npm - @aigne/afs-session - Versions diffs - 1.11.0-beta.6 - Mend

@aigne/afs-session 1.11.0-beta.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,1345 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import * as crypto from "node:crypto";
+//#region src/protocol/types.ts
+/**
+* Protocol constants
+*/
+const HEADER_SIZE = 9;
+const MAX_PAYLOAD_SIZE = 16 * 1024 * 1024;
+const MAX_JSON_DEPTH = 100;
+const MAX_JSON_SIZE = 1 * 1024 * 1024;
+const MAX_UINT32 = 4294967295;
+/**
+* Frame types
+*/
+let FrameType = /* @__PURE__ */ function(FrameType) {
+	FrameType[FrameType["JSON"] = 1] = "JSON";
+	FrameType[FrameType["Binary"] = 2] = "Binary";
+	return FrameType;
+}({});
+/**
+* Protocol errors
+*/
+var ProtocolError = class extends Error {
+	constructor(code, message) {
+		super(message);
+		this.code = code;
+		this.name = "ProtocolError";
+	}
+};
+var PayloadTooLargeError = class extends ProtocolError {
+	constructor(size) {
+		super("payload_too_large", `Payload size ${size} exceeds maximum ${MAX_PAYLOAD_SIZE}`);
+		this.name = "PayloadTooLargeError";
+	}
+};
+var InvalidPayloadError = class extends ProtocolError {
+	constructor(message) {
+		super("invalid_payload", message);
+		this.name = "InvalidPayloadError";
+	}
+};
+var InvalidFrameTypeError = class extends ProtocolError {
+	constructor(type) {
+		super("invalid_frame_type", `Invalid frame type: 0x${type.toString(16).padStart(2, "0")}`);
+		this.name = "InvalidFrameTypeError";
+	}
+};
+var InvalidReqIdError = class extends ProtocolError {
+	constructor(reqId) {
+		super("invalid_req_id", `Invalid request ID: ${reqId} (must be 0-${MAX_UINT32})`);
+		this.name = "InvalidReqIdError";
+	}
+};
+var IncompleteFrameError = class extends ProtocolError {
+	constructor(message) {
+		super("incomplete_frame", message);
+		this.name = "IncompleteFrameError";
+	}
+};
+//#endregion
+//#region src/protocol/frame.ts
+/**
+* Validates frame type.
+*/
+function isValidFrameType(type) {
+	return type === FrameType.JSON || type === FrameType.Binary;
+}
+/**
+* Encodes a frame with the given type, request ID, and payload.
+*
+* Frame structure (big-endian):
+* - Length (4 bytes): payload length
+* - Type (1 byte): frame type
+* - ReqId (4 bytes): request ID
+* - Payload (variable): actual data
+*
+* @param type Frame type (JSON or Binary)
+* @param reqId Request ID (0 for events, >0 for request/response)
+* @param payload The payload data
+* @returns Encoded frame as Uint8Array
+*/
+function encodeFrame(type, reqId, payload) {
+	if (payload == null) throw new InvalidPayloadError("Payload cannot be null or undefined");
+	if (payload.length > MAX_PAYLOAD_SIZE) throw new PayloadTooLargeError(payload.length);
+	if (!isValidFrameType(type)) throw new InvalidFrameTypeError(type);
+	if (reqId < 0 || reqId > MAX_UINT32 || !Number.isInteger(reqId)) throw new InvalidReqIdError(reqId);
+	const frame = new Uint8Array(HEADER_SIZE + payload.length);
+	const view = new DataView(frame.buffer, frame.byteOffset);
+	view.setUint32(0, payload.length);
+	view.setUint8(4, type);
+	view.setUint32(5, reqId);
+	frame.set(payload, HEADER_SIZE);
+	return frame;
+}
+/**
+* Decodes a frame from a buffer.
+*
+* @param buffer The buffer containing the frame data
+* @returns Object containing the decoded frame and any remaining bytes
+* @throws IncompleteFrameError if buffer doesn't contain a complete frame
+* @throws InvalidFrameTypeError if frame type is invalid
+* @throws PayloadTooLargeError if payload length exceeds maximum
+*/
+function decodeFrame(buffer) {
+	if (buffer.length < HEADER_SIZE) throw new IncompleteFrameError(`Buffer too small: ${buffer.length} bytes, need at least ${HEADER_SIZE}`);
+	const view = new DataView(buffer.buffer, buffer.byteOffset);
+	const length = view.getUint32(0);
+	const type = view.getUint8(4);
+	const reqId = view.getUint32(5);
+	if (length > MAX_PAYLOAD_SIZE) throw new PayloadTooLargeError(length);
+	if (!isValidFrameType(type)) throw new InvalidFrameTypeError(type);
+	const totalSize = HEADER_SIZE + length;
+	if (buffer.length < totalSize) throw new IncompleteFrameError(`Incomplete frame: have ${buffer.length} bytes, need ${totalSize}`);
+	const payload = buffer.slice(HEADER_SIZE, totalSize);
+	const remaining = buffer.slice(totalSize);
+	return {
+		frame: {
+			type,
+			reqId,
+			payload
+		},
+		remaining
+	};
+}
+//#endregion
+//#region src/protocol/frame-decoder.ts
+/**
+* Error thrown when pending buffer exceeds maximum size
+*/
+var BufferOverflowError = class extends ProtocolError {
+	constructor(size, maxSize) {
+		super("buffer_overflow", `Pending buffer size ${size} exceeds maximum ${maxSize}`);
+		this.name = "BufferOverflowError";
+	}
+};
+/**
+* Streaming frame decoder that handles:
+* - Partial frames across multiple pushes (拆包)
+* - Multiple frames in single push (粘包)
+* - Buffer overflow protection (security)
+*/
+var FrameDecoder = class {
+	buffer = new Uint8Array(0);
+	maxPendingSize;
+	constructor(options) {
+		this.maxPendingSize = options?.maxPendingSize ?? MAX_PAYLOAD_SIZE + HEADER_SIZE;
+	}
+	/**
+	* Push data into the decoder and return any complete frames.
