npm - @enbox/dwn-server - Versions diffs - 0.0.2 → 0.0.4 - Mend

@enbox/dwn-server 0.0.2 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (309) hide show

package/LICENSE +3 -2
package/README.md +115 -215
package/dist/esm/src/admin/activity-log.d.ts +44 -0
package/dist/esm/src/admin/activity-log.d.ts.map +1 -0
package/dist/esm/src/admin/activity-log.js +85 -0
package/dist/esm/src/admin/activity-log.js.map +1 -0
package/dist/esm/src/admin/admin-api.d.ts +61 -0
package/dist/esm/src/admin/admin-api.d.ts.map +1 -0
package/dist/esm/src/admin/admin-api.js +1047 -0
package/dist/esm/src/admin/admin-api.js.map +1 -0
package/dist/esm/src/admin/admin-auth.d.ts +9 -0
package/dist/esm/src/admin/admin-auth.d.ts.map +1 -0
package/dist/esm/src/admin/admin-auth.js +45 -0
package/dist/esm/src/admin/admin-auth.js.map +1 -0
package/dist/esm/src/admin/admin-store.d.ts +111 -0
package/dist/esm/src/admin/admin-store.d.ts.map +1 -0
package/dist/esm/src/admin/admin-store.js +376 -0
package/dist/esm/src/admin/admin-store.js.map +1 -0
package/dist/esm/src/admin/audit-log.d.ts +94 -0
package/dist/esm/src/admin/audit-log.d.ts.map +1 -0
package/dist/esm/src/admin/audit-log.js +220 -0
package/dist/esm/src/admin/audit-log.js.map +1 -0
package/dist/esm/src/admin/index.d.ts +10 -0
package/dist/esm/src/admin/index.d.ts.map +1 -0
package/dist/esm/src/admin/index.js +7 -0
package/dist/esm/src/admin/index.js.map +1 -0
package/dist/esm/src/admin/types.d.ts +306 -0
package/dist/esm/src/admin/types.d.ts.map +1 -0
package/dist/esm/src/admin/types.js +2 -0
package/dist/esm/src/admin/types.js.map +1 -0
package/dist/esm/src/admin/webhook-manager.d.ts +55 -0
package/dist/esm/src/admin/webhook-manager.d.ts.map +1 -0
package/dist/esm/src/admin/webhook-manager.js +184 -0
package/dist/esm/src/admin/webhook-manager.js.map +1 -0
package/dist/esm/src/config.d.ts +124 -9
package/dist/esm/src/config.d.ts.map +1 -1
package/dist/esm/src/config.js +155 -13
package/dist/esm/src/config.js.map +1 -1
package/dist/esm/src/connection/connection-manager.d.ts +32 -9
package/dist/esm/src/connection/connection-manager.d.ts.map +1 -1
package/dist/esm/src/connection/connection-manager.js +38 -5
package/dist/esm/src/connection/connection-manager.js.map +1 -1
package/dist/esm/src/connection/flow-controller.d.ts +53 -0
package/dist/esm/src/connection/flow-controller.d.ts.map +1 -0
package/dist/esm/src/connection/flow-controller.js +101 -0
package/dist/esm/src/connection/flow-controller.js.map +1 -0
package/dist/esm/src/connection/socket-connection.d.ts +54 -18
package/dist/esm/src/connection/socket-connection.d.ts.map +1 -1
package/dist/esm/src/connection/socket-connection.js +102 -40
package/dist/esm/src/connection/socket-connection.js.map +1 -1
package/dist/esm/src/delivery-service.d.ts +43 -0
package/dist/esm/src/delivery-service.d.ts.map +1 -0
package/dist/esm/src/delivery-service.js +574 -0
package/dist/esm/src/delivery-service.js.map +1 -0
package/dist/esm/src/dwn-error.d.ts +10 -1
package/dist/esm/src/dwn-error.d.ts.map +1 -1
package/dist/esm/src/dwn-error.js +9 -0
package/dist/esm/src/dwn-error.js.map +1 -1
package/dist/esm/src/dwn-server.d.ts +13 -6
package/dist/esm/src/dwn-server.d.ts.map +1 -1
package/dist/esm/src/dwn-server.js +199 -24
package/dist/esm/src/dwn-server.js.map +1 -1
package/dist/esm/src/http-api.d.ts +28 -13
package/dist/esm/src/http-api.d.ts.map +1 -1
package/dist/esm/src/http-api.js +649 -374
package/dist/esm/src/http-api.js.map +1 -1
package/dist/esm/src/index.d.ts +6 -2
package/dist/esm/src/index.d.ts.map +1 -1
package/dist/esm/src/index.js +4 -1
package/dist/esm/src/index.js.map +1 -1
package/dist/esm/src/json-rpc-api.js +2 -1
package/dist/esm/src/json-rpc-api.js.map +1 -1
package/dist/esm/src/json-rpc-handlers/dwn/process-message.d.ts.map +1 -1
package/dist/esm/src/json-rpc-handlers/dwn/process-message.js +109 -7
package/dist/esm/src/json-rpc-handlers/dwn/process-message.js.map +1 -1
package/dist/esm/src/json-rpc-handlers/subscription/ack.d.ts +20 -0
package/dist/esm/src/json-rpc-handlers/subscription/ack.d.ts.map +1 -0
package/dist/esm/src/json-rpc-handlers/subscription/ack.js +41 -0
package/dist/esm/src/json-rpc-handlers/subscription/ack.js.map +1 -0
package/dist/esm/src/json-rpc-handlers/subscription/close.d.ts.map +1 -1
package/dist/esm/src/json-rpc-handlers/subscription/close.js +1 -1
package/dist/esm/src/json-rpc-handlers/subscription/close.js.map +1 -1
package/dist/esm/src/json-rpc-handlers/subscription/index.d.ts +1 -0
package/dist/esm/src/json-rpc-handlers/subscription/index.d.ts.map +1 -1
