@aria-cli/server 1.0.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -0
- package/dist/.aria-build-stamp.json +4 -0
- package/dist/auth/api-key.d.ts +106 -0
- package/dist/config.d.ts +28 -0
- package/dist/daemon-launcher.d.ts +23 -0
- package/dist/daemon-launcher.js +3 -0
- package/dist/index-5tav2m70.js +3 -0
- package/dist/index-6extw9n6.js +2 -0
- package/dist/index-9n50yafd.js +3 -0
- package/dist/index-9xs3gn0p.js +2 -0
- package/dist/index-ghh3ag4c.js +548 -0
- package/dist/index-mnt9k223.js +15 -0
- package/dist/index-pe0pkp0v.js +2 -0
- package/dist/index-raeajnr7.js +2 -0
- package/dist/index-rr0sea4c.js +2 -0
- package/dist/index-zge0mhc0.js +3 -0
- package/dist/index.d.ts +11 -0
- package/dist/index.js +1 -0
- package/dist/peer-principal-auth.d.ts +37 -0
- package/dist/routes/arions.d.ts +34 -0
- package/dist/routes/council.d.ts +15 -0
- package/dist/routes/entrypoint-errors.d.ts +7 -0
- package/dist/routes/health.d.ts +6 -0
- package/dist/routes/invite-relay.d.ts +2 -0
- package/dist/routes/local-control.d.ts +3 -0
- package/dist/routes/message.d.ts +17 -0
- package/dist/routes/network.d.ts +14 -0
- package/dist/routes/pair.d.ts +57 -0
- package/dist/routes/pair.js +1 -0
- package/dist/routes/pipeline-mailbox.d.ts +10 -0
- package/dist/routes/relay.d.ts +29 -0
- package/dist/routes/resume.d.ts +2 -0
- package/dist/routes/run-control-surface.d.ts +24 -0
- package/dist/routes/run.d.ts +6 -0
- package/dist/routes/runtime-bootstrap.d.ts +3 -0
- package/dist/routes/runtime-node-advertisement.d.ts +3 -0
- package/dist/routes/runtime-run-room.d.ts +8 -0
- package/dist/routes/shared.d.ts +45 -0
- package/dist/routes/stream.d.ts +10 -0
- package/dist/routes/validation.d.ts +7 -0
- package/dist/routes/ws-revocation.d.ts +25 -0
- package/dist/runtime/attached-sender-inbox.d.ts +3 -0
- package/dist/runtime/authoritative-peer-endpoint.d.ts +27 -0
- package/dist/runtime/continuity-bind-suspicion.d.ts +39 -0
- package/dist/runtime/continuity-verification.d.ts +54 -0
- package/dist/runtime/decorate-runtime-surface.d.ts +2 -0
- package/dist/runtime/durable-network-store-surface.d.ts +51 -0
- package/dist/runtime/error-diagnostic.d.ts +12 -0
- package/dist/runtime/headless-dispatch-handler.d.ts +30 -0
- package/dist/runtime/host-supervisor.d.ts +109 -0
- package/dist/runtime/host-supervisor.js +1 -0
- package/dist/runtime/join-control.d.ts +3 -0
- package/dist/runtime/local-control-api.d.ts +63 -0
- package/dist/runtime/local-control-api.js +1 -0
- package/dist/runtime/local-control-pairing.d.ts +12 -0
- package/dist/runtime/local-control-socket.d.ts +48 -0
- package/dist/runtime/log-file-sink.d.ts +21 -0
- package/dist/runtime/network-read-control.d.ts +17 -0
- package/dist/runtime/network-state-stores.d.ts +2 -0
- package/dist/runtime/node-metadata.d.ts +22 -0
- package/dist/runtime/node-metadata.js +1 -0
- package/dist/runtime/node-runtime.d.ts +157 -0
- package/dist/runtime/node-store-revocation-store.d.ts +42 -0
- package/dist/runtime/node-store.d.ts +184 -0
- package/dist/runtime/node-store.js +1 -0
- package/dist/runtime/pinned-control-session.d.ts +41 -0
