@valbuild/server 0.60.22 → 0.60.24

package/dist/declarations/src/LocalValServer.d.ts

@@ -2,7 +2,7 @@
 import { Service } from "./Service.js";
 import { result } from "@valbuild/core/fp";
 import { Patch } from "./patch/validation.js";
-import { ApiGetPatchResponse, ApiPostPatchResponse, ModuleId, PatchId, ApiDeletePatchResponse } from "@valbuild/core";
+import { ApiGetPatchResponse, ApiPostPatchResponse, ModuleId, PatchId, ApiDeletePatchResponse, FileMetadata, ImageMetadata } from "@valbuild/core";
 import { VAL_ENABLE_COOKIE_NAME, VAL_SESSION_COOKIE, VAL_STATE_COOKIE, ValServerError, ValServerJsonResult, ValServerRedirectResult, ValServerResult, ValSession } from "@valbuild/shared/internal";
 import { ValServer, ValServerCallbacks } from "./ValServer.js";
 import { SerializedModuleContent } from "./SerializedModuleContent.js";
@@ -32,6 +32,7 @@ export declare class LocalValServer extends ValServer {
         id?: string[];
     }): Promise<ValServerJsonResult<ApiDeletePatchResponse>>;
     postPatches(body: unknown): Promise<ValServerJsonResult<ApiPostPatchResponse>>;
+    getMetadata(): Promise<FileMetadata | ImageMetadata | undefined>;
     getFiles(filePath: string, query: {
         sha256?: string;
     }): Promise<ValServerResult<never, ReadableStream<Uint8Array>>>;
@@ -44,7 +45,6 @@ export declare class LocalValServer extends ValServer {
     private badRequest;
     protected ensureInitialized(): Promise<result.Result<undefined, ValServerError>>;
     protected getModule(moduleId: ModuleId, options: {
-        validate: boolean;
         source: boolean;
         schema: boolean;
     }): Promise<SerializedModuleContent>;

package/dist/declarations/src/ValServer.d.ts

@@ -4,7 +4,7 @@ import { VAL_ENABLE_COOKIE_NAME, VAL_SESSION_COOKIE, VAL_STATE_COOKIE, ValCookie
 import { result } from "@valbuild/core/fp";
 import { Operation } from "@valbuild/core/patch";
 import { Patch } from "./patch/validation.js";
-import { ModuleId, PatchId } from "@valbuild/core";
+import { ModuleId, PatchId, FileMetadata, ImageMetadata } from "@valbuild/core";
 import { SerializedModuleContent } from "./SerializedModuleContent.js";
 export type ValServerOptions = {
     valEnableRedirectUrl?: string;
@@ -29,11 +29,11 @@ export declare abstract class ValServer implements IValServer {
         patch?: string;
         schema?: string;
         source?: string;
-        validate?: string;
     }, cookies: ValCookies<VAL_SESSION_COOKIE>, requestHeaders: RequestHeaders): Promise<ValServerJsonResult<ApiTreeResponse>>;
     postValidate(rawBody: unknown, cookies: ValCookies<VAL_SESSION_COOKIE>, requestHeaders: RequestHeaders): Promise<ValServerJsonResult<ApiPostValidationResponse | ApiPostValidationErrorResponse>>;
     postCommit(rawBody: unknown, cookies: ValCookies<VAL_SESSION_COOKIE>, requestHeaders: RequestHeaders): Promise<ValServerJsonResult<ApiCommitResponse, ApiPostValidationErrorResponse>>;
     private applyAllPatchesThenValidate;
+    abstract getMetadata(fileRef: string, sha256?: string): Promise<FileMetadata | ImageMetadata | undefined>;
     private revalidateImageAndFileValidation;
     protected abstract getAllModules(treePath: string): Promise<ModuleId[]>;
     protected sortPatchIds(patchesByModule: Record<ModuleId, {
@@ -58,7 +58,6 @@ export declare abstract class ValServer implements IValServer {
      * */
     protected abstract ensureInitialized(errorMessageType: string, cookies: ValCookies<VAL_SESSION_COOKIE>): Promise<result.Result<undefined, ValServerError>>;
     protected abstract getModule(moduleId: ModuleId, options: {
-        validate: boolean;
         source: boolean;
         schema: boolean;
     }): Promise<SerializedModuleContent>;
@@ -160,3 +159,4 @@ export type RequestHeaders = {
     host?: string | null;
     "x-forwarded-proto"?: string | null;
 };
+export declare function debugTiming<R>(id: string, fn: () => Promise<R>): Promise<R>;

