Add history-ui workspace and supporting server endpoints

Splits history-ui out of asch/fix-everything into its own branch off
main. Includes the Svelte workspace, the three dedicated server
endpoints (list_vaults, fetch_vault_history, fetch_document_versions),
SPA asset embedding via rust-embed, and the matching TS mirror types in
sync-client.

Note: this branch will not compile against main on its own — the new
endpoints depend on database/error/config additions that live on
asch/fix-everything. Intended to be merged once asch/fix-everything
lands.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

sync-server/Cargo.toml

@@ -34,6 +34,8 @@ bimap = "0.6.3"
 ts-rs =  { version = "10.1", features = ["uuid-impl", "chrono-impl"] }
 base64 = "0.22.1"
 reconcile-text = { version = "0.8.0", features = ["serde"] }
+rust-embed = "8.5"
+mime_guess = "2.0"
 
 [profile.release]
 codegen-units = 1

sync-server/build.rs

@@ -1,5 +1,16 @@
-// generated by `sqlx migrate build-script`
 fn main() {
     // trigger recompilation when a new migration is added
     println!("cargo:rerun-if-changed=migrations");
+
+    // Ensure the history-ui dist directory exists so rust-embed can compile
+    // even when the frontend hasn't been built yet.
+    let dist_path = std::path::Path::new("../frontend/history-ui/dist");
+    if !dist_path.exists() {
+        std::fs::create_dir_all(dist_path).expect("Failed to create history-ui dist directory");
+        std::fs::write(
+            dist_path.join("index.html"),
+            "<!DOCTYPE html><html><body><p>Run <code>npm run build -w history-ui</code> first.</p></body></html>",
+        )
+        .expect("Failed to write placeholder index.html");
+    }
 }

sync-server/src/server.rs

@@ -4,23 +4,25 @@ mod delete_document;
 mod device_id_header;
 mod fetch_document_version;
 mod fetch_document_version_content;
+mod fetch_document_versions;
 mod fetch_latest_document_version;
 mod fetch_latest_documents;
+mod fetch_vault_history;
 mod index;
+mod list_vaults;
 mod ping;
 mod requests;
 mod responses;
 mod update_document;
 mod websocket;
 
-use anyhow::{Context as _, Result, anyhow};
+use anyhow::{Context as _, Result};
 use auth::auth_middleware;
 use axum::{
     Router,
     extract::{DefaultBodyLimit, Request},
     http::{self, HeaderValue, Method},
     middleware,
-    response::IntoResponse,
     routing::{IntoMakeService, delete, get, post, put},
 };
 use device_id_header::DEVICE_ID_HEADER_NAME;
@@ -41,7 +43,6 @@ use tracing::{Level, info_span};
 use crate::{
     app_state::AppState,
     config::{Config, server_config::ServerConfig},
-    errors::{client_error, not_found_error},
 };
 
 pub async fn create_server(config: Config) -> Result<()> {
@@ -54,8 +55,11 @@ pub async fn create_server(config: Config) -> Result<()> {
     let app = Router::new()
         .nest("/", get_authed_routes(app_state.clone()))
         .route("/", get(index::index))
+        .route("/assets/*path", get(index::spa_assets))
+        .route("/vaults", get(list_vaults::list_vaults))
         .route("/vaults/:vault_id/ping", get(ping::ping))
         .route("/vaults/:vault_id/ws", get(websocket::websocket_handler))
+        .fallback(index::spa_fallback)
         .layer(DefaultBodyLimit::disable())
         .layer(RequestBodyLimitLayer::new(
             app_state.config.server.max_body_size_mb * 1024 * 1024,
@@ -91,8 +95,6 @@ pub async fn create_server(config: Config) -> Result<()> {
                 .on_failure(DefaultOnFailure::new().level(Level::ERROR)),
         )
         .with_state(app_state)
-        .fallback(handle_404)
-        .fallback(handle_405)
         .into_make_service();
 
     start_server(app, &server_config).await
@@ -120,6 +122,10 @@ fn get_authed_routes(app_state: AppState) -> Router<AppState> {
             "/vaults/:vault_id/documents/:document_id/text",
             put(update_document::update_text),
         )
+        .route(
+            "/vaults/:vault_id/documents/:document_id/versions",
+            get(fetch_document_versions::fetch_document_versions),
+        )
         .route(
             "/vaults/:vault_id/documents/:document_id/versions/:vault_update_id",
             get(fetch_document_version::fetch_document_version),
@@ -132,6 +138,10 @@ fn get_authed_routes(app_state: AppState) -> Router<AppState> {
             "/vaults/:vault_id/documents/:document_id",
             delete(delete_document::delete_document),
         )
+        .route(
+            "/vaults/:vault_id/history",
+            get(fetch_vault_history::fetch_vault_history),
+        )
         .layer(middleware::from_fn_with_state(app_state, auth_middleware))
 }
 
