4runr-os 2.10.85 → 2.10.86
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/SETUP.md +2 -2
- package/USER-PRIVACY.md +2 -2
- package/apps/os-server/DEPLOYMENT.md +426 -0
- package/apps/os-server/JWT-RATE-LIMIT-VALIDATION.md +462 -0
- package/apps/os-server/PERSISTENCE-AND-AUTH.md +227 -0
- package/apps/os-server/PHASE5-TESTING.md +222 -0
- package/apps/os-server/README.md +368 -0
- package/apps/os-server/TROUBLESHOOTING.md +541 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/gateway-cancel-adapter.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/gateway-cancel-adapter.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/gateway-cancel-adapter.js +28 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/gateway-cancel-adapter.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/redis-sentinel-publisher.d.ts +23 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/redis-sentinel-publisher.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/redis-sentinel-publisher.js +95 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/redis-sentinel-publisher.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/sentinel-event-stream.d.ts +14 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/sentinel-event-stream.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/sentinel-event-stream.js +69 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/sentinel-event-stream.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions-simple.d.ts +10 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions-simple.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions-simple.js +377 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions-simple.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions.d.ts +14 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions.js +210 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/local-model-provider.d.ts +25 -0
- package/apps/os-server/dist/apps/os-server/src/agents/local-model-provider.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/local-model-provider.js +144 -0
- package/apps/os-server/dist/apps/os-server/src/agents/local-model-provider.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/tools.d.ts +24 -0
- package/apps/os-server/dist/apps/os-server/src/agents/tools.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/tools.js +110 -0
- package/apps/os-server/dist/apps/os-server/src/agents/tools.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/anthropic-provider.d.ts +14 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/anthropic-provider.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/anthropic-provider.js +139 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/anthropic-provider.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/index.d.ts +6 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/index.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/index.js +6 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/index.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/openai-provider.d.ts +14 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/openai-provider.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/openai-provider.js +136 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/openai-provider.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/provider-manager.d.ts +18 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/provider-manager.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/provider-manager.js +91 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/provider-manager.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/redis-credentials-store.d.ts +15 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/redis-credentials-store.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/redis-credentials-store.js +181 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/redis-credentials-store.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/types.d.ts +54 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/types.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/types.js +2 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/types.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/config/persistence.d.ts +5 -0
- package/apps/os-server/dist/apps/os-server/src/config/persistence.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/config/persistence.js +14 -0
- package/apps/os-server/dist/apps/os-server/src/config/persistence.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/envelope.d.ts +28 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/envelope.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/envelope.js +111 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/envelope.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/mfa-storage.d.ts +6 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/mfa-storage.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/mfa-storage.js +61 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/mfa-storage.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/docker-manager.d.ts +21 -0
- package/apps/os-server/dist/apps/os-server/src/db/docker-manager.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/docker-manager.js +166 -0
- package/apps/os-server/dist/apps/os-server/src/db/docker-manager.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/init.d.ts +11 -0
- package/apps/os-server/dist/apps/os-server/src/db/init.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/init.js +202 -0
- package/apps/os-server/dist/apps/os-server/src/db/init.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/memory-db.d.ts +149 -0
- package/apps/os-server/dist/apps/os-server/src/db/memory-db.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/memory-db.js +295 -0
- package/apps/os-server/dist/apps/os-server/src/db/memory-db.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/prisma.d.ts +4 -0
- package/apps/os-server/dist/apps/os-server/src/db/prisma.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/prisma.js +31 -0
- package/apps/os-server/dist/apps/os-server/src/db/prisma.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/redis.d.ts +5 -0
- package/apps/os-server/dist/apps/os-server/src/db/redis.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/redis.js +69 -0
- package/apps/os-server/dist/apps/os-server/src/db/redis.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/agents-api.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/agents-api.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/agents-api.js +369 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/agents-api.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/metrics-parser.d.ts +46 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/metrics-parser.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/metrics-parser.js +114 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/metrics-parser.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/middleware.d.ts +9 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/middleware.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/middleware.js +23 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/middleware.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/routes.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/routes.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/routes.js +270 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/routes.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/tools-api.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/tools-api.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/tools-api.js +183 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/tools-api.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/health/index.d.ts +36 -0
- package/apps/os-server/dist/apps/os-server/src/health/index.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/health/index.js +275 -0
- package/apps/os-server/dist/apps/os-server/src/health/index.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/index.d.ts +2 -0
- package/apps/os-server/dist/apps/os-server/src/index.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/index.js +1131 -0
- package/apps/os-server/dist/apps/os-server/src/index.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/index.d.ts +48 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/index.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/index.js +296 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/index.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/monitoring-detail.d.ts +18 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/monitoring-detail.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/monitoring-detail.js +117 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/monitoring-detail.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/auth.d.ts +5 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/auth.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/auth.js +64 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/auth.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authApiKey.d.ts +4 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authApiKey.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authApiKey.js +105 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authApiKey.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authJwt.d.ts +12 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authJwt.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authJwt.js +75 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authJwt.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/correlationId.d.ts +6 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/correlationId.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/correlationId.js +21 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/correlationId.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/ddos-protection.d.ts +13 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/ddos-protection.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/ddos-protection.js +202 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/ddos-protection.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/errorHandler.d.ts +14 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/errorHandler.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/errorHandler.js +98 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/errorHandler.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/log-capture.d.ts +2 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/log-capture.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/log-capture.js +63 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/log-capture.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/mfa.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/mfa.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/mfa.js +96 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/mfa.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rateLimit.d.ts +6 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rateLimit.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rateLimit.js +54 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rateLimit.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rbac.d.ts +19 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rbac.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rbac.js +229 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rbac.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/security.d.ts +10 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/security.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/security.js +146 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/security.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/validate.d.ts +7 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/validate.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/validate.js +156 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/validate.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/config.d.ts +26 -0
- package/apps/os-server/dist/apps/os-server/src/queue/config.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/config.js +21 -0
- package/apps/os-server/dist/apps/os-server/src/queue/config.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/index.d.ts +13 -0
- package/apps/os-server/dist/apps/os-server/src/queue/index.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/index.js +152 -0
- package/apps/os-server/dist/apps/os-server/src/queue/index.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/processor.d.ts +16 -0
- package/apps/os-server/dist/apps/os-server/src/queue/processor.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/processor.js +378 -0
- package/apps/os-server/dist/apps/os-server/src/queue/processor.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/sentinel-execute-watch.d.ts +7 -0
- package/apps/os-server/dist/apps/os-server/src/queue/sentinel-execute-watch.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/sentinel-execute-watch.js +22 -0
- package/apps/os-server/dist/apps/os-server/src/queue/sentinel-execute-watch.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/ai-providers-simple.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/ai-providers-simple.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/ai-providers-simple.js +175 -0
- package/apps/os-server/dist/apps/os-server/src/routes/ai-providers-simple.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/chats.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/chats.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/chats.js +150 -0
- package/apps/os-server/dist/apps/os-server/src/routes/chats.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/gdpr.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/gdpr.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/gdpr.js +252 -0
- package/apps/os-server/dist/apps/os-server/src/routes/gdpr.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/mfa.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/mfa.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/mfa.js +240 -0
