querysub 0.407.0 → 0.408.0

package/bin/audit-disk-values.js

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+
+// Always local, as we want to always use the local code? Might not be needed anymore?
+process.argv.push("--local");
+
+require("typenode");
+require("../src/diagnostics/auditDiskValuesEntry");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "querysub",
-  "version": "0.407.0",
+  "version": "0.408.0",
   "main": "index.js",
   "license": "MIT",
   "note1": "note on node-forge fork, see https://github.com/digitalbazaar/forge/issues/744 for details",
@@ -40,7 +40,8 @@
     "addsuperuser": "./bin/addsuperuser.js",
     "error-watch": "./bin/error-watch.js",
     "error-watch-public": "./bin/error-watch-public.js",
-    "audit-imports": "./bin/audit-imports.js"
+    "audit-imports": "./bin/audit-imports.js",
+    "audit-disk-values": "./bin/audit-disk-values.js"
   },
   "dependencies": {
     "@types/fs-ext": "^2.0.3",
@@ -61,7 +62,7 @@
     "pako": "^2.1.0",
     "peggy": "^5.0.6",
     "querysub": "^0.357.0",
-    "socket-function": "^1.1.11",
+    "socket-function": "^1.1.18",
     "terser": "^5.31.0",
     "typesafecss": "^0.28.0",
     "yaml": "^2.5.0",

package/src/-a-archives/archiveCache.ts

@@ -82,15 +82,18 @@ const getDiskMetricsBase = async () => {
             usedCacheBytes += info.size;
             usedCacheFiles++;
         } else {
-            // TEMP files, and... any files?
-            // If it's too old, delete it
-            let stat = await fs.promises.stat(cacheArchives2 + file);
-            let threshold = Date.now() - TEMP_THRESHOLD;
-            if (stat.mtimeMs < threshold) {
-                try {
-                    await fs.promises.unlink(cacheArchives2 + file);
-                } catch { }
-            }
+            try {
+                // TEMP files, and... any files?
+                // If it's too old, delete it
+                let stat = await fs.promises.stat(cacheArchives2 + file);
+                let threshold = Date.now() - TEMP_THRESHOLD;
+                if (stat.mtimeMs < threshold) {
+                    try {
+                        await fs.promises.unlink(cacheArchives2 + file);
+                    } catch { }
+                }
+                // If we can't stat it, someone else deleted it, so that's fine...
+            } catch { }
         }
     }
     let processFileParallel = runInParallel({ parallelCount: 32 }, processFile);

package/src/-a-auth/certs.ts

@@ -480,7 +480,7 @@ export function decodeNodeId(nodeId: string, allowMissingThreadId?: "allowMissin
 export function decodeNodeIdAssert(nodeId: string, allowMissingThreadId?: "allowMissingThreadId"): NodeIdParts {
     let result = decodeNodeId(nodeId, allowMissingThreadId);
     if (!result) {
-        throw new Error(`Invalid nodeId: ${nodeId}`);
+        throw new Error(`Invalid nodeId: ${JSON.stringify(nodeId)}`);
     }
     return result;
 }

package/src/-c-identity/IdentityController.ts

@@ -18,7 +18,7 @@ import { formatTime } from "socket-function/src/formatting/format";
 import { waitForFirstTimeSync } from "socket-function/time/trueTimeShim";
 import { red } from "socket-function/src/formatting/logColors";
 import { isNode } from "typesafecss";
-import { areNodeIdsEqual, getOwnThreadId } from "../-f-node-discovery/NodeDiscovery";
+import { areNodeIdsEqual, getOwnNodeId, getOwnThreadId } from "../-f-node-discovery/NodeDiscovery";
 
 let callerInfo = new Map<CallerContext, {
     reconnectNodeId: string | undefined;
@@ -109,6 +109,7 @@ export const IdentityController_getOwnPubKeyShort = lazy((): number => {
     return getShortNumber(pubKey);
 });
 
