npm - @ik-firewall/core - Versions diffs - 2.4.0 → 2.4.2 - Mend

@ik-firewall/core 2.4.0 → 2.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.cjs CHANGED Viewed

@@ -90,10 +90,10 @@ var Registry = class _Registry {
   /**
    * Loads instance configurations with Hook support
    */
-  load() {
+  async load() {
     if (this.hooks?.loadState) {
       try {
-        const hookData = this.hooks.loadState("ik_registry");
+        const hookData = await this.hooks.loadState("ik_registry");
         if (hookData) return JSON.parse(hookData);
       } catch (e) {
         console.warn("[IK_REGISTRY] Registry load via hook failed, falling back...");
@@ -114,10 +114,10 @@ var Registry = class _Registry {
     }
     return {};
   }
-  save(data) {
+  async save(data) {
     const jsonStr = JSON.stringify(data, null, 2);
     if (this.hooks?.persistState) {
-      this.hooks.persistState("ik_registry", jsonStr);
+      await this.hooks.persistState("ik_registry", jsonStr);
     }
     if (fs && this.registryPath) {
       try {
@@ -132,10 +132,10 @@ var Registry = class _Registry {
       }
     }
   }
-  updateInstance(instanceId, config) {
-    const all = this.load();
+  async updateInstance(instanceId, config) {
+    const all = await this.load();
     all[instanceId] = { ...all[instanceId] || {}, ...config, updatedAt: (/* @__PURE__ */ new Date()).toISOString() };
-    this.save(all);
+    await this.save(all);
   }
   getUsageFilePath() {
     return this.usagePath;
@@ -158,13 +158,25 @@ var Registry = class _Registry {
     } catch (e) {
     }
   }
-  clearUsage() {
+  async clearUsage() {
     if (!fs || !this.usagePath) return;
     try {
       if (fs.existsSync(this.usagePath)) fs.unlinkSync(this.usagePath);
     } catch (e) {
     }
   }
+  async getLastFlushTime() {
+    if (this.hooks?.loadState) {
+      const val = await this.hooks.loadState("ik_last_flush");
+      if (val) return parseInt(val, 10);
+    }
+    return null;
+  }
+  async setLastFlushTime(time) {
+    if (this.hooks?.persistState) {
+      await this.hooks.persistState("ik_last_flush", time.toString());
+    }
+  }
 };
 // src/lib/hmac.ts
@@ -173,13 +185,22 @@ var IKHmac = class {
   constructor(secret) {
     this.secret = secret;
   }
+  sortObject(obj) {
+    if (obj === null || typeof obj !== "object") return obj;
+    if (Array.isArray(obj)) return obj.map((i) => this.sortObject(i));
+    const sorted = {};
+    Object.keys(obj).sort().forEach((key) => {
+      sorted[key] = this.sortObject(obj[key]);
+    });
+    return sorted;
+  }
   /**
    * Verifies that a response from the IK-Firewall server is authentic.
