tova 0.7.0 → 0.9.4

package/src/config/module-cache.js

@@ -0,0 +1,58 @@
+// Global cache manager for the Tova package manager.
+// Manages the ~/.tova/pkg/ directory where downloaded packages are stored.
+// Provides path resolution, version lookup, and cleanup utilities.
+
+import { join } from 'path';
+import { existsSync, readdirSync, rmSync } from 'fs';
+import { homedir } from 'os';
+import { compareSemver } from './semver.js';
+import { parseModulePath } from './module-path.js';
+
+const DEFAULT_CACHE = join(homedir(), '.tova', 'pkg');
+
+export function getCacheDir(override) {
+  return override || process.env.TOVA_CACHE_DIR || DEFAULT_CACHE;
+}
+
+export function getModuleCachePath(modulePath, version, cacheDir) {
+  const dir = getCacheDir(cacheDir);
+  const parsed = typeof modulePath === 'string' ? parseModulePath(modulePath) : modulePath;
+  return join(dir, parsed.host, parsed.owner, parsed.repo, `v${version}`);
+}
+
+export function isVersionCached(modulePath, version, cacheDir) {
+  const p = getModuleCachePath(modulePath, version, cacheDir);
+  return existsSync(p) && existsSync(join(p, 'tova.toml'));
+}
+
+export function listCachedVersions(modulePath, cacheDir) {
+  const dir = getCacheDir(cacheDir);
+  const parsed = typeof modulePath === 'string' ? parseModulePath(modulePath) : modulePath;
+  const moduleDir = join(dir, parsed.host, parsed.owner, parsed.repo);
+  if (!existsSync(moduleDir)) return [];
+  const entries = readdirSync(moduleDir).filter(e => e.startsWith('v'));
+  const versions = entries.map(e => e.slice(1));
+  return versions.sort((a, b) => compareSemver(a, b));
+}
+
+export function getCompileCachePath(modulePath, version, cacheDir) {
+  const dir = getCacheDir(cacheDir);
+  return join(dir, '.cache', modulePath, `v${version}`);
+}
+
+export function cleanUnusedVersions(modulePath, keepVersions, cacheDir) {
+  const dir = getCacheDir(cacheDir);
+  const parsed = typeof modulePath === 'string' ? parseModulePath(modulePath) : modulePath;
+  const moduleDir = join(dir, parsed.host, parsed.owner, parsed.repo);
+  if (!existsSync(moduleDir)) return [];
+  const entries = readdirSync(moduleDir).filter(e => e.startsWith('v'));
+  const keepSet = new Set(keepVersions.map(v => `v${v}`));
+  const removed = [];
+  for (const entry of entries) {
+    if (!keepSet.has(entry)) {
+      rmSync(join(moduleDir, entry), { recursive: true, force: true });
+      removed.push(entry.slice(1));
+    }
+  }
+  return removed.sort((a, b) => compareSemver(a, b));
+}

package/src/config/module-entry.js

@@ -0,0 +1,37 @@
+// src/config/module-entry.js
+import { join } from 'path';
+import { existsSync } from 'fs';
+
+const ENTRY_CANDIDATES = [
+  'src/lib.tova',
+  'lib.tova',
+  'index.tova',
+  'src/index.tova',
+  'src/main.tova',
+  'main.tova',
+];
+
+/**
+ * Finds the entry point .tova file for a module.
+ * Checks: explicit entry → src/lib.tova → lib.tova → index.tova
+ */
+export function findEntryPoint(moduleDir, explicitEntry, subpath) {
+  const base = subpath ? join(moduleDir, subpath) : moduleDir;
+
+  if (explicitEntry) {
+    const p = join(base, explicitEntry);
+    if (existsSync(p)) return p;
+    throw new Error(`Explicit entry point not found: ${explicitEntry} in ${base}`);
+  }
+
+  for (const candidate of ENTRY_CANDIDATES) {
+    const p = join(base, candidate);
+    if (existsSync(p)) return p;
+  }
+
+  throw new Error(
+    `No entry point found in ${base}\n` +
+    `  Looked for: ${ENTRY_CANDIDATES.join(', ')}\n` +
+    `  Tip: Add an \`entry\` field to the package's tova.toml.`
+  );
+}

