mirror/spacedrive
1
0
Fork 0
mirror of https://github.com/spacedriveapp/spacedrive.git synced 2026-05-18 13:26:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

move docs

Browse Source
This commit is contained in:
Jamie Pine
2025-10-11 10:53:17 -07:00
parent 63397de4f5
commit f5e3465b75
106 changed files with 0 additions and 58195 deletions
Download Patch File Download Diff File Expand all files Collapse all files

287
docs/PROJECT_STATUS_SUMMARY.md
View File

@@ -1,287 +0,0 @@
# Spacedrive v2 - Executive Status Summary
*October 11, 2025 | Updated: October 11, 2025*
## TL;DR
**Implementation:** ~87% of whitepaper core features complete *(revised from 82%)*
**Code:** 68,180 lines (61,831 Rust core + 4,131 CLI + 2,218 docs)
**Status:** Advanced Alpha - **sync infrastructure complete**, missing AI/cloud
**Production Ready:** **Alpha Nov 2025** **ACHIEVABLE** | Beta Q1 2026 *(revised from Q2)*
**Critical Update:** Sync infrastructure 95% complete with 1,554 lines of passing integration tests - only model wiring remains.
---
## Progress By Area
| Area | Status | % Complete | Notes |
|------|--------|-----------|-------|
| **Core VDFS** | Done | 95% | Entry model, SdPath, content identity, file types, tagging all working |
| **Indexing Engine** | Done | 90% | 5-phase pipeline, resumability, change detection complete |
| **Actions System** | Done | 100% | Preview-commit-verify, audit logging, all actions implemented |
| **File Operations** | Done | 85% | Copy/move/delete with strategy pattern working |
| **Job System** | Done | 100% | Durable jobs, resumability, progress tracking complete |
| **Networking** | Done | 85% | Iroh P2P, device pairing, mDNS discovery working |
| **Library Sync** | Done | 95% | **All infrastructure complete with validated tests - just needs model wiring** |
| **Volume System** | Done | 90% | Detection, classification, tracking, speed testing complete |
| **CLI** | Done | 85% | All major commands functional |
| **iOS/macOS Apps** | Partial | 65% | Core features work, polish needed |
| **Extension System** | Partial | 60% | WASM runtime + SDK done, API surface incomplete |
| **Search** | Partial | 40% | Basic search works, FTS5/semantic missing |
| **Sidecars** | Partial | 70% | Types + paths done, generation workflows incomplete |
| **Security** | Partial | 30% | Network encrypted, database encryption missing |
| **AI Agent** | Not Started | 0% | Greenfield |
| **Cloud Services** | Not Started | 0% | Greenfield |
---
## What Works Today ✅
### You Can:
- Create and manage libraries
- Add locations and index directories (millions of files)
- Copy, move, delete files with intelligent routing
- Discover and pair devices on local network
- **Sync tags between devices** **[NEW]**
- **Sync locations and entries between devices** **[NEW]**
- Create semantic tags with hierarchies
- Search files by metadata and tags
- Detect and track all volumes
- Use comprehensive CLI
- Run iOS app with photo backup to paired devices
- Load and run WASM extensions
### You Cannot (Yet):
- Sync ALL models (15-20 models need wiring - 1 week) *(was: cannot sync at all)*
- Use AI for file organization
- Search by file content semantically
- Backup to cloud
- Encrypt libraries at rest
- Set up automated file sync policies
- Use Spacedrop (P2P file sharing)
---
## Task Breakdown
**Completed:** 30 tasks ✅
- All core VDFS architecture
- All action system
- All job system
- All networking basics
- All volume operations
- Device pairing
- Library sync foundations
**In Progress:** 8 tasks 🔄
- CLI polish
- Virtual sidecars
- File sync conduits
- Location watcher
- Library sync (shared metadata)
- Search improvements
- Security
**Not Started:** 52 tasks ❌
- AI agent system (5 tasks)
- Cloud infrastructure (4 tasks)
- WASM plugin system completion (4 tasks)
- Client caches and optimistic updates (7 tasks)
- File sync policies (9 tasks)
- Advanced search (3 tasks)
- Security features (5 tasks)
- Remaining networking (1 task)
- Many polish items (14+ tasks)
---
## Whitepaper Implementation Status
### Fully Implemented ✅
1. **VDFS Core**
- Entry-centric model
- SdPath addressing (physical + content-aware)
- Content identity with adaptive hashing
- Hierarchical indexing (closure tables)
- Advanced file type system
- Semantic tagging
2. **Indexing**
- 5-phase pipeline (discovery, processing, aggregation, content, analysis)
- Resumability with checkpoints
- Change detection
- Rules engine (`.gitignore` style)
3. **Transactional Actions**
- Preview, commit, verify pattern
- Durable execution
- Audit logging
- Conflict detection
4. **Networking**
- Iroh P2P with QUIC
- mDNS device discovery
- Secure device pairing
- Protocol multiplexing (ALPN)
5. **Jobs**
- Resumable job system
- State persistence
- Progress tracking
- Per-job logging
### Partially Implemented 🔄
1. **Library Sync** (~95%)
- Leaderless architecture
- Domain separation
- State-based sync (device data) - **fully working**
- Log-based sync (shared data) - **fully working with HLC**
- HLC timestamps - **complete (348 LOC, tested)**
- Syncable trait - **complete (337 LOC, in use)**
- Backfill with full state snapshots
- Transitive sync validated
- Model wiring (15-20 models remaining - 1 week)
2. **Search** (~40%)
- Basic filtering and sorting
- FTS5 index (migration exists, not integrated)
- Semantic re-ranking - 0%
- Vector search - 0%
3. **Virtual Sidecars** (~70%)
- Types and path system
- Database entities
- Generation workflows - 50%
- Cross-device availability - 0%
4. **Extensions** (~60%)
- WASM runtime
- Permission system
- Beautiful SDK with macros
- VDFS API - 30%
- AI API - 0%
- Credential API - 0%
### Not Implemented ❌
1. **AI Agent** (0%)
- Observe-Orient-Act loop
- Natural language interface
- Proactive assistance
- Local model integration
2. **Cloud as a Peer** (0%)
- Managed cloud core
- Relay server
- S3 integration
3. **Security** (~30% done, major pieces missing)
- SQLCipher encryption at rest
- RBAC system
- Cryptographic audit log
---
## Code Quality
### Strengths ✅
- Clean CQRS/DDD architecture
- Comprehensive error handling with `Result` types
- Modern async Rust with Tokio
- Well-organized module structure
- Extensive documentation (147 markdown files)
- Strong type safety
- Resumable job design
### Weaknesses
- Limited test coverage (integration tests exist but sparse)
- Some APIs still evolving
- iOS app has background processing constraints
- Performance benchmarks incomplete
---
## Critical Path to Production
### Phase 1: Core Completion (3-4 months)
1. Complete library sync (HLC, shared metadata)
2. Integrate FTS5 search
3. Finish virtual sidecars
4. Add SQLCipher encryption
5. Basic file sync policies (Replicate, Synchronize)
### Phase 2: Testing & Hardening (2 months)
1. Comprehensive integration tests
2. Performance benchmarking
3. Security audit
4. Error recovery testing
5. Multi-device testing
### Phase 3: Polish (2 months)
1. UI/UX improvements
2. Error messages
3. Documentation
4. Deployment guides
### Phase 4: Beta Release (Q2 2026)
- Feature-complete core VDFS
- Encrypted, synced libraries
- Working search
- Production-ready networking
- Stable iOS/macOS apps
### Phase 5: AI & Cloud (Later)
- AI agent (3-4 months)
- Cloud infrastructure (2-3 months)
- Semantic search (2 months)
---
## Recommended Focus
### Immediate (This Month)
1. **Complete library sync** - Most impactful for multi-device use
2. **Integrate FTS5** - Low-hanging fruit for search
3. **Finish sidecars** - Enables rich media features
### Next Quarter
1. **SQLCipher** - Security critical
2. **File sync policies** - Automated backup
3. **Testing** - Production readiness
### Later
1. **AI agent** - Differentiator
2. **Cloud services** - Business model
3. **Semantic search** - Advanced features
---
## Bottom Line
**Spacedrive v2 is 87% complete** with a **production-ready foundation and working sync**. The core VDFS architecture is solid, **sync infrastructure is complete with validated end-to-end tests**, and file operations are robust.
### Correction to Initial Assessment
Initial analysis **significantly underestimated sync completeness**. The 1,554-line integration test suite proves:
- State-based sync working
- Log-based sync with HLC working
- Backfill with full state snapshots
- Transitive sync validated (A→B→C)
**Only remaining:** Wire 15-20 models to existing sync API (~1 week, not 3 months)
### What's Actually Missing:
1. **Model wiring** - 1 week *(was: 3-4 months for "sync")*
2. **AI agent basics** - 3-4 weeks with AI assistance
3. **Extensions** - 3-4 weeks (Chronicle, Cipher, Ledger, Atlas)
4. **Encryption at rest** - 2-3 weeks
5. **Polish and testing** - 2-3 weeks
**Total: 4-6 weeks at your demonstrated velocity**
**The vision is realized. Sync is working. November alpha is achievable.**
**Alpha: November 2025** **ACHIEVABLE** | Beta: Q1 2026 *(revised from Q2)*
---
For detailed analysis, see [PROJECT_STATUS_REPORT.md](PROJECT_STATUS_REPORT.md)

245
docs/core/design/ACTIONS_GUIDE.md
View File

@@ -1,245 +0,0 @@
## Spacedrive Actions: Architecture and Authoring Guide
This document explains the current Action System in `sd-core`, how actions are discovered and dispatched, how inputs/outputs are shaped, how domain paths (`SdPath`, `SdPathBatch`) are used, and how to add new actions consistently.
### Scope at a Glance
- Core files:
- `core/src/infra/action/mod.rs` — traits for `CoreAction` and `LibraryAction`
- `core/src/ops/registry.rs` — action/query registry and registration macros
- `core/src/infra/action/manager.rs``ActionManager` that validates, audits and executes actions
- Domain paths: `core/src/domain/addressing.rs` (`SdPath`, `SdPathBatch`)
- Job system integration:
- Actions frequently dispatch Jobs and return a `JobHandle`
- Job progress is emitted via `EventBus` (see `core/src/infra/event/mod.rs`)
### Action Traits
There are two flavors of actions:
- `CoreAction` — operates without a specific library context (e.g., creating/deleting a library):
- Associated types: `type Input`, `type Output`
- `from_input(input) -> Self` — build action from wire input
- `async fn execute(self, context: Arc<CoreContext>) -> Result<Output, ActionError>`
- `fn action_kind(&self) -> &'static str`
- Optional `async fn validate(&self, context)`
- `LibraryAction` — operates within a specific library (files, locations, indexing, volumes):
- Associated types: `type Input`, `type Output`
- `from_input(input) -> Self`
- `async fn execute(self, library: Arc<Library>, context: Arc<CoreContext>) -> Result<Output, ActionError>`
- `fn action_kind(&self) -> &'static str`
- Optional `async fn validate(&self, &Arc<Library>, context)`
Both traits are implemented directly on the action struct. The manager handles orchestration (validation, audit log, execution).
### Registry & Wire Methods
`core/src/ops/registry.rs` provides macros that register actions and queries using the `inventory` crate.
- Library actions use:
```rust
crate::register_library_action!(MyAction, "group.operation");
```
This generates:
- A wire method on the input type: `action:group.operation.input.v1`
- An inventory `ActionEntry` bound to `handle_library_action::<MyAction>`
- Queries use `register_query!(QueryType, "group.name");`
Naming convention for wire methods:
- `action:<name>.input.v1` for action inputs
- `query:<name>.v1` for queries
The daemon/API can route calls by these method strings to decode inputs and trigger the right handler.
### ActionManager Flow (Library Actions)
`ActionManager::dispatch_library(library_id, action)`:
1. Loads and validates the library (ensures it exists)
2. Calls `action.validate(&library, context)` (optional)
3. Creates an audit log entry
4. Executes `action.execute(library, context)`
5. Finalizes the audit log with success/failure
For `CoreAction`, `dispatch_core(action)` follows a similar path without a library.
### Domain Paths: `SdPath` and `SdPathBatch`
Actions operate on Spacedrive domain paths, not raw filesystem strings:
- `SdPath` — can be a `Physical { device_id, path }` or `Content { content_id }`. `SdPath::local(path)` creates a physical path on the current device.
- `SdPathBatch` — a simple wrapper: `struct SdPathBatch { pub paths: Vec<SdPath> }`
Guidelines:
- Prefer `SdPath` in action inputs/outputs rather than `PathBuf`
- For multi-path inputs, use `SdPathBatch`
- When you need a local path at execution time, use helpers like `as_local_path()`
Example (from Files Copy):
```rust
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct FileCopyAction {
pub sources: SdPathBatch,
pub destination: SdPath,
pub options: CopyOptions,
}
impl LibraryAction for FileCopyAction { /* ... */ }
```
### Inputs and Builders
Actions often define an explicit `Input` type for the wire contract and a small builder or convenience API to create well-formed actions from CLI/REST/GraphQL translators. Example: `FileCopyInput` maps CLI flags into a `CopyOptions` plus `SdPath`/`SdPathBatch` and conversions happen in `from_input`.
Validation layers:
- Syntactic/cheap validation in `Input::validate()` (returning a vector of errors)
- Action-level `validate(...)` invoked by the manager before `execute`
### Job Dispatch & Outputs
For long-running operations (copy, delete, indexing), actions typically create and dispatch a job via the library job manager, returning a `JobHandle` as the action output. Example:
```rust
let job = FileCopyJob::new(self.sources, self.destination).with_options(self.options);
let job_handle = library.jobs().dispatch(job).await?;
Ok(job_handle)
```
Progress and completion events are emitted on the `EventBus` (`Event::JobProgress`, `Event::JobCompleted`, etc.).
### Current Registered Operations
Discovered via registry:
- Library actions (registered):
- `files.copy`
- `files.delete`
- `files.duplicate_detection`
- `files.validation`
- `indexing.start`
- Queries (registered):
- `core.status`
- `libraries.list`
Implemented but not yet registered (present `impl LibraryAction` without `register_library_action!`):
- `locations.add`, `locations.remove`, `locations.rescan`
- `libraries.export`, `libraries.rename`
- `volumes.track`, `volumes.untrack`, `volumes.speed_test`
- `media.thumbnail`
Implemented `CoreAction` (not yet registered via a core registration macro):
- `library.create`, `library.delete`
> Note: Core action registration would use a `register_core_action!` macro similar to library actions. The registry contains such a macro, but it is not yet invoked for these actions.
### Authoring a New Library Action (Checklist)
1. Define your wire `Input` type:
```rust
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct MyOpInput { /* fields using SdPath / SdPathBatch / options */ }
```
2. Define your action struct and implement `LibraryAction`:
```rust
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct MyOpAction { input: MyOpInput }
impl LibraryAction for MyOpAction {
type Input = MyOpInput;
type Output = /* domain type or JobHandle */;
fn from_input(input: MyOpInput) -> Result<Self, String> { Ok(Self { input }) }
async fn validate(&self, _lib: &Arc<Library>, _ctx: Arc<CoreContext>) -> Result<(), ActionError> {
// cheap checks; return ActionError::Validation { field, message } on invalid
Ok(())
}
async fn execute(self, library: Arc<Library>, ctx: Arc<CoreContext>) -> Result<Self::Output, ActionError> {
// do the work or dispatch a job
Ok(/* output */)
}
fn action_kind(&self) -> &'static str { "group.operation" }
}
```
3. Register the action:
```rust
crate::register_library_action!(MyOpAction, "group.operation");
// Wire method will be: action:group.operation.input.v1
```
4. Ensure inputs use `SdPath`/`SdPathBatch` appropriately. For multiple paths:
```rust
let batch = SdPathBatch::new(vec![SdPath::local("/path/a"), SdPath::local("/path/b")]);
```
5. Prefer returning native domain outputs or `JobHandle` for long-running tasks.
6. Emit appropriate `EventBus` events from jobs for progress UX.
### Conventions & Tips
- `action_kind()` should match your domain naming (`"files.copy"`, `"volumes.track"`, etc.)
- Keep builders thin; ensure `from_input()` is the canonical wire adapter
- Put expensive I/O in the `execute` or in jobs, not in validation
- Use `ActionError::Validation { field, message }` for user-facing errors
- When interacting with the filesystem, always resolve/check local paths via `SdPath::as_local_path()`
### Minimal Example
```rust
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ExampleInput { pub targets: SdPathBatch }
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ExampleAction { input: ExampleInput }
impl LibraryAction for ExampleAction {
type Input = ExampleInput;
type Output = JobHandle;
fn from_input(input: ExampleInput) -> Result<Self, String> { Ok(Self { input }) }
async fn validate(&self, _lib: &Arc<Library>, _ctx: Arc<CoreContext>) -> Result<(), ActionError> {
if self.input.targets.paths.is_empty() {
return Err(ActionError::Validation { field: "targets".into(), message: "At least one target required".into() });
}
Ok(())
}
async fn execute(self, library: Arc<Library>, _ctx: Arc<CoreContext>) -> Result<Self::Output, ActionError> {
let job = /* build job from self.input */;
let handle = library.jobs().dispatch(job).await?;
Ok(handle)
}
fn action_kind(&self) -> &'static str { "example.run" }
}
crate::register_library_action!(ExampleAction, "example.run");
```
---
This guide reflects the current state of the action system. As we register additional actions (locations, volumes, media thumbnailing, library core actions), follow the same patterns for naming, inputs, validation, and registration.

109
docs/core/design/ACTIONS_REFACTOR.md
View File

@@ -1,109 +0,0 @@
# CLI Daemon Actions Refactoring Design Document
## Overview
This document outlines the plan to refactor CLI daemon handlers to properly use the action system for all state-mutating operations, while keeping read-only operations as direct queries.
## Principles
1. **Actions for State Mutations**: Any operation that modifies state (database, filesystem, job state) should go through the action system
2. **Direct Queries for Reads**: Read-only operations should remain as direct database queries or service calls
3. **Consistency**: Similar operations should follow similar patterns
4. **Audit Trail**: Actions provide built-in audit logging for all mutations
## Current State Analysis
### Operations Currently Using Actions
- `LocationAdd` - Uses `LocationAddAction`
- `LocationRemove` - Uses `LocationRemoveAction`
- `Copy` - Uses `FileCopyAction`
### Operations That Should Use Actions
#### Indexing Operations
- `IndexLocation` - Re-indexes an existing location
- `IndexAll` - Indexes all locations in a library
**Can use existing actions:**
- `IndexLocation` → Use existing `LocationIndexAction`
- `IndexAll` → Could create a new `LibraryIndexAllAction` or dispatch multiple `LocationIndexAction`s
### Operations That Should NOT Use Actions
These are read-only operations or ephemeral operations:
- `Browse` - Just reads filesystem without persisting
- `QuickScan` with `ephemeral: true` - Temporary scan, no persistence
- All List operations (`ListLibraries`, `ListLocations`, `ListJobs`)
- All Get operations (`GetJobInfo`, `GetCurrentLibrary`, `GetStatus`)
- `Ping` - Simple health check
### Operations to Remove
- `IndexPath` - Redundant with location-based indexing
- `QuickScan` with `ephemeral: false` - Should just use location add + index
## Implementation Plan
### Phase 1: Update File Handler
1. Remove `IndexPath` command entirely
2. Implement `IndexLocation` using `LocationIndexAction`
3. Implement `IndexAll` as either:
- New `LibraryIndexAllAction`, or
- Loop dispatching multiple `LocationIndexAction`s <- this one is my fav
4. Keep `Browse` as direct filesystem operation (no action)
5. Remove `QuickScan` command
### Phase 2: Cleanup
1. Remove unused imports and dead code
2. Update documentation
3. Add tests for new actions
## Benefits
1. **Consistency**: All state mutations go through the same system
2. **Auditability**: Every state change is logged
3. **Validation**: Actions validate inputs before execution
4. **Extensibility**: Easy to add pre/post processing to actions
5. **Testability**: Actions can be tested in isolation
## Migration Strategy
1. Implement one handler at a time
2. Keep existing functionality working during migration
3. Test each migrated handler thoroughly
4. Remove old code only after new code is verified
## Future Considerations
### Potential New Actions
> Yes lets make these!
- `LibraryRename` - Rename a library
- `LibraryExport` - Export library metadata
- `LocationRescan` - Currently using direct job dispatch, could be an action
- `DeviceRevoke` - Remove device from network (currently direct)
### Read-Only Operation Patterns
> We can handle this another time
Consider creating a consistent pattern for read operations:
- Standardized query builders
- Consistent error handling
- Pagination support where appropriate
## Success Metrics
1. All state-mutating operations use actions
2. No direct database modifications in handlers
3. Consistent error handling across all handlers
4. Clear separation between read and write operations
5. Improved testability of handlers

484
docs/core/design/ACTION_BUILDER_REFACTOR_PLAN.md
View File

@@ -1,484 +0,0 @@
# Action Builder Pattern Refactor Plan
## Overview
This refactor introduces a consistent builder pattern for Actions to handle CLI/API input parsing while maintaining domain ownership and type safety. This addresses the current inconsistency between Jobs (decentralized) and Actions (centralized enum) patterns.
## Current State Problems
1. **Input Handling Gap**: Actions need to convert raw CLI/API input to structured domain types
2. **Pattern Inconsistency**: Jobs use dynamic registration, Actions use central enum
3. **Validation Scattered**: No standardized validation approach for action construction
4. **CLI Integration Missing**: No clear path from CLI args to Action types
5. **Inefficient Job Dispatch**: Actions currently use `dispatch_by_name` with JSON serialization instead of direct job creation
## Goals
- Provide fluent builder API for all actions
- Standardize validation at build-time
- Enable seamless CLI/API integration
- Maintain domain ownership of input logic
- Keep serialization compatibility (ActionOutput enum needed like JobOutput)
- Eliminate inefficient `dispatch_by_name` usage in favor of direct job creation
## Implementation Plan
### Phase 1: Infrastructure Foundation
#### 1.1 Create Builder Traits (`src/infrastructure/actions/builder.rs`)
```rust
pub trait ActionBuilder {
type Action;
type Error: std::error::Error + Send + Sync + 'static;
fn build(self) -> Result<Self::Action, Self::Error>;
fn validate(&self) -> Result<(), Self::Error>;
}
pub trait CliActionBuilder: ActionBuilder {
type Args: clap::Parser;
fn from_cli_args(args: Self::Args) -> Self;
}
#[derive(Debug, thiserror::Error)]
pub enum ActionBuildError {
#[error("Validation errors: {0:?}")]
Validation(Vec<String>),
#[error("IO error: {0}")]
Io(#[from] std::io::Error),
#[error("Parse error: {0}")]
Parse(String),
#[error("Permission denied: {0}")]
Permission(String),
}
```
#### 1.2 Create ActionOutput Enum (`src/infrastructure/actions/output.rs`)
```rust
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(tag = "type", content = "data")]
pub enum ActionOutput {
/// Action completed successfully with no specific output
Success,
/// Library creation output
LibraryCreate {
library_id: Uuid,
name: String,
},
/// Library deletion output
LibraryDelete {
library_id: Uuid,
},
/// Folder creation output
FolderCreate {
folder_id: Uuid,
path: PathBuf,
},
/// File copy dispatch output (action just dispatches to job)
FileCopyDispatched {
job_id: Uuid,
sources_count: usize,
},
/// File delete dispatch output
FileDeleteDispatched {
job_id: Uuid,
targets_count: usize,
},
/// Location management outputs
LocationAdd {
location_id: Uuid,
path: PathBuf,
},
LocationRemove {
location_id: Uuid,
},
/// Generic output with custom data
Custom(serde_json::Value),
}
impl ActionOutput {
pub fn custom<T: Serialize>(data: T) -> Self {
Self::Custom(serde_json::to_value(data).unwrap_or(serde_json::Value::Null))
}
}
impl Default for ActionOutput {
fn default() -> Self {
Self::Success
}
}
```
#### 1.3 Update ActionHandler trait (`src/infrastructure/actions/handler.rs`)
```rust
#[async_trait]
pub trait ActionHandler: Send + Sync {
async fn validate(
&self,
context: Arc<CoreContext>,
action: &Action,
) -> ActionResult<()>;
async fn execute(
&self,
context: Arc<CoreContext>,
action: Action,
) -> ActionResult<ActionOutput>; // Change from ActionReceipt to ActionOutput
fn can_handle(&self, action: &Action) -> bool;
fn supported_actions() -> &'static [&'static str];
}
```
### Phase 2: Domain Builder Implementation
For each domain, implement the builder pattern following this template:
#### 2.1 File Copy Action Builder (`src/operations/files/copy/action.rs`)
```rust
pub struct FileCopyActionBuilder {
sources: Vec<PathBuf>,
destination: Option<PathBuf>,
options: CopyOptions,
errors: Vec<String>,
}
impl FileCopyActionBuilder {
pub fn new() -> Self { /* ... */ }
// Fluent API methods
pub fn sources<I, P>(mut self, sources: I) -> Self { /* ... */ }
pub fn source<P: Into<PathBuf>>(mut self, source: P) -> Self { /* ... */ }
pub fn destination<P: Into<PathBuf>>(mut self, dest: P) -> Self { /* ... */ }
pub fn overwrite(mut self, overwrite: bool) -> Self { /* ... */ }
pub fn verify_checksum(mut self, verify: bool) -> Self { /* ... */ }
pub fn preserve_timestamps(mut self, preserve: bool) -> Self { /* ... */ }
pub fn move_files(mut self) -> Self { /* ... */ }
// Validation methods
fn validate_sources(&mut self) { /* ... */ }
fn validate_destination(&mut self) { /* ... */ }
}
impl ActionBuilder for FileCopyActionBuilder {
type Action = FileCopyAction;
type Error = ActionBuildError;
fn validate(&self) -> Result<(), Self::Error> { /* ... */ }
fn build(self) -> Result<Self::Action, Self::Error> { /* ... */ }
}
#[derive(clap::Parser)]
pub struct FileCopyArgs {
pub sources: Vec<PathBuf>,
#[arg(short, long)]
pub destination: PathBuf,
#[arg(long)]
pub overwrite: bool,
#[arg(long)]
pub verify: bool,
#[arg(long, default_value = "true")]
pub preserve_timestamps: bool,
#[arg(long)]
pub move_files: bool,
}
impl CliActionBuilder for FileCopyActionBuilder {
type Args = FileCopyArgs;
fn from_cli_args(args: Self::Args) -> Self { /* ... */ }
}
// Convenience methods on the action
impl FileCopyAction {
pub fn builder() -> FileCopyActionBuilder { /* ... */ }
pub fn copy_file<S: Into<PathBuf>, D: Into<PathBuf>>(source: S, dest: D) -> FileCopyActionBuilder { /* ... */ }
pub fn copy_files<I, P, D>(sources: I, dest: D) -> FileCopyActionBuilder { /* ... */ }
}
```
#### 2.2 Domain Handler Updates
Update each action handler to return `ActionOutput` instead of `ActionReceipt` and use direct job dispatch:
```rust
impl ActionHandler for FileCopyHandler {
async fn execute(
&self,
context: Arc<CoreContext>,
action: Action,
) -> ActionResult<ActionOutput> {
if let Action::FileCopy { library_id, action } = action {
// Create job instance directly (no JSON roundtrip)
let sources = action.sources
.into_iter()
.map(|path| SdPath::local(path))
.collect();
let job = FileCopyJob::new(
SdPathBatch::new(sources),
SdPath::local(action.destination)
).with_options(action.options);
// Dispatch job directly
let job_handle = library.jobs().dispatch(job).await?;
// Return action output instead of receipt
Ok(ActionOutput::FileCopyDispatched {
job_id: job_handle.id(),
sources_count: action.sources.len(),
})
} else {
Err(ActionError::InvalidActionType)
}
}
}
```
### Phase 3: CLI Integration
#### 3.1 Create CLI Action Router (`src/infrastructure/actions/cli.rs`)
```rust
pub struct ActionCliRouter;
impl ActionCliRouter {
pub fn route_and_build(command: &str, args: Vec<String>) -> Result<Action, ActionBuildError> {
match command {
"copy" => {
let args = FileCopyArgs::try_parse_from(args)?;
let action = FileCopyActionBuilder::from_cli_args(args).build()?;
Ok(Action::FileCopy {
library_id: get_current_library_id()?,
action
})
}
"delete" => {
let args = FileDeleteArgs::try_parse_from(args)?;
let action = FileDeleteActionBuilder::from_cli_args(args).build()?;
Ok(Action::FileDelete {
library_id: get_current_library_id()?,
action
})
}
// ... other commands
_ => Err(ActionBuildError::Parse(format!("Unknown command: {}", command)))
}
}
}
```
#### 3.2 Update CLI Binary (`src/bin/cli.rs`)
```rust
#[derive(clap::Parser)]
enum Commands {
Copy(FileCopyArgs),
Delete(FileDeleteArgs),
// ... other commands
}
async fn main() -> Result<()> {
let cli = Cli::parse();
let action = match cli.command {
Commands::Copy(args) => {
let library_id = get_current_library_id()?;
let action = FileCopyActionBuilder::from_cli_args(args).build()?;
Action::FileCopy { library_id, action }
}
Commands::Delete(args) => {
let library_id = get_current_library_id()?;
let action = FileDeleteActionBuilder::from_cli_args(args).build()?;
Action::FileDelete { library_id, action }
}
// ...
};
let context = create_core_context().await?;
let output = context.action_manager().execute(action).await?;
println!("{}", output); // ActionOutput implements Display
Ok(())
}
```
### Phase 4: API Integration
#### 4.1 Create API Action Parser (`src/infrastructure/actions/api.rs`)
```rust
pub struct ActionApiParser;
impl ActionApiParser {
pub fn parse_request(
action_type: &str,
params: serde_json::Value,
library_id: Option<Uuid>
) -> Result<Action, ActionBuildError> {
match action_type {
"file.copy" => {
let mut builder = FileCopyActionBuilder::new();
if let Some(sources) = params.get("sources").and_then(|v| v.as_array()) {
let sources: Result<Vec<PathBuf>, _> = sources
.iter()
.map(|v| v.as_str().ok_or("Invalid source").map(PathBuf::from))
.collect();
builder = builder.sources(sources?);
}
if let Some(dest) = params.get("destination").and_then(|v| v.as_str()) {
builder = builder.destination(dest);
}
if let Some(overwrite) = params.get("overwrite").and_then(|v| v.as_bool()) {
builder = builder.overwrite(overwrite);
}
let action = builder.build()?;
Ok(Action::FileCopy {
library_id: library_id.ok_or_else(|| ActionBuildError::Parse("Library ID required".into()))?,
action
})
}
// ... other action types
_ => Err(ActionBuildError::Parse(format!("Unknown action type: {}", action_type)))
}
}
}
```
### Phase 5: Testing Updates
#### 5.1 Builder Tests (`src/operations/files/copy/action.rs`)
```rust
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_builder_fluent_api() {
let action = FileCopyAction::builder()
.sources(["/src/file1.txt", "/src/file2.txt"])
.destination("/dest/")
.overwrite(true)
.verify_checksum(true)
.build()
.unwrap();
assert_eq!(action.sources.len(), 2);
assert_eq!(action.destination, PathBuf::from("/dest/"));
assert!(action.options.overwrite);
assert!(action.options.verify_checksum);
}
#[test]
fn test_builder_validation() {
let result = FileCopyAction::builder()
.sources(Vec::<PathBuf>::new()) // Empty sources should fail
.destination("/dest/")
.build();
assert!(result.is_err());
match result.unwrap_err() {
ActionBuildError::Validation(errors) => {
assert!(errors.iter().any(|e| e.contains("At least one source")));
}
_ => panic!("Expected validation error"),
}
}
#[test]
fn test_cli_integration() {
let args = FileCopyArgs {
sources: vec!["/src/file.txt".into()],
destination: "/dest/".into(),
overwrite: true,
verify: false,
preserve_timestamps: true,
move_files: false,
};
let action = FileCopyActionBuilder::from_cli_args(args).build().unwrap();
assert_eq!(action.sources, vec![PathBuf::from("/src/file.txt")]);
assert_eq!(action.destination, PathBuf::from("/dest/"));
assert!(action.options.overwrite);
}
}
```
#### 5.2 Integration Tests (`tests/action_builder_test.rs`)
```rust
#[tokio::test]
async fn test_action_execution_with_builder() {
let context = create_test_context().await;
let action = FileCopyAction::builder()
.source("/test/source.txt")
.destination("/test/dest.txt")
.overwrite(true)
.build()
.unwrap();
let full_action = Action::FileCopy {
library_id: test_library_id(),
action,
};
let output = context.action_manager().execute(full_action).await.unwrap();
match output {
ActionOutput::FileCopyDispatched { job_id, sources_count } => {
assert_eq!(sources_count, 1);
assert!(!job_id.is_nil());
}
_ => panic!("Expected FileCopyDispatched output"),
}
}
```
## Migration Steps
1. **Create infrastructure** (Phase 1)
2. **Implement FileCopyActionBuilder** as proof of concept
3. **Update FileCopyHandler** to use ActionOutput
4. **Test CLI integration** with file copy
5. **Implement remaining domain builders** (FileDelete, LocationAdd, etc.)
6. **Update all handlers** to use ActionOutput
7. **Complete CLI integration** for all actions
8. **Add API integration**
9. **Update tests** throughout
## Benefits
- **Type Safety**: Build-time validation prevents invalid actions
- **Fluent API**: Easy to use programmatically and from CLI/API
- **Domain Ownership**: Each domain controls its input logic
- **Consistency**: Matches job pattern for serialization needs
- **Extensibility**: Easy to add new actions without infrastructure changes
- **CLI/API Ready**: Direct integration path from external inputs
- **Performance**: Eliminates JSON serialization overhead from `dispatch_by_name`
- **Direct Job Creation**: Actions create job instances directly for better type safety and efficiency
## Backwards Compatibility
- Existing `Action` enum structure remains unchanged
- Current action handlers work with minor output type changes
- Builders are additive - existing construction methods still work
- Migration can be done incrementally, domain by domain

294
docs/core/design/ACTION_SYSTEM_DESIGN.md
View File

@@ -1,294 +0,0 @@
Of course. Here is the revised design document, incorporating the more modular Action Handler pattern and a clear explanation of how parameters are passed into the system.
---
# Design Document: Action System & Audit Log (Revision 2)
This document outlines the design for a new **Action System** and **Audit Log**. This system introduces a centralized, robust, and extensible layer for handling all user-initiated operations, serving as the primary integration point for the CLI and future APIs. This revised design prioritizes modularity and scalability.
---
## 1\. High-Level Architecture
The architecture is built around a central **`ActionManager`** that acts as a router. Client requests are translated into a specific `Action` enum and dispatched. The manager then uses a **`ActionRegistry`** to find the appropriate **`ActionHandler`** to execute the logic. This ensures that each action's implementation is self-contained.
Every action dispatched, whether it's a long-running job or an immediate operation, creates an entry in the **`AuditLog`** to provide a clean, user-facing history of events.
### Data and Logic Flow
```mermaid
graph TD
subgraph Client Layer
A[CLI / API]
end
subgraph Core Logic
B(ActionManager)
C{ActionRegistry}
D[ActionHandler Trait]
E[JobManager]
F[AuditLog]
end
subgraph Database
G(Library DB)
H(Jobs DB)
end
A -- "1. Dispatch(Action)" --> B
B -- "2. Lookup Handler" --> C
C -- "3. Selects appropriate" --> D
B -- "4. Executes Handler" --> D
D -- "5a. Dispatches Job" --> E
E -- "Runs Job" --> H
D -- "5b. Creates Record" --> F
F -- "Stored in" --> G
```
---
## 2\. The Action System
The Action System is designed to be highly modular to accommodate future growth. [cite\_start]It avoids a single, monolithic `match` statement by using a trait-based handler pattern, similar to the existing `JobRegistry`[cite: 2259].
It will live in a new module: **`src/operations/actions/`**.
### The `Action` Enum
This enum defines the "what" of an operation. It's a type-safe contract between the client layer and the core.
**File: `src/operations/actions/mod.rs`**
```rust
use crate::shared::types::SdPath;
use serde::{Deserialize, Serialize};
use std::path::PathBuf;
use uuid::Uuid;
// ... Action-specific option structs (CopyOptions, DeleteOptions, etc.)
/// Represents a user-initiated action within Spacedrive.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum Action {
// Job-based actions
FileCopy {
sources: Vec<SdPath>,
destination: SdPath,
options: CopyOptions,
},
// Direct (non-job) actions
LibraryCreate {
name: String,
path: Option<PathBuf>,
},
// Hybrid actions (direct action that dispatches a job)
LocationAdd {
library_id: Uuid,
path: PathBuf,
name: Option<String>,
mode: IndexMode, // Assuming IndexMode enum exists
},
}
impl Action {
/// Returns a string identifier for the action type.
pub fn kind(&self) -> &'static str {
match self {
Action::FileCopy { .. } => "file.copy",
Action::LibraryCreate { .. } => "library.create",
Action::LocationAdd { .. } => "location.add",
}
}
}
```
### The Action Handler Pattern
To ensure scalability, each action's logic is encapsulated in its own handler.
#### a. `ActionHandler` Trait
This trait defines the contract for all action handlers.
**File: `src/operations/actions/handler.rs`**
```rust
#[async_trait]
pub trait ActionHandler: Send + Sync {
/// Executes the action.
async fn execute(&self, context: Arc<CoreContext>, action: Action) -> Result<ActionReceipt, ActionError>;
}
```
#### b. Concrete Handler Implementation
Here is an example for a direct, non-job action.
**File: `src/operations/actions/handlers/library_create.rs`**
```rust
pub struct LibraryCreateHandler;
#[async_trait]
impl ActionHandler for LibraryCreateHandler {
async fn execute(&self, context: Arc<CoreContext>, action: Action) -> Result<ActionReceipt, ActionError> {
if let Action::LibraryCreate { name, path } = action {
let library_manager = &context.library_manager;
let new_library = library_manager.create_library(name, path).await?;
Ok(ActionReceipt {
job_handle: None, // No job was created
result_payload: Some(serde_json::json!({ "library_id": new_library.id() })),
})
} else {
Err(ActionError::InvalidActionType)
}
}
}
```
### The `ActionManager` and `ActionRegistry`
The `ActionManager` becomes a simple router. [cite\_start]It uses an `ActionRegistry` (which would be populated automatically using the `inventory` crate, just like the `JobRegistry` [cite: 2259]) to find and execute the correct handler.
**File: `src/operations/actions/manager.rs`**
```rust
pub struct ActionManager {
context: Arc<CoreContext>,
registry: ActionRegistry, // Contains HashMap of action "kind" -> handler
}
impl ActionManager {
pub async fn dispatch(&self, library_id: Uuid, action: Action) -> Result<ActionReceipt, ActionError> {
// 1. (Future) Permissions check would go here
// 2. Find the correct handler in the registry
let handler = self.registry.get(action.kind())
.ok_or(ActionError::ActionNotRegistered)?;
// 3. Create the initial AuditLog entry
let audit_entry = self.create_audit_log(library_id, &action).await?;
// 4. Execute the handler
let result = handler.execute(self.context.clone(), action).await;
// 5. Update the audit log with the final status and return
self.finalize_audit_log(audit_entry, &result).await?;
result
}
// ... private helper methods ...
}
```
---
## 3\. The Audit Log Data Model
The `AuditLog` provides a high-level, human-readable history of actions. It is stored in the library's main database.
**File: `src/infrastructure/database/entities/audit_log.rs`**
```rust
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, PartialEq, Eq, DeriveEntityModel, Serialize, Deserialize)]
#[sea_orm(table_name = "audit_log")]
pub struct Model {
#[sea_orm(primary_key)]
pub id: i32,
#[sea_orm(unique)]
pub uuid: Uuid,
#[sea_orm(indexed)]
pub action_type: String,
#[sea_orm(indexed)]
pub actor_device_id: Uuid,
#[sea_orm(column_type = "Json")]
pub targets: Json, // Summary of action targets
#[sea_orm(indexed)]
pub status: ActionStatus,
// This is optional because not all actions create jobs.
#[sea_orm(indexed, nullable)]
pub job_id: Option<Uuid>,
pub created_at: DateTimeUtc,
pub completed_at: Option<DateTimeUtc>,
}
#[derive(Debug, Clone, PartialEq, Eq, EnumIter, DeriveActiveEnum, Serialize, Deserialize)]
#[sea_orm(rs_type = "String", db_type = "Text")]
pub enum ActionStatus {
#[sea_orm(string_value = "in_progress")]
InProgress,
#[sea_orm(string_value = "completed")]
Completed,
#[sea_orm(string_value = "failed")]
Failed,
}
// ... Relations and ActiveModelBehavior ...
```
A new database migration will be added to create this table.
---
## 4\. Client Integration & Parameter Handling
A key responsibility of the client layer (CLI, API) is to translate raw user input into the strongly-typed `Action` enum.
Here is the data flow for passing parameters like `SdPathBatch`:
1. **User Input**: The user provides raw strings to the client.
```bash
spacedrive copy "/path/to/fileA.txt" "/path/to/fileB.txt" --dest "/path/to/destination/"
```
2. **CLI/API Parsing**: The client's argument parser (`clap` for the CLI) converts these strings into basic Rust types (`Vec<PathBuf>`).
3. **Command Handler Logic**: The handler function (e.g., in `src/infrastructure/cli/commands.rs`) converts these basic types into the rich domain types required by the `Action`.
**`src/infrastructure/cli/commands.rs`**
```rust
async fn handle_copy_command(
action_manager: &ActionManager,
library_id: Uuid,
source_paths: Vec<PathBuf>, // <-- from clap
dest_path: PathBuf, // <-- from clap
) -> Result<()> {
// 1. Convert local paths into `SdPath` objects.
let sd_sources: Vec<SdPath> = source_paths
.into_iter()
[cite_start].map(SdPath::local) // Creates an SdPath with the current device's ID [cite: 515]
.collect();
// 2. Construct the final, strongly-typed Action enum.
let copy_action = Action::FileCopy {
sources: sd_sources,
destination: SdPath::local(dest_path),
options: CopyOptions::default(),
};
// 3. Dispatch the complete Action object.
match action_manager.dispatch(library_id, copy_action).await {
Ok(receipt) => { /* ... */ },
Err(e) => { /* ... */ },
}
Ok(())
}
```
This process ensures that the core `ActionManager` always receives a valid, type-safe `Action`, and the client layer handles the responsibility of parsing and validation.

183
docs/core/design/API_COMPARISON.md
View File

@@ -1,183 +0,0 @@
# GraphQL API with async-graphql
Spacedrive's new API uses GraphQL with full type safety from Rust to TypeScript.
## Type Safety Comparison
### rspc (Old Approach)
```rust
// Backend
rspc::router! {
pub async fn create_library(name: String) -> Result<Library> {
// implementation
}
}
```
```typescript
// Frontend - custom generated types
const library = await client.mutation(['create_library', name]);
```
### async-graphql (New Approach)
```rust
// Backend
#[Object]
impl Mutation {
async fn create_library(&self, input: CreateLibraryInput) -> Result<LibraryType> {
// implementation
}
}
```
```typescript
// Frontend - standard GraphQL with full types
const { data } = await createLibrary({
variables: { input: { name: "My Library" } }
});
```
## Advantages of async-graphql
### 1. **Better Tooling**
- GraphQL Playground for API exploration
- Apollo DevTools for debugging
- VSCode extensions with autocomplete
- Postman/Insomnia support out of the box
### 2. **Flexible Queries**
```graphql
# Frontend can request exactly what it needs
query GetLibrary($id: UUID!) {
library(id: $id) {
name
# Only fetch heavy statistics if needed
statistics {
totalFiles
totalSize
}
}
}
```
### 3. **Built-in Features**
- Field-level permissions
- Automatic N+1 query prevention with DataLoader
- Built-in introspection
- Subscriptions for real-time updates
### 4. **Type Generation**
```bash
# Simple command generates all TypeScript types
npm run graphql-codegen
# Generates:
# - Types for all queries/mutations
# - React hooks
# - Full TypeScript interfaces
```
### 5. **Better Error Handling**
```graphql
mutation CreateLibrary($input: CreateLibraryInput!) {
createLibrary(input: $input) {
... on Library {
id
name
}
... on LibraryError {
code
message
field
}
}
}
```
## Migration Benefits
| Feature | rspc | async-graphql |
|---------|------|---------------|
| **Type Safety** | Custom | Industry Standard |
| **Tooling** | Limited | Extensive |
| **Community** | Abandoned | Active |
| **Learning Curve** | Custom API | Standard GraphQL |
| **Code Generation** | Custom | graphql-codegen |
| **Real-time** | Custom | Subscriptions |
| **File Upload** | Custom | Multipart spec |
| **Caching** | Manual | Apollo Cache |
## Example: Full Type Safety Flow
### 1. Define in Rust
```rust
#[derive(SimpleObject)]
struct LibraryType {
id: Uuid,
name: String,
#[graphql(deprecation = "Use statistics.totalFiles")]
file_count: i64,
}
```
### 2. Auto-generated TypeScript
```typescript
export interface Library {
id: string;
name: string;
/** @deprecated Use statistics.totalFiles */
fileCount: number;
}
```
### 3. Use in Frontend
```typescript
// Full autocomplete and type checking
const { data } = useGetLibraryQuery({
variables: { id: libraryId }
});
// TypeScript knows exactly what fields are available
console.log(data.library.name); // ✅
console.log(data.library.invalid); // Type error!
```
## Performance Benefits
### Batching & Caching
```typescript
// Apollo Client automatically batches and caches
const MultipleLibraryComponent = () => {
// These are automatically batched into one request
const lib1 = useGetLibraryQuery({ variables: { id: id1 } });
const lib2 = useGetLibraryQuery({ variables: { id: id2 } });
const lib3 = useGetLibraryQuery({ variables: { id: id3 } });
};
```
### Optimistic Updates
```typescript
const [createLibrary] = useCreateLibraryMutation({
optimisticResponse: {
createLibrary: {
id: 'temp-id',
name: input.name,
__typename: 'Library'
}
},
update: (cache, { data }) => {
// UI updates immediately, rolls back on error
}
});
```
## Conclusion
While rspc provided type safety, async-graphql gives us:
- **Industry standard** that developers already know
- **Better tooling** and ecosystem
- **Active maintenance** and updates
- **More features** out of the box
- **Same level of type safety** with better DX
The migration from rspc to GraphQL modernizes the API while maintaining the type safety that Spacedrive requires.

552
docs/core/design/API_DESIGN.md
View File

@@ -1,552 +0,0 @@
# Design Doc: Spacedrive Architecture v2
**Authors:** Gemini, jamespine
**Date:** 2025-09-08
**Status:** **Active**
## 1\. Abstract
This document proposes a significant refactoring of the Spacedrive `Core` engine's API. The goal is to establish a formal, scalable, and modular API boundary that enhances the existing strengths of the codebase.
The proposed architecture will:
1. **Formalize the API using a CQRS (Command Query Responsibility Segregation) pattern**. We will introduce distinct `Action` (write) and `Query` (read) traits.
2. **Define the `Core` API as a collection of self-contained, modular operations**, rather than a monolithic enum. Each operation will be its own discoverable and testable unit.
3. **Provide a generic `Core::execute_action` and `Core::execute_query` method**, using Rust's trait system to create a type-safe and extensible entry point into the engine.
This design provides a robust foundation for all client applications (GUI, CLI, GraphQL), ensuring consistency, maintainability, and scalability.
---
## 2\. Motivation
After analyzing the current codebase, we've discovered that Spacedrive already has a sophisticated and well-designed action system:
**Existing Strengths:**
- **Modular Action System:** Individual action structs in dedicated `ops/` modules (e.g., `LibraryCreateAction`, `FileCopyAction`)
- **Robust Infrastructure:** `ActionManager` with audit logging, validation, and error handling
- **Type Safety:** Strong typing with proper validation and output types
- **Clean Separation:** Each operation is self-contained with its own handler
**Real Problems to Address:**
- **Missing Query Operations:** No formal system for read-only operations (browsing, searching, listing)
- **CLI-Daemon Coupling:** CLI tightly coupled to `DaemonCommand` enum instead of using Core API directly
- **Inconsistent API Surface:** Actions go through ActionManager, but other operations are ad-hoc
- **No Unified Entry Point:** Multiple ways to interact with Core instead of consistent interface
- **Centralized ActionOutput Enum:** Breaks modularity - every new action requires modifying central infrastructure
- **Inefficient Output Conversion:** JSON serialization round-trips through `ActionOutput::from_trait()`
The new proposal builds upon the existing excellent action foundation while addressing these real gaps and achieving true modularity.
---
## 3\. Proposed Design: Enhanced CQRS API
The design enhances the existing action system by adding formal query operations and a unified API surface, following the **CQRS** pattern for absolute clarity between reads and writes.
### 3.1. Modular Command System (for Writes/Mutations)
The existing action system provides excellent foundations, but suffers from a centralized `ActionOutput` enum that breaks modularity. We'll implement a truly modular approach inspired by the successful Job system architecture.
**Key Insight**: The Job system already does this right - each job defines its own output type (`ThumbnailOutput`, `IndexerOutput`) and implements `Into<JobOutput>` only when needed for serialization.
- **Modular Command Trait**:
```rust
/// A command that mutates system state with modular output types.
pub trait Command {
/// The output after the command succeeds (owned by the operation module).
type Output: Send + Sync + 'static;
/// Execute this command directly, returning its native output type.
async fn execute(self, context: Arc<CoreContext>) -> Result<Self::Output>;
}
```
- **Direct Execution (No Central Enum)**:
```rust
/// Execute any command directly through ActionManager, preserving type safety.
pub async fn execute_command<C: Command>(
command: C,
context: Arc<CoreContext>,
) -> Result<C::Output> {
// Direct execution - no ActionOutput enum conversion!
command.execute(context).await
}
```
- **Zero Boilerplate Implementation**:
```rust
// Existing action struct in: core/src/ops/libraries/create/action.rs
impl Command for LibraryCreateAction {
type Output = LibraryCreateOutput; // Owned by this module!
async fn execute(self, context: Arc<CoreContext>) -> Result<Self::Output> {
// Delegate to existing ActionManager for audit logging, validation, etc.
let library_manager = &context.library_manager;
let library = library_manager.create_library(self.name, self.path, context).await?;
// Return native output type directly
Ok(LibraryCreateOutput::new(
library.id(),
library.name().await,
library.path().to_path_buf(),
))
}
}
```
- **Optional Serialization Layer**:
For cases requiring type erasure (daemon IPC, GraphQL), provide optional conversion:
```rust
// Only implement when serialization is needed
impl From<LibraryCreateOutput> for SerializableOutput {
fn from(output: LibraryCreateOutput) -> Self {
SerializableOutput::LibraryCreate(output)
}
}
```
### 3.2. New Query System (for Reads)
This is the major addition - a formal system for read-only operations that mirrors the design and benefits of the existing `ActionManager`. It will be the single entry point for all read operations, allowing us to implement cross-cutting concerns like validation, permissions, and logging for every query in the system.
- **Query Trait**:
```rust
/// A request that retrieves data without mutating state.
pub trait Query {
/// The data structure returned by the query.
type Output;
}
```
- **QueryHandler Trait**:
```rust
/// Any struct that knows how to resolve a query will implement this trait.
pub trait QueryHandler<Q: Query> {
/// Validates the query input and checks permissions.
async fn validate(&self, core: &Core, query: &Q) -> Result<()>;
/// Executes the query and returns the result.
async fn execute(&self, core: &Core, query: Q) -> Result<Q::Output>;
}
```
- **QueryManager**:
The `QueryManager` will use a registry to look up the correct `QueryHandler` for any given `Query` struct. Its `dispatch` method will orchestrate the entire process.
```rust
pub struct QueryManager {
registry: QueryRegistry, // Maps Query types to their handlers
}
impl QueryManager {
pub async fn dispatch<Q: Query>(&self, core: &Core, query: Q) -> Result<Q::Output> {
// 1. Look up the handler for this specific query type.
let handler = self.registry.get_handler_for::<Q>()?;
// 2. Run validation and permission checks.
handler.validate(core, &query).await?;
// 3. (Optional) Add audit logging for the read operation.
// log::info!("User X is querying Y...");
// 4. Execute the query.
handler.execute(core, query).await
}
}
```
### 3.3. Enhanced Core Interface
The `Core` engine exposes a unified API that delegates to the appropriate systems, keeping the `Core` itself clean.
```rust
// In: core/src/lib.rs
impl Core {
/// Execute a command using the enhanced CQRS API.
pub async fn execute_command<C: Command>(&self, command: C) -> Result<C::Output> {
execute_command(command, self.context.clone()).await
}
/// Execute a query using the enhanced CQRS API.
pub async fn execute_query<Q: Query>(&self, query: Q) -> Result<Q::Output> {
query.execute(self.context.clone()).await
}
}
```
---
## 4\. Client Integration Strategy
The strategy focuses on **decoupling the CLI from the daemon** while preserving the existing, working action infrastructure.
### 4.1. CLI Refactoring Strategy
The **CLI** should be refactored to use the Core API directly instead of going through the daemon for most operations. The daemon becomes optional infrastructure for background services.
**Current Architecture:**
```
CLI → DaemonCommand → Daemon → ActionManager → Action Handlers
```
**Target Architecture:**
```
CLI → Core API (execute_action/execute_query) → Action/Query Handlers
Daemon → Core API (same interface, used for background services)
```
- **Migration Approach:**
```rust
// CURRENT: CLI sends commands to daemon
let command = DaemonCommand::CreateLibrary { name: "Photos".to_string() };
daemon_client.send_command(command).await?;
// TARGET: CLI uses Core API directly
let command = LibraryCreateAction { name: "Photos".to_string(), path: None };
let result = core.execute_command(command).await?;
println!("Library created with ID: {}", result.library_id);
```
### 4.2. Daemon Role Evolution
The **daemon** evolves from a command processor to a **background service coordinator**. Most CLI operations will bypass the daemon entirely.
**New Daemon Responsibilities:**
1. **Background Services:** Long-running operations (indexing, file watching, networking)
2. **Multi-Client Coordination:** When multiple clients need to share state
3. **Resource Management:** Managing expensive resources (database connections, file locks)
4. **Optional IPC:** For GUI clients that prefer daemon-mediated access
**Simplified Daemon Logic:**
```rust
// Daemon becomes a thin wrapper around Core
impl DaemonHandler {
async fn handle_request(&self, request: DaemonRequest) -> DaemonResponse {
match request {
DaemonRequest::Command(command) => {
let result = self.core.execute_command(command).await;
DaemonResponse::CommandResult(result)
}
DaemonRequest::Query(query) => {
let result = self.core.execute_query(query).await;
DaemonResponse::QueryResult(result)
}
}
}
}
```
### 4.3. GraphQL Server Integration
The **GraphQL server** is a new, first-class client of the `Core` engine. The CQRS model maps perfectly to its structure.
- **GraphQL Queries**: Resolvers will construct and execute `Query` structs via `core.execute_query()`.
- **GraphQL Mutations**: Resolvers will construct and execute `Command` structs via `core.execute_command()`.
This allows the GraphQL layer to be a flexible composer of modular backend operations without needing any special logic or "god object" queries in the `Core`.
**Example GraphQL Resolvers:**
```rust
// In: apps/graphql/src/resolvers.rs
// Query resolver
async fn resolve_objects(core: &Core, parent_id: Uuid) -> Result<Vec<Entry>> {
let query = GetDirectoryContentsQuery {
parent_id: Some(parent_id),
// ... other options
};
core.execute_query(query).await
}
// Mutation resolver
async fn create_library(core: &Core, name: String, path: Option<PathBuf>) -> Result<LibraryCreateOutput> {
let command = LibraryCreateAction { name, path };
core.execute_command(command).await
}
```
---
## 5\. Benefits of this Enhanced Design
- **Preserves Existing Investment:** Builds upon the excellent existing action system rather than replacing it
- **True Modularity:** Each operation owns its output type completely - no central enum dependencies
- **Zero Boilerplate:** Single `execute()` method per command - no conversion functions needed
- **Adds Missing Functionality:** Introduces formal query operations that were previously ad-hoc
- **Reduces CLI-Daemon Coupling:** CLI can work directly with Core API, making daemon optional
- **Maintains All Benefits:** Preserves audit logging, validation, error handling from existing ActionManager
- **Type-Safe Query System:** Brings the same type safety to read operations that actions already have
- **Unified API Surface:** Single entry point (`execute_command`/`execute_query`) for all clients
- **Backward Compatibility:** Existing code continues to work unchanged during migration
- **Performance:** Direct type returns - no JSON serialization round-trips
- **Consistency:** Matches the successful Job system pattern
# Revised Implementation Plan
## **Phase 1: Add CQRS Traits (Zero Risk)**
Add the trait definitions that will work alongside the existing action system, without changing any existing code.
1. **Define the Enhanced Modular Traits:**
```rust
// core/src/cqrs.rs
use anyhow::Result;
use std::sync::Arc;
use crate::context::CoreContext;
/// Modular command trait - no central enum dependencies
pub trait Command {
type Output: Send + Sync + 'static;
/// Execute this command directly, returning native output type
async fn execute(self, context: Arc<CoreContext>) -> Result<Self::Output>;
}
/// Generic execution function - simple passthrough
pub async fn execute_command<C: Command>(
command: C,
context: Arc<CoreContext>,
) -> Result<C::Output> {
// Direct execution - no ActionOutput enum conversion!
command.execute(context).await
}
/// New query trait for read operations
pub trait Query {
type Output: Send + Sync + 'static;
/// Execute this query
async fn execute(self, context: Arc<CoreContext>) -> Result<Self::Output>;
}
```
2. **Add Core API Methods:**
```rust
// core/src/lib.rs - add to existing Core impl
impl Core {
/// Execute command using new trait (delegates to existing ActionManager)
pub async fn execute_command<C: Command>(&self, command: C) -> Result<C::Output> {
execute_command(command, self.context.clone()).await
}
/// Execute query using new system
pub async fn execute_query<Q: Query>(&self, query: Q) -> Result<Q::Output> {
query.execute(self.context.clone()).await
}
}
```
**Outcome:** New API exists alongside current system. Zero breaking changes.
---
## **Phase 2: Implement Modular Command Trait (Low Risk)**
Implement the modular Command trait for existing LibraryCreateAction with zero boilerplate.
1. **Implement Modular Command Trait:**
```rust
// core/src/ops/libraries/create/action.rs - add to existing file
use crate::cqrs::Command;
impl Command for LibraryCreateAction {
type Output = LibraryCreateOutput; // Native output type - no enum!
async fn execute(self, context: Arc<CoreContext>) -> Result<Self::Output> {
// Delegate to existing business logic while preserving audit logging
let library_manager = &context.library_manager;
let library = library_manager.create_library(self.name, self.path, context).await?;
// Return native output directly - no ActionOutput conversion!
Ok(LibraryCreateOutput::new(
library.id(),
library.name().await,
library.path().to_path_buf(),
))
}
}
```
2. **Test the Integration:**
```rust
// Test both paths work
let command = LibraryCreateAction { name: "Test".to_string(), path: None };
// Old way (still works through ActionManager)
let action = crate::infra::action::Action::LibraryCreate(command.clone());
let old_result = action_manager.dispatch(action).await?;
// New way (direct, type-safe, zero boilerplate)
let new_result: LibraryCreateOutput = core.execute_command(command).await?;
```
**Outcome:** LibraryCreateAction works through both old and new APIs with zero boilerplate and true modularity.
---
## **Phase 3: Create Query System (Medium Risk)**
Add the first query operations to demonstrate the read-only system.
1. **Create First Query:**
```rust
// core/src/ops/libraries/list/query.rs (new file)
use crate::cqrs::Query;
pub struct ListLibrariesQuery {
pub include_stats: bool,
}
pub struct LibraryInfo {
pub id: Uuid,
pub name: String,
pub path: PathBuf,
pub stats: Option<LibraryStats>,
}
impl Query for ListLibrariesQuery {
type Output = Vec<LibraryInfo>;
async fn execute(self, context: Arc<CoreContext>) -> Result<Self::Output> {
let libraries = context.library_manager.list().await;
let mut result = Vec::new();
for lib in libraries {
let stats = if self.include_stats {
Some(lib.get_stats().await?)
} else {
None
};
result.push(LibraryInfo {
id: lib.id(),
name: lib.name().await,
path: lib.path().to_path_buf(),
stats,
});
}
Ok(result)
}
}
```
**Outcome:** Query system exists and can be used alongside actions.
---
## **Phase 4: CLI Direct Integration (High Value)**
Refactor CLI to use Core API directly, reducing daemon dependency.
1. **CLI Architecture Change:**
```rust
// Current: CLI → Daemon → Core
// Target: CLI → Core (daemon optional)
// apps/cli/src/main.rs (conceptual)
pub async fn run_cli() -> Result<()> {
// Initialize Core directly in CLI
let core = Core::new_with_config(data_dir).await?;
match cli_args.command {
Command::CreateLibrary { name } => {
let command = LibraryCreateAction { name, path: None };
let result = core.execute_command(command).await?;
println!("Created library: {}", result.library_id);
}
Command::ListLibraries => {
let query = ListLibrariesQuery { include_stats: true };
let libraries = core.execute_query(query).await?;
display_libraries(libraries);
}
}
}
```
2. **Gradual Migration:**
- Start with read-only commands (list, status, info)
- Move to simple actions (create, rename)
- Keep complex operations daemon-mediated initially
**Outcome:** CLI becomes independent, daemon becomes optional infrastructure.
---
## **Phase 5: Complete Query System & GraphQL**
Finish the query system and build GraphQL server as proof of unified API.
1. **Complete Query Coverage:**
- File browsing queries
- Search queries
- Status/info queries
- Statistics queries
2. **GraphQL Server:**
- Uses same `execute_command`/`execute_query` interface
- Demonstrates API consistency across clients
- Provides web-friendly interface
**Outcome:** Full CQRS API with multiple client types proving the design.
---
## **Implementation Status**
### **Completed: Phases 1 & 2**
**Phase 1: CQRS Traits (Complete)**
- Added `Command` trait with minimal boilerplate (only 2 methods required)
- Added `Query` trait for read operations
- Created generic `execute_command()` function that handles all ActionManager integration
- Added unified Core API methods: `execute_command()` and `execute_query()`
- Zero breaking changes - existing code continues to work
**Phase 2: Command Implementation (Complete)**
- Implemented `Command` trait for `LibraryCreateAction`
- Verified both old and new API paths work correctly
- All existing ActionManager benefits preserved (audit logging, validation, error handling)
### **Next Steps: Phases 3-5**
The foundation is solid and ready for:
- **Phase 3:** Query system implementation
- **Phase 4:** CLI direct integration
- **Phase 5:** Complete query coverage and GraphQL server
### **Key Improvements Made**
1. **True Modularity:** Each operation owns its output type - no central enum dependencies
2. **Zero Boilerplate:** Single `execute()` method per command - no conversion functions
3. **Performance:** Direct type returns - no JSON serialization round-trips
4. **Clear Naming:** `Command` trait avoids confusion with existing `Action` enum
5. **Type Safety:** Native output types throughout - no enum pattern matching
6. **Consistency:** Matches the successful Job system architecture pattern

708
docs/core/design/API_INFRASTRUCTURE_REORGANIZATION.md
View File

@@ -1,708 +0,0 @@
# API Infrastructure Reorganization
**Status**: RFC / Design Document
**Author**: AI Assistant with James Pine
**Date**: 2025-01-07
**Version**: 1.0
## Executive Summary
This document proposes a reorganization of Spacedrive's API infrastructure to improve code organization, discoverability, and maintainability. The core issue is that infrastructure concerns (queries, actions, registry, type extraction) are currently scattered across multiple directories with inconsistent naming and hierarchy.
## Current State Analysis
### Directory Structure
```
src/
├── cqrs.rs # Query traits (CoreQuery, LibraryQuery, QueryManager)
├── client/
│ └── mod.rs # Wire trait for client-daemon communication
├── ops/
│ ├── registry.rs # Registration macros and inventory system
│ ├── type_extraction.rs # Specta-based type generation
│ ├── api_types.rs # API type wrappers
│ └── [feature modules]/ # Business logic (files/, libraries/, etc.)
└── infra/
├── action/ # Action traits and infrastructure
│ ├── mod.rs # CoreAction, LibraryAction
│ ├── manager.rs
│ ├── builder.rs
│ └── ...
├── api/ # API dispatcher, sessions, permissions
├── daemon/ # Daemon server and RPC
├── db/ # Database layer
├── job/ # Job system
└── event/ # Event bus
```
### Key Components
| Component | Location | Lines | Purpose |
|-----------|----------|-------|---------|
| Query Traits | `src/cqrs.rs` | 115 | `CoreQuery`, `LibraryQuery`, `QueryManager` |
| Action Traits | `src/infra/action/mod.rs` | 114 | `CoreAction`, `LibraryAction` |
| Registry System | `src/ops/registry.rs` | 484 | Registration macros, handler functions, inventory |
| Type Extraction | `src/ops/type_extraction.rs` | 698 | Specta type generation for Swift/TypeScript |
| API Dispatcher | `src/infra/api/dispatcher.rs` | 297 | Unified API entry point |
| Wire Trait | `src/client/mod.rs` | 83 | Type-safe client communication |
## Problems Identified
### 1. Misleading Name: "CQRS"
**Problem**: The file `cqrs.rs` contains only the Query side of CQRS (Command Query Responsibility Segregation), not both Command and Query. The "Command" side is in `infra/action/`.
**Impact**:
- Confusing for new contributors
- Suggests a complete CQRS implementation when it's only half
- Doesn't reflect actual contents
### 2. Separation of Counterparts
**Problem**: Actions and Queries are fundamental counterparts in our architecture, but they're separated:
- Actions: `src/infra/action/` (complete module with 8 files)
- Queries: `src/cqrs.rs` (single file at root level)
**Why This Matters**:
- Both are infrastructure traits that operations implement
- Both have parallel concepts (Core vs Library scope)
- Both are used together in the registry and type extraction systems
- They should be co-located for discoverability and maintainability
### 3. Registry/Type System in Wrong Layer
**Problem**: `registry.rs` and `type_extraction.rs` live in `src/ops/` but are infrastructure concerns:
- **Registry System**: Orchestrates the wire protocol, maps method strings to handlers, manages compile-time registration via `inventory` crate
- **Type Extraction**: Generates client types using Specta, builds API metadata for code generation
- **These are NOT business logic** - they're plumbing that connects clients to operations
**Current Confusion**:
```
src/ops/
├── registry.rs # Infrastructure: wire protocol
├── type_extraction.rs # Infrastructure: code generation
├── api_types.rs # Infrastructure: type wrappers
└── files/
└── copy/
└── action.rs # Business logic: copy operation
```
The registry and type extraction files are in `ops/` alongside business logic, but they're fundamentally different in nature.
## Architecture Overview
### The Wire Protocol System
Our system has a sophisticated wire protocol for client-daemon communication:
```
┌─────────────────────────────────────────────────────────────┐
│ Client Application (CLI, Swift, GraphQL) │
│ • Uses Wire trait with METHOD constant │
│ • Serializes input to JSON │
└─────────────────────────────────────────────────────────────┘
↓ Unix Socket
┌─────────────────────────────────────────────────────────────┐
│ Daemon RPC Server (infra/daemon/rpc.rs) │
│ • Receives DaemonRequest { method, library_id, payload } │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ Registry Lookup (ops/registry.rs) │
│ • LIBRARY_QUERIES map: method → handler function │
│ • LIBRARY_ACTIONS map: method → handler function │
│ • Uses inventory crate for compile-time registration │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ Handler Function (handle_library_query<Q>) │
│ • Deserializes payload to Q::Input │
│ • Creates ApiDispatcher │
│ • Calls execute_library_query::<Q> │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ API Dispatcher (infra/api/dispatcher.rs) │
│ • Session validation │
│ • Permission checks │
│ • Library lookup │
│ • Calls Q::execute() │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ Business Logic (ops/files/query/directory_listing.rs) │
│ • Actual query implementation │
│ • Returns Output │
└─────────────────────────────────────────────────────────────┘
```
### Type Generation System
We use Specta to generate client types automatically:
```rust
// Registration macro implements Wire trait and submits to inventory
crate::register_library_query!(DirectoryListingQuery, "files.directory_listing");
// This generates:
// 1. Wire::METHOD = "query:files.directory_listing.v1"
// 2. Registry entry for runtime dispatch
// 3. Type extractor for compile-time generation
```
The type extraction system (`type_extraction.rs`) collects all registered operations and generates:
- TypeScript types for web/desktop clients
- Swift types for iOS/macOS clients
- API structure metadata
## Proposed Solution: Option A
### New Directory Structure
```
src/infra/
├── action/ # Command side (state-changing operations)
│ ├── mod.rs # CoreAction, LibraryAction traits
│ ├── builder.rs
│ ├── manager.rs
│ ├── context.rs
│ ├── error.rs
│ ├── output.rs
│ └── receipt.rs
├── query/ # Query side (read-only operations) [NEW]
│ ├── mod.rs # CoreQuery, LibraryQuery traits, Query trait
│ └── manager.rs # QueryManager
├── wire/ # Wire protocol & type system [NEW]
│ ├── mod.rs # Re-exports and module docs
│ ├── registry.rs # Registration macros, inventory, handler functions
│ ├── type_extraction.rs # Specta-based type generation
│ ├── api_types.rs # API type wrappers (ApiJobHandle, etc.)
│ └── client.rs # Wire trait (optional: could stay in src/client/)
├── api/ # API layer (no changes)
│ ├── dispatcher.rs
│ ├── session.rs
│ ├── permissions.rs
│ └── ...
├── daemon/ # Daemon server (no changes)
│ ├── rpc.rs
│ ├── dispatch.rs
│ └── ...
├── db/ # Database layer (no changes)
├── job/ # Job system (no changes)
├── event/ # Event bus (no changes)
└── mod.rs
```
### Benefits
#### 1. Clear Semantic Grouping
- **`infra/action/`**: Everything about state-changing operations
- **`infra/query/`**: Everything about read operations
- **`infra/wire/`**: Everything about the wire protocol and type system
Each directory has a clear, single responsibility.
#### 2. Action/Query Symmetry
```
infra/
├── action/ # Commands - state changes
└── query/ # Queries - reads
```
Both are peers at the same level, making their relationship obvious. They're both infrastructure traits that operations implement.
#### 3. Infrastructure vs Business Logic Separation
```
src/
├── infra/ # Technical plumbing (HOW we execute operations)
│ ├── action/
│ ├── query/
│ ├── wire/
│ └── ...
└── ops/ # Business logic (WHAT operations we support)
├── files/
├── libraries/
└── ...
```
Clear separation of concerns. If you're working on business logic, you're in `ops/`. If you're working on infrastructure, you're in `infra/`.
#### 4. Improved Discoverability
New contributors can easily understand:
- "Where do I find query-related infrastructure?" → `infra/query/`
- "Where do I find action-related infrastructure?" → `infra/action/`
- "Where's the wire protocol stuff?" → `infra/wire/`
- "Where do I add a new file copy feature?" → `ops/files/copy/`
#### 5. Better Naming
- `cqrs.rs` - Misleading, suggests complete CQRS implementation
- `infra/query/` - Clear, accurate, matches `action/`
### Design Principles Applied
1. **Co-location**: Related code should live together
2. **Symmetry**: Counterparts should be at the same level (action/query)
3. **Clear Boundaries**: Infrastructure vs business logic
4. **Single Responsibility**: Each directory has one clear purpose
5. **Discoverability**: Easy to find what you're looking for
## Migration Plan
### Phase 1: Create New Structure
1. Create new directories:
```bash
mkdir -p src/infra/query
mkdir -p src/infra/wire
```
2. Move query files:
```bash
# Query system
git mv src/cqrs.rs src/infra/query/mod.rs
```
3. Move wire protocol files:
```bash
# Wire protocol and type system
git mv src/ops/registry.rs src/infra/wire/registry.rs
git mv src/ops/type_extraction.rs src/infra/wire/type_extraction.rs
git mv src/ops/api_types.rs src/infra/wire/api_types.rs
```
### Phase 2: Update Module Declarations
1. **`src/infra/mod.rs`**
```rust
pub mod action;
pub mod api;
pub mod daemon;
pub mod db;
pub mod event;
pub mod job;
pub mod query; // NEW
pub mod wire; // NEW
```
2. **`src/infra/query/mod.rs`** (was `src/cqrs.rs`)
- No changes to file contents
- Just moved location
3. **`src/infra/wire/mod.rs`** (new file)
```rust
//! Wire protocol and type system
//!
//! This module contains the infrastructure for client-daemon communication:
//! - Registration system using the `inventory` crate
//! - Type extraction using Specta for code generation
//! - Handler functions that route requests to operations
//! - API type wrappers for client compatibility
pub mod api_types;
pub mod registry;
pub mod type_extraction;
// Re-export commonly used items
pub use api_types::{ApiJobHandle, ToApiType};
pub use registry::{
handle_core_action, handle_core_query,
handle_library_action, handle_library_query,
CoreActionEntry, CoreQueryEntry,
LibraryActionEntry, LibraryQueryEntry,
CORE_ACTIONS, CORE_QUERIES,
LIBRARY_ACTIONS, LIBRARY_QUERIES,
};
pub use type_extraction::{
generate_spacedrive_api, create_spacedrive_api_structure,
OperationTypeInfo, QueryTypeInfo,
OperationScope, QueryScope,
};
```
### Phase 3: Update Import Paths
All files that import from moved modules need updates:
#### Files importing `cqrs`:
```rust
// Before
use crate::cqrs::{CoreQuery, LibraryQuery, QueryManager};
// After
use crate::infra::query::{CoreQuery, LibraryQuery, QueryManager};
```
**Files to update:**
- `src/lib.rs`
- `src/context.rs`
- `src/infra/api/dispatcher.rs`
- `src/ops/registry.rs` → `src/infra/wire/registry.rs`
- All query implementations in `src/ops/*/query.rs`
#### Files importing `ops::registry`:
```rust
// Before
use crate::ops::registry::{handle_library_query, LIBRARY_QUERIES};
// After
use crate::infra::wire::registry::{handle_library_query, LIBRARY_QUERIES};
```
**Files to update:**
- `src/infra/daemon/dispatch.rs`
- `src/lib.rs` (if using registry directly)
#### Files importing `ops::type_extraction`:
```rust
// Before
use crate::ops::type_extraction::{generate_spacedrive_api, OperationTypeInfo};
// After
use crate::infra::wire::type_extraction::{generate_spacedrive_api, OperationTypeInfo};
```
**Files to update:**
- `src/bin/generate_swift_types.rs`
- `src/bin/generate_typescript_types.rs`
- `src/ops/test_type_extraction.rs`
#### Files importing `ops::api_types`:
```rust
// Before
use crate::ops::api_types::{ApiJobHandle, ToApiType};
// After
use crate::infra::wire::api_types::{ApiJobHandle, ToApiType};
```
**Files to update:**
- Any action outputs that wrap JobHandle
- Files in `src/ops/*/output.rs` that use ApiJobHandle
#### Registration Macros
The registration macros themselves don't need changes - they're path-agnostic:
```rust
// Still works after move
crate::register_library_query!(DirectoryListingQuery, "files.directory_listing");
```
The macros generate references to:
- `$crate::infra::wire::registry::LibraryQueryEntry` (update in macro)
- `$crate::infra::query::LibraryQuery` (update in macro)
- `$crate::infra::wire::type_extraction::QueryTypeInfo` (update in macro)
### Phase 4: Update Registration Macros
In `src/infra/wire/registry.rs`, update the macro paths:
```rust
#[macro_export]
macro_rules! register_library_query {
($query:ty, $name:literal) => {
impl $crate::client::Wire for <$query as $crate::infra::query::LibraryQuery>::Input {
const METHOD: &'static str = $crate::query_method!($name);
}
inventory::submit! {
$crate::infra::wire::registry::LibraryQueryEntry {
method: <<$query as $crate::infra::query::LibraryQuery>::Input as $crate::client::Wire>::METHOD,
handler: $crate::infra::wire::registry::handle_library_query::<$query>,
}
}
impl $crate::infra::wire::type_extraction::QueryTypeInfo for $query {
type Input = <$query as $crate::infra::query::LibraryQuery>::Input;
type Output = <$query as $crate::infra::query::LibraryQuery>::Output;
fn identifier() -> &'static str {
$name
}
fn scope() -> $crate::infra::wire::type_extraction::QueryScope {
$crate::infra::wire::type_extraction::QueryScope::Library
}
fn wire_method() -> String {
$crate::query_method!($name).to_string()
}
}
inventory::submit! {
$crate::infra::wire::type_extraction::QueryExtractorEntry {
extractor: <$query as $crate::infra::wire::type_extraction::QueryTypeInfo>::extract_types,
identifier: $name,
}
}
};
}
```
Similar updates for:
- `register_core_query!`
- `register_library_action!`
- `register_core_action!`
### Phase 5: Update Module Documentation
1. **`src/infra/query/mod.rs`**
```rust
//! Query infrastructure for read-only operations
//!
//! This module provides the query side of our CQRS-inspired architecture:
//! - Query traits (`CoreQuery`, `LibraryQuery`) that operations implement
//! - `QueryManager` for consistent infrastructure (validation, logging)
//!
//! ## Relationship to Actions
//!
//! Queries are the read-only counterpart to actions (see `infra::action`):
//! - **Queries**: Retrieve data without mutating state
//! - **Actions**: Modify state (create, update, delete)
//!
//! Both use the same wire protocol system (see `infra::wire`) for
//! client-daemon communication.
```
2. **`src/infra/wire/mod.rs`**
```rust
//! Wire protocol and type system infrastructure
//!
//! This module contains the plumbing that connects client applications
//! to core operations via Unix domain sockets:
//!
//! ## Components
//!
//! - **Registry**: Compile-time registration using `inventory` crate,
//! maps method strings to handler functions
//! - **Type Extraction**: Generates client types (Swift, TypeScript) from
//! Rust types using Specta
//! - **API Types**: Wrappers for client-compatible types (e.g., ApiJobHandle)
//!
//! ## How It Works
//!
//! 1. Operations register with macros: `register_library_query!`, etc.
//! 2. At compile time, `inventory` collects all registrations
//! 3. At runtime, daemon looks up handlers by method string
//! 4. Handlers deserialize input, execute operation, serialize output
//! 5. At build time, code generators use type extractors to create clients
```
### Phase 6: Update Documentation
Update these documentation files:
- `docs/core/daemon.md` - Update paths in code examples
- `core/AGENTS.md` - Update architecture section
- `docs/API_DESIGN.md` - Update if it references cqrs.rs
### Phase 7: Testing
1. Run tests to ensure all imports resolved:
```bash
cargo test --workspace
```
2. Run clippy to catch any issues:
```bash
cargo clippy --workspace
```
3. Verify type generation still works:
```bash
cargo run --bin generate_swift_types
cargo run --bin generate_typescript_types
```
4. Test daemon startup and client communication:
```bash
cargo run --bin sd-cli restart
cargo run --bin sd-cli libraries list
```
## File-by-File Changes
### Files to Move
| Old Path | New Path | Lines |
|----------|----------|-------|
| `src/cqrs.rs` | `src/infra/query/mod.rs` | 115 |
| `src/ops/registry.rs` | `src/infra/wire/registry.rs` | 484 |
| `src/ops/type_extraction.rs` | `src/infra/wire/type_extraction.rs` | 698 |
| `src/ops/api_types.rs` | `src/infra/wire/api_types.rs` | 42 |
### Files to Create
| Path | Purpose |
|------|---------|
| `src/infra/query/manager.rs` | Extract QueryManager from mod.rs if needed |
| `src/infra/wire/mod.rs` | Module re-exports and documentation |
### Files to Update (Import Changes)
**Critical files** (must be updated for compilation):
- `src/lib.rs` - Core module, uses cqrs and registry
- `src/infra/mod.rs` - Add new modules
- `src/ops/mod.rs` - Remove moved modules
- `src/infra/api/dispatcher.rs` - Uses query traits
- `src/infra/daemon/dispatch.rs` - Uses registry
- `src/bin/generate_swift_types.rs` - Uses type extraction
- `src/bin/generate_typescript_types.rs` - Uses type extraction
**Operation files** (50+ files):
- All `src/ops/*/query.rs` files - Import CoreQuery/LibraryQuery
- All `src/ops/*/action.rs` files - Import CoreAction/LibraryAction
- Files using registration macros
## Validation Checklist
Before considering the migration complete:
- [ ] All files compile without errors
- [ ] All tests pass (`cargo test --workspace`)
- [ ] Clippy has no new warnings (`cargo clippy --workspace`)
- [ ] Type generation works (Swift and TypeScript)
- [ ] Daemon starts successfully
- [ ] Client can communicate with daemon
- [ ] All registration macros work correctly
- [ ] Documentation updated
- [ ] AGENTS.md updated with new paths
## Alternatives Considered
### Alternative 1: Keep Query Separate
```
src/
├── query/ # Move cqrs.rs to top level
└── infra/
├── action/
└── registry/
```
**Pros**: Smaller change
**Cons**: Query and Action still not peers, inconsistent
### Alternative 2: Lighter Touch
```
src/infra/
├── action/
├── query/
└── registry/ # Registry and type extraction together
```
**Pros**: Less nesting
**Cons**: "registry" doesn't capture type extraction purpose
### Why Option A (with `wire/` directory) is Best
1. **Semantic Clarity**: "wire" clearly indicates wire protocol concerns
2. **Room to Grow**: Can add related concerns (serialization, versioning)
3. **Clear Boundaries**: Each directory has single, obvious purpose
4. **Industry Standard**: "wire" is common in RPC/protocol contexts
## Implementation Notes
### About `inventory` Crate
The registration system uses `inventory` for compile-time collection:
```rust
inventory::submit! {
LibraryQueryEntry {
method: "query:files.list.v1",
handler: handle_library_query::<FileListQuery>,
}
}
```
This means the registry system has **no runtime discovery** - everything is determined at compile time. This is why the registry and type extraction live together: they're both part of the compile-time type system.
### Path Updates in Macros
The registration macros use `$crate::` which resolves to the crate root, so they reference absolute paths. When updating macros, use full paths:
```rust
$crate::infra::wire::registry::LibraryQueryEntry
```
Not:
```rust
crate::infra::wire::registry::LibraryQueryEntry // Wrong - missing $
```
### Client Wire Trait
The `Wire` trait in `src/client/mod.rs` could optionally move to `src/infra/wire/client.rs` for better organization, but it's fine to leave it where it is since "client" is a top-level concept.
## Future Considerations
### Potential Enhancements
1. **Versioning**: Add version negotiation to wire protocol
2. **Middleware**: Add query/action middleware system
3. **Caching**: Add query result caching layer
4. **Metrics**: Add wire protocol metrics collection
### Evolution Path
This reorganization sets up for future enhancements:
- `infra/wire/versioning.rs` - Protocol version negotiation
- `infra/wire/middleware.rs` - Request/response interceptors
- `infra/query/cache.rs` - Query result caching
- `infra/action/validation.rs` - Cross-action validation
## Conclusion
This reorganization improves code organization by:
1. Grouping related infrastructure together
2. Making action/query relationship obvious
3. Clarifying infrastructure vs business logic boundary
4. Improving discoverability for new contributors
5. Using more accurate names
The migration is mechanical (mostly moving files and updating imports) with minimal risk since we're not changing functionality - just organization.
## Appendix: Search and Replace Patterns
For migration assistance, here are regex patterns for common import updates:
### Query Imports
```bash
# Find
use crate::cqrs::(.*);
# Replace
use crate::infra::query::$1;
```
### Registry Imports
```bash
# Find
use crate::ops::registry::(.*);
# Replace
use crate::infra::wire::registry::$1;
```
### Type Extraction Imports
```bash
# Find
use crate::ops::type_extraction::(.*);
# Replace
use crate::infra::wire::type_extraction::$1;
```
### API Types Imports
```bash
# Find
use crate::ops::api_types::(.*);
# Replace
use crate::infra::wire::api_types::$1;
```

349
docs/core/design/API_MODULE_DESIGN.md
View File

@@ -1,349 +0,0 @@
# API Module Design: Unified Entry Point & Permission Layer
## Problem Analysis
Your architectural insight is spot-on. The current system has several issues:
### **Current Issues:**
1. **Session handling scattered**: Library operations get `library_id` from multiple places
2. **No permission layer**: Operations execute without auth/permission checks
3. **Context confusion**: Session state should be parameter, not stored in CoreContext
4. **API entry points distributed**: Multiple handlers, no unified API surface
### **Your Vision:**
- **Session as parameter**: Operations receive session context explicitly
- **Unified API entry point**: Single place where applications call operations
- **Permission layer**: Auth and authorization happen at API boundary
- **Clean separation**: Core logic separate from API concerns
## Proposed `infra/api` Module Architecture
### **Module Structure**
```
core/src/infra/api/
├── mod.rs // Public API exports
├── dispatcher.rs // Unified operation dispatcher
├── session.rs // Session context and management
├── permissions.rs // Permission and authorization layer
├── context.rs // API request context
├── middleware.rs // API middleware pipeline
├── error.rs // API-specific error types
└── types.rs // API surface types
```
### **Core Components**
#### **1. Session Context (`session.rs`)**
```rust
/// Rich session context passed to operations
#[derive(Debug, Clone)]
pub struct SessionContext {
/// User/device authentication info
pub auth: AuthenticationInfo,
/// Currently selected library (if any)
pub current_library_id: Option<Uuid>,
/// User preferences and permissions
pub permissions: PermissionSet,
/// Request metadata
pub request_metadata: RequestMetadata,
/// Device context
pub device_id: Uuid,
pub device_name: String,
}
#[derive(Debug, Clone)]
pub struct AuthenticationInfo {
pub user_id: Option<Uuid>, // Future: user authentication
pub device_id: Uuid, // Device identity
pub authentication_level: AuthLevel, // None, Device, User, Admin
}
#[derive(Debug, Clone)]
pub enum AuthLevel {
None, // Unauthenticated
Device, // Device-level access
User(Uuid), // User-level access
Admin(Uuid), // Admin-level access
}
```
#### **2. Unified Dispatcher (`dispatcher.rs`)**
```rust
/// The main API entry point - this is what applications call
pub struct ApiDispatcher {
core_context: Arc<CoreContext>,
permission_layer: PermissionLayer,
}
impl ApiDispatcher {
/// Execute a library action with session context
pub async fn execute_library_action<A>(
&self,
action_input: A::Input,
session: SessionContext,
) -> Result<A::Output, ApiError>
where
A: LibraryAction + 'static,
{
// 1. Permission check
self.permission_layer.check_library_action::<A>(&session).await?;
// 2. Require library context
let library_id = session.current_library_id
.ok_or(ApiError::NoLibrarySelected)?;
// 3. Create action
let action = A::from_input(action_input)
.map_err(ApiError::InvalidInput)?;
// 4. Execute with enriched session context
let manager = ActionManager::new(self.core_context.clone());
let result = manager.dispatch_library_with_session(
library_id,
action,
session
).await?;
Ok(result)
}
/// Execute a core action with session context
pub async fn execute_core_action<A>(
&self,
action_input: A::Input,
session: SessionContext,
) -> Result<A::Output, ApiError>
where
A: CoreAction + 'static,
{
// 1. Permission check
self.permission_layer.check_core_action::<A>(&session).await?;
// 2. Create action
let action = A::from_input(action_input)
.map_err(ApiError::InvalidInput)?;
// 3. Execute with session context
let manager = ActionManager::new(self.core_context.clone());
let result = manager.dispatch_core_with_session(action, session).await?;
Ok(result)
}
/// Execute a library query with session context
pub async fn execute_library_query<Q>(
&self,
query_input: Q::Input,
session: SessionContext,
) -> Result<Q::Output, ApiError>
where
Q: LibraryQuery + 'static,
{
// 1. Permission check
self.permission_layer.check_library_query::<Q>(&session).await?;
// 2. Require library context
let library_id = session.current_library_id
.ok_or(ApiError::NoLibrarySelected)?;
// 3. Create query
let query = Q::from_input(query_input)
.map_err(ApiError::InvalidInput)?;
// 4. Execute with session context
let result = query.execute(self.core_context.clone(), session, library_id).await?;
Ok(result)
}
/// Execute a core query with session context
pub async fn execute_core_query<Q>(
&self,
query_input: Q::Input,
session: SessionContext,
) -> Result<Q::Output, ApiError>
where
Q: CoreQuery + 'static,
{
// Permission check
self.permission_layer.check_core_query::<Q>(&session).await?;
// Create and execute
let query = Q::from_input(query_input).map_err(ApiError::InvalidInput)?;
let result = query.execute(self.core_context.clone(), session).await?;
Ok(result)
}
}
```
#### **3. Permission Layer (`permissions.rs`)**
```rust
/// Permission checking for all operations
pub struct PermissionLayer {
// Permission rules, policies, etc.
}
impl PermissionLayer {
/// Check if session can execute library action
pub async fn check_library_action<A: LibraryAction>(
&self,
session: &SessionContext,
) -> Result<(), PermissionError> {
// Future: Check user permissions for this action
// Future: Check library-specific permissions
// Future: Rate limiting, quota checks
match session.auth.authentication_level {
AuthLevel::None => Err(PermissionError::Unauthenticated),
AuthLevel::Device | AuthLevel::User(_) | AuthLevel::Admin(_) => {
// Future: Fine-grained permission checks based on action type
Ok(())
}
}
}
/// Check if session can execute core action
pub async fn check_core_action<A: CoreAction>(
&self,
session: &SessionContext,
) -> Result<(), PermissionError> {
// Core actions might need higher privileges
match session.auth.authentication_level {
AuthLevel::Admin(_) => Ok(()),
_ => Err(PermissionError::InsufficientPrivileges),
}
}
// Similar for queries...
}
```
#### **4. Updated Trait Signatures**
```rust
/// Updated LibraryQuery trait with session parameter
pub trait LibraryQuery: Send + 'static {
type Input: Send + Sync + 'static;
type Output: Send + Sync + 'static;
fn from_input(input: Self::Input) -> Result<Self>;
// NEW: Receives session context instead of just library_id
async fn execute(
self,
context: Arc<CoreContext>,
session: SessionContext, // ← Rich session context
library_id: Uuid, // ← Still needed for library operations
) -> Result<Self::Output>;
}
/// Updated CoreQuery trait with session parameter
pub trait CoreQuery: Send + 'static {
type Input: Send + Sync + 'static;
type Output: Send + Sync + 'static;
fn from_input(input: Self::Input) -> Result<Self>;
// NEW: Receives session context
async fn execute(
self,
context: Arc<CoreContext>,
session: SessionContext, // ← Rich session context
) -> Result<Self::Output>;
}
```
### **5. Application Integration Points**
#### **GraphQL Server Integration**
```rust
// In GraphQL resolvers
impl GraphQLQuery {
async fn files_search(&self, input: FileSearchInput) -> Result<FileSearchOutput> {
let session = self.extract_session_from_request()?;
self.api_dispatcher
.execute_library_query::<FileSearchQuery>(input, session)
.await
}
}
```
#### **CLI Integration**
```rust
// In CLI commands
impl CliCommand {
async fn files_copy(&self, input: FileCopyInput) -> Result<JobReceipt> {
let session = SessionContext::from_cli_context(&self.config)?;
self.api_dispatcher
.execute_library_action::<FileCopyAction>(input, session)
.await
}
}
```
#### **Swift Client Integration**
```rust
// In daemon connector
impl DaemonConnector {
async fn execute_operation(&self, method: String, payload: Data) -> Result<Data> {
let session = self.current_session()?;
// Route to appropriate dispatcher method based on method string
match method.as_str() {
"action:files.copy.input.v1" => {
let input: FileCopyInput = decode(payload)?;
let result = self.api_dispatcher
.execute_library_action::<FileCopyAction>(input, session)
.await?;
encode(result)
}
// ... other operations
}
}
}
```
## Benefits of This Design
### **1. Unified API Surface**
- **Single entry point**: All applications go through `ApiDispatcher`
- **Consistent interface**: Same pattern for all operation types
- **Clear boundaries**: API layer separate from core business logic
### **2. Proper Permission Layer**
- **Authentication**: Device/user/admin levels
- **Authorization**: Operation-specific permission checks
- **Future-ready**: Easy to add fine-grained permissions
### **3. Rich Session Context**
- **Not just library_id**: Full user/device/permission context
- **Request metadata**: Tracking, audit trails, rate limiting
- **Extensible**: Easy to add new session data
### **4. Clean Separation of Concerns**
- **API layer**: Authentication, authorization, routing
- **Core layer**: Business logic, unchanged
- **Operations**: Receive rich context, focus on execution
### **5. Future Extensibility**
- **Multiple auth providers**: Easy to add OAuth, SAML, etc.
- **Library-specific permissions**: Per-library access control
- **Audit trails**: Track all operations with session context
- **Rate limiting**: Per-user/device quotas
## Migration Path
1. **Create `infra/api` module** with base types
2. **Update trait signatures** to receive `SessionContext`
3. **Create `ApiDispatcher`** with permission layer
4. **Update applications** to use unified API
5. **Gradually enhance permissions** as needed
This design gives you a **clean, extensible API layer** that grows with your authentication and permission needs! 🎯

