@zintrust/workers 0.1.28 → 0.1.30

package/src/http/middleware/ProcessorPathSanitizer.ts

@@ -1,8 +1,28 @@
-import { Logger, NodeSingletons, type IRequest, type IResponse } from '@zintrust/core';
+import {
+  Logger,
+  NodeSingletons,
+  workersConfig,
+  type IRequest,
+  type IResponse,
+} from '@zintrust/core';
 
 export type RouteHandler = (req: IRequest, res: IResponse) => Promise<void> | void;
 
-const PROCESSOR_PATH_PATTERN = /^[a-zA-Z0-9/_.-]+\.(ts|js)$/;
+const PROCESSOR_PATH_PATTERN = /^[a-zA-Z0-9/_.-]+\.(ts|js|mjs|cjs)$/;
+
+const isUrlSpec = (value: string): boolean => {
+  if (value.startsWith('url:')) return true;
+  return value.includes('://');
+};
+
+const normalizeUrlSpec = (value: string): string => {
+  return value.startsWith('url:') ? value.slice(4) : value;
+};
+
+const isAllowedRemoteHost = (host: string): boolean => {
+  const allowlist = workersConfig.processorSpec.remoteAllowlist;
+  return allowlist.map((value) => value.toLowerCase()).includes(host.toLowerCase());
+};
 
 const decodeProcessorPath = (processor: string): string => {
   return processor
@@ -16,6 +36,84 @@ const decodeProcessorPath = (processor: string): string => {
     .replaceAll('%2D', '-'); // URL encoding for -
 };
 
+const validateUrlSpec = (
+  processor: string
+): { isValid: boolean; error?: { error: string; code: string } } => {
+  const normalized = normalizeUrlSpec(processor);
+  let parsed: URL;
+
+  try {
+    parsed = new URL(normalized);
+  } catch {
+    return {
+      isValid: false,
+      error: { error: 'Invalid processor url', code: 'INVALID_PROCESSOR_URL' },
+    };
+  }
+
+  if (parsed.protocol === 'file:') {
+    const path = NodeSingletons.path;
+    const baseDir = path.resolve(process.cwd());
+    const resolved = path.resolve(baseDir, decodeURIComponent(parsed.pathname));
+
+    if (!resolved.startsWith(baseDir)) {
+      return {
+        isValid: false,
+        error: { error: 'Invalid processor path', code: 'INVALID_PROCESSOR_PATH_TRAVERSAL' },
+      };
+    }
+  } else {
+    if (parsed.protocol !== 'https:') {
+      return {
+        isValid: false,
+        error: { error: 'Invalid processor url', code: 'INVALID_PROCESSOR_URL' },
+      };
+    }
+
+    if (!isAllowedRemoteHost(parsed.host)) {
+      return {
+        isValid: false,
+        error: { error: 'Invalid processor url host', code: 'INVALID_PROCESSOR_URL_HOST' },
+      };
+    }
+  }
+
+  return { isValid: true };
+};
+
+const validateRelativePath = (
+  processor: string
+): { isValid: boolean; error?: { error: string; code: string } } => {
+  if (processor.includes('..') || processor.startsWith('/')) {
+    return {
+      isValid: false,
+      error: { error: 'Invalid processor path', code: 'INVALID_PROCESSOR_PATH' },
+    };
+  }
+
+  if (!PROCESSOR_PATH_PATTERN.test(processor)) {
+    return {
+      isValid: false,
+      error: { error: 'Invalid processor path', code: 'INVALID_PROCESSOR_EXTENSION' },
+    };
+  }
+
+  return { isValid: true };
+};
+
+const sanitizeAndResolvePath = (processor: string): { isValid: boolean; sanitized: string } => {
+  const sanitizedProcessor = processor.replaceAll(/[^a-zA-Z0-9/_.-]/g, '');
+  const path = NodeSingletons.path;
+  const baseDir = path.resolve(process.cwd());
+  const resolved = path.resolve(baseDir, sanitizedProcessor);
+
+  if (!resolved.startsWith(baseDir)) {
+    return { isValid: false, sanitized: processor };
+  }
+
+  return { isValid: true, sanitized: sanitizedProcessor };
+};
+
 export const withProcessorPathValidation = (handler: RouteHandler): RouteHandler => {
   return async (req: IRequest, res: IResponse): Promise<void> => {
     try {
@@ -24,8 +122,8 @@ export const withProcessorPathValidation = (handler: RouteHandler): RouteHandler
 
       if (!processor) {
         return res.setStatus(400).json({
-          error: 'Processor path is required',
-          code: 'MISSING_PROCESSOR_PATH',
+          error: 'Processor spec is required',
+          code: 'MISSING_PROCESSOR_SPEC',
         });
       }
 
