orez 0.2.27 → 0.2.30

package/src/integration/test-permissions.ts

@@ -1,147 +0,0 @@
-import type { PGlite } from '@electric-sql/pglite'
-
-type DbLike = Pick<PGlite, 'query' | 'exec'>
-
-const ALLOW_ALL_CONDITION = { type: 'and', conditions: [] as unknown[] }
-const ALLOW_ALL_POLICY = [['allow', ALLOW_ALL_CONDITION]]
-const DEFAULT_APP_ID = process.env.ZERO_APP_ID?.trim() || 'zero'
-
-export async function installAllowAllPermissions(
-  db: DbLike,
-  tables: string[]
-): Promise<void> {
-  const schemas = await findPermissionsSchemas(db)
-  if (schemas.length === 0) {
-    schemas.push(DEFAULT_APP_ID)
-  }
-
-  for (const schema of schemas) {
-    const quotedSchema = '"' + schema.replace(/"/g, '""') + '"'
-
-    // Bootstrap the same global permissions table shape zero-cache expects.
-    await db.exec(`
-    CREATE SCHEMA IF NOT EXISTS ${quotedSchema};
-
-    CREATE TABLE IF NOT EXISTS ${quotedSchema}.permissions (
-      "permissions" JSONB,
-      "hash"        TEXT,
-      "lock" BOOL PRIMARY KEY DEFAULT true CHECK (lock)
-    );
-
-    CREATE OR REPLACE FUNCTION ${quotedSchema}.set_permissions_hash()
-    RETURNS TRIGGER AS $$
-    BEGIN
-        NEW.hash = md5(NEW.permissions::text);
-        RETURN NEW;
-    END;
-    $$ LANGUAGE plpgsql;
-
-    DROP TRIGGER IF EXISTS on_set_permissions ON ${quotedSchema}.permissions;
-    CREATE TRIGGER on_set_permissions
-      BEFORE INSERT OR UPDATE ON ${quotedSchema}.permissions
-      FOR EACH ROW
-      EXECUTE FUNCTION ${quotedSchema}.set_permissions_hash();
-
-    INSERT INTO ${quotedSchema}.permissions ("permissions")
-      VALUES (NULL)
-      ON CONFLICT DO NOTHING;
-  `)
-
-    const existing = await db.query<{ permissions: unknown }>(
-      `SELECT permissions FROM ${quotedSchema}.permissions WHERE lock = true LIMIT 1`
-    )
-    const existingPermissions = parsePermissions(existing.rows[0]?.permissions)
-
-    const tablesToAdd = Object.fromEntries(
-      tables.map((table) => [
-        table,
-        {
-          row: {
-            select: ALLOW_ALL_POLICY,
-            insert: ALLOW_ALL_POLICY,
-            update: {
-              preMutation: ALLOW_ALL_POLICY,
-              postMutation: ALLOW_ALL_POLICY,
-            },
-            delete: ALLOW_ALL_POLICY,
-          },
-        },
-      ])
-    )
-
-    const permissions = {
-      ...existingPermissions,
-      tables: {
-        ...(existingPermissions.tables || {}),
-        ...tablesToAdd,
-      },
-    }
-
-    await db.query(
-      `UPDATE ${quotedSchema}.permissions SET permissions = $1 WHERE lock = true`,
-      [JSON.stringify(permissions)]
-    )
-  }
-}
-
-export async function hasNonNullPermissions(db: DbLike): Promise<boolean> {
-  const schemas = await findPermissionsSchemas(db)
-  for (const schema of schemas) {
-    const quotedSchema = '"' + schema.replace(/"/g, '""') + '"'
-    const result = await db.query<{ has_permissions: boolean }>(
-      `SELECT (permissions IS NOT NULL) AS has_permissions
-       FROM ${quotedSchema}.permissions
-       WHERE lock = true
-       LIMIT 1`
-    )
-    if (result.rows[0]?.has_permissions) return true
-  }
-  return false
-}
-
-export async function ensureTablesInPublications(
-  db: DbLike,
-  tables: string[]
-): Promise<void> {
-  const pubs = await db.query<{ pubname: string }>(
-    `SELECT pubname
-     FROM pg_publication
-     WHERE pubname NOT LIKE '%metadata%'
-     ORDER BY pubname`
-  )
-  for (const { pubname } of pubs.rows) {
-    const quotedPub = '"' + pubname.replace(/"/g, '""') + '"'
-    for (const table of tables) {
-      const quotedTable = '"' + table.replace(/"/g, '""') + '"'
-      await db
-        .exec(`ALTER PUBLICATION ${quotedPub} ADD TABLE "public".${quotedTable}`)
-        .catch(() => {})
-    }
-  }
-}
-
-function parsePermissions(value: unknown): { tables?: Record<string, unknown> } {
-  if (!value) return {}
-  if (typeof value === 'string') {
-    try {
-      return JSON.parse(value)
-    } catch {
-      return {}
-    }
-  }
-  if (typeof value === 'object') return value as { tables?: Record<string, unknown> }
-  return {}
-}
-
-async function findPermissionsSchemas(db: DbLike): Promise<string[]> {
-  const result = await db.query<{ schemaname: string }>(
-    `SELECT schemaname
-     FROM pg_tables
-     WHERE tablename = 'permissions'
-       AND schemaname NOT IN ('pg_catalog', 'information_schema')
-       AND schemaname NOT LIKE 'pg_%'
-     ORDER BY CASE WHEN schemaname = $1 THEN 0 ELSE 1 END, schemaname`,
-    [DEFAULT_APP_ID]
-  )
-  return result.rows.map((r) => r.schemaname)
-}

