npm - @mondaydotcomorg/atp-server - Versions diffs - 0.17.14 - Mend

@mondaydotcomorg/atp-server 0.17.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (307) hide show

package/README.md +489 -0
package/dist/aggregator/index.d.ts +59 -0
package/dist/aggregator/index.d.ts.map +1 -0
package/dist/aggregator/index.js +171 -0
package/dist/aggregator/index.js.map +1 -0
package/dist/callback/index.d.ts +98 -0
package/dist/callback/index.d.ts.map +1 -0
package/dist/callback/index.js +136 -0
package/dist/callback/index.js.map +1 -0
package/dist/client-sessions.d.ts +82 -0
package/dist/client-sessions.d.ts.map +1 -0
package/dist/client-sessions.js +174 -0
package/dist/client-sessions.js.map +1 -0
package/dist/controllers/definitions.controller.d.ts +4 -0
package/dist/controllers/definitions.controller.d.ts.map +1 -0
package/dist/controllers/definitions.controller.js +11 -0
package/dist/controllers/definitions.controller.js.map +1 -0
package/dist/controllers/execute.controller.d.ts +18 -0
package/dist/controllers/execute.controller.d.ts.map +1 -0
package/dist/controllers/execute.controller.js +122 -0
package/dist/controllers/execute.controller.js.map +1 -0
package/dist/controllers/info.controller.d.ts +3 -0
package/dist/controllers/info.controller.d.ts.map +1 -0
package/dist/controllers/info.controller.js +13 -0
package/dist/controllers/info.controller.js.map +1 -0
package/dist/controllers/resume.controller.d.ts +11 -0
package/dist/controllers/resume.controller.d.ts.map +1 -0
package/dist/controllers/resume.controller.js +61 -0
package/dist/controllers/resume.controller.js.map +1 -0
package/dist/controllers/search.controller.d.ts +4 -0
package/dist/controllers/search.controller.d.ts.map +1 -0
package/dist/controllers/search.controller.js +7 -0
package/dist/controllers/search.controller.js.map +1 -0
package/dist/controllers/stream.controller.d.ts +19 -0
package/dist/controllers/stream.controller.d.ts.map +1 -0
package/dist/controllers/stream.controller.js +141 -0
package/dist/controllers/stream.controller.js.map +1 -0
package/dist/core/config.d.ts +161 -0
package/dist/core/config.d.ts.map +1 -0
package/dist/core/config.js +7 -0
package/dist/core/config.js.map +1 -0
package/dist/core/http.d.ts +4 -0
package/dist/core/http.d.ts.map +1 -0
package/dist/core/http.js +17 -0
package/dist/core/http.js.map +1 -0
package/dist/create-server.d.ts +120 -0
package/dist/create-server.d.ts.map +1 -0
package/dist/create-server.js +423 -0
package/dist/create-server.js.map +1 -0
package/dist/execution-state/index.d.ts +95 -0
package/dist/execution-state/index.d.ts.map +1 -0
package/dist/execution-state/index.js +128 -0
package/dist/execution-state/index.js.map +1 -0
package/dist/executor/ast-provenance-bridge.d.ts +12 -0
package/dist/executor/ast-provenance-bridge.d.ts.map +1 -0
package/dist/executor/ast-provenance-bridge.js +66 -0
package/dist/executor/ast-provenance-bridge.js.map +1 -0
package/dist/executor/ast-tracking-runtime.d.ts +7 -0
package/dist/executor/ast-tracking-runtime.d.ts.map +1 -0
package/dist/executor/ast-tracking-runtime.js +559 -0
package/dist/executor/ast-tracking-runtime.js.map +1 -0
package/dist/executor/bootstrap-generated.d.ts +32 -0
package/dist/executor/bootstrap-generated.d.ts.map +1 -0
package/dist/executor/bootstrap-generated.js +90 -0
package/dist/executor/bootstrap-generated.js.map +1 -0
package/dist/executor/compiler-config.d.ts +32 -0
package/dist/executor/compiler-config.d.ts.map +1 -0
package/dist/executor/compiler-config.js +99 -0
package/dist/executor/compiler-config.js.map +1 -0
package/dist/executor/constants.d.ts +4 -0
package/dist/executor/constants.d.ts.map +1 -0
package/dist/executor/constants.js +4 -0
