npm - @harperfast/harper-pro - Versions diffs - 5.0.5 → 5.0.6 - Mend

@harperfast/harper-pro 5.0.5 → 5.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (107) hide show

package/core/bin/status.js +2 -2
package/core/bin/stop.js +5 -6
package/core/components/EntryHandler.ts +4 -2
package/core/components/Scope.ts +1 -1
package/core/components/componentLoader.ts +11 -4
package/core/components/requestRestart.ts +17 -2
package/core/dataLayer/harperBridge/TableSizeObject.ts +35 -0
package/core/dataLayer/harperBridge/lmdbBridge/lmdbUtility/lmdbGetTableSize.ts +24 -0
package/core/package-lock.json +1020 -101
package/core/resources/DatabaseTransaction.ts +8 -3
package/core/resources/Table.ts +12 -17
package/core/resources/databases.ts +2 -2
package/core/resources/graphql.ts +163 -165
package/core/resources/indexes/HierarchicalNavigableSmallWorld.ts +14 -3
package/core/resources/indexes/vector.ts +17 -0
package/core/resources/loadEnv.ts +20 -16
package/core/resources/login.ts +4 -3
package/core/resources/roles.ts +60 -65
package/core/security/auth.ts +15 -14
package/core/security/jsLoader.ts +27 -9
package/core/server/REST.ts +10 -11
package/core/server/fastifyRoutes.ts +30 -29
package/core/server/graphqlQuerying.ts +4 -3
package/core/server/http.ts +175 -1
package/core/server/mqtt.ts +8 -2
package/core/server/serverHelpers/serverUtilities.ts +2 -5
package/core/server/threads/threadServer.js +30 -2
package/core/server/throttle.ts +18 -0
package/core/utility/environment/environmentManager.js +10 -4
package/core/utility/environment/systemInformation.ts +698 -0
package/core/utility/hdbTerms.ts +1 -0
package/core/utility/operation_authorization.js +2 -5
package/dist/core/bin/status.js +2 -2
package/dist/core/bin/status.js.map +1 -1
package/dist/core/bin/stop.js +5 -5
package/dist/core/bin/stop.js.map +1 -1
package/dist/core/components/EntryHandler.js +4 -2
package/dist/core/components/EntryHandler.js.map +1 -1
package/dist/core/components/Scope.js +1 -1
package/dist/core/components/Scope.js.map +1 -1
package/dist/core/components/componentLoader.js +11 -3
package/dist/core/components/componentLoader.js.map +1 -1
package/dist/core/components/requestRestart.js +12 -1
package/dist/core/components/requestRestart.js.map +1 -1
package/dist/core/dataLayer/harperBridge/TableSizeObject.js +32 -0
package/dist/core/dataLayer/harperBridge/TableSizeObject.js.map +1 -0
package/dist/core/dataLayer/harperBridge/lmdbBridge/lmdbUtility/lmdbGetTableSize.js +18 -19
package/dist/core/dataLayer/harperBridge/lmdbBridge/lmdbUtility/lmdbGetTableSize.js.map +1 -1
package/dist/core/resources/DatabaseTransaction.js +6 -1
package/dist/core/resources/DatabaseTransaction.js.map +1 -1
package/dist/core/resources/Table.js +14 -18
package/dist/core/resources/Table.js.map +1 -1
package/dist/core/resources/databases.js +2 -1
package/dist/core/resources/databases.js.map +1 -1
package/dist/core/resources/graphql.js +176 -176
package/dist/core/resources/graphql.js.map +1 -1
package/dist/core/resources/indexes/HierarchicalNavigableSmallWorld.js +14 -2
package/dist/core/resources/indexes/HierarchicalNavigableSmallWorld.js.map +1 -1
package/dist/core/resources/indexes/vector.js +14 -0
package/dist/core/resources/indexes/vector.js.map +1 -1
package/dist/core/resources/loadEnv.js +20 -17
package/dist/core/resources/loadEnv.js.map +1 -1
package/dist/core/resources/login.js +4 -4
package/dist/core/resources/login.js.map +1 -1
package/dist/core/resources/roles.js +64 -68
package/dist/core/resources/roles.js.map +1 -1
package/dist/core/security/auth.js +17 -15
package/dist/core/security/auth.js.map +1 -1
package/dist/core/security/jsLoader.js +29 -9
package/dist/core/security/jsLoader.js.map +1 -1
package/dist/core/server/REST.js +11 -11
package/dist/core/server/REST.js.map +1 -1
package/dist/core/server/fastifyRoutes.js +30 -29
package/dist/core/server/fastifyRoutes.js.map +1 -1
package/dist/core/server/graphqlQuerying.js +5 -4
package/dist/core/server/graphqlQuerying.js.map +1 -1
package/dist/core/server/http.js +179 -0
package/dist/core/server/http.js.map +1 -1
package/dist/core/server/mqtt.js +5 -3
package/dist/core/server/mqtt.js.map +1 -1
package/dist/core/server/serverHelpers/serverUtilities.js +2 -2
package/dist/core/server/serverHelpers/serverUtilities.js.map +1 -1
package/dist/core/server/threads/threadServer.js +26 -2
package/dist/core/server/threads/threadServer.js.map +1 -1
package/dist/core/server/throttle.js +17 -0
package/dist/core/server/throttle.js.map +1 -1
package/dist/core/utility/environment/environmentManager.js +9 -4
package/dist/core/utility/environment/environmentManager.js.map +1 -1
package/dist/core/utility/environment/systemInformation.js +359 -219
package/dist/core/utility/environment/systemInformation.js.map +1 -1
package/dist/core/utility/hdbTerms.js +1 -0
package/dist/core/utility/hdbTerms.js.map +1 -1
package/dist/core/utility/operation_authorization.js +2 -2
package/dist/core/utility/operation_authorization.js.map +1 -1
package/dist/licensing/usageLicensing.js +1 -1
package/dist/licensing/usageLicensing.js.map +1 -1
package/licensing/usageLicensing.ts +1 -1
package/npm-shrinkwrap.json +982 -62
package/package.json +2 -1
package/studio/web/assets/{index-D07pIqJt.js → index-qbLPhOzw.js} +2 -2
package/studio/web/assets/{index-D07pIqJt.js.map → index-qbLPhOzw.js.map} +1 -1
package/studio/web/index.html +1 -1
package/core/dataLayer/harperBridge/lmdbBridge/lmdbUtility/TableSizeObject.js +0 -25
package/core/dataLayer/harperBridge/lmdbBridge/lmdbUtility/lmdbGetTableSize.js +0 -34
package/core/utility/environment/systemInformation.js +0 -355
package/dist/core/dataLayer/harperBridge/lmdbBridge/lmdbUtility/TableSizeObject.js +0 -24
package/dist/core/dataLayer/harperBridge/lmdbBridge/lmdbUtility/TableSizeObject.js.map +0 -1