package/src/load-config.ts

@@ -1,46 +0,0 @@
-import { existsSync } from 'node:fs'
-import { resolve } from 'node:path'
-import { pathToFileURL } from 'node:url'
-
-import type { OrezConfig } from './config.js'
-
-const CONFIG_FILES = ['orez.config.ts', 'orez.config.js', 'orez.config.mjs']
-
-export async function loadConfigFile(cwd = process.cwd()): Promise<OrezConfig> {
-  for (const name of CONFIG_FILES) {
-    const filePath = resolve(cwd, name)
-    if (!existsSync(filePath)) continue
-
-    try {
-      const mod = await import(pathToFileURL(filePath).href)
-      const config: OrezConfig = mod.default ?? mod
-      return config
-    } catch (err) {
-      throw new Error(
-        `failed to load ${name}: ${err instanceof Error ? err.message : err}`
-      )
-    }
-  }
-
-  return {}
-}
-
-/**
- * resolve OrezConfig aliases and convert to the shape expected by
- * startZeroLite() + CLI extras (s3, s3Port, disableAdmin).
- *
- * CLI args are passed as overrides — they take precedence over config file values.
- */
-export function resolveOrezConfig(
-  fileConfig: OrezConfig,
-  cliOverrides: Partial<OrezConfig> = {}
-): OrezConfig {
-  // merge: file < cli (undefined cli values don't override)
-  const merged: OrezConfig = { ...fileConfig }
-  for (const [k, v] of Object.entries(cliOverrides)) {
-    if (v !== undefined) {
-      ;(merged as Record<string, unknown>)[k] = v
-    }
-  }
-  return merged
-}

