orez 0.2.20 → 0.2.25

package/src/pglite-ipc.test.ts

@@ -96,4 +96,21 @@ describe('PGliteWorkerProxy', () => {
   test('error propagation with SQL code', async () => {
     await expect(proxy.exec('SELECT * FROM nonexistent_table')).rejects.toThrow()
   })
+
+  test('rejects requests after worker exits', async () => {
+    const local = new PGliteWorkerProxy({
+      dataDir: 'memory://',
+      name: 'exit-test',
+      withExtensions: false,
+      debug: 0,
+      pgliteOptions: {},
+    })
+    await local.waitReady
+
+    await (local as any).worker.terminate()
+
+    await expect(local.query('SELECT 1')).rejects.toThrow(
+      /worker exited|worker is closed/
+    )
+  })
 })

package/src/pglite-ipc.ts

@@ -51,6 +51,8 @@ export class PGliteWorkerProxy {
   private pending = new Map<number, PendingRequest>()
   private nextId = 1
   private notificationCallbacks = new Map<string, Set<(payload: string) => void>>()
+  private closed = false
+  private failure: Error | null = null
   readonly name: string
 
   /** resolves when the worker's PGlite instance is ready */
@@ -89,24 +91,31 @@ export class PGliteWorkerProxy {
 
     // handle unexpected worker crashes
     this.worker.on('error', (err) => {
+      const failure = new Error(`worker crashed: ${err.message}`)
       log.pglite(`worker ${config.name} error: ${err.message}`)
-      for (const [, req] of this.pending) {
-        req.reject(new Error(`worker crashed: ${err.message}`))
-      }
-      this.pending.clear()
+      this.failPending(failure)
     })
 
     this.worker.on('exit', (code) => {
+      if (this.closed) return
       if (code !== 0) {
+        const failure = new Error(`worker exited with code ${code}`)
         log.pglite(`worker ${config.name} exited with code ${code}`)
-        for (const [, req] of this.pending) {
-          req.reject(new Error(`worker exited with code ${code}`))
-        }
-        this.pending.clear()
+        this.failPending(failure)
+        return
       }
+      this.failPending(new Error('worker exited unexpectedly'))
     })
   }
 
+  private failPending(error: Error) {
+    if (!this.failure) this.failure = error
+    for (const [, req] of this.pending) {
+      req.reject(error)
+    }
+    this.pending.clear()
+  }
+
   private installMessageHandler() {
     this.worker.on(
       'message',
@@ -139,14 +148,22 @@ export class PGliteWorkerProxy {
   }
 
   private send(msg: Record<string, unknown>, transfer?: ArrayBuffer[]): Promise<any> {
+    if (this.failure) return Promise.reject(this.failure)
+    if (this.closed) return Promise.reject(new Error('worker is closed'))
+
     const id = this.nextId++
     msg.id = id
     return new Promise((resolve, reject) => {
       this.pending.set(id, { resolve, reject })
-      if (transfer?.length) {
-        this.worker.postMessage(msg, transfer)
-      } else {
-        this.worker.postMessage(msg)
+      try {
+        if (transfer?.length) {
+          this.worker.postMessage(msg, transfer)
+        } else {
+          this.worker.postMessage(msg)
+        }
+      } catch (err) {
+        this.pending.delete(id)
+        reject(err instanceof Error ? err : new Error(String(err)))
       }
     })
   }
@@ -242,6 +259,8 @@ export class PGliteWorkerProxy {
     } catch {
       // worker may already be gone
     }
+    this.closed = true
+    this.failPending(new Error('worker is closed'))
     await this.worker.terminate()
   }
 }

