@bleedingdev/modern-js-server-runtime-extensions 0.0.0-trusted-publisher-bootstrap

package/dist/cjs/runtimeFallbackSignal.js

@@ -0,0 +1,311 @@
+"use strict";
+var __webpack_require__ = {};
+(()=>{
+    __webpack_require__.d = (exports1, getters, values)=>{
+        var define = (defs, kind)=>{
+            for(var key in defs)if (__webpack_require__.o(defs, key) && !__webpack_require__.o(exports1, key)) Object.defineProperty(exports1, key, {
+                enumerable: true,
+                [kind]: defs[key]
+            });
+        };
+        define(getters, "get");
+        define(values, "value");
+    };
+})();
+(()=>{
+    __webpack_require__.o = (obj, prop)=>Object.prototype.hasOwnProperty.call(obj, prop);
+})();
+(()=>{
+    __webpack_require__.r = (exports1)=>{
+        if ("u" > typeof Symbol && Symbol.toStringTag) Object.defineProperty(exports1, Symbol.toStringTag, {
+            value: 'Module'
+        });
+        Object.defineProperty(exports1, '__esModule', {
+            value: true
+        });
+    };
+})();
+var __webpack_exports__ = {};
+__webpack_require__.r(__webpack_exports__);
+__webpack_require__.d(__webpack_exports__, {
+    DEFAULT_RUNTIME_FALLBACK_FAILURE_HOLD_MS: ()=>DEFAULT_RUNTIME_FALLBACK_FAILURE_HOLD_MS,
+    DEFAULT_RUNTIME_FALLBACK_GATE_NAME: ()=>DEFAULT_RUNTIME_FALLBACK_GATE_NAME,
+    DEFAULT_RUNTIME_FALLBACK_MAX_BODY_BYTES: ()=>DEFAULT_RUNTIME_FALLBACK_MAX_BODY_BYTES,
+    DEFAULT_RUNTIME_FALLBACK_SIGNAL_ENDPOINT: ()=>DEFAULT_RUNTIME_FALLBACK_SIGNAL_ENDPOINT,
+    DEFAULT_RUNTIME_STATUS_ENDPOINT: ()=>DEFAULT_RUNTIME_STATUS_ENDPOINT,
+    createRuntimeFallbackSignalRuntimeState: ()=>createRuntimeFallbackSignalRuntimeState,
+    createRuntimeSignalError: ()=>createRuntimeSignalError,
+    enforceRuntimeFallbackSignalAuth: ()=>enforceRuntimeFallbackSignalAuth,
+    enforceRuntimeFallbackSignalAuthToken: ()=>enforceRuntimeFallbackSignalAuthToken,
+    enforceRuntimeFallbackSignalTrustPolicy: ()=>enforceRuntimeFallbackSignalTrustPolicy,
+    getRuntimeSignalErrorStatusCode: ()=>getRuntimeSignalErrorStatusCode,
+    normalizeRequiredRuntimeFallbackSignalAuthConfig: ()=>normalizeRequiredRuntimeFallbackSignalAuthConfig,
+    normalizeRuntimeFallbackSignalAuthConfig: ()=>normalizeRuntimeFallbackSignalAuthConfig,
+    normalizeRuntimeFallbackTrustPolicy: ()=>normalizeRuntimeFallbackTrustPolicy,
+    parseRuntimeFallbackSignalPayload: ()=>parseRuntimeFallbackSignalPayload,
+    parseRuntimeFallbackSignalPayloadFromRawBody: ()=>parseRuntimeFallbackSignalPayloadFromRawBody,
+    persistRuntimeFallbackContractGate: ()=>persistRuntimeFallbackContractGate,
+    resolveRuntimeFallbackSignalEndpoint: ()=>resolveRuntimeFallbackSignalEndpoint
+});
+const external_node_crypto_namespaceObject = require("node:crypto");
+const external_contractGateSnapshotStore_js_namespaceObject = require("./contractGateSnapshotStore.js");
+const DEFAULT_RUNTIME_FALLBACK_SIGNAL_ENDPOINT = '/_modern/contract-gates/runtime-fallback';
+const DEFAULT_RUNTIME_STATUS_ENDPOINT = '/_modern/runtime/status';
+const DEFAULT_RUNTIME_FALLBACK_GATE_NAME = 'runtime-mf-fallback-health';
