@xenon-device-management/xenon 1.2.0 → 1.3.0

package/lib/src/app/routers/config.js

@@ -47,9 +47,13 @@ const config_service_1 = require("../../data-service/config-service");
 const typedi_1 = require("typedi");
 const logger_1 = __importStar(require("../../logger"));
 const AIService_1 = require("../../services/AIService");
+const scopeGuard_1 = require("../../middleware/scopeGuard");
 class ConfigRouter {
     static register(router, pluginArgs) {
         const configRouter = (0, express_1.Router)();
+        // All mutations under /config require admin scope (global plugin
+        // config + AI provider test probes). GET passthrough for read scope.
+        configRouter.use((0, scopeGuard_1.mutationScopeGuard)(['admin']));
         function getMaskedConfig(args) {
             const masked = Object.assign({}, args);
             // Boolean flags for secret status

package/lib/src/app/routers/control.js

@@ -60,7 +60,43 @@ const os_1 = __importDefault(require("os"));
 const fs_extra_1 = __importDefault(require("fs-extra"));
 const OmniVisionService_1 = require("../../services/omni-vision/OmniVisionService");
 const InspectorService_1 = require("../../services/InspectorService");
+const scopeGuard_1 = require("../../middleware/scopeGuard");
 const router = (0, express_1.Router)();
+// Every mutation under /control (tap, swipe, install, shell, lock, etc.)
+// requires devices scope. Read endpoints (screenshots, page source) stay
+// open to any authenticated key.
+router.use((0, scopeGuard_1.mutationScopeGuard)(['devices']));
+// Cloud metadata endpoints — never proxy to these regardless of caller.
+const FORBIDDEN_PROXY_HOSTS = new Set([
+    '169.254.169.254', // AWS/Azure/GCP IMDS
+    'metadata.google.internal',
+    'metadata.goog',
+    '100.100.100.200', // Alibaba ECS metadata
+    'fd00:ec2::254', // AWS IMDSv6
+]);
+/**
+ * Build a safe proxy URL from a device's reported host. Strips any path,
+ * query, or fragment the host string carried, blocks cloud-metadata targets,
+ * and refuses non-http(s) schemes. Returns null if the host is unsafe.
+ */
+function buildProxyUrl(deviceHost, req) {
+    let parsed;
+    try {
+        parsed = new URL(deviceHost);
+    }
+    catch (_a) {
+        return null;
+    }
+    if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:')
+        return null;
+    if (FORBIDDEN_PROXY_HOSTS.has(parsed.hostname))
+        return null;
+    // Only keep scheme + host + port; discard any attacker-baked path/query/fragment.
+    const origin = `${parsed.protocol}//${parsed.host}`;
+    // Treat req.originalUrl as a path — reparse to strip any control characters.
+    const forwardPath = req.originalUrl.startsWith('/') ? req.originalUrl : `/${req.originalUrl}`;
+    return `${origin}${forwardPath}`;
+}
 function getDeviceInfo(udid) {
     return __awaiter(this, void 0, void 0, function* () {
         return yield device_store_1.DeviceStoreFactory.getStore().findDevice({ udid });
@@ -89,9 +125,12 @@ router.post('/:udid/tap', (req, res) => __awaiter(void 0, void 0, void 0, functi
         return res.status(404).send('Device not found');
     const manager = yield getDeviceManagerForPlatform(device.platform);
     if (device.host && !device.host.includes(req.get('host') || '')) {
-        logger_1.default.info(`Proxying tap for ${udid} to ${device.host}`);
+        const target = buildProxyUrl(device.host, req);
+        if (!target)
+            return res.status(400).send({ error: 'Unsafe device host' });
+        logger_1.default.info(`Proxying tap for ${udid} to ${target}`);
         try {
-            yield InternalHttpClient_1.InternalHttpClient.post(`${device.host}${req.originalUrl}`, req.body);
+            yield InternalHttpClient_1.InternalHttpClient.post(target, req.body);
             return res.status(200).send({ success: true });
         }
         catch (err) {
@@ -130,9 +169,12 @@ router.post('/:udid/swipe', (req, res) => __awaiter(void 0, void 0, void 0, func
         return res.status(404).send('Device not found');
     const manager = yield getDeviceManagerForPlatform(device.platform);
     if (device.host && !device.host.includes(req.get('host') || '')) {
-        logger_1.default.info(`Proxying swipe for ${udid} to ${device.host}`);
+        const target = buildProxyUrl(device.host, req);
+        if (!target)
+            return res.status(400).send({ error: 'Unsafe device host' });
+        logger_1.default.info(`Proxying swipe for ${udid} to ${target}`);
         try {
-            yield InternalHttpClient_1.InternalHttpClient.post(`${device.host}${req.originalUrl}`, req.body);
+            yield InternalHttpClient_1.InternalHttpClient.post(target, req.body);
             return res.status(200).send({ success: true });
         }
         catch (err) {
@@ -160,9 +202,12 @@ router.post('/:udid/text', (req, res) => __awaiter(void 0, void 0, void 0, funct
         return res.status(404).send('Device not found');
     const manager = yield getDeviceManagerForPlatform(device.platform);
     if (device.host && !device.host.includes(req.get('host') || '')) {
-        logger_1.default.info(`Proxying typeText for ${udid} to ${device.host}`);
+        const target = buildProxyUrl(device.host, req);
+        if (!target)
+            return res.status(400).send({ error: 'Unsafe device host' });
+        logger_1.default.info(`Proxying typeText for ${udid} to ${target}`);
         try {
-            yield InternalHttpClient_1.InternalHttpClient.post(`${device.host}${req.originalUrl}`, req.body);
+            yield InternalHttpClient_1.InternalHttpClient.post(target, req.body);
             return res.status(200).send({ success: true });
         }
         catch (err) {
@@ -190,9 +235,12 @@ router.post('/:udid/keyevent', (req, res) => __awaiter(void 0, void 0, void 0, f
         return res.status(404).send('Device not found');
     const manager = yield getDeviceManagerForPlatform(device.platform);
     if (device.host && !device.host.includes(req.get('host') || '')) {
-        logger_1.default.info(`Proxying keyevent for ${udid} to ${device.host}`);
+        const target = buildProxyUrl(device.host, req);
+        if (!target)
+            return res.status(400).send({ error: 'Unsafe device host' });
+        logger_1.default.info(`Proxying keyevent for ${udid} to ${target}`);
         try {
-            yield InternalHttpClient_1.InternalHttpClient.post(`${device.host}${req.originalUrl}`, req.body);
+            yield InternalHttpClient_1.InternalHttpClient.post(target, req.body);
             return res.status(200).send({ success: true });
         }
         catch (err) {
@@ -286,9 +334,12 @@ router.post('/:udid/touchAndHold', (req, res) => __awaiter(void 0, void 0, void
         return res.status(404).send('Device not found');
     const manager = yield getDeviceManagerForPlatform(device.platform);
     if (device.host && !device.host.includes(req.get('host') || '')) {
-        logger_1.default.info(`Proxying touchAndHold for ${udid} to ${device.host}`);
+        const target = buildProxyUrl(device.host, req);
+        if (!target)
+            return res.status(400).send({ error: 'Unsafe device host' });
+        logger_1.default.info(`Proxying touchAndHold for ${udid} to ${target}`);
         try {
-            yield InternalHttpClient_1.InternalHttpClient.post(`${device.host}${req.originalUrl}`, req.body);
+            yield InternalHttpClient_1.InternalHttpClient.post(target, req.body);
             return res.status(200).send({ success: true });
         }
         catch (err) {

