lakebed 0.0.8 → 0.0.10

package/src/anonymous.js

@@ -1021,7 +1021,7 @@ function metadataFields() {
   return new Set(["id", "createdAt", "updatedAt"]);
 }
 
-function assertFieldValue(tableName, fieldName, field, value) {
+function assertFieldValue(tableName, fieldName, field, value, limits = DEFAULT_ANONYMOUS_LIMITS) {
   if (value === undefined) {
     throw new Error(`Missing value for ${tableName}.${fieldName}`);
   }
@@ -1034,12 +1034,13 @@ function assertFieldValue(tableName, fieldName, field, value) {
     throw new Error(`Expected ${tableName}.${fieldName} to be a boolean.`);
   }
 
-  if (byteLength(value) > DEFAULT_ANONYMOUS_LIMITS.maxValueBytes) {
-    throw new Error(`Value for ${tableName}.${fieldName} exceeds ${DEFAULT_ANONYMOUS_LIMITS.maxValueBytes} bytes.`);
+  const maxValueBytes = limits.maxValueBytes ?? DEFAULT_ANONYMOUS_LIMITS.maxValueBytes;
+  if (byteLength(value) > maxValueBytes) {
+    throw new Error(`Value for ${tableName}.${fieldName} exceeds ${maxValueBytes} bytes.`);
   }
 }
 
-function prepareInsert(schema, tableName, value) {
+function prepareInsert(schema, tableName, value, limits = DEFAULT_ANONYMOUS_LIMITS) {
   const table = schema[tableName];
   if (!table) {
     throw new Error(`Unknown table: ${tableName}`);
@@ -1065,14 +1066,14 @@ function prepareInsert(schema, tableName, value) {
 
   for (const [fieldName, field] of Object.entries(fields)) {
     const valueOrDefault = value[fieldName] ?? field.defaultValue;
-    assertFieldValue(tableName, fieldName, field, valueOrDefault);
+    assertFieldValue(tableName, fieldName, field, valueOrDefault, limits);
     row[fieldName] = valueOrDefault;
   }
 
   return row;
 }
 
-function preparePatch(schema, tableName, patch) {
+function preparePatch(schema, tableName, patch, limits = DEFAULT_ANONYMOUS_LIMITS) {
   const table = schema[tableName];
   if (!table) {
     throw new Error(`Unknown table: ${tableName}`);
@@ -1089,7 +1090,7 @@ function preparePatch(schema, tableName, patch) {
       throw new Error(`Lakebed manages ${tableName}.${key}; app code cannot update it directly.`);
     }
 
-    assertFieldValue(tableName, key, fields[key], value);
+    assertFieldValue(tableName, key, fields[key], value, limits);
     cleanPatch[key] = value;
   }
 
@@ -1097,6 +1098,14 @@ function preparePatch(schema, tableName, patch) {
   return cleanPatch;
 }
 
+export function prepareAnonymousInsert(schema, tableName, value, limits = DEFAULT_ANONYMOUS_LIMITS) {
+  return prepareInsert(schema, tableName, value, limits);
+}
+
+export function prepareAnonymousPatch(schema, tableName, patch, limits = DEFAULT_ANONYMOUS_LIMITS) {
+  return preparePatch(schema, tableName, patch, limits);
+}
+
 function compareValues(left, right) {
   if (left === right) {
     return 0;
@@ -1132,6 +1141,10 @@ async function loadSourceApp(artifact) {
     return null;
   }
 
+  if (process.env.LAKEBED_UNSAFE_IN_PROCESS_SOURCE !== "1") {
+    throw new Error("Claimed-source execution requires a configured source runtime. Set LAKEBED_UNSAFE_IN_PROCESS_SOURCE=1 only for local unsafe debugging.");
+  }
+
   if (!sourceModuleCache.has(source.bundleHash)) {
     const url = `data:text/javascript;base64,${source.bundle}`;
     sourceModuleCache.set(source.bundleHash, import(url).then((module) => module.default));
@@ -1234,9 +1247,13 @@ async function createSourceContext({ artifact, auth, deployId, state }) {
   };
 }
 
