npm - @xopcai/xopc - Versions diffs - 0.0.92 → 0.0.94 - Mend

@xopcai/xopc 0.0.92 → 0.0.94

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (194) hide show

package/dist/src/cron/executor.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"executor.js","names":[],"sources":["../../../src/cron/executor.ts"],"sourcesContent":["// Cron job executor with timeout, retry logic and agent integration\nimport type { WorkflowRunView } from '../workflows/domain/index.js';\nimport type {\n CronRunOutcome,\n CronWorkflowRunStarter,\n HeartbeatWakeSink,\n JobData,\n JobExecution,\n JobExecutor,\n JobExecutorDeps,\n} from './types.js';\nimport type { OutboundMessage } from '../channels/transport-types.js';\nimport { createLogger } from '../utils/logger.js';\nimport {\n getChannelPlugin,\n listChannelPlugins,\n syncChannelPluginsFromManager,\n} from '../channels/plugins/registry.js';\nimport { bundledChannelPlugins } from '../generated/bundled-channel-plugins.js';\nimport { getCronPayloadText } from './job-content.js';\nimport type { SessionStore } from '../session/store.js';\nimport type { CronRunLogStore } from './run-log-store.js';\nimport {\n DEFAULT_ACK_MAX_CHARS,\n NO_REPLY,\n shouldSilence,\n stripHeartbeatToken,\n} from '../heartbeat/tokens.js';\nimport { DEFAULT_AGENT_ID, normalizeAgentId } from '../agent/agent-scope.js';\nimport { buildSessionKey } from '../routing/session-key.js';\nimport {\n buildWorkflowRunCronSummary,\n buildWorkflowRunDeliveryText,\n isWorkflowRunCronSuccess,\n resolveWorkflowCronWaitMs,\n waitForWorkflowRunView,\n} from './workflow-run-completion.js';\n\nconst log = createLogger('CronExecutor');\n\n// Error backoff schedule in ms\nconst ERROR_BACKOFF_MS = [\n 30_000, // 1st error → 30s\n 60_000, // 2nd error → 1min\n 5 * 60_000, // 3rd error → 5min\n 15 * 60_000, // 4th error → 15min\n 60 * 60_000, // 5th+ error → 60min\n];\n\nfunction errorBackoffMs(consecutiveErrors: number): number {\n const idx = Math.min(consecutiveErrors - 1, ERROR_BACKOFF_MS.length - 1);\n return ERROR_BACKOFF_MS[Math.max(0, idx)];\n}\n\nfunction resolveIsolatedCronJobModel(job: JobData): string \| undefined {\n const fromJob = job.model?.trim();\n if (fromJob) return fromJob;\n if (job.payload?.kind === 'agentTurn') {\n const m = job.payload.model?.trim();\n if (m) return m;\n }\n return undefined;\n}\n\nexport class DefaultJobExecutor implements JobExecutor {\n private history: Map<string, JobExecution[]> = new Map();\n private runningJobs = new Map<string, AbortController>();\n private agentService: any = null;\n private messageBus: any = null;\n private heartbeatService: HeartbeatWakeSink \| null = null;\n private sessionStore: SessionStore \| undefined;\n private runLogStore: CronRunLogStore \| null = null;\n private getDefaultCronAgentId: (() => string) \| null = null;\n private workflowRunService: CronWorkflowRunStarter \| null = null;\n\n setRunLogStore(store: CronRunLogStore \| null): void {\n this.runLogStore = store;\n }\n\n setDeps(deps: JobExecutorDeps): void {\n this.agentService = deps.agentService;\n this.messageBus = deps.messageBus;\n this.heartbeatService = deps.heartbeatService ?? null;\n if (deps.sessionStore !== undefined) {\n this.sessionStore = deps.sessionStore;\n }\n this.getDefaultCronAgentId = deps.getDefaultCronAgentId ?? null;\n this.workflowRunService = deps.workflowRunService ?? null;\n }\n\n private async buildCronOutboundMessage(\n channel: string,\n to: string,\n content: string,\n ): Promise<OutboundMessage> {\n if (listChannelPlugins().length === 0) {\n syncChannelPluginsFromManager(bundledChannelPlugins);\n }\n const plugin = getChannelPlugin(channel);\n if (plugin?.cronDelivery) {\n const { chatId, accountId, metadata } = await plugin.cronDelivery.normalizeDeliveryTarget(\n to,\n this.sessionStore,\n );\n const meta =\n accountId \|\| metadata\n ? { ...(metadata ?? {}), ...(accountId ? { accountId } : {}) }\n : undefined;\n return {\n channel,\n chat_id: chatId,\n content,\n type: 'message',\n ...(meta && Object.keys(meta).length > 0 ? { metadata: meta } : {}),\n };\n }\n return {\n channel,\n chat_id: to,\n content,\n type: 'message',\n };\n }\n\n async execute(job: JobData, signal: AbortSignal, deps?: JobExecutorDeps): Promise<void> {\n // Set deps if provided\n if (deps) {\n this.setDeps(deps);\n }\n\n const executionId = crypto.randomUUID();\n const execution: JobExecution = {\n id: executionId,\n jobId: job.id,\n status: 'running',\n startedAt: new Date().toISOString(),\n retryCount: 0,\n };\n\n // Record execution start\n this.addToHistory(job.id, execution);\n this.runningJobs.set(job.id, new AbortController());\n\n log.info(\n { jobId: job.id, executionId, preview: getCronPayloadText(job).slice(0, 100) },\n 'Job executing'\n );\n\n let result: CronRunOutcome;\n\n try {\n // Check for cancellation\n if (signal.aborted) {\n throw new Error('Job was cancelled before execution');\n }\n\n // Execute the job\n result = await this.performJob(job, signal);\n\n // Mark as success/failed\n execution.status = result.status === 'ok' ? 'success' : result.status === 'skipped' ? 'cancelled' : 'failed';\n execution.endedAt = new Date().toISOString();\n execution.duration = Date.now() - new Date(execution.startedAt).getTime();\n execution.summary = result.summary;\n execution.error = result.error;\n execution.sessionId = result.sessionId;\n execution.sessionKey = result.sessionKey;\n execution.sessionType = result.sessionType;\n execution.model = result.model;\n execution.workflowRunId = result.workflowRunId;\n\n if (result.status === 'ok') {\n log.info(\n { jobId: job.id, executionId, duration: execution.duration },\n 'Job completed'\n );\n } else if (result.status === 'skipped') {\n log.warn({ jobId: job.id, executionId, reason: result.error }, 'Job skipped');\n } else {\n log.error(\n { jobId: job.id, executionId, error: result.error },\n 'Job failed'\n );\n }\n\n if (result.status === 'ok' && this.heartbeatService) {\n try {\n this.heartbeatService.requestNow({ reason: `cron:${job.id}` });\n } catch (e) {\n log.warn({ jobId: job.id, err: e }, 'Heartbeat wake after cron failed');\n }\n }\n } catch (error) {\n execution.status = 'failed';\n execution.endedAt = new Date().toISOString();\n execution.duration = Date.now() - new Date(execution.startedAt).getTime();\n execution.error = error instanceof Error ? error.message : String(error);\n\n log.error(\n { jobId: job.id, executionId, error: execution.error },\n 'Job execution error'\n );\n\n result = {\n status: 'error',\n error: execution.error,\n };\n } finally {\n this.runningJobs.delete(job.id);\n }\n\n if (this.runLogStore) {\n await this.runLogStore.appendCompleted(execution);\n }\n\n return;\n }\n\n /*\n Perform the actual job work - integrate with AgentService\n /\n protected async performJob(job: JobData, signal: AbortSignal): Promise<CronRunOutcome> {\n const timeout = job.timeout \|\| 60000;\n const sessionTarget = job.sessionTarget \|\| 'main';\n\n // Check for abort before starting\n if (signal.aborted) {\n return { status: 'skipped', error: 'Job was aborted before execution' };\n }\n\n try {\n if (job.payload.kind === 'workflowRun') {\n return await this.executeWorkflowRun(job, signal);\n }\n\n // If no agent service, fall back to basic execution\n if (!this.agentService \|\| !this.messageBus) {\n log.warn({ jobId: job.id }, 'No agent service configured, using basic execution');\n return this.basicExecute(job, signal, timeout);\n }\n\n if (sessionTarget === 'main') {\n return await this.executeMainSession(job, signal, timeout);\n } else {\n return await this.executeIsolated(job, signal, timeout);\n }\n } catch (error) {\n return {\n status: 'error',\n error: error instanceof Error ? error.message : String(error),\n };\n }\n }\n\n private async executeWorkflowRun(job: JobData, signal: AbortSignal): Promise<CronRunOutcome> {\n if (signal.aborted) {\n return { status: 'skipped', error: 'Job was aborted before workflow run start' };\n }\n\n if (job.payload.kind !== 'workflowRun') {\n return { status: 'error', error: 'Cron job payload is not workflowRun' };\n }\n\n if (!this.workflowRunService) {\n return { status: 'error', error: 'Workflow run service is not configured for cron' };\n }\n\n const fallbackAgentId = this.getDefaultCronAgentId?.() ?? DEFAULT_AGENT_ID;\n const agentId = normalizeAgentId(job.payload.agentId \|\| job.agentId \|\| fallbackAgentId);\n const fireId = job.payload.source?.fireId \|\| crypto.randomUUID();\n const source = {\n kind: 'cron' as const,\n scheduleId: job.payload.source?.scheduleId \|\| job.id,\n fireId,\n scheduledAtMs: job.payload.source?.scheduledAtMs ?? Date.now(),\n };\n const result = await this.workflowRunService.startWorkflowRun({\n agentId,\n definitionId: job.payload.definitionId,\n input: job.payload.input,\n inputEnvelope: job.payload.inputEnvelope,\n goal: job.payload.goal,\n source,\n idempotencyKey: `cron:${job.id}:${fireId}`,\n });\n\n if (result.ok === false) {\n return {\n status: 'error',\n error: result.message,\n };\n }\n\n log.info(\n {\n jobId: job.id,\n workflowRunId: result.runId,\n definitionId: job.payload.definitionId,\n sessionKey: result.sessionKey,\n },\n 'Workflow run started from cron',\n );\n\n const waitForCompletion = job.payload.waitForCompletion !== false;\n if (!waitForCompletion \|\| !this.workflowRunService.readWorkflowRunView) {\n return {\n status: 'ok',\n summary: `Started workflow run ${result.runId}`,\n sessionId: result.sessionKey,\n sessionKey: result.sessionKey,\n sessionType: 'workflow',\n workflowRunId: result.runId,\n };\n }\n\n return this.waitForWorkflowRunOutcome({\n job,\n agentId,\n sessionKey: result.sessionKey,\n initialRunId: result.runId,\n signal,\n });\n }\n\n private async waitForWorkflowRunOutcome(params: {\n job: JobData;\n agentId: string;\n sessionKey: string;\n initialRunId: string;\n signal: AbortSignal;\n }): Promise<CronRunOutcome> {\n const waitMs = resolveWorkflowCronWaitMs(params.job.timeout);\n const maxWorkflowRetries = Math.max(0, params.job.maxRetries ?? 0);\n let runId = params.initialRunId;\n let attempt = 0;\n\n while (attempt <= maxWorkflowRetries) {\n const waitResult = await waitForWorkflowRunView({\n readView: (id) => this.workflowRunService!.readWorkflowRunView!(params.agentId, id),\n runId,\n signal: params.signal,\n timeoutMs: waitMs,\n });\n\n if (waitResult.kind === 'aborted') {\n return { status: 'skipped', error: 'Job was aborted while waiting for workflow run' };\n }\n\n if (waitResult.kind === 'timeout') {\n return {\n status: 'error',\n error: `Workflow run ${runId} did not finish within ${waitMs}ms`,\n summary: waitResult.lastView ? buildWorkflowRunCronSummary(waitResult.lastView) : undefined,\n sessionId: params.sessionKey,\n sessionKey: params.sessionKey,\n sessionType: 'workflow',\n workflowRunId: runId,\n };\n }\n\n const view = waitResult.view;\n const summary = buildWorkflowRunCronSummary(view);\n const succeeded = isWorkflowRunCronSuccess(view);\n\n if (succeeded) {\n const baseOutcome: CronRunOutcome = {\n status: 'ok',\n summary,\n sessionId: params.sessionKey,\n sessionKey: params.sessionKey,\n sessionType: 'workflow',\n workflowRunId: runId,\n };\n await this.deliverWorkflowRunOutcome(params.job, view, baseOutcome);\n return baseOutcome;\n }\n\n const canRetry =\n attempt < maxWorkflowRetries &&\n view.run.status === 'failed' &&\n Boolean(this.workflowRunService?.retryWorkflowRun);\n\n if (!canRetry) {\n return {\n status: 'error',\n summary,\n error: summary,\n sessionId: params.sessionKey,\n sessionKey: params.sessionKey,\n sessionType: 'workflow',\n workflowRunId: runId,\n };\n }\n\n const retryResult = await this.workflowRunService!.retryWorkflowRun!({\n agentId: params.agentId,\n runId,\n });\n if (retryResult.ok === false) {\n return {\n status: 'error',\n error: retryResult.message,\n summary,\n sessionId: params.sessionKey,\n sessionKey: params.sessionKey,\n sessionType: 'workflow',\n workflowRunId: runId,\n };\n }\n\n runId = retryResult.runId;\n attempt += 1;\n log.info(\n { jobId: params.job.id, attempt, workflowRunId: runId },\n 'Retrying failed workflow run from cron',\n );\n }\n\n return {\n status: 'error',\n error: 'Workflow run retries exhausted',\n sessionId: params.sessionKey,\n sessionKey: params.sessionKey,\n sessionType: 'workflow',\n workflowRunId: runId,\n };\n }\n\n private async deliverWorkflowRunOutcome(\n job: JobData,\n view: WorkflowRunView,\n outcome: CronRunOutcome,\n ): Promise<void> {\n if (!this.messageBus) return;\n const delivery = job.delivery;\n if (!delivery \|\| delivery.mode === 'none' \|\| delivery.channel === 'local' \|\| !delivery.to?.trim()) {\n return;\n }\n\n try {\n const text = buildWorkflowRunDeliveryText(view);\n const outbound = await this.buildCronOutboundMessage(delivery.channel!, delivery.to!, text);\n await this.messageBus.publishOutbound(outbound);\n log.info(\n { jobId: job.id, channel: delivery.channel, to: outbound.chat_id, workflowRunId: view.run.id },\n 'Delivered workflow run result from cron',\n );\n } catch (err) {\n const em = err instanceof Error ? err.message : String(err);\n log.warn({ jobId: job.id, err, workflowRunId: view.run.id }, `Workflow cron delivery failed: ${em}`);\n if (outcome.status === 'ok') {\n outcome.summary = `${outcome.summary ?? ''} (delivery failed: ${em})`.trim();\n }\n }\n }\n\n /\n Execute in main session - sends system event\n /\n private async executeMainSession(\n job: JobData,\n signal: AbortSignal,\n timeout: number\n ): Promise<CronRunOutcome> {\n const text = getCronPayloadText(job);\n\n if (!text \|\| !text.trim()) {\n return { status: 'skipped', error: 'Main session job requires non-empty message' };\n }\n\n // Parse delivery from job config, or parse routing from payload text: \"channel:chat_id:content\"\n let channel: string;\n let to: string;\n let actualMessage: string;\n\n if (job.delivery?.channel === 'local') {\n channel = 'local';\n to = '';\n actualMessage = text;\n } else if (job.delivery?.channel && job.delivery?.to) {\n // Use explicit delivery config\n channel = job.delivery.channel;\n to = job.delivery.to;\n actualMessage = text;\n } else {\n // Parse from payload text: \"channel:chat_id:content\"\n const parts = text.split(':');\n const hasAtLeastThreeParts = parts.length >= 3;\n \n // Check if first part looks like a known channel\n if (listChannelPlugins().length === 0) {\n syncChannelPluginsFromManager(bundledChannelPlugins);\n }\n const registeredChannelIds = listChannelPlugins().map((p) => p.id);\n const knownChannels = [...new Set([...registeredChannelIds, 'cli', 'gateway', 'local'])];\n const firstPartIsChannel = knownChannels.includes(parts[0]);\n \n if (hasAtLeastThreeParts && firstPartIsChannel) {\n channel = parts[0];\n to = parts[1];\n actualMessage = parts.slice(2).join(':');\n log.info(\n { jobId: job.id, channel, to, parsedFrom: 'message', originalLength: text.length },\n 'Parsed delivery from payload text'\n );\n } else {\n // Fallback to defaults\n channel = 'cli';\n to = 'cron';\n actualMessage = text;\n log.debug(\n { jobId: job.id, partsCount: parts.length, firstPart: parts[0], hasDelivery: !!job.delivery },\n 'Using default delivery - message format not recognized'\n );\n }\n }\n\n // Create timeout promise\n const timeoutPromise = new Promise<never>((_, reject) => {\n setTimeout(() => reject(new Error(`Job timed out after ${timeout}ms`)), timeout);\n });\n\n // Create execution promise\n const executePromise = (async () => {\n // Check for abort\n if (signal.aborted) {\n throw new Error('Job was aborted');\n }\n\n if (channel === 'local') {\n log.info(\n { jobId: job.id, messageLength: actualMessage.length },\n 'Cron main session: local channel — no outbound publish'\n );\n return {\n status: 'ok' as const,\n summary: actualMessage.slice(0, 200),\n };\n }\n\n const outbound = await this.buildCronOutboundMessage(channel, to, actualMessage);\n\n await this.messageBus.publishOutbound(outbound);\n\n log.info(\n { jobId: job.id, channel, to: outbound.chat_id, messageLength: actualMessage.length },\n 'Sent message to main session'\n );\n\n return {\n status: 'ok' as const,\n summary: actualMessage.slice(0, 200),\n };\n })();\n\n // Race against timeout\n return await Promise.race([executePromise, timeoutPromise]);\n }\n\n /\n Execute in isolated mode - runs agent independently\n /\n private async executeIsolated(\n job: JobData,\n signal: AbortSignal,\n timeout: number\n ): Promise<CronRunOutcome> {\n const message = getCronPayloadText(job);\n\n if (!message \|\| !message.trim()) {\n return { status: 'skipped', error: 'Isolated job requires non-empty message' };\n }\n\n const aid = job.agentId?.trim();\n const fallbackAgentId = this.getDefaultCronAgentId?.() ?? DEFAULT_AGENT_ID;\n const sessionKey = buildSessionKey({\n agentId: normalizeAgentId(aid \|\| fallbackAgentId),\n source: 'cron',\n accountId: 'default',\n peerKind: 'dm',\n peerId: job.id,\n });\n\n // Create timeout promise\n const timeoutPromise = new Promise<never>((_, reject) => {\n setTimeout(() => reject(new Error(`Job timed out after ${timeout}ms`)), timeout);\n });\n\n // Create execution promise\n const executePromise = (async () => {\n // Check for abort\n if (signal.aborted) {\n throw new Error('Job was aborted');\n }\n\n await this.agentService.sessionConfig.applyCronJobWorkingDirectory(sessionKey, job.workingDirectory);\n\n const jobModel = resolveIsolatedCronJobModel(job);\n if (jobModel) {\n const ok = await this.agentService.switchModelForSession(sessionKey, jobModel);\n if (!ok) {\n log.warn({ jobId: job.id, sessionKey, model: jobModel }, 'Cron job model invalid; using agent default');\n await this.agentService.resetSessionModelToAgentDefault(sessionKey);\n }\n } else {\n await this.agentService.resetSessionModelToAgentDefault(sessionKey);\n }\n\n const response = await this.agentService.turnDispatcher.processDirect(message, sessionKey);\n\n const model = this.agentService.getModelForSession(sessionKey);\n\n log.info(\n { jobId: job.id, sessionKey, responseLength: response.length, model },\n 'Agent execution completed'\n );\n\n // Handle delivery (`local` channel or `mode: none` = no outbound; transcript in SessionStore)\n const delivery = job.delivery;\n const outboundChannel = delivery?.channel;\n const shouldPublish =\n delivery &&\n delivery.mode !== 'none' &&\n outboundChannel !== 'local' &&\n delivery.to;\n\n if (shouldPublish) {\n if (shouldSilence(response, DEFAULT_ACK_MAX_CHARS) \|\| response.trim() === NO_REPLY) {\n return {\n status: 'ok' as const,\n summary: response.slice(0, 200),\n sessionId: sessionKey,\n sessionKey,\n sessionType: 'cron',\n model,\n };\n }\n const { stripped } = stripHeartbeatToken(response);\n const outboundText = stripped \|\| response.trim();\n\n const targetChannel = outboundChannel \|\| 'cli';\n const outbound = await this.buildCronOutboundMessage(targetChannel, delivery.to, outboundText);\n\n await this.messageBus.publishOutbound(outbound);\n\n log.info(\n { jobId: job.id, channel: targetChannel, to: outbound.chat_id },\n 'Delivered agent response'\n );\n\n return {\n status: 'ok' as const,\n summary: response.slice(0, 200),\n sessionId: sessionKey,\n sessionKey,\n sessionType: 'cron',\n model,\n };\n }\n\n // No outbound delivery: transcript is in SessionStore under `sessionKey`.\n return {\n status: 'ok' as const,\n summary: response.slice(0, 200),\n sessionId: sessionKey,\n sessionKey,\n sessionType: 'cron',\n model,\n };\n })();\n\n // Race against timeout\n try {\n return await Promise.race([executePromise, timeoutPromise]);\n } finally {\n const { retireSessionMcpRuntimeForSessionKey } = await import('../agent/mcp/bundle-mcp-tools.js');\n await retireSessionMcpRuntimeForSessionKey({\n sessionKey,\n reason: 'cron-isolated-end',\n }).catch(() => {});\n }\n }\n\n /\n Basic execution without agent service (fallback)\n /\n private async basicExecute(\n job: JobData,\n signal: AbortSignal,\n timeout: number\n ): Promise<CronRunOutcome> {\n return new Promise((resolve, reject) => {\n const timeoutId = setTimeout(() => {\n reject(new Error(`Job timed out after ${timeout}ms`));\n }, timeout);\n\n // Listen for abort signal\n const abortHandler = () => {\n clearTimeout(timeoutId);\n reject(new Error('Job was aborted'));\n };\n signal.addEventListener('abort', abortHandler);\n\n // Simulate basic work\n setTimeout(() => {\n clearTimeout(timeoutId);\n signal.removeEventListener('abort', abortHandler);\n\n if (signal.aborted) {\n reject(new Error('Job was aborted'));\n } else {\n resolve({\n status: 'ok',\n summary: `Executed: ${getCronPayloadText(job).slice(0, 100)}`,\n });\n }\n }, 100);\n });\n }\n\n /\n Cancel a running job\n /\n cancelJob(jobId: string): boolean {\n const controller = this.runningJobs.get(jobId);\n if (controller) {\n controller.abort();\n this.runningJobs.delete(jobId);\n return true;\n }\n return false;\n }\n\n /\n Get execution history for a job\n /\n getHistory(jobId: string, limit = 10): JobExecution[] {\n const history = this.history.get(jobId) \|\| [];\n return history.slice(-limit);\n }\n\n /\n Get currently running executions\n /\n getRunningExecutions(): JobExecution[] {\n const result: JobExecution[] = [];\n for (const [jobId] of this.runningJobs) {\n const history = this.history.get(jobId);\n if (history) {\n const running = history.find((e) => e.status === 'running');\n if (running) result.push(running);\n }\n }\n return result;\n }\n\n /\n Check if a job is currently running\n /\n isRunning(jobId: string): boolean {\n return this.runningJobs.has(jobId);\n }\n\n /\n Get consecutive error count for a job\n /\n getConsecutiveErrors(jobId: string): number {\n const history = this.history.get(jobId) \|\| [];\n // Find last execution\n for (let i = history.length - 1; i >= 0; i--) {\n if (history[i].status !