lakebed 0.0.1

package/src/anonymous.js

@@ -0,0 +1,996 @@
+import { createHash, randomBytes, randomUUID } from "node:crypto";
+import { readFile } from "node:fs/promises";
+
+export const ANONYMOUS_ARTIFACT_FORMAT = "lakebed.capsule.artifact.v1";
+export const ANONYMOUS_ARTIFACT_MEDIA_TYPE = "application/vnd.lakebed.artifact+json";
+
+export const DEFAULT_ANONYMOUS_LIMITS = {
+  artifactBytes: 1024 * 1024,
+  stateBytes: 1024 * 1024,
+  requestsPerDay: 10000,
+  mutationsPerDay: 1000,
+  rowsReturned: 1000,
+  instructionBudget: 50000,
+  maxValueBytes: 65536,
+  logEntries: 1000
+};
+
+const expressionOps = new Set(["arg", "auth", "call", "row"]);
+
+export class AnonymousCompilerError extends Error {
+  constructor(diagnostics) {
+    super(diagnostics.map((diagnostic) => diagnostic.message).join("\n"));
+    this.name = "AnonymousCompilerError";
+    this.diagnostics = diagnostics;
+  }
+}
+
+export function sha256(value) {
+  return `sha256:${createHash("sha256").update(value).digest("hex")}`;
+}
+
+export function stableStringify(value) {
+  if (value === undefined) {
+    return undefined;
+  }
+
+  if (value === null || typeof value !== "object") {
+    return JSON.stringify(value);
+  }
+
+  if (Array.isArray(value)) {
+    return `[${value.map((item) => stableStringify(item) ?? "null").join(",")}]`;
+  }
+
+  const entries = Object.entries(value)
+    .filter(([, entryValue]) => entryValue !== undefined)
+    .sort(([left], [right]) => left.localeCompare(right));
+
+  return `{${entries
+    .map(([key, entryValue]) => `${JSON.stringify(key)}:${stableStringify(entryValue) ?? "null"}`)
+    .join(",")}}`;
+}
+
+function byteLength(value) {
+  return Buffer.byteLength(typeof value === "string" ? value : stableStringify(value), "utf8");
+}
+
+function cloneJson(value) {
+  return JSON.parse(JSON.stringify(value));
+}
+
+function isPlainObject(value) {
+  return Boolean(value) && typeof value === "object" && Object.getPrototypeOf(value) === Object.prototype;
+}
+
+function isExpression(value) {
+  return Array.isArray(value) && expressionOps.has(value[0]);
+}
+
+function serializeValue(value) {
+  if (value instanceof SymbolicValue) {
+    return value.expr;
+  }
+
+  if (Array.isArray(value)) {
+    return value.map((item) => serializeValue(item));
+  }
+
+  if (isPlainObject(value)) {
+    const object = {};
+    for (const [key, entryValue] of Object.entries(value)) {
+      object[key] = serializeValue(entryValue);
+    }
+    return object;
+  }
+
+  return value;
+}
+
+class SymbolicValue {
+  constructor(expr, sample) {
+    this.expr = expr;
+    this.sample = sample;
+  }
+
+  trim() {
+    return new SymbolicValue(["call", "trim", this.expr], String(this.sample).trim());
+  }
+
+  slice(start, end) {
+    return new SymbolicValue(["call", "slice", this.expr, start, end], String(this.sample).slice(start, end));
+  }
+
+  toLowerCase() {
+    return new SymbolicValue(["call", "toLowerCase", this.expr], String(this.sample).toLowerCase());
+  }
+
+  toUpperCase() {
+    return new SymbolicValue(["call", "toUpperCase", this.expr], String(this.sample).toUpperCase());
+  }
+
+  includes(value) {
+    return String(this.sample).includes(String(value instanceof SymbolicValue ? value.sample : value));
+  }
+
+  get length() {
+    return String(this.sample).length;
+  }
+
+  valueOf() {
+    return this.sample;
+  }
+
+  toString() {
+    return String(this.sample);
+  }
+}
+
+function createSymbolicArg(index) {
+  return new SymbolicValue(["arg", index], index === 0 ? "sample-value" : `sample-value-${index}`);
+}
+
+function createSymbolicAuth() {
+  const userId = new SymbolicValue(["auth", "userId"], "guest:trace");
+  const displayName = new SymbolicValue(["auth", "displayName"], "Trace Guest");
+  return { displayName, userId };
+}
+
+function createSymbolicRow({ auth, idExpr, scanId, schema, tableName }) {
+  const fields = schema?.[tableName]?.fields ?? {};
