sh3-core 0.20.2 → 0.21.0

package/dist/registry/installer.js

@@ -16,11 +16,11 @@
  */
 import { loadBundleModule } from './loader';
 import { savePackage, loadBundle, listInstalled, removePackage } from './storage';
-import { verifyIntegrity } from './integrity';
 import { deactivateShard } from '../shards/activate.svelte';
 import { unregisterApp } from '../apps/lifecycle';
 import { registerLoadedBundle } from './register';
 import { extractBundlePermissions } from './permission-descriptions';
+import { fetchServerPackages } from '../env/client';
 /**
  * Install a package from raw bundle bytes and metadata.
  *
@@ -35,25 +35,8 @@ import { extractBundlePermissions } from './permission-descriptions';
  * @returns Result object indicating success/failure and hot-load status.
  */
 export async function installPackage(bundle, meta, options) {
-    // 1. Verify bundle integrity before executing any code.
-    if (!meta.integrity) {
-        return {
-            success: false,
-            hotLoaded: false,
-            error: 'Missing integrity hash — refusing to install unverified bundle',
-        };
-    }
-    try {
-        await verifyIntegrity(bundle, meta.integrity);
-    }
-    catch (err) {
-        return {
-            success: false,
-            hotLoaded: false,
-            error: `Integrity check failed: ${err instanceof Error ? err.message : String(err)}`,
-        };
-    }
-    // 2. Load the module from verified bytes (or reuse the caller's copy).
+    // 1. Load the module from bytes (or reuse the caller's copy).
+    // Archive integrity is verified upstream in fetchArchive() before extraction.
     let loaded;
     if (options === null || options === void 0 ? void 0 : options.loaded) {
         loaded = options.loaded;
@@ -160,40 +143,86 @@ export async function listInstalledPackages() {
     return listInstalled();
 }
 /**
- * Load all installed packages from IndexedDB and register them.
+ * Sync installed packages against the server list and load all into the framework.
  *
- * Called once at boot by `bootstrap()`, before any glob-discovered shards
- * or the sh3 shard are registered. Individual package failures are logged
- * as warnings but do not prevent the sh3 from booting.
+ * Server list is authoritative. Packages on server but missing from IndexedDB
+ * are fetched from the server's /packages/:id/client.js endpoint and cached.
+ * Packages in IndexedDB but absent from the server are evicted.
  */
 export async function loadInstalledPackages() {
-    let packages;
+    let serverPackages = [];
     try {
-        packages = await listInstalled();
+        serverPackages = await fetchServerPackages();
     }
     catch (err) {
-        console.warn('[sh3] Failed to read installed packages from storage:', err instanceof Error ? err.message : err);
+        console.warn('[sh3] Could not reach server for package sync, loading from local cache:', err instanceof Error ? err.message : err);
+        const fallback = await listInstalled().catch(() => []);
+        for (const pkg of fallback) {
+            await _loadFromIndexedDB(pkg);
+        }
         return;
     }
-    for (const pkg of packages) {
-        try {
-            const bytes = await loadBundle(pkg.id);
-            if (!bytes) {
-                console.warn(`[sh3] No bundle found for installed package "${pkg.id}", skipping`);
-                continue;
-            }
-            const loaded = await loadBundleModule(bytes);
-            registerLoadedBundle(loaded, {
-                version: pkg.version,
-                sourceRegistry: pkg.sourceRegistry,
-                contractVersion: pkg.contractVersion,
-            });
-            if (loaded.shards.length === 0 && loaded.apps.length === 0) {
-                console.warn(`[sh3] Package "${pkg.id}" contains no valid shards or apps, skipping`);
-            }
+    const serverIds = new Set(serverPackages.map(p => p.id));
+    let localPackages = [];
+    try {
+        localPackages = await listInstalled();
+    }
+    catch ( /* treat as empty */_a) { /* treat as empty */ }
+    const localIds = new Set(localPackages.map(p => p.id));
+    // Evict packages no longer on the server
+    for (const pkg of localPackages) {
+        if (!serverIds.has(pkg.id)) {
+            await removePackage(pkg.id).catch(() => { });
         }
-        catch (err) {
-            console.warn(`[sh3] Failed to load installed package "${pkg.id}":`, err instanceof Error ? err.message : err);
+    }
+    // Load packages from server — use IndexedDB cache if available, else fetch from server
+    for (const serverPkg of serverPackages) {
+        if (localIds.has(serverPkg.id)) {
+            const localPkg = localPackages.find(p => p.id === serverPkg.id);
+            await _loadFromIndexedDB(localPkg);
+        }
+        else {
+            await _fetchAndCacheFromServer(serverPkg);
+        }
+    }
+}
+async function _loadFromIndexedDB(pkg) {
+    try {
+        const bytes = await loadBundle(pkg.id);
+        if (!bytes) {
+            console.warn(`[sh3] No bundle in IndexedDB for "${pkg.id}", skipping`);
+            return;
+        }
+        const loaded = await loadBundleModule(bytes);
+        registerLoadedBundle(loaded, { version: pkg.version, sourceRegistry: pkg.sourceRegistry, contractVersion: pkg.contractVersion });
+    }
+    catch (err) {
+        console.warn(`[sh3] Failed to load "${pkg.id}" from cache:`, err instanceof Error ? err.message : err);
+    }
+}
+async function _fetchAndCacheFromServer(serverPkg) {
+    var _a, _b;
+    try {
+        const res = await fetch(serverPkg.bundleUrl);
+        if (!res.ok) {
+            console.warn(`[sh3] Failed to fetch bundle for "${serverPkg.id}": HTTP ${res.status}`);
+            return;
         }
+        const bundle = await res.arrayBuffer();
+        const record = {
+            id: serverPkg.id,
+            type: serverPkg.type,
+            version: serverPkg.version,
+            sourceRegistry: (_a = serverPkg.sourceRegistry) !== null && _a !== void 0 ? _a : '',
+            contractVersion: (_b = serverPkg.contractVersion) !== null && _b !== void 0 ? _b : '',
+            installedAt: new Date().toISOString(),
+            permissions: [],
+        };
+        await savePackage(serverPkg.id, bundle, record);
+        const loaded = await loadBundleModule(bundle);
+        registerLoadedBundle(loaded, { version: record.version, sourceRegistry: record.sourceRegistry, contractVersion: record.contractVersion });
+    }
+    catch (err) {
+        console.warn(`[sh3] Failed to fetch/cache "${serverPkg.id}" from server:`, err instanceof Error ? err.message : err);
     }
 }

