@pellux/goodvibes-sdk 0.21.28 → 0.21.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/_internal/platform/companion/companion-chat-rate-limiter.d.ts +7 -0
- package/dist/_internal/platform/companion/companion-chat-rate-limiter.d.ts.map +1 -1
- package/dist/_internal/platform/companion/companion-chat-rate-limiter.js +16 -0
- package/dist/_internal/platform/control-plane/gateway.d.ts.map +1 -1
- package/dist/_internal/platform/control-plane/gateway.js +7 -0
- package/dist/_internal/platform/control-plane/session-broker.d.ts.map +1 -1
- package/dist/_internal/platform/control-plane/session-broker.js +26 -1
- package/dist/_internal/platform/core/orchestrator.d.ts.map +1 -1
- package/dist/_internal/platform/core/orchestrator.js +2 -0
- package/dist/_internal/platform/daemon/http/router.d.ts.map +1 -1
- package/dist/_internal/platform/daemon/http/router.js +20 -1
- package/dist/_internal/platform/daemon/http-listener.d.ts +25 -0
- package/dist/_internal/platform/daemon/http-listener.d.ts.map +1 -1
- package/dist/_internal/platform/daemon/http-listener.js +91 -32
- package/dist/_internal/platform/hooks/runners/http.d.ts.map +1 -1
- package/dist/_internal/platform/hooks/runners/http.js +13 -0
- package/dist/_internal/platform/hooks/types.d.ts +7 -0
- package/dist/_internal/platform/hooks/types.d.ts.map +1 -1
- package/dist/_internal/platform/integrations/webhooks.d.ts.map +1 -1
- package/dist/_internal/platform/integrations/webhooks.js +10 -0
- package/dist/_internal/platform/runtime/bootstrap-runtime-events.d.ts.map +1 -1
- package/dist/_internal/platform/runtime/bootstrap-runtime-events.js +2 -0
- package/dist/_internal/platform/runtime/events/index.d.ts.map +1 -1
- package/dist/_internal/platform/runtime/events/index.js +33 -19
- package/dist/_internal/platform/runtime/integration/helpers.d.ts.map +1 -1
- package/dist/_internal/platform/runtime/integration/helpers.js +5 -0
- package/dist/_internal/platform/runtime/perf/slo-collector.d.ts.map +1 -1
- package/dist/_internal/platform/runtime/perf/slo-collector.js +2 -0
- package/dist/_internal/platform/runtime/telemetry/api.d.ts.map +1 -1
- package/dist/_internal/platform/runtime/telemetry/api.js +10 -2
- package/dist/_internal/platform/scheduler/scheduler.d.ts +19 -2
- package/dist/_internal/platform/scheduler/scheduler.d.ts.map +1 -1
- package/dist/_internal/platform/scheduler/scheduler.js +59 -23
- package/dist/_internal/platform/security/user-auth.d.ts.map +1 -1
- package/dist/_internal/platform/security/user-auth.js +25 -12
- package/dist/_internal/platform/version.js +1 -1
- package/dist/_internal/platform/workspace/daemon-home.d.ts.map +1 -1
- package/dist/_internal/platform/workspace/daemon-home.js +35 -3
- package/package.json +1 -1
|
@@ -14,6 +14,13 @@
|
|
|
14
14
|
import type { ConfigManager } from '../config/manager.js';
|
|
15
15
|
export declare const DEFAULT_MESSAGES_PER_MINUTE_PER_CLIENT = 30;
|
|
16
16
|
export declare const DEFAULT_MESSAGES_PER_MINUTE_PER_SESSION = 10;
|
|
17
|
+
/**
|
|
18
|
+
* Maximum number of distinct clientId/sessionId buckets to track concurrently.
|
|
19
|
+
* A slow attacker sending requests with distinct IDs would otherwise grow the
|
|
20
|
+
* Map without bound between cleanup() cycles. LRU eviction caps the attack
|
|
21
|
+
* surface at O(MAX_BUCKETS) entries per map (SEC-06).
|
|
22
|
+
*/
|
|
23
|
+
export declare const MAX_RATE_LIMITER_BUCKETS = 10000;
|
|
17
24
|
/**
|
|
18
25
|
* Read the per-session threshold override from the environment.
|
|
19
26
|
* GOODVIBES_CHAT_LIMITER_THRESHOLD=<int> overrides the per-session limit.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"companion-chat-rate-limiter.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/companion/companion-chat-rate-limiter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAM1D,eAAO,MAAM,sCAAsC,KAAK,CAAC;AACzD,eAAO,MAAM,uCAAuC,KAAK,CAAC;AAE1D;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,MAAM,GAAG,SAAS,CAK7F;AAeD,MAAM,WAAW,+BAA+B;IAC9C,mEAAmE;IACnE,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,oDAAoD;IACpD,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;;;;;OAMG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC;CAC5D;AAED,qBAAa,wBAAwB;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;IACxC;;;;;;;;;OASG;IACH,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAS;IAC7C,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAoC;IAElE,wBAAwB;IACxB,OAAO,CAAC,QAAQ,CAAC,aAAa,CAA6B;IAC3D,yBAAyB;IACzB,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA6B;gBAEhD,OAAO,GAAE,+BAAoC,EAAE,GAAG,GAAE,MAAM,CAAC,UAAwB;IAS/F;;;;;;OAMG;IACH,OAAO,CAAC,sBAAsB;IAU9B;;;;;;;;OAQG;IACH,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI;IAkDhD,+DAA+D;IAC/D,OAAO,IAAI,IAAI;IAYf,OAAO,CAAC,WAAW;
|
|
1
|
+
{"version":3,"file":"companion-chat-rate-limiter.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/companion/companion-chat-rate-limiter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAM1D,eAAO,MAAM,sCAAsC,KAAK,CAAC;AACzD,eAAO,MAAM,uCAAuC,KAAK,CAAC;AAE1D;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,QAAS,CAAC;AAE/C;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,MAAM,GAAG,SAAS,CAK7F;AAeD,MAAM,WAAW,+BAA+B;IAC9C,mEAAmE;IACnE,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,oDAAoD;IACpD,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;;;;;OAMG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC;CAC5D;AAED,qBAAa,wBAAwB;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;IACxC;;;;;;;;;OASG;IACH,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAS;IAC7C,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAoC;IAElE,wBAAwB;IACxB,OAAO,CAAC,QAAQ,CAAC,aAAa,CAA6B;IAC3D,yBAAyB;IACzB,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA6B;gBAEhD,OAAO,GAAE,+BAAoC,EAAE,GAAG,GAAE,MAAM,CAAC,UAAwB;IAS/F;;;;;;OAMG;IACH,OAAO,CAAC,sBAAsB;IAU9B;;;;;;;;OAQG;IACH,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI;IAkDhD,+DAA+D;IAC/D,OAAO,IAAI,IAAI;IAYf,OAAO,CAAC,WAAW;CAuBpB"}
|
|
@@ -17,6 +17,13 @@ import { GoodVibesSdkError } from '../../errors/index.js';
|
|
|
17
17
|
// ---------------------------------------------------------------------------
|
|
18
18
|
export const DEFAULT_MESSAGES_PER_MINUTE_PER_CLIENT = 30;
|
|
19
19
|
export const DEFAULT_MESSAGES_PER_MINUTE_PER_SESSION = 10;
|
|
20
|
+
/**
|
|
21
|
+
* Maximum number of distinct clientId/sessionId buckets to track concurrently.
|
|
22
|
+
* A slow attacker sending requests with distinct IDs would otherwise grow the
|
|
23
|
+
* Map without bound between cleanup() cycles. LRU eviction caps the attack
|
|
24
|
+
* surface at O(MAX_BUCKETS) entries per map (SEC-06).
|
|
25
|
+
*/
|
|
26
|
+
export const MAX_RATE_LIMITER_BUCKETS = 10_000;
|
|
20
27
|
/**
|
|
21
28
|
* Read the per-session threshold override from the environment.
|
|
22
29
|
* GOODVIBES_CHAT_LIMITER_THRESHOLD=<int> overrides the per-session limit.
|
|
@@ -138,11 +145,20 @@ export class CompanionChatRateLimiter {
|
|
|
138
145
|
getOrCreate(map, key, cutoff) {
|
|
139
146
|
let bucket = map.get(key);
|
|
140
147
|
if (!bucket) {
|
|
148
|
+
// SEC-06: LRU eviction — evict the least-recently-used entry when the map
|
|
149
|
+
// is at capacity. JS Map preserves insertion order; the first key is LRU.
|
|
150
|
+
if (map.size >= MAX_RATE_LIMITER_BUCKETS) {
|
|
151
|
+
const lruKey = map.keys().next().value;
|
|
152
|
+
map.delete(lruKey);
|
|
153
|
+
}
|
|
141
154
|
bucket = { timestamps: [] };
|
|
142
155
|
map.set(key, bucket);
|
|
143
156
|
}
|
|
144
157
|
else {
|
|
158
|
+
// Promote to MRU position via delete + re-set (O(1)).
