npm - @kehto/runtime - Versions diffs - 0.8.0 → 0.11.0 - Mend

@kehto/runtime 0.8.0 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js CHANGED Viewed

@@ -4,7 +4,7 @@ import { resolveCapabilitiesNub } from "@kehto/acl";
 var CLASS_CAPABILITY_ALLOWLIST = Object.freeze({
   "class-1": new Set(ALL_CAPABILITIES),
   "class-2": new Set(ALL_CAPABILITIES.filter(
-    (c) => c !== "relay:write" && c !== "outbox:write"
+    (c) => c !== "relay:write" && c !== "outbox:write" && c !== "intent:write"
   ))
 });
 function createEnforceGate(config) {
@@ -158,6 +158,8 @@ var CAP_CVM_CALL = 1 << 17;
 var CAP_OUTBOX_READ = 1 << 18;
 var CAP_OUTBOX_WRITE = 1 << 19;
 var CAP_UPLOAD_WRITE = 1 << 20;
+var CAP_INTENT_READ = 1 << 21;
+var CAP_INTENT_WRITE = 1 << 22;
 var CAP_MAP = {
   "relay:read": CAP_RELAY_READ,
   "relay:write": CAP_RELAY_WRITE,
@@ -178,7 +180,9 @@ var CAP_MAP = {
   "cvm:call": CAP_CVM_CALL,
   "outbox:read": CAP_OUTBOX_READ,
   "outbox:write": CAP_OUTBOX_WRITE,
-  "upload:write": CAP_UPLOAD_WRITE
+  "upload:write": CAP_UPLOAD_WRITE,
+  "intent:read": CAP_INTENT_READ,
+  "intent:write": CAP_INTENT_WRITE
 };
 var RUNTIME_CAP_ALL = Object.values(CAP_MAP).reduce((bits, bit) => bits | bit, 0);
 function capToBit(cap) {
@@ -281,6 +285,68 @@ function createAclState(persistence, defaultPolicy = "permissive") {
   };
 }
+// src/firewall-state.ts
+import {
+  evaluate,
+  defaultConfig,
+  createState as createState2,
+  serialize as serialize2,
+  deserialize as deserialize2,
+  setPolicy,
+  setRateLimit,
+  setGlobalRate,
+  addMatcher
+} from "@kehto/firewall";
+function createFirewallState(persistence) {
+  let config = defaultConfig();
+  let counters = createState2();
+  return {
+    evaluate(observation) {
+      const result = evaluate(config, counters, observation);
+      counters = result.newState;
+      return result;
+    },
+    setPolicy(napplet, policy) {
+      config = setPolicy(config, napplet, policy);
+    },
+    setRateLimit(napplet, opClass, limit) {
+      config = setRateLimit(config, napplet, opClass, limit);
+    },
+    setGlobalRate(napplet, limit) {
+      config = setGlobalRate(config, napplet, limit);
+    },
+    addMatcher(matcher) {
+      config = addMatcher(config, matcher);
+    },
+    getConfig() {
+      return config;
+    },
+    persist() {
+      try {
+        persistence?.persist(serialize2(config));
+      } catch {
+      }
+    },
+    load() {
+      try {
+        const raw = persistence?.load() ?? null;
+        if (!raw) return;
+        config = deserialize2(raw);
+      } catch {
+        config = defaultConfig();
+      }
+    },
+    clear() {
+      config = defaultConfig();
+      counters = createState2();
+      try {
+        persistence?.persist("");
+      } catch {
+      }
+    }
+  };
+}
 // src/manifest-cache.ts
 function createManifestCache(persistence) {
   const cache = /* @__PURE__ */ new Map();
@@ -776,7 +842,8 @@ function createIfcRuntime(hooks, sessionRegistry) {
   const state = {
     subscriptions: /* @__PURE__ */ new Map(),
     channels: /* @__PURE__ */ new Map(),
-    channelsByWindow: /* @__PURE__ */ new Map()
+    channelsByWindow: /* @__PURE__ */ new Map(),
+    domainByWindow: /* @__PURE__ */ new Map()
   };
   return {
     handleMessage(windowId, msg) {
@@ -785,14 +852,24 @@ function createIfcRuntime(hooks, sessionRegistry) {
     destroyWindow(windowId) {
       removeWindowChannels(state, hooks, windowId);
       removeWindowSubscriptions(state, windowId);
+      state.domainByWindow.delete(windowId);
     },
     clear() {
       state.subscriptions.clear();
