@uploadista/flow-security-nodes 0.0.16-beta.1

package/.turbo/turbo-build.log

@@ -0,0 +1,22 @@
+
+
+> @uploadista/flow-security-nodes@0.0.15 build /Users/denislaboureyras/Documents/uploadista/dev/uploadista-workspace/uploadista-sdk/packages/flow/security/nodes
+> tsdown
+
+ℹ tsdown v0.16.5 powered by rolldown v1.0.0-beta.50
+ℹ Using tsdown config: /Users/denislaboureyras/Documents/uploadista/dev/uploadista-workspace/uploadista-sdk/packages/flow/security/nodes/tsdown.config.ts
+ℹ entry: src/index.ts
+ℹ tsconfig: tsconfig.json
+ℹ Build start
+ℹ Cleaning 7 files
+ℹ [CJS] dist/index.cjs  1.05 kB │ gzip: 0.58 kB
+ℹ [CJS] 1 files, total: 1.05 kB
+ℹ [ESM] dist/index.mjs        1.08 kB │ gzip: 0.61 kB
+ℹ [ESM] dist/index.mjs.map    5.11 kB │ gzip: 1.95 kB
+ℹ [ESM] dist/index.d.mts.map  0.54 kB │ gzip: 0.28 kB
+ℹ [ESM] dist/index.d.mts      3.18 kB │ gzip: 1.17 kB
+ℹ [ESM] 4 files, total: 9.91 kB
+ℹ [CJS] dist/index.d.cts.map  0.54 kB │ gzip: 0.28 kB
+ℹ [CJS] dist/index.d.cts      3.18 kB │ gzip: 1.16 kB
+ℹ [CJS] 2 files, total: 3.72 kB
+✔ Build complete in 5257ms

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 uploadista
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,129 @@
+# @uploadista/flow-security-nodes
+
+Security processing nodes for Uploadista Flow, including virus scanning and malware detection.
+
+## Installation
+
+```bash
+npm install @uploadista/flow-security-nodes
+# or
+pnpm add @uploadista/flow-security-nodes
+# or
+yarn add @uploadista/flow-security-nodes
+```
+
+## Features
+
+- **Virus Scanning**: Scan files for viruses and malware using pluggable antivirus engines
+- **Configurable Actions**: Choose to fail flow or continue with metadata on virus detection
+- **Effect-based**: Built on Effect-TS for type-safe, composable error handling
+- **Plugin Architecture**: Support for multiple antivirus engines (ClamAV, cloud services, etc.)
+
+## Available Nodes
+
+### Scan Virus Node
+
+Scans files for viruses and malware. Requires a `VirusScanPlugin` implementation (e.g., `@uploadista/flow-security-clamscan`).
+
+#### Usage
+
+```typescript
+import { createScanVirusNode } from "@uploadista/flow-security-nodes";
+import { Effect } from "effect";
+
+const program = Effect.gen(function* () {
+  // Create a scan virus node that fails on detection
+  const scanNode = yield* createScanVirusNode("virus-scan-1", {
+    action: "fail", // Stop flow if virus detected
+    timeout: 60000, // 60 second timeout
+  });
+
+  // Or create a node that passes with metadata
+  const auditNode = yield* createScanVirusNode("virus-scan-2", {
+    action: "pass", // Continue flow even if virus detected
+    timeout: 120000, // 2 minute timeout for large files
+  });
+});
+```
+
+#### Parameters
+
+- `id` (required): Unique node identifier
+- `params` (optional): Configuration object
+  - `action`: `"fail"` | `"pass"` (default: `"fail"`)
+    - `"fail"`: Mark flow task as FAILED and stop processing when virus detected
+    - `"pass"`: Continue processing but add virus metadata to file
+  - `timeout`: Maximum scan time in milliseconds (default: 60000, max: 300000)
+
+#### Scan Metadata
+
+All scan results are stored in `file.metadata.virusScan`:
+
+```typescript
+type VirusScanMetadata = {
+  scanned: boolean; // Whether file was scanned
+  isClean: boolean; // Whether file is clean (no viruses)
+  detectedViruses: string[]; // Array of detected virus names
+  scanDate: string; // ISO 8601 timestamp
+  engineVersion: string; // Antivirus engine version
+  definitionsDate: string; // Virus definitions date
+};
+```
+
+#### Example Flow
+
+```typescript
+import { createFlow } from "@uploadista/core/flow";
+import { createScanVirusNode } from "@uploadista/flow-security-nodes";
+import { ClamScanPluginLayer } from "@uploadista/flow-security-clamscan";
+
+const secureUploadFlow = createFlow({
+  nodes: [
+    // 1. Input node
+    createInputNode("input-1"),
+
+    // 2. Scan for viruses - fail if infected
+    createScanVirusNode("scan-1", {
+      action: "fail",
+      timeout: 60000,
+    }),
+
+    // 3. Process clean files
+    createImageResizeNode("resize-1", {
+      width: 1920,
+      height: 1080,
+    }),
+
+    // 4. Store to S3
+    createStorageNode("storage-1", {
+      storageId: "my-s3-bucket",
+    }),
+  ],
+  edges: [
+    { source: "input-1", target: "scan-1" },
+    { source: "scan-1", target: "resize-1" },
+    { source: "resize-1", target: "storage-1" },
+  ],
+}).pipe(Effect.provide(ClamScanPluginLayer()));
+```
+
+## Error Codes
+
+The scan virus node may return the following error codes:
+
+- `VIRUS_DETECTED`: Virus or malware detected in file (when `action: "fail"`)
+- `VIRUS_SCAN_FAILED`: Generic scanning operation failure
+- `CLAMAV_NOT_INSTALLED`: ClamAV or configured antivirus not available
+- `SCAN_TIMEOUT`: Scanning exceeded timeout limit
+
+## Requirements
+
+This package requires a `VirusScanPlugin` implementation. See [@uploadista/flow-security-clamscan](../clamscan) for ClamAV support.
+
+## TypeScript
+
+This package is written in TypeScript and includes full type definitions.
+
+## License
+
+MIT

