mastercontroller 1.3.35 → 1.3.37

package/MasterControl.js

@@ -902,7 +902,7 @@ class MasterControl {
                 return; // Terminal - don't call next()
             }
 
-            await next(); // Not static, continue pipeline
+            if (typeof next === 'function') await next(); // Not static, continue pipeline
         });
 
         // 2. Timeout Tracking (optional - disabled by default until init)
@@ -924,7 +924,7 @@ class MasterControl {
                 ctx.params.formData = params.formData;
             }
 
-            await next();
+            if (typeof next === 'function') await next();
         });
 
         // 4. Load Scoped Services (per request - always needed)
@@ -938,7 +938,7 @@ class MasterControl {
                 const className = $that._scopedList[key];
                 $that.requestList[key] = new className();
             }
-            await next();
+            if (typeof next === 'function') await next();
         });
 
         // 4. HSTS Header (if enabled for HTTPS)
@@ -954,7 +954,7 @@ class MasterControl {
                 }
                 ctx.response.setHeader('Strict-Transport-Security', hstsValue);
             }
-            await next();
+            if (typeof next === 'function') await next();
         });
 
         // 5. Routing and Error Handler are registered in start() so that user

package/MasterCors.js

@@ -243,7 +243,7 @@ class MasterCors{
 
 			// Regular request - apply CORS headers
 			$that.load({ request: ctx.request, response: ctx.response });
-			await next();
+			if (typeof next === 'function') await next();
 		};
 	}
 }

package/MasterPipeline.js

@@ -116,12 +116,12 @@ class MasterPipeline {
                 // Execute branch pipeline
                 await branch.execute(ctx);
                 // Stop if response already sent (e.g., auth rejection)
-                if (!ctx.response.headersSent && !ctx.response.writableEnded) {
+                if (!ctx.response.headersSent && !ctx.response.writableEnded && typeof next === 'function') {
                     await next();
                 }
             } else {
                 // Skip branch, continue main pipeline
-                await next();
+                if (typeof next === 'function') await next();
             }
         };
 

package/MasterTimeout.js

@@ -483,7 +483,7 @@ class MasterTimeout {
 
         return async (ctx, next) => {
             if (!$that.enabled) {
-                await next();
+                if (typeof next === 'function') await next();
                 return;
             }
 
@@ -493,7 +493,7 @@ class MasterTimeout {
                 requestId = $that.startTracking(ctx);
                 ctx.requestId = requestId;
 
-                await next();
+                if (typeof next === 'function') await next();
             } catch (err) {
                 // Stop tracking on error (with error handling)
                 if (requestId) {

package/error/MasterErrorLogger.js

@@ -32,12 +32,14 @@ class MasterErrorLogger {
       file: options.file || null,
       sampleRate: options.sampleRate || 1.0, // Log 100% by default
       maxFileSize: options.maxFileSize || 10 * 1024 * 1024, // 10MB
+      dedupeWindowMs: options.dedupeWindowMs || 5000, // Suppress duplicate errors within 5s
       ...options
     };
 
     this.backends = [];
     this.errorCount = 0;
     this.sessionId = this._generateSessionId();
+    this._recentErrors = new Map(); // code -> { count, firstSeen, lastSeen }
 
     // Setup default backends
     if (this.options.console) {
@@ -76,18 +78,47 @@ class MasterErrorLogger {
       return;
     }
 
