npm - @query-farm/vgi-rpc - Versions diffs - 0.6.4 → 0.7.1 - Mend

@query-farm/vgi-rpc 0.6.4 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (177) hide show

package/dist/access-log.d.ts +55 -0
package/dist/access-log.d.ts.map +1 -0
package/dist/arrow/impl-arrowjs/index.d.ts +96 -0
package/dist/arrow/impl-arrowjs/index.d.ts.map +1 -0
package/dist/arrow/impl-flechette/index.d.ts +102 -0
package/dist/arrow/impl-flechette/index.d.ts.map +1 -0
package/dist/arrow/impl-flechette/message-meta.d.ts +11 -0
package/dist/arrow/impl-flechette/message-meta.d.ts.map +1 -0
package/dist/arrow/index.d.ts +4 -0
package/dist/arrow/index.d.ts.map +1 -0
package/dist/arrow/predicates.d.ts +44 -0
package/dist/arrow/predicates.d.ts.map +1 -0
package/dist/arrow/types.d.ts +62 -0
package/dist/arrow/types.d.ts.map +1 -0
package/dist/auth.d.ts +5 -0
package/dist/auth.d.ts.map +1 -1
package/dist/client/capabilities.d.ts +25 -0
package/dist/client/capabilities.d.ts.map +1 -0
package/dist/client/connect.d.ts +10 -0
package/dist/client/connect.d.ts.map +1 -1
package/dist/client/introspect.d.ts +21 -0
package/dist/client/introspect.d.ts.map +1 -1
package/dist/client/ipc.d.ts +8 -2
package/dist/client/ipc.d.ts.map +1 -1
package/dist/client/oauth.d.ts +9 -0
package/dist/client/oauth.d.ts.map +1 -1
package/dist/client/pipe.d.ts +24 -0
package/dist/client/pipe.d.ts.map +1 -1
package/dist/client/stream.d.ts +19 -2
package/dist/client/stream.d.ts.map +1 -1
package/dist/client/types.d.ts +23 -0
package/dist/client/types.d.ts.map +1 -1
package/dist/client/uploadUrl.d.ts +25 -0
package/dist/client/uploadUrl.d.ts.map +1 -0
package/dist/constants.d.ts +30 -2
package/dist/constants.d.ts.map +1 -1
package/dist/crypto.d.ts +22 -0
package/dist/crypto.d.ts.map +1 -0
package/dist/dispatch/describe.d.ts +10 -6
package/dist/dispatch/describe.d.ts.map +1 -1
package/dist/dispatch/stream.d.ts +2 -2
package/dist/dispatch/stream.d.ts.map +1 -1
package/dist/dispatch/unary.d.ts +2 -2
package/dist/dispatch/unary.d.ts.map +1 -1
package/dist/errors.d.ts +64 -1
package/dist/errors.d.ts.map +1 -1
package/dist/external.d.ts +27 -5
package/dist/external.d.ts.map +1 -1
package/dist/http/auth.d.ts +13 -0
package/dist/http/auth.d.ts.map +1 -1
package/dist/http/bearer.d.ts.map +1 -1
package/dist/http/common.d.ts +43 -7
package/dist/http/common.d.ts.map +1 -1
package/dist/http/dispatch.d.ts +20 -2
package/dist/http/dispatch.d.ts.map +1 -1
package/dist/http/handler.d.ts.map +1 -1
package/dist/http/index.d.ts +1 -0
package/dist/http/index.d.ts.map +1 -1
package/dist/http/jwt.d.ts +1 -0
package/dist/http/jwt.d.ts.map +1 -1
package/dist/http/mtls.d.ts +9 -1
package/dist/http/mtls.d.ts.map +1 -1
package/dist/http/oauth-pkce.d.ts +141 -0
package/dist/http/oauth-pkce.d.ts.map +1 -0
package/dist/http/pages.d.ts +3 -0
package/dist/http/pages.d.ts.map +1 -1
package/dist/http/sticky.d.ts +124 -0
package/dist/http/sticky.d.ts.map +1 -0
package/dist/http/token.d.ts +43 -12
package/dist/http/token.d.ts.map +1 -1
package/dist/http/types.d.ts +68 -5
package/dist/http/types.d.ts.map +1 -1
package/dist/index.d.ts +6 -4
package/dist/index.d.ts.map +1 -1
package/dist/index.js +1275 -3511
package/dist/index.js.map +20 -38
package/dist/launcher/hash.d.ts +22 -0
package/dist/launcher/hash.d.ts.map +1 -0
package/dist/launcher/index.d.ts +23 -0
package/dist/launcher/index.d.ts.map +1 -0
package/dist/launcher/launch.d.ts +27 -0
package/dist/launcher/launch.d.ts.map +1 -0
