@opendatalabs/personal-server-ts-server 0.0.1-canary.0078f25

package/dist/api.d.ts

@@ -0,0 +1,2 @@
+export { createServer, type CreateServerOptions, type ServerContext, } from "./bootstrap.js";
+//# sourceMappingURL=api.d.ts.map

package/dist/api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,KAAK,mBAAmB,EACxB,KAAK,aAAa,GACnB,MAAM,gBAAgB,CAAC"}

package/dist/api.js

@@ -0,0 +1,2 @@
+export { createServer, } from "./bootstrap.js";
+//# sourceMappingURL=api.js.map

package/dist/api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.js","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,GAGb,MAAM,gBAAgB,CAAC"}

package/dist/app.d.ts

@@ -0,0 +1,35 @@
+import { Hono } from "hono";
+import type { IndexManager } from "@opendatalabs/personal-server-ts-core/storage/index";
+import type { HierarchyManagerOptions } from "@opendatalabs/personal-server-ts-core/storage/hierarchy";
+import type { GatewayClient } from "@opendatalabs/personal-server-ts-core/gateway";
+import type { AccessLogWriter } from "@opendatalabs/personal-server-ts-core/logging/access-log";
+import type { AccessLogReader } from "@opendatalabs/personal-server-ts-core/logging/access-reader";
+import { type HealthDeps } from "./routes/health.js";
+import type { SyncManager } from "@opendatalabs/personal-server-ts-core/sync";
+import type { ServerSigner } from "@opendatalabs/personal-server-ts-core/signing";
+import type { Logger } from "pino";
+export interface IdentityInfo {
+    address: `0x${string}`;
+    publicKey: `0x${string}`;
+    serverId: string | null;
+}
+export interface AppDeps {
+    logger: Logger;
+    version: string;
+    startedAt: Date;
+    indexManager: IndexManager;
+    hierarchyOptions: HierarchyManagerOptions;
+    serverOrigin: string | (() => string);
+    serverOwner?: `0x${string}`;
+    identity?: IdentityInfo;
+    gateway: GatewayClient;
+    accessLogWriter: AccessLogWriter;
+    accessLogReader: AccessLogReader;
+    devToken?: string;
+    configPath?: string;
+    syncManager?: SyncManager | null;
+    serverSigner?: ServerSigner;
+    getTunnelStatus?: HealthDeps["getTunnelStatus"];
+}
+export declare function createApp(deps: AppDeps): Hono;
+//# sourceMappingURL=app.d.ts.map

package/dist/app.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qDAAqD,CAAC;AACxF,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,yDAAyD,CAAC;AACvG,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+CAA+C,CAAC;AACnF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0DAA0D,CAAC;AAChG,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,6DAA6D,CAAC;AACnG,OAAO,EAAe,KAAK,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAQlE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4CAA4C,CAAC;AAC9E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,+CAA+C,CAAC;AAClF,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAEnC,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,KAAK,MAAM,EAAE,CAAC;IACvB,SAAS,EAAE,KAAK,MAAM,EAAE,CAAC;IACzB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,YAAY,EAAE,YAAY,CAAC;IAC3B,gBAAgB,EAAE,uBAAuB,CAAC;IAC1C,YAAY,EAAE,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,CAAC;IACtC,WAAW,CAAC,EAAE,KAAK,MAAM,EAAE,CAAC;IAC5B,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,OAAO,EAAE,aAAa,CAAC;IACvB,eAAe,EAAE,eAAe,CAAC;IACjC,eAAe,EAAE,eAAe,CAAC;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACjC,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,eAAe,CAAC,EAAE,UAAU,CAAC,iBAAiB,CAAC,CAAC;CACjD;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CA0J7C"}

