@platformatic/runtime 3.11.0 → 3.13.0

package/config.d.ts

@@ -413,4 +413,13 @@ export type PlatformaticRuntimeConfig = {
     maxRetries?: number;
     [k: string]: unknown;
   }[];
+  policies?: {
+    deny: {
+      /**
+       * This interface was referenced by `undefined`'s JSON-Schema definition
+       * via the `patternProperty` "^.*$".
+       */
+      [k: string]: string | [string, ...string[]];
+    };
+  };
 };

package/index.js

@@ -44,7 +44,7 @@ function handleSignal (runtime, config) {
 
   const cwg = closeWithGrace({ delay: config.gracefulShutdown?.runtime ?? 10000, onTimeout }, async event => {
     if (event.err instanceof Error) {
-      console.error(event.err)
+      console.error(new Error('@platformatic/runtime threw an unexpected error', { cause: event.err }))
     }
     await runtime.close()
   })

package/lib/config.js

@@ -335,13 +335,21 @@ export async function transform (config, _, context) {
     // like adding other applications.
   }
 
-  if (config.metrics === true) {
+  if (typeof config.metrics === 'boolean') {
     config.metrics = {
-      enabled: true,
+      enabled: config.metrics,
       timeout: 1000
     }
   }
 
+  if (config.policies?.deny) {
+    for (const [from, to] of Object.entries(config.policies.deny)) {
+      if (typeof to === 'string') {
+        config.policies.deny[from] = [to]
+      }
+    }
+  }
+
   config.applications = applications
   config.web = undefined
   config.services = undefined

package/lib/management-api.js

@@ -132,6 +132,17 @@ export async function managementApiPlugin (app, opts) {
   })
 
   app.get('/metrics', { logLevel: 'debug' }, async (req, reply) => {
+    const config = await runtime.getRuntimeConfig()
+
+    if (config.metrics?.enabled === false) {
+      reply.code(501)
+      return {
+        statusCode: 501,
+        error: 'Not Implemented',
+        message: 'Metrics are disabled.'
+      }
+    }
+
     const accepts = req.accepts()
 
     if (!accepts.type('text/plain') && accepts.type('application/json')) {
@@ -145,6 +156,23 @@ export async function managementApiPlugin (app, opts) {
   })
 
   app.get('/metrics/live', { websocket: true }, async socket => {
+    const config = await runtime.getRuntimeConfig()
+
+    if (config.metrics?.enabled === false) {
+      socket.send(
+        JSON.stringify({
+          statusCode: 501,
+          error: 'Not Implemented',
+          message: 'Metrics are disabled.'
+        }),
+        () => {
+          socket.close()
+        }
+      )
+
+      return
+    }
+
     const cachedMetrics = runtime.getCachedMetrics()
     if (cachedMetrics.length > 0) {
       const serializedMetrics = cachedMetrics.map(metric => JSON.stringify(metric)).join('\n')

package/lib/policies.js

@@ -0,0 +1,23 @@
+export function createChannelCreationHook (config) {
+  const denyList = config.policies?.deny
+
+  if (typeof denyList === 'undefined') {
+    return undefined
+  }
+
+  const forbidden = new Set()
+
+  for (let [first, unalloweds] of Object.entries(denyList)) {
+    for (let second of unalloweds) {
+      first = first.toLowerCase()
+      second = second.toLowerCase()
+
+      forbidden.add(`${first}:${second}`)
+      forbidden.add(`${second}:${first}`)
+    }
+  }
+
+  return function channelCreationHook (first, second) {
+    return !forbidden.has(`${first.toLowerCase()}:${second.toLowerCase()}`)
+  }
+}

package/lib/runtime.js

@@ -40,6 +40,8 @@ import {
 } from './errors.js'
 import { abstractLogger, createLogger } from './logger.js'
 import { startManagementApi } from './management-api.js'
+import { getMemoryInfo } from './metrics.js'
+import { createChannelCreationHook } from './policies.js'
 import { startPrometheusServer } from './prom-server.js'
 import ScalingAlgorithm from './scaling-algorithm.js'
 import { startScheduler } from './scheduler.js'
@@ -47,7 +49,6 @@ import { createSharedStore } from './shared-http-cache.js'
 import { version } from './version.js'
 import { sendViaITC, waitEventFromITC } from './worker/itc.js'
 import { RoundRobinMap } from './worker/round-robin-map.js'
-import { getMemoryInfo } from './metrics.js'
 import {
   kApplicationId,
   kConfig,
@@ -59,8 +60,8 @@ import {
   kStderrMarker,
   kWorkerId,
   kWorkersBroadcast,
-  kWorkerStatus,
-  kWorkerStartTime
+  kWorkerStartTime,
+  kWorkerStatus
 } from './worker/symbols.js'
 