package/src/config/module-path.js

@@ -0,0 +1,63 @@
+// Module path utilities for Tova package management.
+// Determines whether an import is a Tova module (vs npm/relative),
+// parses module paths into components, and converts them to git URLs.
+
+// Blessed first-party packages: tova/X → github.com/tova-lang/X
+export const BLESSED_PACKAGES = {
+  fp: 'github.com/tova-lang/fp',
+  validate: 'github.com/tova-lang/validate',
+  encoding: 'github.com/tova-lang/encoding',
+  test: 'github.com/tova-lang/test',
+  retry: 'github.com/tova-lang/retry',
+  template: 'github.com/tova-lang/template',
+  data: 'github.com/tova-lang/data',
+  stats: 'github.com/tova-lang/stats',
+  plot: 'github.com/tova-lang/plot',
+  ml: 'github.com/tova-lang/ml',
+  ui: 'github.com/tova-lang/ui',
+};
+
+export function expandBlessedPackage(source) {
+  if (!source || !source.startsWith('tova/')) return null;
+  const rest = source.slice(5);
+  const name = rest.split('/')[0];
+  if (BLESSED_PACKAGES[name]) return BLESSED_PACKAGES[name] + (rest.includes('/') ? '/' + rest.slice(name.length + 1) : '');
+  return null;
+}
+
+export function isTovModule(source) {
+  if (!source || source.startsWith('.') || source.startsWith('/') || source.startsWith('@') || source.includes(':')) {
+    return false;
+  }
+  // Check blessed packages first
+  if (source.startsWith('tova/')) {
+    const name = source.slice(5).split('/')[0];
+    return !!BLESSED_PACKAGES[name];
+  }
+  const firstSegment = source.split('/')[0];
+  return firstSegment.includes('.');
+}
+
+export function parseModulePath(source) {
+  // Expand blessed packages: tova/data → github.com/tova-lang/data
+  const expanded = expandBlessedPackage(source);
+  const actual = expanded || source;
+
+  if (!expanded && !isTovModule(actual)) {
+    throw new Error(`Invalid Tova module path: "${source}"`);
+  }
+  const parts = actual.split('/');
+  if (parts.length < 3) {
+    throw new Error(`Invalid Tova module path: "${source}" — expected at least host/owner/repo`);
+  }
+  const host = parts[0];
+  const owner = parts[1];
+  const repo = parts[2];
+  const subpath = parts.length > 3 ? parts.slice(3).join('/') : null;
+  return { host, owner, repo, subpath, full: `${host}/${owner}/${repo}` };
+}
+
+export function moduleToGitUrl(modulePath) {
+  const parsed = typeof modulePath === 'string' ? parseModulePath(modulePath) : modulePath;
+  return `https://${parsed.full}.git`;
+}

