@sanity/workbench 0.1.0-alpha.12 → 0.1.0-alpha.14

package/src/core/log/index.ts

@@ -26,6 +26,7 @@ export interface Logger {
   warn: (message: string, context?: LogContext) => void;
   info: (message: string, context?: LogContext) => void;
   debug: (message: string, context?: LogContext) => void;
+  child: (domain: string, context?: LogContext) => Logger;
 }
 
 const LEVELS: readonly LogLevel[] = ["none", "error", "warn", "info", "debug"];
@@ -37,6 +38,31 @@ interface LoggerOptions {
 }
 
 /**
+ * Creates a leveled logger with an optional namespace prefix and bound
+ * context. Calls below the configured `logLevel` are suppressed; `"none"`
+ * silences the logger entirely.
+ *
+ * Use {@link Logger.child} to derive a sub-logger with an extended namespace
+ * (e.g. `parent:domain`) that inherits the parent's level and merges its
+ * bound context.
+ *
+ * @param options - Logger configuration.
+ * @param options.namespace - Prepended to every message in `[brackets]`.
+ * @param options.context - Bound context merged with per-call context.
+ *   Per-call keys win on conflict.
+ * @param options.logLevel - Maximum verbosity to emit. Default `"info"`.
+ *
+ * @example
+ * ```ts
+ * const log = createLogger({ namespace: "checkout", logLevel: "debug" });
+ * log.info("placed", { orderId: "abc" });
+ * // → [checkout] placed { orderId: "abc" }
+ *
+ * const auth = log.child("auth", { tenant: "acme" });
+ * auth.warn("token expiring");
+ * // → [checkout:auth] token expiring { tenant: "acme" }
+ * ```
+ *
  * @public
  */
 export function createLogger({
@@ -76,6 +102,13 @@ export function createLogger({
     warn: (message, context) => logAtLevel("warn", message, context),
     info: (message, context) => logAtLevel("info", message, context),
     debug: (message, context) => logAtLevel("debug", message, context),
+    child: (domain, context) =>
+      createLogger({
+        logLevel,
+        namespace: namespace ? `${namespace}:${domain}` : domain,
+        context:
+          baseContext || context ? { ...baseContext, ...context } : undefined,
+      }),
   };
 }
 

package/src/core/user-applications/core-app.ts

@@ -29,19 +29,22 @@ const CoreAppUserApplicationBase = UserApplicationBase.extend({
   title: z.string(),
   organizationId: OrganizationId,
   type: z.literal("coreApp"),
-  manifest: CoreAppUserApplicationManifest.nullable().optional(),
 });
 
+// Core apps surface their manifest exclusively via `activeDeployment.manifest`
+// — they have no top-level `manifest` field and no `manifestData`.
+const CoreAppActiveDeployment = ActiveDeployment.extend({
+  manifest: CoreAppUserApplicationManifest.nullable(),
+}).nullable();
+
 const InternalCoreAppUserApplication = CoreAppUserApplicationBase.extend({
   urlType: z.literal("internal"),
-  activeDeployment: ActiveDeployment.extend({
-    manifest: CoreAppUserApplicationManifest.nullable().optional(),
-  }).nullable(),
+  activeDeployment: CoreAppActiveDeployment,
 });
 
 const ExternalCoreAppUserApplication = CoreAppUserApplicationBase.extend({
   urlType: z.literal("external"),
-  activeDeployment: z.null(),
+  activeDeployment: CoreAppActiveDeployment,
 });
 
