@valbuild/server 0.60.23 → 0.60.27

package/dist/declarations/src/LocalValServer.d.ts

@@ -2,7 +2,7 @@
 import { Service } from "./Service.js";
 import { result } from "@valbuild/core/fp";
 import { Patch } from "./patch/validation.js";
-import { ApiGetPatchResponse, ApiPostPatchResponse, ModuleId, PatchId, ApiDeletePatchResponse } from "@valbuild/core";
+import { ApiGetPatchResponse, ApiPostPatchResponse, ModuleId, PatchId, ApiDeletePatchResponse, FileMetadata, ImageMetadata } from "@valbuild/core";
 import { VAL_ENABLE_COOKIE_NAME, VAL_SESSION_COOKIE, VAL_STATE_COOKIE, ValServerError, ValServerJsonResult, ValServerRedirectResult, ValServerResult, ValSession } from "@valbuild/shared/internal";
 import { ValServer, ValServerCallbacks } from "./ValServer.js";
 import { SerializedModuleContent } from "./SerializedModuleContent.js";
@@ -32,6 +32,7 @@ export declare class LocalValServer extends ValServer {
         id?: string[];
     }): Promise<ValServerJsonResult<ApiDeletePatchResponse>>;
     postPatches(body: unknown): Promise<ValServerJsonResult<ApiPostPatchResponse>>;
+    getMetadata(): Promise<FileMetadata | ImageMetadata | undefined>;
     getFiles(filePath: string, query: {
         sha256?: string;
     }): Promise<ValServerResult<never, ReadableStream<Uint8Array>>>;
@@ -44,7 +45,6 @@ export declare class LocalValServer extends ValServer {
     private badRequest;
     protected ensureInitialized(): Promise<result.Result<undefined, ValServerError>>;
     protected getModule(moduleId: ModuleId, options: {
-        validate: boolean;
         source: boolean;
         schema: boolean;
     }): Promise<SerializedModuleContent>;

package/dist/declarations/src/ValServer.d.ts

@@ -4,7 +4,7 @@ import { VAL_ENABLE_COOKIE_NAME, VAL_SESSION_COOKIE, VAL_STATE_COOKIE, ValCookie
 import { result } from "@valbuild/core/fp";
 import { Operation } from "@valbuild/core/patch";
 import { Patch } from "./patch/validation.js";
-import { ModuleId, PatchId } from "@valbuild/core";
+import { ModuleId, PatchId, FileMetadata, ImageMetadata } from "@valbuild/core";
 import { SerializedModuleContent } from "./SerializedModuleContent.js";
 export type ValServerOptions = {
     valEnableRedirectUrl?: string;
@@ -29,11 +29,11 @@ export declare abstract class ValServer implements IValServer {
         patch?: string;
         schema?: string;
         source?: string;
-        validate?: string;
     }, cookies: ValCookies<VAL_SESSION_COOKIE>, requestHeaders: RequestHeaders): Promise<ValServerJsonResult<ApiTreeResponse>>;
     postValidate(rawBody: unknown, cookies: ValCookies<VAL_SESSION_COOKIE>, requestHeaders: RequestHeaders): Promise<ValServerJsonResult<ApiPostValidationResponse | ApiPostValidationErrorResponse>>;
     postCommit(rawBody: unknown, cookies: ValCookies<VAL_SESSION_COOKIE>, requestHeaders: RequestHeaders): Promise<ValServerJsonResult<ApiCommitResponse, ApiPostValidationErrorResponse>>;
     private applyAllPatchesThenValidate;
+    abstract getMetadata(fileRef: string, sha256?: string): Promise<FileMetadata | ImageMetadata | undefined>;
     private revalidateImageAndFileValidation;
     protected abstract getAllModules(treePath: string): Promise<ModuleId[]>;
     protected sortPatchIds(patchesByModule: Record<ModuleId, {
@@ -58,7 +58,6 @@ export declare abstract class ValServer implements IValServer {
      * */
     protected abstract ensureInitialized(errorMessageType: string, cookies: ValCookies<VAL_SESSION_COOKIE>): Promise<result.Result<undefined, ValServerError>>;
     protected abstract getModule(moduleId: ModuleId, options: {
-        validate: boolean;
         source: boolean;
         schema: boolean;
     }): Promise<SerializedModuleContent>;