+    // Deduplicate repeated errors within the window
+    const code = data.code || 'UNKNOWN';
+    if (level >= LOG_LEVELS.ERROR) {
+      const now = Date.now();
+      const recent = this._recentErrors.get(code);
+      if (recent && (now - recent.firstSeen) < this.options.dedupeWindowMs) {
+        recent.count++;
+        recent.lastSeen = now;
+        return; // Suppress duplicate
+      }
+      // Flush summary of previous burst if there was one
+      if (recent && recent.count > 1) {
+        const summary = this._formatLogEntry({
+          code: code,
+          message: `Suppressed ${recent.count - 1} duplicate entries of ${code} (${recent.lastSeen - recent.firstSeen}ms window)`,
+          level: LOG_LEVELS.WARN
+        }, LOG_LEVELS.WARN);
+        this._dispatch(summary);
+      }
+      this._recentErrors.set(code, { count: 1, firstSeen: now, lastSeen: now });
+    }
+
     const entry = this._formatLogEntry(data, level);
+    this._dispatch(entry);
+    this.errorCount++;
+  }
 
-    // Send to all backends
+  /**
+   * Dispatch entry to all backends
+   */
+  _dispatch(entry) {
     this.backends.forEach(backend => {
       try {
         backend(entry);
       } catch (error) {
-        console.error('[MasterErrorLogger] Backend failed:', error.message);
+        // Avoid console methods that can trigger EPIPE recursion
+        if (error.code !== 'EPIPE' && error.code !== 'ERR_STREAM_DESTROYED') {
+          try { process.stderr.write(`[MasterErrorLogger] Backend failed: ${error.message}\n`); } catch (_) {}
+        }
       }
     });
-
-    this.errorCount++;
   }
 
   /**
@@ -117,28 +148,39 @@ class MasterErrorLogger {
    * Format log entry with metadata
    */
   _formatLogEntry(data, level) {
-    return {
+    const entry = {
       timestamp: new Date().toISOString(),
       sessionId: this.sessionId,
       level: LOG_LEVEL_NAMES[level],
       code: data.code || 'UNKNOWN',
-      message: data.message || 'No message provided',
-      component: data.component || null,
-      file: data.file || null,
-      line: data.line || null,
-      route: data.route || null,
-      context: data.context || {},
-      stack: data.stack || null,
-      originalError: data.originalError ? {
-        message: data.originalError.message,
-        stack: data.originalError.stack
-      } : null,
-      environment: process.env.NODE_ENV || 'development',
-      nodeVersion: process.version,
-      platform: process.platform,
-      memory: process.memoryUsage(),
-      uptime: process.uptime()
+      message: data.message || 'No message provided'
     };
+
+    // Only include optional fields when they have values
+    if (data.component) entry.component = data.component;
+    if (data.file) entry.file = data.file;
+    if (data.line) entry.line = data.line;
+    if (data.route) entry.route = data.route;
+    if (data.context && Object.keys(data.context).length > 0) entry.context = data.context;
+
+    // Include stack once — prefer originalError.stack to avoid duplication
+    if (data.originalError) {
+      entry.stack = data.originalError.stack || data.stack || null;
+    } else if (data.stack) {
+      entry.stack = data.stack;
+    }
+
+    entry.environment = process.env.NODE_ENV || 'development';
+
+    // Only include memory/system info on ERROR and FATAL
+    if (level >= LOG_LEVELS.ERROR) {
+      entry.memory = process.memoryUsage();
+      entry.nodeVersion = process.version;
+      entry.platform = process.platform;
+      entry.uptime = process.uptime();
+    }
+
+    return entry;
   }
 
   /**
@@ -156,24 +198,26 @@ class MasterErrorLogger {
     const color = levelColors[entry.level] || '';
     const reset = '\x1b[0m';
 
-    const logFn = entry.level === 'DEBUG' || entry.level === 'INFO' ? console.log :
-                  entry.level === 'WARN' ? console.warn : console.error;
+    // Use process.stdout/stderr.write directly to avoid EPIPE recursion
+    // through console.log -> broken pipe -> uncaughtException -> logger -> console.log
+    const stream = (entry.level === 'DEBUG' || entry.level === 'INFO') ? process.stdout : process.stderr;
 
-    logFn(
-      `${color}[${entry.timestamp}] [${entry.level}]${reset} ${entry.code}:`,
-      entry.message
-    );
+    try {
+      stream.write(`${color}[${entry.timestamp}] [${entry.level}]${reset} ${entry.code}: ${entry.message}\n`);
 
