@blaxel/core 0.2.52-preview.126 → 0.2.52

package/dist/cjs/common/settings.js

@@ -10,7 +10,7 @@ function getPackageVersion() {
         if (typeof require !== "undefined") {
             // Try to require package.json (Node.js only, gracefully fails in browser)
             // eslint-disable-next-line @typescript-eslint/no-require-imports
-            const packageJson = {"version":"0.2.52-preview.126","commit":"807fffa3fcd34b9d1e080282743f22122e024c84"};
+            const packageJson = {"version":"0.2.52","commit":"4acd7b5efa6c9e04c5131f55e7a87029c4889b1d"};
             return packageJson.version || "unknown";
         }
         else {
@@ -62,7 +62,7 @@ function getCommitHash() {
         if (typeof require !== "undefined") {
             // Try to require package.json and look for commit field (set during build)
             // eslint-disable-next-line @typescript-eslint/no-require-imports
-            const packageJson = {"version":"0.2.52-preview.126","commit":"807fffa3fcd34b9d1e080282743f22122e024c84"};
+            const packageJson = {"version":"0.2.52","commit":"4acd7b5efa6c9e04c5131f55e7a87029c4889b1d"};
             // Check for commit in various possible locations
             const commit = packageJson.commit || packageJson.buildInfo?.commit;
             if (commit) {

package/dist/cjs/common/webhook.js

@@ -0,0 +1,101 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyWebhookSignature = verifyWebhookSignature;
+exports.verifyWebhookFromRequest = verifyWebhookFromRequest;
+const crypto_1 = require("crypto");
+/**
+ * Verify the HMAC-SHA256 signature of a webhook callback from async-sidecar
+ *
+ * @example
+ * ```typescript
+ * import { verifyWebhookSignature } from '@blaxel/core';
+ *
+ * // In your Express endpoint
+ * app.post('/webhook', express.text({ type: 'application/json' }), (req, res) => {
+ *   const isValid = verifyWebhookSignature({
+ *     body: req.body,
+ *     signature: req.headers['x-blaxel-signature'] as string,
+ *     secret: process.env.CALLBACK_SECRET!
+ *   });
+ *
+ *   if (!isValid) {
+ *     return res.status(401).json({ error: 'Invalid signature' });
+ *   }
+ *
+ *   const data = JSON.parse(req.body);
+ *   // Process callback...
+ * });
+ * ```
+ *
+ * @param options - Verification options
+ * @returns true if the signature is valid, false otherwise
+ */
+function verifyWebhookSignature(options) {
+    const { body, signature, secret, timestamp, maxAge = 300 } = options;
+    if (!body || !signature || !secret) {
+        return false;
+    }
+    try {
+        // Verify timestamp if provided (prevents replay attacks)
+        if (timestamp) {
+            const requestTime = parseInt(timestamp, 10);
+            const currentTime = Math.floor(Date.now() / 1000);
+            const age = Math.abs(currentTime - requestTime);
+            if (isNaN(requestTime) || age > maxAge) {
+                return false;
+            }
+        }
+        // Extract hex signature from "sha256=<hex>" format
+        const expectedSignature = signature.replace('sha256=', '');
+        // Compute HMAC-SHA256 signature
+        const hmac = (0, crypto_1.createHmac)('sha256', secret);
+        hmac.update(body);
+        const computedSignature = hmac.digest('hex');
+        // Timing-safe comparison to prevent timing attacks
+        return (0, crypto_1.timingSafeEqual)(Buffer.from(expectedSignature, 'hex'), Buffer.from(computedSignature, 'hex'));
+    }
+    catch {
+        // Invalid signature format or other error
+        return false;
+    }
+}
+/**
+ * Helper to verify webhook from Express request object
+ *
+ * @example
+ * ```typescript
+ * import { verifyWebhookFromRequest } from '@blaxel/core';
+ * import express from 'express';
+ *
+ * app.use(express.text({ type: 'application/json' }));
+ *
+ * app.post('/webhook', (req, res) => {
+ *   if (!verifyWebhookFromRequest(req, process.env.CALLBACK_SECRET!)) {
+ *     return res.status(401).json({ error: 'Invalid signature' });
+ *   }
+ *
+ *   const data = JSON.parse(req.body);
+ *   console.log('Received callback:', data);
+ *   res.json({ received: true });
+ * });
+ * ```
+ *
+ * @param request - Express request object (must use express.text() middleware)
+ * @param secret - The callback secret
+ * @param maxAge - Optional maximum age in seconds (default: 300)
+ * @returns true if the signature is valid, false otherwise
+ */
+function verifyWebhookFromRequest(request, secret, maxAge) {
+    const signature = request.headers['x-blaxel-signature'];
+    const timestamp = request.headers['x-blaxel-timestamp'];
+    if (typeof signature !== 'string') {
+        return false;
+    }
+    return verifyWebhookSignature({
+        body: request.body,
+        signature,
+        secret,
+        timestamp: typeof timestamp === 'string' ? timestamp : undefined,
+        maxAge
+    });
+}