package/dist/executor/constants.js.map +1 -0
package/dist/executor/error-handler.d.ts +9 -0
package/dist/executor/error-handler.d.ts.map +1 -0
package/dist/executor/error-handler.js +95 -0
package/dist/executor/error-handler.js.map +1 -0
package/dist/executor/execution-error-handler.d.ts +7 -0
package/dist/executor/execution-error-handler.d.ts.map +1 -0
package/dist/executor/execution-error-handler.js +136 -0
package/dist/executor/execution-error-handler.js.map +1 -0
package/dist/executor/executor.d.ts +20 -0
package/dist/executor/executor.d.ts.map +1 -0
package/dist/executor/executor.js +452 -0
package/dist/executor/executor.js.map +1 -0
package/dist/executor/index.d.ts +4 -0
package/dist/executor/index.d.ts.map +1 -0
package/dist/executor/index.js +3 -0
package/dist/executor/index.js.map +1 -0
package/dist/executor/resume-handler.d.ts +9 -0
package/dist/executor/resume-handler.d.ts.map +1 -0
package/dist/executor/resume-handler.js +22 -0
package/dist/executor/resume-handler.js.map +1 -0
package/dist/executor/sandbox-builder.d.ts +29 -0
package/dist/executor/sandbox-builder.d.ts.map +1 -0
package/dist/executor/sandbox-builder.js +538 -0
package/dist/executor/sandbox-builder.js.map +1 -0
package/dist/executor/sandbox-injector.d.ts +7 -0
package/dist/executor/sandbox-injector.d.ts.map +1 -0
package/dist/executor/sandbox-injector.js +293 -0
package/dist/executor/sandbox-injector.js.map +1 -0
package/dist/executor/types.d.ts +21 -0
package/dist/executor/types.d.ts.map +1 -0
package/dist/executor/types.js +2 -0
package/dist/executor/types.js.map +1 -0
package/dist/explorer/index.d.ts +69 -0
package/dist/explorer/index.d.ts.map +1 -0
package/dist/explorer/index.js +228 -0
package/dist/explorer/index.js.map +1 -0
package/dist/handlers/definitions.handler.d.ts +3 -0
package/dist/handlers/definitions.handler.d.ts.map +1 -0
package/dist/handlers/definitions.handler.js +11 -0
package/dist/handlers/definitions.handler.js.map +1 -0
package/dist/handlers/execute.handler.d.ts +7 -0
package/dist/handlers/execute.handler.d.ts.map +1 -0
package/dist/handlers/execute.handler.js +225 -0
package/dist/handlers/execute.handler.js.map +1 -0
package/dist/handlers/explorer.handler.d.ts +4 -0
package/dist/handlers/explorer.handler.d.ts.map +1 -0
package/dist/handlers/explorer.handler.js +10 -0
package/dist/handlers/explorer.handler.js.map +1 -0
package/dist/handlers/init.handler.d.ts +5 -0
package/dist/handlers/init.handler.d.ts.map +1 -0
package/dist/handlers/init.handler.js +41 -0
package/dist/handlers/init.handler.js.map +1 -0
package/dist/handlers/resume.handler.d.ts +6 -0
package/dist/handlers/resume.handler.d.ts.map +1 -0
package/dist/handlers/resume.handler.js +256 -0
package/dist/handlers/resume.handler.js.map +1 -0
package/dist/handlers/search.handler.d.ts +5 -0
package/dist/handlers/search.handler.d.ts.map +1 -0
package/dist/handlers/search.handler.js +11 -0
package/dist/handlers/search.handler.js.map +1 -0
package/dist/http/request-handler.d.ts +15 -0
package/dist/http/request-handler.d.ts.map +1 -0
package/dist/http/request-handler.js +94 -0
package/dist/http/request-handler.js.map +1 -0
package/dist/http/router.d.ts +4 -0
package/dist/http/router.d.ts.map +1 -0
package/dist/http/router.js +32 -0
package/dist/http/router.js.map +1 -0
package/dist/index.d.ts +10 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +8 -0
package/dist/index.js.map +1 -0
package/dist/instrumentation/index.d.ts +5 -0
package/dist/instrumentation/index.d.ts.map +1 -0
package/dist/instrumentation/index.js +5 -0
package/dist/instrumentation/index.js.map +1 -0
package/dist/instrumentation/serializer.d.ts +61 -0
