@zero-transfer/mft 0.4.6 → 0.4.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -3
- package/dist/index.cjs +326 -73
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.mts +267 -29
- package/dist/index.d.ts +267 -29
- package/dist/index.mjs +322 -73
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -2
package/dist/index.d.ts
CHANGED
|
@@ -398,6 +398,10 @@ interface TlsProfile {
|
|
|
398
398
|
* trust via `rejectUnauthorized`. Pinning is **recommended for production** when you control
|
|
399
399
|
* the server and want defence-in-depth against rogue certificates issued by trusted CAs.
|
|
400
400
|
*
|
|
401
|
+
* Cannot be combined with `rejectUnauthorized: false`: pin verification runs after the TLS
|
|
402
|
+
* handshake is accepted, so chain validation must stay enabled. Use `ca` for self-signed
|
|
403
|
+
* certificates.
|
|
404
|
+
*
|
|
401
405
|
* @example "AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99"
|
|
402
406
|
*/
|
|
403
407
|
pinnedFingerprint256?: string | readonly string[];
|
|
@@ -675,10 +679,42 @@ interface TransferBandwidthLimit {
|
|
|
675
679
|
/** Optional burst allowance in bytes for token-bucket-style implementations. */
|
|
676
680
|
burstBytes?: number;
|
|
677
681
|
}
|
|
678
|
-
/**
|
|
682
|
+
/**
|
|
683
|
+
* Timeout policy applied by the transfer engine.
|
|
684
|
+
*
|
|
685
|
+
* Two timeout scopes exist with deliberately different failure semantics:
|
|
686
|
+
*
|
|
687
|
+
* - **Job scope** ({@link timeoutMs}): covers the full engine execution
|
|
688
|
+
* including retries. When it fires, the engine rethrows the
|
|
689
|
+
* {@link TimeoutError} immediately - the retry policy is never consulted.
|
|
690
|
+
* - **Attempt scope** ({@link attemptTimeoutMs} and {@link stallTimeoutMs}):
|
|
691
|
+
* covers a single attempt. When either fires, the per-attempt abort
|
|
692
|
+
* controller cancels the attempt and the resulting {@link TimeoutError}
|
|
693
|
+
* flows into the retry policy like any other attempt failure, so retryable
|
|
694
|
+
* timeouts are retried (with backoff) instead of failing the job.
|
|
695
|
+
*
|
|
696
|
+
* @example Retry stalled attempts, but never run longer than 10 minutes total
|
|
697
|
+
* ```ts
|
|
698
|
+
* await engine.execute(job, executor, {
|
|
699
|
+
* retry: createDefaultRetryPolicy(),
|
|
700
|
+
* timeout: { timeoutMs: 600_000, attemptTimeoutMs: 120_000, stallTimeoutMs: 30_000 },
|
|
701
|
+
* });
|
|
702
|
+
* ```
|
|
703
|
+
*/
|
|
679
704
|
interface TransferTimeoutPolicy {
|
|
680
705
|
/** Maximum duration for the full engine execution, including retries, in milliseconds. */
|
|
681
706
|
timeoutMs?: number;
|
|
707
|
+
/**
|
|
708
|
+
* Maximum duration for a single attempt in milliseconds. Expiry aborts only
|
|
709
|
+
* the active attempt; the failure flows into the retry policy.
|
|
710
|
+
*/
|
|
711
|
+
attemptTimeoutMs?: number;
|
|
712
|
+
/**
|
|
713
|
+
* Maximum time without progress before an attempt is considered stalled, in
|
|
714
|
+
* milliseconds. The watchdog resets on every progress report; expiry aborts
|
|
715
|
+
* only the active attempt and the failure flows into the retry policy.
|
|
716
|
+
*/
|
|
717
|
+
stallTimeoutMs?: number;
|
|
682
718
|
/** Whether timeout failures are retryable. Defaults to `true`. */
|
|
683
719
|
retryable?: boolean;
|
|
684
720
|
}
|
|
@@ -803,15 +839,31 @@ interface TransferRetryDecisionInput {
|
|
|
803
839
|
error: unknown;
|
|
804
840
|
/** One-based attempt number that failed. */
|
|
805
841
|
attempt: number;
|
|
842
|
+
/** Milliseconds elapsed since the engine execution started, including prior attempts and delays. */
|
|
843
|
+
elapsedMs: number;
|
|
806
844
|
/** Job being executed. */
|
|
807
845
|
job: TransferJob;
|
|
808
846
|
}
|
|
809
|
-
/**
|
|
847
|
+
/**
|
|
848
|
+
* Retry policy for transfer execution.
|
|
849
|
+
*
|
|
850
|
+
* Use {@link createDefaultRetryPolicy} for a production-ready policy with
|
|
851
|
+
* exponential backoff, full jitter, and `Retry-After` support, or implement
|
|
852
|
+
* the hooks directly for full control.
|
|
853
|
+
*/
|
|
810
854
|
interface TransferRetryPolicy {
|
|
811
855
|
/** Maximum total attempts, including the first attempt. Defaults to `1`. */
|
|
812
856
|
maxAttempts?: number;
|
|
813
857
|
/** Decides whether a failed attempt should be retried. Defaults to SDK retryability metadata. */
|
|
814
858
|
shouldRetry?(input: TransferRetryDecisionInput): boolean;
|
|
859
|
+
/**
|
|
860
|
+
* Computes the delay before the next attempt in milliseconds.
|
|
861
|
+
*
|
|
862
|
+
* The engine sleeps for the returned duration with an abort-aware timer:
|
|
863
|
+
* cancelling the job during the delay rejects immediately instead of
|
|
864
|
+
* waiting out the backoff. Non-positive or missing values retry at once.
