feat(container): M-Box 1-8 — stack-agnostic standalone Docker container
Some checks failed
Test / test (push) Has been cancelled
Some checks failed
Test / test (push) Has been cancelled
Shade now ships as a self-contained Docker image. Deploy one container per project, any stack (Bun, Python, Go, Rust, Kotlin) can talk to it via plain HTTP. Zero coupling to consumer codebases. M-Box 1: Stale identity cleanup API - touchIdentity + purgeStaleIdentities on PrekeyStore interface - Implemented for Memory, SQLite, and Postgres backends - SQLite adds last_activity_at column with migration ALTER for existing DBs - Postgres adds the same via raw SQL with IF NOT EXISTS guards - Routes call touchIdentity on register, bundle fetch, replenish - 4 new tests for the cleanup API M-Box 2: Stale cleanup background task - StaleCleanupTask runs purge on startup + every 24h (configurable) - Reads SHADE_STALE_DAYS (default 30) and SHADE_CLEANUP_INTERVAL_HOURS - Wired into standalone.ts, stopped on graceful shutdown - 5 new tests for the task M-Box 3: Observer baked into the container - standalone.ts conditionally mounts @shade/observer at /shade-observer when SHADE_OBSERVER_TOKEN is set (and >= 16 chars) - Shared PrekeyServerEvents emitter feeds both routes and observer - @shade/observer added as optional dependency of @shade/server M-Box 4: Dockerfile with dashboard build - Multi-stage build: oven/bun:1 builder → oven/bun:1-alpine runtime - COPY packages/ wholesale so workspace lockfile resolves cleanly - RUN bun run build inside shade-dashboard → dist/ → observer/dist/ - Non-root shade user, /data volume, healthcheck, env defaults - Final image: 260 MB M-Box 5: OpenAPI spec for stack-agnostic clients - packages/shade-server/openapi.yaml documents all 9 endpoints with request/response schemas, security (Ed25519 signatures + bearer token) - createOpenApiRoutes serves /openapi.yaml and /docs (Redoc viewer) - Any language can generate a client with openapi-generator M-Box 6: Docker CI pipeline - .gitea/workflows/docker.yml builds + pushes on git tag v* - scripts/build-docker.ts for local builds, supports --push with GITEA_TOKEN - Root package.json: build:docker, publish:docker scripts M-Box 7: Deployment documentation - packages/shade-server/README rewritten: 5-line quickstart with the image - docs/DEPLOYMENT.md: full reference, env vars, backup, Dokploy, PG setup - examples/05-dokploy-deployment/docker-compose.yml updated to pull published image (gt.zyon.no/stian/shade-prekey:latest) - Root README deployment section rewritten M-Box 8: End-to-end verification - Image builds locally (bun run build:docker) - /health, /openapi.yaml, /docs, /metrics, /shade-observer all respond - 401 without observer token, 200 with - Real SDK client round-trip: Alice → container → Bob → reply → Alice - Persistence: identity + prekeys survive container restart (count 20→18 as expected from two bundle fetches) 285 tests passing, 0 failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
65
packages/shade-server/tests/cleanup-api.test.ts
Normal file
65
packages/shade-server/tests/cleanup-api.test.ts
Normal file
@@ -0,0 +1,65 @@
|
||||
import { describe, test, expect } from 'bun:test';
|
||||
import { MemoryPrekeyStore } from '../src/memory-store.js';
|
||||
|
||||
function rand(n: number): Uint8Array {
|
||||
const buf = new Uint8Array(n);
|
||||
globalThis.crypto.getRandomValues(buf);
|
||||
return buf;
|
||||
}
|
||||
|
||||
describe('PrekeyStore cleanup API', () => {
|
||||
test('touchIdentity updates last activity', async () => {
|
||||
const store = new MemoryPrekeyStore();
|
||||
await store.saveIdentity('alice', rand(32), rand(32));
|
||||
await store.touchIdentity('alice');
|
||||
// Verify identity is still there
|
||||
expect(await store.getIdentity('alice')).not.toBeNull();
|
||||
});
|
||||
|
||||
test('purgeStaleIdentities removes old addresses', async () => {
|
||||
const store = new MemoryPrekeyStore();
|
||||
|
||||
// Alice was active long ago
|
||||
await store.saveIdentity('alice', rand(32), rand(32));
|
||||
await store.saveSignedPreKey('alice', 1, rand(32), rand(64));
|
||||
await store.saveOneTimePreKeys('alice', [{ keyId: 100, publicKey: rand(32) }]);
|
||||
// Manually set alice's activity to 1 day ago
|
||||
await store.touchIdentity('alice');
|
||||
(store as any).lastActivity.set('alice', Date.now() - 2 * 24 * 60 * 60 * 1000);
|
||||
|
||||
// Bob is fresh
|
||||
await store.saveIdentity('bob', rand(32), rand(32));
|
||||
await store.touchIdentity('bob');
|
||||
|
||||
// Purge anything older than 1 day
|
||||
const count = await store.purgeStaleIdentities(24 * 60 * 60 * 1000);
|
||||
expect(count).toBe(1);
|
||||
|
||||
// Alice is gone
|
||||
expect(await store.getIdentity('alice')).toBeNull();
|
||||
expect(await store.getSignedPreKey('alice')).toBeNull();
|
||||
expect(await store.getOneTimePreKeyCount('alice')).toBe(0);
|
||||
|
||||
// Bob is still there
|
||||
expect(await store.getIdentity('bob')).not.toBeNull();
|
||||
});
|
||||
|
||||
test('purge returns 0 when nothing is stale', async () => {
|
||||
const store = new MemoryPrekeyStore();
|
||||
await store.saveIdentity('alice', rand(32), rand(32));
|
||||
await store.touchIdentity('alice');
|
||||
|
||||
const count = await store.purgeStaleIdentities(60 * 60 * 1000); // 1 hour
|
||||
expect(count).toBe(0);
|
||||
});
|
||||
|
||||
test('untouched identities are considered stale', async () => {
|
||||
const store = new MemoryPrekeyStore();
|
||||
// Save without touching — simulates an ancient identity from before cleanup API
|
||||
await store.saveIdentity('ancient', rand(32), rand(32));
|
||||
|
||||
const count = await store.purgeStaleIdentities(1000);
|
||||
expect(count).toBe(1);
|
||||
expect(await store.getIdentity('ancient')).toBeNull();
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user