npm - @llm-dev-ops/agentics-cli - Versions diffs - 1.4.86 → 1.4.89 - Mend

@llm-dev-ops/agentics-cli 1.4.86 → 1.4.89

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (110) hide show

package/dist/server/middleware.js ADDED Viewed

@@ -0,0 +1,106 @@
+// Generated by Phase 4 pipeline — do not edit manually
+import { createMiddleware } from 'hono/factory';
+import * as crypto from 'node:crypto';
+import * as jwt from 'jsonwebtoken';
+import jwksClient from 'jwks-rsa';
+// ---------------------------------------------------------------------------
+// Correlation ID middleware
+// ---------------------------------------------------------------------------
+export const correlationMiddleware = createMiddleware(async (c, next) => {
+    const correlationId = c.req.header('X-Correlation-ID') ?? crypto.randomUUID();
+    c.set('correlationId', correlationId);
+    c.header('X-Correlation-ID', correlationId);
+    await next();
+});
+// ---------------------------------------------------------------------------
+// IAM token validation middleware (JWKS-backed JWT verification)
+// ---------------------------------------------------------------------------
+const JWKS_URI = process.env.IAM_JWKS_URI ?? 'https://www.googleapis.com/oauth2/v3/certs';
+const IAM_AUDIENCE = process.env.IAM_AUDIENCE ?? '';
+const IAM_ISSUERS = (process.env.IAM_ISSUERS ?? 'https://accounts.google.com').split(',').map(s => s.trim());
+const jwksRsa = jwksClient({
+    jwksUri: JWKS_URI,
+    cache: true,
+    cacheMaxAge: 600_000,
+    rateLimit: true,
+    jwksRequestsPerMinute: 10,
+});
+function getSigningKey(kid) {
+    return new Promise((resolve, reject) => {
+        jwksRsa.getSigningKey(kid, (err, key) => {
+            if (err || !key)
+                return reject(err ?? new Error('No signing key found'));
+            resolve(key.getPublicKey());
+        });
+    });
+}
+export const iamMiddleware = createMiddleware(async (c, next) => {
+    const path = new URL(c.req.url).pathname;
+    if (path === '/health/healthz' || path === '/health/readyz') {
+        await next();
+        return;
+    }
+    const authHeader = c.req.header('Authorization');
+    if (!authHeader?.startsWith('Bearer ')) {
+        return c.json({ error: { code: 'UNAUTHORIZED', message: 'Missing Bearer token' } }, 401);
+    }
+    const token = authHeader.slice(7);
+    if (!token) {
+        return c.json({ error: { code: 'UNAUTHORIZED', message: 'Empty token' } }, 401);
+    }
+    try {
+        const decoded = jwt.decode(token, { complete: true });
+        if (!decoded || typeof decoded === 'string' || !decoded.header.kid) {
+            return c.json({ error: { code: 'UNAUTHORIZED', message: 'Malformed token: missing kid' } }, 401);
+        }
+        const signingKey = await getSigningKey(decoded.header.kid);
+        const verifyOptions = {
+            algorithms: ['RS256', 'RS384', 'RS512', 'ES256', 'ES384'],
+        };
+        if (IAM_ISSUERS.length > 0 && IAM_ISSUERS[0] !== '') {
+            verifyOptions.issuer = IAM_ISSUERS;
+        }
+        if (IAM_AUDIENCE) {
+            verifyOptions.audience = IAM_AUDIENCE;
+        }
+        const payload = jwt.verify(token, signingKey, verifyOptions);
+        c.set('iamClaims', payload);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : 'Token verification failed';
+        return c.json({ error: { code: 'UNAUTHORIZED', message } }, 401);
+    }
+    await next();
+});
+// ---------------------------------------------------------------------------
+// Structured JSON request/response logging middleware
+// ---------------------------------------------------------------------------
+export const loggingMiddleware = createMiddleware(async (c, next) => {
+    const startTime = Date.now();
+    const correlationId = c.get('correlationId');
+    process.stdout.write(JSON.stringify({
+        severity: 'INFO',
+        message: 'request received',
+        httpRequest: {
+            method: c.req.method,
+            url: c.req.url,
+            userAgent: c.req.header('user-agent'),
+        },
+        correlationId,
+        timestamp: new Date().toISOString(),
+    }) + '\n');
+    await next();
+    const durationMs = Date.now() - startTime;
+    process.stdout.write(JSON.stringify({
+        severity: 'INFO',
+        message: 'request completed',
+        httpRequest: {
+            method: c.req.method,
+            url: c.req.url,
+            status: c.res.status,
+            latency: `${durationMs}ms`,
+        },
+        correlationId,
+        timestamp: new Date().toISOString(),
+    }) + '\n');
+});

package/dist/server/routes.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { Hono } from 'hono';
+import { InforClient } from '../erp-client/client.js';
+declare const erpClientInstance: InforClient;
+declare const app: Hono<import("hono/types").BlankEnv, import("hono/types").BlankSchema, "/">;
+export { app, erpClientInstance };