sh3-server 0.19.5 → 0.20.1

package/dist/index.js

@@ -35,6 +35,8 @@ import { ShardRouter, adminOnly } from './shard-router.js';
 import { scopeRequired, requireCallerScope } from './scope.js';
 import { registerTenantFsRoutes } from './tenant-fs/index.js';
 import shellShardServer from './shell-shard/index.js';
+import { MountStore } from './mounts/store.js';
+import { MountedPathResolver } from './mounts/resolver.js';
 export async function createServer(options = {}) {
     const port = options.port ?? 3000;
     const dataDir = options.dataDir ?? './data';
@@ -53,9 +55,17 @@ export async function createServer(options = {}) {
     const users = new UserStore(dataDir);
     const settings = new SettingsStore(dataDir);
     const projects = new ProjectStore(dataDir);
-    // --no-auth: disable auth enforcement (Tauri sidecar / local-owner mode)
-    if (options.noAuth) {
-        settings.update({ auth: { required: false, guestAllowed: true } });
+    // Mount system
+    const mountStore = new MountStore(dataDir);
+    const mountResolver = new MountedPathResolver(mountStore);
+    // --local: bootstrap the synthetic owner so guards see a real admin session.
+    if (options.localMode) {
+        users.upsertSynthetic({
+            id: 'local',
+            username: 'local',
+            displayName: 'Local Owner',
+            role: 'admin',
+        });
     }
     const sessions = new SessionStore(settings.get().auth.sessionTTL);
     const app = new Hono();
@@ -113,16 +123,16 @@ export async function createServer(options = {}) {
     }
     app.get('/api/version', (c) => c.json({ version: serverVersion }));
     // Boot config
-    app.route('/api/boot', createBootRouter(sessions, users, settings, serverVersion));
+    app.route('/api/boot', createBootRouter(sessions, users, settings, serverVersion, options.localMode ?? false));
     // Auth endpoints (login, logout, register, verify)
     app.route('/api/auth', createAuthRouter(keys, users, sessions, settings));
     // --- Session-gated routes ---
-    app.use('/api/*', sessionAuth(sessions, settings, keys));
+    app.use('/api/*', sessionAuth(sessions, keys));
     app.use('/api/*', resolveCaller(keys, projects));
     // Document backend API — gated by sessionAuth + resolveCaller (mounted above).
     // The router itself enforces scopeAccessMatch and the __-prefix reservation.
-    // Settings is threaded so scopeAccessMatch respects open / no-auth mode.
     const docStore = createScopedDocStore(dataDir);
+    docStore.setMountResolver(mountResolver);
     app.route('/api/docs', createDocsRouter(docStore, {
         settings,
         projectStore: projects,
@@ -183,12 +193,12 @@ export async function createServer(options = {}) {
     });
     // --- Admin-gated routes ---
     // Admin API
-    const adminRouter = createAdminRouter(users, settings, sessions, keys, dataDir);
-    app.use('/api/admin/*', adminAuth(sessions, keys, settings));
+    const adminRouter = createAdminRouter(users, settings, sessions, keys, dataDir, mountStore, mountResolver);
+    app.use('/api/admin/*', adminAuth());
     app.route('/api/admin', adminRouter);
     // Package management (install/uninstall) — admin-gated
-    app.use('/api/packages/install', adminAuth(sessions, keys, settings));
-    app.use('/api/packages/uninstall', adminAuth(sessions, keys, settings));
+    app.use('/api/packages/install', adminAuth());
+    app.use('/api/packages/uninstall', adminAuth());
     const frameworkShardIds = ['__sh3core__', 'shell', 'sh3-store', 'sh3-admin'];
     app.route('/api/packages', createPackageManagementRoutes(shardRouter, dataDir, keys, settings, wsRegister, docStore, frameworkShardIds));
     // Serve client bundles from discovered packages
@@ -213,7 +223,7 @@ export async function createServer(options = {}) {
             shardId: 'shell',
             dataDir: shellDataDir,
             permissions: [],
-            adminOnly: adminOnly(keys, settings),
+            adminOnly: adminOnly(),
             scopeRequired,
             tenantRequired: requireCallerScope,
             wsRegister,
@@ -225,7 +235,6 @@ export async function createServer(options = {}) {
     registerTenantFsRoutes(app, {
         dataDir,
         rootBase: settings.get().tenants?.rootBase ?? '',
-        settings,
         maxReadBytes: 10 * 1024 * 1024,
     });
     // Dynamic shard routes (packages). The catch-all comes after static