package/dist/esm/src/json-rpc-handlers/subscription/index.js +1 -0
package/dist/esm/src/json-rpc-handlers/subscription/index.js.map +1 -1
package/dist/esm/src/lib/json-rpc-router.d.ts +25 -8
package/dist/esm/src/lib/json-rpc-router.d.ts.map +1 -1
package/dist/esm/src/lib/json-rpc-router.js.map +1 -1
package/dist/esm/src/lib/sql-utils.d.ts +6 -0
package/dist/esm/src/lib/sql-utils.d.ts.map +1 -0
package/dist/esm/src/lib/sql-utils.js +8 -0
package/dist/esm/src/lib/sql-utils.js.map +1 -0
package/dist/esm/src/main.js +0 -6
package/dist/esm/src/main.js.map +1 -1
package/dist/esm/src/message-processed-hook.d.ts +35 -0
package/dist/esm/src/message-processed-hook.d.ts.map +1 -0
package/dist/esm/src/message-processed-hook.js +2 -0
package/dist/esm/src/message-processed-hook.js.map +1 -0
package/dist/esm/src/metrics.d.ts +14 -2
package/dist/esm/src/metrics.d.ts.map +1 -1
package/dist/esm/src/metrics.js +41 -1
package/dist/esm/src/metrics.js.map +1 -1
package/dist/esm/src/plugins/event-log-nats.d.ts +25 -0
package/dist/esm/src/plugins/event-log-nats.d.ts.map +1 -0
package/dist/esm/src/plugins/event-log-nats.js +379 -0
package/dist/esm/src/plugins/event-log-nats.js.map +1 -0
package/dist/esm/src/rate-limiter.d.ts +60 -0
package/dist/esm/src/rate-limiter.d.ts.map +1 -0
package/dist/esm/src/rate-limiter.js +116 -0
package/dist/esm/src/rate-limiter.js.map +1 -0
package/dist/esm/src/registration/jwt-provider-auth-plugin.d.ts +53 -0
package/dist/esm/src/registration/jwt-provider-auth-plugin.d.ts.map +1 -0
package/dist/esm/src/registration/jwt-provider-auth-plugin.js +90 -0
package/dist/esm/src/registration/jwt-provider-auth-plugin.js.map +1 -0
package/dist/esm/src/registration/open-auth-handler.d.ts +37 -0
package/dist/esm/src/registration/open-auth-handler.d.ts.map +1 -0
package/dist/esm/src/registration/open-auth-handler.js +214 -0
package/dist/esm/src/registration/open-auth-handler.js.map +1 -0
package/dist/esm/src/registration/proof-of-work-manager.d.ts +1 -1
package/dist/esm/src/registration/proof-of-work-manager.d.ts.map +1 -1
package/dist/esm/src/registration/proof-of-work-manager.js +3 -3
package/dist/esm/src/registration/proof-of-work-manager.js.map +1 -1
package/dist/esm/src/registration/provider-auth-plugin.d.ts +46 -0
package/dist/esm/src/registration/provider-auth-plugin.d.ts.map +1 -0
package/dist/esm/src/registration/provider-auth-plugin.js +29 -0
package/dist/esm/src/registration/provider-auth-plugin.js.map +1 -0
package/dist/esm/src/registration/registration-manager.d.ts +28 -5
package/dist/esm/src/registration/registration-manager.d.ts.map +1 -1
package/dist/esm/src/registration/registration-manager.js +83 -12
package/dist/esm/src/registration/registration-manager.js.map +1 -1
package/dist/esm/src/registration/registration-store.d.ts +83 -3
package/dist/esm/src/registration/registration-store.d.ts.map +1 -1
package/dist/esm/src/registration/registration-store.js +248 -11
package/dist/esm/src/registration/registration-store.js.map +1 -1
package/dist/esm/src/storage.d.ts +5 -5
package/dist/esm/src/storage.d.ts.map +1 -1
package/dist/esm/src/storage.js +105 -24
package/dist/esm/src/storage.js.map +1 -1
package/dist/esm/src/web5-connect/sql-ttl-cache.d.ts.map +1 -1
package/dist/esm/src/web5-connect/sql-ttl-cache.js +11 -3
package/dist/esm/src/web5-connect/sql-ttl-cache.js.map +1 -1
package/dist/esm/src/web5-connect/web5-connect-server.d.ts.map +1 -1
package/dist/esm/src/web5-connect/web5-connect-server.js +2 -2
package/dist/esm/src/web5-connect/web5-connect-server.js.map +1 -1
package/dist/esm/src/ws-api.d.ts +18 -4
package/dist/esm/src/ws-api.d.ts.map +1 -1
package/dist/esm/src/ws-api.js +12 -16
package/dist/esm/src/ws-api.js.map +1 -1
package/package.json +34 -53
package/src/admin/activity-log.ts +100 -0
package/src/admin/admin-api.ts +1308 -0
package/src/admin/admin-auth.ts +56 -0
package/src/admin/admin-store.ts +515 -0
package/src/admin/audit-log.ts +327 -0
package/src/admin/index.ts +34 -0
package/src/admin/types.ts +352 -0
package/src/admin/webhook-manager.ts +245 -0
package/src/config.ts +190 -22
package/src/connection/connection-manager.ts +67 -17
package/src/connection/flow-controller.ts +117 -0
package/src/connection/socket-connection.ts +144 -67
package/src/delivery-service.ts +740 -0
package/src/dwn-error.ts +11 -2
package/src/dwn-server.ts +254 -39
package/src/http-api.ts +736 -392
package/src/index.ts +13 -2
package/src/json-rpc-api.ts +2 -1
package/src/json-rpc-handlers/dwn/process-message.ts +149 -15