+const DEFAULT_RUNTIME_FALLBACK_FAILURE_HOLD_MS = 300000;
+const DEFAULT_RUNTIME_FALLBACK_MAX_BODY_BYTES = 16384;
+const DEFAULT_RUNTIME_FALLBACK_AUTH_HEADER = 'x-modernjs-runtime-signal-token';
+const DEFAULT_RUNTIME_FALLBACK_TRUST_MAX_SIGNALS_PER_WINDOW = 30;
+const DEFAULT_RUNTIME_FALLBACK_TRUST_WINDOW_MS = 60000;
+const DEFAULT_RUNTIME_FALLBACK_TRUST_DEDUPE_WINDOW_MS = 10000;
+function resolveRuntimeFallbackSignalEndpoint(configuredEndpoint) {
+    const rawEndpoint = configuredEndpoint?.trim();
+    if (!rawEndpoint) return DEFAULT_RUNTIME_FALLBACK_SIGNAL_ENDPOINT;
+    if (rawEndpoint.startsWith('/')) return rawEndpoint;
+    try {
+        return new URL(rawEndpoint).pathname || DEFAULT_RUNTIME_FALLBACK_SIGNAL_ENDPOINT;
+    } catch (_error) {
+        return `/${rawEndpoint.replace(/^\/+/, '')}`;
+    }
+}
+function createRuntimeSignalError(message, code) {
+    const error = new Error(message);
+    error.code = code;
+    return error;
+}
+function getUtf8ByteLength(input) {
+    if ("u" > typeof Buffer) return Buffer.byteLength(input);
+    return new TextEncoder().encode(input).length;
+}
+function normalizeRuntimeSignalOrigin(value) {
+    if ('string' != typeof value || 0 === value.trim().length) return;
+    try {
+        return new URL(value).origin;
+    } catch (_error) {
+        return;
+    }
+}
+function normalizeRuntimeSignalAppName(payload) {
+    if ('string' != typeof payload.appName) return 'unknown';
+    const normalized = payload.appName.trim();
+    return normalized.length > 0 ? normalized : 'unknown';
+}
+function normalizeRuntimeSignalRuntimeDigest(payload) {
+    if ('string' == typeof payload.runtimeDigest && payload.runtimeDigest.trim()) return payload.runtimeDigest.trim();
+    const metadata = payload.metadata;
+    if (metadata && 'object' == typeof metadata && !Array.isArray(metadata) && 'string' == typeof metadata.runtimeDigest) {
+        const digest = String(metadata.runtimeDigest).trim();
+        if (digest) return digest;
+    }
+}
+function normalizeRuntimeFallbackSignalAuthConfig(configured) {
+    const headerName = 'string' == typeof configured?.headerName && configured.headerName.trim() ? configured.headerName.trim().toLowerCase() : DEFAULT_RUNTIME_FALLBACK_AUTH_HEADER;
+    const expectedFromEnv = 'string' == typeof configured?.expectedValueEnv && configured.expectedValueEnv.trim().length > 0 ? process.env[configured.expectedValueEnv.trim()] : void 0;
+    const expectedFromConfig = 'string' == typeof configured?.expectedValue && configured.expectedValue.trim().length > 0 ? configured.expectedValue.trim() : void 0;
+    const expectedValue = expectedFromConfig || expectedFromEnv;
+    const enabled = configured?.enabled === true;
+    if (enabled && !expectedValue) throw new Error('[telemetry.canary.autopilot.runtimeFallbackSignal] auth.enabled is true but no expected token is configured');
+    return {
+        enabled,
+        headerName,
+        expectedValue
+    };
+}
+function normalizeRequiredRuntimeFallbackSignalAuthConfig(configured) {