-export async function executeAnonymousQuery({ args = [], artifact, auth, deployId, name, state }) {
-  const sourceApp = await loadSourceApp(artifact);
-  if (sourceApp) {
+export async function executeAnonymousQuery({ args = [], artifact, auth, deployId, name, sourceRuntime, state }) {
+  if (artifact.server?.source) {
+    if (sourceRuntime) {
+      return sourceRuntime.executeQuery({ args, artifact, auth, deployId, name, state });
+    }
+
+    const sourceApp = await loadSourceApp(artifact);
     const handler = sourceApp.queries?.[name];
     if (!handler) {
       throw new Error(`Unknown query: ${name}`);
@@ -1262,9 +1279,13 @@ async function checkUpdateGuards({ auth, guards = [], row }) {
   return true;
 }
 
-export async function executeAnonymousMutation({ args = [], artifact, auth, deployId, name, state }) {
-  const sourceApp = await loadSourceApp(artifact);
-  if (sourceApp) {
+export async function executeAnonymousMutation({ args = [], artifact, auth, deployId, limits = DEFAULT_ANONYMOUS_LIMITS, name, sourceRuntime, state }) {
+  if (artifact.server?.source) {
+    if (sourceRuntime) {
+      return sourceRuntime.executeMutation({ args, artifact, auth, deployId, limits, name, state });
+    }
+
+    const sourceApp = await loadSourceApp(artifact);
     const handler = sourceApp.mutations?.[name];
     if (!handler) {
       throw new Error(`Unknown mutation: ${name}`);

package/src/cli.js

@@ -1,9 +1,11 @@
 #!/usr/bin/env node
+import { execFile } from "node:child_process";
 import { createServer } from "node:http";
 import { existsSync, realpathSync } from "node:fs";
 import { mkdir, readFile, rm, writeFile } from "node:fs/promises";
 import { basename, dirname, isAbsolute, join, resolve } from "node:path";
 import { createInterface } from "node:readline/promises";
+import { promisify } from "node:util";
 import { fileURLToPath, pathToFileURL } from "node:url";
 import * as esbuild from "esbuild";
 import { WebSocketServer } from "ws";
@@ -28,12 +30,14 @@ const packageDir = resolve(dirname(fileURLToPath(import.meta.url)), "..");
 const packageNodeModules = resolve(packageDir, "node_modules");
 const sourceNamespace = "lakebed-source";
 const defaultDeployApiUrl = "https://api.lakebed.app";
+const execFileAsync = promisify(execFile);
 
 function usage() {
   console.log(`lakebed
 
 Usage:
-  lakebed new [name] [--template todo]
+  lakebed new [name] [--template todo] [--no-git]
+  lakebed create [name] [--template todo] [--no-git]
   lakebed dev <capsule-dir> [--port 3000]
   lakebed build <capsule-dir> --target anonymous [--out .lakebed/artifacts/app.json] [--json]
   lakebed deploy [capsule-dir] [--ttl 7d] [--api <url>] [--json]
@@ -1238,6 +1242,7 @@ export function App() {
   const todos = useQuery<Todo[]>("todos");
   const addTodo = useMutation<[text: string], void>("addTodo");
   const authLabel = auth.email ?? auth.displayName;
+  const authStatus = auth.isLoading && auth.isGuest ? "checking session" : "signed in as " + authLabel;
 
   async function onSubmit(event: SubmitEvent) {
     event.preventDefault();
@@ -1256,14 +1261,14 @@ export function App() {
     <main className="min-h-screen bg-black px-6 py-10 text-white">
       <section className="mx-auto max-w-2xl">
         <div className="mb-3 flex items-center justify-between gap-3">
-          <p className="font-mono text-sm text-neutral-500">signed in as {authLabel}</p>
-          {auth.isGuest ? (
+          <p className="font-mono text-sm text-neutral-500">{authStatus}</p>
+          {!auth.isLoading && auth.isGuest ? (
             <SignInWithGoogle className="border border-neutral-700 px-3 py-1.5 text-sm font-medium text-neutral-200 hover:border-white hover:text-white" />
-          ) : (
+          ) : !auth.isLoading ? (
             <button className="text-sm text-neutral-400 hover:text-white" type="button" onClick={() => signOut()}>
               Sign out
             </button>
-          )}
+          ) : null}
         </div>
         <h1 className="mb-8 text-5xl font-bold tracking-tight">${title}</h1>
         <form className="mb-8 flex gap-3" onSubmit={(event) => void onSubmit(event)}>
@@ -1310,6 +1315,7 @@ pnpm lakebed dev ${name}
 async function newCommand(args) {
   const [nameArg] = positionals(args);
   const template = readArg(args, "--template", "todo");
+  const shouldInitGit = !hasFlag(args, "--no-git");
 