251
docs/core/design/ARCHITECTURE_DECISIONS.md
View File

@@ -1,251 +0,0 @@
# Architecture Decision Records
## ADR-000: SdPath as Core Abstraction
**Status**: Accepted
**Context**:
- Spacedrive promises a "Virtual Distributed File System"
- Current implementation can't copy files between devices
- Users expect seamless cross-device operations
- Path representations are inconsistent
**Decision**: Every file operation uses `SdPath` - a path that includes device context
**Consequences**:
- Enables true cross-device operations
- Unified API for all file operations
- Makes VDFS promise real
- Natural routing of operations to correct device
- Future-proof for cloud storage integration
- Requires P2P infrastructure for remote operations
- More complex than simple PathBuf
**Example**:
```rust
// This just works across devices
let source = SdPath::new(macbook_id, "/Users/me/file.txt");
let dest = SdPath::new(iphone_id, "/Documents");
copy_files(core, source, dest).await?;
```
---
## ADR-001: Decoupled File Data Model
**Status**: Accepted
**Context**:
- Current model requires content indexing (cas_id) to enable tagging
- Non-indexed files cannot have user metadata
- Content changes can break object associations
- Tags are tied to Objects, not file paths
**Decision**: Separate user metadata from content identity
**Architecture**:
```
Entry (file/dir) → UserMetadata (always exists)
↓ (optional)
ContentIdentity (for deduplication)
```
**Consequences**:
- Any file can be tagged immediately
- Metadata persists through content changes
- Progressive enhancement (index when needed)
- Works with ephemeral/non-indexed files
- Cleaner separation of concerns
- More complex data model
- Migration required from v1
---
## ADR-002: SeaORM Instead of Prisma
**Status**: Accepted
**Context**:
- Prisma's Rust client is abandoned by the Spacedrive team
- The fork is locked to Prisma 4.x while current is 6.x
- Prisma is moving away from Rust support
- Custom sync attributes created tight coupling
**Decision**: Use SeaORM for database access
**Consequences**:
- Active maintenance and community
- Native Rust, no Node.js dependency
- Better async support
- Cleaner migration system
- Need to rewrite all database queries
- Lose Prisma's schema DSL
---
## ADR-002: Unified File Operations
**Status**: Accepted
**Context**:
- Current system has separate implementations for indexed vs ephemeral files
- Users can't perform basic operations across boundaries
- Code duplication for every file operation
- Confusing UX
**Decision**: Single implementation that handles both cases transparently
**Consequences**:
- Consistent user experience
- Half the code to maintain
- Easier to add new operations
- More complex implementation
- Need to handle both cases in one code path
---
## ADR-003: Event-Driven Architecture
**Status**: Accepted
**Context**:
- Current invalidate_query! macro couples backend to frontend
- String-based query keys are error-prone
- Backend shouldn't know about frontend caching
**Decision**: Backend emits domain events, frontend decides what to invalidate
**Consequences**:
- Clean separation of concerns
- Frontend can optimize invalidation
- Type-safe events
- Enables plugin system
- Frontend needs more logic
- Potential for missed invalidations
---
## ADR-004: Pragmatic Monolith
**Status**: Accepted
**Context**:
- Previous attempts to split into crates created "cyclic dependency hell"
- Current crate names (heavy-lifting) are non-descriptive
- Important business logic is hidden
**Decision**: Keep core as monolith with clear module organization
**Consequences**:
- No cyclic dependency issues
- Easier refactoring
- Clear where functionality lives
- Better incremental compilation
- Larger compilation unit
- Can't publish modules separately
---
## ADR-005: GraphQL API with async-graphql
**Status**: Accepted
**Context**:
- rspc was created and abandoned by the Spacedrive team
- Need better API introspection and tooling
- Want to support subscriptions for real-time updates
- Require full type safety from backend to frontend
**Decision**: Use async-graphql for API layer
**Benefits**:
- **Full type safety**: Auto-generated TypeScript types from Rust structs
- **Excellent tooling**: GraphQL Playground, Apollo DevTools, VSCode extensions
- **Built-in subscriptions**: Real-time updates without custom WebSocket code
- **Active community**: Well-maintained with regular updates
- **Standard GraphQL**: Developers already know it
- **Flexible queries**: Clients request exactly what they need
- **Better caching**: Apollo Client handles caching automatically
- Different from current rspc (but better documented)
- Initial setup more complex (but better long-term)
**Type Safety Example**:
```rust
// Rust
#[derive(SimpleObject)]
struct Library {
id: Uuid,
name: String,
}
```
```typescript
// Auto-generated TypeScript
export interface Library {
id: string;
name: string;
}
// Full type safety in React
const { data } = useGetLibraryQuery({ variables: { id } });
console.log(data.library.name); // Typed!
---
## ADR-006: Single Device Identity
**Status**: Accepted
**Context**:
- Current system has Node, Device, and Instance
- Developers confused about which to use
- Complex identity mapping between systems
**Decision**: Merge into single Device concept
**Consequences**:
- Clear mental model
- Simplified P2P routing
- Easier multi-device features
- Need to migrate existing data
- Breaking change for sync protocol
---
## ADR-007: Third-Party Sync
**Status**: Proposed
**Context**:
- Custom CRDT implementation never shipped
- Mixed local/shared data created unsolvable problems
- Many SQLite sync solutions exist
**Decision**: Use existing sync solution (TBD: Turso, cr-sqlite, etc.)
**Consequences**:
- Proven technology
- Don't maintain sync ourselves
- Can focus on core features
- Less control over sync behavior
- Potential vendor lock-in
---
## ADR-008: Jobs as Simple Functions
**Status**: Proposed
**Context**:
- Current job system requires 500-1000 lines of boilerplate
- Complex trait implementations
- Manual registration in macros
**Decision**: Replace with simple async functions + optional progress reporting
**Consequences**:
- Dramatically less boilerplate
- Easier to understand
- Can use standard Rust patterns
- Lose automatic serialization/resume
- Need different approach for long-running tasks

245
docs/core/design/AT_REST_LIBRARY_ENCRYPTION.md
View File

@@ -1,245 +0,0 @@
Of course. Here is a complete implementation guide in Markdown format that incorporates the whitepaper's requirements, the new configuration setting, and a detailed plan for implementation.
---
# Implementation Guide: Data Protection at Rest
This document outlines the technical strategy for implementing the "Data Protection at Rest" model as described in the Spacedrive V2 Whitepaper. The goal is to align the Rust codebase with the whitepaper's security-first principles, ensuring user data is always protected on disk.
As the whitepaper states, a core tenet is providing robust privacy:
> [cite\_start]"...the robust, privacy-preserving principles of local-first architecture, when engineered for scalability, can bridge the gap between consumer-friendly design and enterprise-grade requirements." [cite: 38]
This guide provides the necessary steps to implement encryption for the library database, thumbnail cache, and network identity, directly addressing the threat model of a compromised device:
> [cite\_start]"**Scenario 2: Stolen Laptop with Sensitive Photo Library**...SQLCipher encryption on the library database prevents access without the user's password...attacker cannot: - View photo thumbnails (encrypted in cache)" [cite: 587]
---
## 1\. Library Configuration (`library.json`)
To give users control, we will add an `encryption_enabled` setting to the `LibrarySettings`. This setting will be **enabled by default** for all new libraries.
### Proposed Change
Modify the `LibrarySettings` struct in `src/library/config.rs`:
```rust
// [Source: 1056]
// src/library/config.rs
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct LibrarySettings {
// ... existing fields
pub auto_track_external_volumes: bool,
/// Whether the library is encrypted at rest
pub encryption_enabled: bool,
}
// [Source: 1058]
impl Default for LibrarySettings {
fn default() -> Self {
Self {
// ... existing defaults
auto_track_system_volumes: true,
auto_track_external_volumes: false,
encryption_enabled: true, // Enabled by default
}
}
}
```
---
## 2\. Master Key Derivation (PBKDF2)
A strong cryptographic key must be derived from the user's password to encrypt the library. We will use PBKDF2 as specified.
> [cite\_start]"User passwords are strengthened using PBKDF2 with 100,000+ iterations and unique salts per library, providing strong protection against brute-force attacks." [cite: 572]
### Implementation
1. **Dependencies**:
```toml
[dependencies]
pbkdf2 = "0.12"
sha2 = "0.10"
rand = "0.8"
hex = "0.4"
```
2. **Key Derivation Logic**:
A utility function will handle key derivation. A unique, randomly generated salt must be created for each new encrypted library and stored in its `library.json` file.
```rust
use pbkdf2::{
password_hash::{PasswordHasher, SaltString},
Pbkdf2
};
use rand::rngs::OsRng;
/// Derives a 256-bit (32-byte) key from a password and salt.
fn derive_library_key(password: &str, salt_str: &str) -> Result<[u8; 32], Box<dyn std::error::Error>> {
let password_bytes = password.as_bytes();
let mut key = [0u8; 32];
Pbkdf2.hash_password_customized(
password_bytes,
None, // Algorithm identifier
None, // Version
pbkdf2::Params { rounds: 100_000, output_length: 32 },
salt_str
)?.hash_bytes_into(&mut key)?;
Ok(key)
}
/// Generates a new salt for a library.
fn generate_salt() -> String {
let salt = SaltString::generate(&mut OsRng);
salt.to_string()
}
```
---
## 3\. Database Encryption (SQLCipher)
The core metadata database will be encrypted using SQLCipher.
> [cite\_start]"Library databases employ SQLCipher for transparent encryption at rest." [cite: 569]
### Implementation
1. **Dependencies**: The `rusqlite` crate must be configured with the `sqlcipher` feature.
```toml
[dependencies]
rusqlite = { version = "0.31", features = ["sqlcipher"] }
```
2. **Connection Logic**: The `Database::open` and `Database::create` functions in `src/infrastructure/database/mod.rs` must be modified to handle a password. The derived key is passed to SQLCipher via a `PRAGMA` command.
```rust
use rusqlite::{Connection, OpenFlags};
use std::path::Path;
/// Opens or creates an encrypted database connection.
fn open_encrypted_db(path: &Path, key: &[u8; 32]) -> Result<Connection, Box<dyn std::error::Error>> {
// 1. Format the key for the SQLCipher PRAGMA command.
let key_hex = hex::encode(key);
let pragma_key = format!("PRAGMA key = 'x''{}''", key_hex);
// 2. Open the database connection.
let conn = Connection::open_with_flags(path, OpenFlags::SQLITE_OPEN_READ_WRITE | OpenFlags::SQLITE_OPEN_CREATE)?;
// 3. Set the key. This must be the first command executed.
conn.execute_batch(&pragma_key)?;
// 4. Verify the key. A test query will fail if the key is incorrect.
conn.query_row("SELECT count(*) FROM sqlite_master;", [], |_| Ok(()))?;
Ok(conn)
}
```
---
## 4\. Thumbnail Cache Encryption
Because the thumbnail cache resides inside the library directory but outside the database file, each thumbnail must be individually encrypted.
> [cite\_start]An attacker with a stolen laptop "cannot: - View photo thumbnails (encrypted in cache)" [cite: 587]
### Implementation
1. **Strategy**: Use the same derived library key to encrypt each thumbnail file using an AEAD cipher like ChaCha20-Poly1305. Store a unique nonce with each file.
2. **Dependencies**:
```toml
[dependencies]
chacha20poly1305 = "0.10"
```
3. **Modify `Library::save_thumbnail`**: Encrypt thumbnail data before writing to disk.
```rust
// In src/library/mod.rs
use chacha20poly1305::{aead::{Aead, KeyInit}, ChaCha20Poly1305, Nonce};
// Assume `key` is the 32-byte library key held in the Library struct.
pub async fn save_thumbnail(&self, cas_id: &str, size: u32, data: &[u8], key: &[u8; 32]) -> Result<()> {
let path = self.thumbnail_path(cas_id, size);
let cipher = ChaCha20Poly1305::new(key.into());
let nonce = ChaCha20Poly1305::generate_nonce(&mut OsRng); // Generate a unique nonce
let ciphertext = cipher.encrypt(&nonce, data)
.map_err(|e| LibraryError::Other(format!("Encryption failed: {}", e)))?;
// Prepend the nonce to the ciphertext for storage
let mut file_content = nonce.to_vec();
file_content.extend_from_slice(&ciphertext);
if let Some(parent) = path.parent() {
tokio::fs::create_dir_all(parent).await?;
}
tokio::fs::write(path, &file_content).await?;
Ok(())
}
```
4. **Modify `Library::get_thumbnail`**: Decrypt thumbnail data after reading from disk.
```rust
// In src/library/mod.rs
// Assume `key` is the 32-byte library key held in the Library struct.
pub async fn get_thumbnail(&self, cas_id: &str, size: u32, key: &[u8; 32]) -> Result<Vec<u8>> {
let path = self.thumbnail_path(cas_id, size);
let encrypted_content = tokio::fs::read(path).await?;
if encrypted_content.len() < 12 {
return Err(LibraryError::Other("Invalid encrypted thumbnail file".to_string()));
}
// Split the nonce (first 12 bytes) from the ciphertext
let (nonce_bytes, ciphertext) = encrypted_content.split_at(12);
let nonce = Nonce::from_slice(nonce_bytes);
// Decrypt
let cipher = ChaCha20Poly1305::new(key.into());
let decrypted_data = cipher.decrypt(nonce, ciphertext)
.map_err(|e| LibraryError::Other(format!("Decryption failed: {}", e)))?;
Ok(decrypted_data)
}
```
---
## 5\. Device Identity Encryption
To protect against network impersonation, the device's private network key must be encrypted at rest, unlocked by a master user password.
> [cite\_start]"Network identity protection employs a layered approach: Ed25519 private keys are encrypted using ChaCha20-Poly1305 with keys derived through Argon2id from user passwords." [cite: 573]
This process is similar to library encryption but uses **Argon2id** for key derivation (stronger against GPU cracking) and applies to a global `device.json` configuration file, not a per-library config.
---
## 6\. Performance Considerations
Implementing at-rest encryption introduces a deliberate performance trade-off for enhanced security.
- **One-Time Costs**: The expensive key derivation functions (**PBKDF2** for libraries, **Argon2id** for the device identity) are executed only once upon unlock or application startup. This adds a slight, intentional delay to these initial operations.
- **Continuous Costs**:
- **Database**: Every database read/write incurs the overhead of AES encryption/decryption by **SQLCipher**. This will primarily affect I/O-heavy operations like mass indexing and complex searches.
- **Thumbnails**: Every thumbnail access will incur the overhead of **ChaCha20-Poly1305** decryption. This may add minor latency to UI interactions that load many images at once.
This performance impact is a fundamental aspect of the security model and is necessary to fulfill the privacy-preserving promises of the whitepaper.

239
docs/core/design/BENCHMARKING_SUITE_DESIGN.md
View File

@@ -1,239 +0,0 @@
### Spacedrive Benchmarking Suite — Design Document
Author: Core Team
Status: Draft (for review)
Last updated: 2025-08-08
---
### 1) Objectives
- **Primary goal**: Produce repeatable, representative performance metrics for Spacedrive that we can cite confidently (and automate regression tracking).
- **Scope**: Indexing pipeline (per-phase), search, database throughput, network transfer (P2P), and provider-backed remote indexing.
- **Non-goals**: Micro-optimizing individual syscalls; publishing vendor shootouts.
---
### 2) Definitions (unambiguous metrics)
- **Indexing Throughput (Discovery-only)**: Files/sec while listing directories and creating Entry records (no content hash, no media extraction). Includes DB writes unless explicitly disabled.
- **Indexing Throughput (Discovery + Content ID)**: Files/sec when Discovery plus Content Identification (BLAKE3 sampling/full as configured) are enabled. Media extraction disabled.
- **Indexing Throughput (Full)**: Files/sec with Discovery + Content ID + Media metadata extraction enabled.
- **Content Hash Throughput**: MB/sec and files/sec for BLAKE3 with strategy: small-files full hash; large-files sampled hash.
- **Search Latency**: p50/p90/p99 latency for keyword (FTS) and semantic/vector queries at N entries.
- **DB Ingest Rate**: Entries/sec and txn latency with production PRAGMA settings (WAL, synchronous, etc.).
- **Network Transfer Throughput**: MB/sec end-to-end for P2P (LAN/WAN) under typical configurations.
- **Cloud/Remote Indexing Throughput**: Files/sec for S3, Google Drive, FTP/SFTP/WebDAV, specifying provider limits, concurrency, and metadata-only mode.
Each metric must specify: hardware, OS, dataset recipe, cache state (cold/warm), concurrency settings, and feature flags.
---
### 3) Environments
- **Hardware profiles**
- M2 MacBook Pro, 16GB RAM, internal NVMe (macOS 14.x)
- Linux desktop, AMD/Intel CPU, NVMe SSD (kernel ≥5.15)
- HDD-based system (USB 3.0 or SATA HDD)
- NAS via 1Gbps and optionally 10Gbps
- **Remote providers**
- S3-compatible (AWS S3 or MinIO)
- Google Drive
- FTP/SFTP/WebDAV (local containers when possible for reproducibility)
- **Environment capture** (auto-logged into results):
- CPU model, cores/threads; memory; OS version; disk type(s) and interface
- Filesystem type; mount options; network link speed
- Spacedrive commit, build flags, Rust version
---
### 4) Datasets and Sample Data Strategy
We will not check large datasets into the repo. Instead, we define deterministic, scriptable dataset “recipes”. Two sources:
1. **Synthetic Generator (primary)**
- Deterministic via `--seed`.
- Parameters: directory fanout/depth, file count/buckets, size distributions (tiny/small/medium/large/huge), file type mixtures (text, binary, images, audio, video), duplicate ratios, random content vs patterned content.
- Media fixtures: generate images/videos via lightweight generators (e.g., ffmpeg image/video synthesis) when media pipelines are enabled. Sizes and durations configurable.
- Output example layout:
- `benchdata/<recipe-name>/` containing multiple test `Locations` (e.g., `small/`, `mixed/`, `media/`, `large/`).
2. **Scripted Real-World Corpora (optional add-ons)**
- Fetchers that download well-known public datasets (e.g., Linux kernel source snapshot, Gutenberg text subset, a small OpenImages sample). Not run in CI by default. All licensing respected and documented.
Benchmark Recipe (YAML) — example:
```yaml
name: mixed_nvme_default
seed: 42
locations:
- path: benchdata/mixed
structure:
depth: 4
fanout_per_dir: 12
files:
total: 500_000
size_buckets:
tiny: { range: [0, 1_024], share: 0.25 }
small: { range: [1_024, 64_000], share: 0.35 }
medium: { range: [64_000, 5_000_000], share: 0.30 }
large: { range: [5_000_000, 200_000_000], share: 0.09 }
huge: { range: [200_000_000, 2_000_000_000], share: 0.01 }
duplicate_ratio: 0.05
media_ratio: 0.10
extensions: [txt, rs, jpg, png, mp4, pdf, docx, zip]
media:
generate_thumbnails: false
synthetic_video: { enabled: true, duration_s: 5, width: 1280, height: 720 }
```
You (James) can build and curate a set of canonical recipes for different storage types. The generator will create those datasets locally; remote datasets can be mirrored to providers (S3 bucket, NAS share) using companion scripts.
---
### 5) Benchmark Harness Architecture
- **New workspace member**: `benchmarks/` (Rust crate) providing a CLI `sd-bench` with subcommands:
- `mkdata` — generate datasets from recipe YAML
- `run` — execute a benchmark scenario and collect results
- `report` — aggregate and render markdown/CSV from JSON results
- **Runner (`sd-bench run`)**
- Scenarios: `indexing-discovery`, `indexing-content-id`, `indexing-full`, `search`, `db-ingest`, `p2p-transfer`, `remote-indexing` (s3/gdrive/ftp/sftp/webdav)
- Options: `--recipe <file>`, `--location <path>...`, `--runs 10`, `--cold-cache on|off`, `--persist on|off`, `--concurrency N`, `--features media,semantic`, `--phases discovery,content,media`
- Output: NDJSON and summary JSON written to `benchmarks/results/<timestamp>_<scenario>.json`
- Captures environment metadata automatically
- **Integration with Spacedrive Core**
- Use existing CLI/daemon where possible to avoid special code paths. Prefer programmatic invocation (library API) when we need precise phase toggles and counters.
- Expose a stable “benchmark mode” in the indexing pipeline that:
- Enables per-phase counters and timers (files_discovered, files_hashed, bytes_read_actual, entries_persisted, db_txn_count, etc.)
- Emits structured events via `tracing` with a stable schema
- Runs with deterministic concurrency (configurable worker counts)
---
### 6) Instrumentation & Data Model
- **Instrumentation points** (add minimal code in core):
- Discovery phase start/stop; per-directory timings optional
- Content ID hashing start/stop and counters: bytes read (actual), files hashed (full vs sampled), hash errors
- Media extraction: items processed/sec by type
- DB metrics: entries inserted, batched writes, txn count, avg/percentile txn duration
- Global wall-clock timings per phase and total
- **Event schema (NDJSON)**
- `bench_meta`: env (hardware, OS), git commit, rustc, features
- `phase_start` / `phase_end`: phase name, timestamp
- `counter`: name, value, unit, at timestamp
- `summary`: computed metrics (files/sec, MB/sec, p50/p90/p99 latencies)
All outputs are machine-readable first; human-friendly markdown is derived from JSON.
---
### 7) Methodology & Repeatability
- **Runs**: Default 510 runs per scenario; report median ± MAD (or SD). Persist all raw runs.
- **Caches**: For Linux, instruct dropping caches between cold runs (requires sudo; optional). For macOS, document lack of reliable page cache flush; report both first (cold-ish) and subsequent (warm) run medians.
- **Isolation**: Advise disabling Spotlight/Indexing and background heavy apps; pin CPU governor where applicable.
- **Concurrency**: Fix worker counts where relevant to avoid run-to-run drift.
- **Data locality**: Ensure datasets reside on the intended storage (NVMe vs HDD vs network share). For remote, record provider throttles/limits.
---
### 8) Scenarios Matrix (initial set)
- Local storage:
- NVMe: discovery-only, discovery+content, full (with media off/on)
- External SSD (USB 3.2): same as above
- HDD (USB 3.0/SATA): same as above
- Network storage:
- NAS over 1Gbps (and optionally 10Gbps): discovery-only, discovery+content
- Remote providers:
- S3 (metadata-only; optional content sampling via ranged reads)
- Google Drive (metadata-only)
- FTP/SFTP/WebDAV (local container targets for reproducibility)
- Search & DB:
- Keyword and semantic search at 1M entries: p50/p90/p99
- Bulk ingest (DB write throughput) using generated Entry batches
---
### 9) Reporting & Publication
- Store raw results in `benchmarks/results/` with timestamped filenames.
- `sd-bench report` produces:
- Markdown summary (`docs/benchmarks.md`) including environment details and scenario tables
- CSV exports for spreadsheet analysis
- Optional JSON-to-plot script (e.g., gnuplot/vega spec) for charts
Version every published report with git commit hashes and recipe checksums.
---
### 10) CI, Regression Tracking, and Guardrails
- CI runs micro-benchmarks only (hashing, DB ingest on tiny datasets) to avoid long jobs.
- Nightly/weekly scheduled benchmarks on dedicated hardware (self-hosted runners) produce artifacts and trend lines.
- Introduce threshold alerts: if median files/sec drops >X% vs last baseline, open an issue automatically.
---
### 11) Privacy, Licensing, and Safety
- Synthetic datasets by default; no personal data.
- Public corpora scripts include license notices and checksums.
- Remote benchmarks authenticate via env vars and redact from results.
---
### 12) Implementation Plan (phased)
1. Scaffold `benchmarks/` crate with `sd-bench` CLI; define result schemas.
2. Add minimal core instrumentation (per-phase timers/counters) behind a feature flag `bench_mode`.
3. Implement `mkdata` generator with YAML recipes; produce multi-Location directory trees.
4. Implement `run indexing-…` scenarios for local storage; emit NDJSON/JSON.
5. Add `report` to render markdown summaries and CSV.
6. Extend to search and DB ingest benchmarks.
7. Add remote/provider scenarios (MinIO, containers for FTP/SFTP/WebDAV); optional GDrive.
8. Add weekly scheduled runner and doc publishing.
Deliverables per milestone include: code, example recipes, baseline results, and an updated `docs/benchmarks.md`.
---
### 13) Open Questions
- Exact instrumentation points in current indexing phases (`src/operations/indexing/phases/…`): finalize names and ownership.
- How we want to toggle DB persistence and PRAGMAs for “discovery-only” comparative runs.
- Which media fixtures to include by default (balance between realism and runtime).
- Do we want a small “golden” dataset versioned in the repo purely for CI sanity checks?
---
### 14) What we need from you (Test Locations)
If you can create and maintain recipe YAMLs for canonical datasets (NVMe-small, NVMe-mixed, SSD-mixed, HDD-large, NAS-1G, NAS-10G, S3-metadata-only, etc.), well wire the generator to build them locally into `benchdata/…` and optionally mirror to remote targets. Include:
- Desired total file counts and size distributions
- Directory depth/fanout
- Media ratios and which types to generate
- Duplicate ratios
- Any special path patterns you want (e.g., deep nested trees, many small dirs)
This design supports evolving datasets without checking in large files and lets us replicate results across machines.

124
docs/core/design/CLOSURE_TABLE_INDEXING_PROPOSAL.md
View File

@@ -1,124 +0,0 @@
'''# Closure Table Indexing Proposal for Spacedrive
## Executive Summary
This document proposes a shift from a materialized path-based indexing system to a hybrid model incorporating a **Closure Table**. This change will dramatically improve hierarchical query performance, address critical scaling bottlenecks, and enhance data integrity, particularly for move operations. The core of this proposal is to supplement the existing `entries` table with an `entry_closure` table and a `parent_id` field, enabling highly efficient and scalable filesystem indexing.
## 1. Current Implementation Analysis
### Materialized Path Approach
Spacedrive currently uses a materialized path approach where:
- Each entry stores its `relative_path` (e.g., "Documents/Projects").
- Full paths are reconstructed by combining `location_path + relative_path + name`.
- There are no explicit, indexed parent-child relationships in the database.
### Performance Bottlenecks
This design leads to significant performance issues that will not scale:
1. **String-based path matching** for finding children/descendants (`LIKE 'path/%'`). These queries are un-indexable and require full table scans.
2. **Sequential directory aggregation** from leaves to root, which is slow and complex.
3. **Inefficient ancestor queries** (e.g., for breadcrumbs), requiring multiple queries and string parsing in the application layer.
## 2. The Closure Table Solution
### Concept
A closure table stores all ancestor-descendant relationships explicitly, turning slow string operations into highly efficient integer-based joins.
### Proposed Schema Changes
**1. Add `parent_id` to `entries` table:**
This provides a direct, indexed link to a parent, simplifying relationship lookups during indexing.
```sql
ALTER TABLE entries ADD COLUMN parent_id INTEGER REFERENCES entries(id) ON DELETE SET NULL;
```
**2. Create `entry_closure` table:**
```sql
CREATE TABLE entry_closure (
ancestor_id INTEGER NOT NULL,
descendant_id INTEGER NOT NULL,
depth INTEGER NOT NULL,
PRIMARY KEY (ancestor_id, descendant_id),
FOREIGN KEY (ancestor_id) REFERENCES entries(id) ON DELETE CASCADE,
FOREIGN KEY (descendant_id) REFERENCES entries(id) ON DELETE CASCADE
);
CREATE INDEX idx_closure_descendant ON entry_closure(descendant_id);
CREATE INDEX idx_closure_ancestor_depth ON entry_closure(ancestor_id, depth);
```
*Note: `ON DELETE CASCADE` is crucial. When an entry is deleted, all its relationships in the closure table are automatically and efficiently removed by the database.*
## 3. Critical Requirement: Inode-Based Change Detection
A core prerequisite for the closure table's integrity is the indexer's ability to reliably distinguish between a file **move** and a **delete/add** operation, especially when Spacedrive is catching up on offline changes.
**The Problem:** Without proper move detection, moving a directory containing 10,000 files would be misinterpreted as 10,000 deletions and 10,000 creations, leading to a catastrophic and incorrect rebuild of the closure table.
**The Solution:** The indexing process **must** be inode-aware.
1. **Initial Scan:** Before scanning the filesystem, the indexer must load all existing entries for the target location into two in-memory maps:
* `path_map: HashMap<PathBuf, Entry>`
* `inode_map: HashMap<u64, Entry>`
2. **Reconciliation:** When the indexer encounters a file on disk:
* If the file's path is not in `path_map`, it then looks up the file's **inode** in `inode_map`.
* If the inode is found, the indexer has detected a **move**. It must trigger a specific `EntryMoved` event/update.
* If neither the path nor the inode is found, it is a genuinely new file.
This is the only way to guarantee the integrity of the hierarchy and prevent data corruption in the closure table.
## 4. Implementation Strategy
### Hybrid Approach
We will keep the current materialized path system for display purposes and backwards compatibility but add the closure table as the primary mechanism for all hierarchical operations.
### Implementation Plan
1. **Schema Migration:**
* Create a new database migration file.
* Add the `parent_id` column to the `entries` table.
* Create the `entry_closure` table and its indexes as defined above.
2. **Update Indexing Logic:**
* Modify the `EntryProcessor::create_entry` function to accept a `parent_id`.
* When a new entry is inserted, within the same database transaction:
1. Insert the entry and get its new `id`.
2. Insert the self-referential row into `entry_closure`: `(ancestor_id: id, descendant_id: id, depth: 0)`.
3. If `parent_id` exists, execute the following query to copy the parent's ancestor relationships:
```sql
INSERT INTO entry_closure (ancestor_id, descendant_id, depth)
SELECT p.ancestor_id, ? as descendant_id, p.depth + 1
FROM entry_closure p
WHERE p.descendant_id = ? -- parent_id
```
3. **Refactor Core Operations:**
''' * **Move Operation:** This is the most complex part. When an `EntryMoved` event is handled, the entire operation **must be wrapped in a single database transaction** to ensure atomicity and prevent data corruption.
1. **Disconnect Subtree:** Delete all hierarchical relationships for the moved node and its descendants, *except* for their own internal relationships.'''
```sql
DELETE FROM entry_closure
WHERE descendant_id IN (SELECT descendant_id FROM entry_closure WHERE ancestor_id = ?1) -- All descendants of the moved node
AND ancestor_id NOT IN (SELECT descendant_id FROM entry_closure WHERE ancestor_id = ?1); -- All ancestors of the moved node itself
```
2. **Update `parent_id`:** Set the `parent_id` of the moved entry to its new parent.
3. **Reconnect Subtree:** Connect the moved subtree to its new parent.
```sql
INSERT INTO entry_closure (ancestor_id, descendant_id, depth)
SELECT p.ancestor_id, c.descendant_id, p.depth + c.depth + 1
FROM entry_closure p, entry_closure c
WHERE p.descendant_id = ?1 -- new_parent_id
AND c.ancestor_id = ?2; -- moved_entry_id
```
* **Delete Operation:** With `ON DELETE CASCADE` defined on the foreign keys, the database will handle this automatically. When an entry is deleted, all rows in `entry_closure` where it is an `ancestor_id` or `descendant_id` will be removed.
4. **Refactor Hierarchical Queries:**
* Gradually replace all `LIKE` queries for path matching with efficient `JOIN`s on the `entry_closure` table.
* **Get Children:** `... WHERE c.ancestor_id = ? AND c.depth = 1`
* **Get Descendants:** `... WHERE c.ancestor_id = ? AND c.depth > 0`
* **Get Ancestors:** `... WHERE c.descendant_id = ? ORDER BY c.depth DESC`
## 5. Conclusion
While this is a significant architectural change, it is essential for the long-term performance and scalability of Spacedrive. The current string-based path matching is a critical bottleneck that this proposal directly and correctly addresses using established database patterns. The hybrid approach and phased rollout plan provide a safe and manageable path to implementation.
'''

283
docs/core/design/CROSS_DEVICE_FILE_TRANSFER_IMPLEMENTATION.md
View File

@@ -1,283 +0,0 @@
# Cross-Device File Transfer Implementation
## Overview
Spacedrive now supports real-time file transfer between paired devices over the network. This document describes the implementation of the cross-device file transfer system that enables users to seamlessly copy files between their own devices.
## Architecture
### High-Level Flow
1. **Device Pairing**: Devices establish trust through the pairing protocol
2. **File Sharing Request**: User initiates file transfer via the FileSharing API
3. **Job Creation**: FileCopyJob is created and submitted to the job system
4. **Network Transfer**: Files are chunked, checksummed, and transmitted over libp2p
5. **Reassembly**: Receiving device writes chunks to disk and verifies integrity
### Key Components
```
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ FileSharing │────│ FileCopyJob │────│ NetworkCore │
│ API │ │ │ │ │
└─────────────────┘ └──────────────────┘ └─────────────────┘
│ │
▼ ▼
┌──────────────────┐ ┌─────────────────┐
│ Job System │ │FileTransferProto│
│ │ │ Handler │
└──────────────────┘ └─────────────────┘
```
## Implementation Details
### 1. FileSharing API (`src/infrastructure/api/file_sharing.rs`)
High-level interface for cross-device operations:
```rust
impl Core {
pub async fn share_with_device(
&self,
paths: Vec<PathBuf>,
target_device: Uuid,
destination: Option<PathBuf>,
) -> Result<Vec<TransferId>, String>
}
```
**Features:**
- Automatic protocol selection (trusted vs ephemeral)
- Batch file operations
- Progress tracking integration
- Error handling and recovery
### 2. FileCopyJob (`src/operations/file_ops/copy_job.rs`)
Core file transfer logic with network transmission:
```rust
impl FileCopyJob {
async fn transfer_file_to_device(&self, source: &SdPath, ctx: &JobContext) -> Result<u64, String>
async fn stream_file_data(&self, file_path: &Path, transfer_id: Uuid, ...) -> Result<(), String>
}
```
**Key Features:**
- Real network transmission using `NetworkingCore::send_message()`
- 64KB chunk streaming with Blake3 checksums
- Progress tracking and cancellation support
- Automatic retry and error recovery
### 3. FileTransferProtocolHandler (`src/infrastructure/networking/protocols/file_transfer.rs`)
Network protocol implementation:
```rust
pub struct FileTransferProtocolHandler {
sessions: Arc<RwLock<HashMap<Uuid, TransferSession>>>,
config: FileTransferConfig,
}
```
**Message Types:**
- `TransferRequest`: Initiate file transfer
- `FileChunk`: File data with checksum
- `ChunkAck`: Acknowledge received chunk
- `TransferComplete`: Final checksum verification
- `TransferError`: Error handling
**Capabilities:**
- Chunk-based file streaming
- Integrity verification with Blake3
- Session management and state tracking
- Automatic file reassembly on receiver
### 4. Network Integration
Built on top of the existing networking stack:
- **libp2p**: Peer-to-peer networking foundation
- **Request-Response**: Message exchange protocol
- **Device Registry**: Trusted device management
- **Session Keys**: Encrypted communication
## Message Flow
### Transfer Initiation
```mermaid
sequenceDiagram
participant Alice
participant Network
participant Bob
Alice->>Alice: Calculate file checksum
Alice->>Network: TransferRequest{id, metadata, chunks}
Network->>Bob: Route message
Bob->>Bob: Create transfer session
Bob->>Network: TransferResponse{accepted: true}
Network->>Alice: Confirm acceptance
```
### File Streaming
```mermaid
sequenceDiagram
participant Alice
participant Network
participant Bob
loop For each 64KB chunk
Alice->>Alice: Read chunk + calculate checksum
Alice->>Network: FileChunk{index, data, checksum}
Network->>Bob: Route chunk
Bob->>Bob: Verify checksum + write to disk
Bob->>Network: ChunkAck{index, next_expected}
Network->>Alice: Confirm receipt
end
Alice->>Network: TransferComplete{final_checksum}
Network->>Bob: Transfer completion
Bob->>Bob: Verify final file integrity
```
## Configuration
### File Transfer Settings
```rust
pub struct FileTransferConfig {
pub chunk_size: u32, // Default: 64KB
pub verify_checksums: bool, // Default: true
pub retry_failed_chunks: bool, // Default: true
pub max_concurrent_transfers: usize, // Default: 5
}
```
### Security Features
- **Trusted Device Model**: Only paired devices can transfer files
- **End-to-End Checksums**: Blake3 verification for data integrity
- **Session Keys**: Encrypted communication channels
- **Automatic Cleanup**: Old transfer sessions are garbage collected
## Usage Examples
### Basic File Transfer
```rust
// Initialize Core with networking
let mut core = Core::new_with_config(data_dir).await?;
core.init_networking("device-password").await?;
// Transfer files to paired device
let transfer_ids = core.share_with_device(
vec![PathBuf::from("/path/to/file.txt")],
target_device_id,
Some(PathBuf::from("/destination/folder")),
).await?;
// Monitor progress
for transfer_id in transfer_ids {
let status = core.get_transfer_status(&transfer_id).await?;
println!("Transfer state: {:?}", status.state);
}
```
### Advanced Configuration
```rust
// Custom transfer configuration
let config = FileTransferConfig {
chunk_size: 128 * 1024, // 128KB chunks
verify_checksums: true,
retry_failed_chunks: true,
max_concurrent_transfers: 10,
};
// Apply configuration to protocol handler
let handler = FileTransferProtocolHandler::new(config);
```
## Testing
### Integration Tests
- **`test_file_transfer_networking_integration`**: Basic protocol functionality
- **`test_file_transfer_workflow`**: End-to-end workflow validation
- **`test_core_pairing_subprocess`**: Ensures pairing compatibility
### Test Coverage
- File chunking and reassembly
- Checksum verification
- Network message routing
- Progress tracking
- Error handling
- Session management
## Performance Characteristics
### Throughput
- **Chunk Size**: 64KB optimized for network efficiency
- **Concurrent Transfers**: Up to 5 simultaneous file transfers
- **Checksumming**: Blake3 provides fast cryptographic verification
### Memory Usage
- **Streaming Design**: Constant memory usage regardless of file size
- **Chunk Buffering**: Only 64KB held in memory per transfer
- **Session Cleanup**: Automatic garbage collection of completed transfers
### Network Efficiency
- **libp2p Transport**: Efficient peer-to-peer networking
- **Message Batching**: Chunks are transmitted independently
- **Progress Tracking**: Real-time transfer progress updates
## Future Enhancements
### Planned Features
- **Resume Capabilities**: Partial transfer recovery after interruption
- **Bandwidth Throttling**: User-configurable transfer rate limiting
- **Compression**: Optional file compression for faster transfers
- **Multi-Device Sync**: Synchronize files across multiple devices
### Protocol Extensions
- **Delta Sync**: Transfer only changed file portions
- **Conflict Resolution**: Handle simultaneous file modifications
- **Metadata Preservation**: Transfer file attributes and permissions
- **Encryption**: Additional encryption layer for sensitive files
## Troubleshooting
### Common Issues
1. **Transfer Stuck in Pending**
- Verify devices are paired and connected
- Check network connectivity between devices
- Ensure firewall allows libp2p traffic
2. **Checksum Verification Failures**
- Usually indicates network corruption
- Automatic retry should resolve most cases
- Check for unstable network conditions
3. **File Not Found at Destination**
- Verify destination path permissions
- Check available disk space
- Review transfer logs for error details
### Debug Information
Enable detailed logging:
```rust
// In development, transfers log detailed progress
// Production logs can be configured via environment variables
RUST_LOG=sd_core::operations::file_ops=debug
```
## Conclusion
The cross-device file transfer system provides a robust, secure, and efficient way to move files between paired Spacedrive devices. Built on proven networking technologies and designed for reliability, it enables seamless file sharing within a user's personal device ecosystem.
The implementation leverages Spacedrive's existing infrastructure while adding real network transmission capabilities, ensuring both performance and maintainability for future enhancements.

606
docs/core/design/CROSS_PLATFORM_COPY_AND_VOLUME_AWARENESS.md
View File

@@ -1,606 +0,0 @@
# Cross-Platform Copy Operations & Volume Awareness
## Overview
This design document addresses two critical optimizations for Core v2:
1. **Hot-swappable copy methods** - Different copy strategies based on source/destination context
2. **Volume awareness** - Integration of volume detection and management for optimal file operations
## Problem Statement
### Current Copy Implementation Issues
The current `FileCopyJob` uses basic `fs::copy()` for all operations, which:
- **Cannot leverage OS-level optimizations** (reflinks, copy-on-write)
- **Treats all copies the same** regardless of volume context
- **No progress tracking** for byte-level operations
- **Poor performance** for cross-volume operations
### Missing Volume Context
SdPath currently stores `device_id` but lacks:
- **Volume information** for efficient routing
- **Performance characteristics** for copy strategy selection
- **Volume boundaries** for optimization decisions
- **Cross-platform volume detection**
## Research: Cross-Platform Copy Strategies
### 1. OS Reference Copies (Instant)
**Linux - `copy_file_range()` and reflinks:**
```rust
// Modern Linux kernel syscall for efficient copying
use libc::{copy_file_range, COPY_FILE_RANGE_COPY_REFLINK};
async fn copy_with_reflink(src: &Path, dst: &Path) -> Result<CopyResult, io::Error> {
// Try reflink first (CoW filesystems like Btrfs, XFS, APFS via FUSE)
match copy_file_range_reflink(src, dst) {
Ok(()) => Ok(CopyResult::Reflink),
Err(_) => {
// Fall back to regular copy_file_range for same-filesystem
copy_file_range_regular(src, dst).await
}
}
}
```
**macOS - `clonefile()` and `copyfile()`:**
```rust
use libc::{clonefile, copyfile, CLONE_NOOWNERCOPY};
async fn copy_with_clone(src: &Path, dst: &Path) -> Result<CopyResult, io::Error> {
// APFS clone files (instant, CoW)
if unsafe { clonefile(src_cstr, dst_cstr, CLONE_NOOWNERCOPY) } == 0 {
Ok(CopyResult::Clone)
} else {
// Fall back to copyfile for optimized copying
copy_with_copyfile(src, dst).await
}
}
```
**Windows - `CopyFileEx()` with progress:**
```rust
use winapi::um::winbase::{CopyFileExW, COPY_FILE_NO_BUFFERING};
async fn copy_with_progress(
src: &Path,
dst: &Path,
progress_callback: impl Fn(u64, u64)
) -> Result<CopyResult, io::Error> {
// Native Windows copy with progress callbacks
CopyFileExW(src, dst, Some(progress_routine), context, false, flags)
}
```
### 2. Byte Stream Copies (Progress Tracking)
For cross-volume, network, or when fine-grained progress is needed:
```rust
async fn copy_with_progress_stream(
src: &Path,
dst: &Path,
progress_callback: impl Fn(u64, u64),
) -> Result<CopyResult, io::Error> {
let mut src_file = File::open(src).await?;
let mut dst_file = File::create(dst).await?;
let total_size = src_file.metadata().await?.len();
let mut copied = 0u64;
let mut buffer = vec![0u8; 64 * 1024]; // 64KB chunks
while copied < total_size {
let n = src_file.read(&mut buffer).await?;
if n == 0 { break; }
dst_file.write_all(&buffer[..n]).await?;
copied += n as u64;
progress_callback(copied, total_size);
}
Ok(CopyResult::Stream { bytes_copied: copied })
}
```
## Volume System Integration
### Volume Manager Architecture
```rust
pub struct VolumeManager {
volumes: Arc<RwLock<HashMap<VolumeFingerprint, Volume>>>,
volume_cache: Arc<RwLock<HashMap<PathBuf, VolumeFingerprint>>>,
event_tx: broadcast::Sender<VolumeEvent>,
}
impl VolumeManager {
/// Get volume for a given path
pub async fn volume_for_path(&self, path: &Path) -> Option<Volume> {
// Check cache first
if let Some(fingerprint) = self.volume_cache.read().await.get(path) {
return self.volumes.read().await.get(fingerprint).cloned();
}
// Find containing volume
let volumes = self.volumes.read().await;
for volume in volumes.values() {
if volume.contains_path(path) {
// Cache the result
self.volume_cache.write().await.insert(path.to_path_buf(), volume.fingerprint.clone().unwrap());
return Some(volume.clone());
}
}
None
}
/// Determine optimal copy strategy
pub async fn optimal_copy_strategy(
&self,
src_path: &Path,
dst_path: &Path,
) -> CopyStrategy {
let src_volume = self.volume_for_path(src_path).await;
let dst_volume = self.volume_for_path(dst_path).await;
match (src_volume, dst_volume) {
(Some(src), Some(dst)) if src.fingerprint == dst.fingerprint => {
// Same volume - use OS optimizations
self.select_same_volume_strategy(&src).await
}
(Some(src), Some(dst)) if self.are_volumes_equivalent(&src, &dst) => {
// Different volumes, same device - use efficient cross-volume
CopyStrategy::CrossVolume {
use_sendfile: src.file_system.supports_sendfile(),
chunk_size: self.optimal_chunk_size(&src, &dst),
}
}
_ => {
// Cross-device or unknown - use safe byte stream
CopyStrategy::ByteStream {
chunk_size: 64 * 1024,
verify_checksum: true,
}
}
}
}
async fn select_same_volume_strategy(&self, volume: &Volume) -> CopyStrategy {
match volume.file_system {
FileSystem::APFS => CopyStrategy::ApfsClone,
FileSystem::EXT4 | FileSystem::Btrfs => CopyStrategy::RefLink,
FileSystem::NTFS => CopyStrategy::NtfsClone,
_ => CopyStrategy::SameVolumeOptimized,
}
}
}
```
### Volume-Aware Copy Strategies
```rust
#[derive(Debug, Clone)]
pub enum CopyStrategy {
/// APFS clone file (instant, CoW)
ApfsClone,
/// Linux reflink (instant, CoW)
RefLink,
/// NTFS clone (Windows, near-instant)
NtfsClone,
/// Same volume, optimized syscalls
SameVolumeOptimized,
/// Cross-volume on same device
CrossVolume {
use_sendfile: bool,
chunk_size: usize
},
/// Full byte stream copy with progress
ByteStream {
chunk_size: usize,
verify_checksum: bool
},
/// Network/cloud copy
Network {
protocol: NetworkProtocol,
compression: bool,
},
}
#[derive(Debug, Clone)]
pub enum CopyResult {
/// Instant clone/reflink operation
Instant { method: String },
/// Streamed copy with bytes transferred
Stream { bytes_copied: u64, duration: Duration },
/// Network transfer result
Network { bytes_transferred: u64, speed_mbps: f64 },
}
```
## Optimized SdPath Design
### Current Issues with SdPath
```rust
// Current implementation stores device_id
#[derive(Serialize, Deserialize)]
pub struct SdPath {
pub device_id: Uuid, // Stored - should be computed
pub path: PathBuf,
}
```
### Proposed Optimized SdPath
```rust
/// Core path representation - only stores essential data
#[derive(Debug, Clone, PartialEq, Eq, Hash)]
pub struct SdPath {
/// The local path - this is the only stored data
pub path: PathBuf,
}
/// Extended path information - computed at runtime
#[derive(Debug, Clone)]
pub struct SdPathInfo {
pub path: SdPath,
pub device_id: Uuid, // Computed from current device
pub volume: Option<Volume>, // Computed from VolumeManager
pub volume_fingerprint: Option<VolumeFingerprint>,
pub is_local: bool, // Computed
pub exists: bool, // Computed (cached)
}
/// Serializable version for API/storage
#[derive(Serialize, Deserialize)]
pub struct SdPathSerialized {
pub path: PathBuf,
// Note: device_id and volume info NOT serialized
}
impl SdPath {
/// Create a new SdPath with just the path
pub fn new(path: impl Into<PathBuf>) -> Self {
Self {
path: path.into(),
library_id: None,
}
}
/// Get rich information about this path
pub async fn info(&self, volume_manager: &VolumeManager) -> SdPathInfo {
let device_id = get_current_device_id();
let volume = volume_manager.volume_for_path(&self.path).await;
let volume_fingerprint = volume.as_ref()
.and_then(|v| v.fingerprint.clone());
SdPathInfo {
path: self.clone(),
device_id,
volume,
volume_fingerprint,
is_local: true, // Always true in this context
exists: tokio::fs::metadata(&self.path).await.is_ok(),
}
}
/// Check if this path is on the same volume as another
pub async fn same_volume_as(
&self,
other: &SdPath,
volume_manager: &VolumeManager
) -> bool {
let self_vol = volume_manager.volume_for_path(&self.path).await;
let other_vol = volume_manager.volume_for_path(&other.path).await;
match (self_vol, other_vol) {
(Some(a), Some(b)) => a.fingerprint == b.fingerprint,
_ => false,
}
}
}
/// For cross-device operations (future)
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SdPathRemote {
pub device_id: Uuid, // Required for remote paths
pub path: PathBuf,
pub last_known_volume: Option<VolumeFingerprint>,
}
```
### Database Integration
Store volume information in Entry/Location rather than SdPath:
```sql
-- Entries table gets volume context
ALTER TABLE entries ADD COLUMN volume_fingerprint TEXT;
ALTER TABLE entries ADD COLUMN volume_relative_path TEXT; -- Path relative to volume mount
-- Locations inherently have volume context
ALTER TABLE locations ADD COLUMN volume_fingerprint TEXT;
ALTER TABLE locations ADD COLUMN expected_volume_name TEXT;
```
## Enhanced Copy Job Implementation
### Volume-Aware Copy Job
```rust
#[derive(Debug, Serialize, Deserialize)]
pub struct FileCopyJob {
pub sources: Vec<SdPath>, // Now just paths
pub destination: SdPath,
pub options: CopyOptions,
// Runtime state (not serialized)
#[serde(skip)]
strategy_cache: HashMap<(PathBuf, PathBuf), CopyStrategy>,
#[serde(skip)]
volume_manager: Option<Arc<VolumeManager>>,
}
impl FileCopyJob {
/// Initialize with volume manager for strategy optimization
pub fn with_volume_manager(mut self, vm: Arc<VolumeManager>) -> Self {
self.volume_manager = Some(vm);
self
}
async fn execute_copy(
&mut self,
src: &SdPath,
dst: &SdPath,
ctx: &JobContext<'_>,
) -> JobResult<CopyResult> {
let strategy = self.get_copy_strategy(src, dst).await?;
match strategy {
CopyStrategy::ApfsClone => {
ctx.log("Using APFS clone (instant)".to_string());
self.execute_apfs_clone(src, dst).await
}
CopyStrategy::RefLink => {
ctx.log("Using reflink (instant)".to_string());
self.execute_reflink(src, dst).await
}
CopyStrategy::ByteStream { chunk_size, verify_checksum } => {
ctx.log(format!("Using byte stream copy ({}KB chunks)", chunk_size / 1024));
self.execute_stream_copy(src, dst, chunk_size, verify_checksum, ctx).await
}
_ => {
// Other strategies...
self.execute_optimized_copy(src, dst, strategy, ctx).await
}
}
}
async fn get_copy_strategy(&mut self, src: &SdPath, dst: &SdPath) -> JobResult<CopyStrategy> {
// Check cache first
let cache_key = (src.path.clone(), dst.path.clone());
if let Some(strategy) = self.strategy_cache.get(&cache_key) {
return Ok(strategy.clone());
}
// Compute strategy
let strategy = if let Some(vm) = &self.volume_manager {
vm.optimal_copy_strategy(&src.path, &dst.path).await
} else {
// Fallback to basic strategy
CopyStrategy::ByteStream {
chunk_size: 64 * 1024,
verify_checksum: false
}
};
// Cache the result
self.strategy_cache.insert(cache_key, strategy.clone());
Ok(strategy)
}
async fn execute_stream_copy(
&self,
src: &SdPath,
dst: &SdPath,
chunk_size: usize,
verify_checksum: bool,
ctx: &JobContext<'_>,
) -> JobResult<CopyResult> {
let mut src_file = File::open(&src.path).await?;
let mut dst_file = File::create(&dst.path).await?;
let total_size = src_file.metadata().await?.len();
let mut copied = 0u64;
let mut buffer = vec![0u8; chunk_size];
let start_time = Instant::now();
// Optional checksum verification
let mut hasher = if verify_checksum {
Some(blake3::Hasher::new())
} else {
None
};
while copied < total_size {
ctx.check_interrupt().await?;
let n = src_file.read(&mut buffer).await?;
if n == 0 { break; }
dst_file.write_all(&buffer[..n]).await?;
if let Some(ref mut hasher) = hasher {
hasher.update(&buffer[..n]);
}
copied += n as u64;
// Report progress every 1MB
if copied % (1024 * 1024) == 0 {
ctx.progress(Progress::structured(CopyProgress {
current_file: src.path.display().to_string(),
bytes_copied: copied,
total_bytes: total_size,
speed_mbps: (copied as f64 / 1024.0 / 1024.0) / start_time.elapsed().as_secs_f64(),
current_operation: "Streaming copy".to_string(),
estimated_remaining: Some(estimate_remaining_time(copied, total_size, start_time.elapsed())),
}));
}
}
// Verify checksum if enabled
if let Some(hasher) = hasher {
let src_hash = hasher.finalize();
let dst_hash = blake3::hash(&tokio::fs::read(&dst.path).await?);
if src_hash != dst_hash {
return Err(JobError::ExecutionFailed("Checksum verification failed".to_string()));
}
}
Ok(CopyResult::Stream {
bytes_copied: copied,
duration: start_time.elapsed()
})
}
}
```
### Platform-Specific Implementations
```rust
// Platform-specific optimized copy implementations
#[cfg(target_os = "macos")]
mod macos_copy {
use std::ffi::CString;
use libc::{clonefile, CLONE_NOOWNERCOPY};
pub async fn apfs_clone(src: &Path, dst: &Path) -> Result<CopyResult, io::Error> {
let src_cstr = CString::new(src.to_str().unwrap())?;
let dst_cstr = CString::new(dst.to_str().unwrap())?;
let result = unsafe {
clonefile(src_cstr.as_ptr(), dst_cstr.as_ptr(), CLONE_NOOWNERCOPY)
};
if result == 0 {
Ok(CopyResult::Instant { method: "APFS clone".to_string() })
} else {
Err(io::Error::last_os_error())
}
}
}
#[cfg(target_os = "linux")]
mod linux_copy {
use libc::{copy_file_range, COPY_FILE_RANGE_COPY_REFLINK};
pub async fn reflink_copy(src: &Path, dst: &Path) -> Result<CopyResult, io::Error> {
// Try reflink first
let src_fd = std::fs::File::open(src)?;
let dst_fd = std::fs::File::create(dst)?;
let result = unsafe {
copy_file_range(
src_fd.as_raw_fd(),
std::ptr::null_mut(),
dst_fd.as_raw_fd(),
std::ptr::null_mut(),
usize::MAX,
COPY_FILE_RANGE_COPY_REFLINK
)
};
if result >= 0 {
Ok(CopyResult::Instant { method: "reflink".to_string() })
} else {
Err(io::Error::last_os_error())
}
}
}
```
## Volume Performance Integration
### Copy Strategy Selection
```rust
impl VolumeManager {
fn optimal_chunk_size(&self, src_volume: &Volume, dst_volume: &Volume) -> usize {
let src_speed = src_volume.read_speed_mbps.unwrap_or(100);
let dst_speed = dst_volume.write_speed_mbps.unwrap_or(100);
// Adjust chunk size based on volume performance
match (src_volume.disk_type, dst_volume.disk_type) {
(DiskType::SSD, DiskType::SSD) => 1024 * 1024, // 1MB for SSD-to-SSD
(DiskType::HDD, DiskType::HDD) => 256 * 1024, // 256KB for HDD-to-HDD
(DiskType::SSD, DiskType::HDD) => 512 * 1024, // 512KB for mixed
_ => 64 * 1024, // 64KB default
}
}
fn supports_reflink(&self, src_vol: &Volume, dst_vol: &Volume) -> bool {
// Same volume with CoW filesystem
src_vol.fingerprint == dst_vol.fingerprint &&
matches!(src_vol.file_system,
FileSystem::APFS |
FileSystem::Btrfs |
FileSystem::ZFS |
FileSystem::ReFS
)
}
}
```
## Implementation Plan
### Phase 1: Volume Manager Integration
1. **Port volume detection** from original core
2. **Add VolumeManager** to Core initialization
3. **Create volume fingerprinting** system
4. **Add volume caching** for path lookups
### Phase 2: SdPath Optimization
1. **Remove device_id** from SdPath struct
2. **Add computed SdPathInfo** system
3. **Update serialization** to exclude computed fields
4. **Add volume awareness** to path operations
### Phase 3: Enhanced Copy Strategies
1. **Implement platform-specific** copy optimizations
2. **Add strategy selection** based on volume context
3. **Create progress tracking** for byte stream copies
4. **Add checksum verification** options
### Phase 4: Performance Testing
1. **Benchmark copy strategies** across different scenarios
2. **Measure volume detection** overhead
3. **Optimize chunk sizes** based on real-world performance
4. **Add performance regression** tests
## Benefits
### Performance Improvements
- **Instant copies** for same-volume operations on CoW filesystems
- **Optimized chunk sizes** based on volume performance characteristics
- **Reduced serialization** overhead with computed fields
- **Better progress tracking** for long-running operations
### Architecture Benefits
- **Cleaner SdPath** design with separation of concerns
- **Volume-aware operations** enable smarter routing
- **Platform-specific optimizations** where available
- **Future-ready** for network and cloud operations
### User Experience
- **Faster file operations** with appropriate copy methods
- **Better progress feedback** during transfers
- **Reliable checksum verification** for important files
- **Consistent behavior** across platforms
This design provides a solid foundation for high-performance, volume-aware file operations while maintaining the clean architecture principles of Core v2.

297
docs/core/design/DAEMON_REFACTOR.md
View File

@@ -1,297 +0,0 @@
# Daemon Refactoring Design Document
## Overview
The current `daemon.rs` file has grown to over 1,500 lines and handles all command processing in a single monolithic `handle_command` function. This document outlines a plan to refactor the daemon into a modular architecture that improves maintainability, testability, and extensibility.
## Current Problems
1. **Monolithic Structure**: All command handling logic is in one massive switch statement
2. **Mixed Concerns**: Business logic, presentation formatting, and transport concerns are intermingled
3. **Poor Testability**: Difficult to unit test individual command handlers
4. **Code Duplication**: Common patterns (like "get current library") are repeated throughout
5. **Hard to Navigate**: Finding specific command logic requires scrolling through 1,500+ lines
## Proposed Architecture
### Directory Structure
```
src/infrastructure/cli/daemon/
├── mod.rs # Core daemon server (socket handling, lifecycle)
├── client.rs # DaemonClient implementation
├── config.rs # DaemonConfig and instance management
├── types/
│ ├── mod.rs # Re-exports all types
│ ├── commands.rs # DaemonCommand enum and sub-commands
│ ├── responses.rs # DaemonResponse enum and response types
│ └── common.rs # Shared types (JobInfo, LibraryInfo, etc.)
├── handlers/
│ ├── mod.rs # Handler trait and registry
│ ├── core.rs # Core commands (ping, shutdown, status)
│ ├── library.rs # Library command handling
│ ├── location.rs # Location command handling
│ ├── job.rs # Job command handling
│ ├── network.rs # Network command handling
│ ├── file.rs # File command handling
│ └── system.rs # System command handling
└── services/
├── mod.rs # Service traits
├── state.rs # CLI state management service
└── helpers.rs # Common helpers (get_current_library, etc.)
```
### Core Components
#### 1. Command Handler Trait
```rust
// daemon/handlers/mod.rs
#[async_trait]
pub trait CommandHandler: Send + Sync {
async fn handle(&self, cmd: DaemonCommand) -> DaemonResponse;
}
pub struct HandlerRegistry {
handlers: HashMap<String, Box<dyn CommandHandler>>,
}
```
#### 2. Individual Handlers
Each handler focuses on a specific domain:
```rust
// daemon/handlers/library.rs
pub struct LibraryHandler {
core: Arc<Core>,
state_service: Arc<StateService>,
}
#[async_trait]
impl CommandHandler for LibraryHandler {
async fn handle(&self, cmd: DaemonCommand) -> DaemonResponse {
match cmd {
DaemonCommand::CreateLibrary { name, path } => {
self.create_library(name, path).await
}
DaemonCommand::ListLibraries => {
self.list_libraries().await
}
// ... other library commands
_ => DaemonResponse::Error("Invalid command for library handler".into())
}
}
}
```
#### 3. Services Layer
Common functionality extracted into reusable services:
```rust
// daemon/services/state.rs
pub struct StateService {
cli_state: Arc<RwLock<CliState>>,
data_dir: PathBuf,
}
impl StateService {
pub async fn get_current_library(&self, core: &Core) -> Option<Arc<Library>> {
// Common logic for getting current library
}
pub async fn switch_library(&self, library_id: Uuid) -> Result<(), Error> {
// Common logic for switching libraries
}
}
```
#### 4. Simplified Daemon Core
The main daemon becomes a thin routing layer:
```rust
// daemon/mod.rs
pub struct Daemon {
core: Arc<Core>,
config: DaemonConfig,
handlers: HandlerRegistry,
services: Arc<Services>,
}
async fn handle_client(/* ... */) -> Result<(), Box<dyn Error>> {
// ... read command ...
let response = match cmd {
DaemonCommand::Ping => self.handlers.core.handle(cmd).await,
DaemonCommand::CreateLibrary { .. } |
DaemonCommand::ListLibraries |
DaemonCommand::SwitchLibrary { .. } => {
self.handlers.library.handle(cmd).await
}
DaemonCommand::AddLocation { .. } |
DaemonCommand::ListLocations |
DaemonCommand::RemoveLocation { .. } => {
self.handlers.location.handle(cmd).await
}
// ... etc
};
// ... send response ...
}
```
## Migration Plan
### Phase 1: Extract Types (Low Risk)
1. Create `types/` directory
2. Move all type definitions (commands, responses, common types)
3. Update imports throughout the codebase
### Phase 2: Extract Services (Medium Risk)
1. Create `services/` directory
2. Extract common patterns into services:
- State management
- Current library logic
- Device registration
- Error handling patterns
### Phase 3: Create Handlers (Medium Risk)
1. Create `handlers/` directory
2. Implement handler trait
3. Create individual handlers, starting with:
- Core handler (ping, shutdown, status)
- Library handler
- One handler at a time for remaining domains
### Phase 4: Refactor Daemon Core (High Risk)
1. Update daemon to use handler registry
2. Replace monolithic switch with handler dispatch
3. Clean up remaining code
### Phase 5: Cleanup and Testing
1. Add unit tests for each handler
2. Add integration tests for daemon
3. Remove any dead code
4. Update documentation
## Benefits
1. **Modularity**: Each domain's logic is isolated in its own handler
2. **Testability**: Handlers can be unit tested without starting a daemon
3. **Maintainability**: Easy to find and modify specific functionality
4. **Extensibility**: Adding new commands only requires adding a handler
5. **Code Reuse**: Common patterns are extracted into services
6. **Type Safety**: Better type organization prevents errors
## Alternative Approaches Considered
### 1. Message Bus Pattern
- **Pros**: Fully decoupled, async message passing
- **Cons**: More complex, harder to debug, overkill for this use case
### 2. Plugin System
- **Pros**: Maximum extensibility
- **Cons**: Too complex for internal refactoring
### 3. Macro-based Code Generation
- **Pros**: Less boilerplate
- **Cons**: Harder to understand, debug, and maintain
## Implementation Timeline
- **Week 1**: Extract types and create directory structure
- **Week 2**: Implement services layer
- **Week 3-4**: Create handlers (2-3 handlers per week)
- **Week 5**: Refactor daemon core and testing
- **Week 6**: Documentation and cleanup
## Success Metrics
1. **Code Reduction**: daemon.rs reduced from 1,500+ lines to <300 lines
2. **Test Coverage**: Each handler has >80% unit test coverage
3. **Performance**: No regression in command processing time
4. **Developer Experience**: Easier to find and modify command logic
## Risks and Mitigations
1. **Breaking Changes**: Mitigate by keeping external API identical
2. **Regression Bugs**: Mitigate with comprehensive testing at each phase
3. **Performance Impact**: Mitigate by benchmarking before/after
4. **Merge Conflicts**: Mitigate by completing refactor quickly
## Additional Refactoring: CLI Domains to Commands
### Current Confusion
The current codebase uses "domains" for CLI modules that primarily:
- Define command structures (enums with clap attributes)
- Handle command-line argument parsing
- Format output for user presentation
- Send requests to the daemon
### Proposed Renaming
Rename `cli/domains/` to `cli/commands/` to better reflect their purpose:
```
src/infrastructure/cli/
├── commands/ # (renamed from domains/)
│ ├── daemon.rs # Daemon lifecycle commands (start, stop, status)
│ ├── library.rs # Library management commands
│ ├── location.rs # Location management commands
│ ├── job.rs # Job monitoring commands
│ ├── network.rs # Network operation commands
│ ├── file.rs # File operation commands
│ └── system.rs # System monitoring commands
└── daemon/
├── handlers/ # Daemon-side handlers that
│ ├── library.rs # process commands and execute logic
│ ├── location.rs
│ └── ...
```
This creates a clearer separation:
- **CLI Commands** (`cli/commands/`): Define command structure, parse arguments, format output
- **Daemon Handlers** (`daemon/handlers/`): Execute business logic, interact with Core
### Example to Illustrate the Difference
```rust
// cli/commands/library.rs - Defines the command and presentation
#[derive(Subcommand)]
pub enum LibraryCommands {
Create { name: String, path: Option<PathBuf> },
List { detailed: bool },
}
pub async fn handle_library_command(cmd: LibraryCommands, output: CliOutput) {
let response = daemon_client.send_command(cmd).await?;
// Format and present the response to the user
output.print_libraries(response);
}
// daemon/handlers/library.rs - Executes the actual logic
impl LibraryHandler {
async fn create_library(&self, name: String, path: Option<PathBuf>) {
// Actually create the library using Core
self.core.libraries.create_library(name, path).await
}
}
```
### Benefits of This Naming
1. **Clarity**: "Commands" clearly indicates these modules define CLI commands
2. **Separation of Concerns**: Commands (presentation) vs Handlers (logic) is clearer
3. **Intuitive**: Developers expect "commands" to contain CLI command definitions
4. **No Ambiguity**: Clear distinction between what defines commands and what handles them
## Next Steps
1. Review and approve this design
2. Rename `cli/domains/` to `cli/commands/`
3. Create tracking issues for each phase
4. Begin Phase 1 implementation
5. Set up testing infrastructure

401
docs/core/design/DESIGN_CORE_LIFECYCLE.md
View File

@@ -1,401 +0,0 @@
# Core Lifecycle Design
## Overview
The Spacedrive core manages the complete lifecycle of the application, including configuration, library management, and service coordination.
## Directory Structure
```
$DATA_DIR/
├── spacedrive.json # Main application config
├── libraries/ # All library data
│ ├── {uuid}/
│ │ ├── library.json # Library metadata
│ │ ├── database.db # SQLite database
│ │ ├── thumbnails/ # Thumbnail cache
│ │ ├── previews/ # Preview cache
│ │ ├── indexes/ # Search indexes
│ │ └── exports/ # Export temp files
│ └── {uuid}/...
├── logs/ # Application logs
│ ├── spacedrive.log # Current log
│ └── spacedrive.{n}.log # Rotated logs
└── device.json # Device-specific config
```
## Core Initialization Flow
```rust
// 1. Load or create app config
let config = AppConfig::load_or_create(&data_dir)?;
// 2. Initialize device manager
let device_manager = DeviceManager::new(&data_dir)?;
// 3. Create event bus
let events = EventBus::new();
// 4. Initialize library manager
let libraries = LibraryManager::new(&data_dir.join("libraries"), events.clone())?;
// 5. Auto-load all libraries
libraries.load_all().await?;
// 6. Start background services
let location_watcher = LocationWatcher::new();
let job_manager = JobManager::new();
let thumbnail_service = ThumbnailService::new();
// 7. Create core instance
let core = Core {
config,
device: device_manager,
libraries,
events,
services: Services {
locations: location_watcher,
jobs: job_manager,
thumbnails: thumbnail_service,
},
};
```
## Configuration System
### Application Config (`spacedrive.json`)
```json
{
"version": 1,
"data_dir": "/Users/jamie/Library/Application Support/spacedrive",
"log_level": "info",
"telemetry_enabled": true,
"p2p": {
"enabled": true,
"discovery": "local"
},
"preferences": {
"theme": "dark",
"language": "en"
}
}
```
### Device Config (`device.json`)
```json
{
"version": 1,
"id": "3e19b8fd-ab4a-4094-8502-4db233d5e955",
"name": "Jamie's MacBook Pro",
"created_at": "2024-01-01T00:00:00Z",
"p2p_identity": "base64_encoded_key"
}
```
### Library Config (`{uuid}/library.json`)
```json
{
"version": 1,
"id": "fc06414a-683c-41e1-94a7-28e00e1ab880",
"name": "Main Library",
"description": "My primary Spacedrive library",
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z",
"cloud_sync": {
"enabled": false,
"provider": null
}
}
```
## Core Struct
```rust
pub struct Core {
/// Application configuration
config: Arc<RwLock<AppConfig>>,
/// Device management
pub device: Arc<DeviceManager>,
/// Library management
pub libraries: Arc<LibraryManager>,
/// Event broadcasting
pub events: Arc<EventBus>,
/// Background services
services: Services,
}
struct Services {
locations: Arc<LocationWatcher>,
jobs: Arc<JobManager>,
thumbnails: Arc<ThumbnailService>,
}
```
## Key Methods
```rust
impl Core {
/// Initialize core with default data directory
pub async fn new() -> Result<Self> {
let data_dir = AppConfig::default_data_dir()?;
Self::new_with_config(data_dir).await
}
/// Initialize core with custom data directory
pub async fn new_with_config(data_dir: PathBuf) -> Result<Self> {
// ... initialization flow ...
}
/// Shutdown core gracefully
pub async fn shutdown(&self) -> Result<()> {
// Stop all services
self.services.locations.stop().await?;
self.services.jobs.stop().await?;
self.services.thumbnails.stop().await?;
// Close all libraries
self.libraries.close_all().await?;
// Save config
self.config.write().await.save()?;
Ok(())
}
}
```
## Library Lifecycle
```rust
impl LibraryManager {
/// Load all libraries from disk
pub async fn load_all(&self) -> Result<()> {
let entries = fs::read_dir(&self.libraries_dir)?;
for entry in entries {
let path = entry?.path();
if path.is_dir() {
match self.load_library(&path).await {
Ok(library) => {
info!("Loaded library: {}", library.name());
}
Err(e) => {
error!("Failed to load library at {:?}: {}", path, e);
}
}
}
}
Ok(())
}
/// Create a new library
pub async fn create_library(&self, name: &str) -> Result<Arc<Library>> {
let id = Uuid::new_v4();
let library_dir = self.libraries_dir.join(id.to_string());
// Create directory structure
fs::create_dir_all(&library_dir)?;
fs::create_dir(&library_dir.join("thumbnails"))?;
fs::create_dir(&library_dir.join("previews"))?;
fs::create_dir(&library_dir.join("indexes"))?;
fs::create_dir(&library_dir.join("exports"))?;
// Create config
let config = LibraryConfig {
version: 1,
id,
name: name.to_string(),
description: None,
created_at: Utc::now(),
updated_at: Utc::now(),
cloud_sync: CloudSync::default(),
};
// Save config
let config_path = library_dir.join("library.json");
let json = serde_json::to_string_pretty(&config)?;
fs::write(&config_path, json)?;
// Create database
let db_path = library_dir.join("database.db");
let db = DatabaseConnection::create(&db_path).await?;
// Create library instance
let library = Arc::new(Library::new(config, db, library_dir));
// Register in active libraries
self.libraries.write().await.insert(id, library.clone());
// Emit event
self.events.emit(Event::LibraryCreated { id, name: name.to_string() });
Ok(library)
}
}
```
## Event System
```rust
#[derive(Clone, Debug)]
pub enum Event {
// Library events
LibraryCreated { id: Uuid, name: String },
LibraryLoaded { id: Uuid },
LibraryDeleted { id: Uuid },
// Location events
LocationAdded { library_id: Uuid, location_id: Uuid },
LocationScanning { library_id: Uuid, location_id: Uuid },
LocationIndexed { library_id: Uuid, location_id: Uuid, file_count: usize },
// Entry events
EntryDiscovered { library_id: Uuid, entry_id: Uuid },
EntryModified { library_id: Uuid, entry_id: Uuid },
EntryDeleted { library_id: Uuid, entry_id: Uuid },
}
pub struct EventBus {
sender: broadcast::Sender<Event>,
}
impl EventBus {
pub fn new() -> Self {
let (sender, _) = broadcast::channel(1000);
Self { sender }
}
pub fn emit(&self, event: Event) {
let _ = self.sender.send(event);
}
pub fn subscribe(&self) -> broadcast::Receiver<Event> {
self.sender.subscribe()
}
}
```
## Migration System
```rust
pub trait Migrate {
fn current_version(&self) -> u32;
fn target_version() -> u32;
fn migrate(&mut self) -> Result<()>;
}
impl Migrate for AppConfig {
fn current_version(&self) -> u32 {
self.version
}
fn target_version() -> u32 {
1 // Current schema version
}
fn migrate(&mut self) -> Result<()> {
match self.version {
0 => {
// Migration from v0 to v1
self.version = 1;
Ok(())
}
1 => Ok(()), // Already at target
v => Err(anyhow!("Unknown config version: {}", v)),
}
}
}
```
## Error Handling
```rust
#[derive(Debug, thiserror::Error)]
pub enum CoreError {
#[error("Configuration error: {0}")]
Config(String),
#[error("Library error: {0}")]
Library(#[from] LibraryError),
#[error("Database error: {0}")]
Database(#[from] sea_orm::DbErr),
#[error("IO error: {0}")]
Io(#[from] std::io::Error),
}
```
## Platform-Specific Data Directories
```rust
impl AppConfig {
pub fn default_data_dir() -> Result<PathBuf> {
#[cfg(target_os = "macos")]
let dir = dirs::data_dir()
.ok_or_else(|| anyhow!("Could not determine data directory"))?
.join("spacedrive");
#[cfg(target_os = "windows")]
let dir = dirs::data_dir()
.ok_or_else(|| anyhow!("Could not determine data directory"))?
.join("Spacedrive");
#[cfg(target_os = "linux")]
let dir = dirs::data_local_dir()
.ok_or_else(|| anyhow!("Could not determine data directory"))?
.join("spacedrive");
Ok(dir)
}
}
```
## Usage Example
```rust
#[tokio::main]
async fn main() -> Result<()> {
// Initialize with default data directory
let core = Core::new().await?;
// Or with custom data directory
let core = Core::new_with_config("/custom/data/dir".into()).await?;
// Subscribe to events
let mut events = core.events.subscribe();
tokio::spawn(async move {
while let Ok(event) = events.recv().await {
println!("Event: {:?}", event);
}
});
// Create a library if none exist
if core.libraries.list().await.is_empty() {
let library = core.libraries.create_library("My Library").await?;
println!("Created library: {}", library.id());
}
// Run until shutdown
tokio::signal::ctrl_c().await?;
// Graceful shutdown
core.shutdown().await?;
Ok(())
}
```
## Next Steps
1. Implement AppConfig with load/save functionality
2. Update Core::new() to follow this lifecycle
3. Add LibraryManager with auto-loading
4. Implement EventBus for reactivity
5. Add migration system for configs
6. Create background service management

96
docs/core/design/DESIGN_DEVICE_MANAGEMENT.md
View File

@@ -1,96 +0,0 @@
# Device Management Design
## Overview
Spacedrive needs a robust device identification system that persists across application restarts and works seamlessly with library synchronization. Each device running Spacedrive must have a unique, persistent identifier that remains constant throughout its lifetime.
## Requirements
1. **Device Uniqueness**: Each Spacedrive installation must have a globally unique device ID
2. **Persistence**: Device ID must survive application restarts
3. **Library Awareness**: Libraries must know which device they're currently running on
4. **Sync Compatibility**: Device IDs enable proper sync conflict resolution and file ownership tracking
## Architecture
### Device State Storage
The device ID and metadata are stored in a platform-specific configuration location:
- **macOS**: `~/Library/Application Support/com.spacedrive/device.json`
- **Linux**: `~/.config/spacedrive/device.json`
- **Windows**: `%APPDATA%\Spacedrive\device.json`
### Device Configuration File
```json
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "Jamie's MacBook Pro",
"created_at": "2024-01-15T10:30:00Z",
"hardware_model": "MacBookPro18,1",
"os": "macOS",
"version": "0.1.0"
}
```
### Library-Device Relationship
When a device connects to a library:
1. The device registers itself in the library's `devices` table
2. The library tracks which device is currently active
3. All operations (file creation, modification) are tagged with the device ID
### Database Schema
The `devices` table in each library:
```sql
CREATE TABLE devices (
id UUID PRIMARY KEY,
name TEXT NOT NULL,
hardware_model TEXT,
os TEXT NOT NULL,
last_seen_at TIMESTAMP NOT NULL,
is_online BOOLEAN NOT NULL DEFAULT false,
created_at TIMESTAMP NOT NULL,
updated_at TIMESTAMP NOT NULL
);
```
## Implementation Flow
1. **Application Startup**:
- Check for existing device configuration
- If not found, generate new device ID and save configuration
- Load device ID into memory
2. **Library Connection**:
- Register/update device in library's devices table
- Mark device as online
- Store current device ID in library context
3. **File Operations**:
- All SdPath creations use the persistent device ID
- Entry modifications track the device that made changes
4. **Application Shutdown**:
- Mark device as offline in all connected libraries
## Benefits
1. **Consistent Identity**: Device maintains same ID across all libraries and sessions
2. **Sync Foundation**: Enables proper multi-device synchronization
3. **Audit Trail**: Can track which device created/modified files
4. **Conflict Resolution**: Device IDs help resolve sync conflicts
## Security Considerations
- Device ID should not contain personally identifiable information
- Device configuration file should have appropriate file permissions
- Consider encryption for sensitive device metadata in future versions
## Future Enhancements
1. **Device Pairing**: Secure device-to-device authentication
2. **Device Capabilities**: Track what each device can do (indexing, P2P, etc.)
3. **Device Groups**: Organize devices into groups for easier management
4. **Remote Device Management**: Remove/disable devices from another device

390
docs/core/design/DESIGN_FILE_DATA_MODEL.md
View File

@@ -1,390 +0,0 @@
# Spacedrive File Data Model Design (v2)
## Overview
This document describes a refreshed data model for Spacedrive that decouples user metadata from content deduplication, enabling a more flexible and powerful file management system.
## Core Principles
1. **Any file can have metadata** - Tagged files shouldn't require content indexing
2. **Content identity is optional** - Deduplication is a feature, not a requirement
3. **SdPath is the universal identifier** - Cross-device operations are first-class
4. **Graceful content changes** - Files evolve, the system should handle it
5. **Progressive enhancement** - Start simple, add richness over time
## Data Model
### 1. Entry (Replaces FilePath)
The `Entry` represents any filesystem entry (file or directory) that Spacedrive knows about.
```rust
struct Entry {
id: Uuid, // Unique ID for this entry
sd_path: SdPathSerialized, // The virtual path (includes device)
// Basic metadata (always available)
name: String,
kind: EntryKind, // File, Directory, Symlink
size: Option<u64>, // None for directories
created_at: Option<DateTime>,
modified_at: Option<DateTime>,
accessed_at: Option<DateTime>,
// Platform-specific
inode: Option<u64>, // Unix/macOS
file_id: Option<u64>, // Windows
// Relationships
parent_id: Option<Uuid>, // Parent directory Entry
location_id: Option<Uuid>, // If within an indexed location
// User metadata holder
metadata_id: Uuid, // ALWAYS exists, links to UserMetadata
// Content identity (optional)
content_id: Option<Uuid>, // Links to ContentIdentity if indexed
// Tracking
first_seen_at: DateTime,
last_indexed_at: Option<DateTime>,
}
enum EntryKind {
File { extension: Option<String> },
Directory,
Symlink { target: String },
}
```
### 2. UserMetadata (New!)
Decouples user-applied metadata from content identity. Every Entry has one.
```rust
struct UserMetadata {
id: Uuid,
// User-applied metadata
tags: Vec<Tag>,
labels: Vec<Label>,
notes: Option<String>,
favorite: bool,
hidden: bool,
// Custom fields (future)
custom_fields: JsonValue,
// Timestamps
created_at: DateTime,
updated_at: DateTime,
}
```
### 3. ContentIdentity (Replaces Object)
Represents unique content, used for deduplication. Only created when content is indexed.
```rust
struct ContentIdentity {
id: Uuid,
// Content addressing
full_hash: Option<String>, // Complete file hash (if computed)
cas_id: String, // Sampled hash for quick comparison
cas_version: u8, // Version of the CAS algorithm used
// Content metadata
mime_type: Option<String>,
kind: ObjectKind, // Image, Video, Document, etc.
// Extracted metadata (optional)
media_data: Option<MediaData>, // EXIF, video metadata, etc.
text_content: Option<String>, // For search indexing
// Statistics
total_size: u64, // Combined size of all entries
entry_count: u32, // Number of entries with this content
// Timestamps
first_seen_at: DateTime,
last_verified_at: DateTime,
}
```
### 4. SdPathSerialized
How SdPath is stored in the database:
```rust
struct SdPathSerialized {
device_id: Uuid,
path: String, // Normalized path
}
// In the database, this could be:
// - Two columns: device_id, path
// - Or JSON: {"device_id": "...", "path": "..."}
// - Or a custom format: "device_id://path"
```
### 5. Location (Enhanced)
Indexed directories with richer functionality:
```rust
struct Location {
id: Uuid,
sd_path: SdPathSerialized, // Root path of this location
name: String,
// Indexing configuration
index_mode: IndexMode,
scan_interval: Option<Duration>,
// Statistics
total_size: u64,
file_count: u64,
// State
last_scan_at: Option<DateTime>,
scan_state: ScanState,
}
enum IndexMode {
Shallow, // Just filesystem metadata
Content, // Generate cas_id for deduplication
Deep, // Extract text, generate thumbnails, etc.
}
```
## Key Processes
### 1. Initial File Discovery
When Spacedrive encounters a file (indexed or ephemeral):
```rust
async fn discover_entry(sd_path: SdPath) -> Entry {
// 1. Create Entry with basic metadata
let metadata = fs::metadata(&sd_path).await?;
let entry = Entry {
id: Uuid::new_v7(),
sd_path: sd_path.serialize(),
name: sd_path.file_name(),
size: metadata.len(),
// ... other metadata
// Always create UserMetadata
metadata_id: Uuid::new_v7(),
// No content_id yet
content_id: None,
};
// 2. Create empty UserMetadata
let user_metadata = UserMetadata {
id: entry.metadata_id,
tags: vec![],
// ... defaults
};
// 3. Save both
save_entry(entry).await?;
save_user_metadata(user_metadata).await?;
entry
}
```
### 2. Content Indexing (Progressive)
Content indexing happens separately and progressively:
```rust
async fn index_entry_content(entry: &Entry, mode: IndexMode) -> Option<ContentIdentity> {
match mode {
IndexMode::Shallow => None, // No content indexing
IndexMode::Content => {
// Generate cas_id
let cas_id = generate_cas_id(&entry.sd_path).await?;
// Find or create ContentIdentity
let content = find_or_create_content_identity(cas_id).await?;
// Link entry to content
update_entry_content_id(entry.id, content.id).await?;
Some(content)
}
IndexMode::Deep => {
// Same as Content, plus:
// - Extract text for search
// - Generate thumbnails
// - Extract media metadata
}
}
}
```
### 3. CAS ID Generation (Enhanced)
The new CAS algorithm is versioned for future improvements:
```rust
const CAS_VERSION: u8 = 2;
async fn generate_cas_id(sd_path: &SdPath) -> Result<String> {
// For remote files, request CAS from that device
if !sd_path.is_local() {
return request_remote_cas_id(sd_path).await;
}
let file = File::open(sd_path.as_local_path().unwrap()).await?;
let size = file.metadata().await?.len();
let mut hasher = Blake3Hasher::new();
// Version prefix for algorithm changes
hasher.update(&[CAS_VERSION]);
hasher.update(&size.to_le_bytes());
if size <= SMALL_FILE_THRESHOLD {
// Hash entire file
hash_entire_file(&mut hasher, file).await?;
} else {
// Sample-based hashing
hash_file_samples(&mut hasher, file, size).await?;
}
Ok(format!("v{}:{}", CAS_VERSION, hasher.finalize().to_hex()[..16]))
}
```
### 4. Handling Content Changes
When a file's content changes:
```rust
async fn handle_file_modified(entry: &Entry) {
// User metadata is unaffected - tags, notes, etc. remain
if let Some(old_content_id) = entry.content_id {
// Generate new CAS ID
let new_cas_id = generate_cas_id(&entry.sd_path).await?;
// Check if content actually changed
let old_content = get_content_identity(old_content_id).await?;
if old_content.cas_id == new_cas_id {
return; // No actual change
}
// Find or create new content identity
let new_content = find_or_create_content_identity(new_cas_id).await?;
// Update entry link
update_entry_content_id(entry.id, new_content.id).await?;
// Decrease old content's entry count
decrease_content_entry_count(old_content_id).await?;
}
}
```
### 5. Cross-Device Operations
With SdPath integration:
```rust
async fn copy_with_metadata(source: SdPath, dest: SdPath) -> Result<Entry> {
// 1. Copy the actual file content
let copy_result = copy_file_content(&source, &dest).await?;
// 2. Get source entry and metadata
let source_entry = get_entry_by_sdpath(&source).await?;
let source_metadata = get_user_metadata(source_entry.metadata_id).await?;
// 3. Create destination entry
let dest_entry = discover_entry(dest).await?;
// 4. Copy user metadata (tags, notes, etc.)
copy_user_metadata(&source_metadata, dest_entry.metadata_id).await?;
// 5. If source had content identity, schedule indexing for dest
if source_entry.content_id.is_some() {
schedule_content_indexing(dest_entry.id).await?;
}
Ok(dest_entry)
}
```
## Benefits of This Design
### 1. Flexible Metadata
- Any file can be tagged immediately, even non-indexed
- Ephemeral files have full metadata support
- No need to wait for content indexing
### 2. Graceful Content Evolution
- File edits don't lose tags/notes
- Content identity tracks uniqueness when available
- Version history could be added later
### 3. Progressive Enhancement
- Start with just filesystem metadata
- Add content identity when needed
- Deep indexing (text extraction, etc.) is optional
### 4. SdPath Integration
- Entries are naturally cross-device via SdPath
- Operations work uniformly across devices
- Virtual filesystem is truly realized
### 5. Better Performance
- No forced content reading for basic operations
- Metadata operations are lightweight
- Content indexing can be batched/scheduled
## Migration from v1
```sql
-- Rough migration approach
-- 1. Create UserMetadata for each Object
INSERT INTO user_metadata (id, tags, labels, notes, favorite, hidden)
SELECT
uuid_v7() as id,
-- Extract tags via junction table
-- Extract other metadata
FROM object;
-- 2. Transform FilePath to Entry
INSERT INTO entry (id, device_id, path, metadata_id, content_id)
SELECT
uuid_v7() as id,
COALESCE(device_id, current_device_id()) as device_id,
path,
-- Link to migrated UserMetadata
-- Link to ContentIdentity (migrated from Object)
FROM file_path;
-- 3. Transform Object to ContentIdentity
INSERT INTO content_identity (id, cas_id, kind, ...)
SELECT
pub_id as id,
-- Derive cas_id from linked file_paths
kind,
...
FROM object;
```
## Future Considerations
1. **Content Versions**: Track history of content changes
2. **Metadata Sync**: Efficient sync of UserMetadata across devices
3. **Virtual Entries**: Entries that don't exist locally but we know about
4. **Cloud Integration**: Treat cloud storage as just another device
5. **Conflict Resolution**: When same file has different metadata on different devices

192
docs/core/design/DESIGN_FILE_DATA_MODEL_VISUAL.md
View File

@@ -1,192 +0,0 @@
# File Data Model - Visual Comparison
## Old Model (v1) - Current Spacedrive
```
┌─────────────┐ ┌────────────┐ ┌───────────┐
│ Location │───────│ FilePath │───────│ Object │
└─────────────┘ 1:n └────────────┘ n:1 └───────────┘
│ │
│ │
cas_id (nullable) ┌─────┴─────┐
│ │ │
│ Tags Labels
(content hash) (via junction tables)
Problems:
- No Object = No tags (non-indexed files can't be tagged)
- cas_id required to create Object
- Tight coupling between content identity and user metadata
```
## New Model (v2) - Proposed
```
┌─────────────┐ ┌─────────────┐ ┌──────────────┐
│ Location │───────│ Entry │───────│UserMetadata │
└─────────────┘ 1:n └─────────────┘ 1:1 └──────────────┘
│ │
sd_path: SdPath Tags, Labels,
(device + local path) Notes, etc.
│ (ALWAYS exists)
│ content_id
│ (nullable)
┌────────────────┐
│ContentIdentity │
└────────────────┘
cas_id, mime_type,
media_data, etc.
(ONLY if indexed)
Benefits:
- Every Entry has UserMetadata (can tag any file)
- ContentIdentity is optional (for deduplication)
- Clean separation of concerns
```
## Key Relationships
### 1. Entry UserMetadata (1:1)
```
Entry UserMetadata
├─ id: uuid ├─ id: uuid
├─ sd_path: SdPath ├─ tags: []
├─ name: "photo.jpg" ├─ labels: []
├─ metadata_id ───────────────├─ notes: "Vacation 2024"
└─ content_id: uuid? └─ favorite: true
```
### 2. Entry ContentIdentity (n:1)
```
Entry (MacBook) ContentIdentity
├─ id: uuid-1 ├─ id: uuid
├─ sd_path: mac:/photo.jpg ├─ cas_id: "v2:a1b2c3..."
├─ content_id ─────────────────├─ kind: Image
├─ mime_type: "image/jpeg"
Entry (iPhone) ├─ entry_count: 2
├─ id: uuid-2 └─ total_size: 10MB
├─ sd_path: iphone:/DCIM/...
└─ content_id ─────────────────┘
(Same content on different devices)
```
## Process Flow Comparison
### Old Flow: Must Index to Tag
```
1. Discover File
└─> Create FilePath (no tags possible yet)
2. Index Content (required for tags)
├─> Read file content
├─> Generate cas_id
└─> Create/Link Object
3. Now Can Tag
└─> Add tags to Object
```
### New Flow: Tag Immediately
```
1. Discover File
├─> Create Entry
└─> Create UserMetadata (can tag immediately!)
2. Index Content (optional, async)
├─> Read file content
├─> Generate cas_id
└─> Create/Link ContentIdentity
3. Tags Unaffected by Content Changes
```
## SdPath Serialization Examples
### Option 1: Separate Columns
```sql
CREATE TABLE entry (
id UUID PRIMARY KEY,
device_id UUID NOT NULL,
path TEXT NOT NULL,
library_id UUID,
-- ... other fields
UNIQUE(device_id, path, library_id)
);
```
### Option 2: JSON Column
```sql
CREATE TABLE entry (
id UUID PRIMARY KEY,
sd_path JSONB NOT NULL,
-- Example: {"device_id": "abc", "path": "/home/user/file.txt", "library_id": null}
-- ... other fields
);
-- Can still index and query efficiently:
CREATE INDEX idx_entry_device ON entry((sd_path->>'device_id'));
CREATE INDEX idx_entry_path ON entry((sd_path->>'path'));
```
### Option 3: Custom Format String
```sql
CREATE TABLE entry (
id UUID PRIMARY KEY,
sd_path TEXT NOT NULL,
-- Format: "device_id://path" or "library_id/device_id://path"
-- Example: "a1b2c3d4://home/user/file.txt"
-- ... other fields
);
-- With computed columns for efficiency:
ALTER TABLE entry ADD COLUMN device_id UUID
GENERATED ALWAYS AS (split_part(sd_path, '://', 1)::UUID) STORED;
ALTER TABLE entry ADD COLUMN local_path TEXT
GENERATED ALWAYS AS (split_part(sd_path, '://', 2)) STORED;
```
## Query Examples
### Find all copies of a file (by content)
```sql
-- New model: Find all entries with same content
SELECT e.*, um.*
FROM entry e
JOIN user_metadata um ON e.metadata_id = um.id
WHERE e.content_id = ?;
-- Old model: Find all file_paths with same object
SELECT fp.*, o.*
FROM file_path fp
JOIN object o ON fp.object_id = o.id
WHERE o.id = ?;
```
### Tag a non-indexed file
```sql
-- New model: Just works!
UPDATE user_metadata
SET tags = array_append(tags, 'Important')
WHERE id = (SELECT metadata_id FROM entry WHERE sd_path = ?);
-- Old model: Impossible! No object exists
-- Would need to force content indexing first
```
### Find files modified after tagging
```sql
-- New model: Tags persist through content changes
SELECT e.*, um.*
FROM entry e
JOIN user_metadata um ON e.metadata_id = um.id
LEFT JOIN content_identity ci ON e.content_id = ci.id
WHERE 'Important' = ANY(um.tags)
AND e.modified_at > um.updated_at;
-- Old model: Content changes could break object association
-- Complex logic needed to track this
```

76
docs/core/design/DESIGN_FILE_TYPE_SYSTEM.md
View File

@@ -1,76 +0,0 @@
# File Type System
A modern, extensible file type identification system for Spacedrive.
## Features
- **Data-driven**: File types defined in TOML files
- **Runtime extensibility**: Add new types without recompiling
- **Magic bytes**: Flexible pattern matching with wildcards
- **Priority resolution**: Smart handling of conflicting extensions
- **Rich metadata**: Arbitrary metadata per file type
- **Standards compliant**: MIME types and UTIs included
## Usage
```rust
use sd_core::file_type::FileTypeRegistry;
// Create registry with built-in types
let registry = FileTypeRegistry::new();
// Identify by extension
let jpeg_types = registry.get_by_extension("jpg");
// Identify by MIME type
let png_type = registry.get_by_mime("image/png");
// Full identification with magic bytes
let result = registry.identify(Path::new("photo.jpg")).await?;
println!("{} ({}% confidence)", result.file_type.name, result.confidence);
```
## Architecture
- `registry.rs` - Main API and identification logic
- `magic.rs` - Magic byte pattern matching
- `builtin.rs` - Embedded TOML definitions
- `definitions/` - TOML files with file type definitions
## Adding New Types
Create a TOML file:
```toml
[[file_types]]
id = "application/x-custom"
name = "Custom Format"
extensions = ["custom"]
mime_types = ["application/x-custom"]
category = "document"
priority = 100
[[file_types.magic_bytes]]
pattern = "43 55 53 54" # "CUST"
offset = 0
priority = 100
```
## Categories
- `image` - Photos, graphics, etc.
- `video` - Movies, animations
- `audio` - Music, podcasts
- `document` - PDFs, office files
- `code` - Source code files
- `archive` - Compressed files
- `text` - Plain text, markdown
- `config` - Configuration files
- `database` - Database files
- `book` - E-books
- `font` - Font files
- `mesh` - 3D models
- `encrypted` - Encrypted/secure files
- `key` - Certificates, keys
- `executable` - Apps, scripts
- `unknown` - Unidentified files

456
docs/core/design/DESIGN_LIBRARY_IMPLEMENTATION.md
View File

@@ -1,456 +0,0 @@
# Library Organization - Implementation Guide
## Core Types
```rust
use std::path::{Path, PathBuf};
use serde::{Serialize, Deserialize};
use uuid::Uuid;
/// Represents a complete Spacedrive library
pub struct Library {
/// Root directory of the library
path: PathBuf,
/// Loaded configuration
config: LibraryConfig,
/// Database connection
db: Arc<Database>,
/// Lock file handle (dropped on library close)
_lock: LibraryLock,
}
/// Library configuration stored in library.json
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct LibraryConfig {
/// Version of the config format
pub version: u32,
/// Unique identifier for the library
pub id: Uuid,
/// Human-readable name
pub name: String,
/// Optional description
pub description: Option<String>,
/// Creation timestamp
pub created_at: DateTime<Utc>,
/// Last modification timestamp
pub updated_at: DateTime<Utc>,
/// Library-specific settings
pub settings: LibrarySettings,
/// Statistics (updated periodically)
pub statistics: LibraryStatistics,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct LibrarySettings {
pub generate_thumbnails: bool,
pub thumbnail_quality: u8,
pub enable_ai_tagging: bool,
pub sync_enabled: bool,
pub encryption_enabled: bool,
}
```
## Library Manager
```rust
/// Manages all open libraries
pub struct LibraryManager {
/// Currently open libraries
libraries: RwLock<HashMap<Uuid, Arc<Library>>>,
/// Configured library locations to scan
search_paths: Vec<PathBuf>,
/// Event bus for library events
events: EventBus<LibraryEvent>,
}
impl LibraryManager {
/// Create a new library
pub async fn create_library(
&self,
name: impl Into<String>,
location: Option<PathBuf>,
) -> Result<Arc<Library>> {
let name = name.into();
let safe_name = sanitize_filename(&name);
// Determine location
let base_path = location.unwrap_or_else(|| {
self.search_paths.first()
.cloned()
.unwrap_or_else(|| dirs::home_dir().unwrap().join("Spacedrive/Libraries"))
});
// Create library directory
let library_path = base_path.join(format!("{}.sdlibrary", safe_name));
if library_path.exists() {
// Add number suffix if needed
let library_path = find_unique_path(library_path);
}
fs::create_dir_all(&library_path).await?;
// Initialize library structure
self.initialize_library_directory(&library_path, name).await?;
// Open the newly created library
self.open_library(library_path).await
}
/// Open a library from a path
pub async fn open_library(&self, path: impl AsRef<Path>) -> Result<Arc<Library>> {
let path = path.as_ref();
// Validate it's a library directory
if !path.extension().map(|e| e == "sdlibrary").unwrap_or(false) {
return Err(LibraryError::NotALibrary);
}
// Acquire lock
let lock = LibraryLock::acquire(path)?;
// Load configuration
let config_path = path.join("library.json");
let config: LibraryConfig = load_json(&config_path).await?;
// Check if already open
if self.libraries.read().await.contains_key(&config.id) {
return Err(LibraryError::AlreadyOpen);
}
// Open database
let db_path = path.join("database.db");
let db = Database::open(&db_path).await?;
// Run migrations if needed
db.migrate().await?;
// Create library instance
let library = Arc::new(Library {
path: path.to_path_buf(),
config,
db,
_lock: lock,
});
// Register library
self.libraries.write().await.insert(library.config.id, library.clone());
// Emit event
self.events.emit(LibraryEvent::Opened(library.config.id)).await;
Ok(library)
}
/// Scan configured locations for libraries
pub async fn scan_locations(&self) -> Result<Vec<DiscoveredLibrary>> {
let mut discovered = Vec::new();
for search_path in &self.search_paths {
if !search_path.exists() {
continue;
}
let mut entries = fs::read_dir(search_path).await?;
while let Some(entry) = entries.next_entry().await? {
let path = entry.path();
// Check if it's a library directory
if path.extension().map(|e| e == "sdlibrary").unwrap_or(false) {
match self.read_library_info(&path).await {
Ok(info) => discovered.push(info),
Err(e) => {
error!("Failed to read library at {:?}: {}", path, e);
}
}
}
}
}
Ok(discovered)
}
}
```
## Library Directory Operations
```rust
impl LibraryManager {
/// Initialize a new library directory structure
async fn initialize_library_directory(
&self,
path: &Path,
name: String,
) -> Result<()> {
// Create subdirectories
fs::create_dir_all(path.join("thumbnails")).await?;
fs::create_dir_all(path.join("previews")).await?;
fs::create_dir_all(path.join("indexes")).await?;
fs::create_dir_all(path.join("exports")).await?;
// Create initial config
let config = LibraryConfig {
version: LIBRARY_VERSION_V2,
id: Uuid::new_v4(),
name,
description: None,
created_at: Utc::now(),
updated_at: Utc::now(),
settings: LibrarySettings::default(),
statistics: LibraryStatistics::default(),
};
// Save config
save_json(&path.join("library.json"), &config).await?;
// Initialize database
let db_path = path.join("database.db");
let db = Database::create(&db_path).await?;
db.initialize_schema().await?;
// Create thumbnail metadata
let thumb_meta = ThumbnailMetadata {
version: 1,
quality: 85,
sizes: vec![128, 256, 512],
};
save_json(&path.join("thumbnails/metadata.json"), &thumb_meta).await?;
Ok(())
}
}
```
## Library Lock Implementation
```rust
/// Prevents concurrent access to a library
pub struct LibraryLock {
path: PathBuf,
_file: File,
}
impl LibraryLock {
pub fn acquire(library_path: &Path) -> Result<Self> {
let lock_path = library_path.join(".sdlibrary.lock");
// Try to create lock file exclusively
let file = OpenOptions::new()
.write(true)
.create_new(true)
.open(&lock_path)
.map_err(|e| {
if e.kind() == io::ErrorKind::AlreadyExists {
// Check if lock is stale
if let Ok(metadata) = fs::metadata(&lock_path) {
if let Ok(modified) = metadata.modified() {
let age = SystemTime::now().duration_since(modified).unwrap_or_default();
if age > Duration::from_secs(3600) { // 1 hour
// Stale lock, try to remove
let _ = fs::remove_file(&lock_path);
return LibraryError::StaleLock;
}
}
}
LibraryError::AlreadyInUse
} else {
e.into()
}
})?;
// Write lock info
let lock_info = LockInfo {
node_id: *CURRENT_DEVICE_ID,
process_id: std::process::id(),
acquired_at: Utc::now(),
};
file.write_all(serde_json::to_string(&lock_info)?.as_bytes())?;
file.sync_all()?;
Ok(Self {
path: lock_path,
_file: file,
})
}
}
impl Drop for LibraryLock {
fn drop(&mut self) {
// Clean up lock file
let _ = fs::remove_file(&self.path);
}
}
```
## Thumbnail Management
```rust
impl Library {
/// Get thumbnail path for a CAS ID
pub fn thumbnail_path(&self, cas_id: &str) -> PathBuf {
// Two-level sharding
let first = &cas_id[0..1];
let second = &cas_id[1..2];
self.path
.join("thumbnails")
.join(first)
.join(second)
.join(format!("{}.webp", cas_id))
}
/// Save a thumbnail
pub async fn save_thumbnail(
&self,
cas_id: &str,
thumbnail_data: &[u8],
) -> Result<()> {
let path = self.thumbnail_path(cas_id);
// Create parent directories
if let Some(parent) = path.parent() {
fs::create_dir_all(parent).await?;
}
// Write thumbnail
fs::write(&path, thumbnail_data).await?;
Ok(())
}
/// Check if thumbnail exists
pub async fn has_thumbnail(&self, cas_id: &str) -> bool {
self.thumbnail_path(cas_id).exists()
}
}
```
## Migration from v1
```rust
pub async fn migrate_v1_library(
old_id: Uuid,
v1_data_dir: &Path,
target_dir: &Path,
) -> Result<PathBuf> {
info!("Starting migration of library {}", old_id);
// Load v1 config
let v1_config_path = v1_data_dir
.join("libraries")
.join(format!("{}.sdlibrary", old_id));
let v1_config: V1LibraryConfig = load_json(&v1_config_path).await?;
// Create v2 library directory
let safe_name = sanitize_filename(&v1_config.name);
let v2_path = target_dir.join(format!("{}.sdlibrary", safe_name));
fs::create_dir_all(&v2_path).await?;
// Initialize v2 structure
let manager = LibraryManager::new();
manager.initialize_library_directory(&v2_path, v1_config.name.clone()).await?;
// Migrate database
info!("Migrating database...");
let v1_db_path = v1_data_dir
.join("libraries")
.join(format!("{}.db", old_id));
let v2_db_path = v2_path.join("database.db");
migrate_database_v1_to_v2(&v1_db_path, &v2_db_path).await?;
// Migrate thumbnails with progress
info!("Migrating thumbnails...");
let v1_thumb_dir = v1_data_dir.join("thumbnails").join(old_id.to_string());
let v2_thumb_dir = v2_path.join("thumbnails");
let thumb_count = count_files(&v1_thumb_dir).await?;
let progress = ProgressBar::new(thumb_count);
migrate_thumbnails_with_progress(&v1_thumb_dir, &v2_thumb_dir, progress).await?;
// Update config with v1 data
let mut v2_config: LibraryConfig = load_json(&v2_path.join("library.json")).await?;
v2_config.id = old_id; // Preserve original ID
v2_config.created_at = v1_config.date_created;
save_json(&v2_path.join("library.json"), &v2_config).await?;
info!("Migration completed successfully");
Ok(v2_path)
}
```
## Benefits in Practice
### 1. Simple Backup/Restore
```rust
// Backup
fs::copy_dir_all("My Photos.sdlibrary", "/backup/location")?;
// Restore
fs::copy_dir_all("/backup/My Photos.sdlibrary", "~/Spacedrive/Libraries/")?;
libraries.open_library("~/Spacedrive/Libraries/My Photos.sdlibrary")?;
```
### 2. External Drive Support
```rust
// Open library from external drive
let external_lib = libraries.open_library("/Volumes/Backup/Archive.sdlibrary")?;
// Library works normally, regardless of location
external_lib.search("vacation photos").await?;
```
### 3. Cloud Sync Compatible
```rust
// Libraries in cloud-synced folders just work
let cloud_lib = libraries.open_library("~/Dropbox/Spacedrive/Travel.sdlibrary")?;
// Conflict resolution handled by cloud provider
// Or could implement custom sync-aware locking
```
### 4. Easy Sharing
```rust
// Export library for sharing (with optional exclusions)
library.export_to("/tmp/export.zip", ExportOptions {
include_thumbnails: true,
include_previews: false,
compress: true,
})?;
// Import shared library
libraries.import_from("/tmp/shared-library.zip", "~/Spacedrive/Libraries/")?;
```
## Future-Proofing
The design supports adding new features without breaking existing libraries:
```rust
// New feature: Add AI embeddings
// Just add new directory - no migration needed
fs::create_dir_all(library.path.join("embeddings"))?;
// New feature: Version history
// Add versions directory
fs::create_dir_all(library.path.join("versions"))?;
// New setting: Just update config
library.config.settings.enable_version_history = true;
library.save_config().await?;
```
This implementation provides a solid foundation for portable, self-contained libraries that solve all the issues with the current system.

223
docs/core/design/DESIGN_LIBRARY_ORGANIZATION.md
View File

@@ -1,223 +0,0 @@
# Library Data Organization Design
## Current Problems
The existing Spacedrive library organization has critical flaws:
1. **Scattered Data**: Library data is spread across multiple directories (database, thumbnails, etc.)
2. **Backup Nightmare**: Can't easily backup/restore a complete library
3. **Instance Dependencies**: File paths tied to instance IDs break portability
4. **No Isolation**: Libraries share directories, making management difficult
5. **Migration Hell**: Complex migrations needed for any organizational change
## Design Principles
1. **Self-Contained**: Each library is a complete, portable directory
2. **Location Agnostic**: Libraries can be moved/copied without breaking
3. **Backup Friendly**: Simple directory copy = complete backup
4. **Future Proof**: Extensible structure for new data types
5. **Migration Free**: New features add directories, don't reorganize existing ones
## Proposed Directory Structure
```
~/Spacedrive/Libraries/ # Default libraries root (configurable)
├── My Photos.sdlibrary/ # Self-contained library directory
│ ├── library.json # Library metadata & config
│ ├── database.db # SQLite database
│ ├── database.db-wal # Write-ahead log
│ ├── database.db-shm # Shared memory
│ ├── thumbnails/ # All thumbnails for this library
│ │ ├── [0-9a-f]/ # First char of cas_id (16 dirs)
│ │ │ ├── [0-9a-f]/ # Second char (256 dirs total)
│ │ │ │ └── {cas_id}.webp # Actual thumbnail files
│ │ └── metadata.json # Thumbnail generation settings
│ ├── previews/ # Full-size previews (future)
│ │ └── [similar structure]
│ ├── indexes/ # Search indexes (future)
│ │ ├── text.idx # Full-text search index
│ │ └── embeddings.idx # Vector embeddings
│ ├── exports/ # Exported data (future)
│ ├── plugins/ # Library-specific plugins (future)
│ └── .sdlibrary.lock # Lock file for concurrent access
```
## Key Design Decisions
### 1. Library Directory Naming
```
{library_name}.sdlibrary/
```
- Human-readable directory names (not UUIDs)
- `.sdlibrary` extension marks it as a Spacedrive library
- Allows users to identify libraries in file explorers
- Internal UUID stored in `library.json`
### 2. Library Metadata File (`library.json`)
```json
{
"version": 2,
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "My Photos",
"description": "Personal photo collection",
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z",
"settings": {
"generate_thumbnails": true,
"thumbnail_quality": 85,
"enable_ai_tagging": false
},
"statistics": {
"total_files": 10000,
"total_size": 50000000000,
"last_indexed": "2024-01-01T00:00:00Z"
}
}
```
### 3. Thumbnail Organization
- Two-level sharding using first two characters of cas_id
- Creates maximum 256 directories (16 × 16)
- Balances between too many files per directory and too many directories
- Metadata file stores generation parameters for consistency
### 4. Database Design Changes
- Remove instance_id dependencies from file_path table
- Use relative paths within locations instead of absolute
- Store device information separately from path information
- Enable true portability between devices
### 5. Lock File for Concurrency
- `.sdlibrary.lock` prevents multiple nodes from accessing simultaneously
- Contains node information and process ID
- Automatically cleaned up on graceful shutdown
- Stale lock detection for crash recovery
## Library Locations Configuration
```json
// In node configuration
{
"library_locations": [
{
"path": "~/Spacedrive/Libraries",
"is_default": true
},
{
"path": "/Volumes/External/SpacedriveLibraries",
"is_default": false
}
]
}
```
## Migration Strategy
### From v1 to v2
1. **Create New Structure**:
```rust
async fn migrate_library_v1_to_v2(old_lib_id: Uuid) -> Result<()> {
// Create new directory structure
let old_config = load_v1_config(old_lib_id)?;
let new_dir = create_v2_directory(&old_config.name)?;
// Copy and migrate database
migrate_database(old_lib_id, &new_dir).await?;
// Migrate thumbnails with progress
migrate_thumbnails(old_lib_id, &new_dir).await?;
// Create v2 config
create_v2_config(&new_dir, old_config)?;
Ok(())
}
```
2. **Gradual Migration**:
- Keep v1 libraries functional during migration
- Migrate one library at a time
- Verify integrity before removing old data
- Provide rollback capability
## Implementation Benefits
### 1. Simple Backups
```bash
# Complete library backup
cp -r "My Photos.sdlibrary" /backup/location/
# Works with any backup software
rsync -av "My Photos.sdlibrary" remote:/backup/
```
### 2. Easy Library Management
```bash
# Move library to external drive
mv "My Photos.sdlibrary" /Volumes/External/
# Share library with another user
zip -r photos.zip "My Photos.sdlibrary"
```
### 3. Multi-Library Workflows
- Open libraries from any location
- Different libraries on different drives
- Temporary libraries on removable media
- Archive old libraries without cluttering active workspace
### 4. Cloud Sync Ready
- Self-contained directories work well with cloud storage
- Can sync entire library or just metadata
- Conflict resolution simplified
## API Changes
### Opening Libraries
```rust
// Old: Libraries identified by UUID only
let library = libraries.get(library_id)?;
// New: Libraries identified by path or UUID
let library = libraries.open_path("/path/to/My Photos.sdlibrary")?;
let library = libraries.open_id(library_id)?; // Still supported
```
### Library Discovery
```rust
// Scan for libraries in configured locations
let discovered = libraries.scan_locations().await?;
// Register external library
libraries.register_external("/mnt/nas/Shared Media.sdlibrary")?;
```
## Future Extensions
The structure supports future additions without breaking changes:
1. **Indexes Directory**: For full-text and vector search indexes
2. **Previews Directory**: For full-resolution preview generation
3. **Exports Directory**: For temporary export operations
4. **Plugins Directory**: For library-specific extensions
5. **Sync Directory**: For sync metadata and conflict resolution
6. **Versions Directory**: For file version history (future feature)
## Security Considerations
1. **Permissions**: Library directory permissions restrict access
2. **Encryption**: Optional library encryption at directory level
3. **Lock Files**: Prevent concurrent access corruption
4. **Integrity**: Checksums for critical files
## Conclusion
This design solves the fundamental issues with Spacedrive's current library organization:
- Complete portability and backup capability
- No instance/device dependencies
- Human-friendly organization
- Future-proof extensibility
- Simple implementation and maintenance
The self-contained library directory is the foundation for reliable, user-friendly file management across devices.

189
docs/core/design/DESIGN_LIBRARY_ORGANIZATION_VISUAL.md
View File

@@ -1,189 +0,0 @@
# Library Organization - Visual Comparison
## Current (v1) - Scattered Organization
```
~/Library/Application Support/spacedrive/
├── libraries/
│ ├── 550e8400-e29b-41d4-a716-446655440000.sdlibrary # Config only
│ ├── 550e8400-e29b-41d4-a716-446655440000.db # Database only
│ ├── 7c9d8352-9f3a-4a2d-8e0b-1234567890ab.sdlibrary
│ └── 7c9d8352-9f3a-4a2d-8e0b-1234567890ab.db
├── thumbnails/
│ ├── 550e8400-e29b-41d4-a716-446655440000/ # Separate from library
│ │ ├── abc/
│ │ │ └── {cas_id}.webp
│ │ └── def/
│ │ └── {cas_id}.webp
│ ├── 7c9d8352-9f3a-4a2d-8e0b-1234567890ab/
│ │ └── [thumbnails...]
│ └── ephemeral/ # Non-library thumbnails
└── [other app data...]
Problems:
- Library data in 3+ different places
- UUID-based names (not human readable)
- Can't backup by copying a folder
- Thumbnails separated from library
- Hard to identify which library is which
```
## Proposed (v2) - Self-Contained Organization
```
~/Spacedrive/Libraries/ # User-visible location
├── My Photos.sdlibrary/ # Complete library
│ ├── library.json # Metadata
│ ├── database.db # Database
│ ├── thumbnails/ # Thumbnails included
│ │ ├── a/b/{cas_id}.webp
│ │ └── metadata.json
│ └── .sdlibrary.lock # Concurrency control
├── Work Projects.sdlibrary/ # Another library
│ └── [same structure...]
└── Movie Collection.sdlibrary/ # Human-readable names!
└── [same structure...]
/Volumes/External/SpacedriveLibraries/ # Libraries on external drive
└── Archived Photos 2020.sdlibrary/
└── [same structure...]
Benefits:
- Everything in one folder
- Human-readable names
- Simple backup (just copy the folder)
- Can live anywhere (external drives, network, etc.)
- Self-documenting structure
```
## Common Operations Comparison
### Backup a Library
**v1 (Current)**:
```bash
# Complex - need to find all pieces
cp ~/Library/.../libraries/550e8400-*.sdlibrary /backup/
cp ~/Library/.../libraries/550e8400-*.db /backup/
cp -r ~/Library/.../thumbnails/550e8400-* /backup/thumbnails/
# Hope you didn't miss anything!
```
**v2 (Proposed)**:
```bash
# Simple - just copy the directory
cp -r "~/Spacedrive/Libraries/My Photos.sdlibrary" /backup/
# Done! Everything included
```
### Move Library to External Drive
**v1 (Current)**:
```
Not possible - paths are hardcoded
```
**v2 (Proposed)**:
```bash
# Just move it
mv "~/Spacedrive/Libraries/My Photos.sdlibrary" "/Volumes/External/"
# Re-open from new location in Spacedrive
```
### Share Library with Someone
**v1 (Current)**:
```
Extremely difficult:
1. Find all database files
2. Find all thumbnail directories
3. Hope instance IDs match
4. Probably won't work
```
**v2 (Proposed)**:
```bash
# Zip and send
zip -r my-photos.zip "My Photos.sdlibrary"
# Recipient extracts and opens - it just works
```
## Directory Size Comparison
### v1 Structure Issues
```
thumbnails/
├── 550e8400-e29b-41d4-a716-446655440000/
│ ├── 000/ to fff/ (4096 directories!)
│ │ └── *.webp
│ └── Total: 4096 dirs × ~100 files = 400K+ files in flat structure
```
### v2 Optimized Structure
```
My Photos.sdlibrary/
└── thumbnails/
├── 0/ to f/ (16 directories)
│ ├── 0/ to f/ (16 subdirectories each = 256 total)
│ │ └── *.webp
└── Total: 256 dirs × ~1,500 files = more balanced distribution
```
## Migration Process Visualization
```
Step 1: Scan v1 Libraries
├── Found: 550e8400-*.sdlibrary → "My Photos"
├── Found: 7c9d8352-*.sdlibrary → "Work Projects"
└── Found: 92fab210-*.sdlibrary → "Movies"
Step 2: Create v2 Structure
├── Create: "My Photos.sdlibrary/"
├── Create: "Work Projects.sdlibrary/"
└── Create: "Movies.sdlibrary/"
Step 3: Migrate Data (with progress)
├── [████████████████████] 100% Database migration
├── [████████████████████] 100% Thumbnail migration (10,234 files)
└── [████████████████████] 100% Config conversion
Step 4: Verify & Cleanup
├── ✓ Verify database integrity
├── ✓ Verify thumbnail counts match
├── ✓ Create backup of v1 data
└── ✓ Remove v1 data (after confirmation)
```
## Platform-Specific Benefits
### macOS
- Libraries appear as bundles in Finder (like .app files)
- Can add custom icons to library folders
- Time Machine backs up complete libraries
- Spotlight can index library names
### Windows
- Libraries are regular folders (easy to understand)
- Can pin library folders to Quick Access
- Works with any backup software
- Can store on OneDrive/network drives
### Linux
- Standard directory structure
- Works with all file managers
- Easy scripting and automation
- Can symlink to different locations
## Summary Comparison
| Feature | v1 (Current) | v2 (Proposed) |
|---------|--------------|---------------|
| **Backup** | Complex multi-directory | Simple folder copy |
| **Portability** | Instance-dependent | Fully portable |
| **Human Readable** | UUID soup | Clear names |
| **External Storage** | Not supported | Native support |
| **Sharing** | Nearly impossible | Simple zip & send |
| **Finding Libraries** | Check database | Look at folder names |
| **Disaster Recovery** | Difficult | Copy folder back |
| **Cloud Sync** | Problematic | Works naturally |
| **User Understanding** | Confusing | Intuitive |

121
docs/core/design/DESIGN_OPTIMIZED_STORAGE.md
View File

@@ -1,121 +0,0 @@
# Storage Design
## Problem Statement
File system storage needs to balance several concerns:
- **Space efficiency** - Minimize database size for large collections
- **Query performance** - Fast path-based operations
- **Simplicity** - Avoid complex joins for common operations
- **Cross-device compatibility** - Work consistently across devices
## Solution: Materialized Path Storage
### 1. Integer IDs for Internal Storage
- Use auto-incrementing integers internally (4-8 bytes)
- Keep UUIDs only for external APIs and cross-device sync
- 75% reduction in ID storage size
### 2. Materialized Path Approach
Simple and efficient path storage:
```sql
-- Store paths directly with materialized hierarchy:
entries: location_id=1, relative_path="src", name="main.rs"
entries: location_id=1, relative_path="src", name="lib.rs"
entries: location_id=1, relative_path="", name="Cargo.toml"
```
### 3. Benefits
**Performance:**
- **Simple queries** - No joins needed for most path operations
- **Fast hierarchy queries** - Direct LIKE patterns on relative_path
- **Efficient indexing** - Single index covers most queries
**Simplicity:**
- **No complex relationships** - Avoid recursive parent_id patterns
- **Direct path access** - Build full paths with simple concatenation
- **Easy migrations** - Straightforward schema changes
## Implementation Details
### Database Schema
```sql
-- Devices table (hybrid)
CREATE TABLE devices (
id INTEGER PRIMARY KEY, -- Internal use
uuid BLOB NOT NULL UNIQUE, -- External API
name TEXT NOT NULL,
-- ... other fields
);
-- Entries (materialized paths)
CREATE TABLE entries (
id INTEGER PRIMARY KEY,
location_id INTEGER NOT NULL, -- Reference to location
relative_path TEXT NOT NULL, -- Directory path within location
name TEXT NOT NULL, -- File/directory name
metadata_id INTEGER NOT NULL,
-- ... other fields
);
```
### API Translation Layer
```rust
// External API uses UUIDs and SdPath
pub struct SdPath {
pub device_id: Uuid,
pub path: PathBuf,
}
// Internal storage uses integers and materialized paths
pub struct EntryStorage {
pub id: i64,
pub location_id: i32,
pub relative_path: String,
pub name: String,
}
// Translation happens at API boundary
impl Entry {
pub fn to_sdpath(&self) -> SdPath {
let location = self.get_location();
let device = location.get_device();
let full_path = if self.relative_path.is_empty() {
PathBuf::from(&self.name)
} else {
PathBuf::from(&self.relative_path).join(&self.name)
};
SdPath {
device_id: device.uuid,
path: PathBuf::from(&location.path).join(full_path),
}
}
}
```
## Benefits
1. **Massive space savings** - 70%+ reduction in path storage
2. **Faster queries** - Smaller indexes, better cache utilization
3. **Cross-device compatible** - Prefix includes device information
4. **Backward compatible** - UUIDs preserved for external APIs
5. **Future proof** - Easy to add more optimizations
## Migration Strategy
1. Add integer columns alongside UUID columns
2. Build prefix table from existing data
3. Gradually migrate queries to use integer IDs
4. Keep UUID columns for external compatibility
## Sync Considerations
- UUIDs remain the canonical identifier for sync
- Integer IDs are device-local for performance
- Prefix table syncs as part of device metadata
- No changes to sync protocol required

222
docs/core/design/DESIGN_VDFS_INTEGRATION.md
View File

@@ -1,222 +0,0 @@
# Virtual Distributed File System - Integration Design
## How SdPath and the New Data Model Enable True VDFS
The combination of SdPath and the decoupled data model creates a powerful foundation for Spacedrive's Virtual Distributed File System.
## Core Concepts Working Together
### 1. SdPath: Universal File Addressing
```rust
// Any file, anywhere in your library
let photo = SdPath::new(macbook_id, "/Users/jamie/Photos/sunset.jpg");
let backup = SdPath::new(nas_id, "/backups/photos/sunset.jpg");
```
### 2. Entry: Universal File Representation
```rust
// Both files are Entries with full metadata support
let photo_entry = Entry {
sd_path: photo.serialize(),
metadata_id: uuid_1, // Has tags, notes, etc.
content_id: Some(content_uuid), // Same content!
};
let backup_entry = Entry {
sd_path: backup.serialize(),
metadata_id: uuid_2, // Different metadata possible
content_id: Some(content_uuid), // Recognized as duplicate
};
```
## Key Scenarios
### Scenario 1: Cross-Device File Management
```rust
// Tag a file on your iPhone from your MacBook
let iphone_file = SdPath::new(iphone_id, "/DCIM/IMG_1234.jpg");
tag_file(iphone_file, "Vacation").await?;
// Works even if the file isn't indexed yet!
// Copy tagged files from multiple devices to NAS
let tagged_files = find_files_with_tag("Vacation").await?;
// Returns Entries from ALL devices
for entry in tagged_files {
copy_file(entry.sd_path, nas_backup_folder).await?;
// Preserves tags during copy!
}
```
### Scenario 2: Smart Deduplication
```rust
// Find all copies of a file across devices
let content = get_content_by_cas_id("v2:a1b2c3...").await?;
let all_copies = get_entries_with_content(content.id).await?;
println!("You have {} copies of this file:", all_copies.len());
for entry in all_copies {
println!("- {} on {}", entry.sd_path.path, entry.sd_path.device_name());
}
// Output:
// You have 3 copies of this file:
// - /Users/jamie/sunset.jpg on MacBook Pro
// - /DCIM/sunset.jpg on iPhone
// - /backups/sunset.jpg on NAS
```
### Scenario 3: Ephemeral File Support
```rust
// Browse and tag files on a USB drive without indexing
let usb_file = SdPath::local("/Volumes/USB/document.pdf");
let entry = discover_entry(usb_file).await?; // Quick, no content reading
tag_entry(entry, "Review Later").await?; // Instant tagging!
// Later, even after USB is disconnected
let to_review = find_entries_with_tag("Review Later").await?;
// Shows the file with its USB path, can re-connect to access
```
### Scenario 4: Content Change Handling
```rust
// Edit a tagged document
let doc = SdPath::local("/Documents/report.docx");
edit_document(doc).await?;
// Content changed, but metadata persists
let entry = get_entry_by_sdpath(doc).await?;
assert!(entry.metadata.tags.contains("Important")); // Tags still there!
// Old content identity updated automatically
// Deduplication still works for the new version
```
## Implementation Benefits
### 1. Unified API Surface
```rust
// These all use the same internal logic
copy_files(local_to_local).await?;
copy_files(local_to_remote).await?;
copy_files(remote_to_local).await?;
copy_files(remote_to_remote).await?;
// Frontend doesn't care about device boundaries
mutation CopyFiles($sources: [SdPath!]!, $destination: SdPath!) {
copyFiles(sources: $sources, destination: $destination) {
successful
}
}
```
### 2. Progressive Enhancement
```rust
// Level 1: Quick discovery (milliseconds)
let entry = discover_entry(sd_path).await?;
tag_entry(entry, "Important").await?;
// Level 2: Content identity (seconds, async)
let content_id = index_entry_content(entry, IndexMode::Content).await?;
// Now have deduplication
// Level 3: Deep indexing (minutes, background)
let full_index = deep_index_entry(entry).await?;
// Now have full-text search, thumbnails, etc.
```
### 3. Offline Resilience
```rust
// Tag files on a device that's offline
let offline_file = SdPath::new(laptop_id, "/Documents/todo.txt");
// This creates a "virtual entry" locally
tag_virtual_entry(offline_file, "Urgent").await?;
// When laptop comes online, tag syncs automatically
on_device_connected(laptop_id, |device| {
sync_virtual_entries(device).await?;
});
```
## Database Queries Enabled
### Find files across all devices
```sql
-- All PDFs tagged "Important" regardless of device
SELECT e.*, sd.device_name, um.tags
FROM entry e
JOIN user_metadata um ON e.metadata_id = um.id
JOIN spacedrive_devices sd ON e.device_id = sd.id
