@ethisyscore/extension-runtime 1.9.0 → 1.10.0

package/dist/host/index.js

@@ -1,5 +1,6 @@
 import { KNOWN_OPERATORS } from '@ethisyscore/protocol';
 import { createElement } from 'react';
+import { z } from 'zod';
 export { RemoteReceiver } from '@remote-dom/core/receivers';
 export { RemoteRootRenderer, createRemoteComponentRenderer } from '@remote-dom/react/host';
 
@@ -284,6 +285,16 @@ function createInputEventCoalescer(sink, options = {}) {
   };
 }
 
+// src/host/worker/bridge-envelopes.ts
+var BRIDGE_PUSH_THEME = "ethisys:bridge:theme";
+var BRIDGE_PUSH_LOCALE = "ethisys:bridge:locale";
+var BRIDGE_PUSH_DENSITY = "ethisys:bridge:density";
+var BRIDGE_PUSH_A11Y = "ethisys:bridge:a11y";
+var BRIDGE_NAV_PUSH = "ethisys:bridge:nav";
+var BRIDGE_CHROME_REQUEST = "ethisys:bridge:chrome:request";
+var BRIDGE_LIFECYCLE_EVENT = "ethisys:bridge:lifecycle";
+var BRIDGE_A11Y_ANNOUNCE = "ethisys:bridge:a11y:announce";
+
 // src/host/worker/transport.ts
 var WORKER_TRANSPORT_PROTOCOL = "ethisys.worker.remotedom.v1";
 var DEFAULT_MAX_CONCURRENT_MCP_REQUESTS = 8;
@@ -298,6 +309,7 @@ var WorkerRemoteDomTransport = class {
   abortController;
   inFlightMcpRequests = 0;
   remoteDomConsumer;
+  bridgeMessageConsumer;
   disposed = false;
   connected = false;
   constructor(options) {
@@ -434,6 +446,39 @@ var WorkerRemoteDomTransport = class {
       }
     };
   }
+  // ─── Bridge push methods (WI 4858 sub-plan 2) ─────────────────────────────
+  /**
+   * Register a consumer for inbound plugin→host bridge messages
+   * (chrome requests, a11y announce, lifecycle events). Only the most recently
+   * registered consumer is kept — the host mount wires exactly one.
+   */
+  onBridgeMessage(consumer) {
+    this.bridgeMessageConsumer = consumer;
+  }
+  /**
+   * Push the current host theme to the plugin worker. Safe to call on every
+   * host theme-context change — the transport coalesces nothing here; rate
+   * limiting at the call site is the host's responsibility.
+   */
+  pushTheme(payload) {
+    this.safePostMessage({ type: BRIDGE_PUSH_THEME, ...payload });
+  }
+  /** Push the current host locale and text direction to the plugin worker. */
+  pushLocale(payload) {
+    this.safePostMessage({ type: BRIDGE_PUSH_LOCALE, ...payload });
+  }
+  /** Push the current UI density preference to the plugin worker. */
+  pushDensity(payload) {
+    this.safePostMessage({ type: BRIDGE_PUSH_DENSITY, ...payload });
+  }
+  /** Push updated accessibility preferences to the plugin worker. */
+  pushA11y(payload) {
+    this.safePostMessage({ type: BRIDGE_PUSH_A11Y, ...payload });
+  }
+  /** Push the current SPA navigation state to the plugin worker. */
+  pushNav(payload) {
+    this.safePostMessage({ type: BRIDGE_NAV_PUSH, ...payload });
+  }
   /**
    * Tear down the worker and port. Idempotent.
    *
@@ -490,6 +535,11 @@ var WorkerRemoteDomTransport = class {
       case "ethisys:remotedom":
         this.remoteDomConsumer?.(message.payload);
         return;
+      case BRIDGE_CHROME_REQUEST:
+      case BRIDGE_A11Y_ANNOUNCE:
+      case BRIDGE_LIFECYCLE_EVENT:
+        this.bridgeMessageConsumer?.(message);
+        return;
       default:
         return;
     }
@@ -579,7 +629,254 @@ var WorkerRemoteDomTransport = class {
     this.safePostMessage({ id, type, ok: false, error: message });
   }
 };
+var IFRAME_BRIDGE_PROTOCOL = "ethisys.iframe.bridge.v1";
+var InboundEnvelope = z.discriminatedUnion("type", [
+  z.object({ type: z.literal("ethisys:mcp:invokeTool"), id: z.string().min(1), name: z.string().min(1), args: z.unknown(), nonce: z.string() }),
+  z.object({ type: z.literal("ethisys:mcp:getResource"), id: z.string().min(1), uri: z.string().min(1), nonce: z.string() }),
+  z.object({ type: z.literal("ethisys:event"), name: z.string().min(1), payload: z.unknown(), nonce: z.string() })
+]);
+function base64url(bytes) {
+  let binary = "";
+  for (const b of bytes) {
+    binary += String.fromCharCode(b);
+  }
+  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function mintNonce() {