package/dist/instrumentation/serializer.d.ts.map +1 -0
package/dist/instrumentation/serializer.js +334 -0
package/dist/instrumentation/serializer.js.map +1 -0
package/dist/instrumentation/state-manager.d.ts +61 -0
package/dist/instrumentation/state-manager.d.ts.map +1 -0
package/dist/instrumentation/state-manager.js +205 -0
package/dist/instrumentation/state-manager.js.map +1 -0
package/dist/instrumentation/transformer.d.ts +9 -0
package/dist/instrumentation/transformer.d.ts.map +1 -0
package/dist/instrumentation/transformer.js +70 -0
package/dist/instrumentation/transformer.js.map +1 -0
package/dist/instrumentation/types.d.ts +59 -0
package/dist/instrumentation/types.d.ts.map +1 -0
package/dist/instrumentation/types.js +5 -0
package/dist/instrumentation/types.js.map +1 -0
package/dist/middleware/audit.d.ts +18 -0
package/dist/middleware/audit.d.ts.map +1 -0
package/dist/middleware/audit.js +76 -0
package/dist/middleware/audit.js.map +1 -0
package/dist/openapi/index.d.ts +133 -0
package/dist/openapi/index.d.ts.map +1 -0
package/dist/openapi/index.js +235 -0
package/dist/openapi/index.js.map +1 -0
package/dist/openapi-loader.d.ts +87 -0
package/dist/openapi-loader.d.ts.map +1 -0
package/dist/openapi-loader.js +491 -0
package/dist/openapi-loader.js.map +1 -0
package/dist/routes/index.d.ts +21 -0
package/dist/routes/index.d.ts.map +1 -0
package/dist/routes/index.js +47 -0
package/dist/routes/index.js.map +1 -0
package/dist/search/index.d.ts +48 -0
package/dist/search/index.d.ts.map +1 -0
package/dist/search/index.js +156 -0
package/dist/search/index.js.map +1 -0
package/dist/security/index.d.ts +2 -0
package/dist/security/index.d.ts.map +1 -0
package/dist/security/index.js +2 -0
package/dist/security/index.js.map +1 -0
package/dist/shutdown.d.ts +19 -0
package/dist/shutdown.d.ts.map +1 -0
package/dist/shutdown.js +87 -0
package/dist/shutdown.js.map +1 -0
package/dist/utils/banner.d.ts +12 -0
package/dist/utils/banner.d.ts.map +1 -0
package/dist/utils/banner.js +18 -0
package/dist/utils/banner.js.map +1 -0
package/dist/utils/context.d.ts +16 -0
package/dist/utils/context.d.ts.map +1 -0
package/dist/utils/context.js +44 -0
package/dist/utils/context.js.map +1 -0
package/dist/utils/error.d.ts +8 -0
package/dist/utils/error.d.ts.map +1 -0
package/dist/utils/error.js +17 -0
package/dist/utils/error.js.map +1 -0
package/dist/utils/hint-based-instrumentation.d.ts +14 -0
package/dist/utils/hint-based-instrumentation.d.ts.map +1 -0
package/dist/utils/hint-based-instrumentation.js +84 -0
package/dist/utils/hint-based-instrumentation.js.map +1 -0
package/dist/utils/index.d.ts +8 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +8 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/info.d.ts +20 -0
package/dist/utils/info.d.ts.map +1 -0
package/dist/utils/info.js +15 -0
package/dist/utils/info.js.map +1 -0
package/dist/utils/provenance-reattachment.d.ts +32 -0
package/dist/utils/provenance-reattachment.d.ts.map +1 -0
package/dist/utils/provenance-reattachment.js +115 -0
package/dist/utils/provenance-reattachment.js.map +1 -0
package/dist/utils/request.d.ts +21 -0
package/dist/utils/request.d.ts.map +1 -0
package/dist/utils/request.js +44 -0
package/dist/utils/request.js.map +1 -0
package/dist/utils/response.d.ts +30 -0
package/dist/utils/response.d.ts.map +1 -0
package/dist/utils/response.js +53 -0
package/dist/utils/response.js.map +1 -0
package/dist/utils/runtime-types.d.ts +6 -0
package/dist/utils/runtime-types.d.ts.map +1 -0
package/dist/utils/runtime-types.js +14 -0
package/dist/utils/runtime-types.js.map +1 -0
package/dist/utils/schema.d.ts +9 -0
package/dist/utils/schema.d.ts.map +1 -0
package/dist/utils/schema.js +13 -0