|
|
865
|
+
*/
|
|
866
|
+
getDelayMs?(input: TransferRetryDecisionInput): number;
|
|
815
867
|
/** Observes retry decisions before the next attempt starts. */
|
|
816
868
|
onRetry?(input: TransferRetryDecisionInput): void;
|
|
817
869
|
}
|
|
@@ -845,7 +897,12 @@ interface TransferEngineOptions {
|
|
|
845
897
|
*
|
|
846
898
|
* @example Execute a single job with a custom executor
|
|
847
899
|
* ```ts
|
|
848
|
-
* import {
|
|
900
|
+
* import {
|
|
901
|
+
* TransferEngine,
|
|
902
|
+
* createDefaultRetryPolicy,
|
|
903
|
+
* type TransferExecutor,
|
|
904
|
+
* type TransferJob,
|
|
905
|
+
* } from "@zero-transfer/sdk";
|
|
849
906
|
*
|
|
850
907
|
* const engine = new TransferEngine();
|
|
851
908
|
*
|
|
@@ -863,7 +920,8 @@ interface TransferEngineOptions {
|
|
|
863
920
|
* };
|
|
864
921
|
*
|
|
865
922
|
* const receipt = await engine.execute(job, executor, {
|
|
866
|
-
* retry:
|
|
923
|
+
* retry: createDefaultRetryPolicy(),
|
|
924
|
+
* timeout: { stallTimeoutMs: 30_000 },
|
|
867
925
|
* });
|
|
868
926
|
* console.log(receipt.attempts.length); // 1 on success
|
|
869
927
|
* ```
|
|
@@ -1085,6 +1143,40 @@ declare class ProviderRegistry {
|
|
|
1085
1143
|
listCapabilities(): CapabilitySet[];
|
|
1086
1144
|
}
|
|
1087
1145
|
|
|
1146
|
+
/**
|
|
1147
|
+
* Client-level execution defaults applied when a call site does not supply
|
|
1148
|
+
* its own value.
|
|
1149
|
+
*
|
|
1150
|
+
* Defaults are consumed by {@link runRoute}, the one-shot helpers
|
|
1151
|
+
* ({@link uploadFile}, {@link downloadFile}, {@link copyBetween}),
|
|
1152
|
+
* {@link TransferQueue} (via its `client` option), and scheduled routes fired
|
|
1153
|
+
* through {@link MftScheduler}. The {@link TransferEngine} primitive stays
|
|
1154
|
+
* fully explicit: defaults never reach `engine.execute()` directly.
|
|
1155
|
+
*
|
|
1156
|
+
* Per-call options always win over client defaults.
|
|
1157
|
+
*
|
|
1158
|
+
* Additional default slots (`verify`, `resume`, `compression`, `policy`) land
|
|
1159
|
+
* here as their features ship in later releases; the shape is additive.
|
|
1160
|
+
*
|
|
1161
|
+
* @example Resilient defaults for every transfer in an application
|
|
1162
|
+
* ```ts
|
|
1163
|
+
* import { createDefaultRetryPolicy, createTransferClient } from "@zero-transfer/sdk";
|
|
1164
|
+
*
|
|
1165
|
+
* const client = createTransferClient({
|
|
1166
|
+
* providers: [createSftpProviderFactory(), createS3ProviderFactory()],
|
|
1167
|
+
* defaults: {
|
|
1168
|
+
* retry: createDefaultRetryPolicy(),
|
|
1169
|
+
* timeout: { stallTimeoutMs: 30_000 },
|
|
1170
|
+
* },
|
|
1171
|
+
* });
|
|
1172
|
+
* ```
|
|
1173
|
+
*/
|
|
1174
|
+
interface TransferClientDefaults {
|
|
1175
|
+
/** Default retry policy for transfers executed through this client. */
|
|
1176
|
+
retry?: TransferRetryPolicy;
|
|
1177
|
+
/** Default timeout policy for transfers executed through this client. */
|
|
1178
|
+
timeout?: TransferTimeoutPolicy;
|
|
1179
|
+
}
|
|
1088
1180
|
/** Options used to create a provider-neutral transfer client. */
|
|
1089
1181
|
interface TransferClientOptions {
|
|
1090
1182
|
/** Existing registry to reuse. When omitted, a fresh empty registry is created. */
|
|
@@ -1093,16 +1185,20 @@ interface TransferClientOptions {
|
|
|
1093
1185
|
providers?: ProviderFactory[];
|
|
1094
1186
|
/** Structured logger used for client lifecycle records. */
|
|
1095
1187
|
logger?: ZeroTransferLogger;
|
|
1188
|
+
/** Execution defaults applied when call sites omit their own values. */
|
|
1189
|
+
defaults?: TransferClientDefaults;
|
|
1096
1190
|
}
|
|
1097
1191
|
/** Small provider-neutral client that owns provider lookup and connection setup. */
|
|
1098
1192
|
declare class TransferClient {
|
|
1099
1193
|
/** Provider registry used by this client. */
|
|
1100
1194
|
readonly registry: ProviderRegistry;
|
|
1195
|
+
/** Execution defaults applied when call sites omit their own values. */
|
|
1196
|
+
readonly defaults?: TransferClientDefaults;
|
|
1101
1197
|
private readonly logger;
|
|
1102
1198
|
/**
|
|
1103
1199
|
* Creates a transfer client without opening any provider connections.
|
|
1104
1200
|
*
|
|
1105
|
-
* @param options - Optional registry, provider factories, and
|
|
1201
|
+
* @param options - Optional registry, provider factories, logger, and execution defaults.