- package/dist/runtime/principal-binding-authority.d.ts +173 -0
- package/dist/runtime/reachable-control-host.d.ts +5 -0
- package/dist/runtime/runtime-admin-api.d.ts +16 -0
- package/dist/runtime/runtime-authority-registry.d.ts +55 -0
- package/dist/runtime/runtime-autonomous-loop.d.ts +40 -0
- package/dist/runtime/runtime-bootstrap-authority.d.ts +5 -0
- package/dist/runtime/runtime-bootstrap-record.d.ts +21 -0
- package/dist/runtime/runtime-event-journal.d.ts +21 -0
- package/dist/runtime/runtime-outbox.d.ts +35 -0
- package/dist/runtime/runtime-registry.d.ts +33 -0
- package/dist/runtime/runtime-registry.js +1 -0
- package/dist/runtime/runtime-run-control.d.ts +71 -0
- package/dist/runtime/stale-owner-error.d.ts +13 -0
- package/dist/runtime-run-control-0r21xdh5.js +2 -0
- package/dist/server.d.ts +84 -0
- package/dist/session-history-messages.d.ts +3 -0
- package/dist/session-history.d.ts +28 -0
- package/dist/shared-4jsvhy6g.js +1 -0
- package/dist/types.d.ts +299 -0
- package/dist/utils/rate-limiter.d.ts +25 -0
- package/dist/utils/sanitize-error.d.ts +10 -0
- package/package.json +82 -0
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import type { SessionHistoryLike } from "@aria-cli/aria";
|
|
2
|
+
export interface RecoveryToolCall {
|
|
3
|
+
id: string;
|
|
4
|
+
name: string;
|
|
5
|
+
arguments?: Record<string, unknown>;
|
|
6
|
+
/** Gemini thought signature — must be replayed verbatim in conversation history */
|
|
7
|
+
thoughtSignature?: string;
|
|
8
|
+
}
|
|
9
|
+
export interface RecoverySessionMessage {
|
|
10
|
+
role: string;
|
|
11
|
+
content: string;
|
|
12
|
+
name?: string;
|
|
13
|
+
toolCallId?: string;
|
|
14
|
+
toolCalls?: RecoveryToolCall[];
|
|
15
|
+
}
|
|
16
|
+
export interface RecoverySessionSummary {
|
|
17
|
+
id: string;
|
|
18
|
+
messageCount: number;
|
|
19
|
+
arionName?: string;
|
|
20
|
+
}
|
|
21
|
+
export interface ServerSessionHistory extends SessionHistoryLike {
|
|
22
|
+
upsertSession(sessionId: string, messages: RecoverySessionMessage[], options?: {
|
|
23
|
+
completed?: boolean;
|
|
24
|
+
arionName?: string;
|
|
25
|
+
}): void;
|
|
26
|
+
getIncompleteSessionsWithMetadata?(limit: number): RecoverySessionSummary[];
|
|
27
|
+
}
|
|
28
|
+
export declare function createServerSessionHistory(filePath: string): ServerSessionHistory;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
import{c as a,d as b,e as c,f as d,g as e,h as f,i as g,j as h}from"./index-zge0mhc0.js";import"./index-9xs3gn0p.js";export{g as normalizeEntrypointHistory,e as isAskUserAnswersExhaustedError,f as getToolResultHighlight,d as createAskUserHandler,c as createApprovalHandler,h as buildEntrypointRunOptions,b as AskUserAnswersExhaustedError,a as APPROVAL_PAUSE_SIGNAL};
|
package/dist/types.d.ts
ADDED
|
@@ -0,0 +1,299 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Fastify type augmentation for ARIA server decorations.
|
|
3
|
+
*
|
|
4
|
+
* Import this file (side-effect) in any route that accesses
|
|
5
|
+
* server.ariaMemoriaFactory, server.ariaRouter, or server.ariaBasePath.