       state.channels.clear();
       state.channelsByWindow.clear();
+      state.domainByWindow.clear();
     }
   };
 }
+function domainOf(type) {
+  const dot = type.indexOf(".");
+  const d = dot === -1 ? type : type.slice(0, dot);
+  return d === "inc" ? "inc" : "ifc";
+}
+function prefixFor(state, windowId, fallback) {
+  return state.domainByWindow.get(windowId) ?? fallback;
+}
 function addChannel(state, channelId, peerA, peerB) {
   state.channels.set(channelId, { channelId, peerA, peerB });
   for (const windowId of [peerA, peerB]) {
@@ -832,51 +909,56 @@ function handleIfcMessage(state, hooks, sessionRegistry, windowId, msg) {
   const m = msg;
   const dotIdx = msg.type.indexOf(".");
   const action = msg.type.slice(dotIdx + 1);
+  const incomingDomain = domainOf(msg.type);
+  if (!state.domainByWindow.has(windowId)) {
+    state.domainByWindow.set(windowId, incomingDomain);
+  }
   switch (action) {
     case "emit":
-      handleEmit(state, hooks, windowId, m);
+      handleEmit(state, hooks, windowId, m, incomingDomain);
       return;
     case "subscribe":
-      handleSubscribe(state, hooks, windowId, m);
+      handleSubscribe(state, hooks, windowId, m, incomingDomain);
       return;
     case "unsubscribe":
       handleUnsubscribe(state, windowId, m);
       return;
     case "channel.open":
-      handleChannelOpen(state, hooks, sessionRegistry, windowId, m);
+      handleChannelOpen(state, hooks, sessionRegistry, windowId, m, incomingDomain);
       return;
     case "channel.emit":
-      handleChannelEmit(state, hooks, windowId, m);
+      handleChannelEmit(state, hooks, windowId, m, incomingDomain);
       return;
     case "channel.broadcast":
-      handleChannelBroadcast(state, hooks, windowId, m);
+      handleChannelBroadcast(state, hooks, windowId, m, incomingDomain);
       return;
     case "channel.list":
-      handleChannelList(state, hooks, windowId, m);
+      handleChannelList(state, hooks, windowId, m, incomingDomain);
       return;
     case "channel.close":
-      handleChannelClose(state, hooks, windowId, m);
+      handleChannelClose(state, hooks, windowId, m, incomingDomain);
       return;
     default:
       return;
   }
 }
-function handleEmit(state, hooks, windowId, m) {
+function handleEmit(state, hooks, windowId, m, senderDomain) {
   const topic = m.topic ?? "";
   if (!topic) return;
   const subscribers = state.subscriptions.get(topic);
   if (!subscribers) return;
   for (const subscriberWindowId of subscribers) {
     if (subscriberWindowId !== windowId) {
-      hooks.sendToNapplet(subscriberWindowId, { type: "ifc.event", topic, payload: m.payload, sender: windowId });
+      const prefix = prefixFor(state, subscriberWindowId, senderDomain);
+      hooks.sendToNapplet(subscriberWindowId, { type: `${prefix}.event`, topic, payload: m.payload, sender: windowId });
     }
   }
 }
-function handleSubscribe(state, hooks, windowId, m) {
+function handleSubscribe(state, hooks, windowId, m, incomingDomain) {
   const id = m.id ?? "";
   const topic = m.topic ?? "";
   if (!topic) {
-    hooks.sendToNapplet(windowId, { type: "ifc.subscribe.result", id, error: "missing topic" });
+    hooks.sendToNapplet(windowId, { type: `${incomingDomain}.subscribe.result`, id, error: "missing topic" });
     return;
   }
   let subscriptions = state.subscriptions.get(topic);
@@ -885,7 +967,7 @@ function handleSubscribe(state, hooks, windowId, m) {
     state.subscriptions.set(topic, subscriptions);
   }
   subscriptions.add(windowId);
-  hooks.sendToNapplet(windowId, { type: "ifc.subscribe.result", id });
