@powerhousedao/switchboard 6.0.0-dev.23 → 6.0.0-dev.231

package/dist/server-UGYERfMo.mjs

@@ -0,0 +1,762 @@
+import { n as isPostgresUrl, t as addDefaultDrive } from "./utils-DFl0ezBT.mjs";
+import { register } from "node:module";
+import * as Sentry from "@sentry/node";
+import { childLogger, documentModelDocumentModelModule, setLogLevel } from "document-model";
+import dotenv from "dotenv";
+import { getConfig } from "@powerhousedao/config/node";
+import { promises } from "node:fs";
+import path from "node:path";
+import { metrics } from "@opentelemetry/api";
+import { ReactorInstrumentation } from "@powerhousedao/opentelemetry-instrumentation-reactor";
+import { ChannelScheme, EventBus, ReactorBuilder, ReactorClientBuilder, driveCollectionId, parseDriveUrl } from "@powerhousedao/reactor";
+import { HttpPackageLoader, ImportPackageLoader, PackageManagementService, PackagesSubgraph, getUniqueDocumentModels, initializeAndStartAPI } from "@powerhousedao/reactor-api";
+import { httpsHooksPath } from "@powerhousedao/reactor-api/https-hooks";
+import { VitePackageLoader, createViteLogger, startViteServer } from "@powerhousedao/reactor-api/vite";
+import { driveDocumentModelModule } from "@powerhousedao/shared/document-drive";
+import { documentModels } from "@powerhousedao/vetra";
+import { processorFactory } from "@powerhousedao/vetra/processors";
+import { Kysely, PostgresDialect } from "kysely";
+import { PGliteDialect } from "kysely-pglite-dialect";
+import net from "node:net";
+import path$1 from "path";
+import { Pool } from "pg";
+import { AttachmentNotFound, InvalidAttachmentRef, ReservationNotFound } from "@powerhousedao/reactor-attachments";
+import { Readable } from "node:stream";
+import { EnvVarProvider } from "@openfeature/env-var-provider";
+import { OpenFeature } from "@openfeature/server-sdk";
+import { DEFAULT_RENOWN_URL, NodeKeyStorage, RenownBuilder, RenownCryptoBuilder, createSignatureVerifier } from "@renown/sdk/node";
+//#region src/pglite-version.ts
+const SUPPORTED_PG_MAJORS = [16, 17];
+async function readPgVersionFile(dataDir) {
+	try {
+		const raw = await promises.readFile(path.join(dataDir, "PG_VERSION"), "utf8");
+		const major = parseInt(raw.trim(), 10);
+		return Number.isFinite(major) ? major : null;
+	} catch {
+		return null;
+	}
+}
+function isSupportedMajor(major) {
+	return SUPPORTED_PG_MAJORS.includes(major);
+}
+/**
+* Parses the `PH_FORCE_PG_VERSION` env var. Returns the validated major, or
+* `null` when the var is unset/empty. Throws on any value that is not a
+* supported major — invalid configuration must fail before the server starts
+* touching disk.
+*/
+function parseForcePgVersion(raw) {
+	if (raw === void 0 || raw.trim() === "") return null;
+	const parsed = Number(raw);
+	if (Number.isInteger(parsed) && isSupportedMajor(parsed)) return parsed;
+	throw new Error(`PH_FORCE_PG_VERSION must be one of: ${SUPPORTED_PG_MAJORS.join(", ")} (got: ${raw})`);
+}
+async function loadPGliteModule(major) {
+	if (major === 16) return await import("pglite-legacy-02");
+	return import("@electric-sql/pglite");
+}
+async function loadPgDump(major) {
+	if (major === 16) return (await import("pglite-tools-legacy-02/pg_dump")).pgDump;
+	return (await import("@electric-sql/pglite-tools/pg_dump")).pgDump;
+}
+//#endregion
+//#region src/pglite-dialect.ts
+var ClosablePGliteDialect = class extends PGliteDialect {
+	#pglite;
+	constructor(pglite) {
+		super(pglite);
+		this.#pglite = pglite;
+	}
+	createDriver() {
+		const driver = super.createDriver();
+		const pglite = this.#pglite;
+		const innerDestroy = driver.destroy.bind(driver);
+		driver.destroy = async () => {
+			await innerDestroy();
+			if (!pglite.closed) await pglite.close();
+		};
+		return driver;
+	}
+};
+//#endregion
+//#region src/attachments/auth.ts
+/**
+* Wrap a Node-style handler so that, when `authService` is provided and auth is
+* enabled, the request must carry a verifiable Bearer token.