+  const row = {
+    id: idExpr ?? new SymbolicValue(["row", scanId, "id"], "row-trace"),
+    createdAt: new SymbolicValue(["row", scanId, "createdAt"], "2026-01-01T00:00:00.000Z"),
+    updatedAt: new SymbolicValue(["row", scanId, "updatedAt"], "2026-01-01T00:00:00.000Z")
+  };
+
+  for (const [fieldName, field] of Object.entries(fields)) {
+    if (fieldName === "ownerId" || fieldName === "authorId") {
+      row[fieldName] = auth.userId;
+    } else if (fieldName === "authorName") {
+      row[fieldName] = auth.displayName;
+    } else if (field.kind === "boolean") {
+      row[fieldName] = true;
+    } else {
+      row[fieldName] = new SymbolicValue(["row", scanId, fieldName], `${fieldName}-trace`);
+    }
+  }
+
+  return row;
+}
+
+class QueryTrace {
+  constructor({ filters = [], limit = null, orderBy = null, recorder, tableName }) {
+    this.filters = filters;
+    this.limitValue = limit;
+    this.orderByValue = orderBy;
+    this.recorder = recorder;
+    this.tableName = tableName;
+  }
+
+  where(field, value) {
+    return new QueryTrace({
+      filters: [...this.filters, { field, value: serializeValue(value) }],
+      limit: this.limitValue,
+      orderBy: this.orderByValue,
+      recorder: this.recorder,
+      tableName: this.tableName
+    });
+  }
+
+  orderBy(field, direction = "asc") {
+    return new QueryTrace({
+      filters: this.filters,
+      limit: this.limitValue,
+      orderBy: { field, direction: direction === "desc" ? "desc" : "asc" },
+      recorder: this.recorder,
+      tableName: this.tableName
+    });
+  }
+
+  limit(count) {
+    return new QueryTrace({
+      filters: this.filters,
+      limit: Number(count),
+      orderBy: this.orderByValue,
+      recorder: this.recorder,
+      tableName: this.tableName
+    });
+  }
+
+  toSpec() {
+    return {
+      op: "table.all",
+      table: this.tableName,
+      filters: this.filters,
+      orderBy: this.orderByValue,
+      limit: this.limitValue
+    };
+  }
+
+  all() {
+    const spec = this.toSpec();
+    if (this.recorder.mode === "query") {
+      this.recorder.query = spec;
+      return [];
+    }
+
+    const scanId = `scan_${this.recorder.nextScanId}`;
+    this.recorder.nextScanId += 1;
+    this.recorder.scans.set(scanId, spec);
+    this.recorder.operations.push({ op: "scan", scanId, query: spec });
+    return [createSymbolicRow({ auth: this.recorder.auth, scanId, schema: this.recorder.schema, tableName: this.tableName })];
+  }
+}
+
+class TableTrace extends QueryTrace {
+  constructor({ recorder, tableName }) {
+    super({ recorder, tableName });
+  }
+
+  get(id) {
+    const idExpr = serializeValue(id);
+    this.recorder.operations.push({ id: idExpr, op: "get", table: this.tableName });
+    return createSymbolicRow({
+      auth: this.recorder.auth,
+      idExpr: id instanceof SymbolicValue ? id : new SymbolicValue(idExpr, "row-trace"),
+      scanId: `get_${this.recorder.operations.length}`,
+      schema: this.recorder.schema,
+      tableName: this.tableName
+    });
+  }
+
+  insert(value) {
+    const values = serializeValue(value);
+    this.recorder.operations.push({ op: "insert", table: this.tableName, values });
+    return createSymbolicRow({
+      auth: this.recorder.auth,
+      scanId: `insert_${this.recorder.operations.length}`,
+      schema: this.recorder.schema,
+      tableName: this.tableName
+    });
+  }
+
+  update(id, patch) {
+    this.recorder.operations.push({
+      id: serializeValue(id),
+      op: "update",
+      patch: serializeValue(patch),
+      table: this.tableName
+    });
+  }
+
+  delete(id) {
+    this.recorder.operations.push({
+      id: serializeValue(id),
+      op: "delete",
+      table: this.tableName
+    });
+  }
+}
+
+function createTraceContext({ mode, schema }) {
+  const recorder = {
+    auth: createSymbolicAuth(),
+    mode,
+    nextScanId: 1,
+    operations: [],
+    query: null,
+    scans: new Map(),