package/dist/valbuild-server.cjs.dev.js

@@ -1452,15 +1452,14 @@ class ValServer {
   async getTree(treePath,
   // TODO: use the params: patch, schema, source now we return everything, every time
   query, cookies, requestHeaders) {
-    const ensureRes = await this.ensureInitialized("getTree", cookies);
+    const ensureRes = await debugTiming("ensureInitialized", () => this.ensureInitialized("getTree", cookies));
     if (fp.result.isErr(ensureRes)) {
       return ensureRes.error;
     }
     const applyPatches = query.patch === "true";
-    const execValidations = query.validate === "true";
     const includeSource = query.source === "true";
     const includeSchema = query.schema === "true";
-    const moduleIds = await this.getAllModules(treePath);
+    const moduleIds = await debugTiming("getAllModules", () => this.getAllModules(treePath));
     let {
       patchIdsByModuleId,
       patchesById,
@@ -1471,7 +1470,7 @@ class ValServer {
       fileUpdates: {}
     };
     if (applyPatches) {
-      const res = await this.readPatches(cookies);
+      const res = await debugTiming("readPatches", () => this.readPatches(cookies));
       if (fp.result.isErr(res)) {
         return res.error;
       }
@@ -1479,9 +1478,10 @@ class ValServer {
       patchesById = res.value.patchesById;
       fileUpdates = res.value.fileUpdates;
     }
-    const possiblyPatchedContent = await Promise.all(moduleIds.map(async moduleId => {
-      return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, execValidations, includeSource, includeSchema);
-    }));
+    const validate = false;
+    const possiblyPatchedContent = await debugTiming("applyAllPatchesThenValidate", () => Promise.all(moduleIds.map(async moduleId => {
+      return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, validate, includeSource, includeSchema);
+    })));
     const modules = Object.fromEntries(possiblyPatchedContent.map(serializedModuleContent => {
       const module = {
         schema: serializedModuleContent.schema,
@@ -1535,7 +1535,6 @@ class ValServer {
   /* */
   async applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, validate, includeSource, includeSchema) {
     const serializedModuleContent = await this.getModule(moduleId, {
-      validate: validate,
       source: includeSource,
       schema: includeSchema
     });
@@ -1551,38 +1550,40 @@ class ValServer {
       return serializedModuleContent;
     }
     let source = maybeSource;
-    for (const patchId of patchIdsByModuleId[moduleId] ?? []) {
-      const patch$1 = patchesById[patchId];
-      if (!patch$1) {
-        continue;
-      }
-      const patchRes = patch.applyPatch(source, ops, patch$1.filter(core.Internal.notFileOp));
-      if (fp.result.isOk(patchRes)) {
-        source = patchRes.value;
-      } else {
-        console.error("Val: got an unexpected error while applying patch. Is there a mismatch in Val versions? Perhaps Val is misconfigured?", {
-          patchId,
-          moduleId,
-          patch: JSON.stringify(patch$1, null, 2),
-          error: patchRes.error
-        });
-        return {
-          path: moduleId,
-          schema,
-          source,
-          errors: {
-            fatal: [{
-              message: "Unexpected error applying patch",
-              type: "invalid-patch"
-            }]
-          }
-        };
+    await debugTiming("applyPatches:" + moduleId, async () => {
+      for (const patchId of patchIdsByModuleId[moduleId] ?? []) {
+        const patch$1 = patchesById[patchId];
+        if (!patch$1) {
+          continue;
+        }
+        const patchRes = patch.applyPatch(source, ops, patch$1.filter(core.Internal.notFileOp));
+        if (fp.result.isOk(patchRes)) {
+          source = patchRes.value;
+        } else {
+          console.error("Val: got an unexpected error while applying patch. Is there a mismatch in Val versions? Perhaps Val is misconfigured?", {
+            patchId,
+            moduleId,
+            patch: JSON.stringify(patch$1, null, 2),
+            error: patchRes.error
+          });
+          return {
+            path: moduleId,
+            schema,
+            source,
+            errors: {
+              fatal: [{
+                message: "Unexpected error applying patch",
+                type: "invalid-patch"
+              }]
+            }
+          };
+        }
       }
-    }
+    });
     if (validate) {
-      const validationErrors = core.deserializeSchema(schema).validate(moduleId, source);
+      const validationErrors = await debugTiming("validate:" + moduleId, async () => core.deserializeSchema(schema).validate(moduleId, source));
       if (validationErrors) {
-        const revalidated = await this.revalidateImageAndFileValidation(validationErrors, fileUpdates, cookies, requestHeaders);
+        const revalidated = await debugTiming("revalidate image/file:" + moduleId, async () => this.revalidateImageAndFileValidation(validationErrors, fileUpdates, cookies, requestHeaders));
         return {
           path: moduleId,
           schema,
@@ -1600,7 +1601,6 @@ class ValServer {
       errors: false
     };
   }
-
   // TODO: name this better: we need to check for image and file validation errors
   // since they cannot be handled directly inside the validation function.
   // The reason is that validate will be called inside QuickJS (in the future, hopefully),
@@ -1618,8 +1618,9 @@ class ValServer {
         )) {
           const fileRef = getValidationErrorFileRef(error);
           if (fileRef) {
+            var _fileUpdates$fileRef;
             const filePath = path__namespace["default"].join(this.cwd, fileRef);
-            let expectedMetadata;
+            let expectedMetadata = await this.getMetadata(fileRef, (_fileUpdates$fileRef = fileUpdates[fileRef]) === null || _fileUpdates$fileRef === void 0 ? void 0 : _fileUpdates$fileRef.sha256);
 