package/lib/src/app/routers/dashboard.js

@@ -47,15 +47,12 @@ const SessionManager_1 = require("../../sessions/SessionManager");
 const UniversalMjpegProxy_1 = require("../../helpers/UniversalMjpegProxy");
 const web_config_service_1 = require("../../data-service/web-config-service");
 const typedi_1 = require("typedi");
+const scopeGuard_1 = require("../../middleware/scopeGuard");
 const MJPEG_PROXY_CACHE = new Map();
 //session guard
 function isValidSession(request, response, next) {
     return __awaiter(this, void 0, void 0, function* () {
         const sessionId = request.params.sessionId;
-        // Principal Robustness: Allow virtual manual sessions
-        if (sessionId && sessionId.startsWith('manual_')) {
-            return next();
-        }
         const session = yield prisma_1.prisma.session.findFirst({
             where: {
                 id: sessionId,
@@ -293,8 +290,10 @@ function register(router) {
     router.get('/session/:sessionId/logs/debug', getDebugLogs);
     router.get('/session/:sessionId/profiling', getProfilingData);
     router.get('/config', getGlobalConfig);
-    router.post('/config', updateGlobalConfig);
-    router.post('/config/reset-metrics', resetMetrics);
+    // Config + destructive ops: admin-only. Read-only config stays open to any
+    // authenticated key so dashboards using 'read' scope can still populate.
+    router.post('/config', (0, scopeGuard_1.scopeGuard)(['admin']), updateGlobalConfig);
+    router.post('/config/reset-metrics', (0, scopeGuard_1.scopeGuard)(['admin']), resetMetrics);
 }
 exports.default = {
     register,

