chainlesschain 0.81.0 → 0.132.0

package/src/lib/sso-manager.js

@@ -839,3 +839,335 @@ export function getStats(db) {
     },
   };
 }
+
+// ===== V2 Surface (cli 0.130.0) — in-memory governance =====
+export const PROVIDER_MATURITY_V2 = Object.freeze({
+  PENDING: "pending",
+  ACTIVE: "active",
+  DEPRECATED: "deprecated",
+  RETIRED: "retired",
+});
+export const LOGIN_LIFECYCLE_V2 = Object.freeze({
+  QUEUED: "queued",
+  AUTHENTICATING: "authenticating",
+  AUTHENTICATED: "authenticated",
+  FAILED: "failed",
+  CANCELLED: "cancelled",
+});
+
+const _PM_V2 = PROVIDER_MATURITY_V2;
+const _LL_V2 = LOGIN_LIFECYCLE_V2;
+const _PM_TRANS_V2 = new Map([
+  [_PM_V2.PENDING, new Set([_PM_V2.ACTIVE, _PM_V2.RETIRED])],
+  [_PM_V2.ACTIVE, new Set([_PM_V2.DEPRECATED, _PM_V2.RETIRED])],
+  [_PM_V2.DEPRECATED, new Set([_PM_V2.ACTIVE, _PM_V2.RETIRED])],
+  [_PM_V2.RETIRED, new Set()],
+]);
+const _LL_TRANS_V2 = new Map([
+  [_LL_V2.QUEUED, new Set([_LL_V2.AUTHENTICATING, _LL_V2.CANCELLED])],
+  [
+    _LL_V2.AUTHENTICATING,
+    new Set([_LL_V2.AUTHENTICATED, _LL_V2.FAILED, _LL_V2.CANCELLED]),
+  ],
+  [_LL_V2.AUTHENTICATED, new Set()],
+  [_LL_V2.FAILED, new Set()],
+  [_LL_V2.CANCELLED, new Set()],
+]);
+const _LL_TERM_V2 = new Set([
+  _LL_V2.AUTHENTICATED,
+  _LL_V2.FAILED,
+  _LL_V2.CANCELLED,
+]);
+
+const SSO_DEFAULT_MAX_ACTIVE_PROVIDERS_PER_OWNER = 8;
+const SSO_DEFAULT_MAX_PENDING_LOGINS_PER_PROVIDER = 16;
+const SSO_DEFAULT_PROVIDER_IDLE_MS = 30 * 24 * 60 * 60 * 1000;
+const SSO_DEFAULT_LOGIN_STUCK_MS = 5 * 60 * 1000;
+
+const _ssoProvidersV2 = new Map();
+const _ssoLoginsV2 = new Map();
+let _ssoConfigV2 = {
+  maxActiveProvidersPerOwner: SSO_DEFAULT_MAX_ACTIVE_PROVIDERS_PER_OWNER,
+  maxPendingLoginsPerProvider: SSO_DEFAULT_MAX_PENDING_LOGINS_PER_PROVIDER,
+  providerIdleMs: SSO_DEFAULT_PROVIDER_IDLE_MS,
+  loginStuckMs: SSO_DEFAULT_LOGIN_STUCK_MS,
+};
+
+function _ssoPosIntV2(n, label) {
+  if (typeof n !== "number" || !isFinite(n) || isNaN(n))
+    throw new Error(`${label} must be positive integer`);
+  const v = Math.floor(n);
+  if (v <= 0) throw new Error(`${label} must be positive integer`);
+  return v;
+}
+
+export function _resetStateSsoManagerV2() {
+  _ssoProvidersV2.clear();
+  _ssoLoginsV2.clear();
+  _ssoConfigV2 = {
+    maxActiveProvidersPerOwner: SSO_DEFAULT_MAX_ACTIVE_PROVIDERS_PER_OWNER,
+    maxPendingLoginsPerProvider: SSO_DEFAULT_MAX_PENDING_LOGINS_PER_PROVIDER,
+    providerIdleMs: SSO_DEFAULT_PROVIDER_IDLE_MS,
+    loginStuckMs: SSO_DEFAULT_LOGIN_STUCK_MS,
+  };
+}
+
+export function setMaxActiveProvidersPerOwnerV2(n) {
+  _ssoConfigV2.maxActiveProvidersPerOwner = _ssoPosIntV2(
+    n,
+    "maxActiveProvidersPerOwner",
+  );
+}
+export function setMaxPendingLoginsPerProviderV2(n) {
+  _ssoConfigV2.maxPendingLoginsPerProvider = _ssoPosIntV2(
+    n,
+    "maxPendingLoginsPerProvider",