+
 export interface ChangeIdentityPayload {
     time: number;
     cert: string;
@@ -116,6 +117,7 @@ export interface ChangeIdentityPayload {
     serverId: string;
     mountedPort: number | undefined;
     debugEntryPoint: string | undefined;
+    clientIsNode: boolean;
 }
 class IdentityControllerBase {
     // IMPORTANT! We HAVE to call changeIdentity NOT JUST because we can't use peer certificates in the browser, BUT, also
@@ -133,6 +135,11 @@ class IdentityControllerBase {
             throw new Error(`Signed payload too old, ${payload.time} < ${signedThreshold} from ${caller.localNodeId} (${caller.nodeId})`);
         }
 
+        if (payload.clientIsNode && payload.serverId !== getOwnNodeId()) {
+            // This is extremely common when we reuse ports, which we do frequently for the edge nodes. 
+            throw new Error(`You tried to contact another server. We are ${getOwnNodeId()}, you tried to contact ${payload.serverId}.`);
+        }
+
         // Verify the signature is meant for us, otherwise any other site can hijack the login!
         //  (We don't have to worry about other servers on the same domain, as all servers
         //      on the same domain should be the same!)
@@ -221,6 +228,7 @@ const changeIdentityOnce = cacheWeak(async function changeIdentityOnce(connectio
         certIssuer: issuer.cert.toString(),
         mountedPort: getNodeIdLocation(SocketFunction.mountedNodeId)?.port,
         debugEntryPoint: isNode() ? process.argv[1] : "browser",
+        clientIsNode: isNode(),
     };
     let signature = sign(threadKeyCert, payload);
     await timeoutToError(

package/src/-f-node-discovery/NodeDiscovery.ts

@@ -3,11 +3,11 @@ import { getArchives } from "../-a-archives/archives";
 import { getDomain, isDevDebugbreak, isNoNetwork, isPublic } from "../config";
 import { measureBlock } from "socket-function/src/profiling/measure";
 import { isNode, sha256Hash, throttleFunction, timeInMinute, timeInSecond } from "socket-function/src/misc";
-import { errorToUndefinedSilent, ignoreErrors, logErrors, timeoutToUndefinedSilent } from "../errors";
+import { errorToUndefinedSilent, ignoreErrors, logErrors, timeoutToError, timeoutToUndefinedSilent } from "../errors";
 import { ensureWeAreTrusted, requiresNetworkTrustHook } from "../-d-trust/NetworkTrust2";
 import { delay, runInfinitePoll, runInfinitePollCallAtStart } from "socket-function/src/batching";
-import { getNodeId, getNodeIdFromLocation, getNodeIdLocation } from "socket-function/src/nodeCache";
-import { lazy } from "socket-function/src/caching";
+import { getCallFactory, getCreateCallFactory, getNodeId, getNodeIdFromLocation, getNodeIdLocation } from "socket-function/src/nodeCache";
+import { cache, lazy } from "socket-function/src/caching";
 import { shuffle } from "../misc/random";
 import { blue, green, magenta, red, yellow } from "socket-function/src/formatting/logColors";
 import { PromiseObj } from "../promise";
@@ -194,8 +194,12 @@ function addNodeIdBase(nodeId: string) {
     allNodeIds2.add(nodeId);
     onNodesChanged();
 }
-function setNodeIds(nodeIds: string[]) {
+async function setNodeIds(nodeIds: string[]) {
     nodeIds = nodeIds.filter(x => x !== SPECIAL_NODE_ID_FOR_UNMOUNTED_NODE);
+    if (isNode()) {
+        await Promise.allSettled(nodeIds.map(checkWrongServerNodeId));
+        nodeIds = nodeIds.filter(nodeId => !wrongServerNodeIds.has(nodeId));
+    }
 
     console.info("setNodeIds", { nodeIds });
     let newNodeIds = nodeIds.filter(nodeId => !allNodeIds2.has(nodeId));
@@ -293,25 +297,74 @@ export async function triggerNodeChange() {
     }));
 }
 
