sh3-core 0.8.2 → 0.9.1

package/dist/api.d.ts

@@ -17,13 +17,10 @@ export { listRegisteredApps, getActiveApp } from './apps/registry.svelte';
 export { launchApp, returnToHome, unregisterApp } from './apps/lifecycle';
 export { inspectActiveLayout, spliceIntoActiveLayout, dockIntoActiveLayout, focusTab, focusView, collapseChild, expandChild, closeTab, } from './layout/inspection';
 export type { DocumentHandle, DocumentHandleOptions, DocumentFormat, DocumentMeta, DocumentChange, AutosaveController, } from './documents/types';
-export { PERMISSION_DOCUMENTS_BROWSE } from './documents/types';
+export { PERMISSION_DOCUMENTS_BROWSE, PERMISSION_DOCUMENTS_READ, PERMISSION_DOCUMENTS_WRITE, } from './documents/types';
 export type { BrowseCapability } from './documents/browse';
-export type { SyncHandle, SyncScope, ManifestEntry, ApplyEntry, ApplyOpts, ApplyOutcome, ApplyBatchResult, ConflictPolicy, ConflictResolution, ConflictContext, JournalEntry, ChangePage, GrantRecord, } from './documents/sync/types';
-export { PERMISSION_DOCUMENTS_SYNC, ScopeNotGrantedError, ScopeRevokedError, TenantMismatchError, } from './documents/sync/types';
-export type { SyncRegistry } from './documents/sync/registry';
-export { default as SyncGrantPicker } from './documents/sync/components/SyncGrantPicker.svelte';
-export { default as DocumentSyncExplorer } from './documents/sync/components/DocumentSyncExplorer.svelte';
+export type { SyncPolicy, SyncPolicyRule, DocStatus, ConflictFile, ConflictBranch, } from './documents/sync-types';
+export { PERMISSION_SYNC_PEER, PERMISSION_SYNC_POLICY } from './documents/sync-types';
 export { registeredShards, activeShards } from './shards/activate.svelte';
 export type { RegistryIndex, PackageEntry, PackageVersion, RequiredDependency, InstalledPackage, InstallResult, PackageMeta, } from './registry/types';
 export type { ResolvedPackage } from './registry/client';
@@ -39,7 +36,7 @@ export declare const capabilities: {
     /** Whether this target supports hot-installing packages via dynamic import from blob URL. */
     readonly hotInstall: boolean;
 };
-export type { ServerShard, ServerShardContext } from './server-shard/types';
+export type { ServerShard, ServerShardContext, TenantDocumentAPI } from './server-shard/types';
 export type { Verb, VerbContext, ShellApi } from './verbs/types';
 export type { Scrollback } from './shell-shard/scrollback.svelte';
 export type { SessionClient } from './shell-shard/session-client.svelte';

package/dist/api.js

@@ -29,10 +29,8 @@ export { listRegisteredApps, getActiveApp } from './apps/registry.svelte';
 export { launchApp, returnToHome, unregisterApp } from './apps/lifecycle';
 // Layout inspection / mutation for advanced shards (diagnostic, etc.).
 export { inspectActiveLayout, spliceIntoActiveLayout, dockIntoActiveLayout, focusTab, focusView, collapseChild, expandChild, closeTab, } from './layout/inspection';
-export { PERMISSION_DOCUMENTS_BROWSE } from './documents/types';
-export { PERMISSION_DOCUMENTS_SYNC, ScopeNotGrantedError, ScopeRevokedError, TenantMismatchError, } from './documents/sync/types';
-export { default as SyncGrantPicker } from './documents/sync/components/SyncGrantPicker.svelte';
-export { default as DocumentSyncExplorer } from './documents/sync/components/DocumentSyncExplorer.svelte';
+export { PERMISSION_DOCUMENTS_BROWSE, PERMISSION_DOCUMENTS_READ, PERMISSION_DOCUMENTS_WRITE, } from './documents/types';
+export { PERMISSION_SYNC_PEER, PERMISSION_SYNC_POLICY } from './documents/sync-types';
 // Shard introspection — read-only reactive maps exposing which shards are
 // known to the host and which are currently active. Intended for diagnostic
 // and tooling shards that need to visualize framework state. Phase 9

package/dist/app/store/InstalledView.svelte

@@ -10,6 +10,8 @@
   import { storeContext } from './storeShard.svelte';
   import { uninstallPackage } from '../../registry/installer';
   import { serverUninstallPackage } from '../../env/client';
+  import PermissionConfirmModal from './PermissionConfirmModal.svelte';
+  import type { InstalledPackage } from '../../registry/types';
 
   const ctx = storeContext;
 