+	*
+	* @param data New data to append to buffer
+	* @returns Array of complete frames (may be empty)
+	* @throws InvalidFrameTypeError if frame type is invalid
+	* @throws PayloadTooLargeError if payload exceeds maximum
+	* @throws BufferOverflowError if pending buffer exceeds maximum
+	*/
+	push(data) {
+		if (data.length === 0) return [];
+		const newBuffer = new Uint8Array(this.buffer.length + data.length);
+		newBuffer.set(this.buffer, 0);
+		newBuffer.set(data, this.buffer.length);
+		this.buffer = newBuffer;
+		if (this.buffer.length > this.maxPendingSize) throw new BufferOverflowError(this.buffer.length, this.maxPendingSize);
+		const frames = [];
+		while (this.buffer.length >= HEADER_SIZE) {
+			const payloadLength = new DataView(this.buffer.buffer, this.buffer.byteOffset).getUint32(0);
+			if (payloadLength > MAX_PAYLOAD_SIZE) throw new PayloadTooLargeError(payloadLength);
+			const totalFrameSize = HEADER_SIZE + payloadLength;
+			if (this.buffer.length < totalFrameSize) break;
+			const { frame, remaining } = decodeFrame(this.buffer);
+			frames.push(frame);
+			this.buffer = remaining;
+		}
+		return frames;
+	}
+	/**
+	* Reset the decoder state, discarding any buffered data.
+	*/
+	reset() {
+		this.buffer = new Uint8Array(0);
+	}
+	/**
+	* Get the current pending buffer size.
+	*/
+	get pendingSize() {
+		return this.buffer.length;
+	}
+};
+//#endregion
+//#region src/protocol/message.ts
+/**
+* Error for invalid message structure
+*/
+var InvalidMessageError = class extends ProtocolError {
+	constructor(message) {
+		super("invalid_message", message);
+		this.name = "InvalidMessageError";
+	}
+};
+/**
+* Error for JSON parsing failures
+*/
+var ParseError = class extends ProtocolError {
+	constructor(message) {
+		super("parse_error", `Parse error: ${message}`);
+		this.name = "ParseError";
+	}
+};
+/**
+* Error for depth limit exceeded
+*/
+var DepthLimitExceededError = class extends ProtocolError {
+	constructor() {
+		super("depth_limit_exceeded", `JSON depth limit exceeded (max ${MAX_JSON_DEPTH})`);
+		this.name = "DepthLimitExceededError";
+	}
+};
+/**
+* Error for message too large
+*/
+var MessageTooLargeError = class extends ProtocolError {
+	constructor(size) {
+		super("message_too_large", `Message too large: ${size} bytes (max ${MAX_JSON_SIZE})`);
+		this.name = "MessageTooLargeError";
+	}
+};
+/**
+* Dangerous keys that should be filtered for security
+*/
+const DANGEROUS_KEYS = new Set([
+	"__proto__",
+	"constructor",
+	"prototype"
+]);
+/**
+* Recursively filter dangerous keys from an object
+*/
+function filterDangerousKeys(obj, depth = 0) {
+	if (depth > MAX_JSON_DEPTH) throw new DepthLimitExceededError();
+	if (obj === null || typeof obj !== "object") return obj;
+	if (Array.isArray(obj)) return obj.map((item) => filterDangerousKeys(item, depth + 1));
+	const filtered = {};
+	for (const [key, value] of Object.entries(obj)) if (!DANGEROUS_KEYS.has(key)) filtered[key] = filterDangerousKeys(value, depth + 1);
+	return filtered;
+}
+/**
+* Calculate depth of a JSON object
+*/
+function calculateDepth(obj, depth = 0) {
+	if (depth > MAX_JSON_DEPTH) return depth;
+	if (obj === null || typeof obj !== "object") return depth;
+	let maxDepth = depth;
+	if (Array.isArray(obj)) for (const item of obj) {
+		maxDepth = Math.max(maxDepth, calculateDepth(item, depth + 1));
+		if (maxDepth > MAX_JSON_DEPTH) return maxDepth;
+	}
+	else for (const value of Object.values(obj)) {
+		maxDepth = Math.max(maxDepth, calculateDepth(value, depth + 1));
+		if (maxDepth > MAX_JSON_DEPTH) return maxDepth;
+	}
+	return maxDepth;
+}
+/**
+* Serialize a message to JSON bytes.
+*
+* @param message The message to serialize
+* @returns UTF-8 encoded JSON bytes
+* @throws InvalidMessageError if message is invalid
+*/
+function serializeMessage(message) {
+	if (!message || typeof message !== "object" || !("type" in message)) throw new InvalidMessageError("Invalid message: missing type");
+	const { type } = message;
+	if (type === "request") {
+		const req = message;
+		if (!req.id) throw new InvalidMessageError("Invalid request: missing id");
+		if (!req.method) throw new InvalidMessageError("Invalid request: missing method");
+	}
+	const clean = {};
+	for (const [key, value] of Object.entries(message)) if (value !== void 0) clean[key] = value;
+	const json = JSON.stringify(clean);
+	return new TextEncoder().encode(json);
+}
+/**
+* Deserialize JSON bytes to a message.