+// If we can connect on the same port, but it has a different thread ID, it means the old thread ID is gone. We're never going to go back to an old thread ID, and we can't have two threads on the same port. 
+let wrongServerNodeIds = new Set<string>();
+let checkWrongServerNodeId = cache(async (nodeId: string) => {
+    if (wrongServerNodeIds.has(nodeId)) return;
+    let callFactory = await timeoutToUndefinedSilent(timeInSecond * 5, Promise.resolve(getCreateCallFactory(nodeId)));
+    if (!callFactory) {
+        if (SocketFunction.logMessages) {
+            console.log(`Did not find call factory for ${nodeId}`);
+        }
+        // Clear it right away, so we can check for it being alive quickly.
+        checkWrongServerNodeId.clear(nodeId);
+        return;
+    }
+    if (callFactory) {
+        // Not great, but... this should work well enough.
+        for (let i = 0; i < 10; i++) {
+            if (callFactory.receivedInitializeState) break;
+            await delay(500);
+        }
+        if (!callFactory.receivedInitializeState && SocketFunction.logMessages) {
+            console.log(`Did not receive initialize state from ${nodeId}`);
+        }
+    } else {
+        if (SocketFunction.logMessages) {
+            console.log(`Did not find call factory for ${nodeId}`);
+        }
+    }
+    if (callFactory && callFactory.realNodeId && callFactory.realNodeId !== nodeId) {
+        if (SocketFunction.logMessages) {
+            console.log(red(`Found dead thread, disconnecting node and deleting from archives ${nodeId}`));
+        }
+        wrongServerNodeIds.add(nodeId);
+        callFactory?.disconnect();
+        // Dead threads never come back, so this should be safe to do. 
+        await archives().del(nodeId);
+        // Return, so we don't clear this.
+        return;
+    } else {
+        if (SocketFunction.logMessages) {
+            console.log(green(`Found live thread, node ${nodeId}, real node id ${callFactory?.realNodeId}`));
+        }
+    }
+
+    setTimeout(() => {
+        checkWrongServerNodeId.clear(nodeId);
+    }, timeInMinute * 5);
+});
+
 async function syncArchives() {
     if (isServer()) {
         // Make sure we are present
         await writeHeartbeat();
         let nodeIds = await archives().find("");
         console.log(green(`Syncing node ids from archives`), { nodeIds });
-        setNodeIds(nodeIds);
+        console.log(green(`Synced node ids from archives`), { nodeIds });
+        await setNodeIds(nodeIds);
     } else {
         if (isNoNetwork() || !isNode()) {
             // NOTE: If no network, our trust source might be different, so we can't talk to regular nodes,
             //  and instead have to only talk to HTTP nodes
-            setNodeIds([getBrowserUrlNode()]);
+            await setNodeIds([getBrowserUrlNode()]);
         } else {
             // If on the network, NetworkTrust2 should sync the trusted machines from backblaze, so we should be
             //  able to talk to any nodes.
             //  - If they user is using --client they only want to talk to querysub nodes. There might be multiple,
             //      which cloudflare will proxy, HOWEVER, it is more efficient to directly access the node list, which
             //      will be better for load balancing and updating on failure than the cloudflare proxying... probably.
-            setNodeIds(await NodeDiscoveryController.nodes[getBrowserUrlNode()].getAllNodeIds());
+            await setNodeIds(await NodeDiscoveryController.nodes[getBrowserUrlNode()].getAllNodeIds());
         }
     }
 }
@@ -330,7 +383,7 @@ async function runHeartbeatAuditLoop() {
         let deadTime = Date.now() - DEAD_THRESHOLD;
         let nodeIds = await archives().find("");
         // We spent the money checking the node list, so we might as well update it
-        setNodeIds(nodeIds);
+        await setNodeIds(nodeIds);
 
         let pendingDeadCount = 0;
 