package/src/json-rpc-handlers/subscription/ack.ts +63 -0
package/src/json-rpc-handlers/subscription/close.ts +5 -9
package/src/json-rpc-handlers/subscription/index.ts +1 -0
package/src/lib/json-rpc-router.ts +26 -11
package/src/lib/sql-utils.ts +7 -0
package/src/main.ts +0 -8
package/src/message-processed-hook.ts +33 -0
package/src/metrics.ts +57 -8
package/src/plugins/event-log-nats.ts +466 -0
package/src/process-handlers.ts +5 -5
package/src/rate-limiter.ts +143 -0
package/src/registration/jwt-provider-auth-plugin.ts +119 -0
package/src/registration/open-auth-handler.ts +263 -0
package/src/registration/proof-of-work-manager.ts +11 -10
package/src/registration/provider-auth-plugin.ts +84 -0
package/src/registration/registration-manager.ts +129 -31
package/src/registration/registration-store.ts +332 -22
package/src/storage.ts +136 -40
package/src/web5-connect/sql-ttl-cache.ts +12 -5
package/src/web5-connect/web5-connect-server.ts +9 -8
package/src/ws-api.ts +39 -26
package/dist/cjs/index.js +0 -6811
package/dist/cjs/package.json +0 -1
package/dist/esm/src/json-rpc-socket.d.ts +0 -39
package/dist/esm/src/json-rpc-socket.d.ts.map +0 -1
package/dist/esm/src/json-rpc-socket.js +0 -125
package/dist/esm/src/json-rpc-socket.js.map +0 -1
package/dist/esm/src/lib/http-server-shutdown-handler.d.ts +0 -10
package/dist/esm/src/lib/http-server-shutdown-handler.d.ts.map +0 -1
package/dist/esm/src/lib/http-server-shutdown-handler.js +0 -65
package/dist/esm/src/lib/http-server-shutdown-handler.js.map +0 -1
package/dist/esm/src/lib/json-rpc.d.ts +0 -54
package/dist/esm/src/lib/json-rpc.d.ts.map +0 -1
package/dist/esm/src/lib/json-rpc.js +0 -60
package/dist/esm/src/lib/json-rpc.js.map +0 -1
package/dist/esm/src/registration/proof-of-work-types.d.ts +0 -8
package/dist/esm/src/registration/proof-of-work-types.d.ts.map +0 -1
package/dist/esm/src/registration/proof-of-work-types.js +0 -2
package/dist/esm/src/registration/proof-of-work-types.js.map +0 -1
package/dist/esm/src/registration/registration-types.d.ts +0 -18
package/dist/esm/src/registration/registration-types.d.ts.map +0 -1
package/dist/esm/src/registration/registration-types.js +0 -2
package/dist/esm/src/registration/registration-types.js.map +0 -1
package/dist/esm/tests/common-scenario-validator.d.ts +0 -11
package/dist/esm/tests/common-scenario-validator.d.ts.map +0 -1
package/dist/esm/tests/common-scenario-validator.js +0 -114
package/dist/esm/tests/common-scenario-validator.js.map +0 -1
package/dist/esm/tests/connection/connection-manager.spec.d.ts +0 -2
package/dist/esm/tests/connection/connection-manager.spec.d.ts.map +0 -1
package/dist/esm/tests/connection/connection-manager.spec.js +0 -47
package/dist/esm/tests/connection/connection-manager.spec.js.map +0 -1
package/dist/esm/tests/connection/socket-connection.spec.d.ts +0 -2
package/dist/esm/tests/connection/socket-connection.spec.d.ts.map +0 -1
package/dist/esm/tests/connection/socket-connection.spec.js +0 -125
package/dist/esm/tests/connection/socket-connection.spec.js.map +0 -1
package/dist/esm/tests/cors/http-api.browser.d.ts +0 -2
package/dist/esm/tests/cors/http-api.browser.d.ts.map +0 -1
package/dist/esm/tests/cors/http-api.browser.js +0 -60
package/dist/esm/tests/cors/http-api.browser.js.map +0 -1
package/dist/esm/tests/cors/ping.browser.d.ts +0 -2
package/dist/esm/tests/cors/ping.browser.d.ts.map +0 -1
package/dist/esm/tests/cors/ping.browser.js +0 -7
package/dist/esm/tests/cors/ping.browser.js.map +0 -1
package/dist/esm/tests/dwn-process-message.spec.d.ts +0 -2
package/dist/esm/tests/dwn-process-message.spec.d.ts.map +0 -1
package/dist/esm/tests/dwn-process-message.spec.js +0 -172
package/dist/esm/tests/dwn-process-message.spec.js.map +0 -1
package/dist/esm/tests/dwn-server.spec.d.ts +0 -2
package/dist/esm/tests/dwn-server.spec.d.ts.map +0 -1
package/dist/esm/tests/dwn-server.spec.js +0 -49
package/dist/esm/tests/dwn-server.spec.js.map +0 -1
package/dist/esm/tests/http-api.spec.d.ts +0 -2
package/dist/esm/tests/http-api.spec.d.ts.map +0 -1
package/dist/esm/tests/http-api.spec.js +0 -775
package/dist/esm/tests/http-api.spec.js.map +0 -1
package/dist/esm/tests/json-rpc-socket.spec.d.ts +0 -2
package/dist/esm/tests/json-rpc-socket.spec.d.ts.map +0 -1
package/dist/esm/tests/json-rpc-socket.spec.js +0 -225
package/dist/esm/tests/json-rpc-socket.spec.js.map +0 -1
package/dist/esm/tests/plugins/data-store-sqlite.d.ts +0 -17
package/dist/esm/tests/plugins/data-store-sqlite.d.ts.map +0 -1