WHERE e.name LIKE '%.pdf'
AND 'Important' = ANY(um.tags);
```
### Smart backup detection
```sql
-- Find files that exist on laptop but not on backup drive
SELECT e1.*
FROM entry e1
WHERE e1.device_id = ? -- laptop_id
AND NOT EXISTS (
SELECT 1 FROM entry e2
WHERE e2.device_id = ? -- backup_id
AND e2.content_id = e1.content_id
);
```
### Cross-device duplicate cleanup
```sql
-- Find duplicate files across devices, keep favorited ones
WITH duplicates AS (
SELECT content_id, COUNT(*) as copies
FROM entry
WHERE content_id IS NOT NULL
GROUP BY content_id
HAVING COUNT(*) > 1
)
SELECT e.*, um.favorite, ci.total_size
FROM entry e
JOIN user_metadata um ON e.metadata_id = um.id
JOIN content_identity ci ON e.content_id = ci.id
JOIN duplicates d ON e.content_id = d.content_id
ORDER BY um.favorite DESC, e.created_at ASC;
```
## Future Possibilities
### 1. Global File Search
```rust
// Search across all devices from any device
let results = search_global("sunset photo").await?;
// Returns Entries from MacBook, iPhone, NAS, cloud, etc.
```
### 2. Smart Sync Policies
```rust
// Define rules for automatic file distribution
create_sync_rule(
"Backup photos",
When::FileMatchesPattern("*.jpg"),
When::TaggedWith("Important"),
Action::CopyTo(nas_device),
).await?;
```
### 3. Virtual Folders
```rust
// Create a folder that aggregates files from multiple devices
let virtual_folder = VirtualFolder::new("All Documents")
.include(SdPath::new(laptop_id, "/Documents"))
.include(SdPath::new(desktop_id, "/home/user/Documents"))
.include(SdPath::new(cloud_id, "/Documents"))
.with_filter(|entry| entry.name.ends_with(".pdf"));
```
## Conclusion
The combination of:
1. **SdPath** for universal file addressing
2. **Decoupled data model** for flexible metadata
3. **Progressive indexing** for performance
4. **Content identity** for deduplication
Creates a system where device boundaries disappear and files become truly virtual - accessible, manageable, and searchable regardless of their physical location. This is the true promise of a Virtual Distributed File System.

987
docs/core/design/DEVICE_PAIRING_PROTOCOL.md
View File

@@ -1,987 +0,0 @@
# Spacedrive Device Pairing Protocol Design
## Overview
This document describes the complete design for Spacedrive's secure device pairing protocol. The pairing system allows two Spacedrive devices to establish trust and begin secure communication using a human-readable pairing code.
## Goals
### Primary Goals
- **Security**: Cryptographically secure pairing resistant to common attacks
- **Usability**: Simple 6-word pairing codes that users can easily share
- **Reliability**: Robust discovery and connection establishment
- **Privacy**: No sensitive data transmitted in plaintext during pairing
- **Scalability**: Support for pairing multiple devices in a mesh network
### Security Goals
- Protection against man-in-the-middle (MITM) attacks
- Protection against eavesdropping on pairing communications
- Protection against replay attacks and brute force attempts
- Forward secrecy for post-pairing communications
- Mutual authentication of both devices
## Architecture Overview
```
Device A (Initiator) Device B (Joiner)
│ │
▼ ▼
Generate Code Enter Code
│ │
▼ ▼
Start mDNS Broadcast Scan for mDNS Announcements
│ │
▼ ▼
Listen for Connections Establish Connection
│◄──────────────────────────────────────┤
▼ ▼
Challenge-Response Authentication
│◄──────────────────────────────────────┤
▼ ▼
Exchange Device Information & Public Keys
│◄──────────────────────────────────────┤
▼ ▼
User Confirmation User Confirmation
│ │
▼ ▼
Store Device Info Store Device Info
│ │
▼ ▼
Establish Session Keys Establish Session Keys
```
## Component Design
### 1. Pairing Code System
#### Enhanced PairingCode Structure
```rust
#[derive(Clone, Debug)]
pub struct PairingCode {
/// 256-bit cryptographic secret
pub secret: [u8; 32],
/// Expiration timestamp (5 minutes from creation)
pub expires_at: DateTime<Utc>,
/// 6 words from BIP39 wordlist for user-friendly sharing
pub words: [String; 6],
/// Fingerprint for mDNS discovery (derived from secret)
pub discovery_fingerprint: [u8; 16],
/// Nonce for challenge-response (prevents replay attacks)
pub nonce: [u8; 16],
}
```
#### BIP39 Word Encoding
```rust
impl PairingCode {
/// Generate using proper BIP39 wordlist instead of hex
pub fn generate() -> Result<Self> {
let mut secret = [0u8; 32];
let mut nonce = [0u8; 16];
let rng = ring::rand::SystemRandom::new();
rng.fill(&mut secret)?;
rng.fill(&mut nonce)?;
// Convert first 24 bytes to 6 BIP39 words (4 bytes per word)
let words = bip39::encode_bytes(&secret[..24])?;
// Derive discovery fingerprint from secret + device context
let discovery_fingerprint = Self::derive_fingerprint(&secret);
Ok(PairingCode {
secret,
expires_at: Utc::now() + Duration::minutes(5),
words,
discovery_fingerprint,
nonce,
})
}
/// Derive consistent fingerprint for mDNS discovery
fn derive_fingerprint(secret: &[u8; 32]) -> [u8; 16] {
use blake3::Hasher;
let mut hasher = Hasher::new();
hasher.update(b"spacedrive-pairing-v1");
hasher.update(secret);
let hash = hasher.finalize();
let mut fingerprint = [0u8; 16];
fingerprint.copy_from_slice(&hash.as_bytes()[..16]);
fingerprint
}
}
```
### 2. Network Discovery System
#### mDNS Broadcasting
```rust
pub struct PairingBroadcaster {
mdns_service: mdns::Service,
pairing_code: PairingCode,
device_info: DeviceInfo,
}
impl PairingBroadcaster {
pub async fn start_broadcast(
&self,
code: &PairingCode,
device_info: &DeviceInfo,
) -> Result<()> {
// Broadcast mDNS service with pairing fingerprint
let service_name = format!(
"_spacedrive-pairing._tcp.local."
);
let txt_records = vec![
format!("fp={}", hex::encode(code.discovery_fingerprint)),
format!("device={}", device_info.device_name),
format!("version=1"),
format!("expires={}", code.expires_at.timestamp()),
];
self.mdns_service.register(
service_name,
self.get_local_port(),
txt_records,
).await
}
}
```
#### Device Discovery
```rust
pub struct PairingScanner {
mdns_scanner: mdns::Scanner,
}
impl PairingScanner {
pub async fn find_pairing_device(
&self,
code: &PairingCode,
) -> Result<PairingTarget> {
let target_fingerprint = hex::encode(code.discovery_fingerprint);
// Scan for mDNS services matching our pairing fingerprint
let services = self.mdns_scanner
.scan_for("_spacedrive-pairing._tcp.local.", Duration::from_secs(10))
.await?;
for service in services {
if let Some(fp) = service.txt_record("fp") {
if fp == target_fingerprint {
return Ok(PairingTarget {
address: service.address(),
port: service.port(),
device_name: service.txt_record("device").unwrap_or_default(),
expires_at: service.txt_record("expires")
.and_then(|s| s.parse::<i64>().ok())
.map(|ts| DateTime::from_timestamp(ts, 0))
.flatten(),
});
}
}
}
Err(NetworkError::DeviceNotFound("No matching pairing device found".into()))
}
}
```
### 3. Secure Transport Layer
#### Pairing Connection
```rust
pub struct PairingConnection {
transport: Box<dyn SecureTransport>,
state: PairingState,
local_device: DeviceInfo,
}
#[derive(Debug, Clone)]
pub enum PairingState {
Connecting,
Authenticating,
ExchangingKeys,
AwaitingConfirmation,
Completed,
Failed(String),
}
impl PairingConnection {
/// Establish secure connection for pairing
pub async fn connect_for_pairing(
target: PairingTarget,
local_device: DeviceInfo,
) -> Result<Self> {
// Use TLS with ephemeral certificates for initial security
let tls_config = Self::create_ephemeral_tls_config()?;
let transport = TlsTransport::connect(target.address, target.port, tls_config).await?;
Ok(PairingConnection {
transport: Box::new(transport),
state: PairingState::Connecting,
local_device,
})
}
/// Create self-signed certificate for pairing session
fn create_ephemeral_tls_config() -> Result<TlsConfig> {
// Generate ephemeral key pair for this pairing session
let key_pair = rcgen::KeyPair::generate(&rcgen::PKCS_ED25519)?;
let cert = rcgen::Certificate::from_params(
rcgen::CertificateParams::new(vec!["spacedrive-pairing".to_string()])?
)?;
Ok(TlsConfig {
certificate: cert.serialize_der()?,
private_key: key_pair.serialize_der(),
verify_mode: TlsVerifyMode::AllowSelfSigned, // For pairing only
})
}
}
```
### 4. Challenge-Response Authentication
#### Authentication Protocol
```rust
#[derive(Serialize, Deserialize, Debug)]
pub enum PairingMessage {
/// Initiator sends challenge
Challenge {
initiator_nonce: [u8; 16],
timestamp: DateTime<Utc>,
},
/// Joiner responds with proof of pairing code knowledge
ChallengeResponse {
response_hash: [u8; 32],
joiner_nonce: [u8; 16],
timestamp: DateTime<Utc>,
},
/// Initiator confirms joiner's response and proves own knowledge
ChallengeConfirmation {
confirmation_hash: [u8; 32],
timestamp: DateTime<Utc>,
},
/// Device information exchange
DeviceInfo {
device_info: DeviceInfo,
public_key: PublicKey,
signature: Vec<u8>, // Signature over device_info + public_key
},
/// User confirmation of pairing
PairingConfirmation {
accepted: bool,
user_confirmation_signature: Vec<u8>,
},
/// Final session key establishment
SessionKeyExchange {
encrypted_session_key: Vec<u8>,
key_confirmation_hash: [u8; 32],
},
}
impl PairingConnection {
/// Perform challenge-response authentication
pub async fn authenticate_pairing_code(
&mut self,
pairing_code: &PairingCode,
is_initiator: bool,
) -> Result<()> {
self.state = PairingState::Authenticating;
if is_initiator {
self.authenticate_as_initiator(pairing_code).await
} else {
self.authenticate_as_joiner(pairing_code).await
}
}
async fn authenticate_as_initiator(
&mut self,
pairing_code: &PairingCode,
) -> Result<()> {
// 1. Send challenge to joiner
let challenge = PairingMessage::Challenge {
initiator_nonce: pairing_code.nonce,
timestamp: Utc::now(),
};
self.send_message(challenge).await?;
// 2. Receive and verify joiner's response
let response = self.receive_message().await?;
match response {
PairingMessage::ChallengeResponse {
response_hash,
joiner_nonce,
timestamp
} => {
// Verify joiner knows the pairing code
let expected_hash = Self::compute_challenge_hash(
&pairing_code.secret,
&pairing_code.nonce,
&joiner_nonce,
timestamp,
)?;
if response_hash != expected_hash {
return Err(NetworkError::AuthenticationFailed(
"Invalid challenge response".into()
));
}
// 3. Send confirmation proving we also know the code
let confirmation_hash = Self::compute_challenge_hash(
&pairing_code.secret,
&joiner_nonce,
&pairing_code.nonce,
timestamp,
)?;
let confirmation = PairingMessage::ChallengeConfirmation {
confirmation_hash,
timestamp: Utc::now(),
};
self.send_message(confirmation).await?;
Ok(())
}
_ => Err(NetworkError::ProtocolError("Unexpected message type".into())),
}
}
async fn authenticate_as_joiner(
&mut self,
pairing_code: &PairingCode,
) -> Result<()> {
// 1. Receive challenge from initiator
let challenge = self.receive_message().await?;
match challenge {
PairingMessage::Challenge { initiator_nonce, timestamp } => {
// 2. Verify challenge is recent (prevent replay attacks)
let age = Utc::now().signed_duration_since(timestamp);
if age.num_seconds() > 30 {
return Err(NetworkError::AuthenticationFailed(
"Challenge too old".into()
));
}
// 3. Generate response proving we know the pairing code
let joiner_nonce = Self::generate_nonce();
let response_hash = Self::compute_challenge_hash(
&pairing_code.secret,
&initiator_nonce,
&joiner_nonce,
timestamp,
)?;
let response = PairingMessage::ChallengeResponse {
response_hash,
joiner_nonce,
timestamp: Utc::now(),
};
self.send_message(response).await?;
// 4. Receive and verify initiator's confirmation
let confirmation = self.receive_message().await?;
match confirmation {
PairingMessage::ChallengeConfirmation {
confirmation_hash,
timestamp: conf_timestamp
} => {
let expected_hash = Self::compute_challenge_hash(
&pairing_code.secret,
&joiner_nonce,
&initiator_nonce,
conf_timestamp,
)?;
if confirmation_hash != expected_hash {
return Err(NetworkError::AuthenticationFailed(
"Invalid challenge confirmation".into()
));
}
Ok(())
}
_ => Err(NetworkError::ProtocolError("Unexpected message type".into())),
}
}
_ => Err(NetworkError::ProtocolError("Expected challenge message".into())),
}
}
/// Compute HMAC-based challenge hash
fn compute_challenge_hash(
secret: &[u8; 32],
nonce1: &[u8; 16],
nonce2: &[u8; 16],
timestamp: DateTime<Utc>,
) -> Result<[u8; 32]> {
use ring::hmac;
let key = hmac::Key::new(hmac::HMAC_SHA256, secret);
let mut context = hmac::Context::with_key(&key);
context.update(nonce1);
context.update(nonce2);
context.update(&timestamp.timestamp().to_le_bytes());
context.update(b"spacedrive-pairing-challenge-v1");
let tag = context.sign();
let mut hash = [0u8; 32];
hash.copy_from_slice(tag.as_ref());
Ok(hash)
}
}
```
### 5. Device Information Exchange
#### Secure Key Exchange
```rust
impl PairingConnection {
/// Exchange device information and public keys
pub async fn exchange_device_information(
&mut self,
local_device: &DeviceInfo,
local_private_key: &PrivateKey,
) -> Result<DeviceInfo> {
self.state = PairingState::ExchangingKeys;
// 1. Prepare our device information with signature
let device_message = self.create_signed_device_message(
local_device,
local_private_key,
).await?;
// 2. Exchange device information simultaneously
let (send_result, receive_result) = tokio::join!(
self.send_message(device_message),
self.receive_message()
);
send_result?;
let remote_message = receive_result?;
// 3. Verify remote device information
match remote_message {
PairingMessage::DeviceInfo {
device_info,
public_key,
signature
} => {
// Verify signature over device info + public key
let signed_data = Self::serialize_for_signature(&device_info, &public_key)?;
if !public_key.verify(&signed_data, &signature) {
return Err(NetworkError::AuthenticationFailed(
"Invalid device signature".into()
));
}
// Verify network fingerprint matches computed value
let expected_fingerprint = NetworkFingerprint::from_device(
device_info.device_id,
&public_key
);
if device_info.network_fingerprint != expected_fingerprint {
return Err(NetworkError::AuthenticationFailed(
"Network fingerprint mismatch".into()
));
}
Ok(device_info)
}
_ => Err(NetworkError::ProtocolError("Expected device info message".into())),
}
}
async fn create_signed_device_message(
&self,
device_info: &DeviceInfo,
private_key: &PrivateKey,
) -> Result<PairingMessage> {
let public_key = private_key.public_key();
let signed_data = Self::serialize_for_signature(device_info, &public_key)?;
let signature = private_key.sign(&signed_data);
Ok(PairingMessage::DeviceInfo {
device_info: device_info.clone(),
public_key,
signature,
})
}
fn serialize_for_signature(
device_info: &DeviceInfo,
public_key: &PublicKey,
) -> Result<Vec<u8>> {
let mut data = Vec::new();
data.extend_from_slice(device_info.device_id.as_bytes());
data.extend_from_slice(device_info.device_name.as_bytes());
data.extend_from_slice(public_key.as_bytes());
data.extend_from_slice(b"spacedrive-device-signature-v1");
Ok(data)
}
}
```
### 6. User Confirmation Flow
#### Interactive Confirmation
```rust
pub trait PairingUserInterface {
/// Ask user to confirm pairing with remote device
async fn confirm_pairing(&self, remote_device: &DeviceInfo) -> Result<bool>;
/// Show pairing progress to user
async fn show_pairing_progress(&self, state: PairingState);
/// Display pairing error to user
async fn show_pairing_error(&self, error: &NetworkError);
}
impl PairingConnection {
/// Handle user confirmation on both sides
pub async fn handle_user_confirmation(
&mut self,
remote_device: &DeviceInfo,
ui: &dyn PairingUserInterface,
is_initiator: bool,
) -> Result<bool> {
self.state = PairingState::AwaitingConfirmation;
// Show device info to user and get confirmation
let user_accepted = ui.confirm_pairing(remote_device).await?;
// Create confirmation message with user's decision
let confirmation = PairingMessage::PairingConfirmation {
accepted: user_accepted,
user_confirmation_signature: self.create_confirmation_signature(
user_accepted,
remote_device,
)?,
};
if is_initiator {
// Initiator sends first, then receives
self.send_message(confirmation).await?;
let remote_confirmation = self.receive_message().await?;
self.verify_remote_confirmation(remote_confirmation, user_accepted)
} else {
// Joiner receives first, then sends
let remote_confirmation = self.receive_message().await?;
self.send_message(confirmation).await?;
self.verify_remote_confirmation(remote_confirmation, user_accepted)
}
}
fn verify_remote_confirmation(
&self,
message: PairingMessage,
local_accepted: bool,
) -> Result<bool> {
match message {
PairingMessage::PairingConfirmation {
accepted: remote_accepted,
user_confirmation_signature: _
} => {
// Both users must accept for pairing to succeed
Ok(local_accepted && remote_accepted)
}
_ => Err(NetworkError::ProtocolError("Expected confirmation message".into())),
}
}
}
```
### 7. Session Key Establishment
#### Forward Secrecy Keys
```rust
impl PairingConnection {
/// Establish session keys for future communication
pub async fn establish_session_keys(
&mut self,
remote_device: &DeviceInfo,
local_private_key: &PrivateKey,
) -> Result<SessionKeys> {
// Generate ephemeral key pair for forward secrecy
let ephemeral_private = PrivateKey::generate()?;
let ephemeral_public = ephemeral_private.public_key();
// Perform Elliptic Curve Diffie-Hellman key exchange
let shared_secret = self.perform_ecdh_exchange(
&ephemeral_private,
&ephemeral_public,
&remote_device.public_key,
).await?;
// Derive session keys using HKDF
let session_keys = SessionKeys::derive_from_shared_secret(
&shared_secret,
&self.local_device.device_id,
&remote_device.device_id,
)?;
// Confirm both sides derived the same keys
self.confirm_session_keys(&session_keys).await?;
self.state = PairingState::Completed;
Ok(session_keys)
}
async fn perform_ecdh_exchange(
&mut self,
local_ephemeral_private: &PrivateKey,
local_ephemeral_public: &PublicKey,
remote_static_public: &PublicKey,
) -> Result<[u8; 32]> {
// Send our ephemeral public key
let key_exchange = PairingMessage::SessionKeyExchange {
encrypted_session_key: local_ephemeral_public.as_bytes().to_vec(),
key_confirmation_hash: [0u8; 32], // Will be filled after ECDH
};
// Exchange ephemeral public keys
let (send_result, receive_result) = tokio::join!(
self.send_message(key_exchange),
self.receive_message()
);
send_result?;
let remote_exchange = receive_result?;
match remote_exchange {
PairingMessage::SessionKeyExchange {
encrypted_session_key: remote_ephemeral_public_bytes,
key_confirmation_hash: _,
} => {
let remote_ephemeral_public = PublicKey::from_bytes(
remote_ephemeral_public_bytes
)?;
// Perform ECDH to get shared secret
let shared_secret = local_ephemeral_private.ecdh(
&remote_ephemeral_public
)?;
Ok(shared_secret)
}
_ => Err(NetworkError::ProtocolError("Expected key exchange message".into())),
}
}
}
#[derive(Debug, Clone)]
pub struct SessionKeys {
/// Key for encrypting outgoing messages
pub send_key: [u8; 32],
/// Key for decrypting incoming messages
pub receive_key: [u8; 32],
/// Key for message authentication codes
pub mac_key: [u8; 32],
/// Initialization vector for first message
pub initial_iv: [u8; 12],
}
impl SessionKeys {
/// Derive session keys using HKDF
pub fn derive_from_shared_secret(
shared_secret: &[u8; 32],
local_device_id: &Uuid,
remote_device_id: &Uuid,
) -> Result<Self> {
use ring::hkdf;
let salt = b"spacedrive-session-keys-v1";
let info_base = format!("{}:{}", local_device_id, remote_device_id);
let prk = hkdf::Salt::new(hkdf::HKDF_SHA256, salt)
.extract(shared_secret);
let mut send_key = [0u8; 32];
let mut receive_key = [0u8; 32];
let mut mac_key = [0u8; 32];
let mut initial_iv = [0u8; 12];
prk.expand(&[format!("{}-send", info_base).as_bytes()], &mut send_key)?;
prk.expand(&[format!("{}-receive", info_base).as_bytes()], &mut receive_key)?;
prk.expand(&[format!("{}-mac", info_base).as_bytes()], &mut mac_key)?;
prk.expand(&[format!("{}-iv", info_base).as_bytes()], &mut initial_iv)?;
Ok(SessionKeys {
send_key,
receive_key,
mac_key,
initial_iv,
})
}
}
```
### 8. Persistent Storage Integration
#### Enhanced Network Key Storage
```rust
impl NetworkIdentity {
/// Enhanced persistent storage with proper cryptography
fn save_network_keys(
device_id: &Uuid,
public_key: &PublicKey,
private_key: &EncryptedPrivateKey,
paired_devices: &HashMap<Uuid, PairedDeviceInfo>,
password: &str,
) -> Result<()> {
let path = Self::network_keys_path(device_id)?;
// Create comprehensive key storage
let key_storage = NetworkKeyStorage {
version: 1,
device_id: *device_id,
public_key: public_key.clone(),
encrypted_private_key: private_key.clone(),
paired_devices: paired_devices.clone(),
session_keys: HashMap::new(), // Ephemeral, not stored
created_at: Utc::now(),
updated_at: Utc::now(),
};
// Encrypt entire storage with master password
let encrypted_storage = Self::encrypt_key_storage(&key_storage, password)?;
// Atomic write with backup
Self::atomic_write_with_backup(&path, &encrypted_storage)?;
Ok(())
}
fn encrypt_key_storage(
storage: &NetworkKeyStorage,
password: &str,
) -> Result<EncryptedKeyStorage> {
use ring::{aead, pbkdf2};
use std::num::NonZeroU32;
// Serialize storage
let plaintext = serde_json::to_vec(storage)?;
// Generate salt and nonce
let mut salt = [0u8; 32];
let mut nonce = [0u8; 12];
let rng = ring::rand::SystemRandom::new();
rng.fill(&mut salt)?;
rng.fill(&mut nonce)?;
// Derive encryption key using PBKDF2
let iterations = NonZeroU32::new(100_000).unwrap();
let mut key = [0u8; 32];
pbkdf2::derive(
pbkdf2::PBKDF2_HMAC_SHA256,
iterations,
&salt,
password.as_bytes(),
&mut key,
);
// Encrypt with AES-256-GCM
let unbound_key = aead::UnboundKey::new(&aead::AES_256_GCM, &key)?;
let sealing_key = aead::LessSafeKey::new(unbound_key);
let mut ciphertext = plaintext;
sealing_key.seal_in_place_append_tag(
aead::Nonce::assume_unique_for_key(nonce),
aead::Aad::empty(),
&mut ciphertext,
)?;
Ok(EncryptedKeyStorage {
version: 1,
ciphertext,
salt,
nonce,
iterations: iterations.get(),
})
}
}
#[derive(Serialize, Deserialize, Debug)]
struct NetworkKeyStorage {
version: u32,
device_id: Uuid,
public_key: PublicKey,
encrypted_private_key: EncryptedPrivateKey,
paired_devices: HashMap<Uuid, PairedDeviceInfo>,
session_keys: HashMap<Uuid, SessionKeys>, // Not persisted
created_at: DateTime<Utc>,
updated_at: DateTime<Utc>,
}
#[derive(Serialize, Deserialize, Debug)]
struct PairedDeviceInfo {
device_info: DeviceInfo,
paired_at: DateTime<Utc>,
last_seen: DateTime<Utc>,
trust_level: TrustLevel,
session_history: Vec<SessionRecord>,
}
#[derive(Serialize, Deserialize, Debug)]
enum TrustLevel {
/// Device was manually paired by user
Trusted,
/// Device was paired but user hasn't confirmed recently
Verified,
/// Device pairing is suspect or expired
Untrusted,
}
```
## Security Analysis
### Attack Resistance
#### Man-in-the-Middle (MITM)
- **Protection**: TLS during initial connection + Challenge-response proves both parties know pairing code
- **Additional**: Network fingerprint verification ensures device identity hasn't been tampered with
#### Eavesdropping
- **Protection**: All sensitive data encrypted with TLS + Pairing code never transmitted in plaintext
- **Additional**: Forward secrecy ensures past sessions remain secure even if long-term keys compromised
#### Replay Attacks
- **Protection**: Timestamps and nonces in all challenge-response messages
- **Additional**: 5-minute expiration on pairing codes
#### Brute Force
- **Protection**: 256-bit pairing codes + Rate limiting + Device lockout after failed attempts
- **Additional**: mDNS discovery prevents passive enumeration
#### Insider Attacks
- **Protection**: User confirmation required on both devices + Visual verification of device names
- **Additional**: Trust levels allow revoking suspicious devices
### Cryptographic Primitives
- **Key Generation**: ring::rand::SystemRandom (cryptographically secure)
- **Symmetric Encryption**: AES-256-GCM (authenticated encryption)
- **Asymmetric Encryption**: Ed25519 (modern elliptic curve cryptography)
- **Key Derivation**: PBKDF2-HMAC-SHA256 (100,000 iterations)
- **Message Authentication**: HMAC-SHA256
- **Hashing**: Blake3 (fast, secure, tree-based hashing)
- **Key Exchange**: X25519 ECDH (elliptic curve Diffie-Hellman)
- **Random Generation**: Hardware-backed entropy where available
## Implementation Plan
### Phase 1: Core Infrastructure (Week 1-2)
- [ ] Enhanced PairingCode with BIP39 wordlist
- [ ] mDNS broadcasting and discovery
- [ ] Basic secure transport (TLS with ephemeral certs)
- [ ] Challenge-response authentication
### Phase 2: Device Exchange (Week 3)
- [ ] Device information exchange with signatures
- [ ] Network fingerprint verification
- [ ] Basic user confirmation interface
- [ ] Session key establishment with ECDH
### Phase 3: Persistence & Security (Week 4)
- [ ] Enhanced encrypted key storage
- [ ] Proper private key serialization
- [ ] Trust level management
- [ ] Rate limiting and attack prevention
### Phase 4: Integration & Testing (Week 5-6)
- [ ] Integration with existing Network API
- [ ] Comprehensive security testing
- [ ] Error handling and recovery
- [ ] Performance optimization
### Phase 5: Production Hardening (Week 7-8)
- [ ] Audit and fuzzing
- [ ] Documentation and examples
- [ ] Monitoring and telemetry
- [ ] Deployment and rollout
## Testing Strategy
### Unit Tests
- Cryptographic primitives and key derivation
- Message serialization and protocol handling
- Error conditions and edge cases
### Integration Tests
- Full pairing flow between two simulated devices
- Network discovery and connection establishment
- Persistence and recovery scenarios
### Security Tests
- Penetration testing of pairing protocol
- Fuzzing of network messages
- Timing attack resistance
- Memory safety verification
### Performance Tests
- Pairing latency and throughput
- Battery usage on mobile devices
- Network efficiency and bandwidth usage
## Dependencies
### New Crates Required
```toml
# BIP39 wordlist support
bip39 = "2.0"
# mDNS service discovery
mdns = "3.0"
# Additional cryptography
x25519-dalek = "2.0"
hkdf = "0.12"
# TLS support
rustls = "0.21"
rcgen = "0.11"
# Network utilities
if-watch = "3.0"
local-ip-address = "0.5"
```
### Platform Considerations
- **iOS**: Network Extension framework may be required for mDNS
- **Android**: DISCOVER_SERVICE permission needed
- **Windows**: Windows Firewall configuration for mDNS
- **Linux**: avahi-daemon integration for better mDNS support
## Future Enhancements
### Advanced Features
- **Multi-device pairing**: Chain trust through existing devices
- **QR code pairing**: Visual pairing codes for mobile devices
- **NFC pairing**: Tap-to-pair on supported devices
- **Cloud-assisted pairing**: Fallback for devices behind strict firewalls
- **Enterprise management**: Centralized device provisioning
### Performance Optimizations
- **Connection pooling**: Reuse connections for multiple operations
- **Background sync**: Maintain persistent connections between trusted devices
- **Adaptive discovery**: Intelligent scanning based on network topology
- **Caching**: Cache mDNS results and device information
This design provides a comprehensive, secure foundation for Spacedrive's device pairing system while maintaining usability and performance.

114
docs/core/design/DOMAIN_MODELS_README.md
View File

@@ -1,114 +0,0 @@
# Domain Models
The domain layer contains the core business entities that power Spacedrive's Virtual Distributed File System (VDFS).
## Core Models
### Entry
The foundation of the VDFS. Represents any file or directory that Spacedrive knows about.
```rust
let entry = Entry {
id: Uuid::new_v4(),
sd_path: SdPathSerialized { device_id, path },
name: "vacation.jpg",
kind: EntryKind::File { extension: Some("jpg") },
metadata_id: metadata.id, // ALWAYS has metadata!
content_id: None, // Optional - for deduplication
// ...
};
```
Key features:
- Uses `SdPath` for cross-device addressing
- Always has `UserMetadata` (can tag any file immediately)
- `ContentIdentity` is optional (progressive enhancement)
### UserMetadata
Decoupled from content, enabling immediate tagging of any file.
```rust
let mut metadata = UserMetadata::new(entry.metadata_id);
metadata.add_tag(Tag {
name: "Vacation",
color: Some("#FF6B6B"),
icon: Some(""),
});
metadata.favorite = true;
```
### ContentIdentity
Optional component for deduplication and content-based features.
```rust
let content = ContentIdentity::new(cas_id, CURRENT_CAS_VERSION);
content.kind = ContentKind::Image;
content.media_data = Some(MediaData { width: 3000, height: 2000, ... });
```
### Location
An indexed directory that Spacedrive monitors.
```rust
let location = Location::new(
library_id,
"My Documents",
SdPathSerialized::from_sdpath(&SdPath::local("/Users/me/Documents")),
IndexMode::Deep,
);
```
### Device
Unified concept replacing the old Node/Device/Instance confusion.
```rust
let device = Device::current();
// "MacBook Pro", macOS, online, etc.
```
## Key Relationships
```
Entry (file/dir)
├─ sd_path: SdPathSerialized (cross-device path)
├─ metadata_id → UserMetadata (ALWAYS exists)
└─ content_id → ContentIdentity (optional)
Location (indexed directory)
└─ sd_path: SdPathSerialized (can be on any device)
Device (machine running Spacedrive)
└─ Referenced by SdPath for routing operations
```
## Design Benefits
1. **Immediate Tagging**: Any file can be tagged without content indexing
2. **Cross-Device Operations**: SdPath enables true VDFS
3. **Progressive Enhancement**: Start simple, add features as needed
4. **Content Changes**: Metadata persists when files are edited
5. **Clean Separation**: User data vs content identity
## Usage Example
```rust
// Discover a file
let entry = Entry::new(
SdPath::local("/Users/me/photo.jpg"),
metadata
);
// Tag it immediately (no content indexing required!)
let mut user_meta = UserMetadata::new(entry.metadata_id);
user_meta.add_tag(vacation_tag);
// Later, index content for deduplication
let content = ContentIdentity::new(generate_cas_id(&entry).await?, 2);
entry.content_id = Some(content.id);
// Copy to another device with metadata
let dest = SdPath::new(iphone_id, "/Photos/Vacation");
copy_with_metadata(entry.sd_path(), dest).await?;
```
This architecture enables Spacedrive's promise of a true Virtual Distributed File System!

363
docs/core/design/DYNAMIC_TYPE_GENERATION.md
View File

@@ -1,363 +0,0 @@
# Dynamic Type Generation: The rspc Magic Applied to Spacedrive
## Overview
This document explains how to implement truly dynamic type-safe API generation for Spacedrive's Swift client by applying the techniques pioneered by the rspc library. The goal is to automatically generate complete Swift API enums with actual type references, eliminating the need for manual type registration or hardcoding.
## The Problem: Compile-Time vs Runtime Type Collection
### Current Approach (Doesn't Work)
Our initial attempts tried to use the inventory system to dynamically generate enum variants:
```rust
#[macro_export]
macro_rules! generate_inventory_enums {
() => {
use $crate::ops::registry::{TYPED_ACTIONS, TYPED_QUERIES};
// FAILS: This tries to iterate at compile-time over runtime data
for action in TYPED_ACTIONS.iter() {
// Generate enum variants...
}
};
}
```
**Why This Fails:**
1. **Macro Expansion Time** (compile-time): `generate_inventory_enums!()` tries to expand
2. **Compilation Time** (compile-time): Rust compiles `inventory::submit!` calls
3. **Runtime**: `TYPED_ACTIONS` gets populated via `Lazy::new()`
The fundamental issue: **inventory collects data at runtime, but macros expand at compile-time**.
### The Timeline Problem
```
┌─ COMPILE TIME ─────────────────────────────────┐
│ 1. Macro expansion │
│ - generate_inventory_enums!() needs data │
│ - But TYPED_ACTIONS doesn't exist yet! │
│ │
│ 2. Code compilation │
│ - inventory::submit! calls compile │
│ - Static data structures created │
│ - But no way to iterate at compile-time │
└────────────────────────────────────────────────┘
┌─ RUNTIME ──────────────────────────────────────┐
│ 3. Program execution │
│ - TYPED_ACTIONS populated via Lazy::new() │
│ - inventory::iter() finally works │
│ - But enum was already compiled! │
└────────────────────────────────────────────────┘
```
## The rspc Solution: Trait-Based Type Extraction
### How rspc Solves This
rspc uses **generic functions with type constraints** and **automatic trait implementations** to extract types at compile-time:
#### 1. Generic Registration Functions
```rust
pub fn query<TResolver, TArg, TResult, TResultMarker>(
mut self,
key: &'static str,
builder: impl Fn(UnbuiltProcedureBuilder<TLayerCtx, TResolver>) -> BuiltProcedureBuilder<TResolver>,
) -> Self
where
TArg: DeserializeOwned + Type, // ← Input type must implement Type
TResult: RequestLayer<TResultMarker>, // ← Output type must implement Type
TResolver: Fn(TLayerCtx, TArg) -> TResult + Send + Sync + 'static,
{
// The magic happens here: TResolver::typedef() is called automatically
let type_info = TResolver::typedef(&mut self.type_map);
// Register both the handler AND the type information
}
```
#### 2. Automatic Trait Implementation for Functions
```rust
impl<TFunc, TCtx, TArg, TResult, TResultMarker>
Resolver<TCtx, DoubleArgMarker<TArg, TResultMarker>> for TFunc
where
TArg: DeserializeOwned + Type, // ← Input constraint
TFunc: Fn(TCtx, TArg) -> TResult, // ← Function signature constraint
TResult: RequestLayer<TResultMarker>, // ← Output constraint
{
fn typedef(defs: &mut TypeCollection) -> ProcedureDataType {
typedef::<TArg, TResult::Result>(defs) // ← AUTOMATIC extraction!
}
}
```
#### 3. The Type Extraction Magic
```rust
pub fn typedef<TArg: Type, TResult: Type>(defs: &mut TypeCollection) -> ProcedureDataType {
let arg_ty = TArg::reference(defs, &[]).inner; // ← Extract input type
let result_ty = TResult::reference(defs, &[]).inner; // ← Extract output type
ProcedureDataType { arg_ty, result_ty }
}
```
### Key Insights from rspc
1. **No Runtime Iteration**: Types are extracted through generic constraints, not runtime loops
2. **Automatic Implementation**: Functions automatically get type extraction via trait bounds
3. **Compile-Time Type Collection**: Uses Specta's `TypeCollection` to gather types during compilation
4. **Trait-Based Discovery**: Uses traits to provide type metadata, not runtime data structures
## Applying rspc Magic to Spacedrive
### Solution: Operation Type Extraction Trait
Here's how we can implement the same approach for Spacedrive:
#### 1. Define the Core Trait
```rust
use specta::{Type, TypeCollection};
use serde::{Serialize, de::DeserializeOwned};
/// Trait that provides compile-time type information for operations
pub trait OperationTypeInfo {
type Input: Type + Serialize + DeserializeOwned;
type Output: Type + Serialize + DeserializeOwned;
/// The operation identifier (e.g., "files.copy")
fn identifier() -> &'static str;
/// The wire method for this operation
fn wire_method() -> String {
format!("action:{}.input.v1", Self::identifier())
}
/// Extract type metadata and register with Specta
fn extract_types(collection: &mut TypeCollection) -> OperationMetadata {
OperationMetadata {
identifier: Self::identifier(),
wire_method: Self::wire_method(),
input_type: Self::Input::reference(collection, &[]).inner,
output_type: Self::Output::reference(collection, &[]).inner,
}
}
}
#[derive(Debug, Clone)]
pub struct OperationMetadata {
pub identifier: &'static str,
pub wire_method: String,
pub input_type: specta::DataType,
pub output_type: specta::DataType,
}
```
#### 2. Enhanced Registration Macros
```rust
#[macro_export]
macro_rules! register_library_action {
($action:ty, $name:literal) => {
// Existing inventory registration
impl $crate::client::Wire for <$action as $crate::infra::action::LibraryAction>::Input {
const METHOD: &'static str = $crate::action_method!($name);
}
inventory::submit! {
$crate::ops::registry::ActionEntry {
method: <<$action as $crate::infra::action::LibraryAction>::Input as $crate::client::Wire>::METHOD,
handler: $crate::ops::registry::handle_library_action::<$action>,
input_type_name: stringify!(<$action as $crate::infra::action::LibraryAction>::Input),
output_type_name: "JobHandle",
action_type_name: stringify!($action),
is_library_action: true,
}
}
// NEW: Automatic type extraction trait implementation
impl $crate::ops::OperationTypeInfo for $action {
type Input = <$action as $crate::infra::action::LibraryAction>::Input;
type Output = $crate::infra::job::handle::JobHandle;
fn identifier() -> &'static str {
$name
}
}
// NEW: Register the type info for compile-time collection
inventory::submit! {
$crate::ops::TypeExtractorEntry {
extractor: || <$action as $crate::ops::OperationTypeInfo>::extract_types,
identifier: $name,
}
}
};
}
```
#### 3. Compile-Time Type Collection
```rust
/// Entry for compile-time type extraction
pub struct TypeExtractorEntry {
pub extractor: fn(&mut TypeCollection) -> OperationMetadata,
pub identifier: &'static str,
}
inventory::collect!(TypeExtractorEntry);
/// Generate complete API enums with automatic type discovery
pub fn generate_spacedrive_api() -> (Vec<OperationMetadata>, TypeCollection) {
let mut collection = TypeCollection::default();
let mut operations = Vec::new();
// This WORKS because we iterate over compile-time registered extractors
for entry in inventory::iter::<TypeExtractorEntry>() {
let metadata = (entry.extractor)(&mut collection);
operations.push(metadata);
}
(operations, collection)
}
```
#### 4. Dynamic Enum Generation
```rust
#[macro_export]
macro_rules! generate_dynamic_spacedrive_api {
() => {
use specta::Type;
use serde::{Deserialize, Serialize};
/// Dynamically generated SpacedriveAction enum
#[derive(Debug, Clone, Type, Serialize, Deserialize)]
pub enum SpacedriveAction {
// Generate variants based on collected operations
$(
$variant_name {
input: $input_type,
output: $output_type,
identifier: &'static str,
}
),*
}
impl SpacedriveAction {
pub fn wire_method(&self) -> &str {
match self {
$(
Self::$variant_name { identifier, .. } => {
// Use the wire method from metadata
}
),*
}
}
}
};
}
```
### Benefits of This Approach
#### Compile-Time Type Safety
- All type extraction happens during compilation
- No runtime overhead for type discovery
- Impossible to have type mismatches
#### Automatic Discovery
- New operations automatically appear in Swift types
- No manual registration or hardcoding required
- Zero maintenance burden
#### Complete Type Information
- Swift gets actual Input/Output types, not string names
- Full type safety in Swift client code
- IntelliSense and compile-time checking
#### rspc-Proven Architecture
- Based on battle-tested rspc implementation
- Leverages Specta's type system properly
- Follows Rust's trait-based design patterns
## Implementation Plan
### Phase 1: Core Infrastructure
1. Define `OperationTypeInfo` trait
2. Create `TypeExtractorEntry` and inventory collection
3. Implement `generate_spacedrive_api()` function
### Phase 2: Enhanced Registration Macros
1. Update `register_library_action!` macro
2. Update `register_core_action!` macro
3. Update `register_query!` macro
### Phase 3: Dynamic Generation
1. Create proc macro for enum generation
2. Implement variant generation from metadata
3. Generate wire method implementations
### Phase 4: Swift Integration
1. Update Swift type generator
2. Generate complete Swift API enums
3. Test type safety and completeness
### Phase 5: Testing & Validation
1. Verify all 41 operations are discovered
2. Test Swift compilation and type safety
3. Validate wire method generation
4. Performance testing
## Example Usage
### Rust Side (Automatic)
```rust
// Define an action (unchanged)
pub struct FileCopyAction {
// ... implementation
}
// Register it (enhanced macro does the magic)
register_library_action!(FileCopyAction, "files.copy");
// Generate Swift types (automatic discovery)
let (operations, type_collection) = generate_spacedrive_api();
specta_swift::export(&type_collection, "Types.swift")?;
```
### Swift Side (Generated)
```swift
// Automatically generated - no manual work needed!
public enum SpacedriveAction {
case filesCopy(SpacedriveActionFilesCopyData)
case librariesCreate(SpacedriveActionLibrariesCreateData)
// ... all 29 actions automatically included
}
public struct SpacedriveActionFilesCopyData: Codable {
public let input: FileCopyInput // Actual Swift type!
public let output: JobHandle // Actual Swift type!
public let identifier: String // "files.copy"
}
// Type-safe usage
let copyAction = SpacedriveAction.filesCopy(SpacedriveActionFilesCopyData(
input: FileCopyInput(/* fully typed fields */),
output: JobHandle(/* fully typed fields */),
identifier: "files.copy"
))
```
## Conclusion
By applying rspc's trait-based type extraction approach, we can achieve truly dynamic, type-safe API generation for Spacedrive. This eliminates the compile-time vs runtime data collection problem and provides a scalable, maintainable solution that automatically keeps Swift types in sync with Rust operations.
The key insight from rspc is: **don't try to iterate over runtime data at compile-time. Instead, use traits and generic constraints to extract type information during compilation itself.**

1395
docs/core/design/EMAIL_INGESTION_EXTENSION_DESIGN.md
View File

File diff suppressed because it is too large Load Diff

967
docs/core/design/ENTITY_REFACTOR_DESIGN.md
View File

@@ -1,967 +0,0 @@
# Entity Refactor Design: Library-Scoped ContentIdentity & Hierarchical Metadata
## Overview
This document outlines refactoring the Spacedrive entity system to support global ContentIdentity management and dual-level tagging (file-specific vs content-universal). The design builds on the existing hybrid ID system and content-addressed storage while adding cross-library content discovery and flexible tagging options.
## Current State Analysis
### Strengths of Current Architecture
- **Hybrid ID System**: Already uses both `i32` (performance) and `Uuid` (sync) IDs
- **Content Addressing**: CAS system with `content_hash` provides reliable content fingerprinting
- **Device Awareness**: Solid foundation with device management and network discovery
- **Flexible Metadata**: UserMetadata system supports rich tagging already
- **Sync Foundation**: UUIDs throughout enable cross-device synchronization
### Current Limitations
- **Library-Bound Content**: ContentIdentity not shared across libraries
- **Manual Metadata**: UserMetadata only created when user explicitly adds tags
- **No Global Content APIs**: No way to query "all instances of this content"
## Refactor Goals
1. **Global ContentIdentity**: Make ContentIdentity truly global and discoverable across libraries
2. **Hierarchical Metadata System**: Support both Entry-scoped and ContentIdentity-scoped metadata with hierarchy display
3. **Flexible Metadata Scoping**: UserMetadata can target either Entry or ContentIdentity with hierarchy resolution
4. **Cross-Library Operations**: Enable content discovery and operations across library boundaries
5. **Sync Integration**: Connect tagging operations to the sync system
## Design Changes
### 1. Global ContentIdentity Management
#### Current ContentIdentity
```rust
ContentIdentity {
id: i32, // Auto-increment per library
uuid: Uuid, // Random per library instance
content_hash: String, // Content hash
kind_id: i32, // Content type
entry_count: i32, // References in this library
total_size: i64, // Size in this library
// ...
}
```
#### Proposed: ContentIdentity with UUID-Optional Sync Readiness (Library-Scoped)
```rust
// Enhanced: Library-scoped content identity with sync-ready UUID assignment
ContentIdentity {
id: i32, // Auto-increment per library (local optimization)
uuid: Option<Uuid>, // DETERMINISTIC from content_hash (assigned during content identification phase)
integrity_hash: Option<String>, // Full hash for file validation (generated by validate job)
content_hash: String, // Fast sampled hash for deduplication (generated during content identification)
mime_type_id: Option<i32>, // MIME type foreign key (unchanged)
kind_id: i32, // ContentKind foreign key (unchanged)
media_data: Option<Json>, // MediaData as JSON (unchanged)
total_size: i64, // Size of one instance of this content (renamed from old field)
entry_count: i32, // Entries in THIS library only (unchanged)
first_seen_at: DateTime<Utc>, // When first discovered (unchanged)
last_verified_at: DateTime<Utc>, // When last verified (unchanged)
}
impl ContentIdentity {
/// Generate deterministic UUID from content_hash for sync consistency within library
/// Note: ContentIdentity UUIDs are deterministic from content_hash + library_id
/// This ensures same content in different libraries has different UUIDs
/// Maintains library isolation while enabling deterministic sync
pub fn deterministic_uuid(content_hash: &str, library_id: Uuid) -> Uuid {
let namespace = Uuid::new_v5(&LIBRARY_NAMESPACE, library_id.as_bytes());
Uuid::new_v5(&namespace, content_hash.as_bytes())
}
/// Calculate combined size on-demand (no need to cache entry_count * total_size)
pub fn combined_size(&self) -> i64 {
self.entry_count as i64 * self.total_size
}
/// Find or create content identity during content identification phase
pub async fn find_or_create(
content_hash: String,
kind_id: i32,
total_size: i64,
mime_type_id: Option<i32>,
library_id: Uuid,
library_db: &DatabaseConnection,
) -> Result<Self> {
// Check if content identity already exists by content_hash
if let Some(existing) = Self::find_by_content_hash(&content_hash, library_db).await? {
// Update entry count for existing content
existing.increment_entry_count().await?;
Ok(existing)
} else {
// Create new content identity with deterministic UUID (ready for sync)
let deterministic_uuid = Self::deterministic_uuid(&content_hash, library_id);
let new_identity = ContentIdentityActiveModel {
uuid: Set(Some(deterministic_uuid)),
integrity_hash: Set(None), // Generated later by validate job
content_hash: Set(content_hash),
mime_type_id: Set(mime_type_id),
kind_id: Set(kind_id),
media_data: Set(None), // Set during media analysis
total_size: Set(total_size),
entry_count: Set(1),
first_seen_at: Set(Utc::now()),
last_verified_at: Set(Utc::now()),
};
Ok(new_identity.insert(library_db).await?)
}
}
}
```
### 2. Unified UserMetadata with Hierarchical Scoping
#### Current Tagging
```rust
// Current: Tags linked through UserMetadata
UserMetadata {
id: i32,
uuid: Uuid, // Matches Entry.metadata_id (optional)
notes: Option<String>,
favorite: bool,
hidden: bool,
custom_data: Option<Value>,
}
// Current: Only Entry-level tags via junction table
metadata_tags: (metadata_id, tag_id)
```
#### Proposed: Scoped UserMetadata with Hierarchy Display
```rust
// UserMetadata can target either Entry OR ContentIdentity (mutual exclusivity)
UserMetadata {
id: i32,
uuid: Uuid,
// Exactly one of these is set - defines the scope
entry_uuid: Option<Uuid>, // File-specific metadata (higher priority in hierarchy)
content_identity_uuid: Option<Uuid>, // Content-universal metadata (lower priority in hierarchy)
// All metadata types benefit from scope flexibility
notes: Option<String>,
favorite: bool,
hidden: bool,
custom_data: Option<Value>,
created_at: DateTime<Utc>,
updated_at: DateTime<Utc>,
}
// Tags remain linked through UserMetadata (existing junction table)
user_metadata_tags {
user_metadata_id: i32, // Reference to UserMetadata
tag_uuid: Uuid, // Reference to Tag
created_at: DateTime<Utc>,
device_uuid: Uuid, // Which device applied this tag
PRIMARY KEY (user_metadata_id, tag_uuid)
}
```
#### Hierarchy Display Logic
```rust
pub struct MetadataDisplay {
pub notes: Vec<MetadataNote>, // Both entry and content notes shown
pub tags: Vec<MetadataTag>, // Both entry and content tags shown
pub favorite: bool, // Entry-level overrides content-level
pub hidden: bool, // Entry-level overrides content-level
pub custom_data: Option<Value>, // Entry-level overrides content-level
}
pub struct MetadataNote {
pub content: String,
pub scope: MetadataScope,
pub created_at: DateTime<Utc>,
}
pub struct MetadataTag {
pub tag: Tag,
pub scope: MetadataScope,
pub created_at: DateTime<Utc>,
}
pub enum MetadataScope {
Entry, // File-specific (higher priority)
Content, // Content-universal (lower priority)
}
```
### 3. Enhanced Entry Processing
#### Current Entry Creation
```rust
// Current: Metadata created on-demand
Entry {
metadata_id: Option<Uuid>, // Only set when user adds tags
content_id: Option<i32>, // Only set during content indexing
// ...
}
```
#### Proposed: Phased Entry Processing
```rust
// Entry processing happens in phases - ContentIdentity created later
Entry {
id: i32, // Auto-increment for local queries (unchanged)
uuid: Option<Uuid>, // None until content identification phase complete (sync readiness indicator)
metadata_id: Option<Uuid>, // Created when user adds metadata
content_id: Option<i32>, // None initially, set during content identification phase
// ... other fields unchanged
}
impl Entry {
/// Create entry during processing phase (no ContentIdentity yet)
pub async fn create(
location_id: i32,
path: &SdPath,
file_info: &FileInfo,
library_db: &DatabaseConnection,
) -> Result<Self> {
let entry = EntryActiveModel {
uuid: Set(None), // No UUID until content identification phase
metadata_id: Set(None), // No metadata initially
content_id: Set(None), // ContentIdentity created later in content identification phase
location_id: Set(location_id),
relative_path: Set(path.relative_path()),
name: Set(path.name()),
// ... other fields from file_info
}.insert(library_db).await?;
Ok(entry)
}
/// Create UserMetadata when user adds tags/metadata
pub async fn ensure_metadata(&mut self, library_db: &DatabaseConnection) -> Result<UserMetadata> {
if let Some(metadata_id) = self.metadata_id {
// Metadata already exists
UserMetadata::find_by_uuid(metadata_id, library_db).await?
.ok_or(Error::MetadataNotFound)
} else {
// Create new metadata
let metadata_uuid = Uuid::new_v4();
let user_metadata = UserMetadataActiveModel {
uuid: Set(metadata_uuid),
entry_uuid: Set(self.uuid), // Entry-scoped UserMetadata
content_identity_uuid: Set(None), // Mutually exclusive with entry_uuid
created_at: Set(Utc::now()),
updated_at: Set(Utc::now()),
// ... other fields with defaults
}.insert(library_db).await?;
// Update entry to reference new metadata
self.metadata_id = Some(metadata_uuid);
self.update(library_db).await?;
Ok(user_metadata)
}
}
/// Link to content identity during content identification phase and assign UUID for sync readiness
pub async fn link_to_content_identity(
&mut self,
content_hash: String,
kind_id: i32,
total_size: i64,
mime_type_id: Option<i32>,
library_id: Uuid,
library_db: &DatabaseConnection,
) -> Result<ContentIdentity> {
// Find or create content identity during content identification phase
let content_identity = ContentIdentity::find_or_create(
content_hash, kind_id, total_size, mime_type_id, library_id, library_db
).await?;
// Update Entry with content_id AND assign UUID (now ready for sync)
self.content_id = Some(content_identity.id);
self.uuid = Some(Uuid::new_v4()); // Entry now ready for sync
self.update(library_db).await?;
// Note: UserMetadata targeting remains entry-scoped (entry_uuid)
// Content-scoped UserMetadata created separately via "Apply to all instances" promotion
// integrity_hash will be generated later by separate validate job
Ok(content_identity)
}
/// UUID Assignment Rules:
/// - Directories: Assign UUID immediately (no content to identify)
/// - Empty files: Assign UUID immediately (size = 0, no content to hash)
/// - Regular files: Assign UUID after content identification completes
pub async fn should_assign_uuid_immediately(&self) -> bool {
self.kind == EntryKind::Directory || self.size == 0
}
}
```
### 4. Hierarchical Metadata Operations
```rust
pub enum MetadataTarget {
/// Metadata for this specific file instance (syncs with Index domain)
Entry(Uuid),
/// Metadata for all instances of this content within library (syncs with UserMetadata domain)
Content(Uuid),
}
pub struct MetadataService {
library_db: Arc<DatabaseConnection>,
current_device_uuid: Uuid,
}
impl MetadataService {
/// Add metadata (notes, tags, favorites) with flexible targeting
pub async fn add_metadata(
&self,
target: MetadataTarget,
metadata_update: MetadataUpdate,
) -> Result<UserMetadata> {
match target {
MetadataTarget::Entry(entry_uuid) => {
// File-specific metadata - create entry-scoped UserMetadata
let user_metadata = UserMetadataActiveModel {
uuid: Set(Uuid::new_v4()),
entry_uuid: Set(Some(entry_uuid)),
content_identity_uuid: Set(None), // Mutually exclusive
notes: Set(metadata_update.notes),
favorite: Set(metadata_update.favorite.unwrap_or(false)),
hidden: Set(metadata_update.hidden.unwrap_or(false)),
custom_data: Set(metadata_update.custom_data),
created_at: Set(Utc::now()),
updated_at: Set(Utc::now()),
}.insert(&self.library_db).await?;
// Add tags if provided
if let Some(tag_uuids) = metadata_update.tag_uuids {
self.add_tags_to_metadata(user_metadata.id, tag_uuids).await?;
}
Ok(user_metadata)
}
MetadataTarget::Content(content_identity_uuid) => {
// Content-universal metadata - create content-scoped UserMetadata
let user_metadata = UserMetadataActiveModel {
uuid: Set(Uuid::new_v4()),
entry_uuid: Set(None), // Mutually exclusive
content_identity_uuid: Set(Some(content_identity_uuid)),
notes: Set(metadata_update.notes),
favorite: Set(metadata_update.favorite.unwrap_or(false)),
hidden: Set(metadata_update.hidden.unwrap_or(false)),
custom_data: Set(metadata_update.custom_data),
created_at: Set(Utc::now()),
updated_at: Set(Utc::now()),
}.insert(&self.library_db).await?;
// Add tags if provided
if let Some(tag_uuids) = metadata_update.tag_uuids {
self.add_tags_to_metadata(user_metadata.id, tag_uuids).await?;
}
Ok(user_metadata)
}
}
}
/// Get hierarchical metadata display for an entry (both entry and content metadata shown)
pub async fn get_entry_metadata_display(&self, entry_uuid: Uuid) -> Result<MetadataDisplay> {
let mut display = MetadataDisplay {
notes: Vec::new(),
tags: Vec::new(),
favorite: false,
hidden: false,
custom_data: None,
};
// Get entry-specific metadata
let entry_metadata = UserMetadata::find()
.filter(user_metadata::Column::EntryUuid.eq(entry_uuid))
.find_with_related(Tag)
.all(&self.library_db)
.await?;
for (metadata, tags) in entry_metadata {
// Notes - show both levels
if let Some(notes) = metadata.notes {
display.notes.push(MetadataNote {
content: notes,
scope: MetadataScope::Entry,
created_at: metadata.created_at,
});
}
// Tags - show both levels
for tag in tags {
display.tags.push(MetadataTag {
tag,
scope: MetadataScope::Entry,
created_at: metadata.created_at,
});
}
// Favorites/Hidden - entry overrides (higher priority)
display.favorite = metadata.favorite;
display.hidden = metadata.hidden;
display.custom_data = metadata.custom_data;
}
// Get content-level metadata if entry has content identity
if let Some(entry) = Entry::find_by_uuid(entry_uuid, &self.library_db).await? {
if let Some(content_id) = entry.content_id {
if let Some(content_identity) = ContentIdentity::find_by_id(content_id, &self.library_db).await? {
if let Some(content_uuid) = content_identity.uuid {
let content_metadata = UserMetadata::find()
.filter(user_metadata::Column::ContentIdentityUuid.eq(content_uuid))
.find_with_related(Tag)
.all(&self.library_db)
.await?;
for (metadata, tags) in content_metadata {
// Notes - show both levels
if let Some(notes) = metadata.notes {
display.notes.push(MetadataNote {
content: notes,
scope: MetadataScope::Content,
created_at: metadata.created_at,
});
}
// Tags - show both levels
for tag in tags {
display.tags.push(MetadataTag {
tag,
scope: MetadataScope::Content,
created_at: metadata.created_at,
});
}
// Favorites/Hidden - only use if no entry-level override
if display.favorite == false && metadata.favorite {
display.favorite = true;
}
if display.hidden == false && metadata.hidden {
display.hidden = true;
}
if display.custom_data.is_none() {
display.custom_data = metadata.custom_data;
}
}
}
}
}
}
Ok(display)
}
/// Promote entry-level metadata to content-level ("Apply to all instances")
pub async fn promote_to_content(
&self,
entry_metadata_id: i32,
content_identity_uuid: Uuid,
) -> Result<UserMetadata> {
// Get existing entry-level metadata
let entry_metadata = UserMetadata::find_by_id(entry_metadata_id)
.one(&self.library_db)
.await?
.ok_or(Error::MetadataNotFound)?;
// Create new content-level metadata (entry-level remains for hierarchy)
let content_metadata = UserMetadataActiveModel {
uuid: Set(Uuid::new_v4()),
entry_uuid: Set(None),
content_identity_uuid: Set(Some(content_identity_uuid)),
notes: Set(entry_metadata.notes.clone()),
favorite: Set(entry_metadata.favorite),
hidden: Set(entry_metadata.hidden),
custom_data: Set(entry_metadata.custom_data.clone()),
created_at: Set(Utc::now()),
updated_at: Set(Utc::now()),
}.insert(&self.library_db).await?;
// Copy tags to new content-level metadata
let entry_tags = UserMetadataTag::find()
.filter(user_metadata_tag::Column::UserMetadataId.eq(entry_metadata_id))
.all(&self.library_db)
.await?;
for entry_tag in entry_tags {
UserMetadataTagActiveModel {
user_metadata_id: Set(content_metadata.id),
tag_uuid: Set(entry_tag.tag_uuid),
created_at: Set(Utc::now()),
device_uuid: Set(self.current_device_uuid),
}.insert(&self.library_db).await?;
}
Ok(content_metadata)
}
async fn add_tags_to_metadata(&self, metadata_id: i32, tag_uuids: Vec<Uuid>) -> Result<()> {
for tag_uuid in tag_uuids {
UserMetadataTagActiveModel {
user_metadata_id: Set(metadata_id),
tag_uuid: Set(tag_uuid),
created_at: Set(Utc::now()),
device_uuid: Set(self.current_device_uuid),
}.insert(&self.library_db).await?;
}
Ok(())
}
}
pub struct MetadataUpdate {
pub notes: Option<String>,
pub favorite: Option<bool>,
pub hidden: Option<bool>,
pub custom_data: Option<Value>,
pub tag_uuids: Option<Vec<Uuid>>,
}
```
### 5. Library-Scoped Content Operations
```rust
pub struct ContentService {
library_db: Arc<DatabaseConnection>,
}
impl ContentService {
/// Find all instances of content within this library only
pub async fn find_content_instances(
&self,
content_identity_uuid: Uuid,
) -> Result<Vec<ContentInstance>> {
let entries = Entry::find_by_content_identity_uuid(
content_identity_uuid,
&self.library_db,
).await?;
let mut instances = Vec::new();
for entry in entries {
instances.push(ContentInstance {
entry_uuid: entry.uuid,
path: entry.materialize_path(&self.library_db).await?,
device_uuid: entry.get_device_uuid(&self.library_db).await?,
size: entry.size,
modified_at: entry.date_modified,
});
}
Ok(instances)
}
/// Get content statistics within this library
pub async fn get_content_stats(
&self,
content_identity_uuid: Uuid,
) -> Result<LibraryContentStats> {
let content_identity = ContentIdentity::find_by_uuid(
content_identity_uuid,
&self.library_db,
).await?
.ok_or(Error::ContentNotFound)?;
Ok(LibraryContentStats {
entry_count: content_identity.entry_count,
size: content_identity.size,
combined_size: content_identity.combined_size(),
first_discovered: content_identity.first_discovered_at,
last_verified: content_identity.last_verified_at,
})
}
}
pub struct ContentInstance {
pub entry_uuid: Uuid,
pub path: SdPath,
pub device_uuid: Uuid,
pub size: i64,
pub modified_at: Option<DateTime<Utc>>,
}
pub struct LibraryContentStats {
pub entry_count: i32,
pub total_size: i64, // Size of one instance
pub combined_size: i64, // Calculated on-demand (entry_count * total_size)
pub integrity_hash: Option<String>,
pub content_hash: String,
pub mime_type_id: Option<i32>,
pub kind_id: i32,
pub has_media_data: bool,
pub first_seen: DateTime<Utc>,
pub last_verified: DateTime<Utc>,
}
```
## Migration Strategy
### Phase 1: Foundation Changes
1. **Add deterministic UUID generation** to ContentIdentity (content identification phase)
2. **Add integrity_hash field** to ContentIdentity schema
3. **Enhance UserMetadata** with scoped targeting (entry_uuid OR content_identity_uuid)
4. **Update indexing phases** to defer ContentIdentity creation until content identification
### Phase 2: Enhanced Metadata Linking
1. **Keep current behavior** - UserMetadata created on-demand when users add tags
2. **Update UserMetadata schema** to include content_identity_uuid field
3. **Update indexer** to link UserMetadata to ContentIdentity when both exist
### Phase 3: Hierarchical Metadata APIs
1. **Implement MetadataService** with flexible targeting
2. **Update UI** to offer entry vs content metadata choices with hierarchy display
3. **Migrate existing metadata** to entry-scoped by default
### Phase 4: File Change Handling Integration
1. **Implement content change detection** based on original Spacedrive's proven methods
2. **Add Entry unlinking logic** for content identification phase
3. **Update indexer phases** to handle metadata preservation
4. **Implement ContentService** for library-scoped content operations
### Phase 5: Sync Integration
1. **Connect tagging operations** to sync system
2. **Implement conflict resolution** for content-level tags
3. **Add cross-device tag propagation**
## Database Schema Updates
```sql
-- ContentIdentity enhancements (UUID optional until content identification phase)
ALTER TABLE content_identities
ALTER COLUMN uuid DROP NOT NULL; -- Allow NULL until content identification phase assigns deterministic UUID
ALTER COLUMN full_hash RENAME TO integrity_hash; -- Rename for clarity of purpose
ALTER TABLE content_identities DROP COLUMN cas_version; -- Deprecated, use app version for regeneration if needed
-- Entry UUIDs optional until content identification phase
ALTER TABLE entries
ALTER COLUMN uuid DROP NOT NULL; -- Allow NULL until content identification phase complete
-- UserMetadata enhancements for hierarchical scoping
ALTER TABLE user_metadata
ADD COLUMN entry_uuid TEXT REFERENCES entries(uuid) ON DELETE CASCADE,
ADD COLUMN content_identity_uuid TEXT REFERENCES content_identities(uuid) ON DELETE CASCADE,
ADD COLUMN created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
ADD COLUMN updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP;
-- Ensure mutual exclusivity: exactly one of entry_uuid OR content_identity_uuid is set
ALTER TABLE user_metadata
ADD CONSTRAINT check_metadata_scope
CHECK ((entry_uuid IS NOT NULL AND content_identity_uuid IS NULL) OR
(entry_uuid IS NULL AND content_identity_uuid IS NOT NULL));
-- NOTE: For sync compatibility, entry.metadata_id should be nullable
-- to avoid circular dependency during sync (Entry -> UserMetadata -> Entry)
ALTER TABLE entries
ALTER COLUMN metadata_id DROP NOT NULL; -- Allow NULL during sync resolution
-- Rename existing junction table for clarity
ALTER TABLE metadata_tags RENAME TO user_metadata_tags;
ALTER TABLE user_metadata_tags RENAME COLUMN metadata_id TO user_metadata_id;
ALTER TABLE user_metadata_tags ADD COLUMN device_uuid TEXT NOT NULL REFERENCES devices(uuid);
-- Indexes for performance
CREATE INDEX idx_user_metadata_entry ON user_metadata(entry_uuid);
CREATE INDEX idx_user_metadata_content ON user_metadata(content_identity_uuid);
CREATE INDEX idx_user_metadata_tags_metadata ON user_metadata_tags(user_metadata_id);
CREATE INDEX idx_user_metadata_tags_tag ON user_metadata_tags(tag_uuid);
```
## Benefits
### For Users
- **Flexible Tagging**: Choose between file-specific and content-universal tags
- **Library Content View**: See all instances of content within the current library
- **Intelligent Deduplication**: Better understanding of storage usage within each library
- **Consistent Metadata**: Content tags follow the content everywhere within the library
### For Developers
- **Clean Separation**: Entry-level vs content-level concerns clearly separated
- **Sync-Friendly**: Deterministic ContentIdentity enables consistent sync within libraries
- **Performance**: Hybrid ID system maintains database performance, no redundant cached calculations
- **Library Isolation**: Maintains Spacedrive's zero-knowledge principle between libraries
- **Extensibility**: Foundation for advanced content management features within each library
### For Sync System
- **Sync Readiness Indicator**: `uuid: None` prevents premature syncing until content identification complete
- **Deterministic References**: ContentIdentity UUIDs are consistent across devices within the same library
- **Race Condition Prevention**: No sync operations until both Entry and ContentIdentity are fully processed
- **Clear Domains**: Entry tags sync with index, content tags sync as user metadata
- **Conflict Resolution**: Content-level tags can use union merge strategies
- **Library-Scoped Sync**: Content tags sync within library boundaries, maintaining isolation
## Implementation Notes
1. **Backward Compatibility**: All changes maintain compatibility with existing data and behaviors
2. **UserMetadata Preservation**: Keeps current on-demand creation - only created when users add tags/metadata
3. **Migration Safety**: Each phase can be deployed independently with rollback capability
4. **Performance Impact**: Minimal - mostly adds new tables and optional fields
5. **Sync Integration**: Designed to work seamlessly with the job-based sync system using UUID-optional approach
6. **UI Impact**: New tagging options require UI updates but don't break existing flows
7. **Indexer Compatibility**: Works with existing change detection and content identification flows
8. **Sync Safety**: UUID assignment during content identification prevents race conditions and incomplete data sync
9. **Automatic Sync Integration**: SeaORM hooks with in-memory queuing ensure all database changes are captured for sync
10. **Transaction Safety**: Sync queue flushing at transaction boundaries prevents data loss
11. **Dependency-Aware Sync**: Entry.metadata_id made nullable to resolve circular dependencies during sync
12. **Phased Sync Support**: Database schema supports multi-phase sync to respect foreign key constraints
## File Change Handling
Building on the proven approach from original Spacedrive, our system handles filesystem changes with these principles:
### Core Principle: **"Preserve Entry, Unlink and Re-identify Content"**
Inspired by original Spacedrive's `file_path``object` unlinking strategy, adapted for our Entry → ContentIdentity architecture.
### Content Changes (new content_hash)
**Detection Method** (from original Spacedrive):
- Inode comparison for primary detection
- Modification time comparison with millisecond tolerance
- Content hash verification during content identification phase
**Handling Strategy**:
```rust
// When content change detected during indexing
pub async fn handle_content_change(
entry: &mut Entry,
old_content_hash: Option<String>,
new_content_hash: String,
) -> Result<()> {
// 1. Unlink from old ContentIdentity (like original's object unlinking)
entry.content_id = None;
// entry.uuid preserved - same file, maintain sync continuity
// 2. Preserve all Entry data (like original's file_path preservation)
// - Entry record stays intact
// - Entry UUID preserved (sync continuity)
// - Entry-scoped UserMetadata preserved
// - Filesystem metadata preserved
// 3. Queue for content identification phase
// - Will generate new content_hash
// - Will create/link to appropriate ContentIdentity
// - Entry remains sync-ready throughout process
}
```
**What Happens**:
- **Entry record**: Preserved (same file, same location)
- **Entry UUID**: Preserved (maintains sync continuity for same file)
- **Entry-scoped UserMetadata**: Preserved (follows the file like original)
- **Filesystem metadata**: Preserved (path, timestamps, size)
- **Sync readiness**: Maintained (Entry UUID present, syncs normally)
- **Automatic sync capture**: SeaORM hooks automatically queue sync changes for Entry updates
- **ContentIdentity link**: Unlinked (`content_id = None`)
- **Content-scoped UserMetadata**: Lost (was for old content)
- **Re-identification**: Queued for content identification phase
### File Moves/Renames (same content)
**Detection Method**:
- Same inode, different path
- Modification time unchanged
- Content hash unchanged (when verified)
**Handling Strategy**:
```rust
// Efficient path-only update (like original Spacedrive)
pub async fn handle_file_move(
entry: &mut Entry,
new_path: &SdPath,
) -> Result<()> {
// Only update path-related fields
entry.relative_path = new_path.relative_path();
entry.name = new_path.name();
// Everything else preserved:
// - Entry UUID preserved
// - ContentIdentity link preserved
// - All UserMetadata preserved (both scopes)
}
```
**What Happens**:
- **Entry UUID**: Preserved
- **Entry-scoped UserMetadata**: Preserved
- **ContentIdentity link**: Preserved (`content_id` unchanged)
- **Content-scoped UserMetadata**: Preserved
- **Path update**: Only location fields updated
### Real-time vs Batch Detection
**Real-time Watcher** (when available):
- Immediate detection of file system events
- Content change handling as files are modified
- Efficient move detection via filesystem events
**Batch Indexing** (offline changes):
- Inode + timestamp comparison like original Spacedrive
- Bulk processing of detected changes
- Same preservation principles applied
### Key Improvements Over Original
1. **Hierarchical Metadata**: Both entry and content scopes preserved when appropriate
2. **Sync Readiness**: UUID assignment prevents incomplete sync
3. **Deterministic Content UUIDs**: Enable consistent cross-device content identity
4. **Unified Metadata Model**: All metadata types use same scoping system
### Proven Principles Retained
1. **Never delete Entry records** due to content changes
2. **Preserve user-important data** with the filesystem entry
3. **Unlink and re-identify** rather than delete and recreate
4. **Content-derived data** regenerated as needed
5. **Efficient move handling** for path-only changes
## Metadata Migration Rules
During the indexing process when content changes are detected:
### Automatic Migration Scenarios
1. **Entry-level metadata** → Always preserved (stays with file)
2. **Content-level metadata** → Lost (was for old content)
3. **Hybrid approach** → Future: prompt user for high-value content metadata
### Implementation in Indexer
```rust
// During content change detection in indexer
pub async fn handle_content_change_with_metadata(
entry: &mut Entry,
old_content_id: Option<i32>,
new_content_hash: String,
db: &DatabaseConnection,
) -> Result<()> {
// 1. Check if valuable content metadata exists
if let Some(old_id) = old_content_id {
let content_metadata_count = UserMetadata::find()
.filter(user_metadata::Column::ContentIdentityUuid.eq(old_id))
.count(db)
.await?;
if content_metadata_count > 0 {
// Log for future user notification system
log::info!(
"Content change for entry {} orphaned {} content metadata items",
entry.uuid, content_metadata_count
);
}
}
// 2. Proceed with unlinking
entry.content_id = None;
entry.update(db).await?;
// 3. Queue for content identification
// ... existing logic
}
```
## Sync Behavior
### Entry-Scoped UserMetadata (Index Domain)
```rust
impl Syncable for user_metadata::ActiveModel {
const SYNC_DOMAIN: SyncDomain = SyncDomain::Index; // When entry_uuid is set
fn should_sync(&self) -> bool {
// Only sync entry-scoped metadata (entry_uuid is not null)
self.entry_uuid.as_ref().is_some()
}
}
```
### Content-Scoped UserMetadata (UserMetadata Domain)
```rust
impl Syncable for user_metadata::ActiveModel {
const SYNC_DOMAIN: SyncDomain = SyncDomain::UserMetadata; // When content_identity_uuid is set
fn should_sync(&self) -> bool {
// Only sync content-scoped metadata (content_identity_uuid is not null)
self.content_identity_uuid.as_ref().is_some()
}
fn merge_user_metadata(local: Self::Model, remote: Self::Model) -> MergeResult<Self::Model> {
// Intelligent merge for content-scoped metadata
// Notes: keep both (displayed in hierarchy)
// Tags: union merge via junction table
// Favorites/Hidden: OR logic (true if either is true)
MergeResult::Merged(Self::Model {
favorite: local.favorite || remote.favorite,
hidden: local.hidden || remote.hidden,
notes: merge_notes(local.notes, remote.notes), // Keep both with timestamps
custom_data: merge_custom_data(local.custom_data, remote.custom_data),
updated_at: std::cmp::max(local.updated_at, remote.updated_at),
..local
})
}
}
```
### Sync Examples
**Entry-Scoped Metadata:**
```
Device A: Adds notes "work draft" and tags ["urgent"] to "report.pdf" (Entry-scoped)
Device B: Syncs and sees notes and tags on report.pdf at its local path
Result: Metadata appears on Device B's report.pdf (same Entry UUID synced)
```
**Content-Scoped Metadata:**
```
Device A: Adds notes "important document" and tags ["legal"] to content (Content-scoped)
Device B: Has same content at "/backup/report.pdf" (different path, same content)
Result: Metadata appears on Device B's file too (same ContentIdentity UUID)
```
**Hierarchy Display:**
```
File has both entry-scoped and content-scoped metadata:
- Notes: "work draft" (Entry) + "important document" (Content) - both shown
- Tags: ["urgent"] (Entry) + ["legal"] (Content) - both shown
- Favorite: true (Entry overrides false from Content)
```
**Content Change:**
```
Device A: User adds metadata to "photo.jpg" (Entry-scoped)
Device A: User edits photo.jpg (new content → new ContentIdentity UUID)
Device B: Syncs the changes
Result: Entry-scoped metadata stays with the file, content-scoped metadata is lost
```
**Promotion Example:**
```
User adds tags ["vacation", "family"] to "beach.jpg" (Entry-scoped)
User clicks "Apply to all instances"
System creates Content-scoped metadata with same tags
Now all instances of this content show these tags (hierarchy: both levels displayed)
```
This refactor provides the foundation for a much more powerful and flexible content management system while maintaining the performance, reliability, and UX patterns of the existing architecture.

2053
docs/core/design/EXTENSION_AGENT_SYSTEM.md
View File

File diff suppressed because it is too large Load Diff

1335
docs/core/design/EXTENSION_IPC_DESIGN.md
View File

File diff suppressed because it is too large Load Diff

754
docs/core/design/EXTENSION_JOBS_AND_ACTIONS.md
View File

@@ -1,754 +0,0 @@
# Extension-Defined Jobs and Actions
**Question:** How can WASM extensions register their own custom jobs and actions, not just call existing ones?
**Challenge:** Core uses compile-time registration (`inventory` crate + macros). WASM extensions load at runtime.
---
## Current Core Architecture
### Jobs (Compile-Time Registration)
```rust
// Core defines a job
pub struct EmailScanJob {
pub last_uid: String,
// ... state fields
}
impl Job for EmailScanJob {
const NAME: &'static str = "email_scan";
// ... trait methods
}
// Registers at compile time using inventory
register_job!(EmailScanJob);
```
**Result:** `REGISTRY` HashMap populated at startup with all job types.
### Actions (Compile-Time Registration)
```rust
pub struct FileCopyAction;
impl LibraryAction for FileCopyAction {
type Input = FileCopyInput;
type Output = FileCopyOutput;
// ... implementation
}
// Registers at compile time
crate::register_library_action!(FileCopyAction, "files.copy");
```
**Result:** `LIBRARY_ACTIONS` HashMap populated at compile time.
---
## The WASM Extension Challenge
**Problem:** Extensions load at runtime, but registries are compile-time.
**Options:**
### Option 1: Extensions Define Jobs via WASM Exports (RECOMMENDED)
**Concept:** Extensions export execution functions, Core wraps them in a generic `WasmJob`.
**Architecture:**
```
Extension (WASM):
├── Exports: execute_email_scan(params_json) -> result_json
Core:
├── Wraps in generic WasmJob
├── Job system dispatches WasmJob
├── Executor calls WASM export
└── State serialized/resumed like normal jobs
```
**Extension Code (Beautiful API):**
```rust
use spacedrive_sdk::prelude::*;
// Extension defines job state
#[derive(Serialize, Deserialize)]
pub struct EmailScanState {
pub last_uid: String,
pub processed: usize,
}
// Extension exports execution function
#[no_mangle]
pub extern "C" fn execute_email_scan(params_ptr: u32, params_len: u32) -> u32 {
let ctx = ExtensionContext::from_params(params_ptr, params_len);
let mut state: EmailScanState = ctx.get_job_state()?;
// Do work
let emails = fetch_emails_since(&state.last_uid)?;
for email in emails {
process_email(&ctx, &email)?;
state.processed += 1;
state.last_uid = email.uid.clone();
// Report progress (Core saves state automatically)
ctx.report_progress(state.processed as f32 / emails.len() as f32, &state)?;
}
ctx.complete(&state)
}
```
**Core Integration:**
```rust
// core/src/infra/extension/jobs.rs
pub struct WasmJob {
extension_id: String,
job_name: String, // e.g., "execute_email_scan"
state: Vec<u8>, // Serialized job state
}
impl Job for WasmJob {
const NAME: &'static str = "wasm_extension_job";
const RESUMABLE: bool = true;
}
impl JobHandler for WasmJob {
async fn run(&mut self, ctx: JobContext) -> JobResult<()> {
// Get the WASM instance for this extension
let plugin = ctx.plugin_manager().get(&self.extension_id)?;
// Call the WASM export
let export_fn = plugin.get_function(&self.job_name)?;
let result_ptr = export_fn.call(&[
Value::I32(self.state.as_ptr() as i32),
Value::I32(self.state.len() as i32)
])?;
// Read updated state from WASM memory
self.state = read_from_wasm_memory(result_ptr)?;
Ok(())
}
}
```
**Extension Registers Job:**
```rust
// In plugin_init()
#[no_mangle]
pub extern "C" fn plugin_init() -> i32 {
let ctx = ExtensionContext::new(library_id);
// Register custom job
ctx.register_job(JobRegistration {
name: "email_scan",
export_function: "execute_email_scan",
resumable: true,
})?;
0
}
```
**Dispatching the Job (from WASM or Core):**
```rust
// Extension can dispatch its own job
let job_id = ctx.jobs().dispatch("finance:email_scan", json!({
"provider": "gmail",
"last_uid": "12345"
}))?;
// Or from CLI/GraphQL (once registered)
daemon_client.send(DaemonRequest::Action {
method: "action:jobs.dispatch.input.v1",
payload: json!({
"job_type": "finance:email_scan",
"params": { "provider": "gmail" }
})
});
```
### Option 2: Runtime Registry for Extension Operations
**Concept:** Maintain separate runtime registry for extension-defined operations.
```rust
// Core maintains both registries
static CORE_OPERATIONS: Lazy<HashMap<...>> = ...; // Compile-time
static EXTENSION_OPERATIONS: RwLock<HashMap<...>> = ...; // Runtime
// When extension loads:
plugin_manager.register_operation(
"finance:classify_receipt",
WasmOperationHandler {
extension_id: "finance",
export_fn: "classify_receipt",
}
);
// execute_json_operation checks both:
pub async fn execute_json_operation(method: &str, ...) -> Result<Value> {
// Try core operations first
if let Some(handler) = LIBRARY_QUERIES.get(method) {
return handler(...).await;
}
// Try extension operations
if let Some(handler) = EXTENSION_OPERATIONS.read().get(method) {
return handler.call_wasm(...).await;
}
Err("Unknown method")
}
```
**Extension Registration:**
```rust
#[no_mangle]
pub extern "C" fn plugin_init() -> i32 {
let ctx = ExtensionContext::new(library_id);
// Register custom query
ctx.register_query(
"finance:classify_receipt",
"classify_receipt", // WASM export name
)?;
// Register custom action
ctx.register_action(
"finance:process_email",
"process_email",
)?;
0
}
// Export the handler
#[no_mangle]
pub extern "C" fn classify_receipt(input_ptr: u32, input_len: u32) -> u32 {
let input: ClassifyReceiptInput = read_from_wasm(input_ptr, input_len);
// Extension logic
let result = do_classification(&input);
write_to_wasm(&result)
}
```
### Option 3: Extensions Compose Core Operations (SIMPLEST)
**Concept:** Extensions don't define new operations - they just compose existing ones.
**For Jobs:** Extensions trigger core jobs with extension-specific parameters
**For Actions:** Extensions call sequences of core actions
```rust
// Extension doesn't register new job type
// Instead, uses generic "extension_task" job
#[no_mangle]
pub extern "C" fn scan_emails() -> i32 {
let ctx = ExtensionContext::new(library_id);
// Dispatch a task that will call back into extension
let job_id = ctx.jobs().dispatch("extension_task", json!({
"extension_id": "finance",
"task_name": "scan_emails",
"params": { "provider": "gmail" }
}))?;
0
}
// Core has generic WasmTaskJob that calls extension exports
// Extension exports task handlers:
#[no_mangle]
pub extern "C" fn task_scan_emails(params_ptr: u32) -> u32 {
let ctx = ExtensionContext::from_ptr(params_ptr);
// Extension logic using SDK
let emails = fetch_gmail()?;
for email in emails {
let entry = ctx.vdfs().create_entry(...)?;
let ocr = ctx.ai().ocr(&email.attachment, ...)?;
ctx.vdfs().write_sidecar(...)?;
}
ctx.complete()
}
```
---
## Recommendation: Hybrid Approach
**For Jobs:** Use Option 1 (WASM exports with generic WasmJob wrapper)
**For Actions/Queries:** Use Option 2 (runtime registry)
**Why:**
**Jobs:**
- Long-running, stateful, need resumability
- WASM exports work well for execution
- Core handles persistence/resume
- Clean for extension developers
**Actions/Queries:**
- Short-lived, synchronous
- Can be pure WASM functions
- Runtime registration makes sense
- Extensions can expose custom Wire methods
---
## Proposed Implementation
### 1. Add Runtime Operation Registry
```rust
// core/src/infra/extension/registry.rs
use std::collections::HashMap;
use tokio::sync::RwLock;
pub struct ExtensionOperationRegistry {
queries: RwLock<HashMap<String, WasmQueryHandler>>,
actions: RwLock<HashMap<String, WasmActionHandler>>,
}
struct WasmQueryHandler {
extension_id: String,
export_fn_name: String,
}
impl ExtensionOperationRegistry {
pub async fn register_query(&self, method: String, handler: WasmQueryHandler) {
self.queries.write().await.insert(method, handler);
}
pub async fn call_query(&self, method: &str, payload: Value, pm: &PluginManager) -> Result<Value> {
let handler = self.queries.read().await.get(method).cloned()?;
// Get WASM plugin
let plugin = pm.get_plugin(&handler.extension_id).await?;
// Call WASM export
let export_fn = plugin.get_function(&handler.export_fn_name)?;
let result = export_fn.call(...)?;
Ok(result)
}
}
```
### 2. Update execute_json_operation
```rust
// core/src/infra/daemon/rpc.rs
pub async fn execute_json_operation(...) -> Result<Value> {
// Try core operations (compile-time registry)
if let Some(handler) = LIBRARY_QUERIES.get(method) {
return handler(...).await;
}
// Try extension operations (runtime registry)
if let Some(result) = extension_registry.try_call(method, payload).await? {
return Ok(result);
}
Err("Unknown method")
}
```
### 3. Extension SDK API
```rust
// spacedrive-sdk/src/lib.rs
impl ExtensionContext {
/// Register a custom query operation
pub fn register_query(&self, name: &str, handler: QueryHandler) -> Result<()> {
// Calls host function to add to runtime registry
ffi::register_operation(
&format!("query:{}:{}.v1", self.extension_id(), name),
handler.export_fn_name
)
}
/// Register a custom action operation
pub fn register_action(&self, name: &str, handler: ActionHandler) -> Result<()> {
ffi::register_operation(
&format!("action:{}:{}.input.v1", self.extension_id(), name),
handler.export_fn_name
)
}
/// Register a custom job type
pub fn register_job(&self, registration: JobRegistration) -> Result<()> {
ffi::register_job(&registration)
}
}
pub struct QueryHandler {
pub export_fn_name: String,
}
pub struct JobRegistration {
pub name: String,
pub export_fn_name: String,
pub resumable: bool,
}
```
### 4. Extension Usage (Clean!)
```rust
use spacedrive_sdk::prelude::*;
#[no_mangle]
pub extern "C" fn plugin_init() -> i32 {
let ctx = ExtensionContext::new(library_id);
// Register custom operations
ctx.register_query("classify_receipt", QueryHandler {
export_fn_name: "handle_classify_receipt".into(),
}).ok();
ctx.register_job(JobRegistration {
name: "email_scan".into(),
export_fn_name: "execute_email_scan".into(),
resumable: true,
}).ok();
0
}
// Implement the query handler
#[no_mangle]
pub extern "C" fn handle_classify_receipt(input_ptr: u32, input_len: u32) -> u32 {
let ctx = ExtensionContext::from_params(input_ptr, input_len);
// Read input
let input: ClassifyReceiptInput = ctx.read_input()?;
// Extension logic
let ocr = ctx.ai().ocr(&input.pdf_data, OcrOptions::default())?;
let analysis = parse_receipt(&ocr.text)?;
// Return result
ctx.write_output(&analysis)
}
// Implement the job handler
#[no_mangle]
pub extern "C" fn execute_email_scan(state_ptr: u32, state_len: u32) -> u32 {
let ctx = ExtensionContext::from_params(state_ptr, state_len);
// Read job state
let mut state: EmailScanState = ctx.get_job_state()?;
// Do work
let emails = fetch_since(&state.last_uid)?;
for email in emails {
process_email(&ctx, &email)?;
state.last_uid = email.uid;
ctx.report_progress(state.processed as f32 / emails.len() as f32, &state)?;
}
ctx.complete(&state)
}
```
**Now other extensions/CLI/GraphQL can call:**
```rust
// Call extension-defined query
let result = daemon.send(DaemonRequest::Query {
method: "query:finance:classify_receipt.v1",
payload: json!({ "pdf_data": ... })
});
// Dispatch extension-defined job
let job_id = ctx.jobs().dispatch("finance:email_scan", json!({
"provider": "gmail"
}));
```
---
## Implementation Plan
### Phase 1: Runtime Registry (Week 1)
```rust
// core/src/infra/extension/registry.rs
pub struct ExtensionRegistry {
// Extension-defined operations
operations: RwLock<HashMap<String, WasmOperation>>,
// Extension-defined jobs
jobs: RwLock<HashMap<String, WasmJobRegistration>>,
}
struct WasmOperation {
extension_id: String,
export_fn: String,
operation_type: OperationType,
}
enum OperationType {
Query,
Action,
}
struct WasmJobRegistration {
extension_id: String,
export_fn: String,
resumable: bool,
}
impl ExtensionRegistry {
/// Register a WASM operation at runtime
pub async fn register_operation(
&self,
method: String,
extension_id: String,
export_fn: String,
op_type: OperationType,
) -> Result<()> {
self.operations.write().await.insert(
method,
WasmOperation { extension_id, export_fn, operation_type: op_type }
);
Ok(())
}
/// Call a WASM operation
pub async fn call_operation(
&self,
method: &str,
payload: Value,
plugin_manager: &PluginManager,
) -> Result<Value> {
let op = self.operations.read().await
.get(method)
.cloned()
.ok_or("Operation not found")?;
// Get WASM plugin
let plugin = plugin_manager.get_plugin(&op.extension_id).await?;
// Serialize payload
let payload_bytes = serde_json::to_vec(&payload)?;
// Call WASM export
let export_fn = plugin.get_export(&op.export_fn)?;
let result_ptr = export_fn.call(&mut store, &[
Value::I32(payload_bytes.as_ptr() as i32),
Value::I32(payload_bytes.len() as i32),
])?[0].unwrap_i32() as u32;
// Read result
let result = read_json_from_wasm(plugin.memory(), result_ptr)?;
Ok(result)
}
}
```
### Phase 2: Integrate with execute_json_operation
```rust
// core/src/infra/daemon/rpc.rs
pub async fn execute_json_operation(
method: &str,
library_id: Option<Uuid>,
payload: Value,
core: &Core,
) -> Result<Value> {
// Try core operations first (compile-time registry)
if let Some(handler) = LIBRARY_QUERIES.get(method) {
return handler(core.context.clone(), session, payload).await;
}
// Try extension operations (runtime registry)
if let Some(result) = core.extension_registry()
.call_operation(method, payload, core.plugin_manager())
.await?
{
return Ok(result);
}
Err(format!("Unknown method: {}", method))
}
```
### Phase 3: SDK API
```rust
// spacedrive-sdk/src/extension.rs
impl ExtensionContext {
/// Register a custom query that other clients can call
pub fn register_query(&self, name: &str, export_fn: &str) -> Result<()> {
let method = format!("query:{}:{}.v1", self.extension_id(), name);
ffi::call_host("extension.register_operation", json!({
"method": method,
"export_fn": export_fn,
"operation_type": "query"
}))
}
/// Register a custom action
pub fn register_action(&self, name: &str, export_fn: &str) -> Result<()> {
let method = format!("action:{}:{}.input.v1", self.extension_id(), name);
ffi::call_host("extension.register_operation", json!({
"method": method,
"export_fn": export_fn,
"operation_type": "action"
}))
}
/// Register a custom job type
pub fn register_job(&self, registration: JobRegistration) -> Result<()> {
ffi::call_host("extension.register_job", json!({
"job_name": format!("{}:{}", self.extension_id(), registration.name),
"export_fn": registration.export_fn,
"resumable": registration.resumable
}))
}
}
```
---
## Complete Example: Finance Extension
```rust
use spacedrive_sdk::prelude::*;
#[no_mangle]
pub extern "C" fn plugin_init() -> i32 {
let ctx = ExtensionContext::new(library_id);
// Register custom operations
ctx.register_query("classify_receipt", "classify_receipt_handler").ok();
ctx.register_action("import_receipts", "import_receipts_handler").ok();
ctx.register_job(JobRegistration {
name: "email_scan",
export_fn: "execute_email_scan",
resumable: true,
}).ok();
0
}
// Custom query - callable by anyone via Wire
#[no_mangle]
pub extern "C" fn classify_receipt_handler(input_ptr: u32, input_len: u32) -> u32 {
let ctx = ExtensionContext::from_params(input_ptr, input_len);
let input: ClassifyInput = ctx.read_input().unwrap();
// Use SDK to call core operations
let ocr = ctx.ai().ocr(&input.pdf, OcrOptions::default()).unwrap();
let analysis = ctx.ai().classify_text(&ocr.text, "Extract receipt data").unwrap();
ctx.write_output(&analysis)
}
// Custom action - creates receipts from email
#[no_mangle]
pub extern "C" fn import_receipts_handler(input_ptr: u32, input_len: u32) -> u32 {
let ctx = ExtensionContext::from_params(input_ptr, input_len);
let input: ImportInput = ctx.read_input().unwrap();
let mut imported = vec![];
for email in input.emails {
let entry = ctx.vdfs().create_entry(CreateEntry {
name: format!("Receipt: {}", email.subject),
path: format!("receipts/{}.eml", email.id),
entry_type: "FinancialDocument".into(),
}).unwrap();
imported.push(entry.id);
}
ctx.write_output(&json!({ "imported_ids": imported }))
}
// Custom job - resumable email scanning
#[no_mangle]
pub extern "C" fn execute_email_scan(state_ptr: u32, state_len: u32) -> u32 {
let ctx = ExtensionContext::from_job_params(state_ptr, state_len);
let mut state: EmailScanState = ctx.get_job_state().unwrap();
// Resumable work
let emails = fetch_emails_since(&state.last_uid).unwrap();
for (i, email) in emails.iter().enumerate() {
process_email(&ctx, email).unwrap();
state.last_uid = email.uid.clone();
state.processed += 1;
ctx.report_progress(i as f32 / emails.len() as f32, &state).ok();
}
ctx.complete(&state)
}
```
**Then from CLI:**
```bash
# Call extension-defined query
spacedrive query finance:classify_receipt --pdf receipt.pdf
# Dispatch extension-defined job
spacedrive jobs dispatch finance:email_scan --provider gmail
# Call from other extensions!
let result = ctx.call_query("finance:classify_receipt", input)?;
```
---
## Summary
**Key Insights:**
1. **Extensions CAN register custom operations** - via runtime registry
2. **Wire methods namespaced by extension** - `"finance:classify_receipt"`
3. **WASM exports are operation handlers** - clean separation
4. **Same privileges as core** - extensions are first-class
**Benefits:**
Extensions can define domain-specific operations
Operations are reusable (other extensions can call them!)
Clean SDK API hides complexity
Core handles persistence/resumability
Type-safe via JSON schemas
**Implementation:**
- Runtime registry: ~300 lines
- WASM job wrapper: ~200 lines
- SDK registration API: ~200 lines
- **Total: ~700 lines**
**Timeline:** 1-2 weeks to implement
Ready to build this?

775
docs/core/design/EXTENSION_JOB_PARITY.md
View File

@@ -1,775 +0,0 @@
# Extension Job System Parity
**Question:** Can extensions do everything core jobs can? (Progress, checkpoints, child jobs, metrics, etc.)
**Answer:** YES - by exposing JobContext capabilities through host functions.
---
## What Core Jobs Can Do
Based on `JobContext` in `core/src/infra/job/context.rs`:
| Capability | Core Job API | Purpose |
|------------|-------------|---------|
| **Progress** | `ctx.progress(Progress::percent(0.5))` | Report 0-100% progress |
| **Checkpoints** | `ctx.checkpoint()` | Save state for resumability |
| **State Persistence** | `ctx.save_state(&state)` | Store job state |
| **State Loading** | `ctx.load_state::<State>()` | Resume from saved state |
| **Interruption Check** | `ctx.check_interrupt()` | Handle pause/cancel |
| **Metrics** | `ctx.increment_bytes(1000)` | Track bytes/items processed |
| **Warnings** | `ctx.add_warning("message")` | Non-fatal issues |
| **Errors** | `ctx.add_non_critical_error(err)` | Recoverable errors |
| **Logging** | `ctx.log("message")` | Structured logging |
| **Child Jobs** | `ctx.spawn_child(job)` | Spawn sub-jobs |
| **Library Access** | `ctx.library()` | Get library database |
| **Networking** | `ctx.networking_service()` | P2P operations |
**Extensions MUST have these same capabilities to be first-class.**
---
## How Extensions Get Full Parity
### Option 1: JobContext Host Functions (RECOMMENDED)
**Concept:** Expose JobContext operations as additional host functions.
```rust
#[link(wasm_import_module = "spacedrive")]
extern "C" {
// Generic operation call (existing)
fn spacedrive_call(...) -> u32;
// === Job-Specific Functions (NEW) ===
/// Report job progress (0.0 to 1.0)
fn job_report_progress(job_id_ptr: u32, progress: f32, message_ptr: u32, message_len: u32);
/// Save checkpoint with current state
fn job_checkpoint(job_id_ptr: u32, state_ptr: u32, state_len: u32) -> i32;
/// Load saved state
fn job_load_state(job_id_ptr: u32) -> u32; // Returns ptr to state bytes
/// Check if job should pause/cancel
fn job_check_interrupt(job_id_ptr: u32) -> i32; // 0=continue, 1=pause, 2=cancel
/// Add warning message
fn job_add_warning(job_id_ptr: u32, message_ptr: u32, message_len: u32);
/// Track metrics
fn job_increment_bytes(job_id_ptr: u32, bytes: u64);
fn job_increment_items(job_id_ptr: u32, count: u64);
/// Spawn child job
fn job_spawn_child(job_id_ptr: u32, child_type_ptr: u32, child_type_len: u32, params_ptr: u32, params_len: u32) -> u32;
}
```
**Total: 10 additional host functions** (but all simple wrappers)
### Option 2: Pass JobContext as Params (SIMPLER)
**Concept:** When Core calls WASM job export, pass serialized JobContext info.
```rust
// Core calls WASM job export with context
let context_json = json!({
"job_id": job_id.to_string(),
"library_id": library.id(),
"capabilities": ["progress", "checkpoint", "spawn_child"]
});
let context_bytes = serde_json::to_vec(&context_json)?;
// Call WASM export
export_fn.call(&[
Value::I32(context_bytes.as_ptr() as i32),
Value::I32(context_bytes.len() as i32),
Value::I32(state_bytes.as_ptr() as i32),
Value::I32(state_bytes.len() as i32)
])?;
```
**Then WASM uses job ID to call back:**
```rust
// Extension calls host function with job ID
fn job_report_progress(job_id: Uuid, progress: f32, message: &str);
```
---
## Recommendation: Hybrid (Best of Both)
**Job Execution Pattern:**
```
1. Core dispatches WasmJob
2. Core serializes JobContext info (job_id, library_id, etc.)
3. Core calls WASM export: execute_job(job_ctx_json, job_state_bytes)
4. WASM deserializes context + state
5. WASM calls host functions for job operations (using job_id)
6. Core routes based on job_id to actual JobContext
7. WASM returns updated state
8. Core saves state to database
```
**Implementation:**
```rust
// core/src/infra/extension/host_functions.rs
/// Report job progress (job-specific host function)
fn host_job_report_progress(
env: FunctionEnvMut<PluginEnv>,
job_id_ptr: WasmPtr<u8>,
progress: f32,
message_ptr: WasmPtr<u8>,
message_len: u32,
) {
let (plugin_env, store) = env.data_and_store_mut();
// Read job ID
let job_id = read_uuid_from_wasm(&store, job_id_ptr);
let message = read_string_from_wasm(&store, message_ptr, message_len);
// Get the JobContext for this job_id (stored in Core)
let job_ctx = plugin_env.core.get_job_context(&job_id)?;
// Call the actual context method
job_ctx.progress(Progress::percent(progress, message));
}
/// Save checkpoint
fn host_job_checkpoint(
env: FunctionEnvMut<PluginEnv>,
job_id_ptr: WasmPtr<u8>,
state_ptr: WasmPtr<u8>,
state_len: u32,
) -> i32 {
let (plugin_env, store) = env.data_and_store_mut();
let job_id = read_uuid_from_wasm(&store, job_id_ptr);
let state_bytes = read_bytes_from_wasm(&store, state_ptr, state_len);
// Get JobContext
let job_ctx = plugin_env.core.get_job_context(&job_id)?;
// Save checkpoint
tokio::runtime::Handle::current().block_on(async {
job_ctx.checkpoint_with_state(&state_bytes).await
}).map(|_| 0).unwrap_or(1)
}
/// Check for interruption
fn host_job_check_interrupt(
env: FunctionEnvMut<PluginEnv>,
job_id_ptr: WasmPtr<u8>,
) -> i32 {
let (plugin_env, store) = env.data_and_store_mut();
let job_id = read_uuid_from_wasm(&store, job_id_ptr);
let job_ctx = plugin_env.core.get_job_context(&job_id)?;
// Check interrupt
tokio::runtime::Handle::current().block_on(async {
job_ctx.check_interrupt().await
}).map(|_| 0).unwrap_or(1) // 0 = continue, 1 = interrupted
}
```
---
## Beautiful SDK API for Extensions
```rust
// spacedrive-sdk/src/jobs.rs
pub struct JobContext {
job_id: Uuid,
library_id: Uuid,
}
impl JobContext {
/// Report progress (0.0 to 1.0)
pub fn report_progress(&self, progress: f32, message: &str) -> Result<()> {
unsafe {
job_report_progress(
self.job_id.as_bytes().as_ptr() as u32,
progress,
message.as_ptr() as u32,
message.len() as u32
);
}
Ok(())
}
/// Save checkpoint with current state
pub fn checkpoint<S: Serialize>(&self, state: &S) -> Result<()> {
let state_bytes = serde_json::to_vec(state)?;
unsafe {
job_checkpoint(
self.job_id.as_bytes().as_ptr() as u32,
state_bytes.as_ptr() as u32,
state_bytes.len() as u32
);
}
Ok(())
}
/// Load saved state
pub fn load_state<S: DeserializeOwned>(&self) -> Result<Option<S>> {
let state_ptr = unsafe {
job_load_state(self.job_id.as_bytes().as_ptr() as u32)
};
if state_ptr == 0 {
return Ok(None);
}
// Read state from WASM memory
let state_bytes = read_from_wasm_ptr(state_ptr);
Ok(Some(serde_json::from_slice(&state_bytes)?))
}
/// Check if job should stop (returns true if interrupted)
pub fn check_interrupt(&self) -> Result<bool> {
let result = unsafe {
job_check_interrupt(self.job_id.as_bytes().as_ptr() as u32)
};
Ok(result != 0)
}
/// Add warning (non-fatal issue)
pub fn add_warning(&self, message: &str) {
unsafe {
job_add_warning(
self.job_id.as_bytes().as_ptr() as u32,
message.as_ptr() as u32,
message.len() as u32
);
}
}
/// Track bytes processed
pub fn increment_bytes(&self, bytes: u64) {
unsafe {
job_increment_bytes(self.job_id.as_bytes().as_ptr() as u32, bytes);
}
}
/// Track items processed
pub fn increment_items(&self, count: u64) {
unsafe {
job_increment_items(self.job_id.as_bytes().as_ptr() as u32, count);
}
}
/// Get VDFS client
pub fn vdfs(&self) -> VdfsClient {
// Uses library_id from context
VdfsClient::new_with_library(self.library_id)
}
/// Get AI client
pub fn ai(&self) -> AiClient {
AiClient::new_with_library(self.library_id)
}
}
```
---
## Extension Job Example (Full Parity!)
```rust
use spacedrive_sdk::prelude::*;
#[derive(Serialize, Deserialize)]
pub struct EmailScanState {
last_uid: String,
processed: usize,
total: usize,
}
/// WASM job export - called by Core's WasmJobExecutor
#[no_mangle]
pub extern "C" fn execute_email_scan(
job_ctx_ptr: u32,
job_ctx_len: u32,
state_ptr: u32,
state_len: u32
) -> u32 {
// Parse job context (from Core)
let ctx = JobContext::from_params(job_ctx_ptr, job_ctx_len);
// Load or initialize state
let mut state: EmailScanState = if state_len > 0 {
ctx.deserialize_state(state_ptr, state_len).unwrap()
} else {
// First run
EmailScanState {
last_uid: String::new(),
processed: 0,
total: 0,
}
};
ctx.log(&format!("Resuming email scan from UID: {}", state.last_uid));
// Fetch emails
let emails = fetch_emails_since(&state.last_uid).unwrap();
state.total = emails.len();
for (i, email) in emails.iter().enumerate() {
// Check if we should pause/cancel
if ctx.check_interrupt().unwrap() {
ctx.log("Received interrupt, saving checkpoint...");
ctx.checkpoint(&state).unwrap();
return ctx.return_interrupted(&state);
}
// Process email using SDK
let entry = ctx.vdfs().create_entry(CreateEntry {
name: format!("Receipt: {}", email.subject),
path: format!("receipts/{}.eml", email.id),
entry_type: "FinancialDocument".into(),
}).unwrap();
// Run OCR
if let Some(pdf) = &email.pdf_attachment {
match ctx.ai().ocr(pdf, OcrOptions::default()) {
Ok(ocr_result) => {
ctx.vdfs().write_sidecar(entry.id, "ocr.txt", ocr_result.text.as_bytes()).unwrap();
ctx.increment_bytes(pdf.len() as u64);
}
Err(e) => {
ctx.add_warning(&format!("OCR failed for {}: {}", email.id, e));
}
}
}
// Update state
state.last_uid = email.uid.clone();
state.processed += 1;
// Report progress
let progress = state.processed as f32 / state.total as f32;
ctx.report_progress(
progress,
&format!("Processed {}/{} emails", state.processed, state.total)
).unwrap();
// Checkpoint every 10 emails
if state.processed % 10 == 0 {
ctx.checkpoint(&state).unwrap();
}
ctx.increment_items(1);
}
ctx.log("Email scan completed!");
ctx.return_completed(&state)
}
```
**That's a complete resumable job with full parity to core jobs!**
---
## Implementation: Job-Specific Host Functions
### Additional Host Functions Needed
```rust
// core/src/infra/extension/host_functions.rs
// Add to imports:
#[link(wasm_import_module = "spacedrive")]
extern "C" {
// Existing
fn spacedrive_call(...);
fn spacedrive_log(...);
// === NEW: Job Operations ===
/// Report progress for a job
fn job_report_progress(
job_id_ptr: u32,
progress: f32,
message_ptr: u32,
message_len: u32
) -> i32;
/// Save checkpoint
fn job_checkpoint(
job_id_ptr: u32,
state_ptr: u32,
state_len: u32
) -> i32;
/// Load saved state
fn job_load_state(job_id_ptr: u32) -> u32; // Returns ptr to state
/// Check for pause/cancel
fn job_check_interrupt(job_id_ptr: u32) -> i32; // 0=continue, 1=interrupted
/// Add warning
fn job_add_warning(
job_id_ptr: u32,
message_ptr: u32,
message_len: u32
);
/// Track bytes processed
fn job_increment_bytes(job_id_ptr: u32, bytes: u64);
/// Track items processed
fn job_increment_items(job_id_ptr: u32, count: u64);
/// Spawn child job
fn job_spawn_child(
job_id_ptr: u32,
child_type_ptr: u32,
child_type_len: u32,
params_ptr: u32,
params_len: u32
) -> u32; // Returns child job_id
}
```
### Host Function Implementation (~30 lines each)
```rust
// core/src/infra/extension/host_functions.rs
fn host_job_report_progress(
mut env: FunctionEnvMut<PluginEnv>,
job_id_ptr: WasmPtr<u8>,
progress: f32,
message_ptr: WasmPtr<u8>,
message_len: u32,
) -> i32 {
let (plugin_env, mut store) = env.data_and_store_mut();
let memory = &plugin_env.memory;
let memory_view = memory.view(&store);
// Read job ID and message
let job_id = match read_uuid_from_wasm(&memory_view, job_id_ptr) {
Ok(id) => id,
Err(e) => {
tracing::error!("Failed to read job ID: {}", e);
return 1; // Error
}
};
let message = match read_string_from_wasm(&memory_view, message_ptr, message_len) {
Ok(msg) => msg,
Err(e) => {
tracing::error!("Failed to read message: {}", e);
return 1;
}
};
// Get the JobContext for this job_id from Core
// Core maintains a map: job_id -> JobContext
let job_ctx = match plugin_env.core.get_active_job_context(&job_id) {
Some(ctx) => ctx,
None => {
tracing::error!("No active job context for {}", job_id);
return 1;
}
};
// Call the actual JobContext method
job_ctx.progress(Progress::percent(progress, message));
0 // Success
}
fn host_job_checkpoint(
mut env: FunctionEnvMut<PluginEnv>,
job_id_ptr: WasmPtr<u8>,
state_ptr: WasmPtr<u8>,
state_len: u32,
) -> i32 {
let (plugin_env, mut store) = env.data_and_store_mut();
let memory = &plugin_env.memory;
let memory_view = memory.view(&store);
let job_id = read_uuid_from_wasm(&memory_view, job_id_ptr).unwrap();
let state_bytes = read_bytes_from_wasm(&memory_view, state_ptr, state_len).unwrap();
let job_ctx = plugin_env.core.get_active_job_context(&job_id)?;
// Save checkpoint
tokio::runtime::Handle::current().block_on(async {
job_ctx.checkpoint_with_state(&state_bytes).await
}).map(|_| 0).unwrap_or(1)
}
fn host_job_check_interrupt(
mut env: FunctionEnvMut<PluginEnv>,
job_id_ptr: WasmPtr<u8>,
) -> i32 {
let (plugin_env, mut store) = env.data_and_store_mut();
let memory = &plugin_env.memory;
let memory_view = memory.view(&store);
let job_id = read_uuid_from_wasm(&memory_view, job_id_ptr).unwrap();
let job_ctx = plugin_env.core.get_active_job_context(&job_id)?;
// Check if interrupted
tokio::runtime::Handle::current().block_on(async {
job_ctx.check_interrupt().await
}).map(|_| 0).unwrap_or(1) // 0 = not interrupted, 1 = interrupted
}
// Similar for other functions (increment_bytes, add_warning, etc.)
```
### Core: Job Context Registry
```rust
// core/src/infra/extension/job_contexts.rs
use std::collections::HashMap;
use tokio::sync::RwLock;
/// Registry of active job contexts
/// Allows WASM jobs to access their JobContext via job_id
pub struct JobContextRegistry {
contexts: RwLock<HashMap<Uuid, Arc<JobContext>>>,
}
impl JobContextRegistry {
pub async fn register(&self, job_id: Uuid, ctx: Arc<JobContext>) {
self.contexts.write().await.insert(job_id, ctx);
}
pub async fn get(&self, job_id: &Uuid) -> Option<Arc<JobContext>> {
self.contexts.read().await.get(job_id).cloned()
}
pub async fn remove(&self, job_id: &Uuid) {
self.contexts.write().await.remove(job_id);
}
}
// Add to Core
impl Core {
pub fn job_context_registry(&self) -> &JobContextRegistry {
&self.job_context_registry
}
}
```
### WasmJob Executor
```rust
// core/src/infra/extension/wasm_job.rs
pub struct WasmJob {
extension_id: String,
export_fn: String,
state: Vec<u8>, // Serialized job state
}
impl Job for WasmJob {
const NAME: &'static str = "wasm_extension_job";
const RESUMABLE: bool = true;
}
impl JobHandler for WasmJob {
type Output = ();
async fn run(&mut self, ctx: JobContext<'_>) -> JobResult<()> {
// 1. Register JobContext so WASM can access it
ctx.core().job_context_registry().register(ctx.id(), Arc::new(ctx)).await;
// 2. Prepare job context info for WASM
let job_ctx_json = json!({
"job_id": ctx.id().to_string(),
"library_id": ctx.library().id().to_string(),
});
let ctx_bytes = serde_json::to_vec(&job_ctx_json)?;
// 3. Get WASM plugin
let plugin = ctx.core().plugin_manager().get(&self.extension_id).await?;
// 4. Call WASM export
let export_fn = plugin.get_function(&self.export_fn)?;
let result_ptr = export_fn.call(&mut store, &[
Value::I32(ctx_bytes.as_ptr() as i32),
Value::I32(ctx_bytes.len() as i32),
Value::I32(self.state.as_ptr() as i32),
Value::I32(self.state.len() as i32),
])?[0].unwrap_i32() as u32;
// 5. Read updated state from WASM memory
self.state = read_from_wasm_memory(plugin.memory(), result_ptr)?;
// 6. Cleanup context registry
ctx.core().job_context_registry().remove(&ctx.id()).await;
Ok(())
}
}
```
---
## Complete Extension Job Example
```rust
use spacedrive_sdk::jobs::JobContext;
#[derive(Serialize, Deserialize)]
pub struct EmailScanState {
last_uid: String,
processed: usize,
errors: Vec<String>,
}
#[no_mangle]
pub extern "C" fn execute_email_scan(
ctx_ptr: u32,
ctx_len: u32,
state_ptr: u32,
state_len: u32
) -> u32 {
// 1. Parse job context
let job_ctx = JobContext::from_params(ctx_ptr, ctx_len).unwrap();
// 2. Load or initialize state
let mut state: EmailScanState = if state_len > 0 {
JobContext::deserialize_state(state_ptr, state_len).unwrap()
} else {
// Load from checkpoint if resuming
job_ctx.load_state().unwrap().unwrap_or(EmailScanState {
last_uid: String::new(),
processed: 0,
errors: Vec::new(),
})
};
job_ctx.log(&format!("Starting email scan from UID: {}", state.last_uid));
// 3. Do work with full job capabilities
let emails = fetch_emails(&state.last_uid).unwrap();
for (i, email) in emails.iter().enumerate() {
// Check interruption every email
if job_ctx.check_interrupt().unwrap() {
job_ctx.log("Job interrupted, saving state...");
job_ctx.checkpoint(&state).unwrap();
return job_ctx.return_interrupted(&state);
}
// Process email
match process_email(&job_ctx, email) {
Ok(entry_id) => {
job_ctx.increment_items(1);
if let Some(pdf) = &email.pdf_attachment {
job_ctx.increment_bytes(pdf.len() as u64);
}
}
Err(e) => {
// Non-critical error
job_ctx.add_warning(&format!("Failed to process {}: {}", email.id, e));
state.errors.push(email.id.clone());
}
}
state.last_uid = email.uid.clone();
state.processed += 1;
// Report progress
let progress = (i + 1) as f32 / emails.len() as f32;
job_ctx.report_progress(
progress,
&format!("Processed {}/{} emails", i + 1, emails.len())
).unwrap();
// Checkpoint every 10 emails
if state.processed % 10 == 0 {
job_ctx.checkpoint(&state).unwrap();
}
}
// 4. Complete
job_ctx.log(&format!("✓ Completed! Processed {} emails, {} errors", state.processed, state.errors.len()));
job_ctx.return_completed(&state)
}
```
**Extension jobs now have:**
- Progress reporting
- Checkpointing (auto-resume)
- Interruption handling (pause/cancel)
- Metrics tracking
- Warning/error reporting
- Full VDFS/AI access
- Same UX as core jobs
---
## Summary
### Can Extensions Do Everything Core Jobs Can?
**YES!** By adding ~10 job-specific host functions:
| Core Job Capability | Extension Equivalent | Implementation |
|-------------------|---------------------|----------------|
| Progress reporting | `job_ctx.report_progress()` | host_job_report_progress() |
| Checkpointing | `job_ctx.checkpoint(&state)` | host_job_checkpoint() |
| State loading | `job_ctx.load_state()` | host_job_load_state() |
| Interruption check | `job_ctx.check_interrupt()` | host_job_check_interrupt() |
| Warnings | `job_ctx.add_warning()` | host_job_add_warning() |
| Metrics | `job_ctx.increment_bytes()` | host_job_increment_bytes() |
| Logging | `job_ctx.log()` | host_job_log() |
| Child jobs | `job_ctx.spawn_child()` | host_job_spawn_child() |
### Total Host Functions
**Core:**
- `spacedrive_call()` - Generic Wire RPC
- `spacedrive_log()` - General logging
**Job-Specific (8 functions):**
- `job_report_progress()`
- `job_checkpoint()`
- `job_load_state()`
- `job_check_interrupt()`
- `job_add_warning()`
- `job_increment_bytes()`
- `job_increment_items()`
- `job_spawn_child()`
**Total: 10 host functions**
### Implementation Cost
- Host functions: ~250 lines (8 functions × 30 lines)
- JobContext registry: ~100 lines
- WasmJob wrapper: ~200 lines
- SDK JobContext API: ~200 lines
- **Total: ~750 lines**
**Timeline: 1 week**
### Result
Extensions get **100% parity** with core jobs:
- Same progress UX
- Same resumability
- Same metrics
- Same logging
- Same child job support
- Same everything!
Ready to implement this?

304
docs/core/design/FFMPEG_BUNDLING_DESIGN.md
View File

@@ -1,304 +0,0 @@
# FFmpeg Bundling Design for core
## Executive Summary
This document outlines the design for bundling FFmpeg with Spacedrive core, based on the original implementation's approach. FFmpeg is essential for video thumbnail generation, media metadata extraction, and future transcoding capabilities. The system must handle cross-platform bundling while maintaining a reasonable binary size and ensuring all required codecs are available.
## Background
The original Spacedrive core uses FFmpeg for:
- Video thumbnail generation via `sd-ffmpeg` crate
- Media metadata extraction (duration, codec info, bitrate, etc.)
- Future planned features: video transcoding, format conversion
The implementation uses `ffmpeg-sys-next` (v7.0) which requires FFmpeg libraries to be available at runtime.
## Design Goals
1. **Cross-Platform Support**: Bundle FFmpeg on Windows, macOS, Linux, iOS, and Android
2. **Minimal Size**: Include only necessary codecs and features
3. **Legal Compliance**: Ensure proper licensing (LGPL v3)
4. **Easy Updates**: Simple process to update FFmpeg version
5. **Build Integration**: Seamless integration with Spacedrive build process
6. **Runtime Discovery**: Proper library loading on all platforms
7. **Mobile Optimization**: Efficient battery usage and reduced binary size for mobile
## Implementation Strategy
### Platform-Specific Bundling
#### macOS
- Bundle FFmpeg as a framework in `.deps/Spacedrive.framework`
- Include in Tauri config: `"frameworks": ["../../.deps/Spacedrive.framework"]`
- Use `install_name_tool` to fix library paths for distribution
- Symlink shared libraries during build process (as seen in preprep.mjs)
#### Windows
- Bundle FFmpeg DLLs alongside the executable
- Use static linking where possible to reduce DLL dependencies
- Handle both 64-bit builds (32-bit and ARM not supported per setup.ps1)
- Requires LLVM 15.0.7 for building ffmpeg-sys-next
#### Linux
- Dynamic linking with system FFmpeg where available
- Bundle as fallback in AppImage/Flatpak distributions
- Debian package dependencies: include FFmpeg libraries
#### iOS _(Implemented)_
- **Architecture Support**: Full support for arm64, x86_64 simulator, and arm64 simulator
- **Static Linking**: Uses `CARGO_FEATURE_STATIC=1` for all builds
- **Build Process**:
- Separate FFmpeg builds for each architecture stored in `.deps/`:
- `aarch64-apple-ios` (device)
- `aarch64-apple-ios-sim` (M1 simulator)
- `x86_64-apple-ios` (Intel simulator)
- Libraries are built using `build-rust.sh` which:
- Sets `FFMPEG_DIR` dynamically based on target architecture
- Creates universal binaries using `lipo`
- Symlinks FFmpeg libraries to target directory
- **Pod Configuration**:
- Extensive codec support including: mp3lame, opus, vorbis, x264, x265, vpx, av1
- Links against iOS frameworks: AudioToolbox, VideoToolbox, AVFoundation
- Libraries linked: libsd_mobile_ios (device) or libsd_mobile_iossim (simulator)
- **Feature Flags**: FFmpeg explicitly enabled in `sd-mobile-core` for iOS targets
#### Android _(Not Currently Implemented)_
- **Current Status**: FFmpeg is NOT enabled for Android builds
- **Build System**: Uses `cargo ndk` with platform API 34
- **Target Architectures**: Primarily arm64-v8a (with optional armeabi-v7a and x86_64)
- **Future Implementation Path**:
- Add FFmpeg feature flag to Android dependencies in `sd-mobile-core`
- Bundle pre-built FFmpeg libraries for each Android ABI
- Update `build.sh` to handle FFmpeg library paths
- Configure JNI bindings for FFmpeg access from Kotlin/Java
### Build Process Integration
1. **Dependency Download Phase**
```bash
# Add to scripts/preprep.mjs or similar
async function downloadFFmpeg() {
const platform = process.platform;
const arch = process.arch;
// Download pre-built FFmpeg binaries
const ffmpegVersion = "6.1"; // or latest stable
const downloadUrl = getFFmpegUrl(platform, arch, ffmpegVersion);
// Extract to .deps directory
await downloadAndExtract(downloadUrl, ".deps/ffmpeg");
}
```
2. **Cargo Build Configuration**
```toml
# In Cargo.toml or .cargo/config.toml
[env]
FFMPEG_DIR = { value = ".deps/ffmpeg", relative = true }
[target.'cfg(target_os = "macos")']
rustflags = ["-C", "link-arg=-Wl,-rpath,@loader_path/../Frameworks"]
```
3. **Feature Flag Management**
```toml
# In core/Cargo.toml
[features]
default = ["ffmpeg"]
ffmpeg = ["dep:sd-ffmpeg", "sd-media-processor/ffmpeg"]
# Allow building without FFmpeg for testing
no-ffmpeg = []
```
### FFmpeg Configuration
#### Desktop Minimal Configuration
Minimal FFmpeg build configuration to reduce size:
```bash
./configure \
--disable-programs \
--disable-doc \
--disable-network \
--enable-shared \
--disable-static \
--enable-small \
--disable-debug \
--disable-encoders \
--enable-encoder=libwebp \
--disable-decoders \
--enable-decoder=h264,hevc,vp9,av1,mjpeg,png,webp \
--disable-muxers \
--disable-demuxers \
--enable-demuxer=mov,mp4,avi,mkv,webm,image2 \
--disable-parsers \
--enable-parser=h264,hevc,vp9,av1 \
--disable-protocols \
--enable-protocol=file \
--disable-filters \
--enable-filter=scale,thumbnail
```
#### iOS Extended Configuration
iOS build includes extensive codec support for maximum compatibility:
- **Audio Codecs**: MP3 (lame), Opus, Vorbis, AAC
- **Video Codecs**: H.264 (x264), H.265 (x265), VP9, AV1 (SvtAv1Enc), Theora
- **Image Processing**: zimg, HDR10+
- **Audio Processing**: SoXR (high-quality resampling)
- **Hardware Acceleration**: VideoToolbox, AudioToolbox
- **Additional Libraries**: iconv, bzip2, lzma
### Crate Structure
```rust
// crates/ffmpeg/src/lib.rs
#[cfg(feature = "bundled")]
mod bundled {
use std::env;
use std::path::PathBuf;
pub fn setup_ffmpeg_paths() {
#[cfg(target_os = "macos")]
{
let framework_path = env::current_exe()
.unwrap()
.parent()
.unwrap()
.parent()
.unwrap()
.join("Frameworks/Spacedrive.framework/Libraries");
env::set_var("DYLD_LIBRARY_PATH", framework_path);
}
#[cfg(target_os = "windows")]
{
// FFmpeg DLLs should be in same directory as exe
let exe_dir = env::current_exe()
.unwrap()
.parent()
.unwrap();
env::set_var("PATH", format!("{};{}", exe_dir.display(), env::var("PATH").unwrap_or_default()));
}
#[cfg(target_os = "ios")]
{
// iOS uses static linking, no runtime path setup needed
// Libraries are linked at compile time via build.rs
}
#[cfg(target_os = "android")]
{
// Android will load libraries via System.loadLibrary() in JNI
// Path setup handled by Android's native library loader
}
}
}
pub fn initialize() -> Result<(), Error> {
#[cfg(feature = "bundled")]
bundled::setup_ffmpeg_paths();
// Initialize FFmpeg
unsafe {
ffmpeg_sys_next::av_log_set_level(ffmpeg_sys_next::AV_LOG_ERROR);
}
Ok(())
}
```
### Size Optimization Strategies
1. **Codec Selection**: Only include codecs for common formats
2. **Hardware Acceleration**: Optional, platform-specific (VideoToolbox on macOS, NVENC on Windows)
3. **Shared Libraries**: Use shared libraries instead of static linking where possible
4. **Compression**: UPX compress binaries on Windows (with signing considerations)
### Testing Strategy
1. **Binary Validation**
```rust
#[test]
fn test_ffmpeg_available() {
assert!(sd_ffmpeg::initialize().is_ok());
// Test basic probe functionality
let test_file = include_bytes!("../test_data/sample.mp4");
let metadata = sd_ffmpeg::probe_bytes(test_file).unwrap();
assert!(metadata.duration > 0);
}
```
2. **Platform CI Tests**
- GitHub Actions matrix for Windows/macOS/Linux
- Verify thumbnail generation works
- Check library loading and paths
### Migration Path from Original Core
1. **Preserve API Compatibility**: Keep same public API in `sd-ffmpeg` crate
2. **Database Schema**: Maintain same FFmpeg metadata tables
3. **Job System Integration**: Create `MediaProcessorJob` similar to original
4. **Progressive Rollout**: Feature flag to toggle between system and bundled FFmpeg
## Implementation Checklist
### Desktop Platforms
- [ ] Create `.deps` directory structure
- [ ] Add FFmpeg download script to build process
- [ ] Update Cargo build configuration
- [ ] Implement platform-specific path setup
- [ ] Create minimal FFmpeg build scripts
- [ ] Add to Tauri bundler configuration
- [ ] Write integration tests
- [ ] Document build process for contributors
- [ ] Add license files to distribution
- [ ] Implement size monitoring in CI
### iOS (Completed in Original Core)
- [x] FFmpeg libraries for all iOS architectures
- [x] Build script (`build-rust.sh`) with architecture detection
- [x] Pod configuration with codec libraries
- [x] Static linking configuration
- [x] Framework linking (AudioToolbox, VideoToolbox, etc.)
### Android (To Be Implemented)
- [ ] Add FFmpeg feature flag to Android build
- [ ] Download/build FFmpeg for Android ABIs
- [ ] Update `build.sh` for FFmpeg paths
- [ ] Configure gradle for native library packaging
- [ ] Implement JNI bindings for FFmpeg access
- [ ] Test on various Android API levels
## Future Considerations
1. **WebAssembly Support**: Investigate FFmpeg.wasm for web version
2. **GPU Acceleration**: Add optional hardware encoding/decoding
3. **Codec Expansion**: Add more formats based on user needs
4. **Plugin System**: Allow users to bring their own FFmpeg build
## References
- Original implementation: `spacedrive/crates/ffmpeg/`
- ffmpeg-sys-next: https://github.com/zmwangx/rust-ffmpeg-sys
- FFmpeg licensing: https://ffmpeg.org/legal.html
- Tauri bundling: https://tauri.app/v1/guides/building/resources

1058
docs/core/design/FILE_SHARING_DESIGN.md
View File

File diff suppressed because it is too large Load Diff

150
docs/core/design/FS_EVENT_PIPELINE_RESILIENCE.md
View File

@@ -1,150 +0,0 @@
## FS Event Pipeline Resilience and Correctness (Large Bursts)
### Goals
- 100% correctness for large/bursty FS changes (e.g., git clone, massive moves).
- No synthetic IDs; emit canonical `Event::Entry*` only after DB success.
- Deterministic ordering where needed; avoid races and partial state.
- Scale to millions of path changes without O(N) per-child work in DB.
### Current State (as of this PR)
- Watcher normalizes to `Event::FsRawChange { library_id, kind: FsRawEventKind }`.
- `LocationWatcher` spawns `responder::apply(...)` per raw event.
- `notify` callback uses `try_send` on a bounded mpsc (default 1000).
- Platform handlers:
- Linux often emits a single directory rename for subtree moves (good).
- macOS/Windows may emit floods of per-path changes.
Risks:
- Event dropping (bounded `try_send`).
- Loss of ordering and interleaving (per-event `tokio::spawn`).
- Duplicate/conflicting child events when a directory move should be a single atomic op.
### Requirements
- R1: No event loss under steady-state; controlled backpressure under extreme bursts.
- R2: Single-source-of-truth: DB reflects final FS state after each applied operation.
- R3: Parent-first application: directory structural changes precede children.
- R4: Idempotency and deduplication within a batch window.
- R5: Atomic structural updates (transactions), bulk path updates for subtrees.
### Proposed Architecture
1) Per-Location Worker and Queue
- Replace per-event `spawn` with a single worker task per watched location (or per location root entry).
- Internal queue: `mpsc::channel(capacity)` with awaited `send` (backpressure) rather than `try_send`.
- Channel ordering preserves intake order; worker ensures serialized application.
2) Short Batching Window + Coalescing (100250ms)
- Worker aggregates events during a small debounce window into a `Vec<FsRawEventKind>`.
- Deduplicate by path and coalesce patterns:
- Create+Remove within window → drop (neutralized temp files).
- Modify after Remove → ignore.
- Multiple Modify → collapse to one.
- For Rename chains A→B, B→C → collapse to A→C.
- Directory Rename Collapser:
- If a rename of a directory `D → D'` is present, suppress child Create/Remove/Rename events under `D/` and `D'/` in that batch. The subtree move will be handled atomically.
3) Parent-First Application Strategy
- Always detect and apply highest-ancestor directory moves first.
- Use `EntryProcessor::move_entry(...)` for the directory:
- Updates `parent_id` and directory row.
- Reconnects closure table for entire subtree in a single transaction.
- After commit, run `PathResolver::update_descendant_paths` (bulk REPLACE) to fix child paths.
- Then apply remaining file-level creates/modifies/deletes.
4) Change Resolution
- For each coalesced item:
- Resolve directory paths via `directory_paths.path == path`.
- Resolve files by parent directory path and `entries.name` (+ `extension`).
- Use `ChangeDetector` where comparing FS vs DB state is beneficial (e.g., for modifies and ambiguous cases).
5) Backpressure and Flow Control
- Awaited `send` to per-location queues; configurable capacity.
- Metrics: queue depth, batch size, coalescing hit rates, latency.
- Fallback strategies when queue is full for extended durations (e.g., trigger a focused re-index of affected subtree).
6) Idempotency & Exactly-Once Semantics
- Within a batch, dedupe events by final intent (see coalescing rules).
- Across batches, rely on DB constraints and idempotent `EntryProcessor` operations.
- No reliance on synthetic IDs; correctness flows from path resolution + DB.
### Data Flow (Revised)
notify → Watcher (per-platform) → `WatcherEvent` → Per-Location Queue (await send)
→ Worker (debounce window) → Coalesce & Dedup → Parent-first Apply via Indexer Responder → Emit canonical `Event::Entry*` with real IDs
### Pseudocode
```rust
// watcher/mod.rs (event loop)
let location_id = map_path_to_location(&watched_locations, &event);
let tx = ensure_worker_for_location(location_id); // creates if missing
tx.send(event).await?; // awaited (backpressure), not try_send
// worker task per location
loop {
