PiCloud

fabi/PiCloud

Fork 0

Commit Graph

Author	SHA1	Message	Date
MechaCat02	4c41374db4	feat(manager-core,orchestrator-core): multi-app scoping (Phase 3b) Apps become the isolation boundary for scripts, routes, domains, and later data. Doing this now — while the surface is small — avoids several migrations on populated tables once v1.1 data-plane services ship. Schema (migration 0005_apps.sql): - New tables: apps, app_domains (with shape_key UNIQUE for collision detection), app_slug_history (for permanent slug-rename redirects). - app_id added to scripts, routes, execution_logs (non-null, cascading rules per row). - Script-name uniqueness becomes per-app; the route unique index is swapped for an app-scoped version. - The "default" app is seeded unconditionally with a localhost claim; existing scripts/routes backfill into it. Fresh installs additionally get the Hello World seed via seed_hello_world_if_fresh after migrations run (idempotent — only fires when the default app has no scripts). Orchestrator dispatch is two-phase: AppDomainTable resolves Host → app_id (most-specific match wins, exact beats wildcard), then the existing route matcher runs against that app's partitioned slice via RouteTable. Unknown hosts return 404 at the app layer with a clear message; /api/v1/execute/{id} still works as the implicit __internal__ claim, decoupled from any public domain. Manager API: full CRUD for /api/v1/admin/apps/* and /api/v1/admin/apps/{id_or_slug}/domains/*, with slug:check + force takeover semantics implementing the rename-history flow (two-step check → confirm, never a single endpoint). Script create requires app_id; list accepts ?app= filter. Route create validates host against the parent app's claims; conflict detection stays strictly intra-app. Dashboard: /admin/apps and /admin/apps/{slug} (overview + scripts + domains + settings tabs, with slug-history-aware redirects). Root path redirects to the apps list. Script detail page gains an app breadcrumb and threads app_id into the route preview. Deferred per design: per-app admin roles. The require_admin middleware remains the seam where role checks will slot in later. Blueprint §11.5 and roadmap updated to reflect what shipped; docs/ versioning.md notes the schema 3 → 5 bump. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-25 21:03:05 +02:00
MechaCat02	777f4af628	feat: persist execution logs + dashboard detail view + integration tests Three threads landing together because they share a public surface (the new execution_log shape) and verifying any one in isolation would mean re-doing the work later. == (A) execution log persistence == * shared::ExecutionLog + ExecutionStatus carry the audit-trail shape that flows from the orchestrator through the sink and back out via the manager's logs endpoint. * shared::ExecutionLogSink trait — abstraction the orchestrator writes through. In single-process MVP mode the manager's Postgres-backed impl is plugged in directly; in cluster mode (v1.3+) the orchestrator's impl will post over HTTP to the manager. Trait lives in `shared` so neither -core crate has to know about the other. manager-core::PostgresExecutionLogSink writes to the execution_logs table (already in the initial migration); PostgresExecutionLogRepository reads them back, paginated. AdminState now carries both a script repo and a log repo, so `admin_router` exposes `GET /scripts/{id}/logs?limit=&offset=` capped at 200 rows per page to keep the dashboard responsive. * orchestrator-core::DataPlaneState gains `log_sink`. The execute handler builds an ExecutionLog on every outcome — success, error, timeout, budget-exceeded — and awaits the sink. Sink failures are logged at warn and DO NOT mask the user-facing result, since "we couldn't write the audit row" is a separate concern from "the script ran". * picloud binary refactored into a lib (`build_app(pool)` is the seam) + thin bin shell. Same Postgres pool backs the script repo, the log repo, and the sink — no double pool. == (B) dashboard == * Typed API client extended with `scripts.logs(id, opts)`, `scripts.update/remove`, and `execute(id, body, headers)`. Plain `fetch` wrapper now surfaces server-side error messages via a typed ApiError so the UI can render them. * `/` — create-script form now actually creates; on success the list reloads. List entries link to detail. * `/scripts/[id]` — new detail route: source editor with save (calls update, version bumps); Test invoke panel that sends arbitrary JSON body + headers to /api/execute and shows the response; Recent executions panel reading from /logs with expandable per-row request/response/script-log views. Delete button with confirm. SPA-routed; Caddy serves `build/` with the same index.html fallback. == (C) integration tests == * crates/picloud/tests/api.rs — 14 sqlx::test cases driving `build_app` through an axum_test::TestServer against a fresh Postgres DB per test. Covers: health, full script CRUD, duplicate-name conflict, invalid-source rejection on both create and update, execute echoing the body, status+header passthrough, 404 on missing scripts, error-path executions landing in the audit log with the right status. * Tests are `#[ignore]` by default so plain `cargo test --workspace` stays green without infrastructure. Opt-in via: `docker compose up -d postgres && \ DATABASE_URL=postgres://picloud:picloud@127.0.0.1:15432/picloud \ cargo test -p picloud --test api -- --include-ignored` Verified live through Caddy on :8000: three logged invocations land in the logs endpoint with the right structured `data` on each `log::info`/`log::warn`, error-path executions are still captured with status=error, dashboard list + SPA detail route both reachable. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-23 00:16:32 +02:00

Author

SHA1

Message

Date

MechaCat02

4c41374db4

feat(manager-core,orchestrator-core): multi-app scoping (Phase 3b)

Apps become the isolation boundary for scripts, routes, domains, and
later data. Doing this now — while the surface is small — avoids
several migrations on populated tables once v1.1 data-plane services
ship.