package/dist/index.cjs

@@ -0,0 +1 @@
+let e=require(`@uploadista/core/errors`),t=require(`@uploadista/core/flow`),n=require(`effect`),r=require(`zod`);const i=r.z.enum([`fail`,`pass`]),a=r.z.object({action:i.default(`fail`),timeout:r.z.number().min(1e3).max(3e5).optional().default(6e4)});function o(r,i={action:`fail`,timeout:6e4}){return n.Effect.gen(function*(){let o=yield*t.VirusScanPlugin,s=a.parse(i);return yield*(0,t.createTransformNode)({id:r,name:`Scan Virus`,description:`Scans files for viruses and malware using ClamAV`,transform:(t,r)=>n.Effect.gen(function*(){let n=yield*o.scan(t),i=yield*o.getVersion(),a={scanned:!0,isClean:n.isClean,detectedViruses:n.detectedViruses,scanDate:new Date().toISOString(),engineVersion:i,definitionsDate:new Date().toISOString()};if(!n.isClean){let t=`Virus detected: ${n.detectedViruses.join(`, `)}`;if(s.action===`fail`)return yield*(0,e.httpFailure)(`VIRUS_DETECTED`,{body:t,details:{scanMetadata:a}})}return{bytes:t,metadata:{...r.metadata,virusScan:a}}})})})}exports.ScanAction=i,exports.ScanVirusParams=a,exports.createScanVirusNode=o;

