@harperfast/harper-pro 5.0.0-alpha.9 → 5.0.0-beta.2

package/core/security/jsLoader.ts

@@ -3,7 +3,6 @@ import { contextStorage, transaction } from '../resources/transaction.ts';
 import { RequestTarget } from '../resources/RequestTarget.ts';
 import { tables, databases } from '../resources/databases.ts';
 import { readFile } from 'node:fs/promises';
-import { readFileSync } from 'node:fs';
 import { dirname, isAbsolute } from 'node:path';
 import { pathToFileURL, fileURLToPath } from 'node:url';
 import { SourceTextModule, SyntheticModule, createContext, runInContext } from 'node:vm';
@@ -11,9 +10,13 @@ import { ApplicationScope } from '../components/ApplicationScope.ts';
 import logger from '../utility/logging/harper_logger.js';
 import { createRequire } from 'node:module';
 import * as env from '../utility/environment/environmentManager';
+import * as child_process from 'node:child_process';
 import { CONFIG_PARAMS } from '../utility/hdbTerms.ts';
 import { contentTypes } from '../server/serverHelpers/contentTypes.ts';
 import type { CompartmentOptions } from 'ses';
+import { mkdirSync, readFileSync, writeFileSync, unlinkSync, openSync, closeSync, statSync } from 'node:fs';
+import { join } from 'node:path';
+import { EventEmitter } from 'node:events';
 
 type Lockdown = 'none' | 'freeze' | 'ses';
 const APPLICATIONS_LOCKDOWN: Lockdown = env.get(CONFIG_PARAMS.APPLICATIONS_LOCKDOWN);
@@ -86,12 +89,13 @@ export async function scopedImport(filePath: string | URL, scope?: ApplicationSc
 				if (!scope.compartment) scope.compartment = getCompartment(scope, globals);
 				const result = await (await scope.compartment).import(moduleUrl);
 				return result.namespace;
-			} // else use standard node:vm module to do containment
-			return await loadModuleWithVM(moduleUrl, scope);
-		} else {
-			// important! we need to await the import, otherwise the error will not be caught
-			return await import(moduleUrl);
+			} else if (SourceTextModule) {
+				// else use standard node:vm module to do containment (if it is available)
+				return await loadModuleWithVM(moduleUrl, scope);
+			}
 		}
+		// important! we need to await the import, otherwise the error will not be caught
+		return await import(moduleUrl);
 	} catch (err) {
 		try {
 			// the actual parse error (internally known as the "arrow message")
@@ -107,11 +111,23 @@ export async function scopedImport(filePath: string | URL, scope?: ApplicationSc
 	}
 }
 
+let amaro: typeof import('amaro') | undefined;
+/**
+ * Strip TypeScript types using the amaro library (what Node.js uses internally)
+ * Falls back to regex-based stripping if amaro is not available
+ */
+async function stripTypeScriptTypes(source: string): Promise<string> {
+	// Use amaro - the library that Node.js uses internally for type stripping
+	amaro = await import('amaro');
+	return amaro.transformSync(source, { mode: 'strip-only' }).code;
+}
+
 /**
  * Load a module using Node's vm.Module API with (not really secure) sandboxing
  */
 async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope) {
-	const moduleCache = new Map<string, Promise<SourceTextModule | SyntheticModule>>();
+	const moduleCache = new Map<string, SourceTextModule | SyntheticModule>();
+	const linkingPromises = new Map<string, Promise<void>>();
 
 	// Create a secure context with limited globals
 	const contextObject = getGlobalObject(scope);
@@ -128,11 +144,16 @@ async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope) {
 		if (specifier.startsWith('file://')) {
 			return specifier;
 		}
-		const resolved = createRequire(referrer).resolve(specifier);
-		if (isAbsolute(resolved)) {
-			return pathToFileURL(resolved).toString();
+		// For relative paths, resolve to absolute file URL
+		if (specifier.startsWith('.')) {
+			const resolved = createRequire(referrer).resolve(specifier);
+			if (isAbsolute(resolved)) {
+				return pathToFileURL(resolved).toString();
+			}
+			return resolved;
 		}
-		return resolved;
+		// For package names and node: specifiers, keep as-is for proper require() handling
+		return specifier;
 	}
 