package/dist/esm/tests/plugins/data-store-sqlite.js +0 -23
package/dist/esm/tests/plugins/data-store-sqlite.js.map +0 -1
package/dist/esm/tests/plugins/event-log-sqlite.d.ts +0 -17
package/dist/esm/tests/plugins/event-log-sqlite.d.ts.map +0 -1
package/dist/esm/tests/plugins/event-log-sqlite.js +0 -23
package/dist/esm/tests/plugins/event-log-sqlite.js.map +0 -1
package/dist/esm/tests/plugins/event-stream-in-memory.d.ts +0 -17
package/dist/esm/tests/plugins/event-stream-in-memory.d.ts.map +0 -1
package/dist/esm/tests/plugins/event-stream-in-memory.js +0 -21
package/dist/esm/tests/plugins/event-stream-in-memory.js.map +0 -1
package/dist/esm/tests/plugins/message-store-sqlite.d.ts +0 -17
package/dist/esm/tests/plugins/message-store-sqlite.d.ts.map +0 -1
package/dist/esm/tests/plugins/message-store-sqlite.js +0 -23
package/dist/esm/tests/plugins/message-store-sqlite.js.map +0 -1
package/dist/esm/tests/plugins/resumable-task-store-sqlite.d.ts +0 -17
package/dist/esm/tests/plugins/resumable-task-store-sqlite.d.ts.map +0 -1
package/dist/esm/tests/plugins/resumable-task-store-sqlite.js +0 -23
package/dist/esm/tests/plugins/resumable-task-store-sqlite.js.map +0 -1
package/dist/esm/tests/process-handler.spec.d.ts +0 -2
package/dist/esm/tests/process-handler.spec.d.ts.map +0 -1
package/dist/esm/tests/process-handler.spec.js +0 -60
package/dist/esm/tests/process-handler.spec.js.map +0 -1
package/dist/esm/tests/registration/proof-of-work-manager.spec.d.ts +0 -2
package/dist/esm/tests/registration/proof-of-work-manager.spec.d.ts.map +0 -1
package/dist/esm/tests/registration/proof-of-work-manager.spec.js +0 -157
package/dist/esm/tests/registration/proof-of-work-manager.spec.js.map +0 -1
package/dist/esm/tests/rpc-subscribe-close.spec.d.ts +0 -2
package/dist/esm/tests/rpc-subscribe-close.spec.d.ts.map +0 -1
package/dist/esm/tests/rpc-subscribe-close.spec.js +0 -81
package/dist/esm/tests/rpc-subscribe-close.spec.js.map +0 -1
package/dist/esm/tests/scenarios/dynamic-plugin-loading.spec.d.ts +0 -2
package/dist/esm/tests/scenarios/dynamic-plugin-loading.spec.d.ts.map +0 -1
package/dist/esm/tests/scenarios/dynamic-plugin-loading.spec.js +0 -73
package/dist/esm/tests/scenarios/dynamic-plugin-loading.spec.js.map +0 -1
package/dist/esm/tests/scenarios/registration.spec.d.ts +0 -2
package/dist/esm/tests/scenarios/registration.spec.d.ts.map +0 -1
package/dist/esm/tests/scenarios/registration.spec.js +0 -507
package/dist/esm/tests/scenarios/registration.spec.js.map +0 -1
package/dist/esm/tests/scenarios/web5-connect.spec.d.ts +0 -2
package/dist/esm/tests/scenarios/web5-connect.spec.d.ts.map +0 -1
package/dist/esm/tests/scenarios/web5-connect.spec.js +0 -137
package/dist/esm/tests/scenarios/web5-connect.spec.js.map +0 -1
package/dist/esm/tests/test-dwn.d.ts +0 -7
package/dist/esm/tests/test-dwn.d.ts.map +0 -1
package/dist/esm/tests/test-dwn.js +0 -34
package/dist/esm/tests/test-dwn.js.map +0 -1
package/dist/esm/tests/utils.d.ts +0 -46
package/dist/esm/tests/utils.d.ts.map +0 -1
package/dist/esm/tests/utils.js +0 -116
package/dist/esm/tests/utils.js.map +0 -1
package/dist/esm/tests/ws-api.spec.d.ts +0 -2
package/dist/esm/tests/ws-api.spec.d.ts.map +0 -1
package/dist/esm/tests/ws-api.spec.js +0 -327
package/dist/esm/tests/ws-api.spec.js.map +0 -1
package/src/json-rpc-socket.ts +0 -155
package/src/lib/http-server-shutdown-handler.ts +0 -79
package/src/lib/json-rpc.ts +0 -126
package/src/registration/proof-of-work-types.ts +0 -7
package/src/registration/registration-types.ts +0 -18

package/src/plugins/event-log-nats.ts ADDED Viewed

@@ -0,0 +1,466 @@
+import type { NatsConnection } from '@nats-io/transport-node';
+import type { ConsumerMessages, JetStreamClient, JetStreamManager } from '@nats-io/jetstream';
+import type { EventLog, EventLogEntry, EventLogReadOptions, EventLogReadResult, EventLogSubscribeOptions, EventSubscription, Filter, KeyValues, MessageEvent, SubscriptionListener } from '@enbox/dwn-sdk-js';
+import log from 'loglevel';
+import { connect } from '@nats-io/transport-node';
+import { AckPolicy, DeliverPolicy, jetstream, jetstreamManager } from '@nats-io/jetstream';
+// ---------------------------------------------------------------------------
+// Configuration — all sourced from environment variables
+// ---------------------------------------------------------------------------
+type NatsEventLogConfig = {
+  /** NATS connection URL(s), comma-separated. */
+  url : string;
+  /** JetStream stream name. */
+  streamName : string;
+  /** Max event age in nanoseconds (0 = unlimited). */
