4runr-os 2.10.85 → 2.10.86

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (871) hide show
  1. package/README.md +2 -2
  2. package/SETUP.md +2 -2
  3. package/USER-PRIVACY.md +2 -2
  4. package/apps/os-server/DEPLOYMENT.md +426 -0
  5. package/apps/os-server/JWT-RATE-LIMIT-VALIDATION.md +462 -0
  6. package/apps/os-server/PERSISTENCE-AND-AUTH.md +227 -0
  7. package/apps/os-server/PHASE5-TESTING.md +222 -0
  8. package/apps/os-server/README.md +368 -0
  9. package/apps/os-server/TROUBLESHOOTING.md +541 -0
  10. package/apps/os-server/dist/apps/os-server/src/adapters/gateway-cancel-adapter.d.ts +3 -0
  11. package/apps/os-server/dist/apps/os-server/src/adapters/gateway-cancel-adapter.d.ts.map +1 -0
  12. package/apps/os-server/dist/apps/os-server/src/adapters/gateway-cancel-adapter.js +28 -0
  13. package/apps/os-server/dist/apps/os-server/src/adapters/gateway-cancel-adapter.js.map +1 -0
  14. package/apps/os-server/dist/apps/os-server/src/adapters/redis-sentinel-publisher.d.ts +23 -0
  15. package/apps/os-server/dist/apps/os-server/src/adapters/redis-sentinel-publisher.d.ts.map +1 -0
  16. package/apps/os-server/dist/apps/os-server/src/adapters/redis-sentinel-publisher.js +95 -0
  17. package/apps/os-server/dist/apps/os-server/src/adapters/redis-sentinel-publisher.js.map +1 -0
  18. package/apps/os-server/dist/apps/os-server/src/adapters/sentinel-event-stream.d.ts +14 -0
  19. package/apps/os-server/dist/apps/os-server/src/adapters/sentinel-event-stream.d.ts.map +1 -0
  20. package/apps/os-server/dist/apps/os-server/src/adapters/sentinel-event-stream.js +69 -0
  21. package/apps/os-server/dist/apps/os-server/src/adapters/sentinel-event-stream.js.map +1 -0
  22. package/apps/os-server/dist/apps/os-server/src/agents/definitions-simple.d.ts +10 -0
  23. package/apps/os-server/dist/apps/os-server/src/agents/definitions-simple.d.ts.map +1 -0
  24. package/apps/os-server/dist/apps/os-server/src/agents/definitions-simple.js +377 -0
  25. package/apps/os-server/dist/apps/os-server/src/agents/definitions-simple.js.map +1 -0
  26. package/apps/os-server/dist/apps/os-server/src/agents/definitions.d.ts +14 -0
  27. package/apps/os-server/dist/apps/os-server/src/agents/definitions.d.ts.map +1 -0
  28. package/apps/os-server/dist/apps/os-server/src/agents/definitions.js +210 -0
  29. package/apps/os-server/dist/apps/os-server/src/agents/definitions.js.map +1 -0
  30. package/apps/os-server/dist/apps/os-server/src/agents/local-model-provider.d.ts +25 -0
  31. package/apps/os-server/dist/apps/os-server/src/agents/local-model-provider.d.ts.map +1 -0
  32. package/apps/os-server/dist/apps/os-server/src/agents/local-model-provider.js +144 -0
  33. package/apps/os-server/dist/apps/os-server/src/agents/local-model-provider.js.map +1 -0
  34. package/apps/os-server/dist/apps/os-server/src/agents/tools.d.ts +24 -0
  35. package/apps/os-server/dist/apps/os-server/src/agents/tools.d.ts.map +1 -0
  36. package/apps/os-server/dist/apps/os-server/src/agents/tools.js +110 -0
  37. package/apps/os-server/dist/apps/os-server/src/agents/tools.js.map +1 -0
  38. package/apps/os-server/dist/apps/os-server/src/ai-providers/anthropic-provider.d.ts +14 -0
  39. package/apps/os-server/dist/apps/os-server/src/ai-providers/anthropic-provider.d.ts.map +1 -0
  40. package/apps/os-server/dist/apps/os-server/src/ai-providers/anthropic-provider.js +139 -0
  41. package/apps/os-server/dist/apps/os-server/src/ai-providers/anthropic-provider.js.map +1 -0
  42. package/apps/os-server/dist/apps/os-server/src/ai-providers/index.d.ts +6 -0
  43. package/apps/os-server/dist/apps/os-server/src/ai-providers/index.d.ts.map +1 -0
  44. package/apps/os-server/dist/apps/os-server/src/ai-providers/index.js +6 -0
  45. package/apps/os-server/dist/apps/os-server/src/ai-providers/index.js.map +1 -0
  46. package/apps/os-server/dist/apps/os-server/src/ai-providers/openai-provider.d.ts +14 -0
  47. package/apps/os-server/dist/apps/os-server/src/ai-providers/openai-provider.d.ts.map +1 -0
  48. package/apps/os-server/dist/apps/os-server/src/ai-providers/openai-provider.js +136 -0
  49. package/apps/os-server/dist/apps/os-server/src/ai-providers/openai-provider.js.map +1 -0
  50. package/apps/os-server/dist/apps/os-server/src/ai-providers/provider-manager.d.ts +18 -0
  51. package/apps/os-server/dist/apps/os-server/src/ai-providers/provider-manager.d.ts.map +1 -0
  52. package/apps/os-server/dist/apps/os-server/src/ai-providers/provider-manager.js +91 -0
  53. package/apps/os-server/dist/apps/os-server/src/ai-providers/provider-manager.js.map +1 -0
  54. package/apps/os-server/dist/apps/os-server/src/ai-providers/redis-credentials-store.d.ts +15 -0
  55. package/apps/os-server/dist/apps/os-server/src/ai-providers/redis-credentials-store.d.ts.map +1 -0
  56. package/apps/os-server/dist/apps/os-server/src/ai-providers/redis-credentials-store.js +181 -0
  57. package/apps/os-server/dist/apps/os-server/src/ai-providers/redis-credentials-store.js.map +1 -0
  58. package/apps/os-server/dist/apps/os-server/src/ai-providers/types.d.ts +54 -0
  59. package/apps/os-server/dist/apps/os-server/src/ai-providers/types.d.ts.map +1 -0
  60. package/apps/os-server/dist/apps/os-server/src/ai-providers/types.js +2 -0
  61. package/apps/os-server/dist/apps/os-server/src/ai-providers/types.js.map +1 -0
  62. package/apps/os-server/dist/apps/os-server/src/config/persistence.d.ts +5 -0
  63. package/apps/os-server/dist/apps/os-server/src/config/persistence.d.ts.map +1 -0
  64. package/apps/os-server/dist/apps/os-server/src/config/persistence.js +14 -0
  65. package/apps/os-server/dist/apps/os-server/src/config/persistence.js.map +1 -0
  66. package/apps/os-server/dist/apps/os-server/src/crypto/envelope.d.ts +28 -0
  67. package/apps/os-server/dist/apps/os-server/src/crypto/envelope.d.ts.map +1 -0
  68. package/apps/os-server/dist/apps/os-server/src/crypto/envelope.js +111 -0
  69. package/apps/os-server/dist/apps/os-server/src/crypto/envelope.js.map +1 -0
  70. package/apps/os-server/dist/apps/os-server/src/crypto/mfa-storage.d.ts +6 -0
  71. package/apps/os-server/dist/apps/os-server/src/crypto/mfa-storage.d.ts.map +1 -0
  72. package/apps/os-server/dist/apps/os-server/src/crypto/mfa-storage.js +61 -0
  73. package/apps/os-server/dist/apps/os-server/src/crypto/mfa-storage.js.map +1 -0
  74. package/apps/os-server/dist/apps/os-server/src/db/docker-manager.d.ts +21 -0
  75. package/apps/os-server/dist/apps/os-server/src/db/docker-manager.d.ts.map +1 -0
  76. package/apps/os-server/dist/apps/os-server/src/db/docker-manager.js +166 -0
  77. package/apps/os-server/dist/apps/os-server/src/db/docker-manager.js.map +1 -0
  78. package/apps/os-server/dist/apps/os-server/src/db/init.d.ts +11 -0
  79. package/apps/os-server/dist/apps/os-server/src/db/init.d.ts.map +1 -0
  80. package/apps/os-server/dist/apps/os-server/src/db/init.js +202 -0
  81. package/apps/os-server/dist/apps/os-server/src/db/init.js.map +1 -0
  82. package/apps/os-server/dist/apps/os-server/src/db/memory-db.d.ts +149 -0
  83. package/apps/os-server/dist/apps/os-server/src/db/memory-db.d.ts.map +1 -0
  84. package/apps/os-server/dist/apps/os-server/src/db/memory-db.js +295 -0
  85. package/apps/os-server/dist/apps/os-server/src/db/memory-db.js.map +1 -0
  86. package/apps/os-server/dist/apps/os-server/src/db/prisma.d.ts +4 -0
  87. package/apps/os-server/dist/apps/os-server/src/db/prisma.d.ts.map +1 -0
  88. package/apps/os-server/dist/apps/os-server/src/db/prisma.js +31 -0
  89. package/apps/os-server/dist/apps/os-server/src/db/prisma.js.map +1 -0
  90. package/apps/os-server/dist/apps/os-server/src/db/redis.d.ts +5 -0
  91. package/apps/os-server/dist/apps/os-server/src/db/redis.d.ts.map +1 -0
  92. package/apps/os-server/dist/apps/os-server/src/db/redis.js +69 -0
  93. package/apps/os-server/dist/apps/os-server/src/db/redis.js.map +1 -0
  94. package/apps/os-server/dist/apps/os-server/src/devkit/agents-api.d.ts +3 -0
  95. package/apps/os-server/dist/apps/os-server/src/devkit/agents-api.d.ts.map +1 -0
  96. package/apps/os-server/dist/apps/os-server/src/devkit/agents-api.js +369 -0
  97. package/apps/os-server/dist/apps/os-server/src/devkit/agents-api.js.map +1 -0
  98. package/apps/os-server/dist/apps/os-server/src/devkit/metrics-parser.d.ts +46 -0
  99. package/apps/os-server/dist/apps/os-server/src/devkit/metrics-parser.d.ts.map +1 -0
  100. package/apps/os-server/dist/apps/os-server/src/devkit/metrics-parser.js +114 -0
  101. package/apps/os-server/dist/apps/os-server/src/devkit/metrics-parser.js.map +1 -0
  102. package/apps/os-server/dist/apps/os-server/src/devkit/middleware.d.ts +9 -0
  103. package/apps/os-server/dist/apps/os-server/src/devkit/middleware.d.ts.map +1 -0
  104. package/apps/os-server/dist/apps/os-server/src/devkit/middleware.js +23 -0
  105. package/apps/os-server/dist/apps/os-server/src/devkit/middleware.js.map +1 -0
  106. package/apps/os-server/dist/apps/os-server/src/devkit/routes.d.ts +3 -0
  107. package/apps/os-server/dist/apps/os-server/src/devkit/routes.d.ts.map +1 -0
  108. package/apps/os-server/dist/apps/os-server/src/devkit/routes.js +270 -0
  109. package/apps/os-server/dist/apps/os-server/src/devkit/routes.js.map +1 -0
  110. package/apps/os-server/dist/apps/os-server/src/devkit/tools-api.d.ts +3 -0
  111. package/apps/os-server/dist/apps/os-server/src/devkit/tools-api.d.ts.map +1 -0
  112. package/apps/os-server/dist/apps/os-server/src/devkit/tools-api.js +183 -0
  113. package/apps/os-server/dist/apps/os-server/src/devkit/tools-api.js.map +1 -0
  114. package/apps/os-server/dist/apps/os-server/src/health/index.d.ts +36 -0
  115. package/apps/os-server/dist/apps/os-server/src/health/index.d.ts.map +1 -0
  116. package/apps/os-server/dist/apps/os-server/src/health/index.js +275 -0
  117. package/apps/os-server/dist/apps/os-server/src/health/index.js.map +1 -0
  118. package/apps/os-server/dist/apps/os-server/src/index.d.ts +2 -0
  119. package/apps/os-server/dist/apps/os-server/src/index.d.ts.map +1 -0
  120. package/apps/os-server/dist/apps/os-server/src/index.js +1131 -0
  121. package/apps/os-server/dist/apps/os-server/src/index.js.map +1 -0
  122. package/apps/os-server/dist/apps/os-server/src/metrics/index.d.ts +48 -0
  123. package/apps/os-server/dist/apps/os-server/src/metrics/index.d.ts.map +1 -0
  124. package/apps/os-server/dist/apps/os-server/src/metrics/index.js +296 -0
  125. package/apps/os-server/dist/apps/os-server/src/metrics/index.js.map +1 -0
  126. package/apps/os-server/dist/apps/os-server/src/metrics/monitoring-detail.d.ts +18 -0
  127. package/apps/os-server/dist/apps/os-server/src/metrics/monitoring-detail.d.ts.map +1 -0
  128. package/apps/os-server/dist/apps/os-server/src/metrics/monitoring-detail.js +117 -0
  129. package/apps/os-server/dist/apps/os-server/src/metrics/monitoring-detail.js.map +1 -0
  130. package/apps/os-server/dist/apps/os-server/src/middleware/auth.d.ts +5 -0
  131. package/apps/os-server/dist/apps/os-server/src/middleware/auth.d.ts.map +1 -0
  132. package/apps/os-server/dist/apps/os-server/src/middleware/auth.js +64 -0
  133. package/apps/os-server/dist/apps/os-server/src/middleware/auth.js.map +1 -0
  134. package/apps/os-server/dist/apps/os-server/src/middleware/authApiKey.d.ts +4 -0
  135. package/apps/os-server/dist/apps/os-server/src/middleware/authApiKey.d.ts.map +1 -0
  136. package/apps/os-server/dist/apps/os-server/src/middleware/authApiKey.js +105 -0
  137. package/apps/os-server/dist/apps/os-server/src/middleware/authApiKey.js.map +1 -0
  138. package/apps/os-server/dist/apps/os-server/src/middleware/authJwt.d.ts +12 -0
  139. package/apps/os-server/dist/apps/os-server/src/middleware/authJwt.d.ts.map +1 -0
  140. package/apps/os-server/dist/apps/os-server/src/middleware/authJwt.js +75 -0
  141. package/apps/os-server/dist/apps/os-server/src/middleware/authJwt.js.map +1 -0
  142. package/apps/os-server/dist/apps/os-server/src/middleware/correlationId.d.ts +6 -0
  143. package/apps/os-server/dist/apps/os-server/src/middleware/correlationId.d.ts.map +1 -0
  144. package/apps/os-server/dist/apps/os-server/src/middleware/correlationId.js +21 -0
  145. package/apps/os-server/dist/apps/os-server/src/middleware/correlationId.js.map +1 -0
  146. package/apps/os-server/dist/apps/os-server/src/middleware/ddos-protection.d.ts +13 -0
  147. package/apps/os-server/dist/apps/os-server/src/middleware/ddos-protection.d.ts.map +1 -0
  148. package/apps/os-server/dist/apps/os-server/src/middleware/ddos-protection.js +202 -0
  149. package/apps/os-server/dist/apps/os-server/src/middleware/ddos-protection.js.map +1 -0
  150. package/apps/os-server/dist/apps/os-server/src/middleware/errorHandler.d.ts +14 -0
  151. package/apps/os-server/dist/apps/os-server/src/middleware/errorHandler.d.ts.map +1 -0
  152. package/apps/os-server/dist/apps/os-server/src/middleware/errorHandler.js +98 -0
  153. package/apps/os-server/dist/apps/os-server/src/middleware/errorHandler.js.map +1 -0
  154. package/apps/os-server/dist/apps/os-server/src/middleware/log-capture.d.ts +2 -0
  155. package/apps/os-server/dist/apps/os-server/src/middleware/log-capture.d.ts.map +1 -0
  156. package/apps/os-server/dist/apps/os-server/src/middleware/log-capture.js +63 -0
  157. package/apps/os-server/dist/apps/os-server/src/middleware/log-capture.js.map +1 -0
  158. package/apps/os-server/dist/apps/os-server/src/middleware/mfa.d.ts +3 -0
  159. package/apps/os-server/dist/apps/os-server/src/middleware/mfa.d.ts.map +1 -0
  160. package/apps/os-server/dist/apps/os-server/src/middleware/mfa.js +96 -0
  161. package/apps/os-server/dist/apps/os-server/src/middleware/mfa.js.map +1 -0
  162. package/apps/os-server/dist/apps/os-server/src/middleware/rateLimit.d.ts +6 -0
  163. package/apps/os-server/dist/apps/os-server/src/middleware/rateLimit.d.ts.map +1 -0
  164. package/apps/os-server/dist/apps/os-server/src/middleware/rateLimit.js +54 -0
  165. package/apps/os-server/dist/apps/os-server/src/middleware/rateLimit.js.map +1 -0
  166. package/apps/os-server/dist/apps/os-server/src/middleware/rbac.d.ts +19 -0
  167. package/apps/os-server/dist/apps/os-server/src/middleware/rbac.d.ts.map +1 -0
  168. package/apps/os-server/dist/apps/os-server/src/middleware/rbac.js +229 -0
  169. package/apps/os-server/dist/apps/os-server/src/middleware/rbac.js.map +1 -0
  170. package/apps/os-server/dist/apps/os-server/src/middleware/security.d.ts +10 -0
  171. package/apps/os-server/dist/apps/os-server/src/middleware/security.d.ts.map +1 -0
  172. package/apps/os-server/dist/apps/os-server/src/middleware/security.js +146 -0
  173. package/apps/os-server/dist/apps/os-server/src/middleware/security.js.map +1 -0
  174. package/apps/os-server/dist/apps/os-server/src/middleware/validate.d.ts +7 -0
  175. package/apps/os-server/dist/apps/os-server/src/middleware/validate.d.ts.map +1 -0
  176. package/apps/os-server/dist/apps/os-server/src/middleware/validate.js +156 -0
  177. package/apps/os-server/dist/apps/os-server/src/middleware/validate.js.map +1 -0
  178. package/apps/os-server/dist/apps/os-server/src/queue/config.d.ts +26 -0
  179. package/apps/os-server/dist/apps/os-server/src/queue/config.d.ts.map +1 -0