 const kWorkerFile = join(import.meta.dirname, 'worker/main.js')
@@ -113,6 +114,8 @@ export class Runtime extends EventEmitter {
   #sharedHttpCache
   #scheduler
 
+  #channelCreationHook
+
   constructor (config, context) {
     super()
     this.setMaxListeners(MAX_LISTENERS_COUNT)
@@ -125,7 +128,12 @@ export class Runtime extends EventEmitter {
     this.#concurrency = this.#context.concurrency ?? MAX_CONCURRENCY
     this.#workers = new RoundRobinMap()
     this.#url = undefined
-    this.#meshInterceptor = createThreadInterceptor({ domain: '.plt.local', timeout: this.#config.applicationTimeout })
+    this.#channelCreationHook = createChannelCreationHook(this.#config)
+    this.#meshInterceptor = createThreadInterceptor({
+      domain: '.plt.local',
+      timeout: this.#config.applicationTimeout,
+      onChannelCreation: this.#channelCreationHook
+    })
     this.logger = abstractLogger // This is replaced by the real logger in init() and eventually removed in close()
     this.#status = undefined
     this.#restartingWorkers = new Map()
@@ -275,7 +283,7 @@ export class Runtime extends EventEmitter {
 
     this.#updateStatus('started')
 
-    if (this.#managementApi && typeof this.#metrics === 'undefined') {
+    if (this.#config.metrics?.enabled !== false && typeof this.#metrics === 'undefined') {
       this.startCollectingMetrics()
     }
 
@@ -1606,7 +1614,7 @@ export class Runtime extends EventEmitter {
       } else {
         worker[kHealthCheckTimer].refresh()
       }
-    }, interval)
+    }, interval).unref()
   }
 
   async #startWorker (
@@ -2003,7 +2011,14 @@ export class Runtime extends EventEmitter {
     }
   }
 
-  async #getWorkerMessagingChannel ({ application, worker }, context) {
+  async #getWorkerMessagingChannel ({ id, application, worker }, context) {
+    if (this.#channelCreationHook?.(id, application) === false) {
+      throw new MessagingError(
+        application,
+        `Communication channels are disabled between applications "${id}" and "${application}".`
+      )
+    }
+
     const target = await this.#getWorkerById(application, worker, true, true)
 
     const { port1, port2 } = new MessageChannel()
@@ -2085,8 +2100,15 @@ export class Runtime extends EventEmitter {
         }
       }
 
-      const pinoLog =
-        typeof message?.level === 'number' && typeof message?.time === 'number' && typeof message?.msg === 'string'
+      let pinoLog
+
+      if (typeof message === 'object') {
+        pinoLog =
+          typeof message.level === 'number' &&
+          // We want to accept both pino raw time (number) and time as formatted string
+          (typeof message.time === 'number' || typeof message.time === 'string') &&
+          typeof message.msg === 'string'
+      }
 
       // Directly write to the Pino destination
       if (pinoLog) {
@@ -2467,9 +2489,7 @@ export class Runtime extends EventEmitter {
   async #setupVerticalScaler () {
     const fixedWorkersCount = this.#config.workers
     if (fixedWorkersCount !== undefined) {
-      this.logger.warn(
-        `Vertical scaler disabled because the "workers" configuration is set to ${fixedWorkersCount}`
-      )
+      this.logger.warn(`Vertical scaler disabled because the "workers" configuration is set to ${fixedWorkersCount}`)
       return
     }
 