package/core/resources/roles.ts CHANGED Viewed

@@ -9,73 +9,72 @@ const USERS_NOT_DBS = ['super_user', 'structure_user'];
  * This is the component for handling role declarations in the Harper system. This will read roles.yaml for role
  * definitions and ensure that they are created in the system database.
  */
-// eslint-disable-next-line no-unused-vars
-export function start({ ensureTable }) {
-	return {
-		handleFile,
-		setupFile: handleFile,
-	};
+export function handleApplication(scope: import('../components/Scope.ts').Scope) {
+	scope.handleEntry(async (entry) => {
+		if (entry.eventType === 'unlink') return;
+		return handleFile(entry.contents);
+	});
+}
-	/**
-	 * This function will handle the roles.yaml file content that has been read, and ensure that the roles are translated to
-	 * the right shape and created in the system database.
-	 * @param rolesContent
-	 */
-	async function handleFile(rolesContent) {
-		let rolesToDefine = parseDocument(rolesContent.toString(), { simpleKeys: true }).toJSON();
-		for (let roleName in rolesToDefine) {
-			let role = rolesToDefine[roleName];
-			if (!role.permission) {
-				// we allow the permission object to be collapsed into the root object for convenience
-				role = {
-					permission: role,
-				};
-				if (role.permission.access) {
-					// this is the designed property object for user-defined flags and access levels
-					role.access = role.permission.access;
-					delete role.permission.access;
-				}
+/**
+ * This function will handle the roles.yaml file content that has been read, and ensure that the roles are translated to
+ * the right shape and created in the system database.
+ * @param rolesContent
+ */
+async function handleFile(rolesContent) {
+	let rolesToDefine = parseDocument(rolesContent.toString(), { simpleKeys: true }).toJSON();
+	for (let roleName in rolesToDefine) {
+		let role = rolesToDefine[roleName];
+		if (!role.permission) {
+			// we allow the permission object to be collapsed into the root object for convenience
+			role = {
+				permission: role,
+			};
+			if (role.permission.access) {
+				// this is the designed property object for user-defined flags and access levels
+				role.access = role.permission.access;
+				delete role.permission.access;
 			}
-			for (let dbName in role.permission) {
-				if (USERS_NOT_DBS.includes(dbName)) continue;
-				let db = role.permission[dbName];
-				if (!db.tables) {
-					// we allow the tables object to be collapsed into the root object for convenience
-					role.permission[dbName] = db = { tables: db };
-				}
-				for (let tableName in db.tables) {
-					let table = db.tables[tableName];
-					// ensure that all the flags are boolean
-					table.read = Boolean(table.read);
-					table.insert = Boolean(table.insert);
-					table.update = Boolean(table.update);
-					table.delete = Boolean(table.delete);
-					if (table.attributes) {
-						// allow attributes to be defined with an object, translating to an array
-						let attributes = [];
-						for (let attribute_name in table.attributes) {
-							let attribute = table.attributes[attribute_name];
-							attribute.attribute_name = attribute_name;
-							attributes.push(attribute);
-						}
-						table.attribute_permissions = attributes;
-						delete table.attributes;
+		}
+		for (let dbName in role.permission) {
+			if (USERS_NOT_DBS.includes(dbName)) continue;
+			let db = role.permission[dbName];
+			if (!db.tables) {
+				// we allow the tables object to be collapsed into the root object for convenience
+				role.permission[dbName] = db = { tables: db };
+			}
+			for (let tableName in db.tables) {
+				let table = db.tables[tableName];
+				// ensure that all the flags are boolean