package/dist/declarations/src/patchValFile.d.ts

@@ -4,5 +4,5 @@ import { type ValSyntaxErrorTree } from "./patch/ts/syntax.js";
 import { ValSourceFileHandler } from "./ValSourceFileHandler.js";
 import { QuickJSRuntime } from "quickjs-emscripten";
 import ts from "typescript";
-export declare const patchValFile: (id: string, valConfigPath: string, patch: Patch, sourceFileHandler: ValSourceFileHandler, runtime: QuickJSRuntime) => Promise<void>;
+export declare const patchValFile: (id: string, rootDir: string, patch: Patch, sourceFileHandler: ValSourceFileHandler, runtime: QuickJSRuntime) => Promise<void>;
 export declare const patchSourceFile: (sourceFile: ts.SourceFile | string, patch: Patch) => result.Result<ts.SourceFile, ValSyntaxErrorTree | PatchError>;

package/dist/valbuild-server.cjs.dev.js

@@ -633,6 +633,10 @@ class TSOps {
   }
 }
 
+function getSyntheticContainingPath(rootDir) {
+  return path__namespace["default"].join(rootDir, "<val>"); // TODO: this is the synthetic path used when evaluating / patching modules. I am not sure <val> is the best choice: val.ts / js better? But that is weird too. At least now it is clear(er) that it is indeed a synthetic file (i.e. not an actual file)
+}
+
 const ops$1 = new TSOps(document => {
   return fp.pipe(analyzeValModule(document), fp.result.map(({
     source
@@ -640,10 +644,10 @@ const ops$1 = new TSOps(document => {
 });
 
 // TODO: rename to patchValFiles since we may write multiple files
-const patchValFile = async (id, valConfigPath, patch$1, sourceFileHandler, runtime) => {
+const patchValFile = async (id, rootDir, patch$1, sourceFileHandler, runtime) => {
   // const timeId = randomUUID();
   // console.time("patchValFile" + timeId);
-  const filePath = sourceFileHandler.resolveSourceModulePath(valConfigPath, `.${id}.val`);
+  const filePath = sourceFileHandler.resolveSourceModulePath(getSyntheticContainingPath(rootDir), `.${id}.val`);
   const sourceFile = sourceFileHandler.getSourceFile(filePath);
   if (!sourceFile) {
     throw Error(`Source file ${filePath} not found`);
@@ -741,9 +745,7 @@ globalThis.valModule = {
   defaultExport: !!valModule?.default,
 };
 `;
-    const result = context.evalCode(code,
-    // Synthetic module name
-    path__namespace["default"].join(rootDirPath, "<val>"));
+    const result = context.evalCode(code, getSyntheticContainingPath(rootDirPath));
     const fatalErrors = [];
     if (result.error) {
       const error = result.error.consume(context.dump);
@@ -1457,7 +1459,6 @@ class ValServer {
       return ensureRes.error;
     }
     const applyPatches = query.patch === "true";
-    const execValidations = query.validate === "true";
     const includeSource = query.source === "true";
     const includeSchema = query.schema === "true";
     const moduleIds = await debugTiming("getAllModules", () => this.getAllModules(treePath));
@@ -1479,8 +1480,9 @@ class ValServer {
       patchesById = res.value.patchesById;
       fileUpdates = res.value.fileUpdates;
     }
+    const validate = false;
     const possiblyPatchedContent = await debugTiming("applyAllPatchesThenValidate", () => Promise.all(moduleIds.map(async moduleId => {
-      return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, execValidations, includeSource, includeSchema);
+      return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, validate, includeSource, includeSchema);
     })));
     const modules = Object.fromEntries(possiblyPatchedContent.map(serializedModuleContent => {
       const module = {
@@ -1535,7 +1537,6 @@ class ValServer {
   /* */
   async applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, validate, includeSource, includeSchema) {
     const serializedModuleContent = await this.getModule(moduleId, {
-      validate: validate,
       source: includeSource,
       schema: includeSchema
     });
@@ -1602,7 +1603,6 @@ class ValServer {
       errors: false
     };
   }
-
   // TODO: name this better: we need to check for image and file validation errors
   // since they cannot be handled directly inside the validation function.
   // The reason is that validate will be called inside QuickJS (in the future, hopefully),
@@ -1620,8 +1620,9 @@ class ValServer {
         )) {
           const fileRef = getValidationErrorFileRef(error);
           if (fileRef) {
+            var _fileUpdates$fileRef;
             const filePath = path__namespace["default"].join(this.cwd, fileRef);
-            let expectedMetadata;
+            let expectedMetadata = await this.getMetadata(fileRef, (_fileUpdates$fileRef = fileUpdates[fileRef]) === null || _fileUpdates$fileRef === void 0 ? void 0 : _fileUpdates$fileRef.sha256);
 
