@superatomai/sdk-node 0.0.28-mds → 0.0.29-mds

package/dist/index.d.mts

@@ -1652,12 +1652,20 @@ declare class Thread {
 
 /**
  * ThreadManager manages all threads globally
- * Provides methods to create, retrieve, and delete threads
+ * Provides methods to create, retrieve, and delete threads.
+ * Includes automatic cleanup to prevent unbounded memory growth.
  */
 declare class ThreadManager {
     private static instance;
     private threads;
+    private cleanupInterval;
+    private readonly threadTtlMs;
     private constructor();
+    /**
+     * Periodically remove threads older than 7 days.
+     * Runs every hour to avoid frequent iteration over the map.
+     */
+    private startCleanup;
     /**
      * Get singleton instance of ThreadManager
      */
@@ -2449,18 +2457,25 @@ declare class OpenAILLM extends BaseLLM {
 declare const openaiLLM: OpenAILLM;
 
 /**
- * Query Cache - Two separate stores with different lifetimes:
+ * Query Cache — Two mechanisms:
  *
- * 1. `cache` (query string → result data) — TTL-based, for avoiding re-execution of recently validated queries.
- * 2. `queryIdCache` (queryId → SQL) — permanent (server lifetime), because queryIds are persisted
- *    in dashboard widgets and must remain resolvable across page reloads and idle periods.
- *    Only the cached *data* inside a queryId entry expires; the SQL mapping itself never does.
+ * 1. `cache` (query string → result data) — TTL-based with max size, for avoiding re-execution
+ *    of recently validated queries. LRU eviction when max size exceeded.
+ *
+ * 2. Encrypted queryId tokens — SQL is encrypted into the queryId itself (self-contained).
+ *    No server-side storage needed for SQL mappings. The token is decrypted on each request.
+ *    This eliminates the unbounded queryIdCache that previously grew forever and caused
+ *    memory bloat (hundreds of MBs after thousands of queries).
+ *
+ *    Result data can still be cached temporarily via the data cache (mechanism 1).
  */
 declare class QueryCache {
     private cache;
-    private queryIdCache;
     private ttlMs;
+    private maxCacheSize;
     private cleanupInterval;
+    private readonly algorithm;
+    private encryptionKey;
     constructor();
     /**
      * Set the cache TTL (Time To Live)
@@ -2472,8 +2487,7 @@ declare class QueryCache {
      */
     getTTL(): number;
     /**
-     * Store query result in cache
-     * Key is the exact query string (or JSON for parameterized queries)
+     * Store query result in data cache
      */
     set(query: string, data: any): void;
     /**
@@ -2501,31 +2515,33 @@ declare class QueryCache {
         oldestEntryAge: number | null;
     };
     /**
-     * Start periodic cleanup of expired entries.
-     * Only cleans the data cache — queryIdCache entries are permanent (server lifetime)
-     * because queryIds are persisted in dashboard widgets.
+     * Start periodic cleanup of expired data cache entries.
      */
     private startCleanup;
     /**
-     * Generate a unique query ID
+     * Encrypt a payload into a self-contained token.
+     */
+    private encrypt;
+    /**
+     * Decrypt a token back to the original payload.
      */
-    private generateQueryId;
+    private decrypt;
     /**
-     * Store a query by ID. Returns the generated queryId.
-     * The query is stored server-side; only the queryId is sent to the frontend.
+     * Store a query by generating an encrypted token as queryId.
+     * The SQL is encrypted INTO the token — nothing stored in memory.
+     * If data is provided, it's cached temporarily in the data cache.
      */
     storeQuery(query: any, data?: any): string;
     /**
-     * Get a stored query by its ID.
-     * The SQL mapping never expires (queryIds are persisted in dashboard widgets).
-     * Cached data may be null if it was evicted by the cleanup interval.
+     * Get a stored query by decrypting its token.
+     * Returns the SQL + any cached result data.
      */
     getQuery(queryId: string): {
         query: any;
         data: any;
     } | null;
     /**
-     * Update cached data for a queryId
+     * Update cached data for a queryId token
      */
     setQueryData(queryId: string, data: any): void;
     /**

package/dist/index.d.ts

@@ -1652,12 +1652,20 @@ declare class Thread {
 
 /**
  * ThreadManager manages all threads globally
- * Provides methods to create, retrieve, and delete threads
+ * Provides methods to create, retrieve, and delete threads.
+ * Includes automatic cleanup to prevent unbounded memory growth.
  */
 declare class ThreadManager {
     private static instance;
     private threads;
+    private cleanupInterval;
+    private readonly threadTtlMs;
     private constructor();
+    /**
+     * Periodically remove threads older than 7 days.
+     * Runs every hour to avoid frequent iteration over the map.
+     */
+    private startCleanup;
     /**
      * Get singleton instance of ThreadManager
      */
@@ -2449,18 +2457,25 @@ declare class OpenAILLM extends BaseLLM {
 declare const openaiLLM: OpenAILLM;
 
