@bleedingdev/modern-js-server-runtime-extensions 0.0.0-trusted-publisher-bootstrap

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +67 -0
  3. package/dist/cjs/contractGateAutopilot.js +162 -0
  4. package/dist/cjs/contractGateSnapshotStore.js +253 -0
  5. package/dist/cjs/env.js +58 -0
  6. package/dist/cjs/index.js +162 -0
  7. package/dist/cjs/mfCache.js +106 -0
  8. package/dist/cjs/moduleFederationCss.js +285 -0
  9. package/dist/cjs/runtimeFallbackSignal.js +311 -0
  10. package/dist/cjs/telemetry.js +373 -0
  11. package/dist/cjs/telemetryCore.js +819 -0
  12. package/dist/esm/contractGateAutopilot.mjs +124 -0
  13. package/dist/esm/contractGateSnapshotStore.mjs +190 -0
  14. package/dist/esm/env.mjs +17 -0
  15. package/dist/esm/index.mjs +6 -0
  16. package/dist/esm/mfCache.mjs +55 -0
  17. package/dist/esm/moduleFederationCss.mjs +225 -0
  18. package/dist/esm/runtimeFallbackSignal.mjs +222 -0
  19. package/dist/esm/telemetry.mjs +275 -0
  20. package/dist/esm/telemetryCore.mjs +759 -0
  21. package/dist/esm-node/contractGateAutopilot.mjs +125 -0
  22. package/dist/esm-node/contractGateSnapshotStore.mjs +192 -0
  23. package/dist/esm-node/env.mjs +18 -0
  24. package/dist/esm-node/index.mjs +7 -0
  25. package/dist/esm-node/mfCache.mjs +56 -0
  26. package/dist/esm-node/moduleFederationCss.mjs +226 -0
  27. package/dist/esm-node/runtimeFallbackSignal.mjs +223 -0
  28. package/dist/esm-node/telemetry.mjs +276 -0
  29. package/dist/esm-node/telemetryCore.mjs +760 -0
  30. package/dist/types/contractGateAutopilot.d.ts +35 -0
  31. package/dist/types/contractGateSnapshotStore.d.ts +57 -0
  32. package/dist/types/env.d.ts +40 -0
  33. package/dist/types/index.d.ts +6 -0
  34. package/dist/types/mfCache.d.ts +27 -0
  35. package/dist/types/moduleFederationCss.d.ts +87 -0
  36. package/dist/types/runtimeFallbackSignal.d.ts +94 -0
  37. package/dist/types/telemetry.d.ts +12 -0
  38. package/dist/types/telemetryCore.d.ts +257 -0
  39. package/package.json +69 -0
  40. package/rslib.config.mts +4 -0
  41. package/rstest.config.mts +7 -0
  42. package/src/contractGateAutopilot.ts +247 -0
  43. package/src/contractGateSnapshotStore.ts +420 -0
  44. package/src/env.ts +63 -0
  45. package/src/index.ts +84 -0
  46. package/src/mfCache.ts +119 -0
  47. package/src/moduleFederationCss.ts +473 -0
  48. package/src/runtimeFallbackSignal.ts +584 -0
  49. package/src/telemetry.ts +554 -0
  50. package/src/telemetryCore.ts +1332 -0
  51. package/tests/contractGateAutopilot.test.ts +203 -0
  52. package/tests/contractGateSnapshotStore.test.ts +223 -0
  53. package/tests/env.test.ts +73 -0
  54. package/tests/helpers.ts +19 -0
  55. package/tests/mfCache.test.ts +150 -0
  56. package/tests/moduleFederationCss.test.ts +392 -0
  57. package/tests/registration.test.ts +112 -0
  58. package/tests/telemetry.test.ts +360 -0
  59. package/tests/telemetryAutopilot.test.ts +993 -0
  60. package/tests/telemetryCanaryOrchestrator.test.ts +140 -0
  61. package/tests/telemetryLifecycle.test.ts +168 -0
  62. package/tests/telemetryTraceparent.test.ts +167 -0
  63. package/tests/tsconfig.json +11 -0
  64. package/tsconfig.json +10 -0
package/tests/telemetryAutopilot.test.ts ADDED
@@ -0,0 +1,993 @@
1
+ import { createDefaultPlugins, createServerBase } from '@modern-js/server-core';
2
+ import fs from 'fs';
3
+ import os from 'os';
4
+ import path from 'path';
5
+ import { injectTelemetryPlugin } from '../src/telemetry';
6
+ import { getDefaultAppContext, getDefaultConfig } from './helpers';
7
+
8
+ const makeTempDir = () =>
9
+ fs.mkdtempSync(path.join(os.tmpdir(), 'modern-telemetry-autopilot-'));
10
+
11
+ describe('telemetry autopilot runtime signal', () => {
12