== 'running') {\n if (history[i].status === 'failed' \|\| history[i].status === 'cancelled') {\n // Count consecutive errors before this\n let count = 0;\n for (let j = i - 1; j >= 0; j--) {\n if (history[j].status === 'failed' \|\| history[j].status === 'cancelled') {\n count++;\n } else {\n break;\n }\n }\n return count + 1;\n }\n return 0;\n }\n }\n return 0;\n }\n\n /\n Calculate backoff delay for a job\n /\n calculateBackoff(jobId: string): number {\n const errors = this.getConsecutiveErrors(jobId);\n return errorBackoffMs(errors);\n }\n\n /\n Clear old history entries\n /\n cleanupHistory(maxAgeDays = 7): void {\n const cutoff = Date.now() - maxAgeDays 24 * 60 * 60 * 1000;\n\n for (const [jobId, executions] of this.history) {\n this.history.set(\n jobId,\n executions.filter((e) => new Date(e.startedAt).getTime() > cutoff)\n );\n }\n }\n\n private addToHistory(jobId: string, execution: JobExecution): void {\n const existing = this.history.get(jobId) \|\| [];\n existing.push(execution);\n // Keep last 100 executions per job\n if (existing.length > 100) {\n existing.shift();\n }\n this.history.set(jobId, existing);\n }\n}\n"],"mappings":";;;;;;;;;;aAYkD;kBAgB2B;kBACjB;AAS5D,MAAM,MAAM,aAAa,eAAe;AAGxC,MAAM,mBAAmB;CACvB;CACA;CACA,IAAI;CACJ,KAAK;CACL,KAAK;CACN;AAED,SAAS,eAAe,mBAAmC;CACzD,MAAM,MAAM,KAAK,IAAI,oBAAoB,GAAG,iBAAiB,SAAS,EAAE;AACxE,QAAO,iBAAiB,KAAK,IAAI,GAAG,IAAI;;AAG1C,SAAS,4BAA4B,KAAkC;CACrE,MAAM,UAAU,IAAI,OAAO,MAAM;AACjC,KAAI,QAAS,QAAO;AACpB,KAAI,IAAI,SAAS,SAAS,aAAa;EACrC,MAAM,IAAI,IAAI,QAAQ,OAAO,MAAM;AACnC,MAAI,EAAG,QAAO;;;AAKlB,IAAa,qBAAb,MAAuD;CACrD,0BAA+C,IAAI,KAAK;CACxD,8BAAsB,IAAI,KAA8B;CACxD,eAA4B;CAC5B,aAA0B;CAC1B,mBAAqD;CACrD;CACA,cAA8C;CAC9C,wBAAuD;CACvD,qBAA4D;CAE5D,eAAe,OAAqC;AAClD,OAAK,cAAc;;CAGrB,QAAQ,MAA6B;AACnC,OAAK,eAAe,KAAK;AACzB,OAAK,aAAa,KAAK;AACvB,OAAK,mBAAmB,KAAK,oBAAoB;AACjD,MAAI,KAAK,iBAAiB,KAAA,EACxB,MAAK,eAAe,KAAK;AAE3B,OAAK,wBAAwB,KAAK,yBAAyB;AAC3D,OAAK,qBAAqB,KAAK,sBAAsB;;CAGvD,MAAc,yBACZ,SACA,IACA,SAC0B;AAC1B,MAAI,oBAAoB,CAAC,WAAW,EAClC,+BAA8B,sBAAsB;EAEtD,MAAM,SAAS,iBAAiB,QAAQ;AACxC,MAAI,QAAQ,cAAc;GACxB,MAAM,EAAE,QAAQ,WAAW,aAAa,MAAM,OAAO,aAAa,wBAChE,IACA,KAAK,aACN;GACD,MAAM,OACJ,aAAa,WACT;IAAE,GAAI,YAAY,EAAE;IAAG,GAAI,YAAY,EAAE,WAAW,GAAG,EAAE;IAAG,GAC5D,KAAA;AACN,UAAO;IACL;IACA,SAAS;IACT;IACA,MAAM;IACN,GAAI,QAAQ,OAAO,KAAK,KAAK,CAAC,SAAS,IAAI,EAAE,UAAU,MAAM,GAAG,EAAE;IACnE;;AAEH,SAAO;GACL;GACA,SAAS;GACT;GACA,MAAM;GACP;;CAGH,MAAM,QAAQ,KAAc,QAAqB,MAAuC;AAEtF,MAAI,KACF,MAAK,QAAQ,KAAK;EAGpB,MAAM,cAAc,OAAO,YAAY;EACvC,MAAM,YAA0B;GAC9B,IAAI;GACJ,OAAO,IAAI;GACX,QAAQ;GACR,4BAAW,IAAI,MAAM,EAAC,aAAa;GACnC,YAAY;GACb;AAGD,OAAK,aAAa,IAAI,IAAI,UAAU;AACpC,OAAK,YAAY,IAAI,IAAI,IAAI,IAAI,iBAAiB,CAAC;AAEnD,MAAI,KACF;GAAE,OAAO,IAAI;GAAI;GAAa,SAAS,mBAAmB,IAAI,CAAC,MAAM,GAAG,IAAI;GAAE,EAC9E,gBACD;EAED,IAAI;AAEJ,MAAI;AAEF,OAAI,OAAO,QACT,OAAM,IAAI,MAAM,qCAAqC;AAIvD,YAAS,MAAM,KAAK,WAAW,KAAK,OAAO;AAG3C,aAAU,SAAS,OAAO,WAAW,OAAO,YAAY,OAAO,WAAW,YAAY,cAAc;AACpG,aAAU,2BAAU,IAAI,MAAM,EAAC,aAAa;AAC5C,aAAU,WAAW,KAAK,KAAK,GAAG,IAAI,KAAK,UAAU,UAAU,CAAC,SAAS;AACzE,aAAU,UAAU,OAAO;AAC3B,aAAU,QAAQ,OAAO;AACzB,aAAU,YAAY,OAAO;AAC7B,aAAU,aAAa,OAAO;AAC9B,aAAU,cAAc,OAAO;AAC/B,aAAU,QAAQ,OAAO;AACzB,aAAU,gBAAgB,OAAO;AAEjC,OAAI,OAAO,WAAW,KACpB,KAAI,KACF;IAAE,OAAO,IAAI;IAAI;IAAa,UAAU,UAAU;IAAU,EAC5D,gBACD;YACQ,OAAO,WAAW,UAC3B,KAAI,KAAK;IAAE,OAAO,IAAI;IAAI;IAAa,QAAQ,OAAO;IAAO,EAAE,cAAc;OAE7E,KAAI,MACF;IAAE,OAAO,IAAI;IAAI;IAAa,OAAO,OAAO;IAAO,EACnD,aACD;AAGH,OAAI,OAAO,WAAW,QAAQ,KAAK,iBACjC,KAAI;AACF,SAAK,iBAAiB,WAAW,EAAE,QAAQ,QAAQ,IAAI,MAAM,CAAC;YACvD,GAAG;AACV,QAAI,KAAK;KAAE,OAAO,IAAI;KAAI,KAAK;KAAG,EAAE,mCAAmC;;WAGpE,OAAO;AACd,aAAU,SAAS;AACnB,aAAU,2BAAU,IAAI,MAAM,EAAC,aAAa;AAC5C,aAAU,WAAW,KAAK,KAAK,GAAG,IAAI,KAAK,UAAU,UAAU,CAAC,SAAS;AACzE,aAAU,QAAQ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;AAExE,OAAI,MACF;IAAE,OAAO,IAAI;IAAI;IAAa,OAAO,UAAU;IAAO,EACtD,sBACD;AAED,YAAS;IACP,QAAQ;IACR,OAAO,UAAU;IAClB;YACO;AACR,QAAK,YAAY,OAAO,IAAI,GAAG;;AAGjC,MAAI,KAAK,YACP,OAAM,KAAK,YAAY,gBAAgB,UAAU;;;;;CASrD,MAAgB,WAAW,KAAc,QAA8C;EACrF,MAAM,UAAU,IAAI,WAAW;EAC/B,MAAM,gBAAgB,IAAI,iBAAiB;AAG3C,MAAI,OAAO,QACT,QAAO;GAAE,QAAQ;GAAW,OAAO;GAAoC;AAGzE,MAAI;AACF,OAAI,IAAI,QAAQ,SAAS,cACvB,QAAO,MAAM,KAAK,mBAAmB,KAAK,OAAO;AAInD,OAAI,CAAC,KAAK,gBAAgB,CAAC,KAAK,YAAY;AAC1C,QAAI,KAAK,EAAE,OAAO,IAAI,IAAI,EAAE,qDAAqD;AACjF,WAAO,KAAK,aAAa,KAAK,QAAQ,QAAQ;;AAGhD,OAAI,kBAAkB,OACpB,QAAO,MAAM,KAAK,mBAAmB,KAAK,QAAQ,QAAQ;OAE1D,QAAO,MAAM,KAAK,gBAAgB,KAAK,QAAQ,QAAQ;WAElD,OAAO;AACd,UAAO;IACL,QAAQ;IACR,OAAO,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;IAC9D;;;CAIL,MAAc,mBAAmB,KAAc,QAA8C;AAC3F,MAAI,OAAO,QACT,QAAO;GAAE,QAAQ;GAAW,OAAO;GAA6C;AAGlF,MAAI,IAAI,QAAQ,SAAS,cACvB,QAAO;GAAE,QAAQ;GAAS,OAAO;GAAuC;AAG1E,MAAI,CAAC,KAAK,mBACR,QAAO;GAAE,QAAQ;GAAS,OAAO;GAAmD;EAGtF,MAAM,kBAAkB,KAAK,yBAAyB,IAAA;EACtD,MAAM,UAAU,iBAAiB,IAAI,QAAQ,WAAW,IAAI,WAAW,gBAAgB;EACvF,MAAM,SAAS,IAAI,QAAQ,QAAQ,UAAU,OAAO,YAAY;EAChE,MAAM,SAAS;GACb,MAAM;GACN,YAAY,IAAI,QAAQ,QAAQ,cAAc,IAAI;GAClD;GACA,eAAe,IAAI,QAAQ,QAAQ,iBAAiB,KAAK,KAAK;GAC/D;EACD,MAAM,SAAS,MAAM,KAAK,mBAAmB,iBAAiB;GAC5D;GACA,cAAc,IAAI,QAAQ;GAC1B,OAAO,IAAI,QAAQ;GACnB,eAAe,IAAI,QAAQ;GAC3B,MAAM,IAAI,QAAQ;GAClB;GACA,gBAAgB,QAAQ,IAAI,GAAG,GAAG;GACnC,CAAC;AAEF,MAAI,OAAO,OAAO,MAChB,QAAO;GACL,QAAQ;GACR,OAAO,OAAO;GACf;AAGH,MAAI,KACF;GACE,OAAO,IAAI;GACX,eAAe,OAAO;GACtB,cAAc,IAAI,QAAQ;GAC1B,YAAY,OAAO;GACpB,EACD,iCACD;AAGD,MAAI,EADsB,IAAI,QAAQ,sBAAsB,UAClC,CAAC,KAAK,mBAAmB,oBACjD,QAAO;GACL,QAAQ;GACR,SAAS,wBAAwB,OAAO;GACxC,WAAW,OAAO;GAClB,YAAY,OAAO;GACnB,aAAa;GACb,eAAe,OAAO;GACvB;AAGH,SAAO,KAAK,0BAA0B;GACpC;GACA;GACA,YAAY,OAAO;GACnB,cAAc,OAAO;GACrB;GACD,CAAC;;CAGJ,MAAc,0BAA0B,QAMZ;EAC1B,MAAM,SAAS,0BAA0B,OAAO,IAAI,QAAQ;EAC5D,MAAM,qBAAqB,KAAK,IAAI,GAAG,OAAO,IAAI,cAAc,EAAE;EAClE,IAAI,QAAQ,OAAO;EACnB,IAAI,UAAU;AAEd,SAAO,WAAW,oBAAoB;GACpC,MAAM,aAAa,MAAM,uBAAuB;IAC9C,WAAW,OAAO,KAAK,mBAAoB,oBAAqB,OAAO,SAAS,GAAG;IACnF;IACA,QAAQ,OAAO;IACf,WAAW;IACZ,CAAC;AAEF,OAAI,WAAW,SAAS,UACtB,QAAO;IAAE,QAAQ;IAAW,OAAO;IAAkD;AAGvF,OAAI,WAAW,SAAS,UACtB,QAAO;IACL,QAAQ;IACR,OAAO,gBAAgB,MAAM,yBAAyB,OAAO;IAC7D,SAAS,WAAW,WAAW,4BAA4B,WAAW,SAAS,GAAG,KAAA;IAClF,WAAW,OAAO;IAClB,YAAY,OAAO;IACnB,aAAa;IACb,eAAe;IAChB;GAGH,MAAM,OAAO,WAAW;GACxB,MAAM,UAAU,4BAA4B,KAAK;AAGjD,OAFkB,yBAAyB,KAE9B,EAAE;IACb,MAAM,cAA8B;KAClC,QAAQ;KACR;KACA,WAAW,OAAO;KAClB,YAAY,OAAO;KACnB,aAAa;KACb,eAAe;KAChB;AACD,UAAM,KAAK,0BAA0B,OAAO,KAAK,MAAM,YAAY;AACnE,WAAO;;AAQT,OAAI,EAJF,UAAU,sBACV,KAAK,IAAI,WAAW,YACpB,QAAQ,KAAK,oBAAoB,iBAAiB,EAGlD,QAAO;IACL,QAAQ;IACR;IACA,OAAO;IACP,WAAW,OAAO;IAClB,YAAY,OAAO;IACnB,aAAa;IACb,eAAe;IAChB;GAGH,MAAM,cAAc,MAAM,KAAK,mBAAoB,iBAAkB;IACnE,SAAS,OAAO;IAChB;IACD,CAAC;AACF,OAAI,YAAY,OAAO,MACrB,QAAO;IACL,QAAQ;IACR,OAAO,YAAY;IACnB;IACA,WAAW,OAAO;IAClB,YAAY,OAAO;IACnB,aAAa;IACb,eAAe;IAChB;AAGH,WAAQ,YAAY;AACpB,cAAW;AACX,OAAI,KACF;IAAE,OAAO,OAAO,IAAI;IAAI;IAAS,eAAe;IAAO,EACvD,yCACD;;AAGH,SAAO;GACL,QAAQ;GACR,OAAO;GACP,WAAW,OAAO;GAClB,YAAY,OAAO;GACnB,aAAa;GACb,eAAe;GAChB;;CAGH,MAAc,0BACZ,KACA,MACA,SACe;AACf,MAAI,CAAC,KAAK,WAAY;EACtB,MAAM,WAAW,IAAI;AACrB,MAAI,CAAC,YAAY,SAAS,SAAS,UAAU,SAAS,YAAY,WAAW,CAAC,SAAS,IAAI,MAAM,CAC/F;AAGF,MAAI;GACF,MAAM,OAAO,6BAA6B,KAAK;GAC/C,MAAM,WAAW,MAAM,KAAK,yBAAyB,SAAS,SAAU,SAAS,IAAK,KAAK;AAC3F,SAAM,KAAK,WAAW,gBAAgB,SAAS;AAC/C,OAAI,KACF;IAAE,OAAO,IAAI;IAAI,SAAS,SAAS;IAAS,IAAI,SAAS;IAAS,eAAe,KAAK,IAAI;IAAI,EAC9F,0CACD;WACM,KAAK;GACZ,MAAM,KAAK,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;AAC3D,OAAI,KAAK;IAAE,OAAO,IAAI;IAAI;IAAK,eAAe,KAAK,IAAI;IAAI,EAAE,kCAAkC,KAAK;AACpG,OAAI,QAAQ,WAAW,KACrB,SAAQ,UAAU,GAAG,QAAQ,WAAW,GAAG,qBAAqB,GAAG,GAAG,MAAM;;;;;;CAQlF,MAAc,mBACZ,KACA,QACA,SACyB;EACzB,MAAM,OAAO,mBAAmB,IAAI;AAEpC,MAAI,CAAC,QAAQ,CAAC,KAAK,MAAM,CACvB,QAAO;GAAE,QAAQ;GAAW,OAAO;GAA+C;EAIpF,IAAI;EACJ,IAAI;EACJ,IAAI;AAEJ,MAAI,IAAI,UAAU,YAAY,SAAS;AACrC,aAAU;AACV,QAAK;AACL,mBAAgB;aACP,IAAI,UAAU,WAAW,IAAI,UAAU,IAAI;AAEpD,aAAU,IAAI,SAAS;AACvB,QAAK,IAAI,SAAS;AAClB,mBAAgB;SACX;GAEL,MAAM,QAAQ,KAAK,MAAM,IAAI;GAC7B,MAAM,uBAAuB,MAAM,UAAU;AAG7C,OAAI,oBAAoB,CAAC,WAAW,EAClC,+BAA8B,sBAAsB;GAEtD,MAAM,uBAAuB,oBAAoB,CAAC,KAAK,MAAM,EAAE,GAAG;GAElE,MAAM,qBAAqB,CADJ,GAAG,IAAI,IAAI;IAAC,GAAG;IAAsB;IAAO;IAAW;IAAQ,CAAC,CAC/C,CAAC,SAAS,MAAM,GAAG;AAE3D,OAAI,wBAAwB,oBAAoB;AAC9C,cAAU,MAAM;AAChB,SAAK,MAAM;AACX,oBAAgB,MAAM,MAAM,EAAE,CAAC,KAAK,IAAI;AACxC,QAAI,KACF;KAAE,OAAO,IAAI;KAAI;KAAS;KAAI,YAAY;KAAW,gBAAgB,KAAK;KAAQ,EAClF,oCACD;UACI;AAEL,cAAU;AACV,SAAK;AACL,oBAAgB;AAChB,QAAI,MACF;KAAE,OAAO,IAAI;KAAI,YAAY,MAAM;KAAQ,WAAW,MAAM;KAAI,aAAa,CAAC,CAAC,IAAI;KAAU,EAC7F,yDACD;;;EAKL,MAAM,iBAAiB,IAAI,SAAgB,GAAG,WAAW;AACvD,oBAAiB,uBAAO,IAAI,MAAM,uBAAuB,QAAQ,IAAI,CAAC,EAAE,QAAQ;IAChF;EAGF,MAAM,kBAAkB,YAAY;AAElC,OAAI,OAAO,QACT,OAAM,IAAI,MAAM,kBAAkB;AAGpC,OAAI,YAAY,SAAS;AACvB,QAAI,KACF;KAAE,OAAO,IAAI;KAAI,eAAe,cAAc;KAAQ,EACtD,yDACD;AACD,WAAO;KACL,QAAQ;KACR,SAAS,cAAc,MAAM,GAAG,IAAI;KACrC;;GAGH,MAAM,WAAW,MAAM,KAAK,yBAAyB,SAAS,IAAI,cAAc;AAEhF,SAAM,KAAK,WAAW,gBAAgB,SAAS;AAE/C,OAAI,KACF;IAAE,OAAO,IAAI;IAAI;IAAS,IAAI,SAAS;IAAS,eAAe,cAAc;IAAQ,EACrF,+BACD;AAED,UAAO;IACL,QAAQ;IACR,SAAS,cAAc,MAAM,GAAG,IAAI;IACrC;MACC;AAGJ,SAAO,MAAM,QAAQ,KAAK,CAAC,gBAAgB,eAAe,CAAC;;;;;CAM7D,MAAc,gBACZ,KACA,QACA,SACyB;EACzB,MAAM,UAAU,mBAAmB,IAAI;AAEvC,MAAI,CAAC,WAAW,CAAC,QAAQ,MAAM,CAC7B,QAAO;GAAE,QAAQ;GAAW,OAAO;GAA2C;EAGhF,MAAM,MAAM,IAAI,SAAS,MAAM;EAC/B,MAAM,kBAAkB,KAAK,yBAAyB,IAAA;EACtD,MAAM,aAAa,gBAAgB;GACjC,SAAS,iBAAiB,OAAO,gBAAgB;GACjD,QAAQ;GACR,WAAW;GACX,UAAU;GACV,QAAQ,IAAI;GACb,CAAC;EAGF,MAAM,iBAAiB,IAAI,SAAgB,GAAG,WAAW;AACvD,oBAAiB,uBAAO,IAAI,MAAM,uBAAuB,QAAQ,IAAI,CAAC,EAAE,QAAQ;IAChF;EAGF,MAAM,kBAAkB,YAAY;AAElC,OAAI,OAAO,QACT,OAAM,IAAI,MAAM,kBAAkB;AAGpC,SAAM,KAAK,aAAa,cAAc,6BAA6B,YAAY,IAAI,iBAAiB;GAEpG,MAAM,WAAW,4BAA4B,IAAI;AACjD,OAAI;QAEE,CAAC,MADY,KAAK,aAAa,sBAAsB,YAAY,SAAS,EACrE;AACP,SAAI,KAAK;MAAE,OAAO,IAAI;MAAI;MAAY,OAAO;MAAU,EAAE,8CAA8C;AACvG,WAAM,KAAK,aAAa,gCAAgC,WAAW;;SAGrE,OAAM,KAAK,aAAa,gCAAgC,WAAW;GAGrE,MAAM,WAAW,MAAM,KAAK,aAAa,eAAe,cAAc,SAAS,WAAW;GAE1F,MAAM,QAAQ,KAAK,aAAa,mBAAmB,WAAW;AAE9D,OAAI,KACF;IAAE,OAAO,IAAI;IAAI;IAAY,gBAAgB,SAAS;IAAQ;IAAO,EACrE,4BACD;GAGD,MAAM,WAAW,IAAI;GACrB,MAAM,kBAAkB,UAAU;AAOlC,OALE,YACA,SAAS,SAAS,UAClB,oBAAoB,WACpB,SAAS,IAEQ;AACjB,QAAI,cAAc,UAAA,IAAgC,IAAI,SAAS,MAAM,KAAA,WACnE,QAAO;KACL,QAAQ;KACR,SAAS,SAAS,MAAM,GAAG,IAAI;KAC/B,WAAW;KACX;KACA,aAAa;KACb;KACD;IAEH,MAAM,EAAE,aAAa,oBAAoB,SAAS;IAClD,MAAM,eAAe,YAAY,SAAS,MAAM;IAEhD,MAAM,gBAAgB,mBAAmB;IACzC,MAAM,WAAW,MAAM,KAAK,yBAAyB,eAAe,SAAS,IAAI,aAAa;AAE9F,UAAM,KAAK,WAAW,gBAAgB,SAAS;AAE/C,QAAI,KACF;KAAE,OAAO,IAAI;KAAI,SAAS;KAAe,IAAI,SAAS;KAAS,EAC/D,2BACD;AAED,WAAO;KACL,QAAQ;KACR,SAAS,SAAS,MAAM,GAAG,IAAI;KAC/B,WAAW;KACX;KACA,aAAa;KACb;KACD;;AAIH,UAAO;IACL,QAAQ;IACR,SAAS,SAAS,MAAM,GAAG,IAAI;IAC/B,WAAW;IACX;IACA,aAAa;IACb;IACD;MACC;AAGJ,MAAI;AACF,UAAO,MAAM,QAAQ,KAAK,CAAC,gBAAgB,eAAe,CAAC;YACnD;GACR,MAAM,EAAE,yCAAyC,MAAM,OAAO;AAC9D,SAAM,qCAAqC;IACzC;IACA,QAAQ;IACT,CAAC,CAAC,YAAY,GAAG;;;;;;CAOtB,MAAc,aACZ,KACA,QACA,SACyB;AACzB,SAAO,IAAI,SAAS,SAAS,WAAW;GACtC,MAAM,YAAY,iBAAiB;AACjC,2BAAO,IAAI,MAAM,uBAAuB,QAAQ,IAAI,CAAC;MACpD,QAAQ;GAGX,MAAM,qBAAqB;AACzB,iBAAa,UAAU;AACvB,2BAAO,IAAI,MAAM,kBAAkB,CAAC;;AAEtC,UAAO,iBAAiB,SAAS,aAAa;AAG9C,oBAAiB;AACf,iBAAa,UAAU;AACvB,WAAO,oBAAoB,SAAS,aAAa;AAEjD,QAAI,OAAO,QACT,wBAAO,IAAI,MAAM,kBAAkB,CAAC;QAEpC,SAAQ;KACN,QAAQ;KACR,SAAS,aAAa,mBAAmB,IAAI,CAAC,MAAM,GAAG,IAAI;KAC5D,CAAC;MAEH,IAAI;IACP;;;;;CAMJ,UAAU,OAAwB;EAChC,MAAM,aAAa,KAAK,YAAY,IAAI,MAAM;AAC9C,MAAI,YAAY;AACd,cAAW,OAAO;AAClB,QAAK,YAAY,OAAO,MAAM;AAC9B,UAAO;;AAET,SAAO;;;;;CAMT,WAAW,OAAe,QAAQ,IAAoB;AAEpD,UADgB,KAAK,QAAQ,IAAI,MAAM,IAAI,EAAE,EAC9B,MAAM,CAAC,MAAM;;;;;CAM9B,uBAAuC;EACrC,MAAM,SAAyB,EAAE;AACjC,OAAK,MAAM,CAAC,UAAU,KAAK,aAAa;GACtC,MAAM,UAAU,KAAK,QAAQ,IAAI,MAAM;AACvC,OAAI,SAAS;IACX,MAAM,UAAU,QAAQ,MAAM,MAAM,EAAE,WAAW,UAAU;AAC3D,QAAI,QAAS,QAAO,KAAK,QAAQ;;;AAGrC,SAAO;;;;;CAMT,UAAU,OAAwB;AAChC,SAAO,KAAK,YAAY,IAAI,MAAM;;;;;CAMpC,qBAAqB,OAAuB;EAC1C,MAAM,UAAU,KAAK,QAAQ,IAAI,MAAM,IAAI,EAAE;AAE7C,OAAK,IAAI,IAAI,QAAQ,SAAS,GAAG,KAAK,GAAG,IACvC,KAAI,QAAQ,GAAG,WAAW,WAAW;AACnC,OAAI,QAAQ,GAAG,WAAW,YAAY,QAAQ,GAAG,WAAW,aAAa;IAEvE,IAAI,QAAQ;AACZ,SAAK,IAAI,IAAI,IAAI,GAAG,KAAK,GAAG,IAC1B,KAAI,QAAQ,GAAG,WAAW,YAAY,QAAQ,GAAG,WAAW,YAC1D;QAEA;AAGJ,WAAO,QAAQ;;AAEjB,UAAO;;AAGX,SAAO;;;;;CAMT,iBAAiB,OAAuB;AAEtC,SAAO,eADQ,KAAK,qBAAqB,MACb,CAAC;;;;;CAM/B,eAAe,aAAa,GAAS;EACnC,MAAM,SAAS,KAAK,KAAK,GAAG,aAAa,KAAK,KAAK,KAAK;AAExD,OAAK,MAAM,CAAC,OAAO,eAAe,KAAK,QACrC,MAAK,QAAQ,IACX,OACA,WAAW,QAAQ,MAAM,IAAI,KAAK,EAAE,UAAU,CAAC,SAAS,GAAG,OAAO,CACnE;;CAIL,aAAqB,OAAe,WAA+B;EACjE,MAAM,WAAW,KAAK,QAAQ,IAAI,MAAM,IAAI,EAAE;AAC9C,WAAS,KAAK,UAAU;AAExB,MAAI,SAAS,SAAS,IACpB,UAAS,OAAO;AAElB,OAAK,QAAQ,IAAI,OAAO,SAAS"}
1	+ {"version":3,"file":"executor.js","names":[],"sources":["../../../src/cron/executor.ts"],"sourcesContent":["// Cron job executor with timeout, retry logic and agent integration\nimport type { WorkflowRunView } from '../workflows/domain/index.js';\nimport type {\n CronRunOutcome,\n CronWorkflowRunStarter,\n HeartbeatWakeSink,\n JobData,\n JobExecution,\n JobExecutor,\n JobExecutorDeps,\n} from './types.js';\nimport type { OutboundMessage } from '../channels/transport-types.js';\nimport { createLogger } from '../utils/logger.js';\nimport {\n getChannelPlugin,\n listChannelPlugins,\n syncChannelPluginsFromManager,\n} from '../channels/plugins/registry.js';\nimport { bundledChannelPlugins } from '../generated/bundled-channel-plugins.js';\nimport { getCronPayloadText } from './job-content.js';\nimport type { SessionStore } from '../session/store.js';\nimport type { CronRunLogStore } from './run-log-store.js';\nimport {\n DEFAULT_ACK_MAX_CHARS,\n NO_REPLY,\n shouldSilence,\n stripHeartbeatToken,\n} from '../heartbeat/tokens.js';\nimport { DEFAULT_AGENT_ID, normalizeAgentId } from '../agent/agent-scope.js';\nimport { buildSessionKey } from '../routing/session-key.js';\nimport {\n buildWorkflowRunCronSummary,\n buildWorkflowRunDeliveryText,\n isWorkflowRunCronSuccess,\n resolveWorkflowCronWaitMs,\n waitForWorkflowRunView,\n} from './workflow-run-completion.js';\n\nconst log = createLogger('CronExecutor');\n\n// Error backoff schedule in ms\nconst ERROR_BACKOFF_MS = [\n 30_000, // 1st error → 30s\n 60_000, // 2nd error → 1min\n 5 * 60_000, // 3rd error → 5min\n 15 * 60_000, // 4th error → 15min\n 60 * 60_000, // 5th+ error → 60min\n];\n\nfunction errorBackoffMs(consecutiveErrors: number): number {\n const idx = Math.min(consecutiveErrors - 1, ERROR_BACKOFF_MS.length - 1);\n return ERROR_BACKOFF_MS[Math.max(0, idx)];\n}\n\nfunction resolveIsolatedCronJobModel(job: JobData): string \| undefined {\n const fromJob = job.model?.trim();\n if (fromJob) return fromJob;\n if (job.payload?.kind === 'agentTurn') {\n const m = job.payload.model?.trim();\n if (m) return m;\n }\n return undefined;\n}\n\nexport class DefaultJobExecutor implements JobExecutor {\n private history: Map<string, JobExecution[]> = new Map();\n private runningJobs = new Map<string, AbortController>();\n private agentService: any = null;\n private messageBus: any = null;\n private heartbeatService: HeartbeatWakeSink \| null = null;\n private sessionStore: SessionStore \| undefined;\n private runLogStore: CronRunLogStore \| null = null;\n private getDefaultCronAgentId: (() => string) \| null = null;\n private workflowRunService: CronWorkflowRunStarter \| null = null;\n\n setRunLogStore(store: CronRunLogStore \| null): void {\n this.runLogStore = store;\n }\n\n setDeps(deps: JobExecutorDeps): void {\n this.agentService = deps.agentService;\n this.messageBus = deps.messageBus;\n this.heartbeatService = deps.heartbeatService ?? null;\n if (deps.sessionStore !== undefined) {\n this.sessionStore = deps.sessionStore;\n }\n this.getDefaultCronAgentId = deps.getDefaultCronAgentId ?? null;\n this.workflowRunService = deps.workflowRunService ?? null;\n }\n\n private async buildCronOutboundMessage(\n channel: string,\n to: string,\n content: string,\n ): Promise<OutboundMessage> {\n if (listChannelPlugins().length === 0) {\n syncChannelPluginsFromManager(bundledChannelPlugins);\n }\n const plugin = getChannelPlugin(channel);\n if (plugin?.cronDelivery) {\n const { chatId, accountId, metadata } = await plugin.cronDelivery.normalizeDeliveryTarget(\n to,\n this.sessionStore,\n );\n const meta =\n accountId \|\| metadata\n ? { ...(metadata ?? {}), ...(accountId ? { accountId } : {}) }\n : undefined;\n return {\n channel,\n chat_id: chatId,\n content,\n type: 'message',\n ...(meta && Object.keys(meta).length > 0 ? { metadata: meta } : {}),\n };\n }\n return {\n channel,\n chat_id: to,\n content,\n type: 'message',\n };\n }\n\n async execute(job: JobData, signal: AbortSignal, deps?: JobExecutorDeps): Promise<void> {\n // Set deps if provided\n if (deps) {\n this.setDeps(deps);\n }\n\n const executionId = crypto.randomUUID();\n const execution: JobExecution = {\n id: executionId,\n jobId: job.id,\n status: 'running',\n startedAt: new Date().toISOString(),\n retryCount: 0,\n };\n\n // Record execution start\n this.addToHistory(job.id, execution);\n this.runningJobs.set(job.id, new AbortController());\n\n log.info(\n { jobId: job.id, executionId, preview: getCronPayloadText(job).slice(0, 100) },\n 'Job executing'\n );\n\n let result: CronRunOutcome;\n\n try {\n // Check for cancellation\n if (signal.aborted) {\n throw new Error('Job was cancelled before execution');\n }\n\n // Execute the job\n result = await this.performJob(job, signal);\n\n // Mark as success/failed\n execution.status = result.status === 'ok' ? 'success' : result.status === 'skipped' ? 'cancelled' : 'failed';\n execution.endedAt = new Date().toISOString();\n execution.duration = Date.now() - new Date(execution.startedAt).getTime();\n execution.summary = result.summary;\n execution.error = result.error;\n execution.sessionId = result.sessionId;\n execution.sessionKey = result.sessionKey;\n execution.sessionType = result.sessionType;\n execution.model = result.model;\n execution.workflowRunId = result.workflowRunId;\n\n if (result.status === 'ok') {\n log.info(\n { jobId: job.id, executionId, duration: execution.duration },\n 'Job completed'\n );\n } else if (result.status === 'skipped') {\n log.warn({ jobId: job.id, executionId, reason: result.error }, 'Job skipped');\n } else {\n log.error(\n { jobId: job.id, executionId, errorMessage: result.error, phase: 'cron.execute' },\n `Job failed: ${result.error ?? 'unknown'}`,\n );\n }\n\n if (result.status === 'ok' && this.heartbeatService) {\n try {\n this.heartbeatService.requestNow({ reason: `cron:${job.id}` });\n } catch (e) {\n log.warn({ jobId: job.id, err: e }, 'Heartbeat wake after cron failed');\n }\n }\n } catch (error) {\n execution.status = 'failed';\n execution.endedAt = new Date().toISOString();\n execution.duration = Date.now() - new Date(execution.startedAt).getTime();\n execution.error = error instanceof Error ? error.message : String(error);\n\n log.error(\n {\n err: error,\n errorMessage: execution.error,\n jobId: job.id,\n executionId,\n phase: 'cron.execute',\n },\n `Job execution error: ${execution.error}`,\n );\n\n result = {\n status: 'error',\n error: execution.error,\n };\n } finally {\n this.runningJobs.delete(job.id);\n }\n\n if (this.runLogStore) {\n await this.runLogStore.appendCompleted(execution);\n }\n\n return;\n }\n\n /*\n Perform the actual job work - integrate with AgentService\n /\n protected async performJob(job: JobData, signal: AbortSignal): Promise<CronRunOutcome> {\n const timeout = job.timeout \|\| 60000;\n const sessionTarget = job.sessionTarget \|\| 'main';\n\n // Check for abort before starting\n if (signal.aborted) {\n return { status: 'skipped', error: 'Job was aborted before execution' };\n }\n\n try {\n if (job.payload.kind === 'workflowRun') {\n return await this.executeWorkflowRun(job, signal);\n }\n\n // If no agent service, fall back to basic execution\n if (!this.agentService \|\| !this.messageBus) {\n log.warn({ jobId: job.id }, 'No agent service configured, using basic execution');\n return this.basicExecute(job, signal, timeout);\n }\n\n if (sessionTarget === 'main') {\n return await this.executeMainSession(job, signal, timeout);\n } else {\n return await this.executeIsolated(job, signal, timeout);\n }\n } catch (error) {\n return {\n status: 'error',\n error: error instanceof Error ? error.message : String(error),\n };\n }\n }\n\n private async executeWorkflowRun(job: JobData, signal: AbortSignal): Promise<CronRunOutcome> {\n if (signal.aborted) {\n return { status: 'skipped', error: 'Job was aborted before workflow run start' };\n }\n\n if (job.payload.kind !== 'workflowRun') {\n return { status: 'error', error: 'Cron job payload is not workflowRun' };\n }\n\n if (!this.workflowRunService) {\n return { status: 'error', error: 'Workflow run service is not configured for cron' };\n }\n\n const fallbackAgentId = this.getDefaultCronAgentId?.() ?? DEFAULT_AGENT_ID;\n const agentId = normalizeAgentId(job.payload.agentId \|\| job.agentId \|\| fallbackAgentId);\n const fireId = job.payload.source?.fireId \|\| crypto.randomUUID();\n const source = {\n kind: 'cron' as const,\n scheduleId: job.payload.source?.scheduleId \|\| job.id,\n fireId,\n scheduledAtMs: job.payload.source?.scheduledAtMs ?? Date.now(),\n };\n const result = await this.workflowRunService.startWorkflowRun({\n agentId,\n definitionId: job.payload.definitionId,\n input: job.payload.input,\n inputEnvelope: job.payload.inputEnvelope,\n goal: job.payload.goal,\n source,\n idempotencyKey: `cron:${job.id}:${fireId}`,\n });\n\n if (result.ok === false) {\n return {\n status: 'error',\n error: result.message,\n };\n }\n\n log.info(\n {\n jobId: job.id,\n workflowRunId: result.runId,\n definitionId: job.payload.definitionId,\n sessionKey: result.sessionKey,\n },\n 'Workflow run started from cron',\n );\n\n const waitForCompletion = job.payload.waitForCompletion !== false;\n if (!waitForCompletion \|\| !this.workflowRunService.readWorkflowRunView) {\n return {\n status: 'ok',\n summary: `Started workflow run ${result.runId}`,\n sessionId: result.sessionKey,\n sessionKey: result.sessionKey,\n sessionType: 'workflow',\n workflowRunId: result.runId,\n };\n }\n\n return this.waitForWorkflowRunOutcome({\n job,\n agentId,\n sessionKey: result.sessionKey,\n initialRunId: result.runId,\n signal,\n });\n }\n\n private async waitForWorkflowRunOutcome(params: {\n job: JobData;\n agentId: string;\n sessionKey: string;\n initialRunId: string;\n signal: AbortSignal;\n }): Promise<CronRunOutcome> {\n const waitMs = resolveWorkflowCronWaitMs(params.job.timeout);\n const maxWorkflowRetries = Math.max(0, params.job.maxRetries ?? 0);\n let runId = params.initialRunId;\n let attempt = 0;\n\n while (attempt <= maxWorkflowRetries) {\n const waitResult = await waitForWorkflowRunView({\n readView: (id) => this.workflowRunService!.readWorkflowRunView!(params.agentId, id),\n runId,\n signal: params.signal,\n timeoutMs: waitMs,\n });\n\n if (waitResult.kind === 'aborted') {\n return { status: 'skipped', error: 'Job was aborted while waiting for workflow run' };\n }\n\n if (waitResult.kind === 'timeout') {\n return {\n status: 'error',\n error: `Workflow run ${runId} did not finish within ${waitMs}ms`,\n summary: waitResult.lastView ? buildWorkflowRunCronSummary(waitResult.lastView) : undefined,\n sessionId: params.sessionKey,\n sessionKey: params.sessionKey,\n sessionType: 'workflow',\n workflowRunId: runId,\n };\n }\n\n const view = waitResult.view;\n const summary = buildWorkflowRunCronSummary(view);\n const succeeded = isWorkflowRunCronSuccess(view);\n\n if (succeeded) {\n const baseOutcome: CronRunOutcome = {\n status: 'ok',\n summary,\n sessionId: params.sessionKey,\n sessionKey: params.sessionKey,\n sessionType: 'workflow',\n workflowRunId: runId,\n };\n await this.deliverWorkflowRunOutcome(params.job, view, baseOutcome);\n return baseOutcome;\n }\n\n const canRetry =\n attempt < maxWorkflowRetries &&\n view.run.status === 'failed' &&\n Boolean(this.workflowRunService?.retryWorkflowRun);\n\n if (!canRetry) {\n return {\n status: 'error',\n summary,\n error: summary,\n sessionId: params.sessionKey,\n sessionKey: params.sessionKey,\n sessionType: 'workflow',\n workflowRunId: runId,\n };\n }\n\n const retryResult = await this.workflowRunService!.retryWorkflowRun!