- package/apps/os-server/dist/apps/os-server/src/routes/mfa.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/monitoring.d.ts +16 -0
- package/apps/os-server/dist/apps/os-server/src/routes/monitoring.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/monitoring.js +168 -0
- package/apps/os-server/dist/apps/os-server/src/routes/monitoring.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-policies.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-policies.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-policies.js +209 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-policies.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-predictive.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-predictive.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-predictive.js +88 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-predictive.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/shield.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/shield.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/shield.js +85 -0
- package/apps/os-server/dist/apps/os-server/src/routes/shield.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-credentials.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-credentials.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-credentials.js +209 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-credentials.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-proxy.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-proxy.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-proxy.js +206 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-proxy.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/index.d.ts +5 -0
- package/apps/os-server/dist/apps/os-server/src/runs/index.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/index.js +19 -0
- package/apps/os-server/dist/apps/os-server/src/runs/index.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/memoryRunStore.d.ts +12 -0
- package/apps/os-server/dist/apps/os-server/src/runs/memoryRunStore.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/memoryRunStore.js +78 -0
- package/apps/os-server/dist/apps/os-server/src/runs/memoryRunStore.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/postgresRunStore.d.ts +15 -0
- package/apps/os-server/dist/apps/os-server/src/runs/postgresRunStore.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/postgresRunStore.js +148 -0
- package/apps/os-server/dist/apps/os-server/src/runs/postgresRunStore.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-kill.d.ts +20 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-kill.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-kill.js +69 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-kill.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-retention.d.ts +17 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-retention.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-retention.js +124 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-retention.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/runStore.d.ts +10 -0
- package/apps/os-server/dist/apps/os-server/src/runs/runStore.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/runStore.js +2 -0
- package/apps/os-server/dist/apps/os-server/src/runs/runStore.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/types.d.ts +44 -0
- package/apps/os-server/dist/apps/os-server/src/runs/types.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/types.js +2 -0
- package/apps/os-server/dist/apps/os-server/src/runs/types.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/schemas/runs.d.ts +126 -0
- package/apps/os-server/dist/apps/os-server/src/schemas/runs.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/schemas/runs.js +63 -0
- package/apps/os-server/dist/apps/os-server/src/schemas/runs.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/agent-token.d.ts +51 -0
- package/apps/os-server/dist/apps/os-server/src/security/agent-token.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/agent-token.js +161 -0
- package/apps/os-server/dist/apps/os-server/src/security/agent-token.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/outbound-url.d.ts +2 -0
- package/apps/os-server/dist/apps/os-server/src/security/outbound-url.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/outbound-url.js +65 -0
- package/apps/os-server/dist/apps/os-server/src/security/outbound-url.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-config-store.d.ts +14 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-config-store.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-config-store.js +168 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-config-store.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-run-failure.d.ts +25 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-run-failure.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-run-failure.js +46 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-run-failure.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/shield-config.d.ts +14 -0
- package/apps/os-server/dist/apps/os-server/src/security/shield-config.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/shield-config.js +70 -0
- package/apps/os-server/dist/apps/os-server/src/security/shield-config.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/utils/circuit-breaker.d.ts +13 -0
- package/apps/os-server/dist/apps/os-server/src/utils/circuit-breaker.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/utils/circuit-breaker.js +72 -0
- package/apps/os-server/dist/apps/os-server/src/utils/circuit-breaker.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/utils/log-encryption.d.ts +10 -0
- package/apps/os-server/dist/apps/os-server/src/utils/log-encryption.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/utils/log-encryption.js +140 -0
- package/apps/os-server/dist/apps/os-server/src/utils/log-encryption.js.map +1 -0
- package/apps/os-server/docker-compose.local.yml +46 -0
- package/apps/os-server/find-gateway.sh +37 -0
- package/apps/os-server/jest.config.cjs +52 -0
- package/apps/os-server/package-lock.json +8809 -0
- package/apps/os-server/package.json +66 -0
- package/apps/os-server/scripts/setup-test-env.sh +67 -0
- package/apps/os-server/src/__tests__/integration/README.md +92 -0
- package/apps/os-server/src/__tests__/integration/helpers/test-server.ts +178 -0
- package/apps/os-server/src/__tests__/integration/sentinel.test.ts +364 -0
- package/apps/os-server/src/adapters/redis-sentinel-publisher.ts +176 -0
- package/apps/os-server/src/agents/definitions-simple.ts +536 -0
- package/apps/os-server/src/ai-providers/anthropic-provider.ts +194 -0
- package/apps/os-server/src/ai-providers/openai-provider.ts +193 -0
- package/apps/os-server/src/ai-providers/redis-credentials-store.ts +224 -0
- package/apps/os-server/src/db/docker-manager.ts +262 -0
- package/apps/os-server/src/db/init.ts +292 -0
- package/apps/os-server/src/devkit/routes.ts +349 -0
- package/apps/os-server/src/health/index.ts +375 -0
- package/apps/os-server/src/index.ts +1506 -0
- package/apps/os-server/src/middleware/correlationId.ts +56 -0
- package/apps/os-server/src/middleware/ddos-protection.ts +318 -0
- package/apps/os-server/src/middleware/log-capture.ts +92 -0
- package/apps/os-server/src/middleware/security.ts +222 -0
- package/apps/os-server/src/routes/ai-providers-simple.ts +220 -0
- package/apps/os-server/src/routes/gdpr.ts +337 -0
- package/apps/os-server/src/routes/monitoring.ts +315 -0
- package/apps/os-server/src/routes/sentinel-policies.ts +293 -0
- package/apps/os-server/src/routes/sentinel-predictive.ts +129 -0
- package/apps/os-server/src/routes/tool-proxy.ts +285 -0
- package/apps/os-server/src/security/outbound-url.ts +83 -0
- package/apps/os-server/update-and-test.sh +36 -0
- package/dist/boot-sequence.js +1 -1
- package/dist/boot-sequence.js.map +1 -1
- package/dist/gateway-api-key-bootstrap.js +1 -1
- package/dist/gateway-api-key-bootstrap.js.map +1 -1
- package/dist/gateway-prisma-bootstrap.d.ts +1 -1
- package/dist/gateway-prisma-bootstrap.js +1 -1
- package/dist/index.js +8 -8
- package/dist/index.js.map +1 -1
- package/dist/local-gateway-pid.d.ts +1 -1
- package/dist/local-gateway-pid.js +1 -1
- package/dist/os-tui-binary-bootstrap.d.ts +18 -0
- package/dist/os-tui-binary-bootstrap.d.ts.map +1 -0
- package/dist/os-tui-binary-bootstrap.js +175 -0
- package/dist/os-tui-binary-bootstrap.js.map +1 -0
- package/dist/rust-check.js +2 -2
- package/dist/rust-check.js.map +1 -1
- package/dist/system-verify.js +8 -8
- package/dist/system-verify.js.map +1 -1
- package/dist/tui-handlers.js +12 -12
- package/dist/tui-handlers.js.map +1 -1
- package/dist/watchdog.js +73 -73
- package/os-tui/Cargo.lock +1118 -0
- package/os-tui/Cargo.toml +17 -0
- package/os-tui/bin/os-tui.js +63 -0
- package/os-tui/binaries/win32-x64/os-tui.exe +0 -0
- package/os-tui/src/app/render_scheduler.rs +111 -0
- package/os-tui/src/app.rs +3814 -0
- package/os-tui/src/debug_log.rs +131 -0
- package/os-tui/src/io/mod.rs +63 -0
- package/os-tui/src/io/protocol.rs +14 -0
- package/os-tui/src/io/stdio.rs +31 -0
- package/os-tui/src/io/ws.rs +25 -0
- package/os-tui/src/main.rs +2090 -0
- package/os-tui/src/monitoring/mod.rs +439 -0
- package/os-tui/src/screens/mod.rs +254 -0
- package/os-tui/src/storage/cache.rs +221 -0
- package/os-tui/src/storage/mod.rs +5 -0
- package/os-tui/src/ui/agent_builder.rs +1148 -0
- package/os-tui/src/ui/agent_list.rs +344 -0
- package/os-tui/src/ui/boot.rs +145 -0
- package/os-tui/src/ui/connection_portal.rs +839 -0
- package/os-tui/src/ui/help.rs +340 -0
- package/os-tui/src/ui/layout.rs +978 -0
- package/os-tui/src/ui/mod.rs +13 -0
- package/os-tui/src/ui/portal_monitoring.rs +1128 -0
- package/os-tui/src/ui/run_manager.rs +922 -0
- package/os-tui/src/ui/safe_viewport.rs +236 -0
- package/os-tui/src/ui/sentinel_config.rs +828 -0
- package/os-tui/src/ui/settings.rs +414 -0
- package/os-tui/src/ui/setup_portal.rs +547 -0
- package/os-tui/src/ui/shield_dashboard.rs +1081 -0
- package/os-tui/src/websocket.rs +315 -0
- package/package.json +121 -121
- package/prisma/schema.prisma +470 -470
- package/scripts/cleanup-build-artifacts.js +2 -2
- package/scripts/os-tools-smoke.cjs +549 -549
- package/scripts/postinstall-os-server.js +63 -0
- package/scripts/postinstall-os-tui.js +64 -0
- package/scripts/seed-os-server-api-key.cjs +77 -0
- package/scripts/setup.js +11 -11
- package/src/security/package-integrity.ts +188 -188
- package/src/security/ssrf-protection.ts +147 -147
- package/apps/gateway/DEPLOYMENT.md +0 -426
- package/apps/gateway/JWT-RATE-LIMIT-VALIDATION.md +0 -462
- package/apps/gateway/PERSISTENCE-AND-AUTH.md +0 -227
- package/apps/gateway/PHASE5-TESTING.md +0 -222
- package/apps/gateway/README.md +0 -368
- package/apps/gateway/TROUBLESHOOTING.md +0 -541
- package/apps/gateway/docker-compose.local.yml +0 -46
- package/apps/gateway/find-gateway.sh +0 -37
- package/apps/gateway/jest.config.cjs +0 -52
- package/apps/gateway/package-lock.json +0 -8810
- package/apps/gateway/package.json +0 -66
- package/apps/gateway/scripts/setup-test-env.sh +0 -67
- package/apps/gateway/src/__tests__/integration/README.md +0 -92
- package/apps/gateway/src/__tests__/integration/helpers/test-server.ts +0 -178
- package/apps/gateway/src/__tests__/integration/sentinel.test.ts +0 -364
- package/apps/gateway/src/adapters/redis-sentinel-publisher.ts +0 -176
- package/apps/gateway/src/agents/definitions-simple.ts +0 -536
- package/apps/gateway/src/ai-providers/anthropic-provider.ts +0 -194
- package/apps/gateway/src/ai-providers/openai-provider.ts +0 -193
- package/apps/gateway/src/ai-providers/redis-credentials-store.ts +0 -224
- package/apps/gateway/src/db/docker-manager.ts +0 -262
- package/apps/gateway/src/db/init.ts +0 -292
- package/apps/gateway/src/devkit/routes.ts +0 -349
- package/apps/gateway/src/health/index.ts +0 -375
- package/apps/gateway/src/index.ts +0 -1506
- package/apps/gateway/src/middleware/correlationId.ts +0 -56
- package/apps/gateway/src/middleware/ddos-protection.ts +0 -318
- package/apps/gateway/src/middleware/log-capture.ts +0 -92
- package/apps/gateway/src/middleware/security.ts +0 -222
- package/apps/gateway/src/routes/ai-providers-simple.ts +0 -220
- package/apps/gateway/src/routes/gdpr.ts +0 -337
- package/apps/gateway/src/routes/monitoring.ts +0 -315
- package/apps/gateway/src/routes/sentinel-policies.ts +0 -293
- package/apps/gateway/src/routes/sentinel-predictive.ts +0 -129
- package/apps/gateway/src/routes/tool-proxy.ts +0 -285
- package/apps/gateway/src/security/outbound-url.ts +0 -83
- package/apps/gateway/update-and-test.sh +0 -36
- package/mk3-tui/Cargo.lock +0 -1118
- package/mk3-tui/Cargo.toml +0 -17
- package/mk3-tui/bin/mk3-tui.js +0 -63
- package/mk3-tui/binaries/win32-x64/mk3-tui.exe +0 -0
- package/mk3-tui/src/app/render_scheduler.rs +0 -111
- package/mk3-tui/src/app.rs +0 -3813
- package/mk3-tui/src/debug_log.rs +0 -131
- package/mk3-tui/src/io/mod.rs +0 -63
- package/mk3-tui/src/io/protocol.rs +0 -14
- package/mk3-tui/src/io/stdio.rs +0 -31
- package/mk3-tui/src/io/ws.rs +0 -25
- package/mk3-tui/src/main.rs +0 -2090
- package/mk3-tui/src/monitoring/mod.rs +0 -439
- package/mk3-tui/src/screens/mod.rs +0 -254
- package/mk3-tui/src/storage/cache.rs +0 -221
- package/mk3-tui/src/storage/mod.rs +0 -5
- package/mk3-tui/src/ui/agent_builder.rs +0 -1148
- package/mk3-tui/src/ui/agent_list.rs +0 -344
- package/mk3-tui/src/ui/boot.rs +0 -145
- package/mk3-tui/src/ui/connection_portal.rs +0 -839
- package/mk3-tui/src/ui/help.rs +0 -340
- package/mk3-tui/src/ui/layout.rs +0 -978
- package/mk3-tui/src/ui/mod.rs +0 -13
- package/mk3-tui/src/ui/portal_monitoring.rs +0 -1128
- package/mk3-tui/src/ui/run_manager.rs +0 -913
- package/mk3-tui/src/ui/safe_viewport.rs +0 -236
- package/mk3-tui/src/ui/sentinel_config.rs +0 -828
- package/mk3-tui/src/ui/settings.rs +0 -414
- package/mk3-tui/src/ui/setup_portal.rs +0 -547
- package/mk3-tui/src/ui/shield_dashboard.rs +0 -1081