+ test('accepts runtime fallback signal and persists gate snapshot', async () => {
13
+ const tempDir = makeTempDir();
14
+ const snapshotPath = path.join(tempDir, '.modern/contract-gates.json');
15
+
16
+ try {
17
+ const config = getDefaultConfig();
18
+ config.server = {
19
+ telemetry: {
20
+ enabled: true,
21
+ canary: {
22
+ enabled: true,
23
+ rollbackConsecutiveFailures: 1,
24
+ autopilot: {
25
+ enabled: true,
26
+ gateSnapshotPath: snapshotPath,
27
+ pollIntervalMs: 20,
28
+ gateStaleAfterMs: 60_000,
29
+ runtimeFallbackSignal: {
30
+ enabled: true,
31
+ endpoint: '/_modern/contract-gates/runtime-fallback',
32
+ gateName: 'runtime-mf-fallback-health',
33
+ failureHoldMs: 5_000,
34
+ maxBodyBytes: 4_096,
35
+ auth: {
36
+ expectedValue: 'accept-signal-token',
37
+ },
38
+ },
39
+ },
40
+ },
41
+ },
42
+ } as any;
43
+
44
+ const server = createServerBase({
45
+ config,
46
+ pwd: tempDir,
47
+ appContext: getDefaultAppContext(),
48
+ });
49
+
50
+ server.addPlugins([
51
+ ...createDefaultPlugins({
52
+ logger: false,
53
+ }),
54
+ injectTelemetryPlugin(),
55
+ ]);
56
+
57
+ await server.init();
58
+
59
+ const response = await server.request(
60
+ '/_modern/contract-gates/runtime-fallback',
61
+ {
62
+ method: 'POST',
63
+ headers: new Headers({
64
+ 'content-type': 'application/json',
65
+ 'x-modernjs-runtime-signal-token': 'accept-signal-token',
66
+ }),
67
+ body: JSON.stringify({
68
+ reason: 'remote_load_failed',
69
+ phase: 'load',
70
+ appName: 'dashboard',
71
+ entry: 'https://remote.example.com/remoteEntry.js',
72
+ }),
73
+ },
74
+ {},
75
+ );
76
+
77
+ expect(response.status).toBe(202);
78
+ expect(fs.existsSync(snapshotPath)).toBe(true);
79
+
80
+ const snapshot = JSON.parse(fs.readFileSync(snapshotPath, 'utf8')) as {
81
+ gates?: Record<string, any>;
82
+ };
83
+ const gate = snapshot.gates?.['runtime-mf-fallback-health'];
84
+ expect(gate).toBeTruthy();
85
+ expect(gate.passed).toBe(false);
86
+ expect(String(gate.reason)).toContain(
87
+ 'runtime_fallback:remote_load_failed',
88
+ );
89
+ expect(typeof gate.expiresAt).toBe('number');
90
+ expect(gate.expiresAt).toBeGreaterThan(Date.now());
91
+ } finally {
92
+ fs.rmSync(tempDir, { recursive: true, force: true });
93
+ }
94
+ });
95
+
96
+ test('rejects oversized runtime fallback signal payload', async () => {
97
+ const tempDir = makeTempDir();
98
+ const snapshotPath = path.join(tempDir, '.modern/contract-gates.json');
99
+
100
+ try {
101
+ const config = getDefaultConfig();
102
+ config.server = {
103
+ telemetry: {
104
+ enabled: true,
105
+ canary: {
106
+ enabled: true,
107
+ rollbackConsecutiveFailures: 1,
108
+ autopilot: {
109
+ enabled: true,
110
+ gateSnapshotPath: snapshotPath,
111
+ runtimeFallbackSignal: {
112
+ enabled: true,
113
+ endpoint: '/_modern/contract-gates/runtime-fallback',
114
+ maxBodyBytes: 16,
115
+ auth: {
116
+ expectedValue: 'oversize-signal-token',
117
+ },
118
+ },
119
+ },
120
+ },
121
+ },
122
+ } as any;
123
+
124
+ const server = createServerBase({
125
+ config,
126
+ pwd: tempDir,
127
+ appContext: getDefaultAppContext(),
128
+ });
129
+ server.addPlugins([
130
+ ...createDefaultPlugins({
131
+ logger: false,
132
+ }),
133
+ injectTelemetryPlugin(),
134
+ ]);
135
+
136
+ await server.init();
137
+
138
+ const response = await server.request(
139
+ '/_modern/contract-gates/runtime-fallback',
140
+ {
141
+ method: 'POST',
142
+ headers: new Headers({
143
+ 'content-type': 'application/json',
144
+ 'x-modernjs-runtime-signal-token': 'oversize-signal-token',
145
+ }),
146
+ body: JSON.stringify({
147
+ reason: 'x'.repeat(2_048),
148
+ }),
149
+ },
150
+ {},
151
+ );
152
+
153
+ expect(response.status).toBe(413);
154
+ const payload = (await response.json()) as {
155