({\n agentId: params.agentId,\n runId,\n });\n if (retryResult.ok === false) {\n return {\n status: 'error',\n error: retryResult.message,\n summary,\n sessionId: params.sessionKey,\n sessionKey: params.sessionKey,\n sessionType: 'workflow',\n workflowRunId: runId,\n };\n }\n\n runId = retryResult.runId;\n attempt += 1;\n log.info(\n { jobId: params.job.id, attempt, workflowRunId: runId },\n 'Retrying failed workflow run from cron',\n );\n }\n\n return {\n status: 'error',\n error: 'Workflow run retries exhausted',\n sessionId: params.sessionKey,\n sessionKey: params.sessionKey,\n sessionType: 'workflow',\n workflowRunId: runId,\n };\n }\n\n private async deliverWorkflowRunOutcome(\n job: JobData,\n view: WorkflowRunView,\n outcome: CronRunOutcome,\n ): Promise<void> {\n if (!this.messageBus) return;\n const delivery = job.delivery;\n if (!delivery \|\| delivery.mode === 'none' \|\| delivery.channel === 'local' \|\| !delivery.to?.trim()) {\n return;\n }\n\n try {\n const text = buildWorkflowRunDeliveryText(view);\n const outbound = await this.buildCronOutboundMessage(delivery.channel!, delivery.to!, text);\n await this.messageBus.publishOutbound(outbound);\n log.info(\n { jobId: job.id, channel: delivery.channel, to: outbound.chat_id, workflowRunId: view.run.id },\n 'Delivered workflow run result from cron',\n );\n } catch (err) {\n const em = err instanceof Error ? err.message : String(err);\n log.warn({ jobId: job.id, err, workflowRunId: view.run.id }, `Workflow cron delivery failed: ${em}`);\n if (outcome.status === 'ok') {\n outcome.summary = `${outcome.summary ?? ''} (delivery failed: ${em})`.trim();\n }\n }\n }\n\n /\n Execute in main session - sends system event\n /\n private async executeMainSession(\n job: JobData,\n signal: AbortSignal,\n timeout: number\n ): Promise<CronRunOutcome> {\n const text = getCronPayloadText(job);\n\n if (!text \|\| !text.trim()) {\n return { status: 'skipped', error: 'Main session job requires non-empty message' };\n }\n\n // Parse delivery from job config, or parse routing from payload text: \"channel:chat_id:content\"\n let channel: string;\n let to: string;\n let actualMessage: string;\n\n if (job.delivery?.channel === 'local') {\n channel = 'local';\n to = '';\n actualMessage = text;\n } else if (job.delivery?.channel && job.delivery?.to) {\n // Use explicit delivery config\n channel = job.delivery.channel;\n to = job.delivery.to;\n actualMessage = text;\n } else {\n // Parse from payload text: \"channel:chat_id:content\"\n const parts = text.split(':');\n const hasAtLeastThreeParts = parts.length >= 3;\n \n // Check if first part looks like a known channel\n if (listChannelPlugins().length === 0) {\n syncChannelPluginsFromManager(bundledChannelPlugins);\n }\n const registeredChannelIds = listChannelPlugins().map((p) => p.id);\n const knownChannels = [...new Set([...registeredChannelIds, 'cli', 'gateway', 'local'])];\n const firstPartIsChannel = knownChannels.includes(parts[0]);\n \n if (hasAtLeastThreeParts && firstPartIsChannel) {\n channel = parts[0];\n to = parts[1];\n actualMessage = parts.slice(2).join(':');\n log.info(\n { jobId: job.id, channel, to, parsedFrom: 'message', originalLength: text.length },\n 'Parsed delivery from payload text'\n );\n } else {\n // Fallback to defaults\n channel = 'cli';\n to = 'cron';\n actualMessage = text;\n log.debug(\n { jobId: job.id, partsCount: parts.length, firstPart: parts[0], hasDelivery: !!job.delivery },\n 'Using default delivery - message format not recognized'\n );\n }\n }\n\n // Create timeout promise\n const timeoutPromise = new Promise<never>((_, reject) => {\n setTimeout(() => reject(new Error(`Job timed out after ${timeout}ms`)), timeout);\n });\n\n // Create execution promise\n const executePromise = (async () => {\n // Check for abort\n if (signal.aborted) {\n throw new Error('Job was aborted');\n }\n\n if (channel === 'local') {\n log.info(\n { jobId: job.id, messageLength: actualMessage.length },\n 'Cron main session: local channel — no outbound publish'\n );\n return {\n status: 'ok' as const,\n summary: actualMessage.slice(0, 200),\n };\n }\n\n const outbound = await this.buildCronOutboundMessage(channel, to, actualMessage);\n\n await this.messageBus.publishOutbound(outbound);\n\n log.info(\n { jobId: job.id, channel, to: outbound.chat_id, messageLength: actualMessage.length },\n 'Sent message to main session'\n );\n\n return {\n status: 'ok' as const,\n summary: actualMessage.slice(0, 200),\n };\n })();\n\n // Race against timeout\n return await Promise.race([executePromise, timeoutPromise]);\n }\n\n /\n Execute in isolated mode - runs agent independently\n /\n private async executeIsolated(\n job: JobData,\n signal: AbortSignal,\n timeout: number\n ): Promise<CronRunOutcome> {\n const message = getCronPayloadText(job);\n\n if (!message \|\| !message.trim()) {\n return { status: 'skipped', error: 'Isolated job requires non-empty message' };\n }\n\n const aid = job.agentId?.trim();\n const fallbackAgentId = this.getDefaultCronAgentId?.() ?? DEFAULT_AGENT_ID;\n const sessionKey = buildSessionKey({\n agentId: normalizeAgentId(aid \|\| fallbackAgentId),\n source: 'cron',\n accountId: 'default',\n peerKind: 'dm',\n peerId: job.id,\n });\n\n // Create timeout promise\n const timeoutPromise = new Promise<never>((_, reject) => {\n setTimeout(() => reject(new Error(`Job timed out after ${timeout}ms`)), timeout);\n });\n\n // Create execution promise\n const executePromise = (async () => {\n // Check for abort\n if (signal.aborted) {\n throw new Error('Job was aborted');\n }\n\n await this.agentService.sessionConfig.applyCronJobWorkingDirectory(sessionKey, job.workingDirectory);\n\n const jobModel = resolveIsolatedCronJobModel(job);\n if (jobModel) {\n const ok = await this.agentService.switchModelForSession(sessionKey, jobModel);\n if (!ok) {\n log.warn({ jobId: job.id, sessionKey, model: jobModel }, 'Cron job model invalid; using agent default');\n await this.agentService.resetSessionModelToAgentDefault(sessionKey);\n }\n } else {\n await this.agentService.resetSessionModelToAgentDefault(sessionKey);\n }\n\n const response = await this.agentService.turnDispatcher.processDirect(message, sessionKey);\n\n const model = this.agentService.getModelForSession(sessionKey);\n\n log.info(\n { jobId: job.id, sessionKey, responseLength: response.length, model },\n 'Agent execution completed'\n );\n\n // Handle delivery (`local` channel or `mode: none` = no outbound; transcript in SessionStore)\n const delivery = job.delivery;\n const outboundChannel = delivery?.channel;\n const shouldPublish =\n delivery &&\n delivery.mode !== 'none' &&\n outboundChannel !== 'local' &&\n delivery.to;\n\n if (shouldPublish) {\n if (shouldSilence(response, DEFAULT_ACK_MAX_CHARS) \|\| response.trim() === NO_REPLY) {\n return {\n status: 'ok' as const,\n summary: response.slice(0, 200),\n sessionId: sessionKey,\n sessionKey,\n sessionType: 'cron',\n model,\n };\n }\n const { stripped } = stripHeartbeatToken(response);\n const outboundText = stripped \|\| response.trim();\n\n const targetChannel = outboundChannel \|\| 'cli';\n const outbound = await this.buildCronOutboundMessage(targetChannel, delivery.to, outboundText);\n\n await this.messageBus.publishOutbound(outbound);\n\n log.info(\n { jobId: job.id, channel: targetChannel, to: outbound.chat_id },\n 'Delivered agent response'\n );\n\n return {\n status: 'ok' as const,\n summary: response.slice(0, 200),\n sessionId: sessionKey,\n sessionKey,\n sessionType: 'cron',\n model,\n };\n }\n\n // No outbound delivery: transcript is in SessionStore under `sessionKey`.\n return {\n status: 'ok' as const,\n summary: response.slice(0, 200),\n sessionId: sessionKey,\n sessionKey,\n sessionType: 'cron',\n model,\n };\n })();\n\n // Race against timeout\n try {\n return await Promise.race([executePromise, timeoutPromise]);\n } finally {\n const { retireSessionMcpRuntimeForSessionKey } = await import('../agent/mcp/bundle-mcp-tools.js');\n await retireSessionMcpRuntimeForSessionKey({\n sessionKey,\n reason: 'cron-isolated-end',\n }).catch(() => {});\n }\n }\n\n /\n Basic execution without agent service (fallback)\n /\n private async basicExecute(\n job: JobData,\n signal: AbortSignal,\n timeout: number\n ): Promise<CronRunOutcome> {\n return new Promise((resolve, reject) => {\n const timeoutId = setTimeout(() => {\n reject(new Error(`Job timed out after ${timeout}ms`));\n }, timeout);\n\n // Listen for abort signal\n const abortHandler = () => {\n clearTimeout(timeoutId);\n reject(new Error('Job was aborted'));\n };\n signal.addEventListener('abort', abortHandler);\n\n // Simulate basic work\n setTimeout(() => {\n clearTimeout(timeoutId);\n signal.removeEventListener('abort', abortHandler);\n\n if (signal.aborted) {\n reject(new Error('Job was aborted'));\n } else {\n resolve({\n status: 'ok',\n summary: `Executed: ${getCronPayloadText(job).slice(0, 100)}`,\n });\n }\n }, 100);\n });\n }\n\n /\n Cancel a running job\n /\n cancelJob(jobId: string): boolean {\n const controller = this.runningJobs.get(jobId);\n if (controller) {\n controller.abort();\n this.runningJobs.delete(jobId);\n return true;\n }\n return false;\n }\n\n /\n Get execution history for a job\n /\n getHistory(jobId: string, limit = 10): JobExecution[] {\n const history = this.history.get(jobId) \|\| [];\n return history.slice(-limit);\n }\n\n /\n Get currently running executions\n /\n getRunningExecutions(): JobExecution[] {\n const result: JobExecution[] = [];\n for (const [jobId] of this.runningJobs) {\n const history = this.history.get(jobId);\n if (history) {\n const running = history.find((e) => e.status === 'running');\n if (running) result.push(running);\n }\n }\n return result;\n }\n\n /\n Check if a job is currently running\n /\n isRunning(jobId: string): boolean {\n return this.runningJobs.has(jobId);\n }\n\n /\n Get consecutive error count for a job\n /\n getConsecutiveErrors(jobId: string): number {\n const history = this.history.get(jobId) \|\| [];\n // Find last execution\n for (let i = history.length - 1; i >= 0; i--) {\n if (history[i].status !== 'running') {\n if (history[i].status === 'failed' \|\| history[i].status === 'cancelled') {\n // Count consecutive errors before this\n let count = 0;\n for (let j = i - 1; j >= 0; j--) {\n if (history[j].status === 'failed' \|\| history[j].status === 'cancelled') {\n count++;\n } else {\n break;\n }\n }\n return count + 1;\n }\n return 0;\n }\n }\n return 0;\n }\n\n /\n Calculate backoff delay for a job\n /\n calculateBackoff(jobId: string): number {\n const errors = this.getConsecutiveErrors(jobId);\n return errorBackoffMs(errors);\n }\n\n /\n Clear old history entries\n /\n cleanupHistory(maxAgeDays = 7): void {\n const cutoff = Date.now() - maxAgeDays 24 * 60 * 60 * 1000;\n\n for (const [jobId, executions] of this.history) {\n this.history.set(\n jobId,\n executions.filter((e) => new Date(e.startedAt).getTime() > cutoff)\n );\n }\n }\n\n private addToHistory(jobId: string, execution: JobExecution): void {\n const existing = this.history.get(jobId) \|\| [];\n existing.push(execution);\n // Keep last 100 executions per job\n if (existing.length > 100) {\n existing.shift();\n }\n this.history.set(jobId, existing);\n }\n}\n"],"mappings":";;;;;;;;;;aAYkD;kBAgB2B;kBACjB;AAS5D,MAAM,MAAM,aAAa,eAAe;AAGxC,MAAM,mBAAmB;CACvB;CACA;CACA,IAAI;CACJ,KAAK;CACL,KAAK;CACN;AAED,SAAS,eAAe,mBAAmC;CACzD,MAAM,MAAM,KAAK,IAAI,oBAAoB,GAAG,iBAAiB,SAAS,EAAE;AACxE,QAAO,iBAAiB,KAAK,IAAI,GAAG,IAAI;;AAG1C,SAAS,4BAA4B,KAAkC;CACrE,MAAM,UAAU,IAAI,OAAO,MAAM;AACjC,KAAI,QAAS,QAAO;AACpB,KAAI,IAAI,SAAS,SAAS,aAAa;EACrC,MAAM,IAAI,IAAI,QAAQ,OAAO,MAAM;AACnC,MAAI,EAAG,QAAO;;;AAKlB,IAAa,qBAAb,MAAuD;CACrD,0BAA+C,IAAI,KAAK;CACxD,8BAAsB,IAAI,KAA8B;CACxD,eAA4B;CAC5B,aAA0B;CAC1B,mBAAqD;CACrD;CACA,cAA8C;CAC9C,wBAAuD;CACvD,qBAA4D;CAE5D,eAAe,OAAqC;AAClD,OAAK,cAAc;;CAGrB,QAAQ,MAA6B;AACnC,OAAK,eAAe,KAAK;AACzB,OAAK,aAAa,KAAK;AACvB,OAAK,mBAAmB,KAAK,oBAAoB;AACjD,MAAI,KAAK,iBAAiB,KAAA,EACxB,MAAK,eAAe,KAAK;AAE3B,OAAK,wBAAwB,KAAK,yBAAyB;AAC3D,OAAK,qBAAqB,KAAK,sBAAsB;;CAGvD,MAAc,yBACZ,SACA,IACA,SAC0B;AAC1B,MAAI,oBAAoB,CAAC,WAAW,EAClC,+BAA8B,sBAAsB;EAEtD,MAAM,SAAS,iBAAiB,QAAQ;AACxC,MAAI,QAAQ,cAAc;GACxB,MAAM,EAAE,QAAQ,WAAW,aAAa,MAAM,OAAO,aAAa,wBAChE,IACA,KAAK,aACN;GACD,MAAM,OACJ,aAAa,WACT;IAAE,GAAI,YAAY,EAAE;IAAG,GAAI,YAAY,EAAE,WAAW,GAAG,EAAE;IAAG,GAC5D,KAAA;AACN,UAAO;IACL;IACA,SAAS;IACT;IACA,MAAM;IACN,GAAI,QAAQ,OAAO,KAAK,KAAK,CAAC,SAAS,IAAI,EAAE,UAAU,MAAM,GAAG,EAAE;IACnE;;AAEH,SAAO;GACL;GACA,SAAS;GACT;GACA,MAAM;GACP;;CAGH,MAAM,QAAQ,KAAc,QAAqB,MAAuC;AAEtF,MAAI,KACF,MAAK,QAAQ,KAAK;EAGpB,MAAM,cAAc,OAAO,YAAY;EACvC,MAAM,YAA0B;GAC9B,IAAI;GACJ,OAAO,IAAI;GACX,QAAQ;GACR,4BAAW,IAAI,MAAM,EAAC,aAAa;GACnC,YAAY;GACb;AAGD,OAAK,aAAa,IAAI,IAAI,UAAU;AACpC,OAAK,YAAY,IAAI,IAAI,IAAI,IAAI,iBAAiB,CAAC;AAEnD,MAAI,KACF;GAAE,OAAO,IAAI;GAAI;GAAa,SAAS,mBAAmB,IAAI,CAAC,MAAM,GAAG,IAAI;GAAE,EAC9E,gBACD;EAED,IAAI;AAEJ,MAAI;AAEF,OAAI,OAAO,QACT,OAAM,IAAI,MAAM,qCAAqC;AAIvD,YAAS,MAAM,KAAK,WAAW,KAAK,OAAO;AAG3C,aAAU,SAAS,OAAO,WAAW,OAAO,YAAY,OAAO,WAAW,YAAY,cAAc;AACpG,aAAU,2BAAU,IAAI,MAAM,EAAC,aAAa;AAC5C,aAAU,WAAW,KAAK,KAAK,GAAG,IAAI,KAAK,UAAU,UAAU,CAAC,SAAS;AACzE,aAAU,UAAU,OAAO;AAC3B,aAAU,QAAQ,OAAO;AACzB,aAAU,YAAY,OAAO;AAC7B,aAAU,aAAa,OAAO;AAC9B,aAAU,cAAc,OAAO;AAC/B,aAAU,QAAQ,OAAO;AACzB,aAAU,gBAAgB,OAAO;AAEjC,OAAI,OAAO,WAAW,KACpB,KAAI,KACF;IAAE,OAAO,IAAI;IAAI;IAAa,UAAU,UAAU;IAAU,EAC5D,gBACD;YACQ,OAAO,WAAW,UAC3B,KAAI,KAAK;IAAE,OAAO,IAAI;IAAI;IAAa,QAAQ,OAAO;IAAO,EAAE,cAAc;OAE7E,KAAI,MACF;IAAE,OAAO,IAAI;IAAI;IAAa,cAAc,OAAO;IAAO,OAAO;IAAgB,EACjF,eAAe,OAAO,SAAS,YAChC;AAGH,OAAI,OAAO,WAAW,QAAQ,KAAK,iBACjC,KAAI;AACF,SAAK,iBAAiB,WAAW,EAAE,QAAQ,QAAQ,IAAI,MAAM,CAAC;YACvD,GAAG;AACV,QAAI,KAAK;KAAE,OAAO,IAAI;KAAI,KAAK;KAAG,EAAE,mCAAmC;;WAGpE,OAAO;AACd,aAAU,SAAS;AACnB,aAAU,2BAAU,IAAI,MAAM,EAAC,aAAa;AAC5C,aAAU,WAAW,KAAK,KAAK,GAAG,IAAI,KAAK,UAAU,UAAU,CAAC,SAAS;AACzE,aAAU,QAAQ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;AAExE,OAAI,MACF;IACE,KAAK;IACL,cAAc,UAAU;IACxB,OAAO,IAAI;IACX;IACA,OAAO;IACR,EACD,wBAAwB,UAAU,QACnC;AAED,YAAS;IACP,QAAQ;IACR,OAAO,UAAU;IAClB;YACO;AACR,QAAK,YAAY,OAAO,IAAI,GAAG;;AAGjC,MAAI,KAAK,YACP,OAAM,KAAK,YAAY,gBAAgB,UAAU;;;;;CASrD,MAAgB,WAAW,KAAc,QAA8C;EACrF,MAAM,UAAU,IAAI,WAAW;EAC/B,MAAM,gBAAgB,IAAI,iBAAiB;AAG3C,MAAI,OAAO,QACT,QAAO;GAAE,QAAQ;GAAW,OAAO;GAAoC;AAGzE,MAAI;AACF,OAAI,IAAI,QAAQ,SAAS,cACvB,QAAO,MAAM,KAAK,mBAAmB,KAAK,OAAO;AAInD,OAAI,CAAC,KAAK,gBAAgB,CAAC,KAAK,YAAY;AAC1C,QAAI,KAAK,EAAE,OAAO,IAAI,IAAI,EAAE,qDAAqD;AACjF,WAAO,KAAK,aAAa,KAAK,QAAQ,QAAQ;;AAGhD,OAAI,kBAAkB,OACpB,QAAO,MAAM,KAAK,mBAAmB,KAAK,QAAQ,QAAQ;OAE1D,QAAO,MAAM,KAAK,gBAAgB,KAAK,QAAQ,QAAQ;WAElD,OAAO;AACd,UAAO;IACL,QAAQ;IACR,OAAO,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;IAC9D;;;CAIL,MAAc,mBAAmB,KAAc,QAA8C;AAC3F,MAAI,OAAO,QACT,QAAO;GAAE,QAAQ;GAAW,OAAO;GAA6C;AAGlF,MAAI,IAAI,QAAQ,SAAS,cACvB,QAAO;GAAE,QAAQ;GAAS,OAAO;GAAuC;AAG1E,MAAI,CAAC,KAAK,mBACR,QAAO;GAAE,QAAQ;GAAS,OAAO;GAAmD;EAGtF,MAAM,kBAAkB,KAAK,yBAAyB,IAAA;EACtD,MAAM,UAAU,iBAAiB,IAAI,QAAQ,WAAW,IAAI,WAAW,gBAAgB;EACvF,MAAM,SAAS,IAAI,QAAQ,QAAQ,UAAU,OAAO,YAAY;EAChE,MAAM,SAAS;GACb,MAAM;GACN,YAAY,IAAI,QAAQ,QAAQ,cAAc,IAAI;GAClD;GACA,eAAe,IAAI,QAAQ,QAAQ,iBAAiB,KAAK,KAAK;GAC/D;EACD,MAAM,SAAS,MAAM,KAAK,mBAAmB,iBAAiB;GAC5D;GACA,cAAc,IAAI,QAAQ;GAC1B,OAAO,IAAI,QAAQ;GACnB,eAAe,IAAI,QAAQ;GAC3B,MAAM,IAAI,QAAQ;GAClB;GACA,gBAAgB,QAAQ,IAAI,GAAG,GAAG;GACnC,CAAC;AAEF,MAAI,OAAO,OAAO,MAChB,QAAO;GACL,QAAQ;GACR,OAAO,OAAO;GACf;AAGH,MAAI,KACF;GACE,OAAO,IAAI;GACX,eAAe,OAAO;GACtB,cAAc,IAAI,QAAQ;GAC1B,YAAY,OAAO;GACpB,EACD,iCACD;AAGD,MAAI,EADsB,IAAI,QAAQ,sBAAsB,UAClC,CAAC,KAAK,mBAAmB,oBACjD,QAAO;GACL,QAAQ;GACR,SAAS,wBAAwB,OAAO;GACxC,WAAW,OAAO;GAClB,YAAY,OAAO;GACnB,aAAa;GACb,eAAe,OAAO;GACvB;AAGH,SAAO,KAAK,0BAA0B;GACpC;GACA;GACA,YAAY,OAAO;GACnB,cAAc,OAAO;GACrB;GACD,CAAC;;CAGJ,MAAc,0BAA0B,QAMZ;EAC1B,MAAM,SAAS,0BAA0B,OAAO,IAAI,QAAQ;EAC5D,MAAM,qBAAqB,KAAK,IAAI,GAAG,OAAO,IAAI,cAAc,EAAE;EAClE,IAAI,QAAQ,OAAO;EACnB,IAAI,UAAU;AAEd,SAAO,WAAW,oBAAoB;GACpC,MAAM,aAAa,MAAM,uBAAuB;IAC9C,WAAW,OAAO,KAAK,mBAAoB,oBAAqB,OAAO,SAAS,GAAG;IACnF;IACA,QAAQ,OAAO;IACf,WAAW;IACZ,CAAC;AAEF,OAAI,WAAW,SAAS,UACtB,QAAO;IAAE,QAAQ;IAAW,OAAO;IAAkD;AAGvF,OAAI,WAAW,SAAS,UACtB,QAAO;IACL,QAAQ;IACR,OAAO,gBAAgB,MAAM,yBAAyB,OAAO;IAC7D,SAAS,WAAW,WAAW,4BAA4B,WAAW,SAAS,GAAG,KAAA;IAClF,WAAW,OAAO;IAClB,YAAY,OAAO;IACnB,aAAa;IACb,eAAe;IAChB;GAGH,MAAM,OAAO,WAAW;GACxB,MAAM,UAAU,4BAA4B,KAAK;AAGjD,OAFkB,yBAAyB,KAE9B,EAAE;IACb,MAAM,cAA8B;KAClC,QAAQ;KACR;KACA,WAAW,OAAO;KAClB,YAAY,OAAO;KACnB,aAAa;KACb,eAAe;KAChB;AACD,UAAM,KAAK,0BAA0B,OAAO,KAAK,MAAM,YAAY;AACnE,WAAO;;AAQT,OAAI,EAJF,UAAU,sBACV,KAAK,IAAI,WAAW,YACpB,QAAQ,KAAK,oBAAoB,iBAAiB,EAGlD,QAAO;IACL,QAAQ;IACR;IACA,OAAO;IACP,WAAW,OAAO;IAClB,YAAY,OAAO;IACnB,aAAa;IACb,eAAe;IAChB;GAGH,MAAM,cAAc,MAAM,KAAK,mBAAoB,iBAAkB;IACnE,SAAS,OAAO;IAChB;IACD,CAAC;AACF,OAAI,YAAY,OAAO,MACrB,QAAO;IACL,QAAQ;IACR,OAAO,YAAY;IACnB;IACA,WAAW,OAAO;IAClB,YAAY,OAAO;IACnB,aAAa;IACb,eAAe;IAChB;AAGH,WAAQ,YAAY;AACpB,cAAW;AACX,OAAI,KACF;IAAE,OAAO,OAAO,IAAI;IAAI;IAAS,eAAe;IAAO,EACvD,yCACD;;AAGH,SAAO;GACL,QAAQ;GACR,OAAO;GACP,WAAW,OAAO;GAClB,YAAY,OAAO;GACnB,aAAa;GACb,eAAe;GAChB;;CAGH,MAAc,0BACZ,KACA,MACA,SACe;AACf,MAAI,CAAC,KAAK,WAAY;EACtB,MAAM,WAAW,IAAI;AACrB,MAAI,CAAC,YAAY,SAAS,SAAS,UAAU,SAAS,YAAY,WAAW,CAAC,SAAS,IAAI,MAAM,CAC/F;AAGF,MAAI;GACF,MAAM,OAAO,6BAA6B,KAAK;GAC/C,MAAM,WAAW,MAAM,KAAK,yBAAyB,SAAS,SAAU,SAAS,IAAK,KAAK;AAC3F,SAAM,KAAK,WAAW,gBAAgB,SAAS;AAC/C,OAAI,KACF;IAAE,OAAO,IAAI;IAAI,SAAS,SAAS;IAAS,IAAI,SAAS;IAAS,eAAe,KAAK,IAAI;IAAI,EAC9F,0CACD;WACM,KAAK;GACZ,MAAM,KAAK,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;AAC3D,OAAI,KAAK;IAAE,OAAO,IAAI;IAAI;IAAK,eAAe,KAAK,IAAI;IAAI,EAAE,kCAAkC,KAAK;AACpG,OAAI,QAAQ,WAAW,KACrB,SAAQ,UAAU,GAAG,QAAQ,WAAW,GAAG,qBAAqB,GAAG,GAAG,MAAM;;;;;;CAQlF,MAAc,mBACZ,KACA,QACA,SACyB;EACzB,MAAM,OAAO,mBAAmB,IAAI;AAEpC,MAAI,CAAC,QAAQ,CAAC,KAAK,MAAM,CACvB,QAAO;GAAE,QAAQ;GAAW,OAAO;GAA+C;EAIpF,IAAI;EACJ,IAAI;EACJ,IAAI;AAEJ,MAAI,IAAI,UAAU,YAAY,SAAS;AACrC,aAAU;AACV,QAAK;AACL,mBAAgB;aACP,IAAI,UAAU,WAAW,IAAI,UAAU,IAAI;AAEpD,aAAU,IAAI,SAAS;AACvB,QAAK,IAAI,SAAS;AAClB,mBAAgB;SACX;GAEL,MAAM,QAAQ,KAAK,MAAM,IAAI;GAC7B,MAAM,uBAAuB,MAAM,UAAU;AAG7C,OAAI,oBAAoB,CAAC,WAAW,EAClC,+BAA8B,sBAAsB;GAEtD,MAAM,uBAAuB,oBAAoB,CAAC,KAAK,MAAM,EAAE,GAAG;GAElE,MAAM,qBAAqB,CADJ,GAAG,IAAI,IAAI;IAAC,GAAG;IAAsB;IAAO;IAAW;IAAQ,CAAC,CAC/C,CAAC,SAAS,MAAM,GAAG;AAE3D,OAAI,wBAAwB,oBAAoB;AAC9C,cAAU,MAAM;AAChB,SAAK,MAAM;AACX,oBAAgB,MAAM,MAAM,EAAE,CAAC,KAAK,IAAI;AACxC,QAAI,KACF;KAAE,OAAO,IAAI;KAAI;KAAS;KAAI,YAAY;KAAW,gBAAgB,KAAK;KAAQ,EAClF,oCACD;UACI;AAEL,cAAU;AACV,SAAK;AACL,oBAAgB;AAChB,QAAI,MACF;KAAE,OAAO,IAAI;KAAI,YAAY,MAAM;KAAQ,WAAW,MAAM;KAAI,aAAa,CAAC,CAAC,IAAI;KAAU,EAC7F,yDACD;;;EAKL,MAAM,iBAAiB,IAAI,SAAgB,GAAG,WAAW;AACvD,oBAAiB,uBAAO,IAAI,MAAM,uBAAuB,QAAQ,IAAI,CAAC,EAAE,QAAQ;IAChF;EAGF,MAAM,kBAAkB,YAAY;AAElC,OAAI,OAAO,QACT,OAAM,IAAI,MAAM,kBAAkB;AAGpC,OAAI,YAAY,SAAS;AACvB,QAAI,KACF;KAAE,OAAO,IAAI;KAAI,eAAe,cAAc;KAAQ,EACtD,yDACD;AACD,WAAO;KACL,QAAQ;KACR,SAAS,cAAc,MAAM,GAAG,IAAI;KACrC;;GAGH,MAAM,WAAW,MAAM,KAAK,yBAAyB,SAAS,IAAI,cAAc;AAEhF,SAAM,KAAK,WAAW,gBAAgB,SAAS;AAE/C,OAAI,KACF;IAAE,OAAO,IAAI;IAAI;IAAS,IAAI,SAAS;IAAS,eAAe,cAAc;IAAQ,EACrF,+BACD;AAED,UAAO;IACL,QAAQ;IACR,SAAS,cAAc,MAAM,GAAG,IAAI;IACrC;MACC;AAGJ,SAAO,MAAM,QAAQ,KAAK,CAAC,gBAAgB,eAAe,CAAC;;;;;CAM7D,MAAc,gBACZ,KACA,QACA,SACyB;EACzB,MAAM,UAAU,mBAAmB,IAAI;AAEvC,MAAI,CAAC,WAAW,CAAC,QAAQ,MAAM,CAC7B,QAAO;GAAE,QAAQ;GAAW,OAAO;GAA2C;EAGhF,MAAM,MAAM,IAAI,SAAS,MAAM;EAC/B,MAAM,kBAAkB,KAAK,yBAAyB,IAAA;EACtD,MAAM,aAAa,gBAAgB;GACjC,SAAS,iBAAiB,OAAO,gBAAgB;GACjD,QAAQ;GACR,WAAW;GACX,UAAU;GACV,QAAQ,IAAI;GACb,CAAC;EAGF,MAAM,iBAAiB,IAAI,SAAgB,GAAG,WAAW;AACvD,oBAAiB,uBAAO,IAAI,MAAM,uBAAuB,QAAQ,IAAI,CAAC,EAAE,QAAQ;IAChF;EAGF,MAAM,kBAAkB,YAAY;AAElC,OAAI,OAAO,QACT,OAAM,IAAI,MAAM,kBAAkB;AAGpC,SAAM,KAAK,aAAa,cAAc,6BAA6B,YAAY,IAAI,iBAAiB;GAEpG,MAAM,WAAW,4BAA4B,IAAI;AACjD,OAAI;QAEE,CAAC,MADY,KAAK,aAAa,sBAAsB,YAAY,SAAS,EACrE;AACP,SAAI,KAAK;MAAE,OAAO,IAAI;MAAI;MAAY,OAAO;MAAU,EAAE,8CAA8C;AACvG,WAAM,KAAK,aAAa,gCAAgC,WAAW;;SAGrE,OAAM,KAAK,aAAa,gCAAgC,WAAW;GAGrE,MAAM,WAAW,MAAM,KAAK,aAAa,eAAe,cAAc,SAAS,WAAW;GAE1F,MAAM,QAAQ,KAAK,aAAa,mBAAmB,WAAW;AAE9D,OAAI,KACF;IAAE,OAAO,IAAI;IAAI;IAAY,gBAAgB,SAAS;IAAQ;IAAO,EACrE,4BACD;GAGD,MAAM,WAAW,IAAI;GACrB,MAAM,kBAAkB,UAAU;AAOlC,OALE,YACA,SAAS,SAAS,UAClB,oBAAoB,WACpB,SAAS,IAEQ;AACjB,QAAI,cAAc,UAAA,IAAgC,IAAI,SAAS,MAAM,KAAA,WACnE,QAAO;KACL,QAAQ;KACR,SAAS,SAAS,MAAM,GAAG,IAAI;KAC/B,WAAW;KACX;KACA,aAAa;KACb;KACD;IAEH,MAAM,EAAE,aAAa,oBAAoB,SAAS;IAClD,MAAM,eAAe,YAAY,SAAS,MAAM;IAEhD,MAAM,gBAAgB,mBAAmB;IACzC,MAAM,WAAW,MAAM,KAAK,yBAAyB,eAAe,SAAS,IAAI,aAAa;AAE9F,UAAM,KAAK,WAAW,gBAAgB,SAAS;AAE/C,QAAI,KACF;KAAE,OAAO,IAAI;KAAI,SAAS;KAAe,IAAI,SAAS;KAAS,EAC/D,2BACD;AAED,WAAO;KACL,QAAQ;KACR,SAAS,SAAS,MAAM,GAAG,IAAI;KAC/B,WAAW;KACX;KACA,aAAa;KACb;KACD;;AAIH,UAAO;IACL,QAAQ;IACR,SAAS,SAAS,MAAM,GAAG,IAAI;IAC/B,WAAW;IACX;IACA,aAAa;IACb;IACD;MACC;AAGJ,MAAI;AACF,UAAO,MAAM,QAAQ,KAAK,CAAC,gBAAgB,eAAe,CAAC;YACnD;GACR,MAAM,EAAE,yCAAyC,MAAM,OAAO;AAC9D,SAAM,qCAAqC;IACzC;IACA,QAAQ;IACT,CAAC,CAAC,YAAY,GAAG;;;;;;CAOtB,MAAc,aACZ,KACA,QACA,SACyB;AACzB,SAAO,IAAI,SAAS,SAAS,WAAW;GACtC,MAAM,YAAY,iBAAiB;AACjC,2BAAO,IAAI,MAAM,uBAAuB,QAAQ,IAAI,CAAC;MACpD,QAAQ;GAGX,MAAM,qBAAqB;AACzB,iBAAa,UAAU;AACvB,2BAAO,IAAI,MAAM,kBAAkB,CAAC;;AAEtC,UAAO,iBAAiB,SAAS,aAAa;AAG9C,oBAAiB;AACf,iBAAa,UAAU;AACvB,WAAO,oBAAoB,SAAS,aAAa;AAEjD,QAAI,OAAO,QACT,wBAAO,IAAI,MAAM,kBAAkB,CAAC;QAEpC,SAAQ;KACN,QAAQ;KACR,SAAS,aAAa,mBAAmB,IAAI,CAAC,MAAM,GAAG,IAAI;KAC5D,CAAC;MAEH,IAAI;IACP;;;;;CAMJ,UAAU,OAAwB;EAChC,MAAM,aAAa,KAAK,YAAY,IAAI,MAAM;AAC9C,MAAI,YAAY;AACd,cAAW,OAAO;AAClB,QAAK,YAAY,OAAO,MAAM;AAC9B,UAAO;;AAET,SAAO;;;;;CAMT,WAAW,OAAe,QAAQ,IAAoB;AAEpD,UADgB,KAAK,QAAQ,IAAI,MAAM,IAAI,EAAE,EAC9B,MAAM,CAAC,MAAM;;;;;CAM9B,uBAAuC;EACrC,MAAM,SAAyB,EAAE;AACjC,OAAK,MAAM,CAAC,UAAU,KAAK,aAAa;GACtC,MAAM,UAAU,KAAK,QAAQ,IAAI,MAAM;AACvC,OAAI,SAAS;IACX,MAAM,UAAU,QAAQ,MAAM,MAAM,EAAE,WAAW,UAAU;AAC3D,QAAI,QAAS,QAAO,KAAK,QAAQ;;;AAGrC,SAAO;;;;;CAMT,UAAU,OAAwB;AAChC,SAAO,KAAK,YAAY,IAAI,MAAM;;;;;CAMpC,qBAAqB,OAAuB;EAC1C,MAAM,UAAU,KAAK,QAAQ,IAAI,MAAM,IAAI,EAAE;AAE7C,OAAK,IAAI,IAAI,QAAQ,SAAS,GAAG,KAAK,GAAG,IACvC,KAAI,QAAQ,GAAG,WAAW,WAAW;AACnC,OAAI,QAAQ,GAAG,WAAW,YAAY,QAAQ,GAAG,WAAW,aAAa;IAEvE,IAAI,QAAQ;AACZ,SAAK,IAAI,IAAI,IAAI,GAAG,KAAK,GAAG,IAC1B,KAAI,QAAQ,GAAG,WAAW,YAAY,QAAQ,GAAG,WAAW,YAC1D;QAEA;AAGJ,WAAO,QAAQ;;AAEjB,UAAO;;AAGX,SAAO;;;;;CAMT,iBAAiB,OAAuB;AAEtC,SAAO,eADQ,KAAK,qBAAqB,MACb,CAAC;;;;;CAM/B,eAAe,aAAa,GAAS;EACnC,MAAM,SAAS,KAAK,KAAK,GAAG,aAAa,KAAK,KAAK,KAAK;AAExD,OAAK,MAAM,CAAC,OAAO,eAAe,KAAK,QACrC,MAAK,QAAQ,IACX,OACA,WAAW,QAAQ,MAAM,IAAI,KAAK,EAAE,UAAU,CAAC,SAAS,GAAG,OAAO,CACnE;;CAIL,aAAqB,OAAe,WAA+B;EACjE,MAAM,WAAW,KAAK,QAAQ,IAAI,MAAM,IAAI,EAAE;AAC9C,WAAS,KAAK,UAAU;AAExB,MAAI,SAAS,SAAS,IACpB,UAAS,OAAO;AAElB,OAAK,QAAQ,IAAI,OAAO,SAAS"}