|
|
159
|
+
map.delete(key);
|
|
145
160
|
prune(bucket, cutoff);
|
|
161
|
+
map.set(key, bucket);
|
|
146
162
|
}
|
|
147
163
|
return bucket;
|
|
148
164
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gateway.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/control-plane/gateway.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAkB,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9E,OAAO,KAAK,EAAE,eAAe,EAAE,kBAAkB,EAAyC,MAAM,4BAA4B,CAAC;AAU7H,OAAO,KAAK,EACV,4BAA4B,EAC5B,wBAAwB,EACxB,0BAA0B,EAC3B,MAAM,YAAY,CAAC;AAEpB,QAAA,MAAM,eAAe,EAAE,SAAS,kBAAkB,EAejD,CAAC;AAUF,MAAM,WAAW,yBAAyB;IACxC,QAAQ,CAAC,UAAU,CAAC,EAAE,eAAe,GAAG,IAAI,CAAC;IAC7C,QAAQ,CAAC,YAAY,CAAC,EAAE,YAAY,GAAG,IAAI,CAAC;IAC5C,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC,CAAC;CACrD;AAED,MAAM,WAAW,8BAA8B;IAC7C,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,CAAC,EAChB,KAAK,GACL,KAAK,GACL,OAAO,GACP,SAAS,GACT,MAAM,GACN,SAAS,GACT,UAAU,GACV,aAAa,GACb,QAAQ,GACR,UAAU,GACV,UAAU,GACV,SAAS,GACT,aAAa,GACb,YAAY,GACZ,QAAQ,GACR,QAAQ,CAAC;IACb,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,GAAG,IAAI,GAAG,SAAS,CAAC;IACjE,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,kBAAkB,EAAE,CAAC;IACjD,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,GAAG,OAAO,CAAC;IAC9D,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACpC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC3C;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;CAC3B;AAED,UAAU,sBAAsB;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,IAAI,EACT,KAAK,GACL,KAAK,GACL,OAAO,GACP,SAAS,GACT,MAAM,GACN,SAAS,GACT,UAAU,GACV,aAAa,GACb,QAAQ,GACR,UAAU,GACV,UAAU,GACV,SAAS,GACT,aAAa,GACb,YAAY,GACV,QAAQ,GACR,QAAQ,CAAC;IACf,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;CACvE;AA+BD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,UAAU,CAAyB;IAC3C,OAAO,CAAC,QAAQ,CAAwB;IACxC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAA2B;IACxD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA+C;IACvE,OAAO,CAAC,QAAQ,CAAC,WAAW,CAA6C;IACzE,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAkD;IACnF,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAoC;IAEnE,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAA0C;IAC5E,OAAO,CAAC,iBAAiB,CAAK;IAC9B,OAAO,CAAC,kBAAkB,CAAK;IAC/B,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAO;IAC7C,kEAAkE;IAClE,OAAO,KAAK,YAAY,GAevB;IACD,OAAO,CAAC,YAAY,CAAK;IACzB,OAAO,CAAC,UAAU,CAAK;IACvB,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,YAAY,CAAK;gBAEb,MAAM,GAAE,yBAA8B;IAkBlD,aAAa,CAAC,MAAM,EAAE;QACpB,QAAQ,CAAC,UAAU,CAAC,EAAE,eAAe,GAAG,IAAI,CAAC;QAC7C,QAAQ,CAAC,YAAY,CAAC,EAAE,YAAY,GAAG,IAAI,CAAC;KAC7C,GAAG,IAAI;IAkBR,WAAW,IAAI,4BAA4B,EAAE;IAM7C,WAAW,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAkBtC,mBAAmB,CAAC,KAAK,SAAK,GAAG,0BAA0B,EAAE;IAI7D,gBAAgB,CAAC,KAAK,SAAM,GAAG,uBAAuB,EAAE;IAIxD,qBAAqB,CAAC,KAAK,EAAE,IAAI,CAAC,0BAA0B,EAAE,IAAI,GAAG,WAAW,CAAC,GAAG,0BAA0B;IAqB9G,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE;QACrD,QAAQ,CAAC,UAAU,CAAC,EAAE,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACrD,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;KAC7B,GAAG,IAAI;IAWR,gBAAgB,CAAC,KAAK,EAAE;QACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,UAAU,CAAC,EAAE,8BAA8B,CAAC,YAAY,CAAC,CAAC;QACnE,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;KACzB,GAAG,IAAI;IAqBR,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,wBAAwB,CAAC,GAAG,IAAI;IAc9D,mBAAmB,CACjB,OAAO,EAAE,8BAA8B,EACvC,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,MAAM,KAAK,IAAI,GAC3D;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,SAAS,kBAAkB,EAAE,CAAA;KAAE;IAwF/D,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,IAAI;IAepF,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE;QAC1C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,GAAG,OAAO,CAAC;QAC9D,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;QACpC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;KAC3C,GAAG,IAAI;IA4BR,wBAAwB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,kBAAkB,EAAE,GAAG,IAAI;IAoBxF,0BAA0B,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS,kBAAkB,EAAE,GAAG,IAAI;IAa3F,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,SAAkB,GAAG,IAAI;IAyCtE,OAAO,CAAC,mBAAmB;IAa3B,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,GAAE,8BAAmC,GAAG,QAAQ;
|
|
1
|
+
{"version":3,"file":"gateway.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/control-plane/gateway.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAkB,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9E,OAAO,KAAK,EAAE,eAAe,EAAE,kBAAkB,EAAyC,MAAM,4BAA4B,CAAC;AAU7H,OAAO,KAAK,EACV,4BAA4B,EAC5B,wBAAwB,EACxB,0BAA0B,EAC3B,MAAM,YAAY,CAAC;AAEpB,QAAA,MAAM,eAAe,EAAE,SAAS,kBAAkB,EAejD,CAAC;AAUF,MAAM,WAAW,yBAAyB;IACxC,QAAQ,CAAC,UAAU,CAAC,EAAE,eAAe,GAAG,IAAI,CAAC;IAC7C,QAAQ,CAAC,YAAY,CAAC,EAAE,YAAY,GAAG,IAAI,CAAC;IAC5C,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC,CAAC;CACrD;AAED,MAAM,WAAW,8BAA8B;IAC7C,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,CAAC,EAChB,KAAK,GACL,KAAK,GACL,OAAO,GACP,SAAS,GACT,MAAM,GACN,SAAS,GACT,UAAU,GACV,aAAa,GACb,QAAQ,GACR,UAAU,GACV,UAAU,GACV,SAAS,GACT,aAAa,GACb,YAAY,GACZ,QAAQ,GACR,QAAQ,CAAC;IACb,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,GAAG,IAAI,GAAG,SAAS,CAAC;IACjE,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,kBAAkB,EAAE,CAAC;IACjD,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,GAAG,OAAO,CAAC;IAC9D,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACpC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC3C;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;CAC3B;AAED,UAAU,sBAAsB;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,IAAI,EACT,KAAK,GACL,KAAK,GACL,OAAO,GACP,SAAS,GACT,MAAM,GACN,SAAS,GACT,UAAU,GACV,aAAa,GACb,QAAQ,GACR,UAAU,GACV,UAAU,GACV,SAAS,GACT,aAAa,GACb,YAAY,GACV,QAAQ,GACR,QAAQ,CAAC;IACf,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;CACvE;AA+BD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,UAAU,CAAyB;IAC3C,OAAO,CAAC,QAAQ,CAAwB;IACxC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAA2B;IACxD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA+C;IACvE,OAAO,CAAC,QAAQ,CAAC,WAAW,CAA6C;IACzE,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAkD;IACnF,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAoC;IAEnE,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAA0C;IAC5E,OAAO,CAAC,iBAAiB,CAAK;IAC9B,OAAO,CAAC,kBAAkB,CAAK;IAC/B,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAO;IAC7C,kEAAkE;IAClE,OAAO,KAAK,YAAY,GAevB;IACD,OAAO,CAAC,YAAY,CAAK;IACzB,OAAO,CAAC,UAAU,CAAK;IACvB,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,YAAY,CAAK;gBAEb,MAAM,GAAE,yBAA8B;IAkBlD,aAAa,CAAC,MAAM,EAAE;QACpB,QAAQ,CAAC,UAAU,CAAC,EAAE,eAAe,GAAG,IAAI,CAAC;QAC7C,QAAQ,CAAC,YAAY,CAAC,EAAE,YAAY,GAAG,IAAI,CAAC;KAC7C,GAAG,IAAI;IAkBR,WAAW,IAAI,4BAA4B,EAAE;IAM7C,WAAW,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAkBtC,mBAAmB,CAAC,KAAK,SAAK,GAAG,0BAA0B,EAAE;IAI7D,gBAAgB,CAAC,KAAK,SAAM,GAAG,uBAAuB,EAAE;IAIxD,qBAAqB,CAAC,KAAK,EAAE,IAAI,CAAC,0BAA0B,EAAE,IAAI,GAAG,WAAW,CAAC,GAAG,0BAA0B;IAqB9G,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE;QACrD,QAAQ,CAAC,UAAU,CAAC,EAAE,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACrD,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;KAC7B,GAAG,IAAI;IAWR,gBAAgB,CAAC,KAAK,EAAE;QACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,UAAU,CAAC,EAAE,8BAA8B,CAAC,YAAY,CAAC,CAAC;QACnE,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;KACzB,GAAG,IAAI;IAqBR,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,wBAAwB,CAAC,GAAG,IAAI;IAc9D,mBAAmB,CACjB,OAAO,EAAE,8BAA8B,EACvC,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,MAAM,KAAK,IAAI,GAC3D;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,SAAS,kBAAkB,EAAE,CAAA;KAAE;IAwF/D,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,IAAI;IAepF,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE;QAC1C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,GAAG,OAAO,CAAC;QAC9D,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;QACpC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;KAC3C,GAAG,IAAI;IA4BR,wBAAwB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,kBAAkB,EAAE,GAAG,IAAI;IAoBxF,0BAA0B,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS,kBAAkB,EAAE,GAAG,IAAI;IAa3F,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,SAAkB,GAAG,IAAI;IAyCtE,OAAO,CAAC,mBAAmB;IAa3B,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,GAAE,8BAAmC,GAAG,QAAQ;IAuK3F,WAAW,CAAC,aAAa,SAAK,GAAG,QAAQ;IAIzC,OAAO,CAAC,yBAAyB;IAcjC,OAAO,CAAC,aAAa;CAgBtB;AAOD,OAAO,EAAE,eAAe,IAAI,2BAA2B,EAAE,CAAC"}
|
|
@@ -500,6 +500,11 @@ export class ControlPlaneGateway {
|
|
|
500
500
|
const stream = new ReadableStream({
|
|
501
501
|
start: (controller) => {
|
|
502
502
|
const send = (event, payload, id) => {
|
|
503
|
+
// PERF-05: Drop event if the stream's internal queue is full (backpressure guard).
|
|
504
|
+
// desiredSize <= 0 means the consumer is falling behind; dropping prevents
|
|
505
|
+
// unbounded memory growth from enqueued-but-unread chunks.
|
|
506
|
+
if ((controller.desiredSize ?? 1) <= 0)
|
|
507
|
+
return;
|
|
503
508
|
controller.enqueue(encoder.encode(`${id ? `id: ${id}\n` : ''}event: ${event}\ndata: ${JSON.stringify(payload)}\n\n`));
|
|
504
509
|
};
|
|
505
510
|
const unsubs = selectedDomains.map((domain) => this.runtimeBus.onDomain(domain, (envelope) => {
|
|
@@ -527,6 +532,8 @@ export class ControlPlaneGateway {
|
|
|
527
532
|
const heartbeat = setInterval(() => {
|
|
528
533
|
send('heartbeat', { clientId, ts: Date.now() });
|
|
529
534
|
}, 15_000);
|
|
535
|
+
// Don't block clean process exit (PERF-07).
