everything-dev 1.7.2 → 1.8.1

package/src/config.ts

@@ -122,6 +122,18 @@ export async function buildRuntimePluginsForConfig(
   return Object.keys(plugins).length > 0 ? plugins : undefined;
 }
 
+function resolveDevelopmentTarget(
+  development: string | undefined,
+  production: string | undefined,
+  baseDir: string,
+): RuntimeTarget {
+  const devTarget = resolveRuntimeTarget(development, baseDir);
+  if (devTarget.source === "local" && (!devTarget.localPath || !existsSync(devTarget.localPath))) {
+    return resolveRuntimeTarget(production, baseDir, "remote");
+  }
+  return devTarget;
+}
+
 function buildRuntimeConfig(
   config: BosConfig,
   baseDir: string,
@@ -133,28 +145,43 @@ function buildRuntimeConfig(
   const authConfig = config.app.auth;
   const uiRuntime =
     env === "development"
-      ? resolveRuntimeTarget(uiConfig.development, baseDir)
+      ? resolveDevelopmentTarget(uiConfig.development, uiConfig.production, baseDir)
       : resolveRuntimeTarget(uiConfig.production, baseDir, "remote");
   const apiRuntime =
     env === "development"
-      ? resolveRuntimeTarget(apiConfig.development, baseDir)
+      ? resolveDevelopmentTarget(apiConfig.development, apiConfig.production, baseDir)
       : resolveRuntimeTarget(apiConfig.production, baseDir, "remote");
   const authRuntime = authConfig
     ? env === "development"
-      ? resolveRuntimeTarget(authConfig.development, baseDir)
+      ? resolveDevelopmentTarget(authConfig.development, authConfig.production, baseDir)
       : resolveRuntimeTarget(authConfig.production, baseDir, "remote")
     : undefined;
 
+  const hostConfig = config.app.host;
+  const hostRuntime =
+    env === "development"
+      ? resolveDevelopmentTarget(hostConfig.development, hostConfig.production, baseDir)
+      : resolveRuntimeTarget(hostConfig.production, baseDir, "remote");
+
+  const hostListeningUrl = resolveDevelopmentHostUrl(hostConfig.development);
+
   return {
     env,
     account: config.account,
     domain: config.domain,
     networkId: getNetworkIdForAccount(config.account),
     repository: config.repository,
-    hostUrl:
-      env === "development"
-        ? resolveDevelopmentHostUrl(config.app.host.development)
-        : config.app.host.production,
+    host: {
+      name: "host",
+      url: hostListeningUrl,
+      entry: `${hostListeningUrl}/mf-manifest.json`,
+      localPath: hostRuntime.localPath,
+      port: hostRuntime.port ?? DEFAULT_HOST_PORT,
+      secrets: hostConfig.secrets,
+      integrity: env === "production" ? hostConfig.integrity : undefined,
+      source: hostRuntime.source,
+      remoteUrl: hostRuntime.source === "remote" ? hostRuntime.url : undefined,
+    },
     shared: config.shared,
     ui: {
       name: uiConfig.name,
@@ -464,10 +491,15 @@ function resolveRuntimeTarget(
       throw new Error(`Invalid local development target: ${value}`);
     }
 
+    const localPath = resolve(baseDir, localTarget);
+    if (!existsSync(localPath)) {
+      return { source: defaultSource, url: "" };
+    }
+
     return {
       source: "local",
       url: "",
-      localPath: resolve(baseDir, localTarget),
+      localPath,
     };
   }
 

package/src/contract.ts

@@ -5,6 +5,7 @@ export const DevOptionsSchema = z.object({
   host: SourceModeSchema.default("local"),
   ui: SourceModeSchema.default("local"),
   api: SourceModeSchema.default("local"),
+  auth: SourceModeSchema.default("local"),
   proxy: z.boolean().default(false),
   ssr: z.boolean().default(false),
   port: z.number().optional(),

package/src/dev-logs.ts

@@ -2,6 +2,12 @@ import { existsSync } from "node:fs";
 import { appendFile, mkdir, readFile, writeFile } from "node:fs/promises";
 import { join } from "node:path";
 