             // if this is a new file or we have an actual FS, we read the file and get the metadata
             if (!expectedMetadata) {
@@ -1803,7 +1804,7 @@ class ValServer {
       const moduleId = moduleIdStr;
       const serializedModuleContent = await this.applyAllPatchesThenValidate(moduleId, filterPatchesByModuleIdRes.data.patches ||
       // TODO: refine to ModuleId and PatchId when parsing
-      patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, true, true, true, true);
+      patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, true, true, true, commit);
       if (serializedModuleContent.errors) {
         validationErrorsByModuleId[moduleId] = serializedModuleContent;
       }
@@ -2168,6 +2169,9 @@ class LocalValServer extends ValServer {
       json: res
     };
   }
+  async getMetadata() {
+    return undefined;
+  }
   async getFiles(filePath, query) {
     if (query.sha256) {
       const fileExists = this.host.fileExists(this.getFilePath(filePath, query.sha256));
@@ -2319,7 +2323,10 @@ class LocalValServer extends ValServer {
     return fp.result.ok(undefined);
   }
   getModule(moduleId, options) {
-    return this.options.service.get(moduleId, "", options);
+    return this.options.service.get(moduleId, "", {
+      ...options,
+      validate: false
+    });
   }
   async getAllModules(treePath) {
     const moduleIds = this.host.readDirectory(this.cwd, ["ts", "js"], ["node_modules", ".*"], ["**/*.val.ts", "**/*.val.js"]).filter(file => {
@@ -2836,12 +2843,33 @@ class ProxyValServer extends ValServer {
       }
     });
   }
+  async getMetadata(filePath, sha256) {
+    const url = new URL(`/v1/metadata/${this.options.remote}${filePath}?commit=${this.options.git.commit}${sha256 ? `&sha256=${sha256}` : ""}`, this.options.valContentUrl);
+    const fetchRes = await fetch(url, {
+      headers: {
+        Authorization: `Bearer ${this.options.apiKey}`
+      }
+    });
+    if (fetchRes.status === 200) {
+      const json = await fetchRes.json();
+      if (json.type === "file") {
+        return json;
+      } else if (json.type === "image") {
+        return json;
+      }
+    }
+    return undefined;
+  }
   async getFiles(filePath, query, _cookies, reqHeaders) {
     const url = new URL(`/v1/files/${this.options.remote}${filePath}`, this.options.valContentUrl);
     if (typeof query.sha256 === "string") {
       url.searchParams.append("sha256", query.sha256);
     }
-    const fetchRes = await fetch(url);
+    const fetchRes = await fetch(url, {
+      headers: {
+        Authorization: `Bearer ${this.options.apiKey}`
+      }
+    });
     if (fetchRes.status === 200) {
       // TODO: does this stream data?
       if (fetchRes.body) {

package/dist/valbuild-server.cjs.prod.js

@@ -633,6 +633,10 @@ class TSOps {
   }
 }
 
+function getSyntheticContainingPath(rootDir) {
+  return path__namespace["default"].join(rootDir, "<val>"); // TODO: this is the synthetic path used when evaluating / patching modules. I am not sure <val> is the best choice: val.ts / js better? But that is weird too. At least now it is clear(er) that it is indeed a synthetic file (i.e. not an actual file)
+}
+
 const ops$1 = new TSOps(document => {
   return fp.pipe(analyzeValModule(document), fp.result.map(({
     source
@@ -640,10 +644,10 @@ const ops$1 = new TSOps(document => {
 });
 
