sh3-core 0.19.1 → 0.19.3

package/dist/Sh3.svelte

@@ -30,6 +30,7 @@
   import CompactRenderer from './layout/compact/CompactRenderer.svelte';
   import { sh3 } from './sh3Runtime.svelte';
   import { claim, revoke } from './gestures/pointerClaim';
+  import { EDGE_PX } from './gestures';
 
   let contentEl: HTMLElement | undefined = $state();
 
@@ -70,7 +71,8 @@
   // Register left/right edge zones as priority:'edge' pointer claims so that
   // any shard with a priority:'normal' claim automatically beats the shell's
   // edge-swipe gesture (carousel navigation, future side-panel reveals).
-  const EDGE_PX = 24;
+  // EDGE_PX is shared with carousel/swipe sites so the gutter width stays
+  // consistent across the framework.
   $effect(() => {
     const el = contentEl;
     if (!el) return;

package/dist/actions/menuBarModel.js

@@ -62,6 +62,12 @@ export function resolveMenuItems(entries, state, containerId) {
         const winning = innermostActiveScope(entry.action.scope, state, entry.ownerShardId);
         if (!winning)
             continue;
+        // Menu surface only: when the action is active via the 'app' tier,
+        // require the owner shard to be in the active app's requiredShards.
+        // Dispatcher / palette / context menu / hotkey paths keep autostart
+        // activation. See issue #32 and the design spec dated 2026-05-12.
+        if (winning === 'app' && !state.activeAppRequiredShards.has(entry.ownerShardId))
+            continue;
         seen.add(entry.action.id);
         out.push({
             id: entry.action.id,
@@ -95,6 +101,8 @@ export function resolveSubmenuItems(entries, state, parentId) {
         const winning = innermostActiveScope(entry.action.scope, state, entry.ownerShardId);
         if (!winning)
             continue;
+        if (winning === 'app' && !state.activeAppRequiredShards.has(entry.ownerShardId))
+            continue;
         seen.add(entry.action.id);
         out.push({
             id: entry.action.id,

package/dist/actions/menuBarModel.test.js

@@ -156,3 +156,64 @@ describe('resolveSubmenuItems', () => {
         expect(resolveSubmenuItems([], stateWithApp, 'nope')).toEqual([]);
     });
 });
+describe("resolveMenuItems — required-shard menu filter (issue #32)", () => {
+    it("omits scope:'app' actions when owner shard is autostart-only (not required by active app)", () => {
+        const state = mkState({
+            activeAppId: 'other-app',
+            activeAppRequiredShards: new Set(['other-shard']),
+            autostartShards: new Set(['guml.core']),
+        });
+        const entries = [
+            mkEntry({ id: 'guml.project.new', scope: 'app', menuItem: 'file', label: 'New Project…' }, 'guml.core'),
+        ];
+        expect(resolveMenuItems(entries, state, 'file')).toEqual([]);
+    });
+    it("includes scope:'app' actions when owner shard IS in active app's requiredShards", () => {
+        const state = mkState({
+            activeAppId: 'guml-ide',
+            activeAppRequiredShards: new Set(['guml.core']),
+            autostartShards: new Set(['guml.core']),
+        });
+        const entries = [
+            mkEntry({ id: 'guml.project.new', scope: 'app', menuItem: 'file', label: 'New Project…' }, 'guml.core'),
+        ];
+        expect(resolveMenuItems(entries, state, 'file').map((i) => i.id))
+            .toEqual(['guml.project.new']);
+    });
+    it('still includes the action when a more-specific tier wins (view:editor over app)', () => {
+        const state = mkState({
+            activeAppId: 'other-app',
+            activeAppRequiredShards: new Set(['other-shard']),
+            autostartShards: new Set(['guml.core']),
+            mountedViewIds: new Set(['editor']),
+        });
+        const entries = [
+            mkEntry({ id: 'fmt', scope: ['view:editor', 'app'], menuItem: 'file', label: 'Format' }, 'guml.core'),
+        ];
+        expect(resolveMenuItems(entries, state, 'file').map((i) => i.id)).toEqual(['fmt']);
+    });
+    it("omits scope:['home','app'] action in an app that does not require the autostart owner", () => {
+        const state = mkState({
+            activeAppId: 'other-app',
+            activeAppRequiredShards: new Set(['other-shard']),
+            autostartShards: new Set(['guml.core']),
+        });
+        const entries = [
+            mkEntry({ id: 'g.global', scope: ['home', 'app'], menuItem: 'file', label: 'Global' }, 'guml.core'),
+        ];
+        expect(resolveMenuItems(entries, state, 'file')).toEqual([]);
+    });
+    it('drops submenu children whose owner shard is autostart-only', () => {
+        const state = mkState({
+            activeAppId: 'other-app',
+            activeAppRequiredShards: new Set(['other-shard']),
+            autostartShards: new Set(['guml.core']),
+        });
+        const entries = [
+            mkEntry({ id: 'g.parent', scope: 'app', menuItem: 'file', label: 'GUML', submenu: true }, 'guml.core'),
+            mkEntry({ id: 'g.parent.a', scope: 'app', label: 'A', submenuOf: 'g.parent' }, 'guml.core'),
+        ];
+        expect(resolveMenuItems(entries, state, 'file')).toEqual([]);
+        expect(resolveSubmenuItems(entries, state, 'g.parent')).toEqual([]);
+    });
+});