    */
   async verify(data) {
     if (!data || !data.signature) return false;
     const { signature, ...rest } = data;
-    const payload = JSON.stringify(rest);
+    const payload = JSON.stringify(this.sortObject(rest));
     try {
       const crypto = typeof window === "undefined" ? (await import(
         /* webpackIgnore: true */
@@ -210,7 +231,6 @@ var ConfigManager = class {
     if (hooks) {
       this.registry.setHooks(hooks);
     }
-    this.loadFromRegistry();
   }
   getRegistry() {
     return this.registry;
@@ -226,16 +246,16 @@ var ConfigManager = class {
         if (state) {
           const parsed = JSON.parse(state);
           const registry = this.registry;
-          registry.save(parsed);
-          this.loadFromRegistry();
+          await registry.save(parsed);
+          await this.loadFromRegistry();
         }
       } catch (e) {
         console.warn("[IK_CONFIG] Hydration from hooks failed:", e);
       }
     }
   }
-  loadFromRegistry() {
-    const instanceConfigs = this.registry.load();
+  async loadFromRegistry() {
+    const instanceConfigs = await this.registry.load();
     this.config.instanceConfigs = {
       ...this.config.instanceConfigs || {},
       ...instanceConfigs
@@ -270,14 +290,15 @@ var ConfigManager = class {
       const response = await fetch(`${endpoint}?licenseKey=${instanceConfig?.licenseKey || ""}&instanceId=${instanceId}&version=2.3.0`);
       if (response.ok) {
         const data = await response.json();
-        if (this.config.hmacSecret) {
-          const verifier = new IKHmac(this.config.hmacSecret);
-          if (!verifier.verify(data)) {
-            console.error("[IK_SYNC] \u{1F6A8} Signature verification failed! Remote config rejected.");
-            return;
-          }
+        const defaultSecret = "default-secret-change-in-production";
+        const hmacSecret = this.config.hmacSecret;
+        const verificationKey = hmacSecret && hmacSecret !== defaultSecret ? hmacSecret : defaultSecret;
+        const verifier = new IKHmac(verificationKey);
+        if (!await verifier.verify(data)) {
+          console.error("[IK_SYNC] \u{1F6A8} Signature verification failed! Remote config rejected.");
+          return;
         }
-        this.setInstanceConfig(instanceId, {
+        await this.setInstanceConfig(instanceId, {
           billingStatus: data.billingStatus,
           isVerified: data.isVerified,
           pricing: data.pricing,
@@ -289,7 +310,7 @@ var ConfigManager = class {
       }
     } catch (error) {
       console.error(`[IK_CONFIG] Remote sync failed (${error.message}). Falling open (Fail-Open mode).`);
-      this.setInstanceConfig(instanceId, {
+      await this.setInstanceConfig(instanceId, {
         isVerified: true,
         lastSyncDate: now.toISOString()
       });
@@ -321,13 +342,13 @@ var ConfigManager = class {
    * Updates the live blocked status for an instance (Kill-Switch).
    * This is used by UsageTracker when it receives a response from the central server.
    */
-  setBlockedStatus(instanceId, blocked) {
+  async setBlockedStatus(instanceId, blocked) {
     if (blocked) {
       this.blockedInstances.add(instanceId);
-      this.setInstanceConfig(instanceId, { billingStatus: "blocked" });
+      await this.setInstanceConfig(instanceId, { billingStatus: "blocked" });
     } else {
       this.blockedInstances.delete(instanceId);
-      this.setInstanceConfig(instanceId, { billingStatus: "active" });
+      await this.setInstanceConfig(instanceId, { billingStatus: "active" });
     }
   }
   updateConfig(newConfig) {
@@ -361,14 +382,15 @@ var ConfigManager = class {
       });
       if (response.ok) {
         const data = await response.json();
-        if (this.config.hmacSecret) {
-          const verifier = new IKHmac(this.config.hmacSecret);
-          if (!verifier.verify(data)) {
-            console.error("[IK_REGISTRY] \u{1F6A8} Registration signature mismatch. Data rejected!");
-            return false;
-          }
