npm - @elizaos/server - Versions diffs - 1.6.4 → 1.6.5-alpha.1 - Mend

@elizaos/server 1.6.4 → 1.6.5-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js +34 -11
package/dist/utils/rls-validation.d.ts +28 -0
package/package.json +5 -5

package/dist/index.js CHANGED Viewed

@@ -27030,6 +27030,15 @@ function transformMessageAttachments(message) {
   return message;
 }
+// src/utils/rls-validation.ts
+function validateServerIdForRls(server_id, serverInstance) {
+  const rlsEnabled = process.env.ENABLE_RLS_ISOLATION === "true";
+  if (!rlsEnabled) {
+    return true;
+  }
+  return server_id === serverInstance.serverId;
+}
 // src/api/messaging/core.ts
 function createMessagingCoreRouter(serverInstance) {
   const router = express10.Router();
@@ -27044,13 +27053,18 @@ function createMessagingCoreRouter(serverInstance) {
       raw_message,
       metadata
     } = req.body;
-    const isValidServerId = server_id === serverInstance.serverId;
-    if (!validateUuid9(channel_id) || !validateUuid9(author_id) || !content || !isValidServerId || !source_type || !raw_message) {
+    if (!validateUuid9(channel_id) || !validateUuid9(server_id) || !validateUuid9(author_id) || !content || !source_type || !raw_message) {
       return res.status(400).json({
         success: false,
         error: "Missing required fields: channel_id, server_id, author_id, content, source_type, raw_message"
       });
     }
+    if (!validateServerIdForRls(server_id, serverInstance)) {
+      return res.status(403).json({
+        success: false,
+        error: "Forbidden: server_id does not match current server"
+      });
+    }
     if (in_reply_to_message_id && !validateUuid9(in_reply_to_message_id)) {
       return res.status(400).json({
         success: false,
@@ -27102,13 +27116,18 @@ function createMessagingCoreRouter(serverInstance) {
       raw_message,
       metadata
     } = req.body;
-    const isValidServerId = server_id === serverInstance.serverId;
-    if (!validateUuid9(channel_id) || !validateUuid9(author_id) || !content || !isValidServerId || !source_type || !raw_message) {
+    if (!validateUuid9(channel_id) || !validateUuid9(server_id) || !validateUuid9(author_id) || !content || !source_type || !raw_message) {
       return res.status(400).json({
         success: false,
         error: "Missing required fields: channel_id, server_id, author_id, content, source_type, raw_message"
       });
     }
+    if (!validateServerIdForRls(server_id, serverInstance)) {
+      return res.status(403).json({
+        success: false,
+        error: "Forbidden: server_id does not match current server"
+      });
+    }
     if (in_reply_to_message_id && !validateUuid9(in_reply_to_message_id)) {
       return res.status(400).json({ success: false, error: "Invalid in_reply_to_message_id format" });
     }
@@ -27171,8 +27190,14 @@ function createMessagingCoreRouter(serverInstance) {
     if (author_id && !validateUuid9(author_id)) {
       return res.status(400).json({ success: false, error: "Invalid author_id format" });
     }
-    if (server_id && server_id !== serverInstance.serverId) {
-      return res.status(403).json({ success: false, error: "Forbidden: server_id does not match current server" });
+    if (server_id && !validateUuid9(server_id)) {
+      return res.status(400).json({ success: false, error: "Invalid server_id format" });
+    }
+    if (server_id && !validateServerIdForRls(server_id, serverInstance)) {
+      return res.status(403).json({
+        success: false,
+        error: "Forbidden: server_id does not match current server"
+      });
     }
     try {
       const updated = await serverInstance.updateMessage(id, {
@@ -27695,14 +27720,13 @@ function createChannelsRouter(elizaOS, serverInstance) {
       metadata,
       source_type
     } = req.body;
-    const isValidServerId = server_id === serverInstance.serverId;
     if (!channelIdParam || !validateUuid13(author_id) || !content || !validateUuid13(server_id)) {
       return res.status(400).json({
         success: false,
         error: "Missing required fields: channelId, server_id, author_id, content"
       });
     }
-    if (!isValidServerId) {
+    if (!validateServerIdForRls(server_id, serverInstance)) {
       return res.status(403).json({
         success: false,
         error: "Forbidden: server_id does not match current server"
@@ -27958,14 +27982,13 @@ function createChannelsRouter(elizaOS, serverInstance) {
         error: "Invalid server_id format"
       });
     }
-    const isValidServerId = server_id === serverInstance.serverId;
     if (!name || !Array.isArray(participantCentralUserIds) || participantCentralUserIds.some((id) => !validateUuid13(id))) {
       return res.status(400).json({
         success: false,
         error: 'Invalid payload. Required: name, server_id (UUID or "0"), participantCentralUserIds (array of UUIDs). Optional: type, metadata.'
       });
     }
-    if (!isValidServerId) {
+    if (!validateServerIdForRls(server_id, serverInstance)) {
       return res.status(403).json({
         success: false,
         error: "Forbidden: server_id does not match current server"
@@ -30689,7 +30712,7 @@ import express31 from "express";
 // package.json
 var package_default = {
   name: "@elizaos/server",
-  version: "1.6.4",
+  version: "1.6.5-alpha.1",
   description: "ElizaOS Server - Core server infrastructure for ElizaOS agents",
   publishConfig: {
     access: "public",