@@ -35,44 +133,33 @@ export const withProcessorPathValidation = (handler: RouteHandler): RouteHandler
       // Trim whitespace
       processor = processor.trim();
 
-      // Prevent path traversal
-      if (processor.includes('..') || processor.startsWith('/')) {
-        return res.setStatus(400).json({
-          error: 'Invalid processor path',
-          message: 'Processor path must be relative and cannot contain path traversal',
-          code: 'INVALID_PROCESSOR_PATH',
-        });
-      }
+      const isUrl = isUrlSpec(processor);
+      let validation: { isValid: boolean; error?: { error: string; code: string } };
 
-      if (!PROCESSOR_PATH_PATTERN.test(processor)) {
-        Logger.error('Processor path validation failed', {
-          processor,
-          pattern: PROCESSOR_PATH_PATTERN.toString(),
-          testResult: PROCESSOR_PATH_PATTERN.test(processor),
-        });
-        return res.setStatus(400).json({
-          error: 'Invalid processor path',
-          message: `Processor must be a TypeScript or JavaScript file. Got: "${processor}"`,
-          code: 'INVALID_PROCESSOR_EXTENSION',
-        });
+      if (isUrl) {
+        validation = validateUrlSpec(processor);
+      } else {
+        validation = validateRelativePath(processor);
+
+        if (validation.isValid) {
+          const pathValidation = sanitizeAndResolvePath(processor);
+          if (pathValidation.isValid) {
+            processor = pathValidation.sanitized;
+          } else {
+            validation = {
+              isValid: false,
+              error: { error: 'Invalid processor path', code: 'INVALID_PROCESSOR_PATH_TRAVERSAL' },
+            };
+          }
+        }
       }
 
-      // Sanitize the processor path (remove any invalid characters just in case)
-      const sanitizedProcessor = processor.replaceAll(/[^a-zA-Z0-9/_.-]/g, '');
-      const path = NodeSingletons.path;
-      // Ensure resolved path stays within repository/app scope
-      const BASE_PROCESSOR_DIR = path.resolve(process.cwd());
-      const resolved = path.resolve(BASE_PROCESSOR_DIR, sanitizedProcessor);
-      if (!resolved.startsWith(BASE_PROCESSOR_DIR)) {
-        return res.setStatus(400).json({
-          error: 'Invalid processor path',
-          message: 'Processor path resolves outside of allowed base directory',
-          code: 'INVALID_PROCESSOR_PATH_TRAVERSAL',
-        });
+      if (!validation.isValid) {
+        return res.setStatus(400).json(validation.error);
       }
 
       const currentBody = req.getBody() as Record<string, unknown>;
-      req.setBody({ ...currentBody, processor: sanitizedProcessor });
+      req.setBody({ ...currentBody, processor });
 
       return handler(req, res);
     } catch (error) {

package/src/http/middleware/WorkerValidationChain.ts

@@ -28,6 +28,7 @@ export const withCreateWorkerValidation = (handler: RouteHandler): RouteHandler
       'infrastructure',
       'features',
       'datacenter',
+      'activeStatus',
     ],
     withProcessorPathValidation(
       withWorkerNameValidation(

package/src/index.ts

@@ -39,9 +39,14 @@ export { WorkerVersioning } from './WorkerVersioning';
 
 // Factory & Lifecycle
 export { WorkerFactory } from './WorkerFactory';
-export type { WorkerPersistenceConfig } from './WorkerFactory';
+export type {
+  ProcessorResolver,
+  WorkerFactoryConfig,
+  WorkerPersistenceConfig,
+} from './WorkerFactory';
 export { WorkerInit } from './WorkerInit';
 export { WorkerShutdown } from './WorkerShutdown';
+export { ZinTrustWorkerShutdownDurableObject } from './WorkerShutdownDurableObject';
 
