@linkshell/gateway 0.3.9 → 0.4.0

package/src/embedded.ts

@@ -1,7 +1,6 @@
 import { createServer } from "node:http";
 import type { IncomingMessage, ServerResponse, Server } from "node:http";
 import { randomUUID } from "node:crypto";
-import { monitorEventLoopDelay } from "node:perf_hooks";
 import { WebSocketServer } from "ws";
 import type WebSocket from "ws";
 import {
@@ -10,7 +9,7 @@ import {
   PROTOCOL_VERSION,
 } from "@linkshell/protocol";
 import { z, ZodError } from "zod";
-import { DeviceManager } from "./sessions.js";
+import { SessionManager } from "./sessions.js";
 import { PairingManager } from "./pairings.js";
 import { TokenManager } from "./tokens.js";
 import { handleSocketMessage } from "./relay.js";
@@ -41,18 +40,14 @@ export interface EmbeddedGateway {
 
 const PING_INTERVAL = 20_000;
 const MAX_BODY_SIZE = 4096;
-const MAX_WS_MESSAGE_SIZE = Number(
-  process.env.MAX_WS_MESSAGE_SIZE ?? 16 * 1024 * 1024,
-);
+const MAX_WS_MESSAGE_SIZE = 50 * 1024 * 1024; // 50MB (supports base64 image uploads)
 
 const LOG_LEVELS = { debug: 0, info: 1, warn: 2, error: 3 };
 
-const createPairingBody = z.object({ hostDeviceId: z.string().min(1) });
+const createPairingBody = z.object({ sessionId: z.string().optional() });
 const claimPairingBody = z.object({
   pairingCode: z.string().length(6),
   deviceToken: z.string().min(1).optional(),
-  clientDeviceId: z.string().min(1).optional(),
-  clientName: z.string().min(1).optional(),
 });
 
 class BodyTooLargeError extends Error {}
@@ -111,11 +106,9 @@ export function startEmbeddedGateway(
     }
   }
 
-  const sessionManager = new DeviceManager();
+  const sessionManager = new SessionManager();
   const pairingManager = new PairingManager();
   const tokenManager = new TokenManager();
-  const eventLoopDelay = monitorEventLoopDelay({ resolution: 20 });
-  eventLoopDelay.enable();
 
   const server = createServer(async (req, res) => {
     if (req.method === "OPTIONS") {
@@ -134,30 +127,7 @@ export function startEmbeddedGateway(
       const method = req.method ?? "GET";
 
       if (method === "GET" && url.pathname === "/healthz") {
-        const memory = process.memoryUsage();
-        const detailed = url.searchParams.get("detail") === "1" || url.searchParams.get("detailed") === "true";
-        json(res, 200, {
-          ok: true,
-          uptime: Math.round(process.uptime()),
-          memory: {
-            rss: memory.rss,
-            heapUsed: memory.heapUsed,
-            heapTotal: memory.heapTotal,
-            external: memory.external,
-          },
-          sessions: sessionManager.getStats(),
-          ...(detailed ? {
-            eventLoop: {
-              delayMeanMs: Number((eventLoopDelay.mean / 1_000_000).toFixed(2)),
-              delayMaxMs: Number((eventLoopDelay.max / 1_000_000).toFixed(2)),
-              delayP99Ms: Number((eventLoopDelay.percentile(99) / 1_000_000).toFixed(2)),
-            },
-            websocket: {
-              maxPayloadBytes: MAX_WS_MESSAGE_SIZE,
-              perMessageDeflate: false,
-            },
-          } : {}),
-        });
+        json(res, 200, { ok: true });
         return;
       }
 