+ ok?: boolean;
156
+ error?: string;
157
+ };
158
+ expect(payload.ok).toBe(false);
159
+ expect(String(payload.error)).toContain('payload too large');
160
+ } finally {
161
+ fs.rmSync(tempDir, { recursive: true, force: true });
162
+ }
163
+ });
164
+
165
+ test('requires runtime fallback auth token when configured', async () => {
166
+ const tempDir = makeTempDir();
167
+ const snapshotPath = path.join(tempDir, '.modern/contract-gates.json');
168
+
169
+ try {
170
+ const config = getDefaultConfig();
171
+ config.server = {
172
+ telemetry: {
173
+ enabled: true,
174
+ canary: {
175
+ enabled: true,
176
+ rollbackConsecutiveFailures: 1,
177
+ autopilot: {
178
+ enabled: true,
179
+ gateSnapshotPath: snapshotPath,
180
+ runtimeFallbackSignal: {
181
+ enabled: true,
182
+ endpoint: '/_modern/contract-gates/runtime-fallback',
183
+ auth: {
184
+ enabled: true,
185
+ headerName: 'x-modernjs-runtime-signal-token',
186
+ expectedValue: 'top-secret-token',
187
+ },
188
+ },
189
+ },
190
+ },
191
+ },
192
+ } as any;
193
+
194
+ const server = createServerBase({
195
+ config,
196
+ pwd: tempDir,
197
+ appContext: getDefaultAppContext(),
198
+ });
199
+ server.addPlugins([
200
+ ...createDefaultPlugins({
201
+ logger: false,
202
+ }),
203
+ injectTelemetryPlugin(),
204
+ ]);
205
+
206
+ await server.init();
207
+
208
+ const rejected = await server.request(
209
+ '/_modern/contract-gates/runtime-fallback',
210
+ {
211
+ method: 'POST',
212
+ headers: new Headers({
213
+ 'content-type': 'application/json',
214
+ }),
215
+ body: JSON.stringify({
216
+ reason: 'remote_load_failed',
217
+ phase: 'load',
218
+ appName: 'crm',
219
+ }),
220
+ },
221
+ {},
222
+ );
223
+ expect(rejected.status).toBe(401);
224
+ expect(fs.existsSync(snapshotPath)).toBe(false);
225
+
226
+ const accepted = await server.request(
227
+ '/_modern/contract-gates/runtime-fallback',
228
+ {
229
+ method: 'POST',
230
+ headers: new Headers({
231
+ 'content-type': 'application/json',
232
+ 'x-modernjs-runtime-signal-token': 'top-secret-token',
233
+ }),
234
+ body: JSON.stringify({
235
+ reason: 'remote_load_failed',
236
+ phase: 'load',
237
+ appName: 'crm',
238
+ }),
239
+ },
240
+ {},
241
+ );
242
+ expect(accepted.status).toBe(202);
243
+ expect(fs.existsSync(snapshotPath)).toBe(true);
244
+ } finally {
245
+ fs.rmSync(tempDir, { recursive: true, force: true });
246
+ }
247
+ });
248
+
249
+ test('exposes runtime status endpoint and applies auth when runtime signal auth is enabled', async () => {
250
+ const tempDir = makeTempDir();
251
+ const snapshotPath = path.join(tempDir, '.modern/contract-gates.json');
252
+
253
+ try {
254
+ const config = getDefaultConfig();
255
+ config.server = {
256
+ telemetry: {
257
+ enabled: true,
258
+ canary: {
259
+ enabled: true,
260
+ rollbackConsecutiveFailures: 1,
261
+ autopilot: {
262
+ enabled: true,
263
+ gateSnapshotPath: snapshotPath,
264
+ runtimeFallbackSignal: {
265
+ enabled: true,
266
+ endpoint: '/_modern/contract-gates/runtime-fallback',
267
+ auth: {
268
+ enabled: true,
269
+ headerName: 'x-modernjs-runtime-signal-token',
270
+ expectedValue: 'status-token',
271
+ },
272
+ },
273
+ },
274
+ },
275
+ },
276
+ } as any;
277
+
278
+ const server = createServerBase({
279
+ config,
280
+ pwd: tempDir,
281
+ appContext: getDefaultAppContext(),
282
+ });
283
+ server.addPlugins([
284
+ ...createDefaultPlugins({
285
+ logger: false,
286
+ }),
287
+ injectTelemetryPlugin(),
288
+ ]);
289
+
290
+ await server.init();
291
+
292
+ const unauthorized = await server.request(
293
+ '/_modern/runtime/status',
294
+ {
295
+ method: 'GET',
296
+ headers: new Headers(),
297
+ },
298
+ {},
299
+ );
300
+ expect(unauthorized.status).toBe(401);
301
+
302