package/dist/registry/schema.js

@@ -113,29 +113,8 @@ function validatePackageVersion(data, path) {
     const obj = data;
     requireString(obj, 'version', path);
     requireString(obj, 'contractVersion', path);
-    // Client bundle fields — optional individually, but if either is present both must be.
-    const hasBundleUrl = 'bundleUrl' in obj && obj.bundleUrl !== undefined;
-    const hasIntegrity = 'integrity' in obj && obj.integrity !== undefined;
-    if (hasBundleUrl)
-        requireString(obj, 'bundleUrl', path);
-    if (hasIntegrity)
-        requireString(obj, 'integrity', path);
-    if (hasBundleUrl !== hasIntegrity) {
-        throw new RegistryValidationError(path, 'bundleUrl and integrity must be provided together');
-    }
-    // Optional server bundle URL.
-    const hasServerBundleUrl = 'serverBundleUrl' in obj && obj.serverBundleUrl !== undefined;
-    if (hasServerBundleUrl) {
-        requireString(obj, 'serverBundleUrl', path);
-    }
-    // Optional server bundle integrity hash — provisional, see ADR-015.
-    if ('serverIntegrity' in obj && obj.serverIntegrity !== undefined) {
-        requireString(obj, 'serverIntegrity', path);
-    }
-    // A version must ship at least one bundle.
-    if (!hasBundleUrl && !hasServerBundleUrl) {
-        throw new RegistryValidationError(path, 'expected at least one of bundleUrl+integrity or serverBundleUrl');
-    }
+    requireString(obj, 'archiveUrl', path);
+    requireString(obj, 'integrity', path);
     let requires;
     if (obj['requires'] !== undefined) {
         if (!Array.isArray(obj['requires'])) {
@@ -146,10 +125,8 @@ function validatePackageVersion(data, path) {
     return {
         version: obj['version'],
         contractVersion: obj['contractVersion'],
-        bundleUrl: typeof obj['bundleUrl'] === 'string' ? obj['bundleUrl'] : undefined,
-        integrity: typeof obj['integrity'] === 'string' ? obj['integrity'] : undefined,
-        serverBundleUrl: typeof obj['serverBundleUrl'] === 'string' ? obj['serverBundleUrl'] : undefined,
-        serverIntegrity: typeof obj['serverIntegrity'] === 'string' ? obj['serverIntegrity'] : undefined,
+        archiveUrl: obj['archiveUrl'],
+        integrity: obj['integrity'],
         requires,
     };
 }