@@ -167,7 +137,7 @@ export function startEmbeddedGateway(
         if (!parsed.success) {
           json(res, 400, {
             error: "invalid_payload",
-            message: parsed.error.issues[0]?.message ?? "Invalid permission response payload",
+            message: parsed.error.errors[0]?.message ?? "Invalid permission response payload",
           });
           return;
         }
@@ -182,16 +152,16 @@ export function startEmbeddedGateway(
           item.terminalId ? `${item.type}:${item.terminalId}` : item.type,
         ).join(",") ?? "none";
         const ack = result.ack ? ` resolved=${result.ack.resolved} delivered=${result.ack.delivered}` : "";
-        log(result.status === 200 ? "info" : "warn", `agent permission respond protocol=${body.protocol} hostDevice=${body.hostDeviceId} request=${body.requestId} status=${result.status} forwarded=${forwarded}${ack}`);
+        log(result.status === 200 ? "info" : "warn", `agent permission respond protocol=${body.protocol} session=${body.sessionId} request=${body.requestId} status=${result.status} forwarded=${forwarded}${ack}`);
         json(res, result.status, result.body);
         return;
       }
 
       if (method === "POST" && url.pathname === "/pairings") {
         const body = createPairingBody.parse(await readJson(req));
-        const record = pairingManager.create(body.hostDeviceId);
+        const record = pairingManager.create(body.sessionId);
         json(res, 201, {
-          hostDeviceId: record.hostDeviceId,
+          sessionId: record.sessionId,
           pairingCode: record.pairingCode,
           expiresAt: new Date(record.expiresAt).toISOString(),
         });
@@ -206,19 +176,12 @@ export function startEmbeddedGateway(
           return;
         }
         const token = tokenManager.register(body.deviceToken);
-        const authorization = tokenManager.authorize(token, result.hostDeviceId, {
-          clientDeviceId: body.clientDeviceId,
-          clientName: body.clientName,
-        });
-        json(res, 200, {
-          hostDeviceId: result.hostDeviceId,
-          deviceToken: token,
-          authorizationId: authorization?.authorizationId,
-        });
+        tokenManager.bind(token, result.sessionId);
+        json(res, 200, { sessionId: result.sessionId, deviceToken: token });
         return;
       }
 
-      if (method === "GET" && url.pathname === "/devices") {
+      if (method === "GET" && url.pathname === "/sessions") {
         const token = extractBearerToken(req);
         if (!token || !tokenManager.validate(token)) {
           json(res, 401, {
@@ -227,38 +190,33 @@ export function startEmbeddedGateway(
           });
           return;
         }
-        const allowedIds = tokenManager.getHostDeviceIds(token);
-        const devices = [...allowedIds].map((hostDeviceId) => {
-          const summary = sessionManager.getSummary(hostDeviceId);
-          return {
-            ...(summary ?? {
-              id: hostDeviceId,
-              hostDeviceId,
-              state: "host_disconnected",
-              online: false,
-              hasHost: false,
-              clientCount: 0,
-              controllerId: null,
-              lastActivity: null,
-              createdAt: null,
-              bufferSize: 0,
-              machineId: null,
-              hostname: null,
-              platform: null,
-              cwd: null,
-              capabilities: [],
-            }),
-            authorizationId: tokenManager.getAuthorizationId(token, hostDeviceId) ?? null,
-          };
-        });
-        json(res, 200, { devices });
+        const allowedIds = tokenManager.getSessionIds(token);
+        const sessions = sessionManager
+          .listActive()
+          .filter((s) => allowedIds.has(s.id))
+          .map((s) => ({
+            id: s.id,
+            state: s.state,
+            hasHost: !!s.host && s.host.socket.readyState === s.host.socket.OPEN,
+            clientCount: s.clients.size,
+            controllerId: s.controllerId ?? null,
+            lastActivity: s.lastActivity,
+            createdAt: s.createdAt,
+            provider: s.provider ?? null,
+            machineId: s.machineId ?? null,
+            hostname: s.hostname ?? null,
+            platform: s.platform ?? null,
+            cwd: s.cwd ?? null,
+            projectName: s.projectName ?? null,
+          }));
+        json(res, 200, { sessions });
         return;
       }
 