 // HTTP Controllers & Routes
 export { WorkerController } from './http/WorkerController';

package/src/routes/workers.ts

@@ -3,11 +3,10 @@
  * HTTP API for managing workers with dashboard functionality
  */
 
-import type { IRouter } from '@zintrust/core';
+import type { IRequest, IResponse, IRouter } from '@zintrust/core';
 import { Logger, Router } from '@zintrust/core';
 import { type WorkersDashboardUiOptions } from '../dashboard';
-import { WorkerApiController } from '../http/WorkerApiController';
-import { WorkerController } from '../http/WorkerController';
+import { HealthMonitor } from '../HealthMonitor';
 import { ValidationSchemas, withCustomValidation } from '../http/middleware/CustomValidation';
 import { withEditWorkerValidation } from '../http/middleware/EditWorkerValidation';
 import { withDriverValidation } from '../http/middleware/ValidateDriver';
@@ -15,8 +14,12 @@ import {
   withCreateWorkerValidation,
   withWorkerOperationValidation,
 } from '../http/middleware/WorkerValidationChain';
+import { WorkerApiController } from '../http/WorkerApiController';
+import { WorkerController } from '../http/WorkerController';
+import { ResourceMonitor } from '../ResourceMonitor';
+import { TelemetryDashboard } from '../telemetry';
 import { registerStaticAssets } from '../ui/router/ui';
-
+import { WorkerFactory } from '../WorkerFactory';
 type WorkerUiOptions = WorkersDashboardUiOptions;
 type RouteOptions = { middleware?: ReadonlyArray<string> } | undefined;
 
@@ -28,7 +31,7 @@ function registerCoreWorkerRoutes(r: IRouter): void {
   Router.post(r, '/create', withCreateWorkerValidation(controller.create));
   Router.put(r, '/:name', withCreateWorkerValidation(controller.update));
 
-  // Worker editing with custom validation that handles processorPath mapping
+  // Worker editing with custom validation that handles mapping
   Router.put(r, '/:name/edit', withEditWorkerValidation(controller.update));
   Router.post(
     r,
@@ -96,6 +99,9 @@ function registerWorkerQueryRoutes(r: IRouter): void {
 }
 
 function registerMonitoringRoutes(r: IRouter): void {
+  // SSE events stream for monitoring + workers snapshot
+  Router.get(r, '/events', controller.eventsStream);
+
   // Health monitoring
   Router.post(r, '/:name/monitoring/start', controller.startMonitoring);
   Router.post(r, '/:name/monitoring/stop', controller.stopMonitoring);
@@ -105,9 +111,6 @@ function registerMonitoringRoutes(r: IRouter): void {
 
   // SLA monitoring
   Router.get(r, '/:name/sla/status', controller.getSlaStatus);
-
-  // SSE events stream for monitoring + workers snapshot
-  Router.get(r, '/events', controller.eventsStream);
 }
 
 function registerVersioningRoutes(r: IRouter): void {
@@ -131,9 +134,9 @@ function registerWorkerLifecycleRoutes(router: IRouter, middleware?: ReadonlyArr
     (r: IRouter) => {
       Logger.info('Registering Worker Management Routes');
 
+      registerMonitoringRoutes(r); // ← Move FIRST - has /events
       registerCoreWorkerRoutes(r);
       registerWorkerQueryRoutes(r);
-      registerMonitoringRoutes(r);
       registerVersioningRoutes(r);
       registerUtilityRoutes(r);
     },
@@ -141,6 +144,52 @@ function registerWorkerLifecycleRoutes(router: IRouter, middleware?: ReadonlyArr
   );
 }
 