+*
+* @param data UTF-8 encoded JSON bytes
+* @returns Parsed message
+* @throws ParseError if JSON is invalid
+* @throws InvalidMessageError if message structure is invalid
+* @throws DepthLimitExceededError if JSON is too deeply nested
+* @throws MessageTooLargeError if message exceeds size limit
+*/
+function deserializeMessage(data) {
+	if (data.length > MAX_JSON_SIZE) throw new MessageTooLargeError(data.length);
+	let parsed;
+	try {
+		const json = new TextDecoder().decode(data);
+		parsed = JSON.parse(json);
+	} catch (e) {
+		throw new ParseError(e instanceof Error ? e.message : "Invalid JSON");
+	}
+	if (!parsed || typeof parsed !== "object") throw new InvalidMessageError("Invalid message: not an object");
+	if (calculateDepth(parsed) > MAX_JSON_DEPTH) throw new DepthLimitExceededError();
+	const filtered = filterDangerousKeys(parsed);
+	if (!("type" in filtered) || typeof filtered.type !== "string") throw new InvalidMessageError("Invalid message: missing type");
+	const { type } = filtered;
+	if (type !== "request" && type !== "response" && type !== "event") throw new InvalidMessageError(`Invalid message type: ${type}`);
+	return filtered;
+}
+//#endregion
+//#region src/session/types.ts
+/**
+* Protocol version
+*/
+const PROTOCOL_VERSION = "1.0";
+/**
+* Session error
+*/
+var SessionError = class extends Error {
+	constructor(code, message) {
+		super(message);
+		this.code = code;
+		this.name = "SessionError";
+	}
+};
+/**
+* Default options
+*/
+const DEFAULT_SESSION_OPTIONS = {
+	maxSessions: 100,
+	requestTimeout: 3e4,
+	sessionTimeout: 3e4,
+	idleTimeout: 3e5,
+	heartbeatInterval: 3e4,
+	heartbeatTimeout: 9e4
+};
+//#endregion
+//#region src/session/host.ts
+/**
+* Counter for generating unique session IDs
+*/
+let sessionCounter = 0;
+/**
+* Validates namespace string
+*/
+function isValidNamespace(namespace) {
+	if (namespace.length === 0 || namespace.length > 255) return false;
+	if (namespace.includes("..") || namespace.includes("/") || namespace.includes(":")) return false;
+	return true;
+}
+/**
+* Generate session ID with uniqueness guarantee
+*/
+function generateSessionId(namespace) {
+	sessionCounter++;
+	const random = Math.random().toString(36).substring(2, 8);
+	return `sess_${namespace}_${Date.now()}_${sessionCounter}_${random}`;
+}
+/**
+* Session implementation
+*/
+var SessionImpl = class {
+	id;
+	namespace;
+	name;
+	createdAt;
+	afs;
+	_state = "pending";
+	constructor(params) {
+		this.id = params.id || generateSessionId(params.namespace);
+		this.namespace = params.namespace;
+		this.name = params.name;
+		this.createdAt = /* @__PURE__ */ new Date();
+		this.afs = params.afs;
+		this._state = "attached";
+	}
+	get state() {
+		return this._state;
+	}
+	setState(state) {
+		this._state = state;
+	}
+};
+/**
+* Stub AFS module for injected sessions.
+* The real AFS operations are proxied back to the client.
+*/
+var InjectedAFSModule = class {
+	name;
+	description;
+	constructor(name, description) {
+		this.name = name;
+		this.description = description;
+	}
+};
+/**
+* Session host manages multiple client sessions (Observer side).
+*/
+var SessionHost = class {
+	options;
+	connections = /* @__PURE__ */ new Map();
+	sessions = /* @__PURE__ */ new Map();
+	namespaces = /* @__PURE__ */ new Map();
+	sessionToConnection = /* @__PURE__ */ new Map();
+	disconnectedSessions = /* @__PURE__ */ new Map();
+	constructor(options = {}) {
+		this.options = {
+			...DEFAULT_SESSION_OPTIONS,
+			...options
+		};
+	}
+	/**
+	* Handle a new transport connection.
+	*/
+	handleConnection(transport) {
+		const state = {
+			transport,
+			attached: false,
+			lastPong: Date.now()
+		};
+		this.connections.set(transport, state);
+		transport.on("frame", (frame) => {
+			this.handleFrame(state, frame).catch((err) => {
+				console.error("Error handling frame:", err);
+			});
+		});
+		transport.on("close", () => {
+			this.handleDisconnect(state);
+		});
+		transport.on("error", (err) => {
+			console.error("Transport error:", err);
+		});
+	}
+	/**
+	* Handle incoming frame from a connection.
+	*/
+	async handleFrame(state, frame) {
+		if (frame.type !== FrameType.JSON) return;
+		try {
+			const message = deserializeMessage(frame.payload);
+			if (message.type === "event") {
+				if (message.event === "session.pong") state.lastPong = Date.now();
+				return;
+			}
+			if (message.type !== "request") return;
+			const request = message;
+			let response;
+			if (request.method === "session.attach") response = await this.handleAttach(state, request);
+			else if (request.method === "session.detach") response = await this.handleDetach(state, request);
+			else if (request.method.startsWith("afs.")) response = await this.handleAfsRequest(state, request);
+			else response = {
+				type: "response",
+				id: request.id,
+				error: {
+					code: "invalid_request",
+					message: `Unknown method: ${request.method}`
+				}
+			};
+			await this.sendResponse(state.transport, response);
+		} catch (err) {
+			console.error("Error processing frame:", err);
+		}
+	}
+	/**
+	* Handle session.attach request.