+ const authorized = await server.request(
303
+ '/_modern/runtime/status',
304
+ {
305
+ method: 'GET',
306
+ headers: new Headers({
307
+ 'x-modernjs-runtime-signal-token': 'status-token',
308
+ }),
309
+ },
310
+ {},
311
+ );
312
+ expect(authorized.status).toBe(200);
313
+ const payload = (await authorized.json()) as {
314
+ ok?: boolean;
315
+ telemetry?: { queueStats?: { capacity?: number } };
316
+ canary?: { enabled?: boolean };
317
+ runtimeFallbackSignal?: {
318
+ enabled?: boolean;
319
+ endpoint?: string;
320
+ auth?: { enabled?: boolean };
321
+ };
322
+ };
323
+ expect(payload.ok).toBe(true);
324
+ expect(payload.telemetry?.queueStats?.capacity).toBeGreaterThan(0);
325
+ expect(payload.canary?.enabled).toBe(true);
326
+ expect(payload.runtimeFallbackSignal?.enabled).toBe(true);
327
+ expect(payload.runtimeFallbackSignal?.endpoint).toBe(
328
+ '/_modern/contract-gates/runtime-fallback',
329
+ );
330
+ expect(payload.runtimeFallbackSignal?.auth?.enabled).toBe(true);
331
+ } finally {
332
+ fs.rmSync(tempDir, { recursive: true, force: true });
333
+ }
334
+ });
335
+
336
+ test('supports pluggable contract gate snapshot stateStore modules', async () => {
337
+ const tempDir = makeTempDir();
338
+ const defaultSnapshotPath = path.join(
339
+ tempDir,
340
+ '.modern/contract-gates.json',
341
+ );
342
+ const customSnapshotPath = path.join(tempDir, '.state-store/gates.json');
343
+ const stateStoreModulePath = path.join(tempDir, 'gate-state-store.js');
344
+
345
+ fs.writeFileSync(
346
+ stateStoreModulePath,
347
+ `'use strict';
348
+ const fs = require('fs');
349
+ const path = require('path');
350
+ exports.createContractGateSnapshotStore = ({ gateSnapshotPath, options }) => {
351
+ const targetPath = options && typeof options.snapshotPath === 'string'
352
+ ? options.snapshotPath
353
+ : gateSnapshotPath;
354
+ return {
355
+ name: 'test-state-store',
356
+ async readSnapshot() {
357
+ if (!fs.existsSync(targetPath)) {
358
+ return undefined;
359
+ }
360
+ return JSON.parse(fs.readFileSync(targetPath, 'utf8'));
361
+ },
362
+ async writeSnapshot(snapshot) {
363
+ fs.mkdirSync(path.dirname(targetPath), { recursive: true });
364
+ fs.writeFileSync(targetPath, JSON.stringify(snapshot, null, 2));
365
+ },
366
+ };
367
+ };
368
+ `,
369
+ 'utf8',
370
+ );
371
+
372
+ try {
373
+ const config = getDefaultConfig();
374
+ config.server = {
375
+ telemetry: {
376
+ enabled: true,
377
+ canary: {
378
+ enabled: true,
379
+ rollbackConsecutiveFailures: 1,
380
+ autopilot: {
381
+ enabled: true,
382
+ gateSnapshotPath: defaultSnapshotPath,
383
+ stateStore: {
384
+ module: stateStoreModulePath,
385
+ options: {
386
+ snapshotPath: customSnapshotPath,
387
+ },
388
+ },
389
+ runtimeFallbackSignal: {
390
+ enabled: true,
391
+ endpoint: '/_modern/contract-gates/runtime-fallback',
392
+ auth: {
393
+ expectedValue: 'state-store-token',
394
+ },
395
+ },
396
+ },
397
+ },
398
+ },
399
+ } as any;
400
+
401
+ const server = createServerBase({
402
+ config,
403
+ pwd: tempDir,
404
+ appContext: getDefaultAppContext(),
405
+ });
406
+ server.addPlugins([
407
+ ...createDefaultPlugins({
408
+ logger: false,
409
+ }),
410
+ injectTelemetryPlugin(),
411
+ ]);
412
+
413
+ await server.init();
414
+
415
+ const response = await server.request(
416
+ '/_modern/contract-gates/runtime-fallback',
417
+ {
418
+ method: 'POST',
419
+ headers: new Headers({
420
+ 'content-type': 'application/json',
421
+ 'x-modernjs-runtime-signal-token': 'state-store-token',
422
+ }),
423
+ body: JSON.stringify({
424
+ reason: 'remote_mount_failed',
425
+ phase: 'mount',
426
+ appName: 'crm',
427
+ }),
428
+ },
429
+ {},
430
+ );
431
+
432
+ expect(response.status).toBe(202);
433
+ expect(fs.existsSync(defaultSnapshotPath)).toBe(false);