 /**
@@ -98,7 +101,17 @@ export class CoreAppApplication extends UserApplication<
   }
 
   get title() {
-    return this.activeDeployment?.manifest?.title ?? this.application.title;
+    return this.manifest?.title ?? this.application.title;
+  }
+
+  /**
+   * Resolves the core app's manifest from `activeDeployment.manifest`. This
+   * is the canonical (and only) slot for core app manifests — both for
+   * Sanity-deployed apps and for local CLI dev-server apps, which synthesise
+   * a deployment to surface the live manifest.
+   */
+  get manifest(): CoreAppUserApplicationManifest | null {
+    return this.activeDeployment?.manifest ?? null;
   }
 
   get subtitle() {

package/src/core/user-applications/studios/schemas.ts

@@ -18,7 +18,10 @@ const Workspace = z.object({
  */
 export type Workspace = z.output<typeof Workspace>;
 
-const ServerManifest = z.object({
+/**
+ * @public
+ */
+export const ServerManifest = z.object({
   buildId: z.string().optional(),
   bundleVersion: z.string().optional(),
   version: z.string().optional(),
@@ -32,6 +35,11 @@ const ServerManifest = z.object({
     .optional(),
 });
 
+/**
+ * @public
+ */
+export type ServerManifest = z.output<typeof ServerManifest>;
+
 /**
  * @public
  */
@@ -56,6 +64,9 @@ const StudioUserApplicationBase = UserApplicationBase.extend({
   title: z.string().nullable(),
   projectId: ProjectId,
   type: z.literal("studio"),
+  /**
+   * @deprecated Use `manifestData` instead.
+   */
   manifest: ClientManifest.nullable(),
   manifestData: z.object({ value: ClientManifest }).nullable(),
   autoUpdatingVersion: z.string().nullable(),

package/src/core/user-applications/studios/studio.ts

@@ -1,40 +1,52 @@
 import type { SemVer } from "semver";
 import { coerce, gt, gte, lt, rsort, valid } from "semver";
+import { z } from "zod";
 
 import type { Project } from "../../projects";
 import { UserApplication } from "../user-application";
 import {
+  type ClientManifest as ClientManifestType,
+  type ServerManifest as ServerManifestType,
   type Workspace,
   type StudioUserApplication,
   ClientManifest as ClientManifestSchema,
+  ServerManifest as ServerManifestSchema,
 } from "./schemas";
 import { StudioWorkspace } from "./workspace";
 
-const ClientManifest = ClientManifestSchema.superRefine((data, ctx) => {
-  if (!data.version) {
-    ctx.addIssue({
-      code: "invalid_type",
-      message: "Manifest version is too old",
-      expected: "number",
-    });
-  }
+/**
+ * Validated manifest — accepts either a refined client manifest (with
+ * version ≥ 2 and `studioVersion` set for v3+) or a server/deployment
+ * manifest. Parsing fails when the input matches neither shape.
+ */
+const Manifest = z.union([
+  ClientManifestSchema.superRefine((data, ctx) => {
+    if (!data.version) {
+      ctx.addIssue({
+        code: "invalid_type",
+        message: "Manifest version is too old",
+        expected: "number",
+      });
+    }
 
-  if (data.version < 2) {
-    ctx.addIssue({
-      code: "invalid_value",
-      message: "Manifest version is too old",
-      values: [2, 3],
-    });
-  }
+    if (data.version < 2) {
+      ctx.addIssue({
+        code: "invalid_value",
+        message: "Manifest version is too old",
+        values: [2, 3],
+      });
+    }
 
-  if (data.version >= 3 && !data.studioVersion) {
-    ctx.addIssue({
-      code: "invalid_type",
-      message: "Manifest version 3 or higher requires a `studioVersion`",
-      expected: "string",
-    });
-  }
-});
+    if (data.version >= 3 && !data.studioVersion) {
+      ctx.addIssue({
+        code: "invalid_type",
+        message: "Manifest version 3 or higher requires a `studioVersion`",
+        expected: "string",
+      });
+    }
+  }),
+  ServerManifestSchema,
+]);
 
 const DEFAULT_WORKSPACE_DATA = {
   name: "default",
@@ -83,21 +95,18 @@ export class StudioApplication extends UserApplication<
     super(application, "studio", options);
 
