@radaros/transport 0.3.12 → 0.3.14

package/README.md

@@ -0,0 +1,45 @@
+# @radaros/transport
+
+HTTP and WebSocket transport layer for deploying RadarOS agents as APIs.
+
+## Install
+
+```bash
+npm install @radaros/transport
+```
+
+## Quick Start
+
+```typescript
+import express from "express";
+import { Agent, openai } from "@radaros/core";
+import { createAgentRouter } from "@radaros/transport";
+
+const app = express();
+app.use(express.json());
+
+const agent = new Agent({
+  name: "assistant",
+  model: openai("gpt-4o"),
+});
+
+app.use("/api", createAgentRouter({ agents: { assistant: agent } }));
+app.listen(3000);
+```
+
+## Features
+
+- **Express Router** — REST API with streaming support
+- **Socket.IO Gateway** — Real-time WebSocket communication
+- **A2A Server** — Agent-to-Agent protocol support
+- **CORS & Rate Limiting** — Built-in security middleware
+- **Swagger** — Auto-generated API documentation
+- **File Upload** — Multipart form data support
+
+## Documentation
+
+Full docs at [radaros.mintlify.dev](https://radaros.mintlify.dev)
+
+## License
+
+MIT

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { Agent, A2AAgentCard, Team, Workflow, EventBus, VoiceAgent } from '@radaros/core';
+import { Agent, A2AAgentCard, Registry, Servable, Team, Workflow, EventBus, VoiceAgent } from '@radaros/core';
 
 interface A2AServerOptions {
     agents: Record<string, Agent>;
@@ -42,8 +42,12 @@ interface FileUploadOptions {
 declare function createFileUploadMiddleware(opts?: FileUploadOptions): any;
 declare function buildMultiModalInput(body: any, files?: any[]): string | any[];
 
-declare function errorHandler(): (err: any, _req: any, res: any, _next: any) => void;
-declare function requestLogger(): (req: any, _res: any, next: any) => void;
+declare function errorHandler(options?: {
+    logger?: Pick<Console, "error">;
+}): (err: any, _req: any, res: any, _next: any) => void;
+declare function requestLogger(options?: {
+    logger?: Pick<Console, "log">;
+}): (req: any, _res: any, next: any) => void;
 
 interface SwaggerOptions {
     /** Enable Swagger UI at /docs. Default: false */
@@ -67,6 +71,24 @@ interface SwaggerOptions {
     specPath?: string;
 }
 interface RouterOptions {
+    /**
+     * Use a Registry for live auto-discovery. The router creates dynamic routes
+     * that resolve agents/teams/workflows at request time — any instance created
+     * after the router is mounted is automatically available.
+     *
+     * When omitted, falls back to the global registry from `@radaros/core`.
+     * Pass `false` to disable registry-based routing entirely (use explicit maps only).
+     *
+     * @example
+     * createAgentRouter({ cors: true });
+     * new Agent({ name: "bot", model: openai("gpt-4o") }); // immediately routable
+     */
+    registry?: Registry | false;
+    /**
+     * Auto-discover agents, teams, and workflows from a mixed array.
+     * Each item is classified by its `.kind` and keyed by `.name`.
+     */
+    serve?: Servable[];
     agents?: Record<string, Agent>;
     teams?: Record<string, Team>;
     workflows?: Record<string, Workflow<any>>;
@@ -75,6 +97,13 @@ interface RouterOptions {
     swagger?: SwaggerOptions;
     /** File upload configuration for multi-modal inputs */
     fileUpload?: boolean | FileUploadOptions;
+    /** CORS configuration. Pass true or '*' for permissive, a string for a single origin, or an array for multiple origins. */
+    cors?: string | string[] | boolean;
+    /** Rate limiting configuration. Pass true for defaults (100 req/min), or an object to customize. */
+    rateLimit?: {
+        windowMs?: number;
+        max?: number;
+    } | boolean;
 }
 
 declare function createAgentRouter(opts: RouterOptions): any;
@@ -164,11 +193,31 @@ interface BrowserGatewayOptions {
 declare function createBrowserGateway(opts: BrowserGatewayOptions): void;
 