package/src/config/pkg-errors.js

@@ -0,0 +1,62 @@
+// src/config/pkg-errors.js
+
+export function formatVersionConflict(modulePath, sources) {
+  const lines = [`error: version conflict for ${modulePath}`, ''];
+  for (const s of sources) {
+    lines.push(`  ${s.source} requires ${s.constraint}`);
+  }
+  lines.push('');
+  lines.push('  These constraints cannot be satisfied simultaneously.');
+  lines.push('  Tip: Check if either dependency has a newer version that resolves this.');
+  return lines.join('\n');
+}
+
+export function formatFetchError(modulePath, detail, cachedVersions = []) {
+  const lines = [`error: failed to fetch ${modulePath}`, '', `  ${detail}`];
+  if (cachedVersions.length > 0) {
+    lines.push('');
+    lines.push(`  Cached versions available: ${cachedVersions.join(', ')}`);
+    lines.push('  Tip: Run with --offline to use cached versions only.');
+  }
+  return lines.join('\n');
+}
+
+export function formatMissingEntry(modulePath, version) {
+  return [
+    `error: no entry point found for ${modulePath}@v${version}`,
+    '',
+    '  Looked for: src/lib.tova, lib.tova, index.tova',
+    "  Tip: The package may need an `entry` field in its tova.toml.",
+  ].join('\n');
+}
+
+export function formatAuthError(modulePath) {
+  return [
+    `error: authentication failed for ${modulePath}`,
+    '',
+    '  git clone returned: Permission denied (publickey)',
+    '  Tip: Ensure your SSH key or git credentials have access to this repo.',
+  ].join('\n');
+}
+
+export function formatCircularDep(chain) {
+  return [
+    'error: circular dependency detected',
+    '',
+    `  ${chain.join(' \u2192 ')}`,
+    '',
+    '  Tova does not allow circular module dependencies.',
+  ].join('\n');
+}
+
+export function formatIntegrityError(modulePath, version, expectedSha, actualSha) {
+  return [
+    `error: integrity check failed for ${modulePath}@v${version}`,
+    '',
+    `  Expected SHA: ${expectedSha}`,
+    `  Got SHA:      ${actualSha}`,
+    '',
+    '  The git tag may have been force-pushed. This could indicate tampering.',
+    `  Run \`tova update ${modulePath}\` to re-resolve.`,
+  ].join('\n');
+}

package/src/config/resolve.js

@@ -14,6 +14,9 @@ const DEFAULTS = {
   build: {
     output: '.tova-out',
   },
+  deploy: {
+    base: '/',
+  },
   dev: {
     port: 3000,
   },
@@ -53,6 +56,9 @@ function normalizeConfig(parsed, source) {
     build: {
       output: parsed.build?.output || DEFAULTS.build.output,
     },
+    deploy: {
+      base: parsed.deploy?.base || DEFAULTS.deploy.base,
+    },
     dev: {
       port: parsed.dev?.port ?? DEFAULTS.dev.port,
     },
@@ -73,6 +79,23 @@ function normalizeConfig(parsed, source) {
     }
   }
 
+  // [package] section: marks this as a publishable package
+  if (parsed.package) {
+    config.package = {
+      name: parsed.package.name || '',
+      version: parsed.package.version || '0.1.0',
+      description: parsed.package.description || '',
+      license: parsed.package.license || '',
+      keywords: parsed.package.keywords || [],
+      homepage: parsed.package.homepage || '',
+      exports: parsed.package.exports || null,
+      entry: parsed.package.entry || null,
+    };
+    config.isPackage = true;
+  } else {
+    config.isPackage = false;
+  }
+
   return config;
 }
 
@@ -87,6 +110,9 @@ function configFromPackageJson(pkg) {
     build: {
       output: DEFAULTS.build.output,
     },
+    deploy: {
+      base: '/',
+    },
     dev: {
       port: DEFAULTS.dev.port,
     },