  180. package/apps/os-server/dist/apps/os-server/src/queue/config.js +21 -0
  181. package/apps/os-server/dist/apps/os-server/src/queue/config.js.map +1 -0
  182. package/apps/os-server/dist/apps/os-server/src/queue/index.d.ts +13 -0
  183. package/apps/os-server/dist/apps/os-server/src/queue/index.d.ts.map +1 -0
  184. package/apps/os-server/dist/apps/os-server/src/queue/index.js +152 -0
  185. package/apps/os-server/dist/apps/os-server/src/queue/index.js.map +1 -0
  186. package/apps/os-server/dist/apps/os-server/src/queue/processor.d.ts +16 -0
  187. package/apps/os-server/dist/apps/os-server/src/queue/processor.d.ts.map +1 -0
  188. package/apps/os-server/dist/apps/os-server/src/queue/processor.js +378 -0
  189. package/apps/os-server/dist/apps/os-server/src/queue/processor.js.map +1 -0
  190. package/apps/os-server/dist/apps/os-server/src/queue/sentinel-execute-watch.d.ts +7 -0
  191. package/apps/os-server/dist/apps/os-server/src/queue/sentinel-execute-watch.d.ts.map +1 -0
  192. package/apps/os-server/dist/apps/os-server/src/queue/sentinel-execute-watch.js +22 -0
  193. package/apps/os-server/dist/apps/os-server/src/queue/sentinel-execute-watch.js.map +1 -0
  194. package/apps/os-server/dist/apps/os-server/src/routes/ai-providers-simple.d.ts +3 -0
  195. package/apps/os-server/dist/apps/os-server/src/routes/ai-providers-simple.d.ts.map +1 -0
  196. package/apps/os-server/dist/apps/os-server/src/routes/ai-providers-simple.js +175 -0
  197. package/apps/os-server/dist/apps/os-server/src/routes/ai-providers-simple.js.map +1 -0
  198. package/apps/os-server/dist/apps/os-server/src/routes/chats.d.ts +3 -0
  199. package/apps/os-server/dist/apps/os-server/src/routes/chats.d.ts.map +1 -0
  200. package/apps/os-server/dist/apps/os-server/src/routes/chats.js +150 -0
  201. package/apps/os-server/dist/apps/os-server/src/routes/chats.js.map +1 -0
  202. package/apps/os-server/dist/apps/os-server/src/routes/gdpr.d.ts +3 -0
  203. package/apps/os-server/dist/apps/os-server/src/routes/gdpr.d.ts.map +1 -0
  204. package/apps/os-server/dist/apps/os-server/src/routes/gdpr.js +252 -0
  205. package/apps/os-server/dist/apps/os-server/src/routes/gdpr.js.map +1 -0
  206. package/apps/os-server/dist/apps/os-server/src/routes/mfa.d.ts +3 -0
  207. package/apps/os-server/dist/apps/os-server/src/routes/mfa.d.ts.map +1 -0
  208. package/apps/os-server/dist/apps/os-server/src/routes/mfa.js +240 -0
  209. package/apps/os-server/dist/apps/os-server/src/routes/mfa.js.map +1 -0
  210. package/apps/os-server/dist/apps/os-server/src/routes/monitoring.d.ts +16 -0
  211. package/apps/os-server/dist/apps/os-server/src/routes/monitoring.d.ts.map +1 -0
  212. package/apps/os-server/dist/apps/os-server/src/routes/monitoring.js +168 -0
  213. package/apps/os-server/dist/apps/os-server/src/routes/monitoring.js.map +1 -0
  214. package/apps/os-server/dist/apps/os-server/src/routes/sentinel-policies.d.ts +3 -0
  215. package/apps/os-server/dist/apps/os-server/src/routes/sentinel-policies.d.ts.map +1 -0
  216. package/apps/os-server/dist/apps/os-server/src/routes/sentinel-policies.js +209 -0
  217. package/apps/os-server/dist/apps/os-server/src/routes/sentinel-policies.js.map +1 -0
  218. package/apps/os-server/dist/apps/os-server/src/routes/sentinel-predictive.d.ts +3 -0
  219. package/apps/os-server/dist/apps/os-server/src/routes/sentinel-predictive.d.ts.map +1 -0
  220. package/apps/os-server/dist/apps/os-server/src/routes/sentinel-predictive.js +88 -0
  221. package/apps/os-server/dist/apps/os-server/src/routes/sentinel-predictive.js.map +1 -0
  222. package/apps/os-server/dist/apps/os-server/src/routes/shield.d.ts +3 -0
  223. package/apps/os-server/dist/apps/os-server/src/routes/shield.d.ts.map +1 -0
  224. package/apps/os-server/dist/apps/os-server/src/routes/shield.js +85 -0
  225. package/apps/os-server/dist/apps/os-server/src/routes/shield.js.map +1 -0
  226. package/apps/os-server/dist/apps/os-server/src/routes/tool-credentials.d.ts +3 -0
  227. package/apps/os-server/dist/apps/os-server/src/routes/tool-credentials.d.ts.map +1 -0
  228. package/apps/os-server/dist/apps/os-server/src/routes/tool-credentials.js +209 -0
  229. package/apps/os-server/dist/apps/os-server/src/routes/tool-credentials.js.map +1 -0
  230. package/apps/os-server/dist/apps/os-server/src/routes/tool-proxy.d.ts +3 -0
  231. package/apps/os-server/dist/apps/os-server/src/routes/tool-proxy.d.ts.map +1 -0
  232. package/apps/os-server/dist/apps/os-server/src/routes/tool-proxy.js +206 -0
  233. package/apps/os-server/dist/apps/os-server/src/routes/tool-proxy.js.map +1 -0
  234. package/apps/os-server/dist/apps/os-server/src/runs/index.d.ts +5 -0
  235. package/apps/os-server/dist/apps/os-server/src/runs/index.d.ts.map +1 -0
  236. package/apps/os-server/dist/apps/os-server/src/runs/index.js +19 -0
  237. package/apps/os-server/dist/apps/os-server/src/runs/index.js.map +1 -0
  238. package/apps/os-server/dist/apps/os-server/src/runs/memoryRunStore.d.ts +12 -0
  239. package/apps/os-server/dist/apps/os-server/src/runs/memoryRunStore.d.ts.map +1 -0
  240. package/apps/os-server/dist/apps/os-server/src/runs/memoryRunStore.js +78 -0
  241. package/apps/os-server/dist/apps/os-server/src/runs/memoryRunStore.js.map +1 -0
  242. package/apps/os-server/dist/apps/os-server/src/runs/postgresRunStore.d.ts +15 -0
  243. package/apps/os-server/dist/apps/os-server/src/runs/postgresRunStore.d.ts.map +1 -0
  244. package/apps/os-server/dist/apps/os-server/src/runs/postgresRunStore.js +148 -0
  245. package/apps/os-server/dist/apps/os-server/src/runs/postgresRunStore.js.map +1 -0
  246. package/apps/os-server/dist/apps/os-server/src/runs/run-kill.d.ts +20 -0
  247. package/apps/os-server/dist/apps/os-server/src/runs/run-kill.d.ts.map +1 -0
  248. package/apps/os-server/dist/apps/os-server/src/runs/run-kill.js +69 -0
  249. package/apps/os-server/dist/apps/os-server/src/runs/run-kill.js.map +1 -0
  250. package/apps/os-server/dist/apps/os-server/src/runs/run-retention.d.ts +17 -0
  251. package/apps/os-server/dist/apps/os-server/src/runs/run-retention.d.ts.map +1 -0
  252. package/apps/os-server/dist/apps/os-server/src/runs/run-retention.js +124 -0
  253. package/apps/os-server/dist/apps/os-server/src/runs/run-retention.js.map +1 -0
  254. package/apps/os-server/dist/apps/os-server/src/runs/runStore.d.ts +10 -0
  255. package/apps/os-server/dist/apps/os-server/src/runs/runStore.d.ts.map +1 -0
  256. package/apps/os-server/dist/apps/os-server/src/runs/runStore.js +2 -0
  257. package/apps/os-server/dist/apps/os-server/src/runs/runStore.js.map +1 -0
  258. package/apps/os-server/dist/apps/os-server/src/runs/types.d.ts +44 -0
  259. package/apps/os-server/dist/apps/os-server/src/runs/types.d.ts.map +1 -0
  260. package/apps/os-server/dist/apps/os-server/src/runs/types.js +2 -0
  261. package/apps/os-server/dist/apps/os-server/src/runs/types.js.map +1 -0
  262. package/apps/os-server/dist/apps/os-server/src/schemas/runs.d.ts +126 -0
  263. package/apps/os-server/dist/apps/os-server/src/schemas/runs.d.ts.map +1 -0
  264. package/apps/os-server/dist/apps/os-server/src/schemas/runs.js +63 -0
  265. package/apps/os-server/dist/apps/os-server/src/schemas/runs.js.map +1 -0
  266. package/apps/os-server/dist/apps/os-server/src/security/agent-token.d.ts +51 -0
  267. package/apps/os-server/dist/apps/os-server/src/security/agent-token.d.ts.map +1 -0
  268. package/apps/os-server/dist/apps/os-server/src/security/agent-token.js +161 -0
  269. package/apps/os-server/dist/apps/os-server/src/security/agent-token.js.map +1 -0
  270. package/apps/os-server/dist/apps/os-server/src/security/outbound-url.d.ts +2 -0
  271. package/apps/os-server/dist/apps/os-server/src/security/outbound-url.d.ts.map +1 -0
  272. package/apps/os-server/dist/apps/os-server/src/security/outbound-url.js +65 -0
  273. package/apps/os-server/dist/apps/os-server/src/security/outbound-url.js.map +1 -0
  274. package/apps/os-server/dist/apps/os-server/src/security/sentinel-config-store.d.ts +14 -0
  275. package/apps/os-server/dist/apps/os-server/src/security/sentinel-config-store.d.ts.map +1 -0
  276. package/apps/os-server/dist/apps/os-server/src/security/sentinel-config-store.js +168 -0
  277. package/apps/os-server/dist/apps/os-server/src/security/sentinel-config-store.js.map +1 -0
  278. package/apps/os-server/dist/apps/os-server/src/security/sentinel-run-failure.d.ts +25 -0
  279. package/apps/os-server/dist/apps/os-server/src/security/sentinel-run-failure.d.ts.map +1 -0
  280. package/apps/os-server/dist/apps/os-server/src/security/sentinel-run-failure.js +46 -0
  281. package/apps/os-server/dist/apps/os-server/src/security/sentinel-run-failure.js.map +1 -0
  282. package/apps/os-server/dist/apps/os-server/src/security/shield-config.d.ts +14 -0
  283. package/apps/os-server/dist/apps/os-server/src/security/shield-config.d.ts.map +1 -0
  284. package/apps/os-server/dist/apps/os-server/src/security/shield-config.js +70 -0
  285. package/apps/os-server/dist/apps/os-server/src/security/shield-config.js.map +1 -0
  286. package/apps/os-server/dist/apps/os-server/src/utils/circuit-breaker.d.ts +13 -0
  287. package/apps/os-server/dist/apps/os-server/src/utils/circuit-breaker.d.ts.map +1 -0
  288. package/apps/os-server/dist/apps/os-server/src/utils/circuit-breaker.js +72 -0
  289. package/apps/os-server/dist/apps/os-server/src/utils/circuit-breaker.js.map +1 -0
  290. package/apps/os-server/dist/apps/os-server/src/utils/log-encryption.d.ts +10 -0
  291. package/apps/os-server/dist/apps/os-server/src/utils/log-encryption.d.ts.map +1 -0
  292. package/apps/os-server/dist/apps/os-server/src/utils/log-encryption.js +140 -0
  293. package/apps/os-server/dist/apps/os-server/src/utils/log-encryption.js.map +1 -0
  294. package/apps/os-server/docker-compose.local.yml +46 -0
  295. package/apps/os-server/find-gateway.sh +37 -0
  296. package/apps/os-server/jest.config.cjs +52 -0
  297. package/apps/os-server/package-lock.json +8809 -0
  298. package/apps/os-server/package.json +66 -0
  299. package/apps/os-server/scripts/setup-test-env.sh +67 -0
  300. package/apps/os-server/src/__tests__/integration/README.md +92 -0
  301. package/apps/os-server/src/__tests__/integration/helpers/test-server.ts +178 -0
  302. package/apps/os-server/src/__tests__/integration/sentinel.test.ts +364 -0
  303. package/apps/os-server/src/adapters/redis-sentinel-publisher.ts +176 -0
  304. package/apps/os-server/src/agents/definitions-simple.ts +536 -0
  305. package/apps/os-server/src/ai-providers/anthropic-provider.ts +194 -0
  306. package/apps/os-server/src/ai-providers/openai-provider.ts +193 -0
  307. package/apps/os-server/src/ai-providers/redis-credentials-store.ts +224 -0
  308. package/apps/os-server/src/db/docker-manager.ts +262 -0
  309. package/apps/os-server/src/db/init.ts +292 -0
  310. package/apps/os-server/src/devkit/routes.ts +349 -0
  311. package/apps/os-server/src/health/index.ts +375 -0
  312. package/apps/os-server/src/index.ts +1506 -0
  313. package/apps/os-server/src/middleware/correlationId.ts +56 -0
  314. package/apps/os-server/src/middleware/ddos-protection.ts +318 -0
  315. package/apps/os-server/src/middleware/log-capture.ts +92 -0
  316. package/apps/os-server/src/middleware/security.ts +222 -0
  317. package/apps/os-server/src/routes/ai-providers-simple.ts +220 -0
  318. package/apps/os-server/src/routes/gdpr.ts +337 -0
  319. package/apps/os-server/src/routes/monitoring.ts +315 -0
  320. package/apps/os-server/src/routes/sentinel-policies.ts +293 -0
  321. package/apps/os-server/src/routes/sentinel-predictive.ts +129 -0
  322. package/apps/os-server/src/routes/tool-proxy.ts +285 -0
  323. package/apps/os-server/src/security/outbound-url.ts +83 -0
  324. package/apps/os-server/update-and-test.sh +36 -0
  325. package/dist/boot-sequence.js +1 -1
  326. package/dist/boot-sequence.js.map +1 -1
  327. package/dist/gateway-api-key-bootstrap.js +1 -1
  328. package/dist/gateway-api-key-bootstrap.js.map +1 -1
  329. package/dist/gateway-prisma-bootstrap.d.ts +1 -1
  330. package/dist/gateway-prisma-bootstrap.js +1 -1
  331. package/dist/index.js +8 -8
  332. package/dist/index.js.map +1 -1
  333. package/dist/local-gateway-pid.d.ts +1 -1
  334. package/dist/local-gateway-pid.js +1 -1
  335. package/dist/os-tui-binary-bootstrap.d.ts +18 -0
  336. package/dist/os-tui-binary-bootstrap.d.ts.map +1 -0
  337. package/dist/os-tui-binary-bootstrap.js +175 -0
  338. package/dist/os-tui-binary-bootstrap.js.map +1 -0
  339. package/dist/rust-check.js +2 -2
  340. package/dist/rust-check.js.map +1 -1
  341. package/dist/system-verify.js +8 -8
  342. package/dist/system-verify.js.map +1 -1
  343. package/dist/tui-handlers.js +12 -12
  344. package/dist/tui-handlers.js.map +1 -1
  345. package/dist/watchdog.js +73 -73
  346. package/os-tui/Cargo.lock +1118 -0
  347. package/os-tui/Cargo.toml +17 -0
  348. package/os-tui/bin/os-tui.js +63 -0
  349. package/os-tui/binaries/win32-x64/os-tui.exe +0 -0
  350. package/os-tui/src/app/render_scheduler.rs +111 -0
  351. package/os-tui/src/app.rs +3814 -0
  352. package/os-tui/src/debug_log.rs +131 -0
  353. package/os-tui/src/io/mod.rs +63 -0
  354. package/os-tui/src/io/protocol.rs +14 -0
  355. package/os-tui/src/io/stdio.rs +31 -0
  356. package/os-tui/src/io/ws.rs +25 -0
  357. package/os-tui/src/main.rs +2090 -0
  358. package/os-tui/src/monitoring/mod.rs +439 -0
  359. package/os-tui/src/screens/mod.rs +254 -0
  360. package/os-tui/src/storage/cache.rs +221 -0
  361. package/os-tui/src/storage/mod.rs +5 -0
  362. package/os-tui/src/ui/agent_builder.rs +1148 -0
  363. package/os-tui/src/ui/agent_list.rs +344 -0
  364. package/os-tui/src/ui/boot.rs +145 -0
  365. package/os-tui/src/ui/connection_portal.rs +839 -0
  366. package/os-tui/src/ui/help.rs +340 -0
  367. package/os-tui/src/ui/layout.rs +978 -0
  368. package/os-tui/src/ui/mod.rs +13 -0
  369. package/os-tui/src/ui/portal_monitoring.rs +1128 -0
  370. package/os-tui/src/ui/run_manager.rs +922 -0
  371. package/os-tui/src/ui/safe_viewport.rs +236 -0
  372. package/os-tui/src/ui/sentinel_config.rs +828 -0
  373. package/os-tui/src/ui/settings.rs +414 -0
  374. package/os-tui/src/ui/setup_portal.rs +547 -0
  375. package/os-tui/src/ui/shield_dashboard.rs +1081 -0
  376. package/os-tui/src/websocket.rs +315 -0
  377. package/package.json +121 -121
  378. package/prisma/schema.prisma +470 -470
  379. package/scripts/cleanup-build-artifacts.js +2 -2
  380. package/scripts/os-tools-smoke.cjs +549 -549
  381. package/scripts/postinstall-os-server.js +63 -0
  382. package/scripts/postinstall-os-tui.js +64 -0
  383. package/scripts/seed-os-server-api-key.cjs +77 -0
  384. package/scripts/setup.js +11 -11
  385. package/src/security/package-integrity.ts +188 -188
  386. package/src/security/ssrf-protection.ts +147 -147
  387. package/apps/gateway/DEPLOYMENT.md +0 -426
  388. package/apps/gateway/JWT-RATE-LIMIT-VALIDATION.md +0 -462
  389. package/apps/gateway/PERSISTENCE-AND-AUTH.md +0 -227
  390. package/apps/gateway/PHASE5-TESTING.md +0 -222
  391. package/apps/gateway/README.md +0 -368