package/dist/src/gateway/hono/app.js CHANGED Viewed

@@ -13,6 +13,7 @@ import { operatorScopes } from "./middleware/scopes.js";
 import { createStrictRateLimitMiddleware } from "./middleware/strict-rate-limit.js";
 import { logContextMiddleware } from "./middleware/log-context.js";
 import { logger } from "./middleware/logger.js";
+import { routeErrorMiddleware } from "./middleware/route-errors.js";
 import { registerPublicExtensionAssetRoutes } from "./routes/auth-registry-extensions.js";
 import { resetLazyRouteBundlesForTests } from "./routes/lazy-fallback.js";
 import { registerAuthenticatedRoutes } from "./routes/index.js";
@@ -26,7 +27,7 @@ import { bodyLimit } from "hono/body-limit";
 import { getConnInfo } from "@hono/node-server/conninfo";
 //#region src/gateway/hono/app.ts
 init_logger();
-const log = createLogger("HonoApp");
+const log = createLogger("Gateway:App");
 /**
 * Extension sandbox HTML under `/api/extensions/:id/assets/*` ships its own CSP
 * (`frame-ancestors 'self'`). The global gateway middleware must not overwrite it
@@ -176,6 +177,7 @@ function createHonoApp(config) {
 	registerPublicGatewayRoutes(app, service);
 	registerPublicExtensionAssetRoutes(app, service);
 	const authenticated = new Hono();
+	authenticated.use(routeErrorMiddleware());
 	authenticated.use(auth({
 		token,
 		getGatewayAuth: () => service.currentConfig.gateway?.auth,
@@ -222,6 +224,7 @@ function createHonoApp(config) {
 	app.onError((err, c) => {
 		log.error({
 			err,
+			phase: "gateway.http.unhandled",
 			path: c.req.path,
 			method: c.req.method,
 			userAgent: c.req.header("user-agent")