package/dist/middleware/project-allowlist.d.ts

@@ -5,6 +5,10 @@
  * only target shards owned by allowlisted apps, plus the framework shards
  * listed in FRAMEWORK_SHARDS. Personal scopes are not subject to allowlists.
  *
+ * An empty appAllowlist means no restrictions — all apps can write to the
+ * project. When at least one app is listed, only that app's required shards
+ * (plus framework shards) are permitted.
+ *
  * Reads (GET / HEAD) are unrestricted; the membership check in
  * scopeAccessMatch already gates access to project data. This middleware
  * is layered on top to scope-down what apps can persist into the

package/dist/middleware/project-allowlist.js

@@ -5,6 +5,10 @@
  * only target shards owned by allowlisted apps, plus the framework shards
  * listed in FRAMEWORK_SHARDS. Personal scopes are not subject to allowlists.
  *
+ * An empty appAllowlist means no restrictions — all apps can write to the
+ * project. When at least one app is listed, only that app's required shards
+ * (plus framework shards) are permitted.
+ *
  * Reads (GET / HEAD) are unrestricted; the membership check in
  * scopeAccessMatch already gates access to project data. This middleware
  * is layered on top to scope-down what apps can persist into the
@@ -32,18 +36,28 @@ export function projectAppAllowlist(opts) {
         if (FRAMEWORK_SHARDS.includes(shard))
             return next();
         const allowed = new Set(FRAMEWORK_SHARDS);
-        for (const appId of project.appAllowlist) {
-            const app = opts.appRegistry.get(appId);
-            if (!app)
-                continue;
-            for (const s of app.manifest.requiredShards)
-                allowed.add(s);
+        // Empty allowlist means no restrictions — all apps can write.
+        if (project.appAllowlist.length > 0) {
+            for (const appId of project.appAllowlist) {
+                const app = opts.appRegistry.get(appId);
+                if (app) {
+                    for (const s of app.manifest.requiredShards)
+                        allowed.add(s);
+                }
+                else {
+                    // App not found in the server manifest registry — fall back to
+                    // allowing the appId itself as a shard id (common convention).
+                    allowed.add(appId);
+                }
+            }
+            if (!allowed.has(shard)) {
+                return c.json({
+                    error: `Shard "${shard}" is not in the project's app allowlist`,
+                    project: project.id,
+                }, 403);
+            }
         }
-        if (allowed.has(shard))
-            return next();
-        return c.json({
-            error: `Shard "${shard}" is not in the project's app allowlist`,
-            project: project.id,
-        }, 403);
+        // Empty allowlist or shard in allowed set → pass.
+        return next();
     };
 }

package/dist/mounts/resolver.d.ts

@@ -0,0 +1,21 @@
+import type { MountStore, MountRecord } from './store.js';
+export type MountStatus = 'resolved' | 'unresolved' | 'error';
+export type ResolvedPath = {
+    kind: 'mount';
+    mountId: string;
+    realPath: string;
+} | {
+    kind: 'native';
+} | {
+    kind: 'mount-unresolved';
+    mountId: string;
+    error: string;
+};
+export declare class MountedPathResolver {
+    #private;
+    constructor(store: MountStore);
+    resolve(tenantId: string, docPath: string): ResolvedPath;
+    probe(mountId: string): MountStatus;
+    listTenantMountIds(tenantId: string): string[];
+    getMount(mountId: string): MountRecord | null;
+}