|
|
6
|
+
*/
|
|
7
|
+
import type { RawRequestDefaultExpression } from "fastify";
|
|
8
|
+
import type { MemoriaFactory, StoredPairRequest, NonceStore, PeerSigningKeyStore, TrustTier } from "@aria-cli/aria";
|
|
9
|
+
import type { ModelRouter } from "@aria-cli/models";
|
|
10
|
+
import type { AuthResolver } from "@aria-cli/auth";
|
|
11
|
+
import type { ServerSessionHistory } from "./session-history.js";
|
|
12
|
+
import type { AcceptInviteRequest, AcceptInviteResponse, AttachedClientAuth, AttachedClientView, DirectPairResponse, InvitePeerRequest, InvitePeerResult, MailboxRef, LegacyPeerRegistryStatus, MessageStoreRef, NetworkManagerRef, NodeId, OutboundMessage, PairRequestDecision, PairRequestResponse, PendingPairRequestView, RelayPendingRequest, PeerTransportId, PrincipalFingerprint, PeerViewEvent, RevocationOperatorConfirmation, ControlEndpointAdvertisement, RepairPeerRequest, RepairPeerResponse, RevokePeerRequest, RevokePeerResponse, ResumeRunRequest, RuntimeRunEvent, RunRequest, RunResult, RuntimeId, RuntimeDeliveryReceipt, RuntimeQueuedReceipt, RuntimeStatus, RuntimeBootstrapRecord, PersistedInboxEvent, SigningPublicKey, TransportEndpointAdvertisement } from "@aria-cli/tools";
|
|
13
|
+
type DirectPairRequestContext = {
|
|
14
|
+
ip: string;
|
|
15
|
+
raw: RawRequestDefaultExpression;
|
|
16
|
+
};
|
|
17
|
+
type ServerNetworkManagerRef = Omit<NetworkManagerRef, "invite"> & {
|
|
18
|
+
invite(displayName?: string, options?: number | {
|
|
19
|
+
durationMs?: number;
|
|
20
|
+
nodeId?: NodeId;
|
|
21
|
+
caCert?: string;
|
|
22
|
+
controlEndpoint: ControlEndpointAdvertisement;
|
|
23
|
+
transportHostOverride?: string;
|
|
24
|
+
}): {
|
|
25
|
+
token: string;
|
|
26
|
+
psk: string;
|
|
27
|
+
};
|
|
28
|
+
completeJoin?(params: {
|
|
29
|
+
nodeId: NodeId;
|
|
30
|
+
principalFingerprint: PrincipalFingerprint;
|
|
31
|
+
peerPublicKey: PeerTransportId;
|
|
32
|
+
peerSigningKey: SigningPublicKey;
|
|
33
|
+
peerTransportEndpoint: TransportEndpointAdvertisement;
|
|
34
|
+
peerControlEndpoint: ControlEndpointAdvertisement;
|
|
35
|
+
displayNameSnapshot?: string;
|
|
36
|
+
inviteTokenNonce: string;
|
|
37
|
+
}): Promise<{
|
|
38
|
+
effectiveName: string;
|
|
39
|
+
}>;
|
|
40
|
+
};
|
|
41
|
+
declare module "fastify" {
|
|
42
|
+
interface FastifyInstance {
|
|
43
|
+
ariaMemoriaFactory?: MemoriaFactory;
|
|
44
|
+
ariaRouter?: ModelRouter;
|
|
45
|
+
ariaBasePath: string;
|
|
46
|
+
ariaSessionHistory?: ServerSessionHistory;
|
|
47
|
+
ariaRecoverCrashedSessions?: (signal?: AbortSignal) => Promise<void>;
|
|
48
|
+
ariaAuthResolver?: AuthResolver | null;
|
|
49
|
+
/** Canonical runtime identity for daemon-backed sends. */
|
|
50
|
+
ariaRuntimeId?: RuntimeId;
|
|
51
|
+
/** Durable node identity for runtime-owned local control routes. */
|
|
52
|
+
ariaNodeId?: NodeId;
|
|
53
|
+
/** Single-writer generation for durable runtime-owned identity mutations. */
|
|
54
|
+
ariaOwnerGeneration?: number;
|
|
55
|
+
config: {
|
|
56
|
+
port: number;
|
|
57
|
+
host: string;
|
|
58
|
+
};
|
|
59
|
+
