@harperfast/harper-pro 5.0.6 → 5.0.8

package/core/resources/roles.ts

@@ -9,72 +9,73 @@ const USERS_NOT_DBS = ['super_user', 'structure_user'];
  * This is the component for handling role declarations in the Harper system. This will read roles.yaml for role
  * definitions and ensure that they are created in the system database.
  */
-export function handleApplication(scope: import('../components/Scope.ts').Scope) {
-	scope.handleEntry(async (entry) => {
-		if (entry.eventType === 'unlink') return;
-		return handleFile(entry.contents);
-	});
-}
+// eslint-disable-next-line no-unused-vars
+export function start({ ensureTable }) {
+	return {
+		handleFile,
+		setupFile: handleFile,
+	};
 
-/**
- * This function will handle the roles.yaml file content that has been read, and ensure that the roles are translated to
- * the right shape and created in the system database.
- * @param rolesContent
- */
-async function handleFile(rolesContent) {
-	let rolesToDefine = parseDocument(rolesContent.toString(), { simpleKeys: true }).toJSON();
-	for (let roleName in rolesToDefine) {
-		let role = rolesToDefine[roleName];
-		if (!role.permission) {
-			// we allow the permission object to be collapsed into the root object for convenience
-			role = {
-				permission: role,
-			};
-			if (role.permission.access) {
-				// this is the designed property object for user-defined flags and access levels
-				role.access = role.permission.access;
-				delete role.permission.access;
-			}
-		}
-		for (let dbName in role.permission) {
-			if (USERS_NOT_DBS.includes(dbName)) continue;
-			let db = role.permission[dbName];
-			if (!db.tables) {
-				// we allow the tables object to be collapsed into the root object for convenience
-				role.permission[dbName] = db = { tables: db };
+	/**
+	 * This function will handle the roles.yaml file content that has been read, and ensure that the roles are translated to
+	 * the right shape and created in the system database.
+	 * @param rolesContent
+	 */
+	async function handleFile(rolesContent) {
+		let rolesToDefine = parseDocument(rolesContent.toString(), { simpleKeys: true }).toJSON();
+		for (let roleName in rolesToDefine) {
+			let role = rolesToDefine[roleName];
+			if (!role.permission) {
+				// we allow the permission object to be collapsed into the root object for convenience
+				role = {
+					permission: role,
+				};
+				if (role.permission.access) {
+					// this is the designed property object for user-defined flags and access levels
+					role.access = role.permission.access;
+					delete role.permission.access;
+				}
 			}
-			for (let tableName in db.tables) {
-				let table = db.tables[tableName];
-				// ensure that all the flags are boolean
-				table.read = Boolean(table.read);
-				table.insert = Boolean(table.insert);
-				table.update = Boolean(table.update);
-				table.delete = Boolean(table.delete);
-				if (table.attributes) {
-					// allow attributes to be defined with an object, translating to an array
-					let attributes = [];
-					for (let attribute_name in table.attributes) {
-						let attribute = table.attributes[attribute_name];
-						attribute.attribute_name = attribute_name;
-						attributes.push(attribute);
-					}
-					table.attribute_permissions = attributes;
-					delete table.attributes;
+			for (let dbName in role.permission) {
+				if (USERS_NOT_DBS.includes(dbName)) continue;
+				let db = role.permission[dbName];
+				if (!db.tables) {
+					// we allow the tables object to be collapsed into the root object for convenience
+					role.permission[dbName] = db = { tables: db };
 				}
-				if (table.attribute_permissions) {
-					if (!Array.isArray(table.attribute_permissions))
-						throw new Error('attribute_permissions must be an array if defined');
-					for (let attribute of table.attribute_permissions) {
-						// ensure that all the flags are boolean
-						attribute.read = Boolean(attribute.read);
-						attribute.insert = Boolean(attribute.insert);
-						attribute.update = Boolean(attribute.update);
+				for (let tableName in db.tables) {
+					let table = db.tables[tableName];
+					// ensure that all the flags are boolean
+					table.read = Boolean(table.read);
+					table.insert = Boolean(table.insert);
+					table.update = Boolean(table.update);
+					table.delete = Boolean(table.delete);
+					if (table.attributes) {
+						// allow attributes to be defined with an object, translating to an array
+						let attributes = [];
+						for (let attribute_name in table.attributes) {
+							let attribute = table.attributes[attribute_name];
+							attribute.attribute_name = attribute_name;
+							attributes.push(attribute);
+						}
+						table.attribute_permissions = attributes;
+						delete table.attributes;
 					}
-				} else table.attribute_permissions = null;
+					if (table.attribute_permissions) {
+						if (!Array.isArray(table.attribute_permissions))
+							throw new Error('attribute_permissions must be an array if defined');
+						for (let attribute of table.attribute_permissions) {
+							// ensure that all the flags are boolean
+							attribute.read = Boolean(attribute.read);
+							attribute.insert = Boolean(attribute.insert);
+							attribute.update = Boolean(attribute.update);
+						}
+					} else table.attribute_permissions = null;
+				}
 			}
+			role.role = role.id = roleName;
+			await ensureRole(role);
 		}
-		role.role = role.id = roleName;
-		await ensureRole(role);
 	}
 }
 async function ensureRole(role) {
@@ -91,3 +92,7 @@ async function ensureRole(role) {
 	}
 	return addRole(role);
 }
+
+// we can define these on the main thread
+export const startOnMainThread = start;
+// useful for testing

