querysub 0.403.0 → 0.405.0

package/src/-a-auth/certs.ts

@@ -88,18 +88,6 @@ export function createX509(
 
         let localHostDomain = "127-0-0-1." + domain.split(".").slice(-2).join(".");
 
-        //todonext
-        // Wait, why is one of our alt names not the machine URL that includes the machine hash? Oh, I guess it can't be because we don't know the hash until we create the cert, but we kind of do. Or we can at least. 
-        // I guess the real question is why was this not an issue before? Were we adding it before and then we stopped adding it? Were we adding the thread certificate before to trust?
-        // I think it's fine to change this behavior, although it is kind of annoying to get the public key here (I think we have to derive it from the private key. What a nightmare.
-        // Maybe we had just an issue where we weren't correctly verifying the certificate? No, but that doesn't make any sense because Node.js is verifying the certificate. 
-        //todonext
-        // Our trust store hasn't changed, it's just our machine ID that's changed. And even if it has changed, that's fine. But anyway, we should check our trust store to see what the old certificate looked like. 
-        //todonext;
-        // Huh, the certificates did used to have the machine ID in them. And actually the domain I'm looking at, I'm pretty sure we were adding, that doesn't make any sense, the thread IDs? I don't know, maybe it was just totally borked before, maybe explain some of the issues we were having. It could be why sometimes startup failed. Maybe what happened was it only works if... When a node starts, it tells all other nodes that it changed the trust cache. And in that way, if they start in order, even though they keep breaking the trust cache by clobbering the machine CA certificate, We end up with all the certificates.
-        // I do really like the Node.js error. It's extremely specific. It even gives us the full cert alt names. Very good error. Without this error it would be extremely difficult to debug this. 
-
-
         extensions.push(...[
             { name: "keyUsage", keyCertSign: isCA, digitalSignature: true, nonRepudiation: true, keyEncipherment: true, dataEncipherment: true },
             { name: "subjectKeyIdentifier" },

package/src/-c-identity/IdentityController.ts

@@ -9,7 +9,7 @@ import { SocketFunction } from "socket-function/SocketFunction";
 import { CallerContext } from "socket-function/SocketFunctionTypes";
 import { cache, cacheWeak, lazy } from "socket-function/src/caching";
 import { getClientNodeId, getNodeId, getNodeIdDomain, getNodeIdIP, getNodeIdLocation, isClientNodeId } from "socket-function/src/nodeCache";
-import { decodeNodeId, getCommonName, getIdentityCA, getMachineId, getPublicIdentifier, getThreadKeyCert, parseCert, sign, validateCertificate, verify } from "../-a-auth/certs";
+import { decodeNodeId, getCommonName, getIdentityCA, getMachineId, getOwnMachineId, getPublicIdentifier, getThreadKeyCert, parseCert, sign, validateCertificate, verify } from "../-a-auth/certs";
 import { getShortNumber } from "../bits";
 import { measureBlock, measureFnc, measureWrap } from "socket-function/src/profiling/measure";
 import { timeoutToError } from "../errors";
@@ -18,7 +18,7 @@ import { formatTime } from "socket-function/src/formatting/format";
 import { waitForFirstTimeSync } from "socket-function/time/trueTimeShim";
 import { red } from "socket-function/src/formatting/logColors";
 import { isNode } from "typesafecss";
-import { getOwnThreadId } from "../-f-node-discovery/NodeDiscovery";
+import { areNodeIdsEqual, getOwnThreadId } from "../-f-node-discovery/NodeDiscovery";
 
