
38
+ // never gets routed through env-creation's `fs.cp`. (Copying an absolute-target
39
+ // symlink is not portable across platforms and was breaking CI on Linux.) The
40
+ // package is served from a copy (no --watch-env), at <SERVER_ROOT>/
41
+ // publisher_data/<env>/<pkg>/public; SERVER_ROOT defaults to the server package
42
+ // dir under `bun test`.
43
+ const serverPkgRoot = path.resolve(__dirname, "../../..");
44
+ const servedEscapeLink = path.join(
45
+ serverPkgRoot,
46
+ "publisher_data",
47
+ ENV_NAME,
48
+ PACKAGE_NAME,
49
+ "public",
50
+ "escape.html",
51
+ );
52
+ // A second planted symlink: the realistic "escape public/" vector, a link
53
+ // inside public/ pointing at a package-root sibling (../report.malloy). It must
54
+ // be rejected (403) just like the absolute /etc/hosts escape above.
55
+ const servedSiblingLink = path.join(
56
+ serverPkgRoot,
57
+ "publisher_data",
58
+ ENV_NAME,
59
+ PACKAGE_NAME,
60
+ "public",
61
+ "leak.html",
62
+ );
63
+
64
+ interface PageItem {
65
+ resource?: string;
66
+ packageName?: string;
67
+ path?: string;
68
+ title?: string;
69
+ }
70
+
71
+ // Creating a symlink that escapes the package needs privileges the Windows CI
72
+ // runner lacks (SeCreateSymbolicLinkPrivilege), and the escape target
73
+ // (/etc/hosts) is Unix-only — so the one symlink-escape case is skipped on
74
+ // Windows (see `itEscape` below). The rest of the suite (serving, manifest
75
+ // blocking, 404s, /pages) runs on every platform and is the valuable Windows
76
+ // coverage of serveFromPackage's path handling (separators, drive letters,
77
+ // case-insensitive manifest match, realpath containment).
78
+ const isWindows = process.platform === "win32";
79
+ const itEscape = isWindows ? it.skip : it;
80
+
81
+ describe("In-package HTML data apps (E2E)", () => {
82
+ let env: (RestE2EEnv & { stop(): Promise<void> }) | null = null;
83
+ let baseUrl: string;
84
+
85
+ const pkgUrl = (sub: string) =>
86
+ `${baseUrl}/environments/${ENV_NAME}/packages/${PACKAGE_NAME}${sub}`;
87
+ const apiUrl = (sub: string) =>
88
+ `${baseUrl}/api/v0/environments/${ENV_NAME}/packages/${PACKAGE_NAME}${sub}`;
89
+
90
+ beforeAll(async () => {
91
+ env = await startRestE2E();
92
+ baseUrl = env.baseUrl;
93
+
94
+ const createRes = await fetch(`${baseUrl}/api/v0/environments`, {
95
+ method: "POST",
96
+ headers: { "Content-Type": "application/json" },
97
+ body: JSON.stringify({
98
+ name: ENV_NAME,
99
+ packages: [
100
+ { name: PACKAGE_NAME, location: fixtureDir },
101
+ { name: NOPUBLIC_PACKAGE, location: nopublicFixtureDir },
102
+ ],
103
+ connections: [],
104
+ }),
105
+ });
106
+ if (!createRes.ok) {
107
+ const body = await createRes.text();
108
+ throw new Error(
109
+ `Failed to create test environment (${createRes.status}): ${body}`,
110
+ );
111
+ }
112
+
113
+ const waitForPackage = async (pkg: string) => {
114
+ const deadline = Date.now() + 30_000;
115
+ while (Date.now() < deadline) {
116
+ try {
117
+ const res = await fetch(
118
+ `${baseUrl}/api/v0/environments/${ENV_NAME}/packages/${pkg}`,
119
+ );
120
+ if (res.ok) return;
121
+ } catch {
122
+ // not ready yet
123
+ }
124
+ await new Promise((r) => setTimeout(r, 500));
125
+ }
126
+ throw new Error(`Package ${pkg} did not become available in time`);
127
+ };
128
+ await waitForPackage(PACKAGE_NAME);
129
+ await waitForPackage(NOPUBLIC_PACKAGE);
130
+
131
+ // Now that the package is mounted, plant the escape symlinks directly in
132
+ // the served public/ copy (post-fs.cp): one pointing fully outside the
133
+ // package (/etc/hosts) and one at a package-root sibling (../report.malloy),
134
+ // the realistic "escape public/" vector. Unlink any stale link first, then
135
+ // create fresh WITHOUT swallowing errors, so a failed plant fails the suite
136
+ // loudly instead of silently skipping the security-critical assertions.