@@ -563,6 +616,7 @@ class NodeDiscoveryControllerBase {
     public async addNode(nodeId: string) {
         console.log(magenta(`Received addNode`), { nodeId });
         addNodeId(nodeId);
+        return true;
     }
     public async resyncNodes(reason: string) {
         let caller = SocketFunction.getCaller();
@@ -587,6 +641,7 @@ const NodeDiscoveryController = SocketFunction.register(
     "NodeDiscoveryController-7991037e-fd9e-4085-b1db-52035487e72c",
     new NodeDiscoveryControllerBase(),
     () => ({
+        getOwnNodeId: { noClientHooks: true, noDefaultHooks: true },
         addNode: { hooks: [requiresNetworkTrustHook] },
         resyncNodes: { hooks: [requiresNetworkTrustHook] },
         getAllNodesHash: { hooks: [requiresNetworkTrustHook] },

package/src/0-path-value-core/AuthorityLookup.ts

@@ -15,8 +15,8 @@ import { timeoutToError } from "../errors";
 import { AuthoritySpec } from "./PathRouter";
 import { formatTime } from "socket-function/src/formatting/format";
 import { getAllAuthoritySpec, getEmptyAuthoritySpec } from "./PathRouterServerAuthoritySpec";
-import { getPrefixesForDeploy } from "../3-path-functions/syncSchema";
 
+setImmediate(() => import("../3-path-functions/syncSchema"));
 
 let NETWORK_POLL_INTERVAL = timeInMinute * 5;
 let CALL_TIMEOUT = isPublic() ? timeInSecond * 20 : timeInSecond * 3;
@@ -47,11 +47,15 @@ class AuthorityLookup {
     }
 
     public getTopologySync() {
-        if (!this.didInitialSync) throw new Error("Cannot call getTopologySync without calling syncAllNow at some point first.");
+        if (!this.didInitialSync) {
+            require("debugbreak")(2);
+            debugger;
+            throw new Error("Cannot call getTopologySync without awaiting syncAllNow or startSyncing.");
+        }
         return Array.from(this.topology.nodes.values()).filter(x => x.isReady);
     }
     public getAuthoritySpecForNodeId(nodeId: string): AuthoritySpec | undefined {
-        if (!this.didInitialSync) throw new Error("Cannot call getAuthoritySpecForNodeId without calling syncAllNow at some point first.");
+        if (!this.didInitialSync) throw new Error("Cannot call getAuthoritySpecForNodeId without awaiting syncAllNow or startSyncing.");
         return this.topology.nodes.get(nodeId)?.authoritySpec;
     }
 
@@ -204,6 +208,7 @@ class AuthorityLookup {
             //  - Get all node IDs should restrict our nodes to just the browser node ID. If we ever change this, then either it's redundant nodes and they all have all the same data, or we need to figure out what data they have, And as their proxies, it probably won't be their actual authority data. So that will require new API functions, etc. 
             await new Promise(r => setImmediate(r));
             await delay(1);
+            let { getPrefixesForDeploy } = await import("../3-path-functions/syncSchema");
             this.updatePaths(nodeId, {
                 nodeId: nodeId,
                 prefixes: await getPrefixesForDeploy(),

package/src/0-path-value-core/PathRouter.ts

@@ -9,7 +9,7 @@ import { unique } from "../misc";
 import { measureFnc } from "socket-function/src/profiling/measure";
 import { getRoutingOverride, hasPrefixHash } from "./PathRouterRouteOverride";
 import { sha256 } from "js-sha256";
-import { removeRange } from "../rangeMath";
+import { rangesOverlap, removeRange } from "../rangeMath";
 
 
 // Cases
@@ -62,21 +62,10 @@ export class PathRouter {
     public static async waitUntilReady() {
         await authorityLookup.startSyncing();
     }
-    /** NOTE: Parent watches are a little bit special. If it's a parent watch, we always hash it, assuming the parent is a prefix. And as most of the watches are parent watches, we're usually going to do this, and so it actually is independent of the topology. 
-        - The topology is really only used for the initial sync, which will use matchesAuthoritySpec, which gets the full routing value, AND, for disk storage.
-     */
-    @measureFnc
-    public static getRouteChildKey(path: string): number {
-        let override = getRoutingOverride(path);
-        if (override) {
-            return override.route;
-        }
-        let key = getLastPathPart(path);
-        return this.getSingleKeyRoute(key);
-    }
+
     // NOTE: For non-prefix values, breaking up by routes on the file system becomes complicated, and so we just all non-prefix values in the same file. However, in memory, in some places, we need route values for every single path, such as for FunctionRunner, so it can distribute the function running evenly, without overlap.
     @measureFnc
-    private static getRouteFull(config: {
+    public static getRouteFull(config: {
         path: string;
         spec: AuthoritySpec;
     }): number {
@@ -94,14 +83,18 @@ export class PathRouter {
         if (prefix) {
             let key = getPathIndex(path, getPathDepth(prefix));
             if (key === undefined) {
+                require("debugbreak")(2);
+                debugger;
                 throw new Error(`Impossible, hash index ${getPathDepth(prefix)} is out of range for path ${path}, but it matched the prefix ${prefix}`);
             }
-            return this.getSingleKeyRoute(key);
+            let route = this.getSingleKeyRoute(key);
+            if (route < spec.routeStart || route >= spec.routeEnd) return -1;
+            return route;
         }
         if (spec.excludeDefault) return -1;
-        let hash = this.getSingleKeyRoute(path);
-        if (hash < spec.routeStart || hash >= spec.routeEnd) return -1;
-        return hash;
+        let route = this.getSingleKeyRoute(path);
+        if (route < spec.routeStart || route >= spec.routeEnd) return -1;
+        return route;
     }
 
