@floegence/flowersec-core 0.17.1 → 0.18.0

package/dist/connect/internalNormalize.js

@@ -0,0 +1,173 @@
+import { Role as ControlRole } from "../gen/flowersec/controlplane/v1.gen.js";
+import { emitObserverDiagnostic, normalizeObserver, withObserverContext } from "../observability/observer.js";
+import { FlowersecError } from "../utils/errors.js";
+import { assertConnectArtifact, hasArtifactOnlyFields, } from "./artifact.js";
+function maybeParseJSON(input) {
+    if (typeof input !== "string")
+        return input;
+    const s = input.trim();
+    if (s === "")
+        return input;
+    if (s[0] !== "{" && s[0] !== "[")
+        return input;
+    try {
+        return JSON.parse(s);
+    }
+    catch (e) {
+        throw new FlowersecError({
+            path: "auto",
+            stage: "validate",
+            code: "invalid_input",
+            message: "invalid JSON string",
+            cause: e,
+        });
+    }
+}
+async function validateArtifactScopes(artifact, opts, observer) {
+    const scoped = artifact.scoped ?? [];
+    if (scoped.length === 0)
+        return;
+    const path = artifact.transport;
+    for (const entry of scoped) {
+        const resolver = opts.scopeResolvers?.[entry.scope];
+        if (resolver == null) {
+            if (entry.critical) {
+                throw new FlowersecError({
+                    path,
+                    stage: "validate",
+                    code: "resolve_failed",
+                    message: `missing scope resolver for ${entry.scope}@${entry.scope_version}`,
+                });
+            }
+            emitObserverDiagnostic(observer, {
+                path,
+                stage: "scope",
+                code_domain: "event",
+                code: "scope_ignored_missing_resolver",
+                result: "skip",
+            });
+            continue;
+        }
+        try {
+            await resolver(entry);
+        }
+        catch (e) {
+            if (!entry.critical && opts.relaxedOptionalScopeValidation === true) {
+                emitObserverDiagnostic(observer, {
+                    path,
+                    stage: "scope",
+                    code_domain: "event",
+                    code: "scope_ignored_relaxed_validation",
+                    result: "skip",
+                });
+                continue;
+            }
+            throw new FlowersecError({
+                path,
+                stage: "validate",
+                code: "resolve_failed",
+                message: `scope validation failed for ${entry.scope}@${entry.scope_version}`,
+                cause: e,
+            });
+        }
+    }
+}
+export async function normalizeConnectInput(input, opts = {}) {
+    const v = maybeParseJSON(input);
+    if (v == null || typeof v !== "object") {
+        throw new FlowersecError({
+            path: "auto",
+            stage: "validate",
+            code: "invalid_input",
+            message: "invalid input: expected an object or a JSON string",
+        });
+    }
+    const o = v;
+    const hasWsUrl = Object.prototype.hasOwnProperty.call(o, "ws_url");
+    const hasTunnelUrl = Object.prototype.hasOwnProperty.call(o, "tunnel_url");
+    const hasGrantClient = Object.prototype.hasOwnProperty.call(o, "grant_client");
+    const hasGrantServer = Object.prototype.hasOwnProperty.call(o, "grant_server");
+    const isArtifactCandidate = hasArtifactOnlyFields(o);
+    if ((hasWsUrl && (hasTunnelUrl || hasGrantClient || hasGrantServer)) || (hasTunnelUrl && (hasGrantClient || hasGrantServer))) {
+        throw new FlowersecError({
+            path: "auto",
+            stage: "validate",
+            code: "invalid_input",
+            message: "hybrid connect input is not allowed",
+        });
+    }
+    if (isArtifactCandidate && (hasWsUrl || hasTunnelUrl || hasGrantClient || hasGrantServer)) {
+        throw new FlowersecError({
+            path: "auto",
+            stage: "validate",
+            code: "invalid_input",
+            message: "artifact fields cannot be mixed with legacy connect inputs",
+        });
+    }
+    if (hasGrantServer) {
+        throw new FlowersecError({
+            path: "tunnel",
+            stage: "validate",
+            code: "role_mismatch",
+            message: "expected role=client",
+        });
+    }
+    if (hasGrantClient)
+        return { kind: "tunnel", input: v };
+    if (hasWsUrl)
+        return { kind: "direct", input: v };
+    if (hasTunnelUrl) {
+        if (typeof o.role === "number" && Number.isSafeInteger(o.role) && o.role === ControlRole.Role_server) {
+            throw new FlowersecError({
+                path: "tunnel",
+                stage: "validate",
+                code: "role_mismatch",
+                message: "expected role=client",
+            });
+        }
+        return { kind: "tunnel", input: v };
+    }
+    if (isArtifactCandidate) {
+        let artifact;
+        try {
+            artifact = assertConnectArtifact(v);
+        }
+        catch (e) {
+            throw new FlowersecError({
+                path: "auto",
+                stage: "validate",
+                code: "invalid_input",
+                message: "invalid ConnectArtifact",
+                cause: e,
+            });
+        }
+        const observer = opts.observer == null
+            ? undefined
+            : normalizeObserver(withObserverContext(opts.observer, {
+                path: artifact.transport,
+                ...(artifact.correlation?.trace_id === undefined ? {} : { traceId: artifact.correlation.trace_id }),
+                ...(artifact.correlation?.session_id === undefined ? {} : { sessionId: artifact.correlation.session_id }),
+            }), { path: artifact.transport });
+        await validateArtifactScopes(artifact, opts, observer);
+        if (artifact.transport === "direct") {
+            return {
+                kind: "direct",
+                input: artifact.direct_info,
+                ...(artifact.correlation === undefined ? {} : { correlation: artifact.correlation }),
+                ...(observer === undefined ? {} : { observer }),
+            };
+        }
+        return {
+            kind: "tunnel",
+            input: artifact.tunnel_grant,
+            ...(artifact.correlation === undefined ? {} : { correlation: artifact.correlation }),
+            ...(observer === undefined ? {} : { observer }),
+        };
+    }
+    throw new FlowersecError({
+        path: "auto",
+        stage: "validate",
+        code: "invalid_input",
+        message: "invalid input: expected DirectConnectInfo, ChannelInitGrant, wrapper, or ConnectArtifact",
+    });
+}

