autosnippet 3.0.0 → 3.0.2

package/lib/http/HttpServer.js

@@ -4,39 +4,40 @@
  * 集成监控、缓存和错误追踪
  */
 
-import { join } from 'path';
-import express from 'express';
+import { join } from 'node:path';
 import cors from 'cors';
+import express from 'express';
 import helmet from 'helmet';
+import { CapabilityProbe } from '../core/capability/CapabilityProbe.js';
+import { registerGatewayActions } from '../core/gateway/GatewayActionRegistry.js';
+import { initCacheAdapter } from '../infrastructure/cache/UnifiedCacheAdapter.js';
 import Logger from '../infrastructure/logging/Logger.js';
+import { initErrorTracker } from '../infrastructure/monitoring/ErrorTracker.js';
+import { initPerformanceMonitor } from '../infrastructure/monitoring/PerformanceMonitor.js';
+import { initRealtimeService } from '../infrastructure/realtime/RealtimeService.js';
+import { getServiceContainer } from '../injection/ServiceContainer.js';
+import apiSpec from './api-spec.js';
 import { errorHandler } from './middleware/errorHandler.js';
-import { requestLogger } from './middleware/requestLogger.js';
 import { gatewayMiddleware } from './middleware/gatewayMiddleware.js';
+import { requestLogger } from './middleware/requestLogger.js';
 import { roleResolverMiddleware } from './middleware/roleResolver.js';
-import { CapabilityProbe } from '../core/capability/CapabilityProbe.js';
+import aiRouter from './routes/ai.js';
+import authRouter from './routes/auth.js';
+import candidatesRouter from './routes/candidates.js';
+import commandsRouter from './routes/commands.js';
+import extractRouter from './routes/extract.js';
 import guardRuleRouter from './routes/guardRules.js';
-import searchRouter from './routes/search.js';
 import healthRouter from './routes/health.js';
+import knowledgeRouter from './routes/knowledge.js';
 import monitoringRouter from './routes/monitoring.js';
+import recipesRouter from './routes/recipes.js';
+import searchRouter from './routes/search.js';
+import skillsRouter from './routes/skills.js';
 import snippetRouter from './routes/snippets.js';
-import aiRouter from './routes/ai.js';
-import extractRouter from './routes/extract.js';
-import commandsRouter from './routes/commands.js';
 import spmRouter from './routes/spm.js';
+import modulesRouter from './routes/modules.js';
 import violationsRouter from './routes/violations.js';
-import authRouter from './routes/auth.js';
-import skillsRouter from './routes/skills.js';
-import candidatesRouter from './routes/candidates.js';
-import knowledgeRouter from './routes/knowledge.js';
-import recipesRouter from './routes/recipes.js';
 import wikiRouter from './routes/wiki.js';
-import apiSpec from './api-spec.js';
-import { initCacheAdapter } from '../infrastructure/cache/UnifiedCacheAdapter.js';
-import { initPerformanceMonitor } from '../infrastructure/monitoring/PerformanceMonitor.js';
-import { initErrorTracker } from '../infrastructure/monitoring/ErrorTracker.js';
-import { initRealtimeService } from '../infrastructure/realtime/RealtimeService.js';
-import { registerGatewayActions } from '../core/gateway/GatewayActionRegistry.js';
-import { getServiceContainer } from '../injection/ServiceContainer.js';
 
 export class HttpServer {
   constructor(config = {}) {
@@ -47,7 +48,7 @@ export class HttpServer {
       cacheMode: 'memory',
       ...config,
     };
-    
+
     this.logger = Logger.getInstance();
     this.app = express();
     this.server = null;
@@ -69,10 +70,10 @@ export class HttpServer {
 
     // 中间件
     this.setupMiddleware();
-    
+
     // 路由
     this.setupRoutes();
-    
+
     // 错误处理
     this.setupErrorHandling();
 
@@ -124,37 +125,48 @@ export class HttpServer {
     }
 
     // 安全头（放宽 CSP 以兼容 Vite 构建的 Dashboard SPA：script/style 需要内联和 crossorigin）
-    this.app.use(helmet({
-      contentSecurityPolicy: {
-        directives: {
-          defaultSrc: ["'self'"],
-          scriptSrc: ["'self'", "'unsafe-inline'"],
-          styleSrc: ["'self'", "'unsafe-inline'", "https:"],
-          imgSrc: ["'self'", "data:", "blob:"],
-          connectSrc: ["'self'", "ws:", "wss:"],
-          fontSrc: ["'self'", "https:", "data:"],
-          objectSrc: ["'none'"],
-          frameSrc: ["'none'"],
+    this.app.use(
+      helmet({
+        contentSecurityPolicy: {
+          directives: {
+            defaultSrc: ["'self'"],
+            scriptSrc: ["'self'", "'unsafe-inline'"],
+            styleSrc: ["'self'", "'unsafe-inline'", 'https:'],
+            imgSrc: ["'self'", 'data:', 'blob:'],
+            connectSrc: ["'self'", 'ws:', 'wss:'],
+            fontSrc: ["'self'", 'https:', 'data:'],
+            objectSrc: ["'none'"],
+            frameSrc: ["'none'"],
+          },
         },
-      },
-    }));
+      })
+    );
 
