@tjamescouch/agentchat 0.22.0 → 0.22.1

package/lib/server.js

@@ -49,6 +49,12 @@ import {
 import {
   handleSetPresence,
 } from './server/handlers/presence.js';
+import {
+  handleAdminApprove,
+  handleAdminRevoke,
+  handleAdminList,
+} from './server/handlers/admin.js';
+import { Allowlist } from './allowlist.js';
 
 export class AgentChatServer {
   constructor(options = {}) {
@@ -67,6 +73,10 @@ export class AgentChatServer {
     // Message buffer size per channel (for replay on join)
     this.messageBufferSize = options.messageBufferSize || 20;
 
+    // Per-IP connection limiting
+    this.maxConnectionsPerIp = options.maxConnectionsPerIp || 10;
+    this.connectionsByIp = new Map();  // ip -> Set<ws>
+
     // State
     this.agents = new Map();      // ws -> agent info
     this.agentById = new Map();   // id -> ws
@@ -118,6 +128,14 @@ export class AgentChatServer {
     this.pendingVerifications = new Map();
     this.verificationTimeoutMs = options.verificationTimeoutMs || 30000; // 30 seconds default
 
+    // Allowlist (opt-in)
+    this.allowlist = new Allowlist({
+      enabled: options.allowlistEnabled || false,
+      strict: options.allowlistStrict || false,
+      adminKey: options.adminKey || null,
+      filePath: options.allowlistFile || undefined,
+    });
+
     this.wss = null;
     this.httpServer = null;
     this.startedAt = null;  // Set on start() for uptime tracking
@@ -236,18 +254,32 @@ export class AgentChatServer {
     const tls = !!(this.tlsCert && this.tlsKey);
     this.startedAt = Date.now();
 
+    // Security headers applied to all HTTP responses
+    const securityHeaders = {
+      'Strict-Transport-Security': 'max-age=31536000; includeSubDomains',
+      'X-Content-Type-Options': 'nosniff',
+      'X-Frame-Options': 'DENY',
+      'Content-Security-Policy': "default-src 'none'",
+      'Referrer-Policy': 'strict-origin-when-cross-origin',
+    };
+
     // HTTP request handler for health endpoint
     const httpHandler = (req, res) => {
       if (req.method === 'GET' && req.url === '/health') {
         const health = this.getHealth();
-        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.writeHead(200, { 'Content-Type': 'application/json', ...securityHeaders });
         res.end(JSON.stringify(health));
       } else {
-        res.writeHead(404);
+        res.writeHead(404, securityHeaders);
         res.end('Not Found');
       }
     };
 
+    // WebSocket options: limit max message size to 256KB
+    const wsOptions = {
+      maxPayload: 256 * 1024,
+    };
+
     if (tls) {
       // TLS mode: create HTTPS server and attach WebSocket
       const httpsOptions = {
@@ -255,12 +287,12 @@ export class AgentChatServer {
         key: fs.readFileSync(this.tlsKey)
       };
       this.httpServer = https.createServer(httpsOptions, httpHandler);
-      this.wss = new WebSocketServer({ server: this.httpServer });
+      this.wss = new WebSocketServer({ ...wsOptions, server: this.httpServer });
       this.httpServer.listen(this.port, this.host);
     } else {
       // Plain mode: create HTTP server for health endpoint + WebSocket
       this.httpServer = http.createServer(httpHandler);
-      this.wss = new WebSocketServer({ server: this.httpServer });
+      this.wss = new WebSocketServer({ ...wsOptions, server: this.httpServer });
       this.httpServer.listen(this.port, this.host);
     }
 
@@ -272,6 +304,16 @@ export class AgentChatServer {
       const realIp = forwardedFor ? forwardedFor.split(',')[0].trim() : req.socket.remoteAddress;
       const userAgent = req.headers['user-agent'] || 'unknown';
 
+      // Per-IP connection limiting
+      const ipConns = this.connectionsByIp.get(realIp) || new Set();
+      if (ipConns.size >= this.maxConnectionsPerIp) {
+        this._log('connection_rejected', { ip: realIp, reason: 'max_connections_per_ip', count: ipConns.size });
+        ws.close(1008, 'Too many connections from this IP');
+        return;
+      }
+      ipConns.add(ws);
+      this.connectionsByIp.set(realIp, ipConns);
+
       // Store connection metadata on ws for later logging
       ws._connectedAt = Date.now();
       ws._realIp = realIp;
@@ -280,14 +322,22 @@ export class AgentChatServer {
       this._log('connection', {
         ip: realIp,
         proxy_ip: req.socket.remoteAddress,
-        user_agent: userAgent
+        user_agent: userAgent,
+        ip_connections: ipConns.size
       });
-      
+
       ws.on('message', (data) => {
         this._handleMessage(ws, data.toString());
       });
-      
+
       ws.on('close', () => {
+        // Clean up per-IP tracking
+        const conns = this.connectionsByIp.get(realIp);
+        if (conns) {
+          conns.delete(ws);
+          if (conns.size === 0) this.connectionsByIp.delete(realIp);
+        }
+
         // Log if connection closed without ever identifying (drive-by)
         if (!this.agents.has(ws)) {
           const duration = ws._connectedAt ? Math.round((Date.now() - ws._connectedAt) / 1000) : 0;
@@ -340,7 +390,7 @@ export class AgentChatServer {
         const agentMentions = [];
         for (const ws of channel.agents) {
           const agent = this.agents.get(ws);
-          if (agent) agentMentions.push(`@${agent.id}`);
+          if (agent) agentMentions.push(`${agent.name} (@${agent.id})`);
         }
 