+  );
+}
+export function setProviderIdleMsV2(n) {
+  _ssoConfigV2.providerIdleMs = _ssoPosIntV2(n, "providerIdleMs");
+}
+export function setLoginStuckMsV2(n) {
+  _ssoConfigV2.loginStuckMs = _ssoPosIntV2(n, "loginStuckMs");
+}
+export function getMaxActiveProvidersPerOwnerV2() {
+  return _ssoConfigV2.maxActiveProvidersPerOwner;
+}
+export function getMaxPendingLoginsPerProviderV2() {
+  return _ssoConfigV2.maxPendingLoginsPerProvider;
+}
+export function getProviderIdleMsV2() {
+  return _ssoConfigV2.providerIdleMs;
+}
+export function getLoginStuckMsV2() {
+  return _ssoConfigV2.loginStuckMs;
+}
+
+function _copyProviderV2(p) {
+  return { ...p, metadata: { ...(p.metadata || {}) } };
+}
+function _copyLoginV2(l) {
+  return { ...l, metadata: { ...(l.metadata || {}) } };
+}
+
+export function registerProviderV2({
+  id,
+  owner,
+  protocol,
+  displayName,
+  metadata,
+} = {}) {
+  if (!id || typeof id !== "string") throw new Error("id required");
+  if (!owner || typeof owner !== "string") throw new Error("owner required");
+  if (!protocol || typeof protocol !== "string")
+    throw new Error("protocol required");
+  if (_ssoProvidersV2.has(id))
+    throw new Error(`provider ${id} already registered`);
+  const now = Date.now();
+  const p = {
+    id,
+    owner,
+    protocol,
+    displayName: displayName || id,
+    status: _PM_V2.PENDING,
+    activatedAt: null,
+    retiredAt: null,
+    lastSeenAt: now,
+    createdAt: now,
+    metadata: metadata && typeof metadata === "object" ? { ...metadata } : {},
+  };
+  _ssoProvidersV2.set(id, p);
+  return _copyProviderV2(p);
+}
+
+function _activeProviderCountForOwnerV2(owner) {
+  let c = 0;
+  for (const p of _ssoProvidersV2.values())
+    if (p.owner === owner && p.status === _PM_V2.ACTIVE) c++;
+  return c;
+}
+
+function _transitionProviderV2(id, next) {
+  const p = _ssoProvidersV2.get(id);
+  if (!p) throw new Error(`provider ${id} not found`);
+  const allowed = _PM_TRANS_V2.get(p.status);
+  if (!allowed || !allowed.has(next))
+    throw new Error(`invalid transition ${p.status} -> ${next}`);
+  if (next === _PM_V2.ACTIVE && p.status === _PM_V2.PENDING) {
+    if (
+      _activeProviderCountForOwnerV2(p.owner) >=
+      _ssoConfigV2.maxActiveProvidersPerOwner
+    ) {
+      throw new Error(
+        `owner ${p.owner} active-provider cap reached (${_ssoConfigV2.maxActiveProvidersPerOwner})`,
+      );
+    }
+  }
+  const now = Date.now();
+  p.status = next;
+  if (next === _PM_V2.ACTIVE && !p.activatedAt) p.activatedAt = now;
+  if (next === _PM_V2.RETIRED && !p.retiredAt) p.retiredAt = now;
+  p.lastSeenAt = now;
+  return _copyProviderV2(p);
+}
+
+export function activateProviderV2(id) {
+  return _transitionProviderV2(id, _PM_V2.ACTIVE);
+}
+export function deprecateProviderV2(id) {
+  return _transitionProviderV2(id, _PM_V2.DEPRECATED);