package/core/security/auth.ts

@@ -243,9 +243,7 @@ export async function authentication(request, nextHandler) {
 			request.user = await server.getUser(session.user, null, request);
 		} else if (
 			(AUTHORIZE_LOCAL && (request.ip?.includes('127.0.0.') || request.ip == '::1')) ||
-			(request?._nodeRequest?.socket?.server?._pipeName &&
-				request?._nodeRequest?.socket?.server?.bypassLocalAuth &&
-				request.ip === undefined) // allow operations API domain socket
+			(request?._nodeRequest?.socket?.server?._pipeName && request.ip === undefined) // allow socket domain
 		) {
 			request.user = await getSuperUser();
 		}
@@ -346,18 +344,19 @@ export async function authentication(request, nextHandler) {
 		return response;
 	}
 }
-setInterval(() => {
-	authorizationCache = new Map();
-}, env.get(CONFIG_PARAMS.AUTHENTICATION_CACHETTL)).unref();
-user.addListener(() => {
-	authorizationCache = new Map();
-});
-let started = false;
-export function handleApplication(scope: import('../components/Scope.ts').Scope) {
-	if (started) return;
-	started = true;
-	const { port, securePort } = scope.options.getAll() as { port?: number; securePort?: number };
-	scope.server.http(authentication, port || securePort ? { port, securePort } : { port: 'all' });
+let started;
+export function start({ server, port, securePort }) {
+	server.http(authentication, port || securePort ? { port, securePort } : { port: 'all' });
+	// keep it cleaned out periodically
+	if (!started) {
+		started = true;
+		setInterval(() => {
+			authorizationCache = new Map();
+		}, env.get(CONFIG_PARAMS.AUTHENTICATION_CACHETTL)).unref();
+		user.addListener(() => {
+			authorizationCache = new Map();
+		});
+	}
 }
 // operations
 export async function login(loginObject) {

package/core/security/keys.js

@@ -857,7 +857,7 @@ function createTLSSelector(type, mtlsOptions) {
 	return SNICallback;
 	function SNICallback(servername, cb) {
 		// find the matching server name, substituting wildcards for each part of the domain to find matches
-		logger.info?.('TLS requested for', servername || '(no SNI)');
+		logger.debug?.('TLS requested for', servername || '(no SNI)');
 		let matchingName = servername;
 		while (true) {
 			let context = secureContexts.get(matchingName);

package/core/server/DurableSubscriptionsSession.ts

@@ -257,6 +257,7 @@ class SubscriptionsSession {
 			const _result = (async () => {
 				for await (const update of subscription) {
 					try {
+						if (!update || typeof update !== 'object') continue;
 						let messageId;
 						if (
 							update.type &&