package/dist/index.d.cts

@@ -0,0 +1,86 @@
+import * as _uploadista_core_flow0 from "@uploadista/core/flow";
+import { ScanMetadata, ScanResult, VirusScanPlugin } from "@uploadista/core/flow";
+import * as _uploadista_core_types0 from "@uploadista/core/types";
+import * as _uploadista_core_errors0 from "@uploadista/core/errors";
+import * as _uploadista_core_upload0 from "@uploadista/core/upload";
+import { Effect } from "effect";
+import { z } from "zod";
+
+//#region src/scan-virus-node.d.ts
+/**
+ * Scan action to take when a virus is detected
+ */
+declare const ScanAction: z.ZodEnum<{
+  fail: "fail";
+  pass: "pass";
+}>;
+type ScanAction = z.infer<typeof ScanAction>;
+/**
+ * Parameters for the Scan Virus node
+ */
+declare const ScanVirusParams: z.ZodObject<{
+  action: z.ZodDefault<z.ZodEnum<{
+    fail: "fail";
+    pass: "pass";
+  }>>;
+  timeout: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+}, z.core.$strip>;
+type ScanVirusParams = z.infer<typeof ScanVirusParams>;
+/**
+ * Creates a Scan Virus node for malware detection
+ *
+ * Scans files for viruses and malware using the configured VirusScanPlugin
+ * (typically ClamAV). Supports configurable actions on detection:
+ * - "fail": Stop flow execution when virus detected
+ * - "pass": Continue flow with detection metadata
+ *
+ * All scan results are stored in file.metadata.virusScan for downstream nodes.
+ *
+ * @param id - Unique node identifier
+ * @param params - Configuration parameters for scan behavior
+ * @returns Effect that resolves to the configured node
+ *
+ * @example
+ * ```typescript
+ * // Fail on virus detection (default)
+ * const failNode = yield* createScanVirusNode("scan-1", {
+ *   action: "fail"
+ * });
+ *
+ * // Pass through with metadata
+ * const passNode = yield* createScanVirusNode("scan-2", {
+ *   action: "pass",
+ *   timeout: 120000 // 2 minutes
+ * });
+ * ```
+ */
+declare function createScanVirusNode(id: string, params?: ScanVirusParams): Effect.Effect<_uploadista_core_flow0.FlowNodeData & {
+  inputSchema: z.ZodType<_uploadista_core_types0.UploadFile, unknown, z.core.$ZodTypeInternals<_uploadista_core_types0.UploadFile, unknown>>;
+  outputSchema: z.ZodType<_uploadista_core_types0.UploadFile, unknown, z.core.$ZodTypeInternals<_uploadista_core_types0.UploadFile, unknown>>;
+  run: (args: {
+    data: _uploadista_core_types0.UploadFile;
+    jobId: string;
+    storageId: string;
+    flowId: string;
+    inputs?: Record<string, unknown>;
+    clientId: string | null;
+  }) => Effect.Effect<_uploadista_core_flow0.NodeExecutionResult<_uploadista_core_types0.UploadFile>, _uploadista_core_errors0.UploadistaError, never>;
+  condition?: {
+    field: string;
+    operator: string;
+    value: unknown;
+  };
+  multiInput?: boolean;
+  multiOutput?: boolean;
+  pausable?: boolean;
+  retry?: {
+    maxRetries?: number;
+    retryDelay?: number;
+    exponentialBackoff?: boolean;
+  };
+} & {
+  type: _uploadista_core_flow0.NodeType;
+}, _uploadista_core_errors0.UploadistaError, VirusScanPlugin | _uploadista_core_upload0.UploadServer>;
+//#endregion
+export { ScanAction, type ScanAction as ScanActionType, type ScanMetadata, type ScanResult, ScanVirusParams, type ScanVirusParams as ScanVirusParamsType, createScanVirusNode };
+//# sourceMappingURL=index.d.cts.map