- package/mk3-tui/src/websocket.rs +0 -315
- package/scripts/postinstall-gateway.js +0 -63
- package/scripts/postinstall-mk3.js +0 -64
- package/scripts/seed-gateway-api-key.cjs +0 -77
- /package/apps/{gateway → os-server}/.dockerignore +0 -0
- /package/apps/{gateway → os-server}/.eslintrc.json +0 -0
- /package/apps/{gateway → os-server}/Dockerfile +0 -0
- /package/apps/{gateway → os-server}/Dockerfile.bak +0 -0
- /package/apps/{gateway → os-server}/ENV_VARIABLES.md +0 -0
- /package/apps/{gateway → os-server}/create-test-script.sh +0 -0
- /package/apps/{gateway → os-server}/debug-api-responses.sh +0 -0
- /package/apps/{gateway → os-server}/debug-failing-tests-v2.sh +0 -0
- /package/apps/{gateway → os-server}/debug-failing-tests.sh +0 -0
- /package/apps/{gateway → os-server}/debug-responses.sh +0 -0
- /package/apps/{gateway → os-server}/debug-test-responses.sh +0 -0
- /package/apps/{gateway → os-server}/debug-tests.sh +0 -0
- /package/apps/{gateway → os-server}/diagnose-test-failure.sh +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/gateway-cancel-adapter.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/gateway-cancel-adapter.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/gateway-cancel-adapter.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/gateway-cancel-adapter.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/redis-sentinel-publisher.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/redis-sentinel-publisher.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/redis-sentinel-publisher.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/redis-sentinel-publisher.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/sentinel-event-stream.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/sentinel-event-stream.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/sentinel-event-stream.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/sentinel-event-stream.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions-simple.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions-simple.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions-simple.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions-simple.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/local-model-provider.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/local-model-provider.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/local-model-provider.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/local-model-provider.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/tools.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/tools.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/tools.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/tools.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/anthropic-provider.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/anthropic-provider.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/anthropic-provider.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/anthropic-provider.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/index.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/index.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/index.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/index.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/openai-provider.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/openai-provider.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/openai-provider.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/openai-provider.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/provider-manager.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/provider-manager.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/provider-manager.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/provider-manager.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/redis-credentials-store.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/redis-credentials-store.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/redis-credentials-store.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/redis-credentials-store.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/types.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/types.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/types.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/types.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/config/persistence.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/config/persistence.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/config/persistence.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/config/persistence.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/envelope.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/envelope.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/envelope.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/envelope.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/mfa-storage.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/mfa-storage.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/mfa-storage.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/mfa-storage.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/docker-manager.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/docker-manager.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/docker-manager.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/docker-manager.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/init.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/init.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/init.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/init.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/memory-db.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/memory-db.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/memory-db.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/memory-db.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/prisma.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/prisma.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/prisma.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/prisma.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/redis.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/redis.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/redis.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/redis.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/agents-api.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/agents-api.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/agents-api.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/agents-api.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/metrics-parser.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/metrics-parser.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/metrics-parser.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/metrics-parser.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/middleware.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/middleware.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/middleware.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/middleware.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/routes.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/routes.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/routes.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/routes.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/tools-api.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/tools-api.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/tools-api.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/tools-api.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/health/index.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/health/index.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/health/index.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/health/index.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/index.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/index.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/index.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/index.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/index.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/index.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/index.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/index.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/monitoring-detail.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/monitoring-detail.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/monitoring-detail.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/monitoring-detail.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/auth.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/auth.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/auth.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/auth.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authApiKey.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authApiKey.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authApiKey.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authApiKey.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authJwt.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authJwt.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authJwt.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authJwt.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/correlationId.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/correlationId.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/correlationId.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/correlationId.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/ddos-protection.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/ddos-protection.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/ddos-protection.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/ddos-protection.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/errorHandler.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/errorHandler.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/errorHandler.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/errorHandler.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/log-capture.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/log-capture.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/log-capture.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/log-capture.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/mfa.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/mfa.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/mfa.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/mfa.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rateLimit.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rateLimit.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rateLimit.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rateLimit.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rbac.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rbac.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rbac.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rbac.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/security.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/security.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/security.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/security.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/validate.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/validate.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/validate.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/validate.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/config.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/config.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/config.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/config.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/index.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/index.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/index.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/index.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/processor.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/processor.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/processor.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/processor.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/sentinel-execute-watch.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/sentinel-execute-watch.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/sentinel-execute-watch.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/sentinel-execute-watch.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/ai-providers-simple.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/ai-providers-simple.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/ai-providers-simple.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/ai-providers-simple.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/chats.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/chats.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/chats.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/chats.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/gdpr.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/gdpr.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/gdpr.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/gdpr.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/mfa.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/mfa.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/mfa.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/mfa.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/monitoring.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/monitoring.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/monitoring.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/monitoring.