+}
+export function retireProviderV2(id) {
+  return _transitionProviderV2(id, _PM_V2.RETIRED);
+}
+export function touchProviderV2(id) {
+  const p = _ssoProvidersV2.get(id);
+  if (!p) throw new Error(`provider ${id} not found`);
+  p.lastSeenAt = Date.now();
+  return _copyProviderV2(p);
+}
+export function getProviderV2(id) {
+  const p = _ssoProvidersV2.get(id);
+  return p ? _copyProviderV2(p) : null;
+}
+export function listProvidersV2({ owner, status, protocol } = {}) {
+  const out = [];
+  for (const p of _ssoProvidersV2.values()) {
+    if (owner && p.owner !== owner) continue;
+    if (status && p.status !== status) continue;
+    if (protocol && p.protocol !== protocol) continue;
+    out.push(_copyProviderV2(p));
+  }
+  return out;
+}
+
+function _pendingLoginCountForProviderV2(providerId) {
+  let c = 0;
+  for (const l of _ssoLoginsV2.values()) {
+    if (l.providerId !== providerId) continue;
+    if (l.status === _LL_V2.QUEUED || l.status === _LL_V2.AUTHENTICATING) c++;
+  }
+  return c;
+}
+
+export function createLoginV2({ id, providerId, subject, metadata } = {}) {
+  if (!id || typeof id !== "string") throw new Error("id required");
+  if (!providerId || typeof providerId !== "string")
+    throw new Error("providerId required");
+  if (_ssoLoginsV2.has(id)) throw new Error(`login ${id} already exists`);
+  const provider = _ssoProvidersV2.get(providerId);
+  if (!provider) throw new Error(`provider ${providerId} not found`);
+  if (provider.status === _PM_V2.RETIRED)
+    throw new Error(`provider ${providerId} retired`);
+  if (
+    _pendingLoginCountForProviderV2(providerId) >=
+    _ssoConfigV2.maxPendingLoginsPerProvider
+  ) {
+    throw new Error(
+      `provider ${providerId} pending-login cap reached (${_ssoConfigV2.maxPendingLoginsPerProvider})`,
+    );
+  }
+  const now = Date.now();
+  const l = {
+    id,
+    providerId,
+    subject: subject || "anonymous",
+    status: _LL_V2.QUEUED,
+    startedAt: null,
+    settledAt: null,
+    createdAt: now,
+    metadata: metadata && typeof metadata === "object" ? { ...metadata } : {},
+  };
+  _ssoLoginsV2.set(id, l);
+  return _copyLoginV2(l);
+}
+
+function _transitionLoginV2(id, next, extra = {}) {
+  const l = _ssoLoginsV2.get(id);
+  if (!l) throw new Error(`login ${id} not found`);
+  const allowed = _LL_TRANS_V2.get(l.status);
+  if (!allowed || !allowed.has(next))
+    throw new Error(`invalid transition ${l.status} -> ${next}`);
+  const now = Date.now();
+  l.status = next;
+  if (next === _LL_V2.AUTHENTICATING && !l.startedAt) l.startedAt = now;
+  if (_LL_TERM_V2.has(next) && !l.settledAt) l.settledAt = now;
+  if (extra.error) l.metadata.error = extra.error;
+  return _copyLoginV2(l);
+}
+
+export function startLoginV2(id) {
+  return _transitionLoginV2(id, _LL_V2.AUTHENTICATING);
+}