package/dist/registry/schema.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/registry/schema.test.js

@@ -0,0 +1,41 @@
+import { describe, it, expect } from 'vitest';
+import { validateRegistryIndex, RegistryValidationError } from './schema.js';
+const VALID_VERSION = {
+    version: '1.0.0',
+    contractVersion: '1',
+    archiveUrl: 'https://example.com/pkg-1.0.0.sh3pkg',
+    integrity: 'sha384-abc123',
+};
+const VALID_ENTRY = {
+    id: 'my-shard',
+    type: 'shard',
+    label: 'My Shard',
+    description: 'A test shard',
+    author: { name: 'Test Author' },
+    versions: [VALID_VERSION],
+};
+const VALID_INDEX = { version: 1, packages: [VALID_ENTRY] };
+describe('validateRegistryIndex', () => {
+    it('accepts a valid index with archiveUrl and integrity', () => {
+        const result = validateRegistryIndex(VALID_INDEX);
+        expect(result.packages[0].versions[0].archiveUrl).toBe('https://example.com/pkg-1.0.0.sh3pkg');
+        expect(result.packages[0].versions[0].integrity).toBe('sha384-abc123');
+    });
+    it('rejects a version missing archiveUrl', () => {
+        const bad = Object.assign(Object.assign({}, VALID_INDEX), { packages: [Object.assign(Object.assign({}, VALID_ENTRY), { versions: [{ version: '1.0.0', contractVersion: '1', integrity: 'sha384-abc' }] })] });
+        expect(() => validateRegistryIndex(bad)).toThrow(RegistryValidationError);
+    });
+    it('rejects a version missing integrity', () => {
+        const bad = Object.assign(Object.assign({}, VALID_INDEX), { packages: [Object.assign(Object.assign({}, VALID_ENTRY), { versions: [{ version: '1.0.0', contractVersion: '1', archiveUrl: 'https://x.com/a.sh3pkg' }] })] });
+        expect(() => validateRegistryIndex(bad)).toThrow(RegistryValidationError);
+    });
+    it('accepts optional requires array', () => {
+        const withRequires = Object.assign(Object.assign({}, VALID_INDEX), { packages: [Object.assign(Object.assign({}, VALID_ENTRY), { versions: [Object.assign(Object.assign({}, VALID_VERSION), { requires: [{ id: 'dep-shard', versionRange: '^1.0.0' }] })] })] });
+        const result = validateRegistryIndex(withRequires);
+        expect(result.packages[0].versions[0].requires[0].id).toBe('dep-shard');
+    });
+    it('rejects a version with requires that has an invalid entry', () => {
+        const bad = Object.assign(Object.assign({}, VALID_INDEX), { packages: [Object.assign(Object.assign({}, VALID_ENTRY), { versions: [Object.assign(Object.assign({}, VALID_VERSION), { requires: [{ id: 'dep' }] })] })] });
+        expect(() => validateRegistryIndex(bad)).toThrow(RegistryValidationError);
+    });
+});