     /**
-     * If the application has a manifest, then we validate it and create
-     * a workspace for each manifest entry. Otherwise, we will create a "default"
-     * workspace which is pretty much identical to when a user has a single workspace
-     * studio application using the term "default" in places.
+     * Derive workspaces from the application's most authoritative manifest.
+     * `this.manifest` already prefers the deployment manifest over the
+     * client manifest; the `Manifest` schema accepts either shape and
+     * rejects malformed ones (e.g. a v3 client manifest missing
+     * `studioVersion`). A parse failure logs a warning and falls through
+     * to the default-workspace path rather than crashing.
      */
     let workspaces: Workspace[] = [];
-    if (this.hasManifest) {
-      /**
-       * If the workspaces fail to parse we dont want to throw an error because
-       * this could potentially crash the app. Instead we log a warning and return an empty array.
-       */
+    const manifest = this.manifest;
+    if (manifest) {
       try {
-        workspaces = ClientManifest.parse(
-          application.manifestData?.value,
-        ).workspaces;
+        workspaces = Manifest.parse(manifest).workspaces ?? [];
       } catch (error) {
         console.warn(
           `Failed to parse manifest for application ${application.id}`,
@@ -106,34 +115,6 @@ export class StudioApplication extends UserApplication<
       }
     }
 
-    if (workspaces.length === 0) {
-      /**
-       * If the user application does not have a valid manifest or no workspaces,
-       * we attempt to get the manifest from the server-side maninfest first and then
-       * fall back to the live-manifest.
-       *
-       * In the future this should happen even before checking the traditional manifest,
-       * but for now we keep the current order to not introduce breaking changes.
-       *
-       * The live manifest is inherintly less reliable as it depends on which user has
-       * uploaded it, which is why this is wrapped in a feature flag for now.
-       */
-      const deploymentManifest = application.activeDeployment?.manifest;
-      // const liveManifest = growthbook.isOn('dashboard-use-live-manifest')
-      //   ? application.config['live-manifest']?.value
-      //   : null
-
-      const serverManifest = deploymentManifest; /*?? liveManifest*/
-      const serverManifestWorkspaces = serverManifest?.workspaces;
-
-      if (
-        Array.isArray(serverManifestWorkspaces) &&
-        serverManifestWorkspaces.length
-      ) {
-        workspaces = serverManifestWorkspaces;
-      }
-    }
-
     /**
      * Filter all the workspaces that have a project the user does not have access to.
      */
@@ -236,24 +217,57 @@ export class StudioApplication extends UserApplication<
     return this.application[attr];
   }
 
-  get hasManifest(): boolean {
+  /**
+   * Resolves the studio's most authoritative manifest. The lookup order is:
+   *
+   * 1. `activeDeployment.manifest` — deployment manifests are the new
+   *    primitive within Sanity and are preferred whenever available.
+   * 2. `manifestData.value` — fallback to support older studios that
+   *    haven't produced a deployment manifest yet.
+   * 3. `application.manifest` — last-resort legacy field.
+   *
+   * Returns `null` when no manifest is available. The return shape is a
+   * union because the deployment and client manifests are not
+   * interchangeable — consumers that depend on client-only fields (e.g.
+   * `studioVersion`, workspace `schema`) must narrow or read the raw
+   * field they need.
+   */
+  get manifest(): ClientManifestType | ServerManifestType | null {
     return (
-      typeof this.application.manifestData?.value?.version === "number" &&
-      this.application.manifestData?.value?.version >= 2
+      this.application.activeDeployment?.manifest ??
+      this.application.manifestData?.value ??
+      this.application.manifest ??
+      null
     );
   }
 