package/dist/mounts/resolver.js

@@ -0,0 +1,41 @@
+import { existsSync } from 'node:fs';
+import { join, resolve as pathResolve } from 'node:path';
+export class MountedPathResolver {
+    #store;
+    constructor(store) {
+        this.#store = store;
+    }
+    resolve(tenantId, docPath) {
+        const mountMatch = docPath.match(/^mounts\/([^/]+)(?:\/(.*))?$/);
+        if (!mountMatch)
+            return { kind: 'native' };
+        const mountId = mountMatch[1];
+        const subPath = mountMatch[2] ?? '';
+        const mount = this.#store.get(mountId);
+        if (!mount) {
+            return { kind: 'mount-unresolved', mountId, error: `Mount "${mountId}" not found` };
+        }
+        if (!this.#store.isAttached(mountId, tenantId)) {
+            return { kind: 'mount-unresolved', mountId, error: `Mount "${mountId}" not attached to tenant "${tenantId}"` };
+        }
+        const realPath = subPath ? join(mount.path, subPath) : mount.path;
+        return { kind: 'mount', mountId, realPath: pathResolve(realPath) };
+    }
+    probe(mountId) {
+        const mount = this.#store.get(mountId);
+        if (!mount)
+            return 'error';
+        try {
+            return existsSync(mount.path) ? 'resolved' : 'unresolved';
+        }
+        catch {
+            return 'error';
+        }
+    }
+    listTenantMountIds(tenantId) {
+        return this.#store.listTenantAttachments(tenantId).map(a => a.mountId);
+    }
+    getMount(mountId) {
+        return this.#store.get(mountId);
+    }
+}

package/dist/mounts/routes.d.ts

@@ -0,0 +1,4 @@
+import { Hono } from 'hono';
+import type { MountStore } from './store.js';
+import type { MountedPathResolver } from './resolver.js';
+export declare function createMountsRouter(store: MountStore, resolver: MountedPathResolver): Hono;