package/lib/src/app/routers/grid.js

@@ -50,6 +50,7 @@ const queue_service_1 = require("../../data-service/queue-service");
 const InternalHttpClient_1 = require("../../InternalHttpClient");
 const lodash_1 = __importDefault(require("lodash"));
 const device_service_1 = require("../../data-service/device-service");
+const scopeGuard_1 = require("../../middleware/scopeGuard");
 const logger_1 = __importDefault(require("../../logger"));
 const device_managers_1 = require("../../device-managers");
 const typedi_1 = require("typedi");
@@ -135,24 +136,38 @@ function blockDevice(request, response) {
     return __awaiter(this, void 0, void 0, function* () {
         const requestBody = request.body;
         const device = yield (0, device_service_1.getDevice)(requestBody);
-        if (!lodash_1.default.isNil(device)) {
+        if (lodash_1.default.isNil(device)) {
+            return response.status(404).json({ success: false, error: 'Device not found' });
+        }
+        try {
             yield (0, device_service_1.userBlockDevice)(device.udid, device.host);
         }
-        response.status(200).send({
-            success: true,
-        });
+        catch (err) {
+            logger_1.default.error(`Failed to block device ${device.udid}@${device.host}: ${(err === null || err === void 0 ? void 0 : err.message) || err}`);
+            return response
+                .status(500)
+                .json({ success: false, error: (err === null || err === void 0 ? void 0 : err.message) || 'Failed to block device' });
+        }
+        response.status(200).send({ success: true });
     });
 }
 function unBlockDevice(request, response) {
     return __awaiter(this, void 0, void 0, function* () {
         const requestBody = request.body;
         const device = yield (0, device_service_1.getDevice)(requestBody);
-        if (!lodash_1.default.isNil(device)) {
+        if (lodash_1.default.isNil(device)) {
+            return response.status(404).json({ success: false, error: 'Device not found' });
+        }
+        try {
             yield (0, device_service_1.userUnblockDevice)(device.udid, device.host);
         }
-        response.status(200).send({
-            success: true,
-        });
+        catch (err) {
+            logger_1.default.error(`Failed to unblock device ${device.udid}@${device.host}: ${(err === null || err === void 0 ? void 0 : err.message) || err}`);
+            return response
+                .status(500)
+                .json({ success: false, error: (err === null || err === void 0 ? void 0 : err.message) || 'Failed to unblock device' });
+        }
+        response.status(200).send({ success: true });
     });
 }
 function getQueuedSessionLength(request, response) {
@@ -323,10 +338,13 @@ function register(router, pluginArgs) {
     router.get('/devices', getDevices);
     router.get('/device', getDevices);
     router.get('/device/:platform', getDeviceByPlatform);
-    router.post('/register', registerNode);
-    router.post('/block', blockDevice);
-    router.post('/unblock', unBlockDevice);
-    router.post('/device/tags', updateTags);
+    // Node registration + device manipulation all require devices scope.
+    // Node bootstrap keys have admin scope so they pass; operator keys
+    // need an explicit 'devices' grant.
+    router.post('/register', (0, scopeGuard_1.scopeGuard)(['devices']), registerNode);
+    router.post('/block', (0, scopeGuard_1.scopeGuard)(['devices']), blockDevice);
+    router.post('/unblock', (0, scopeGuard_1.scopeGuard)(['devices']), unBlockDevice);
+    router.post('/device/tags', (0, scopeGuard_1.scopeGuard)(['devices']), updateTags);
     // session related
     router.get('/queue/length', getQueuedSessionLength);
     router.get('/queue', getQueuedSessionRequests);

package/lib/src/app/routers/processes.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.processesRouter = processesRouter;
+const express_1 = require("express");
+const typedi_1 = require("typedi");
+const ProcessRegistry_1 = require("../../services/ProcessRegistry");
+const scopeGuard_1 = require("../../middleware/scopeGuard");
+function processesRouter() {
+    const r = (0, express_1.Router)();
+    r.get('/', (0, scopeGuard_1.scopeGuard)(['admin']), (_req, res) => {
+        const snapshot = typedi_1.Container.get(ProcessRegistry_1.ProcessRegistry)
+            .snapshot()
+            .map(({ id, sessionId, udid, kind, pid, startedAt }) => ({
+            id,
+            sessionId,
+            udid,
+            kind,
+            pid,
+            uptimeMs: Date.now() - startedAt,
+        }));
+        res.json(snapshot);
+    });
+    return r;
+}

package/lib/src/app/routers/reservation.js

@@ -15,7 +15,11 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const express_1 = __importDefault(require("express"));
 const device_service_1 = require("../../data-service/device-service");
 const logger_1 = __importDefault(require("../../logger"));
+const scopeGuard_1 = require("../../middleware/scopeGuard");
 const router = express_1.default.Router();
+// Reserving / releasing / extending a device hold requires devices scope.
+// GET listings remain open to any authenticated key.
+router.use((0, scopeGuard_1.mutationScopeGuard)(['devices']));
 // Duration options in milliseconds
 const DURATION_OPTIONS = {
     '1h': 60 * 60 * 1000,
@@ -77,6 +81,17 @@ router.post('/', (req, res) => __awaiter(void 0, void 0, void 0, function* () {
                 error: `Invalid duration. Use: ${Object.keys(DURATION_OPTIONS).join(', ')} or a number in milliseconds`,
             });
         }
+        // Bounds check: refuse negative, zero, NaN, Infinity, and anything over 24h.
+        const MIN_DURATION_MS = 60 * 1000; // 1 minute
+        const MAX_DURATION_MS = 24 * 60 * 60 * 1000; // 24 hours
+        if (!Number.isFinite(durationMs) ||
+            durationMs < MIN_DURATION_MS ||
+            durationMs > MAX_DURATION_MS) {
+            return res.status(400).json({
+                success: false,
+                error: `duration must be between ${MIN_DURATION_MS}ms (1 minute) and ${MAX_DURATION_MS}ms (24 hours)`,
+            });
+        }
         // Check if device exists
         const device = yield (0, device_service_1.getDevice)({ udid: [udid] });
         if (!device) {