+*/
+function requireAuth(authService, handler) {
+	if (!authService) return handler;
+	return async (req, res) => {
+		let result;
+		try {
+			result = await authService.verifyBearer(req.headers.authorization);
+		} catch {
+			res.statusCode = 500;
+			res.setHeader("Content-Type", "application/json");
+			res.end(JSON.stringify({ error: "Internal authentication error" }));
+			return;
+		}
+		if (result instanceof Response) {
+			const body = await result.text();
+			res.statusCode = result.status;
+			const contentType = result.headers.get("content-type");
+			if (contentType) res.setHeader("Content-Type", contentType);
+			res.end(body);
+			return;
+		}
+		if (result.auth_enabled && !result.user) {
+			res.statusCode = 401;
+			res.setHeader("Content-Type", "application/json");
+			res.end(JSON.stringify({ error: "Authentication required" }));
+			return;
+		}
+		await handler(req, res);
+	};
+}
+//#endregion
+//#region src/attachments/mount-auth.ts
+/**
+* Mount a Node-style attachment route with `requireAuth` applied unconditionally.
+* When `api.authService` is undefined (auth disabled), `requireAuth` returns the
+* handler unchanged — that is the only way to opt out. To register a route
+* without auth wrapping you must call `api.httpAdapter.mountNodeRoute` directly.
+*/
+function mountAuthenticatedNodeRoute(api, method, path, handler) {
+	api.httpAdapter.mountNodeRoute(method, path, requireAuth(api.authService, handler));
+}
+//#endregion
+//#region src/attachments/routes.ts
+const logger$1 = childLogger(["switchboard", "attachments"]);
+const HASH_PATTERN = /^[a-f0-9]{64}$/i;
+const CONTROL_CHARS = /[\x00-\x1f\x7f]/;
+const MIME_TYPE_PATTERN = /^[!#$%&'*+\-.^_`|~\w]+\/[!#$%&'*+\-.^_`|~\w]+(?:\s*;\s*[!#$%&'*+\-.^_`|~\w]+=(?:[!#$%&'*+\-.^_`|~\w]+|"(?:[^"\\\r\n]|\\[^\r\n])*"))*$/;
+const MAX_FILENAME_LEN = 255;
+const MAX_MIMETYPE_LEN = 255;
+function sendJson(res, status, body) {
+	res.statusCode = status;
+	res.setHeader("Content-Type", "application/json");
+	res.end(JSON.stringify(body));
+}
+function sendError(res, status, message) {
+	sendJson(res, status, { error: message });
+}
+function statusForError(err) {
+	if (err instanceof AttachmentNotFound) return 404;
+	if (err instanceof ReservationNotFound) return 404;
+	if (err instanceof InvalidAttachmentRef) return 400;
+	return 500;
+}
+function sendErrorFromException(res, err) {
+	const status = statusForError(err);
+	if (status >= 500) {
+		logger$1.error("Attachment route error: @error", err);
+		sendError(res, status, "Internal error");
+		return;
+	}
+	sendError(res, status, err instanceof Error ? err.message : String(err));
+}
+async function readJsonBody(req, body) {
+	if (body !== void 0 && body !== null && typeof body === "object") return body;
+	const chunks = [];
+	for await (const chunk of req) chunks.push(chunk);
+	if (chunks.length === 0) return void 0;
+	const text = Buffer.concat(chunks).toString("utf8");
+	if (text.length === 0) return void 0;
+	return JSON.parse(text);
+}
+function parseReserveOptions(input) {
+	if (input === null || typeof input !== "object") return null;
+	const obj = input;
+	if (typeof obj.mimeType !== "string" || obj.mimeType.length === 0 || obj.mimeType.length > MAX_MIMETYPE_LEN || !MIME_TYPE_PATTERN.test(obj.mimeType)) return null;
+	if (typeof obj.fileName !== "string" || obj.fileName.length === 0 || obj.fileName.length > MAX_FILENAME_LEN || CONTROL_CHARS.test(obj.fileName)) return null;
+	let extension = null;
+	if (typeof obj.extension === "string") {
+		if (obj.extension.length === 0 || /[\\/]/.test(obj.extension)) return null;
+		extension = obj.extension;
+	} else if (obj.extension !== void 0 && obj.extension !== null) return null;