+	*/
+	async handleAttach(state, request) {
+		if (state.attached) return {
+			type: "response",
+			id: request.id,
+			error: {
+				code: "invalid_request",
+				message: "Already attached to a session"
+			}
+		};
+		const params = request.params;
+		if (!params || !params.version) return {
+			type: "response",
+			id: request.id,
+			error: {
+				code: "invalid_request",
+				message: "Missing required parameter: version"
+			}
+		};
+		if (!params.namespace) return {
+			type: "response",
+			id: request.id,
+			error: {
+				code: "invalid_request",
+				message: "Missing required parameter: namespace"
+			}
+		};
+		if (params.version !== PROTOCOL_VERSION) return {
+			type: "response",
+			id: request.id,
+			error: {
+				code: "version_mismatch",
+				message: `Version mismatch: expected ${PROTOCOL_VERSION}, got ${params.version}`
+			}
+		};
+		if (!isValidNamespace(params.namespace)) return {
+			type: "response",
+			id: request.id,
+			error: {
+				code: "invalid_request",
+				message: "Invalid namespace"
+			}
+		};
+		if (params.sessionId) return this.handleReconnect(state, request, params);
+		if (this.sessions.size >= this.options.maxSessions) return {
+			type: "response",
+			id: request.id,
+			error: {
+				code: "invalid_request",
+				message: "Maximum sessions reached"
+			}
+		};
+		const existingSession = this.namespaces.get(params.namespace);
+		if (existingSession) if (params.replace) {
+			const oldConnectionState = this.sessionToConnection.get(existingSession.id);
+			if (oldConnectionState) {
+				await this.sendEvent(oldConnectionState.transport, {
+					type: "event",
+					event: "session.replaced",
+					data: {
+						sessionId: existingSession.id,
+						namespace: existingSession.namespace,
+						reason: "replaced by new connection"
+					}
+				});
+				if (oldConnectionState.heartbeatTimer) clearInterval(oldConnectionState.heartbeatTimer);
+				oldConnectionState.session = void 0;
+				oldConnectionState.attached = false;
+				this.sessionToConnection.delete(existingSession.id);
+			}
+			existingSession.setState("disconnected");
+			this.sessions.delete(existingSession.id);
+			this.namespaces.delete(params.namespace);
+		} else return {
+			type: "response",
+			id: request.id,
+			error: {
+				code: "namespace_conflict",
+				message: `Namespace '${params.namespace}' already exists`
+			}
+		};
+		const afs = new InjectedAFSModule(params.namespace, params.name);
+		const session = new SessionImpl({
+			namespace: params.namespace,
+			name: params.name,
+			afs
+		});
+		this.sessions.set(session.id, session);
+		this.namespaces.set(session.namespace, session);
+		this.sessionToConnection.set(session.id, state);
+		state.session = session;
+		state.attached = true;
+		this.startHeartbeat(state);
+		const result = {
+			sessionId: session.id,
+			namespace: session.namespace
+		};
+		return {
+			type: "response",
+			id: request.id,
+			result
+		};
+	}
+	/**
+	* Handle reconnect with existing session ID.
+	*/
+	async handleReconnect(state, request, params) {
+		const sessionId = params.sessionId;
+		const namespace = params.namespace;
+		const disconnected = this.disconnectedSessions.get(sessionId);
+		if (disconnected) {
+			const session = disconnected.session;
+			if (session.namespace !== namespace) return {
+				type: "response",
+				id: request.id,
+				error: {
+					code: "invalid_session",
+					message: "Session ID does not match namespace"
+				}
+			};
+			clearTimeout(disconnected.timeoutId);
+			this.disconnectedSessions.delete(sessionId);
+			session.setState("attached");
+			this.sessions.set(session.id, session);
+			this.namespaces.set(session.namespace, session);
+			this.sessionToConnection.set(session.id, state);
+			state.session = session;
+			state.attached = true;
+			this.startHeartbeat(state);
+			return {
+				type: "response",
+				id: request.id,
+				result: {
+					sessionId: session.id,
+					namespace: session.namespace
+				}
+			};
+		}
+		const activeSession = this.sessions.get(sessionId);
+		if (activeSession) {
+			if (activeSession.namespace !== namespace) return {
+				type: "response",
+				id: request.id,
+				error: {
+					code: "invalid_session",
+					message: "Session ID does not match namespace"
+				}
+			};
+			return {
+				type: "response",
+				id: request.id,
+				error: {
+					code: "invalid_session",
+					message: "Session is already active"
+				}
+			};
+		}
+		return {
+			type: "response",
+			id: request.id,
+			error: {
+				code: "invalid_session",
+				message: "Session not found or expired"
+			}
+		};
+	}
+	/**
+	* Start heartbeat for a connection.
+	*/
+	startHeartbeat(state) {
+		if (this.options.heartbeatInterval <= 0) return;
+		state.lastPong = Date.now();
+		state.heartbeatTimer = setInterval(() => {
+			if (Date.now() - state.lastPong > this.options.heartbeatTimeout) {
+				this.handleHeartbeatTimeout(state);
+				return;
+			}
+			this.sendEvent(state.transport, {
+				type: "event",
+				event: "session.ping",
+				data: { timestamp: Date.now() }
+			}).catch((err) => {
+				console.error("Error sending ping:", err);
+			});
+		}, this.options.heartbeatInterval);
+	}
+	/**
+	* Handle heartbeat timeout.