package/dist/app.js

@@ -0,0 +1,124 @@
+import { Hono } from "hono";
+import { cors } from "hono/cors";
+import { ProtocolError } from "@opendatalabs/personal-server-ts-core/errors";
+import { healthRoute } from "./routes/health.js";
+import { dataRoutes } from "./routes/data.js";
+import { grantsRoutes } from "./routes/grants.js";
+import { accessLogsRoutes } from "./routes/access-logs.js";
+import { syncRoutes } from "./routes/sync.js";
+import { uiConfigRoutes } from "./routes/ui-config.js";
+import { uiRoute } from "./routes/ui.js";
+import { mcpRoute } from "./routes/mcp.js";
+export function createApp(deps) {
+    const app = new Hono();
+    // CORS — allow all origins for browser-based clients
+    app.use("*", cors({
+        origin: "*",
+        allowHeaders: [
+            "Content-Type",
+            "Authorization",
+            "mcp-session-id",
+            "Last-Event-ID",
+            "mcp-protocol-version",
+        ],
+        exposeHeaders: ["mcp-session-id", "mcp-protocol-version"],
+        allowMethods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+        maxAge: 86400,
+    }));
+    // Mount health route
+    app.route("/", healthRoute({
+        version: deps.version,
+        startedAt: deps.startedAt,
+        serverOwner: deps.serverOwner,
+        identity: deps.identity,
+        gateway: deps.gateway,
+        logger: deps.logger,
+        getTunnelStatus: deps.getTunnelStatus,
+    }));
+    // Mount data routes (ingest + read + delete)
+    app.route("/v1/data", dataRoutes({
+        indexManager: deps.indexManager,
+        hierarchyOptions: deps.hierarchyOptions,
+        logger: deps.logger,
+        serverOrigin: deps.serverOrigin,
+        serverOwner: deps.serverOwner,
+        gateway: deps.gateway,
+        accessLogWriter: deps.accessLogWriter,
+        devToken: deps.devToken,
+        syncManager: deps.syncManager ?? null,
+    }));
+    // Mount grants routes (POST /verify is public, GET / and POST / need owner auth)
+    app.route("/v1/grants", grantsRoutes({
+        logger: deps.logger,
+        gateway: deps.gateway,
+        serverOwner: deps.serverOwner,
+        serverOrigin: deps.serverOrigin,
+        devToken: deps.devToken,
+        serverSigner: deps.serverSigner,
+    }));
+    // Mount access-logs routes (all owner auth)
+    app.route("/v1/access-logs", accessLogsRoutes({
+        logger: deps.logger,
+        accessLogReader: deps.accessLogReader,
+        serverOrigin: deps.serverOrigin,
+        serverOwner: deps.serverOwner,
+        devToken: deps.devToken,
+    }));
+    // Mount sync routes (all owner auth)
+    app.route("/v1/sync", syncRoutes({
+        logger: deps.logger,
+        serverOrigin: deps.serverOrigin,
+        serverOwner: deps.serverOwner,
+        devToken: deps.devToken,
+        syncManager: deps.syncManager ?? null,
+    }));
+    // Mount MCP endpoint (Model Context Protocol for AI tools)
+    if (deps.serverOwner) {
+        app.route("/mcp", mcpRoute({
+            mcpContext: {
+                indexManager: deps.indexManager,
+                hierarchyOptions: deps.hierarchyOptions,
+                gatewayClient: deps.gateway,
+                serverOwner: deps.serverOwner,
+                logger: deps.logger,
+            },
+        }));
+    }
+    // Mount dev UI routes when dev token is available
+    if (deps.devToken) {
+        app.route("/ui", uiRoute({ devToken: deps.devToken }));
+        if (deps.configPath) {
+            app.route("/ui/api", uiConfigRoutes({
+                devToken: deps.devToken,
+                configPath: deps.configPath,
+            }));
+        }
+    }
+    // Global error handler
+    app.onError((err, c) => {
+        if (err instanceof ProtocolError) {
+            deps.logger.warn({ err }, err.message);
+            return c.json(err.toJSON(), err.code);
+        }
+        deps.logger.error({ err }, "Unhandled error");
+        return c.json({
+            error: {
+                code: 500,
+                errorCode: "INTERNAL_ERROR",
+                message: "Internal server error",
+            },
+        }, 500);
+    });
+    // 404 fallback
+    app.notFound((c) => {
+        return c.json({
+            error: {
+                code: 404,
+                errorCode: "NOT_FOUND",
+                message: "Not found",
+            },
+        }, 404);
+    });
+    return app;
+}
+//# sourceMappingURL=app.js.map

package/dist/app.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"app.js","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,aAAa,EAAE,MAAM,8CAA8C,CAAC;AAM7E,OAAO,EAAE,WAAW,EAAmB,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AA8B3C,MAAM,UAAU,SAAS,CAAC,IAAa;IACrC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,qDAAqD;IACrD,GAAG,CAAC,GAAG,CACL,GAAG,EACH,IAAI,CAAC;QACH,MAAM,EAAE,GAAG;QACX,YAAY,EAAE;YACZ,cAAc;YACd,eAAe;YACf,gBAAgB;YAChB,eAAe;YACf,sBAAsB;SACvB;QACD,aAAa,EAAE,CAAC,gBAAgB,EAAE,sBAAsB,CAAC;QACzD,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,CAAC;QACzD,MAAM,EAAE,KAAK;KACd,CAAC,CACH,CAAC;IAEF,qBAAqB;IACrB,GAAG,CAAC,KAAK,CACP,GAAG,EACH,WAAW,CAAC;QACV,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,eAAe,EAAE,IAAI,CAAC,eAAe;KACtC,CAAC,CACH,CAAC;IAEF,6CAA6C;IAC7C,GAAG,CAAC,KAAK,CACP,UAAU,EACV,UAAU,CAAC;QACT,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;QACvC,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,IAAI;KACtC,CAAC,CACH,CAAC;IAEF,iFAAiF;IACjF,GAAG,CAAC,KAAK,CACP,YAAY,EACZ,YAAY,CAAC;QACX,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,YAAY,EAAE,IAAI,CAAC,YAAY;KAChC,CAAC,CACH,CAAC;IAEF,4CAA4C;IAC5C,GAAG,CAAC,KAAK,CACP,iBAAiB,EACjB,gBAAgB,CAAC;QACf,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACxB,CAAC,CACH,CAAC;IAEF,qCAAqC;IACrC,GAAG,CAAC,KAAK,CACP,UAAU,EACV,UAAU,CAAC;QACT,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,IAAI;KACtC,CAAC,CACH,CAAC;IAEF,2DAA2D;IAC3D,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,GAAG,CAAC,KAAK,CACP,MAAM,EACN,QAAQ,CAAC;YACP,UAAU,EAAE;gBACV,YAAY,EAAE,IAAI,CAAC,YAAY;gBAC/B,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;gBACvC,aAAa,EAAE,IAAI,CAAC,OAAO;gBAC3B,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,MAAM,EAAE,IAAI,CAAC,MAAM;aACpB;SACF,CAAC,CACH,CAAC;IACJ,CAAC;IAED,kDAAkD;IAClD,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAEvD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,GAAG,CAAC,KAAK,CACP,SAAS,EACT,cAAc,CAAC;gBACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,UAAU,EAAE,IAAI,CAAC,UAAU;aAC5B,CAAC,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QACrB,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;YACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YACvC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,IAAuB,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,iBAAiB,CAAC,CAAC;QAC9C,OAAO,CAAC,CAAC,IAAI,CACX;YACE,KAAK,EAAE;gBACL,IAAI,EAAE,GAAG;gBACT,SAAS,EAAE,gBAAgB;gBAC3B,OAAO,EAAE,uBAAuB;aACjC;SACF,EACD,GAAG,CACJ,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,eAAe;IACf,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE;QACjB,OAAO,CAAC,CAAC,IAAI,CACX;YACE,KAAK,EAAE;gBACL,IAAI,EAAE,GAAG;gBACT,SAAS,EAAE,WAAW;gBACtB,OAAO,EAAE,WAAW;aACrB;SACF,EACD,GAAG,CACJ,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/bootstrap.d.ts