package/core/server/REST.ts

@@ -1,6 +1,7 @@
 import { serialize, serializeMessage, getDeserializer } from '../server/serverHelpers/contentTypes.ts';
 import { addAnalyticsListener, recordAction, recordActionBinary } from '../resources/analytics/write.ts';
 import * as harperLogger from '../utility/logging/harper_logger.js';
+import { ServerOptions } from 'http';
 import { ServerError, ClientError } from '../utility/errors/hdbError.js';
 import { Resources } from '../resources/Resources.ts';
 import { Resource, missingMethod, allowedMethods } from '../resources/Resource.ts';
@@ -276,26 +277,26 @@ async function http(request: Context & Request, nextHandler) {
 	}
 }
 
-let started = false;
+let started;
 let resources: Resources;
 let addedMetrics;
 let connectionCount = 0;
 
-export function handleApplication(scope: import('../components/Scope.ts').Scope) {
-	httpOptions = scope.options.getAll();
-	if ((httpOptions as any).includeExpensiveRecordCountEstimates) {
+export function start(options: ServerOptions & { path: string; port: number; server: any; resources: Resources }) {
+	httpOptions = options;
+	if (options.includeExpensiveRecordCountEstimates) {
 		// If they really want to enable expensive record count estimates
 		Request.prototype.includeExpensiveRecordCountEstimates = true;
 	}
-	resources = scope.resources;
 	if (started) return;
 	started = true;
-	scope.server.http(async (request: Request, nextHandler) => {
+	resources = options.resources;
+	options.server.http(async (request: Request, nextHandler) => {
 		if (request.isWebSocket) return;
 		return http(request, nextHandler);
-	}, httpOptions);
-	if ((httpOptions as any).webSocket === false) return;
-	scope.server.ws(async (ws, request, chainCompletion) => {
+	}, options);
+	if (options.webSocket === false) return;
+	options.server.ws(async (ws, request, chainCompletion) => {
 		connectionCount++;
 		const incomingMessages = new IterableEventQueue();
 		if (!addedMetrics) {
@@ -381,7 +382,7 @@ export function handleApplication(scope: import('../components/Scope.ts').Scope)
 			);
 		}
 		ws.close();
-	}, httpOptions);
+	}, options);
 }
 const HTTP_TO_WEBSOCKET_CLOSE_CODES = {
 	401: 3000,

package/core/server/fastifyRoutes.ts

@@ -1,4 +1,4 @@
-import { dirname, basename } from 'path';
+import { dirname } from 'path';
 import { existsSync } from 'fs';
 import fastify from 'fastify';
 import fastifyCors from '@fastify/cors';
@@ -32,36 +32,35 @@ const routeFolders = new Set();
  * @param filePath
  * @param projectName
  */
-export function handleApplication(scope: import('../components/Scope.ts').Scope) {
+export function start(options) {
 	// if we have a secure port, need to use the secure HTTP server for fastify (it can be used for HTTP as well)
-	const isHttps = (scope.options.getAll() as { securePort?: number }).securePort > 0;
-	scope.handleEntry(async (entry) => {
-		if (entry.eventType !== 'add') {
-			scope.requestRestart();
-			return;
-		}
-		if (!fastifyServer) {
-			fastifyServer = buildServer(isHttps);
-			server.http((await fastifyServer).server);
-		}
-		const resolvedServer = await fastifyServer;
-		const routeFolder = dirname(entry.absolutePath);
-		let prefix = basename(scope.appName);
-		if (prefix.startsWith('/')) prefix = prefix.slice(1);
-		if (!routeFolders.has(routeFolder)) {
-			routeFolders.add(routeFolder);
-			try {
-				resolvedServer.register(buildRouteFolder(routeFolder, prefix));
-			} catch (error) {
-				if (error.message === 'Root plugin has already booted')
-					harperLogger.warn(
-						`Could not load root fastify route for ${entry.absolutePath}, this may require a restart to install properly`
-					);
-				else throw error;
+	const isHttps = options.securePort > 0;
+	return {
+		// eslint-disable-next-line no-unused-vars
+		async handleFile(jsContent, relativePath, filePath, projectName) {
+			if (!fastifyServer) {
+				fastifyServer = buildServer(isHttps);
+				server.http((await fastifyServer).server);
 			}
-		}
-		await ready();
-	});
+			const resolvedServer = await fastifyServer;
+			const routeFolder = dirname(filePath);
+			let prefix = dirname(relativePath);
+			if (prefix.startsWith('/')) prefix = prefix.slice(1);
+			if (!routeFolders.has(routeFolder)) {
+				routeFolders.add(routeFolder);
+				try {
+					resolvedServer.register(buildRouteFolder(routeFolder, prefix));
+				} catch (error) {
+					if (error.message === 'Root plugin has already booted')
+						harperLogger.warn(
+							`Could not load root fastify route for ${filePath}, this may require a restart to install properly`
+						);
+					else throw error;
+				}
+			}
+		},
+		ready,
+	};
 }
 /**
  * Function called to start up server instance on a forked process - this method is called from customFunctionServer after process is
@@ -119,7 +118,7 @@ async function setUp() {
 	}
 }
 