package/dist/utils/schema.js.map +1 -0
package/dist/utils/token-emitter.d.ts +21 -0
package/dist/utils/token-emitter.d.ts.map +1 -0
package/dist/utils/token-emitter.js +129 -0
package/dist/utils/token-emitter.js.map +1 -0
package/dist/validator/index.d.ts +36 -0
package/dist/validator/index.d.ts.map +1 -0
package/dist/validator/index.js +224 -0
package/dist/validator/index.js.map +1 -0
package/package.json +68 -0
package/src/aggregator/index.ts +207 -0
package/src/callback/index.ts +191 -0
package/src/client-sessions.ts +234 -0
package/src/controllers/definitions.controller.ts +19 -0
package/src/controllers/execute.controller.ts +166 -0
package/src/controllers/info.controller.ts +14 -0
package/src/controllers/resume.controller.ts +92 -0
package/src/controllers/search.controller.ts +16 -0
package/src/controllers/stream.controller.ts +190 -0
package/src/core/config.ts +180 -0
package/src/core/http.ts +21 -0
package/src/create-server.ts +536 -0
package/src/execution-state/index.ts +204 -0
package/src/executor/ast-provenance-bridge.ts +80 -0
package/src/executor/ast-tracking-runtime.ts +558 -0
package/src/executor/bootstrap-generated.ts +90 -0
package/src/executor/compiler-config.ts +146 -0
package/src/executor/constants.ts +5 -0
package/src/executor/error-handler.ts +118 -0
package/src/executor/execution-error-handler.ts +178 -0
package/src/executor/executor.ts +631 -0
package/src/executor/index.ts +3 -0
package/src/executor/resume-handler.ts +39 -0
package/src/executor/sandbox-builder.ts +684 -0
package/src/executor/sandbox-injector.ts +345 -0
package/src/executor/types.ts +22 -0
package/src/explorer/index.ts +297 -0
package/src/handlers/definitions.handler.ts +13 -0
package/src/handlers/execute.handler.ts +286 -0
package/src/handlers/explorer.handler.ts +18 -0
package/src/handlers/init.handler.ts +53 -0
package/src/handlers/resume.handler.ts +316 -0
package/src/handlers/search.handler.ts +32 -0
package/src/http/request-handler.ts +117 -0
package/src/http/router.ts +29 -0
package/src/index.ts +60 -0
package/src/instrumentation/index.ts +4 -0
package/src/instrumentation/serializer.ts +421 -0
package/src/instrumentation/state-manager.ts +237 -0
package/src/instrumentation/transformer.ts +84 -0
package/src/instrumentation/types.ts +76 -0
package/src/middleware/audit.ts +101 -0
package/src/openapi/index.ts +378 -0
package/src/openapi-loader.ts +744 -0
package/src/routes/index.ts +93 -0
package/src/search/index.ts +216 -0
package/src/security/index.ts +1 -0
package/src/shutdown.ts +108 -0
package/src/utils/banner.ts +25 -0
package/src/utils/context.ts +58 -0
package/src/utils/error.ts +25 -0
package/src/utils/hint-based-instrumentation.ts +99 -0
package/src/utils/index.ts +15 -0
package/src/utils/info.ts +31 -0
package/src/utils/provenance-reattachment.ts +144 -0
package/src/utils/request.ts +53 -0
package/src/utils/response.ts +69 -0
package/src/utils/runtime-types.ts +14 -0
package/src/utils/schema.ts +18 -0
package/src/utils/token-emitter.ts +182 -0
package/src/validator/index.ts +253 -0

package/src/client-sessions.ts ADDED Viewed

@@ -0,0 +1,234 @@
+/**
+ * Client Session Management
+ */
+import { randomBytes } from 'node:crypto';
+import { nanoid } from 'nanoid';
+import jwt from 'jsonwebtoken';
+import type { CacheProvider, ClientToolDefinition } from '@mondaydotcomorg/atp-protocol';
+export interface ClientSession {
+	clientId: string;
+	createdAt: number;
+	expiresAt: number;
+	clientInfo?: {
+		name?: string;
+		version?: string;
+		[key: string]: unknown;
+	};
+	guidance?: string;
+	/** Client-provided tool definitions */
+	tools?: ClientToolDefinition[];
+}
+export interface ClientInitRequest {
+	clientInfo?: {