package/src/pglite-web-proxy.test.ts

@@ -0,0 +1,57 @@
+import { describe, expect, test } from 'vitest'
+
+import { PGliteWebProxy } from './pglite-web-proxy.js'
+
+class FakeWorker {
+  messages: unknown[] = []
+  terminated = false
+  private listeners = new Map<string, Set<(event: any) => void>>()
+
+  addEventListener(type: string, handler: (event: any) => void) {
+    let handlers = this.listeners.get(type)
+    if (!handlers) {
+      handlers = new Set()
+      this.listeners.set(type, handlers)
+    }
+    handlers.add(handler)
+  }
+
+  removeEventListener(type: string, handler: (event: any) => void) {
+    this.listeners.get(type)?.delete(handler)
+  }
+
+  postMessage(message: unknown) {
+    this.messages.push(message)
+  }
+
+  terminate() {
+    this.terminated = true
+  }
+
+  dispatch(type: string, event: any) {
+    for (const handler of this.listeners.get(type) ?? []) {
+      handler(event)
+    }
+  }
+}
+
+describe('PGliteWebProxy', () => {
+  test('rejects pending and future requests when the worker errors', async () => {
+    const worker = new FakeWorker()
+    const proxy = new PGliteWebProxy(worker as unknown as Worker, 'postgres')
+
+    worker.dispatch('message', { data: { type: 'ready' } })
+    await proxy.waitReady
+
+    const pending = proxy.query('SELECT 1')
+    expect(worker.messages).toHaveLength(1)
+
+    worker.dispatch('error', {
+      error: new Error('pglite worker crashed'),
+      message: 'pglite worker crashed',
+    })
+
+    await expect(pending).rejects.toThrow('pglite worker crashed')
+    await expect(proxy.query('SELECT 2')).rejects.toThrow('pglite worker crashed')
+  })
+})

package/src/pglite-web-proxy.ts

@@ -34,6 +34,7 @@ export class PGliteWebProxy {
   private pending = new Map<number, PendingRequest>()
   private nextId = 1
   private notificationCallbacks = new Map<string, Set<(payload: string) => void>>()
+  private failure: Error | null = null
   readonly name: string
 
   readonly waitReady: Promise<void>
@@ -66,12 +67,26 @@ export class PGliteWebProxy {
 
       this.worker.addEventListener('message', onMessage)
       this.worker.addEventListener('error', (ev) => {
-        rejectReady(new Error(String(ev)))
+        const error = this.errorFromEvent(ev, 'worker failed during startup')
+        this.failPending(error)
+        rejectReady(error)
+      })
+      this.worker.addEventListener('messageerror', (ev) => {
+        const error = this.errorFromEvent(ev, 'worker message error during startup')
+        this.failPending(error)
+        rejectReady(error)
       })
     })
   }
 
   private installMessageHandler() {
+    this.worker.addEventListener('error', (ev) => {
+      this.failPending(this.errorFromEvent(ev, 'worker failed'))
+    })
+    this.worker.addEventListener('messageerror', (ev) => {
+      this.failPending(this.errorFromEvent(ev, 'worker message error'))
+    })
+
     this.worker.addEventListener('message', (ev: MessageEvent) => {
       const msg = ev.data
       if (!msg || typeof msg !== 'object') return
@@ -102,15 +117,40 @@ export class PGliteWebProxy {
     })
   }
 
+  private errorFromEvent(ev: Event, fallback: string): Error {
+    const maybeError = ev as ErrorEvent
+    if (maybeError.error instanceof Error) return maybeError.error
+    if (maybeError.message) return new Error(maybeError.message)
+    return new Error(fallback)
+  }
+
+  private failPending(error: Error) {
+    if (!this.failure) this.failure = error
+    this.closed = true
+    this.ready = false
+    for (const [, req] of this.pending) {
+      req.reject(error)
+    }
+    this.pending.clear()
+  }
+
   private send(msg: Record<string, unknown>, transfer?: Transferable[]): Promise<any> {
+    if (this.failure) return Promise.reject(this.failure)
+    if (this.closed) return Promise.reject(new Error('worker is closed'))
+
     const id = this.nextId++
     msg.id = id
     return new Promise((resolve, reject) => {
       this.pending.set(id, { resolve, reject })
-      if (transfer?.length) {
-        this.worker.postMessage(msg, transfer)
-      } else {
-        this.worker.postMessage(msg)
+      try {
+        if (transfer?.length) {
+          this.worker.postMessage(msg, transfer)
+        } else {
+          this.worker.postMessage(msg)
+        }
+      } catch (err) {
+        this.pending.delete(id)
+        reject(err instanceof Error ? err : new Error(String(err)))
       }
     })
   }
@@ -170,11 +210,12 @@ export class PGliteWebProxy {
   }
 
   async close(): Promise<void> {
-    this.closed = true
-    this.ready = false
     try {
       await this.send({ type: 'close' })
     } catch {}
+    this.closed = true
+    this.ready = false
+    this.failPending(new Error('worker is closed'))
     this.worker.terminate()
   }
 }