package/dist/index.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.cts","names":[],"sources":["../src/scan-virus-node.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;cAYa,YAAU,CAAA,CAAA;;;AAAvB,CAAA,CAAA;AACY,KAAA,UAAA,GAAa,CAAA,CAAE,KAAa,CAAA,OAAA,UAAR,CAAA;AAKhC;;;cAAa,iBAAe,CAAA,CAAA;;;;EAAA,CAAA,CAAA,CAAA;EAAA,OAAA,cAAA,cAAA,YAAA,CAAA,CAAA;AAgB5B,CAAA,eAAY,CAAA;AA8BI,KA9BJ,eAAA,GAAkB,CAAA,CAAE,KA8BG,CAAA,OA9BU,eA8BV,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAAnB,mBAAA,sBAEN,kBAAoD,MAAA,CAAA,OAAA,sBAAA,CAAA,YAAA;yBAAA,uBAAA,CAAA,UAAA;;;;;;;aA2DoplI;;iEAAA,uBAAA,CAAA,UAAA"}

package/dist/index.d.mts

@@ -0,0 +1,86 @@
+import * as _uploadista_core_errors0 from "@uploadista/core/errors";
+import * as _uploadista_core_flow0 from "@uploadista/core/flow";
+import { ScanMetadata, ScanResult, VirusScanPlugin } from "@uploadista/core/flow";
+import { Effect } from "effect";
+import { z } from "zod";
+import * as _uploadista_core_types0 from "@uploadista/core/types";
+import * as _uploadista_core_upload0 from "@uploadista/core/upload";
+
+//#region src/scan-virus-node.d.ts
+/**
+ * Scan action to take when a virus is detected
+ */
+declare const ScanAction: z.ZodEnum<{
+  fail: "fail";
+  pass: "pass";
+}>;
+type ScanAction = z.infer<typeof ScanAction>;
+/**
+ * Parameters for the Scan Virus node
+ */
+declare const ScanVirusParams: z.ZodObject<{
+  action: z.ZodDefault<z.ZodEnum<{
+    fail: "fail";
+    pass: "pass";
+  }>>;
+  timeout: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+}, z.core.$strip>;
+type ScanVirusParams = z.infer<typeof ScanVirusParams>;
+/**
+ * Creates a Scan Virus node for malware detection
+ *
+ * Scans files for viruses and malware using the configured VirusScanPlugin
+ * (typically ClamAV). Supports configurable actions on detection:
+ * - "fail": Stop flow execution when virus detected
+ * - "pass": Continue flow with detection metadata
+ *
+ * All scan results are stored in file.metadata.virusScan for downstream nodes.
+ *
+ * @param id - Unique node identifier
+ * @param params - Configuration parameters for scan behavior
+ * @returns Effect that resolves to the configured node
+ *
+ * @example
+ * ```typescript
+ * // Fail on virus detection (default)
+ * const failNode = yield* createScanVirusNode("scan-1", {
+ *   action: "fail"
+ * });
+ *
+ * // Pass through with metadata
+ * const passNode = yield* createScanVirusNode("scan-2", {
+ *   action: "pass",
+ *   timeout: 120000 // 2 minutes
+ * });
+ * ```
+ */
+declare function createScanVirusNode(id: string, params?: ScanVirusParams): Effect.Effect<_uploadista_core_flow0.FlowNodeData & {
+  inputSchema: z.ZodType<_uploadista_core_types0.UploadFile, unknown, z.core.$ZodTypeInternals<_uploadista_core_types0.UploadFile, unknown>>;
+  outputSchema: z.ZodType<_uploadista_core_types0.UploadFile, unknown, z.core.$ZodTypeInternals<_uploadista_core_types0.UploadFile, unknown>>;
+  run: (args: {
+    data: _uploadista_core_types0.UploadFile;
+    jobId: string;
+    storageId: string;
+    flowId: string;
+    inputs?: Record<string, unknown>;
+    clientId: string | null;
+  }) => Effect.Effect<_uploadista_core_flow0.NodeExecutionResult<_uploadista_core_types0.UploadFile>, _uploadista_core_errors0.UploadistaError, never>;
+  condition?: {
+    field: string;
+    operator: string;
+    value: unknown;
+  };
+  multiInput?: boolean;
+  multiOutput?: boolean;
+  pausable?: boolean;
+  retry?: {
+    maxRetries?: number;
+    retryDelay?: number;
+    exponentialBackoff?: boolean;
+  };
+} & {
+  type: _uploadista_core_flow0.NodeType;
+}, _uploadista_core_errors0.UploadistaError, VirusScanPlugin | _uploadista_core_upload0.UploadServer>;
+//#endregion
+export { ScanAction, type ScanAction as ScanActionType, type ScanMetadata, type ScanResult, ScanVirusParams, type ScanVirusParams as ScanVirusParamsType, createScanVirusNode };
+//# sourceMappingURL=index.d.mts.map