+    if (configured?.enabled === false) throw new Error('[telemetry.canary.autopilot.runtimeFallbackSignal] the endpoint cannot be enabled with auth disabled; configure auth.expectedValue or auth.expectedValueEnv');
+    try {
+        return normalizeRuntimeFallbackSignalAuthConfig({
+            ...configured,
+            enabled: true
+        });
+    } catch (_error) {
+        throw new Error('[telemetry.canary.autopilot.runtimeFallbackSignal] enabling the endpoint requires an auth token; configure auth.expectedValue or auth.expectedValueEnv');
+    }
+}
+function safeTokenEquals(candidate, expected) {
+    const candidateDigest = (0, external_node_crypto_namespaceObject.createHash)('sha256').update(candidate).digest();
+    const expectedDigest = (0, external_node_crypto_namespaceObject.createHash)('sha256').update(expected).digest();
+    return (0, external_node_crypto_namespaceObject.timingSafeEqual)(candidateDigest, expectedDigest);
+}
+function enforceRuntimeFallbackSignalAuthToken(token, authConfig) {
+    if (!authConfig.enabled) return;
+    if (!token || !authConfig.expectedValue || !safeTokenEquals(token, authConfig.expectedValue)) throw createRuntimeSignalError('runtime fallback signal auth failed', 'UNAUTHORIZED');
+}
+function enforceRuntimeFallbackSignalAuth(c, runtimeSignalConfig) {
+    enforceRuntimeFallbackSignalAuthToken(c.req.header(runtimeSignalConfig.auth.headerName), runtimeSignalConfig.auth);
+}
+function normalizeRuntimeFallbackTrustPolicy(configured) {
+    const allowedApps = Array.isArray(configured?.allowedApps) ? configured.allowedApps.map((item)=>'string' == typeof item ? item.trim() : '').filter(Boolean) : [];
+    const allowedEntryOrigins = Array.isArray(configured?.allowedEntryOrigins) ? configured.allowedEntryOrigins.map((item)=>normalizeRuntimeSignalOrigin(item)).filter((item)=>Boolean(item)) : [];
+    const expectedRuntimeDigestsRaw = configured?.expectedRuntimeDigests || {};
+    const expectedRuntimeDigests = {};
+    Object.entries(expectedRuntimeDigestsRaw).forEach(([appName, digest])=>{
+        if ('string' == typeof appName && appName.trim().length > 0 && 'string' == typeof digest && digest.trim().length > 0) expectedRuntimeDigests[appName.trim()] = digest.trim();
+    });
+    return {
+        allowedApps,
+        allowedEntryOrigins,
+        expectedRuntimeDigests,
+        enforceRuntimeDigest: configured?.enforceRuntimeDigest === true,
+        maxSignalsPerWindow: Math.max(1, Math.floor(configured?.maxSignalsPerWindow ?? DEFAULT_RUNTIME_FALLBACK_TRUST_MAX_SIGNALS_PER_WINDOW)),
+        windowMs: Math.max(1000, Math.floor(configured?.windowMs ?? DEFAULT_RUNTIME_FALLBACK_TRUST_WINDOW_MS)),
+        dedupeWindowMs: Math.max(0, Math.floor(configured?.dedupeWindowMs ?? DEFAULT_RUNTIME_FALLBACK_TRUST_DEDUPE_WINDOW_MS))
+    };
+}
+function createRuntimeFallbackSignalRuntimeState() {
+    return {
+        rateLimitBySource: new Map(),
+        dedupeByFingerprint: new Map()
+    };
+}
+function cleanupRuntimeFallbackSignalRuntimeState(now, runtimeState, trustPolicy) {
+    const dedupeExpiryMs = Math.max(trustPolicy.dedupeWindowMs, trustPolicy.windowMs, 1000);