137
+ // Skipped on Windows, where the matching tests (itEscape) are skipped too.
138
+ if (!isWindows) {
139
+ for (const link of [servedEscapeLink, servedSiblingLink]) {
140
+ try {
141
+ fs.unlinkSync(link);
142
+ } catch {
143
+ // no stale link to remove
144
+ }
145
+ }
146
+ fs.symlinkSync("/etc/hosts", servedEscapeLink);
147
+ fs.symlinkSync("../report.malloy", servedSiblingLink);
148
+ }
149
+ });
150
+
151
+ afterAll(async () => {
152
+ // Always tear down the env so a partially-set-up run can't leave residue
153
+ // in the shared EnvironmentStore for later test files in this process.
154
+ if (baseUrl) {
155
+ try {
156
+ await fetch(`${baseUrl}/api/v0/environments/${ENV_NAME}`, {
157
+ method: "DELETE",
158
+ });
159
+ } catch {
160
+ // best-effort
161
+ }
162
+ }
163
+ // DELETE removes the served dir (and the symlink within it); this is a
164
+ // belt-and-suspenders unlink in case the env was never created.
165
+ for (const link of [servedEscapeLink, servedSiblingLink]) {
166
+ try {
167
+ fs.unlinkSync(link);
168
+ } catch {
169
+ // best-effort
170
+ }
171
+ }
172
+ await env?.stop();
173
+ env = null;
174
+ });
175
+
176
+ // ── static-file serving ──────────────────────────────────────────
177
+
178
+ it("serves index.html at the package root (directory index)", async () => {
179
+ const res = await fetch(pkgUrl("/"));
180
+ expect(res.status).toBe(200);
181
+ const body = await res.text();
182
+ expect(body).toContain("Hello from the in-package data app");
183
+ });
184
+
185
+ it("308-redirects the package root (no trailing slash) to the canonical path", async () => {
186
+ // The redirect target is rebuilt from the route params + parsed query
187
+ // (canonical, same-origin), not the raw request URL.
188
+ const res = await fetch(
189
+ `${baseUrl}/environments/${ENV_NAME}/packages/${PACKAGE_NAME}`,
190
+ { redirect: "manual" },
191
+ );
192
+ expect(res.status).toBe(308);
193
+ expect(res.headers.get("location")).toBe(
194
+ `/environments/${ENV_NAME}/packages/${PACKAGE_NAME}/`,
195
+ );
196
+ // The query string is preserved, placed before the appended slash.
197
+ const withQuery = await fetch(
198
+ `${baseUrl}/environments/${ENV_NAME}/packages/${PACKAGE_NAME}?embed_token=abc`,
199
+ { redirect: "manual" },
200
+ );
201
+ expect(withQuery.status).toBe(308);
202
+ expect(withQuery.headers.get("location")).toBe(
203
+ `/environments/${ENV_NAME}/packages/${PACKAGE_NAME}/?embed_token=abc`,
204
+ );
205
+ });
206
+
207
+ it("sets frame-ancestors CSP on HTML responses and clears X-Frame-Options", async () => {
208
+ const res = await fetch(pkgUrl("/index.html"));
209
+ expect(res.status).toBe(200);
210
+ expect(res.headers.get("content-security-policy")).toBe(
211
+ "frame-ancestors *",
212
+ );
213
+ expect(res.headers.get("x-frame-options")).toBeNull();
214
+ expect(res.headers.get("x-content-type-options")).toBe("nosniff");
215
+ });
216
+
217
+ it("does NOT set the framing CSP on non-HTML assets", async () => {
218
+ const res = await fetch(pkgUrl("/assets/app.css"));
219
+ expect(res.status).toBe(200);
220
+ // CSP framing is only meaningful on documents; assets keep their default.