package/dist/index.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.mts","names":[],"sources":["../src/scan-virus-node.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;cAYa,YAAU,CAAA,CAAA;;;AAAvB,CAAA,CAAA;AACY,KAAA,UAAA,GAAa,CAAA,CAAE,KAAa,CAAA,OAAA,UAAR,CAAA;AAKhC;;;cAAa,iBAAe,CAAA,CAAA;;;;EAAA,CAAA,CAAA,CAAA;EAAA,OAAA,cAAA,cAAA,YAAA,CAAA,CAAA;AAgB5B,CAAA,eAAY,CAAA;AA8BI,KA9BJ,eAAA,GAAkB,CAAA,CAAE,KA8BG,CAAA,OA9BU,eA8BV,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAAnB,mBAAA,sBAEN,kBAAoD,MAAA,CAAA,OAAA,sBAAA,CAAA,YAAA;yBAAA,uBAAA,CAAA,UAAA;;;;;;;aA2DoplI;;iEAAA,uBAAA,CAAA,UAAA"}

package/dist/index.mjs

@@ -0,0 +1,2 @@
+import{httpFailure as e}from"@uploadista/core/errors";import{VirusScanPlugin as t,createTransformNode as n}from"@uploadista/core/flow";import{Effect as r}from"effect";import{z as i}from"zod";const a=i.enum([`fail`,`pass`]),o=i.object({action:a.default(`fail`),timeout:i.number().min(1e3).max(3e5).optional().default(6e4)});function s(i,a={action:`fail`,timeout:6e4}){return r.gen(function*(){let s=yield*t,c=o.parse(a);return yield*n({id:i,name:`Scan Virus`,description:`Scans files for viruses and malware using ClamAV`,transform:(t,n)=>r.gen(function*(){let r=yield*s.scan(t),i=yield*s.getVersion(),a={scanned:!0,isClean:r.isClean,detectedViruses:r.detectedViruses,scanDate:new Date().toISOString(),engineVersion:i,definitionsDate:new Date().toISOString()};if(!r.isClean){let t=`Virus detected: ${r.detectedViruses.join(`, `)}`;if(c.action===`fail`)return yield*e(`VIRUS_DETECTED`,{body:t,details:{scanMetadata:a}})}return{bytes:t,metadata:{...n.metadata,virusScan:a}}})})})}export{a as ScanAction,o as ScanVirusParams,s as createScanVirusNode};
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":["scanMetadata: ScanMetadata"],"sources":["../src/scan-virus-node.ts"],"sourcesContent":["import { httpFailure } from \"@uploadista/core/errors\";\nimport {\n  createTransformNode,\n  type ScanMetadata,\n  VirusScanPlugin,\n} from \"@uploadista/core/flow\";\nimport { Effect } from \"effect\";\nimport { z } from \"zod\";\n\n/**\n * Scan action to take when a virus is detected\n */\nexport const ScanAction = z.enum([\"fail\", \"pass\"]);\nexport type ScanAction = z.infer<typeof ScanAction>;\n\n/**\n * Parameters for the Scan Virus node\n */\nexport const ScanVirusParams = z.object({\n  /**\n   * Action to take when a virus is detected:\n   * - \"fail\": Mark flow task as FAILED and stop processing\n   * - \"pass\": Continue processing but add virus metadata to file\n   */\n  action: ScanAction.default(\"fail\"),\n\n  /**\n   * Maximum time to wait for scan completion (in milliseconds)\n   * Default: 60000ms (60 seconds)\n   * Max: 300000ms (5 minutes)\n   */\n  timeout: z.number().min(1000).max(300000).optional().default(60000),\n});\n\nexport type ScanVirusParams = z.infer<typeof ScanVirusParams>;\n\n/**\n * Creates a Scan Virus node for malware detection\n *\n * Scans files for viruses and malware using the configured VirusScanPlugin\n * (typically ClamAV). Supports configurable actions on detection:\n * - \"fail\": Stop flow execution when virus detected\n * - \"pass\": Continue flow with detection metadata\n *\n * All scan results are stored in file.metadata.virusScan for downstream nodes.