 let callerInfo = new Map<CallerContext, {
     reconnectNodeId: string | undefined;
@@ -137,9 +137,18 @@ class IdentityControllerBase {
         //  (We don't have to worry about other servers on the same domain, as all servers
         //      on the same domain should be the same!)
         let localNodeId = caller.localNodeId;
-        if (payload.serverId !== localNodeId) {
+        if (!areNodeIdsEqual(payload.serverId, localNodeId)) {
             throw new Error(`Identity is for another server! The connection is calling us ${localNodeId}, but signature is for ${payload.serverId}`);
         }
+        let calledMachineId = getMachineId(payload.serverId);
+        if (calledMachineId !== "127-0-0-1" && calledMachineId !== getOwnMachineId()) {
+            throw new Error(`Tried to call a different machine. We are ${getOwnMachineId()}, they called ${calledMachineId}`);
+        }
+        let calledThreadId = decodeNodeId(payload.serverId)?.threadId;
+        if (calledThreadId && calledThreadId !== "127-0-0-1" && calledThreadId !== getOwnThreadId()) {
+            throw new Error(`Tried to call a different thread. We are ${getOwnThreadId()}, they called ${calledThreadId}`);
+        }
+
 
         // Verify the caller can sign as the cert
         verify(payload.cert, signature, payload);

package/src/-f-node-discovery/NodeDiscovery.ts

@@ -6,7 +6,7 @@ import { isNode, sha256Hash, throttleFunction, timeInMinute, timeInSecond } from
 import { errorToUndefinedSilent, ignoreErrors, logErrors, timeoutToUndefinedSilent } from "../errors";
 import { ensureWeAreTrusted, requiresNetworkTrustHook } from "../-d-trust/NetworkTrust2";
 import { delay, runInfinitePoll, runInfinitePollCallAtStart } from "socket-function/src/batching";
-import { getNodeId, getNodeIdFromLocation } from "socket-function/src/nodeCache";
+import { getNodeId, getNodeIdFromLocation, getNodeIdLocation } from "socket-function/src/nodeCache";
 import { lazy } from "socket-function/src/caching";
 import { shuffle } from "../misc/random";
 import { blue, green, magenta, red, yellow } from "socket-function/src/formatting/logColors";
@@ -21,6 +21,7 @@ import { getBootedEdgeNode } from "../-0-hooks/hooks";
 import { EdgeNodeConfig } from "../4-deploy/edgeNodes";
 import * as certs from "../-a-auth/certs";
 import { logDisk } from "../diagnostics/logs/diskLogger";
+import { MaybePromise } from "socket-function/src/types";
 
 let HEARTBEAT_INTERVAL = timeInMinute * 15;
 // Interval which we check other heartbeats
@@ -64,6 +65,21 @@ export function isNodeDiscoveryLogging() {
     return logging;
 }
 
+
+function getAlternateNodeIds(nodeId: string): MaybePromise<string[] | undefined> {
+    let machineId = certs.getMachineId(nodeId);
+    if (machineId === getOwnMachineId()) {
+        let decoded = decodeNodeId(nodeId);
+        if (decoded) {
+            return [
+                "127-0-0-1." + decoded.domain + ":" + decoded.port
+            ];
+        }
+    }
+    return undefined;
+}
+SocketFunction.GET_ALTERNATE_NODE_IDS = getAlternateNodeIds;
+
 export const getOurNodeId = getOwnNodeId;
 export const getOurNodeIdAssert = getOwnNodeIdAssert;
 
@@ -110,14 +126,12 @@ export function isOwnNodeId(nodeId: string): boolean {
 }
 
 export function isNodeIdOnOwnMachineId(nodeId: string): boolean {
-    return certs.getMachineId(nodeId) === getOwnMachineId() || nodeId.startsWith("127-0-0-1.");
+    return certs.getMachineId(nodeId) === getOwnMachineId() || decodeNodeId(nodeId)?.machineId === "127-0-0-1";
 }
 