+        const defaultSecret = "default-secret-change-in-production";
+        const hmacSecret = this.config.hmacSecret;
+        const verificationKey = hmacSecret && hmacSecret !== defaultSecret ? hmacSecret : defaultSecret;
+        const verifier = new IKHmac(verificationKey);
+        if (!await verifier.verify(data)) {
+          console.error("[IK_REGISTRY] \u{1F6A8} Registration signature mismatch. Data rejected!");
+          return false;
         }
-        this.setInstanceConfig(instanceId, {
+        await this.setInstanceConfig(instanceId, {
           licenseKey: data.licenseKey,
           billingStatus: data.status.toLowerCase(),
           isVerified: true,
@@ -384,10 +406,10 @@ var ConfigManager = class {
       return false;
     }
   }
-  ensureInstanceConfig(instanceId) {
-    const all = this.registry.load();
+  async ensureInstanceConfig(instanceId) {
+    const all = await this.registry.load();
     if (!all[instanceId]) {
-      this.registry.updateInstance(instanceId, {
+      await this.registry.updateInstance(instanceId, {
         balance: this.config.balance || 0.5,
         aggressiveness: this.config.aggressiveness || 0.5,
         isEnabled: true,
@@ -395,15 +417,15 @@ var ConfigManager = class {
         ownerEmail: this.config.ownerEmail
         // Inherit from global if not specific
       });
-      this.loadFromRegistry();
+      await this.loadFromRegistry();
     }
   }
-  getInstanceConfigs() {
+  async getInstanceConfigs() {
     return this.registry.load();
   }
-  setInstanceConfig(instanceId, config) {
-    this.registry.updateInstance(instanceId, config);
-    this.loadFromRegistry();
+  async setInstanceConfig(instanceId, config) {
+    await this.registry.updateInstance(instanceId, config);
+    await this.loadFromRegistry();
   }
 };
@@ -1522,11 +1544,14 @@ var UsageTracker = class {
   }
   async checkFlushConditions(instanceId) {
     const now = Date.now();
+    if (this.lastFlushTime === 0) {
+      const persisted = await this.config.getRegistry().getLastFlushTime();
+      if (persisted) this.lastFlushTime = persisted;
+      else this.lastFlushTime = now;
+    }
     const timeSinceFlush = now - this.lastFlushTime;
     if (this.aggregationMap.size >= this.BATCH_SIZE_THRESHOLD || timeSinceFlush >= this.TIME_THRESHOLD_MS) {
-      this.performAsyncFlush(instanceId).catch((err) => {
-        console.error("[IK_TRACKER] Background flush failed:", err);
-      });
+      await this.performAsyncFlush(instanceId);
     }
   }
   async performAsyncFlush(instanceId) {
@@ -1535,7 +1560,8 @@ var UsageTracker = class {
     const reports = Array.from(this.aggregationMap.values());
     this.aggregationMap.clear();
     this.lastFlushTime = Date.now();
-    const licenseKey = this.config.getConfig().instanceConfigs?.[instanceId]?.licenseKey || this.config.get("licenseKey");
+    const instanceConfigs = await this.config.getInstanceConfigs();
+    const licenseKey = instanceConfigs[instanceId]?.licenseKey || this.config.get("licenseKey");
     const payload = {
       licenseKey: licenseKey || "TRIAL-KEY",
       instanceId,
@@ -1546,12 +1572,13 @@ var UsageTracker = class {
       await this.sendBatch(payload);
     } catch (error) {
       console.error("[IK_TRACKER] Batch send failed:", error.message);
-      const isAuthError = error.message?.includes("401");
-      if (!isAuthError) {
+      const isAuthError = error.message?.includes("401") || error.message?.includes("403");
+      if (isAuthError) {
+        console.warn("[IK_TRACKER] \u{1F512} Unauthorized/Forbidden: Subscription invalid or blocked. Discarding batch.");
+        this.config.setBlockedStatus(instanceId, true);
+      } else {
         console.log("[IK_TRACKER] Queuing for retry...");
         this.handleFailure(payload);
-      } else {
-        console.warn("[IK_TRACKER] Unauthorized: Please check your IK_FIREWALL_SECRET and License Key. Discarding batch.");
       }
     } finally {
       this.flushInProgress = false;
