@query-farm/vgi-rpc 0.6.3 → 0.7.0

package/dist/http/sticky.d.ts

@@ -0,0 +1,124 @@
+/** Seal a sticky-session token. Returns the base64url-encoded value for the
+ *  `VGI-Session` header. */
+export declare function sealSessionToken(serverId: string, sessionId: Uint8Array, expiresAt: number, tokenKey: Uint8Array, aad: Uint8Array, now?: number): string;
+export interface OpenedSessionToken {
+    serverId: string;
+    sessionId: Uint8Array;
+    expiresAt: number;
+}
+/** Open a sticky-session token. Raises {@link SessionLostError} on any failure
+ *  — wrong AAD (cross-principal replay) is indistinguishable from garbage. */
+export declare function openSessionToken(token: string, tokenKey: Uint8Array, aad: Uint8Array): OpenedSessionToken;
+/** Minimal promise-based mutex. The HTTP handler awaits `acquire()` before
+ *  dispatching on a resumed session and calls the returned release in a
+ *  `finally` so concurrent calls on the same session run sequentially. */
+declare class AsyncMutex {
+    private locked;
+    private waiters;
+    acquire(): Promise<() => void>;
+    private release;
+}
+/** A live session in the per-worker registry. */
+export interface SessionEntry {
+    state: unknown;
+    expiresAt: number;
+    principalKey: string;
+    lock: AsyncMutex;
+}
+/**
+ * Derive the registry partition key for a request principal.
+ *
+ * Both the dispatch path and the `DELETE /__session__` teardown path MUST
+ * compute this identically — otherwise a session opened on one path can't
+ * be looked up on the other. The NUL separator (rather than a space)
+ * keeps `{domain:"a", principal:"b "}` from colliding with
+ * `{domain:"a ", principal:"b"}`. Anonymous requests collapse to a
+ * single sentinel.
+ *
+ * `domain` / `principal` are the authenticated identity fields, or
+ * null/undefined for anonymous.
+ */
+export declare function sessionPrincipalKey(authenticated: boolean, domain: string | null | undefined, principal: string | null | undefined): string;
+/** Hex-encode a session_id Uint8Array (24-char lowercase hex). */
+export declare function sessionIdHex(sessionId: Uint8Array): string;
+/** Per-worker in-process map of live sticky sessions. */
+export declare class SessionRegistry {
+    readonly defaultTtl: number;
+    private entries;
+    private _draining;
+    constructor(defaultTtl: number);
+    get draining(): boolean;
+    setDraining(value: boolean): void;
+    /** Register a session. Throws {@link ServerDrainingError} when draining. */
+    open(state: unknown, ttl: number | undefined, principalKey: string): {
+        sessionId: Uint8Array;
+        expiresAt: number;
+    };
+    /** Look up a session. Returns null on miss, expiry, or principal mismatch.
+     *  Expired entries are evicted in-line (and `state.close?.()` invoked). */
+    get(sessionId: Uint8Array, principalKey: string): SessionEntry | null;
+    /** Remove a session and invoke `state.close?.()`. Returns true on hit. */
+    close(sessionId: Uint8Array): boolean;
+    /** Evict every entry past its TTL. Returns the eviction count. */
+    drainExpired(now?: number): number;
+    /** Invoke `state.close?.()` on every live session and clear the registry. */
+    shutdown(): void;
+    get size(): number;
+}
+/** Start a periodic reaper that evicts expired sessions. Returns a stop fn.
+ *  Uses `setInterval().unref()` where available so the reaper does not keep
+ *  the process alive. */
+export declare function startSessionReaper(registry: SessionRegistry, tickMs?: number): () => void;
+/** Per-request handle that the HTTP handler installs on the OutputCollector.