 interface GatewayOptions {
+    /**
+     * Use a Registry for live auto-discovery. The gateway resolves agents/teams
+     * at event time — any instance created after the gateway starts is automatically
+     * reachable.
+     *
+     * When omitted, falls back to the global registry from `@radaros/core`.
+     * Pass `false` to disable registry-based lookup (use explicit maps only).
+     *
+     * @example
+     * createAgentGateway({ io });
+     * new Agent({ name: "bot", model: openai("gpt-4o") }); // immediately reachable
+     */
+    registry?: Registry | false;
+    /**
+     * Auto-discover agents and teams from a mixed array.
+     * Each item is classified by its `.kind` and keyed by `.name`.
+     */
+    serve?: Servable[];
     agents?: Record<string, Agent>;
     teams?: Record<string, Team>;
     io: any;
     namespace?: string;
     authMiddleware?: (socket: any, next: (err?: Error) => void) => void;
+    /** Max requests per minute per socket. Default: 60 */
+    maxRequestsPerMinute?: number;
 }
 
 declare function createAgentGateway(opts: GatewayOptions): void;

package/dist/index.js

@@ -412,23 +412,26 @@ function buildMultiModalInput(body, files) {
 }
 
 // src/express/middleware.ts
-function errorHandler() {
+function errorHandler(options) {
+  const log = options?.logger ?? console;
   return (err, _req, res, _next) => {
-    console.error("[radaros:transport] Error:", err.message);
+    log.error("[radaros:transport] Error:", err.message);
     res.status(err.statusCode ?? 500).json({
       error: err.message ?? "Internal server error"
     });
   };
 }
-function requestLogger() {
+function requestLogger(options) {
+  const log = options?.logger ?? console;
   return (req, _res, next) => {
-    console.log(`[radaros:transport] ${req.method} ${req.path}`);
+    log.log(`[radaros:transport] ${req.method} ${req.path}`);
     next();
   };
 }
 
 // src/express/router-factory.ts
 import { createRequire as createRequire4 } from "module";
+import { classifyServables, registry as globalRegistry } from "@radaros/core";
 
 // src/express/swagger.ts
 import { createRequire as createRequire3 } from "module";
@@ -873,6 +876,53 @@ function serveSwaggerUI(spec) {
 