  392. package/apps/gateway/TROUBLESHOOTING.md +0 -541
  393. package/apps/gateway/docker-compose.local.yml +0 -46
  394. package/apps/gateway/find-gateway.sh +0 -37
  395. package/apps/gateway/jest.config.cjs +0 -52
  396. package/apps/gateway/package-lock.json +0 -8810
  397. package/apps/gateway/package.json +0 -66
  398. package/apps/gateway/scripts/setup-test-env.sh +0 -67
  399. package/apps/gateway/src/__tests__/integration/README.md +0 -92
  400. package/apps/gateway/src/__tests__/integration/helpers/test-server.ts +0 -178
  401. package/apps/gateway/src/__tests__/integration/sentinel.test.ts +0 -364
  402. package/apps/gateway/src/adapters/redis-sentinel-publisher.ts +0 -176
  403. package/apps/gateway/src/agents/definitions-simple.ts +0 -536
  404. package/apps/gateway/src/ai-providers/anthropic-provider.ts +0 -194
  405. package/apps/gateway/src/ai-providers/openai-provider.ts +0 -193
  406. package/apps/gateway/src/ai-providers/redis-credentials-store.ts +0 -224
  407. package/apps/gateway/src/db/docker-manager.ts +0 -262
  408. package/apps/gateway/src/db/init.ts +0 -292
  409. package/apps/gateway/src/devkit/routes.ts +0 -349
  410. package/apps/gateway/src/health/index.ts +0 -375
  411. package/apps/gateway/src/index.ts +0 -1506
  412. package/apps/gateway/src/middleware/correlationId.ts +0 -56
  413. package/apps/gateway/src/middleware/ddos-protection.ts +0 -318
  414. package/apps/gateway/src/middleware/log-capture.ts +0 -92
  415. package/apps/gateway/src/middleware/security.ts +0 -222
  416. package/apps/gateway/src/routes/ai-providers-simple.ts +0 -220
  417. package/apps/gateway/src/routes/gdpr.ts +0 -337
  418. package/apps/gateway/src/routes/monitoring.ts +0 -315
  419. package/apps/gateway/src/routes/sentinel-policies.ts +0 -293
  420. package/apps/gateway/src/routes/sentinel-predictive.ts +0 -129
  421. package/apps/gateway/src/routes/tool-proxy.ts +0 -285
  422. package/apps/gateway/src/security/outbound-url.ts +0 -83
  423. package/apps/gateway/update-and-test.sh +0 -36
  424. package/mk3-tui/Cargo.lock +0 -1118
  425. package/mk3-tui/Cargo.toml +0 -17
  426. package/mk3-tui/bin/mk3-tui.js +0 -63
  427. package/mk3-tui/binaries/win32-x64/mk3-tui.exe +0 -0
  428. package/mk3-tui/src/app/render_scheduler.rs +0 -111
  429. package/mk3-tui/src/app.rs +0 -3813
  430. package/mk3-tui/src/debug_log.rs +0 -131
  431. package/mk3-tui/src/io/mod.rs +0 -63
  432. package/mk3-tui/src/io/protocol.rs +0 -14
  433. package/mk3-tui/src/io/stdio.rs +0 -31
  434. package/mk3-tui/src/io/ws.rs +0 -25
  435. package/mk3-tui/src/main.rs +0 -2090
  436. package/mk3-tui/src/monitoring/mod.rs +0 -439
  437. package/mk3-tui/src/screens/mod.rs +0 -254
  438. package/mk3-tui/src/storage/cache.rs +0 -221
  439. package/mk3-tui/src/storage/mod.rs +0 -5
  440. package/mk3-tui/src/ui/agent_builder.rs +0 -1148
  441. package/mk3-tui/src/ui/agent_list.rs +0 -344
  442. package/mk3-tui/src/ui/boot.rs +0 -145
  443. package/mk3-tui/src/ui/connection_portal.rs +0 -839
  444. package/mk3-tui/src/ui/help.rs +0 -340
  445. package/mk3-tui/src/ui/layout.rs +0 -978
  446. package/mk3-tui/src/ui/mod.rs +0 -13
  447. package/mk3-tui/src/ui/portal_monitoring.rs +0 -1128
  448. package/mk3-tui/src/ui/run_manager.rs +0 -913
  449. package/mk3-tui/src/ui/safe_viewport.rs +0 -236
  450. package/mk3-tui/src/ui/sentinel_config.rs +0 -828
  451. package/mk3-tui/src/ui/settings.rs +0 -414
  452. package/mk3-tui/src/ui/setup_portal.rs +0 -547
  453. package/mk3-tui/src/ui/shield_dashboard.rs +0 -1081
  454. package/mk3-tui/src/websocket.rs +0 -315
  455. package/scripts/postinstall-gateway.js +0 -63
  456. package/scripts/postinstall-mk3.js +0 -64
  457. package/scripts/seed-gateway-api-key.cjs +0 -77
  458. /package/apps/{gateway → os-server}/.dockerignore +0 -0
  459. /package/apps/{gateway → os-server}/.eslintrc.json +0 -0
  460. /package/apps/{gateway → os-server}/Dockerfile +0 -0
  461. /package/apps/{gateway → os-server}/Dockerfile.bak +0 -0
  462. /package/apps/{gateway → os-server}/ENV_VARIABLES.md +0 -0
  463. /package/apps/{gateway → os-server}/create-test-script.sh +0 -0
  464. /package/apps/{gateway → os-server}/debug-api-responses.sh +0 -0
  465. /package/apps/{gateway → os-server}/debug-failing-tests-v2.sh +0 -0
  466. /package/apps/{gateway → os-server}/debug-failing-tests.sh +0 -0
  467. /package/apps/{gateway → os-server}/debug-responses.sh +0 -0
  468. /package/apps/{gateway → os-server}/debug-test-responses.sh +0 -0
  469. /package/apps/{gateway → os-server}/debug-tests.sh +0 -0
  470. /package/apps/{gateway → os-server}/diagnose-test-failure.sh +0 -0
  471. /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/gateway-cancel-adapter.d.ts +0 -0
  472. /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/gateway-cancel-adapter.d.ts.map +0 -0
  473. /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/gateway-cancel-adapter.js +0 -0
  474. /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/gateway-cancel-adapter.js.map +0 -0
  475. /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/redis-sentinel-publisher.d.ts +0 -0
  476. /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/redis-sentinel-publisher.d.ts.map +0 -0
  477. /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/redis-sentinel-publisher.js +0 -0
  478. /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/redis-sentinel-publisher.js.map +0 -0
  479. /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/sentinel-event-stream.d.ts +0 -0
  480. /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/sentinel-event-stream.d.ts.map +0 -0
  481. /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/sentinel-event-stream.js +0 -0
  482. /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/sentinel-event-stream.js.map +0 -0
  483. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions-simple.d.ts +0 -0
  484. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions-simple.d.ts.map +0 -0
  485. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions-simple.js +0 -0
  486. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions-simple.js.map +0 -0
  487. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions.d.ts +0 -0
  488. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions.d.ts.map +0 -0
  489. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions.js +0 -0
  490. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions.js.map +0 -0
  491. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/local-model-provider.d.ts +0 -0
  492. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/local-model-provider.d.ts.map +0 -0
  493. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/local-model-provider.js +0 -0
  494. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/local-model-provider.js.map +0 -0
  495. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/tools.d.ts +0 -0
  496. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/tools.d.ts.map +0 -0
  497. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/tools.js +0 -0
  498. /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/tools.js.map +0 -0
  499. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/anthropic-provider.d.ts +0 -0
  500. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/anthropic-provider.d.ts.map +0 -0
  501. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/anthropic-provider.js +0 -0
  502. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/anthropic-provider.js.map +0 -0
  503. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/index.d.ts +0 -0
  504. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/index.d.ts.map +0 -0
  505. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/index.js +0 -0
  506. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/index.js.map +0 -0
  507. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/openai-provider.d.ts +0 -0
  508. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/openai-provider.d.ts.map +0 -0
  509. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/openai-provider.js +0 -0
  510. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/openai-provider.js.map +0 -0
  511. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/provider-manager.d.ts +0 -0
  512. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/provider-manager.d.ts.map +0 -0
  513. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/provider-manager.js +0 -0
  514. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/provider-manager.js.map +0 -0
  515. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/redis-credentials-store.d.ts +0 -0
  516. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/redis-credentials-store.d.ts.map +0 -0
  517. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/redis-credentials-store.js +0 -0
  518. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/redis-credentials-store.js.map +0 -0
  519. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/types.d.ts +0 -0
  520. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/types.d.ts.map +0 -0
  521. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/types.js +0 -0
  522. /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/types.js.map +0 -0
  523. /package/apps/{gateway → os-server}/dist/apps/gateway/src/config/persistence.d.ts +0 -0
  524. /package/apps/{gateway → os-server}/dist/apps/gateway/src/config/persistence.d.ts.map +0 -0
  525. /package/apps/{gateway → os-server}/dist/apps/gateway/src/config/persistence.js +0 -0
  526. /package/apps/{gateway → os-server}/dist/apps/gateway/src/config/persistence.js.map +0 -0
  527. /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/envelope.d.ts +0 -0
  528. /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/envelope.d.ts.map +0 -0
  529. /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/envelope.js +0 -0
  530. /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/envelope.js.map +0 -0
  531. /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/mfa-storage.d.ts +0 -0
  532. /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/mfa-storage.d.ts.map +0 -0
  533. /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/mfa-storage.js +0 -0
  534. /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/mfa-storage.js.map +0 -0
  535. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/docker-manager.d.ts +0 -0
  536. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/docker-manager.d.ts.map +0 -0
  537. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/docker-manager.js +0 -0
  538. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/docker-manager.js.map +0 -0
  539. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/init.d.ts +0 -0
  540. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/init.d.ts.map +0 -0
  541. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/init.js +0 -0
  542. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/init.js.map +0 -0
  543. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/memory-db.d.ts +0 -0
  544. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/memory-db.d.ts.map +0 -0
  545. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/memory-db.js +0 -0
  546. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/memory-db.js.map +0 -0
  547. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/prisma.d.ts +0 -0
  548. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/prisma.d.ts.map +0 -0
  549. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/prisma.js +0 -0
  550. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/prisma.js.map +0 -0
  551. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/redis.d.ts +0 -0
  552. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/redis.d.ts.map +0 -0
  553. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/redis.js +0 -0
  554. /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/redis.js.map +0 -0
  555. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/agents-api.d.ts +0 -0
  556. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/agents-api.d.ts.map +0 -0
  557. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/agents-api.js +0 -0
  558. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/agents-api.js.map +0 -0
  559. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/metrics-parser.d.ts +0 -0
  560. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/metrics-parser.d.ts.map +0 -0
  561. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/metrics-parser.js +0 -0
  562. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/metrics-parser.js.map +0 -0
  563. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/middleware.d.ts +0 -0
  564. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/middleware.d.ts.map +0 -0
  565. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/middleware.js +0 -0
  566. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/middleware.js.map +0 -0
  567. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/routes.d.ts +0 -0
  568. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/routes.d.ts.map +0 -0
  569. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/routes.js +0 -0
  570. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/routes.js.map +0 -0
  571. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/tools-api.d.ts +0 -0
  572. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/tools-api.d.ts.map +0 -0
  573. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/tools-api.js +0 -0
  574. /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/tools-api.js.map +0 -0
  575. /package/apps/{gateway → os-server}/dist/apps/gateway/src/health/index.d.ts +0 -0
  576. /package/apps/{gateway → os-server}/dist/apps/gateway/src/health/index.d.ts.map +0 -0
  577. /package/apps/{gateway → os-server}/dist/apps/gateway/src/health/index.js +0 -0
  578. /package/apps/{gateway → os-server}/dist/apps/gateway/src/health/index.js.map +0 -0
  579. /package/apps/{gateway → os-server}/dist/apps/gateway/src/index.d.ts +0 -0
  580. /package/apps/{gateway → os-server}/dist/apps/gateway/src/index.d.ts.map +0 -0
  581. /package/apps/{gateway → os-server}/dist/apps/gateway/src/index.js +0 -0
  582. /package/apps/{gateway → os-server}/dist/apps/gateway/src/index.js.map +0 -0
  583. /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/index.d.ts +0 -0
  584. /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/index.d.ts.map +0 -0
  585. /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/index.js +0 -0
  586. /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/index.js.map +0 -0
  587. /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/monitoring-detail.d.ts +0 -0
  588. /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/monitoring-detail.d.ts.map +0 -0
  589. /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/monitoring-detail.js +0 -0
  590. /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/monitoring-detail.js.map +0 -0
  591. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/auth.d.ts +0 -0
  592. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/auth.d.ts.map +0 -0
  593. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/auth.js +0 -0