@@ -2510,7 +2530,7 @@ export class Runtime extends EventEmitter {
       if (application.entrypoint && !features.node.reusePort) {
         this.logger.warn(
           `The "${application.id}" application cannot be scaled because it is an entrypoint` +
-          ' and the "reusePort" feature is not available in your OS.'
+            ' and the "reusePort" feature is not available in your OS.'
         )
 
         applicationsConfigs[application.id] = {
@@ -2522,7 +2542,7 @@ export class Runtime extends EventEmitter {
       if (application.workers !== undefined) {
         this.logger.warn(
           `The "${application.id}" application cannot be scaled because` +
-          ` it has a fixed number of workers (${application.workers}).`
+            ` it has a fixed number of workers (${application.workers}).`
         )
         applicationsConfigs[application.id] = {
           minWorkers: application.workers,
@@ -2574,10 +2594,7 @@ export class Runtime extends EventEmitter {
       const now = Date.now()
 
       for (const worker of this.#workers.values()) {
-        if (
-          worker[kWorkerStatus] !== 'started' ||
-          worker[kWorkerStartTime] + gracePeriod > now
-        ) {
+        if (worker[kWorkerStatus] !== 'started' || worker[kWorkerStartTime] + gracePeriod > now) {
           continue
         }
 

package/lib/worker/controller.js

@@ -160,12 +160,13 @@ export class Controller extends EventEmitter {
       this.#logAndThrow(err)
     }
 
-    this.emit('starting')
-
     if (this.capability.status === 'stopped') {
       return
     }
 
+    this.capability.updateStatus('starting')
+    this.emit('starting')
+
     if (this.#watch) {
       const watchConfig = await this.capability.getWatchConfig()
 
@@ -187,6 +188,9 @@ export class Controller extends EventEmitter {
       this.#listening = listen
       /* c8 ignore next 5 */
     } catch (err) {
+      this.capability.updateStatus('start:error')
+      this.emit('start:error', err)
+
       this.capability.log({ message: err.message, level: 'debug' })
       this.#starting = false
       throw err
@@ -194,6 +198,8 @@ export class Controller extends EventEmitter {
 
     this.#started = true
     this.#starting = false
+
+    this.capability.updateStatus('started')
     this.emit('started')
   }
 
@@ -203,6 +209,10 @@ export class Controller extends EventEmitter {
     }
 
     this.emit('stopping')
+    // Do not update status of the capability to "stopping" here otherwise
+    // if stop is called before start is finished, the capability will not
+    // be able to wait for start to finish and it will create a race condition.
+
     await this.#stopFileWatching()
     await this.capability.waitForDependentsStop(dependents)
     await this.capability.stop()
@@ -210,6 +220,8 @@ export class Controller extends EventEmitter {
     this.#started = false
     this.#starting = false
     this.#listening = false
+
+    this.capability.updateStatus('stopped')
     this.emit('stopped')
   }
 

package/lib/worker/interceptors.js

@@ -5,6 +5,7 @@ import { pathToFileURL } from 'node:url'
 import { parentPort, workerData } from 'node:worker_threads'
 import { Agent, Client, Pool, setGlobalDispatcher } from 'undici'
 import { wire } from 'undici-thread-interceptor'
+import { createChannelCreationHook } from '../policies.js'
 import { RemoteCacheStore, httpCacheInterceptor } from './http-cache.js'
 import { kInterceptors } from './symbols.js'
 
@@ -171,6 +172,7 @@ function createThreadInterceptor (runtimeConfig) {
     domain: '.plt.local',
     port: parentPort,
     timeout: runtimeConfig.applicationTimeout,
+    onChannelCreation: createChannelCreationHook(runtimeConfig),
     ...telemetryHooks
   })
   return threadDispatcher

package/lib/worker/messaging.js

@@ -1,5 +1,5 @@
-import { executeWithTimeout, ensureLoggableError, kTimeout } from '@platformatic/foundation'
-import { ITC, parseRequest, generateRequest, generateResponse, sanitize, errors } from '@platformatic/itc'
+import { ensureLoggableError, executeWithTimeout, kTimeout } from '@platformatic/foundation'
+import { errors, generateRequest, generateResponse, ITC, parseRequest, sanitize } from '@platformatic/itc'
 import { MessagingError } from '../errors.js'
 import { RoundRobinMap } from './round-robin-map.js'
 import { kITC, kWorkersBroadcast } from './symbols.js'
@@ -7,6 +7,7 @@ import { kITC, kWorkersBroadcast } from './symbols.js'
 const kPendingResponses = Symbol('plt.messaging.pendingResponses')
 
 export class MessagingITC extends ITC {
+  #id
   #timeout
   #listener
   #closeResolvers
@@ -22,6 +23,7 @@ export class MessagingITC extends ITC {
       name: `${id}-messaging`
     })
 
