sh3-server 0.8.2 → 0.9.0

package/dist/shard-router.js

@@ -4,7 +4,6 @@ import { mkdirSync, readFileSync } from 'node:fs';
 import { join } from 'node:path';
 import { scopeRequired, tenantRequired } from './scope.js';
 import { pathToFileURL } from 'node:url';
-import { getSyncBundle, createSyncHandle, createSyncRegistry } from 'sh3-core/server-sync';
 /** Middleware requiring the caller's scope set to include admin:*. */
 export function adminOnly(_keys, settings) {
     return async (c, next) => {
@@ -16,36 +15,62 @@ export function adminOnly(_keys, settings) {
         return c.json({ error: 'Admin privileges required' }, 403);
     };
 }
-const PERMISSION_DOCUMENTS_SYNC = 'documents:sync';
 /**
- * Build a ServerShardContext object for the given shard, wiring
- * sync/syncRegistry based on the declared permissions.
+ * Build the shard-facing TenantDocumentAPI for a given calling shard, tenant,
+ * and permission set. Each operation is permission-checked at call time so
+ * grants can change between boot and request.
  */
-export function buildShardCtx(shardId, dataDir, permissions, keys, settings, wsRegister, documentBackend) {
-    const hasSync = permissions.includes(PERMISSION_DOCUMENTS_SYNC);
-    const ctx = {
-        shardId,
-        dataDir,
-        permissions,
-        adminOnly: adminOnly(keys, settings),
-        scopeRequired,
-        tenantRequired,
-        wsRegister,
-    };
-    ctx.sync = async (tenantId, connectorId) => {
-        if (!hasSync) {
-            throw new Error(`Shard "${shardId}" cannot call ctx.sync — missing '${PERMISSION_DOCUMENTS_SYNC}' permission in manifest.`);
-        }
-        const { engine, registry } = await getSyncBundle(documentBackend, tenantId);
-        return createSyncHandle({ tenantId, connectorId, engine, registry });
-    };
-    ctx.syncRegistry = (tenantId) => {
-        if (!hasSync) {
-            throw new Error(`Shard "${shardId}" cannot call ctx.syncRegistry — missing '${PERMISSION_DOCUMENTS_SYNC}' permission in manifest.`);
-        }
-        return createSyncRegistry(documentBackend, tenantId);
+function makeTenantDocumentAPI(store, tenant, callingShardId, permissions) {
+    const hasSyncPeer = permissions.includes('sync:peer');
+    const hasSyncPolicy = permissions.includes('sync:policy');
+    return {
+        read: (shardId, path) => store.read(tenant, shardId, path),
+        exists: (shardId, path) => store.exists(tenant, shardId, path),
+        list: (shardId) => store.list(tenant, shardId),
+        listAll: () => store.listAll(tenant),
+        write: (shardId, path, content, metadata) => {
+            if (shardId !== callingShardId && !hasSyncPeer) {
+                throw new Error(`Shard "${callingShardId}" cannot write to shard "${shardId}" without sync:peer`);
+            }
+            return store.write(tenant, shardId, path, content, metadata);
+        },
+        delete: (shardId, path) => {
+            if (shardId !== callingShardId && !hasSyncPeer) {
+                throw new Error(`Shard "${callingShardId}" cannot delete from shard "${shardId}" without sync:peer`);
+            }
+            return store.delete(tenant, shardId, path);
+        },
+        applyFromPeer: (input) => {
+            if (!hasSyncPeer)
+                throw new Error('sync:peer permission required');
+            return store.applyFromPeer(tenant, {
+                ...input,
+                content: input.content,
+            });
+        },
+        getTick: () => {
+            if (!hasSyncPeer)
+                throw new Error('sync:peer permission required');
+            return store.getTick(tenant);
+        },
+        readPolicy: () => store.readPolicy(tenant),
+        writePolicy: (policy) => {
+            if (!hasSyncPolicy)
+                throw new Error('sync:policy permission required');
+            return store.writePolicy(tenant, policy);
+        },
+        listConflicts: () => {
+            if (!hasSyncPeer)
+                throw new Error('sync:peer permission required');
+            return store.listConflicts(tenant);
+        },
+        readConflict: (shardId, path) => {
+            if (!hasSyncPeer)
+                throw new Error('sync:peer permission required');
+            return store.readConflict(tenant, shardId, path);
+        },
+        resolveConflict: (shardId, path, choice) => store.resolveConflict(tenant, shardId, path, choice),
     };
-    return ctx;
 }
 /**
  * Dynamic shard route manager. Holds a Map of shard Hono sub-apps
@@ -60,27 +85,14 @@ export class ShardRouter {
     async mount(shardId, serverJsPath, ctx) {
         const fileUrl = pathToFileURL(serverJsPath).href + `?t=${Date.now()}`;
         const mod = await import(fileUrl);
-        const shard = mod.default ?? mod;
+        const shard = (mod.default ?? mod);
         if (typeof shard.id !== 'string' || typeof shard.routes !== 'function') {
             throw new Error(`${shardId}/server.js invalid export shape — expected { id, routes }`);
         }
-        const shardDataDir = join(ctx.pkgDir, 'data');
-        const manifestPath = join(ctx.pkgDir, 'manifest.json');
-        let permissions = [];
-        try {
-            const manifest = JSON.parse(readFileSync(manifestPath, 'utf-8'));
-            permissions = Array.isArray(manifest.permissions) ? manifest.permissions : [];
-        }
-        catch {
-            // Framework built-ins (mountStatic) may have no sibling manifest; default to empty.
-        }
         const router = new Hono();
-        const shardCtx = buildShardCtx(shard.id, shardDataDir, permissions, ctx.keys, ctx.settings, ctx.wsRegister, ctx.documentBackend);