+ *  `CallContext.openSession` / `closeSession` / `session` read and mutate
+ *  this object; the handler then emits the resulting headers on the
+ *  response. */
+export interface StickySink {
+    /** True iff the request carried `VGI-Session-Accept: true`. */
+    acceptOpens: boolean;
+    /** Live session state (resumed or just-opened). Null until `openSession`
+     *  or a successful resume populates it. */
+    state: unknown | null;
+    /** Hex session_id for the access log. Populated on resume + open;
+     *  preserved across `closeSession` so close records still carry the id. */
+    sessionId: string | null;
+    /** Set by `openSession` so `process_response` emits `VGI-Session: <token>`. */
+    mintToken: string | null;
+    /** Set by `closeSession` so `process_response` emits `VGI-Session-Close: true`. */
+    closed: boolean;
+    /** Sticky-session lifecycle action observed during dispatch — one of
+     *  "none" / "resume" / "open" / "close". Surfaced on the access log. */
+    action: "none" | "resume" | "open" | "close";
+    /** Bound by the handler: registers `state` in the registry, mints the
+     *  AEAD-sealed token, and stamps `mintToken` + `sessionId`. */
+    _open(state: unknown, ttl: number | undefined): void;
+    /** Bound by the handler: removes the registry entry + invokes
+     *  `state.close?.()`. Idempotent. */
+    _close(): void;
+}
+/** Build a `StickySink` for a request without sticky support — `_open` /
+ *  `_close` throw the same RuntimeError shape as Python's implementation so
+ *  call sites get a clear message. */
+export declare function unavailableStickySink(): StickySink;
+/** Operator-facing handle returned by `createHttpHandler` (when sticky is
+ *  enabled) so SIGTERM hooks / worker-exit hooks can drain in-flight
+ *  sessions cleanly. Mirrors Python's `DrainHandle`. */
+export interface DrainHandle {
+    /** Flip the registry's drain flag — subsequent `ctx.openSession` raises
+     *  {@link ServerDrainingError}. Existing sessions continue. */
+    drain(): void;
+    /** Invoke `state.close?.()` on every live session and clear the registry. */
+    shutdown(): void;
+    /** Return whether `drain()` has been invoked. */
+    isDraining(): boolean;
+    /** Test-only / advanced: flip the drain flag back. Production deployments
+     *  only ever drain in one direction; conformance tests use this to clean
+     *  up the fixture between tests. */
+    setDraining(value: boolean): void;
+}
+/** Build a {@link DrainHandle} for *registry*. `stopReaper`, when supplied,
+ *  is invoked by `shutdown()` so the periodic reaper interval is cleared and
+ *  the handle fully releases its resources. */
+export declare function makeDrainHandle(registry: SessionRegistry, stopReaper?: () => void): DrainHandle;
+export {};
+//# sourceMappingURL=sticky.d.ts.map

package/dist/http/sticky.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sticky.d.ts","sourceRoot":"","sources":["../../src/http/sticky.ts"],"names":[],"mappings":"AAmEA;4BAC4B;AAC5B,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,UAAU,EACrB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,UAAU,EACpB,GAAG,EAAE,UAAU,EACf,GAAG,CAAC,EAAE,MAAM,GACX,MAAM,CAsBR;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,UAAU,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;8EAC8E;AAC9E,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,GAAG,kBAAkB,CAiCzG;AAMD;;0EAE0E;AAC1E,cAAM,UAAU;IACd,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,OAAO,CAAyB;IAElC,OAAO,IAAI,OAAO,CAAC,MAAM,IAAI,CAAC;IAUpC,OAAO,CAAC,OAAO;CAShB;AAMD,iDAAiD;AACjD,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,mBAAmB,CACjC,aAAa,EAAE,OAAO,EACtB,