+				table.read = Boolean(table.read);
+				table.insert = Boolean(table.insert);
+				table.update = Boolean(table.update);
+				table.delete = Boolean(table.delete);
+				if (table.attributes) {
+					// allow attributes to be defined with an object, translating to an array
+					let attributes = [];
+					for (let attribute_name in table.attributes) {
+						let attribute = table.attributes[attribute_name];
+						attribute.attribute_name = attribute_name;
+						attributes.push(attribute);
 					}
-					if (table.attribute_permissions) {
-						if (!Array.isArray(table.attribute_permissions))
-							throw new Error('attribute_permissions must be an array if defined');
-						for (let attribute of table.attribute_permissions) {
-							// ensure that all the flags are boolean
-							attribute.read = Boolean(attribute.read);
-							attribute.insert = Boolean(attribute.insert);
-							attribute.update = Boolean(attribute.update);
-						}
-					} else table.attribute_permissions = null;
+					table.attribute_permissions = attributes;
+					delete table.attributes;
 				}
+				if (table.attribute_permissions) {
+					if (!Array.isArray(table.attribute_permissions))
+						throw new Error('attribute_permissions must be an array if defined');
+					for (let attribute of table.attribute_permissions) {
+						// ensure that all the flags are boolean
+						attribute.read = Boolean(attribute.read);
+						attribute.insert = Boolean(attribute.insert);
+						attribute.update = Boolean(attribute.update);
+					}
+				} else table.attribute_permissions = null;
 			}
-			role.role = role.id = roleName;
-			await ensureRole(role);
 		}
+		role.role = role.id = roleName;
+		await ensureRole(role);
 	}
 }
 async function ensureRole(role) {
@@ -92,7 +91,3 @@ async function ensureRole(role) {
 	}
 	return addRole(role);
 }
-// we can define these on the main thread
-export const startOnMainThread = start;
-// useful for testing

package/core/security/auth.ts CHANGED Viewed

@@ -243,7 +243,9 @@ export async function authentication(request, nextHandler) {
 			request.user = await server.getUser(session.user, null, request);
 		} else if (
 			(AUTHORIZE_LOCAL && (request.ip?.includes('127.0.0.') || request.ip == '::1')) ||
-			(request?._nodeRequest?.socket?.server?._pipeName && request.ip === undefined) // allow socket domain
+			(request?._nodeRequest?.socket?.server?._pipeName &&
+				request?._nodeRequest?.socket?.server?.bypassLocalAuth &&
+				request.ip === undefined) // allow operations API domain socket
 		) {
 			request.user = await getSuperUser();
 		}
@@ -344,19 +346,18 @@ export async function authentication(request, nextHandler) {
 		return response;
 	}
 }
-let started;
-export function start({ server, port, securePort }) {
-	server.http(authentication, port || securePort ? { port, securePort } : { port: 'all' });
-	// keep it cleaned out periodically
-	if (!started) {
-		started = true;
-		setInterval(() => {
-			authorizationCache = new Map();
-		}, env.get(CONFIG_PARAMS.AUTHENTICATION_CACHETTL)).unref();
-		user.addListener(() => {
-			authorizationCache = new Map();
-		});
-	}
+setInterval(() => {
+	authorizationCache = new Map();
+}, env.get(CONFIG_PARAMS.AUTHENTICATION_CACHETTL)).unref();
+user.addListener(() => {
+	authorizationCache = new Map();
+});
+let started = false;
+export function handleApplication(scope: import('../components/Scope.ts').Scope) {
+	if (started) return;
+	started = true;
+	const { port, securePort } = scope.options.getAll() as { port?: number; securePort?: number };
+	scope.server.http(authentication, port || securePort ? { port, securePort } : { port: 'all' });
 }
 // operations
 export async function login(loginObject) {