 /**
- * Query Cache - Two separate stores with different lifetimes:
+ * Query Cache — Two mechanisms:
  *
- * 1. `cache` (query string → result data) — TTL-based, for avoiding re-execution of recently validated queries.
- * 2. `queryIdCache` (queryId → SQL) — permanent (server lifetime), because queryIds are persisted
- *    in dashboard widgets and must remain resolvable across page reloads and idle periods.
- *    Only the cached *data* inside a queryId entry expires; the SQL mapping itself never does.
+ * 1. `cache` (query string → result data) — TTL-based with max size, for avoiding re-execution
+ *    of recently validated queries. LRU eviction when max size exceeded.
+ *
+ * 2. Encrypted queryId tokens — SQL is encrypted into the queryId itself (self-contained).
+ *    No server-side storage needed for SQL mappings. The token is decrypted on each request.
+ *    This eliminates the unbounded queryIdCache that previously grew forever and caused
+ *    memory bloat (hundreds of MBs after thousands of queries).
+ *
+ *    Result data can still be cached temporarily via the data cache (mechanism 1).
  */
 declare class QueryCache {
     private cache;
-    private queryIdCache;
     private ttlMs;
+    private maxCacheSize;
     private cleanupInterval;
+    private readonly algorithm;
+    private encryptionKey;
     constructor();
     /**
      * Set the cache TTL (Time To Live)
@@ -2472,8 +2487,7 @@ declare class QueryCache {
      */
     getTTL(): number;
     /**
-     * Store query result in cache
-     * Key is the exact query string (or JSON for parameterized queries)
+     * Store query result in data cache
      */
     set(query: string, data: any): void;
     /**
@@ -2501,31 +2515,33 @@ declare class QueryCache {
         oldestEntryAge: number | null;
     };
     /**
-     * Start periodic cleanup of expired entries.
-     * Only cleans the data cache — queryIdCache entries are permanent (server lifetime)
-     * because queryIds are persisted in dashboard widgets.
+     * Start periodic cleanup of expired data cache entries.
      */
     private startCleanup;
     /**
-     * Generate a unique query ID
+     * Encrypt a payload into a self-contained token.
+     */
+    private encrypt;
+    /**
+     * Decrypt a token back to the original payload.
      */
-    private generateQueryId;
+    private decrypt;
     /**
-     * Store a query by ID. Returns the generated queryId.
-     * The query is stored server-side; only the queryId is sent to the frontend.
+     * Store a query by generating an encrypted token as queryId.
+     * The SQL is encrypted INTO the token — nothing stored in memory.
+     * If data is provided, it's cached temporarily in the data cache.
      */
     storeQuery(query: any, data?: any): string;
     /**
-     * Get a stored query by its ID.
-     * The SQL mapping never expires (queryIds are persisted in dashboard widgets).
-     * Cached data may be null if it was evicted by the cleanup interval.
+     * Get a stored query by decrypting its token.
+     * Returns the SQL + any cached result data.
      */
     getQuery(queryId: string): {
         query: any;
         data: any;
     } | null;
     /**
-     * Update cached data for a queryId
+     * Update cached data for a queryId token
      */
     setQueryData(queryId: string, data: any): void;
     /**

package/dist/index.js

@@ -1400,7 +1400,30 @@ var Thread = class {
 // src/threads/thread-manager.ts
 var ThreadManager = class _ThreadManager {
   constructor() {
+    this.cleanupInterval = null;
+    // Threads older than 7 days are cleaned up
+    this.threadTtlMs = 7 * 24 * 60 * 60 * 1e3;
     this.threads = /* @__PURE__ */ new Map();
+    this.startCleanup();
+  }
+  /**
+   * Periodically remove threads older than 7 days.
+   * Runs every hour to avoid frequent iteration over the map.
+   */
+  startCleanup() {
+    this.cleanupInterval = setInterval(() => {
+      const now = Date.now();
+      let removedCount = 0;
+      for (const [id, thread] of this.threads.entries()) {
+        if (now - thread.getCreatedAt().getTime() > this.threadTtlMs) {
+          this.threads.delete(id);
+          removedCount++;
+        }
+      }
+      if (removedCount > 0) {
+        console.log(`[ThreadManager] Cleaned up ${removedCount} threads older than 7 days (${this.threads.size} remaining)`);
+      }
+    }, 24 * 60 * 60 * 1e3);
   }
   /**
    * Get singleton instance of ThreadManager
@@ -1489,15 +1512,24 @@ var ThreadManager = class _ThreadManager {
 };
 