@@ -17,6 +19,14 @@
   let updatingIds = $state<Set<string>>(new Set());
   let updateError = $state<string | null>(null);
 
+  let updateModal = $state<null | {
+    pkg: InstalledPackage;
+    toVersion: string;
+    added: string[];
+    removed: string[];
+    resolve: (ok: boolean) => void;
+  }>(null);
+
   async function handleUninstall(id: string) {
     if (uninstallingIds.has(id)) return;
 
@@ -41,7 +51,25 @@
     updateError = null;
 
     try {
-      await ctx.updatePackage(id);
+      await ctx.updatePackage(id, (added, removed) => {
+        return new Promise<boolean>((resolve) => {
+          const pkg = ctx.state.ephemeral.installed.find(
+            (p: InstalledPackage) => p.id === id,
+          );
+          const target = ctx.state.ephemeral.updatable[id];
+          if (!pkg || !target) {
+            resolve(true); // Falls through to the existing behavior.
+            return;
+          }
+          updateModal = {
+            pkg,
+            toVersion: target.latest.version,
+            added,
+            removed,
+            resolve,
+          };
+        });
+      });
     } catch (err) {
       updateError = err instanceof Error ? err.message : String(err);
     } finally {
@@ -51,6 +79,20 @@
     }
   }
 
+  function confirmUpdate() {
+    const m = updateModal;
+    if (!m) return;
+    updateModal = null;
+    m.resolve(true);
+  }
+
+  function cancelUpdate() {
+    const m = updateModal;
+    if (!m) return;
+    updateModal = null;
+    m.resolve(false);
+  }
+
   function handleRefresh() {
     ctx.refreshInstalled();
   }
@@ -121,6 +163,18 @@
       {/each}
     </ul>
   {/if}
+
+  {#if updateModal}
+    <PermissionConfirmModal
+      mode="update"
+      pkg={{ label: updateModal.pkg.id, version: updateModal.toVersion }}
+      fromVersion={updateModal.pkg.version}
+      added={updateModal.added}
+      removed={updateModal.removed}
+      onConfirm={confirmUpdate}
+      onCancel={cancelUpdate}
+    />
+  {/if}
 </div>
 