package/src/config/resolver.js

@@ -0,0 +1,139 @@
+// src/config/resolver.js
+import { selectMinVersion, satisfies, parseSemver, compareSemver } from './semver.js';
+
+/**
+ * Merges dependency maps from multiple sources, collecting all constraints per module.
+ */
+export function mergeDependencies(...depMaps) {
+  const merged = {};
+  for (const deps of depMaps) {
+    for (const [mod, constraint] of Object.entries(deps)) {
+      if (!merged[mod]) merged[mod] = [];
+      if (Array.isArray(constraint)) {
+        merged[mod].push(...constraint);
+      } else {
+        merged[mod].push(constraint);
+      }
+    }
+  }
+  return merged;
+}
+
+/**
+ * Merges npm dependencies from multiple module configs.
+ * For conflicts, picks the highest constraint version.
+ */
+export function mergeNpmDeps(moduleConfigs) {
+  const merged = {};
+  for (const config of moduleConfigs) {
+    const prod = config.npm?.prod || {};
+    for (const [name, version] of Object.entries(prod)) {
+      if (!merged[name]) {
+        merged[name] = version;
+      } else {
+        // Keep whichever specifies a higher minimum
+        try {
+          const existing = parseSemver(merged[name].replace(/^[\^~>=<]*/, ''));
+          const incoming = parseSemver(version.replace(/^[\^~>=<]*/, ''));
+          if (compareSemver(incoming, existing) > 0) {
+            merged[name] = version;
+          }
+        } catch {
+          merged[name] = version;
+        }
+      }
+    }
+  }
+  return merged;
+}
+
+/**
+ * Detects version conflicts — modules where no single version satisfies all constraints.
+ */
+export function detectConflicts(constraintMap, availableVersions) {
+  const conflicts = [];
+  for (const [mod, constraints] of Object.entries(constraintMap)) {
+    const versions = availableVersions[mod] || [];
+    const resolved = selectMinVersion(versions, constraints);
+    if (resolved === null && constraints.length > 1) {
+      conflicts.push({
+        module: mod,
+        constraints,
+        available: versions,
+      });
+    }
+  }
+  return conflicts;
+}
+
+/**
+ * Resolves all dependencies to exact versions.
+ * Returns a map of modulePath -> { version, sha, source, npmDeps }.
+ *
+ * This is the high-level orchestrator called by `tova install`.
+ * It takes callbacks for I/O operations (fetching tags, reading configs)
+ * so the core logic is testable without network access.
+ */
+export async function resolveDependencies(rootDeps, options = {}) {
+  const {
+    getAvailableVersions, // async (modulePath) => ['1.0.0', '1.1.0', ...]
+    getModuleConfig,      // async (modulePath, version) => { dependencies, npm }
+    getVersionSha,        // async (modulePath, version) => 'sha...'
+  } = options;
+
+  const resolved = {};         // modulePath -> { version, sha }
+  const allConstraints = {};   // modulePath -> [constraints...]
+  const allNpmDeps = [];       // [{ npm: { prod: {...} } }, ...]
+  const queue = [rootDeps];    // queue of dependency maps to process
+
+  while (queue.length > 0) {
+    const deps = queue.shift();
+    for (const [mod, constraint] of Object.entries(deps)) {
+      if (!allConstraints[mod]) allConstraints[mod] = [];
+      allConstraints[mod].push(constraint);
+
+      // Get available versions
+      const versions = await getAvailableVersions(mod);
+      const version = selectMinVersion(versions, allConstraints[mod]);
+
+      if (version === null) {
+        const conflicts = detectConflicts(
+          { [mod]: allConstraints[mod] },
+          { [mod]: versions }
+        );
+        if (conflicts.length > 0) {
+          throw new Error(
+            `Version conflict for ${mod}:\n` +
+            conflicts[0].constraints.map(c => `  requires ${c}`).join('\n') +
+            `\n  Available: ${versions.join(', ')}`
+          );
+        }
+        throw new Error(
+          `No version of ${mod} satisfies constraint: ${allConstraints[mod].join(', ')}\n` +
+          `  Available: ${versions.join(', ') || 'none'}`
+        );
+      }
+
+      // Skip if we already resolved this module to the same or higher version
+      if (resolved[mod] && compareSemver(resolved[mod].version, version) >= 0) {
+        continue;
+      }
+
+      const sha = await getVersionSha(mod, version);
+      resolved[mod] = { version, sha, source: `https://${mod}.git` };
+
+      // Read this module's config for transitive deps
+      const config = await getModuleConfig(mod, version);
+      if (config) {
+        allNpmDeps.push(config);
+        if (config.dependencies && Object.keys(config.dependencies).length > 0) {
+          queue.push(config.dependencies);
+        }
+      }
+    }
+  }
+
+  const npmDeps = mergeNpmDeps(allNpmDeps);
+
+  return { resolved, npmDeps };
+}