             // if this is a new file or we have an actual FS, we read the file and get the metadata
             if (!expectedMetadata) {
@@ -1801,7 +1802,7 @@ class ValServer {
       const moduleId = moduleIdStr;
       const serializedModuleContent = await this.applyAllPatchesThenValidate(moduleId, filterPatchesByModuleIdRes.data.patches ||
       // TODO: refine to ModuleId and PatchId when parsing
-      patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, true, true, true, true);
+      patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, true, true, true, commit);
       if (serializedModuleContent.errors) {
         validationErrorsByModuleId[moduleId] = serializedModuleContent;
       }
@@ -2034,6 +2035,16 @@ function guessMimeTypeFromPath(filePath) {
 function isCachedPatchFileOp(op) {
   return !!(op.op === "file" && typeof op.filePath === "string" && op.value && typeof op.value === "object" && !Array.isArray(op.value) && "sha256" in op.value && typeof op.value.sha256 === "string");
 }
+async function debugTiming(id, fn) {
+  if (process.env["VAL_DEBUG_TIMING"] === "true") {
+    const start = Date.now();
+    const r = await fn();
+    console.log(`Timing: ${id} took: ${Date.now() - start}ms (${new Date().toISOString()})`);
+    return r;
+  } else {
+    return fn();
+  }
+}
 
 const textEncoder = new TextEncoder();
 class LocalValServer extends ValServer {
@@ -2156,6 +2167,9 @@ class LocalValServer extends ValServer {
       json: res
     };
   }
+  async getMetadata() {
+    return undefined;
+  }
   async getFiles(filePath, query) {
     if (query.sha256) {
       const fileExists = this.host.fileExists(this.getFilePath(filePath, query.sha256));
@@ -2307,7 +2321,10 @@ class LocalValServer extends ValServer {
     return fp.result.ok(undefined);
   }
   getModule(moduleId, options) {
-    return this.options.service.get(moduleId, "", options);
+    return this.options.service.get(moduleId, "", {
+      ...options,
+      validate: false
+    });
   }
   async getAllModules(treePath) {
     const moduleIds = this.host.readDirectory(this.cwd, ["ts", "js"], ["node_modules", ".*"], ["**/*.val.ts", "**/*.val.js"]).filter(file => {
@@ -2824,76 +2841,72 @@ class ProxyValServer extends ValServer {
       }
     });
   }
-  async getFiles(filePath, query, cookies, reqHeaders) {
-    return withAuth(this.options.valSecret, cookies, "getFiles", async data => {
-      const url = new URL(`/v1/files/${this.options.remote}${filePath}`, this.options.valContentUrl);
-      if (typeof query.sha256 === "string") {
-        url.searchParams.append("sha256", query.sha256);
-      } else {
-        console.warn("Missing sha256 query param");
+  async getMetadata(filePath, sha256) {
+    const url = new URL(`/v1/metadata/${this.options.remote}${filePath}?commit=${this.options.git.commit}${sha256 ? `&sha256=${sha256}` : ""}`, this.options.valContentUrl);
+    const fetchRes = await fetch(url, {
+      headers: {
+        Authorization: `Bearer ${this.options.apiKey}`
       }
-      const fetchRes = await fetch(url, {
-        headers: getAuthHeaders(data.token)
-      });
-      if (fetchRes.status === 200) {
-        // TODO: does this stream data?
-        if (fetchRes.body) {
-          return {
-            status: fetchRes.status,
-            headers: {
-              "Content-Type": fetchRes.headers.get("Content-Type") || "",
-              "Content-Length": fetchRes.headers.get("Content-Length") || "0",
-              "Cache-Control": "public, max-age=31536000, immutable"
-            },