+    schema
+  };
+  const db = {};
+
+  for (const tableName of Object.keys(schema ?? {})) {
+    db[tableName] = new TableTrace({ recorder, tableName });
+  }
+
+  return {
+    ctx: {
+      auth: recorder.auth,
+      db,
+      env: {},
+      log: {
+        error() {},
+        info() {},
+        warn() {}
+      }
+    },
+    recorder
+  };
+}
+
+function diagnostic(file, message) {
+  return { file, message };
+}
+
+async function readSourceFiles(sourceStore) {
+  const paths = (await sourceStore.listFiles()).filter((path) => !path.startsWith("__lakebed/"));
+  const files = [];
+
+  for (const path of paths) {
+    const contents = await sourceStore.readFile(path);
+    files.push({
+      bytes: byteLength(contents),
+      contents,
+      hash: sha256(contents),
+      path
+    });
+  }
+
+  return files.sort((left, right) => left.path.localeCompare(right.path));
+}
+
+function forbiddenSourceDiagnostics(files) {
+  const checks = [
+    [/\beval\s*\(/, "eval is not available in anonymous server code."],
+    [/\bFunction\s*\(/, "Function constructors are not available in anonymous server code."],
+    [/\bimport\s*\(/, "Dynamic import is not available in anonymous server code."],
+    [/\bfetch\s*\(/, "Outbound fetch is disabled for anonymous deploys."],
+    [/\basync\b/, "Async server handlers are not part of the anonymous IR yet. Use synchronous Lakebed database operations."],
+    [/\bwhile\s*\(/, "while loops are not available in anonymous server code."],
+    [/\bfor\s*\(\s*;/, "Unbounded for loops are not available in anonymous server code."],
+    [/\bprocess\b/, "process is not available in anonymous server code."],
+    [/\bglobalThis\b/, "globalThis is not available in anonymous server code."],
+    [/\bsetTimeout\s*\(/, "Timers are not available in anonymous server code."],
+    [/\bsetInterval\s*\(/, "Timers are not available in anonymous server code."],
+    [/from\s+["']node:/, "Node built-ins are not available in anonymous server code."]
+  ];
+
+  const diagnostics = [];
+  for (const file of files.filter((candidate) => candidate.path.startsWith("server/") || candidate.path.startsWith("shared/"))) {
+    for (const [pattern, message] of checks) {
+      if (pattern.test(file.contents)) {
+        diagnostics.push(diagnostic(file.path, message));
+      }
+    }
+  }
+
+  return diagnostics;
+}
+
+function serializeSchema(schema) {
+  const cleanSchema = {};
+  const diagnostics = [];
+
+  for (const [tableName, table] of Object.entries(schema ?? {})) {
+    if (table?.kind !== "table" || !isPlainObject(table.fields ?? {})) {
+      diagnostics.push(diagnostic("server/index.ts", `Anonymous deploys only support Lakebed table() schema entries. Check schema.${tableName}.`));
+      continue;
+    }
+
+    const fields = {};
+    for (const [fieldName, field] of Object.entries(table.fields)) {
+      if (!field || (field.kind !== "string" && field.kind !== "boolean")) {
+        diagnostics.push(
+          diagnostic("server/index.ts", `Anonymous deploys only support string() and boolean() fields. Check ${tableName}.${fieldName}.`)
+        );
+        continue;
+      }
+
+      if (typeof field.defaultValue === "function") {
+        diagnostics.push(
+          diagnostic("server/index.ts", `Anonymous deploys do not support function defaults yet. Check ${tableName}.${fieldName}.`)
+        );
+        continue;
+      }
+
+      fields[fieldName] = {
+        defaultValue: field.defaultValue,
+        kind: field.kind
+      };
+    }
+
+    cleanSchema[tableName] = { kind: "table", fields };
+  }
+
+  return { diagnostics, schema: cleanSchema };
+}
+
+function inferMutationGuards(handler) {
+  const source = Function.prototype.toString.call(handler);
+  const guards = [];
+  if (source.includes("ownerId") && source.includes("auth.userId")) {
+    guards.push({ field: "ownerId", equalsAuth: "userId", op: "rowFieldEqualsAuth" });
+  }