-/** Often, when getting all nodes, you're going to receive duplicates of all local nodes with the duplicate containing this prefix. Using the local ID is faster as it will actually use the local IP.
-    TODO: We need a robust way to give a deduplicated set that prefers the local ids. At the moment we just filter out the id locals if we can't have duplicates.
- */
-export function isNodeIdLocal(nodeId: string): boolean {
-    return nodeId.startsWith("127-0-0-1.");
+export function areNodeIdsEqual(lhs: string, rhs: string): boolean {
+    if (lhs === rhs) return true;
+    return isNodeIdOnOwnMachineId(lhs) && isNodeIdOnOwnMachineId(rhs) && getNodeIdLocation(rhs)?.port === getNodeIdLocation(lhs)?.port;
 }
 
 let nodeOverrides: string[] | undefined;
@@ -173,13 +187,6 @@ function getAllNodesHash() {
 }
 function addNodeId(nodeId: string) {
     addNodeIdBase(nodeId);
-    if (isNode() && isDevDebugbreak()) {
-        let obj = decodeNodeId(nodeId);
-        if (obj) {
-            let localNodeId = getNodeId("127-0-0-1." + getDomain(), obj.port);
-            addNodeIdBase(localNodeId);
-        }
-    }
 }
 function addNodeIdBase(nodeId: string) {
     if (allNodeIds2.has(nodeId)) return;
@@ -193,15 +200,6 @@ function setNodeIds(nodeIds: string[]) {
     nodeIds = nodeIds.filter(x => x !== SPECIAL_NODE_ID_FOR_UNMOUNTED_NODE);
 
     console.info("setNodeIds", { nodeIds });
-    // Also try all localhost ports, if we are developing and not in public mode
-    if (isNode() && !isPublic() && isDevDebugbreak()) {
-        let ports = new Set(nodeIds.map(nodeId => decodeNodeId(nodeId)?.port).filter(isDefined));
-        for (let port of ports) {
-            let localNodeId = getNodeId("127-0-0-1." + getDomain(), port);
-            nodeIds.push(localNodeId);
-        }
-        nodeIds = Array.from(new Set(nodeIds));
-    }
     let newNodeIds = nodeIds.filter(nodeId => !allNodeIds2.has(nodeId));
     let newIds = new Set(nodeIds);
     let removedNodeIds = Array.from(allNodeIds2).filter(nodeId => !newIds.has(nodeId));
@@ -423,7 +421,7 @@ async function writeHeartbeat() {
     await archives().set(nodeId, Buffer.from(now + ""));
 }
 
-async function runMainSyncLoops(discoveryReady: PromiseObj<void>) {
+async function runMainSyncLoops() {
     await syncArchives();
 
     discoveryReady.resolve();
@@ -446,6 +444,8 @@ async function runMainSyncLoops(discoveryReady: PromiseObj<void>) {
         await timeoutToUndefinedSilent(timeInSecond * 5, errorToUndefinedSilent(NodeDiscoveryController.nodes[nodeId].addNode(getOwnNodeId())));
     }));
 
+    nodeBroadcasted.resolve();
+
     console.log(magenta(`Node discovery is loaded`));
 
     await runInfinitePollCallAtStart(HEARTBEAT_INTERVAL, async function nodeDiscoverHeartbeat() {
@@ -477,6 +477,7 @@ async function runMainSyncLoops(discoveryReady: PromiseObj<void>) {
 }
 
 let discoveryReady = new PromiseObj<void>();
+let nodeBroadcasted = new PromiseObj<void>();
 beforeGetNodeAllId = async () => {
     await discoveryReady.promise;
 };
@@ -484,6 +485,9 @@ export async function onNodeDiscoveryReady() {
     await getAllNodeIds();
 }
 
+export async function onNodeBroadcasted() {
+    await nodeBroadcasted.promise;
+}
 if (isServer()) {
     setImmediate(async () => {
 
@@ -491,7 +495,7 @@ if (isServer()) {
         logErrors(runMemoryAuditLoop());
         // NOTE: We used to wait until we mounted, but... we should be able to find nodes
         //  before we mount, right? (And what if we never mount?)
-        runMainSyncLoops(discoveryReady).catch(e => {
+        runMainSyncLoops().catch(e => {
             discoveryReady.reject(e);
             logErrors(Promise.reject(e));
         });
@@ -500,6 +504,7 @@ if (isServer()) {
 
     if (isNode()) {
         discoveryReady.resolve();
+        nodeBroadcasted.resolve();
         // Just get the archives, syncing again if we haven't synced in a while
         let lastGetTime = 0;
         beforeGetNodeAllId = async () => {
@@ -518,6 +523,7 @@ if (isServer()) {
             let nodes = [edgeNode.host];
             allNodeIds2 = new Set(nodes);
             discoveryReady.resolve();
+            nodeBroadcasted.resolve();
 