package/src/config/search.js

@@ -0,0 +1,28 @@
+// src/config/search.js
+
+export function formatSearchResults(items) {
+  if (items.length === 0) return '  No packages found.\n';
+  const lines = [];
+  for (const item of items) {
+    const modulePath = `github.com/${item.full_name}`;
+    const stars = item.stargazers_count || 0;
+    const desc = item.description || '(no description)';
+    const updated = item.updated_at ? item.updated_at.slice(0, 10) : 'unknown';
+    lines.push(`  ${modulePath}`);
+    lines.push(`    ${desc}`);
+    lines.push(`    Stars: ${stars}  Updated: ${updated}`);
+    lines.push('');
+  }
+  return lines.join('\n');
+}
+
+export async function searchPackages(query) {
+  const searchQuery = encodeURIComponent(`${query} topic:tova-package`);
+  const url = `https://api.github.com/search/repositories?q=${searchQuery}&sort=stars&per_page=20`;
+  const res = await fetch(url, {
+    headers: { 'Accept': 'application/vnd.github.v3+json' },
+  });
+  if (!res.ok) throw new Error(`GitHub search failed: ${res.statusText}`);
+  const data = await res.json();
+  return data.items || [];
+}

package/src/config/semver.js

@@ -0,0 +1,72 @@
+// src/config/semver.js
+// Semver utilities for the Tova package manager.
+// Provides parsing, comparison, constraint satisfaction, and minimum version selection.
+
+export function parseSemver(str) {
+  const s = str.startsWith('v') ? str.slice(1) : str;
+  const parts = s.split('.');
+  const major = parseInt(parts[0], 10);
+  const minor = parseInt(parts[1] || '0', 10);
+  const patch = parseInt(parts[2] || '0', 10);
+  if (isNaN(major) || isNaN(minor) || isNaN(patch)) {
+    throw new Error(`Invalid semver: "${str}"`);
+  }
+  return { major, minor, patch };
+}
+
+export function compareSemver(a, b) {
+  const va = typeof a === 'string' ? parseSemver(a) : a;
+  const vb = typeof b === 'string' ? parseSemver(b) : b;
+  if (va.major !== vb.major) return va.major > vb.major ? 1 : -1;
+  if (va.minor !== vb.minor) return va.minor > vb.minor ? 1 : -1;
+  if (va.patch !== vb.patch) return va.patch > vb.patch ? 1 : -1;
+  return 0;
+}
+
+export function parseConstraint(constraint) {
+  if (constraint.startsWith('^')) {
+    return { type: 'caret', version: parseSemver(constraint.slice(1)) };
+  }
+  if (constraint.startsWith('~')) {
+    return { type: 'tilde', version: parseSemver(constraint.slice(1)) };
+  }
+  if (constraint.startsWith('>=')) {
+    return { type: 'gte', version: parseSemver(constraint.slice(2)) };
+  }
+  if (constraint.startsWith('>')) {
+    return { type: 'gt', version: parseSemver(constraint.slice(1)) };
+  }
+  return { type: 'exact', version: parseSemver(constraint) };
+}
+
+export function satisfies(version, constraint) {
+  const v = typeof version === 'string' ? parseSemver(version) : version;
+  const c = typeof constraint === 'string' ? parseConstraint(constraint) : constraint;
+  switch (c.type) {
+    case 'exact':
+      return compareSemver(v, c.version) === 0;
+    case 'caret':
+      if (compareSemver(v, c.version) < 0) return false;
+      return v.major === c.version.major;
+    case 'tilde':
+      if (compareSemver(v, c.version) < 0) return false;
+      return v.major === c.version.major && v.minor === c.version.minor;
+    case 'gte':
+      return compareSemver(v, c.version) >= 0;
+    case 'gt':
+      return compareSemver(v, c.version) > 0;
+    default:
+      return false;
+  }
+}
+
+export function selectMinVersion(versions, constraints) {
+  const constraintList = Array.isArray(constraints) ? constraints : [constraints];
+  const sorted = [...versions].sort((a, b) => compareSemver(a, b));
+  for (const ver of sorted) {
+    if (constraintList.every(c => satisfies(ver, c))) {
+      return ver;
+    }
+  }
+  return null;
+}