|
|
1106
1202
|
*/
|
|
1107
1203
|
constructor(options?: TransferClientOptions);
|
|
1108
1204
|
/**
|
|
@@ -1436,11 +1532,11 @@ interface RunRouteOptions {
|
|
|
1436
1532
|
now?: () => Date;
|
|
1437
1533
|
/** Abort signal used to cancel the route execution. */
|
|
1438
1534
|
signal?: AbortSignal;
|
|
1439
|
-
/** Retry policy forwarded to the engine. */
|
|
1535
|
+
/** Retry policy forwarded to the engine. Falls back to `client.defaults.retry`. */
|
|
1440
1536
|
retry?: TransferRetryPolicy;
|
|
1441
1537
|
/** Progress observer forwarded to the engine. */
|
|
1442
1538
|
onProgress?: (event: TransferProgressEvent) => void;
|
|
1443
|
-
/** Timeout policy forwarded to the engine. */
|
|
1539
|
+
/** Timeout policy forwarded to the engine. Falls back to `client.defaults.timeout`. */
|
|
1444
1540
|
timeout?: TransferTimeoutPolicy;
|
|
1445
1541
|
/** Optional bandwidth limit forwarded to the engine. */
|
|
1446
1542
|
bandwidthLimit?: TransferBandwidthLimit;
|
|
@@ -1462,7 +1558,12 @@ interface RunRouteOptions {
|
|
|
1462
1558
|
*
|
|
1463
1559
|
* @example Run a pre-built route with progress + retry
|
|
1464
1560
|
* ```ts
|
|
1465
|
-
* import {
|
|
1561
|
+
* import {
|
|
1562
|
+
* createDefaultRetryPolicy,
|
|
1563
|
+
* createTransferClient,
|
|
1564
|
+
* runRoute,
|
|
1565
|
+
* type MftRoute,
|
|
1566
|
+
* } from "@zero-transfer/sdk";
|
|
1466
1567
|
*
|
|
1467
1568
|
* const route: MftRoute = {
|
|
1468
1569
|
* id: "nightly-export",
|
|
@@ -1481,7 +1582,7 @@ interface RunRouteOptions {
|
|
|
1481
1582
|
* client,
|
|
1482
1583
|
* route,
|
|
1483
1584
|
* onProgress: (e) => console.log(`${e.bytesTransferred}/${e.totalBytes ?? "?"}`),
|
|
1484
|
-
* retry: { maxAttempts: 3
|
|
1585
|
+
* retry: createDefaultRetryPolicy({ maxAttempts: 3 }),
|
|
1485
1586
|
* });
|
|
1486
1587
|
* console.log(`Job ${receipt.jobId} moved ${receipt.bytesTransferred} bytes…`);
|
|
1487
1588
|
* ```
|
|
@@ -2123,8 +2224,13 @@ interface FileZillaSite {
|
|
|
2123
2224
|
folder: readonly string[];
|
|
2124
2225
|
/** Generated connection profile. */
|
|
2125
2226
|
profile: ConnectionProfile;
|
|
2126
|
-
/**
|
|
2127
|
-
|
|
2227
|
+
/**
|
|
2228
|
+
* Whether the FileZilla entry stored a password. The importer never decodes
|
|
2229
|
+
* or returns stored passwords; supply the credential via a
|
|
2230
|
+
* {@link ConnectionProfile.password | SecretSource} (for example
|
|
2231
|
+
* `{ env: "SITE_PASSWORD" }` or `{ path: "./secret" }`) before connecting.
|
|
2232
|
+
*/
|
|
2233
|
+
hasStoredPassword: boolean;
|
|
2128
2234
|
/** Logon type code preserved from the file (`0`=anonymous, `1`=normal, etc.). */
|
|
2129
2235
|
logonType?: number;
|
|
2130
2236
|
}
|
|
@@ -2181,16 +2287,6 @@ interface ImportWinScpSessionsResult {
|
|
|
2181
2287
|
*/
|
|
2182
2288
|
declare function importWinScpSessions(ini: string): ImportWinScpSessionsResult;
|
|
2183
2289
|
|
|
2184
|
-
/**
|
|
2185
|
-
* Structured ZeroTransfer error hierarchy.
|
|
2186
|
-
*
|
|
2187
|
-
* The classes in this module preserve protocol details, retryability, command/path
|
|
2188
|
-
* context, and machine-readable codes so application code does not need to parse
|
|
2189
|
-
* human error messages.
|
|
2190
|
-
*
|
|
2191
|
-
* @module errors/ZeroTransferError
|
|
2192
|
-
*/
|
|
2193
|
-
|
|
2194
2290
|
/**
|
|
2195
2291
|
* Complete set of fields required to create a ZeroTransfer error.
|
|
2196
2292
|
*/
|
|
@@ -2256,6 +2352,11 @@ declare class ZeroTransferError extends Error {
|
|
|
2256
2352
|
/**
|
|
2257
2353
|
* Serializes the error into a plain object suitable for logs or API responses.
|
|
2258
2354
|
*
|
|
2355
|
+
* `details` and `command` are passed through secret redaction so serialized
|
|
2356
|
+
* errors never leak credentials, signed URLs, or raw protocol commands. The
|
|
2357
|
+
* live {@link ZeroTransferError.details | details} property stays unredacted
|
|
2358
|
+
* for programmatic consumers.
|
|
2359
|
+
*
|
|
2259
2360
|
* @returns A JSON-safe object containing public structured error fields.
|
|
2260
2361
|
*/
|
|
2261
2362
|
toJSON(): Record<string, unknown>;
|
|
@@ -2459,6 +2560,32 @@ declare function redactValue(value: unknown): unknown;
|
|
|
2459
2560
|
* @returns A shallow object copy with sensitive fields and nested secrets redacted.
|
|
2460
2561
|
*/
|
|
2461
2562
|
declare function redactObject(input: Record<string, unknown>): Record<string, unknown>;
|
|
2563
|
+
/**
|
|
2564
|
+
* Strips credentials and query/fragment content from a URL before logging.
