4runr-os 2.10.85 → 2.10.86
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/SETUP.md +2 -2
- package/USER-PRIVACY.md +2 -2
- package/apps/os-server/DEPLOYMENT.md +426 -0
- package/apps/os-server/JWT-RATE-LIMIT-VALIDATION.md +462 -0
- package/apps/os-server/PERSISTENCE-AND-AUTH.md +227 -0
- package/apps/os-server/PHASE5-TESTING.md +222 -0
- package/apps/os-server/README.md +368 -0
- package/apps/os-server/TROUBLESHOOTING.md +541 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/gateway-cancel-adapter.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/gateway-cancel-adapter.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/gateway-cancel-adapter.js +28 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/gateway-cancel-adapter.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/redis-sentinel-publisher.d.ts +23 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/redis-sentinel-publisher.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/redis-sentinel-publisher.js +95 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/redis-sentinel-publisher.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/sentinel-event-stream.d.ts +14 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/sentinel-event-stream.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/sentinel-event-stream.js +69 -0
- package/apps/os-server/dist/apps/os-server/src/adapters/sentinel-event-stream.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions-simple.d.ts +10 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions-simple.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions-simple.js +377 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions-simple.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions.d.ts +14 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions.js +210 -0
- package/apps/os-server/dist/apps/os-server/src/agents/definitions.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/local-model-provider.d.ts +25 -0
- package/apps/os-server/dist/apps/os-server/src/agents/local-model-provider.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/local-model-provider.js +144 -0
- package/apps/os-server/dist/apps/os-server/src/agents/local-model-provider.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/tools.d.ts +24 -0
- package/apps/os-server/dist/apps/os-server/src/agents/tools.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/agents/tools.js +110 -0
- package/apps/os-server/dist/apps/os-server/src/agents/tools.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/anthropic-provider.d.ts +14 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/anthropic-provider.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/anthropic-provider.js +139 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/anthropic-provider.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/index.d.ts +6 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/index.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/index.js +6 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/index.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/openai-provider.d.ts +14 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/openai-provider.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/openai-provider.js +136 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/openai-provider.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/provider-manager.d.ts +18 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/provider-manager.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/provider-manager.js +91 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/provider-manager.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/redis-credentials-store.d.ts +15 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/redis-credentials-store.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/redis-credentials-store.js +181 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/redis-credentials-store.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/types.d.ts +54 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/types.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/types.js +2 -0
- package/apps/os-server/dist/apps/os-server/src/ai-providers/types.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/config/persistence.d.ts +5 -0
- package/apps/os-server/dist/apps/os-server/src/config/persistence.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/config/persistence.js +14 -0
- package/apps/os-server/dist/apps/os-server/src/config/persistence.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/envelope.d.ts +28 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/envelope.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/envelope.js +111 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/envelope.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/mfa-storage.d.ts +6 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/mfa-storage.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/mfa-storage.js +61 -0
- package/apps/os-server/dist/apps/os-server/src/crypto/mfa-storage.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/docker-manager.d.ts +21 -0
- package/apps/os-server/dist/apps/os-server/src/db/docker-manager.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/docker-manager.js +166 -0
- package/apps/os-server/dist/apps/os-server/src/db/docker-manager.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/init.d.ts +11 -0
- package/apps/os-server/dist/apps/os-server/src/db/init.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/init.js +202 -0
- package/apps/os-server/dist/apps/os-server/src/db/init.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/memory-db.d.ts +149 -0
- package/apps/os-server/dist/apps/os-server/src/db/memory-db.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/memory-db.js +295 -0
- package/apps/os-server/dist/apps/os-server/src/db/memory-db.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/prisma.d.ts +4 -0
- package/apps/os-server/dist/apps/os-server/src/db/prisma.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/prisma.js +31 -0
- package/apps/os-server/dist/apps/os-server/src/db/prisma.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/redis.d.ts +5 -0
- package/apps/os-server/dist/apps/os-server/src/db/redis.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/db/redis.js +69 -0
- package/apps/os-server/dist/apps/os-server/src/db/redis.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/agents-api.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/agents-api.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/agents-api.js +369 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/agents-api.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/metrics-parser.d.ts +46 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/metrics-parser.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/metrics-parser.js +114 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/metrics-parser.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/middleware.d.ts +9 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/middleware.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/middleware.js +23 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/middleware.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/routes.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/routes.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/routes.js +270 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/routes.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/tools-api.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/tools-api.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/tools-api.js +183 -0
- package/apps/os-server/dist/apps/os-server/src/devkit/tools-api.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/health/index.d.ts +36 -0
- package/apps/os-server/dist/apps/os-server/src/health/index.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/health/index.js +275 -0
- package/apps/os-server/dist/apps/os-server/src/health/index.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/index.d.ts +2 -0
- package/apps/os-server/dist/apps/os-server/src/index.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/index.js +1131 -0
- package/apps/os-server/dist/apps/os-server/src/index.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/index.d.ts +48 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/index.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/index.js +296 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/index.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/monitoring-detail.d.ts +18 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/monitoring-detail.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/monitoring-detail.js +117 -0
- package/apps/os-server/dist/apps/os-server/src/metrics/monitoring-detail.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/auth.d.ts +5 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/auth.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/auth.js +64 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/auth.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authApiKey.d.ts +4 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authApiKey.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authApiKey.js +105 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authApiKey.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authJwt.d.ts +12 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authJwt.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authJwt.js +75 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/authJwt.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/correlationId.d.ts +6 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/correlationId.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/correlationId.js +21 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/correlationId.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/ddos-protection.d.ts +13 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/ddos-protection.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/ddos-protection.js +202 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/ddos-protection.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/errorHandler.d.ts +14 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/errorHandler.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/errorHandler.js +98 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/errorHandler.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/log-capture.d.ts +2 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/log-capture.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/log-capture.js +63 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/log-capture.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/mfa.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/mfa.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/mfa.js +96 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/mfa.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rateLimit.d.ts +6 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rateLimit.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rateLimit.js +54 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rateLimit.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rbac.d.ts +19 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rbac.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rbac.js +229 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/rbac.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/security.d.ts +10 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/security.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/security.js +146 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/security.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/validate.d.ts +7 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/validate.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/validate.js +156 -0
- package/apps/os-server/dist/apps/os-server/src/middleware/validate.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/config.d.ts +26 -0
- package/apps/os-server/dist/apps/os-server/src/queue/config.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/config.js +21 -0
- package/apps/os-server/dist/apps/os-server/src/queue/config.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/index.d.ts +13 -0
- package/apps/os-server/dist/apps/os-server/src/queue/index.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/index.js +152 -0
- package/apps/os-server/dist/apps/os-server/src/queue/index.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/processor.d.ts +16 -0
- package/apps/os-server/dist/apps/os-server/src/queue/processor.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/processor.js +378 -0
- package/apps/os-server/dist/apps/os-server/src/queue/processor.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/sentinel-execute-watch.d.ts +7 -0
- package/apps/os-server/dist/apps/os-server/src/queue/sentinel-execute-watch.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/queue/sentinel-execute-watch.js +22 -0
- package/apps/os-server/dist/apps/os-server/src/queue/sentinel-execute-watch.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/ai-providers-simple.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/ai-providers-simple.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/ai-providers-simple.js +175 -0
- package/apps/os-server/dist/apps/os-server/src/routes/ai-providers-simple.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/chats.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/chats.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/chats.js +150 -0
- package/apps/os-server/dist/apps/os-server/src/routes/chats.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/gdpr.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/gdpr.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/gdpr.js +252 -0
- package/apps/os-server/dist/apps/os-server/src/routes/gdpr.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/mfa.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/mfa.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/mfa.js +240 -0
- package/apps/os-server/dist/apps/os-server/src/routes/mfa.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/monitoring.d.ts +16 -0
- package/apps/os-server/dist/apps/os-server/src/routes/monitoring.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/monitoring.js +168 -0
- package/apps/os-server/dist/apps/os-server/src/routes/monitoring.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-policies.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-policies.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-policies.js +209 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-policies.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-predictive.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-predictive.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-predictive.js +88 -0
- package/apps/os-server/dist/apps/os-server/src/routes/sentinel-predictive.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/shield.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/shield.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/shield.js +85 -0
- package/apps/os-server/dist/apps/os-server/src/routes/shield.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-credentials.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-credentials.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-credentials.js +209 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-credentials.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-proxy.d.ts +3 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-proxy.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-proxy.js +206 -0
- package/apps/os-server/dist/apps/os-server/src/routes/tool-proxy.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/index.d.ts +5 -0
- package/apps/os-server/dist/apps/os-server/src/runs/index.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/index.js +19 -0
- package/apps/os-server/dist/apps/os-server/src/runs/index.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/memoryRunStore.d.ts +12 -0
- package/apps/os-server/dist/apps/os-server/src/runs/memoryRunStore.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/memoryRunStore.js +78 -0
- package/apps/os-server/dist/apps/os-server/src/runs/memoryRunStore.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/postgresRunStore.d.ts +15 -0
- package/apps/os-server/dist/apps/os-server/src/runs/postgresRunStore.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/postgresRunStore.js +148 -0
- package/apps/os-server/dist/apps/os-server/src/runs/postgresRunStore.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-kill.d.ts +20 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-kill.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-kill.js +69 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-kill.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-retention.d.ts +17 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-retention.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-retention.js +124 -0
- package/apps/os-server/dist/apps/os-server/src/runs/run-retention.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/runStore.d.ts +10 -0
- package/apps/os-server/dist/apps/os-server/src/runs/runStore.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/runStore.js +2 -0
- package/apps/os-server/dist/apps/os-server/src/runs/runStore.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/types.d.ts +44 -0
- package/apps/os-server/dist/apps/os-server/src/runs/types.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/runs/types.js +2 -0
- package/apps/os-server/dist/apps/os-server/src/runs/types.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/schemas/runs.d.ts +126 -0
- package/apps/os-server/dist/apps/os-server/src/schemas/runs.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/schemas/runs.js +63 -0
- package/apps/os-server/dist/apps/os-server/src/schemas/runs.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/agent-token.d.ts +51 -0
- package/apps/os-server/dist/apps/os-server/src/security/agent-token.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/agent-token.js +161 -0
- package/apps/os-server/dist/apps/os-server/src/security/agent-token.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/outbound-url.d.ts +2 -0
- package/apps/os-server/dist/apps/os-server/src/security/outbound-url.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/outbound-url.js +65 -0
- package/apps/os-server/dist/apps/os-server/src/security/outbound-url.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-config-store.d.ts +14 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-config-store.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-config-store.js +168 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-config-store.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-run-failure.d.ts +25 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-run-failure.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-run-failure.js +46 -0