-//
+// eslint-disable-next-line require-await
 function buildRouteFolder(routesFolder, projectName) {
 	return async function (cfServer) {
 		try {

package/core/server/graphqlQuerying.ts

@@ -570,9 +570,8 @@ async function graphqlQueryingHandler(request: Request) {
 	}
 }
 
-export function handleApplication(scope: import('../components/Scope.ts').Scope) {
-	const { port, securePort } = scope.options.getAll() as { port?: number; securePort?: number };
-	scope.server.http(
+export function start(options) {
+	options.server.http(
 		async (request, nextLayer) => {
 			if (!request.url.startsWith('/graphql')) {
 				return nextLayer(request);
@@ -696,6 +695,6 @@ export function handleApplication(scope: import('../components/Scope.ts').Scope)
 				throw error;
 			}
 		},
-		{ port, securePort }
+		{ port: options.port, securePort: options.securePort }
 	);
 }

package/core/server/http.ts

@@ -2,7 +2,6 @@
  * This module represents the HTTP component for Harper, and receives the HTTP options and uses them to configure
  * HTTP servers
  */
-import { currentThreadId } from '@harperfast/rocksdb-js';
 import { Scope } from '../components/Scope.ts';
 import { Socket } from 'node:net';
 import harperLogger from '../utility/logging/harper_logger.js';
@@ -10,7 +9,7 @@ import { parentPort } from 'node:worker_threads';
 import env from '../utility/environment/environmentManager.js';
 import * as terms from '../utility/hdbTerms.ts';
 import { getConfigPath } from '../config/configUtils.js';
-import { getTicketKeys, getWorkerIndex } from './threads/manageThreads.js';
+import { getTicketKeys } from './threads/manageThreads.js';
 import { createTLSSelector } from '../security/keys.js';
 import { createSecureServer } from 'node:http2';
 import { createServer as createSecureServerHttp1 } from 'node:https';
@@ -20,8 +19,6 @@ import { appendHeader, Headers } from './serverHelpers/Headers.ts';
 import { Blob } from '../resources/blob.ts';
 import { recordAction, recordActionBinary } from '../resources/analytics/write.ts';
 import { Readable } from 'node:stream';
-import { mkdirSync, writeFileSync, unlinkSync, readdirSync } from 'node:fs';
-import { join } from 'node:path';
 import { server, type ServerOptions, type HttpOptions, type UpgradeOptions, UpgradeListener } from './Server.ts';
 import { setPortServerMap, SERVERS } from './serverRegistry.ts';
 import { getComponentName } from '../components/componentLoader.ts';
@@ -39,77 +36,6 @@ const httpServers = {},
 	httpResponders = [];
 let httpOptions: HttpOptions = {};
 export const universalHeaders: [string, string][] = [];
-const udsCleanupPaths: { socketPath: string; yamlPath: string }[] = [];
-
-export function registerUdsCleanupPaths(socketPath: string, yamlPath: string) {
-	udsCleanupPaths.push({ socketPath, yamlPath });
-}
-
-export function cleanupUdsFiles() {
-	for (const { socketPath, yamlPath } of udsCleanupPaths) {
-		try {
-			unlinkSync(socketPath);
-		} catch {}
-		try {
-			unlinkSync(yamlPath);
-		} catch {}
-	}
-}
-
-/** Write YAML metadata for a UDS mirror socket, describing the TLS certs from the corresponding secure server. */
-export function writeUdsMetadata(yamlPath: string, port: number | string, secureServer: any) {
-	const contexts = secureServer.secureContexts;
-	let yaml = `pid: ${process.pid}\ntid: ${currentThreadId()}\nport: ${port}\n`;
-	yaml += `certificates:\n`;
-	if (contexts?.size > 0) {
-		const seen = new Set();
-		for (const [, ctx] of contexts) {
-			if (seen.has(ctx.name)) continue;
