032df2cf31
The delete cap (GIT_SYNC_MAX_DELETES_PER_CYCLE, default 5) was a defense-in-depth guard that SUPPRESSED a cycle's deletions when the planned count exceeded the limit. In practice it was a crutch over engine correctness that also blocked legitimate deletes: deleting a folder with many child pages is a normal action, and git-sync deletes are SOFT (Trash, reversible), so a blocking limit has little upside and real downside. There is also no user-facing surface to "confirm" a large delete from a background sync — the only channel is the operator log. So: drop the cap entirely. Deletes apply unconditionally; every cycle already logs its full push plan, per-action `delete: <pageId>` lines, and completion counts through the engine `log`, so what was deleted (and what was skipped) is always recorded. Engine correctness (the reconcile/layout/round-trip tests) is what prevents phantom deletions — not a blocking cap. Removed: orchestrator `resolveApplyClient` cap hook + `maxDeletes`, `getGitSyncMaxDeletesPerCycle`, the `GIT_SYNC_MAX_DELETES_PER_CYCLE` env/validation/.env.example, and the cap tests. (The engine's generic optional `resolveApplyClient` hook is left as an unused extension point.) server tsc clean, git-sync + environment jest 174. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
247 lines
5.8 KiB
TypeScript
247 lines
5.8 KiB
TypeScript
import {
|
|
IsIn,
|
|
IsNotEmpty,
|
|
IsNotIn,
|
|
IsOptional,
|
|
IsString,
|
|
IsUrl,
|
|
MinLength,
|
|
ValidateIf,
|
|
validateSync,
|
|
} from 'class-validator';
|
|
import { plainToInstance } from 'class-transformer';
|
|
import { IsISO6391 } from '../../common/validators/is-iso6391';
|
|
|
|
export class EnvironmentVariables {
|
|
@IsNotEmpty()
|
|
@IsUrl(
|
|
{
|
|
protocols: ['postgres', 'postgresql'],
|
|
require_tld: false,
|
|
allow_underscores: true,
|
|
},
|
|
{ message: 'DATABASE_URL must be a valid postgres connection string' },
|
|
)
|
|
DATABASE_URL: string;
|
|
|
|
@IsNotEmpty()
|
|
@IsUrl(
|
|
{
|
|
protocols: ['redis', 'rediss'],
|
|
require_tld: false,
|
|
allow_underscores: true,
|
|
},
|
|
{ message: 'REDIS_URL must be a valid redis connection string' },
|
|
)
|
|
REDIS_URL: string;
|
|
|
|
@IsOptional()
|
|
@IsUrl({ protocols: ['http', 'https'], require_tld: false })
|
|
APP_URL: string;
|
|
|
|
@IsNotEmpty()
|
|
@MinLength(32)
|
|
@IsNotIn(['REPLACE_WITH_LONG_SECRET'])
|
|
APP_SECRET: string;
|
|
|
|
@IsOptional()
|
|
@IsIn(['smtp', 'postmark'])
|
|
MAIL_DRIVER: string;
|
|
|
|
@IsOptional()
|
|
@IsIn(['local', 's3', 'azure'])
|
|
STORAGE_DRIVER: string;
|
|
|
|
@IsOptional()
|
|
@ValidateIf((obj) => obj.COLLAB_URL != '' && obj.COLLAB_URL != null)
|
|
@IsUrl({ protocols: ['http', 'https'], require_tld: false })
|
|
COLLAB_URL: string;
|
|
|
|
@IsOptional()
|
|
CLOUD: boolean;
|
|
|
|
@IsOptional()
|
|
@IsUrl(
|
|
{ protocols: [], require_tld: true },
|
|
{
|
|
message:
|
|
'SUBDOMAIN_HOST must be a valid FQDN domain without the http protocol. e.g example.com',
|
|
},
|
|
)
|
|
@ValidateIf((obj) => obj.CLOUD === 'true'.toLowerCase())
|
|
SUBDOMAIN_HOST: string;
|
|
|
|
@IsOptional()
|
|
@IsIn(['database', 'typesense'])
|
|
@IsString()
|
|
SEARCH_DRIVER: string;
|
|
|
|
@IsOptional()
|
|
@IsUrl(
|
|
{
|
|
protocols: ['http', 'https'],
|
|
require_tld: false,
|
|
allow_underscores: true,
|
|
},
|
|
{
|
|
message:
|
|
'TYPESENSE_URL must be a valid typesense url e.g http://localhost:8108',
|
|
},
|
|
)
|
|
@ValidateIf((obj) => obj.SEARCH_DRIVER === 'typesense')
|
|
TYPESENSE_URL: string;
|
|
|
|
@ValidateIf((obj) => obj.SEARCH_DRIVER === 'typesense')
|
|
@IsNotEmpty()
|
|
@IsString()
|
|
TYPESENSE_API_KEY: string;
|
|
|
|
@IsOptional()
|
|
@ValidateIf((obj) => obj.SEARCH_DRIVER === 'typesense')
|
|
@IsISO6391()
|
|
@IsString()
|
|
TYPESENSE_LOCALE: string;
|
|
|
|
@IsOptional()
|
|
@ValidateIf((obj) => obj.AI_DRIVER)