+		name?: string;
+		version?: string;
+		[key: string]: unknown;
+	};
+	guidance?: string;
+	/** Client tool definitions to register */
+	tools?: ClientToolDefinition[];
+}
+export interface ClientInitResponse {
+	clientId: string;
+	token: string;
+	expiresAt: number;
+	tokenRotateAt?: number;
+}
+/**
+ * Client session manager with JWT-based authentication
+ */
+export class ClientSessionManager {
+	private cache?: CacheProvider;
+	private inMemorySessions: Map<string, ClientSession> = new Map();
+	private cleanupTimers: Map<string, NodeJS.Timeout> = new Map();
+	private tokenTTL: number;
+	private jwtSecret: string;
+	constructor(options: { cache?: CacheProvider; tokenTTL: number; tokenRotation: number }) {
+		this.cache = options.cache;
+		this.tokenTTL = options.tokenTTL;
+		const secret = process.env.ATP_JWT_SECRET;
+		if (!secret) {
+			throw new Error(
+				'ATP_JWT_SECRET environment variable is required. Generate one with: openssl rand -base64 32'
+			);
+		}
+		this.jwtSecret = secret;
+	}
+	/**
+	 * Initialize a new client session
+	 */
+	async initClient(request: ClientInitRequest): Promise<ClientInitResponse> {
+		const clientId = this.generateClientId();
+		const now = Date.now();
+		const expiresAt = now + this.tokenTTL;
+		const tokenRotateAt = now + this.tokenTTL / 2;
+		const token = this.generateToken(clientId);
+		const session: ClientSession = {
+			clientId,
+			createdAt: now,
+			expiresAt,
+			clientInfo: request.clientInfo,
+			guidance: request.guidance,
+			tools: request.tools || [],
+		};
+		if (this.cache) {
+			const ttlSeconds = Math.floor(this.tokenTTL / 1000);
+			await this.cache.set(`session:${clientId}`, session, ttlSeconds);
+		} else {
+			this.inMemorySessions.set(clientId, session);
+			this.scheduleCleanup(clientId, this.tokenTTL);
+		}
+		return {
+			clientId,
+			token,
+			expiresAt,
+			tokenRotateAt,
+		};
+	}
+	/**
+	 * Verify client token (JWT-based, stateless)
+	 */
+	async verifyClient(clientId: string, token: string): Promise<boolean> {
+		try {
+			// Prevent algorithm confusion attacks - only allow HS256
+			const decoded = jwt.verify(token, this.jwtSecret, {
+				algorithms: ['HS256'],
+			}) as { clientId: string; type: string };
+			if (decoded.clientId !== clientId || decoded.type !== 'client') {
+				return false;
+			}
+			const session = await this.getSession(clientId);
+			return session !== null;
+		} catch (error) {
+			return false;
+		}
+	}
+	/**
+	 * Get client session
+	 */
+	async getSession(clientId: string): Promise<ClientSession | null> {
+		let session: ClientSession | null = null;
+		if (this.cache) {
+			session = await this.cache.get<ClientSession>(`session:${clientId}`);
+		} else {
+			session = this.inMemorySessions.get(clientId) || null;
+		}
+		if (!session) {
+			return null;
+		}
+		if (Date.now() > session.expiresAt) {
+			if (this.cache) {
+				await this.cache.delete(`session:${clientId}`);
+			} else {
+				this.inMemorySessions.delete(clientId);
+			}
+			return null;
+		}
+		return session;
+	}
+	/**
+	 * Revoke client session
+	 */
+	async revokeClient(clientId: string): Promise<void> {
+		if (this.cache) {
+			await this.cache.delete(`session:${clientId}`);
+		} else {
+			this.inMemorySessions.delete(clientId);
+		}
+	}
+	/**
+	 * Generate cryptographically secure client ID
+	 */
+	private generateClientId(): string {
+		const random = randomBytes(16).toString('hex');
+		return `cli_${random}`;
+	}
+	/**
+	 * Generate JWT token for client
+	 */
+	generateToken(clientId: string): string {
+		return jwt.sign(
+			{
+				clientId,
+				type: 'client',
+				jti: nanoid(),
+			},
+			this.jwtSecret,
+			{