+  get hasManifest(): boolean {
+    const manifest = this.manifest;
+    if (!manifest) return false;
+
+    // `manifest` is a union: server manifests encode `version` as an optional
+    // string, client manifests as a required number. The typeof check doubles
+    // as a discriminator — if it's not a number, we're looking at a server
+    // manifest whose presence alone is authoritative.
+    return typeof manifest.version !== "number" || manifest.version >= 2;
+  }
+
   get hasSchema(): boolean {
-    // In this case we can not look at `this.workspaces` because it won't contain workspaces the user does
-    // not have access to. The application has a schema, even if the user can't access any of the workspaces,
-    // otherwise it would be displayed as not having a manifest in the setup guide and therefore considered
+    // A deployment manifest tracks a schema descriptor for every workspace,
+    // so its presence is sufficient to short-circuit.
+    if (this.application.activeDeployment?.manifest) return true;
+
+    // Otherwise inspect the client manifest. We cannot look at
+    // `this.workspaces` because it won't contain workspaces the user does
+    // not have access to. The application has a schema even if the user
+    // can't access any of the workspaces, otherwise it would be displayed
+    // as not having a manifest in the setup guide and therefore considered
     // partially compatible.
-    const workspaces = this.get("manifestData")?.value?.workspaces ?? [];
-
-    if (workspaces.length === 0) {
-      return false;
-    }
+    const clientManifest =
+      this.application.manifestData?.value ?? this.application.manifest;
+    const workspaces = clientManifest?.workspaces ?? [];
 
+    if (workspaces.length === 0) return false;
     return workspaces.every((w) => Boolean(w.schema));
   }
 
@@ -265,12 +279,13 @@ export class StudioApplication extends UserApplication<
     if (this.get("urlType") === "internal") {
       version = this.get("activeDeployment")?.version;
     } else {
-      const manifest = this.get("manifestData")?.value;
+      const clientManifest =
+        this.get("manifestData")?.value ?? this.get("manifest");
       // The property 'studioVersion' exists only on external studios,
       // starting from manifest.version 3
       version =
-        manifest && "studioVersion" in manifest
-          ? manifest.studioVersion
+        clientManifest && "studioVersion" in clientManifest
+          ? clientManifest.studioVersion
           : undefined;
     }
 

package/src/core/user-applications/studios/workspace.ts

@@ -108,7 +108,12 @@ export class StudioWorkspace extends AbstractApplication<
       id: this.id,
       hasManifest: true,
       hasSchema: Boolean("schema" in this.workspace && this.workspace.schema),
+      // The protocol resource requires the client-shaped manifest (workspaces
+      // with `schema`). Read those sources directly rather than the unified
+      // `manifest` getter, which may return a `ServerManifest` for studios
+      // with a deployment manifest.
       manifest: (this.studio.get("manifestData")?.value ??
+        this.studio.get("manifest") ??
         null) as ProtocolStudioResource["manifest"],
       updatedAt: this.studio.get("updatedAt"),
       version: this.studio.get("activeDeployment")?.version,

package/src/core/user-applications/user-application.ts

@@ -8,7 +8,7 @@ import {
 } from "../applications/application";
 import { getSanityDomain, getSanityEnv } from "../env";
 import type { CoreAppUserApplicationManifest } from "./core-app";
-import type { ClientManifest } from "./studios/schemas";
+import type { ClientManifest, ServerManifest } from "./studios/schemas";
 
 /**
  * User application ID schema, branded for type safety.
@@ -186,4 +186,20 @@ export abstract class UserApplication<
 
     return new URL(this.application.appHost);
   }
+
+  /**
+   * Unified manifest accessor for user applications. Resolves the most
+   * authoritative manifest available for the application, preferring the
+   * deployment manifest (`activeDeployment.manifest`) before falling back to
+   * any client-side manifest. The returned shape depends on the application
+   * type and source: studios may yield either a `ServerManifest` (deployment)
+   * or a `ClientManifest` (fallback); core apps yield a
+   * `CoreAppUserApplicationManifest`. Returns `null` when no manifest is
+   * available.
+   */
+  abstract get manifest():
+    | ClientManifest
+    | ServerManifest
+    | CoreAppUserApplicationManifest
+    | null;
 }