package/src/query-rewrites.test.ts

@@ -0,0 +1,30 @@
+import { describe, expect, test } from 'vitest'
+
+import { rewritePgColumnSizeTotalBytesQuery } from './query-rewrites.js'
+
+describe('rewritePgColumnSizeTotalBytesQuery', () => {
+  test('rewrites zero totalBytes pg_column_size sums into scalar subselects', () => {
+    const query =
+      'SELECT (SUM(COALESCE(pg_column_size("id"), 0)) + SUM(COALESCE(pg_column_size("parts"), 0)) + SUM(COALESCE(pg_column_size("threadId"), 0))) AS "totalBytes" FROM "public"."message" '
+
+    expect(rewritePgColumnSizeTotalBytesQuery(query)).toBe(
+      'SELECT (SELECT SUM(COALESCE(pg_column_size("id"), 0)) FROM "public"."message") + (SELECT SUM(COALESCE(pg_column_size("parts"), 0)) FROM "public"."message") + (SELECT SUM(COALESCE(pg_column_size("threadId"), 0)) FROM "public"."message") AS "totalBytes"'
+    )
+  })
+
+  test('preserves row filters on every scalar subselect', () => {
+    const query =
+      'SELECT (SUM(COALESCE(pg_column_size("id"), 0)) + SUM(COALESCE(pg_column_size("parts"), 0))) AS "totalBytes" FROM "public"."message" WHERE "projectId" = \'proj_1\' OR "role" = \'user\';'
+
+    expect(rewritePgColumnSizeTotalBytesQuery(query)).toBe(
+      'SELECT (SELECT SUM(COALESCE(pg_column_size("id"), 0)) FROM "public"."message" WHERE "projectId" = \'proj_1\' OR "role" = \'user\') + (SELECT SUM(COALESCE(pg_column_size("parts"), 0)) FROM "public"."message" WHERE "projectId" = \'proj_1\' OR "role" = \'user\') AS "totalBytes"'
+    )
+  })
+
+  test('leaves non-matching SQL unchanged', () => {
+    const query =
+      'SELECT (SUM(COALESCE(pg_column_size("id"), 0)) + count(*)) AS "totalBytes" FROM "public"."message"'
+
+    expect(rewritePgColumnSizeTotalBytesQuery(query)).toBe(query)
+  })
+})

package/src/query-rewrites.ts

@@ -0,0 +1,152 @@
+const TOTAL_BYTES_ALIAS_RE = /^AS\s+"totalBytes"\s+/i
+const TOTAL_BYTES_TERM_RE =
+  /^SUM\s*\(\s*COALESCE\s*\(\s*pg_column_size\s*\(\s*((?:"(?:[^"]|"")+")|(?:[a-z_][a-z0-9_$]*))\s*\)\s*,\s*0\s*\)\s*\)$/i
+
+function findMatchingParen(sql: string, openIndex: number): number {
+  let depth = 0
+  let inSingleQuote = false
+  let inDoubleQuote = false
+
+  for (let i = openIndex; i < sql.length; i++) {
+    const ch = sql[i]
+    const next = sql[i + 1]
+
+    if (inSingleQuote) {
+      if (ch === "'" && next === "'") {
+        i++
+      } else if (ch === "'") {
+        inSingleQuote = false
+      }
+      continue
+    }
+
+    if (inDoubleQuote) {
+      if (ch === '"' && next === '"') {
+        i++
+      } else if (ch === '"') {
+        inDoubleQuote = false
+      }
+      continue
+    }
+
+    if (ch === "'") {
+      inSingleQuote = true
+      continue
+    }
+    if (ch === '"') {
+      inDoubleQuote = true
+      continue
+    }
+    if (ch === '(') {
+      depth++
+      continue
+    }
+    if (ch === ')') {
+      depth--
+      if (depth === 0) return i
+    }
+  }
+
+  return -1
+}
+
+function splitTopLevelAddends(expr: string): string[] | null {
+  const terms: string[] = []
+  let depth = 0
+  let start = 0
+  let inSingleQuote = false
+  let inDoubleQuote = false
+
+  for (let i = 0; i < expr.length; i++) {
+    const ch = expr[i]
+    const next = expr[i + 1]
+
+    if (inSingleQuote) {
+      if (ch === "'" && next === "'") {
+        i++
+      } else if (ch === "'") {
+        inSingleQuote = false
+      }
+      continue
+    }
+
+    if (inDoubleQuote) {
+      if (ch === '"' && next === '"') {
+        i++
+      } else if (ch === '"') {
+        inDoubleQuote = false
+      }
+      continue
+    }
+
+    if (ch === "'") {
+      inSingleQuote = true
+      continue
+    }
+    if (ch === '"') {
+      inDoubleQuote = true
+      continue
+    }
+    if (ch === '(') {
+      depth++
+      continue
+    }
+    if (ch === ')') {
+      depth--
+      if (depth < 0) return null
+      continue
+    }
+    if (ch === '+' && depth === 0) {
+      terms.push(expr.slice(start, i).trim())
+      start = i + 1
+    }
+  }
+
+  if (depth !== 0 || inSingleQuote || inDoubleQuote) return null
+
+  terms.push(expr.slice(start).trim())
+  return terms
+}
+
+function stripTrailingSemicolon(sql: string): string {
+  const trimmedEnd = sql.trimEnd()
+  return trimmedEnd.endsWith(';') ? trimmedEnd.slice(0, -1) : sql
+}
+
+export function rewritePgColumnSizeTotalBytesQuery(query: string): string {
+  const leadingWhitespace = query.match(/^\s*/)?.[0] ?? ''
+  const trimmedStart = query.slice(leadingWhitespace.length)
+  if (!/^SELECT\b/i.test(trimmedStart)) return query
+
+  const afterSelect = trimmedStart.slice('SELECT'.length).trimStart()
+  if (!afterSelect.startsWith('(')) return query
+
+  const openIndex = trimmedStart.indexOf(afterSelect)
+  const closeIndex = findMatchingParen(trimmedStart, openIndex)
+  if (closeIndex < 0) return query
+
+  const expression = trimmedStart.slice(openIndex + 1, closeIndex)
+  const afterExpression = trimmedStart.slice(closeIndex + 1).trimStart()
+  const aliasMatch = afterExpression.match(TOTAL_BYTES_ALIAS_RE)
+  if (!aliasMatch) return query
+
+  const fromClause = stripTrailingSemicolon(
+    afterExpression.slice(aliasMatch[0].length).trim()
+  )
+  if (!/^FROM\b/i.test(fromClause)) return query
+
+  const terms = splitTopLevelAddends(expression)
+  if (!terms || terms.length === 0) return query
+
+  const columns: string[] = []
+  for (const term of terms) {
+    const match = term.match(TOTAL_BYTES_TERM_RE)
+    if (!match) return query
+    columns.push(match[1])
+  }
+
+  const rewrittenTerms = columns.map(
+    (column) => `(SELECT SUM(COALESCE(pg_column_size(${column}), 0)) ${fromClause})`
+  )
+  return `${leadingWhitespace}SELECT ${rewrittenTerms.join(' + ')} AS "totalBytes"`
+}