|
|
2565
|
+
*
|
|
2566
|
+
* Query strings routinely carry bearer material - SigV4 `X-Amz-Signature`
|
|
2567
|
+
* values, SAS tokens, signed-URL parameters - so the entire search and hash
|
|
2568
|
+
* segments are replaced rather than filtered key-by-key. Embedded
|
|
2569
|
+
* `user:password@` userinfo is removed. Origin and pathname are preserved
|
|
2570
|
+
* because they are what operators need to correlate a failing request.
|
|
2571
|
+
*
|
|
2572
|
+
* @param url - Absolute URL string or `URL` instance to sanitize.
|
|
2573
|
+
* @returns A loggable URL string, or {@link REDACTED} when the value cannot be
|
|
2574
|
+
* parsed as a URL (an unparsable value may still embed credentials).
|
|
2575
|
+
*/
|
|
2576
|
+
declare function redactUrlForLogging(url: string | URL): string;
|
|
2577
|
+
/**
|
|
2578
|
+
* Converts an arbitrary thrown value into a JSON-safe, secret-free record.
|
|
2579
|
+
*
|
|
2580
|
+
* Structured SDK errors are serialized through their `toJSON()` (which already
|
|
2581
|
+
* redacts details); plain errors contribute name/message/stack-free context;
|
|
2582
|
+
* other values are stringified. Use this at every internal log site that
|
|
2583
|
+
* records a caught error.
|
|
2584
|
+
*
|
|
2585
|
+
* @param error - Caught value of unknown shape.
|
|
2586
|
+
* @returns A redacted, JSON-safe object describing the error.
|
|
2587
|
+
*/
|
|
2588
|
+
declare function redactErrorForLogging(error: unknown): Record<string, unknown>;
|
|
2462
2589
|
|
|
2463
2590
|
/** Sleep helper signature used by {@link createBandwidthThrottle}. */
|
|
2464
2591
|
type BandwidthSleep = (delayMs: number, signal?: AbortSignal) => Promise<void>;
|
|
@@ -2510,6 +2637,73 @@ declare function createBandwidthThrottle(limit: TransferBandwidthLimit | undefin
|
|
|
2510
2637
|
*/
|
|
2511
2638
|
declare function throttleByteIterable(source: AsyncIterable<Uint8Array>, throttle: BandwidthThrottle | undefined, signal?: AbortSignal): AsyncIterable<Uint8Array>;
|
|
2512
2639
|
|
|
2640
|
+
/** Options for {@link createDefaultRetryPolicy}. */
|
|
2641
|
+
interface DefaultRetryPolicyOptions {
|
|
2642
|
+
/** Maximum total attempts, including the first attempt. Defaults to `4`. */
|
|
2643
|
+
maxAttempts?: number;
|
|
2644
|
+
/** Base backoff delay before jitter in milliseconds. Defaults to `250`. */
|
|
2645
|
+
baseDelayMs?: number;
|
|
2646
|
+
/** Upper bound for a single computed backoff delay in milliseconds. Defaults to `30_000`. */
|
|
2647
|
+
maxDelayMs?: number;
|
|
2648
|
+
/**
|
|
2649
|
+
* Total elapsed-time budget across all attempts and delays in milliseconds.
|
|
2650
|
+
* Once exceeded, no further retries are attempted. Defaults to `300_000` (5 minutes).
|
|
2651
|
+
*/
|
|
2652
|
+
maxElapsedMs?: number;
|
|
2653
|
+
/**
|
|
2654
|
+
* Random source in `[0, 1)` used for jitter. Defaults to `Math.random`.
|
|
2655
|
+
* Inject a deterministic source in tests.
|
|
2656
|
+
*/
|
|
2657
|
+
random?: () => number;
|
|
2658
|
+
}
|
|
2659
|
+
/**
|
|
2660
|
+
* Creates the SDK's recommended retry policy for transfer execution.
|
|
2661
|
+
*
|
|
2662
|
+
* The policy retries only failures the SDK has marked as safe to retry
|
|
2663
|
+
* (`error.retryable === true` on a {@link ZeroTransferError}), backing off
|
|
2664
|
+
* exponentially with full jitter: each delay is drawn uniformly from
|
|
2665
|
+
* `[0, min(maxDelayMs, baseDelayMs * 2^(attempt - 1)))`, the schedule that
|
|
2666
|
+
* minimizes contention when many clients retry against the same server.
|
|
2667
|
+
*
|
|
2668
|
+
* Server pacing hints are honored: when the failed attempt carries
|
|
2669
|
+
* `details.retryAfterMs` (parsed from an HTTP `Retry-After` header on 429/503
|
|
2670
|
+
* responses by the web-family providers), the next delay is exactly that
|
|
2671
|
+
* value rather than the jittered backoff. A hint that does not fit in the
|
|
2672
|
+
* remaining `maxElapsedMs` budget stops retrying instead of retrying early.
|
|
2673
|
+
*
|
|
2674
|
+
* Retries also stop once `maxElapsedMs` has elapsed since execution started,
|
|
2675
|
+
* regardless of how many attempts remain.
|
|
2676
|
+
*
|
|
2677
|
+
* @param options - Optional overrides for attempts, delays, and the elapsed budget.
|
|
2678
|
+
* @returns A {@link TransferRetryPolicy} for {@link TransferEngine.execute},
|
|
2679
|
+
* {@link runRoute}, {@link TransferQueue}, or client-level defaults.