             // NOTE: We run into TLS issues (as in, our servers use self signed certs), if we try to talk to just
             //  any node, so... we better just talk to the edge node
@@ -570,7 +576,7 @@ class NodeDiscoveryControllerBase {
     }
 
     public async getAllNodeIds(): Promise<string[]> {
-        return Array.from(allNodeIds2).filter(x => !x.startsWith("127-0-0-1."));
+        return Array.from(allNodeIds2);
     }
     public async getNodeId() {
         return SocketFunction.mountedNodeId;

package/src/-g-core-values/NodeCapabilities.ts

@@ -5,7 +5,7 @@
 import { SocketFunction } from "socket-function/SocketFunction";
 import { SocketRegistered } from "socket-function/SocketFunctionTypes";
 import { errorToUndefined, errorToUndefinedSilent, timeoutToUndefinedSilent } from "../errors";
-import { getAllNodeIds } from "../-f-node-discovery/NodeDiscovery";
+import { getAllNodeIds, isNodeIdOnOwnMachineId } from "../-f-node-discovery/NodeDiscovery";
 import { green, red, yellow } from "socket-function/src/formatting/logColors";
 import { shuffle } from "../misc/random";
 import { delay } from "socket-function/src/batching";
@@ -20,6 +20,7 @@ import { getOwnMachineId, decodeNodeId, decodeNodeIdAssert, getMachineId } from
 import { sort } from "socket-function/src/misc";
 import { getPathStr2 } from "../path";
 import { PromiseObj } from "../promise";
+import { getTrueTimeOffset } from "socket-function/time/trueTimeShim";
 setImmediate(() => {
     import("../diagnostics/MachineThreadInfo");
 });
@@ -103,7 +104,7 @@ export async function getControllerNodeIdList(
 
     let results = Array.from(passedNodeIds.entries());
     // Prefer localhost connections as they're faster.
-    sort(results, (x) => x[0].startsWith("127-0-0-1.") ? 0 : 1);
+    sort(results, (x) => isNodeIdOnOwnMachineId(x[0]) ? 0 : 1);
     let lookup = new Map<string, { nodeId: string; entryPoint: string }>();
     for (let x of results) {
         let key = getPathStr2(x[1].machineId, decodeNodeIdAssert(x[0]).port.toString());
@@ -142,6 +143,10 @@ class NodeCapabilitiesControllerBase {
         return getFunctionRunnerShards();
     }
 
+    public async getTrueTimeOffset() {
+        return getTrueTimeOffset();
+    }
+
     public async getInspectURL() {
         return await getDebuggerUrl();
     }
@@ -185,7 +190,12 @@ export const NodeCapabilitiesController = SocketFunction.register(
         getStartupTime: {},
         getMemoryUsage: {},
         getFunctionRunnerShards: {},
+        getTrueTimeOffset: {},
         getInspectURL: { hooks: [requiresNetworkTrustHook] },
         exposeExternalDebugPortOnce: { hooks: [requiresNetworkTrustHook] },
+    }),
+    () => ({
+        // I think assert is management user didn't exist when we wrote these functions, and so we just made them public. But now that it does exist, we might as well use it. Servers will count as management users anyway, and I don't see any reason a non-management user or a non-server needs to access any of these functions. 
+        hooks: [(require("../diagnostics/managementPages") as typeof import("../diagnostics/managementPages")).assertIsManagementUser],
     })
 );