-            body: fetchRes.body
-          };
-        } else {
-          return {
-            status: 500,
-            json: {
-              message: "No body in response"
-            }
-          };
-        }
+    });
+    if (fetchRes.status === 200) {
+      const json = await fetchRes.json();
+      if (json.type === "file") {
+        return json;
+      } else if (json.type === "image") {
+        return json;
+      }
+    }
+    return undefined;
+  }
+  async getFiles(filePath, query, _cookies, reqHeaders) {
+    const url = new URL(`/v1/files/${this.options.remote}${filePath}`, this.options.valContentUrl);
+    if (typeof query.sha256 === "string") {
+      url.searchParams.append("sha256", query.sha256);
+    }
+    const fetchRes = await fetch(url, {
+      headers: {
+        Authorization: `Bearer ${this.options.apiKey}`
+      }
+    });
+    if (fetchRes.status === 200) {
+      // TODO: does this stream data?
+      if (fetchRes.body) {
+        return {
+          status: fetchRes.status,
+          headers: {
+            "Content-Type": fetchRes.headers.get("Content-Type") || "",
+            "Content-Length": fetchRes.headers.get("Content-Length") || "0",
+            "Cache-Control": fetchRes.headers.get("Cache-Control") || ""
+          },
+          body: fetchRes.body
+        };
       } else {
-        if (!(reqHeaders.host && reqHeaders["x-forwarded-proto"])) {
-          return {
-            status: 500,
-            json: {
-              message: "Missing host or x-forwarded-proto header"
-            }
-          };
-        }
-        const host = `${reqHeaders["x-forwarded-proto"]}://${reqHeaders["host"]}`;
-        const staticPublicUrl = new URL(filePath.slice("/public".length), host).toString();
-        const fetchRes = await fetch(staticPublicUrl, {
-          headers: getAuthHeaders(data.token)
-        });
-        if (fetchRes.status === 200) {
-          // TODO: does this stream data?
-          if (fetchRes.body) {
-            return {
-              status: fetchRes.status,
-              headers: {
-                "Content-Type": fetchRes.headers.get("Content-Type") || "",
-                "Content-Length": fetchRes.headers.get("Content-Length") || "0",
-                "Cache-Control": "public, max-age=31536000, immutable"
-              },
-              body: fetchRes.body
-            };
-          } else {
-            return {
-              status: 500,
-              json: {
-                message: "No body in response"
-              }
-            };
+        return {
+          status: 500,
+          json: {
+            message: "No body in response"
           }
-        } else {
-          throw new Error("Failed to fetch file: " + filePath);
-        }
+        };
       }
-    });
+    } else {
+      if (!(reqHeaders.host && reqHeaders["x-forwarded-proto"])) {
+        return {
+          status: 500,
+          json: {
+            message: "Missing host or x-forwarded-proto header"
+          }
+        };
+      }
+      const host = `${reqHeaders["x-forwarded-proto"]}://${reqHeaders["host"]}`;
+      const staticPublicUrl = new URL(filePath.slice("/public".length), host).toString();
+      const fetchRes = await fetch(staticPublicUrl);
+      return {
+        status: fetchRes.status,
+        // forward headers from static public url
+        headers: Object.fromEntries(fetchRes.headers.entries()),
+        body: fetchRes.body
+      };
+    }
   }
 }
 function verifyCallbackReq(stateCookie, queryParams) {