@@ -178,11 +188,3 @@ async fn shutdown_signal() {
         () = terminate => {},
     }
 }
-
-async fn handle_404() -> impl IntoResponse {
-    not_found_error(anyhow!("Page not found"))
-}
-
-async fn handle_405() -> impl IntoResponse {
-    client_error(anyhow!("Method not allowed"))
-}

sync-server/src/server/fetch_document_versions.rs

@@ -0,0 +1,42 @@
+use axum::{
+    Json,
+    extract::{Path, State},
+};
+use log::debug;
+use serde::Deserialize;
+
+use crate::{
+    app_state::{
+        AppState,
+        database::models::{DocumentId, DocumentVersionWithoutContent, VaultId},
+    },
+    errors::{SyncServerError, server_error},
+    utils::normalize::normalize,
+};
+
+#[derive(Deserialize)]
+pub struct FetchDocumentVersionsPathParams {
+    #[serde(deserialize_with = "normalize")]
+    vault_id: VaultId,
+
+    document_id: DocumentId,
+}
+
+#[axum::debug_handler]
+pub async fn fetch_document_versions(
+    Path(FetchDocumentVersionsPathParams {
+        vault_id,
+        document_id,
+    }): Path<FetchDocumentVersionsPathParams>,
+    State(state): State<AppState>,
+) -> Result<Json<Vec<DocumentVersionWithoutContent>>, SyncServerError> {
+    debug!("Fetching all versions for document `{document_id}` in vault `{vault_id}`");
+
+    let versions = state
+        .database
+        .get_document_versions(&vault_id, &document_id, None)
+        .await
+        .map_err(server_error)?;
+
+    Ok(Json(versions))
+}

sync-server/src/server/fetch_vault_history.rs

@@ -0,0 +1,70 @@
+use axum::{
+    Json,
+    extract::{Path, Query, State},
+};
+use log::debug;
+use serde::Deserialize;
+
+use super::responses::VaultHistoryResponse;
+use crate::{
+    app_state::{
+        AppState,
+        database::models::{VaultId, VaultUpdateId},
+    },
+    errors::{SyncServerError, client_error, server_error},
+    utils::normalize::normalize,
+};
+
+const DEFAULT_LIMIT: i64 = 50;
+const MAX_LIMIT: i64 = 500;
+
+#[derive(Deserialize)]
+pub struct FetchVaultHistoryPathParams {
+    #[serde(deserialize_with = "normalize")]
+    vault_id: VaultId,
+}
+
+#[derive(Deserialize)]
+pub struct QueryParams {
+    limit: Option<i64>,
+    before_update_id: Option<VaultUpdateId>,
+}
+
+#[axum::debug_handler]
+pub async fn fetch_vault_history(
+    Path(FetchVaultHistoryPathParams { vault_id }): Path<FetchVaultHistoryPathParams>,
+    Query(QueryParams {
+        limit,
+        before_update_id,
+    }): Query<QueryParams>,
+    State(state): State<AppState>,
+) -> Result<Json<VaultHistoryResponse>, SyncServerError> {
+    if let Some(id) = before_update_id
+        && id <= 0
+    {
+        return Err(client_error(anyhow::anyhow!(
+            "before_update_id must be a positive integer"
+        )));
+    }
+
+    let limit = limit.unwrap_or(DEFAULT_LIMIT).clamp(1, MAX_LIMIT);
+
+    debug!(
+        "Fetching vault history for vault `{vault_id}` (limit={limit}, before={before_update_id:?})"
+    );
+
+    // Fetch one extra row to determine if there are more results
+    let mut versions = state
+        .database
+        .get_vault_history(&vault_id, limit + 1, before_update_id, None)
+        .await
+        .map_err(server_error)?;
+
+    #[allow(clippy::cast_sign_loss)] // limit is clamped to [1, 500] above
+    let has_more = versions.len() > limit as usize;
+    if has_more {
+        versions.pop();
+    }
+
+    Ok(Json(VaultHistoryResponse { versions, has_more }))
+}

sync-server/src/server/index.rs

@@ -1,7 +1,77 @@
-use axum::response::{Html, IntoResponse};
+use axum::{
+    body::Body,
+    extract::{Path, State},
+    http::{StatusCode, header},
+    response::{Html, IntoResponse, Response},
+};
+use log::warn;
+use rust_embed::Embed;
 