@@ -0,0 +1,35 @@
+import type { ServerConfig } from "@opendatalabs/personal-server-ts-core/schemas";
+import { type Logger } from "@opendatalabs/personal-server-ts-core/logger";
+import { type IndexManager } from "@opendatalabs/personal-server-ts-core/storage/index";
+import type { GatewayClient } from "@opendatalabs/personal-server-ts-core/gateway";
+import type { AccessLogReader } from "@opendatalabs/personal-server-ts-core/logging/access-reader";
+import type { ServerAccount } from "@opendatalabs/personal-server-ts-core/keys";
+import type { ServerSigner } from "@opendatalabs/personal-server-ts-core/signing";
+import { type SyncManager } from "@opendatalabs/personal-server-ts-core/sync";
+import type { Hono } from "hono";
+import { TunnelManager } from "./tunnel/index.js";
+export interface ServerContext {
+    app: Hono;
+    logger: Logger;
+    config: ServerConfig;
+    startedAt: Date;
+    indexManager: IndexManager;
+    gatewayClient: GatewayClient;
+    accessLogReader: AccessLogReader;
+    serverAccount?: ServerAccount;
+    serverSigner?: ServerSigner;
+    syncManager: SyncManager | null;
+    tunnelManager?: TunnelManager;
+    tunnelUrl?: string;
+    devToken?: string;
+    startBackgroundServices: () => Promise<void>;
+    cleanup: () => Promise<void>;
+}
+export interface CreateServerOptions {
+    rootPath?: string;
+    /** @deprecated Use rootPath instead. */
+    serverDir?: string;
+    dataDir?: string;
+}
+export declare function createServer(config: ServerConfig, options?: CreateServerOptions): Promise<ServerContext>;
+//# sourceMappingURL=bootstrap.d.ts.map

package/dist/bootstrap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,+CAA+C,CAAC;AAKlF,OAAO,EAEL,KAAK,MAAM,EACZ,MAAM,8CAA8C,CAAC;AACtD,OAAO,EAGL,KAAK,YAAY,EAClB,MAAM,qDAAqD,CAAC;AAG7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+CAA+C,CAAC;AAGnF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,6DAA6D,CAAC;AAMnG,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4CAA4C,CAAC;AAKhF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,+CAA+C,CAAC;AAClF,OAAO,EAGL,KAAK,WAAW,EACjB,MAAM,4CAA4C,CAAC;AAEpD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAGjC,OAAO,EAAE,aAAa,EAAoB,MAAM,mBAAmB,CAAC;AAEpE,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,IAAI,CAAC;IACV,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,YAAY,CAAC;IACrB,SAAS,EAAE,IAAI,CAAC;IAChB,YAAY,EAAE,YAAY,CAAC;IAC3B,aAAa,EAAE,aAAa,CAAC;IAC7B,eAAe,EAAE,eAAe,CAAC;IACjC,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,WAAW,EAAE,WAAW,GAAG,IAAI,CAAC;IAChC,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,uBAAuB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wCAAwC;IACxC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,wBAAsB,YAAY,CAChC,MAAM,EAAE,YAAY,EACpB,OAAO,CAAC,EAAE,mBAAmB,GAC5B,OAAO,CAAC,aAAa,CAAC,CA6QxB"}