- package/apps/os-server/dist/apps/os-server/src/security/sentinel-run-failure.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/shield-config.d.ts +14 -0
- package/apps/os-server/dist/apps/os-server/src/security/shield-config.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/security/shield-config.js +70 -0
- package/apps/os-server/dist/apps/os-server/src/security/shield-config.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/utils/circuit-breaker.d.ts +13 -0
- package/apps/os-server/dist/apps/os-server/src/utils/circuit-breaker.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/utils/circuit-breaker.js +72 -0
- package/apps/os-server/dist/apps/os-server/src/utils/circuit-breaker.js.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/utils/log-encryption.d.ts +10 -0
- package/apps/os-server/dist/apps/os-server/src/utils/log-encryption.d.ts.map +1 -0
- package/apps/os-server/dist/apps/os-server/src/utils/log-encryption.js +140 -0
- package/apps/os-server/dist/apps/os-server/src/utils/log-encryption.js.map +1 -0
- package/apps/os-server/docker-compose.local.yml +46 -0
- package/apps/os-server/find-gateway.sh +37 -0
- package/apps/os-server/jest.config.cjs +52 -0
- package/apps/os-server/package-lock.json +8809 -0
- package/apps/os-server/package.json +66 -0
- package/apps/os-server/scripts/setup-test-env.sh +67 -0
- package/apps/os-server/src/__tests__/integration/README.md +92 -0
- package/apps/os-server/src/__tests__/integration/helpers/test-server.ts +178 -0
- package/apps/os-server/src/__tests__/integration/sentinel.test.ts +364 -0
- package/apps/os-server/src/adapters/redis-sentinel-publisher.ts +176 -0
- package/apps/os-server/src/agents/definitions-simple.ts +536 -0
- package/apps/os-server/src/ai-providers/anthropic-provider.ts +194 -0
- package/apps/os-server/src/ai-providers/openai-provider.ts +193 -0
- package/apps/os-server/src/ai-providers/redis-credentials-store.ts +224 -0
- package/apps/os-server/src/db/docker-manager.ts +262 -0
- package/apps/os-server/src/db/init.ts +292 -0
- package/apps/os-server/src/devkit/routes.ts +349 -0
- package/apps/os-server/src/health/index.ts +375 -0
- package/apps/os-server/src/index.ts +1506 -0
- package/apps/os-server/src/middleware/correlationId.ts +56 -0
- package/apps/os-server/src/middleware/ddos-protection.ts +318 -0
- package/apps/os-server/src/middleware/log-capture.ts +92 -0
- package/apps/os-server/src/middleware/security.ts +222 -0
- package/apps/os-server/src/routes/ai-providers-simple.ts +220 -0
- package/apps/os-server/src/routes/gdpr.ts +337 -0
- package/apps/os-server/src/routes/monitoring.ts +315 -0
- package/apps/os-server/src/routes/sentinel-policies.ts +293 -0
- package/apps/os-server/src/routes/sentinel-predictive.ts +129 -0
- package/apps/os-server/src/routes/tool-proxy.ts +285 -0
- package/apps/os-server/src/security/outbound-url.ts +83 -0
- package/apps/os-server/update-and-test.sh +36 -0
- package/dist/boot-sequence.js +1 -1
- package/dist/boot-sequence.js.map +1 -1
- package/dist/gateway-api-key-bootstrap.js +1 -1
- package/dist/gateway-api-key-bootstrap.js.map +1 -1
- package/dist/gateway-prisma-bootstrap.d.ts +1 -1
- package/dist/gateway-prisma-bootstrap.js +1 -1
- package/dist/index.js +8 -8
- package/dist/index.js.map +1 -1
- package/dist/local-gateway-pid.d.ts +1 -1
- package/dist/local-gateway-pid.js +1 -1
- package/dist/os-tui-binary-bootstrap.d.ts +18 -0
- package/dist/os-tui-binary-bootstrap.d.ts.map +1 -0
- package/dist/os-tui-binary-bootstrap.js +175 -0
- package/dist/os-tui-binary-bootstrap.js.map +1 -0
- package/dist/rust-check.js +2 -2
- package/dist/rust-check.js.map +1 -1
- package/dist/system-verify.js +8 -8
- package/dist/system-verify.js.map +1 -1
- package/dist/tui-handlers.js +12 -12
- package/dist/tui-handlers.js.map +1 -1
- package/dist/watchdog.js +73 -73
- package/os-tui/Cargo.lock +1118 -0
- package/os-tui/Cargo.toml +17 -0
- package/os-tui/bin/os-tui.js +63 -0
- package/os-tui/binaries/win32-x64/os-tui.exe +0 -0
- package/os-tui/src/app/render_scheduler.rs +111 -0
- package/os-tui/src/app.rs +3814 -0
- package/os-tui/src/debug_log.rs +131 -0
- package/os-tui/src/io/mod.rs +63 -0
- package/os-tui/src/io/protocol.rs +14 -0
- package/os-tui/src/io/stdio.rs +31 -0
- package/os-tui/src/io/ws.rs +25 -0
- package/os-tui/src/main.rs +2090 -0
- package/os-tui/src/monitoring/mod.rs +439 -0
- package/os-tui/src/screens/mod.rs +254 -0
- package/os-tui/src/storage/cache.rs +221 -0
- package/os-tui/src/storage/mod.rs +5 -0
- package/os-tui/src/ui/agent_builder.rs +1148 -0
- package/os-tui/src/ui/agent_list.rs +344 -0
- package/os-tui/src/ui/boot.rs +145 -0
- package/os-tui/src/ui/connection_portal.rs +839 -0
- package/os-tui/src/ui/help.rs +340 -0
- package/os-tui/src/ui/layout.rs +978 -0
- package/os-tui/src/ui/mod.rs +13 -0
- package/os-tui/src/ui/portal_monitoring.rs +1128 -0
- package/os-tui/src/ui/run_manager.rs +922 -0
- package/os-tui/src/ui/safe_viewport.rs +236 -0
- package/os-tui/src/ui/sentinel_config.rs +828 -0
- package/os-tui/src/ui/settings.rs +414 -0
- package/os-tui/src/ui/setup_portal.rs +547 -0
- package/os-tui/src/ui/shield_dashboard.rs +1081 -0
- package/os-tui/src/websocket.rs +315 -0
- package/package.json +121 -121
- package/prisma/schema.prisma +470 -470
- package/scripts/cleanup-build-artifacts.js +2 -2
- package/scripts/os-tools-smoke.cjs +549 -549
- package/scripts/postinstall-os-server.js +63 -0
- package/scripts/postinstall-os-tui.js +64 -0
- package/scripts/seed-os-server-api-key.cjs +77 -0
- package/scripts/setup.js +11 -11
- package/src/security/package-integrity.ts +188 -188
- package/src/security/ssrf-protection.ts +147 -147
- package/apps/gateway/DEPLOYMENT.md +0 -426
- package/apps/gateway/JWT-RATE-LIMIT-VALIDATION.md +0 -462
- package/apps/gateway/PERSISTENCE-AND-AUTH.md +0 -227
- package/apps/gateway/PHASE5-TESTING.md +0 -222
- package/apps/gateway/README.md +0 -368
- package/apps/gateway/TROUBLESHOOTING.md +0 -541
- package/apps/gateway/docker-compose.local.yml +0 -46
- package/apps/gateway/find-gateway.sh +0 -37
- package/apps/gateway/jest.config.cjs +0 -52
- package/apps/gateway/package-lock.json +0 -8810
- package/apps/gateway/package.json +0 -66
- package/apps/gateway/scripts/setup-test-env.sh +0 -67
- package/apps/gateway/src/__tests__/integration/README.md +0 -92
- package/apps/gateway/src/__tests__/integration/helpers/test-server.ts +0 -178
- package/apps/gateway/src/__tests__/integration/sentinel.test.ts +0 -364
- package/apps/gateway/src/adapters/redis-sentinel-publisher.ts +0 -176
- package/apps/gateway/src/agents/definitions-simple.ts +0 -536
- package/apps/gateway/src/ai-providers/anthropic-provider.ts +0 -194
- package/apps/gateway/src/ai-providers/openai-provider.ts +0 -193
- package/apps/gateway/src/ai-providers/redis-credentials-store.ts +0 -224
- package/apps/gateway/src/db/docker-manager.ts +0 -262
- package/apps/gateway/src/db/init.ts +0 -292
- package/apps/gateway/src/devkit/routes.ts +0 -349
- package/apps/gateway/src/health/index.ts +0 -375
- package/apps/gateway/src/index.ts +0 -1506
- package/apps/gateway/src/middleware/correlationId.ts +0 -56
- package/apps/gateway/src/middleware/ddos-protection.ts +0 -318
- package/apps/gateway/src/middleware/log-capture.ts +0 -92
- package/apps/gateway/src/middleware/security.ts +0 -222
- package/apps/gateway/src/routes/ai-providers-simple.ts +0 -220
- package/apps/gateway/src/routes/gdpr.ts +0 -337
- package/apps/gateway/src/routes/monitoring.ts +0 -315
- package/apps/gateway/src/routes/sentinel-policies.ts +0 -293
- package/apps/gateway/src/routes/sentinel-predictive.ts +0 -129
- package/apps/gateway/src/routes/tool-proxy.ts +0 -285
- package/apps/gateway/src/security/outbound-url.ts +0 -83
- package/apps/gateway/update-and-test.sh +0 -36
- package/mk3-tui/Cargo.lock +0 -1118
- package/mk3-tui/Cargo.toml +0 -17
- package/mk3-tui/bin/mk3-tui.js +0 -63
- package/mk3-tui/binaries/win32-x64/mk3-tui.exe +0 -0
- package/mk3-tui/src/app/render_scheduler.rs +0 -111
- package/mk3-tui/src/app.rs +0 -3813
- package/mk3-tui/src/debug_log.rs +0 -131
- package/mk3-tui/src/io/mod.rs +0 -63
- package/mk3-tui/src/io/protocol.rs +0 -14
- package/mk3-tui/src/io/stdio.rs +0 -31
- package/mk3-tui/src/io/ws.rs +0 -25
- package/mk3-tui/src/main.rs +0 -2090
- package/mk3-tui/src/monitoring/mod.rs +0 -439
- package/mk3-tui/src/screens/mod.rs +0 -254
- package/mk3-tui/src/storage/cache.rs +0 -221
- package/mk3-tui/src/storage/mod.rs +0 -5
- package/mk3-tui/src/ui/agent_builder.rs +0 -1148
- package/mk3-tui/src/ui/agent_list.rs +0 -344
- package/mk3-tui/src/ui/boot.rs +0 -145
- package/mk3-tui/src/ui/connection_portal.rs +0 -839
- package/mk3-tui/src/ui/help.rs +0 -340
- package/mk3-tui/src/ui/layout.rs +0 -978
- package/mk3-tui/src/ui/mod.rs +0 -13
- package/mk3-tui/src/ui/portal_monitoring.rs +0 -1128
- package/mk3-tui/src/ui/run_manager.rs +0 -913
- package/mk3-tui/src/ui/safe_viewport.rs +0 -236
- package/mk3-tui/src/ui/sentinel_config.rs +0 -828
- package/mk3-tui/src/ui/settings.rs +0 -414
- package/mk3-tui/src/ui/setup_portal.rs +0 -547
- package/mk3-tui/src/ui/shield_dashboard.rs +0 -1081
- package/mk3-tui/src/websocket.rs +0 -315
- package/scripts/postinstall-gateway.js +0 -63
- package/scripts/postinstall-mk3.js +0 -64
- package/scripts/seed-gateway-api-key.cjs +0 -77
- /package/apps/{gateway → os-server}/.dockerignore +0 -0
- /package/apps/{gateway → os-server}/.eslintrc.json +0 -0
- /package/apps/{gateway → os-server}/Dockerfile +0 -0
- /package/apps/{gateway → os-server}/Dockerfile.bak +0 -0
- /package/apps/{gateway → os-server}/ENV_VARIABLES.md +0 -0
- /package/apps/{gateway → os-server}/create-test-script.sh +0 -0
- /package/apps/{gateway → os-server}/debug-api-responses.sh +0 -0
- /package/apps/{gateway → os-server}/debug-failing-tests-v2.sh +0 -0
- /package/apps/{gateway → os-server}/debug-failing-tests.sh +0 -0
- /package/apps/{gateway → os-server}/debug-responses.sh +0 -0
- /package/apps/{gateway → os-server}/debug-test-responses.sh +0 -0
- /package/apps/{gateway → os-server}/debug-tests.sh +0 -0
- /package/apps/{gateway → os-server}/diagnose-test-failure.sh +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/gateway-cancel-adapter.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/gateway-cancel-adapter.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/gateway-cancel-adapter.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/gateway-cancel-adapter.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/redis-sentinel-publisher.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/redis-sentinel-publisher.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/redis-sentinel-publisher.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/redis-sentinel-publisher.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/sentinel-event-stream.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/sentinel-event-stream.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/sentinel-event-stream.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/adapters/sentinel-event-stream.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions-simple.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions-simple.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions-simple.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions-simple.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/definitions.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/local-model-provider.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/local-model-provider.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/local-model-provider.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/local-model-provider.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/tools.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/tools.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/tools.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/agents/tools.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/anthropic-provider.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/anthropic-provider.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/anthropic-provider.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/anthropic-provider.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/index.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/index.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/index.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/index.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/openai-provider.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/openai-provider.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/openai-provider.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/openai-provider.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/provider-manager.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/provider-manager.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/provider-manager.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/provider-manager.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/redis-credentials-store.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/redis-credentials-store.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/redis-credentials-store.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/redis-credentials-store.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/types.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/types.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/types.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/ai-providers/types.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/config/persistence.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/config/persistence.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/config/persistence.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/config/persistence.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/envelope.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/envelope.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/envelope.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/envelope.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/mfa-storage.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/mfa-storage.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/mfa-storage.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/crypto/mfa-storage.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/docker-manager.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/docker-manager.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/docker-manager.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/docker-manager.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/init.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/init.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/init.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/init.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/memory-db.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/memory-db.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/memory-db.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/memory-db.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/prisma.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/prisma.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/prisma.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/prisma.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/redis.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/redis.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/redis.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/db/redis.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/agents-api.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/agents-api.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/agents-api.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/agents-api.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/metrics-parser.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/metrics-parser.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/metrics-parser.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/metrics-parser.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/middleware.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/middleware.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/middleware.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/middleware.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/routes.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/routes.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/routes.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/routes.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/tools-api.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/tools-api.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/tools-api.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/devkit/tools-api.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/health/index.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/health/index.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/health/index.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/health/index.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/index.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/index.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/index.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/index.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/index.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/index.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/index.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/index.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/monitoring-detail.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/monitoring-detail.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/monitoring-detail.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/metrics/monitoring-detail.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/auth.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/auth.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/auth.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/auth.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authApiKey.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authApiKey.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authApiKey.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authApiKey.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authJwt.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authJwt.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authJwt.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/authJwt.