package/core/security/jsLoader.ts CHANGED Viewed

@@ -181,7 +181,13 @@ async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope, useC
 		if (parts[0] === 'file:') {
 			return specifier;
 		}
-		const resolved = createRequire(referrer).resolve(specifier);
+		let resolveReferrer = referrer;
+		if (referrer.startsWith('file:')) {
+			try {
+				resolveReferrer = pathToFileURL(realpathSync(fileURLToPath(referrer))).toString();
+			} catch {}
+		}
+		const resolved = createRequire(resolveReferrer).resolve(specifier);
 		if (isAbsolute(resolved)) {
 			return pathToFileURL(resolved).toString();
 		}
@@ -206,18 +212,30 @@ async function loadModuleWithVM(moduleUrl: string, scope: ApplicationScope, useC
 			cjsModule.exports = parseJsonModule(source, url);
 			return cjsModule;
 		}
-		const require = createRequire(url);
+		let requireUrl = url;
+		if (url.startsWith('file://')) {
+			try {
+				requireUrl = pathToFileURL(realpathSync(fileURLToPath(url))).toString();
+			} catch {}
+		}
+		const require = createRequire(requireUrl);
 		const cjsRequire = (spec: string) => {
-			const resolvedPath = require.resolve(spec);
-			if (isAbsolute(resolvedPath)) {
-				const source = readFileSync(resolvedPath, { encoding: 'utf-8' });
-				return loadCJS(resolvedPath, source).exports;
-			} else {
-				return require(spec);
+			const resolvedUrl = resolveModule(spec, url);
+			if (resolvedUrl === 'harper') {
+				return getHarperExports(scope);
 			}
+			if (resolvedUrl.startsWith('file://')) {
+				const source = readFileSync(new URL(resolvedUrl), { encoding: 'utf-8' });
+				return loadCJS(resolvedUrl, source).exports;
+			}
+			return require(resolvedUrl);
+		};
+		cjsRequire.resolve = (spec: string) => {
+			const resolvedUrl = resolveModule(spec, url);
+			if (resolvedUrl.startsWith('file://')) return fileURLToPath(resolvedUrl);
+			return resolvedUrl;
 		};
-		cjsRequire.resolve = require.resolve;
 		const cjsWrapper = `
 			(function(module, exports, require, __filename, __dirname) {

package/core/server/REST.ts CHANGED Viewed

@@ -1,7 +1,6 @@
 import { serialize, serializeMessage, getDeserializer } from '../server/serverHelpers/contentTypes.ts';
 import { addAnalyticsListener, recordAction, recordActionBinary } from '../resources/analytics/write.ts';
 import * as harperLogger from '../utility/logging/harper_logger.js';
-import { ServerOptions } from 'http';
 import { ServerError, ClientError } from '../utility/errors/hdbError.js';
 import { Resources } from '../resources/Resources.ts';
 import { Resource, missingMethod, allowedMethods } from '../resources/Resource.ts';
@@ -277,26 +276,26 @@ async function http(request: Context & Request, nextHandler) {
 	}
 }
-let started;
+let started = false;
 let resources: Resources;
 let addedMetrics;
 let connectionCount = 0;
-export function start(options: ServerOptions & { path: string; port: number; server: any; resources: Resources }) {
-	httpOptions = options;
-	if (options.includeExpensiveRecordCountEstimates) {
+export function handleApplication(scope: import('../components/Scope.ts').Scope) {
+	httpOptions = scope.options.getAll();
+	if ((httpOptions as any).includeExpensiveRecordCountEstimates) {
 		// If they really want to enable expensive record count estimates
 		Request.prototype.includeExpensiveRecordCountEstimates = true;
 	}
+	resources = scope.resources;
 	if (started) return;
 	started = true;
-	resources = options.resources;
-	options.server.http(async (request: Request, nextHandler) => {
+	scope.server.http(async (request: Request, nextHandler) => {
 		if (request.isWebSocket) return;
 		return http(request, nextHandler);
-	}, options);
-	if (options.webSocket === false) return;
-	options.server.ws(async (ws, request, chainCompletion) => {
+	}, httpOptions);
+	if ((httpOptions as any).webSocket === false) return;
+	scope.server.ws(async (ws, request, chainCompletion) => {
 		connectionCount++;
 		const incomingMessages = new IterableEventQueue();
 		if (!addedMetrics) {
@@ -382,7 +381,7 @@ export function start(options: ServerOptions & { path: string; port: number; ser
 			);
 		}
 		ws.close();
-	}, options);
+	}, httpOptions);
 }
 const HTTP_TO_WEBSOCKET_CLOSE_CODES = {
 	401: 3000,