434
+ expect(fs.existsSync(customSnapshotPath)).toBe(true);
435
+
436
+ const snapshot = JSON.parse(fs.readFileSync(customSnapshotPath, 'utf8'));
437
+ expect(snapshot.gates?.['runtime-mf-fallback-health']?.passed).toBe(
438
+ false,
439
+ );
440
+ } finally {
441
+ fs.rmSync(tempDir, { recursive: true, force: true });
442
+ }
443
+ });
444
+
445
+ test('enforces runtime fallback trust policy before mutating gate snapshots', async () => {
446
+ const tempDir = makeTempDir();
447
+ const snapshotPath = path.join(tempDir, '.modern/contract-gates.json');
448
+
449
+ try {
450
+ const config = getDefaultConfig();
451
+ config.server = {
452
+ telemetry: {
453
+ enabled: true,
454
+ canary: {
455
+ enabled: true,
456
+ rollbackConsecutiveFailures: 1,
457
+ autopilot: {
458
+ enabled: true,
459
+ gateSnapshotPath: snapshotPath,
460
+ runtimeFallbackSignal: {
461
+ enabled: true,
462
+ endpoint: '/_modern/contract-gates/runtime-fallback',
463
+ auth: {
464
+ expectedValue: 'trust-policy-token',
465
+ },
466
+ trustPolicy: {
467
+ allowedApps: ['crm-shell'],
468
+ allowedEntryOrigins: ['https://erp.example.com'],
469
+ expectedRuntimeDigests: {
470
+ 'crm-shell': 'digest-crm-v1',
471
+ },
472
+ enforceRuntimeDigest: true,
473
+ },
474
+ },
475
+ },
476
+ },
477
+ },
478
+ } as any;
479
+
480
+ const server = createServerBase({
481
+ config,
482
+ pwd: tempDir,
483
+ appContext: getDefaultAppContext(),
484
+ });
485
+ server.addPlugins([
486
+ ...createDefaultPlugins({
487
+ logger: false,
488
+ }),
489
+ injectTelemetryPlugin(),
490
+ ]);
491
+
492
+ await server.init();
493
+
494
+ const untrustedApp = await server.request(
495
+ '/_modern/contract-gates/runtime-fallback',
496
+ {
497
+ method: 'POST',
498
+ headers: new Headers({
499
+ 'content-type': 'application/json',
500
+ 'x-modernjs-runtime-signal-token': 'trust-policy-token',
501
+ }),
502
+ body: JSON.stringify({
503
+ reason: 'remote_load_failed',
504
+ phase: 'load',
505
+ appName: 'unknown-app',
506
+ entry: 'https://erp.example.com/remoteEntry.js',
507
+ runtimeDigest: 'digest-crm-v1',
508
+ }),
509
+ },
510
+ {},
511
+ );
512
+ expect(untrustedApp.status).toBe(403);
513
+
514
+ const digestMismatch = await server.request(
515
+ '/_modern/contract-gates/runtime-fallback',
516
+ {
517
+ method: 'POST',
518
+ headers: new Headers({
519
+ 'content-type': 'application/json',
520
+ 'x-modernjs-runtime-signal-token': 'trust-policy-token',
521
+ }),
522
+ body: JSON.stringify({
523
+ reason: 'remote_load_failed',
524
+ phase: 'load',
525
+ appName: 'crm-shell',
526
+ entry: 'https://erp.example.com/remoteEntry.js',
527
+ runtimeDigest: 'digest-wrong',
528
+ }),
529
+ },
530
+ {},
531
+ );
532
+ expect(digestMismatch.status).toBe(403);
533
+
534
+ const trusted = await server.request(
535
+ '/_modern/contract-gates/runtime-fallback',
536
+ {
537
+ method: 'POST',
538
+ headers: new Headers({
539
+ 'content-type': 'application/json',
540
+ 'x-modernjs-runtime-signal-token': 'trust-policy-token',
541
+ }),
542
+ body: JSON.stringify({
543
+ reason: 'remote_load_failed',
544
+ phase: 'load',
545
+ appName: 'crm-shell',
546
+ entry: 'https://erp.example.com/remoteEntry.js',
547
+ runtimeDigest: 'digest-crm-v1',
548
+ metadata: {
549
+ compatibility: {
550
+ '@tanstack/react-router': '1.170.15',
551
+ },
552
+ remote: 'remote/Widget',
553
+ },
554
+ }),
555
+ },
556
+ {},
557
+ );
558
+ expect(trusted.status).toBe(202);
559
+
560
+ const snapshot = JSON.parse(fs.readFileSync(snapshotPath, 'utf8')) as {
561
+ gates?: Record<string, any>;
562
+ };
563
+ expect(snapshot.gates?.['runtime-mf-fallback-health']?.passed).toBe(
564
+ false,
565
+ );
566
+ expect(
567
+ snapshot.gates?.['runtime-mf-fallback-health']?.metadata?.metadata