|
|
536
|
+
heartbeat.unref?.();
|
|
530
537
|
teardown = () => {
|
|
531
538
|
clearInterval(heartbeat);
|
|
532
539
|
for (const unsub of unsubs)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session-broker.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/control-plane/session-broker.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAElE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AAEtE,OAAO,KAAK,EACV,uBAAuB,EACvB,+BAA+B,EAE/B,wBAAwB,EACzB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,KAAK,EACV,wBAAwB,EACxB,oBAAoB,EAEpB,wBAAwB,EACxB,mBAAmB,EACnB,uBAAuB,EACvB,8BAA8B,EAC9B,+BAA+B,EAChC,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAEL,KAAK,gCAAgC,EACrC,KAAK,2BAA2B,EAChC,KAAK,0BAA0B,EAC/B,KAAK,0BAA0B,EAChC,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"session-broker.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/control-plane/session-broker.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAElE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AAEtE,OAAO,KAAK,EACV,uBAAuB,EACvB,+BAA+B,EAE/B,wBAAwB,EACzB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,KAAK,EACV,wBAAwB,EACxB,oBAAoB,EAEpB,wBAAwB,EACxB,mBAAmB,EACnB,uBAAuB,EACvB,8BAA8B,EAC9B,+BAA+B,EAChC,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAEL,KAAK,gCAAgC,EACrC,KAAK,2BAA2B,EAChC,KAAK,0BAA0B,EAC/B,KAAK,0BAA0B,EAChC,MAAM,+BAA+B,CAAC;AA2BvC,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA8C;IACpE,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAsB;IACpD,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAmC;IACvE,OAAO,CAAC,QAAQ,CAAC,aAAa,CAA6B;IAC3D,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA0C;IACnE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA6C;IACtE,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiD;IACxE,OAAO,CAAC,cAAc,CAA4C;IAClE,OAAO,CAAC,kBAAkB,CAAgD;IAC1E,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,WAAW,CAA+C;IAClE,OAAO,CAAC,UAAU,CAAyB;IAC3C,OAAO,CAAC,YAAY,CAAS;IAE7B,6DAA6D;IAC7D,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,6DAA6D;IAC7D,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IAErC;;;OAGG;gBACS,MAAM,EAAE;QAClB,QAAQ,CAAC,KAAK,CAAC,EAAE,eAAe,CAAC,0BAA0B,CAAC,CAAC;QAC7D,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;QAC5B,QAAQ,CAAC,aAAa,EAAE,mBAAmB,CAAC;QAC5C,QAAQ,CAAC,mBAAmB,EAAE,gCAAgC,CAAC;QAC/D,QAAQ,CAAC,aAAa,EAAE,0BAA0B,CAAC;QACnD,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAC9B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;KAC9B;IAaD,iBAAiB,CAAC,SAAS,EAAE,2BAA2B,GAAG,IAAI,GAAG,IAAI;IAItE;;;;OAIG;IACH,iBAAiB,IAAI,MAAM;IAQ3B;;;OAGG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAa3B;;;;;;;;;;OAUG;IACH,gBAAgB,CACd,GAAG,EAAE,eAAe,EACpB,eAAe,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,GAClD,MAAM,IAAI;IAyEb,qBAAqB,CAAC,MAAM,EAAE,+BAA+B,GAAG,IAAI,GAAG,IAAI;IAIrE,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IA4C5B,YAAY,CAAC,KAAK,SAAM,GAAG,mBAAmB,EAAE;IAIhD,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,mBAAmB,GAAG,IAAI;IAInD,oBAAoB,CAAC,OAAO,GAAE,wBAA6B,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAWjG,aAAa,CAAC,KAAK,GAAE;QACzB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;QAC5B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC5C,QAAQ,CAAC,YAAY,CAAC,EAAE,sBAAsB,CAAC;QAC/C,QAAQ,CAAC,WAAW,CAAC,EAAE,wBAAwB,CAAC;KAC5C,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAoBrC,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,SAAM,GAAG,oBAAoB,EAAE;IAKnE,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,SAAM,GAAG,wBAAwB,EAAE;IAKrE;;;;OAIG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,oBAAoB,CAA2B;IAEjE,aAAa,CAAC,KAAK,GAAE;QACzB,QAAQ,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC5C,QAAQ,CAAC,YAAY,CAAC,EAAE,sBAAsB,CAAC;QAC/C,QAAQ,CAAC,WAAW,CAAC,EAAE,wBAAwB,CAAC;KAC5C,GAAG,OAAO,CAAC,mBAAmB,CAAC;IA4C/B,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAoBpE,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAgBrE,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAuBlF,aAAa,CAAC,KAAK,EAAE,+BAA+B,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAIvF,YAAY,CAAC,KAAK,EAAE,8BAA8B,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAIrF,eAAe,CAAC,KAAK,EAAE,+BAA+B,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAIzF,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IASxI;;;;;OAKG;IACG,sBAAsB,CAC1B,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE;QACL,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;KACzB,GACA,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IAajC,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;IA4ChJ,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC;IAiBzF,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;YAiB9E,aAAa;YAsDb,yBAAyB;IA4CvC,OAAO,CAAC,oBAAoB;YAOd,cAAc;IAQ5B,OAAO,CAAC,qBAAqB;YAoBf,OAAO;IAQrB,OAAO,CAAC,aAAa;IAQrB,OAAO,CAAC,0BAA0B;YAiBpB,YAAY;IA8I1B,OAAO,CAAC,WAAW;IAyCnB,OAAO,CAAC,WAAW;IAiBnB,OAAO,CAAC,oBAAoB;IAc5B,OAAO,CAAC,mBAAmB;YA+Bb,iBAAiB;IA0B/B,OAAO,CAAC,MAAM;IAOd,OAAO,CAAC,wBAAwB;IAWhC;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,QAAQ;CA2CjB"}
|
|
@@ -5,6 +5,14 @@ import { dedupeSessionSurfaceKinds, } from './session-broker-internals.js';
|
|
|
5
5
|
import { countPendingSessionInputs, createSessionBrokerSnapshot, loadSessionBrokerState, sortInputs, sortMessages, sortSessions, upsertSessionParticipant, } from './session-broker-state.js';
|
|
6
6
|
const MAX_PERSISTED_MESSAGES = 2_000;
|
|
7
7
|
const MAX_CONTINUATION_MESSAGES = 16;
|
|
8
|
+
/** Max inputs retained per session bucket. */
|
|
9
|
+
const MAX_PERSISTED_INPUTS = 500;
|
|
10
|
+
/**
|
|
11
|
+
* How long a closed session is retained in Maps before hard deletion.
|
|
12
|
+
* Allows trailing reads (e.g. status checks shortly after close) to still
|
|
13
|
+
* see the final record. Default: 5 minutes.
|
|
14
|
+
*/
|
|
15
|
+
const SESSION_DELETION_RETENTION_MS = 5 * 60_000;
|
|
8
16
|
export class SharedSessionBroker {
|
|
9
17
|
store;
|
|
10
18
|
routeBindings;
|
|
@@ -745,7 +753,12 @@ export class SharedSessionBroker {
|
|
|
745
753
|
};
|
|
746
754
|
const bucket = this.inputs.get(sessionId) ?? [];
|
|
747
755
|
bucket.push(entry);
|
|
748
|
-
|
|
756
|
+
// Cap input bucket to prevent unbounded growth (PERF-01 / MAX_PERSISTED_INPUTS).
|
|
757
|
+
const sorted = sortInputs(bucket);
|
|
758
|
+
if (sorted.length > MAX_PERSISTED_INPUTS) {
|
|
759
|
+
sorted.splice(0, sorted.length - MAX_PERSISTED_INPUTS);
|
|
760
|
+
}
|
|
761
|
+
this.inputs.set(sessionId, sorted);
|
|
749
762
|
this.refreshPendingInputCount(sessionId);
|
|
750
763
|
return entry;
|
|
751
764
|
}
|
|
@@ -867,6 +880,18 @@ export class SharedSessionBroker {
|
|
|
867
880
|
const now = Date.now();
|
|
868
881
|
let anyChanged = false; // m4: track changed inline, not a second O(n) scan
|
|
869
882
|
for (const [sessionId, session] of this.sessions.entries()) {
|
|
883
|
+
// Hard-delete sessions that have been closed past the retention window.
|
|
884
|
+
// This prevents unbounded growth of sessions/messages/inputs Maps (PERF-01).