package/core/server/fastifyRoutes.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { dirname } from 'path';
+import { dirname, basename } from 'path';
 import { existsSync } from 'fs';
 import fastify from 'fastify';
 import fastifyCors from '@fastify/cors';
@@ -32,35 +32,36 @@ const routeFolders = new Set();
  * @param filePath
  * @param projectName
  */
-export function start(options) {
+export function handleApplication(scope: import('../components/Scope.ts').Scope) {
 	// if we have a secure port, need to use the secure HTTP server for fastify (it can be used for HTTP as well)
-	const isHttps = options.securePort > 0;
-	return {
-		// eslint-disable-next-line no-unused-vars
-		async handleFile(jsContent, relativePath, filePath, projectName) {
-			if (!fastifyServer) {
-				fastifyServer = buildServer(isHttps);
-				server.http((await fastifyServer).server);
-			}
-			const resolvedServer = await fastifyServer;
-			const routeFolder = dirname(filePath);
-			let prefix = dirname(relativePath);
-			if (prefix.startsWith('/')) prefix = prefix.slice(1);
-			if (!routeFolders.has(routeFolder)) {
-				routeFolders.add(routeFolder);
-				try {
-					resolvedServer.register(buildRouteFolder(routeFolder, prefix));
-				} catch (error) {
-					if (error.message === 'Root plugin has already booted')
-						harperLogger.warn(
-							`Could not load root fastify route for ${filePath}, this may require a restart to install properly`
-						);
-					else throw error;
-				}
+	const isHttps = (scope.options.getAll() as { securePort?: number }).securePort > 0;
+	scope.handleEntry(async (entry) => {
+		if (entry.eventType !== 'add') {
+			scope.requestRestart();
+			return;
+		}
+		if (!fastifyServer) {
+			fastifyServer = buildServer(isHttps);
+			server.http((await fastifyServer).server);
+		}
+		const resolvedServer = await fastifyServer;
+		const routeFolder = dirname(entry.absolutePath);
+		let prefix = basename(scope.appName);
+		if (prefix.startsWith('/')) prefix = prefix.slice(1);
+		if (!routeFolders.has(routeFolder)) {
+			routeFolders.add(routeFolder);
+			try {
+				resolvedServer.register(buildRouteFolder(routeFolder, prefix));
+			} catch (error) {
+				if (error.message === 'Root plugin has already booted')
+					harperLogger.warn(
+						`Could not load root fastify route for ${entry.absolutePath}, this may require a restart to install properly`
+					);
+				else throw error;
 			}
-		},
-		ready,
-	};
+		}
+		await ready();
+	});
 }
 /**
  * Function called to start up server instance on a forked process - this method is called from customFunctionServer after process is
@@ -118,7 +119,7 @@ async function setUp() {
 	}
 }
-// eslint-disable-next-line require-await
+//
 function buildRouteFolder(routesFolder, projectName) {
 	return async function (cfServer) {
 		try {

package/core/server/graphqlQuerying.ts CHANGED Viewed

@@ -570,8 +570,9 @@ async function graphqlQueryingHandler(request: Request) {
 	}
 }
-export function start(options) {
-	options.server.http(
+export function handleApplication(scope: import('../components/Scope.ts').Scope) {
+	const { port, securePort } = scope.options.getAll() as { port?: number; securePort?: number };
+	scope.server.http(
 		async (request, nextLayer) => {
 			if (!request.url.startsWith('/graphql')) {
 				return nextLayer(request);
@@ -695,6 +696,6 @@ export function start(options) {
 				throw error;
 			}
 		},
-		{ port: options.port, securePort: options.securePort }
+		{ port, securePort }
 	);
 }