package/dist/app/admin/ApiKeysView.svelte

@@ -3,6 +3,9 @@
    * Admin API Keys view — list, create, reveal, revoke API keys.
    */
 
+  import { apiFetch } from '../../transport/apiFetch';
+  import { getEnvServerUrl } from '../../env/serverUrl';
+
   interface ApiKeyPublic {
     id: string;
     label: string;
@@ -29,7 +32,7 @@
     loading = true;
     error = null;
     try {
-      const res = await fetch('/api/admin/keys', { credentials: 'include' });
+      const res = await apiFetch(`${getEnvServerUrl()}/api/admin/keys`);
       if (!res.ok) throw new Error('Failed to fetch keys');
       keys = await res.json();
     } catch (err) {
@@ -42,10 +45,9 @@
   async function createKey() {
     createError = null;
     try {
-      const res = await fetch('/api/admin/keys', {
+      const res = await apiFetch(`${getEnvServerUrl()}/api/admin/keys`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
-        credentials: 'include',
         body: JSON.stringify({ label: newLabel }),
       });
       if (!res.ok) {
@@ -66,9 +68,8 @@
   async function revokeKey(id: string) {
     confirmingId = null;
     try {
-      await fetch(`/api/admin/keys/${id}`, {
+      await apiFetch(`${getEnvServerUrl()}/api/admin/keys/${id}`, {
         method: 'DELETE',
-        credentials: 'include',
       });
       if (justCreated?.id === id) justCreated = null;
       await fetchKeys();

package/dist/app/store/PermissionConfirmModal.svelte

@@ -21,6 +21,7 @@
     permissions?: string[];
     added?: string[];
     removed?: string[];
+    warnings?: string[];
     onConfirm: () => void;
     onCancel: () => void;
   }
@@ -32,6 +33,7 @@
     permissions = [],
     added = [],
     removed = [],
+    warnings = [],
     onConfirm,
     onCancel,
   }: Props = $props();
@@ -111,6 +113,17 @@
           </ul>
         {/if}
       {/if}
+      {#if warnings.length > 0}
+        <p class="perm-modal-intro perm-modal-warn-heading">Potential compatibility issues:</p>
+        <ul class="perm-modal-list perm-modal-warnings">
+          {#each warnings as msg (msg)}
+            <li class="perm-modal-item perm-modal-warn-item">
+              <div class="perm-modal-item-title">⚠ Compatibility warning</div>
+              <div class="perm-modal-item-desc">{msg}</div>
+            </li>
+          {/each}
+        </ul>
+      {/if}
     </div>
 