+	return {
+		mimeType: obj.mimeType,
+		fileName: obj.fileName,
+		extension
+	};
+}
+function quoteFilename(name) {
+	return `"${name.replace(/[\\"]/g, "\\$&")}"`;
+}
+function buildContentDisposition(fileName) {
+	const ascii = fileName.replace(/[^\x20-\x21\x23-\x5b\x5d-\x7e]/g, "_");
+	const encoded = encodeURIComponent(fileName).replace(/['()*!]/g, (c) => `%${c.charCodeAt(0).toString(16).toUpperCase()}`);
+	return `attachment; filename=${quoteFilename(ascii)}; filename*=UTF-8''${encoded}`;
+}
+function makeReserveHandler(attachments) {
+	return async (req, res, body) => {
+		let parsed;
+		try {
+			parsed = await readJsonBody(req, body);
+		} catch {
+			sendError(res, 400, "Invalid JSON body");
+			return;
+		}
+		const opts = parseReserveOptions(parsed);
+		if (!opts) {
+			sendError(res, 400, "Body must be { mimeType: string (type/subtype), fileName: string (no control characters, max 255 chars), extension?: string|null }");
+			return;
+		}
+		try {
+			sendJson(res, 201, { reservationId: (await attachments.service.reserve(opts)).reservationId });
+		} catch (err) {
+			sendErrorFromException(res, err);
+		}
+	};
+}
+function makeUploadHandler(attachments) {
+	return async (req, res) => {
+		const reservationId = extractParam(req, "reservationId");
+		if (!reservationId) {
+			sendError(res, 400, "Missing reservationId");
+			return;
+		}
+		let reservation;
+		try {
+			reservation = await attachments.reservations.get(reservationId);
+		} catch (err) {
+			sendErrorFromException(res, err);
+			return;
+		}
+		const upload = attachments.uploadFactory.createUpload(reservation.reservationId, {
+			mimeType: reservation.mimeType,
+			fileName: reservation.fileName,
+			extension: reservation.extension
+		});
+		const webStream = Readable.toWeb(req);
+		try {
+			sendJson(res, 200, await upload.send(webStream));
+		} catch (err) {
+			sendErrorFromException(res, err);
+		}
+	};
+}
+function makeDownloadHandler(attachments) {
+	return async (req, res) => {
+		const hash = extractParam(req, "hash");
+		if (!hash || !HASH_PATTERN.test(hash)) {
+			sendError(res, 400, "Invalid attachment hash");
+			return;
+		}
+		const controller = new AbortController();
+		req.once("close", () => controller.abort());
+		const canonicalHash = hash.toLowerCase();
+		let response;
+		try {
+			response = await attachments.store.get(canonicalHash, controller.signal);
+		} catch (err) {
+			sendErrorFromException(res, err);
+			return;
+		}
+		const { header, body } = response;
+		res.statusCode = 200;
+		res.setHeader("Content-Type", header.mimeType);
+		res.setHeader("Content-Length", String(header.sizeBytes));
+		res.setHeader("Content-Disposition", buildContentDisposition(header.fileName));
+		res.setHeader("Attachment-Metadata", buildMetadataHeader(header));
+		Readable.fromWeb(body).pipe(res);
+	};
+}
+function buildMetadataHeader(header) {
+	return JSON.stringify({
+		mimeType: header.mimeType,
+		fileName: header.fileName,
+		sizeBytes: header.sizeBytes,
+		extension: header.extension,
+		createdAtUtc: header.createdAtUtc,
+		lastAccessedAtUtc: header.lastAccessedAtUtc
+	});
+}
+function makeStatHandler(attachments) {
+	return async (req, res) => {
+		const hash = extractParam(req, "hash");
+		if (!hash || !HASH_PATTERN.test(hash)) {
+			sendError(res, 400, "Invalid attachment hash");
+			return;
+		}
+		const canonicalHash = hash.toLowerCase();
+		let header;
+		try {
+			header = await attachments.store.stat(canonicalHash);
+		} catch (err) {
+			sendErrorFromException(res, err);
+			return;
+		}
+		res.statusCode = 200;
+		res.setHeader("Content-Type", header.mimeType);
+		res.setHeader("Content-Length", String(header.sizeBytes));