package/core/server/http.ts CHANGED Viewed

@@ -2,6 +2,7 @@
  * This module represents the HTTP component for Harper, and receives the HTTP options and uses them to configure
  * HTTP servers
  */
+import { currentThreadId } from '@harperfast/rocksdb-js';
 import { Scope } from '../components/Scope.ts';
 import { Socket } from 'node:net';
 import harperLogger from '../utility/logging/harper_logger.js';
@@ -9,7 +10,7 @@ import { parentPort } from 'node:worker_threads';
 import env from '../utility/environment/environmentManager.js';
 import * as terms from '../utility/hdbTerms.ts';
 import { getConfigPath } from '../config/configUtils.js';
-import { getTicketKeys } from './threads/manageThreads.js';
+import { getTicketKeys, getWorkerIndex } from './threads/manageThreads.js';
 import { createTLSSelector } from '../security/keys.js';
 import { createSecureServer } from 'node:http2';
 import { createServer as createSecureServerHttp1 } from 'node:https';
@@ -19,6 +20,8 @@ import { appendHeader, Headers } from './serverHelpers/Headers.ts';
 import { Blob } from '../resources/blob.ts';
 import { recordAction, recordActionBinary } from '../resources/analytics/write.ts';
 import { Readable } from 'node:stream';
+import { mkdirSync, writeFileSync, unlinkSync, readdirSync } from 'node:fs';
+import { join } from 'node:path';
 import { server, type ServerOptions, type HttpOptions, type UpgradeOptions, UpgradeListener } from './Server.ts';
 import { setPortServerMap, SERVERS } from './serverRegistry.ts';
 import { getComponentName } from '../components/componentLoader.ts';
@@ -36,6 +39,77 @@ const httpServers = {},
 	httpResponders = [];
 let httpOptions: HttpOptions = {};
 export const universalHeaders: [string, string][] = [];
+const udsCleanupPaths: { socketPath: string; yamlPath: string }[] = [];
+export function registerUdsCleanupPaths(socketPath: string, yamlPath: string) {
+	udsCleanupPaths.push({ socketPath, yamlPath });
+}
+export function cleanupUdsFiles() {
+	for (const { socketPath, yamlPath } of udsCleanupPaths) {
+		try {
+			unlinkSync(socketPath);
+		} catch {}
+		try {
+			unlinkSync(yamlPath);
+		} catch {}
+	}
+}
+/** Write YAML metadata for a UDS mirror socket, describing the TLS certs from the corresponding secure server. */
+export function writeUdsMetadata(yamlPath: string, port: number | string, secureServer: any) {
+	const contexts = secureServer.secureContexts;
+	let yaml = `pid: ${process.pid}\ntid: ${currentThreadId()}\nport: ${port}\n`;
+	yaml += `certificates:\n`;
+	if (contexts?.size > 0) {
+		const seen = new Set();
+		for (const [, ctx] of contexts) {
+			if (seen.has(ctx.name)) continue;
+			seen.add(ctx.name);
+			yaml += `  - name: ${JSON.stringify(ctx.name)}\n`;
+			yaml += `    hostnames:\n`;
+			for (const [h, c] of contexts) {
+				if (c.name === ctx.name) yaml += `      - ${JSON.stringify(h)}\n`;
+			}
+			if (ctx.options.key_file) {
+				yaml += `    privateKeyFile: ${JSON.stringify(join(env.get(terms.CONFIG_PARAMS.ROOTPATH), 'keys', ctx.options.key_file))}\n`;
+			}
+			if (ctx.options.cert) {
+				yaml += `    certificate: |\n`;
+				for (const line of ctx.options.cert.trimEnd().split('\n')) {
+					yaml += `      ${line}\n`;
+				}
+			}
+			if (ctx.certificateAuthorities?.length > 0) {
+				yaml += `    certificateAuthorities:\n`;
+				for (const [, ca] of ctx.certificateAuthorities) {
+					yaml += `      - |\n`;
+					for (const line of ca.trimEnd().split('\n')) {
+						yaml += `          ${line}\n`;
+					}
+				}
+			}
+		}
+	}
+	try {
+		writeFileSync(yamlPath, yaml);
+	} catch (error) {
+		harperLogger.error('Error writing UDS metadata to ' + yamlPath, error);
+	}
+}
+/** Clean all files in the sockets directory. Call from main thread on process startup. */
+export function cleanupSocketsDirectory() {
+	if (!env.get(terms.CONFIG_PARAMS.TLS_UNIXDOMAINSOCKETS)) return;
+	const socketsDir = join(env.getHdbBasePath(), 'sockets');
+	try {
+		for (const file of readdirSync(socketsDir)) {
+			try {
+				unlinkSync(join(socketsDir, file));
+			} catch {}
+		}
+	} catch {}
+}
 export function handleApplication(scope: Scope) {
 	httpOptions = scope.options.getAll() as HttpOptions;
@@ -443,6 +517,46 @@ function getHTTPServer(port: number, secure: boolean, options: ServerOptions) {
 			server.isSecure = true;
 		}
 		registerServer(server, port);
+		// Operations API domain socket connections bypass auth (equivalent to local access)