|
|
885
|
+
if (session.status === 'closed') {
|
|
886
|
+
const closedAt = session.closedAt ?? session.updatedAt;
|
|
887
|
+
if (now - closedAt >= SESSION_DELETION_RETENTION_MS) {
|
|
888
|
+
this.sessions.delete(sessionId);
|
|
889
|
+
this.messages.delete(sessionId);
|
|
890
|
+
this.inputs.delete(sessionId);
|
|
891
|
+
anyChanged = true;
|
|
892
|
+
}
|
|
893
|
+
continue;
|
|
894
|
+
}
|
|
870
895
|
if (session.status !== 'active')
|
|
871
896
|
continue;
|
|
872
897
|
if (session.activeAgentId)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"orchestrator.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/core/orchestrator.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAGzD,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAG/D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAG7D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAQpD,OAAO,EACL,KAAK,wBAAwB,EAC9B,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAK9D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,qCAAqC,CAAC;AAC9E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAkBlE,OAAO,EASL,KAAK,wBAAwB,EAC9B,MAAM,2BAA2B,CAAC;AAQnC,iFAAiF;AACjF,UAAU,kBAAkB;IAC1B,IAAI,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;CAC7C;AAMD,UAAU,4BAA4B;IACpC,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,WAAW,mBAAmB;IAClC,gDAAgD;IAChD,YAAY,EAAE,mBAAmB,CAAC;IAClC,iFAAiF;IACjF,iBAAiB,EAAE,MAAM,MAAM,CAAC;IAChC,gEAAgE;IAChE,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACvC,uCAAuC;IACvC,YAAY,EAAE,YAAY,CAAC;IAC3B,sDAAsD;IACtD,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,sEAAsE;IACtE,eAAe,CAAC,EAAE,MAAM,MAAM,CAAC;IAC/B,qDAAqD;IACrD,cAAc,CAAC,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAC3C,qCAAqC;IACrC,WAAW,CAAC,EAAE,kBAAkB,GAAG,IAAI,CAAC;IACxC,uFAAuF;IACvF,aAAa,CAAC,EAAE,CAAC,MAAM,IAAI,CAAC,GAAG,IAAI,CAAC;IACpC,qEAAqE;IACrE,UAAU,CAAC,EAAE,eAAe,GAAG,IAAI,CAAC;IACpC,6CAA6C;IAC7C,QAAQ,EAAE;QACR,QAAQ,CAAC,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC;QAC5D,QAAQ,CAAC,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;KAC7D,CAAC;CACH;AAED;;;GAGG;AACH,qBAAa,YAAY;IAChB,UAAU,UAAS;IACnB,aAAa,SAAK;IAClB,KAAK;;;;;MAAwD;IACpE;;;;OAIG;IACI,eAAe,SAAK;IAC3B,kGAAkG;IAC3F,sBAAsB,SAAK;IAClC,4FAA4F;IACrF,oBAAoB,SAAK;IAChC,yFAAyF;IAClF,qBAAqB,SAAK;IAC1B,YAAY,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,WAAW,EAAE,CAAA;KAAE,EAAE,CAAM;IAEtE,OAAO,CAAC,YAAY,CAA+C;IACnE,OAAO,CAAC,eAAe,CAAgC;IACvD,OAAO,CAAC,gBAAgB,CAA8C;IACtE,OAAO,CAAC,UAAU,CAA2B;IAC7C,wEAAwE;IACxE,OAAO,CAAC,qBAAqB,CAAK;IAClC,4EAA4E;IAC5E,OAAO,CAAC,WAAW,CAAS;IAC5B,4FAA4F;IAC5F,OAAO,CAAC,kBAAkB,CAAK;IAC/B,4EAA4E;IAC5E,OAAO,CAAC,YAAY,CAAS;IAE7B,oEAAoE;IACpE,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAgB;IAE1C;;;;;;;;;OASG;IACI,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAQ;IAElD;;;OAGG;IACH,OAAO,CAAC,WAAW,CAAS;IAE5B,yEAAyE;IACzE,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAmB;IAE/C,uEAAuE;IACvE,OAAO,CAAC,YAAY,CAA6B;IACjD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAyB;IACpD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAuC;IACpE,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAqC;IACpE,OAAO,CAAC,YAAY,CAAgC;IACpD,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAA+B;IAC1E,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAA0B;IAChE,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAyB;IAE9D;;;;;;;;OAQG;IACH,OAAO,CAAC,WAAW,CAAmC;IAEtD;;;;OAIG;IACH,OAAO,CAAC,iBAAiB,CAAkB;IAC3C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAa;IAC3C,OAAO,CAAC,mBAAmB,CAA6C;IACxE,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA8B;IAE9D,OAAO,CAAC,YAAY,CAAsB;IAC1C,OAAO,CAAC,iBAAiB,CAAe;IACxC,OAAO,CAAC,WAAW,CAA4B;IAC/C,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,iBAAiB,CAAoB;IAC7C,OAAO,CAAC,eAAe,CAAe;IACtC,OAAO,CAAC,cAAc,CAA4B;IAElD;;;;;;;;;;;;;;;;;;;OAmBG;gBACS,OAAO,EAAE,mBAAmB;IAuDjC,eAAe,CAAC,QAAQ,EAAE,wBAAwB,GAAG,IAAI;IAOhE;;;OAGG;IACI,oBAAoB,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI;IAkE/C,UAAU,IAAI,MAAM;IAIpB,sBAAsB,CAAC,MAAM,EAAE,4BAA4B,GAAG,IAAI,GAAG,IAAI;IAIzE,2BAA2B,CAAC,IAAI,EAAE,wBAAwB,GAAG,IAAI;IAIxE,uDAAuD;IAChD,KAAK,IAAI,IAAI;IAkBpB;;;;;OAKG;IACI,OAAO,IAAI,IAAI;IAgBtB;;;;;OAKG;IACU,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBlF,OAAO,CAAC,aAAa;
|
|
1
|
+
{"version":3,"file":"orchestrator.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/core/orchestrator.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAGzD,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAG/D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAG7D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAQpD,OAAO,EACL,KAAK,wBAAwB,EAC9B,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAK9D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,qCAAqC,CAAC;AAC9E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAkBlE,OAAO,EASL,KAAK,wBAAwB,EAC9B,MAAM,2BAA2B,CAAC;AAQnC,iFAAiF;AACjF,UAAU,kBAAkB;IAC1B,IAAI,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;CAC7C;AAMD,UAAU,4BAA4B;IACpC,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,WAAW,mBAAmB;IAClC,gDAAgD;IAChD,YAAY,EAAE,mBAAmB,CAAC;IAClC,iFAAiF;IACjF,iBAAiB,EAAE,MAAM,MAAM,CAAC;IAChC,gEAAgE;IAChE,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACvC,uCAAuC;IACvC,YAAY,EAAE,YAAY,CAAC;IAC3B,sDAAsD;IACtD,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,sEAAsE;IACtE,eAAe,CAAC,EAAE,MAAM,MAAM,CAAC;IAC/B,qDAAqD;IACrD,cAAc,CAAC,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAC3C,qCAAqC;IACrC,WAAW,CAAC,EAAE,kBAAkB,GAAG,IAAI,CAAC;IACxC,uFAAuF;IACvF,aAAa,CAAC,EAAE,CAAC,MAAM,IAAI,CAAC,GAAG,IAAI,CAAC;IACpC,qEAAqE;IACrE,UAAU,CAAC,EAAE,eAAe,GAAG,IAAI,CAAC;IACpC,6CAA6C;IAC7C,QAAQ,EAAE;QACR,QAAQ,CAAC,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC;QAC5D,QAAQ,CAAC,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;KAC7D,CAAC;CACH;AAED;;;GAGG;AACH,qBAAa,YAAY;IAChB,UAAU,UAAS;IACnB,aAAa,SAAK;IAClB,KAAK;;;;;MAAwD;IACpE;;;;OAIG;IACI,eAAe,SAAK;IAC3B,kGAAkG;IAC3F,sBAAsB,SAAK;IAClC,4FAA4F;IACrF,oBAAoB,SAAK;IAChC,yFAAyF;IAClF,qBAAqB,SAAK;IAC1B,YAAY,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,WAAW,EAAE,CAAA;KAAE,EAAE,CAAM;IAEtE,OAAO,CAAC,YAAY,CAA+C;IACnE,OAAO,CAAC,eAAe,CAAgC;IACvD,OAAO,CAAC,gBAAgB,CAA8C;IACtE,OAAO,CAAC,UAAU,CAA2B;IAC7C,wEAAwE;IACxE,OAAO,CAAC,qBAAqB,CAAK;IAClC,4EAA4E;IAC5E,OAAO,CAAC,WAAW,CAAS;IAC5B,4FAA4F;IAC5F,OAAO,CAAC,kBAAkB,CAAK;IAC/B,4EAA4E;IAC5E,OAAO,CAAC,YAAY,CAAS;IAE7B,oEAAoE;IACpE,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAgB;IAE1C;;;;;;;;;OASG;IACI,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAQ;IAElD;;;OAGG;IACH,OAAO,CAAC,WAAW,CAAS;IAE5B,yEAAyE;IACzE,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAmB;IAE/C,uEAAuE;IACvE,OAAO,CAAC,YAAY,CAA6B;IACjD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAyB;IACpD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAuC;IACpE,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAqC;IACpE,OAAO,CAAC,YAAY,CAAgC;IACpD,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAA+B;IAC1E,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAA0B;IAChE,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAyB;IAE9D;;;;;;;;OAQG;IACH,OAAO,CAAC,WAAW,CAAmC;IAEtD;;;;OAIG;IACH,OAAO,CAAC,iBAAiB,CAAkB;IAC3C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAa;IAC3C,OAAO,CAAC,mBAAmB,CAA6C;IACxE,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA8B;IAE9D,OAAO,CAAC,YAAY,CAAsB;IAC1C,OAAO,CAAC,iBAAiB,CAAe;IACxC,OAAO,CAAC,WAAW,CAA4B;IAC/C,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,iBAAiB,CAAoB;IAC7C,OAAO,CAAC,eAAe,CAAe;IACtC,OAAO,CAAC,cAAc,CAA4B;IAElD;;;;;;;;;;;;;;;;;;;OAmBG;gBACS,OAAO,EAAE,mBAAmB;IAuDjC,eAAe,CAAC,QAAQ,EAAE,wBAAwB,GAAG,IAAI;IAOhE;;;OAGG;IACI,oBAAoB,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI;IAkE/C,UAAU,IAAI,MAAM;IAIpB,sBAAsB,CAAC,MAAM,EAAE,4BAA4B,GAAG,IAAI,GAAG,IAAI;IAIzE,2BAA2B,CAAC,IAAI,EAAE,wBAAwB,GAAG,IAAI;IAIxE,uDAAuD;IAChD,KAAK,IAAI,IAAI;IAkBpB;;;;;OAKG;IACI,OAAO,IAAI,IAAI;IAgBtB;;;;;OAKG;IACU,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBlF,OAAO,CAAC,aAAa;IAgBrB,OAAO,CAAC,YAAY;YAWN,OAAO;IAuOrB;;;;;;;;;;;;OAYG;YACW,2BAA2B;IAyBzC;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAoB7B;;;;;OAKG;IACH,OAAO,CAAC,uBAAuB;IAK/B;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,4BAA4B;YAetB,gBAAgB;CAU/B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../../../../src/_internal/platform/daemon/http/router.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAExE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAEnE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAsE,KAAK,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACvI,OAAO,KAAK,EAAE,cAAc,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AAC7G,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAEzE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAMpE,OAAO,KAAK,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AACjI,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,KAAK,EAAE,mBAAmB,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AACpG,OAAO,KAAK,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAE1F,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAC;AACrF,OAAO,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AACjF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAIrE,OAAO,KAAK,EAAE,+BAA+B,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAyB5F,OAAO,KAAK,EAAE,4BAA4B,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AACnG,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAIhD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAItF,UAAU,uBAAuB;IAC/B,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAC;IAC1C,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAC;IACnC,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,iBAAiB,CAAC;IAC9C,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC,QAAQ,CAAC,mBAAmB,EAAE,mBAAmB,CAAC;IAClD,QAAQ,CAAC,cAAc,EAAE,oBAAoB,CAAC;IAC9C,QAAQ,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;IAC5C,QAAQ,CAAC,aAAa,EAAE,mBAAmB,CAAC;IAC5C,QAAQ,CAAC,aAAa,EAAE,mBAAmB,CAAC;IAC5C,QAAQ,CAAC,aAAa,EAAE,oBAAoB,CAAC;IAC7C,QAAQ,CAAC,cAAc,EAAE,qBAAqB,CAAC;IAC/C,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAC;IAC1C,QAAQ,CAAC,kBAAkB,EAAE,yBAAyB,CAAC;IACvD,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAC;IAC1C,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,QAAQ,