package/src/0-path-value-core/AuthorityLookup.ts

@@ -0,0 +1,239 @@
+import { timeInMinute, timeInSecond } from "socket-function/src/misc";
+import { nestArchives } from "../-a-archives/archives";
+import { getArchivesBackblaze } from "../-a-archives/archivesBackBlaze";
+import { archiveJSONT } from "../-a-archives/archivesJSONT";
+import { getDomain, isPublic } from "../config";
+import { cache, lazy } from "socket-function/src/caching";
+import { SocketFunction } from "socket-function/SocketFunction";
+import { runInSerial, runInfinitePollCallAtStart } from "socket-function/src/batching";
+import { getAllNodeIds, getOwnNodeId, isOwnNodeId, onNodeBroadcasted, syncNodesNow, watchDeltaNodeIds, watchNodeIds } from "../-f-node-discovery/NodeDiscovery";
+import { IdentityController_getCurrentReconnectNodeIdAssert } from "../-c-identity/IdentityController";
+import { requiresNetworkTrustHook } from "../-d-trust/NetworkTrust2";
+import { isClient } from "../config2";
+import { getPathStr1 } from "../path";
+import { timeoutToError } from "../errors";
+import { AuthoritySpec } from "./PathRouter";
+import { formatTime } from "socket-function/src/formatting/format";
+import { getAllAuthoritySpec, getEmptyAuthoritySpec } from "./PathRouterServerAuthoritySpec";
+
+
+let NETWORK_POLL_INTERVAL = timeInMinute * 5;
+let CALL_TIMEOUT = isPublic() ? timeInSecond * 20 : timeInSecond * 3;
+
+export type AuthorityEntry = {
+    nodeId: string;
+    authoritySpec: AuthoritySpec;
+    entryReceivedTime: number;
+    isReady: boolean;
+};
+type AuthorityTopology = {
+    // nodeId =>
+    nodes: Map<string, AuthorityEntry>;
+};
+
+class AuthorityLookup {
+    private topology: AuthorityTopology = {
+        nodes: new Map(),
+    };
+    private ourSpec: AuthoritySpec = getEmptyAuthoritySpec();
+    private ourIsReady = false;
+    private didInitialSync = false;
+
+
+    public async getTopology() {
+        await this.startSyncing();
+        return Array.from(this.topology.nodes.values());
+    }
+
+    public getTopologySync() {
+        if (!this.didInitialSync) throw new Error("Cannot call getTopologySync without calling syncAllNow at some point first.");
+        return Array.from(this.topology.nodes.values()).filter(x => x.isReady);
+    }
+    public getAuthoritySpecForNodeId(nodeId: string): AuthoritySpec | undefined {
+        if (!this.didInitialSync) throw new Error("Cannot call getAuthoritySpecForNodeId without calling syncAllNow at some point first.");
+        return this.topology.nodes.get(nodeId)?.authoritySpec;
+    }
+
+    public getOurSpec() {
+        this.ourSpec.nodeId = getOwnNodeId();
+        return this.ourSpec;
+    }
+
+    private setSpec = false;
+    public async setOurSpec(spec: AuthoritySpec) {
+        if (!SocketFunction.isMounted()) throw new Error("Cannot call setOurPaths without mounting first (use Querysub.hostService).");
+        spec.nodeId = getOwnNodeId();
+
+
+        if (this.setSpec) {
+            throw new Error("You cannot redefine what authority paths you have. If you remove any authority paths, then you will no longer receive new value rights, but your watchers won't know, and so they will become broken. IF You are only adding paths, this might allowed, and we need to update this code to check for that (you will still need to make sure you synchronize all the values first, etc).");
+        }
+        this.setSpec = true;
+
+        this.ourSpec = spec;
+        this.updatePaths(getOwnNodeId(), spec, false);
+
+        await this.syncAllNow();
+    }
+    public async setIsReady() {
+        if (!this.setSpec) throw new Error("Cannot call setIsReady without calling setOurPaths first.");
+        this.ourIsReady = true;
+        this.updatePaths(getOwnNodeId(), this.ourSpec, true);
+        await this.syncAllNow();
+    }
+
+    public async syncAllNow() {
+        if (!this.didInitialSync) {
+            await this.startSyncing();
+            return;
+        }
+        let time = Date.now();
+        console.log(`Syncing all nodes now`);
+        // Sync again. There are some important points when there could be races, and so syncing everything now should help eliminate that. 
+        await syncNodesNow();
+        let allNodeIds = await getAllNodeIds();
+        await Promise.all(allNodeIds.map(async nodeId => {
+            if (isOwnNodeId(nodeId)) return;
+            await this.syncNodeSerial(nodeId)();
+        }));
+        console.log(`Finished syncing all nodes now, took ${formatTime(Date.now() - time)}`);
+    }
+
+
+    public startSyncing = lazy(async () => {
+        await onNodeBroadcasted();
+        let firstSync = true;
+        let promises: Promise<void>[] = [];
+        watchDeltaNodeIds(({ newNodeIds, removedNodeIds }) => {