package/dist/src/gateway/hono/app.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"app.js","names":[],"sources":["../../../../src/gateway/hono/app.ts"],"sourcesContent":["import { Hono } from 'hono';\nimport type { Context } from 'hono';\nimport { cors } from 'hono/cors';\nimport { createMiddleware } from 'hono/factory';\nimport { bodyLimit } from 'hono/body-limit';\nimport { getConnInfo } from '@hono/node-server/conninfo';\n\nimport { resolveGatewayEffectiveHost } from '../../config/gateway-bind.js';\nimport { createLogger } from '../../utils/logger.js';\nimport type { GatewayService } from '../service.js';\nimport { resolveAllowedBrowserOrigins, resolveGatewayServiceListenPort } from '../host.js';\nimport { loadTunnelState } from '../../tunnel/tunnel-state.js';\nimport { maxWebchatAgentRequestBodyBytes } from '../chat-limits.js';\nimport { buildGatewayConsoleCspHeader } from '../security/csp.js';\nimport { checkBrowserOrigin } from '../security/origin-check.js';\nimport { isLoopbackIpAddress, isTrustedProxyAddress } from '../client-ip.js';\nimport { resolveReverseProxyPublicUrl } from '../public-url.js';\nimport { auth } from './middleware/auth.js';\nimport { operatorScopes } from './middleware/scopes.js';\nimport { createStrictRateLimitMiddleware } from './middleware/strict-rate-limit.js';\nimport { logContextMiddleware } from './middleware/log-context.js';\nimport { logger } from './middleware/logger.js';\nimport { registerPublicExtensionAssetRoutes } from './routes/auth-registry-extensions.js';\nimport { registerAuthenticatedRoutes } from './routes/index.js';\nimport { registerPublicGatewayRoutes } from './routes/public-gateway.js';\nimport { resetLazyRouteBundlesForTests } from './routes/lazy-fallback.js';\nimport { prewarmStaticUiCache } from './lib/static-ui.js';\nimport { registerSiteShareMiddleware } from '../../share/site-share-router.js';\nconst log = createLogger('HonoApp');\n\nexport interface HonoAppConfig {\n service: GatewayService;\n token?: string;\n}\n\n/*\n Extension sandbox HTML under `/api/extensions/:id/assets/` ships its own CSP\n (`frame-ancestors 'self'`). The global gateway middleware must not overwrite it\n * with `frame-ancestors 'none'` / `X-Frame-Options: DENY`, or the console cannot embed iframes.\n /\nexport function isExtensionGatewayUiAssetPath(path: string): boolean {\n return /^\\/api\\/extensions\\/[^/]+\\/assets\\//.test(path);\n}\n\nexport function createHonoApp(config: HonoAppConfig): Hono {\n if (process.env.VITEST) {\n resetLazyRouteBundlesForTests();\n }\n const { service, token } = config;\n const app = new Hono();\n\n const gatewayPort = resolveGatewayServiceListenPort(service);\n\n const resolveBrowserOrigins = (): string[] =>\n resolveAllowedBrowserOrigins({\n configuredOrigins: service.currentConfig.gateway.corsOrigins,\n port: gatewayPort,\n bindHost: resolveGatewayEffectiveHost(service.currentConfig),\n tunnelPublicUrl: loadTunnelState()?.publicUrl,\n reverseProxyPublicUrl: resolveReverseProxyPublicUrl(service.currentConfig),\n });\n\n /\n TCP source for the in-flight request, normalized for trusted-proxy checks.\n * Returns undefined when the runtime doesn't expose conninfo (tests, mocks).\n /\n const resolveRequestRemoteAddress = (c: Context): string \| undefined => {\n try {\n return getConnInfo(c).remote.address;\n } catch {\n return undefined;\n }\n };\n\n /\n A request's TCP source qualifies as a \"trusted proxy hop\" when it's\n * loopback (the user's own machine, where any reverse proxy lives) or\n * listed in `gateway.trustedProxies`. We use this signal to safely\n * auto-allow same-host Origins through CSRF without requiring a manual\n * `corsOrigins` entry for every reverse-proxy hostname.\n /\n const isRequestFromTrustedProxy = (c: Context): boolean => {\n const remote = resolveRequestRemoteAddress(c);\n if (!remote) return false;\n if (isLoopbackIpAddress(remote)) return true;\n return isTrustedProxyAddress(remote, service.currentConfig.gateway?.trustedProxies);\n };\n\n app.use(logContextMiddleware());\n app.use(logger({\n trustedProxies: service.currentConfig.gateway?.trustedProxies,\n allowRealIpFallback: service.currentConfig.gateway?.allowRealIpFallback === true,\n }));\n\n // Site-share middleware runs BEFORE CORS/CSP — it owns the request when the\n // Host header matches `.<publicHostSuffix>` (default `.share.xopc.ai`) or\n // the path starts with `/site/:token/`. Otherwise it falls through.\n registerSiteShareMiddleware(app, service);\n app.use(\n cors({\n origin: (origin) => {\n const allowed = resolveBrowserOrigins();\n if (!origin) {\n return allowed[0] ?? `http://127.0.0.1:${gatewayPort}`;\n }\n const normalized = origin.toLowerCase();\n const hit = allowed.find((entry) => entry.toLowerCase() === normalized);\n if (hit) return origin;\n return allowed.includes('') ? '' : '';\n },\n allowMethods: ['GET', 'POST', 'PATCH', 'DELETE', 'OPTIONS'],\n allowHeaders: ['Content-Type', 'Authorization', 'Accept', 'X-Session-Id', 'Last-Event-ID'],\n credentials: true,\n maxAge: 86400,\n }),\n );\n\n // Build CSP header once at startup (no inline script hashes needed for SPA)\n const gatewayConsoleCsp = buildGatewayConsoleCspHeader();\n\n // Security headers middleware\n app.use(createMiddleware(async (c, next) => {\n await next();\n if (isExtensionGatewayUiAssetPath(c.req.path)) {\n return;\n }\n c.header('X-Frame-Options', 'DENY');\n c.header('X-Content-Type-Options', 'nosniff');\n c.header('Referrer-Policy', 'strict-origin-when-cross-origin');\n c.header('X-XSS-Protection', '1; mode=block');\n // microphone=(self): allow same-origin chat voice (composer). microphone=() breaks packaged Electron loading the gateway SPA.\n c.header('Permissions-Policy', 'camera=(), microphone=(self), geolocation=()');\n c.header('Content-Security-Policy', gatewayConsoleCsp);\n }));\n\n // Browser Origin check middleware for API routes (CSRF protection).\n // Non-browser requests (no Origin header) pass through — they are\n // authenticated by the token middleware instead.\n const allowHostHeaderOriginFallback =\n service.currentConfig.gateway?.dangerouslyAllowHostHeaderOriginFallback === true;\n app.use('/api/', createMiddleware(async (c, next) => {\n // Sandboxed extension iframes (no allow-same-origin) send `Origin: null`.\n // `checkBrowserOrigin` rejects that; these routes rely on CSP instead\n // (`registerPublicExtensionAssetRoutes`).\n if (isExtensionGatewayUiAssetPath(c.req.path)) {\n return next();\n }\n\n const origin = c.req.header('origin');\n if (!origin \|\| origin.trim().toLowerCase() === 'null') {\n // Native apps / opaque origins — authenticated via Bearer token\n return next();\n }\n\n const result = checkBrowserOrigin({\n requestHost: c.req.header('host'),\n origin,\n allowedOrigins: resolveBrowserOrigins(),\n allowHostHeaderOriginFallback,\n autoAllowSameHostFromTrustedProxy: isRequestFromTrustedProxy(c),\n isLocalClient: false,\n });\n\n if (!result.ok) {\n log.warn(\n {\n origin,\n requestHost: c.req.header('host'),\n reason: 'reason' in result ? result.reason : 'unknown',\n path: c.req.path,\n method: c.req.method,\n },\n `Browser origin check failed: ${origin} not in allowed list`,\n );\n return c.json({ error: 'Forbidden', message: 'Origin not allowed' }, 403);\n }\n\n return next();\n }));\n\n app.use('/api/skills/upload', bodyLimit({\n maxSize: 10 * 1024 * 1024,\n onError: (c) => {\n log.warn({ path: c.req.path, maxSizeMb: 10 }, 'Request body too large: skills upload exceeds 10MB limit');\n return c.json({ error: 'Skill package too large', maxSize: '10MB' }, 413);\n },\n }));\n\n const DEFAULT_API_BODY_MAX = 1 * 1024 * 1024;\n const WEBCHAT_AGENT_BODY_MAX = maxWebchatAgentRequestBodyBytes();\n\n app.use('/api/', async (c, next) => {\n const maxSize = c.req.path === '/api/agent' ? WEBCHAT_AGENT_BODY_MAX : DEFAULT_API_BODY_MAX;\n const maxSizeMb = Math.ceil(maxSize / (1024 1024));\n return bodyLimit({\n maxSize,\n onError: (ctx) => {\n log.warn({ path: ctx.req.path, maxSizeMb }, `Request body too large: exceeds ${maxSizeMb}MB limit`);\n return ctx.json({ error: 'Request body too large', maxSize: `${maxSizeMb}MB` }, 413);\n },\n })(c, next);\n });\n\n registerPublicGatewayRoutes(app, service);\n\n // Extension UI assets are served without auth: sandboxed iframes (no allow-same-origin)\n // have an opaque origin of `null` and cannot forward the ?token= from the parent HTML URL.\n // Security is enforced by the strict CSP (frame-ancestors 'self') on every response.\n registerPublicExtensionAssetRoutes(app, service);\n\n const authenticated = new Hono();\n authenticated.use(\n auth({\n token,\n getGatewayAuth: () => service.currentConfig.gateway?.auth,\n getResolvedAuth: () => {\n if (typeof service.getResolvedAuth === 'function') {\n return service.getResolvedAuth();\n }\n return token ? { mode: 'token', token } : { mode: 'none' };\n },\n getTrustedProxyContext: () => ({\n trustedProxies: service.currentConfig.gateway?.trustedProxies,\n allowRealIpFallback: service.currentConfig.gateway?.allowRealIpFallback === true,\n }),\n }),\n );\n authenticated.use(operatorScopes());\n\n const strictRateLimitMiddleware = createStrictRateLimitMiddleware({\n getTrustedProxyContext: () => ({\n trustedProxies: service.currentConfig.gateway?.trustedProxies,\n allowRealIpFallback: service.currentConfig.gateway?.allowRealIpFallback === true,\n }),\n });\n\n const sseConfig = {\n service,\n maxSseConnections: service.currentConfig.gateway.maxSseConnections,\n };\n\n registerAuthenticatedRoutes(app, authenticated, {\n service,\n strictRateLimitMiddleware,\n sseConfig,\n });\n\n const prewarm = prewarmStaticUiCache();\n if (prewarm.loaded > 0) {\n log.debug({ loaded: prewarm.loaded, missing: prewarm.missing }, 'Static UI cache prewarmed');\n }\n\n app.route('/', authenticated);\n\n app.notFound((c) => {\n const isApiRoute = c.req.path.startsWith('/api/');\n const fields = { path: c.req.path, method: c.req.method };\n if (isApiRoute) {\n log.warn(fields, 'Route not found');\n } else {\n log.debug(fields, 'Route not found');\n }\n return c.json({ error: 'Not found' }, 404);\n });\n\n app.onError((err, c) => {\n log.error(\n {\n err,\n path: c.req.path,\n method: c.req.method,\n userAgent: c.req.header('user-agent'),\n },\n `Hono error on ${c.req.method} ${c.req.path}: ${err instanceof Error ? err.message : String(err)}`,\n );\n return c.json({ error: 'Internal server error' }, 500);\n });\n\n return app;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;aAQqD;AAoBrD,MAAM,MAAM,aAAa,UAAU;;;;;;AAYnC,SAAgB,8BAA8B,MAAuB;AACnE,QAAO,sCAAsC,KAAK,KAAK;;AAGzD,SAAgB,cAAc,QAA6B;AACzD,KAAI,QAAQ,IAAI,OACd,gCAA+B;CAEjC,MAAM,EAAE,SAAS,UAAU;CAC3B,MAAM,MAAM,IAAI,MAAM;CAEtB,MAAM,cAAc,gCAAgC,QAAQ;CAE5D,MAAM,8BACJ,6BAA6B;EAC3B,mBAAmB,QAAQ,cAAc,QAAQ;EACjD,MAAM;EACN,UAAU,4BAA4B,QAAQ,cAAc;EAC5D,iBAAiB,iBAAiB,EAAE;EACpC,uBAAuB,6BAA6B,QAAQ,cAAc;EAC3E,CAAC;;;;;CAMJ,MAAM,+BAA+B,MAAmC;AACtE,MAAI;AACF,UAAO,YAAY,EAAE,CAAC,OAAO;UACvB;AACN;;;;;;;;;;CAWJ,MAAM,6BAA6B,MAAwB;EACzD,MAAM,SAAS,4BAA4B,EAAE;AAC7C,MAAI,CAAC,OAAQ,QAAO;AACpB,MAAI,oBAAoB,OAAO,CAAE,QAAO;AACxC,SAAO,sBAAsB,QAAQ,QAAQ,cAAc,SAAS,eAAe;;AAGrF,KAAI,IAAI,sBAAsB,CAAC;AAC/B,KAAI,IAAI,OAAO;EACb,gBAAgB,QAAQ,cAAc,SAAS;EAC/C,qBAAqB,QAAQ,cAAc,SAAS,wBAAwB;EAC7E,CAAC,CAAC;AAKH,6BAA4B,KAAK,QAAQ;AACzC,KAAI,IACF,KAAK;EACH,SAAS,WAAW;GAClB,MAAM,UAAU,uBAAuB;AACvC,OAAI,CAAC,OACH,QAAO,QAAQ,MAAM,oBAAoB;GAE3C,MAAM,aAAa,OAAO,aAAa;AAEvC,OADY,QAAQ,MAAM,UAAU,MAAM,aAAa,KAAK,WACrD,CAAE,QAAO;AAChB,UAAO,QAAQ,SAAS,IAAI,GAAG,MAAM;;EAEvC,cAAc;GAAC;GAAO;GAAQ;GAAS;GAAU;GAAU;EAC3D,cAAc;GAAC;GAAgB;GAAiB;GAAU;GAAgB;GAAgB;EAC1F,aAAa;EACb,QAAQ;EACT,CAAC,CACH;CAGD,MAAM,oBAAoB,8BAA8B;AAGxD,KAAI,IAAI,iBAAiB,OAAO,GAAG,SAAS;AAC1C,QAAM,MAAM;AACZ,MAAI,8BAA8B,EAAE,IAAI,KAAK,CAC3C;AAEF,IAAE,OAAO,mBAAmB,OAAO;AACnC,IAAE,OAAO,0BAA0B,UAAU;AAC7C,IAAE,OAAO,mBAAmB,kCAAkC;AAC9D,IAAE,OAAO,oBAAoB,gBAAgB;AAE7C,IAAE,OAAO,sBAAsB,+CAA+C;AAC9E,IAAE,OAAO,2BAA2B,kBAAkB;GACtD,CAAC;CAKH,MAAM,gCACJ,QAAQ,cAAc,SAAS,6CAA6C;AAC9E,KAAI,IAAI,UAAU,iBAAiB,OAAO,GAAG,SAAS;AAIpD,MAAI,8BAA8B,EAAE,IAAI,KAAK,CAC3C,QAAO,MAAM;EAGf,MAAM,SAAS,EAAE,IAAI,OAAO,SAAS;AACrC,MAAI,CAAC,UAAU,OAAO,MAAM,CAAC,aAAa,KAAK,OAE7C,QAAO,MAAM;EAGf,MAAM,SAAS,mBAAmB;GAChC,aAAa,EAAE,IAAI,OAAO,OAAO;GACjC;GACA,gBAAgB,uBAAuB;GACvC;GACA,mCAAmC,0BAA0B,EAAE;GAC/D,eAAe;GAChB,CAAC;AAEF,MAAI,CAAC,OAAO,IAAI;AACd,OAAI,KACF;IACE;IACA,aAAa,EAAE,IAAI,OAAO,OAAO;IACjC,QAAQ,YAAY,SAAS,OAAO,SAAS;IAC7C,MAAM,EAAE,IAAI;IACZ,QAAQ,EAAE,IAAI;IACf,EACD,gCAAgC,OAAO,sBACxC;AACD,UAAO,EAAE,KAAK;IAAE,OAAO;IAAa,SAAS;IAAsB,EAAE,IAAI;;AAG3E,SAAO,MAAM;GACb,CAAC;AAEH,KAAI,IAAI,sBAAsB,UAAU;EACtC,SAAS,KAAK,OAAO;EACrB,UAAU,MAAM;AACd,OAAI,KAAK;IAAE,MAAM,EAAE,IAAI;IAAM,WAAW;IAAI,EAAE,2DAA2D;AACzG,UAAO,EAAE,KAAK;IAAE,OAAO;IAA2B,SAAS;IAAQ,EAAE,IAAI;;EAE5E,CAAC,CAAC;CAEH,MAAM,uBAAuB,IAAI,OAAO;CACxC,MAAM,yBAAyB,iCAAiC;AAEhE,KAAI,IAAI,UAAU,OAAO,GAAG,SAAS;EACnC,MAAM,UAAU,EAAE,IAAI,SAAS,eAAe,yBAAyB;EACvE,MAAM,YAAY,KAAK,KAAK,WAAW,OAAO,MAAM;AACpD,SAAO,UAAU;GACf;GACA,UAAU,QAAQ;AAChB,QAAI,KAAK;KAAE,MAAM,IAAI,IAAI;KAAM;KAAW,EAAE,mCAAmC,UAAU,UAAU;AACnG,WAAO,IAAI,KAAK;KAAE,OAAO;KAA0B,SAAS,GAAG,UAAU;KAAK,EAAE,IAAI;;GAEvF,CAAC,CAAC,GAAG,KAAK;GACX;AAEF,6BAA4B,KAAK,QAAQ;AAKzC,oCAAmC,KAAK,QAAQ;CAEhD,MAAM,gBAAgB,IAAI,MAAM;AAChC,eAAc,IACZ,KAAK;EACH;EACA,sBAAsB,QAAQ,cAAc,SAAS;EACrD,uBAAuB;AACrB,OAAI,OAAO,QAAQ,oBAAoB,WACrC,QAAO,QAAQ,iBAAiB;AAElC,UAAO,QAAQ;IAAE,MAAM;IAAS;IAAO,GAAG,EAAE,MAAM,QAAQ;;EAE5D,+BAA+B;GAC7B,gBAAgB,QAAQ,cAAc,SAAS;GAC/C,qBAAqB,QAAQ,cAAc,SAAS,wBAAwB;GAC7E;EACF,CAAC,CACH;AACD,eAAc,IAAI,gBAAgB,CAAC;AAcnC,6BAA4B,KAAK,eAAe;EAC9C;EACA,2BAdgC,gCAAgC,EAChE,+BAA+B;GAC7B,gBAAgB,QAAQ,cAAc,SAAS;GAC/C,qBAAqB,QAAQ,cAAc,SAAS,wBAAwB;GAC7E,GACF,CAS0B;EACzB,WAAA;GAPA;GACA,mBAAmB,QAAQ,cAAc,QAAQ;GAMxC;EACV,CAAC;CAEF,MAAM,UAAU,sBAAsB;AACtC,KAAI,QAAQ,SAAS,EACnB,KAAI,MAAM;EAAE,QAAQ,QAAQ;EAAQ,SAAS,QAAQ;EAAS,EAAE,4BAA4B;AAG9F,KAAI,MAAM,KAAK,cAAc;AAE7B,KAAI,UAAU,MAAM;EAClB,MAAM,aAAa,EAAE,IAAI,KAAK,WAAW,QAAQ;EACjD,MAAM,SAAS;GAAE,MAAM,EAAE,IAAI;GAAM,QAAQ,EAAE,IAAI;GAAQ;AACzD,MAAI,WACF,KAAI,KAAK,QAAQ,kBAAkB;MAEnC,KAAI,MAAM,QAAQ,kBAAkB;AAEtC,SAAO,EAAE,KAAK,EAAE,OAAO,aAAa,EAAE,IAAI;GAC1C;AAEF,KAAI,SAAS,KAAK,MAAM;AACtB,MAAI,MACF;GACE;GACA,MAAM,EAAE,IAAI;GACZ,QAAQ,EAAE,IAAI;GACd,WAAW,EAAE,IAAI,OAAO,aAAa;GACtC,EACD,iBAAiB,EAAE,IAAI,OAAO,GAAG,EAAE,IAAI,KAAK,IAAI,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,GACjG;AACD,SAAO,EAAE,KAAK,EAAE,OAAO,yBAAyB,EAAE,IAAI;GACtD;AAEF,QAAO"}
1	+ {"version":3,"file":"app.js","names":[],"sources":["../../../../src/gateway/hono/app.ts"],"sourcesContent":["import { Hono } from 'hono';\nimport type { Context } from 'hono';\nimport { cors } from 'hono/cors';\nimport { createMiddleware } from 'hono/factory';\nimport { bodyLimit } from 'hono/body-limit';\nimport { getConnInfo } from '@hono/node-server/conninfo';\n\nimport { resolveGatewayEffectiveHost } from '../../config/gateway-bind.js';\nimport { createLogger } from '../../utils/logger.js';\nimport type { GatewayService } from '../service.js';\nimport { resolveAllowedBrowserOrigins, resolveGatewayServiceListenPort } from '../host.js';\nimport { loadTunnelState } from '../../tunnel/tunnel-state.js';\nimport { maxWebchatAgentRequestBodyBytes } from '../chat-limits.js';\nimport { buildGatewayConsoleCspHeader } from '../security/csp.js';\nimport { checkBrowserOrigin } from '../security/origin-check.js';\nimport { isLoopbackIpAddress, isTrustedProxyAddress } from '../client-ip.js';\nimport { resolveReverseProxyPublicUrl } from '../public-url.js';\nimport { auth } from './middleware/auth.js';\nimport { operatorScopes } from './middleware/scopes.js';\nimport { createStrictRateLimitMiddleware } from './middleware/strict-rate-limit.js';\nimport { logContextMiddleware } from './middleware/log-context.js';\nimport { logger } from './middleware/logger.js';\nimport { routeErrorMiddleware } from './middleware/route-errors.js';\nimport { registerPublicExtensionAssetRoutes } from './routes/auth-registry-extensions.js';\nimport { registerAuthenticatedRoutes } from './routes/index.js';\nimport { registerPublicGatewayRoutes } from './routes/public-gateway.js';\nimport { resetLazyRouteBundlesForTests } from './routes/lazy-fallback.js';\nimport { prewarmStaticUiCache } from './lib/static-ui.js';\nimport { registerSiteShareMiddleware } from '../../share/site-share-router.js';\nconst log = createLogger('Gateway:App');\n\nexport interface HonoAppConfig {\n service: GatewayService;\n token?: string;\n}\n\n/*\n Extension sandbox HTML under `/api/extensions/:id/assets/` ships its own CSP\n (`frame-ancestors 'self'`). The global gateway middleware must not overwrite it\n * with `frame-ancestors 'none'` / `X-Frame-Options: DENY`, or the console cannot embed iframes.\n /\nexport function isExtensionGatewayUiAssetPath(path: string): boolean {\n return /^\\/api\\/extensions\\/[^/]+\\/assets\\//.test(path);\n}\n\nexport function createHonoApp(config: HonoAppConfig): Hono {\n if (process.env.VITEST) {\n resetLazyRouteBundlesForTests();\n }\n const { service, token } = config;\n const app = new Hono();\n\n const gatewayPort = resolveGatewayServiceListenPort(service);\n\n const resolveBrowserOrigins = (): string[] =>\n resolveAllowedBrowserOrigins({\n configuredOrigins: service.currentConfig.gateway.corsOrigins,\n port: gatewayPort,\n bindHost: resolveGatewayEffectiveHost(service.currentConfig),\n tunnelPublicUrl: loadTunnelState()?.publicUrl,\n reverseProxyPublicUrl: resolveReverseProxyPublicUrl(service.currentConfig),\n });\n\n /\n TCP source for the in-flight request, normalized for trusted-proxy checks.\n * Returns undefined when the runtime doesn't expose conninfo (tests, mocks).\n /\n const resolveRequestRemoteAddress = (c: Context): string \| undefined => {\n try {\n return getConnInfo(c).remote.address;\n } catch {\n return undefined;\n }\n };\n\n /\n A request's TCP source qualifies as a \"trusted proxy hop\" when it's\n * loopback (the user's own machine, where any reverse proxy lives) or\n * listed in `gateway.trustedProxies`. We use this signal to safely\n * auto-allow same-host Origins through CSRF without requiring a manual\n * `corsOrigins` entry for every reverse-proxy hostname.\n /\n const isRequestFromTrustedProxy = (c: Context): boolean => {\n const remote = resolveRequestRemoteAddress(c);\n if (!remote) return false;\n if (isLoopbackIpAddress(remote)) return true;\n return isTrustedProxyAddress(remote, service.currentConfig.gateway?.trustedProxies);\n };\n\n app.use(logContextMiddleware());\n app.use(logger({\n trustedProxies: service.currentConfig.gateway?.trustedProxies,\n allowRealIpFallback: service.currentConfig.gateway?.allowRealIpFallback === true,\n }));\n\n // Site-share middleware runs BEFORE CORS/CSP — it owns the request when the\n // Host header matches `.<publicHostSuffix>` (default `.share.xopc.ai`) or\n // the path starts with `/site/:token/`. Otherwise it falls through.\n registerSiteShareMiddleware(app, service);\n app.use(\n cors({\n origin: (origin) => {\n const allowed = resolveBrowserOrigins();\n if (!origin) {\n return allowed[0] ?? `http://127.0.0.1:${gatewayPort}`;\n }\n const normalized = origin.toLowerCase();\n const hit = allowed.find((entry) => entry.toLowerCase() === normalized);\n if (hit) return origin;\n return allowed.includes('') ? '' : '';\n },\n allowMethods: ['GET', 'POST', 'PATCH', 'DELETE', 'OPTIONS'],\n allowHeaders: ['Content-Type', 'Authorization', 'Accept', 'X-Session-Id', 'Last-Event-ID'],\n credentials: true,\n maxAge: 86400,\n }),\n );\n\n // Build CSP header once at startup (no inline script hashes needed for SPA)\n const gatewayConsoleCsp = buildGatewayConsoleCspHeader();\n\n // Security headers middleware\n app.use(createMiddleware(async (c, next) => {\n await next();\n if (isExtensionGatewayUiAssetPath(c.req.path)) {\n return;\n }\n c.header('X-Frame-Options', 'DENY');\n c.header('X-Content-Type-Options', 'nosniff');\n c.header('Referrer-Policy', 'strict-origin-when-cross-origin');\n c.header('X-XSS-Protection', '1; mode=block');\n // microphone=(self): allow same-origin chat voice (composer). microphone=() breaks packaged Electron loading the gateway SPA.\n c.header('Permissions-Policy', 'camera=(), microphone=(self), geolocation=()');\n c.header('Content-Security-Policy', gatewayConsoleCsp);\n }));\n\n // Browser Origin check middleware for API routes (CSRF protection).\n // Non-browser requests (no Origin header) pass through — they are\n // authenticated by the token middleware instead.\n const allowHostHeaderOriginFallback =\n service.currentConfig.gateway?.dangerouslyAllowHostHeaderOriginFallback === true;\n app.use('/api/', createMiddleware(async (c, next) => {\n // Sandboxed extension iframes (no allow-same-origin) send `Origin: null`.\n // `checkBrowserOrigin` rejects that; these routes rely on CSP instead\n // (`registerPublicExtensionAssetRoutes`).\n if (isExtensionGatewayUiAssetPath(c.req.path)) {\n return next();\n }\n\n const origin = c.req.header('origin');\n if (!origin \|\| origin.trim().toLowerCase() === 'null') {\n // Native apps / opaque origins — authenticated via Bearer token\n return next();\n }\n\n const result = checkBrowserOrigin({\n requestHost: c.req.header('host'),\n origin,\n allowedOrigins: resolveBrowserOrigins(),\n allowHostHeaderOriginFallback,\n autoAllowSameHostFromTrustedProxy: isRequestFromTrustedProxy(c),\n isLocalClient: false,\n });\n\n if (!result.ok) {\n log.warn(\n {\n origin,\n requestHost: c.req.header('host'),\n reason: 'reason' in result ? result.reason : 'unknown',\n path: c.req.path,\n method: c.req.method,\n },\n `Browser origin check failed: ${origin} not in allowed list`,\n );\n return c.json({ error: 'Forbidden', message: 'Origin not allowed' }, 403);\n }\n\n return next();\n }));\n\n app.use('/api/skills/upload', bodyLimit({\n maxSize: 10 * 1024 * 1024,\n onError: (c) => {\n log.warn({ path: c.req.path, maxSizeMb: 10 }, 'Request body too large: skills upload exceeds 10MB limit');\n return c.json({ error: 'Skill package too large', maxSize: '10MB' }, 413);\n },\n }));\n\n const DEFAULT_API_BODY_MAX = 1 * 1024 * 1024;\n const WEBCHAT_AGENT_BODY_MAX = maxWebchatAgentRequestBodyBytes();\n\n app.use('/api/', async (c, next) => {\n const maxSize = c.req.path === '/api/agent' ? WEBCHAT_AGENT_BODY_MAX : DEFAULT_API_BODY_MAX;\n const maxSizeMb = Math.ceil(maxSize / (1024 1024));\n return bodyLimit({\n maxSize,\n onError: (ctx) => {\n log.warn({ path: ctx.req.path, maxSizeMb }, `Request body too large: exceeds ${maxSizeMb}MB limit`);\n return ctx.json({ error: 'Request body too large', maxSize: `${maxSizeMb}MB` }, 413);\n },\n })(c, next);\n });\n\n registerPublicGatewayRoutes(app, service);\n\n // Extension UI assets are served without auth: sandboxed iframes (no allow-same-origin)\n // have an opaque origin of `null` and cannot forward the ?token= from the parent HTML URL.\n // Security is enforced by the strict CSP (frame-ancestors 'self') on every response.\n registerPublicExtensionAssetRoutes(app, service);\n\n const authenticated = new Hono();\n authenticated.use(routeErrorMiddleware());\n authenticated.use(\n auth({\n token,\n getGatewayAuth: () => service.currentConfig.gateway?.auth,\n getResolvedAuth: () => {\n if (typeof service.getResolvedAuth === 'function') {\n return service.getResolvedAuth();\n }\n return token ? { mode: 'token', token } : { mode: 'none' };\n },\n getTrustedProxyContext: () => ({\n trustedProxies: service.currentConfig.gateway?.trustedProxies,\n allowRealIpFallback: service.currentConfig.gateway?.allowRealIpFallback === true,\n }),\n }),\n );\n authenticated.use(operatorScopes());\n\n const strictRateLimitMiddleware = createStrictRateLimitMiddleware({\n getTrustedProxyContext: () => ({\n trustedProxies: service.currentConfig.gateway?.trustedProxies,\n allowRealIpFallback: service.currentConfig.gateway?.allowRealIpFallback === true,\n }),\n });\n\n const sseConfig = {\n service,\n maxSseConnections: service.currentConfig.gateway.maxSseConnections,\n };\n\n registerAuthenticatedRoutes(app, authenticated, {\n service,\n strictRateLimitMiddleware,\n sseConfig,\n });\n\n const prewarm = prewarmStaticUiCache();\n if (prewarm.loaded > 0) {\n log.debug({ loaded: prewarm.loaded, missing: prewarm.missing }, 'Static UI cache prewarmed');\n }\n\n app.route('/', authenticated);\n\n app.notFound((c) => {\n const isApiRoute = c.req.path.startsWith('/api/');\n const fields = { path: c.req.path, method: c.req.method };\n if (isApiRoute) {\n log.warn(fields, 'Route not found');\n } else {\n log.debug(fields, 'Route not found');\n }\n return c.json({ error: 'Not found' }, 404);\n });\n\n app.onError((err, c) => {\n log.error(\n {\n err,\n phase: 'gateway.http.unhandled',\n path: c.req.path,\n method: c.req.method,\n userAgent: c.req.header('user-agent'),\n },\n `Hono error on ${c.req.method} ${c.req.path}: ${err instanceof Error ? err.message : String(err)}`,\n );\n return c.json({ error: 'Internal server error' }, 500);\n });\n\n return app;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;aAQqD;AAqBrD,MAAM,MAAM,aAAa,cAAc;;;;;;AAYvC,SAAgB,8BAA8B,MAAuB;AACnE,QAAO,sCAAsC,KAAK,KAAK;;AAGzD,SAAgB,cAAc,QAA6B;AACzD,KAAI,QAAQ,IAAI,OACd,gCAA+B;CAEjC,MAAM,EAAE,SAAS,UAAU;CAC3B,MAAM,MAAM,IAAI,MAAM;CAEtB,MAAM,cAAc,gCAAgC,QAAQ;CAE5D,MAAM,8BACJ,6BAA6B;EAC3B,mBAAmB,QAAQ,cAAc,QAAQ;EACjD,MAAM;EACN,UAAU,4BAA4B,QAAQ,cAAc;EAC5D,iBAAiB,iBAAiB,EAAE;EACpC,uBAAuB,6BAA6B,QAAQ,cAAc;EAC3E,CAAC;;;;;CAMJ,MAAM,+BAA+B,MAAmC;AACtE,MAAI;AACF,UAAO,YAAY,EAAE,CAAC,OAAO;UACvB;AACN;;;;;;;;;;CAWJ,MAAM,6BAA6B,MAAwB;EACzD,MAAM,SAAS,4BAA4B,EAAE;AAC7C,MAAI,CAAC,OAAQ,QAAO;AACpB,MAAI,oBAAoB,OAAO,CAAE,QAAO;AACxC,SAAO,sBAAsB,QAAQ,QAAQ,cAAc,SAAS,eAAe;;AAGrF,KAAI,IAAI,sBAAsB,CAAC;AAC/B,KAAI,IAAI,OAAO;EACb,gBAAgB,QAAQ,cAAc,SAAS;EAC/C,qBAAqB,QAAQ,cAAc,SAAS,wBAAwB;EAC7E,CAAC,CAAC;AAKH,6BAA4B,KAAK,QAAQ;AACzC,KAAI,IACF,KAAK;EACH,SAAS,WAAW;GAClB,MAAM,UAAU,uBAAuB;AACvC,OAAI,CAAC,OACH,QAAO,QAAQ,MAAM,oBAAoB;GAE3C,MAAM,aAAa,OAAO,aAAa;AAEvC,OADY,QAAQ,MAAM,UAAU,MAAM,aAAa,KAAK,WACrD,CAAE,QAAO;AAChB,UAAO,QAAQ,SAAS,IAAI,GAAG,MAAM;;EAEvC,cAAc;GAAC;GAAO;GAAQ;GAAS;GAAU;GAAU;EAC3D,cAAc;GAAC;GAAgB;GAAiB;GAAU;GAAgB;GAAgB;EAC1F,aAAa;EACb,QAAQ;EACT,CAAC,CACH;CAGD,MAAM,oBAAoB,8BAA8B;AAGxD,KAAI,IAAI,iBAAiB,OAAO,GAAG,SAAS;AAC1C,QAAM,MAAM;AACZ,MAAI,8BAA8B,EAAE,IAAI,KAAK,CAC3C;AAEF,IAAE,OAAO,mBAAmB,OAAO;AACnC,IAAE,OAAO,0BAA0B,UAAU;AAC7C,IAAE,OAAO,mBAAmB,kCAAkC;AAC9D,IAAE,OAAO,oBAAoB,gBAAgB;AAE7C,IAAE,OAAO,sBAAsB,+CAA+C;AAC9E,IAAE,OAAO,2BAA2B,kBAAkB;GACtD,CAAC;CAKH,MAAM,gCACJ,QAAQ,cAAc,SAAS,6CAA6C;AAC9E,KAAI,IAAI,UAAU,iBAAiB,OAAO,GAAG,SAAS;AAIpD,MAAI,8BAA8B,EAAE,IAAI,KAAK,CAC3C,QAAO,MAAM;EAGf,MAAM,SAAS,EAAE,IAAI,OAAO,SAAS;AACrC,MAAI,CAAC,UAAU,OAAO,MAAM,CAAC,aAAa,KAAK,OAE7C,QAAO,MAAM;EAGf,MAAM,SAAS,mBAAmB;GAChC,aAAa,EAAE,IAAI,OAAO,OAAO;GACjC;GACA,gBAAgB,uBAAuB;GACvC;GACA,mCAAmC,0BAA0B,EAAE;GAC/D,eAAe;GAChB,CAAC;AAEF,MAAI,CAAC,OAAO,IAAI;AACd,OAAI,KACF;IACE;IACA,aAAa,EAAE,IAAI,OAAO,OAAO;IACjC,QAAQ,YAAY,SAAS,OAAO,SAAS;IAC7C,MAAM,EAAE,IAAI;IACZ,QAAQ,EAAE,IAAI;IACf,EACD,gCAAgC,OAAO,sBACxC;AACD,UAAO,EAAE,KAAK;IAAE,OAAO;IAAa,SAAS;IAAsB,EAAE,IAAI;;AAG3E,SAAO,MAAM;GACb,CAAC;AAEH,KAAI,IAAI,sBAAsB,UAAU;EACtC,SAAS,KAAK,OAAO;EACrB,UAAU,MAAM;AACd,OAAI,KAAK;IAAE,MAAM,EAAE,IAAI;IAAM,WAAW;IAAI,EAAE,2DAA2D;AACzG,UAAO,EAAE,KAAK;IAAE,OAAO;IAA2B,SAAS;IAAQ,EAAE,IAAI;;EAE5E,CAAC,CAAC;CAEH,MAAM,uBAAuB,IAAI,OAAO;CACxC,MAAM,yBAAyB,iCAAiC;AAEhE,KAAI,IAAI,UAAU,OAAO,GAAG,SAAS;EACnC,MAAM,UAAU,EAAE,IAAI,SAAS,eAAe,yBAAyB;EACvE,MAAM,YAAY,KAAK,KAAK,WAAW,OAAO,MAAM;AACpD,SAAO,UAAU;GACf;GACA,UAAU,QAAQ;AAChB,QAAI,KAAK;KAAE,MAAM,IAAI,IAAI;KAAM;KAAW,EAAE,mCAAmC,UAAU,UAAU;AACnG,WAAO,IAAI,KAAK;KAAE,OAAO;KAA0B,SAAS,GAAG,UAAU;KAAK,EAAE,IAAI;;GAEvF,CAAC,CAAC,GAAG,KAAK;GACX;AAEF,6BAA4B,KAAK,QAAQ;AAKzC,oCAAmC,KAAK,QAAQ;CAEhD,MAAM,gBAAgB,IAAI,MAAM;AAChC,eAAc,IAAI,sBAAsB,CAAC;AACzC,eAAc,IACZ,KAAK;EACH;EACA,sBAAsB,QAAQ,cAAc,SAAS;EACrD,uBAAuB;AACrB,OAAI,OAAO,QAAQ,oBAAoB,WACrC,QAAO,QAAQ,iBAAiB;AAElC,UAAO,QAAQ;IAAE,MAAM;IAAS;IAAO,GAAG,EAAE,MAAM,QAAQ;;EAE5D,+BAA+B;GAC7B,gBAAgB,QAAQ,cAAc,SAAS;GAC/C,qBAAqB,QAAQ,cAAc,SAAS,wBAAwB;GAC7E;EACF,CAAC,CACH;AACD,eAAc,IAAI,gBAAgB,CAAC;AAcnC,6BAA4B,KAAK,eAAe;EAC9C;EACA,2BAdgC,gCAAgC,EAChE,+BAA+B;GAC7B,gBAAgB,QAAQ,cAAc,SAAS;GAC/C,qBAAqB,QAAQ,cAAc,SAAS,wBAAwB;GAC7E,GACF,CAS0B;EACzB,WAAA;GAPA;GACA,mBAAmB,QAAQ,cAAc,QAAQ;GAMxC;EACV,CAAC;CAEF,MAAM,UAAU,sBAAsB;AACtC,KAAI,QAAQ,SAAS,EACnB,KAAI,MAAM;EAAE,QAAQ,QAAQ;EAAQ,SAAS,QAAQ;EAAS,EAAE,4BAA4B;AAG9F,KAAI,MAAM,KAAK,cAAc;AAE7B,KAAI,UAAU,MAAM;EAClB,MAAM,aAAa,EAAE,IAAI,KAAK,WAAW,QAAQ;EACjD,MAAM,SAAS;GAAE,MAAM,EAAE,IAAI;GAAM,QAAQ,EAAE,IAAI;GAAQ;AACzD,MAAI,WACF,KAAI,KAAK,QAAQ,kBAAkB;MAEnC,KAAI,MAAM,QAAQ,kBAAkB;AAEtC,SAAO,EAAE,KAAK,EAAE,OAAO,aAAa,EAAE,IAAI;GAC1C;AAEF,KAAI,SAAS,KAAK,MAAM;AACtB,MAAI,MACF;GACE;GACA,OAAO;GACP,MAAM,EAAE,IAAI;GACZ,QAAQ,EAAE,IAAI;GACd,WAAW,EAAE,IAAI,OAAO,aAAa;GACtC,EACD,iBAAiB,EAAE,IAAI,OAAO,GAAG,EAAE,IAAI,KAAK,IAAI,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,GACjG;AACD,SAAO,EAAE,KAAK,EAAE,OAAO,yBAAyB,EAAE,IAAI;GACtD;AAEF,QAAO"}