   if (template !== "todo") {
     throw new Error(`Unknown template: ${template}`);
@@ -1333,6 +1339,51 @@ async function newCommand(args) {
   }
 
   console.log(`Created Lakebed capsule at ${targetDir}`);
+  const gitStatus = shouldInitGit ? await initializeGitRepository(targetDir) : "Skipped git setup (--no-git).";
+  console.log(gitStatus);
+  console.log(`
+Next:
+  cd ${shellQuote(name)}
+  npx lakebed dev
+
+deploy instantly for free with:
+  npx lakebed deploy`);
+}
+
+async function initializeGitRepository(targetDir) {
+  if (await isInsideGitWorkTree(dirname(targetDir))) {
+    return "Skipped git setup because the capsule is inside an existing git repository.";
+  }
+
+  try {
+    await execFileAsync("git", ["init"], { cwd: targetDir });
+    await execFileAsync("git", ["add", "."], { cwd: targetDir });
+    await execFileAsync(
+      "git",
+      ["-c", "user.name=Lakebed", "-c", "user.email=lakebed@example.invalid", "commit", "-m", "Initial Lakebed capsule"],
+      { cwd: targetDir }
+    );
+    return "Initialized git repository and created initial commit.";
+  } catch (error) {
+    return `Skipped git setup: ${error instanceof Error ? error.message : String(error)}`;
+  }
+}
+
+async function isInsideGitWorkTree(cwd) {
+  try {
+    const { stdout } = await execFileAsync("git", ["rev-parse", "--is-inside-work-tree"], { cwd });
+    return stdout.trim() === "true";
+  } catch {
+    return false;
+  }
+}
+
+function shellQuote(value) {
+  if (/^[A-Za-z0-9_./:-]+$/.test(value)) {
+    return value;
+  }
+
+  return `'${value.replaceAll("'", "'\\''")}'`;
 }
 
 async function promptForCapsuleName() {
@@ -1395,7 +1446,7 @@ async function runMany(args) {
 async function main() {
   const [command, ...args] = process.argv.slice(2);
 
-  if (command === "new") {
+  if (command === "new" || command === "create") {
     await newCommand(args);
     return;
   }

package/src/client.d.ts

@@ -6,6 +6,7 @@ export type Auth = {
   provider: "guest" | "google";
   isGuest: boolean;
   isAuthenticated: boolean;
+  isLoading?: boolean;
   email?: string;
   emailVerified?: boolean;
   name?: string;

package/src/client.js

@@ -11,7 +11,7 @@ const encoder = new TextEncoder();
 
 let socket = null;
 let nextRequestId = 1;
-let auth = createGuestAuth("local");
+let auth = createInitialAuth();
 const authListeners = new Set();
 const queryValues = new Map();
 const queryListeners = new Map();
@@ -51,6 +51,40 @@ function createGuestAuth(name) {
   };
 }
 
+function withAuthLoading(value, isLoading) {
+  return { ...value, isLoading };
+}
+
+function browserStorage() {
+  if (typeof window === "undefined") {
+    return null;
+  }
+
+  try {
+    return window.localStorage;
+  } catch {
+    return null;
+  }
+}
+
+function currentGuestName() {
+  if (typeof window === "undefined") {
+    return "local";
+  }
+
+  return new URLSearchParams(window.location.search).get("lakebed_guest") ?? "local";
+}
+
+function createInitialAuth() {
+  const token = storedAuthToken();
+  const googleAuth = createGoogleAuthFromToken(token);
+  if (googleAuth) {
+    return withAuthLoading(googleAuth, true);
+  }
+
+  return withAuthLoading(createGuestAuth(currentGuestName()), typeof window !== "undefined");
+}
+
 function emitAuth() {
   for (const listener of authListeners) {
     listener(auth);
@@ -203,7 +237,18 @@ export function decodeIdentityClaims(idToken) {
 }
 