@@ -1564,14 +1591,16 @@ var UsageTracker = class {
     if (process.env.IK_FIREWALL_DISABLED === "true" || process.env.NEXT_PUBLIC_IK_FIREWALL_DISABLED === "true") {
       return;
     }
-    if (hmacSecret) {
-      try {
-        const crypto = typeof window === "undefined" ? (await import("crypto")).default : null;
-        if (crypto && crypto.createHmac) {
-          payload.signature = crypto.createHmac("sha256", hmacSecret).update(JSON.stringify(payload)).digest("hex");
-        }
-      } catch (e) {
+    const defaultSecret = "default-secret-change-in-production";
+    const signingKey = hmacSecret && hmacSecret !== defaultSecret ? hmacSecret : payload.licenseKey || defaultSecret;
+    try {
+      const crypto = typeof window === "undefined" ? (await import("crypto")).default : null;
+      if (crypto && crypto.createHmac) {
+        const { signature: _sig, ...signablePayload } = payload;
+        const sortedPayload = this.sortObject(signablePayload);
+        payload.signature = crypto.createHmac("sha256", signingKey).update(JSON.stringify(sortedPayload)).digest("hex");
       }
+    } catch (e) {
     }
     const response = await fetch(endpoint, {
       method: "POST",
@@ -1594,6 +1623,7 @@ var UsageTracker = class {
       }
     } catch (e) {
     }
+    await this.config.getRegistry().setLastFlushTime(this.lastFlushTime);
     this.hooks?.onFlushSuccess?.(payload);
   }
   async handleFailure(payload) {
@@ -1609,6 +1639,15 @@ var UsageTracker = class {
       await this.hooks.persistState(`ik_retry_${payload.timestamp}`, JSON.stringify(payload));
     }
   }
+  sortObject(obj) {
+    if (obj === null || typeof obj !== "object") return obj;
+    if (Array.isArray(obj)) return obj.map((i) => this.sortObject(i));
+    const sorted = {};
+    Object.keys(obj).sort().forEach((key) => {
+      sorted[key] = this.sortObject(obj[key]);
+    });
+    return sorted;
+  }
   getBuffer() {
     return Array.from(this.aggregationMap.values());
   }
@@ -1807,11 +1846,11 @@ var IKFirewallCore = class _IKFirewallCore {
   getSessionDNA() {
     return this.sessionDNA;
   }
-  getInstanceConfigs() {
+  async getInstanceConfigs() {
     return this.configManager.getInstanceConfigs();
   }
-  setInstanceConfig(instanceId, config) {
-    this.configManager.setInstanceConfig(instanceId, config);
+  async setInstanceConfig(instanceId, config) {
+    await this.configManager.setInstanceConfig(instanceId, config);
   }
   /**
    * Discovers available providers by checking environment variables and local health.
@@ -1895,7 +1934,7 @@ var IKFirewallCore = class _IKFirewallCore {
       this.hydrated = true;
     }
     if (instanceId) {
-      this.configManager.ensureInstanceConfig(instanceId);
+      await this.configManager.ensureInstanceConfig(instanceId);
     }
     const mergedConfig = this.configManager.getMergedConfig(instanceId);
     if (instanceId && mergedConfig?.billingStatus === "blocked") {
@@ -2030,7 +2069,7 @@ var IKFirewallCore = class _IKFirewallCore {
   }
   async analyzeAIAssisted(input, provider, personaName = "professional", instanceId, configOverride) {
     if (instanceId) {
-      this.configManager.ensureInstanceConfig(instanceId);
+      await this.configManager.ensureInstanceConfig(instanceId);
     }
     const activeConfig = this.configManager.getMergedConfig(instanceId, configOverride);
     const locale = activeConfig?.locale || "en";

package/dist/index.d.cts CHANGED Viewed

@@ -340,8 +340,8 @@ declare class IKFirewallCore {
     getConfig(): IKConfig;
     getPlugins(): IKPluginInfo[];
     getSessionDNA(): number;
-    getInstanceConfigs(): Record<string, Partial<IKConfig>>;
-    setInstanceConfig(instanceId: string, config: Partial<IKConfig>): void;
+    getInstanceConfigs(): Promise<Record<string, Partial<IKConfig>>>;
+    setInstanceConfig(instanceId: string, config: Partial<IKConfig>): Promise<void>;
     /**
      * Discovers available providers by checking environment variables and local health.