package/dist/facade.d.ts

@@ -1,12 +1,15 @@
 import type { Client } from "./client.js";
 import type { DirectConnectOptions } from "./direct-client/connect.js";
 import type { TunnelConnectOptions } from "./tunnel-client/connect.js";
+import { type ConnectArtifact, type CorrelationContext, type CorrelationKV, type DirectClientConnectArtifact, type ScopeMetadataEntry, type TunnelClientConnectArtifact } from "./connect/artifact.js";
 import type { ChannelInitGrant } from "./gen/flowersec/controlplane/v1.gen.js";
 import type { DirectConnectInfo } from "./gen/flowersec/direct/v1.gen.js";
 export type { ChannelInitGrant } from "./gen/flowersec/controlplane/v1.gen.js";
 export { assertChannelInitGrant } from "./gen/flowersec/controlplane/v1.gen.js";
 export type { DirectConnectInfo } from "./gen/flowersec/direct/v1.gen.js";
 export { assertDirectConnectInfo } from "./gen/flowersec/direct/v1.gen.js";
+export type { ConnectArtifact, CorrelationContext, CorrelationKV, DirectClientConnectArtifact, ScopeMetadataEntry, TunnelClientConnectArtifact, };
+export { assertConnectArtifact } from "./connect/artifact.js";
 export type { ClientObserverLike } from "./observability/observer.js";
 export type { Client, ClientPath } from "./client.js";
 export type { FlowersecErrorCode, FlowersecPath, FlowersecStage } from "./utils/errors.js";
@@ -18,4 +21,5 @@ export declare function connectTunnel(grant: ChannelInitGrant, opts: TunnelConne
 export declare function connectDirect(info: DirectConnectInfo, opts: DirectConnectOptions): Promise<Client>;
 export declare function connect(input: DirectConnectInfo, opts: DirectConnectOptions): Promise<Client>;
 export declare function connect(input: ChannelInitGrant, opts: TunnelConnectOptions): Promise<Client>;
+export declare function connect(input: ConnectArtifact, opts: ConnectOptions): Promise<Client>;
 export declare function connect(input: unknown, opts: ConnectOptions): Promise<Client>;