package/dist/mounts/routes.js

@@ -0,0 +1,136 @@
+import { Hono } from 'hono';
+import { readdirSync, statSync } from 'node:fs';
+import { join } from 'node:path';
+export function createMountsRouter(store, resolver) {
+    const router = new Hono();
+    // --- Mounts CRUD ---
+    router.get('/mounts', (c) => {
+        const mounts = store.list().map(m => ({
+            ...m,
+            status: resolver.probe(m.id),
+            attachmentCount: store.listAttachments(m.id).length,
+        }));
+        return c.json(mounts);
+    });
+    router.get('/mounts/:id', (c) => {
+        const id = c.req.param('id');
+        const mount = store.get(id);
+        if (!mount)
+            return c.json({ error: 'Mount not found' }, 404);
+        return c.json({
+            ...mount,
+            status: resolver.probe(id),
+            attachmentCount: store.listAttachments(id).length,
+        });
+    });
+    router.post('/mounts', async (c) => {
+        let body;
+        try {
+            body = await c.req.json();
+        }
+        catch {
+            return c.json({ error: 'Invalid JSON body' }, 400);
+        }
+        if (!body.id || !body.path) {
+            return c.json({ error: 'id and path required' }, 400);
+        }
+        try {
+            const mount = store.create({ id: body.id, label: body.label, path: body.path });
+            const status = resolver.probe(mount.id);
+            const response = { ...mount, status };
+            if (status !== 'resolved') {
+                response.warning = `Path "${mount.path}" does not exist on the server. Mount created but will be unavailable until the path exists.`;
+            }
+            return c.json(response, 201);
+        }
+        catch (err) {
+            return c.json({ error: err instanceof Error ? err.message : 'Failed to create mount' }, 409);
+        }
+    });
+    router.put('/mounts/:id', async (c) => {
+        const id = c.req.param('id');
+        let body;
+        try {
+            body = await c.req.json();
+        }
+        catch {
+            return c.json({ error: 'Invalid JSON body' }, 400);
+        }
+        const updated = store.update(id, body ?? {});
+        if (!updated)
+            return c.json({ error: 'Mount not found' }, 404);
+        return c.json({ ...updated, status: resolver.probe(id) });
+    });
+    router.delete('/mounts/:id', (c) => {
+        const id = c.req.param('id');
+        if (!store.delete(id))
+            return c.json({ error: 'Mount not found' }, 404);
+        return c.body(null, 204);
+    });
+    // --- Browse mount directory ---
+    router.get('/mounts/:id/browse', (c) => {
+        const id = c.req.param('id');
+        const mount = store.get(id);
+        if (!mount)
+            return c.json({ error: 'Mount not found' }, 404);
+        try {
+            const entries = readdirSync(mount.path, { withFileTypes: true });
+            const listing = entries.map(e => ({
+                name: e.name,
+                kind: e.isDirectory() ? 'directory' : 'file',
+                ...(e.isFile() ? { size: statSync(join(mount.path, e.name)).size } : {}),
+            }));
+            return c.json(listing);
+        }
+        catch {
+            return c.json({ error: `Cannot read mount path: ${mount.path}` }, 503);
+        }
+    });
+    // --- Attachments CRUD ---
+    router.get('/mount-attachments', (c) => {
+        const mountId = c.req.query('mountId');
+        const tenantId = c.req.query('tenantId');
+        if (mountId)
+            return c.json(store.listAttachments(mountId));
+        if (tenantId)
+            return c.json(store.listTenantAttachments(tenantId));
+        return c.json({ error: 'Provide mountId or tenantId query param' }, 400);
+    });
+    router.post('/mount-attachments', async (c) => {
+        let body;
+        try {
+            body = await c.req.json();
+        }
+        catch {
+            return c.json({ error: 'Invalid JSON body' }, 400);
+        }
+        if (!body.mountId || !body.tenantId) {
+            return c.json({ error: 'mountId and tenantId required' }, 400);
+        }
+        if (!store.get(body.mountId)) {
+            return c.json({ error: `Mount "${body.mountId}" not found` }, 404);
+        }
+        const att = store.attach(body.mountId, body.tenantId);
+        return c.json(att, 201);
+    });
+    router.delete('/mount-attachments', async (c) => {
+        let body;
+        try {
+            body = await c.req.json();
+        }
+        catch {
+            return c.json({ error: 'Invalid JSON body' }, 400);
+        }
+        if (!body.mountId || !body.tenantId) {
+            return c.json({ error: 'mountId and tenantId required' }, 400);
+        }
+        store.detach(body.mountId, body.tenantId);
+        return c.body(null, 204);
+    });
+    // --- Per-tenant attachment listing ---
+    router.get('/tenants/:id/attachments', (c) => {
+        const tenantId = c.req.param('id');
+        return c.json(store.listTenantAttachments(tenantId));
+    });
+    return router;
+}

package/dist/mounts/store.d.ts

@@ -0,0 +1,30 @@
+export interface MountRecord {
+    id: string;
+    label?: string;
+    path: string;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface MountAttachment {
+    mountId: string;
+    tenantId: string;
+    attachedAt: string;
+}
+export declare class MountStore {
+    #private;
+    constructor(dataDir: string);
+    create(input: {
+        id: string;
+        label?: string;
+        path: string;
+    }): MountRecord;
+    get(id: string): MountRecord | null;
+    list(): MountRecord[];
+    update(id: string, patch: Partial<Pick<MountRecord, 'label' | 'path'>>): MountRecord | null;
+    delete(id: string): boolean;
+    attach(mountId: string, tenantId: string): MountAttachment;
+    detach(mountId: string, tenantId: string): void;
+    listAttachments(mountId: string): MountAttachment[];
+    listTenantAttachments(tenantId: string): MountAttachment[];
+    isAttached(mountId: string, tenantId: string): boolean;
+}

