feat(v1.1.4): outbound HTTP SDK + cron triggers

HTTP (`http::*`): - `HttpService` trait (picloud-shared) + reqwest-backed `HttpServiceImpl` (manager-core), wired into the `Services` bundle. - SSRF deny-list applied to the resolved IP via a custom reqwest `dns_resolver` (covers every redirect hop + defeats DNS rebinding) plus a literal-IP check at URL-parse time. Scheme/port restrictions, request + response body caps (stream-with-cap), layered timeout. Error reason is a CIDR category, never the IP. `PICLOUD_HTTP_ALLOW_PRIVATE` dev override (logs a startup warning). - Rhai bridge with three-arg split `verb(url, body, opts)` (resolves the brief's body-vs-opts contradiction; unknown opt keys throw). Body dispatch by type; response `#{status,headers,body,body_raw}` with JSON auto-parse; non-2xx does not throw. - `Capability::AppHttpRequest` → existing `script:write` scope (no new Scope variant). `SdkCallCx` gains `script_id` (attribution + User-Agent). Cron triggers (4th trigger kind): - Migration 0017 widens the kind/source_kind CHECKs and adds `cron_trigger_details`. `cron`/`chrono-tz` parse + validate 6-field schedules and IANA timezones. - `spawn_cron_scheduler` polls due triggers and enqueues to the universal outbox; the dispatcher delivers them (one-line match-arm extension). Catch-up fires exactly once per trigger per tick, not once per missed window. `ctx.event.cron` for handlers. - `POST /api/v1/admin/apps/{id}/triggers/cron` reuses the v1.1.3 cross-app + kind!=module target check. - Dashboard: admin-gated Triggers tab (cron create form + list). Follow-ups: redact module backend errors at the resolver boundary (log original at error level); pin `rhai = "=1.24"`; CHANGELOG incl. retroactive v1.1.3 cross-app-trigger security note. Version bumps: workspace 1.1.4, SDK 1.5, dashboard 0.10.0. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-03 20:23:18 +02:00
parent 6f17259e06
commit 10b5f655d5
39 changed files with 3828 additions and 53 deletions
--- a/crates/manager-core/tests/expected_schema.txt
+++ b/crates/manager-core/tests/expected_schema.txt
@@ -3,6 +3,16 @@

 ## tables

+table: abandoned_executions
+  id: uuid NOT NULL default=gen_random_uuid()
+  app_id: uuid NOT NULL
+  outbox_id: uuid NOT NULL
+  script_id: uuid NULL
+  inbox_id: uuid NOT NULL
+  status_code: integer NOT NULL
+  result_summary: text NULL
+  created_at: timestamp with time zone NOT NULL default=now()
+
 table: admin_sessions
  token_hash: text NOT NULL
  user_id: uuid NOT NULL
@@ -61,6 +71,48 @@ table: apps
  created_at: timestamp with time zone NOT NULL default=now()
  updated_at: timestamp with time zone NOT NULL default=now()

+table: cron_trigger_details
+  trigger_id: uuid NOT NULL
+  schedule: text NOT NULL
+  timezone: text NOT NULL default='UTC'::text
+  last_fired_at: timestamp with time zone NULL
+
+table: dead_letter_trigger_details
+  trigger_id: uuid NOT NULL
+  source_filter: text NULL
+  trigger_id_filter: uuid NULL
+  script_id_filter: uuid NULL
+
+table: dead_letters
+  id: uuid NOT NULL default=gen_random_uuid()
+  app_id: uuid NOT NULL
+  original_event_id: uuid NOT NULL
+  source: text NOT NULL
+  op: text NOT NULL
+  trigger_id: uuid NULL
+  script_id: uuid NULL
+  payload: jsonb NOT NULL
+  attempt_count: integer NOT NULL
+  first_attempt_at: timestamp with time zone NOT NULL
+  last_attempt_at: timestamp with time zone NOT NULL
+  last_error: text NOT NULL
+  created_at: timestamp with time zone NOT NULL default=now()
+  resolved_at: timestamp with time zone NULL
+  resolution: text NULL
+
+table: docs
+  app_id: uuid NOT NULL
+  collection: text NOT NULL
+  id: uuid NOT NULL
+  data: jsonb NOT NULL
+  created_at: timestamp with time zone NOT NULL default=now()
+  updated_at: timestamp with time zone NOT NULL default=now()
+
+table: docs_trigger_details
+  trigger_id: uuid NOT NULL
+  collection_glob: text NOT NULL
+  ops: ARRAY NOT NULL
+
 table: execution_logs
  id: uuid NOT NULL default=gen_random_uuid()
  script_id: uuid NOT NULL
@@ -76,6 +128,36 @@ table: execution_logs
  created_at: timestamp with time zone NOT NULL default=now()
  app_id: uuid NOT NULL

