feat: custom routing — bind scripts to your own URLs

Scripts can now answer at user-chosen paths (e.g. /greet, /greet/:name, /webhooks/*), on user-chosen hosts (strict or *.example.com wildcards), on user-chosen methods. The internal /api/v1/execute/{id} endpoint stays as the always-available ID-based bypass. Routing rules (decided in design with the user; see chat history): Path kinds: exact /greet literal prefix /greet/* strict-subtree; stored as "/greet/"; does NOT match bare /greet (add an exact route for that case) param /users/:id :name captures one whole segment; mid-segment colons are rejected; {name} is reserved for a future SDK Host kinds: any no Host header constraint strict sub.example.com literal match (case-insensitive) wildcard *.example.com suffix match; multi-level subdomains OK Within-kind uniqueness: two routes of the same kind that could match the same request conflict at config time. Algorithm (orchestrator_core::routing:: conflict): exact: literal equality prefix: literal equality (longer-prefix coexists; longer wins at request time) param: same segment count + same literals at every literal-vs-literal position (the user's example: :id vs :userId at same shape is a conflict) Request-time precedence: exact > param > prefix among non-exact: more leading-literal segments wins tie: param > prefix (more constrained) within prefix: longest matching prefix wins host bucket: strict > wildcard (longer suffix) > any; fall through to less specific buckets when path doesn't match Reserved path prefixes: /api/, /admin/, /healthz, /version Routes that look invalid at config time return 422 with the precise parse error; conflicting routes return 409 with the conflicting route in the body (so the dashboard can render the conflict inline). What landed: * 0003_routes.sql — routes table (host_kind, host, host_param_name, path_kind, path, method, script_id) with UNIQUE index on the literal binding tuple. Schema 2 → 3. * shared::Route / HostKind / PathKind — flat storage shape that crosses wire boundaries cleanly. * orchestrator_core::routing — four sub-modules, all unit-tested: pattern.rs (16 tests) parse + validate + display conflict.rs (12 tests) within-kind overlap predicate matcher.rs (12 tests) runtime dispatch (specificity-aware) table.rs Arc<RwLock<Vec<CompiledRoute>>> shared by manager (writes) and orchestrator (reads); atomic replace after each admin write * manager-core::route_admin — five new admin endpoints under /api/v1/admin: POST /scripts/{id}/routes create GET /scripts/{id}/routes list per script DELETE /routes/{route_id} delete (refreshes table) POST /routes:check pre-flight conflict check (powers the dashboard's live conflict warning) POST /routes:match synthetic URL → matched route + extracted params (powers the dashboard's match-preview tool) Stored path strings stay raw (user-typed); normalization happens only in the in-memory CompiledRoute so re-parses are idempotent. * orchestrator_core::api::user_routes_router — fallback handler mounted in picloud after the system routes. Reads Host / method / path / query from the request, dispatches via the table, builds an ExecRequest with params/query/rest filled, calls the executor, writes to the log sink. 10 MiB body cap. * executor-core::ctx (SDK 1.0 → 1.1) — adds ctx.request.params (map of named-param captures) ctx.request.query (parsed query string) ctx.request.rest (suffix for prefix routes; "" otherwise) All three are always present (empty when not applicable) so scripts can read them unconditionally. * picloud::build_app — now async; loads routes at startup, populates the shared table, mounts route_admin_router under /api/v1/admin alongside the script CRUD, and the user-routes fallback at the app root. * caddy/Caddyfile + Caddyfile.prod widened: anything not /healthz, /version, /api/v1/admin/*, /api/v1/execute/*, /api/* (404 sunset), or /admin/* (dashboard) → picloud. * Dashboard moves to /admin/* via SvelteKit paths.base. Its internal Caddy strips the prefix and serves with SPA fallback. All in-app links use $app/paths. The dashboard URL is now http://localhost:8000/admin/ — one-time break for the new URL freedom users gained. * PICLOUD_PUBLIC_BASE_URL env var, exposed via /version so the dashboard renders full URLs for routes regardless of the operator's external port / TLS setup. * memory_limit_mb stays in the schema, still v1.3+ advisory. Verified live through Caddy: /version → schema 3, sdk 1.1, public_base_url GET /admin/ → 200, dashboard HTML containing "PiCloud" POST /api/v1/admin/scripts → 201 POST .../scripts/{id}/routes (path=/greet/:name) → 201 GET /greet/alice?lang=en → 200 {"name":"alice","q":"en"} POST conflicting route → 409 with conflicting_route body POST /admin/foo route → 422 "reserved" POST /api/v1/admin/routes:match → matched + params extracted GET /unbound-path → 404 JSON Tests: * 40 routing unit tests (pattern + conflict + matcher tables) * 14 executor-core unit tests (one new for ctx.request.params/ query/rest exposure) * 32 integration tests (10 new for routing CRUD + dispatch + conflict + reserved + specificity tie-break + match preview + delete invalidation + /version returns public_base_url) * default cargo test --workspace stays green; opt-in via DATABASE_URL + --include-ignored for the integration suite Bumps: schema 2 → 3; SDK 1.0 → 1.1; product 0.3.0 → 0.4.0. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-23 18:18:16 +02:00
parent f51924fdbc
commit 07e2a62d98
36 changed files with 2449 additions and 111 deletions
--- a/crates/executor-core/src/engine.rs
+++ b/crates/executor-core/src/engine.rs
@@ -196,6 +196,22 @@ fn build_ctx_map(req: &ExecRequest) -> Map {