+				expiresIn: 3600,
+			}
+		);
+	}
+	/**
+	 * Schedule cleanup of expired in-memory session
+	 */
+	private scheduleCleanup(clientId: string, ttl: number): void {
+		const existingTimer = this.cleanupTimers.get(clientId);
+		if (existingTimer) {
+			clearTimeout(existingTimer);
+		}
+		const timer = setTimeout(() => {
+			this.inMemorySessions.delete(clientId);
+			this.cleanupTimers.delete(clientId);
+		}, ttl);
+		this.cleanupTimers.set(clientId, timer);
+	}
+	/**
+	 * Manually cleanup a session (useful for tests and explicit cleanup)
+	 */
+	async cleanup(clientId: string): Promise<void> {
+		const timer = this.cleanupTimers.get(clientId);
+		if (timer) {
+			clearTimeout(timer);
+			this.cleanupTimers.delete(clientId);
+		}
+		if (this.cache) {
+			await this.cache.delete(`session:${clientId}`);
+		} else {
+			this.inMemorySessions.delete(clientId);
+		}
+	}
+	/**
+	 * Cleanup all sessions (useful for shutdown)
+	 */
+	async cleanupAll(): Promise<void> {
+		for (const timer of this.cleanupTimers.values()) {
+			clearTimeout(timer);
+		}
+		this.cleanupTimers.clear();
+		if (!this.cache) {
+			this.inMemorySessions.clear();
+		}
+	}
+}

package/src/controllers/definitions.controller.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import type { APIAggregator } from '../aggregator/index.js';
+import { sendJson } from '../utils/response.js';
+export async function handleDefinitions(
+	req: IncomingMessage,
+	res: ServerResponse,
+	aggregator: APIAggregator,
+	url: URL
+): Promise<void> {
+	const apiGroups = url.searchParams.get('apiGroups')?.split(',');
+	const typescript = await aggregator.generateTypeScript(apiGroups);
+	sendJson(res, {
+		typescript,
+		apiGroups: aggregator.getApiGroups(),
+		version: '1.0.0',
+	});
+}

package/src/controllers/execute.controller.ts ADDED Viewed

@@ -0,0 +1,166 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import type { ExecutionConfig } from '@mondaydotcomorg/atp-protocol';
+import { ExecutionErrorCode, sanitizeInput, MAX_CODE_SIZE } from '@mondaydotcomorg/atp-protocol';
+import type { CodeValidator } from '../validator/index.js';
+import type { SandboxExecutor } from '../executor/index.js';
+import type { ExecutionStateManager } from '../execution-state/index.js';
+import type { AuditConfig } from '../middleware/audit.js';
+import { auditExecution } from '../middleware/audit.js';
+import { clientCallbackManager } from '../callback/index.js';
+import { nanoid } from 'nanoid';
+import type { log } from '@mondaydotcomorg/atp-runtime';
+interface ExecuteContext {
+	validator: CodeValidator;
+	executor: SandboxExecutor;
+	stateManager: ExecutionStateManager;
+	auditConfig?: AuditConfig;
+	defaultTimeout: number;
+	defaultMemoryLimit: number;
+	defaultLLMCallLimit: number;
+}
+export async function handleExecute(
+	req: IncomingMessage,
+	res: ServerResponse,
+	context: ExecuteContext,
+	body: string,
+	clientId: string | undefined,
+	logger: ReturnType<typeof log.child>
+): Promise<void> {
+	let request: { code: string; config?: Partial<ExecutionConfig> };
+	try {
+		request = JSON.parse(body);
+	} catch (error) {
+		logger.warn('Invalid request body', { error });
+		res.writeHead(400, { 'Content-Type': 'application/json' });
+		res.end(
+			JSON.stringify({
+				error: 'Invalid request body',
+				message: error instanceof Error ? error.message : 'Failed to parse request',
+			})
+		);
+		return;
+	}
+	request.code = sanitizeInput(request.code, MAX_CODE_SIZE);
+	if (clientId && request.config?.clientServices) {
+		clientCallbackManager.registerClient(clientId, request.config.clientServices);
+		logger.info('Client services registered', {
+			clientId,