+    runtimeState.dedupeByFingerprint.forEach((lastSeenAt, fingerprint)=>{
+        if (now - lastSeenAt > dedupeExpiryMs) runtimeState.dedupeByFingerprint.delete(fingerprint);
+    });
+    runtimeState.rateLimitBySource.forEach((state, source)=>{
+        if (now - state.windowStartedAt > 2 * trustPolicy.windowMs) runtimeState.rateLimitBySource.delete(source);
+    });
+}
+function enforceRuntimeFallbackSignalTrustPolicy(payload, runtimeSignalContext, source = {}) {
+    const { trustPolicy, runtimeState } = runtimeSignalContext;
+    const now = Date.now();
+    cleanupRuntimeFallbackSignalRuntimeState(now, runtimeState, trustPolicy);
+    const appName = normalizeRuntimeSignalAppName(payload);
+    const entryOrigin = normalizeRuntimeSignalOrigin(payload.entry);
+    const runtimeDigest = normalizeRuntimeSignalRuntimeDigest(payload);
+    if (trustPolicy.allowedApps.length > 0 && !trustPolicy.allowedApps.includes(appName)) throw createRuntimeSignalError(`runtime fallback signal app "${appName}" is not trusted`, 'UNTRUSTED_SOURCE');
+    if (trustPolicy.allowedEntryOrigins.length > 0) {
+        if (!entryOrigin || !trustPolicy.allowedEntryOrigins.includes(entryOrigin)) throw createRuntimeSignalError(`runtime fallback signal entry origin "${entryOrigin || 'unknown'}" is not trusted`, 'UNTRUSTED_SOURCE');
+    }
+    const expectedDigest = trustPolicy.expectedRuntimeDigests[appName];
+    if (expectedDigest && runtimeDigest !== expectedDigest) throw createRuntimeSignalError(`runtime fallback runtimeDigest mismatch for app "${appName}"`, 'UNTRUSTED_SOURCE');
+    if (trustPolicy.enforceRuntimeDigest && !runtimeDigest) throw createRuntimeSignalError(`runtime fallback signal for app "${appName}" is missing runtimeDigest`, 'UNTRUSTED_SOURCE');
+    const dedupeFingerprint = JSON.stringify({
+        appName,
+        entryOrigin: entryOrigin || 'unknown',
+        reason: payload.reason || 'runtime_fallback',
+        phase: payload.phase || 'unknown',
+        runtimeDigest: runtimeDigest || 'unknown'
+    });
+    const dedupeWindowMs = trustPolicy.dedupeWindowMs;
+    if (dedupeWindowMs > 0) {
+        const lastSeenAt = runtimeState.dedupeByFingerprint.get(dedupeFingerprint);
+        runtimeState.dedupeByFingerprint.set(dedupeFingerprint, now);
+        if ('number' == typeof lastSeenAt && now - lastSeenAt <= dedupeWindowMs) return {
+            deduped: true
+        };
+    } else runtimeState.dedupeByFingerprint.set(dedupeFingerprint, now);
+    const remoteAddress = source.remoteAddress?.trim();
+    const sourceKey = remoteAddress || 'unknown-remote';
+    const rateState = runtimeState.rateLimitBySource.get(sourceKey);
+    if (!rateState || now - rateState.windowStartedAt > trustPolicy.windowMs) runtimeState.rateLimitBySource.set(sourceKey, {
+        count: 1,
+        windowStartedAt: now
+    });
+    else {
+        if (rateState.count >= trustPolicy.maxSignalsPerWindow) throw createRuntimeSignalError(`runtime fallback signal rate-limited for source "${sourceKey}"`, 'RATE_LIMITED');