+		res.setHeader("Content-Disposition", buildContentDisposition(header.fileName));
+		res.setHeader("Attachment-Metadata", buildMetadataHeader(header));
+		res.end();
+	};
+}
+function makeGetReservationHandler(attachments) {
+	return async (req, res) => {
+		const reservationId = extractParam(req, "reservationId");
+		if (!reservationId) {
+			sendError(res, 400, "Missing reservationId");
+			return;
+		}
+		try {
+			sendJson(res, 200, await attachments.reservations.get(reservationId));
+		} catch (err) {
+			sendErrorFromException(res, err);
+		}
+	};
+}
+function makeDeleteReservationHandler(attachments) {
+	return async (req, res) => {
+		const reservationId = extractParam(req, "reservationId");
+		if (!reservationId) {
+			sendError(res, 400, "Missing reservationId");
+			return;
+		}
+		try {
+			await attachments.reservations.delete(reservationId);
+			res.statusCode = 204;
+			res.end();
+		} catch (err) {
+			sendErrorFromException(res, err);
+		}
+	};
+}
+function extractParam(req, name) {
+	return req.params?.[name];
+}
+//#endregion
+//#region src/attachments/index.ts
+function registerAttachmentRoutes(api) {
+	const { attachments } = api;
+	mountAuthenticatedNodeRoute(api, "POST", "/attachments/reservations", makeReserveHandler(attachments));
+	mountAuthenticatedNodeRoute(api, "GET", "/attachments/reservations/:reservationId", makeGetReservationHandler(attachments));
+	mountAuthenticatedNodeRoute(api, "DELETE", "/attachments/reservations/:reservationId", makeDeleteReservationHandler(attachments));
+	mountAuthenticatedNodeRoute(api, "PUT", "/attachments/reservations/:reservationId", makeUploadHandler(attachments));
+	mountAuthenticatedNodeRoute(api, "HEAD", "/attachments/:hash", makeStatHandler(attachments));
+	mountAuthenticatedNodeRoute(api, "GET", "/attachments/:hash", makeDownloadHandler(attachments));
+}
+//#endregion
+//#region src/feature-flags.ts
+async function initFeatureFlags() {
+	const provider = new EnvVarProvider();
+	await OpenFeature.setProviderAndWait(provider);
+	return OpenFeature.getClient();
+}
+//#endregion
+//#region src/pglite-migration.ts
+function backupPath(dataDir, major) {
+	return `${dataDir}.backup-pg${major}-${(/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-")}`;
+}
+async function pathExists(p) {
+	try {
+		await promises.stat(p);
+		return true;
+	} catch {
+		return false;
+	}
+}
+function logRestoreFailure(dataDir, sql, err, logger) {
+	const errObj = err;
+	const position = typeof errObj.position === "string" ? parseInt(errObj.position, 10) : typeof errObj.position === "number" ? errObj.position : NaN;
+	logger.error(`[pglite-migration] Restore failed for ${dataDir}: code=${errObj.code ?? ""} severity=${errObj.severity ?? ""} message=${errObj.message ?? ""} sqlLength=${sql.length}`);
+	if (Number.isFinite(position) && position > 0) {
+		const zeroBased = position - 1;
+		const start = Math.max(0, zeroBased - 200);
+		const end = Math.min(sql.length, zeroBased + 200);
+		const before = sql.slice(start, zeroBased);
+		const at = sql.slice(zeroBased, zeroBased + 1);
+		const after = sql.slice(zeroBased + 1, end);
+		logger.error(`[pglite-migration] SQL context around position ${position}:\n${before}»${at}«${after}`);
+	} else logger.error(`[pglite-migration] No position info. First 2000 chars of dump:\n${sql.slice(0, 2e3)}`);
+}
+/**
+* Migrate a filesystem PGLite data directory from a legacy PG major to the
+* current one. Renames the existing dir to a timestamped backup, dumps via the
+* matching legacy `pg_dump`, restores into a fresh current-version PGLite at
+* the original path. On failure, the original dir is restored from the backup.
+*
+* No-op when the dir is missing or already at the current major.