|
|
2680
|
+
*
|
|
2681
|
+
* @example Default policy on a one-shot helper
|
|
2682
|
+
* ```ts
|
|
2683
|
+
* import { createDefaultRetryPolicy, uploadFile } from "@zero-transfer/sdk";
|
|
2684
|
+
*
|
|
2685
|
+
* await uploadFile({
|
|
2686
|
+
* client,
|
|
2687
|
+
* destination: { path: "/uploads/report.csv", profile },
|
|
2688
|
+
* localPath: "./out/report.csv",
|
|
2689
|
+
* retry: createDefaultRetryPolicy(),
|
|
2690
|
+
* });
|
|
2691
|
+
* ```
|
|
2692
|
+
*
|
|
2693
|
+
* @example Tighter schedule for latency-sensitive work
|
|
2694
|
+
* ```ts
|
|
2695
|
+
* const retry = createDefaultRetryPolicy({
|
|
2696
|
+
* maxAttempts: 3,
|
|
2697
|
+
* baseDelayMs: 100,
|
|
2698
|
+
* maxDelayMs: 2_000,
|
|
2699
|
+
* maxElapsedMs: 15_000,
|
|
2700
|
+
* });
|
|
2701
|
+
* ```
|
|
2702
|
+
*
|
|
2703
|
+
* @see {@link TransferRetryPolicy} for the underlying hook contract.
|
|
2704
|
+
*/
|
|
2705
|
+
declare function createDefaultRetryPolicy(options?: DefaultRetryPolicyOptions): TransferRetryPolicy;
|
|
2706
|
+
|
|
2513
2707
|
/**
|
|
2514
2708
|
* Transfer executor bridge for provider-backed read/write sessions.
|
|
2515
2709
|
*
|
|
@@ -2665,6 +2859,12 @@ declare function summarizeTransferPlan(plan: TransferPlan): TransferPlanSummary;
|
|
|
2665
2859
|
/** Converts executable plan steps into transfer jobs while preserving order. */
|
|
2666
2860
|
declare function createTransferJobsFromPlan(plan: TransferPlan): TransferJob[];
|
|
2667
2861
|
|
|
2862
|
+
/**
|
|
2863
|
+
* Transfer queue primitives built on top of {@link TransferEngine}.
|
|
2864
|
+
*
|
|
2865
|
+
* @module transfers/TransferQueue
|
|
2866
|
+
*/
|
|
2867
|
+
|
|
2668
2868
|
/** Queue item lifecycle state. */
|
|
2669
2869
|
type TransferQueueItemStatus = "queued" | "running" | "completed" | "failed" | "canceled";
|
|
2670
2870
|
/** Resolver used when jobs do not provide an executor at enqueue time. */
|
|
@@ -2673,15 +2873,20 @@ type TransferQueueExecutorResolver = (job: TransferJob) => TransferExecutor;
|
|
|
2673
2873
|
interface TransferQueueOptions {
|
|
2674
2874
|
/** Transfer engine used to execute queued jobs. Defaults to a new engine. */
|
|
2675
2875
|
engine?: TransferEngine;
|
|
2876
|
+
/**
|
|
2877
|
+
* Transfer client whose {@link TransferClientDefaults | defaults} seed the
|
|
2878
|
+
* queue's retry and timeout policies when not set here or per drain.
|
|
2879
|
+
*/
|
|
2880
|
+
client?: TransferClient;
|
|
2676
2881
|
/** Maximum jobs to execute at the same time. Defaults to `1`. */
|
|
2677
2882
|
concurrency?: number;
|
|
2678
2883
|
/** Default executor used for jobs that do not provide one directly. */
|
|
2679
2884
|
executor?: TransferExecutor;
|
|
2680
2885
|
/** Dynamic executor resolver used when no per-job executor or default executor exists. */
|
|
2681
2886
|
resolveExecutor?: TransferQueueExecutorResolver;
|
|
2682
|
-
/** Retry policy passed to engine executions. */
|
|
2887
|
+
/** Retry policy passed to engine executions. Falls back to `client.defaults.retry`. */
|
|
2683
2888
|
retry?: TransferRetryPolicy;
|
|
2684
|
-
/** Timeout policy passed to engine executions. */
|
|
2889
|
+
/** Timeout policy passed to engine executions. Falls back to `client.defaults.timeout`. */
|
|
2685
2890
|
timeout?: TransferTimeoutPolicy;
|
|
2686
2891
|
/** Optional throughput limit shape passed to transfer executors. */
|
|
2687
2892
|
bandwidthLimit?: TransferBandwidthLimit;
|
|
@@ -3476,10 +3681,14 @@ declare function createProgressEvent(input: ProgressEventInput): TransferProgres
|
|
|
3476
3681
|
/**
|
|
3477
3682
|
* Validates that an FTP command argument cannot inject additional command lines.
|
|
3478
3683
|
*
|
|
3684
|
+
* NUL bytes are rejected alongside CR/LF: C-string-based servers and filesystem
|
|
3685
|
+
* APIs truncate at the first NUL, which lets a crafted path smuggle a different
|
|
3686
|
+
* effective target past validation.
|
|
3687
|
+
*
|
|
3479
3688
|
* @param value - Argument value to validate.
|
|
3480
3689
|
* @param label - Human-readable argument label used in error messages.
|
|
3481
3690
|
* @returns The original value when it is safe.
|
|
3482
|
-
* @throws {@link ConfigurationError} When the value contains CR or
|
|
3691
|
+
* @throws {@link ConfigurationError} When the value contains CR, LF, or NUL characters.
|
|
3483
3692
|
*/
|
|
3484
3693
|
declare function assertSafeFtpArgument(value: string, label?: string): string;
|
|
3485
3694
|
/**
|
|
@@ -3487,7 +3696,7 @@ declare function assertSafeFtpArgument(value: string, label?: string): string;
|
|
|
3487
3696
|
*
|
|
3488
3697
|
* @param input - Remote path that may contain duplicate separators or dot segments.
|
|
3489
3698
|
* @returns A normalized remote path, `/` for absolute root, or `.` for an empty relative path.
|
|
3490
|
-
* @throws {@link ConfigurationError} When the input contains unsafe CR or
|
|
3699
|
+
* @throws {@link ConfigurationError} When the input contains unsafe CR, LF, or NUL characters.