     // Mostly for debugging
@@ -146,6 +139,9 @@ export class PathRouter {
     private static getPrefixHash(prefix: string): string {
         return Buffer.from(sha256(prefix), "hex").toString("base64").slice(0, 6);
     }
+    private static isPrefixHash(hash: string): boolean {
+        return hash.length === 6 && /^[a-zA-Z0-9]+$/.test(hash);
+    }
     private static encodeIdentifier(config: { prefixes: string[]; rangeStart: number; rangeEnd: number } | "remaining"): string {
         if (config === "remaining") return "P!REMAINING";
         let { prefixes, rangeStart, rangeEnd } = config;
@@ -167,7 +163,7 @@ export class PathRouter {
         return {
             rangeStart: parseFloat(parts[1]),
             rangeEnd: parseFloat(parts[2]),
-            prefixHashes: parts.slice(3),
+            prefixHashes: parts.slice(3).filter(this.isPrefixHash),
         };
     }
 
@@ -179,11 +175,11 @@ export class PathRouter {
         // NOTE: The file size limit is 1024 bytes. But we also have our folder, etc, so we want to add enough buffer
         //  - Shorter hashes means we can store more, but there's a point when the collisions make it less useful.
         const MAX_PREFIXES_PER_FILE = 50;
-        const PREFIX_COVER_FRACTION = 0.95;
-        const TARGET_VALUES_PER_FILE = 50 * 1000;
-        if (values.length < TARGET_VALUES_PER_FILE) {
-            return new Map([[this.encodeIdentifier("remaining"), values]]);
-        }
+        const PREFIX_COVER_FRACTION = 0.99;
+        const TARGET_VALUES_PER_SHARD_GROUP = 10 * 1000 * 1000;
+        const TARGET_SHARD_SIZE = 50 * 1000;
+        const MIN_SHARD_FILE_COUNT = 10;
+        const SHARD_THRESHOLD = 1000;
 
         let prefixes = ourSpec.prefixes.slice();
         sort(prefixes, x => x.length);
@@ -229,7 +225,7 @@ export class PathRouter {
             }
             let last = groups[groups.length - 1];
             if (
-                last.count > 0 && last.count + prefixGroup.values.length > TARGET_VALUES_PER_FILE
+                last.count > 0 && last.count + prefixGroup.values.length > TARGET_VALUES_PER_SHARD_GROUP
                 || last.prefixes.length >= MAX_PREFIXES_PER_FILE
             ) {
                 groups.push({
@@ -245,42 +241,44 @@ export class PathRouter {
             prefixLeft -= prefixGroup.values.length;
         }
 