 <style>

package/dist/app/store/PermissionConfirmModal.svelte

@@ -0,0 +1,232 @@
+<script lang="ts">
+  /*
+   * PermissionConfirmModal — confirmation modal for install and update flows.
+   *
+   * Install mode: lists the full declared permission set for the incoming
+   * package.
+   * Update mode: lists the permissions newly added or removed compared to
+   * the currently installed version.
+   *
+   * Informational only — the buttons are Cancel / Confirm. Accepting grants
+   * all declared permissions; denying aborts the operation with no state
+   * change.
+   */
+
+  import { describePermission } from '../../registry/permission-descriptions';
+
+  interface Props {
+    mode: 'install' | 'update';
+    pkg: { label: string; version: string; author?: string };
+    fromVersion?: string;
+    permissions?: string[];
+    added?: string[];
+    removed?: string[];
+    onConfirm: () => void;
+    onCancel: () => void;
+  }
+
+  const {
+    mode,
+    pkg,
+    fromVersion,
+    permissions = [],
+    added = [],
+    removed = [],
+    onConfirm,
+    onCancel,
+  }: Props = $props();
+
+  const confirmLabel = $derived(mode === 'install' ? 'Install' : 'Update');
+</script>
+
+<!-- svelte-ignore a11y_click_events_have_key_events -->
+<!-- svelte-ignore a11y_no_noninteractive_element_interactions -->
+<div
+  class="perm-modal-backdrop"
+  onclick={onCancel}
+  onkeydown={(e) => { if (e.key === 'Escape') onCancel(); }}
+  role="dialog"
+  aria-modal="true"
+  aria-label="{confirmLabel} {pkg.label}"
+  tabindex="-1"
+>
+  <!-- svelte-ignore a11y_click_events_have_key_events -->
+  <!-- svelte-ignore a11y_no_static_element_interactions -->
+  <div class="perm-modal-panel" onclick={(e) => e.stopPropagation()} role="document">
+    <header class="perm-modal-header">
+      <h3>{confirmLabel} {pkg.label}</h3>
+      <div class="perm-modal-subtitle">
+        {#if mode === 'update' && fromVersion}
+          {fromVersion} &rarr; {pkg.version}
+        {:else}
+          v{pkg.version}
+        {/if}
+        {#if pkg.author}
+          <span class="perm-modal-author">by {pkg.author}</span>
+        {/if}
+      </div>
+    </header>
+
+    <div class="perm-modal-body">
+      {#if mode === 'install'}
+        {#if permissions.length === 0}
+          <p class="perm-modal-empty">
+            This package requires no special permissions.
+          </p>
+        {:else}
+          <p class="perm-modal-intro">This package requests the following permissions:</p>
+          <ul class="perm-modal-list">
+            {#each permissions as id (id)}
+              {@const d = describePermission(id)}
+              <li class="perm-modal-item">
+                <div class="perm-modal-item-title">{d.title}</div>
+                <div class="perm-modal-item-desc">{d.description}</div>
+              </li>
+            {/each}
+          </ul>
+        {/if}
+      {:else}
+        {#if added.length > 0}
+          <p class="perm-modal-intro">New permissions in this update:</p>
+          <ul class="perm-modal-list perm-modal-added">
+            {#each added as id (id)}
+              {@const d = describePermission(id)}
+              <li class="perm-modal-item">
+                <div class="perm-modal-item-title">{d.title}</div>
+                <div class="perm-modal-item-desc">{d.description}</div>
+              </li>
+            {/each}
+          </ul>
+        {/if}
+        {#if removed.length > 0}
+          <p class="perm-modal-intro">Permissions no longer requested:</p>
+          <ul class="perm-modal-list perm-modal-removed">
+            {#each removed as id (id)}
+              {@const d = describePermission(id)}
+              <li class="perm-modal-item">
+                <div class="perm-modal-item-title">{d.title}</div>
+                <div class="perm-modal-item-desc">{d.description}</div>
+              </li>
+            {/each}
+          </ul>
+        {/if}
+      {/if}
+    </div>
+
+    <footer class="perm-modal-footer">
+      <button class="perm-modal-cancel" onclick={onCancel}>Cancel</button>
+      <button class="perm-modal-confirm" onclick={onConfirm}>{confirmLabel}</button>
+    </footer>
+  </div>
+</div>
+
+<style>
+  .perm-modal-backdrop {
+    position: fixed;
+    inset: 0;
+    background: rgba(0, 0, 0, 0.5);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    z-index: 1000;
+  }
+  .perm-modal-panel {
+    background: var(--shell-bg, #1e1e1e);
+    color: var(--shell-fg, #e0e0e0);
+    border: 1px solid var(--shell-border, #444);
+    border-radius: var(--shell-radius-md);
+    box-shadow: 0 8px 32px rgba(0, 0, 0, 0.4);
+    min-width: 360px;
+    max-width: 520px;
+    max-height: 80vh;
+    display: flex;
+    flex-direction: column;
+    font-family: var(--shell-font-ui);
+  }
+  .perm-modal-header {
+    padding: 16px 20px 12px;
+    border-bottom: 1px solid var(--shell-border, #444);
+  }
+  .perm-modal-header h3 {
+    margin: 0 0 4px 0;
+    font-size: 1.0625rem;
+    font-weight: 600;
+  }
+  .perm-modal-subtitle {
+    font-size: 0.8125rem;
+    color: var(--shell-fg-muted, #888);
+  }
+  .perm-modal-author {
+    margin-left: 8px;
+  }
+  .perm-modal-body {
+    padding: 16px 20px;
+    overflow-y: auto;
+    flex: 1;
+  }
+  .perm-modal-intro {
+    margin: 0 0 8px 0;
+    font-size: 0.875rem;
+  }
+  .perm-modal-empty {
+    margin: 0;
+    font-size: 0.875rem;
+    color: var(--shell-fg-muted, #888);
+    font-style: italic;
+  }
+  .perm-modal-list {
+    list-style: none;
+    margin: 0 0 12px 0;
+    padding: 0;
+    display: flex;
+    flex-direction: column;
+    gap: 8px;
+  }
+  .perm-modal-item {
+    padding: 8px 10px;
+    background: var(--shell-input-bg, #2a2a2a);
+    border: 1px solid var(--shell-border, #444);
+    border-radius: var(--shell-radius-sm);
+  }
+  .perm-modal-item-title {
+    font-size: 0.875rem;
+    font-weight: 600;
+  }
+  .perm-modal-item-desc {
+    font-size: 0.75rem;
+    color: var(--shell-fg-muted, #888);
+    margin-top: 2px;
+  }
+  .perm-modal-added .perm-modal-item {
+    border-color: color-mix(in srgb, var(--shell-warning, #ff9800) 60%, var(--shell-border, #444));
+  }
+  .perm-modal-removed .perm-modal-item {
+    opacity: 0.75;
+  }
+  .perm-modal-footer {
+    padding: 12px 20px;
+    border-top: 1px solid var(--shell-border, #444);
+    display: flex;
+    justify-content: flex-end;
+    gap: 8px;
+  }
+  .perm-modal-cancel {
+    padding: 6px 14px;
+    background: transparent;
+    color: var(--shell-fg, #e0e0e0);
+    border: 1px solid var(--shell-border, #444);
+    border-radius: var(--shell-radius);
+    font-size: 0.8125rem;
+    cursor: pointer;
+  }
+  .perm-modal-confirm {
+    padding: 6px 14px;
+    background: var(--shell-accent, #007acc);
+    color: #fff;
+    border: 1px solid var(--shell-accent, #007acc);
+    border-radius: var(--shell-radius);
+    font-size: 0.8125rem;
+    cursor: pointer;
+    font-weight: 600;
+  }
+</style>