+table: kv_entries
+  app_id: uuid NOT NULL
+  collection: text NOT NULL
+  key: text NOT NULL
+  value: jsonb NOT NULL
+  created_at: timestamp with time zone NOT NULL default=now()
+  updated_at: timestamp with time zone NOT NULL default=now()
+
+table: kv_trigger_details
+  trigger_id: uuid NOT NULL
+  collection_glob: text NOT NULL
+  ops: ARRAY NOT NULL
+
+table: outbox
+  id: uuid NOT NULL default=gen_random_uuid()
+  app_id: uuid NOT NULL
+  source_kind: text NOT NULL
+  trigger_id: uuid NULL
+  script_id: uuid NULL
+  reply_to: uuid NULL
+  payload: jsonb NOT NULL
+  origin_principal: uuid NULL
+  trigger_depth: integer NOT NULL default=0
+  root_execution_id: uuid NULL
+  attempt_count: integer NOT NULL default=0
+  next_attempt_at: timestamp with time zone NOT NULL default=now()
+  claimed_at: timestamp with time zone NULL
+  claimed_by: text NULL
+  created_at: timestamp with time zone NOT NULL default=now()
+
 table: routes
  id: uuid NOT NULL default=gen_random_uuid()
  script_id: uuid NOT NULL
@@ -87,6 +169,13 @@ table: routes
  method: text NULL
  created_at: timestamp with time zone NOT NULL default=now()
  app_id: uuid NOT NULL
+  dispatch_mode: text NOT NULL default='sync'::text
+
+table: script_imports
+  app_id: uuid NOT NULL
+  importer_script_id: uuid NOT NULL
+  imported_script_id: uuid NOT NULL
+  created_at: timestamp with time zone NOT NULL default=now()

 table: scripts
  id: uuid NOT NULL default=gen_random_uuid()
@@ -100,9 +189,28 @@ table: scripts
  updated_at: timestamp with time zone NOT NULL default=now()
  sandbox: jsonb NOT NULL default='{}'::jsonb
  app_id: uuid NOT NULL
+  kind: text NOT NULL default='endpoint'::text
+
+table: triggers
+  id: uuid NOT NULL default=gen_random_uuid()
+  app_id: uuid NOT NULL
+  script_id: uuid NOT NULL
+  kind: text NOT NULL
+  enabled: boolean NOT NULL default=true
+  dispatch_mode: text NOT NULL default='async'::text
+  retry_max_attempts: integer NOT NULL
+  retry_backoff: text NOT NULL
+  retry_base_ms: integer NOT NULL
+  registered_by_principal: uuid NOT NULL
+  created_at: timestamp with time zone NOT NULL default=now()
+  updated_at: timestamp with time zone NOT NULL default=now()

 ## indexes

+indexes on abandoned_executions:
+  abandoned_executions_pkey: public.abandoned_executions USING btree (id)
+  idx_abandoned_executions_gc: public.abandoned_executions USING btree (created_at)
+
 indexes on admin_sessions:
  admin_sessions_expiry_idx: public.admin_sessions USING btree (expires_at)
  admin_sessions_pkey: public.admin_sessions USING btree (token_hash)
@@ -135,11 +243,43 @@ indexes on apps:
  apps_pkey: public.apps USING btree (id)
  apps_slug_key: public.apps USING btree (slug)

+indexes on cron_trigger_details:
+  cron_trigger_details_pkey: public.cron_trigger_details USING btree (trigger_id)
+  idx_cron_triggers_due: public.cron_trigger_details USING btree (last_fired_at)
+
+indexes on dead_letter_trigger_details:
+  dead_letter_trigger_details_pkey: public.dead_letter_trigger_details USING btree (trigger_id)
+
+indexes on dead_letters:
+  dead_letters_pkey: public.dead_letters USING btree (id)
+  idx_dead_letters_app_unresolved: public.dead_letters USING btree (app_id) WHERE (resolved_at IS NULL)
+  idx_dead_letters_gc: public.dead_letters USING btree (created_at)
+
+indexes on docs:
+  docs_pkey: public.docs USING btree (app_id, collection, id)
+  idx_docs_app_collection: public.docs USING btree (app_id, collection)
+  idx_docs_data_gin: public.docs USING gin (data jsonb_path_ops)
+
+indexes on docs_trigger_details:
+  docs_trigger_details_pkey: public.docs_trigger_details USING btree (trigger_id)
+
 indexes on execution_logs:
  execution_logs_app_id_created_at_idx: public.execution_logs USING btree (app_id, created_at DESC)
  execution_logs_pkey: public.execution_logs USING btree (id)
  execution_logs_script_id_created_at_idx: public.execution_logs USING btree (script_id, created_at DESC)