package/src/system/auth.machine.ts

@@ -0,0 +1,223 @@
+import {
+  type AuthState,
+  AuthStateType,
+  type CurrentUser,
+  getAuthState,
+  type LoggedInAuthState,
+  logout,
+  type SanityInstance,
+} from "@sanity/sdk";
+import { assign, fromObservable, fromPromise, setup } from "xstate";
+
+import type { OSBaseInput } from "./root.machine";
+
+/**
+ * @internal
+ */
+export interface AuthInput extends OSBaseInput {}
+
+const authStateLogic = fromObservable<AuthState, AuthInput>(
+  ({ input }) => getAuthState(input.instance).observable,
+);
+
+/**
+ * @internal
+ */
+export interface LogoutInput extends OSBaseInput {}
+
+const logoutActorLogic = fromPromise<void, LogoutInput>(async ({ input }) => {
+  await logout(input.instance);
+});
+
+type AuthContext = {
+  instance: SanityInstance;
+  token: string | null;
+  currentUser: CurrentUser | null;
+  error: unknown;
+};
+
+type AuthEvent = { type: "auth.logout" };
+
+export const authLogic = setup({
+  types: {
+    input: {} as AuthInput,
+    context: {} as AuthContext,
+    events: {} as AuthEvent,
+    tags: {} as "authenticating" | "authenticated" | "error",
+  },
+  actors: {
+    authState: authStateLogic,
+    logoutActor: logoutActorLogic,
+  },
+  delays: {
+    authTimeout: 30_000,
+  },
+  guards: {
+    isLoggedInComplete: (_, params: { state: AuthState | undefined }) =>
+      params.state?.type === AuthStateType.LOGGED_IN &&
+      Boolean((params.state as LoggedInAuthState).token) &&
+      (params.state as LoggedInAuthState).currentUser !== null,
+    isAuthState: (
+      _,
+      params: { state: AuthState | undefined; type: AuthStateType },
+    ) => params.state?.type === params.type,
+  },
+  actions: {
+    setLoggedIn: assign({
+      token: (_, params: { token: string; currentUser: CurrentUser }) =>
+        params.token,
+      currentUser: (_, params: { token: string; currentUser: CurrentUser }) =>
+        params.currentUser,
+      error: () => null,
+    }),
+    clearAuth: assign({
+      token: () => null,
+      currentUser: () => null,
+      error: () => null,
+    }),
+    setError: assign({
+      token: () => null,
+      currentUser: () => null,
+      error: (_, params: { error: unknown }) => params.error,
+    }),
+  },
+}).createMachine({
+  id: "auth",
+  initial: "init",
+  context: ({ input }) => ({
+    instance: input.instance,
+    token: null,
+    currentUser: null,
+    error: null,
+  }),
+  invoke: {
+    src: "authState",
+    input: ({ context }) => ({ instance: context.instance }),
+    onSnapshot: [
+      {
+        guard: {
+          type: "isLoggedInComplete",
+          params: ({ event }) => ({
+            state: event.snapshot.context,
+          }),
+        },
+        actions: [
+          {
+            type: "setLoggedIn",
+            params: ({ event }) => {
+              const state = event.snapshot.context as LoggedInAuthState;
+              return {
+                token: state.token,
+                currentUser: state.currentUser!,
+              };
+            },
+          },
+        ],
+        target: `.${AuthStateType.LOGGED_IN}`,
+      },
+      {
+        guard: {
+          type: "isAuthState",
+          params: ({ event }) => ({
+            state: event.snapshot.context,
+            type: AuthStateType.LOGGING_IN,
+          }),
+        },
+        actions: [{ type: "clearAuth" }],
+        target: `.${AuthStateType.LOGGING_IN}`,
+      },
+      {
+        guard: {
+          type: "isAuthState",
+          params: ({ event }) => ({
+            state: event.snapshot.context,
+            type: AuthStateType.ERROR,
+          }),
+        },
+        actions: [
+          {
+            type: "setError",
+            params: ({ event }) => ({
+              error:
+                event.snapshot.context?.type === AuthStateType.ERROR
+                  ? event.snapshot.context.error
+                  : null,
+            }),
+          },
+        ],
+        target: `.${AuthStateType.ERROR}`,
+      },
+      {
+        guard: {
+          type: "isAuthState",
+          params: ({ event }) => ({
+            state: event.snapshot.context,
+            type: AuthStateType.LOGGED_OUT,
+          }),
+        },
+        actions: [{ type: "clearAuth" }],
+        target: `.${AuthStateType.LOGGED_OUT}`,
+      },
+    ],
+  },
+  states: {
+    init: {
+      tags: ["authenticating"],
+      after: {
+        authTimeout: {
+          actions: [
+            {
+              type: "setError",
+              params: () => ({
+                error: new Error("Authentication timed out"),
+              }),
+            },
+          ],
+          target: AuthStateType.ERROR,
+        },
+      },
+    },
+    [AuthStateType.LOGGING_IN]: {
+      tags: ["authenticating"],
+      after: {
+        authTimeout: {
+          actions: [
+            {
+              type: "setError",
+              params: () => ({
+                error: new Error("Authentication timed out"),
+              }),
+            },
+          ],
+          target: AuthStateType.ERROR,
+        },
+      },
+    },
+    [AuthStateType.LOGGED_IN]: {
+      tags: ["authenticated"],
+      on: {
+        "auth.logout": { target: "logging-out" },
+      },
+    },
+    ["logging-out"]: {
+      invoke: {
+        src: "logoutActor",
+        input: ({ context }) => ({ instance: context.instance }),
+        onDone: {
+          target: AuthStateType.LOGGED_OUT,
+        },
+        onError: {
+          actions: [
+            {
+              type: "setError",
+              params: ({ event }) => ({ error: event.error }),
+            },
+          ],
+          target: AuthStateType.ERROR,
+        },
+      },
+    },
+    [AuthStateType.LOGGED_OUT]: {},
+    [AuthStateType.ERROR]: { tags: ["error"] },
+  },
+});