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-policies.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-policies.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-policies.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-policies.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-predictive.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-predictive.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-predictive.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-predictive.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/shield.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/shield.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/shield.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/shield.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-credentials.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-credentials.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-credentials.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-credentials.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-proxy.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-proxy.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-proxy.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-proxy.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/index.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/index.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/index.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/index.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/memoryRunStore.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/memoryRunStore.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/memoryRunStore.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/memoryRunStore.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/postgresRunStore.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/postgresRunStore.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/postgresRunStore.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/postgresRunStore.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-kill.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-kill.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-kill.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-kill.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-retention.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-retention.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-retention.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-retention.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/runStore.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/runStore.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/runStore.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/runStore.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/types.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/types.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/types.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/types.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/schemas/runs.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/schemas/runs.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/schemas/runs.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/schemas/runs.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/agent-token.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/agent-token.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/agent-token.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/agent-token.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/outbound-url.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/outbound-url.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/outbound-url.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/outbound-url.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-config-store.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-config-store.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-config-store.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-config-store.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-run-failure.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-run-failure.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-run-failure.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-run-failure.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/shield-config.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/shield-config.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/shield-config.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/shield-config.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/circuit-breaker.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/circuit-breaker.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/circuit-breaker.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/circuit-breaker.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/log-encryption.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/log-encryption.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/log-encryption.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/log-encryption.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/index.js +0 -0
- /package/apps/{gateway → os-server}/dist/packages/adapters/redis/IdempotencyStore.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/packages/adapters/redis/IdempotencyStore.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/packages/adapters/redis/IdempotencyStore.js +0 -0
- /package/apps/{gateway → os-server}/dist/packages/adapters/redis/IdempotencyStore.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/packages/middleware/idempotency/idempotency.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/packages/middleware/idempotency/idempotency.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/packages/middleware/idempotency/idempotency.js +0 -0
- /package/apps/{gateway → os-server}/dist/packages/middleware/idempotency/idempotency.js.map +0 -0
- /package/apps/{gateway → os-server}/load-tests/README.md +0 -0
- /package/apps/{gateway → os-server}/load-tests/k6-basic.js +0 -0
- /package/apps/{gateway → os-server}/load-tests/k6-rate-limit.js +0 -0
- /package/apps/{gateway → os-server}/minimal-test.sh +0 -0
- /package/apps/{gateway → os-server}/public/sentinel-dashboard.html +0 -0
- /package/apps/{gateway → os-server}/quick-debug.sh +0 -0
- /package/apps/{gateway → os-server}/scripts/seed-api-key.ts +0 -0
- /package/apps/{gateway → os-server}/scripts/verify-sentinel-persist.mjs +0 -0
- /package/apps/{gateway → os-server}/simple-test.sh +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/agent-token.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/auth.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/correlationId.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/devkit-api.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/integration/authentication.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/integration/e2e-comprehensive-fixed.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/integration/e2e-workflow.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/integration/idempotency.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/integration/postgres-persistence.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/integration/rate-limiting.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/integration/shield.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/log-capture.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/no-persistence-mode.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/outbound-url.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/rateLimit.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/run-kill.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/run-retention.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/sentinel-config-persist-http.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/sentinel-config-store.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/sentinel-events.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/sentinel-execute-watch.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/sentinel-policies.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/sentinel-publish-kill.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/sentinel-run-failure.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/shield-config.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/shield-health.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/shield-metrics.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/tool-proxy.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/validateSecrets.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/validation.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/adapters/gateway-cancel-adapter.ts +0 -0
- /package/apps/{gateway → os-server}/src/adapters/sentinel-event-stream.ts +0 -0
- /package/apps/{gateway → os-server}/src/agents/definitions.ts +0 -0
- /package/apps/{gateway → os-server}/src/agents/local-model-provider.ts +0 -0
- /package/apps/{gateway → os-server}/src/agents/tools.ts +0 -0
- /package/apps/{gateway → os-server}/src/ai-providers/index.ts +0 -0
- /package/apps/{gateway → os-server}/src/ai-providers/provider-manager.ts +0 -0
- /package/apps/{gateway → os-server}/src/ai-providers/types.ts +0 -0
- /package/apps/{gateway → os-server}/src/config/persistence.ts +0 -0
- /package/apps/{gateway → os-server}/src/crypto/envelope.ts +0 -0
- /package/apps/{gateway → os-server}/src/crypto/mfa-storage.ts +0 -0
- /package/apps/{gateway → os-server}/src/db/memory-db.ts +0 -0
- /package/apps/{gateway → os-server}/src/db/prisma.ts +0 -0
- /package/apps/{gateway → os-server}/src/db/redis.ts +0 -0
- /package/apps/{gateway → os-server}/src/devkit/agents-api.ts +0 -0
- /package/apps/{gateway → os-server}/src/devkit/metrics-parser.ts +0 -0
- /package/apps/{gateway → os-server}/src/devkit/middleware.ts +0 -0
- /package/apps/{gateway → os-server}/src/devkit/tools-api.ts +0 -0
- /package/apps/{gateway → os-server}/src/metrics/index.ts +0 -0
- /package/apps/{gateway → os-server}/src/metrics/monitoring-detail.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/auth.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/authApiKey.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/authJwt.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/errorHandler.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/mfa.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/rateLimit.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/rbac.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/validate.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/validate.ts.backup +0 -0
- /package/apps/{gateway → os-server}/src/queue/config.ts +0 -0
- /package/apps/{gateway → os-server}/src/queue/index.ts +0 -0
- /package/apps/{gateway → os-server}/src/queue/processor.ts +0 -0
- /package/apps/{gateway → os-server}/src/queue/sentinel-execute-watch.ts +0 -0
- /package/apps/{gateway → os-server}/src/routes/chats.ts +0 -0
- /package/apps/{gateway → os-server}/src/routes/mfa.ts +0 -0
- /package/apps/{gateway → os-server}/src/routes/shield.ts +0 -0
- /package/apps/{gateway → os-server}/src/routes/tool-credentials.ts +0 -0
- /package/apps/{gateway → os-server}/src/runs/index.ts +0 -0
- /package/apps/{gateway → os-server}/src/runs/memoryRunStore.ts +0 -0
- /package/apps/{gateway → os-server}/src/runs/postgresRunStore.ts +0 -0
- /package/apps/{gateway → os-server}/src/runs/run-kill.ts +0 -0
- /package/apps/{gateway → os-server}/src/runs/run-retention.ts +0 -0
- /package/apps/{gateway → os-server}/src/runs/runStore.ts +0 -0
- /package/apps/{gateway → os-server}/src/runs/types.ts +0 -0
- /package/apps/{gateway → os-server}/src/schemas/runs.ts +0 -0
- /package/apps/{gateway → os-server}/src/security/agent-token.ts +0 -0
- /package/apps/{gateway → os-server}/src/security/sentinel-config-store.ts +0 -0
- /package/apps/{gateway → os-server}/src/security/sentinel-run-failure.ts +0 -0
- /package/apps/{gateway → os-server}/src/security/shield-config.ts +0 -0
- /package/apps/{gateway → os-server}/src/types/fastify-rate-limit.d.ts +0 -0
- /package/apps/{gateway → os-server}/src/utils/circuit-breaker.ts +0 -0
- /package/apps/{gateway → os-server}/src/utils/log-encryption.ts +0 -0
- /package/apps/{gateway → os-server}/test-all-individual.sh +0 -0
- /package/apps/{gateway → os-server}/test-all-phases-final.sh +0 -0
- /package/apps/{gateway → os-server}/test-all-phases-fixed-v2.sh +0 -0
- /package/apps/{gateway → os-server}/test-all-phases-fixed.sh +0 -0
- /package/apps/{gateway → os-server}/test-all-phases.sh +0 -0
- /package/apps/{gateway → os-server}/test-concurrency.sh +0 -0
- /package/apps/{gateway → os-server}/test-debug.sh +0 -0
- /package/apps/{gateway → os-server}/test-e2e.sh +0 -0
- /package/apps/{gateway → os-server}/test-extraction.sh +0 -0
- /package/apps/{gateway → os-server}/test-full-operations-final.sh +0 -0
- /package/apps/{gateway → os-server}/test-full-operations.sh +0 -0
- /package/apps/{gateway → os-server}/test-idempotency-only.sh +0 -0
- /package/apps/{gateway → os-server}/test-idempotency.sh +0 -0
- /package/apps/{gateway → os-server}/test-individual.sh +0 -0
- /package/apps/{gateway → os-server}/test-queue.sh +0 -0
- /package/apps/{gateway → os-server}/tsconfig.json +0 -0
- /package/{mk3-tui → os-tui}/src/ui/connection_portal.rs.backup +0 -0
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Correlation ID middleware
|
|
3
|
+
* Adds a unique correlation ID to each request for tracing.
|
|
4
|
+
* Operator guide: docs/GATEWAY-CORRELATION-M5.md
|
|
5
|
+
*/
|
|
6
|
+
|
|
7
|
+
import { FastifyRequest, FastifyReply } from 'fastify';
|
|
8
|
+
import { randomUUID } from 'crypto';
|
|
9
|
+
|
|
10
|
+
/** Max length for inbound `X-Correlation-ID` (avoids log/buffer/header bloat). */
|
|
11
|
+
export const MAX_CORRELATION_ID_LENGTH = 128;
|
|
12
|
+
|
|
13
|
+
/**
|
|
14
|
+
* Resolve correlation ID from inbound header or generate a new UUID.