package/dist/valbuild-server.cjs.prod.js

@@ -1452,15 +1452,14 @@ class ValServer {
   async getTree(treePath,
   // TODO: use the params: patch, schema, source now we return everything, every time
   query, cookies, requestHeaders) {
-    const ensureRes = await this.ensureInitialized("getTree", cookies);
+    const ensureRes = await debugTiming("ensureInitialized", () => this.ensureInitialized("getTree", cookies));
     if (fp.result.isErr(ensureRes)) {
       return ensureRes.error;
     }
     const applyPatches = query.patch === "true";
-    const execValidations = query.validate === "true";
     const includeSource = query.source === "true";
     const includeSchema = query.schema === "true";
-    const moduleIds = await this.getAllModules(treePath);
+    const moduleIds = await debugTiming("getAllModules", () => this.getAllModules(treePath));
     let {
       patchIdsByModuleId,
       patchesById,
@@ -1471,7 +1470,7 @@ class ValServer {
       fileUpdates: {}
     };
     if (applyPatches) {
-      const res = await this.readPatches(cookies);
+      const res = await debugTiming("readPatches", () => this.readPatches(cookies));
       if (fp.result.isErr(res)) {
         return res.error;
       }
@@ -1479,9 +1478,10 @@ class ValServer {
       patchesById = res.value.patchesById;
       fileUpdates = res.value.fileUpdates;
     }
-    const possiblyPatchedContent = await Promise.all(moduleIds.map(async moduleId => {
-      return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, execValidations, includeSource, includeSchema);
-    }));
+    const validate = false;
+    const possiblyPatchedContent = await debugTiming("applyAllPatchesThenValidate", () => Promise.all(moduleIds.map(async moduleId => {
+      return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, validate, includeSource, includeSchema);
+    })));
     const modules = Object.fromEntries(possiblyPatchedContent.map(serializedModuleContent => {
       const module = {
         schema: serializedModuleContent.schema,
@@ -1535,7 +1535,6 @@ class ValServer {
   /* */
   async applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, validate, includeSource, includeSchema) {
     const serializedModuleContent = await this.getModule(moduleId, {
-      validate: validate,
       source: includeSource,
       schema: includeSchema
     });
@@ -1551,38 +1550,40 @@ class ValServer {
       return serializedModuleContent;
     }
     let source = maybeSource;
-    for (const patchId of patchIdsByModuleId[moduleId] ?? []) {
-      const patch$1 = patchesById[patchId];
-      if (!patch$1) {
-        continue;
-      }
-      const patchRes = patch.applyPatch(source, ops, patch$1.filter(core.Internal.notFileOp));
-      if (fp.result.isOk(patchRes)) {
-        source = patchRes.value;
-      } else {
-        console.error("Val: got an unexpected error while applying patch. Is there a mismatch in Val versions? Perhaps Val is misconfigured?", {
-          patchId,
-          moduleId,
-          patch: JSON.stringify(patch$1, null, 2),
-          error: patchRes.error
-        });
-        return {
-          path: moduleId,
-          schema,
-          source,
-          errors: {
-            fatal: [{
-              message: "Unexpected error applying patch",
-              type: "invalid-patch"
-            }]
-          }
-        };
+    await debugTiming("applyPatches:" + moduleId, async () => {
+      for (const patchId of patchIdsByModuleId[moduleId] ?? []) {
+        const patch$1 = patchesById[patchId];
+        if (!patch$1) {
+          continue;
+        }
+        const patchRes = patch.applyPatch(source, ops, patch$1.filter(core.Internal.notFileOp));
+        if (fp.result.isOk(patchRes)) {
+          source = patchRes.value;
+        } else {
+          console.error("Val: got an unexpected error while applying patch. Is there a mismatch in Val versions? Perhaps Val is misconfigured?", {
+            patchId,
+            moduleId,
+            patch: JSON.stringify(patch$1, null, 2),
+            error: patchRes.error
+          });
+          return {
+            path: moduleId,
+            schema,
+            source,
+            errors: {
+              fatal: [{
+                message: "Unexpected error applying patch",
+                type: "invalid-patch"
+              }]
+            }
+          };
+        }
       }
-    }
+    });
     if (validate) {
-      const validationErrors = core.deserializeSchema(schema).validate(moduleId, source);
+      const validationErrors = await debugTiming("validate:" + moduleId, async () => core.deserializeSchema(schema).validate(moduleId, source));
       if (validationErrors) {
-        const revalidated = await this.revalidateImageAndFileValidation(validationErrors, fileUpdates, cookies, requestHeaders);
+        const revalidated = await debugTiming("revalidate image/file:" + moduleId, async () => this.revalidateImageAndFileValidation(validationErrors, fileUpdates, cookies, requestHeaders));
         return {
           path: moduleId,
           schema,
@@ -1600,7 +1601,6 @@ class ValServer {
       errors: false
     };
   }
-
   // TODO: name this better: we need to check for image and file validation errors
   // since they cannot be handled directly inside the validation function.
   // The reason is that validate will be called inside QuickJS (in the future, hopefully),
@@ -1618,8 +1618,9 @@ class ValServer {
         )) {
           const fileRef = getValidationErrorFileRef(error);
           if (fileRef) {
+            var _fileUpdates$fileRef;
             const filePath = path__namespace["default"].join(this.cwd, fileRef);
-            let expectedMetadata;
+            let expectedMetadata = await this.getMetadata(fileRef, (_fileUpdates$fileRef = fileUpdates[fileRef]) === null || _fileUpdates$fileRef === void 0 ? void 0 : _fileUpdates$fileRef.sha256);
 