     <footer class="perm-modal-footer">
@@ -203,6 +216,16 @@
   .perm-modal-removed .perm-modal-item {
     opacity: 0.75;
   }
+  .perm-modal-warn-heading {
+    margin-top: 12px;
+  }
+  .perm-modal-warn-item {
+    border-color: color-mix(in srgb, var(--sh3-warning, #ff9800) 60%, var(--sh3-border, #444));
+    background: color-mix(in srgb, var(--sh3-warning, #ff9800) 8%, var(--sh3-input-bg, #2a2a2a));
+  }
+  .perm-modal-warn-item .perm-modal-item-title {
+    color: var(--sh3-warning, #ff9800);
+  }
   .perm-modal-footer {
     padding: 12px 20px;
     border-top: 1px solid var(--sh3-border, #444);

package/dist/app/store/PermissionConfirmModal.svelte.d.ts

@@ -9,6 +9,7 @@ interface Props {
     permissions?: string[];
     added?: string[];
     removed?: string[];
+    warnings?: string[];
     onConfirm: () => void;
     onCancel: () => void;
 }

package/dist/app/store/StoreView.svelte

@@ -12,6 +12,7 @@
   import { loadBundleModule, type LoadedBundle } from '../../registry/loader';
   import { extractBundlePermissions } from '../../registry/permission-descriptions';
   import { serverInstallPackage } from '../../env/client';
+  import { checkBundleFetch } from '../../registry/checkFetch';
   import { contract } from '../../contract';
   import type { ResolvedPackage } from '../../registry/client';
   import type { InstalledPackage } from '../../registry/types';
@@ -38,6 +39,7 @@
     bundle: ArrayBuffer;
     meta: ReturnType<typeof buildPackageMeta>;
     serverBundle: ArrayBuffer | undefined;
+    warnings: string[];
   }>(null);
 
   let updateModal = $state<null | {
@@ -186,7 +188,9 @@
 
       // 4. Show the confirmation modal. The actual install happens in
       //    confirmInstall() once the user clicks Install.
-      installModal = { pkg, permissions, loaded, bundle, meta, serverBundle };
+      const bundleText = new TextDecoder().decode(new Uint8Array(bundle));
+      const warnings = checkBundleFetch(bundleText);
+      installModal = { pkg, permissions, loaded, bundle, meta, serverBundle, warnings };
     } catch (err) {
       installError = err instanceof Error ? err.message : String(err);
       const next = new Set(installingIds);
@@ -400,6 +404,7 @@
       author: installModal.pkg.entry.author.name,
     }}
     permissions={installModal.permissions}
+    warnings={installModal.warnings}
     onConfirm={confirmInstall}
     onCancel={cancelInstall}
   />

package/dist/chrome/CompactChrome.svelte.test.js

@@ -125,9 +125,10 @@ describe('CompactChrome — breadcrumb', () => {
             initialLayout: {
                 type: 'tabs',
                 activeTab: 1,
+                role: 'body',
                 tabs: [
-                    { slotId: 's0', viewId: null, label: 'First', role: 'body' },
-                    { slotId: 's1', viewId: null, label: 'Second', role: 'body' },
+                    { slotId: 's0', viewId: null, label: 'First' },
+                    { slotId: 's1', viewId: null, label: 'Second' },
                 ],
             },
         };
@@ -152,12 +153,14 @@ describe('CompactChrome — breadcrumb', () => {
                     {
                         type: 'tabs',
                         activeTab: 0,
-                        tabs: [{ slotId: 'top0', viewId: null, label: 'TopActive', role: 'body' }],
+                        role: 'body',
+                        tabs: [{ slotId: 'top0', viewId: null, label: 'TopActive' }],
                     },
                     {
                         type: 'tabs',
                         activeTab: 0,
-                        tabs: [{ slotId: 'bot0', viewId: null, label: 'BottomActive', role: 'body' }],
+                        role: 'body',
+                        tabs: [{ slotId: 'bot0', viewId: null, label: 'BottomActive' }],
                     },
                 ],
             },

package/dist/env/client.d.ts

@@ -2,10 +2,7 @@
  * Env state client — fetches and updates per-shard environment state
  * from the server.
  */
-/** Configure the server URL for env state operations. */
-export declare function __setEnvServerUrl(url: string): void;
-/** Return the configured server URL. */
-export declare function getEnvServerUrl(): string;
+export { getEnvServerUrl, __setEnvServerUrl } from './serverUrl';
 /**
  * Fetch env state for a shard from the server.
  * Returns an empty object if the server has no stored state.
@@ -24,6 +21,10 @@ export interface ServerInstallResult {
     missing?: Array<{
         id: string;
     }>;
+    warnings?: Array<{
+        level: 'warn';
+        message: string;
+    }>;
 }
 /**
  * Install a package on the server via multipart upload.