+  hooks.sendToNapplet(windowId, { type: `${incomingDomain}.subscribe.result`, id });
 }
 function handleUnsubscribe(state, windowId, m) {
   const topic = m.topic ?? "";
@@ -895,30 +977,36 @@ function handleUnsubscribe(state, windowId, m) {
   subscriptions.delete(windowId);
   if (subscriptions.size === 0) state.subscriptions.delete(topic);
 }
-function handleChannelOpen(state, hooks, sessionRegistry, windowId, m) {
+function handleChannelOpen(state, hooks, sessionRegistry, windowId, m, incomingDomain) {
   const id = m.id ?? "";
   const peerWindow = resolveTarget(sessionRegistry, m.target ?? "");
   if (!peerWindow) {
-    hooks.sendToNapplet(windowId, { type: "ifc.channel.open.result", id, error: "target not found" });
+    hooks.sendToNapplet(windowId, { type: `${incomingDomain}.channel.open.result`, id, error: "target not found" });
     return;
   }
   const channelId = hooks.crypto.randomUUID().replace(/-/g, "").slice(0, 32);
   addChannel(state, channelId, windowId, peerWindow);
-  hooks.sendToNapplet(windowId, { type: "ifc.channel.open.result", id, channelId, peer: peerWindow });
+  hooks.sendToNapplet(windowId, { type: `${incomingDomain}.channel.open.result`, id, channelId, peer: peerWindow });
 }
-function handleChannelEmit(state, hooks, windowId, m) {
+function handleChannelEmit(state, hooks, windowId, m, senderDomain) {
   const peer = peerOf(state, m.channelId ?? "", windowId);
-  if (peer) hooks.sendToNapplet(peer, { type: "ifc.channel.event", channelId: m.channelId ?? "", sender: windowId, payload: m.payload });
+  if (peer) {
+    const prefix = prefixFor(state, peer, senderDomain);
+    hooks.sendToNapplet(peer, { type: `${prefix}.channel.event`, channelId: m.channelId ?? "", sender: windowId, payload: m.payload });
+  }
 }
-function handleChannelBroadcast(state, hooks, windowId, m) {
+function handleChannelBroadcast(state, hooks, windowId, m, senderDomain) {
   const channels = state.channelsByWindow.get(windowId);
   if (!channels) return;
   for (const channelId of channels) {
     const peer = peerOf(state, channelId, windowId);
-    if (peer) hooks.sendToNapplet(peer, { type: "ifc.channel.event", channelId, sender: windowId, payload: m.payload });
+    if (peer) {
+      const prefix = prefixFor(state, peer, senderDomain);
+      hooks.sendToNapplet(peer, { type: `${prefix}.channel.event`, channelId, sender: windowId, payload: m.payload });
+    }
   }
 }
-function handleChannelList(state, hooks, windowId, m) {
+function handleChannelList(state, hooks, windowId, m, incomingDomain) {
   const channels = [];
   const set = state.channelsByWindow.get(windowId);
   if (set) {
@@ -927,14 +1015,15 @@ function handleChannelList(state, hooks, windowId, m) {
       if (peer) channels.push({ id: channelId, peer });
     }
   }
-  hooks.sendToNapplet(windowId, { type: "ifc.channel.list.result", id: m.id ?? "", channels });
+  hooks.sendToNapplet(windowId, { type: `${incomingDomain}.channel.list.result`, id: m.id ?? "", channels });
 }
-function handleChannelClose(state, hooks, windowId, m) {
+function handleChannelClose(state, hooks, windowId, m, closerDomain) {
   const channelId = m.channelId ?? "";
   const peer = peerOf(state, channelId, windowId);
   if (!peer) return;
-  hooks.sendToNapplet(windowId, { type: "ifc.channel.closed", channelId });
-  hooks.sendToNapplet(peer, { type: "ifc.channel.closed", channelId });
+  hooks.sendToNapplet(windowId, { type: `${closerDomain}.channel.closed`, channelId });
+  const peerPrefix = prefixFor(state, peer, closerDomain);
+  hooks.sendToNapplet(peer, { type: `${peerPrefix}.channel.closed`, channelId });
   removeChannel(state, channelId);