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;IAC5C,QAAQ,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;IAC5C,QAAQ,CAAC,uBAAuB,EAAE,uBAAuB,CAAC;IAC1D,QAAQ,CAAC,cAAc,EAAE,qBAAqB,CAAC;IAC/C,QAAQ,CAAC,iBAAiB,EAAE,iBAAiB,CAAC;IAC9C,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC,QAAQ,CAAC,uBAAuB,EAAE,+BAA+B,CAAC;IAClE,QAAQ,CAAC,sBAAsB,EAAE,sBAAsB,CAAC;IACxD,QAAQ,CAAC,kBAAkB,EAAE,wBAAwB,GAAG,IAAI,CAAC;IAC7D,QAAQ,CAAC,UAAU,EAAE,eAAe,CAAC;IACrC,QAAQ,CAAC,YAAY,EAAE,YAAY,GAAG,IAAI,CAAC;IAC3C,QAAQ,CAAC,eAAe,EAAE,cAAc,GAAG,IAAI,CAAC;IAChD,QAAQ,CAAC,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5C,QAAQ,CAAC,SAAS,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IACxC,QAAQ,CAAC,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;IACjE,QAAQ,CAAC,iCAAiC,EAAE,MAAM,4BAA4B,CAAC;IAC/E,QAAQ,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC;IAC9C,QAAQ,CAAC,gBAAgB,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,CAAC;IACpD,QAAQ,CAAC,2BAA2B,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,SAAS,MAAM,EAAE,CAAA;KAAE,GAAG,IAAI,CAAC;IAC9G,QAAQ,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,QAAQ,GAAG,IAAI,CAAC;IACzD,QAAQ,CAAC,iBAAiB,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,mBAAmB,GAAG,QAAQ,CAAC,CAAC;IACtG,QAAQ,CAAC,8BAA8B,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK;QAC1D,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,GAAG,OAAO,CAAC;QACpD,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;KAC3B,GAAG,IAAI,CAAC;IACT,QAAQ,CAAC,uBAAuB,EAAE,CAAC,KAAK,EAAE;QACxC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACzC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,OAAO,CAAC,EAAE;YACjB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;YAC9B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,GAAG,OAAO,GAAG,aAAa,CAAC;YAC9E,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;YACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;YACpC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;SAC9B,CAAC;KACH,KAAK,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,OAAO,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAC9D,QAAQ,CAAC,4BAA4B,EAAE,CACrC,OAAO,EAAE,OAAO,kDAAkD,EAAE,sBAAsB,GAAG,SAAS,EACtG,KAAK,EAAE;QAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,KACpF,IAAI,CAAC;IACV,QAAQ,CAAC,sBAAsB,EAAE,CAC/B,OAAO,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,GAAG,UAAU,GAAG,aAAa,GAAG,QAAQ,GAAG,UAAU,GAAG,UAAU,GAAG,SAAS,GAAG,aAAa,GAAG,YAAY,GAAG,QAAQ,KACtK,OAAO,CAAC;IACb,QAAQ,CAAC,oBAAoB,EAAE,CAAC,MAAM,EAAE,OAAO,4BAA4B,EAAE,WAAW,EAAE,SAAS,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IACtH,QAAQ,CAAC,qBAAqB,EAAE,CAAC,MAAM,EAAE,OAAO,4BAA4B,EAAE,WAAW,KAAK,IAAI,CAAC;IACnG;;;OAGG;IACH,QAAQ,CAAC,WAAW,EAAE,OAAO,uCAAuC,EAAE,wBAAwB,GAAG,IAAI,CAAC;IACtG;;;;OAIG;IACH,QAAQ,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,GAAG,IAAI,CAAC;IAC5D;;;;;OAKG;IACH,QAAQ,CAAC,2BAA2B,CAAC,EAAE,MAAM;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IACxF;;;;;;OAMG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,OAAO,yBAAyB,EAAE,cAAc,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC;IAC/F,QAAQ,CAAC,aAAa,EAAE,CACtB,KAAK,EAAE,UAAU,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAC3C,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,KACf,OAAO,4BAA4B,EAAE,WAAW,GAAG,QAAQ,CAAC;CAClE;AAED,qBAAa,gBAAgB;IAGf,OAAO,CAAC,QAAQ,CAAC,OAAO;IAFpC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAA6B;gBAE7B,OAAO,EAAE,uBAAuB;IAS7D,OAAO,IAAI,IAAI;IAIT,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IAiF9C,iBAAiB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IA0QzD,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,UAAU,GAAG,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../../../../src/_internal/platform/daemon/http/router.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAExE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAEnE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAsE,KAAK,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACvI,OAAO,KAAK,EAAE,cAAc,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AAC7G,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAEzE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAMpE,OAAO,KAAK,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AACjI,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,KAAK,EAAE,mBAAmB,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AACpG,OAAO,KAAK,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAE1F,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAC;AACrF,OAAO,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AACjF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAIrE,OAAO,KAAK,EAAE,+BAA+B,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAyB5F,OAAO,KAAK,EAAE,4BAA4B,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AACnG,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAIhD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAItF,UAAU,uBAAuB;IAC/B,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAC;IAC1C,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAC;IACnC,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,iBAAiB,CAAC;IAC9C,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC,QAAQ,CAAC,mBAAmB,EAAE,mBAAmB,CAAC;IAClD,QAAQ,CAAC,cAAc,EAAE,oBAAoB,CAAC;IAC9C,QAAQ,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;IAC5C,QAAQ,CAAC,aAAa,EAAE,mBAAmB,CAAC;IAC5C,QAAQ,CAAC,aAAa,EAAE,mBAAmB,CAAC;IAC5C,QAAQ,CAAC,aAAa,EAAE,oBAAoB,CAAC;IAC7C,QAAQ,CAAC,cAAc,EAAE,qBAAqB,CAAC;IAC/C,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAC;IAC1C,QAAQ,CAAC,kBAAkB,EAAE,yBAAyB,CAAC;IACvD,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAC;IAC1C,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,QAAQ,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;IAC5C,QAAQ,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;IAC5C,QAAQ,CAAC,uBAAuB,EAAE,uBAAuB,CAAC;IAC1D,QAAQ,CAAC,cAAc,EAAE,qBAAqB,CAAC;IAC/C,QAAQ,CAAC,iBAAiB,EAAE,iBAAiB,CAAC;IAC9C,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC,QAAQ,CAAC,uBAAuB,EAAE,+BAA+B,CAAC;IAClE,QAAQ,CAAC,sBAAsB,EAAE,sBAAsB,CAAC;IACxD,QAAQ,CAAC,kBAAkB,EAAE,wBAAwB,GAAG,IAAI,CAAC;IAC7D,QAAQ,CAAC,UAAU,EAAE,eAAe,CAAC;IACrC,QAAQ,CAAC,YAAY,EAAE,YAAY,GAAG,IAAI,CAAC;IAC3C,QAAQ,CAAC,eAAe,EAAE,cAAc,GAAG,IAAI,CAAC;IAChD,QAAQ,CAAC,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5C,QAAQ,CAAC,SAAS,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IACxC,QAAQ,CAAC,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;IACjE,QAAQ,CAAC,iCAAiC,EAAE,MAAM,4BAA4B,CAAC;IAC/E,QAAQ,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC;IAC9C,QAAQ,CAAC,gBAAgB,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,CAAC;IACpD,QAAQ,CAAC,2BAA2B,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,SAAS,MAAM,EAAE,CAAA;KAAE,GAAG,IAAI,CAAC;IAC9G,QAAQ,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,QAAQ,GAAG,IAAI,CAAC;IACzD,QAAQ,CAAC,iBAAiB,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,mBAAmB,GAAG,QAAQ,CAAC,CAAC;IACtG,QAAQ,CAAC,8BAA8B,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK;QAC1D,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,GAAG,OAAO,CAAC;QACpD,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;KAC3B,GAAG,IAAI,CAAC;IACT,QAAQ,CAAC,uBAAuB,EAAE,CAAC,KAAK,EAAE;QACxC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACzC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,OAAO,CAAC,EAAE;YACjB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;YAC9B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,GAAG,OAAO,GAAG,aAAa,CAAC;YAC9E,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;YACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;YACpC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;SAC9B,CAAC;KACH,KAAK,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,OAAO,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAC9D,QAAQ,CAAC,4BAA4B,EAAE,CACrC,OAAO,EAAE,OAAO,kDAAkD,EAAE,sBAAsB,GAAG,SAAS,EACtG,KAAK,EAAE;QAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,KACpF,IAAI,CAAC;IACV,QAAQ,CAAC,sBAAsB,EAAE,CAC/B,OAAO,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,GAAG,UAAU,GAAG,aAAa,GAAG,QAAQ,GAAG,UAAU,GAAG,UAAU,GAAG,SAAS,GAAG,aAAa,GAAG,YAAY,GAAG,QAAQ,KACtK,OAAO,CAAC;IACb,QAAQ,CAAC,oBAAoB,EAAE,CAAC,MAAM,EAAE,OAAO,4BAA4B,EAAE,WAAW,EAAE,SAAS,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IACtH,QAAQ,CAAC,qBAAqB,EAAE,CAAC,MAAM,EAAE,OAAO,4BAA4B,EAAE,WAAW,KAAK,IAAI,CAAC;IACnG;;;OAGG;IACH,QAAQ,CAAC,WAAW,EAAE,OAAO,uCAAuC,EAAE,wBAAwB,GAAG,IAAI,CAAC;IACtG;;;;OAIG;IACH,QAAQ,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,GAAG,IAAI,CAAC;IAC5D;;;;;OAKG;IACH,QAAQ,CAAC,2BAA2B,CAAC,EAAE,MAAM;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IACxF;;;;;;OAMG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,OAAO,yBAAyB,EAAE,cAAc,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC;IAC/F,QAAQ,CAAC,aAAa,EAAE,CACtB,KAAK,EAAE,UAAU,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAC3C,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,KACf,OAAO,4BAA4B,EAAE,WAAW,GAAG,QAAQ,CAAC;CAClE;AAED,qBAAa,gBAAgB;IAGf,OAAO,CAAC,QAAQ,CAAC,OAAO;IAFpC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAA6B;gBAE7B,OAAO,EAAE,uBAAuB;IAS7D,OAAO,IAAI,IAAI;IAIT,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IAiF9C,iBAAiB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IA0QzD,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,UAAU,GAAG,QAAQ,CAAC;IAkB3D,qBAAqB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,GAAG,QAAQ,CAAC;IAehF,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU,GAAG,QAAQ;IAQrD,iBAAiB,CACf,GAAG,EAAE,OAAO,EACZ,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,QAAQ,EAClB,UAAU,GACN,KAAK,GACL,OAAO,GACP,SAAS,GACT,MAAM,GACN,SAAS,GACT,UAAU,GACV,aAAa,GACb,QAAQ,GACR,UAAU,GACV,UAAU,GACV,SAAS,GACT,aAAa,GACb,YAAY,GACZ,QAAQ,GACR,QAAgB,GACnB,QAAQ;YAWG,WAAW;YA6BX,mBAAmB;IAQ3B,kBAAkB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IAInD,oBAAoB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IAIrD,iBAAiB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IAIlD,oBAAoB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;CAG5D"}
|
|
@@ -351,15 +351,34 @@ export class DaemonHttpRouter {
|
|
|
351
351
|
});
|
|
352
352
|
}
|
|
353
353
|
async parseJsonBody(req) {
|
|
354
|
+
// SEC-05: cap inbound JSON bodies at 1 MiB to prevent memory exhaustion.