     // 请求日志
     this.app.use(requestLogger(this.logger));
 
     // 解析 JSON 请求体
     this.app.use(express.json({ limit: '10mb' }));
-    
+
     // 解析 URL 编码的请求体
     this.app.use(express.urlencoded({ limit: '10mb', extended: true }));
 
     // 跨域处理 (CORS)
-    this.app.use(cors({
-      origin: this.config.corsOrigin || '*',
-      methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
-      allowedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'X-User-Id'],
-      credentials: true,
-    }));
+    this.app.use(
+      cors({
+        origin: this.config.corsOrigin || '*',
+        methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
+        allowedHeaders: [
+          'Origin',
+          'X-Requested-With',
+          'Content-Type',
+          'Accept',
+          'Authorization',
+          'X-User-Id',
+        ],
+        credentials: true,
+      })
+    );
 
     // 角色解析中间件（双路径：token / 探针）
     try {
@@ -174,7 +186,12 @@ export class HttpServer {
 
     // 请求超时设置（AI 扫描类路由需要更长时间，SSE 流式路由需要更长时间）
     this.app.use((req, res, next) => {
-      const isLongRunning = req.path.includes('/spm/scan') || req.path.includes('/spm/bootstrap') || req.path.includes('/extract/');
+      const isLongRunning =
+        req.path.includes('/spm/scan') ||
+        req.path.includes('/spm/bootstrap') ||
+        req.path.includes('/modules/scan') ||
+        req.path.includes('/modules/bootstrap') ||
+        req.path.includes('/extract/');
       const isStreaming = req.path.includes('/stream') || req.path.includes('/events/');
       req.setTimeout(isLongRunning ? 600000 : isStreaming ? 300000 : 60000); // AI 扫描 10分钟, SSE/EventSource 5分钟, 其他 60秒
       next();
@@ -219,7 +236,10 @@ export class HttpServer {
     this.app.get(`${apiPrefix}/auth/probe`, (req, res) => {
       const role = req.resolvedRole || 'visitor';
       const user = req.resolvedUser || 'anonymous';
-      const mode = (process.env.VITE_AUTH_ENABLED === 'true' || process.env.ASD_AUTH_ENABLED === 'true') ? 'token' : 'probe';
+      const mode =
+        process.env.VITE_AUTH_ENABLED === 'true' || process.env.ASD_AUTH_ENABLED === 'true'
+          ? 'token'
+          : 'probe';
       const probeCache = this.capabilityProbe ? this.capabilityProbe.getCacheStatus() : null;
       res.json({
         success: true,
@@ -256,9 +276,12 @@ export class HttpServer {
     // Candidates 路由（AI 补齐/润色）
     this.app.use(`${apiPrefix}/candidates`, candidatesRouter);
 
-    // SPM 路由
+    // SPM 路由（向后兼容保留）
     this.app.use(`${apiPrefix}/spm`, spmRouter);
 
+    // Modules 路由（v3.2 统一多语言模块扫描）
+    this.app.use(`${apiPrefix}/modules`, modulesRouter);
+
     // 违规记录路由
     this.app.use(`${apiPrefix}/violations`, violationsRouter);
 
@@ -417,7 +440,9 @@ export class HttpServer {
       const layer = layers[i];
       if (layer.route) {
         removedLayers.unshift(layers.splice(i, 1)[0]);
-        if (removedLayers.length >= 2) break;
+        if (removedLayers.length >= 2) {
+          break;
+        }
       }
     }
 

package/lib/http/middleware/RateLimiter.js

@@ -12,10 +12,12 @@ const PRUNE_INTERVAL = 300_000; // 5 分钟清理一次过期 bucket
  */
 function _pruneIfNeeded(windowMs) {
   const now = Date.now();
-  if (now - _lastPrune < PRUNE_INTERVAL) return;
+  if (now - _lastPrune < PRUNE_INTERVAL) {
+    return;
+  }
   _lastPrune = now;
   for (const [key, bucket] of _buckets) {
-    bucket.timestamps = bucket.timestamps.filter(t => now - t < windowMs);
+    bucket.timestamps = bucket.timestamps.filter((t) => now - t < windowMs);
     if (bucket.timestamps.length === 0) {
       _buckets.delete(key);
     }
@@ -45,7 +47,7 @@ export function checkRecipeSave(projectRoot, clientId, opts = {}) {
   }
 