package/lib/src/app/routers/webhook.js

@@ -15,6 +15,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const NotificationService_1 = require("../../services/NotificationService");
 const typedi_1 = require("typedi");
 const logger_1 = __importDefault(require("../../logger"));
+const scopeGuard_1 = require("../../middleware/scopeGuard");
 function getConfigs(req, res) {
     return __awaiter(this, void 0, void 0, function* () {
         try {
@@ -74,9 +75,11 @@ function testWebhook(req, res) {
 }
 function register(router) {
     router.get('/webhook', getConfigs);
-    router.post('/webhook', addConfig);
-    router.delete('/webhook/:id', deleteConfig);
-    router.post('/webhook/test', testWebhook);
+    // Webhook mutations are admin-only: adding / removing / test-firing global
+    // webhooks is a fleet-wide config change.
+    router.post('/webhook', (0, scopeGuard_1.scopeGuard)(['admin']), addConfig);
+    router.delete('/webhook/:id', (0, scopeGuard_1.scopeGuard)(['admin']), deleteConfig);
+    router.post('/webhook/test', (0, scopeGuard_1.scopeGuard)(['admin']), testWebhook);
 }
 exports.default = {
     register,

package/lib/src/auth/nodeSecret.js

@@ -0,0 +1,33 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateNodeSecret = validateNodeSecret;
+const crypto_1 = __importDefault(require("crypto"));
+const logger_1 = __importDefault(require("../logger"));
+function timingSafeEqStr(a, b) {
+    const ab = Buffer.from(a, 'utf8');
+    const bb = Buffer.from(b, 'utf8');
+    return ab.length === bb.length && crypto_1.default.timingSafeEqual(ab, bb);
+}
+let lastPreviousWarnAt = 0;
+// Single source of truth for validating an inbound node secret. Returns
+// 'reject' when no expected secret is configured — callers decide whether
+// that should 401 or fall through. Timing-safe compare so the hub can't be
+// probed by measuring response time differences.
+function validateNodeSecret(given, expected) {
+    if (!given)
+        return 'reject';
+    if (expected.current && timingSafeEqStr(given, expected.current))
+        return 'current';
+    if (expected.previous && timingSafeEqStr(given, expected.previous)) {
+        const now = Date.now();
+        if (now - lastPreviousWarnAt > 60000) {
+            logger_1.default.warn('[nodeSecret] A caller authenticated with XENON_NODE_SECRET_PREVIOUS. Rotate the remaining callers to the new secret and drop PREVIOUS.');
+            lastPreviousWarnAt = now;
+        }
+        return 'previous';
+    }
+    return 'reject';
+}

package/lib/src/config.js

@@ -67,6 +67,11 @@ exports.config = {
     openaiModel: process.env.XENON_OPENAI_MODEL,
     anthropicModel: process.env.XENON_ANTHROPIC_MODEL,
     ollamaModel: process.env.XENON_OLLAMA_MODEL,
+    bootstrapKeyPath: process.env.XENON_BOOTSTRAP_KEY_PATH ||
+        path.join(basePath, 'bootstrap-key.txt'),
+    authDisabled: process.env.XENON_AUTH_DISABLED === 'true',
+    nodeSecret: process.env.XENON_NODE_SECRET,
+    nodeSecretPrevious: process.env.XENON_NODE_SECRET_PREVIOUS,
 };
 function updateConfig(newConfig) {
     Object.assign(exports.config, newConfig);

