@radaros/transport 0.3.10 → 0.3.13

package/README.md

@@ -0,0 +1,45 @@
+# @radaros/transport
+
+HTTP and WebSocket transport layer for deploying RadarOS agents as APIs.
+
+## Install
+
+```bash
+npm install @radaros/transport
+```
+
+## Quick Start
+
+```typescript
+import express from "express";
+import { Agent, openai } from "@radaros/core";
+import { createAgentRouter } from "@radaros/transport";
+
+const app = express();
+app.use(express.json());
+
+const agent = new Agent({
+  name: "assistant",
+  model: openai("gpt-4o"),
+});
+
+app.use("/api", createAgentRouter({ agents: { assistant: agent } }));
+app.listen(3000);
+```
+
+## Features
+
+- **Express Router** — REST API with streaming support
+- **Socket.IO Gateway** — Real-time WebSocket communication
+- **A2A Server** — Agent-to-Agent protocol support
+- **CORS & Rate Limiting** — Built-in security middleware
+- **Swagger** — Auto-generated API documentation
+- **File Upload** — Multipart form data support
+
+## Documentation
+
+Full docs at [radaros.mintlify.dev](https://radaros.mintlify.dev)
+
+## License
+
+MIT

package/dist/index.d.ts

@@ -42,8 +42,12 @@ interface FileUploadOptions {
 declare function createFileUploadMiddleware(opts?: FileUploadOptions): any;
 declare function buildMultiModalInput(body: any, files?: any[]): string | any[];
 
-declare function errorHandler(): (err: any, _req: any, res: any, _next: any) => void;
-declare function requestLogger(): (req: any, _res: any, next: any) => void;
+declare function errorHandler(options?: {
+    logger?: Pick<Console, "error">;
+}): (err: any, _req: any, res: any, _next: any) => void;
+declare function requestLogger(options?: {
+    logger?: Pick<Console, "log">;
+}): (req: any, _res: any, next: any) => void;
 
 interface SwaggerOptions {
     /** Enable Swagger UI at /docs. Default: false */
@@ -75,6 +79,13 @@ interface RouterOptions {
     swagger?: SwaggerOptions;
     /** File upload configuration for multi-modal inputs */
     fileUpload?: boolean | FileUploadOptions;
+    /** CORS configuration. Pass true or '*' for permissive, a string for a single origin, or an array for multiple origins. */
+    cors?: string | string[] | boolean;
+    /** Rate limiting configuration. Pass true for defaults (100 req/min), or an object to customize. */
+    rateLimit?: {
+        windowMs?: number;
+        max?: number;
+    } | boolean;
 }
 
 declare function createAgentRouter(opts: RouterOptions): any;
@@ -169,6 +180,8 @@ interface GatewayOptions {
     io: any;
     namespace?: string;
     authMiddleware?: (socket: any, next: (err?: Error) => void) => void;
+    /** Max requests per minute per socket. Default: 60 */
+    maxRequestsPerMinute?: number;
 }
 
 declare function createAgentGateway(opts: GatewayOptions): void;

package/dist/index.js

@@ -64,10 +64,19 @@ function generateMultiAgentCard(agents, serverUrl, provider, version) {
 var _require = createRequire(import.meta.url);
 var TaskStore = class {
   tasks = /* @__PURE__ */ new Map();
+  maxTasks = 1e4;
   get(id) {
     return this.tasks.get(id);
   }
   set(task) {
+    if (this.tasks.size >= this.maxTasks) {
+      for (const [id, t] of this.tasks) {
+        if (t.status?.state === "completed" || t.status?.state === "canceled") {
+          this.tasks.delete(id);
+          break;
+        }
+      }
+    }
     this.tasks.set(task.id, task);
   }
   updateState(id, state, message) {
@@ -403,17 +412,19 @@ function buildMultiModalInput(body, files) {
 }
 
 // src/express/middleware.ts
-function errorHandler() {
+function errorHandler(options) {
+  const log = options?.logger ?? console;
   return (err, _req, res, _next) => {
-    console.error("[radaros:transport] Error:", err.message);
+    log.error("[radaros:transport] Error:", err.message);
     res.status(err.statusCode ?? 500).json({
       error: err.message ?? "Internal server error"
     });
   };
 }
-function requestLogger() {
+function requestLogger(options) {
+  const log = options?.logger ?? console;
   return (req, _res, next) => {
-    console.log(`[radaros:transport] ${req.method} ${req.path}`);
+    log.log(`[radaros:transport] ${req.method} ${req.path}`);
     next();
   };
 }
@@ -864,12 +875,76 @@ function serveSwaggerUI(spec) {
 