 // src/utils/query-cache.ts
+var import_crypto3 = __toESM(require("crypto"));
 var QueryCache = class {
   constructor() {
     this.cache = /* @__PURE__ */ new Map();
-    this.queryIdCache = /* @__PURE__ */ new Map();
     this.ttlMs = 10 * 60 * 1e3;
-    // Default: 10 minutes (for data cache only)
+    // Default: 10 minutes
+    this.maxCacheSize = 500;
+    // Max data cache entries
     this.cleanupInterval = null;
+    // Encryption for queryId tokens
+    this.algorithm = "aes-256-gcm";
+    const keySource = process.env.QUERY_TOKEN_SECRET || "superatom-query-cache-default-key-v1";
+    this.encryptionKey = import_crypto3.default.createHash("sha256").update(keySource).digest();
     this.startCleanup();
   }
+  // ============================================
+  // Data Cache (TTL-based, max size)
+  // ============================================
   /**
    * Set the cache TTL (Time To Live)
    * @param minutes - TTL in minutes (default: 10)
@@ -1513,10 +1545,13 @@ var QueryCache = class {
     return this.ttlMs / 60 / 1e3;
   }
   /**
-   * Store query result in cache
-   * Key is the exact query string (or JSON for parameterized queries)
+   * Store query result in data cache
    */
   set(query, data) {
+    if (this.cache.size >= this.maxCacheSize) {
+      const oldestKey = this.cache.keys().next().value;
+      if (oldestKey) this.cache.delete(oldestKey);
+    }
     this.cache.set(query, {
       query,
       data,
@@ -1529,12 +1564,9 @@ var QueryCache = class {
    */
   get(query) {
     const entry = this.cache.get(query);
-    if (!entry) {
-      return null;
-    }
+    if (!entry) return null;
     if (Date.now() - entry.timestamp > this.ttlMs) {
       this.cache.delete(query);
-      logger.debug(`[QueryCache] Entry expired for query (${query.substring(0, 50)}...)`);
       return null;
     }
     logger.info(`[QueryCache] Cache HIT for query (${query.substring(0, 50)}...)`);
@@ -1571,14 +1603,13 @@ var QueryCache = class {
     }
     return {
       size: this.cache.size,
-      queryIdCount: this.queryIdCache.size,
+      queryIdCount: 0,
+      // No longer stored in memory
       oldestEntryAge: oldestTimestamp ? Date.now() - oldestTimestamp : null
     };
   }
   /**
-   * Start periodic cleanup of expired entries.
-   * Only cleans the data cache — queryIdCache entries are permanent (server lifetime)
-   * because queryIds are persisted in dashboard widgets.
+   * Start periodic cleanup of expired data cache entries.
    */
   startCleanup() {
     this.cleanupInterval = setInterval(() => {
@@ -1590,61 +1621,81 @@ var QueryCache = class {
           expiredCount++;
         }
       }
-      for (const entry of this.queryIdCache.values()) {
-        if (entry.data && now - entry.timestamp > this.ttlMs) {
-          entry.data = null;
-        }
-      }
       if (expiredCount > 0) {
-        logger.debug(`[QueryCache] Cleaned up ${expiredCount} expired data-cache entries`);
+        logger.debug(`[QueryCache] Cleaned up ${expiredCount} expired data-cache entries (${this.cache.size} remaining)`);
       }
     }, 2 * 60 * 1e3);
   }
   // ============================================
-  // Query ID Store — maps queryId → query (no SQL sent to frontend)
+  // Encrypted Query ID Tokens (zero memory)
   // ============================================
   /**
-   * Generate a unique query ID
+   * Encrypt a payload into a self-contained token.
    */
-  generateQueryId() {
-    return `qry_${Date.now().toString(36)}_${Math.random().toString(36).substring(2, 8)}`;
+  encrypt(payload) {
+    const iv = import_crypto3.default.randomBytes(12);
+    const cipher = import_crypto3.default.createCipheriv(this.algorithm, this.encryptionKey, iv);
+    let encrypted = cipher.update(payload, "utf8", "base64");
+    encrypted += cipher.final("base64");
+    const authTag = cipher.getAuthTag();
+    return iv.toString("base64") + "." + authTag.toString("base64") + "." + encrypted;