568
+ ?.compatibility?.['@tanstack/react-router'],
569
+ ).toBe('1.170.15');
570
+ expect(
571
+ snapshot.gates?.['runtime-mf-fallback-health']?.metadata?.metadata
572
+ ?.remote,
573
+ ).toBe('remote/Widget');
574
+ } finally {
575
+ fs.rmSync(tempDir, { recursive: true, force: true });
576
+ }
577
+ });
578
+
579
+ test('deduplicates repeated fallback events and enforces rate limits per source window', async () => {
580
+ const tempDir = makeTempDir();
581
+ const snapshotPath = path.join(tempDir, '.modern/contract-gates.json');
582
+
583
+ try {
584
+ const config = getDefaultConfig();
585
+ config.server = {
586
+ telemetry: {
587
+ enabled: true,
588
+ canary: {
589
+ enabled: true,
590
+ rollbackConsecutiveFailures: 1,
591
+ autopilot: {
592
+ enabled: true,
593
+ gateSnapshotPath: snapshotPath,
594
+ runtimeFallbackSignal: {
595
+ enabled: true,
596
+ endpoint: '/_modern/contract-gates/runtime-fallback',
597
+ auth: {
598
+ expectedValue: 'rate-limit-token',
599
+ },
600
+ trustPolicy: {
601
+ allowedApps: ['crm-shell'],
602
+ dedupeWindowMs: 60_000,
603
+ maxSignalsPerWindow: 1,
604
+ windowMs: 60_000,
605
+ },
606
+ },
607
+ },
608
+ },
609
+ },
610
+ } as any;
611
+
612
+ const server = createServerBase({
613
+ config,
614
+ pwd: tempDir,
615
+ appContext: getDefaultAppContext(),
616
+ });
617
+ server.addPlugins([
618
+ ...createDefaultPlugins({
619
+ logger: false,
620
+ }),
621
+ injectTelemetryPlugin(),
622
+ ]);
623
+
624
+ await server.init();
625
+
626
+ const payload = {
627
+ reason: 'remote_mount_failed',
628
+ phase: 'mount',
629
+ appName: 'crm-shell',
630
+ entry: 'https://erp.example.com/remoteEntry.js',
631
+ };
632
+
633
+ const first = await server.request(
634
+ '/_modern/contract-gates/runtime-fallback',
635
+ {
636
+ method: 'POST',
637
+ headers: new Headers({
638
+ 'content-type': 'application/json',
639
+ 'x-modernjs-runtime-signal-token': 'rate-limit-token',
640
+ }),
641
+ body: JSON.stringify(payload),
642
+ },
643
+ {},
644
+ );
645
+ expect(first.status).toBe(202);
646
+
647
+ const duplicate = await server.request(
648
+ '/_modern/contract-gates/runtime-fallback',
649
+ {
650
+ method: 'POST',
651
+ headers: new Headers({
652
+ 'content-type': 'application/json',
653
+ 'x-modernjs-runtime-signal-token': 'rate-limit-token',
654
+ }),
655
+ body: JSON.stringify(payload),
656
+ },
657
+ {},
658
+ );
659
+ expect(duplicate.status).toBe(202);
660
+ const duplicateBody = (await duplicate.json()) as {
661
+ deduped?: boolean;
662
+ };
663
+ expect(duplicateBody.deduped).toBe(true);
664
+
665
+ const secondUnique = await server.request(
666
+ '/_modern/contract-gates/runtime-fallback',
667
+ {
668
+ method: 'POST',
669
+ headers: new Headers({
670
+ 'content-type': 'application/json',
671
+ 'x-modernjs-runtime-signal-token': 'rate-limit-token',
672
+ }),
673
+ body: JSON.stringify({
674
+ ...payload,
675
+ reason: 'remote_load_failed',
676
+ }),
677
+ },
678
+ {},
679
+ );
680
+ expect(secondUnique.status).toBe(429);
681
+ } finally {
682
+ fs.rmSync(tempDir, { recursive: true, force: true });
683
+ }
684
+ });
685
+
686
+ test('keeps the runtime fallback signal endpoint disabled unless explicitly enabled', async () => {
687
+ const tempDir = makeTempDir();
688
+ const snapshotPath = path.join(tempDir, '.modern/contract-gates.json');
689
+
690
+ try {
691
+ const config = getDefaultConfig();
692
+ config.server = {
693
+ telemetry: {
694
+ enabled: true,
695
+ canary: {
696
+ enabled: true,
697
+ rollbackConsecutiveFailures: 1,
698
+ autopilot: {
699
+ enabled: true,
700
+ gateSnapshotPath: snapshotPath,
701
+ // no runtimeFallbackSignal config: the canary kill switch must
702
+ // stay OFF by default.