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EACjC,SAAS,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GACnC,MAAM,CAGR;AAED,kEAAkE;AAClE,wBAAgB,YAAY,CAAC,SAAS,EAAE,UAAU,GAAG,MAAM,CAI1D;AASD,yDAAyD;AACzD,qBAAa,eAAe;aAKE,UAAU,EAAE,MAAM;IAH9C,OAAO,CAAC,OAAO,CAA8D;IAC7E,OAAO,CAAC,SAAS,CAAS;gBAEE,UAAU,EAAE,MAAM;IAE9C,IAAI,QAAQ,IAAI,OAAO,CAEtB;IAED,WAAW,CAAC,KAAK,EAAE,OAAO,GAAG,IAAI;IAIjC,4EAA4E;IAC5E,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,SAAS,EAAE,YAAY,EAAE,MAAM,GAAG;QAAE,SAAS,EAAE,UAAU,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE;IAejH;+EAC2E;IAC3E,GAAG,CAAC,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,GAAG,YAAY,GAAG,IAAI;IAerE,0EAA0E;IAC1E,KAAK,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO;IASrC,kEAAkE;IAClE,YAAY,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM;IAalC,6EAA6E;IAC7E,QAAQ,IAAI,IAAI;IAMhB,IAAI,IAAI,IAAI,MAAM,CAEjB;CACF;AAgBD;;yBAEyB;AACzB,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,eAAe,EAAE,MAAM,SAAO,GAAG,MAAM,IAAI,CAUvF;AAMD;;;gBAGgB;AAChB,MAAM,WAAW,UAAU;IACzB,+DAA+D;IAC/D,WAAW,EAAE,OAAO,CAAC;IACrB;+CAC2C;IAC3C,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;IACtB;+EAC2E;IAC3E,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,+EAA+E;IAC/E,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,mFAAmF;IACnF,MAAM,EAAE,OAAO,CAAC;IAChB;4EACwE;IACxE,MAAM,EAAE,MAAM,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,CAAC;IAC7C;mEAC+D;IAC/D,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,CAAC;IACrD;yCACqC;IACrC,MAAM,IAAI,IAAI,CAAC;CAChB;AAED;;sCAEsC;AACtC,wBAAgB,qBAAqB,IAAI,UAAU,CAelD;AAMD;;wDAEwD;AACxD,MAAM,WAAW,WAAW;IAC1B;mEAC+D;IAC/D,KAAK,IAAI,IAAI,CAAC;IACd,6EAA6E;IAC7E,QAAQ,IAAI,IAAI,CAAC;IACjB,iDAAiD;IACjD,UAAU,IAAI,OAAO,CAAC;IACtB;;wCAEoC;IACpC,WAAW,CAAC,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;CACnC;AAED;;+CAE+C;AAC/C,wBAAgB,eAAe,CAAC,QAAQ,EAAE,eAAe,EAAE,UAAU,CAAC,EAAE,MAAM,IAAI,GAAG,WAAW,CAU/F"}

package/dist/http/token.d.ts

@@ -1,15 +1,36 @@
 /**
- * Pack a state token matching the Python v2 wire format.
+ * Build the AEAD associated data that binds a state token to its issuing
+ * principal. Anonymous and authenticated tokens produce distinct AAD
+ * strings, so an anonymous token cannot be opened by a named identity
+ * (and vice versa).
+ */
+export declare function computeAad(principal: string | null | undefined): Uint8Array;
+export declare function bytesToBase64(bytes: Uint8Array): string;
+export declare function base64ToBytes(b64: string): Uint8Array;
+/**
+ * Seal a state token with XChaCha20-Poly1305 AEAD (v4 wire format).
+ *
+ * Layout (base64-encoded):
  *
- * Layout:
- *   [1B version=2]
- *   [8B created_at uint64 LE (seconds since epoch)]
- *   [4B state_len uint32 LE] [state_len bytes]
- *   [4B schema_len uint32 LE] [schema_len bytes]
- *   [4B input_schema_len uint32 LE] [input_schema_len bytes]
- *   [32B HMAC-SHA256(signing_key, all above bytes)]
+ * ```
+ *   [1B  version=4]
+ *   [24B XChaCha20-Poly1305 nonce (random)]
+ *   [..  ciphertext + 16B Poly1305 tag]
+ *        plaintext:
+ *          [8B  created_at uint64 LE]
+ *          [4B  state_len uint32 LE]   [state_len bytes]
+ *          [4B  schema_len uint32 LE]  [schema_len bytes]
+ *          [4B  input_schema_len LE]   [input_schema_len bytes]
+ * ```
+ *
+ * `created_at` lives inside the ciphertext so TTL enforcement runs after
+ * authenticity. The version byte is informational (a self-describing
+ * format marker); a tampered version byte still fails decryption because
+ * we use the matching algorithm for that version. `principal` is bound
+ * via AEAD associated data so a token minted for one identity fails
+ * decryption when presented by another.