   }
   /**
-   * Store a query by ID. Returns the generated queryId.
-   * The query is stored server-side; only the queryId is sent to the frontend.
+   * Decrypt a token back to the original payload.
+   */
+  decrypt(token) {
+    try {
+      const parts = token.split(".");
+      if (parts.length !== 3) return null;
+      const iv = Buffer.from(parts[0], "base64");
+      const authTag = Buffer.from(parts[1], "base64");
+      const encrypted = parts[2];
+      const decipher = import_crypto3.default.createDecipheriv(this.algorithm, this.encryptionKey, iv);
+      decipher.setAuthTag(authTag);
+      let decrypted = decipher.update(encrypted, "base64", "utf8");
+      decrypted += decipher.final("utf8");
+      return decrypted;
+    } catch (err) {
+      logger.warn(`[QueryCache] Failed to decrypt queryId token: ${err instanceof Error ? err.message : String(err)}`);
+      return null;
+    }
+  }
+  /**
+   * Store a query by generating an encrypted token as queryId.
+   * The SQL is encrypted INTO the token — nothing stored in memory.
+   * If data is provided, it's cached temporarily in the data cache.
    */
   storeQuery(query, data) {
-    const queryId = this.generateQueryId();
-    this.queryIdCache.set(queryId, {
-      queryId,
-      query,
-      data: data || null,
-      timestamp: Date.now()
-    });
-    const queryPreview = typeof query === "string" ? query.substring(0, 50) : JSON.stringify(query).substring(0, 50);
-    logger.debug(`[QueryCache] Stored query as ${queryId} (${queryPreview}...)`);
+    const payload = typeof query === "string" ? query : JSON.stringify(query);
+    const queryId = this.encrypt(payload);
+    if (data) {
+      this.set(queryId, data);
+    }
+    const queryPreview = payload.substring(0, 50);
+    logger.debug(`[QueryCache] Stored query as encrypted token (${queryPreview}...)`);
     return queryId;
   }
   /**
-   * Get a stored query by its ID.
-   * The SQL mapping never expires (queryIds are persisted in dashboard widgets).
-   * Cached data may be null if it was evicted by the cleanup interval.
+   * Get a stored query by decrypting its token.
+   * Returns the SQL + any cached result data.
    */
   getQuery(queryId) {
-    const entry = this.queryIdCache.get(queryId);
-    if (!entry) return null;
-    entry.timestamp = Date.now();
-    return { query: entry.query, data: entry.data };
+    const decrypted = this.decrypt(queryId);
+    if (!decrypted) return null;
+    let query;
+    try {
+      query = JSON.parse(decrypted);
+    } catch {
+      query = decrypted;
+    }
+    const cachedData = this.get(queryId);
+    return { query, data: cachedData };
   }
   /**
-   * Update cached data for a queryId
+   * Update cached data for a queryId token
    */
   setQueryData(queryId, data) {
-    const entry = this.queryIdCache.get(queryId);
-    if (entry) {
-      entry.data = data;
-      entry.timestamp = Date.now();
-    }
+    this.set(queryId, data);
   }
   /**
    * Stop cleanup interval (for graceful shutdown)
@@ -1655,7 +1706,6 @@ var QueryCache = class {
       this.cleanupInterval = null;
     }
     this.cache.clear();
-    this.queryIdCache.clear();
   }
 };
 var queryCache = new QueryCache();
@@ -2258,7 +2308,7 @@ async function handleBundleRequest(data, bundleDir, sendMessage) {
 }
 
 // src/auth/utils.ts
-var import_crypto3 = __toESM(require("crypto"));
+var import_crypto4 = __toESM(require("crypto"));
 function decodeBase64ToJson(base64Data) {
   try {
     const decodedString = Buffer.from(base64Data, "base64").toString("utf-8");
@@ -2268,7 +2318,7 @@ function decodeBase64ToJson(base64Data) {
   }
 }
 function hashPassword(password) {
-  return import_crypto3.default.createHash("sha1").update(password).digest("hex");
+  return import_crypto4.default.createHash("sha1").update(password).digest("hex");
 }
 
 // src/auth/user-storage.ts