package/dist/bootstrap.js

@@ -0,0 +1,232 @@
+import { mkdir } from "node:fs/promises";
+import { createRequire } from "node:module";
+import { randomUUID } from "node:crypto";
+import { join } from "node:path";
+const require = createRequire(import.meta.url);
+const pkg = require("../package.json");
+import { DEFAULT_ROOT_PATH, resolveRootPath, } from "@opendatalabs/personal-server-ts-core/config";
+import { createLogger, } from "@opendatalabs/personal-server-ts-core/logger";
+import { initializeDatabase, createIndexManager, } from "@opendatalabs/personal-server-ts-core/storage/index";
+import { createGatewayClient } from "@opendatalabs/personal-server-ts-core/gateway";
+import { createAccessLogWriter } from "@opendatalabs/personal-server-ts-core/logging/access-log";
+import { createAccessLogReader } from "@opendatalabs/personal-server-ts-core/logging/access-reader";
+import { deriveMasterKey, recoverServerOwner, loadOrCreateServerAccount, } from "@opendatalabs/personal-server-ts-core/keys";
+import { createServerSigner, createRequestSigner, } from "@opendatalabs/personal-server-ts-core/signing";
+import { createSyncCursor, createSyncManager, } from "@opendatalabs/personal-server-ts-core/sync";
+import { createVanaStorageAdapter } from "@opendatalabs/personal-server-ts-core/storage/adapters";
+import { createApp } from "./app.js";
+import { generateDevToken } from "./dev-token.js";
+import { TunnelManager, ensureFrpcBinary } from "./tunnel/index.js";
+export async function createServer(config, options) {
+    const logger = createLogger(config.logging);
+    const startedAt = new Date();
+    const storageRoot = resolveRootPath(options?.rootPath ?? options?.serverDir ?? DEFAULT_ROOT_PATH);
+    const dataDir = options?.dataDir ?? join(storageRoot, "data");
+    const indexPath = join(storageRoot, "index.db");
+    const configPath = join(storageRoot, "config.json");
+    await mkdir(storageRoot, { recursive: true });
+    await mkdir(dataDir, { recursive: true });
+    const db = initializeDatabase(indexPath);
+    const indexManager = createIndexManager(db);
+    const hierarchyOptions = { dataDir };
+    const gatewayClient = createGatewayClient(config.gateway.url);
+    // Derive server owner from VANA_MASTER_KEY_SIGNATURE env var
+    const masterKeySignature = process.env.VANA_MASTER_KEY_SIGNATURE;
+    let serverOwner;
+    let serverAccount;
+    let serverSigner;
+    let identity;
+    if (masterKeySignature) {
+        serverOwner = await recoverServerOwner(masterKeySignature);
+        deriveMasterKey(masterKeySignature); // validate signature format
+        logger.info({ owner: serverOwner }, "Server owner derived from master key");
+        // Load or create server keypair from disk
+        const keyPath = join(storageRoot, "key.json");
+        serverAccount = loadOrCreateServerAccount(keyPath);
+        logger.info({ owner: serverOwner, serverAddress: serverAccount.address }, "Server signing account loaded");
+        serverSigner = createServerSigner(serverAccount, {
+            chainId: config.gateway.chainId,
+            contracts: config.gateway.contracts,
+        });
+        // Identity starts with serverId=null; background services will populate it
+        identity = {
+            address: serverAccount.address,
+            publicKey: serverAccount.publicKey,
+            serverId: null,
+        };
+    }
+    else {
+        logger.warn("VANA_MASTER_KEY_SIGNATURE not set — owner-restricted endpoints will return 500");
+    }
+    // Download frpc binary eagerly (auth-independent) so it's ready when the user signs in
+    let frpcBinaryPath = "";
+    if (config.tunnel.enabled) {
+        try {
+            frpcBinaryPath = await ensureFrpcBinary(storageRoot, {
+                log: (msg) => logger.info(msg),
+            });
+        }
+        catch (err) {
+            logger.warn({ err }, "Failed to download frpc binary - tunnel disabled");
+        }
+    }
+    // --- Sync engine setup ---
+    let syncManager = null;
+    if (config.sync.enabled &&
+        masterKeySignature &&
+        serverOwner &&
+        serverAccount &&
+        serverSigner) {
+        const masterKey = deriveMasterKey(masterKeySignature);
+        const vanaConfig = config.storage.config.vana ?? {
+            apiUrl: "https://storage.vana.com",
+        };
+        const requestSigner = createRequestSigner(serverAccount);
+        const storageAdapter = createVanaStorageAdapter({
+            apiUrl: vanaConfig.apiUrl,
+            ownerAddress: serverOwner,
+            signer: requestSigner,
+        });
+        const cursor = createSyncCursor(configPath);
+        const uploadDeps = {
+            indexManager,
+            hierarchyOptions,
+            storageAdapter,
+            gateway: gatewayClient,
+            signer: serverSigner,
+            masterKey,
+            serverOwner,
+            logger,
+        };
+        const downloadDeps = {
+            indexManager,
+            hierarchyOptions,
+            storageAdapter,
+            gateway: gatewayClient,