package/dist/facade.js

@@ -1,8 +1,10 @@
 import { connectDirect as connectDirectInternal } from "./direct-client/connect.js";
 import { connectTunnel as connectTunnelInternal } from "./tunnel-client/connect.js";
-import { FlowersecError } from "./utils/errors.js";
+import { normalizeConnectInput } from "./connect/internalNormalize.js";
+import { withObserverContext } from "./observability/observer.js";
 export { assertChannelInitGrant } from "./gen/flowersec/controlplane/v1.gen.js";
 export { assertDirectConnectInfo } from "./gen/flowersec/direct/v1.gen.js";
+export { assertConnectArtifact } from "./connect/artifact.js";
 export { FlowersecError } from "./utils/errors.js";
 export async function connectTunnel(grant, opts) {
     return await connectTunnelInternal(grant, opts);
@@ -10,52 +12,18 @@ export async function connectTunnel(grant, opts) {
 export async function connectDirect(info, opts) {
     return await connectDirectInternal(info, opts);
 }
-function maybeParseJSON(input) {
-    if (typeof input !== "string")
-        return input;
-    const s = input.trim();
-    if (s === "")
-        return input;
-    if (s[0] !== "{" && s[0] !== "[")
-        return input;
-    try {
-        return JSON.parse(s);
-    }
-    catch (e) {
-        throw new FlowersecError({
-            path: "auto",
-            stage: "validate",
-            code: "invalid_input",
-            message: "invalid JSON string",
-            cause: e,
-        });
-    }
-}
 export async function connect(input, opts) {
-    const v = maybeParseJSON(input);
-    if (v != null && typeof v === "object") {
-        const o = v;
-        if (o["ws_url"] !== undefined)
-            return await connectDirectInternal(v, opts);
-        if (o["grant_client"] !== undefined)
-            return await connectTunnelInternal(v, opts);
-        if (o["grant_server"] !== undefined)
-            return await connectTunnelInternal(v, opts);
-        if (o["tunnel_url"] !== undefined)
-            return await connectTunnelInternal(v, opts);
-        if (o["token"] !== undefined || o["role"] !== undefined)
-            return await connectTunnelInternal(v, opts);
-        throw new FlowersecError({
-            path: "auto",
-            stage: "validate",
-            code: "invalid_input",
-            message: "invalid input: expected DirectConnectInfo (ws_url) or ChannelInitGrant (tunnel_url, grant_client, or grant_server)",
-        });
+    const normalized = await normalizeConnectInput(input, opts);
+    const nextObserver = normalized.observer ??
+        (normalized.correlation == null
+            ? opts.observer
+            : withObserverContext(opts.observer, {
+                ...(normalized.correlation.trace_id === undefined ? {} : { traceId: normalized.correlation.trace_id }),
+                ...(normalized.correlation.session_id === undefined ? {} : { sessionId: normalized.correlation.session_id }),
+            }));
+    const nextOpts = (nextObserver === opts.observer ? opts : { ...opts, observer: nextObserver });
+    if (normalized.kind === "direct") {
+        return await connectDirectInternal(normalized.input, nextOpts);
     }
-    throw new FlowersecError({
-        path: "auto",
-        stage: "validate",
-        code: "invalid_input",
-        message: "invalid input: expected an object or a JSON string",
-    });
+    return await connectTunnelInternal(normalized.input, nextOpts);
 }

package/dist/node/connect.d.ts

@@ -1,9 +1,12 @@
 import type { Client } from "../client.js";
 import type { DirectConnectOptions } from "../direct-client/connect.js";
 import type { TunnelConnectOptions } from "../tunnel-client/connect.js";
+import { type ConnectOptions } from "../facade.js";
+import type { ConnectArtifact } from "../connect/artifact.js";
 import type { ChannelInitGrant } from "../gen/flowersec/controlplane/v1.gen.js";
 import type { DirectConnectInfo } from "../gen/flowersec/direct/v1.gen.js";
 export declare function connectNode(input: DirectConnectInfo, opts: DirectConnectOptions): Promise<Client>;
 export declare function connectNode(input: ChannelInitGrant, opts: TunnelConnectOptions): Promise<Client>;
+export declare function connectNode(input: ConnectArtifact, opts: ConnectOptions): Promise<Client>;
 export declare function connectTunnelNode(grant: ChannelInitGrant, opts: TunnelConnectOptions): Promise<Client>;
 export declare function connectDirectNode(info: DirectConnectInfo, opts: DirectConnectOptions): Promise<Client>;