+			services: request.config.clientServices,
+		});
+	}
+	if (clientId) {
+		clientCallbackManager.updateClientActivity(clientId);
+	}
+	const executionConfig: ExecutionConfig = {
+		timeout: request.config?.timeout ?? context.defaultTimeout,
+		maxMemory: request.config?.maxMemory ?? context.defaultMemoryLimit,
+		maxLLMCalls: request.config?.maxLLMCalls ?? context.defaultLLMCallLimit,
+		allowedAPIs: request.config?.allowedAPIs ?? [],
+		allowLLMCalls: request.config?.allowLLMCalls ?? true,
+		clientServices: request.config?.clientServices,
+		provenanceMode: request.config?.provenanceMode,
+		securityPolicies: request.config?.securityPolicies,
+		provenanceHints: request.config?.provenanceHints,
+	};
+	logger.info('Validating code for execution', {
+		codeLength: request.code.length,
+		timeout: executionConfig.timeout,
+		clientServices: executionConfig.clientServices,
+	});
+	const validationResult = await context.validator.validate(request.code, executionConfig);
+	if (!validationResult.valid) {
+		logger.warn('Code validation failed', {
+			errors: validationResult.errors?.length,
+			securityIssues: validationResult.securityIssues?.length,
+		});
+		const hasSecurityIssues =
+			validationResult.securityIssues && validationResult.securityIssues.length > 0;
+		res.writeHead(200, { 'Content-Type': 'application/json' });
+		res.end(
+			JSON.stringify({
+				executionId: nanoid(),
+				status: hasSecurityIssues ? 'security_violation' : 'validation_failed',
+				error: {
+					message: 'Code validation failed',
+					code: hasSecurityIssues
+						? ExecutionErrorCode.SECURITY_VIOLATION
+						: ExecutionErrorCode.VALIDATION_FAILED,
+					context: {
+						errors: validationResult.errors,
+						securityIssues: validationResult.securityIssues,
+					},
+					retryable: false,
+					suggestion: hasSecurityIssues
+						? 'Remove forbidden operations and use only allowed APIs'
+						: 'Fix syntax errors and validation issues in your code',
+				},
+				stats: {
+					duration: 0,
+					memoryUsed: 0,
+					llmCallsCount: 0,
+					approvalCallsCount: 0,
+					httpCallsCount: 0,
+				},
+			})
+		);
+		return;
+	}
+	logger.info('Executing code in sandbox');
+	const result = await context.executor.execute(request.code, executionConfig, clientId);
+	logger.info('Code execution completed', {
+		executionId: result.executionId,
+		status: result.status,
+		duration: result.stats.duration,
+		memoryUsed: result.stats.memoryUsed,
+		llmCalls: result.stats.llmCallsCount,
+		approvalCalls: result.stats.approvalCallsCount,
+	});
+	if (result.status === 'paused' && result.needsCallback && clientId && result.callbackHistory) {
+		await context.stateManager.pause({
+			executionId: result.executionId,
+			code: request.code,
+			config: executionConfig,
+			clientId,
+			callbackRequest: result.needsCallback,
+			pausedAt: Date.now(),
+			callbackHistory: result.callbackHistory,
+			currentCallbackIndex: result.callbackHistory.length - 1,
+			context: {},
+		});
+		logger.info('Execution state saved', {
+			executionId: result.executionId,
+			callbackType: result.needsCallback.type,
+			storage: context.stateManager.getStorageType(),
+			historyLength: result.callbackHistory.length,
+		});
+	}
+	if (context.auditConfig?.enabled) {
+		await auditExecution({
+			executionId: result.executionId,
+			apiKey: (req as any).apiKey,
+			ip: req.socket.remoteAddress,
+			code: request.code,
+			result,
+		});
+	}
+	res.writeHead(200, { 'Content-Type': 'application/json' });
+	res.end(JSON.stringify(result));
+}

package/src/controllers/info.controller.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import { sendJson } from '../utils/response.js';