+*/
+async function migratePgliteDir(dataDir, logger) {
+	const major = await readPgVersionFile(dataDir);
+	if (major === null) {
+		logger.info(`[pglite-migration] No PG_VERSION at ${dataDir}; skipping migration`);
+		return;
+	}
+	if (major === 17) return;
+	if (!isSupportedMajor(major)) throw new Error(`Unsupported legacy PGlite data dir: PG_VERSION=${major} for ${dataDir}`);
+	const backupDir = backupPath(dataDir, major);
+	logger.info(`[pglite-migration] Migrating ${dataDir} from PG${major} to PG17; backup: ${backupDir}`);
+	await promises.rename(dataDir, backupDir);
+	let sql;
+	try {
+		const [legacyMod, pgDump] = await Promise.all([loadPGliteModule(major), loadPgDump(major)]);
+		const LegacyPGlite = legacyMod.PGlite;
+		const pg = new LegacyPGlite(backupDir);
+		try {
+			await pg.waitReady;
+			sql = await (await pgDump({ pg })).text();
+		} finally {
+			await pg.close();
+		}
+	} catch (err) {
+		await rollback(dataDir, backupDir, err, logger);
+		throw err;
+	}
+	try {
+		const CurrentPGlite = (await loadPGliteModule(17)).PGlite;
+		const pg = new CurrentPGlite(dataDir, { relaxedDurability: false });
+		try {
+			await pg.waitReady;
+			try {
+				await pg.exec("SET standard_conforming_strings = off;");
+			} catch (gucErr) {
+				logger.warn(`[pglite-migration] Could not force standard_conforming_strings=off: ${String(gucErr)}`);
+			}
+			try {
+				await pg.exec(sql);
+			} catch (execErr) {
+				logRestoreFailure(dataDir, sql, execErr, logger);
+				throw execErr;
+			}
+		} finally {
+			await pg.close();
+		}
+	} catch (err) {
+		await rollback(dataDir, backupDir, err, logger);
+		throw err;
+	}
+	logger.info(`[pglite-migration] Migration of ${dataDir} complete. Backup retained at ${backupDir}; remove it manually once you have verified the upgrade.`);
+}
+async function rollback(dataDir, backupDir, originalError, logger) {
+	try {
+		if (await pathExists(dataDir)) await promises.rm(dataDir, {
+			recursive: true,
+			force: true
+		});
+		if (await pathExists(backupDir)) await promises.rename(backupDir, dataDir);
+	} catch (rollbackErr) {
+		logger.error(`[pglite-migration] Migration AND rollback failed for ${dataDir}. Original error: ${String(originalError)}; rollback error: ${String(rollbackErr)}; backup may still exist at ${backupDir}.`);
+		return;
+	}
+	logger.error(`[pglite-migration] Migration failed for ${dataDir}; rolled back from ${backupDir}. Original error: ${String(originalError)}`);
+}
+//#endregion
+//#region src/renown.ts
+const logger = childLogger(["switchboard", "renown"]);
+/**
+* Initialize Renown for the Switchboard instance.
+* This allows Switchboard to authenticate with remote services
+* using the same identity established during `ph login`.
+*/
+async function initRenown(options = {}) {
+	const { keypairPath, requireExisting = false, baseUrl = DEFAULT_RENOWN_URL } = options;
+	const keyStorage = new NodeKeyStorage(keypairPath, { logger });
+	const existingKeyPair = await keyStorage.loadKeyPair();
+	if (!existingKeyPair && requireExisting) throw new Error("No existing keypair found and requireExisting is true. Run \"ph login\" to create one.");
+	if (!existingKeyPair) logger.info("No existing keypair found. A new one will be generated.");
+	const renownCrypto = await new RenownCryptoBuilder().withKeyPairStorage(keyStorage).build();
+	const renown = await new RenownBuilder("switchboard", {}).withCrypto(renownCrypto).withBaseUrl(baseUrl).build();
+	logger.info("Switchboard identity initialized: @did", renownCrypto.did);
+	return renown;
+}
+/**
+* Get the signer config for the given renown instance.
+*
+* @param renown - The renown instance
+* @param requireSignature - If true, unsigned actions are rejected
+*/
+function getRenownSignerConfig(renown, requireSignature) {
+	return {
+		signer: renown.signer,
+		verifier: createSignatureVerifier(requireSignature)
+	};
+}
+//#endregion
+//#region src/server.mts
+const defaultLogger = childLogger(["switchboard"]);
+const LogLevel = process.env.LOG_LEVEL || "info";
+setLogLevel(LogLevel);
+dotenv.config();
+const DOCUMENT_MODEL_SUBGRAPHS_ENABLED = "DOCUMENT_MODEL_SUBGRAPHS_ENABLED";
+const DOCUMENT_MODEL_SUBGRAPHS_ENABLED_DEFAULT = true;
+const REQUIRE_SIGNATURES = "REQUIRE_SIGNATURES";
+const REQUIRE_SIGNATURES_DEFAULT = false;
+if (process.env.SENTRY_DSN) {
+	defaultLogger.info("Initialized Sentry with env: @env", process.env.SENTRY_ENV);
+	Sentry.init({
+		dsn: process.env.SENTRY_DSN,
+		environment: process.env.SENTRY_ENV,
+		release: process.env.SENTRY_RELEASE || (process.env.npm_package_version ? `v${process.env.npm_package_version}` : void 0)
+	});
+}
+const DEFAULT_PORT = process.env.PORT ? Number(process.env.PORT) : 4001;
+const PORT_FALLBACK_ATTEMPTS = 20;
+/**
+* Attempt to bind a throwaway TCP server to the given port. Resolves true if
+* the port is free, false if the OS reports it in use. Any other error is
+* surfaced so we don't silently mask real issues (permissions, bad host, …).