package/dist/src/gateway/hono/lib/route-logger.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import type { Context } from 'hono';
+import { type ContextualLogger } from '../../../utils/logger.js';
+/** Stable gateway route logger prefix: `Gateway:<Name>`. */
+export declare function createGatewayRouteLogger(name: string): ContextualLogger;
+export declare function logRouteError(log: ContextualLogger, c: Context, err: unknown, phase: string, extra?: Record<string, unknown>): void;
+export declare function logRouteWarn(log: ContextualLogger, c: Context, message: string, phase: string, extra?: Record<string, unknown>): void;

package/dist/src/gateway/hono/lib/route-logger.js ADDED Viewed

@@ -0,0 +1,31 @@
+import { createLogger } from "../../../utils/logger/index.js";
+import { init_logger } from "../../../utils/logger.js";
+//#region src/gateway/hono/lib/route-logger.ts
+init_logger();
+/** Stable gateway route logger prefix: `Gateway:<Name>`. */
+function createGatewayRouteLogger(name) {
+	return createLogger(`Gateway:${name}`);
+}
+function logRouteError(log, c, err, phase, extra) {
+	const em = err instanceof Error ? err.message : String(err);
+	log.error({
+		err,
+		errorMessage: em,
+		phase,
+		method: c.req.method,
+		path: c.req.path,
+		...extra
+	}, `Route error ${c.req.method} ${c.req.path}: ${em}`);
+}
+function logRouteWarn(log, c, message, phase, extra) {
+	log.warn({
+		phase,
+		method: c.req.method,
+		path: c.req.path,
+		...extra
+	}, message);
+}
+//#endregion
+export { createGatewayRouteLogger, logRouteError, logRouteWarn };
+//# sourceMappingURL=route-logger.js.map

package/dist/src/gateway/hono/lib/route-logger.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"route-logger.js","names":[],"sources":["../../../../../src/gateway/hono/lib/route-logger.ts"],"sourcesContent":["import type { Context } from 'hono';\n\nimport { createLogger, type ContextualLogger } from '../../../utils/logger.js';\n\n/** Stable gateway route logger prefix: `Gateway:<Name>`. */\nexport function createGatewayRouteLogger(name: string): ContextualLogger {\n return createLogger(`Gateway:${name}`);\n}\n\nexport function logRouteError(\n log: ContextualLogger,\n c: Context,\n err: unknown,\n phase: string,\n extra?: Record<string, unknown>,\n): void {\n const em = err instanceof Error ? err.message : String(err);\n log.error(\n {\n err,\n errorMessage: em,\n phase,\n method: c.req.method,\n path: c.req.path,\n ...extra,\n },\n `Route error ${c.req.method} ${c.req.path}: ${em}`,\n );\n}\n\nexport function logRouteWarn(\n log: ContextualLogger,\n c: Context,\n message: string,\n phase: string,\n extra?: Record<string, unknown>,\n): void {\n log.warn(\n {\n phase,\n method: c.req.method,\n path: c.req.path,\n ...extra,\n },\n message,\n );\n}\n"],"mappings":";;;aAE+E;;AAG/E,SAAgB,yBAAyB,MAAgC;AACvE,QAAO,aAAa,WAAW,OAAO;;AAGxC,SAAgB,cACd,KACA,GACA,KACA,OACA,OACM;CACN,MAAM,KAAK,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;AAC3D,KAAI,MACF;EACE;EACA,cAAc;EACd;EACA,QAAQ,EAAE,IAAI;EACd,MAAM,EAAE,IAAI;EACZ,GAAG;EACJ,EACD,eAAe,EAAE,IAAI,OAAO,GAAG,EAAE,IAAI,KAAK,IAAI,KAC/C;;AAGH,SAAgB,aACd,KACA,GACA,SACA,OACA,OACM;AACN,KAAI,KACF;EACE;EACA,QAAQ,EAAE,IAAI;EACd,MAAM,EAAE,IAAI;EACZ,GAAG;EACJ,EACD,QACD"}

package/dist/src/gateway/hono/middleware/auth.js CHANGED Viewed

@@ -1,3 +1,4 @@
+import { logAuthEvent } from "../../../utils/logger/audit.js";
 import { createLogger } from "../../../utils/logger/index.js";
 import { init_logger } from "../../../utils/logger.js";
 import { safeEqualSecret } from "../../security/secret-equal.js";
@@ -12,7 +13,7 @@ import { createMiddleware } from "hono/factory";
 import { getConnInfo } from "@hono/node-server/conninfo";
 //#region src/gateway/hono/middleware/auth.ts
 init_logger();
-const log = createLogger("Hono:Auth");
+const log = createLogger("Gateway:Auth");
 function validateToken(providedToken, expectedToken) {
 	if (!providedToken) return false;
 	return safeEqualSecret(providedToken, expectedToken);
@@ -192,8 +193,14 @@ function auth(config) {
 				path: c.req.path,
 				method: c.req.method,
 				clientIp,
-				reason: "missing_token"
+				reason: "missing_token",
+				phase: "gateway.http.auth"
 			}, "HTTP auth rejected: no Bearer or ?token=");
+			logAuthEvent("auth.failed", {
+				ip: clientIp,
+				result: "denied",
+				reason: "missing_token"
+			});
 			return c.json({
 				error: "Unauthorized",
 				code: "missing_token",
@@ -205,8 +212,14 @@ function auth(config) {
 			path: c.req.path,
 			method: c.req.method,
 			clientIp,
-			reason: "invalid_token"
+			reason: "invalid_token",
+			phase: "gateway.http.auth"
 		}, "HTTP auth rejected: token mismatch");
+		logAuthEvent("auth.failed", {
+			ip: clientIp,
+			result: "failure",
+			reason: "invalid_token"
+		});
 		return c.json({
 			error: "Unauthorized",
 			code: "invalid_token",