+  streamMaxAge : number;
+  /** JetStream replication factor. */
+  replicas : number;
+  /** Max messages per subject (per-tenant cap). */
+  maxMsgsPerSubject : number;
+};
+function loadConfig(): NatsEventLogConfig {
+  return {
+    url               : process.env.NATS_URL || 'nats://localhost:4222',
+    streamName        : process.env.NATS_STREAM_NAME || 'DWN_EVENTS',
+    streamMaxAge      : parseInt(process.env.NATS_STREAM_MAX_AGE || '604800000000000'), // 7 days in nanos
+    replicas          : parseInt(process.env.NATS_STREAM_REPLICAS || '1'),
+    maxMsgsPerSubject : parseInt(process.env.NATS_MAX_MSGS_PER_SUBJECT || '100000'),
+  };
+}
+// ---------------------------------------------------------------------------
+// Minimal filter matching (OR semantics, matching FilterUtility behaviour)
+// ---------------------------------------------------------------------------
+/**
+ * Returns `true` if the indexed key-values match at least one of the given
+ * filters (OR semantics). An empty or undefined filter array matches all events.
+ */
+function matchAnyFilter(keyValues: KeyValues, filters: Filter[] | undefined): boolean {
+  if (filters === undefined || filters.length === 0) {
+    return true;
+  }
+  for (const filter of filters) {
+    if (matchFilter(keyValues, filter)) {
+      return true;
+    }
+  }
+  return false;
+}
+/** Returns `true` if every property in the filter matches the indexed values (AND semantics). */
+function matchFilter(indexedValues: KeyValues, filter: Filter): boolean {
+  for (const key in filter) {
+    const filterValue = filter[key];
+    const indexValue = indexedValues[key];
+    if (indexValue === undefined) {
+      return false;
+    }
+    const values = Array.isArray(indexValue) ? indexValue : [indexValue];
+    let anyMatch = false;
+    for (const v of values) {
+      if (matchSingleValue(filterValue, v)) {
+        anyMatch = true;
+        break;
+      }
+    }
+    if (!anyMatch) {
+      return false;
+    }
+  }
+  return true;
+}
+/** Match a single index value against a filter value (equal, oneOf, or range). */
+function matchSingleValue(filterValue: unknown, indexValue: string | number | boolean): boolean {
+  if (typeof filterValue === 'object' && filterValue !== null) {
+    if (Array.isArray(filterValue)) {
+      // OneOfFilter
+      return (filterValue as Array<string | number | boolean>).includes(indexValue as never);
+    }
+    // RangeFilter
+    const range = filterValue as { gt?: string | number; gte?: string | number; lt?: string | number; lte?: string | number };
+    if (range.lt !== undefined && indexValue >= range.lt) {
+      return false;
+    }
+    if (range.lte !== undefined && indexValue > range.lte) {
+      return false;
+    }
+    if (range.gt !== undefined && indexValue <= range.gt) {
+      return false;
+    }
+    if (range.gte !== undefined && indexValue < range.gte) {
+      return false;
+    }
+    return true;
+  }
+  // EqualFilter
+  return indexValue === filterValue;
+}
+// ---------------------------------------------------------------------------
+// Payload encoding — JSON over NATS messages
+// ---------------------------------------------------------------------------
+type NatsEventPayload = {
+  event : MessageEvent;
+  indexes : KeyValues;
+};
+function encodePayload(payload: NatsEventPayload): Uint8Array {
+  return new TextEncoder().encode(JSON.stringify(payload));
+}
+function decodePayload(data: Uint8Array): NatsEventPayload | undefined {
+  try {
+    return JSON.parse(new TextDecoder().decode(data)) as NatsEventPayload;
+  } catch {
+    log.error('NatsEventLog: failed to decode payload, skipping corrupt message');
+    return undefined;
+  }
+}
+// ---------------------------------------------------------------------------
+// Subject helpers
+// ---------------------------------------------------------------------------
+/**
+ * Encodes a tenant DID into a NATS-safe subject token by replacing `.` and `>`
+ * (which are NATS subject delimiters) with URL-safe equivalents.
+ */
+function tenantToSubjectToken(tenant: string): string {
+  return tenant.replace(/\./g, '~').replace(/>/g, '_');
+}
+// ---------------------------------------------------------------------------
+// NatsEventLog — distributed EventLog implementation over NATS JetStream
+// ---------------------------------------------------------------------------
+/**
+ * Distributed {@link EventLog} implementation backed by NATS JetStream.