+  if (source.includes("authorId") && source.includes("auth.userId")) {
+    guards.push({ field: "authorId", equalsAuth: "userId", op: "rowFieldEqualsAuth" });
+  }
+  return guards;
+}
+
+function compileQueryHandler({ handler, name, schema }) {
+  const { ctx, recorder } = createTraceContext({ mode: "query", schema });
+  try {
+    handler(ctx);
+  } catch (error) {
+    throw new Error(`Unable to compile query "${name}" to anonymous IR: ${error instanceof Error ? error.message : String(error)}`);
+  }
+
+  if (!recorder.query) {
+    throw new Error(`Unable to compile query "${name}": query handlers must end with a ctx.db.<table>...all() call.`);
+  }
+
+  return recorder.query;
+}
+
+function compileMutationHandler({ handler, name, schema }) {
+  const { ctx, recorder } = createTraceContext({ mode: "mutation", schema });
+  const args = Array.from({ length: Math.max(0, handler.length - 1) }, (_, index) => createSymbolicArg(index));
+
+  try {
+    handler(ctx, ...args);
+  } catch (error) {
+    throw new Error(`Unable to compile mutation "${name}" to anonymous IR: ${error instanceof Error ? error.message : String(error)}`);
+  }
+
+  const guards = inferMutationGuards(handler);
+  const operations = [];
+
+  for (const operation of recorder.operations) {
+    if (operation.op === "scan" || operation.op === "get") {
+      continue;
+    }
+
+    if (operation.op === "delete" && Array.isArray(operation.id) && operation.id[0] === "row") {
+      const query = recorder.scans.get(operation.id[1]);
+      if (!query) {
+        throw new Error(`Unable to compile mutation "${name}": delete uses an unknown scanned row.`);
+      }
+      operations.push({ op: "deleteWhere", query, table: operation.table });
+      continue;
+    }
+
+    if (operation.op === "update") {
+      operations.push({ ...operation, guards });
+      continue;
+    }
+
+    operations.push(operation);
+  }
+
+  if (operations.length === 0) {
+    throw new Error(`Unable to compile mutation "${name}": no supported database operation was recorded.`);
+  }
+
+  return {
+    op: "mutation",
+    params: args.map((_, index) => ({ name: `arg${index}`, type: "unknown" })),
+    body: operations
+  };
+}
+
+function compileServerToIr(app, schema) {
+  const queries = {};
+  const mutations = {};
+  const diagnostics = [];
+
+  for (const [name, handler] of Object.entries(app.queries ?? {})) {
+    try {
+      queries[name] = compileQueryHandler({ handler, name, schema });
+    } catch (error) {
+      diagnostics.push(diagnostic("server/index.ts", error instanceof Error ? error.message : String(error)));
+    }
+  }
+
+  for (const [name, handler] of Object.entries(app.mutations ?? {})) {
+    try {
+      mutations[name] = compileMutationHandler({ handler, name, schema });
+    } catch (error) {
+      diagnostics.push(diagnostic("server/index.ts", error instanceof Error ? error.message : String(error)));
+    }
+  }
+
+  return { diagnostics, mutations, queries };
+}
+
+export async function createAnonymousArtifact({ app, clientOut, sourceStore, version = "0.0.1" }) {
+  const sourceFiles = await readSourceFiles(sourceStore);
+  const diagnostics = forbiddenSourceDiagnostics(sourceFiles);
+  const { diagnostics: schemaDiagnostics, schema } = serializeSchema(app.schema);
+  diagnostics.push(...schemaDiagnostics);
+
+  if (diagnostics.length > 0) {
+    throw new AnonymousCompilerError(diagnostics);
+  }
+
+  const compiled = compileServerToIr(app, schema);
+  diagnostics.push(...compiled.diagnostics);
+
+  if (diagnostics.length > 0) {
+    throw new AnonymousCompilerError(diagnostics);
+  }
+
+  const clientBundle = await readFile(clientOut);
+  const clientBundleBase64 = clientBundle.toString("base64");
+  const clientBundleHash = sha256(clientBundle);
+  const sourceManifest = sourceFiles.map(({ bytes, hash, path }) => ({ bytes, hash, path }));
+  const sourceSnapshotHash = sha256(stableStringify(sourceManifest));
