@venturewild/workspace 0.5.3 → 0.6.1

package/server/src/workspaces.mjs

@@ -1,145 +1,145 @@
-// WorkspaceRails — the shared-workspace membership client (multi-host step 2).
-//
-// A thin client over bmo-sync's POST /api/workspaces/{create,list,members/add,
-// members/remove} (account-token self-authed, exactly like canvas-rails.mjs).
-// The caller (owner/member) is DERIVED server-side from the account token, so a
-// caller can only act as itself.
-//
-// Unlike CanvasRails (which degrades silently to a local cache), these are
-// operator/dev affordances driven by `wild-workspace workspace …`, so the
-// methods SURFACE the rails' error code + message instead of collapsing to a
-// bare false — the human running the command needs to see "slug_taken" /
-// "not_owner" / "no_such_account". Network failures still never throw: they
-// resolve to { ok:false, status:0, code:'unreachable' }.
-//
-// This is the FOUNDATION client — there is no App.jsx / lobby UI yet (that's the
-// lobby's job). The CLI is the only consumer.
-
-const DEFAULT_TIMEOUT_MS = 5000;
-
-export class WorkspaceRails {
-  constructor({
-    bmoSyncUrl,
-    accountToken,
-    timeoutMs = DEFAULT_TIMEOUT_MS,
-    fetchImpl = (...a) => globalThis.fetch(...a),
-  } = {}) {
-    this.bmoSyncUrl = bmoSyncUrl ? bmoSyncUrl.replace(/\/$/, '') : null;
-    this.accountToken = accountToken || null;
-    this.timeoutMs = timeoutMs;
-    this.fetchImpl = fetchImpl;
-    // Inert without a token (can't key it) or without a server URL.
-    this.capable = Boolean(this.accountToken) && Boolean(this.bmoSyncUrl);
-  }
-
-  /**
-   * POST to a workspaces endpoint with the account token folded in.
-   * @returns {Promise<{ok:boolean, status:number, data:object|null, code?:string, message?:string}>}
-   *   ok:true  → 2xx; `data` is the parsed body.
-   *   ok:false → a 4xx/5xx (carries the rails' {code,message}) OR a transport
-   *              failure (status 0, code 'unreachable' / 'not_configured').
-   */
-  async _post(path, body) {
-    if (!this.capable) {
-      return { ok: false, status: 0, data: null, code: 'not_configured', message: 'not logged in / no rails URL' };
-    }
-    const ctrl = new AbortController();
-    const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);
-    if (timer.unref) timer.unref();
-    try {
-      const r = await this.fetchImpl(`${this.bmoSyncUrl}${path}`, {
-        method: 'POST',
-        headers: { 'content-type': 'application/json' },
-        body: JSON.stringify({ account_token: this.accountToken, ...body }),
-        signal: ctrl.signal,
-      });
-      const data = await r.json().catch(() => null);
-      if (r.ok) return { ok: true, status: r.status, data };
-      return {
-        ok: false,
-        status: r.status,
-        data,
-        code: data?.code || `http_${r.status}`,
-        message: data?.message || `HTTP ${r.status}`,
-      };
-    } catch (e) {
-      return { ok: false, status: 0, data: null, code: 'unreachable', message: String(e?.message || e) };
-    } finally {
-      clearTimeout(timer);
-    }
-  }
-
-  /** Create a shared workspace. `slug` is optional (the rails auto-suggest from name). */
-  create(name, slug = null) {
-    const body = { name };
-    if (slug) body.slug = slug;
-    return this._post('/api/workspaces/create', body);
-  }
-
-  /** The shared workspaces this account belongs to. */
-  list() {
-    return this._post('/api/workspaces/list', {});
-  }
-
-  /**
-   * Add a member by email (owner-only). If the email has no account yet the
-   * rails records a PENDING invite (`data.pending === true`) instead of an
-   * active membership; the person claims it by signing in + Join.
-   */
-  addMember(slug, email) {
-    return this._post('/api/workspaces/members/add', { slug, member_email: email });
-  }
-
-  /**
-   * Claim membership at Join time. Activates a pending invite addressed to this
-   * account's own VERIFIED email; a no-op for an already-active member. Returns
-   * `{ok, data:{role, name, owner_email, claimed}}` or a 403 `not_a_member`.