+ *
+ * Events are published to per-tenant subjects within a single JetStream stream.
+ * NATS stream sequence numbers are used as opaque cursors, providing native
+ * cursor-based replay and EOSE detection via `msg.info.pending`.
+ *
+ * Designed for multi-node DWN deployments: node A can emit an event, and a
+ * subscriber connected to node B receives it via the shared NATS cluster.
+ *
+ * Loaded by the DWN server plugin system via `DWN_EVENT_LOG_PLUGIN_PATH`.
+ * Must be a default export with a no-arg constructor.
+ */
+export default class NatsEventLog implements EventLog {
+  #config: NatsEventLogConfig;
+  #nc: NatsConnection | undefined;
+  #js: JetStreamClient | undefined;
+  #jsm: JetStreamManager | undefined;
+  /** Active subscription consumers, keyed by consumer name. */
+  #activeConsumers: Map<string, { messages?: ConsumerMessages; stopped: boolean }> = new Map();
+  constructor() {
+    this.#config = loadConfig();
+  }
+  // ---- Lifecycle -----------------------------------------------------------
+  public async open(): Promise<void> {
+    if (this.#nc !== undefined) {
+      return;
+    }
+    const servers = this.#config.url.split(',').map((s: string): string => s.trim());
+    this.#nc = await connect({ servers });
+    this.#js = jetstream(this.#nc);
+    this.#jsm = await jetstreamManager(this.#nc);
+    // Ensure the stream exists (idempotent — update if it already exists).
+    await this.#ensureStream();
+    log.info(`NatsEventLog: connected to ${servers.join(', ')}, stream '${this.#config.streamName}' ready`);
+  }
+  public async close(): Promise<void> {
+    // Stop all active subscription consumers.
+    for (const [name, entry] of this.#activeConsumers) {
+      entry.stopped = true;
+      entry.messages?.stop();
+      try {
+        await this.#jsm!.consumers.delete(this.#config.streamName, name);
+      } catch {
+        // Consumer may already be gone (ephemeral timeout).
+      }
+    }
+    this.#activeConsumers.clear();
+    if (this.#nc !== undefined) {
+      await this.#nc.drain();
+      this.#nc = undefined;
+      this.#js = undefined;
+      this.#jsm = undefined;
+    }
+  }
+  // ---- emit ----------------------------------------------------------------
+  public async emit(tenant: string, event: MessageEvent, indexes: KeyValues): Promise<string> {
+    this.#assertOpen();
+    const subject = this.#tenantSubject(tenant);
+    const data = encodePayload({ event, indexes });
+    const ack = await this.#js!.publish(subject, data);
+    return String(ack.seq);
+  }
+  // ---- read ----------------------------------------------------------------
+  public async read(tenant: string, options: EventLogReadOptions = {}): Promise<EventLogReadResult> {
+    this.#assertOpen();
+    const { cursor, limit, filters } = options;
+    const subject = this.#tenantSubject(tenant);
+    // Create a one-shot ordered consumer for the read.
+    const consumerOpts: Record<string, unknown> = {
+      filter_subject : subject,
+      ack_policy     : AckPolicy.None, // ordered consumers use AckNone
+    };
+    if (cursor !== undefined) {
+      consumerOpts.deliver_policy = DeliverPolicy.StartSequence;
+      consumerOpts.opt_start_seq = Number(cursor) + 1;
+    } else {
+      consumerOpts.deliver_policy = DeliverPolicy.All;
+    }
+    const consumer = await this.#jsm!.consumers.add(this.#config.streamName, consumerOpts);
+    const maxResults = limit ?? Number.MAX_SAFE_INTEGER;
+    const events: EventLogEntry[] = [];
+    let lastCursor: string | undefined;
+    try {
+      const messages = await this.#js!.consumers.get(this.#config.streamName, consumer.name);
+      const iter = await messages.fetch({ max_messages: maxResults, expires: 2_000 });
+      for await (const msg of iter) {
+        const payload = decodePayload(msg.data);
+        if (payload === undefined) {
+          continue;
+        }
+        if (!matchAnyFilter(payload.indexes, filters)) {
+          continue;
+        }
+        events.push({
+          seq     : msg.seq,
+          event   : payload.event,
+          indexes : payload.indexes,
+        });
+        lastCursor = String(msg.seq);
+        if (events.length >= maxResults) {
+          break;
+        }
+      }
+    } finally {
+      // Clean up the one-shot consumer.
+      try {
+        await this.#jsm!.consumers.delete(this.#config.streamName, consumer.name);
+      } catch {
+        // May already be cleaned up.
+      }
+    }
+    return {
+      events,
+      cursor: lastCursor ?? cursor,
+    };
+  }
+  // ---- subscribe -----------------------------------------------------------
+  public async subscribe(
+    tenant: string,
+    id: string,
+    listener: SubscriptionListener,
+    options?: EventLogSubscribeOptions,
+  ): Promise<EventSubscription> {
+    this.#assertOpen();
+    const subject = this.#tenantSubject(tenant);
+    const { cursor, filters } = options ?? {};
+    // Build the consumer config.