221
+ expect(res.headers.get("content-security-policy")).toBeNull();
222
+ expect(res.headers.get("x-content-type-options")).toBe("nosniff");
223
+ });
224
+
225
+ it("404s a missing file", async () => {
226
+ const res = await fetch(pkgUrl("/does-not-exist.html"));
227
+ expect(res.status).toBe(404);
228
+ });
229
+
230
+ it("serves a page from a subdirectory", async () => {
231
+ const res = await fetch(pkgUrl("/sub/page2.html"));
232
+ expect(res.status).toBe(200);
233
+ expect(await res.text()).toContain("A page in a subdirectory");
234
+ });
235
+
236
+ it("serves only files under public/; package internals are never served", async () => {
237
+ // The manifest, models, and data live at the package root, outside
238
+ // public/. Each exists in the fixture (asserted), so the 404 proves the
239
+ // public/ boundary blocked it, not a missing file. This is what keeps
240
+ // raw data, model source, and secrets off the static route and behind
241
+ // the per-model #(authorize) and query controls.
242
+ const blocked = ["publisher.json", "report.malloy", "data.csv"];
243
+ for (const name of blocked) {
244
+ expect(fs.existsSync(path.join(fixtureDir, name))).toBe(true);
245
+ const res = await fetch(pkgUrl(`/${name}`));
246
+ expect(res.status).toBe(404);
247
+ }
248
+ });
249
+
250
+ it("serves any file type placed under public/ (no extension filter)", async () => {
251
+ // public/ is the boundary, not a file-extension allowlist: a data-typed
252
+ // file the author deliberately put under public/ is served. (Raw data at
253
+ // the package root is still never served, per the test above.)
254
+ const res = await fetch(pkgUrl("/data.json"));
255
+ expect(res.status).toBe(200);
256
+ });
257
+
258
+ it("404s file requests for a package with no public/ directory", async () => {
259
+ const res = await fetch(
260
+ `${baseUrl}/environments/${ENV_NAME}/packages/${NOPUBLIC_PACKAGE}/index.html`,
261
+ );
262
+ expect(res.status).toBe(404);
263
+ });
264
+
265
+ it("lists no pages for a package with no public/ directory", async () => {
266
+ const res = await fetch(
267
+ `${baseUrl}/api/v0/environments/${ENV_NAME}/packages/${NOPUBLIC_PACKAGE}/pages`,
268
+ );
269
+ expect(res.status).toBe(200);
270
+ expect(await res.json()).toEqual([]);
271
+ });
272
+
273
+ it("rejects URL-encoded path traversal out of public/", async () => {
274
+ // Pre-encoded so the segments aren't normalized away before reaching the
275
+ // server. Whatever the rejection mode (safeJoinUnderRoot 400, realpath
276
+ // containment 403, or normalize-then-missing 404), package internals must
277
+ // never be served (never 200).
278
+ const encoded = [
279
+ "..%2f..%2freport.malloy",
280
+ "%2e%2e%2f%2e%2e%2fpublisher.json",
281
+ "..%2f..%2fdata.csv",
282
+ ];
283
+ for (const p of encoded) {
284
+ const res = await fetch(
285
+ `${baseUrl}/environments/${ENV_NAME}/packages/${PACKAGE_NAME}/${p}`,
286
+ );
287
+ expect([400, 403, 404]).toContain(res.status);
288
+ }
289
+ });
290
+
291
+ itEscape(
292
+ "rejects a symlink in public/ that escapes the package with 403",
293
+ async () => {
294
+ // Precondition: the plant succeeded, so a 403 means realpath
295
+ // containment caught the escape, not a missing-file 404.