\n *\n * @param id - Unique node identifier\n * @param params - Configuration parameters for scan behavior\n * @returns Effect that resolves to the configured node\n *\n * @example\n * ```typescript\n * // Fail on virus detection (default)\n * const failNode = yield* createScanVirusNode(\"scan-1\", {\n *   action: \"fail\"\n * });\n *\n * // Pass through with metadata\n * const passNode = yield* createScanVirusNode(\"scan-2\", {\n *   action: \"pass\",\n *   timeout: 120000 // 2 minutes\n * });\n * ```\n */\nexport function createScanVirusNode(\n  id: string,\n  params: ScanVirusParams = { action: \"fail\", timeout: 60000 },\n) {\n  return Effect.gen(function* () {\n    const virusScanService = yield* VirusScanPlugin;\n\n    // Validate params\n    const validatedParams = ScanVirusParams.parse(params);\n\n    return yield* createTransformNode({\n      id,\n      name: \"Scan Virus\",\n      description: \"Scans files for viruses and malware using ClamAV\",\n      transform: (inputBytes, file) =>\n        Effect.gen(function* () {\n          // Perform virus scan\n          const scanResult = yield* virusScanService.scan(inputBytes);\n\n          // Get engine version for metadata\n          const engineVersion = yield* virusScanService.getVersion();\n\n          // Build comprehensive scan metadata\n          const scanMetadata: ScanMetadata = {\n            scanned: true,\n            isClean: scanResult.isClean,\n            detectedViruses: scanResult.detectedViruses,\n            scanDate: new Date().toISOString(),\n            engineVersion,\n            definitionsDate: new Date().toISOString(), // TODO: Get actual definitions date from plugin\n          };\n\n          // Check if virus was detected\n          if (!scanResult.isClean) {\n            // Build error message with detected viruses\n            const virusList = scanResult.detectedViruses.join(\", \");\n            const message = `Virus detected: ${virusList}`;\n\n            // Handle based on configured action\n            if (validatedParams.action === \"fail\") {\n              // Fail the flow task\n              return yield* httpFailure(\"VIRUS_DETECTED\", {\n                body: message,\n                details: { scanMetadata },\n              });\n            }\n            // action === \"pass\": Continue with metadata (handled below)\n          }\n\n          // Return file with scan metadata (clean or pass action)\n          return {\n            bytes: inputBytes, // Pass through original bytes unchanged\n            metadata: {\n              ...file.metadata,\n              virusScan: scanMetadata,\n            },\n          };\n        }),\n    });\n  });\n}\n"],"mappings":"+LAYA,MAAa,EAAa,EAAE,KAAK,CAAC,OAAQ,OAAO,CAAC,CAMrC,EAAkB,EAAE,OAAO,CAMtC,OAAQ,EAAW,QAAQ,OAAO,CAOlC,QAAS,EAAE,QAAQ,CAAC,IAAI,IAAK,CAAC,IAAI,IAAO,CAAC,UAAU,CAAC,QAAQ,IAAM,CACpE,CAAC,CAgCF,SAAgB,EACd,EACA,EAA0B,CAAE,OAAQ,OAAQ,QAAS,IAAO,CAC5D,CACA,OAAO,EAAO,IAAI,WAAa,CAC7B,IAAM,EAAmB,MAAO,EAG1B,EAAkB,EAAgB,MAAM,EAAO,CAErD,OAAO,MAAO,EAAoB,CAChC,KACA,KAAM,aACN,YAAa,mDACb,WAAY,EAAY,IACtB,EAAO,IAAI,WAAa,CAEtB,IAAM,EAAa,MAAO,EAAiB,KAAK,EAAW,CAGrD,EAAgB,MAAO,EAAiB,YAAY,CAGpDA,EAA6B,CACjC,QAAS,GACT,QAAS,EAAW,QACpB,gBAAiB,EAAW,gBAC5B,SAAU,IAAI,MAAM,CAAC,aAAa,CAClC,gBACA,gBAAiB,IAAI,MAAM,CAAC,aAAa,CAC1C,CAGD,GAAI,CAAC,EAAW,QAAS,CAGvB,IAAM,EAAU,mBADE,EAAW,gBAAgB,KAAK,KAAK,GAIvD,GAAI,EAAgB,SAAW,OAE7B,OAAO,MAAO,EAAY,iBAAkB,CAC1C,KAAM,EACN,QAAS,CAAE,eAAc,CAC1B,CAAC,CAMN,MAAO,CACL,MAAO,EACP,SAAU,CACR,GAAG,EAAK,SACR,UAAW,EACZ,CACF,EACD,CACL,CAAC,EACF"}