-			seen.add(ctx.name);
-			yaml += `  - name: ${JSON.stringify(ctx.name)}\n`;
-			yaml += `    hostnames:\n`;
-			for (const [h, c] of contexts) {
-				if (c.name === ctx.name) yaml += `      - ${JSON.stringify(h)}\n`;
-			}
-			if (ctx.options.key_file) {
-				yaml += `    privateKeyFile: ${JSON.stringify(join(env.get(terms.CONFIG_PARAMS.ROOTPATH), 'keys', ctx.options.key_file))}\n`;
-			}
-			if (ctx.options.cert) {
-				yaml += `    certificate: |\n`;
-				for (const line of ctx.options.cert.trimEnd().split('\n')) {
-					yaml += `      ${line}\n`;
-				}
-			}
-			if (ctx.certificateAuthorities?.length > 0) {
-				yaml += `    certificateAuthorities:\n`;
-				for (const [, ca] of ctx.certificateAuthorities) {
-					yaml += `      - |\n`;
-					for (const line of ca.trimEnd().split('\n')) {
-						yaml += `          ${line}\n`;
-					}
-				}
-			}
-		}
-	}
-	try {
-		writeFileSync(yamlPath, yaml);
-	} catch (error) {
-		harperLogger.error('Error writing UDS metadata to ' + yamlPath, error);
-	}
-}
-
-/** Clean all files in the sockets directory. Call from main thread on process startup. */
-export function cleanupSocketsDirectory() {
-	if (!env.get(terms.CONFIG_PARAMS.TLS_UNIXDOMAINSOCKETS)) return;
-	const socketsDir = join(env.getHdbBasePath(), 'sockets');
-	try {
-		for (const file of readdirSync(socketsDir)) {
-			try {
-				unlinkSync(join(socketsDir, file));
-			} catch {}
-		}
-	} catch {}
-}
 
 export function handleApplication(scope: Scope) {
 	httpOptions = scope.options.getAll() as HttpOptions;
@@ -517,46 +443,6 @@ function getHTTPServer(port: number, secure: boolean, options: ServerOptions) {
 			server.isSecure = true;
 		}
 		registerServer(server, port);
-
-		// Operations API domain socket connections bypass auth (equivalent to local access)
-		if (isOperationsServer && String(port).includes('/')) server.bypassLocalAuth = true;
-
-		// Create a corresponding Unix Domain Socket mirror for secure ports
-		if (secure && env.get(terms.CONFIG_PARAMS.TLS_UNIXDOMAINSOCKETS)) {
-			const socketsDir = join(env.getHdbBasePath(), 'sockets');
-			mkdirSync(socketsDir, { recursive: true });
-			const socketName = `${getWorkerIndex()}-${port}`;
-			const udsPath = join(socketsDir, `${socketName}.sock`);
-			const yamlPath = join(socketsDir, `${socketName}.yaml`);
-
-			// Create a plain HTTP server (no TLS) with the same request handler
-			const udsServer = createServer(
-				{
-					keepAliveTimeout,
-					headersTimeout,
-					requestTimeout,
-					highWaterMark: 128 * 1024,
-					noDelay: true,
-					keepAlive: true,
-					keepAliveInitialDelay: 600,
-					maxHeaderSize: env.get(terms.CONFIG_PARAMS.HTTP_MAXHEADERSIZE),
-				},
-				(nodeRequest: IncomingMessage, nodeResponse: any) => {
-					const method = nodeRequest.method;
-					if (method === 'GET' || method === 'OPTIONS' || method === 'HEAD') requestHandler(nodeRequest, nodeResponse);
-					else throttledRequestHandler(nodeRequest, nodeResponse);
-				}
-			);
-
-			udsServer.isPerThreadSocket = true;
-			enableProxyProtocol(udsServer);
-			SERVERS[udsPath] = udsServer;
-			registerUdsCleanupPaths(udsPath, yamlPath);
-
-			const writeMetadata = () => writeUdsMetadata(yamlPath, port, server);
-			options.SNICallback.ready.then(writeMetadata);
-			server.secureContextsListeners.push(writeMetadata);
-		}
 	}
 	return httpServers[port];
 }
@@ -698,66 +584,6 @@ function onWebSocket(listener: (ws: WebSocket) => void, options: OnWebSocketOpti
 	return servers;
 }
 