|
|
15
|
+
*/
|
|
16
|
+
export function resolveCorrelationId(
|
|
17
|
+
header: string | string[] | undefined
|
|
18
|
+
): string {
|
|
19
|
+
const raw = header;
|
|
20
|
+
const headerId = Array.isArray(raw) ? raw[0] : raw;
|
|
21
|
+
const trimmed = typeof headerId === 'string' ? headerId.trim() : '';
|
|
22
|
+
if (
|
|
23
|
+
trimmed.length > 0 &&
|
|
24
|
+
trimmed.length <= MAX_CORRELATION_ID_LENGTH
|
|
25
|
+
) {
|
|
26
|
+
return trimmed;
|
|
27
|
+
}
|
|
28
|
+
return randomUUID();
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
/**
|
|
32
|
+
* Add correlation ID to request
|
|
33
|
+
* Extracts from X-Correlation-ID header or generates new one
|
|
34
|
+
*/
|
|
35
|
+
export async function addCorrelationId(
|
|
36
|
+
request: FastifyRequest,
|
|
37
|
+
reply: FastifyReply
|
|
38
|
+
): Promise<void> {
|
|
39
|
+
const correlationId = resolveCorrelationId(
|
|
40
|
+
request.headers['x-correlation-id']
|
|
41
|
+
);
|
|
42
|
+
|
|
43
|
+
// Attach to request for use in handlers
|
|
44
|
+
(request as any).correlationId = correlationId;
|
|
45
|
+
|
|
46
|
+
// Add to response headers for client tracing
|
|
47
|
+
reply.header('X-Correlation-ID', correlationId);
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
/**
|
|
51
|
+
* Get correlation ID from request
|
|
52
|
+
*/
|
|
53
|
+
export function getCorrelationId(request: FastifyRequest): string | undefined {
|
|
54
|
+
return (request as any).correlationId;
|
|
55
|
+
}
|
|
56
|
+
|
|
@@ -0,0 +1,318 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* DDoS Protection Middleware
|
|
3
|
+
* Enhanced rate limiting with IP blocking, fingerprinting, and distributed limits.
|
|
4
|
+
* Operator guide: docs/GATEWAY-DDOS-RATE-M4.md (internet-facing deploys, probe exemptions, strict vs global layers).
|
|
5
|
+
*/
|
|
6
|
+
|
|
7
|
+
import { FastifyRequest, FastifyReply } from 'fastify';
|
|
8
|
+
import { createLogger } from '@4runr/shared';
|
|
9
|
+
import crypto from 'crypto';
|
|
10
|
+
|
|
11
|
+
const logger = createLogger('Gateway:DDOS:Protection');
|
|
12
|
+
|
|
13
|
+
interface RequestFingerprint {
|
|
14
|
+
ip: string;
|
|
15
|
+
userAgent: string;
|
|
16
|
+
fingerprint: string;
|
|
17
|
+
count: number;
|
|
18
|
+
firstSeen: number;
|
|
19
|
+
lastSeen: number;
|
|
20
|
+
blocked: boolean;
|
|
21
|
+
blockedUntil?: number;
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
interface IPBlock {
|
|
25
|
+
ip: string;
|
|
26
|
+
blockedAt: number;
|
|
27
|
+
blockedUntil: number;
|
|
28
|
+
reason: string;
|
|
29
|
+
requestCount: number;
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
// In-memory stores (in production, use Redis)
|
|
33
|
+
const requestFingerprints = new Map<string, RequestFingerprint>();
|
|
34
|
+
const ipBlocks = new Map<string, IPBlock>();
|
|
35
|
+
const rateLimitBuckets = new Map<string, { count: number; resetAt: number }>();
|
|
36
|
+
|
|
37
|
+
// Configuration
|
|
38
|
+
const CONFIG = {
|
|
39
|
+
// Rate limits
|
|
40
|
+
MAX_REQUESTS_PER_MINUTE: 100,
|
|
41
|
+
MAX_REQUESTS_PER_SECOND: 20,
|
|
42
|
+
MAX_CONCURRENT_REQUESTS: 50,
|
|
43
|
+
|
|
44
|
+
// Blocking thresholds
|
|
45
|
+
BLOCK_THRESHOLD_REQUESTS: 200, // Block after 200 requests in short time
|
|
46
|
+
BLOCK_DURATION_MS: 15 * 60 * 1000, // 15 minutes
|
|
47
|
+
BLOCK_THRESHOLD_FAILURES: 10, // Block after 10 failed auth attempts
|
|
48
|
+
|
|
49
|
+
// Cleanup
|
|
50
|
+
CLEANUP_INTERVAL_MS: 60 * 1000, // 1 minute
|
|
51
|
+
FINGERPRINT_TTL_MS: 60 * 60 * 1000, // 1 hour
|
|
52
|
+
};
|
|
53
|
+
|
|
54
|
+
/**
|
|
55
|
+
* Generate request fingerprint
|
|
56
|
+
*/
|
|
57
|
+
function generateFingerprint(request: FastifyRequest): string {
|
|
58
|
+
const ip = getClientIP(request);
|
|
59
|
+
const userAgent = request.headers['user-agent'] || 'unknown';
|
|
60
|
+
const accept = request.headers['accept'] || '';
|
|
61
|
+
const acceptLanguage = request.headers['accept-language'] || '';
|
|
62
|
+
|
|
63
|
+
const data = `${ip}:${userAgent}:${accept}:${acceptLanguage}`;
|
|
64
|
+
return crypto.createHash('sha256').update(data).digest('hex').substring(0, 16);
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
function isLoopbackIP(ip: string): boolean {
|
|
68
|
+
const n = ip.toLowerCase();
|
|
69
|
+
return (
|
|
70
|
+
n === '127.0.0.1' ||
|
|
71
|
+
n === '::1' ||
|
|
72
|
+
n === '::ffff:127.0.0.1' ||
|
|
73
|
+
n === 'localhost'
|
|
74
|
+
);
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
/** Local dev + smoke tests: loopback is not DDoS-blocked unless explicitly disabled. */
|
|
78
|
+
function loopbackExemptFromDdos(): boolean {
|
|
79
|
+
if (process.env['DDOS_LOOPBACK_EXEMPT'] === 'false') return false;
|
|
80
|
+
return process.env['NODE_ENV'] !== 'production';
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
/**
|
|
84
|
+
* Get client IP address
|
|
85
|
+
*/
|
|
86
|
+
function getClientIP(request: FastifyRequest): string {
|
|
87
|
+
const forwarded = request.headers['x-forwarded-for'];
|
|
88
|
+
if (forwarded) {
|
|
89
|
+
const forwardedStr = Array.isArray(forwarded) ? forwarded[0] : forwarded;
|
|
90
|
+
if (forwardedStr) {
|
|
91
|
+
const ips = forwardedStr.split(',');
|
|
92
|
+
return ips[0]?.trim() || 'unknown';
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
const realIp = request.headers['x-real-ip'];
|
|
96
|
+
const realIpStr = Array.isArray(realIp) ? realIp[0] : realIp;
|
|
97
|
+
return request.ip || realIpStr || 'unknown';
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
/**
|
|
101
|
+
* Check if IP is blocked
|
|
102
|
+
*/
|
|
103
|
+
function isIPBlocked(ip: string): boolean {
|
|
104
|
+
const block = ipBlocks.get(ip);
|
|
105
|
+
if (!block) return false;
|
|
106
|
+
|
|
107
|
+
if (Date.now() > block.blockedUntil) {
|
|
108
|
+
// Block expired
|
|
109
|
+
ipBlocks.delete(ip);
|
|
110
|
+
return false;
|
|
111
|
+
}
|
|
112
|
+
|
|
113
|
+
return true;
|
|
114
|
+
}
|
|
115
|
+
|
|
116
|
+
/**
|
|
117
|
+
* Block an IP address
|
|
118
|
+
*/
|
|
119
|
+
function blockIP(ip: string, reason: string, requestCount: number = 0): void {
|
|
120
|
+
const blockedUntil = Date.now() + CONFIG.BLOCK_DURATION_MS;
|
|
121
|
+
ipBlocks.set(ip, {
|
|
122
|
+
ip,
|
|
123
|
+
blockedAt: Date.now(),
|
|
124
|
+
blockedUntil,
|
|
125
|
+
reason,
|
|
126
|
+
requestCount
|
|
127
|
+
});
|
|
128
|
+
|
|
129
|
+
logger.warn('IP blocked', { ip, reason, blockedUntil: new Date(blockedUntil) });
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
/**
|
|
133
|
+
* Check rate limits
|
|
134
|
+
*/
|
|
135
|
+
function checkRateLimit(fingerprint: string, ip: string): { allowed: boolean; reason?: string } {
|
|
136
|
+
const now = Date.now();
|
|
137
|
+
const minuteKey = `minute:${fingerprint}:${Math.floor(now / 60000)}`;