 // TODO: rename to patchValFiles since we may write multiple files
-const patchValFile = async (id, valConfigPath, patch$1, sourceFileHandler, runtime) => {
+const patchValFile = async (id, rootDir, patch$1, sourceFileHandler, runtime) => {
   // const timeId = randomUUID();
   // console.time("patchValFile" + timeId);
-  const filePath = sourceFileHandler.resolveSourceModulePath(valConfigPath, `.${id}.val`);
+  const filePath = sourceFileHandler.resolveSourceModulePath(getSyntheticContainingPath(rootDir), `.${id}.val`);
   const sourceFile = sourceFileHandler.getSourceFile(filePath);
   if (!sourceFile) {
     throw Error(`Source file ${filePath} not found`);
@@ -741,9 +745,7 @@ globalThis.valModule = {
   defaultExport: !!valModule?.default,
 };
 `;
-    const result = context.evalCode(code,
-    // Synthetic module name
-    path__namespace["default"].join(rootDirPath, "<val>"));
+    const result = context.evalCode(code, getSyntheticContainingPath(rootDirPath));
     const fatalErrors = [];
     if (result.error) {
       const error = result.error.consume(context.dump);
@@ -1457,7 +1459,6 @@ class ValServer {
       return ensureRes.error;
     }
     const applyPatches = query.patch === "true";
-    const execValidations = query.validate === "true";
     const includeSource = query.source === "true";
     const includeSchema = query.schema === "true";
     const moduleIds = await debugTiming("getAllModules", () => this.getAllModules(treePath));
@@ -1479,8 +1480,9 @@ class ValServer {
       patchesById = res.value.patchesById;
       fileUpdates = res.value.fileUpdates;
     }
+    const validate = false;
     const possiblyPatchedContent = await debugTiming("applyAllPatchesThenValidate", () => Promise.all(moduleIds.map(async moduleId => {
-      return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, execValidations, includeSource, includeSchema);
+      return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, validate, includeSource, includeSchema);
     })));
     const modules = Object.fromEntries(possiblyPatchedContent.map(serializedModuleContent => {
       const module = {
@@ -1535,7 +1537,6 @@ class ValServer {
   /* */
   async applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, validate, includeSource, includeSchema) {
     const serializedModuleContent = await this.getModule(moduleId, {
-      validate: validate,
       source: includeSource,
       schema: includeSchema
     });
@@ -1602,7 +1603,6 @@ class ValServer {
       errors: false
     };
   }
-
   // TODO: name this better: we need to check for image and file validation errors
   // since they cannot be handled directly inside the validation function.
   // The reason is that validate will be called inside QuickJS (in the future, hopefully),
@@ -1620,8 +1620,9 @@ class ValServer {
         )) {
           const fileRef = getValidationErrorFileRef(error);
           if (fileRef) {
+            var _fileUpdates$fileRef;
             const filePath = path__namespace["default"].join(this.cwd, fileRef);
-            let expectedMetadata;
+            let expectedMetadata = await this.getMetadata(fileRef, (_fileUpdates$fileRef = fileUpdates[fileRef]) === null || _fileUpdates$fileRef === void 0 ? void 0 : _fileUpdates$fileRef.sha256);
 
             // if this is a new file or we have an actual FS, we read the file and get the metadata
             if (!expectedMetadata) {
@@ -1803,7 +1804,7 @@ class ValServer {
       const moduleId = moduleIdStr;
       const serializedModuleContent = await this.applyAllPatchesThenValidate(moduleId, filterPatchesByModuleIdRes.data.patches ||
       // TODO: refine to ModuleId and PatchId when parsing
-      patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, true, true, true, true);
+      patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, true, true, true, commit);
       if (serializedModuleContent.errors) {
         validationErrorsByModuleId[moduleId] = serializedModuleContent;
       }
@@ -2168,6 +2169,9 @@ class LocalValServer extends ValServer {
       json: res
     };
   }
+  async getMetadata() {
+    return undefined;
+  }
   async getFiles(filePath, query) {
     if (query.sha256) {
       const fileExists = this.host.fileExists(this.getFilePath(filePath, query.sha256));
@@ -2319,7 +2323,10 @@ class LocalValServer extends ValServer {
     return fp.result.ok(undefined);
   }
   getModule(moduleId, options) {
-    return this.options.service.get(moduleId, "", options);
+    return this.options.service.get(moduleId, "", {
+      ...options,
+      validate: false
+    });
   }
   async getAllModules(treePath) {
     const moduleIds = this.host.readDirectory(this.cwd, ["ts", "js"], ["node_modules", ".*"], ["**/*.val.ts", "**/*.val.js"]).filter(file => {
@@ -2836,12 +2843,33 @@ class ProxyValServer extends ValServer {
       }
     });
   }
+  async getMetadata(filePath, sha256) {
+    const url = new URL(`/v1/metadata/${this.options.remote}${filePath}?commit=${this.options.git.commit}${sha256 ? `&sha256=${sha256}` : ""}`, this.options.valContentUrl);
+    const fetchRes = await fetch(url, {
+      headers: {
+        Authorization: `Bearer ${this.options.apiKey}`
+      }
+    });
+    if (fetchRes.status === 200) {
+      const json = await fetchRes.json();
+      if (json.type === "file") {
+        return json;
+      } else if (json.type === "image") {
+        return json;
+      }
+    }
+    return undefined;
+  }
   async getFiles(filePath, query, _cookies, reqHeaders) {
     const url = new URL(`/v1/files/${this.options.remote}${filePath}`, this.options.valContentUrl);
     if (typeof query.sha256 === "string") {
       url.searchParams.append("sha256", query.sha256);
     }
-    const fetchRes = await fetch(url);
+    const fetchRes = await fetch(url, {
+      headers: {
+        Authorization: `Bearer ${this.options.apiKey}`
+      }
+    });
     if (fetchRes.status === 200) {
       // TODO: does this stream data?
       if (fetchRes.body) {