+		if (isOperationsServer && String(port).includes('/')) server.bypassLocalAuth = true;
+		// Create a corresponding Unix Domain Socket mirror for secure ports
+		if (secure && env.get(terms.CONFIG_PARAMS.TLS_UNIXDOMAINSOCKETS)) {
+			const socketsDir = join(env.getHdbBasePath(), 'sockets');
+			mkdirSync(socketsDir, { recursive: true });
+			const socketName = `${getWorkerIndex()}-${port}`;
+			const udsPath = join(socketsDir, `${socketName}.sock`);
+			const yamlPath = join(socketsDir, `${socketName}.yaml`);
+			// Create a plain HTTP server (no TLS) with the same request handler
+			const udsServer = createServer(
+				{
+					keepAliveTimeout,
+					headersTimeout,
+					requestTimeout,
+					highWaterMark: 128 * 1024,
+					noDelay: true,
+					keepAlive: true,
+					keepAliveInitialDelay: 600,
+					maxHeaderSize: env.get(terms.CONFIG_PARAMS.HTTP_MAXHEADERSIZE),
+				},
+				(nodeRequest: IncomingMessage, nodeResponse: any) => {
+					const method = nodeRequest.method;
+					if (method === 'GET' || method === 'OPTIONS' || method === 'HEAD') requestHandler(nodeRequest, nodeResponse);
+					else throttledRequestHandler(nodeRequest, nodeResponse);
+				}
+			);
+			udsServer.isPerThreadSocket = true;
+			enableProxyProtocol(udsServer);
+			SERVERS[udsPath] = udsServer;
+			registerUdsCleanupPaths(udsPath, yamlPath);
+			const writeMetadata = () => writeUdsMetadata(yamlPath, port, server);
+			options.SNICallback.ready.then(writeMetadata);
+			server.secureContextsListeners.push(writeMetadata);
+		}
 	}
 	return httpServers[port];
 }
@@ -584,6 +698,66 @@ function onWebSocket(listener: (ws: WebSocket) => void, options: OnWebSocketOpti
 	return servers;
 }
+// PROXY protocol v1 max header length per spec: 108 bytes
+const PROXY_V1_MAX_HEADER = 108;
+function enableProxyProtocol(httpServer) {
+	// In Node.js v24+, the HTTP parser's data path goes through the C++ stream layer
+	// and does not call socket.emit('data') via JavaScript method dispatch.
+	// Overriding socket.emit or socket.push has no effect on the HTTP parser's data intake.
+	//
+	// Instead: use process.nextTick inside the 'connection' handler to wrap the HTTP
+	// parser's 'data' listener after it has been registered (synchronously, by the HTTP
+	// parser's own 'connection' handler which runs right after ours).
+	// process.nextTick fires before any I/O callbacks, so it is guaranteed to run before
+	// the first network data chunk reaches the socket — making the interception race-free.
+	httpServer.prependListener('connection', (socket) => {
+		process.nextTick(() => {
+			// Capture the HTTP parser's 'data' listener(s) registered during this connection event.
+			const dataListeners = socket.listeners('data') as ((chunk: Buffer) => void)[];
+			if (dataListeners.length === 0) return;
+			socket.removeAllListeners('data');
+			let proxyDone = false;
+			socket.on('data', (chunk: Buffer) => {
+				if (!proxyDone) {
+					proxyDone = true;
+					// Fast path: PROXY v1 always starts with "PROXY " (0x50 0x52 0x4f 0x58 0x59 0x20)
+					if (
+						chunk.length >= 6 &&
+						chunk[0] === 0x50 &&
+						chunk[1] === 0x52 &&
+						chunk[2] === 0x4f &&
+						chunk[3] === 0x58 &&
+						chunk[4] === 0x59 &&
+						chunk[5] === 0x20
+					) {
+						const header = chunk.toString('latin1', 0, Math.min(PROXY_V1_MAX_HEADER, chunk.length));
+						const eol = header.indexOf('\r\n');
+						if (eol !== -1) {
+							// "PROXY TCP4 <src-ip> <dst-ip> <src-port> <dst-port>"
+							const parts = header.slice(0, eol).split(' ');
+							if (parts.length === 6) {
+								// Override the UDS socket's undefined remoteAddress/remotePort with the real client values.
+								Object.defineProperty(socket, 'remoteAddress', { value: parts[2], configurable: true });
+								Object.defineProperty(socket, 'remotePort', { value: parseInt(parts[4], 10), configurable: true });
+							}
+							// Forward only the bytes after the PROXY header to the HTTP parser.
+							const rest = chunk.subarray(eol + 2);
+							if (rest.length > 0) {
+								for (const listener of dataListeners) listener.call(socket, rest);
+							}
+							return;
+						}
+					}
+				}
+				// Not a PROXY header (or already handled) — forward unchanged.
+				for (const listener of dataListeners) listener.call(socket, chunk);
+			});
+		});
+	});
+}
 function defaultNotFound(request, response) {
 	if (response.headersSent || response.writableEnded) return;
 	response.writeHead(404);