      */

package/dist/index.d.ts CHANGED Viewed

@@ -340,8 +340,8 @@ declare class IKFirewallCore {
     getConfig(): IKConfig;
     getPlugins(): IKPluginInfo[];
     getSessionDNA(): number;
-    getInstanceConfigs(): Record<string, Partial<IKConfig>>;
-    setInstanceConfig(instanceId: string, config: Partial<IKConfig>): void;
+    getInstanceConfigs(): Promise<Record<string, Partial<IKConfig>>>;
+    setInstanceConfig(instanceId: string, config: Partial<IKConfig>): Promise<void>;
     /**
      * Discovers available providers by checking environment variables and local health.
      */

package/dist/index.js CHANGED Viewed

@@ -48,10 +48,10 @@ var Registry = class _Registry {
   /**
    * Loads instance configurations with Hook support
    */
-  load() {
+  async load() {
     if (this.hooks?.loadState) {
       try {
-        const hookData = this.hooks.loadState("ik_registry");
+        const hookData = await this.hooks.loadState("ik_registry");
         if (hookData) return JSON.parse(hookData);
       } catch (e) {
         console.warn("[IK_REGISTRY] Registry load via hook failed, falling back...");
@@ -72,10 +72,10 @@ var Registry = class _Registry {
     }
     return {};
   }
-  save(data) {
+  async save(data) {
     const jsonStr = JSON.stringify(data, null, 2);
     if (this.hooks?.persistState) {
-      this.hooks.persistState("ik_registry", jsonStr);
+      await this.hooks.persistState("ik_registry", jsonStr);
     }
     if (fs && this.registryPath) {
       try {
@@ -90,10 +90,10 @@ var Registry = class _Registry {
       }
     }
   }
-  updateInstance(instanceId, config) {
-    const all = this.load();
+  async updateInstance(instanceId, config) {
+    const all = await this.load();
     all[instanceId] = { ...all[instanceId] || {}, ...config, updatedAt: (/* @__PURE__ */ new Date()).toISOString() };
-    this.save(all);
+    await this.save(all);
   }
   getUsageFilePath() {
     return this.usagePath;
@@ -116,13 +116,25 @@ var Registry = class _Registry {
     } catch (e) {
     }
   }
-  clearUsage() {
+  async clearUsage() {
     if (!fs || !this.usagePath) return;
     try {
       if (fs.existsSync(this.usagePath)) fs.unlinkSync(this.usagePath);
     } catch (e) {
     }
   }
+  async getLastFlushTime() {
+    if (this.hooks?.loadState) {
+      const val = await this.hooks.loadState("ik_last_flush");
+      if (val) return parseInt(val, 10);
+    }
+    return null;
+  }
+  async setLastFlushTime(time) {
+    if (this.hooks?.persistState) {
+      await this.hooks.persistState("ik_last_flush", time.toString());
+    }
+  }
 };
 // src/lib/hmac.ts
@@ -131,13 +143,22 @@ var IKHmac = class {
   constructor(secret) {
     this.secret = secret;
   }
+  sortObject(obj) {
+    if (obj === null || typeof obj !== "object") return obj;
+    if (Array.isArray(obj)) return obj.map((i) => this.sortObject(i));
+    const sorted = {};
+    Object.keys(obj).sort().forEach((key) => {
+      sorted[key] = this.sortObject(obj[key]);
+    });
+    return sorted;
+  }
   /**
    * Verifies that a response from the IK-Firewall server is authentic.