             // if this is a new file or we have an actual FS, we read the file and get the metadata
             if (!expectedMetadata) {
@@ -1801,7 +1802,7 @@ class ValServer {
       const moduleId = moduleIdStr;
       const serializedModuleContent = await this.applyAllPatchesThenValidate(moduleId, filterPatchesByModuleIdRes.data.patches ||
       // TODO: refine to ModuleId and PatchId when parsing
-      patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, true, true, true, true);
+      patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, true, true, true, commit);
       if (serializedModuleContent.errors) {
         validationErrorsByModuleId[moduleId] = serializedModuleContent;
       }
@@ -2034,6 +2035,16 @@ function guessMimeTypeFromPath(filePath) {
 function isCachedPatchFileOp(op) {
   return !!(op.op === "file" && typeof op.filePath === "string" && op.value && typeof op.value === "object" && !Array.isArray(op.value) && "sha256" in op.value && typeof op.value.sha256 === "string");
 }
+async function debugTiming(id, fn) {
+  if (process.env["VAL_DEBUG_TIMING"] === "true") {
+    const start = Date.now();
+    const r = await fn();
+    console.log(`Timing: ${id} took: ${Date.now() - start}ms (${new Date().toISOString()})`);
+    return r;
+  } else {
+    return fn();
+  }
+}
 
 const textEncoder = new TextEncoder();
 class LocalValServer extends ValServer {
@@ -2156,6 +2167,9 @@ class LocalValServer extends ValServer {
       json: res
     };
   }
+  async getMetadata() {
+    return undefined;
+  }
   async getFiles(filePath, query) {
     if (query.sha256) {
       const fileExists = this.host.fileExists(this.getFilePath(filePath, query.sha256));
@@ -2307,7 +2321,10 @@ class LocalValServer extends ValServer {
     return fp.result.ok(undefined);
   }
   getModule(moduleId, options) {
-    return this.options.service.get(moduleId, "", options);
+    return this.options.service.get(moduleId, "", {
+      ...options,
+      validate: false
+    });
   }
   async getAllModules(treePath) {
     const moduleIds = this.host.readDirectory(this.cwd, ["ts", "js"], ["node_modules", ".*"], ["**/*.val.ts", "**/*.val.js"]).filter(file => {
@@ -2824,76 +2841,72 @@ class ProxyValServer extends ValServer {
       }
     });
   }
-  async getFiles(filePath, query, cookies, reqHeaders) {
-    return withAuth(this.options.valSecret, cookies, "getFiles", async data => {
-      const url = new URL(`/v1/files/${this.options.remote}${filePath}`, this.options.valContentUrl);
-      if (typeof query.sha256 === "string") {
-        url.searchParams.append("sha256", query.sha256);
-      } else {
-        console.warn("Missing sha256 query param");
+  async getMetadata(filePath, sha256) {
+    const url = new URL(`/v1/metadata/${this.options.remote}${filePath}?commit=${this.options.git.commit}${sha256 ? `&sha256=${sha256}` : ""}`, this.options.valContentUrl);
+    const fetchRes = await fetch(url, {
+      headers: {
+        Authorization: `Bearer ${this.options.apiKey}`
       }
-      const fetchRes = await fetch(url, {
-        headers: getAuthHeaders(data.token)
-      });
-      if (fetchRes.status === 200) {
-        // TODO: does this stream data?
-        if (fetchRes.body) {
-          return {
-            status: fetchRes.status,
-            headers: {
-              "Content-Type": fetchRes.headers.get("Content-Type") || "",
-              "Content-Length": fetchRes.headers.get("Content-Length") || "0",
-              "Cache-Control": "public, max-age=31536000, immutable"
-            },
-            body: fetchRes.body
-          };
-        } else {
-          return {
-            status: 500,
-            json: {
-              message: "No body in response"
-            }
-          };
-        }
+    });
+    if (fetchRes.status === 200) {
+      const json = await fetchRes.json();
+      if (json.type === "file") {
+        return json;
+      } else if (json.type === "image") {
+        return json;
+      }
+    }
+    return undefined;
+  }
+  async getFiles(filePath, query, _cookies, reqHeaders) {
+    const url = new URL(`/v1/files/${this.options.remote}${filePath}`, this.options.valContentUrl);
+    if (typeof query.sha256 === "string") {
+      url.searchParams.append("sha256", query.sha256);
+    }
+    const fetchRes = await fetch(url, {
+      headers: {
+        Authorization: `Bearer ${this.options.apiKey}`
+      }
+    });
+    if (fetchRes.status === 200) {
+      // TODO: does this stream data?
+      if (fetchRes.body) {
+        return {
+          status: fetchRes.status,
+          headers: {
+            "Content-Type": fetchRes.headers.get("Content-Type") || "",
+            "Content-Length": fetchRes.headers.get("Content-Length") || "0",
+            "Cache-Control": fetchRes.headers.get("Cache-Control") || ""
+          },
+          body: fetchRes.body
+        };
       } else {
-        if (!(reqHeaders.host && reqHeaders["x-forwarded-proto"])) {
-          return {
-            status: 500,
-            json: {
-              message: "Missing host or x-forwarded-proto header"
-            }
-          };
-        }
-        const host = `${reqHeaders["x-forwarded-proto"]}://${reqHeaders["host"]}`;
-        const staticPublicUrl = new URL(filePath.slice("/public".length), host).toString();
-        const fetchRes = await fetch(staticPublicUrl, {
-          headers: getAuthHeaders(data.token)
-        });
-        if (fetchRes.status === 200) {
-          // TODO: does this stream data?
-          if (fetchRes.body) {
-            return {
-              status: fetchRes.status,
-              headers: {
-                "Content-Type": fetchRes.headers.get("Content-Type") || "",
-                "Content-Length": fetchRes.headers.get("Content-Length") || "0",
-                "Cache-Control": "public, max-age=31536000, immutable"
-              },
-              body: fetchRes.body
-            };
-          } else {
-            return {
-              status: 500,
-              json: {
-                message: "No body in response"
-              }
-            };
+        return {
+          status: 500,
+          json: {
+            message: "No body in response"
           }
-        } else {
-          throw new Error("Failed to fetch file: " + filePath);
-        }
+        };
       }
-    });
+    } else {
+      if (!(reqHeaders.host && reqHeaders["x-forwarded-proto"])) {
+        return {
+          status: 500,
+          json: {
+            message: "Missing host or x-forwarded-proto header"
+          }
+        };
+      }
+      const host = `${reqHeaders["x-forwarded-proto"]}://${reqHeaders["host"]}`;
+      const staticPublicUrl = new URL(filePath.slice("/public".length), host).toString();
+      const fetchRes = await fetch(staticPublicUrl);
+      return {
+        status: fetchRes.status,
+        // forward headers from static public url
+        headers: Object.fromEntries(fetchRes.headers.entries()),
+        body: fetchRes.body
+      };
+    }
   }
 }
 function verifyCallbackReq(stateCookie, queryParams) {