+        rateState.count += 1;
+    }
+    return {
+        deduped: false
+    };
+}
+async function parseRuntimeFallbackSignalPayload(c, maxBodyBytes) {
+    const contentLengthHeader = c.req.header('content-length');
+    if (contentLengthHeader) {
+        const contentLength = Number.parseInt(contentLengthHeader, 10);
+        if (Number.isFinite(contentLength) && contentLength > maxBodyBytes) throw createRuntimeSignalError('runtime fallback signal payload too large', 'PAYLOAD_TOO_LARGE');
+    }
+    const rawBody = await c.req.raw.text();
+    const payload = parseRuntimeFallbackSignalPayloadFromRawBody(rawBody, maxBodyBytes);
+    return {
+        rawBody,
+        payload
+    };
+}
+function parseRuntimeFallbackSignalPayloadFromRawBody(rawBody, maxBodyBytes) {
+    if (!rawBody || 0 === rawBody.trim().length) throw createRuntimeSignalError('runtime fallback signal body is empty', 'INVALID_PAYLOAD');
+    if (getUtf8ByteLength(rawBody) > maxBodyBytes) throw createRuntimeSignalError('runtime fallback signal payload too large', 'PAYLOAD_TOO_LARGE');
+    let payload;
+    try {
+        payload = JSON.parse(rawBody);
+    } catch (_error) {
+        throw createRuntimeSignalError('runtime fallback signal body must be valid JSON', 'INVALID_PAYLOAD');
+    }
+    if (!payload || 'object' != typeof payload || Array.isArray(payload)) throw createRuntimeSignalError('runtime fallback signal body must be a JSON object', 'INVALID_PAYLOAD');
+    return payload;
+}
+function getRuntimeSignalErrorStatusCode(signalError) {
+    if ('PAYLOAD_TOO_LARGE' === signalError.code) return 413;
+    if ('INVALID_PAYLOAD' === signalError.code) return 400;
+    if ('UNAUTHORIZED' === signalError.code) return 401;
+    if ('RATE_LIMITED' === signalError.code) return 429;
+    if ('UNTRUSTED_SOURCE' === signalError.code) return 403;
+    return 500;
+}
+async function persistRuntimeFallbackContractGate(payload, runtimeSignalConfig) {
+    const now = Date.now();
+    const gateSnapshotStore = await runtimeSignalConfig.gateSnapshotStore;
+    const snapshot = await gateSnapshotStore.readSnapshot() || {};
+    const existingGates = snapshot.gates && 'object' == typeof snapshot.gates ? snapshot.gates : {};
+    const reason = 'string' == typeof payload.reason ? payload.reason : 'runtime_fallback';
+    const phase = 'string' == typeof payload.phase ? payload.phase : 'unknown';
+    const appName = 'string' == typeof payload.appName ? payload.appName : 'unknown';
+    const entry = 'string' == typeof payload.entry ? payload.entry : void 0;
+    snapshot.schemaVersion = 'number' == typeof snapshot.schemaVersion ? snapshot.schemaVersion : external_contractGateSnapshotStore_js_namespaceObject.CONTRACT_GATE_SNAPSHOT_SCHEMA_VERSION;
+    snapshot.updatedAt = now;
+    snapshot.gates = {
+        ...existingGates,
+        [runtimeSignalConfig.gateName]: {
+            passed: false,
+            reason: `runtime_fallback:${reason} phase=${phase} app=${appName}${entry ? ` entry=${entry}` : ''}`,
+            updatedAt: now,
+            expiresAt: now + runtimeSignalConfig.failureHoldMs,