package/dist/registry/types.d.ts

@@ -81,9 +81,9 @@ export interface PackageEntry {
 /**
  * A specific published version of a package.
  *
- * Each version ships a self-contained pre-built ESM bundle at `bundleUrl`.
- * The `integrity` field is an SRI hash (sha384 recommended) used to verify
- * the download before execution.
+ * Each version ships a `.sh3pkg` ZIP archive at `archiveUrl`.
+ * The archive contains `manifest.json` and at least one of `client.js` / `server.js`.
+ * The `integrity` SRI hash verifies the download before execution.
  */
 export interface PackageVersion {
     /**
@@ -98,36 +98,17 @@ export interface PackageVersion {
      */
     contractVersion: string;
     /**
-     * Absolute or registry-relative URL to the pre-built ESM bundle.
-     * The client fetches this URL and verifies the download against `integrity`
-     * before executing. Optional for server-only packages that ship only a
-     * `serverBundleUrl` — in that case `integrity` must also be omitted.
+     * URL to the `.sh3pkg` ZIP archive for this version.
+     * Absolute or registry-relative. The archive contains `manifest.json`
+     * plus at least one of `client.js` / `server.js`.
      */
-    bundleUrl?: string;
+    archiveUrl: string;
     /**
-     * SRI integrity hash for the bundle file.
+     * SRI integrity hash of the archive ZIP.
      * Format: `"<algorithm>-<base64digest>"` (e.g. `"sha384-abc123..."`).
      * Algorithms: sha256, sha384 (recommended), sha512.
-     * See: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
-     * Omitted when the package has no client bundle.
      */
-    integrity?: string;
-    /**
-     * Optional URL to the server-side bundle for shards that have a backend
-     * component. Same resolution rules as `bundleUrl` (absolute or registry-
-     * relative). Only present when the shard declares `serverBundle` in its
-     * manifest.
-     */
-    serverBundleUrl?: string;
-    /**
-     * SRI integrity hash for the server bundle. Same format as `integrity`.
-     * Optional in contract v1 for back-compat with registries that predate
-     * server bundles. Will become required when the formal registry spec
-     * lands (see ADR-015 proposal). When absent, the client skips the SRI
-     * check at download time and logs a warning — the unverified bundle is
-     * still installed.
-     */
-    serverIntegrity?: string;
+    integrity: string;
     /**
      * Other shards that must be installed and active before this package
      * can be loaded. Optional — omit if the package has no dependencies.
@@ -260,9 +241,7 @@ export interface PackageMeta {
      */
     sourceRegistry: string;
     /**
-     * SRI hash to verify the downloaded bundle against before executing.
-     * Must match `PackageVersion.integrity`. Omitted for server-only packages
-     * that ship no client bundle.
+     * SRI hash of the archive this package was installed from. Kept for audit purposes.
      */
     integrity?: string;
     /**
@@ -270,14 +249,10 @@ export interface PackageMeta {
      * Undefined if no dependencies.
      */
     requires?: RequiredDependency[];
-    /**
-     * SRI hash for the server bundle. Only present when the package has a
-     * server component.
-     */
-    serverIntegrity?: string;
-    /**
-     * Whether this package includes a server bundle that needs to be pushed
-     * to the server after client-side installation.
-     */
-    hasServerBundle?: boolean;
+}
+/** Payload sent to the server to trigger a server-side install. */
+export interface RemoteInstallRequest {
+    registryUrl: string;
+    packageId: string;
+    version: string;
 }

package/dist/runtime/runVerb-shell.test.js

@@ -11,7 +11,7 @@
  */
 import { describe, it, expect, beforeEach } from 'vitest';
 import { MemoryDocumentBackend } from '../documents/backends';
-import { __setDocumentBackend, __setTenantId } from '../documents/config';
+import { __setDocumentBackend, __setActiveScope } from '../documents/config';
 import { registerShard, activateShard, __resetShardRegistryForTest, } from '../shards/activate.svelte';
 import { __resetViewRegistryForTest } from '../shards/registry';
 import { __resetActionsRegistryForTest } from '../actions/registry';
@@ -25,7 +25,7 @@ describe('shell-shard programmatic verbs (integration)', () => {
         __resetActionsRegistryForTest();
         __resetAppRegistryForTest();
         __setDocumentBackend(new MemoryDocumentBackend());
-        __setTenantId('tenant-test');
+        __setActiveScope('tenant-test');
         registerShard(shellShard);
         await activateShard('shell');
     });