package/dist/launcher/lock.d.ts +19 -0
package/dist/launcher/lock.d.ts.map +1 -0
package/dist/launcher/serve-unix.d.ts +55 -0
package/dist/launcher/serve-unix.d.ts.map +1 -0
package/dist/launcher/state.d.ts +71 -0
package/dist/launcher/state.d.ts.map +1 -0
package/dist/otel.d.ts.map +1 -1
package/dist/protocol.d.ts +19 -2
package/dist/protocol.d.ts.map +1 -1
package/dist/schema.d.ts +45 -18
package/dist/schema.d.ts.map +1 -1
package/dist/server.d.ts +23 -2
package/dist/server.d.ts.map +1 -1
package/dist/types.d.ts +270 -12
package/dist/types.d.ts.map +1 -1
package/dist/util/gzip.d.ts +10 -0
package/dist/util/gzip.d.ts.map +1 -0
package/dist/util/schema.d.ts +3 -15
package/dist/util/schema.d.ts.map +1 -1
package/dist/util/web-crypto.d.ts +22 -0
package/dist/util/web-crypto.d.ts.map +1 -0
package/dist/util/zstd.d.ts +26 -3
package/dist/util/zstd.d.ts.map +1 -1
package/dist/wire/opaque.d.ts +11 -0
package/dist/wire/opaque.d.ts.map +1 -0
package/dist/wire/reader.d.ts +5 -5
package/dist/wire/reader.d.ts.map +1 -1
package/dist/wire/request.d.ts +11 -3
package/dist/wire/request.d.ts.map +1 -1
package/dist/wire/response.d.ts +6 -6
package/dist/wire/response.d.ts.map +1 -1
package/dist/wire/writer.d.ts +49 -39
package/dist/wire/writer.d.ts.map +1 -1
package/package.json +35 -21
package/src/access-log.ts +200 -0
package/src/arrow/impl-arrowjs/index.ts +433 -0
package/src/arrow/impl-flechette/index.ts +414 -0
package/src/arrow/impl-flechette/message-meta.ts +174 -0
package/src/arrow/index.ts +89 -0
package/src/arrow/predicates.ts +56 -0
package/src/arrow/types.ts +73 -0
package/src/auth.ts +5 -0
package/src/client/capabilities.ts +84 -0
package/src/client/connect.ts +113 -26
package/src/client/introspect.ts +74 -38
package/src/client/ipc.ts +37 -27
package/src/client/oauth.ts +9 -0
package/src/client/pipe.ts +36 -9
package/src/client/stream.ts +43 -20
package/src/client/types.ts +23 -0
package/src/client/uploadUrl.ts +169 -0
package/src/constants.ts +34 -2
package/src/crypto.ts +95 -0
package/src/dispatch/describe.ts +146 -107
package/src/dispatch/stream.ts +53 -24
package/src/dispatch/unary.ts +5 -4
package/src/errors.ts +87 -0
package/src/external.ts +49 -30
package/src/http/auth.ts +13 -0
package/src/http/bearer.ts +2 -5
package/src/http/common.ts +91 -23
package/src/http/dispatch.ts +373 -46
package/src/http/handler.ts +790 -68
package/src/http/index.ts +1 -0
package/src/http/jwt.ts +1 -0
package/src/http/mtls.ts +25 -3
package/src/http/oauth-pkce.ts +1035 -0
package/src/http/pages.ts +30 -15
package/src/http/sticky.ts +429 -0
package/src/http/token.ts +170 -75
package/src/http/types.ts +69 -5
package/src/index.ts +40 -1
package/src/launcher/hash.ts +104 -0
package/src/launcher/index.ts +35 -0
package/src/launcher/launch.ts +284 -0
package/src/launcher/lock.ts +171 -0
package/src/launcher/serve-unix.ts +386 -0
package/src/launcher/state.ts +257 -0
package/src/otel.ts +39 -33
package/src/protocol.ts +30 -3
package/src/schema.ts +107 -56
package/src/server.ts +196 -20
package/src/types.ts +376 -18
package/src/util/gzip.ts +63 -0
package/src/util/schema.ts +4 -22
package/src/util/web-crypto.ts +98 -0
package/src/util/zstd.ts +133 -14
package/src/wire/opaque.ts +37 -0
package/src/wire/reader.ts +5 -4
package/src/wire/request.ts +67 -8
package/src/wire/response.ts +51 -85
package/src/wire/writer.ts +165 -69
package/dist/util/conform.d.ts +0 -18
package/dist/util/conform.d.ts.map +0 -1
package/src/util/conform.ts +0 -94