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/correlationId.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/correlationId.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/correlationId.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/correlationId.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/ddos-protection.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/ddos-protection.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/ddos-protection.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/ddos-protection.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/errorHandler.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/errorHandler.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/errorHandler.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/errorHandler.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/log-capture.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/log-capture.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/log-capture.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/log-capture.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/mfa.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/mfa.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/mfa.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/mfa.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rateLimit.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rateLimit.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rateLimit.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rateLimit.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rbac.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rbac.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rbac.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/rbac.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/security.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/security.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/security.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/security.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/validate.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/validate.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/validate.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/middleware/validate.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/config.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/config.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/config.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/config.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/index.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/index.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/index.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/index.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/processor.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/processor.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/processor.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/processor.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/sentinel-execute-watch.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/sentinel-execute-watch.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/sentinel-execute-watch.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/queue/sentinel-execute-watch.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/ai-providers-simple.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/ai-providers-simple.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/ai-providers-simple.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/ai-providers-simple.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/chats.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/chats.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/chats.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/chats.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/gdpr.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/gdpr.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/gdpr.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/gdpr.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/mfa.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/mfa.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/mfa.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/mfa.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/monitoring.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/monitoring.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/monitoring.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/monitoring.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-policies.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-policies.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-policies.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-policies.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-predictive.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-predictive.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-predictive.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/sentinel-predictive.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/shield.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/shield.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/shield.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/shield.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-credentials.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-credentials.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-credentials.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-credentials.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-proxy.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-proxy.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-proxy.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/routes/tool-proxy.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/index.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/index.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/index.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/index.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/memoryRunStore.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/memoryRunStore.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/memoryRunStore.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/memoryRunStore.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/postgresRunStore.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/postgresRunStore.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/postgresRunStore.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/postgresRunStore.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-kill.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-kill.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-kill.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-kill.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-retention.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-retention.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-retention.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/run-retention.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/runStore.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/runStore.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/runStore.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/runStore.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/types.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/types.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/types.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/runs/types.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/schemas/runs.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/schemas/runs.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/schemas/runs.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/schemas/runs.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/agent-token.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/agent-token.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/agent-token.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/agent-token.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/outbound-url.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/outbound-url.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/outbound-url.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/outbound-url.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-config-store.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-config-store.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-config-store.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-config-store.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-run-failure.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-run-failure.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-run-failure.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/sentinel-run-failure.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/shield-config.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/shield-config.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/shield-config.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/security/shield-config.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/circuit-breaker.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/circuit-breaker.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/circuit-breaker.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/circuit-breaker.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/log-encryption.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/log-encryption.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/log-encryption.js +0 -0
- /package/apps/{gateway → os-server}/dist/apps/gateway/src/utils/log-encryption.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/index.js +0 -0
- /package/apps/{gateway → os-server}/dist/packages/adapters/redis/IdempotencyStore.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/packages/adapters/redis/IdempotencyStore.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/packages/adapters/redis/IdempotencyStore.js +0 -0
- /package/apps/{gateway → os-server}/dist/packages/adapters/redis/IdempotencyStore.js.map +0 -0
- /package/apps/{gateway → os-server}/dist/packages/middleware/idempotency/idempotency.d.ts +0 -0
- /package/apps/{gateway → os-server}/dist/packages/middleware/idempotency/idempotency.d.ts.map +0 -0
- /package/apps/{gateway → os-server}/dist/packages/middleware/idempotency/idempotency.js +0 -0
- /package/apps/{gateway → os-server}/dist/packages/middleware/idempotency/idempotency.js.map +0 -0
- /package/apps/{gateway → os-server}/load-tests/README.md +0 -0
- /package/apps/{gateway → os-server}/load-tests/k6-basic.js +0 -0
- /package/apps/{gateway → os-server}/load-tests/k6-rate-limit.js +0 -0
- /package/apps/{gateway → os-server}/minimal-test.sh +0 -0
- /package/apps/{gateway → os-server}/public/sentinel-dashboard.html +0 -0
- /package/apps/{gateway → os-server}/quick-debug.sh +0 -0
- /package/apps/{gateway → os-server}/scripts/seed-api-key.ts +0 -0
- /package/apps/{gateway → os-server}/scripts/verify-sentinel-persist.mjs +0 -0
- /package/apps/{gateway → os-server}/simple-test.sh +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/agent-token.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/auth.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/correlationId.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/devkit-api.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/integration/authentication.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/integration/e2e-comprehensive-fixed.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/integration/e2e-workflow.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/integration/idempotency.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/integration/postgres-persistence.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/integration/rate-limiting.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/integration/shield.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/log-capture.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/no-persistence-mode.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/outbound-url.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/rateLimit.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/run-kill.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/run-retention.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/sentinel-config-persist-http.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/sentinel-config-store.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/sentinel-events.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/sentinel-execute-watch.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/sentinel-policies.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/sentinel-publish-kill.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/sentinel-run-failure.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/shield-config.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/shield-health.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/shield-metrics.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/tool-proxy.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/validateSecrets.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/__tests__/validation.test.ts +0 -0
- /package/apps/{gateway → os-server}/src/adapters/gateway-cancel-adapter.ts +0 -0
- /package/apps/{gateway → os-server}/src/adapters/sentinel-event-stream.ts +0 -0
- /package/apps/{gateway → os-server}/src/agents/definitions.ts +0 -0
- /package/apps/{gateway → os-server}/src/agents/local-model-provider.ts +0 -0
- /package/apps/{gateway → os-server}/src/agents/tools.ts +0 -0
- /package/apps/{gateway → os-server}/src/ai-providers/index.ts +0 -0
- /package/apps/{gateway → os-server}/src/ai-providers/provider-manager.ts +0 -0
- /package/apps/{gateway → os-server}/src/ai-providers/types.ts +0 -0
- /package/apps/{gateway → os-server}/src/config/persistence.ts +0 -0
- /package/apps/{gateway → os-server}/src/crypto/envelope.ts +0 -0
- /package/apps/{gateway → os-server}/src/crypto/mfa-storage.ts +0 -0
- /package/apps/{gateway → os-server}/src/db/memory-db.ts +0 -0
- /package/apps/{gateway → os-server}/src/db/prisma.ts +0 -0
- /package/apps/{gateway → os-server}/src/db/redis.ts +0 -0
- /package/apps/{gateway → os-server}/src/devkit/agents-api.ts +0 -0
- /package/apps/{gateway → os-server}/src/devkit/metrics-parser.ts +0 -0
- /package/apps/{gateway → os-server}/src/devkit/middleware.ts +0 -0
- /package/apps/{gateway → os-server}/src/devkit/tools-api.ts +0 -0
- /package/apps/{gateway → os-server}/src/metrics/index.ts +0 -0
- /package/apps/{gateway → os-server}/src/metrics/monitoring-detail.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/auth.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/authApiKey.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/authJwt.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/errorHandler.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/mfa.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/rateLimit.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/rbac.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/validate.ts +0 -0
- /package/apps/{gateway → os-server}/src/middleware/validate.ts.backup +0 -0
- /package/apps/{gateway → os-server}/src/queue/config.ts +0 -0
- /package/apps/{gateway → os-server}/src/queue/index.ts +0 -0
- /package/apps/{gateway → os-server}/src/queue/processor.ts +0 -0
- /package/apps/{gateway → os-server}/src/queue/sentinel-execute-watch.ts +0 -0
- /package/apps/{gateway → os-server}/src/routes/chats.ts +0 -0
- /package/apps/{gateway → os-server}/src/routes/mfa.ts +0 -0
- /package/apps/{gateway → os-server}/src/routes/shield.ts +0 -0
- /package/apps/{gateway → os-server}/src/routes/tool-credentials.ts +0 -0
- /package/apps/{gateway → os-server}/src/runs/index.ts +0 -0
- /package/apps/{gateway → os-server}/src/runs/memoryRunStore.ts +0 -0
- /package/apps/{gateway → os-server}/src/runs/postgresRunStore.ts +0 -0
- /package/apps/{gateway → os-server}/src/runs/run-kill.ts +0 -0
- /package/apps/{gateway → os-server}/src/runs/run-retention.ts +0 -0
- /package/apps/{gateway → os-server}/src/runs/runStore.ts +0 -0
- /package/apps/{gateway → os-server}/src/runs/types.ts +0 -0
- /package/apps/{gateway → os-server}/src/schemas/runs.ts +0 -0
- /package/apps/{gateway → os-server}/src/security/agent-token.ts +0 -0
- /package/apps/{gateway → os-server}/src/security/sentinel-config-store.ts +0 -0
- /package/apps/{gateway → os-server}/src/security/sentinel-run-failure.ts +0 -0
- /package/apps/{gateway → os-server}/src/security/shield-config.ts +0 -0
- /package/apps/{gateway → os-server}/src/types/fastify-rate-limit.d.ts +0 -0
- /package/apps/{gateway → os-server}/src/utils/circuit-breaker.ts +0 -0
- /package/apps/{gateway → os-server}/src/utils/log-encryption.ts +0 -0
- /package/apps/{gateway → os-server}/test-all-individual.sh +0 -0
- /package/apps/{gateway → os-server}/test-all-phases-final.sh +0 -0
- /package/apps/{gateway → os-server}/test-all-phases-fixed-v2.sh +0 -0
- /package/apps/{gateway → os-server}/test-all-phases-fixed.sh +0 -0
- /package/apps/{gateway → os-server}/test-all-phases.sh +0 -0
- /package/apps/{gateway → os-server}/test-concurrency.sh +0 -0
- /package/apps/{gateway → os-server}/test-debug.sh +0 -0
- /package/apps/{gateway → os-server}/test-e2e.sh +0 -0
- /package/apps/{gateway → os-server}/test-extraction.sh +0 -0
- /package/apps/{gateway → os-server}/test-full-operations-final.sh +0 -0
- /package/apps/{gateway → os-server}/test-full-operations.sh +0 -0
- /package/apps/{gateway → os-server}/test-idempotency-only.sh +0 -0
- /package/apps/{gateway → os-server}/test-idempotency.sh +0 -0
- /package/apps/{gateway → os-server}/test-individual.sh +0 -0
- /package/apps/{gateway → os-server}/test-queue.sh +0 -0
- /package/apps/{gateway → os-server}/tsconfig.json +0 -0
- /package/{mk3-tui → os-tui}/src/ui/connection_portal.rs.backup +0 -0
|
@@ -1,1506 +0,0 @@
|
|
|
1
|
-
import Fastify from 'fastify';
|
|
2
|
-
import { env, initializeNoPersistenceMode, isMemoryMode, memoryLogger, getBlockedWarnings, createLogger, Logger } from '@4runr/shared';
|
|
3
|
-
import { getPersistenceMode } from './config/persistence.js';
|
|
4
|
-
import { getRunStore } from './runs/index.js';
|
|
5
|
-
import { requireAuth } from './middleware/auth.js';
|
|
6
|
-
import { readRateLimit, writeRateLimit, strictRateLimit } from './middleware/rateLimit.js';
|
|
7
|
-
import { validateBody, validateQuery, validateParams } from './middleware/validate.js';
|
|
8
|
-
import { addCorrelationId, getCorrelationId } from './middleware/correlationId.js';
|
|
9
|
-
import { setSecurityHeaders, validateSecrets, logSecurityValidation } from './middleware/security.js';