+            cursor,
+            masterKey,
+            serverOwner,
+            logger,
+        };
+        syncManager = createSyncManager(uploadDeps, downloadDeps);
+        syncManager.start();
+        logger.info("Sync engine started");
+    }
+    else if (config.sync.enabled) {
+        logger.warn("Sync enabled in config but VANA_MASTER_KEY_SIGNATURE not set — sync disabled");
+    }
+    const logsDir = join(storageRoot, "logs");
+    await mkdir(logsDir, { recursive: true });
+    const accessLogWriter = createAccessLogWriter(logsDir);
+    const accessLogReader = createAccessLogReader(logsDir);
+    // Generate ephemeral dev token when devUi is enabled
+    const devToken = config.devUi.enabled ? generateDevToken() : undefined;
+    // Mutable origin — starts with config value, updated when tunnel connects
+    let effectiveOrigin = config.server.origin;
+    // Mutable tunnelManager — set when tunnel starts in background
+    let tunnelManager;
+    const app = createApp({
+        logger,
+        version: pkg.version,
+        startedAt,
+        indexManager,
+        hierarchyOptions,
+        serverOrigin: () => effectiveOrigin,
+        serverOwner,
+        identity,
+        gateway: gatewayClient,
+        accessLogWriter,
+        accessLogReader,
+        devToken,
+        configPath,
+        syncManager,
+        serverSigner,
+        getTunnelStatus: () => tunnelManager?.getStatus() ?? null,
+    });
+    const cleanup = async () => {
+        if (tunnelManager) {
+            await tunnelManager.stop();
+        }
+        if (syncManager) {
+            await syncManager.stop();
+        }
+        indexManager.close();
+    };
+    const context = {
+        app,
+        logger,
+        config,
+        startedAt,
+        indexManager,
+        gatewayClient,
+        accessLogReader,
+        serverAccount,
+        serverSigner,
+        syncManager,
+        tunnelManager,
+        tunnelUrl: undefined,
+        devToken,
+        startBackgroundServices: async () => {
+            // --- Gateway registration check (slow: HTTP call) ---
+            if (serverAccount && identity) {
+                try {
+                    const serverInfo = await gatewayClient.getServer(serverAccount.address);
+                    identity.serverId = serverInfo?.id ?? null;
+                }
+                catch {
+                    // Gateway unreachable — assume not registered
+                }
+                if (identity.serverId) {
+                    logger.info("Server registered with gateway — signing delegation active");
+                }
+                else {
+                    logger.warn({
+                        serverAddress: serverAccount.address,
+                        publicKey: serverAccount.publicKey,
+                    }, "Server not registered. Register personal server with the gateway to enable delegation.");
+                }
+            }
+            // --- Tunnel setup (slow: subprocess wait) ---
+            if (config.tunnel.enabled &&
+                serverOwner &&
+                serverAccount &&
+                frpcBinaryPath) {
+                tunnelManager = new TunnelManager(storageRoot);
+                context.tunnelManager = tunnelManager;
+                const runId = randomUUID();
+                try {
+                    const url = await tunnelManager.start({
+                        walletAddress: serverAccount.address,
+                        ownerAddress: serverOwner,
+                        serverKeypair: serverAccount,
+                        runId,
+                        serverAddr: config.tunnel.serverAddr,
+                        serverPort: config.tunnel.serverPort,
+                        localPort: config.server.port,
+                    }, frpcBinaryPath);
+                    logger.info({ tunnelUrl: url }, "Tunnel established");
+                    context.tunnelUrl = url;
+                    effectiveOrigin = url;
+                    if (!identity?.serverId) {
+                        logger.warn("Tunnel started but server is not registered with gateway — tunnel will not route traffic. Run: npm run register-server");
+                        tunnelManager.setVerified(false, "Server not registered with gateway");
+                    }
+                }
+                catch (err) {
+                    logger.warn({ err }, "Tunnel failed to connect - server running in local-only mode");
+                    tunnelManager = undefined;
+                    context.tunnelManager = undefined;
+                }
+            }
+            else if (config.tunnel.enabled && !frpcBinaryPath) {
+                logger.warn("frpc binary not available — tunnel disabled");
+            }
+            else if (config.tunnel.enabled) {
+                logger.warn("Tunnel enabled in config but VANA_MASTER_KEY_SIGNATURE not set — tunnel disabled");
+            }
+        },
+        cleanup,
+    };
+    return context;
+}
+//# sourceMappingURL=bootstrap.js.map