package/dist/env/client.js

@@ -4,22 +4,14 @@
  */
 import { getAuthHeader, isAdmin } from '../auth/index';
 import { apiFetch } from '../transport/apiFetch';
-/** Server base URL, set once during configuration. */
-let serverUrl = '';
-/** Configure the server URL for env state operations. */
-export function __setEnvServerUrl(url) {
-    serverUrl = url;
-}
-/** Return the configured server URL. */
-export function getEnvServerUrl() {
-    return serverUrl;
-}
+import { getEnvServerUrl } from './serverUrl';
+export { getEnvServerUrl, __setEnvServerUrl } from './serverUrl';
 /**
  * Fetch env state for a shard from the server.
  * Returns an empty object if the server has no stored state.
  */
 export async function fetchEnvState(shardId) {
-    const res = await apiFetch(`${serverUrl}/api/env-state/${encodeURIComponent(shardId)}`, {
+    const res = await apiFetch(`${getEnvServerUrl()}/api/env-state/${encodeURIComponent(shardId)}`, {
         credentials: 'omit',
     });
     if (!res.ok) {
@@ -41,7 +33,7 @@ export async function putEnvState(shardId, state) {
     const headers = { 'Content-Type': 'application/json' };
     if (auth)
         headers['Authorization'] = auth;
-    const res = await apiFetch(`${serverUrl}/api/env-state/${encodeURIComponent(shardId)}`, {
+    const res = await apiFetch(`${getEnvServerUrl()}/api/env-state/${encodeURIComponent(shardId)}`, {
         method: 'PUT',
         headers,
         body: JSON.stringify(state),
@@ -65,6 +57,7 @@ export async function putEnvState(shardId, state) {
  *   back server-side.
  */
 export async function serverInstallPackage(manifest, clientBundle, serverBundle) {
+    var _a;
     if (!isAdmin())
         throw new Error('Cannot install: not elevated to admin');
     const auth = getAuthHeader();
@@ -77,7 +70,7 @@ export async function serverInstallPackage(manifest, clientBundle, serverBundle)
     const headers = {};
     if (auth)
         headers['Authorization'] = auth;
-    const res = await apiFetch(`${serverUrl}/api/packages/install`, {
+    const res = await apiFetch(`${getEnvServerUrl()}/api/packages/install`, {
         method: 'POST',
         headers,
         body: form,
@@ -88,7 +81,7 @@ export async function serverInstallPackage(manifest, clientBundle, serverBundle)
         try {
             body = await res.json();
         }
-        catch ( /* non-JSON */_a) { /* non-JSON */ }
+        catch ( /* non-JSON */_b) { /* non-JSON */ }
         return {
             ok: false,
             error: typeof body.error === 'string' ? body.error : `HTTP ${res.status}`,
@@ -96,7 +89,8 @@ export async function serverInstallPackage(manifest, clientBundle, serverBundle)
             missing: Array.isArray(body.missing) ? body.missing : undefined,
         };
     }
-    return { ok: true };
+    const body = await res.json();
+    return { ok: true, warnings: (_a = body.warnings) !== null && _a !== void 0 ? _a : [] };
 }
 /**
  * Uninstall a package from the server.
@@ -109,7 +103,7 @@ export async function serverUninstallPackage(id) {
     const headers = { 'Content-Type': 'application/json' };
     if (auth)
         headers['Authorization'] = auth;
-    const res = await apiFetch(`${serverUrl}/api/packages/uninstall`, {
+    const res = await apiFetch(`${getEnvServerUrl()}/api/packages/uninstall`, {
         method: 'POST',
         headers,
         body: JSON.stringify({ id }),
@@ -124,7 +118,7 @@ export async function serverUninstallPackage(id) {
  * Fetch the list of packages installed on the server.
  */
 export async function fetchServerPackages() {
-    const res = await apiFetch(`${serverUrl}/api/packages`, { credentials: 'omit' });
+    const res = await apiFetch(`${getEnvServerUrl()}/api/packages`, { credentials: 'omit' });
     if (!res.ok)
         return [];
     return await res.json();