|
|
355
|
+
const MAX_JSON_BYTES = 1 * 1024 * 1024; // 1 MiB
|
|
356
|
+
const contentLength = req.headers.get('content-length');
|
|
357
|
+
if (contentLength !== null && Number(contentLength) > MAX_JSON_BYTES) {
|
|
358
|
+
return Response.json({ error: 'Request body too large' }, { status: 413 });
|
|
359
|
+
}
|
|
354
360
|
try {
|
|
355
|
-
|
|
361
|
+
const text = await req.text();
|
|
362
|
+
if (text.length > MAX_JSON_BYTES) {
|
|
363
|
+
return Response.json({ error: 'Request body too large' }, { status: 413 });
|
|
364
|
+
}
|
|
365
|
+
return this.parseJsonText(text);
|
|
356
366
|
}
|
|
357
367
|
catch {
|
|
358
368
|
return Response.json({ error: 'Invalid JSON body' }, { status: 400 });
|
|
359
369
|
}
|
|
360
370
|
}
|
|
361
371
|
async parseOptionalJsonBody(req) {
|
|
372
|
+
// SEC-05: cap inbound JSON bodies at 1 MiB to prevent memory exhaustion.
|
|
373
|
+
const MAX_JSON_BYTES = 1 * 1024 * 1024; // 1 MiB
|
|
374
|
+
const contentLength = req.headers.get('content-length');
|
|
375
|
+
if (contentLength !== null && Number(contentLength) > MAX_JSON_BYTES) {
|
|
376
|
+
return Response.json({ error: 'Request body too large' }, { status: 413 });
|
|
377
|
+
}
|
|
362
378
|
const raw = await req.text();
|
|
379
|
+
if (raw.length > MAX_JSON_BYTES) {
|
|
380
|
+
return Response.json({ error: 'Request body too large' }, { status: 413 });
|
|
381
|
+
}
|
|
363
382
|
if (!raw.trim())
|
|
364
383
|
return null;
|
|
365
384
|
return this.parseJsonText(raw);
|
|
@@ -10,6 +10,25 @@ interface HttpListenerConfig {
|
|
|
10
10
|
serveFactory?: typeof Bun.serve;
|
|
11
11
|
/** Max requests per 60-second window per IP. Default: 60. */
|
|
12
12
|
rateLimit?: number;
|
|
13
|
+
/** Max POST /login attempts per 60-second window per IP. Default: 5. */
|
|
14
|
+
loginRateLimit?: number;
|
|
15
|
+
/**
|
|
16
|
+
* When true, x-forwarded-for / x-real-ip headers are trusted for client IP
|
|
17
|
+
* extraction (rate limiting, audit logging). Only enable behind a trusted
|
|
18
|
+
* reverse proxy. Overrides the httpListener.trustProxy config value when set.
|
|
19
|
+
*/
|
|
20
|
+
trustProxy?: boolean;
|
|
21
|
+
/**
|
|
22
|
+
* When true, CORS enforcement is active:
|
|
23
|
+
* - Constructor refuses to start when hostMode=network and allowedOrigins is empty
|
|
24
|
+
* - Requests carrying an Origin header are validated against allowedOrigins
|
|
25
|
+
* Default: false (permissive — no CORS enforcement). Opt-in for multi-user,
|
|
26
|
+
* internet-exposed, or enterprise deployments where browser-based CSRF is a
|
|
27
|
+
* concern. Home/single-user local deployments do not need this and the default
|
|
28
|
+
* behavior matches pre-0.21.29 semantics. When true, allowedOrigins must be
|
|
29
|
+
* configured (or hostMode must be local/loopback) — see SEC-07.
|
|
30
|
+
*/
|
|
31
|
+
enforceCors?: boolean;
|
|
13
32
|
/** Pre-configured UserAuthManager owned by the runtime service graph. */
|
|
14
33
|
userAuth: UserAuthManager;
|
|
15
34
|
}
|
|
@@ -32,10 +51,16 @@ export declare class HttpListener {
|
|
|
32
51
|
private port;
|
|
33
52
|
private host;
|
|
34
53
|
private allowedOrigins;
|
|
54
|
+
/** SEC-07: opt-in strict CORS enforcement. Default false (permissive). */
|
|
55
|
+
private enforceCors;
|
|
35
56
|
private hookDispatcher;
|
|
36
57
|
private authToken;
|
|
37
58
|
private userAuth;
|
|
38
59
|
private rateLimiter;
|
|
60
|
+
/** Dedicated tight rate-limiter for POST /login (SEC-03). */
|
|
61
|
+
private loginRateLimiter;
|
|
62
|
+
/** Whether to trust x-forwarded-for / x-real-ip for client IP resolution. */
|
|
63
|
+
private trustProxy;
|
|
39
64
|
private readonly configManager;
|
|
40
65
|
private readonly serveFactory;
|
|
41
66
|
private tlsState;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http-listener.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/daemon/http-listener.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAMxD,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAWrD,UAAU,kBAAkB;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,aAAa,EAAE,aAAa,CAAC;IAC7B,YAAY,CAAC,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC;IAChC,6DAA6D;IAC7D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yEAAyE;IACzE,QAAQ,EAAE,eAAe,CAAC;CAC3B;AAED,UAAU,gBAAgB;IACxB,YAAY,EAAE,OAAO,CAAC;CACvB;
|
|
1
|
+
{"version":3,"file":"http-listener.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/daemon/http-listener.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAMxD,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAWrD,UAAU,kBAAkB;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,aAAa,EAAE,aAAa,CAAC;IAC7B,YAAY,CAAC,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC;IAChC,6DAA6D;IAC7D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,wEAAwE;IACxE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB;;;;;;;;;OASG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,yEAAyE;IACzE,QAAQ,EAAE,eAAe,CAAC;CAC3B;AAED,UAAU,gBAAgB;IACxB,YAAY,EAAE,OAAO,CAAC;CACvB;AAoFD;;;;;;;;GAQG;AACH,qBAAa,YAAY;IA4BX,OAAO,CAAC,MAAM;IA3B1B,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,MAAM,CAA6C;IAC3D,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,cAAc,CAAW;IACjC,0EAA0E;IAC1E,OAAO,CAAC,WAAW,CAAU;IAC7B,OAAO,CAAC,cAAc,CAAwB;IAC9C,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,QAAQ,CAAkB;IAClC,OAAO,CAAC,WAAW,CAAc;IACjC,6DAA6D;IAC7D,OAAO,CAAC,gBAAgB,CAAc;IACtC,6EAA6E;IAC7E,OAAO,CAAC,UAAU,CAAU;IAC5B,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAgB;IAC9C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAmB;IAChD,OAAO,CAAC,QAAQ,CAA0C;IAC1D,4EAA4E;IAC5E,OAAO,CAAC,iBAAiB,CAA6B;IACtD,gFAAgF;IAChF,OAAO,CAAC,WAAW,CAAS;IAC5B,sEAAsE;IACtE,OAAO,CAAC,kBAAkB,CAA8B;IACxD,0FAA0F;IAC1F,OAAO,CAAC,aAAa,CAAS;gBAEV,MAAM,EAAE,kBAAkB;IAoC9C;;;;OAIG;IACH,MAAM,CAAC,YAAY,EAAE,gBAAgB,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO;IAU/D;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAsC5B;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC;IAKrC;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqB3B;;;OAGG;IACH,OAAO,CAAC,gCAAgC;IAwDxC;;OAEG;IACH,IAAI,SAAS,IAAI,OAAO,CAEvB;IAMD,OAAO,CAAC,SAAS;YAOH,aAAa;YAsBb,aAAa;YA4Db,WAAW;YA6BX,aAAa;CAgD5B"}
|
|
@@ -22,13 +22,22 @@ class RateLimiter {
|
|
|
22
22
|
limit;
|
|
23
23
|
/** hits[ip] = sorted ascending array of request timestamps within the window */
|
|
24
24
|
counts = new Map();
|
|
25
|
-
/**
|
|
26
|
-
|
|
25
|
+
/**
|
|
26
|
+
* O(1) LRU tracking via Map insertion-order semantics.
|
|
27
|
+
* Key = ip, value = last-seen timestamp.
|
|
28
|
+
* To promote an entry to MRU: delete it and re-set it (both O(1)).
|
|
29
|
+
* The Map iterator yields entries in insertion order, so the first entry is
|
|
30
|
+
* the least-recently-used — perfect for LRU eviction without any indexOf scan.
|
|
31
|
+
* (PERF-02)
|
|
32
|
+
*/
|
|
33
|
+
lruMap = new Map();
|
|
27
34
|
sweepInterval = null;
|
|
28
35
|
constructor(limit) {
|
|
29
36
|
this.limit = limit;
|
|
30
|
-
// Periodic sweep to evict entries whose TTL has expired
|
|
37
|
+
// Periodic sweep to evict entries whose TTL has expired.
|
|
31
38
|
this.sweepInterval = setInterval(() => this._sweep(), RATE_SWEEP_INTERVAL_MS);
|
|
39
|
+
// Don't block clean process exit (PERF-07).
|
|
40
|
+
this.sweepInterval.unref?.();
|
|
32
41
|
}
|
|
33
42
|
/** Returns true if the request is allowed, false if rate-limited. */
|
|
34
43
|
check(ip) {
|
|
@@ -37,15 +46,16 @@ class RateLimiter {
|
|
|
37
46
|
const hits = (this.counts.get(ip) ?? []).filter((t) => t > windowStart);
|
|
38
47
|
hits.push(now);
|
|
39
48
|
this.counts.set(ip, hits);
|
|
40
|
-
//
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
this.