+*/
+function isPortAvailable(port) {
+	return new Promise((resolve, reject) => {
+		const tester = net.createServer();
+		tester.once("error", (err) => {
+			if (err.code === "EADDRINUSE" || err.code === "EACCES") resolve(false);
+			else reject(err);
+		});
+		tester.once("listening", () => {
+			tester.close(() => resolve(true));
+		});
+		tester.listen({
+			port,
+			host: "::"
+		});
+	});
+}
+async function resolveServerPort(requested, strictPort, logger) {
+	if (strictPort) return requested;
+	for (let i = 0; i < PORT_FALLBACK_ATTEMPTS; i++) {
+		const candidate = requested + i;
+		if (await isPortAvailable(candidate)) {
+			if (candidate !== requested) logger.info(`Port ${requested} is in use. Falling back to port ${candidate}.`);
+			return candidate;
+		}
+	}
+	return requested;
+}
+async function initServer(serverPort, options, renown) {
+	if (options.meterProvider) metrics.setGlobalMeterProvider(options.meterProvider);
+	const { dev, packages = [], remoteDrives = [], logger = defaultLogger } = options;
+	logger.level = LogLevel;
+	const dbPath = options.dbPath ?? process.env.DATABASE_URL;
+	const readModelPath = dbPath || ".ph/read-storage";
+	const reactorDbUrl = process.env.PH_REACTOR_DATABASE_URL;
+	const reactorPgliteDir = !reactorDbUrl || !isPostgresUrl(reactorDbUrl) ? "./.ph/reactor-storage" : null;
+	const readModelPgliteDir = !dbPath || !isPostgresUrl(dbPath) ? readModelPath : null;
+	const pgliteDirs = [reactorPgliteDir, readModelPgliteDir].filter((d) => d !== null);
+	const detectedMajors = /* @__PURE__ */ new Map();
+	if (options.forcePgVersion !== void 0 && pgliteDirs.length > 0) {
+		if (options.migratePglite) logger.warn("PH_FORCE_PG_VERSION is set; ignoring --migrate-pglite/PH_MIGRATE_PGLITE because the data dirs will be wiped.");
+		logger.warn(`PH_FORCE_PG_VERSION=${options.forcePgVersion} set; wiping PGLite data dirs and re-initializing at PG${options.forcePgVersion}.`);
+		for (const dir of pgliteDirs) {
+			await promises.rm(dir, {
+				recursive: true,
+				force: true
+			});
+			logger.info(`Wiped PGLite data dir ${dir}`);
+		}
+	} else if (options.forcePgVersion === void 0) {
+		for (const dir of pgliteDirs) {
+			const major = await readPgVersionFile(dir);
+			if (major !== null) detectedMajors.set(dir, major);
+		}
+		if (options.migratePglite) for (const [dir, major] of detectedMajors) {
+			if (major === 17) continue;
+			await migratePgliteDir(dir, logger);
+			const after = await readPgVersionFile(dir);
+			if (after !== null) detectedMajors.set(dir, after);
+		}
+		else for (const [dir, major] of detectedMajors) {
+			if (major === 17) continue;
+			logger.warn(`PGLite data dir at ${dir} was created with PG${major} but Switchboard ships PG17. Running on legacy PGLite. Re-start with --migrate-pglite (or PH_MIGRATE_PGLITE=true) to upgrade.`);
+		}
+	}
+	function resolvePgliteMajorForDir(dir) {
+		if (options.forcePgVersion !== void 0) return options.forcePgVersion;
+		const detected = detectedMajors.get(dir);
+		if (detected === void 0) return 17;
+		if (!isSupportedMajor(detected)) throw new Error(`Unsupported PGLite data dir at ${dir}: PG_VERSION=${detected}`);
+		return detected;
+	}
+	const reactorPgliteMajor = reactorPgliteDir ? resolvePgliteMajorForDir(reactorPgliteDir) : null;
+	const readModelPgliteMajor = readModelPgliteDir ? resolvePgliteMajorForDir(readModelPgliteDir) : null;
+	const apiRef = { current: void 0 };
+	const config = getConfig(options.configFile ?? path$1.join(process.cwd(), "powerhouse.config.json"));
+	const registryUrl = process.env.PH_REGISTRY_URL ?? config.packageRegistryUrl;
+	const registryPackages = process.env.PH_REGISTRY_PACKAGES;
+	const dynamicModelLoading = options.dynamicModelLoading ?? process.env.DYNAMIC_MODEL_LOADING === "true";
+	let httpLoader;
+	if (registryUrl) {
+		register(httpsHooksPath, import.meta.url);
+		httpLoader = new HttpPackageLoader({ registryUrl });