-   */
-  claim(slug) {
-    return this._post('/api/workspaces/claim', { slug });
-  }
-
-  /**
-   * Mint a file-sync pass for a shared workspace this account belongs to
-   * (Slice 3). Returns `{ok, data:{project_code, invite_code, expires_at}}` — the
-   * daemon redeems `invite_code` to pair the folder and start replicating. The
-   * project is provisioned lazily server-side; the code is stable, the invite is
-   * one-shot (each call mints a fresh one). A non-member → 403 `not_a_member`.
-   */
-  syncCredential(slug) {
-    return this._post('/api/workspaces/sync-credential', { slug });
-  }
-
-  /**
-   * The roster of a shared workspace this account belongs to (R2). Returns
-   * `{ok, data:{members:[{account_id,email,role,status,added_at}]}}` — active
-   * members + pending invites (status:'invited'). `is_active_member`-gated; a
-   * non-member → 403 `not_a_member`.
-   */
-  members(slug) {
-    return this._post('/api/workspaces/members/list', { slug });
-  }
-
-  /** Remove a member by email or accountId (owner-only; the owner can't be removed). */
-  removeMember(slug, ref) {
-    const body = { slug };
-    if (ref && typeof ref === 'object') {
-      if (ref.accountId) body.account_id = ref.accountId;
-      else if (ref.email) body.member_email = ref.email;
-    } else if (typeof ref === 'string') {
-      // Heuristic: an '@' means an email, otherwise treat it as an account id.
-      if (ref.includes('@')) body.member_email = ref;
-      else body.account_id = ref;
-    }
-    return this._post('/api/workspaces/members/remove', body);
-  }
-}
-
-/** Build the client from server config + account (or an inert one when logged out). */
-export function createWorkspaceRails(config, account, fetchImpl) {
-  return new WorkspaceRails({
-    bmoSyncUrl: config?.bmoSyncServerUrl,
-    accountToken: account?.accountToken,
-    fetchImpl,
-  });
-}
+// WorkspaceRails — the shared-workspace membership client (multi-host step 2).
+//
+// A thin client over bmo-sync's POST /api/workspaces/{create,list,members/add,
+// members/remove} (account-token self-authed, exactly like canvas-rails.mjs).
+// The caller (owner/member) is DERIVED server-side from the account token, so a
+// caller can only act as itself.
+//
+// Unlike CanvasRails (which degrades silently to a local cache), these are
+// operator/dev affordances driven by `wild-workspace workspace …`, so the
+// methods SURFACE the rails' error code + message instead of collapsing to a
+// bare false — the human running the command needs to see "slug_taken" /
+// "not_owner" / "no_such_account". Network failures still never throw: they
+// resolve to { ok:false, status:0, code:'unreachable' }.
+//
+// This is the FOUNDATION client — there is no App.jsx / lobby UI yet (that's the
+// lobby's job). The CLI is the only consumer.
+
+const DEFAULT_TIMEOUT_MS = 5000;
+
+export class WorkspaceRails {
+  constructor({
+    bmoSyncUrl,
+    accountToken,
+    timeoutMs = DEFAULT_TIMEOUT_MS,
+    fetchImpl = (...a) => globalThis.fetch(...a),
+  } = {}) {
+    this.bmoSyncUrl = bmoSyncUrl ? bmoSyncUrl.replace(/\/$/, '') : null;
+    this.accountToken = accountToken || null;
+    this.timeoutMs = timeoutMs;
+    this.fetchImpl = fetchImpl;
+    // Inert without a token (can't key it) or without a server URL.
+    this.capable = Boolean(this.accountToken) && Boolean(this.bmoSyncUrl);
+  }
+
+  /**
+   * POST to a workspaces endpoint with the account token folded in.
+   * @returns {Promise<{ok:boolean, status:number, data:object|null, code?:string, message?:string}>}
+   *   ok:true  → 2xx; `data` is the parsed body.