 // src/express/router-factory.ts
 var _require4 = createRequire4(import.meta.url);
+function corsMiddleware(origins) {
+  return (req, res, next) => {
+    const origin = req.headers.origin;
+    let allowed = false;
+    if (origins === true || origins === "*") {
+      allowed = true;
+      res.setHeader("Access-Control-Allow-Origin", "*");
+    } else if (typeof origins === "string") {
+      allowed = origin === origins;
+      if (allowed) res.setHeader("Access-Control-Allow-Origin", origin);
+    } else if (Array.isArray(origins)) {
+      allowed = origins.includes(origin);
+      if (allowed) res.setHeader("Access-Control-Allow-Origin", origin);
+    }
+    if (allowed) {
+      res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
+      res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-API-Key");
+      res.setHeader("Access-Control-Max-Age", "86400");
+    }
+    if (req.method === "OPTIONS") {
+      res.status(204).end();
+      return;
+    }
+    next();
+  };
+}
+function rateLimitMiddleware(config = {}) {
+  const windowMs = config.windowMs ?? 6e4;
+  const max = config.max ?? 100;
+  const hits = /* @__PURE__ */ new Map();
+  return (req, res, next) => {
+    const key = req.ip ?? req.socket?.remoteAddress ?? "unknown";
+    const now = Date.now();
+    const record = hits.get(key);
+    if (!record || now > record.resetTime) {
+      hits.set(key, { count: 1, resetTime: now + windowMs });
+      next();
+      return;
+    }
+    record.count++;
+    if (record.count > max) {
+      res.status(429).json({ error: "Too many requests, please try again later" });
+      return;
+    }
+    next();
+  };
+}
 var API_KEY_HEADERS = {
   "x-openai-api-key": "openai",
   "x-google-api-key": "google",
@@ -906,6 +956,16 @@ function extractApiKey(req, agent) {
   return req.body?.apiKey ?? void 0;
 }
 function createAgentRouter(opts) {
+  if (opts.serve?.length) {
+    const discovered = classifyServables(opts.serve);
+    opts = {
+      ...opts,
+      agents: { ...discovered.agents, ...opts.agents },
+      teams: { ...discovered.teams, ...opts.teams },
+      workflows: { ...discovered.workflows, ...opts.workflows }
+    };
+  }
+  const reg = opts.registry === false ? null : opts.registry ?? globalRegistry;
   let express;
   try {
     express = _require4("express");
@@ -913,6 +973,13 @@ function createAgentRouter(opts) {
     throw new Error("express is required for createAgentRouter. Install it: npm install express");
   }
   const router = express.Router();
+  if (opts.cors) {
+    router.use(corsMiddleware(opts.cors));
+  }
+  if (opts.rateLimit) {
+    const config = opts.rateLimit === true ? {} : opts.rateLimit;
+    router.use(rateLimitMiddleware(config));
+  }
   if (opts.middleware) {
     for (const mw of opts.middleware) {
       router.use(mw);
@@ -1088,6 +1155,138 @@ function createAgentRouter(opts) {
       });
     }
   }
+  if (reg) {
+    router.post(
+      "/agents/:name/run",
+      withUpload(async (req, res) => {
+        const agent = reg.getAgent(req.params.name);
+        if (!agent) return res.status(404).json({ error: `Agent "${req.params.name}" not found` });
+        try {
+          const validated = validateBody(req.body, { input: "string", sessionId: "string?", userId: "string?" });
+          const input = buildMultiModalInput(req.body, req.files) ?? validated.input;
+          if (!input) return res.status(400).json({ error: "input is required" });
+          const apiKey = extractApiKey(req, agent);
+          const result = await agent.run(input, {
+            sessionId: validated.sessionId,
+            userId: validated.userId,
+            apiKey
+          });
+          res.json(result);
+        } catch (error) {
+          res.status(400).json({ error: error.message });
+        }
+      })
+    );
+    router.post("/agents/:name/stream", async (req, res) => {
+      const agent = reg.getAgent(req.params.name);
+      if (!agent) return res.status(404).json({ error: `Agent "${req.params.name}" not found` });
+      try {
+        const validated = validateBody(req.body, { input: "string", sessionId: "string?", userId: "string?" });
+        const input = validated.input;
+        if (!input) return res.status(400).json({ error: "input is required" });
+        const apiKey = extractApiKey(req, agent);
+        res.writeHead(200, {
+          "Content-Type": "text/event-stream",
+          "Cache-Control": "no-cache",
+          Connection: "keep-alive"
+        });
+        for await (const chunk of agent.stream(input, {
+          sessionId: validated.sessionId,
+          userId: validated.userId,
+          apiKey
+        })) {
+          res.write(`data: ${JSON.stringify(chunk)}
+
+`);
+        }
+        res.write("data: [DONE]\n\n");
+        res.end();
+      } catch (error) {
+        if (!res.headersSent) res.status(500).json({ error: error.message });
+        else {
+          res.write(`data: ${JSON.stringify({ type: "error", error: error.message })}
+
+`);
+          res.end();
+        }
+      }
+    });
+    router.post("/teams/:name/run", async (req, res) => {
+      const team = reg.getTeam(req.params.name);
+      if (!team) return res.status(404).json({ error: `Team "${req.params.name}" not found` });
+      try {
+        const validated = validateBody(req.body, { input: "string", sessionId: "string?", userId: "string?" });
+        const input = validated.input;
+        if (!input) return res.status(400).json({ error: "input is required" });
+        const apiKey = req.headers["x-api-key"] ?? req.body?.apiKey;
+        const result = await team.run(input, {
+          sessionId: validated.sessionId,
+          userId: validated.userId,
+          apiKey
+        });
+        res.json(result);
+      } catch (error) {
+        res.status(500).json({ error: error.message });
+      }
+    });
+    router.post("/teams/:name/stream", async (req, res) => {
+      const team = reg.getTeam(req.params.name);
+      if (!team) return res.status(404).json({ error: `Team "${req.params.name}" not found` });
+      try {
+        const validated = validateBody(req.body, { input: "string", sessionId: "string?", userId: "string?" });
+        const input = validated.input;
+        if (!input) return res.status(400).json({ error: "input is required" });
+        const apiKey = req.headers["x-api-key"] ?? req.body?.apiKey;
+        res.writeHead(200, {
+          "Content-Type": "text/event-stream",
+          "Cache-Control": "no-cache",
+          Connection: "keep-alive"
+        });
+        for await (const chunk of team.stream(input, {
+          sessionId: validated.sessionId,
+          userId: validated.userId,
+          apiKey
+        })) {
+          res.write(`data: ${JSON.stringify(chunk)}
+
+`);
+        }
+        res.write("data: [DONE]\n\n");
+        res.end();
+      } catch (error) {
+        if (!res.headersSent) res.status(500).json({ error: error.message });
+        else {
+          res.write(`data: ${JSON.stringify({ type: "error", error: error.message })}
+
+`);
+          res.end();
+        }
+      }
+    });
+    router.post("/workflows/:name/run", async (req, res) => {
+      const workflow = reg.getWorkflow(req.params.name);
+      if (!workflow) return res.status(404).json({ error: `Workflow "${req.params.name}" not found` });
+      try {
+        const { sessionId, userId } = req.body ?? {};
+        const result = await workflow.run({ sessionId, userId });
+        res.json(result);
+      } catch (error) {
+        res.status(500).json({ error: error.message });
+      }
+    });
+    router.get("/agents", (_req, res) => {
+      res.json(reg.describeAgents());
+    });
+    router.get("/teams", (_req, res) => {
+      res.json(reg.describeTeams());
+    });
+    router.get("/workflows", (_req, res) => {
+      res.json(reg.describeWorkflows());
+    });
+    router.get("/registry", (_req, res) => {
+      res.json(reg.list());
+    });
+  }
   return router;
 }
 