package/dist/bootstrap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAwB,CAAC;AAE9D,OAAO,EACL,iBAAiB,EACjB,eAAe,GAChB,MAAM,8CAA8C,CAAC;AACtD,OAAO,EACL,YAAY,GAEb,MAAM,8CAA8C,CAAC;AACtD,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GAEnB,MAAM,qDAAqD,CAAC;AAE7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,+CAA+C,CAAC;AAEpF,OAAO,EAAE,qBAAqB,EAAE,MAAM,0DAA0D,CAAC;AACjG,OAAO,EAAE,qBAAqB,EAAE,MAAM,6DAA6D,CAAC;AAEpG,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,yBAAyB,GAC1B,MAAM,4CAA4C,CAAC;AAEpD,OAAO,EACL,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,+CAA+C,CAAC;AAEvD,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,wBAAwB,EAAE,MAAM,wDAAwD,CAAC;AAElG,OAAO,EAAE,SAAS,EAAqB,MAAM,UAAU,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AA2BpE,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAAoB,EACpB,OAA6B;IAE7B,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAE7B,MAAM,WAAW,GAAG,eAAe,CACjC,OAAO,EAAE,QAAQ,IAAI,OAAO,EAAE,SAAS,IAAI,iBAAiB,CAC7D,CAAC;IACF,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IAChD,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IAEpD,MAAM,KAAK,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1C,MAAM,EAAE,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IACzC,MAAM,YAAY,GAAG,kBAAkB,CAAC,EAAE,CAAC,CAAC;IAC5C,MAAM,gBAAgB,GAA4B,EAAE,OAAO,EAAE,CAAC;IAE9D,MAAM,aAAa,GAAG,mBAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE9D,6DAA6D;IAC7D,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,yBAE1B,CAAC;IACd,IAAI,WAAsC,CAAC;IAE3C,IAAI,aAAwC,CAAC;IAC7C,IAAI,YAAsC,CAAC;IAC3C,IAAI,QAAkC,CAAC;IAEvC,IAAI,kBAAkB,EAAE,CAAC;QACvB,WAAW,GAAG,MAAM,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAC3D,eAAe,CAAC,kBAAkB,CAAC,CAAC,CAAC,4BAA4B;QACjE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,sCAAsC,CAAC,CAAC;QAE5E,0CAA0C;QAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAC9C,aAAa,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,CAAC,IAAI,CACT,EAAE,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,CAAC,OAAO,EAAE,EAC5D,+BAA+B,CAChC,CAAC;QAEF,YAAY,GAAG,kBAAkB,CAAC,aAAa,EAAE;YAC/C,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO;YAC/B,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS;SACpC,CAAC,CAAC;QAEH,2EAA2E;QAC3E,QAAQ,GAAG;YACT,OAAO,EAAE,aAAa,CAAC,OAAO;YAC9B,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,QAAQ,EAAE,IAAI;SACf,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CACT,gFAAgF,CACjF,CAAC;IACJ,CAAC;IAED,uFAAuF;IACvF,IAAI,cAAc,GAAG,EAAE,CAAC;IACxB,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,cAAc,GAAG,MAAM,gBAAgB,CAAC,WAAW,EAAE;gBACnD,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;aAC/B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,kDAAkD,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,IAAI,WAAW,GAAuB,IAAI,CAAC;IAE3C,IACE,MAAM,CAAC,IAAI,CAAC,OAAO;QACnB,kBAAkB;QAClB,WAAW;QACX,aAAa;QACb,YAAY,EACZ,CAAC;QACD,MAAM,SAAS,GAAG,eAAe,CAAC,kBAAkB,CAAC,CAAC;QAEtD,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI;YAC/C,MAAM,EAAE,0BAA0B;SACnC,CAAC;QACF,MAAM,aAAa,GAAG,mBAAmB,CAAC,aAAa,CAAC,CAAC;QACzD,MAAM,cAAc,GAAG,wBAAwB,CAAC;YAC9C,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,YAAY,EAAE,WAAW;YACzB,MAAM,EAAE,aAAa;SACtB,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAE5C,MAAM,UAAU,GAAG;YACjB,YAAY;YACZ,gBAAgB;YAChB,cAAc;YACd,OAAO,EAAE,aAAa;YACtB,MAAM,EAAE,YAAY;YACpB,SAAS;YACT,WAAW;YACX,MAAM;SACP,CAAC;QAEF,MAAM,YAAY,GAAG;YACnB,YAAY;YACZ,gBAAgB;YAChB,cAAc;YACd,OAAO,EAAE,aAAa;YACtB,MAAM;YACN,SAAS;YACT,WAAW;YACX,MAAM;SACP,CAAC;QAEF,WAAW,GAAG,iBAAiB,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QAC1D,WAAW,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACrC,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CACT,8EAA8E,CAC/E,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC1C,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IACvD,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAEvD,qDAAqD;IACrD,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAEvE,0EAA0E;IAC1E,IAAI,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;IAE3C,+DAA+D;IAC/D,IAAI,aAAwC,CAAC;IAE7C,MAAM,GAAG,GAAG,SAAS,CAAC;QACpB,MAAM;QACN,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,SAAS;QACT,YAAY;QACZ,gBAAgB;QAChB,YAAY,EAAE,GAAG,EAAE,CAAC,eAAe;QACnC,WAAW;QACX,QAAQ;QACR,OAAO,EAAE,aAAa;QACtB,eAAe;QACf,eAAe;QACf,QAAQ;QACR,UAAU;QACV,WAAW;QACX,YAAY;QACZ,eAAe,EAAE,GAAG,EAAE,CAAC,aAAa,EAAE,SAAS,EAAE,IAAI,IAAI;KAC1D,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,KAAK,IAAI,EAAE;QACzB,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QACD,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;QAC3B,CAAC;QACD,YAAY,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC,CAAC;IAEF,MAAM,OAAO,GAAkB;QAC7B,GAAG;QACH,MAAM;QACN,MAAM;QACN,SAAS;QACT,YAAY;QACZ,aAAa;QACb,eAAe;QACf,aAAa;QACb,YAAY;QACZ,WAAW;QACX,aAAa;QACb,SAAS,EAAE,SAAS;QACpB,QAAQ;QACR,uBAAuB,EAAE,KAAK,IAAI,EAAE;YAClC,uDAAuD;YACvD,IAAI,aAAa,IAAI,QAAQ,EAAE,CAAC;gBAC9B,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,SAAS,CAC9C,aAAa,CAAC,OAAO,CACtB,CAAC;oBACF,QAAQ,CAAC,QAAQ,GAAG,UAAU,EAAE,EAAE,IAAI,IAAI,CAAC;gBAC7C,CAAC;gBAAC,MAAM,CAAC;oBACP,8CAA8C;gBAChD,CAAC;gBAED,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;oBACtB,MAAM,CAAC,IAAI,CACT,4DAA4D,CAC7D,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,IAAI,CACT;wBACE,aAAa,EAAE,aAAa,CAAC,OAAO;wBACpC,SAAS,EAAE,aAAa,CAAC,SAAS;qBACnC,EACD,wFAAwF,CACzF,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,+CAA+C;YAC/C,IACE,MAAM,CAAC,MAAM,CAAC,OAAO;gBACrB,WAAW;gBACX,aAAa;gBACb,cAAc,EACd,CAAC;gBACD,aAAa,GAAG,IAAI,aAAa,CAAC,WAAW,CAAC,CAAC;gBAC/C,OAAO,CAAC,aAAa,GAAG,aAAa,CAAC;gBAEtC,MAAM,KAAK,GAAG,UAAU,EAAE,CAAC;gBAE3B,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,KAAK,CACnC;wBACE,aAAa,EAAE,aAAa,CAAC,OAAO;wBACpC,YAAY,EAAE,WAAW;wBACzB,aAAa,EAAE,aAAa;wBAC5B,KAAK;wBACL,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU;wBACpC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU;wBACpC,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI;qBAC9B,EACD,cAAc,CACf,CAAC;oBACF,MAAM,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;oBACtD,OAAO,CAAC,SAAS,GAAG,GAAG,CAAC;oBACxB,eAAe,GAAG,GAAG,CAAC;oBAEtB,IAAI,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC;wBACxB,MAAM,CAAC,IAAI,CACT,wHAAwH,CACzH,CAAC;wBACF,aAAa,CAAC,WAAW,CACvB,KAAK,EACL,oCAAoC,CACrC,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAE,EACP,8DAA8D,CAC/D,CAAC;oBACF,aAAa,GAAG,SAAS,CAAC;oBAC1B,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC;gBACpC,CAAC;YACH,CAAC;iBAAM,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpD,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;YAC7D,CAAC;iBAAM,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjC,MAAM,CAAC,IAAI,CACT,kFAAkF,CACnF,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO;KACR,CAAC;IAEF,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/dev-token.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Generates a random 32-byte hex string for use as an ephemeral dev token.
+ * This token is generated once at startup and lives only in memory.
+ */
+export declare function generateDevToken(): string;
+//# sourceMappingURL=dev-token.d.ts.map