+  const bytes = new Uint8Array(32);
+  crypto.getRandomValues(bytes);
+  return base64url(bytes);
+}
+var IframeBridgeTransport = class {
+  frameWindowRef;
+  targetOrigin;
+  capabilityTokenProvider;
+  mcpClient;
+  maxConcurrentMcpRequests;
+  maxMessagesPerSecond;
+  onSecurityEvent;
+  abortController = new AbortController();
+  hostPort;
+  framePort;
+  nonce;
+  eventConsumer;
+  inFlightMcpRequests = 0;
+  windowTimestamps = [];
+  connected = false;
+  disposed = false;
+  constructor(options) {
+    this.frameWindowRef = { current: options.frameWindow };
+    this.targetOrigin = options.targetOrigin;
+    this.capabilityTokenProvider = options.capabilityToken;
+    this.mcpClient = options.mcpClient;
+    this.maxConcurrentMcpRequests = Math.max(1, options.maxConcurrentMcpRequests ?? DEFAULT_MAX_CONCURRENT_MCP_REQUESTS);
+    this.maxMessagesPerSecond = Math.max(1, options.maxMessagesPerSecond ?? 64);
+    this.onSecurityEvent = options.onSecurityEvent;
+  }
+  /**
+   * Post the handshake to the frame. Idempotent — only the FIRST call mints the
+   * nonce, creates the channel, wires the host port, and transfers the frame
+   * port. The handshake uses the exact `targetOrigin` (never `"*"`).
+   */
+  connect() {
+    if (this.connected || this.disposed) {
+      return;
+    }
+    this.connected = true;
+    this.nonce = mintNonce();
+    const channel = new MessageChannel();
+    this.hostPort = channel.port1;
+    this.framePort = channel.port2;
+    this.hostPort.onmessage = (ev) => this.handlePortMessage(ev.data);
+    this.hostPort.start();
+    const handshake = {
+      type: "ethisys:iframe:handshake",
+      protocol: IFRAME_BRIDGE_PROTOCOL,
+      nonce: this.nonce
+    };
+    const frameWindow = this.frameWindowRef.current;
+    frameWindow?.postMessage(handshake, this.targetOrigin, [this.framePort]);
+  }
+  /**
+   * The per-mount handshake nonce (set after {@link connect}, `undefined` before
+   * connect / after dispose). The host mount reads this to validate inbound
+   * cross-origin `window`-level messages (which carry no MessagePort identity).
+   */
+  get connectedNonce() {
+    return this.nonce;
+  }
+  /** Register a consumer for inbound plugin→host `ethisys:event` envelopes. */
+  onEvent(consumer) {
+    this.eventConsumer = consumer;
+  }
+  /**
+   * Push a host→plugin envelope (theme/nav/chrome). Always uses the exact
+   * `targetOrigin` (never `"*"`) and stamps the handshake nonce.
+   */
+  postOutbound(envelope) {
+    if (this.disposed || this.nonce === void 0) {
+      return;
+    }
+    const frameWindow = this.frameWindowRef.current;
+    frameWindow?.postMessage({ ...envelope, nonce: this.nonce }, this.targetOrigin);
+  }
+  /** Tear down. Idempotent. Does NOT remove the iframe (the host mount owns it). */
+  dispose() {
+    if (this.disposed) {
+      return;
+    }
+    this.disposed = true;
+    try {
+      this.abortController.abort();
+    } catch {
+    }
+    try {
+      this.hostPort?.close();
+    } catch {
+    }
+    this.nonce = void 0;
+    this.frameWindowRef.current = null;
+  }
+  // ─── Inbound port message handling ────────────────────────────────────────
+  handlePortMessage(data) {
+    if (this.disposed) {
+      return;
+    }
+    const parsed = InboundEnvelope.safeParse(data);
+    if (!parsed.success) {
+      this.onSecurityEvent?.({ reason: "schema-invalid" });
+      return;
+    }
+    const message = parsed.data;
+    if (message.nonce !== this.nonce) {
+      this.onSecurityEvent?.({ reason: "nonce-mismatch" });
+      return;
+    }
+    if (this.isRateLimited()) {
+      this.onSecurityEvent?.({ reason: "rate-limit-exceeded", type: message.type });
+      if (message.type === "ethisys:mcp:invokeTool" || message.type === "ethisys:mcp:getResource") {
+        this.safePostMessage({
+          id: message.id,
+          type: `${message.type}:result`,
+          ok: false,
+          error: "iframe-bridge rate limit exceeded"
+        });
+      }
+      return;
+    }
+    switch (message.type) {