package/dist/mounts/store.js

@@ -0,0 +1,115 @@
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from 'node:fs';
+import { dirname } from 'node:path';
+export class MountStore {
+    #mountsPath;
+    #attachmentsPath;
+    #mounts = [];
+    #attachments = [];
+    constructor(dataDir) {
+        this.#mountsPath = `${dataDir}/mounts.json`;
+        this.#attachmentsPath = `${dataDir}/mount-attachments.json`;
+        this.#load();
+    }
+    #load() {
+        if (existsSync(this.#mountsPath)) {
+            try {
+                const data = JSON.parse(readFileSync(this.#mountsPath, 'utf-8'));
+                this.#mounts = data.mounts ?? [];
+            }
+            catch {
+                this.#mounts = [];
+            }
+        }
+        if (existsSync(this.#attachmentsPath)) {
+            try {
+                const data = JSON.parse(readFileSync(this.#attachmentsPath, 'utf-8'));
+                this.#attachments = data.attachments ?? [];
+            }
+            catch {
+                this.#attachments = [];
+            }
+        }
+    }
+    #saveMounts() {
+        mkdirSync(dirname(this.#mountsPath), { recursive: true });
+        writeFileSync(this.#mountsPath, JSON.stringify({ mounts: this.#mounts }, null, 2));
+    }
+    #saveAttachments() {
+        mkdirSync(dirname(this.#attachmentsPath), { recursive: true });
+        writeFileSync(this.#attachmentsPath, JSON.stringify({ attachments: this.#attachments }, null, 2));
+    }
+    create(input) {
+        if (this.#mounts.some(m => m.id === input.id)) {
+            throw new Error(`Mount "${input.id}" already exists`);
+        }
+        const now = new Date().toISOString();
+        const record = {
+            id: input.id,
+            label: input.label,
+            path: input.path,
+            createdAt: now,
+            updatedAt: now,
+        };
+        this.#mounts.push(record);
+        this.#saveMounts();
+        return { ...record };
+    }
+    get(id) {
+        return this.#mounts.find(m => m.id === id) ?? null;
+    }
+    list() {
+        return [...this.#mounts];
+    }
+    update(id, patch) {
+        const mount = this.#mounts.find(m => m.id === id);
+        if (!mount)
+            return null;
+        if (patch.label !== undefined)
+            mount.label = patch.label;
+        if (patch.path !== undefined)
+            mount.path = patch.path;
+        mount.updatedAt = new Date().toISOString();
+        this.#saveMounts();
+        return { ...mount };
+    }
+    delete(id) {
+        const before = this.#mounts.length;
+        this.#mounts = this.#mounts.filter(m => m.id !== id);
+        if (this.#mounts.length < before) {
+            this.#attachments = this.#attachments.filter(a => a.mountId !== id);
+            this.#saveMounts();
+            this.#saveAttachments();
+            return true;
+        }
+        return false;
+    }
+    attach(mountId, tenantId) {
+        const existing = this.#attachments.find(a => a.mountId === mountId && a.tenantId === tenantId);
+        if (existing)
+            return { ...existing };
+        const att = {
+            mountId,
+            tenantId,
+            attachedAt: new Date().toISOString(),
+        };
+        this.#attachments.push(att);
+        this.#saveAttachments();
+        return { ...att };
+    }
+    detach(mountId, tenantId) {
+        const before = this.#attachments.length;
+        this.#attachments = this.#attachments.filter(a => !(a.mountId === mountId && a.tenantId === tenantId));
+        if (this.#attachments.length < before) {
+            this.#saveAttachments();
+        }
+    }
+    listAttachments(mountId) {
+        return this.#attachments.filter(a => a.mountId === mountId);
+    }
+    listTenantAttachments(tenantId) {
+        return this.#attachments.filter(a => a.tenantId === tenantId);
+    }
+    isAttached(mountId, tenantId) {
+        return this.#attachments.some(a => a.mountId === mountId && a.tenantId === tenantId);
+    }
+}