+export function completeLoginV2(id) {
+  return _transitionLoginV2(id, _LL_V2.AUTHENTICATED);
+}
+export function failLoginV2(id, error) {
+  return _transitionLoginV2(id, _LL_V2.FAILED, { error });
+}
+export function cancelLoginV2(id) {
+  return _transitionLoginV2(id, _LL_V2.CANCELLED);
+}
+
+export function getLoginV2(id) {
+  const l = _ssoLoginsV2.get(id);
+  return l ? _copyLoginV2(l) : null;
+}
+export function listLoginsV2({ providerId, status, subject } = {}) {
+  const out = [];
+  for (const l of _ssoLoginsV2.values()) {
+    if (providerId && l.providerId !== providerId) continue;
+    if (status && l.status !== status) continue;
+    if (subject && l.subject !== subject) continue;
+    out.push(_copyLoginV2(l));
+  }
+  return out;
+}
+
+export function autoDeprecateIdleProvidersV2({ now } = {}) {
+  const t = typeof now === "number" ? now : Date.now();
+  const flipped = [];
+  for (const p of _ssoProvidersV2.values()) {
+    if (p.status !== _PM_V2.ACTIVE) continue;
+    if (t - p.lastSeenAt > _ssoConfigV2.providerIdleMs) {
+      p.status = _PM_V2.DEPRECATED;
+      p.lastSeenAt = t;
+      flipped.push(_copyProviderV2(p));
+    }
+  }
+  return flipped;
+}
+
+export function autoFailStuckLoginsV2({ now } = {}) {
+  const t = typeof now === "number" ? now : Date.now();
+  const flipped = [];
+  for (const l of _ssoLoginsV2.values()) {
+    if (l.status !== _LL_V2.AUTHENTICATING) continue;
+    if (l.startedAt && t - l.startedAt > _ssoConfigV2.loginStuckMs) {
+      l.status = _LL_V2.FAILED;
+      l.settledAt = t;
+      l.metadata.error = "stuck-timeout";
+      flipped.push(_copyLoginV2(l));
+    }
+  }
+  return flipped;
+}
+
+export function getSsoManagerStatsV2() {
+  const providersByStatus = {};
+  for (const s of Object.values(_PM_V2)) providersByStatus[s] = 0;
+  for (const p of _ssoProvidersV2.values()) providersByStatus[p.status]++;
+  const loginsByStatus = {};
+  for (const s of Object.values(_LL_V2)) loginsByStatus[s] = 0;
+  for (const l of _ssoLoginsV2.values()) loginsByStatus[l.status]++;
+  return {
+    totalProvidersV2: _ssoProvidersV2.size,
+    totalLoginsV2: _ssoLoginsV2.size,
+    maxActiveProvidersPerOwner: _ssoConfigV2.maxActiveProvidersPerOwner,
+    maxPendingLoginsPerProvider: _ssoConfigV2.maxPendingLoginsPerProvider,
+    providerIdleMs: _ssoConfigV2.providerIdleMs,
+    loginStuckMs: _ssoConfigV2.loginStuckMs,
+    providersByStatus,
+    loginsByStatus,
+  };
+}

package/src/lib/sync-manager.js

@@ -345,3 +345,329 @@ export function clearSyncData(db) {
   db.prepare("DELETE FROM sync_log").run();
   return true;
 }
+
+/* ═══════════════════════════════════════════════════════════════
+ * V2 Surface — Sync Manager governance layer.
+ * Tracks tracked-resource maturity + sync-run lifecycle independent
+ * of legacy registerResource/pushResources/pullResources flows above.