-// PROXY protocol v1 max header length per spec: 108 bytes
-const PROXY_V1_MAX_HEADER = 108;
-
-function enableProxyProtocol(httpServer) {
-	// In Node.js v24+, the HTTP parser's data path goes through the C++ stream layer
-	// and does not call socket.emit('data') via JavaScript method dispatch.
-	// Overriding socket.emit or socket.push has no effect on the HTTP parser's data intake.
-	//
-	// Instead: use process.nextTick inside the 'connection' handler to wrap the HTTP
-	// parser's 'data' listener after it has been registered (synchronously, by the HTTP
-	// parser's own 'connection' handler which runs right after ours).
-	// process.nextTick fires before any I/O callbacks, so it is guaranteed to run before
-	// the first network data chunk reaches the socket — making the interception race-free.
-	httpServer.prependListener('connection', (socket) => {
-		process.nextTick(() => {
-			// Capture the HTTP parser's 'data' listener(s) registered during this connection event.
-			const dataListeners = socket.listeners('data') as ((chunk: Buffer) => void)[];
-			if (dataListeners.length === 0) return;
-			socket.removeAllListeners('data');
-
-			let proxyDone = false;
-			socket.on('data', (chunk: Buffer) => {
-				if (!proxyDone) {
-					proxyDone = true;
-					// Fast path: PROXY v1 always starts with "PROXY " (0x50 0x52 0x4f 0x58 0x59 0x20)
-					if (
-						chunk.length >= 6 &&
-						chunk[0] === 0x50 &&
-						chunk[1] === 0x52 &&
-						chunk[2] === 0x4f &&
-						chunk[3] === 0x58 &&
-						chunk[4] === 0x59 &&
-						chunk[5] === 0x20
-					) {
-						const header = chunk.toString('latin1', 0, Math.min(PROXY_V1_MAX_HEADER, chunk.length));
-						const eol = header.indexOf('\r\n');
-						if (eol !== -1) {
-							// "PROXY TCP4 <src-ip> <dst-ip> <src-port> <dst-port>"
-							const parts = header.slice(0, eol).split(' ');
-							if (parts.length === 6) {
-								// Override the UDS socket's undefined remoteAddress/remotePort with the real client values.
-								Object.defineProperty(socket, 'remoteAddress', { value: parts[2], configurable: true });
-								Object.defineProperty(socket, 'remotePort', { value: parseInt(parts[4], 10), configurable: true });
-							}
-							// Forward only the bytes after the PROXY header to the HTTP parser.
-							const rest = chunk.subarray(eol + 2);
-							if (rest.length > 0) {
-								for (const listener of dataListeners) listener.call(socket, rest);
-							}
-							return;
-						}
-					}
-				}
-				// Not a PROXY header (or already handled) — forward unchanged.
-				for (const listener of dataListeners) listener.call(socket, chunk);
-			});
-		});
-	});
-}
-
 function defaultNotFound(request, response) {
 	if (response.headersSent || response.writableEnded) return;
 	response.writeHead(404);

package/core/server/mqtt.ts

@@ -23,14 +23,7 @@ export function bypassAuth() {
 const authorizeLocal = (remoteAddress: string) =>
 	AUTHORIZE_LOCAL && (remoteAddress.includes('127.0.0.') || remoteAddress === '::1');
 