296
+ expect(fs.lstatSync(servedEscapeLink).isSymbolicLink()).toBe(true);
297
+ const res = await fetch(pkgUrl("/escape.html"));
298
+ expect(res.status).toBe(403);
299
+ },
300
+ );
301
+
302
+ itEscape(
303
+ "rejects a symlink from public/ to a package-root sibling with 403",
304
+ async () => {
305
+ // The realistic escape: public/leak.html -> ../report.malloy reaches a
306
+ // file at the package root, outside public/. Must be 403, not served.
307
+ expect(fs.lstatSync(servedSiblingLink).isSymbolicLink()).toBe(true);
308
+ const res = await fetch(pkgUrl("/leak.html"));
309
+ expect(res.status).toBe(403);
310
+ },
311
+ );
312
+
313
+ // ── /pages list endpoint ─────────────────────────────────────────
314
+
315
+ it("lists pages as a bare Page[] (not a {pages} envelope)", async () => {
316
+ const res = await fetch(apiUrl("/pages"));
317
+ expect(res.status).toBe(200);
318
+ const body = (await res.json()) as unknown;
319
+ expect(Array.isArray(body)).toBe(true);
320
+
321
+ const pages = body as PageItem[];
322
+ const paths = pages.map((p) => p.path).sort();
323
+ // Only HTML files under public/ are listed; the toEqual pins the exact
324
+ // set, so non-public files (manifest, models, data) can't appear.
325
+ expect(paths).toEqual(["index.html", "sub/page2.html"]);
326
+
327
+ const index = pages.find((p) => p.path === "index.html");
328
+ expect(index?.title).toBe("Carrier Dashboard");
329
+ expect(index?.packageName).toBe(PACKAGE_NAME);
330
+ expect(index?.resource).toBe(
331
+ `/environments/${ENV_NAME}/packages/${PACKAGE_NAME}/index.html`,
332
+ );
333
+ });
334
+
335
+ it("400s a malformed environment/package name on /pages", async () => {
336
+ // getEnvironment runs assertSafePackageName, so a name outside
337
+ // IdentifierPattern is a 400 (now documented on list-pages in api-doc).
338
+ const res = await fetch(
339
+ `${baseUrl}/api/v0/environments/bad%20name/packages/${PACKAGE_NAME}/pages`,
340
+ );
341
+ expect(res.status).toBe(400);
342
+ });
343
+
344
+ // ── /events SSE stream ───────────────────────────────────────────
345
+
346
+ it("400s an illegal environment/package name on /events", async () => {
347
+ // A space is outside IdentifierPattern → assertSafePackageName rejects.