+const ESC = "\x1b";
+const BEL = "\x07";
+const ANSI_RE = new RegExp(`${ESC}\\[[0-?]*[ -/]*[@-~]|${ESC}\\][^${BEL}]*${BEL}`, "g");
+
+const stripAnsi = (input: string): string => input.replace(ANSI_RE, "");
+
 export interface LogEntry {
   timestamp: number;
   source: string;
@@ -27,7 +33,8 @@ export function getLogsDir(configDir: string): string {
 function formatLogLine(entry: LogEntry): string {
   const ts = new Date(entry.timestamp).toISOString();
   const prefix = entry.isError ? "ERR" : "OUT";
-  return `[${ts}] [${entry.source}] [${prefix}] ${entry.line}`;
+  const clean = stripAnsi(entry.line);
+  return `[${ts}] [${entry.source}] [${prefix}] ${clean}`;
 }
 
 export async function createDevLogger(configDir: string, description: string): Promise<DevLogger> {

package/src/dev-session.ts

@@ -1,3 +1,4 @@
+import { NodeContext } from "@effect/platform-node";
 import { Deferred, Effect, Exit } from "effect";
 import {
   type DevViewHandle,
@@ -9,33 +10,19 @@ import { renderStreamingView } from "./components/streaming-view";
 import { getProjectRoot } from "./config";
 import { createDevLogger } from "./dev-logs";
 import {
-  getProcessConfig,
+  getProcessStates,
   makeDevProcess,
   type ProcessCallbacks,
   type ProcessHandle,
 } from "./orchestrator";
-import { makeProcessRegistry, type ProcessRegistry } from "./process-registry";
-import type { BosConfig, RuntimeConfig, SourceMode } from "./types";
-
-export interface AppConfig {
-  host: SourceMode;
-  ui: SourceMode;
-  api: SourceMode;
-  proxy?: boolean;
-  ssr?: boolean;
-}
-
-export interface AppOrchestrator {
-  packages: string[];
-  env: Record<string, string>;
-  description: string;
-  appConfig: AppConfig;
-  bosConfig: BosConfig;
-  runtimeConfig: RuntimeConfig;
-  port?: number;
-  interactive?: boolean;
-  noLogs?: boolean;
-}
+import {
+  type AppOrchestrator,
+  DevRuntimeConfigLive,
+  type ServiceDescriptor,
+  ServiceDescriptorMap,
+  ServiceDescriptorMapLive,
+} from "./service-descriptor";
+import type { RuntimeConfig } from "./types";
 
 const LOG_NOISE_PATTERNS = [
   /\[ Federation Runtime \] Version .* from (host|ui) of shared singleton module/,
@@ -64,7 +51,7 @@ const isInteractiveSupported = (): boolean => {
   return process.stdin.isTTY === true && process.stdout.isTTY === true;
 };
 
-const STARTUP_ORDER = ["ui-ssr", "ui", "api", "plugin", "host-build", "host"];
+const STARTUP_ORDER = ["ui-ssr", "ui", "auth", "api", "plugin", "host-build", "host"];
 
 const sortByOrder = (packages: string[]): string[] => {
   return [...packages].sort((a, b) => {
@@ -87,54 +74,19 @@ function formatLogLine(entry: LogEntry): string {
   return `[${ts}] [${entry.source}] [${prefix}] ${entry.line}`;
 }
 
-const scopedProcess = (
-  pkg: string,
-  env: Record<string, string> | undefined,
-  callbacks: ProcessCallbacks,
-  portOverride: number | undefined,
-  bosConfig: BosConfig | undefined,
-  runtimeConfig: RuntimeConfig | undefined,
-  registry: ProcessRegistry | undefined,
-) =>
-  Effect.acquireRelease(
-    makeDevProcess(pkg, env, callbacks, portOverride, bosConfig, runtimeConfig, registry),
-    (handle) => handle.kill.pipe(Effect.ignore),
-  );
-
 export const runDevSession = (
   orchestrator: AppOrchestrator,
   onShutdownReady?: (requestShutdown: () => void) => void,
 ) =>
   Effect.gen(function* () {
     const configDir = getProjectRoot();
+    const services = yield* ServiceDescriptorMap;
     const orderedPackages = sortByOrder(orchestrator.packages);
-    const initialProcesses: ProcessState[] = orderedPackages.map((pkg) => {
-      const portOverride = pkg === "host" ? orchestrator.port : undefined;
-      const config = getProcessConfig(
-        pkg,
-        undefined,
-        portOverride,
-        orchestrator.bosConfig,
-        orchestrator.runtimeConfig,
-      );
-      const source =
-        pkg === "host"
-          ? orchestrator.appConfig.host
-          : pkg === "ui"
-            ? orchestrator.appConfig.ui
-            : pkg === "api"
-              ? orchestrator.appConfig.api
-              : undefined;
-      return {
-        name: pkg,
-        status: "pending" as const,
-        port: config?.port ?? 0,
-        source,
-      };
-    });
-
-    const registry = yield* makeProcessRegistry(configDir);
-    yield* registry.killAll().pipe(Effect.ignore);
+    const initialProcesses: ProcessState[] = getProcessStates(
+      orderedPackages,
+      services,
+      orchestrator.port,
+    );
 