-export function handleApplication(scope: import('../components/Scope.ts').Scope) {
-	const { network, webSocket, requireAuthentication } = scope.options.getAll() as {
-		network?: any;
-		webSocket?: any;
-		requireAuthentication?: boolean;
-	};
-	const server = scope.server;
-	const { port, securePort } = network ?? {};
+export function start({ server, port, network, webSocket, securePort, requireAuthentication }) {
 	// here we basically normalize the different types of sockets to pass to our socket/message handler
 	if (!server.mqtt) {
 		server.mqtt = {
@@ -167,6 +160,7 @@ export function handleApplication(scope: import('../components/Scope.ts').Scope)
 			)
 		);
 	}
+	return serverInstances;
 }
 let addingMetrics,
 	numberOfConnections = 0;

package/core/server/threads/threadServer.js

@@ -2,8 +2,7 @@
 
 const { isMainThread, parentPort, threadId, workerData } = require('node:worker_threads');
 const { createServer: createSocketServer } = require('node:net');
-const { unlinkSync, existsSync, mkdirSync } = require('fs');
-const { join } = require('path');
+const { unlinkSync, existsSync } = require('fs');
 let componentsLoadedResolve;
 exports.whenComponentsLoaded = new Promise((resolve) => {
 	componentsLoadedResolve = resolve;
@@ -145,8 +144,6 @@ function startServers() {
 								}, 5000).unref();
 							});
 						}
-						// Clean up per-thread UDS socket and metadata files
-						httpComponent.cleanupUdsFiles();
 						if (debugThreads || process.env.DEV_MODE) {
 							try {
 								require('inspector').close();
@@ -175,8 +172,6 @@ function startServers() {
 			});
 		});
 	componentsLoadedResolve(loaded);
-	// Clean up UDS files on unexpected process exit
-	process.on('exit', () => httpComponent.cleanupUdsFiles());
 	return loaded;
 }
 function listenOnPorts() {
@@ -185,7 +180,7 @@ function listenOnPorts() {
 		const server = SERVERS[port];
 
 		// If server is unix domain socket
-		if (port.includes?.('/')) {
+		if (port.includes?.('/') && getWorkerIndex() == 0) {
 			if (existsSync(port)) unlinkSync(port);
 			listening.push(
 				new Promise((resolve, reject) => {
@@ -270,29 +265,6 @@ function onSocket(listener, options) {
 		);
 		SNICallback.initialize(socketServer);
 		SERVERS[options.securePort] = socketServer;
-
-		// Create a corresponding Unix Domain Socket mirror for the secure socket
-		if (env.get(terms.CONFIG_PARAMS.TLS_UNIXDOMAINSOCKETS)) {
-			const socketsDir = join(env.getHdbBasePath(), 'sockets');
-			mkdirSync(socketsDir, { recursive: true });
-			const socketName = `${getWorkerIndex()}-${options.securePort}`;
-			const udsPath = join(socketsDir, `${socketName}.sock`);
-			const yamlPath = join(socketsDir, `${socketName}.yaml`);
-
-			const udsServer = createSocketServer(listener, {
-				noDelay: true,
-				keepAlive: true,
-				keepAliveInitialDelay: 600,
-			});
-
-			udsServer.isPerThreadSocket = true;
-			SERVERS[udsPath] = udsServer;
-			httpComponent.registerUdsCleanupPaths(udsPath, yamlPath);
-
-			const writeMetadata = () => httpComponent.writeUdsMetadata(yamlPath, options.securePort, socketServer);
-			SNICallback.ready.then(writeMetadata);
-			socketServer.secureContextsListeners.push(writeMetadata);
-		}
 	}
 	if (options.port) {
 		setPortServerMap(options.port, { protocol_name: 'TCP', name: getComponentName() });