@forwardimpact/libbridge 0.1.13 → 0.1.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/callback-registry.js +59 -6
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@forwardimpact/libbridge",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.15",
|
|
4
4
|
"description": "Threaded-channel bridge primitives — relay messages between human channels (GitHub Discussions, Microsoft Teams) and the Kata agent team.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"bridge",
|
package/src/callback-registry.js
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { randomUUID } from "node:crypto";
|
|
2
2
|
|
|
3
3
|
const DEFAULT_TTL_MS = 2 * 60 * 60 * 1000;
|
|
4
|
+
const DEFAULT_SWEEP_INTERVAL_MS = 10 * 60 * 1000;
|
|
4
5
|
|
|
5
6
|
/**
|
|
6
7
|
* In-memory registry of pending bridge → workflow callbacks. Hosts persist
|
|
@@ -17,6 +18,7 @@ export class CallbackRegistry {
|
|
|
17
18
|
#ttlMs;
|
|
18
19
|
#clock;
|
|
19
20
|
#entries = new Map();
|
|
21
|
+
#sweepTimer = null;
|
|
20
22
|
|
|
21
23
|
/**
|
|
22
24
|
* @param {object} [options]
|
|
@@ -56,8 +58,20 @@ export class CallbackRegistry {
|
|
|
56
58
|
}
|
|
57
59
|
|
|
58
60
|
/**
|
|
59
|
-
*
|
|
60
|
-
*
|
|
61
|
+
* Whether an entry's TTL has elapsed; expired entries are dropped at the
|
|
62
|
+
* lookup that observes them so a stale token stops being a credential
|
|
63
|
+
* even when no sweep has run yet.
|
|
64
|
+
* @param {{createdAt: number}} entry
|
|
65
|
+
* @param {number} now
|
|
66
|
+
* @returns {boolean}
|
|
67
|
+
*/
|
|
68
|
+
#expired(entry, now) {
|
|
69
|
+
return now - entry.createdAt > this.#ttlMs;
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
/**
|
|
73
|
+
* Atomic lookup + delete. Returns null when the token is unknown, expired,
|
|
74
|
+
* or when the supplied `tenant_id` does not match the stored binding.
|
|
61
75
|
* @param {string} token
|
|
62
76
|
* @param {{tenant_id: string}} bind
|
|
63
77
|
* @returns {{correlationId: string, meta: object, createdAt: number} | null}
|
|
@@ -68,6 +82,10 @@ export class CallbackRegistry {
|
|
|
68
82
|
}
|
|
69
83
|
const entry = this.#entries.get(token);
|
|
70
84
|
if (!entry) return null;
|
|
85
|
+
if (this.#expired(entry, this.#clock.now())) {
|
|
86
|
+
this.#entries.delete(token);
|
|
87
|
+
return null;
|
|
88
|
+
}
|
|
71
89
|
if (entry.meta.tenant_id !== bind.tenant_id) return null;
|
|
72
90
|
this.#entries.delete(token);
|
|
73
91
|
return entry;
|
|
@@ -87,6 +105,10 @@ export class CallbackRegistry {
|
|
|
87
105
|
}
|
|
88
106
|
const entry = this.#entries.get(token);
|
|
89
107
|
if (!entry) return null;
|
|
108
|
+
if (this.#expired(entry, this.#clock.now())) {
|
|
109
|
+
this.#entries.delete(token);
|
|
110
|
+
return null;
|
|
111
|
+
}
|
|
90
112
|
if (entry.meta.tenant_id !== bind.tenant_id) return null;
|
|
91
113
|
return { ...entry };
|
|
92
114
|
}
|
|
@@ -97,15 +119,25 @@ export class CallbackRegistry {
|
|
|
97
119
|
* route uses this to verify a path-supplied tenant against the binding
|
|
98
120
|
* the dispatcher recorded. Single-pass scan of the entries map; the
|
|
99
121
|
* registry is one entry per in-flight dispatch per bridge process.
|
|
122
|
+
*
|
|
123
|
+
* Scan-by-design (timing-parity): the bounded-n scan is acceptable only
|
|
124
|
+
* while the caller preserves response-shape parity — a miss here and a
|
|
125
|
+
* tenant mismatch must produce the same response (the inbox route
|
|
126
|
+
* collapses both to 404 `Unknown correlation`), so timing or shape never
|
|
127
|
+
* distinguishes "correlation unknown" from "correlation bound elsewhere".
|
|
100
128
|
* @param {string} correlationId
|
|
101
129
|
* @returns {string | null}
|
|
102
130
|
*/
|
|
103
131
|
tenantOf(correlationId) {
|
|
104
132
|
if (typeof correlationId !== "string" || !correlationId) return null;
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
133
|
+
const now = this.#clock.now();
|
|
134
|
+
for (const [token, entry] of this.#entries) {
|
|
135
|
+
if (entry.correlationId !== correlationId) continue;
|
|
136
|
+
if (this.#expired(entry, now)) {
|
|
137
|
+
this.#entries.delete(token);
|
|
138
|
+
continue;
|
|
108
139
|
}
|
|
140
|
+
return entry.meta.tenant_id;
|
|
109
141
|
}
|
|
110
142
|
return null;
|
|
111
143
|
}
|
|
@@ -119,11 +151,32 @@ export class CallbackRegistry {
|
|
|
119
151
|
sweep(now = this.#clock.now()) {
|
|
120
152
|
let evicted = 0;
|
|
121
153
|
for (const [token, entry] of this.#entries) {
|
|
122
|
-
if (
|
|
154
|
+
if (this.#expired(entry, now)) {
|
|
123
155
|
this.#entries.delete(token);
|
|
124
156
|
evicted++;
|
|
125
157
|
}
|
|
126
158
|
}
|
|
127
159
|
return evicted;
|
|
128
160
|
}
|
|
161
|
+
|
|
162
|
+
/**
|
|
163
|
+
* Start the periodic sweep so tokens whose dispatch never calls back are
|
|
164
|
+
* reclaimed instead of accumulating for the life of the process. Idempotent;
|
|
165
|
+
* the handle is unref'd so it never holds the process open.
|
|
166
|
+
* @param {number} [intervalMs]
|
|
167
|
+
*/
|
|
168
|
+
startSweepTimer(intervalMs = DEFAULT_SWEEP_INTERVAL_MS) {
|
|
169
|
+
if (this.#sweepTimer) return;
|
|
170
|
+
this.#sweepTimer = this.#clock.setInterval(() => this.sweep(), intervalMs);
|
|
171
|
+
this.#sweepTimer.unref?.();
|
|
172
|
+
}
|
|
173
|
+
|
|
174
|
+
/**
|
|
175
|
+
* Stop the periodic sweep. Safe to call when no timer is running.
|
|
176
|
+
*/
|
|
177
|
+
stopSweepTimer() {
|
|
178
|
+
if (!this.#sweepTimer) return;
|
|
179
|
+
this.#clock.clearInterval(this.#sweepTimer);
|
|
180
|
+
this.#sweepTimer = null;
|
|
181
|
+
}
|
|
129
182
|
}
|