     const logger = yield* Effect.promise(() =>
       createDevLogger(configDir, orchestrator.description),
@@ -195,14 +147,22 @@ export const runDevSession = (
 
     const startProcess = (pkg: string) => {
       const portOverride = pkg === "host" ? orchestrator.port : undefined;
-      return scopedProcess(
-        pkg,
-        orchestrator.env,
-        callbacks,
-        portOverride,
-        orchestrator.bosConfig,
-        orchestrator.runtimeConfig,
-        registry,
+      return makeDevProcess(pkg, callbacks, portOverride).pipe(
+        Effect.tapError((err) =>
+          Effect.sync(() => {
+            callbacks.onLog(pkg, `Failed to start: ${err}`, true);
+            callbacks.onStatus(pkg, "error");
+          }),
+        ),
+        Effect.catchAll(() =>
+          Effect.succeed({
+            name: pkg,
+            pid: undefined,
+            kill: Effect.void,
+            waitForReady: Effect.void,
+            waitForExit: Effect.never,
+          } satisfies ProcessHandle),
+        ),
       );
     };
 
@@ -243,8 +203,16 @@ export const runDevSession = (
       { concurrency: "unbounded" },
     );
 
+    const allHandles = [...nonHostHandles, ...hostHandles];
+
     yield* Effect.addFinalizer(() =>
       Effect.gen(function* () {
+        yield* Effect.forEach(allHandles, (h) => h.kill.pipe(Effect.ignore), {
+          concurrency: "unbounded",
+        });
+
+        yield* Effect.sleep("200 millis");
+
         view?.unmount();
 
         if (shouldExportLogs) {
@@ -264,15 +232,17 @@ export const runDevSession = (
           console.log("═".repeat(70));
           console.log("");
         }
-
-        yield* registry.killAll(true).pipe(Effect.ignore);
       }),
     );
 
     yield* Deferred.await(shutdown);
   });
 
-export const startApp = (orchestrator: AppOrchestrator) => {
+const runApp = (
+  orchestrator: AppOrchestrator,
+  services: Map<string, ServiceDescriptor>,
+  runtimeConfig: RuntimeConfig,
+) => {
   let requestShutdown: (() => void) | null = null;
   let signalCount = 0;
   let forceExitTimer: ReturnType<typeof setTimeout> | null = null;
@@ -290,13 +260,16 @@ export const startApp = (orchestrator: AppOrchestrator) => {
     Effect.catchAll((e) =>
       Effect.sync(() => {
         if (e instanceof Error) {
-          console.error("App server error:", e.message);
+          console.error("App error:", e.message);
           if (e.stack) console.error(e.stack);
         } else {
-          console.error("App server error:", e);
+          console.error("App error:", e);
         }
       }),
     ),
+    Effect.provide(ServiceDescriptorMapLive(services)),
+    Effect.provide(DevRuntimeConfigLive(runtimeConfig)),
+    Effect.provide(NodeContext.layer),
   );
 
   const handleSignal = () => {
@@ -306,7 +279,7 @@ export const startApp = (orchestrator: AppOrchestrator) => {
       return;
     }
     console.log("\n[Dev] Shutting down...");
-    forceExitTimer = setTimeout(forceExit, 8000);
+    forceExitTimer = setTimeout(forceExit, 5000);
     requestShutdown?.();
   };
 