@@ -1205,13 +1404,44 @@ function createBrowserGateway(opts) {
 }
 
 // src/socketio/gateway.ts
+import { classifyServables as classifyServables2, registry as globalRegistry2 } from "@radaros/core";
+function createSocketRateLimiter(maxPerMinute = 60) {
+  return () => {
+    let count = 0;
+    let resetTime = Date.now() + 6e4;
+    return () => {
+      const now = Date.now();
+      if (now > resetTime) {
+        count = 0;
+        resetTime = now + 6e4;
+      }
+      count++;
+      return count <= maxPerMinute;
+    };
+  };
+}
 function createAgentGateway(opts) {
+  if (opts.serve?.length) {
+    const discovered = classifyServables2(opts.serve);
+    opts = {
+      ...opts,
+      agents: { ...discovered.agents, ...opts.agents },
+      teams: { ...discovered.teams, ...opts.teams }
+    };
+  }
+  const reg = opts.registry === false ? null : opts.registry ?? globalRegistry2;
   const ns = opts.io.of(opts.namespace ?? "/radaros");
   if (opts.authMiddleware) {
     ns.use(opts.authMiddleware);
   }
+  const rateLimiterFactory = createSocketRateLimiter(opts.maxRequestsPerMinute ?? 60);
   ns.on("connection", (socket) => {
+    const checkRate = rateLimiterFactory();
     socket.on("agent.run", async (data) => {
+      if (!checkRate()) {
+        socket.emit("agent.error", { error: "Rate limit exceeded" });
+        return;
+      }
       if (!data || typeof data.input !== "string" || !data.input.trim()) {
         socket.emit("agent.error", { error: "Invalid input: must be a non-empty string" });
         return;
@@ -1220,7 +1450,7 @@ function createAgentGateway(opts) {
         socket.emit("agent.error", { error: "Invalid sessionId: must be a string" });
         return;
       }
-      const agent = opts.agents?.[data.name];
+      const agent = opts.agents?.[data.name] ?? reg?.getAgent(data.name);
       if (!agent) {
         socket.emit("agent.error", {
           error: `Agent "${data.name}" not found`
@@ -1255,7 +1485,19 @@ function createAgentGateway(opts) {
     socket.on("disconnect", () => {
     });
     socket.on("team.run", async (data) => {
-      const team = opts.teams?.[data.name];
+      if (!checkRate()) {
+        socket.emit("agent.error", { error: "Rate limit exceeded" });
+        return;
+      }
+      if (!data || typeof data.input !== "string" || !data.input.trim()) {
+        socket.emit("agent.error", { error: "Invalid input: must be a non-empty string" });
+        return;
+      }
+      if (data.sessionId !== void 0 && typeof data.sessionId !== "string") {
+        socket.emit("agent.error", { error: "Invalid sessionId: must be a string" });
+        return;
+      }
+      const team = opts.teams?.[data.name] ?? reg?.getTeam(data.name);
       if (!team) {
         socket.emit("agent.error", {
           error: `Team "${data.name}" not found`
@@ -1380,7 +1622,11 @@ function createVoiceGateway(opts) {
       if (session) {
         try {
           await session.close();
-        } catch {
+        } catch (err) {
+          console.warn(
+            "[radaros/voice-gateway] Error closing session on disconnect:",
+            err instanceof Error ? err.message : err
+          );
         }
         activeSessions.delete(socket.id);
       }

package/package.json

@@ -1,6 +1,21 @@
 {
   "name": "@radaros/transport",
-  "version": "0.3.12",
+  "version": "0.3.14",
+  "description": "HTTP and WebSocket transport layer for RadarOS agents",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/xhipment/agentOs.git",
+    "directory": "packages/transport"
+  },
+  "keywords": [
+    "ai",
+    "agents",
+    "express",
+    "socketio",
+    "api",
+    "transport"
+  ],
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -24,7 +39,7 @@
     "typescript": "^5.6.0"
   },
   "peerDependencies": {
-    "@radaros/core": "^0.3.12",
+    "@radaros/core": "^0.3.14",
     "@types/express": "^4.0.0 || ^5.0.0",
     "express": "^4.0.0 || ^5.0.0",
     "multer": ">=2.0.0",