+  const artifact = {
+    name: app.name ?? "Lakebed Capsule",
+    client: {
+      bundleHash: clientBundleHash,
+      bytes: clientBundle.byteLength,
+      entry: "/client.js"
+    },
+    createdWith: {
+      compiler: "0.1.0",
+      lakebed: version
+    },
+    deployTarget: "anonymous-interpreter",
+    format: ANONYMOUS_ARTIFACT_FORMAT,
+    limits: {
+      instructionBudget: DEFAULT_ANONYMOUS_LIMITS.instructionBudget,
+      maxRowsReturned: DEFAULT_ANONYMOUS_LIMITS.rowsReturned,
+      maxValueBytes: DEFAULT_ANONYMOUS_LIMITS.maxValueBytes
+    },
+    server: {
+      helpers: {},
+      imports: ["lakebed/server"],
+      mutations: compiled.mutations,
+      queries: compiled.queries,
+      schema
+    },
+    source: {
+      files: sourceManifest,
+      snapshotHash: sourceSnapshotHash
+    }
+  };
+  const artifactHash = sha256(stableStringify(artifact));
+
+  return {
+    artifact,
+    artifactHash,
+    clientBundle: clientBundleBase64,
+    clientBundleHash
+  };
+}
+
+function validateExpression(expr, path, diagnostics) {
+  if (!isExpression(expr)) {
+    diagnostics.push(diagnostic(path, "Expected an anonymous IR expression."));
+    return;
+  }
+
+  const [op] = expr;
+  if (op === "arg") {
+    if (!Number.isInteger(expr[1]) || expr.length !== 2) {
+      diagnostics.push(diagnostic(path, "Invalid arg expression."));
+    }
+    return;
+  }
+
+  if (op === "auth") {
+    if ((expr[1] !== "userId" && expr[1] !== "displayName") || expr.length !== 2) {
+      diagnostics.push(diagnostic(path, "Invalid auth expression."));
+    }
+    return;
+  }
+
+  if (op === "row") {
+    if (typeof expr[1] !== "string" || typeof expr[2] !== "string" || expr.length !== 3) {
+      diagnostics.push(diagnostic(path, "Invalid row expression."));
+    }
+    return;
+  }
+
+  if (op === "call") {
+    const method = expr[1];
+    if (!["trim", "slice", "toLowerCase", "toUpperCase"].includes(method)) {
+      diagnostics.push(diagnostic(path, `Unsupported call expression: ${method}`));
+      return;
+    }
+    validateExpression(expr[2], path, diagnostics);
+  }
+}
+
+function validateValue(value, path, diagnostics) {
+  if (isExpression(value)) {
+    validateExpression(value, path, diagnostics);
+    return;
+  }
+
+  if (Array.isArray(value)) {
+    for (const item of value) {
+      validateValue(item, path, diagnostics);
+    }
+    return;
+  }
+
+  if (isPlainObject(value)) {
+    for (const [key, entryValue] of Object.entries(value)) {
+      validateValue(entryValue, `${path}.${key}`, diagnostics);
+    }
+  }
+}
+
+function validateQuery(query, path, schema, diagnostics) {
+  if (!isPlainObject(query) || query.op !== "table.all" || !schema[query.table]) {
+    diagnostics.push(diagnostic(path, "Invalid anonymous query IR."));
+    return;
+  }
+
+  for (const filter of query.filters ?? []) {
+    if (!filter || typeof filter.field !== "string") {
+      diagnostics.push(diagnostic(path, "Invalid query filter."));
+      continue;
+    }
+    validateValue(filter.value, path, diagnostics);
+  }
+
+  if (query.orderBy && (typeof query.orderBy.field !== "string" || !["asc", "desc"].includes(query.orderBy.direction))) {
+    diagnostics.push(diagnostic(path, "Invalid query orderBy."));
+  }
+
+  if (query.limit !== null && query.limit !== undefined && (!Number.isInteger(query.limit) || query.limit <= 0)) {
+    diagnostics.push(diagnostic(path, "Invalid query limit."));
+  }
+}
+
+export function validateAnonymousArtifact(artifact) {
+  const diagnostics = [];
+
+  if (!isPlainObject(artifact)) {
+    return [diagnostic("artifact", "Artifact must be a JSON object.")];
+  }
+
+  if (artifact.format !== ANONYMOUS_ARTIFACT_FORMAT) {
+    diagnostics.push(diagnostic("artifact.format", `Expected ${ANONYMOUS_ARTIFACT_FORMAT}.`));
+  }
+
+  if (artifact.deployTarget !== "anonymous-interpreter") {
+    diagnostics.push(diagnostic("artifact.deployTarget", "Anonymous deploys require deployTarget anonymous-interpreter."));