@@ -318,3 +291,7 @@ export const startApp = (orchestrator: AppOrchestrator) => {
     process.exit(Exit.isSuccess(exit) ? 0 : 0);
   });
 };
+
+export const devApp = runApp;
+
+export const startApp = runApp;

package/src/host.ts

@@ -32,10 +32,11 @@ function buildClientRuntimeConfig(runtimeConfig: RuntimeConfig): ClientRuntimeCo
     env: runtimeConfig.env,
     account: runtimeConfig.account,
     networkId: runtimeConfig.networkId,
-    hostUrl: runtimeConfig.hostUrl,
+    hostUrl: runtimeConfig.host.url,
     assetsUrl: runtimeConfig.ui.url,
     apiBase: "/api",
     rpcBase: "/api/rpc",
+    authAvailable: !!runtimeConfig.auth,
     ui: runtimeConfig.ui
       ? {
           name: runtimeConfig.ui.name,
@@ -240,7 +241,7 @@ async function runHostServer(opts: {
   const app = new Hono();
 
   const corsOrigins = process.env.CORS_ORIGIN?.split(",").map((o) => o.trim()) ?? [
-    runtimeConfig.hostUrl,
+    runtimeConfig.host.url,
     ...(runtimeConfig.ui?.url ? [runtimeConfig.ui.url] : []),
   ];
 
@@ -373,7 +374,7 @@ async function runHostServer(opts: {
       {
         status: allRequiredOk ? "ready" : "not_ready",
         host: {
-          url: runtimeConfig.hostUrl,
+          url: runtimeConfig.host.url,
           env: runtimeConfig.env,
         },
         checks,

package/src/integrity.ts

@@ -1,4 +1,5 @@
 import { createHash } from "node:crypto";
+import { fetchBosConfigFromFastKv } from "./fastkv";
 
 export function computeSriHash(content: string | Buffer): string {
   return `sha384-${createHash("sha384").update(content).digest("base64")}`;
@@ -6,11 +7,7 @@ export function computeSriHash(content: string | Buffer): string {
 
 export async function computeSriHashForUrl(url: string): Promise<string | null> {
   try {
-    const entryUrl = url.endsWith("/remoteEntry.js")
-      ? url
-      : url.endsWith("/mf-manifest.json")
-        ? `${url.replace(/\/mf-manifest\.json$/, "")}/remoteEntry.js`
-        : `${url.replace(/\/$/, "")}/remoteEntry.js`;
+    const entryUrl = resolveEntryUrl(url);
 
     const response = await fetch(entryUrl);
     if (!response.ok) {
@@ -28,12 +25,15 @@ export async function computeSriHashForUrl(url: string): Promise<string | null>
   }
 }
 
+export function resolveEntryUrl(url: string): string {
+  if (url.endsWith("/remoteEntry.js")) return url;
+  if (url.endsWith("/mf-manifest.json"))
+    return `${url.replace(/\/mf-manifest\.json$/, "")}/remoteEntry.js`;
+  return `${url.replace(/\/$/, "")}/remoteEntry.js`;
+}
+
 export async function verifySriForUrl(url: string, expectedIntegrity: string): Promise<void> {
-  const entryUrl = url.endsWith("/remoteEntry.js")
-    ? url
-    : url.endsWith("/mf-manifest.json")
-      ? `${url.replace(/\/mf-manifest\.json$/, "")}/remoteEntry.js`
-      : `${url.replace(/\/$/, "")}/remoteEntry.js`;
+  const entryUrl = resolveEntryUrl(url);
 
   const response = await fetch(entryUrl);
   if (!response.ok) {
@@ -52,3 +52,89 @@ export async function verifySriForUrl(url: string, expectedIntegrity: string): P
 