package/dist/runtime/runVerb.test.js

@@ -1,6 +1,6 @@
 import { describe, it, expect, beforeEach } from 'vitest';
 import { MemoryDocumentBackend } from '../documents/backends';
-import { __setDocumentBackend, __setTenantId } from '../documents/config';
+import { __setDocumentBackend, __setActiveScope } from '../documents/config';
 import { registerShard, activateShard, __resetShardRegistryForTest, } from '../shards/activate.svelte';
 import { __resetViewRegistryForTest } from '../shards/registry';
 import { runVerbProgrammatic } from './runVerb';
@@ -19,7 +19,7 @@ describe('runVerbProgrammatic', () => {
         __resetShardRegistryForTest();
         __resetViewRegistryForTest();
         __setDocumentBackend(new MemoryDocumentBackend());
-        __setTenantId('tenant-test');
+        __setActiveScope('tenant-test');
     });
     it('rejects on unknown shard', async () => {
         await expect(runVerbProgrammatic('missing', 'echo', [])).rejects.toThrow('unknown shard: missing');

package/dist/sh3core-shard/appActions.js

@@ -30,6 +30,7 @@ import AppInfoView from './AppInfoView.svelte';
 import { spawnSatellite } from '../sh3Api/window';
 import { activeApp, getActiveApp } from '../apps/registry.svelte';
 import { returnToHome } from '../apps/lifecycle';
+import { sessionState } from '../projects/session-state.svelte';
 const isTauri = typeof globalThis.__TAURI_INTERNALS__ !== 'undefined';
 export function computeAppActionDisabled(g) {
     return !g.admin || g.builtin;
@@ -111,7 +112,7 @@ async function runCheckUpdate(_ctx) {
     modalManager.open(AppUpdateAvailableModal, props);
 }
 function runPopOut(_ctx) {
-    var _a;
+    var _a, _b;
     const ref = readSelection();
     if (!ref)
         return;
@@ -122,10 +123,11 @@ function runPopOut(_ctx) {
         kind: 'app',
         appId: ref.appId,
         activateShards: (_a = manifest.requiredShards) !== null && _a !== void 0 ? _a : [],
+        projectId: (_b = sessionState.activeProjectId) !== null && _b !== void 0 ? _b : undefined,
     });
 }
 async function runPopOutCurrent(_ctx) {
-    var _a;
+    var _a, _b;
     const current = getActiveApp();
     if (!current)
         return;
@@ -136,6 +138,7 @@ async function runPopOutCurrent(_ctx) {
         kind: 'app',
         appId,
         activateShards: requiredShards,
+        projectId: (_b = sessionState.activeProjectId) !== null && _b !== void 0 ? _b : undefined,
     });
 }
 function runUninstall(_ctx) {

package/dist/shards/activate-browse.test.js

@@ -1,13 +1,13 @@
 import { describe, it, expect, beforeEach } from 'vitest';
 import { MemoryDocumentBackend } from '../documents/backends';
-import { __setDocumentBackend, __setTenantId } from '../documents/config';
+import { __setDocumentBackend, __setActiveScope } from '../documents/config';
 import { registerShard, activateShard, __resetShardRegistryForTest } from './activate.svelte';
 import { PERMISSION_DOCUMENTS_BROWSE, PERMISSION_DOCUMENTS_READ, PERMISSION_DOCUMENTS_WRITE, } from '../documents/types';
 describe('ctx.browse permission gating', () => {
     beforeEach(() => {
         __resetShardRegistryForTest();
         __setDocumentBackend(new MemoryDocumentBackend());
-        __setTenantId('tenant-a');
+        __setActiveScope('tenant-a');
     });
     it('is undefined when no documents permission is declared', async () => {
         let captured = null;