package/dist/valbuild-server.esm.js

@@ -1422,15 +1422,14 @@ class ValServer {
   async getTree(treePath,
   // TODO: use the params: patch, schema, source now we return everything, every time
   query, cookies, requestHeaders) {
-    const ensureRes = await this.ensureInitialized("getTree", cookies);
+    const ensureRes = await debugTiming("ensureInitialized", () => this.ensureInitialized("getTree", cookies));
     if (result.isErr(ensureRes)) {
       return ensureRes.error;
     }
     const applyPatches = query.patch === "true";
-    const execValidations = query.validate === "true";
     const includeSource = query.source === "true";
     const includeSchema = query.schema === "true";
-    const moduleIds = await this.getAllModules(treePath);
+    const moduleIds = await debugTiming("getAllModules", () => this.getAllModules(treePath));
     let {
       patchIdsByModuleId,
       patchesById,
@@ -1441,7 +1440,7 @@ class ValServer {
       fileUpdates: {}
     };
     if (applyPatches) {
-      const res = await this.readPatches(cookies);
+      const res = await debugTiming("readPatches", () => this.readPatches(cookies));
       if (result.isErr(res)) {
         return res.error;
       }
@@ -1449,9 +1448,10 @@ class ValServer {
       patchesById = res.value.patchesById;
       fileUpdates = res.value.fileUpdates;
     }
-    const possiblyPatchedContent = await Promise.all(moduleIds.map(async moduleId => {
-      return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, execValidations, includeSource, includeSchema);
-    }));
+    const validate = false;
+    const possiblyPatchedContent = await debugTiming("applyAllPatchesThenValidate", () => Promise.all(moduleIds.map(async moduleId => {
+      return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, validate, includeSource, includeSchema);
+    })));
     const modules = Object.fromEntries(possiblyPatchedContent.map(serializedModuleContent => {
       const module = {
         schema: serializedModuleContent.schema,
@@ -1505,7 +1505,6 @@ class ValServer {
   /* */
   async applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, validate, includeSource, includeSchema) {
     const serializedModuleContent = await this.getModule(moduleId, {
-      validate: validate,
       source: includeSource,
       schema: includeSchema
     });
@@ -1521,38 +1520,40 @@ class ValServer {
       return serializedModuleContent;
     }
     let source = maybeSource;
-    for (const patchId of patchIdsByModuleId[moduleId] ?? []) {
-      const patch = patchesById[patchId];
-      if (!patch) {
-        continue;
-      }
-      const patchRes = applyPatch(source, ops, patch.filter(Internal.notFileOp));
-      if (result.isOk(patchRes)) {
-        source = patchRes.value;
-      } else {
-        console.error("Val: got an unexpected error while applying patch. Is there a mismatch in Val versions? Perhaps Val is misconfigured?", {
-          patchId,
-          moduleId,
-          patch: JSON.stringify(patch, null, 2),
-          error: patchRes.error
-        });
-        return {
-          path: moduleId,
-          schema,
-          source,
-          errors: {
-            fatal: [{
-              message: "Unexpected error applying patch",
-              type: "invalid-patch"
-            }]
-          }
-        };
+    await debugTiming("applyPatches:" + moduleId, async () => {
+      for (const patchId of patchIdsByModuleId[moduleId] ?? []) {
+        const patch = patchesById[patchId];
+        if (!patch) {
+          continue;
+        }
+        const patchRes = applyPatch(source, ops, patch.filter(Internal.notFileOp));
+        if (result.isOk(patchRes)) {
+          source = patchRes.value;
+        } else {
+          console.error("Val: got an unexpected error while applying patch. Is there a mismatch in Val versions? Perhaps Val is misconfigured?", {
+            patchId,
+            moduleId,
+            patch: JSON.stringify(patch, null, 2),
+            error: patchRes.error
+          });
+          return {
+            path: moduleId,
+            schema,
+            source,
+            errors: {
+              fatal: [{
+                message: "Unexpected error applying patch",
+                type: "invalid-patch"
+              }]
+            }
+          };
+        }
       }
-    }
+    });
     if (validate) {
-      const validationErrors = deserializeSchema(schema).validate(moduleId, source);
+      const validationErrors = await debugTiming("validate:" + moduleId, async () => deserializeSchema(schema).validate(moduleId, source));
       if (validationErrors) {
-        const revalidated = await this.revalidateImageAndFileValidation(validationErrors, fileUpdates, cookies, requestHeaders);
+        const revalidated = await debugTiming("revalidate image/file:" + moduleId, async () => this.revalidateImageAndFileValidation(validationErrors, fileUpdates, cookies, requestHeaders));
         return {
           path: moduleId,
           schema,
@@ -1570,7 +1571,6 @@ class ValServer {
       errors: false
     };
   }
-
   // TODO: name this better: we need to check for image and file validation errors
   // since they cannot be handled directly inside the validation function.
   // The reason is that validate will be called inside QuickJS (in the future, hopefully),
@@ -1588,8 +1588,9 @@ class ValServer {
         )) {
           const fileRef = getValidationErrorFileRef(error);
           if (fileRef) {
+            var _fileUpdates$fileRef;
             const filePath = path__default.join(this.cwd, fileRef);
-            let expectedMetadata;
+            let expectedMetadata = await this.getMetadata(fileRef, (_fileUpdates$fileRef = fileUpdates[fileRef]) === null || _fileUpdates$fileRef === void 0 ? void 0 : _fileUpdates$fileRef.sha256);
 
             // if this is a new file or we have an actual FS, we read the file and get the metadata
             if (!expectedMetadata) {
@@ -1771,7 +1772,7 @@ class ValServer {
       const moduleId = moduleIdStr;
       const serializedModuleContent = await this.applyAllPatchesThenValidate(moduleId, filterPatchesByModuleIdRes.data.patches ||
       // TODO: refine to ModuleId and PatchId when parsing
-      patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, true, true, true, true);
+      patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, true, true, true, commit);
       if (serializedModuleContent.errors) {
         validationErrorsByModuleId[moduleId] = serializedModuleContent;
       }
@@ -2004,6 +2005,16 @@ function guessMimeTypeFromPath(filePath) {
 function isCachedPatchFileOp(op) {
   return !!(op.op === "file" && typeof op.filePath === "string" && op.value && typeof op.value === "object" && !Array.isArray(op.value) && "sha256" in op.value && typeof op.value.sha256 === "string");
 }
+async function debugTiming(id, fn) {
+  if (process.env["VAL_DEBUG_TIMING"] === "true") {
+    const start = Date.now();
+    const r = await fn();
+    console.log(`Timing: ${id} took: ${Date.now() - start}ms (${new Date().toISOString()})`);
+    return r;
+  } else {
+    return fn();
+  }
+}
 