+	*/
+	handleHeartbeatTimeout(state) {
+		if (state.heartbeatTimer) {
+			clearInterval(state.heartbeatTimer);
+			state.heartbeatTimer = void 0;
+		}
+		this.handleDisconnect(state);
+		state.transport.close().catch(() => {});
+	}
+	/**
+	* Handle session.detach request.
+	*/
+	async handleDetach(state, request) {
+		if (!state.attached || !state.session) return {
+			type: "response",
+			id: request.id,
+			error: {
+				code: "invalid_session",
+				message: "Not attached to a session"
+			}
+		};
+		const session = state.session;
+		if (state.heartbeatTimer) {
+			clearInterval(state.heartbeatTimer);
+			state.heartbeatTimer = void 0;
+		}
+		session.setState("disconnected");
+		this.sessions.delete(session.id);
+		this.namespaces.delete(session.namespace);
+		this.sessionToConnection.delete(session.id);
+		state.session = void 0;
+		state.attached = false;
+		return {
+			type: "response",
+			id: request.id,
+			result: {}
+		};
+	}
+	/**
+	* Handle AFS request (passthrough to client).
+	*/
+	async handleAfsRequest(state, request) {
+		if (!state.attached) return {
+			type: "response",
+			id: request.id,
+			error: {
+				code: "invalid_session",
+				message: "Must attach before sending AFS requests"
+			}
+		};
+		return {
+			type: "response",
+			id: request.id,
+			error: {
+				code: "not_implemented",
+				message: "AFS passthrough not yet implemented"
+			}
+		};
+	}
+	/**
+	* Handle transport disconnect.
+	*/
+	handleDisconnect(state) {
+		if (state.heartbeatTimer) {
+			clearInterval(state.heartbeatTimer);
+			state.heartbeatTimer = void 0;
+		}
+		if (state.session) {
+			const session = state.session;
+			session.setState("disconnected");
+			this.sessions.delete(session.id);
+			this.namespaces.delete(session.namespace);
+			this.sessionToConnection.delete(session.id);
+			if (this.options.sessionTimeout > 0) {
+				const timeoutId = setTimeout(() => {
+					this.disconnectedSessions.delete(session.id);
+				}, this.options.sessionTimeout);
+				this.disconnectedSessions.set(session.id, {
+					session,
+					disconnectedAt: Date.now(),
+					timeoutId
+				});
+			}
+		}
+		this.connections.delete(state.transport);
+	}
+	/**
+	* Send response back to client.
+	*/
+	async sendResponse(transport, response) {
+		const payload = serializeMessage(response);
+		await transport.send({
+			type: FrameType.JSON,
+			reqId: Number.parseInt(response.id, 10),
+			payload
+		});
+	}
+	/**
+	* Send event to client.
+	*/
+	async sendEvent(transport, event) {
+		const payload = serializeMessage(event);
+		await transport.send({
+			type: FrameType.JSON,
+			reqId: 0,
+			payload
+		});
+	}
+	/**
+	* Get all active sessions.
+	*/
+	getSessions() {
+		return Array.from(this.sessions.values());
+	}
+	/**
+	* Close the session host and all sessions.
+	*/
+	async close() {
+		for (const state of this.connections.values()) if (state.heartbeatTimer) clearInterval(state.heartbeatTimer);
+		for (const disconnected of this.disconnectedSessions.values()) clearTimeout(disconnected.timeoutId);
+		for (const state of this.connections.values()) await state.transport.close();
+		this.connections.clear();
+		this.sessions.clear();
+		this.namespaces.clear();
+		this.sessionToConnection.clear();
+		this.disconnectedSessions.clear();
+	}
+};
+//#endregion
+//#region src/transport/types.ts
+/**
+* Default socket path
+*/
+const DEFAULT_SOCKET_PATH = "~/.afs/observer.sock";
+/**
+* Default WebSocket port
+*/
+const DEFAULT_WS_PORT = 9999;
+//#endregion
+//#region src/transport/unix-socket.ts
+/**
+* Expand ~ to home directory
+*/
+function expandPath(p) {
+	if (p.startsWith("~/")) {
+		const home = process.env.HOME || process.env.USERPROFILE || "/";
+		return path.join(home, p.slice(2));
+	}
+	return p;
+}
+/**
+* Error for Unix socket operations
+*/
+var UnixSocketError = class extends Error {
+	constructor(code, message) {
+		super(message);
+		this.code = code;
+		this.name = "UnixSocketError";
+	}
+};
+/**
+* Unix socket transport implementation.