-      const deviceMatch = url.pathname.match(/^\/devices\/([^/]+)$/);
-      if (method === "GET" && deviceMatch) {
+      const sessionMatch = url.pathname.match(/^\/sessions\/([^/]+)$/);
+      if (method === "GET" && sessionMatch) {
         const token = extractBearerToken(req);
-        const targetId = deviceMatch[1]!;
+        const targetId = sessionMatch[1]!;
         if (!token || !tokenManager.owns(token, targetId)) {
           json(res, 401, {
             error: "unauthorized",
@@ -268,51 +226,10 @@ export function startEmbeddedGateway(
         }
         const summary = sessionManager.getSummary(targetId);
         if (!summary) {
-          json(res, 200, {
-            id: targetId,
-            hostDeviceId: targetId,
-            state: "host_disconnected",
-            online: false,
-            hasHost: false,
-            clientCount: 0,
-            controllerId: null,
-            lastActivity: null,
-            createdAt: null,
-            bufferSize: 0,
-            machineId: null,
-            hostname: null,
-            platform: null,
-            cwd: null,
-            capabilities: [],
-            authorizationId: tokenManager.getAuthorizationId(token, targetId) ?? null,
-          });
-          return;
-        }
-        json(res, 200, {
-          ...summary,
-          authorizationId: tokenManager.getAuthorizationId(token, targetId) ?? null,
-        });
-        return;
-      }
-
-      const revokeMatch = url.pathname.match(/^\/devices\/([^/]+)\/authorizations\/([^/]+)$/);
-      if (method === "DELETE" && revokeMatch) {
-        const token = extractBearerToken(req);
-        const hostDeviceId = decodeURIComponent(revokeMatch[1]!);
-        const authorizationId = decodeURIComponent(revokeMatch[2]!);
-        if (
-          !token ||
-          tokenManager.getAuthorizationId(token, hostDeviceId) !== authorizationId ||
-          !tokenManager.revoke(token, hostDeviceId, authorizationId)
-        ) {
-          json(res, 401, {
-            error: "unauthorized",
-            message: "Valid device authorization required",
-          });
+          json(res, 404, { error: "session_not_found" });
           return;
         }
-        sessionManager.disconnectAuthorization(hostDeviceId, authorizationId);
-        json(res, 200, { ok: true });
+        json(res, 200, summary);
         return;
       }
 
@@ -338,7 +255,7 @@ export function startEmbeddedGateway(
       const tunnelCookie = parseTunnelCookie(req);
       if (tunnelCookie) {
         const fallbackParsed = {
-          hostDeviceId: tunnelCookie.hostDeviceId,
+          sessionId: tunnelCookie.sessionId,
           port: tunnelCookie.port,
           path: url.pathname,
         };
@@ -351,7 +268,7 @@ export function startEmbeddedGateway(
       if (err instanceof ZodError) {
         json(res, 400, {
           error: "invalid_message",
-          message: err.issues[0]?.message ?? "Validation failed",
+          message: err.errors[0]?.message ?? "Validation failed",
         });
       } else if (err instanceof BodyTooLargeError) {
         json(res, 413, {
@@ -373,7 +290,6 @@ export function startEmbeddedGateway(
   const wss = new WebSocketServer({
     noServer: true,
     maxPayload: MAX_WS_MESSAGE_SIZE,
-    perMessageDeflate: false,
   });
 
   server.on("upgrade", (request, socket, head) => {
@@ -392,7 +308,7 @@ export function startEmbeddedGateway(
     const tunnelCookie = parseTunnelCookie(request);
     if (tunnelCookie && url.pathname !== "/ws") {
       const fallbackParsed = {
-        hostDeviceId: tunnelCookie.hostDeviceId,
+        sessionId: tunnelCookie.sessionId,
         port: tunnelCookie.port,
         path: url.pathname,
       };
@@ -415,50 +331,38 @@ export function startEmbeddedGateway(
   wss.on(
     "connection",
     (socket: WebSocket, _request: IncomingMessage, url: URL) => {
-      const hostDeviceId = url.searchParams.get("hostDeviceId");
+      const sessionId = url.searchParams.get("sessionId");
       const role = url.searchParams.get("role") as "host" | "client" | null;
 