package/dist/shards/activate-contributions.test.js

@@ -1,6 +1,6 @@
 import { describe, it, expect, beforeEach, vi } from 'vitest';
 import { MemoryDocumentBackend } from '../documents/backends';
-import { __setDocumentBackend, __setTenantId } from '../documents/config';
+import { __setDocumentBackend, __setActiveScope } from '../documents/config';
 import { registerShard, activateShard, deactivateShard, __resetShardRegistryForTest, } from './activate.svelte';
 import { __resetContributionsForTest, list, listPoints } from '../contributions';
 describe('ctx.contributions', () => {
@@ -8,7 +8,7 @@ describe('ctx.contributions', () => {
         __resetShardRegistryForTest();
         __resetContributionsForTest();
         __setDocumentBackend(new MemoryDocumentBackend());
-        __setTenantId('tenant-a');
+        __setActiveScope('tenant-a');
     });
     it('is always present on ShardContext (no permission required)', async () => {
         let captured = null;

package/dist/shards/activate-error-isolation.test.js

@@ -1,12 +1,12 @@
 import { describe, it, expect, beforeEach } from 'vitest';
 import { MemoryDocumentBackend } from '../documents/backends';
-import { __setDocumentBackend, __setTenantId } from '../documents/config';
+import { __setDocumentBackend, __setActiveScope } from '../documents/config';
 import { registerShard, activateShard, registeredShards, activeShards, __resetShardRegistryForTest, erroredShards, } from './activate.svelte';
 describe('erroredShards map', () => {
     beforeEach(() => {
         __resetShardRegistryForTest();
         __setDocumentBackend(new MemoryDocumentBackend());
-        __setTenantId('tenant-a');
+        __setActiveScope('tenant-a');
     });
     it('is empty after reset', () => {
         expect(erroredShards.size).toBe(0);
@@ -21,7 +21,7 @@ describe('activateShard — unwind on activation failure', () => {
     beforeEach(() => {
         __resetShardRegistryForTest();
         __setDocumentBackend(new MemoryDocumentBackend());
-        __setTenantId('tenant-a');
+        __setActiveScope('tenant-a');
     });
     it('unwinds partial state and records the error when activate throws', async () => {
         const shard = {

package/dist/shards/activate-on-key-revoked.test.js

@@ -1,13 +1,13 @@
 import { describe, it, expect, beforeEach } from 'vitest';
 import { MemoryDocumentBackend } from '../documents/backends';
-import { __setDocumentBackend, __setTenantId } from '../documents/config';
+import { __setDocumentBackend, __setActiveScope } from '../documents/config';
 import { registerShard, activateShard, deactivateShard, __resetShardRegistryForTest } from './activate.svelte';
 import { emit } from '../keys/revocation-bus.svelte';
 describe('onKeyRevoked hook wiring', () => {
     beforeEach(() => {
         __resetShardRegistryForTest();
         __setDocumentBackend(new MemoryDocumentBackend());
-        __setTenantId('tenant-a');
+        __setActiveScope('tenant-a');
     });
     it('fires onKeyRevoked when the bus emits for the shard', async () => {
         const received = [];

package/dist/shards/activate-runtime.test.js

@@ -1,6 +1,6 @@
 import { describe, it, expect, beforeEach, vi } from 'vitest';
 import { MemoryDocumentBackend } from '../documents/backends';
-import { __setDocumentBackend, __setTenantId } from '../documents/config';
+import { __setDocumentBackend, __setActiveScope } from '../documents/config';
 import { registerShard, activateShard, __resetShardRegistryForTest, } from './activate.svelte';
 import { __resetViewRegistryForTest } from './registry';
 function programmaticVerb(name, summary, body) {
@@ -22,7 +22,7 @@ describe('ctx.listVerbs / ctx.runVerb (integration)', () => {
         __resetShardRegistryForTest();
         __resetViewRegistryForTest();
         __setDocumentBackend(new MemoryDocumentBackend());
-        __setTenantId('tenant-test');
+        __setActiveScope('tenant-test');
     });
     it('listVerbs returns every verb across active shards with shardId', async () => {
         registerShard({