+*/
+var UnixSocketTransport = class {
+	socket;
+	decoder = new FrameDecoder();
+	handlers = /* @__PURE__ */ new Map();
+	_connected = false;
+	constructor(socket) {
+		this.socket = socket;
+		this._connected = true;
+		this.setupHandlers();
+	}
+	setupHandlers() {
+		this.socket.on("data", (data) => {
+			try {
+				const frames = this.decoder.push(new Uint8Array(data));
+				for (const frame of frames) this.emit("frame", frame);
+			} catch (error) {
+				this.emit("error", error);
+			}
+		});
+		this.socket.on("close", () => {
+			this._connected = false;
+			this.emit("close");
+		});
+		this.socket.on("error", (error) => {
+			this.emit("error", error);
+		});
+	}
+	async send(frame) {
+		if (!this._connected) throw new UnixSocketError("not_connected", "Transport is not connected");
+		const encoded = encodeFrame(frame.type, frame.reqId, frame.payload);
+		return new Promise((resolve, reject) => {
+			this.socket.write(Buffer.from(encoded), (err) => {
+				if (err) reject(err);
+				else resolve();
+			});
+		});
+	}
+	async close() {
+		return new Promise((resolve) => {
+			if (!this._connected) {
+				resolve();
+				return;
+			}
+			this.socket.end(() => {
+				this._connected = false;
+				resolve();
+			});
+		});
+	}
+	on(event, handler) {
+		if (!this.handlers.has(event)) this.handlers.set(event, /* @__PURE__ */ new Set());
+		this.handlers.get(event).add(handler);
+	}
+	off(event, handler) {
+		this.handlers.get(event)?.delete(handler);
+	}
+	emit(event, ...args) {
+		const handlers = this.handlers.get(event);
+		if (handlers) for (const handler of handlers) handler(...args);
+	}
+	get connected() {
+		return this._connected;
+	}
+};
+/**
+* Unix socket server implementation.
+*/
+var UnixSocketServer = class {
+	server = null;
+	socketPath;
+	maxConnections;
+	connections = /* @__PURE__ */ new Set();
+	connectionHandler;
+	_listening = false;
+	constructor(options = {}) {
+		this.socketPath = expandPath(options.socketPath || "~/.afs/observer.sock");
+		this.maxConnections = options.maxConnections ?? 100;
+	}
+	async listen() {
+		try {
+			if (fs.lstatSync(this.socketPath).isSymbolicLink()) throw new UnixSocketError("symlink_not_allowed", `Socket path is a symlink: ${this.socketPath}`);
+		} catch (e) {
+			if (e.code !== "ENOENT") {
+				if (e instanceof UnixSocketError) throw e;
+			}
+		}
+		const dir = path.dirname(this.socketPath);
+		fs.mkdirSync(dir, { recursive: true });
+		try {
+			fs.unlinkSync(this.socketPath);
+		} catch (e) {
+			if (e.code !== "ENOENT") throw new UnixSocketError("remove_failed", `Failed to remove existing socket: ${e.message}`);
+		}
+		const net = await import("node:net");
+		return new Promise((resolve, reject) => {
+			this.server = net.createServer((socket) => {
+				if (this.connections.size >= this.maxConnections) {
+					socket.end();
+					socket.destroy();
+					return;
+				}
+				const transport = new UnixSocketTransport(socket);
+				this.connections.add(transport);
+				transport.on("close", () => {
+					this.connections.delete(transport);
+				});
+				this.connectionHandler?.(transport);
+			});
+			this.server.on("error", (err) => {
+				reject(err);
+			});
+			this.server.listen(this.socketPath, () => {
+				this._listening = true;
+				resolve();
+			});
+		});
+	}
+	async close() {
+		if (!this.server) return;
+		for (const conn of this.connections) await conn.close();
+		this.connections.clear();
+		return new Promise((resolve) => {
+			this.server.close(() => {
+				this._listening = false;
+				try {
+					fs.unlinkSync(this.socketPath);
+				} catch {}
+				resolve();
+			});
+		});
+	}
+	onConnection(handler) {
+		this.connectionHandler = handler;
+	}
+	get listening() {
+		return this._listening;
+	}
+};
+/**
+* Unix socket client implementation.
+*/
+var UnixSocketClient = class {
+	socket = null;
+	transport = null;
+	socketPath;
+	handlers = /* @__PURE__ */ new Map();
+	constructor(options = {}) {
+		this.socketPath = expandPath(options.socketPath || "~/.afs/observer.sock");
+	}
+	async connect() {
+		const net = await import("node:net");
+		return new Promise((resolve, reject) => {
+			this.socket = net.connect(this.socketPath, () => {
+				this.transport = new UnixSocketTransport(this.socket);
+				this.transport.on("frame", (frame) => this.emit("frame", frame));
+				this.transport.on("error", (error) => this.emit("error", error));
+				this.transport.on("close", () => this.emit("close"));
+				resolve();
+			});
+			this.socket.on("error", (err) => {
+				reject(err);
+			});
+		});
+	}
+	async send(frame) {
+		if (!this.transport) throw new UnixSocketError("not_connected", "Client is not connected");
+		return this.transport.send(frame);
+	}
+	async close() {
+		if (this.transport) await this.transport.close();
+		this.socket = null;
+		this.transport = null;
+	}
+	on(event, handler) {
+		if (!this.handlers.has(event)) this.handlers.set(event, /* @__PURE__ */ new Set());
+		this.handlers.get(event).add(handler);
+	}
+	off(event, handler) {
+		this.handlers.get(event)?.delete(handler);
+	}
+	emit(event, ...args) {
+		const handlers = this.handlers.get(event);
+		if (handlers) for (const handler of handlers) handler(...args);
+	}
+	get connected() {
+		return this.transport?.connected ?? false;
+	}
+};
+//#endregion
+//#region src/transport/websocket.ts
+/**
+* Error for WebSocket operations
+*/
+var WebSocketError = class extends Error {
+	constructor(code, message) {
+		super(message);
+		this.code = code;
+		this.name = "WebSocketError";
+	}
+};
+/**
+* Constant-time string comparison to prevent timing attacks
+*/
+function secureCompare(a, b) {
+	if (a.length !== b.length) {
+		crypto.timingSafeEqual(Buffer.from(a), Buffer.from(a));
+		return false;
+	}
+	return crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b));
+}
+/**
+* Rate limiter for auth attempts
+*/
+var AuthRateLimiter = class {
+	attempts = /* @__PURE__ */ new Map();
+	maxAttempts = 5;
+	windowMs = 6e4;
+	isRateLimited(ip) {
+		const now = Date.now();
+		const record = this.attempts.get(ip);
+		if (!record || record.resetAt < now) return false;
+		return record.count >= this.maxAttempts;
+	}
+	recordAttempt(ip) {
+		const now = Date.now();
+		const record = this.attempts.get(ip);
+		if (!record || record.resetAt < now) this.attempts.set(ip, {
+			count: 1,
+			resetAt: now + this.windowMs
+		});
+		else record.count++;
+	}
+	recordSuccess(ip) {
+		this.attempts.delete(ip);
+	}
+};
+/**
+* WebSocket transport for server-side (Bun WebSocket).