package/package.json

@@ -0,0 +1,37 @@
+{
+  "name": "@uploadista/flow-security-nodes",
+  "type": "module",
+  "version": "0.0.16-beta.1",
+  "description": "Security processing nodes for Uploadista Flow",
+  "license": "MIT",
+  "author": "Uploadista",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.mts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.cjs",
+      "default": "./dist/index.mjs"
+    }
+  },
+  "dependencies": {
+    "effect": "3.19.4",
+    "zod": "4.1.12",
+    "@uploadista/core": "0.0.16-beta.1"
+  },
+  "devDependencies": {
+    "@effect/vitest": "0.27.0",
+    "@types/node": "24.10.1",
+    "tsdown": "0.16.5",
+    "vitest": "4.0.8",
+    "@uploadista/typescript-config": "0.0.16-beta.1"
+  },
+  "scripts": {
+    "build": "tsdown",
+    "format": "biome format --write ./src",
+    "lint": "biome lint --write ./src",
+    "check": "biome check --write ./src",
+    "test": "vitest",
+    "test:run": "vitest run",
+    "test:watch": "vitest watch"
+  }
+}

package/src/index.ts

@@ -0,0 +1,16 @@
+// Security processing nodes
+
+// Import from core packages to ensure proper type resolution in generated declarations
+// These imports force tsdown to create namespace aliases instead of inlining types
+import type {} from "@uploadista/core/types";
+import type {} from "@uploadista/core/upload";
+
+// Re-export types from core for convenience
+export type { ScanMetadata, ScanResult } from "@uploadista/core/flow";
+export {
+  createScanVirusNode,
+  ScanAction,
+  type ScanAction as ScanActionType,
+  ScanVirusParams,
+  type ScanVirusParams as ScanVirusParamsType,
+} from "./scan-virus-node";