|
|
10
|
-
import { applyShieldConfigFromEnv, logShieldConfigValidation } from './security/shield-config.js';
|
|
11
|
-
import { applyRunKill, isTerminalRunStatus, setRunKillSideEffects } from './runs/run-kill.js';
|
|
12
|
-
import { createGatewayCancelAdapter } from './adapters/gateway-cancel-adapter.js';
|
|
13
|
-
import { publishSentinelPolicyViolationFireAndForget } from './adapters/redis-sentinel-publisher.js';
|
|
14
|
-
import { setCancelAdapter, setPolicyViolationPublisher } from '@4runr/sentinel';
|
|
15
|
-
import { errorHandler, handleValidationError, handleNotFound } from './middleware/errorHandler.js';
|
|
16
|
-
import { performHealthChecks, isAlive, computeReady } from './health/index.js';
|
|
17
|
-
import {
|
|
18
|
-
createRunSchema,
|
|
19
|
-
listRunsQuerySchema,
|
|
20
|
-
runIdParamSchema,
|
|
21
|
-
updateRunStatusSchema,
|
|
22
|
-
workspacePlanSchema,
|
|
23
|
-
registryPublishSchema,
|
|
24
|
-
privacyToggleSchema
|
|
25
|
-
} from './schemas/runs.js';
|
|
26
|
-
import { disconnectPrisma } from './db/prisma.js';
|
|
27
|
-
import { getRedisClient, disconnectRedis, isRedisAvailable } from './db/redis.js';
|
|
28
|
-
import {
|
|
29
|
-
createIdempotencyMiddleware,
|
|
30
|
-
captureIdempotencyResponse,
|
|
31
|
-
} from '../../../packages/middleware/idempotency/idempotency.js';
|
|
32
|
-
import type { IdempotencyStore } from '../../../packages/adapters/redis/IdempotencyStore.js';
|
|
33
|
-
|
|
34
|
-
type IdempotencyPreHandler = ReturnType<typeof createIdempotencyMiddleware>;
|
|
35
|
-
// Idempotency stores - will be imported dynamically where needed
|
|
36
|
-
import { Sentinel } from '@4runr/sentinel';
|
|
37
|
-
import { Shield } from '@4runr/shield';
|
|
38
|
-
import { GatewayEventStream } from './adapters/sentinel-event-stream.js';
|
|
39
|
-
import {
|
|
40
|
-
initializeQueue,
|
|
41
|
-
queueRunExecution,
|
|
42
|
-
shutdownQueue,
|
|
43
|
-
getQueue,
|
|
44
|
-
} from './queue/index.js';
|
|
45
|
-
import { setProcessorContext } from './queue/processor.js';
|
|
46
|
-
import {
|
|
47
|
-
getMetrics,
|
|
48
|
-
httpRequestDuration,
|
|
49
|
-
httpRequestTotal,
|
|
50
|
-
httpRequestErrors,
|
|
51
|
-
runsCreated,
|
|
52
|
-
runsStarted,
|
|
53
|
-
runsCompleted,
|
|
54
|
-
runsDuration,
|
|
55
|
-
runsActive,
|
|
56
|
-
sseConnectionsOpened,
|
|
57
|
-
sseConnectionsClosed,
|
|
58
|
-
sseActiveConnections,
|
|
59
|
-
sseMessagesTotal,
|
|
60
|
-
idempotencyHits,
|
|
61
|
-
idempotencyMisses,
|
|
62
|
-
idempotencyConflicts,
|
|
63
|
-
idempotencyStoreSize,
|
|
64
|
-
rateLimitHits,
|
|
65
|
-
authSuccess,
|
|
66
|
-
authFailures,
|
|
67
|
-
queueJobsQueued,
|
|
68
|
-
queueJobsCompleted,
|
|
69
|
-
queueJobsFailed,
|
|
70
|
-
queueJobDuration,
|
|
71
|
-
queueJobsWaiting,
|
|
72
|
-
queueJobsActive,
|
|
73
|
-
healthCheckTotal,
|
|
74
|
-
} from './metrics/index.js';
|
|
75
|
-
import path from 'path';
|
|
76
|
-
import { registerDevKitRoutes } from './devkit/routes.js';
|
|
77
|
-
import { mfaRoutes } from './routes/mfa.js';
|
|
78
|
-
import { gdprRoutes } from './routes/gdpr.js';
|
|
79
|
-
import { registerMonitoringRoutes } from './routes/monitoring.js';
|
|
80
|
-
import { ddosProtection } from './middleware/ddos-protection.js';
|
|
81
|
-
import { wrapLoggerForMonitoring } from './middleware/log-capture.js';
|
|
82
|
-
import { initializeDatabase, shutdownDatabase } from './db/init.js';
|
|
83
|
-
import type { PrismaClient } from '@prisma/client';
|
|
84
|
-
import { applyPersistedSentinelConfig } from './security/sentinel-config-store.js';
|
|
85
|
-
|
|
86
|
-
// Initialize no-persistence mode BEFORE any other initialization (only in memory mode)
|
|
87
|
-
// This must happen before any filesystem writes or database connections
|
|
88
|
-
const projectRoot = process.cwd();
|
|
89
|
-
const persistenceMode = getPersistenceMode();
|
|
90
|
-
|
|
91
|
-
if (persistenceMode === 'memory') {
|
|
92
|
-
initializeNoPersistenceMode(projectRoot);
|
|
93
|
-
}
|
|
94
|
-
|
|
95
|
-
// Create structured logger (will be updated per-request with correlation ID)
|
|
96
|
-
let baseLogger = isMemoryMode ? memoryLogger : createLogger('Gateway');
|
|
97
|
-
|
|
98
|
-
// Wrap logger to capture logs for monitoring endpoints (Phase 0)
|
|
99
|
-
baseLogger = wrapLoggerForMonitoring(baseLogger);
|
|
100
|
-
|
|
101
|
-
const PORT = env.PORT;
|
|
102
|
-
const HOST = env.HOST;
|
|
103
|
-
/** Monitoring-style routes skip `requireAuth` only when Gateway binds to loopback (`AUTH_ENABLED` still applies elsewhere in `requireAuth`). */
|
|
104
|
-
const isLocalBind = HOST === '127.0.0.1' || HOST === 'localhost';
|
|
105
|
-
|
|
106
|
-
// Initialize run store lazily (memory or postgres based on GATEWAY_PERSISTENCE)
|
|
107
|
-
// Don't initialize PostgresRunStore here as it requires Prisma client which may not be generated yet
|
|
108
|
-
let runStore: ReturnType<typeof getRunStore> | null = null;
|
|
109
|
-
const getStore = () => {
|
|
110
|
-
if (!runStore) {
|
|
111
|
-
runStore = getRunStore();
|
|
112
|
-
}
|
|
113
|
-
return runStore;
|
|
114
|
-
};
|
|
115
|
-
|
|
116
|
-
// Database client (will be initialized during startup)
|
|
117
|
-
let dbClient: PrismaClient | null = null;
|
|
118
|
-
|
|
119
|
-
// Initialize idempotency store
|
|
120
|
-
// CRITICAL: Initialize synchronously - this MUST complete before routes register
|
|
121
|
-
const ttlSeconds = 24 * 60 * 60; // 24 hours
|
|
122
|
-
let idempotencyStore: IdempotencyStore | null = null;
|
|
123
|
-
let idempotencyMiddleware: IdempotencyPreHandler | null = null;
|
|
124
|
-
|
|
125
|
-
// Synchronous initialization - wrapped in IIFE to ensure execution
|
|
126
|
-
(async function initializeIdempotencySync() {
|
|
127
|
-
try {
|
|
128
|
-
// Dynamic import to handle module resolution
|
|
129
|
-
const { InMemoryIdempotencyStore } = await import('../../../packages/adapters/redis/IdempotencyStore.js');
|
|
130
|
-
idempotencyStore = new InMemoryIdempotencyStore(ttlSeconds);
|
|
131
|
-
idempotencyMiddleware = createIdempotencyMiddleware({
|
|
132
|
-
enabled: true,
|
|
133
|
-
ttlSeconds,
|
|
134
|
-
store: idempotencyStore,
|
|
135
|
-
});
|
|
136
|
-
baseLogger.info('[IDEMPOTENCY] Middleware initialized synchronously');
|
|
137
|
-
} catch (error) {
|
|
138
|
-
const errorMsg = error instanceof Error ? error.message : String(error);
|
|
139
|
-
const errorStack = error instanceof Error ? error.stack : undefined;
|
|
140
|
-
baseLogger.error('[IDEMPOTENCY] Failed to initialize', {
|
|
141
|
-
error: errorMsg,
|
|
142
|
-
stack: errorStack
|
|
143
|
-
});
|
|
144
|
-
// Continue without idempotency - better than crashing
|
|
145
|
-
}
|
|
146
|
-
})();
|
|
147
|
-
|
|
148
|
-
// Try to upgrade to Redis if available (non-blocking)
|
|
149
|
-
async function initializeIdempotency() {
|
|
150
|
-
try {
|
|
151
|
-
const redisClient = await getRedisClient();
|
|
152
|
-
if (redisClient) {
|
|
153
|
-
const { RedisIdempotencyStore } = await import('../../../packages/adapters/redis/IdempotencyStore.js');
|
|
154
|
-
const redisStore = new RedisIdempotencyStore(redisClient, ttlSeconds);
|
|
155
|
-
idempotencyStore = redisStore;
|
|
156
|
-
idempotencyMiddleware = createIdempotencyMiddleware({
|
|
157
|
-
enabled: true,
|
|
158
|
-
ttlSeconds,
|
|
159
|
-
store: redisStore,
|
|
160
|
-
});
|
|
161
|
-
baseLogger.info('Idempotency store upgraded to Redis');
|
|
162
|
-
} else {
|
|
163
|
-
baseLogger.warn('Idempotency store using in-memory fallback (Redis not available)');
|
|
164
|
-
}
|
|
165
|
-
} catch (err) {
|
|
166
|
-
baseLogger.error('Failed to initialize Redis idempotency store', { error: err instanceof Error ? err.message : String(err) });
|
|
167
|
-
baseLogger.warn('Continuing with in-memory idempotency store');
|
|
168
|
-
}
|
|
169
|
-
}
|
|
170
|
-
|
|
171
|
-
// Initialize Redis upgrade in background (non-blocking)
|
|
172
|
-
initializeIdempotency().catch(() => {
|
|
173
|
-
// Already handled in function
|
|
174
|
-
});
|
|
175
|
-
|
|
176
|
-
// Create Fastify instance
|
|
177
|
-
const fastify = Fastify({
|
|
178
|
-
logger: false, // We use our own structured logger
|
|
179
|
-
trustProxy: true
|
|
180
|
-
});
|
|
181
|
-
|
|
182
|
-
// Add security headers middleware (before other hooks)
|
|
183
|
-
fastify.addHook('onRequest', async (request, reply) => {
|
|
184
|
-
await setSecurityHeaders(request, reply);
|
|
185
|
-
});
|
|
186
|
-
|
|
187
|
-
// Add correlation ID middleware globally
|
|
188
|
-
fastify.addHook('onRequest', async (request, reply) => {
|
|
189
|
-
await addCorrelationId(request, reply);
|
|
190
|
-
|
|
191
|
-
const correlationId = getCorrelationId(request);
|
|
192
|
-
if (correlationId) {
|
|
193
|
-
const requestLogger = wrapLoggerForMonitoring(createLogger('Gateway'));
|
|
194
|
-
requestLogger.setCorrelationId(correlationId);
|
|
195
|
-
(request as any).logger = requestLogger;
|
|
196
|
-
} else {
|
|
197
|
-
(request as any).logger = baseLogger;
|
|
198
|
-
}
|
|
199
|
-
});
|
|
200
|
-
|
|
201
|
-
// Add request timing and metrics
|
|
202
|
-
fastify.addHook('onRequest', async (request, reply) => {
|
|
203
|
-
(request as any).startTime = Date.now();
|
|
204
|
-
});
|
|
205
|
-
|
|
206
|
-
fastify.addHook('onResponse', async (request, reply) => {
|
|
207
|
-
const startTime = (request as any).startTime;
|
|
208
|
-
if (startTime) {
|
|
209
|
-
const duration = (Date.now() - startTime) / 1000; // Convert to seconds
|
|
210
|
-
const method = request.method;
|
|
211
|
-
const route = (request as any).routeOptions?.url || request.url.split('?')[0] || 'unknown';
|
|
212
|
-
const statusCode = reply.statusCode;
|
|
213
|
-
|
|
214
|
-
// Record metrics
|
|
215
|
-
httpRequestDuration.observe({ method, route, status_code: statusCode }, duration);
|
|
216
|
-
httpRequestTotal.inc({ method, route, status_code: statusCode });
|
|
217
|
-
|
|
218
|
-
if (statusCode >= 400) {
|
|
219
|
-
httpRequestErrors.inc({ method, route, error_type: statusCode >= 500 ? 'server_error' : 'client_error' });
|
|
220
|
-
}
|
|
221
|
-
}
|
|
222
|
-
});
|
|
223
|
-
|
|
224
|
-
// Configure content type parser to handle empty bodies
|
|
225
|
-
fastify.addContentTypeParser('application/json', { parseAs: 'string' }, function (req, body, done) {
|
|
226
|
-
try {
|
|
227
|
-
if (body === '') {
|
|
228
|
-
done(null, {});
|
|
229
|
-
} else {
|
|
230
|
-
const json = JSON.parse(body as string);
|
|
231
|
-
done(null, json);
|
|
232
|
-
}
|
|
233
|
-
} catch (err) {
|
|
234
|
-
const error = err as Error;
|
|
235
|
-
(error as any).statusCode = 400;
|
|
236
|
-
done(error, undefined);
|
|
237
|
-
}
|
|
238
|
-
});
|
|
239
|
-
|
|
240
|
-
// Register global error handler
|
|
241
|
-
fastify.setErrorHandler((error, request, reply) => {
|
|
242
|
-
if ((error as any).validation) {
|
|
243
|
-
handleValidationError(error as any, request, reply);
|
|
244
|
-
} else {
|
|
245
|
-
errorHandler(error as Error, request, reply);
|
|
246
|
-
}
|
|
247
|
-
});
|
|
248
|
-
|
|
249
|
-
// Register 404 handler
|
|
250
|
-
fastify.setNotFoundHandler((request, reply) => {
|
|
251
|
-
handleNotFound(request, reply);
|
|
252
|
-
});
|
|
253
|
-
|
|
254
|
-
// === DATABASE INITIALIZATION ===
|
|
255
|
-
// Initialize database (Docker auto-start or existing connection)
|
|
256
|
-
// Must happen before DevKit routes (they require Prisma)
|
|
257
|
-
baseLogger.info('Initializing database...');
|
|
258
|
-
const dbResult = await initializeDatabase(baseLogger);
|
|
259
|
-
|
|
260
|
-
if (dbResult.mode === 'memory') {
|
|
261
|
-
baseLogger.warn('⚠️ Running in memory-only mode. Data will not persist across restarts.');
|
|
262
|
-
if (dbResult.error) {
|
|
263
|
-
baseLogger.warn(`Database initialization failed: ${dbResult.error}`);
|
|
264
|
-
}
|
|
265
|
-
if (dbResult.warnings) {
|
|
266
|
-
dbResult.warnings.forEach(w => baseLogger.warn(` • ${w}`));
|
|
267
|
-
}
|
|
268
|
-
} else {
|
|
269
|
-
baseLogger.info(`✓ Database ready (${dbResult.mode} mode)`);
|
|
270
|
-
dbClient = dbResult.client;
|
|
271
|
-
}
|
|
272
|
-
|
|
273
|
-
// Register DevKit routes (dev-only API namespace)
|
|
274
|
-
// Must be registered before other routes to ensure proper priority
|
|
275
|
-
// Only available when we have a real database (not memory mode)
|
|
276
|
-
if (dbResult.client && persistenceMode !== 'memory') {
|
|
277
|
-
baseLogger.info('Registering DevKit routes...');
|
|
278
|
-
registerDevKitRoutes(fastify);
|
|
279
|
-
baseLogger.info('✓ DevKit routes registered');
|
|
280
|
-
} else {
|
|
281
|
-
baseLogger.info('DevKit routes disabled (memory mode)');
|
|
282
|
-
}
|
|
283
|
-
|
|
284
|
-
// Health endpoint (liveness probe - no auth required)
|
|
285
|
-
fastify.get('/health', async (request, reply) => {
|
|
286
|
-
const alive = isAlive();
|
|
287
|
-
const { getMetricsSummary } = await import('./metrics/index.js');
|
|
288
|
-
const summary = await getMetricsSummary();
|
|
289
|
-
const healthChecks = await performHealthChecks(); // S5: include Shield + all checks
|
|
290
|
-
|
|
291
|
-
const statusCode = alive ? 200 : 503;
|
|
292
|
-
reply.status(statusCode);
|
|
293
|
-
|
|
294
|
-
// Track actual HTTP status (not just 200)
|
|
295
|
-
healthCheckTotal.inc({ endpoint: '/health', status: String(statusCode) });
|
|
296
|
-
|
|
297
|
-
return {
|
|
298
|
-
ok: alive,
|
|
299
|
-
status: alive ? 'alive' : 'dead',
|
|
300
|
-
time: new Date().toISOString(),
|
|
301
|
-
uptime: summary.uptime,
|
|
302
|
-
memory: summary.memory,
|
|
303
|
-
cpu: summary.cpu,
|
|
304
|
-
persistence: persistenceMode,
|
|
305
|
-
/** 4Runr platform DB: docker = Postgres via Docker; memory = no DB */
|
|
306
|
-
fourRunrDb: {
|
|
307
|
-
mode: dbResult.mode,
|
|
308
|
-
prismaConnected: !!dbClient,
|
|
309
|
-
},
|
|
310
|
-
auth: {
|
|
311
|
-
enabled: env.AUTH_ENABLED,
|
|
312
|
-
mode: env.AUTH_MODE
|
|
313
|
-
},
|
|
314
|
-
rateLimit: {
|
|
315
|
-
enabled: env.RATE_LIMIT_ENABLED,
|
|
316
|
-
max: env.RATE_LIMIT_MAX,
|
|
317
|
-
window_ms: env.RATE_LIMIT_WINDOW_MS
|
|
318
|
-
},
|
|
319
|
-
checks: healthChecks.checks, // S5: dependency + Shield health
|
|
320
|
-
};
|
|
321
|
-
});
|
|
322
|
-
|
|
323
|
-
// Readiness endpoint (checks all dependencies)
|
|
324
|
-
fastify.get('/ready', async (request, reply) => {
|
|
325
|
-
const health = await performHealthChecks();
|
|
326
|
-
const ready = computeReady(health);
|
|
327
|
-
|
|
328
|
-
const statusCode = ready ? 200 : 503;
|
|
329
|
-
reply.status(statusCode);
|
|
330
|
-
|
|
331
|
-
healthCheckTotal.inc({ endpoint: '/ready', status: String(statusCode) });
|
|
332
|
-
|
|
333
|
-
return {
|
|
334
|
-
ready,
|
|
335
|
-
status: health.status,
|
|
336
|
-
timestamp: new Date().toISOString(),
|
|
337
|
-
checks: health.checks
|
|
338
|
-
};
|
|
339
|
-
});
|
|
340
|
-
|
|
341
|
-
// Liveness endpoint (simple alive check)
|
|
342
|
-
fastify.get('/liveness', async (request, reply) => {
|
|
343
|
-
const alive = isAlive();
|
|
344
|
-
const statusCode = alive ? 200 : 503;
|
|
345
|
-
reply.status(statusCode);
|
|
346
|
-
|
|
347
|
-
return {
|
|
348
|
-
alive,
|
|
349
|
-
timestamp: new Date().toISOString()
|
|
350
|
-
};
|
|
351
|
-
});
|
|
352
|
-
|
|
353
|
-
// Startup probe (check if server has started)
|
|
354
|
-
fastify.get('/startup', async (request, reply) => {
|
|
355
|
-
// Server is started if this endpoint is accessible
|
|
356
|
-
return {
|
|
357
|
-
started: true,
|
|
358
|
-
timestamp: new Date().toISOString()
|
|
359
|
-
};
|
|
360
|
-
});
|
|
361
|
-
|
|
362
|
-
// In-memory storage for SSE connections
|
|
363
|
-
const sseConnections = new Map<string, Set<any>>();
|
|
364
|
-
|
|
365
|
-
// Sentinel integration - event streams for each run
|
|
366
|
-
const sentinelEventStreams = new Map<string, GatewayEventStream>();
|
|
367
|
-
const sentinel = Sentinel.getInstance();
|
|
368
|
-
applyPersistedSentinelConfig(sentinel, baseLogger);
|
|
369
|
-
|
|
370
|
-
// Shield integration - AI Safety Layer (mode from SENTINEL_SHIELD_MODE — see shield-config.ts)
|
|
371
|
-
const shield = Shield.getInstance();
|
|
372
|
-
applyShieldConfigFromEnv(shield, env.SENTINEL_SHIELD_MODE);
|
|
373
|
-
|
|
374
|
-
// Initialize queue system
|
|
375
|
-
// Queue will be initialized during server startup
|
|
376
|
-
let queueInitialized = false;
|
|
377
|
-
|
|
378
|
-
// Metrics endpoint (no auth required)
|
|
379
|
-
fastify.get('/metrics', async (request, reply) => {
|
|
380
|
-
reply.header('X-Gateway', 'main');
|
|
381
|
-
|
|
382
|
-
// Update gauge metrics
|
|
383
|
-
const activeConnections = Array.from(sseConnections.values()).reduce((sum, connections) => sum + connections.size, 0);
|
|
384
|
-
sseActiveConnections.set(activeConnections);
|
|
385
|
-
|
|
386
|
-
const runQueue = getQueue();
|
|
387
|
-
if (runQueue) {
|
|
388
|
-
try {
|
|
389
|
-
// BullMQ v4+ getJobCounts: pass state names as separate args, returns exact keys
|
|
390
|
-
const counts = await runQueue.getJobCounts(
|
|
391
|
-
'waiting',
|
|
392
|
-
'active',
|
|
393
|
-
'completed',
|
|
394
|
-
'failed',
|
|
395
|
-
'delayed',
|
|
396
|
-
'paused'
|
|
397
|
-
) as Record<string, number>;
|
|
398
|
-
const waiting = counts['waiting'] ?? 0;
|
|
399
|
-
const activeJobs = counts['active'] ?? 0;
|
|
400
|
-
queueJobsWaiting.set({ queue: 'run-execution' }, waiting);
|
|
401
|
-
queueJobsActive.set({ queue: 'run-execution' }, activeJobs);
|
|
402
|
-
} catch (err) {
|
|
403
|
-
baseLogger.warn('Failed to refresh queue depth metrics', {
|
|
404
|
-
error: err instanceof Error ? err.message : String(err),
|
|
405
|
-
});
|
|
406
|
-
}
|
|
407
|
-
}
|
|
408
|
-
|
|
409
|
-
// Get Prometheus metrics
|
|
410
|
-
const prometheusMetrics = await getMetrics();
|
|
411
|
-
|
|
412
|
-
reply.type('text/plain');
|
|
413
|
-
return prometheusMetrics;
|
|
414
|
-
});
|
|
415
|
-
|
|
416
|
-
// Enhanced monitoring endpoint for dashboards
|
|
417
|
-
fastify.get(
|
|
418
|
-
'/api/monitoring/summary',
|
|
419
|
-
{
|
|
420
|
-
...(!isLocalBind && { preHandler: [requireAuth, readRateLimit] }),
|
|
421
|
-
},
|
|
422
|
-
async (request, reply) => {
|
|
423
|
-
const { getMetricsSummary } = await import('./metrics/index.js');
|
|
424
|
-
const summary = await getMetricsSummary();
|
|
425
|
-
|
|
426
|
-
const dependencies = await performHealthChecks();
|
|
427
|
-
const readyStatus = computeReady(dependencies);
|
|
428
|
-
|
|
429
|
-
return {
|
|
430
|
-
status: dependencies.status,
|
|
431
|
-
alive: isAlive(),
|
|
432
|
-
ready: readyStatus,
|
|
433
|
-
uptime: summary.uptime,
|
|
434
|
-
memory: summary.memory,
|
|
435
|
-
cpu: summary.cpu,
|
|
436
|
-
dependencies,
|
|
437
|
-
timestamp: summary.timestamp,
|
|
438
|
-
persistence: persistenceMode,
|
|
439
|
-
database: {
|
|
440
|
-
mode: dbResult.mode,
|
|
441
|
-
connected: !!dbClient,
|
|
442
|
-
},
|
|
443
|
-
};
|
|
444
|
-
}
|
|
445
|
-
);
|
|
446
|
-
|
|
447
|
-
// Register advanced monitoring routes (Phase 0)
|
|
448
|
-
// SECURITY: In production, these require auth. For local dev (127.0.0.1), consider skipping auth.