|
|
138
|
+
const secondKey = `second:${fingerprint}:${Math.floor(now / 1000)}`;
|
|
139
|
+
|
|
140
|
+
// Check per-minute limit
|
|
141
|
+
let minuteBucket = rateLimitBuckets.get(minuteKey);
|
|
142
|
+
if (!minuteBucket || now >= minuteBucket.resetAt) {
|
|
143
|
+
minuteBucket = { count: 0, resetAt: now + 60000 };
|
|
144
|
+
rateLimitBuckets.set(minuteKey, minuteBucket);
|
|
145
|
+
}
|
|
146
|
+
minuteBucket.count++;
|
|
147
|
+
|
|
148
|
+
if (minuteBucket.count > CONFIG.MAX_REQUESTS_PER_MINUTE) {
|
|
149
|
+
blockIP(ip, 'rate_limit_exceeded', minuteBucket.count);
|
|
150
|
+
return { allowed: false, reason: 'Rate limit exceeded (per minute)' };
|
|
151
|
+
}
|
|
152
|
+
|
|
153
|
+
// Check per-second limit
|
|
154
|
+
let secondBucket = rateLimitBuckets.get(secondKey);
|
|
155
|
+
if (!secondBucket || now >= secondBucket.resetAt) {
|
|
156
|
+
secondBucket = { count: 0, resetAt: now + 1000 };
|
|
157
|
+
rateLimitBuckets.set(secondKey, secondBucket);
|
|
158
|
+
}
|
|
159
|
+
secondBucket.count++;
|
|
160
|
+
|
|
161
|
+
if (secondBucket.count > CONFIG.MAX_REQUESTS_PER_SECOND) {
|
|
162
|
+
blockIP(ip, 'rate_limit_exceeded', secondBucket.count);
|
|
163
|
+
return { allowed: false, reason: 'Rate limit exceeded (per second)' };
|
|
164
|
+
}
|
|
165
|
+
|
|
166
|
+
return { allowed: true };
|
|
167
|
+
}
|
|
168
|
+
|
|
169
|
+
/**
|
|
170
|
+
* Track request fingerprint
|
|
171
|
+
*/
|
|
172
|
+
function trackFingerprint(fingerprint: string, ip: string, userAgent: string): void {
|
|
173
|
+
const now = Date.now();
|
|
174
|
+
const existing = requestFingerprints.get(fingerprint);
|
|
175
|
+
|
|
176
|
+
if (existing) {
|
|
177
|
+
existing.count++;
|
|
178
|
+
existing.lastSeen = now;
|
|
179
|
+
|
|
180
|
+
// Check if suspicious (too many requests)
|
|
181
|
+
if (existing.count > CONFIG.BLOCK_THRESHOLD_REQUESTS) {
|
|
182
|
+
if (!existing.blocked) {
|
|
183
|
+
existing.blocked = true;
|
|
184
|
+
existing.blockedUntil = now + CONFIG.BLOCK_DURATION_MS;
|
|
185
|
+
blockIP(ip, 'suspicious_activity', existing.count);
|
|
186
|
+
}
|
|
187
|
+
}
|
|
188
|
+
} else {
|
|
189
|
+
requestFingerprints.set(fingerprint, {
|
|
190
|
+
ip,
|
|
191
|
+
userAgent,
|
|
192
|
+
fingerprint,
|
|
193
|
+
count: 1,
|
|
194
|
+
firstSeen: now,
|
|
195
|
+
lastSeen: now,
|
|
196
|
+
blocked: false
|
|
197
|
+
});
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
|
|
201
|
+
/**
|
|
202
|
+
* Cleanup old entries
|
|
203
|
+
*/
|
|
204
|
+
function cleanup(): void {
|
|
205
|
+
const now = Date.now();
|
|
206
|
+
|
|
207
|
+
// Cleanup fingerprints
|
|
208
|
+
for (const [key, fp] of requestFingerprints.entries()) {
|
|
209
|
+
if (now - fp.lastSeen > CONFIG.FINGERPRINT_TTL_MS) {
|
|
210
|
+
requestFingerprints.delete(key);
|
|
211
|
+
}
|
|
212
|
+
}
|
|
213
|
+
|
|
214
|
+
// Cleanup expired IP blocks
|
|
215
|
+
for (const [ip, block] of ipBlocks.entries()) {
|
|
216
|
+
if (now > block.blockedUntil) {
|
|
217
|
+
ipBlocks.delete(ip);
|
|
218
|
+
}
|
|
219
|
+
}
|
|
220
|
+
|
|
221
|
+
// Cleanup old rate limit buckets
|
|
222
|
+
for (const [key, bucket] of rateLimitBuckets.entries()) {
|
|
223
|
+
if (now >= bucket.resetAt) {
|
|
224
|
+
rateLimitBuckets.delete(key);
|
|
225
|
+
}
|
|
226
|
+
}
|
|
227
|
+
}
|
|
228
|
+
|
|
229
|
+
// Start cleanup interval
|
|
230
|
+
setInterval(cleanup, CONFIG.CLEANUP_INTERVAL_MS);
|
|
231
|
+
|
|
232
|
+
/** Lightweight probes used by CLI/TUI, load balancers, and Prometheus — must not trip per-second limits. */
|
|
233
|
+
function isProbeExemptPath(method: string, rawUrl: string): boolean {
|
|
234
|
+
if (method !== 'GET') return false;
|
|
235
|
+
const path = (rawUrl.split('?')[0] || '').toLowerCase();
|
|
236
|
+
return path === '/health' || path === '/ready' || path === '/metrics';
|
|
237
|
+
}
|
|
238
|
+
|
|
239
|
+
/**
|
|
240
|
+
* DDoS Protection Middleware
|
|
241
|
+
*/
|
|
242
|
+
export async function ddosProtection(
|
|
243
|
+
request: FastifyRequest,
|
|
244
|
+
reply: FastifyReply
|
|
245
|
+
): Promise<void> {
|
|
246
|
+
if (isProbeExemptPath(request.method, request.url)) {
|
|
247
|
+
return;
|
|
248
|
+
}
|
|
249
|
+
|
|
250
|
+
const ip = getClientIP(request);
|
|
251
|
+
if (loopbackExemptFromDdos() && isLoopbackIP(ip)) {
|
|
252
|
+
return;
|
|
253
|
+
}
|
|
254
|
+
|
|
255
|
+
const userAgent = request.headers['user-agent'] || 'unknown';
|
|
256
|
+
|
|
257
|
+
// Check if IP is blocked
|
|
258
|
+
if (isIPBlocked(ip)) {
|
|
259
|
+
const block = ipBlocks.get(ip)!;
|
|
260
|
+
const retryAfter = Math.ceil((block.blockedUntil - Date.now()) / 1000);
|
|
261
|
+
|
|
262
|
+
reply.status(429).send({
|
|
263
|
+
error: 'ip_blocked',
|
|
264
|
+
message: 'IP address is temporarily blocked',
|
|
265
|
+
reason: block.reason,
|
|
266
|
+
retry_after: retryAfter,
|
|
267
|
+
blocked_until: new Date(block.blockedUntil).toISOString()
|
|
268
|
+
});
|
|
269
|
+
return;
|
|
270
|
+
}
|
|
271
|
+
|
|
272
|
+
// Generate fingerprint
|
|
273
|
+
const fingerprint = generateFingerprint(request);
|
|
274
|
+
|
|
275
|
+
// Check rate limits
|
|
276
|
+
const rateLimitCheck = checkRateLimit(fingerprint, ip);
|
|
277
|
+
if (!rateLimitCheck.allowed) {
|
|
278
|
+
reply.status(429).send({
|
|
279
|
+
error: 'rate_limited',
|
|
280
|
+
message: rateLimitCheck.reason || 'Too many requests'
|
|
281
|
+
});
|
|
282
|
+
return;
|
|
283
|
+
}
|
|
284
|
+
|
|
285
|
+
// Track fingerprint
|
|
286
|
+
trackFingerprint(fingerprint, ip, userAgent);
|
|
287
|
+
|
|
288
|
+
// Check if fingerprint is blocked
|
|
289
|
+
const fp = requestFingerprints.get(fingerprint);
|
|
290
|
+
if (fp?.blocked && fp.blockedUntil && Date.now() < fp.blockedUntil) {
|
|
291
|
+
reply.status(429).send({
|
|
292
|
+
error: 'suspicious_activity',
|
|
293
|
+
message: 'Request pattern flagged as suspicious'
|
|
294
|
+
});
|
|
295
|
+
return;
|
|
296
|
+
}
|
|
297
|
+
|
|
298
|
+
// Attach fingerprint to request for logging
|
|
299
|
+
(request as any).ddosFingerprint = fingerprint;
|
|
300
|
+
(request as any).clientIP = ip;
|
|
301
|
+
}
|
|
302
|
+
|
|
303
|
+
/**
|
|
304
|
+
* Get DDoS protection stats (for monitoring)
|
|
305
|
+
*/
|
|
306
|
+
export function getDDoSStats() {
|
|
307
|
+
return {
|
|
308
|
+
blockedIPs: ipBlocks.size,
|
|
309
|
+
trackedFingerprints: requestFingerprints.size,
|
|
310
|
+
activeRateLimitBuckets: rateLimitBuckets.size,
|
|
311
|
+
blockedIPsList: Array.from(ipBlocks.values()).map(b => ({
|
|
312
|
+
ip: b.ip,
|
|
313
|
+
reason: b.reason,
|
|
314
|
+
blockedUntil: new Date(b.blockedUntil).toISOString()
|
|
315
|
+
}))
|
|
316
|
+
};
|
|
317
|
+
}
|
|
318
|
+
|
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Log capture middleware for monitoring log buffer (Portal `/api/monitoring/logs`).