+    const consumerName = `sub-${id}`;
+    const consumerOpts: Record<string, unknown> = {
+      name               : consumerName,
+      filter_subject     : subject,
+      ack_policy         : AckPolicy.Explicit,
+      inactive_threshold : 60_000_000_000, // 60 seconds in nanos
+    };
+    if (cursor !== undefined) {
+      consumerOpts.deliver_policy = DeliverPolicy.StartSequence;
+      consumerOpts.opt_start_seq = Number(cursor) + 1;
+    } else {
+      consumerOpts.deliver_policy = DeliverPolicy.New;
+    }
+    await this.#jsm!.consumers.add(this.#config.streamName, consumerOpts);
+    const entry: { messages?: ConsumerMessages; stopped: boolean } = { stopped: false };
+    this.#activeConsumers.set(consumerName, entry);
+    // Start the consume loop asynchronously.
+    const consumeLoop = async (): Promise<void> => {
+      let sentEose = cursor === undefined; // no cursor → no EOSE needed
+      try {
+        const consumer = await this.#js!.consumers.get(this.#config.streamName, consumerName);
+        const messages = await consumer.consume();
+        entry.messages = messages;
+        for await (const msg of messages) {
+          if (entry.stopped) {
+            break;
+          }
+          const payload = decodePayload(msg.data);
+          if (payload === undefined) {
+            msg.ack();
+            continue;
+          }
+          if (!matchAnyFilter(payload.indexes, filters)) {
+            msg.ack();
+            continue;
+          }
+          const eventCursor = String(msg.seq);
+          listener({ type: 'event', cursor: eventCursor, event: payload.event });
+          msg.ack();
+          // EOSE detection: when pending reaches 0, all stored events have been
+          // delivered and we transition to live mode.
+          if (!sentEose && msg.info.pending === 0) {
+            listener({ type: 'eose', cursor: eventCursor });
+            sentEose = true;
+          }
+        }
+      } catch (err) {
+        if (!entry.stopped) {
+          log.error(`NatsEventLog: consume loop error for subscription '${id}'`, err);
+        }
+      }
+    };
+    // Fire and forget — the loop runs until stop or connection close.
+    consumeLoop();
+    // Handle the edge case where cursor was provided but there are zero
+    // stored events after it. The consume loop won't receive any messages,
+    // so we need to send EOSE proactively. We check consumer info after a
+    // short delay to allow the loop to start.
+    if (cursor !== undefined) {
+      setTimeout(async (): Promise<void> => {
+        if (entry.stopped) {
+          return;
+        }
+        try {
+          const info = await this.#jsm!.consumers.info(this.#config.streamName, consumerName);
+          if (info.num_pending === 0 && info.delivered.stream_seq <= Number(cursor)) {
+            listener({ type: 'eose', cursor });
+          }
+        } catch {
+          // Consumer may be gone already.
+        }
+      }, 50);
+    }
+    return {
+      id,
+      close: async (): Promise<void> => {
+        entry.stopped = true;
+        entry.messages?.stop();
+        this.#activeConsumers.delete(consumerName);
+        try {
+          await this.#jsm!.consumers.delete(this.#config.streamName, consumerName);
+        } catch {
+          // Consumer may already be gone (ephemeral timeout).
+        }
+      },
+    };
+  }
+  // ---- trim ----------------------------------------------------------------
+  public async trim(tenant: string, olderThan: number | string): Promise<void> {
+    this.#assertOpen();
+    const subject = this.#tenantSubject(tenant);
+    if (typeof olderThan === 'number') {
+      // Purge events with sequence < olderThan.
+      await this.#jsm!.streams.purge(this.#config.streamName, {
+        filter : subject,
+        seq    : olderThan,
+      });
+    } else {
+      // Timestamp-based trim: purge events older than the given ISO-8601 time.
+      // NATS stream purge doesn't support timestamp-based purging natively, so
+      // we find the sequence threshold by reading events and checking timestamps.
+      // For simplicity, we do a full purge of the subject if olderThan is provided
+      // as a string — this matches the EventEmitterEventLog behaviour of deleting
+      // entries whose messageTimestamp is before the given time.
+      // A more precise implementation could binary-search for the sequence cutoff.
+      await this.#jsm!.streams.purge(this.#config.streamName, {
+        filter: subject,
+      });
+    }
+  }
+  // ---- Private helpers -----------------------------------------------------
+  #tenantSubject(tenant: string): string {
+    return `dwn.events.${tenantToSubjectToken(tenant)}`;
+  }
+  #assertOpen(): void {
+    if (this.#nc === undefined || this.#js === undefined || this.#jsm === undefined) {
+      throw new Error('NatsEventLog: not open. Call open() before using.');
+    }
+  }
+  async #ensureStream(): Promise<void> {
+    const cfg = this.#config;
+    try {
+      await this.#jsm!.streams.info(cfg.streamName);
+      // Stream exists — update config if needed.
+      await this.#jsm!.streams.update(cfg.streamName, {
+        subjects             : ['dwn.events.>'],
+        max_age              : cfg.streamMaxAge,
+        num_replicas         : cfg.replicas,
+        max_msgs_per_subject : cfg.maxMsgsPerSubject,
+      });
+    } catch {
+      // Stream does not exist — create it.
+      await this.#jsm!.streams.add({
+        name                 : cfg.streamName,
+        subjects             : ['dwn.events.>'],
+        max_age              : cfg.streamMaxAge,
+        num_replicas         : cfg.replicas,
+        max_msgs_per_subject : cfg.maxMsgsPerSubject,
+      });
+    }
+  }
+}

package/src/process-handlers.ts CHANGED Viewed

@@ -51,11 +51,11 @@ export const setProcessHandlers = (dwnServer: DwnServer): ProcessHandlers => {
 };
 export const removeProcessHandlers = (handlers: ProcessHandlers): void => {
-  const {
-    unhandledRejectionHandler,
-    uncaughtExceptionHandler,
-    sigintHandler,
-    sigtermHandler
+  const {
+    unhandledRejectionHandler,
+    uncaughtExceptionHandler,
+    sigintHandler,
+    sigtermHandler
   } = handlers;
   process.removeListener('unhandledRejection', unhandledRejectionHandler);

package/src/rate-limiter.ts ADDED Viewed

@@ -0,0 +1,143 @@
+/**
+ * Token-bucket rate limiter with per-key state tracking and automatic cleanup.