/** MessageStore for inter-agent messaging — set by server startup when Memoria is available */
|
|
60
|
+
ariaMessageStore?: MessageStoreRef;
|
|
61
|
+
/** EventQueue for daemon event processing — append-only interface for incoming messages */
|
|
62
|
+
ariaEventQueue?: {
|
|
63
|
+
append(input: {
|
|
64
|
+
source: string;
|
|
65
|
+
content: string;
|
|
66
|
+
relevance: number;
|
|
67
|
+
}): void;
|
|
68
|
+
};
|
|
69
|
+
/** Durable peer signing key store — persists keys across restarts */
|
|
70
|
+
ariaPeerSigningKeyStore?: PeerSigningKeyStore;
|
|
71
|
+
/** NetworkManager for WireGuard peer management — set when mesh networking is active */
|
|
72
|
+
ariaNetworkManager?: ServerNetworkManagerRef;
|
|
73
|
+
/** Canonical runtime-owned outbox for localhost relay and attached clients. */
|
|
74
|
+
ariaRuntimeOutbox?: Pick<MailboxRef, "sendBestEffort" | "sendDurable">;
|
|
75
|
+
/** Runtime-owned run execution surface for attached local clients. */
|
|
76
|
+
ariaRunControl?: {
|
|
77
|
+
submitRun?(request: RunRequest, attachedClient?: {
|
|
78
|
+
clientId: string;
|
|
79
|
+
}): Promise<RunResult>;
|
|
80
|
+
resumeRun?(request: ResumeRunRequest, attachedClient?: {
|
|
81
|
+
clientId: string;
|
|
82
|
+
}): Promise<RunResult>;
|
|
83
|
+
streamRun?(request: RunRequest, signal?: AbortSignal, attachedClient?: {
|
|
84
|
+
clientId: string;
|
|
85
|
+
}): AsyncIterable<RuntimeRunEvent>;
|
|
86
|
+
};
|
|
87
|
+
/** Runtime-owned message delivery and inbox surface for attached local clients. */
|
|
88
|
+
ariaRuntimeMessageControl?: {
|
|
89
|
+
sendBestEffort(message: OutboundMessage): Promise<RuntimeQueuedReceipt>;
|
|
90
|
+
sendDurable(message: OutboundMessage): Promise<RuntimeDeliveryReceipt>;
|
|
91
|
+
listInbox(options?: {
|
|
92
|
+
limit?: number;
|
|
93
|
+
unreadOnly?: boolean;
|
|
94
|
+
}): Promise<PersistedInboxEvent[]>;
|
|
95
|
+
listDirectClientInbox?(options: {
|
|
96
|
+
clientId: string;
|
|
97
|
+
limit?: number;
|
|
98
|
+
unreadOnly?: boolean;
|
|
99
|
+
}): Promise<PersistedInboxEvent[]>;
|
|
100
|
+
};
|
|
101
|
+
/** Runtime-owned join completion surface for the control-plane route adapter. */
|
|
102
|
+
ariaJoinControl?: {
|
|
103
|
+
completeJoin(input: {
|
|
104
|
+
nodeId: NodeId;
|
|
105
|
+
principalFingerprint: PrincipalFingerprint;
|
|
106
|
+
peerPublicKey: PeerTransportId;
|
|
107
|
+
peerSigningKey: SigningPublicKey;
|
|
108
|
+
peerTransportEndpoint: TransportEndpointAdvertisement;
|
|
109
|
+
peerControlEndpoint: ControlEndpointAdvertisement;
|
|
110
|
+
displayNameSnapshot?: string;
|
|
111
|
+
inviteTokenNonce: string;
|
|
112
|
+
}): Promise<{
|
|
113
|
+
effectiveName: string;
|
|
114
|
+
}>;
|
|
115
|
+
};
|
|
116
|
+
/** Runtime-owned bootstrap authority surface. */
|
|
117
|
+
ariaRuntimeBootstrapControl?: {
|
|
118
|
+
getRuntimeBootstrap(): Promise<RuntimeBootstrapRecord>;
|
|
119
|
+
};
|
|
120
|
+
/** Runtime-owned status/admin surface for daemon lifecycle projections. */
|
|
121
|
+
ariaRuntimeLocalControl?: {
|
|
122
|
+
getRuntimeStatus(): Promise<RuntimeStatus>;
|
|
123
|
+
};
|
|
124