+      case "ethisys:mcp:invokeTool":
+        this.dispatchMcp(message, "ethisys:mcp:invokeTool:result", (m) => this.handleInvokeTool(m));
+        return;
+      case "ethisys:mcp:getResource":
+        this.dispatchMcp(message, "ethisys:mcp:getResource:result", (m) => this.handleGetResource(m));
+        return;
+      case "ethisys:event":
+        this.eventConsumer?.(message.name, message.payload);
+        return;
+    }
+  }
+  isRateLimited() {
+    const now = Date.now();
+    const cutoff = now - 1e3;
+    this.windowTimestamps = this.windowTimestamps.filter((t) => t > cutoff);
+    if (this.windowTimestamps.length >= this.maxMessagesPerSecond) {
+      return true;
+    }
+    this.windowTimestamps.push(now);
+    return false;
+  }
+  // ─── MCP brokering (structurally identical to the worker transport) ───────
+  dispatchMcp(message, resultType, handler) {
+    if (this.inFlightMcpRequests >= this.maxConcurrentMcpRequests) {
+      this.safePostMessage({
+        id: message.id,
+        type: resultType,
+        ok: false,
+        error: `MCP back-pressure: in-flight cap of ${this.maxConcurrentMcpRequests} reached.`
+      });
+      return;
+    }
+    this.inFlightMcpRequests++;
+    handler(message).finally(() => {
+      this.inFlightMcpRequests = Math.max(0, this.inFlightMcpRequests - 1);
+    });
+  }
+  async handleInvokeTool(message) {
+    let token;
+    try {
+      token = await this.capabilityTokenProvider();
+    } catch (err) {
+      this.replyError(message.id, "ethisys:mcp:invokeTool:result", err);
+      return;
+    }
+    if (this.disposed) {
+      return;
+    }
+    try {
+      const result = await this.mcpClient.fetch({
+        kind: "invokeTool",
+        name: message.name,
+        args: message.args,
+        capabilityToken: token,
+        signal: this.abortController.signal
+      });
+      this.safePostMessage({
+        id: message.id,
+        type: "ethisys:mcp:invokeTool:result",
+        ok: result.ok,
+        data: result.data,
+        error: result.error
+      });
+    } catch (err) {
+      this.replyError(message.id, "ethisys:mcp:invokeTool:result", err);
+    }
+  }
+  async handleGetResource(message) {
+    let token;
+    try {
+      token = await this.capabilityTokenProvider();
+    } catch (err) {
+      this.replyError(message.id, "ethisys:mcp:getResource:result", err);
+      return;
+    }
+    if (this.disposed) {
+      return;
+    }
+    try {
+      const result = await this.mcpClient.fetch({
+        kind: "getResource",
+        uri: message.uri,
+        capabilityToken: token,
+        signal: this.abortController.signal
+      });
+      this.safePostMessage({
+        id: message.id,
+        type: "ethisys:mcp:getResource:result",
+        ok: result.ok,
+        data: result.data,
+        error: result.error
+      });
+    } catch (err) {
+      this.replyError(message.id, "ethisys:mcp:getResource:result", err);
+    }
+  }
+  replyError(id, type, err) {
+    const message = err instanceof Error ? err.message : "MCP request failed";
+    this.safePostMessage({ id, type, ok: false, error: message });
+  }
+  /** Best-effort reply over the host port; tolerates post-dispose races. */
+  safePostMessage(message) {
+    if (this.disposed || this.hostPort === void 0) {
+      return;
+    }
+    try {
+      this.hostPort.postMessage(message);
+    } catch {
+    }
+  }
+};
 
-export { CONTRACT_B_PRIMITIVES, DEFAULT_MAX_CONCURRENT_MCP_REQUESTS, DEFAULT_OFFSCREEN_COALESCE_MS, SemanticComponentRegistry, WORKER_TRANSPORT_PROTOCOL, WorkerRemoteDomTransport, createInputEventCoalescer, createOffscreenCanvasTransfer, evaluate, interpret };
+export { CONTRACT_B_PRIMITIVES, DEFAULT_MAX_CONCURRENT_MCP_REQUESTS, DEFAULT_OFFSCREEN_COALESCE_MS, IFRAME_BRIDGE_PROTOCOL, IframeBridgeTransport, SemanticComponentRegistry, WORKER_TRANSPORT_PROTOCOL, WorkerRemoteDomTransport, createInputEventCoalescer, createOffscreenCanvasTransfer, evaluate, interpret };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map