package/dist/app/store/PermissionConfirmModal.svelte.d.ts

@@ -0,0 +1,17 @@
+interface Props {
+    mode: 'install' | 'update';
+    pkg: {
+        label: string;
+        version: string;
+        author?: string;
+    };
+    fromVersion?: string;
+    permissions?: string[];
+    added?: string[];
+    removed?: string[];
+    onConfirm: () => void;
+    onCancel: () => void;
+}
+declare const PermissionConfirmModal: import("svelte").Component<Props, {}, "">;
+type PermissionConfirmModal = ReturnType<typeof PermissionConfirmModal>;
+export default PermissionConfirmModal;

package/dist/app/store/StoreView.svelte

@@ -9,11 +9,14 @@
   import { storeContext } from './storeShard.svelte';
   import { fetchBundle, fetchServerBundle, buildPackageMeta } from '../../registry/client';
   import { installPackage } from '../../registry/installer';
+  import { loadBundleModule, type LoadedBundle } from '../../registry/loader';
+  import { extractBundlePermissions } from '../../registry/permission-descriptions';
   import { serverInstallPackage } from '../../env/client';
   import { contract } from '../../contract';
   import type { ResolvedPackage } from '../../registry/client';
   import type { InstalledPackage } from '../../registry/types';
   import { FRAMEWORK_SHARD_IDS } from '../../api';
+  import PermissionConfirmModal from './PermissionConfirmModal.svelte';
 
   let search = $state('');
   let typeFilter = $state<'all' | 'shard' | 'app'>('all');
@@ -22,6 +25,23 @@
   let installError = $state<string | null>(null);
   let newRegistryUrl = $state('');
 
+  let installModal = $state<null | {
+    pkg: ResolvedPackage;
+    permissions: string[];
+    loaded: LoadedBundle;
+    bundle: ArrayBuffer;
+    meta: ReturnType<typeof buildPackageMeta>;
+    serverBundle: ArrayBuffer | undefined;
+  }>(null);
+
+  let updateModal = $state<null | {
+    pkg: ResolvedPackage;
+    fromVersion: string;
+    added: string[];
+    removed: string[];
+    resolve: (ok: boolean) => void;
+  }>(null);
+
   const ctx = storeContext;
 
   async function handleAddRegistry() {
@@ -93,7 +113,25 @@
     installError = null;
 
     try {
-      await ctx.updatePackage(id);
+      await ctx.updatePackage(id, (added, removed) => {
+        return new Promise<boolean>((resolve) => {
+          const pkg = ctx.state.ephemeral.updatable[id];
+          const installed = ctx.state.ephemeral.installed.find(
+            (p: InstalledPackage) => p.id === id,
+          );
+          if (!pkg || !installed) {
+            resolve(true);
+            return;
+          }
+          updateModal = {
+            pkg,
+            fromVersion: installed.version,
+            added,
+            removed,
+            resolve,
+          };
+        });
+      });
     } catch (err) {
       installError = err instanceof Error ? err.message : String(err);
     } finally {
@@ -103,6 +141,20 @@
     }
   }
 
+  function confirmUpdate() {
+    const m = updateModal;
+    if (!m) return;
+    updateModal = null;
+    m.resolve(true);
+  }
+
+  function cancelUpdate() {
+    const m = updateModal;
+    if (!m) return;
+    updateModal = null;
+    m.resolve(false);
+  }
+
   async function handleInstall(pkg: ResolvedPackage) {
     const id = pkg.entry.id;
     if (installingIds.has(id)) return;
@@ -115,13 +167,37 @@
       const bundle = await fetchBundle(pkg.latest, pkg.sourceRegistry);
       const meta = buildPackageMeta(pkg, pkg.latest);
 