package/lib/src/data-service/prisma-store.js

@@ -54,9 +54,25 @@ class PrismaDeviceStore {
     get prisma() {
         return typedi_1.Container.get(prisma_service_1.PrismaService).client;
     }
+    safeParse(raw, field, udid) {
+        if (!raw)
+            return undefined;
+        try {
+            return JSON.parse(raw);
+        }
+        catch (err) {
+            // Error (not warn) + truncated raw snippet so the corrupt row is
+            // findable. Returning undefined keeps getAllDevices alive, but without
+            // this log operators would see the field as "not set" and never know
+            // the DB actually has malformed data that needs manual repair.
+            const snippet = raw.length > 120 ? `${raw.slice(0, 120)}…` : raw;
+            logger_1.default.error(`[PrismaDeviceStore] Corrupt JSON in Device.${field} for udid=${udid} (${(err === null || err === void 0 ? void 0 : err.message) || err}). Raw: ${snippet}`);
+            return undefined;
+        }
+    }
     toIDevice(device) {
         var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
-        return Object.assign(Object.assign({}, device), { cloud: device.cloud ? JSON.parse(device.cloud) : undefined, capability: device.capability ? JSON.parse(device.capability) : undefined, chromeDriverPath: device.chromeDriverPath ? JSON.parse(device.chromeDriverPath) : undefined, tags: device.tags ? JSON.parse(device.tags) : undefined, platform: (device.platform || 'android'), name: device.name || 'unknown', state: device.state || 'available', sdk: device.sdk || 'unknown', deviceType: device.deviceType || 'real', busy: (_a = device.busy) !== null && _a !== void 0 ? _a : false, userBlocked: (_b = device.userBlocked) !== null && _b !== void 0 ? _b : false, realDevice: (_c = device.realDevice) !== null && _c !== void 0 ? _c : true, lastHealthCheckAt: (_d = device.lastHealthCheckAt) !== null && _d !== void 0 ? _d : undefined, healthStatus: (_e = device.healthStatus) !== null && _e !== void 0 ? _e : 'Healthy', healthCheckError: (_f = device.healthCheckError) !== null && _f !== void 0 ? _f : undefined, batteryLevel: (_g = device.batteryLevel) !== null && _g !== void 0 ? _g : undefined, thermalStatus: (_h = device.thermalStatus) !== null && _h !== void 0 ? _h : undefined, storageFree: (_j = device.storageFree) !== null && _j !== void 0 ? _j : undefined, sessionProgress: (_k = device.sessionProgress) !== null && _k !== void 0 ? _k : '', totalHealedCount: (_l = device.totalHealedCount) !== null && _l !== void 0 ? _l : 0 });
+        return Object.assign(Object.assign({}, device), { cloud: this.safeParse(device.cloud, 'cloud', device.udid), capability: this.safeParse(device.capability, 'capability', device.udid), chromeDriverPath: this.safeParse(device.chromeDriverPath, 'chromeDriverPath', device.udid), tags: this.safeParse(device.tags, 'tags', device.udid), platform: (device.platform || 'android'), name: device.name || 'unknown', state: device.state || 'available', sdk: device.sdk || 'unknown', deviceType: device.deviceType || 'real', busy: (_a = device.busy) !== null && _a !== void 0 ? _a : false, userBlocked: (_b = device.userBlocked) !== null && _b !== void 0 ? _b : false, realDevice: (_c = device.realDevice) !== null && _c !== void 0 ? _c : true, lastHealthCheckAt: (_d = device.lastHealthCheckAt) !== null && _d !== void 0 ? _d : undefined, healthStatus: (_e = device.healthStatus) !== null && _e !== void 0 ? _e : 'Healthy', healthCheckError: (_f = device.healthCheckError) !== null && _f !== void 0 ? _f : undefined, batteryLevel: (_g = device.batteryLevel) !== null && _g !== void 0 ? _g : undefined, thermalStatus: (_h = device.thermalStatus) !== null && _h !== void 0 ? _h : undefined, storageFree: (_j = device.storageFree) !== null && _j !== void 0 ? _j : undefined, sessionProgress: (_k = device.sessionProgress) !== null && _k !== void 0 ? _k : '', totalHealedCount: (_l = device.totalHealedCount) !== null && _l !== void 0 ? _l : 0 });
     }
     fromIDevice(device) {
         const data = Object.assign({}, device);

package/lib/src/device-managers/AndroidDeviceManager.js

@@ -525,7 +525,7 @@ let AndroidDeviceManager = class AndroidDeviceManager {
                 const deviceTracked = Object.assign(Object.assign({}, trackedDevice), { nodeId: this.nodeId });
                 if (this.pluginArgs.hub != undefined) {
                     logger_1.default.info(`Updating Hub with device ${newDevice.udid}`);
-                    const nodeDevices = new NodeDevices_1.default(this.pluginArgs.hub, this.pluginArgs.tlsRejectUnauthorized);
+                    const nodeDevices = new NodeDevices_1.default(this.pluginArgs.hub, this.pluginArgs.tlsRejectUnauthorized, this.pluginArgs.nodeSecret);
                     yield nodeDevices.postDevicesToHub([deviceTracked], 'add');
                 }
                 // node also need a copy of devices, otherwise it cannot serve requests
@@ -575,7 +575,7 @@ let AndroidDeviceManager = class AndroidDeviceManager {
                 state: device.type,
             };
             if (pluginArgs.hub != undefined) {
-                const nodeDevices = new NodeDevices_1.default(pluginArgs.hub, pluginArgs.tlsRejectUnauthorized);
+                const nodeDevices = new NodeDevices_1.default(pluginArgs.hub, pluginArgs.tlsRejectUnauthorized, pluginArgs.nodeSecret);
                 yield nodeDevices.postDevicesToHub([clonedDevice], 'remove');
             }
             // node also need a copy of devices, otherwise it cannot serve requests