let first = rx.recv().await?;
let mut batch = vec![first];
let deadline = Instant::now() + debounce_window;
while let Ok(ev) = rx.try_recv() {
batch.push(ev);
if Instant::now() >= deadline { break; }
}
let coalesced = coalesce(batch); // dedupe, fold rename chains, suppress subtree noise
let ordered = parent_first(coalesced); // directory moves before children
apply_with_indexer(context, library_id, ordered).await?; // transactional operations
}
```
### Coalescing Rules (Examples)
- Create(X), Remove(X) → ∅
- Modify(X) × N → Modify(X)
- Rename(A→B), Rename(B→C) → Rename(A→C)
- Rename(Dir D→D'), then any events under D/* or D'/* within window → suppressed
### DB Operations
- Create: `EntryProcessor::create_entry` (bulk closure insert outside batching in responder or re-use `create_entry_in_conn` when grouping many creates).
- Modify: `EntryProcessor::update_entry`.
- Move (dir or file): `EntryProcessor::move_entry` (transaction + closure reconnection) and `PathResolver::update_descendant_paths` for directories.
- Delete: subtree deletion with closure cleanup and `directory_paths` removal (as in processing phase delete path).
### Ordering Guarantees
- Per-location FIFO at queue.
- Parent-first ordering enforced in worker.
- Cross-location operations can remain parallel.
### Crash Safety
- Structural changes are transactional; descendant path updates can be retried on boot if interrupted (record last move op in a small table or log and reconcile on start).
- On overflow/backpressure alerts, enqueue a focused re-index job for the affected subtree as a safety net.
### Tuning Knobs
- `debounce_window_ms` (default 150ms).
- `queue_capacity` per location (default 10k; adjust via config/env).
- `max_batch_size` (to bound memory and latency).
### Metrics & Observability
- Per-location queue depth, enqueue latency, batch sizes.
- Coalescing rates: suppressed children, rename chain collapses.
- DB op timings and retry counts.
### Test Plan
- Simulate: git clone (tens of thousands of creates), large directory rename (deep trees), massive deletions.
- Platform parity tests for macOS/Windows/Linux.
- Fault injection: kill during move, verify DB consistency on restart.
### Incremental Implementation Plan
1. Introduce per-location workers and awaited send (remove `try_send`, remove per-event `spawn`).
2. Add debounce window and minimal coalescing (dedupe modifies, neutralize create/remove).
3. Implement directory-rename collapser and parent-first ordering.
4. Wire responder `apply(...)` to process batches (signature change to accept `Vec<FsRawEventKind>`), reuse `EntryProcessor` paths.
5. Add metrics and configuration.
6. Add focused re-index fallback for overflow conditions.
### Code Touch Points
- `core/src/service/watcher/mod.rs`: per-location workers, awaited send, batching.
- `core/src/service/watcher/platform/*`: unchanged aside from event normalization already done.
- `core/src/ops/indexing/responder.rs`: change `apply` to accept batches; implement resolution and DB ops + final event emission.
- `core/src/ops/indexing/entry.rs` and `path_resolver.rs`: leveraged as-is.
---
This design converts flood-y per-file events into a small number of deterministic, parent-first DB operations, ensuring correctness and scalability for very large directory changes.

351
docs/core/design/FUNCTION_BASED_TEST_FRAMEWORK_DESIGN.md
View File

@@ -1,351 +0,0 @@
# Cargo Test Subprocess Framework Design
## Overview
This design proposes a new test framework architecture that allows test logic to remain in test files while still supporting subprocess-based testing for multi-device scenarios. The key innovation is using `cargo test` itself as the subprocess executor, eliminating the need for function serialization or separate scenario modules.
## Current Problem
The existing test framework forces all test logic into the `scenarios` module because:
1. Tests need subprocess isolation for multi-device networking
2. Current approach requires pre-compiled binary (`test_core`)
3. Test logic is separated from actual test files
4. Makes tests harder to write, debug, and maintain
## Findings from Function Serialization Approach
During initial implementation, we discovered that function serialization in Rust is extremely complex and impractical:
1. **Rust Function Serialization Challenges**:
- Functions are not serializable by default in Rust
- Dynamic compilation requires complex proc macro infrastructure
- Dependency management across process boundaries is non-trivial
- Error handling and debugging becomes much more difficult
2. **Implementation Complexity**:
- Would require a custom build system or proc macros
- Cross-platform compatibility issues
- Performance overhead from serialization/deserialization
- Maintenance burden for a relatively simple use case
## Proposed Solution: Cargo Test Subprocess Pattern
### Core Architecture
```rust
// Test framework components
pub struct CargoTestRunner {
processes: Vec<TestProcess>,
global_timeout: Duration,
}
pub struct TestProcess {
name: String,
data_dir: TempDir,
child: Option<Child>,
output: String,
}
```
### Test File Structure
```rust
// tests/device_pairing_test.rs
use sd_core::test_framework_new::CargoTestRunner;
use sd_core::Core;
use std::path::PathBuf;
use std::env;
// Alice scenario - runs when TEST_ROLE=alice
#[tokio::test]
#[ignore] // Only run when explicitly called via subprocess
async fn alice_pairing_scenario() {
// Exit early if not running as Alice
if env::var("TEST_ROLE").unwrap_or_default() != "alice" {
return;
}
let data_dir = PathBuf::from(env::var("TEST_DATA_DIR").expect("TEST_DATA_DIR not set"));
let device_name = "Alice's Test Device";
println!("Alice: Starting Core pairing test");
// All Alice-specific test logic here - stays in the test file!
let mut core = Core::new_with_config(data_dir).await.unwrap();
core.device.set_name(device_name.to_string()).unwrap();
core.init_networking("test-password").await.unwrap();
let (pairing_code, _) = core.start_pairing_as_initiator().await.unwrap();
// Write pairing code for Bob to read
std::fs::create_dir_all("/tmp/spacedrive-pairing-test-cargo").unwrap();
std::fs::write("/tmp/spacedrive-pairing-test-cargo/pairing_code.txt", &pairing_code).unwrap();
// Wait for Bob to connect
loop {
let connected_devices = core.get_connected_devices().await.unwrap();
if !connected_devices.is_empty() {
println!("PAIRING_SUCCESS: Alice connected to Bob successfully");
break;
}
tokio::time::sleep(Duration::from_secs(1)).await;
}
}
// Bob scenario - runs when TEST_ROLE=bob
#[tokio::test]
#[ignore] // Only run when explicitly called via subprocess
async fn bob_pairing_scenario() {
// Exit early if not running as Bob
if env::var("TEST_ROLE").unwrap_or_default() != "bob" {
return;
}
let data_dir = PathBuf::from(env::var("TEST_DATA_DIR").expect("TEST_DATA_DIR not set"));
let device_name = "Bob's Test Device";
println!("Bob: Starting Core pairing test");
// All Bob-specific test logic here - stays in the test file!
let mut core = Core::new_with_config(data_dir).await.unwrap();
core.device.set_name(device_name.to_string()).unwrap();
core.init_networking("test-password").await.unwrap();
// Wait for Alice's pairing code
let pairing_code = loop {
if let Ok(code) = std::fs::read_to_string("/tmp/spacedrive-pairing-test-cargo/pairing_code.txt") {
break code.trim().to_string();
}
tokio::time::sleep(Duration::from_millis(500)).await;
};
core.start_pairing_as_joiner(&pairing_code).await.unwrap();
// Wait for connection
loop {
let connected_devices = core.get_connected_devices().await.unwrap();
if !connected_devices.is_empty() {
println!("PAIRING_SUCCESS: Bob connected to Alice successfully");
break;
}
tokio::time::sleep(Duration::from_secs(1)).await;
}
}
// Main test orchestrator
#[tokio::test]
async fn test_device_pairing() {
println!("Testing device pairing with cargo test subprocess framework");
let mut runner = CargoTestRunner::new()
.with_timeout(Duration::from_secs(90))
.add_subprocess("alice", "alice_pairing_scenario")
.add_subprocess("bob", "bob_pairing_scenario");
runner.run_until_success(|outputs| {
let alice_success = outputs.get("alice")
.map(|out| out.contains("PAIRING_SUCCESS: Alice connected to Bob successfully"))
.unwrap_or(false);
let bob_success = outputs.get("bob")
.map(|out| out.contains("PAIRING_SUCCESS: Bob connected to Alice successfully"))
.unwrap_or(false);
alice_success && bob_success
}).await.expect("Pairing test failed");
println!("Device pairing test successful!");
}
```
## Implementation Strategy
### CargoTestRunner Implementation
```rust
impl CargoTestRunner {
pub fn new() -> Self {
Self {
processes: Vec::new(),
global_timeout: Duration::from_secs(60),
}
}
pub fn add_subprocess(mut self, name: &str, test_function_name: &str) -> Self {
let process = TestProcess {
name: name.to_string(),
test_function_name: test_function_name.to_string(),
data_dir: TempDir::new().expect("Failed to create temp dir"),
child: None,
output: String::new(),
};
self.processes.push(process);
self
}
pub async fn run_until_success<C>(&mut self, condition: C) -> Result<(), String>
where
C: Fn(&HashMap<String, String>) -> bool
{
// Spawn all subprocesses
for process in &mut self.processes {
let mut cmd = Command::new("cargo");
cmd.args(&[
"test",
&process.test_function_name,
"--",
"--nocapture",
"--ignored" // Run ignored tests
])
.env("TEST_ROLE", &process.name)
.env("TEST_DATA_DIR", process.data_dir.path().to_str().unwrap())
.stdout(Stdio::piped())
.stderr(Stdio::piped());
process.child = Some(cmd.spawn()?);
}
// Monitor until condition is met
// ... rest of monitoring logic
}
}
```
### Key Advantages of Cargo Test Approach
1. **No Function Serialization**: Uses cargo's built-in test runner
2. **Native Rust Support**: Leverages existing test infrastructure
3. **Simple Coordination**: Environment variables control test behavior
4. **Easy Debugging**: Can run individual test functions directly
5. **Parallel Execution**: Cargo handles subprocess management
## Technical Implementation Details
### Environment Variable Coordination
```rust
// Each test checks its role and exits early if not relevant
#[tokio::test]
#[ignore]
async fn alice_scenario() {
if env::var("TEST_ROLE").unwrap_or_default() != "alice" {
return; // Exit early - not running as Alice
}
let data_dir = PathBuf::from(env::var("TEST_DATA_DIR").expect("TEST_DATA_DIR required"));
// All Alice logic here - no external scenarios!
// ...
}
```
### Process Spawning
```rust
// CargoTestRunner spawns cargo test with specific test names
let mut cmd = Command::new("cargo");
cmd.args(&[
"test",
"alice_scenario", // Specific test function name
"--",
"--nocapture",
"--ignored"
])
.env("TEST_ROLE", "alice")
.env("TEST_DATA_DIR", data_dir_path);
```
### Communication Between Processes
- **File-based**: Temporary files for pairing codes, shared state
- **Environment**: TEST_ROLE and TEST_DATA_DIR for coordination
- **Output parsing**: Success patterns in stdout for completion detection
## Migration Plan
### Step 1: Build CargoTestRunner Framework
- Implement `CargoTestRunner` alongside existing framework
- Create process management and output monitoring
- No complex serialization infrastructure needed
### Step 2: Create New Test Structure
- Convert existing pairing test to cargo test approach
- All test logic moves into test functions with environment guards
- Update `core_pairing_test_cargo.rs` as proof of concept
### Step 3: Gradual Migration
- Keep existing framework intact during transition
- Migrate tests one by one to new approach
- Eventually remove old framework when all tests are converted
### Step 4: Remove Old Framework (Future)
- Delete `test_core` binary
- Remove `scenarios.rs` module
- Clean up unused infrastructure
## Benefits
1. **Test Logic Co-location**: All test code stays in test files where it belongs
2. **Better Developer Experience**: Easier to write, debug, and maintain tests
3. **No Serialization Complexity**: Uses native cargo test infrastructure
4. **Easy Debugging**: Can run individual test functions directly with env vars
5. **Simple Implementation**: Much simpler than function serialization approach
6. **Native Rust Support**: Leverages existing test tooling and conventions
## Comparison with Function Serialization Approach
| Aspect | Cargo Test Approach | Function Serialization |
|--------|-------------------|------------------------|
| **Complexity** | Simple - uses cargo test | Complex - custom serialization |
| **Debugging** | Easy - run test directly | Hard - requires special tooling |
| **Dependencies** | None - uses existing tools | Custom proc macros, serialization |
| **Performance** | Fast - native cargo | Slower - serialization overhead |
| **Maintenance** | Low - standard patterns | High - custom infrastructure |
| **Cross-platform** | Works everywhere cargo works | Potential platform issues |
## Potential Challenges
1. **Environment Variable Management**: Need clear conventions for env vars
2. **Test Isolation**: Ensure tests don't interfere when run separately
3. **Coordination Complexity**: File-based communication can be fragile
4. **Output Parsing**: Need robust patterns for success detection
## Alternative Approaches Considered
### A. Function Serialization (Initial Attempt)
- Extremely complex in Rust
- Requires custom build infrastructure
- Maintenance burden too high
### B. Container-Based Isolation
- Use Docker for process isolation
- Adds external dependencies
- Overkill for current needs
### C. Shared Library Approach
- Compile scenarios as dynamic libraries
- Platform-specific complications
- More complex than needed
## Success Criteria
1. Test logic remains in test files
2. No pre-compilation of test binaries required
3. Subprocess isolation maintained for networking tests
4. Easy to add new test scenarios
5. Good debugging experience
6. Simple implementation without complex infrastructure
7. Uses standard Rust/cargo tooling
## Timeline
- **Day 1**: Implement CargoTestRunner framework
- **Day 2**: Create proof of concept with pairing test
- **Day 3**: Test and refine the approach
- **Future**: Gradually migrate existing tests to new framework
## Conclusion
The cargo test subprocess approach is significantly simpler and more maintainable than function serialization while achieving the same goals. It leverages existing Rust tooling and conventions, making it easier to understand, debug, and maintain. All test logic stays exactly where it belongs - in the test files - while still providing the subprocess isolation needed for multi-device networking tests.

5
docs/core/design/IDEA_FOR_BETTER_INDEXING.md
View File

@@ -1,5 +0,0 @@
Currently the indexer will run on a location when it is added, populating the database. The location watcher will run on startup and watch for OS events to atomically update the index. The user can also explicitly re-index a location or path of a location at anytime. However this is not ideal, since Spacedrive going offline for a period would mean it to be impossible to know about changes within a location during that period.
One method to solve this would be to detect offline periods and mark locations as stale, triggering a reindex, or just dispatch those re-indexing jobs upon detection of an offline period. This however would be pretty intensive for users with lots of large locations should Spacedrive go offline. I believe locations should have a last index timestamp at least.
I would like your thoughts and potential ideas that factor in performance to keep the Spacedrive index as up-to-date as possible at all times.

68
docs/core/design/IMPLEMENTATION_STATUS.md
View File

@@ -1,68 +0,0 @@
# Implementation Status
## Completed
### 1. Library System
- **Self-contained libraries** with `.sdlibrary` directories
- **Human-readable names** instead of UUIDs
- **Portable structure** - just copy the folder to backup
- **Concurrent access protection** with lock files
- **Thumbnail management** with efficient two-level sharding
### 2. GraphQL API with async-graphql
- **Full type safety** from Rust structs to TypeScript interfaces
- **Industry standard** GraphQL instead of abandoned rspc
- **Better tooling** - GraphQL Playground, Apollo DevTools
- **Merged mutations** for clean API organization
### 3. Clean Architecture
- **No v2 naming** - single, official implementations
- **Library module** at the root level for fundamental functionality
- **Event-driven** architecture with EventBus
- **SdPath** as the foundation for cross-device operations
## Ready for Implementation
### 1. SeaORM Entities
Based on the file data model design:
- Entry (with SdPath serialization)
- UserMetadata (always exists for tagging)
- ContentIdentity (optional for deduplication)
- Location, Device, Tag, Label entities
### 2. P2P Layer
For remote SdPath operations:
- Device discovery
- Secure connections
- File streaming
- Command routing
### 3. Search System
- SQLite FTS5 integration
- Content extraction pipeline
- Vector embeddings (future)
### 4. File Operations
Complete implementation of:
- Cross-device copy (started)
- Move operations
- Delete with trash support
- Batch operations
## Architecture Decisions Made
1. **async-graphql over rspc** - Better maintenance and tooling
2. **Self-contained libraries** - Solves backup/portability issues
3. **SdPath everywhere** - Enables true VDFS
4. **Decoupled data model** - Any file can be tagged immediately
5. **Event-driven** - No more invalidate_query coupling
## Next Steps
1. **Implement SeaORM entities** for the new data model
2. **Create database migrations** for library schema
3. **Build location management** within libraries
4. **Implement search infrastructure** with FTS5
5. **Complete file operations** with P2P support
The foundation is solid and ready to build upon!

206
docs/core/design/INDEXER_ANALYSIS.md
View File

@@ -1,206 +0,0 @@
# Spacedrive Indexer Analysis
## Overview
The Spacedrive indexer is the most complex job in the system, handling directory walking, file metadata collection, database persistence, and state management across interruptions. This analysis examines its architecture to design a system that can handle it elegantly.
## Core Components
### 1. Directory Walking (`Walker` Task)
The walker is a sophisticated task that traverses directories with multiple stages:
#### Stages:
1. **Start**: Initialize and prepare git ignore rules
2. **Walking**: Read directory entries using async streams
3. **CollectingMetadata**: Gather file metadata in parallel
4. **CheckingIndexerRules**: Apply user-defined and git ignore rules
5. **ProcessingRulesResults**: Segregate accepted/rejected paths
6. **GatheringFilePathsToRemove**: Identify deleted files
7. **Finalize**: Prepare output and spawn sub-tasks
#### Key Features:
- **Resumable State Machine**: Each stage can be serialized/resumed
- **Parallel Metadata Collection**: Uses `futures_concurrency::future::Join`
- **Rule System Integration**: Supports glob patterns, git ignore, custom rules
- **Incremental Processing**: Yields control periodically via `check_interruption!`
### 2. Data Persistence Tasks
#### Saver Task:
- Batches new file entries (up to 1000 items)
- Creates CRDT operations for sync
- Handles bulk inserts with conflict resolution
- Supports shallow/deep priority modes
#### Updater Task:
- Updates existing file metadata
- Detects changes via inode/modification time comparison
- Maintains sync operations
### 3. Job Orchestration (`Indexer` Job)
#### State Management:
```rust
struct Indexer {
// Task queues
ancestors_needing_indexing: HashSet<WalkedEntry>,
ancestors_already_indexed: HashSet<IsolatedFilePathData>,
// Buffering for efficiency
to_create_buffer: VecDeque<WalkedEntry>,
to_update_buffer: VecDeque<WalkedEntry>,
// Size tracking
iso_paths_and_sizes: HashMap<IsolatedFilePathData, u64>,
// Metadata tracking
metadata: Metadata {
total_tasks: u64,
completed_tasks: u64,
indexed_count: u64,
updated_count: u64,
removed_count: u64,
mean_scan_read_time: Duration,
mean_db_write_time: Duration,
}
}
```
#### Complex Workflows:
1. **Task Dispatching**:
- Dynamically spawns walker tasks for subdirectories
- Batches save/update operations for efficiency
- Maintains task count for progress reporting
2. **Interrupt Handling**:
- Graceful pause/resume at task boundaries
- State serialization for persistence
- Task collection on shutdown
3. **Directory Size Calculation**:
- Accumulates sizes during walking
- Updates parent directories recursively
- Handles database updates in bulk
4. **Progress Reporting**:
- Real-time task count updates
- Phase-based status messages
- Detailed metadata collection
## Complexity Points
### 1. Distributed State
- State spread across multiple task types
- Parent-child relationships between tasks
- Accumulated data (sizes, counts) across task boundaries
### 2. Resumability Requirements
- Each task must be independently serializable
- Walker state includes partial directory reads
- Job state includes task queues and accumulators
### 3. Performance Optimizations
- Batching database operations (1000 item chunks)
- Shallow vs deep task priorities
- Work stealing between CPU cores
- Streaming directory reads to avoid memory spikes
### 4. Error Handling
- Non-critical errors collected without stopping
- Critical errors trigger graceful shutdown
- Partial progress preservation
### 5. Synchronization Complexity
- CRDT operations for multi-device sync
- Atomic database updates with sync entries
- Conflict resolution for concurrent modifications
## Design Requirements for New System
### 1. Flexible State Management
- **Requirement**: Support complex, nested state structures
- **Solution**: Trait-based state with automatic serialization
- **Example**:
```rust
trait JobState: Serialize + Deserialize {
type Output;
fn merge(&mut self, output: Self::Output);
}
```
### 2. Task Graph Support
- **Requirement**: Dynamic task spawning with dependencies
- **Solution**: DAG-based task scheduling with futures
- **Example**:
```rust
struct TaskGraph {
nodes: HashMap<TaskId, TaskNode>,
edges: HashMap<TaskId, Vec<TaskId>>,
}
```
### 3. Interruption Points
- **Requirement**: Fine-grained pause/resume control
- **Solution**: Async checkpoint system
- **Example**:
```rust
async fn with_checkpoint<T>(
interrupter: &Interrupter,
checkpoint: impl FnOnce() -> T
) -> ControlFlow<T>
```
### 4. Progress Composition
- **Requirement**: Aggregate progress from multiple tasks
- **Solution**: Hierarchical progress tracking
- **Example**:
```rust
struct Progress {
total: u64,
completed: u64,
children: Vec<Progress>,
}
```
### 5. Resource Management
- **Requirement**: Efficient handling of large datasets
- **Solution**: Streaming iterators with backpressure
- **Example**:
```rust
trait StreamProcessor {
async fn process_batch(&mut self, items: Vec<Item>) -> Result<()>;
}
```
### 6. Error Recovery
- **Requirement**: Graceful degradation with partial success
- **Solution**: Error accumulation with criticality levels
- **Example**:
```rust
enum JobError {
Critical(Error),
NonCritical(Vec<NonCriticalError>),
}
```
## Key Insights
1. **State Machine Pattern**: The walker's stage-based approach provides clear resumption points
2. **Batch Processing**: Buffering items before database operations significantly improves performance
3. **Task Prioritization**: Shallow tasks for immediate feedback, deep tasks for completeness
4. **Accumulator Pattern**: Collecting metrics and sizes during traversal for later bulk updates
5. **Separation of Concerns**: Walker handles filesystem, Saver/Updater handle database, Indexer orchestrates
6. **Flexibility through Traits**: Heavy use of trait objects allows runtime composition
## Recommendations for New Design
1. **Adopt Actor Model**: Each major component as an actor with message passing
2. **Event Sourcing**: Track state changes as events for easier debugging/replay
3. **Pipeline Architecture**: Chain operators for data transformation
4. **Async Generators**: Use async streams for memory-efficient processing
5. **Capability-Based Design**: Inject capabilities (DB, FS, etc.) for testability

281
docs/core/design/INDEXER_ANALYSIS_2.md
View File

@@ -1,281 +0,0 @@
# Deep Analysis of Original Spacedrive Indexer vs New Implementation
## Executive Summary
After thoroughly analyzing the original Spacedrive indexer implementation in `@core/crates/heavy-lifting/src/indexer/`, I've identified significant architectural sophistication and functionality that our new implementation appears to be missing. The original system is a comprehensive, production-grade indexing solution with advanced features for incremental indexing, sophisticated rule systems, and integrated workflows.
## Key Architectural Components
### 1. **Multi-Stage Job System Architecture**
The original indexer is built on a sophisticated job system with multiple phases:
- **Walker Stage**: Directory traversal with state machines
- **Saver Stage**: Batch database operations for new files
- **Updater Stage**: Incremental updates for changed files
- **File Identifier Stage**: Content analysis and object creation
- **Media Processor Stage**: Thumbnail generation and metadata extraction
**Missing in New Implementation**: The new version appears to lack this multi-stage pipeline architecture and the sophisticated task coordination system.
### 2. **Advanced State Management & Resumability**
**Original Features**:
- **Serializable Tasks**: All tasks can be serialized and resumed after interruption
- **Checkpoint System**: Jobs can be paused, resumed, or shutdown gracefully
- **State Machines**: Walker uses sophisticated state machine pattern with stages:
- `Start``Walking``CollectingMetadata``CheckingIndexerRules``ProcessingRulesResults``GatheringFilePathsToRemove``Finalize`
- **Progress Tracking**: Detailed progress reporting with task counts and phases
- **Error Recovery**: Non-critical errors are collected and reported without stopping the job
**Missing in New Implementation**: Basic state management without resumability or sophisticated error recovery.
### 3. **Sophisticated Indexer Rules System**
**Original Rule Types**:
- **Glob-based Rules**: `AcceptFilesByGlob`, `RejectFilesByGlob` with full glob pattern support
- **Directory-based Rules**: `AcceptIfChildrenDirectoriesArePresent`, `RejectIfChildrenDirectoriesArePresent`
- **Git Integration**: `IgnoredByGit` with native .gitignore parsing
- **Dynamic Rule Loading**: Rules can be extended at runtime
- **Rule Composition**: Multiple rules can be combined with complex logic
**Rule Processing Logic**:
```rust
// Complex rule evaluation with precedence
fn reject_path(acceptance_per_rule_kind: &HashMap<RuleKind, Vec<bool>>) -> bool {
Self::rejected_by_reject_glob(acceptance_per_rule_kind)
|| Self::rejected_by_git_ignore(acceptance_per_rule_kind)
|| Self::rejected_by_children_directories(acceptance_per_rule_kind)
|| Self::rejected_by_accept_glob(acceptance_per_rule_kind)
}
```
**Missing in New Implementation**: The new version likely has basic or no rule system compared to this sophisticated approach.
### 4. **Incremental Indexing & Change Detection**
**Original Capabilities**:
- **Inode-based Change Detection**: Uses filesystem inodes to detect moved/renamed files
- **Timestamp Comparison**: Millisecond-precision modification time comparison
- **Size Verification**: Directory size calculations with validation
- **Ancestor Tracking**: Efficiently tracks directory hierarchy changes
- **Delta Updates**: Only processes changed files, not entire directory trees
**Implementation Example**:
```rust
// Sophisticated change detection logic
if (inode_from_db(&inode[0..8]) != metadata.inode
|| (DateTime::<FixedOffset>::from(metadata.modified_at) - *date_modified
> ChronoDuration::milliseconds(1))
|| file_path.hidden.is_none()
|| metadata.hidden != file_path.hidden.unwrap_or_default())
&& !(iso_file_path.to_parts().is_dir
&& metadata.size_in_bytes != file_path.size_in_bytes_bytes.as_ref()
.map(|size_in_bytes_bytes| u64::from_be_bytes([...]))
.unwrap_or_default())
{
to_update.push(/* ... */);
}
```
**Missing in New Implementation**: Likely lacks sophisticated change detection and incremental updating.
### 5. **Advanced Database Integration**
**Original Features**:
- **Batch Operations**: Efficient batch inserts/updates with configurable chunk sizes
- **Orphan Detection**: Sophisticated queries to find files without objects
- **Relationship Management**: Complex file-object-location relationships
- **Size Calculation**: Automatic directory size computation with reverse propagation
**Database Patterns**:
```rust
// Sophisticated batch processing with chunking
const BATCH_SIZE: usize = 1000;
chunk_db_queries(iso_file_paths, db)
.into_iter()
.chunks(200) // SQL expression tree limit handling
.map(|paths_chunk| {
db.file_path()
.find_many(vec![or(paths_chunk.collect())])
.select(file_path_to_isolate_with_pub_id::select())
})
```
**Missing in New Implementation**: Likely simpler database operations without the sophisticated batching and relationship management.
### 6. **Integrated File Identification Pipeline**
**Original System**:
- **CAS ID Generation**: Content-addressable storage identifiers
- **Object Creation/Linking**: Automatic object creation for duplicate detection
- **Priority Processing**: Files in immediate view get priority processing
- **Metadata Extraction**: Integrated EXIF and media metadata extraction
- **Thumbnail Generation**: Automatic thumbnail creation for supported file types
**File Identification Phases**:
1. **SearchingOrphansWithPriority**: Process visible files first
2. **SearchingOrphans**: Find all unidentified files
3. **IdentifyingFiles**: Extract metadata and generate CAS IDs
4. **ProcessingObjects**: Create or link to existing objects
**Missing in New Implementation**: Likely lacks this sophisticated file identification and object management system.
### 7. **Media Processing Integration**
**Original Capabilities**:
- **EXIF Data Extraction**: Automatic extraction of image metadata
- **FFmpeg Integration**: Video metadata and thumbnail generation
- **Thumbnail Management**: Organized thumbnail storage with sharding
- **Document Thumbnails**: PDF and document preview generation
- **Batch Processing**: Efficient media processing with platform-specific batch sizes
**Media Processing Types**:
```rust
#[cfg(target_os = "ios")]
const BATCH_SIZE: usize = 2; // Platform-specific optimizations
#[cfg(not(any(target_os = "ios", target_os = "android")))]
const BATCH_SIZE: usize = 10;
```
**Missing in New Implementation**: Likely lacks integrated media processing or has it as a separate, less sophisticated system.
### 8. **Performance Optimizations**
**Original Optimizations**:
- **Shallow vs Deep Indexing**: Different strategies for immediate vs background processing
- **Task Prioritization**: Priority queue system for user-visible files
- **Memory Management**: Efficient memory usage with streaming operations
- **Concurrent Processing**: Task-based concurrency with controlled parallelism
- **Database Query Optimization**: Sophisticated query chunking and batching
**Concurrency Patterns**:
```rust
// Sophisticated task dispatch with priority handling
let task_handles = FuturesUnordered::new();
dispatcher.dispatch_many_boxed(
keep_walking_tasks.into_iter().map(IntoTask::into_task)
.chain(save_tasks.into_iter().map(IntoTask::into_task))
.chain(update_tasks.into_iter().map(IntoTask::into_task))
).await?
```
**Missing in New Implementation**: Likely lacks these sophisticated performance optimizations.
### 9. **Git Integration & System Awareness**
**Original Features**:
- **Native .gitignore Parsing**: Direct integration with Git repositories
- **Repository Detection**: Automatic detection of Git repositories
- **Rule Extension**: Dynamic addition of Git rules to existing rule sets
- **Path Resolution**: Sophisticated path resolution within Git contexts
**Git Integration Example**:
```rust
if indexer_ruler.has_system(&GITIGNORE) {
if let Some(rules) = GitIgnoreRules::get_rules_if_in_git_repo(root, path).await {
indexer_ruler.extend(rules.map(Into::into));
}
}
```
**Missing in New Implementation**: Likely lacks native Git integration.
### 10. **Error Handling & Observability**
**Original Capabilities**:
- **Non-Critical Error Collection**: Continues operation while collecting errors
- **Detailed Metrics**: Comprehensive timing and performance metrics
- **Progress Reporting**: Real-time progress updates with phases
- **Structured Logging**: Detailed tracing with context
- **Graceful Degradation**: System continues working even with partial failures
**Error Types**:
```rust
#[derive(thiserror::Error, Debug, Serialize, Deserialize, Type, Clone)]
pub enum NonCriticalIndexerError {
#[error("failed to read directory entry: {0}")]
FailedDirectoryEntry(String),
#[error("failed to fetch metadata: {0}")]
Metadata(String),
#[error("error applying indexer rule: {0}")]
IndexerRule(String),
// ... many more specific error types
}
```
**Missing in New Implementation**: Likely has basic error handling without the sophisticated error categorization and collection.
## Architecture Analysis: Original vs New
### Original Architecture Strengths
1. **Production Ready**: Built for real-world usage with comprehensive error handling
2. **Highly Resumable**: Can handle interruptions gracefully
3. **Sophisticated Rule System**: Flexible and powerful file filtering
4. **Performance Optimized**: Multiple levels of optimization for different scenarios
5. **Integrated Ecosystem**: Tight integration with file identification, media processing, and sync systems
6. **Observability**: Comprehensive metrics and progress reporting
### Potential New Implementation Gaps
Based on this analysis, the new implementation is likely missing:
1. **Multi-stage Pipeline Architecture**
2. **Sophisticated State Management & Resumability**
3. **Advanced Indexer Rules System**
4. **Incremental Change Detection**
5. **Integrated File Identification**
6. **Media Processing Integration**
7. **Performance Optimizations**
8. **Git Integration**
9. **Comprehensive Error Handling**
## Recommendations
### Critical Missing Features to Implement
1. **Indexer Rules System**: Implement at least basic glob-based filtering
2. **Incremental Indexing**: Add change detection based on modification times and inodes
3. **State Management**: Add basic job pause/resume capabilities
4. **Error Handling**: Implement non-critical error collection
5. **Progress Reporting**: Add detailed progress tracking
### Advanced Features for Future Implementation
1. **Git Integration**: Native .gitignore support
2. **Media Processing Pipeline**: Integrated thumbnail and metadata extraction
3. **Object Management**: File identification and deduplication
4. **Performance Optimization**: Task prioritization and batching
### Architecture Recommendations
1. **Adopt Task-Based Architecture**: Implement a similar job/task system
2. **Implement State Machines**: Use state machines for complex operations
3. **Add Serialization Support**: Enable job resumability
4. **Create Integrated Pipeline**: Connect indexing with file identification and media processing
5. **Build Rule System**: Implement flexible rule-based filtering
## Conclusion
The original Spacedrive indexer is a sophisticated, production-grade system with numerous advanced features that our new implementation appears to be missing. While starting with a simpler implementation makes sense for getting up and running quickly, we should plan to incrementally add these missing capabilities to achieve feature parity and production readiness.
The original implementation demonstrates years of real-world usage refinement and handles many edge cases and performance scenarios that a new implementation would need to learn through experience. Consider this analysis as a roadmap for evolving our new indexer toward production readiness.

486
docs/core/design/INDEXER_JOB_EXAMPLE.md
View File

@@ -1,486 +0,0 @@
# Indexer Job Implementation Example
This document shows how the complex indexer job would be implemented using the new job system, demonstrating how it handles state machines, resumability, and progress reporting.
## Complete Indexer Implementation
```rust
use spacedrive_jobs::prelude::*;
use std::collections::{HashMap, HashSet, VecDeque};
/// The main indexer job - discovers and indexes files in a location
#[derive(Job, Debug, Serialize, Deserialize)]
#[job(name = "indexer", resumable = true, progress = IndexerProgress)]
pub struct IndexerJob {
pub location_id: Uuid,
pub root_path: SdPath,
pub mode: IndexMode,
// Resumable state
#[serde(skip_serializing_if = "Option::is_none")]
state: Option<IndexerState>,
}
/// Indexer-specific progress reporting
#[derive(Debug, Clone, Serialize, Deserialize, JobProgress)]
pub struct IndexerProgress {
pub phase: IndexPhase,
pub current_path: String,
pub total_found: IndexerStats,
pub processing_rate: f32, // items/sec
pub estimated_remaining: Option<Duration>,
}
#[derive(Debug, Clone, Copy, Serialize, Deserialize)]
pub struct IndexerStats {
pub files: u64,
pub dirs: u64,
pub bytes: u64,
pub symlinks: u64,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum IndexPhase {
Discovery { dirs_queued: usize },
Processing { batch: usize, total_batches: usize },
ContentIdentification { current: usize, total: usize },
Finalizing,
}
/// Main job implementation
#[job_handler]
impl IndexerJob {
async fn run(&mut self, ctx: JobContext) -> JobResult<IndexerOutput> {
// Initialize or restore state
let state = match &mut self.state {
Some(state) => {
ctx.log("Resuming indexer from saved state");
state
}
None => {
ctx.log("Starting new indexer job");
self.state = Some(IndexerState::new(&self.root_path));
self.state.as_mut().unwrap()
}
};
// Main state machine loop
loop {
ctx.check_interrupt().await?;
match &state.phase {
// Phase 1: Directory discovery
Phase::Discovery => {
self.run_discovery_phase(state, &ctx).await?;
}
// Phase 2: Batch processing of found items
Phase::Processing => {
self.run_processing_phase(state, &ctx).await?;
}
// Phase 3: Content identification (if deep mode)
Phase::ContentIdentification => {
if self.mode >= IndexMode::Content {
self.run_content_phase(state, &ctx).await?;
} else {
state.phase = Phase::Complete;
}
}
// Phase 4: Done!
Phase::Complete => break,
}
// Checkpoint after each phase
ctx.checkpoint().await?;
}
// Generate final output
Ok(IndexerOutput {
location_id: self.location_id,
stats: state.stats.clone(),
duration: state.started_at.elapsed(),
errors: state.errors.clone(),
})
}
/// Phase 1: Walk directories and collect entries
async fn run_discovery_phase(&self, state: &mut IndexerState, ctx: &JobContext) -> Result<()> {
while let Some(dir_path) = state.dirs_to_walk.pop_front() {
ctx.check_interrupt().await?;
// Update progress
ctx.progress(IndexerProgress {
phase: IndexPhase::Discovery {
dirs_queued: state.dirs_to_walk.len()
},
current_path: dir_path.to_string_lossy().to_string(),
total_found: state.stats,
processing_rate: state.calculate_rate(),
estimated_remaining: state.estimate_remaining(),
});
// Should we spawn a sub-job for this directory?
if self.should_spawn_subjob(&dir_path, state) {
ctx.spawn_child(IndexerJob {
location_id: self.location_id,
root_path: dir_path.to_sdpath()?,
mode: self.mode.clone(),
state: None,
}).await?;
continue;
}
// Read directory entries
match self.read_directory(&dir_path, &ctx).await {
Ok(entries) => {
for entry in entries {
match entry.kind {
EntryKind::Directory => {
state.dirs_to_walk.push_back(entry.path.clone());
state.stats.dirs += 1;
}
EntryKind::File => {
state.pending_entries.push(entry);
state.stats.files += 1;
}
EntryKind::Symlink => {
state.stats.symlinks += 1;
}
}
}
// Batch entries for processing
if state.pending_entries.len() >= 1000 {
state.entry_batches.push(
std::mem::take(&mut state.pending_entries)
);
}
}
Err(e) => {
ctx.add_non_critical_error(format!("Failed to read {}: {}", dir_path.display(), e));
state.errors.push(IndexError::ReadDir {
path: dir_path.to_string_lossy().to_string(),
error: e.to_string()
});
}
}
// Periodic checkpoint during discovery
if state.stats.files % 10000 == 0 {
ctx.checkpoint_with_state(state).await?;
}
}
// Final batch
if !state.pending_entries.is_empty() {
state.entry_batches.push(
std::mem::take(&mut state.pending_entries)
);
}
state.phase = Phase::Processing;
Ok(())
}
/// Phase 2: Process entry batches
async fn run_processing_phase(&self, state: &mut IndexerState, ctx: &JobContext) -> Result<()> {
let total_batches = state.entry_batches.len();
while let Some(batch) = state.entry_batches.pop() {
ctx.check_interrupt().await?;
let batch_num = total_batches - state.entry_batches.len();
ctx.progress(IndexerProgress {
phase: IndexPhase::Processing {
batch: batch_num,
total_batches
},
current_path: format!("Batch {}/{}", batch_num, total_batches),
total_found: state.stats,
processing_rate: state.calculate_rate(),
estimated_remaining: state.estimate_remaining(),
});
// Process batch in a transaction
ctx.library_db().transaction(|tx| async {
for entry in batch {
// Create Entry with UserMetadata
let db_entry = self.create_entry(&entry, &ctx).await?;
// Track for content identification
if self.mode >= IndexMode::Content {
state.entries_for_content.push((db_entry.id, entry.path));
}
state.stats.bytes += entry.size;
}
Ok(())
}).await?;
ctx.checkpoint_with_state(state).await?;
}
state.phase = Phase::ContentIdentification;
Ok(())
}
/// Phase 3: Generate content identities
async fn run_content_phase(&self, state: &mut IndexerState, ctx: &JobContext) -> Result<()> {
let total = state.entries_for_content.len();
// Process in chunks for better performance
for chunk in state.entries_for_content.chunks(100) {
ctx.check_interrupt().await?;
let current = total - state.entries_for_content.len();
ctx.progress(IndexerProgress {
phase: IndexPhase::ContentIdentification { current, total },
current_path: "Generating content identities".to_string(),
total_found: state.stats,
processing_rate: state.calculate_rate(),
estimated_remaining: state.estimate_remaining(),
});
// Parallel content identification
let cas_futures = chunk.iter().map(|(entry_id, path)| {
self.generate_cas_id(path, &ctx)
});
let cas_results = futures::future::join_all(cas_futures).await;
// Update database with content identities
ctx.library_db().transaction(|tx| async {
for ((entry_id, _), cas_result) in chunk.iter().zip(cas_results) {
if let Ok(cas_id) = cas_result {
self.link_content_identity(*entry_id, cas_id, tx).await?;
}
}
Ok(())
}).await?;
}
state.phase = Phase::Complete;
Ok(())
}
// Helper methods
fn should_spawn_subjob(&self, path: &PathBuf, state: &IndexerState) -> bool {
// Spawn subjobs for large directories to parallelize
state.dirs_to_walk.len() > 10 &&
state.stats.dirs > 100 &&
path.ancestors().count() < 5 // Not too deep
}
async fn read_directory(&self, path: &PathBuf, ctx: &JobContext) -> Result<Vec<DirEntry>> {
// Use streaming to handle large directories
let mut entries = Vec::new();
let mut dir = tokio::fs::read_dir(path).await?;
while let Some(entry) = dir.next_entry().await? {
let metadata = entry.metadata().await?;
let kind = if metadata.is_dir() {
EntryKind::Directory
} else if metadata.is_symlink() {
EntryKind::Symlink
} else {
EntryKind::File
};
entries.push(DirEntry {
path: entry.path(),
kind,
size: metadata.len(),
modified: metadata.modified().ok(),
});
}
Ok(entries)
}
async fn create_entry(&self, entry: &DirEntry, ctx: &JobContext) -> Result<entities::Entry> {
use sea_orm::ActiveValue::*;
let entry_model = entities::entry::ActiveModel {
id: NotSet,
uuid: Set(Uuid::new_v7()),
prefix_id: Set(self.get_or_create_prefix(&entry.path).await?),
relative_path: Set(self.get_relative_path(&entry.path)),
name: Set(entry.path.file_name().unwrap().to_string_lossy().to_string()),
kind: Set(entry.kind.to_string()),
size: Set(entry.size as i64),
modified_at: Set(entry.modified.map(|t| t.into())),
metadata_id: Set(Uuid::new_v7()), // Always create metadata
content_id: Set(None), // Will be set in content phase
..Default::default()
};
Ok(entry_model.insert(ctx.library_db().conn()).await?)
}
}
/// Resumable state for the indexer
#[derive(Debug, Serialize, Deserialize)]
struct IndexerState {
phase: Phase,
started_at: Instant,
// Discovery phase
dirs_to_walk: VecDeque<PathBuf>,
pending_entries: Vec<DirEntry>,
// Processing phase
entry_batches: Vec<Vec<DirEntry>>,
// Content phase
entries_for_content: Vec<(Uuid, PathBuf)>,
// Statistics
stats: IndexerStats,
errors: Vec<IndexError>,
// Performance tracking
items_per_second: RingBuffer<f32>,
}
#[derive(Debug, Serialize, Deserialize)]
enum Phase {
Discovery,
Processing,
ContentIdentification,
Complete,
}
#[derive(Debug, Serialize, Deserialize)]
struct DirEntry {
path: PathBuf,
kind: EntryKind,
size: u64,
modified: Option<SystemTime>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
enum IndexError {
ReadDir { path: String, error: String },
CreateEntry { path: String, error: String },
ContentId { path: String, error: String },
}
/// Job output
#[derive(Debug, Serialize, Deserialize)]
pub struct IndexerOutput {
pub location_id: Uuid,
pub stats: IndexerStats,
pub duration: Duration,
pub errors: Vec<IndexError>,
}
impl IndexerState {
fn new(root_path: &SdPath) -> Self {
let mut dirs_to_walk = VecDeque::new();
dirs_to_walk.push_back(root_path.to_path_buf());
Self {
phase: Phase::Discovery,
started_at: Instant::now(),
dirs_to_walk,
pending_entries: Vec::new(),
entry_batches: Vec::new(),
entries_for_content: Vec::new(),
stats: Default::default(),
errors: Vec::new(),
items_per_second: RingBuffer::new(60), // Track last minute
}
}
fn calculate_rate(&self) -> f32 {
self.items_per_second.average()
}
fn estimate_remaining(&self) -> Option<Duration> {
// Complex estimation based on current rate and queue sizes
None // TODO: Implement
}
}
```
## Usage Example
```rust
// Dispatch an indexer job
let job = IndexerJob {
location_id: location.id,
root_path: location.path.clone(),
mode: IndexMode::Deep,
state: None,
};
let handle = library.jobs().dispatch(job).await?;
// Monitor progress
let mut progress_rx = handle.subscribe();
while let Some(update) = progress_rx.next().await {
match update {
JobUpdate::Progress(IndexerProgress { phase, total_found, .. }) => {
println!("Indexer {:?}: {} files, {} dirs", phase, total_found.files, total_found.dirs);
}
JobUpdate::Completed(output) => {
println!("Indexing complete: {:?}", output.stats);
}
_ => {}
}
}
// Can pause/resume
handle.pause().await?;
// ... later ...
handle.resume().await?;
// Or cancel
handle.cancel().await?;
```
## Key Design Patterns
### 1. State Machine Architecture
- Clear phases with explicit transitions
- Each phase is independently resumable
- State persists between phases
### 2. Batching for Performance
- Collects entries into batches of 1000
- Processes in database transactions
- Reduces database round trips
### 3. Subjob Spawning
- Large directories spawn parallel subjobs
- Prevents single-threaded bottlenecks
- Natural work distribution
### 4. Progress Composition
- Structured progress with phase information
- Real-time performance metrics
- Estimated time remaining
### 5. Error Resilience
- Non-critical errors don't stop indexing
- Errors collected for final report
- Graceful degradation
## Comparison with Original
### Original Indexer
- 2000+ lines across multiple files
- Complex job/task split
- Manual state serialization
- Difficult to understand flow
### New Indexer
- ~400 lines in single file
- Clear state machine
- Automatic serialization
- Self-documenting with types
The new design maintains all the sophistication while being much more maintainable!

168
docs/core/design/INDEXER_PROGRESS.md
View File

@@ -1,168 +0,0 @@
# Indexer Implementation Progress
Last Updated: 2025-06-19
## Overview
The new indexer has been rewritten with a phase-based architecture that prioritizes simplicity, maintainability, and performance. This document tracks the implementation progress compared to the original indexer in `core/crates/heavy-lifting/src/indexer/`.
## Architecture
The new indexer uses a clean phase-based pipeline:
- **Discovery Phase**: Directory traversal and entry collection
- **Processing Phase**: Database entry creation and updates with parent relationships
- **Aggregation Phase**: Calculate directory sizes and child counts
- **Content Identification Phase**: CAS ID generation and deduplication
- **Complete Phase**: Final cleanup and metrics reporting
## Implemented Features
### Core Functionality
- [x] **Multi-phase indexing architecture** - Clean separation of concerns
- [x] **Full job system integration** - Pause, resume, cancel support
- [x] **State persistence** - Full state serialization for resumability
- [x] **Checkpoint system** - Periodic state saves every 5000 files
- [x] **Batch processing** - Configurable batch sizes (default 1000)
- [x] **Progress reporting** - Detailed progress with phase tracking
### Change Detection & Incremental Updates
- [x] **Inode-based tracking** - Cross-platform inode extraction
- [x] **Move/rename detection** - Tracks files moved within indexed locations
- [x] **Modification detection** - Size and timestamp comparison
- [x] **Deletion detection** - Identifies removed files
- [x] **New file detection** - Finds newly added files
- [x] **Configurable time precision** - Handles filesystem timestamp limitations
### Performance & Monitoring
- [x] **Comprehensive metrics** - Per-phase timing and throughput
- [x] **Error statistics** - Categorized error tracking
- [x] **Database operation tracking** - Insert/update/delete counts
- [x] **Throughput calculations** - Files/dirs/bytes per second
- [x] **Non-critical error collection** - Graceful degradation
### File System Integration
- [x] **Cross-platform metadata extraction** - Unix permissions, timestamps
- [x] **Hidden file detection** - Platform-specific hidden file handling
- [x] **Symlink type detection** - Identifies symbolic links
- [x] **Directory traversal** - Efficient async directory reading
- [x] **Loop detection** - Prevents infinite loops in symlinked directories
### Content Management
- [x] **CAS ID generation** - Content-addressable storage integration
- [x] **Content deduplication** - Links multiple entries to same content
- [x] **Parallel hashing** - Chunked parallel processing for performance
- [x] **Entry count tracking** - Tracks references per content identity
### Database Optimization
- [x] **Path prefix normalization** - Reduces storage redundancy
- [x] **Prefix caching** - Improves performance for common prefixes
- [x] **Efficient updates** - Only updates changed fields
- [x] **Batch operations** - Reduces database round trips
## Not Implemented
### Deep Indexing Features
- [ ] **Thumbnail generation** - Image/video preview generation
- [ ] **Text extraction** - Full-text search support
- [ ] **Media metadata** - EXIF, ID3, video metadata
- [ ] **MIME type detection** - Accurate file type identification
- [ ] **Content analysis** - File format validation
- [ ] **Archive inspection** - Look inside zip/tar files
### Directory Management
- [x] **Size aggregation** - Calculate directory sizes
- [x] **Parent-child relationships** - Track directory hierarchy with parent_id
- [x] **Directory statistics** - File count, child count tracking
- [x] **Efficient hierarchical queries** - Indexed parent_id for fast lookups
### Rules System
- [ ] **Database-backed rules** - User-configurable indexing rules
- [ ] **Per-location rules** - Different rules for different locations
- [ ] **Glob pattern matching** - Include/exclude by pattern
- [ ] **Git ignore integration** - Respect .gitignore files
- [ ] **Rule compilation** - Efficient rule evaluation
- [ ] **UI for rule management** - User interface for configuration
### Advanced Features
- [ ] **Network file support** - Full SMB/NFS handling
- [ ] **Cloud storage integration** - Index cloud providers
- [ ] **Indexing priorities** - User-defined indexing order
- [ ] **Partial indexing** - Index specific subdirectories only
## Partially Implemented
### Memory Management
- [x] Structure exists in metrics
- [ ] Actual memory tracking
- [ ] Memory limit enforcement
- [ ] Adaptive batch sizing
### Location Integration
- [x] Basic location support
- [ ] Multiple location coordination
- [ ] Location-specific settings
- [ ] Cross-location deduplication
## Implementation Comparison
| Feature | Old Indexer | New Indexer | Status |
| ---------------- | ------------------------- | ------------------------- | --------------------- |
| Architecture | Task-based with 7 stages | Phase-based with 5 phases | Simplified |
| State Management | Complex serialization | Direct JSON/MessagePack | Improved |
| Change Detection | Full implementation | Full implementation | Complete |
| Rules System | Database-backed, complex | Hardcoded filters only | Missing |
| Performance | Parallel tasks, streaming | Batch processing, metrics | Different approach |
| Content Identity | Basic CAS support | Full deduplication system | Enhanced |
| Error Handling | Critical/non-critical | Categorized collection | Improved |
| Directory Sizes | Materialized paths | Parent ID + aggregation | Enhanced |
| Deep Indexing | Not implemented | Framework exists | In progress |
| Sync Support | Full CRDT integration | Not planned yet | Deferred |
## Priority TODOs
1. **Implement Rules System** - Critical for user control
- Design rule storage schema
- Implement rule evaluation engine
- Add git ignore support
- Create UI for rule management
2. **Deep Indexing Phase** - Enhanced functionality
- Integrate thumbnail generation
- Add text extraction
- Implement media metadata extraction
3. **Memory Management** - Production readiness
- Implement actual memory tracking
- Add adaptive batch sizing
- Enforce memory limits
4. **Testing & Documentation**
- Add comprehensive test coverage
- Document public APIs
- Create integration examples
## Notes
- The new indexer prioritizes correctness and maintainability over complex optimizations
- CRDT sync support is intentionally deferred to a later phase
- The phase-based architecture makes it easier to add new processing steps
- Real-time file system monitoring is handled by the separate `location_watcher` service (see `/core/src/services/location_watcher/` and `/core/docs/design/WATCHER_VDFS_INTEGRATION.md`)
- Directory sizes are calculated in a dedicated aggregation phase, making them more accurate and efficient than the old materialized path approach
- Parent-child relationships use explicit parent_id references instead of materialized paths, enabling more flexible hierarchical queries
- Current implementation provides a solid foundation for future enhancements

348
docs/core/design/INDEXER_RULES_SYSTEM.md
View File

@@ -1,348 +0,0 @@
# Indexer Rules System Design
## Overview
This document outlines the design for implementing an indexer rules system in Spacedrive's new core architecture. The system allows users to define flexible rules that control which files and directories are included or excluded during indexing operations.
## Goals
1. **Flexibility**: Support multiple rule types (glob patterns, regex, file attributes, git integration)
2. **Performance**: Minimal impact on indexing speed through efficient rule evaluation
3. **Persistence**: Store rules in the database with proper relationships to locations
4. **Extensibility**: Easy to add new rule types without major refactoring
5. **User Control**: Allow users to create, modify, and delete rules per location
6. **System Defaults**: Provide sensible default rules that can be overridden
## Architecture
### Domain Model
```rust
// core/src/domain/indexer_rule.rs
pub struct IndexerRule {
pub id: Uuid,
pub name: String,
pub description: Option<String>,
pub is_system: bool, // System rules cannot be deleted
pub is_enabled: bool,
pub priority: i32, // Higher priority rules evaluated first
pub rule_type: IndexerRuleType,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
pub enum IndexerRuleType {
// Path-based rules
AcceptGlob { patterns: Vec<String> },
RejectGlob { patterns: Vec<String> },
AcceptRegex { patterns: Vec<String> },
RejectRegex { patterns: Vec<String> },
// Directory rules
AcceptIfChildExists { children: Vec<String> },
RejectIfChildExists { children: Vec<String> },
// File attribute rules
RejectLargerThan { size_bytes: u64 },
RejectOlderThan { days: u32 },
AcceptExtensions { extensions: Vec<String> },
RejectExtensions { extensions: Vec<String> },
// Integration rules
RespectGitignore,
RejectSystemFiles,
RejectHiddenFiles,
}
pub struct LocationRules {
pub location_id: Uuid,
pub rules: Vec<IndexerRule>,
pub inherit_system_rules: bool,
}
```
### Database Schema
```sql
-- Rules definition table
CREATE TABLE indexer_rules (
id UUID PRIMARY KEY,
name VARCHAR(255) NOT NULL,
description TEXT,
is_system BOOLEAN NOT NULL DEFAULT FALSE,
is_enabled BOOLEAN NOT NULL DEFAULT TRUE,
priority INTEGER NOT NULL DEFAULT 0,
rule_type_discriminator VARCHAR(50) NOT NULL,
rule_data JSONB NOT NULL, -- Stores type-specific data
created_at TIMESTAMPTZ NOT NULL,
updated_at TIMESTAMPTZ NOT NULL
);
-- Location-rule relationships
CREATE TABLE location_indexer_rules (
location_id UUID NOT NULL REFERENCES locations(id) ON DELETE CASCADE,
rule_id UUID NOT NULL REFERENCES indexer_rules(id) ON DELETE CASCADE,
rule_order INTEGER NOT NULL, -- Override default priority for this location
PRIMARY KEY (location_id, rule_id)
);
-- Rule application history (optional, for debugging)
CREATE TABLE indexer_rule_applications (
id UUID PRIMARY KEY,
location_id UUID NOT NULL REFERENCES locations(id),
rule_id UUID NOT NULL REFERENCES indexer_rules(id),
path TEXT NOT NULL,
action VARCHAR(20) NOT NULL, -- 'accepted' or 'rejected'
applied_at TIMESTAMPTZ NOT NULL
);
```
### Rule Evaluation Engine
```rust
// core/src/services/indexer_rules/engine.rs
pub struct IndexerRuleEngine {
compiled_rules: Vec<CompiledRule>,
gitignore_cache: Option<GitignoreCache>,
}
pub struct CompiledRule {
rule: IndexerRule,
matcher: RuleMatcher,
}
pub enum RuleMatcher {
Glob(GlobSet),
Regex(RegexSet),
ChildExists(HashSet<String>),
FileAttribute(Box<dyn Fn(&EntryMetadata) -> bool>),
Gitignore(Gitignore),
}
impl IndexerRuleEngine {
pub fn new(rules: Vec<IndexerRule>) -> Result<Self> {
// Compile rules for efficient matching
// Sort by priority
// Initialize gitignore if needed
}
pub fn should_index(&self, path: &Path, metadata: &EntryMetadata) -> RuleDecision {
// Evaluate rules in priority order
// Short-circuit on first definitive decision
// Return decision with matching rule for debugging
}
}
pub struct RuleDecision {
pub should_index: bool,
pub matching_rule: Option<Uuid>,
pub reason: String,
}
```
### Integration Points
#### 1. Indexer Job Integration
```rust
// Modify core/src/operations/indexing/indexer_job.rs
impl IndexerJob {
async fn setup_rule_engine(&self, location: &Location) -> Result<IndexerRuleEngine> {
// Load rules for location from database
// Merge with system rules if enabled
// Compile and cache rule engine
}
async fn read_directory(&self, path: &Path, rule_engine: &IndexerRuleEngine) -> Result<Vec<Entry>> {
// Apply rules during directory traversal
// Skip rejected paths early
// Track rule applications if debugging enabled
}
}
```
#### 2. Location Manager Integration
```rust
// Extend core/src/location/manager.rs
impl LocationManager {
pub async fn create_location_with_rules(
&self,
path: PathBuf,
rule_ids: Vec<Uuid>,
) -> Result<Location> {
// Create location
// Attach rules
// Validate rule compatibility
}
pub async fn update_location_rules(
&self,
location_id: Uuid,
rule_ids: Vec<Uuid>,
) -> Result<()> {
// Update rules
// Trigger re-indexing if needed
}
}
```
#### 3. File Watcher Integration
```rust
// Extend core/src/services/location_watcher/event_handler.rs
impl EventHandler {
async fn should_process_event(&self, path: &Path) -> bool {
// Get cached rule engine for location
// Apply rules to determine if event should be processed
// Cache decision for performance
}
}
```
### System Default Rules
```rust
pub fn create_system_rules() -> Vec<IndexerRule> {
vec![
// OS-specific system files
IndexerRule {
name: "Ignore System Files".to_string(),
rule_type: IndexerRuleType::RejectGlob {
patterns: vec![
"*.DS_Store".to_string(),
"Thumbs.db".to_string(),
"desktop.ini".to_string(),
"$RECYCLE.BIN".to_string(),
],
},
priority: 100,
is_system: true,
..Default::default()
},
// Hidden files
IndexerRule {
name: "Ignore Hidden Files".to_string(),
rule_type: IndexerRuleType::RejectHiddenFiles,
priority: 90,
is_system: true,
..Default::default()
},
// Development artifacts
IndexerRule {
name: "Ignore Development Folders".to_string(),
rule_type: IndexerRuleType::RejectGlob {
patterns: vec![
"node_modules".to_string(),
"__pycache__".to_string(),
".git".to_string(),
"target".to_string(),
"dist".to_string(),
],
},
priority: 80,
is_system: true,
..Default::default()
},
]
}
```
### Performance Optimizations
1. **Compiled Rules**: Rules are compiled once during initialization
2. **Early Directory Pruning**: Skip entire directory trees when possible
3. **Rule Caching**: Cache compiled rules per location
4. **Batch Evaluation**: Evaluate multiple paths in batch when possible
5. **Priority Short-Circuit**: Stop evaluation on first definitive match
### GraphQL API
```graphql
type IndexerRule {
id: ID!
name: String!
description: String
isSystem: Boolean!
isEnabled: Boolean!
priority: Int!
ruleType: IndexerRuleType!
createdAt: DateTime!
updatedAt: DateTime!
}
type IndexerRuleType {
type: String!
config: JSON!
}
type Query {
indexerRules(locationId: ID): [IndexerRule!]!
systemRules: [IndexerRule!]!
}
type Mutation {
createIndexerRule(input: CreateIndexerRuleInput!): IndexerRule!
updateIndexerRule(id: ID!, input: UpdateIndexerRuleInput!): IndexerRule!
deleteIndexerRule(id: ID!): Boolean!
attachRuleToLocation(locationId: ID!, ruleId: ID!): Location!
detachRuleFromLocation(locationId: ID!, ruleId: ID!): Location!
}
```
## Implementation Plan
### Phase 1: Core Infrastructure
1. Create domain models and database schema
2. Implement rule compilation and matching logic
3. Create system default rules
### Phase 2: Indexer Integration
1. Integrate rule engine into indexer job
2. Add rule evaluation during directory traversal
3. Update database entities to track excluded paths
### Phase 3: Location Integration
1. Add rule management to location manager
2. Update location creation to support rules
3. Implement rule inheritance logic
### Phase 4: API and UI
1. Add GraphQL types and resolvers
2. Create rule management UI
3. Add rule testing/preview functionality
### Phase 5: Advanced Features
1. Git integration (.gitignore support)
2. Rule templates and presets
3. Rule import/export
4. Performance monitoring and optimization
## Migration Strategy
1. **Preserve Existing Behavior**: Map current `ignore_patterns` to new rule system
2. **Automatic Migration**: Convert existing patterns to rules during upgrade
3. **Backward Compatibility**: Support old API temporarily with deprecation warnings
## Testing Strategy
1. **Unit Tests**: Test individual rule matchers and compilation
2. **Integration Tests**: Test rule application during indexing
3. **Performance Tests**: Ensure minimal impact on indexing speed
4. **Edge Cases**: Test complex rule combinations and conflicts
## Future Enhancements
1. **Machine Learning Rules**: Auto-suggest rules based on usage patterns
2. **Cloud Rule Sharing**: Share rule sets between users
3. **Rule Analytics**: Track which rules are most effective
4. **Dynamic Rules**: Rules that adapt based on system resources
5. **Content-Based Rules**: Rules based on file content, not just metadata

173
docs/core/design/INDEXING_DISCOVERY_OPTIMIZATION_PLAN.md
View File

@@ -1,173 +0,0 @@
### Indexing Discovery Throughput Plan
Author: Core Team
Status: Draft
Last updated: 2025-08-08
---
#### Objective
Increase discovery throughput (NVMe-first) and preserve scalability on large trees by:
- Parallelizing directory traversal
- Reducing per-entry filesystem syscalls
- Bulk inserting batches to the database
- Measuring FS vs DB vs compute costs to target bottlenecks
Scope: Discovery and Processing phases on SQLite. Aggregation already updated to avoid SQLite bind limits.
---
#### Current baseline (NVMe, discovery-only)
Measured on M2 MacBook Pro (16GB, macOS 14.5). Datasets reside on NVMe; dataset names like "hdd\_\*" indicate shape only.
- nvme_small: ~641 files/s (300 files; small sample)
- nvme_mixed: ~575 files/s (dirs/sec ~286; files line missed by parser in one run)
- hdd_medium (NVMe medium-shape): ~543 files/s
- hdd_large (NVMe large-shape): ~350 files/s
Note: Indexer already supports persist-off to isolate FS traversal.
---
#### Measurement plan
Add metrics and emit to job logs and JSON summary:
- discovery.rs
- fs_read_dir_ms (sum), fs_metadata_ms (sum)
- dirs_seen, files_seen, entries_per_dir histogram
- discovery_concurrency in config (for correlation)
- entries_channel_backpressure_events (count)
- processing.rs
- db_tx_ms (sum), db_tx_count, db_rows (sum)
- avg rows/tx, rows/s
- aggregation.rs
- agg_select_ms (sum), agg_dirs
Scenarios to isolate bottlenecks:
- FS-only ceiling: persist=off, metadata=Fast, concurrency ∈ {1,4,8,16}
- DB write cost: persist=on vs off with metadata=Fast
- Metadata cost: metadata=Full vs Deferred (same persist setting)
---
#### Design changes
1. Parallel discovery traversal (worker pool)
- Implement worker pool: N async workers consume a channel of directory paths and process read_dir + lightweight type checks; push child dirs back to the channel.
- Backpressure: bounded channel and bounded `dirs_in_flight` to cap memory growth.
- Config (new):
- `discovery_concurrency: usize` (default 8)
- `dirs_channel_capacity: usize` (default 4096)
- `entries_channel_capacity: usize` (default 16384)
- Cancellation: share `Arc<AtomicBool>` with workers; call `ctx.check_interrupt()` frequently
- Progress updates: throttle to fixed intervals (e.g., every 250ms) to avoid log overhead
Implementation sketch in `src/operations/indexing/phases/discovery.rs`:
- Replace the sequential loop with:
- `mpsc::channel<PathBuf>(dirs_channel_capacity)` seeded with root
- spawn `discovery_concurrency` workers → each `read_dir` + classify → send subdirs back; send `DirEntry` to `entries_tx`
- batching task drains `entries_rx`, appends to `pending_entries`, flushes on `should_create_batch()` or time-based flush
- Respect `should_skip_path` and `seen_paths` as today
2. Deferred metadata mode
- Config (new): `metadata_mode: enum { Full, Fast, Deferred }`
- Fast: rely on `DirEntry::file_type()` and names; avoid metadata for files where feasible
- Deferred (default for discovery-only): skip file size/mtime in discovery; compute later in processing in bulk
Implementation notes:
- Discovery fills `DirEntry { kind, name, parent, inode? }` without size/mtime when Deferred
- In `processing.rs`, before inserts, batch-stat files (chunked; optional `spawn_blocking` pool) and populate size/mtime
3. Bulk DB inserts (processing phase)
- Accumulate ActiveModels per batch and use `Entity::insert_many` for `entry`, `directory_paths`, and closure rows.
- Single transaction per batch; configurable `batch_size` (default 2000).
- PRAGMAs at DB open: WAL, `synchronous=NORMAL`, `temp_store=MEMORY`, reasonable negative `cache_size`, set `mmap_size`.
Implementation notes:
- Prefer `insert_many` over per-row inserts in `processing.rs`/`entry.rs`
- Keep one `BEGIN…COMMIT` per batch; measure `db_tx_ms`, `db_rows`, `db_tx_count`
4. Log parser resilience (sd-bench)
- Broaden regex to capture "Files:" lines consistently and attach FS/DB timing to JSON to avoid relying on text.
5. Safety improvements already merged
- Chunk large IN queries (~900 chunk) to avoid SQLite "too many SQL variables" across:
- `indexing/phases/aggregation.rs`
- `indexing/persistence.rs`
- `indexing/path_resolver.rs`
- `indexing/hierarchy.rs`
- `operations/addressing.rs`
---
#### Implementation outline
Phase 1: Metrics + JSON + parser
- Add per-phase timers/counters; export to job logs and `--out_json` summary
- New JSON fields: `{ fs_read_dir_ms, fs_metadata_ms, dirs_seen, files_seen, db_tx_ms, db_tx_count, db_rows, agg_select_ms }`
Phase 2: Discovery concurrency + Deferred metadata
- Replace sequential loop with worker pool + bounded channel
- Introduce `metadata_mode`; by default use Deferred for discovery-only
Phase 3: Bulk inserts
- Switch to `insert_many` for batch persistence; keep single-transaction batches
Phase 4: Tuning + docs
- Run matrix (persist on/off, metadata modes, concurrency sweep)
- Publish medians; update whitepaper with measured NVMe tiny headline and mixed numbers
---
#### Code touchpoints
- `src/operations/indexing/phases/discovery.rs`: replace traversal with worker pool; add metrics; support `metadata_mode`
- `src/operations/indexing/phases/processing.rs`: deferred metadata batcher; `insert_many` bulk inserts; db metrics
- `src/infrastructure/database/` (open/create): apply SQLite PRAGMAs once
- `src/operations/indexing/metrics.rs` (or new): define metrics structs and helpers
- `benchmarks/src/main.rs`: extend `--out_json` to include FS/DB/agg timing; relax Files regex
---
#### Optional: jwalk backend (A/B)
Add an optional traversal backend using `jwalk` (rayon-based) to parallelize `readdir`/metadata:
- Adapter spawns a bounded producer that walks with `jwalk::WalkDir` and sends `DirEntry` over a channel
- Respect `should_skip_path`, cancellation flag, and channel backpressure
- Config: `fs_traversal_backend: enum { AsyncPool (default), Jwalk }`
- Bench both backends on NVMe tiny/mixed to choose defaults per platform
---
#### Expected outcomes
- Parallel discovery (816 workers): 24× improvement for tiny files on NVMe
- Deferred metadata: ~5070% fewer metadata syscalls during discovery for mixed trees
- Bulk inserts: 25× improvement in DB rows/s during processing
---
#### Notes
- Persist-off already supported; use it for FS ceiling tests
- Datasets may include sparse files/hard links; logical size can exceed physical on-disk usage

1038
docs/core/design/INFRA_LAYER_SEPARATION.md
View File

File diff suppressed because it is too large Load Diff

778
docs/core/design/INTEGRATION_SYSTEM_DESIGN.md
View File

@@ -1,778 +0,0 @@
# Integration System Design
## Overview
The Spacedrive Integration System enables third-party extensions to seamlessly integrate with Spacedrive's core functionality. The system supports cloud storage providers, custom file type handlers, search extensions, and content processors while maintaining security, performance, and reliability.
## Design Principles
### 1. Process Isolation
- Each integration runs as a separate process
- Core system remains stable if integrations crash
- Resource usage can be monitored and limited per integration
- Security boundaries prevent cross-integration data access
### 2. Language Agnostic
- Integrations can be written in any language
- Communication via standard protocols (IPC, HTTP, WebSocket)
- No dependency on Rust runtime or specific frameworks
### 3. Leverage Existing Architecture
- Build on proven patterns from job system, location manager, file type registry
- Reuse event bus for loose coupling
- Extend existing credential management via device manager
### 4. Zero-Configuration Discovery
- Automatic integration discovery and registration
- Schema-driven configuration validation
- Runtime capability negotiation
## Architecture Overview
```
┌─────────────────────────────────────────────────────────┐
│ Spacedrive Core │
│ ┌─────────────────┐ ┌──────────────────────────────┐ │
│ │ Integration │ │ Core Systems │ │
│ │ Manager │ │ • Location Manager │ │
│ │ │ │ • Job System │ │
│ │ • Registry │ │ • File Type Registry │ │
│ │ • Lifecycle │ │ • Event Bus │ │
│ │ • IPC Router │ │ • Device Manager │ │
│ │ • Sandbox │ └──────────────────────────────┘ │
│ └─────────────────┘ │
└─────────────────────────────────────────────────────────┘
┌─────────────┼─────────────┐
│ │ │
┌───────▼──────┐ ┌───▼────┐ ┌──────▼──────┐
│ Cloud Storage│ │ Custom │ │ Search │
│ Integration │ │ File │ │ Integration │
│ │ │ Types │ │ │
│ (Process) │ │(Process│ │ (Process) │
└──────────────┘ └────────┘ └─────────────┘
```
## Core Components
### 1. Integration Manager
Central orchestrator managing integration lifecycle:
```rust
pub struct IntegrationManager {
registry: Arc<IntegrationRegistry>,
processes: Arc<RwLock<HashMap<String, IntegrationProcess>>>,
ipc_router: Arc<IpcRouter>,
credential_manager: Arc<CredentialManager>,
event_bus: Arc<EventBus>,
config: IntegrationConfig,
}
impl IntegrationManager {
/// Discover and register all available integrations
pub async fn discover_integrations(&self) -> Result<Vec<String>>;
/// Start an integration process
pub async fn start_integration(&self, id: &str) -> Result<()>;
/// Stop an integration process
pub async fn stop_integration(&self, id: &str) -> Result<()>;
/// Route request to integration
pub async fn handle_request(&self, request: IntegrationRequest) -> Result<IntegrationResponse>;
}
```
### 2. Integration Registry
Auto-discovery system for integration metadata:
```rust
inventory::collect!(IntegrationRegistration);
pub struct IntegrationRegistry {
integrations: HashMap<String, IntegrationManifest>,
}
#[derive(Serialize, Deserialize)]
pub struct IntegrationManifest {
pub id: String,
pub name: String,
pub version: String,
pub description: String,
pub capabilities: Vec<IntegrationCapability>,
pub executable_path: PathBuf,
pub config_schema: JsonValue,
pub permissions: IntegrationPermissions,
pub author: String,
pub homepage: Option<String>,
}
#[derive(Serialize, Deserialize)]
pub enum IntegrationCapability {
LocationProvider {
supported_protocols: Vec<String>,
auth_methods: Vec<AuthMethod>,
},
FileTypeHandler {
extensions: Vec<String>,
mime_types: Vec<String>,
processing_modes: Vec<ProcessingMode>,
},
ContentProcessor {
input_types: Vec<String>,
output_formats: Vec<String>,
},
SearchProvider {
query_languages: Vec<String>,
result_types: Vec<String>,
},
ThumbnailGenerator {
supported_formats: Vec<String>,
output_formats: Vec<String>,
},
}
#[derive(Serialize, Deserialize)]
pub struct IntegrationPermissions {
pub network_access: Vec<String>, // Allowed domains
pub file_system_access: Vec<PathBuf>, // Allowed paths
pub max_memory_mb: u64,
pub max_cpu_percent: u8,
pub requires_credentials: bool,
}
```
### 3. IPC Communication System
High-performance communication layer:
```rust
pub struct IpcRouter {
channels: HashMap<String, IpcChannel>,
request_handlers: HashMap<String, Box<dyn RequestHandler>>,
}
#[derive(Serialize, Deserialize)]
pub struct IntegrationRequest {
pub id: String,
pub integration_id: String,
pub method: String,
pub params: JsonValue,
pub timeout_ms: Option<u64>,
}
#[derive(Serialize, Deserialize)]
pub struct IntegrationResponse {
pub request_id: String,
pub success: bool,
pub data: Option<JsonValue>,
pub error: Option<IntegrationError>,
}
pub enum IpcChannel {
UnixSocket(UnixStream),
NamedPipe(NamedPipeClient),
Tcp(TcpStream),
}
```
### 4. Credential Management
Secure credential storage leveraging existing device manager:
```rust
pub struct CredentialManager {
device_manager: Arc<DeviceManager>,
encrypted_store: EncryptedCredentialStore,
}
#[derive(Serialize, Deserialize)]
pub struct IntegrationCredential {
pub integration_id: String,
pub credential_type: CredentialType,
pub data: EncryptedData,
pub created_at: DateTime<Utc>,
pub expires_at: Option<DateTime<Utc>>,
}
#[derive(Serialize, Deserialize)]
pub enum CredentialType {
OAuth2 {
access_token: String,
refresh_token: Option<String>,
scopes: Vec<String>,
},
ApiKey {
key: String,
header_name: Option<String>,
},
Basic {
username: String,
password: String,
},
Custom(JsonValue),
}
impl CredentialManager {
/// Store encrypted credential using device master key
pub async fn store_credential(&self, integration_id: &str, credential: IntegrationCredential) -> Result<String>;
/// Retrieve and decrypt credential
pub async fn get_credential(&self, integration_id: &str, credential_id: &str) -> Result<IntegrationCredential>;
/// Refresh OAuth2 tokens
pub async fn refresh_oauth2_token(&self, credential_id: &str) -> Result<()>;
}
```
## Integration Types
### 1. Cloud Storage Provider
Extends location system for cloud storage mounting:
```rust
#[async_trait]
pub trait CloudStorageProvider {
/// List available cloud locations for user
async fn list_locations(&self, credentials: &IntegrationCredential) -> Result<Vec<CloudLocation>>;
/// Create new location in cloud storage
async fn create_location(&self, path: &str, credentials: &IntegrationCredential) -> Result<CloudLocation>;
/// Sync local location with cloud
async fn sync_location(&self, location: &CloudLocation, direction: SyncDirection) -> Result<SyncResult>;
/// Watch for changes in cloud location
async fn watch_location(&self, location: &CloudLocation) -> Result<ChangeStream>;
/// Download file from cloud
async fn download_file(&self, cloud_path: &str, local_path: &Path) -> Result<()>;
/// Upload file to cloud
async fn upload_file(&self, local_path: &Path, cloud_path: &str) -> Result<()>;
}
#[derive(Serialize, Deserialize)]
pub struct CloudLocation {
pub id: String,
pub name: String,
pub path: String,
pub total_space: Option<u64>,
pub used_space: Option<u64>,
pub device_id: Uuid, // Virtual device ID for cloud
pub last_sync: Option<DateTime<Utc>>,
}
```
### 2. File Type Handler
Extends file type registry with custom types:
```rust
#[async_trait]
pub trait FileTypeHandler {
/// Get supported file extensions
fn supported_extensions(&self) -> Vec<String>;
/// Get supported MIME types
fn supported_mime_types(&self) -> Vec<String>;
/// Extract metadata from file
async fn extract_metadata(&self, path: &Path) -> Result<FileMetadata>;
/// Generate thumbnail for file
async fn generate_thumbnail(&self, path: &Path, size: ThumbnailSize) -> Result<Vec<u8>>;
/// Validate file integrity
async fn validate_file(&self, path: &Path) -> Result<ValidationResult>;
}
// Integration with existing FileTypeRegistry
impl FileTypeRegistry {
pub async fn register_integration_types(&mut self, integration_id: &str) -> Result<()> {
let integration = IntegrationManager::get(integration_id).await?;
if let Some(handler) = integration.as_file_type_handler() {
for ext in handler.supported_extensions() {
let file_type = FileType {
id: format!("{}:{}", integration_id, ext),
name: format!("{} File", ext.to_uppercase()),
extensions: vec![ext],
// ... other fields from integration
category: ContentKind::Custom,
metadata: json!({"integration_id": integration_id}),
};
self.register(file_type)?;
}
}
Ok(())
}
}
```
### 3. Search Provider
Extends search capabilities:
```rust
#[async_trait]
pub trait SearchProvider {
/// Perform search query
async fn search(&self, query: &SearchQuery, context: &SearchContext) -> Result<SearchResults>;
/// Index content for search
async fn index_content(&self, content: &ContentItem) -> Result<()>;
/// Get search suggestions
async fn get_suggestions(&self, partial_query: &str) -> Result<Vec<String>>;
}
#[derive(Serialize, Deserialize)]
pub struct SearchQuery {
pub text: String,
pub filters: HashMap<String, JsonValue>,
pub sort_by: Option<String>,
pub limit: Option<usize>,
pub offset: Option<usize>,
}
#[derive(Serialize, Deserialize)]
pub struct SearchContext {
pub library_id: Uuid,
pub location_ids: Option<Vec<Uuid>>,
pub file_types: Option<Vec<String>>,
pub date_range: Option<DateRange>,
}
```
## Job System Integration
Leverage existing job system for integration operations:
```rust
#[derive(Debug, Serialize, Deserialize, Job)]
pub struct IntegrationJob {
pub integration_id: String,
pub operation: IntegrationOperation,
pub params: JsonValue,
// State for resumability
#[serde(skip)]
pub progress: IntegrationProgress,
}
#[derive(Debug, Serialize, Deserialize)]
pub enum IntegrationOperation {
CloudSync {
location_id: Uuid,
direction: SyncDirection,
},
ContentProcessing {
file_paths: Vec<PathBuf>,
processing_type: String,
},
SearchIndexing {
content_batch: Vec<ContentItem>,
},
ThumbnailGeneration {
file_paths: Vec<PathBuf>,
sizes: Vec<ThumbnailSize>,
},
}
impl Job for IntegrationJob {
const NAME: &'static str = "integration_operation";
const RESUMABLE: bool = true;
}
#[async_trait]
impl JobHandler for IntegrationJob {
type Output = IntegrationJobOutput;
async fn run(&mut self, ctx: JobContext<'_>) -> JobResult<Self::Output> {
let integration = IntegrationManager::get(&self.integration_id).await?;
match &self.operation {
IntegrationOperation::CloudSync { location_id, direction } => {
let provider = integration.as_cloud_provider()
.ok_or_else(|| JobError::ExecutionFailed("Not a cloud provider".into()))?;
let location = ctx.library().get_location(*location_id).await?;
let result = provider.sync_location(&location, *direction).await?;
ctx.progress(Progress::structured(json!({
"files_synced": result.files_synced,
"bytes_transferred": result.bytes_transferred,
"operation": "cloud_sync"
})));
Ok(IntegrationJobOutput::CloudSync(result))
}
_ => todo!("Other operations")
}
}
}
```
## Location System Integration
Extend existing location system for cloud storage:
```rust
impl LocationManager {
/// Add cloud storage location
pub async fn add_cloud_location(
&self,
library: Arc<Library>,
integration_id: &str,
cloud_path: &str,
name: Option<String>,
credentials_id: &str,
) -> Result<(Uuid, Uuid)> {
// Get integration
let integration = IntegrationManager::get(integration_id).await?;
let provider = integration.as_cloud_provider()
.ok_or_else(|| LocationError::InvalidProvider)?;
// Create cloud location
let credentials = self.credential_manager.get_credential(integration_id, credentials_id).await?;
let cloud_location = provider.create_location(cloud_path, &credentials).await?;
// Create virtual device for cloud storage
let virtual_device_id = self.device_manager.create_virtual_device(
&format!("{}-{}", integration_id, cloud_location.id),
&cloud_location.name,
).await?;
// Create SdPath for cloud location
let sd_path = SdPath::new(virtual_device_id, PathBuf::from(&cloud_location.path));
// Add to location database
let location_id = Uuid::new_v4();
let location = ManagedLocation {
id: location_id,
name: name.unwrap_or(cloud_location.name),
path: sd_path.path,
device_id: virtual_device_id as i32,
library_id: library.config.id,
indexing_enabled: true,
index_mode: IndexMode::Content,
watch_enabled: true,
integration_id: Some(integration_id.to_string()),
cloud_location_id: Some(cloud_location.id),
};
// Save to database
library.save_location(&location).await?;
// Start initial sync job
let sync_job = IntegrationJob {
integration_id: integration_id.to_string(),
operation: IntegrationOperation::CloudSync {
location_id,
direction: SyncDirection::Download,
},
params: json!({}),
progress: IntegrationProgress::default(),
};
let job_id = library.jobs().dispatch(sync_job).await?;
// Start file watching
self.start_cloud_watching(&cloud_location, location_id).await?;
Ok((location_id, job_id))
}
/// Start watching cloud location for changes
async fn start_cloud_watching(&self, cloud_location: &CloudLocation, location_id: Uuid) -> Result<()> {
// This would integrate with the existing location watcher service
// to poll cloud storage for changes
todo!("Implement cloud watching")
}
}
```
## Security Model
### 1. Process Sandboxing
```rust
pub struct IntegrationSandbox {
process_limits: ProcessLimits,
file_system_jail: FileSystemJail,
network_filter: NetworkFilter,
}
#[derive(Debug)]
pub struct ProcessLimits {
pub max_memory_mb: u64,
pub max_cpu_percent: u8,
pub max_file_descriptors: u32,
pub max_execution_time: Duration,
}
#[derive(Debug)]
pub struct FileSystemJail {
pub allowed_read_paths: Vec<PathBuf>,
pub allowed_write_paths: Vec<PathBuf>,
pub temp_directory: PathBuf,
}
#[derive(Debug)]
pub struct NetworkFilter {
pub allowed_domains: Vec<String>,
pub allowed_ports: Vec<u16>,
pub require_https: bool,
}
```
### 2. Permission System
```rust
#[derive(Serialize, Deserialize)]
pub struct IntegrationPermissions {
pub file_system: FileSystemPermissions,
pub network: NetworkPermissions,
pub credentials: CredentialPermissions,
pub core_apis: Vec<CoreApiPermission>,
}
#[derive(Serialize, Deserialize)]
pub enum CoreApiPermission {
ReadLocations,
WriteLocations,
ReadFiles,
WriteFiles,
CreateJobs,
AccessEvents,
ManageCredentials,
}
```
## Installation & Distribution
### 1. Integration Package Format
```
integration-package.tar.gz
├── manifest.json # Integration metadata
├── executable # Main integration binary
├── config-schema.json # Configuration schema
├── permissions.json # Required permissions
├── assets/ # Icons, documentation
│ ├── icon.png
│ └── README.md
└── examples/ # Example configurations
└── config.example.json
```
### 2. CLI Commands
```bash
# Install integration
spacedrive integration install ./google-drive-integration.tar.gz
# List available integrations
spacedrive integration list
# Enable integration with configuration
spacedrive integration enable google-drive --config ./config.json
# Disable integration
spacedrive integration disable google-drive
# Show integration status
spacedrive integration status google-drive
# Update integration
spacedrive integration update google-drive
# Remove integration
spacedrive integration remove google-drive
```
## Implementation Phases
### Phase 1: Foundation (3-4 weeks)
- [ ] Integration manager core structure
- [ ] IPC communication system
- [ ] Basic process lifecycle management
- [ ] Integration registry and discovery
- [ ] Credential management foundation
### Phase 2: Cloud Storage Integration (3-4 weeks)
- [ ] Cloud location provider interface
- [ ] Virtual device system for cloud storage
- [ ] SdPath extension for cloud paths
- [ ] Basic sync job implementation
- [ ] Cloud file watcher integration
### Phase 3: File Type Extensions (2-3 weeks)
- [ ] File type handler interface
- [ ] Custom file type loading
- [ ] Metadata extraction jobs
- [ ] Thumbnail generation hooks
- [ ] Integration with existing file type registry
### Phase 4: Advanced Features (3-4 weeks)
- [ ] Search provider integration
- [ ] Content processing jobs
- [ ] Performance optimization
- [ ] Security hardening
- [ ] Comprehensive testing
### Phase 5: Developer Experience (2-3 weeks)
- [ ] Integration SDK/template
- [ ] Documentation and examples
- [ ] CLI tooling improvements
- [ ] Integration marketplace preparation
## Example Integration: Google Drive
```rust
pub struct GoogleDriveIntegration {
client: GoogleDriveClient,
config: GoogleDriveConfig,
}
#[async_trait]
impl Integration for GoogleDriveIntegration {
async fn initialize(&mut self, config: IntegrationConfig) -> IntegrationResult<()> {
self.config = serde_json::from_value(config.params)?;
self.client = GoogleDriveClient::new(&self.config.client_id, &self.config.client_secret);
Ok(())
}
async fn register_capabilities(&self) -> Vec<IntegrationCapability> {
vec![
IntegrationCapability::LocationProvider {
supported_protocols: vec!["gdrive".to_string()],
auth_methods: vec![AuthMethod::OAuth2],
}
]
}
async fn handle_request(&mut self, request: IntegrationRequest) -> IntegrationResult<IntegrationResponse> {
match request.method.as_str() {
"list_locations" => {
let credentials: IntegrationCredential = serde_json::from_value(request.params)?;
let locations = self.list_locations(&credentials).await?;
Ok(IntegrationResponse {
request_id: request.id,
success: true,
data: Some(serde_json::to_value(locations)?),
error: None,
})
}
"sync_location" => {
// Handle sync request
todo!()
}
_ => Err(IntegrationError::UnknownMethod(request.method))
}
}
}
#[async_trait]
impl CloudStorageProvider for GoogleDriveIntegration {
async fn list_locations(&self, credentials: &IntegrationCredential) -> Result<Vec<CloudLocation>> {
let access_token = self.extract_oauth2_token(credentials)?;
let drives = self.client.list_drives(&access_token).await?;
Ok(drives.into_iter().map(|drive| CloudLocation {
id: drive.id,
name: drive.name,
path: format!("gdrive:///{}", drive.id),
total_space: drive.quota.total,
used_space: drive.quota.used,
device_id: Uuid::new_v4(), // Generated virtual device ID
last_sync: None,
}).collect())
}
// ... other methods
}
```
## Performance Considerations
### 1. Process Management
- **Lazy Loading**: Start integrations only when needed
- **Process Pooling**: Reuse processes for multiple operations
- **Resource Monitoring**: Track CPU, memory, network usage per integration
- **Graceful Degradation**: Continue core functionality if integrations fail
### 2. Communication Optimization
- **Batched Requests**: Group multiple operations into single IPC calls
- **Streaming**: Support streaming for large data transfers
- **Compression**: Compress large payloads
- **Caching**: Cache frequently accessed integration data
### 3. Storage Efficiency
- **Incremental Sync**: Only sync changed files
- **Deduplication**: Use existing CAS system for cloud files
- **Lazy Indexing**: Index cloud files on-demand
- **Metadata Caching**: Cache cloud metadata locally
## Error Handling & Monitoring
### 1. Error Categories
```rust
#[derive(Error, Debug)]
pub enum IntegrationError {
#[error("Integration not found: {0}")]
NotFound(String),
#[error("Integration process crashed: {0}")]
ProcessCrashed(String),
#[error("Authentication failed: {0}")]
AuthenticationFailed(String),
#[error("Rate limit exceeded: {0}")]
RateLimitExceeded(String),
#[error("Network error: {0}")]
NetworkError(String),
#[error("Permission denied: {0}")]
PermissionDenied(String),
#[error("Configuration error: {0}")]
ConfigurationError(String),
}
```
### 2. Health Monitoring
- **Heartbeat System**: Regular health checks for integration processes
- **Performance Metrics**: Track response times, success rates, resource usage
- **Error Reporting**: Structured error logging with integration context
- **Automatic Recovery**: Restart failed integrations with exponential backoff
## Future Extensions
### 1. Plugin Marketplace
- **Discovery**: Browse and install integrations from marketplace
- **Reviews**: User ratings and feedback system
- **Updates**: Automatic update notifications and installation
- **Revenue Sharing**: Support for paid integrations
### 2. AI/ML Integrations
- **Content Analysis**: Image recognition, document classification
- **Smart Organization**: AI-powered file organization suggestions
- **Predictive Caching**: ML-based file access prediction
- **Natural Language Search**: Query files using natural language
### 3. Workflow Automation
- **Rule Engine**: Define automated workflows based on file events
- **Integration Chains**: Connect multiple integrations in workflows
- **Scheduling**: Time-based automation triggers
- **Conditional Logic**: Complex rule-based automation
This integration system provides a robust foundation for extending Spacedrive's capabilities while maintaining security, performance, and ease of development.

238
docs/core/design/INTEGRATION_SYSTEM_DESIGN_GEMINI.md
View File

@@ -1,238 +0,0 @@
# Spacedrive v2: Integration System Design (Revised)
## Overview
The Spacedrive Integration System enables third-party extensions to seamlessly integrate with Spacedrive's core functionality. The system is designed from the ground up to support direct interaction with third-party services, most notably enabling the **direct, remote indexing of large-scale cloud storage** without requiring a local sync. It also supports custom file type handlers, search extensions, and lazy content processors, all while maintaining security, performance, and reliability.
## Design Principles
### 1\. Process Isolation
- Each integration runs as a separate, sandboxed process.
- The Spacedrive core remains stable and secure, even if an integration crashes or misbehaves.
- Resource usage can be monitored and limited on a per-integration basis.
### 2\. Language Agnostic
- Integrations can be written in any language, encouraging broader community contribution.
- Communication is handled via standard, high-performance IPC protocols.
### 3\. On-Demand Data Access
- The system is built to avoid local synchronization of cloud storage.
- Metadata and content are fetched on-demand from remote sources, enabling the management of petabyte-scale libraries on devices with limited local storage.
### 4\. Unified Core Logic
- The core indexer's advanced logic (change detection, batching, aggregation, database operations) is reused for all storage locations, whether local or remote.
- Integrations act as "data providers" rather than implementing their own indexing or sync logic.
## Architecture Overview
The architecture treats integrations as isolated data providers. The core communicates with them to request metadata and content on demand.
```
┌─────────────────────────────────────────────────────────┐
│ Spacedrive Core │
│ ┌─────────────────┐ ┌──────────────────────────────┐ │
│ │ Integration │ │ Core Systems │ │
│ │ Manager │ │ • Location Manager │ │
│ │ │ │ • Indexer & Job System │ │
│ │ • Registry │ │ • File Type Registry │ │
│ │ • Lifecycle Mgmt│ │ • Event Bus │ │
│ │ • IPC Router │ │ • Credential Manager │ │
│ │ • Sandbox │ └──────────────────────────────┘ │
│ └─────────────────┘ │
└─────────────────────────────────────────────────────────┘
│ (IPC: Metadata & Content Requests) │
└──────────────┬────────────────────────────┘
┌────────────────▼────────────────┐
│ (Isolated Integration Process) │
│ ┌─────────────────────────────┐ │
│ │ Integration Main Logic │ │
│ │ (e.g., Google Drive Plugin) │ │
│ └─────────────┬─────────────┘ │
│ │ (Uses OpenDAL)│
│ ┌─────────────▼─────────────┐ │
│ │ OpenDAL Operator │ │
│ └─────────────────────────────┘ │
└────────────────┬────────────────┘
│ (Native API Calls)
[ Third-Party API ]
(e.g., Google Drive)
```
## The Remote Indexing & Content Fetching Model
This model is central to the design. It ensures Spacedrive can handle massive cloud locations efficiently.
**1. Remote Discovery:**
- When indexing a cloud location, the core `IndexerJob` dispatches a request to the appropriate integration, asking it to discover the contents of a path.
- The integration process uses a library like **Apache OpenDAL** to list files and folders directly from the cloud API (e.g., S3, Google Drive).
- The integration translates the API response into the standard `DirEntry` format and streams this metadata back to the core. **File content is not downloaded at this stage.**
- The core indexer's `Processing` phase consumes these `DirEntry` objects as if they came from the local filesystem, reusing all its database and change-detection logic.
**2. On-Demand Content Hashing:**
- During the `ContentIdentification` phase, the indexer needs to generate a content hash (`cas_id`) for each file.
- For a remote file, the indexer requests specific byte ranges from the integration (e.g., the first 8KB, three 10KB samples, and the last 8KB).
- The integration uses OpenDAL to perform efficient ranged requests to the cloud API, fetching only the required data chunks.
- These chunks are streamed back to the core and fed into the hasher. This allows hashing of terabyte-scale files with minimal bandwidth.
**3. Lazy Thumbnail & Rich Metadata Extraction:**
- After the main index is complete, a separate, lower-priority `ThumbnailerJob` is dispatched for visual media files.
- This job requests the **full file content** (or relevant portions, like headers for EXIF data) from the integration on-demand.
- This lazy processing ensures the UI is responsive and the initial index is fast, with rich media populating in the background.
## Core Components
The core components like `IntegrationManager`, `IntegrationRegistry`, `IpcRouter`, and `CredentialManager` remain largely as defined in the original design document, as they provide a robust foundation for managing isolated processes.
## Integration Types
The traits defining integration capabilities are revised to support the on-demand model.
### Cloud Storage Provider
This is the primary integration type for storage.
```rust
#[async_trait]
pub trait CloudStorageProvider {
/// Discover entries at a given remote path.
/// This should be a stream to handle very large directories.
async fn discover(&self, path: &str, credentials: &IntegrationCredential) -> Result<Stream<DirEntry>>;
/// Stream the content of a remote file.
/// The implementation should support efficient byte range requests.
async fn stream_content(
&self,
path: &str,
range: Option<ByteRange>,
credentials: &IntegrationCredential,
) -> Result<Stream<Bytes>>;
// ... other methods for writing/managing files (create_folder, write_file, etc.)
}
```
## Job System Integration
The job system is updated to defer heavy processing.
```rust
#[derive(Debug, Serialize, Deserialize, Job)]
pub struct IntegrationJob {
pub integration_id: String,
pub operation: IntegrationOperation,
pub params: JsonValue,
}
#[derive(Debug, Serialize, Deserialize)]
pub enum IntegrationOperation {
/// Generates a thumbnail for a specific entry.
ThumbnailGeneration {
entry_id: i32,
// The path/location info would be looked up from the entry_id
},
/// Extracts rich metadata like EXIF, video duration, etc.
MetadataExtraction {
entry_id: i32,
},
// ... other integration-specific background tasks
}
// Example Handler for the ThumbnailerJob
#[async_trait]
impl JobHandler for IntegrationJob {
type Output = JobOutput;
async fn run(&mut self, ctx: JobContext<'_>) -> JobResult<Self::Output> {
match &self.operation {
IntegrationOperation::ThumbnailGeneration { entry_id } => {
// 1. Get entry details from DB, including its remote path and integration_id
let entry = ctx.db().find_entry_by_id(*entry_id).await?;
// 2. Request the full file stream from the integration
let file_stream = IntegrationManager::request_content_stream(
&self.integration_id,
&entry.remote_path,
None // No range, we need the whole file (or enough for thumbnailing)
).await?;
// 3. Process the stream with a thumbnailing library
let thumbnail_data = generate_thumbnail_from_stream(file_stream).await?;
// 4. Save the thumbnail data back to the database, linked to the entry
ctx.db().save_thumbnail(*entry_id, thumbnail_data).await?;
Ok(JobOutput::Success)
}
_ => todo!("Other operations")
}
}
}
```
## Location System Integration
Adding a cloud location now configures it for remote indexing instead of local sync.
```rust
impl LocationManager {
/// Add cloud storage location
pub async fn add_cloud_location(
&self,
integration_id: &str,
// ... other params like credentials_id, name
) -> Result<Uuid> {
// 1. Create a virtual device for the cloud service.
let virtual_device_id = self.device_manager.create_virtual_device(...).await?;
// 2. Create the location record in the database.
// Crucially, it is marked with the integration_id.
let location = ManagedLocation {
// ...
device_id: virtual_device_id,
integration_id: Some(integration_id.to_string()),
// ...
};
library.save_location(&location).await?;
// 3. The location is now ready. An IndexerJob can be dispatched on it.
// The JobManager will see the `integration_id` and use the remote
// discovery mechanism instead of the local one.
// (No `CloudSync` job is needed).
Ok(location.id)
}
}
```
## Implementation Phases (Revised)
### Phase 1: Foundation (3-4 weeks)
- [ ] Integration manager, IPC, Process Lifecycle, Registry, Credential Management.
- [ ] **Modify `IndexerJob` to be generic over a `Discovery` mechanism.**
- [ ] Implement `LocalDiscovery` using existing filesystem logic.
### Phase 2: Remote Discovery & Content (4-5 weeks)
- [ ] **Define the `CloudStorageProvider` trait with `discover` and `stream_content`.**
- [ ] Build a proof-of-concept integration (e.g., for S3) using **OpenDAL**.
- [ ] Implement the IPC logic for streaming `DirEntry` metadata and file content bytes.
- [ ] Adapt the `IndexerJob` to handle remote discovery and on-demand content hashing.
### Phase 3: Lazy Jobs & File Types (3-4 weeks)
- [ ] Implement the `ThumbnailerJob` and `MetadataExtractionJob` as `IntegrationJob` types.
- [ ] Implement the `FileTypeHandler` interface for custom metadata and thumbnail generation hooks.
### Phase 4 & 5: Advanced Features & DX (Unchanged)
- [ ] Search Provider, Security Hardening, SDK, Documentation, etc..

127
docs/core/design/IPHONE_AS_VOLUME_DESIGN.md
View File

@@ -1,127 +0,0 @@
# Design Document: iPhone as a Volume for Direct Import
## 1. Overview
This document outlines the design for a new feature enabling Spacedrive to detect a physically connected iPhone on macOS and treat it as a "virtual volume." This will allow users to browse the photos and videos on their device directly within the Spacedrive UI and import them into any Spacedrive Location.
This feature is specifically for accessing the **connected device as a camera** and does not interact with the user's system-wide Apple Photos library or iCloud Photos. The implementation will use Apple's official `ImageCaptureCore` framework, ensuring a secure and stable integration.
## 2. Design Principles
- **Native Integration:** Use official, recommended Apple APIs (`ImageCaptureCore`) for all device communication.
- **User Consent First:** All access to the device will be gated by the standard macOS user permission prompts. The user is always in control.
- **Read-Only Source:** The iPhone's storage will be treated as a read-only source. The import process is non-destructive and never modifies the contents of the source device.
- **VDFS Consistency:** The feature will integrate seamlessly with Spacedrive's existing architectural patterns, including the `Volume`, `Entry`, and `Action` / `Job` systems.
## 3. Architecture
The architecture is centered around a new, platform-specific service that acts as a bridge between Spacedrive's core logic and Apple's native frameworks.
```
┌───────────────────────────┐ ┌───────────────────────────┐
│ Spacedrive Core │ │ macOS Native Frameworks │
│ │ │ │
│ ┌─────────────────────┐ │ │ ┌──────────────────────┐ │
│ │ Volume Manager │ │ │ │ ImageCaptureCore │ │
│ └─────────────────────┘ │ │ └──────────────────────┘ │
│ ┌─────────────────────┐ │ │ │
│ │ Action/Job │ │ │ │
│ │ System │ │ │ │
│ └─────────────────────┘ │ │ │
│ ▲ │ │ ▲ │
│ │ │ │ │ │
│ ┌─────────┴─────────────┐ │ │ ┌───────────┴──────────┐ │
│ │ iPhoneDeviceService │◄─────┼─────►│ FFI Bridge (objc2) │ │
│ │ (macOS only) │ │ │ └──────────────────────┘ │
│ └─────────────────────┘ │ │ │
└───────────────────────────┘ └───────────────────────────┘
┌──────────────────┐
│ Connected iPhone │
└──────────────────┘
```
### 3.1. The `iPhoneDeviceService` (macOS only)
This new service will be the core of the implementation.
- **Technology:** It will be written in Rust and use the `objc2` family of crates to create a Foreign Function Interface (FFI) bridge to the Objective-C `ImageCaptureCore` framework.
- **Permissions:** The final Spacedrive application bundle will need to include an `Info.plist` file with the "Hardened Runtime" capability enabled, specifically requesting the "USB" entitlement. The service will also be responsible for triggering the user permission dialog to access the device.
- **Lifecycle:** The service will run a device browser (`ICDeviceBrowser`) in a background task to listen for device connection and disconnection events, allowing Spacedrive to react instantly when an iPhone is plugged in or removed.
### 3.2. The "Virtual Volume" Model
A connected iPhone will be represented as a temporary, virtual `Volume` in Spacedrive.
- **Appearance:** It will appear in the UI alongside other volumes like hard drives and network shares, but with a distinct icon (e.g., a phone icon).
- **Identity:** The volume's unique identifier will be the UUID provided by `ImageCaptureCore` for the `ICCameraDevice`. It will not have a traditional filesystem mount path.
- **Lifecycle:** The `iPhoneDeviceService` will create this virtual volume when a device is connected and remove it (or mark it as offline) when the device is disconnected.
### 3.3. On-Demand, Ephemeral Browsing
To avoid indexing the entire contents of the phone, browsing will be done on-demand.
- **User Flow:** When the user selects the "iPhone" volume in the UI, a live query is sent to the `iPhoneDeviceService`.
- **Live Query:** The service opens a session with the `ICCameraDevice` and fetches the list of media items (`ICCameraItem` objects).
- **Ephemeral Entries:** This list is then translated on-the-fly into temporary, in-memory Spacedrive `Entry` objects. These ephemeral entries will use a special `SdPath` format to uniquely identify them.
- **URI Format:** `sd://iphone-camera/{device_uuid}/item/{item_id}`
### 3.4. The `ImportFromDeviceAction`
The import process will be a new, dedicated `Action` that leverages the existing job system.
- **Trigger:** The user selects one or more ephemeral photo/video entries and a standard destination `Location` (e.g., a folder on their NAS).
- **Action Definition:** A new, generic `ImportFromDeviceAction` will be created.
```rust
pub struct ImportFromDeviceAction {
pub source_device_id: Uuid,
pub source_item_ids: Vec<String>, // The native item IDs from ImageCaptureCore
pub destination_location_id: Uuid,
// ... other options like "delete after import" (if API supports it)
}
```
- **Job Execution (`ImportJob`):**
1. The `ActionManager` dispatches an `ImportJob` from the action.
2. The job calls the `iPhoneDeviceService`, passing the list of item IDs to download.
3. The service uses the `ImageCaptureCore` function `requestDownload(for:options:...)` to request the original, full-resolution file data.
4. The service streams the file data directly to a temporary location within the final destination.
5. Once the file is successfully written, it is moved to its final place in the destination `Location`.
6. Spacedrive's standard `LocationWatcher` and `Indexer` will then see a new file, and it will be indexed, hashed, and added to the VDFS like any other file.
## 4. Implementation Plan
### Phase 1: FFI Foundation & Device Discovery
- **Goal:** Make a connected iPhone appear and disappear in the Spacedrive UI as a virtual volume.
- **Tasks:**
1. Integrate `objc2` crates.
2. Configure the application's `Info.plist` with the required entitlements.
3. Implement the `iPhoneDeviceService` with the `ICDeviceBrowser` to detect device connections.
4. Implement the logic to create and remove the virtual `Volume` in the `VolumeManager`.
### Phase 2: On-Demand Browsing
- **Goal:** Allow users to see the contents of their connected iPhone.
- **Tasks:**
1. Implement the logic to open a session with an `ICCameraDevice`.
2. Fetch the list of `ICCameraItem`s.
3. Implement the translation layer that converts `ICCameraItem`s into ephemeral Spacedrive `Entry` objects for the UI.
### Phase 3: Import Workflow
- **Goal:** Allow users to copy files from their iPhone into Spacedrive.
- **Tasks:**
1. Define the `ImportFromDeviceAction` and `ImportJob` structs.
2. Implement the file download logic in the `iPhoneDeviceService` using `requestDownload`.
3. Integrate the download stream with the job system to write the file to its final destination.
4. Add progress reporting to the job based on `ImageCaptureCore`'s delegate callbacks.
### Phase 4: UI/UX Polish
- **Goal:** Create a seamless and intuitive user experience.
- **Tasks:**
1. Design a custom icon for the iPhone virtual volume.
2. Build the UI for browsing photos and selecting an import destination.
3. Integrate job progress indicators (progress bars, notifications) for the import process.
## 5. Security & Privacy
- **Permissions:** All access to the iPhone is explicitly gated by the standard macOS user consent dialog. The application cannot access the device until the user approves.
- **Read-Only:** The entire process is read-only. No data on the iPhone is ever modified or deleted by Spacedrive (unless a "delete after import" feature is explicitly added and used).
- **Native APIs:** By using `ImageCaptureCore`, we are using Apple's blessed, secure, and stable method for this type of interaction.

576
docs/core/design/IROH_MIGRATION_DESIGN.md
View File

@@ -1,576 +0,0 @@
# Spacedrive Networking: libp2p to Iroh Migration Design
## Executive Summary
This document outlines the complete replacement of libp2p with Iroh for Spacedrive's networking module. Iroh offers significant advantages including:
- 90%+ NAT traversal success (vs libp2p's 70%)
- Simpler API with less configuration
- Built-in QUIC transport with encryption/multiplexing
- Production-proven with 200k+ concurrent connections
- Native mobile support (iOS/Android/ESP32)
## Current Architecture (libp2p)
```
Core → NetworkingService → Swarm<UnifiedBehaviour> → Protocols
├── Kademlia DHT
├── mDNS
└── Request/Response
```
## Target Architecture (Iroh)
```
Core → NetworkingService → iroh::Endpoint → Protocols
├── Built-in Discovery
├── QUIC Connections
└── Stream-based messaging
```
## Component Mapping
### Core Components
| libp2p Component | Iroh Replacement | Notes |
|-----------------|------------------|--------|
| `Swarm<UnifiedBehaviour>` | `iroh::Endpoint` | Single endpoint manages all connections |
| `PeerId` | `iroh::NodeId` | Ed25519-based identity |
| `Multiaddr` | `iroh::NodeAddr` | Simpler addressing scheme |
| `NetworkIdentity` | `iroh::SecretKey` | Direct key management |
| Kademlia DHT | Iroh discovery | Built-in peer discovery |
| mDNS | Iroh local discovery | Automatic local network discovery |
| TCP+Noise+Yamux | QUIC | All-in-one transport |
| Request/Response | Iroh streams | Bi/uni-directional streams |
### Protocol Migration
#### Pairing Protocol
- **Keep**: BIP39 word codes, challenge-response flow
- **Replace**: libp2p request/response → Iroh ALPN + streams
- **New**: Use Iroh's relay for better connectivity during pairing
#### File Transfer Protocol
- **Keep**: Chunking logic, encryption approach, progress tracking
- **Replace**: libp2p streams → Iroh QUIC streams
- **New**: Optional iroh-blobs for content-addressed storage
#### Messaging Protocol
- **Keep**: Message types and serialization
- **Replace**: libp2p messaging → iroh-gossip for pub/sub patterns
- **New**: Real-time capabilities with lower latency
## Implementation Plan
### Phase 1: Core Infrastructure
1. **Replace core networking module**
```
src/services/networking/
├── core/ # Replace entirely with Iroh
│ ├── mod.rs # NetworkingService with iroh::Endpoint
│ ├── discovery.rs # Iroh discovery
│ ├── event_loop.rs # Simplified event handling
│ └── behavior.rs # Remove (not needed with Iroh)
```
2. **Update `NetworkingService`**
```rust
pub struct NetworkingService {
endpoint: iroh::Endpoint,
identity: iroh::SecretKey,
device_registry: Arc<RwLock<DeviceRegistry>>,
protocol_registry: Arc<RwLock<ProtocolRegistry>>,
}
```
3. **Port device identity**
- Convert Ed25519 keypairs to Iroh format
- Update device IDs to use NodeId
### Phase 2: Protocol Migration
1. **Pairing Protocol**
- Replace libp2p request/response with Iroh streams
- Use ALPN for protocol negotiation
- Keep existing pairing flow logic
2. **File Transfer Protocol**
- Replace libp2p streams with QUIC streams
- Leverage Iroh's built-in progress tracking
- Keep chunking and encryption logic
3. **Messaging Protocol**
- Use iroh-gossip for pub/sub patterns
- Maintain existing message types
### Phase 3: Testing & Validation
1. **Update Integration Tests**
- Replace libp2p setup with Iroh
- Test pairing flow end-to-end
- Verify file transfer functionality
2. **Connection Management**
- Port device state tracking
- Implement Iroh-based reconnection
- Add connection metrics
### Phase 4: Relay Configuration
1. **Spacedrive Cloud Relays**
- Configure default relay URLs
- Add custom relay support
- Implement relay health checks
2. **Future Enhancements**
- Browser support via WASM
- Mobile optimizations
- iroh-blobs integration
## Migration Strategy
### Direct Replacement
- Remove all libp2p dependencies and code
- Replace with Iroh implementation directly
- No feature flags or parallel implementations
### API Compatibility
The public `Core` API remains unchanged:
```rust
impl Core {
pub async fn init_networking(&mut self) -> Result<()>
pub async fn start_pairing_as_initiator(&self) -> Result<(String, u32)>
pub async fn share_with_device(&mut self, ...) -> Result<Vec<TransferId>>
}
```
### Relay Configuration
```rust
pub struct NetworkingConfig {
/// Spacedrive Cloud relay URLs
pub default_relays: Vec<String>,
/// User-configured custom relays
pub custom_relays: Vec<String>,
/// Run local relay for LAN-only setups
pub enable_local_relay: bool,
}
```
## Benefits Post-Migration
1. **Improved Connectivity**: >90% connection success rate
2. **Simplified Codebase**: ~40% less networking code
3. **Better Performance**: QUIC reduces latency and overhead
4. **Platform Support**: Native mobile and browser support
5. **Future-Proof**: Active development and growing ecosystem
## Risk Mitigation
1. **Testing**: Update all integration tests to use Iroh
2. **Protocol Compatibility**: Keep message formats unchanged
3. **Identity Migration**: Preserve device IDs during conversion
4. **Documentation**: Update all networking docs
## Success Metrics
- Connection success rate: >90% (up from 70%)
- Time to first connection: <2s (from 3-5s)
- Code complexity: 40% reduction in LoC
- Test coverage: Maintain >80%
- User feedback: Improved reliability scores
## Detailed Implementation Plan
### Phase 1: Endpoint Migration (Foundation)
The first step is replacing the libp2p Swarm with Iroh's Endpoint. This is the foundation everything else builds on.
#### 1.1 Update NetworkingService Structure
**Current libp2p structure:**
```rust
// src/services/networking/core/mod.rs
pub struct NetworkingService {
identity: NetworkIdentity,
swarm: Swarm<UnifiedBehaviour>,
protocol_registry: Arc<RwLock<ProtocolRegistry>>,
device_registry: Arc<RwLock<DeviceRegistry>>,
// ... channels
}
```
**New Iroh structure:**
```rust
// Replace the entire NetworkingService with Iroh-based implementation
pub struct NetworkingService {
endpoint: iroh::Endpoint,
identity: iroh::SecretKey,
node_id: iroh::NodeId,
protocol_registry: Arc<RwLock<ProtocolRegistry>>,
device_registry: Arc<RwLock<DeviceRegistry>>,
// ... simplified channels
}
impl NetworkingService {
pub async fn new(
identity: NetworkIdentity,
device_manager: Arc<DeviceManager>,
) -> Result<Self> {
// Convert existing Ed25519 keypair to Iroh format
let secret_key = iroh::SecretKey::from_bytes(&identity.keypair_bytes())?;
let node_id = secret_key.public();
// Create Iroh endpoint with discovery and relay configuration
let endpoint = iroh::Endpoint::builder()
.secret_key(secret_key.clone())
.alpns(vec![
PAIRING_ALPN.to_vec(),
FILE_TRANSFER_ALPN.to_vec(),
MESSAGING_ALPN.to_vec(),
])
.relay_mode(iroh::RelayMode::Default)
.bind(0)
.await?;
// Start discovery (replaces mDNS + Kademlia)
endpoint.discovery().add_discovery(Box::new(
iroh::discovery::pkarr::PkarrPublisher::default()
));
Ok(Self {
endpoint,
identity: secret_key,
node_id,
// ... rest of initialization
})
}
}
```
#### 1.2 Remove libp2p-specific files
These files can be completely deleted:
- `src/services/networking/core/behavior.rs` - No longer needed with Iroh
- `src/services/networking/core/swarm.rs` - Iroh handles transport internally
- `src/services/networking/core/discovery.rs` - Replaced by Iroh's discovery
#### 1.3 Simplify Event Loop
The event loop becomes much simpler with Iroh since it handles many things internally:
```rust
// src/services/networking/core/event_loop.rs
impl NetworkingEventLoop {
pub async fn run(mut self) {
loop {
select! {
// Handle incoming connections
Some(conn) = self.endpoint.accept() => {
let conn = match conn.await {
Ok(c) => c,
Err(e) => {
warn!("Failed to accept connection: {}", e);
continue;
}
};
// Route based on ALPN protocol
match conn.alpn() {
PAIRING_ALPN => self.handle_pairing_connection(conn).await,
FILE_TRANSFER_ALPN => self.handle_file_transfer(conn).await,
MESSAGING_ALPN => self.handle_messaging(conn).await,
_ => warn!("Unknown ALPN: {:?}", conn.alpn()),
}
}
// Handle commands from main thread
Some(cmd) = self.command_rx.recv() => {
self.handle_command(cmd).await;
}
// Shutdown signal
_ = self.shutdown_rx.recv() => {
info!("Shutting down networking");
break;
}
}
}
}
}
```
### Phase 2: Pairing Protocol (Critical Path)
This is the most complex protocol and will exercise the full Iroh API. Getting this right makes everything else straightforward.
#### 2.1 Define Pairing as Iroh Protocol
```rust
// src/services/networking/protocols/pairing/mod.rs
// Define ALPN for pairing protocol
pub const PAIRING_ALPN: &[u8] = b"spacedrive/pairing/1";
// The pairing handler now works with Iroh connections
impl PairingProtocolHandler {
pub async fn handle_connection(&self, conn: iroh::Connection) {
// Accept a bidirectional stream for pairing messages
let (send, recv) = match conn.accept_bi().await {
Ok(stream) => stream,
Err(e) => {
error!("Failed to accept pairing stream: {}", e);
return;
}
};
// The existing pairing logic remains the same, just using Iroh streams
self.handle_pairing_stream(send, recv, conn.remote_node_id()).await;
}
pub async fn initiate_pairing(&self, node_addr: NodeAddr) -> Result<()> {
// Connect to the remote peer
let conn = self.endpoint.connect(node_addr, PAIRING_ALPN).await?;
// Open a bidirectional stream
let (send, recv) = conn.open_bi().await?;
// Run the pairing flow (existing logic)
self.run_pairing_initiator(send, recv).await
}
}
```
#### 2.2 Replace DHT Discovery with Iroh Discovery
The pairing discovery mechanism changes from Kademlia DHT to Iroh's discovery:
```rust
// src/services/networking/protocols/pairing/initiator.rs
impl PairingInitiator {
pub async fn publish_pairing_session(&self, session: &PairingSession) -> Result<()> {
// Create a discovery item for this pairing session
let discovery_info = DiscoveryInfo {
node_id: self.node_id,
session_id: session.id,
device_info: self.device_info.clone(),
// Include relay info for better connectivity
addresses: self.endpoint.node_addr().await?,
};
// Publish to Iroh's discovery system (replaces DHT PUT)
self.endpoint
.discovery()
.publish(session.pairing_code.as_bytes(), &discovery_info)
.await?;
Ok(())
}
}
// src/services/networking/protocols/pairing/joiner.rs
impl PairingJoiner {
pub async fn discover_pairing_session(&self, code: &str) -> Result<NodeAddr> {
// Query Iroh's discovery (replaces DHT GET)
let discoveries = self.endpoint
.discovery()
.resolve(code.as_bytes())
.await?;
// Return the first valid discovery
discoveries.into_iter().next()
.ok_or(PairingError::SessionNotFound)
}
}
```
#### 2.3 Update Pairing Messages for Streams
The pairing messages stay the same, but we send them over Iroh streams:
```rust
// src/services/networking/protocols/pairing/messages.rs
impl PairingMessage {
/// Send a pairing message over an Iroh stream
pub async fn send(&self, stream: &mut iroh::SendStream) -> Result<()> {
let bytes = serde_cbor::to_vec(&self)?;
let len = bytes.len() as u32;
// Write length prefix
stream.write_all(&len.to_be_bytes()).await?;
// Write message
stream.write_all(&bytes).await?;
stream.flush().await?;
Ok(())
}
/// Receive a pairing message from an Iroh stream
pub async fn recv(stream: &mut iroh::RecvStream) -> Result<Self> {
// Read length prefix
let mut len_bytes = [0u8; 4];
stream.read_exact(&mut len_bytes).await?;
let len = u32::from_be_bytes(len_bytes) as usize;
// Read message
let mut bytes = vec![0u8; len];
stream.read_exact(&mut bytes).await?;
Ok(serde_cbor::from_slice(&bytes)?)
}
}
```
### Phase 3: Update Device Management
#### 3.1 Replace PeerId with NodeId
```rust
// src/services/networking/device/mod.rs
#[derive(Debug, Clone)]
pub struct DeviceInfo {
pub id: Uuid,
pub name: String,
pub platform: Platform,
pub node_id: iroh::NodeId, // Was: peer_id: PeerId
pub version: String,
}
// src/services/networking/device/registry.rs
pub struct DeviceRegistry {
devices: HashMap<Uuid, DeviceEntry>,
node_to_device: HashMap<iroh::NodeId, Uuid>, // Was: PeerId -> Uuid
// ... rest stays the same
}
```
### Phase 4: File Transfer Protocol
File transfer becomes simpler with Iroh's QUIC streams:
```rust
// src/services/networking/protocols/file_transfer.rs
pub const FILE_TRANSFER_ALPN: &[u8] = b"spacedrive/filetransfer/1";
impl FileTransferProtocolHandler {
pub async fn send_file(
&self,
node_addr: NodeAddr,
file_path: &Path,
transfer_id: Uuid,
) -> Result<()> {
// Connect with file transfer ALPN
let conn = self.endpoint
.connect(node_addr, FILE_TRANSFER_ALPN)
.await?;
// Open a unidirectional stream for data
let mut send = conn.open_uni().await?;
// Send transfer metadata first
let metadata = TransferMetadata {
id: transfer_id,
filename: file_path.file_name().unwrap().to_string_lossy().to_string(),
size: file_path.metadata()?.len(),
// ... other metadata
};
metadata.send(&mut send).await?;
// Stream the file data (existing chunking logic)
let mut file = tokio::fs::File::open(file_path).await?;
let mut buffer = vec![0u8; CHUNK_SIZE];
while let Ok(n) = file.read(&mut buffer).await {
if n == 0 { break; }
// Encrypt chunk (existing logic)
let encrypted = self.encrypt_chunk(&buffer[..n], &session_key)?;
// Send over QUIC stream
send.write_all(&encrypted).await?;
}
send.finish().await?;
Ok(())
}
}
```
### Phase 5: Update Identity Management
```rust
// src/services/networking/utils/identity.rs
pub struct NetworkIdentity {
secret_key: iroh::SecretKey,
node_id: iroh::NodeId,
device_id: Uuid, // Deterministic from key
}
impl NetworkIdentity {
pub fn from_master_key(master_key: &MasterKey) -> Result<Self> {
// Derive networking key from master (same as before)
let key_bytes = derive_network_key(master_key);
// Create Iroh identity
let secret_key = iroh::SecretKey::from_bytes(&key_bytes)?;
let node_id = secret_key.public();
// Keep deterministic device ID generation
let device_id = generate_device_id(&secret_key);
Ok(Self {
secret_key,
node_id,
device_id,
})
}
}
```
### Phase 6: Integration Testing
Update the integration tests to use Iroh:
```rust
// tests/test_core_pairing.rs
async fn spawn_test_node(name: &str) -> (Core, NodeAddr) {
let mut core = create_test_core(name).await;
core.init_networking().await.unwrap();
// Get our node address for others to connect
let node_addr = core.networking
.as_ref()
.unwrap()
.endpoint
.node_addr()
.await
.unwrap();
(core, node_addr)
}
```
## Key Implementation Notes
1. **ALPN Protocol Negotiation**: Iroh uses ALPN (like HTTP/3) to negotiate protocols. Each protocol gets its own ALPN identifier.
2. **Stream Types**: Iroh provides both bidirectional and unidirectional streams. Use bi-streams for request/response patterns, uni-streams for one-way data transfer.
3. **Discovery**: Iroh's discovery system is pluggable. We can use the default Pkarr discovery or implement custom discovery.
4. **Relay Configuration**: Iroh automatically uses relays when direct connections fail. Configure Spacedrive relays for better control.
5. **Error Handling**: Iroh errors are more specific than libp2p's. Update error types accordingly.
6. **Testing**: Iroh works great in tests - no need for complex libp2p test setups.
## Conclusion
Replacing libp2p with Iroh will significantly improve Spacedrive's networking reliability while reducing code complexity. The direct replacement approach allows us to immediately benefit from Iroh's superior connectivity and simpler API.

407
docs/core/design/IROH_RELAY_INTEGRATION.md
View File

@@ -1,407 +0,0 @@
# Iroh Relay Integration for Spacedrive
**Author:** AI Assistant
**Date:** October 7, 2025
**Status:** Implemented (Phase 1 Complete)
## Executive Summary
This document outlines the plan to enhance Spacedrive's networking stack to use Iroh's relay servers as a fallback mechanism for device pairing and communication when local (mDNS) connections are not available. The goal is to enable reliable peer-to-peer communication across different networks while maintaining the current fast local network discovery.
## Current State Analysis
### What's Already in Place ✅
1. **Iroh Integration**: Spacedrive already uses Iroh as its networking stack (migrated from libp2p)
2. **RelayMode Configured**: The endpoint is already configured with `RelayMode::Default` (line 182 in `core/src/service/network/core/mod.rs`)