 // src/express/router-factory.ts
 var _require4 = createRequire4(import.meta.url);
+function corsMiddleware(origins) {
+  return (req, res, next) => {
+    const origin = req.headers.origin;
+    let allowed = false;
+    if (origins === true || origins === "*") {
+      allowed = true;
+      res.setHeader("Access-Control-Allow-Origin", "*");
+    } else if (typeof origins === "string") {
+      allowed = origin === origins;
+      if (allowed) res.setHeader("Access-Control-Allow-Origin", origin);
+    } else if (Array.isArray(origins)) {
+      allowed = origins.includes(origin);
+      if (allowed) res.setHeader("Access-Control-Allow-Origin", origin);
+    }
+    if (allowed) {
+      res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
+      res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-API-Key");
+      res.setHeader("Access-Control-Max-Age", "86400");
+    }
+    if (req.method === "OPTIONS") {
+      res.status(204).end();
+      return;
+    }
+    next();
+  };
+}
+function rateLimitMiddleware(config = {}) {
+  const windowMs = config.windowMs ?? 6e4;
+  const max = config.max ?? 100;
+  const hits = /* @__PURE__ */ new Map();
+  return (req, res, next) => {
+    const key = req.ip ?? req.socket?.remoteAddress ?? "unknown";
+    const now = Date.now();
+    const record = hits.get(key);
+    if (!record || now > record.resetTime) {
+      hits.set(key, { count: 1, resetTime: now + windowMs });
+      next();
+      return;
+    }
+    record.count++;
+    if (record.count > max) {
+      res.status(429).json({ error: "Too many requests, please try again later" });
+      return;
+    }
+    next();
+  };
+}
 var API_KEY_HEADERS = {
   "x-openai-api-key": "openai",
   "x-google-api-key": "google",
   "x-anthropic-api-key": "anthropic",
   "x-api-key": "_generic"
 };
+function validateBody(body, fields) {
+  if (!body || typeof body !== "object") throw new Error("Invalid request body");
+  const result = {};
+  for (const [key, type] of Object.entries(fields)) {
+    const val = body[key];
+    const isOptional = type.endsWith("?");
+    const baseType = type.replace("?", "");
+    if (val === void 0 || val === null) {
+      if (!isOptional) throw new Error(`Missing required field: ${key}`);
+      continue;
+    }
+    if (baseType === "string" && typeof val !== "string") throw new Error(`Field ${key} must be a string`);
+    if (baseType === "object" && typeof val !== "object") throw new Error(`Field ${key} must be an object`);
+    result[key] = val;
+  }
+  return result;
+}
 function extractApiKey(req, agent) {
   for (const [header, provider] of Object.entries(API_KEY_HEADERS)) {
     const value = req.headers[header];
@@ -887,6 +962,13 @@ function createAgentRouter(opts) {
     throw new Error("express is required for createAgentRouter. Install it: npm install express");
   }
   const router = express.Router();
+  if (opts.cors) {
+    router.use(corsMiddleware(opts.cors));
+  }
+  if (opts.rateLimit) {
+    const config = opts.rateLimit === true ? {} : opts.rateLimit;
+    router.use(rateLimitMiddleware(config));
+  }
   if (opts.middleware) {
     for (const mw of opts.middleware) {
       router.use(mw);
@@ -928,25 +1010,38 @@ function createAgentRouter(opts) {
         `/agents/${name}/run`,
         withUpload(async (req, res) => {
           try {
-            const input = buildMultiModalInput(req.body, req.files);
+            const validated = validateBody(req.body, {
+              input: "string",
+              sessionId: "string?",
+              userId: "string?"
+            });
+            const input = buildMultiModalInput(req.body, req.files) ?? validated.input;
             if (!input) {
               return res.status(400).json({ error: "input is required" });
             }
-            const { sessionId, userId } = req.body ?? {};
+            const sessionId = validated.sessionId;
+            const userId = validated.userId;
             const apiKey = extractApiKey(req, agent);
             const result = await agent.run(input, { sessionId, userId, apiKey });
             res.json(result);
           } catch (error) {
-            res.status(500).json({ error: error.message });
+            res.status(400).json({ error: error.message });
           }
         })
       );
       router.post(`/agents/${name}/stream`, async (req, res) => {
         try {
-          const { input, sessionId, userId } = req.body ?? {};
+          const validated = validateBody(req.body, {
+            input: "string",
+            sessionId: "string?",
+            userId: "string?"
+          });
+          const input = validated.input;
           if (!input) {
             return res.status(400).json({ error: "input is required" });
           }
+          const sessionId = validated.sessionId;
+          const userId = validated.userId;
           const apiKey = extractApiKey(req, agent);
           res.writeHead(200, {
             "Content-Type": "text/event-stream",
@@ -978,10 +1073,17 @@ function createAgentRouter(opts) {
     for (const [name, team] of Object.entries(opts.teams)) {
       router.post(`/teams/${name}/run`, async (req, res) => {
         try {
-          const { input, sessionId, userId } = req.body ?? {};
+          const validated = validateBody(req.body, {
+            input: "string",
+            sessionId: "string?",
+            userId: "string?"
+          });
+          const input = validated.input;
           if (!input) {
             return res.status(400).json({ error: "input is required" });
           }
+          const sessionId = validated.sessionId;
+          const userId = validated.userId;
           const apiKey = req.headers["x-api-key"] ?? req.body?.apiKey;
           const result = await team.run(input, { sessionId, userId, apiKey });
           res.json(result);
@@ -991,10 +1093,17 @@ function createAgentRouter(opts) {
       });
       router.post(`/teams/${name}/stream`, async (req, res) => {
         try {
-          const { input, sessionId, userId } = req.body ?? {};
+          const validated = validateBody(req.body, {
+            input: "string",
+            sessionId: "string?",
+            userId: "string?"
+          });
+          const input = validated.input;
           if (!input) {
             return res.status(400).json({ error: "input is required" });
           }
+          const sessionId = validated.sessionId;
+          const userId = validated.userId;
           const apiKey = req.headers["x-api-key"] ?? req.body?.apiKey;
           res.writeHead(200, {
             "Content-Type": "text/event-stream",
@@ -1152,13 +1261,42 @@ function createBrowserGateway(opts) {
 }
 