+  }
+
+  const schema = artifact.server?.schema;
+  if (!isPlainObject(schema)) {
+    diagnostics.push(diagnostic("artifact.server.schema", "Artifact must include a server schema."));
+  } else {
+    for (const [tableName, table] of Object.entries(schema)) {
+      if (table?.kind !== "table" || !isPlainObject(table.fields)) {
+        diagnostics.push(diagnostic(`artifact.server.schema.${tableName}`, "Invalid table schema."));
+      }
+      for (const [fieldName, field] of Object.entries(table.fields ?? {})) {
+        if (field?.kind !== "string" && field?.kind !== "boolean") {
+          diagnostics.push(diagnostic(`artifact.server.schema.${tableName}.${fieldName}`, "Unsupported field kind."));
+        }
+      }
+    }
+  }
+
+  for (const [name, query] of Object.entries(artifact.server?.queries ?? {})) {
+    validateQuery(query, `artifact.server.queries.${name}`, schema ?? {}, diagnostics);
+  }
+
+  for (const [name, mutation] of Object.entries(artifact.server?.mutations ?? {})) {
+    if (mutation?.op !== "mutation" || !Array.isArray(mutation.body)) {
+      diagnostics.push(diagnostic(`artifact.server.mutations.${name}`, "Invalid mutation IR."));
+      continue;
+    }
+
+    for (const [index, operation] of mutation.body.entries()) {
+      const path = `artifact.server.mutations.${name}.body.${index}`;
+      if (!["insert", "update", "delete", "deleteWhere"].includes(operation.op) || !schema?.[operation.table]) {
+        diagnostics.push(diagnostic(path, `Unsupported mutation operation: ${operation.op}`));
+        continue;
+      }
+
+      if (operation.op === "insert") {
+        validateValue(operation.values, path, diagnostics);
+      } else if (operation.op === "update") {
+        validateValue(operation.id, path, diagnostics);
+        validateValue(operation.patch, path, diagnostics);
+      } else if (operation.op === "delete") {
+        validateValue(operation.id, path, diagnostics);
+      } else if (operation.op === "deleteWhere") {
+        validateQuery(operation.query, path, schema, diagnostics);
+      }
+    }
+  }
+
+  if (byteLength(artifact) > DEFAULT_ANONYMOUS_LIMITS.artifactBytes) {
+    diagnostics.push(diagnostic("artifact", `Artifact exceeds ${DEFAULT_ANONYMOUS_LIMITS.artifactBytes} bytes.`));
+  }
+
+  return diagnostics;
+}
+
+export function validateAnonymousDeployPayload(payload) {
+  if (!payload || typeof payload !== "object") {
+    throw new Error("Deploy payload must be a JSON object.");
+  }
+
+  const diagnostics = validateAnonymousArtifact(payload.artifact);
+  if (diagnostics.length > 0) {
+    throw new AnonymousCompilerError(diagnostics);
+  }
+
+  const clientBundle = Buffer.from(String(payload.clientBundle ?? ""), "base64");
+  const clientBundleHash = sha256(clientBundle);
+  if (clientBundleHash !== payload.artifact.client?.bundleHash) {
+    throw new Error("Client bundle hash does not match artifact.client.bundleHash.");
+  }
+
+  if (clientBundle.byteLength !== payload.artifact.client?.bytes) {
+    throw new Error("Client bundle byte count does not match artifact.client.bytes.");
+  }
+
+  const artifactHash = sha256(stableStringify(payload.artifact));
+  return {
+    artifact: cloneJson(payload.artifact),
+    artifactHash,
+    clientBundle,
+    clientBundleBase64: clientBundle.toString("base64"),
+    clientBundleHash
+  };
+}
+
+export function parseTtlSeconds(value, fallback = 7 * 24 * 60 * 60) {
+  if (value === undefined || value === null || value === "") {
+    return fallback;
+  }
+
+  if (typeof value === "number") {
+    return Math.max(60, Math.min(fallback, Math.floor(value)));
+  }
+
+  const match = String(value).trim().match(/^(\d+)([smhd])?$/);
+  if (!match) {
+    throw new Error(`Invalid TTL: ${value}. Use a value like 1h, 3d, or 604800.`);
+  }
+
+  const amount = Number(match[1]);
+  const unit = match[2] ?? "s";