|
|
449
|
-
// Deployment guidance: use network policy to restrict access or enable requireAuth.
|
|
450
|
-
registerMonitoringRoutes(fastify, {
|
|
451
|
-
requireAuth: isLocalBind ? false : requireAuth, // Explicitly false for local bind, function for non-loopback
|
|
452
|
-
readRateLimit: readRateLimit,
|
|
453
|
-
});
|
|
454
|
-
|
|
455
|
-
// Apply DDoS protection globally (before other middleware)
|
|
456
|
-
fastify.addHook('onRequest', ddosProtection);
|
|
457
|
-
|
|
458
|
-
// Workspace plan endpoint (requires auth)
|
|
459
|
-
fastify.post('/api/workspace/plan', {
|
|
460
|
-
preHandler: [requireAuth, writeRateLimit, validateBody(workspacePlanSchema)],
|
|
461
|
-
}, async (request, reply) => {
|
|
462
|
-
const body = request.body as any;
|
|
463
|
-
const logger = (request as any).logger || baseLogger;
|
|
464
|
-
logger.info('Setting workspace plan', { prompt: body.prompt?.substring(0, 50) });
|
|
465
|
-
|
|
466
|
-
return {
|
|
467
|
-
success: true,
|
|
468
|
-
prompt: body.prompt,
|
|
469
|
-
updated_at: new Date().toISOString()
|
|
470
|
-
};
|
|
471
|
-
});
|
|
472
|
-
|
|
473
|
-
// Create run endpoint (requires auth)
|
|
474
|
-
const preHandlers = [
|
|
475
|
-
requireAuth,
|
|
476
|
-
writeRateLimit,
|
|
477
|
-
validateBody(createRunSchema),
|
|
478
|
-
];
|
|
479
|
-
|
|
480
|
-
// Add idempotency middleware if available
|
|
481
|
-
|
|
482
|
-
if (idempotencyMiddleware) {
|
|
483
|
-
preHandlers.push(idempotencyMiddleware);
|
|
484
|
-
baseLogger.info('[IDEMPOTENCY] Middleware added to /api/runs route');
|
|
485
|
-
} else {
|
|
486
|
-
baseLogger.warn('[IDEMPOTENCY] Middleware not available for /api/runs route');
|
|
487
|
-
}
|
|
488
|
-
|
|
489
|
-
// AI Provider routes
|
|
490
|
-
try {
|
|
491
|
-
const { aiProviderRoutes } = await import('./routes/ai-providers-simple.js');
|
|
492
|
-
await aiProviderRoutes(fastify);
|
|
493
|
-
baseLogger.info('AI Provider routes registered');
|
|
494
|
-
|
|
495
|
-
// Load stored credentials from Redis on startup (only if Redis available)
|
|
496
|
-
// Don't block server startup or spam retry logs when Redis is down
|
|
497
|
-
Promise.resolve().then(async () => {
|
|
498
|
-
try {
|
|
499
|
-
// Check if Redis is actually available before instantiating client
|
|
500
|
-
const redisAvailable = await isRedisAvailable();
|
|
501
|
-
if (!redisAvailable) {
|
|
502
|
-
baseLogger.info('Redis not available, skipping credential store initialization');
|
|
503
|
-
return;
|
|
504
|
-
}
|
|
505
|
-
|
|
506
|
-
const { getCredentialsStore } = await import('./ai-providers/redis-credentials-store.js');
|
|
507
|
-
const credStore = getCredentialsStore();
|
|
508
|
-
|
|
509
|
-
// Race the loadAllToEnv() against a 5-second timeout
|
|
510
|
-
const timeoutPromise = new Promise((_, reject) =>
|
|
511
|
-
setTimeout(() => reject(new Error('Redis credential load timed out after 5s')), 5000)
|
|
512
|
-
);
|
|
513
|
-
|
|
514
|
-
await Promise.race([
|
|
515
|
-
credStore.loadAllToEnv(),
|
|
516
|
-
timeoutPromise
|
|
517
|
-
]);
|
|
518
|
-
|
|
519
|
-
baseLogger.info('AI Provider credentials loaded from Redis');
|
|
520
|
-
} catch (credError) {
|
|
521
|
-
baseLogger.warn('Failed to load AI credentials from Redis (non-critical)', {
|
|
522
|
-
error: credError instanceof Error ? credError.message : String(credError)
|
|
523
|
-
});
|
|
524
|
-
}
|
|
525
|
-
}).catch((err) => {
|
|
526
|
-
baseLogger.warn('Redis credential loading failed, continuing without stored credentials');
|
|
527
|
-
});
|
|
528
|
-
} catch (error) {
|
|
529
|
-
baseLogger.warn('AI Provider routes not available', { error });
|
|
530
|
-
}
|
|
531
|
-
|
|
532
|
-
// Chat history routes
|
|
533
|
-
try {
|
|
534
|
-
const { chatRoutes } = await import('./routes/chats.js');
|
|
535
|
-
await chatRoutes(fastify);
|
|
536
|
-
baseLogger.info('Chat history routes registered');
|
|
537
|
-
} catch (error) {
|
|
538
|
-
baseLogger.warn('Chat history routes not available', { error });
|
|
539
|
-
}
|
|
540
|
-
|
|
541
|
-
// LAYER 2: Tool Credentials Management (Zero-Trust Tool Access)
|
|
542
|
-
try {
|
|
543
|
-
const { toolCredentialRoutes } = await import('./routes/tool-credentials.js');
|
|
544
|
-
await toolCredentialRoutes(fastify);
|
|
545
|
-
baseLogger.info('Tool credential routes registered (Layer 2 - Storage)');
|
|
546
|
-
} catch (error) {
|
|
547
|
-
baseLogger.warn('Tool credential routes not available', { error: error instanceof Error ? error.message : String(error) });
|
|
548
|
-
}
|
|
549
|
-
|
|
550
|
-
// LAYER 2: Tool Proxy (Zero-Trust Execution)
|
|
551
|
-
try {
|
|
552
|
-
const { toolProxyRoutes } = await import('./routes/tool-proxy.js');
|
|
553
|
-
await toolProxyRoutes(fastify);
|
|
554
|
-
baseLogger.info('Tool proxy routes registered (Layer 2 - Execution)');
|
|
555
|
-
} catch (error) {
|
|
556
|
-
baseLogger.warn('Tool proxy routes not available', { error: error instanceof Error ? error.message : String(error) });
|
|
557
|
-
}
|
|
558
|
-
|
|
559
|
-
// SENTINEL: Policy Management Routes
|
|
560
|
-
try {
|
|
561
|
-
const { sentinelPolicyRoutes } = await import('./routes/sentinel-policies.js');
|
|
562
|
-
await sentinelPolicyRoutes(fastify);
|
|
563
|
-
baseLogger.info('Sentinel policy routes registered');
|
|
564
|
-
} catch (error) {
|
|
565
|
-
baseLogger.warn('Sentinel policy routes not available', { error: error instanceof Error ? error.message : String(error) });
|
|
566
|
-
}
|
|
567
|
-
|
|
568
|
-
// SENTINEL: Predictive Routes
|
|
569
|
-
try {
|
|
570
|
-
const { sentinelPredictiveRoutes } = await import('./routes/sentinel-predictive.js');
|
|
571
|
-
await sentinelPredictiveRoutes(fastify);
|
|
572
|
-
baseLogger.info('Sentinel predictive routes registered');
|
|
573
|
-
} catch (error) {
|
|
574
|
-
baseLogger.warn('Sentinel predictive routes not available', { error: error instanceof Error ? error.message : String(error) });
|
|
575
|
-
}
|
|
576
|
-
|
|
577
|
-
// SHIELD: AI Safety Layer Routes
|
|
578
|
-
try {
|
|
579
|
-
baseLogger.info('Attempting to register Shield routes...');
|
|
580
|
-
const { shieldRoutes } = await import('./routes/shield.js');
|
|
581
|
-
baseLogger.info('Shield routes module imported successfully');
|
|
582
|
-
await shieldRoutes(fastify);
|
|
583
|
-
baseLogger.info('Shield routes registered successfully');
|
|
584
|
-
} catch (error) {
|
|
585
|
-
baseLogger.error('Shield routes registration failed', {
|
|
586
|
-
error: error instanceof Error ? error.message : String(error),
|
|
587
|
-
stack: error instanceof Error ? error.stack : undefined
|
|
588
|
-
});
|
|
589
|
-
}
|
|
590
|
-
|
|
591
|
-
// MFA and GDPR routes will be registered in start() function
|
|
592
|
-
|
|
593
|
-
fastify.post('/api/runs', {
|
|
594
|
-
preHandler: preHandlers,
|
|
595
|
-
onSend: [captureIdempotencyResponse],
|
|
596
|
-
}, async (request, reply) => {
|
|
597
|
-
const body = request.body as any;
|
|
598
|
-
const logger = (request as any).logger || baseLogger;
|
|
599
|
-
|
|
600
|
-
// Check for idempotency token (clientToken) - legacy support
|
|
601
|
-
if (body.clientToken && !request.headers['idempotency-key']) {
|
|
602
|
-
const existingRun = await getStore().getRunByClientToken(body.clientToken);
|
|
603
|
-
if (existingRun) {
|
|
604
|
-
idempotencyHits.inc();
|
|
605
|
-
reply.status(200);
|
|
606
|
-
return {
|
|
607
|
-
success: true,
|
|
608
|
-
run: existingRun,
|
|
609
|
-
idempotent: true
|
|
610
|
-
};
|
|
611
|
-
}
|
|
612
|
-
}
|
|
613
|
-
|
|
614
|
-
// Create new run
|
|
615
|
-
const runStartTime = Date.now();
|
|
616
|
-
const run = await getStore().createRun({
|
|
617
|
-
id: body.id,
|
|
618
|
-
name: body.name || 'Test Run',
|
|
619
|
-
input: body.input || null,
|
|
620
|
-
clientToken: body.clientToken || null,
|
|
621
|
-
tags: body.tags || []
|
|
622
|
-
});
|
|
623
|
-
|
|
624
|
-
runsCreated.inc({ status: run.status });
|
|
625
|
-
runsActive.inc();
|
|
626
|
-
logger.info('Run created', { runId: run.id, name: run.name });
|
|
627
|
-
|
|
628
|
-
const { scheduleRunRetentionEnforcement } = await import('./runs/run-retention.js');
|
|
629
|
-
scheduleRunRetentionEnforcement();
|
|
630
|
-
|
|
631
|
-
// Create Sentinel event stream for this run
|
|
632
|
-
const eventStream = new GatewayEventStream();
|
|
633
|
-
sentinelEventStreams.set(run.id, eventStream);
|
|
634
|
-
|
|
635
|
-
// Emit created event
|
|
636
|
-
eventStream.emitCreated(run.id);
|
|
637
|
-
|
|
638
|
-
// Emit events to any waiting SSE connections
|
|
639
|
-
const connections = sseConnections.get(run.id);
|
|
640
|
-
if (connections) {
|
|
641
|
-
connections.forEach(connection => {
|
|
642
|
-
connection.write(`event: log\ndata: ${JSON.stringify({
|
|
643
|
-
type: 'run_created',
|
|
644
|
-
runId: run.id,
|
|
645
|
-
timestamp: new Date().toISOString()
|
|
646
|
-
})}\n\n`);
|
|
647
|
-
sseMessagesTotal.inc();
|
|
648
|
-
});
|
|
649
|
-
}
|
|
650
|
-
|
|
651
|
-
reply.status(201);
|
|
652
|
-
return {
|
|
653
|
-
success: true,
|
|
654
|
-
run: run
|
|
655
|
-
};
|
|
656
|
-
});
|
|
657
|
-
|
|
658
|
-
// List all runs endpoint (requires auth)
|
|
659
|
-
fastify.get('/api/runs', {
|
|
660
|
-
preHandler: [requireAuth, readRateLimit, validateQuery(listRunsQuerySchema)],
|
|
661
|
-
}, async (request, reply) => {
|
|
662
|
-
const query = request.query as any;
|
|
663
|
-
const filter: any = {};
|
|
664
|
-
|
|
665
|
-
if (query.status) {
|
|
666
|
-
filter.status = query.status;
|
|
667
|
-
}
|
|
668
|
-
if (query.tag) {
|
|
669
|
-
filter.tag = query.tag;
|
|
670
|
-
}
|
|
671
|
-
if (query.limit) {
|
|
672
|
-
filter.limit = parseInt(query.limit, 10);
|
|
673
|
-
}
|
|
674
|
-
|
|
675
|
-
const runs = await getStore().listRuns(filter);
|
|
676
|
-
return { runs };
|
|
677
|
-
});
|
|
678
|
-
|
|
679
|
-
// Get run endpoint (requires auth)
|
|
680
|
-
fastify.get('/api/runs/:id', {
|
|
681
|
-
preHandler: [requireAuth, readRateLimit, validateParams(runIdParamSchema)],
|
|
682
|
-
}, async (request, reply) => {
|
|
683
|
-
const { id } = request.params as { id: string };
|
|
684
|
-
const run = await getStore().getRunById(id);
|
|
685
|
-
|
|
686
|
-
if (!run) {
|
|
687
|
-
return reply.status(404).send({ error: 'Run not found' });
|
|
688
|
-
}
|
|
689
|
-
|
|
690
|
-
// Return the run data directly (not wrapped in success/run)
|
|
691
|
-
return run;
|
|
692
|
-
});
|
|
693
|
-
|
|
694
|
-
// Start run endpoint (requires auth)
|
|
695
|
-
fastify.post('/api/runs/:id/start', {
|
|
696
|
-
preHandler: [requireAuth, writeRateLimit, validateParams(runIdParamSchema)],
|
|
697
|
-
}, async (request, reply) => {