 // src/socketio/gateway.ts
+function createSocketRateLimiter(maxPerMinute = 60) {
+  return () => {
+    let count = 0;
+    let resetTime = Date.now() + 6e4;
+    return () => {
+      const now = Date.now();
+      if (now > resetTime) {
+        count = 0;
+        resetTime = now + 6e4;
+      }
+      count++;
+      return count <= maxPerMinute;
+    };
+  };
+}
 function createAgentGateway(opts) {
   const ns = opts.io.of(opts.namespace ?? "/radaros");
   if (opts.authMiddleware) {
     ns.use(opts.authMiddleware);
   }
+  const rateLimiterFactory = createSocketRateLimiter(opts.maxRequestsPerMinute ?? 60);
   ns.on("connection", (socket) => {
+    const checkRate = rateLimiterFactory();
     socket.on("agent.run", async (data) => {
+      if (!checkRate()) {
+        socket.emit("agent.error", { error: "Rate limit exceeded" });
+        return;
+      }
+      if (!data || typeof data.input !== "string" || !data.input.trim()) {
+        socket.emit("agent.error", { error: "Invalid input: must be a non-empty string" });
+        return;
+      }
+      if (data.sessionId !== void 0 && typeof data.sessionId !== "string") {
+        socket.emit("agent.error", { error: "Invalid sessionId: must be a string" });
+        return;
+      }
       const agent = opts.agents?.[data.name];
       if (!agent) {
         socket.emit("agent.error", {
@@ -1191,6 +1329,8 @@ function createAgentGateway(opts) {
         socket.emit("agent.error", { error: error.message });
       }
     });
+    socket.on("disconnect", () => {
+    });
     socket.on("team.run", async (data) => {
       const team = opts.teams?.[data.name];
       if (!team) {
@@ -1317,7 +1457,11 @@ function createVoiceGateway(opts) {
       if (session) {
         try {
           await session.close();
-        } catch {
+        } catch (err) {
+          console.warn(
+            "[radaros/voice-gateway] Error closing session on disconnect:",
+            err instanceof Error ? err.message : err
+          );
         }
         activeSessions.delete(socket.id);
       }

package/package.json

@@ -1,6 +1,21 @@
 {
   "name": "@radaros/transport",
-  "version": "0.3.10",
+  "version": "0.3.13",
+  "description": "HTTP and WebSocket transport layer for RadarOS agents",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/xhipment/agentOs.git",
+    "directory": "packages/transport"
+  },
+  "keywords": [
+    "ai",
+    "agents",
+    "express",
+    "socketio",
+    "api",
+    "transport"
+  ],
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -24,10 +39,10 @@
     "typescript": "^5.6.0"
   },
   "peerDependencies": {
-    "@radaros/core": "^0.3.10",
+    "@radaros/core": "^0.3.13",
     "@types/express": "^4.0.0 || ^5.0.0",
     "express": "^4.0.0 || ^5.0.0",
-    "multer": ">=1.4.0",
+    "multer": ">=2.0.0",
     "socket.io": "^4.0.0",
     "swagger-ui-express": "^5.0.0"
   },