703
+ },
704
+ },
705
+ },
706
+ } as any;
707
+
708
+ const server = createServerBase({
709
+ config,
710
+ pwd: tempDir,
711
+ appContext: getDefaultAppContext(),
712
+ });
713
+ server.addPlugins([
714
+ ...createDefaultPlugins({
715
+ logger: false,
716
+ }),
717
+ injectTelemetryPlugin(),
718
+ ]);
719
+
720
+ await server.init();
721
+
722
+ const response = await server.request(
723
+ '/_modern/contract-gates/runtime-fallback',
724
+ {
725
+ method: 'POST',
726
+ headers: new Headers({
727
+ 'content-type': 'application/json',
728
+ }),
729
+ body: JSON.stringify({
730
+ reason: 'remote_load_failed',
731
+ phase: 'load',
732
+ appName: 'dashboard',
733
+ }),
734
+ },
735
+ {},
736
+ );
737
+
738
+ expect(response.status).toBe(404);
739
+ expect(fs.existsSync(snapshotPath)).toBe(false);
740
+ } finally {
741
+ fs.rmSync(tempDir, { recursive: true, force: true });
742
+ }
743
+ });
744
+
745
+ test('refuses to enable the runtime fallback signal endpoint without an auth token', async () => {
746
+ const tempDir = makeTempDir();
747
+ const snapshotPath = path.join(tempDir, '.modern/contract-gates.json');
748
+
749
+ try {
750
+ const config = getDefaultConfig();
751
+ config.server = {
752
+ telemetry: {
753
+ enabled: true,
754
+ canary: {
755
+ enabled: true,
756
+ autopilot: {
757
+ enabled: true,
758
+ gateSnapshotPath: snapshotPath,
759
+ runtimeFallbackSignal: {
760
+ enabled: true,
761
+ // no auth token configured: enabling must fail closed.
762
+ },
763
+ },
764
+ },
765
+ },
766
+ } as any;
767
+
768
+ const server = createServerBase({
769
+ config,
770
+ pwd: tempDir,
771
+ appContext: getDefaultAppContext(),
772
+ });
773
+ server.addPlugins([
774
+ ...createDefaultPlugins({
775
+ logger: false,
776
+ }),
777
+ injectTelemetryPlugin(),
778
+ ]);
779
+
780
+ await expect(server.init()).rejects.toThrow(
781
+ /requires an auth token|auth\.expectedValue/,
782
+ );
783
+ } finally {
784
+ fs.rmSync(tempDir, { recursive: true, force: true });
785
+ }
786
+ });
787
+
788
+ test('rate limits cannot be reset by rotating payload identities', async () => {
789
+ const tempDir = makeTempDir();
790
+ const snapshotPath = path.join(tempDir, '.modern/contract-gates.json');
791
+
792
+ try {
793
+ const config = getDefaultConfig();
794
+ config.server = {
795
+ telemetry: {
796
+ enabled: true,
797
+ canary: {
798
+ enabled: true,
799
+ rollbackConsecutiveFailures: 1,
800
+ autopilot: {
801
+ enabled: true,
802
+ gateSnapshotPath: snapshotPath,
803
+ runtimeFallbackSignal: {
804
+ enabled: true,
805
+ endpoint: '/_modern/contract-gates/runtime-fallback',
806
+ auth: {
807
+ expectedValue: 'rotation-token',
808
+ },
809
+ trustPolicy: {
810
+ dedupeWindowMs: 0,
811
+ maxSignalsPerWindow: 1,
812
+ windowMs: 60_000,
813
+ },
814
+ },
815
+ },
816
+ },
817
+ },
818
+ } as any;
819
+
820
+ const server = createServerBase({
821
+ config,
822
+ pwd: tempDir,
823
+ appContext: getDefaultAppContext(),
824
+ });
825
+ server.addPlugins([
826
+ ...createDefaultPlugins({
827
+ logger: false,
828
+ }),
829
+ injectTelemetryPlugin(),
830
+ ]);
831
+
832
+ await server.init();
833
+
834
+ const sendSignal = (appName: string) =>
835
+ server.request(
836
+ '/_modern/contract-gates/runtime-fallback',
837
+ {
838
+ method: 'POST',
839
+ headers: new Headers({
840
+ 'content-type': 'application/json',
841
+ 'x-modernjs-runtime-signal-token': 'rotation-token',
842
+ }),
843
+ body: JSON.stringify({
844
+ reason: 'remote_load_failed',
845
+ phase: 'load',
846
+ appName,
847
+ entry: `https://${appName}.example.com/remoteEntry.js`,
848
+ }),
849
+ },
850
+ {},
851
+ );
852
+
853
+ const first = await sendSignal('app-a');
854
+ expect(first.status).toBe(202);
855
+
856
+ // A rotated appName/entry pair used to mint a fresh rate-limit bucket;
857
+ // the limiter is now keyed on connection identity instead.