package/src/http/index.ts CHANGED Viewed

@@ -17,6 +17,7 @@ export {
   mtlsAuthenticateXfcc,
   parseXfcc,
 } from "./mtls.js";
+export { cookieAuthenticate } from "./oauth-pkce.js";
 export { type UnpackedToken, unpackStateToken } from "./token.js";
 export type { HttpHandlerOptions, StateSerializer } from "./types.js";
 export { jsonStateSerializer } from "./types.js";

package/src/http/jwt.ts CHANGED Viewed

@@ -5,6 +5,7 @@ import * as oauth from "oauth4webapi";
 import { AuthContext } from "../auth.js";
 import type { AuthenticateFn } from "./auth.js";
+/** Options for {@link jwtAuthenticate}, configuring JWT Bearer-token validation. */
 export interface JwtAuthenticateOptions {
   /** The expected `iss` claim (also used to discover AS metadata). */
   issuer: string;

package/src/http/mtls.ts CHANGED Viewed

@@ -1,21 +1,41 @@
 // © Copyright 2025-2026, Query.Farm LLC - https://query.farm
 // SPDX-License-Identifier: Apache-2.0
-import { createHash, X509Certificate } from "node:crypto";
 import { AuthContext } from "../auth.js";
 import type { AuthenticateFn } from "./auth.js";
+// Indirect-string require so esbuild doesn't pull node:crypto into the bundle.
+// X509Certificate and createHash are used only by the PEM-based mTLS factories;
+// callers on workerd should not configure mTLS.
+const _NODE_CRYPTO_MOD = "node:crypto";
+type X509Certificate = any;
+function _loadNodeCrypto(): { X509Certificate: any; createHash: any } {
+  const req: any = (import.meta as any).require ?? (globalThis as any).require ?? null;
+  if (!req) {
+    throw new Error("mTLS PEM-based authentication requires Node.js or Bun (node:crypto).");
+  }
+  const nc = req(_NODE_CRYPTO_MOD);
+  return { X509Certificate: nc.X509Certificate, createHash: nc.createHash };
+}
 // ---------------------------------------------------------------------------
 // XFCC types and parser (no crypto needed)
 // ---------------------------------------------------------------------------
 /** A single element from an `x-forwarded-client-cert` header. */
 export interface XfccElement {
+  /** Hex SHA-256 digest of the client certificate (`Hash` key). */
   hash: string | null;
+  /** URL-decoded PEM of the client certificate (`Cert` key), if the proxy
+   *  forwarded it. */
   cert: string | null;
+  /** Certificate Subject DN (`Subject` key). */
   subject: string | null;
+  /** URL-decoded URI-type Subject Alternative Name (`URI` key). */
   uri: string | null;
+  /** DNS-type Subject Alternative Names (`DNS` keys); may repeat in the header. */
   dns: readonly string[];
+  /** URL-decoded URI of the proxy that presented the cert (`By` key). */
   by: string | null;
 }
@@ -172,6 +192,7 @@ function parseCertFromHeader(request: Request, header: string): X509Certificate
   if (!pemStr.startsWith("-----BEGIN CERTIFICATE-----")) {
     throw new Error("Header value is not a PEM certificate");
   }
+  const { X509Certificate } = _loadNodeCrypto();
   try {
     return new X509Certificate(pemStr);
   } catch (exc) {
@@ -239,6 +260,7 @@ export function mtlsAuthenticateFingerprint(options: {
     fingerprints instanceof Map ? fingerprints : new Map(Object.entries(fingerprints));
   function validate(cert: X509Certificate): AuthContext {
+    const { createHash } = _loadNodeCrypto();
     const fp = createHash(algorithm).update(cert.raw).digest("hex");
     const ctx = entries.get(fp);
     if (!ctx) {
@@ -266,9 +288,9 @@ export function mtlsAuthenticateSubject(options?: {
   function validate(cert: X509Certificate): AuthContext {
     // Node's cert.subject is \n-separated "KEY=value" lines
-    const subjectParts = cert.subject
+    const subjectParts: string[] = cert.subject
       .split("\n")
-      .map((s) => s.trim())
+      .map((s: string) => s.trim())
       .filter(Boolean);
     const subjectDn = subjectParts.join(", ");