|
|
698
|
-
const { id } = request.params as { id: string };
|
|
699
|
-
const body = request.body as any;
|
|
700
|
-
const run = await getStore().getRunById(id);
|
|
701
|
-
|
|
702
|
-
if (!run) {
|
|
703
|
-
return reply.status(404).send({ error: 'Run not found' });
|
|
704
|
-
}
|
|
705
|
-
|
|
706
|
-
// Check if run is already running, queued, completed, or failed
|
|
707
|
-
if (run.status === 'running' || run.status === 'queued' || run.status === 'completed' || run.status === 'failed') {
|
|
708
|
-
return reply.status(400).send({
|
|
709
|
-
error: `Run is already ${run.status}`,
|
|
710
|
-
run
|
|
711
|
-
});
|
|
712
|
-
}
|
|
713
|
-
|
|
714
|
-
const logger = (request as any).logger || baseLogger;
|
|
715
|
-
|
|
716
|
-
// Get priority from request body (default: normal)
|
|
717
|
-
const priority = body?.priority || 'normal';
|
|
718
|
-
if (!['high', 'normal', 'low'].includes(priority)) {
|
|
719
|
-
return reply.status(400).send({
|
|
720
|
-
error: 'Invalid priority. Must be: high, normal, or low'
|
|
721
|
-
});
|
|
722
|
-
}
|
|
723
|
-
|
|
724
|
-
// Update run status to queued if queue is available, otherwise running
|
|
725
|
-
const queue = getQueue();
|
|
726
|
-
if (queue) {
|
|
727
|
-
// Queue is available - queue the job
|
|
728
|
-
try {
|
|
729
|
-
await getStore().updateRunStatus(id, 'queued', {
|
|
730
|
-
startedAt: null // Will be set when job starts processing
|
|
731
|
-
});
|
|
732
|
-
|
|
733
|
-
await queueRunExecution(id, priority);
|
|
734
|
-
queueJobsQueued.inc({ queue: 'run-execution', priority });
|
|
735
|
-
|
|
736
|
-
logger.info('Run queued for execution', { runId: id, priority });
|
|
737
|
-
|
|
738
|
-
const updatedRun = await getStore().getRunById(id);
|
|
739
|
-
|
|
740
|
-
// Emit queued event to SSE connections
|
|
741
|
-
const connections = sseConnections.get(id);
|
|
742
|
-
if (connections) {
|
|
743
|
-
connections.forEach(connection => {
|
|
744
|
-
connection.write(`event: log\ndata: ${JSON.stringify({
|
|
745
|
-
type: 'run_queued',
|
|
746
|
-
runId: id,
|
|
747
|
-
status: 'queued',
|
|
748
|
-
priority,
|
|
749
|
-
timestamp: new Date().toISOString()
|
|
750
|
-
})}\n\n`);
|
|
751
|
-
sseMessagesTotal.inc();
|
|
752
|
-
});
|
|
753
|
-
}
|
|
754
|
-
|
|
755
|
-
return {
|
|
756
|
-
success: true,
|
|
757
|
-
run: updatedRun,
|
|
758
|
-
queued: true
|
|
759
|
-
};
|
|
760
|
-
} catch (error) {
|
|
761
|
-
logger.error('Failed to queue run execution', {
|
|
762
|
-
runId: id,
|
|
763
|
-
error: error instanceof Error ? error.message : String(error)
|
|
764
|
-
});
|
|
765
|
-
return reply.status(500).send({
|
|
766
|
-
error: 'Failed to queue run execution',
|
|
767
|
-
message: error instanceof Error ? error.message : String(error)
|
|
768
|
-
});
|
|
769
|
-
}
|
|
770
|
-
} else {
|
|
771
|
-
// Queue not available - fall back to synchronous execution
|
|
772
|
-
logger.warn('Queue not available, using synchronous execution', { runId: id });
|
|
773
|
-
|
|
774
|
-
await getStore().updateRunStatus(id, 'running', {
|
|
775
|
-
startedAt: new Date().toISOString()
|
|
776
|
-
});
|
|
777
|
-
|
|
778
|
-
runsStarted.inc();
|
|
779
|
-
const updatedRun = await getStore().getRunById(id);
|
|
780
|
-
|
|
781
|
-
// Start Sentinel monitoring for this run
|
|
782
|
-
const eventStream = sentinelEventStreams.get(id);
|
|
783
|
-
if (eventStream) {
|
|
784
|
-
if (sentinel.isEnabled()) {
|
|
785
|
-
sentinel.watchRun(id, eventStream);
|
|
786
|
-
logger.info('Sentinel watching run', { runId: id });
|
|
787
|
-
}
|
|
788
|
-
eventStream.emitStarted(id);
|
|
789
|
-
}
|
|
790
|
-
|
|
791
|
-
// Emit events to SSE connections
|
|
792
|
-
const connections = sseConnections.get(id);
|
|
793
|
-
if (connections) {
|
|
794
|
-
connections.forEach(connection => {
|
|
795
|
-
connection.write(`event: log\ndata: ${JSON.stringify({
|
|
796
|
-
type: 'run_started',
|
|
797
|
-
runId: id,
|
|
798
|
-
status: 'running',
|
|
799
|
-
timestamp: new Date().toISOString()
|
|
800
|
-
})}\n\n`);
|
|
801
|
-
sseMessagesTotal.inc();
|
|
802
|
-
});
|
|
803
|
-
}
|
|
804
|
-
|
|
805
|
-
// Fallback to setTimeout for synchronous execution
|
|
806
|
-
const runStartTime = Date.now();
|
|
807
|
-
setTimeout(async () => {
|
|
808
|
-
const currentRun = await getStore().getRunById(id);
|
|
809
|
-
if (currentRun && currentRun.status === 'running') {
|
|
810
|
-
const runDuration = (Date.now() - runStartTime) / 1000;
|
|
811
|
-
await getStore().updateRunStatus(id, 'completed', {
|
|
812
|
-
completedAt: new Date().toISOString(),
|
|
813
|
-
output: { result: 'Run completed successfully' },
|
|
814
|
-
logs: [
|
|
815
|
-
...(currentRun.logs || []),
|
|
816
|
-
{
|
|
817
|
-
timestamp: new Date().toISOString(),
|
|
818
|
-
level: 'info',
|
|
819
|
-
message: 'Run completed'
|
|
820
|
-
}
|
|
821
|
-
]
|
|
822
|
-
});
|
|
823
|
-
|
|
824
|
-
runsCompleted.inc({ status: 'completed' });
|
|
825
|
-
runsDuration.observe({ status: 'completed' }, runDuration);
|
|
826
|
-
runsActive.dec();
|
|
827
|
-
|
|
828
|
-
const eventStream = sentinelEventStreams.get(id);
|
|
829
|
-
if (eventStream) {
|
|
830
|
-
eventStream.emitFinish(id, 'ok');
|
|
831
|
-
}
|
|
832
|
-
|
|
833
|
-
sentinelEventStreams.delete(id);
|
|
834
|
-
|
|
835
|
-
const connections = sseConnections.get(id);
|
|
836
|
-
if (connections) {
|
|
837
|
-
connections.forEach(connection => {
|
|
838
|
-
connection.write(`event: end\ndata: ${JSON.stringify({
|
|
839
|
-
type: 'run_completed',
|
|
840
|
-
runId: id,
|
|
841
|
-
status: 'completed',
|
|
842
|
-
timestamp: new Date().toISOString()
|
|
843
|
-
})}\n\n`);
|
|
844
|
-
sseMessagesTotal.inc();
|
|
845
|
-
});
|
|
846
|
-
}
|
|
847
|
-
}
|
|
848
|
-
}, 3000);
|
|
849
|
-
|
|
850
|
-
logger.info('Run started (synchronous)', { runId: id });
|
|
851
|
-
|
|
852
|
-
return {
|
|
853
|
-
success: true,
|
|
854
|
-
run: updatedRun,
|
|
855
|
-
queued: false
|
|
856
|
-
};
|
|
857
|
-
}
|
|
858
|
-
});
|
|
859
|
-
|
|
860
|
-
// Cancel/kill run endpoint (requires auth) - Sentinel kill switch
|
|
861
|
-
fastify.post('/api/runs/:id/cancel', {
|
|
862
|
-
preHandler: [requireAuth, writeRateLimit, validateParams(runIdParamSchema)],
|
|
863
|
-
}, async (request, reply) => {
|
|
864
|
-
const { id } = request.params as { id: string };
|
|
865
|
-
const body = request.body as { reason?: string };
|
|
866
|
-
const run = await getStore().getRunById(id);
|
|
867
|
-
|
|
868
|
-
if (!run) {
|
|
869
|
-
return reply.status(404).send({ error: 'Run not found' });
|
|
870
|
-
}
|
|
871
|
-
|
|
872
|
-
const logger = (request as any).logger || baseLogger;
|
|
873
|
-
const reason = body.reason || 'manual_cancellation';
|
|
874
|
-
|
|
875
|
-
if (isTerminalRunStatus(run.status)) {
|
|
876
|
-
return {
|
|
877
|
-
success: true,
|
|
878
|
-
idempotent: true,
|
|
879
|
-
runId: id,
|
|
880
|
-
status: run.status,
|
|
881
|
-
message: `Run already ${run.status}`,
|
|
882
|
-
};
|
|
883
|
-
}
|
|
884
|
-
|
|
885
|
-
try {
|
|
886
|
-
if (sentinel.isEnabled()) {
|
|
887
|
-
sentinel.syncExternalKill(id, reason);
|
|
888
|
-
} else {
|
|
889
|
-
const eventStream = sentinelEventStreams.get(id);
|
|
890
|
-
eventStream?.emitFinish(id, 'canceled');
|
|
891
|
-
}
|
|
892
|
-
|
|
893
|
-
const result = await applyRunKill(id, reason);
|
|
894
|
-
|
|
895
|
-
return {
|
|
896
|
-
success: true,
|
|
897
|
-
idempotent: result.idempotent,
|
|
898
|
-
message: result.idempotent ? 'Run already terminal' : 'Run canceled successfully',
|
|
899
|
-
runId: id,
|
|
900
|
-
status: result.status,
|
|
901
|
-
};
|
|
902
|
-
} catch (error) {
|
|
903
|
-
logger.error('Failed to cancel run', {
|
|
904
|
-
runId: id,
|
|
905
|
-
error: error instanceof Error ? error.message : String(error)
|
|
906
|
-
});
|
|
907
|
-
return reply.status(500).send({
|
|
908
|
-
error: 'Failed to cancel run',
|
|
909
|
-
message: error instanceof Error ? error.message : String(error)
|
|
910
|
-
});
|
|
911
|
-
}
|
|
912
|
-
});
|
|
913
|
-
|
|
914
|
-
// SSE endpoint for run logs - TOLERANT of pre-run subscriptions (requires auth)
|
|
915
|
-
fastify.get('/api/runs/:id/logs/stream', {
|
|
916
|
-
preHandler: [requireAuth, readRateLimit, validateParams(runIdParamSchema)],
|
|
917
|
-
}, async (request, reply) => {
|
|
918
|
-
const { id } = request.params as { id: string };
|
|
919
|
-
const run = await getStore().getRunById(id);
|
|
920
|
-
|
|
921
|
-
// Don't 404 if run doesn't exist - keep connection open for pre-run subscriptions
|
|
922
|
-
reply.raw.writeHead(200, {
|
|
923
|
-
'Content-Type': 'text/event-stream',
|
|
924
|
-
'Cache-Control': 'no-cache',
|
|
925
|
-
'Connection': 'keep-alive',
|
|
926
|
-
'Access-Control-Allow-Origin': '*'
|
|
927
|
-
});
|
|
928
|
-
|
|
929
|
-
// Track this connection
|
|
930
|
-
if (!sseConnections.has(id)) {
|
|
931
|
-
sseConnections.set(id, new Set());
|
|
932
|
-
}
|
|
933
|
-
sseConnections.get(id)!.add(reply.raw);
|
|
934
|
-
sseConnectionsOpened.inc();
|
|
935
|
-
sseActiveConnections.inc();
|
|
936
|
-
sseMessagesTotal.inc();
|
|
937
|
-
|
|
938
|
-
let messageId = 1;
|
|
939
|
-
const lastEventId = request.headers['last-event-id'];
|
|
940
|
-
if (lastEventId && !isNaN(Number(lastEventId))) {
|
|
941
|
-
messageId = Number(lastEventId) + 1;
|
|
942
|
-
}
|
|
943
|
-
|
|
944
|
-
const sendEvent = (data: any) => {
|
|
945
|
-
reply.raw.write(`id: ${messageId++}\n`);
|
|
946
|
-
reply.raw.write(`data: ${JSON.stringify(data)}\n\n`);
|
|
947
|
-
sseMessagesTotal.inc();
|
|
948
|
-
};
|
|
949
|
-
|
|
950
|
-
// Send initial connection event
|
|
951
|
-
sendEvent({
|
|
952
|
-
type: 'connected',
|
|
953
|
-
runId: id,
|
|
954
|
-
timestamp: new Date().toISOString()
|
|
955
|
-
});
|
|
956
|
-
|
|
957
|
-
// Send heartbeat every 15 seconds to keep connection alive
|
|
958
|
-
const heartbeatInterval = setInterval(() => {
|
|
959
|
-
reply.raw.write(': keepalive\n\n');
|
|
960
|
-
}, 15000);
|
|
961
|
-
|
|
962
|
-
// Send run status updates every 5 seconds (if run exists)
|
|
963
|
-
const statusInterval = setInterval(async () => {
|
|
964
|
-
const currentRun = await getStore().getRunById(id);
|
|
965
|
-
if (currentRun) {
|
|
966
|
-
sendEvent({
|
|
967
|
-
type: 'status_update',
|
|
968
|
-
runId: id,
|
|
969
|
-
status: currentRun.status,
|
|
970
|
-
timestamp: new Date().toISOString()
|
|
971
|
-
});
|
|
972
|
-
}
|
|
973
|
-
}, 5000);
|
|
974
|
-
|
|
975
|
-
// Clean up on disconnect
|
|
976
|
-
request.raw.on('close', () => {
|
|
977
|
-
clearInterval(heartbeatInterval);
|
|
978
|
-
clearInterval(statusInterval);
|
|
979
|
-
|
|
980
|
-