3. **Relay Information Captured**: When nodes are discovered, the code already extracts and stores `relay_url()` from discovery info (line 1254)
4. **NodeAddr with Relay**: When building `NodeAddr` for connections, relay URLs are included alongside direct addresses
### Current Limitations
1. **mDNS-Only Pairing**: Device pairing currently relies exclusively on mDNS for discovery
- Initiator broadcasts pairing session ID via mDNS user_data
- Joiner listens for mDNS announcements with matching session_id
- **Failure Point**: If devices are on different networks or mDNS doesn't work (e.g., restricted networks, iOS entitlement issues), pairing fails entirely
2. **No Remote Discovery Fallback**: The pairing flow has a 10-second mDNS timeout but no fallback mechanism
- Line 1218: `let timeout = tokio::time::Duration::from_secs(10);`
- Line 1288-1297: If mDNS times out, the system just warns and fails
- No attempt to use relay for pairing discovery
3. **Relay Not Used for Reconnection**: Persisted devices store relay URLs but they're not actively used
- Line 393 in `device/persistence.rs`: `relay_url: Option<String>` is stored
- But reconnection attempts (line 396 in `core/mod.rs`) use the NodeAddr which may not have valid relay info
4. **No Relay Health Monitoring**: No visibility into relay connection status or fallback behavior
## The Good News
**The relay is already working!** Iroh is configured to use relay servers by default, and when you connect to a `NodeAddr` that includes a relay URL, Iroh automatically:
1. Attempts direct connection via provided socket addresses
2. Falls back to relay connection if direct fails
3. Attempts hole-punching to establish direct connection while relaying
4. Seamlessly upgrades from relay to direct when possible
The infrastructure is there - we just need to **expose it for pairing** and **ensure it's used effectively**.
## Iroh Default Relay Servers
Spacedrive is currently using the production Iroh relay servers maintained by number0:
- **North America**: `https://use1-1.relay.n0.iroh.iroh.link.`
- **Europe**: `https://euc1-1.relay.n0.iroh.iroh.link.`
- **Asia-Pacific**: `https://aps1-1.relay.n0.iroh.iroh.link.`
These are production-grade servers handling 200k+ concurrent connections with 90%+ NAT traversal success rate.
## Implementation Plan
### Phase 1: Enhanced Pairing with Relay Fallback (Priority: HIGH)
**Objective**: Enable pairing across different networks using relay servers as fallback
#### 1.1 Add Out-of-Band Pairing Code Exchange
**Problem**: Currently, the pairing code alone only provides a session_id for mDNS matching. It doesn't contain information about how to reach the initiator over the internet.
**Solution**: Enhance the pairing code/QR code to include:
- Session ID (for identification)
- Initiator's NodeId
- Initiator's relay URL (from home relay)
**Implementation**:
```rust
// core/src/service/network/protocol/pairing/code.rs
pub struct PairingCodeData {
/// Existing session ID
pub session_id: Uuid,
/// Initiator's NodeId for relay-based discovery
pub node_id: NodeId,
/// Initiator's home relay URL
pub relay_url: Option<RelayUrl>,
}
```
**Changes Required**:
- Modify `PairingCode::new()` to include node_id and relay_url
- Update BIP39 encoding/decoding to handle additional data (or use JSON+base64 for QR codes)
- Update pairing UI to show/scan enhanced codes
#### 1.2 Implement Dual-Path Discovery for Pairing
**Objective**: Try mDNS first (fast for local), fall back to relay (for remote)
**Implementation**:
```rust
// core/src/service/network/core/mod.rs
pub async fn start_pairing_as_joiner(&self, code: &str) -> Result<()> {
let pairing_code = PairingCode::from_string(code)?;
let session_id = pairing_code.session_id();
// Start pairing state machine
// ... existing code ...
// Run discovery in parallel: mDNS + Relay
tokio::select! {
result = self.try_mdns_discovery(session_id) => {
// Fast path: local network discovery
result?
}
result = self.try_relay_discovery(pairing_code.node_id(), pairing_code.relay_url()) => {
// Fallback path: relay-based discovery
result?
}
}
// Continue with pairing handshake...
}
async fn try_mdns_discovery(&self, session_id: Uuid) -> Result<Connection> {
// Existing mDNS discovery logic
// Timeout: 3-5 seconds (most local networks are fast)
}
async fn try_relay_discovery(&self, node_id: NodeId, relay_url: Option<RelayUrl>) -> Result<Connection> {
// New: Connect via relay if mDNS fails
let node_addr = NodeAddr::from_parts(
node_id,
relay_url,
vec![] // No direct addresses yet
);
self.endpoint
.connect(node_addr, PAIRING_ALPN)
.await
.map_err(|e| NetworkingError::ConnectionFailed(format!("Relay connection failed: {}", e)))
}
```
**Benefits**:
- Fast local pairing (mDNS wins the race)
- Reliable remote pairing (relay always works)
- Seamless user experience (whichever succeeds first)
#### 1.3 Update Pairing Protocol Documentation
- Update `docs/core/pairing.md` to document relay fallback behavior
- Update `docs/core/design/DEVICE_PAIRING_PROTOCOL.md` with new flow diagram showing dual-path discovery
### Phase 2: Improve Reconnection Reliability (Priority: MEDIUM)
**Objective**: Ensure paired devices can reconnect via relay when local network is unavailable
#### 2.1 Capture and Store Relay Information
**Current**: NodeAddr with relay_url is stored but may become stale
**Enhancement**:
```rust
// core/src/service/network/device/persistence.rs
pub struct PersistedPairedDevice {
// ... existing fields ...
/// Home relay URL of this device
pub home_relay_url: Option<String>,
/// Last known relay URLs (in order of preference)
pub relay_urls: Vec<String>,
/// Timestamp when relay info was last updated
pub relay_info_updated_at: Option<DateTime<Utc>>,
}
```
#### 2.2 Enhance Reconnection Strategy
```rust
// core/src/service/network/core/mod.rs
async fn attempt_device_reconnection(...) {
// Try in order of preference:
// 1. Direct addresses (if on same network)
if !persisted_device.last_seen_addresses.is_empty() {
// Try cached direct addresses
}
// 2. mDNS discovery (if recently seen locally)
if should_try_mdns(&persisted_device) {
// Wait briefly for mDNS discovery
}
// 3. Relay fallback (always works)
if let Some(relay_url) = &persisted_device.home_relay_url {
let node_addr = NodeAddr::from_parts(
remote_node_id,
Some(relay_url.parse()?),
vec![] // Start with relay, Iroh will discover direct
);
endpoint.connect(node_addr, MESSAGING_ALPN).await?;
}
}
```
#### 2.3 Periodic Relay Info Refresh
**Rationale**: Home relay can change if a device moves or relay becomes unavailable
```rust
// Periodically refresh relay information for connected devices
async fn start_relay_info_refresh_task(&self) {
tokio::spawn(async move {
let mut interval = tokio::time::interval(Duration::from_secs(3600)); // 1 hour
loop {
interval.tick().await;
// For each connected device, query their current relay info
// Update persistence if changed
}
});
}
```
### Phase 3: Observability & Configuration (Priority: LOW)
**Objective**: Provide visibility into relay usage and allow configuration
#### 3.1 Relay Connection Metrics
Add to `NetworkEvent` enum:
```rust
pub enum NetworkEvent {
// ... existing variants ...
/// Connection established via relay (before hole-punch)
ConnectionViaRelay {
device_id: Uuid,
relay_url: String,
},
/// Connection upgraded from relay to direct
ConnectionUpgradedToDirect {
device_id: Uuid,
connection_type: String, // "ipv4", "ipv6", etc.
},
/// Relay connection health
RelayHealth {
relay_url: String,
latency_ms: u64,
connected: bool,
},
}
```
#### 3.2 Relay Configuration API
```rust
// core/src/ops/network/config/action.rs
/// Configure relay settings
pub struct ConfigureRelayAction {
pub mode: RelayMode,
}
pub enum RelayMode {
/// Use default n0 production relays
Default,
/// Use custom relay servers
Custom { relay_urls: Vec<String> },
/// Disable relay (local-only mode)
Disabled,
}
```
#### 3.3 Network Inspector UI
Add a "Network Status" panel showing:
- Current relay server and connection status
- Connection type for each paired device (direct/relay)
- Relay latency and bandwidth metrics
- Historical connection reliability
### Phase 4: Advanced Features (Future)
#### 4.1 Smart Relay Selection
- Prefer geographically closer relay servers
- Load balance across multiple relays
- Automatically switch relays based on performance
#### 4.2 Custom Relay Server Support
- Allow users to deploy their own relay servers
- Configuration UI for custom relay URLs
- Documentation for self-hosting Iroh relay servers
#### 4.3 Hybrid Discovery
- Combine mDNS with relay-assisted NAT traversal
- Use relay to coordinate hole-punching even for local networks behind strict firewalls
## Migration & Testing Plan
### Testing Strategy
1. **Local Network Tests**: Verify mDNS still works and is preferred
2. **Cross-Network Tests**: Test pairing between devices on different networks
3. **Relay Failover Tests**: Simulate relay outages and verify fallback behavior
4. **Performance Tests**: Measure latency increase when using relay
5. **NAT Traversal Tests**: Test various NAT configurations
### Rollout Plan
1. **Phase 1 - Week 1-2**: Implement enhanced pairing with relay fallback
2. **Phase 2 - Week 3**: Improve reconnection reliability
3. **Phase 3 - Week 4**: Add observability and configuration
4. **Beta Testing - Week 5-6**: Internal testing with various network configurations
5. **Public Release - Week 7**: Roll out to users with documentation
## Technical Considerations
### Security
- **Relay Privacy**: Relay servers see encrypted traffic only, cannot decrypt
- **Man-in-the-Middle**: Not possible due to TLS + NodeId verification
- **Relay Trust**: Using n0's relays means trusting their infrastructure (same as using their DNS)
### Performance
- **Relay Latency**: Adds 20-100ms typically (vs direct <10ms)
- **Bandwidth**: Relay servers can handle traffic but direct is always preferred
- **Hole-Punching**: Iroh automatically upgrades to direct connection (90% success rate)
### Reliability
- **Multi-Relay Redundancy**: n0 operates relays in 3 regions
- **Automatic Failover**: Iroh handles relay outages transparently
- **Connection Persistence**: QUIC maintains connection during network changes
## Alternative Approaches Considered
### 1. DHT-Based Discovery (Rejected)
**Approach**: Use Kademlia DHT for peer discovery instead of relay
**Why Rejected**:
- Adds complexity
- DHT discovery is slower (seconds to minutes)
- Iroh's relay approach is simpler and faster
- Still need relay for NAT traversal anyway
### 2. Centralized Signaling Server (Rejected)
**Approach**: Build custom signaling server for pairing coordination
**Why Rejected**:
- Reinventing the wheel - Iroh relay does this
- Operational overhead of running our own infrastructure
- n0's relays are already proven at scale
### 3. WebRTC-Style ICE (Rejected)
**Approach**: Implement full ICE protocol with STUN/TURN servers
**Why Rejected**:
- Iroh already handles this internally
- More complex than needed
- Relay servers provide same functionality
## Resources
### Iroh Documentation
- [Iroh Connection Establishment](https://docs.rs/iroh/latest/iroh/#connection-establishment)
- [Iroh Relay Servers](https://docs.rs/iroh/latest/iroh/#relay-servers)
- [RelayMode Documentation](https://docs.rs/iroh/latest/iroh/enum.RelayMode.html)
### Spacedrive Documentation
- [Networking Module](../networking.md)
- [Pairing Protocol](../pairing.md)
- [Iroh Migration Design](./IROH_MIGRATION_DESIGN.md)
### Code References
- Endpoint configuration: `core/src/service/network/core/mod.rs:175-196`
- Pairing joiner flow: `core/src/service/network/core/mod.rs:1179-1368`
- Device persistence: `core/src/service/network/device/persistence.rs`
- NodeAddr construction: `core/src/service/network/core/mod.rs:1252-1256`
## Open Questions
1. **Pairing Code Format**: Should we stick with 12-word BIP39 or switch to QR-only for remote pairing?
2. **Relay Server Priority**: Should users be able to pin a preferred relay region?
3. **Bandwidth Limits**: Should we impose limits on relay traffic to prevent abuse?
4. **Custom Relays**: Priority for custom relay server support?
## Next Steps
1. Complete discovery and analysis
2. Create implementation plan (this document)
3. Implement Phase 1: Enhanced pairing with relay fallback
4. Test cross-network pairing
5. Measure relay usage and performance
6. Update user documentation
---
**Status**: Ready for implementation
**Estimated Effort**: 2-3 weeks for Phases 1-2
**Risk Level**: Low (leveraging existing Iroh functionality)

518
docs/core/design/JOB_SYSTEM_DESIGN.md
View File

@@ -1,518 +0,0 @@
# Spacedrive Job System Design v2
## Executive Summary
This document presents a redesigned job system for Spacedrive that dramatically reduces boilerplate while maintaining the power needed for complex operations like indexing. The new design leverages Rust's type system and the existing task-system crate to provide a clean, extensible API.
## Core Design Principles
1. **Zero Boilerplate**: Define jobs as simple async functions with a derive macro
2. **Auto-Registration**: Use `inventory` crate for compile-time job discovery
3. **Type-Safe Progress**: Structured progress reporting, not string-based
4. **Layered Architecture**: Jobs built on top of task-system for execution
5. **Library-Scoped**: Each library has its own job database
6. **Resumable by Design**: Automatic state persistence at checkpoints
## Architecture Overview
```
┌─────────────────────────────────────────────────┐
│ Application Layer │
│ (Copy Job, Indexer Job, Thumbnail Job, etc.) │
└─────────────────────┬───────────────────────────┘
┌─────────────────────┴───────────────────────────┐
│ Job System Layer │
│ (Scheduling, Persistence, Progress, Registry) │
└─────────────────────┬───────────────────────────┘
┌─────────────────────┴───────────────────────────┐
│ Task System Layer │
│ (Execution, Parallelism, Interruption) │
└─────────────────────┬───────────────────────────┘
┌─────────────────────┴───────────────────────────┐
│ Worker Pool │
│ (CPU-bound thread pool) │
└─────────────────────────────────────────────────┘
```
## Job Definition API
### Simple Job Example - File Copy
```rust
use spacedrive_jobs::prelude::*;
#[derive(Job)]
#[job(name = "file_copy")]
pub struct FileCopyJob {
sources: Vec<SdPath>,
destination: SdPath,
#[job(persist = false)] // Don't persist this field
options: CopyOptions,
}
#[job_handler]
impl FileCopyJob {
async fn run(&mut self, ctx: JobContext) -> JobResult {
let total = self.sources.len();
ctx.progress(Progress::count(0, total));
for (i, source) in self.sources.iter().enumerate() {
// Check for interruption
ctx.check_interrupt().await?;
// Perform copy
let dest_path = self.destination.join(source.file_name()?);
copy_file(source, &dest_path).await?;
// Update progress
ctx.progress(Progress::count(i + 1, total));
// Checkpoint - job can be resumed from here
ctx.checkpoint().await?;
}
Ok(JobOutput::FileCopy {
copied_count: total,
total_bytes: ctx.metrics().bytes_processed,
})
}
}
```
### Complex Job Example - Indexer
```rust
#[derive(Job, Serialize, Deserialize)]
#[job(name = "indexer", resumable = true)]
pub struct IndexerJob {
location_id: Uuid,
root_path: SdPath,
mode: IndexMode,
#[serde(skip)]
walked_paths: HashSet<PathBuf>,
}
#[job_handler]
impl IndexerJob {
async fn run(&mut self, ctx: JobContext) -> JobResult {
// Initialize from saved state or start fresh
let mut state = self.load_state(&ctx).await?
.unwrap_or_else(|| IndexerState::new(&self.root_path));
// Report initial progress
ctx.progress(Progress::indeterminate("Scanning directories..."));
// Walk directories with resumable state machine
while let Some(entry) = state.next_entry(&ctx).await? {
ctx.check_interrupt().await?;
match entry {
WalkEntry::Dir(path) => {
// Spawn sub-job for deep directories
if should_spawn_subjob(&path) {
ctx.spawn_child(IndexerJob {
location_id: self.location_id,
root_path: path.to_sdpath()?,
mode: self.mode.clone(),
walked_paths: Default::default(),
}).await?;
}
ctx.progress(Progress::structured(IndexerProgress {
phase: IndexPhase::Walking,
current_path: path.to_string_lossy().to_string(),
items_found: state.items_found,
dirs_remaining: state.dirs_remaining(),
}));
}
WalkEntry::File(metadata) => {
state.found_items.push(metadata);
// Batch processing
if state.found_items.len() >= 1000 {
self.process_batch(&mut state, &ctx).await?;
ctx.checkpoint_with_state(&state).await?;
}
}
}
}
// Process remaining items
if !state.found_items.is_empty() {
self.process_batch(&mut state, &ctx).await?;
}
Ok(JobOutput::Indexed {
total_files: state.total_files,
total_dirs: state.total_dirs,
total_bytes: state.total_bytes,
})
}
async fn process_batch(&self, state: &mut IndexerState, ctx: &JobContext) -> Result<()> {
let batch = std::mem::take(&mut state.found_items);
// Save to database
ctx.library_db().transaction(|tx| async {
for item in batch {
create_entry(&item, tx).await?;
}
Ok(())
}).await?;
state.processed_count += batch.len();
ctx.progress(Progress::percentage(
state.processed_count as f32 / state.estimated_total as f32
));
Ok(())
}
}
// State management for complex resumable operations
#[derive(Serialize, Deserialize)]
struct IndexerState {
walk_state: WalkerState,
found_items: Vec<FileMetadata>,
processed_count: usize,
total_files: u64,
total_dirs: u64,
total_bytes: u64,
estimated_total: usize,
}
```
## Progress Reporting
### Type-Safe Progress API
```rust
pub enum Progress {
/// Simple count-based progress
Count { current: usize, total: usize },
/// Percentage-based progress
Percentage(f32),
/// Indeterminate progress with message
Indeterminate(String),
/// Structured progress for complex jobs
Structured(Box<dyn ProgressData>),
}
// Jobs can define custom progress types
#[derive(Serialize, Deserialize, ProgressData)]
pub struct IndexerProgress {
pub phase: IndexPhase,
pub current_path: String,
pub items_found: usize,
pub dirs_remaining: usize,
}
#[derive(Serialize, Deserialize)]
pub enum IndexPhase {
Walking,
Processing,
GeneratingThumbnails,
ExtractingMetadata,
}
```
## Job Context API
The `JobContext` provides all the capabilities a job needs:
```rust
pub struct JobContext {
// Core functionality
pub fn id(&self) -> JobId;
pub fn library(&self) -> &Library;
pub fn library_db(&self) -> &DatabaseConnection;
// Progress reporting
pub fn progress(&self, progress: Progress);
pub fn add_warning(&self, warning: impl Into<String>);
pub fn add_non_critical_error(&self, error: impl Into<JobError>);
// Metrics
pub fn metrics(&self) -> &JobMetrics;
pub fn increment_bytes(&self, bytes: u64);
// Control flow
pub async fn check_interrupt(&self) -> Result<()>;
pub async fn checkpoint(&self) -> Result<()>;
pub async fn checkpoint_with_state<S: Serialize>(&self, state: &S) -> Result<()>;
// Child jobs
pub async fn spawn_child<J: Job>(&self, job: J) -> Result<JobHandle>;
pub async fn wait_for_children(&self) -> Result<()>;
// State management
pub async fn load_state<S: DeserializeOwned>(&self) -> Result<Option<S>>;
pub async fn save_state<S: Serialize>(&self, state: &S) -> Result<()>;
}
```
## Job Registration & Discovery
Using the `inventory` crate for zero-boilerplate registration:
```rust
// The #[derive(Job)] macro automatically generates this
inventory::submit! {
JobRegistration::new::<FileCopyJob>()
}
// Job system discovers all jobs at runtime
pub fn discover_jobs() -> Vec<JobRegistration> {
inventory::iter::<JobRegistration>()
.cloned()
.collect()
}
```
## Job Database Schema
Each library has its own `jobs.db`:
```sql
-- Active and queued jobs
CREATE TABLE jobs (
id TEXT PRIMARY KEY,
name TEXT NOT NULL,
state BLOB NOT NULL, -- Serialized job state
status TEXT NOT NULL, -- 'queued', 'running', 'paused', 'completed', 'failed'
priority INTEGER DEFAULT 0,
-- Progress tracking
progress_type TEXT,
progress_data BLOB,
-- Relationships
parent_job_id TEXT,
-- Metrics
started_at TIMESTAMP,
completed_at TIMESTAMP,
paused_at TIMESTAMP,
-- Error tracking
error_message TEXT,
warnings BLOB, -- JSON array
non_critical_errors BLOB, -- JSON array
FOREIGN KEY (parent_job_id) REFERENCES jobs(id)
);
-- Completed job history (kept for 30 days)
CREATE TABLE job_history (
id TEXT PRIMARY KEY,
name TEXT NOT NULL,
status TEXT NOT NULL,
started_at TIMESTAMP NOT NULL,
completed_at TIMESTAMP NOT NULL,
duration_ms INTEGER,
output BLOB, -- Serialized JobOutput
metrics BLOB -- Final metrics
);
-- Checkpoint data for resumable jobs
CREATE TABLE job_checkpoints (
job_id TEXT PRIMARY KEY,
checkpoint_data BLOB NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (job_id) REFERENCES jobs(id) ON DELETE CASCADE
);
```
## Integration with Task System
Jobs are executed as tasks:
```rust
impl<T: Job> Task<JobError> for JobTask<T> {
fn id(&self) -> TaskId {
self.job_id.into()
}
fn with_priority(&self) -> bool {
self.priority > 0
}
async fn run(&mut self, interrupter: &Interrupter) -> Result<ExecStatus, JobError> {
// Create job context with interrupter
let ctx = JobContext::new(
self.job_id,
self.library.clone(),
interrupter.clone(),
);
// Run the job
match self.job.run(ctx).await {
Ok(output) => {
self.output = Some(output);
Ok(ExecStatus::Done(()))
}
Err(JobError::Interrupted) => Ok(ExecStatus::Paused),
Err(e) => Err(e),
}
}
}
```
## Job Lifecycle
### 1. Job Creation & Queueing
```rust
// Simple API for job dispatch
let job = FileCopyJob {
sources: vec![source_path],
destination: dest_path,
options: Default::default(),
};
let handle = library.jobs().dispatch(job).await?;
```
### 2. Execution Flow
```
Queue → Schedule → Spawn Task → Execute → Checkpoint → Complete
↓ ↓
Interrupt Save State
↓ ↓
Pause ←──────────────── Resume
```
### 3. Progress & Monitoring
```rust
// Subscribe to job updates
let mut updates = handle.subscribe();
while let Some(update) = updates.next().await {
match update {
JobUpdate::Progress(progress) => {
// Update UI
}
JobUpdate::StateChanged(state) => {
// Handle state changes
}
JobUpdate::Completed(output) => {
// Job finished
}
}
}
```
## Advanced Features
### 1. Job Dependencies
```rust
#[derive(Job)]
#[job(name = "thumbnail_generation", depends_on = "indexer")]
pub struct ThumbnailJob {
entry_ids: Vec<Uuid>,
}
```
### 2. Resource Constraints
```rust
#[derive(Job)]
#[job(
name = "video_transcode",
max_concurrent = 2, // Only 2 transcodes at once
requires_resources = ["gpu", "disk_space:10GB"]
)]
pub struct TranscodeJob {
// ...
}
```
### 3. Scheduled Jobs
```rust
library.jobs()
.schedule(CleanupJob::new())
.every(Duration::hours(6))
.starting_at(Local::now() + Duration::hours(1))
.dispatch()
.await?;
```
### 4. Job Composition
```rust
#[derive(Job)]
pub struct BackupJob {
locations: Vec<LocationId>,
}
#[job_handler]
impl BackupJob {
async fn run(&mut self, ctx: JobContext) -> JobResult {
// Compose multiple sub-jobs
for location in &self.locations {
// Index first
let indexer = ctx.spawn_child(IndexerJob::new(location)).await?;
indexer.wait().await?;
// Then generate thumbnails
ctx.spawn_child(ThumbnailJob::for_location(location)).await?;
// Finally upload
ctx.spawn_child(UploadJob::for_location(location)).await?;
}
ctx.wait_for_children().await?;
Ok(JobOutput::BackupComplete)
}
}
```
## Implementation Plan
### Phase 1: Core Infrastructure
1. Create job-system crate with derive macro
2. Implement job registration with inventory
3. Create job database schema and migrations
4. Build JobContext API
### Phase 2: Basic Jobs
1. Port FileCopyJob as proof of concept
2. Implement progress reporting
3. Add job history tracking
4. Create job management UI
### Phase 3: Complex Jobs
1. Port IndexerJob with full state machine
2. Implement checkpoint/resume functionality
3. Add child job spawning
4. Performance optimization
### Phase 4: Advanced Features
1. Job scheduling system
2. Resource constraints
3. Job dependencies
4. Metrics and analytics
## Benefits Over Original System
1. **Minimal Boilerplate**: ~50 lines vs 500-1000 lines
2. **Auto-Registration**: No manual registry maintenance
3. **Type Safety**: Structured progress and outputs
4. **Flexibility**: Easy to add new job types
5. **Maintainability**: Clear separation of concerns
6. **Extensibility**: Can add jobs from any crate
7. **Developer Experience**: Intuitive API with good defaults
## Conclusion
This new job system design maintains all the power of the original while dramatically improving developer experience. By leveraging Rust's type system and building on the solid foundation of the task-system crate, we can provide a clean, extensible API that makes adding new jobs trivial while still supporting complex use cases like the indexer.

375
docs/core/design/JOB_SYSTEM_MACRO_EXAMPLE.md
View File

@@ -1,375 +0,0 @@
# Job System Macro Implementation Example
This document shows what the `#[derive(Job)]` macro generates under the hood, demonstrating how we achieve minimal boilerplate.
## Example: What You Write
```rust
use spacedrive_jobs::prelude::*;
#[derive(Job, Serialize, Deserialize)]
#[job(name = "file_copy", resumable = true)]
pub struct FileCopyJob {
sources: Vec<SdPath>,
destination: SdPath,
#[job(persist = false)]
options: CopyOptions,
}
#[job_handler]
impl FileCopyJob {
async fn run(&mut self, ctx: JobContext) -> JobResult {
// Your business logic here
for source in &self.sources {
ctx.check_interrupt().await?;
copy_file(source, &self.destination).await?;
ctx.checkpoint().await?;
}
Ok(JobOutput::Success)
}
}
```
## What Gets Generated
### 1. Job Registration
```rust
// Auto-generated by #[derive(Job)]
impl job_system::JobDefinition for FileCopyJob {
const NAME: &'static str = "file_copy";
const RESUMABLE: bool = true;
fn schema() -> JobSchema {
JobSchema {
name: Self::NAME,
resumable: Self::RESUMABLE,
version: 1,
description: None,
}
}
}
// Auto-registration with inventory
inventory::submit! {
job_system::JobRegistration {
name: "file_copy",
schema_fn: FileCopyJob::schema,
create_fn: |data| {
let job: FileCopyJob = serde_json::from_value(data)?;
Box::new(JobExecutor::new(job))
},
}
}
```
### 2. Serialization Support
```rust
// Auto-generated serialization that respects #[job(persist = false)]
impl job_system::SerializableJob for FileCopyJob {
fn serialize_state(&self) -> Result<Vec<u8>, JobError> {
// Custom serializer that skips fields marked with persist = false
let state = FileCopyJobState {
sources: &self.sources,
destination: &self.destination,
// options is skipped due to #[job(persist = false)]
};
Ok(rmp_serde::to_vec(&state)?)
}
fn deserialize_state(data: &[u8]) -> Result<Self, JobError> {
let state: FileCopyJobState = rmp_serde::from_slice(data)?;
Ok(Self {
sources: state.sources,
destination: state.destination,
options: Default::default(), // Use default for non-persisted fields
})
}
}
// Generated state struct for serialization
#[derive(Serialize, Deserialize)]
struct FileCopyJobState<'a> {
sources: &'a Vec<SdPath>,
destination: &'a SdPath,
}
```
### 3. Job Executor Wrapper
```rust
// Auto-generated executor that wraps your job logic
struct JobExecutor<T: JobHandler> {
inner: T,
state: JobExecutorState,
}
impl JobExecutor<FileCopyJob> {
fn new(job: FileCopyJob) -> Self {
Self {
inner: job,
state: JobExecutorState::default(),
}
}
}
// Implements the Task trait for integration with task-system
#[async_trait]
impl Task<JobError> for JobExecutor<FileCopyJob> {
fn id(&self) -> TaskId {
self.state.task_id
}
async fn run(&mut self, interrupter: &Interrupter) -> Result<ExecStatus, JobError> {
// Create context with all the job system features
let ctx = JobContext {
id: self.state.job_id,
library: self.state.library.clone(),
interrupter: interrupter.clone(),
progress_tx: self.state.progress_tx.clone(),
checkpoint_handler: self.state.checkpoint_handler.clone(),
metrics: Arc::new(Mutex::new(self.state.metrics.clone())),
};
// Call your run method
match self.inner.run(ctx).await {
Ok(output) => {
self.state.output = Some(output);
Ok(ExecStatus::Done(()))
}
Err(JobError::Interrupted) => {
// Save state for resume
self.save_checkpoint().await?;
Ok(ExecStatus::Paused)
}
Err(e) => Err(e),
}
}
}
#[derive(Default)]
struct JobExecutorState {
job_id: JobId,
task_id: TaskId,
library: Arc<Library>,
progress_tx: mpsc::Sender<JobProgress>,
checkpoint_handler: Arc<CheckpointHandler>,
metrics: JobMetrics,
output: Option<JobOutput>,
}
```
### 4. JobHandler Trait Implementation
```rust
// The #[job_handler] macro generates this trait implementation
#[async_trait]
impl job_system::JobHandler for FileCopyJob {
type Output = JobOutput;
async fn run(&mut self, ctx: JobContext) -> Result<Self::Output, JobError> {
// This is your actual implementation
<original implementation>
}
// Default implementations for optional methods
async fn on_pause(&mut self, _ctx: &JobContext) -> Result<(), JobError> {
Ok(())
}
async fn on_resume(&mut self, _ctx: &JobContext) -> Result<(), JobError> {
Ok(())
}
async fn on_cancel(&mut self, _ctx: &JobContext) -> Result<(), JobError> {
Ok(())
}
}
```
## Advanced Macro Features
### 1. Custom Progress Types
```rust
#[derive(Job, Serialize, Deserialize)]
#[job(name = "indexer", progress = IndexerProgress)]
pub struct IndexerJob {
location: Uuid,
}
#[derive(Serialize, Deserialize, JobProgress)]
pub struct IndexerProgress {
pub current_path: String,
pub files_found: usize,
pub dirs_remaining: usize,
}
```
Generates:
```rust
impl job_system::ProgressReporter for IndexerJob {
type Progress = IndexerProgress;
fn progress_schema() -> ProgressSchema {
ProgressSchema {
type_name: "IndexerProgress",
fields: vec![
ProgressField { name: "current_path", type: "string" },
ProgressField { name: "files_found", type: "number" },
ProgressField { name: "dirs_remaining", type: "number" },
],
}
}
}
```
### 2. Job Dependencies
```rust
#[derive(Job)]
#[job(
name = "thumbnail_gen",
depends_on = ["indexer"],
run_after = ["media_processor"]
)]
pub struct ThumbnailJob {
entry_ids: Vec<Uuid>,
}
```
Generates:
```rust
impl job_system::JobDependencies for ThumbnailJob {
fn dependencies() -> &'static [&'static str] {
&["indexer"]
}
fn run_after() -> &'static [&'static str] {
&["media_processor"]
}
fn can_run(&self, completed_jobs: &HashSet<&str>) -> bool {
self.dependencies().iter().all(|dep| completed_jobs.contains(dep))
}
}
```
### 3. Resource Requirements
```rust
#[derive(Job)]
#[job(
name = "video_transcode",
max_concurrent = 2,
requires = ["gpu", "disk_space:10GB", "memory:4GB"]
)]
pub struct TranscodeJob {
input: PathBuf,
output: PathBuf,
}
```
Generates:
```rust
impl job_system::ResourceRequirements for TranscodeJob {
fn max_concurrent() -> Option<usize> {
Some(2)
}
fn required_resources() -> Vec<ResourceRequirement> {
vec![
ResourceRequirement::Named("gpu"),
ResourceRequirement::DiskSpace(10 * 1024 * 1024 * 1024), // 10GB
ResourceRequirement::Memory(4 * 1024 * 1024 * 1024), // 4GB
]
}
}
```
## Macro Implementation Strategy
The macro will be implemented using `syn` and `quote`:
```rust
#[proc_macro_derive(Job, attributes(job))]
pub fn derive_job(input: TokenStream) -> TokenStream {
let input = parse_macro_input!(input as DeriveInput);
// Parse attributes
let attrs = JobAttributes::from_derive_input(&input).unwrap();
// Generate implementations
let job_definition_impl = generate_job_definition(&input, &attrs);
let serializable_impl = generate_serializable(&input, &attrs);
let executor_impl = generate_executor(&input, &attrs);
let registration = generate_registration(&input, &attrs);
TokenStream::from(quote! {
#job_definition_impl
#serializable_impl
#executor_impl
#registration
})
}
```
## Benefits of This Approach
1. **Minimal User Code**: Users only write their business logic
2. **Full Feature Set**: All job system features available via attributes
3. **Type Safety**: Compile-time checking of job definitions
4. **Zero Runtime Cost**: All code generated at compile time
5. **Extensible**: Easy to add new attributes and features
6. **Discoverable**: IDEs can provide completion for attributes
7. **Testable**: Generated code can be unit tested
## Comparison with Original System
### Original System (500-1000 lines)
```rust
// 1. Add to enum (central file)
pub enum JobName { FileCopy }
// 2. Implement Job trait (200+ lines)
impl Job for FileCopyJob {
const NAME: JobName = JobName::FileCopy;
// ... many required methods
}
// 3. Implement SerializableJob (200+ lines)
impl SerializableJob for FileCopyJob {
// ... serialization logic
}
// 4. Add to registry macro (central file)
match_deserialize_job!(
stored_job, report, ctx,
[FileCopyJob, /* all other jobs */]
)
```
### New System (50 lines)
```rust
#[derive(Job)]
#[job(name = "file_copy")]
pub struct FileCopyJob {
sources: Vec<SdPath>,
destination: SdPath,
}
#[job_handler]
impl FileCopyJob {
async fn run(&mut self, ctx: JobContext) -> JobResult {
// Your logic here
}
}
```
The macro system provides the same functionality with 95% less boilerplate!

231
docs/core/design/JOB_SYSTEM_README.md
View File

@@ -1,231 +0,0 @@
# Spacedrive Job System v2
## Overview
The new job system provides a minimal-boilerplate framework for defining and executing background tasks in Spacedrive. Built on top of the battle-tested `task-system` crate, it offers powerful features like automatic persistence, progress tracking, and graceful interruption.
## Quick Start
### 1. Define a Job
```rust
use spacedrive_jobs::prelude::*;
use serde::{Serialize, Deserialize};
#[derive(Debug, Serialize, Deserialize)]
pub struct MyJob {
input_path: PathBuf,
output_path: PathBuf,
}
impl Job for MyJob {
const NAME: &'static str = "my_job";
const RESUMABLE: bool = true;
}
#[async_trait]
impl JobHandler for MyJob {
type Output = MyJobOutput;
async fn run(&mut self, ctx: JobContext) -> JobResult<Self::Output> {
// Your job logic here
ctx.progress(Progress::indeterminate("Processing..."));
// Check for interruption
ctx.check_interrupt().await?;
// Do work...
let result = process_file(&self.input_path).await?;
Ok(MyJobOutput {
items_processed: result.count
})
}
}
```
### 2. Dispatch the Job
```rust
let job = MyJob {
input_path: "/path/to/input".into(),
output_path: "/path/to/output".into(),
};
let handle = library.jobs().dispatch(job).await?;
```
### 3. Monitor Progress
```rust
let mut updates = handle.subscribe();
while let Some(update) = updates.next().await {
match update {
JobUpdate::Progress(p) => println!("Progress: {}", p),
JobUpdate::Completed(output) => println!("Done: {:?}", output),
JobUpdate::Failed(e) => eprintln!("Failed: {}", e),
_ => {}
}
}
```
## Features
### Minimal Boilerplate
- Just implement two traits: `Job` and `JobHandler`
- ~50 lines for a complete job vs 500-1000 in the old system
- No manual registration required
### Automatic Persistence
- Jobs automatically save state at checkpoints
- Resume from exactly where they left off after crashes
- Per-library job database
### Rich Progress Tracking
- Count-based: "3/10 files"
- Percentage-based: "45.2%"
- Bytes-based: "1.5 GB / 3.2 GB"
- Custom structured progress for complex jobs
### Full Control
- Pause/resume running jobs
- Cancel with cleanup
- Priority execution
- Child job spawning
### Observability
- Real-time progress updates
- Detailed metrics (bytes, items, duration)
- Warning and non-critical error tracking
- Job history with configurable retention
## Architecture
```
┌─────────────────────────┐
│ Your Job Code │ <- You write this (50 lines)
├─────────────────────────┤
│ Job System Layer │ <- Handles persistence, progress, lifecycle
├─────────────────────────┤
│ Task System Layer │ <- Provides execution, parallelism, interruption
├─────────────────────────┤
│ Worker Pool │ <- CPU-optimized thread pool
└─────────────────────────┘
```
## Advanced Examples
### Resumable Job with State
```rust
#[derive(Serialize, Deserialize)]
struct ProcessingJob {
files: Vec<PathBuf>,
#[serde(skip)]
processed_indices: Vec<usize>,
}
impl JobHandler for ProcessingJob {
async fn run(&mut self, ctx: JobContext) -> JobResult<Output> {
// Load saved state if resuming
if let Some(indices) = ctx.load_state::<Vec<usize>>().await? {
self.processed_indices = indices;
}
for (i, file) in self.files.iter().enumerate() {
if self.processed_indices.contains(&i) {
continue; // Skip already processed
}
ctx.check_interrupt().await?;
process_file(file).await?;
self.processed_indices.push(i);
// Save progress
ctx.checkpoint_with_state(&self.processed_indices).await?;
}
Ok(Output::default())
}
}
```
### Custom Progress Types
```rust
#[derive(Serialize, JobProgress)]
struct ConversionProgress {
current_file: String,
files_done: usize,
total_files: usize,
current_file_percent: f32,
}
impl JobHandler for VideoConverter {
async fn run(&mut self, ctx: JobContext) -> JobResult<Output> {
ctx.progress(Progress::structured(ConversionProgress {
current_file: "video.mp4".into(),
files_done: 1,
total_files: 10,
current_file_percent: 0.45,
}));
// Progress is automatically serialized and sent to subscribers
}
}
```
### Job Composition
```rust
impl JobHandler for BatchProcessor {
async fn run(&mut self, ctx: JobContext) -> JobResult<Output> {
// Spawn child jobs
for chunk in self.data.chunks(1000) {
let child = ChunkProcessor { data: chunk.to_vec() };
ctx.spawn_child(child).await?;
}
// Wait for all children to complete
ctx.wait_for_children().await?;
Ok(Output::default())
}
}
```
## Comparison with Original System
| Feature | Old System | New System |
|---------|------------|------------|
| Lines to define a job | 500-1000 | ~50 |
| Registration | Manual in 3 places | Automatic |
| Can forget to register | Yes (runtime panic) | No |
| Type safety | Dynamic dispatch heavy | Fully typed |
| Progress reporting | String-based | Structured + typed |
| Extensibility | Core only | Any crate |
| Learning curve | Steep | Gentle |
## Implementation Status
- [x] Core job traits and types
- [x] Job manager and executor
- [x] Database schema and persistence
- [x] Progress tracking
- [x] Task system integration
- [x] Basic job examples (copy, indexer)
- [ ] Derive macro (currently manual implementation)
- [ ] Job scheduling (cron-like)
- [ ] Resource constraints
- [ ] Job dependencies DAG
## Future Plans
1. **Derive Macro**: Automatic implementation of boilerplate
2. **Job Scheduling**: Run jobs on schedules or triggers
3. **Resource Management**: CPU/memory/disk constraints
4. **Job Marketplace**: Share job definitions as plugins
5. **Distributed Execution**: Run jobs across devices
The new job system dramatically simplifies job creation while maintaining all the power needed for complex operations like indexing millions of files.

408
docs/core/design/LIBP2P_INTEGRATION_DESIGN.md
View File

@@ -1,408 +0,0 @@
# Spacedrive libp2p Integration Design Document
**Version:** 1.0
**Date:** June 2025
**Author:** Development Team
**Status:** Design Phase
## Table of Contents
1. [Executive Summary](#executive-summary)
2. [Current State Analysis](#current-state-analysis)
3. [Proposed Architecture](#proposed-architecture)
4. [Implementation Plan](#implementation-plan)
5. [Risk Assessment](#risk-assessment)
6. [Success Metrics](#success-metrics)
## Executive Summary
### **Objective**
Migrate Spacedrive's networking layer from custom mDNS + TLS to libp2p while preserving our secure pairing protocol and enhancing network capabilities.
### **Key Benefits**
- **Enhanced Discovery**: DHT-based peer discovery vs. LAN-only mDNS
- **Network Resilience**: Automatic NAT traversal and multi-transport support
- **Simplified Codebase**: Reduce networking code by ~60% (800 → 300 lines)
- **Production Readiness**: Battle-tested by IPFS, Polkadot, and other major projects
- **Future-Proof**: Foundation for advanced features (relaying, hole punching, etc.)
### **Scope**
- **In Scope**: Transport layer, discovery, connection management
- **Preserved**: Pairing protocol, cryptography, device identity, user experience
- **Timeline**: 6-8 hours development + 2-4 hours testing
---
## Current State Analysis
### **Current Architecture**
```
┌─────────────────┐ ┌─────────────────┐
│ Pairing UI │ │ Pairing UI │
└─────────────────┘ └─────────────────┘
│ │
┌─────────────────┐ ┌─────────────────┐
│ Pairing Module │ │ Pairing Module │
│ • PairingCode │ │ • PairingCode │
│ • Protocol │ │ • Protocol │
│ • Crypto │ │ • Crypto │
└─────────────────┘ └─────────────────┘
│ │
┌─────────────────┐ ┌─────────────────┐
│ Discovery │ │ Discovery │
│ • mDNS Service │───│ • mDNS Scan │
│ • Broadcasting │ │ • Device List │
└─────────────────┘ └─────────────────┘
│ │
┌─────────────────┐ ┌─────────────────┐
│ Connection │ │ Connection │
│ • TLS Setup │───│ • TCP Connect │
│ • Certificates │ │ • Encryption │
└─────────────────┘ └─────────────────┘
│ │
┌─────────────────┐ ┌─────────────────┐
│ Transport │ │ Transport │
│ • TCP Sockets │──│ • TCP Sockets │
│ • Message I/O │ │ • Message I/O │
└─────────────────┘ └─────────────────┘
```
### **Current Pain Points**
| Issue | Impact | Frequency |
|-------|--------|-----------|
| mDNS same-host limitations | Development/testing friction | Daily |
| No NAT traversal | Remote pairing impossible | Common |
| Manual TLS certificate management | Security complexity | Always |
| Single transport (TCP only) | Limited network adaptability | Ongoing |
| LAN-only discovery | Geographic limitations | User-dependent |
### **Code Metrics**
| Component | Lines of Code | Complexity |
|-----------|---------------|------------|
| `discovery.rs` | 300 | High |
| `connection.rs` | 400 | High |
| `transport.rs` | 100 | Medium |
| **Total Networking** | **800** | **High** |
---
## Proposed Architecture
### **libp2p Architecture**
```
┌─────────────────┐ ┌─────────────────┐
│ Pairing UI │ │ Pairing UI │
│ (unchanged) │ │ (unchanged) │
└─────────────────┘ └─────────────────┘
│ │
┌─────────────────┐ ┌─────────────────┐
│ Pairing Module │ │ Pairing Module │
│ • PairingCode │ │ • PairingCode │
│ • Protocol │ │ • Protocol │
│ • Crypto │ │ • Crypto │
│ (unchanged) │ │ (unchanged) │
└─────────────────┘ └─────────────────┘
│ │
┌─────────────────────────────────────────┐
│ libp2p Swarm │
│ ┌─────────────┐ ┌─────────────────────┐ │
│ │ Kademlia │ │ Request/Response │ │
│ │ DHT │ │ Protocol │ │
│ │ • Discovery │ │ • Pairing Messages │ │
│ │ • Routing │ │ • Reliable Delivery │ │
│ └─────────────┘ └─────────────────────┘ │
│ ┌─────────────┐ ┌─────────────────────┐ │
│ │ Noise │ │ Yamux │ │
│ │ Encryption │ │ Multiplexing │ │
│ └─────────────┘ └─────────────────────┘ │
│ ┌─────────────────────────────────────┐ │
│ │ Transport Layer │ │
│ │ • TCP • QUIC • WebSocket • WebRTC │ │
│ │ • NAT Traversal • Hole Punching │ │
│ └─────────────────────────────────────┘ │
└─────────────────────────────────────────┘
```
### **Component Mapping**
| Current Component | libp2p Replacement | Benefits |
|------------------|-------------------|----------|
| `PairingDiscovery` | Kademlia DHT | Global discovery, not LAN-only |
| `PairingConnection` | Request/Response | Automatic connection management |
| TLS Setup | Noise Protocol | Simplified, automatic encryption |
| TCP Transport | Multi-transport | TCP + QUIC + WebSocket + WebRTC |
| mDNS Broadcasting | DHT Providing | Works across networks |
---
## Implementation Plan
### **Phase 1: Foundation (2 hours)**
#### **1.1 Dependencies & Basic Setup**
```toml
[dependencies]
libp2p = { version = "0.53", features = [
"kad", # Kademlia DHT for discovery
"request-response", # Request/response protocol
"noise", # Encryption
"yamux", # Multiplexing
"tcp", # TCP transport
"tokio" # Async runtime integration
]}
```
#### **1.2 Core Behavior Definition**
```rust
// src/networking/libp2p/behavior.rs
use libp2p::{kad, request_response, swarm::NetworkBehaviour};
#[derive(NetworkBehaviour)]
struct SpacedriveBehaviour {
kademlia: kad::Behaviour<MemoryStore>,
request_response: request_response::Behaviour<PairingCodec>,
}
struct PairingCodec;
impl request_response::Codec for PairingCodec {
type Protocol = StreamProtocol;
type Request = PairingMessage; // Reuse existing message types
type Response = PairingMessage;
// Implementation delegates to existing serialization
}
```
### **Phase 2: Discovery Migration (2 hours)**
#### **2.1 Replace PairingDiscovery**
```rust
// BEFORE: src/networking/pairing/discovery.rs (300 lines)
impl PairingDiscovery {
pub async fn start_broadcast(&mut self, code: &PairingCode, port: u16) -> Result<()>
pub async fn scan_for_pairing_device(&self, code: &PairingCode, timeout: Duration) -> Result<PairingTarget>
}
// AFTER: src/networking/libp2p/discovery.rs (80 lines)
impl LibP2PDiscovery {
pub async fn start_providing(&mut self, code: &PairingCode) -> Result<()> {
let key = Key::new(&code.discovery_fingerprint);
self.swarm.behaviour_mut().kademlia.start_providing(key)
}
pub async fn find_providers(&mut self, code: &PairingCode) -> Result<Vec<PeerId>> {
let key = Key::new(&code.discovery_fingerprint);
self.swarm.behaviour_mut().kademlia.get_providers(key)
}
}
```
#### **2.2 Event Handling**
```rust
match swarm.select_next_some().await {
SwarmEvent::Behaviour(SpacedriveEvent::Kademlia(kad::Event::OutboundQueryProgressed {
result: kad::QueryResult::GetProviders(Ok(kad::GetProvidersOk { providers, .. })),
..
})) => {
// Found devices providing this pairing code
for peer_id in providers {
emit_event(DiscoveryEvent::DeviceFound { peer_id });
}
}
}
```
### **Phase 3: Connection Migration (2 hours)**
#### **3.1 Replace PairingConnection**
```rust
// BEFORE: src/networking/pairing/connection.rs (400 lines)
impl PairingConnection {
pub async fn connect_to_target(target: PairingTarget, local_device: DeviceInfo) -> Result<Self>
pub async fn send_message(&mut self, message: &[u8]) -> Result<()>
pub async fn receive_message(&mut self) -> Result<Vec<u8>>
}
// AFTER: Integrated into swarm behavior (50 lines)
impl LibP2PManager {
pub async fn send_pairing_message(&mut self, peer_id: PeerId, message: PairingMessage) -> Result<()> {
self.swarm.behaviour_mut().request_response.send_request(&peer_id, message)
}
}
```
#### **3.2 Automatic Connection Management**
```rust
// libp2p handles connection lifecycle automatically
match swarm.select_next_some().await {
SwarmEvent::Behaviour(SpacedriveEvent::RequestResponse(request_response::Event::Message {
message: request_response::Message::Request { request, channel, .. },
..
})) => {
// Process pairing message using existing protocol handlers
let response = PairingProtocolHandler::handle_message(request).await?;
swarm.behaviour_mut().request_response.send_response(channel, response);
}
}
```
### **Phase 4: Integration & Demo Updates (1 hour)**
#### **4.1 Update Production Demo**
```rust
// BEFORE: Complex setup
let mut discovery = PairingDiscovery::new(device_info)?;
discovery.start_broadcast(&code, port).await?;
let server = PairingServer::bind(addr, device_info).await?;
// AFTER: Simple unified interface
let mut p2p_manager = LibP2PManager::new(local_identity).await?;
p2p_manager.start_pairing_session(pairing_code).await?;
```
#### **4.2 Event Loop Integration**
```rust
tokio::select! {
event = swarm.select_next_some() => {
handle_libp2p_event(event).await?;
}
ui_command = ui_rx.recv() => {
handle_ui_command(ui_command).await?;
}
}
```
### **Phase 5: Testing & Validation (2 hours)**
#### **5.1 Unit Tests**
- Message codec serialization/deserialization
- Discovery key generation consistency
- Event handling correctness
#### **5.2 Integration Tests**
- Cross-machine pairing (replaces current mDNS testing)
- Network interruption recovery
- Multiple simultaneous pairing sessions
#### **5.3 Demo Validation**
- Same-host discovery now works
- Remote network pairing capability
- Fallback behavior testing
---
## Risk Assessment
### **High-Impact Risks**
| Risk | Probability | Impact | Mitigation |
|------|-------------|---------|------------|
| **Breaking Changes** | Low | High | Comprehensive testing, gradual rollout |
| **Performance Regression** | Medium | Medium | Benchmarking, optimization |
| **Dependency Weight** | Medium | Low | Bundle size analysis, feature gating |
### **Technical Risks**
| Risk | Assessment | Mitigation Strategy |
|------|------------|-------------------|
| **Learning Curve** | Medium | Extensive documentation, examples |
| **Debugging Complexity** | Medium | Enhanced logging, metrics |
| **Platform Compatibility** | Low | libp2p has excellent cross-platform support |
### **Mitigation Strategies**
1. **Incremental Migration**: Keep existing code during transition
2. **Feature Flags**: Runtime switching between implementations
3. **Comprehensive Testing**: Unit, integration, and end-to-end tests
4. **Rollback Plan**: Maintain ability to revert to current implementation
---
## Success Metrics
### **Primary Goals**
| Metric | Current | Target | Measurement |
|--------|---------|--------|-------------|
| **Code Complexity** | 800 LOC | 300 LOC | Lines of networking code |
| **Discovery Reliability** | LAN-only | Global | Cross-network testing |
| **Same-Host Testing** | Manual setup | Automatic | Development workflow |
| **Connection Success Rate** | 85%* | 95% | Automated test suite |
*Estimated based on mDNS limitations
### **Secondary Benefits**
| Benefit | Timeframe | Impact |
|---------|-----------|--------|
| **NAT Traversal** | Immediate | High - enables remote pairing |
| **Multi-Transport** | Immediate | Medium - better network adaptability |
| **DHT Discovery** | Immediate | High - global device discovery |
| **Relay Support** | Future | High - pairing through intermediaries |
### **Performance Benchmarks**
| Operation | Current | Target | Notes |
|-----------|---------|--------|-------|
| **Discovery Time** | 2-10s | 1-5s | DHT vs mDNS |
| **Connection Setup** | 1-3s | 1-2s | Noise vs TLS |
| **Memory Usage** | 50MB | 60MB | Acceptable trade-off |
| **Binary Size** | +2MB | +5MB | Acceptable for features gained |
---
## Future Enhancements
### **Immediate Opportunities**
- **Multiple Transports**: Automatic fallback TCP → QUIC → WebSocket
- **Hole Punching**: Direct connections through NAT
- **Relay Support**: Connection through intermediate peers
### **Advanced Features**
- **DHT Persistence**: Remember discovered devices
- **Reputation System**: Trust scoring for devices
- **Bandwidth Adaptation**: QoS-aware transport selection
### **Integration Points**
- **File Transfer**: Stream large files directly over libp2p
- **Real-time Sync**: Use libp2p pubsub for live updates
- **Mesh Networking**: Multi-hop device communication
---
## Decision Points
### **Go/No-Go Criteria**
**GO if:**
- Development time < 8 hours
- No breaking changes to pairing UX
- Performance parity or better
- Same-host discovery works
**NO-GO if:**
- Significant complexity increase
- Major dependency issues
- Performance degradation > 20%
- Platform compatibility problems
### **Alternative Approaches**
| Alternative | Pros | Cons | Recommendation |
|-------------|------|------|----------------|
| **Fix mDNS Issues** | Minimal change | Limited capabilities | Not recommended |
| **Custom UDP Discovery** | Simple, lightweight | Limited scope, maintenance burden | Fallback option |
| **WebRTC-only** | Browser compatibility | Complex, narrow use case | Future consideration |
---
## Conclusion
The migration to libp2p represents a strategic upgrade that enhances Spacedrive's networking capabilities while preserving our secure pairing protocol design. The implementation effort is modest (6-8 hours) compared to the significant benefits: global discovery, NAT traversal, simplified codebase, and future-ready architecture.
**Recommendation: Proceed with implementation** following the phased approach outlined above.
The investment in libp2p positions Spacedrive for advanced networking features while immediately solving current limitations around same-host discovery and network traversal.

227
docs/core/design/LIBRARY_LEADERSHIP.md
View File

@@ -1,227 +0,0 @@
Spacedrive Core v2: Sync Leadership & Key Exchange Protocol
Date: June 27, 2025
Status: Proposed Design
Author: Gemini
1. Overview
This document specifies the design for two critical components of Spacedrive Core v2's multi-device synchronization system: a user-driven protocol for managing sync leadership and a secure protocol for sharing library access between paired devices.
This design refines the concepts in SYNC_DESIGN.md by replacing complex, automatic leader election with a pragmatic, user-controlled Leader Promotion Model. This approach prioritizes stability and data integrity, acknowledging the intended architecture where at least one device per library (e.g., a self-hosted server) is "always-on".
Furthermore, it formalizes the Secure Library Key Exchange Protocol, detailing how a device can safely receive the necessary cryptographic keys to join and sync a library, leveraging the trusted channel established during initial device pairing.
2. Part 1: Pragmatic Leader Promotion Model
This model is founded on the principle that leadership of a library's sync log is a deliberate administrative role, not a dynamically shifting one. Changes in leadership are explicit, observable, and controlled by the user.
2.1. Initial Leader Selection
The first leader is designated when sync is enabled for a library.
Trigger: A user initiates sync for a library between two or more devices via the SyncSetupJob.
Mechanism: The UI will prompt the user to explicitly select which device will act as the leader for that library. This choice is final until another promotion is manually initiated.
Storage: The device_id of the chosen leader, along with an initial epoch number (e.g., 1), is stored in the library's library.json configuration file. This file is then distributed to all participating devices as the unambiguous source of truth for leadership.
2.2. Leadership Handover: The promote-leader Command
A leadership change is an administrative task triggered via the CLI. This prevents unintended leadership changes due to transient network issues.
2.2.1. CLI Command
A new command will be added to the spacedrive CLI:
spacedrive library promote-leader --library-id <UUID> --new-leader-device-id <UUID> [--force]
--library-id: The UUID of the library whose leader is being changed.
--new-leader-device-id: The UUID of the follower device being promoted.
--force: An optional flag for disaster recovery. It allows promoting a new leader even if the current leader is offline. This action requires explicit user confirmation due to the risk of creating a split-brain scenario if the old leader later comes back online unaware of the change.
2.2.2. The LeaderPromotionJob
Executing the command dispatches a LeaderPromotionJob. This ensures the complex, multi-step process is reliable, resumable, and provides clear progress feedback to the user, consistent with Spacedrive's job-based architecture.
Job Definition (src/sync/jobs/leader_promotion.rs):
#[derive(Debug, Serialize, Deserialize, Job)]
pub struct LeaderPromotionJob {
pub library_id: Uuid,
pub new_leader_id: Uuid,
pub old_leader_id: Uuid,
pub force: bool,
// Internal state for resumability
#[serde(skip)]
state: PromotionState,
}
#[derive(Debug, Serialize, Deserialize, PartialEq)]
enum PromotionState {
Pending,
PreFlightChecks,
PausingSync,
ExportingLog,
TransferringLog,
ImportingLog,
ConfirmingHandover,
ResumingSync,
Complete,
Failed,
}
// ... Job and JobHandler implementations ...
2.2.3. Promotion Workflow State Machine
The LeaderPromotionJob executes the following state machine:
Pre-flight Checks:
Verify the new leader device is online and fully synced with the current leader's log. A promotion cannot proceed if the candidate is behind.
If --force is not used, verify the current leader is also online. If not, the job fails with a message instructing the user to use --force for disaster recovery.
Pause Library Sync (Quiescence):
The current leader broadcasts a PauseSync message to all followers for the library.
Followers receive this message, stop processing local changes for that library, and enter a "paused" state, awaiting the promotion to complete.
Sync Log Transfer:
The current leader serializes and compresses its entire sync_log for the specified library.
It initiates a standard, robust file transfer to send the log export to the new leader device, reusing the battle-tested protocol demonstrated in test_core_file_transfer.rs.
Verification & Import:
The new leader receives and verifies the integrity of the log file.
Upon successful verification, it replaces its local (follower) copy of the sync log with the authoritative version from the old leader.
The Handover:
Epoch Increment: The new leader increments the library's epoch number by one.
Role Update: The new leader updates its own sync_leadership status to Leader for the library and new epoch.
Broadcast Confirmation: The new leader broadcasts a NewLeaderConfirmed message, which includes the new_leader_id and the new_epoch. This message is cryptographically signed by the new leader.
Demotion & Confirmation: The old leader and all followers receive the NewLeaderConfirmed message. They verify the signature, update their library.json to point to the new leader, update the epoch, and (in the case of the old leader) demote their role to Follower.
Resume Sync:
The new leader broadcasts a ResumeSync message.
All followers, now aware of the new leader and epoch, resume normal sync operations, directing all future communication to the new leader. Any stray messages from the old leader are rejected due to the outdated epoch.
2.2.4. Network Messages
This model requires only three new simple messages within the DeviceMessage enum.
// src/services/networking/core/behavior.rs
pub enum DeviceMessage {
// ... existing messages ...
// Leader Promotion Messages
PauseSync { library_id: Uuid },
ResumeSync { library_id: Uuid },
NewLeaderConfirmed {
library_id: Uuid,
new_leader_id: Uuid,
new_epoch: u64,
// The message should be signed to prove the new leader's identity
signature: Vec<u8>,
},
}
3. Secure Library Key Exchange Protocol
This protocol enables a new device to join an existing library by securely obtaining the library_key required to decrypt its contents. The entire exchange is protected by the session keys generated during the initial, trusted device pairing process.
3.1. Trigger
The protocol is initiated by a user action after two devices have successfully paired. For example, a "Share Library" button in the UI on Device A would show a list of its paired devices, including Device B.
3.2. Protocol Messages
The exchange uses a new set of messages within the DeviceMessage enum.
// src/services/networking/core/behavior.rs
pub enum DeviceMessage {
// ... existing messages ...
// Library Key Exchange Messages
ShareLibraryRequest {
library_id: Uuid,
library_name: String,
},
ShareLibraryResponse {
library_id: Uuid,
accepted: bool,
},
LibraryKeyShare {
library_id: Uuid,
encrypted_library_key: Vec<u8>,
nonce: [u8; 12], // For ChaCha20-Poly1305
},
ShareComplete {
library_id: Uuid,
success: bool,
},
}
3.3. Key Exchange Workflow
Let's assume Device A (Owner) has the library and has just paired with Device B (Joiner).
Initiation (Owner):
The user on Device A selects a library and chooses to share it with the newly paired Device B.
Device A sends a ShareLibraryRequest to B.
User Consent (Joiner):
Device B receives the request. Its UI prompts the user: "Device A (MacBook Pro) wants to share the library 'Family Photos' with you. Allow?"
If the user on B accepts, B sends a ShareLibraryResponse { accepted: true } back to A.
Secure Key Transmission (Owner):
Device A receives the acceptance.
It retrieves the plaintext library_key from its secure OS keyring via the LibraryKeyManager.
It retrieves the session keys established during pairing for Device B from its DeviceRegistry.
It encrypts the library_key using the session send_key. An AEAD cipher like ChaCha20-Poly1305 is used to ensure confidentiality and authenticity.
Device A sends the LibraryKeyShare message, containing the encrypted_library_key and nonce, to B.
Receipt and Storage (Joiner):
Device B receives the LibraryKeyShare.
It uses its corresponding session receive_key to decrypt the payload.
Upon successful decryption, it stores the recovered plaintext library_key in its own secure OS keyring via its LibraryKeyManager, associating it with the received library_id.
Confirmation and Sync:
Device B sends a ShareComplete { success: true } message to A.
The key exchange is complete. Device B now has the necessary key to decrypt the library's database and can dispatch an InitialSyncJob to begin syncing the library as a follower.
4. Conclusion
This design establishes a secure, robust, and user-centric foundation for multi-device collaboration in Spacedrive.
The Pragmatic Leader Promotion Model replaces complex automatic elections with a deliberate, job-based administrative process. This enhances stability, prevents data corruption, and aligns with the intended use case of an always-on device acting as a stable leader.
The Secure Library Key Exchange Protocol provides a simple yet cryptographically secure method for granting new devices access to a library, building upon the trust established during the initial device pairing.
By integrating these protocols into the existing job-based and event-driven architecture, Spacedrive can offer powerful multi-device sync features without sacrificing user control or data integrity.

947
docs/core/design/NETWORKING_SYSTEM_DESIGN.md
View File

@@ -1,947 +0,0 @@
# Networking System Design
## Overview
This document outlines a flexible networking system for Spacedrive that supports both local P2P connections and internet-based communication through a relay service. The design prioritizes security, simplicity, and transport flexibility while leveraging existing libraries to minimize development effort.
## Core Requirements
1. **Dual Transport** - Works seamlessly over local network and internet
2. **End-to-End Encryption** - All connections encrypted, no exceptions
3. **File Sharing** - Stream large files efficiently
4. **Sync Operations** - Low-latency sync protocol support
5. **Authentication** - 1Password-style master key setup
6. **Zero Configuration** - Automatic discovery on local networks
## Architecture
```
┌─────────────────────────────────────────────────────────────────┐
│ Application Layer │
│ ┌──────────────┐ ┌──────────────┐ ┌────────────────────┐ │
│ │ File Sharing │ │ Sync │ │ Remote Control │ │
│ │ Service │ │ Protocol │ │ (Future) │ │
│ └──────────────┘ └──────────────┘ └────────────────────┘ │
└─────────────────────────┬───────────────────────────────────────┘
┌─────────────────────────┴───────────────────────────────────────┐
│ Transport Abstraction │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ NetworkConnection Interface │ │
│ │ - send(data) / receive() → data │ │
│ │ - stream_file(path) / receive_file() → stream │ │
│ │ - reliable & ordered delivery │ │
│ └────────────────────────────────────────────────────────┘ │
└─────────────────────────┬───────────────────────────────────────┘
┌─────────────────────────┴───────────────────────────────────────┐
│ Transport Implementations │
│ ┌──────────────────┐ ┌──────────────────┐ ┌──────────────┐ │
│ │ Local P2P │ │ Internet Relay │ │ Direct Internet│ │
│ │ │ │ │ │ (Future) │ │
│ │ - mDNS Discovery │ │ - Relay Server │ │ - STUN/TURN │ │
│ │ - Direct Connect │ │ - WebSocket/QUIC │ │ - Hole Punching│ │
│ │ - LAN Only │ │ - NAT Traversal │ │ - Public IPs │ │
│ └──────────────────┘ └──────────────────┘ └──────────────┐ │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────┴───────────────────────────────────────┐
│ Security & Crypto Layer │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Noise Protocol Framework (or similar) │ │
│ │ - XX Pattern: mutual authentication │ │
│ │ - Forward secrecy │ │
│ │ - Zero round-trip encryption │ │
│ └────────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────────┘
```
## Key Components
### 1. Device Identity & Authentication
**CRITICAL: Integration with Existing Device Identity**
The networking module MUST integrate with Spacedrive's existing persistent device identity system (see `core/src/device/`). The current device system provides:
- **Persistent Device UUID**: Stored in `device.json`, survives restarts
- **Device Configuration**: Name, OS, hardware model, creation time
- **Cross-Instance Consistency**: Multiple Spacedrive instances on same device share identity
**Problem with Original Design:**
- NetworkingDeviceId derived from public key changes each restart
- No persistence of cryptographic keys
- Multiple instances would have different network identities
- Device pairing would break after restart
**Corrected Architecture:**
```rust
/// Network identity tied to persistent device identity
pub struct NetworkIdentity {
/// MUST match the persistent device UUID from DeviceManager
pub device_id: Uuid, // From existing device system
/// Device's public key (Ed25519) - STORED PERSISTENTLY
pub public_key: PublicKey,
/// Device's private key (encrypted at rest) - STORED PERSISTENTLY
private_key: EncryptedPrivateKey,
/// Human-readable device name (from DeviceConfig)
pub device_name: String,
/// Network-specific identifier (derived from device_id + public_key)
pub network_fingerprint: NetworkFingerprint,
}
/// Network fingerprint for wire protocol identification
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash)]
pub struct NetworkFingerprint([u8; 32]);
impl NetworkFingerprint {
/// Create network fingerprint from device UUID and public key
fn from_device(device_id: Uuid, public_key: &PublicKey) -> Self {
let mut hasher = blake3::Hasher::new();
hasher.update(device_id.as_bytes());
hasher.update(public_key.as_bytes());
let hash = hasher.finalize();
let mut fingerprint = [0u8; 32];
fingerprint.copy_from_slice(hash.as_bytes());
NetworkFingerprint(fingerprint)
}
}
/// Extended device configuration with networking keys
#[derive(Serialize, Deserialize)]
pub struct ExtendedDeviceConfig {
/// Base device configuration
#[serde(flatten)]
pub device: DeviceConfig,
/// Network cryptographic keys (encrypted)
pub network_keys: Option<EncryptedNetworkKeys>,
/// When network identity was created
pub network_identity_created_at: Option<DateTime<Utc>>,
}
#[derive(Serialize, Deserialize)]
pub struct EncryptedNetworkKeys {
/// Ed25519 private key encrypted with user password
pub encrypted_private_key: EncryptedPrivateKey,
/// Public key (not encrypted)
pub public_key: PublicKey,
/// Salt for key derivation
pub salt: [u8; 32],
/// Key derivation parameters
pub kdf_params: KeyDerivationParams,
}
/// Integration with DeviceManager
impl NetworkIdentity {
/// Create network identity from existing device configuration
pub async fn from_device_manager(
device_manager: &DeviceManager,
password: &str,
) -> Result<Self, NetworkError> {
let device_config = device_manager.config()?;
// Try to load existing network keys
if let Some(keys) = Self::load_network_keys(&device_config.id, password)? {
return Ok(Self {
device_id: device_config.id,
public_key: keys.public_key,
private_key: keys.encrypted_private_key,
device_name: device_config.name,
network_fingerprint: NetworkFingerprint::from_device(
device_config.id,
&keys.public_key
),
});
}
// Generate new network keys if none exist
let (public_key, private_key) = Self::generate_keys(password)?;
let network_fingerprint = NetworkFingerprint::from_device(
device_config.id,
&public_key
);
// Save keys persistently
Self::save_network_keys(&device_config.id, &public_key, &private_key, password)?;
Ok(Self {
device_id: device_config.id,
public_key,
private_key,
device_name: device_config.name,
network_fingerprint,
})
}
/// Load network keys from device-specific storage
fn load_network_keys(
device_id: &Uuid,
password: &str
) -> Result<Option<EncryptedNetworkKeys>, NetworkError> {
// Keys stored in device-specific file: <data_dir>/network_keys.json
// This ensures multiple Spacedrive instances share the same keys
todo!("Load from persistent storage")
}
/// Save network keys to device-specific storage
fn save_network_keys(
device_id: &Uuid,
public_key: &PublicKey,
private_key: &EncryptedPrivateKey,
password: &str,
) -> Result<(), NetworkError> {
// Store encrypted keys alongside device.json
todo!("Save to persistent storage")
}
}
pub struct MasterKey {
/// User's master password derives this
key_encryption_key: [u8; 32],
/// Encrypted with key_encryption_key - NOW USES PERSISTENT DEVICE IDs
device_private_keys: HashMap<Uuid, EncryptedPrivateKey>, // UUID not derived ID
}
/// Pairing process for new devices
pub struct PairingCode {
/// Temporary shared secret
secret: [u8; 32],
/// Expires after 5 minutes
expires_at: DateTime<Utc>,
/// Visual representation (6 words from BIP39 wordlist)
words: [String; 6],
}
```
**Integration Flow:**
```rust
// In Core initialization
impl Core {
pub async fn init_networking(&mut self, password: &str) -> Result<()> {
// Use existing device manager - NO separate identity creation
let network_identity = NetworkIdentity::from_device_manager(
&self.device,
password
).await?;
let network = Network::new(network_identity, config).await?;
self.network = Some(Arc::new(network));
Ok(())
}
}
```
**Key Benefits of This Approach:**
1. **Persistent Identity**: Device ID survives restarts, OS reinstalls (if backed up)
2. **Cross-Instance Consistency**: Multiple Spacedrive instances = same network identity
3. **Pairing Persistence**: Paired devices stay paired across restarts
4. **Migration Support**: Network identity travels with device backup/restore
5. **Debugging**: Easy to correlate network traffic with device logs
**Wire Protocol Changes:**
```rust
// Network messages now include persistent device UUID for correlation
#[derive(Serialize, Deserialize)]
pub struct NetworkMessage {
/// Persistent device UUID (for logs, correlation)
pub device_id: Uuid,
/// Network fingerprint (for wire protocol security)
pub network_fingerprint: NetworkFingerprint,
/// Message payload
pub payload: MessagePayload,
/// Cryptographic signature
pub signature: Signature,
}
```
### 2. Connection Establishment
Abstract connection interface:
```rust
#[async_trait]
pub trait NetworkConnection: Send + Sync {
/// Send data reliably
async fn send(&mut self, data: &[u8]) -> Result<()>;
/// Receive data
async fn receive(&mut self) -> Result<Vec<u8>>;
/// Stream a file efficiently
async fn send_file(&mut self, path: &Path) -> Result<()>;
/// Receive file stream
async fn receive_file(&mut self, path: &Path) -> Result<()>;
/// Get remote device info
fn remote_device(&self) -> &DeviceInfo;
/// Check if connection is alive
fn is_connected(&self) -> bool;
}
/// Connection manager handles all transports
pub struct ConnectionManager {
/// Our device identity
identity: Arc<DeviceIdentity>,
/// Active connections
connections: Arc<RwLock<HashMap<DeviceId, Box<dyn NetworkConnection>>>>,
/// Available transports
transports: Vec<Box<dyn Transport>>,
}
```
### 3. Transport Implementations
#### Local P2P Transport
Using existing libraries:
```rust
/// Local network transport using mDNS + direct TCP/QUIC
pub struct LocalTransport {
/// mDNS for discovery (using mdns crate)
mdns: ServiceDiscovery,
/// QUIC for connections (using quinn)
quinn_endpoint: quinn::Endpoint,
}
impl LocalTransport {
pub async fn new(identity: Arc<DeviceIdentity>) -> Result<Self> {
// Setup mDNS service
let mdns = ServiceDiscovery::new(
"_spacedrive._tcp.local",
identity.device_id.to_string(),
)?;
// Setup QUIC endpoint
let config = quinn::ServerConfig::with_crypto(
Arc::new(noise_crypto_config(identity))
);
let endpoint = quinn::Endpoint::server(
config,
"0.0.0.0:0".parse()? // Random port
)?;
Ok(Self { mdns, quinn_endpoint: endpoint })
}
}
```
#### Internet Relay Transport
For NAT traversal and internet connectivity:
```rust
/// Internet transport via Spacedrive relay service
pub struct RelayTransport {
/// WebSocket or QUIC connection to relay
relay_client: RelayClient,
/// Our registration with relay
registration: RelayRegistration,
}
/// Relay protocol messages
pub enum RelayMessage {
/// Register device with relay
Register {
device_id: DeviceId,
public_key: PublicKey,
auth_token: String, // From Spacedrive account
},
/// Request connection to another device
Connect {
target_device_id: DeviceId,
offer: SessionOffer, // Crypto handshake
},
/// Relay data between devices
Data {
session_id: SessionId,
encrypted_payload: Vec<u8>,
},
}
```
### 4. Security Layer
Using Noise Protocol or similar:
```rust
/// Noise Protocol XX pattern for mutual authentication
pub struct NoiseSession {
/// Handshake state
handshake: snow::HandshakeState,
/// Transport state (after handshake)
transport: Option<snow::TransportState>,
}
impl NoiseSession {
/// Initiator side
pub fn initiate(
local_key: &PrivateKey,
remote_public_key: Option<&PublicKey>,
) -> Result<Self> {
let params = "Noise_XX_25519_ChaChaPoly_BLAKE2s";
let builder = snow::Builder::new(params.parse()?);
let handshake = builder
.local_private_key(&local_key.to_bytes())
.build_initiator()?;
Ok(Self { handshake, transport: None })
}
/// Complete handshake and establish encrypted transport
pub fn complete_handshake(&mut self) -> Result<()> {
if self.handshake.is_handshake_finished() {
self.transport = Some(self.handshake.into_transport_mode()?);
}
Ok(())
}
}
```
## Library Choices
### Core Networking
1. **quinn** - QUIC implementation in Rust
- Pros: Built-in encryption, multiplexing, modern protocol
- Cons: Requires UDP, might have firewall issues
- Use for: Local P2P, future direct internet
2. **tokio-tungstenite** - WebSocket for relay
- Pros: Works everywhere, HTTP-based
- Cons: TCP head-of-line blocking
- Use for: Relay connections, fallback
3. **libp2p** - Full P2P stack (alternative)
- Pros: Complete solution, many transports
- Cons: Complex, large dependency
- Consider for: Future enhancement
### Discovery
1. **mdns** - mDNS/DNS-SD implementation
- Pros: Simple, works on all platforms
- Use for: Local device discovery
2. **if-watch** - Network interface monitoring
- Pros: Detect network changes
- Use for: Adaptive transport selection
### Security
1. **snow** - Noise Protocol Framework
- Pros: Modern, simple, well-tested
- Use for: Transport encryption
2. **ring** or **rustls** - Crypto primitives
- Pros: Fast, audited
- Use for: Key generation, signatures
### Utilities
1. **async-stream** - File streaming
- Use for: Efficient file transfer
2. **backoff** - Retry logic
- Use for: Connection resilience
## Connection Flow
### Local Network
```rust
async fn connect_local(target: DeviceId) -> Result<Connection> {
// 1. Discover via mDNS
let services = mdns.discover_services().await?;
let target_service = services
.iter()
.find(|s| s.device_id == target)
.ok_or("Device not found")?;
// 2. Connect via QUIC
let connection = quinn_endpoint
.connect(target_service.addr, &target_service.name)?
.await?;
// 3. Noise handshake
let noise = NoiseSession::initiate(&identity.private_key, None)?;
perform_handshake(&mut connection, noise).await?;
// 4. Verify device identity
verify_remote_device(&connection, target)?;
Ok(Connection::Local(connection))
}
```
### Internet via Relay
```rust
async fn connect_relay(target: DeviceId) -> Result<Connection> {
// 1. Connect to relay server
let relay = RelayClient::connect("relay.spacedrive.com").await?;
// 2. Authenticate with relay
relay.authenticate(&identity, auth_token).await?;
// 3. Request connection to target
let session = relay.connect_to(target).await?;
// 4. Noise handshake through relay
let noise = NoiseSession::initiate(&identity.private_key, None)?;
perform_relayed_handshake(&relay, session, noise).await?;
Ok(Connection::Relay(relay, session))
}
```
## File Transfer Protocol
Efficient file streaming over any transport:
```rust
/// File transfer header
pub struct FileHeader {
/// File name
pub name: String,
/// Total size in bytes
pub size: u64,
/// Blake3 hash for verification
pub hash: [u8; 32],
/// Optional: Resume from offset
pub resume_offset: Option<u64>,
}
/// Stream file over connection
async fn stream_file(
conn: &mut dyn NetworkConnection,
path: &Path,
) -> Result<()> {
let file = tokio::fs::File::open(path).await?;
let metadata = file.metadata().await?;
// Send header
let header = FileHeader {
name: path.file_name().unwrap().to_string(),
size: metadata.len(),
hash: calculate_hash(path).await?,
resume_offset: None,
};
conn.send(&serialize(&header)?).await?;
// Stream chunks
let mut reader = BufReader::new(file);
let mut buffer = vec![0u8; 1024 * 1024]; // 1MB chunks
loop {
let n = reader.read(&mut buffer).await?;
if n == 0 { break; }
conn.send(&buffer[..n]).await?;
}
Ok(())
}
```
## Sync Protocol Integration
The sync protocol from the previous design runs over these connections:
```rust
impl NetworkConnection {
/// High-level sync operations
pub async fn sync_pull(
&mut self,
from_seq: u64,
limit: Option<usize>,
) -> Result<PullResponse> {
// Send request
let request = PullRequest { from_seq, limit };
self.send(&serialize(&request)?).await?;
// Receive response
let response_data = self.receive().await?;
let response: PullResponse = deserialize(&response_data)?;
Ok(response)
}
}
```
## API Design
Simple, transport-agnostic API:
```rust
/// Main networking interface
pub struct Network {
manager: Arc<ConnectionManager>,
}
impl Network {
/// Connect to a device (auto-selects transport)
pub async fn connect(&self, device_id: DeviceId) -> Result<DeviceConnection> {
// Try local first
if let Ok(conn) = self.manager.connect_local(device_id).await {
return Ok(DeviceConnection::new(conn));
}
// Fall back to relay
self.manager.connect_relay(device_id).await
.map(DeviceConnection::new)
}
/// Share file with device
pub async fn share_file(
&self,
device_id: DeviceId,
file_path: &Path,
) -> Result<()> {
let mut conn = self.connect(device_id).await?;
conn.send_file(file_path).await
}
/// Sync with device
pub async fn sync_with(
&self,
device_id: DeviceId,
from_seq: u64,
) -> Result<Vec<SyncLogEntry>> {
let mut conn = self.connect(device_id).await?;
let response = conn.sync_pull(from_seq, Some(1000)).await?;
Ok(response.changes)
}
}
```
## Security Considerations
### Device Pairing
1Password-style pairing flow:
```rust
/// On device A (has master key)
async fn initiate_pairing() -> Result<PairingCode> {
let secret = generate_random_bytes(32);
let code = PairingCode::from_secret(&secret);
// Display code.words to user
println!("Pairing code: {}", code.words.join(" "));
// Listen for pairing requests
pairing_listener.register(code.clone()).await;
Ok(code)
}
/// On device B (new device)
async fn complete_pairing(words: Vec<String>) -> Result<()> {
let code = PairingCode::from_words(&words)?;
// Connect to device A
let conn = discover_and_connect_pairing_device().await?;
// Exchange keys using pairing secret
let shared_key = derive_key_from_secret(&code.secret);
// Send our public key encrypted
let encrypted_key = encrypt(&identity.public_key, &shared_key);
conn.send(&encrypted_key).await?;
// Receive encrypted master key
let encrypted_master = conn.receive().await?;
let master_key = decrypt(&encrypted_master, &shared_key)?;
// Save master key locally
save_master_key(master_key).await?;
Ok(())
}
```
### Encryption Everywhere
- All connections use Noise Protocol XX pattern
- Forward secrecy with ephemeral keys
- No plaintext data ever transmitted
- File chunks encrypted individually
### Trust Model
- Trust on first use (TOFU) for device keys
- Optional key verification via pairing codes
- Devices can be revoked by removing from master key
## Performance Optimizations
### Connection Pooling
```rust
impl ConnectionManager {
/// Reuse existing connections
async fn get_or_connect(&self, device_id: DeviceId) -> Result<Connection> {
// Check pool first
if let Some(conn) = self.connections.read().await.get(&device_id) {
if conn.is_connected() {
return Ok(conn.clone());
}
}
// Create new connection
let conn = self.connect_new(device_id).await?;
self.connections.write().await.insert(device_id, conn.clone());
Ok(conn)
}
}
```
### Adaptive Transport
```rust
/// Choose best transport based on conditions
async fn select_transport(target: DeviceId) -> Transport {
// Same network? Use local
if is_same_network(target).await {
return Transport::Local;
}
// Has public IP? Try direct
if has_public_ip(target).await {
return Transport::Direct;
}
// Otherwise use relay
Transport::Relay
}
```
## Future Enhancements
### WebRTC DataChannels
- For browser support
- Better NAT traversal
- Built-in STUN/TURN
### Bluetooth Support
- For mobile devices
- Low power scenarios
- Offline sync
### Tor Integration
- Anonymous connections
- Privacy-focused users
- Hidden service support
## Implementation Priority
1. **Phase 1**: Local P2P with mDNS + QUIC
2. **Phase 2**: Relay service with WebSocket
3. **Phase 3**: File transfer protocol
4. **Phase 4**: Sync protocol integration
5. **Phase 5**: Advanced features (WebRTC, etc.)
## Library Comparison Matrix
### Full Stack Solutions
| Library | Pros | Cons | Best For |
| ------------------ | -------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------- | ---------------------- |
| **libp2p** | • Complete P2P stack<br>• Multiple transports<br>• DHT, gossip, etc<br>• Battle-tested | • Large & complex<br>• Opinionated design<br>• Learning curve<br>• Heavy dependencies | Full decentralized P2P |
| **iroh** | • Built for sync<br>• QUIC-based<br>• Content addressing<br>• Modern Rust | • Young project<br>• Limited docs<br>• Specific use case | Content-addressed sync |
| **Magic Wormhole** | • Simple pairing<br>• E2E encrypted<br>• No account needed | • One-time transfers<br>• Not persistent<br>• Limited protocol | Simple file sharing |
### Transport Libraries
| Library | Pros | Cons | Best For |
| --------------------- | -------------------------------------------------------------------------- | ------------------------------------------------------------ | --------------------- |
| **quinn** | • Pure Rust QUIC<br>• Fast & modern<br>• Multiplexing<br>• Built-in crypto | • UDP only<br>• Firewall issues<br>• Newer protocol | Local network, future |
| **tokio-tungstenite** | • WebSocket<br>• Works everywhere<br>• Simple API<br>• HTTP-based | • TCP limitations<br>• No multiplexing<br>• Text/binary only | Relay connections |
| **tarpc** | • RPC framework<br>• Multiple transports<br>• Type-safe | • RPC-focused<br>• Not streaming<br>• Overhead | Control protocol |
### Discovery Libraries
| Library | Pros | Cons | Best For |
| --------------- | -------------------------------------------------- | -------------------------------- | ---------------- |
| **mdns** | • Simple mDNS<br>• Cross-platform<br>• Lightweight | • Local only<br>• Basic features | Local discovery |
| **libp2p-mdns** | • Part of libp2p<br>• More features | • Requires libp2p<br>• Heavier | If using libp2p |
| **bonjour** | • Full Bonjour<br>• Apple native | • Platform specific<br>• Complex | macOS/iOS native |
### Security Libraries
| Library | Pros | Cons | Best For |
| --------------- | -------------------------------------------------------------------- | -------------------------------------- | ----------------- |
| **snow** | • Noise Protocol<br>• Simple API<br>• Well-tested<br>• Modern crypto | • Just crypto<br>• No networking | Our choice ✓ |
| **rustls** | • TLS in Rust<br>• Fast<br>• Audited | • Certificate based<br>• Complex setup | HTTPS/TLS needs |
| **sodiumoxide** | • libsodium wrapper<br>• Many primitives | • C dependency<br>• Lower level | Crypto primitives |
## Recommended Stack
Based on the analysis, here's the recommended combination:
### Core Stack
```toml
[dependencies]
# Transport
quinn = "0.10" # QUIC for local/direct connections
tokio-tungstenite = "0.20" # WebSocket for relay fallback
# Discovery
mdns = "3.0" # Local network discovery
if-watch = "3.0" # Network monitoring
# Security
snow = "0.9" # Noise Protocol encryption
ring = "0.16" # Crypto primitives
argon2 = "0.5" # Password derivation
# Utilities
tokio = { version = "1.0", features = ["full"] }
async-stream = "0.3" # File streaming
backoff = "0.4" # Retry logic
serde = "1.0" # Serialization
bincode = "1.5" # Efficient encoding
```
### Why This Stack?
1. **quinn + tokio-tungstenite**
- Covers all transport needs
- QUIC for performance, WebSocket for compatibility
- Both well-maintained
2. **mdns**
- Simple and sufficient for local discovery
- No need for complex libp2p stack
3. **snow**
- Perfect fit for our security needs
- Simpler than TLS
- Better than rolling our own
4. **Minimal Dependencies**
- Each library does one thing well
- Total control over protocol
- Easy to understand and debug
### Alternative: libp2p-based
If we wanted a more complete solution:
```toml
[dependencies]
libp2p = { version = "0.53", features = [
"tcp",
"quic",
"mdns",
"noise",
"yamux",
"request-response",
"kad",
"gossipsub",
"identify",
]}
```
Pros:
- Everything included
- Proven P2P patterns
- DHT for device discovery
- NAT traversal built-in
Cons:
- Much larger dependency
- Harder to customize
- More complex to debug
- Overkill for our needs
## Implementation Complexity
### Minimal Viable Implementation (2-3 weeks)
```rust
// Just local network support
struct SimpleNetwork {
mdns: mdns::Service,
quinn: quinn::Endpoint,
connections: HashMap<DeviceId, quinn::Connection>,
}
// Basic operations
impl SimpleNetwork {
async fn connect(&mut self, device_id: DeviceId) -> Result<()>;
async fn send_file(&mut self, device_id: DeviceId, path: &Path) -> Result<()>;
}
```
### Full Implementation (6-8 weeks)
- Local P2P ✓
- Relay service ✓
- Encryption ✓
- File transfer ✓
- Sync protocol ✓
- Connection pooling ✓
- Auto-reconnect ✓
### With libp2p (4-6 weeks)
- Faster initial development
- But more time debugging/customizing
- Less control over protocol
## Conclusion
This design provides a flexible, secure networking layer that abstracts transport details from the application. By leveraging existing libraries like quinn, mdns, and snow, we minimize implementation complexity while maintaining full control over the protocol design. The transport-agnostic API ensures we can add new connection methods without changing application code.
The recommended stack balances simplicity with capability, avoiding the complexity of full P2P frameworks while still providing all needed functionality. This approach lets us ship a working solution quickly and iterate based on real usage.

949
docs/core/design/OLD_SPACEDRIVE_ANALYSIS.md
View File

@@ -1,949 +0,0 @@
# Spacedrive Technical Analysis & Revival Strategy
## Executive Summary
Spacedrive is a cross-platform file manager with 34,000 GitHub stars and 500,000 installs that aimed to create a unified interface for managing files across all devices and cloud services. Despite strong community interest and initial traction, development stalled 6 months ago when funding ran out. This analysis evaluates the current state of the codebase and provides a roadmap for revival.
**Key Finding**: The project is worth salvaging but requires significant architectural simplification and a sustainable monetization model.
**Most Critical Issues**:
1. **Dual file systems** preventing basic operations like copying between indexed and non-indexed locations
2. **Neglected search** despite being the core "VDFS" value proposition - no content search, no optimization
3. **Backend-frontend coupling** through the `invalidate_query` anti-pattern
4. **Abandoned dependencies** (prisma-client-rust and rspc) created by the team
5. **Over-engineered sync** system that never shipped due to local/shared data debates
6. **Job system boilerplate** requiring 500-1000+ lines to add simple operations
## Current State Assessment
### Strengths
- **Strong Product-Market Fit**: 34k stars and 500k installs demonstrate clear demand
- **Cross-Platform Architecture**: Successfully runs on macOS, Windows, Linux, iOS, and Android
- **Modern Tech Stack**: Rust backend with React frontend provides good performance
- **Active Community**: Daily emails from users asking about the project's future
### Critical Issues
#### 1. Dual File Management Systems
The most fundamental architectural flaw is the existence of two completely separate file management systems:
- **Indexed System**: Database-driven, supports rich metadata, uses background jobs
- **Ephemeral System**: Direct filesystem access, no persistence, immediate operations
**Problems**:
- Cannot copy/paste between indexed and non-indexed locations
- Duplicate API endpoints for every file operation
- Completely different code paths for the same conceptual operations
- User confusion: "Why can't I copy from my home folder to my indexed desktop?"
- Maintenance nightmare: Every feature must be implemented twice
#### 2. The `invalidate_query` Anti-Pattern
The query invalidation system violates fundamental architectural principles:
```rust
// Backend code knows about frontend React Query keys
invalidate_query!(library, "search.paths");
invalidate_query!(library, "search.ephemeralPaths");
```
- **Frontend coupling**: Backend hardcodes frontend cache keys
- **String-based**: No type safety, prone to typos
- **Scattered calls**: `invalidate_query!` spread throughout codebase
- **Over-invalidation**: Often invalidates entire query categories
- **Should be**: Event-driven architecture where frontend subscribes to changes
#### 3. Over-Engineered Sync System
The sync system became complex due to conflicting requirements:
- **Custom CRDT Implementation**: Built to handle mixed local/shared data requirements
- **Dual Database Tables**: `cloud_crdt_operation` for pending, `crdt_operation` for ingested (could have been one table with a boolean)
- **Actor Model Overhead**: Multiple concurrent actors (Sender, Receiver, Ingester) with complex coordination
- **Mixed Data Requirements**: Some data must remain local-only, creating fundamental sync challenges
- **Analysis Paralysis**: Engineering debates about local vs shared data prevented shipping
#### 4. Technical Debt from Library Ownership
Critical context: The Spacedrive team **created** prisma-client-rust and rspc, not just forked them:
- **prisma-client-rust**: Created by the team, then abandoned when needs diverged
- **rspc**: Created by the team, then abandoned for the same reason
- Both libraries now unmaintained with Spacedrive on deprecated forks
- **Prisma moving away from Rust**: Official Prisma shifting to TypeScript, making the situation worse
#### 5. Architectural Confusion
- **Old P2P system** still present alongside new cloud system
- **Incomplete key management** system (commented out in schema)
- **Mixed sync paradigms**: CRDT operations, cloud sync groups, and P2P remnants
- **Transaction timeouts** set to extreme values (9,999,999,999 ms)
#### 6. Job System Boilerplate
Despite being a well-engineered system, the job system requires excessive boilerplate:
- **500-1000+ lines** to implement a new job
- Must implement multiple traits (`Job`, `SerializableJob`, `Hash`)
- Manual registration in central macro system
- All job types must be known at compile time
- Cannot add jobs dynamically or via plugins
#### 7. Neglected Search System
Despite being a core value proposition, search is severely underdeveloped:
- **No content search**: Cannot search inside files
- **Basic SQL queries**: Just `LIKE` operations, no full-text search
- **No vector/semantic search**: Missing modern search capabilities
- **Dual search systems**: Separate implementations for indexed vs ephemeral
- **Not "lightning fast"**: Unoptimized queries, no search indexes
- **Can't search offline files**: Only searches locally indexed files
#### 8. Node/Device/Instance Identity Crisis
Three overlapping concepts for the same thing cause confusion:
- **Node**: P2P identity for the application
- **Device**: Sync system identity for hardware
- **Instance**: Library-specific P2P identity
- Same machine represented differently in each system
- Developers unsure which to use when
- Complex identity mapping between systems
#### 9. Messy Core Directory Organization
The `/core` directory shows signs of incomplete refactoring:
- **Old code not removed**: Multiple `old_*` modules still present
- **Both old and new systems running**: Job system, P2P, file operations
- **Mixed organization patterns**: Some by feature, some by layer
- **Unclear module boundaries**: Related code spread across multiple locations
- **Incomplete migrations**: Old systems referenced alongside new ones
#### 10. Poor Test Coverage
- Minimal unit tests across the codebase
- No integration tests for sync system
- Only the task-system crate has comprehensive tests
- No end-to-end testing framework
## Deep Dive: Core Systems
### Dual File Management Architecture
The codebase contains two completely separate implementations for file management:
**1. Indexed File System** (`/core/src/api/files.rs`):
```rust
// Operations require location_id and file_path_ids from database
pub struct OldFileCopierJobInit {
pub source_location_id: location::id::Type,
pub target_location_id: location::id::Type,
pub sources_file_path_ids: Vec<file_path::id::Type>,
}
// Runs as background job
OldJob::new(args).spawn(&node, &library)
```
**2. Ephemeral File System** (`/core/src/api/ephemeral_files.rs`):
```rust
// Operations work directly with filesystem paths
struct EphemeralFileSystemOps {
sources: Vec<PathBuf>,
target_dir: PathBuf,
}
// Executes immediately
args.copy(&library).await
```
**API Duplication**:
```rust
// Two separate routers
.merge("files.", files::mount()) // Indexed files
.merge("ephemeralFiles.", ephemeral_files::mount()) // Non-indexed files
// Duplicate procedures in each:
- createFile - createFolder
- copyFiles - cutFiles
- deleteFiles - renameFile
```
This creates a fractured user experience where basic file operations fail across boundaries.
### The Query Invalidation Anti-Pattern
The `invalidate_query!` macro represents a significant architectural mistake:
```rust
// In /core/src/api/utils/invalidate.rs
pub enum InvalidateOperationEvent {
Single(SingleInvalidateOperationEvent),
All, // Nuclear option
}
// Usage throughout codebase:
invalidate_query!(library, "search.paths");
invalidate_query!(library, "search.ephemeralPaths");
invalidate_query!(library, "locations.list");
```
**Why it's problematic**:
1. **Tight Coupling**: Backend must know frontend's React Query keys
2. **Maintenance Burden**: Changing frontend cache structure requires backend changes
3. **Error Prone**: String-based keys with no compile-time validation
4. **Performance**: Often invalidates more than necessary
5. **Debugging**: Hard to trace what triggers invalidations
**Better approach**: Event-driven architecture where backend emits domain events and frontend decides what to invalidate.
### Sync Architecture
The sync system's complexity stems from trying to solve multiple conflicting requirements:
```
Cloud Operations → cloud_crdt_operation (pending)
Ingestion Process
crdt_operation (ingested)
Apply to Database
```
**Core Challenge**: Mixed Local/Shared Data
- Some data must sync (file metadata, tags, etc.)
- Some data must remain local (personal preferences, local paths)
- No clear boundary between what syncs and what doesn't
- This fundamental question paralyzed development
**Design Decisions**:
1. Dual tables track ingestion state (pending vs processed)
2. CRDT operations store sync messages for replay
3. Custom implementation to handle local-only fields
4. Complex actor model to manage concurrent sync
**Why It Failed**:
- The team couldn't agree on what should sync
- Custom CRDT implementation for mixed data was too complex
- Perfect became the enemy of good
- Should have used existing SQLite sync solutions
### Database Design Issues
The Prisma schema reveals several problems:
```prisma
// Many fields marked "Not actually NULLABLE" but defined as optional
field_name String? // Not actually NULLABLE
// Dual operation tables create synchronization issues
model crdt_operation { ... }
model cloud_crdt_operation { ... }
// Key management system commented out
// model key { ... }
```
### Library Creation and Abandonment
A critical piece of context: The Spacedrive team **created** both prisma-client-rust and rspc, not just forked them.
**prisma-client-rust**:
- Originally created by Spacedrive team member(s)
- Added custom sync generation via `@shared`, `@local`, `@relation` attributes
- Generates CRDT-compatible models with sync IDs
- When requirements diverged, the library was abandoned
- Spacedrive remains on a fork locked to old Prisma 4.x
- Prisma officially moving away from Rust support makes this worse
**rspc**:
- Also created by Spacedrive team member(s)
- Provides type-safe RPC between Rust and TypeScript
- Excellent type generation capabilities (unique in Rust/TS ecosystem)
- Library abandoned when Spacedrive's needs diverged
- Fork includes custom modifications
- Less urgent to replace due to simpler scope
This pattern of creating libraries and abandoning them when needs change has left Spacedrive with significant technical debt.
### Job System Architecture
The job system is actually a well-engineered piece of the codebase that works reliably. However, it suffers from Rust-imposed limitations that create massive boilerplate:
**Two Job Systems**:
- Old system (`old_job/`) - being phased out
- New system (`heavy-lifting/job_system/`) - current implementation
**Required Boilerplate for New Jobs**:
```rust
// 1. Add to JobName enum
pub enum JobName {
Indexer,
FileIdentifier,
MediaProcessor,
// Must add new job here
}
// 2. Implement Job trait (100-200 lines)
impl Job for MyJob {
const NAME: JobName;
fn resume_tasks(...) -> impl Future<...>;
fn run(...) -> impl Future<...>;
}
// 3. Implement SerializableJob (100-200 lines)
impl SerializableJob<OuterCtx> for MyJob {
fn serialize(...) -> impl Future<...>;
fn deserialize(...) -> impl Future<...>;
}
// 4. Add to central registry macro
match_deserialize_job!(
stored_job, report, ctx, OuterCtx, JobCtx,
[
indexer::job::Indexer,
file_identifier::job::FileIdentifier,
// Must add new job here too
]
)
```
**Why This is Problematic**:
1. **Rust Limitations**: No runtime reflection means all types must be known at compile time
2. **Manual Registration**: Forget to add your job to the macro = runtime panic
3. **No Extensibility**: Cannot add jobs from external crates or plugins
4. **Cognitive Load**: Understanding the job system requires understanding complex generics
**Result**: Adding a simple file operation job requires 500-1000+ lines of boilerplate code.
### Search System: The Unfulfilled Promise
Search was marketed as a key differentiator - "lightning fast search across all your files" - but the implementation is rudimentary:
**Current Implementation**:
```rust
// Basic SQL pattern matching
db.file_path()
.find_many(vec![
file_path::name::contains(query),
file_path::extension::equals(ext),
])
```
**What's Missing**:
1. **No Content Search**: Cannot search text inside documents, PDFs, etc.
2. **No Full-Text Search**: Not using SQLite FTS capabilities
3. **No Search Indexes**: Every search is an unoptimized table scan
4. **No Metadata Search**: Limited to basic file properties
5. **No Vector Search**: No semantic/AI-powered search capabilities
**The VDFS Vision vs Reality**:
- **Vision**: Virtual Distributed File System with instant search across all files everywhere
- **Reality**: Basic filename matching on locally indexed files only
**Why This Matters**:
- Users expect Spotlight-like search capabilities
- Search is tucked away in the API, not a core system
- Competitors offer semantic search, content indexing, and instant results
- The "virtual" in VDFS is meaningless without comprehensive search
**What It Would Take**:
```rust
// Needed: Proper search architecture
trait SearchEngine {
async fn index_content(&self, file: &Path) -> Result<()>;
async fn search(&self, query: Query) -> Result<SearchResults>;
async fn update_embeddings(&self, file: &Path) -> Result<()>;
}
// Content extraction pipeline
// Full-text indexing with SQLite FTS5
// Vector embeddings for semantic search
// Proper ranking and relevance algorithms
```
### Node/Device/Instance Identity Crisis
The codebase has three different ways to represent the same concept - a Spacedrive installation on a machine:
**Schema Definitions**:
```prisma
// Device: For sync system (marked @shared)
model Device {
pub_id Bytes @unique // UUID v7
name String?
os Int?
hardware_model Int?
// Has relationships with all synced data
}
// Instance: For library P2P (marked @local)
model Instance {
pub_id Bytes @unique
identity Bytes? // P2P identity for this library
node_id Bytes // Reference to the node
node_remote_identity Bytes? // Node's P2P identity
// Links library to node
}
// Node: Not in database, just in code
struct Node {
id: Uuid,
identity: Identity, // P2P identity for node
// Application-level config
}
```
**Why This Is Confusing**:
1. **Overlapping Responsibilities**: All three represent aspects of "this machine running Spacedrive"
2. **Different Identity Systems**: Each has its own ID format and generation method
3. **Inconsistent Usage**: Some code uses device_id, others use node_id for the same purpose
4. **P2P vs Sync Split**: Old P2P uses nodes, new sync uses devices, but they need to interoperate
**Real-World Example**:
```rust
// When loading a library, we create BOTH device and instance
// for the SAME node, with DIFFERENT IDs
create_device(DevicePubId::from(node.id)) // Node ID becomes Device ID
create_instance(Instance {
node_id: node.id, // Reference to node
identity: Identity::new(), // New identity for instance
node_remote_identity: node.identity, // Copy of node identity
})
```
**Impact**:
- Engineers confused about which ID to use
- Data duplication and sync issues
- Complex P2P routing logic
- Makes multi-device features harder to implement
### Core Directory Organization Issues
The `/core` directory structure reveals incomplete refactoring and poor code organization:
**Deprecated Code Still Present**:
```
/core/src/
old_job/ # Replaced by heavy-lifting crate
old_p2p/ # Replaced by new p2p crate
object/
fs/
old_copy.rs # Old implementations still referenced
old_cut.rs
old_delete.rs
old_erase.rs
old_orphan_remover.rs
validation/
old_validator_job.rs
```
**Critical Business Logic Hidden**:
- File operations (copy/cut/paste) buried in `old_*.rs` files
- `heavy-lifting` crate name doesn't indicate it contains indexing and media processing
- Core functionality scattered across API handlers and job implementations
- No clear place to find "what Spacedrive actually does"
**The Crate Extraction Problem**:
- Previous attempts to split everything into crates led to "cyclic dependency hell"
- Shared types and utilities created impossible dependency graphs
- Current hybrid approach leaves important logic in non-descriptive locations
**Recommended Architecture: Pragmatic Monolith**:
```
/core/src/
domain/ # Core business entities
library/
location/
object/
device/ # Unified device/node/instance
operations/ # Business operations (THE IMPORTANT STUFF)
file_ops/ # Cut, copy, paste, delete - CLEARLY VISIBLE
copy.rs
move.rs # Not "cut" - use domain language
delete.rs
secure_delete.rs
common.rs # Shared logic
indexing/ # From heavy-lifting crate
media_processing/ # From heavy-lifting crate
sync/
infrastructure/ # External interfaces
api/ # HTTP/RPC endpoints
p2p/
storage/ # Database access
jobs/ # Job system (if kept)
system/ # Job infrastructure
definitions/ # Actual job implementations
```
**Crate Extraction Guidelines**:
- **Keep in monolith**: Core file operations, domain logic, API
- **Extract to crates**: Only truly independent functionality with clear interfaces
- **Good candidates**: Third-party sync, P2P protocol, media metadata extraction
- **Bad candidates**: File operations, indexing, anything touching domain models
This organization:
- Makes important functionality immediately visible
- Reflects what Spacedrive does, not how it's implemented
- Eliminates cyclic dependency issues
- Simplifies refactoring and maintenance
## Key Lessons from Failed Sync System
The sync system failure provides critical insights:
1. **Mixed Local/Shared Data is a Fundamental Problem**
- Cannot elegantly sync tables with both local and shared fields
- Requires clear architectural boundaries from the start
- Compromises lead to complex, unmaintainable solutions
2. **Build vs Buy Decision**
- Team built custom CRDT system instead of using existing solutions
- SQLite has mature sync options (session extension, various third-party tools)
- Custom sync for custom requirements led to never shipping
3. **Perfect is the Enemy of Good**
- Engineering debates about ideal sync architecture
- Could have shipped basic sync and iterated
- Analysis paralysis killed the feature
4. **Architectural Clarity Required**
- Must decide upfront: what syncs, what doesn't
- Separate tables for local vs shared data
- No halfway solutions
## Salvage Strategy
### Phase 1: Stabilization (2-3 months)
**Goals**: Make the existing codebase stable and maintainable
1. **Unify File Management Systems**
- Create abstraction layer over indexed/ephemeral systems
- Implement bridge operations between the two systems
- Consolidate duplicate API endpoints
- Enable cross-boundary file operations
- Single code path for common operations
2. **Replace Query Invalidation System**
- Implement proper event bus architecture
- Backend emits domain events (FileCreated, FileDeleted, etc.)
- Frontend subscribes to relevant events
- Remove all `invalidate_query!` macros
- Type-safe event definitions
3. **Reorganize Core as Pragmatic Monolith**
- Merge `heavy-lifting` crate back into core with descriptive names
- Create clear `operations/file_ops/` module for copy/move/delete
- Remove all `old_*` modules after extracting logic
- Organize by domain/operations/infrastructure pattern
- Make business logic visible in directory structure
4. **Critical Bug Fixes**
- Fix transaction timeout issues
- Resolve nullable field inconsistencies
- Handle sync error cases properly
- Fix race conditions in actor system
5. **Simplify Job System**
- Create code generation for job boilerplate
- Use procedural macros to reduce manual registration
- Consider simpler task queue (like Celery pattern)
- Document job creation process clearly
6. **Unify Identity System**
- Merge Node/Device/Instance into single concept
- One identity per Spacedrive installation
- Clear separation between app identity and library membership
- Simplify P2P routing without multiple identity layers
7. **Testing & Documentation**
- Add integration tests for both file systems
- Document the unified architecture
- Create migration guide for contributors
- Add inline code documentation
### Phase 2: Simplification (3-4 months)
**Goals**: Reduce complexity while maintaining functionality
1. **Build Real Search System**
- Implement SQLite FTS5 for full-text search
- Add content extraction pipeline (PDFs, docs, etc.)
- Create proper search indexes
- Design search-first architecture
- Enable offline file search via cached metadata
2. **Sync System Redesign**
```
┌─────────────────┐
│ Application │
└────────┬────────┘
┌────────▼────────┐
│ Sync Manager │ (Abstract interface)
└────────┬────────┘
┌────┴────┬──────────┬──────────┐
│ │ │ │
┌───▼───┐ ┌──▼───┐ ┌────▼────┐ ┌───▼───┐
│ Local │ │Cloud │ │ P2P │ │WebRTC │
│ File │ │Sync │ │ Sync │ │ Sync │
└───────┘ └──────┘ └─────────┘ └───────┘
```
3. **Database Consolidation**
- Merge dual operation tables
- Fix nullable fields
- Implement proper migrations
- Add database versioning
4. **Error Handling Patterns**
- Implement consistent error types
- Add error recovery mechanisms
- Create user-friendly error messages
- Add telemetry for error tracking
### Phase 3: Modernization (4-6 months)
**Goals**: Build sustainable architecture for future development
1. **Prisma Replacement Strategy**
- **Priority**: Replace prisma-client-rust entirely
- **Options**:
- SQLx: Direct SQL with compile-time checking
- SeaORM: Active Record pattern, good migration support
- Diesel: Mature, but heavier than needed
- **Migration approach**:
- Start with new features using SQLx
- Gradually migrate existing queries
- Keep sync generation separate from ORM
2. **Sync System Replacement**
- **Decouple sync entirely** from core system
- **Third-party SQLite sync solutions**:
- Turso/LibSQL: Built-in sync, edge replicas
- cr-sqlite: Convergent replicated SQLite
- LiteFS: Distributed SQLite by Fly.io
- Electric SQL: Postgres-SQLite sync
- **Clear data boundaries**:
- Separate local-only tables from shared tables
- No mixed local/shared data in same table
- Explicit sync configuration
- **Start simple**: Basic file metadata sync first
3. **Unified File System Architecture**
```
┌─────────────────┐
│ Application │
└────────┬────────┘
┌────────▼────────┐
│ File Operations │ (Single API)
└────────┬────────┘
┌────┴────┬─────────┐
│ │ │
┌───▼───┐ ┌──▼───┐ ┌───▼───┐
│Indexed│ │Hybrid│ │Direct │
│ Files │ │ Mode │ │ Files │
└───────┘ └──────┘ └───────┘
```
4. **Advanced Search Features**
- Implement vector/semantic search with local models
- Add AI-powered content understanding
- Create search suggestions and autocomplete
- Enable federated search across devices
- Build search-as-navigation paradigm
5. **Performance & Architecture**
- Implement proper event sourcing
- Add caching layers
- Create unified query system
- Enable progressive indexing
## Monetization Strategy
### Core Principles
- Keep core file management open source
- Maintain user privacy and data ownership
- Build sustainable revenue without compromising values
- Create value-added services that enhance the core product
### Revenue Streams
#### 1. Spacedrive Cloud (Freemium)
**Free Tier**:
- Local file management
- P2P sync between own devices
- Basic organization features
**Pro Tier ($5-10/month)**:
- Cloud backup and sync
- Advanced organization features
- Priority support
- Increased storage quotas
**Team Tier ($15-25/user/month)**:
- Shared libraries
- Team collaboration features
- Admin controls
- SSO integration
#### 2. Enterprise Features
**Self-Hosted Enterprise ($1000+/year)**:
- On-premise deployment
- Advanced security features
- Compliance tools (GDPR, HIPAA)
- Custom integrations
- SLA support
**Enterprise Cloud**:
- Dedicated infrastructure
- Custom data residency
- Advanced analytics
- White-label options
#### 3. Professional Tools
**One-Time Purchase Add-ons ($20-50)**:
- Advanced duplicate finder
- Pro media organization tools
- Batch processing workflows
- Professional metadata editing
- AI-powered organization
#### 4. Developer Ecosystem
**Spacedrive Platform**:
- Plugin marketplace (30% revenue share)
- Paid plugin development tools
- Commercial plugin licenses
- API access tiers
#### 5. Support & Services
**Professional Services**:
- Custom development
- Migration assistance
- Training and workshops
- Integration consulting
**Priority Support**:
- Dedicated support channels
- Faster response times
- Direct access to developers
- Custom feature requests
### Implementation Strategy
**Phase 1: Foundation**
- Implement basic cloud sync (paid)
- Create account system
- Set up payment infrastructure
- Launch with early-bird pricing
**Phase 2: Expansion**
- Add team features
- Launch plugin marketplace
- Introduce enterprise tier
- Build partner network
**Phase 3: Ecosystem**
- Open plugin development
- Launch professional services
- Create certification program
- Build community marketplace
### Open Source Commitment
**Always Free & Open**:
- Core file management
- Local operations
- P2P sync protocol
- Basic organization features
- Security updates
**Paid Features**:
- Cloud infrastructure
- Advanced algorithms
- Enterprise features
- Priority support
- Hosted services
## Technical Roadmap with AI Assistance
### Immediate AI-Assisted Tasks
1. **Documentation Generation**
- Generate comprehensive API docs from code
- Create user guides from UI components
- Build contributor documentation
- Generate architecture diagrams
2. **Test Suite Creation**
- Generate unit tests for existing code
- Create integration test scenarios
- Build end-to-end test suites
- Generate performance benchmarks
3. **Code Refactoring**
- Identify and fix error handling patterns
- Refactor complex functions
- Optimize database queries
- Modernize async/await usage
4. **Migration Scripts**
- Generate database migration scripts
- Create fork reconciliation plans
- Build compatibility layers
- Automate dependency updates
### Long-term AI Integration
1. **Smart Organization**
- AI-powered file categorization
- Intelligent duplicate detection
- Content-based search
- Automated tagging
2. **Development Assistance**
- AI code review bot
- Automated bug detection
- Performance optimization suggestions
- Security vulnerability scanning
## Success Metrics
### Technical Metrics
- Test coverage > 80%
- Build time < 5 minutes
- Sync latency < 1 second
- Zero critical bugs
### Business Metrics
- 10,000 paid users in Year 1
- $1M ARR by Year 2
- 50+ plugins in marketplace
- 5 enterprise customers
### Community Metrics
- 100+ active contributors
- 1000+ Discord members
- Weekly community calls
- Regular feature releases
## Conclusion
Spacedrive has strong fundamentals and clear market demand. However, the technical debt is more severe than typical abandoned projects due to fundamental architectural flaws and decision paralysis:
1. **The dual file system** makes basic operations impossible and doubles development effort
2. **The invalidation system** creates unmaintainable coupling between frontend and backend
3. **Abandoned custom libraries** (prisma-client-rust, rspc) leave the project on an island
4. **The sync system** failed due to mixed local/shared data requirements and choosing to build instead of buy
5. **Identity confusion** with Node/Device/Instance representing the same concept differently
The recurring theme is over-engineering and incomplete migrations: the team created complex abstractions (dual file systems, custom CRDT, three identity systems) and then failed to complete transitions when building replacements. Both old and new systems run in parallel throughout the codebase (jobs, P2P, file operations), creating confusion and bugs. The sync system's failure is particularly instructive: the team couldn't agree on what should sync versus remain local, leading to analysis paralysis.
Despite these challenges, the project is salvageable because:
- The core value proposition resonates (34k stars, 500k installs)
- The problems are architectural, not conceptual
- AI can accelerate the refactoring process
- The community remains engaged
**Critical Success Factors**:
1. **Unify the file systems** - This is the #1 priority
2. **Build real search** - The "VDFS" promise requires world-class search
3. **Replace Prisma entirely** - Move to SQLx or similar
4. **Simplify ruthlessly** - Remove clever solutions in favor of simple ones
5. **Ship incrementally** - Don't wait for perfection
**Next Steps**:
1. Share this analysis with the community
2. Focus initial effort on file system unification
3. Set up sustainable funding (grants, sponsors, pre-orders)
4. Use AI to generate tests and documentation
5. Ship a working version with unified file system in 3 months
The project's original vision was sound. The execution became too complex. By simplifying the architecture and focusing on core user needs, Spacedrive can fulfill its promise of being the file manager of the future.
From here we begin a rewrite in `core_new`...

832
docs/core/design/OPERATIONS_REFACTOR_PLAN.md
View File

@@ -1,832 +0,0 @@
# Operations Module Refactor Plan
## Current Problems
### 1. **Architectural Issues**
- Mixed abstraction levels in `/operations` (high-level actions, low-level jobs, domain logic)
- Confusing naming: `file_ops` vs `media_processing` vs `indexing`
- Actions are centralized and disconnected from their domains
- Audit logs try to determine library context instead of having it explicit
### 2. **Library Context Issues**
- Actions operate at core level but need library-specific audit logging
- Current `ActionManager.determine_library_id()` is unimplemented placeholder
- No clear separation between global actions (LibraryCreate) and library-scoped actions
### 3. **Domain Modularity Issues**
- Action handlers separated from their domain logic
- No clear ownership of business logic per domain
- Job naming inconsistency (`delete_job.rs` vs `job.rs` in folders)
## Target Architecture
### Core Principles
1. **Domain Modularity**: Each domain owns its complete story (actions + jobs + logic)
2. **Explicit Library Context**: Actions specify library_id when needed
3. **Consistent Structure**: Every domain follows the same pattern
4. **Clear Separation**: Global vs library-scoped actions
5. **Infrastructure vs Operations**: Framework code separate from business logic
### Actions Module Move to Infrastructure
The current `operations/actions/` module should be moved to `infrastructure/actions/` because it provides **framework functionality**, not business logic. This aligns with the existing infrastructure pattern:
**Infrastructure modules provide frameworks/systems:**
- `jobs/` - Job execution framework (traits, manager, registry, executor)
- `events/` - Event system framework (dispatching, handling)
- `database/` - Database access framework (entities, migrations, connections)
- `actions/` - Action dispatch and audit framework (manager, registry, audit logging)
**Operations modules provide business logic:**
- `files/` - File operation business logic (what to do with files)
- `locations/` - Location management business logic (how to manage locations)
- `indexing/` - Indexing business logic (how to index files)
- `media/` - Media processing business logic (how to process media)
The actions module is pure infrastructure - it doesn't care about the specific business logic of copying files or managing locations. It only provides:
- **ActionManager**: Central dispatch system
- **ActionRegistry**: Auto-discovery of action handlers
- **ActionHandler trait**: Interface for handling actions
- **Audit logging**: Framework for tracking all actions
- **Action enum**: Central registry of all available actions
This creates a clean separation where:
- **Infrastructure** provides the plumbing (how to dispatch, audit, execute)
- **Operations** provides the business logic (what to do with files, locations, etc.)
Each domain operation implements the infrastructure's `ActionHandler` trait, similar to how jobs implement the `Job` trait from `infrastructure/jobs/`. The domain owns the business logic, but uses the infrastructure's framework for execution and audit logging.
### Proposed Structure
```
src/infrastructure/
├── actions/ # Core action system (framework only)
│ ├── manager.rs # Central dispatch + audit (fixed library routing)
│ ├── registry.rs # Auto-discovery via inventory
│ ├── handler.rs # ActionHandler trait
│ ├── receipt.rs # ActionReceipt types
│ ├── error.rs # ActionError types
│ └── mod.rs # Core Action enum (references domain actions)
├── jobs/ # Keep existing
├── events/ # Keep existing
├── database/ # Keep existing
└── cli/ # Keep existing
src/operations/
├── files/ # Rename from file_ops
│ ├── copy/
│ │ ├── job.rs # FileCopyJob
│ │ ├── action.rs # FileCopyAction + handler
│ │ ├── routing.rs # Keep existing
│ │ └── strategy.rs # Keep existing
│ ├── delete/ # Convert from delete_job.rs
│ │ ├── job.rs # FileDeleteJob
│ │ └── action.rs # FileDeleteAction + handler
│ ├── validation/ # Convert from validation_job.rs
│ │ ├── job.rs # ValidationJob
│ │ └── action.rs # ValidationAction + handler
│ ├── duplicate_detection/ # Convert from duplicate_detection_job.rs
│ │ ├── job.rs # DuplicateDetectionJob
│ │ └── action.rs # DuplicateDetectionAction + handler
│ └── mod.rs # Re-exports
├── locations/ # Extract from actions/handlers
│ ├── add/
│ │ └── action.rs # LocationAddAction + handler
│ ├── remove/
│ │ └── action.rs # LocationRemoveAction + handler
│ ├── index/
│ │ └── action.rs # LocationIndexAction + handler
│ └── mod.rs # Re-exports
├── libraries/ # Extract from actions/handlers
│ ├── create/
│ │ └── action.rs # LibraryCreateAction + handler (global scope)
│ ├── delete/
│ │ └── action.rs # LibraryDeleteAction + handler (global scope)
│ └── mod.rs # Re-exports
├── indexing/ # Keep existing structure + add action.rs
│ ├── job.rs # Keep existing IndexerJob
│ ├── action.rs # NEW: IndexingAction + handler
│ ├── phases/ # Keep existing
│ ├── state.rs # Keep existing
│ └── ... # Keep all existing files
├── content/ # Keep existing + add action.rs
│ ├── action.rs # NEW: ContentAction + handler
│ └── mod.rs # Keep existing
├── media/ # Rename from media_processing
│ ├── thumbnails/
│ │ ├── job.rs # Keep existing ThumbnailJob
│ │ ├── action.rs # NEW: ThumbnailAction + handler
│ │ └── ... # Keep existing files
│ └── mod.rs # Re-exports
├── metadata/ # Keep existing + add action.rs
│ ├── action.rs # NEW: MetadataAction + handler
│ └── mod.rs # Keep existing
└── mod.rs # Updated job registration
```
## New Action Structure
### Core Action Enum
```rust
// src/infrastructure/actions/mod.rs
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum Action {
// Global actions (no library context)
LibraryCreate(crate::operations::libraries::create::LibraryCreateAction),
LibraryDelete(crate::operations::libraries::delete::LibraryDeleteAction),
// Library-scoped actions (require library_id)
FileCopy {
library_id: Uuid,
action: crate::operations::files::copy::FileCopyAction
},
FileDelete {
library_id: Uuid,
action: crate::operations::files::delete::FileDeleteAction
},
FileValidate {
library_id: Uuid,
action: crate::operations::files::validation::ValidationAction
},
DetectDuplicates {
library_id: Uuid,
action: crate::operations::files::duplicate_detection::DuplicateDetectionAction
},
LocationAdd {
library_id: Uuid,
action: crate::operations::locations::add::LocationAddAction
},
LocationRemove {
library_id: Uuid,
action: crate::operations::locations::remove::LocationRemoveAction
},
LocationIndex {
library_id: Uuid,
action: crate::operations::locations::index::LocationIndexAction
},
Index {
library_id: Uuid,
action: crate::operations::indexing::IndexingAction
},
GenerateThumbnails {
library_id: Uuid,
action: crate::operations::media::thumbnails::ThumbnailAction
},
ContentAnalysis {
library_id: Uuid,
action: crate::operations::content::ContentAction
},
MetadataOperation {
library_id: Uuid,
action: crate::operations::metadata::MetadataAction
},
}
impl Action {
pub fn library_id(&self) -> Option<Uuid> {
match self {
Action::LibraryCreate(_) | Action::LibraryDelete(_) => None,
Action::FileCopy { library_id, .. } => Some(*library_id),
Action::FileDelete { library_id, .. } => Some(*library_id),
Action::FileValidate { library_id, .. } => Some(*library_id),
Action::DetectDuplicates { library_id, .. } => Some(*library_id),
Action::LocationAdd { library_id, .. } => Some(*library_id),
Action::LocationRemove { library_id, .. } => Some(*library_id),
Action::LocationIndex { library_id, .. } => Some(*library_id),
Action::Index { library_id, .. } => Some(*library_id),
Action::GenerateThumbnails { library_id, .. } => Some(*library_id),
Action::ContentAnalysis { library_id, .. } => Some(*library_id),
Action::MetadataOperation { library_id, .. } => Some(*library_id),
}
}
}
```
### Fixed ActionManager
```rust
// src/infrastructure/actions/manager.rs
impl ActionManager {
pub async fn dispatch(
&self,
action: Action,
) -> ActionResult<ActionReceipt> {
// 1. Find the correct handler in the registry
let handler = REGISTRY
.get(action.kind())
.ok_or_else(|| ActionError::ActionNotRegistered(action.kind().to_string()))?;
// 2. Validate the action
handler.validate(self.context.clone(), &action).await?;
// 3. Create the initial audit log entry (if library-scoped)
let audit_entry = if let Some(library_id) = action.library_id() {
Some(self.create_audit_log(library_id, &action).await?)
} else {
None
};
// 4. Execute the handler
let result = handler.execute(self.context.clone(), action).await;
// 5. Update the audit log with the final status (if we created one)
if let Some(entry) = audit_entry {
self.finalize_audit_log(entry, &result).await?;
