npm - @parmanasystems/core - Versions diffs - 1.71.22 → 1.71.24 - Mend

@parmanasystems/core 1.71.22 → 1.71.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -10498,9 +10498,7 @@ import {
   getRuntimeManifest,
   evaluatePolicy,
   loadPolicy,
-  canonicalizeForSigning,
-  validateSignalsStrict,
-  violate
+  canonicalizeForSigning
 } from "@parmanasystems/execution";
 import crypto from "crypto";
 import {
@@ -10509,17 +10507,13 @@ import {
 import {
   evaluatePolicy as evaluatePolicy2,
   loadPolicy as loadPolicy2,
-  validateSignalsStrict as validateSignalsStrict2
+  validateSignalsStrict
 } from "@parmanasystems/execution";
 async function executeFromSignals(input, signer, verifier, replayStore) {
   const policy = loadPolicy(
     input.policyId,
     input.policyVersion
   );
-  validateSignalsStrict(
-    input.signals,
-    policy
-  );
   const decision = evaluatePolicy(
     policy,
     input.signals
@@ -10536,20 +10530,23 @@ async function executeFromSignals(input, signer, verifier, replayStore) {
       signals: input.signals
     })
   ).digest("hex");
-  const hasRun = await replayStore.hasExecuted(
-    execution_fingerprint
-  );
-  if (hasRun) {
-    violate(
-      "INV-013",
-      "replay",
-      `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`,
+  if (replayStore.reserve) {
+    await replayStore.reserve(
+      execution_fingerprint
+    );
+  } else {
+    const alreadyExecuted = await replayStore.hasExecuted(
+      execution_fingerprint
+    );
+    if (alreadyExecuted) {
+      throw new Error(
+        `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`
+      );
+    }
+    await replayStore.markExecuted(
       execution_fingerprint
     );
   }
-  await replayStore.markExecuted(
-    execution_fingerprint
-  );
   const runtimeManifest = getRuntimeManifest();
   const token = issueToken({
     executionId: execution_fingerprint,
@@ -10565,7 +10562,7 @@ async function executeFromSignals(input, signer, verifier, replayStore) {
       token
     )
   );
-  return executeDecision({
+  const attestation = await executeDecision({
     token,
     execution_fingerprint,
     token_signature,
@@ -10579,16 +10576,34 @@ async function executeFromSignals(input, signer, verifier, replayStore) {
       supported_schemaVersions: runtimeManifest.supported_schemaVersions
     }
   });
+  if (replayStore.confirm) {
+    try {
+      await replayStore.confirm(
+        execution_fingerprint
+      );
+    } catch (err) {
+      console.warn(
+        "[PARMANA WARNING] Failed to confirm execution fingerprint after successful execution:",
+        err
+      );
+    }
+  }
+  return attestation;
 }
 var RedisReplayStore = class {
   constructor(url) {
     this.client = new import_ioredis.default(url);
   }
   async hasExecuted(execution_fingerprint) {
-    const res = await this.client.exists(
-      `exec:${execution_fingerprint}`
-    );
-    return res === 1;
+    const [confirmed, pending] = await Promise.all([
+      this.client.exists(
+        `exec:${execution_fingerprint}`
+      ),
+      this.client.exists(
+        `exec:pending:${execution_fingerprint}`
+      )
+    ]);
+    return confirmed === 1 || pending === 1;
   }
   async markExecuted(execution_fingerprint) {
     const result = await this.client.set(
@@ -10602,6 +10617,35 @@ var RedisReplayStore = class {
       );
     }
   }
+  async reserve(execution_fingerprint) {
+    const alreadyConfirmed = await this.client.exists(
+      `exec:${execution_fingerprint}`
+    );
+    if (alreadyConfirmed === 1) {
+      throw new Error(
+        `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`
+      );
+    }
+    const result = await this.client.set(
+      `exec:pending:${execution_fingerprint}`,
+      "1",
+      "NX"
+    );
+    if (result !== "OK") {
+      throw new Error(
+        `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`
+      );
+    }
+  }
+  async confirm(execution_fingerprint) {
+    await this.client.set(
+      `exec:${execution_fingerprint}`,
+      "1"
+    );
+    await this.client.del(
+      `exec:pending:${execution_fingerprint}`
+    );
+  }
   async get(key) {
     return this.client.get(key);
   }
@@ -10618,27 +10662,60 @@ var RedisReplayStore = class {
     await this.client.quit();
   }
 };
+var DEFAULT_MAX_SIZE = 1e6;
 var MemoryReplayStore = class {
-  constructor() {
-    this.store = /* @__PURE__ */ new Set();
+  constructor(options = {}) {
+    this.reserved = /* @__PURE__ */ new Set();
+    this.confirmed = /* @__PURE__ */ new Set();
+    const {
+      warnInProduction = true,
+      maxSize = DEFAULT_MAX_SIZE
+    } = options;
+    this.maxSize = maxSize;
+    if (warnInProduction && process.env["NODE_ENV"] === "production") {
+      console.warn(
+        "[PARMANA WARNING] MemoryReplayStore is not suitable for production. It loses all replay protection on process restart and does not work across multiple processes. Use RedisReplayStore in production."
+      );
+    }
   }
-  async markExecuted(execution_fingerprint) {
-    if (this.store.has(
-      execution_fingerprint
-    )) {
+  async reserve(execution_fingerprint) {
+    if (this.reserved.has(execution_fingerprint) || this.confirmed.has(execution_fingerprint)) {
       throw new Error(
         `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`
       );
     }
-    this.store.add(
+    this.checkMaxSize();
+    this.reserved.add(
       execution_fingerprint
     );
   }
-  async hasExecuted(execution_fingerprint) {
-    return this.store.has(
+  async confirm(execution_fingerprint) {
+    this.reserved.delete(
+      execution_fingerprint
+    );
+    this.confirmed.add(
+      execution_fingerprint
+    );
+  }
+  async markExecuted(execution_fingerprint) {
+    await this.reserve(
+      execution_fingerprint
+    );
+    await this.confirm(
       execution_fingerprint
     );
   }
+  async hasExecuted(execution_fingerprint) {
+    return this.reserved.has(execution_fingerprint) || this.confirmed.has(execution_fingerprint);
+  }
+  checkMaxSize() {
+    const total = this.reserved.size + this.confirmed.size;
+    if (total >= this.maxSize) {
+      throw new Error(
+        `MemoryReplayStore has reached maximum size of ${this.maxSize} entries. Switch to RedisReplayStore for production use.`
+      );
+    }
+  }
 };
 // src/index.ts
@@ -10652,7 +10729,7 @@ import {
 import {
   INVARIANT_REGISTRY,
   InvariantViolation,
-  violate as violate2,
+  violate,
   hashInput
 } from "@parmanasystems/execution";
@@ -10889,6 +10966,6 @@ export {
   verifyRuntime,
   verifyRuntimeCompatibility,
   verifyRuntimeManifest,
-  violate2 as violate
+  violate
 };
 //# sourceMappingURL=index.js.map