package/dist/node/index.d.ts

@@ -1,2 +1,4 @@
 export { createNodeWsFactory } from "./wsFactory.js";
 export { connectDirectNode, connectNode, connectTunnelNode } from "./connect.js";
+export type { ConnectArtifact, CorrelationContext, CorrelationKV, DirectClientConnectArtifact, ScopeMetadataEntry, TunnelClientConnectArtifact, } from "../connect/artifact.js";
+export { assertConnectArtifact } from "../connect/artifact.js";

package/dist/node/index.js

@@ -1,2 +1,3 @@
 export { createNodeWsFactory } from "./wsFactory.js";
 export { connectDirectNode, connectNode, connectTunnelNode } from "./connect.js";
+export { assertConnectArtifact } from "../connect/artifact.js";

package/dist/observability/observer.d.ts

@@ -8,6 +8,27 @@ export type HandshakeReason = "auth_tag_mismatch" | "handshake_failed" | "invali
 export type WsCloseKind = "local" | "peer_or_error";
 export type WsErrorReason = "error" | "recv_buffer_exceeded" | "unexpected_text_frame" | "unexpected_message_type";
 export type RpcCallResult = "ok" | "rpc_error" | "handler_not_found" | "transport_error" | "canceled";
+export type DiagnosticEvent = Readonly<{
+    v: 1;
+    namespace: "connect";
+    path: ClientPath | "auto";
+    stage: "validate" | "normalize" | "scope" | "connect" | "attach" | "handshake" | "close" | "reconnect";
+    code_domain: "error" | "event";
+    code: string;
+    result: "ok" | "fail" | "retry" | "skip";
+    elapsed_ms: number;
+    attempt_seq: number;
+    trace_id?: string;
+    session_id?: string;
+}>;
+type ObserverContext = Readonly<{
+    path?: ClientPath | "auto";
+    traceId?: string;
+    sessionId?: string;
+    attemptSeq?: number;
+    attemptStartMs?: number;
+    maxQueuedItems?: number;
+}>;
 export type ClientObserver = {
     onConnect(path: ClientPath, result: ConnectResult, reason: ConnectReason | undefined, elapsedSeconds: number): void;
     onAttach(result: AttachResult, reason: AttachReason | undefined): void;
@@ -16,8 +37,13 @@ export type ClientObserver = {
     onWsError(reason: WsErrorReason): void;
     onRpcCall(result: RpcCallResult, elapsedSeconds: number): void;
     onRpcNotify(): void;
+    onDiagnosticEvent(event: DiagnosticEvent): void;
 };
 export type ClientObserverLike = Partial<ClientObserver>;
+type DiagnosticEventInput = Omit<DiagnosticEvent, "v" | "namespace" | "elapsed_ms" | "attempt_seq" | "trace_id" | "session_id" | "path"> & Partial<Pick<DiagnosticEvent, "path">>;
 export declare const NoopObserver: ClientObserver;
-export declare function normalizeObserver(observer?: ClientObserverLike): ClientObserver;
+export declare function withObserverContext(observer: ClientObserverLike | undefined, context: ObserverContext): ClientObserverLike | undefined;
+export declare function emitObserverDiagnostic(observer: ClientObserverLike | undefined, event: DiagnosticEventInput): void;
+export declare function normalizeObserver(observer?: ClientObserverLike, context?: ObserverContext): ClientObserver;
 export declare function nowSeconds(): number;
+export {};