package/dist/env/serverUrl.d.ts

@@ -0,0 +1,2 @@
+export declare function __setEnvServerUrl(url: string): void;
+export declare function getEnvServerUrl(): string;

package/dist/env/serverUrl.js

@@ -0,0 +1,8 @@
+/** Server base URL, set once during shell initialization. */
+let serverUrl = '';
+export function __setEnvServerUrl(url) {
+    serverUrl = url;
+}
+export function getEnvServerUrl() {
+    return serverUrl;
+}

package/dist/gestures/index.d.ts

@@ -4,3 +4,20 @@ export type { GestureRegistry } from './gestureRegistry';
 export type { GestureHandle, GestureOptions, GestureType, Axis, ClaimPriority, ClaimEntry, PanEvent, ScrollEvent, ButtonEvent, } from './types';
 /** Internal utility — used by framework gesture sites. Not re-exported via api.ts. */
 export declare function ancestorCount(el: Element): number;
+/**
+ * Width of the reserved gutter at each side edge, in CSS pixels.
+ * Pointer-downs that land within this strip of either side of a swipe-aware
+ * surface (carousel, future side drawers) initiate the gesture unconditionally
+ * — content-specific bailouts (editable target, native horizontal scroll) are
+ * suppressed. Outside the gutter, those bailouts still apply so taps on
+ * inputs and horizontally-scrollable regions behave normally.
+ */
+export declare const EDGE_PX = 24;
+/**
+ * Always-on diagnostic for premature gesture-end paths (claim stolen, foreign
+ * pointercancel, foreign pointerup, etc.). The log only fires on anomalies, so
+ * a healthy drag is silent in production. Include `pointerType` so the user
+ * can tell touch from mouse from pen at a glance — the touch-only auto-release
+ * bug class doesn't reproduce with a mouse.
+ */
+export declare function logGesture(label: string, ev: PointerEvent | null, extra?: Record<string, unknown>): void;

package/dist/gestures/index.js

@@ -10,3 +10,30 @@ export function ancestorCount(el) {
     }
     return n;
 }
+/**
+ * Width of the reserved gutter at each side edge, in CSS pixels.
+ * Pointer-downs that land within this strip of either side of a swipe-aware
+ * surface (carousel, future side drawers) initiate the gesture unconditionally
+ * — content-specific bailouts (editable target, native horizontal scroll) are
+ * suppressed. Outside the gutter, those bailouts still apply so taps on
+ * inputs and horizontally-scrollable regions behave normally.
+ */
+export const EDGE_PX = 24;
+/**
+ * Always-on diagnostic for premature gesture-end paths (claim stolen, foreign
+ * pointercancel, foreign pointerup, etc.). The log only fires on anomalies, so
+ * a healthy drag is silent in production. Include `pointerType` so the user
+ * can tell touch from mouse from pen at a glance — the touch-only auto-release
+ * bug class doesn't reproduce with a mouse.
+ */
+export function logGesture(label, ev, extra) {
+    var _a, _b;
+    if (typeof console === 'undefined')
+        return;
+    const tgt = ev === null || ev === void 0 ? void 0 : ev.target;
+    const tag = (_a = tgt === null || tgt === void 0 ? void 0 : tgt.tagName) !== null && _a !== void 0 ? _a : '-';
+    const raw = (_b = tgt === null || tgt === void 0 ? void 0 : tgt.className) !== null && _b !== void 0 ? _b : '';
+    const cls = typeof raw === 'string' ? raw : '';
+    // eslint-disable-next-line no-console
+    console.log('[sh3:gesture]', label, Object.assign({ pointerId: ev === null || ev === void 0 ? void 0 : ev.pointerId, pointerType: ev === null || ev === void 0 ? void 0 : ev.pointerType, type: ev === null || ev === void 0 ? void 0 : ev.type, target: cls ? `${tag}.${cls}` : tag }, extra));
+}