 	/**
@@ -208,33 +229,54 @@ async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope) {
 	async function linker(specifier: string, referencingModule: SourceTextModule | SyntheticModule) {
 		const resolvedUrl = resolveModule(specifier, referencingModule.identifier);
 
-		// Check cache first
-		if (moduleCache.has(resolvedUrl)) {
-			return moduleCache.get(resolvedUrl)!;
-		}
-
 		const useContainment = specifier.startsWith('.') || scope.dependencyContainment;
-		// Load the module
-		return await loadModuleWithCache(resolvedUrl, useContainment);
+		// Return the module immediately (even if not yet linked) to support circular dependencies
+		return await getOrCreateModule(resolvedUrl, useContainment);
 	}
 
-	function loadModuleWithCache(url: string, usePrivateGlobal: boolean): Promise<SourceTextModule | SyntheticModule> {
-		// Check cache
+	async function getOrCreateModule(
+		url: string,
+		usePrivateGlobal: boolean
+	): Promise<SourceTextModule | SyntheticModule> {
+		// Check cache first - return cached module immediately (even if not linked yet)
 		if (moduleCache.has(url)) {
 			return moduleCache.get(url)!;
 		}
-		const loadingModule = loadModule(url, usePrivateGlobal);
-		moduleCache.set(url, loadingModule);
-		return loadingModule;
+
+		// Create the module and cache it immediately (before linking)
+		const module = await createModule(url, usePrivateGlobal);
+		moduleCache.set(url, module);
+
+		return module;
+	}
+
+	async function loadModuleWithCache(
+		url: string,
+		usePrivateGlobal: boolean
+	): Promise<SourceTextModule | SyntheticModule> {
+		const module = await getOrCreateModule(url, usePrivateGlobal);
+
+		// Only link/evaluate once per module
+		if (!linkingPromises.has(url)) {
+			linkingPromises.set(
+				url,
+				module.link(linker).then(() => module.evaluate())
+			);
+		}
+
+		// Wait for linking to complete
+		await linkingPromises.get(url);
+
+		return module;
 	}
 	/**
-	 * Load a module from URL and create appropriate vm.Module
+	 * Create a module from URL without linking or evaluating
 	 */
-	async function loadModule(url: string, usePrivateGlobal: boolean): Promise<SourceTextModule | SyntheticModule> {
+	async function createModule(url: string, usePrivateGlobal: boolean): Promise<SourceTextModule | SyntheticModule> {
 		let module: SourceTextModule | SyntheticModule;
 
 		// Handle special built-in modules
-		if (url === 'harper') {
+		if (url === 'harper' || url === 'harperdb') {
 			let harperExports = getHarperExports(scope);
 			module = new SyntheticModule(
 				Object.keys(harperExports),
@@ -245,10 +287,15 @@ async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope) {
 				},
 				{ identifier: url, context }
 			);
-		} else if (usePrivateGlobal && url.startsWith('file://')) {
+		} else if (url.startsWith('file://')) {
 			checkAllowedModulePath(url, scope.verifyPath);
 			// Load source text from file
-			const source = await readFile(new URL(url), { encoding: 'utf-8' });
+			let source = await readFile(new URL(url), { encoding: 'utf-8' });
+
+			// Strip TypeScript types if this is a .ts file
+			if (url.endsWith('.ts') || url.endsWith('.tsx')) {
+				source = await stripTypeScriptTypes(source);
+			}
 