package/src/worker/browser-admin.ts

@@ -0,0 +1,52 @@
+export interface HttpRequest {
+  method: string
+  url: string
+  headers?: Record<string, string>
+  body?: string | null
+}
+
+export interface HttpResponse {
+  status: number
+  headers: Record<string, string>
+  body: string
+}
+
+const ADMIN_HEADERS = {
+  'access-control-allow-origin': '*',
+  'access-control-allow-methods': 'GET, OPTIONS',
+  'access-control-allow-headers': '*',
+  'content-type': 'application/json',
+}
+
+function jsonResponse(status: number, body: unknown): HttpResponse {
+  return {
+    status,
+    headers: ADMIN_HEADERS,
+    body: JSON.stringify(body),
+  }
+}
+
+export function handleDisabledBrowserAdminRequest(
+  request: HttpRequest
+): HttpResponse | null {
+  const url = new URL(request.url, 'http://localhost')
+  if (!url.pathname.startsWith('/__orez/')) return null
+
+  const method = request.method.toUpperCase()
+  if (method === 'OPTIONS') {
+    return { status: 200, headers: ADMIN_HEADERS, body: '' }
+  }
+  if (method !== 'GET') {
+    return jsonResponse(405, { error: 'method not allowed', admin: 'disabled' })
+  }
+
+  if (url.pathname === '/__orez/api/logs') {
+    return jsonResponse(200, { entries: [], cursor: 0, admin: 'disabled' })
+  }
+
+  if (url.pathname === '/__orez/api/status') {
+    return jsonResponse(200, { ready: true, admin: 'disabled' })
+  }
+
+  return jsonResponse(404, { error: 'not found', admin: 'disabled' })
+}

