Stian/Shade
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(files): @shade/files 0.3.0 — E2EE filesystem RPC primitive
Some checks failed
Test / test (push) Has been cancelled
Details

Browse Source 
M-Files-1..6 land the full files-RPC layer + everything 0.3.0 needs to
ship. Apps keep their own UI; this layer ships the typed RPC, the
streams bridge for content I/O, and production hooks (rate limit,
retention, fingerprint gate, metrics).

@shade/files (NEW)
- Standard ops: list/stat/mkdir/delete/move/read/write/getThumbnail with
  Zod-validated wire schemas + clean user-handler types.
- Custom ops: typed via TypeScript declaration merging on CustomOpsMap
  + per-op Zod schemas; client.custom('app.foo', {...}) is fully typed.
- Content I/O: inline (≤ 256 KiB plaintext) base64-in-RPC; streams
  (> 256 KiB) ride @shade/transfer via userMetadata.shadeFilesWriteId
  / shadeFilesReadStreamId correlation. Server-side TransformStream
  bridges accept inbound transfers immediately (engine rejects chunks
  that arrive before accept) and park the readable for the matching
  RPC.
- Directory ops: walk(path, opts) async-iterable depth-first walker;
  uploadDirectory()/downloadDirectory() with bounded concurrency pool
  (default 4, cap 16), aggregated progress, abort.
- Production hooks (callback-based, vendor-neutral): rate-limit (op +
  byte), idempotency cache (LRU + TTL + in-flight de-dupe), path
  policy (traversal + percent-decode hardening), fingerprint gate
  (required/optional/reject), pluggable Ed25519 sig verification with
  ±5 min replay window, onMetric sink (standard names).
- React hooks (subpath @shade/files/react): ShadeFilesProvider,
  useShadeFiles, useFileList, useFileTransfer/Upload/Download.
- Shade.files.serve(handler) + Shade.files.client(peer) high-level
  entrypoint in @shade/sdk; lazy + memoized; one handler per Shade.

Wire format bump
- @shade/proto wire VERSION 0x01 → 0x02. Length prefixes changed from
  u16 to u32. The previous u16 silently truncated payloads above
  64 KiB — a hard correctness ceiling that blocked inline file ops
  up to 256 KiB. Wire-incompatible with 0.2.x peers; new sessions
  only. Cross-platform Kotlin port (android/shade-android) updated to
  match; test-vectors/wire-format.json regenerated.

Concurrency safety
- ShadeSessionManager.encrypt/.decrypt now run under per-peer mutex.
  Concurrent decryptions of the same peer raced ratchet state
  (manifested as sporadic "Failed to decrypt — wrong key or tampered
  data" under load — surfaced once concurrent uploadDirectory pumped
  many writes in flight). Encrypt was already serialized via
  Shade.send's encryptChains; decrypt is now serialized at the
  manager layer too.

@shade/streams extension
- StreamMetadata.userMetadata?: Record<string, string> for
  application-level key/value pairs that round-trip verbatim through
  stream-init plaintext. Used by @shade/files for write/read
  correlation; available to any consumer.

@shade/sdk extension
- Shade.files getter (lazy + memoized).
- BackgroundHooks.onPruneFiles + periodic timer (default 5 min) +
  BackgroundTasks.setHook(name, fn) for runtime hook registration.

Bundles in-flight 0.2.0 work
- packages/shade-streams/, packages/shade-transfer/, related
  shade-sdk streams-bridge + shade-widgets transfer hooks were
  uncommitted prior to this session. Including them keeps the
  workspace consistent at 0.3.0 since @shade/files depends on them.

Tests
- 74 new tests in @shade/files (572 → 646 workspace pass; 0 fail;
  3× stable). Coverage spans unit (inline-threshold + concurrency),
  integration (read-write inline + streams up to 1 MiB, walk +
  upload/download directory, custom-op, metrics, SDK namespace
  end-to-end), and security (tampered-envelope sig verification,
  replay window, fingerprint gate, rate-limit + quota).

Release artifacts
- All packages bumped to 0.3.0 via scripts/bump-version.ts.
- scripts/publish-all.ts PACKAGES updated with shade-files in
  topological order (after shade-transfer, before shade-sdk).
- bun run publish:dry clean (14 packed, 0 failed).
- examples/08-files-browser/ — three-process CLI demo (prekey + Bob
  server + Alice CLI) covering list/stat/mkdir/delete/upload/download.
- docs/files.md — full API + design doc.
- CHANGELOG.md 0.3.0 entry.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Sterister
2026-05-02 14:00:01 +02:00
parent 7e0f7320a9
commit fa770d3063
198 changed files with 20412 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

175
packages/shade-files/tests/integration/read-write-streams.test.ts Normal file
View File

