feat: add ucanto aggregation api service

[vasco-santos]

This PR adds ucanto aggregation API service to POST / route.

It includes the implementation of:

• offerStore - bucket keeping track aggregate offers received, so that they can be pulled by Spade
• arrangedOfferStore - dynamoDB keeping track of arranged offers received, so that we can kick in cron jobs to poll Spade DB and invoke offer/arrange with status accepted or failed according to what happened. Note that we keep an index with stat so that we can query by stat in queue to then poll Spade on those and see if there are updates for that aggregate
• Note that aggregate-store will be a wrapper for Spade DB to query aggregate infos. Therefore, it is not implemented in this PR and will come next.

Decisions:

• how often should we be pulled. It influences the way we compute filenames. For ease I just did a 15 minutes multiple in this PR, we can come in follow up with a change once we align on what this number will be.

Note that:

• package-lock was wrongly included before, so getting rid of it here
• next will come CRON jobs to merge offers into single one (if needed) and

Closes storacha/w3infra#11

[seed-deploy]

View stack outputs

• pr2-spade-proxy-ApiStack

  Name	Value
  ApiEndpoint	https://lx6u0g70se.execute-api.us-east-2.amazonaws.com
  CustomDomain	https://undefined

• pr2-spade-proxy-CronStack

• pr2-spade-proxy-DataStack

[seed-deploy]

Stack outputs updated

• pr2-spade-proxy-ApiStack

  Name	Value
  ApiEndpoint	https://lx6u0g70se.execute-api.us-east-2.amazonaws.com
  CustomDomain	https://pr2.up.web3.storage

• pr2-spade-proxy-DataStack

[Gozala]

Made some suggestions, but non I'd consider a blocker.

[Gozala]

Aside: Do we really need an auth for the UCAN_LOG, they all come from API endpoint and anyone just as well could get messages here by sending there. That is to say maybe we don't need to gate it since we check incoming data is ucanto message.

[vasco-santos]

Created https://github.com/web3-storage/w3infra/issues/203 to discuss

[alanshaw]

I get the point, but we do have things setup to count things like metrics that would be messed up if someone posted directly here.

...but if anyone sent messages directly to the log it wouldn't be a true representation of what we received and acted on

[Gozala]

I suggest using tsc --build instead. The --noEmit runs TS in legacy mode that can cause incompatibilities for the code that uses modern TS toolchains.

[vasco-santos]

Good callout.

History here is this was generated with sst project generator https://docs.sst.dev/start/standalone which already had this. I also tried to get it out in favour of --build but than given this is a TS project (which now is the only available by sst project generator) the JS files from build are created inline, which this avoids.

I changed to --build but needed to add noEmit true to tsconfig to not generate the js files

[Gozala]

I would highly encourage use of Result types for any IO code se that error types can be captured in the interface.

[vasco-santos]

I totally agree. We need to refactor this at the API code level and not here (and in reality for access-api and upload-api). Would be actually good to do it across the board to be consistent rather than here separately. I created issue for it storacha/w3up#818

[Gozala]

Reading this I am not entirely sure why this prefixing scheme is used, I think it would really help to have comment explaining it or a pointer to document explaining it.

[vasco-santos]

there is a comment above. It is also part of what was decided with Riba and documented in https://www.notion.so/w3-spade-deal-flow-bd479485bbf64e85aa0dee0ad6fc3019

I can port this to a markdown file if that is helpful

[vasco-santos]

Issue created #10

[Gozala]

I'm also not sure what is the intention here, as in what kind of error it will attempt to recover from. I think it would be a good idea to provide a code comment to make it more clear.

[vasco-santos]

this is for historical reasons where sometimes write fail in these buckets. So we usually wrap with retires across the stack, so that spontaneous issues do not break calls

[Gozala]

Maybe we can create a separate put utility function that has the retries and comments about potential write failures it is aiming to recover. I just worry not having that context captured anywhere.

[Gozala]

I'm also not sure what is the intention here, as in what kind of error it will attempt to recover from. I think it would be a good idea to provide a code comment to make it more clear.

[vasco-santos]

this is for historical reasons where sometimes write fail in these buckets. So we usually wrap with retires across the stack, so that spontaneous issues do not break calls

[Gozala]

Not sure what is the intention here, as in what kind of errors it attempts to recover from. I think it would be a good idea to provide a code comment to make it more clear.

[vasco-santos]

this is for historical reasons where sometimes write fail in these buckets. So we usually wrap with retires across the stack, so that spontaneous issues do not break calls

[Gozala]

Nit: Wonder if we can avoid separate store for this, e.g. if we knew invocation CID we could simply check if we have a receipt.

[vasco-santos]

I spent a lot of time trying to figure it out best solution and so far this is what feels nicer. The issue is that receipt needs to be generated by spade-proxy, so it must keep some state so that a cron wakes up, checks Spade DB and issue receipts for the ones that were already success/failure.

[Gozala]

Cool, maybe just write the comment that says that spade-proxy need to keep track of state across cron activations and db is used to ....

[vasco-santos]

Note that we will still align with Spade about this part. Either we have a cron that merged this offers into a new file with format YYYY-MM-DD HH:MM:00, or Spade will be required to perform a list on the bucket with such prefix.

[vasco-santos]

I am not totally happy with this name. Anyone have suggestions?

I named it after what we use this for, to call offer/arrange once we know if aggregate made it to SPs or not

[Gozala]

After reading more on the filecoin side of things, it seems to me that this really should be called deal/arrange or deal/create.

[vasco-santos]

Created https://github.com/web3-storage/w3infra/issues/203 to discuss

[vasco-santos]

Good callout.

History here is this was generated with sst project generator https://docs.sst.dev/start/standalone which already had this. I also tried to get it out in favour of --build but than given this is a TS project (which now is the only available by sst project generator) the JS files from build are created inline, which this avoids.

I changed to --build but needed to add noEmit true to tsconfig to not generate the js files