@uploadista/server 0.0.18-beta.16 → 0.0.18-beta.2

package/src/core/server.ts

@@ -1,14 +1,7 @@
 import type { PluginLayer, UploadistaError } from "@uploadista/core";
-import {
-  deadLetterQueueService,
-  type Flow,
-  FlowProvider,
-  FlowWaitUntil,
-  kvCircuitBreakerStoreLayer,
-} from "@uploadista/core/flow";
+import { type Flow, FlowProvider, FlowWaitUntil } from "@uploadista/core/flow";
 import {
   createDataStoreLayer,
-  deadLetterQueueKvStore,
   type UploadFileDataStores,
   type UploadFileKVStore,
 } from "@uploadista/core/types";
@@ -24,7 +17,6 @@ import { handleFlowError } from "../http-utils";
 import { createFlowServerLayer, createUploadServerLayer } from "../layer-utils";
 import { AuthContextServiceLive } from "../service";
 import type { AuthContext } from "../types";
-import { UsageHookServiceLive } from "../usage-hooks/service";
 import { handleUploadistaRequest } from "./http-handlers/http-handlers";
 import type { ExtractFlowPluginRequirements } from "./plugin-types";
 import type { NotFoundResponse } from "./routes";
@@ -193,17 +185,12 @@ export const createUploadistaServer = async <
   eventEmitter,
   eventBroadcaster = memoryEventBroadcaster,
   withTracing = false,
-  observabilityLayer,
   baseUrl: configBaseUrl = "uploadista",
   generateId = GenerateIdLive,
   metricsLayer,
   bufferedDataStore,
   adapter,
   authCacheConfig,
-  circuitBreaker = true,
-  deadLetterQueue = false,
-  healthCheck,
-  usageHooks,
 }: UploadistaServerConfig<
   TContext,
   TResponse,
@@ -274,50 +261,20 @@ export const createUploadistaServer = async <
   // Metrics layer (defaults to NoOp if not provided)
   const effectiveMetricsLayer = metricsLayer ?? NoOpMetricsServiceLive;
 
-  // Create circuit breaker store layer if enabled (uses the provided kvStore)
-  const circuitBreakerStoreLayer = circuitBreaker
-    ? kvCircuitBreakerStoreLayer.pipe(Layer.provide(kvStore))
-    : null;
-
-  // Create dead letter queue layer if enabled (uses the provided kvStore)
-  // The DLQ layer provides both the KV store wrapper and the service
-  const dlqLayer = deadLetterQueue
-    ? deadLetterQueueService.pipe(
-        Layer.provide(deadLetterQueueKvStore),
-        Layer.provide(kvStore),
-      )
-    : null;
-
-  // Create usage hook layer (defaults to no-op if not configured)
-  const usageHookLayer = UsageHookServiceLive(usageHooks);
-
   /**
    * Merge all server layers including plugins.
    *
    * This combines the core server infrastructure (upload server, flow server,
-   * metrics, auth cache, circuit breaker, dead letter queue, usage hooks)
-   * with user-provided plugin layers.
+   * metrics, auth cache) with user-provided plugin layers.
    */
   const serverLayerRaw = Layer.mergeAll(
     uploadServerLayer,
     flowServerLayer,
     effectiveMetricsLayer,
     authCacheLayer,
-    usageHookLayer,
     ...plugins,
-    ...(circuitBreakerStoreLayer ? [circuitBreakerStoreLayer] : []),
-    ...(dlqLayer ? [dlqLayer] : []),
   );
 
-  /**
-   * Determine the tracing layer to use.
-   * This must be included in the runtime layer (not per-request) so that the
-   * BatchSpanProcessor can aggregate spans across requests and flush them properly.
-   */
-  const tracingLayer = withTracing
-    ? observabilityLayer ?? NodeSdkLive
-    : null;
-
   /**
    * Type Casting Rationale for Plugin System
    *
@@ -395,29 +352,16 @@ export const createUploadistaServer = async <
    * @see validatePluginRequirements - Runtime validation helper
    * @see ValidatePlugins - Compile-time validation type utility
    */
-  const serverLayerTyped = serverLayerRaw as unknown as Layer.Layer<
+  const serverLayer = serverLayerRaw as unknown as Layer.Layer<
     // biome-ignore lint/suspicious/noExplicitAny: Dynamic plugin requirements require any - see comprehensive explanation above
     any,
     never,
     never
   >;
 