         const prompt = `${agentMentions.join(', ')} - ${starter}`;
@@ -379,6 +429,45 @@ export class AgentChatServer {
   }
   
   _handleMessage(ws, data) {
+    // Application-level message size limit (defense-in-depth for proxy bypass)
+    const maxPayloadBytes = 256 * 1024; // 256KB - matches wsOptions.maxPayload
+    if (data.length > maxPayloadBytes) {
+      this._log('message_too_large', {
+        ip: ws._realIp,
+        size: data.length,
+        max: maxPayloadBytes
+      });
+      this._send(ws, createError(ErrorCode.INVALID_MSG, `Message too large (${data.length} bytes, max ${maxPayloadBytes})`));
+      return;
+    }
+
+    // Per-connection rate limiting (applies before auth check)
+    const now = Date.now();
+    if (!ws._msgTimestamps) ws._msgTimestamps = [];
+
+    // Sliding window: keep only timestamps from last 10 seconds
+    ws._msgTimestamps = ws._msgTimestamps.filter(t => now - t < 10000);
+    ws._msgTimestamps.push(now);
+
+    const isIdentified = this.agents.has(ws);
+    // Pre-auth: max 10 messages per 10s window (enough for IDENTIFY + JOINs)
+    // Post-auth: max 60 messages per 10s window (existing MSG rate limit also applies)
+    const maxMessages = isIdentified ? 60 : 10;
+
+    if (ws._msgTimestamps.length > maxMessages) {
+      if (!isIdentified) {
+        this._log('pre_auth_rate_limit', {
+          ip: ws._realIp,
+          count: ws._msgTimestamps.length,
+          window: '10s'
+        });
+        ws.close(1008, 'Rate limit exceeded');
+        return;
+      }
+      this._send(ws, createError(ErrorCode.RATE_LIMITED, 'Too many messages'));
+      return;
+    }
+
     const { valid, msg, error } = validateClientMessage(data);
 
     if (!valid) {
@@ -452,6 +541,16 @@ export class AgentChatServer {
       case ClientMessageType.VERIFY_RESPONSE:
         handleVerifyResponse(this, ws, msg);
         break;
+      // Admin messages (allowlist management)
+      case ClientMessageType.ADMIN_APPROVE:
+        handleAdminApprove(this, ws, msg);
+        break;
+      case ClientMessageType.ADMIN_REVOKE:
+        handleAdminRevoke(this, ws, msg);
+        break;
+      case ClientMessageType.ADMIN_LIST:
+        handleAdminList(this, ws, msg);
+        break;
     }
   }
   
@@ -479,7 +578,8 @@ export class AgentChatServer {
         channel.agents.delete(ws);
         this._broadcast(channelName, createMessage(ServerMessageType.AGENT_LEFT, {
           channel: channelName,
-          agent: `@${agent.id}`
+          agent: `@${agent.id}`,
+          name: agent.name
         }));
       }
     }
@@ -502,7 +602,12 @@ export function startServer(options = {}) {
     cert: options.cert || process.env.TLS_CERT || null,
     key: options.key || process.env.TLS_KEY || null,
     rateLimitMs: options.rateLimitMs || parseInt(process.env.RATE_LIMIT_MS || 1000),
-    messageBufferSize: options.messageBufferSize || parseInt(process.env.MESSAGE_BUFFER_SIZE || 20)
+    messageBufferSize: options.messageBufferSize || parseInt(process.env.MESSAGE_BUFFER_SIZE || 20),
+    // Allowlist settings
+    allowlistEnabled: options.allowlistEnabled || process.env.ALLOWLIST_ENABLED === 'true',
+    allowlistStrict: options.allowlistStrict || process.env.ALLOWLIST_STRICT === 'true',
+    adminKey: options.adminKey || process.env.ADMIN_KEY || null,
+    allowlistFile: options.allowlistFile || process.env.ALLOWLIST_FILE || undefined,
   };
 
   const server = new AgentChatServer(config);