+function registerWorkerTelemetryRoutes(router: IRouter, middleware?: ReadonlyArray<string>): void {
+  const options = middleware ? { middleware } : undefined;
+
+  Router.group(
+    router,
+    '/api',
+    (r: IRouter) => {
+      Router.get(r, '/workers/system/summary', async (_req: IRequest, res: IResponse) => {
+        const workers = WorkerFactory.list();
+        const monitoringSummary = await HealthMonitor.getSummary();
+        const resourceUsage = ResourceMonitor.getCurrentUsage('system');
+
+        res.json({
+          ok: true,
+          summary: {
+            workers: workers.length,
+            monitoring: monitoringSummary,
+            resources: resourceUsage,
+          },
+        });
+      });
+
+      Router.get(
+        r,
+        '/workers/system/monitoring/summary',
+        async (_req: IRequest, res: IResponse) => {
+          const summary = await HealthMonitor.getSummary();
+          res.json({ ok: true, summary });
+        }
+      );
+
+      Router.get(r, '/resources/current', async (_req: IRequest, res: IResponse) => {
+        const usage = ResourceMonitor.getCurrentUsage('system');
+        res.json({ ok: true, usage });
+      });
+
+      Router.get(r, '/resources/trends', async (req: IRequest, res: IResponse) => {
+        const period = (req.getParam('period') ?? 'day') as 'hour' | 'day' | 'week';
+        const trends = ResourceMonitor.getAllTrends('system', period);
+        res.json({ ok: true, trends });
+      });
+    },
+    options
+  );
+}
+
 export function registerWorkerRoutes(
   router: IRouter,
   _options?: WorkerUiOptions,
@@ -148,7 +197,15 @@ export function registerWorkerRoutes(
 ): void {
   registerStaticAssets(router, routeOptions?.middleware ?? []);
   registerWorkerLifecycleRoutes(router, routeOptions?.middleware);
+  registerWorkerTelemetryRoutes(router, routeOptions?.middleware);
+
+  // Register Telemetry Dashboard
+  const dashboard = TelemetryDashboard.create({
+    basePath: '/telemetry',
+  });
+  dashboard.registerRoutes(router);
   Logger.info('Worker routes registered at http://127.0.0.1:7777/workers');
+  Logger.info('Telemetry dashboard registered at http://127.0.0.1:7777/telemetry');
 }
 
 export default registerWorkerRoutes;

package/src/storage/WorkerStore.ts

@@ -14,7 +14,8 @@ export type WorkerRecord = {
   autoStart: boolean;
   concurrency: number;
   region: string | null;
-  processorPath?: string | null;
+  processorSpec?: string | null;
+  activeStatus?: boolean;
   features?: Record<string, unknown> | null;
   infrastructure?: Record<string, unknown> | null;
   datacenter?: Record<string, unknown> | null;
@@ -27,10 +28,16 @@ export type WorkerRecord = {
 
 export type WorkerStore = {
   init(): Promise<void>;
-  list(options?: { offset?: number; limit?: number; search?: string }): Promise<WorkerRecord[]>;
+  list(options?: {
+    offset?: number;
+    limit?: number;
+    search?: string;
+    includeInactive?: boolean;
+  }): Promise<WorkerRecord[]>;
   get(name: string): Promise<WorkerRecord | null>;
   save(record: WorkerRecord): Promise<void>;
   update(name: string, patch: Partial<WorkerRecord>): Promise<void>;
+  updateMany?: (names: string[], patch: Partial<WorkerRecord>) => Promise<void>;
   remove(name: string): Promise<void>;
 };
 
@@ -42,6 +49,12 @@ const mergeRecord = (current: WorkerRecord, patch: Partial<WorkerRecord>): Worke
   updatedAt: patch.updatedAt ?? now(),
 });
 