+    this.#id = id
     this.#timeout = runtimeConfig.messagingTimeout
     this.#workers = new RoundRobinMap()
     this.#sources = new Set()
@@ -67,7 +69,11 @@ export class MessagingITC extends ITC {
       // Use twice the value here as a fallback measure. The target handler in the main thread is forwarding
       // the request to the worker, using executeWithTimeout with the user set timeout value.
       const channel = await executeWithTimeout(
-        globalThis[kITC].send('getWorkerMessagingChannel', { application: worker.application, worker: worker.worker }),
+        globalThis[kITC].send('getWorkerMessagingChannel', {
+          id: this.#id,
+          application: worker.application,
+          worker: worker.worker
+        }),
         this.#timeout * 2
       )
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@platformatic/runtime",
-  "version": "3.11.0",
+  "version": "3.13.0",
   "description": "",
   "main": "index.js",
   "type": "module",
@@ -35,14 +35,14 @@
     "typescript": "^5.5.4",
     "undici-oidc-interceptor": "^0.5.0",
     "why-is-node-running": "^2.2.2",
-    "@platformatic/composer": "3.11.0",
-    "@platformatic/db": "3.11.0",
-    "@platformatic/gateway": "3.11.0",
-    "@platformatic/node": "3.11.0",
-    "@platformatic/service": "3.11.0",
-    "@platformatic/sql-mapper": "3.11.0",
-    "@platformatic/wattpm-pprof-capture": "3.11.0",
-    "@platformatic/sql-graphql": "3.11.0"
+    "@platformatic/gateway": "3.13.0",
+    "@platformatic/db": "3.13.0",
+    "@platformatic/node": "3.13.0",
+    "@platformatic/composer": "3.13.0",
+    "@platformatic/service": "3.13.0",
+    "@platformatic/sql-graphql": "3.13.0",
+    "@platformatic/sql-mapper": "3.13.0",
+    "@platformatic/wattpm-pprof-capture": "3.13.0"
   },
   "dependencies": {
     "@fastify/accepts": "^5.0.0",
@@ -71,14 +71,14 @@
     "sonic-boom": "^4.2.0",
     "systeminformation": "^5.27.11",
     "undici": "^7.0.0",
-    "undici-thread-interceptor": "^0.14.0",
+    "undici-thread-interceptor": "^0.15.0",
     "ws": "^8.16.0",
-    "@platformatic/basic": "3.11.0",
-    "@platformatic/foundation": "3.11.0",
-    "@platformatic/itc": "3.11.0",
-    "@platformatic/generators": "3.11.0",
-    "@platformatic/metrics": "3.11.0",
-    "@platformatic/telemetry": "3.11.0"
+    "@platformatic/basic": "3.13.0",
+    "@platformatic/foundation": "3.13.0",
+    "@platformatic/generators": "3.13.0",
+    "@platformatic/itc": "3.13.0",
+    "@platformatic/metrics": "3.13.0",
+    "@platformatic/telemetry": "3.13.0"
   },
   "engines": {
     "node": ">=22.19.0"

package/schema.json

@@ -1,5 +1,5 @@
 {
-  "$id": "https://schemas.platformatic.dev/@platformatic/runtime/3.11.0.json",
+  "$id": "https://schemas.platformatic.dev/@platformatic/runtime/3.13.0.json",
   "$schema": "http://json-schema.org/draft-07/schema#",
   "title": "Platformatic Runtime Config",
   "type": "object",
@@ -2183,6 +2183,34 @@
           "callbackUrl"
         ]
       }
+    },
+    "policies": {
+      "type": "object",
+      "properties": {
+        "deny": {
+          "type": "object",
+          "patternProperties": {
+            "^.*$": {
+              "oneOf": [
+                {
+                  "type": "string"
+                },
+                {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  },
+                  "minItems": 1
+                }
+              ]
+            }
+          }
+        }
+      },
+      "required": [
+        "deny"
+      ],
+      "additionalProperties": false
     }
   },
   "anyOf": [