-
         let finalFiles = new Map<string, PathValue[]>();
         for (let group of groups) {
-            if (group.prefixes.length === 1 && group.count > TARGET_VALUES_PER_FILE) {
-                // Split by routing hash
-                let values = group.values.flat();
-                let splitCount = Math.ceil(values.length / TARGET_VALUES_PER_FILE);
-                let byRouteGroup = new Map<number, PathValue[]>();
-                let prefix = group.prefixes[0];
-                let hashIndex = getPathDepth(prefix);
-                for (let value of values) {
-                    let key = getPathIndex(value.path, hashIndex);
-                    if (key === undefined) {
-                        throw new Error(`Impossible, hash index ${hashIndex} is out of range for path ${value.path}, but it matched the prefix ${prefix}`);
-                    }
-                    let route = this.getSingleKeyRoute(key);
-                    let routeIndex = Math.floor(route * splitCount);
-                    let routeValues = byRouteGroup.get(routeIndex);
-                    if (!routeValues) {
-                        routeValues = [];
-                        byRouteGroup.set(routeIndex, routeValues);
-                    }
-                    routeValues.push(value);
-                }
-                for (let [routeIndex, routeValues] of byRouteGroup) {
-                    let rangeStart = routeIndex / splitCount;
-                    let rangeEnd = (routeIndex + 1) / splitCount;
-                    let identifier = this.encodeIdentifier({ prefixes: [prefix], rangeStart, rangeEnd });
-                    finalFiles.set(identifier, routeValues);
-                }
-            } else {
+            if (group.count < SHARD_THRESHOLD) {
                 let identifier = this.encodeIdentifier({ prefixes: group.prefixes, rangeStart: 0, rangeEnd: 1 });
                 finalFiles.set(identifier, group.values.flat());
+                continue;
+            }
+            // Split by routing hash
+            let values = group.values.flat();
+            let splitCount = Math.max(MIN_SHARD_FILE_COUNT, Math.ceil(values.length / TARGET_SHARD_SIZE));
+            let byRouteGroup = new Map<number, PathValue[]>();
+            for (let value of values) {
+                let route = this.getRouteFull({
+                    path: value.path,
+                    spec: {
+                        nodeId: "",
+                        prefixes: group.prefixes,
+                        routeStart: 0,
+                        routeEnd: 1,
+                    }
+                });
+                let routeIndex = Math.floor(route * splitCount);
+                let routeValues = byRouteGroup.get(routeIndex);
+                if (!routeValues) {
+                    routeValues = [];
+                    byRouteGroup.set(routeIndex, routeValues);
+                }
+                routeValues.push(value);
+            }
+            for (let [routeIndex, routeValues] of byRouteGroup) {
+                let rangeStart = routeIndex / splitCount;
+                let rangeEnd = (routeIndex + 1) / splitCount;
+                let identifier = this.encodeIdentifier({ prefixes: group.prefixes, rangeStart, rangeEnd });
+                finalFiles.set(identifier, routeValues);
             }
         }
 
+        // NOTE: There could be a huge number of prefixes and we can't pack them all into one file because of the prefix limit, so this will write any remaining values. 
         if (remainingValues.length > 0) {
             let identifier = this.encodeIdentifier("remaining");
             finalFiles.set(identifier, remainingValues.flat());
@@ -303,6 +301,46 @@ export class PathRouter {
         return decodeObj.rangeStart < authority.routeEnd && decodeObj.rangeEnd > authority.routeStart;
     }
 
+    @measureFnc
+    public static overlapsAuthority(authority1: AuthoritySpec, authority2: AuthoritySpec): boolean {
+        // TODO: This becomes complicated because of exclude default, although I feel like there has to be a way to simplify it? Eh... whatever.
+
+        // Normalize it so if only one excludes default, it's always going to be the second one. 
+        if (authority1.excludeDefault && !authority2.excludeDefault) return this.overlapsAuthority(authority2, authority1);
+
+        let doRangesOverlap = rangesOverlap({ start: authority1.routeStart, end: authority1.routeEnd }, { start: authority2.routeStart, end: authority2.routeEnd });
+
+        // If their prefixes are identical, then it's purely a range check
+        if (authority1.prefixes.length === authority2.prefixes.length && authority1.prefixes.every(x => authority2.prefixes.includes(x))) {
+            return doRangesOverlap;
+        }
+
+        // If they have any prefixes which are identical and the ranges overlap, then they overlap.
+        if (doRangesOverlap) {
+            if (authority1.prefixes.some(x => authority2.prefixes.includes(x))) {
+                return true;
+            }
+        }
+        // If any of their prefixes are under the prefix and match it, then that's a match. 
+        if (authority1.prefixes.some(x => this.matchesAuthoritySpec(authority2, x))) {
+            return true;
+        }
+        if (authority2.prefixes.some(x => this.matchesAuthoritySpec(authority1, x))) {
+            return true;
+        }
+        if (authority1.excludeDefault && authority2.excludeDefault) {
+            // No shared prefixes, and none of them are nested under each other, and we don't include defaults, so neither match. 
+            return false;
+        }
+        // If their prefixes are entirely unrelated, it means they're going to hash differently, so they do overlap. 
+        return true;
+    }
+    @measureFnc
+    public static getAllOverlappingAuthorities(authority: AuthoritySpec): AuthoritySpec[] {
+        let allAuthorities = authorityLookup.getTopologySync();
+        return allAuthorities.filter(x => this.overlapsAuthority(authority, x.authoritySpec)).map(x => x.authoritySpec);
+    }
+
 