package/src/system/index.ts

@@ -0,0 +1,11 @@
+export type { AuthInput, LogoutInput } from "./auth.machine";
+export type {
+  SystemPreferencesAdapter,
+  SystemPreferencesContext,
+  SystemPreferencesEvent,
+} from "./system-preferences.machine";
+export { os, createOSOptions } from "./root.machine";
+export type {
+  TelemetryInput,
+  WorkbenchUserProperties,
+} from "./telemetry.machine";

package/src/system/inspect.ts

@@ -0,0 +1,40 @@
+import { type ActorRefLike, type InspectionEvent } from "xstate";
+
+import { logger } from "../core";
+
+// Mirrors @statelyai/inspect's ActorRefLikeWithData — the inspect
+// callback receives full Actor instances at runtime, but the type is
+// narrowed for @xstate/store compat.
+type ActorRefWithAncestry = ActorRefLike & {
+  id?: string;
+  _parent?: ActorRefWithAncestry;
+};
+
+const actorPath = (ref: ActorRefWithAncestry): string => {
+  const segments: string[] = [];
+  let current: ActorRefWithAncestry | undefined = ref;
+  while (current) {
+    segments.unshift(current.id ?? current.sessionId);
+    current = current._parent;
+  }
+  return segments.join(":");
+};
+
+/** @internal exported for testing */
+export const inspect = (event: InspectionEvent): void => {
+  const ref = event.actorRef as ActorRefWithAncestry;
+  const log = logger.child(actorPath(ref));
+
+  switch (event.type) {
+    case "@xstate.snapshot": {
+      log.debug("snapshot", event.snapshot);
+      break;
+    }
+    case "@xstate.event":
+      log.debug("event", event.event);
+      break;
+    case "@xstate.action":
+      log.debug("action", event.action);
+      break;
+  }
+};