package/src/scan-virus-node.ts

@@ -0,0 +1,125 @@
+import { httpFailure } from "@uploadista/core/errors";
+import {
+  createTransformNode,
+  type ScanMetadata,
+  VirusScanPlugin,
+} from "@uploadista/core/flow";
+import { Effect } from "effect";
+import { z } from "zod";
+
+/**
+ * Scan action to take when a virus is detected
+ */
+export const ScanAction = z.enum(["fail", "pass"]);
+export type ScanAction = z.infer<typeof ScanAction>;
+
+/**
+ * Parameters for the Scan Virus node
+ */
+export const ScanVirusParams = z.object({
+  /**
+   * Action to take when a virus is detected:
+   * - "fail": Mark flow task as FAILED and stop processing
+   * - "pass": Continue processing but add virus metadata to file
+   */
+  action: ScanAction.default("fail"),
+
+  /**
+   * Maximum time to wait for scan completion (in milliseconds)
+   * Default: 60000ms (60 seconds)
+   * Max: 300000ms (5 minutes)
+   */
+  timeout: z.number().min(1000).max(300000).optional().default(60000),
+});
+
+export type ScanVirusParams = z.infer<typeof ScanVirusParams>;
+
+/**
+ * Creates a Scan Virus node for malware detection
+ *
+ * Scans files for viruses and malware using the configured VirusScanPlugin
+ * (typically ClamAV). Supports configurable actions on detection:
+ * - "fail": Stop flow execution when virus detected
+ * - "pass": Continue flow with detection metadata
+ *
+ * All scan results are stored in file.metadata.virusScan for downstream nodes.
+ *
+ * @param id - Unique node identifier
+ * @param params - Configuration parameters for scan behavior
+ * @returns Effect that resolves to the configured node
+ *
+ * @example
+ * ```typescript
+ * // Fail on virus detection (default)
+ * const failNode = yield* createScanVirusNode("scan-1", {
+ *   action: "fail"
+ * });
+ *
+ * // Pass through with metadata
+ * const passNode = yield* createScanVirusNode("scan-2", {
+ *   action: "pass",
+ *   timeout: 120000 // 2 minutes
+ * });
+ * ```
+ */
+export function createScanVirusNode(
+  id: string,
+  params: ScanVirusParams = { action: "fail", timeout: 60000 },
+) {
+  return Effect.gen(function* () {
+    const virusScanService = yield* VirusScanPlugin;
+
+    // Validate params
+    const validatedParams = ScanVirusParams.parse(params);
+
+    return yield* createTransformNode({
+      id,
+      name: "Scan Virus",
+      description: "Scans files for viruses and malware using ClamAV",
+      transform: (inputBytes, file) =>
+        Effect.gen(function* () {
+          // Perform virus scan
+          const scanResult = yield* virusScanService.scan(inputBytes);
+
+          // Get engine version for metadata
+          const engineVersion = yield* virusScanService.getVersion();
+
+          // Build comprehensive scan metadata
+          const scanMetadata: ScanMetadata = {
+            scanned: true,
+            isClean: scanResult.isClean,
+            detectedViruses: scanResult.detectedViruses,
+            scanDate: new Date().toISOString(),
+            engineVersion,
+            definitionsDate: new Date().toISOString(), // TODO: Get actual definitions date from plugin
+          };
+
+          // Check if virus was detected
+          if (!scanResult.isClean) {
+            // Build error message with detected viruses
+            const virusList = scanResult.detectedViruses.join(", ");
+            const message = `Virus detected: ${virusList}`;
+
+            // Handle based on configured action
+            if (validatedParams.action === "fail") {
+              // Fail the flow task
+              return yield* httpFailure("VIRUS_DETECTED", {
+                body: message,
+                details: { scanMetadata },
+              });
+            }
+            // action === "pass": Continue with metadata (handled below)
+          }
+
+          // Return file with scan metadata (clean or pass action)
+          return {
+            bytes: inputBytes, // Pass through original bytes unchanged
+            metadata: {
+              ...file.metadata,
+              virusScan: scanMetadata,
+            },
+          };
+        }),
+    });
+  });
+}

package/tsconfig.json

@@ -0,0 +1,14 @@
+{
+  "extends": "@uploadista/typescript-config/server.json",
+  "compilerOptions": {
+    "baseUrl": "./",
+    "paths": {
+      "@/*": ["./src/*"]
+    },
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "lib": ["ESNext", "DOM", "DOM.Iterable"],
+    "types": []
+  },
+  "include": ["src"]
+}

package/tsdown.config.ts

@@ -0,0 +1,11 @@
+import { defineConfig } from "tsdown";
+
+export default defineConfig({
+  entry: {
+    index: "src/index.ts",
+  },
+  minify: true,
+  format: ["esm", "cjs"],
+  dts: true,
+  outDir: "dist",
+});