  */
-export declare function packStateToken(stateBytes: Uint8Array, schemaBytes: Uint8Array, inputSchemaBytes: Uint8Array, signingKey: Uint8Array, createdAt?: number): string;
+export declare function packStateToken(stateBytes: Uint8Array, schemaBytes: Uint8Array, inputSchemaBytes: Uint8Array, tokenKey: Uint8Array, principal: string | null | undefined, createdAt?: number): string;
 export interface UnpackedToken {
     stateBytes: Uint8Array;
     schemaBytes: Uint8Array;
@@ -17,8 +38,13 @@ export interface UnpackedToken {
     createdAt: number;
 }
 /**
- * Unpack and verify a state token.
- * Throws on tampered, expired, or malformed tokens.
+ * Open and verify a state token. Decryption (which checks the Poly1305
+ * tag) authenticates the payload; any tampering, wrong key, or AAD
+ * mismatch (e.g. cross-principal replay) surfaces as a uniform
+ * "signature verification failed" error so callers cannot distinguish
+ * failure modes via timing or message content.
+ *
+ * Throws on tampered, expired, malformed, or unknown-version tokens.
  */
-export declare function unpackStateToken(tokenBase64: string, signingKey: Uint8Array, tokenTtl: number): UnpackedToken;
+export declare function unpackStateToken(tokenBase64: string, tokenKey: Uint8Array, tokenTtl: number, principal: string | null | undefined): UnpackedToken;
 //# sourceMappingURL=token.d.ts.map

package/dist/http/token.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../src/http/token.ts"],"names":[],"mappings":"AAUA;;;;;;;;;;GAUG;AACH,wBAAgB,cAAc,CAC5B,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE,UAAU,EACvB,gBAAgB,EAAE,UAAU,EAC5B,UAAU,EAAE,UAAU,EACtB,SAAS,CAAC,EAAE,MAAM,GACjB,MAAM,CAsCR;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,UAAU,CAAC;IACvB,WAAW,EAAE,UAAU,CAAC;IACxB,gBAAgB,EAAE,UAAU,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,GAAG,aAAa,CAiE7G"}
+{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../src/http/token.ts"],"names":[],"mappings":"AAWA;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,UAAU,CAU3E;AAMD,wBAAgB,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAMvD;AAED,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAKrD;AAiCD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,cAAc,CAC5B,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE,UAAU,EACvB,gBAAgB,EAAE,UAAU,EAC5B,QAAQ,EAAE,UAAU,EACpB,SAAS,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EACpC,SAAS,CAAC,EAAE,MAAM,GACjB,MAAM,CA8BR;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,UAAU,CAAC;IACvB,WAAW,EAAE,UAAU,CAAC;IACxB,gBAAgB,EAAE,UAAU,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAC9B,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,UAAU,EACpB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GACnC,aAAa,CAuEf"}

package/dist/http/types.d.ts

@@ -1,20 +1,45 @@
-import type { ExternalLocationConfig } from "../external.js";
-import type { DispatchHook } from "../types.js";
+import type { ExternalLocationConfig, UploadUrlProvider } from "../external.js";
+import type { DispatchHook, ServeStartHook } from "../types.js";
 import type { AuthenticateFn, OAuthResourceMetadata } from "./auth.js";
 /** Configuration options for createHttpHandler(). */
 export interface HttpHandlerOptions {
     /** URL path prefix for all endpoints. Default: "" (root). */
     prefix?: string;
-    /** HMAC-SHA256 signing key for state tokens. Random 32 bytes if omitted. */
-    signingKey?: Uint8Array;
+    /** XChaCha20-Poly1305 master key (32 bytes) used to seal stream state
+     *  tokens.  A random 32-byte key is generated if omitted (tokens won't
+     *  survive a restart or load-balance across workers). */
+    tokenKey?: Uint8Array;
     /** State token time-to-live in seconds. Default: 3600 (1 hour). 0 disables TTL checks. */
     tokenTtl?: number;
     /** CORS allowed origins. If set, CORS headers are added to all responses. */
     corsOrigins?: string;
+    /** Access-Control-Max-Age value in seconds for preflight OPTIONS responses. Default: 7200 (2 hours). null omits the header. */
+    corsMaxAge?: number | null;
     /** Maximum request body size in bytes. Advertised via VGI-Max-Request-Bytes header. */
     maxRequestBytes?: number;
-    /** Maximum bytes before a producer stream emits a continuation token. */
+    /** Cap on the post-decompression size of a `Content-Encoding: zstd`
+     *  request body, in bytes.  Defends against zstd decompression bombs:
+     *  a tiny compressed frame can declare a huge decompressed size and
+     *  blow up the server before {@link maxRequestBytes} ever sees the
+     *  payload.  When omitted, defaults to `maxRequestBytes * 16` if that
+     *  is set, otherwise unbounded. */
+    maxDecompressedRequestBytes?: number;
+    /** Maximum bytes before a producer stream emits a continuation token.