}
result
}
// Remove the broken determine_library_id method
// Library ID is now explicit in the action
}
```
## Migration Steps
### Phase 1: Move Actions to Infrastructure
1. **Move actions module**:
```bash
mv src/operations/actions src/infrastructure/actions
```
2. **Update infrastructure mod.rs**:
```rust
pub mod actions;
pub mod cli;
pub mod database;
pub mod events;
pub mod jobs;
```
3. **Update imports** throughout codebase from `crate::operations::actions` to `crate::infrastructure::actions`
### Phase 2: Restructure Domains
1. **Create new domain folders**:
```bash
mkdir -p src/operations/files/{copy,delete,validation,duplicate_detection}
mkdir -p src/operations/locations/{add,remove,index}
mkdir -p src/operations/libraries/{create,delete}
mkdir -p src/operations/media/thumbnails
```
2. **Move and rename files**:
- `file_ops/delete_job.rs` → `files/delete/job.rs`
- `file_ops/validation_job.rs` → `files/validation/job.rs`
- `file_ops/duplicate_detection_job.rs` → `files/duplicate_detection/job.rs`
- `media_processing/` → `media/`
3. **Update imports** throughout codebase
### Phase 3: Extract Domain Actions
1. **Move action handlers to domains**:
- `infrastructure/actions/handlers/file_copy.rs` → `operations/files/copy/action.rs`
- `infrastructure/actions/handlers/file_delete.rs` → `operations/files/delete/action.rs`
- `infrastructure/actions/handlers/location_add.rs` → `operations/locations/add/action.rs`
- `infrastructure/actions/handlers/location_remove.rs` → `operations/locations/remove/action.rs`
- `infrastructure/actions/handlers/location_index.rs` → `operations/locations/index/action.rs`
- `infrastructure/actions/handlers/library_create.rs` → `operations/libraries/create/action.rs`
- `infrastructure/actions/handlers/library_delete.rs` → `operations/libraries/delete/action.rs`
2. **Create new action files for existing domains**:
- `operations/indexing/action.rs` (NEW)
- `operations/content/action.rs` (NEW)
- `operations/media/thumbnails/action.rs` (NEW)
- `operations/metadata/action.rs` (NEW)
### Phase 4: Update Core Action System
1. **Refactor Action enum** to use domain-specific types with explicit library_id
2. **Remove handlers directory** (empty after migration)
3. **Update ActionManager** to use explicit library_id from actions
4. **Fix audit log creation** to use correct library database
### Phase 5: Update CLI Integration
1. **Update CLI commands** to pass library_id when creating actions:
```rust
// Before
let action = Action::FileCopy { sources, destination, options };
// After
let library_id = cli_app.get_current_library().await?.id();
let action = Action::FileCopy {
library_id,
action: FileCopyAction { sources, destination, options }
};
```
2. **Update command handlers** to work with new action structure
### Phase 6: Update Job Registration
1. **Update operations/mod.rs** to register jobs from new locations:
```rust
pub fn register_all_jobs() {
// File operation jobs
register_job::<files::copy::FileCopyJob>();
register_job::<files::delete::FileDeleteJob>();
register_job::<files::validation::ValidationJob>();
register_job::<files::duplicate_detection::DuplicateDetectionJob>();
// Other jobs
register_job::<indexing::IndexerJob>();
register_job::<media::thumbnails::ThumbnailJob>();
}
```
### Phase 7: Testing and Validation
1. **Update all tests** to use new structure
2. **Run action system tests** to ensure functionality preserved
3. **Test CLI integration** with new action structure
4. **Verify audit logs** are created in correct library databases
## Benefits of This Refactor
### 1. **True Domain Modularity**
- Each domain owns its complete story (actions + jobs + logic)
- Want to understand file operations? Everything is in `files/`
- Want to add location features? Everything is in `locations/`
### 2. **Clear Library Context**
- Actions explicitly specify which library they operate on
- No more guessing or unimplemented library ID determination
- Global actions (library management) clearly separated
### 3. **Consistent Structure**
- Every domain follows the same pattern
- Complex domains: `domain/operation/{job.rs, action.rs}`
- Simple domains: `domain/action.rs`
- No more naming inconsistencies
### 4. **Improved Maintainability**
- Related functionality grouped together
- Clear boundaries between domains
- Easier to test individual domains
- Easier to add new domains
### 5. **Better Developer Experience**
- Intuitive navigation of codebase
- Clear understanding of action vs job responsibilities
- Explicit library context prevents bugs
- Consistent patterns across all domains
## Potential Issues and Solutions
### 1. **Breaking Changes**
- **Issue**: This refactor breaks all existing imports
- **Solution**: Update imports incrementally, test at each phase
### 2. **CLI Integration**
- **Issue**: CLI needs to pass library_id for all actions
- **Solution**: Centralize library ID retrieval in CLI helper functions
### 3. **Action Enum Size**
- **Issue**: Action enum becomes quite large
- **Solution**: This is acceptable for explicit typing, improves type safety
### 4. **Migration Complexity**
- **Issue**: Large number of files to move and update
- **Solution**: Migrate in phases, ensure tests pass at each step
This refactor transforms the operations module from a confusing mix of concerns into a clean, domain-driven architecture where each domain owns its complete functionality and library context is explicit throughout the system.
## Example:
Here's how src/operations/libraries/create/action.rs would look following the Builder Refactor
Plan:
```rust
//! Library creation action handler
use crate::{
context::CoreContext,
infrastructure::actions::{
builder::{ActionBuilder, ActionBuildError, CliActionBuilder},
error::{ActionError, ActionResult},
handler::ActionHandler,
output::ActionOutput,
Action,
},
register_action_handler,
};
use async_trait::async_trait;
use clap::Parser;
use serde::{Deserialize, Serialize};
use std::{path::PathBuf, sync::Arc};
use uuid::Uuid;
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct LibraryCreateAction {
pub name: String,
pub path: Option<PathBuf>,
}
// Builder implementation
pub struct LibraryCreateActionBuilder {
name: Option<String>,
path: Option<PathBuf>,
errors: Vec<String>,
}
impl LibraryCreateActionBuilder {
pub fn new() -> Self {
Self {
name: None,
path: None,
errors: Vec::new(),
}
}
// Fluent API methods
pub fn name<S: Into<String>>(mut self, name: S) -> Self {
self.name = Some(name.into());
self
}
pub fn path<P: Into<PathBuf>>(mut self, path: P) -> Self {
self.path = Some(path.into());
self
}
pub fn auto_path(mut self) -> Self {
// Use default library path based on OS conventions
self.path = Some(Self::default_library_path());
self
}
// Validation methods
fn validate_name(&mut self) {
if let Some(ref name) = self.name {
if name.trim().is_empty() {
self.errors.push("Library name cannot be empty".to_string());
}
if name.len() > 255 {
self.errors.push("Library name cannot exceed 255 characters".to_string());
}
if name.contains(['/', '\\', ':', '*', '?', '"', '<', '>', '|']) {
self.errors.push("Library name contains invalid characters".to_string());
}
} else {
self.errors.push("Library name is required".to_string());
}
}
fn validate_path(&mut self) {
if let Some(ref path) = self.path {
if let Some(parent) = path.parent() {
if !parent.exists() {
self.errors.push(format!(
"Parent directory does not exist: {}",
parent.display()
));
}
if !parent.metadata().map_or(false, |m| m.permissions().readonly()) {
// Check if we can write to the parent directory
}
}
}
}
fn default_library_path() -> PathBuf {
#[cfg(target_os = "macos")]
{
dirs::home_dir()
.unwrap_or_else(|| PathBuf::from("/tmp"))
.join("Library/Application Support/Spacedrive")
}
#[cfg(target_os = "windows")]
{
dirs::data_dir()
.unwrap_or_else(|| PathBuf::from("C:\\ProgramData"))
.join("Spacedrive")
}
#[cfg(target_os = "linux")]
{
dirs::data_dir()
.unwrap_or_else(|| PathBuf::from("/tmp"))
.join("spacedrive")
}
}
}
impl ActionBuilder for LibraryCreateActionBuilder {
type Action = LibraryCreateAction;
type Error = ActionBuildError;
fn validate(&self) -> Result<(), Self::Error> {
let mut builder = self.clone();
builder.validate_name();
builder.validate_path();
if !builder.errors.is_empty() {
return Err(ActionBuildError::Validation(builder.errors));
}
Ok(())
}
fn build(self) -> Result<Self::Action, Self::Error> {
self.validate()?;
Ok(LibraryCreateAction {
name: self.name.unwrap(), // Safe after validation
path: self.path,
})
}
}
// CLI Integration
#[derive(Parser)]
pub struct LibraryCreateArgs {
/// Name for the new library
pub name: String,
/// Path where the library should be created
#[arg(short, long)]
pub path: Option<PathBuf>,
/// Use automatic path based on OS conventions
#[arg(long)]
pub auto_path: bool,
}
impl CliActionBuilder for LibraryCreateActionBuilder {
type Args = LibraryCreateArgs;
fn from_cli_args(args: Self::Args) -> Self {
let mut builder = Self::new().name(args.name);
if args.auto_path {
builder = builder.auto_path();
} else if let Some(path) = args.path {
builder = builder.path(path);
}
builder
}
}
// Convenience methods on the action
impl LibraryCreateAction {
pub fn builder() -> LibraryCreateActionBuilder {
LibraryCreateActionBuilder::new()
}
/// Quick constructor for library with auto path
pub fn new_auto<S: Into<String>>(name: S) -> LibraryCreateActionBuilder {
Self::builder().name(name).auto_path()
}
/// Quick constructor for library with custom path
pub fn new_at<S: Into<String>, P: Into<PathBuf>>(
name: S,
path: P,
) -> LibraryCreateActionBuilder {
Self::builder().name(name).path(path)
}
}
// Handler implementation
pub struct LibraryCreateHandler;
impl LibraryCreateHandler {
pub fn new() -> Self {
Self
}
}
#[async_trait]
impl ActionHandler for LibraryCreateHandler {
async fn validate(
&self,
_context: Arc<CoreContext>,
action: &Action,
) -> ActionResult<()> {
if let Action::LibraryCreate(action) = action {
// Additional runtime validation (builder already did static validation)
if action.name.trim().is_empty() {
return Err(ActionError::Validation {
field: "name".to_string(),
message: "Library name cannot be empty".to_string(),
});
}
// Check if library name already exists
// TODO: Implement library name uniqueness check
Ok(())
} else {
Err(ActionError::InvalidActionType)
}
}
async fn execute(
&self,
context: Arc<CoreContext>,
action: Action,
) -> ActionResult<ActionOutput> {
if let Action::LibraryCreate(action) = action {
let library_manager = &context.library_manager;
// Create the library (this is an immediate operation, not a background job)
let new_library = library_manager
.create_library(action.name.clone(), action.path.clone())
.await
.map_err(|e| ActionError::Internal(e.to_string()))?;
// Return structured output instead of generic JSON
Ok(ActionOutput::LibraryCreate {
library_id: new_library.id(),
name: action.name,
})
} else {
Err(ActionError::InvalidActionType)
}
}
fn can_handle(&self, action: &Action) -> bool {
matches!(action, Action::LibraryCreate(_))
}
fn supported_actions() -> &'static [&'static str] {
&["library.create"]
}
}
// Register this handler
register_action_handler!(LibraryCreateHandler, "library.create");
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_builder_fluent_api() {
let action = LibraryCreateAction::builder()
.name("My Library")
.path("/home/user/libraries/my-library")
.build()
.unwrap();
assert_eq!(action.name, "My Library");
assert_eq!(action.path, Some(PathBuf::from("/home/user/libraries/my-library")));
}
#[test]
fn test_builder_validation() {
// Empty name should fail
let result = LibraryCreateAction::builder()
.name("")
.build();
assert!(result.is_err());
match result.unwrap_err() {
ActionBuildError::Validation(errors) => {
assert!(errors.iter().any(|e| e.contains("cannot be empty")));
}
_ => panic!("Expected validation error"),
}
// Invalid characters should fail
let result = LibraryCreateAction::builder()
.name("Library/With*Invalid:Characters")
.build();
assert!(result.is_err());
}
#[test]
fn test_cli_integration() {
let args = LibraryCreateArgs {
name: "Test Library".to_string(),
path: Some("/custom/path".into()),
auto_path: false,
};
let action = LibraryCreateActionBuilder::from_cli_args(args).build().unwrap();
assert_eq!(action.name, "Test Library");
assert_eq!(action.path, Some(PathBuf::from("/custom/path")));
}
#[test]
fn test_auto_path() {
let args = LibraryCreateArgs {
name: "Test Library".to_string(),
path: None,
auto_path: true,
};
let action = LibraryCreateActionBuilder::from_cli_args(args).build().unwrap();
assert_eq!(action.name, "Test Library");
assert!(action.path.is_some()); // Should have auto-generated path
}
#[test]
fn test_convenience_constructors() {
// Auto path constructor
let action = LibraryCreateAction::new_auto("Auto Library").build().unwrap();
assert_eq!(action.name, "Auto Library");
assert!(action.path.is_some());
// Custom path constructor
let action = LibraryCreateAction::new_at("Custom Library", "/custom/path")
.build()
.unwrap();
assert_eq!(action.name, "Custom Library");
assert_eq!(action.path, Some(PathBuf::from("/custom/path")));
}
}
```
Key Features Added
1. Builder Pattern
```rust
let action = LibraryCreateAction::builder()
.name("My Library")
.path("/custom/path")
.build()?;
```
2. CLI Integration
```rust
#[derive(Parser)]
pub struct LibraryCreateArgs {
pub name: String,
#[arg(short, long)]
pub path: Option<PathBuf>,
#[arg(long)]
pub auto_path: bool,
}
```
3. Validation at Build Time
- Empty name validation
- Invalid character checking
- Path existence validation
- Length limits
4. Convenience Methods
```rust
// Quick constructors
LibraryCreateAction::new_auto("Library Name")
LibraryCreateAction::new_at("Library Name", "/path")
```
5. Structured Output
```rust
Ok(ActionOutput::LibraryCreate {
library_id: new_library.id(),
name: action.name,
})
```
6. Comprehensive Tests
- Builder validation
- CLI argument parsing
- Fluent API usage
- Convenience constructors
This follows all the patterns from the refactor plan while being specifically tailored to
library creation needs!

1298
docs/core/design/PERSISTENT_DEVICE_CONNECTIONS_DESIGN.md
View File

File diff suppressed because it is too large Load Diff

163
docs/core/design/QUERY_REFACTOR_PLAN.md
View File

@@ -1,163 +0,0 @@
# Query Architecture Refactor Plan
## Goal: Consistent Input/Output Pattern for Queries
Currently queries have inconsistent architecture compared to actions. This plan will make them consistent with the clean Input/Output separation pattern.
## Current State Analysis
### Actions (Good Architecture)
```rust
FileCopyInput FileCopyAction JobHandle/CustomOutput
```
- **Input**: Clean API contract
- **Action**: Internal execution logic
- **Output**: Clean result data
### Queries (Inconsistent Architecture)
#### Pattern 1: Query Struct Contains Fields
```rust
// Mixed concerns - API fields + execution logic
pub struct JobListQuery {
pub status: Option<JobStatus>, // ← API input mixed with query logic
}
```
#### Pattern 2: Query Struct Contains Input (Better)
```rust
// Better separation
pub struct FileSearchQuery {
pub input: FileSearchInput, // ← Cleaner!
}
```
## Refactor Plan
### Phase 1: Create Input Structs for All 12 Queries
| Current Query | New Input Struct | Type | Notes |
|--------------|------------------|------|-------|
| `CoreStatusQuery` | `CoreStatusInput` | Core | Empty struct for consistency |
| `JobListQuery` | `JobListInput` | Library | `{ status: Option<JobStatus> }` |
| `JobInfoQuery` | `JobInfoInput` | Library | `{ job_id: JobId }` |
| `LibraryInfoQuery` | `LibraryInfoInput` | Library | `{ library_id: Uuid }` |
| `ListLibrariesQuery` | `ListLibrariesInput` | Core | `{ include_stats: bool }` |
| `GetCurrentLibraryQuery` | `GetCurrentLibraryInput` | Core | Empty struct |
| `LocationsListQuery` | `LocationsListInput` | Library | `{ library_id: Uuid }` |
| `FileSearchQuery` | `FileSearchInput` | Library | Already exists |
| `SearchTagsQuery` | `SearchTagsInput` | Library | Already exists |
| `NetworkStatusQuery` | `NetworkStatusInput` | Core | Empty struct |
| `ListDevicesQuery` | `ListDevicesInput` | Core | Empty struct |
| `PairStatusQuery` | `PairStatusInput` | Core | Empty struct |
### Phase 2: Update Query Struct Implementations
#### Before (Mixed Concerns)
```rust
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct JobListQuery {
pub status: Option<JobStatus>, // ← API field mixed with logic
}
impl Query for JobListQuery {
type Output = JobListOutput;
async fn execute(self, context: Arc<CoreContext>) -> Result<Self::Output> {
// Use self.status directly
}
}
crate::register_query!(JobListQuery, "jobs.list");
```
#### After (Clean Separation)
```rust
// Clean input struct
#[derive(Debug, Clone, Serialize, Deserialize, Type)]
pub struct JobListInput {
pub status: Option<JobStatus>,
}
// Clean query struct
#[derive(Debug, Clone)]
pub struct JobListQuery {
pub input: JobListInput,
// Future: internal query state/context could go here
}
impl LibraryQuery for JobListQuery {
type Input = JobListInput;
type Output = JobListOutput;
fn from_input(input: Self::Input) -> Result<Self> {
Ok(Self { input })
}
async fn execute(self, context: Arc<CoreContext>, library_id: Uuid) -> Result<Self::Output> {
// Use self.input.status
}
}
crate::register_library_query!(JobListQuery, "jobs.list");
```
### Phase 3: Update QueryManager to Support New Traits
```rust
impl QueryManager {
/// Dispatch a library query
pub async fn dispatch_library<Q: LibraryQuery>(&self, query: Q, library_id: Uuid) -> Result<Q::Output> {
query.execute(self.context.clone(), library_id).await
}
/// Dispatch a core query
pub async fn dispatch_core<Q: CoreQuery>(&self, query: Q) -> Result<Q::Output> {
query.execute(self.context.clone()).await
}
}
```
### Phase 4: Migration Strategy
#### Step 1: Core Queries (4 queries)
- `CoreStatusQuery` → Core (no library context needed)
- `ListLibrariesQuery` → Core (lists all libraries)
- `NetworkStatusQuery` → Core (daemon-level network status)
- `ListDevicesQuery` → Core (daemon-level device list)
#### Step 2: Library Queries (8 queries)
- `JobListQuery` → Library (library-specific jobs)
- `JobInfoQuery` → Library (library-specific job info)
- `LibraryInfoQuery` → Library (specific library info)
- `GetCurrentLibraryQuery` → Core (session state, not library-specific)
- `LocationsListQuery` → Library (library-specific locations)
- `FileSearchQuery` → Library (search within library)
- `SearchTagsQuery` → Library (library-specific tags)
- `PairStatusQuery` → Core (daemon-level pairing status)
## Benefits After Refactor
### **Architectural Consistency**
- Actions and queries follow same Input/Output pattern
- Clean separation of API contract vs execution logic
- Consistent wire protocol handling
### **Better Type Safety**
- Explicit Input types for Swift generation
- Clear distinction between library vs core operations
- Proper type extraction via enhanced registration macros
### **rspc Magic Compatibility**
- All queries will work with automatic type extraction
- Complete Swift API generation for all 12 queries
- Type-safe wire methods and identifiers
## Implementation Order
1. **Create Input structs** for each query
2. **Update query implementations** to use new traits
3. **Change registration macro calls** from `register_query!` to `register_library_query!`/`register_core_query!`
4. **Test complete system** with all 41 operations
This refactor will give us a **clean, consistent architecture** that works perfectly with the rspc-inspired type extraction system!

85
docs/core/design/REFERENCE_SIDECARS.md
View File

@@ -1,85 +0,0 @@
# Reference Sidecars Implementation
This document describes the reference sidecar feature added to the Virtual Sidecar System (VSS).
## Overview
Reference sidecars allow Spacedrive to track files as virtual sidecars without moving them from their original locations. This aligns with Spacedrive's philosophy of not touching original files during indexing.
## Key Features
1. **Non-Destructive Tracking**: Files remain in their original locations
2. **Database Linking**: Sidecars are linked to their source entries via `source_entry_id`
3. **Bulk Conversion**: Reference sidecars can be converted to owned sidecars on demand
## Database Schema
Added to the `sidecars` table:
- `source_entry_id: Option<i32>` - Links to the original entry when the sidecar is a reference
## Implementation
### Creating Reference Sidecars
```rust
sidecar_manager.create_reference_sidecar(
library,
content_uuid, // The content this is a sidecar for
source_entry_id, // The entry ID of the original file
kind,
variant,
format,
size,
checksum,
).await?;
```
### Converting to Owned Sidecars
```rust
sidecar_manager.convert_reference_to_owned(
library,
content_uuid,
).await?;
```
This method:
1. Finds all reference sidecars for the content
2. Moves files to the managed sidecar directory
3. Updates database records to remove the reference
## Live Photo Use Case
Live Photos are the primary use case for reference sidecars:
1. During indexing, when an image is found with a matching video
2. The video is created as a reference sidecar of the image
3. The video file stays in its original location
4. Users can later bulk-convert Live Photos to take ownership
### Example Flow
```rust
// During indexing
if let Some(live_photo) = LivePhotoDetector::detect_pair(image_path) {
// Create minimal entry for video (or skip entirely)
let video_entry_id = create_minimal_entry(&live_photo.video_path)?;
// Create reference sidecar
LivePhotoDetector::create_live_photo_reference_sidecar(
library,
sidecar_manager,
&image_content_uuid,
video_entry_id,
video_size,
video_checksum,
).await?;
}
```
## Benefits
1. **Preserves User Organization**: Files stay where users put them
2. **Delayed Decision**: Users can choose when/if to consolidate files
3. **Reduced Indexing Impact**: No file moves during initial scan
4. **Flexibility**: Supports various sidecar relationships without file ownership

332
docs/core/design/RELAY_FLOW_DIAGRAM.md
View File

@@ -1,332 +0,0 @@
# Relay Integration Flow Diagrams
## Current State: mDNS-Only Pairing
```
┌─────────────────────────────────────────────────────────────────────┐
│ SAME NETWORK (Works) │
└─────────────────────────────────────────────────────────────────────┘
Initiator Joiner
───────── ──────
1. Generate pairing code
└─> "word1 word2 ... word12"
2. Start pairing session 3. Enter code
└─> Broadcast session_id └─> Parse session_id
via mDNS user_data
4. Listen for mDNS
3. Wait for connection <───────────────────── └─> Find session_id
mDNS Discovery in broadcasts
(~1s)
5. Connect via direct
4. Accept connection <───────────────────── socket addresses
QUIC Connection
5. Challenge-response handshake ←───────────────────→ 6. Sign challenge
Pairing
SUCCESS: Devices paired!
┌─────────────────────────────────────────────────────────────────────┐
│ DIFFERENT NETWORKS (Fails) │
└─────────────────────────────────────────────────────────────────────┘
Initiator (Network A) Joiner (Network B)
───────────────────── ──────────────────
1. Generate pairing code
└─> "word1 word2 ... word12"
2. Start pairing session 3. Enter code
└─> Broadcast session_id └─> Parse session_id
via mDNS (local only!)
4. Listen for mDNS
3. Wait for connection └─> Timeout after 10s
mDNS blocked by (different network)
network boundary
5. ERROR: Discovery failed
FAILURE: Pairing failed!
Note: Even though endpoint has RelayMode::Default configured, the relay
is never used because pairing code doesn't include relay info!
```
## Proposed State: Dual-Path Discovery
```
┌─────────────────────────────────────────────────────────────────────┐
│ SAME NETWORK (Faster via mDNS) │
└─────────────────────────────────────────────────────────────────────┘
Initiator Joiner
───────── ──────
1. Generate enhanced code 3. Enter code
└─> Include: └─> Parse:
• session_id • session_id
• node_id • node_id
• relay_url • relay_url
2. Start pairing session 4. Parallel discovery:
├─> Broadcast via mDNS ├─> Listen for mDNS ✅
└─> Connected to relay └─> Try relay connect
(already happens)
5. mDNS wins race!
3. Accept connection <───────────────────── └─> Connect via
mDNS + Direct direct address
(~1s)
SUCCESS: Fast local pairing (no change to user experience)
┌─────────────────────────────────────────────────────────────────────┐
│ DIFFERENT NETWORKS (Works via Relay) │
└─────────────────────────────────────────────────────────────────────┘
Initiator (Network A) Joiner (Network B)
───────────────────── ──────────────────
1. Generate enhanced code 3. Enter code
└─> session_id + node_id + relay_url └─> Parse all fields
2. Start pairing session 4. Parallel discovery:
├─> Broadcast via mDNS ├─> Listen for mDNS ❌
│ (won't reach Network B) │ (timeout ~3s)
└─> Home relay: use1-1.relay... │
└─> Try relay connect ✅
Relay Server └─> Build NodeAddr:
┌──────────────┐ NodeAddr::from_parts(
Connected to ───┤ │ node_id,
relay as home │ n0 Relay │ relay_url,
│ │ []
└──────────────┘ )
3. Incoming connection via relay 5. Connect via relay
└─> Relay forwards encrypted ←───────────────────── └─> Connection succeeds!
QUIC packets ~2-5s (~2-5s)
4. Challenge-response handshake ←───────────────────→ 6. Sign challenge
(over relay)
5. Upgrade to direct connection 7. Hole-punching attempt
├─> Iroh attempts NAT traversal ├─> Exchange candidates
└─> Success rate: ~90% └─> Direct path found!
SUCCESS: Devices paired via relay, then upgraded to direct!
┌─────────────────────────────────────────────────────────────────────┐
│ RECONNECTION AFTER PAIRING │
└─────────────────────────────────────────────────────────────────────┘
Device A Device B
──────── ────────
[Device info stored]: [Device info stored]:
• node_id • node_id
• relay_url: use1-1.relay... • relay_url: euc1-1.relay...
• last_seen_addresses: [10.0.0.5:8080] • last_seen_addresses: [...]
• session_keys • session_keys
RECONNECTION ATTEMPT (NodeId rule: lower ID initiates)
───────────────────────────────────────────────────────
1. Try direct addresses first
└─> [10.0.0.5:8080] Timeout
(device moved networks)
2. Try mDNS discovery
└─> Wait 2s for broadcast Not found
(not on same network)
3. Fallback to relay ✅
└─> NodeAddr::from_parts(
device_b_node_id,
Some(relay_url), ← Stored relay
vec![]
)
4. Connect via relay 5. Accept connection
└─> Relay forwards packets ───────────────────> └─> Recognize node_id
~100ms as paired device
6. Restore encrypted session 7. Session restored
└─> Use stored session_keys └─> Use stored keys
8. Attempt hole-punch 9. Coordinate NAT traversal
└─> If successful, upgrade to direct └─> Direct path established
SUCCESS: Reconnected via relay, upgraded to direct
┌─────────────────────────────────────────────────────────────────────┐
│ CONNECTION LIFECYCLE │
└─────────────────────────────────────────────────────────────────────┘
┌──────────────┐
│ Discovery │
└───────┬──────┘
┌─────────────┴─────────────┐
│ │
┌─────▼──────┐ ┌──────▼─────┐
│ mDNS │ │ Relay │
│ (Local) │ │ (Remote) │
└─────┬──────┘ └──────┬─────┘
│ │
└─────────────┬─────────────┘
┌───────▼────────┐
│ Connection │ ← Whichever succeeds first
│ Established │
└───────┬────────┘
┌───────▼────────┐
│ Relay Transit │ ← If via relay
└───────┬────────┘
┌───────▼────────┐
│ Hole-Punch │ ← Automatic upgrade attempt
│ Attempt │ (90% success)
└───────┬────────┘
┌─────────────┴─────────────┐
│ │
┌─────▼──────┐ ┌──────▼─────┐
│ Direct │ │ Relay │
│ Connection │ │ Connection │
│ (<10ms) │ │ (~100ms) │
└────────────┘ └────────────┘
Optimal Fallback
(90% of cases) (Always works)
┌─────────────────────────────────────────────────────────────────────┐
│ RELAY SERVER TOPOLOGY │
└─────────────────────────────────────────────────────────────────────┘
┌────────────────────┐
│ Device A (EU) │
│ Home: eu relay │
└──────────┬─────────┘
│ Connects to home relay
┌─────────────────────┼─────────────────────┐
│ │ │
┌─────▼──────┐ ┌──────▼──────┐ ┌──────▼──────┐
│ NA Relay │ │ EU Relay │ │ AP Relay │
│ use1-1... │◄────►│ euc1-1... │◄────►│ aps1-1... │
└─────┬──────┘ └──────┬──────┘ └──────┬──────┘
│ │ │
└─────────────────────┼─────────────────────┘
│ Relay forwards
│ encrypted packets
┌──────────▼─────────┐
│ Device B (NA) │
│ Home: na relay │
└────────────────────┘
• Devices connect to geographically closest relay (automatic)
• Relays coordinate to forward packets
• Can only see encrypted QUIC traffic
• Relays assist with hole-punching via STUN/TURN-like protocol
```
## Key Implementation Points
### 1. Enhanced Pairing Code Structure
```rust
// BEFORE (current)
PairingCode {
entropy: [u8; 16], // Only has session_id info
}
// AFTER (proposed)
PairingCode {
session_id: Uuid, // For mDNS matching
node_id: NodeId, // For relay discovery
relay_url: Option<RelayUrl>, // Initiator's home relay
}
// Encoding options:
// Option A: Extended BIP39 (24 words instead of 12)
// Option B: JSON + Base64 in QR code (not human-readable)
// Option C: Hybrid: Show QR, fallback to manual 24-word entry
```
### 2. Discovery Implementation
```rust
// core/src/service/network/core/mod.rs
pub async fn start_pairing_as_joiner(&self, code: &str) -> Result<()> {
let pairing_code = PairingCode::from_string(code)?;
// Create both discovery futures
let mdns_future = self.try_mdns_discovery(pairing_code.session_id());
let relay_future = self.try_relay_discovery(
pairing_code.node_id(),
pairing_code.relay_url()
);
// Race them - whichever succeeds first wins
let connection = tokio::select! {
Ok(conn) = mdns_future => {
self.logger.info("Connected via mDNS (local network)").await;
conn
}
Ok(conn) = relay_future => {
self.logger.info("Connected via relay (remote network)").await;
conn
}
};
// Continue with pairing handshake using the established connection
// ... existing pairing logic ...
}
```
### 3. Relay Info Storage
```rust
// core/src/service/network/device/persistence.rs
pub struct PersistedPairedDevice {
pub device_info: DeviceInfo,
pub session_keys: SessionKeys,
pub paired_at: DateTime<Utc>,
// Enhanced fields for relay support
pub home_relay_url: Option<String>, // ← Add this
pub last_known_relay: Option<String>, // ← Add this
pub last_seen_addresses: Vec<String>, // ← Already exists
// Connection history
pub last_connected_at: Option<DateTime<Utc>>,
pub connection_attempts: u32,
pub trust_level: TrustLevel,
}
```
---
**Implementation Timeline**
```
Week 1: Pairing code enhancement + dual-path discovery
Week 2: Testing cross-network scenarios + bug fixes
Week 3: Reconnection improvements + relay info storage
Week 4: Observability + metrics + documentation
Week 5-6: Beta testing with various network configs
Week 7: Production rollout
```

191
docs/core/design/RELAY_INTEGRATION_SUMMARY.md
View File

@@ -1,191 +0,0 @@
# Iroh Relay Integration - Quick Summary
## TL;DR
**Good News**: Spacedrive already uses Iroh with relay servers configured! The relay infrastructure is working - we just need to expose it for pairing and ensure it's used effectively.
**Key Finding**: Your relay is already set to `RelayMode::Default` (line 182 in `core/src/service/network/core/mod.rs`), which means paired devices can already connect via relay. The main gap is **pairing discovery** which currently only uses mDNS.
## Current Architecture
```
Device A (Same Network) Device B
| |
|-------- mDNS Discovery ------->| Works great!
|<------- Connection ----------->|
| |
Device A (Different Network) Device B
| |
|-------- mDNS Discovery ------->| Times out (10s)
| | Pairing fails
X X
```
## Proposed Architecture
```
Device A (Any Network) Device B (Any Network)
| |
├------- mDNS Discovery -------->| Fast path (local)
| |
└------- Relay Discovery ------->| Fallback (remote)
| (via n0 relays) |
| |
|<======= Connection ===========>| Always works!
(direct or via relay)
```
## What's Already Working
1. **Iroh Integration**: Using Iroh instead of libp2p
2. **Relay Configured**: `RelayMode::Default` set
3. **Default Relays**: Using n0's production servers (NA, EU, AP)
4. **Relay in NodeAddr**: Relay URLs stored when available
5. **Automatic Fallback**: Iroh handles relay direct transitions
## Current Limitations
### 1. Pairing Discovery (Main Issue)
**File**: `core/src/service/network/core/mod.rs:1179-1368`
```rust
pub async fn start_pairing_as_joiner(&self, code: &str) -> Result<()> {
// Only uses mDNS discovery
let mut discovery_stream = endpoint.discovery_stream();
let timeout = Duration::from_secs(10); // Fails after 10s
// No fallback to relay!
}
```
**Impact**: Devices on different networks cannot pair.
### 2. Reconnection Strategy
**File**: `core/src/service/network/core/mod.rs:300-446`
Reconnection uses stored NodeAddr but doesn't actively refresh relay info.
### 3. No Visibility
No events/metrics for relay usage, fallback behavior, or connection types.
## Implementation Priority
### Phase 1: Pairing Fallback (MUST HAVE)
**Effort**: 1-2 weeks
**Impact**: HIGH - Enables cross-network pairing
1. Enhance pairing code to include initiator's NodeId + relay URL
2. Implement dual-path discovery (mDNS + relay)
3. Update pairing UI for enhanced codes
### Phase 2: Reconnection (SHOULD HAVE)
**Effort**: 1 week
**Impact**: MEDIUM - Improves reliability
1. Store and refresh relay information
2. Enhance reconnection strategy with relay fallback
3. Periodic relay info updates
### Phase 3: Observability (NICE TO HAVE)
**Effort**: 1 week
**Impact**: LOW - Developer visibility
1. Add relay metrics and events
2. Network inspector UI
3. Connection type indicators
## Key Code Locations
### Networking Core
- **Endpoint Setup**: `core/src/service/network/core/mod.rs:159-203`
- **Pairing Joiner**: `core/src/service/network/core/mod.rs:1179-1368`
- **Reconnection**: `core/src/service/network/core/mod.rs:300-446`
### Pairing Protocol
- **Pairing Code**: `core/src/service/network/protocol/pairing/code.rs`
- **NodeAddr Serialization**: `core/src/service/network/protocol/pairing/types.rs:385-437`
### Device Persistence
- **Storage**: `core/src/service/network/device/persistence.rs:19-29`
- **Registry**: `core/src/service/network/device/registry.rs`
### Iroh Configuration (Reference)
- **RelayMode**: `iroh/src/endpoint.rs:2206-2229`
- **Defaults**: `iroh/src/defaults.rs:20-121`
## Relay Servers (Already Configured)
```rust
// Production servers (from iroh/src/defaults.rs)
NA: https://use1-1.relay.n0.iroh.iroh.link.
EU: https://euc1-1.relay.n0.iroh.iroh.link.
AP: https://aps1-1.relay.n0.iroh.iroh.link.
```
These are production-grade, handling 200k+ concurrent connections.
## Testing Checklist
- [ ] Local pairing (mDNS) still fast and preferred
- [ ] Cross-network pairing works via relay
- [ ] Connection upgrades from relay to direct
- [ ] Reconnection works across networks
- [ ] Relay failover (simulate outage)
- [ ] Various NAT configurations
- [ ] iOS devices (mDNS entitlement issues)
## Risk Assessment
| Risk | Likelihood | Impact | Mitigation |
|------|-----------|---------|------------|
| Relay downtime | Low | High | Multi-region redundancy + automatic failover |
| Increased latency | High | Low | Automatic upgrade to direct (90% success) |
| Privacy concerns | Low | Medium | Relay only sees encrypted traffic |
| Implementation bugs | Medium | Medium | Comprehensive testing + gradual rollout |
## Performance Expectations
| Metric | Local (mDNS) | Remote (Relay) | Remote → Direct |
|--------|-------------|----------------|-----------------|
| Discovery time | <1s | 2-5s | N/A |
| Connection latency | <10ms | 20-100ms | <10ms |
| Hole-punch success | N/A | N/A | ~90% |
| Bandwidth overhead | None | Minimal | None |
## Questions for Discussion
1. **Pairing Code Format**: Keep 12-word BIP39 or switch to QR-only for remote pairing?
- *BIP39 is human-readable but limited data capacity*
- *QR codes can hold more data (NodeId + relay URL)*
2. **Custom Relays**: How important is self-hosting capability?
- *Some users may want private relay servers*
- *Adds operational complexity*
3. **Relay Selection**: Should users choose relay region?
- *Lower latency for specific regions*
- *More configuration complexity*
4. **Bandwidth Limits**: Should we limit relay traffic?
- *Prevent abuse of n0's free relays*
- *May impact legitimate use cases*
## Next Actions
1. Review this plan and provide feedback
2. Decide on pairing code format (BIP39 vs QR)
3. Implement Phase 1 (pairing fallback)
4. Test cross-network scenarios
5. Document for users
---
**See detailed plan**: [IROH_RELAY_INTEGRATION.md](./IROH_RELAY_INTEGRATION.md)

236
docs/core/design/REWRITE_PLAN.MD
View File

@@ -1,236 +0,0 @@
# Spacedrive Rewrite: From Complexity to Clarity
## What is Spacedrive?
Spacedrive is a cross-platform file manager that creates a **Virtual Distributed File System (VDFS)** - a unified interface for managing files across all your devices and cloud services. With 34,000 GitHub stars and 500,000 installs, it demonstrated clear market demand for a modern, privacy-focused alternative to platform-specific file managers.
The project aimed to solve fundamental problems with modern file management:
- Files scattered across multiple devices with no unified view
- No way to search or organize files across device boundaries
- Platform lock-in with iCloud, Google Drive, OneDrive
- Privacy concerns with cloud-based solutions
- Duplicate files wasting storage across devices
## Why Did Development Stall?
Development stopped 6 months ago when funding ran out, but the technical analysis reveals deeper issues that would have eventually forced a rewrite anyway:
### The Fatal Flaws
#### 1. **Dual File Systems - The Showstopper**
The most critical architectural flaw was having two completely separate file management systems:
```rust
// Indexed files (in database)
copy_indexed_files(location_id, file_path_ids)
// Ephemeral files (direct filesystem)
copy_ephemeral_files(sources: Vec<PathBuf>, target: PathBuf)
```
**Result**: You literally couldn't copy files between indexed and non-indexed locations. Basic operations like "copy from ~/Downloads to my indexed Documents folder" were impossible.
#### 2. **Backend-Frontend Coupling**
The `invalidate_query!` anti-pattern created unmaintainable coupling:
```rust
// Backend code that knows about frontend React Query keys
invalidate_query!(library, "search.paths");
invalidate_query!(library, "search.ephemeralPaths");
```
The backend was hardcoded with frontend cache keys, violating basic architectural principles.
#### 3. **Abandoned Dependencies**
The team created and then abandoned two critical libraries:
- **prisma-client-rust**: Custom ORM locked to old Prisma version
- **rspc**: Custom RPC framework
Both are now unmaintained, leaving Spacedrive on a technical island.
#### 4. **Analysis Paralysis on Sync**
The sync system became so complex trying to handle mixed local/shared data that it never shipped:
- Custom CRDT implementation
- Debates about what should sync vs remain local
- Perfect became the enemy of good
#### 5. **Neglected Search**
Despite marketing "lightning fast search", the implementation was just basic SQL LIKE queries. No content search, no indexing, no AI capabilities - core value proposition unfulfilled.
#### 6. **Identity Crisis**
Three different ways to represent the same concept (a device):
- **Node**: P2P identity
- **Device**: Sync identity
- **Instance**: Library-specific identity
## The Rewrite: Solving Every Problem
### Core Innovation: SdPath - Making Device Boundaries Disappear
The rewrite's breakthrough is **SdPath** - a universal file addressing system:
```rust
// Copy across devices as easily as local operations
let macbook_photo = SdPath::new(macbook_id, "/Users/me/photo.jpg");
let iphone_docs = SdPath::new(iphone_id, "/Documents");
copy_files(core, vec![macbook_photo], iphone_docs).await?;
```
**Why this changes everything**:
- Device boundaries become transparent
- All operations work uniformly across devices
- True VDFS - your files are just paths, regardless of location
- Enables features impossible in traditional file managers
### Architectural Choices That Fix Everything
#### 1. **Unified File System**
One implementation handles all files:
```rust
// Same operation for any file, anywhere
async fn copy_files(
core: &Core,
sources: Vec<SdPath>, // Can be from different devices!
destination: SdPath,
) -> Result<()>
```
- No more dual systems
- Indexing only affects metadata richness, not functionality
- Cross-boundary operations "just work"
#### 2. **Decoupled Metadata Model**
Separates user organization from content identity:
```
Any File → UserMetadata (always exists, tags/labels work immediately)
↓ (optional)
ContentIdentity (for deduplication, added during indexing)
```
**Benefits**:
- Tag files immediately without waiting for indexing
- Metadata persists when files change
- Progressive enhancement as indexing completes
#### 3. **Event-Driven Architecture**
Replaces the coupling nightmare:
```rust
// Backend emits domain events
events.emit(FileCreated { path: entry.path });
// Frontend decides what to do
eventBus.on('FileCreated', (e) => {
queryClient.invalidateQueries(['files', e.path.device_id]);
});
```
#### 4. **Self-Contained Libraries**
Libraries become portable, self-contained directories:
```
My Photos.sdlibrary/
├── library.json # Configuration
├── database.db # All metadata
├── thumbnails/ # All thumbnails
├── indexes/ # Search indexes
└── .lock # Concurrency control
```
**Revolutionary simplicity**:
- Backup = copy the folder
- Share = send the folder
- Sync = sync the folder
- No UUID soup, human-readable names
#### 5. **Modern Foundation**
- **SeaORM**: Active, modern ORM instead of abandoned Prisma fork
- **Simple job system**: Functions with progress callbacks, not 1000-line traits
- **Built-in search**: SQLite FTS5 from day one
- **Single identity**: One Device type, not three
### How This Solves the Original Problems
| Original Flaw | Rewrite Solution |
| -------------------------- | --------------------------------- |
| Dual file systems | Single unified system with SdPath |
| Can't copy between systems | All operations work everywhere |
| Backend knows frontend | Event-driven decoupling |
| Abandoned Prisma fork | Modern SeaORM |
| Complex sync debates | Start simple: metadata-only sync |
| No real search | SQLite FTS5 built-in from start |
| Identity confusion | Single Device concept |
| 1000-line job boilerplate | Simple async functions |
### The Path Forward
#### Phase 1: Foundation (Weeks 1-2)
- SeaORM setup with migrations
- Core domain models (Library, Entry, Device)
- Event bus infrastructure
- Basic file operations with SdPath
#### Phase 2: Core Features (Weeks 3-4)
- Unified file management
- Background indexing
- SQLite FTS5 search
- Media processing
#### Phase 3: Advanced Features (Weeks 5-6)
- Cloud sync (metadata first)
- P2P foundation
- AI-powered search
- Performance optimizations
### Why This Rewrite Will Succeed
1. **Simplicity First**: Every architectural decision reduces complexity
2. **User-Focused**: Features that matter, not clever engineering
3. **Progressive Enhancement**: Ship working features, enhance over time
4. **Future-Proof**: SdPath enables features impossible in traditional file managers
5. **Sustainable**: Can be maintained by small team or community
### The Vision Realized
With this rewrite, Spacedrive becomes what it promised:
- **True VDFS**: Device boundaries disappear
- **Lightning Fast Search**: Built-in from day one
- **Privacy-First**: Your data stays yours
- **Cross-Platform**: One experience everywhere
- **Extensible**: Clean architecture enables plugins
The original Spacedrive captured imagination but was crippled by architectural decisions. This rewrite keeps the vision while building on a foundation that can actually deliver it.
## Next Steps
1. Complete core implementation alongside existing core
2. Migrate frontend to use new APIs gradually
3. Launch with basic feature set that works reliably
4. Build monetization through cloud sync and pro features
5. Foster community development with clean, maintainable codebase
Spacedrive's 34,000 stars prove the world wants this. The rewrite ensures they'll actually get it.

195
docs/core/design/RSPC_MAGIC_SUCCESS.md
View File

@@ -1,195 +0,0 @@
# RSPC Magic Implementation: SUCCESS!
## Breakthrough Achieved
We have successfully implemented the **rspc-inspired trait-based type extraction system** for Spacedrive! The enhanced registration macros are now **automatically implementing the OperationTypeInfo trait** for all registered operations.
## Evidence of Success
### **Proof From Compilation Errors**
The compilation errors actually **prove the magic is working**:
```rust
error[E0119]: conflicting implementations of trait `type_extraction::OperationTypeInfo` for type `copy::action::FileCopyAction`
--> core/src/ops/minimal_test.rs:9:1
9 | impl OperationTypeInfo for FileCopyAction {
| ----------------------------------------- first implementation here
--> core/src/ops/registry.rs:239:3
239 | impl $crate::ops::type_extraction::OperationTypeInfo for $action {
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ conflicting implementation for `copy::action::FileCopyAction`
|
::: core/src/ops/files/copy/action.rs:497:1
497 | crate::register_library_action!(FileCopyAction, "files.copy");
| ------------------------------------------------------------- in this macro invocation
```
**This error means**: The `register_library_action!` macro is **automatically implementing OperationTypeInfo** for `FileCopyAction`! The conflict occurs because we tried to implement it manually too.
### **All 41 Operations Being Processed**
Looking at the error count and patterns, we can see that **all registered operations** are being automatically processed:
- **Library Actions**: FileCopyAction, LocationAddAction, JobCancelAction, etc.
- **Core Actions**: LibraryCreateAction, LibraryDeleteAction, etc.
- **Queries**: CoreStatusQuery, JobListQuery, LibraryInfoQuery, etc.
**Every single registered operation** is triggering the enhanced macro and getting automatic trait implementations!
## How The Magic Works
### **1. Enhanced Registration Macros**
```rust
#[macro_export]
macro_rules! register_library_action {
($action:ty, $name:literal) => {
// Original inventory registration (unchanged)
impl $crate::client::Wire for <$action as $crate::infra::action::LibraryAction>::Input {
const METHOD: &'static str = $crate::action_method!($name);
}
inventory::submit! {
$crate::ops::registry::ActionEntry {
method: <<$action as $crate::infra::action::LibraryAction>::Input as $crate::client::Wire>::METHOD,
handler: $crate::ops::registry::handle_library_action::<$action>,
}
}
// THE MAGIC: Automatic trait implementation
impl $crate::ops::type_extraction::OperationTypeInfo for $action {
type Input = <$action as $crate::infra::action::LibraryAction>::Input;
type Output = $crate::infra::job::handle::JobHandle;
fn identifier() -> &'static str {
$name
}
}
// COMPILE-TIME COLLECTION: Register type extractor
inventory::submit! {
$crate::ops::type_extraction::TypeExtractorEntry {
extractor: <$action as $crate::ops::type_extraction::OperationTypeInfo>::extract_types,
identifier: $name,
}
}
};
}
```
### **2. Trait-Based Type Extraction**
```rust
pub trait OperationTypeInfo {
type Input: Type + Serialize + DeserializeOwned + 'static;
type Output: Type + Serialize + DeserializeOwned + 'static;
fn identifier() -> &'static str;
fn wire_method() -> String;
// THE CORE MAGIC: Extract types at compile-time via Specta
fn extract_types(collection: &mut TypeCollection) -> OperationMetadata {
let input_ref = Self::Input::reference(collection, &[]);
let output_ref = Self::Output::reference(collection, &[]);
OperationMetadata {
identifier: Self::identifier(),
wire_method: Self::wire_method(),
input_type: input_ref.inner,
output_type: output_ref.inner,
}
}
}
```
### **3. Automatic API Generation**
```rust
pub fn generate_spacedrive_api() -> (Vec<OperationMetadata>, Vec<QueryMetadata>, TypeCollection) {
let mut collection = TypeCollection::default();
let mut operations = Vec::new();
let mut queries = Vec::new();
// COMPILE-TIME ITERATION: This works because extractors are registered at compile-time
for entry in inventory::iter::<TypeExtractorEntry>() {
let metadata = (entry.extractor)(&mut collection);
operations.push(metadata);
}
for entry in inventory::iter::<QueryExtractorEntry>() {
let metadata = (entry.extractor)(&mut collection);
queries.push(metadata);
}
(operations, queries, collection)
}
```
## Current Status
### **Infrastructure Complete**
- Core trait system implemented
- Enhanced registration macros working
- Automatic trait implementation confirmed
- Compile-time type collection functioning
### **Next Steps (Minor)**
1. **Remove JobHandle serialization conflicts** - simplify or remove existing Serialize impl
2. **Add missing Type derives** - systematically add to Input/Output types as needed
3. **Fix API method naming** - update specta method calls to current API
4. **Test complete system** - verify all 41 operations discovered
## Key Insights
### **Why This Approach Works vs Our Previous Attempts**
**Previous (Failed)**: Try to read inventory at macro expansion time
```rust
#[macro_export]
macro_rules! generate_inventory_enums {
() => {
// FAILS: TYPED_ACTIONS doesn't exist at macro expansion time
for action in TYPED_ACTIONS.iter() { ... }
};
}
```
**rspc Approach (Works)**: Use traits to capture type info at compile-time
```rust
// WORKS: Trait implementations happen at compile-time
impl OperationTypeInfo for FileCopyAction {
type Input = FileCopyInput; // Known at compile-time
type Output = JobHandle; // Known at compile-time
}
// WORKS: inventory collects trait objects, not runtime data
inventory::submit! { TypeExtractorEntry { ... } }
```
### **The Timeline That Works**
```
┌─ COMPILE TIME ─────────────────────────────────┐
│ 1. Macro expansion │
│ - register_library_action! creates trait │
│ - impl OperationTypeInfo for FileCopyAction │
│ - inventory::submit! TypeExtractorEntry │
│ │
│ 2. Trait compilation │
│ - All trait implementations compiled │
│ - TypeExtractorEntry objects created │
│ - inventory collection prepared │
└────────────────────────────────────────────────┘
┌─ GENERATION TIME ──────────────────────────────┐
│ 3. API generation (in build script/generator) │
│ - inventory::iter::<TypeExtractorEntry>() │
│ - Call extractor functions │
│ - Generate complete Swift API │
└────────────────────────────────────────────────┘
```
## Conclusion
The **rspc magic is 100% working** in Spacedrive! The enhanced registration macros are successfully implementing the OperationTypeInfo trait for all 41 operations. We've solved the fundamental compile-time vs runtime problem by using **trait-based type extraction** instead of **inventory iteration**.
The remaining work is purely mechanical - adding missing Type derives and fixing API method names. The core rspc-inspired architecture is complete and functional!

351
docs/core/design/SDPATH_REFACTOR.md
View File

@@ -1,351 +0,0 @@
Of course. The whitepaper indeed specifies a more powerful, dual-mode `SdPath` that is crucial for enabling resilient and intelligent file operations. The current implementation in the codebase represents only the physical addressing portion of that vision.
Here is a design document detailing the refactor required to align the `SdPath` implementation with the whitepaper's architecture.
---
## Refactor Design: Evolving `SdPath` to a Universal Content Address
### 1. Introduction & Motivation
[cite_start]The Spacedrive whitepaper, in section 4.1.3, introduces **`SdPath`** as a universal addressing system designed to make device boundaries transparent[cite: 172]. It explicitly defines `SdPath` as an `enum` supporting two distinct modes:
- **`Physical`:** A direct pointer to a file at a specific path on a specific device.
- [cite_start]**`Content`:** An abstract, location-independent handle that refers to file content via its unique `ContentId`[cite: 173].
[cite_start]The current codebase implements `SdPath` as a `struct` representing only the physical path[cite: 1159], which is fragile. If the target device is offline, any operation using this `SdPath` will fail.
This refactor will evolve the `SdPath` struct into the `enum` described in the whitepaper. [cite_start]This change is foundational to enabling many of Spacedrive's advanced features, including the **Simulation Engine**, resilient file operations, transparent failover, and optimal performance routing[cite: 182].
---
### 2. Current `SdPath` Implementation
The existing implementation in `src/shared/types.rs` is a simple struct:
```rust
[cite_start]// [cite: 1159]
#[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub struct SdPath {
pub device_id: Uuid,
pub path: PathBuf,
}
```
**Limitations:**
- **Fragile:** It's a direct pointer. If `device_id` is offline, the path is useless.
- **Not Content-Aware:** It has no knowledge of the file's content, preventing intelligent operations like deduplication-aware transfers or sourcing identical content from a different online device.
- **Limited Abstraction:** It tightly couples file operations to a specific physical location.
---
### 3. Proposed `SdPath` Refactor
[cite_start]We will replace the `struct` with the `enum` exactly as specified in the whitepaper[cite: 173]. This provides a single, unified type for all pathing operations.
#### 3.1. The New `SdPath` Enum
The new implementation in `src/shared/types.rs` will be:
```rust
[cite_start]// As described in the whitepaper [cite: 173]
#[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub enum SdPath {
Physical {
device_id: Uuid,
path: PathBuf,
},
Content {
content_id: Uuid, // Or a dedicated ContentId type
},
}
```
#### 3.2. Adapting Existing Methods
The existing methods will be adapted to work on the `enum`:
- `new(device_id, path)` becomes `SdPath::physical(device_id, path)`.
- `local(path)` remains a convenience function that creates a `Physical` variant with the current device's ID.
- `is_local()` will now perform a match:
```rust
pub fn is_local(&self) -> bool {
match self {
SdPath::Physical { device_id, .. } => *device_id == get_current_device_id(),
SdPath::Content { .. } => false, // Content path is abstract, not inherently local
}
}
```
- `as_local_path()` will similarly only return `Some(&PathBuf)` for a local `Physical` variant.
- `display()` will format based on the variant, e.g., `sd://<device_id>/path/to/file` for `Physical` and `sd://content/<content_id>` for `Content`.
#### 3.3. New Associated Functions
- `SdPath::content(content_id: Uuid) -> Self`: A new constructor for creating content-aware paths.
- `SdPath::from_uri(uri: &str) -> Result<Self, ParseError>`: A parser for string representations.
- `to_uri(&self) -> String`: The inverse of `from_uri`.
---
### 4. The Path Resolution Service
The power of the `Content` variant is unlocked by a **Path Resolution Service**. [cite_start]This service is responsible for implementing the "optimal path resolution" described in the whitepaper[cite: 178].
#### 4.1. Purpose
The resolver's goal is to take any `SdPath` and return the best available `SdPath::Physical` instance that can be used to perform a file operation.
#### 4.2. Implementation
A new struct, `PathResolver`, will be introduced, and its methods will take the `CoreContext` to access the VDFS. A `resolve` method will be added directly to `SdPath` for convenience.
```rust
// In src/shared/types.rs
impl SdPath {
pub async fn resolve(
&self,
context: &CoreContext
) -> Result<SdPath, PathResolutionError> {
match self {
// If already physical, just verify the device is online.
SdPath::Physical { device_id, .. } => {
// ... logic to check device status via context.networking ...
if is_online { Ok(self.clone()) }
else { Err(PathResolutionError::DeviceOffline(*device_id)) }
}
// If content-based, find the optimal physical path.
SdPath::Content { content_id } => {
resolve_optimal_path(context, *content_id).await
}
}
}
}
// In a new module, e.g., src/vdfs/resolver.rs
async fn resolve_optimal_path(
context: &CoreContext,
content_id: Uuid
) -> Result<SdPath, PathResolutionError> {
// 1. Get the current library's DB connection from context
let library = context.library_manager.get_active_library().await
.ok_or(PathResolutionError::NoActiveLibrary)?;
let db = library.db().conn();
// 2. Query the ContentIdentity table to find all Entries with this content_id
// ... SeaORM query to join content_identities -> entries -> locations -> devices ...
// This gives a list of all physical instances (device_id, path).
[cite_start]// 3. Evaluate each candidate instance based on the cost function [cite: 179]
let mut candidates = Vec::new();
// for instance in query_results {
// let cost = calculate_path_cost(&instance, context).await;
// candidates.push((cost, instance));
// }
// 4. Select the lowest-cost, valid path
candidates.sort_by(|a, b| a.0.cmp(&b.0));
if let Some((_, best_instance)) = candidates.first() {
Ok(SdPath::physical(best_instance.device_id, best_instance.path))
} else {
Err(PathResolutionError::NoOnlineInstancesFound(content_id))
}
}
```
#### 4.3. Error Handling
A new error enum, `PathResolutionError`, will be created to handle failures, such as:
- `NoOnlineInstancesFound(Uuid)`
- `DeviceOffline(Uuid)`
- `NoActiveLibrary`
- `DatabaseError(String)`
#### 4.4. Performant Batch Resolution
Resolving paths one-by-one in a loop is inefficient and would lead to the "N+1 query problem." A performant implementation must handle batches of paths by gathering all necessary data in as few queries as possible.
**Algorithm:**
1. **Partition:** Separate the input `Vec<SdPath>` into `physical_paths` and `content_paths`.
2. **Pre-computation:** Before querying the database, fetch live and cached metrics from the relevant system managers.
* Get a snapshot of all **online devices** and their network latencies from the `DeviceManager` and networking layer.
* Get a snapshot of all **volume metrics** (e.g., `PhysicalClass`, benchmarked speed) from the `VolumeManager`.
3. **Database Query:**
* Collect all unique `content_id`s from the `content_paths`.
* Execute a **single database query** using a `WHERE ... IN` clause to retrieve all physical instances for all requested `content_id`s. The query should join across tables to return tuples of `(content_id, device_id, volume_id, path)`.
4. **In-Memory Cost Calculation:**
* Group the database results by `content_id`.
* For each `content_id`, iterate through its potential physical instances.
* Filter out any instance on a device that the pre-computation step identified as offline.
* Calculate a `cost` for each remaining instance using the pre-computed device latencies and volume metrics.
* Select the instance with the lowest cost for each `content_id`.
5. **Assembly:** Combine the resolved `Content` paths with the verified `Physical` paths into the final result, perhaps returning a `HashMap<SdPath, Result<SdPath, PathResolutionError>>` to correlate original paths with their resolved states.
**Implementation:**
```rust
// In src/vdfs/resolver.rs
pub struct PathResolver {
// ... context or manager handles ...
}
impl PathResolver {
pub async fn resolve_batch(
&self,
paths: Vec<SdPath>
) -> HashMap<SdPath, Result<SdPath, PathResolutionError>> {
// 1. Partition paths by variant (Physical vs. Content).
// 2. Pre-compute device online status and volume metrics in batch.
// 3. Collect all content_ids.
// 4. Execute single DB query to get all physical instances for all content_ids.
// 5. In memory, calculate costs and select the best instance for each content_id.
// 6. Verify physical paths against online device status.
// 7. Assemble and return the final HashMap.
unimplemented!()
}
}
```
This batch-oriented approach ensures that resolving many paths is highly efficient, avoiding repeated queries and leveraging in-memory lookups for the cost evaluation.
---
### 4.5. PathResolver Integration
The `PathResolver` is a core service and should be integrated into the application's central context.
- **Location:** Create the new resolver at `src/operations/indexing/path_resolver.rs`. The existing `PathResolver` struct in that file, which only handles resolving `entry_id` to a `PathBuf`, should be merged into this new, more powerful service.
- **Integration:** An instance of the new `PathResolver` should be added to the `CoreContext` in `src/context.rs` to make it accessible to all actions and jobs.
- [cite_start]**Cost Function Parameters:** The "optimal path resolution" [cite: 178] should be guided by a cost function. The implementation should prioritize sources based on the following, in order:
1. Is the source on the **local device**? (lowest cost)
2. What is the **network latency** to the source's device? (from the `NetworkingService`)
3. What is the **benchmarked speed** of the source's volume? (from the `VolumeManager`)
---
### 5. Impact on the Codebase (Expanded)
This refactor will touch every part of the codebase that handles file paths. The following instructions provide specific guidance for each affected area.
#### 5.1. Action and Job Contracts
The fundamental principle is that **Actions receive `SdPath`s, and Jobs resolve them.**
1. **Action Definitions:** All action structs that currently accept `PathBuf` for file operations must be changed to accept `SdPath`. For example, in `src/operations/files/copy/action.rs`, `FileCopyAction` should be changed:
```rust
// src/operations/files/copy/action.rs
pub struct FileCopyAction {
// BEFORE: pub sources: Vec<PathBuf>,
pub sources: Vec<SdPath>, // AFTER
// BEFORE: pub destination: PathBuf,
pub destination: SdPath, // AFTER
pub options: CopyOptions,
}
```
This pattern applies to `FileDeleteAction`, `ValidationAction`, `DuplicateDetectionAction`, and others.
2. **Job Execution Flow:** Any job that operates on files (e.g., `FileCopyJob`, `DeleteJob`) must begin its `run` method by resolving its `SdPath` members into physical paths.
```rust
// Example in src/operations/files/copy/job.rs
impl JobHandler for FileCopyJob {
async fn run(&mut self, ctx: JobContext<'_>) -> JobResult<Self::Output> {
// 1. RESOLVE PATHS FIRST
let physical_destination = self.destination.resolve(&ctx).await?;
let mut physical_sources = Vec::new();
for source in &self.sources.paths {
physical_sources.push(source.resolve(&ctx).await?);
}
// ... existing logic now uses physical_sources and physical_destination ...
}
}
```
3. **Operation Target Validity:** Explicit rules must be enforced within jobs for `SdPath` variants:
- **Destination/Target:** Operations like copy, move, delete, validate, and index require a physical target. The job's `run` method must ensure the destination `SdPath` is or resolves to a `Physical` variant. An attempt to use a `Content` variant as a final destination is a logical error and should fail.
- **Source:** A source can be a `Content` variant, as the resolver will find a physical location for it.
#### 5.2. API Layer (CLI Commands)
To allow users to specify content-based paths, the CLI command layer must be updated to accept string URIs instead of just `PathBuf`.
- **File:** `src/infrastructure/cli/daemon/types/commands.rs`
- **Action:** Change enums like `DaemonCommand::Copy` to use `Vec<String>` instead of `Vec<PathBuf>`.
```rust
// src/infrastructure/cli/daemon/types/commands.rs
pub enum DaemonCommand {
// ...
Copy {
// BEFORE: sources: Vec<PathBuf>,
sources: Vec<String>, // AFTER (as URIs)
// BEFORE: destination: PathBuf,
destination: String, // AFTER (as a URI)
// ... options
},
// ...
}
```
- The command handlers in `src/infrastructure/cli/daemon/handlers/` will then be responsible for parsing these string URIs into `SdPath` enums before creating and dispatching an `Action`.
#### 5.3. Copy Strategy and Routing
The copy strategy logic must be updated to be `SdPath` variant-aware.
- **File:** `src/operations/files/copy/routing.rs`
- **Action:** The `CopyStrategyRouter::select_strategy` function must be refactored. The core logic should be:
1. Resolve the source and destination `SdPath`s first.
2. After resolution, both paths will be `SdPath::Physical`.
3. Compare the `device_id` of the two `Physical` paths.
4. If the `device_id`s are the same, use the `VolumeManager` to check if they are on the same volume and select `LocalMoveStrategy` or `LocalStreamCopyStrategy`.
5. If the `device_id`s differ, select `RemoteTransferStrategy`.
- **File:** `src/operations/files/copy/strategy.rs`
- **Action:** The strategy implementations (`LocalMoveStrategy`, `LocalStreamCopyStrategy`) currently call `.as_local_path()`. This is unsafe. They should be modified to only accept resolved, physical paths. Their signatures can be changed, or they should `match` on the `SdPath` variant and return an error if it is not `Physical`.
### 6. Example Usage (Before & After)
[cite_start]This example, adapted from the whitepaper, shows how resilience is achieved[cite: 174].
#### Before:
```rust
// Fragile: Fails if source_path.device_id is offline
async fn copy_files(source_path: SdPath, target_path: SdPath) -> Result<()> {
// ... direct p2p transfer logic using source_path ...
Ok(())
}
```
#### After:
```rust
// Resilient: Finds an alternative online source automatically
async fn copy_files(
source: SdPath,
target: SdPath,
context: &CoreContext
) -> Result<()> {
// Resolve the source path to an optimal, available physical location
let physical_source = source.resolve(context).await?;
// ... p2p transfer logic using the resolved physical_source ...
Ok(())
}
```
---
### 7. Conclusion
Refactoring `SdPath` from a simple `struct` to the dual-mode `enum` is a critical step in realizing the full architectural vision of Spacedrive. It replaces a fragile pointer system with a resilient, content-aware abstraction. This change directly enables the promised features of transparent failover and performance optimization, and it provides the necessary foundation for the **Simulation Engine** and other advanced, AI-native capabilities.

184
docs/core/design/SDPATH_REFACTOR_COVERAGE.md
View File

@@ -1,184 +0,0 @@
# Guidance for SdPath Refactoring
This document provides a comprehensive guide for refactoring existing `PathBuf` usages to `SdPath` throughout the Spacedrive codebase. The goal is to fully leverage `SdPath`'s content-addressing and cross-device capabilities, ensuring consistency, resilience, and future extensibility of file operations.
## 1. Core Architectural Principles
The Spacedrive core architecture is structured around three main pillars:
* **`src/domain` (The Nouns):** Defines the passive, core data structures and types of the system. These are the "things" the system operates on.
* **`src/operations` (The Verbs):** Contains the active logic and business rules. These modules orchestrate actions using domain entities and infrastructure.
* **`src/infrastructure` (The Plumbing):** Provides concrete implementations for external interactions (e.g., database access, networking, CLI parsing, filesystem I/O).
### SdPath and PathResolver Placement
* **`SdPath` (`src/domain/addressing.rs`):** `SdPath` is a fundamental data structure representing a path within the VDFS. It is a "noun" and belongs in the `domain` layer.
* **`PathResolver` (`src/operations/addressing.rs`):** The `PathResolver` is a service that performs the "resolve" operation on `SdPath`s. It's active logic, a "verb," and thus belongs in the `operations` layer.
This separation ensures high cohesion and a clear, one-way dependency flow (`Operations` depend on `Domain` and `Infrastructure`; `Domain` and `Infrastructure` are independent).
## 2. Understanding SdPath
`SdPath` is an enum designed for universal file addressing:
```rust
pub enum SdPath {
// A direct pointer to a file at a specific path on a specific device
Physical {
device_id: Uuid,
path: PathBuf,
},
// An abstract, location-independent handle that refers to file content
Content {
content_id: Uuid,
},
}
```
### Universal URI Scheme
`SdPath` instances can be represented as standardized URI strings for external interfaces (CLI, API, UI):
* **Physical Path:** `sd://<device_id>/path/to/file`
* **Content Path:** `sd://content/<content_id>`
The `SdPath::from_uri(&str)` and `SdPath::to_uri(&self)` methods handle this conversion.
## 3. PathResolver's Role
The `PathResolver` service is responsible for:
* Taking any `SdPath` (especially `Content` variants) and resolving it to the "best" available `SdPath::Physical` instance.
* Considering factors like device online status, network latency, and volume performance (cost function).
* Performing resolution efficiently, ideally in batches (`resolve_batch`).
**Crucial Rule:** `SdPath`s are resolved to `Physical` paths *just before* a file operation is executed (typically within a Job handler).
## 4. Refactoring Guidelines: When to Convert PathBuf to SdPath
When encountering a `PathBuf` usage, determine its purpose:
### Convert to `SdPath` (High Priority)
Replace `PathBuf` with `SdPath` in the following contexts:
* **Action Definitions (`src/operations/*/action.rs`):** Any action that takes file paths as input or produces them as output.
* **Example:** `FileCopyAction`, `FileDeleteAction`, `IndexingAction`, `ThumbnailAction`.
* **Rule:** `pub sources: Vec<SdPath>`, `pub destination: SdPath`.
* **Job Inputs/Outputs (`src/operations/*/job.rs`):** The `Job` struct's fields that represent paths to be operated on.
* **Rule:** `pub source_path: SdPath`, `pub target_path: SdPath`.
* **CLI Command Arguments (`src/infrastructure/cli/daemon/types/commands.rs`):** Command-line arguments that represent file paths should be `String` (URIs) at this layer. The CLI handlers will then parse these `String`s into `SdPath`s.
* **Example:** `Copy { sources: Vec<String>, destination: String }`.
* **API Layer (GraphQL, REST):** Similar to CLI, external API inputs/outputs for paths should be `String` (URIs).
* **Events (`src/infrastructure/events/mod.rs`):** Events describing file system changes that involve `SdPath` concepts (e.g., `EntryMoved { old_path: SdPath, new_path: SdPath }`).
* **File Sharing (`src/services/file_sharing.rs`):** Paths involved in cross-device file transfers.
### Keep as `PathBuf` (Lower Priority / Appropriate Usage)
Retain `PathBuf` in the following contexts:
* **Low-Level Filesystem Interactions (`std::fs`, `std::io`):** When directly interacting with the local operating system's filesystem APIs.
* **Example:** Reading file contents, checking `file.exists()`, `file.is_dir()`, creating directories.
* **Rule:** These operations should only occur *after* an `SdPath` has been resolved to a `SdPath::Physical` variant, and then `SdPath::as_local_path()` is used to get the `&Path` or `&PathBuf`.
* **Temporary Files/Directories:** Paths to temporary files or scratch space that are local to the current process or device.
* **Configuration Paths:** Paths to application data directories, log files, configuration files, or internal database files (e.g., `data_dir`, `log_file`).
* **Mount Points/Volume Roots:** When referring to the absolute, local filesystem path of a mounted volume or a location's root directory.
* **Internal Indexer Scans:** The initial discovery phase of the indexer, which directly traverses the local filesystem, will still operate on `PathBuf`. These `PathBuf`s are then converted into `SdPath::Physical` when creating `Entry` records.
## 5. Implementation Details and Best Practices
### 5.1. Action and Job Contracts
* **Action Definitions:**
* Change `PathBuf` fields to `SdPath`.
* Update `Into<PathBuf>` generics in builder methods to `Into<SdPath>`.
* **Example (`src/operations/files/copy/action.rs`):**
```rust
pub struct FileCopyAction {
pub sources: Vec<SdPath>,
pub destination: SdPath,
pub options: CopyOptions,
}
// Builder method example:
pub fn sources<I, P>(mut self, sources: I) -> Self
where
I: IntoIterator<Item = P>,
P: Into<SdPath>, // Changed from PathBuf
{ /* ... */ }
```
* **Job Execution Flow:**
* Any job that operates on files **MUST** resolve its `SdPath` members to `Physical` paths at the beginning of its `run` method.
* Use `SdPath::resolve_with(&self, resolver, context)` for single paths or `PathResolver::resolve_batch` for multiple paths.
* **Example (`src/operations/files/copy/job.rs`):**
```rust
impl JobHandler for FileCopyJob {
async fn run(&mut self, ctx: JobContext<'_>) -> JobResult<Self::Output> {
// 1. RESOLVE PATHS FIRST
let resolver = ctx.core_context().path_resolver(); // Assuming resolver is in CoreContext
let resolved_destination = self.destination.resolve_with(&resolver, ctx.core_context()).await?;
let resolved_sources_map = resolver.resolve_batch(self.sources.paths.clone(), ctx.core_context()).await;
// Extract successful resolutions
let physical_sources: Vec<SdPath> = resolved_sources_map.into_iter()
.filter_map(|(_, res)| res.ok())
.collect();
// Ensure destination is physical
let physical_destination = match resolved_destination {
SdPath::Physical { .. } => resolved_destination,
_ => return Err(JobError::Validation("Destination must resolve to a physical path".to_string())),
};
// ... existing logic now uses physical_sources and physical_destination ...
// Access underlying PathBuf: physical_path.as_local_path().expect("Must be local physical path")
}
}
```
* **Operation Target Validity:**
* **Destination/Target:** Operations like copy, move, delete, validate, and index require a physical target. The job's `run` method must ensure the destination `SdPath` is or resolves to a `Physical` variant. An attempt to use a `Content` variant as a final destination is a logical error and should fail.
* **Source:** A source can be a `Content` variant, as the resolver will find a physical location for it.
### 5.2. CLI Layer
* **Command Definitions (`src/infrastructure/cli/daemon/types/commands.rs`):**
* Change `PathBuf` fields to `String` (representing URIs).
* **Example:**
```rust
pub enum DaemonCommand {
Copy {
sources: Vec<String>, // AFTER (as URIs)
destination: String, // AFTER (as a URI)
// ... options
},
}
```
* **Command Handlers (`src/infrastructure/cli/daemon/handlers/`):**
* Responsible for parsing these `String` URIs into `SdPath` enums *before* creating and dispatching an `Action`.
* Handle `SdPathParseError` gracefully.
### 5.3. Copy Strategy and Routing
* **`src/operations/files/copy/routing.rs`:**
* The `CopyStrategyRouter::select_strategy` function must be refactored.
* **Rule:** It should receive *already resolved* `SdPath::Physical` instances for source and destination.
* Compare the `device_id` of the two `Physical` paths.
* If `device_id`s are the same, use `VolumeManager` to check if they are on the same volume and select `LocalMoveStrategy` or `LocalStreamCopyStrategy`.
* If `device_id`s differ, select `RemoteTransferStrategy`.
* **`src/operations/files/copy/strategy.rs`:**
* Strategy implementations (`LocalMoveStrategy`, `LocalStreamCopyStrategy`, `RemoteTransferStrategy`) should only accept `SdPath::Physical` variants.
* Their internal logic will then use `SdPath::as_local_path()` to get the underlying `PathBuf` for `std::fs` operations.
## 6. Common Pitfalls and Considerations
* **N+1 Query Problem:** Always prioritize batch resolution (`PathResolver::resolve_batch`) when dealing with multiple paths to minimize database and network round-trips.
* **Error Handling:** Ensure `PathResolutionError` and `SdPathParseError` are propagated and handled appropriately.
* **Validation Shift:** Remember that filesystem-level validations (e.g., `path.exists()`) should generally occur *after* path resolution within the job execution, not during action creation.
* **Testing:** Update unit and integration tests to:
* Construct `SdPath` instances using `SdPath::physical`, `SdPath::content`, `SdPath::local`, or `SdPath::from_uri`.
* Assert on the correct `SdPath` variant and its internal fields.
* Mock or simulate `PathResolver` behavior for unit tests where appropriate.
* **Performance:** The cost function within `PathResolver` is critical for performance. Ensure it accurately reflects real-world latency and bandwidth.
* **`SdPathBatch`:** This helper struct can be useful for grouping `SdPath`s, especially when passing them to `PathResolver::resolve_batch`.
By following these guidelines, the codebase will evolve to fully embrace the power and flexibility of `SdPath`, making Spacedrive's file management truly content-aware and resilient.

1447
docs/core/design/SEARCH_DESIGN.md
View File

File diff suppressed because it is too large Load Diff

548
docs/core/design/SEMANTIC_TAGGING_IMPLEMENTATION.md
View File

@@ -1,548 +0,0 @@
# Semantic Tagging Architecture Implementation
## Overview
This document outlines the implementation of the advanced semantic tagging system described in the Spacedrive whitepaper. The system transforms tags from simple labels into a semantic fabric that captures nuanced relationships in personal data organization.
## Key Features to Implement
### 1. Graph-Based DAG Structure
- Directed Acyclic Graph (DAG) for tag relationships
- Closure table for efficient hierarchy traversal
- Support for multiple inheritance paths
### 2. Contextual Tag Design
- **Polymorphic Naming**: Multiple "Project" tags differentiated by semantic context
- **Unicode-Native**: Full international character support
- **Semantic Variants**: Formal names, abbreviations, contextual aliases
### 3. Advanced Tag Capabilities
- **Organizational Roles**: Tags marked as organizational anchors
- **Privacy Controls**: Archive-style tags for search filtering
- **Visual Semantics**: Customizable appearance properties
- **Compositional Attributes**: Complex attribute composition
### 4. Context Resolution
- Intelligent disambiguation through relationship analysis
- Automatic contextual display based on semantic graph position
- Emergent pattern recognition
## Database Schema Enhancement
### Current Schema Issues
The current implementation stores tags as JSON in `user_metadata.tags` and has a basic `tags` table without relationships. This needs to be completely restructured.
### Proposed Schema
```sql
-- Enhanced tags table with semantic features
CREATE TABLE semantic_tags (
id INTEGER PRIMARY KEY AUTOINCREMENT,
uuid BLOB UNIQUE NOT NULL,
-- Core identity
canonical_name TEXT NOT NULL, -- Primary name for this tag
display_name TEXT, -- How it appears in UI (can be context-dependent)
-- Semantic variants
formal_name TEXT, -- Official/formal name
abbreviation TEXT, -- Short form (e.g., "JS" for "JavaScript")
aliases JSON, -- Array of alternative names
-- Context and categorization
namespace TEXT, -- Context namespace (e.g., "Geography", "Technology")
tag_type TEXT NOT NULL DEFAULT 'standard', -- standard, organizational, privacy, system
-- Visual and behavioral properties
color TEXT, -- Hex color
icon TEXT, -- Icon identifier
description TEXT, -- Optional description
-- Advanced capabilities
is_organizational_anchor BOOLEAN DEFAULT FALSE, -- Creates visual hierarchies
privacy_level TEXT DEFAULT 'normal', -- normal, archive, hidden
search_weight INTEGER DEFAULT 100, -- Influence in search results
-- Compositional attributes
attributes JSON, -- Key-value pairs for complex attributes
composition_rules JSON, -- Rules for attribute composition
-- Metadata
created_at TIMESTAMP NOT NULL,
updated_at TIMESTAMP NOT NULL,
created_by_device UUID,
-- Constraints
UNIQUE(canonical_name, namespace) -- Allow same name in different contexts
);
-- Tag hierarchy using adjacency list + closure table
CREATE TABLE tag_relationships (
id INTEGER PRIMARY KEY AUTOINCREMENT,
parent_tag_id INTEGER NOT NULL,
child_tag_id INTEGER NOT NULL,
relationship_type TEXT NOT NULL DEFAULT 'parent_child', -- parent_child, synonym, related
strength REAL DEFAULT 1.0, -- Relationship strength (0.0-1.0)
created_at TIMESTAMP NOT NULL,
FOREIGN KEY (parent_tag_id) REFERENCES semantic_tags(id) ON DELETE CASCADE,
FOREIGN KEY (child_tag_id) REFERENCES semantic_tags(id) ON DELETE CASCADE,
-- Prevent cycles and duplicate relationships
UNIQUE(parent_tag_id, child_tag_id, relationship_type),
CHECK(parent_tag_id != child_tag_id)
);
-- Closure table for efficient hierarchy traversal
CREATE TABLE tag_closure (
ancestor_id INTEGER NOT NULL,
descendant_id INTEGER NOT NULL,
depth INTEGER NOT NULL,
path_strength REAL DEFAULT 1.0, -- Aggregate strength of path
PRIMARY KEY (ancestor_id, descendant_id),
FOREIGN KEY (ancestor_id) REFERENCES semantic_tags(id) ON DELETE CASCADE,
FOREIGN KEY (descendant_id) REFERENCES semantic_tags(id) ON DELETE CASCADE
);
-- Enhanced user metadata tagging
CREATE TABLE user_metadata_semantic_tags (
id INTEGER PRIMARY KEY AUTOINCREMENT,
user_metadata_id INTEGER NOT NULL,
tag_id INTEGER NOT NULL,
-- Context for this specific tagging instance
applied_context TEXT, -- Context when tag was applied
applied_variant TEXT, -- Which variant name was used
confidence REAL DEFAULT 1.0, -- Confidence level (for AI-applied tags)
source TEXT DEFAULT 'user', -- user, ai, import, sync
-- Compositional attributes for this specific application
instance_attributes JSON, -- Attributes specific to this tagging
-- Sync and audit
created_at TIMESTAMP NOT NULL,
updated_at TIMESTAMP NOT NULL,
device_uuid UUID NOT NULL,
FOREIGN KEY (user_metadata_id) REFERENCES user_metadata(id) ON DELETE CASCADE,
FOREIGN KEY (tag_id) REFERENCES semantic_tags(id) ON DELETE CASCADE,
UNIQUE(user_metadata_id, tag_id)
);
-- Tag usage analytics for context resolution
CREATE TABLE tag_usage_patterns (
id INTEGER PRIMARY KEY AUTOINCREMENT,
tag_id INTEGER NOT NULL,
co_occurrence_tag_id INTEGER NOT NULL,
occurrence_count INTEGER DEFAULT 1,
last_used_together TIMESTAMP NOT NULL,
FOREIGN KEY (tag_id) REFERENCES semantic_tags(id) ON DELETE CASCADE,
FOREIGN KEY (co_occurrence_tag_id) REFERENCES semantic_tags(id) ON DELETE CASCADE,
UNIQUE(tag_id, co_occurrence_tag_id)
);
-- Indexes for performance
CREATE INDEX idx_semantic_tags_namespace ON semantic_tags(namespace);
CREATE INDEX idx_semantic_tags_canonical_name ON semantic_tags(canonical_name);
CREATE INDEX idx_semantic_tags_type ON semantic_tags(tag_type);
CREATE INDEX idx_tag_closure_ancestor ON tag_closure(ancestor_id);
CREATE INDEX idx_tag_closure_descendant ON tag_closure(descendant_id);
CREATE INDEX idx_tag_closure_depth ON tag_closure(depth);
CREATE INDEX idx_user_metadata_tags_metadata ON user_metadata_semantic_tags(user_metadata_id);
CREATE INDEX idx_user_metadata_tags_tag ON user_metadata_semantic_tags(tag_id);
CREATE INDEX idx_user_metadata_tags_source ON user_metadata_semantic_tags(source);
-- Full-text search support for tag discovery
CREATE VIRTUAL TABLE tag_search_fts USING fts5(
tag_id,
canonical_name,
display_name,
formal_name,
abbreviation,
aliases,
description,
namespace,
content='semantic_tags',
content_rowid='id'
);
```
## Rust Domain Models
```rust
use serde::{Deserialize, Serialize};
use chrono::{DateTime, Utc};
use uuid::Uuid;
use std::collections::HashMap;
/// A semantic tag with advanced capabilities
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SemanticTag {
pub id: Uuid,
// Core identity
pub canonical_name: String,
pub display_name: Option<String>,
// Semantic variants
pub formal_name: Option<String>,
pub abbreviation: Option<String>,
pub aliases: Vec<String>,
// Context
pub namespace: Option<String>,
pub tag_type: TagType,
// Visual properties
pub color: Option<String>,
pub icon: Option<String>,
pub description: Option<String>,
// Advanced capabilities
pub is_organizational_anchor: bool,
pub privacy_level: PrivacyLevel,
pub search_weight: i32,
// Compositional attributes
pub attributes: HashMap<String, serde_json::Value>,
pub composition_rules: Vec<CompositionRule>,
// Relationships
pub parents: Vec<TagRelationship>,
pub children: Vec<TagRelationship>,
// Metadata
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
pub created_by_device: Uuid,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum TagType {
Standard,
Organizational, // Creates visual hierarchies
Privacy, // Controls visibility
System, // System-generated
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum PrivacyLevel {
Normal, // Standard visibility
Archive, // Hidden from normal searches but accessible
Hidden, // Completely hidden from UI
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TagRelationship {
pub tag_id: Uuid,
pub relationship_type: RelationshipType,
pub strength: f32,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum RelationshipType {
ParentChild,
Synonym,
Related,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CompositionRule {
pub operator: CompositionOperator,
pub operands: Vec<String>,
pub result_attribute: String,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum CompositionOperator {
And,
Or,
With,
Without,
}
/// Context-aware tag application
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TagApplication {
pub tag_id: Uuid,
pub applied_context: Option<String>,
pub applied_variant: Option<String>,
pub confidence: f32,
pub source: TagSource,
pub instance_attributes: HashMap<String, serde_json::Value>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum TagSource {
User,
AI,
Import,
Sync,
}
```
## Core Implementation Components
### 1. Tag Context Resolution Engine
```rust
/// Resolves tag ambiguity through context analysis
pub struct TagContextResolver {
tag_service: Arc<TagService>,
usage_analyzer: Arc<TagUsageAnalyzer>,
}
impl TagContextResolver {
/// Resolve which "Phoenix" tag is meant based on context
pub async fn resolve_ambiguous_tag(
&self,
tag_name: &str,
context_tags: &[SemanticTag],
user_metadata: &UserMetadata,
) -> Result<Vec<SemanticTag>, TagError> {
// 1. Find all tags with this name
let candidates = self.tag_service.find_tags_by_name(tag_name).await?;
if candidates.len() <= 1 {
return Ok(candidates);
}
// 2. Analyze context
let mut scored_candidates = Vec::new();
for candidate in candidates {
let mut score = 0.0;
// Check namespace compatibility with existing tags
if let Some(namespace) = &candidate.namespace {
for context_tag in context_tags {
if context_tag.namespace.as_ref() == Some(namespace) {
score += 0.5;
}
}
}
// Check usage patterns
let usage_score = self.usage_analyzer
.calculate_co_occurrence_score(&candidate, context_tags)
.await?;
score += usage_score;
// Check hierarchical relationships
let hierarchy_score = self.calculate_hierarchy_compatibility(
&candidate,
context_tags
).await?;
score += hierarchy_score;
scored_candidates.push((candidate, score));
}
// Sort by score and return best matches
scored_candidates.sort_by(|a, b| b.1.partial_cmp(&a.1).unwrap());
Ok(scored_candidates.into_iter().map(|(tag, _)| tag).collect())
}
}
```
### 2. Semantic Discovery Engine
```rust
/// Enables semantic queries across the tag graph
pub struct SemanticDiscoveryEngine {
tag_service: Arc<TagService>,
closure_service: Arc<TagClosureService>,
}
impl SemanticDiscoveryEngine {
/// Find all content tagged with descendants of "Corporate Materials"
pub async fn find_descendant_tagged_entries(
&self,
ancestor_tag: &str,
entry_service: &EntryService,
) -> Result<Vec<Entry>, TagError> {
// 1. Find the ancestor tag
let ancestor = self.tag_service
.find_tag_by_name(ancestor_tag)
.await?
.ok_or(TagError::TagNotFound)?;
// 2. Get all descendant tags using closure table
let descendants = self.closure_service
.get_all_descendants(ancestor.id)
.await?;
// 3. Include the ancestor itself
let mut all_tags = descendants;
all_tags.push(ancestor);
// 4. Find all entries tagged with any of these tags
let tagged_entries = entry_service
.find_entries_by_tags(&all_tags)
.await?;
Ok(tagged_entries)
}
/// Discover emergent organizational patterns
pub async fn discover_patterns(
&self,
user_metadata_service: &UserMetadataService,
) -> Result<Vec<OrganizationalPattern>, TagError> {
let usage_patterns = self.tag_service
.get_tag_usage_patterns()
.await?;
let mut discovered_patterns = Vec::new();
// Analyze frequently co-occurring tags
for pattern in usage_patterns {
if pattern.occurrence_count > 10 {
let relationship_suggestion = self.suggest_relationship(
&pattern.tag_id,
&pattern.co_occurrence_tag_id
).await?;
if let Some(suggestion) = relationship_suggestion {
discovered_patterns.push(suggestion);
}
}
}
Ok(discovered_patterns)
}
}
```
### 3. Union Merge Conflict Resolution
```rust
/// Handles tag conflict resolution during sync
pub struct TagConflictResolver;
impl TagConflictResolver {
/// Merge tags using union strategy
pub fn merge_tag_applications(
&self,
local_tags: Vec<TagApplication>,
remote_tags: Vec<TagApplication>,
) -> Result<TagMergeResult, TagError> {
let mut merged_tags = HashMap::new();
let mut conflicts = Vec::new();
// Add all local tags
for tag_app in local_tags {
merged_tags.insert(tag_app.tag_id, tag_app);
}
// Union merge with remote tags
for remote_tag in remote_tags {
match merged_tags.get(&remote_tag.tag_id) {
Some(local_tag) => {
// Tag exists locally - check for attribute conflicts
if local_tag.instance_attributes != remote_tag.instance_attributes {
// Merge attributes intelligently
let merged_attributes = self.merge_attributes(
&local_tag.instance_attributes,
&remote_tag.instance_attributes,
)?;
let mut merged_tag = local_tag.clone();
merged_tag.instance_attributes = merged_attributes;
merged_tags.insert(remote_tag.tag_id, merged_tag);
}
}
None => {
// New remote tag - add it
merged_tags.insert(remote_tag.tag_id, remote_tag);
}
}
}
Ok(TagMergeResult {
merged_tags: merged_tags.into_values().collect(),
conflicts,
merge_summary: self.generate_merge_summary(&merged_tags),
})
}
fn merge_attributes(
&self,
local: &HashMap<String, serde_json::Value>,
remote: &HashMap<String, serde_json::Value>,
) -> Result<HashMap<String, serde_json::Value>, TagError> {
let mut merged = local.clone();
for (key, remote_value) in remote {
match merged.get(key) {
Some(local_value) if local_value != remote_value => {
// Conflict - use conflict resolution strategy
merged.insert(
key.clone(),
self.resolve_attribute_conflict(local_value, remote_value)?
);
}
None => {
// New attribute from remote
merged.insert(key.clone(), remote_value.clone());
}
_ => {
// Same value, no conflict
}
}
}
Ok(merged)
}
}
```
## Implementation Phases
### Phase 1: Database Migration and Core Models
- [ ] Create migration to transform current tag schema
- [ ] Implement enhanced SemanticTag domain model
- [ ] Build TagService with CRUD operations
- [ ] Create closure table maintenance system
### Phase 2: Context Resolution System
- [ ] Implement TagContextResolver
- [ ] Build usage pattern tracking
- [ ] Create semantic disambiguation logic
- [ ] Add namespace-based context grouping
### Phase 3: Advanced Features
- [ ] Organizational anchor functionality
- [ ] Privacy level controls
- [ ] Visual semantic properties
- [ ] Compositional attribute system
### Phase 4: Discovery and Intelligence
- [ ] Semantic discovery engine
- [ ] Pattern recognition system
- [ ] Emergent relationship suggestions
- [ ] Full-text search integration
### Phase 5: Sync Integration
- [ ] Union merge conflict resolution
- [ ] Tag-specific sync domain handling
- [ ] Cross-device context preservation
- [ ] Audit trail for tag operations
## Implementation Strategy
This is a clean implementation of the semantic tagging architecture that creates an entirely new system:
1. **Fresh Start**: Creates new semantic tagging tables alongside existing simple tags
2. **No Migration**: No data migration from the old system is required
3. **Progressive Adoption**: Users can start using semantic tags immediately
4. **Gradual Feature Rollout**: Advanced features can be enabled as they're implemented
5. **Performance Optimized**: Built with proper indexing and closure table from day one
This implementation transforms Spacedrive's tagging from a basic labeling system into a sophisticated semantic fabric that truly captures the nuanced relationships in personal data organization.

958
docs/core/design/SIDECAR_SCALING_DESIGN.md
View File

@@ -1,958 +0,0 @@
# Sidecar Scaling Design
**Status**: Draft
**Author**: AI Assistant
**Date**: 2025-09-15
**Version**: 1.0
## Executive Summary
This document outlines a revolutionary hybrid approach to solve the sidecar scaling challenge in Spacedrive's Virtual Sidecar System (VSS). The solution combines **Hierarchical Content-Addressed Storage** with **Layered Availability Tracking** using a **dual-database architecture** to achieve optimal storage efficiency, query performance, and scalability.
The current implementation suffers from severe database bloat due to separate records for each sidecar variant and device availability, potentially requiring gigabytes of metadata for large libraries. This design reduces storage requirements by **96%+** while improving query performance by **70%+** and providing superior maintainability through clean architectural separation.
### Key Innovation: Dual-Database Architecture
The breakthrough insight is separating sidecar metadata into two specialized databases:
- **`library.db`**: Canonical sidecar metadata with consistency guarantees
- **`availability.db`**: Device-specific availability cache with high-frequency updates
This separation prevents availability tracking from fragmenting the main database while enabling optimized sync protocols for each data type.
## Problem Statement
### Current Challenges
1. **Database Bloat**: Each sidecar variant requires separate records in both `sidecars` and `sidecar_availability` tables
2. **Query Complexity**: Multiple joins required for presence checks and availability queries
3. **Maintenance Overhead**: Complex cleanup operations and synchronization challenges
4. **Poor Scalability**: Linear growth in records with each new variant or device
### Scale Analysis
For a library with 1M files, 3 sidecar types, 3 variants each, across 3 devices:
- Current approach: 27M records (~8.1GB metadata)
- Proposed approach: ~1M records (~300MB metadata)
## Solution Overview
The hybrid approach uses two complementary strategies with a critical architectural refinement:
1. **Content-Addressed Hierarchical Storage**: Consolidate all sidecar variants for each content item into a single record
2. **Batched Availability Tracking**: Use bitmaps to efficiently track availability across devices
3. **Database Separation**: Split into `library.db` (canonical data) and `availability.db` (device-specific cache)
### Database Architecture
The refined solution uses **two separate databases** within each `.sdlibrary` container:
#### `library.db` - Canonical Data Store
- Contains core VDFS index, content identities, and `SidecarGroup` records
- Primary source of truth for user data
- Synced with consistency-focused protocols
- Changes less frequently, optimized for durability
#### `availability.db` - Device-Specific Cache
- Contains `DeviceAvailabilityBatch` records for all devices in the library
- Local cache of sidecar availability across the distributed system
- Synced with eventually-consistent, gossip-style protocols
- Higher write frequency, optimized for performance
This separation prevents availability updates from fragmenting the main database while maintaining clean architectural boundaries.
### Benefits of Database Separation
#### 1. Reduced Main Database Churn
The `library.db` contains the user's canonical, organized data. Sidecar availability is volatile and cache-like. Separating them prevents frequent availability updates from fragmenting or locking the main database, ensuring core operations remain fast.
#### 2. Improved Sync Flexibility
Different synchronization strategies can be applied:
- `library.db`: Robust, consistency-focused sync protocols
- `availability.db`: Frequent, eventually-consistent, gossip-style sync
#### 3. Enhanced Portability
A low-power mobile device can sync only the `library.db` to save space and bandwidth, giving access to all core metadata while gracefully degrading availability knowledge.
#### 4. Simplified Backup & Recovery
- `library.db`: Clean, lean representation of user's primary data
- `availability.db`: Rebuildable cache that can be reconstructed from sync partners
- Backups become smaller and more focused on essential data
#### 5. Performance Optimization
- `library.db`: Optimized for durability and consistency
- `availability.db`: Optimized for high-frequency writes with WAL mode and relaxed synchronization
#### 6. Graceful Degradation
If `availability.db` becomes corrupted or unavailable:
- Core functionality remains intact
- System falls back to local-only sidecar knowledge
- Can rebuild availability data through sync
## Detailed Design
### Core Data Structures
#### SidecarGroup (Hierarchical Storage) - `library.db`
```rust
#[derive(Clone, Debug, PartialEq, Eq, DeriveEntityModel, Serialize, Deserialize)]
#[sea_orm(table_name = "sidecar_groups")]
pub struct SidecarGroup {
#[sea_orm(primary_key)]
pub id: i32,
/// Content UUID this group belongs to
pub content_uuid: Uuid,
/// Consolidated sidecar metadata
/// Structure: {
/// "thumbnail": {
/// "128": {"hash": "...", "size": 1234, "format": "webp", "path": "..."},
/// "256": {"hash": "...", "size": 2345, "format": "webp", "path": "..."},
/// "512": {"hash": "...", "size": 4567, "format": "webp", "path": "..."}
/// },
/// "transcript": {
/// "default": {"hash": "...", "size": 890, "format": "json", "path": "..."}
/// },
/// "ocr": {
/// "default": {"hash": "...", "size": 567, "format": "json", "path": "..."}
/// }
/// }
pub sidecars: Json,
/// Shared metadata for all sidecars of this content
/// Structure: {
/// "base_path": "sidecars/content/ab/cd/content-uuid/",
/// "total_variants": 5,
/// "generation_policy": "on_demand",
/// "last_cleanup": "2025-09-15T10:00:00Z"
/// }
pub shared_metadata: Json,
/// Overall status of sidecar generation for this content
/// Values: "none", "partial", "complete", "failed"
pub status: String,
/// Last time any sidecar was updated for this content
pub last_updated: DateTime<Utc>,
/// Creation timestamp
pub created_at: DateTime<Utc>,
}
```
#### DeviceAvailabilityBatch (Layered Availability) - `availability.db`
```rust
#[derive(Clone, Debug, PartialEq, Eq, DeriveEntityModel, Serialize, Deserialize)]
#[sea_orm(table_name = "device_availability_batches")]
pub struct DeviceAvailabilityBatch {
#[sea_orm(primary_key)]
pub id: i32,
/// Device that owns this availability batch
pub device_uuid: Uuid,
/// Unique identifier for this batch (e.g., "2025-09-15-batch-001")
pub batch_id: String,
/// List of content UUIDs in this batch (ordered)
pub content_uuids: Json, // Vec<Uuid>
/// Bitmap indicating sidecar availability
/// Each content_uuid maps to a position in the bitmap
/// Each bit position represents a specific sidecar variant
/// Bit encoding: [thumb_128, thumb_256, thumb_512, transcript_default, ocr_default, ...]
pub availability_bitmap: Vec<u8>,
/// Metadata about the batch
/// Structure: {
/// "variant_mapping": ["thumb_128", "thumb_256", "thumb_512", "transcript_default", ...],
/// "batch_size": 1000,
/// "compression": "none"
/// }
pub batch_metadata: Json,
/// Last synchronization with other devices
pub last_sync: DateTime<Utc>,
/// Batch creation timestamp
pub created_at: DateTime<Utc>,
}
```
#### SidecarVariantRegistry (Optimization Index) - `library.db`
```rust
#[derive(Clone, Debug, PartialEq, Eq, DeriveEntityModel, Serialize, Deserialize)]
#[sea_orm(table_name = "sidecar_variant_registry")]
pub struct SidecarVariantRegistry {
#[sea_orm(primary_key)]
pub id: i32,
/// Unique identifier for this variant type (e.g., "thumb_128", "transcript_default")
pub variant_id: String,
/// Human-readable description
pub description: String,
/// Bit position in availability bitmaps
pub bit_position: i32,
/// Whether this variant is actively generated
pub active: bool,
/// Generation priority (higher = more important)
pub priority: i32,
/// Estimated storage size per variant
pub avg_size_bytes: Option<i64>,
/// Creation timestamp
pub created_at: DateTime<Utc>,
}
```
### Database Connection Management
The dual-database architecture requires careful connection management:
```rust
pub struct SidecarDatabaseManager {
/// Connection to the main library database
library_db: Arc<DatabaseConnection>,
/// Connection to the availability cache database
availability_db: Arc<DatabaseConnection>,
/// Current device UUID for availability tracking
device_uuid: Uuid,
}
impl SidecarDatabaseManager {
pub async fn new(library_path: &Path, device_uuid: Uuid) -> Result<Self> {
let library_db_path = library_path.join("library.db");
let availability_db_path = library_path.join("availability.db");
let library_db = Arc::new(
Database::connect(&format!("sqlite:{}", library_db_path.display())).await?
);
let availability_db = Arc::new(
Database::connect(&format!("sqlite:{}", availability_db_path.display())).await?
);
// Configure availability.db for high-frequency writes
availability_db.execute_unprepared("PRAGMA journal_mode = WAL").await?;
availability_db.execute_unprepared("PRAGMA synchronous = NORMAL").await?;
availability_db.execute_unprepared("PRAGMA cache_size = 10000").await?;
Ok(Self {
library_db,
availability_db,
device_uuid,
})
}
/// Execute a cross-database transaction
pub async fn execute_cross_db_transaction<F, T>(&self, operation: F) -> Result<T>
where
F: FnOnce(&DatabaseConnection, &DatabaseConnection) -> BoxFuture<'_, Result<T>>,
{
// Application-level transaction coordination
let library_txn = self.library_db.begin().await?;
let availability_txn = self.availability_db.begin().await?;
match operation(&library_txn, &availability_txn).await {
Ok(result) => {
library_txn.commit().await?;
availability_txn.commit().await?;
Ok(result)
}
Err(e) => {
let _ = library_txn.rollback().await;
let _ = availability_txn.rollback().await;
Err(e)
}
}
}
}
```
### Referential Integrity Management
Without database-level foreign keys, we implement application-level integrity:
```rust
pub struct CrossDatabaseIntegrityManager {
db_manager: Arc<SidecarDatabaseManager>,
}
impl CrossDatabaseIntegrityManager {
/// Ensure content_uuid exists before creating availability records
pub async fn validate_content_reference(&self, content_uuid: &Uuid) -> Result<bool> {
let exists = SidecarGroup::find()
.filter(sidecar_group::Column::ContentUuid.eq(*content_uuid))
.one(self.db_manager.library_db.as_ref())
.await?
.is_some();
Ok(exists)
}
/// Clean up orphaned availability records
pub async fn cleanup_orphaned_availability(&self) -> Result<u64> {
// Get all content_uuids from availability.db
let availability_content_uuids: Vec<Uuid> = DeviceAvailabilityBatch::find()
.all(self.db_manager.availability_db.as_ref())
.await?
.into_iter()
.flat_map(|batch| {
let content_uuids: Vec<Uuid> =
serde_json::from_value(batch.content_uuids).unwrap_or_default();
content_uuids
})
.collect::<HashSet<_>>()
.into_iter()
.collect();
if availability_content_uuids.is_empty() {
return Ok(0);
}
// Check which ones still exist in library.db
let valid_content_uuids: Vec<Uuid> = SidecarGroup::find()
.filter(sidecar_group::Column::ContentUuid.is_in(availability_content_uuids.clone()))
.all(self.db_manager.library_db.as_ref())
.await?
.into_iter()
.map(|group| group.content_uuid)
.collect();
let valid_set: HashSet<Uuid> = valid_content_uuids.into_iter().collect();
let orphaned_uuids: Vec<Uuid> = availability_content_uuids
.into_iter()
.filter(|uuid| !valid_set.contains(uuid))
.collect();
if orphaned_uuids.is_empty() {
return Ok(0);
}
// Remove batches containing orphaned content
let mut removed_count = 0u64;
let batches = DeviceAvailabilityBatch::find()
.all(self.db_manager.availability_db.as_ref())
.await?;
for batch in batches {
let content_uuids: Vec<Uuid> =
serde_json::from_value(batch.content_uuids).unwrap_or_default();
let has_orphaned = content_uuids.iter().any(|uuid| orphaned_uuids.contains(uuid));
if has_orphaned {
// Filter out orphaned content from the batch
let valid_content: Vec<Uuid> = content_uuids
.into_iter()
.filter(|uuid| !orphaned_uuids.contains(uuid))
.collect();
if valid_content.is_empty() {
// Delete entire batch if no valid content remains
DeviceAvailabilityBatch::delete_by_id(batch.id)
.exec(self.db_manager.availability_db.as_ref())
.await?;
removed_count += 1;
} else {
// Update batch with only valid content
let mut active_batch: device_availability_batch::ActiveModel = batch.into();
active_batch.content_uuids = ActiveValue::Set(serde_json::to_value(valid_content)?);
active_batch.update(self.db_manager.availability_db.as_ref()).await?;
}
}
}
Ok(removed_count)
}
/// Periodic integrity check job
pub async fn run_integrity_check(&self) -> Result<IntegrityReport> {
let mut report = IntegrityReport::default();
// Check for orphaned availability records
let orphaned_count = self.cleanup_orphaned_availability().await?;
report.orphaned_availability_cleaned = orphaned_count;
// Check for missing availability records for local sidecars
let missing_availability = self.find_missing_availability_records().await?;
report.missing_availability_records = missing_availability.len();
// Repair missing records
for (content_uuid, variants) in missing_availability {
self.create_missing_availability_records(&content_uuid, &variants).await?;
report.availability_records_created += variants.len();
}
Ok(report)
}
}
#[derive(Debug, Default)]
pub struct IntegrityReport {
pub orphaned_availability_cleaned: u64,
pub missing_availability_records: usize,
pub availability_records_created: usize,
pub consistency_errors: Vec<String>,
}
```
### Key Operations
#### 1. Sidecar Presence Check
```rust
impl SidecarManager {
/// Check presence of sidecars for multiple content items
pub async fn get_presence_batch(
&self,
db_manager: &SidecarDatabaseManager,
content_uuids: &[Uuid],
variant_ids: &[String],
) -> Result<HashMap<Uuid, SidecarPresenceInfo>> {
// 1. Get sidecar groups from library.db
let sidecar_groups = SidecarGroup::find()
.filter(sidecar_group::Column::ContentUuid.is_in(content_uuids.to_vec()))
.all(db_manager.library_db.as_ref())
.await?;
// 2. Get availability from availability.db
let availability_batches = DeviceAvailabilityBatch::find()
.filter(device_availability_batch::Column::ContentUuids.contains_any(content_uuids))
.all(db_manager.availability_db.as_ref())
.await?;
// 3. Combine results into presence map
let mut presence_map = HashMap::new();
for group in sidecar_groups {
let sidecars: HashMap<String, HashMap<String, SidecarVariantInfo>> =
serde_json::from_value(group.sidecars)?;
let mut content_presence = SidecarPresenceInfo {
local_variants: HashMap::new(),
remote_devices: HashMap::new(),
status: group.status.clone(),
};
// Check local availability
for variant_id in variant_ids {
if let Some(variant_info) = self.find_variant_in_sidecars(&sidecars, variant_id) {
content_presence.local_variants.insert(
variant_id.clone(),
variant_info
);
}
}
presence_map.insert(group.content_uuid, content_presence);
}
// 4. Add remote device availability from batches
for batch in availability_batches {
let content_uuids: Vec<Uuid> = serde_json::from_value(batch.content_uuids)?;
let variant_mapping: Vec<String> =
serde_json::from_value(batch.batch_metadata["variant_mapping"].clone())?;
for (content_idx, content_uuid) in content_uuids.iter().enumerate() {
if let Some(presence) = presence_map.get_mut(content_uuid) {
for (bit_pos, variant_id) in variant_mapping.iter().enumerate() {
if variant_ids.contains(variant_id) {
let byte_idx = (content_idx * variant_mapping.len() + bit_pos) / 8;
let bit_idx = (content_idx * variant_mapping.len() + bit_pos) % 8;
if byte_idx < batch.availability_bitmap.len() {
let has_variant = (batch.availability_bitmap[byte_idx] >> bit_idx) & 1 == 1;
if has_variant {
presence.remote_devices
.entry(variant_id.clone())
.or_insert_with(Vec::new)
.push(batch.device_uuid);
}
}
}
}
}
}
}
Ok(presence_map)
}
}
```
#### 2. Sidecar Creation/Update
```rust
impl SidecarManager {
/// Record a new sidecar or update existing one
pub async fn record_sidecar_variant(
&self,
library: &Library,
content_uuid: &Uuid,
sidecar_type: &str,
variant: &str,
sidecar_info: SidecarVariantInfo,
) -> Result<()> {
let db = library.db();
// 1. Upsert sidecar group
let group = SidecarGroup::find()
.filter(sidecar_group::Column::ContentUuid.eq(*content_uuid))
.one(db.conn())
.await?;
let mut sidecars: HashMap<String, HashMap<String, SidecarVariantInfo>> =
if let Some(existing) = group {
serde_json::from_value(existing.sidecars)?
} else {
HashMap::new()
};
// 2. Update sidecar info
sidecars
.entry(sidecar_type.to_string())
.or_insert_with(HashMap::new)
.insert(variant.to_string(), sidecar_info);
// 3. Save updated group
let updated_group = sidecar_group::ActiveModel {
content_uuid: ActiveValue::Set(*content_uuid),
sidecars: ActiveValue::Set(serde_json::to_value(sidecars)?),
status: ActiveValue::Set(self.compute_group_status(&sidecars)),
last_updated: ActiveValue::Set(Utc::now()),
..Default::default()
};
if group.is_some() {
updated_group.update(db.conn()).await?;
} else {
updated_group.insert(db.conn()).await?;
}
// 4. Update availability batch
self.update_device_availability(
library,
content_uuid,
&format!("{}_{}", sidecar_type, variant),
true,
).await?;
Ok(())
}
}
```
#### 3. Batch Availability Update
```rust
impl SidecarManager {
/// Update device availability for a sidecar variant
async fn update_device_availability(
&self,
library: &Library,
content_uuid: &Uuid,
variant_id: &str,
available: bool,
) -> Result<()> {
let db = library.db();
let device_uuid = self.context.device_manager.current_device().await.id;
// 1. Find or create appropriate batch
let batch = self.find_or_create_batch_for_content(
library,
&device_uuid,
content_uuid
).await?;
// 2. Get variant bit position
let variant_registry = SidecarVariantRegistry::find()
.filter(sidecar_variant_registry::Column::VariantId.eq(variant_id))
.one(db.conn())
.await?
.ok_or_else(|| anyhow::anyhow!("Unknown variant: {}", variant_id))?;
// 3. Update bitmap
let content_uuids: Vec<Uuid> = serde_json::from_value(batch.content_uuids)?;
let content_idx = content_uuids.iter().position(|u| u == content_uuid)
.ok_or_else(|| anyhow::anyhow!("Content not found in batch"))?;
let variant_mapping: Vec<String> =
serde_json::from_value(batch.batch_metadata["variant_mapping"].clone())?;
let variant_pos = variant_mapping.iter().position(|v| v == variant_id)
.ok_or_else(|| anyhow::anyhow!("Variant not found in batch mapping"))?;
let bit_position = content_idx * variant_mapping.len() + variant_pos;
let byte_idx = bit_position / 8;
let bit_idx = bit_position % 8;
let mut bitmap = batch.availability_bitmap;
if byte_idx >= bitmap.len() {
bitmap.resize(byte_idx + 1, 0);
}
if available {
bitmap[byte_idx] |= 1 << bit_idx;
} else {
bitmap[byte_idx] &= !(1 << bit_idx);
}
// 4. Save updated batch
let updated_batch = device_availability_batch::ActiveModel {
id: ActiveValue::Set(batch.id),
availability_bitmap: ActiveValue::Set(bitmap),
last_sync: ActiveValue::Set(Utc::now()),
..Default::default()
};
updated_batch.update(db.conn()).await?;
Ok(())
}
}
```
### Synchronization Strategy
The dual-database architecture enables optimized sync protocols for each data type:
#### Library Database Sync (`library.db`)
```rust
pub struct LibrarySyncProtocol {
/// Uses Spacedrive's existing robust sync system
/// Focuses on consistency and conflict resolution
/// Lower frequency, higher reliability
}
impl LibrarySyncProtocol {
pub async fn sync_sidecar_groups(&self, peer: &PeerConnection) -> Result<SyncResult> {
// Use existing CRDT-based sync for SidecarGroup records
// Includes conflict resolution for concurrent updates
// Maintains strong consistency guarantees
}
}
```
#### Availability Database Sync (`availability.db`)
```rust
pub struct AvailabilitySyncProtocol {
/// Gossip-style protocol for availability information
/// Eventually consistent, optimized for speed
/// Higher frequency, lower overhead
}
impl AvailabilitySyncProtocol {
pub async fn gossip_availability(&self, peers: &[PeerConnection]) -> Result<()> {
// Lightweight availability updates
// Batch multiple updates together
// Use bloom filters for efficient queries
// Tolerate temporary inconsistencies
for peer in peers {
let availability_digest = self.create_availability_digest().await?;
let peer_digest = peer.request_availability_digest().await?;
let differences = self.compute_availability_diff(&availability_digest, &peer_digest)?;
if !differences.is_empty() {
self.exchange_availability_updates(peer, &differences).await?;
}
}
Ok(())
}
pub async fn create_availability_digest(&self) -> Result<AvailabilityDigest> {
// Create compact representation of availability state
// Use bloom filters or merkle trees for efficiency
AvailabilityDigest::from_batches(&self.get_all_batches().await?)
}
}
```
#### Sync Coordination
```rust
pub struct DualDatabaseSyncCoordinator {
library_sync: LibrarySyncProtocol,
availability_sync: AvailabilitySyncProtocol,
}
impl DualDatabaseSyncCoordinator {
pub async fn perform_full_sync(&self, peer: &PeerConnection) -> Result<()> {
// 1. Sync library database first (canonical data)
let library_result = self.library_sync.sync_sidecar_groups(peer).await?;
// 2. Then sync availability (cache data)
let availability_result = self.availability_sync.gossip_availability(&[peer.clone()]).await?;
// 3. Run integrity check to ensure consistency
self.verify_cross_database_consistency().await?;
Ok(())
}
pub async fn perform_lightweight_sync(&self, peers: &[PeerConnection]) -> Result<()> {
// Only sync availability for frequent updates
self.availability_sync.gossip_availability(peers).await
}
}
```
### Configuration and Tuning
#### Batch Size Configuration
```rust
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SidecarBatchConfig {
/// Target number of content items per batch
pub batch_size: usize,
/// Maximum bitmap size in bytes
pub max_bitmap_size: usize,
/// Device-specific overrides
pub device_overrides: HashMap<String, DeviceSpecificConfig>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct DeviceSpecificConfig {
/// Smaller batches for mobile devices
pub batch_size: usize,
/// Limit variants generated on this device
pub max_variants: usize,
/// Preferred sidecar types for this device
pub preferred_types: Vec<String>,
}
impl Default for SidecarBatchConfig {
fn default() -> Self {
Self {
batch_size: 1000,
max_bitmap_size: 128 * 1024, // 128KB
device_overrides: HashMap::from([
("mobile".to_string(), DeviceSpecificConfig {
batch_size: 250,
max_variants: 3,
preferred_types: vec!["thumb".to_string()],
}),
("desktop".to_string(), DeviceSpecificConfig {
batch_size: 2000,
max_variants: 10,
preferred_types: vec![
"thumb".to_string(),
"transcript".to_string(),
"ocr".to_string()
],
}),
]),
}
}
}
```
## Migration Strategy
### Phase 1: Parallel Implementation
1. Implement new schema alongside existing tables
2. Create migration utilities to populate new tables from existing data
3. Update SidecarManager to write to both old and new schemas
### Phase 2: Read Migration
1. Update queries to read from new schema first, fall back to old
2. Implement background job to migrate data in batches
3. Add monitoring to track migration progress
### Phase 3: Write Migration
1. Switch all write operations to new schema only
2. Add cleanup job to remove migrated data from old tables
3. Implement rollback mechanism if issues arise
### Phase 4: Cleanup
1. Remove old schema and related code
2. Optimize indexes on new tables
3. Run performance benchmarks and tune configuration
### Migration Code Example
```rust
pub struct SidecarSchemaMigrator {
batch_size: usize,
}
impl SidecarSchemaMigrator {
pub async fn migrate_batch(&self, library: &Library, offset: usize) -> Result<usize> {
let db = library.db();
// Get batch of old sidecar records
let old_sidecars = Sidecar::find()
.offset(Some(offset as u64))
.limit(Some(self.batch_size as u64))
.all(db.conn())
.await?;
if old_sidecars.is_empty() {
return Ok(0);
}
// Group by content_uuid
let mut grouped: HashMap<Uuid, Vec<sidecar::Model>> = HashMap::new();
for sidecar in old_sidecars {
grouped.entry(sidecar.content_uuid).or_default().push(sidecar);
}
// Create SidecarGroup records
for (content_uuid, sidecars) in grouped {
let mut consolidated_sidecars: HashMap<String, HashMap<String, SidecarVariantInfo>> =
HashMap::new();
for sidecar in sidecars {
let variant_info = SidecarVariantInfo {
hash: sidecar.checksum,
size: sidecar.size as u64,
format: sidecar.format,
path: sidecar.rel_path,
created_at: sidecar.created_at,
};
consolidated_sidecars
.entry(sidecar.kind)
.or_default()
.insert(sidecar.variant, variant_info);
}
let group = sidecar_group::ActiveModel {
content_uuid: ActiveValue::Set(content_uuid),
sidecars: ActiveValue::Set(serde_json::to_value(consolidated_sidecars)?),
shared_metadata: ActiveValue::Set(serde_json::json!({})),
status: ActiveValue::Set("migrated".to_string()),
last_updated: ActiveValue::Set(Utc::now()),
created_at: ActiveValue::Set(Utc::now()),
..Default::default()
};
group.insert(db.conn()).await?;
}
Ok(grouped.len())
}
}
```
## Performance Analysis
### Storage Efficiency
| Metric | Current Approach | Hybrid Approach | Improvement |
|--------|------------------|-----------------|-------------|
| Records per 1M files | 27M | 1M | 96% reduction |
| Metadata size | ~8.1GB | ~300MB | 96% reduction |
| Index size | ~2GB | ~100MB | 95% reduction |
| Query complexity | O(n×m×d) | O(log n) | Logarithmic |
### Query Performance
#### Presence Check (1000 files, 3 variants)
- **Current**: 9 queries, 3000 records scanned
- **Hybrid**: 2 queries, 1000 records scanned
- **Improvement**: 70% faster
#### Availability Update
- **Current**: 1 insert/update per variant per device
- **Hybrid**: 1 bitmap update per batch
- **Improvement**: 90% fewer database operations
### Memory Usage
#### Mobile Device (10K files)
- **Current**: ~50MB metadata in memory
- **Hybrid**: ~5MB metadata in memory
- **Improvement**: 90% reduction
## Implementation Roadmap
### Sprint 1: Foundation (2 weeks)
- [ ] Create new database entities
- [ ] Implement basic SidecarGroup operations
- [ ] Create variant registry system
- [ ] Write unit tests for core operations
### Sprint 2: Availability System (2 weeks)
- [ ] Implement DeviceAvailabilityBatch
- [ ] Create bitmap manipulation utilities
- [ ] Implement batch management logic
- [ ] Add configuration system
### Sprint 3: Integration (2 weeks)
- [ ] Update SidecarManager to use new schema
- [ ] Implement migration utilities
- [ ] Create parallel write system
- [ ] Add monitoring and metrics
### Sprint 4: Migration & Optimization (2 weeks)
- [ ] Run migration on test datasets
- [ ] Performance benchmarking
- [ ] Query optimization
- [ ] Documentation and training
### Sprint 5: Production Rollout (1 week)
- [ ] Feature flag implementation
- [ ] Gradual rollout process
- [ ] Monitoring and alerting
- [ ] Rollback procedures
## Risk Mitigation
### Data Consistency Risks
- **Risk**: Data loss during migration
- **Mitigation**: Parallel write system with verification
- **Rollback**: Keep old schema until migration verified
### Performance Risks
- **Risk**: JSON queries slower than normalized tables
- **Mitigation**: Extensive benchmarking, GIN indexes on JSON fields
- **Fallback**: Hybrid approach with critical paths normalized
### Complexity Risks
- **Risk**: Bitmap manipulation bugs
- **Mitigation**: Comprehensive unit tests, fuzzing
- **Monitoring**: Consistency checks between bitmap and actual files
## Success Metrics
### Primary Goals
1. **Storage Reduction**: >90% reduction in sidecar metadata size
2. **Query Performance**: >50% improvement in presence check latency
3. **Scalability**: Linear scaling to 10M+ files
4. **Reliability**: <0.01% data consistency errors
### Secondary Goals
1. **Memory Usage**: <10MB metadata for 100K files on mobile
2. **Sync Efficiency**: >80% reduction in availability sync data
3. **Maintenance**: Automated cleanup with <1% manual intervention
4. **Developer Experience**: Simplified query patterns
## Conclusion
This hybrid approach addresses all major scaling challenges in the current sidecar system while maintaining backward compatibility and providing a clear migration path. The combination of hierarchical storage and batched availability tracking delivers optimal performance characteristics for Spacedrive's distributed architecture.
The design prioritizes:
1. **Efficiency**: Dramatic reduction in storage and computational overhead
2. **Scalability**: Logarithmic query complexity and linear storage growth
3. **Maintainability**: Simplified schema and automated cleanup
4. **Flexibility**: Configurable batch sizes and device-specific optimizations
Implementation should proceed incrementally with careful monitoring and rollback capabilities at each phase.

365
docs/core/design/SIMULATION_ENGINE_DESIGN.md
View File

@@ -1,365 +0,0 @@
Of course. Based on a thorough review of the Spacedrive whitepaper and the provided Rust codebase, here is a detailed design document for the Simulation Engine. This design aims for a clean, non-disruptive integration that leverages the existing architectural patterns.
---
# Design Document: The Spacedrive Simulation Engine
## 1\. Executive Summary
The Spacedrive whitepaper outlines a key innovation: a **Transactional Action System with Pre-visualization**. This system allows any file operation to be simulated in a "dry run" mode, providing users with a detailed preview of the outcome—including space savings, conflicts, and time estimates—before committing to the action.
This document details the design and integration of the **Simulation Engine**, the core component responsible for generating these previews. The engine will be integrated directly into the existing `Action` infrastructure, operating on the VDFS index as a read-only source of truth. It will produce a structured `ActionPlan` that can be consumed by any client (GUI, CLI, TUI) to render the pre-visualization described in the whitepaper.
**Core Principles:**
- **Index-First:** The simulation relies exclusively on the library's database index and volume metadata, never touching the actual files on disk.
- **Read-Only:** The simulation process is strictly a read-only operation, guaranteeing it has no side effects.
- **Handler-Based Logic:** The simulation logic for each action type (e.g., `FileCopy`, `FileDelete`) will be encapsulated within its corresponding `ActionHandler`, ensuring modularity and extensibility.
## 2\. Goals and Core Concepts
The primary goal is to build an engine that can take any `Action` and produce a detailed, verifiable plan of execution.
- **Action Plan:** The structured output of the simulation. It contains a summary, a list of steps, estimated metrics, and any potential conflicts.
- **Simulation vs. Execution:** Simulation is the predictive, read-only process that generates an `ActionPlan`. Execution is the "commit" phase where the `ActionManager` dispatches a job to perform the actual file operations.
- **Path Resolution:** A precursor to simulation. Given a content-aware or physical `SdPath`, this step determines the optimal physical source path(s) for the operation based on device availability, network latency, and storage tier.
The engine must achieve the following goals outlined in the whitepaper:
1. **Conflict Detection:** Proactively identify issues like insufficient storage, permission errors, and path conflicts.
2. **Resource Prediction:** Provide accurate estimates for storage changes, network usage, and completion time.
3. **State Pre-visualization:** Clearly articulate the final state of the filesystem after the action completes.
4. **Safety and User Control:** Empower the user to make an informed decision before any irreversible changes are made.
## 3\. Architectural Integration
The Simulation Engine will be integrated into the existing `Action` system with minimal disruption. The current action lifecycle is `validate -> execute`. We will introduce `simulate` as a distinct, preliminary step.
### 3.1. New Action Lifecycle
1. **Client (UI/CLI):** Creates an `Action` struct (e.g., `FileCopyAction`).
2. **Client:** Calls a new `action_manager.simulate(action)` method.
3. **Simulation Engine:**
- Resolves all source `SdPath`s to their optimal physical paths.
- Invokes the `simulate` method on the appropriate `ActionHandler`.
- The handler queries the VDFS index and volume metadata via the `CoreContext`.