package/src/config/toml.js

@@ -13,10 +13,10 @@ export function parseTOML(input) {
     // Skip empty lines and comments
     if (line === '' || line.startsWith('#')) continue;
 
-    // Section header: [section] or [section.subsection]
+    // Section header: [section] or [section.subsection] or ["quoted.key"]
     if (line.startsWith('[') && !line.startsWith('[[')) {
-      const close = line.indexOf(']');
-      if (close === -1) {
+      const close = line.lastIndexOf(']');
+      if (close <= 0) {
         throw new Error(`TOML parse error on line ${i + 1}: unclosed section header`);
       }
       const sectionPath = line.slice(1, close).trim();
@@ -24,8 +24,8 @@ export function parseTOML(input) {
         throw new Error(`TOML parse error on line ${i + 1}: empty section name`);
       }
       current = result;
-      for (const part of sectionPath.split('.')) {
-        const key = part.trim();
+      const parts = parseSectionPath(sectionPath);
+      for (const key of parts) {
         if (!current[key]) current[key] = {};
         current = current[key];
       }
@@ -37,7 +37,19 @@ export function parseTOML(input) {
     if (eqIdx === -1) continue; // skip lines without =
 
     const key = line.slice(0, eqIdx).trim();
-    const rawValue = line.slice(eqIdx + 1).trim();
+    let rawValue = line.slice(eqIdx + 1).trim();
+
+    // Multi-line array: starts with [ but doesn't end with ]
+    if (rawValue.startsWith('[') && !rawValue.endsWith(']')) {
+      // Collect continuation lines until we find the closing ]
+      while (i + 1 < lines.length) {
+        i++;
+        const contLine = lines[i].trim();
+        if (contLine === '' || contLine.startsWith('#')) continue;
+        rawValue += ' ' + contLine;
+        if (contLine.includes(']')) break;
+      }
+    }
 
     current[key] = parseValue(rawValue, i + 1);
   }
@@ -45,6 +57,49 @@ export function parseTOML(input) {
   return result;
 }
 
+function parseSectionPath(path) {
+  const parts = [];
+  let i = 0;
+  while (i < path.length) {
+    // Skip whitespace
+    while (i < path.length && path[i] === ' ') i++;
+    if (i >= path.length) break;
+
+    if (path[i] === '"') {
+      // Quoted key: read until closing quote
+      i++; // skip opening quote
+      let key = '';
+      while (i < path.length && path[i] !== '"') {
+        if (path[i] === '\\') {
+          i++;
+          key += path[i] || '';
+        } else {
+          key += path[i];
+        }
+        i++;
+      }
+      i++; // skip closing quote
+      parts.push(key);
+    } else {
+      // Bare key: read until dot or end
+      let key = '';
+      while (i < path.length && path[i] !== '.') {
+        key += path[i];
+        i++;
+      }
+      key = key.trim();
+      if (key) parts.push(key);
+    }
+
+    // Skip dot separator
+    while (i < path.length && (path[i] === ' ' || path[i] === '.')) {
+      if (path[i] === '.') { i++; break; }
+      i++;
+    }
+  }
+  return parts;
+}
+
 function parseValue(raw, lineNum) {
   if (raw === '') {
     throw new Error(`TOML parse error on line ${lineNum}: missing value`);