|
+
/** Runtime-owned attached-client directory and auth surface. */
|
|
125
|
+
ariaAttachedClientControl?: {
|
|
126
|
+
listAttachedClients(input: {
|
|
127
|
+
clientId: string;
|
|
128
|
+
}): Promise<AttachedClientView[]>;
|
|
129
|
+
countAttachedClients(): number;
|
|
130
|
+
authorizeAttachedClient(auth: AttachedClientAuth): boolean;
|
|
131
|
+
};
|
|
132
|
+
/** Runtime-owned peer discovery and local pairing helper surface. */
|
|
133
|
+
ariaPeerLocalControl?: {
|
|
134
|
+
listPeers(): Promise<PeerViewEvent[]>;
|
|
135
|
+
listNearbyPeers(): Promise<import("@aria-cli/tools").NearbyPeerView[]>;
|
|
136
|
+
createInvite(input: import("@aria-cli/tools").CreateInviteRequest): Promise<import("@aria-cli/tools").CreateInviteResponse>;
|
|
137
|
+
listPendingInvites(): Promise<import("@aria-cli/tools").PendingInviteView[]>;
|
|
138
|
+
acceptInviteToken(input: import("@aria-cli/tools").AcceptInviteTokenRequest): Promise<import("@aria-cli/tools").AcceptInviteTokenResponse>;
|
|
139
|
+
cancelInvite(input: import("@aria-cli/tools").CancelInviteRequest): Promise<import("@aria-cli/tools").CancelInviteResponse>;
|
|
140
|
+
invitePeer(input: InvitePeerRequest): Promise<InvitePeerResult>;
|
|
141
|
+
repairPeer(input: RepairPeerRequest): Promise<RepairPeerResponse>;
|
|
142
|
+
};
|
|
143
|
+
/** Runtime-owned public network peer-read surface for control-plane adapters. */
|
|
144
|
+
ariaNetworkReadControl?: {
|
|
145
|
+
listPeers(): Promise<Array<{
|
|
146
|
+
nodeId: NodeId;
|
|
147
|
+
transportPublicKey: PeerTransportId;
|
|
148
|
+
displayNameSnapshot?: string;
|
|
149
|
+
status: LegacyPeerRegistryStatus;
|
|
150
|
+
endpointHost: string | null;
|
|
151
|
+
endpointPort: number | null;
|
|
152
|
+
endpointRevision: number;
|
|
153
|
+
lastHandshake: number | null;
|
|
154
|
+
createdAt: number;
|
|
155
|
+
updatedAt: number;
|
|
156
|
+
}>>;
|
|
157
|
+
getPeerView(nodeId: NodeId): Promise<{
|
|
158
|
+
nodeId: NodeId;
|
|
159
|
+
transportPublicKey: PeerTransportId;
|
|
160
|
+
displayNameSnapshot?: string;
|
|
161
|
+
status: LegacyPeerRegistryStatus;
|
|
162
|
+
endpointHost: string | null;
|
|
163
|
+
endpointPort: number | null;
|
|
164
|
+
endpointRevision: number;
|
|
165
|
+
lastHandshake: number | null;
|
|
166
|
+
createdAt: number;
|
|
167
|
+
updatedAt: number;
|
|
168
|
+
} | undefined>;
|
|
169
|
+
};
|
|
170
|
+
/** Runtime-owned public network registration surface for control-plane adapters. */
|
|
171
|
+
ariaNetworkRegistrationControl?: {
|
|
172
|
+
registerPeer(input: {
|
|
173
|
+
nodeId: NodeId;
|
|
174
|
+
endpointHost?: string;
|
|
175
|
+
endpointPort?: number;
|
|
176
|
+
endpointRevision?: number;
|
|
177
|
+
}): Promise<{
|
|
178
|
+
registered: true;
|
|
179
|
+
nodeId: NodeId;
|
|
180
|
+
displayNameSnapshot?: string;
|
|
181
|
+
peerStatus: string;
|
|
182
|
+
lastSeen: number;
|
|
183
|
+
heartbeatUpdated: boolean;
|
|
184
|
+
endpointUpdated: boolean;
|
|
185
|
+
endpointRevision: number;
|
|
186
|
+
}>;
|
|
187
|
+
};
|
|
188
|
+
/** Runtime-owned pair control surface. */
|
|
189
|
+