|
|
@IsIn(['openai', 'openai-compatible', 'gemini', 'ollama'])
|
|
@IsString()
|
|
AI_DRIVER: string;
|
|
|
|
@IsOptional()
|
|
@IsString()
|
|
AI_EMBEDDING_MODEL: string;
|
|
|
|
@ValidateIf((obj) => obj.AI_EMBEDDING_DIMENSION)
|
|
@IsIn(['768', '1024', '1536', '2000', '3072'])
|
|
@IsString()
|
|
AI_EMBEDDING_DIMENSION: string;
|
|
|
|
@IsOptional()
|
|
@ValidateIf((obj) => obj.AI_EMBEDDING_SUPPORTS_MRL)
|
|
@IsIn(['true', 'false'])
|
|
@IsString()
|
|
AI_EMBEDDING_SUPPORTS_MRL: string;
|
|
|
|
@ValidateIf((obj) => obj.AI_DRIVER)
|
|
@IsString()
|
|
@IsNotEmpty()
|
|
AI_COMPLETION_MODEL: string;
|
|
|
|
@IsOptional()
|
|
@ValidateIf(
|
|
(obj) =>
|
|
obj.AI_DRIVER && ['openai', 'openai-compatible'].includes(obj.AI_DRIVER),
|
|
)
|
|
@IsString()
|
|
@IsNotEmpty()
|
|
OPENAI_API_KEY: string;
|
|
|
|
@IsOptional()
|
|
@ValidateIf(
|
|
(obj) =>
|
|
obj.AI_DRIVER === 'openai-compatible' ||
|
|
(obj.AI_DRIVER === 'openai' && obj.OPENAI_API_URL),
|
|
)
|
|
@IsUrl({ protocols: ['http', 'https'], require_tld: false })
|
|
OPENAI_API_URL: string;
|
|
|
|
@ValidateIf((obj) => obj.AI_DRIVER && obj.AI_DRIVER === 'gemini')
|
|
@IsString()
|
|
@IsNotEmpty()
|
|
GEMINI_API_KEY: string;
|
|
|
|
@ValidateIf((obj) => obj.AI_DRIVER && obj.AI_DRIVER === 'ollama')
|
|
@IsUrl({ protocols: ['http', 'https'], require_tld: false })
|
|
OLLAMA_API_URL: string;
|
|
|
|
@IsOptional()
|
|
@IsIn(['postgres', 'clickhouse'])
|
|
@IsString()
|
|
EVENT_STORE_DRIVER: string;
|
|
|
|
@ValidateIf((obj) => obj.EVENT_STORE_DRIVER === 'clickhouse')
|
|
@IsNotEmpty()
|
|
@IsUrl(
|
|
{ protocols: ['http', 'https'], require_tld: false },
|
|
{
|
|
message:
|
|
'CLICKHOUSE_URL must be a valid URL e.g http://user:password@localhost:8123/docmost',
|
|
},
|
|
)
|
|
CLICKHOUSE_URL: string;
|
|
|
|
// --- git-sync (issue #194 §7.2) — all OPTIONAL. The master switch defaults off; a
|
|
// required-if-enabled service user id is validated only when sync is on. ---
|
|
|
|
@IsOptional()
|
|
@IsIn(['true', 'false'])
|
|
@IsString()
|
|
GIT_SYNC_ENABLED: string;
|
|
|
|
// Whether to serve the per-space vaults over smart-HTTP (the /git host).
|
|
// When unset, defaults to GIT_SYNC_ENABLED (see isGitSyncHttpEnabled).
|
|
@IsOptional()
|
|
@IsIn(['true', 'false'])
|
|
@IsString()
|
|
GIT_SYNC_HTTP_ENABLED: string;
|
|
|
|
@IsOptional()
|
|
@IsString()
|
|
GIT_SYNC_DATA_DIR: string;
|
|
|
|
@IsOptional()
|
|
@IsString()
|
|
GIT_SYNC_REMOTE_TEMPLATE: string;
|
|
|
|
@IsOptional()
|
|
@IsString()
|
|
GIT_SYNC_POLL_INTERVAL_MS: string;
|
|
|
|
@IsOptional()
|
|
@IsString()
|
|
GIT_SYNC_DEBOUNCE_MS: string;
|
|
|
|
// Watchdog timeout (ms) for the spawned `git http-backend` process (default
|
|
// 120000): a stalled receive-pack is killed so it cannot hold the per-space
|
|
// lock forever. Optional int (validated as a string env).
|
|
@IsOptional()
|
|
@IsString()
|
|
GIT_SYNC_BACKEND_TIMEOUT_MS: string;
|
|
|
|
|
|
// Required when git-sync is enabled: the service user create/move/rename/delete
|
|
// are attributed to (issue #194 §7.2). Optional otherwise.
|
|
@ValidateIf((obj) => obj.GIT_SYNC_ENABLED === 'true')
|
|
@IsNotEmpty()
|
|
@IsString()
|
|
GIT_SYNC_SERVICE_USER_ID: string;
|
|
|
|
@IsOptional()
|
|
@IsString()
|
|
GIT_SYNC_SSH_KEY_PATH: string;
|
|
}
|
|
|
|
export function validate(config: Record<string, any>) {
|
|
const validatedConfig = plainToInstance(EnvironmentVariables, config);
|
|
|
|
const errors = validateSync(validatedConfig);
|
|
|
|
if (errors.length > 0) {
|
|
console.error(
|
|
'The Environment variables has failed the following validations:',
|
|
);
|
|
|
|
errors.map((error) => {
|
|
console.error(JSON.stringify(error.constraints));
|
|
});
|
|
|
|
console.error(
|
|
'Please fix the environment variables and try again. Exiting program...',
|
|
);
|
|
process.exit(1);
|
|
}
|
|
|
|
return validatedConfig;
|
|
}
|