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
+
// Promote to MRU: delete then re-set (both O(1) Map operations).
|
|
50
|
+
this.lruMap.delete(ip);
|
|
51
|
+
this.lruMap.set(ip, now);
|
|
52
|
+
// Evict least-recently-used entry when cap is exceeded.
|
|
53
|
+
if (this.lruMap.size > RATE_MAX_ENTRIES) {
|
|
54
|
+
const evict = this.lruMap.keys().next().value;
|
|
55
|
+
if (evict !== undefined) {
|
|
56
|
+
this.lruMap.delete(evict);
|
|
57
|
+
this.counts.delete(evict);
|
|
58
|
+
}
|
|
49
59
|
}
|
|
50
60
|
return hits.length <= this.limit;
|
|
51
61
|
}
|
|
@@ -59,14 +69,13 @@ class RateLimiter {
|
|
|
59
69
|
/** Evict entries whose last-seen timestamp is older than RATE_TTL_MS. */
|
|
60
70
|
_sweep() {
|
|
61
71
|
const cutoff = Date.now() - RATE_TTL_MS;
|
|
62
|
-
for (const [ip,
|
|
63
|
-
//
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
}
|
|
72
|
+
for (const [ip, lastSeen] of this.lruMap) {
|
|
73
|
+
// Map iteration is insertion-order; first entries are oldest.
|
|
74
|
+
// Break early once we hit a non-expired entry (all subsequent are newer).
|
|
75
|
+
if (lastSeen >= cutoff)
|
|
76
|
+
break;
|
|
77
|
+
this.lruMap.delete(ip);
|
|
78
|
+
this.counts.delete(ip);
|
|
70
79
|
}
|
|
71
80
|
}
|
|
72
81
|
}
|
|
@@ -89,10 +98,16 @@ export class HttpListener {
|
|
|
89
98
|
port;
|
|
90
99
|
host;
|
|
91
100
|
allowedOrigins;
|
|
101
|
+
/** SEC-07: opt-in strict CORS enforcement. Default false (permissive). */
|
|
102
|
+
enforceCors;
|
|
92
103
|
hookDispatcher;
|
|
93
104
|
authToken = null;
|
|
94
105
|
userAuth;
|
|
95
106
|
rateLimiter;
|
|
107
|
+
/** Dedicated tight rate-limiter for POST /login (SEC-03). */
|
|
108
|
+
loginRateLimiter;
|
|
109
|
+
/** Whether to trust x-forwarded-for / x-real-ip for client IP resolution. */
|
|
110
|
+
trustProxy;
|
|
96
111
|
configManager;
|
|
97
112
|
serveFactory;
|
|
98
113
|
tlsState = null;
|
|
@@ -111,9 +126,25 @@ export class HttpListener {
|
|
|
111
126
|
this.port = config.port ?? resolvedHttpBinding.port;
|
|
112
127
|
this.host = config.host ?? resolvedHttpBinding.host;
|
|
113
128
|
this.allowedOrigins = config.allowedOrigins ?? [];
|
|
129
|
+
this.enforceCors = config.enforceCors ?? false;
|
|
130
|
+
// SEC-07: When enforceCors is true, refuse to construct with hostMode=network + empty allowedOrigins.
|
|
131
|
+
// Off by default — home and single-user local deployments don't need CORS enforcement.
|
|
132
|
+
// Enterprise / multi-user / internet-exposed deployments set enforceCors: true to gate against CSRF.
|
|
133
|
+
if (this.enforceCors) {
|
|
134
|
+
const effectiveHostMode = this.configManager.get('httpListener.hostMode') ?? 'local';
|
|
135
|
+
if (effectiveHostMode === 'network' && this.allowedOrigins.length === 0) {
|
|
136
|
+
throw new Error('SECURITY_UNSAFE_ORIGIN_CONFIG: hostMode=network with enforceCors=true requires non-empty allowedOrigins. '
|
|
137
|
+
+ 'Set config.httpListener.allowedOrigins to a list of trusted origins '
|
|
138
|
+
+ "(e.g. ['https://companion.example.com']), or leave enforceCors unset for permissive mode.");
|
|
139
|
+
}
|
|
140
|
+
}
|
|
114
141
|
this.hookDispatcher = config.hookDispatcher ?? null;
|
|
115
142
|
this.userAuth = config.userAuth;
|
|
116
143
|
this.rateLimiter = new RateLimiter(config.rateLimit ?? 60);
|
|
144
|
+
// SEC-03: /login gets its own tight budget (5 attempts/min per IP) to prevent
|
|
145
|
+
// scrypt-cost-throttled online brute-force attacks.
|
|
146
|
+
this.loginRateLimiter = new RateLimiter(config.loginRateLimit ?? 5);
|
|
147
|
+
this.trustProxy = config.trustProxy ?? Boolean(this.configManager.get('httpListener.trustProxy'));
|
|
117
148
|
this.serveFactory = config.serveFactory ?? Bun.serve;
|
|
118
149
|
}
|
|
119
150
|
/**
|
|
@@ -190,8 +221,9 @@ export class HttpListener {
|
|
|
190
221
|
this._configWatchUnsub?.();
|
|
191
222
|
this._configWatchUnsub = null;
|
|
192
223
|
}
|
|
193
|
-
// Stop rate limiter sweep
|
|
224
|
+
// Stop rate limiter sweep intervals before tearing down.
|
|
194
225
|
this.rateLimiter.stop();
|
|
226
|
+
this.loginRateLimiter.stop();
|
|
195
227
|
this.server.stop(true);
|
|
196
228
|
this.server = null;
|
|
197
229
|
this.tlsState = null;
|
|
@@ -270,8 +302,18 @@ export class HttpListener {
|
|
|
270
302
|
}) !== null;
|
|
271
303
|
}
|
|
272
304
|
async parseJsonBody(req) {
|
|
305
|
+
// SEC-05: cap inbound JSON bodies at 1 MiB to prevent memory exhaustion.
|
|
306
|
+
const MAX_JSON_BYTES = 1 * 1024 * 1024; // 1 MiB
|
|
307
|
+
const contentLength = req.headers.get('content-length');
|
|
308
|
+
if (contentLength !== null && Number(contentLength) > MAX_JSON_BYTES) {
|
|
309
|
+
return Response.json({ error: 'Request body too large' }, { status: 413 });
|
|
310
|
+
}
|
|
273
311
|
try {
|
|
274
|
-
|
|
312
|
+
const text = await req.text();
|
|
313
|
+
if (text.length > MAX_JSON_BYTES) {
|
|
314
|
+
return Response.json({ error: 'Request body too large' }, { status: 413 });
|
|
315
|
+
}
|
|
316
|
+
return JSON.parse(text);
|
|
275
317
|
}
|
|
276
318
|
catch {
|
|
277
319
|
return Response.json({ error: 'Invalid JSON body' }, { status: 400 });
|
|
@@ -281,20 +323,37 @@ export class HttpListener {
|
|
|
281
323
|
// Request handling
|
|
282
324
|
// -------------------------------------------------------------------------
|
|
283
325
|
async handleRequest(req) {
|
|
284
|
-
// Handle login route before auth check
|
|
285
326
|
const url = new URL(req.url);
|
|
327
|
+
const clientIp = extractForwardedClientIp(req, this.trustProxy || (this.tlsState?.trustProxy ?? false)) ?? 'unknown';
|
|
328
|
+
// SEC-07: CORS origin check is OPT-IN via enforceCors. Default is permissive
|
|
329
|
+
// (home/single-user deployments) — pre-0.21.29 behavior preserved. When
|
|
330
|
+
// enforceCors is true:
|
|
331
|
+
// - No Origin header → same-origin or non-browser request → allow.
|
|
332
|
+
// - Origin present + allowedOrigins empty → no allowlist configured; 403 CORS_NOT_CONFIGURED.
|
|
333
|
+
// (Constructor already refuses hostMode=network + empty allowlist at startup; this is
|
|
334
|
+
// defence-in-depth for non-network modes configured with enforceCors.)
|
|
335
|
+
// - Origin present + allowedOrigins non-empty → check allowlist.
|
|
336
|
+
if (this.enforceCors) {
|
|
337
|
+
const origin = req.headers.get('origin');
|
|
338
|
+
if (origin !== null) {
|
|
339
|
+
if (this.allowedOrigins.length === 0) {
|
|
340
|
+
return Response.json({ error: 'CORS_NOT_CONFIGURED: no allowedOrigins set' }, { status: 403 });
|
|
341
|
+
}
|
|
342
|
+
if (!this.allowedOrigins.includes(origin)) {
|
|
343
|
+
return Response.json({ error: 'ORIGIN_NOT_ALLOWED' }, { status: 403 });
|
|
344
|
+
}
|
|
345
|
+
}
|
|
346
|
+
}
|
|
347
|
+
// SEC-03: /login route handled AFTER origin check and under its own tight
|
|
348
|
+
// rate-limit budget (5/min per IP) to prevent online brute-force attacks.
|
|
349
|
+
// x-forwarded-for is only trustworthy when running behind a trusted reverse proxy.
|
|
286
350
|
if (url.pathname === '/login' && req.method === 'POST') {
|
|
351
|
+
if (!this.loginRateLimiter.check(clientIp)) {
|
|
352
|
+
return Response.json({ error: 'Too many requests' }, { status: 429 });
|
|
353
|
+
}
|
|
287
354
|
return this.handleLogin(req);
|
|
288
355
|
}
|
|
289
|
-
//
|
|
290
|
-
const origin = req.headers.get('origin') ?? '';
|
|
291
|
-
if (this.allowedOrigins.length > 0 && origin && !this.allowedOrigins.includes(origin)) {
|
|
292
|
-
return Response.json({ error: 'Origin not allowed' }, { status: 403 });
|
|
293
|
-
}
|
|
294
|
-
// Rate limiting (keyed by a synthetic IP-like string from headers)
|
|
295
|
-
// Note: x-forwarded-for is only trustworthy when running behind a trusted reverse proxy.