+  const multipliers = { d: 86400, h: 3600, m: 60, s: 1 };
+  return Math.max(60, Math.min(fallback, amount * multipliers[unit]));
+}
+
+export function createDeployId() {
+  return `dep_${randomBytes(5).toString("base64url")}`;
+}
+
+export function createClaimToken() {
+  return `tok_${randomBytes(24).toString("base64url")}`;
+}
+
+export function createSlug() {
+  const adjectives = ["frosted", "quiet", "bright", "lucky", "silver", "rapid", "clear", "open"];
+  const nouns = ["river", "field", "ridge", "harbor", "garden", "signal", "meadow", "orbit"];
+  const bytes = randomBytes(4);
+  return `${adjectives[bytes[0] % adjectives.length]}-${nouns[bytes[1] % nouns.length]}-${bytes.toString("base64url").slice(0, 6).toLowerCase()}`;
+}
+
+export function hashClaimToken(token) {
+  return sha256(token);
+}
+
+function evaluateExpression(expr, { args, auth, row }) {
+  if (!isExpression(expr)) {
+    return expr;
+  }
+
+  const [op] = expr;
+  if (op === "arg") {
+    return args[expr[1]];
+  }
+
+  if (op === "auth") {
+    return auth[expr[1]];
+  }
+
+  if (op === "row") {
+    return row?.[expr[2]];
+  }
+
+  if (op === "call") {
+    const value = evaluateExpression(expr[2], { args, auth, row });
+    if (expr[1] === "trim") {
+      return String(value ?? "").trim();
+    }
+    if (expr[1] === "slice") {
+      return String(value ?? "").slice(expr[3], expr[4]);
+    }
+    if (expr[1] === "toLowerCase") {
+      return String(value ?? "").toLowerCase();
+    }
+    if (expr[1] === "toUpperCase") {
+      return String(value ?? "").toUpperCase();
+    }
+  }
+
+  throw new Error(`Unsupported anonymous expression: ${JSON.stringify(expr)}`);
+}
+
+function evaluateValue(value, context) {
+  if (isExpression(value)) {
+    return evaluateExpression(value, context);
+  }
+
+  if (Array.isArray(value)) {
+    return value.map((item) => evaluateValue(item, context));
+  }
+
+  if (isPlainObject(value)) {
+    const object = {};
+    for (const [key, entryValue] of Object.entries(value)) {
+      object[key] = evaluateValue(entryValue, context);
+    }
+    return object;
+  }
+
+  return value;
+}
+
+function metadataFields() {
+  return new Set(["id", "createdAt", "updatedAt"]);
+}
+
+function assertFieldValue(tableName, fieldName, field, value) {
+  if (value === undefined) {
+    throw new Error(`Missing value for ${tableName}.${fieldName}`);
+  }
+
+  if (field.kind === "string" && typeof value !== "string") {
+    throw new Error(`Expected ${tableName}.${fieldName} to be a string.`);
+  }
+
+  if (field.kind === "boolean" && typeof value !== "boolean") {
+    throw new Error(`Expected ${tableName}.${fieldName} to be a boolean.`);
+  }
+
+  if (byteLength(value) > DEFAULT_ANONYMOUS_LIMITS.maxValueBytes) {
+    throw new Error(`Value for ${tableName}.${fieldName} exceeds ${DEFAULT_ANONYMOUS_LIMITS.maxValueBytes} bytes.`);
+  }
+}
+
+function prepareInsert(schema, tableName, value) {
+  const table = schema[tableName];
+  if (!table) {
+    throw new Error(`Unknown table: ${tableName}`);
+  }
+
+  const fields = table.fields ?? {};
+  const metadata = metadataFields();
+  for (const key of Object.keys(value)) {
+    if (!fields[key] && !metadata.has(key)) {
+      throw new Error(`Unknown field for ${tableName}: ${key}`);
+    }
+    if (metadata.has(key)) {
+      throw new Error(`Lakebed manages ${tableName}.${key}; app code cannot set it directly.`);
+    }
+  }
+
+  const timestamp = new Date().toISOString();
+  const row = {
+    id: randomUUID(),
+    createdAt: timestamp,
+    updatedAt: timestamp
+  };
+
+  for (const [fieldName, field] of Object.entries(fields)) {
+    const valueOrDefault = value[fieldName] ?? field.defaultValue;
+    assertFieldValue(tableName, fieldName, field, valueOrDefault);
+    row[fieldName] = valueOrDefault;
+  }
+
+  return row;
+}
+
+function preparePatch(schema, tableName, patch) {
+  const table = schema[tableName];
+  if (!table) {
