chore: initial commit

Author: tmm

.env.example

@@ -0,0 +1,2 @@
+DB_URL=postgresql://postgres:postgres@db.ztest.local:5432/ztest_dev
+VITE_SYNC_URL=https://sync.ztest.local

.github/README.md

@@ -0,0 +1,26 @@
+# ztest
+
+Install the following tools:
+
+- [direnv](https://github.com/direnv/direnv) - loads environment variables
+- [OrbStack](https://orbstack.dev) - runs dev containers, local HTTPS/domains, etc.
+
+Run the following commands:
+
+```bash
+# Clone and copy empty variables
+gh repo clone tmm/ztest
+cp .env.example .env
+cp .dev.vars.example .dev.vars
+
+pnpm install           # Install local dependencies
+pnpm dev -d            # Start containers
+pnpm db:migrate latest # Setup database and run migrations
+pnpm db:codegen        # Generate Kysely/Zero types from database
+pnpm gen:types         # Generate Cloudflare types
+pnpm test              # Test Zero queries/mutators
+```
+
+## License
+
+[MIT](/LICENSE)

.github/actions/pnpm/action.yml

@@ -0,0 +1,29 @@
+name: 'pnpm'
+
+inputs:
+  node-version:
+    required: true
+  working-directory:
+    default: '.'
+    required: false
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up pnpm
+      uses: pnpm/action-setup@v4
+      with:
+        package_json_file: ${{ inputs.working-directory }}/package.json
+
+    - name: Setup Node.js with pnpm cache
+      uses: actions/setup-node@v4
+      with:
+        cache: pnpm
+        cache-dependency-path: ${{ inputs.working-directory }}/pnpm-lock.yaml
+        node-version: ${{ inputs.node-version }}
+
+    - name: Install dependencies
+      working-directory: ${{ inputs.working-directory }}
+      run: pnpm install
+      shell: bash
+

.github/workflows/check.yml

@@ -0,0 +1,57 @@
+name: Check
+on:
+  workflow_call:
+  workflow_dispatch:
+permissions:
+  contents: read
+
+jobs:
+  app:
+    name: app
+    env:
+      DB_URL: postgres://postgres:postgres@localhost:5432/postgres
+    outputs:
+      artifact_id: ${{ steps.upload-artifact.outputs.artifact-id }}
+    runs-on: ubuntu-latest
+    services:
+      db:
+        image: postgres:16.2-alpine
+        env:
+          POSTGRES_DB: postgres
+          POSTGRES_PASSWORD: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-retries 5
+          --health-timeout 5s
+        ports: ['5432:5432']
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install dependencies
+      uses: ./.github/actions/pnpm
+      with:
+        node-version: 24.10.0
+
+    - name: Check code
+      run: pnpm check
+
+    - name: Test migrations
+      run: pnpm db:migrate latest
+
+    - name: Generate code
+      run: |
+        pnpm db:codegen
+        cp .dev.vars.example .dev.vars
+        pnpm gen:types
+        rm .dev.vars
+
+    - name: Build
+      run: pnpm vite build
+
+    - name: Check types
+      run: pnpm check:types
+
+    - name: Test
+      run: pnpm test

.github/workflows/production.yml

@@ -0,0 +1,12 @@
+name: Production
+on:
+  push:
+    branches: [main]
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  check:
+    name: Check
+    uses: ./.github/workflows/check.yml

.github/workflows/pull-request.yml

@@ -0,0 +1,12 @@
+name: Pull Request
+on:
+  pull_request:
+    types: [opened, reopened, synchronize, ready_for_review]
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  check:
+    name: Check
+    uses: ./.github/workflows/check.yml

.gitignore

@@ -0,0 +1,17 @@
+*.local
+*.log
+.DS_Store
+.dev.vars*
+.env
+.env.json
+.pnpm-store
+.sonda
+.vscode/*
+.wrangler
+dist
+generated
+logs
+node-compile-cache
+node_modules
+pnpm-debug.log*
+sonda-report.html