ariaPairControl?: {
|
|
190
|
+
listPendingPairRequests(): Promise<PendingPairRequestView[]>;
|
|
191
|
+
ingestRelayedPairRequest(input: RelayPendingRequest): Promise<void>;
|
|
192
|
+
respondToPairRequest(input: PairRequestDecision): Promise<PairRequestResponse>;
|
|
193
|
+
acceptInvite(input: AcceptInviteRequest): Promise<AcceptInviteResponse>;
|
|
194
|
+
directPair(input: Record<string, unknown>, requestContext?: DirectPairRequestContext): Promise<DirectPairResponse>;
|
|
195
|
+
};
|
|
196
|
+
/** Runtime-owned peer revocation/admin surface. */
|
|
197
|
+
ariaNetworkAdminControl?: {
|
|
198
|
+
revokePeer(input: RevokePeerRequest & {
|
|
199
|
+
rateLimitFallbackKey?: string;
|
|
200
|
+
}): Promise<RevokePeerResponse>;
|
|
201
|
+
};
|
|
202
|
+
/** Durable pair request store — persists pair requests across restarts */
|
|
203
|
+
ariaDurablePairStore?: {
|
|
204
|
+
store(req: StoredPairRequest): void;
|
|
205
|
+
get(id: string): StoredPairRequest | undefined;
|
|
206
|
+
delete(id: string): void;
|
|
207
|
+
findAllActive(): StoredPairRequest[];
|
|
208
|
+
findPending(): StoredPairRequest[];
|
|
209
|
+
findRelayedForTargetNodeId(targetNodeId: NodeId): StoredPairRequest[];
|
|
210
|
+
cleanup(): void;
|
|
211
|
+
};
|
|
212
|
+
/** H2c: Revocation store for durable revocation events */
|
|
213
|
+
ariaRevocationStore?: {
|
|
214
|
+
revoke(event: {
|
|
215
|
+
nodeId: NodeId;
|
|
216
|
+
displayNameSnapshot?: string;
|
|
217
|
+
fingerprint: PrincipalFingerprint;
|
|
218
|
+
revokedAt: number;
|
|
219
|
+
localNodeId: NodeId;
|
|
220
|
+
operatorConfirmation: RevocationOperatorConfirmation;
|
|
221
|
+
reason?: string;
|
|
222
|
+
revocationGeneration?: number;
|
|
223
|
+
}): void;
|
|
224
|
+
isPeerRevoked(nodeId: NodeId): boolean;
|
|
225
|
+
read?(nodeId: NodeId): {
|
|
226
|
+
nodeId: NodeId;
|
|
227
|
+
displayNameSnapshot?: string;
|
|
228
|
+
fingerprint: PrincipalFingerprint;
|
|
229
|
+
revokedAt: number;
|
|
230
|
+
localNodeId: NodeId;
|
|
231
|
+
operatorConfirmation: RevocationOperatorConfirmation;
|
|
232
|
+
reason?: string;
|
|
233
|
+
revocationGeneration?: number;
|
|
234
|
+
} | null;
|
|
235
|
+
getPeerRevocationGeneration?(nodeId: NodeId): number | null;
|
|
236
|
+
clearRevocationForNodeId(nodeId: NodeId, expectedGeneration?: number): boolean;
|
|
237
|
+
list(): Array<{
|
|
238
|
+
nodeId: NodeId;
|
|
239
|
+
displayNameSnapshot?: string;
|
|
240
|
+
fingerprint: PrincipalFingerprint;
|
|
241
|
+
revokedAt: number;
|
|
242
|
+
localNodeId: NodeId;
|
|
243
|
+
operatorConfirmation: RevocationOperatorConfirmation;
|
|
244
|
+
reason?: string;
|
|
245
|
+
revocationGeneration?: number;
|
|
246
|
+
}>;
|
|
247
|
+
};
|
|
248
|
+
/** Relay cleanup callback — removes relay state for a revoked peer principal */
|
|
249
|
+
ariaRelayCleanup?: (nodeId: NodeId) => void;
|
|
250
|
+
/** Revocation broadcast callback — pushes revocation to WebSocket subscribers */
|
|
251
|
+
ariaRevocationBroadcast?: (revocation: {
|
|
252
|
+
nodeId: NodeId;
|
|
253
|
+
displayNameSnapshot?: string;
|
|
254
|
+
revokedAt: number;
|