package/lib/src/device-managers/NodeDevices.js

@@ -15,9 +15,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const logger_1 = __importDefault(require("../logger"));
 const InternalHttpClient_1 = require("../InternalHttpClient");
 class NodeDevices {
-    constructor(host, tlsRejectUnauthorized) {
+    constructor(host, tlsRejectUnauthorized, nodeSecret) {
         this.host = host;
         this.tlsRejectUnauthorized = tlsRejectUnauthorized;
+        this.nodeSecret = nodeSecret;
+    }
+    nodeHeaders() {
+        return this.nodeSecret ? { 'x-xenon-node-secret': this.nodeSecret } : {};
     }
     postDevicesToHub(devices, arg) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -30,6 +34,7 @@ class NodeDevices {
                     params: {
                         type: arg,
                     },
+                    headers: this.nodeHeaders(),
                 });
                 if (arg === 'add') {
                     logger_1.default.info(`Pushed devices to hub ${JSON.stringify(devices)}`);
@@ -52,6 +57,7 @@ class NodeDevices {
                     params: {
                         type: 'unblock',
                     },
+                    headers: this.nodeHeaders(),
                 });
                 logger_1.default.info(`Unblocked device with filter: ${JSON.stringify(filter)}`);
             }
@@ -70,6 +76,7 @@ class NodeDevices {
                         type: 'unregister',
                         host,
                     },
+                    headers: this.nodeHeaders(),
                 });
                 logger_1.default.info(`Unregistered node ${host} from hub`);
             }

package/lib/src/device-managers/ios/IOSDiscoveryService.js

@@ -202,7 +202,7 @@ let IOSDiscoveryService = class IOSDiscoveryService {
             const simulators = yield this.fetchLocalSimulators();
             simulators.sort((a, b) => (a.state > b.state ? 1 : -1));
             if (this.pluginArgs.hub !== undefined) {
-                const nodeDevices = new NodeDevices_1.default(this.pluginArgs.hub, this.pluginArgs.tlsRejectUnauthorized);
+                const nodeDevices = new NodeDevices_1.default(this.pluginArgs.hub, this.pluginArgs.tlsRejectUnauthorized, this.pluginArgs.nodeSecret);
                 yield nodeDevices.postDevicesToHub(simulators, 'add');
             }
             return simulators;
@@ -238,9 +238,12 @@ let IOSDiscoveryService = class IOSDiscoveryService {
                 const allowedSimulators = localPluginArgs.simulators;
                 simulators = simulators.filter((d) => allowedSimulators.some((s) => d.name === s.name && d.sdk === s.sdk));
             }
+            const store = device_store_1.DeviceStoreFactory.getStore();
             return yield Promise.all(simulators.map((d) => __awaiter(this, void 0, void 0, function* () {
                 var _a;
-                return (Object.assign(Object.assign({}, d), { wdaLocalPort: yield typedi_1.Container.get(PortAllocator_1.PortAllocator).acquire('wda', d.udid), mjpegServerPort: yield typedi_1.Container.get(PortAllocator_1.PortAllocator).acquire('mjpeg', d.udid), busy: false, realDevice: false, platform: (((_a = d.name) === null || _a === void 0 ? void 0 : _a.toLowerCase().includes('tv')) ? 'tvos' : 'ios'), deviceType: 'simulator', host: `http://${this.pluginArgs.bindHostOrIp}:${this.hostPort}`, totalUtilizationTimeMilliSec: yield (0, device_utils_1.getUtilizationTime)(d.udid), sessionStartTime: 0 }));
+                const storeDevice = yield store.findDevice({ udid: d.udid });
+                return Object.assign(Object.assign({}, d), { wdaLocalPort: (storeDevice === null || storeDevice === void 0 ? void 0 : storeDevice.wdaLocalPort) || (yield typedi_1.Container.get(PortAllocator_1.PortAllocator).acquire('wda', d.udid)), mjpegServerPort: (storeDevice === null || storeDevice === void 0 ? void 0 : storeDevice.mjpegServerPort) ||
+                        (yield typedi_1.Container.get(PortAllocator_1.PortAllocator).acquire('mjpeg', d.udid)), busy: false, realDevice: false, platform: (((_a = d.name) === null || _a === void 0 ? void 0 : _a.toLowerCase().includes('tv')) ? 'tvos' : 'ios'), deviceType: 'simulator', host: `http://${this.pluginArgs.bindHostOrIp}:${this.hostPort}`, totalUtilizationTimeMilliSec: yield (0, device_utils_1.getUtilizationTime)(d.udid), sessionStartTime: 0 });
             })));
         });
     }
@@ -253,7 +256,7 @@ let IOSDiscoveryService = class IOSDiscoveryService {
             try {
                 const device = Object.assign(Object.assign({}, (yield this.getDeviceInfo(udid))), { nodeId: this.nodeId });
                 if (this.pluginArgs.hub) {
-                    yield new NodeDevices_1.default(this.pluginArgs.hub, this.pluginArgs.tlsRejectUnauthorized).postDevicesToHub([device], 'add');
+                    yield new NodeDevices_1.default(this.pluginArgs.hub, this.pluginArgs.tlsRejectUnauthorized, this.pluginArgs.nodeSecret).postDevicesToHub([device], 'add');
                 }
                 yield (0, device_service_1.addNewDevice)([device], this.pluginArgs.bindHostOrIp);
             }
@@ -264,7 +267,7 @@ let IOSDiscoveryService = class IOSDiscoveryService {
         tracker.on('detached', (udid) => __awaiter(this, void 0, void 0, function* () {
             const deviceRemoved = [{ udid, host: this.pluginArgs.bindHostOrIp }];
             if (this.pluginArgs.hub) {
-                yield new NodeDevices_1.default(this.pluginArgs.hub, this.pluginArgs.tlsRejectUnauthorized).postDevicesToHub(deviceRemoved, 'remove');
+                yield new NodeDevices_1.default(this.pluginArgs.hub, this.pluginArgs.tlsRejectUnauthorized, this.pluginArgs.nodeSecret).postDevicesToHub(deviceRemoved, 'remove');
             }
             yield (0, device_service_1.removeDevice)(deviceRemoved);
         }));