// Remove from tracking
|
|
981
|
-
const connections = sseConnections.get(id);
|
|
982
|
-
if (connections) {
|
|
983
|
-
connections.delete(reply.raw);
|
|
984
|
-
sseConnectionsClosed.inc();
|
|
985
|
-
sseActiveConnections.dec();
|
|
986
|
-
if (connections.size === 0) {
|
|
987
|
-
sseConnections.delete(id);
|
|
988
|
-
}
|
|
989
|
-
}
|
|
990
|
-
});
|
|
991
|
-
});
|
|
992
|
-
|
|
993
|
-
// SSE endpoint for S2 harness pattern (without run ID)
|
|
994
|
-
fastify.get(
|
|
995
|
-
'/api/runs/logs/stream',
|
|
996
|
-
{
|
|
997
|
-
...(!isLocalBind && { preHandler: [requireAuth, readRateLimit] }),
|
|
998
|
-
},
|
|
999
|
-
async (request, reply) => {
|
|
1000
|
-
// Don't 404 - keep connection open for S2 harness
|
|
1001
|
-
reply.raw.writeHead(200, {
|
|
1002
|
-
'Content-Type': 'text/event-stream',
|
|
1003
|
-
'Cache-Control': 'no-cache',
|
|
1004
|
-
'Connection': 'keep-alive',
|
|
1005
|
-
'Access-Control-Allow-Origin': '*'
|
|
1006
|
-
});
|
|
1007
|
-
|
|
1008
|
-
// Track this connection with a generic ID
|
|
1009
|
-
const genericId = 's2-harness-generic';
|
|
1010
|
-
if (!sseConnections.has(genericId)) {
|
|
1011
|
-
sseConnections.set(genericId, new Set());
|
|
1012
|
-
}
|
|
1013
|
-
sseConnections.get(genericId)!.add(reply.raw);
|
|
1014
|
-
sseConnectionsOpened.inc();
|
|
1015
|
-
sseActiveConnections.inc();
|
|
1016
|
-
sseMessagesTotal.inc();
|
|
1017
|
-
|
|
1018
|
-
let messageId = 1;
|
|
1019
|
-
const lastEventId = request.headers['last-event-id'];
|
|
1020
|
-
if (lastEventId && !isNaN(Number(lastEventId))) {
|
|
1021
|
-
messageId = Number(lastEventId) + 1;
|
|
1022
|
-
}
|
|
1023
|
-
|
|
1024
|
-
const sendEvent = (data: any) => {
|
|
1025
|
-
reply.raw.write(`id: ${messageId++}\n`);
|
|
1026
|
-
reply.raw.write(`data: ${JSON.stringify(data)}\n\n`);
|
|
1027
|
-
sseMessagesTotal.inc();
|
|
1028
|
-
};
|
|
1029
|
-
|
|
1030
|
-
// Send initial connection event
|
|
1031
|
-
sendEvent({
|
|
1032
|
-
type: 'connected',
|
|
1033
|
-
timestamp: new Date().toISOString()
|
|
1034
|
-
});
|
|
1035
|
-
|
|
1036
|
-
// Send heartbeat every 15 seconds to keep connection alive
|
|
1037
|
-
const heartbeatInterval = setInterval(() => {
|
|
1038
|
-
reply.raw.write(': keepalive\n\n');
|
|
1039
|
-
}, 15000);
|
|
1040
|
-
|
|
1041
|
-
// Clean up on disconnect
|
|
1042
|
-
request.raw.on('close', () => {
|
|
1043
|
-
clearInterval(heartbeatInterval);
|
|
1044
|
-
|
|
1045
|
-
// Remove from tracking
|
|
1046
|
-
const connections = sseConnections.get(genericId);
|
|
1047
|
-
if (connections) {
|
|
1048
|
-
connections.delete(reply.raw);
|
|
1049
|
-
sseConnectionsClosed.inc();
|
|
1050
|
-
sseActiveConnections.dec();
|
|
1051
|
-
if (connections.size === 0) {
|
|
1052
|
-
sseConnections.delete(genericId);
|
|
1053
|
-
}
|
|
1054
|
-
}
|
|
1055
|
-
});
|
|
1056
|
-
});
|
|
1057
|
-
|
|
1058
|
-
// Registry publish endpoint (requires auth)
|
|
1059
|
-
fastify.post('/api/registry/publish', {
|
|
1060
|
-
preHandler: [requireAuth, writeRateLimit, validateBody(registryPublishSchema)],
|
|
1061
|
-
}, async (request, reply) => {
|
|
1062
|
-
const body = request.body as any;
|
|
1063
|
-
const logger = (request as any).logger || baseLogger;
|
|
1064
|
-
logger.info('Registry publish', { name: body.name, version: body.version });
|
|
1065
|
-
|
|
1066
|
-
reply.status(201);
|
|
1067
|
-
return {
|
|
1068
|
-
success: true,
|
|
1069
|
-
name: body.name,
|
|
1070
|
-
version: body.version,
|
|
1071
|
-
published_at: new Date().toISOString()
|
|
1072
|
-
};
|
|
1073
|
-
});
|
|
1074
|
-
|
|
1075
|
-
// Safety check endpoint
|
|
1076
|
-
fastify.get(
|
|
1077
|
-
'/api/safety/check',
|
|
1078
|
-
{
|
|
1079
|
-
...(!isLocalBind && { preHandler: [requireAuth, readRateLimit] }),
|
|
1080
|
-
},
|
|
1081
|
-
async (request, reply) => {
|
|
1082
|
-
return {
|
|
1083
|
-
status: 'safe',
|
|
1084
|
-
timestamp: new Date().toISOString()
|
|
1085
|
-
};
|
|
1086
|
-
});
|
|
1087
|
-
|
|
1088
|
-
// Serve Sentinel dashboard
|
|
1089
|
-
fastify.get(
|
|
1090
|
-
'/sentinel/dashboard',
|
|
1091
|
-
{
|
|
1092
|
-
...(!isLocalBind && { preHandler: [requireAuth, readRateLimit] }),
|
|
1093
|
-
},
|
|
1094
|
-
async (request, reply) => {
|
|
1095
|
-
const fs = await import('fs/promises');
|
|
1096
|
-
const path = await import('path');
|
|
1097
|
-
|
|
1098
|
-
try {
|
|
1099
|
-
const dashboardPath = path.join(process.cwd(), 'apps/gateway/public/sentinel-dashboard.html');
|
|
1100
|
-
const html = await fs.readFile(dashboardPath, 'utf-8');
|
|
1101
|
-
return reply.type('text/html').send(html);
|
|
1102
|
-
} catch (error) {
|
|
1103
|
-
return reply.status(404).send({
|
|
1104
|
-
error: 'Dashboard not found',
|
|
1105
|
-
message: 'Sentinel dashboard HTML file not found'
|
|
1106
|
-
});
|
|
1107
|
-
}
|
|
1108
|
-
});
|
|
1109
|
-
|
|
1110
|
-
// Sentinel health endpoint
|
|
1111
|
-
fastify.get(
|
|
1112
|
-
'/sentinel/health',
|
|
1113
|
-
{
|
|
1114
|
-
...(!isLocalBind && { preHandler: [requireAuth, readRateLimit] }),
|
|
1115
|
-
},
|
|
1116
|
-
async (request, reply) => {
|
|
1117
|
-
const sentinelEnabled = env.SENTINEL_ENABLED;
|
|
1118
|
-
const sentinelHealthy = sentinel ? sentinel.isEnabled() : false;
|
|
1119
|
-
|
|
1120
|
-
return {
|
|
1121
|
-
enabled: sentinelEnabled,
|
|
1122
|
-
healthy: sentinelHealthy,
|
|
1123
|
-
timestamp: new Date().toISOString(),
|
|
1124
|
-
status: sentinelHealthy ? 'healthy' : 'disabled',
|
|
1125
|
-
watchedRuns: sentinel ? sentinel.getWatchedRunIds().length : 0
|
|
1126
|
-
};
|
|
1127
|
-
});
|
|
1128
|
-
|
|
1129
|
-
// Sentinel metrics endpoint
|
|
1130
|
-
fastify.get(
|
|
1131
|
-
'/sentinel/metrics',
|
|
1132
|
-
{
|
|
1133
|
-
...(!isLocalBind && { preHandler: [requireAuth, readRateLimit] }),
|
|
1134
|
-
},
|
|
1135
|
-
async (request, reply) => {
|
|
1136
|
-
if (!sentinel) {
|
|
1137
|
-
return {
|
|
1138
|
-
error: 'Sentinel not initialized',
|
|
1139
|
-
timestamp: new Date().toISOString()
|
|
1140
|
-
};
|
|
1141
|
-
}
|
|
1142
|
-
|
|
1143
|
-
const activeRuns = sentinel.getActiveRuns();
|
|
1144
|
-
const watchedRunIds = sentinel.getWatchedRunIds();
|
|
1145
|
-
|
|
1146
|
-
// Calculate real metrics from active runs
|
|
1147
|
-
let totalTokenUsage = 0;
|
|
1148
|
-
let totalCost = 0;
|
|
1149
|
-
let totalEvents = 0;
|
|
1150
|
-
const killReasons: Record<string, number> = {};
|
|
1151
|
-
const policyViolations: Record<string, number> = {};
|
|
1152
|
-
|
|
1153
|
-
// Aggregate data from all active runs
|
|
1154
|
-
for (const runState of activeRuns) {
|
|
1155
|
-
totalTokenUsage += runState.tokenCount;
|
|
1156
|
-
totalCost += runState.cost || 0;
|
|
1157
|
-
totalEvents += runState.events.length;
|
|
1158
|
-
|
|
1159
|
-
if (runState.killReason) {
|
|
1160
|
-
const reason = runState.killReason.split(':')[0]; // Extract policy name
|
|
1161
|
-
if (reason) {
|
|
1162
|
-
killReasons[reason] = (killReasons[reason] || 0) + 1;
|
|
1163
|
-
}
|
|
1164
|
-
|
|
1165
|
-
// Get policy violations for this run
|
|
1166
|
-
const violations = sentinel.getPolicyViolations(runState.runId);
|
|
1167
|
-
for (const violation of violations) {
|
|
1168
|
-
policyViolations[violation.policy] = (policyViolations[violation.policy] || 0) + 1;
|
|
1169
|
-
}
|
|
1170
|
-
}
|
|
1171
|
-
}
|
|
1172
|
-
|
|
1173
|
-
// Calculate average latency (time from start to now for active runs)
|
|
1174
|
-
let totalLatency = 0;
|
|
1175
|
-
let latencyCount = 0;
|
|
1176
|
-
for (const runState of activeRuns) {
|
|
1177
|
-
if (runState.startedAt) {
|
|
1178
|
-
totalLatency += Date.now() - runState.startedAt;
|
|
1179
|
-
latencyCount++;
|
|
1180
|
-
}
|
|
1181
|
-
}
|
|
1182
|
-
const avgLatency = latencyCount > 0 ? Math.round(totalLatency / latencyCount) : 0;
|
|
1183
|
-
|
|
1184
|
-
// Get all watched runs (including finished ones in buffer)
|
|
1185
|
-
const allRuns = activeRuns.length;
|
|
1186
|
-
|
|
1187
|
-
const config = sentinel.getConfig();
|
|
1188
|
-
|
|
1189
|
-
return {
|
|
1190
|
-
// Status
|
|
1191
|
-
enabled: config.enabled,
|
|
1192
|
-
healthy: true,
|
|
1193
|
-
|
|
1194
|
-
// Real-time metrics
|
|
1195
|
-
activeRuns: allRuns,
|
|
1196
|
-
watchedRuns: watchedRunIds.length,
|
|
1197
|
-
totalEvents,
|
|
1198
|
-
totalTokenUsage,
|
|
1199
|
-
totalCost: parseFloat(totalCost.toFixed(4)),
|
|
1200
|
-
avgLatency,
|
|
1201
|
-
|
|
1202
|
-
// Policy violations
|
|
1203
|
-
policyViolations,
|
|
1204
|
-
totalViolations: Object.values(policyViolations).reduce((sum, count) => sum + count, 0),
|
|
1205
|
-
|
|
1206
|
-
// Kill statistics
|
|
1207
|
-
killReasons,
|
|
1208
|
-
totalKills: Object.values(killReasons).reduce((sum, count) => sum + count, 0),
|
|
1209
|
-
|
|
1210
|
-
// Configuration
|
|
1211
|
-
config: config,
|
|
1212
|
-
|
|
1213
|
-
// Legacy placeholders (for backward compatibility)
|
|
1214
|
-
totalSpans: 0, // Not implemented yet
|
|
1215
|
-
totalVerdicts: 0, // Not implemented yet
|
|
1216
|
-
flaggedHallucinations: 0, // Not implemented yet
|
|
1217
|
-
flaggedInjections: 0, // Not implemented yet
|
|
1218
|
-
flaggedPII: 0, // Not implemented yet
|
|
1219
|
-
|
|
1220
|
-
timestamp: new Date().toISOString()
|
|
1221
|
-
};
|
|
1222
|
-
});
|
|
1223
|
-
|
|
1224
|
-
// Privacy toggle endpoint (requires auth)
|
|
1225
|
-
fastify.post('/api/privacy/toggle', {
|
|
1226
|
-
preHandler: [requireAuth, writeRateLimit, validateBody(privacyToggleSchema)],
|
|
1227
|
-
}, async (request, reply) => {
|
|
1228
|
-
const body = request.body as any;
|
|
1229
|
-
const logger = (request as any).logger || baseLogger;
|
|
1230
|
-
logger.info('Privacy toggle', { storePlain: body.storePlain });
|
|
1231
|
-
|
|
1232
|
-
return {
|
|
1233
|
-
success: true,
|
|
1234
|
-
storePlain: body.storePlain,
|
|
1235
|
-
updated_at: new Date().toISOString()
|
|
1236
|
-
};
|
|
1237
|
-
});
|
|
1238
|
-
|
|
1239
|
-
// Demo run endpoint for testing
|
|
1240
|
-
fastify.post(
|
|
1241
|
-
'/api/diagnostics/emit-demo-run',
|
|
1242
|
-
{
|
|
1243
|
-
...(!isLocalBind && { preHandler: [requireAuth, writeRateLimit] }),
|
|
1244
|
-
},
|
|
1245
|
-
async (request, reply) => {
|
|
1246
|
-
const runId = `demo-run-${Date.now()}`;
|
|
1247
|
-
const logger = (request as any).logger || baseLogger;
|
|
1248
|
-
logger.info('Demo run created', { runId });
|
|
1249
|
-
|
|
1250
|
-
return {
|
|
1251
|
-
success: true,
|
|
1252
|
-
runId,
|
|
1253
|
-
message: 'Demo run created successfully'
|
|
1254
|
-
};
|
|
1255
|
-
});
|
|
1256
|
-
|
|
1257
|
-
// SSE test endpoint
|
|
1258
|
-
fastify.get(
|
|
1259
|
-
'/diagnostics/sse-test',
|
|
1260
|
-
{
|
|
1261