  594. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/auth.js.map +0 -0
  595. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authApiKey.d.ts +0 -0
  596. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authApiKey.d.ts.map +0 -0
  597. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authApiKey.js +0 -0
  598. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authApiKey.js.map +0 -0
  599. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authJwt.d.ts +0 -0
  600. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authJwt.d.ts.map +0 -0
  601. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authJwt.js +0 -0
  602. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authJwt.js.map +0 -0
  603. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/correlationId.d.ts +0 -0
  604. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/correlationId.d.ts.map +0 -0
  605. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/correlationId.js +0 -0
  606. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/correlationId.js.map +0 -0
  607. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/ddos-protection.d.ts +0 -0
  608. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/ddos-protection.d.ts.map +0 -0
  609. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/ddos-protection.js +0 -0
  610. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/ddos-protection.js.map +0 -0
  611. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/errorHandler.d.ts +0 -0
  612. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/errorHandler.d.ts.map +0 -0
  613. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/errorHandler.js +0 -0
  614. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/errorHandler.js.map +0 -0
  615. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/log-capture.d.ts +0 -0
  616. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/log-capture.d.ts.map +0 -0
  617. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/log-capture.js +0 -0
  618. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/log-capture.js.map +0 -0
  619. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/mfa.d.ts +0 -0
  620. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/mfa.d.ts.map +0 -0
  621. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/mfa.js +0 -0
  622. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/mfa.js.map +0 -0
  623. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rateLimit.d.ts +0 -0
  624. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rateLimit.d.ts.map +0 -0
  625. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rateLimit.js +0 -0
  626. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rateLimit.js.map +0 -0
  627. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rbac.d.ts +0 -0
  628. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rbac.d.ts.map +0 -0
  629. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rbac.js +0 -0
  630. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rbac.js.map +0 -0
  631. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/security.d.ts +0 -0
  632. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/security.d.ts.map +0 -0
  633. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/security.js +0 -0
  634. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/security.js.map +0 -0
  635. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/validate.d.ts +0 -0
  636. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/validate.d.ts.map +0 -0
  637. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/validate.js +0 -0
  638. /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/validate.js.map +0 -0
  639. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/config.d.ts +0 -0
  640. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/config.d.ts.map +0 -0
  641. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/config.js +0 -0
  642. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/config.js.map +0 -0
  643. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/index.d.ts +0 -0
  644. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/index.d.ts.map +0 -0
  645. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/index.js +0 -0
  646. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/index.js.map +0 -0
  647. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/processor.d.ts +0 -0
  648. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/processor.d.ts.map +0 -0
  649. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/processor.js +0 -0
  650. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/processor.js.map +0 -0
  651. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/sentinel-execute-watch.d.ts +0 -0
  652. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/sentinel-execute-watch.d.ts.map +0 -0
  653. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/sentinel-execute-watch.js +0 -0
  654. /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/sentinel-execute-watch.js.map +0 -0
  655. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/ai-providers-simple.d.ts +0 -0
  656. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/ai-providers-simple.d.ts.map +0 -0
  657. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/ai-providers-simple.js +0 -0
  658. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/ai-providers-simple.js.map +0 -0
  659. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/chats.d.ts +0 -0
  660. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/chats.d.ts.map +0 -0
  661. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/chats.js +0 -0
  662. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/chats.js.map +0 -0
  663. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/gdpr.d.ts +0 -0
  664. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/gdpr.d.ts.map +0 -0
  665. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/gdpr.js +0 -0
  666. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/gdpr.js.map +0 -0
  667. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/mfa.d.ts +0 -0
  668. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/mfa.d.ts.map +0 -0
  669. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/mfa.js +0 -0
  670. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/mfa.js.map +0 -0
  671. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/monitoring.d.ts +0 -0
  672. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/monitoring.d.ts.map +0 -0
  673. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/monitoring.js +0 -0
  674. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/monitoring.js.map +0 -0
  675. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-policies.d.ts +0 -0
  676. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-policies.d.ts.map +0 -0
  677. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-policies.js +0 -0
  678. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-policies.js.map +0 -0
  679. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-predictive.d.ts +0 -0
  680. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-predictive.d.ts.map +0 -0
  681. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-predictive.js +0 -0
  682. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-predictive.js.map +0 -0
  683. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/shield.d.ts +0 -0
  684. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/shield.d.ts.map +0 -0
  685. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/shield.js +0 -0
  686. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/shield.js.map +0 -0
  687. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-credentials.d.ts +0 -0
  688. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-credentials.d.ts.map +0 -0
  689. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-credentials.js +0 -0
  690. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-credentials.js.map +0 -0
  691. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-proxy.d.ts +0 -0
  692. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-proxy.d.ts.map +0 -0
  693. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-proxy.js +0 -0
  694. /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-proxy.js.map +0 -0
  695. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/index.d.ts +0 -0
  696. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/index.d.ts.map +0 -0
  697. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/index.js +0 -0
  698. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/index.js.map +0 -0
  699. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/memoryRunStore.d.ts +0 -0
  700. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/memoryRunStore.d.ts.map +0 -0
  701. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/memoryRunStore.js +0 -0
  702. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/memoryRunStore.js.map +0 -0
  703. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/postgresRunStore.d.ts +0 -0
  704. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/postgresRunStore.d.ts.map +0 -0
  705. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/postgresRunStore.js +0 -0
  706. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/postgresRunStore.js.map +0 -0
  707. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-kill.d.ts +0 -0
  708. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-kill.d.ts.map +0 -0
  709. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-kill.js +0 -0
  710. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-kill.js.map +0 -0
  711. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-retention.d.ts +0 -0
  712. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-retention.d.ts.map +0 -0
  713. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-retention.js +0 -0
  714. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-retention.js.map +0 -0
  715. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/runStore.d.ts +0 -0
  716. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/runStore.d.ts.map +0 -0
  717. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/runStore.js +0 -0
  718. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/runStore.js.map +0 -0
  719. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/types.d.ts +0 -0
  720. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/types.d.ts.map +0 -0
  721. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/types.js +0 -0
  722. /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/types.js.map +0 -0
  723. /package/apps/{gateway → os-server}/dist/apps/gateway/src/schemas/runs.d.ts +0 -0
  724. /package/apps/{gateway → os-server}/dist/apps/gateway/src/schemas/runs.d.ts.map +0 -0
  725. /package/apps/{gateway → os-server}/dist/apps/gateway/src/schemas/runs.js +0 -0
  726. /package/apps/{gateway → os-server}/dist/apps/gateway/src/schemas/runs.js.map +0 -0
  727. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/agent-token.d.ts +0 -0
  728. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/agent-token.d.ts.map +0 -0
  729. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/agent-token.js +0 -0
  730. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/agent-token.js.map +0 -0
  731. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/outbound-url.d.ts +0 -0
  732. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/outbound-url.d.ts.map +0 -0
  733. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/outbound-url.js +0 -0
  734. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/outbound-url.js.map +0 -0
  735. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-config-store.d.ts +0 -0
  736. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-config-store.d.ts.map +0 -0
  737. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-config-store.js +0 -0
  738. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-config-store.js.map +0 -0
  739. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-run-failure.d.ts +0 -0
  740. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-run-failure.d.ts.map +0 -0
  741. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-run-failure.js +0 -0
  742. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-run-failure.js.map +0 -0
  743. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/shield-config.d.ts +0 -0
  744. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/shield-config.d.ts.map +0 -0
  745. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/shield-config.js +0 -0
  746. /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/shield-config.js.map +0 -0
  747. /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/circuit-breaker.d.ts +0 -0
  748. /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/circuit-breaker.d.ts.map +0 -0
  749. /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/circuit-breaker.js +0 -0
  750. /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/circuit-breaker.js.map +0 -0
  751. /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/log-encryption.d.ts +0 -0
  752. /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/log-encryption.d.ts.map +0 -0
  753. /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/log-encryption.js +0 -0
  754. /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/log-encryption.js.map +0 -0
  755. /package/apps/{gateway → os-server}/dist/index.js +0 -0
  756. /package/apps/{gateway → os-server}/dist/packages/adapters/redis/IdempotencyStore.d.ts +0 -0
  757. /package/apps/{gateway → os-server}/dist/packages/adapters/redis/IdempotencyStore.d.ts.map +0 -0
  758. /package/apps/{gateway → os-server}/dist/packages/adapters/redis/IdempotencyStore.js +0 -0
  759. /package/apps/{gateway → os-server}/dist/packages/adapters/redis/IdempotencyStore.js.map +0 -0
  760. /package/apps/{gateway → os-server}/dist/packages/middleware/idempotency/idempotency.d.ts +0 -0
  761. /package/apps/{gateway → os-server}/dist/packages/middleware/idempotency/idempotency.d.ts.map +0 -0
  762. /package/apps/{gateway → os-server}/dist/packages/middleware/idempotency/idempotency.js +0 -0
  763. /package/apps/{gateway → os-server}/dist/packages/middleware/idempotency/idempotency.js.map +0 -0
  764. /package/apps/{gateway → os-server}/load-tests/README.md +0 -0
  765. /package/apps/{gateway → os-server}/load-tests/k6-basic.js +0 -0
  766. /package/apps/{gateway → os-server}/load-tests/k6-rate-limit.js +0 -0
  767. /package/apps/{gateway → os-server}/minimal-test.sh +0 -0
  768. /package/apps/{gateway → os-server}/public/sentinel-dashboard.html +0 -0
  769. /package/apps/{gateway → os-server}/quick-debug.sh +0 -0
  770. /package/apps/{gateway → os-server}/scripts/seed-api-key.ts +0 -0
  771. /package/apps/{gateway → os-server}/scripts/verify-sentinel-persist.mjs +0 -0
  772. /package/apps/{gateway → os-server}/simple-test.sh +0 -0
  773. /package/apps/{gateway → os-server}/src/__tests__/agent-token.test.ts +0 -0
  774. /package/apps/{gateway → os-server}/src/__tests__/auth.test.ts +0 -0
  775. /package/apps/{gateway → os-server}/src/__tests__/correlationId.test.ts +0 -0
  776. /package/apps/{gateway → os-server}/src/__tests__/devkit-api.test.ts +0 -0