package/dist/src/gateway/hono/middleware/auth.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth.js","names":[],"sources":["../../../../../src/gateway/hono/middleware/auth.ts"],"sourcesContent":["import { createMiddleware } from 'hono/factory';\nimport type { Context } from 'hono';\nimport { getConnInfo } from '@hono/node-server/conninfo';\n\nimport type { GatewayAuthConfig } from '../../../config/schema.js';\nimport type { ResolvedGatewayAuth } from '../../auth.js';\nimport { resolveClientIpFromRequest } from '../../client-ip.js';\nimport {\n authPolicyConfig,\n buckets,\n isAuthRateLimitGloballyDisabled,\n resolveAuthRateLimit,\n resolveAuthTracking,\n type ResolvedAuthRateLimitConfig,\n} from '../../rate-limit/index.js';\nimport { getClientIpFromHeaders } from '../../security/loopback.js';\nimport { safeEqualSecret } from '../../security/secret-equal.js';\nimport { authorizeTrustedProxy } from '../../trusted-proxy.js';\nimport { createLogger } from '../../../utils/logger.js';\n\nconst log = createLogger('Hono:Auth');\n\nexport interface AuthConfig {\n token?: string;\n /** Current gateway auth from config (for rate-limit settings); optional. /\n getGatewayAuth?: () => GatewayAuthConfig \| undefined;\n getResolvedAuth?: () => ResolvedGatewayAuth;\n getTrustedProxyContext?: () => {\n trustedProxies?: string[];\n allowRealIpFallback?: boolean;\n };\n}\n\nfunction validateToken(providedToken: string \| undefined, expectedToken: string): boolean {\n if (!providedToken) return false;\n return safeEqualSecret(providedToken, expectedToken);\n}\n\nfunction extractTokenFromHeader(authHeader: string \| null): string \| null {\n if (!authHeader) return null;\n const parts = authHeader.split(' ');\n if (parts.length === 2 && parts[0].toLowerCase() === 'bearer') return parts[1];\n return authHeader;\n}\n\n/\n SECURITY: query-string tokens leak into server logs, Referer headers, and\n * browser history. We accept them only where the `Authorization` header cannot\n * be set — SSE/WebSocket (`EventSource`) and `<img>` subresource loads for agent\n * avatars. Note media uses Bearer-authenticated blob fetch in the gateway console.\n /\nfunction extractTokenFromQuery(url: string): string \| null {\n return new URL(url).searchParams.get('token');\n}\n\nconst QUERY_TOKEN_ALLOWED_PATHS = new Set(['/api/events', '/api/ws']);\n\nconst AGENT_AVATAR_GET_PATH = /^\\/api\\/agents\\/[^/]+\\/avatar$/;\n\n/* Exported for gateway security tests. /\nexport function isQueryTokenAllowedPath(path: string, method: string): boolean {\n if (QUERY_TOKEN_ALLOWED_PATHS.has(path) \|\| path.startsWith('/api/events')) {\n return true;\n }\n if (method === 'GET' && AGENT_AVATAR_GET_PATH.test(path)) {\n return true;\n }\n return false;\n}\n\nfunction resolveRemoteAddress(c: Context): string \| undefined {\n try {\n return getConnInfo(c).remote.address;\n } catch {\n return undefined;\n }\n}\n\nfunction resolveMiddlewareClientIp(\n c: Context,\n trustedProxies?: string[],\n allowRealIpFallback?: boolean,\n): string {\n if (trustedProxies?.length) {\n return resolveClientIpFromRequest({\n remoteAddress: resolveRemoteAddress(c),\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n allowRealIpFallback,\n });\n }\n return getClientIpFromHeaders({\n get: (name: string) => c.req.header(name) ?? undefined,\n });\n}\n\ntype RateLimitContext = {\n active: boolean;\n cfg: ResolvedAuthRateLimitConfig;\n /* `undefined` when the client is exempted (loopback, disabled, etc.). */\n trackingKey: string \| undefined;\n};\n\nfunction buildRateLimitContext(\n getGatewayAuth: AuthConfig['getGatewayAuth'],\n clientIp: string,\n origin: string \| undefined,\n): RateLimitContext {\n const cfg = resolveAuthRateLimit(getGatewayAuth?.()?.rateLimit);\n const active = cfg.enabled && !isAuthRateLimitGloballyDisabled();\n if (!active) return { active: false, cfg, trackingKey: undefined };\n const tracking = resolveAuthTracking({ clientIp, origin, cfg: authPolicyConfig(cfg) });\n return {\n active: true,\n cfg,\n trackingKey: tracking.exempt ? undefined : tracking.key,\n };\n}\n\nfunction checkBlocked(rl: RateLimitContext): { blocked: false } \| { blocked: true; retryAfterSec: number } {\n if (!rl.active \|\| rl.trackingKey === undefined) return { blocked: false };\n return buckets.authFailure(rl.cfg).check(rl.trackingKey);\n}\n\nfunction recordFailure(rl: RateLimitContext): void {\n if (!rl.active \|\| rl.trackingKey === undefined) return;\n buckets.authFailure(rl.cfg).fail(rl.trackingKey);\n}\n\nfunction recordSuccess(rl: RateLimitContext): void {\n if (!rl.active \|\| rl.trackingKey === undefined) return;\n buckets.authFailure(rl.cfg).succeed(rl.trackingKey);\n}\n\nfunction blockedResponse(c: Context, retryAfterSec: number) {\n c.header('Retry-After', String(retryAfterSec));\n return c.json(\n {\n error: 'Too Many Requests',\n code: 'auth_blocked',\n message: 'Too many authentication attempts',\n retryAfter: retryAfterSec,\n },\n 429,\n );\n}\n\nexport function auth(config?: AuthConfig) {\n const { token, getGatewayAuth, getResolvedAuth, getTrustedProxyContext } = config \|\| {};\n\n return createMiddleware(async (c, next) => {\n const resolvedAuth = getResolvedAuth?.();\n const authMode = resolvedAuth?.mode ?? (token ? 'token' : 'none');\n\n if (authMode === 'trusted-proxy') {\n const proxyContext = getTrustedProxyContext?.();\n const trustedProxies = proxyContext?.trustedProxies;\n const trustedProxyConfig = resolvedAuth?.trustedProxy;\n\n const clientIp = resolveMiddlewareClientIp(c, trustedProxies, proxyContext?.allowRealIpFallback);\n const origin = c.req.header('origin');\n const rl = buildRateLimitContext(getGatewayAuth, clientIp, origin);\n\n // Server misconfiguration — not an attack signal. Don't count.\n if (!trustedProxyConfig) {\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'trusted_proxy_config_missing' },\n 'HTTP auth rejected: trusted-proxy config missing',\n );\n return c.json(\n { error: 'Unauthorized', code: 'auth_unconfigured', message: 'Trusted-proxy auth is not configured' },\n 401,\n );\n }\n\n const blocked = checkBlocked(rl);\n if (blocked.blocked) {\n log.warn(\n { clientIp, origin: origin ?? undefined, path: c.req.path, method: c.req.method, retryAfterSec: blocked.retryAfterSec, reason: 'auth_blocked' },\n 'Auth rate limit blocked',\n );\n return blockedResponse(c, blocked.retryAfterSec);\n }\n\n const result = authorizeTrustedProxy({\n remoteAddress: resolveRemoteAddress(c),\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n trustedProxyConfig,\n });\n\n if (result.ok === false) {\n recordFailure(rl);\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: result.reason },\n `HTTP auth rejected: trusted-proxy validation failed (${result.reason})`,\n );\n return c.json(\n { error: 'Unauthorized', code: 'invalid_proxy_credentials', message: 'Trusted-proxy authentication failed' },\n 401,\n );\n }\n\n recordSuccess(rl);\n await next();\n return;\n }\n\n if (authMode === 'none' \|\| !token) {\n return next();\n }\n\n const proxyContext = getTrustedProxyContext?.();\n const clientIp = resolveMiddlewareClientIp(c, proxyContext?.trustedProxies, proxyContext?.allowRealIpFallback);\n const origin = c.req.header('origin');\n const rl = buildRateLimitContext(getGatewayAuth, clientIp, origin);\n\n const authHeader = extractTokenFromHeader(c.req.header('authorization'));\n const requestPath = new URL(c.req.url).pathname;\n const queryToken = isQueryTokenAllowedPath(requestPath, c.req.method)\n ? extractTokenFromQuery(c.req.url)\n : null;\n\n if (!authHeader && queryToken === null && new URL(c.req.url).searchParams.has('token')) {\n log.warn(\n { path: requestPath, method: c.req.method, clientIp },\n 'Token in query string rejected: use Authorization header for this endpoint',\n );\n }\n\n const providedToken = authHeader \|\| queryToken;\n\n if (providedToken && validateToken(providedToken, token)) {\n recordSuccess(rl);\n await next();\n return;\n }\n\n const blocked = checkBlocked(rl);\n if (blocked.blocked) {\n log.warn(\n { clientIp, origin: origin ?? undefined, path: requestPath, method: c.req.method, retryAfterSec: blocked.retryAfterSec, reason: 'auth_blocked' },\n 'Auth rate limit blocked',\n );\n return blockedResponse(c, blocked.retryAfterSec);\n }\n\n // Missing token is an unauthenticated request, not a brute-force signal —\n // page reloads / SDK cold starts often hit endpoints before the token is\n // attached. Counting this would lock users out of the token-entry path.\n if (!providedToken) {\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'missing_token' },\n 'HTTP auth rejected: no Bearer or ?token=',\n );\n return c.json(\n { error: 'Unauthorized', code: 'missing_token', message: 'Missing authentication token' },\n 401,\n );\n }\n\n recordFailure(rl);\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'invalid_token' },\n 'HTTP auth rejected: token mismatch',\n );\n return c.json(\n { error: 'Unauthorized', code: 'invalid_token', message: 'Invalid authentication token' },\n 401,\n );\n });\n}\n"],"mappings":";;;;;;;;;;;;;aAkBwD;AAExD,MAAM,MAAM,aAAa,YAAY;AAarC,SAAS,cAAc,eAAmC,eAAgC;AACxF,KAAI,CAAC,cAAe,QAAO;AAC3B,QAAO,gBAAgB,eAAe,cAAc;;AAGtD,SAAS,uBAAuB,YAA0C;AACxE,KAAI,CAAC,WAAY,QAAO;CACxB,MAAM,QAAQ,WAAW,MAAM,IAAI;AACnC,KAAI,MAAM,WAAW,KAAK,MAAM,GAAG,aAAa,KAAK,SAAU,QAAO,MAAM;AAC5E,QAAO;;;;;;;;AAST,SAAS,sBAAsB,KAA4B;AACzD,QAAO,IAAI,IAAI,IAAI,CAAC,aAAa,IAAI,QAAQ;;AAG/C,MAAM,4BAA4B,IAAI,IAAI,CAAC,eAAe,UAAU,CAAC;AAErE,MAAM,wBAAwB;;AAG9B,SAAgB,wBAAwB,MAAc,QAAyB;AAC7E,KAAI,0BAA0B,IAAI,KAAK,IAAI,KAAK,WAAW,cAAc,CACvE,QAAO;AAET,KAAI,WAAW,SAAS,sBAAsB,KAAK,KAAK,CACtD,QAAO;AAET,QAAO;;AAGT,SAAS,qBAAqB,GAAgC;AAC5D,KAAI;AACF,SAAO,YAAY,EAAE,CAAC,OAAO;SACvB;AACN;;;AAIJ,SAAS,0BACP,GACA,gBACA,qBACQ;AACR,KAAI,gBAAgB,OAClB,QAAO,2BAA2B;EAChC,eAAe,qBAAqB,EAAE;EACtC,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;EACvC;EACA;EACD,CAAC;AAEJ,QAAO,uBAAuB,EAC5B,MAAM,SAAiB,EAAE,IAAI,OAAO,KAAK,IAAI,KAAA,GAC9C,CAAC;;AAUJ,SAAS,sBACP,gBACA,UACA,QACkB;CAClB,MAAM,MAAM,qBAAqB,kBAAkB,EAAE,UAAU;AAE/D,KAAI,EADW,IAAI,WAAW,CAAC,iCAAiC,EACnD,QAAO;EAAE,QAAQ;EAAO;EAAK,aAAa,KAAA;EAAW;CAClE,MAAM,WAAW,oBAAoB;EAAE;EAAU;EAAQ,KAAK,iBAAiB,IAAI;EAAE,CAAC;AACtF,QAAO;EACL,QAAQ;EACR;EACA,aAAa,SAAS,SAAS,KAAA,IAAY,SAAS;EACrD;;AAGH,SAAS,aAAa,IAAqF;AACzG,KAAI,CAAC,GAAG,UAAU,GAAG,gBAAgB,KAAA,EAAW,QAAO,EAAE,SAAS,OAAO;AACzE,QAAO,QAAQ,YAAY,GAAG,IAAI,CAAC,MAAM,GAAG,YAAY;;AAG1D,SAAS,cAAc,IAA4B;AACjD,KAAI,CAAC,GAAG,UAAU,GAAG,gBAAgB,KAAA,EAAW;AAChD,SAAQ,YAAY,GAAG,IAAI,CAAC,KAAK,GAAG,YAAY;;AAGlD,SAAS,cAAc,IAA4B;AACjD,KAAI,CAAC,GAAG,UAAU,GAAG,gBAAgB,KAAA,EAAW;AAChD,SAAQ,YAAY,GAAG,IAAI,CAAC,QAAQ,GAAG,YAAY;;AAGrD,SAAS,gBAAgB,GAAY,eAAuB;AAC1D,GAAE,OAAO,eAAe,OAAO,cAAc,CAAC;AAC9C,QAAO,EAAE,KACP;EACE,OAAO;EACP,MAAM;EACN,SAAS;EACT,YAAY;EACb,EACD,IACD;;AAGH,SAAgB,KAAK,QAAqB;CACxC,MAAM,EAAE,OAAO,gBAAgB,iBAAiB,2BAA2B,UAAU,EAAE;AAEvF,QAAO,iBAAiB,OAAO,GAAG,SAAS;EACzC,MAAM,eAAe,mBAAmB;EACxC,MAAM,WAAW,cAAc,SAAS,QAAQ,UAAU;AAE1D,MAAI,aAAa,iBAAiB;GAChC,MAAM,eAAe,0BAA0B;GAC/C,MAAM,iBAAiB,cAAc;GACrC,MAAM,qBAAqB,cAAc;GAEzC,MAAM,WAAW,0BAA0B,GAAG,gBAAgB,cAAc,oBAAoB;GAChG,MAAM,SAAS,EAAE,IAAI,OAAO,SAAS;GACrC,MAAM,KAAK,sBAAsB,gBAAgB,UAAU,OAAO;AAGlE,OAAI,CAAC,oBAAoB;AACvB,QAAI,KACF;KAAE,MAAM,EAAE,IAAI;KAAM,QAAQ,EAAE,IAAI;KAAQ;KAAU,QAAQ;KAAgC,EAC5F,mDACD;AACD,WAAO,EAAE,KACP;KAAE,OAAO;KAAgB,MAAM;KAAqB,SAAS;KAAwC,EACrG,IACD;;GAGH,MAAM,UAAU,aAAa,GAAG;AAChC,OAAI,QAAQ,SAAS;AACnB,QAAI,KACF;KAAE;KAAU,QAAQ,UAAU,KAAA;KAAW,MAAM,EAAE,IAAI;KAAM,QAAQ,EAAE,IAAI;KAAQ,eAAe,QAAQ;KAAe,QAAQ;KAAgB,EAC/I,0BACD;AACD,WAAO,gBAAgB,GAAG,QAAQ,cAAc;;GAGlD,MAAM,SAAS,sBAAsB;IACnC,eAAe,qBAAqB,EAAE;IACtC,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;IACvC;IACA;IACD,CAAC;AAEF,OAAI,OAAO,OAAO,OAAO;AACvB,kBAAc,GAAG;AACjB,QAAI,KACF;KAAE,MAAM,EAAE,IAAI;KAAM,QAAQ,EAAE,IAAI;KAAQ;KAAU,QAAQ,OAAO;KAAQ,EAC3E,wDAAwD,OAAO,OAAO,GACvE;AACD,WAAO,EAAE,KACP;KAAE,OAAO;KAAgB,MAAM;KAA6B,SAAS;KAAuC,EAC5G,IACD;;AAGH,iBAAc,GAAG;AACjB,SAAM,MAAM;AACZ;;AAGF,MAAI,aAAa,UAAU,CAAC,MAC1B,QAAO,MAAM;EAGf,MAAM,eAAe,0BAA0B;EAC/C,MAAM,WAAW,0BAA0B,GAAG,cAAc,gBAAgB,cAAc,oBAAoB;EAC9G,MAAM,SAAS,EAAE,IAAI,OAAO,SAAS;EACrC,MAAM,KAAK,sBAAsB,gBAAgB,UAAU,OAAO;EAElE,MAAM,aAAa,uBAAuB,EAAE,IAAI,OAAO,gBAAgB,CAAC;EACxE,MAAM,cAAc,IAAI,IAAI,EAAE,IAAI,IAAI,CAAC;EACvC,MAAM,aAAa,wBAAwB,aAAa,EAAE,IAAI,OAAO,GACjE,sBAAsB,EAAE,IAAI,IAAI,GAChC;AAEJ,MAAI,CAAC,cAAc,eAAe,QAAQ,IAAI,IAAI,EAAE,IAAI,IAAI,CAAC,aAAa,IAAI,QAAQ,CACpF,KAAI,KACF;GAAE,MAAM;GAAa,QAAQ,EAAE,IAAI;GAAQ;GAAU,EACrD,6EACD;EAGH,MAAM,gBAAgB,cAAc;AAEpC,MAAI,iBAAiB,cAAc,eAAe,MAAM,EAAE;AACxD,iBAAc,GAAG;AACjB,SAAM,MAAM;AACZ;;EAGF,MAAM,UAAU,aAAa,GAAG;AAChC,MAAI,QAAQ,SAAS;AACnB,OAAI,KACF;IAAE;IAAU,QAAQ,UAAU,KAAA;IAAW,MAAM;IAAa,QAAQ,EAAE,IAAI;IAAQ,eAAe,QAAQ;IAAe,QAAQ;IAAgB,EAChJ,0BACD;AACD,UAAO,gBAAgB,GAAG,QAAQ,cAAc;;AAMlD,MAAI,CAAC,eAAe;AAClB,OAAI,KACF;IAAE,MAAM,EAAE,IAAI;IAAM,QAAQ,EAAE,IAAI;IAAQ;IAAU,QAAQ;IAAiB,EAC7E,2CACD;AACD,UAAO,EAAE,KACP;IAAE,OAAO;IAAgB,MAAM;IAAiB,SAAS;IAAgC,EACzF,IACD;;AAGH,gBAAc,GAAG;AACjB,MAAI,KACF;GAAE,MAAM,EAAE,IAAI;GAAM,QAAQ,EAAE,IAAI;GAAQ;GAAU,QAAQ;GAAiB,EAC7E,qCACD;AACD,SAAO,EAAE,KACP;GAAE,OAAO;GAAgB,MAAM;GAAiB,SAAS;GAAgC,EACzF,IACD;GACD"}
1	+ {"version":3,"file":"auth.js","names":[],"sources":["../../../../../src/gateway/hono/middleware/auth.ts"],"sourcesContent":["import { createMiddleware } from 'hono/factory';\nimport type { Context } from 'hono';\nimport { getConnInfo } from '@hono/node-server/conninfo';\n\nimport type { GatewayAuthConfig } from '../../../config/schema.js';\nimport type { ResolvedGatewayAuth } from '../../auth.js';\nimport { resolveClientIpFromRequest } from '../../client-ip.js';\nimport {\n authPolicyConfig,\n buckets,\n isAuthRateLimitGloballyDisabled,\n resolveAuthRateLimit,\n resolveAuthTracking,\n type ResolvedAuthRateLimitConfig,\n} from '../../rate-limit/index.js';\nimport { getClientIpFromHeaders } from '../../security/loopback.js';\nimport { safeEqualSecret } from '../../security/secret-equal.js';\nimport { authorizeTrustedProxy } from '../../trusted-proxy.js';\nimport { createLogger, logAuthEvent } from '../../../utils/logger.js';\n\nconst log = createLogger('Gateway:Auth');\n\nexport interface AuthConfig {\n token?: string;\n /** Current gateway auth from config (for rate-limit settings); optional. /\n getGatewayAuth?: () => GatewayAuthConfig \| undefined;\n getResolvedAuth?: () => ResolvedGatewayAuth;\n getTrustedProxyContext?: () => {\n trustedProxies?: string[];\n allowRealIpFallback?: boolean;\n };\n}\n\nfunction validateToken(providedToken: string \| undefined, expectedToken: string): boolean {\n if (!providedToken) return false;\n return safeEqualSecret(providedToken, expectedToken);\n}\n\nfunction extractTokenFromHeader(authHeader: string \| null): string \| null {\n if (!authHeader) return null;\n const parts = authHeader.split(' ');\n if (parts.length === 2 && parts[0].toLowerCase() === 'bearer') return parts[1];\n return authHeader;\n}\n\n/\n SECURITY: query-string tokens leak into server logs, Referer headers, and\n * browser history. We accept them only where the `Authorization` header cannot\n * be set — SSE/WebSocket (`EventSource`) and `<img>` subresource loads for agent\n * avatars. Note media uses Bearer-authenticated blob fetch in the gateway console.\n /\nfunction extractTokenFromQuery(url: string): string \| null {\n return new URL(url).searchParams.get('token');\n}\n\nconst QUERY_TOKEN_ALLOWED_PATHS = new Set(['/api/events', '/api/ws']);\n\nconst AGENT_AVATAR_GET_PATH = /^\\/api\\/agents\\/[^/]+\\/avatar$/;\n\n/* Exported for gateway security tests. /\nexport function isQueryTokenAllowedPath(path: string, method: string): boolean {\n if (QUERY_TOKEN_ALLOWED_PATHS.has(path) \|\| path.startsWith('/api/events')) {\n return true;\n }\n if (method === 'GET' && AGENT_AVATAR_GET_PATH.test(path)) {\n return true;\n }\n return false;\n}\n\nfunction resolveRemoteAddress(c: Context): string \| undefined {\n try {\n return getConnInfo(c).remote.address;\n } catch {\n return undefined;\n }\n}\n\nfunction resolveMiddlewareClientIp(\n c: Context,\n trustedProxies?: string[],\n allowRealIpFallback?: boolean,\n): string {\n if (trustedProxies?.length) {\n return resolveClientIpFromRequest({\n remoteAddress: resolveRemoteAddress(c),\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n allowRealIpFallback,\n });\n }\n return getClientIpFromHeaders({\n get: (name: string) => c.req.header(name) ?? undefined,\n });\n}\n\ntype RateLimitContext = {\n active: boolean;\n cfg: ResolvedAuthRateLimitConfig;\n /* `undefined` when the client is exempted (loopback, disabled, etc.). */\n trackingKey: string \| undefined;\n};\n\nfunction buildRateLimitContext(\n getGatewayAuth: AuthConfig['getGatewayAuth'],\n clientIp: string,\n origin: string \| undefined,\n): RateLimitContext {\n const cfg = resolveAuthRateLimit(getGatewayAuth?.()?.rateLimit);\n const active = cfg.enabled && !isAuthRateLimitGloballyDisabled();\n if (!active) return { active: false, cfg, trackingKey: undefined };\n const tracking = resolveAuthTracking({ clientIp, origin, cfg: authPolicyConfig(cfg) });\n return {\n active: true,\n cfg,\n trackingKey: tracking.exempt ? undefined : tracking.key,\n };\n}\n\nfunction checkBlocked(rl: RateLimitContext): { blocked: false } \| { blocked: true; retryAfterSec: number } {\n if (!rl.active \|\| rl.trackingKey === undefined) return { blocked: false };\n return buckets.authFailure(rl.cfg).check(rl.trackingKey);\n}\n\nfunction recordFailure(rl: RateLimitContext): void {\n if (!rl.active \|\| rl.trackingKey === undefined) return;\n buckets.authFailure(rl.cfg).fail(rl.trackingKey);\n}\n\nfunction recordSuccess(rl: RateLimitContext): void {\n if (!rl.active \|\| rl.trackingKey === undefined) return;\n buckets.authFailure(rl.cfg).succeed(rl.trackingKey);\n}\n\nfunction blockedResponse(c: Context, retryAfterSec: number) {\n c.header('Retry-After', String(retryAfterSec));\n return c.json(\n {\n error: 'Too Many Requests',\n code: 'auth_blocked',\n message: 'Too many authentication attempts',\n retryAfter: retryAfterSec,\n },\n 429,\n );\n}\n\nexport function auth(config?: AuthConfig) {\n const { token, getGatewayAuth, getResolvedAuth, getTrustedProxyContext } = config \|\| {};\n\n return createMiddleware(async (c, next) => {\n const resolvedAuth = getResolvedAuth?.();\n const authMode = resolvedAuth?.mode ?? (token ? 'token' : 'none');\n\n if (authMode === 'trusted-proxy') {\n const proxyContext = getTrustedProxyContext?.();\n const trustedProxies = proxyContext?.trustedProxies;\n const trustedProxyConfig = resolvedAuth?.trustedProxy;\n\n const clientIp = resolveMiddlewareClientIp(c, trustedProxies, proxyContext?.allowRealIpFallback);\n const origin = c.req.header('origin');\n const rl = buildRateLimitContext(getGatewayAuth, clientIp, origin);\n\n // Server misconfiguration — not an attack signal. Don't count.\n if (!trustedProxyConfig) {\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'trusted_proxy_config_missing' },\n 'HTTP auth rejected: trusted-proxy config missing',\n );\n return c.json(\n { error: 'Unauthorized', code: 'auth_unconfigured', message: 'Trusted-proxy auth is not configured' },\n 401,\n );\n }\n\n const blocked = checkBlocked(rl);\n if (blocked.blocked) {\n log.warn(\n { clientIp, origin: origin ?? undefined, path: c.req.path, method: c.req.method, retryAfterSec: blocked.retryAfterSec, reason: 'auth_blocked' },\n 'Auth rate limit blocked',\n );\n return blockedResponse(c, blocked.retryAfterSec);\n }\n\n const result = authorizeTrustedProxy({\n remoteAddress: resolveRemoteAddress(c),\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n trustedProxyConfig,\n });\n\n if (result.ok === false) {\n recordFailure(rl);\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: result.reason },\n `HTTP auth rejected: trusted-proxy validation failed (${result.reason})`,\n );\n return c.json(\n { error: 'Unauthorized', code: 'invalid_proxy_credentials', message: 'Trusted-proxy authentication failed' },\n 401,\n );\n }\n\n recordSuccess(rl);\n await next();\n return;\n }\n\n if (authMode === 'none' \|\| !token) {\n return next();\n }\n\n const proxyContext = getTrustedProxyContext?.();\n const clientIp = resolveMiddlewareClientIp(c, proxyContext?.trustedProxies, proxyContext?.allowRealIpFallback);\n const origin = c.req.header('origin');\n const rl = buildRateLimitContext(getGatewayAuth, clientIp, origin);\n\n const authHeader = extractTokenFromHeader(c.req.header('authorization'));\n const requestPath = new URL(c.req.url).pathname;\n const queryToken = isQueryTokenAllowedPath(requestPath, c.req.method)\n ? extractTokenFromQuery(c.req.url)\n : null;\n\n if (!authHeader && queryToken === null && new URL(c.req.url).searchParams.has('token')) {\n log.warn(\n { path: requestPath, method: c.req.method, clientIp },\n 'Token in query string rejected: use Authorization header for this endpoint',\n );\n }\n\n const providedToken = authHeader \|\| queryToken;\n\n if (providedToken && validateToken(providedToken, token)) {\n recordSuccess(rl);\n await next();\n return;\n }\n\n const blocked = checkBlocked(rl);\n if (blocked.blocked) {\n log.warn(\n { clientIp, origin: origin ?? undefined, path: requestPath, method: c.req.method, retryAfterSec: blocked.retryAfterSec, reason: 'auth_blocked' },\n 'Auth rate limit blocked',\n );\n return blockedResponse(c, blocked.retryAfterSec);\n }\n\n // Missing token is an unauthenticated request, not a brute-force signal —\n // page reloads / SDK cold starts often hit endpoints before the token is\n // attached. Counting this would lock users out of the token-entry path.\n if (!providedToken) {\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'missing_token', phase: 'gateway.http.auth' },\n 'HTTP auth rejected: no Bearer or ?token=',\n );\n void logAuthEvent('auth.failed', {\n ip: clientIp,\n result: 'denied',\n reason: 'missing_token',\n });\n return c.json(\n { error: 'Unauthorized', code: 'missing_token', message: 'Missing authentication token' },\n 401,\n );\n }\n\n recordFailure(rl);\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'invalid_token', phase: 'gateway.http.auth' },\n 'HTTP auth rejected: token mismatch',\n );\n void logAuthEvent('auth.failed', {\n ip: clientIp,\n result: 'failure',\n reason: 'invalid_token',\n });\n return c.json(\n { error: 'Unauthorized', code: 'invalid_token', message: 'Invalid authentication token' },\n 401,\n );\n });\n}\n"],"mappings":";;;;;;;;;;;;;;aAkBsE;AAEtE,MAAM,MAAM,aAAa,eAAe;AAaxC,SAAS,cAAc,eAAmC,eAAgC;AACxF,KAAI,CAAC,cAAe,QAAO;AAC3B,QAAO,gBAAgB,eAAe,cAAc;;AAGtD,SAAS,uBAAuB,YAA0C;AACxE,KAAI,CAAC,WAAY,QAAO;CACxB,MAAM,QAAQ,WAAW,MAAM,IAAI;AACnC,KAAI,MAAM,WAAW,KAAK,MAAM,GAAG,aAAa,KAAK,SAAU,QAAO,MAAM;AAC5E,QAAO;;;;;;;;AAST,SAAS,sBAAsB,KAA4B;AACzD,QAAO,IAAI,IAAI,IAAI,CAAC,aAAa,IAAI,QAAQ;;AAG/C,MAAM,4BAA4B,IAAI,IAAI,CAAC,eAAe,UAAU,CAAC;AAErE,MAAM,wBAAwB;;AAG9B,SAAgB,wBAAwB,MAAc,QAAyB;AAC7E,KAAI,0BAA0B,IAAI,KAAK,IAAI,KAAK,WAAW,cAAc,CACvE,QAAO;AAET,KAAI,WAAW,SAAS,sBAAsB,KAAK,KAAK,CACtD,QAAO;AAET,QAAO;;AAGT,SAAS,qBAAqB,GAAgC;AAC5D,KAAI;AACF,SAAO,YAAY,EAAE,CAAC,OAAO;SACvB;AACN;;;AAIJ,SAAS,0BACP,GACA,gBACA,qBACQ;AACR,KAAI,gBAAgB,OAClB,QAAO,2BAA2B;EAChC,eAAe,qBAAqB,EAAE;EACtC,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;EACvC;EACA;EACD,CAAC;AAEJ,QAAO,uBAAuB,EAC5B,MAAM,SAAiB,EAAE,IAAI,OAAO,KAAK,IAAI,KAAA,GAC9C,CAAC;;AAUJ,SAAS,sBACP,gBACA,UACA,QACkB;CAClB,MAAM,MAAM,qBAAqB,kBAAkB,EAAE,UAAU;AAE/D,KAAI,EADW,IAAI,WAAW,CAAC,iCAAiC,EACnD,QAAO;EAAE,QAAQ;EAAO;EAAK,aAAa,KAAA;EAAW;CAClE,MAAM,WAAW,oBAAoB;EAAE;EAAU;EAAQ,KAAK,iBAAiB,IAAI;EAAE,CAAC;AACtF,QAAO;EACL,QAAQ;EACR;EACA,aAAa,SAAS,SAAS,KAAA,IAAY,SAAS;EACrD;;AAGH,SAAS,aAAa,IAAqF;AACzG,KAAI,CAAC,GAAG,UAAU,GAAG,gBAAgB,KAAA,EAAW,QAAO,EAAE,SAAS,OAAO;AACzE,QAAO,QAAQ,YAAY,GAAG,IAAI,CAAC,MAAM,GAAG,YAAY;;AAG1D,SAAS,cAAc,IAA4B;AACjD,KAAI,CAAC,GAAG,UAAU,GAAG,gBAAgB,KAAA,EAAW;AAChD,SAAQ,YAAY,GAAG,IAAI,CAAC,KAAK,GAAG,YAAY;;AAGlD,SAAS,cAAc,IAA4B;AACjD,KAAI,CAAC,GAAG,UAAU,GAAG,gBAAgB,KAAA,EAAW;AAChD,SAAQ,YAAY,GAAG,IAAI,CAAC,QAAQ,GAAG,YAAY;;AAGrD,SAAS,gBAAgB,GAAY,eAAuB;AAC1D,GAAE,OAAO,eAAe,OAAO,cAAc,CAAC;AAC9C,QAAO,EAAE,KACP;EACE,OAAO;EACP,MAAM;EACN,SAAS;EACT,YAAY;EACb,EACD,IACD;;AAGH,SAAgB,KAAK,QAAqB;CACxC,MAAM,EAAE,OAAO,gBAAgB,iBAAiB,2BAA2B,UAAU,EAAE;AAEvF,QAAO,iBAAiB,OAAO,GAAG,SAAS;EACzC,MAAM,eAAe,mBAAmB;EACxC,MAAM,WAAW,cAAc,SAAS,QAAQ,UAAU;AAE1D,MAAI,aAAa,iBAAiB;GAChC,MAAM,eAAe,0BAA0B;GAC/C,MAAM,iBAAiB,cAAc;GACrC,MAAM,qBAAqB,cAAc;GAEzC,MAAM,WAAW,0BAA0B,GAAG,gBAAgB,cAAc,oBAAoB;GAChG,MAAM,SAAS,EAAE,IAAI,OAAO,SAAS;GACrC,MAAM,KAAK,sBAAsB,gBAAgB,UAAU,OAAO;AAGlE,OAAI,CAAC,oBAAoB;AACvB,QAAI,KACF;KAAE,MAAM,EAAE,IAAI;KAAM,QAAQ,EAAE,IAAI;KAAQ;KAAU,QAAQ;KAAgC,EAC5F,mDACD;AACD,WAAO,EAAE,KACP;KAAE,OAAO;KAAgB,MAAM;KAAqB,SAAS;KAAwC,EACrG,IACD;;GAGH,MAAM,UAAU,aAAa,GAAG;AAChC,OAAI,QAAQ,SAAS;AACnB,QAAI,KACF;KAAE;KAAU,QAAQ,UAAU,KAAA;KAAW,MAAM,EAAE,IAAI;KAAM,QAAQ,EAAE,IAAI;KAAQ,eAAe,QAAQ;KAAe,QAAQ;KAAgB,EAC/I,0BACD;AACD,WAAO,gBAAgB,GAAG,QAAQ,cAAc;;GAGlD,MAAM,SAAS,sBAAsB;IACnC,eAAe,qBAAqB,EAAE;IACtC,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;IACvC;IACA;IACD,CAAC;AAEF,OAAI,OAAO,OAAO,OAAO;AACvB,kBAAc,GAAG;AACjB,QAAI,KACF;KAAE,MAAM,EAAE,IAAI;KAAM,QAAQ,EAAE,IAAI;KAAQ;KAAU,QAAQ,OAAO;KAAQ,EAC3E,wDAAwD,OAAO,OAAO,GACvE;AACD,WAAO,EAAE,KACP;KAAE,OAAO;KAAgB,MAAM;KAA6B,SAAS;KAAuC,EAC5G,IACD;;AAGH,iBAAc,GAAG;AACjB,SAAM,MAAM;AACZ;;AAGF,MAAI,aAAa,UAAU,CAAC,MAC1B,QAAO,MAAM;EAGf,MAAM,eAAe,0BAA0B;EAC/C,MAAM,WAAW,0BAA0B,GAAG,cAAc,gBAAgB,cAAc,oBAAoB;EAC9G,MAAM,SAAS,EAAE,IAAI,OAAO,SAAS;EACrC,MAAM,KAAK,sBAAsB,gBAAgB,UAAU,OAAO;EAElE,MAAM,aAAa,uBAAuB,EAAE,IAAI,OAAO,gBAAgB,CAAC;EACxE,MAAM,cAAc,IAAI,IAAI,EAAE,IAAI,IAAI,CAAC;EACvC,MAAM,aAAa,wBAAwB,aAAa,EAAE,IAAI,OAAO,GACjE,sBAAsB,EAAE,IAAI,IAAI,GAChC;AAEJ,MAAI,CAAC,cAAc,eAAe,QAAQ,IAAI,IAAI,EAAE,IAAI,IAAI,CAAC,aAAa,IAAI,QAAQ,CACpF,KAAI,KACF;GAAE,MAAM;GAAa,QAAQ,EAAE,IAAI;GAAQ;GAAU,EACrD,6EACD;EAGH,MAAM,gBAAgB,cAAc;AAEpC,MAAI,iBAAiB,cAAc,eAAe,MAAM,EAAE;AACxD,iBAAc,GAAG;AACjB,SAAM,MAAM;AACZ;;EAGF,MAAM,UAAU,aAAa,GAAG;AAChC,MAAI,QAAQ,SAAS;AACnB,OAAI,KACF;IAAE;IAAU,QAAQ,UAAU,KAAA;IAAW,MAAM;IAAa,QAAQ,EAAE,IAAI;IAAQ,eAAe,QAAQ;IAAe,QAAQ;IAAgB,EAChJ,0BACD;AACD,UAAO,gBAAgB,GAAG,QAAQ,cAAc;;AAMlD,MAAI,CAAC,eAAe;AAClB,OAAI,KACF;IAAE,MAAM,EAAE,IAAI;IAAM,QAAQ,EAAE,IAAI;IAAQ;IAAU,QAAQ;IAAiB,OAAO;IAAqB,EACzG,2CACD;AACI,gBAAa,eAAe;IAC/B,IAAI;IACJ,QAAQ;IACR,QAAQ;IACT,CAAC;AACF,UAAO,EAAE,KACP;IAAE,OAAO;IAAgB,MAAM;IAAiB,SAAS;IAAgC,EACzF,IACD;;AAGH,gBAAc,GAAG;AACjB,MAAI,KACF;GAAE,MAAM,EAAE,IAAI;GAAM,QAAQ,EAAE,IAAI;GAAQ;GAAU,QAAQ;GAAiB,OAAO;GAAqB,EACzG,qCACD;AACI,eAAa,eAAe;GAC/B,IAAI;GACJ,QAAQ;GACR,QAAQ;GACT,CAAC;AACF,SAAO,EAAE,KACP;GAAE,OAAO;GAAgB,MAAM;GAAiB,SAAS;GAAgC,EACzF,IACD;GACD"}

package/dist/src/gateway/hono/middleware/logger.js CHANGED Viewed

@@ -6,7 +6,7 @@ import { createMiddleware } from "hono/factory";
 import { getConnInfo } from "@hono/node-server/conninfo";
 //#region src/gateway/hono/middleware/logger.ts
 init_logger();
-const log = createLogger("Hono:Request");
+const log = createLogger("Gateway:HTTP");
 function resolveRemoteAddress(c) {
 	try {
 		return getConnInfo(c).remote.address;

package/dist/src/gateway/hono/middleware/logger.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"logger.js","names":[],"sources":["../../../../../src/gateway/hono/middleware/logger.ts"],"sourcesContent":["import { createMiddleware } from 'hono/factory';\nimport type { Context } from 'hono';\nimport { getConnInfo } from '@hono/node-server/conninfo';\n\nimport { getClientIpFromHeaders } from '../../security/loopback.js';\nimport { resolveClientIpFromRequest } from '../../client-ip.js';\nimport { createLogger } from '../../../utils/logger.js';\n\nconst log = createLogger('~~Hono~~:~~Request~~');\n\nexport interface LoggerMiddlewareConfig {\n trustedProxies?: string[];\n allowRealIpFallback?: boolean;\n}\n\nfunction resolveRemoteAddress(c: Context): string \| undefined {\n try {\n return getConnInfo(c).remote.address;\n } catch {\n return undefined;\n }\n}\n\nfunction resolveRequestClientIp(c: Context, config?: LoggerMiddlewareConfig): string {\n const trustedProxies = config?.trustedProxies;\n if (trustedProxies?.length) {\n return resolveClientIpFromRequest({\n remoteAddress: resolveRemoteAddress(c),\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n allowRealIpFallback: config?.allowRealIpFallback,\n });\n }\n return getClientIpFromHeaders({\n get: (name) => c.req.header(name) ?? undefined,\n });\n}\n\nexport function logger(config?: LoggerMiddlewareConfig) {\n return createMiddleware(async (c, next) => {\n const start = Date.now();\n\n const clientIp = resolveRequestClientIp(c, config);\n const userAgent = c.req.header('user-agent') ?? undefined;\n const contentLength = c.req.header('content-length');\n const referer = c.req.header('referer') ?? undefined;\n\n await next();\n\n const duration = Date.now() - start;\n const status = c.res.status;\n const isServerError = status >= 500;\n const isClientError = status >= 400 && status < 500;\n const isSlow = duration > 1000;\n\n const logData = {\n method: c.req.method,\n path: c.req.path,\n status,\n durationMs: duration,\n clientIp,\n ...(userAgent ? { userAgent } : {}),\n ...(contentLength ? { contentLength: Number(contentLength) } : {}),\n ...(referer ? { referer } : {}),\n };\n\n const msg = `HTTP ${c.req.method} ${c.req.path} → ${status} (${duration}ms)`;\n\n if (isServerError \|\| isSlow) {\n log.warn(logData, msg);\n } else if (isClientError) {\n // 4xx: info avoids doubling warn noise from auth / rate-limit handlers\n log.info(logData, msg);\n } else {\n log.debug(logData, msg);\n }\n });\n}\n"],"mappings":";;;;;;;aAMwD;AAExD,MAAM,MAAM,aAAa,eAAe;AAOxC,SAAS,qBAAqB,GAAgC;AAC5D,KAAI;AACF,SAAO,YAAY,EAAE,CAAC,OAAO;SACvB;AACN;;;AAIJ,SAAS,uBAAuB,GAAY,QAAyC;CACnF,MAAM,iBAAiB,QAAQ;AAC/B,KAAI,gBAAgB,OAClB,QAAO,2BAA2B;EAChC,eAAe,qBAAqB,EAAE;EACtC,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;EACvC;EACA,qBAAqB,QAAQ;EAC9B,CAAC;AAEJ,QAAO,uBAAuB,EAC5B,MAAM,SAAS,EAAE,IAAI,OAAO,KAAK,IAAI,KAAA,GACtC,CAAC;;AAGJ,SAAgB,OAAO,QAAiC;AACtD,QAAO,iBAAiB,OAAO,GAAG,SAAS;EACzC,MAAM,QAAQ,KAAK,KAAK;EAExB,MAAM,WAAW,uBAAuB,GAAG,OAAO;EAClD,MAAM,YAAY,EAAE,IAAI,OAAO,aAAa,IAAI,KAAA;EAChD,MAAM,gBAAgB,EAAE,IAAI,OAAO,iBAAiB;EACpD,MAAM,UAAU,EAAE,IAAI,OAAO,UAAU,IAAI,KAAA;AAE3C,QAAM,MAAM;EAEZ,MAAM,WAAW,KAAK,KAAK,GAAG;EAC9B,MAAM,SAAS,EAAE,IAAI;EACrB,MAAM,gBAAgB,UAAU;EAChC,MAAM,gBAAgB,UAAU,OAAO,SAAS;EAChD,MAAM,SAAS,WAAW;EAE1B,MAAM,UAAU;GACd,QAAQ,EAAE,IAAI;GACd,MAAM,EAAE,IAAI;GACZ;GACA,YAAY;GACZ;GACA,GAAI,YAAY,EAAE,WAAW,GAAG,EAAE;GAClC,GAAI,gBAAgB,EAAE,eAAe,OAAO,cAAc,EAAE,GAAG,EAAE;GACjE,GAAI,UAAU,EAAE,SAAS,GAAG,EAAE;GAC/B;EAED,MAAM,MAAM,QAAQ,EAAE,IAAI,OAAO,GAAG,EAAE,IAAI,KAAK,KAAK,OAAO,IAAI,SAAS;AAExE,MAAI,iBAAiB,OACnB,KAAI,KAAK,SAAS,IAAI;WACb,cAET,KAAI,KAAK,SAAS,IAAI;MAEtB,KAAI,MAAM,SAAS,IAAI;GAEzB"}
1	+ {"version":3,"file":"logger.js","names":[],"sources":["../../../../../src/gateway/hono/middleware/logger.ts"],"sourcesContent":["import { createMiddleware } from 'hono/factory';\nimport type { Context } from 'hono';\nimport { getConnInfo } from '@hono/node-server/conninfo';\n\nimport { getClientIpFromHeaders } from '../../security/loopback.js';\nimport { resolveClientIpFromRequest } from '../../client-ip.js';\nimport { createLogger } from '../../../utils/logger.js';\n\nconst log = createLogger('Gateway:HTTP');\n\nexport interface LoggerMiddlewareConfig {\n trustedProxies?: string[];\n allowRealIpFallback?: boolean;\n}\n\nfunction resolveRemoteAddress(c: Context): string \| undefined {\n try {\n return getConnInfo(c).remote.address;\n } catch {\n return undefined;\n }\n}\n\nfunction resolveRequestClientIp(c: Context, config?: LoggerMiddlewareConfig): string {\n const trustedProxies = config?.trustedProxies;\n if (trustedProxies?.length) {\n return resolveClientIpFromRequest({\n remoteAddress: resolveRemoteAddress(c),\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n allowRealIpFallback: config?.allowRealIpFallback,\n });\n }\n return getClientIpFromHeaders({\n get: (name) => c.req.header(name) ?? undefined,\n });\n}\n\nexport function logger(config?: LoggerMiddlewareConfig) {\n return createMiddleware(async (c, next) => {\n const start = Date.now();\n\n const clientIp = resolveRequestClientIp(c, config);\n const userAgent = c.req.header('user-agent') ?? undefined;\n const contentLength = c.req.header('content-length');\n const referer = c.req.header('referer') ?? undefined;\n\n await next();\n\n const duration = Date.now() - start;\n const status = c.res.status;\n const isServerError = status >= 500;\n const isClientError = status >= 400 && status < 500;\n const isSlow = duration > 1000;\n\n const logData = {\n method: c.req.method,\n path: c.req.path,\n status,\n durationMs: duration,\n clientIp,\n ...(userAgent ? { userAgent } : {}),\n ...(contentLength ? { contentLength: Number(contentLength) } : {}),\n ...(referer ? { referer } : {}),\n };\n\n const msg = `HTTP ${c.req.method} ${c.req.path} → ${status} (${duration}ms)`;\n\n if (isServerError \|\| isSlow) {\n log.warn(logData, msg);\n } else if (isClientError) {\n // 4xx: info avoids doubling warn noise from auth / rate-limit handlers\n log.info(logData, msg);\n } else {\n log.debug(logData, msg);\n }\n });\n}\n"],"mappings":";;;;;;;aAMwD;AAExD,MAAM,MAAM,aAAa,eAAe;AAOxC,SAAS,qBAAqB,GAAgC;AAC5D,KAAI;AACF,SAAO,YAAY,EAAE,CAAC,OAAO;SACvB;AACN;;;AAIJ,SAAS,uBAAuB,GAAY,QAAyC;CACnF,MAAM,iBAAiB,QAAQ;AAC/B,KAAI,gBAAgB,OAClB,QAAO,2BAA2B;EAChC,eAAe,qBAAqB,EAAE;EACtC,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;EACvC;EACA,qBAAqB,QAAQ;EAC9B,CAAC;AAEJ,QAAO,uBAAuB,EAC5B,MAAM,SAAS,EAAE,IAAI,OAAO,KAAK,IAAI,KAAA,GACtC,CAAC;;AAGJ,SAAgB,OAAO,QAAiC;AACtD,QAAO,iBAAiB,OAAO,GAAG,SAAS;EACzC,MAAM,QAAQ,KAAK,KAAK;EAExB,MAAM,WAAW,uBAAuB,GAAG,OAAO;EAClD,MAAM,YAAY,EAAE,IAAI,OAAO,aAAa,IAAI,KAAA;EAChD,MAAM,gBAAgB,EAAE,IAAI,OAAO,iBAAiB;EACpD,MAAM,UAAU,EAAE,IAAI,OAAO,UAAU,IAAI,KAAA;AAE3C,QAAM,MAAM;EAEZ,MAAM,WAAW,KAAK,KAAK,GAAG;EAC9B,MAAM,SAAS,EAAE,IAAI;EACrB,MAAM,gBAAgB,UAAU;EAChC,MAAM,gBAAgB,UAAU,OAAO,SAAS;EAChD,MAAM,SAAS,WAAW;EAE1B,MAAM,UAAU;GACd,QAAQ,EAAE,IAAI;GACd,MAAM,EAAE,IAAI;GACZ;GACA,YAAY;GACZ;GACA,GAAI,YAAY,EAAE,WAAW,GAAG,EAAE;GAClC,GAAI,gBAAgB,EAAE,eAAe,OAAO,cAAc,EAAE,GAAG,EAAE;GACjE,GAAI,UAAU,EAAE,SAAS,GAAG,EAAE;GAC/B;EAED,MAAM,MAAM,QAAQ,EAAE,IAAI,OAAO,GAAG,EAAE,IAAI,KAAK,KAAK,OAAO,IAAI,SAAS;AAExE,MAAI,iBAAiB,OACnB,KAAI,KAAK,SAAS,IAAI;WACb,cAET,KAAI,KAAK,SAAS,IAAI;MAEtB,KAAI,MAAM,SAAS,IAAI;GAEzB"}