 			// Try to parse as ESM first
 			try {
@@ -264,17 +311,8 @@ async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope) {
 						return dynamicModule;
 					},
 				});
-				// Cache the module
-				moduleCache.set(url, module);
-				// Link the module (resolve all imports)
-				await module.link(linker);
-
-				// Evaluate the module
-				await module.evaluate();
-				return module;
 			} catch (err) {
 				// If ESM parsing fails, try to load as CommonJS
-				// but first try the cache again
 				if (
 					err.message?.includes('require is not defined') ||
 					source.includes('module.exports') ||
@@ -286,28 +324,41 @@ async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope) {
 				}
 			}
 		} else {
-			checkAllowedModulePath(url, scope.verifyPath);
-			// For Node.js built-in modules (node:) and npm packages, use dynamic import
-			const importedModule = await import(url);
-			const exportNames = Object.keys(importedModule);
-
-			module = new SyntheticModule(
-				exportNames,
-				function () {
-					for (const key of exportNames) {
-						this.setExport(key, importedModule[key]);
-					}
-				},
-				{ identifier: url, context }
-			);
+			const replacedModule = checkAllowedModulePath(url, scope.verifyPath);
+			// For Node.js built-in modules (node:) and npm packages
+			// Always try require first to properly handle CJS modules with named exports
+			try {
+				const cjsExports = replacedModule ?? require(url);
+				// It's a CJS module - expose all properties as named exports
+				const exportNames = Object.keys(cjsExports);
+				module = new SyntheticModule(
+					exportNames.length > 0 ? [...exportNames, 'default'] : ['default'],
+					function () {
+						if (exportNames.length > 0) {
+							for (const key of exportNames) {
+								this.setExport(key, cjsExports[key]);
+							}
+						}
+						this.setExport('default', cjsExports);
+					},
+					{ identifier: url, context }
+				);
+			} catch {
+				// Fall back to dynamic import for ESM packages
+				const importedModule = await import(url);
+				const exportNames = Object.keys(importedModule);
+				module = new SyntheticModule(
+					exportNames,
+					function () {
+						for (const key of exportNames) {
+							this.setExport(key, importedModule[key]);
+						}
+					},
+					{ identifier: url, context }
+				);
+			}
 		}
 
-		// Link the module (resolve all imports)
-		await module.link(linker);
-
-		// Evaluate the module
-		await module.evaluate();
-
 		return module;
 	}
 