package/dist/routes/admin.d.ts

@@ -7,4 +7,6 @@ import type { UserStore } from '../users.js';
 import type { SettingsStore } from '../settings.js';
 import type { SessionStore } from '../sessions.js';
 import type { KeyStore } from '../keys.js';
-export declare function createAdminRouter(users: UserStore, settings: SettingsStore, sessions: SessionStore, keys: KeyStore, dataDir: string): Hono;
+import type { MountStore } from '../mounts/store.js';
+import type { MountedPathResolver } from '../mounts/resolver.js';
+export declare function createAdminRouter(users: UserStore, settings: SettingsStore, sessions: SessionStore, keys: KeyStore, dataDir: string, mountStore?: MountStore, mountResolver?: MountedPathResolver): Hono;

package/dist/routes/admin.js

@@ -6,7 +6,8 @@ import { Hono } from 'hono';
 import { execFile } from 'node:child_process';
 import { existsSync } from 'node:fs';
 import { join } from 'node:path';
-export function createAdminRouter(users, settings, sessions, keys, dataDir) {
+import { createMountsRouter } from '../mounts/routes.js';
+export function createAdminRouter(users, settings, sessions, keys, dataDir, mountStore, mountResolver) {
     const router = new Hono();
     // --- Users CRUD ---
     router.get('/users', (c) => {
@@ -126,5 +127,9 @@ export function createAdminRouter(users, settings, sessions, keys, dataDir) {
             return c.json({ error: 'Key not found' }, 404);
         return c.body(null, 204);
     });
+    // Mount management routes (if stores provided)
+    if (mountStore && mountResolver) {
+        router.route('/', createMountsRouter(mountStore, mountResolver));
+    }
     return router;
 }

package/dist/routes/boot.d.ts

@@ -3,9 +3,15 @@
  *
  * Returns everything the client needs to decide how to render:
  * auth requirements, current session, user, and tenant ID.
+ *
+ * When localMode is true (Tauri sidecar), the route ensures a session
+ * for the local owner: if no valid session is on the request, a new
+ * one is minted against the SessionStore and returned in the response
+ * body. The client then carries it as Authorization: Bearer on
+ * subsequent calls.
  */
 import { Hono } from 'hono';
 import type { SessionStore } from '../sessions.js';
 import type { UserStore } from '../users.js';
 import type { SettingsStore } from '../settings.js';
-export declare function createBootRouter(sessions: SessionStore, users: UserStore, settings: SettingsStore, version: string): Hono;
+export declare function createBootRouter(sessions: SessionStore, users: UserStore, settings: SettingsStore, version: string, localMode?: boolean): Hono;

package/dist/routes/boot.js

@@ -3,14 +3,20 @@
  *
  * Returns everything the client needs to decide how to render:
  * auth requirements, current session, user, and tenant ID.
+ *
+ * When localMode is true (Tauri sidecar), the route ensures a session
+ * for the local owner: if no valid session is on the request, a new
+ * one is minted against the SessionStore and returned in the response
+ * body. The client then carries it as Authorization: Bearer on
+ * subsequent calls.
  */
 import { Hono } from 'hono';
 import { randomUUID } from 'node:crypto';
-export function createBootRouter(sessions, users, settings, version) {
+export function createBootRouter(sessions, users, settings, version, localMode = false) {
     const router = new Hono();
     router.get('/', (c) => {
         const config = settings.get();
-        // Try to extract session
+        // Try to extract session from cookie or Authorization header
         let session = null;
         const cookie = c.req.raw.headers.get('cookie');
         if (cookie) {
@@ -24,13 +30,17 @@ export function createBootRouter(sessions, users, settings, version) {
                 session = sessions.validate(auth.slice(7));
             }
         }
+        // localMode: ensure a session for the local owner.
+        if (localMode && !session) {
+            session = sessions.create('local', 'admin');
+        }
         const user = session ? users.get(session.userId) : null;
         // Determine tenant ID
         let tenantId;
         if (user) {
             tenantId = user.id;
         }
-        else if (!config.auth.required || config.auth.guestAllowed) {
+        else if (config.auth.guestAllowed) {
             tenantId = `guest_${randomUUID()}`;
         }
         else {
@@ -38,7 +48,6 @@ export function createBootRouter(sessions, users, settings, version) {
         }
         return c.json({
             auth: {
-                required: config.auth.required,
                 guestAllowed: config.auth.guestAllowed,
                 selfRegistration: config.auth.selfRegistration,
             },