|
255
|
+
}) => void;
|
|
256
|
+
/** Durable nonce store for mutation envelope replay protection */
|
|
257
|
+
ariaNonceStore?: NonceStore;
|
|
258
|
+
/** Peer trust tier store — tracks trust levels for known peers */
|
|
259
|
+
ariaPeerTrustStore?: {
|
|
260
|
+
get?(nodeId: NodeId): {
|
|
261
|
+
nodeId: NodeId;
|
|
262
|
+
displayName: string;
|
|
263
|
+
fingerprint?: PrincipalFingerprint;
|
|
264
|
+
tier: TrustTier;
|
|
265
|
+
promotedAt: number;
|
|
266
|
+
promotedBy: string;
|
|
267
|
+
reason?: string;
|
|
268
|
+
} | undefined;
|
|
269
|
+
getTier(nodeId: NodeId): TrustTier;
|
|
270
|
+
peerHasCapability(nodeId: NodeId, capability: string): boolean;
|
|
271
|
+
setTier(params: {
|
|
272
|
+
nodeId: NodeId;
|
|
273
|
+
displayName: string;
|
|
274
|
+
fingerprint?: PrincipalFingerprint;
|
|
275
|
+
tier: TrustTier;
|
|
276
|
+
promotedAt?: number;
|
|
277
|
+
promotedBy: string;
|
|
278
|
+
reason?: string;
|
|
279
|
+
}): void;
|
|
280
|
+
restore?(record: {
|
|
281
|
+
nodeId: NodeId;
|
|
282
|
+
displayName: string;
|
|
283
|
+
fingerprint?: PrincipalFingerprint;
|
|
284
|
+
tier: TrustTier;
|
|
285
|
+
promotedAt: number;
|
|
286
|
+
promotedBy: string;
|
|
287
|
+
reason?: string;
|
|
288
|
+
}): void;
|
|
289
|
+
delete?(nodeId: NodeId): boolean;
|
|
290
|
+
};
|
|
291
|
+
/** Invite consume ledger — prevents invite token replay */
|
|
292
|
+
ariaInviteConsumeLedger?: {
|
|
293
|
+
consume(nonce: string, issuer: string, audience: string): boolean;
|
|
294
|
+
isConsumed(nonce: string): boolean;
|
|
295
|
+
cleanup(maxAgeMs?: number): void;
|
|
296
|
+
};
|
|
297
|
+
}
|
|
298
|
+
}
|
|
299
|
+
export {};
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sliding-window per-key rate limiter.
|
|
3
|
+
*
|
|
4
|
+
* Tracks request timestamps per key in a bounded Map. When the map exceeds
|
|
5
|
+
* maxKeys, stale entries (those whose window has expired) are evicted.
|
|
6
|
+
*/
|
|
7
|
+
export declare class RateLimiter {
|
|
8
|
+
private readonly maxRequests;
|
|
9
|
+
private readonly windowMs;
|
|
10
|
+
private readonly maxKeys;
|
|
11
|
+
private readonly windows;
|
|
12
|
+
/**
|
|
13
|
+
* @param maxRequests Maximum requests allowed per window per key
|
|
14
|
+
* @param windowMs Time window in milliseconds
|
|
15
|
+
* @param maxKeys Maximum distinct keys to track (bounded memory). Default: 10000
|
|
16
|
+
*/
|
|
17
|
+
constructor(maxRequests: number, windowMs: number, maxKeys?: number);
|
|
18
|
+
/**
|
|
19
|
+
* Check if a request from the given key is allowed.
|
|
20
|
+
* Returns true if allowed, false if rate-limited.
|
|
21
|
+
*/
|
|
22
|
+
check(key: string): boolean;
|
|
23
|
+
/** Remove entries whose window has fully expired. */
|
|
24
|
+
private cleanup;
|
|
25
|
+
}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sanitize error messages for external consumption.
|
|
3
|
+
*
|
|
4
|
+
* Known client errors (4xx status codes) pass their message through;
|
|
5
|
+
* everything else is replaced with a generic "Internal server error"
|
|
6
|
+
* to avoid leaking implementation details.