@@ -439,40 +490,208 @@ function getHarperExports(scope: ApplicationScope) {
 		contentTypes,
 	};
 }
-const ALLOWED_NODE_BUILTIN_MODULES = new Set([
-	'assert',
-	'http',
-	'https',
-	'path',
-	'url',
-	'util',
-	'stream',
-	'crypto',
-	'buffer',
-	'string_decoder',
-	'querystring',
-	'punycode',
-	'zlib',
-	'events',
-	'timers',
-	'process',
-	'async_hooks',
-	'console',
-	'perf_hooks',
-	'diagnostics_channel',
-	'fs',
-]);
-function checkAllowedModulePath(moduleUrl: string, containingFolder: string): boolean {
+const ALLOWED_NODE_BUILTIN_MODULES = env.get(CONFIG_PARAMS.APPLICATIONS_ALLOWEDBUILTINMODULES)
+	? new Set(env.get(CONFIG_PARAMS.APPLICATIONS_ALLOWEDBUILTINMODULES))
+	: {
+			// if we don't have a list of allowed modules, allow everything
+			has() {
+				return true;
+			},
+		};
+const ALLOWED_COMMANDS = new Set(env.get(CONFIG_PARAMS.APPLICATIONS_ALLOWEDSPAWNCOMMANDS) ?? []);
+const REPLACED_BUILTIN_MODULES = {
+	child_process: {
+		exec: createSpawn(child_process.exec),
+		execFile: createSpawn(child_process.execFile),
+		fork: createSpawn(child_process.fork, true), // this is launching node, so deemed safe
+		spawn: createSpawn(child_process.spawn),
+	},
+};
+/**
+ * Creates a ChildProcess-like object for an existing process
+ */
+class ExistingProcessWrapper extends EventEmitter {
+	pid: number;
+	private checkInterval: NodeJS.Timeout;
+
+	constructor(pid: number) {
+		super();
+		this.pid = pid;
+
+		// Monitor process and emit exit event when it terminates
+		this.checkInterval = setInterval(() => {
+			try {
+				// Signal 0 checks if process exists without actually killing it
+				process.kill(pid, 0);
+			} catch {
+				// Process no longer exists
+				clearInterval(this.checkInterval);
+				this.emit('exit', null, null);
+			}
+		}, 1000);
+	}
+
+	// Kill the process
+	kill(signal?: NodeJS.Signals | number) {
+		try {
+			process.kill(this.pid, signal);
+			return true;
+		} catch {
+			return false;
+		}
+	}
+
+	// Clean up interval when wrapper is no longer needed
+	unref() {
+		clearInterval(this.checkInterval);
+		return this;
+	}
+}
+
+/**
+ * Checks if a process with the given PID is running
+ */
+function isProcessRunning(pid: number): boolean {
+	try {
+		// Signal 0 checks existence without killing
+		process.kill(pid, 0);
+		return true;
+	} catch {
+		return false;
+	}
+}
+
+/**
+ * Acquires an exclusive lock using the PID file itself (synchronously with busy-wait)
+ * Returns 0 if lock was acquired (need to spawn new process), or the existing PID if process is running
+ */
+function acquirePidFileLock(pidFilePath: string, maxRetries = 100, retryDelay = 5): number {
+	for (let attempt = 0; attempt < maxRetries; attempt++) {
+		try {
+			// Try to open exclusively - 'wx' fails if file exists
+			const fd = openSync(pidFilePath, 'wx');
+			closeSync(fd);
+			return 0; // Successfully acquired lock (file created), caller should spawn process
+		} catch (err) {
+			if (err.code === 'EEXIST') {
+				// File exists - check if it contains a valid running process
+				try {
+					const pidContent = readFileSync(pidFilePath, 'utf-8');
+					const existingPid = parseInt(pidContent.trim(), 10);
+
+					if (!isNaN(existingPid) && isProcessRunning(existingPid)) {
+						// Valid process is running, return its PID immediately
+						return existingPid;
+					}
+
+					// Invalid/empty PID - check file age to determine if it's stale or being written
+					const stats = statSync(pidFilePath);
+					const fileAge = Date.now() - stats.mtimeMs;
+
+					// If file is very new (less than 100ms) and empty/invalid, another thread is likely still writing to it
+					if (fileAge < 100) {
+						// Just wait and retry, don't try to remove
+					} else {
+						// Stale PID file (old and invalid), try to remove it
+						try {
+							unlinkSync(pidFilePath);
+						} catch {
+							// Another thread may have removed it, retry
+						}
+					}
+				} catch {
+					// Couldn't read/stat file, another thread might be modifying it, retry
+				}
+
+				// Wait a bit before retrying
+				const start = Date.now();
+				while (Date.now() - start < retryDelay) {
+					// Busy wait
+				}
+			} else {
+				throw err;
+			}
+		}
+	}
+
+	throw new Error(`Failed to acquire PID file lock after ${maxRetries} attempts`);
+}
+
+function createSpawn(spawnFunction: (...args: any) => child_process.ChildProcess, alwaysAllow?: boolean) {
+	const basePath = env.getHdbBasePath();
+	return function (command: string, args?: any, options?: any, callback?: (...args: any[]) => void) {
+		if (!ALLOWED_COMMANDS.has(command.split(' ')[0]) && !alwaysAllow) {
+			throw new Error(`Command ${command} is not allowed`);
+		}
+		const processName = options?.name;
+		if (!processName)
+			throw new Error(
+				`Calling ${spawnFunction.name} in Harper must have a process "name" in the options to ensure that a single process is started and reused`
+			);
+
+		// Ensure PID directory exists
+		const pidDir = join(basePath, 'pids');
+		mkdirSync(pidDir, { recursive: true });
+
+		const pidFilePath = join(pidDir, `${processName}.pid`);
+
+		// Try to acquire lock - returns 0 if acquired, or existing PID
+		const existingPid = acquirePidFileLock(pidFilePath);
+
+		if (existingPid !== 0) {
+			// Existing process is running, return wrapper
+			return new ExistingProcessWrapper(existingPid);
+		}
+
+		// We acquired the lock (file was created), spawn new process
+		const childProcess = spawnFunction(command, args, options, callback);
+
+		// Write PID to the file we just created
+		try {
+			writeFileSync(pidFilePath, childProcess.pid.toString(), 'utf-8');
+		} catch (err) {
+			// Failed to write PID, clean up
+			try {
+				childProcess.kill();
+				unlinkSync(pidFilePath);
+			} catch {}
+			throw err;
+		}
+
+		// Clean up PID file when process exits
+		childProcess.on('exit', () => {
+			try {
+				unlinkSync(pidFilePath);
+			} catch {
+				// File may already be removed
+			}
+		});
+
+		return childProcess;
+	};
+}
+
+/**
+ * Validates whether a module can be loaded based on security restrictions and returns the module path or replacement.
+ * For file URLs, ensures the module is within the containing folder.
+ * For node built-in modules, checks against an allowlist and returns any replacements.
+ *
+ * @param {string} moduleUrl - The URL or identifier of the module to be loaded, which may be a file: URL, node: URL, or bare module specifier.
+ * @param {string} containingFolder - The absolute path of the folder that contains the application, used to validate file: URLs are within bounds.
+ * @return {any} Returns undefined for allowed file paths, or a replacement module identifier for allowed node built-in modules.
+ * @throws {Error} Throws an error if the module is outside the application folder or if the module is not in the allowed list.
+ */
+function checkAllowedModulePath(moduleUrl: string, containingFolder?: string): boolean {
 	if (moduleUrl.startsWith('file:')) {
 		const path = moduleUrl.slice(7);
 		if (!containingFolder || path.startsWith(containingFolder)) {
-			return true;
+			return;
 		}
 		throw new Error(`Can not load module outside of application folder ${containingFolder}`);
 	}
 	let simpleName = moduleUrl.startsWith('node:') ? moduleUrl.slice(5) : moduleUrl;
 	simpleName = simpleName.split('/')[0];
-	if (ALLOWED_NODE_BUILTIN_MODULES.has(simpleName)) return true;
+	if (ALLOWED_NODE_BUILTIN_MODULES.has(simpleName)) return REPLACED_BUILTIN_MODULES[simpleName];
 	throw new Error(`Module ${moduleUrl} is not allowed to be imported`);
 }
 