858
+ const rotated = await sendSignal('app-b');
859
+ expect(rotated.status).toBe(429);
860
+ } finally {
861
+ fs.rmSync(tempDir, { recursive: true, force: true });
862
+ }
863
+ });
864
+
865
+ test('runtime status endpoint stays a bare health probe without configured auth', async () => {
866
+ const tempDir = makeTempDir();
867
+ const snapshotPath = path.join(tempDir, '.modern/contract-gates.json');
868
+
869
+ try {
870
+ const config = getDefaultConfig();
871
+ config.server = {
872
+ telemetry: {
873
+ enabled: true,
874
+ canary: {
875
+ enabled: true,
876
+ autopilot: {
877
+ enabled: true,
878
+ gateSnapshotPath: snapshotPath,
879
+ },
880
+ },
881
+ },
882
+ } as any;
883
+
884
+ const server = createServerBase({
885
+ config,
886
+ pwd: tempDir,
887
+ appContext: getDefaultAppContext(),
888
+ });
889
+ server.addPlugins([
890
+ ...createDefaultPlugins({
891
+ logger: false,
892
+ }),
893
+ injectTelemetryPlugin(),
894
+ ]);
895
+
896
+ await server.init();
897
+
898
+ const response = await server.request('/_modern/runtime/status', {}, {});
899
+ expect(response.status).toBe(200);
900
+ const payload = (await response.json()) as Record<string, unknown>;
901
+ expect(payload.ok).toBe(true);
902
+ expect(typeof payload.timestamp).toBe('number');
903
+ // No telemetry/canary/trust internals are disclosed without auth.
904
+ expect(payload.telemetry).toBeUndefined();
905
+ expect(payload.canary).toBeUndefined();
906
+ expect(payload.runtimeFallbackSignal).toBeUndefined();
907
+ } finally {
908
+ fs.rmSync(tempDir, { recursive: true, force: true });
909
+ }
910
+ });
911
+
912
+ test('runtime status auth works even when the signal endpoint stays disabled', async () => {
913
+ const tempDir = makeTempDir();
914
+ const snapshotPath = path.join(tempDir, '.modern/contract-gates.json');
915
+
916
+ try {
917
+ const config = getDefaultConfig();
918
+ config.server = {
919
+ telemetry: {
920
+ enabled: true,
921
+ canary: {
922
+ enabled: true,
923
+ autopilot: {
924
+ enabled: true,
925
+ gateSnapshotPath: snapshotPath,
926
+ runtimeFallbackSignal: {
927
+ // endpoint stays disabled, but its auth config still guards
928
+ // the status endpoint detail view.
929
+ auth: {
930
+ enabled: true,
931
+ expectedValue: 'status-only-token',
932
+ },
933
+ },
934
+ },
935
+ },
936
+ },
937
+ } as any;
938
+
939
+ const server = createServerBase({
940
+ config,
941
+ pwd: tempDir,
942
+ appContext: getDefaultAppContext(),
943
+ });
944
+ server.addPlugins([
945
+ ...createDefaultPlugins({
946
+ logger: false,
947
+ }),
948
+ injectTelemetryPlugin(),
949
+ ]);
950
+
951
+ await server.init();
952
+
953
+ const signalResponse = await server.request(
954
+ '/_modern/contract-gates/runtime-fallback',
955
+ {
956
+ method: 'POST',
957
+ headers: new Headers({
958
+ 'content-type': 'application/json',
959
+ 'x-modernjs-runtime-signal-token': 'status-only-token',
960
+ }),
961
+ body: JSON.stringify({ appName: 'dashboard' }),
962
+ },
963
+ {},
964
+ );
965
+ expect(signalResponse.status).toBe(404);
966
+
967
+ const unauthorized = await server.request(
968
+ '/_modern/runtime/status',
969
+ {},
970
+ {},
971
+ );
972
+ expect(unauthorized.status).toBe(401);
973
+
974
+ const authorized = await server.request(
975
+ '/_modern/runtime/status',
976
+ {
977
+ method: 'GET',
978
+ headers: new Headers({
979
+ 'x-modernjs-runtime-signal-token': 'status-only-token',
980
+ }),
981
+ },
982
+ {},
983
+ );
984
+ expect(authorized.status).toBe(200);
985
+ const payload = (await authorized.json()) as Record<string, any>;
986
+ expect(payload.ok).toBe(true);
987
+ expect(payload.canary?.enabled).toBe(true);
988
+ expect(payload.runtimeFallbackSignal?.enabled).toBe(false);
989
+ } finally {
990
+ fs.rmSync(tempDir, { recursive: true, force: true });
991
+ }
992
+ });
993
+ });