+ * ═══════════════════════════════════════════════════════════════ */
+
+export const RESOURCE_MATURITY_V2 = Object.freeze({
+  PENDING: "pending",
+  ACTIVE: "active",
+  PAUSED: "paused",
+  ARCHIVED: "archived",
+});
+
+export const SYNC_RUN_V2 = Object.freeze({
+  QUEUED: "queued",
+  RUNNING: "running",
+  SUCCEEDED: "succeeded",
+  FAILED: "failed",
+  CANCELLED: "cancelled",
+});
+
+const RESOURCE_TRANSITIONS_V2 = new Map([
+  ["pending", new Set(["active", "archived"])],
+  ["active", new Set(["paused", "archived"])],
+  ["paused", new Set(["active", "archived"])],
+  ["archived", new Set()],
+]);
+const RESOURCE_TERMINALS_V2 = new Set(["archived"]);
+
+const RUN_TRANSITIONS_V2 = new Map([
+  ["queued", new Set(["running", "cancelled"])],
+  ["running", new Set(["succeeded", "failed", "cancelled"])],
+  ["succeeded", new Set()],
+  ["failed", new Set()],
+  ["cancelled", new Set()],
+]);
+const RUN_TERMINALS_V2 = new Set(["succeeded", "failed", "cancelled"]);
+
+export const SYNC_DEFAULT_MAX_ACTIVE_RESOURCES_PER_OWNER = 200;
+export const SYNC_DEFAULT_MAX_RUNNING_RUNS_PER_RESOURCE = 1;
+export const SYNC_DEFAULT_RESOURCE_IDLE_MS = 1000 * 60 * 60 * 24 * 30; // 30 days
+export const SYNC_DEFAULT_RUN_STUCK_MS = 1000 * 60 * 15; // 15 min
+
+const _resourcesV2 = new Map();
+const _runsV2 = new Map();
+let _maxActiveResourcesPerOwnerV2 = SYNC_DEFAULT_MAX_ACTIVE_RESOURCES_PER_OWNER;
+let _maxRunningRunsPerResourceV2 = SYNC_DEFAULT_MAX_RUNNING_RUNS_PER_RESOURCE;
+let _resourceIdleMsV2 = SYNC_DEFAULT_RESOURCE_IDLE_MS;
+let _runStuckMsV2 = SYNC_DEFAULT_RUN_STUCK_MS;
+
+function _posIntSyncV2(n, label) {
+  const v = Math.floor(Number(n));
+  if (!Number.isFinite(v) || v <= 0)
+    throw new Error(`${label} must be a positive integer`);
+  return v;
+}
+
+export function getMaxActiveResourcesPerOwnerV2() {
+  return _maxActiveResourcesPerOwnerV2;
+}
+export function setMaxActiveResourcesPerOwnerV2(n) {
+  _maxActiveResourcesPerOwnerV2 = _posIntSyncV2(
+    n,
+    "maxActiveResourcesPerOwner",
+  );
+}
+export function getMaxRunningRunsPerResourceV2() {
+  return _maxRunningRunsPerResourceV2;
+}
+export function setMaxRunningRunsPerResourceV2(n) {
+  _maxRunningRunsPerResourceV2 = _posIntSyncV2(n, "maxRunningRunsPerResource");
+}
+export function getResourceIdleMsV2() {
+  return _resourceIdleMsV2;
+}
+export function setResourceIdleMsV2(n) {
+  _resourceIdleMsV2 = _posIntSyncV2(n, "resourceIdleMs");
+}
+export function getRunStuckMsV2() {
+  return _runStuckMsV2;
+}
+export function setRunStuckMsV2(n) {
+  _runStuckMsV2 = _posIntSyncV2(n, "runStuckMs");
+}
+
+export function getActiveResourceCountV2(owner) {
+  let n = 0;
+  for (const r of _resourcesV2.values()) {
+    if (r.owner === owner && r.status === "active") n += 1;
+  }
+  return n;
+}
+
+export function getRunningRunCountV2(resourceId) {
+  let n = 0;
+  for (const j of _runsV2.values()) {
+    if (j.resourceId === resourceId && j.status === "running") n += 1;
+  }
+  return n;
+}
+
+function _copyResV2(r) {
+  return { ...r, metadata: { ...r.metadata } };
+}
+function _copyRunV2(j) {
+  return { ...j, metadata: { ...j.metadata } };
+}
+
+export function registerResourceV2(
+  id,
+  { owner, kind, metadata = {}, now = Date.now() } = {},
+) {
+  if (!id || typeof id !== "string") throw new Error("id must be a string");
+  if (!owner || typeof owner !== "string")
+    throw new Error("owner must be a string");