package/core/security/keys.js

@@ -202,7 +202,7 @@ function loadCertificates() {
 								const x509Cert = new X509Certificate(certificatePem);
 								let certCn;
 								try {
-									certCn = getPrimaryHostName(x509Cert);
+									certCn = (!ca && config.name) || getPrimaryHostName(x509Cert);
 								} catch (err) {
 									logger.error?.('error extracting host name from certificate', err);
 									return;
@@ -238,7 +238,7 @@ function loadCertificates() {
 
 								promise = certificateTable.put({
 									name: certCn,
-									uses: ['https', ...(configKey.includes('operations') ? ['operations'] : [])],
+									uses: config.uses ?? ['https', ...(configKey.includes('operations') ? ['operations'] : [])],
 									ciphers: config.ciphers,
 									certificate: certificatePem,
 									private_key_name,
@@ -459,7 +459,7 @@ async function getCertAuthority() {
 	let match;
 	for (let cert of allCerts) {
 		if (!cert.is_authority) continue;
-		const matchingPrivateKey = await getPrivateKeyByName(cert.private_key_name);
+		const matchingPrivateKey = getPrivateKeyByName(cert.private_key_name);
 		if (cert.private_key_name && matchingPrivateKey) {
 			const keyCheck = new X509Certificate(cert.certificate).checkPrivateKey(createPrivateKey(matchingPrivateKey));
 			if (keyCheck) {
@@ -724,7 +724,7 @@ function createTLSSelector(type, mtlsOptions) {
 			server.secureContextsListeners = [];
 		}
 		return (SNICallback.ready = new Promise((resolve, reject) => {
-			async function updateTLS() {
+			function updateTLS() {
 				try {
 					secureContexts.clear();
 					caCerts.clear();
@@ -733,7 +733,7 @@ function createTLSSelector(type, mtlsOptions) {
 						resolve();
 						return;
 					}
-					for await (const cert of databases.system.hdb_certificate.search([])) {
+					for (const cert of databases.system.hdb_certificate.search([])) {
 						const certificate = cert.certificate;
 						const certParsed = new X509Certificate(certificate);
 						if (cert.is_authority) {
@@ -742,17 +742,16 @@ function createTLSSelector(type, mtlsOptions) {
 						}
 					}
 
-					for await (const cert of databases.system.hdb_certificate.search([])) {
+					for (const cert of databases.system.hdb_certificate.search([])) {
 						try {
 							if (cert.is_authority) {
 								continue;
 							}
-							let isOperations = type === 'operations-api';
 							let quality = cert.is_self_signed ? 1 : 3;
 							// prefer operations certificates for operations API
-							if (isOperations && cert.uses?.includes?.('operations')) quality += 1;
+							if (cert.uses?.includes(type)) quality += 1;
 