package/src/worker/browser-embed-admin.test.ts

@@ -0,0 +1,75 @@
+import { describe, expect, it } from 'vitest'
+
+import { handleDisabledBrowserAdminRequest } from './browser-admin.js'
+
+describe('disabled browser admin api', () => {
+  it('ignores non-admin routes', () => {
+    expect(
+      handleDisabledBrowserAdminRequest({
+        method: 'GET',
+        url: '/sync/v1/connect',
+      })
+    ).toBeNull()
+  })
+
+  it('serves empty logs for disabled browser admin', () => {
+    const response = handleDisabledBrowserAdminRequest({
+      method: 'GET',
+      url: '/__orez/api/logs?limit=100',
+    })
+
+    expect(response?.status).toBe(200)
+    expect(response?.headers['content-type']).toBe('application/json')
+    expect(JSON.parse(response?.body ?? '')).toEqual({
+      entries: [],
+      cursor: 0,
+      admin: 'disabled',
+    })
+  })
+
+  it('serves status for disabled browser admin', () => {
+    const response = handleDisabledBrowserAdminRequest({
+      method: 'GET',
+      url: 'http://localhost:7849/__orez/api/status',
+    })
+
+    expect(response?.status).toBe(200)
+    expect(JSON.parse(response?.body ?? '')).toEqual({
+      ready: true,
+      admin: 'disabled',
+    })
+  })
+
+  it('handles preflight and disallows writes', () => {
+    expect(
+      handleDisabledBrowserAdminRequest({
+        method: 'OPTIONS',
+        url: '/__orez/api/logs',
+      })?.status
+    ).toBe(200)
+
+    const response = handleDisabledBrowserAdminRequest({
+      method: 'POST',
+      url: '/__orez/api/actions/restart-zero',
+    })
+
+    expect(response?.status).toBe(405)
+    expect(JSON.parse(response?.body ?? '')).toEqual({
+      error: 'method not allowed',
+      admin: 'disabled',
+    })
+  })
+
+  it('keeps unknown admin routes explicit', () => {
+    const response = handleDisabledBrowserAdminRequest({
+      method: 'GET',
+      url: '/__orez/api/actions/restart-zero',
+    })
+
+    expect(response?.status).toBe(404)
+    expect(JSON.parse(response?.body ?? '')).toEqual({
+      error: 'not found',
+      admin: 'disabled',
+    })
+  })
+})

package/src/worker/browser-embed.ts

@@ -36,8 +36,13 @@ import EventEmitter from 'node:events'
 // @ts-expect-error — internal zero-cache module, no type declarations
 import { runWorker as _runWorker } from '@rocicorp/zero/out/zero-cache/src/server/runner/run-worker.js'
 
+import { handleDisabledBrowserAdminRequest } from './browser-admin.js'
+
+import type { HttpRequest, HttpResponse } from './browser-admin.js'
 import type { PGlite } from '@electric-sql/pglite'
 
+export type { HttpRequest, HttpResponse } from './browser-admin.js'
+
 const runWorkerFn = _runWorker as (
   parent: unknown,
   env: Record<string, string>
@@ -65,19 +70,17 @@ export interface ZeroCacheEmbedBrowserOptions {
 
   /** timeout in ms waiting for zero-cache ready (default: 30000) */
   readyTimeout?: number
-}
-
-export interface HttpRequest {
-  method: string
-  url: string
-  headers?: Record<string, string>
-  body?: string | null
-}
 
-export interface HttpResponse {
-  status: number
-  headers: Record<string, string>
-  body: string
+  /**
+   * intercept browser-mode orez admin routes before they reach zero-cache.
+   *
+   * browser embeds do not run the node admin dashboard or log store. leaving
+   * `/__orez/*` to fall through to zero-cache makes disabled admin look like
+   * an app/zero route miss. keep the contract explicit by returning empty
+   * admin responses for the small read-only surface and 404 for the rest.
+   * default: true.
+   */
+  disableAdminApi?: boolean
 }
 
 /** WebSocket-like object — matches CF WebSocket, browser WebSocket, or MessagePort adapter */
@@ -116,6 +119,7 @@ export async function startZeroCacheEmbedBrowser(
   const appId = opts.appId || 'zero'
   const publications = opts.publications?.join(',') || `orez_${appId}_public`
   const readyTimeout = opts.readyTimeout ?? 30000
+  const disableAdminApi = opts.disableAdminApi ?? true
 
   // set up sqlite storage from sql.js or in-memory
   if (opts.sqlite) {
@@ -303,6 +307,11 @@ export async function startZeroCacheEmbedBrowser(
     },
 
     async handleHttp(request: HttpRequest): Promise<HttpResponse> {
+      if (disableAdminApi) {
+        const adminResponse = handleDisabledBrowserAdminRequest(request)
+        if (adminResponse) return adminResponse
+      }
+
       if (!isReady || !fastifyInstance?.inject) {
         return { status: 503, headers: {}, body: 'not ready' }
       }