-    if (entry.component) {
-      logFn(`  Component: ${entry.component}`);
-    }
+      if (entry.component) {
+        stream.write(`  Component: ${entry.component}\n`);
+      }
 
-    if (entry.file) {
-      logFn(`  File: ${entry.file}${entry.line ? `:${entry.line}` : ''}`);
-    }
+      if (entry.file) {
+        stream.write(`  File: ${entry.file}${entry.line ? `:${entry.line}` : ''}\n`);
+      }
 
-    if (entry.stack && process.env.NODE_ENV !== 'production') {
-      logFn(`  Stack: ${entry.stack}`);
+      if (entry.stack && process.env.NODE_ENV !== 'production') {
+        stream.write(`  Stack: ${entry.stack}\n`);
+      }
+    } catch (err) {
+      // If the stream is broken (EPIPE), silently drop — do not recurse
     }
   }
 

package/error/MasterErrorMiddleware.js

@@ -172,7 +172,14 @@ function extractUserCodeContext(stack) {
 function setupGlobalErrorHandlers() {
   // Handle uncaught exceptions
   process.on('uncaughtException', (error) => {
-    console.error('[MasterController] Uncaught Exception:', error);
+    // EPIPE/stream errors from logging itself — do not recurse
+    if (error.code === 'EPIPE' || error.code === 'ERR_STREAM_DESTROYED') {
+      try { process.stderr.write(`[MasterController] Stream error suppressed: ${error.code}\n`); } catch (_) {}
+      return;
+    }
+
+    // Use stderr.write instead of console.error to avoid EPIPE recursion
+    try { process.stderr.write(`[MasterController] Uncaught Exception: ${error.message}\n`); } catch (_) {}
 
     // Extract context from stack trace
     const context = extractUserCodeContext(error.stack);
@@ -181,34 +188,33 @@ function setupGlobalErrorHandlers() {
     let enhancedMessage = `Uncaught exception: ${error.message}`;
 
     if (context && context.triggeringFile) {
-      enhancedMessage += `\n\n🔍 Error Location: ${context.triggeringFile.location}`;
+      enhancedMessage += `\n\nError Location: ${context.triggeringFile.location}`;
     }
 
     if (context && context.userFiles.length > 0) {
-      enhancedMessage += `\n\n📂 Your Code Involved:`;
+      enhancedMessage += `\n\nYour Code Involved:`;
       context.userFiles.forEach((file, i) => {
-        if (i < 3) { // Show first 3 user files
+        if (i < 3) {
           enhancedMessage += `\n   ${i + 1}. ${file.location}`;
         }
       });
     }
 
     if (context && context.frameworkFiles.length > 0) {
-      enhancedMessage += `\n\n🔧 Framework Files Involved:`;
+      enhancedMessage += `\n\nFramework Files Involved:`;
       context.frameworkFiles.forEach((file, i) => {
-        if (i < 2) { // Show first 2 framework files
+        if (i < 2) {
           enhancedMessage += `\n   ${i + 1}. ${file.location}`;
         }
       });
     }
 
-    console.error(enhancedMessage);
+    try { process.stderr.write(enhancedMessage + '\n'); } catch (_) {}
 
     logger.fatal({
       code: 'MC_ERR_UNCAUGHT_EXCEPTION',
       message: enhancedMessage,
       originalError: error,
-      stack: error.stack,
       context: context
     });
 
@@ -220,7 +226,7 @@ function setupGlobalErrorHandlers() {
 
   // Handle unhandled promise rejections
   process.on('unhandledRejection', (reason, promise) => {
-    console.error('[MasterController] Unhandled Rejection:', reason);
+    try { process.stderr.write(`[MasterController] Unhandled Rejection: ${reason}\n`); } catch (_) {}
 