 }
 function removeWindowSubscriptions(state, windowId) {
@@ -948,7 +1037,11 @@ function removeWindowChannels(state, hooks, windowId) {
   if (!channelIds) return;
   for (const channelId of Array.from(channelIds)) {
     const peer = peerOf(state, channelId, windowId);
-    if (peer) hooks.sendToNapplet(peer, { type: "ifc.channel.closed", channelId });
+    if (peer) {
+      const destroyeeDomain = prefixFor(state, windowId, "ifc");
+      const peerPrefix = prefixFor(state, peer, destroyeeDomain);
+      hooks.sendToNapplet(peer, { type: `${peerPrefix}.channel.closed`, channelId });
+    }
     removeChannel(state, channelId);
   }
 }
@@ -1041,7 +1134,7 @@ function handleStorageNub(windowId, msg, sendToNapplet, sessionRegistry, aclStat
       break;
     }
     case "clear": {
-      sendErrorNub("storage.clear is not in @napplet/nub/storage; action not supported");
+      sendErrorNub("storage.clear is not in @napplet/nap/storage; action not supported");
       break;
     }
     case "keys": {
@@ -1080,7 +1173,8 @@ function createRuntimeDomainHandlers(context) {
     resource: (windowId, msg) => handleServiceOnlyMessage(context, "resource", windowId, msg),
     cvm: (windowId, msg) => handleServiceOnlyMessage(context, "cvm", windowId, msg),
     outbox: (windowId, msg) => handleServiceOnlyMessage(context, "outbox", windowId, msg),
-    upload: (windowId, msg) => handleServiceOnlyMessage(context, "upload", windowId, msg)
+    upload: (windowId, msg) => handleServiceOnlyMessage(context, "upload", windowId, msg),
+    intent: (windowId, msg) => handleServiceOnlyMessage(context, "intent", windowId, msg)
   };
 }
 function handleStorageMessage(context, windowId, msg) {
@@ -1209,19 +1303,21 @@ function createNubEnvelopeDispatcher(handlers) {
   const adapt = (handler) => (msg) => {
     if (currentWindowId !== null) handler(currentWindowId, msg);
   };
-  nubDispatch.registerNub("relay", adapt(handlers.relay));
-  nubDispatch.registerNub("identity", adapt(handlers.identity));
-  nubDispatch.registerNub("keys", adapt(handlers.keys));
-  nubDispatch.registerNub("media", adapt(handlers.media));
-  nubDispatch.registerNub("notify", adapt(handlers.notify));
-  nubDispatch.registerNub("storage", adapt(handlers.storage));
-  nubDispatch.registerNub("ifc", adapt(handlers.ifc));
-  nubDispatch.registerNub("theme", adapt(handlers.theme));
-  nubDispatch.registerNub("config", adapt(handlers.config));
-  nubDispatch.registerNub("resource", adapt(handlers.resource));
-  nubDispatch.registerNub("cvm", adapt(handlers.cvm));
-  nubDispatch.registerNub("outbox", adapt(handlers.outbox));
-  nubDispatch.registerNub("upload", adapt(handlers.upload));
+  nubDispatch.registerNap("relay", adapt(handlers.relay));
+  nubDispatch.registerNap("identity", adapt(handlers.identity));
+  nubDispatch.registerNap("keys", adapt(handlers.keys));
+  nubDispatch.registerNap("media", adapt(handlers.media));
+  nubDispatch.registerNap("notify", adapt(handlers.notify));
+  nubDispatch.registerNap("storage", adapt(handlers.storage));
+  nubDispatch.registerNap("ifc", adapt(handlers.ifc));
+  nubDispatch.registerNap("inc", adapt(handlers.ifc));
+  nubDispatch.registerNap("theme", adapt(handlers.theme));
+  nubDispatch.registerNap("config", adapt(handlers.config));
+  nubDispatch.registerNap("resource", adapt(handlers.resource));
+  nubDispatch.registerNap("cvm", adapt(handlers.cvm));
+  nubDispatch.registerNap("outbox", adapt(handlers.outbox));
+  nubDispatch.registerNap("upload", adapt(handlers.upload));
+  nubDispatch.registerNap("intent", adapt(handlers.intent));
   return (windowId, envelope) => {