+export async function handleInfo(req: IncomingMessage, res: ServerResponse): Promise<void> {
+	sendJson(res, {
+		version: '1.0.0',
+		capabilities: {
+			execution: true,
+			search: true,
+			streaming: true,
+			llmCalls: true,
+		},
+	});
+}

package/src/controllers/resume.controller.ts ADDED Viewed

@@ -0,0 +1,92 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import type { SandboxExecutor } from '../executor/index.js';
+import type { ExecutionStateManager } from '../execution-state/index.js';
+import type { log } from '@mondaydotcomorg/atp-runtime';
+interface ResumeContext {
+	executor: SandboxExecutor;
+	stateManager: ExecutionStateManager;
+}
+export async function handleResume(
+	req: IncomingMessage,
+	res: ServerResponse,
+	context: ResumeContext,
+	executionId: string,
+	body: string,
+	logger: ReturnType<typeof log.child>
+): Promise<void> {
+	logger.info('Resuming paused execution', { executionId });
+	const pausedState = await context.stateManager.get(executionId);
+	if (!pausedState) {
+		logger.warn('Execution not found or expired', { executionId });
+		res.writeHead(404, { 'Content-Type': 'application/json' });
+		res.end(JSON.stringify({ error: 'Execution not found or expired' }));
+		return;
+	}
+	const { result: callbackResult } = JSON.parse(body) as { result: unknown };
+	logger.info('Client callback result received', {
+		executionId,
+		callbackType: pausedState.callbackRequest.type,
+		operation: pausedState.callbackRequest.operation,
+	});
+	const updatedHistory = pausedState.callbackHistory.map((record, index) => {
+		if (index === pausedState.currentCallbackIndex) {
+			return { ...record, result: callbackResult };
+		}
+		return record;
+	});
+	logger.info('Re-executing with replay', {
+		executionId,
+		historyLength: updatedHistory.length,
+	});
+	const result = await context.executor.execute(
+		pausedState.code,
+		pausedState.config,
+		pausedState.clientId,
+		{
+			callbackHistory: updatedHistory,
+			newCallbackResult: callbackResult,
+			executionId,
+		}
+	);
+	logger.info('Resumed execution completed', {
+		executionId: result.executionId,
+		status: result.status,
+		duration: result.stats.duration,
+	});
+	if (result.status === 'paused' && result.needsCallback && result.callbackHistory) {
+		await context.stateManager.pause({
+			executionId: result.executionId,
+			code: pausedState.code,
+			config: pausedState.config,
+			clientId: pausedState.clientId,
+			callbackRequest: result.needsCallback,
+			pausedAt: Date.now(),
+			callbackHistory: result.callbackHistory,
+			currentCallbackIndex: result.callbackHistory.length - 1,
+			context: {},
+		});
+		logger.info('Execution paused again (multi-callback)', {
+			executionId: result.executionId,
+			callbackType: result.needsCallback.type,
+			totalCallbacks: result.callbackHistory.length,
+		});
+	} else {
+		await context.stateManager.delete(executionId);
+		logger.debug('Execution state cleaned up', { executionId });
+	}
+	res.writeHead(200, { 'Content-Type': 'application/json' });
+	res.end(JSON.stringify(result));
+}

package/src/controllers/search.controller.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import type { SearchOptions } from '@mondaydotcomorg/atp-protocol';
+import type { SearchEngine } from '../search/index.js';
+import { sendJson } from '../utils/response.js';
+export async function handleSearch(
+	req: IncomingMessage,
+	res: ServerResponse,
+	searchEngine: SearchEngine,
+	body: string
+): Promise<void> {
+	const searchOptions = JSON.parse(body) as SearchOptions;
+	const results = await searchEngine.search(searchOptions);
+	sendJson(res, { results });
+}