|
|
3
|
+
* Intercepts logger calls and feeds them to the monitoring ring buffer.
|
|
4
|
+
*
|
|
5
|
+
* Skips `memoryLogger` (no `getCorrelationId`; uses its own `getLogs()` buffer).
|
|
6
|
+
*/
|
|
7
|
+
|
|
8
|
+
import { addMonitoringLog } from '../routes/monitoring.js';
|
|
9
|
+
|
|
10
|
+
const MONITORING_WRAPPED = '__monitoringWrapped';
|
|
11
|
+
|
|
12
|
+
/**
|
|
13
|
+
* Wrap a logger to capture log entries for monitoring.
|
|
14
|
+
* Idempotent: already-wrapped loggers are returned unchanged.
|
|
15
|
+
*/
|
|
16
|
+
export function wrapLoggerForMonitoring(logger: any): any {
|
|
17
|
+
if (!logger || typeof logger.info !== 'function') {
|
|
18
|
+
return logger;
|
|
19
|
+
}
|
|
20
|
+
if (logger[MONITORING_WRAPPED]) {
|
|
21
|
+
return logger;
|
|
22
|
+
}
|
|
23
|
+
// memoryLogger: separate in-memory buffer for no-persistence mode — do not duplicate
|
|
24
|
+
if (typeof logger.getLogs === 'function') {
|
|
25
|
+
return logger;
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
const originalInfo = logger.info.bind(logger);
|
|
29
|
+
const originalWarn = logger.warn.bind(logger);
|
|
30
|
+
const originalError = logger.error.bind(logger);
|
|
31
|
+
const originalDebug = logger.debug?.bind(logger);
|
|
32
|
+
|
|
33
|
+
const resolveCorrelationId = (
|
|
34
|
+
data?: Record<string, unknown>
|
|
35
|
+
): string | undefined => {
|
|
36
|
+
if (data && typeof data['correlationId'] === 'string') {
|
|
37
|
+
return data['correlationId'];
|
|
38
|
+
}
|
|
39
|
+
if (typeof logger.getCorrelationId === 'function') {
|
|
40
|
+
return logger.getCorrelationId();
|
|
41
|
+
}
|
|
42
|
+
return undefined;
|
|
43
|
+
};
|
|
44
|
+
|
|
45
|
+
const logContext =
|
|
46
|
+
typeof logger.getComponent === 'function'
|
|
47
|
+
? logger.getComponent()
|
|
48
|
+
: typeof logger.prefix === 'string'
|
|
49
|
+
? logger.prefix
|
|
50
|
+
: 'Gateway';
|
|
51
|
+
|
|
52
|
+
const capture = (
|
|
53
|
+
level: 'info' | 'warn' | 'error' | 'debug',
|
|
54
|
+
message: string,
|
|
55
|
+
data?: Record<string, unknown>
|
|
56
|
+
) => {
|
|
57
|
+
const correlationId = resolveCorrelationId(data);
|
|
58
|
+
addMonitoringLog({
|
|
59
|
+
timestamp: new Date().toISOString(),
|
|
60
|
+
level,
|
|
61
|
+
message,
|
|
62
|
+
context: logContext,
|
|
63
|
+
...(correlationId && { correlationId }),
|
|
64
|
+
...(data && { data }),
|
|
65
|
+
});
|
|
66
|
+
};
|
|
67
|
+
|
|
68
|
+
logger.info = (message: string, data?: Record<string, unknown>) => {
|
|
69
|
+
capture('info', message, data);
|
|
70
|
+
return originalInfo(message, data);
|
|
71
|
+
};
|
|
72
|
+
|
|
73
|
+
logger.warn = (message: string, data?: Record<string, unknown>) => {
|
|
74
|
+
capture('warn', message, data);
|
|
75
|
+
return originalWarn(message, data);
|
|
76
|
+
};
|
|
77
|
+
|
|
78
|
+
logger.error = (message: string, data?: Record<string, unknown>) => {
|
|
79
|
+
capture('error', message, data);
|
|
80
|
+
return originalError(message, data);
|
|
81
|
+
};
|
|
82
|
+
|
|
83
|
+
if (originalDebug) {
|
|
84
|
+
logger.debug = (message: string, data?: Record<string, unknown>) => {
|
|
85
|
+
capture('debug', message, data);
|
|
86
|
+
return originalDebug(message, data);
|
|
87
|
+
};
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
logger[MONITORING_WRAPPED] = true;
|
|
91
|
+
return logger;
|
|
92
|
+
}
|
|
@@ -0,0 +1,222 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security middleware for Fastify
|
|
3
|
+
* Adds security headers, removes version information, and validates secrets.
|
|
4
|
+
* Operator guide: docs/GATEWAY-SECRETS-M3.md
|
|
5
|
+
*/
|
|
6
|
+
|
|
7
|
+
import { FastifyRequest, FastifyReply } from 'fastify';
|
|
8
|
+
import { env, createLogger } from '@4runr/shared';
|
|
9
|
+
import { isMemoryMode } from '../config/persistence.js';
|
|
10
|
+
import { signingSecretProductionError } from '../security/agent-token.js';
|
|
11
|
+
|
|
12
|
+
const logger = createLogger('Gateway:Security');
|
|
13
|
+
|
|
14
|
+
/** Must match `redis-credentials-store.ts` */
|
|
15
|
+
const DEFAULT_DEV_ENCRYPTION_KEY = 'default-dev-key-change-in-production';
|
|
16
|
+
|
|
17
|
+
const INSECURE_SECRET_SUBSTRINGS = [
|
|
18
|
+
'secret',
|
|
19
|
+
'change-me',
|
|
20
|
+
'change-in-production',
|
|
21
|
+
'test-secret',
|
|
22
|
+
'default-dev',
|
|
23
|
+
'jwt-secret',
|
|
24
|
+
];
|
|
25
|
+
|
|
26
|
+
export type SecretsValidationResult = {
|
|
27
|
+
valid: boolean;
|
|
28
|
+
errors: string[];
|
|
29
|
+
warnings: string[];
|
|
30
|
+
};
|
|
31
|
+
|
|
32
|
+
function looksInsecure(value: string): boolean {
|
|
33
|
+
const lower = value.toLowerCase();
|
|
34
|
+
return INSECURE_SECRET_SUBSTRINGS.some((p) => lower.includes(p));
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
function validateKekBase64(): string | null {
|
|
38
|
+
const b64 = process.env['KEK_BASE64'];
|
|
39
|
+
if (!b64?.trim()) {
|
|
40
|
+
return 'KEK_BASE64 is required in production when using encrypted credentials (MFA, tool credentials, envelope crypto)';
|
|
41
|
+
}
|
|
42
|
+
try {
|
|
43
|
+
const buf = Buffer.from(b64, 'base64');
|
|
44
|
+
if (buf.length < 32) {
|
|
45
|
+
return 'KEK_BASE64 must decode to at least 32 bytes (use e.g. openssl rand -base64 32)';
|
|
46
|
+
}
|
|
47
|
+
} catch {
|
|
48
|
+
return 'KEK_BASE64 must be valid base64';
|
|
49
|
+
}
|
|
50
|
+
return null;
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
function validateSigningSecret(): string | null {
|
|
54
|
+
return signingSecretProductionError(process.env['SIGNING_SECRET']);
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
function validateEncryptionKey(): string | null {
|
|
58
|
+
const k = process.env['ENCRYPTION_KEY'] ?? env.ENCRYPTION_KEY;
|
|
59
|
+
if (!k || k.length < 32) {
|
|
60
|
+
return 'ENCRYPTION_KEY must be at least 32 characters in production (Redis AI provider credentials)';
|
|
61
|
+
}
|
|
62
|
+
if (k === DEFAULT_DEV_ENCRYPTION_KEY || looksInsecure(k)) {
|
|
63
|
+
return 'ENCRYPTION_KEY must not use the default dev value in production';
|
|
64
|
+
}
|
|
65
|
+
return null;
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
/**
|
|
69
|
+
* Set security headers on all responses
|
|
70
|
+
*/
|
|
71
|
+
export async function setSecurityHeaders(
|
|
72
|
+
request: FastifyRequest,
|
|
73
|
+
reply: FastifyReply
|
|
74
|
+