package/dist/cjs/index.js

@@ -24,6 +24,7 @@ __exportStar(require("./common/errors.js"), exports);
 __exportStar(require("./common/internal.js"), exports);
 __exportStar(require("./common/logger.js"), exports);
 __exportStar(require("./common/settings.js"), exports);
+__exportStar(require("./common/webhook.js"), exports);
 __exportStar(require("./jobs/index.js"), exports);
 __exportStar(require("./mcp/index.js"), exports);
 __exportStar(require("./models/index.js"), exports);

package/dist/cjs/types/client/types.gen.d.ts

@@ -2779,6 +2779,14 @@ export type TriggerConfiguration = {
      * The authentication type of the trigger
      */
     authenticationType?: string;
+    /**
+     * The callback secret for async triggers (auto-generated, encrypted)
+     */
+    callbackSecret?: string;
+    /**
+     * The callback URL for async triggers (optional)
+     */
+    callbackUrl?: string;
     /**
      * The path of the trigger
      */
@@ -2795,6 +2803,10 @@ export type TriggerConfiguration = {
      * The tasks configuration of the cronjob
      */
     tasks?: Array<TriggerConfigurationTask>;
+    /**
+     * The timeout in seconds for async triggers (max 900s, MK3 only)
+     */
+    timeout?: number;
 };
 /**
  * The tasks configuration of the cronjob

package/dist/cjs/types/common/webhook.d.ts

@@ -0,0 +1,89 @@
+/**
+ * Webhook signature verification for async-sidecar callbacks
+ */
+export interface WebhookVerificationOptions {
+    /**
+     * The raw request body as a string
+     */
+    body: string;
+    /**
+     * The X-Blaxel-Signature header value (format: "sha256=<hex_digest>")
+     */
+    signature: string;
+    /**
+     * The secret key used to sign the webhook (same as CALLBACK_SECRET in async-sidecar)
+     */
+    secret: string;
+    /**
+     * Optional: The X-Blaxel-Timestamp header value for replay attack prevention
+     */
+    timestamp?: string;
+    /**
+     * Optional: Maximum age of the webhook in seconds (default: 300 = 5 minutes)
+     */
+    maxAge?: number;
+}
+export interface AsyncSidecarCallback {
+    status_code: number;
+    response_body: string;
+    response_length: number;
+    timestamp: number;
+}
+/**
+ * Verify the HMAC-SHA256 signature of a webhook callback from async-sidecar
+ *
+ * @example
+ * ```typescript
+ * import { verifyWebhookSignature } from '@blaxel/core';
+ *
+ * // In your Express endpoint
+ * app.post('/webhook', express.text({ type: 'application/json' }), (req, res) => {
+ *   const isValid = verifyWebhookSignature({
+ *     body: req.body,
+ *     signature: req.headers['x-blaxel-signature'] as string,
+ *     secret: process.env.CALLBACK_SECRET!
+ *   });
+ *
+ *   if (!isValid) {
+ *     return res.status(401).json({ error: 'Invalid signature' });
+ *   }
+ *
+ *   const data = JSON.parse(req.body);
+ *   // Process callback...
+ * });
+ * ```
+ *
+ * @param options - Verification options
+ * @returns true if the signature is valid, false otherwise
+ */
+export declare function verifyWebhookSignature(options: WebhookVerificationOptions): boolean;
+/**
+ * Helper to verify webhook from Express request object
+ *
+ * @example
+ * ```typescript
+ * import { verifyWebhookFromRequest } from '@blaxel/core';
+ * import express from 'express';
+ *
+ * app.use(express.text({ type: 'application/json' }));
+ *
+ * app.post('/webhook', (req, res) => {
+ *   if (!verifyWebhookFromRequest(req, process.env.CALLBACK_SECRET!)) {
+ *     return res.status(401).json({ error: 'Invalid signature' });
+ *   }
+ *
+ *   const data = JSON.parse(req.body);
+ *   console.log('Received callback:', data);
+ *   res.json({ received: true });
+ * });
+ * ```
+ *
+ * @param request - Express request object (must use express.text() middleware)
+ * @param secret - The callback secret
+ * @param maxAge - Optional maximum age in seconds (default: 300)
+ * @returns true if the signature is valid, false otherwise
+ */
+export declare function verifyWebhookFromRequest(request: {
+    body: string;
+    headers: Record<string, string | string[] | undefined>;
+}, secret: string, maxAge?: number): boolean;

package/dist/cjs/types/index.d.ts

@@ -8,6 +8,7 @@ export * from "./common/errors.js";
 export * from "./common/internal.js";
 export * from "./common/logger.js";
 export * from "./common/settings.js";
+export * from "./common/webhook.js";
 export * from "./jobs/index.js";
 export * from "./mcp/index.js";
 export * from "./models/index.js";