+     *
+     * @deprecated Use {@link maxResponseBytes} instead. The cap now governs all
+     *  HTTP method responses (unary, exchange, producer), not just producer streams.
+     */
     maxStreamResponseBytes?: number;
+    /** HTTP body cap. Hard for unary and stream-exchange (overshoot surfaces
+     *  as 200 + X-VGI-RPC-Error EXCEPTION batch). Soft for producer streams
+     *  (overshoot mints a continuation token). Externalised payloads do not
+     *  count toward this — they leave only tiny pointer batches on the wire.
+     *  Advertised via VGI-Max-Response-Bytes.  Undefined = unbounded. */
+    maxResponseBytes?: number;
+    /** Cap on bytes uploaded to external storage during one HTTP response.
+     *  Always hard — externalised uploads have no escape valve. Advertised via
+     *  VGI-Max-Externalized-Response-Bytes.  Undefined = unbounded. */
+    maxExternalizedResponseBytes?: number;
     /** Server ID included in response metadata. Random if omitted. */
     serverId?: string;
     /** Custom state serializer for stream state objects. Default: JSON with BigInt support. */
@@ -28,18 +53,56 @@ export interface HttpHandlerOptions {
     oauthResourceMetadata?: OAuthResourceMetadata;
     /** Optional dispatch hook for observability (tracing, metrics). */
     dispatchHook?: DispatchHook;
+    /** Optional lifecycle hook fired once on the first dispatched request.
+     *  Mirrors Python's on_serve_start; lazy-firing keeps it fork-safe for
+     *  pre-fork servers. */
+    onServeStart?: ServeStartHook;
     /** Enable HTML landing page at GET {prefix}/. Default: true. */
     enableLandingPage?: boolean;
     /** Enable HTML describe/API reference page at GET {prefix}/describe. Default: true. */
     enableDescribePage?: boolean;
     /** Enable HTML 404 page for unmatched GET routes. Default: true. */
     enableNotFoundPage?: boolean;
+    /** Enable JSON health endpoint at GET {prefix}/health. Default: true. */
+    enableHealthEndpoint?: boolean;
     /** Protocol name shown in HTML pages. Defaults to the Protocol's name. */
     protocolName?: string;
+    /** Operator-supplied protocol-contract version label, surfaced on every
+     *  access-log record so dashboards and alerts can key off contract
+     *  changes.  Mirrors the Python `RpcServer(..., protocol_version=...)`
+     *  argument. */
+    protocolVersion?: string;
     /** URL to service's source repository, shown in landing/describe pages. */
     repositoryUrl?: string;
     /** External storage config for externalizing large response batches. */
     externalLocation?: ExternalLocationConfig;
+    /** Provider for vending pre-signed upload URLs to clients via {prefix}/__upload_url__/init. */
+    uploadUrlProvider?: UploadUrlProvider;
+    /** Optional advertised maximum upload size, surfaced via VGI-Max-Upload-Bytes. */
+    maxUploadBytes?: number;
+    /** OAuth scope for PKCE authorization requests. Default: "openid email". */
+    oauthPkceScope?: string;
+    /** Allowed return-to origins for external frontend redirects. Default: Set(["https://cupola.query-farm.services"]). */
+    allowedReturnOrigins?: ReadonlySet<string>;
+    /** Enable opt-in sticky sessions on this HTTP handler. When enabled the
+     *  server advertises `VGI-Sticky-Enabled: true` (capability discovery),
+     *  honours `VGI-Session` / `VGI-Session-Accept` headers, and exposes a
+     *  `DELETE {prefix}/__session__` teardown endpoint. Default: false. */
+    enableSticky?: boolean;
+    /** Default session TTL in seconds when `ctx.openSession` is called without
+     *  an explicit `ttl` override. Default: 300. */
+    stickyDefaultTtl?: number;