|
|
3491
3700
|
*/
|
|
3492
3701
|
declare function normalizeRemotePath(input: string): string;
|
|
3493
3702
|
/**
|
|
@@ -3828,7 +4037,7 @@ declare function summarizeError(error: unknown): {
|
|
|
3828
4037
|
|
|
3829
4038
|
/** Webhook destination. */
|
|
3830
4039
|
interface WebhookTarget {
|
|
3831
|
-
/** Absolute
|
|
4040
|
+
/** Absolute `https:` URL that receives `POST` deliveries. */
|
|
3832
4041
|
url: string;
|
|
3833
4042
|
/** Additional headers merged into every request. */
|
|
3834
4043
|
headers?: Record<string, string>;
|
|
@@ -3836,6 +4045,12 @@ interface WebhookTarget {
|
|
|
3836
4045
|
secret?: string;
|
|
3837
4046
|
/** Audit entry types to deliver. Defaults to all types. */
|
|
3838
4047
|
types?: readonly MftAuditEntry["type"][];
|
|
4048
|
+
/**
|
|
4049
|
+
* Permits plain `http:` delivery. Defaults to `false`, which rejects
|
|
4050
|
+
* cleartext URLs because audit payloads (and the HMAC timestamp/signature
|
|
4051
|
+
* headers) would cross the network unencrypted.
|
|
4052
|
+
*/
|
|
4053
|
+
allowInsecureUrl?: boolean;
|
|
3839
4054
|
}
|
|
3840
4055
|
/** Retry policy for webhook deliveries. */
|
|
3841
4056
|
interface WebhookRetryPolicy {
|
|
@@ -3891,6 +4106,8 @@ declare function signWebhookPayload(payload: string, secret: string, timestamp?:
|
|
|
3891
4106
|
*
|
|
3892
4107
|
* @param options - Target, payload, fetch impl, retry policy, abort signal.
|
|
3893
4108
|
* @returns The delivery outcome.
|
|
4109
|
+
* @throws {@link ConfigurationError} When the target URL is not absolute or
|
|
4110
|
+
* uses cleartext `http:` without `allowInsecureUrl: true`.
|
|
3894
4111
|
*/
|
|
3895
4112
|
declare function dispatchWebhook(options: DispatchWebhookOptions): Promise<DispatchWebhookResult>;
|
|
3896
4113
|
/** Options accepted by {@link createWebhookAuditLog}. */
|
|
@@ -4208,6 +4425,17 @@ declare class ApprovalRejectedError extends ZeroTransferError {
|
|
|
4208
4425
|
*/
|
|
4209
4426
|
constructor(request: ApprovalRequest);
|
|
4210
4427
|
}
|
|
4428
|
+
/** Error raised when an approval request is not resolved within its timeout window. */
|
|
4429
|
+
declare class ApprovalTimeoutError extends ZeroTransferError {
|
|
4430
|
+
readonly request: ApprovalRequest;
|
|
4431
|
+
/**
|
|
4432
|
+
* Creates an approval timeout error.
|
|
4433
|
+
*
|
|
4434
|
+
* @param request - The approval request that timed out while pending.
|
|
4435
|
+
* @param timeoutMs - Configured timeout window in milliseconds.
|
|
4436
|
+
*/
|
|
4437
|
+
constructor(request: ApprovalRequest, timeoutMs: number);
|
|
4438
|
+
}
|
|
4211
4439
|
/** In-memory approval registry. */
|
|
4212
4440
|
declare class ApprovalRegistry {
|
|
4213
4441
|
private readonly requests;
|
|
@@ -4274,17 +4502,27 @@ interface CreateApprovalGateOptions {
|
|
|
4274
4502
|
now?: () => Date;
|
|
4275
4503
|
/** Observer fired when a new approval request is created. */
|
|
4276
4504
|
onRequested?: (request: ApprovalRequest) => void;
|
|
4505
|
+
/**
|
|
4506
|
+
* Maximum time in milliseconds an approval may stay pending. When the window
|
|
4507
|
+
* elapses the request is rejected with reason `"timeout"` and the gated run
|
|
4508
|
+
* fails with a typed {@link ApprovalTimeoutError}. Unset means wait forever.
|
|
4509
|
+
*/
|
|
4510
|
+
timeoutMs?: number;
|
|
4277
4511
|
}
|
|
4278
4512
|
/**
|
|
4279
4513
|
* Wraps a route runner with an approval gate.
|
|
4280
4514
|
*
|
|
4281
4515
|
* The returned runner creates an approval request, waits for resolution, and
|
|
4282
4516
|
* dispatches the underlying runner only when the request is approved. Rejection
|
|
4283
|
-
* surfaces an {@link ApprovalRejectedError}
|
|
4284
|
-
*
|
|
4517
|
+
* surfaces an {@link ApprovalRejectedError}; an unresolved request that exceeds
|
|
4518
|
+
* `timeoutMs` surfaces an {@link ApprovalTimeoutError}. Pair with
|
|
4519
|
+
* {@link MftScheduler} to implement two-person rules and human-in-the-loop
|
|
4520
|
+
* release flows.
|
|
4285
4521
|
*
|
|
4286
4522
|
* @param options - Registry, downstream runner, approval-id derivation, hooks.
|
|
4287
4523
|
* @returns A {@link ScheduleRouteRunner} that gates execution behind approval.
|
|
4524
|
+
* @throws {@link ApprovalTimeoutError} From the returned runner when the
|
|
4525
|
+
* request stays pending longer than `timeoutMs`.