Schema (migration 0005_apps.sql):
- New tables: apps, app_domains (with shape_key UNIQUE for collision
  detection), app_slug_history (for permanent slug-rename redirects).
- app_id added to scripts, routes, execution_logs (non-null, cascading
  rules per row).
- Script-name uniqueness becomes per-app; the route unique index is
  swapped for an app-scoped version.
- The "default" app is seeded unconditionally with a localhost claim;
  existing scripts/routes backfill into it. Fresh installs additionally
  get the Hello World seed via seed_hello_world_if_fresh after
  migrations run (idempotent — only fires when the default app has no
  scripts).

Orchestrator dispatch is two-phase: AppDomainTable resolves Host →
app_id (most-specific match wins, exact beats wildcard), then the
existing route matcher runs against that app's partitioned slice via
RouteTable. Unknown hosts return 404 at the app layer with a clear
message; /api/v1/execute/{id} still works as the implicit
__internal__ claim, decoupled from any public domain.

Manager API: full CRUD for /api/v1/admin/apps/* and
/api/v1/admin/apps/{id_or_slug}/domains/*, with slug:check + force
takeover semantics implementing the rename-history flow (two-step
check → confirm, never a single endpoint). Script create requires
app_id; list accepts ?app= filter. Route create validates host
against the parent app's claims; conflict detection stays strictly
intra-app.

Dashboard: /admin/apps and /admin/apps/{slug} (overview + scripts +
domains + settings tabs, with slug-history-aware redirects). Root
path redirects to the apps list. Script detail page gains an app
breadcrumb and threads app_id into the route preview.

Deferred per design: per-app admin roles. The require_admin middleware
remains the seam where role checks will slot in later.

Blueprint §11.5 and roadmap updated to reflect what shipped; docs/
versioning.md notes the schema 3 → 5 bump.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-25 21:03:05 +02:00

MechaCat02

777f4af628

feat: persist execution logs + dashboard detail view + integration tests

Three threads landing together because they share a public surface
(the new execution_log shape) and verifying any one in isolation
would mean re-doing the work later.

== (A) execution log persistence ==

  * shared::ExecutionLog + ExecutionStatus carry the audit-trail
    shape that flows from the orchestrator through the sink and
    back out via the manager's logs endpoint.

  * shared::ExecutionLogSink trait — abstraction the orchestrator
    writes through. In single-process MVP mode the manager's
    Postgres-backed impl is plugged in directly; in cluster mode
    (v1.3+) the orchestrator's impl will post over HTTP to the
    manager. Trait lives in `shared` so neither *-core crate has
    to know about the other.

  * manager-core::PostgresExecutionLogSink writes to the
    execution_logs table (already in the initial migration);
    PostgresExecutionLogRepository reads them back, paginated.
    AdminState now carries both a script repo and a log repo, so
    `admin_router` exposes `GET /scripts/{id}/logs?limit=&offset=`
    capped at 200 rows per page to keep the dashboard responsive.

  * orchestrator-core::DataPlaneState gains `log_sink`. The
    execute handler builds an ExecutionLog on every outcome —
    success, error, timeout, budget-exceeded — and awaits the
    sink. Sink failures are logged at warn and DO NOT mask the
    user-facing result, since "we couldn't write the audit row"
    is a separate concern from "the script ran".

  * picloud binary refactored into a lib (`build_app(pool)` is
    the seam) + thin bin shell. Same Postgres pool backs the
    script repo, the log repo, and the sink — no double pool.

== (B) dashboard ==

  * Typed API client extended with `scripts.logs(id, opts)`,
    `scripts.update/remove`, and `execute(id, body, headers)`.
    Plain `fetch` wrapper now surfaces server-side error
    messages via a typed ApiError so the UI can render them.

  * `/` — create-script form now actually creates; on success
    the list reloads. List entries link to detail.

  * `/scripts/[id]` — new detail route: source editor with save
    (calls update, version bumps); Test invoke panel that sends
    arbitrary JSON body + headers to /api/execute and shows the
    response; Recent executions panel reading from /logs with
    expandable per-row request/response/script-log views.
    Delete button with confirm. SPA-routed; Caddy serves
    `build/` with the same index.html fallback.

== (C) integration tests ==

  * crates/picloud/tests/api.rs — 14 sqlx::test cases driving
    `build_app` through an axum_test::TestServer against a fresh
    Postgres DB per test. Covers: health, full script CRUD,
    duplicate-name conflict, invalid-source rejection on both
    create and update, execute echoing the body, status+header
    passthrough, 404 on missing scripts, error-path executions
    landing in the audit log with the right status.

  * Tests are `#[ignore]` by default so plain `cargo test
    --workspace` stays green without infrastructure. Opt-in via:
    `docker compose up -d postgres && \
       DATABASE_URL=postgres://picloud:picloud@127.0.0.1:15432/picloud \
       cargo test -p picloud --test api -- --include-ignored`

Verified live through Caddy on :8000: three logged invocations
land in the logs endpoint with the right structured `data` on
each `log::info`/`log::warn`, error-path executions are still
captured with status=error, dashboard list + SPA detail route
both reachable.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-23 00:16:32 +02:00

2 Commits