|
|
296
|
-
// If exposed directly to the internet, clients can spoof this header.
|
|
297
|
-
const clientIp = extractForwardedClientIp(req, this.tlsState?.trustProxy ?? Boolean(this.configManager.get('httpListener.trustProxy'))) ?? 'unknown';
|
|
356
|
+
// General rate limiting for all other routes.
|
|
298
357
|
if (!this.rateLimiter.check(clientIp)) {
|
|
299
358
|
return Response.json({ error: 'Too many requests' }, { status: 429 });
|
|
300
359
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../../../../src/_internal/platform/hooks/runners/http.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../../../../src/_internal/platform/hooks/runners/http.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAKzE;;;GAGG;AACH,wBAAsB,GAAG,CAAC,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CA+DrF"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { logger } from '../../utils/logger.js';
|
|
2
2
|
import { summarizeError } from '../../utils/error-display.js';
|
|
3
|
+
import { classifyHostTrustTier, extractHostname, emitSsrfDeny } from '../../tools/fetch/trust-tiers.js';
|
|
3
4
|
/**
|
|
4
5
|
* HTTP hook runner.
|
|
5
6
|
* POSTs the event JSON to the configured URL and parses the response as HookResult.
|
|
@@ -9,6 +10,18 @@ export async function run(hook, event) {
|
|
|
9
10
|
if (!url) {
|
|
10
11
|
return { ok: false, error: 'http hook missing "url" field' };
|
|
11
12
|
}
|
|
13
|
+
// SEC-08: SSRF tier filter — block requests to internal/private hosts unless
|
|
14
|
+
// the hook definition opts in with allowInternal: true.
|
|
15
|
+
if (!hook.allowInternal) {
|
|
16
|
+
const hostname = extractHostname(url);
|
|
17
|
+
if (hostname !== null) {
|
|
18
|
+
const trustResult = classifyHostTrustTier(hostname);
|
|
19
|
+
if (trustResult.tier === 'blocked') {
|
|
20
|
+
emitSsrfDeny(hostname, url, trustResult.reason);
|
|
21
|
+
return { ok: false, error: `http hook blocked: ${trustResult.reason}` };
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
}
|
|
12
25
|
const timeoutMs = (hook.timeout ?? 30) * 1000;
|
|
13
26
|
try {
|
|
14
27
|
const controller = new AbortController();
|
|
@@ -68,6 +68,13 @@ export interface HookDefinition {
|
|
|
68
68
|
name?: string;
|
|
69
69
|
/** Whether the hook is enabled (default: true) */
|
|
70
70
|
enabled?: boolean;
|
|
71
|
+
/**
|
|
72
|
+
* For http hooks: when true, bypasses the SEC-08 SSRF tier filter and
|
|
73
|
+
* allows requests to internal/private hosts. Use only in trusted,
|
|
74
|
+
* air-gapped environments where the hook target is a known internal service.
|
|
75
|
+
* Default: false (SSRF filter active).
|
|
76
|
+
*/
|
|
77
|
+
allowInternal?: boolean;
|
|
71
78
|
}
|
|
72
79
|
/** Hook chain step */
|
|
73
80
|
export interface ChainStep {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/hooks/types.ts"],"names":[],"mappings":"AAAA,qFAAqF;AAErF,6BAA6B;AAC7B,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM,GAAG,QAAQ,GAAG,WAAW,CAAC;AAEzE,4BAA4B;AAC5B,MAAM,MAAM,YAAY,GACpB,MAAM,GAAG,MAAM,GAAG,KAAK,GAAG,OAAO,GAAG,SAAS,GAC7C,KAAK,GAAG,KAAK,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,GAC5D,YAAY,GAAG,WAAW,GAAG,eAAe,GAAG,eAAe,CAAC;AAEnE,iEAAiE;AACjE,MAAM,MAAM,aAAa,GAAG,GAAG,SAAS,IAAI,YAAY,IAAI,MAAM,EAAE,CAAC;AAErE,oCAAoC;AACpC,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,aAAa,CAAC;IACpB,KAAK,EAAE,SAAS,CAAC;IACjB,QAAQ,EAAE,YAAY,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,wCAAwC;AACxC,MAAM,WAAW,UAAU;IACzB,yCAAyC;IACzC,QAAQ,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;IACpC,wBAAwB;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,uDAAuD;IACvD,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,kDAAkD;IAClD,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,wCAAwC;IACxC,EAAE,EAAE,OAAO,CAAC;IACZ,mCAAmC;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,uBAAuB;AACvB,MAAM,MAAM,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC;AAEtE,oCAAoC;AACpC,MAAM,WAAW,cAAc;IAC7B,gEAAgE;IAChE,KAAK,EAAE,MAAM,CAAC;IACd,iEAAiE;IACjE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB;IAChB,IAAI,EAAE,QAAQ,CAAC;IACf,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qCAAqC;IACrC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,4CAA4C;IAC5C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,+CAA+C;IAC/C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,6EAA6E;IAC7E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kDAAkD;IAClD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,yCAAyC;IACzC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,gCAAgC;IAChC,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,oCAAoC;IACpC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,2DAA2D;IAC3D,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kDAAkD;IAClD,OAAO,CAAC,EAAE,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/hooks/types.ts"],"names":[],"mappings":"AAAA,qFAAqF;AAErF,6BAA6B;AAC7B,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM,GAAG,QAAQ,GAAG,WAAW,CAAC;AAEzE,4BAA4B;AAC5B,MAAM,MAAM,YAAY,GACpB,MAAM,GAAG,MAAM,GAAG,KAAK,GAAG,OAAO,GAAG,SAAS,GAC7C,KAAK,GAAG,KAAK,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,GAC5D,YAAY,GAAG,WAAW,GAAG,eAAe,GAAG,eAAe,CAAC;AAEnE,iEAAiE;AACjE,MAAM,MAAM,aAAa,GAAG,GAAG,SAAS,IAAI,YAAY,IAAI,MAAM,EAAE,CAAC;AAErE,oCAAoC;AACpC,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,aAAa,CAAC;IACpB,KAAK,EAAE,SAAS,CAAC;IACjB,QAAQ,EAAE,YAAY,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,wCAAwC;AACxC,MAAM,WAAW,UAAU;IACzB,yCAAyC;IACzC,QAAQ,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;IACpC,wBAAwB;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,uDAAuD;IACvD,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,kDAAkD;IAClD,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,wCAAwC;IACxC,EAAE,EAAE,OAAO,CAAC;IACZ,mCAAmC;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,uBAAuB;AACvB,MAAM,MAAM,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC;AAEtE,oCAAoC;AACpC,MAAM,WAAW,cAAc;IAC7B,gEAAgE;IAChE,KAAK,EAAE,MAAM,CAAC;IACd,iEAAiE;IACjE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB;IAChB,IAAI,EAAE,QAAQ,CAAC;IACf,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oFAAoF;IACpF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qCAAqC;IACrC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,4CAA4C;IAC5C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,+CAA+C;IAC/C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,6EAA6E;IAC7E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kDAAkD;IAClD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,yCAAyC;IACzC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,gCAAgC;IAChC,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,oCAAoC;IACpC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,2DAA2D;IAC3D,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kDAAkD;IAClD,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;;;OAKG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,sBAAsB;AACtB,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,4BAA4B;AAC5B,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,SAAS,EAAE,CAAC;IACnB,MAAM,EAAE,cAAc,CAAC;CACxB;AAED,6BAA6B;AAC7B,MAAM,WAAW,WAAW;IAC1B,+CAA+C;IAC/C,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC;IACzC,yBAAyB;IACzB,MAAM,CAAC,EAAE,SAAS,EAAE,CAAC;CACtB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webhooks.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/integrations/webhooks.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAA6B,MAAM,4BAA4B,CAAC;
|
|
1
|
+
{"version":3,"file":"webhooks.d.ts","sourceRoot":"","sources":["../../../../src/_internal/platform/integrations/webhooks.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAA6B,MAAM,4BAA4B,CAAC;AAO7F;;;;;;;;;;GAUG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,IAAI,CAAW;IACvB,OAAO,CAAC,aAAa,CAAyB;gBAElC,IAAI,GAAE,MAAM,EAAO;IAI/B;;OAEG;IACH,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,eAAe;IAQlD,oEAAoE;IACpE,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAQzB,4BAA4B;IAC5B,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAQ/B,gCAAgC;IAChC,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI;IAI7B,iDAAiD;IACjD,OAAO,IAAI,MAAM,EAAE;IAInB,sDAAsD;IACtD,YAAY,IAAI,OAAO;IAQvB;;;;;;OAMG;IACG,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBvC;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAsBrE,kBAAkB,CAAC,GAAG,EAAE,eAAe,GAAG,IAAI;IA8B9C,wCAAwC;IACxC,MAAM,IAAI,IAAI;YAWA,OAAO;CAsBtB"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { logger } from '../utils/logger.js';
|
|
2
|
+
import { classifyHostTrustTier, extractHostname, emitSsrfDeny } from '../tools/fetch/trust-tiers.js';
|
|
2
3
|
// ---------------------------------------------------------------------------
|
|
3
4
|
// WebhookNotifier
|
|
4
5
|
// ---------------------------------------------------------------------------
|
|
@@ -127,6 +128,15 @@ export class WebhookNotifier {
|
|
|
127
128
|
// Private helpers
|
|
128
129
|
// -------------------------------------------------------------------------
|
|
129
130
|
async postOne(url, text) {
|
|
131
|
+
// SEC-08: SSRF tier filter — block requests to internal/private hosts.
|
|
132
|
+
const hostname = extractHostname(url);
|
|
133
|
+
if (hostname !== null) {
|
|
134
|
+
const trustResult = classifyHostTrustTier(hostname);
|
|
135
|
+
if (trustResult.tier === 'blocked') {
|
|
136
|
+
emitSsrfDeny(hostname, url, trustResult.reason);
|
|
137
|
+
throw new Error(`WebhookNotifier: blocked URL — ${trustResult.reason}`);
|
|
138
|
+
}
|
|
139
|
+
}
|
|
130
140
|
const res = await fetch(url, {
|
|
131
141
|
method: 'POST',
|
|
132
142
|
headers: { 'Content-Type': 'text/plain' },
|