): Promise<void> {
|
|
75
|
+
// Remove server version header (if present)
|
|
76
|
+
reply.removeHeader('X-Powered-By');
|
|
77
|
+
reply.removeHeader('Server');
|
|
78
|
+
|
|
79
|
+
// Content Security Policy
|
|
80
|
+
reply.header(
|
|
81
|
+
'Content-Security-Policy',
|
|
82
|
+
"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' ws: wss:; frame-ancestors 'none';"
|
|
83
|
+
);
|
|
84
|
+
|
|
85
|
+
// Strict Transport Security (HSTS) - only if HTTPS
|
|
86
|
+
if (request.protocol === 'https' || request.headers['x-forwarded-proto'] === 'https') {
|
|
87
|
+
reply.header('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
// X-Content-Type-Options
|
|
91
|
+
reply.header('X-Content-Type-Options', 'nosniff');
|
|
92
|
+
|
|
93
|
+
// X-Frame-Options
|
|
94
|
+
reply.header('X-Frame-Options', 'DENY');
|
|
95
|
+
|
|
96
|
+
// X-XSS-Protection
|
|
97
|
+
reply.header('X-XSS-Protection', '1; mode=block');
|
|
98
|
+
|
|
99
|
+
// Referrer Policy
|
|
100
|
+
reply.header('Referrer-Policy', 'strict-origin-when-cross-origin');
|
|
101
|
+
|
|
102
|
+
// Permissions Policy (formerly Feature-Policy)
|
|
103
|
+
reply.header(
|
|
104
|
+
'Permissions-Policy',
|
|
105
|
+
'geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), speaker=()'
|
|
106
|
+
);
|
|
107
|
+
|
|
108
|
+
// Cross-Origin Embedder Policy
|
|
109
|
+
reply.header('Cross-Origin-Embedder-Policy', 'require-corp');
|
|
110
|
+
|
|
111
|
+
// Cross-Origin Opener Policy
|
|
112
|
+
reply.header('Cross-Origin-Opener-Policy', 'same-origin');
|
|
113
|
+
|
|
114
|
+
// Cross-Origin Resource Policy
|
|
115
|
+
reply.header('Cross-Origin-Resource-Policy', 'same-origin');
|
|
116
|
+
|
|
117
|
+
// Don't expose internal headers
|
|
118
|
+
reply.header('X-Gateway', '4Runr'); // Generic name, no version
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
/**
|
|
122
|
+
* Validate that required secrets are present and not default values.
|
|
123
|
+
* Aligns with runtime checks in `redis-credentials-store`, `mfa-storage`, and `tool-proxy`.
|
|
124
|
+
*/
|
|
125
|
+
export function validateSecrets(): SecretsValidationResult {
|
|
126
|
+
const errors: string[] = [];
|
|
127
|
+
const warnings: string[] = [];
|
|
128
|
+
const isProduction = process.env['NODE_ENV'] === 'production';
|
|
129
|
+
const memoryMode = isMemoryMode();
|
|
130
|
+
const authMode = process.env['AUTH_MODE'] ?? env.AUTH_MODE;
|
|
131
|
+
const authEnabled =
|
|
132
|
+
process.env['AUTH_ENABLED'] === undefined
|
|
133
|
+
? env.AUTH_ENABLED
|
|
134
|
+
: process.env['AUTH_ENABLED'] === 'true';
|
|
135
|
+
const databaseUrl = process.env['DATABASE_URL'] ?? env.DATABASE_URL;
|
|
136
|
+
const jwtSecret = process.env['JWT_SECRET'] ?? env.JWT_SECRET;
|
|
137
|
+
|
|
138
|
+
if (isProduction && !memoryMode && !databaseUrl) {
|
|
139
|
+
errors.push('DATABASE_URL is required in production (unless GATEWAY_PERSISTENCE=memory)');
|
|
140
|
+
}
|
|
141
|
+
|
|
142
|
+
if ((authMode === 'jwt' || authMode === 'mixed') && !jwtSecret) {
|
|
143
|
+
if (isProduction) {
|
|
144
|
+
errors.push('JWT_SECRET is required when AUTH_MODE is jwt or mixed');
|
|
145
|
+
} else {
|
|
146
|
+
warnings.push('JWT_SECRET is not set; JWT auth will fail when AUTH_ENABLED=true');
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
|
|
150
|
+
if (jwtSecret) {
|
|
151
|
+
if (jwtSecret.length < 32) {
|
|
152
|
+
errors.push('JWT_SECRET is too short (minimum 32 characters)');
|
|
153
|
+
} else if (looksInsecure(jwtSecret)) {
|
|
154
|
+
errors.push('JWT_SECRET appears to use an insecure default value');
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
if (isProduction) {
|
|
159
|
+
const signingErr = validateSigningSecret();
|
|
160
|
+
if (signingErr) errors.push(signingErr);
|
|
161
|
+
|
|
162
|
+
if (!memoryMode) {
|
|
163
|
+
const encErr = validateEncryptionKey();
|
|
164
|
+
if (encErr) errors.push(encErr);
|
|
165
|
+
|
|
166
|
+
const kekErr = validateKekBase64();
|
|
167
|
+
if (kekErr) errors.push(kekErr);
|
|
168
|
+
} else {
|
|
169
|
+
warnings.push(
|
|
170
|
+
'GATEWAY_PERSISTENCE=memory: ENCRYPTION_KEY and KEK_BASE64 are not required at startup; MFA/tool credential encryption still requires KEK_BASE64 if those routes are used'
|
|
171
|
+
);
|
|
172
|
+
}
|
|
173
|
+
|
|
174
|
+
if (authEnabled && (authMode === 'api_key' || authMode === 'mixed')) {
|
|
175
|
+
if (!process.env['API_KEY'] && !process.env['API_KEYS']) {
|
|
176
|
+
warnings.push(
|
|
177
|
+
'No API_KEY/API_KEYS in environment; production api_key auth expects keys in the database or env'
|
|
178
|
+
);
|
|
179
|
+
}
|
|
180
|
+
}
|
|
181
|
+
} else {
|
|
182
|
+
if (!process.env['SIGNING_SECRET'] || process.env['SIGNING_SECRET'].length < 32) {
|
|
183
|
+
warnings.push('SIGNING_SECRET is unset or short; dev agent-token signing uses a default secret');
|
|
184
|
+
}
|
|
185
|
+
if (!memoryMode && !process.env['ENCRYPTION_KEY'] && !env.ENCRYPTION_KEY) {
|
|
186
|
+
warnings.push('ENCRYPTION_KEY is unset; Redis credential store will use a dev default outside production');
|
|
187
|
+
}
|
|
188
|
+
if (!process.env['KEK_BASE64']) {
|
|
189
|
+
warnings.push('KEK_BASE64 is unset; MFA and tool credentials store plaintext in non-production');
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
|
|
193
|
+
return {
|
|
194
|
+
valid: errors.length === 0,
|
|
195
|
+
errors,
|
|
196
|
+
warnings,
|
|
197
|
+
};
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
/**
|
|
201
|
+
* Log security validation on startup; refuse to start in production when invalid.
|
|
202
|
+
*/
|
|
203
|
+
export function logSecurityValidation(): void {
|
|
204
|
+
const validation = validateSecrets();
|
|
205
|
+
|
|
206
|
+
if (validation.warnings.length > 0) {
|
|
207
|
+
logger.warn('Security validation warnings', { warnings: validation.warnings });
|
|
208
|
+
}
|
|
209
|
+
|
|
210
|
+
if (!validation.valid) {
|
|
211
|
+
logger.error('Security validation failed', { errors: validation.errors });
|
|
212
|
+
if (process.env['NODE_ENV'] === 'production') {
|
|
213
|
+
throw new Error(
|
|
214
|
+
`Gateway refused to start: invalid secrets configuration — ${validation.errors.join('; ')}`
|
|
215
|
+
);
|
|
216
|
+
}
|
|
217
|
+
return;
|
|
218
|
+
}
|
|
219
|
+
|
|
220
|
+
logger.info('Security validation passed');
|
|
221
|
+
}
|
|
222
|
+
|