    */
   async verify(data) {
     if (!data || !data.signature) return false;
     const { signature, ...rest } = data;
-    const payload = JSON.stringify(rest);
+    const payload = JSON.stringify(this.sortObject(rest));
     try {
       const crypto = typeof window === "undefined" ? (await import(
         /* webpackIgnore: true */
@@ -168,7 +189,6 @@ var ConfigManager = class {
     if (hooks) {
       this.registry.setHooks(hooks);
     }
-    this.loadFromRegistry();
   }
   getRegistry() {
     return this.registry;
@@ -184,16 +204,16 @@ var ConfigManager = class {
         if (state) {
           const parsed = JSON.parse(state);
           const registry = this.registry;
-          registry.save(parsed);
-          this.loadFromRegistry();
+          await registry.save(parsed);
+          await this.loadFromRegistry();
         }
       } catch (e) {
         console.warn("[IK_CONFIG] Hydration from hooks failed:", e);
       }
     }
   }
-  loadFromRegistry() {
-    const instanceConfigs = this.registry.load();
+  async loadFromRegistry() {
+    const instanceConfigs = await this.registry.load();
     this.config.instanceConfigs = {
       ...this.config.instanceConfigs || {},
       ...instanceConfigs
@@ -228,14 +248,15 @@ var ConfigManager = class {
       const response = await fetch(`${endpoint}?licenseKey=${instanceConfig?.licenseKey || ""}&instanceId=${instanceId}&version=2.3.0`);
       if (response.ok) {
         const data = await response.json();
-        if (this.config.hmacSecret) {
-          const verifier = new IKHmac(this.config.hmacSecret);
-          if (!verifier.verify(data)) {
-            console.error("[IK_SYNC] \u{1F6A8} Signature verification failed! Remote config rejected.");
-            return;
-          }
+        const defaultSecret = "default-secret-change-in-production";
+        const hmacSecret = this.config.hmacSecret;
+        const verificationKey = hmacSecret && hmacSecret !== defaultSecret ? hmacSecret : defaultSecret;
+        const verifier = new IKHmac(verificationKey);
+        if (!await verifier.verify(data)) {
+          console.error("[IK_SYNC] \u{1F6A8} Signature verification failed! Remote config rejected.");
+          return;
         }
-        this.setInstanceConfig(instanceId, {
+        await this.setInstanceConfig(instanceId, {
           billingStatus: data.billingStatus,
           isVerified: data.isVerified,
           pricing: data.pricing,
@@ -247,7 +268,7 @@ var ConfigManager = class {
       }
     } catch (error) {
       console.error(`[IK_CONFIG] Remote sync failed (${error.message}). Falling open (Fail-Open mode).`);
-      this.setInstanceConfig(instanceId, {
+      await this.setInstanceConfig(instanceId, {
         isVerified: true,
         lastSyncDate: now.toISOString()
       });
@@ -279,13 +300,13 @@ var ConfigManager = class {
    * Updates the live blocked status for an instance (Kill-Switch).
    * This is used by UsageTracker when it receives a response from the central server.
    */
-  setBlockedStatus(instanceId, blocked) {
+  async setBlockedStatus(instanceId, blocked) {
     if (blocked) {
       this.blockedInstances.add(instanceId);
-      this.setInstanceConfig(instanceId, { billingStatus: "blocked" });
+      await this.setInstanceConfig(instanceId, { billingStatus: "blocked" });
     } else {
       this.blockedInstances.delete(instanceId);
-      this.setInstanceConfig(instanceId, { billingStatus: "active" });
+      await this.setInstanceConfig(instanceId, { billingStatus: "active" });
     }
   }
   updateConfig(newConfig) {
@@ -319,14 +340,15 @@ var ConfigManager = class {
       });
       if (response.ok) {
         const data = await response.json();
-        if (this.config.hmacSecret) {
-          const verifier = new IKHmac(this.config.hmacSecret);
-          if (!verifier.verify(data)) {