-      // 2. Fetch the server bundle if the package declares one.
+      // 2. Load the module once, extract permissions for the confirmation
+      //    modal, and reuse the loaded reference on install.
+      const loaded = await loadBundleModule(bundle);
+      const permissions = extractBundlePermissions(loaded);
+
+      // 3. Fetch the server bundle upfront so the modal is the last blocker.
       let serverBundle: ArrayBuffer | undefined;
       if (pkg.latest.serverBundleUrl) {
         serverBundle = await fetchServerBundle(pkg.latest, pkg.sourceRegistry);
       }
 
-      // 3. Upload to server for persistent storage.
+      // 4. Show the confirmation modal. The actual install happens in
+      //    confirmInstall() once the user clicks Install.
+      installModal = { pkg, permissions, loaded, bundle, meta, serverBundle };
+    } catch (err) {
+      installError = err instanceof Error ? err.message : String(err);
+      const next = new Set(installingIds);
+      next.delete(id);
+      installingIds = next;
+    }
+  }
+
+  async function confirmInstall() {
+    const ctxModal = installModal;
+    if (!ctxModal) return;
+    installModal = null;
+
+    const { pkg, loaded, bundle, meta, serverBundle } = ctxModal;
+    const id = pkg.entry.id;
+
+    try {
       const manifest = {
         id: meta.id,
         type: meta.type,
@@ -138,8 +214,7 @@
         return;
       }
 
-      // 4. Also install locally for immediate hot-load.
-      const result = await installPackage(bundle, meta);
+      const result = await installPackage(bundle, meta, { loaded });
       if (!result.success) {
         console.warn(`[sh3-store] Server install ok but local hot-load failed: ${result.error}`);
       }
@@ -154,6 +229,15 @@
     }
   }
 
+  function cancelInstall() {
+    if (!installModal) return;
+    const id = installModal.pkg.entry.id;
+    installModal = null;
+    const next = new Set(installingIds);
+    next.delete(id);
+    installingIds = next;
+  }
+
   function handleRefresh() {
     ctx.refreshCatalog();
     ctx.refreshInstalled();
@@ -296,6 +380,36 @@
   {/if}
 </div>
 
+{#if installModal}
+  <PermissionConfirmModal
+    mode="install"
+    pkg={{
+      label: installModal.pkg.entry.label,
+      version: installModal.pkg.latest.version,
+      author: installModal.pkg.entry.author.name,
+    }}
+    permissions={installModal.permissions}
+    onConfirm={confirmInstall}
+    onCancel={cancelInstall}
+  />
+{/if}
+
+{#if updateModal}
+  <PermissionConfirmModal
+    mode="update"
+    pkg={{
+      label: updateModal.pkg.entry.label,
+      version: updateModal.pkg.latest.version,
+      author: updateModal.pkg.entry.author.name,
+    }}
+    fromVersion={updateModal.fromVersion}
+    added={updateModal.added}
+    removed={updateModal.removed}
+    onConfirm={confirmUpdate}
+    onCancel={cancelUpdate}
+  />
+{/if}
+
 <style>
   .store-view {
     font-family: var(--shell-font-ui);

package/dist/app/store/storeShard.svelte.d.ts

@@ -3,6 +3,15 @@ import type { StateZones } from '../../state/zones.svelte';
 import type { ResolvedPackage } from '../../registry/client';
 import type { InstalledPackage } from '../../registry/types';
 import type { EnvState } from '../../env/types';
+/**
+ * Compute added and removed permissions between two manifest snapshots.
+ * Order within each array follows the input order of `newPerms` (for added)
+ * and `oldPerms` (for removed). No duplicates — both inputs assumed unique.
+ */
+export declare function diffPermissions(oldPerms: string[], newPerms: string[]): {
+    added: string[];
+    removed: string[];
+};
 /** Env state shape — server-authoritative config. */
 interface StoreEnvSchema {
     [key: string]: unknown;
@@ -25,7 +34,7 @@ export interface StoreContext {
     isAdmin: boolean;
     refreshCatalog(): Promise<void>;
     refreshInstalled(): Promise<void>;
-    updatePackage(id: string): Promise<void>;
+    updatePackage(id: string, confirmPermissionChange?: (added: string[], removed: string[]) => Promise<boolean>): Promise<void>;
     addRegistry(url: string): Promise<void>;
     removeRegistry(url: string): Promise<void>;
 }