package/dist/dev-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dev-token.d.ts","sourceRoot":"","sources":["../src/dev-token.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC"}

package/dist/dev-token.js

@@ -0,0 +1,9 @@
+import { randomBytes } from "node:crypto";
+/**
+ * Generates a random 32-byte hex string for use as an ephemeral dev token.
+ * This token is generated once at startup and lives only in memory.
+ */
+export function generateDevToken() {
+    return randomBytes(32).toString("hex");
+}
+//# sourceMappingURL=dev-token.js.map

package/dist/dev-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dev-token.js","sourceRoot":"","sources":["../src/dev-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C;;;GAGG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js

@@ -0,0 +1,60 @@
+import { serve } from "@hono/node-server";
+import { createRequire } from "node:module";
+import { loadConfig } from "@opendatalabs/personal-server-ts-core/config";
+import { createServer } from "./bootstrap.js";
+import { verifyTunnelUrl } from "./tunnel/index.js";
+const require = createRequire(import.meta.url);
+const pkg = require("../package.json");
+const DRAIN_TIMEOUT_MS = 5_000;
+async function main() {
+    const rootPath = process.env.PERSONAL_SERVER_ROOT_PATH;
+    const config = await loadConfig({ rootPath });
+    const context = await createServer(config, { rootPath });
+    const { app, logger, devToken } = context;
+    const server = serve({ fetch: app.fetch, port: config.server.port }, (info) => {
+        logger.info({ port: info.port, version: pkg.version }, "Server started");
+        if (devToken) {
+            logger.info({ url: `http://localhost:${info.port}/ui` }, "Dev UI available");
+            logger.info({ devToken }, "Dev token (ephemeral)");
+        }
+    });
+    // Fire-and-forget: gateway check + tunnel connect (slow operations)
+    // HTTP server is already listening so POST /v1/data/:scope works immediately
+    context.startBackgroundServices().then(() => {
+        // Verify tunnel URL is reachable now that both HTTP server and tunnel are up
+        const { tunnelManager, tunnelUrl } = context;
+        if (tunnelUrl &&
+            tunnelManager &&
+            tunnelManager.getStatus().status !== "error") {
+            logger.info({ tunnelUrl }, "Verifying tunnel URL is reachable...");
+            verifyTunnelUrl(tunnelUrl).then((result) => {
+                tunnelManager.setVerified(result.reachable, result.error);
+                if (result.reachable) {
+                    logger.info({ tunnelUrl, attempts: result.attempts }, "Tunnel URL verified");
+                }
+                else {
+                    logger.warn({ tunnelUrl, attempts: result.attempts, error: result.error }, "Tunnel URL not reachable — server running in local-only mode");
+                }
+            });
+        }
+    });
+    function shutdown(signal) {
+        logger.info({ signal }, "Shutdown signal received, draining connections");
+        server.close(() => {
+            logger.info("Server stopped");
+            process.exit(0);
+        });
+        // Force exit after drain timeout
+        setTimeout(() => {
+            logger.warn("Drain timeout exceeded, forcing exit");
+            process.exit(1);
+        }, DRAIN_TIMEOUT_MS).unref();
+    }
+    process.on("SIGTERM", () => shutdown("SIGTERM"));
+    process.on("SIGINT", () => shutdown("SIGINT"));
+}
+main().catch((err) => {
+    console.error("Failed to start server:", err);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,8CAA8C,CAAC;AAC1E,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAwB,CAAC;AAE9D,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAE/B,KAAK,UAAU,IAAI;IACjB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;IACvD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IACzD,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAE1C,MAAM,MAAM,GAAG,KAAK,CAClB,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,EAC9C,CAAC,IAAI,EAAE,EAAE;QACP,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,gBAAgB,CAAC,CAAC;QAEzE,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAE,oBAAoB,IAAI,CAAC,IAAI,KAAK,EAAE,EAC3C,kBAAkB,CACnB,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,EAAE,uBAAuB,CAAC,CAAC;QACrD,CAAC;IACH,CAAC,CACF,CAAC;IAEF,oEAAoE;IACpE,6EAA6E;IAC7E,OAAO,CAAC,uBAAuB,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE;QAC1C,6EAA6E;QAC7E,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QAC7C,IACE,SAAS;YACT,aAAa;YACb,aAAa,CAAC,SAAS,EAAE,CAAC,MAAM,KAAK,OAAO,EAC5C,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,EAAE,sCAAsC,CAAC,CAAC;YACnE,eAAe,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;gBACzC,aAAa,CAAC,WAAW,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC1D,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;oBACrB,MAAM,CAAC,IAAI,CACT,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,EACxC,qBAAqB,CACtB,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,IAAI,CACT,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,EAC7D,8DAA8D,CAC/D,CAAC;gBACJ,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,SAAS,QAAQ,CAAC,MAAc;QAC9B,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,gDAAgD,CAAC,CAAC;QAE1E,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE;YAChB,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QAEH,iCAAiC;QACjC,UAAU,CAAC,GAAG,EAAE;YACd,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,EAAE,gBAAgB,CAAC,CAAC,KAAK,EAAE,CAAC;IAC/B,CAAC;IAED,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;IAC9C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/middleware/access-log.d.ts