package/dist/observability/observer.js

@@ -1,3 +1,6 @@
+const OBSERVER_CONTEXT = Symbol.for("floegence.flowersec.observer_context");
+const NORMALIZED_OBSERVER = Symbol.for("floegence.flowersec.normalized_observer");
+const DEFAULT_MAX_QUEUED_ITEMS = 64;
 export const NoopObserver = {
     onConnect: () => { },
     onAttach: () => { },
@@ -5,24 +8,277 @@ export const NoopObserver = {
     onWsClose: () => { },
     onWsError: () => { },
     onRpcCall: () => { },
-    onRpcNotify: () => { }
+    onRpcNotify: () => { },
+    onDiagnosticEvent: () => { },
 };
-export function normalizeObserver(observer) {
+function getObserverContext(observer) {
+    const context = observer?.[OBSERVER_CONTEXT];
+    if (context == null || typeof context !== "object")
+        return {};
+    return context;
+}
+function safeInvoke(fn) {
+    if (fn == null)
+        return;
+    try {
+        fn();
+    }
+    catch {
+        // Best effort only; observability must not affect connect semantics.
+    }
+}
+function hasAnyHandlers(observer) {
     if (observer == null)
-        return NoopObserver;
+        return false;
+    return (observer.onConnect != null ||
+        observer.onAttach != null ||
+        observer.onHandshake != null ||
+        observer.onWsClose != null ||
+        observer.onWsError != null ||
+        observer.onRpcCall != null ||
+        observer.onRpcNotify != null ||
+        observer.onDiagnosticEvent != null);
+}
+function buildDiagnosticEvent(context, event) {
+    return Object.freeze({
+        v: 1,
+        namespace: "connect",
+        path: event.path ?? context.path ?? "auto",
+        stage: event.stage,
+        code_domain: event.code_domain,
+        code: event.code,
+        result: event.result,
+        elapsed_ms: Math.max(0, Math.floor(nowMilliseconds() - (context.attemptStartMs ?? nowMilliseconds()))),
+        attempt_seq: Math.max(1, Math.floor(context.attemptSeq ?? 1)),
+        ...(context.traceId === undefined ? {} : { trace_id: context.traceId }),
+        ...(context.sessionId === undefined ? {} : { session_id: context.sessionId }),
+    });
+}
+function mapConnectDiagnostic(path, result, reason) {
+    if (result === "ok") {
+        return { path, stage: "connect", code_domain: "event", code: "connect_ok", result: "ok" };
+    }
+    return {
+        path,
+        stage: "connect",
+        code_domain: "error",
+        code: reason === "timeout" || reason === "canceled" ? reason : "dial_failed",
+        result: "fail",
+    };
+}
+function mapAttachDiagnostic(result, reason, path) {
+    if (result === "ok") {
+        return { path, stage: "attach", code_domain: "event", code: "attach_ok", result: "ok" };
+    }
     return {
-        onConnect: observer.onConnect ?? NoopObserver.onConnect,
-        onAttach: observer.onAttach ?? NoopObserver.onAttach,
-        onHandshake: observer.onHandshake ?? NoopObserver.onHandshake,
-        onWsClose: observer.onWsClose ?? NoopObserver.onWsClose,
-        onWsError: observer.onWsError ?? NoopObserver.onWsError,
-        onRpcCall: observer.onRpcCall ?? NoopObserver.onRpcCall,
-        onRpcNotify: observer.onRpcNotify ?? NoopObserver.onRpcNotify
+        path,
+        stage: "attach",
+        code_domain: "error",
+        code: reason === "send_failed" ? "attach_failed" : (reason ?? "attach_failed"),
+        result: "fail",
     };
 }
+function mapHandshakeDiagnostic(path, result, reason) {
+    if (result === "ok") {
+        return { path, stage: "handshake", code_domain: "event", code: "handshake_ok", result: "ok" };
+    }
+    return {
+        path,
+        stage: "handshake",
+        code_domain: "error",
+        code: reason ?? "handshake_failed",
+        result: "fail",
+    };
+}
+function mapWsCloseDiagnostic(kind, path) {
+    return {
+        path,
+        stage: "close",
+        code_domain: "event",
+        code: kind === "local" ? "ws_close_local" : "ws_close_peer_or_error",
+        result: "skip",
+    };
+}
+function mapWsErrorDiagnostic(path) {
+    return {
+        path,
+        stage: "close",
+        code_domain: "event",
+        code: "ws_error",
+        result: "skip",
+    };
+}
+class ObserverDispatcher {
+    [NORMALIZED_OBSERVER] = true;
+    [OBSERVER_CONTEXT];
+    queue = [];
+    observer;
+    maxQueuedItems;
+    draining = false;
+    overflowQueued = false;
+    constructor(observer, context) {
+        this.observer = observer;
+        this[OBSERVER_CONTEXT] = context;
+        this.maxQueuedItems = Math.max(4, Math.floor(context.maxQueuedItems ?? DEFAULT_MAX_QUEUED_ITEMS));
+    }
+    onConnect(path, result, reason, elapsedSeconds) {
+        const diagnostic = mapConnectDiagnostic(path, result, reason);
+        this.enqueueCombined(() => this.observer.onConnect?.(path, result, reason, elapsedSeconds), diagnostic, result === "fail");
+    }
+    onAttach(result, reason) {
+        const diagnostic = mapAttachDiagnostic(result, reason, this[OBSERVER_CONTEXT].path ?? "auto");
+        this.enqueueCombined(() => this.observer.onAttach?.(result, reason), diagnostic, result === "fail");
+    }
+    onHandshake(path, result, reason, elapsedSeconds) {
+        const diagnostic = mapHandshakeDiagnostic(path, result, reason);
+        this.enqueueCombined(() => this.observer.onHandshake?.(path, result, reason, elapsedSeconds), diagnostic, result === "fail");