package/dist/valbuild-server.esm.js

@@ -603,6 +603,10 @@ class TSOps {
   }
 }
 
+function getSyntheticContainingPath(rootDir) {
+  return path__default.join(rootDir, "<val>"); // TODO: this is the synthetic path used when evaluating / patching modules. I am not sure <val> is the best choice: val.ts / js better? But that is weird too. At least now it is clear(er) that it is indeed a synthetic file (i.e. not an actual file)
+}
+
 const ops$1 = new TSOps(document => {
   return pipe(analyzeValModule(document), result.map(({
     source
@@ -610,10 +614,10 @@ const ops$1 = new TSOps(document => {
 });
 
 // TODO: rename to patchValFiles since we may write multiple files
-const patchValFile = async (id, valConfigPath, patch, sourceFileHandler, runtime) => {
+const patchValFile = async (id, rootDir, patch, sourceFileHandler, runtime) => {
   // const timeId = randomUUID();
   // console.time("patchValFile" + timeId);
-  const filePath = sourceFileHandler.resolveSourceModulePath(valConfigPath, `.${id}.val`);
+  const filePath = sourceFileHandler.resolveSourceModulePath(getSyntheticContainingPath(rootDir), `.${id}.val`);
   const sourceFile = sourceFileHandler.getSourceFile(filePath);
   if (!sourceFile) {
     throw Error(`Source file ${filePath} not found`);
@@ -711,9 +715,7 @@ globalThis.valModule = {
   defaultExport: !!valModule?.default,
 };
 `;
-    const result = context.evalCode(code,
-    // Synthetic module name
-    path__default.join(rootDirPath, "<val>"));
+    const result = context.evalCode(code, getSyntheticContainingPath(rootDirPath));
     const fatalErrors = [];
     if (result.error) {
       const error = result.error.consume(context.dump);
@@ -1427,7 +1429,6 @@ class ValServer {
       return ensureRes.error;
     }
     const applyPatches = query.patch === "true";
-    const execValidations = query.validate === "true";
     const includeSource = query.source === "true";
     const includeSchema = query.schema === "true";
     const moduleIds = await debugTiming("getAllModules", () => this.getAllModules(treePath));
@@ -1449,8 +1450,9 @@ class ValServer {
       patchesById = res.value.patchesById;
       fileUpdates = res.value.fileUpdates;
     }
+    const validate = false;
     const possiblyPatchedContent = await debugTiming("applyAllPatchesThenValidate", () => Promise.all(moduleIds.map(async moduleId => {
-      return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, execValidations, includeSource, includeSchema);
+      return this.applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, validate, includeSource, includeSchema);
     })));
     const modules = Object.fromEntries(possiblyPatchedContent.map(serializedModuleContent => {
       const module = {
@@ -1505,7 +1507,6 @@ class ValServer {
   /* */
   async applyAllPatchesThenValidate(moduleId, patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, applyPatches, validate, includeSource, includeSchema) {
     const serializedModuleContent = await this.getModule(moduleId, {
-      validate: validate,
       source: includeSource,
       schema: includeSchema
     });
@@ -1572,7 +1573,6 @@ class ValServer {
       errors: false
     };
   }
-
   // TODO: name this better: we need to check for image and file validation errors
   // since they cannot be handled directly inside the validation function.
   // The reason is that validate will be called inside QuickJS (in the future, hopefully),
@@ -1590,8 +1590,9 @@ class ValServer {
         )) {
           const fileRef = getValidationErrorFileRef(error);
           if (fileRef) {
+            var _fileUpdates$fileRef;
             const filePath = path__default.join(this.cwd, fileRef);
-            let expectedMetadata;
+            let expectedMetadata = await this.getMetadata(fileRef, (_fileUpdates$fileRef = fileUpdates[fileRef]) === null || _fileUpdates$fileRef === void 0 ? void 0 : _fileUpdates$fileRef.sha256);
 