+* Wraps Bun's ServerWebSocket to provide Transport interface.
+*/
+var WebSocketTransport = class {
+	ws;
+	decoder = new FrameDecoder();
+	handlers = /* @__PURE__ */ new Map();
+	_connected = true;
+	constructor(ws) {
+		this.ws = ws;
+	}
+	/**
+	* Called by server when message is received.
+	*/
+	handleMessage(data) {
+		try {
+			const bytes = data instanceof ArrayBuffer ? new Uint8Array(data) : data;
+			const frames = this.decoder.push(bytes);
+			for (const frame of frames) this.emit("frame", frame);
+		} catch (error) {
+			this.emit("error", error);
+		}
+	}
+	/**
+	* Called by server when connection closes.
+	*/
+	handleClose() {
+		this._connected = false;
+		this.emit("close");
+	}
+	/**
+	* Called by server when error occurs.
+	*/
+	handleError(error) {
+		this.emit("error", error);
+	}
+	async send(frame) {
+		if (!this._connected) throw new WebSocketError("not_connected", "Transport is not connected");
+		const encoded = encodeFrame(frame.type, frame.reqId, frame.payload);
+		this.ws.sendBinary(encoded);
+	}
+	async close() {
+		if (this._connected) {
+			this.ws.close();
+			this._connected = false;
+		}
+	}
+	on(event, handler) {
+		if (!this.handlers.has(event)) this.handlers.set(event, /* @__PURE__ */ new Set());
+		this.handlers.get(event).add(handler);
+	}
+	off(event, handler) {
+		this.handlers.get(event)?.delete(handler);
+	}
+	emit(event, ...args) {
+		const handlers = this.handlers.get(event);
+		if (handlers) for (const handler of handlers) handler(...args);
+	}
+	get connected() {
+		return this._connected;
+	}
+};
+/**
+* WebSocket server implementation using Bun.serve.
+*/
+var WebSocketServer = class {
+	server = null;
+	host;
+	port;
+	authToken;
+	maxConnections;
+	connections = /* @__PURE__ */ new Set();
+	wsToTransport = /* @__PURE__ */ new Map();
+	connectionHandler;
+	_listening = false;
+	rateLimiter = new AuthRateLimiter();
+	constructor(options = {}) {
+		this.host = options.host || "localhost";
+		this.port = options.port || 9999;
+		this.authToken = options.authToken;
+		this.maxConnections = options.maxConnections ?? 100;
+	}
+	async listen() {
+		const self = this;
+		this.server = Bun.serve({
+			hostname: this.host,
+			port: this.port,
+			fetch(req, server) {
+				const ip = server.requestIP(req)?.address || "unknown";
+				if (self.authToken && self.rateLimiter.isRateLimited(ip)) return new Response("Too many auth attempts", { status: 429 });
+				if (self.authToken) {
+					const queryToken = new URL(req.url).searchParams.get("token");
+					const authHeader = req.headers.get("Authorization");
+					const providedToken = (authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : null) || queryToken;
+					if (!providedToken) {
+						self.rateLimiter.recordAttempt(ip);
+						return new Response("Authentication required", { status: 401 });
+					}
+					if (!secureCompare(providedToken, self.authToken)) {
+						self.rateLimiter.recordAttempt(ip);
+						return new Response("Authentication failed", { status: 403 });
+					}
+					self.rateLimiter.recordSuccess(ip);
+				}
+				if (self.connections.size >= self.maxConnections) return new Response("Too many connections", { status: 503 });
+				if (!server.upgrade(req, { data: { ip } })) return new Response("WebSocket upgrade failed", { status: 400 });
+			},
+			websocket: {
+				open(ws) {
+					const transport = new WebSocketTransport(ws);
+					self.connections.add(transport);
+					self.wsToTransport.set(ws, transport);
+					transport.on("close", () => {
+						self.connections.delete(transport);
+						self.wsToTransport.delete(ws);
+					});
+					self.connectionHandler?.(transport);
+				},
+				message(ws, message) {
+					const transport = self.wsToTransport.get(ws);
+					if (transport) {
+						const data = typeof message === "string" ? new TextEncoder().encode(message) : message instanceof ArrayBuffer ? new Uint8Array(message) : new Uint8Array(message.buffer);
+						transport.handleMessage(data);
+					}
+				},
+				close(ws) {
+					const transport = self.wsToTransport.get(ws);
+					if (transport) {
+						transport.handleClose();
+						self.connections.delete(transport);
+						self.wsToTransport.delete(ws);
+					}
+				},
+				perMessageDeflate: false
+			}
+		});
+		this._listening = true;
+	}
+	async close() {
+		for (const conn of this.connections) await conn.close();
+		this.connections.clear();
+		this.wsToTransport.clear();
+		if (this.server) {
+			this.server.stop();
+			this._listening = false;
+		}
+	}
+	onConnection(handler) {
+		this.connectionHandler = handler;
+	}
+	get listening() {
+		return this._listening;
+	}
+	get address() {
+		return `ws://${this.host}:${this.port}`;
+	}
+};
+/**
+* WebSocket client transport (uses browser WebSocket API).