+    /** Headers the server emits as `VGI-Echo-<name>: <value>` on the
+     *  session-opening response. A conformant client captures them and replays
+     *  them on every subsequent request in the session — used for
+     *  client-driven routing (e.g. `fly-force-instance-id` on Fly.io). */
+    stickyEchoHeaders?: Record<string, string>;
+    /** Internal — invoked once at handler creation with a {@link DrainHandle}
+     *  when sticky is enabled. Conformance fixtures use this to wire up the
+     *  test-only `/__test_drain__` admin endpoint without the library
+     *  exposing the registry directly. Production code should hold the
+     *  handle returned by a future `createHttpHandlerWithDrainHandle` helper. */
+    _onStickyHandle?: (handle: import("./sticky.js").DrainHandle) => void;
 }
 /** Serializer for stream state objects stored in state tokens. */
 export interface StateSerializer {

package/dist/http/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/http/types.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAC7D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AAEvE,qDAAqD;AACrD,MAAM,WAAW,kBAAkB;IACjC,6DAA6D;IAC7D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4EAA4E;IAC5E,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,0FAA0F;IAC1F,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uFAAuF;IACvF,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,yEAAyE;IACzE,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,kEAAkE;IAClE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,2FAA2F;IAC3F,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC;kEAC8D;IAC9D,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iFAAiF;IACjF,YAAY,CAAC,EAAE,cAAc,CAAC;IAC9B,0FAA0F;IAC1F,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAC9C,mEAAmE;IACnE,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,gEAAgE;IAChE,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,uFAAuF;IACvF,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,oEAAoE;IACpE,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,0EAA0E;IAC1E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,2EAA2E;IAC3E,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,wEAAwE;IACxE,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;CAC3C;AAED,kEAAkE;AAClE,MAAM,WAAW,eAAe;IAC9B,SAAS,CAAC,KAAK,EAAE,GAAG,GAAG,UAAU,CAAC;IAClC,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,GAAG,CAAC;CACrC;AAED,iEAAiE;AACjE,eAAO,MAAM,mBAAmB,EAAE,eAWjC,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/http/types.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAChF,OAAO,KAAK,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAChE,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AAEvE,qDAAqD;AACrD,MAAM,WAAW,kBAAkB;IACjC,6DAA6D;IAC7D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;6DAEyD;IACzD,QAAQ,CAAC,EAAE,UAAU,CAAC;IACtB,0FAA0F;IAC1F,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+HAA+H;IAC/H,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,uFAAuF;IACvF,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;uCAKmC;IACnC,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC;;;;yEAIqE;IACrE,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;uEAEmE;IACnE,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,kEAAkE;IAClE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,2FAA2F;IAC3F,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC;kEAC8D;IAC9D,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iFAAiF;IACjF,YAAY,CAAC,EAAE,cAAc,CAAC;IAC9B,0FAA0F;IAC1F,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAC9C,mEAAmE;IACnE,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B;;4BAEwB;IACxB,YAAY,CAAC,EAAE,cAAc,CAAC;