+    }
+    onWsClose(kind, code) {
+        const diagnostic = mapWsCloseDiagnostic(kind, this[OBSERVER_CONTEXT].path ?? "auto");
+        this.enqueueCombined(() => this.observer.onWsClose?.(kind, code), diagnostic, false);
+    }
+    onWsError(reason) {
+        const diagnostic = mapWsErrorDiagnostic(this[OBSERVER_CONTEXT].path ?? "auto");
+        this.enqueueCombined(() => this.observer.onWsError?.(reason), diagnostic, false);
+    }
+    onRpcCall(result, elapsedSeconds) {
+        this.enqueueCombined(() => this.observer.onRpcCall?.(result, elapsedSeconds), undefined, false);
+    }
+    onRpcNotify() {
+        this.enqueueCombined(() => this.observer.onRpcNotify?.(), undefined, false);
+    }
+    onDiagnosticEvent(event) {
+        this.enqueueCombined(() => this.observer.onDiagnosticEvent?.(event), undefined, event.result === "fail");
+    }
+    emitDiagnosticEvent(event) {
+        const diagnostic = buildDiagnosticEvent(this[OBSERVER_CONTEXT], event);
+        this.enqueue({
+            kind: event.code === "diagnostics_overflow" ? "overflow" : event.result === "fail" ? "terminal" : "normal",
+            deliver: () => this.observer.onDiagnosticEvent?.(diagnostic),
+        });
+    }
+    enqueueCombined(callback, diagnostic, terminal) {
+        if (callback == null && diagnostic == null)
+            return;
+        const event = diagnostic == null ? undefined : buildDiagnosticEvent(this[OBSERVER_CONTEXT], diagnostic);
+        this.enqueue({
+            kind: terminal ? "terminal" : "normal",
+            deliver: () => {
+                safeInvoke(callback);
+                if (event != null) {
+                    safeInvoke(() => this.observer.onDiagnosticEvent?.(event));
+                }
+            },
+        });
+    }
+    enqueue(item) {
+        if (this.queue.length >= this.maxQueuedItems) {
+            if (!this.makeRoom(item.kind)) {
+                return;
+            }
+        }
+        if (item.kind === "overflow") {
+            if (this.overflowQueued)
+                return;
+            this.overflowQueued = true;
+        }
+        this.queue.push(item);
+        this.scheduleDrain();
+    }
+    makeRoom(kind) {
+        const removableIndex = this.queue.findIndex((entry) => entry.kind === "normal");
+        if (removableIndex >= 0) {
+            this.queue.splice(removableIndex, 1);
+            if (kind === "normal") {
+                this.queueOverflowEvent();
+            }
+            return true;
+        }
+        if (kind === "normal") {
+            return false;
+        }
+        if (this.queue.length > 0) {
+            const shifted = this.queue.shift();
+            if (shifted?.kind === "overflow")
+                this.overflowQueued = false;
+            return true;
+        }
+        return true;
+    }
+    queueOverflowEvent() {
+        if (this.overflowQueued || this.observer.onDiagnosticEvent == null)
+            return;
+        this.enqueue({
+            kind: "overflow",
+            deliver: () => {
+                this.overflowQueued = false;
+                safeInvoke(() => this.observer.onDiagnosticEvent?.(buildDiagnosticEvent(this[OBSERVER_CONTEXT], {
+                    stage: "reconnect",
+                    code_domain: "event",
+                    code: "diagnostics_overflow",
+                    result: "skip",
+                })));
+            },
+        });
+    }
+    scheduleDrain() {
+        if (this.draining)
+            return;
+        this.draining = true;
+        queueMicrotask(() => this.drainOne());
+    }
+    drainOne() {
+        this.draining = false;
+        const item = this.queue.shift();
+        if (item == null)
+            return;
+        if (item.kind === "overflow") {
+            this.overflowQueued = false;
+        }
+        safeInvoke(item.deliver);
+        if (this.queue.length > 0) {
+            this.scheduleDrain();
+        }
+    }
+}
+export function withObserverContext(observer, context) {
+    if (observer == null && Object.keys(context).length === 0)
+        return observer;
+    const previous = getObserverContext(observer);
+    return Object.assign({}, observer ?? {}, {
+        [OBSERVER_CONTEXT]: {
+            ...previous,
+            ...context,
+        },
+    });
+}
+export function emitObserverDiagnostic(observer, event) {
+    const normalized = normalizeObserver(observer);
+    if (normalized.emitDiagnosticEvent) {
+        normalized.emitDiagnosticEvent(event);
+        return;
+    }
+    safeInvoke(() => normalized.onDiagnosticEvent(buildDiagnosticEvent(getObserverContext(observer), event)));
+}
+export function normalizeObserver(observer, context = {}) {
+    if (observer?.[NORMALIZED_OBSERVER] === true) {
+        return observer;
+    }
+    if (!hasAnyHandlers(observer))
+        return NoopObserver;
+    return new ObserverDispatcher(observer ?? {}, {
+        attemptSeq: 1,
+        attemptStartMs: nowMilliseconds(),
+        ...getObserverContext(observer),
+        ...context,
+    });
+}
 export function nowSeconds() {
+    return nowMilliseconds() / 1000;
+}
+function nowMilliseconds() {
     if (typeof performance !== "undefined" && typeof performance.now === "function") {
-        return performance.now() / 1000;
+        return performance.now();
     }
-    return Date.now() / 1000;
+    return Date.now();
 }