+*/
+var ClientWebSocketTransport = class {
+	ws;
+	decoder = new FrameDecoder();
+	handlers = /* @__PURE__ */ new Map();
+	_connected = false;
+	constructor(ws) {
+		this.ws = ws;
+		this._connected = ws.readyState === WebSocket.OPEN;
+		this.setupHandlers();
+	}
+	setupHandlers() {
+		this.ws.onmessage = (event) => {
+			try {
+				const data = event.data instanceof ArrayBuffer ? new Uint8Array(event.data) : typeof event.data === "string" ? new TextEncoder().encode(event.data) : new Uint8Array(event.data);
+				const frames = this.decoder.push(data);
+				for (const frame of frames) this.emit("frame", frame);
+			} catch (error) {
+				this.emit("error", error);
+			}
+		};
+		this.ws.onclose = () => {
+			this._connected = false;
+			this.emit("close");
+		};
+		this.ws.onerror = () => {
+			this.emit("error", /* @__PURE__ */ new Error("WebSocket error"));
+		};
+		this.ws.onopen = () => {
+			this._connected = true;
+		};
+	}
+	async send(frame) {
+		if (!this._connected) throw new WebSocketError("not_connected", "Transport is not connected");
+		const encoded = encodeFrame(frame.type, frame.reqId, frame.payload);
+		this.ws.send(encoded);
+	}
+	async close() {
+		if (this._connected) {
+			this.ws.close();
+			this._connected = false;
+		}
+	}
+	on(event, handler) {
+		if (!this.handlers.has(event)) this.handlers.set(event, /* @__PURE__ */ new Set());
+		this.handlers.get(event).add(handler);
+	}
+	off(event, handler) {
+		this.handlers.get(event)?.delete(handler);
+	}
+	emit(event, ...args) {
+		const handlers = this.handlers.get(event);
+		if (handlers) for (const handler of handlers) handler(...args);
+	}
+	get connected() {
+		return this._connected;
+	}
+};
+/**
+* WebSocket client implementation.
+*/
+var WebSocketClient = class {
+	ws = null;
+	transport = null;
+	host;
+	port;
+	authToken;
+	handlers = /* @__PURE__ */ new Map();
+	constructor(options = {}) {
+		this.host = options.host || "localhost";
+		this.port = options.port || 9999;
+		this.authToken = options.authToken;
+	}
+	async connect() {
+		return new Promise((resolve, reject) => {
+			let url = `ws://${this.host}:${this.port}`;
+			if (this.authToken) url += `?token=${encodeURIComponent(this.authToken)}`;
+			this.ws = new WebSocket(url);
+			this.ws.binaryType = "arraybuffer";
+			this.ws.onopen = () => {
+				this.transport = new ClientWebSocketTransport(this.ws);
+				this.transport.on("frame", (frame) => this.emit("frame", frame));
+				this.transport.on("error", (error) => this.emit("error", error));
+				this.transport.on("close", () => this.emit("close"));
+				resolve();
+			};
+			this.ws.onerror = () => {
+				reject(new WebSocketError("connection_failed", "Failed to connect"));
+			};
+			this.ws.onclose = (event) => {
+				if (!this.transport) if (event.code === 1002 || event.code === 1008) reject(new WebSocketError("auth_failed", "Authentication failed"));
+				else reject(new WebSocketError("connection_failed", "Connection closed"));
+			};
+		});
+	}
+	async send(frame) {
+		if (!this.transport) throw new WebSocketError("not_connected", "Client is not connected");
+		return this.transport.send(frame);
+	}
+	async close() {
+		if (this.transport) await this.transport.close();
+		this.ws = null;
+		this.transport = null;
+	}
+	on(event, handler) {
+		if (!this.handlers.has(event)) this.handlers.set(event, /* @__PURE__ */ new Set());
+		this.handlers.get(event).add(handler);
+	}
+	off(event, handler) {
+		this.handlers.get(event)?.delete(handler);
+	}
+	emit(event, ...args) {
+		const handlers = this.handlers.get(event);
+		if (handlers) for (const handler of handlers) handler(...args);
+	}
+	get connected() {
+		return this.transport?.connected ?? false;
+	}
+};
+//#endregion
+export { BufferOverflowError, DEFAULT_SESSION_OPTIONS, DEFAULT_SOCKET_PATH, DEFAULT_WS_PORT, DepthLimitExceededError, FrameDecoder, FrameType, HEADER_SIZE, IncompleteFrameError, InvalidFrameTypeError, InvalidMessageError, InvalidPayloadError, InvalidReqIdError, MAX_JSON_DEPTH, MAX_JSON_SIZE, MAX_PAYLOAD_SIZE, MAX_UINT32, MessageTooLargeError, PROTOCOL_VERSION, ParseError, PayloadTooLargeError, ProtocolError, SessionError, SessionHost, UnixSocketClient, UnixSocketError, UnixSocketServer, UnixSocketTransport, WebSocketClient, WebSocketError, WebSocketServer, WebSocketTransport, decodeFrame, deserializeMessage, encodeFrame, serializeMessage };
+//# sourceMappingURL=index.mjs.map