-        await shard.routes(router, shardCtx);
-        // Create data dir only after routes() succeeds — so a failure
-        // doesn't leave behind a dir that prevents install rollback cleanup.
-        mkdirSync(shardDataDir, { recursive: true });
-        this.shards.set(shardId, router);
+        await shard.routes(router, this.#buildContext(shard.id, ctx));
+        mkdirSync(join(ctx.pkgDir, 'data'), { recursive: true });
+        this.shards.set(shardId, { app: router, shard });
         console.log(`[sh3]   ${shardId} — server routes mounted at /api/${shardId}/`);
     }
     /**
@@ -92,6 +104,13 @@ export class ShardRouter {
         if (typeof mod.id !== 'string' || typeof mod.routes !== 'function') {
             throw new Error(`${shardId} static mount — expected { id, routes }, got ${typeof mod}`);
         }
+        const router = new Hono();
+        await mod.routes(router, this.#buildContext(mod.id, ctx));
+        mkdirSync(join(ctx.pkgDir, 'data'), { recursive: true });
+        this.shards.set(shardId, { app: router, shard: mod });
+        console.log(`[sh3]   ${shardId} — static server routes mounted at /api/${shardId}/`);
+    }
+    #buildContext(shardId, ctx) {
         const shardDataDir = join(ctx.pkgDir, 'data');
         const manifestPath = join(ctx.pkgDir, 'manifest.json');
         let permissions = [];
@@ -102,20 +121,53 @@ export class ShardRouter {
         catch {
             // Framework built-ins (mountStatic) may have no sibling manifest; default to empty.
         }
-        const router = new Hono();
-        const shardCtx = buildShardCtx(mod.id, shardDataDir, permissions, ctx.keys, ctx.settings, ctx.wsRegister, ctx.documentBackend);
-        await mod.routes(router, shardCtx);
-        mkdirSync(shardDataDir, { recursive: true });
-        this.shards.set(shardId, router);
-        console.log(`[sh3]   ${shardId} — static server routes mounted at /api/${shardId}/`);
+        const docStore = ctx.docStore;
+        // Hono's MiddlewareHandler uses a concrete Context generic that isn't
+        // assignable to sh3-core's framework-agnostic stand-in (c: unknown).
+        // Cast once at assembly — shards only call the handlers, never introspect.
+        const ctxOut = {
+            shardId,
+            dataDir: shardDataDir,
+            permissions,
+            adminOnly: adminOnly(ctx.keys, ctx.settings),
+            scopeRequired,
+            tenantRequired,
+            wsRegister: ctx.wsRegister,
+            tenants: () => docStore.listTenantsSync(),
+            documents: (tenant) => makeTenantDocumentAPI(docStore, tenant, shardId, permissions),
+            setPeerRole: (tenant, role) => {
+                if (!permissions.includes('sync:peer'))
+                    return; // silent no-op
+                docStore.roles.set(tenant, role);
+            },
+        };
+        return ctxOut;
     }
-    /** Remove a shard's routes. */
-    unmount(shardId) {
-        const removed = this.shards.delete(shardId);
-        if (removed) {
-            console.log(`[sh3]   ${shardId} — server routes unmounted`);
+    /** Remove a shard's routes. Calls `teardown()` if the shard defined one. */
+    async unmount(shardId) {
+        const entry = this.shards.get(shardId);
+        if (!entry)
+            return false;
+        try {
+            await entry.shard.teardown?.();
+        }
+        catch (err) {
+            console.error(`[sh3] teardown failed for shard "${shardId}":`, err);
+        }
+        this.shards.delete(shardId);
+        console.log(`[sh3]   ${shardId} — server routes unmounted`);
+        return true;
+    }
+    /** Call teardown on every mounted shard without clearing the registry. */
+    async unmountAll() {
+        for (const [id, entry] of this.shards) {
+            try {
+                await entry.shard.teardown?.();
+            }
+            catch (err) {
+                console.error(`[sh3] teardown failed for shard "${id}":`, err);
+            }
         }
-        return removed;
     }
     /**
      * Hono handler for the wildcard route.
@@ -124,8 +176,8 @@ export class ShardRouter {
     handler() {
         return async (c, next) => {
             const shardId = c.req.param('shardId');
-            const shardApp = this.shards.get(shardId);
-            if (!shardApp) {
+            const entry = this.shards.get(shardId);
+            if (!entry) {
                 return next();
             }
             try {
@@ -143,7 +195,7 @@ export class ShardRouter {
                 });
                 // Forward session from upstream sessionAuth so shard middleware can see it
                 const env = { ...c.env, session: c.get('session') ?? null };
-                return await shardApp.fetch(strippedRequest, env);
+                return await entry.app.fetch(strippedRequest, env);
             }
             catch (err) {
                 console.error(`[sh3] Shard "${shardId}" runtime error:`, err);
@@ -155,8 +207,8 @@ export class ShardRouter {
     listRoutes() {
         const routes = [];
         const seen = new Set();
-        for (const [shardId, app] of this.shards) {
-            for (const r of app.routes) {
+        for (const [shardId, entry] of this.shards) {
+            for (const r of entry.app.routes) {
                 const path = `/api/${shardId}${r.path}`;
                 const key = `${r.method} ${path}`;
                 if (seen.has(key))

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sh3-server",
-  "version": "0.8.2",
+  "version": "0.9.0",
   "type": "module",
   "bin": {
     "sh3-server": "dist/cli.js"