package/dist/src/gateway/hono/middleware/route-errors.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import type { Context } from 'hono';
+export declare function routeErrorMiddleware(): import("hono/dist/types/types.js").MiddlewareHandler<any, string, {}, Response>;
+export declare function registerGatewayOnError(app: {
+    onError: (handler: (err: Error, c: Context) => Response | Promise<Response>) => void;
+}): void;

package/dist/src/gateway/hono/middleware/route-errors.js ADDED Viewed

@@ -0,0 +1,27 @@
+import { createGatewayRouteLogger, logRouteError } from "../lib/route-logger.js";
+import { createMiddleware } from "hono/factory";
+//#region src/gateway/hono/middleware/route-errors.ts
+const log = createGatewayRouteLogger("Routes");
+function routeErrorMiddleware() {
+	return createMiddleware(async (c, next) => {
+		try {
+			await next();
+		} catch (err) {
+			logRouteError(log, c, err, "gateway.http.route");
+			throw err;
+		}
+	});
+}
+function registerGatewayOnError(app) {
+	app.onError((err, c) => {
+		logRouteError(log, c, err, "gateway.http.unhandled");
+		return c.json({
+			error: "Internal Server Error",
+			message: err instanceof Error ? err.message : "Unknown error"
+		}, 500);
+	});
+}
+//#endregion
+export { registerGatewayOnError, routeErrorMiddleware };
+//# sourceMappingURL=route-errors.js.map

package/dist/src/gateway/hono/middleware/route-errors.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"route-errors.js","names":[],"sources":["../../../../../src/gateway/hono/middleware/route-errors.ts"],"sourcesContent":["import { createMiddleware } from 'hono/factory';\nimport type { Context } from 'hono';\n\nimport { createGatewayRouteLogger, logRouteError } from '../lib/route-logger.js';\n\nconst log = createGatewayRouteLogger('Routes');\n\nexport function routeErrorMiddleware() {\n return createMiddleware(async (c, next) => {\n try {\n await next();\n } catch (err) {\n logRouteError(log, c, err, 'gateway.http.route');\n throw err;\n }\n });\n}\n\nexport function registerGatewayOnError(app: { onError: (handler: (err: Error, c: Context) => Response | Promise<Response>) => void }) {\n app.onError((err, c) => {\n logRouteError(log, c, err, 'gateway.http.unhandled');\n return c.json(\n {\n error: 'Internal Server Error',\n message: err instanceof Error ? err.message : 'Unknown error',\n },\n 500,\n );\n });\n}\n"],"mappings":";;;AAKA,MAAM,MAAM,yBAAyB,SAAS;AAE9C,SAAgB,uBAAuB;AACrC,QAAO,iBAAiB,OAAO,GAAG,SAAS;AACzC,MAAI;AACF,SAAM,MAAM;WACL,KAAK;AACZ,iBAAc,KAAK,GAAG,KAAK,qBAAqB;AAChD,SAAM;;GAER;;AAGJ,SAAgB,uBAAuB,KAA+F;AACpI,KAAI,SAAS,KAAK,MAAM;AACtB,gBAAc,KAAK,GAAG,KAAK,yBAAyB;AACpD,SAAO,EAAE,KACP;GACE,OAAO;GACP,SAAS,eAAe,QAAQ,IAAI,UAAU;GAC/C,EACD,IACD;GACD"}

package/dist/src/gateway/hono/routes/agent-stream.js CHANGED Viewed

@@ -1,5 +1,7 @@
+import { createGatewayRouteLogger, logRouteWarn } from "../lib/route-logger.js";
 import { createAgentResumeHandler, createAgentSSEHandler, createEventsSSEHandler, createSendHandler } from "../sse.js";
 //#region src/gateway/hono/routes/agent-stream.ts
+const log = createGatewayRouteLogger("AgentStream");
 function registerAgentStreamRoutes(authenticated, deps) {
 	const { service, strictRateLimitMiddleware, sseConfig } = deps;
 	authenticated.post("/api/agent", strictRateLimitMiddleware, createAgentSSEHandler(sseConfig));
@@ -40,6 +42,10 @@ function registerAgentStreamRoutes(authenticated, deps) {
 		}, 400);
 		const result = await service.steerWebchatAgent(chatId, message);
 		if (result.ok === false) {
+			logRouteWarn(log, c, `Agent steer failed: ${result.code}`, "gateway.route.agent", {
+				chatId,
+				code: result.code
+			});
 			const code = result.code;
 			const status = code === "BAD_REQUEST" ? 400 : code === "NO_ACTIVE_RUN" ? 409 : 500;
 			const msg = code === "NO_ACTIVE_RUN" ? "No active agent run for this chat" : code === "STEER_FAILED" ? "Steer failed" : "Message required";

package/dist/src/gateway/hono/routes/agent-stream.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"agent-stream.js","names":[],"sources":["../../../../../src/gateway/hono/routes/agent-stream.ts"],"sourcesContent":["import type { Hono } from 'hono';\n\nimport {\n createAgentResumeHandler,\n createAgentSSEHandler,\n createEventsSSEHandler,\n createSendHandler,\n} from '../sse.js';\nimport type { AuthenticatedRouteDeps } from './deps.js';\n\nexport function registerAgentStreamRoutes(authenticated: Hono, deps: AuthenticatedRouteDeps): void {\n const { service, strictRateLimitMiddleware, sseConfig } = deps;\n\n authenticated.post('/api/agent', strictRateLimitMiddleware, createAgentSSEHandler(sseConfig));\n\n authenticated.post('/api/agent/resume', strictRateLimitMiddleware, createAgentResumeHandler(sseConfig));\n\n authenticated.post('/api/agent/abort', strictRateLimitMiddleware, async (c) => {\n const body = await c.req.json().catch(() => null);\n const runId =\n body && typeof body === 'object' && typeof (body as { runId?: unknown }).runId === 'string'\n ? (body as { runId: string }).runId.trim()\n : '';\n if (!runId) {\n return c.json(\n { ok: false, error: { code: 'BAD_REQUEST', message: 'Missing runId' } },\n 400,\n );\n }\n const aborted = service.abortAgentRun(runId);\n return c.json({ ok: true, payload: { aborted } });\n });\n\n authenticated.post('/api/agent/steer', strictRateLimitMiddleware, async (c) => {\n const body = await c.req.json().catch(() => null);\n if (!body \|\| typeof body !== 'object') {\n return c.json(\n { ok: false, error: { code: 'BAD_REQUEST', message: 'Invalid JSON body' } },\n 400,\n );\n }\n const chatId =\n typeof (body as { chatId?: unknown }).chatId === 'string'\n ? (body as { chatId: string }).chatId.trim()\n : '';\n const message =\n typeof (body as { message?: unknown }).message === 'string'\n ? (body as { message: string }).message\n : '';\n if (!chatId) {\n return c.json(\n { ok: false, error: { code: 'BAD_REQUEST', message: 'Missing chatId' } },\n 400,\n );\n }\n const result = await service.steerWebchatAgent(chatId, message);\n if (result.ok === false) {\n const code = result.code;\n const status = code === 'BAD_REQUEST' ? 400 : code === 'NO_ACTIVE_RUN' ? 409 : 500;\n const msg =\n code === 'NO_ACTIVE_RUN'\n ? 'No active agent run for this chat'\n : code === 'STEER_FAILED'\n ? 'Steer failed'\n : 'Message required';\n return c.json({ ok: false, error: { code, message: msg } }, status);\n }\n return c.json({ ok: true, payload: { steered: true } });\n });\n\n authenticated.post('/api/clarify/:requestId', strictRateLimitMiddleware, async (c) => {\n const requestId = c.req.param('requestId')?.trim() ?? '';\n if (!requestId) {\n return c.json(\n { ok: false, error: { code: 'BAD_REQUEST', message: 'Missing requestId' } },\n 400,\n );\n }\n const body = await c.req.json().catch(() => null);\n const skip =\n body &&\n typeof body === 'object' &&\n (body as { skip?: unknown }).skip === true;\n const rawAnswer =\n body && typeof body === 'object' && typeof (body as { answer?: unknown }).answer === 'string'\n ? (body as { answer: string }).answer\n : '';\n const answer = typeof rawAnswer === 'string' ? rawAnswer.trim() : '';\n if (!skip && !answer) {\n return c.json(\n { ok: false, error: { code: 'BAD_REQUEST', message: 'Missing answer field' } },\n 400,\n );\n }\n const handled = service.submitClarifyResponse(requestId, skip ? '' : answer);\n if (!handled) {\n return c.json(\n { ok: false, error: { code: 'NOT_FOUND', message: 'No pending clarification with this ID' } },\n 404,\n );\n }\n return c.json({ ok: true, payload: { received: true } });\n });\n\n authenticated.post('/api/send', strictRateLimitMiddleware, createSendHandler(sseConfig));\n\n authenticated.get('/api/events', createEventsSSEHandler(sseConfig));\n}\n"],"mappings":"~~;;AAUA~~,SAAgB,0BAA0B,eAAqB,MAAoC;CACjG,MAAM,EAAE,SAAS,2BAA2B,cAAc;AAE1D,eAAc,KAAK,cAAc,2BAA2B,sBAAsB,UAAU,CAAC;AAE7F,eAAc,KAAK,qBAAqB,2BAA2B,yBAAyB,UAAU,CAAC;AAEvG,eAAc,KAAK,oBAAoB,2BAA2B,OAAO,MAAM;EAC7E,MAAM,OAAO,MAAM,EAAE,IAAI,MAAM,CAAC,YAAY,KAAK;EACjD,MAAM,QACJ,QAAQ,OAAO,SAAS,YAAY,OAAQ,KAA6B,UAAU,WAC9E,KAA2B,MAAM,MAAM,GACxC;AACN,MAAI,CAAC,MACH,QAAO,EAAE,KACP;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAiB;GAAE,EACvE,IACD;EAEH,MAAM,UAAU,QAAQ,cAAc,MAAM;AAC5C,SAAO,EAAE,KAAK;GAAE,IAAI;GAAM,SAAS,EAAE,SAAS;GAAE,CAAC;GACjD;AAEF,eAAc,KAAK,oBAAoB,2BAA2B,OAAO,MAAM;EAC7E,MAAM,OAAO,MAAM,EAAE,IAAI,MAAM,CAAC,YAAY,KAAK;AACjD,MAAI,CAAC,QAAQ,OAAO,SAAS,SAC3B,QAAO,EAAE,KACP;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAqB;GAAE,EAC3E,IACD;EAEH,MAAM,SACJ,OAAQ,KAA8B,WAAW,WAC5C,KAA4B,OAAO,MAAM,GAC1C;EACN,MAAM,UACJ,OAAQ,KAA+B,YAAY,WAC9C,KAA6B,UAC9B;AACN,MAAI,CAAC,OACH,QAAO,EAAE,KACP;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAkB;GAAE,EACxE,IACD;EAEH,MAAM,SAAS,MAAM,QAAQ,kBAAkB,QAAQ,QAAQ;AAC/D,MAAI,OAAO,OAAO,OAAO;~~GACvB~~,MAAM,OAAO,OAAO;GACpB,MAAM,SAAS,SAAS,gBAAgB,MAAM,SAAS,kBAAkB,MAAM;GAC/E,MAAM,MACJ,SAAS,kBACL,sCACA,SAAS,iBACP,iBACA;AACR,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO;KAAE;KAAM,SAAS;KAAK;IAAE,EAAE,OAAO;;AAErE,SAAO,EAAE,KAAK;GAAE,IAAI;GAAM,SAAS,EAAE,SAAS,MAAM;GAAE,CAAC;GACvD;AAEF,eAAc,KAAK,2BAA2B,2BAA2B,OAAO,MAAM;EACpF,MAAM,YAAY,EAAE,IAAI,MAAM,YAAY,EAAE,MAAM,IAAI;AACtD,MAAI,CAAC,UACH,QAAO,EAAE,KACP;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAqB;GAAE,EAC3E,IACD;EAEH,MAAM,OAAO,MAAM,EAAE,IAAI,MAAM,CAAC,YAAY,KAAK;EACjD,MAAM,OACJ,QACA,OAAO,SAAS,YACf,KAA4B,SAAS;EACxC,MAAM,YACJ,QAAQ,OAAO,SAAS,YAAY,OAAQ,KAA8B,WAAW,WAChF,KAA4B,SAC7B;EACN,MAAM,SAAS,OAAO,cAAc,WAAW,UAAU,MAAM,GAAG;AAClE,MAAI,CAAC,QAAQ,CAAC,OACZ,QAAO,EAAE,KACP;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAwB;GAAE,EAC9E,IACD;AAGH,MAAI,CADY,QAAQ,sBAAsB,WAAW,OAAO,KAAK,OACzD,CACV,QAAO,EAAE,KACP;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAa,SAAS;IAAyC;GAAE,EAC7F,IACD;AAEH,SAAO,EAAE,KAAK;GAAE,IAAI;GAAM,SAAS,EAAE,UAAU,MAAM;GAAE,CAAC;GACxD;AAEF,eAAc,KAAK,aAAa,2BAA2B,kBAAkB,UAAU,CAAC;AAExF,eAAc,IAAI,eAAe,uBAAuB,UAAU,CAAC"}
1	+ {"version":3,"file":"agent-stream.js","names":[],"sources":["../../../../../src/gateway/hono/routes/agent-stream.ts"],"sourcesContent":["import type { Hono } from 'hono';\n\nimport {\n createAgentResumeHandler,\n createAgentSSEHandler,\n createEventsSSEHandler,\n createSendHandler,\n} from '../sse.js';\nimport type { AuthenticatedRouteDeps } from './deps.js';\nimport { createGatewayRouteLogger, logRouteWarn } from '../lib/route-logger.js';\n\nconst log = createGatewayRouteLogger('AgentStream');\n\nexport function registerAgentStreamRoutes(authenticated: Hono, deps: AuthenticatedRouteDeps): void {\n const { service, strictRateLimitMiddleware, sseConfig } = deps;\n\n authenticated.post('/api/agent', strictRateLimitMiddleware, createAgentSSEHandler(sseConfig));\n\n authenticated.post('/api/agent/resume', strictRateLimitMiddleware, createAgentResumeHandler(sseConfig));\n\n authenticated.post('/api/agent/abort', strictRateLimitMiddleware, async (c) => {\n const body = await c.req.json().catch(() => null);\n const runId =\n body && typeof body === 'object' && typeof (body as { runId?: unknown }).runId === 'string'\n ? (body as { runId: string }).runId.trim()\n : '';\n if (!runId) {\n return c.json(\n { ok: false, error: { code: 'BAD_REQUEST', message: 'Missing runId' } },\n 400,\n );\n }\n const aborted = service.abortAgentRun(runId);\n return c.json({ ok: true, payload: { aborted } });\n });\n\n authenticated.post('/api/agent/steer', strictRateLimitMiddleware, async (c) => {\n const body = await c.req.json().catch(() => null);\n if (!body \|\| typeof body !== 'object') {\n return c.json(\n { ok: false, error: { code: 'BAD_REQUEST', message: 'Invalid JSON body' } },\n 400,\n );\n }\n const chatId =\n typeof (body as { chatId?: unknown }).chatId === 'string'\n ? (body as { chatId: string }).chatId.trim()\n : '';\n const message =\n typeof (body as { message?: unknown }).message === 'string'\n ? (body as { message: string }).message\n : '';\n if (!chatId) {\n return c.json(\n { ok: false, error: { code: 'BAD_REQUEST', message: 'Missing chatId' } },\n 400,\n );\n }\n const result = await service.steerWebchatAgent(chatId, message);\n if (result.ok === false) {\n logRouteWarn(log, c, `Agent steer failed: ${result.code}`, 'gateway.route.agent', { chatId, code: result.code });\n const code = result.code;\n const status = code === 'BAD_REQUEST' ? 400 : code === 'NO_ACTIVE_RUN' ? 409 : 500;\n const msg =\n code === 'NO_ACTIVE_RUN'\n ? 'No active agent run for this chat'\n : code === 'STEER_FAILED'\n ? 'Steer failed'\n : 'Message required';\n return c.json({ ok: false, error: { code, message: msg } }, status);\n }\n return c.json({ ok: true, payload: { steered: true } });\n });\n\n authenticated.post('/api/clarify/:requestId', strictRateLimitMiddleware, async (c) => {\n const requestId = c.req.param('requestId')?.trim() ?? '';\n if (!requestId) {\n return c.json(\n { ok: false, error: { code: 'BAD_REQUEST', message: 'Missing requestId' } },\n 400,\n );\n }\n const body = await c.req.json().catch(() => null);\n const skip =\n body &&\n typeof body === 'object' &&\n (body as { skip?: unknown }).skip === true;\n const rawAnswer =\n body && typeof body === 'object' && typeof (body as { answer?: unknown }).answer === 'string'\n ? (body as { answer: string }).answer\n : '';\n const answer = typeof rawAnswer === 'string' ? rawAnswer.trim() : '';\n if (!skip && !answer) {\n return c.json(\n { ok: false, error: { code: 'BAD_REQUEST', message: 'Missing answer field' } },\n 400,\n );\n }\n const handled = service.submitClarifyResponse(requestId, skip ? '' : answer);\n if (!handled) {\n return c.json(\n { ok: false, error: { code: 'NOT_FOUND', message: 'No pending clarification with this ID' } },\n 404,\n );\n }\n return c.json({ ok: true, payload: { received: true } });\n });\n\n authenticated.post('/api/send', strictRateLimitMiddleware, createSendHandler(sseConfig));\n\n authenticated.get('/api/events', createEventsSSEHandler(sseConfig));\n}\n"],"mappings":";;;AAWA,MAAM,MAAM,yBAAyB,cAAc;AAEnD,SAAgB,0BAA0B,eAAqB,MAAoC;CACjG,MAAM,EAAE,SAAS,2BAA2B,cAAc;AAE1D,eAAc,KAAK,cAAc,2BAA2B,sBAAsB,UAAU,CAAC;AAE7F,eAAc,KAAK,qBAAqB,2BAA2B,yBAAyB,UAAU,CAAC;AAEvG,eAAc,KAAK,oBAAoB,2BAA2B,OAAO,MAAM;EAC7E,MAAM,OAAO,MAAM,EAAE,IAAI,MAAM,CAAC,YAAY,KAAK;EACjD,MAAM,QACJ,QAAQ,OAAO,SAAS,YAAY,OAAQ,KAA6B,UAAU,WAC9E,KAA2B,MAAM,MAAM,GACxC;AACN,MAAI,CAAC,MACH,QAAO,EAAE,KACP;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAiB;GAAE,EACvE,IACD;EAEH,MAAM,UAAU,QAAQ,cAAc,MAAM;AAC5C,SAAO,EAAE,KAAK;GAAE,IAAI;GAAM,SAAS,EAAE,SAAS;GAAE,CAAC;GACjD;AAEF,eAAc,KAAK,oBAAoB,2BAA2B,OAAO,MAAM;EAC7E,MAAM,OAAO,MAAM,EAAE,IAAI,MAAM,CAAC,YAAY,KAAK;AACjD,MAAI,CAAC,QAAQ,OAAO,SAAS,SAC3B,QAAO,EAAE,KACP;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAqB;GAAE,EAC3E,IACD;EAEH,MAAM,SACJ,OAAQ,KAA8B,WAAW,WAC5C,KAA4B,OAAO,MAAM,GAC1C;EACN,MAAM,UACJ,OAAQ,KAA+B,YAAY,WAC9C,KAA6B,UAC9B;AACN,MAAI,CAAC,OACH,QAAO,EAAE,KACP;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAkB;GAAE,EACxE,IACD;EAEH,MAAM,SAAS,MAAM,QAAQ,kBAAkB,QAAQ,QAAQ;AAC/D,MAAI,OAAO,OAAO,OAAO;AACvB,gBAAa,KAAK,GAAG,uBAAuB,OAAO,QAAQ,uBAAuB;IAAE;IAAQ,MAAM,OAAO;IAAM,CAAC;GAChH,MAAM,OAAO,OAAO;GACpB,MAAM,SAAS,SAAS,gBAAgB,MAAM,SAAS,kBAAkB,MAAM;GAC/E,MAAM,MACJ,SAAS,kBACL,sCACA,SAAS,iBACP,iBACA;AACR,UAAO,EAAE,KAAK;IAAE,IAAI;IAAO,OAAO;KAAE;KAAM,SAAS;KAAK;IAAE,EAAE,OAAO;;AAErE,SAAO,EAAE,KAAK;GAAE,IAAI;GAAM,SAAS,EAAE,SAAS,MAAM;GAAE,CAAC;GACvD;AAEF,eAAc,KAAK,2BAA2B,2BAA2B,OAAO,MAAM;EACpF,MAAM,YAAY,EAAE,IAAI,MAAM,YAAY,EAAE,MAAM,IAAI;AACtD,MAAI,CAAC,UACH,QAAO,EAAE,KACP;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAqB;GAAE,EAC3E,IACD;EAEH,MAAM,OAAO,MAAM,EAAE,IAAI,MAAM,CAAC,YAAY,KAAK;EACjD,MAAM,OACJ,QACA,OAAO,SAAS,YACf,KAA4B,SAAS;EACxC,MAAM,YACJ,QAAQ,OAAO,SAAS,YAAY,OAAQ,KAA8B,WAAW,WAChF,KAA4B,SAC7B;EACN,MAAM,SAAS,OAAO,cAAc,WAAW,UAAU,MAAM,GAAG;AAClE,MAAI,CAAC,QAAQ,CAAC,OACZ,QAAO,EAAE,KACP;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAwB;GAAE,EAC9E,IACD;AAGH,MAAI,CADY,QAAQ,sBAAsB,WAAW,OAAO,KAAK,OACzD,CACV,QAAO,EAAE,KACP;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAa,SAAS;IAAyC;GAAE,EAC7F,IACD;AAEH,SAAO,EAAE,KAAK;GAAE,IAAI;GAAM,SAAS,EAAE,UAAU,MAAM;GAAE,CAAC;GACxD;AAEF,eAAc,KAAK,aAAa,2BAA2B,kBAAkB,UAAU,CAAC;AAExF,eAAc,IAAI,eAAe,uBAAuB,UAAU,CAAC"}

package/dist/src/gateway/hono/routes/browser-install.js CHANGED Viewed

@@ -1,11 +1,9 @@
-import { createLogger } from "../../../utils/logger/index.js";
-import { init_logger } from "../../../utils/logger.js";
 import { acquireBrowserInstallLock, cancelBrowserInstall } from "../../../browser/install-lock.js";
+import { createGatewayRouteLogger } from "../lib/route-logger.js";
 import { runPlaywrightChromiumInstallWithProgress } from "../../../browser/providers/playwright-install.js";
 import { streamSSE } from "hono/streaming";
 //#region src/gateway/hono/routes/browser-install.ts
-init_logger();
-const log = createLogger("GatewayBrowserInstall");
+const log = createGatewayRouteLogger("BrowserInstall");
 function parseCloakInstallBody(body) {
 	const input = body && typeof body === "object" && !Array.isArray(body) ? body : {};
 	return {