package/dist/shards/activate.svelte.js

@@ -19,7 +19,7 @@
 import { sh3 } from '../sh3Runtime.svelte';
 import { registerView, unregisterView, registerVerb as fwRegisterVerb, unregisterVerb as fwUnregisterVerb } from './registry';
 import { makeSh3Api } from '../sh3Api/headless';
-import { createDocumentHandle, getTenantId, getDocumentBackend, getActiveScopeId } from '../documents';
+import { createDocumentHandle, getDocumentBackend, getActiveScopeId } from '../documents';
 import { fetchEnvState, putEnvState } from '../env/client';
 import { getEnvServerUrl } from '../env/index';
 import { apiFetch } from '../transport/apiFetch';
@@ -153,7 +153,7 @@ export async function activateShard(id, opts) {
     };
     const hasBrowse = (_a = shard.manifest.permissions) === null || _a === void 0 ? void 0 : _a.includes(PERMISSION_DOCUMENTS_BROWSE);
     const browseCap = hasBrowse
-        ? createBrowseCapability(() => getTenantId(), getDocumentBackend(), {
+        ? createBrowseCapability(getActiveScopeId, getDocumentBackend(), {
             canRead: (_c = (_b = shard.manifest.permissions) === null || _b === void 0 ? void 0 : _b.includes(PERMISSION_DOCUMENTS_READ)) !== null && _c !== void 0 ? _c : false,
             canWrite: (_e = (_d = shard.manifest.permissions) === null || _d === void 0 ? void 0 : _d.includes(PERMISSION_DOCUMENTS_WRITE)) !== null && _e !== void 0 ? _e : false,
         })
@@ -225,7 +225,7 @@ export async function activateShard(id, opts) {
             return checkIsAdmin();
         },
         get tenantId() {
-            return getTenantId();
+            return getActiveScopeId();
         },
         getScope: () => { var _a; return (_a = scopeResolver === null || scopeResolver === void 0 ? void 0 : scopeResolver()) !== null && _a !== void 0 ? _a : 'tenant'; },
         zones: ((_f = shard.manifest.permissions) === null || _f === void 0 ? void 0 : _f.includes(PERMISSION_STATE_MANAGE))
@@ -235,7 +235,7 @@ export async function activateShard(id, opts) {
         documentPicker: browseCap
             ? createDocumentPicker(() => browseCap.listDocuments())
             : createDocumentPicker(async () => {
-                const docs = await getDocumentBackend().list(getTenantId(), id);
+                const docs = await getDocumentBackend().list(getActiveScopeId(), id);
                 return docs.map(d => (Object.assign(Object.assign({}, d), { shardId: id })));
             }),
         keys: ((_g = shard.manifest.permissions) === null || _g === void 0 ? void 0 : _g.includes(PERMISSION_KEYS_MINT))

package/dist/shards/ctx-fetch.test.js

@@ -1,6 +1,6 @@
 import { describe, expect, it, vi, beforeEach, afterEach } from 'vitest';
 import { MemoryDocumentBackend } from '../documents/backends';
-import { __setDocumentBackend, __setTenantId } from '../documents/config';
+import { __setDocumentBackend, __setActiveScope } from '../documents/config';
 import { __setEnvServerUrl } from '../env/index';
 import { registerShard, activateShard, __resetShardRegistryForTest, } from './activate.svelte';
 import { __resetViewRegistryForTest } from './registry';
@@ -11,7 +11,7 @@ describe('ctx.fetch', () => {
         __resetShardRegistryForTest();
         __resetViewRegistryForTest();
         __setDocumentBackend(new MemoryDocumentBackend());
-        __setTenantId('tenant-test');
+        __setActiveScope('tenant-test');
         __setEnvServerUrl('https://example.com');
     });
     afterEach(() => {
@@ -69,7 +69,7 @@ describe('ctx.serverUrl', () => {
         __resetShardRegistryForTest();
         __resetViewRegistryForTest();
         __setDocumentBackend(new MemoryDocumentBackend());
-        __setTenantId('tenant-test');
+        __setActiveScope('tenant-test');
         __setEnvServerUrl('https://example.com');
     });
     afterEach(() => {
@@ -100,7 +100,7 @@ describe('ctx.resolveUrl', () => {
         __resetShardRegistryForTest();
         __resetViewRegistryForTest();
         __setDocumentBackend(new MemoryDocumentBackend());
-        __setTenantId('tenant-test');
+        __setActiveScope('tenant-test');
         __setEnvServerUrl('https://example.com');
     });
     afterEach(() => {