-      if (!hostDeviceId || !role || (role !== "host" && role !== "client")) {
-        socket.close(1008, "missing hostDeviceId or role");
+      if (!sessionId || !role || (role !== "host" && role !== "client")) {
+        socket.close(1008, "missing sessionId or role");
         return;
       }
 
       const deviceId = url.searchParams.get("deviceId") ?? randomUUID();
 
-      let clientToken: string | undefined;
-      let clientAuthorizationId: string | undefined;
-
       if (role === "client") {
         const token = url.searchParams.get("token");
-        if (!token || !tokenManager.owns(token, hostDeviceId)) {
+        if (!token || !tokenManager.owns(token, sessionId)) {
           socket.close(4001, "unauthorized");
           return;
         }
-        clientToken = token;
-        clientAuthorizationId = tokenManager.getAuthorizationId(token, hostDeviceId);
       }
 
-      const device = {
-        socket,
-        role,
-        deviceId,
-        token: clientToken,
-        authorizationId: clientAuthorizationId,
-        connectedAt: Date.now(),
-      };
+      const device = { socket, role, deviceId, connectedAt: Date.now() };
 
       if (role === "host") {
-        const existingSession = sessionManager.get(hostDeviceId);
+        const existingSession = sessionManager.get(sessionId);
         const isReconnect =
           existingSession &&
           existingSession.clients.size > 0 &&
           existingSession.state === "host_disconnected";
-        sessionManager.setHost(hostDeviceId, device);
+        sessionManager.setHost(sessionId, device);
         if (isReconnect) {
           const notification = serializeEnvelope(
             createEnvelope({
-              type: "device.host_reconnected",
-              hostDeviceId,
+              type: "session.host_reconnected",
+              sessionId,
               payload: {},
             }),
           );
@@ -468,14 +372,14 @@ export function startEmbeddedGateway(
           }
         }
       } else {
-        sessionManager.addClient(hostDeviceId, device);
+        sessionManager.addClient(sessionId, device);
       }
 
       socket.send(
         serializeEnvelope(
           createEnvelope({
-            type: "device.connect",
-            hostDeviceId,
+            type: "session.connect",
+            sessionId,
             payload: {
               role,
               clientName: deviceId,
@@ -495,18 +399,18 @@ export function startEmbeddedGateway(
             socket,
             data.toString(),
             role,
-            hostDeviceId,
+            sessionId,
             deviceId,
             sessionManager,
           );
         } catch (err) {
-          log("error", `unhandled websocket message error for host device ${hostDeviceId}: ${err instanceof Error ? err.message : String(err)}`);
+          log("error", `unhandled websocket message error for session ${sessionId}: ${err instanceof Error ? err.message : String(err)}`);
           if (socket.readyState === socket.OPEN) {
             socket.send(
               serializeEnvelope(
                 createEnvelope({
-                  type: "device.error",
-                  hostDeviceId,
+                  type: "session.error",
+                  sessionId,
                   payload: {
                     code: "invalid_message",
                     message: "Failed to handle message",
@@ -521,13 +425,12 @@ export function startEmbeddedGateway(
       socket.on("close", () => {
         clearInterval(pingTimer);
         if (role === "host") {
-          const result = sessionManager.removeHost(hostDeviceId);
-          cleanupSessionTunnels(hostDeviceId);
+          const result = sessionManager.removeHost(sessionId);
           if (result) {
             const notification = serializeEnvelope(
               createEnvelope({
-                type: "device.host_disconnected",
-                hostDeviceId,
+                type: "session.host_disconnected",
+                sessionId,
                 payload: { reason: "host connection closed" },
               }),
             );
@@ -537,7 +440,7 @@ export function startEmbeddedGateway(
             }
           }
         } else {
-          sessionManager.removeClient(hostDeviceId, deviceId);
+          sessionManager.removeClient(sessionId, deviceId);
         }
       });
 
@@ -562,7 +465,6 @@ export function startEmbeddedGateway(
             sessionManager.destroy();
             pairingManager.destroy();
             tokenManager.destroy();
-            eventLoopDelay.disable();
             server.close(() => res());
           }),
       });