package/lib/src/device-managers/ios/IOSStreamService.js

@@ -63,6 +63,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const typedi_1 = require("typedi");
+const ProcessRegistry_1 = require("../../services/ProcessRegistry");
 const child_process_1 = require("child_process");
 const util_1 = require("util");
 const path_1 = __importDefault(require("path"));
@@ -217,6 +218,7 @@ let IOSStreamService = class IOSStreamService {
                         stdio: ['pipe', 'pipe', 'pipe'],
                         env: Object.assign(Object.assign({}, process.env), { ENABLE_GO_IOS_AGENT: 'yes' }),
                     });
+                    typedi_2.Container.get(ProcessRegistry_1.ProcessRegistry).track({ kind: 'other', udid, process: tunnelProcess });
                     (_a = tunnelProcess.stdout) === null || _a === void 0 ? void 0 : _a.on('data', (data) => logger_1.default.debug(`Tunnel [${udid}]: ${data}`));
                     (_b = tunnelProcess.stderr) === null || _b === void 0 ? void 0 : _b.on('data', (data) => logger_1.default.debug(`Tunnel Err [${udid}]: ${data}`));
                     // Wait for tunnel to establish by checking the go-ios agent port
@@ -434,7 +436,9 @@ let IOSStreamService = class IOSStreamService {
             const wdaIproxy = isolationService.wrapSpawn('iproxy', ['-u', udid, `${session.wdaPort}:8100`], 'Performance');
             const mjpegIproxy = isolationService.wrapSpawn('iproxy', ['-u', udid, `${session.mjpegPort}:9100`], 'Performance');
             session.forwardWDAProcess = (0, child_process_1.spawn)(wdaIproxy.command, wdaIproxy.args);
+            typedi_2.Container.get(ProcessRegistry_1.ProcessRegistry).track({ kind: 'other', udid, process: session.forwardWDAProcess });
             session.forwardMJPEGProcess = (0, child_process_1.spawn)(mjpegIproxy.command, mjpegIproxy.args);
+            typedi_2.Container.get(ProcessRegistry_1.ProcessRegistry).track({ kind: 'ios-mjpeg', udid, process: session.forwardMJPEGProcess });
             logger_1.default.info(`🛡️ [${udid}] [Watchdog] Tunnels restarted successfully.`);
         });
     }
@@ -558,7 +562,9 @@ let IOSStreamService = class IOSStreamService {
                     const wdaIproxy = isolationService.wrapSpawn('iproxy', ['-u', udid, `${wdaPort}:8100`], 'Performance');
                     const mjpegIproxy = isolationService.wrapSpawn('iproxy', ['-u', udid, `${mjpegPort}:9100`], 'Performance');
                     session.forwardWDAProcess = (0, child_process_1.spawn)(wdaIproxy.command, wdaIproxy.args);
+                    typedi_2.Container.get(ProcessRegistry_1.ProcessRegistry).track({ kind: 'other', udid, process: session.forwardWDAProcess });
                     session.forwardMJPEGProcess = (0, child_process_1.spawn)(mjpegIproxy.command, mjpegIproxy.args);
+                    typedi_2.Container.get(ProcessRegistry_1.ProcessRegistry).track({ kind: 'ios-mjpeg', udid, process: session.forwardMJPEGProcess });
                     const handleIproxyProcess = (p, name) => {
                         p.on('error', (err) => logger_1.default.error(`${name} [${udid}] error: ${err.message}`));
                         p.on('exit', (code) => {
@@ -586,6 +592,7 @@ let IOSStreamService = class IOSStreamService {
                     session.wdaProcess = (0, child_process_1.spawn)(wdaSpawn.command, wdaSpawn.args, {
                         env: Object.assign(Object.assign({}, process.env), { ENABLE_GO_IOS_AGENT: 'yes' }),
                     });
+                    typedi_2.Container.get(ProcessRegistry_1.ProcessRegistry).track({ kind: 'wda', udid, process: session.wdaProcess });
                     const logDir = path_1.default.join(os_1.default.tmpdir(), 'xenon-logs');
                     if (!fs_extra_1.default.existsSync(logDir))
                         fs_extra_1.default.mkdirSync(logDir);