@@ -0,0 +1,8 @@
+import type { MiddlewareHandler } from "hono";
+import type { AccessLogWriter } from "@opendatalabs/personal-server-ts-core/logging/access-log";
+/**
+ * Logs builder data access AFTER successful response (2xx).
+ * Fire-and-forget: write failures don't affect response.
+ */
+export declare function createAccessLogMiddleware(writer: AccessLogWriter): MiddlewareHandler;
+//# sourceMappingURL=access-log.d.ts.map

package/dist/middleware/access-log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-log.d.ts","sourceRoot":"","sources":["../../src/middleware/access-log.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0DAA0D,CAAC;AAIhG;;;GAGG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,eAAe,GACtB,iBAAiB,CAoCnB"}

package/dist/middleware/access-log.js

@@ -0,0 +1,38 @@
+import { randomUUID } from "node:crypto";
+/**
+ * Logs builder data access AFTER successful response (2xx).
+ * Fire-and-forget: write failures don't affect response.
+ */
+export function createAccessLogMiddleware(writer) {
+    return async (c, next) => {
+        await next();
+        // Only log on 2xx responses
+        if (c.res.status < 200 || c.res.status >= 300) {
+            return;
+        }
+        const auth = c.get("auth");
+        const grant = c.get("grant");
+        if (!auth || !grant) {
+            return;
+        }
+        const scope = c.req.param("scope") ?? "unknown";
+        try {
+            await writer.write({
+                logId: randomUUID(),
+                grantId: grant.id,
+                builder: auth.signer,
+                action: "read",
+                scope,
+                timestamp: new Date().toISOString(),
+                ipAddress: c.req.header("x-forwarded-for") ??
+                    c.req.header("x-real-ip") ??
+                    "unknown",
+                userAgent: c.req.header("user-agent") ?? "unknown",
+            });
+        }
+        catch {
+            // Fire-and-forget: write failures don't affect response
+        }
+    };
+}
+//# sourceMappingURL=access-log.js.map

package/dist/middleware/access-log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-log.js","sourceRoot":"","sources":["../../src/middleware/access-log.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAMzC;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CACvC,MAAuB;IAEvB,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,MAAM,IAAI,EAAE,CAAC;QAEb,4BAA4B;QAC5B,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAA6B,CAAC;QACvD,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,CAAqC,CAAC;QAEjE,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACpB,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;QAEhD,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,KAAK,CAAC;gBACjB,KAAK,EAAE,UAAU,EAAE;gBACnB,OAAO,EAAE,KAAK,CAAC,EAAE;gBACjB,OAAO,EAAE,IAAI,CAAC,MAAM;gBACpB,MAAM,EAAE,MAAM;gBACd,KAAK;gBACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,SAAS,EACP,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC;oBAC/B,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC;oBACzB,SAAS;gBACX,SAAS,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,SAAS;aACnD,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,wDAAwD;QAC1D,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/middleware/body-limit.d.ts

@@ -0,0 +1,10 @@
+import type { MiddlewareHandler } from "hono";
+/** 50 MB — max body size for data ingest routes */
+export declare const DATA_INGEST_MAX_SIZE: number;
+/** 1 MB — default max body size for general routes */
+export declare const DEFAULT_MAX_SIZE: number;
+/**
+ * Creates a Hono body-limit middleware that returns 413 JSON on overflow.
+ */
+export declare function createBodyLimit(maxSize: number): MiddlewareHandler;
+//# sourceMappingURL=body-limit.d.ts.map