package/core/server/mqtt.ts CHANGED Viewed

@@ -23,7 +23,14 @@ export function bypassAuth() {
 const authorizeLocal = (remoteAddress: string) =>
 	AUTHORIZE_LOCAL && (remoteAddress.includes('127.0.0.') || remoteAddress === '::1');
-export function start({ server, port, network, webSocket, securePort, requireAuthentication }) {
+export function handleApplication(scope: import('../components/Scope.ts').Scope) {
+	const { network, webSocket, requireAuthentication } = scope.options.getAll() as {
+		network?: any;
+		webSocket?: any;
+		requireAuthentication?: boolean;
+	};
+	const server = scope.server;
+	const { port, securePort } = network ?? {};
 	// here we basically normalize the different types of sockets to pass to our socket/message handler
 	if (!server.mqtt) {
 		server.mqtt = {
@@ -160,7 +167,6 @@ export function start({ server, port, network, webSocket, securePort, requireAut
 			)
 		);
 	}
-	return serverInstances;
 }
 let addingMetrics,
 	numberOfConnections = 0;

package/core/server/serverHelpers/serverUtilities.ts CHANGED Viewed

@@ -19,7 +19,7 @@ import restart from '../../bin/restart.js';
 import * as util from 'util';
 import insert from '../../dataLayer/insert.js';
 import globalSchema from '../../utility/globalSchema.js';
-import systemInformation from '../../utility/environment/systemInformation.js';
+import { systemInformation } from '../../utility/environment/systemInformation.ts';
 import jobRunner from '../jobs/jobRunner.js';
 import * as tokenAuthentication from '../../security/tokenAuthentication.ts';
 import * as auth from '../../security/auth.ts';
@@ -363,10 +363,7 @@ function initializeOperationFunctionMap(): Map<OperationFunctionName, OperationF
 	opFuncMap.set(terms.OPERATIONS_ENUM.RESTART, new OperationFunctionObject(restart.restart));
 	opFuncMap.set(terms.OPERATIONS_ENUM.RESTART_SERVICE, new OperationFunctionObject(executeJob, restart.restartService));
 	opFuncMap.set(terms.OPERATIONS_ENUM.CATCHUP, new OperationFunctionObject(catchup));
-	opFuncMap.set(
-		terms.OPERATIONS_ENUM.SYSTEM_INFORMATION,
-		new OperationFunctionObject(systemInformation.systemInformation)
-	);
+	opFuncMap.set(terms.OPERATIONS_ENUM.SYSTEM_INFORMATION, new OperationFunctionObject(systemInformation));
 	opFuncMap.set(
 		terms.OPERATIONS_ENUM.DELETE_AUDIT_LOGS_BEFORE,
 		new OperationFunctionObject(executeJob, delete_.deleteAuditLogsBefore)