+const toSqlDateTime = (value: Date | undefined | null): string | null => {
+  if (!value) return null;
+  // Use UTC and drop timezone for SQL DATETIME compatibility
+  return value.toISOString().slice(0, 19).replace('T', ' ');
+};
+
 const serializeDbWorker = (record: WorkerRecord): Record<string, unknown> => ({
   name: record.name,
   queue_name: record.queueName,
@@ -50,13 +63,14 @@ const serializeDbWorker = (record: WorkerRecord): Record<string, unknown> => ({
   auto_start: record.autoStart,
   concurrency: record.concurrency,
   region: record.region,
-  processor_path: record.processorPath ?? null,
+  processor_spec: record.processorSpec ?? null,
+  active_status: record.activeStatus ?? true,
   features: record.features ? JSON.stringify(record.features) : null,
   infrastructure: record.infrastructure ? JSON.stringify(record.infrastructure) : null,
   datacenter: record.datacenter ? JSON.stringify(record.datacenter) : null,
-  created_at: record.createdAt,
-  updated_at: record.updatedAt,
-  last_health_check: record.lastHealthCheck ?? null,
+  created_at: toSqlDateTime(record.createdAt),
+  updated_at: toSqlDateTime(record.updatedAt),
+  last_health_check: toSqlDateTime(record.lastHealthCheck ?? null),
   last_error: record.lastError ?? null,
   connection_state: record.connectionState ?? null,
 });
@@ -88,7 +102,8 @@ const deserializeDbWorker = (row: Record<string, unknown>): WorkerRecord => {
     autoStart: Boolean(row['auto_start'] ?? false),
     concurrency: Number(row['concurrency'] ?? 0),
     region: row['region'] ? String(row['region']) : null,
-    processorPath: row['processor_path'] ? String(row['processor_path']) : null,
+    processorSpec: String(row['processor_spec']),
+    activeStatus: row['active_status'] === undefined ? true : Boolean(row['active_status']),
     features: parseJson(row['features']),
     infrastructure: parseJson(row['infrastructure']),
     datacenter: parseJson(row['datacenter']),
@@ -132,6 +147,13 @@ export const InMemoryWorkerStore = Object.freeze({
         if (!current) return;
         store.set(name, mergeRecord(current, patch));
       },
+      async updateMany(names: string[], patch: Partial<WorkerRecord>): Promise<void> {
+        for (const name of names) {
+          const current = store.get(name);
+          if (!current) continue;
+          store.set(name, mergeRecord(current, patch));
+        }
+      },
       async remove(name: string): Promise<void> {
         store.delete(name);
       },
@@ -168,7 +190,7 @@ export const RedisWorkerStore = Object.freeze({
       },
       async list(options?: { offset?: number; limit?: number }): Promise<WorkerRecord[]> {
         const all = await client.hgetall(key);
-        let values = Object.values(all).map(deserialize);
+        let values = Object.values(all).map((element) => deserialize(element));
         values.sort((a, b) => a.name.localeCompare(b.name));
         if (options) {
           const start = options.offset || 0;
@@ -189,6 +211,19 @@ export const RedisWorkerStore = Object.freeze({
         if (!current) return;
         await client.hset(key, name, serialize(mergeRecord(current, patch)));
       },
+      async updateMany(names: string[], patch: Partial<WorkerRecord>): Promise<void> {
+        if (names.length === 0) return;
+        const entries = await client.hmget(key, ...names);
+        const updates: Array<string> = [];
+        entries.forEach((raw, index) => {
+          if (!raw) return;
+          const current = deserialize(raw);
+          const updated = mergeRecord(current, patch);
+          updates.push(names[index] as string, serialize(updated));
+        });
+        if (updates.length === 0) return;
+        await client.hset(key, ...updates);
+      },
       async remove(name: string): Promise<void> {
         await client.hdel(key, name);
       },
@@ -207,7 +242,7 @@ export const DbWorkerStore = Object.freeze({
         if (options?.limit) query.limit(options.limit);
         if (options?.offset) query.offset(options.offset);
         const rows = await query.get<Record<string, unknown>>();
-        return rows.map(deserializeDbWorker);
+        return rows.map((element) => deserializeDbWorker(element));
       },
       async get(name: string): Promise<WorkerRecord | null> {
         const row = await db.table(table).where('name', '=', name).first<Record<string, unknown>>();
@@ -232,6 +267,21 @@ export const DbWorkerStore = Object.freeze({
         const updated = mergeRecord(current, patch);
         await db.table(table).where('name', '=', name).update(serializeDbWorker(updated));
       },
+      async updateMany(names: string[], patch: Partial<WorkerRecord>): Promise<void> {
+        if (names.length === 0) return;
+        const update: Record<string, unknown> = {
+          updated_at: toSqlDateTime(patch.updatedAt ?? now()),
+        };
+
+        if (patch.status !== undefined) update['status'] = patch.status;
+        if (patch.lastError !== undefined) update['last_error'] = patch.lastError ?? null;
+        if (patch.lastHealthCheck !== undefined)
+          update['last_health_check'] = toSqlDateTime(patch.lastHealthCheck ?? null);
+        if (patch.connectionState !== undefined)
+          update['connection_state'] = patch.connectionState ?? null;
+
+        await db.table(table).whereIn('name', names).update(update);
+      },
       async remove(name: string): Promise<void> {
         await db.table(table).where('name', '=', name).delete();
       },