IAC9B,gEAAgE;IAChE,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,uFAAuF;IACvF,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,oEAAoE;IACpE,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,yEAAyE;IACzE,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,0EAA0E;IAC1E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;oBAGgB;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,2EAA2E;IAC3E,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,wEAAwE;IACxE,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;IAC1C,+FAA+F;IAC/F,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,kFAAkF;IAClF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,4EAA4E;IAC5E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,uHAAuH;IACvH,oBAAoB,CAAC,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAE3C;;;2EAGuE;IACvE,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB;oDACgD;IAChD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;0EAGsE;IACtE,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3C;;;;iFAI6E;IAC7E,eAAe,CAAC,EAAE,CAAC,MAAM,EAAE,OAAO,aAAa,EAAE,WAAW,KAAK,IAAI,CAAC;CACvE;AAED,kEAAkE;AAClE,MAAM,WAAW,eAAe;IAC9B,SAAS,CAAC,KAAK,EAAE,GAAG,GAAG,UAAU,CAAC;IAClC,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,GAAG,CAAC;CACrC;AAED,iEAAiE;AACjE,eAAO,MAAM,mBAAmB,EAAE,eAWjC,CAAC"}

package/dist/index.d.ts

@@ -1,11 +1,13 @@
+export { AccessLogHook, type AccessLogSink, FdSink } from "./access-log.js";
 export { AuthContext } from "./auth.js";
 export * from "./client/index.js";
-export { DESCRIBE_METHOD_NAME, DESCRIBE_VERSION, DESCRIBE_VERSION_KEY, LOG_EXTRA_KEY, LOG_LEVEL_KEY, LOG_MESSAGE_KEY, PROTOCOL_NAME_KEY, REQUEST_ID_KEY, REQUEST_VERSION, REQUEST_VERSION_KEY, RPC_METHOD_KEY, SERVER_ID_KEY, STATE_KEY, } from "./constants.js";
-export { RpcError, VersionError } from "./errors.js";
+export { DESCRIBE_METHOD_NAME, DESCRIBE_VERSION, DESCRIBE_VERSION_KEY, ERROR_KIND_KEY, LOG_EXTRA_KEY, LOG_LEVEL_KEY, LOG_MESSAGE_KEY, PROTOCOL_NAME_KEY, REQUEST_ID_KEY, REQUEST_VERSION, REQUEST_VERSION_KEY, RPC_ERROR_HEADER, RPC_METHOD_KEY, SERVER_ID_KEY, STATE_KEY, } from "./constants.js";
+export { ERROR_KIND_METHOD_NOT_IMPLEMENTED, ERROR_KIND_SERVER_DRAINING, ERROR_KIND_SESSION_LOST, MethodNotImplementedError, RpcError, ServerDrainingError, SessionLostError, VersionError, } from "./errors.js";
 export { type ExternalLocationConfig, type ExternalStorage, httpsOnlyValidator, isExternalLocationBatch, makeExternalLocationBatch, maybeExternalizeBatch, resolveExternalLocation, } from "./external.js";
 export { ARROW_CONTENT_TYPE, type AuthenticateFn, type BearerValidateFn, bearerAuthenticate, bearerAuthenticateStatic, type CertValidateFn, chainAuthenticate, createHttpHandler, type HttpHandlerOptions, type JwtAuthenticateOptions, jsonStateSerializer, jwtAuthenticate, mtlsAuthenticate, mtlsAuthenticateFingerprint, mtlsAuthenticateSubject, mtlsAuthenticateXfcc, type OAuthResourceMetadata, oauthResourceMetadataToJson, parseXfcc, type StateSerializer, type UnpackedToken, unpackStateToken, type XfccElement, type XfccValidateFn, } from "./http/index.js";
+export { acquireLock, computeHash as launcherComputeHash, defaultStateDir, type FileLockHandle, type GcResult, gcStateDir, type LaunchConfig, launch, probeSocket, type ServeUnixHandle, type ServeUnixOptions, type SocketPaths, type StatusRow, serveUnix, socketPaths, statusRows, tryAcquireLock, } from "./launcher/index.js";
 export { Protocol } from "./protocol.js";
-export { bool, bytes, float, float32, inferParamTypes, int, int32, type SchemaLike, str, toSchema, } from "./schema.js";
+export { bool, bytes, float, float32, inferParamTypes, int, int8, int16, int32, type SchemaLike, str, toSchema, uint8, uint16, uint32, uint64, } from "./schema.js";