package/src/log.ts

@@ -1,96 +0,0 @@
-import type { LogStore } from './admin/log-store.js'
-import type { LogLevel } from './config.js'
-
-const RESET = '\x1b[0m'
-const BOLD = '\x1b[1m'
-const DIM = '\x1b[2m'
-
-const COLORS = {
-  cyan: '\x1b[36m',
-  green: '\x1b[32m',
-  yellow: '\x1b[33m',
-  magenta: '\x1b[35m',
-  blue: '\x1b[34m',
-} as const
-
-const LEVEL_PRIORITY: Record<LogLevel, number> = {
-  error: 0,
-  warn: 1,
-  info: 2,
-  debug: 3,
-}
-
-let currentLevel: LogLevel = 'warn'
-let logStore: LogStore | undefined
-
-export function setLogLevel(level: LogLevel) {
-  currentLevel = level
-}
-
-/** hook up logStore for admin dashboard observability */
-export function setLogStore(store: LogStore | undefined) {
-  logStore = store
-}
-
-function prefix(label: string, color: string): string {
-  return `${BOLD}${color}[${label}]${RESET}`
-}
-
-/** format a port number with matching dim color */
-export function port(n: number, color: keyof typeof COLORS): string {
-  return `${DIM}${COLORS[color]}:${n}${RESET}`
-}
-
-/** format a url with green color */
-export function url(u: string): string {
-  return `${COLORS.green}${u}${RESET}`
-}
-
-// map logger labels to logStore source names
-const LABEL_TO_SOURCE: Record<string, string> = {
-  orez: 'orez',
-  'orez:pg': 'orez',
-  pglite: 'pglite',
-  'pg-proxy': 'proxy',
-  'orez:zero': 'zero',
-  'orez:s3': 's3',
-  'orez:repl': 'proxy',
-}
-
-function makeLogger(label: string, color: string, level: LogLevel = 'info') {
-  const p = prefix(label, color)
-  const source = LABEL_TO_SOURCE[label] || 'orez'
-  // zero logs are handled specially in startZeroCache with better level detection
-  const skipLogStore = source === 'zero'
-  return (...args: unknown[]) => {
-    const shouldLog = LEVEL_PRIORITY[level] <= LEVEL_PRIORITY[currentLevel]
-    if (shouldLog) {
-      console.info(p, ...args)
-    }
-    // push to logStore for non-debug messages, or debug only if console level allows it.
-    // debug-level logs from the poll loop are very high volume and bloat the store.
-    if (logStore && !skipLogStore && (level !== 'debug' || shouldLog)) {
-      const msg = args.map((a) => (typeof a === 'string' ? a : String(a))).join(' ')
-      logStore.push(source, level, msg)
-    }
-  }
-}
-
-export const log = {
-  orez: makeLogger('orez', COLORS.cyan, 'warn'),
-  pg: makeLogger('orez:pg', COLORS.green, 'warn'),
-  pglite: makeLogger('pglite', COLORS.green, 'warn'),
-  proxy: makeLogger('pg-proxy', COLORS.yellow, 'warn'),
-  zero: makeLogger('orez:zero', COLORS.magenta, 'warn'),
-  s3: makeLogger('orez:s3', COLORS.blue, 'warn'),
-  repl: makeLogger('orez:repl', COLORS.yellow, 'warn'),
-  debug: {
-    orez: makeLogger('orez', COLORS.cyan, 'debug'),
-    pg: makeLogger('orez:pg', COLORS.green, 'debug'),
-    pglite: makeLogger('pglite', COLORS.green, 'debug'),
-    proxy: makeLogger('pg-proxy', COLORS.yellow, 'debug'),
-    zero: makeLogger('orez:zero', COLORS.magenta, 'debug'),
-    s3: makeLogger('orez:s3', COLORS.blue, 'debug'),
-    repl: makeLogger('orez:repl', COLORS.yellow, 'debug'),
-  },
-}

package/src/mutex.ts

@@ -1,47 +0,0 @@
-// simple mutex for serializing pglite access
-// uses head-index instead of Array.shift() for O(1) release
-export class Mutex {
-  private locked = false
-  private queue: Array<() => void> = []
-  private head = 0
-
-  /** check if the mutex is currently held (non-blocking, no side effects) */
-  get isLocked(): boolean {
-    return this.locked
-  }
-
-  async acquire(): Promise<void> {
-    if (!this.locked) {
-      this.locked = true
-      return
-    }
-    return new Promise<void>((resolve) => {
-      this.queue.push(resolve)
-    })
-  }
-
-  // non-blocking acquire: returns true if lock was obtained, false otherwise
-  tryAcquire(): boolean {
-    if (!this.locked) {
-      this.locked = true
-      return true
-    }
-    return false
-  }
-
-  release(): void {
-    if (this.head < this.queue.length) {
-      const next = this.queue[this.head++]!
-      // compact periodically to prevent unbounded array growth
-      if (this.head > 64) {
-        this.queue = this.queue.slice(this.head)
-        this.head = 0
-      }
-      next()
-    } else {
-      this.queue = []
-      this.head = 0
-      this.locked = false
-    }
-  }
-}