348
+ const res = await fetch(
349
+ `${baseUrl}/api/v0/environments/bad%20name/packages/${PACKAGE_NAME}/events`,
350
+ );
351
+ expect(res.status).toBe(400);
352
+ });
353
+
354
+ it("404s an unknown package on /events", async () => {
355
+ const res = await fetch(
356
+ `${baseUrl}/api/v0/environments/${ENV_NAME}/packages/no-such-pkg/events`,
357
+ );
358
+ expect(res.status).toBe(404);
359
+ });
360
+
361
+ it("opens an SSE stream announcing hello + mode", async () => {
362
+ const controller = new AbortController();
363
+ const res = await fetch(apiUrl("/events"), {
364
+ signal: controller.signal,
365
+ });
366
+ expect(res.status).toBe(200);
367
+ expect(res.headers.get("content-type")).toContain("text/event-stream");
368
+
369
+ const reader = res.body!.getReader();
370
+ const { value } = await reader.read();
371
+ const chunk = new TextDecoder().decode(value);
372
+ expect(chunk).toContain("event: hello");
373
+ expect(chunk).toContain("event: mode");
374
+
375
+ await reader.cancel();
376
+ controller.abort();
377
+ });
378
+ });
@@ -0,0 +1,175 @@
1
+ /// <reference types="bun-types" />
2
+
3
+ import { afterAll, beforeAll, describe, expect, it } from "bun:test";
4
+ import * as fsp from "fs/promises";
5
+ import os from "os";
6
+ import path from "path";
7
+ import { fileURLToPath } from "url";
8
+ import { RestE2EEnv, startRestE2E } from "../../harness/rest_e2e";
9
+
10
+ const __filename = fileURLToPath(import.meta.url);
11
+ const __dirname = path.dirname(__filename);
12
+
13
+ const PROJECT_NAME = "manifest-bind-project";
14
+ const PACKAGE_NAME = "persist-test";
15
+ const MODEL_PATH = "persist_test.malloy";
16
+ const API = `/api/v0/environments/${PROJECT_NAME}/packages/${PACKAGE_NAME}`;
17
+
18
+ /**
19
+ * Covers the publisher's manifestLocation plumbing: create/update accepts a
20
+ * manifest URI, it is persisted to publisher.json (so it survives a reload),
21
+ * the package loader fetches + binds it through the existing reloadAllModels
22
+ * primitive on every (re)load, an unreachable manifest degrades to serving
23
+ * live, and clearing it reverts.
24
+ *
25
+ * The build-time rewrite of upstream persist references to physical tables is
26
+ * Malloy's reloadAllModels behavior, exercised by the materialization lifecycle
27
+ * spec; here we assert the publisher-owned fetch/persist/bind wiring.
28
+ */
29
+ describe("Manifest binding via Package.manifestLocation (E2E)", () => {
30
+ let env: (RestE2EEnv & { stop(): Promise<void> }) | null = null;
31
+ let baseUrl: string;
32
+ let tmpDir: string;
33
+
34
+ beforeAll(async () => {
35
+ env = await startRestE2E();
36
+ baseUrl = env.baseUrl;
37
+ tmpDir = await fsp.mkdtemp(path.join(os.tmpdir(), "manifest-bind-"));
38
+
39
+ const fixtureDir = path.resolve(__dirname, "../../fixtures/persist-test");
40
+ const createRes = await fetch(`${baseUrl}/api/v0/environments`, {
41
+ method: "POST",
42
+ headers: { "Content-Type": "application/json" },
43
+ body: JSON.stringify({
44
+ name: PROJECT_NAME,
45
+ packages: [{ name: PACKAGE_NAME, location: fixtureDir }],
46
+ connections: [],
47
+ }),
48
+ });
49
+ if (!createRes.ok) {
50
+ throw new Error(
51
+ `Failed to create test project (${createRes.status}): ${await createRes.text()}`,
52
+ );
53
+ }
54
+
55
+ const deadline = Date.now() + 30_000;
56
+ while (Date.now() < deadline) {
57
+ const res = await fetch(`${baseUrl}${API}`);
58
+ if (res.ok) break;
59
+ await new Promise((r) => setTimeout(r, 500));
60
+ }
61
+ });
62
+
63
+ afterAll(async () => {
64
+ if (baseUrl) {
65
+ await fetch(`${baseUrl}/api/v0/environments/${PROJECT_NAME}`, {
66
+ method: "DELETE",
67
+ }).catch(() => {});
68
+ }
69
+ await env?.stop();
70
+ await fsp.rm(tmpDir, { recursive: true, force: true }).catch(() => {});