     currentWindowId = windowId;
     try {
@@ -1231,7 +1327,67 @@ function createNubEnvelopeDispatcher(handlers) {
     }
   };
 }
-function createMessageHandler(hooks, enforceNub, dispatchNubEnvelope) {
+function utf8ByteLength(str) {
+  let bytes = 0;
+  for (let i = 0; i < str.length; i++) {
+    const c = str.charCodeAt(i);
+    if (c < 128) bytes += 1;
+    else if (c < 2048) bytes += 2;
+    else if (c < 55296 || c >= 57344) bytes += 3;
+    else {
+      i++;
+      bytes += 4;
+    }
+  }
+  return bytes;
+}
+function extractKindSize(envelope) {
+  const ev = envelope.event;
+  if (typeof ev !== "object" || ev === null) return {};
+  const kind = typeof ev.kind === "number" ? ev.kind : void 0;
+  let size;
+  try {
+    size = utf8ByteLength(JSON.stringify(ev));
+  } catch {
+  }
+  return { kind, size };
+}
+function buildObservation(envelope, windowId, senderCap, sessionRegistry, getFocusContext) {
+  const now = Date.now();
+  const entry = sessionRegistry.getEntryByWindowId(windowId);
+  const napplet = entry?.dTag ?? "";
+  const initElapsedMs = now - (entry?.registeredAt ?? now);
+  const focus = getFocusContext?.(windowId) ?? { focused: true };
+  const opClass = senderCap ?? envelope.type;
+  const { kind, size } = extractKindSize(envelope);
+  return { napplet, opClass, kind, size, initElapsedMs, focused: focus.focused, msSinceFocusGain: focus.msSinceFocusGain, now };
+}
+function createFirewallGate(config) {
+  const { firewallState, sessionRegistry, hooks, fireConsent } = config;
+  return function firewallGate(windowId, envelope, senderCap) {
+    const obs = buildObservation(envelope, windowId, senderCap, sessionRegistry, hooks.getFocusContext);
+    const result = firewallState.evaluate(obs);
+    const { decision, action, ruleId, reason } = result;
+    const napplet = obs.napplet;
+    const opClass = obs.opClass;
+    if (decision === "reject" || decision === "prompt") {
+      const id = envelope.id ?? "";
+      const isStorageEnvelope = envelope.type.startsWith("storage.");
+      const type = isStorageEnvelope ? `${envelope.type}.result` : `${envelope.type}.error`;
+      hooks.sendToNapplet(windowId, { type, id, error: `firewall: ${reason}` });
+      hooks.onFirewallEvent?.({ windowId, napplet, opClass, decision, action, ruleId, reason, message: envelope });
+      if (decision === "prompt") {
+        fireConsent(windowId, napplet);
+      }
+      return "drop";
+    }
+    if (action === "flag") {
+      hooks.onFirewallEvent?.({ windowId, napplet, opClass, decision, action, ruleId, reason, message: envelope });
+    }
+    return "dispatch";
+  };
+}
+function createMessageHandler(hooks, enforceNub, dispatchNubEnvelope, firewallGate) {
   return (windowId, msg) => {
     if (typeof msg !== "object" || msg === null || !("type" in msg)) return;
     const envelope = msg;
@@ -1249,6 +1405,8 @@ function createMessageHandler(hooks, enforceNub, dispatchNubEnvelope) {
         return;
       }
     }
+    const verdict = firewallGate(windowId, envelope, caps.senderCap);
+    if (verdict === "drop") return;
     dispatchNubEnvelope(windowId, envelope);
   };
 }
@@ -1267,6 +1425,7 @@ function createInjectedEvent(hooks, topic, payload) {
 function createRuntimeInstance(context) {
   const {
     aclState,
+    firewallState,
     eventBuffer,
     hooks,
     ifcRuntime,
@@ -1275,10 +1434,10 @@ function createRuntimeInstance(context) {
     replayDetector,
     serviceRegistry,
     sessionRegistry,
-    subscriptions
+    subscriptions,
+    consentHandlerRef
   } = context;
   const undeclaredServiceConsents = /* @__PURE__ */ new Set();