-            console.error("[IK_REGISTRY] \u{1F6A8} Registration signature mismatch. Data rejected!");
-            return false;
-          }
+        const defaultSecret = "default-secret-change-in-production";
+        const hmacSecret = this.config.hmacSecret;
+        const verificationKey = hmacSecret && hmacSecret !== defaultSecret ? hmacSecret : defaultSecret;
+        const verifier = new IKHmac(verificationKey);
+        if (!await verifier.verify(data)) {
+          console.error("[IK_REGISTRY] \u{1F6A8} Registration signature mismatch. Data rejected!");
+          return false;
         }
-        this.setInstanceConfig(instanceId, {
+        await this.setInstanceConfig(instanceId, {
           licenseKey: data.licenseKey,
           billingStatus: data.status.toLowerCase(),
           isVerified: true,
@@ -342,10 +364,10 @@ var ConfigManager = class {
       return false;
     }
   }
-  ensureInstanceConfig(instanceId) {
-    const all = this.registry.load();
+  async ensureInstanceConfig(instanceId) {
+    const all = await this.registry.load();
     if (!all[instanceId]) {
-      this.registry.updateInstance(instanceId, {
+      await this.registry.updateInstance(instanceId, {
         balance: this.config.balance || 0.5,
         aggressiveness: this.config.aggressiveness || 0.5,
         isEnabled: true,
@@ -353,15 +375,15 @@ var ConfigManager = class {
         ownerEmail: this.config.ownerEmail
         // Inherit from global if not specific
       });
-      this.loadFromRegistry();
+      await this.loadFromRegistry();
     }
   }
-  getInstanceConfigs() {
+  async getInstanceConfigs() {
     return this.registry.load();
   }
-  setInstanceConfig(instanceId, config) {
-    this.registry.updateInstance(instanceId, config);
-    this.loadFromRegistry();
+  async setInstanceConfig(instanceId, config) {
+    await this.registry.updateInstance(instanceId, config);
+    await this.loadFromRegistry();
   }
 };
@@ -1480,11 +1502,14 @@ var UsageTracker = class {
   }
   async checkFlushConditions(instanceId) {
     const now = Date.now();
+    if (this.lastFlushTime === 0) {
+      const persisted = await this.config.getRegistry().getLastFlushTime();
+      if (persisted) this.lastFlushTime = persisted;
+      else this.lastFlushTime = now;
+    }
     const timeSinceFlush = now - this.lastFlushTime;
     if (this.aggregationMap.size >= this.BATCH_SIZE_THRESHOLD || timeSinceFlush >= this.TIME_THRESHOLD_MS) {
-      this.performAsyncFlush(instanceId).catch((err) => {
-        console.error("[IK_TRACKER] Background flush failed:", err);
-      });
+      await this.performAsyncFlush(instanceId);
     }
   }
   async performAsyncFlush(instanceId) {
@@ -1493,7 +1518,8 @@ var UsageTracker = class {
     const reports = Array.from(this.aggregationMap.values());
     this.aggregationMap.clear();
     this.lastFlushTime = Date.now();
-    const licenseKey = this.config.getConfig().instanceConfigs?.[instanceId]?.licenseKey || this.config.get("licenseKey");
+    const instanceConfigs = await this.config.getInstanceConfigs();
+    const licenseKey = instanceConfigs[instanceId]?.licenseKey || this.config.get("licenseKey");
     const payload = {
       licenseKey: licenseKey || "TRIAL-KEY",
       instanceId,
@@ -1504,12 +1530,13 @@ var UsageTracker = class {
       await this.sendBatch(payload);
     } catch (error) {
       console.error("[IK_TRACKER] Batch send failed:", error.message);
-      const isAuthError = error.message?.includes("401");
-      if (!isAuthError) {
+      const isAuthError = error.message?.includes("401") || error.message?.includes("403");
+      if (isAuthError) {
+        console.warn("[IK_TRACKER] \u{1F512} Unauthorized/Forbidden: Subscription invalid or blocked. Discarding batch.");
+        this.config.setBlockedStatus(instanceId, true);
+      } else {
         console.log("[IK_TRACKER] Queuing for retry...");