package/dist/keys/client.js

@@ -9,6 +9,8 @@
 import { ConsentDeniedError, ScopeEscalationError } from './types';
 import { requestConsent } from './consent.svelte';
 import { emit } from './revocation-bus.svelte';
+import { apiFetch } from '../transport/apiFetch';
+import { getEnvServerUrl } from '../env/serverUrl';
 export function createShardKeysApi(params) {
     const { shardId, shardPermissions } = params;
     const assertScopesSubset = (scopes) => {
@@ -24,18 +26,16 @@ export function createShardKeysApi(params) {
             const approved = await requestConsent(shardId, opts);
             if (!approved)
                 throw new ConsentDeniedError();
-            const ticketRes = await fetch('/api/keys/consent', {
+            const ticketRes = await apiFetch(`${getEnvServerUrl()}/api/keys/consent`, {
                 method: 'POST',
-                credentials: 'include',
                 headers: { 'content-type': 'application/json' },
                 body: JSON.stringify(Object.assign({ shardId }, opts)),
             });
             if (!ticketRes.ok)
                 throw new Error(`Consent ticket failed: ${ticketRes.status}`);
             const { ticket } = await ticketRes.json();
-            const mintRes = await fetch('/api/keys', {
+            const mintRes = await apiFetch(`${getEnvServerUrl()}/api/keys`, {
                 method: 'POST',
-                credentials: 'include',
                 headers: { 'content-type': 'application/json' },
                 body: JSON.stringify({ ticket }),
             });
@@ -44,16 +44,15 @@ export function createShardKeysApi(params) {
             return mintRes.json();
         },
         async list() {
-            const res = await fetch('/api/keys', { credentials: 'include' });
+            const res = await apiFetch(`${getEnvServerUrl()}/api/keys`);
             if (!res.ok)
                 throw new Error(`List failed: ${res.status}`);
             const all = (await res.json());
             return all.filter((k) => k.mintedByShardId === shardId);
         },
         async revoke(id) {
-            const res = await fetch(`/api/keys/${encodeURIComponent(id)}`, {
+            const res = await apiFetch(`${getEnvServerUrl()}/api/keys/${encodeURIComponent(id)}`, {
                 method: 'DELETE',
-                credentials: 'include',
             });
             if (!res.ok && res.status !== 404)
                 throw new Error(`Revoke failed: ${res.status}`);

package/dist/keys/revocation-bus.svelte.js

@@ -6,6 +6,8 @@
  * The bus is populated by a server-sent events stream on /api/keys/events
  * (wired by the sh3 runtime at boot) and/or by local revoke() calls.
  */
+import { getEnvServerUrl } from '../env/serverUrl';
+import { getAuthToken } from '../transport/authToken';
 const handlersByShard = new Map();
 /**
  * Recently-emitted (shardId → Set<keyId>) with per-entry TTL timers.
@@ -78,7 +80,15 @@ export function emit(shardId, keyId) {
 export function startServerSideStream() {
     if (typeof EventSource === 'undefined')
         return () => { };
-    const es = new EventSource('/api/keys/events', { withCredentials: true });
+    // EventSource cannot send custom headers, so cross-origin auth (Tauri remote)
+    // is handled by passing the session token as a query param. Same-origin
+    // builds fall back to cookies via withCredentials.
+    const base = getEnvServerUrl();
+    const token = getAuthToken();
+    const url = token
+        ? `${base}/api/keys/events?token=${encodeURIComponent(token)}`
+        : `${base}/api/keys/events`;
+    const es = new EventSource(url, token ? {} : { withCredentials: true });
     es.onmessage = (msg) => {
         try {
             const ev = JSON.parse(msg.data);