package/lib/src/device-managers/ios/WDAClient.js

@@ -24,6 +24,7 @@ const axios_1 = __importDefault(require("axios"));
 const semver_1 = __importDefault(require("semver"));
 const logger_1 = __importDefault(require("../../logger"));
 const typedi_1 = require("typedi");
+const ProcessRegistry_1 = require("../../services/ProcessRegistry");
 const IOSStreamService_1 = __importDefault(require("./IOSStreamService"));
 const device_store_1 = require("../../data-service/device-store");
 const child_process_1 = require("child_process");
@@ -765,6 +766,7 @@ let WDAClient = WDAClient_1 = class WDAClient {
             env: Object.assign(Object.assign({}, process.env), { ENABLE_GO_IOS_AGENT: 'yes' }),
             stdio: ['ignore', 'pipe', 'pipe'],
         });
+        typedi_1.Container.get(ProcessRegistry_1.ProcessRegistry).track({ kind: 'log-tailer', udid, process: proc });
         const entry = {
             proc,
             buffer: [],

package/lib/src/device-utils.js

@@ -71,6 +71,7 @@ exports.cleanPendingSessions = cleanPendingSessions;
 exports.setupCronCleanPendingSessions = setupCronCleanPendingSessions;
 exports.setupCronCleanExpiredReservations = setupCronCleanExpiredReservations;
 exports.setupCronCleanupBuilds = setupCronCleanupBuilds;
+exports.setupCronReconcileDevices = setupCronReconcileDevices;
 exports.setupCronSweepOrphanSessions = setupCronSweepOrphanSessions;
 exports.stopAllTimers = stopAllTimers;
 /* eslint-disable no-prototype-builtins */
@@ -408,7 +409,7 @@ function getBusyDevicesCount() {
         }).length;
     });
 }
-function updateDeviceList(host, hubArgument, tlsRejectUnauthorized) {
+function updateDeviceList(host, hubArgument, tlsRejectUnauthorized, nodeSecret) {
     return __awaiter(this, void 0, void 0, function* () {
         const allExistingDevices = yield (0, device_service_1.getAllDevices)();
         const devices = yield getDeviceManager().getDevices(allExistingDevices);
@@ -427,7 +428,7 @@ function updateDeviceList(host, hubArgument, tlsRejectUnauthorized) {
         }
         if (hubArgument) {
             if (yield (0, helpers_1.isXenonRunning)(hubArgument, tlsRejectUnauthorized)) {
-                const nodeDevices = new NodeDevices_1.default(hubArgument, tlsRejectUnauthorized);
+                const nodeDevices = new NodeDevices_1.default(hubArgument, tlsRejectUnauthorized, nodeSecret);
                 try {
                     yield nodeDevices.postDevicesToHub(devices, 'add');
                     if (staleLocalDevices.length > 0) {
@@ -566,14 +567,14 @@ function setupCronReleaseBlockedDevices(intervalMs, newCommandTimeoutSec) {
         }), intervalMs);
     });
 }
-function setupCronUpdateDeviceList(host, hubArgument, intervalMs, tlsRejectUnauthorized) {
+function setupCronUpdateDeviceList(host, hubArgument, intervalMs, tlsRejectUnauthorized, nodeSecret) {
     return __awaiter(this, void 0, void 0, function* () {
         if (cronTimerToUpdateDevices) {
             clearInterval(cronTimerToUpdateDevices);
         }
         logger_1.default.info(`This node will send device list update to the hub (${hubArgument}) every ${intervalMs} ms`);
         cronTimerToUpdateDevices = setInterval(() => __awaiter(this, void 0, void 0, function* () {
-            yield updateDeviceList(host, hubArgument, tlsRejectUnauthorized);
+            yield updateDeviceList(host, hubArgument, tlsRejectUnauthorized, nodeSecret);
         }), intervalMs);
     });
 }
@@ -658,6 +659,28 @@ function setupCronCleanupBuilds(pluginArgs) {
     });
 }
 let cronTimerSweepOrphanSessions;
+let cronTimerReconcileDevices;
+/**
+ * Cross-checks the device store against SESSION_MANAGER and frees devices
+ * that are busy with a session ID the driver layer no longer knows about.
+ * Fills the gap between OrphanSweeper (Prisma heartbeat-driven) and
+ * releaseBlockedDevices (command-idle-driven).
+ */
+function setupCronReconcileDevices(intervalMs) {
+    // eslint-disable-next-line @typescript-eslint/no-var-requires
+    const { DeviceReconciler } = require('./services/DeviceReconciler');
+    const reconciler = typedi_1.Container.get(DeviceReconciler);
+    logger_1.default.info(`Device reconcile scheduled every ${intervalMs}ms`);
+    if (cronTimerReconcileDevices) {
+        clearInterval(cronTimerReconcileDevices);
+    }
+    cronTimerReconcileDevices = setInterval(() => {
+        reconciler.reconcile().catch((err) => {
+            logger_1.default.error(`Device reconcile crashed: ${err.message}`);
+        });
+    }, intervalMs);
+    return cronTimerReconcileDevices;
+}
 /**
  * Periodically sweep sessions whose heartbeat has gone stale, marking them as
  * failed and releasing their devices.
@@ -698,4 +721,6 @@ function stopAllTimers() {
         cronTimerToCleanupBuilds.cancel();
     if (cronTimerSweepOrphanSessions)
         clearInterval(cronTimerSweepOrphanSessions);
+    if (cronTimerReconcileDevices)
+        clearInterval(cronTimerReconcileDevices);
 }