package/dist/routes/docs.js

@@ -24,8 +24,8 @@ export function createDocsRouter(store, options = {}) {
         ? { settings: options }
         : options;
     const router = new Hono();
-    router.use('/:scope/*', scopeAccessMatch('scope', opts.settings));
-    router.use('/:scope', scopeAccessMatch('scope', opts.settings));
+    router.use('/:scope/*', scopeAccessMatch('scope'));
+    router.use('/:scope', scopeAccessMatch('scope'));
     if (opts.projectStore && opts.appRegistry) {
         router.use('/:scope/:shard/*', projectAppAllowlist({ projectStore: opts.projectStore, appRegistry: opts.appRegistry }));
     }
@@ -157,6 +157,31 @@ export function createDocsRouter(store, options = {}) {
             const meta = await store.readMeta(scope, shard, body.to);
             return c.json({ ok: true, version: meta?.version });
         }
+        if (rawPath.endsWith('/transfer')) {
+            const filePath = rawPath.replace(/\/transfer$/, '');
+            if (!filePath)
+                return c.json({ error: 'Missing file path' }, 400);
+            const body = await c.req.json().catch(() => null);
+            if (!body || typeof body.targetScope !== 'string' || body.targetScope.length === 0) {
+                return c.json({ error: 'Body must include { targetScope: string }' }, 400);
+            }
+            if (body.targetScope === scope) {
+                return c.json({ error: 'targetScope must differ from source scope' }, 400);
+            }
+            const caller = c.get('caller');
+            if (caller && !caller.accessibleScopes.includes(body.targetScope)) {
+                return c.json({ error: `Caller is not a member of scope "${body.targetScope}"` }, 403);
+            }
+            const targetShard = body.targetShardId ?? shard;
+            const content = await store.read(scope, shard, filePath);
+            if (content === null)
+                return c.json({ error: 'Source document not found' }, 404);
+            await store.write(body.targetScope, targetShard, filePath, content);
+            if (body.delete) {
+                await store.delete(scope, shard, filePath);
+            }
+            return c.json({ ok: true, [body.delete ? 'deleted' : 'copied']: true });
+        }
         return c.json({ error: 'Unknown docs POST endpoint' }, 404);
     });
     // Write

package/dist/routes/projects.d.ts

@@ -1,9 +1,7 @@
 /**
- * Projects HTTP API.
+ * Projects routes — admin-only management + member-visible listing.
  *
  * - GET    /              — list projects the caller is a member of
- * - GET    /all           — admin: list every project
- * - GET    /:id           — fetch one (member or admin)
  * - POST   /              — admin: create a project
  * - PATCH  /:id           — admin: mutate a project
  * - DELETE /:id           — admin: delete a project

package/dist/routes/projects.js

@@ -1,9 +1,7 @@
 /**
- * Projects HTTP API.
+ * Projects routes — admin-only management + member-visible listing.
  *
  * - GET    /              — list projects the caller is a member of
- * - GET    /all           — admin: list every project
- * - GET    /:id           — fetch one (member or admin)
  * - POST   /              — admin: create a project
  * - PATCH  /:id           — admin: mutate a project
  * - DELETE /:id           — admin: delete a project