package/dist/utils/rls-validation.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import type { UUID } from '@elizaos/core';
+import type { AgentServer } from '../index';
+/**
+ * Validates server_id for RLS (Row Level Security) isolation
+ *
+ * When ENABLE_RLS_ISOLATION is enabled, only allows access to data
+ * belonging to the current server instance.
+ *
+ * When ENABLE_RLS_ISOLATION is disabled, allows access to all data
+ * (backward compatibility mode).
+ *
+ * @param server_id - The server ID from the request
+ * @param serverInstance - The current AgentServer instance
+ * @returns true if the server_id is valid for this request, false otherwise
+ *
+ * @example
+ * const isValid = validateServerIdForRls(req.body.server_id, serverInstance);
+ * if (!isValid) {
+ *   return res.status(403).json({ error: 'Forbidden: server_id does not match' });
+ * }
+ */
+export declare function validateServerIdForRls(server_id: UUID | string | undefined, serverInstance: AgentServer): boolean;
+/**
+ * Checks if RLS (Row Level Security) isolation is enabled
+ *
+ * @returns true if ENABLE_RLS_ISOLATION=true, false otherwise
+ */
+export declare function isRlsEnabled(): boolean;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@elizaos/server",
-  "version": "1.6.4",
+  "version": "1.6.5-alpha.1",
   "description": "ElizaOS Server - Core server infrastructure for ElizaOS agents",
   "publishConfig": {
     "access": "public",
@@ -44,7 +44,7 @@
     "dev": "bun run build.ts --watch"
   },
   "devDependencies": {
-    "@elizaos/client": "1.6.4",
+    "@elizaos/client": "1.6.5-alpha.1",
     "@types/node": "^24.0.1",
     "prettier": "3.6.2",
     "tsx": "4.20.6",
@@ -52,10 +52,10 @@
     "which": "^5.0.0",
     "ws": "^8.18.0"
   },
-  "gitHead": "a8aada56c37ac69c7382753a907bedf092533c6c",
+  "gitHead": "56b7ca950c4461f16eb2f835786474c8db6a6c23",
   "dependencies": {
-    "@elizaos/core": "1.6.4",
-    "@elizaos/plugin-sql": "1.6.4",
+    "@elizaos/core": "1.6.5-alpha.1",
+    "@elizaos/plugin-sql": "1.6.5-alpha.1",
     "@sentry/node": "^10.16.0",
     "@types/express": "^5.0.2",
     "@types/helmet": "^4.0.0",