+indexes on kv_entries:
+  idx_kv_entries_app_collection: public.kv_entries USING btree (app_id, collection)
+  kv_entries_pkey: public.kv_entries USING btree (app_id, collection, key)
+
+indexes on kv_trigger_details:
+  kv_trigger_details_pkey: public.kv_trigger_details USING btree (trigger_id)
+
+indexes on outbox:
+  idx_outbox_app: public.outbox USING btree (app_id)
+  idx_outbox_due: public.outbox USING btree (next_attempt_at) WHERE (claimed_at IS NULL)
+  outbox_pkey: public.outbox USING btree (id)
+
 indexes on routes:
  routes_app_id_idx: public.routes USING btree (app_id)
  routes_lookup_idx: public.routes USING btree (host_kind, host)
@@ -147,13 +287,27 @@ indexes on routes:
  routes_script_id_idx: public.routes USING btree (script_id)
  routes_unique_binding_idx: public.routes USING btree (app_id, host_kind, host, path_kind, path, COALESCE(method, ''::text))

+indexes on script_imports:
+  idx_script_imports_app: public.script_imports USING btree (app_id)
+  idx_script_imports_imported: public.script_imports USING btree (imported_script_id)
+  script_imports_pkey: public.script_imports USING btree (importer_script_id, imported_script_id)
+
 indexes on scripts:
+  idx_scripts_app_kind: public.scripts USING btree (app_id, kind)
  scripts_app_id_idx: public.scripts USING btree (app_id)
  scripts_name_uidx: public.scripts USING btree (app_id, lower(name))
  scripts_pkey: public.scripts USING btree (id)

+indexes on triggers:
+  idx_triggers_app_kind_enabled: public.triggers USING btree (app_id, kind) WHERE (enabled = true)
+  triggers_pkey: public.triggers USING btree (id)
+
 ## constraints

+constraints on abandoned_executions:
+  [FOREIGN KEY] abandoned_executions_app_id_fkey: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE
+  [PRIMARY KEY] abandoned_executions_pkey: PRIMARY KEY (id)
+
 constraints on admin_sessions:
  [FOREIGN KEY] admin_sessions_user_id_fkey: FOREIGN KEY (user_id) REFERENCES admin_users(id) ON DELETE CASCADE
  [PRIMARY KEY] admin_sessions_pkey: PRIMARY KEY (token_hash)
@@ -189,25 +343,77 @@ constraints on apps:
  [PRIMARY KEY] apps_pkey: PRIMARY KEY (id)
  [UNIQUE] apps_slug_key: UNIQUE (slug)

+constraints on cron_trigger_details:
+  [FOREIGN KEY] cron_trigger_details_trigger_id_fkey: FOREIGN KEY (trigger_id) REFERENCES triggers(id) ON DELETE CASCADE
+  [PRIMARY KEY] cron_trigger_details_pkey: PRIMARY KEY (trigger_id)
+
+constraints on dead_letter_trigger_details:
+  [FOREIGN KEY] dead_letter_trigger_details_trigger_id_fkey: FOREIGN KEY (trigger_id) REFERENCES triggers(id) ON DELETE CASCADE
+  [PRIMARY KEY] dead_letter_trigger_details_pkey: PRIMARY KEY (trigger_id)
+
+constraints on dead_letters:
+  [CHECK] dead_letters_resolution_check: CHECK ((resolution = ANY (ARRAY['replayed'::text, 'ignored'::text, 'handled_by_script'::text, 'handler_failed'::text])))
+  [FOREIGN KEY] dead_letters_app_id_fkey: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE
+  [PRIMARY KEY] dead_letters_pkey: PRIMARY KEY (id)
+
+constraints on docs:
+  [FOREIGN KEY] docs_app_id_fkey: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE
+  [PRIMARY KEY] docs_pkey: PRIMARY KEY (app_id, collection, id)
+
+constraints on docs_trigger_details:
+  [FOREIGN KEY] docs_trigger_details_trigger_id_fkey: FOREIGN KEY (trigger_id) REFERENCES triggers(id) ON DELETE CASCADE
+  [PRIMARY KEY] docs_trigger_details_pkey: PRIMARY KEY (trigger_id)
+
 constraints on execution_logs:
  [CHECK] execution_logs_status_check: CHECK ((status = ANY (ARRAY['success'::text, 'error'::text, 'timeout'::text, 'budget_exceeded'::text])))
  [FOREIGN KEY] execution_logs_app_id_fk: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE
  [FOREIGN KEY] execution_logs_script_id_fkey: FOREIGN KEY (script_id) REFERENCES scripts(id) ON DELETE CASCADE
  [PRIMARY KEY] execution_logs_pkey: PRIMARY KEY (id)