|
|
4288
4526
|
*
|
|
4289
4527
|
* @example Two-person rule on a release route
|
|
4290
4528
|
* ```ts
|
|
@@ -4347,4 +4585,4 @@ declare function parseCronExpression(expression: string): CronExpression;
|
|
|
4347
4585
|
*/
|
|
4348
4586
|
declare function nextCronFireAt(expression: CronExpression, from: Date, timezone?: "utc" | "local"): Date | undefined;
|
|
4349
4587
|
|
|
4350
|
-
export { AbortError, type AgeRetentionPolicy, ApprovalRegistry, ApprovalRejectedError, type ApprovalRequest, type ApprovalStatus, type AtomicDeployActivateOperation, type AtomicDeployActivateStep, type AtomicDeployPlan, type AtomicDeployPruneStep, type AtomicDeployStrategy, type AuthenticationCapability, AuthenticationError, AuthorizationError, type BandwidthSleep, type BandwidthThrottle, type BandwidthThrottleOptions, type Base64EnvSecretSource, type BuiltInProviderId, CLASSIC_PROVIDER_IDS, type CapabilitySet, type ChecksumCapability, type ClassicProviderId, type ClientDiagnostics, type CompareRemoteManifestsOptions, ConfigurationError, type ConnectionDiagnosticTimings, type ConnectionDiagnosticsResult, ConnectionError, type ConnectionPoolOptions, type ConnectionProfile, type ConventionEndpoint, type CopyBetweenOptions, type CountRetentionPolicy, type CreateApprovalGateOptions, type CreateAtomicDeployPlanOptions, type CreateInboxRouteOptions, type CreateOutboxRouteOptions, type CreateRemoteBrowserOptions, type CreateRemoteManifestOptions, type CreateSyncPlanOptions, type CreateWebhookAuditLogOptions, type CronExpression, type CronField, type CronScheduleTrigger, DEFAULT_FAILED_SUBDIR, DEFAULT_PROCESSED_SUBDIR, type DiffRemoteTreesOptions, type DispatchWebhookOptions, type DispatchWebhookResult, type DownloadFileOptions, type EnvSecretSource, type EvaluateRetentionOptions, type FileSecretSource, type FileZillaSite, type FriendlyTransferOptions, type FtpReplyErrorInput, type ImportFileZillaSitesResult, type ImportOpenSshConfigOptions, type ImportOpenSshConfigResult, type ImportWinScpSessionsResult, InMemoryAuditLog, type IntervalScheduleTrigger, type JsonlWriter, type KnownHostsEntry, type KnownHostsMarker, type ListOptions, type LocalProviderOptions, type LogLevel, type LogRecord, type LogRecordInput, type LoggerMethod, type MemoryProviderEntry, type MemoryProviderOptions, type MetadataCapability, type MftAuditEntry, type MftAuditEntryType, type MftAuditLog, type MftInboxConvention, type MftOutboxConvention, type MftRoute, type MftRouteEndpoint, type MftRouteFilter, type MftRouteOperation, type MftSchedule, type MftScheduleTrigger, MftScheduler, type MftSchedulerOptions, type MkdirOptions, type OAuthAccessToken, type OAuthRefreshCallback, type OAuthTokenSecretSourceOptions, type OpenSshConfigEntry, ParseError, PathAlreadyExistsError, PathNotFoundError, PermissionDeniedError, type PooledTransferClient, type ProgressEventInput, ProtocolError, type
|
|
4588
|
+
export { AbortError, type AgeRetentionPolicy, ApprovalRegistry, ApprovalRejectedError, type ApprovalRequest, type ApprovalStatus, ApprovalTimeoutError, type AtomicDeployActivateOperation, type AtomicDeployActivateStep, type AtomicDeployPlan, type AtomicDeployPruneStep, type AtomicDeployStrategy, type AuthenticationCapability, AuthenticationError, AuthorizationError, type BandwidthSleep, type BandwidthThrottle, type BandwidthThrottleOptions, type Base64EnvSecretSource, type BuiltInProviderId, CLASSIC_PROVIDER_IDS, type CapabilitySet, type ChecksumCapability, type ClassicProviderId, type ClientDiagnostics, type CompareRemoteManifestsOptions, ConfigurationError, type ConnectionDiagnosticTimings, type ConnectionDiagnosticsResult, ConnectionError, type ConnectionPoolOptions, type ConnectionProfile, type ConventionEndpoint, type CopyBetweenOptions, type CountRetentionPolicy, type CreateApprovalGateOptions, type CreateAtomicDeployPlanOptions, type CreateInboxRouteOptions, type CreateOutboxRouteOptions, type CreateRemoteBrowserOptions, type CreateRemoteManifestOptions, type CreateSyncPlanOptions, type CreateWebhookAuditLogOptions, type CronExpression, type CronField, type CronScheduleTrigger, DEFAULT_FAILED_SUBDIR, DEFAULT_PROCESSED_SUBDIR, type DefaultRetryPolicyOptions, type DiffRemoteTreesOptions, type DispatchWebhookOptions, type DispatchWebhookResult, type DownloadFileOptions, type EnvSecretSource, type EvaluateRetentionOptions, type FileSecretSource, type FileZillaSite, type FriendlyTransferOptions, type FtpReplyErrorInput, type ImportFileZillaSitesResult, type ImportOpenSshConfigOptions, type ImportOpenSshConfigResult, type ImportWinScpSessionsResult, InMemoryAuditLog, type IntervalScheduleTrigger, type JsonlWriter, type KnownHostsEntry, type KnownHostsMarker, type ListOptions, type LocalProviderOptions, type LogLevel, type LogRecord, type LogRecordInput, type LoggerMethod, type MemoryProviderEntry, type MemoryProviderOptions, type MetadataCapability, type MftAuditEntry, type MftAuditEntryType, type MftAuditLog, type MftInboxConvention, type MftOutboxConvention, type MftRoute, type MftRouteEndpoint, type MftRouteFilter, type MftRouteOperation, type MftSchedule, type MftScheduleTrigger, MftScheduler, type MftSchedulerOptions, type