+            for (let nodeId of newNodeIds) {
+                try {
+                    let { promise } = this.connectTo(nodeId);
+                    if (firstSync) {
+                        promises.push(promise);
+                    }
+                } catch { }
+            }
+            firstSync = false;
+            for (let nodeId of removedNodeIds) {
+                this.connectTo(nodeId).onNodeRemoved();
+            }
+        });
+        await Promise.all(promises);
+        this.didInitialSync = true;
+    });
+
+
+    private updatePaths(nodeId: string, spec: AuthoritySpec, isReady: boolean) {
+        let entry: AuthorityEntry = {
+            nodeId,
+            authoritySpec: spec,
+            entryReceivedTime: Date.now(),
+            isReady,
+        };
+        let prevEntry = this.topology.nodes.get(nodeId);
+        // Try to preserve === property where possible, so we can use it as a cache key
+        if (prevEntry && JSON.stringify(prevEntry.authoritySpec) === JSON.stringify(spec)) {
+            entry.authoritySpec = prevEntry.authoritySpec;
+        }
+        this.topology.nodes.set(nodeId, entry);
+    }
+
+    public async networkSyncPaths(otherSpec: AuthoritySpec, isReady: boolean): Promise<{
+        spec: AuthoritySpec;
+        isReady: boolean;
+    }> {
+        let nodeId = IdentityController_getCurrentReconnectNodeIdAssert();
+        this.updatePaths(nodeId, otherSpec, isReady);
+        console.info(`Received network sync, returning our data`, {
+            nodeId,
+            otherSpec,
+            isReady,
+            ourSpec: this.ourSpec,
+            ourIsReady: this.ourIsReady,
+        });
+        return {
+            spec: this.ourSpec,
+            isReady: this.ourIsReady,
+        };
+    }
+
+
+
+
+    private connectTo = cache((nodeId: string) => {
+        let stopObj = { stop: false };
+        let promise = runInfinitePollCallAtStart(NETWORK_POLL_INTERVAL, async () => {
+            await this.syncNodeSerial(nodeId)();
+        }, stopObj);
+
+        const onNodeRemoved = () => {
+            this.topology.nodes.delete(nodeId);
+            stopObj.stop = true;
+            this.connectTo.clear(nodeId);
+            this.disconnectWatch.clear(nodeId);
+        };
+        return { onNodeRemoved, promise };
+    });
+
+
+    private syncNodeSerial = cache((nodeId: string) => {
+        return runInSerial(async () => {
+            await this.syncNodeNow(nodeId);
+        });
+    });
+    private disconnectWatch = cache((nodeId: string) => {
+        let onDisconnect = () => {
+            SocketFunction.onNextDisconnect(nodeId, onDisconnect);
+            this.topology.nodes.delete(nodeId);
+        };
+        SocketFunction.onNextDisconnect(nodeId, onDisconnect);
+    });
+    private async syncNodeNow(nodeId: string) {
+        try {
+            await this.syncNodeNowBase(nodeId);
+        } catch {
+            this.topology.nodes.delete(nodeId);
+        }
+    }
+
+
+    private async syncNodeNowBase(nodeId: string) {
+        if (isClient()) {
+            // Doesn't matter what the node ID is, we should really only be connecting to the browser node ID, Which will have all the data for the current domain. 
+            //  - Get all node IDs should restrict our nodes to just the browser node ID. If we ever change this, then either it's redundant nodes and they all have all the same data, or we need to figure out what data they have, And as their proxies, it probably won't be their actual authority data. So that will require new API functions, etc. 
+            this.updatePaths(nodeId, {
+                ...getAllAuthoritySpec(),
+                nodeId: nodeId,
+            }, true);
+            return;
+        }
+
+        let otherPaths = await timeoutToError(
+            CALL_TIMEOUT,
+            AuthorityLookupController.nodes[nodeId].networkSyncPaths(this.ourSpec, this.ourIsReady),
+            () => new Error(`Timeout calling networkSyncPaths for ${nodeId}`)
+        );
+        console.info(`Finished network sync`, {
+            nodeId,
+            otherSpec: otherPaths.spec,
+            isReady: otherPaths.isReady,
+            ourSpec: this.ourSpec,
+            ourIsReady: this.ourIsReady,
+        });
+        this.updatePaths(nodeId, otherPaths.spec, otherPaths.isReady);
+        this.disconnectWatch(nodeId);
+    }
+}
+export const authorityLookup = new AuthorityLookup();
+(globalThis as any).authorityLookup = authorityLookup;
+
+const AuthorityLookupController = SocketFunction.register(
+    "AuthorityLookup-019d1bbd-e7b9-719b-8fd1-fe06c7e5b115",
+    authorityLookup,
+    () => ({
+        networkSyncPaths: {},
+    }),
+    () => ({
+        hooks: [requiresNetworkTrustHook],
+    })
+);