-pub async fn index() -> impl IntoResponse {
-    const HTML_CONTENT: &str = include_str!("./assets/index.html");
-    let html_content = HTML_CONTENT;
-    Html(html_content)
+use crate::app_state::AppState;
+
+#[derive(Embed)]
+#[folder = "../frontend/history-ui/dist/"]
+struct HistoryUiAssets;
+
+pub async fn index(State(_state): State<AppState>) -> impl IntoResponse {
+    if let Some(content) = HistoryUiAssets::get("index.html") {
+        Html(
+            std::str::from_utf8(content.data.as_ref())
+                .inspect_err(|e| warn!("Embedded index.html is not valid UTF-8: {e}"))
+                .unwrap_or("<h1>VaultLink</h1>")
+                .to_owned(),
+        )
+        .into_response()
+    } else {
+        warn!("No embedded index.html found — history UI may not have been built");
+        Html("<h1>VaultLink server</h1>".to_owned()).into_response()
+    }
+}
+
+pub async fn spa_assets(Path(path): Path<String>) -> impl IntoResponse {
+    // The route is /assets/*path so path is relative to assets/.
+    // The embedded files include the assets/ prefix from the dist directory.
+    let full_path = format!("assets/{path}");
+    if let Some(content) = HistoryUiAssets::get(&full_path) {
+        let mime = mime_guess::from_path(&full_path).first_or_octet_stream();
+        return Response::builder()
+            .status(StatusCode::OK)
+            .header(header::CONTENT_TYPE, mime.as_ref())
+            .body(Body::from(content.data.to_vec()))
+            .unwrap_or_else(|_| {
+                Response::builder()
+                    .status(StatusCode::INTERNAL_SERVER_ERROR)
+                    .body(Body::empty())
+                    .unwrap_or_else(|_| Response::new(Body::empty()))
+            });
+    }
+
+    // Asset paths must match an embedded file — no SPA fallback.
+    // Serving index.html here would return 200 with text/html for missing
+    // .css/.js files, causing the browser to silently ignore the content.
+    Response::builder()
+        .status(StatusCode::NOT_FOUND)
+        .body(Body::from("Not found"))
+        .unwrap_or_else(|_| Response::new(Body::from("Not found")))
+}
+
+/// SPA fallback for production: serves index.html for client-side routes
+/// (e.g. `/documents/123`).
+pub async fn spa_fallback() -> impl IntoResponse {
+    match HistoryUiAssets::get("index.html") {
+        Some(content) => Response::builder()
+            .status(StatusCode::OK)
+            .header(header::CONTENT_TYPE, "text/html")
+            .body(Body::from(content.data.to_vec()))
+            .unwrap_or_else(|_| {
+                Response::builder()
+                    .status(StatusCode::INTERNAL_SERVER_ERROR)
+                    .body(Body::empty())
+                    .unwrap_or_else(|_| Response::new(Body::empty()))
+            }),
+        None => Response::builder()
+            .status(StatusCode::NOT_FOUND)
+            .body(Body::from("Not found"))
+            .unwrap_or_else(|_| Response::new(Body::from("Not found"))),
+    }
 }

sync-server/src/server/list_vaults.rs

@@ -0,0 +1,82 @@
+use axum::{
+    Json,
+    extract::{Query, State},
+};
+use axum_extra::{
+    TypedHeader,
+    headers::{Authorization, authorization::Bearer},
+};
+use log::debug;
+use serde::Deserialize;
+
+use super::{
+    auth::authenticate,
+    responses::{ListVaultsResponse, VaultInfo},
+};
+use crate::{
+    app_state::AppState,
+    config::user_config::{AllowListedVaults, VaultAccess},
+    errors::{SyncServerError, server_error, unauthenticated_error},
+};
+
+const DEFAULT_LIMIT: usize = 50;
+const MAX_LIMIT: usize = 200;
+
+#[derive(Deserialize)]
+pub struct QueryParams {
+    limit: Option<usize>,
+    after: Option<String>,
+}
+
+#[axum::debug_handler]
+pub async fn list_vaults(
+    auth_header: Option<TypedHeader<Authorization<Bearer>>>,
+    Query(QueryParams { limit, after }): Query<QueryParams>,
+    State(state): State<AppState>,
+) -> Result<Json<ListVaultsResponse>, SyncServerError> {
+    let auth_header = auth_header
+        .ok_or_else(|| unauthenticated_error(anyhow::anyhow!("Missing Authorization header")))?;
+
+    let user = authenticate(&state, auth_header.token().trim())?;
+
+    debug!("User `{}` listing accessible vaults", user.name);
+
+    let existing_vaults = state.database.list_vaults().await.map_err(server_error)?;
+
+    let mut accessible: Vec<String> = match user.vault_access {
+        VaultAccess::AllowAccessToAll => existing_vaults,
+        VaultAccess::AllowList(AllowListedVaults { ref allowed }) => existing_vaults
+            .into_iter()
+            .filter(|v| allowed.contains(v))
+            .collect(),
+    };
+
+    // Cursor-based pagination: skip vaults up to and including `after`
+    if let Some(ref cursor) = after {
+        accessible.retain(|v| v.as_str() > cursor.as_str());
+    }
+
+    let limit = limit.unwrap_or(DEFAULT_LIMIT).clamp(1, MAX_LIMIT);
+    let has_more = accessible.len() > limit;
+    accessible.truncate(limit);
+
+    let mut vaults = Vec::with_capacity(accessible.len());
+    for name in accessible {
+        let stats = state
+            .database
+            .get_vault_stats(&name)
+            .await
+            .map_err(server_error)?;
+        vaults.push(VaultInfo {
+            name,
+            document_count: stats.document_count,
+            created_at: stats.created_at,
+        });
+    }
+
+    Ok(Json(ListVaultsResponse {
+        vaults,
+        has_more,
+        user_name: user.name,
+    }))
+}