 function readStoredIdentity() {
-  const raw = window.localStorage.getItem(AUTH_STORAGE_KEY) ?? window.localStorage.getItem(LEGACY_SHOO_STORAGE_KEY);
+  const storage = browserStorage();
+  if (!storage) {
+    return { userId: null };
+  }
+
+  let raw = null;
+  try {
+    raw = storage.getItem(AUTH_STORAGE_KEY) ?? storage.getItem(LEGACY_SHOO_STORAGE_KEY);
+  } catch {
+    return { userId: null };
+  }
+
   if (!raw) {
     return { userId: null };
   }
@@ -227,20 +272,38 @@ function readStoredIdentity() {
 }
 
 function persistIdentity(userId, token, expiresIn) {
-  window.localStorage.setItem(
-    AUTH_STORAGE_KEY,
-    JSON.stringify({
-      expiresIn,
-      receivedAt: Date.now(),
-      token,
-      userId
-    })
-  );
+  const storage = browserStorage();
+  if (!storage) {
+    return;
+  }
+
+  try {
+    storage.setItem(
+      AUTH_STORAGE_KEY,
+      JSON.stringify({
+        expiresIn,
+        receivedAt: Date.now(),
+        token,
+        userId
+      })
+    );
+  } catch {
+    // Storage persistence is best effort; server auth remains authoritative.
+  }
 }
 
 function clearStoredIdentity() {
-  window.localStorage.removeItem(AUTH_STORAGE_KEY);
-  window.localStorage.removeItem(LEGACY_SHOO_STORAGE_KEY);
+  const storage = browserStorage();
+  if (!storage) {
+    return;
+  }
+
+  try {
+    storage.removeItem(AUTH_STORAGE_KEY);
+    storage.removeItem(LEGACY_SHOO_STORAGE_KEY);
+  } catch {
+    // Ignore storage failures; reconnecting as guest is still safe.
+  }
 }
 
 function storedAuthToken() {
@@ -372,7 +435,7 @@ async function handleGoogleCallback() {
 
   const localAuth = createGoogleAuthFromToken(token.id_token);
   if (localAuth) {
-    auth = localAuth;
+    auth = withAuthLoading(localAuth, true);
     emitAuth();
   }
 
@@ -438,7 +501,7 @@ function connect() {
     const message = JSON.parse(String(event.data));
 
     if (message.op === "auth.result") {
-      auth = message.auth;
+      auth = withAuthLoading(message.auth, false);
       emitAuth();
       return;
     }
@@ -529,7 +592,7 @@ export async function signInWithGoogle(options = {}) {
 
 export function signOut() {
   clearStoredIdentity();
-  auth = createGuestAuth(new URLSearchParams(window.location.search).get("lakebed_guest") ?? "local");
+  auth = withAuthLoading(createGuestAuth(currentGuestName()), true);
   emitAuth();
   reconnect();
 }

package/src/source-runtime-loader.mjs

@@ -0,0 +1,31 @@
+function isBareSpecifier(specifier) {
+  return !specifier.startsWith(".") && !specifier.startsWith("/") && !/^[a-zA-Z][a-zA-Z0-9+.-]*:/.test(specifier);
+}
+
+function isWorkerInternalImport(context) {
+  return !context.parentURL || context.parentURL.startsWith("file:");
+}
+
+export async function resolve(specifier, context, nextResolve) {
+  if (specifier.startsWith("node:")) {
+    if (isWorkerInternalImport(context)) {
+      return nextResolve(specifier, context);
+    }
+
+    throw new Error(`Source runtime imports are not available: ${specifier}`);
+  }
+
+  if (isBareSpecifier(specifier)) {
+    throw new Error(`Source runtime imports are not available: ${specifier}`);
+  }
+
+  if (specifier.startsWith("file:") && context.parentURL) {
+    throw new Error(`Source runtime file imports are not available: ${specifier}`);
+  }
+
+  if (specifier.startsWith("/") || specifier.startsWith("./") || specifier.startsWith("../")) {
+    throw new Error(`Source runtime relative imports are not available: ${specifier}`);
+  }
+
+  return nextResolve(specifier, context);
+}