.npmrc

@@ -0,0 +1,2 @@
+auto-install-peers=false
+enable-pre-post-scripts=true

LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2025-present weth, LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

api/index.push.ts

@@ -0,0 +1,127 @@
+import {
+  type CustomMutatorImpl as CustomMutatorFn,
+  type Schema,
+  withValidation,
+} from "@rocicorp/zero"
+import {
+  PostgresJSConnection,
+  PushProcessor,
+  type ServerTransaction,
+  ZQLDatabase,
+} from "@rocicorp/zero/pg"
+import { handleGetQueriesRequest } from "@rocicorp/zero/server"
+import postgres from "postgres"
+import * as z from "zod/mini"
+import { AuthData } from "../shared/auth.ts"
+import { jsonCodec } from "../shared/codec.ts"
+import { createMutators, type mutators } from "../shared/mutators.ts"
+import * as queries from "../shared/queries.ts"
+import { schema } from "../shared/schema.ts"
+import * as Cookie from "./lib/cookie.ts"
+import * as Urls from "./lib/urls.ts"
+
+export default {
+  async fetch(req, env) {
+    const url = new URL(req.url)
+    const headers = {
+      "Access-Control-Allow-Credentials": "true",
+      "Access-Control-Allow-Headers": "Content-Type, Authorization",
+      "Access-Control-Allow-Methods": "POST, OPTIONS",
+      "Access-Control-Allow-Origin": Urls.origins(
+        Urls.fromString(env.APP_URL),
+      ).join(","),
+      "Access-Control-Max-Age": "86400",
+    } satisfies HeadersInit
+
+    if (req.method === "OPTIONS")
+      return new Response(null, { headers, status: 204 })
+
+    if (req.method === "GET" && url.pathname === "/ping")
+      return new Response("pong", { headers, status: 200 })
+
+    if (
+      req.method !== "POST" &&
+      !(url.pathname === "/mutate" || url.pathname === "/queries")
+    )
+      return new Response("Not found", { headers, status: 404 })
+
+    try {
+      const cookieRaw =
+        req.headers.get("Cookie") ??
+        // Using `Authorization` header for test compat
+        req.headers
+          .get("authorization")
+          ?.replace("Bearer ", "") ??
+        null
+      const cookie = await Cookie.parseSigned(
+        cookieRaw,
+        env.AUTH_SECRET,
+        "ztest.auth",
+      )
+      const authData = cookie
+        ? z.decode(jsonCodec(AuthData), cookie)
+        : undefined
+
+      if (url.pathname === "/queries") {
+        const result = await handleGetQueriesRequest(
+          (name, args) => {
+            const q = validated[name]
+            if (!q) throw new Error(`No such query: ${name}`)
+            return { query: q(authData, ...args) }
+          },
+          schema,
+          req,
+        )
+        return Response.json(result, { headers, status: 200 })
+      }
+
+      const client = createMutators(authData)
+      const mutators = {
+        ...client,
+      } satisfies ServerMutatorDefs
+
+      const processor = new PushProcessor(
+        new ZQLDatabase(
+          new PostgresJSConnection(postgres(env.DB.connectionString)),
+          schema,
+        ),
+      )
+      const result = await processor.process(mutators, req)
+      return Response.json(result, { headers, status: 200 })
+    } catch (error) {
+      console.error(error)
+      return new Response("Internal server error", { headers, status: 500 })
+    }
+  },
+} satisfies ExportedHandler<Pick<Env, "APP_URL" | "AUTH_SECRET" | "DB">>
+
+const validated = Object.fromEntries(
+  [
+    queries.me,
+    queries.repositoriesForAccount,
+    // only used for testing
+    queries.getRepository,
+  ].map((q) => [q.queryName, withValidation(q)]),
+)
+
+type ServerMutatorDefs = {
+  [namespaceOrKey in keyof mutators]: mutators[namespaceOrKey] extends CustomMutatorFn<
+    infer schema,
+    infer transaction,
+    infer args
+  >
+    ? CustomServerMutatorImpl<schema, transaction, args>
+    : {
+        [key in keyof mutators[namespaceOrKey]]: mutators[namespaceOrKey][key] extends CustomMutatorFn<
+          infer schema,
+          infer transaction,
+          infer args
+        >
+          ? CustomServerMutatorImpl<schema, transaction, args>
+          : never
+      }
+}
+type CustomServerMutatorImpl<schema extends Schema, transaction, args> = (
+  tx: ServerTransaction<schema, transaction>,
+  args: args,
+) => Promise<void>