-  /**
-   * Final server layer with optional tracing.
-   * The tracing layer is merged at runtime level (not per-request) so that:
-   * 1. The OpenTelemetry SDK is initialized once for the server
-   * 2. The BatchSpanProcessor can aggregate spans across requests
-   * 3. Spans are properly flushed when the runtime is disposed
-   */
-  const serverLayer = tracingLayer
-    ? Layer.merge(serverLayerTyped, tracingLayer)
-    : serverLayerTyped;
-
   // Create a shared managed runtime from the server layer
   // This ensures all requests use the same layer instances (including event broadcaster)
   // ManagedRuntime properly handles scoped resources and provides convenient run methods
-  // When tracing is enabled, the OpenTelemetry SDK is part of this runtime and will be
-  // properly shut down (flushing all pending spans) when dispose() is called
 
   const managedRuntime = ManagedRuntime.make(serverLayer);
 
@@ -527,22 +471,15 @@ export const createUploadistaServer = async <
         }
       }
 
-      // Combine auth context, auth cache, metrics layers, usage hooks, plugins, circuit breaker, DLQ, and waitUntil
+      // Combine auth context, auth cache, metrics layers, plugins, and waitUntil
       // This ensures that flow nodes have access to all required services
-      const baseRequestContextLayer = Layer.mergeAll(
+      const requestContextLayer = Layer.mergeAll(
         authContextLayer,
         authCacheLayer,
         effectiveMetricsLayer,
-        usageHookLayer,
         ...plugins,
         ...waitUntilLayers,
       );
-      const withCircuitBreakerContext = circuitBreakerStoreLayer
-        ? Layer.merge(baseRequestContextLayer, circuitBreakerStoreLayer)
-        : baseRequestContextLayer;
-      const requestContextLayer = dlqLayer
-        ? Layer.merge(withCircuitBreakerContext, dlqLayer)
-        : withCircuitBreakerContext;
 
       // Check for baseUrl/api/ prefix
       if (uploadistaRequest.type === "not-found") {
@@ -558,7 +495,6 @@ export const createUploadistaServer = async <
       // Handle the request
       const response = yield* handleUploadistaRequest<TRequirements>(
         uploadistaRequest,
-        { healthCheckConfig: healthCheck },
       ).pipe(Effect.provide(requestContextLayer));
 
       return yield* adapter.sendResponse(response, ctx);
@@ -582,8 +518,12 @@ export const createUploadistaServer = async <
       }),
     );
 
-    // Use the shared managed runtime which includes all layers (including tracing if enabled)
-    // Tracing is now part of the runtime layer, so spans are properly aggregated and flushed
+    // Use the shared managed runtime instead of creating a new one per request
+    if (withTracing) {
+      return managedRuntime.runPromise(
+        program.pipe(Effect.provide(NodeSdkLive)),
+      );
+    }
     return managedRuntime.runPromise(program);
   };
 

package/src/core/types.ts

@@ -5,7 +5,6 @@ import type {
   BaseKvStoreService,
   DataStoreConfig,
   EventBroadcasterService,
-  HealthCheckConfig,
   UploadFileDataStore,
   UploadFileKVStore,
 } from "@uploadista/core/types";
@@ -15,7 +14,6 @@ import type { Effect, Layer } from "effect";
 import type { z } from "zod";
 import type { ServerAdapter } from "../adapter";
 import type { AuthCacheConfig } from "../cache";
-import type { UsageHookConfig } from "../usage-hooks/types";
 
 /**
  * Function type for retrieving flows based on flow ID and client ID.
@@ -230,42 +228,6 @@ export interface UploadistaServerConfig<
    */
   withTracing?: boolean;
 