  777. /package/apps/{gateway → os-server}/src/__tests__/integration/authentication.test.ts +0 -0
  778. /package/apps/{gateway → os-server}/src/__tests__/integration/e2e-comprehensive-fixed.test.ts +0 -0
  779. /package/apps/{gateway → os-server}/src/__tests__/integration/e2e-workflow.test.ts +0 -0
  780. /package/apps/{gateway → os-server}/src/__tests__/integration/idempotency.test.ts +0 -0
  781. /package/apps/{gateway → os-server}/src/__tests__/integration/postgres-persistence.test.ts +0 -0
  782. /package/apps/{gateway → os-server}/src/__tests__/integration/rate-limiting.test.ts +0 -0
  783. /package/apps/{gateway → os-server}/src/__tests__/integration/shield.test.ts +0 -0
  784. /package/apps/{gateway → os-server}/src/__tests__/log-capture.test.ts +0 -0
  785. /package/apps/{gateway → os-server}/src/__tests__/no-persistence-mode.test.ts +0 -0
  786. /package/apps/{gateway → os-server}/src/__tests__/outbound-url.test.ts +0 -0
  787. /package/apps/{gateway → os-server}/src/__tests__/rateLimit.test.ts +0 -0
  788. /package/apps/{gateway → os-server}/src/__tests__/run-kill.test.ts +0 -0
  789. /package/apps/{gateway → os-server}/src/__tests__/run-retention.test.ts +0 -0
  790. /package/apps/{gateway → os-server}/src/__tests__/sentinel-config-persist-http.test.ts +0 -0
  791. /package/apps/{gateway → os-server}/src/__tests__/sentinel-config-store.test.ts +0 -0
  792. /package/apps/{gateway → os-server}/src/__tests__/sentinel-events.test.ts +0 -0
  793. /package/apps/{gateway → os-server}/src/__tests__/sentinel-execute-watch.test.ts +0 -0
  794. /package/apps/{gateway → os-server}/src/__tests__/sentinel-policies.test.ts +0 -0
  795. /package/apps/{gateway → os-server}/src/__tests__/sentinel-publish-kill.test.ts +0 -0
  796. /package/apps/{gateway → os-server}/src/__tests__/sentinel-run-failure.test.ts +0 -0
  797. /package/apps/{gateway → os-server}/src/__tests__/shield-config.test.ts +0 -0
  798. /package/apps/{gateway → os-server}/src/__tests__/shield-health.test.ts +0 -0
  799. /package/apps/{gateway → os-server}/src/__tests__/shield-metrics.test.ts +0 -0
  800. /package/apps/{gateway → os-server}/src/__tests__/tool-proxy.test.ts +0 -0
  801. /package/apps/{gateway → os-server}/src/__tests__/validateSecrets.test.ts +0 -0
  802. /package/apps/{gateway → os-server}/src/__tests__/validation.test.ts +0 -0
  803. /package/apps/{gateway → os-server}/src/adapters/gateway-cancel-adapter.ts +0 -0
  804. /package/apps/{gateway → os-server}/src/adapters/sentinel-event-stream.ts +0 -0
  805. /package/apps/{gateway → os-server}/src/agents/definitions.ts +0 -0
  806. /package/apps/{gateway → os-server}/src/agents/local-model-provider.ts +0 -0
  807. /package/apps/{gateway → os-server}/src/agents/tools.ts +0 -0
  808. /package/apps/{gateway → os-server}/src/ai-providers/index.ts +0 -0
  809. /package/apps/{gateway → os-server}/src/ai-providers/provider-manager.ts +0 -0
  810. /package/apps/{gateway → os-server}/src/ai-providers/types.ts +0 -0
  811. /package/apps/{gateway → os-server}/src/config/persistence.ts +0 -0
  812. /package/apps/{gateway → os-server}/src/crypto/envelope.ts +0 -0
  813. /package/apps/{gateway → os-server}/src/crypto/mfa-storage.ts +0 -0
  814. /package/apps/{gateway → os-server}/src/db/memory-db.ts +0 -0
  815. /package/apps/{gateway → os-server}/src/db/prisma.ts +0 -0
  816. /package/apps/{gateway → os-server}/src/db/redis.ts +0 -0
  817. /package/apps/{gateway → os-server}/src/devkit/agents-api.ts +0 -0
  818. /package/apps/{gateway → os-server}/src/devkit/metrics-parser.ts +0 -0
  819. /package/apps/{gateway → os-server}/src/devkit/middleware.ts +0 -0
  820. /package/apps/{gateway → os-server}/src/devkit/tools-api.ts +0 -0
  821. /package/apps/{gateway → os-server}/src/metrics/index.ts +0 -0
  822. /package/apps/{gateway → os-server}/src/metrics/monitoring-detail.ts +0 -0
  823. /package/apps/{gateway → os-server}/src/middleware/auth.ts +0 -0
  824. /package/apps/{gateway → os-server}/src/middleware/authApiKey.ts +0 -0
  825. /package/apps/{gateway → os-server}/src/middleware/authJwt.ts +0 -0
  826. /package/apps/{gateway → os-server}/src/middleware/errorHandler.ts +0 -0
  827. /package/apps/{gateway → os-server}/src/middleware/mfa.ts +0 -0
  828. /package/apps/{gateway → os-server}/src/middleware/rateLimit.ts +0 -0
  829. /package/apps/{gateway → os-server}/src/middleware/rbac.ts +0 -0
  830. /package/apps/{gateway → os-server}/src/middleware/validate.ts +0 -0
  831. /package/apps/{gateway → os-server}/src/middleware/validate.ts.backup +0 -0
  832. /package/apps/{gateway → os-server}/src/queue/config.ts +0 -0
  833. /package/apps/{gateway → os-server}/src/queue/index.ts +0 -0
  834. /package/apps/{gateway → os-server}/src/queue/processor.ts +0 -0
  835. /package/apps/{gateway → os-server}/src/queue/sentinel-execute-watch.ts +0 -0
  836. /package/apps/{gateway → os-server}/src/routes/chats.ts +0 -0
  837. /package/apps/{gateway → os-server}/src/routes/mfa.ts +0 -0
  838. /package/apps/{gateway → os-server}/src/routes/shield.ts +0 -0
  839. /package/apps/{gateway → os-server}/src/routes/tool-credentials.ts +0 -0
  840. /package/apps/{gateway → os-server}/src/runs/index.ts +0 -0
  841. /package/apps/{gateway → os-server}/src/runs/memoryRunStore.ts +0 -0
  842. /package/apps/{gateway → os-server}/src/runs/postgresRunStore.ts +0 -0
  843. /package/apps/{gateway → os-server}/src/runs/run-kill.ts +0 -0
  844. /package/apps/{gateway → os-server}/src/runs/run-retention.ts +0 -0
  845. /package/apps/{gateway → os-server}/src/runs/runStore.ts +0 -0
  846. /package/apps/{gateway → os-server}/src/runs/types.ts +0 -0
  847. /package/apps/{gateway → os-server}/src/schemas/runs.ts +0 -0
  848. /package/apps/{gateway → os-server}/src/security/agent-token.ts +0 -0
  849. /package/apps/{gateway → os-server}/src/security/sentinel-config-store.ts +0 -0
  850. /package/apps/{gateway → os-server}/src/security/sentinel-run-failure.ts +0 -0
  851. /package/apps/{gateway → os-server}/src/security/shield-config.ts +0 -0
  852. /package/apps/{gateway → os-server}/src/types/fastify-rate-limit.d.ts +0 -0
  853. /package/apps/{gateway → os-server}/src/utils/circuit-breaker.ts +0 -0
  854. /package/apps/{gateway → os-server}/src/utils/log-encryption.ts +0 -0
  855. /package/apps/{gateway → os-server}/test-all-individual.sh +0 -0
  856. /package/apps/{gateway → os-server}/test-all-phases-final.sh +0 -0
  857. /package/apps/{gateway → os-server}/test-all-phases-fixed-v2.sh +0 -0
  858. /package/apps/{gateway → os-server}/test-all-phases-fixed.sh +0 -0
  859. /package/apps/{gateway → os-server}/test-all-phases.sh +0 -0
  860. /package/apps/{gateway → os-server}/test-concurrency.sh +0 -0
  861. /package/apps/{gateway → os-server}/test-debug.sh +0 -0
  862. /package/apps/{gateway → os-server}/test-e2e.sh +0 -0
  863. /package/apps/{gateway → os-server}/test-extraction.sh +0 -0
  864. /package/apps/{gateway → os-server}/test-full-operations-final.sh +0 -0
  865. /package/apps/{gateway → os-server}/test-full-operations.sh +0 -0
  866. /package/apps/{gateway → os-server}/test-idempotency-only.sh +0 -0
  867. /package/apps/{gateway → os-server}/test-idempotency.sh +0 -0
  868. /package/apps/{gateway → os-server}/test-individual.sh +0 -0
  869. /package/apps/{gateway → os-server}/test-queue.sh +0 -0
  870. /package/apps/{gateway → os-server}/tsconfig.json +0 -0
  871. /package/{mk3-tui → os-tui}/src/ui/connection_portal.rs.backup +0 -0
@@ -1,1506 +0,0 @@
1
- import Fastify from 'fastify';
2
- import { env, initializeNoPersistenceMode, isMemoryMode, memoryLogger, getBlockedWarnings, createLogger, Logger } from '@4runr/shared';
3
- import { getPersistenceMode } from './config/persistence.js';
4
- import { getRunStore } from './runs/index.js';
5
- import { requireAuth } from './middleware/auth.js';
6
- import { readRateLimit, writeRateLimit, strictRateLimit } from './middleware/rateLimit.js';
7
- import { validateBody, validateQuery, validateParams } from './middleware/validate.js';
8
- import { addCorrelationId, getCorrelationId } from './middleware/correlationId.js';
9
- import { setSecurityHeaders, validateSecrets, logSecurityValidation } from './middleware/security.js';
10
- import { applyShieldConfigFromEnv, logShieldConfigValidation } from './security/shield-config.js';
11
- import { applyRunKill, isTerminalRunStatus, setRunKillSideEffects } from './runs/run-kill.js';
12
- import { createGatewayCancelAdapter } from './adapters/gateway-cancel-adapter.js';
13
- import { publishSentinelPolicyViolationFireAndForget } from './adapters/redis-sentinel-publisher.js';
14
- import { setCancelAdapter, setPolicyViolationPublisher } from '@4runr/sentinel';
15
- import { errorHandler, handleValidationError, handleNotFound } from './middleware/errorHandler.js';
16
- import { performHealthChecks, isAlive, computeReady } from './health/index.js';
17
- import {
18
- createRunSchema,
19
- listRunsQuerySchema,
20
- runIdParamSchema,
21
- updateRunStatusSchema,
22
- workspacePlanSchema,
23
- registryPublishSchema,
24
- privacyToggleSchema
25
- } from './schemas/runs.js';
26
- import { disconnectPrisma } from './db/prisma.js';
27
- import { getRedisClient, disconnectRedis, isRedisAvailable } from './db/redis.js';
28
- import {
29
- createIdempotencyMiddleware,
30
- captureIdempotencyResponse,
31
- } from '../../../packages/middleware/idempotency/idempotency.js';
32
- import type { IdempotencyStore } from '../../../packages/adapters/redis/IdempotencyStore.js';
33
-
34
- type IdempotencyPreHandler = ReturnType<typeof createIdempotencyMiddleware>;
35
- // Idempotency stores - will be imported dynamically where needed
36
- import { Sentinel } from '@4runr/sentinel';
37
- import { Shield } from '@4runr/shield';
38
- import { GatewayEventStream } from './adapters/sentinel-event-stream.js';
39
- import {
40
- initializeQueue,
41
- queueRunExecution,
42
- shutdownQueue,
43
- getQueue,
44
- } from './queue/index.js';
45
- import { setProcessorContext } from './queue/processor.js';
46
- import {
47
- getMetrics,
48
- httpRequestDuration,
49
- httpRequestTotal,
50
- httpRequestErrors,
51
- runsCreated,
52
- runsStarted,
53
- runsCompleted,
54
- runsDuration,
55
- runsActive,
56
- sseConnectionsOpened,
57
- sseConnectionsClosed,
58
- sseActiveConnections,
59
- sseMessagesTotal,
60
- idempotencyHits,
61
- idempotencyMisses,
62
- idempotencyConflicts,
63
- idempotencyStoreSize,
64
- rateLimitHits,
65
- authSuccess,
66
- authFailures,
67
- queueJobsQueued,
68
- queueJobsCompleted,
69
- queueJobsFailed,
70
- queueJobDuration,
71
- queueJobsWaiting,
72
- queueJobsActive,
73
- healthCheckTotal,
74
- } from './metrics/index.js';
75
- import path from 'path';
76
- import { registerDevKitRoutes } from './devkit/routes.js';
77
- import { mfaRoutes } from './routes/mfa.js';
78
- import { gdprRoutes } from './routes/gdpr.js';
79
- import { registerMonitoringRoutes } from './routes/monitoring.js';
80
- import { ddosProtection } from './middleware/ddos-protection.js';
81
- import { wrapLoggerForMonitoring } from './middleware/log-capture.js';
82
- import { initializeDatabase, shutdownDatabase } from './db/init.js';
83
- import type { PrismaClient } from '@prisma/client';
84
- import { applyPersistedSentinelConfig } from './security/sentinel-config-store.js';
85
-
86
- // Initialize no-persistence mode BEFORE any other initialization (only in memory mode)
87
- // This must happen before any filesystem writes or database connections
88
- const projectRoot = process.cwd();
89
- const persistenceMode = getPersistenceMode();
90
-
91
- if (persistenceMode === 'memory') {
92
- initializeNoPersistenceMode(projectRoot);
93
- }
94
-
95
- // Create structured logger (will be updated per-request with correlation ID)
96
- let baseLogger = isMemoryMode ? memoryLogger : createLogger('Gateway');
97
-
98
- // Wrap logger to capture logs for monitoring endpoints (Phase 0)
99
- baseLogger = wrapLoggerForMonitoring(baseLogger);
100
-
101
- const PORT = env.PORT;
102
- const HOST = env.HOST;
103
- /** Monitoring-style routes skip `requireAuth` only when Gateway binds to loopback (`AUTH_ENABLED` still applies elsewhere in `requireAuth`). */
104
- const isLocalBind = HOST === '127.0.0.1' || HOST === 'localhost';
105
-
106
- // Initialize run store lazily (memory or postgres based on GATEWAY_PERSISTENCE)
107
- // Don't initialize PostgresRunStore here as it requires Prisma client which may not be generated yet
108
- let runStore: ReturnType<typeof getRunStore> | null = null;
109
- const getStore = () => {
110
- if (!runStore) {
111
- runStore = getRunStore();
112
- }
113
- return runStore;
114
- };
115
-
116
- // Database client (will be initialized during startup)
117
- let dbClient: PrismaClient | null = null;
118
-
119
- // Initialize idempotency store
120
- // CRITICAL: Initialize synchronously - this MUST complete before routes register
121
- const ttlSeconds = 24 * 60 * 60; // 24 hours
122
- let idempotencyStore: IdempotencyStore | null = null;
123
- let idempotencyMiddleware: IdempotencyPreHandler | null = null;
124
-
125
- // Synchronous initialization - wrapped in IIFE to ensure execution
126
- (async function initializeIdempotencySync() {
127
- try {
128
- // Dynamic import to handle module resolution
129
- const { InMemoryIdempotencyStore } = await import('../../../packages/adapters/redis/IdempotencyStore.js');
130
- idempotencyStore = new InMemoryIdempotencyStore(ttlSeconds);
131
- idempotencyMiddleware = createIdempotencyMiddleware({
132
- enabled: true,
133
- ttlSeconds,
134
- store: idempotencyStore,
135
- });
136
- baseLogger.info('[IDEMPOTENCY] Middleware initialized synchronously');
137
- } catch (error) {
138
- const errorMsg = error instanceof Error ? error.message : String(error);
139
- const errorStack = error instanceof Error ? error.stack : undefined;
140
- baseLogger.error('[IDEMPOTENCY] Failed to initialize', {
141
- error: errorMsg,
142
- stack: errorStack
143
- });
144
- // Continue without idempotency - better than crashing
145
- }
146
- })();
147
-
148
- // Try to upgrade to Redis if available (non-blocking)
149
- async function initializeIdempotency() {
150
- try {
151
- const redisClient = await getRedisClient();
152
- if (redisClient) {
153
- const { RedisIdempotencyStore } = await import('../../../packages/adapters/redis/IdempotencyStore.js');
154
- const redisStore = new RedisIdempotencyStore(redisClient, ttlSeconds);
155
- idempotencyStore = redisStore;
156
- idempotencyMiddleware = createIdempotencyMiddleware({
157
- enabled: true,
158
- ttlSeconds,
159
- store: redisStore,
160
- });
161
- baseLogger.info('Idempotency store upgraded to Redis');
162
- } else {
163
- baseLogger.warn('Idempotency store using in-memory fallback (Redis not available)');
164
- }
165
- } catch (err) {
166
- baseLogger.error('Failed to initialize Redis idempotency store', { error: err instanceof Error ? err.message : String(err) });
167
- baseLogger.warn('Continuing with in-memory idempotency store');
168
- }
169
- }
170
-
171
- // Initialize Redis upgrade in background (non-blocking)
172
- initializeIdempotency().catch(() => {