         this.handleFailure(payload);
-      } else {
-        console.warn("[IK_TRACKER] Unauthorized: Please check your IK_FIREWALL_SECRET and License Key. Discarding batch.");
       }
     } finally {
       this.flushInProgress = false;
@@ -1522,14 +1549,16 @@ var UsageTracker = class {
     if (process.env.IK_FIREWALL_DISABLED === "true" || process.env.NEXT_PUBLIC_IK_FIREWALL_DISABLED === "true") {
       return;
     }
-    if (hmacSecret) {
-      try {
-        const crypto = typeof window === "undefined" ? (await import("crypto")).default : null;
-        if (crypto && crypto.createHmac) {
-          payload.signature = crypto.createHmac("sha256", hmacSecret).update(JSON.stringify(payload)).digest("hex");
-        }
-      } catch (e) {
+    const defaultSecret = "default-secret-change-in-production";
+    const signingKey = hmacSecret && hmacSecret !== defaultSecret ? hmacSecret : payload.licenseKey || defaultSecret;
+    try {
+      const crypto = typeof window === "undefined" ? (await import("crypto")).default : null;
+      if (crypto && crypto.createHmac) {
+        const { signature: _sig, ...signablePayload } = payload;
+        const sortedPayload = this.sortObject(signablePayload);
+        payload.signature = crypto.createHmac("sha256", signingKey).update(JSON.stringify(sortedPayload)).digest("hex");
       }
+    } catch (e) {
     }
     const response = await fetch(endpoint, {
       method: "POST",
@@ -1552,6 +1581,7 @@ var UsageTracker = class {
       }
     } catch (e) {
     }
+    await this.config.getRegistry().setLastFlushTime(this.lastFlushTime);
     this.hooks?.onFlushSuccess?.(payload);
   }
   async handleFailure(payload) {
@@ -1567,6 +1597,15 @@ var UsageTracker = class {
       await this.hooks.persistState(`ik_retry_${payload.timestamp}`, JSON.stringify(payload));
     }
   }
+  sortObject(obj) {
+    if (obj === null || typeof obj !== "object") return obj;
+    if (Array.isArray(obj)) return obj.map((i) => this.sortObject(i));
+    const sorted = {};
+    Object.keys(obj).sort().forEach((key) => {
+      sorted[key] = this.sortObject(obj[key]);
+    });
+    return sorted;
+  }
   getBuffer() {
     return Array.from(this.aggregationMap.values());
   }
@@ -1765,11 +1804,11 @@ var IKFirewallCore = class _IKFirewallCore {
   getSessionDNA() {
     return this.sessionDNA;
   }
-  getInstanceConfigs() {
+  async getInstanceConfigs() {
     return this.configManager.getInstanceConfigs();
   }
-  setInstanceConfig(instanceId, config) {
-    this.configManager.setInstanceConfig(instanceId, config);
+  async setInstanceConfig(instanceId, config) {
+    await this.configManager.setInstanceConfig(instanceId, config);
   }
   /**
    * Discovers available providers by checking environment variables and local health.
@@ -1853,7 +1892,7 @@ var IKFirewallCore = class _IKFirewallCore {
       this.hydrated = true;
     }
     if (instanceId) {
-      this.configManager.ensureInstanceConfig(instanceId);
+      await this.configManager.ensureInstanceConfig(instanceId);
     }
     const mergedConfig = this.configManager.getMergedConfig(instanceId);
     if (instanceId && mergedConfig?.billingStatus === "blocked") {
@@ -1988,7 +2027,7 @@ var IKFirewallCore = class _IKFirewallCore {
   }
   async analyzeAIAssisted(input, provider, personaName = "professional", instanceId, configOverride) {
     if (instanceId) {
-      this.configManager.ensureInstanceConfig(instanceId);
+      await this.configManager.ensureInstanceConfig(instanceId);
     }
     const activeConfig = this.configManager.getMergedConfig(instanceId, configOverride);
     const locale = activeConfig?.locale || "en";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ik-firewall/core",
-  "version": "2.4.0",
+  "version": "2.4.2",
   "type": "module",
   "description": "The core IK Firewall engine for semantic-driven AI optimization.",
   "main": "./dist/index.js",