+		registryPackages?.split(",").forEach((p) => {
+			const name = p.trim();
+			if (!packages.includes(name)) packages.push(name);
+		});
+	}
+	const reactorLogger = logger.child(["reactor"]);
+	const initializeClient = async (documentModels$1) => {
+		const eventBus = new EventBus();
+		const builder = new ReactorBuilder().withEventBus(eventBus).withDocumentModels(getUniqueDocumentModels([
+			documentModelDocumentModelModule,
+			driveDocumentModelModule,
+			...documentModels,
+			...documentModels$1
+		])).withChannelScheme(ChannelScheme.SWITCHBOARD).withSignalHandlers().withLogger(reactorLogger);
+		const maxSkipThreshold = parseInt(process.env.MAX_SKIP_THRESHOLD ?? "", 10);
+		if (!isNaN(maxSkipThreshold) && maxSkipThreshold > 0) {
+			builder.withExecutorConfig({ maxSkipThreshold });
+			logger.info(`Reactor maxSkipThreshold set to ${maxSkipThreshold}`);
+		}
+		if (reactorDbUrl && isPostgresUrl(reactorDbUrl)) {
+			const kysely = new Kysely({ dialect: new PostgresDialect({ pool: new Pool({ connectionString: reactorDbUrl.includes("?") ? reactorDbUrl : `${reactorDbUrl}?sslmode=disable` }) }) });
+			builder.withKysely(kysely);
+			logger.info("Using PostgreSQL for reactor storage");
+		} else {
+			if (!reactorPgliteDir || reactorPgliteMajor === null) throw new Error("Reactor PGLite directory not resolved");
+			const { PGlite } = await loadPGliteModule(reactorPgliteMajor);
+			const kysely = new Kysely({ dialect: new ClosablePGliteDialect(new PGlite(reactorPgliteDir)) });
+			builder.withKysely(kysely);
+			logger.info(`Using PGlite (PG${reactorPgliteMajor}) for reactor storage at ${reactorPgliteDir}`);
+		}
+		builder.withShutdownHook(async () => {
+			if (apiRef.current) await apiRef.current.dispose();
+		});
+		if (httpLoader && dynamicModelLoading) builder.withDocumentModelLoader(httpLoader.documentModelLoader);
+		const clientBuilder = new ReactorClientBuilder().withReactorBuilder(builder);
+		if (renown) {
+			const signerConfig = getRenownSignerConfig(renown, options.identity?.requireSignatures);
+			clientBuilder.withSigner(signerConfig);
+		}
+		const module = await clientBuilder.buildModule();
+		if (module.reactorModule) {
+			new ReactorInstrumentation(module.reactorModule).start();
+			reactorLogger.info("Reactor metrics instrumentation started");
+		}
+		return module;
+	};
+	let defaultDriveUrl = void 0;
+	const basePath = process.cwd();
+	const viteLogger = createViteLogger(logger);
+	const vite = dev ? await startViteServer(process.cwd(), viteLogger) : void 0;
+	if (!options.disableLocalPackages) packages.push(basePath);
+	const packageLoaders = [];
+	if (vite) packageLoaders.push(VitePackageLoader.build(vite));
+	else packageLoaders.push(new ImportPackageLoader());
+	if (httpLoader) {
+		packageLoaders.push(httpLoader);
+		registryPackages?.split(",").forEach((p) => {
+			const name = p.trim();
+			if (!packages.includes(name)) packages.push(name);
+		});
+	}
+	const apiLogger = logger.child(["reactor-api"]);
+	let pgliteFactory;
+	if (readModelPgliteDir && readModelPgliteMajor !== null) {
+		const { PGlite: ReadModelPGlite } = await loadPGliteModule(readModelPgliteMajor);
+		pgliteFactory = (connectionString) => new ReadModelPGlite(connectionString ?? readModelPgliteDir);
+	}
+	const api = await initializeAndStartAPI(initializeClient, {
+		port: serverPort,
+		dbPath: readModelPath,
+		pgliteFactory,
+		https: options.https,
+		packageLoaders: packageLoaders.length > 0 ? packageLoaders : void 0,
+		packages,
+		processorConfig: options.processorConfig,
+		processors: { "@powerhousedao/vetra": [processorFactory] },
+		configFile: options.configFile ?? path$1.join(process.cwd(), "powerhouse.config.json"),
+		mcp: options.mcp ?? true,
+		logger: apiLogger,
+		enableDocumentModelSubgraphs: options.enableDocumentModelSubgraphs
+	}, "switchboard");
+	apiRef.current = api;
+	registerAttachmentRoutes(api);