 export { VgiRpcServer } from "./server.js";
-export { type CallContext, type CallStatistics, type DispatchHook, type DispatchInfo, type ExchangeFn, type ExchangeInit, type HeaderInit, type HookToken, type LogContext, type MethodDefinition, MethodType, OutputCollector, type ProducerFn, type ProducerInit, type UnaryHandler, } from "./types.js";
+export { type CallContext, type CallStatistics, type DispatchHook, type DispatchInfo, type ExchangeFn, type ExchangeInit, type HeaderInit, type HookToken, type LogContext, type MethodDefinition, MethodType, OutputCollector, type ProducerFn, type ProducerInit, type ServeStartHook, TransportKind, type UnaryHandler, } from "./types.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,cAAc,mBAAmB,CAAC;AAClC,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,aAAa,EACb,aAAa,EACb,eAAe,EACf,iBAAiB,EACjB,cAAc,EACd,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,aAAa,EACb,SAAS,GACV,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EACL,KAAK,sBAAsB,EAC3B,KAAK,eAAe,EACpB,kBAAkB,EAClB,uBAAuB,EACvB,yBAAyB,EACzB,qBAAqB,EACrB,uBAAuB,GACxB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,kBAAkB,EAClB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,kBAAkB,EAClB,wBAAwB,EACxB,KAAK,cAAc,EACnB,iBAAiB,EACjB,iBAAiB,EACjB,KAAK,kBAAkB,EACvB,KAAK,sBAAsB,EAC3B,mBAAmB,EACnB,eAAe,EACf,gBAAgB,EAChB,2BAA2B,EAC3B,uBAAuB,EACvB,oBAAoB,EACpB,KAAK,qBAAqB,EAC1B,2BAA2B,EAC3B,SAAS,EACT,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,gBAAgB,EAChB,KAAK,WAAW,EAChB,KAAK,cAAc,GACpB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EACL,IAAI,EACJ,KAAK,EACL,KAAK,EACL,OAAO,EACP,eAAe,EACf,GAAG,EACH,KAAK,EACL,KAAK,UAAU,EACf,GAAG,EACH,QAAQ,GACT,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,gBAAgB,EACrB,UAAU,EACV,eAAe,EACf,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,YAAY,GAClB,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC5E,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,cAAc,mBAAmB,CAAC;AAClC,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,cAAc,EACd,aAAa,EACb,aAAa,EACb,eAAe,EACf,iBAAiB,EACjB,cAAc,EACd,eAAe,EACf,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,aAAa,EACb,SAAS,GACV,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,iCAAiC,EACjC,0BAA0B,EAC1B,uBAAuB,EACvB,yBAAyB,EACzB,QAAQ,EACR,mBAAmB,EACnB,gBAAgB,EAChB,YAAY,GACb,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,KAAK,sBAAsB,EAC3B,KAAK,eAAe,EACpB,kBAAkB,EAClB,uBAAuB,EACvB,yBAAyB,EACzB,qBAAqB,EACrB,uBAAuB,GACxB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,kBAAkB,EAClB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,kBAAkB,EAClB,wBAAwB,EACxB,KAAK,cAAc,EACnB,iBAAiB,EACjB,iBAAiB,EACjB,KAAK,kBAAkB,EACvB,KAAK,sBAAsB,EAC3B,mBAAmB,EACnB,eAAe,EACf,gBAAgB,EAChB,2BAA2B,EAC3B,uBAAuB,EACvB,oBAAoB,EACpB,KAAK,qBAAqB,EAC1B,2BAA2B,EAC3B,SAAS,EACT,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,gBAAgB,EAChB,KAAK,WAAW,EAChB,KAAK,cAAc,GACpB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,WAAW,EACX,WAAW,IAAI,mBAAmB,EAClC,eAAe,EACf,KAAK,cAAc,EACnB,KAAK,QAAQ,EACb,UAAU,EACV,KAAK,YAAY,EACjB,MAAM,EACN,WAAW,EACX,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,WAAW,EAChB,KAAK,SAAS,EACd,SAAS,EACT,WAAW,EACX,UAAU,EACV,cAAc,GACf,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EACL,IAAI,EACJ,KAAK,EACL,KAAK,EACL,OAAO,EACP,eAAe,EACf,GAAG,EACH,IAAI,EACJ,KAAK,EACL,KAAK,EACL,KAAK,UAAU,EACf,GAAG,EACH,QAAQ,EACR,KAAK,EACL,MAAM,EACN,MAAM,EACN,MAAM,GACP,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,gBAAgB,EACrB,UAAU,EACV,eAAe,EACf,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,aAAa,EACb,KAAK,YAAY,GAClB,MAAM,YAAY,CAAC"}