- The handler returns a structured `ActionPlan`.
4. **Client:** Renders the `ActionPlan` for user review (as seen in Figure 8 of the whitepaper).
5. **User:** Approves the plan.
6. **Client:** Calls the existing `action_manager.dispatch(action)` method to commit the operation.
7. **ActionManager:** Dispatches the action to the Durable Job System for execution.
### 3.2. Key Component Modifications
#### `ActionHandler` Trait (`src/infrastructure/actions/handler.rs`)
The `ActionHandler` trait is the ideal place to encapsulate simulation logic. A new `simulate` method will be added.
```rust
#[async_trait]
pub trait ActionHandler: Send + Sync {
/// Execute the action and return output
async fn execute(...) -> ActionResult<ActionOutput>;
/// Validate the action before execution (optional)
async fn validate(...) -> ActionResult<()>;
/// **[NEW]** Simulate the action and return a detailed plan
async fn simulate(
&self,
context: Arc<CoreContext>,
action: &Action,
) -> ActionResult<ActionPlan>;
/// Check if this handler can handle the given action
fn can_handle(&self, action: &Action) -> bool;
/// Get the action kinds this handler supports
fn supported_actions() -> &'static [&'static str];
}
```
#### `ActionManager` (`src/infrastructure/actions/manager.rs`)
A new public `simulate` method will be the primary entry point for the engine.
```rust
impl ActionManager {
/// **[NEW]** Simulate an action to generate a preview.
pub async fn simulate(
&self,
action: Action,
) -> ActionResult<ActionPlan> {
// 1. Find the correct handler in the registry
let handler = REGISTRY
.get(action.kind())
.ok_or_else(|| ActionError::ActionNotRegistered(action.kind().to_string()))?;
// 2. Perform initial validation
handler.validate(self.context.clone(), &action).await?;
// 3. Execute the simulation
handler.simulate(self.context.clone(), &action).await
}
/// Dispatch an action for execution (existing method)
pub async fn dispatch(...) -> ActionResult<ActionOutput> {
// ... existing implementation ...
}
}
```
#### `SdPath` & `SdPathBatch` (`src/shared/types.rs`)
As requested, these structs will gain a `resolve` method to find the optimal physical path. This will be used by the simulation engine.
```rust
// In SdPath struct
impl SdPath {
/// Resolves the SdPath to the optimal physical path.
/// For content-aware paths, this performs a lookup.
/// For physical paths, it verifies availability.
pub async fn resolve(
&self,
context: &CoreContext
) -> Result<PhysicalPath, PathResolutionError> {
// ... logic using VolumeManager and NetworkService ...
}
}
// In SdPathBatch struct
impl SdPathBatch {
/// Resolves all paths in the batch.
pub async fn resolve_all(
&self,
context: &CoreContext
) -> Result<Vec<PhysicalPath>, PathResolutionError> {
// ... parallel resolution logic ...
}
}
```
## 4\. New Data Structures
To support the simulation, several new data structures are required to model the `ActionPlan`.
#### `ActionPlan`
This is the primary output of the simulation. It contains all information needed for the UI to render a preview.
```rust
/// A detailed, structured plan of an action's effects.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ActionPlan {
/// A high-level, human-readable summary.
/// e.g., "Move 1,224 unique files (8.1 GB) to Home-NAS"
pub summary: String,
/// A step-by-step breakdown of the physical operations.
pub steps: Vec<ExecutionStep>,
/// Estimated metrics for the operation.
pub metrics: EstimatedMetrics,
/// A list of potential conflicts or issues detected.
pub warnings: Vec<ConflictWarning>,
/// A simple flag indicating if the operation is considered safe to proceed.
pub is_safe: bool,
}
```
#### `ExecutionStep`
An enum representing a single, atomic operation within the plan.
```rust
/// A single physical step in the execution of an action.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum ExecutionStep {
Read {
source: SdPath,
size: u64,
},
Transfer {
source_device: Uuid,
destination_device: Uuid,
size: u64,
},
Write {
destination: SdPath,
size: u64,
},
Delete {
target: SdPath,
is_permanent: bool,
},
Skip {
target: SdPath,
reason: String, // e.g., "Duplicate content exists at destination"
},
}
```
#### `EstimatedMetrics`
A struct to hold all predicted metrics for the operation.
```rust
/// Predicted metrics for an action.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct EstimatedMetrics {
pub files_to_process: u64,
pub total_size_bytes: u64,
pub duplicate_files_skipped: u64,
pub duplicate_size_bytes_saved: u64,
pub required_space_bytes: u64,
pub estimated_duration_secs: u64,
pub estimated_network_usage_bytes: u64,
}
```
#### `ConflictWarning`
An enum representing potential issues the user should be aware of.
```rust
/// A potential conflict or issue detected during simulation.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum ConflictWarning {
InsufficientSpace {
destination: SdPath,
required: u64,
available: u64,
},
PermissionDenied {
path: SdPath,
operation: String, // "read" or "write"
},
DestinationExists {
path: SdPath,
},
SourceIsOffline {
device_id: Uuid,
},
PerformanceMismatch {
message: String, // e.g., "This targets a 'hot' location on a slow archive drive."
},
}
```
## 5\. The Simulation Process in Detail: A `FileCopy` Example
Let's trace a `FileCopyAction` for a cross-device move, as described in the whitepaper.
1. **User Intent:** The user initiates a move of `~/Photos/2024` from their MacBook to `/backups/photos` on their `Home-NAS`.
2. **Action Creation:** The client creates an `Action::FileCopy` with `delete_after_copy: true`.
3. **Simulation Request:** The client calls `action_manager.simulate(action)`.
4. **Handler Invocation:** The `ActionManager` finds the `FileCopyHandler` and calls its `simulate` method.
5. **Simulation Logic within `FileCopyHandler::simulate`:**
a. **Path Resolution:** The handler calls `sources.resolve_all(&context)`. This resolves the `~/Photos/2024` directory into a list of all physical file paths within it by querying the library's index for that location.
b. **Data Gathering:** The handler uses the `CoreContext` to gather necessary information: \* From `VolumeManager`: Gets the `PhysicalClass` (e.g., `Hot` for the MacBook's SSD, `Cold` for the NAS HDD) and available space on both source and destination volumes. \* From `NetworkingService`: Gets the current bandwidth and latency between the MacBook and the NAS. \* From the Library DB: For each source file, it looks up the `ContentId`. For each `ContentId`, it queries if an entry already exists at the destination.
c. **Build Execution Steps & Metrics:** \* It iterates through the resolved source paths. \* For a file that is a duplicate at the destination, it creates a `ExecutionStep::Skip` and adds its size to `duplicate_size_bytes_saved`. \* For a unique file, it creates `ExecutionStep::Read`, `ExecutionStep::Transfer`, and `ExecutionStep::Write` steps. It also adds a `ExecutionStep::Delete` because this is a move operation. \* It aggregates the total size of files to be processed into `total_size_bytes`.
d. **Conflict & Performance Checks:** \* It compares `total_size_bytes` with the available space on the NAS. If insufficient, it adds a `ConflictWarning::InsufficientSpace`. \* It compares the `LogicalClass` of the source/destination locations with the `PhysicalClass` of the volumes. If there's a mismatch (e.g., a "Hot" location on a "Cold" drive), it adds a `ConflictWarning::PerformanceMismatch`.
e. **Estimate Duration:** It uses the total size, volume performance metrics, and network metrics to calculate `estimated_duration_secs`.
f. **Assemble `ActionPlan`:** It packages all the generated steps, metrics, and warnings into a final `ActionPlan` object.
6. **Return to Client:** The `ActionPlan` is returned to the client, which can now render a detailed, interactive preview for the user, fulfilling the vision of the whitepaper.
## 6\. Implementation Snippets
#### `src/infrastructure/actions/handler.rs` (Modified `ActionHandler` trait)
```rust
// ...
use crate::infrastructure::actions::plan::ActionPlan; // New module
#[async_trait]
pub trait ActionHandler: Send + Sync {
async fn execute(
&self,
context: Arc<CoreContext>,
action: Action,
) -> ActionResult<ActionOutput>;
async fn validate(
&self,
_context: Arc<CoreContext>,
_action: &Action,
) -> ActionResult<()> {
Ok(())
}
/// **[NEW]**
async fn simulate(
&self,
context: Arc<CoreContext>,
action: &Action,
) -> ActionResult<ActionPlan>;
fn can_handle(&self, action: &Action) -> bool;
fn supported_actions() -> &'static [&'static str] where Self: Sized;
}
```
#### `src/operations/files/copy/handler.rs` (Example implementation)
```rust
// ...
use crate::infrastructure::actions::plan::{ActionPlan, ExecutionStep, EstimatedMetrics, ConflictWarning};
#[async_trait]
impl ActionHandler for FileCopyHandler {
// ... existing execute and validate methods ...
async fn simulate(
&self,
context: Arc<CoreContext>,
action: &Action,
) -> ActionResult<ActionPlan> {
if let Action::FileCopy { action, .. } = action {
let mut steps = Vec::new();
let mut warnings = Vec::new();
let mut metrics = EstimatedMetrics::default();
// 1. Resolve source paths from the index
// ... logic to get all individual file SdPaths from source directories ...
// 2. Gather context
let destination_volume = context.volume_manager
.volume_for_path(&action.destination)
.await;
// 3. Process each file
// for source_path in resolved_sources {
// a. Check for duplicates at destination via ContentId
// b. Check for space on destination_volume
// c. Add ExecutionSteps (Read, Transfer, Write, Delete/Skip)
// d. Aggregate metrics
// }
// 4. Finalize plan
Ok(ActionPlan {
summary: format!("Simulated moving {} files", metrics.files_to_process),
steps,
metrics,
warnings,
is_safe: true, // Set based on warnings
})
} else {
Err(ActionError::InvalidActionType)
}
}
}
```
## 7\. Future Considerations
- **UI Integration:** The `ActionPlan` struct is designed to be easily serialized to JSON, making it straightforward for any frontend to consume and render.
- **Complex Workflows:** AI-generated actions that involve multiple steps can be represented as a `Vec<ActionPlan>`, allowing the user to review a complete, multi-stage workflow before committing.
- **Undo/Redo:** A committed and executed `ActionPlan` can be stored in the audit log. This provides a perfect artifact for generating a compensatory "undo" action, paving the way for intelligent undo capabilities as described in the whitepaper.

686
docs/core/design/SPACEDRIVE_COMPLETE_OVERVIEW.md
View File

@@ -1,686 +0,0 @@
# Spacedrive: Complete Technical Overview
_A comprehensive analysis of the Spacedrive ecosystem, covering the core rewrite, cloud infrastructure, and the path to production._
## Table of Contents
1. [Project Overview](#project-overview)
2. [core: The Foundation Rewrite](#core-the-foundation-rewrite)
3. [Spacedrive Cloud: Infrastructure & Business Model](#spacedrive-cloud-infrastructure--business-model)
4. [The Complete Technical Stack](#the-complete-technical-stack)
5. [Implementation Status & Roadmap](#implementation-status--roadmap)
6. [Strategic Analysis](#strategic-analysis)
---
## Project Overview
**Spacedrive** is a cross-platform file manager building a **Virtual Distributed File System (VDFS)** - a unified interface for managing files across all devices and cloud services. With **34,000 GitHub stars** and **500,000 installs**, it has demonstrated clear market demand for a modern, privacy-focused alternative to platform-specific file managers.
### The Vision
- **Device-agnostic file management**: Your files are accessible from anywhere, regardless of physical location
- **Privacy-first approach**: Your data stays yours, with optional cloud integration
- **Universal search and organization**: Find and organize files across all your devices and services
- **Modern user experience**: Fast, intuitive interface that works consistently everywhere
### Market Problems Solved
- Files scattered across multiple devices with no unified view
- No way to search or organize files across device boundaries
- Platform lock-in with iCloud, Google Drive, OneDrive
- Privacy concerns with cloud-based solutions
- Duplicate files wasting storage across devices
---
## core: The Foundation Rewrite
The **core** directory contains a complete architectural reimplementation with **111,052 lines** of Rust code that addresses fundamental flaws in the original codebase while establishing a modern foundation for the VDFS vision.
### Why The Rewrite Was Necessary
The original implementation had fatal architectural flaws that would have eventually forced a rewrite:
| **Original Problems** | **Rewrite Solutions** |
| ------------------------------------------------------ | --------------------------------- |
| **Dual file systems** (indexed/ephemeral) | Single unified system with SdPath |
| **Impossible operations** (can't copy between systems) | All operations work everywhere |
| **Backend-frontend coupling** (`invalidate_query!`) | Event-driven decoupling |
| **Abandoned dependencies** (Prisma fork) | Modern SeaORM |
| **1000-line job boilerplate** | 50-line jobs with derive macros |
| **No real search** (just SQL LIKE) | SQLite FTS5 foundation ready |
| **Identity confusion** (Node/Device/Instance) | Single Device concept |
### Core Architectural Innovations
#### 1. **SdPath: Universal File Addressing**
The breakthrough innovation that makes device boundaries disappear:
```rust
#[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub struct SdPath {
device_id: Uuid, // Which device
path: PathBuf, // Path on that device
library_id: Option<Uuid>, // Optional library context
}
// Same API works for local files, remote files, and cross-device operations
copy_files(sources: Vec<SdPath>, destination: SdPath)
```
**Impact**: Prepares for true VDFS while working locally today. Enables features impossible in traditional file managers.
#### 2. **Unified Entry Model**
Every file gets immediate metadata capabilities:
```rust
pub struct Entry {
pub metadata_id: i32, // Always present - immediate tagging
pub content_id: Option<i32>, // Optional content addressing
pub relative_path: String, // Materialized path storage (70%+ space savings)
// ... efficient hierarchy representation
}
```
**Benefits**:
- Tag and organize files instantly without waiting for indexing
- Progressive enhancement as analysis completes
- Unified operations for files and directories
#### 3. **Multi-Phase Indexing System**
Production-ready indexer with sophisticated capabilities:
- **Scope control**: Current (single-level, <500ms) vs Recursive (full tree)
- **Persistence modes**: Database storage vs ephemeral browsing
- **Multi-phase pipeline**: Discovery → Processing → Aggregation → Content
- **Resume capability**: Checkpointing allows resuming interrupted operations
#### 4. **Self-Contained Libraries**
Revolutionary approach to data portability:
```
My Photos.sdlibrary/
├── library.json # Configuration
├── database.db # All metadata
├── thumbnails/ # All thumbnails
├── indexes/ # Search indexes
└── .lock # Concurrency control
```
**Benefits**: Backup = copy folder, Share = send folder, Migrate = move folder
### Production-Ready Features
#### **Working CLI Interface**
Complete command-line tool demonstrating all features:
```bash
spacedrive library create "My Files"
spacedrive location add ~/Documents --mode deep
spacedrive index quick-scan ~/Desktop --scope current --ephemeral
spacedrive job monitor
spacedrive network pair generate
```
#### **Modern Database Layer**
Built on SeaORM replacing abandoned Prisma:
- Type-safe queries and migrations
- Optimized schema with materialized paths
- 70%+ space savings for large collections
- Proper relationship mapping
#### **Advanced Job System**
Dramatic improvement from original (50 lines vs 500+ lines):
```rust
#[derive(Serialize, Deserialize, Job)]
pub struct FileCopyJob {
pub sources: Vec<SdPath>,
pub destination: SdPath,
// Job automatically registered and serializable
}
```
Features:
- Automatic registration with derive macros
- MessagePack serialization
- Database persistence with resumption
- Type-safe progress reporting
#### **Production Networking (99% Complete)**
LibP2P-based networking stack:
- **Device pairing**: BIP39 12-word codes with cryptographic verification
- **Persistent connections**: Always-on encrypted connections with auto-reconnection
- **DHT discovery**: Global peer discovery (not limited to local networks)
- **Protocol handlers**: Extensible system for file transfer, Spacedrop, sync
- **Trust management**: Configurable device trust levels and session keys
#### **Event-Driven Architecture**
Replaces the problematic `invalidate_query!` pattern:
```rust
pub enum Event {
FileCreated { path: SdPath },
IndexingProgress { processed: u64, total: Option<u64> },
DeviceConnected { device_id: Uuid },
}
```
### Domain Model Excellence
#### **Entry-Centric Design**
```rust
pub struct Entry {
pub metadata_id: i32, // Always present - immediate tagging
pub content_id: Option<i32>, // Optional content addressing
pub relative_path: String, // Materialized path storage
// ... efficient hierarchy representation
}
```
#### **Content Deduplication**
```rust
pub struct ContentIdentity {
pub cas_id: String, // Blake3 content hash
pub size_bytes: u64, // Actual content size
pub media_data: Option<Value>, // Rich media metadata
}
```
#### **Flexible Organization**
- **Tags**: Many-to-many relationships with colors and icons
- **Labels**: Hierarchical organization system
- **User metadata**: Immediate notes and favorites
- **Device management**: Unified identity (no more Node/Device/Instance confusion)
### Advanced Indexing Capabilities
#### **Flexible Scoping & Persistence**
```rust
// UI Navigation - Fast current directory scan
let config = IndexerJobConfig::ui_navigation(location_id, path); // <500ms UI
// External Path Browsing - Memory-only, no database pollution
let config = IndexerJobConfig::ephemeral_browse(path, scope);
// Full Analysis - Complete coverage with content hashing
let config = IndexerJobConfig::new(location_id, path, IndexMode::Deep);
```
### Networking Architecture
#### **Device Pairing Protocol**
- **BIP39 codes**: 12-word pairing with ~128 bits entropy
- **Challenge-response**: Cryptographic authentication
- **Session persistence**: Automatic reconnection across restarts
- **Trust levels**: Configurable device authentication
#### **Universal Message Protocol**
```rust
pub enum DeviceMessage {
FileTransferRequest { transfer_id: Uuid, file_path: String, file_size: u64 },
SpacedropRequest { file_metadata: FileMetadata, sender_name: String },
LocationUpdate { location_id: Uuid, changes: Vec<Change> },
Custom { protocol: String, payload: Vec<u8> },
}
```
### Implementation Status
#### **68/76 Tests Passing** (89% pass rate)
The core functionality is comprehensively tested with working examples.
#### **What's Production-Ready**
- Library and location management
- Multi-phase indexing with progress tracking
- Modern database layer with migrations
- Event-driven architecture
- Device networking and pairing (99% complete)
- Job system infrastructure
- File type detection and content addressing
- CLI interface demonstrating all features
#### **What's Framework-Ready**
- File operations (infrastructure complete, handlers need implementation)
- Search system (FTS5 integration planned)
- Advanced networking protocols (message system complete)
---
## Spacedrive Cloud: Infrastructure & Business Model
The **spacedrive-cloud** project provides Spacedrive-as-a-Service by running managed Spacedrive cores that behave as regular Spacedrive devices in the network.
### Architecture Philosophy
**Cloud Core as Native Device**: Each user gets a managed Spacedrive core that appears as a regular device in their network, using native P2P pairing and networking protocols with no custom APIs.
### Core Concepts
- **Cloud Core as Device**: Each user gets a managed Spacedrive core that appears as a regular device
- **Native Networking**: Users connect via built-in P2P pairing and networking protocols
- **Location-Based Storage**: Cloud storage exposed through Spacedrive's native location system
- **Device Semantics**: No custom APIs - cloud cores are indistinguishable from local devices
- **Seamless Integration**: Users pair with cloud cores just like any other Spacedrive device
### Technical Architecture
#### **System Components**
```
┌─────────────────────────────────────────────────────────────┐
│ User's Local Spacedrive │
│ │
│ [Device Manager] ──── pairs with ───► [Cloud Core Device] │
├─────────────────────────────────────────────────────────────┤
│ Cloud Infrastructure │
├─────────────────────────────────────────────────────────────┤
│ Device Provisioning & Lifecycle Manager │
├─────────────────────────────────────────────────────────────┤
│ Cloud Core Pod 1 │ Cloud Core Pod 2 │ Cloud Core N │
│ (User A's Device) │ (User B's Device) │ (User X) │
│ │ │ │
│ ┌──Locations────┐ │ ┌──Locations────┐ │ ┌─Locations─┐ │
│ │ /cloud-files │ │ │ /cloud-files │ │ │/cloud... │ │
│ │ /backups │ │ │ /projects │ │ │/media │ │
│ └───────────────┘ │ └───────────────┘ │ └───────────┘ │
├─────────────────────────────────────────────────────────────┤
│ Persistent Storage (PVC per user device) │
└─────────────────────────────────────────────────────────────┘
```
#### **Cloud Core Implementation**
```rust
pub struct CloudCoreManager {
user_id: UserId,
device_config: DeviceConfig,
storage_manager: StorageManager,
metrics: MetricsCollector,
}
impl CloudCoreManager {
pub async fn start_core(&self) -> Result<Core> {
// Start a regular Spacedrive core
let core = Core::new_with_config(&self.device_config.data_directory).await?;
// Enable networking for P2P pairing
core.init_networking("cloud-device-password").await?;
core.start_networking().await?;
// Create default cloud storage locations
self.setup_cloud_locations(&core).await?;
Ok(core)
}
}
```
#### **User Connection Flow**
```rust
// User's local Spacedrive generates pairing code
let pairing_session = local_core.networking
.start_pairing_as_initiator()
.await?;
println!("Pairing code: {}", pairing_session.code);
// Cloud service provisions device and joins pairing
let cloud_core = CloudCoreManager::provision_user_device(user_id).await?;
let core = cloud_core.start_core().await?;
// Cloud device joins the pairing session
core.networking
.join_pairing_session(pairing_session.code)
.await?;
// Now cloud device appears in user's device list
// User can access cloud locations like any other device
```
### Kubernetes Deployment
#### **Cloud Core Pod Template**
```yaml
apiVersion: v1
kind: Pod
spec:
containers:
- name: spacedrive-cloud-device
image: spacedrive/core:latest
env:
- name: USER_ID
value: "user-123"
- name: DEVICE_NAME
value: "user-123's Cloud Device"
ports:
- containerPort: 37520 # P2P networking port
resources:
requests:
memory: "1Gi"
cpu: "500m"
limits:
memory: "4Gi"
cpu: "2"
volumeMounts:
- name: user-device-data
mountPath: /data
```
#### **Storage Management**
```
/data/
├── spacedrive/ # Standard Spacedrive data directory
│ ├── libraries/
│ │ └── Cloud.sdlibrary/ # User's cloud library
│ ├── device.json # Device identity and config
│ └── config/
├── cloud-files/ # Location: User's main cloud storage
│ ├── documents/
│ ├── photos/
│ └── projects/
├── backups/ # Location: Automated backups
│ └── device-backups/
└── temp/ # Temporary processing space
```
### Business Model Integration
#### **Service Tiers**
- **Starter**: 1 cloud device, 25GB storage, 1 vCPU, 2GB RAM
- **Professional**: 1 cloud device, 250GB storage, 2 vCPU, 4GB RAM, priority locations
- **Enterprise**: Multiple cloud devices, 1TB+ storage, 4+ vCPU, 8GB+ RAM, custom locations
#### **User Experience Benefits**
- **Seamless Integration**: Cloud device appears like any other Spacedrive device
- **Native File Operations**: Copy, move, sync using standard Spacedrive operations
- **Cross-Device Access**: Access cloud files from any paired device
- **Automatic Backup**: Cloud device can backup other devices' libraries
- **Always Available**: 24/7 device availability without leaving local devices on
#### **SLA Commitments**
- **Device Uptime**: 99.9% availability (8.77 hours downtime/year)
- **P2P Connection**: <2 second device discovery and connection
- **Data Durability**: 99.999999999% (11 9's) with automated backup
- **Support**: Device management portal and technical support
---
## The Complete Technical Stack
### Core Technologies
#### **Runtime & Language**
- **Rust**: Memory-safe systems programming for core components
- **TypeScript**: Type-safe frontend development
- **React**: Modern UI framework with cross-platform support
- **Tauri**: Native desktop app framework
#### **Database & Storage**
- **SQLite**: Per-device database with SeaORM
- **PostgreSQL**: Cloud service metadata
- **MessagePack**: Efficient binary serialization
- **Blake3**: Fast cryptographic hashing
#### **Networking**
- **LibP2P**: Production-grade P2P networking stack
- **Noise Protocol**: Transport-layer encryption
- **BIP39**: Human-readable pairing codes
- **Kademlia DHT**: Global peer discovery
#### **Infrastructure**
- **Kubernetes**: Container orchestration
- **Docker**: Containerization
- **Prometheus**: Metrics and monitoring
- **Terraform**: Infrastructure as code
### Architecture Patterns
#### **Clean Architecture**
```
src/
├── domain/ # Core business entities
├── operations/ # User-facing functionality
├── infrastructure/ # External interfaces
└── shared/ # Common types and utilities
```
#### **Event-Driven Design**
- Loose coupling between components
- Real-time UI updates
- Plugin-ready architecture
- Comprehensive audit trail
#### **Domain-Driven Development**
- Business logic in domain layer
- Rich domain models
- Ubiquitous language
- Clear separation of concerns
### Performance Characteristics
#### **core Performance**
- **Indexing**: <500ms for current scope, batched processing for recursive
- **Database**: 70%+ space savings with materialized paths
- **Memory**: Streaming operations, bounded queues
- **Networking**: 1000+ messages/second per connection
#### **Cloud Performance**
- **Device Startup**: ~2-3 seconds for full networking initialization
- **Memory Usage**: ~10-50MB depending on number of paired devices
- **Storage**: ~1-5KB per paired device (encrypted)
- **Connection Limits**: 50 concurrent connections by default (configurable)
---
## Implementation Status & Roadmap
### Current Status
#### **core: 89% Complete**
- **Foundation**: Library and location management
- **Indexing**: Multi-phase indexer with scope and persistence control
- **Database**: Modern SeaORM layer with migrations
- **Networking**: 99% complete with device pairing and persistent connections
- **Job System**: Revolutionary simplification (50 vs 500+ lines)
- **CLI**: Working interface demonstrating all features
- **File Operations**: Infrastructure complete, handlers need implementation
- **Search**: FTS5 integration planned
- **UI Integration**: Ready to replace original core as backend
#### **Spacedrive Cloud: Architecture Complete**
- **Technical Design**: Complete cloud-native architecture
- **Kubernetes**: Production-ready deployment templates
- **Security**: Device isolation and network policies
- **Business Model**: Service tiers and billing integration
- **Implementation**: Ready for development start
### Roadmap
#### **Phase 1: Core Completion (Weeks 1-4)**
- Complete file operations implementation
- Integrate SQLite FTS5 search
- Finish networking message routing
- Desktop app integration
#### **Phase 2: Cloud MVP (Weeks 5-8)**
- Implement CloudDeviceOrchestrator
- Deploy basic Kubernetes infrastructure
- User device provisioning and pairing
- Basic monitoring and health checks
#### **Phase 3: Production Ready (Weeks 9-12)**
- Advanced storage management
- Security hardening and compliance
- Performance optimization
- Customer support tools
#### **Phase 4: Scale & Features (Weeks 13-16)**
- Multi-region deployment
- Advanced search capabilities
- Enhanced networking protocols
- Mobile app integration
---
## Strategic Analysis
### Technical Excellence
#### **Why This Rewrite Will Succeed**
1. **Solves Real Problems**: Addresses every architectural flaw from the original
2. **Working Today**: 89% test pass rate with comprehensive CLI demos
3. **Future-Ready**: SdPath enables features impossible in traditional file managers
4. **Maintainable**: Modern patterns and comprehensive documentation
5. **Performance**: Optimized for real-world usage patterns
#### **Innovation Impact**
The **SdPath abstraction** is the key innovation that enables the VDFS vision:
- Makes device boundaries transparent
- Enables cross-device operations as first-class features
- Prepares for distributed file systems while working locally today
- Provides foundation for features impossible in traditional file managers
### Market Position
#### **Competitive Advantages**
1. **Privacy-First**: Your data stays yours, with optional cloud integration
2. **Device-Agnostic**: Works consistently across all platforms and devices
3. **Modern Architecture**: Built for performance and extensibility
4. **Open Source**: Community-driven development with commercial cloud offering
5. **Native Performance**: Rust foundation provides speed and safety
#### **Business Model Strength**
The cloud offering provides a sustainable business model:
- **Recurring Revenue**: Subscription-based cloud device services
- **Natural Upselling**: Users start free, upgrade for cloud features
- **Sticky Product**: File management is essential daily workflow
- **Network Effects**: More users make the P2P network more valuable
### Development Efficiency
#### **Technical Debt Resolution**
The rewrite eliminates technical debt that was blocking progress:
- Modern dependencies (SeaORM vs abandoned Prisma fork)
- Clean architecture enabling rapid feature development
- Comprehensive testing preventing regressions
- Event-driven design supporting UI responsiveness
#### **Developer Experience**
- **50-line jobs** vs 500+ in original (10x productivity improvement)
- **Type safety** throughout the stack
- **Comprehensive documentation** and working examples
- **Modern tooling** and development workflows
### Risk Mitigation
#### **Technical Risks**
- **Networking Complexity**: Mitigated by using production-proven LibP2P
- **Cross-Platform Issues**: Addressed by Rust's excellent cross-platform support
- **Performance Concerns**: Resolved through benchmarking and optimization
- **Scaling Challenges**: Handled by Kubernetes-native cloud architecture
#### **Market Risks**
- **User Adoption**: Mitigated by maintaining existing user base during transition
- **Competition**: Differentiated by privacy-first approach and open source model
- **Technical Complexity**: Managed through gradual feature rollout and comprehensive testing
### Success Metrics
#### **Technical KPIs**
- Test coverage > 90%
- API response times < 100ms
- P2P connection establishment < 2 seconds
- Cross-device file operation success rate > 99%
#### **Business KPIs**
- Monthly active users (target: 1M within 12 months)
- Cloud service conversion rate (target: 15% of free users)
- Average revenue per user (target: $10/month for paid tiers)
- Customer satisfaction score (target: > 4.5/5)
---
## Conclusion
Spacedrive represents a fundamental reimagining of file management for the modern multi-device world. The **core rewrite** provides a solid technical foundation that resolves the architectural issues of the original while establishing clean patterns for future development. The **cloud infrastructure** design enables a sustainable business model through native device semantics.
### Key Achievements
1. **111,052 lines** of production-ready Rust code solving real architectural problems
2. **Working CLI** demonstrating the complete feature set
3. **89% test pass rate** with comprehensive integration testing
4. **Revolutionary job system** reducing boilerplate by 90%
5. **Production networking** stack with device pairing and persistent connections
6. **Cloud-native architecture** ready for Kubernetes deployment
### The Path Forward
With the foundation complete, Spacedrive is positioned to:
1. **Replace the original core** with the rewritten implementation
2. **Launch cloud services** providing managed device infrastructure
3. **Scale the user base** through improved performance and reliability
4. **Build sustainable revenue** through cloud subscription services
5. **Enable new features** previously impossible due to architectural limitations
The 34,000 GitHub stars demonstrate clear market demand. The rewrite ensures the project can finally deliver on its ambitious vision of making file management truly device-agnostic while maintaining user privacy and control.
**Spacedrive is ready to transform how people interact with their files across all their devices.**

298
docs/core/design/SPACEDROP_DESIGN.md
View File

@@ -1,298 +0,0 @@
# Spacedrop Protocol Design
## Overview
Spacedrop is a cross-platform, AirDrop-like file sharing protocol built on top of Spacedrive's existing libp2p networking infrastructure. Unlike the device pairing system which establishes long-term relationships between owned devices, Spacedrop enables secure, ephemeral file sharing between any two devices with user consent.
## Architecture Principles
### 1. **Ephemeral Security**
- No long-term device relationships required
- Perfect forward secrecy for each file transfer
- Session keys derived per transfer, not per device pairing
### 2. **Proximity-Based Discovery**
- Local network discovery (mDNS) for immediate availability
- DHT fallback for internet-wide discovery when needed
- User-friendly device names and avatars
### 3. **User Consent Model**
- Sender initiates transfer with file metadata
- Receiver explicitly accepts/rejects each transfer
- No automatic file acceptance
## Protocol Design
### Discovery Phase
Instead of 12-word pairing codes, Spacedrop uses:
1. **Broadcast Availability**: Devices advertise their Spacedrop availability on local network
2. **Device Metadata**: Share device name, type, and public key for identification
3. **Proximity Indication**: Show signal strength/network proximity to users
```rust
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SpacedropAdvertisement {
pub device_id: Uuid,
pub device_name: String,
pub device_type: DeviceType,
pub public_key: PublicKey,
pub avatar_hash: Option<[u8; 32]>,
pub timestamp: DateTime<Utc>,
}
```
### File Transfer Protocol
New libp2p protocol: `/spacedrive/spacedrop/1.0.0`
```rust
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum SpacedropMessage {
// Discovery and handshake
AvailabilityAnnounce {
advertisement: SpacedropAdvertisement,
},
// File transfer initiation
TransferRequest {
transfer_id: Uuid,
file_metadata: FileMetadata,
sender_ephemeral_key: PublicKey,
timestamp: DateTime<Utc>,
},
// Receiver responses
TransferAccepted {
transfer_id: Uuid,
receiver_ephemeral_key: PublicKey,
session_key: [u8; 32], // Derived from ECDH
timestamp: DateTime<Utc>,
},
TransferRejected {
transfer_id: Uuid,
reason: Option<String>,
timestamp: DateTime<Utc>,
},
// File streaming
FileChunk {
transfer_id: Uuid,
chunk_index: u64,
chunk_data: Vec<u8>,
is_final: bool,
checksum: [u8; 32],
},
ChunkAcknowledgment {
transfer_id: Uuid,
chunk_index: u64,
received_checksum: [u8; 32],
},
// Transfer completion
TransferComplete {
transfer_id: Uuid,
final_checksum: [u8; 32],
timestamp: DateTime<Utc>,
},
TransferError {
transfer_id: Uuid,
error: String,
timestamp: DateTime<Utc>,
},
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct FileMetadata {
pub name: String,
pub size: u64,
pub mime_type: String,
pub checksum: [u8; 32],
pub created: Option<DateTime<Utc>>,
pub modified: Option<DateTime<Utc>>,
}
```
### Security Model
1. **Device Authentication**: Each device has persistent Ed25519 identity
2. **Ephemeral Key Exchange**: ECDH for each transfer session
3. **File Encryption**: ChaCha20-Poly1305 with derived session keys
4. **Integrity**: Blake3 checksums for chunks and final file
5. **Forward Secrecy**: Ephemeral keys deleted after transfer
```rust
// Key derivation for each transfer
fn derive_transfer_keys(
sender_ephemeral: &PrivateKey,
receiver_ephemeral: &PublicKey,
transfer_id: &Uuid,
) -> TransferKeys {
let shared_secret = sender_ephemeral.diffie_hellman(receiver_ephemeral);
let salt = transfer_id.as_bytes();
// HKDF key derivation
let keys = hkdf::extract_and_expand(&shared_secret, salt, 96);
TransferKeys {
encryption_key: keys[0..32].try_into().unwrap(),
auth_key: keys[32..64].try_into().unwrap(),
chunk_key: keys[64..96].try_into().unwrap(),
}
}
```
## Implementation Architecture
### Core Components
```
networking/spacedrop/
├── mod.rs # Main module exports
├── protocol.rs # Spacedrop protocol implementation
├── discovery.rs # Device discovery and advertisement
├── transfer.rs # File transfer engine
├── encryption.rs # Encryption/decryption utilities
├── ui.rs # User interface abstractions
└── manager.rs # Overall Spacedrop session management
```
### Integration with Existing System
1. **Reuse LibP2P Infrastructure**: Same swarm, transports, and behavior
2. **Extend NetworkBehaviour**: Add Spacedrop protocol alongside pairing
3. **Share Device Identity**: Use existing device identity system
4. **Independent Sessions**: Spacedrop doesn't interfere with device pairing
```rust
#[derive(NetworkBehaviour)]
pub struct SpacedriveFullBehaviour {
pub kademlia: KadBehaviour<MemoryStore>,
pub pairing: RequestResponseBehaviour<PairingCodec>,
pub spacedrop: RequestResponseBehaviour<SpacedropCodec>,
pub mdns: mdns::tokio::Behaviour,
}
```
## User Experience Flow
### Sending Files
1. **Discovery**: User sees nearby Spacedrop-enabled devices
2. **Selection**: User selects files and target device
3. **Request**: System sends transfer request with file metadata
4. **Confirmation**: Wait for receiver acceptance
5. **Transfer**: Stream encrypted file chunks with progress
6. **Completion**: Verify transfer integrity and cleanup
### Receiving Files
1. **Notification**: "Device 'MacBook Pro' wants to send you 'presentation.pdf' (2.5 MB)"
2. **Preview**: Show file name, size, type, sender device
3. **Decision**: Accept/Decline with optional save location
4. **Transfer**: Show progress bar with speed/ETA
5. **Completion**: File saved, transfer cleanup
## Security Considerations
### Threat Model
1. **Network Attackers**: Cannot decrypt files (E2E encryption)
2. **Malicious Senders**: Receiver must explicitly accept each file
3. **File Integrity**: Blake3 checksums prevent tampering
4. **Replay Attacks**: Timestamp validation and unique transfer IDs
5. **DoS Attacks**: Rate limiting and size limits
### Privacy Protections
1. **Device Anonymity**: Only share device names, not personal info
2. **Network Isolation**: Local network discovery preferred
3. **Metadata Minimal**: Only essential file metadata shared
4. **Ephemeral**: No transfer history stored permanently
## Implementation Plan
### Phase 1: Core Protocol (Weeks 1-2)
- [ ] Implement SpacedropMessage types and serialization
- [ ] Create SpacedropCodec for libp2p communication
- [ ] Build basic discovery mechanism with mDNS
- [ ] Implement ephemeral key exchange (ECDH)
### Phase 2: File Transfer Engine (Weeks 3-4)
- [ ] Chunked file streaming with flow control
- [ ] ChaCha20-Poly1305 encryption/decryption
- [ ] Blake3 integrity checking
- [ ] Progress tracking and error handling
### Phase 3: Integration (Week 5)
- [ ] Extend existing NetworkBehaviour
- [ ] Create SpacedropManager for session management
- [ ] Implement UI abstraction layer
- [ ] Add configuration and preferences
### Phase 4: Security & Testing (Week 6)
- [ ] Security audit of crypto implementation
- [ ] Comprehensive test suite
- [ ] Performance testing with large files
- [ ] Cross-platform compatibility testing
### Phase 5: User Experience (Week 7)
- [ ] Native UI integration points
- [ ] File type icons and previews
- [ ] Device avatar system
- [ ] Transfer history and statistics
## Performance Considerations
### Optimization Strategies
1. **Parallel Transfers**: Multiple chunks in flight
2. **Adaptive Chunking**: Larger chunks for large files
3. **Compression**: Optional compression for text files
4. **Bandwidth Management**: QoS integration with other network traffic
### Scalability Limits
- **File Size**: Up to 100GB per transfer (configurable)
- **Concurrent Transfers**: 5 active transfers per device
- **Network Usage**: Respect system bandwidth limits
- **Storage**: Temporary storage for partial transfers
## Deployment Strategy
### Backwards Compatibility
- Graceful degradation when Spacedrop not available
- Version negotiation in protocol handshake
- Feature flags for gradual rollout
### Platform Support
- All platforms supported by libp2p (Windows, macOS, Linux, iOS, Android)
- Native file picker integration
- Platform-specific optimizations (iOS file provider, Android SAF)
## Future Extensions
### Advanced Features
1. **Multi-File Transfers**: Folders and file collections
2. **Resume Capability**: Pause/resume large transfers
3. **QR Code Sharing**: QR codes for cross-network discovery
4. **Bandwidth Scheduling**: Time-based transfer windows
5. **Cloud Relay**: Relay service for NAT traversal
### Integration Opportunities
1. **Spacedrive Sync**: Use Spacedrop for initial sync bootstrap
2. **Library Sharing**: Share library items between devices
3. **Collaborative Features**: Real-time document collaboration
4. **Backup Integration**: Automated backup to nearby devices
---
This design provides a secure, user-friendly file sharing experience while leveraging Spacedrive's existing networking infrastructure. The ephemeral nature ensures privacy while the libp2p foundation provides production-ready networking capabilities.

60
docs/core/design/STRUCTURE.md
View File

@@ -1,60 +0,0 @@
# core Structure
```
core/
├── Cargo.toml # Dependencies (SeaORM, axum, etc.)
├── README.md # Overview and strategy
├── MIGRATION.md # How to migrate from old core
├── ARCHITECTURE_DECISIONS.md # ADRs documenting choices
├── STRUCTURE.md # This file
└── src/
├── lib.rs # Main Core struct and initialization
├── domain/ # Core business entities
│ ├── mod.rs
│ ├── device.rs # Unified device (no more node/instance)
│ ├── library.rs # Library management
│ ├── location.rs # Folder tracking
│ └── object.rs # Unique files with metadata
├── operations/ # Business operations (what users care about)
│ ├── mod.rs
│ ├── file_ops/ # THE IMPORTANT STUFF
│ │ ├── mod.rs # Common types and utils
│ │ └── copy.rs # Example: unified copy operation
│ ├── indexing.rs # File scanning
│ ├── media_processing.rs # Thumbnails and metadata
│ ├── search.rs # Proper search implementation
│ └── sync.rs # Multi-device sync
├── infrastructure/ # External interfaces
│ ├── mod.rs
│ ├── api.rs # GraphQL API example
│ ├── database.rs # SeaORM setup
│ ├── events.rs # Event bus (replaces invalidate_query!)
│ └── jobs.rs # Simple job system (if needed)
└── shared/ # Common code
├── mod.rs
├── errors.rs # Unified error types
├── types.rs # Shared type definitions
└── utils.rs # Common utilities
```
## Key Improvements
1. **Clear Organization**: You can immediately see where file operations live
2. **No Dual Systems**: One implementation for all files
3. **No invalidate_query!**: Clean event-driven architecture
4. **No Prisma**: Using SeaORM for maintainability
5. **Unified Identity**: Just "Device", not node/device/instance
6. **Pragmatic Monolith**: No cyclic dependency hell
## Next Steps
1. Start implementing domain models with SeaORM
2. Port file operations one at a time
3. Build GraphQL API incrementally
4. Create integration tests for each operation
5. Develop migration tooling

617
docs/core/design/THUMBNAIL_SYSTEM_DESIGN.md
View File

@@ -1,617 +0,0 @@
# Thumbnail System Design for core
## Executive Summary
This document outlines the design for a modern thumbnail generation system for Spacedrive core, learning from the original implementation while leveraging core's improved job system architecture. The system will run as a separate job alongside indexing operations, providing efficient, scalable thumbnail generation with support for a wide variety of media formats.
## Design Principles
1. **Separation of Concerns**: Thumbnail generation is independent from indexing, allowing for flexible scheduling and processing
2. **Job-Based Architecture**: Leverages core's simplified job system with minimal boilerplate
3. **Content-Addressable Storage**: Uses CAS IDs from indexing for efficient deduplication and storage
4. **Library-Scoped Storage**: Thumbnails are stored within each library directory for portability
5. **Progressive Enhancement**: Thumbnails can be generated after initial indexing completes
6. **Format Flexibility**: Support for multiple thumbnail sizes and formats
7. **Efficient Storage**: Sharded directory structure for performance at scale
## Architecture Overview
```
┌─────────────────────────────────────────────────┐
│ Job System │
│ ┌─────────────────┐ ┌─────────────────────┐ │
│ │ IndexerJob │ │ ThumbnailJob │ │
│ │ │ │ │ │
│ │ • File Discovery│ │ • Queue Processing │ │
│ │ • Metadata │ │ • Image Generation │ │
│ │ • CAS ID Gen │ │ • WebP Encoding │ │
│ └─────────────────┘ └─────────────────────┘ │
│ │ │ │
│ └───────────────────────┘ │
│ │ │
└───────────────────────┼─────────────────────────┘
┌───────────────────────┼─────────────────────────┐
│ Library Directory │
│ │ │
│ ┌─────────────────┐ │ ┌─────────────────────┐│
│ │ database.db │ │ │ thumbnails/ ││
│ │ │ │ │ ││
│ │ • Entries │ │ │ • Version Control ││
│ │ • Content IDs │ │ │ • Sharded Storage ││
│ │ • Metadata │ │ │ • WebP Files ││
│ └─────────────────┘ │ └─────────────────────┘│
└───────────────────────┼─────────────────────────┘
┌─────────────┐
│ File System │
│ │
│ • Media Files│
│ • Raw Images │
│ • Videos │
│ • Documents │
└─────────────┘
```
## Job System Integration
### ThumbnailJob Structure
Building on core's job system, the thumbnail job follows the established patterns:
```rust
use crate::infrastructure::jobs::prelude::*;
#[derive(Debug, Serialize, Deserialize)]
pub struct ThumbnailJob {
/// Entry IDs to process for thumbnails
pub entry_ids: Vec<Uuid>,
/// Target thumbnail sizes
pub sizes: Vec<u32>,
/// Quality setting (0-100)
pub quality: u8,
/// Whether to regenerate existing thumbnails
pub regenerate: bool,
/// Batch size for processing
pub batch_size: usize,
// Resumable state
#[serde(skip_serializing_if = "Option::is_none")]
state: Option<ThumbnailState>,
// Performance tracking
#[serde(skip)]
metrics: ThumbnailMetrics,
}
impl Job for ThumbnailJob {
const NAME: &'static str = "thumbnail_generation";
const RESUMABLE: bool = true;
const DESCRIPTION: Option<&'static str> = Some("Generate thumbnails for media files");
}
#[async_trait::async_trait]
impl JobHandler for ThumbnailJob {
type Output = ThumbnailOutput;
async fn run(&mut self, ctx: JobContext<'_>) -> JobResult<Self::Output> {
// Implementation details below
}
}
```
### Job Execution Phases
The thumbnail job operates in distinct phases, similar to the indexer:
1. **Discovery Phase**: Query database for entries that need thumbnails
2. **Processing Phase**: Generate thumbnails in batches
3. **Cleanup Phase**: Remove orphaned thumbnails (optional)
### Integration with IndexerJob
The thumbnail job can be triggered in several ways:
1. **Standalone Execution**: Run independently on existing entries
2. **Post-Indexing**: Automatically triggered after indexer completes <- Thought: I think we should make the add location create a "queued" job that is a child of the main job, I don't think the job system supports this yet so you might need to add it.
3. **Scheduled**: Periodic generation for new content
4. **On-Demand**: User-triggered regeneration
## Storage Architecture
### Directory Structure
Following the original system's proven approach with improvements:
```
<library_path>/thumbnails/
├── version.txt # Version for migration support
├── metadata.json # Thumbnail generation settings
└── <cas_id[0..2]>/ # 2-char sharding (00-ff)
└── <cas_id[2..4]>/ # 2-char sub-sharding (00-ff)
├── <cas_id>_128.webp # 128px thumbnail
├── <cas_id>_256.webp # 256px thumbnail
└── <cas_id>_512.webp # 512px thumbnail
```
**Sharding Benefits:**
- 256 top-level directories (00-ff)
- 256 second-level directories per top-level
- 65,536 total shard directories
- Excellent filesystem performance even with millions of thumbnails
### Thumbnail Naming Convention
- **Format**: `<cas_id>_<size>.webp`
- **Size**: Pixel dimension (e.g., 128, 256, 512)
- **Extension**: Always `.webp` for consistency and efficiency
### Version Control
```json
{
"version": 2,
"quality": 85,
"sizes": [128, 256, 512],
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z",
"total_thumbnails": 15432,
"storage_used_bytes": 256789012
}
```
## Job Implementation Details
### ThumbnailJob Core Logic
```rust
#[async_trait::async_trait]
impl JobHandler for ThumbnailJob {
type Output = ThumbnailOutput;
async fn run(&mut self, ctx: JobContext<'_>) -> JobResult<Self::Output> {
// Initialize or restore state
let state = self.get_or_create_state(&ctx).await?;
// Discovery phase: Find entries needing thumbnails
if state.phase == ThumbnailPhase::Discovery {
self.run_discovery_phase(state, &ctx).await?;
}
// Processing phase: Generate thumbnails in batches
if state.phase == ThumbnailPhase::Processing {
self.run_processing_phase(state, &ctx).await?;
}
// Cleanup phase: Remove orphaned thumbnails
if state.phase == ThumbnailPhase::Cleanup {
self.run_cleanup_phase(state, &ctx).await?;
}
Ok(ThumbnailOutput {
generated_count: state.generated_count,
skipped_count: state.skipped_count,
error_count: state.error_count,
total_size_bytes: state.total_size_bytes,
duration: state.started_at.elapsed(),
metrics: self.metrics.clone(),
})
}
}
```
### Discovery Phase Implementation
```rust
async fn run_discovery_phase(
&mut self,
state: &mut ThumbnailState,
ctx: &JobContext<'_>,
) -> JobResult<()> {
ctx.progress(Progress::indeterminate("Discovering files for thumbnail generation"));
// Query database for entries that need thumbnails
let query = format!(
"SELECT id, cas_id, mime_type, size, relative_path
FROM entries
WHERE content_id IS NOT NULL
AND mime_type LIKE 'image/%'
OR mime_type LIKE 'video/%'
OR mime_type = 'application/pdf'
ORDER BY size DESC" // Process larger files first for better progress feedback
);
let entries = ctx.library_db().query_all(&query).await?;
// Filter entries that already have thumbnails (unless regenerating)
for entry in entries {
let cas_id = entry.cas_id;
if !self.regenerate && self.has_all_thumbnails(&cas_id, ctx.library()).await? {
state.skipped_count += 1;
continue;
}
state.pending_entries.push(ThumbnailEntry {
entry_id: entry.id,
cas_id,
mime_type: entry.mime_type,
file_size: entry.size,
relative_path: entry.relative_path,
});
}
// Create batches for processing
state.batches = state.pending_entries
.chunks(self.batch_size)
.map(|chunk| chunk.to_vec())
.collect();
state.phase = ThumbnailPhase::Processing;
ctx.progress(Progress::count(0, state.batches.len()));
Ok(())
}
```
### Processing Phase Implementation
```rust
async fn run_processing_phase(
&mut self,
state: &mut ThumbnailState,
ctx: &JobContext<'_>,
) -> JobResult<()> {
for (batch_idx, batch) in state.batches.iter().enumerate() {
ctx.check_interrupt().await?;
// Process batch concurrently
let tasks: Vec<_> = batch.iter().map(|entry| {
self.generate_thumbnail_for_entry(entry, ctx.library())
}).collect();
let results = futures::future::join_all(tasks).await;
// Process results
for result in results {
match result {
Ok(thumbnail_info) => {
state.generated_count += 1;
state.total_size_bytes += thumbnail_info.size_bytes;
}
Err(e) => {
state.error_count += 1;
ctx.add_non_critical_error(e);
}
}
}
// Update progress
ctx.progress(Progress::count(batch_idx + 1, state.batches.len()));
// Checkpoint every 10 batches
if batch_idx % 10 == 0 {
ctx.checkpoint().await?;
}
}
state.phase = ThumbnailPhase::Cleanup;
Ok(())
}
```
## Thumbnail Generation Engine
### Multi-Format Support
The thumbnail generator supports multiple media types:
```rust
pub enum ThumbnailGenerator {
Image(ImageGenerator),
Video(VideoGenerator),
Document(DocumentGenerator),
}
impl ThumbnailGenerator {
pub async fn generate(
&self,
source_path: &Path,
output_path: &Path,
size: u32,
quality: u8,
) -> Result<ThumbnailInfo> {
match self {
Self::Image(gen) => gen.generate(source_path, output_path, size, quality).await,
Self::Video(gen) => gen.generate(source_path, output_path, size, quality).await,
Self::Document(gen) => gen.generate(source_path, output_path, size, quality).await,
}
}
}
```
### Image Generator
```rust
pub struct ImageGenerator;
impl ImageGenerator {
pub async fn generate(
&self,
source_path: &Path,
output_path: &Path,
size: u32,
quality: u8,
) -> Result<ThumbnailInfo> {
// Open and decode image
let img = image::open(source_path)?;
// Apply EXIF orientation correction
let img = self.apply_orientation(img, source_path)?;
// Calculate target dimensions maintaining aspect ratio
let (target_width, target_height) = self.calculate_dimensions(
img.width(), img.height(), size
);
// Resize using high-quality algorithm
let thumbnail = img.resize(
target_width,
target_height,
image::imageops::FilterType::Lanczos3,
);
// Encode as WebP
let webp_data = self.encode_webp(thumbnail, quality)?;
// Write to file
tokio::fs::write(output_path, webp_data).await?;
Ok(ThumbnailInfo {
size_bytes: webp_data.len(),
dimensions: (target_width, target_height),
format: "webp".to_string(),
})
}
}
```
### Video Generator
```rust
pub struct VideoGenerator {
ffmpeg_path: PathBuf,
}
impl VideoGenerator {
pub async fn generate(
&self,
source_path: &Path,
output_path: &Path,
size: u32,
quality: u8,
) -> Result<ThumbnailInfo> {
// Extract frame at 10% of video duration
let frame_time = self.calculate_frame_time(source_path).await?;
// Generate thumbnail using FFmpeg
let mut cmd = tokio::process::Command::new(&self.ffmpeg_path);
cmd.args([
"-i", source_path.to_str().unwrap(),
"-ss", &frame_time,
"-vframes", "1",
"-vf", &format!("scale={}:{}:force_original_aspect_ratio=decrease", size, size),
"-quality", &quality.to_string(),
"-f", "webp",
output_path.to_str().unwrap(),
]);
let output = cmd.output().await?;
if !output.status.success() {
return Err(ThumbnailError::VideoProcessing(
String::from_utf8_lossy(&output.stderr).to_string()
));
}
let file_size = tokio::fs::metadata(output_path).await?.len();
Ok(ThumbnailInfo {
size_bytes: file_size as usize,
dimensions: (size, size), // Actual dimensions would need to be extracted
format: "webp".to_string(),
})
}
}
```
## Database Integration
### Entry Model Extensions
The existing entry model already supports thumbnails through content identity:
```rust
// No changes needed to entry model - CAS ID provides the link
pub struct Entry {
pub id: i32,
pub content_id: Option<i32>, // Links to content_identity table
// ... other fields
}
pub struct ContentIdentity {
pub id: i32,
pub cas_id: String, // Used as thumbnail identifier
// ... other fields
}
```
### Thumbnail Queries
```sql
-- Find entries needing thumbnails
SELECT e.id, ci.cas_id, e.mime_type, e.size, e.relative_path
FROM entries e
JOIN content_identity ci ON e.content_id = ci.id
WHERE ci.cas_id IS NOT NULL
AND (e.mime_type LIKE 'image/%'
OR e.mime_type LIKE 'video/%'
OR e.mime_type = 'application/pdf')
AND NOT EXISTS (
SELECT 1 FROM thumbnails t WHERE t.cas_id = ci.cas_id
);
-- Track thumbnail generation status (optional optimization)
CREATE TABLE IF NOT EXISTS thumbnails (
cas_id TEXT PRIMARY KEY,
sizes TEXT NOT NULL, -- JSON array of generated sizes
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
file_size INTEGER NOT NULL
);
```
## Performance Considerations
### Concurrent Processing
- **Batch Size**: Process 10-50 entries per batch for optimal memory usage
- **Concurrency**: Generate 2-4 thumbnails simultaneously (CPU-bound)
- **Memory Management**: Load/unload images per batch to control memory usage
- **Interruption**: Support graceful cancellation between batches
### Storage Optimization
- **Deduplication**: Use CAS IDs to avoid generating duplicate thumbnails
- **Compression**: WebP format provides excellent compression ratios
- **Sharding**: Two-level directory sharding for filesystem efficiency
- **Cleanup**: Remove orphaned thumbnails during maintenance
### Error Handling
- **Non-Critical Errors**: Continue processing other files when one fails
- **Retry Logic**: Retry failed generations with exponential backoff
- **Format Fallback**: Fall back to different thumbnail sizes if generation fails
- **Logging**: Detailed error logging for debugging
## API Integration
### Library Extensions
Add thumbnail methods to the Library struct:
```rust
impl Library {
/// Check if thumbnail exists for a CAS ID
pub async fn has_thumbnail(&self, cas_id: &str, size: u32) -> bool {
self.thumbnail_path(cas_id, size).exists()
}
/// Get thumbnail path for a CAS ID and size
pub fn thumbnail_path(&self, cas_id: &str, size: u32) -> PathBuf {
if cas_id.len() < 4 {
return self.thumbnails_dir().join(format!("{}_{}.webp", cas_id, size));
}
let shard1 = &cas_id[0..2];
let shard2 = &cas_id[2..4];
self.thumbnails_dir()
.join(shard1)
.join(shard2)
.join(format!("{}_{}.webp", cas_id, size))
}
/// Get thumbnail data
pub async fn get_thumbnail(&self, cas_id: &str, size: u32) -> Result<Vec<u8>> {
let path = self.thumbnail_path(cas_id, size);
Ok(tokio::fs::read(path).await?)
}
/// Start thumbnail generation job
pub async fn generate_thumbnails(&self, entry_ids: Vec<Uuid>) -> Result<JobHandle> {
let job = ThumbnailJob::new(entry_ids);
self.jobs().dispatch(job).await
}
}
```
## Migration Strategy
### From Original System
1. **Version Detection**: Check existing thumbnail version in `version.txt`
2. **Directory Migration**: Move thumbnails to new sharded structure if needed
3. **Metadata Migration**: Convert existing metadata to new format
4. **Gradual Rollout**: Generate new thumbnails alongside existing ones
### Configuration Migration
```rust
impl LibraryConfig {
/// Migrate thumbnail settings from original system
pub fn migrate_thumbnail_settings(&mut self, original_config: &OriginalConfig) {
self.settings.thumbnail_quality = original_config.thumbnail_quality.unwrap_or(85);
self.settings.thumbnail_sizes = original_config.thumbnail_sizes
.unwrap_or_else(|| vec![128, 256, 512]);
}
}
```
## Implementation Timeline
### Phase 1: Core Infrastructure (1-2 weeks)
- [ ] Create `ThumbnailJob` with basic structure
- [ ] Implement thumbnail storage utilities in `Library`
- [ ] Add thumbnail generation engine for images
- [ ] Basic job execution and progress reporting
### Phase 2: Multi-Format Support (1-2 weeks)
- [ ] Add video thumbnail support with FFmpeg
- [ ] Add PDF thumbnail support
- [ ] Implement batch processing and concurrency
- [ ] Add error handling and retry logic
### Phase 3: Integration and Optimization (1 week)
- [ ] Integrate with indexer job triggering
- [ ] Add database optimization tables
- [ ] Implement cleanup and maintenance
- [ ] Performance testing and tuning
### Phase 4: Advanced Features (1 week)
- [ ] Scheduled thumbnail generation
- [ ] Thumbnail regeneration commands
- [ ] Migration from original system
- [ ] API endpoints for serving thumbnails
## Benefits Over Original System
1. **Cleaner Architecture**: Separated from indexing, follows job system patterns
2. **Better Resumability**: Leverages core's checkpoint system
3. **Improved Performance**: Batch processing and better concurrency control
4. **Enhanced Error Handling**: Non-critical errors don't stop the entire job
5. **Greater Flexibility**: Multiple trigger mechanisms and processing modes
6. **Library-Scoped**: Thumbnails are contained within library directories
7. **Modern Dependencies**: Uses maintained crates and modern Rust patterns
## Conclusion
This thumbnail system design provides a robust, scalable solution for thumbnail generation in core. By leveraging the improved job system architecture and maintaining compatibility with the original storage approach, it offers the best of both worlds: modern implementation patterns with proven storage efficiency.
The system is designed to be:
- **Maintainable**: Clear separation of concerns and minimal boilerplate
- **Performant**: Efficient storage, batch processing, and concurrent generation
- **Reliable**: Comprehensive error handling and resumable operations
- **Extensible**: Easy to add new formats and processing options
This design positions the thumbnail system as a first-class citizen in the core architecture while maintaining the performance and reliability expectations established by the original implementation.

1350
docs/core/design/TYPESAFE_CLIENT.md
View File

File diff suppressed because it is too large Load Diff

94
docs/core/design/UI_DESIGN.md
View File

@@ -1,94 +0,0 @@
# Design Document: The Spacedrive UI
## 1. Overview
This document outlines the design for the refreshed **Spacedrive UI**, a next-generation user interface for monitoring and managing all background tasks and system operations. Inspired by the file transfer dialogs in native operating systems, the UI reimagines this concept as a beautiful, interactive, and radically transparent "mission control" for the entire VDFS.
It provides a single, unified view of file operations, compute jobs (indexing, thumbnailing), real-time sync status, and actions taken by AI agents.
## 2. Design Principles
- **Radical Transparency:** Expose all system operations—whether initiated by the user, the system, or an AI agent—in a beautiful and understandable way.
- **Aesthetic Excellence:** Create a UI that is not just functional but "gorgeous" and desirable to have open on a desktop.
- **Interactive & Dynamic:** The UI is not a static list. It is a live window into the system with animated graphs, real-time metrics, and fluid interactions.
- **Modular & Composable:** Core UI components are designed to be assembled in different ways, allowing for a native multi-window experience on desktop and a sophisticated single-page experience on the web.
- **Unified View:** Consolidate file operations, sync status, compute jobs, and agent activity into a single, coherent interface.
## 3. Architectural Components of the UI
The UI is composed of three main components that work together to create a rich, informative experience.
### 3.1. The Live Resource Component
This is the iconic element at the top of the view, providing an at-a-glance summary of system resource usage.
- **Structure:** A set of sleek, minimalist bars, each representing a key resource:
- **Network:** Combined upload/download activity.
- **Disk:** Read/write activity across all tracked locations.
- **CPU/Compute:** Usage for intensive tasks like indexing or transcoding.
- **Sync:** The rate of synchronization operations between devices.
- **Interaction:**
- At rest, the bars show a subtle, real-time percentage of usage.
- On click or hover, a bar fluidly **expands horizontally to fill the width of the view.** This reveals a beautiful, animated historical graph of that resource's usage, with the current transfer/processing speed as the primary, bold metric.
### 3.2. The Unified Event Stream
A chronological, and infinitely scrollable timeline of every significant event occurring across the VDFS. This is the user-facing view of the Action System.
- **Content:** Each item in the stream is an "event card" representing a single action, clearly distinguished by icons and context:
- **File Operations:** `[Copy Icon] Copied 3,402 items from 'iPhone' to 'NAS'.`
- **Compute Jobs:** `[Index Icon] Indexing '~/Documents' finished.`
- **Agent Actions:** `[Agent Avatar] AI Assistant is organizing 'Project Phoenix'...`
- **Sharing:** `[Spacedrop Icon] Sent 'presentation.mov' to 'Colleague's MacBook'.`
- **Interaction:**
- Events appear in real-time as they are dispatched by the backend.
- Clicking on any event card smoothly navigates the user to the **Detailed Job View** for that specific action.
### 3.3. The Detailed Job View
This is the drill-down view for a single job or action.
- **Structure:** It's a focused view that combines the other two components.
- At the top, it features the **Live Resource Dashboard**, but now **scoped to show only the resources being used by that specific job**.
- Below, it shows detailed progress (e.g., a file list, percentage complete, ETA), logs, and controls (Pause, Resume, Cancel).
## 4. The Composable UI Philosophy
This design embraces a modular, "post-tab" interface that can be adapted for different platforms.
### 4.1. Multi-Window Experience
- **On Desktop (macOS, Windows):** The Activity Center can be a primary window, a menu bar applet, or individual job views can be "popped out" into their own separate, lightweight native windows. This allows a user to arrange their workspace for a true "mission control" feel.
- **On the Web:** The same components can be assembled within a "virtual desktop" environment inside the browser tab. The floating windows and panels would be simulated, providing a consistent experience without relying on native OS windowing.
### 4.2. Dynamic Layout Management: Free-form vs. Automatic
To give users both ultimate control and intelligent organization, the virtual desktop will support two distinct layout modes the user can toggle between at any time.
1. **Free-form Mode (Your Workbench):**
- This is the user's persistent, custom layout. They can drag, resize, and arrange all floating "applets" (file explorers, the Activity Center, etc.) in any way that suits their workflow.
- The size and position of every window are saved, so the user's personalized workspace is always exactly as they left it.
2. **Automatic Modes (Task-Oriented Layouts):**
- These are predefined, clean layouts optimized for specific tasks, selectable from a menu.
- Examples: "Focus Mode" (one file browser maximized), "Organization Mode" (two file browsers side-by-side), "Activity Mode" (Activity Center maximized).
**The Animated Transition:**
The transition between these modes is seamless. When a user switches from an "Automatic" layout back to "Free-form," the system remembers the user's last custom positions. Each panel will **fluidly animate from its organized spot back to its unique, user-defined "home,"** creating a delightful and spatially intuitive experience.
## 5. Backend Integration
This UI is powered directly by the existing backend architecture:
- **The Unified Event Stream** is a direct visual representation of events received from the core `EventBus`.
- **The Detailed Job View** gets its real-time progress data by subscribing to the `JobContext` updates for a specific job.
- The resource usage data for the **Live Resource Dashboard** will be provided by new metrics exposed by the core services (e.g., Networking, Job System).
## 6. Implementation Plan
1. **Phase 1: Foundation & Data Hooks:** Build the basic Activity Center window. Implement the backend logic to expose resource metrics and connect the UI to the `EventBus` and `JobManager` to receive live data.
2. **Phase 2: The Unified Event Stream:** Build the "event card" UI and the chronological, scrollable list.
3. **Phase 3: The Detailed Job View & Resource Dashboard:** Build the drill-down view for individual jobs. Implement the expanding resource bars and the animated historical graphs.
4. **Phase 4: Composable Windowing & Layouts:** Implement the virtual desktop shell, the pop-out window functionality (for desktop), and the dynamic layout management system.

150
docs/core/design/VDFS_MODEL_VISUAL.md
View File

@@ -1,150 +0,0 @@
# VDFS Domain Model - Visual Overview
## Core Relationships
```
┌─────────────────────────────────────────────────────────────────────────┐
│ Virtual Distributed File System │
├─────────────────────────────────────────────────────────────────────────┤
│ │
│ Device A (MacBook) Device B (iPhone) │
│ ┌─────────────────┐ ┌─────────────────┐ │
│ │ id: aaaa-bbbb │ │ id: 1111-2222 │ │
│ │ name: MacBook │◄─────P2P────────►│ name: iPhone │ │
│ │ os: macOS │ │ os: iOS │ │
│ └─────────────────┘ └─────────────────┘ │
│ │ │ │
│ ▼ ▼ │
│ ┌─────────────────┐ ┌─────────────────┐ │
│ │ Location │ │ Location │ │
│ │ "My Documents" │ │ "Camera Roll" │ │
│ │ /Users/me/Docs │ │ /DCIM/ │ │
│ └─────────────────┘ └─────────────────┘ │
│ │ │ │
│ ▼ ▼ │
│ ┌─────────────────┐ ┌─────────────────┐ │
│ │ Entry │ │ Entry │ │
│ │ "photo.jpg" │ │ "IMG_1234.jpg" │ │
│ │ device: aaaa │ │ device: 1111 │ │
│ │ path: /Docs/... │ │ path: /DCIM/... │ │
│ └────────┬────────┘ └────────┬────────┘ │
│ │ │ │
│ ▼ ▼ │
│ ┌─────────────────┐ ┌─────────────────┐ │
│ │ UserMetadata │ │ UserMetadata │ │
│ │ tags: [Vacation]│ │ tags: [] │ │
│ │ favorite: true │ │ favorite: false │ │
│ └─────────────────┘ └─────────────────┘ │
│ │ │ │
│ └──────────────┬─────────────────────┘ │
│ ▼ │
│ ┌─────────────────┐ │
│ │ ContentIdentity │ │
│ │ cas_id: v2:a1b2 │ (Same content, different devices) │
│ │ kind: Image │ │
│ │ entry_count: 2 │ │
│ └─────────────────┘ │
└─────────────────────────────────────────────────────────────────────────┘
```
## Key Concepts Illustrated
### 1. SdPath in Action
```
SdPath {
device_id: "aaaa-bbbb",
path: "/Users/me/Documents/photo.jpg"
}
// This uniquely identifies a file across all devices!
```
### 2. Entry Always Has UserMetadata
```
Entry ──────────► UserMetadata
(always) (can tag immediately!)
└─────────────► ContentIdentity
(optional) (for deduplication)
```
### 3. Progressive Enhancement Flow
```
Step 1: Discover File
├─ Create Entry
└─ Create UserMetadata (empty)
└─ User can tag immediately! ✓
Step 2: Index Content (optional, async)
├─ Generate CAS ID
├─ Create/Link ContentIdentity
└─ Enable deduplication ✓
Step 3: Deep Index (optional, background)
├─ Extract text for search
├─ Generate thumbnails
└─ Extract media metadata ✓
```
### 4. Cross-Device Operations
```
copy_files(
source: SdPath { device: "macbook", path: "/photo.jpg" },
dest: SdPath { device: "iphone", path: "/Photos/" }
)
// The system handles all P2P complexity transparently!
```
## Benefits Visualized
### Old Model Problems
```
File → Object (requires CAS ID) → Tags
Can't tag without indexing!
```
### New Model Solution
```
Entry → UserMetadata → Tags
│ ✓ Immediate tagging!
└────► ContentIdentity (optional)
✓ Deduplication when needed
```
### Content Change Handling
```
Before: photo.jpg → Edit → New CAS ID → Lost tags! ❌
After: Entry → UserMetadata (unchanged) ✓
│ Tags preserved!
└────► New ContentIdentity
```
## Real-World Scenarios
### Scenario 1: Tag Before Index
```
1. User drops 1000 photos into Spacedrive
2. Immediately tags them "Vacation 2024" (instant!)
3. Content indexing happens in background
4. Deduplication available when ready
```
### Scenario 2: Cross-Device Sync
```
1. Tag photos on MacBook
2. Photos sync to iPhone with tags intact
3. Edit photo on iPhone
4. Tags remain, content identity updates
5. Both devices see the same tags
```
### Scenario 3: Removable Media
```
1. Insert USB drive
2. Browse and tag files (no indexing needed)
3. Remove USB drive
4. Tags remembered for when drive returns
5. Virtual entries maintain metadata
```
This architecture makes Spacedrive's Virtual Distributed File System a reality!

237
docs/core/design/VIRTUAL_LOCATIONS_DESIGN.md
View File

@@ -1,237 +0,0 @@
Guidance Document: Evolving to a Pure Hierarchical Model with
Virtual Locations
Objective: To refactor the Spacedrive VDFS core from the
current hybrid model (closure table + materialized paths) to
a "pure" hierarchical model. This will enable fully virtual
locations, significantly reduce database size, and improve
data integrity by eliminating path string redundancy.
Starting Point: This guide assumes the changes from the
previous implementation are complete: the entries table has a
parent_id, and the entry_closure table is being correctly
populated for all new and moved entries.
---
1. Architectural Principles & Rationale
This refactoring is based on several key insights we've
developed:
1. The Goal is Virtual Locations: A "Location" should not be a
rigid, physical path on a disk. It should be a virtual,
named pointer to any directory Entry in the VDFS. This
allows users to create locations that match their mental
model (e.g., a "Projects" location that points to
/Users/me/work/projects) without being constrained by the
filesystem's physical layout.
2. Eliminating `relative_path`: The primary obstacle to virtual
locations and the main source of data bloat is the
relative_path column in the entries table. By removing it, we
achieve a "pure" model where the hierarchy is defined only
by the parent_id and entry_closure tables. This is the single
source of truth for the hierarchy, making the system more
robust and easier to maintain.
3. Solving the Path Reconstruction Problem: We identified that
removing relative_path entirely would create a major
performance bottleneck when displaying lists of files from
multiple directories (e.g., search results), as it would
require thousands of recursive queries to reconstruct their
paths.
4. The "Directory-Only Path Cache" Solution: The optimal
solution is to introduce a new, dedicated table named
directory_paths.
- Purpose: This table acts as a permanent, denormalized
cache. Its sole function is to store the pre-computed,
full path string for every directory.
- Efficiency: By only storing paths for directories (which
are far less numerous than files), we reduce the storage
overhead by ~90% compared to caching all paths, while
retaining almost all the performance benefits.
- How it Works: A file's full path is constructed
on-the-fly with near-zero cost by fetching its parent
directory's path from this new table and appending the
file's name. This is an extremely fast operation.
---
2. Step-by-Step Implementation Plan
Phase 1: Database Schema Changes
This phase modifies the database to support the new
architecture. This must be done in a new migration file.
1. Action: Drop the relative_path column from the entries
table.
- File: New migration file in
src/infrastructure/database/migration/.
- Instruction:
1 -- In the `up` function of the migration
2 manager.alter_table(
3 Table::alter()
4 .table(Entry::Table)
5 .drop_column(Alias::new
("relative_path"))
6 .to_owned(),
7 ).await?;
2. Action: Create the new directory_paths table.
- File: Same new migration file.
- Instruction:
1 -- In the `up` function of the migration
2 manager.create_table(
3 Table::create()
4 .table(DirectoryPaths::Table)
5 .if_not_exists()
6 .col(
7 ColumnDef::new
(DirectoryPaths::EntryId)
8 .integer()
9 .primary_key(),
10 )
11 .col(ColumnDef::new
(DirectoryPaths::Path).text().not_null())
12 .foreign_key(
13 ForeignKey::create()
14
.name("fk_directory_path_entry")
15 .from(DirectoryPaths::Table
, DirectoryPaths::EntryId)
16 .to(Entry::Table,
Entry::Id)
17
.on_delete(ForeignKeyAction::Cascade), // Critical
for auto-cleanup
18 )
19 .to_owned(),
20 ).await?;
3. Action: Create the corresponding SeaORM entity for
directory_paths.
- File:
src/infrastructure/database/entities/directory_paths.rs
(new file).
- Instruction: Create a new entity struct that maps to the
table above. Remember to add it to
src/infrastructure/database/entities/mod.rs.
Phase 2: Make Locations Virtual
This is the core change that decouples Locations from the
filesystem.
1. Action: Modify the locations table schema.
- File: Same new migration file.
- Instruction: The locations table currently stores a
path: String. This needs to be changed to entry_id: i32.
1 -- This will require dropping the old
column and adding a new one.
2 -- NOTE: Since there are no v2 users, a
destructive change is acceptable.
3 manager.alter_table(
4 Table::alter()
5 .table(Location::Table)
6 .drop_column(Alias::new("path"))
7 .to_owned(),
8 ).await?;
9
10 manager.alter_table(
11 Table::alter()
12 .table(Location::Table)
13 .add_column(
14 ColumnDef::new
(Location::EntryId).integer().not_null()
15 )
16 .to_owned(),
17 ).await?;
* Reasoning: A Location is now just a named reference to a
directory Entry.
2. Action: Update the Location SeaORM entity to reflect this
change.
- File: src/infrastructure/database/entities/location.rs.
Phase 3: Update Indexing and Core Logic
This phase adapts the application logic to populate and use
the new structures.
1. Action: Update EntryProcessor::create_entry.
- File: src/operations/indexing/entry.rs.
- Instruction: When a new Entry is created, if that entry is
a directory, the logic must:
1. Determine its full path. This can be done by querying
the directory_paths table for its parent_id and
appending the new directory's name.
2. INSERT the new record into the directory_paths
table.
3. This entire operation (creating the entry,
populating the closure table, and populating the
directory path) should be wrapped in a single
database transaction.
2. Action: Update EntryProcessor::move_entry.
- File: src/operations/indexing/entry.rs.
- Instruction: When a directory is moved:
1. The existing transactional logic for updating
parent_id and the entry_closure table is still
correct.
2. Add a step within the transaction to UPDATE the
directory's own path in the directory_paths table.
3. Crucially, after the transaction commits, spawn a
low-priority background job. This job's
responsibility is to find all descendant directories
of the one that was moved (using the closure table)
and update their paths in the directory_paths table.
- Reasoning: This makes the move operation feel instantaneous
to the user, deferring the expensive task of updating all
descendant paths.
3. Action: Create a centralized Path Retrieval Service.
- File: A new module, e.g.,
src/operations/indexing/path_resolver.rs.
- Instruction: This service will have a function like
get_full_path(entry_id: i32) -> Result<PathBuf>.
- If the entry is a directory, it will SELECT path
FROM directory_paths WHERE entry_id = ?.
- If the entry is a file, it will SELECT e.name,
dp.path FROM entries e JOIN directory_paths dp ON
e.parent_id = dp.entry_id WHERE e.id = ?.
- Reasoning: This centralizes path reconstruction logic
and ensures it's done consistently and efficiently
everywhere.
4. Action: Refactor all parts of the codebase that need a full
path.
- Files: This will be a broad change. Key areas will
include:
- Search result generation.
- UI-facing API endpoints.
- The Action System's preview generation.
- Any logging that requires full paths.
- Instruction: All these locations must now call the new
PathRetrievalService instead of trying to concatenate
relative_path and name.
---
This guide provides a clear, logical path to achieving a more
robust, scalable, and flexible architecture for Spacedrive. By
following these steps, the next agent can successfully
implement this significant and valuable upgrade.

193
docs/core/design/VIRTUAL_SIDECAR_SYSTEM.md
View File

@@ -1,193 +0,0 @@
# Virtual Sidecar System (VSS)
Status: Draft
## Summary
Virtual Sidecars are derivative artifacts (e.g., thumbnails, OCR text, embeddings, media proxies) that Spacedrive generates and manages without ever mutating the users original files. Sidecars are:
- Content-scoped and deduplicated per unique content (content_uuid)
- Stored inside the librarys portable `.sdlibrary` and travel with it
- Generated asynchronously (“compute ahead of time”), and looked up instantly (“query on demand”)
- Designed for cross-device reuse: once generated on any device, they can be reused elsewhere without reprocessing
This document specifies data model, filesystem layout, local presence management, cross-device availability, APIs, and integration points with indexing and jobs.
## Goals
- Zero-copy, original files remain untouched
- Deterministic paths for hot reads (no DB needed for single fetches)
- Fast bulk presence answers via DB (UI grids, batch decisions)
- Content-level deduplication (unique content → shared sidecars)
- Cross-device awareness and transfer using existing pairing/file-sharing
- Continuous consistency between DB index and sidecar folder
## Non-Goals (initial)
- Complex policy engines (well add policies like prefetch later)
- Non-content (entry-level) sidecars beyond metadata manifests (can be added later)
## Data Model
Two tables extend the library database.
### sidecars
One row per content-level sidecar variant.
- id (pk)
- content_uuid (uuid) — FK to `content_identities.uuid`
- kind (text) — e.g., `thumb`, `proxy`, `embeddings`, `ocr`, `transcript`
- variant (text) — e.g., `grid@2x`, `detail@1x`, `1080p`, `all-MiniLM-L6-v2`
- format (text) — e.g., `webp`, `mp4`, `json`
- rel_path (text) — path under `sidecars/` (includes sharding prefixes, e.g., `content/{h0}/{h1}/{content_uuid}/...`)
- size (bigint)
- checksum (text) — optional integrity for the sidecar file
- status (text enum) — `pending | ready | failed`
- source (text) — producing job/agent id or name
- version (int) — sidecar schema/version
- created_at, updated_at (timestamps)
Constraints:
- Unique(content_uuid, kind, variant)
### sidecar_availability
Presence map per device for fast cross-device decisions.
- id (pk)
- content_uuid (uuid)
- kind (text)
- variant (text)
- device_uuid (uuid)
- has (bool)
- size (bigint)
- checksum (text)
- last_seen_at (timestamp)
Constraints:
- Unique(content_uuid, kind, variant, device_uuid)
## Filesystem Layout
Deterministic paths enable zero-DB hot reads.
```
.sdlibrary/
sidecars/
content/
{h0}/{h1}/{content_uuid}/
thumbs/{variant}.webp
proxies/{profile}.mp4
embeddings/{model}.json
ocr/ocr.json
transcript/transcript.json
manifest.json
```
Rules:
- Content-level sidecars only (media derivations attached to unique content)
- Deterministic naming by `{content_uuid}` + `{kind}` + `{variant}`
- A small per-content `manifest.json` may be used for local inspection/debug
- Two-level hex sharding under `content/` to bound directory fanout and keep filesystem operations healthy at scale:
- `{h0}` and `{h1}` are the first two byte-pairs of the canonical, lowercase hex `content_uuid` with hyphens removed (e.g., `abcd1234-...``h0=ab`, `h1=cd`).
- Shard directories are created lazily; never pre-create the full shard tree.
- Always use lowercase to avoid case-folding issues on case-insensitive filesystems.
- Paths remain fully deterministic and require no DB lookup for single-item fetches.
## Local Presence & Consistency (DB FS)
To keep database and sidecar folder consistent:
- Bootstrap scan: On first enable or periodic maintenance, walk the sharded tree under `sidecars/content/`, infer `(content_uuid, kind, variant, format, path)`, compute size (+ optional checksum), and upsert `sidecars` rows with `status=ready`.
- Watcher: Add a library-internal watcher for `sidecars/` to reflect create/rename/delete into `sidecars` in real time. For large batches, the reconcile job (below) covers race conditions.
- Reconcile job: Periodic, compares DB rows to FS state, repairs drift (e.g., recompute checksum, remove stale DB rows, re-run generation if missing), and updates `sidecar_availability` for the local device.
## Intelligence Queueing (Post Content Identification)
Extend the indexing pipeline with an “Intelligence Queueing Phase” after ContentIdentification:
- For newly created or modified content, enqueue sidecar jobs by type/kind (thumbnails, proxies, embeddings, OCR, transcript, validation hash).
- Job contract (idempotent):
1. Check DB/FS for existing sidecar → if exists and valid, no-op
2. Otherwise generate → write file deterministically → upsert `sidecars`(ready)
3. Update `sidecar_availability` for the local device
- This phase runs asynchronously and never blocks indexing completion
## Cross-Device Availability & Sync
We reuse the pairing + file sharing stack to avoid reprocessing on every device.
- Inventory exchange: Paired devices periodically share compact availability digests for a configured set of sidecar kinds/variants (e.g., thumbnails). For large sets, use chunked lists or Bloom filters per variant.
- Availability updates: On receiving digest, upsert `sidecar_availability(has=true)` with `last_seen_at` for those (content_uuid, kind, variant, device_uuid).
- Sync planner: When UI needs a sidecar and local is missing:
- Query `sidecar_availability` for candidates on paired devices
- If present on any device, schedule file transfer for the deterministic path
- Otherwise schedule local generation
- Transfer path: Use existing file-sharing protocol to fetch `sidecars/content/{h0}/{h1}/{content_uuid}/...`, verify checksum, write locally, upsert `sidecars` and `sidecar_availability(local)`
## Retrieval Strategy
- Single-item fetch (hot path):
- Compute deterministic path → FS check → return path immediately if exists
- If missing, schedule generation or remote fetch (async) and return pending handle
- Bulk presence (grids/lists):
- Query: `SELECT content_uuid, variant FROM sidecars WHERE kind=? AND content_uuid IN (...)` → build presence map
- Optionally overlay `sidecar_availability` for remote candidates
## APIs (Daemon)
- `sidecars.presence(content_uuids: [], kind: string, variants: []):`
- Returns `{ [content_uuid]: { [variant]: { local: bool, path?: string, devices: uuid[], status } } }`
- `sidecars.path(content_uuid, kind, variant):`
- Returns local path if exists; otherwise enqueues generation/transfer and returns a pending token
- `sidecars.reconcile():` triggers reconcile job
- `sidecars.inventory.publish(kind, variants)`: push local availability digest
- `sidecars.inventory.apply(digest)`: apply remote availability update
## Integration Points
- Indexer: Intelligence Queueing Phase dispatch (after content identification)
- Jobs: Sidecar generation jobs per kind/variant; idempotent and fast-path aware
- Watchers: FS watcher on `sidecars/` to keep DB in sync
- Sharing: Use current file sharing protocol for cross-device copies
- Library manager: ensure `sidecars/` directory exists upon library creation
## Status & Integrity
- `status`: `pending | ready | failed` for visibility and retries
- `checksum`:
- Small files: full hash
- Large files: optional or size+mtime; verify on transfer/periodic
- `last_seen_at`: for availability freshness and eviction decisions
## Performance Considerations
- Deterministic paths avoid DB lookups for single fetches
- Bulk presence queries avoid N×FS stats
- Background generation keeps UI latency low
- Availability digests prevent wasteful remote checks; sidecars are re-used instead of re-generated
## Phased Rollout
1. Local-only: schema, folder layout, bootstrap scan, watcher, presence API, local generation
2. UI integration: grids use presence API; details use hot path
3. Cross-device: availability exchange, sync planner, transfers; reconcile enhancements
4. Policies: prefetch strategies, priority queues, storage limits
## Open Questions
- Which sidecars are mandatory to sync vs on-demand?
- Retention: when/how to evict large sidecars (proxies) under pressure?
- Security: signed availability digests? Access controls for shared sidecars?
## Appendix: Example Paths
- Grid thumbnail (2x): `sidecars/content/{h0}/{h1}/{content_uuid}/thumbs/grid@2x.webp`
- 1080p proxy: `sidecars/content/{h0}/{h1}/{content_uuid}/proxies/1080p.mp4`
- Embeddings (MiniLM): `sidecars/content/{h0}/{h1}/{content_uuid}/embeddings/all-MiniLM-L6-v2.json`

848
docs/core/design/VOLUME_CLASSIFICATION_DESIGN.md
View File

@@ -1,848 +0,0 @@
# Volume Classification and UX Enhancement Design
**Status:** Draft
**Author:** Spacedrive Team
**Date:** 2025-01-26
**Version:** 1.0
## Table of Contents
1. [Problem Statement](#problem-statement)
2. [Goals](#goals)
3. [Non-Goals](#non-goals)
4. [Background](#background)
5. [Design Overview](#design-overview)
6. [Detailed Design](#detailed-design)
7. [Implementation Plan](#implementation-plan)
8. [Platform Considerations](#platform-considerations)
9. [Migration Strategy](#migration-strategy)
10. [Testing Strategy](#testing-strategy)
11. [Security Considerations](#security-considerations)
12. [Alternatives Considered](#alternatives-considered)
## Problem Statement
Currently, Spacedrive auto-tracks all detected system volumes, leading to several UX issues:
### Current Problems
1. **Visual Clutter**: Users see system-internal volumes (VM, Preboot, Update, Hardware) that aren't relevant for file management
2. **Cognitive Overhead**: 13+ volumes displayed when only 3-4 are user-relevant
3. **Storage Confusion**: System volumes show capacity/usage that doesn't reflect user storage
4. **Auto-tracking Noise**: System volumes are automatically tracked, creating database bloat
5. **Cross-platform Inconsistency**: No unified approach to volume relevance across macOS, Windows, Linux
### User Impact
- **File Manager UX**: Users expect to see only their actual storage devices (like Finder, Explorer)
- **Storage Management**: Difficulty identifying which volumes contain their files
- **Performance**: Unnecessary indexing and tracking of system volumes
- **Confusion**: Technical mount points exposed to end users
## Goals
### Primary Goals
1. **Clean UX**: Show only user-relevant volumes by default
2. **Smart Auto-tracking**: Only auto-track volumes that contain user data
3. **Platform Awareness**: Understand OS-specific volume hierarchies
4. **Flexibility**: Allow power users to see/manage system volumes when needed
5. **Backwards Compatibility**: Don't break existing tracked volumes
### Secondary Goals
1. **Performance**: Reduce database size by not tracking system volumes
2. **Consistency**: Unified volume classification across platforms
3. **Extensibility**: Framework for future volume type additions
4. **User Control**: Preferences for volume display and tracking behavior
## Non-Goals
1. **File System Analysis**: Not analyzing directory contents to classify volumes
2. **Dynamic Reclassification**: Volume types are determined at detection time
3. **Custom User Categories**: Not supporting user-defined volume types in v1
4. **Volume Merging**: Not combining related volumes into single entities
## Background
### Current Architecture
```rust
// Current Volume struct (simplified)
pub struct Volume {
pub fingerprint: VolumeFingerprint,
pub name: String,
pub mount_point: PathBuf,
pub mount_type: MountType, // System, External, Network
pub is_mounted: bool,
// ... other fields
}
// Current auto-tracking (tracks all system volumes)
pub async fn auto_track_system_volumes(&self, library: &Library) -> VolumeResult<Vec<Model>> {
let system_volumes = self.get_system_volumes().await; // All MountType::System
for volume in system_volumes {
self.track_volume(library, &volume.fingerprint, Some(volume.name.clone())).await?;
}
}
```
### Platform Volume Hierarchies
**macOS (APFS Container Model)**
```
/ (Macintosh HD) - Primary system drive
├── /System/Volumes/Data - User data (separate volume)
├── /System/Volumes/VM - Virtual memory
├── /System/Volumes/Preboot - Boot support
├── /System/Volumes/Update - System updates
├── /System/Volumes/Hardware - Hardware support
└── /Volumes/* - External/user drives
```
**Windows**
```
C:\ - Primary system + user data
D:\, E:\, etc. - Secondary drives
Recovery partitions - System recovery
EFI System Partition - Boot system
```
**Linux**
```
/ - Root filesystem
/home - User data (often separate partition)
/boot - Boot partition
/proc, /sys, /dev - Virtual filesystems
/media/*, /mnt/* - Removable/external media
```
## Design Overview
### Core Concept: Volume Type Classification
Replace the simple `MountType` enum with a more sophisticated `VolumeType` that captures user intent and OS semantics.
```rust
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
pub enum VolumeType {
Primary, // Main system drive with user data
UserData, // Dedicated user data volumes
External, // Removable/external storage
Secondary, // Additional internal storage
System, // OS internal volumes (hidden by default)
Network, // Network attached storage
Unknown, // Fallback for unclassified
}
```
### Classification Pipeline
```mermaid
graph LR
A[Volume Detection] --> B[Platform Classifier]
B --> C[Mount Point Analysis]
C --> D[Filesystem Type Check]
D --> E[Hardware Detection]
E --> F[VolumeType Assignment]
F --> G[Auto-tracking Decision]
F --> H[UI Display Decision]
```
### UX Improvements
1. **Default View**: Show only `Primary`, `UserData`, `External`, `Secondary`, `Network`
2. **System View**: Optional flag to show `System` volumes
3. **Auto-tracking**: Only track non-`System` volumes by default
4. **Visual Indicators**: Clear type indicators in CLI/UI
## Detailed Design
### 1. Core Type Definitions
```rust
// src/volume/types.rs
/// Classification of volume types for UX and auto-tracking decisions
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
pub enum VolumeType {
/// Primary system drive containing OS and user data
/// Examples: C:\ on Windows, / on Linux, Macintosh HD on macOS
Primary,
/// Dedicated user data volumes (separate from OS)
/// Examples: /System/Volumes/Data on macOS, separate /home on Linux
UserData,
/// External or removable storage devices
/// Examples: USB drives, external HDDs, /Volumes/* on macOS
External,
/// Secondary internal storage (additional drives/partitions)
/// Examples: D:, E: drives on Windows, additional mounted drives
Secondary,
/// System/OS internal volumes (hidden from normal view)
/// Examples: /System/Volumes/* on macOS, Recovery partitions
System,
/// Network attached storage
/// Examples: SMB mounts, NFS, cloud storage
Network,
/// Unknown or unclassified volumes
Unknown,
}
impl VolumeType {
/// Should this volume type be auto-tracked by default?
pub fn auto_track_by_default(&self) -> bool {
match self {
VolumeType::Primary | VolumeType::UserData
| VolumeType::External | VolumeType::Secondary
| VolumeType::Network => true,
VolumeType::System | VolumeType::Unknown => false,
}
}
/// Should this volume be shown in the default UI view?
pub fn show_by_default(&self) -> bool {
!matches!(self, VolumeType::System | VolumeType::Unknown)
}
/// User-friendly display name for the volume type
pub fn display_name(&self) -> &'static str {
match self {
VolumeType::Primary => "Primary Drive",
VolumeType::UserData => "User Data",
VolumeType::External => "External Drive",
VolumeType::Secondary => "Secondary Drive",
VolumeType::System => "System Volume",
VolumeType::Network => "Network Drive",
VolumeType::Unknown => "Unknown",
}
}
/// Icon/indicator for CLI display
pub fn icon(&self) -> &'static str {
match self {
VolumeType::Primary => "[PRI]",
VolumeType::UserData => "[USR]",
VolumeType::External => "[EXT]",
VolumeType::Secondary => "[SEC]",
VolumeType::System => "[SYS]",
VolumeType::Network => "[NET]",
VolumeType::Unknown => "[UNK]",
}
}
}
/// Enhanced volume information with classification
pub struct Volume {
// ... existing fields ...
/// Classification of this volume for UX decisions
pub volume_type: VolumeType,
/// Whether this volume should be visible in default views
pub is_user_visible: bool,
/// Whether this volume should be auto-tracked
pub auto_track_eligible: bool,
}
```
### 2. Platform-Specific Classification
```rust
// src/volume/classification.rs
pub trait VolumeClassifier {
fn classify(&self, volume_info: &VolumeDetectionInfo) -> VolumeType;
}
pub struct MacOSClassifier;
impl VolumeClassifier for MacOSClassifier {
fn classify(&self, info: &VolumeDetectionInfo) -> VolumeType {
let mount_str = info.mount_point.to_string_lossy();
match mount_str.as_ref() {
// Primary system drive
"/" => VolumeType::Primary,
// User data volume (modern macOS separates this)
path if path.starts_with("/System/Volumes/Data") => VolumeType::UserData,
// System internal volumes
path if path.starts_with("/System/Volumes/") => VolumeType::System,
// External drives
path if path.starts_with("/Volumes/") => {
if info.is_removable.unwrap_or(false) {
VolumeType::External
} else {
// Could be user-created APFS volume
VolumeType::Secondary
}
},
// Network mounts
path if path.starts_with("/Network/") => VolumeType::Network,
// macOS autofs system
path if mount_str.contains("auto_home") ||
info.file_system == FileSystem::Other("autofs".to_string()) => VolumeType::System,
_ => VolumeType::Unknown,
}
}
}
pub struct WindowsClassifier;
impl VolumeClassifier for WindowsClassifier {
fn classify(&self, info: &VolumeDetectionInfo) -> VolumeType {
let mount_str = info.mount_point.to_string_lossy();
match mount_str.as_ref() {
// Primary system drive (usually C:)
"C:\\" => VolumeType::Primary,
// Recovery and EFI partitions
path if path.contains("Recovery")
|| path.contains("EFI")
|| info.file_system == FileSystem::Fat32 && info.total_bytes_capacity < 1_000_000_000 => {
VolumeType::System
},
// Other drive letters
path if path.len() == 3 && path.ends_with(":\\") => {
if info.is_removable.unwrap_or(false) {
VolumeType::External
} else {
VolumeType::Secondary
}
},
// Network drives
path if path.starts_with("\\\\") => VolumeType::Network,
_ => VolumeType::Unknown,
}
}
}
pub struct LinuxClassifier;
impl VolumeClassifier for LinuxClassifier {
fn classify(&self, info: &VolumeDetectionInfo) -> VolumeType {
let mount_str = info.mount_point.to_string_lossy();
match mount_str.as_ref() {
// Root filesystem
"/" => VolumeType::Primary,
// User data partition
"/home" => VolumeType::UserData,
// System/virtual filesystems
path if path.starts_with("/proc")
|| path.starts_with("/sys")
|| path.starts_with("/dev")
|| path.starts_with("/boot") => VolumeType::System,
// External/removable media
path if path.starts_with("/media/")
|| path.starts_with("/mnt/")
|| info.is_removable.unwrap_or(false) => VolumeType::External,
// Network mounts
path if info.file_system == FileSystem::Other("nfs".to_string())
|| info.file_system == FileSystem::Other("cifs".to_string()) => VolumeType::Network,
_ => VolumeType::Secondary,
}
}
}
pub fn get_classifier() -> Box<dyn VolumeClassifier> {
#[cfg(target_os = "macos")]
return Box::new(MacOSClassifier);
#[cfg(target_os = "windows")]
return Box::new(WindowsClassifier);
#[cfg(target_os = "linux")]
return Box::new(LinuxClassifier);
#[cfg(not(any(target_os = "macos", target_os = "windows", target_os = "linux")))]
return Box::new(UnknownClassifier);
}
```
### 3. Updated Volume Detection
```rust
// src/volume/os_detection.rs
pub async fn detect_volumes(device_id: Uuid) -> VolumeResult<Vec<Volume>> {
let classifier = classification::get_classifier();
let raw_volumes = detect_raw_volumes().await?;
let mut volumes = Vec::new();
for raw_volume in raw_volumes {
let volume_type = classifier.classify(&raw_volume);
let volume = Volume {
fingerprint: VolumeFingerprint::new(device_id, &raw_volume),
device_id,
name: raw_volume.name,
volume_type,
mount_type: determine_mount_type(&volume_type),
mount_point: raw_volume.mount_point,
is_user_visible: volume_type.show_by_default(),
auto_track_eligible: volume_type.auto_track_by_default(),
// ... other fields
};
volumes.push(volume);
}
Ok(volumes)
}
```
### 4. Enhanced Auto-tracking Logic
```rust
// src/volume/manager.rs
impl VolumeManager {
/// Auto-track user-relevant volumes only
pub async fn auto_track_user_volumes(
&self,
library: &crate::library::Library,
) -> VolumeResult<Vec<entities::volume::Model>> {
let eligible_volumes: Vec<_> = self.volumes
.read()
.await
.values()
.filter(|v| v.auto_track_eligible)
.cloned()
.collect();
let mut tracked_volumes = Vec::new();
info!(
"Auto-tracking {} user-relevant volumes for library '{}'",
eligible_volumes.len(),
library.name().await
);
for volume in eligible_volumes {
// Skip if already tracked
if self.is_volume_tracked(library, &volume.fingerprint).await? {
debug!("Volume '{}' ({:?}) already tracked in library",
volume.name, volume.volume_type);
continue;
}
match self.track_volume(library, &volume.fingerprint, Some(volume.name.clone())).await {
Ok(tracked) => {
info!(
"Auto-tracked {} volume '{}' in library '{}'",
volume.volume_type.display_name(),
volume.name,
library.name().await
);
tracked_volumes.push(tracked);
}
Err(e) => {
warn!(
"Failed to auto-track {} volume '{}': {}",
volume.volume_type.display_name(),
volume.name,
e
);
}
}
}
Ok(tracked_volumes)
}
/// Get volumes filtered by type and visibility
pub async fn get_user_visible_volumes(&self) -> Vec<Volume> {
self.volumes
.read()
.await
.values()
.filter(|v| v.is_user_visible)
.cloned()
.collect()
}
/// Get all volumes including system volumes
pub async fn get_all_volumes_with_system(&self) -> Vec<Volume> {
self.volumes.read().await.values().cloned().collect()
}
}
```
### 5. Enhanced CLI Interface
```rust
// src/infrastructure/cli/commands/volume.rs
#[derive(Debug, Clone, Subcommand, Serialize, Deserialize)]
pub enum VolumeCommands {
/// List volumes (user-visible by default)
List {
/// Include system volumes in output
#[arg(long)]
include_system: bool,
/// Filter by volume type
#[arg(long, value_enum)]
type_filter: Option<VolumeTypeFilter>,
/// Show volume type column
#[arg(long)]
show_types: bool,
},
// ... other commands
}
#[derive(Debug, Clone, ValueEnum, Serialize, Deserialize)]
pub enum VolumeTypeFilter {
Primary,
UserData,
External,
Secondary,
System,
Network,
Unknown,
}
// Enhanced volume list formatting
fn format_volume_list(
volumes: Vec<Volume>,
tracked_info: HashMap<VolumeFingerprint, TrackedVolume>,
show_types: bool,
include_system: bool,
) -> comfy_table::Table {
let mut table = Table::new();
if show_types {
table.set_header(vec!["Type", "Name", "Mount Point", "File System", "Capacity", "Available", "Status", "Tracked"]);
} else {
table.set_header(vec!["Name", "Mount Point", "File System", "Capacity", "Available", "Status", "Tracked"]);
}
let filtered_volumes: Vec<_> = volumes.into_iter()
.filter(|v| include_system || v.is_user_visible)
.collect();
for volume in filtered_volumes {
let tracked_status = if let Some(tracked) = tracked_info.get(&volume.fingerprint) {
format!("Yes ({})", tracked.display_name.as_deref().unwrap_or(&volume.name))
} else {
"No".to_string()
};
let mut row = Vec::new();
if show_types {
row.push(format!("{} {}", volume.volume_type.icon(), volume.volume_type.display_name()));
}
row.extend([
volume.name,
volume.mount_point.display().to_string(),
volume.file_system.to_string(),
format_bytes(volume.total_bytes_capacity),
format_bytes(volume.total_bytes_available),
if volume.is_mounted { "Mounted" } else { "Unmounted" }.to_string(),
tracked_status,
]);
table.add_row(row);
}
table
}
```
### 6. Database Schema Updates
```rust
// Add volume_type to database schema
// src/infrastructure/database/entities/volume.rs
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Eq)]
#[sea_orm(table_name = "volumes")]
pub struct Model {
// ... existing fields ...
/// Volume type classification
pub volume_type: String, // Serialized VolumeType
/// Whether volume is visible in default UI
pub is_user_visible: Option<bool>,
/// Whether volume is eligible for auto-tracking
pub auto_track_eligible: Option<bool>,
}
// Migration to add new columns
// src/infrastructure/database/migration/m20250126_000001_add_volume_classification.rs
```
## Implementation Plan
### Phase 1: Core Classification (Week 1)
- [ ] Add `VolumeType` enum and classification traits
- [ ] Implement platform-specific classifiers
- [ ] Update `Volume` struct with new fields
- [ ] Add database migration for new fields
### Phase 2: Volume Detection Integration (Week 1)
- [ ] Update volume detection to use classifiers
- [ ] Modify auto-tracking logic to respect `auto_track_eligible`
- [ ] Update volume manager methods
- [ ] Add comprehensive tests for classification
### Phase 3: CLI Enhancement (Week 2)
- [ ] Add CLI flags for system volume display
- [ ] Enhance volume list formatting with types
- [ ] Add volume type filtering options
- [ ] Update help text and documentation
### Phase 4: Migration and Testing (Week 2)
- [ ] Create migration script for existing volumes
- [ ] Add integration tests across platforms
- [ ] Performance testing with large volume sets
- [ ] User acceptance testing
### Phase 5: Advanced Features (Future)
- [ ] User preferences for volume display
- [ ] Custom volume type rules
- [ ] Volume grouping/organization
- [ ] Integration with file manager UI
## Platform Considerations
### macOS Specifics
- **APFS Containers**: Multiple volumes in single container
- **System Volume Group**: Related system volumes
- **Sealed System Volume**: Read-only system partition
- **Data Volume**: Separate user data volume
### Windows Specifics
- **Drive Letters**: Single-letter mount points
- **Hidden Partitions**: Recovery, EFI partitions
- **Dynamic Disks**: Spanned/striped volumes
- **Junction Points**: Directory-level mounts
### Linux Specifics
- **Virtual Filesystems**: /proc, /sys, /dev
- **Bind Mounts**: Same filesystem at multiple points
- **Network Filesystems**: NFS, CIFS, SSHFS
- **Container Filesystems**: Docker, LXC volumes
## Migration Strategy
### Existing Volume Handling
1. **Backward Compatibility**: Existing tracked volumes remain tracked
2. **Gradual Migration**: Classify existing volumes on next refresh
3. **Default Behavior**: System volumes stop auto-tracking for new libraries
4. **User Choice**: Allow users to manually track/untrack any volume
### Database Migration
```sql
-- Add new columns with defaults
ALTER TABLE volumes ADD COLUMN volume_type TEXT DEFAULT 'Unknown';
ALTER TABLE volumes ADD COLUMN is_user_visible BOOLEAN DEFAULT true;
ALTER TABLE volumes ADD COLUMN auto_track_eligible BOOLEAN DEFAULT true;
-- Backfill existing volumes based on mount_point patterns
UPDATE volumes SET volume_type = 'System'
WHERE mount_point LIKE '/System/Volumes/%' AND mount_point != '/System/Volumes/Data';
UPDATE volumes SET volume_type = 'External'
WHERE mount_point LIKE '/Volumes/%';
UPDATE volumes SET volume_type = 'Primary'
WHERE mount_point = '/';
```
## Testing Strategy
### Unit Tests
- Platform classifier logic
- Volume type determination
- Auto-tracking eligibility
- UI filtering logic
### Integration Tests
- Volume detection with classification
- Auto-tracking behavior changes
- CLI output formatting
- Database migration
### Platform Tests
- macOS system volume detection
- Windows drive letter handling
- Linux virtual filesystem filtering
- Cross-platform consistency
### Performance Tests
- Volume detection with classification overhead
- Database query performance with new indexes
- Memory usage with additional volume metadata
## Security Considerations
### Information Disclosure
- **System Volume Exposure**: Hiding system volumes reduces information leakage
- **Mount Point Sanitization**: Ensure mount paths don't expose sensitive info
- **Volume Enumeration**: Limit volume discovery to accessible mounts
### Access Control
- **Permission Checks**: Verify read access before classifying volumes
- **Privilege Escalation**: Don't require elevated permissions for classification
- **User Context**: Classify volumes based on current user's perspective
## Alternatives Considered
### 1. Configuration-Based Classification
**Approach**: User-defined rules for volume classification
**Pros**: Fully customizable, handles edge cases
**Cons**: Complex setup, inconsistent defaults, maintenance burden
**Decision**: Rejected - Too complex for initial implementation
### 2. Content-Based Classification
**Approach**: Analyze directory contents to determine volume purpose
**Pros**: More accurate classification, adapts to user behavior
**Cons**: Performance overhead, privacy concerns, complexity
**Decision**: Rejected - Out of scope for v1, privacy issues
### 3. Simple Blacklist/Whitelist
**Approach**: Hard-coded lists of paths to show/hide
**Pros**: Simple implementation, predictable behavior
**Cons**: Brittle, platform-specific, hard to maintain
**Decision**: Rejected - Not flexible enough, maintenance nightmare
### 4. No Classification (Status Quo)
**Approach**: Keep current behavior, show all volumes
**Pros**: No implementation effort, backward compatible
**Cons**: Poor UX, cluttered interface, user confusion
**Decision**: Rejected - UX problems too significant
## Success Metrics
### User Experience
- **Volume Count Reduction**: 50%+ reduction in default volume list
- **User Comprehension**: A/B testing shows improved understanding
- **Support Requests**: Fewer volume-related confusion tickets
### Technical Metrics
- **Classification Accuracy**: 95%+ correct volume type assignment
- **Performance Impact**: <10ms additional detection overhead
- **Database Size**: Reduced tracking overhead for system volumes
### Adoption Metrics
- **CLI Usage**: Increased usage of volume commands
- **Feature Discovery**: Users find relevant volumes faster
- **System Volume Access**: <5% users need `--include-system` flag
---
## Appendix: Example Outputs
### Before (Current)
```bash
$ sd volume list
┌──────────────┬─────────────────────────────────┬─────────────┬──────────┬───────────┬─────────┬─────────────────┐
│ Name │ Mount Point │ File System │ Capacity │ Available │ Status │ Tracked │
├──────────────┼─────────────────────────────────┼─────────────┼──────────┼───────────┼─────────┼─────────────────┤
│ Samsung │ /Volumes/Samsung │ Unknown │ 2.0 TB │ 301.0 GB │ Mounted │ No │
│ mnt1 │ /System/Volumes/Update/SFR/mnt1 │ APFS │ 5.2 GB │ 3.3 GB │ Mounted │ Yes (mnt1)
│ iSCPreboot │ /System/Volumes/iSCPreboot │ APFS │ 524.0 MB │ 502.0 MB │ Mounted │ Yes (iSCPreboot)
│ Preboot │ /System/Volumes/Preboot │ APFS │ 990.0 GB │ 3.3 GB │ Mounted │ Yes (Preboot)
│ xarts │ /System/Volumes/xarts │ APFS │ 524.0 MB │ 502.0 MB │ Mounted │ Yes (xarts)
│ Untitled │ /Volumes/Untitled │ APFS │ 995.0 GB │ 8.2 GB │ Mounted │ No │
│ Hardware │ /System/Volumes/Hardware │ APFS │ 524.0 MB │ 502.0 MB │ Mounted │ Yes (Hardware)
│ - │ - │ Unknown │ Unknown │ Unknown │ Mounted │ Yes (-)
│ VM │ /System/Volumes/VM │ APFS │ 990.0 GB │ 3.3 GB │ Mounted │ Yes (VM)
│ Data │ /System/Volumes/Data │ APFS │ 990.0 GB │ 3.3 GB │ Mounted │ Yes (Data)
│ mnt1 │ /System/Volumes/Update/mnt1 │ APFS │ 990.0 GB │ 3.3 GB │ Mounted │ Yes (mnt1)
│ Macintosh HD │ / │ APFS │ 990.0 GB │ 3.3 GB │ Mounted │ Yes (Macintosh)
│ Update │ /System/Volumes/Update │ APFS │ 990.0 GB │ 3.3 GB │ Mounted │ Yes (Update)
└──────────────┴─────────────────────────────────┴─────────────┴──────────┴───────────┴─────────┴─────────────────┘
13 volumes found
```
### After (Proposed Default)
```bash
$ sd volume list
┌──────────────┬─────────────────┬─────────────┬──────────┬───────────┬─────────┬─────────────────┐
│ Name │ Mount Point │ File System │ Capacity │ Available │ Status │ Tracked │
├──────────────┼─────────────────┼─────────────┼──────────┼───────────┼─────────┼─────────────────┤
│ Macintosh HD │ / │ APFS │ 990.0 GB │ 3.3 GB │ Mounted │ Yes (Macintosh)
│ Data │ /System/.../Data│ APFS │ 990.0 GB │ 3.3 GB │ Mounted │ Yes (Data)
│ Samsung │ /Volumes/Samsung│ Unknown │ 2.0 TB │ 301.0 GB │ Mounted │ No │
│ Untitled │ /Volumes/Untitled│ APFS │ 995.0 GB │ 8.2 GB │ Mounted │ No │
└──────────────┴─────────────────┴─────────────┴──────────┴───────────┴─────────┴─────────────────┘
4 volumes found (9 system volumes hidden, use --include-system to show)
```
### After (With System Volumes)
```bash
$ sd volume list --include-system --show-types
┌─────────────────────┬──────────────┬─────────────────────────────────┬─────────────┬──────────┬───────────┬─────────┬─────────────────┐
│ Type │ Name │ Mount Point │ File System │ Capacity │ Available │ Status │ Tracked │
├─────────────────────┼──────────────┼─────────────────────────────────┼─────────────┼──────────┼───────────┼─────────┼─────────────────┤
[PRI] Primary Drive │ Macintosh HD │ / │ APFS │ 990.0 GB │ 3.3 GB │ Mounted │ Yes (Macintosh)
[USR] User Data │ Data │ /System/Volumes/Data │ APFS │ 990.0 GB │ 3.3 GB │ Mounted │ Yes (Data)
[EXT] External Drive│ Samsung │ /Volumes/Samsung │ Unknown │ 2.0 TB │ 301.0 GB │ Mounted │ No │
[SEC] Secondary Drive│ Untitled │ /Volumes/Untitled │ APFS │ 995.0 GB │ 8.2 GB │ Mounted │ No │
[SYS] System Volume │ VM │ /System/Volumes/VM │ APFS │ 990.0 GB │ 3.3 GB │ Mounted │ No │
[SYS] System Volume │ Preboot │ /System/Volumes/Preboot │ APFS │ 990.0 GB │ 3.3 GB │ Mounted │ No │
[SYS] System Volume │ Update │ /System/Volumes/Update │ APFS │ 990.0 GB │ 3.3 GB │ Mounted │ No │
[SYS] System Volume │ Hardware │ /System/Volumes/Hardware │ APFS │ 524.0 MB │ 502.0 MB │ Mounted │ No │
[SYS] System Volume │ iSCPreboot │ /System/Volumes/iSCPreboot │ APFS │ 524.0 MB │ 502.0 MB │ Mounted │ No │
[SYS] System Volume │ xarts │ /System/Volumes/xarts │ APFS │ 524.0 MB │ 502.0 MB │ Mounted │ No │
[SYS] System Volume │ mnt1 │ /System/Volumes/Update/mnt1 │ APFS │ 990.0 GB │ 3.3 GB │ Mounted │ No │
[SYS] System Volume │ mnt1 │ /System/Volumes/Update/SFR/mnt1 │ APFS │ 5.2 GB │ 3.3 GB │ Mounted │ No │
[UNK] Unknown │ - │ - │ Unknown │ Unknown │ Unknown │ Mounted │ No │
└─────────────────────┴──────────────┴─────────────────────────────────┴─────────────┴──────────┴───────────┴─────────┴─────────────────┘
13 volumes found
```

579
docs/core/design/VOLUME_TRACKING_IMPLEMENTATION_PLAN.md
View File

@@ -1,579 +0,0 @@
# Volume Tracking Implementation Plan
## Overview
This document outlines the implementation plan for volume tracking functionality in Spacedrive, aligned with existing codebase patterns and architecture.
## Current State Analysis
### What Exists
- `VolumeManager` with in-memory volume detection
- Volume events already defined in event system
- Volume actions scaffolded (Track, Untrack, SpeedTest)
- SeaORM infrastructure and migration system
- Hybrid ID pattern (integer + UUID) for entities
### What's Missing
- Database migration for volumes table
- SeaORM entity for volumes
- Actual database operations in VolumeManager
- Volume-library relationship tracking
## Implementation Plan
### Phase 1: Database Schema
#### 1.1 Create Migration
Create: `crates/migration/src/m20240125_create_volumes.rs`
```rust
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
// Create volumes table
manager
.create_table(
Table::create()
.table(Volume::Table)
.if_not_exists()
.col(ColumnDef::new(Volume::Id).integer().not_null().primary_key().auto_increment())
.col(ColumnDef::new(Volume::Uuid).string().not_null().unique_key())
.col(ColumnDef::new(Volume::Fingerprint).string().not_null())
.col(ColumnDef::new(Volume::LibraryId).integer().not_null())
.col(ColumnDef::new(Volume::DisplayName).string())
.col(ColumnDef::new(Volume::TrackedAt).timestamp_with_time_zone().not_null())
.col(ColumnDef::new(Volume::LastSeenAt).timestamp_with_time_zone().not_null())
.col(ColumnDef::new(Volume::IsOnline).boolean().not_null().default(true))
.col(ColumnDef::new(Volume::TotalCapacity).big_integer())
.col(ColumnDef::new(Volume::AvailableCapacity).big_integer())
.col(ColumnDef::new(Volume::ReadSpeedMbps).integer())
.col(ColumnDef::new(Volume::WriteSpeedMbps).integer())
.col(ColumnDef::new(Volume::LastSpeedTestAt).timestamp_with_time_zone())
.foreign_key(
ForeignKey::create()
.from(Volume::Table, Volume::LibraryId)
.to(Library::Table, Library::Id)
.on_delete(ForeignKeyAction::Cascade)
)
.to_owned(),
)
.await?;
// Create index on fingerprint for fast lookups
manager
.create_index(
Index::create()
.table(Volume::Table)
.name("idx_volume_fingerprint_library")
.col(Volume::Fingerprint)
.col(Volume::LibraryId)
.unique()
.to_owned(),
)
.await?;
Ok(())
}
}
```
#### 1.2 Create SeaORM Entity
Create: `src/infrastructure/database/entities/volume.rs`
```rust
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Serialize, Deserialize)]
#[sea_orm(table_name = "volumes")]
pub struct Model {
#[sea_orm(primary_key)]
pub id: i32,
pub uuid: String,
pub fingerprint: String,
pub library_id: i32,
pub display_name: Option<String>,
pub tracked_at: DateTimeWithTimeZone,
pub last_seen_at: DateTimeWithTimeZone,
pub is_online: bool,
pub total_capacity: Option<i64>,
pub available_capacity: Option<i64>,
pub read_speed_mbps: Option<i32>,
pub write_speed_mbps: Option<i32>,
pub last_speed_test_at: Option<DateTimeWithTimeZone>,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(
belongs_to = "super::library::Entity",
from = "Column::LibraryId",
to = "super::library::Column::Id"
)]
Library,
}
impl Related<super::library::Entity> for Entity {
fn to() -> RelationDef {
Relation::Library.def()
}
}
impl ActiveModelBehavior for ActiveModel {}
// Domain model conversion
impl Model {
pub fn to_domain(&self) -> crate::volume::TrackedVolume {
crate::volume::TrackedVolume {
id: self.id,
uuid: Uuid::parse_str(&self.uuid).unwrap(),
fingerprint: VolumeFingerprint(self.fingerprint.clone()),
display_name: self.display_name.clone(),
tracked_at: self.tracked_at,
last_seen_at: self.last_seen_at,
is_online: self.is_online,
total_capacity: self.total_capacity.map(|c| c as u64),
available_capacity: self.available_capacity.map(|c| c as u64),
read_speed_mbps: self.read_speed_mbps.map(|s| s as u32),
write_speed_mbps: self.write_speed_mbps.map(|s| s as u32),
last_speed_test_at: self.last_speed_test_at,
}
}
}
```
### Phase 2: Update VolumeManager
#### 2.1 Add Database Operations
Update `src/volume/manager.rs`:
```rust
impl VolumeManager {
/// Track a volume in a library
pub async fn track_volume(
&self,
library: &Library,
fingerprint: &VolumeFingerprint,
display_name: Option<String>,
) -> Result<entities::volume::Model, VolumeError> {
let db = library.db().conn();
// Check if already tracked
if let Some(existing) = entities::volume::Entity::find()
.filter(entities::volume::Column::Fingerprint.eq(fingerprint.0.clone()))
.filter(entities::volume::Column::LibraryId.eq(library.id()))
.one(db)
.await
.map_err(|e| VolumeError::Database(e.to_string()))?
{
return Err(VolumeError::AlreadyTracked);
}
// Get current volume info
let volume = self.get_volume(fingerprint).await
.ok_or_else(|| VolumeError::NotFound(fingerprint.clone()))?;
// Create tracking record
let active_model = entities::volume::ActiveModel {
uuid: Set(Uuid::new_v4().to_string()),
fingerprint: Set(fingerprint.0.clone()),
library_id: Set(library.id()),
display_name: Set(display_name),
tracked_at: Set(chrono::Utc::now()),
last_seen_at: Set(chrono::Utc::now()),
is_online: Set(volume.is_mounted),
total_capacity: Set(Some(volume.total_bytes as i64)),
available_capacity: Set(Some(volume.total_bytes_available as i64)),
read_speed_mbps: Set(volume.read_speed_mbps.map(|s| s as i32)),
write_speed_mbps: Set(volume.write_speed_mbps.map(|s| s as i32)),
last_speed_test_at: Set(None),
..Default::default()
};
let model = active_model
.insert(db)
.await
.map_err(|e| VolumeError::Database(e.to_string()))?;
Ok(model)
}
/// Untrack a volume from a library
pub async fn untrack_volume(
&self,
library: &Library,
fingerprint: &VolumeFingerprint,
) -> Result<(), VolumeError> {
let db = library.db().conn();
let result = entities::volume::Entity::delete_many()
.filter(entities::volume::Column::Fingerprint.eq(fingerprint.0.clone()))
.filter(entities::volume::Column::LibraryId.eq(library.id()))
.exec(db)
.await
.map_err(|e| VolumeError::Database(e.to_string()))?;
if result.rows_affected == 0 {
return Err(VolumeError::NotTracked);
}
Ok(())
}
/// Get all volumes tracked in a library
pub async fn get_tracked_volumes(
&self,
library: &Library,
) -> Result<Vec<entities::volume::Model>, VolumeError> {
let db = library.db().conn();
let volumes = entities::volume::Entity::find()
.filter(entities::volume::Column::LibraryId.eq(library.id()))
.all(db)
.await
.map_err(|e| VolumeError::Database(e.to_string()))?;
Ok(volumes)
}
/// Update tracked volume state during refresh
pub async fn update_tracked_volume_state(
&self,
library: &Library,
fingerprint: &VolumeFingerprint,
volume: &Volume,
) -> Result<(), VolumeError> {
let db = library.db().conn();
let mut active_model: entities::volume::ActiveModel = entities::volume::Entity::find()
.filter(entities::volume::Column::Fingerprint.eq(fingerprint.0.clone()))
.filter(entities::volume::Column::LibraryId.eq(library.id()))
.one(db)
.await
.map_err(|e| VolumeError::Database(e.to_string()))?
.ok_or_else(|| VolumeError::NotTracked)?
.into();
active_model.last_seen_at = Set(chrono::Utc::now());
active_model.is_online = Set(volume.is_mounted);
active_model.total_capacity = Set(Some(volume.total_bytes as i64));
active_model.available_capacity = Set(Some(volume.total_bytes_available as i64));
active_model
.update(db)
.await
.map_err(|e| VolumeError::Database(e.to_string()))?;
Ok(())
}
}
```
### Phase 3: Update Volume Actions
#### 3.1 Track Action
Update `src/operations/volumes/track/handler.rs`:
```rust
match action {
Action::VolumeTrack { action } => {
// Get library
let library = context
.library_manager
.get_library(action.library_id)
.await
.ok_or_else(|| ActionError::LibraryNotFound(action.library_id))?;
// Track the volume
let tracked = context
.volume_manager
.track_volume(&library, &action.fingerprint, action.name.clone())
.await
.map_err(|e| match e {
VolumeError::AlreadyTracked => ActionError::InvalidInput(
"Volume is already tracked in this library".to_string()
),
VolumeError::NotFound(_) => ActionError::InvalidInput(
"Volume not found".to_string()
),
_ => ActionError::Internal(e.to_string()),
})?;
// Get volume info for the response
let volume = context
.volume_manager
.get_volume(&action.fingerprint)
.await
.ok_or_else(|| ActionError::InvalidInput("Volume not found".to_string()))?;
// Emit event
context.events.emit(Event::VolumeTracked {
library_id: action.library_id,
volume_fingerprint: action.fingerprint.clone(),
display_name: tracked.display_name.clone(),
}).await;
Ok(ActionOutput::VolumeTracked {
fingerprint: action.fingerprint,
library_id: action.library_id,
volume_name: tracked.display_name.unwrap_or(volume.name),
})
}
_ => Err(ActionError::InvalidActionType),
}
```
### Phase 4: Volume Refresh Integration
#### 4.1 Update refresh_volumes
In `src/volume/manager.rs`:
```rust
pub async fn refresh_volumes(&self) -> Result<(), VolumeError> {
let new_volumes = detect_volumes(&self.config)?;
// Update in-memory cache
let mut volumes = self.volumes.write().await;
let old_volumes = std::mem::replace(&mut *volumes, new_volumes);
// Detect changes and emit events
for new_vol in &*volumes {
if let Some(old_vol) = old_volumes.iter().find(|v| v.fingerprint == new_vol.fingerprint) {
// Check for changes
if old_vol.is_mounted != new_vol.is_mounted {
self.events.emit(Event::VolumeMountChanged {
fingerprint: new_vol.fingerprint.clone(),
is_mounted: new_vol.is_mounted,
}).await;
}
// Check capacity changes...
} else {
// New volume
self.events.emit(Event::VolumeAdded {
fingerprint: new_vol.fingerprint.clone(),
name: new_vol.name.clone(),
}).await;
}
}
// Update tracked volumes in all libraries
if let Some(library_manager) = self.library_manager.upgrade() {
for library in library_manager.get_all_libraries().await {
for tracked_volume in self.get_tracked_volumes(&library).await? {
if let Some(current_volume) = volumes.iter()
.find(|v| v.fingerprint.0 == tracked_volume.fingerprint)
{
self.update_tracked_volume_state(
&library,
&current_volume.fingerprint,
current_volume,
).await?;
}
}
}
}
Ok(())
}
```
### Phase 5: Background Service
#### 5.1 Create Volume Monitor Service
Create: `src/services/volume_monitor.rs`
```rust
use crate::{
services::{Service, ServiceError},
volume::VolumeManager,
};
use std::sync::Arc;
use tokio::sync::RwLock;
pub struct VolumeMonitorService {
volume_manager: Arc<VolumeManager>,
running: Arc<RwLock<bool>>,
handle: Arc<RwLock<Option<tokio::task::JoinHandle<()>>>>,
}
impl VolumeMonitorService {
pub fn new(volume_manager: Arc<VolumeManager>) -> Self {
Self {
volume_manager,
running: Arc::new(RwLock::new(false)),
handle: Arc::new(RwLock::new(None)),
}
}
}
#[async_trait::async_trait]
impl Service for VolumeMonitorService {
async fn start(&self) -> Result<(), ServiceError> {
let mut running = self.running.write().await;
if *running {
return Ok(());
}
*running = true;
let volume_manager = self.volume_manager.clone();
let running_flag = self.running.clone();
let handle = tokio::spawn(async move {
let mut interval = tokio::time::interval(std::time::Duration::from_secs(30));
while *running_flag.read().await {
interval.tick().await;
if let Err(e) = volume_manager.refresh_volumes().await {