package/src/pg-proxy-browser.singledb.test.ts

@@ -1,233 +0,0 @@
-/**
- * regression test for the explicit singleDb option in createBrowserProxy.
- *
- * background: orez-web (in soot) wraps a single PGlite worker in three
- * distinct port-proxy façades (one per database role) and hands them to
- * createBrowserProxy. before this fix, mutex coalescing relied on
- * `instances.postgres === instances.cvr` reference equality — which fails
- * for distinct façades, leaving 3 separate mutexes guarding a single
- * underlying PGlite. that allows concurrent extended-protocol sequences on
- * one shared session, racing named-statement slots and replication state.
- *
- * the explicit `config.singleDb` option forces mutex coalescing regardless
- * of object identity. this test pins that contract: with singleDb=true and
- * three distinct façades over one PGlite, concurrent calls must serialize.
- */
-
-import { PGlite } from '@electric-sql/pglite'
-import postgres from 'postgres'
-import { afterAll, beforeAll, describe, expect, test } from 'vitest'
-
-import { createBrowserProxy } from './pg-proxy-browser.js'
-import { createSocketFactory } from './worker/shims/postgres-socket.js'
-
-import type { PGliteInstances } from './pglite-manager.js'
-
-/**
- * thin façade that re-exposes a PGlite's surface as a *distinct* object
- * reference. simulates what orez-web does (it wraps the same underlying
- * PGlite worker in three port-proxy objects, one per database role).
- */
-function makeFacade(real: PGlite, label: string) {
-  const facade: any = {
-    _label: label,
-    closed: false,
-    ready: true,
-    get waitReady() {
-      return real.waitReady
-    },
-    query: (sql: string, params?: any[]) => real.query(sql, params as any),
-    exec: (sql: string) => real.exec(sql),
-    execProtocolRaw: (data: Uint8Array, options?: any) =>
-      real.execProtocolRaw(data, options),
-    listen: () => Promise.resolve(async () => {}),
-    close: () => Promise.resolve(),
-  }
-  return facade as PGlite
-}
-
-function createSql(
-  proxy: ReturnType<typeof createBrowserProxy> extends Promise<infer T> ? T : never
-) {
-  return postgres({
-    socket: createSocketFactory((port) => proxy.handleConnection(port)),
-    database: 'postgres',
-    username: 'u',
-    password: '',
-    host: '127.0.0.1',
-    port: 0,
-    ssl: false,
-    max: 1,
-    no_subscribe: true,
-  } as any)
-}
-
-function deferred<T>() {
-  let resolve!: (value: T | PromiseLike<T>) => void
-  let reject!: (reason?: unknown) => void
-  const promise = new Promise<T>((res, rej) => {
-    resolve = res
-    reject = rej
-  })
-  return { promise, resolve, reject }
-}
-
-describe('createBrowserProxy singleDb mutex coalescing', () => {
-  let pg: PGlite
-
-  beforeAll(async () => {
-    pg = new PGlite()
-    await pg.waitReady
-  }, 30_000)
-
-  afterAll(async () => {
-    await pg.close().catch(() => {})
-  })
-
-  test('reference equality on the same PGlite still coalesces (legacy path)', async () => {
-    const instances: PGliteInstances = {
-      postgres: pg,
-      cvr: pg,
-      cdb: pg,
-      postgresReplicas: [],
-    }
-    const proxy = await createBrowserProxy(instances, { pgPassword: '', pgUser: 'u' })
-    // smoke: it constructs without error. proper concurrency proof requires
-    // pg-wire client; covered by integration tests. this guards the legacy path.
-    expect(proxy).toBeTruthy()
-    proxy.close()
-  })
-
-  test('distinct façades + singleDb=true coalesces; without flag they would split', async () => {
-    const facadePg = makeFacade(pg, 'postgres')
-    const facadeCvr = makeFacade(pg, 'cvr')
-    const facadeCdb = makeFacade(pg, 'cdb')
-
-    // sanity: the three façades are distinct refs (would defeat reference equality)
-    expect(facadePg).not.toBe(facadeCvr)
-    expect(facadePg).not.toBe(facadeCdb)
-    expect(facadeCvr).not.toBe(facadeCdb)
-
-    const instances: PGliteInstances = {
-      postgres: facadePg,