    request.insert("body".into(), json_to_dynamic(req.body.clone()));

+    // SDK 1.1 additions — route-captured params, query string, prefix
+    // tail. Empty when not applicable so scripts can always read them.
+    let mut params = Map::new();
+    for (k, v) in &req.params {
+        params.insert(k.clone().into(), v.clone().into());
+    }
+    request.insert("params".into(), params.into());
+
+    let mut query = Map::new();
+    for (k, v) in &req.query {
+        query.insert(k.clone().into(), v.clone().into());
+    }
+    request.insert("query".into(), query.into());
+
+    request.insert("rest".into(), req.rest.clone().into());
+
    ctx.insert("request".into(), request.into());
    ctx
 }
--- a/crates/executor-core/src/types.rs
+++ b/crates/executor-core/src/types.rs
@@ -28,6 +28,23 @@ pub struct ExecRequest {
    pub headers: BTreeMap<String, String>,
    pub body: serde_json::Value,

+    /// Path-parameter captures from named-param routes (`/users/:id`).
+    /// Exposed to scripts as `ctx.request.params`. Empty for exact and
+    /// prefix routes.
+    #[serde(default)]
+    pub params: BTreeMap<String, String>,
+
+    /// Query-string parameters, parsed once at request entry.
+    /// Exposed as `ctx.request.query`.
+    #[serde(default)]
+    pub query: BTreeMap<String, String>,
+
+    /// Suffix captured by a `prefix` route: `/greet/*` matched against
+    /// `/greet/alice/morning` yields `"alice/morning"`. Empty for
+    /// exact and param matches.
+    #[serde(default)]
+    pub rest: String,
+
    /// Per-script sandbox overrides resolved by the manager. The
    /// executor's default `Limits` get merged with these (per-field
    /// override) before the Rhai engine is built.
--- a/crates/executor-core/tests/engine.rs
+++ b/crates/executor-core/tests/engine.rs
@@ -14,6 +14,9 @@ fn req(body: serde_json::Value) -> ExecRequest {
        path: "/test".into(),
        headers: BTreeMap::new(),
        body,
+        params: BTreeMap::new(),
+        query: BTreeMap::new(),
+        rest: String::new(),
        sandbox_overrides: ScriptSandbox::default(),
    }
 }
@@ -178,6 +181,29 @@ fn module_import_is_blocked() {
    assert!(matches!(err, ExecError::Runtime(_) | ExecError::Parse(_)));
 }

+#[test]
+fn ctx_exposes_params_query_rest() {
+    let engine = engine();
+    let mut r = req(json!(null));
+    r.params.insert("name".into(), "alice".into());
+    r.params.insert("post".into(), "42".into());
+    r.query.insert("tab".into(), "details".into());
+    r.rest = "extra/path".into();
+    let src = r"
+        #{ statusCode: 200, body: #{
+            name: ctx.request.params.name,
+            post: ctx.request.params.post,
+            tab:  ctx.request.query.tab,
+            rest: ctx.request.rest
+        } }
+    ";
+    let resp = engine.execute(src, r).unwrap();
+    assert_eq!(
+        resp.body,
+        json!({ "name": "alice", "post": "42", "tab": "details", "rest": "extra/path" })
+    );
+}
+
 #[test]
 fn ctx_exposes_sdk_version() {
    let resp = engine()