173
- // Already handled in function
174
- });
175
-
176
- // Create Fastify instance
177
- const fastify = Fastify({
178
- logger: false, // We use our own structured logger
179
- trustProxy: true
180
- });
181
-
182
- // Add security headers middleware (before other hooks)
183
- fastify.addHook('onRequest', async (request, reply) => {
184
- await setSecurityHeaders(request, reply);
185
- });
186
-
187
- // Add correlation ID middleware globally
188
- fastify.addHook('onRequest', async (request, reply) => {
189
- await addCorrelationId(request, reply);
190
-
191
- const correlationId = getCorrelationId(request);
192
- if (correlationId) {
193
- const requestLogger = wrapLoggerForMonitoring(createLogger('Gateway'));
194
- requestLogger.setCorrelationId(correlationId);
195
- (request as any).logger = requestLogger;
196
- } else {
197
- (request as any).logger = baseLogger;
198
- }
199
- });
200
-
201
- // Add request timing and metrics
202
- fastify.addHook('onRequest', async (request, reply) => {
203
- (request as any).startTime = Date.now();
204
- });
205
-
206
- fastify.addHook('onResponse', async (request, reply) => {
207
- const startTime = (request as any).startTime;
208
- if (startTime) {
209
- const duration = (Date.now() - startTime) / 1000; // Convert to seconds
210
- const method = request.method;
211
- const route = (request as any).routeOptions?.url || request.url.split('?')[0] || 'unknown';
212
- const statusCode = reply.statusCode;
213
-
214
- // Record metrics
215
- httpRequestDuration.observe({ method, route, status_code: statusCode }, duration);
216
- httpRequestTotal.inc({ method, route, status_code: statusCode });
217
-
218
- if (statusCode >= 400) {
219
- httpRequestErrors.inc({ method, route, error_type: statusCode >= 500 ? 'server_error' : 'client_error' });
220
- }
221
- }
222
- });
223
-
224
- // Configure content type parser to handle empty bodies
225
- fastify.addContentTypeParser('application/json', { parseAs: 'string' }, function (req, body, done) {
226
- try {
227
- if (body === '') {
228
- done(null, {});
229
- } else {
230
- const json = JSON.parse(body as string);
231
- done(null, json);
232
- }
233
- } catch (err) {
234
- const error = err as Error;
235
- (error as any).statusCode = 400;
236
- done(error, undefined);
237
- }
238
- });
239
-
240
- // Register global error handler
241
- fastify.setErrorHandler((error, request, reply) => {
242
- if ((error as any).validation) {
243
- handleValidationError(error as any, request, reply);
244
- } else {
245
- errorHandler(error as Error, request, reply);
246
- }
247
- });
248
-
249
- // Register 404 handler
250
- fastify.setNotFoundHandler((request, reply) => {
251
- handleNotFound(request, reply);
252
- });
253
-
254
- // === DATABASE INITIALIZATION ===
255
- // Initialize database (Docker auto-start or existing connection)
256
- // Must happen before DevKit routes (they require Prisma)
257
- baseLogger.info('Initializing database...');
258
- const dbResult = await initializeDatabase(baseLogger);
259
-
260
- if (dbResult.mode === 'memory') {
261
- baseLogger.warn('⚠️ Running in memory-only mode. Data will not persist across restarts.');
262
- if (dbResult.error) {
263
- baseLogger.warn(`Database initialization failed: ${dbResult.error}`);
264
- }
265
- if (dbResult.warnings) {
266
- dbResult.warnings.forEach(w => baseLogger.warn(` • ${w}`));
267
- }
268
- } else {
269
- baseLogger.info(`✓ Database ready (${dbResult.mode} mode)`);
270
- dbClient = dbResult.client;
271
- }
272
-
273
- // Register DevKit routes (dev-only API namespace)
274
- // Must be registered before other routes to ensure proper priority
275
- // Only available when we have a real database (not memory mode)
276
- if (dbResult.client && persistenceMode !== 'memory') {
277
- baseLogger.info('Registering DevKit routes...');
278
- registerDevKitRoutes(fastify);
279
- baseLogger.info('✓ DevKit routes registered');
280
- } else {
281
- baseLogger.info('DevKit routes disabled (memory mode)');
282
- }
283
-
284
- // Health endpoint (liveness probe - no auth required)
285
- fastify.get('/health', async (request, reply) => {
286
- const alive = isAlive();
287
- const { getMetricsSummary } = await import('./metrics/index.js');
288
- const summary = await getMetricsSummary();
289
- const healthChecks = await performHealthChecks(); // S5: include Shield + all checks
290
-
291
- const statusCode = alive ? 200 : 503;
292
- reply.status(statusCode);
293
-
294
- // Track actual HTTP status (not just 200)
295
- healthCheckTotal.inc({ endpoint: '/health', status: String(statusCode) });
296
-
297
- return {
298
- ok: alive,
299
- status: alive ? 'alive' : 'dead',
300
- time: new Date().toISOString(),
301
- uptime: summary.uptime,
302
- memory: summary.memory,
303
- cpu: summary.cpu,
304
- persistence: persistenceMode,
305
- /** 4Runr platform DB: docker = Postgres via Docker; memory = no DB */
306
- fourRunrDb: {
307
- mode: dbResult.mode,
308
- prismaConnected: !!dbClient,
309
- },
310
- auth: {
311
- enabled: env.AUTH_ENABLED,
312
- mode: env.AUTH_MODE
313
- },
314
- rateLimit: {
315
- enabled: env.RATE_LIMIT_ENABLED,
316
- max: env.RATE_LIMIT_MAX,
317
- window_ms: env.RATE_LIMIT_WINDOW_MS
318
- },
319
- checks: healthChecks.checks, // S5: dependency + Shield health
320
- };
321
- });
322
-
323
- // Readiness endpoint (checks all dependencies)
324
- fastify.get('/ready', async (request, reply) => {
325
- const health = await performHealthChecks();
326
- const ready = computeReady(health);
327
-
328
- const statusCode = ready ? 200 : 503;
329
- reply.status(statusCode);
330
-
331
- healthCheckTotal.inc({ endpoint: '/ready', status: String(statusCode) });
332
-
333
- return {
334
- ready,
335
- status: health.status,
336
- timestamp: new Date().toISOString(),
337
- checks: health.checks
338
- };
339
- });
340
-
341
- // Liveness endpoint (simple alive check)
342
- fastify.get('/liveness', async (request, reply) => {
343
- const alive = isAlive();
344
- const statusCode = alive ? 200 : 503;
345
- reply.status(statusCode);
346
-
347
- return {
348
- alive,
349
- timestamp: new Date().toISOString()
350
- };
351
- });
352
-
353
- // Startup probe (check if server has started)
354
- fastify.get('/startup', async (request, reply) => {
355
- // Server is started if this endpoint is accessible
356
- return {
357
- started: true,
358
- timestamp: new Date().toISOString()
359
- };
360
- });
361
-
362
- // In-memory storage for SSE connections
363
- const sseConnections = new Map<string, Set<any>>();
364
-
365
- // Sentinel integration - event streams for each run
366
- const sentinelEventStreams = new Map<string, GatewayEventStream>();
367
- const sentinel = Sentinel.getInstance();
368
- applyPersistedSentinelConfig(sentinel, baseLogger);
369
-
370
- // Shield integration - AI Safety Layer (mode from SENTINEL_SHIELD_MODE — see shield-config.ts)
371
- const shield = Shield.getInstance();
372
- applyShieldConfigFromEnv(shield, env.SENTINEL_SHIELD_MODE);
373
-
374
- // Initialize queue system
375
- // Queue will be initialized during server startup
376
- let queueInitialized = false;
377
-
378
- // Metrics endpoint (no auth required)
379
- fastify.get('/metrics', async (request, reply) => {
380
- reply.header('X-Gateway', 'main');
381
-
382
- // Update gauge metrics
383
- const activeConnections = Array.from(sseConnections.values()).reduce((sum, connections) => sum + connections.size, 0);
384
- sseActiveConnections.set(activeConnections);
385
-
386
- const runQueue = getQueue();
387
- if (runQueue) {
388
- try {
389
- // BullMQ v4+ getJobCounts: pass state names as separate args, returns exact keys
390
- const counts = await runQueue.getJobCounts(
391
- 'waiting',
392
- 'active',
393
- 'completed',
394
- 'failed',
395
- 'delayed',
396
- 'paused'
397
- ) as Record<string, number>;
398
- const waiting = counts['waiting'] ?? 0;
399
- const activeJobs = counts['active'] ?? 0;
400
- queueJobsWaiting.set({ queue: 'run-execution' }, waiting);
401
- queueJobsActive.set({ queue: 'run-execution' }, activeJobs);
402
- } catch (err) {
403
- baseLogger.warn('Failed to refresh queue depth metrics', {
404
- error: err instanceof Error ? err.message : String(err),
405
- });
406
- }
407
- }
408
-
409
- // Get Prometheus metrics
410
- const prometheusMetrics = await getMetrics();
411
-
412
- reply.type('text/plain');
413
- return prometheusMetrics;
414
- });
415
-
416
- // Enhanced monitoring endpoint for dashboards
417
- fastify.get(
418
- '/api/monitoring/summary',
419
- {
420
- ...(!isLocalBind && { preHandler: [requireAuth, readRateLimit] }),
421
- },
422
- async (request, reply) => {
423
- const { getMetricsSummary } = await import('./metrics/index.js');
424
- const summary = await getMetricsSummary();
425
-
426
- const dependencies = await performHealthChecks();
427
- const readyStatus = computeReady(dependencies);
428
-
429
- return {
430
- status: dependencies.status,
431
- alive: isAlive(),
432
- ready: readyStatus,
433
- uptime: summary.uptime,
434
- memory: summary.memory,
435
- cpu: summary.cpu,
436
- dependencies,
437
- timestamp: summary.timestamp,
438
- persistence: persistenceMode,
439
- database: {
440
- mode: dbResult.mode,
441
- connected: !!dbClient,
442
- },
443
- };
444
- }
445
- );
446
-
447
- // Register advanced monitoring routes (Phase 0)
448
- // SECURITY: In production, these require auth. For local dev (127.0.0.1), consider skipping auth.
449
- // Deployment guidance: use network policy to restrict access or enable requireAuth.
450
- registerMonitoringRoutes(fastify, {
451
- requireAuth: isLocalBind ? false : requireAuth, // Explicitly false for local bind, function for non-loopback
452
- readRateLimit: readRateLimit,
453
- });
454
-
455
- // Apply DDoS protection globally (before other middleware)
456
- fastify.addHook('onRequest', ddosProtection);
457
-
458
- // Workspace plan endpoint (requires auth)
459
- fastify.post('/api/workspace/plan', {
460
- preHandler: [requireAuth, writeRateLimit, validateBody(workspacePlanSchema)],
461
- }, async (request, reply) => {
462
- const body = request.body as any;
463
- const logger = (request as any).logger || baseLogger;
464
- logger.info('Setting workspace plan', { prompt: body.prompt?.substring(0, 50) });
465
-
466
- return {
467
- success: true,
468
- prompt: body.prompt,
469
- updated_at: new Date().toISOString()
470
- };
471
- });
472
-
473
- // Create run endpoint (requires auth)
474
- const preHandlers = [
475
- requireAuth,
476
- writeRateLimit,
477
- validateBody(createRunSchema),
478
- ];
479
-
480
- // Add idempotency middleware if available
481
-
482
- if (idempotencyMiddleware) {
483
- preHandlers.push(idempotencyMiddleware);
484
- baseLogger.info('[IDEMPOTENCY] Middleware added to /api/runs route');
485
- } else {
486
- baseLogger.warn('[IDEMPOTENCY] Middleware not available for /api/runs route');
487
- }
488
-
489
- // AI Provider routes
490
- try {
491
- const { aiProviderRoutes } = await import('./routes/ai-providers-simple.js');
492
- await aiProviderRoutes(fastify);
493
- baseLogger.info('AI Provider routes registered');
494
-
495
- // Load stored credentials from Redis on startup (only if Redis available)
496
- // Don't block server startup or spam retry logs when Redis is down
497
- Promise.resolve().then(async () => {
498
- try {
499
- // Check if Redis is actually available before instantiating client
500
- const redisAvailable = await isRedisAvailable();
501
- if (!redisAvailable) {
502
- baseLogger.info('Redis not available, skipping credential store initialization');
503
- return;
504
- }
505
-
506
- const { getCredentialsStore } = await import('./ai-providers/redis-credentials-store.js');
507
- const credStore = getCredentialsStore();
508
-
509
- // Race the loadAllToEnv() against a 5-second timeout
510
- const timeoutPromise = new Promise((_, reject) =>
511
- setTimeout(() => reject(new Error('Redis credential load timed out after 5s')), 5000)
512
- );
513
-
514
- await Promise.race([
515
- credStore.loadAllToEnv(),
516
- timeoutPromise
517
- ]);
518
-
519
- baseLogger.info('AI Provider credentials loaded from Redis');
520
- } catch (credError) {
521
- baseLogger.warn('Failed to load AI credentials from Redis (non-critical)', {
522
- error: credError instanceof Error ? credError.message : String(credError)
523
- });
524
- }
525
- }).catch((err) => {
526
- baseLogger.warn('Redis credential loading failed, continuing without stored credentials');
527
- });
528
- } catch (error) {
529
- baseLogger.warn('AI Provider routes not available', { error });
530
- }
531
-
532
- // Chat history routes
533
- try {
534
- const { chatRoutes } = await import('./routes/chats.js');
535
- await chatRoutes(fastify);
536
- baseLogger.info('Chat history routes registered');
537
- } catch (error) {
538
- baseLogger.warn('Chat history routes not available', { error });
539
- }
540
-
541
- // LAYER 2: Tool Credentials Management (Zero-Trust Tool Access)
542
- try {
543
- const { toolCredentialRoutes } = await import('./routes/tool-credentials.js');
544
- await toolCredentialRoutes(fastify);
545
- baseLogger.info('Tool credential routes registered (Layer 2 - Storage)');
546
- } catch (error) {
547
- baseLogger.warn('Tool credential routes not available', { error: error instanceof Error ? error.message : String(error) });
548
- }
549
-
550
- // LAYER 2: Tool Proxy (Zero-Trust Execution)
551
- try {
552
- const { toolProxyRoutes } = await import('./routes/tool-proxy.js');
553
- await toolProxyRoutes(fastify);
554
- baseLogger.info('Tool proxy routes registered (Layer 2 - Execution)');
555
- } catch (error) {
556
- baseLogger.warn('Tool proxy routes not available', { error: error instanceof Error ? error.message : String(error) });
557
- }
558
-
559
- // SENTINEL: Policy Management Routes
560
- try {
561
- const { sentinelPolicyRoutes } = await import('./routes/sentinel-policies.js');
562
- await sentinelPolicyRoutes(fastify);
563
- baseLogger.info('Sentinel policy routes registered');
564
- } catch (error) {
565
- baseLogger.warn('Sentinel policy routes not available', { error: error instanceof Error ? error.message : String(error) });
566
- }
567
-
568
- // SENTINEL: Predictive Routes
569
- try {
570
- const { sentinelPredictiveRoutes } = await import('./routes/sentinel-predictive.js');
571
- await sentinelPredictiveRoutes(fastify);
572
- baseLogger.info('Sentinel predictive routes registered');
573
- } catch (error) {
574
- baseLogger.warn('Sentinel predictive routes not available', { error: error instanceof Error ? error.message : String(error) });
575
- }
576
-
577
- // SHIELD: AI Safety Layer Routes
578
- try {
579
- baseLogger.info('Attempting to register Shield routes...');
580
- const { shieldRoutes } = await import('./routes/shield.js');
581
- baseLogger.info('Shield routes module imported successfully');
582
- await shieldRoutes(fastify);
583
- baseLogger.info('Shield routes registered successfully');
584
- } catch (error) {
585
- baseLogger.error('Shield routes registration failed', {
586
- error: error instanceof Error ? error.message : String(error),
587