71
+ env = null;
72
+ });
73
+
74
+ function url(p: string): string {
75
+ return `${baseUrl}${API}${p}`;
76
+ }
77
+
78
+ async function getPackage(reload = false): Promise<Record<string, unknown>> {
79
+ const res = await fetch(url(reload ? "?reload=true" : ""));
80
+ expect(res.status).toBe(200);
81
+ return (await res.json()) as Record<string, unknown>;
82
+ }
83
+
84
+ async function patchPackage(
85
+ body: Record<string, unknown>,
86
+ ): Promise<Response> {
87
+ return fetch(url(""), {
88
+ method: "PATCH",
89
+ headers: { "Content-Type": "application/json" },
90
+ body: JSON.stringify({ name: PACKAGE_NAME, ...body }),
91
+ });
92
+ }
93
+
94
+ async function queryOrderSummaryStatus(): Promise<number> {
95
+ const res = await fetch(`${baseUrl}${API}/models/${MODEL_PATH}/query`, {
96
+ method: "POST",
97
+ headers: { "Content-Type": "application/json" },
98
+ body: JSON.stringify({
99
+ query: "run: order_summary -> { aggregate: c is count() }",
100
+ }),
101
+ });
102
+ return res.status;
103
+ }
104
+
105
+ async function writeManifest(): Promise<string> {
106
+ const file = path.join(tmpDir, `manifest-${Date.now()}.json`);
107
+ await fsp.writeFile(
108
+ file,
109
+ JSON.stringify({
110
+ builtAt: new Date().toISOString(),
111
+ strict: false,
112
+ entries: {
113
+ build123: {
114
+ buildId: "build123",
115
+ sourceName: "order_summary",
116
+ physicalTableName: "main.order_summary_mz",
117
+ connectionName: "duckdb",
118
+ },
119
+ },
120
+ }),
121
+ "utf8",
122
+ );
123
+ return file;
124
+ }
125
+
126
+ it("starts with no manifestLocation and serves live", async () => {
127
+ expect((await getPackage()).manifestLocation ?? null).toBeNull();
128
+ expect(await queryOrderSummaryStatus()).toBe(200);
129
+ });
130
+
131
+ it(
132
+ "accepts, persists, reloads, and clears a manifestLocation",
133
+ async () => {
134
+ const manifestFile = await writeManifest();
135
+
136
+ // Accept on update; the response echoes the bound location.
137
+ const patchRes = await patchPackage({
138
+ manifestLocation: manifestFile,
139
+ });
140
+ expect(patchRes.status).toBe(200);
141
+ expect((await patchRes.json()).manifestLocation).toBe(manifestFile);
142
+
143
+ // In-memory metadata reflects it; binding did not break serving.
144
+ expect((await getPackage()).manifestLocation).toBe(manifestFile);
145
+ expect(await queryOrderSummaryStatus()).toBe(200);
146
+
147
+ // Persisted to publisher.json: a reload re-reads and re-binds it.
148
+ expect((await getPackage(true)).manifestLocation).toBe(manifestFile);
149
+ expect(await queryOrderSummaryStatus()).toBe(200);
150
+
151
+ // Clearing reverts to live and survives a reload.
152
+ const clearRes = await patchPackage({ manifestLocation: null });
153
+ expect(clearRes.status).toBe(200);
154
+ expect((await clearRes.json()).manifestLocation ?? null).toBeNull();
155
+ expect((await getPackage(true)).manifestLocation ?? null).toBeNull();
156
+ expect(await queryOrderSummaryStatus()).toBe(200);
157
+ },
158
+ { timeout: 60_000 },
159
+ );
160
+
161
+ it("degrades to serving live when the manifest is unreachable", async () => {
162
+ const missing = path.join(tmpDir, "does-not-exist.json");
163
+
164
+ const patchRes = await patchPackage({ manifestLocation: missing });
165
+ expect(patchRes.status).toBe(200);
166
+ expect((await patchRes.json()).manifestLocation).toBe(missing);
167
+
168
+ // A fetch failure must not brick the package — it still serves live.
169
+ expect(await queryOrderSummaryStatus()).toBe(200);
170
+ expect((await getPackage(true)).manifestLocation).toBe(missing);
171
+ expect(await queryOrderSummaryStatus()).toBe(200);
172
+
173
+ await patchPackage({ manifestLocation: null });
174
+ });
175
+ });