             // if this is a new file or we have an actual FS, we read the file and get the metadata
             if (!expectedMetadata) {
@@ -1773,7 +1774,7 @@ class ValServer {
       const moduleId = moduleIdStr;
       const serializedModuleContent = await this.applyAllPatchesThenValidate(moduleId, filterPatchesByModuleIdRes.data.patches ||
       // TODO: refine to ModuleId and PatchId when parsing
-      patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, true, true, true, true);
+      patchIdsByModuleId, patchesById, fileUpdates, cookies, requestHeaders, true, true, true, commit);
       if (serializedModuleContent.errors) {
         validationErrorsByModuleId[moduleId] = serializedModuleContent;
       }
@@ -2138,6 +2139,9 @@ class LocalValServer extends ValServer {
       json: res
     };
   }
+  async getMetadata() {
+    return undefined;
+  }
   async getFiles(filePath, query) {
     if (query.sha256) {
       const fileExists = this.host.fileExists(this.getFilePath(filePath, query.sha256));
@@ -2289,7 +2293,10 @@ class LocalValServer extends ValServer {
     return result.ok(undefined);
   }
   getModule(moduleId, options) {
-    return this.options.service.get(moduleId, "", options);
+    return this.options.service.get(moduleId, "", {
+      ...options,
+      validate: false
+    });
   }
   async getAllModules(treePath) {
     const moduleIds = this.host.readDirectory(this.cwd, ["ts", "js"], ["node_modules", ".*"], ["**/*.val.ts", "**/*.val.js"]).filter(file => {
@@ -2806,12 +2813,33 @@ class ProxyValServer extends ValServer {
       }
     });
   }
+  async getMetadata(filePath, sha256) {
+    const url = new URL(`/v1/metadata/${this.options.remote}${filePath}?commit=${this.options.git.commit}${sha256 ? `&sha256=${sha256}` : ""}`, this.options.valContentUrl);
+    const fetchRes = await fetch(url, {
+      headers: {
+        Authorization: `Bearer ${this.options.apiKey}`
+      }
+    });
+    if (fetchRes.status === 200) {
+      const json = await fetchRes.json();
+      if (json.type === "file") {
+        return json;
+      } else if (json.type === "image") {
+        return json;
+      }
+    }
+    return undefined;
+  }
   async getFiles(filePath, query, _cookies, reqHeaders) {
     const url = new URL(`/v1/files/${this.options.remote}${filePath}`, this.options.valContentUrl);
     if (typeof query.sha256 === "string") {
       url.searchParams.append("sha256", query.sha256);
     }
-    const fetchRes = await fetch(url);
+    const fetchRes = await fetch(url, {
+      headers: {
+        Authorization: `Bearer ${this.options.apiKey}`
+      }
+    });
     if (fetchRes.status === 200) {
       // TODO: does this stream data?
       if (fetchRes.body) {

package/package.json

@@ -12,7 +12,7 @@
     "./package.json": "./package.json"
   },
   "types": "dist/valbuild-server.cjs.d.ts",
-  "version": "0.60.23",
+  "version": "0.60.27",
   "scripts": {
     "typecheck": "tsc --noEmit",
     "test": "jest",
@@ -24,9 +24,9 @@
     "concurrently": "^7.6.0"
   },
   "dependencies": {
-    "@valbuild/core": "~0.60.23",
-    "@valbuild/shared": "~0.60.23",
-    "@valbuild/ui": "~0.60.23",
+    "@valbuild/core": "~0.60.27",
+    "@valbuild/shared": "~0.60.27",
+    "@valbuild/ui": "~0.60.27",
     "express": "^4.18.2",
     "image-size": "^1.0.2",
     "minimatch": "^3.0.4",