MkdirOptions, type OAuthAccessToken, type OAuthRefreshCallback, type OAuthTokenSecretSourceOptions, type OpenSshConfigEntry, ParseError, PathAlreadyExistsError, PathNotFoundError, PermissionDeniedError, type PooledTransferClient, type ProgressEventInput, ProtocolError, type ProviderFactory, type ProviderId, ProviderRegistry, type ProviderSelection, type ProviderTransferEndpointRole, type ProviderTransferExecutorOptions, type ProviderTransferOperations, type ProviderTransferReadRequest, type ProviderTransferReadResult, type ProviderTransferRequest, type ProviderTransferSessionResolver, type ProviderTransferSessionResolverInput, type ProviderTransferWriteRequest, type ProviderTransferWriteResult, REDACTED, REMOTE_MANIFEST_FORMAT_VERSION, type RemoteBreadcrumb, type RemoteBrowser, type RemoteBrowserFilter, type RemoteBrowserSnapshot, type RemoteEntry, type RemoteEntrySortKey, type RemoteEntrySortOrder, type RemoteEntryType, type RemoteFileAdapter, type RemoteFileEndpoint, type RemoteFileSystem, type RemoteManifest, type RemoteManifestEntry, type RemotePermissions, type RemoteProtocol, type RemoteStat, type RemoteTreeDiff, type RemoteTreeDiffEntry, type RemoteTreeDiffReason, type RemoteTreeDiffStatus, type RemoteTreeDiffSummary, type RemoteTreeEntry, type RemoteTreeFilter, type RemoveOptions, type RenameOptions, type ResolveSecretOptions, type ResolvedConnectionProfile, type ResolvedOpenSshHost, type ResolvedSshProfile, type ResolvedTlsProfile, type RetentionEvaluation, type RetentionPolicy, type RmdirOptions, RouteRegistry, type RunConnectionDiagnosticsOptions, type RunRouteOptions, ScheduleRegistry, type ScheduleRouteRunner, type ScheduleTimerHooks, type SecretProvider, type SecretSource, type SecretValue, type SpecializedErrorDetails, type SshAgentSource, type SshAlgorithms, type SshKeyboardInteractiveChallenge, type SshKeyboardInteractiveHandler, type SshKeyboardInteractivePrompt, type SshKnownHostsSource, type SshProfile, type SshSocketFactory, type SshSocketFactoryContext, type StatOptions, type SyncConflictPolicy, type SyncDeletePolicy, type SyncDirection, type SyncEndpointInput, TimeoutError, type TlsProfile, type TlsSecretSource, type TransferAttempt, type TransferAttemptError, type TransferBandwidthLimit, type TransferByteRange, TransferClient, type TransferClientDefaults, type TransferClientOptions, type TransferDataChunk, type TransferDataSource, type TransferEndpoint, TransferEngine, type TransferEngineExecuteOptions, type TransferEngineOptions, TransferError, type TransferExecutionContext, type TransferExecutionResult, type TransferExecutor, type TransferJob, type TransferOperation, type TransferPlan, type TransferPlanAction, type TransferPlanInput, type TransferPlanStep, type TransferPlanSummary, type TransferProgressEvent, type TransferProvider, TransferQueue, type TransferQueueExecutorResolver, type TransferQueueItem, type TransferQueueItemStatus, type TransferQueueOptions, type TransferQueueRunOptions, type TransferQueueSummary, type TransferReceipt, type TransferResult, type TransferResultInput, type TransferRetryDecisionInput, type TransferRetryPolicy, type TransferSession, type TransferTimeoutPolicy, type TransferVerificationResult, UnsupportedFeatureError, type UploadFileOptions, type ValueSecretSource, VerificationError, type WalkRemoteTreeOptions, type WebhookRetryPolicy, type WebhookSignature, type WebhookTarget, type WinScpSession, ZeroTransfer, type ZeroTransferCapabilities, ZeroTransferError, type ZeroTransferErrorDetails, type ZeroTransferLogger, type ZeroTransferOptions, assertSafeFtpArgument, basenameRemotePath, buildRemoteBreadcrumbs, compareRemoteManifests, composeAuditLogs, copyBetween, createApprovalGate, createAtomicDeployPlan, createBandwidthThrottle, createDefaultRetryPolicy, createInboxRoute, createJsonlAuditLog, createLocalProviderFactory, createMemoryProviderFactory, createOAuthTokenSecretSource, createOutboxRoute, createPooledTransferClient, createProgressEvent, createProviderTransferExecutor, createRemoteBrowser, createRemoteManifest, createSyncPlan, createTransferClient, createTransferJobsFromPlan, createTransferPlan, createTransferResult, createWebhookAuditLog, diffRemoteTrees, dispatchWebhook, downloadFile, emitLog, errorFromFtpReply, evaluateRetention, filterRemoteEntries, freezeReceipt, importFileZillaSites, importOpenSshConfig, importWinScpSessions, inboxFailedPath, inboxProcessedPath, isClassicProviderId, isMainModule, isSensitiveKey, joinRemotePath, matchKnownHosts, matchKnownHostsEntry, nextCronFireAt, nextScheduleFireAt, noopLogger, normalizeRemotePath, parentRemotePath, parseCronExpression, parseKnownHosts, parseOpenSshConfig, parseRemoteManifest, redactCommand, redactConnectionProfile, redactErrorForLogging, redactObject, redactSecretSource, redactUrlForLogging, redactValue, resolveConnectionProfileSecrets, resolveOpenSshHost, resolveProviderId, resolveSecret, runConnectionDiagnostics, runRoute, serializeRemoteManifest, signWebhookPayload, sortRemoteEntries, summarizeClientDiagnostics, summarizeError, summarizeTransferPlan, throttleByteIterable, uploadFile, validateConnectionProfile, validateSchedule, walkRemoteTree };
|