- stack: error instanceof Error ? error.stack : undefined
588
- });
589
- }
590
-
591
- // MFA and GDPR routes will be registered in start() function
592
-
593
- fastify.post('/api/runs', {
594
- preHandler: preHandlers,
595
- onSend: [captureIdempotencyResponse],
596
- }, async (request, reply) => {
597
- const body = request.body as any;
598
- const logger = (request as any).logger || baseLogger;
599
-
600
- // Check for idempotency token (clientToken) - legacy support
601
- if (body.clientToken && !request.headers['idempotency-key']) {
602
- const existingRun = await getStore().getRunByClientToken(body.clientToken);
603
- if (existingRun) {
604
- idempotencyHits.inc();
605
- reply.status(200);
606
- return {
607
- success: true,
608
- run: existingRun,
609
- idempotent: true
610
- };
611
- }
612
- }
613
-
614
- // Create new run
615
- const runStartTime = Date.now();
616
- const run = await getStore().createRun({
617
- id: body.id,
618
- name: body.name || 'Test Run',
619
- input: body.input || null,
620
- clientToken: body.clientToken || null,
621
- tags: body.tags || []
622
- });
623
-
624
- runsCreated.inc({ status: run.status });
625
- runsActive.inc();
626
- logger.info('Run created', { runId: run.id, name: run.name });
627
-
628
- const { scheduleRunRetentionEnforcement } = await import('./runs/run-retention.js');
629
- scheduleRunRetentionEnforcement();
630
-
631
- // Create Sentinel event stream for this run
632
- const eventStream = new GatewayEventStream();
633
- sentinelEventStreams.set(run.id, eventStream);
634
-
635
- // Emit created event
636
- eventStream.emitCreated(run.id);
637
-
638
- // Emit events to any waiting SSE connections
639
- const connections = sseConnections.get(run.id);
640
- if (connections) {
641
- connections.forEach(connection => {
642
- connection.write(`event: log\ndata: ${JSON.stringify({
643
- type: 'run_created',
644
- runId: run.id,
645
- timestamp: new Date().toISOString()
646
- })}\n\n`);
647
- sseMessagesTotal.inc();
648
- });
649
- }
650
-
651
- reply.status(201);
652
- return {
653
- success: true,
654
- run: run
655
- };
656
- });
657
-
658
- // List all runs endpoint (requires auth)
659
- fastify.get('/api/runs', {
660
- preHandler: [requireAuth, readRateLimit, validateQuery(listRunsQuerySchema)],
661
- }, async (request, reply) => {
662
- const query = request.query as any;
663
- const filter: any = {};
664
-
665
- if (query.status) {
666
- filter.status = query.status;
667
- }
668
- if (query.tag) {
669
- filter.tag = query.tag;
670
- }
671
- if (query.limit) {
672
- filter.limit = parseInt(query.limit, 10);
673
- }
674
-
675
- const runs = await getStore().listRuns(filter);
676
- return { runs };
677
- });
678
-
679
- // Get run endpoint (requires auth)
680
- fastify.get('/api/runs/:id', {
681
- preHandler: [requireAuth, readRateLimit, validateParams(runIdParamSchema)],
682
- }, async (request, reply) => {
683
- const { id } = request.params as { id: string };
684
- const run = await getStore().getRunById(id);
685
-
686
- if (!run) {
687
- return reply.status(404).send({ error: 'Run not found' });
688
- }
689
-
690
- // Return the run data directly (not wrapped in success/run)
691
- return run;
692
- });
693
-
694
- // Start run endpoint (requires auth)
695
- fastify.post('/api/runs/:id/start', {
696
- preHandler: [requireAuth, writeRateLimit, validateParams(runIdParamSchema)],
697
- }, async (request, reply) => {
698
- const { id } = request.params as { id: string };
699
- const body = request.body as any;
700
- const run = await getStore().getRunById(id);
701
-
702
- if (!run) {
703
- return reply.status(404).send({ error: 'Run not found' });
704
- }
705
-
706
- // Check if run is already running, queued, completed, or failed
707
- if (run.status === 'running' || run.status === 'queued' || run.status === 'completed' || run.status === 'failed') {
708
- return reply.status(400).send({
709
- error: `Run is already ${run.status}`,
710
- run
711
- });
712
- }
713
-
714
- const logger = (request as any).logger || baseLogger;
715
-
716
- // Get priority from request body (default: normal)
717
- const priority = body?.priority || 'normal';
718
- if (!['high', 'normal', 'low'].includes(priority)) {
719
- return reply.status(400).send({
720
- error: 'Invalid priority. Must be: high, normal, or low'
721
- });
722
- }
723
-
724
- // Update run status to queued if queue is available, otherwise running
725
- const queue = getQueue();
726
- if (queue) {
727
- // Queue is available - queue the job
728
- try {
729
- await getStore().updateRunStatus(id, 'queued', {
730
- startedAt: null // Will be set when job starts processing
731
- });
732
-
733
- await queueRunExecution(id, priority);
734
- queueJobsQueued.inc({ queue: 'run-execution', priority });
735
-
736
- logger.info('Run queued for execution', { runId: id, priority });
737
-
738
- const updatedRun = await getStore().getRunById(id);
739
-
740
- // Emit queued event to SSE connections
741
- const connections = sseConnections.get(id);
742
- if (connections) {
743
- connections.forEach(connection => {
744
- connection.write(`event: log\ndata: ${JSON.stringify({
745
- type: 'run_queued',
746
- runId: id,
747
- status: 'queued',
748
- priority,
749
- timestamp: new Date().toISOString()
750
- })}\n\n`);
751
- sseMessagesTotal.inc();
752
- });
753
- }
754
-
755
- return {
756
- success: true,
757
- run: updatedRun,
758
- queued: true
759
- };
760
- } catch (error) {
761
- logger.error('Failed to queue run execution', {
762
- runId: id,
763
- error: error instanceof Error ? error.message : String(error)
764
- });
765
- return reply.status(500).send({
766
- error: 'Failed to queue run execution',
767
- message: error instanceof Error ? error.message : String(error)
768
- });
769
- }
770
- } else {
771
- // Queue not available - fall back to synchronous execution
772
- logger.warn('Queue not available, using synchronous execution', { runId: id });
773
-
774
- await getStore().updateRunStatus(id, 'running', {
775
- startedAt: new Date().toISOString()
776
- });
777
-
778
- runsStarted.inc();
779
- const updatedRun = await getStore().getRunById(id);
780
-
781
- // Start Sentinel monitoring for this run
782
- const eventStream = sentinelEventStreams.get(id);
783
- if (eventStream) {
784
- if (sentinel.isEnabled()) {
785
- sentinel.watchRun(id, eventStream);
786
- logger.info('Sentinel watching run', { runId: id });
787
- }
788
- eventStream.emitStarted(id);
789
- }
790
-
791
- // Emit events to SSE connections
792
- const connections = sseConnections.get(id);
793
- if (connections) {
794
- connections.forEach(connection => {
795
- connection.write(`event: log\ndata: ${JSON.stringify({
796
- type: 'run_started',
797
- runId: id,
798
- status: 'running',
799
- timestamp: new Date().toISOString()
800
- })}\n\n`);
801
- sseMessagesTotal.inc();
802
- });
803
- }
804
-
805
- // Fallback to setTimeout for synchronous execution
806
- const runStartTime = Date.now();
807
- setTimeout(async () => {
808
- const currentRun = await getStore().getRunById(id);
809
- if (currentRun && currentRun.status === 'running') {
810
- const runDuration = (Date.now() - runStartTime) / 1000;
811
- await getStore().updateRunStatus(id, 'completed', {
812
- completedAt: new Date().toISOString(),
813
- output: { result: 'Run completed successfully' },
814
- logs: [
815
- ...(currentRun.logs || []),
816
- {
817
- timestamp: new Date().toISOString(),
818
- level: 'info',
819
- message: 'Run completed'
820
- }
821
- ]
822
- });
823
-
824
- runsCompleted.inc({ status: 'completed' });
825
- runsDuration.observe({ status: 'completed' }, runDuration);
826
- runsActive.dec();
827
-
828
- const eventStream = sentinelEventStreams.get(id);
829
- if (eventStream) {
830
- eventStream.emitFinish(id, 'ok');
831
- }
832
-
833
- sentinelEventStreams.delete(id);
834
-
835
- const connections = sseConnections.get(id);
836
- if (connections) {
837
- connections.forEach(connection => {
838
- connection.write(`event: end\ndata: ${JSON.stringify({
839
- type: 'run_completed',
840
- runId: id,
841
- status: 'completed',
842
- timestamp: new Date().toISOString()
843
- })}\n\n`);
844
- sseMessagesTotal.inc();
845
- });
846
- }
847
- }
848
- }, 3000);
849
-
850
- logger.info('Run started (synchronous)', { runId: id });
851
-
852
- return {
853
- success: true,
854
- run: updatedRun,
855
- queued: false
856
- };
857
- }
858
- });
859
-
860
- // Cancel/kill run endpoint (requires auth) - Sentinel kill switch
861
- fastify.post('/api/runs/:id/cancel', {
862
- preHandler: [requireAuth, writeRateLimit, validateParams(runIdParamSchema)],
863
- }, async (request, reply) => {
864
- const { id } = request.params as { id: string };
865
- const body = request.body as { reason?: string };
866
- const run = await getStore().getRunById(id);
867
-
868
- if (!run) {
869
- return reply.status(404).send({ error: 'Run not found' });
870
- }
871
-
872
- const logger = (request as any).logger || baseLogger;
873
- const reason = body.reason || 'manual_cancellation';
874
-
875
- if (isTerminalRunStatus(run.status)) {
876
- return {
877
- success: true,
878
- idempotent: true,
879
- runId: id,
880
- status: run.status,
881
- message: `Run already ${run.status}`,
882
- };
883
- }
884
-
885
- try {
886
- if (sentinel.isEnabled()) {
887
- sentinel.syncExternalKill(id, reason);
888
- } else {
889
- const eventStream = sentinelEventStreams.get(id);
890
- eventStream?.emitFinish(id, 'canceled');
891
- }
892
-
893
- const result = await applyRunKill(id, reason);
894
-
895
- return {
896
- success: true,
897
- idempotent: result.idempotent,
898
- message: result.idempotent ? 'Run already terminal' : 'Run canceled successfully',
899
- runId: id,
900
- status: result.status,
901
- };
902
- } catch (error) {
903
- logger.error('Failed to cancel run', {
904
- runId: id,
905
- error: error instanceof Error ? error.message : String(error)
906
- });
907
- return reply.status(500).send({
908
- error: 'Failed to cancel run',
909
- message: error instanceof Error ? error.message : String(error)
910
- });
911
- }
912
- });
913
-
914
- // SSE endpoint for run logs - TOLERANT of pre-run subscriptions (requires auth)
915
- fastify.get('/api/runs/:id/logs/stream', {
916
- preHandler: [requireAuth, readRateLimit, validateParams(runIdParamSchema)],
917
- }, async (request, reply) => {
918
- const { id } = request.params as { id: string };
919
- const run = await getStore().getRunById(id);
920
-
921
- // Don't 404 if run doesn't exist - keep connection open for pre-run subscriptions
922
- reply.raw.writeHead(200, {
923
- 'Content-Type': 'text/event-stream',
924
- 'Cache-Control': 'no-cache',
925
- 'Connection': 'keep-alive',
926
- 'Access-Control-Allow-Origin': '*'
927
- });
928
-
929
- // Track this connection
930
- if (!sseConnections.has(id)) {
931
- sseConnections.set(id, new Set());
932
- }
933
- sseConnections.get(id)!.add(reply.raw);
934
- sseConnectionsOpened.inc();
935
- sseActiveConnections.inc();
936
- sseMessagesTotal.inc();
937
-
938
- let messageId = 1;
939
- const lastEventId = request.headers['last-event-id'];
940
- if (lastEventId && !isNaN(Number(lastEventId))) {
941
- messageId = Number(lastEventId) + 1;
942
- }
943
-
944
- const sendEvent = (data: any) => {
945
- reply.raw.write(`id: ${messageId++}\n`);
946
- reply.raw.write(`data: ${JSON.stringify(data)}\n\n`);
947
- sseMessagesTotal.inc();
948
- };
949
-
950
- // Send initial connection event
951
- sendEvent({
952
- type: 'connected',
953
- runId: id,
954
- timestamp: new Date().toISOString()
955
- });
956
-
957
- // Send heartbeat every 15 seconds to keep connection alive
958
- const heartbeatInterval = setInterval(() => {
959
- reply.raw.write(': keepalive\n\n');
960
- }, 15000);
961
-
962
- // Send run status updates every 5 seconds (if run exists)
963
- const statusInterval = setInterval(async () => {
964
- const currentRun = await getStore().getRunById(id);
965
- if (currentRun) {
966
- sendEvent({
967
- type: 'status_update',
968
- runId: id,
969
- status: currentRun.status,
970
- timestamp: new Date().toISOString()
971
- });
972
- }
973
- }, 5000);
974
-
975
- // Clean up on disconnect
976
- request.raw.on('close', () => {
977
- clearInterval(heartbeatInterval);
978
- clearInterval(statusInterval);
979
-
980
- // Remove from tracking
981
- const connections = sseConnections.get(id);
982
- if (connections) {
983
- connections.delete(reply.raw);
984
- sseConnectionsClosed.inc();
985
- sseActiveConnections.dec();
986
- if (connections.size === 0) {
987
- sseConnections.delete(id);
988
- }
989
- }
990
- });
991
- });
992
-
993
- // SSE endpoint for S2 harness pattern (without run ID)
994
- fastify.get(
995
- '/api/runs/logs/stream',
996
- {
997
- ...(!isLocalBind && { preHandler: [requireAuth, readRateLimit] }),
998
- },
999
- async (request, reply) => {
1000
- // Don't 404 - keep connection open for S2 harness
1001
- reply.raw.writeHead(200, {
1002
- 'Content-Type': 'text/event-stream',
1003
- 'Cache-Control': 'no-cache',
1004
- 'Connection': 'keep-alive',
1005
- 'Access-Control-Allow-Origin': '*'
1006
- });
1007
-
1008
- // Track this connection with a generic ID
1009
- const genericId = 's2-harness-generic';
1010
- if (!sseConnections.has(genericId)) {
1011
- sseConnections.set(genericId, new Set());
1012
- }
1013
- sseConnections.get(genericId)!.add(reply.raw);
1014
- sseConnectionsOpened.inc();
1015
- sseActiveConnections.inc();
1016
- sseMessagesTotal.inc();
1017
-
1018
- let messageId = 1;
1019
- const lastEventId = request.headers['last-event-id'];
1020
- if (lastEventId && !isNaN(Number(lastEventId))) {
1021
- messageId = Number(lastEventId) + 1;
1022
- }
1023
-
1024
- const sendEvent = (data: any) => {
1025
- reply.raw.write(`id: ${messageId++}\n`);
1026
- reply.raw.write(`data: ${JSON.stringify(data)}\n\n`);
1027
- sseMessagesTotal.inc();
1028
- };
1029
-
1030
- // Send initial connection event
1031
- sendEvent({
1032
- type: 'connected',
1033
- timestamp: new Date().toISOString()
1034
- });
1035
-
1036
- // Send heartbeat every 15 seconds to keep connection alive
1037
- const heartbeatInterval = setInterval(() => {
1038
- reply.raw.write(': keepalive\n\n');
1039
- }, 15000);
1040
-
1041
- // Clean up on disconnect
1042
- request.raw.on('close', () => {
1043
- clearInterval(heartbeatInterval);
1044
-
1045
- // Remove from tracking
1046
- const connections = sseConnections.get(genericId);
1047
- if (connections) {
1048
- connections.delete(reply.raw);
1049
- sseConnectionsClosed.inc();
1050
- sseActiveConnections.dec();
1051
- if (connections.size === 0) {
1052
- sseConnections.delete(genericId);
1053
- }
1054
- }
1055
- });
1056
- });
1057
-
1058
- // Registry publish endpoint (requires auth)
1059
- fastify.post('/api/registry/publish', {
1060
- preHandler: [requireAuth, writeRateLimit, validateBody(registryPublishSchema)],
1061
- }, async (request, reply) => {
1062
- const body = request.body as any;
1063
- const logger = (request as any).logger || baseLogger;
1064
- logger.info('Registry publish', { name: body.name, version: body.version });
1065
-
1066
- reply.status(201);
1067
- return {
1068
- success: true,
1069