+constraints on kv_entries:
+  [FOREIGN KEY] kv_entries_app_id_fkey: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE
+  [PRIMARY KEY] kv_entries_pkey: PRIMARY KEY (app_id, collection, key)
+
+constraints on kv_trigger_details:
+  [FOREIGN KEY] kv_trigger_details_trigger_id_fkey: FOREIGN KEY (trigger_id) REFERENCES triggers(id) ON DELETE CASCADE
+  [PRIMARY KEY] kv_trigger_details_pkey: PRIMARY KEY (trigger_id)
+
+constraints on outbox:
+  [CHECK] outbox_source_kind_check: CHECK ((source_kind = ANY (ARRAY['http'::text, 'kv'::text, 'dead_letter'::text, 'docs'::text, 'cron'::text])))
+  [FOREIGN KEY] outbox_app_id_fkey: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE
+  [PRIMARY KEY] outbox_pkey: PRIMARY KEY (id)
+
 constraints on routes:
+  [CHECK] routes_dispatch_mode_check: CHECK ((dispatch_mode = ANY (ARRAY['sync'::text, 'async'::text])))
  [CHECK] routes_host_kind_check: CHECK ((host_kind = ANY (ARRAY['any'::text, 'strict'::text, 'wildcard'::text])))
  [CHECK] routes_path_kind_check: CHECK ((path_kind = ANY (ARRAY['exact'::text, 'prefix'::text, 'param'::text])))
  [FOREIGN KEY] routes_app_id_fk: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE
  [FOREIGN KEY] routes_script_id_fkey: FOREIGN KEY (script_id) REFERENCES scripts(id) ON DELETE CASCADE
  [PRIMARY KEY] routes_pkey: PRIMARY KEY (id)

+constraints on script_imports:
+  [FOREIGN KEY] script_imports_app_id_fkey: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE
+  [FOREIGN KEY] script_imports_imported_script_id_fkey: FOREIGN KEY (imported_script_id) REFERENCES scripts(id) ON DELETE CASCADE
+  [FOREIGN KEY] script_imports_importer_script_id_fkey: FOREIGN KEY (importer_script_id) REFERENCES scripts(id) ON DELETE CASCADE
+  [PRIMARY KEY] script_imports_pkey: PRIMARY KEY (importer_script_id, imported_script_id)
+
 constraints on scripts:
+  [CHECK] scripts_kind_check: CHECK ((kind = ANY (ARRAY['endpoint'::text, 'module'::text])))
  [CHECK] scripts_memory_limit_mb_check: CHECK (((memory_limit_mb > 0) AND (memory_limit_mb <= 2048)))
+  [CHECK] scripts_module_name_shape: CHECK (((kind <> 'module'::text) OR (name ~ '^[a-zA-Z_][a-zA-Z0-9_]{0,63}$'::text)))
  [CHECK] scripts_timeout_seconds_check: CHECK (((timeout_seconds > 0) AND (timeout_seconds <= 300)))
  [FOREIGN KEY] scripts_app_id_fk: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE RESTRICT
  [PRIMARY KEY] scripts_pkey: PRIMARY KEY (id)

+constraints on triggers:
+  [CHECK] triggers_dispatch_mode_check: CHECK ((dispatch_mode = ANY (ARRAY['sync'::text, 'async'::text])))
+  [CHECK] triggers_kind_check: CHECK ((kind = ANY (ARRAY['kv'::text, 'dead_letter'::text, 'docs'::text, 'cron'::text])))
+  [CHECK] triggers_retry_backoff_check: CHECK ((retry_backoff = ANY (ARRAY['exponential'::text, 'linear'::text, 'constant'::text])))
+  [FOREIGN KEY] triggers_app_id_fkey: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE
+  [FOREIGN KEY] triggers_registered_by_principal_fkey: FOREIGN KEY (registered_by_principal) REFERENCES admin_users(id) ON DELETE CASCADE
+  [FOREIGN KEY] triggers_script_id_fkey: FOREIGN KEY (script_id) REFERENCES scripts(id) ON DELETE CASCADE
+  [PRIMARY KEY] triggers_pkey: PRIMARY KEY (id)
+
 ## applied migrations
  0001: init
  0002: sandbox
@@ -215,3 +421,14 @@ constraints on scripts:
  0004: admin auth
  0005: apps
  0006: users authz
+  0007: kv
+  0008: triggers
+  0009: outbox
+  0010: dead letters
+  0011: abandoned executions
+  0012: routes dispatch mode
+  0013: docs
+  0014: docs triggers
+  0015: scripts kind
+  0016: script imports
+  0017: cron triggers