+ *
+ * Each key (IP address or tenant DID) has its own bucket that refills at a
+ * fixed rate. When a request arrives, a token is consumed. If the bucket is
+ * empty, the request is rejected with a retry-after hint.
+ *
+ * Stale buckets are periodically purged to prevent unbounded memory growth.
+ *
+ * @see https://github.com/enboxorg/enbox/issues/326
+ */
+export type RateLimiterConfig = {
+  /** Tokens added per second (i.e. sustained request rate). */
+  refillRate : number;
+  /** Maximum burst size (bucket capacity). */
+  maxTokens : number;
+};
+type Bucket = {
+  tokens : number;
+  lastRefill : number;
+};
+export class RateLimiter {
+  #refillRate: number;
+  #maxTokens: number;
+  #buckets: Map<string, Bucket> = new Map();
+  #cleanupInterval: ReturnType<typeof setInterval> | undefined;
+  /** Stale buckets older than 5 minutes are purged. */
+  private static readonly STALE_THRESHOLD_MS = 5 * 60 * 1000;
+  /** Cleanup runs every 60 seconds. */
+  private static readonly CLEANUP_INTERVAL_MS = 60 * 1000;
+  public constructor(config: RateLimiterConfig) {
+    this.#refillRate = config.refillRate;
+    this.#maxTokens = config.maxTokens;
+    // Start periodic cleanup.
+    this.#cleanupInterval = setInterval((): void => {
+      this.#cleanup();
+    }, RateLimiter.CLEANUP_INTERVAL_MS);
+  }
+  /**
+   * Attempts to consume a token for the given key.
+   * @returns `{ allowed: true }` if the request is permitted, or
+   *          `{ allowed: false, retryAfterMs }` if the rate limit is exceeded.
+   */
+  public consume(key: string): { allowed: true } | { allowed: false; retryAfterMs: number } {
+    const now = Date.now();
+    let bucket = this.#buckets.get(key);
+    if (bucket === undefined) {
+      bucket = { tokens: this.#maxTokens, lastRefill: now };
+      this.#buckets.set(key, bucket);
+    }
+    // Refill tokens based on elapsed time.
+    const elapsed = (now - bucket.lastRefill) / 1000;
+    bucket.tokens = Math.min(this.#maxTokens, bucket.tokens + elapsed * this.#refillRate);
+    bucket.lastRefill = now;
+    if (bucket.tokens >= 1) {
+      bucket.tokens -= 1;
+      return { allowed: true };
+    }
+    // Calculate how long until one token is available.
+    const deficit = 1 - bucket.tokens;
+    const retryAfterMs = Math.ceil((deficit / this.#refillRate) * 1000);
+    return { allowed: false, retryAfterMs };
+  }
+  /**
+   * Returns the number of keys currently being tracked.
+   */
+  public get size(): number {
+    return this.#buckets.size;
+  }
+  /**
+   * Returns the current token count for a key, or `undefined` if not tracked.
+   */
+  public getTokens(key: string): number | undefined {
+    const bucket = this.#buckets.get(key);
+    if (bucket === undefined) {
+      return undefined;
+    }
+    // Refill to return current state.
+    const elapsed = (Date.now() - bucket.lastRefill) / 1000;
+    return Math.min(this.#maxTokens, bucket.tokens + elapsed * this.#refillRate);
+  }
+  /**
+   * Reconfigures the rate limiter with new settings. Existing buckets are
+   * retained but will use the new `refillRate` and `maxTokens` going forward.
+   *
+   * @see https://github.com/enboxorg/enbox/issues/389
+   */
+  public reconfigure(config: RateLimiterConfig): void {
+    this.#refillRate = config.refillRate;
+    this.#maxTokens = config.maxTokens;
+  }
+  /**
+   * Returns the current configuration of this rate limiter.
+   */
+  public get config(): RateLimiterConfig {
+    return {
+      refillRate : this.#refillRate,
+      maxTokens  : this.#maxTokens,
+    };
+  }
+  /**
+   * Stops the periodic cleanup timer. Call this when shutting down.
+   */
+  public destroy(): void {
+    if (this.#cleanupInterval) {
+      clearInterval(this.#cleanupInterval);
+      this.#cleanupInterval = undefined;
+    }
+    this.#buckets.clear();
+  }
+  /**
+   * Removes buckets that have been at max capacity for longer than the stale threshold.
+   */
+  #cleanup(): void {
+    const now = Date.now();
+    for (const [key, bucket] of this.#buckets) {
+      const elapsed = (now - bucket.lastRefill) / 1000;
+      const currentTokens = Math.min(this.#maxTokens, bucket.tokens + elapsed * this.#refillRate);
+      const timeSinceLastUse = now - bucket.lastRefill;
+      if (currentTokens >= this.#maxTokens && timeSinceLastUse > RateLimiter.STALE_THRESHOLD_MS) {
+        this.#buckets.delete(key);
+      }
+    }
+  }
+}