- name: body.name,
1070
- version: body.version,
1071
- published_at: new Date().toISOString()
1072
- };
1073
- });
1074
-
1075
- // Safety check endpoint
1076
- fastify.get(
1077
- '/api/safety/check',
1078
- {
1079
- ...(!isLocalBind && { preHandler: [requireAuth, readRateLimit] }),
1080
- },
1081
- async (request, reply) => {
1082
- return {
1083
- status: 'safe',
1084
- timestamp: new Date().toISOString()
1085
- };
1086
- });
1087
-
1088
- // Serve Sentinel dashboard
1089
- fastify.get(
1090
- '/sentinel/dashboard',
1091
- {
1092
- ...(!isLocalBind && { preHandler: [requireAuth, readRateLimit] }),
1093
- },
1094
- async (request, reply) => {
1095
- const fs = await import('fs/promises');
1096
- const path = await import('path');
1097
-
1098
- try {
1099
- const dashboardPath = path.join(process.cwd(), 'apps/gateway/public/sentinel-dashboard.html');
1100
- const html = await fs.readFile(dashboardPath, 'utf-8');
1101
- return reply.type('text/html').send(html);
1102
- } catch (error) {
1103
- return reply.status(404).send({
1104
- error: 'Dashboard not found',
1105
- message: 'Sentinel dashboard HTML file not found'
1106
- });
1107
- }
1108
- });
1109
-
1110
- // Sentinel health endpoint
1111
- fastify.get(
1112
- '/sentinel/health',
1113
- {
1114
- ...(!isLocalBind && { preHandler: [requireAuth, readRateLimit] }),
1115
- },
1116
- async (request, reply) => {
1117
- const sentinelEnabled = env.SENTINEL_ENABLED;
1118
- const sentinelHealthy = sentinel ? sentinel.isEnabled() : false;
1119
-
1120
- return {
1121
- enabled: sentinelEnabled,
1122
- healthy: sentinelHealthy,
1123
- timestamp: new Date().toISOString(),
1124
- status: sentinelHealthy ? 'healthy' : 'disabled',
1125
- watchedRuns: sentinel ? sentinel.getWatchedRunIds().length : 0
1126
- };
1127
- });
1128
-
1129
- // Sentinel metrics endpoint
1130
- fastify.get(
1131
- '/sentinel/metrics',
1132
- {
1133
- ...(!isLocalBind && { preHandler: [requireAuth, readRateLimit] }),
1134
- },
1135
- async (request, reply) => {
1136
- if (!sentinel) {
1137
- return {
1138
- error: 'Sentinel not initialized',
1139
- timestamp: new Date().toISOString()
1140
- };
1141
- }
1142
-
1143
- const activeRuns = sentinel.getActiveRuns();
1144
- const watchedRunIds = sentinel.getWatchedRunIds();
1145
-
1146
- // Calculate real metrics from active runs
1147
- let totalTokenUsage = 0;
1148
- let totalCost = 0;
1149
- let totalEvents = 0;
1150
- const killReasons: Record<string, number> = {};
1151
- const policyViolations: Record<string, number> = {};
1152
-
1153
- // Aggregate data from all active runs
1154
- for (const runState of activeRuns) {
1155
- totalTokenUsage += runState.tokenCount;
1156
- totalCost += runState.cost || 0;
1157
- totalEvents += runState.events.length;
1158
-
1159
- if (runState.killReason) {
1160
- const reason = runState.killReason.split(':')[0]; // Extract policy name
1161
- if (reason) {
1162
- killReasons[reason] = (killReasons[reason] || 0) + 1;
1163
- }
1164
-
1165
- // Get policy violations for this run
1166
- const violations = sentinel.getPolicyViolations(runState.runId);
1167
- for (const violation of violations) {
1168
- policyViolations[violation.policy] = (policyViolations[violation.policy] || 0) + 1;
1169
- }
1170
- }
1171
- }
1172
-
1173
- // Calculate average latency (time from start to now for active runs)
1174
- let totalLatency = 0;
1175
- let latencyCount = 0;
1176
- for (const runState of activeRuns) {
1177
- if (runState.startedAt) {
1178
- totalLatency += Date.now() - runState.startedAt;
1179
- latencyCount++;
1180
- }
1181
- }
1182
- const avgLatency = latencyCount > 0 ? Math.round(totalLatency / latencyCount) : 0;
1183
-
1184
- // Get all watched runs (including finished ones in buffer)
1185
- const allRuns = activeRuns.length;
1186
-
1187
- const config = sentinel.getConfig();
1188
-
1189
- return {
1190
- // Status
1191
- enabled: config.enabled,
1192
- healthy: true,
1193
-
1194
- // Real-time metrics
1195
- activeRuns: allRuns,
1196
- watchedRuns: watchedRunIds.length,
1197
- totalEvents,
1198
- totalTokenUsage,
1199
- totalCost: parseFloat(totalCost.toFixed(4)),
1200
- avgLatency,
1201
-
1202
- // Policy violations
1203
- policyViolations,
1204
- totalViolations: Object.values(policyViolations).reduce((sum, count) => sum + count, 0),
1205
-
1206
- // Kill statistics
1207
- killReasons,
1208
- totalKills: Object.values(killReasons).reduce((sum, count) => sum + count, 0),
1209
-
1210
- // Configuration
1211
- config: config,
1212
-
1213
- // Legacy placeholders (for backward compatibility)
1214
- totalSpans: 0, // Not implemented yet
1215
- totalVerdicts: 0, // Not implemented yet
1216
- flaggedHallucinations: 0, // Not implemented yet
1217
- flaggedInjections: 0, // Not implemented yet
1218
- flaggedPII: 0, // Not implemented yet
1219
-
1220
- timestamp: new Date().toISOString()
1221
- };
1222
- });
1223
-
1224
- // Privacy toggle endpoint (requires auth)
1225
- fastify.post('/api/privacy/toggle', {
1226
- preHandler: [requireAuth, writeRateLimit, validateBody(privacyToggleSchema)],
1227
- }, async (request, reply) => {
1228
- const body = request.body as any;
1229
- const logger = (request as any).logger || baseLogger;
1230
- logger.info('Privacy toggle', { storePlain: body.storePlain });
1231
-
1232
- return {
1233
- success: true,
1234
- storePlain: body.storePlain,
1235
- updated_at: new Date().toISOString()
1236
- };
1237
- });
1238
-
1239
- // Demo run endpoint for testing
1240
- fastify.post(
1241
- '/api/diagnostics/emit-demo-run',
1242
- {
1243
- ...(!isLocalBind && { preHandler: [requireAuth, writeRateLimit] }),
1244
- },
1245
- async (request, reply) => {
1246
- const runId = `demo-run-${Date.now()}`;
1247
- const logger = (request as any).logger || baseLogger;
1248
- logger.info('Demo run created', { runId });
1249
-
1250
- return {
1251
- success: true,
1252
- runId,
1253
- message: 'Demo run created successfully'
1254
- };
1255
- });
1256
-
1257
- // SSE test endpoint
1258
- fastify.get(
1259
- '/diagnostics/sse-test',
1260
- {
1261
- ...(!isLocalBind && { preHandler: [requireAuth, readRateLimit] }),
1262
- },
1263
- async (request, reply) => {
1264
- reply.raw.writeHead(200, {
1265
- 'Content-Type': 'text/event-stream',
1266
- 'Cache-Control': 'no-cache',
1267
- 'Connection': 'keep-alive',
1268
- 'Access-Control-Allow-Origin': '*'
1269
- });
1270
-
1271
- const sendEvent = (data: any) => {
1272
- reply.raw.write(`data: ${JSON.stringify(data)}\n\n`);
1273
- };
1274
-
1275
- // Send test events every 2 seconds
1276
- const interval = setInterval(() => {
1277
- sendEvent({
1278
- type: 'test',
1279
- timestamp: new Date().toISOString(),
1280
- message: 'SSE test event'
1281
- });
1282
- }, 2000);
1283
-
1284
- // Clean up on disconnect
1285
- request.raw.on('close', () => {
1286
- clearInterval(interval);
1287
- });
1288
- });
1289
-
1290
- // Debug endpoint for logs (memory mode only)
1291
- if (isMemoryMode) {
1292
- fastify.get('/debug/logs', async (request, reply) => {
1293
- const limit = parseInt((request.query as any)?.limit || '50', 10);
1294
- const logs = memoryLogger.getLogs(limit);
1295
- return {
1296
- logs,
1297
- count: logs.length,
1298
- mode: 'memory'
1299
- };
1300
- });
1301
-
1302
- fastify.get('/debug/blocked-writes', async (request, reply) => {
1303
- const warnings = getBlockedWarnings();
1304
- return {
1305
- blockedWrites: warnings,
1306
- count: warnings.length,
1307
- mode: 'memory'
1308
- };
1309
- });
1310
- }
1311
-
1312
- // Start server
1313
- const start = async () => {
1314
- try {
1315
- // Validate secrets configuration on startup
1316
- logSecurityValidation();
1317
- logShieldConfigValidation(shield, env.SENTINEL_SHIELD_MODE, env.NODE_ENV);
1318
-
1319
- setCancelAdapter(createGatewayCancelAdapter());
1320
- setPolicyViolationPublisher((violation) => {
1321
- publishSentinelPolicyViolationFireAndForget(violation.runId, {
1322
- policy: violation.policy,
1323
- reason: violation.reason,
1324
- threshold: violation.threshold,
1325
- actual: violation.actual,
1326
- action: 'deny',
1327
- });
1328
- });
1329
- setRunKillSideEffects({
1330
- decRunsActive: () => runsActive.dec(),
1331
- getSseConnections: (runId) => sseConnections.get(runId),
1332
- onSseMessage: () => sseMessagesTotal.inc(),
1333
- deleteEventStream: (runId) => { sentinelEventStreams.delete(runId); },
1334
- });
1335
-
1336
- // Initialize queue system (non-blocking)
1337
- // Queue will fall back to synchronous execution if Redis is not available
1338
- const queue = await initializeQueue();
1339
- if (queue) {
1340
- queueInitialized = true;
1341
- // Set processor context for queue workers (including SSE connections)
1342
- setProcessorContext(sentinelEventStreams, sentinel, shield, sseConnections, sseMessagesTotal);
1343
- baseLogger.info('Queue system initialized successfully');
1344
- } else {
1345
- baseLogger.warn('Queue system not available (Redis required). Using synchronous execution.');
1346
- }
1347
-
1348
- // Initialize Prisma if in postgres mode (non-blocking)
1349
- // Don't fail startup if Prisma client isn't generated yet
1350
- if (persistenceMode === 'postgres') {
1351
- // Run Prisma connection in background, don't block startup
1352
- Promise.resolve().then(async () => {
1353
- try {
1354
- const { getPrismaClient } = await import('./db/prisma.js');
1355
- const prisma = await getPrismaClient();
1356
- // Test connection
1357
- await prisma.$connect();
1358
- baseLogger.info('Connected to PostgreSQL database');
1359
- } catch (err: any) {
1360
- // Log error but don't crash - Prisma client may not be generated yet
1361
- if (err?.code === 'MODULE_NOT_FOUND' || err?.message?.includes('Cannot find module')) {
1362
- baseLogger.warn('Prisma client not generated yet. Run: pnpm db:generate');
1363
- baseLogger.warn('Gateway will start in degraded mode until Prisma client is generated.');
1364
- } else {
1365
- baseLogger.error('Failed to connect to PostgreSQL:', err?.message || err);
1366
- if (env.NODE_ENV === 'production') {
1367
- baseLogger.error('Production mode: database connection required');
1368
- } else {
1369
- baseLogger.warn('Continuing in degraded mode (no database)');
1370
- }
1371
- }
1372
- }
1373
- }).catch((err) => {
1374
- // Silently handle promise rejection - already logged above
1375
- baseLogger.warn('Prisma initialization failed, continuing without database');
1376
- });
1377
- }
1378
-
1379
- // MFA: Multi-Factor Authentication Routes
1380
- baseLogger.info('=== STARTING MFA/GDPR ROUTE REGISTRATION ===');
1381
- baseLogger.info('About to attempt MFA route registration...');
1382
- try {
1383
- // Check if dependencies are available before importing
1384
- try {
1385
- await import('otplib');
1386
- await import('qrcode');
1387
- } catch (depError) {
1388
- baseLogger.warn('MFA dependencies not available, skipping MFA routes', {
1389
- error: depError instanceof Error ? depError.message : String(depError)
1390
- });
1391
- throw new Error('MFA dependencies not installed');
1392
- }
1393
-
1394
- baseLogger.info('Attempting to register MFA routes...');
1395
- baseLogger.info('Calling mfaRoutes function...');
1396
- await mfaRoutes(fastify);
1397
- baseLogger.info('MFA routes registered successfully');
1398
- } catch (error) {
1399
- baseLogger.error('MFA routes registration failed', {
1400
- error: error instanceof Error ? error.message : String(error),
1401
- stack: error instanceof Error ? error.stack : undefined,
1402
- name: error instanceof Error ? error.name : typeof error
1403
- });
1404
- // Don't fail startup, but log the error
1405
- }
1406
-
1407
- // GDPR: Compliance Routes
1408
- baseLogger.info('About to attempt GDPR route registration...');
1409
- try {
1410
- baseLogger.info('Attempting to register GDPR routes...');
1411
- baseLogger.info('Calling gdprRoutes function...');
1412
- await gdprRoutes(fastify);
1413
- baseLogger.info('GDPR routes registered successfully');
1414
- } catch (error) {
1415
- baseLogger.error('GDPR routes registration failed', {
1416
- error: error instanceof Error ? error.message : String(error),
1417
- stack: error instanceof Error ? error.stack : undefined,
1418
- name: error instanceof Error ? error.name : typeof error
1419
- });
1420
- // Don't fail startup, but log the error
1421
- }
1422
-
1423
- await fastify.listen({
1424
- port: PORT,
1425
- host: HOST
1426
- });
1427
- baseLogger.info(`Gateway server listening on ${HOST}:${PORT}`);
1428
- baseLogger.info(`Persistence mode: ${persistenceMode}`);
1429
- baseLogger.info(`Authentication: ${env.AUTH_ENABLED ? 'enabled' : 'disabled'}`);
1430
-
1431
- if (persistenceMode !== 'memory') {
1432
- const { enforceRunRetention, getRunRetentionConfig } = await import('./runs/run-retention.js');
1433
- const retentionCfg = getRunRetentionConfig();
1434
- if (retentionCfg.enabled) {
1435
- baseLogger.info('Run retention enabled', {
1436
- maxCount: retentionCfg.maxCount,
1437
- maxAgeDays: retentionCfg.maxAgeDays,
1438
- });
1439
- enforceRunRetention(retentionCfg).catch((err: unknown) => {
1440
- baseLogger.warn('Startup run retention failed', {
1441
- error: err instanceof Error ? err.message : String(err),
1442
- });
1443
- });
1444
- }
1445
- }
1446
-
1447
- if (persistenceMode === 'memory') {
1448
- baseLogger.warn('[Gateway] Running in NO-PERSISTENCE / MEMORY mode. All state is ephemeral.');
1449
- } else if (persistenceMode === 'postgres') {
1450
- baseLogger.info('[Gateway] PostgreSQL mode enabled. Generate Prisma client with: pnpm db:generate');
1451
- }
1452
- } catch (err) {
1453
- baseLogger.error('Error starting server:', err);
1454
- process.exit(1);
1455
- }
1456
- };
1457
-
1458
- // Graceful shutdown
1459
- const shutdown = async () => {
1460
- baseLogger.info('Shutting down gateway...');
1461
- try {
1462
- // Close Fastify server first to stop accepting new connections
1463
- baseLogger.info('Closing Fastify server...');
1464
- await fastify.close();
1465
-
1466
- // Shutdown queue system (let jobs complete)
1467
- if (queueInitialized) {
1468
- baseLogger.info('Shutting down queue...');
1469
- await shutdownQueue();
1470
- }
1471
-
1472
- // Shutdown Sentinel
1473
- if (sentinel) {
1474
- baseLogger.info('Shutting down Sentinel...');
1475
- sentinel.shutdown();
1476
- }
1477
-
1478
- // Disconnect databases
1479
- baseLogger.info('Disconnecting databases...');
1480
- await shutdownDatabase(dbClient, baseLogger);
1481
- await disconnectPrisma();
1482
- await disconnectRedis();
1483
-
1484
- baseLogger.info('Gateway shut down successfully');
1485
- process.exit(0);
1486
- } catch (err) {
1487
- baseLogger.error('Error during shutdown:', err);
1488
- process.exit(1);
1489
- }
1490
- };
1491
-
1492
- // Handle uncaught errors
1493
- process.on('uncaughtException', (err) => {
1494
- baseLogger.error('Uncaught exception:', err);
1495
- shutdown();
1496
- });
1497
-
1498
- process.on('unhandledRejection', (reason, promise) => {
1499
- baseLogger.error('Unhandled rejection:', { reason, promise });
1500
- shutdown();
1501
- });
1502
-
1503
- process.on('SIGTERM', shutdown);
1504
- process.on('SIGINT', shutdown);
1505
-
1506
- start();