+            source: 'runtime-mf-fallback-signal',
+            metadata: payload
+        }
+    };
+    await gateSnapshotStore.writeSnapshot(snapshot);
+}
+exports.DEFAULT_RUNTIME_FALLBACK_FAILURE_HOLD_MS = __webpack_exports__.DEFAULT_RUNTIME_FALLBACK_FAILURE_HOLD_MS;
+exports.DEFAULT_RUNTIME_FALLBACK_GATE_NAME = __webpack_exports__.DEFAULT_RUNTIME_FALLBACK_GATE_NAME;
+exports.DEFAULT_RUNTIME_FALLBACK_MAX_BODY_BYTES = __webpack_exports__.DEFAULT_RUNTIME_FALLBACK_MAX_BODY_BYTES;
+exports.DEFAULT_RUNTIME_FALLBACK_SIGNAL_ENDPOINT = __webpack_exports__.DEFAULT_RUNTIME_FALLBACK_SIGNAL_ENDPOINT;
+exports.DEFAULT_RUNTIME_STATUS_ENDPOINT = __webpack_exports__.DEFAULT_RUNTIME_STATUS_ENDPOINT;
+exports.createRuntimeFallbackSignalRuntimeState = __webpack_exports__.createRuntimeFallbackSignalRuntimeState;
+exports.createRuntimeSignalError = __webpack_exports__.createRuntimeSignalError;
+exports.enforceRuntimeFallbackSignalAuth = __webpack_exports__.enforceRuntimeFallbackSignalAuth;
+exports.enforceRuntimeFallbackSignalAuthToken = __webpack_exports__.enforceRuntimeFallbackSignalAuthToken;
+exports.enforceRuntimeFallbackSignalTrustPolicy = __webpack_exports__.enforceRuntimeFallbackSignalTrustPolicy;
+exports.getRuntimeSignalErrorStatusCode = __webpack_exports__.getRuntimeSignalErrorStatusCode;
+exports.normalizeRequiredRuntimeFallbackSignalAuthConfig = __webpack_exports__.normalizeRequiredRuntimeFallbackSignalAuthConfig;
+exports.normalizeRuntimeFallbackSignalAuthConfig = __webpack_exports__.normalizeRuntimeFallbackSignalAuthConfig;
+exports.normalizeRuntimeFallbackTrustPolicy = __webpack_exports__.normalizeRuntimeFallbackTrustPolicy;
+exports.parseRuntimeFallbackSignalPayload = __webpack_exports__.parseRuntimeFallbackSignalPayload;
+exports.parseRuntimeFallbackSignalPayloadFromRawBody = __webpack_exports__.parseRuntimeFallbackSignalPayloadFromRawBody;
+exports.persistRuntimeFallbackContractGate = __webpack_exports__.persistRuntimeFallbackContractGate;
+exports.resolveRuntimeFallbackSignalEndpoint = __webpack_exports__.resolveRuntimeFallbackSignalEndpoint;
+for(var __rspack_i in __webpack_exports__)if (-1 === [
+    "DEFAULT_RUNTIME_FALLBACK_FAILURE_HOLD_MS",
+    "DEFAULT_RUNTIME_FALLBACK_GATE_NAME",
+    "DEFAULT_RUNTIME_FALLBACK_MAX_BODY_BYTES",
+    "DEFAULT_RUNTIME_FALLBACK_SIGNAL_ENDPOINT",
+    "DEFAULT_RUNTIME_STATUS_ENDPOINT",
+    "createRuntimeFallbackSignalRuntimeState",
+    "createRuntimeSignalError",
+    "enforceRuntimeFallbackSignalAuth",
+    "enforceRuntimeFallbackSignalAuthToken",
+    "enforceRuntimeFallbackSignalTrustPolicy",
+    "getRuntimeSignalErrorStatusCode",
+    "normalizeRequiredRuntimeFallbackSignalAuthConfig",
+    "normalizeRuntimeFallbackSignalAuthConfig",
+    "normalizeRuntimeFallbackTrustPolicy",
+    "parseRuntimeFallbackSignalPayload",
+    "parseRuntimeFallbackSignalPayloadFromRawBody",
+    "persistRuntimeFallbackContractGate",
+    "resolveRuntimeFallbackSignalEndpoint"
+].indexOf(__rspack_i)) exports[__rspack_i] = __webpack_exports__[__rspack_i];
+Object.defineProperty(exports, '__esModule', {
+    value: true
+});