|
|
7
|
+
*/
|
|
8
|
+
export declare function sanitizeError(error: unknown, logger?: {
|
|
9
|
+
error: (...args: unknown[]) => void;
|
|
10
|
+
}): string;
|
package/package.json
ADDED
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@aria-cli/server",
|
|
3
|
+
"version": "1.0.19",
|
|
4
|
+
"type": "module",
|
|
5
|
+
"main": "dist/index.js",
|
|
6
|
+
"types": "dist/index.d.ts",
|
|
7
|
+
"exports": {
|
|
8
|
+
".": {
|
|
9
|
+
"types": "./dist/index.d.ts",
|
|
10
|
+
"import": "./dist/index.js"
|
|
11
|
+
},
|
|
12
|
+
"./runtime/host-supervisor": {
|
|
13
|
+
"types": "./dist/runtime/host-supervisor.d.ts",
|
|
14
|
+
"import": "./dist/runtime/host-supervisor.js"
|
|
15
|
+
},
|
|
16
|
+
"./runtime/local-control-api": {
|
|
17
|
+
"types": "./dist/runtime/local-control-api.d.ts",
|
|
18
|
+
"import": "./dist/runtime/local-control-api.js"
|
|
19
|
+
},
|
|
20
|
+
"./runtime/node-metadata": {
|
|
21
|
+
"types": "./dist/runtime/node-metadata.d.ts",
|
|
22
|
+
"import": "./dist/runtime/node-metadata.js"
|
|
23
|
+
},
|
|
24
|
+
"./runtime/node-store": {
|
|
25
|
+
"types": "./dist/runtime/node-store.d.ts",
|
|
26
|
+
"import": "./dist/runtime/node-store.js"
|
|
27
|
+
},
|
|
28
|
+
"./runtime/runtime-registry": {
|
|
29
|
+
"types": "./dist/runtime/runtime-registry.d.ts",
|
|
30
|
+
"import": "./dist/runtime/runtime-registry.js"
|
|
31
|
+
},
|
|
32
|
+
"./routes/pair": {
|
|
33
|
+
"types": "./dist/routes/pair.d.ts",
|
|
34
|
+
"import": "./dist/routes/pair.js"
|
|
35
|
+
},
|
|
36
|
+
"./daemon-launcher": {
|
|
37
|
+
"types": "./dist/daemon-launcher.d.ts",
|
|
38
|
+
"import": "./dist/daemon-launcher.js"
|
|
39
|
+
}
|
|
40
|
+
},
|
|
41
|
+
"scripts": {
|
|
42
|
+
"test": "vitest run --config vitest.config.ts",
|
|
43
|
+
"test:list": "tsx tests/print-default-test-lane.ts",
|
|
44
|
+
"test:watch": "vitest --config vitest.config.ts",
|
|
45
|
+
"test:integration": "vitest run --config vitest.integration.config.ts",
|
|
46
|
+
"test:e2e": "vitest run --config vitest.e2e.config.ts",
|
|
47
|
+
"test:real": "vitest run --config vitest.real.config.ts",
|
|
48
|
+
"test:lanes": "tsx tests/print-test-lane-manifest.ts",
|
|
49
|
+
"start": "node dist/index.js",
|
|
50
|
+
"dev": "tsx src/index.ts"
|
|
51
|
+
},
|
|
52
|
+
"dependencies": {
|
|
53
|
+
"@aria-cli/aria": "1.0.19",
|
|
54
|
+
"@aria-cli/auth": "1.0.19",
|
|
55
|
+
"@aria-cli/memoria": "1.0.19",
|
|
56
|
+
"@aria-cli/models": "1.0.19",
|
|
57
|
+
"@aria-cli/tools": "1.0.19",
|
|
58
|
+
"@aria-cli/types": "1.0.19",
|
|
59
|
+
"@aria-cli/wireguard": "1.0.19",
|
|
60
|
+
"@fastify/cors": "^11.0.1",
|
|
61
|
+
"@fastify/websocket": "^11.2.0",
|
|
62
|
+
"better-sqlite3": "^12.6.2",
|
|
63
|
+
"fastify": "^5.3.2",
|
|
64
|
+
"nanoid": "^5.1.0"
|
|
65
|
+
},
|
|
66
|
+
"devDependencies": {
|
|
67
|
+
"@types/better-sqlite3": "^7.6.13",
|
|
68
|
+
"@types/ws": "^8.18.1",
|
|
69
|
+
"tsx": "^4.20.3",
|
|
70
|
+
"typescript": "^5.9.3",
|
|
71
|
+
"vitest": "^4.0.18",
|
|
72
|
+
"ws": "^8.19.0"
|
|
73
|
+
},
|
|
74
|
+
"files": [
|
|
75
|
+
"dist/",
|
|
76
|
+
"!**/*.map",
|
|
77
|
+
"!**/*.tsbuildinfo"
|
|
78
|
+
],
|
|
79
|
+
"engines": {
|
|
80
|
+
"node": ">=20.0.0"
|
|
81
|
+
}
|
|
82
|
+
}
|