 
     public static isLocalPath(path: string): boolean {
@@ -430,28 +468,28 @@ export class PathRouter {
     }
 
 
+    // NOTE: The returned nodes are guaranteed to hash in the same way (either all child key hashing for the path children, or all path hashing). This is required, otherwise it would mean if you take a single child path, It might have two different routing values depending on which node it matches, which means even if those ranges don't overlap, different routing values mean it could match two ranges, which is impossible and would break things (and it would also mean there would be values that wouldn't match anything, which I guess is even worse).
     @measureFnc
     public static getChildReadNodes(path: string, config?: {
         preferredNodeIds?: string[];
+        onlyOwnNodes?: boolean;
     }): {
         // NOTE: If at all possible, we will cover all ranges. Node of the returned nodes will be redundant.
         //  - Sorted by range.start
         nodes: {
             nodeId: string;
+            authoritySpec: AuthoritySpec;
             // The range of hashes this node owns, for the child keys of path
             //  (If the node doesn't restrict the range, it will just be { start: 0, end: 1 })
             range: { start: number; end: number };
         }[];
     } {
-        if (this.isSelfAuthority(path)) {
-            return { nodes: [{ nodeId: getOwnNodeId(), range: { start: 0, end: 1 } }] };
-        }
         let preferredNodeIds = new Set(config?.preferredNodeIds ?? []);
 
         // If a prefix is a parent of path, then it is the same as matching just the path directly
         // (If our prefix directly equals one of the other matches, then it's more complicated, As then, the child keys of path are what is hashed, and so all the children will have different routes, so we might match multiple nodes. The same thing if we're matching the remaining case, in which case it's a full path hash, so the child key matters, and again, different routes).
         //      - The different route case is how the FuntionRunner works, and without it large databases couldn't run functions. However, most applications won't directly use it.
-        let allSources = authorityLookup.getTopologySync();
+        let allSources = config?.onlyOwnNodes ? [{ nodeId: getOwnNodeId(), authoritySpec: authorityLookup.getOurSpec() }] : authorityLookup.getTopologySync();
         // Prefer our own node
         sort(allSources, x => isOwnNodeId(x.nodeId) ? -1 : 1);
 
@@ -471,6 +509,7 @@ export class PathRouter {
             }];
             let usedParts: {
                 nodeId: string;
+                authoritySpec: AuthoritySpec;
                 range: { start: number; end: number };
             }[] = [];
             for (let source of hasPrefix) {
@@ -482,6 +521,7 @@ export class PathRouter {
                     usedParts.push({
                         nodeId: source.nodeId,
                         range: removedRange,
+                        authoritySpec: source,
                     });
                 }
                 if (missingRanges.length === 0) break;
@@ -507,9 +547,10 @@ export class PathRouter {
             sort(nestedMatches, x => preferredNodeIds.has(x.nodeId) ? -1 : 1);
             sort(allSources, x => isOwnNodeId(x.nodeId) ? -1 : 1);
             return {
-                nodes: nestedMatches.map(x => ({
+                // Only need to take the first match. Our path is picked by the prefix, and the prefix only hashes the direct child, and we're more deeply nested than that, which means... the route for all of our children will be identical, so this node matches all of our children. 
+                nodes: nestedMatches.slice(0, 1).map(x => ({
                     nodeId: x.nodeId,
-                    // NOTE: Our path is picked by the prefix, and the prefix only hashes the direct child, and we're more deeply nested than that, which means... the route for all of our children will be identical, so this node matches all of our children. 
+                    authoritySpec: x.authoritySpec,
                     range: { start: 0, end: 1 },
                 })),
             };
@@ -517,7 +558,7 @@ export class PathRouter {
 