-							const private_key = await getPrivateKeyByName(cert.private_key_name);
+							const private_key = getPrivateKeyByName(cert.private_key_name);
 
 							let certificate = cert.certificate;
 							const certParsed = new X509Certificate(certificate);
@@ -776,7 +775,7 @@ function createTLSSelector(type, mtlsOptions) {
 							let hostnames = cert.hostnames ?? hostnamesFromCert(certParsed);
 							if (!Array.isArray(hostnames)) hostnames = [hostnames];
 							for (let hostname of hostnames) {
-								if (hostname === getHost()) quality += 1; // prefer a certificate that has our hostname in the SANs
+								if (hostname === getHost()) quality += 0.1; // prefer a certificate that has our hostname in the SANs
 							}
 							let secureContext = tls.createSecureContext(secureOptions);
 							secureContext.name = cert.name;
@@ -876,10 +875,10 @@ function createTLSSelector(type, mtlsOptions) {
 	}
 }
 
-async function getPrivateKeyByName(private_key_name) {
+function getPrivateKeyByName(private_key_name) {
 	const private_key = privateKeys.get(private_key_name);
 	if (!private_key && private_key_name) {
-		return await fs.readFile(
+		return fs.readFileSync(
 			path.join(envManager.get(CONFIG_PARAMS.ROOTPATH), hdbTerms.LICENSE_KEY_DIR_NAME, private_key_name),
 			'utf8'
 		);

package/core/security/user.ts

@@ -165,7 +165,7 @@ async function addUser(user: User | any): Promise<string> {
 		throw new ClientError(HDB_ERROR_MSGS.USER_ALREADY_EXISTS(cleanUser.username), HTTP_STATUS_CODES.CONFLICT);
 	}
 
-	signalling.signalUserChange(new UserEventMsg(process.pid));
+	await signalling.signalUserChange(new UserEventMsg(process.pid));
 	return `${cleanUser.username} successfully added`;
 }
 
@@ -228,7 +228,7 @@ async function alterUser(jsonMessage) {
 	});
 
 	await setUsersWithRolesCache();
-	signalling.signalUserChange(new UserEventMsg(process.pid));
+	await signalling.signalUserChange(new UserEventMsg(process.pid));
 
 	return updateResponse;
 }
@@ -248,7 +248,7 @@ async function dropUser(user: User | any): Promise<string> {
 
 	logger.debug(deleteResponse);
 	await setUsersWithRolesCache();
-	signalling.signalUserChange(new UserEventMsg(process.pid));
+	await signalling.signalUserChange(new UserEventMsg(process.pid));
 	return `${user.username} successfully deleted`;
 }
 

package/core/server/REST.ts

@@ -220,6 +220,7 @@ async function http(request: Context & Request, nextHandler) {
 		}
 		return responseObject;
 	} catch (error) {
+		error ??= new Error('Unknown error occurred');
 		let statusCode = error.statusCode ?? request.response.status;
 		if (statusCode) {
 			if (statusCode === 500) harperLogger.warn(error);
@@ -232,12 +233,27 @@ async function http(request: Context & Request, nextHandler) {
 				}
 			}
 		} else harperLogger.error(error);
+
+		// RFC 9457 Problem Details
+		const status = statusCode || 500;
+		// we prefer to use error classes for error codes (constructor.name), but if there is a code, it is probably a node.js
+		// error that denotes error codes with a separate property
+		const code = error.code ?? error.constructor.name;
+		const problemDetail = {
+			type: `error:${code}`, // eventually we want this to be a resolvable URI to our docs
+			code,
+			title: error.message ?? error.toString(),
+			status,
+			detail: error.detail,
+			instance: request.url,
+		};
+
 		const responseObject = {
-			status: statusCode || 500, // use specified error status, or default to generic server error
+			status,
 			headers,
 			body: undefined,
 		};
-		responseObject.body = serialize(error instanceof Error ? errorToString(error) : error, request, responseObject);
+		responseObject.body = serialize(problemDetail, request, responseObject);
 		return responseObject;
 	}
 }

package/core/server/Server.ts

@@ -49,7 +49,8 @@ interface Node {
 export interface ServerOptions {
 	port?: number;
 	securePort?: number;
-	isOperationsServer?: boolean;
+	mtls?: boolean;
+	usageType?: string;
 }
 interface WebSocketOptions extends ServerOptions {
 	subProtocol: string;

package/core/server/fastifyRoutes.ts

@@ -179,6 +179,7 @@ async function buildServer(isHttps) {
 
 	app.register(function (instance, options, done) {
 		instance.setNotFoundHandler(function (request, reply) {
+			if (reply.sent || reply.raw.headersSent || reply.raw.writableEnded) return;
 			app.server.emit('unhandled', request.raw, reply.raw);
 		});
 		done();