-  /**
-   * Optional: Custom observability layer for distributed tracing.
-   *
-   * When provided, this layer will be used instead of the default NodeSdkLive.
-   * This allows you to configure custom OTLP exporters (e.g., for Grafana Cloud,
-   * Jaeger, or other OpenTelemetry-compatible backends).
-   *
-   * Requires `withTracing: true` to be effective.
-   *
-   * @example
-   * ```typescript
-   * import { OtlpNodeSdkLive, createOtlpNodeSdkLayer } from "@uploadista/observability";
-   *
-   * // Option 1: Use default OTLP layer (reads from env vars)
-   * const server = await createUploadistaServer({
-   *   withTracing: true,
-   *   observabilityLayer: OtlpNodeSdkLive,
-   *   // ...
-   * });
-   *
-   * // Option 2: Custom configuration with tenant attributes
-   * const server = await createUploadistaServer({
-   *   withTracing: true,
-   *   observabilityLayer: createOtlpNodeSdkLayer({
-   *     serviceName: "uploadista-cloud-api",
-   *     resourceAttributes: {
-   *       "deployment.environment": "production",
-   *     },
-   *   }),
-   *   // ...
-   * });
-   * ```
-   */
-  // biome-ignore lint/suspicious/noExplicitAny: Observability layers from @effect/opentelemetry provide different services
-  observabilityLayer?: Layer.Layer<any, never, never>;
-
   /**
    * Optional: Metrics layer for observability.
    *
@@ -333,118 +295,6 @@ export interface UploadistaServerConfig<
    * ```
    */
   authCacheConfig?: AuthCacheConfig;
-
-  /**
-   * Optional: Enable circuit breakers for flow nodes.
-   *
-   * When enabled (default), circuit breaker state is stored in the KV store,
-   * allowing circuit breaker state to be shared across multiple server instances
-   * in a cluster deployment.
-   *
-   * Set to `false` to disable circuit breakers entirely.
-   *
-   * @default true
-   *
-   * @example
-   * ```typescript
-   * // Circuit breakers enabled by default (uses the provided kvStore)
-   * const server = await createUploadistaServer({
-   *   kvStore: redisKvStore,
-   *   // circuitBreaker: true (default)
-   * });
-   *
-   * // Disable circuit breakers
-   * const server = await createUploadistaServer({
-   *   kvStore: redisKvStore,
-   *   circuitBreaker: false
-   * });
-   * ```
-   */
-  circuitBreaker?: boolean;
-
-  /**
-   * Optional: Enable dead letter queue for failed flow jobs.
-   *
-   * When enabled, failed flow jobs are captured in a DLQ with full context
-   * for debugging and retry. The DLQ state is stored in the KV store,
-   * allowing it to be shared across multiple server instances.
-   *
-   * Set to `false` to disable the DLQ entirely.
-   *
-   * @default false
-   *
-   * @example
-   * ```typescript
-   * // Enable DLQ (uses the provided kvStore)
-   * const server = await createUploadistaServer({
-   *   kvStore: redisKvStore,
-   *   deadLetterQueue: true
-   * });
-   *
-   * // DLQ is disabled by default
-   * const server = await createUploadistaServer({
-   *   kvStore: redisKvStore,
-   *   // deadLetterQueue: false (default)
-   * });
-   * ```
-   */
-  deadLetterQueue?: boolean;
-
-  /**
-   * Optional: Health check configuration.
-   *
-   * Configures the behavior of health check endpoints (`/health`, `/ready`, `/health/components`).
-   * When not provided, default values are used:
-   * - timeout: 5000ms
-   * - checkStorage: true
-   * - checkKvStore: true
-   * - checkEventBroadcaster: true
-   *
-   * @example
-   * ```typescript
-   * healthCheck: {
-   *   timeout: 3000,          // 3 second timeout for dependency checks
-   *   checkStorage: true,     // Check storage backend health
-   *   checkKvStore: true,     // Check KV store health
-   *   version: "1.2.3"        // Include version in health responses
-   * }
-   * ```
-   */
-  healthCheck?: HealthCheckConfig;
-
-  /**
-   * Optional: Usage hooks for tracking and billing integration.
-   *
-   * Usage hooks allow you to intercept upload and flow operations for:
-   * - Quota checking (e.g., verify user has subscription)
-   * - Usage tracking (e.g., count uploads, track bandwidth)
-   * - Billing integration (e.g., report usage to Stripe/Polar)
-   *
-   * Hooks follow a "fail-open" design - if a hook times out or errors,
-   * the operation proceeds (unless the hook explicitly aborts).
-   *
-   * @example
-   * ```typescript
-   * usageHooks: {
-   *   hooks: {
-   *     onUploadStart: (ctx) => Effect.gen(function* () {
-   *       // Check quota before upload starts
-   *       const quota = yield* checkUserQuota(ctx.clientId);
-   *       if (quota.exceeded) {
-   *         return { action: "abort", reason: "Storage quota exceeded" };
-   *       }
-   *       return { action: "continue" };
-   *     }),
-   *     onUploadComplete: (ctx) => Effect.gen(function* () {
-   *       // Track usage after upload completes
-   *       yield* reportUsage(ctx.clientId, ctx.metadata.fileSize);
-   *     }),
-   *   },
-   *   timeout: 5000, // 5 second timeout for hooks
-   * }
-   * ```
-   */
-  usageHooks?: UsageHookConfig;
 }
 
 /**

package/src/index.ts

@@ -5,8 +5,6 @@ export * from "./core";
 export * from "./error-types";
 export * from "./http-utils";
 export * from "./layer-utils";
-export * from "./permissions";
 export * from "./plugins-typing";
 export * from "./service";
 export * from "./types";
-export * from "./usage-hooks";

package/src/plugins-typing.ts

@@ -15,7 +15,7 @@
  */
 
 import type { Flow, UploadServer } from "@uploadista/core";
-import type { ExtractLayerServices } from "@uploadista/core/flow";
+import type { ExtractLayerServices } from "@uploadista/core/flow/types";
 import type { Effect, Layer } from "effect";
 import type z from "zod";
 

package/src/service.ts

@@ -1,10 +1,5 @@
 import { Context, Effect, Layer } from "effect";
 import type { AuthContext } from "./types";
-import {
-  hasPermission as matchHasPermission,
-  hasAnyPermission as matchHasAnyPermission,
-} from "./permissions/matcher";
-import { AuthorizationError, AuthenticationRequiredError } from "./permissions/errors";
 