+  if (!kind || typeof kind !== "string")
+    throw new Error("kind must be a string");
+  if (_resourcesV2.has(id)) throw new Error(`resource ${id} already exists`);
+  const r = {
+    id,
+    owner,
+    kind,
+    status: "pending",
+    createdAt: now,
+    lastSeenAt: now,
+    activatedAt: null,
+    archivedAt: null,
+    metadata: { ...metadata },
+  };
+  _resourcesV2.set(id, r);
+  return _copyResV2(r);
+}
+
+export function getResourceV2(id) {
+  const r = _resourcesV2.get(id);
+  return r ? _copyResV2(r) : null;
+}
+
+export function listResourcesV2({ owner, kind, status } = {}) {
+  const out = [];
+  for (const r of _resourcesV2.values()) {
+    if (owner && r.owner !== owner) continue;
+    if (kind && r.kind !== kind) continue;
+    if (status && r.status !== status) continue;
+    out.push(_copyResV2(r));
+  }
+  return out;
+}
+
+export function setResourceStatusV2(id, next, { now = Date.now() } = {}) {
+  const r = _resourcesV2.get(id);
+  if (!r) throw new Error(`resource ${id} not found`);
+  if (!RESOURCE_TRANSITIONS_V2.has(next))
+    throw new Error(`unknown resource status: ${next}`);
+  if (RESOURCE_TERMINALS_V2.has(r.status))
+    throw new Error(`resource ${id} is in terminal state ${r.status}`);
+  const allowed = RESOURCE_TRANSITIONS_V2.get(r.status);
+  if (!allowed.has(next))
+    throw new Error(`cannot transition resource from ${r.status} to ${next}`);
+  if (next === "active") {
+    if (r.status === "pending") {
+      const count = getActiveResourceCountV2(r.owner);
+      if (count >= _maxActiveResourcesPerOwnerV2)
+        throw new Error(
+          `owner ${r.owner} already at active-resource cap (${_maxActiveResourcesPerOwnerV2})`,
+        );
+    }
+    if (!r.activatedAt) r.activatedAt = now;
+  }
+  if (next === "archived" && !r.archivedAt) r.archivedAt = now;
+  r.status = next;
+  r.lastSeenAt = now;
+  return _copyResV2(r);
+}
+
+export function activateResourceV2(id, opts) {
+  return setResourceStatusV2(id, "active", opts);
+}
+export function pauseResourceV2(id, opts) {
+  return setResourceStatusV2(id, "paused", opts);
+}
+export function archiveResourceV2(id, opts) {
+  return setResourceStatusV2(id, "archived", opts);
+}
+
+export function touchResourceV2(id, { now = Date.now() } = {}) {
+  const r = _resourcesV2.get(id);
+  if (!r) throw new Error(`resource ${id} not found`);
+  r.lastSeenAt = now;
+  return _copyResV2(r);
+}
+
+export function createSyncRunV2(
+  id,
+  { resourceId, kind = "push", metadata = {}, now = Date.now() } = {},
+) {
+  if (!id || typeof id !== "string") throw new Error("id must be a string");
+  if (!resourceId || typeof resourceId !== "string")
+    throw new Error("resourceId must be a string");
+  if (_runsV2.has(id)) throw new Error(`syncRun ${id} already exists`);
+  const j = {
+    id,
+    resourceId,
+    kind,
+    status: "queued",
+    createdAt: now,
+    lastSeenAt: now,
+    startedAt: null,
+    finishedAt: null,
+    metadata: { ...metadata },
+  };
+  _runsV2.set(id, j);
+  return _copyRunV2(j);
+}
+
+export function getSyncRunV2(id) {
+  const j = _runsV2.get(id);
+  return j ? _copyRunV2(j) : null;
+}
+
+export function listSyncRunsV2({ resourceId, status } = {}) {
+  const out = [];
+  for (const j of _runsV2.values()) {
+    if (resourceId && j.resourceId !== resourceId) continue;
+    if (status && j.status !== status) continue;