-      cvr: facadeCvr,
-      cdb: facadeCdb,
-      postgresReplicas: [],
-    }
-
-    // explicit singleDb=true should still build a working proxy.
-    const proxy = await createBrowserProxy(instances, {
-      pgPassword: '',
-      pgUser: 'u',
-      singleDb: true,
-    })
-    expect(proxy).toBeTruthy()
-    proxy.close()
-  })
-
-  test('coordinated query/exec runs through the same per-db mutex', async () => {
-    // proxy.query / proxy.exec exist so out-of-band JSON callers (soot's
-    // project-server / main-thread SAB JSON channels) go through the same
-    // mutex + txState the wire-protocol path uses. this test pins that the
-    // API works end-to-end against a shared-PGlite façade setup; the actual
-    // 'E'-rescue behaviour is exercised by the soot integration suite where
-    // a wire-protocol abort populates txState first.
-    const facadePg = makeFacade(pg, 'postgres')
-    const facadeCvr = makeFacade(pg, 'cvr')
-    const facadeCdb = makeFacade(pg, 'cdb')
-    const proxy = await createBrowserProxy(
-      {
-        postgres: facadePg,
-        cvr: facadeCvr,
-        cdb: facadeCdb,
-        postgresReplicas: [],
-      },
-      { pgPassword: '', pgUser: 'u', singleDb: true }
-    )
-
-    const r1 = await proxy.query('postgres', 'SELECT 1 AS ok')
-    expect(r1.rows).toEqual([{ ok: 1 }])
-
-    const r2 = await proxy.exec(
-      'postgres',
-      'CREATE TABLE IF NOT EXISTS rescue_test (id int)'
-    )
-    expect(Array.isArray(r2)).toBe(true)
-
-    proxy.close()
-  })
-
-  test('singleDb waits for the owning transaction before serving another client', async () => {
-    await pg.exec(`
-      DROP TABLE IF EXISTS singledb_tx_owner;
-      CREATE TABLE singledb_tx_owner (id int);
-    `)
-    const facadePg = makeFacade(pg, 'postgres')
-    const facadeCvr = makeFacade(pg, 'cvr')
-    const facadeCdb = makeFacade(pg, 'cdb')
-    const proxy = await createBrowserProxy(
-      {
-        postgres: facadePg,
-        cvr: facadeCvr,
-        cdb: facadeCdb,
-        postgresReplicas: [],
-      },
-      { pgPassword: '', pgUser: 'u', singleDb: true }
-    )
-    const sql1 = createSql(proxy)
-    const sql2 = createSql(proxy)
-    const releaseTx = deferred<void>()
-    const txStarted = deferred<void>()
-
-    const tx = sql1.begin(async (sql) => {
-      await sql`INSERT INTO singledb_tx_owner VALUES (1)`
-      txStarted.resolve()
-      await releaseTx.promise
-    })
-    await txStarted.promise
-
-    let readCompleted = false
-    const read = sql2`SELECT count(*)::int AS count FROM singledb_tx_owner`.then(
-      (rows) => {
-        readCompleted = true
-        return rows[0]?.count
-      }
-    )
-    await new Promise((resolve) => setTimeout(resolve, 25))
-    expect(readCompleted).toBe(false)
-
-    releaseTx.resolve()
-    await tx
-    await expect(read).resolves.toBe(1)
-
-    await sql1.end({ timeout: 1 }).catch(() => {})
-    await sql2.end({ timeout: 1 }).catch(() => {})
-    proxy.close()
-  }, 10_000)
-
-  test('explicit singleDb=false on distinct façades preserves split mutexes', async () => {
-    // negative case: when caller doesn't opt in and refs are distinct, the
-    // legacy reference-equality heuristic gives separate mutexes (the bug we
-    // shipped around). this test pins the contract that singleDb is opt-in,
-    // so adding it later cannot quietly break consumers that rely on split
-    // mutexes for their three real PGlite instances.
-    const facadePg = makeFacade(pg, 'postgres')
-    const facadeCvr = makeFacade(pg, 'cvr')
-    const facadeCdb = makeFacade(pg, 'cdb')
-
-    const instances: PGliteInstances = {
-      postgres: facadePg,
-      cvr: facadeCvr,
-      cdb: facadeCdb,
-      postgresReplicas: [],
-    }
-
-    const proxy = await createBrowserProxy(instances, {
-      pgPassword: '',
-      pgUser: 'u',
-      // singleDb omitted — defaults to false
-    })
-    expect(proxy).toBeTruthy()
-    proxy.close()
-  })
-})