 /**
  * Authentication Context Service
@@ -44,68 +39,10 @@ export class AuthContextService extends Context.Tag("AuthContextService")<
 
     /**
      * Check if the current client has a specific permission.
-     * Supports exact match, wildcard match, and hierarchical match.
      * Returns false if no authentication context or permission not found.
-     *
-     * @example
-     * ```typescript
-     * // Exact match
-     * yield* authService.hasPermission("engine:health")
-     *
-     * // Wildcard: user with "engine:*" will match "engine:health"
-     * yield* authService.hasPermission("engine:health")
-     *
-     * // Hierarchical: user with "engine:dlq" will match "engine:dlq:read"
-     * yield* authService.hasPermission("engine:dlq:read")
-     * ```
      */
     readonly hasPermission: (permission: string) => Effect.Effect<boolean>;
 
-    /**
-     * Check if the current client has any of the specified permissions.
-     * Returns true if at least one permission is granted.
-     */
-    readonly hasAnyPermission: (
-      permissions: readonly string[],
-    ) => Effect.Effect<boolean>;
-
-    /**
-     * Require a specific permission, failing with AuthorizationError if not granted.
-     * Use this when you want to fail fast on missing permissions.
-     *
-     * @throws AuthorizationError if permission is not granted
-     * @throws AuthenticationRequiredError if no auth context
-     *
-     * @example
-     * ```typescript
-     * const protectedHandler = Effect.gen(function* () {
-     *   const authService = yield* AuthContextService;
-     *   yield* authService.requirePermission("engine:metrics");
-     *   // Only reaches here if permission is granted
-     *   return yield* getMetrics();
-     * });
-     * ```
-     */
-    readonly requirePermission: (
-      permission: string,
-    ) => Effect.Effect<void, AuthorizationError | AuthenticationRequiredError>;
-
-    /**
-     * Require authentication, failing with AuthenticationRequiredError if not authenticated.
-     *
-     * @throws AuthenticationRequiredError if no auth context
-     */
-    readonly requireAuthentication: () => Effect.Effect<
-      AuthContext,
-      AuthenticationRequiredError
-    >;
-
-    /**
-     * Get all permissions granted to the current client.
-     * Returns empty array if no authentication context or no permissions.
-     */
-    readonly getPermissions: () => Effect.Effect<readonly string[]>;
-
     /**
      * Get the full authentication context if available.
      * Returns null if no authentication context is available.
@@ -123,49 +60,14 @@ export class AuthContextService extends Context.Tag("AuthContextService")<
  */
 export const AuthContextServiceLive = (
   authContext: AuthContext | null,
-): Layer.Layer<AuthContextService> => {
-  const permissions = authContext?.permissions ?? [];
-
-  return Layer.succeed(AuthContextService, {
+): Layer.Layer<AuthContextService> =>
+  Layer.succeed(AuthContextService, {
     getClientId: () => Effect.succeed(authContext?.clientId ?? null),
-
     getMetadata: () => Effect.succeed(authContext?.metadata ?? {}),
-
     hasPermission: (permission: string) =>
-      Effect.succeed(matchHasPermission(permissions, permission)),
-
-    hasAnyPermission: (requiredPermissions: readonly string[]) =>
-      Effect.succeed(matchHasAnyPermission(permissions, requiredPermissions)),
-
-    requirePermission: (permission: string) =>
-      Effect.gen(function* () {
-        if (!authContext) {
-          yield* Effect.logDebug(
-            `[Auth] Permission check failed: authentication required for '${permission}'`,
-          );
-          return yield* Effect.fail(new AuthenticationRequiredError());
-        }
-        if (!matchHasPermission(permissions, permission)) {
-          yield* Effect.logDebug(
-            `[Auth] Permission denied: '${permission}' for client '${authContext.clientId}'`,
-          );
-          return yield* Effect.fail(new AuthorizationError(permission));
-        }
-        yield* Effect.logDebug(
-          `[Auth] Permission granted: '${permission}' for client '${authContext.clientId}'`,
-        );
-      }),
-
-    requireAuthentication: () =>
-      authContext
-        ? Effect.succeed(authContext)
-        : Effect.fail(new AuthenticationRequiredError()),
-
-    getPermissions: () => Effect.succeed(permissions),
-
+      Effect.succeed(authContext?.permissions?.includes(permission) ?? false),
     getAuthContext: () => Effect.succeed(authContext),
   });
-};
 
 /**
  * No-auth implementation of AuthContextService.