+    out.push(_copyRunV2(j));
+  }
+  return out;
+}
+
+export function setSyncRunStatusV2(id, next, { now = Date.now() } = {}) {
+  const j = _runsV2.get(id);
+  if (!j) throw new Error(`syncRun ${id} not found`);
+  if (!RUN_TRANSITIONS_V2.has(next))
+    throw new Error(`unknown syncRun status: ${next}`);
+  if (RUN_TERMINALS_V2.has(j.status))
+    throw new Error(`syncRun ${id} is in terminal state ${j.status}`);
+  const allowed = RUN_TRANSITIONS_V2.get(j.status);
+  if (!allowed.has(next))
+    throw new Error(`cannot transition syncRun from ${j.status} to ${next}`);
+  if (next === "running" && j.status === "queued") {
+    const count = getRunningRunCountV2(j.resourceId);
+    if (count >= _maxRunningRunsPerResourceV2)
+      throw new Error(
+        `resource ${j.resourceId} already at running-run cap (${_maxRunningRunsPerResourceV2})`,
+      );
+    if (!j.startedAt) j.startedAt = now;
+  }
+  if (RUN_TERMINALS_V2.has(next) && !j.finishedAt) j.finishedAt = now;
+  j.status = next;
+  j.lastSeenAt = now;
+  return _copyRunV2(j);
+}
+
+export function startSyncRunV2(id, opts) {
+  return setSyncRunStatusV2(id, "running", opts);
+}
+export function succeedSyncRunV2(id, opts) {
+  return setSyncRunStatusV2(id, "succeeded", opts);
+}
+export function failSyncRunV2(id, opts) {
+  return setSyncRunStatusV2(id, "failed", opts);
+}
+export function cancelSyncRunV2(id, opts) {
+  return setSyncRunStatusV2(id, "cancelled", opts);
+}
+
+export function autoArchiveIdleResourcesV2({ now = Date.now() } = {}) {
+  const flipped = [];
+  for (const r of _resourcesV2.values()) {
+    if (r.status === "archived" || r.status === "pending") continue;
+    if (now - r.lastSeenAt > _resourceIdleMsV2) {
+      r.status = "archived";
+      r.lastSeenAt = now;
+      if (!r.archivedAt) r.archivedAt = now;
+      flipped.push(_copyResV2(r));
+    }
+  }
+  return flipped;
+}
+
+export function autoFailStuckSyncRunsV2({ now = Date.now() } = {}) {
+  const flipped = [];
+  for (const j of _runsV2.values()) {
+    if (j.status !== "running") continue;
+    const ref = j.startedAt ?? j.lastSeenAt;
+    if (now - ref > _runStuckMsV2) {
+      j.status = "failed";
+      j.lastSeenAt = now;
+      if (!j.finishedAt) j.finishedAt = now;
+      flipped.push(_copyRunV2(j));
+    }
+  }
+  return flipped;
+}
+
+export function getSyncManagerStatsV2() {
+  const resourcesByStatus = {};
+  for (const v of Object.values(RESOURCE_MATURITY_V2)) resourcesByStatus[v] = 0;
+  for (const r of _resourcesV2.values()) resourcesByStatus[r.status] += 1;
+
+  const runsByStatus = {};
+  for (const v of Object.values(SYNC_RUN_V2)) runsByStatus[v] = 0;
+  for (const j of _runsV2.values()) runsByStatus[j.status] += 1;
+
+  return {
+    totalResourcesV2: _resourcesV2.size,
+    totalSyncRunsV2: _runsV2.size,
+    maxActiveResourcesPerOwner: _maxActiveResourcesPerOwnerV2,
+    maxRunningRunsPerResource: _maxRunningRunsPerResourceV2,
+    resourceIdleMs: _resourceIdleMsV2,
+    runStuckMs: _runStuckMsV2,
+    resourcesByStatus,
+    runsByStatus,
+  };
+}
+
+export function _resetStateSyncManagerV2() {
+  _resourcesV2.clear();
+  _runsV2.clear();
+  _maxActiveResourcesPerOwnerV2 = SYNC_DEFAULT_MAX_ACTIVE_RESOURCES_PER_OWNER;
+  _maxRunningRunsPerResourceV2 = SYNC_DEFAULT_MAX_RUNNING_RUNS_PER_RESOURCE;
+  _resourceIdleMsV2 = SYNC_DEFAULT_RESOURCE_IDLE_MS;
+  _runStuckMsV2 = SYNC_DEFAULT_RUN_STUCK_MS;
+}