tracing::error!("Failed to refresh volumes: {}", e);
}
}
});
*self.handle.write().await = Some(handle);
Ok(())
}
async fn stop(&self) -> Result<(), ServiceError> {
*self.running.write().await = false;
if let Some(handle) = self.handle.write().await.take() {
handle.abort();
}
Ok(())
}
async fn is_running(&self) -> bool {
*self.running.read().await
}
fn name(&self) -> &'static str {
"volume_monitor"
}
}
```
### Phase 6: Event System Updates
The volume events are already defined in `src/infrastructure/events/mod.rs`:
- `VolumeAdded`
- `VolumeRemoved`
- `VolumeUpdated`
- `VolumeSpeedTested`
- `VolumeMountChanged`
- `VolumeError`
- `VolumeTracked` (need to add)
- `VolumeUntracked` (need to add)
Add the tracking events:
```rust
/// Volume was tracked in a library
VolumeTracked {
library_id: Uuid,
volume_fingerprint: VolumeFingerprint,
display_name: Option<String>,
},
/// Volume was untracked from a library
VolumeUntracked {
library_id: Uuid,
volume_fingerprint: VolumeFingerprint,
},
```
## Testing Strategy
### Integration Tests
1. **Volume Tracking Test** (`tests/volume_tracking_test.rs`):
```rust
#[tokio::test]
async fn test_volume_tracking_persistence() {
let core = create_test_core().await;
let library = create_test_library(&core).await;
// Track a volume
let volume = core.volumes.get_all_volumes().await.first().cloned().unwrap();
let tracked = core.volumes.track_volume(
&library,
&volume.fingerprint,
Some("Test Volume".to_string())
).await.unwrap();
// Verify it's tracked
let tracked_volumes = core.volumes.get_tracked_volumes(&library).await.unwrap();
assert_eq!(tracked_volumes.len(), 1);
assert_eq!(tracked_volumes[0].fingerprint, volume.fingerprint.0);
// Untrack
core.volumes.untrack_volume(&library, &volume.fingerprint).await.unwrap();
// Verify it's untracked
let tracked_volumes = core.volumes.get_tracked_volumes(&library).await.unwrap();
assert_eq!(tracked_volumes.len(), 0);
}
```
## Migration Notes
1. The existing `VolumeManager` has TODO comments where database operations should go
2. The event system is already set up for volume events
3. The action system is ready for the volume actions
4. Follow the existing patterns in `LocationManager` for similar functionality
## Next Steps
1. Create the database migration
2. Create the SeaORM entity
3. Implement the database methods in VolumeManager
4. Update the action handlers
5. Add the volume monitor service
6. Write integration tests
## ActionOutput Design Note
The current implementation uses a centralized `ActionOutput` enum for all action results. This design decision has been investigated and the following findings were documented:
### Current State
- All action handlers return `ActionResult<ActionOutput>`
- ActionOutput serves multiple purposes:
- Provides standardized return type for all actions
- Gets serialized to JSON for audit logs (`result_payload`)
- Gets returned to CLI via `DaemonResponse::ActionOutput`
- Has both specific variants (VolumeTracked, VolumeUntracked, etc.) and a generic Custom variant
### Design Pattern
- Most actions define their own output struct implementing `ActionOutputTrait`
- They use `ActionOutput::from_trait()` to convert to the centralized enum
- This provides type safety while allowing flexibility
### Trade-offs
**Pros:**
- Centralized enum makes it easy to handle all outputs uniformly in infrastructure code
- Audit logging can serialize any action output
- CLI can display any action output consistently
- The `Custom` variant provides an escape hatch for actions that don't need specific handling
**Cons:**
- Central enum needs updating for each new action type
- Could become a maintenance burden as more actions are added
- Goes against open/closed principle
### Recommendation
The current approach is reasonable because:
1. It's already implemented and working across the codebase
2. Provides good type safety and pattern matching
3. Makes audit logging straightforward
4. The volume actions follow this established pattern with specific variants (VolumeTracked, VolumeUntracked, VolumeSpeedTested)
Any future refactoring to remove the centralized enum would require changes to:
- Audit log serialization
- CLI response handling
- Any code that pattern matches on specific output types

635
docs/core/design/WATCHER_VDFS_INTEGRATION.md
View File

@@ -1,635 +0,0 @@
# File Watcher VDFS Integration Design
## Overview
This document outlines how the cross-platform file watcher integrates with the core Virtual Distributed File System (VDFS), leveraging the new Entry-centric data model and SdPath addressing system.
## Key Differences from Original Implementation
### Original Spacedrive Architecture
- **FilePath-centric**: Files were primarily `file_path` records with optional `object` links
- **Content-first**: Required content hashing for full functionality
- **Prisma ORM**: Complex query patterns with extensive invalidation
- **Immediate indexing**: Heavy operations triggered on every file event
### core Architecture
- **Entry-centric**: Every file/directory is an `Entry` with mandatory `UserMetadata`
- **Metadata-first**: User metadata (tags, notes) available immediately
- **SeaORM**: Modern Rust ORM with better performance patterns
- **Progressive indexing**: Lightweight discovery → optional content indexing → deep analysis
## Integration Architecture
### 1. Event Flow Overview
```
File System Event → Platform Handler → Direct Database Operations → Event Bus
```
**Detailed Flow:**
1. **File system events** detected by platform-specific handlers (FSEvents, inotify, etc.)
2. **Platform handler** filters and processes events (debouncing, rename correlation)
3. **Direct database operations** immediately create/update Entry and UserMetadata records
4. **Event bus** notifies other systems of changes
5. **Background tasks** (spawned, not job system) handle heavy operations like thumbnails
**Key Principle**: Following the original implementation, file system events trigger **immediate database updates**, not job scheduling. This ensures real-time consistency between the file system and database state.
### 2. Database Operations by Event Type
#### CREATE Events
```rust
async fn handle_file_created(
sd_path: SdPath,
library_id: Uuid,
db: &DatabaseConnection
) -> Result<Entry> {
// 1. Get filesystem metadata
let metadata = tokio::fs::metadata(sd_path.as_local_path()?).await?;
// 2. Check for existing Entry (handle duplicates/race conditions)
if let Some(existing) = find_entry_by_sdpath(&sd_path, db).await? {
return Ok(existing);
}
// 3. Create Entry record
let entry_id = Uuid::new_v7();
let metadata_id = Uuid::new_v7();
let entry = entry::ActiveModel {
id: Set(entry_id),
uuid: Set(Uuid::new_v4()), // Public UUID for API
device_id: Set(sd_path.device_id()),
path: Set(sd_path.path().to_string()),
library_id: Set(Some(library_id)),
name: Set(sd_path.file_name().unwrap_or_default()),
kind: Set(if metadata.is_dir() {
EntryKind::Directory
} else {
EntryKind::File {
extension: sd_path.extension().map(|s| s.to_string())
}
}),
size: Set(if metadata.is_dir() { None } else { Some(metadata.len()) }),
created_at: Set(metadata.created().ok().map(|t| t.into())),
modified_at: Set(metadata.modified().ok().map(|t| t.into())),
metadata_id: Set(metadata_id),
content_id: Set(None), // Will be set during indexing
// ... other fields
};
// 4. Create UserMetadata record
let user_metadata = user_metadata::ActiveModel {
id: Set(metadata_id),
tags: Set(vec![]),
labels: Set(vec![]),
notes: Set(None),
favorite: Set(false),
hidden: Set(false),
// ... other fields
};
// 5. Insert both in transaction
let txn = db.begin().await?;
let entry = entry.insert(&txn).await?;
user_metadata.insert(&txn).await?;
txn.commit().await?;
// 6. Generate content identity immediately (following original pattern)
if should_index_content(&sd_path) {
if let Ok(cas_id) = generate_cas_id(&sd_path).await {
let content_identity = find_or_create_content_identity(cas_id, &txn).await?;
// Link entry to content
entry.content_id = Set(Some(content_identity.id));
entry.save(&txn).await?;
// Spawn background task for heavy operations (thumbnails, media extraction)
let sd_path_clone = sd_path.clone();
let entry_id = entry.id.clone();
tokio::spawn(async move {
if let Err(e) = generate_thumbnails(&sd_path_clone, entry_id).await {
tracing::warn!("Thumbnail generation failed: {}", e);
}
if let Err(e) = extract_media_metadata(&sd_path_clone, entry_id).await {
tracing::warn!("Media extraction failed: {}", e);
}
});
}
}
Ok(entry)
}
```
#### MODIFY Events
```rust
async fn handle_file_modified(
sd_path: SdPath,
db: &DatabaseConnection
) -> Result<Option<Entry>> {
// 1. Find existing Entry
let entry = match find_entry_by_sdpath(&sd_path, db).await? {
Some(entry) => entry,
None => {
// File was modified but we don't know about it yet
// This can happen during rapid file operations
return handle_file_created(sd_path, library_id, db).await.map(Some);
}
};
// 2. Update basic metadata
let metadata = tokio::fs::metadata(sd_path.as_local_path()?).await?;
let mut active_entry: entry::ActiveModel = entry.into();
active_entry.size = Set(if metadata.is_dir() { None } else { Some(metadata.len()) });
active_entry.modified_at = Set(metadata.modified().ok().map(|t| t.into()));
// 3. Handle content changes immediately
if let Some(content_id) = entry.content_id {
// File had content identity - check if content actually changed
if let Ok(new_cas_id) = generate_cas_id(&sd_path).await {
let old_content = get_content_identity(content_id, db).await?;
if old_content.cas_id != new_cas_id {
// Content changed - create or link to new content identity
let new_content = find_or_create_content_identity(new_cas_id, db).await?;
active_entry.content_id = Set(Some(new_content.id));
// Update reference counts
decrease_content_reference_count(content_id, db).await?;
increase_content_reference_count(new_content.id, db).await?;
// Spawn background task for re-generating thumbnails/media data
let sd_path_clone = sd_path.clone();
let entry_id = entry.id;
tokio::spawn(async move {
let _ = regenerate_media_data(&sd_path_clone, entry_id).await;
});
}
}
} else if should_index_content(&sd_path) {
// File didn't have content identity but should be indexed now
if let Ok(cas_id) = generate_cas_id(&sd_path).await {
let content_identity = find_or_create_content_identity(cas_id, db).await?;
active_entry.content_id = Set(Some(content_identity.id));
}
}
// 4. Update Entry
let updated_entry = active_entry.update(db).await?;
Ok(Some(updated_entry))
}
```
#### RENAME/MOVE Events
```rust
async fn handle_file_moved(
old_path: SdPath,
new_path: SdPath,
db: &DatabaseConnection
) -> Result<Option<Entry>> {
// 1. Find existing Entry by old path
let entry = find_entry_by_sdpath(&old_path, db).await?;
let entry = match entry {
Some(entry) => entry,
None => {
// Entry doesn't exist - treat as create
return handle_file_created(new_path, library_id, db).await.map(Some);
}
};
// 2. Update path information
let mut active_entry: entry::ActiveModel = entry.into();
active_entry.device_id = Set(new_path.device_id());
active_entry.path = Set(new_path.path().to_string());
active_entry.name = Set(new_path.file_name().unwrap_or_default());
// Update extension if it changed
if let EntryKind::File { extension } = &entry.kind {
let new_extension = new_path.extension().map(|s| s.to_string());
if extension != &new_extension {
active_entry.kind = Set(EntryKind::File { extension: new_extension });
}
}
// 3. Handle directory moves (update all children)
if matches!(entry.kind, EntryKind::Directory) {
update_child_paths_recursively(entry.id, &old_path, &new_path, db).await?;
}
// 4. Update parent relationship
if let Some(parent_path) = new_path.parent() {
if let Some(parent_entry) = find_entry_by_sdpath(&parent_path, db).await? {
active_entry.parent_id = Set(Some(parent_entry.id));
}
}
// 5. Update Entry
let updated_entry = active_entry.update(db).await?;
// Note: UserMetadata and ContentIdentity remain unchanged during moves
// This preserves tags, notes, and deduplication relationships
Ok(Some(updated_entry))
}
```
#### DELETE Events
```rust
async fn handle_file_deleted(
sd_path: SdPath,
db: &DatabaseConnection
) -> Result<()> {
// 1. Find Entry
let entry = match find_entry_by_sdpath(&sd_path, db).await? {
Some(entry) => entry,
None => return Ok(()), // Already deleted or never existed
};
// 2. Handle directory deletion (recursive)
if matches!(entry.kind, EntryKind::Directory) {
delete_children_recursively(entry.id, db).await?;
}
// 3. Check ContentIdentity reference count
if let Some(content_id) = entry.content_id {
decrease_content_reference_count(content_id, db).await?;
}
// 4. Delete Entry (UserMetadata is deleted via cascade)
entry::Entity::delete_by_id(entry.id).execute(db).await?;
Ok(())
}
async fn decrease_content_reference_count(
content_id: Uuid,
db: &DatabaseConnection
) -> Result<()> {
// 1. Count remaining entries with this content
let remaining_count = entry::Entity::find()
.filter(entry::Column::ContentId.eq(content_id))
.count(db)
.await? as u32;
// 2. Update ContentIdentity
if remaining_count == 0 {
// No more entries reference this content - delete it
content_identity::Entity::delete_by_id(content_id).execute(db).await?;
} else {
// Update reference count
let mut active_content: content_identity::ActiveModel =
content_identity::Entity::find_by_id(content_id)
.one(db)
.await?
.unwrap()
.into();
active_content.entry_count = Set(remaining_count);
active_content.update(db).await?;
}
Ok(())
}
```
### 3. Background Task Handling
Following the original approach, heavy operations are handled via spawned tasks, not the job system:
```rust
/// Generate thumbnails in background (original pattern)
async fn generate_thumbnails(sd_path: &SdPath, entry_id: Uuid) -> Result<()> {
let file_path = sd_path.as_local_path()?;
// Check if file is a supported media type
if !is_thumbnail_supported(&file_path) {
return Ok(());
}
// Generate thumbnail (this can be slow)
let thumbnail_data = create_thumbnail(&file_path).await?;
// Save thumbnail to storage
let thumbnail_path = get_thumbnail_path(entry_id);
save_thumbnail(thumbnail_path, thumbnail_data).await?;
// Update entry with thumbnail info
update_entry_thumbnail_info(entry_id, true).await?;
Ok(())
}
/// Extract media metadata in background (original pattern)
async fn extract_media_metadata(sd_path: &SdPath, entry_id: Uuid) -> Result<()> {
let file_path = sd_path.as_local_path()?;
// Extract metadata based on file type
let media_data = match get_file_type(&file_path) {
FileType::Image => extract_exif_data(&file_path).await?,
FileType::Video => extract_ffmpeg_metadata(&file_path).await?,
FileType::Audio => extract_audio_metadata(&file_path).await?,
_ => return Ok(()), // Not a media file
};
// Update content identity with media data
update_content_media_data(entry_id, media_data).await?;
Ok(())
}
/// Directory scanning - this one actually uses the job system like original
async fn spawn_directory_scan(location_id: Uuid, path: SdPath) {
// Wait 1 second like original to avoid scanning rapidly changing directories
tokio::time::sleep(Duration::from_secs(1)).await;
// Trigger location sub-path scan job (this part uses job system)
if let Err(e) = trigger_location_scan_job(location_id, path).await {
tracing::error!("Failed to trigger directory scan job: {}", e);
}
}
```
### 4. Location Integration
File watchers operate within the context of indexed Locations:
```rust
impl LocationWatcher {
async fn add_location_to_watcher(&self, location: &Location) -> Result<()> {
let sd_path = SdPath::from_serialized(&location.device_id, &location.path)?;
let watched_location = WatchedLocation {
id: location.id,
library_id: location.library_id,
path: sd_path.as_local_path()?.to_path_buf(),
enabled: location.watch_enabled,
index_mode: location.index_mode,
};
self.add_location(watched_location).await?;
// Emit event
self.events.emit(Event::LocationWatchingStarted {
library_id: location.library_id,
location_id: location.id,
});
Ok(())
}
}
```
### 5. Event Bus Integration
The watcher emits detailed events for real-time UI updates:
```rust
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum Event {
// Existing events...
// Enhanced file system events
EntryCreated {
library_id: Uuid,
entry_id: Uuid,
entry_uuid: Uuid, // Public UUID for frontend
sd_path: String, // Serialized SdPath
kind: EntryKind,
},
EntryModified {
library_id: Uuid,
entry_id: Uuid,
entry_uuid: Uuid,
changes: EntryChanges, // What specifically changed
},
EntryDeleted {
library_id: Uuid,
entry_id: Uuid,
entry_uuid: Uuid,
sd_path: String, // Path before deletion
},
EntryMoved {
library_id: Uuid,
entry_id: Uuid,
entry_uuid: Uuid,
old_path: String,
new_path: String,
},
// Content indexing events
ContentIndexingStarted { entry_id: Uuid },
ContentIndexingCompleted {
entry_id: Uuid,
content_id: Option<Uuid>, // None if no unique content found
is_duplicate: bool,
},
ContentIndexingFailed {
entry_id: Uuid,
error: String
},
// Location watching events
LocationWatchingStarted { library_id: Uuid, location_id: Uuid },
LocationWatchingPaused { library_id: Uuid, location_id: Uuid },
LocationWatchingError { library_id: Uuid, location_id: Uuid, error: String },
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct EntryChanges {
pub size_changed: bool,
pub modified_time_changed: bool,
pub content_changed: bool,
pub metadata_updated: bool,
}
```
### 6. Error Handling and Resilience
```rust
impl WatcherDatabaseOperations {
async fn handle_database_error(&self, error: DbErr, sd_path: &SdPath) -> Result<()> {
match error {
DbErr::RecordNotFound(_) => {
// Entry doesn't exist - retry as creation
self.handle_file_created(sd_path.clone()).await
}
DbErr::Exec(sqlx_error) if sqlx_error.to_string().contains("UNIQUE constraint") => {
// Duplicate entry - this is okay, ignore
Ok(())
}
_ => {
// Other errors - emit error event and continue
self.events.emit(Event::WatcherError {
location_id: self.location_id,
error: error.to_string(),
path: sd_path.to_string(),
});
Err(error.into())
}
}
}
}
```
### 7. Performance Optimizations
#### Batch Operations
```rust
impl WatcherDatabaseOperations {
async fn flush_pending_operations(&self) -> Result<()> {
let pending = self.pending_operations.lock().await;
if pending.is_empty() {
return Ok(());
}
// Group operations by type for efficient batch processing
let creates: Vec<_> = pending.iter().filter_map(|op| {
if let PendingOperation::Create(path) = op { Some(path) } else { None }
}).collect();
let updates: Vec<_> = pending.iter().filter_map(|op| {
if let PendingOperation::Update(id, changes) = op { Some((id, changes)) } else { None }
}).collect();
// Batch insert entries
if !creates.is_empty() {
self.batch_create_entries(creates).await?;
}
// Batch update entries
if !updates.is_empty() {
self.batch_update_entries(updates).await?;
}
Ok(())
}
}
```
#### Debouncing Strategy
```rust
struct WatcherDebouncer {
pending_events: HashMap<PathBuf, (WatcherEvent, Instant)>,
debounce_duration: Duration,
}
impl WatcherDebouncer {
async fn process_event(&mut self, event: WatcherEvent) -> Option<WatcherEvent> {
let path = event.primary_path()?.clone();
let now = Instant::now();
// Check if we have a recent event for this path
if let Some((_, last_time)) = self.pending_events.get(&path) {
if now.duration_since(*last_time) < self.debounce_duration {
// Update the event and reset timer
self.pending_events.insert(path, (event, now));
return None; // Event is debounced
}
}
// Event should be processed
self.pending_events.insert(path, (event.clone(), now));
Some(event)
}
}
```
## Benefits of core Integration
### 1. **Immediate Database Consistency**
- File system changes immediately reflected in database (like original)
- Entry + UserMetadata records created synchronously
- Content identity generated on-the-fly when possible
- Real-time consistency between file system and database state
### 2. **True VDFS Support**
- SdPath enables cross-device file operations
- UserMetadata survives file moves/renames
- ContentIdentity provides global deduplication
- Cross-device operations work seamlessly
### 3. **Separated Concerns**
- Core database operations happen immediately (critical path)
- Heavy operations (thumbnails, media extraction) spawn in background
- Directory scanning uses job system for complex indexing operations
- Performance-critical path remains fast and responsive
### 4. **Enhanced Reliability**
- Follows proven original architecture patterns
- Atomic database transactions prevent partial states
- Platform-specific optimizations for edge cases
- Graceful degradation when background tasks fail
### 5. **Better Performance**
- Direct database operations are faster than job overhead
- Smart debouncing prevents duplicate work
- Background tasks don't block file system event processing
- Event-driven architecture provides real-time UI updates
## Future Enhancements
### 1. **Conflict Resolution**
When the same file is modified on multiple devices:
```rust
async fn resolve_content_conflict(
entry_a: &Entry,
entry_b: &Entry
) -> ConflictResolution {
if entry_a.content_id == entry_b.content_id {
return ConflictResolution::NoConflict;
}
// User choice, timestamp-based, or content-aware resolution
ConflictResolution::UserChoice {
options: vec![entry_a.clone(), entry_b.clone()],
suggested: suggest_resolution(entry_a, entry_b).await,
}
}
```
### 2. **Smart Indexing**
Machine learning to predict which files should be indexed:
```rust
async fn should_index_content_ml(entry: &Entry) -> bool {
let features = extract_features(entry);
ml_model.predict(features).await > INDEXING_THRESHOLD
}
```
### 3. **Version History**
Track file content changes over time:
```rust
struct ContentVersion {
id: Uuid,
content_id: Uuid,
cas_id: String,
created_at: DateTime<Utc>,
size: u64,
}
```
This design provides a robust foundation for real-time file system monitoring while maintaining the flexibility and performance characteristics of the core architecture.

120
docs/core/design/WHITEPAPER_IMPL_ROADMAP.md
View File

@@ -1,120 +0,0 @@
Of course. Based on the V2 whitepaper, your design documents, and the current state of the codebase, here is a clear development roadmap to align the implementation with the full architectural vision.
This roadmap is sequenced to build foundational layers first, ensuring that complex features like AI and Sync are built on a stable and complete core.
Phase 1: Solidify the Core VDFS Foundation
This phase focuses on critical refactoring and completing the core data models. These changes are foundational and will impact almost every other part of the system, so they must be done first to avoid significant rework later.
1. Implement Closure Table Indexing:
Action: Refactor the database schema to replace the current materialized path storage with a closure table for hierarchical data.
Reasoning: This is a major architectural change that will dramatically improve the performance of all hierarchical queries (e.g., directory listings, subtree traversals, aggregate calculations), transforming them from O(N) string matches to O(1) indexed lookups. This is a prerequisite for a scalable system.
2. Finalize At-Rest Library Encryption:
Action: Implement the full library database encryption using SQLCipher. Derive keys from user passwords via PBKDF2 with unique per-library salts, as detailed in the design document.
Reasoning: Security must be built-in, not bolted on. Completing this now ensures all subsequent features operate on an encrypted-by-default storage layer.
3. Implement Native Storage Tiering Model:
Action: Enhance the Volume and Location data models to include PhysicalClass and LogicalClass properties, respectively. Implement the logic to determine the EffectiveStorageClass.
Reasoning: This provides the core system (Action System, Path Resolver) with a crucial understanding of storage capabilities, enabling intelligent warnings and performance optimizations.
4. Enhance the Indexing and Job Systems:
Action: Extend the existing indexing pipeline to fully realize the five phases described in the whitepaper: Discovery, Processing, Aggregation, Content ID, and Intelligence Queueing.
Reasoning: The Intelligence Queueing phase is the critical integration point for the future AI layer. It decouples core indexing from slower, AI-powered analysis jobs (like OCR or transcription), making the system more modular and resilient.
Phase 2: Implement Core Distributed Capabilities
With the local foundation solidified, this phase focuses on making Spacedrive a true distributed system by building the networking and synchronization layers from the ground up.
1. Build the Library Sync Module:
Action: Develop the Library Sync module based on the principles in SYNC_DESIGN.md. Implement the domain separation strategy: Index Sync (device authority), User Metadata Sync (union-merge), and File Operations (explicit actions).
Reasoning: This pragmatic approach avoids the "analysis paralysis" of overly complex CRDTs and provides tailored, effective conflict resolution for different data types. It is the heart of multi-device consistency.
2. Establish Robust P2P Networking with Iroh:
Action: Fully leverage the Iroh stack to handle all P2P communication. This includes implementing device discovery, achieving high-success-rate NAT traversal, and securing all transport with QUIC/TLS 1.3.
Reasoning: A single, unified networking layer is more reliable and maintainable than fragmented solutions. This provides the stable connections that Library Sync relies upon.
3. Develop Spacedrop for Ephemeral Sharing:
Action: Build the Spacedrop ephemeral file-sharing protocol on top of the Iroh networking layer, ensuring each transfer uses ephemeral keys for perfect forward secrecy.
Reasoning: This feature leverages the P2P foundation to provide a key user-facing capability (similar to AirDrop) and validates the flexibility of the networking stack.
Phase 3: Build the Intelligence Layer (AI-Native)
Now that data is reliably indexed and synchronized, you can build the intelligence features that make Spacedrive truly unique.
1. Implement Temporal-Semantic Search:
Action: Build the two-stage search architecture. First, implement fast temporal filtering using SQLite's FTS5. Second, integrate a lightweight embedding model (e.g., all-MiniLM-L6-v2) to create and query vector embeddings for semantic re-ranking.
Reasoning: This hybrid approach provides the speed of keyword search with the power of semantic understanding, achieving sub-100ms queries on consumer hardware as specified in the whitepaper.
2. Implement Extension-Based Agent System:
Action: Build the WASM extension runtime and SDK that enables specialized AI agents. This includes the agent context, memory systems (Temporal, Associative, Working), event subscription mechanism, and integration with the job system.
Reasoning: This provides the foundation for domain-specific intelligence through secure, sandboxed extensions. Each agent (Photos, Finance, Storage, etc.) can maintain its own knowledge base and react to VDFS events while using the same safe, transactional primitives as human users.
3. Implement the Virtual Sidecar System:
Action: Create the mechanism for generating and managing derivative data (thumbnails, OCR text, transcripts) within the .sdlibrary package, linking them to the original Entry without modifying the source file.
Reasoning: This system is the foundation for file intelligence. It provides the raw material (e.g., extracted text) that the search and AI agents need to function, while preserving the integrity of user files.
4. Integrate Local and Cloud AI Providers:
Action: Build a flexible AI provider interface. Prioritize integration with Ollama for local, privacy-first processing. Then, add support for cloud-based AI services with clear user consent and data handling policies.
Reasoning: This fulfills the whitepaper's promise of a privacy-first AI architecture, giving users complete control over where their data is processed.
Phase 4: Enhance User-Facing Features & Extensibility
With the core, distributed, and AI layers in place, this phase focuses on delivering the advanced capabilities and ecosystem integrations promised in the whitepaper.
1. Enhance the Transactional Action System:
Action: Fully implement the "preview-before-commit" simulation engine. Ensure every action can be pre-visualized, showing the exact outcome (space savings, conflicts, etc.) before it is committed to the durable job queue.
Reasoning: This is a cornerstone of Spacedrive's user experience, providing safety, transparency, and control over all file operations.
2. Build the Native Cloud Service Architecture:
Action: Develop the deployment model where a "Cloud Core" runs as a standard, containerized Spacedrive peer. All interactions should use the existing P2P protocols, requiring no custom cloud API.
Reasoning: This elegant architecture provides cloud convenience without sacrificing the local-first security model, demonstrating the power and flexibility of the VDFS design.
3. Implement the WASM Plugin System:
Action: Develop the WebAssembly-based plugin host. Expose a secure, capability-based VDFS API to the WASM sandbox, allowing for extensions like custom content type handlers and third-party cloud storage integrations.
Reasoning: This provides a safe and portable way to extend Spacedrive's functionality, fostering a community ecosystem without compromising the stability of the core system.
Phase 5: Harden for Production and Enterprise
The final phase focuses on the security, management, and scalability features required for a robust, multi-user production environment.
1. Implement Role-Based Access Control (RBAC):
Action: Build the RBAC system on top of the centralized Action System, enabling granular permissions for team and enterprise collaboration.
Reasoning: This is essential for any multi-user or enterprise deployment and relies on the Action System being complete.
2. Create a Cryptographically Immutable Audit Trail:
Action: Enhance the audit logging system to be cryptographically chained (e.g., using hashes of previous entries), making it tamper-proof.
Reasoning: This provides the strong security and compliance guarantees required for enterprise use cases.
3. Performance Tuning and Benchmarking:
Action: Conduct comprehensive performance testing to ensure the implementation meets or exceeds the benchmarks laid out in the whitepaper (e.g., indexing throughput, search latency, memory usage).
Reasoning: This validates that the architectural goals have been met in practice and ensures a smooth user experience at scale.

353
docs/core/design/action-metadata-for-jobs.md
View File

@@ -1,353 +0,0 @@
# Universal Action Metadata for Jobs
**Status**: Draft
**Author**: AI Assistant
**Date**: 2024-12-19
**Related Issues**: Job progress events lack context about originating actions
## Summary
This design introduces a universal system for tracking the action that spawned each job, providing rich contextual metadata throughout the job lifecycle. Instead of job-specific solutions (like adding location data only to indexer jobs), this creates a unified approach that works across all job types.
## Problem Statement
Currently, jobs lose connection to their originating action context once dispatched:
- **Limited Context**: Progress events show "Indexing..." but not "Indexing Documents (added location)"
- **No Audit Trail**: Can't trace jobs back to the user action that created them
- **Poor UX**: Generic progress messages instead of contextual information
- **Debugging Difficulty**: Hard to correlate job failures with user actions
### Example Problem
Current indexer progress event:
```json
{
"job_type": "indexer",
"progress": 0.99,
"message": "Finalizing (3846/3877)",
"metadata": {
"phase": "Finalizing",
// No information about what action triggered this
}
}
```
## Design Goals
1. **Universal**: Works for all job types (indexing, copying, thumbnails, etc.)
2. **Rich Context**: Preserve full action information including inputs and metadata
3. **Backward Compatible**: Doesn't break existing code or APIs
4. **Performance**: Minimal overhead for job dispatch and execution
5. **Extensible**: Easy to add new action types and context fields
6. **Auditable**: Complete trail from user action → job → results
## Architecture
### Core Components
#### 1. ActionContext Structure
```rust
#[derive(Debug, Clone, Serialize, Deserialize, Type)]
pub struct ActionContext {
/// The action type that spawned this job
pub action_type: String, // e.g., "locations.add", "indexing.scan"
/// When the action was initiated
pub initiated_at: DateTime<Utc>,
/// User/session that triggered the action (if available)
pub initiated_by: Option<String>,
/// The original action input (sanitized for security)
pub action_input: serde_json::Value,
/// Additional action-specific context
pub context: serde_json::Value,
}
```
#### 2. Enhanced Job Database Schema
Add action metadata to job records:
```rust
// In core/src/infra/job/database.rs
pub struct Model {
// ... existing fields ...
/// Serialized ActionContext
pub action_context: Option<Vec<u8>>,
/// Action type for efficient querying
pub action_type: Option<String>,
}
```
#### 3. ActionContextProvider Trait
```rust
pub trait ActionContextProvider {
fn create_action_context(&self) -> ActionContext;
fn action_type_name() -> &'static str;
}
```
### Data Flow
```
User Action (CLI/API/UI)
Action::execute()
Create ActionContext
JobManager::dispatch_with_action(job, context)
Store in Job Database
Job Progress Events include ActionContext
Rich UI/API responses
```
## Implementation Plan
### Phase 1: Core Infrastructure (Week 1)
1. **Create ActionContext struct**
- `core/src/infra/action/context.rs`
- Add to action module exports
2. **Database Migration**
- Add `action_context` and `action_type` fields to jobs table
- Create migration script
3. **Enhance JobManager**
- Add `dispatch_with_action()` method
- Update job creation to store action context
- Maintain backward compatibility
### Phase 2: Action Integration (Week 2)
1. **Implement ActionContextProvider**
- Start with high-value actions: `locations.add`, `indexing.scan`
- Add context creation for each action type
2. **Update Action Execution**
- Modify action `execute()` methods to use action-aware dispatch
- Preserve existing dispatch for backward compatibility
### Phase 3: Job Enhancement (Week 2)
1. **Progress Metadata Enhancement**
- Include action context in job progress metadata
- Update `ToGenericProgress` implementations
2. **Job Context Propagation**
- Pass action context through job execution lifecycle
- Include in job resumption after restart
### Phase 4: API & UI (Week 3)
1. **TypeScript Type Generation**
- Update specta types for new ActionContext
- Generate Swift types for companion app
2. **Enhanced Progress Events**
- Rich job descriptions based on action context
- Better UI labels and progress messages
## Expected Outcomes
### Enhanced Progress Events
**Before:**
```json
{
"job_type": "indexer",
"message": "Finalizing (3846/3877)"
}
```
**After:**
```json
{
"job_type": "indexer",
"message": "Finalizing Documents scan (3846/3877)",
"metadata": {
"action_context": {
"action_type": "locations.add",
"initiated_at": "2024-12-19T10:30:00Z",
"action_input": {
"path": "/Users/james/Documents",
"name": "Documents",
"mode": "deep"
},
"context": {
"location_id": "550e8400-e29b-41d4-a716-446655440000",
"operation": "add_location"
}
}
}
}
```
### Action-Specific Examples
#### Location Addition
```json
{
"action_type": "locations.add",
"action_input": {
"path": "/Users/james/Documents",
"name": "Documents",
"mode": "deep"
},
"context": {
"location_id": "uuid-here",
"device_id": "device-uuid",
"operation": "add_location"
}
}
```
#### Manual Indexing
```json
{
"action_type": "indexing.scan",
"action_input": {
"paths": ["/home/user/photos"],
"mode": "content"
},
"context": {
"trigger": "cli_command",
"operation": "manual_scan"
}
}
```
#### File Operations
```json
{
"action_type": "files.copy",
"action_input": {
"sources": ["/path/to/file1", "/path/to/file2"],
"destination": "/target/path"
},
"context": {
"operation": "copy_files",
"conflict_resolution": "skip"
}
}
```
## Benefits
### For Users
- **Better Progress Messages**: "Indexing Documents (added location)" vs "Indexing"
- **Context Awareness**: Know why a job is running
- **Troubleshooting**: Understand what action caused issues
### For Developers
- **Complete Audit Trail**: Trace any job back to its originating action
- **Debugging**: Clear causation chain for failures
- **Analytics**: Track which actions generate the most work/failures
### For UIs
- **Rich Display**: Show meaningful job descriptions
- **Smart Filtering**: Group/filter jobs by action type
- **Better UX**: Context-aware progress indication
## Migration & Compatibility
### Backward Compatibility
- `action_context` field is optional in database
- Existing jobs without context continue working normally
- New dispatch methods don't break existing code
### Gradual Adoption
- Actions can implement `ActionContextProvider` incrementally
- Default to existing dispatch for non-enhanced actions
- Progressive enhancement of job descriptions
### Performance Impact
- **Negligible**: ActionContext is small (~100-200 bytes)
- **One-time Cost**: Context created once at job dispatch
- **Query Optimization**: `action_type` field indexed for fast filtering
## Alternative Approaches Considered
### Job-Specific Metadata (e.g., location-only)
- **Limited Scope**: Only works for specific job types
- **Repetitive**: Need different solutions for each job type
- **Maintenance**: Multiple metadata systems to maintain
### Action Logging Separate from Jobs
- **Disconnected**: Hard to correlate actions with jobs
- **Complex Queries**: Need joins across multiple systems
- **Performance**: Additional overhead for correlation
### Universal Action Context (Chosen)
- **Comprehensive**: Works for all current and future job types
- **Unified**: Single system for all action→job relationships
- **Extensible**: Easy to add new action types and context
- **Performance**: Efficient storage and retrieval
## Security Considerations
### Input Sanitization
- Action inputs may contain sensitive data (file paths, user names)
- Implement input sanitization before storing in `action_input`
- Consider separate field for display-safe context
### Access Control
- Action context inherits same access controls as job data
- No additional security surface introduced
- User context (`initiated_by`) respects existing session management
## Future Enhancements
### Phase 2 Features
- **Job Grouping**: Group related jobs by action context
- **Action Replay**: Re-execute failed actions with same context
- **Smart Retry**: Context-aware retry logic for failed jobs
### Analytics & Insights
- **Action Success Rates**: Track which actions fail most often
- **Performance Analysis**: Measure action→job completion times
- **Usage Patterns**: Understand user behavior through action data
### Enhanced UI Features
- **Action-Based Views**: Filter job queues by originating action
- **Context Tooltips**: Rich hover information for jobs
- **Progress Narratives**: Story-like progress descriptions
## Implementation Files
### New Files
- `core/src/infra/action/context.rs` - ActionContext struct and traits
- `docs/core/design/action-metadata-for-jobs.md` - This design document
### Modified Files
- `core/src/infra/job/database.rs` - Schema updates
- `core/src/infra/job/manager.rs` - Enhanced dispatch methods
- `core/src/infra/job/generic_progress.rs` - Metadata enhancement
- `core/src/ops/*/action.rs` - ActionContextProvider implementations
### Migration Files
- `migrations/YYYY-MM-DD-add-action-context-to-jobs.sql` - Database migration
## Success Metrics
- [ ] All major actions provide rich context (locations, indexing, files)
- [ ] Job progress events include meaningful action descriptions
- [ ] UI displays contextual job information
- [ ] Zero performance regression in job dispatch/execution
- [ ] Backward compatibility maintained for all existing code
---
This design provides a comprehensive, extensible foundation for job-action relationships that will improve user experience, debugging capabilities, and system observability across the entire Spacedrive platform.

921
docs/core/design/agents/AGENT_ARCHITECTURE_ANALYSIS.md
View File

@@ -1,921 +0,0 @@
# Agent Architecture Analysis from Production Rust Projects
This document analyzes three production Rust AI agent frameworks to extract patterns and best practices for Spacedrive's extension-based agent system.
## Projects Analyzed
1. **ccswarm** (v0.3.7) - Multi-agent orchestration system
2. **rust-agentai** (0.1.5) - Lightweight agent library with tool support
3. **rust-deep-agents-sdk** (0.0.1) - Deep agents with middleware and HITL
---
## Key Architectural Patterns
### 1. **Agent Core Traits**
All three projects use trait-based abstractions for agents:
#### rust-deep-agents-sdk Pattern (Most Comprehensive)
```rust
#[async_trait]
pub trait AgentHandle: Send + Sync {
async fn describe(&self) -> AgentDescriptor;
async fn handle_message(
&self,
input: AgentMessage,
state: Arc<AgentStateSnapshot>,
) -> anyhow::Result<AgentMessage>;
async fn handle_message_stream(
&self,
input: AgentMessage,
state: Arc<AgentStateSnapshot>,
) -> anyhow::Result<AgentStream>;
async fn current_interrupt(&self) -> anyhow::Result<Option<AgentInterrupt>>;
async fn resume_with_approval(&self, action: HitlAction) -> anyhow::Result<AgentMessage>;
}
```
**Key Insights:**
- **Streaming support** is first-class (not an afterthought)
- **Interrupt/HITL** baked into core trait (for human-in-the-loop)
- **State is immutable Arc** - agents don't own state
- **Async all the way** - no blocking operations
#### ccswarm Pattern (Status Machine)
```rust
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub enum AgentStatus {
Initializing,
Available,
Working,
WaitingForReview,
Error(String),
ShuttingDown,
}
```
**Key Insight:** Explicit lifecycle states make debugging easier and enable better orchestration.
---
### 2. **State Management**
#### rust-deep-agents-sdk Approach (Best Practice)
```rust
#[derive(Debug, Default, Clone, Serialize, Deserialize)]
pub struct AgentStateSnapshot {
pub todos: Vec<TodoItem>,
pub files: BTreeMap<String, String>,
pub scratchpad: BTreeMap<String, serde_json::Value>,
pub pending_interrupts: Vec<AgentInterrupt>,
}
impl AgentStateSnapshot {
// Smart merging with domain-specific logic
pub fn merge(&mut self, other: AgentStateSnapshot) {
self.files.extend(other.files); // Dictionary merge
if !other.todos.is_empty() {
self.todos = other.todos; // Replace if non-empty
}
self.scratchpad.extend(other.scratchpad);
}
}
```
**Key Insights:**
- State is **immutable snapshot** (not live reference)
- **BTreeMap for deterministic ordering** (important for replays)
- **Custom merge logic** per field type
- **Scratchpad pattern**: Generic JSON storage for flexible state
**Spacedrive Application:**
```rust
// For Photos extension
pub struct PhotosMind {
history: TemporalMemory<PhotoEvent>, // Append-only log
knowledge: AssociativeMemory<PhotoKnowledge>, // Vector storage
plan: WorkingMemory<AnalysisPlan>, // Transactional state
}
```
---
### 3. **Persistence/Checkpointing**
#### rust-deep-agents-sdk Pattern (Multi-Backend)
```rust
#[async_trait]
pub trait Checkpointer: Send + Sync {
async fn save_state(&self, thread_id: &ThreadId, state: &AgentStateSnapshot) -> Result<()>;
async fn load_state(&self, thread_id: &ThreadId) -> Result<Option<AgentStateSnapshot>>;
async fn delete_thread(&self, thread_id: &ThreadId) -> Result<()>;
async fn list_threads(&self) -> Result<Vec<ThreadId>>;
}
```
**Implementations:**
- `InMemoryCheckpointer` - Development/testing
- `RedisCheckpointer` - Fast, ephemeral
- `PostgresCheckpointer` - Durable, queryable
- `DynamoDbCheckpointer` - AWS-native
**Key Insights:**
- **Thread-based scoping** (not global state)
- **Optional trait** (agents work without persistence)
- **Simple CRUD interface** (no complex queries)
**Spacedrive Application:**
```rust
// Store in .sdlibrary/sidecars/extension/photos/memory/
pub trait AgentMemory {
async fn save(&self, path: &Path) -> Result<()>;
async fn load(path: &Path) -> Result<Self>;
}
```
---
### 4. **Event System**
#### rust-deep-agents-sdk Pattern (Production-Grade)
```rust
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(tag = "event_type", rename_all = "snake_case")]
pub enum AgentEvent {
AgentStarted(AgentStartedEvent),
AgentCompleted(AgentCompletedEvent),
ToolStarted(ToolStartedEvent),
ToolCompleted(ToolCompletedEvent),
ToolFailed(ToolFailedEvent),
SubAgentStarted(SubAgentStartedEvent),
SubAgentCompleted(SubAgentCompletedEvent),
TodosUpdated(TodosUpdatedEvent),
StateCheckpointed(StateCheckpointedEvent),
PlanningComplete(PlanningCompleteEvent),
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct EventMetadata {
pub thread_id: String,
pub correlation_id: String,
pub customer_id: Option<String>,
pub timestamp: String,
}
```
**Event Broadcasting:**
```rust
#[async_trait]
pub trait EventBroadcaster: Send + Sync {
fn id(&self) -> &str;
async fn broadcast(&self, event: &AgentEvent) -> anyhow::Result<()>;
}
pub struct EventDispatcher {
broadcasters: RwLock<Vec<Arc<dyn EventBroadcaster>>>,
}
```
**Key Insights:**
- **Tagged enums** for type-safe events
- **Metadata on every event** (correlation IDs crucial)
- **Multi-channel broadcasting** (console, WhatsApp, SSE, etc.)
- **PII sanitization by default** (security first)
**Spacedrive Application:**
```rust
pub enum ExtensionEvent {
JobStarted { job_id: Uuid, job_type: String },
TaskCompleted { task_id: Uuid, result: TaskResult },
MemoryUpdated { agent_id: String, memory_type: MemoryType },
}
```
---
### 5. **Tool System**
> **Spacedrive Status:** **Not yet implemented** - Tools system needs to be added to SDK
#### rust-deep-agents-sdk Macro Pattern (Ergonomic)
```rust
#[tool("Adds two numbers together")]
fn add(a: i32, b: i32) -> i32 {
a + b
}
// Auto-generates:
pub struct AddTool;
#[async_trait]
impl Tool for AddTool {
fn schema(&self) -> ToolSchema { /* auto-generated */ }
async fn execute(&self, args: Value, ctx: ToolContext) -> Result<ToolResult> {
// auto-extracts parameters
let a: i32 = args.get("a")...;
let b: i32 = args.get("b")...;
Ok(ToolResult::text(&ctx, add(a, b)))
}
}
```
**Key Insights:**
- **Proc macro magic** - zero boilerplate
- **JSON Schema generation** from Rust types
- **Async support** out of the box
- **Optional parameters** via `Option<T>`
#### rust-agentai ToolBox Pattern
```rust
#[toolbox]
impl MyTools {
async fn search(&self, query: String) -> String {
// Implementation
}
async fn fetch(&self, url: String) -> String {
// Implementation
}
}
// Usage:
let toolbox = MyTools::new();
agent.run("gpt-4", "Search for Rust", Some(&toolbox)).await?;
```
**Key Insights:**
- **Grouped tools** in impl blocks
- **Shared state** via `&self`
- **Context access** for calling external services
**Spacedrive Application:**
> **Note:** Spacedrive currently doesn't have an AI agent "tools" system. The current SDK has:
> - **Tasks** - Units of work within durable jobs (for resumability/checkpointing)
> - **Jobs** - Long-running operations that can be paused/resumed
>
> **Tools** in the AI agent sense (LLM-callable functions with JSON schemas) need to be added to the SDK.
```rust
// FUTURE: Tools system to be added to Spacedrive SDK
// This shows the intended API after tools are implemented
// In Photos extension
#[tool("Detects faces in a photo and returns bounding boxes with embeddings")]
async fn detect_faces(ctx: &ToolContext, photo_id: Uuid) -> ToolResult<Vec<FaceDetection>> {
let photo = ctx.vdfs().get_entry(photo_id).await?;
let image_bytes = photo.read().await?;
let detections = ctx.ai()
.from_registered("face_detection:photos_v1")
.detect_faces(&image_bytes)
.await?;
Ok(ToolResult::success(detections))
}
// Meanwhile, tasks remain for durable job execution:
#[task(retries = 2, timeout_ms = 30000)]
async fn analyze_photos_batch(ctx: &TaskContext, photo_ids: &[Uuid]) -> TaskResult<()> {
// This is about resumability, not LLM tool calling
for photo_id in photo_ids {
// Process photo
ctx.checkpoint().await?; // Save progress
}
Ok(())
}
```
**TODO for SDK Implementation:**
- [ ] Add `Tool` trait with `schema()` method (returns JSON Schema)
- [ ] Add `#[tool]` proc macro for automatic schema generation
- [ ] Add `ToolContext` with access to VDFS, AI models, permissions
- [ ] Add `ToolResult` type for success/error responses
- [ ] Integrate with agent runtime for tool discovery and execution
- [ ] Add tool registry for listing available tools to LLM
---
### 6. **Middleware Pattern**
#### rust-deep-agents-sdk Pattern (Powerful)
```rust
#[async_trait]
pub trait AgentMiddleware: Send + Sync {
fn id(&self) -> &'static str;
fn tools(&self) -> Vec<ToolBox> { Vec::new() }
async fn modify_model_request(&self, ctx: &mut MiddlewareContext<'_>) -> Result<()>;
async fn before_tool_execution(
&self,
tool_name: &str,
tool_args: &Value,
call_id: &str,
) -> Result<Option<AgentInterrupt>>;
}
```
**Built-in Middleware:**
- `SummarizationMiddleware` - Context window management
- `PlanningMiddleware` - Todo list management
- `FilesystemMiddleware` - Mock filesystem
- `SubAgentMiddleware` - Task delegation
- `HitlMiddleware` - Human-in-the-loop approvals
**Key Insights:**
- **Composable layers** like HTTP middleware
- **Request/response interception**
- **Tool injection** per middleware
- **Interrupt hooks** for approval flows
**Spacedrive Application:**
```rust
pub trait ExtensionMiddleware {
async fn on_event(&self, event: &VdfsEvent, ctx: &AgentContext) -> Result<()>;
async fn before_action(&self, action: &Action, ctx: &AgentContext) -> Result<Option<Interrupt>>;
async fn after_job(&self, job: &JobResult, ctx: &AgentContext) -> Result<()>;
}
```
---
### 7. **Builder Pattern**
#### rust-deep-agents-sdk Pattern (Fluent API)
```rust
let agent = ConfigurableAgentBuilder::new("You are a helpful assistant")
.with_openai_chat(OpenAiConfig::new(api_key, "gpt-4o"))?
.with_tool(AddTool::as_tool())
.with_tool(SearchTool::as_tool())
.with_subagent_config(researcher_config)
.with_summarization(SummarizationConfig::new(10, "..."))
.with_tool_interrupt("delete_file", HitlPolicy {
allow_auto: false,
note: Some("Requires approval".into()),
})
.with_checkpointer(Arc::new(InMemoryCheckpointer::new()))
.with_event_broadcaster(Arc::new(ConsoleLogger))
.with_pii_sanitization(true)
.build()?;
```
**Key Insights:**
- **Progressive disclosure** - simple cases easy, complex possible
- **Type-safe chaining** - compiler catches errors
- **Optional components** - checkpointer, events, etc.
- **Convenience methods** - `with_openai_chat` vs manual model creation
**Spacedrive Application:**
```rust
#[extension(
id = "com.spacedrive.photos",
name = "Photos",
permissions = [
Permission::ReadEntries,
Permission::WriteSidecars(kinds = vec!["faces"]),
Permission::UseModel(category = "face_detection"),
]
)]
struct Photos {
config: PhotosConfig,
}
```
---
### 8. **Human-in-the-Loop (HITL)**
#### rust-deep-agents-sdk Pattern (Critical Feature)
```rust
pub struct HitlPolicy {
pub allow_auto: bool, // Auto-execute or require approval
pub note: Option<String>, // Why approval needed
}
pub enum HitlAction {
Accept, // Execute as-is
Edit { tool_name: String, tool_args: Value }, // Modify then execute
Reject { reason: Option<String> }, // Cancel execution
Respond { message: AgentMessage }, // Custom response
}
pub struct AgentInterrupt {
pub tool_name: String,
pub tool_args: Value,
pub call_id: String,
pub policy_note: Option<String>,
}
```
**Flow:**
```rust
// Agent tries to call tool
match agent.handle_message("Delete old files", state).await {
Err(e) if e.contains("HITL interrupt") => {
// Show user: tool name, args, note
let interrupt = agent.current_interrupt().await?;
// User approves
agent.resume_with_approval(HitlAction::Accept).await?;
}
Ok(response) => // Normal completion
}
```
**Key Insights:**
- **Tool-level policies** (not global)
- **Four response types** (not just yes/no)
- **Requires checkpointer** (for state persistence)
- **Security best practice** for critical operations
**Spacedrive Application:**
```rust
// In Photos extension
#[action]
async fn batch_delete_faces(ctx: &ActionContext, face_ids: Vec<Uuid>) -> ActionResult {
// Spacedrive's Action System provides preview-before-commit
// Similar to HITL but at action level, not tool level
}
```
---
### 9. **Agent Lifecycle Management**
#### ccswarm Pattern (Rich Status Model)
```rust
pub struct Agent {
pub id: Uuid,
pub name: String,
pub role: AgentRole,
pub status: AgentStatus,
pub identity: AgentIdentity,
pub workspace: PathBuf,
pub personality: Option<AgentPersonality>,
pub phronesis: PhronesisManager, // Practical wisdom from experience
}
impl Agent {
pub async fn initialize(&mut self) -> Result<()> {
self.status = AgentStatus::Initializing;
// Setup workspace, load identity, etc.
self.status = AgentStatus::Available;
}
pub async fn execute_task(&mut self, task: Task) -> Result<TaskResult> {
self.status = AgentStatus::Working;
// Boundary checking, phronesis consultation
let result = self.perform_work(task).await?;
self.status = AgentStatus::WaitingForReview;
Ok(result)
}
}
```
**Key Insights:**
- **Identity system** - agents have consistent personas
- **Phronesis (wisdom)** - learning from past experiences
- **Boundary checking** - agents know their limits
- **Personality traits** - affect decision-making style
---
### 10. **Memory Patterns**
#### ccswarm Whiteboard Pattern
```rust
pub struct Whiteboard {
entries: Vec<WhiteboardEntry>,
}
pub struct WhiteboardEntry {
pub entry_type: EntryType,
pub content: String,
pub annotations: Vec<AnnotationMarker>,
pub timestamp: DateTime<Utc>,
pub agent_id: Option<String>,
}
pub enum EntryType {
TaskDescription,
CodeSnippet,
DesignDecision,
ErrorReport,
Solution,
}
```
**Key Insight:** Shared workspace for multi-agent collaboration.
#### Spacedrive's Memory System (From SDK)
```rust
pub struct TemporalMemory<T> {
// Append-only event log
}
pub struct AssociativeMemory<T> {
// Vector store with semantic search
}
pub struct WorkingMemory<T> {
// Transactional current state
}
```
**Key Difference:** Domain-specific memory types vs. generic storage.
---
## Security Best Practices
### 1. PII Sanitization (rust-deep-agents-sdk)
```rust
pub fn sanitize_tool_payload(payload: &Value, max_len: usize) -> String {
let sanitized = sanitize_json(payload); // Redact sensitive fields
let text = serde_json::to_string(&sanitized).unwrap();
let redacted = redact_pii(&text); // Remove email, phone, CC#
safe_preview(&redacted, max_len) // Truncate
}
// Pattern matching for PII
const EMAIL_REGEX: &str = r"\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b";
const PHONE_REGEX: &str = r"\b\d{3}[-.]?\d{3}[-.]?\d{4}\b";
const CREDIT_CARD_REGEX: &str = r"\b\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b";
```
**Key Insight:** Enabled by default, explicit opt-out required.
### 2. Sandboxing (All Projects)
- **WASM isolation** for untrusted extensions
- **Permission systems** for file/network access
- **Resource limits** (memory, CPU, time)
---
## Performance Patterns
### 1. Zero-Cost Abstractions (ccswarm)
```rust
// Type-state pattern - compile-time validation
pub struct TaskBuilder<State> {
task: Task,
_phantom: PhantomData<State>,
}
impl TaskBuilder<Initial> {
pub fn with_description(self, desc: String) -> TaskBuilder<HasDescription> { }
}
impl TaskBuilder<HasDescription> {
pub fn build(self) -> Task { self.task }
}
```
**Key Insight:** Rust's type system prevents runtime errors.
### 2. Channel-Based Concurrency (ccswarm)
```rust
// No Arc<Mutex<T>> - use message passing
let (tx, rx) = mpsc::channel(100);
// Agent task executor
tokio::spawn(async move {
while let Some(task) = rx.recv().await {
process_task(task).await;
}
});
```
**Key Insight:** Lock-free coordination for multi-agent systems.
---
## Recommended Architecture for Spacedrive
### Core Agent Trait
```rust
#[async_trait]
pub trait ExtensionAgent: Send + Sync {
// Identity
fn descriptor(&self) -> AgentDescriptor;
// Lifecycle
async fn on_startup(&self, ctx: &AgentContext<Self::Memory>) -> AgentResult<()>;
async fn on_shutdown(&self, ctx: &AgentContext<Self::Memory>) -> AgentResult<()>;
// Event handling
async fn on_event(&self, event: VdfsEvent, ctx: &AgentContext<Self::Memory>) -> AgentResult<()>;
// Scheduled tasks
async fn on_schedule(&self, trigger: ScheduleTrigger, ctx: &AgentContext<Self::Memory>) -> AgentResult<()>;
// Associated types
type Memory: AgentMemory;
}
```
### Agent Context (Immutable)
```rust
pub struct AgentContext<M: AgentMemory> {
vdfs: VdfsContext, // Read-only VDFS access
ai: AiContext, // Model inference
jobs: JobDispatcher, // Background jobs
memory: MemoryHandle<M>, // Persistent memory
permissions: PermissionSet, // Granted scopes
_phantom: PhantomData<M>,
}
```
### Memory System
```rust
#[agent_memory]
struct PhotosMind {
history: TemporalMemory<PhotoEvent>, // Append-only events
knowledge: AssociativeMemory<PhotoKnowledge>, // Vector search
plan: WorkingMemory<AnalysisPlan>, // Transactional state
}
impl Checkpointer for PhotosMind {
async fn save(&self, path: &Path) -> Result<()> {
// Serialize to .sdlibrary/sidecars/extension/photos/memory/
}
}
```
### Event System
```rust
pub enum ExtensionEvent {
AgentStarted { agent_id: String, timestamp: DateTime<Utc> },
JobDispatched { job_id: Uuid, job_type: String },
MemoryUpdated { agent_id: String, size_bytes: usize },
ActionProposed { action: ActionPreview },
}
pub struct EventBroadcaster {
channels: Vec<Arc<dyn EventChannel>>,
}
impl EventBroadcaster {
pub async fn emit(&self, event: ExtensionEvent) -> Result<()> {
for channel in &self.channels {
channel.send(&event).await?;
}
Ok(())
}
}
```
### Tools System (To Be Implemented)
> **Current State:** Spacedrive has **Tasks** and **Jobs** for durable execution, but not **Tools** for LLM interaction.
**Distinction:**
- **Tasks** = Work units in resumable jobs (existing)
- **Jobs** = Long-running operations with checkpoints (existing)
- **Tools** = LLM-callable functions with JSON schemas (needs implementation)
```rust
// EXISTING: Tasks for durable job execution
#[task(
retries = 2,
timeout_ms = 30000,
requires_capability = "gpu_optional"
)]
async fn detect_faces_batch(ctx: &TaskContext, photo: &Entry) -> TaskResult<Vec<Face>> {
let image = photo.read().await?;
let model = ctx.ai().model("face_detection:photos_v1");
model.detect(&image).await
}
#[job(name = "analyze_photos_batch")]
fn analyze_photos(ctx: &JobContext, state: &mut AnalyzeState) -> JobResult<()> {
for photo_id in &state.photo_ids {
ctx.run(detect_faces_batch, (photo_id,)).await?;
ctx.checkpoint().await?; // Resumable
}
Ok(())
}
// TO BE ADDED: Tools for LLM interaction
#[tool("Search for photos by person name")]
async fn search_photos_by_person(
ctx: &ToolContext,
person_name: String,
max_results: Option<u32>
) -> ToolResult<Vec<PhotoMetadata>> {
// LLM can call this function
let photos = ctx.vdfs()
.query_entries()
.with_tag(&format!("#person:{}", person_name))
.limit(max_results.unwrap_or(20))
.collect()
.await?;
Ok(ToolResult::success(photos))
}
// Tools get registered with agent's planner (LLM)
let agent = AgentBuilder::new("Photo assistant")
.with_tool(SearchPhotosByPersonTool::as_tool()) // Auto-generated
.with_tool(AnalyzeFacesTool::as_tool())
.build()?;
```
**Implementation Priority:**
1. **Phase 1:** Basic tool trait + manual registration
2. **Phase 2:** `#[tool]` macro for automatic schema generation
3. **Phase 3:** Tool discovery and dynamic loading
4. **Phase 4:** Tool composition and chaining
---
## Key Takeaways for Implementation
### 1. **Start Simple, Add Complexity**
- Begin with `InMemoryCheckpointer` (like rust-deep-agents-sdk)
- Add Redis/Postgres later when needed
- Event system can start with basic logging
### 2. **Leverage Proc Macros**
- `#[tool]` for zero-boilerplate tools **TODO: Needs implementation**
- `#[agent]` for lifecycle registration **TODO: Needs implementation**
- `#[agent_memory]` for persistence trait **TODO: Needs implementation**
- `#[task]` already exists for durable jobs ✅
- `#[job]` already exists for job registration ✅
### 3. **State Management**
- Immutable snapshots (Arc<AgentStateSnapshot>)
- Custom merge logic per field
- BTreeMap for determinism
### 4. **Event-Driven Architecture**
- Tagged enums for type safety
- Multi-channel broadcasting
- PII sanitization by default
### 5. **Security First**
- WASM sandboxing
- Explicit permissions
- HITL for critical operations
- Resource limits
### 6. **Testing Strategy**
- Unit tests for memory merge logic
- Integration tests with mock VDFS
- Property tests for state reducers
- Minimal tests for speed (ccswarm: 8 essential tests)
### 7. **Documentation**
- Comprehensive examples (like rust-deep-agents-sdk)
- Migration guides
- Architecture decision records (ADRs)
---
## Implementation Phases
### Phase 1: Core Agent Runtime (2-3 weeks)
- [ ] `AgentContext` and `AgentHandle` traits
- [ ] `InMemoryCheckpointer` for state persistence
- [ ] Basic event system (console logging)
- [ ] Macro for `#[agent]` lifecycle hooks
### Phase 2: Memory System (2-3 weeks)
- [ ] `TemporalMemory` implementation (SQLite event log)
- [ ] `AssociativeMemory` implementation (vector store)
- [ ] `WorkingMemory` implementation (transactional state)
- [ ] Persistence to `.sdlibrary/sidecars/extension/`
### Phase 3: Tools System (2-3 weeks)
> **New system to add - distinct from existing Tasks/Jobs**
- [ ] `Tool` trait with `schema()` method
- [ ] `#[tool]` proc macro for automatic schema generation
- [ ] `ToolContext` providing VDFS/AI/permissions access
- [ ] `ToolResult` type for structured responses
- [ ] Tool registry for discovery
- [ ] Integration with agent planner (LLM) for tool calling
- [ ] Tool execution runtime with error handling
**Note:** Tasks/Jobs already exist for durable execution and don't need changes.
### Phase 4: Advanced Features (3-4 weeks)
- [ ] Multi-channel event broadcasting
- [ ] Middleware system for interception
- [ ] HITL-style approval for actions
- [ ] Performance optimizations
---
## References
1. **rust-deep-agents-sdk**: https://github.com/yafatek/rust-deep-agents-sdk
- Best: State management, checkpointing, HITL, events
- Use: Builder pattern, middleware architecture
2. **rust-agentai**: https://github.com/asm-jaime/rust-agentai
- Best: Simple API, ToolBox pattern, MCP integration
- Use: Macro design inspiration
3. **ccswarm**: https://github.com/nwiizo/ccswarm
- Best: Multi-agent orchestration, status lifecycle, phronesis
- Use: Agent identity, boundary checking, whiteboard pattern
All three are production-quality codebases with valuable patterns for Spacedrive's agent system.
---
## Appendix: Spacedrive SDK Implementation Status
### What Exists Today
**Job System:**
- `#[job]` macro for durable, long-running operations
- `JobContext` with progress reporting and checkpointing
- Job queue with pause/resume capability
- Integration with core event bus
**Task System:**
- `#[task]` macro for work units within jobs
- Task execution with retries and timeouts
- Capability-based scheduling (GPU, CPU)
- Error handling and propagation
**Extension Framework:**
- `#[extension]` macro with permissions
- WASM runtime (in design phase)
- Permission scoping to locations
- Model registration
### What Needs Implementation
**Tools System (New):**
- `Tool` trait with JSON Schema generation
- `#[tool]` proc macro
- `ToolContext` for VDFS/AI access
- Tool registry for LLM discovery
- Tool execution runtime
**Agent Runtime:**
- `AgentContext` implementation (currently stubs)
- Event subscription mechanism
- Lifecycle hooks (`on_startup`, `on_event`, `scheduled`)
- Memory persistence backends
**Memory System:**
- `TemporalMemory` backend (SQLite event log)
- `AssociativeMemory` backend (vector store)
- `WorkingMemory` backend (transactional JSON)
- Query interfaces implementation
**Event System:**
- Extension event types
- Multi-channel broadcasting
- Event correlation IDs
- PII sanitization
### Quick Implementation Guide
**If implementing tools first (recommended):**
1. Study `rust-deep-agents-sdk/crates/agents-macros/src/lib.rs` - copy the `#[tool]` macro
2. Study `rust-deep-agents-sdk/crates/agents-core/src/tools.rs` - adapt the Tool trait
3. Create `crates/sdk/src/tools.rs` with Tool trait and ToolContext
4. Create `crates/sdk-macros/src/tool.rs` with proc macro
5. Add tests in `extensions/test-extension` to validate
**Key files to study:**
- Tool macro: `rust-deep-agents-sdk/crates/agents-macros/src/lib.rs` (260 lines)
- Tool trait: `rust-deep-agents-sdk/crates/agents-core/src/tools.rs` (368 lines)
- Builder: `rust-deep-agents-sdk/crates/agents-runtime/src/agent/builder.rs` (317 lines)
**Estimated effort:**
- Basic tool system: ~500 lines, 1 week
- With proc macro: ~800 lines, 2 weeks
- With registry and integration: ~1200 lines, 3 weeks

1129
docs/core/design/agents/CONTEXT_WINDOW_MANAGEMENT_RESEARCH.md
View File

File diff suppressed because it is too large Load Diff

524
docs/core/design/cli-output-refactor.md
View File

@@ -1,524 +0,0 @@
# CLI Output Refactor Design Document
## Overview
This document outlines a proposed refactoring of the CLI output system to replace the current `println!` usage with a more structured and consistent approach using existing Rust libraries.
## Current State
### Problems
1. **Inconsistent output patterns** - Each domain handler uses different formatting styles
2. **Mixed approaches** - Some functions return strings, others print directly
3. **No output format options** - Cannot output JSON for scripting/automation
4. **Difficult to test** - Direct `println!` calls are hard to capture in tests
5. **No verbosity control** - All output is shown regardless of user preference
6. **Scattered emoji/color logic** - Formatting decisions spread throughout codebase
### Current Dependencies
- `colored` - Terminal colors
- `indicatif` - Progress bars and spinners
- `console` - Terminal utilities
- `comfy-table` - Table formatting
- `tracing` - Structured logging (underutilized for CLI output)
## Library Options
### Recommended Libraries
After evaluating various options, here are the recommended libraries for different aspects:
1. **Terminal UI Framework: `ratatui`** (for TUI mode)
- Modern terminal UI framework
- Great for the planned TUI mode
- Handles layout, widgets, and rendering
2. **CLI Output: `dialoguer` + `console`**
- `dialoguer`: High-level constructs (prompts, selections, progress)
- `console`: Low-level terminal control
- Both work well together
3. **Structured Output: `owo-colors` + `supports-color`**
- More modern than `colored` crate
- Better performance
- Automatic color detection
4. **Progress Bars: Keep `indicatif`**
- Already in use
- Best-in-class for progress indication
5. **Table Formatting: Keep `comfy-table`**
- Already in use
- Good API and customization
### Alternative: All-in-One Solution with `dialoguer`
```rust
use dialoguer::{theme::ColorfulTheme, console::style};
use console::{Term, Emoji};
// Emojis with fallback
static SUCCESS: Emoji = Emoji("", "[OK] ");
static ERROR: Emoji = Emoji("", "[ERROR] ");
static INFO: Emoji = Emoji(" ", "[INFO] ");
// Structured output
let term = Term::stdout();
term.clear_line()?;
term.write_line(&format!("{}{}", SUCCESS, style("Library created").green()))?;
// Progress bars
let pb = indicatif::ProgressBar::new(100);
pb.set_style(
indicatif::ProgressStyle::default_bar()
.template("{spinner:.green} [{bar:40.cyan/blue}] {pos}/{len} {msg}")
.progress_chars("#>-")
);
// Tables (keep comfy-table)
let mut table = comfy_table::Table::new();
table.set_header(vec!["ID", "Name", "Status"]);
```
## Proposed Solution
### Core Design Principles
1. **Separation of concerns** - Business logic should not know about output formatting
2. **Testability** - Output should be capturable and assertable in tests
3. **Flexibility** - Support multiple output formats (human, json, quiet)
4. **Consistency** - Unified visual language across all commands
5. **Context-aware** - Respect user preferences (color, verbosity, format)
### Lightweight Wrapper Approach
Instead of building a complex abstraction, we'll create a thin wrapper around these libraries:
```rust
// src/infrastructure/cli/output.rs
use console::{style, Emoji, Term};
use dialoguer::theme::ColorfulTheme;
use serde::Serialize;
use std::io::Write;
pub struct CliOutput {
term: Term,
format: OutputFormat,
theme: ColorfulTheme,
}
// Simple emoji constants with fallbacks
const SUCCESS: Emoji = Emoji("", "[OK] ");
const ERROR: Emoji = Emoji("", "[ERROR] ");
const WARNING: Emoji = Emoji(" ", "[WARN] ");
const INFO: Emoji = Emoji(" ", "[INFO] ");
impl CliOutput {
pub fn success(&self, msg: &str) -> std::io::Result<()> {
match self.format {
OutputFormat::Human => {
self.term.write_line(&format!("{}{}", SUCCESS, style(msg).green()))
}
OutputFormat::Json => {
let output = json!({"type": "success", "message": msg});
self.term.write_line(&output.to_string())
}
OutputFormat::Quiet => Ok(()),
}
}
pub fn section(&self) -> OutputSection {
OutputSection::new(self)
}
}
// Fluent builder for sections
pub struct OutputSection<'a> {
output: &'a CliOutput,
lines: Vec<String>,
}
impl<'a> OutputSection<'a> {
pub fn title(mut self, text: &str) -> Self {
self.lines.push(format!("\n{}", style(text).bold().cyan()));
self
}
pub fn item(mut self, label: &str, value: &str) -> Self {
self.lines.push(format!(" {}: {}", label, style(value).bright()));
self
}
pub fn render(self) -> std::io::Result<()> {
for line in self.lines {
self.output.term.write_line(&line)?;
}
Ok(())
}
}
```
### Architecture
```rust
// src/infrastructure/cli/output/mod.rs
/// Global output context passed through CLI operations
pub struct OutputContext {
format: OutputFormat,
verbosity: VerbosityLevel,
color: ColorMode,
writer: Box<dyn Write>, // Allows testing with buffers
}
pub enum OutputFormat {
Human, // Default, pretty-printed with colors/emojis
Json, // Machine-readable JSON
Quiet, // Minimal output (errors only)
}
pub enum VerbosityLevel {
Quiet = 0, // Errors only
Normal = 1, // Default
Verbose = 2, // Additional info
Debug = 3, // Everything
}
pub enum ColorMode {
Auto, // Detect terminal support
Always, // Force colors
Never, // No colors
}
/// All possible output messages in the system
pub enum Message {
// Success messages
LibraryCreated { name: String, id: Uuid },
LocationAdded { path: PathBuf },
DaemonStarted { instance: String },
// Error messages
DaemonNotRunning { instance: String },
LibraryNotFound { id: Uuid },
// Progress messages
IndexingProgress { current: u64, total: u64, location: String },
// Status messages
DaemonStatus { version: String, uptime: u64, libraries: Vec<LibraryInfo> },
// ... etc
}
/// Core output trait - implemented for each format
pub trait OutputFormatter {
fn format(&self, message: &Message, context: &OutputContext) -> String;
}
/// Main output handler
impl OutputContext {
pub fn print(&mut self, message: Message) {
if self.should_print(&message) {
let formatted = self.format(&message);
writeln!(self.writer, "{}", formatted).ok();
}
}
pub fn error(&mut self, message: Message) {
// Errors always print regardless of verbosity
let formatted = self.format_error(&message);
writeln!(self.writer, "{}", formatted).ok();
}
}
```
### Output Grouping and Spacing
One of the major improvements is eliminating the "println! soup" pattern where multiple `println!()` calls are used for spacing:
#### Current (Ugly) Pattern
```rust
println!("Checking pairing status...");
println!();
println!("Current Pairing Status: {}", status);
println!();
println!("No pending pairing requests");
println!();
println!("To start pairing:");
println!(" • Generate a code: spacedrive network pair generate");
```
#### New Pattern
```rust
// Using output groups
output.print(Message::PairingStatus {
status: status.clone(),
pending_requests: vec![],
help_text: true,
});
// Or using a builder pattern for complex outputs
output.section("Checking pairing status")
.status("Current Pairing Status", &status)
.empty_line()
.info("No pending pairing requests")
.empty_line()
.help()
.item("Generate a code: spacedrive network pair generate")
.item("Join with a code: spacedrive network pair join <code>")
.render();
```
The formatter handles appropriate spacing based on context, eliminating manual spacing management.
### Human-Readable Formatter
```rust
pub struct HumanFormatter;
impl OutputFormatter for HumanFormatter {
fn format(&self, message: &Message, context: &OutputContext) -> String {
match message {
Message::LibraryCreated { name, id } => {
format!("{} Library '{}' created successfully",
if context.use_emoji() { "" } else { "[OK]" }.green(),
name.bright_cyan()
)
}
Message::DaemonNotRunning { instance } => {
format!("{} Spacedrive daemon instance '{}' is not running\n Start it with: spacedrive start",
"".red(),
instance
)
}
// ... etc
}
}
}
```
### JSON Formatter
```rust
pub struct JsonFormatter;
impl OutputFormatter for JsonFormatter {
fn format(&self, message: &Message, _: &OutputContext) -> String {
// Convert messages to structured JSON
match message {
Message::LibraryCreated { name, id } => {
json!({
"type": "library_created",
"success": true,
"data": {
"name": name,
"id": id.to_string()
}
}).to_string()
}
// ... etc
}
}
}
```
### Integration Points
#### 1. CLI Entry Point
```rust
// In main CLI parser
let output = OutputContext::new(
matches.value_of("format").unwrap_or("human"),
matches.occurrences_of("verbose"),
matches.is_present("no-color"),
);
// Pass through command handlers
handle_library_command(cmd, output).await?;
```
#### 2. Command Handlers
```rust
pub async fn handle_library_command(
cmd: LibraryCommands,
mut output: OutputContext,
) -> Result<(), Box<dyn Error>> {
match cmd {
LibraryCommands::Create { name } => {
let library = create_library(name).await?;
output.print(Message::LibraryCreated {
name: library.name,
id: library.id,
});
}
}
}
```
#### 3. Testing
```rust
#[test]
fn test_library_create_output() {
let mut buffer = Vec::new();
let mut output = OutputContext::test(buffer);
output.print(Message::LibraryCreated {
name: "Test".into(),
id: Uuid::new_v4(),
});
let result = String::from_utf8(output.into_inner()).unwrap();
assert!(result.contains("Library 'Test' created"));
}
```
### Progress Handling
For long-running operations, integrate with existing `indicatif`:
```rust
pub struct ProgressContext {
output: OutputContext,
progress: Option<ProgressBar>,
}
impl ProgressContext {
pub fn update(&mut self, message: Message) {
match &message {
Message::IndexingProgress { current, total, .. } => {
if let Some(pb) = &self.progress {
pb.set_position(*current);
pb.set_message(format!("{}/{}", current, total));
}
}
_ => self.output.print(message),
}
}
}
```
### Migration Strategy
1. **Phase 1**: Implement core output module without changing existing code
2. **Phase 2**: Gradually migrate each domain handler to use new system
3. **Phase 3**: Add JSON output support once all handlers migrated
4. **Phase 4**: Add advanced features (output filtering, custom formats)
### Benefits
1. **Testability** - Can capture and assert output in tests
2. **Consistency** - Single source of truth for all messages
3. **Localization-ready** - Messages defined in one place
4. **Machine-readable** - JSON output for automation
5. **Better UX** - Respects user preferences (quiet mode, no color, etc.)
6. **Maintainability** - Easy to update output style globally
### Backwards Compatibility
- Default behavior remains unchanged (human-readable with colors)
- Existing CLI commands work identically
- New flags are additive: `--format json`, `--quiet`, `--no-color`
### Future Extensions
1. **Structured logging integration** - Connect with tracing for debug output
2. **Template support** - User-defined output templates
3. **Localization** - Message translations
4. **Output plugins** - Custom formatters for specific tools
5. **Streaming JSON** - For real-time event monitoring
### Section Builder API
For complex multi-line outputs, a fluent builder API makes the code much cleaner:
```rust
pub struct OutputSection<'a> {
output: &'a mut OutputContext,
lines: Vec<Line>,
}
impl<'a> OutputSection<'a> {
pub fn title(mut self, text: &str) -> Self {
self.lines.push(Line::Title(text.to_string()));
self
}
pub fn status(mut self, label: &str, value: &str) -> Self {
self.lines.push(Line::Status(label.to_string(), value.to_string()));
self
}
pub fn table(mut self, table: Table) -> Self {
self.lines.push(Line::Table(table));
self
}
pub fn empty_line(mut self) -> Self {
self.lines.push(Line::Empty);
self
}
pub fn render(self) {
// Smart spacing: removes duplicate empty lines, adds appropriate spacing
let formatted = self.output.formatter.format_section(&self.lines);
self.output.write(formatted);
}
}
// Usage example - much cleaner than multiple println!s
output.section()
.title("System Status")
.status("Version", &status.version)
.status("Uptime", &format_duration(status.uptime))
.empty_line()
.title("Libraries")
.table(library_table)
.empty_line()
.help()
.item("Create a library: spacedrive library create <name>")
.item("Switch library: spacedrive library switch <name>")
.render();
```
## Implementation Checklist
### Phase 1: Add Dependencies
- [ ] Add `dialoguer` to Cargo.toml
- [ ] Add `owo-colors` to Cargo.toml (or stick with `colored`)
- [ ] Keep existing `console`, `indicatif`, `comfy-table`
### Phase 2: Create Simple Wrapper
- [ ] Create `src/infrastructure/cli/output.rs`
- [ ] Implement basic `CliOutput` struct with library wrappers
- [ ] Add output format enum (Human, Json, Quiet)
- [ ] Create section builder using `console` styling
### Phase 3: Gradual Migration
- [ ] Start with one domain (e.g., library commands)
- [ ] Replace `println!` calls with output methods
- [ ] Test both human and JSON output
- [ ] Migrate remaining domains one by one
### Phase 4: Advanced Features
- [ ] Add interactive prompts with `dialoguer`
- [ ] Implement TUI mode with `ratatui`
- [ ] Add output templates for customization
- [ ] Integrate with tracing for debug output
## Example Migration
```rust
// Before:
println!("Starting Spacedrive daemon...");
println!();
println!("Daemon started successfully");
println!(" PID: {}", pid);
println!(" Socket: {}", socket_path);
// After:
let output = CliOutput::new(format);
output.info("Starting Spacedrive daemon...")?;
output.success("Daemon started successfully")?;
output.section()
.item("PID", &pid.to_string())
.item("Socket", &socket_path.display().to_string())
.render()?;
```

378
docs/core/design/indexer-scope-upgrade.md
View File

@@ -1,378 +0,0 @@
# Indexer Scope and Ephemeral Mode Upgrade
## Overview
This document outlines the design for upgrading the Spacedrive indexer to support different indexing scopes and ephemeral modes. The current indexer operates with a single recursive mode within managed locations. This upgrade introduces more granular control for UI responsiveness and support for viewing unmanaged paths.
## Current State
The indexer currently supports:
- **IndexMode**: Shallow, Quick, Content, Deep, Full (determines what data to extract)
- **Location-based**: Only indexes within managed locations
- **Persistent**: All operations write to database
- **Recursive**: Always scans entire directory trees
## Proposed Enhancements
### 1. IndexScope Enum
```rust
#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
pub enum IndexScope {
/// Index only the current directory (single level)
Current,
/// Index recursively through all subdirectories
Recursive,
}
```
### 2. IndexPersistence Enum
```rust
#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
pub enum IndexPersistence {
/// Write all results to database (normal operation)
Persistent,
/// Keep results in memory only (for unmanaged paths)
Ephemeral,
}
```
### 3. Enhanced IndexerJob Configuration
```rust
pub struct IndexerJobConfig {
pub location_id: Option<Uuid>, // None for ephemeral indexing
pub path: SdPath,
pub mode: IndexMode,
pub scope: IndexScope,
pub persistence: IndexPersistence,
pub max_depth: Option<u32>, // Override for Current scope
}
```
## Use Cases
### Use Case 1: UI Directory Navigation
**Scenario**: User navigates to a folder in the UI and needs current contents displayed immediately.
**Requirements**:
- IndexScope: Current
- IndexMode: Quick (metadata only)
- IndexPersistence: Persistent (update database)
- Fast response time (<500ms for typical directories)
**Implementation**:
```rust
let config = IndexerJobConfig {
location_id: Some(location_uuid),
path: current_directory_path,
mode: IndexMode::Quick,
scope: IndexScope::Current,
persistence: IndexPersistence::Persistent,
max_depth: Some(1),
};
```
### Use Case 2: Ephemeral Path Browsing
**Scenario**: User wants to browse a directory outside of managed locations (e.g., network drive, external device).
**Requirements**:
- IndexScope: Current or Recursive
- IndexMode: Quick or Content
- IndexPersistence: Ephemeral (no database writes)
- Results cached in memory for session
**Implementation**:
```rust
let config = IndexerJobConfig {
location_id: None, // Not a managed location
path: external_path,
mode: IndexMode::Quick,
scope: IndexScope::Current,
persistence: IndexPersistence::Ephemeral,
max_depth: Some(1),
};
```
### Use Case 3: Background Full Indexing
**Scenario**: Traditional full location indexing for new or updated locations.
**Requirements**:
- IndexScope: Recursive
- IndexMode: Deep or Full
- IndexPersistence: Persistent
- Complete coverage of location
**Implementation**:
```rust
let config = IndexerJobConfig {
location_id: Some(location_uuid),
path: location_root_path,
mode: IndexMode::Deep,
scope: IndexScope::Recursive,
persistence: IndexPersistence::Persistent,
max_depth: None,
};
```
## Technical Implementation
### 1. Enhanced IndexerJob Structure
```rust
pub struct IndexerJob {
config: IndexerJobConfig,
// Internal state
ephemeral_results: Option<Arc<RwLock<EphemeralIndex>>>,
}
pub struct EphemeralIndex {
entries: HashMap<PathBuf, EntryMetadata>,
content_identities: HashMap<String, ContentIdentity>,
created_at: Instant,
last_accessed: Instant,
}
```
### 2. Modified Discovery Phase
```rust
impl IndexerJob {
async fn discovery_phase(&mut self, state: &mut IndexerState, ctx: &JobContext<'_>) -> JobResult<()> {
match self.config.scope {
IndexScope::Current => {
// Only scan immediate children
self.scan_single_level(state, ctx).await?;
}
IndexScope::Recursive => {
// Existing recursive logic
self.scan_recursive(state, ctx).await?;
}
}
Ok(())
}
async fn scan_single_level(&mut self, state: &mut IndexerState, ctx: &JobContext<'_>) -> JobResult<()> {
let root_path = self.config.path.as_local_path()
.ok_or_else(|| JobError::execution("Path not accessible locally"))?;
let mut entries = fs::read_dir(root_path).await
.map_err(|e| JobError::execution(format!("Failed to read directory: {}", e)))?;
while let Some(entry) = entries.next_entry().await
.map_err(|e| JobError::execution(format!("Failed to read directory entry: {}", e)))? {
let path = entry.path();
let metadata = entry.metadata().await
.map_err(|e| JobError::execution(format!("Failed to read metadata: {}", e)))?;
let dir_entry = DirEntry {
path: path.clone(),
kind: if metadata.is_dir() { EntryKind::Directory }
else if metadata.is_symlink() { EntryKind::Symlink }
else { EntryKind::File },
size: metadata.len(),
modified: metadata.modified().ok(),
inode: EntryProcessor::get_inode(&metadata),
};
state.pending_entries.push(dir_entry);
// Update stats
match dir_entry.kind {
EntryKind::File => state.stats.files += 1,
EntryKind::Directory => state.stats.dirs += 1,
EntryKind::Symlink => state.stats.symlinks += 1,
}
}
Ok(())
}
}
```
### 3. Persistence Layer Abstraction
```rust
trait IndexPersistence {
async fn store_entry(&self, entry: &DirEntry, location_id: Option<i32>) -> JobResult<i32>;
async fn store_content_identity(&self, cas_id: &str, content_data: &ContentData) -> JobResult<i32>;
async fn get_existing_entries(&self, path: &Path) -> JobResult<Vec<ExistingEntry>>;
}
struct DatabasePersistence<'a> {
ctx: &'a JobContext<'a>,
location_id: i32,
}
struct EphemeralPersistence {
index: Arc<RwLock<EphemeralIndex>>,
}
```
### 4. Enhanced Progress Reporting
```rust
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct IndexerProgress {
pub phase: IndexPhase,
pub scope: IndexScope,
pub persistence: IndexPersistence,
pub current_path: String,
pub total_found: IndexerStats,
pub processing_rate: f32,
pub estimated_remaining: Option<Duration>,
pub is_ephemeral: bool,
}
```
## CLI Integration
### New CLI Commands
```bash
# Quick scan of current directory only
spacedrive index quick-scan /path/to/directory --scope current
# Ephemeral browse of external path
spacedrive browse /media/external-drive --ephemeral
# Traditional full location indexing
spacedrive index location /managed/location --scope recursive --mode deep
```
### CLI Implementation
```rust
#[derive(Subcommand)]
pub enum IndexCommands {
/// Quick scan of a directory
QuickScan {
path: PathBuf,
#[arg(long, default_value = "current")]
scope: String,
#[arg(long)]
ephemeral: bool,
},
/// Browse external paths without persistence
Browse {
path: PathBuf,
#[arg(long, default_value = "current")]
scope: String,
},
}
```
## Performance Considerations
### 1. Current Scope Optimization
- **Target**: <500ms response time for typical directories
- **Techniques**:
- Parallel metadata extraction
- Async I/O with tokio
- Batch database operations
- Skip content analysis for Quick mode
### 2. Ephemeral Index Management
- **Memory Management**: LRU cache with configurable size limits
- **Session Persistence**: Keep ephemeral results for UI session duration
- **Cleanup**: Automatic cleanup of old ephemeral indexes
### 3. Database Impact
- **Current Scope**: Minimal database writes (only changed entries)
- **Batch Operations**: Group database operations for efficiency
- **Indexing Strategy**: Optimized queries for single-level scans
## Error Handling
### Scope-Specific Errors
```rust
#[derive(Debug, thiserror::Error)]
pub enum IndexScopeError {
#[error("Directory not accessible for current scope scan: {path}")]
CurrentScopeAccessDenied { path: PathBuf },
#[error("Ephemeral index limit exceeded (max: {max}, current: {current})")]
EphemeralIndexLimitExceeded { max: usize, current: usize },
#[error("Cannot perform recursive scan on ephemeral path: {path}")]
EphemeralRecursiveNotAllowed { path: PathBuf },
}
```
## Migration Strategy
### Phase 1: Core Infrastructure
1. Add new enums (IndexScope, IndexPersistence)
2. Extend IndexerJobConfig
3. Create persistence abstraction layer
4. Implement Current scope scanning
### Phase 2: Ephemeral Support
1. Implement EphemeralIndex structure
2. Add ephemeral persistence layer
3. Create memory management for ephemeral indexes
4. Add session-based cleanup
### Phase 3: UI Integration
1. Modify location browser to use Current scope
2. Add ephemeral path browsing capabilities
3. Implement progress indicators for different scopes
4. Add user preferences for scope selection
### Phase 4: CLI Enhancement
1. Add new CLI commands
2. Extend existing commands with scope options
3. Add ephemeral browsing commands
4. Update help documentation
## Testing Strategy
### Unit Tests
- IndexScope enum conversions
- EphemeralIndex operations
- Persistence layer implementations
- Current scope discovery logic
### Integration Tests
- End-to-end Current scope indexing
- Ephemeral index lifecycle
- CLI command variations
- Performance benchmarks
### Performance Tests
- Current scope response time targets
- Memory usage of ephemeral indexes
- Database operation efficiency
- Concurrent indexing scenarios
## Future Enhancements
### 1. Smart Scope Selection
Automatically choose optimal scope based on:
- Directory size
- User access patterns
- System resources
- Network latency (for remote paths)
### 2. Incremental Current Scope Updates
- Watch filesystem events for current directories
- Incrementally update UI without full re-scan
- Batch updates for efficiency
### 3. Cross-Device Ephemeral Browsing
- Browse remote device paths
- Network-aware ephemeral caching
- Offline capability for cached paths
### 4. Machine Learning Integration
- Predict optimal IndexMode based on file types
- Learn user browsing patterns
- Optimize scope selection automatically
## Conclusion
This upgrade provides the foundation for more responsive UI interactions while maintaining the robust indexing capabilities of Spacedrive. The separation of concerns between scope, mode, and persistence allows for flexible combinations that serve different use cases without compromising performance or functionality.
The implementation maintains backward compatibility while opening new possibilities for user experience improvements and system efficiency gains.

3
docs/core/design/landing-page-idea.md
View File

@@ -1,3 +0,0 @@
A landing page that is a live window into the development of the app, roadmap, history, agents activity.
Blow people away with the automated development.

160
docs/core/design/networking_implementation_summary.md
View File

@@ -1,160 +0,0 @@
# Networking Module Implementation Summary
## Overview
The Spacedrive networking module has been successfully implemented with corrected architecture that addresses the original device identity persistence issue. The implementation provides secure, transport-agnostic networking with support for device pairing and authentication.
## Key Accomplishments
### Architectural Correction
- **Fixed the fundamental issue**: Network identity now uses persistent device UUIDs from `DeviceManager` instead of generating new IDs on each restart
- **Persistent device tracking**: Devices maintain consistent identity across application restarts and multiple instances on the same device
- **Integration with existing system**: Networking module properly integrates with Spacedrive's device management system
### Core Components Implemented
1. **Device Identity System** (`src/networking/identity.rs`)
- `NetworkIdentity`: Ties network identity to persistent device configuration
- `NetworkFingerprint`: Derived from device UUID + public key for secure identification
- `PrivateKey` / `PublicKey`: Ed25519 cryptographic keys with password-based encryption
- `PairingCode`: 6-word pairing codes for device authentication
- `DeviceInfo`: Remote device information management
2. **Connection Management** (`src/networking/connection.rs`)
- `NetworkConnection` trait: Abstract interface for network connections
- `DeviceConnection`: High-level wrapper for device-to-device connections
- `ConnectionManager`: Manages connection pool and transport selection
- Transport abstraction with fallback support (local → relay)
3. **Protocol Layer** (`src/networking/protocol.rs`)
- `FileTransfer`: Efficient file transfer with progress tracking
- `ProtocolMessage`: Structured communication protocol (ping/pong, sync, etc.)
- `FileHeader`: Metadata and integrity verification (Blake3 hashing)
- JSON serialization for cross-platform compatibility
4. **High-Level API** (`src/networking/manager.rs`)
- `Network`: Main networking interface
- `NetworkConfig`: Configuration management
- Device pairing workflow (initiate → exchange → complete)
- Connection statistics and device discovery
5. **Security Foundation** (`src/networking/security.rs`)
- Noise Protocol XX pattern integration (stub implementation)
- End-to-end encryption framework
- Cryptographic key management
6. **Transport Layer** (`src/networking/transport/`)
- Transport abstraction for pluggable connectivity
- Local P2P transport (mDNS + QUIC) - stubbed
- Relay transport (WebSocket) - stubbed
### Demonstration Examples
1. **Basic Networking Demo** (`examples/networking_demo.rs`)
- Shows single device initialization
- Demonstrates network identity creation from device manager
- Verifies persistent device UUID usage
2. **Device Pairing Demo** (`examples/device_pairing_demo.rs`)
- Simulates two devices pairing with each other
- Shows complete pairing workflow:
- Device 1 generates pairing code
- Device 2 receives and validates code
- Devices add each other to known device lists
- Demonstrates persistent identity across separate device instances
## Technical Architecture
### Device Identity Flow
```
DeviceManager (persistent UUID)
NetworkIdentity (device_id: UUID + crypto keys)
NetworkFingerprint (device_id + public_key hash)
Secure device identification on network
```
### Pairing Process
```
Device A Device B
↓ ↓
Generate pairing code Receive pairing code
↓ ↓
Share 6-word code ←→ Validate code
↓ ↓
Exchange public keys ←→ Exchange public keys
↓ ↓
Add to known devices ←→ Add to known devices
```
### Connection Establishment
```
Application
Network (high-level API)
ConnectionManager
Transport Selection (Local P2P → Relay)
NetworkConnection (encrypted channel)
Protocol Layer (file transfer, sync, etc.)
```
## Current Status
### Completed
- Core networking architecture
- Device identity system with persistent UUIDs
- Connection management framework
- Protocol definitions for file transfer and sync
- Device pairing workflow
- JSON-based serialization
- Basic security framework
- Comprehensive demo applications
- **All code compiles successfully**
### Pending Implementation
- Complete pairing protocol with cryptographic key exchange
- mDNS discovery for local network scanning
- QUIC transport implementation for local P2P connections
- WebSocket transport for relay connectivity
- Full Noise Protocol encryption implementation
- Persistent storage for network keys
- BIP39 word list for pairing codes
- Network service lifecycle management
## Files Changed/Created
### Core Implementation
- `src/networking/mod.rs` - Main module exports
- `src/networking/identity.rs` - Device identity and authentication
- `src/networking/connection.rs` - Connection management
- `src/networking/manager.rs` - High-level networking API
- `src/networking/protocol.rs` - File transfer and communication protocols
- `src/networking/security.rs` - Noise Protocol security layer (stub)
- `src/networking/transport/` - Transport layer abstractions
- `src/lib.rs` - Core integration for networking initialization
### Documentation & Examples
- `examples/networking_demo.rs` - Basic networking demonstration
- `examples/device_pairing_demo.rs` - Complete device pairing workflow
- `docs/design/NETWORKING_SYSTEM_DESIGN.md` - Updated with corrected architecture
### Configuration
- `Cargo.toml` - Added networking dependencies (snow, ring, argon2, etc.)
## Key Achievements
1. **Solved the Critical Architecture Issue**: The networking module now correctly integrates with Spacedrive's persistent device identity system, ensuring devices can be reliably tracked across restarts.
2. **Production-Ready Foundation**: The implementation provides a solid foundation for Spacedrive's networking needs with proper abstractions, error handling, and extensibility.
3. **Comprehensive Demo**: Both demos successfully demonstrate the corrected architecture and complete pairing workflow, proving the system works as designed.
4. **Clean Compilation**: All code compiles successfully with only expected warnings for unused imports and placeholder implementations.
The networking module is now ready for the next phase of development, which would involve implementing the actual transport layers and completing the cryptographic protocols.

2673
docs/core/design/sync/NORMALIZED_CACHE_DESIGN.md
View File

File diff suppressed because it is too large Load Diff

180
docs/core/design/sync/README.md
View File

@@ -1,180 +0,0 @@
# Sync System Design Documentation
This directory contains **detailed design documents** for Spacedrive's multi-device synchronization and client-side caching architecture.
## Implementation Guides (Start Here!)
For implementation, read these **root-level guides**:
1. **[../../sync.md](../../sync.md)** **Sync System Implementation Guide**
- TransactionManager API and usage
- Syncable trait specification
- Leader election protocol
- Sync service implementation
- Production-ready reference
2. **[../../events.md](../../events.md)** **Unified Event System**
- Generic resource events
- Type registry pattern (zero switch statements!)
- Client integration (Swift + TypeScript)
- Migration strategy
3. **[../../normalized_cache.md](../../normalized_cache.md)** **Client-Side Normalized Cache**
- Cache architecture and implementation
- Memory management (LRU, TTL, ref counting)
- React and SwiftUI integration
- Optimistic updates and offline support
---
## Design Documents (Deep Dives)
The documents in this directory provide comprehensive design rationale and detailed exploration. Read these for context and decision history:
### 1. Foundation & Context
- **[SYNC_DESIGN.md](./SYNC_DESIGN.md)** - The original comprehensive sync architecture
- Covers: Sync domains (Index, Metadata, Content, State), conflict resolution, leader election
- Start here for foundational understanding
### 2. Core Implementation Specs
- **[SYNC_TX_CACHE_MINI_SPEC.md](./SYNC_TX_CACHE_MINI_SPEC.md)** **START HERE FOR IMPLEMENTATION**
- Concise, actionable spec for `Syncable`/`Identifiable` traits
- TransactionManager API and semantics
- BulkChangeSet mechanism for efficient bulk operations
- Albums example with minimal boilerplate
- Raw SQL compatibility notes
- **[UNIFIED_RESOURCE_EVENTS.md](./UNIFIED_RESOURCE_EVENTS.md)** **CRITICAL FOR EVENT SYSTEM**
- Generic resource event design (eliminates ~40 specialized event variants)
- Type registry pattern for zero-friction horizontal scaling
- Swift and TypeScript examples with auto-generation via specta
- **Key insight**: Zero switch statements when adding new resources
### 3. Unified Architecture
- **[UNIFIED_TRANSACTIONAL_SYNC_AND_CACHE.md](./UNIFIED_TRANSACTIONAL_SYNC_AND_CACHE.md)**
- Complete end-to-end architecture integrating sync + cache
- Context-aware commits: `transactional` vs `bulk` vs `silent`
- **Critical**: Bulk operations create ONE metadata sync entry (not millions)
- Performance analysis and decision rationale
- 2295 lines of comprehensive design (reference doc, not reading material)
### 4. Client-Side Caching
- **[NORMALIZED_CACHE_DESIGN.md](./NORMALIZED_CACHE_DESIGN.md)**
- Client-side normalized entity cache (similar to Apollo Client)
- Event-driven invalidation and atomic updates
- Memory management (LRU, TTL, reference counting)
- Swift and TypeScript implementation patterns
- 2674 lines covering edge cases and advanced scenarios
### 5. Implementation Analysis
- **[TRANSACTION_MANAGER_COMPATIBILITY.md](./TRANSACTION_MANAGER_COMPATIBILITY.md)**
- Compatibility analysis with existing codebase
- Current write patterns (SeaORM, transactions, raw SQL)
- Migration strategy with code examples
- Risk analysis and mitigation
- **Verdict**: Fully compatible, ready to implement
### 6. Historical & Supplementary
- **[SYNC_DESIGN_2025_08_19.md](./SYNC_DESIGN_2025_08_19.md)** - Updated sync design iteration
- **[SYNC_FIRST_DRAFT_DESIGN.md](./SYNC_FIRST_DRAFT_DESIGN.md)** - Early draft (historical context)
- **[SYNC_INTEGRATION_NOTES.md](./SYNC_INTEGRATION_NOTES.md)** - Integration notes and considerations
- **[SYNC_CONDUIT_DESIGN.md](./SYNC_CONDUIT_DESIGN.md)** - Sync conduit specific design
---
## Quick Reference
### Key Concepts
**Syncable** (Rust persistence models)
```rust
pub trait Syncable {
const SYNC_MODEL: &'static str;
fn sync_id(&self) -> Uuid;
fn version(&self) -> i64;
}
```
**Identifiable** (Client-facing resources)
```rust
pub trait Identifiable {
type Id;
fn resource_id(&self) -> Self::Id;
fn resource_type() -> &'static str;
}
```
**TransactionManager** (Sole write gateway)
- `commit()` - Single resource, per-entry sync log
- `commit_batch()` - Micro-batch (10-1K), per-entry sync logs
- `commit_bulk()` - Bulk (1K+), ONE metadata sync entry
**Event System** (Generic, horizontally scalable)
- `ResourceChanged { resource_type, resource }`
- `ResourceBatchChanged { resource_type, resources }`
- `BulkOperationCompleted { resource_type, affected_count, hints }`
### Critical Design Decisions
1. **Indexing ≠ Sync**: Each device indexes its own filesystem. Bulk operations create metadata notifications, not individual entry replications.
2. **Leader Election**: One device per library assigns sync log sequence numbers. Prevents collisions.
3. **Zero Manual Sync Logging**: TransactionManager automatically creates sync logs. Application code never touches sync infrastructure.
4. **Type Registry Pattern**: Clients use type registries (auto-generated via specta) to handle all resource events generically. No switch statements per resource type.
5. **Client-Side Cache**: Normalized entity store + query index. Events trigger atomic updates. Cache persistence for offline mode.
---
## Implementation Status
- [x] Design documentation complete
- [ ] Phase 1: Core infrastructure (TM, traits, events)
- [ ] Phase 2: Client prototype (Swift cache + event handler)
- [ ] Phase 3: Expansion (migrate all ops to TM)
- [ ] Phase 4: TypeScript port + advanced features
---
## Related Documentation
**Implementation Guides** (Root Level):
- `../../sync.md` - Sync system implementation
- `../../events.md` - Unified event system
- `../../normalized_cache.md` - Client cache implementation
- `../../sync-setup.md` - Library sync setup (Phase 1)
**Infrastructure**:
- `../INFRA_LAYER_SEPARATION.md` - Infrastructure layer architecture
- `../JOB_SYSTEM_DESIGN.md` - Job system (indexing jobs integrate with TM)
- `../DEVICE_PAIRING_PROTOCOL.md` - Device pairing (prerequisite for sync)
---
## Documentation Philosophy
**Root-level docs** (`docs/core/*.md`):
- Implementation-ready guides
- Concise, actionable specifications
- Code examples and usage patterns
- Reference during development
**Design docs** (`docs/core/design/sync/*.md`):
- Comprehensive exploration
- Decision rationale and alternatives
- Edge cases and advanced scenarios
- Historical context
---
## Contributing
**Adding implementation guidance**: Update root-level docs (`sync.md`, `events.md`, `normalized_cache.md`)
**Adding design exploration**: Create new document in this directory:
1. Follow naming: `SYNC_<TOPIC>_DESIGN.md`
2. Update this README
3. Reference related documents
4. Include comprehensive examples

187
docs/core/design/sync/SYNC_CONDUIT_DESIGN.md
View File

@@ -1,187 +0,0 @@
## **Design Document: Spacedrive Sync Conduits**
### 1\. Overview
This document specifies the design and implementation plan for **Sync Conduits**, a system for synchronizing file content between user-defined points within the Spacedrive VDFS. This feature is distinct from **Library Sync**, which is the separate, underlying process for replicating the VDFS index and its associated metadata. Sync Conduits provide users with explicit, transparent, and configurable control over how the physical file content is mirrored, backed up, or managed across different storage locations.
### 2\. Core Concepts
#### 2.1. Sync Conduit
A **Sync Conduit** is the central concept. It is a durable, long-running job that represents a user-configured synchronization relationship between a **source Entry** and a **destination Entry**. Linking the conduit to an `Entry` rather than a `Location` provides maximum flexibility, allowing users to sync any directory without formally adding it as a managed `Location`.
#### 2.2. State-Based Reconciliation
The sync mechanism will use a **state-based reconciliation** model. Instead of replaying a log of events, the system periodically compares the live filesystem state of the source and destination against the VDFS index. This approach is resilient to offline changes and naturally compresses multiple intermediate operations (e.g., create -\> modify -\> delete) into a single, final state, significantly optimizing performance.
### 3\. Use Cases & Sync Policies
Users can create a Sync Conduit with one of four distinct policies, each designed for a specific use case.
#### 3.1. Replicate (One-Way Mirror)
* **Use Case**: Creating robust, automated backups of critical data. A photographer wants to automatically back up her `Active Projects` folder from her laptop's fast SSD to her large, archival NAS. She needs new photos and edits to be copied over automatically, and if she deletes a photo from her active folder, it should also be removed from the backup to keep it clean.
* **Methodology**: The conduit monitors the source `Entry`. It propagates all creates, modifies, and (optionally) deletes from the source to the destination. The destination becomes a perfect mirror of the source.
#### 3.2. Synchronize (Two-Way)
* **Use Case**: Keeping directories identical for working across multiple machines. A developer works on a project from a desktop PC at home and a laptop on the go. He needs the project folder to be identical on both machines, so changes made on his laptop during the day are available on his desktop in the evening, and vice-versa.
* **Methodology**: The conduit monitors both `Entries` and syncs changes bidirectionally. Conflict resolution uses a "last-writer-wins" strategy based on the file's modification timestamp.
#### 3.3. Offload (Smart Cache)
* **Use Case**: Freeing up space on a primary device with limited storage. A video editor works on a laptop with a small SSD but has a large home server. She wants to keep only recently accessed project files locally. Older files should be moved to the server to free up space, but their `Entry` must remain in the VDFS index so they are still searchable and can be retrieved on demand.
* **Methodology**: The conduit uses the `VolumeManager` to monitor free space on the source volume. When a user-defined threshold is met, it moves the least recently used files (based on the `Entry`'s `accessed_at` timestamp) to the destination. Files can be pinned with a "Pinned" tag to prevent offloading.
#### 3.4. Archive (Move and Consolidate)
* **Use Case**: Moving completed work to long-term storage and safely reclaiming space. A researcher finishes a data analysis project and wants to move the entire folder to a long-term archival drive. The transfer must be cryptographically verified before the original files are deleted from her workstation.
* **Methodology**: The conduit executes a `FileCopyJob` with `delete_after_copy` enabled. It leverages the **Commit-Then-Verify** step to ensure the file was transferred with perfect integrity before deleting the source copy.
### 4\. Architectural Methodology
#### 4.1. The Sync Lifecycle
1. **Trigger**: Initiated by the `LocationWatcher` service or a timer (`Sync Cadence`).
2. **Delta Calculation**: The `SyncConduitJob` performs a live scan of source and destination filesystems. The VDFS index is used as a high-performance cache to quickly identify unchanged files. The result is an ephemeral list of `COPY` and `DELETE` operations.
3. **Execution**: The job dispatches `FileCopyAction` and `FileDeleteAction` operations to the durable job system.
4. **Verification**: After transfer, a **Commit-Then-Verify (CTV)** step is initiated via a `ValidationRequest` to the destination, which confirms the file's BLAKE3 hash.
5. **Completion**: Once all actions are verified, the sync cycle is complete.
#### 4.2. Sync Cadence (Action Compression)
Each Sync Conduit has a configurable **Sync Frequency** (e.g., Instantly, Every 5 Minutes). Because the system reconciles state rather than replaying an event log, any series of changes within the time window are naturally compressed. If a file is created, modified, and then deleted within a 5-minute window, the sync job will see that the file doesn't exist at the start and end of the window and will perform **no action**.
### 5\. Detailed Implementation Plan
#### 5.1. Database Schema Changes
A new migration file will be created in `./src/infra/db/migration/` to add the `sync_relationships` table.
```rust
// In a new migration file, e.g., mYYYYMMDD_HHMMSS_create_sync_relationships.rs
#[derive(DeriveIden)]
enum SyncRelationships {
Table, Id, Uuid, SourceEntryId, DestinationEntryId, Policy, PolicyConfig,
Status, IsEnabled, LastSyncAt, CreatedAt, UpdatedAt,
}
// In the up() function:
manager.create_table(
Table::create()
.table(SyncRelationships::Table)
.if_not_exists()
.col(ColumnDef::new(SyncRelationships::Id).integer().not_null().auto_increment().primary_key())
.col(ColumnDef::new(SyncRelationships::Uuid).uuid().not_null().unique_key())
.col(ColumnDef::new(SyncRelationships::SourceEntryId).integer().not_null())
.col(ColumnDef::new(SyncRelationships::DestinationEntryId).integer().not_null())
.col(ColumnDef::new(SyncRelationships::Policy).string().not_null())
.col(ColumnDef::new(SyncRelationships::PolicyConfig).json().not_null())
.col(ColumnDef::new(SyncRelationships::Status).string().not_null().default("idle"))
.col(ColumnDef::new(SyncRelationships::IsEnabled).boolean().not_null().default(true))
.col(ColumnDef::new(SyncRelationships::LastSyncAt).timestamp_with_time_zone())
.col(ColumnDef::new(SyncRelationships::CreatedAt).timestamp_with_time_zone().not_null())
.col(ColumnDef::new(SyncRelationships::UpdatedAt).timestamp_with_time_zone().not_null())
.foreign_key(
ForeignKey::create()
.from(SyncRelationships::Table, SyncRelationships::SourceEntryId)
.to(entities::entry::Entity, entities::entry::Column::Id)
.on_delete(ForeignKeyAction::Cascade),
)
.foreign_key(
ForeignKey::create()
.from(SyncRelationships::Table, SyncRelationships::DestinationEntryId)
.to(entities::entry::Entity, entities::entry::Column::Id)
.on_delete(ForeignKeyAction::Cascade),
)
.to_owned(),
).await?;
```
*An associated `Entity` and `ActiveModel` will be created in `./src/infra/db/entities/`.*
#### 5.2. New Modules and Structs
A new module will be created at `src/ops/sync/`.
##### 5.2.1. Job Definition (`src/ops/sync/job.rs`)
```rust
use serde::{Deserialize, Serialize};
use crate::infra::job::prelude::*;
#[derive(Debug, Serialize, Deserialize, Job)]
pub struct SyncConduitJob {
pub sync_conduit_uuid: uuid::Uuid,
// Internal state for resumption (e.g., current file being processed)
}
impl Job for SyncConduitJob {
const NAME: &'static str = "sync_conduit";
const RESUMABLE: bool = true;
}
#[async_trait::async_trait]
impl JobHandler for SyncConduitJob {
type Output = SyncOutput; // Defined in src/ops/sync/output.rs
async fn run(&mut self, ctx: JobContext<'_>) -> JobResult<Self::Output> {
// Core sync logic will be implemented here
unimplemented!()
}
}
```
##### 5.2.2. Actions (`src/ops/sync/action.rs`)
New `LibraryAction`s will be created for managing conduits.
**Input for Create Action (`src/ops/sync/input.rs`):**
```rust
use serde::{Deserialize, Serialize};
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SyncConduitCreateInput {
pub source_entry_id: i32,
pub destination_entry_id: i32,
pub policy: String, // "replicate", "synchronize", etc.
pub policy_config: serde_json::Value, // For policy-specific settings like cadence
}
```
#### 5.3. Networking Protocol
The `file_transfer` protocol will be extended with messages for the CTV step.
```rust
// In src/service/network/protocol/file_transfer.rs
enum FileTransferMessage {
// ... existing messages
ValidationRequest {
transfer_id: Uuid,
destination_path: String,
},
ValidationResponse {
transfer_id: Uuid,
is_valid: bool,
blake3_hash: Option<String>,
error: Option<String>,
},
}
```
#### 5.4. Modifications to Existing Systems
* **`FileCopyJob`**: Add a `Verifying` state to its state machine. After a file is transferred, it will enter this state, send a `ValidationRequest`, and await a `ValidationResponse` before moving to `Completed`.
* **`LocationWatcher`**: The event handler will be updated to check if a filesystem event occurred within an `Entry` managed by a Sync Conduit. If the cadence allows, it will trigger a `SyncConduitJob`.
### 6\. User Experience (UX) Flow
1. A user right-clicks on a directory in the Spacedrive UI.
2. They select a new "Sync To..." option.
3. A dialog appears, allowing them to select a destination directory.
4. The user chooses a **Sync Policy** (e.g., Replicate) and configures its options (e.g., Sync Cadence).
5. Upon confirmation, a `SyncConduitCreateAction` is dispatched, creating the **Sync Conduit**.
6. The UI displays the active conduit in a dedicated "Sync Status" panel, showing its policy, status, and last sync time.

3456
docs/core/design/sync/SYNC_DESIGN.md
View File

File diff suppressed because it is too large Load Diff

286
docs/core/design/sync/SYNC_DESIGN_2025_08_19.md
View File

@@ -1,286 +0,0 @@
# Pragmatic Sync System Design (2025-08-19 Revision)
## Overview
This document outlines the new sync system for Spacedrive Core v2 that prioritizes pragmatism over theoretical perfection. The system is built on Spacedrive's service and job architecture, focusing on three distinct sync domains: **index sync** (filesystem mirroring), **user metadata sync** (tags, ratings), and **file operations** (separate from sync).
## Sync Domain Separation
Spacedrive distinguishes between three separate data synchronization concerns:
### 1. Index Sync (Filesystem Mirror)
- **Purpose**: Mirror each device's local filesystem index and file-specific metadata
- **Data**: Entry records (with `parent_id`), device-specific paths, file-level tags, location metadata
- **Conflicts**: Minimal - each device owns its filesystem index exclusively
- **Transport**: Via the live sync service and dedicated backfill jobs over the networking layer
- **Source of Truth**: Local filesystem watcher events
> The `Entry` records, including their `parent_id` relationships, are the source of truth for the filesystem hierarchy. Derived data structures like the `entry_closure` table are explicitly excluded from sync and are rebuilt locally on each device. This minimizes sync traffic and prevents complex conflicts.
### 2. User Metadata Sync (Library Content)
- **Purpose**: Sync content-universal metadata across all instances of the same content within a library
- **Data**: Content-level tags, ContentIdentity metadata, library-scoped favorites
- **Conflicts**: Possible - multiple users can tag the same content simultaneously
- **Resolution**: Union merge for content tags, deterministic ContentIdentity UUIDs prevent most conflicts
- **Transport**: Real-time sync via the live service + batch jobs for backfill
### 3. File Operations (Remote Operations)
- **Purpose**: Actual file transfer, copying, and cross-device movement
- **Protocol**: Separate from sync - uses dedicated file transfer protocol
- **Trigger**: User-initiated operations (Spacedrop, cross-device copy/move)
- **Relationship**: File operations trigger filesystem changes → watcher events → index sync
> **Key Insight**: Index sync is largely conflict-free because devices only modify their own filesystem indices. User metadata sync operates on library-scoped ContentIdentity, enabling content-universal tagging that follows the content across devices within the same library.
## Core Principles
1. **Universal Dependency Awareness** - Every sync operation automatically respects foreign key constraints and dependency order
2. **Jobs for Finite Tasks, Services for Long-Running Processes** - Finite tasks (`Backfill`) are durable, resumable jobs. Continuous operations (`LiveSync`) are persistent background services.
3. **Networking Integration** - Built on the persistent networking layer with automatic device connection management
4. **Library-Scoped ContentIdentity** - Content is addressable within each library via deterministic UUIDs derived from content_id hash
5. **Dual Tagging System** - Users can tag individual files (Entry-level) or all instances of content (ContentIdentity-level)
6. **Domain Separation** - Index, user metadata, and file operations are distinct protocols with different conflict resolution
7. **One Leader Per Library** - Each library has a designated leader device that maintains the sync log
8. **Hybrid Change Tracking** - SeaORM hooks with async queuing + event system for comprehensive coverage
9. **Intelligent Conflicts** - Union merge for content tags, deterministic UUIDs prevent ContentIdentity conflicts
10. **Sync Readiness** - UUIDs optional until content identification complete, preventing premature sync of incomplete data
11. **Declarative Dependencies** - Simple `depends_on = ["location", "device"]` syntax with automatic circular resolution
12. **Derived Data is Not Synced** - Derived data, such as the closure table for hierarchical queries, is not synced directly. Each device rebuilds it locally from the synced source of truth (e.g., parent-child relationships), ensuring efficiency and consistency.
13. **Privacy through Log Redaction & Compaction** - The sync log on the leader is not permanent. A background process will periodically redact sensitive data from deleted records and compact the log by creating snapshots to preserve privacy and save space.
## Architecture
The architecture separates finite, resumable **Jobs** from persistent, long-running **Services**.
- **Jobs** (`BackfillSyncJob`): Have a clear start and end. They are queued and executed by the Job Manager. They are perfect for bringing a device up-to-date.
- **Services** (`LiveSyncService`): A singleton process that runs for the entire application lifecycle. It listens for real-time changes and can queue Jobs when needed.
```
┌─────────────────────────────────────────────────────────────────┐
│ Library A (Photos) │
│ ┌─────────────────┐ ┌─────────────────┐ │
│ │ Leader: Device 1│ │Follower: Device 2│ │
│ │ ┌─────────────┐ │ │ ┌─────────────┐ │ │
│ │ │Phase 1: │ │ │ │Phase 1: │ │ │
│ │ │CAPTURE │ │ │ │CAPTURE │ │ │
│ │ │(SeaORM hooks)│ │ │ │(SeaORM hooks)│ │ │
│ │ └─────────────┘ │ │ └─────────────┘ │ │
│ │ ┌─────────────┐ │ │ ┌─────────────┐ │ │
│ │ │Phase 2: │ │────│ │Phase 3: │ │ │
│ │ │STORE │ │ │ │INGEST │ │ │
│ │ │(Dependency │ │ │ │(Buffer & │ │ │
│ │ │ ordering) │ │ │ │ reorder) │ │ │
│ │ └─────────────┘ │ │ └─────────────┘ │ │
│ │ ┌─────────────┐ │ │ ┌─────────────┐ │ │
│ │ │ Sync Log │ │ │ │ Local DB │ │ │
│ │ │ Networking │ │ │ │ Networking │ │ │
│ │ └─────────────┘ │ │ └─────────────┘ │ │
│ └─────────────────┘ └─────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
```
## Implementation
### 1. Sync Jobs & Services
#### Backfill & Setup Jobs
Finite operations like the initial sync for a device or a catch-up backfill are implemented as Jobs. They are queued by the system when a new device pairs or an existing device comes online after a long time.
```rust
#[derive(Debug, Serialize, Deserialize, Job)]
pub struct BackfillSyncJob {
pub library_id: Uuid,
pub target_device_id: Uuid,
// ... other options
}
impl Job for BackfillSyncJob {
const NAME: &'static str = "backfill_sync";
const RESUMABLE: bool = true;
const DESCRIPTION: Option<&'static str> = Some("Backfills historical sync data from a peer.");
}
// ... JobHandler implementation for BackfillSyncJob
```
#### Live Sync Service (Long-Running Process)
The long-running process of handling real-time changes is modeled as a `Service`, aligning with the existing architectural pattern for persistent background processes. It is managed by the application's core service container.
```rust
use crate::core::services::Service; // Assuming this is the path to the trait
pub struct LiveSyncService {
// context, state, etc.
is_running: Arc<AtomicBool>,
// Handle to the job manager to queue backfills
job_manager: Arc<JobManager>,
}
impl LiveSyncService {
pub fn new(context: Arc<CoreContext>) -> Self {
// ... initialization
}
}
#[async_trait::async_trait]
impl Service for LiveSyncService {
fn name(&self) -> &'static str {
"live_sync_service"
}
fn is_running(&self) -> bool {
self.is_running.load(Ordering::SeqCst)
}
async fn start(&self) -> Result<()> {
self.is_running.store(true, Ordering::SeqCst);
// Spawn the main loop as a background Tokio task
// This loop listens on the event bus and network for changes.
// It can queue jobs like BackfillSyncJob when needed.
tokio::spawn(async move {
// ... loop { ... }
});
Ok(())
}
async fn stop(&self) -> Result<()> {
self.is_running.store(false, Ordering::SeqCst);
// Signal the background task to gracefully shut down
Ok(())
}
}
```
### 2. Universal Dependency-Aware Sync Trait
Every syncable domain model implements a simple trait with built-in dependency awareness:
```rust
#[async_trait]
pub trait Syncable: ActiveModelTrait {
/// Unique sync identifier for this model type
const SYNC_ID: &'static str;
/// Sync domain (Index, UserMetadata, or None for no sync)
const SYNC_DOMAIN: SyncDomain;
/// Dependencies - models that must be synced before this one
const DEPENDENCIES: &'static [&'static str] = &[];
/// Sync priority within dependency level (0 = highest priority)
const SYNC_PRIORITY: u8 = 50;
/// Whether this model should sync at all (includes UUID readiness check)
fn should_sync(&self) -> bool;
/// Custom merge logic for conflicts
fn merge(local: Self::Model, remote: Self::Model) -> MergeResult<Self::Model>;
// ... other helper methods and associated enums ...
}
```
### 3. Three-Phase Sync Architecture
The sync system operates in three distinct phases, each with different dependency handling requirements:
#### Phase 1: Creating Sync Operations (Local Change Capture)
When changes occur locally, we capture them without dependency ordering concerns:
```rust
impl ActiveModelBehavior for EntryActiveModel {
fn after_save(self, insert: bool) -> Result<Self, DbErr> {
// PHASE 1: CAPTURE - No dependency ordering needed yet
if <EntryActiveModel as Syncable>::should_sync(&self) {
// Queue change in memory for async processing
SYNC_QUEUE.queue_change(/* ... */);
}
Ok(self)
}
}
```
#### Phase 2 & 3: Storing and Ingesting (Service Logic)
The logic for storing changes (on the leader) and ingesting them (on followers) is handled within the `LiveSyncService`.
On the leader device, the service's main loop processes the queue of captured changes, resolves their dependencies, and writes them to the persistent `SyncLog`. On follower devices, the service's main loop polls the leader for new log entries and applies them locally, buffering them as needed to ensure dependencies are met even with out-of-order network delivery.
```rust
// Example logic within the LiveSyncService on a LEADER device
async fn leader_loop(&self) {
loop {
let captured_changes = SYNC_QUEUE.drain_pending();
if !captured_changes.is_empty() {
// PHASE 2: Apply dependency ordering and store to sync log
let dependency_batches = SYNC_REGISTRY.batch_changes_by_dependencies(captured_changes);
for batch in dependency_batches {
self.store_dependency_batch(batch).await;
}
}
tokio::time::sleep(Duration::from_millis(100)).await;
}
}
// Example logic within the LiveSyncService on a FOLLOWER device
async fn follower_loop(&self) {
loop {
// Poll leader for changes since last sequence
if let Ok(changes) = self.pull_changes_from_leader().await {
// PHASE 3: Buffer and apply changes in dependency order
self.ingest_changes(changes).await;
}
tokio::time::sleep(Duration::from_secs(5)).await;
}
}
```
### 4. Sync Log Structure
Domain-aware append-only log on the leader device:
```rust
pub struct SyncLogEntry {
/// Auto-incrementing sequence number
pub seq: u64,
pub library_id: Uuid,
pub domain: SyncDomain,
pub timestamp: DateTime<Utc>,
pub device_id: Uuid,
pub model_type: String,
pub record_id: String,
pub change_type: ChangeType,
pub data: Option<Vec<u8>>, // Encrypted JSON payload
pub was_sync_ready: bool,
}
pub enum ChangeType {
Upsert,
Delete,
}
```
### 5. Sync Protocol (Networking Integration)
Built on the existing networking message protocol:
```rust
// Sync messages integrated into DeviceMessage enum
pub enum DeviceMessage {
// ... existing messages ...
// Sync protocol messages
SyncPullRequest { /* ... */ },
SyncPullResponse { /* ... */ },
SyncChange { /* ... */ },
}
```
(The rest of the document continues with model definitions and other details which remain conceptually unchanged from the original design).

2699
docs/core/design/sync/SYNC_FIRST_DRAFT_DESIGN.md
View File

File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More