 const textEncoder = new TextEncoder();
 class LocalValServer extends ValServer {
@@ -2126,6 +2137,9 @@ class LocalValServer extends ValServer {
       json: res
     };
   }
+  async getMetadata() {
+    return undefined;
+  }
   async getFiles(filePath, query) {
     if (query.sha256) {
       const fileExists = this.host.fileExists(this.getFilePath(filePath, query.sha256));
@@ -2277,7 +2291,10 @@ class LocalValServer extends ValServer {
     return result.ok(undefined);
   }
   getModule(moduleId, options) {
-    return this.options.service.get(moduleId, "", options);
+    return this.options.service.get(moduleId, "", {
+      ...options,
+      validate: false
+    });
   }
   async getAllModules(treePath) {
     const moduleIds = this.host.readDirectory(this.cwd, ["ts", "js"], ["node_modules", ".*"], ["**/*.val.ts", "**/*.val.js"]).filter(file => {
@@ -2794,76 +2811,72 @@ class ProxyValServer extends ValServer {
       }
     });
   }
-  async getFiles(filePath, query, cookies, reqHeaders) {
-    return withAuth(this.options.valSecret, cookies, "getFiles", async data => {
-      const url = new URL(`/v1/files/${this.options.remote}${filePath}`, this.options.valContentUrl);
-      if (typeof query.sha256 === "string") {
-        url.searchParams.append("sha256", query.sha256);
-      } else {
-        console.warn("Missing sha256 query param");
+  async getMetadata(filePath, sha256) {
+    const url = new URL(`/v1/metadata/${this.options.remote}${filePath}?commit=${this.options.git.commit}${sha256 ? `&sha256=${sha256}` : ""}`, this.options.valContentUrl);
+    const fetchRes = await fetch(url, {
+      headers: {
+        Authorization: `Bearer ${this.options.apiKey}`
       }
-      const fetchRes = await fetch(url, {
-        headers: getAuthHeaders(data.token)
-      });
-      if (fetchRes.status === 200) {
-        // TODO: does this stream data?
-        if (fetchRes.body) {
-          return {
-            status: fetchRes.status,
-            headers: {
-              "Content-Type": fetchRes.headers.get("Content-Type") || "",
-              "Content-Length": fetchRes.headers.get("Content-Length") || "0",
-              "Cache-Control": "public, max-age=31536000, immutable"
-            },
-            body: fetchRes.body
-          };
-        } else {
-          return {
-            status: 500,
-            json: {
-              message: "No body in response"
-            }
-          };
-        }
+    });
+    if (fetchRes.status === 200) {
+      const json = await fetchRes.json();
+      if (json.type === "file") {
+        return json;
+      } else if (json.type === "image") {
+        return json;
+      }
+    }
+    return undefined;
+  }
+  async getFiles(filePath, query, _cookies, reqHeaders) {
+    const url = new URL(`/v1/files/${this.options.remote}${filePath}`, this.options.valContentUrl);
+    if (typeof query.sha256 === "string") {
+      url.searchParams.append("sha256", query.sha256);
+    }
+    const fetchRes = await fetch(url, {
+      headers: {
+        Authorization: `Bearer ${this.options.apiKey}`
+      }
+    });
+    if (fetchRes.status === 200) {
+      // TODO: does this stream data?
+      if (fetchRes.body) {
+        return {
+          status: fetchRes.status,
+          headers: {
+            "Content-Type": fetchRes.headers.get("Content-Type") || "",
+            "Content-Length": fetchRes.headers.get("Content-Length") || "0",
+            "Cache-Control": fetchRes.headers.get("Cache-Control") || ""
+          },
+          body: fetchRes.body
+        };
       } else {
-        if (!(reqHeaders.host && reqHeaders["x-forwarded-proto"])) {
-          return {
-            status: 500,
-            json: {
-              message: "Missing host or x-forwarded-proto header"
-            }
-          };
-        }
-        const host = `${reqHeaders["x-forwarded-proto"]}://${reqHeaders["host"]}`;
-        const staticPublicUrl = new URL(filePath.slice("/public".length), host).toString();
-        const fetchRes = await fetch(staticPublicUrl, {
-          headers: getAuthHeaders(data.token)
-        });
-        if (fetchRes.status === 200) {
-          // TODO: does this stream data?
-          if (fetchRes.body) {
-            return {
-              status: fetchRes.status,
-              headers: {
-                "Content-Type": fetchRes.headers.get("Content-Type") || "",
-                "Content-Length": fetchRes.headers.get("Content-Length") || "0",
-                "Cache-Control": "public, max-age=31536000, immutable"
-              },
-              body: fetchRes.body
-            };
-          } else {
-            return {
-              status: 500,
-              json: {
-                message: "No body in response"
-              }
-            };
+        return {
+          status: 500,
+          json: {
+            message: "No body in response"
           }
-        } else {
-          throw new Error("Failed to fetch file: " + filePath);
-        }
+        };
       }
-    });
+    } else {
+      if (!(reqHeaders.host && reqHeaders["x-forwarded-proto"])) {
+        return {
+          status: 500,
+          json: {
+            message: "Missing host or x-forwarded-proto header"
+          }
+        };
+      }
+      const host = `${reqHeaders["x-forwarded-proto"]}://${reqHeaders["host"]}`;
+      const staticPublicUrl = new URL(filePath.slice("/public".length), host).toString();
+      const fetchRes = await fetch(staticPublicUrl);
+      return {
+        status: fetchRes.status,
+        // forward headers from static public url
+        headers: Object.fromEntries(fetchRes.headers.entries()),
+        body: fetchRes.body
+      };
+    }
   }
 }
 function verifyCallbackReq(stateCookie, queryParams) {

package/package.json

@@ -12,7 +12,7 @@
     "./package.json": "./package.json"
   },
   "types": "dist/valbuild-server.cjs.d.ts",
-  "version": "0.60.22",
+  "version": "0.60.24",
   "scripts": {
     "typecheck": "tsc --noEmit",
     "test": "jest",
@@ -24,9 +24,9 @@
     "concurrently": "^7.6.0"
   },
   "dependencies": {
-    "@valbuild/core": "~0.60.22",
-    "@valbuild/shared": "~0.60.22",
-    "@valbuild/ui": "~0.60.22",
+    "@valbuild/core": "~0.60.24",
+    "@valbuild/shared": "~0.60.24",
+    "@valbuild/ui": "~0.60.24",
     "express": "^4.18.2",
     "image-size": "^1.0.2",
     "minimatch": "^3.0.4",