+    throw new Error(`Unknown table: ${tableName}`);
+  }
+
+  const cleanPatch = {};
+  const fields = table.fields ?? {};
+  const metadata = metadataFields();
+  for (const [key, value] of Object.entries(patch)) {
+    if (!fields[key] && !metadata.has(key)) {
+      throw new Error(`Unknown field for ${tableName}: ${key}`);
+    }
+    if (metadata.has(key)) {
+      throw new Error(`Lakebed manages ${tableName}.${key}; app code cannot update it directly.`);
+    }
+
+    assertFieldValue(tableName, key, fields[key], value);
+    cleanPatch[key] = value;
+  }
+
+  cleanPatch.updatedAt = new Date().toISOString();
+  return cleanPatch;
+}
+
+function compareValues(left, right) {
+  if (left === right) {
+    return 0;
+  }
+
+  return left > right ? 1 : -1;
+}
+
+async function executeQuerySpec({ args = [], artifact, auth, query, state, deployId }) {
+  const rows = await state.listRows(deployId, query.table);
+  let results = rows.map((row) => ({ ...row }));
+
+  for (const filter of query.filters ?? []) {
+    const expected = evaluateValue(filter.value, { args, auth });
+    results = results.filter((row) => row[filter.field] === expected);
+  }
+
+  if (query.orderBy) {
+    const direction = query.orderBy.direction === "desc" ? -1 : 1;
+    results = [...results].sort((left, right) => compareValues(left[query.orderBy.field], right[query.orderBy.field]) * direction);
+  }
+
+  const limit = Math.min(
+    query.limit ?? artifact.limits?.maxRowsReturned ?? DEFAULT_ANONYMOUS_LIMITS.rowsReturned,
+    artifact.limits?.maxRowsReturned ?? DEFAULT_ANONYMOUS_LIMITS.rowsReturned
+  );
+  return results.slice(0, limit);
+}
+
+export async function executeAnonymousQuery({ args = [], artifact, auth, deployId, name, state }) {
+  const query = artifact.server.queries?.[name];
+  if (!query) {
+    throw new Error(`Unknown query: ${name}`);
+  }
+
+  return executeQuerySpec({ args, artifact, auth, deployId, query, state });
+}
+
+async function checkUpdateGuards({ auth, guards = [], row }) {
+  for (const guard of guards) {
+    if (guard.op === "rowFieldEqualsAuth" && row?.[guard.field] !== auth[guard.equalsAuth]) {
+      return false;
+    }
+  }
+  return true;
+}
+
+export async function executeAnonymousMutation({ args = [], artifact, auth, deployId, name, state }) {
+  const mutation = artifact.server.mutations?.[name];
+  if (!mutation) {
+    throw new Error(`Unknown mutation: ${name}`);
+  }
+
+  return state.transaction(deployId, async (tx) => {
+    for (const operation of mutation.body) {
+      if (operation.op === "insert") {
+        const values = evaluateValue(operation.values, { args, auth });
+        const row = prepareInsert(artifact.server.schema, operation.table, values);
+        await tx.insertRow(deployId, operation.table, row);
+        continue;
+      }
+
+      if (operation.op === "update") {
+        const id = evaluateValue(operation.id, { args, auth });
+        const row = await tx.getRow(deployId, operation.table, id);
+        if (!row || !(await checkUpdateGuards({ auth, guards: operation.guards, row }))) {
+          continue;
+        }
+        const patch = preparePatch(artifact.server.schema, operation.table, evaluateValue(operation.patch, { args, auth, row }));
+        await tx.updateRow(deployId, operation.table, id, patch);
+        continue;
+      }
+
+      if (operation.op === "delete") {
+        const id = evaluateValue(operation.id, { args, auth });
+        await tx.deleteRow(deployId, operation.table, id);
+        continue;
+      }
+
+      if (operation.op === "deleteWhere") {
+        const rows = await executeQuerySpec({ args, artifact, auth, deployId, query: operation.query, state: tx });
+        for (const row of rows) {
+          await tx.deleteRow(deployId, operation.table, row.id);
+        }
+        continue;
+      }
+
+      throw new Error(`Unsupported anonymous mutation op: ${operation.op}`);
+    }
+
+    return null;
+  });
+}