-  let consentHandler = null;
   return {
     handleMessage: context.handleMessage,
     injectEvent(topic, payload) {
@@ -1287,6 +1446,7 @@ function createRuntimeInstance(context) {
     destroy() {
       manifestCache.persist();
       aclState.persist();
+      firewallState.persist();
       replayDetector.clear();
       subscriptions.clear();
       ifcRuntime.clear();
@@ -1295,8 +1455,7 @@ function createRuntimeInstance(context) {
       undeclaredServiceConsents.clear();
     },
     registerConsentHandler(handler) {
-      consentHandler = handler;
-      void consentHandler;
+      consentHandlerRef.current = handler;
     },
     registerService(name, handler) {
       serviceRegistry[name] = handler;
@@ -1326,6 +1485,9 @@ function createRuntimeInstance(context) {
     get aclState() {
       return aclState;
     },
+    get firewallState() {
+      return firewallState;
+    },
     get manifestCache() {
       return manifestCache;
     }
@@ -1337,10 +1499,26 @@ function createRuntime(hooks) {
   const registeredServices = createRegisteredServices(serviceRegistry);
   const sessionRegistry = createSessionRegistry(hooks.onPendingUpdate);
   const aclState = createAclState(hooks.aclPersistence);
+  const firewallState = createFirewallState(hooks.firewallPersistence);
   const manifestCache = createManifestCache(hooks.manifestPersistence);
   const replayDetector = createReplayDetector(
     hooks.getConfigOverrides ? () => hooks.getConfigOverrides().replayWindowSeconds : void 0
   );
+  const consentHandlerRef = { current: null };
+  const fireConsent = (windowId, napplet) => {
+    const handler = consentHandlerRef.current;
+    if (!handler) return;
+    handler({
+      type: "firewall-policy",
+      windowId,
+      napplet,
+      pubkey: "",
+      resolve: (allowed) => {
+        firewallState.setPolicy(napplet, allowed ? "allow" : "deny");
+        firewallState.persist();
+      }
+    });
+  };
   const enforce = createEnforceGate({
     checkAcl: (pubkey, dTag, aggregateHash, capability) => aclState.check(pubkey, dTag, aggregateHash, capability),
     resolveIdentity: (pubkey) => {
@@ -1357,6 +1535,7 @@ function createRuntime(hooks) {
     },
     onAclCheck: hooks.onAclCheck
   });
+  const firewallGate = createFirewallGate({ firewallState, sessionRegistry, hooks, fireConsent });
   const eventBuffer = createEventBuffer(
     hooks.sendToNapplet,
     sessionRegistry,
@@ -1365,6 +1544,7 @@ function createRuntime(hooks) {
     hooks.getConfigOverrides ? () => hooks.getConfigOverrides().ringBufferSize ?? RING_BUFFER_SIZE : void 0
   );
   aclState.load();
+  firewallState.load();
   manifestCache.load();
   const ifcRuntime = createIfcRuntime(hooks, sessionRegistry);
   const domainHandlers = createRuntimeDomainHandlers({ hooks, serviceRegistry, sessionRegistry, aclState });
@@ -1374,7 +1554,7 @@ function createRuntime(hooks) {
     ifc: ifcRuntime.handleMessage,
     ...domainHandlers
   });
-  const handleMessage = createMessageHandler(hooks, enforceNub, dispatchNubEnvelope);
+  const handleMessage = createMessageHandler(hooks, enforceNub, dispatchNubEnvelope, firewallGate);
   return createRuntimeInstance({
     hooks,
     serviceRegistry,
@@ -1385,7 +1565,9 @@ function createRuntime(hooks) {
     ifcRuntime,
     sessionRegistry,
     aclState,
+    firewallState,
     manifestCache,
+    consentHandlerRef,
     handleMessage
   });
 }
@@ -1399,6 +1581,7 @@ export {
   createAclState,
   createEnforceGate,
   createEventBuffer,
+  createFirewallState,
   createManifestCache,
   createNappKeyRegistry,
   createNubEnforceGate,