|
-
...(!isLocalBind && { preHandler: [requireAuth, readRateLimit] }),
|
|
1262
|
-
},
|
|
1263
|
-
async (request, reply) => {
|
|
1264
|
-
reply.raw.writeHead(200, {
|
|
1265
|
-
'Content-Type': 'text/event-stream',
|
|
1266
|
-
'Cache-Control': 'no-cache',
|
|
1267
|
-
'Connection': 'keep-alive',
|
|
1268
|
-
'Access-Control-Allow-Origin': '*'
|
|
1269
|
-
});
|
|
1270
|
-
|
|
1271
|
-
const sendEvent = (data: any) => {
|
|
1272
|
-
reply.raw.write(`data: ${JSON.stringify(data)}\n\n`);
|
|
1273
|
-
};
|
|
1274
|
-
|
|
1275
|
-
// Send test events every 2 seconds
|
|
1276
|
-
const interval = setInterval(() => {
|
|
1277
|
-
sendEvent({
|
|
1278
|
-
type: 'test',
|
|
1279
|
-
timestamp: new Date().toISOString(),
|
|
1280
|
-
message: 'SSE test event'
|
|
1281
|
-
});
|
|
1282
|
-
}, 2000);
|
|
1283
|
-
|
|
1284
|
-
// Clean up on disconnect
|
|
1285
|
-
request.raw.on('close', () => {
|
|
1286
|
-
clearInterval(interval);
|
|
1287
|
-
});
|
|
1288
|
-
});
|
|
1289
|
-
|
|
1290
|
-
// Debug endpoint for logs (memory mode only)
|
|
1291
|
-
if (isMemoryMode) {
|
|
1292
|
-
fastify.get('/debug/logs', async (request, reply) => {
|
|
1293
|
-
const limit = parseInt((request.query as any)?.limit || '50', 10);
|
|
1294
|
-
const logs = memoryLogger.getLogs(limit);
|
|
1295
|
-
return {
|
|
1296
|
-
logs,
|
|
1297
|
-
count: logs.length,
|
|
1298
|
-
mode: 'memory'
|
|
1299
|
-
};
|
|
1300
|
-
});
|
|
1301
|
-
|
|
1302
|
-
fastify.get('/debug/blocked-writes', async (request, reply) => {
|
|
1303
|
-
const warnings = getBlockedWarnings();
|
|
1304
|
-
return {
|
|
1305
|
-
blockedWrites: warnings,
|
|
1306
|
-
count: warnings.length,
|
|
1307
|
-
mode: 'memory'
|
|
1308
|
-
};
|
|
1309
|
-
});
|
|
1310
|
-
}
|
|
1311
|
-
|
|
1312
|
-
// Start server
|
|
1313
|
-
const start = async () => {
|
|
1314
|
-
try {
|
|
1315
|
-
// Validate secrets configuration on startup
|
|
1316
|
-
logSecurityValidation();
|
|
1317
|
-
logShieldConfigValidation(shield, env.SENTINEL_SHIELD_MODE, env.NODE_ENV);
|
|
1318
|
-
|
|
1319
|
-
setCancelAdapter(createGatewayCancelAdapter());
|
|
1320
|
-
setPolicyViolationPublisher((violation) => {
|
|
1321
|
-
publishSentinelPolicyViolationFireAndForget(violation.runId, {
|
|
1322
|
-
policy: violation.policy,
|
|
1323
|
-
reason: violation.reason,
|
|
1324
|
-
threshold: violation.threshold,
|
|
1325
|
-
actual: violation.actual,
|
|
1326
|
-
action: 'deny',
|
|
1327
|
-
});
|
|
1328
|
-
});
|
|
1329
|
-
setRunKillSideEffects({
|
|
1330
|
-
decRunsActive: () => runsActive.dec(),
|
|
1331
|
-
getSseConnections: (runId) => sseConnections.get(runId),
|
|
1332
|
-
onSseMessage: () => sseMessagesTotal.inc(),
|
|
1333
|
-
deleteEventStream: (runId) => { sentinelEventStreams.delete(runId); },
|
|
1334
|
-
});
|
|
1335
|
-
|
|
1336
|
-
// Initialize queue system (non-blocking)
|
|
1337
|
-
// Queue will fall back to synchronous execution if Redis is not available
|
|
1338
|
-
const queue = await initializeQueue();
|
|
1339
|
-
if (queue) {
|
|
1340
|
-
queueInitialized = true;
|
|
1341
|
-
// Set processor context for queue workers (including SSE connections)
|
|
1342
|
-
setProcessorContext(sentinelEventStreams, sentinel, shield, sseConnections, sseMessagesTotal);
|
|
1343
|
-
baseLogger.info('Queue system initialized successfully');
|
|
1344
|
-
} else {
|
|
1345
|
-
baseLogger.warn('Queue system not available (Redis required). Using synchronous execution.');
|
|
1346
|
-
}
|
|
1347
|
-
|
|
1348
|
-
// Initialize Prisma if in postgres mode (non-blocking)
|
|
1349
|
-
// Don't fail startup if Prisma client isn't generated yet
|
|
1350
|
-
if (persistenceMode === 'postgres') {
|
|
1351
|
-
// Run Prisma connection in background, don't block startup
|
|
1352
|
-
Promise.resolve().then(async () => {
|
|
1353
|
-
try {
|
|
1354
|
-
const { getPrismaClient } = await import('./db/prisma.js');
|
|
1355
|
-
const prisma = await getPrismaClient();
|
|
1356
|
-
// Test connection
|
|
1357
|
-
await prisma.$connect();
|
|
1358
|
-
baseLogger.info('Connected to PostgreSQL database');
|
|
1359
|
-
} catch (err: any) {
|
|
1360
|
-
// Log error but don't crash - Prisma client may not be generated yet
|
|
1361
|
-
if (err?.code === 'MODULE_NOT_FOUND' || err?.message?.includes('Cannot find module')) {
|
|
1362
|
-
baseLogger.warn('Prisma client not generated yet. Run: pnpm db:generate');
|
|
1363
|
-
baseLogger.warn('Gateway will start in degraded mode until Prisma client is generated.');
|
|
1364
|
-
} else {
|
|
1365
|
-
baseLogger.error('Failed to connect to PostgreSQL:', err?.message || err);
|
|
1366
|
-
if (env.NODE_ENV === 'production') {
|
|
1367
|
-
baseLogger.error('Production mode: database connection required');
|
|
1368
|
-
} else {
|
|
1369
|
-
baseLogger.warn('Continuing in degraded mode (no database)');
|
|
1370
|
-
}
|
|
1371
|
-
}
|
|
1372
|
-
}
|
|
1373
|
-
}).catch((err) => {
|
|
1374
|
-
// Silently handle promise rejection - already logged above
|
|
1375
|
-
baseLogger.warn('Prisma initialization failed, continuing without database');
|
|
1376
|
-
});
|
|
1377
|
-
}
|
|
1378
|
-
|
|
1379
|
-
// MFA: Multi-Factor Authentication Routes
|
|
1380
|
-
baseLogger.info('=== STARTING MFA/GDPR ROUTE REGISTRATION ===');
|
|
1381
|
-
baseLogger.info('About to attempt MFA route registration...');
|
|
1382
|
-
try {
|
|
1383
|
-
// Check if dependencies are available before importing
|
|
1384
|
-
try {
|
|
1385
|
-
await import('otplib');
|
|
1386
|
-
await import('qrcode');
|
|
1387
|
-
} catch (depError) {
|
|
1388
|
-
baseLogger.warn('MFA dependencies not available, skipping MFA routes', {
|
|
1389
|
-
error: depError instanceof Error ? depError.message : String(depError)
|
|
1390
|
-
});
|
|
1391
|
-
throw new Error('MFA dependencies not installed');
|
|
1392
|
-
}
|
|
1393
|
-
|
|
1394
|
-
baseLogger.info('Attempting to register MFA routes...');
|
|
1395
|
-
baseLogger.info('Calling mfaRoutes function...');
|
|
1396
|
-
await mfaRoutes(fastify);
|
|
1397
|
-
baseLogger.info('MFA routes registered successfully');
|
|
1398
|
-
} catch (error) {
|
|
1399
|
-
baseLogger.error('MFA routes registration failed', {
|
|
1400
|
-
error: error instanceof Error ? error.message : String(error),
|
|
1401
|
-
stack: error instanceof Error ? error.stack : undefined,
|
|
1402
|
-
name: error instanceof Error ? error.name : typeof error
|
|
1403
|
-
});
|
|
1404
|
-
// Don't fail startup, but log the error
|
|
1405
|
-
}
|
|
1406
|
-
|
|
1407
|
-
// GDPR: Compliance Routes
|
|
1408
|
-
baseLogger.info('About to attempt GDPR route registration...');
|
|
1409
|
-
try {
|
|
1410
|
-
baseLogger.info('Attempting to register GDPR routes...');
|
|
1411
|
-
baseLogger.info('Calling gdprRoutes function...');
|
|
1412
|
-
await gdprRoutes(fastify);
|
|
1413
|
-
baseLogger.info('GDPR routes registered successfully');
|
|
1414
|
-
} catch (error) {
|
|
1415
|
-
baseLogger.error('GDPR routes registration failed', {
|
|
1416
|
-
error: error instanceof Error ? error.message : String(error),
|
|
1417
|
-
stack: error instanceof Error ? error.stack : undefined,
|
|
1418
|
-
name: error instanceof Error ? error.name : typeof error
|
|
1419
|
-
});
|
|
1420
|
-
// Don't fail startup, but log the error
|
|
1421
|
-
}
|
|
1422
|
-
|
|
1423
|
-
await fastify.listen({
|
|
1424
|
-
port: PORT,
|
|
1425
|
-
host: HOST
|
|
1426
|
-
});
|
|
1427
|
-
baseLogger.info(`Gateway server listening on ${HOST}:${PORT}`);
|
|
1428
|
-
baseLogger.info(`Persistence mode: ${persistenceMode}`);
|
|
1429
|
-
baseLogger.info(`Authentication: ${env.AUTH_ENABLED ? 'enabled' : 'disabled'}`);
|
|
1430
|
-
|
|
1431
|
-
if (persistenceMode !== 'memory') {
|
|
1432
|
-
const { enforceRunRetention, getRunRetentionConfig } = await import('./runs/run-retention.js');
|
|
1433
|
-
const retentionCfg = getRunRetentionConfig();
|
|
1434
|
-
if (retentionCfg.enabled) {
|
|
1435
|
-
baseLogger.info('Run retention enabled', {
|
|
1436
|
-
maxCount: retentionCfg.maxCount,
|
|
1437
|
-
maxAgeDays: retentionCfg.maxAgeDays,
|
|
1438
|
-
});
|
|
1439
|
-
enforceRunRetention(retentionCfg).catch((err: unknown) => {
|
|
1440
|
-
baseLogger.warn('Startup run retention failed', {
|
|
1441
|
-
error: err instanceof Error ? err.message : String(err),
|
|
1442
|
-
});
|
|
1443
|
-
});
|
|
1444
|
-
}
|
|
1445
|
-
}
|
|
1446
|
-
|
|
1447
|
-
if (persistenceMode === 'memory') {
|
|
1448
|
-
baseLogger.warn('[Gateway] Running in NO-PERSISTENCE / MEMORY mode. All state is ephemeral.');
|
|
1449
|
-
} else if (persistenceMode === 'postgres') {
|
|
1450
|
-
baseLogger.info('[Gateway] PostgreSQL mode enabled. Generate Prisma client with: pnpm db:generate');
|
|
1451
|
-
}
|
|
1452
|
-
} catch (err) {
|
|
1453
|
-
baseLogger.error('Error starting server:', err);
|
|
1454
|
-
process.exit(1);
|
|
1455
|
-
}
|
|
1456
|
-
};
|
|
1457
|
-
|
|
1458
|
-
// Graceful shutdown
|
|
1459
|
-
const shutdown = async () => {
|
|
1460
|
-
baseLogger.info('Shutting down gateway...');
|
|
1461
|
-
try {
|
|
1462
|
-
// Close Fastify server first to stop accepting new connections
|
|
1463
|
-
baseLogger.info('Closing Fastify server...');
|
|
1464
|
-
await fastify.close();
|
|
1465
|
-
|
|
1466
|
-
// Shutdown queue system (let jobs complete)
|
|
1467
|
-
if (queueInitialized) {
|
|
1468
|
-
baseLogger.info('Shutting down queue...');
|
|
1469
|
-
await shutdownQueue();
|
|
1470
|
-
}
|
|
1471
|
-
|
|
1472
|
-
// Shutdown Sentinel
|
|
1473
|
-
if (sentinel) {
|
|
1474
|
-
baseLogger.info('Shutting down Sentinel...');
|
|
1475
|
-
sentinel.shutdown();
|
|
1476
|
-
}
|
|
1477
|
-
|
|
1478
|
-
// Disconnect databases
|
|
1479
|
-
baseLogger.info('Disconnecting databases...');
|
|
1480
|
-
await shutdownDatabase(dbClient, baseLogger);
|
|
1481
|
-
await disconnectPrisma();
|
|
1482
|
-
await disconnectRedis();
|
|
1483
|
-
|
|
1484
|
-
baseLogger.info('Gateway shut down successfully');
|
|
1485
|
-
process.exit(0);
|
|
1486
|
-
} catch (err) {
|
|
1487
|
-
baseLogger.error('Error during shutdown:', err);
|
|
1488
|
-
process.exit(1);
|
|
1489
|
-
}
|
|
1490
|
-
};
|
|
1491
|
-
|
|
1492
|
-
// Handle uncaught errors
|
|
1493
|
-
process.on('uncaughtException', (err) => {
|
|
1494
|
-
baseLogger.error('Uncaught exception:', err);
|
|
1495
|
-
shutdown();
|
|
1496
|
-
});
|
|
1497
|
-
|
|
1498
|
-
process.on('unhandledRejection', (reason, promise) => {
|
|
1499
|
-
baseLogger.error('Unhandled rejection:', { reason, promise });
|
|
1500
|
-
shutdown();
|
|
1501
|
-
});
|
|
1502
|
-
|
|
1503
|
-
process.on('SIGTERM', shutdown);
|
|
1504
|
-
process.on('SIGINT', shutdown);
|
|
1505
|
-
|
|
1506
|
-
start();
|