package/src/0-path-value-core/LockWatcher2.ts

@@ -0,0 +1,150 @@
+import { runInfinitePoll } from "socket-function/src/batching";
+import { lazy } from "socket-function/src/caching";
+import { binarySearchIndex } from "socket-function/src/misc";
+import { registerResource } from "../diagnostics/trackResources";
+import { MAX_CHANGE_AGE, Time, PathValue, byLockGroup, compareTime } from "./pathValueCore";
+import { PathRouter } from "./PathRouter";
+import { getInternalValueWatchPrefix, pathWatcher } from "./PathWatcher";
+
+function isGoldenLock(time: number, now: number): boolean {
+    return time < now - MAX_CHANGE_AGE * 2;
+}
+
+function getLockWatcher2NodeId() {
+    return getInternalValueWatchPrefix() + "_LockWatcher2";
+}
+
+/**
+ *      Anything over a certain age gets removed as we assume at that point the valid state won't change, and so we don't need to keep track of the watchers.
+ */
+class LockWatcher2 {
+
+    private remoteWatches = registerResource("paths|remoteWatches", new Map<string, {
+        newestTime: number;
+    }>());
+
+    // path => sorted by endTime
+    private validRangeWatchers = registerResource("paths|validRangeWatchers", new Map<string, {
+        startTime: Time;
+        endTime: Time;
+        watchers: PathValue[];
+    }[]>());
+
+
+
+    private watchRemotePath(path: string, newestTime: number) {
+        let watch = this.remoteWatches.get(path);
+        if (!watch) {
+            watch = {
+                newestTime: 0,
+            };
+            this.remoteWatches.set(path, watch);
+            // So do we do deduping on the watchers? I think we do. We have to do our own little watch unwatch thing. 
+            pathWatcher.watchPath({
+                nodeId: getLockWatcher2NodeId(),
+                paths: [path],
+                parentPaths: [],
+                // NOTE: Receiving the full history is inefficient, however, it doesn't matter. The history gets compressed fairly aggressively, So, there won't be many values. Also, this makes our keeping track of what we're watching simpler. So, it might be actually more efficient overall.
+                fullHistory: true,
+                noInitialTrigger: true,
+            });
+        }
+        if (newestTime > watch.newestTime) {
+            watch.newestTime = newestTime;
+        }
+    }
+
+
+    /** Tracks a lookup so that you can find if any path value will change the valid state of another path value.
+     *  - ALSO, for any value which is held remotely, watches its locks. 
+     */
+    public watchValueLocks(values: PathValue[], now: number) {
+        values = values.filter(x => PathRouter.isSelfAuthority(x.path));
+        if (values.length === 0) return;
+        this.ensureGarbageCollectLoop();
+        let lockGroups = byLockGroup(values);
+        for (let [locks, valueGroup] of lockGroups) {
+            locks = locks.filter(x => !isGoldenLock(x.endTime.time, now));
+            if (locks.length === 0) continue;
+            for (let lock of locks) {
+                if (!PathRouter.isSelfAuthority(lock.path)) {
+                    this.watchRemotePath(lock.path, lock.endTime.time);
+                }
+                let rangeWatchers = this.validRangeWatchers.get(lock.path);
+                if (!rangeWatchers) {