         // If we are not under any prefixes of it, then it will be a full path hash
         let fullPathMatches = allSources.filter(x => {
-            return !x.authoritySpec.prefixes.some(y => path.startsWith(y) && y !== path);
+            return !x.authoritySpec.prefixes.some(y => path.startsWith(y) && y !== path) && !x.authoritySpec.excludeDefault;
         });
         // Same as prefix matches. Not preferred, and not preferred over being under a prefix, but required for some root data, or data with no prefixes.
         if (fullPathMatches.length > 0) {
@@ -530,6 +571,7 @@ export class PathRouter {
             }];
             let usedParts: {
                 nodeId: string;
+                authoritySpec: AuthoritySpec;
                 range: { start: number; end: number };
             }[] = [];
             for (let source of fullPathMatches) {
@@ -540,6 +582,7 @@ export class PathRouter {
                 for (let removedRange of removedRanges) {
                     usedParts.push({
                         nodeId: source.nodeId,
+                        authoritySpec: source.authoritySpec,
                         range: removedRange,
                     });
                 }
@@ -552,15 +595,13 @@ export class PathRouter {
 
 
 
-        // TODO: We could maybe match a partial match. However, even that is suspect. The site being partially broken is almost worse than it being completely broken. We should just get ALL the shards running again...
-
 
-        require("debugbreak")(2);
-        debugger;
+        if (!config?.onlyOwnNodes) {
+            // TODO: We could maybe match a partial match. However, even that is suspect. The site being partially broken is almost worse than it being completely broken. We should just get ALL the shards running again...
 
-
-        // NOTE: We *could* actually synchronize it even if it doesn't have a prefix shard as we can fall back to just the full path sharding. However, it becomes very complicated if we want a specific range, and then it becomes complicated if it then switches to prefix hashing (With the nodes that were using the full path hashing slowly going away). AND... key synchronization IS slow, so it's good to discourage it in general. 
-        console.error(`Want to sync a prefix which is not under an existing prefix, nor equal to a prefix. 1) The servers are down. 2) Don't access the .keys() 3) call addRoutingPrefixForDeploy to add a route/parent route explicitly (as is done in PathFunctionRunner.ts). Path: ${JSON.stringify(path)}`, { path, allSources });
+            // NOTE: We *could* actually synchronize it even if it doesn't have a prefix shard as we can fall back to just the full path sharding. However, it becomes very complicated if we want a specific range, and then it becomes complicated if it then switches to prefix hashing (With the nodes that were using the full path hashing slowly going away). AND... key synchronization IS slow, so it's good to discourage it in general. 
+            console.error(`Want to sync a prefix which is not under an existing prefix, nor equal to a prefix. 1) The servers are down. 2) Don't access the .keys() 3) call addRoutingPrefixForDeploy to add a route/parent route explicitly (as is done in PathFunctionRunner.ts). Path: ${JSON.stringify(path)}`, { path, allSources });
+        }
         return { nodes: [] };
     }
 

package/src/0-path-value-core/PathRouterServerAuthoritySpec.tsx

@@ -55,13 +55,15 @@ export function getEmptyAuthoritySpec(): AuthoritySpec {
         routeStart: -1,
         routeEnd: -1,
         prefixes: [],
+        excludeDefault: true,
     };
 }
-export function getAllAuthoritySpec(): AuthoritySpec {
+export async function getAllAuthoritySpec(): Promise<AuthoritySpec> {
+    let prefixes = await getShardPrefixes();
     return {
         nodeId: "",
         routeStart: 0,
         routeEnd: 1,
-        prefixes: [],
+        prefixes: prefixes,
     };
 }