@@ -0,0 +1,175 @@
import { describe, test, expect, beforeAll, afterAll } from 'bun:test';
import { sha256 } from '@noble/hashes/sha2.js';
import { NotFoundError, type FileEntry } from '../../src/index.js';
import { setupFileRig, type FileTestRig } from './helpers/rig.js';
interface StoredBlob {
bytes: Uint8Array;
contentType?: string;
sha256: string;
}
function bytesToHex(b: Uint8Array): string {
return Array.from(b, (x) => x.toString(16).padStart(2, '0')).join('');
}
async function streamToBytes(s: ReadableStream<Uint8Array>): Promise<Uint8Array> {
const reader = s.getReader();
const parts: Uint8Array[] = [];
let total = 0;
while (true) {
const { value, done } = await reader.read();
if (done) break;
if (value === undefined) continue;
parts.push(value);
total += value.byteLength;
}
reader.releaseLock();
const out = new Uint8Array(total);
let offset = 0;
for (const p of parts) {
out.set(p, offset);
offset += p.byteLength;
}
return out;
}
function streamFromBytes(bytes: Uint8Array): ReadableStream<Uint8Array> {
return new ReadableStream<Uint8Array>({
start(controller) {
controller.enqueue(bytes);
controller.close();
},
});
}
describe('Content I/O — streamed read/write E2E (>256 KiB)', () => {
let rig: FileTestRig;
const blobs = new Map<string, StoredBlob>();
beforeAll(async () => {
blobs.clear();
rig = await setupFileRig({
read: async (ctx) => {
const blob = blobs.get(ctx.path);
if (blob === undefined) throw new NotFoundError(ctx.path);
// Return as streams when blob ≥ 256 KiB.
if (blob.bytes.byteLength > 256 * 1024) {
return blob.contentType !== undefined
? {
kind: 'streams',
stream: streamFromBytes(blob.bytes),
size: blob.bytes.byteLength,
sha256: blob.sha256,
contentType: blob.contentType,
}
: {
kind: 'streams',
stream: streamFromBytes(blob.bytes),
size: blob.bytes.byteLength,
sha256: blob.sha256,
};
}
return blob.contentType !== undefined
? { kind: 'inline', bytes: blob.bytes, sha256: blob.sha256, contentType: blob.contentType }
: { kind: 'inline', bytes: blob.bytes, sha256: blob.sha256 };
},
write: async (ctx) => {
const args = ctx.args;
let bytes: Uint8Array;
let resolvedSha: string;
if (args.content.kind === 'inline') {
bytes = args.content.bytes;
resolvedSha = args.content.sha256;
} else {
bytes = await streamToBytes(args.content.stream);
resolvedSha = await args.content.sha256;
if (bytes.byteLength !== args.content.size) {
throw new Error(`stream produced ${bytes.byteLength} bytes; declared ${args.content.size}`);
}
}
const stored: StoredBlob = {
bytes,
...(args.contentType !== undefined ? { contentType: args.contentType } : {}),
sha256: resolvedSha,
};
blobs.set(args.path, stored);
const entry: FileEntry = {
name: args.path.split('/').filter(Boolean).pop() ?? '',
kind: 'file',
size: bytes.byteLength,
mtime: Date.now(),
...(args.contentType !== undefined ? { contentType: args.contentType } : {}),
metadata: { sha256: resolvedSha },
};
return { entry };
},
});
});
afterAll(async () => {
await rig.teardown();
});
test('write 1 MiB streamed → server sees streams content + sha256 matches', async () => {
const data = new Uint8Array(1024 * 1024);
crypto.getRandomValues(data);
const expectedSha = bytesToHex(sha256(data));
const writeResult = await rig.fs.write('/big1mb.bin', data);
expect(writeResult.entry.size).toBe(data.byteLength);
expect(writeResult.entry.metadata.sha256).toBe(expectedSha);
});
test('read 1 MiB streamed → client gets streams output, drains correctly', async () => {
const out = await rig.fs.read('/big1mb.bin');
expect(out.kind).toBe('streams');
if (out.kind === 'streams') {
expect(out.size).toBe(1024 * 1024);
const drained = await streamToBytes(out.stream);
expect(drained.byteLength).toBe(1024 * 1024);
expect(bytesToHex(sha256(drained))).toBe(out.sha256);
await out.done();
}
});
test('boundary 256 KiB + 1 → streams write + read round-trip', async () => {
const data = new Uint8Array(256 * 1024 + 1);
for (let i = 0; i < data.length; i++) data[i] = (i * 31) & 0xff;
const expectedSha = bytesToHex(sha256(data));
await rig.fs.write('/boundary-plus-one.bin', data);
const out = await rig.fs.read('/boundary-plus-one.bin');
expect(out.kind).toBe('streams');
if (out.kind === 'streams') {
expect(out.sha256).toBe(expectedSha);
const drained = await streamToBytes(out.stream);
expect(drained.byteLength).toBe(256 * 1024 + 1);
expect(Array.from(drained.slice(0, 4))).toEqual(Array.from(data.slice(0, 4)));
expect(Array.from(drained.slice(-4))).toEqual(Array.from(data.slice(-4)));
await out.done();
}
});
test('write streams via { stream, size } wrapper → ok', async () => {
const data = new Uint8Array(500 * 1024);
crypto.getRandomValues(data);
const expectedSha = bytesToHex(sha256(data));
const wrapped = { stream: streamFromBytes(data), size: data.byteLength, contentType: 'application/octet-stream' };
const result = await rig.fs.write('/wrapped.bin', wrapped);
expect(result.entry.size).toBe(data.byteLength);
expect(result.entry.metadata.sha256).toBe(expectedSha);
expect(result.entry.contentType).toBe('application/octet-stream');
});
test('write streams from Blob > 256 KiB → ok', async () => {
const data = new Uint8Array(400 * 1024);
crypto.getRandomValues(data);
const expectedSha = bytesToHex(sha256(data));
const blob = new Blob([data], { type: 'image/png' });
const result = await rig.fs.write('/blobby-big.png', blob);
expect(result.entry.size).toBe(data.byteLength);
expect(result.entry.metadata.sha256).toBe(expectedSha);
expect(result.entry.contentType).toBe('image/png');
});
});