+                    rangeWatchers = [];
+                    this.validRangeWatchers.set(lock.path, rangeWatchers);
+                }
+                let list = rangeWatchers;
+                let index = binarySearchIndex(list.length, i => compareTime(list[i].endTime, lock.endTime));
+                if (index < 0) index = ~index;
+                list.splice(index, 0, {
+                    startTime: lock.startTime,
+                    endTime: lock.endTime,
+                    watchers: valueGroup,
+                });
+            }
+        }
+    }
+
+    /** Returns all the path values that might have their valid state changed by this change. If this change is an accepted value, then it's anything that's within the locking region for any of the read locks, or the read lock itself (presumably, your reads exist before you, so if they change, it probably isn't them being initially created, it's probably them being rejected, which will cause you to be rejected.)
+     */
+    public getValuePathWatchers(config: {
+        path: string;
+        time: Time;
+    }): PathValue[] {
+        let result: PathValue[][] = [];
+
+        let rangeWatchers = this.validRangeWatchers.get(config.path);
+        if (rangeWatchers && rangeWatchers.length > 0) {
+            let list = rangeWatchers;
+            let index = binarySearchIndex(list.length, i => compareTime(list[i].endTime, config.time));
+            if (index < 0) index = ~index;
+            // Anything with an endTime < our time definitely won't overlap us.
+            for (let i = index; i < rangeWatchers.length; i++) {
+                let watcher = rangeWatchers[i];
+                if (compareTime(watcher.startTime, config.time) <= 0) {
+                    result.push(watcher.watchers);
+                }
+            }
+        }
+
+        return result.flat();
+    }
+
+    private ensureGarbageCollectLoop = lazy(() => {
+        runInfinitePoll(MAX_CHANGE_AGE, () => this.garbageCollectOldWatchers());
+    });
+    private garbageCollectOldWatchers() {
+        let threshold = Date.now() - MAX_CHANGE_AGE * 2;
+
+        // 1) Look through remote watches, and any which are too old, we can actually unwatch their paths with Pathwatcher.
+        let pathsToUnwatch: string[] = [];
+        for (let [path, watch] of this.remoteWatches) {
+            if (watch.newestTime < threshold) {
+                pathsToUnwatch.push(path);
+                this.remoteWatches.delete(path);
+            }
+        }
+        if (pathsToUnwatch.length > 0) {
+            pathWatcher.unwatchPath({
+                paths: pathsToUnwatch,
+                parentPaths: [],
+                callback: getLockWatcher2NodeId(),
+            });
+        }
+
+        // 2) Look through validRangeWatchers, and remove any with an endTime that are too old
+        for (let [path, ranges] of this.validRangeWatchers) {
+            let index = binarySearchIndex(ranges.length, i => ranges[i].endTime.time - threshold);
+            if (index < 0) index = ~index;
+            if (index > 0) {
+                ranges.splice(0, index);
+            }
+            if (ranges.length === 0) {
+                this.validRangeWatchers.delete(path);
+            }
+        }
+    }
+}
+export const lockWatcher2 = new LockWatcher2();