   // 清除过期记录
-  bucket.timestamps = bucket.timestamps.filter(t => now - t < windowMs);
+  bucket.timestamps = bucket.timestamps.filter((t) => now - t < windowMs);
 
   if (bucket.timestamps.length >= maxRequests) {
     const oldest = bucket.timestamps[0];

package/lib/http/middleware/errorHandler.js

@@ -2,7 +2,12 @@
  * 错误处理中间件
  */
 
-import { ValidationError, ConflictError, NotFoundError, PermissionDenied } from '../../shared/errors/index.js';
+import {
+  ConflictError,
+  NotFoundError,
+  PermissionDenied,
+  ValidationError,
+} from '../../shared/errors/index.js';
 
 export function errorHandler(logger) {
   return (error, req, res, next) => {

package/lib/http/middleware/requestLogger.js

@@ -15,7 +15,13 @@
  */
 
 // 轮询/心跳路径 — 完全静默
-const SILENT_PATHS = ['/api/v1/health', '/api/health', '/api/realtime/events', '/api/sse', '/socket.io'];
+const SILENT_PATHS = [
+  '/api/v1/health',
+  '/api/health',
+  '/api/realtime/events',
+  '/api/sse',
+  '/socket.io',
+];
 
 /**
  * 从 originalUrl 中提取 pathname（去除 query string）
@@ -35,7 +41,9 @@ export function requestLogger(logger) {
       const duration = Date.now() - startTime;
 
       // 完全静默的路径
-      if (SILENT_PATHS.some(p => originalPath.startsWith(p))) return;
+      if (SILENT_PATHS.some((p) => originalPath.startsWith(p))) {
+        return;
+      }
 
       const logData = {
         method: req.method,
@@ -45,7 +53,10 @@ export function requestLogger(logger) {
       };
 
       // 非 GET / 非 2xx / 慢请求 → info; GET + 2xx/304 → debug（304 是缓存命中，与 200 同级）
-      const isNoisy = req.method === 'GET' && (res.statusCode >= 200 && res.statusCode < 300 || res.statusCode === 304) && duration < 2000;
+      const isNoisy =
+        req.method === 'GET' &&
+        ((res.statusCode >= 200 && res.statusCode < 300) || res.statusCode === 304) &&
+        duration < 2000;
       const isSlow = duration >= 1000;
       if (isSlow) {
         logger.warn(`🐌慢请求： ${req.method} ${originalPath} - ${duration}ms`, logData);

package/lib/http/middleware/roleResolver.js

@@ -13,7 +13,8 @@ import Logger from '../../infrastructure/logging/Logger.js';
 
 const logger = Logger.getInstance();
 
-const AUTH_ENABLED = process.env.VITE_AUTH_ENABLED === 'true' || process.env.ASD_AUTH_ENABLED === 'true';
+const AUTH_ENABLED =
+  process.env.VITE_AUTH_ENABLED === 'true' || process.env.ASD_AUTH_ENABLED === 'true';
 
 /**
  * 验证 token 并提取 payload
@@ -47,7 +48,11 @@ export function roleResolverMiddleware(options = {}) {
 
   return (req, _res, next) => {
     // 已有 x-user-id header（MCP / 内部调用）→ 直接信任
-    if (req.headers['x-user-id'] && req.headers['x-user-id'] !== 'anonymous' && req.headers['x-user-id'] !== 'dashboard') {
+    if (
+      req.headers['x-user-id'] &&
+      req.headers['x-user-id'] !== 'anonymous' &&
+      req.headers['x-user-id'] !== 'dashboard'
+    ) {
       req.resolvedRole = req.headers['x-user-id'];
       next();
       return;
@@ -58,31 +63,33 @@ export function roleResolverMiddleware(options = {}) {
       const authHeader = req.headers.authorization || '';
       const token = authHeader.startsWith('Bearer ') ? authHeader.slice(7) : '';
 
-      verifyTokenPromise.then(verifyToken => {
-        const payload = verifyToken(token);
+      verifyTokenPromise
+        .then((verifyToken) => {
+          const payload = verifyToken(token);
 
-        if (payload && payload.role) {
-          req.resolvedRole = payload.role;
-          req.resolvedUser = payload.sub;
-          logger.debug('roleResolver: token-based', { role: payload.role, user: payload.sub });
-        } else {
-          // Token 无效/缺失 → visitor（只读）
+          if (payload?.role) {
+            req.resolvedRole = payload.role;
+            req.resolvedUser = payload.sub;
+            logger.debug('roleResolver: token-based', { role: payload.role, user: payload.sub });
+          } else {
+            // Token 无效/缺失 → visitor（只读）
+            req.resolvedRole = 'visitor';
+            req.resolvedUser = 'anonymous';
+          }
+
+          logger.debug('roleResolver: resolved', {
+            mode: 'token',
+            role: req.resolvedRole,
+            user: req.resolvedUser,
+          });
+
+          next();
+        })
+        .catch(() => {
           req.resolvedRole = 'visitor';
           req.resolvedUser = 'anonymous';
-        }
-
-        logger.debug('roleResolver: resolved', {
-          mode: 'token',
-          role: req.resolvedRole,
-          user: req.resolvedUser,
+          next();
         });
-
-        next();
-      }).catch(() => {
-        req.resolvedRole = 'visitor';
-        req.resolvedUser = 'anonymous';
-        next();
-      });
     } else {
       // ── Path B: Probe-based ────────────────────
       if (capabilityProbe) {