package/dist/proxy/bootstrap.d.ts

@@ -1,13 +1,13 @@
 import type { Client } from "../client.js";
 import type { TunnelConnectBrowserOptions } from "../browser/connect.js";
 import type { ChannelInitGrant } from "../gen/flowersec/controlplane/v1.gen.js";
-import { type ProxyIntegrationPlugin, type ProxyIntegrationServiceWorkerOptions, type RegisterProxyIntegrationOptions } from "./integration.js";
+import { type ProxyIntegrationPlugin, type RegisterProxyIntegrationOptions, type ProxyIntegrationServiceWorkerOptions } from "./integration.js";
 import { type RegisterProxyControllerWindowOptions } from "./controllerWindow.js";
-import type { ProxyProfile, ProxyProfileName } from "./profiles.js";
+import type { ProxyPresetInput } from "./preset.js";
 import { type ProxyRuntime } from "./runtime.js";
 export type ConnectTunnelProxyBrowserOptions = Readonly<{
     connect?: TunnelConnectBrowserOptions;
-    profile?: ProxyProfileName | Partial<ProxyProfile>;
+    preset?: ProxyPresetInput;
     runtimeGlobalKey?: string;
     runtime?: RegisterProxyIntegrationOptions["runtime"];
     serviceWorker: ProxyIntegrationServiceWorkerOptions;

package/dist/proxy/bootstrap.js

@@ -4,10 +4,12 @@ import { registerProxyControllerWindow } from "./controllerWindow.js";
 import { createProxyRuntime } from "./runtime.js";
 export async function connectTunnelProxyBrowser(grant, opts) {
     const client = await connectTunnelBrowser(grant, opts.connect ?? {});
+    const compat = opts;
     const integrationInput = {
         client,
         serviceWorker: opts.serviceWorker,
-        ...(opts.profile === undefined ? {} : { profile: opts.profile }),
+        ...(opts.preset === undefined ? {} : { preset: opts.preset }),
+        ...(compat.profile === undefined ? {} : { profile: compat.profile }),
         ...(opts.runtimeGlobalKey === undefined ? {} : { runtimeGlobalKey: opts.runtimeGlobalKey }),
         ...(opts.runtime === undefined ? {} : { runtime: opts.runtime }),
         ...(opts.plugins === undefined ? {} : { plugins: opts.plugins }),