   console.log(`[SRI] Integrity verified for ${entryUrl}`);
 }
+
+export class IntegrityRegistry {
+  private hashes = new Map<string, string>();
+
+  register(url: string, integrity: string): void {
+    this.hashes.set(url, integrity);
+  }
+
+  registerEntry(baseUrl: string, integrity: string): void {
+    this.hashes.set(resolveEntryUrl(baseUrl), integrity);
+  }
+
+  get(url: string): string | undefined {
+    return this.hashes.get(url);
+  }
+
+  has(url: string): boolean {
+    return this.hashes.has(url);
+  }
+
+  entries(): IterableIterator<[string, string]> {
+    return this.hashes.entries();
+  }
+}
+
+function extractIntegrityHashes(config: Record<string, unknown>): Map<string, string> {
+  const hashes = new Map<string, string>();
+  const app = config.app as Record<string, Record<string, unknown>> | undefined;
+  const plugins = config.plugins as Record<string, Record<string, unknown>> | undefined;
+
+  if (app) {
+    for (const [, entry] of Object.entries(app)) {
+      if (entry?.integrity && entry?.production) {
+        hashes.set(resolveEntryUrl(entry.production as string), entry.integrity as string);
+      }
+    }
+  }
+
+  if (plugins) {
+    for (const [, entry] of Object.entries(plugins)) {
+      if (entry?.integrity && entry?.production) {
+        hashes.set(resolveEntryUrl(entry.production as string), entry.integrity as string);
+      }
+    }
+  }
+
+  return hashes;
+}
+
+export async function verifyConfigAgainstChain(
+  localConfig: Record<string, unknown>,
+  bosUrl: string,
+): Promise<{ verified: boolean; mismatches: string[] }> {
+  const mismatches: string[] = [];
+
+  let chainConfig: Record<string, unknown>;
+  try {
+    chainConfig = await fetchBosConfigFromFastKv<Record<string, unknown>>(bosUrl);
+  } catch (error) {
+    console.warn(
+      `[Attestation] Failed to fetch on-chain config: ${error instanceof Error ? error.message : String(error)}`,
+    );
+    return { verified: false, mismatches: ["chain-fetch-failed"] };
+  }
+
+  const localHashes = extractIntegrityHashes(localConfig);
+  const chainHashes = extractIntegrityHashes(chainConfig);
+
+  for (const [url, chainHash] of chainHashes) {
+    const localHash = localHashes.get(url);
+    if (localHash && localHash !== chainHash) {
+      mismatches.push(url);
+      console.error(
+        `[Attestation] Integrity mismatch for ${url}\n  Local: ${localHash}\n  Chain: ${chainHash}`,
+      );
+    }
+  }
+
+  if (mismatches.length === 0 && localHashes.size > 0) {
+    console.log(
+      `[Attestation] Local config verified against on-chain anchor (${localHashes.size} entries checked)`,
+    );
+  }
+
+  return { verified: mismatches.length === 0, mismatches };
+}

package/src/mf.ts

@@ -1,5 +1,6 @@
 import { createInstance, getInstance } from "@module-federation/enhanced/runtime";
 import { setGlobalFederationInstance } from "@module-federation/runtime-core";
+import { computeSriHash, type IntegrityRegistry } from "./integrity";
 
 type FederationInstance = ReturnType<typeof createInstance>;
 
@@ -27,6 +28,47 @@ export function patchManifestFetchForSsrPublicPath(mf: FederationInstance): void
   });
 }
 
+export function installIntegrityFetchHook(
+  mf: FederationInstance,
+  registry: IntegrityRegistry,
+): void {
+  if (!mf || !(mf as any).loaderHook?.lifecycle?.fetch?.on) {
+    console.warn("[SRI] MF lifecycle fetch hook not available, skipping integrity-in-pipeline");
+    return;
+  }
+  if ((mf as any).__everythingDevIntegrityHook === true) return;
+  (mf as any).__everythingDevIntegrityHook = true;
+
+  (mf as any).loaderHook.lifecycle.fetch.on((url: unknown, init: unknown) => {
+    if (typeof url !== "string") return;
+
+    const expectedHash = registry.get(url);
+    if (!expectedHash) return;
+
+    return fetch(url, init as any).then(async (res) => {
+      const buffer = Buffer.from(await res.arrayBuffer());
+      const computed = computeSriHash(buffer);
+
+      if (computed !== expectedHash) {
+        console.error(
+          `[SRI] Integrity check failed in MF fetch pipeline for ${url}\n  Expected: ${expectedHash}\n  Computed: ${computed}`,
+        );
+        return new Response(`Integrity check failed for ${url}`, {
+          status: 500,
+          statusText: "Integrity Check Failed",
+        });
+      }
+
+      console.log(`[SRI] Integrity verified in pipeline for ${url}`);
+      return new Response(buffer, {
+        status: res.status,
+        statusText: res.statusText,
+        headers: res.headers,
+      });
+    });
+  });
+}
+
 export function getFederationInstance(): FederationInstance {
   if (mfInstance) return mfInstance;