+	if (process.env.SENTRY_DSN) api.httpAdapter.setupSentryErrorHandler(Sentry);
+	const { client, graphqlManager, documentModelRegistry } = api;
+	if (httpLoader) {
+		const packageManagementService = new PackageManagementService({
+			defaultRegistryUrl: registryUrl,
+			httpLoader,
+			documentModelRegistry
+		});
+		packageManagementService.setOnModelsChanged(() => {
+			graphqlManager.regenerateDocumentModelSubgraphs().catch(logger.error);
+		});
+		const packagesSubgraph = new PackagesSubgraph({
+			relationalDb: void 0,
+			analyticsStore: void 0,
+			reactorClient: client,
+			graphqlManager,
+			syncManager: api.syncManager,
+			path: graphqlManager.getBasePath(),
+			packageManagementService
+		});
+		graphqlManager.registerSubgraphInstance(packagesSubgraph, "graphql", false).then(() => graphqlManager.updateRouter()).catch((error) => {
+			logger.error("Failed to register packages subgraph: @error", error);
+		});
+	}
+	if (options.drive) {
+		if (!renown) throw new Error("Cannot create default drive without Renown identity");
+		defaultDriveUrl = await addDefaultDrive(client, options.drive, serverPort);
+	}
+	if (vite) api.httpAdapter.mountRawMiddleware(vite.middlewares);
+	if (remoteDrives.length > 0) for (const remoteDriveUrl of remoteDrives) {
+		let driveId;
+		try {
+			const { syncManager } = api;
+			const parsed = parseDriveUrl(remoteDriveUrl);
+			driveId = parsed.driveId;
+			const remoteName = `remote-drive-${driveId}-${crypto.randomUUID()}`;
+			await syncManager.add(remoteName, driveCollectionId("main", driveId), {
+				type: "gql",
+				parameters: { url: parsed.graphqlEndpoint }
+			});
+			logger.debug("Remote drive @remoteDriveUrl synced", remoteDriveUrl);
+		} catch (error) {
+			if (error instanceof Error && error.message.includes("already exists")) {
+				logger.debug("Remote drive already added: @remoteDriveUrl", remoteDriveUrl);
+				driveId = remoteDriveUrl.split("/").pop();
+			} else logger.error("Failed to connect to remote drive @remoteDriveUrl: @error", remoteDriveUrl, error);
+		} finally {
+			if (!defaultDriveUrl && driveId) defaultDriveUrl = `${options.https ? "https" : "http"}://localhost:${serverPort}/d/${driveId}`;
+		}
+	}
+	return {
+		defaultDriveUrl,
+		api,
+		reactor: client,
+		renown,
+		port: serverPort
+	};
+}
+const startSwitchboard = async (options = {}) => {
+	const requestedPort = options.port ?? DEFAULT_PORT;
+	const logger = options.logger ?? defaultLogger;
+	const serverPort = await resolveServerPort(requestedPort, options.strictPort ?? false, logger);
+	const featureFlags = await initFeatureFlags();
+	const enableDocumentModelSubgraphs = await featureFlags.getBooleanValue(DOCUMENT_MODEL_SUBGRAPHS_ENABLED, options.enableDocumentModelSubgraphs ?? DOCUMENT_MODEL_SUBGRAPHS_ENABLED_DEFAULT);
+	options.enableDocumentModelSubgraphs = enableDocumentModelSubgraphs;
+	const requireSignatures = options.identity?.requireSignatures ?? await featureFlags.getBooleanValue(REQUIRE_SIGNATURES, REQUIRE_SIGNATURES_DEFAULT);
+	options.identity = {
+		...options.identity,
+		requireSignatures
+	};
+	logger.info("Feature flags: @flags", JSON.stringify({
+		DOCUMENT_MODEL_SUBGRAPHS_ENABLED: enableDocumentModelSubgraphs,
+		REQUIRE_SIGNATURES: requireSignatures
+	}, null, 2));
+	let renown = null;
+	try {
+		renown = await initRenown(options.identity);
+	} catch (e) {
+		logger.warn("Failed to initialize ConnectCrypto: @error", e);
+		if (options.identity?.requireExisting) throw new Error("Identity required but failed to initialize. Run \"ph login\" first.");
+	}
+	try {
+		return await initServer(serverPort, options, renown);
+	} catch (e) {
+		Sentry.captureException(e);
+		logger.error("App crashed: @error", e);
+		throw e;
+	}
+};
+if (import.meta.main) await startSwitchboard();
+//#endregion
+export { startSwitchboard as n, parseForcePgVersion as r, isPortAvailable as t };
+
+//# sourceMappingURL=server-UGYERfMo.mjs.map