+   *   ok:false → a 4xx/5xx (carries the rails' {code,message}) OR a transport
+   *              failure (status 0, code 'unreachable' / 'not_configured').
+   */
+  async _post(path, body) {
+    if (!this.capable) {
+      return { ok: false, status: 0, data: null, code: 'not_configured', message: 'not logged in / no rails URL' };
+    }
+    const ctrl = new AbortController();
+    const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);
+    if (timer.unref) timer.unref();
+    try {
+      const r = await this.fetchImpl(`${this.bmoSyncUrl}${path}`, {
+        method: 'POST',
+        headers: { 'content-type': 'application/json' },
+        body: JSON.stringify({ account_token: this.accountToken, ...body }),
+        signal: ctrl.signal,
+      });
+      const data = await r.json().catch(() => null);
+      if (r.ok) return { ok: true, status: r.status, data };
+      return {
+        ok: false,
+        status: r.status,
+        data,
+        code: data?.code || `http_${r.status}`,
+        message: data?.message || `HTTP ${r.status}`,
+      };
+    } catch (e) {
+      return { ok: false, status: 0, data: null, code: 'unreachable', message: String(e?.message || e) };
+    } finally {
+      clearTimeout(timer);
+    }
+  }
+
+  /** Create a shared workspace. `slug` is optional (the rails auto-suggest from name). */
+  create(name, slug = null) {
+    const body = { name };
+    if (slug) body.slug = slug;
+    return this._post('/api/workspaces/create', body);
+  }
+
+  /** The shared workspaces this account belongs to. */
+  list() {
+    return this._post('/api/workspaces/list', {});
+  }
+
+  /**
+   * Add a member by email (owner-only). If the email has no account yet the
+   * rails records a PENDING invite (`data.pending === true`) instead of an
+   * active membership; the person claims it by signing in + Join.
+   */
+  addMember(slug, email) {
+    return this._post('/api/workspaces/members/add', { slug, member_email: email });
+  }
+
+  /**
+   * Claim membership at Join time. Activates a pending invite addressed to this
+   * account's own VERIFIED email; a no-op for an already-active member. Returns
+   * `{ok, data:{role, name, owner_email, claimed}}` or a 403 `not_a_member`.
+   */
+  claim(slug) {
+    return this._post('/api/workspaces/claim', { slug });
+  }
+
+  /**
+   * Mint a file-sync pass for a shared workspace this account belongs to
+   * (Slice 3). Returns `{ok, data:{project_code, invite_code, expires_at}}` — the
+   * daemon redeems `invite_code` to pair the folder and start replicating. The
+   * project is provisioned lazily server-side; the code is stable, the invite is
+   * one-shot (each call mints a fresh one). A non-member → 403 `not_a_member`.
+   */
+  syncCredential(slug) {
+    return this._post('/api/workspaces/sync-credential', { slug });
+  }
+
+  /**
+   * The roster of a shared workspace this account belongs to (R2). Returns
+   * `{ok, data:{members:[{account_id,email,role,status,added_at}]}}` — active
+   * members + pending invites (status:'invited'). `is_active_member`-gated; a
+   * non-member → 403 `not_a_member`.
+   */
+  members(slug) {
+    return this._post('/api/workspaces/members/list', { slug });
+  }
+
+  /** Remove a member by email or accountId (owner-only; the owner can't be removed). */
+  removeMember(slug, ref) {
+    const body = { slug };
+    if (ref && typeof ref === 'object') {
+      if (ref.accountId) body.account_id = ref.accountId;
+      else if (ref.email) body.member_email = ref.email;
+    } else if (typeof ref === 'string') {
+      // Heuristic: an '@' means an email, otherwise treat it as an account id.
+      if (ref.includes('@')) body.member_email = ref;
+      else body.account_id = ref;
+    }
+    return this._post('/api/workspaces/members/remove', body);
+  }
+}
+
+/** Build the client from server config + account (or an inert one when logged out). */
+export function createWorkspaceRails(config, account, fetchImpl) {
+  return new WorkspaceRails({
+    bmoSyncUrl: config?.bmoSyncServerUrl,
+    accountToken: account?.accountToken,
+    fetchImpl,
+  });
+}