     // Extract context from stack trace if available
     const context = reason?.stack ? extractUserCodeContext(reason.stack) : null;
@@ -229,27 +235,26 @@ function setupGlobalErrorHandlers() {
     let enhancedMessage = `Unhandled promise rejection: ${reason}`;
 
     if (context && context.triggeringFile) {
-      enhancedMessage += `\n\n🔍 Error Location: ${context.triggeringFile.location}`;
+      enhancedMessage += `\n\nError Location: ${context.triggeringFile.location}`;
     }
 
     if (context && context.userFiles.length > 0) {
-      enhancedMessage += `\n\n📂 Your Code Involved:`;
+      enhancedMessage += `\n\nYour Code Involved:`;
       context.userFiles.forEach((file, i) => {
-        if (i < 3) { // Show first 3 user files
+        if (i < 3) {
           enhancedMessage += `\n   ${i + 1}. ${file.location}`;
         }
       });
     }
 
     if (enhancedMessage !== `Unhandled promise rejection: ${reason}`) {
-      console.error(enhancedMessage);
+      try { process.stderr.write(enhancedMessage + '\n'); } catch (_) {}
     }
 
     logger.error({
       code: 'MC_ERR_UNHANDLED_REJECTION',
       message: enhancedMessage,
       originalError: reason,
-      stack: reason?.stack,
       context: context
     });
   });
@@ -257,7 +262,7 @@ function setupGlobalErrorHandlers() {
   // Handle warnings
   process.on('warning', (warning) => {
     if (isDevelopment) {
-      console.warn('[MasterController] Warning:', warning);
+      try { process.stderr.write(`[MasterController] Warning: ${warning.message}\n`); } catch (_) {}
     }
 
     logger.warn({

package/monitoring/HealthCheck.js

@@ -55,7 +55,8 @@ class HealthCheck {
 
       // Only handle health check endpoint
       if (requestPath !== self.options.endpoint) {
-        return await next();
+        if (typeof next === 'function') return await next();
+        return;
       }
 
       // Log health check request
@@ -226,7 +227,8 @@ class HealthCheck {
       const requestPath = req.url.split('?')[0];
 
       if (requestPath !== self.options.endpoint) {
-        return next();
+        if (typeof next === 'function') return next();
+        return;
       }
 
       try {

package/monitoring/PrometheusExporter.js

@@ -142,7 +142,7 @@ class PrometheusExporter {
 
       try {
         // Continue pipeline
-        await next();
+        if (typeof next === 'function') await next();
 
         // Record metrics on success
         const duration = (Date.now() - startTime) / 1000; // Convert to seconds

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mastercontroller",
-  "version": "1.3.35",
+  "version": "1.3.37",
   "description": "Fortune 500 ready Node.js MVC framework with enterprise security, monitoring, and horizontal scaling",
   "main": "MasterControl.js",
   "license": "MIT",

package/security/CSPConfig.js

@@ -95,7 +95,8 @@ class CSPConfig {
   middleware() {
     return (req, res, next) => {
       if (!this.enabled) {
-        return next();
+        if (typeof next === 'function') next();
+        return;
       }
 
       // Generate nonce for this request if needed
@@ -111,7 +112,7 @@ class CSPConfig {
       const headerName = this.reportOnly ? 'Content-Security-Policy-Report-Only' : 'Content-Security-Policy';
       res.setHeader(headerName, headerValue);
 
-      next();
+      if (typeof next === 'function') next();
     };
   }
 

package/security/SecurityEnforcement.js

@@ -163,7 +163,7 @@ class SecurityEnforcement {
 			SecurityEnforcement._applySecurityHeaders(ctx.response);
 
 			// Continue to next middleware
-			await next();
+			if (typeof next === 'function') await next();
 		};
 	}
 

package/security/SecurityMiddleware.js

@@ -74,7 +74,8 @@ class SecurityMiddleware {
    */
   securityHeadersMiddleware(req, res, next) {
     if (!this.headersEnabled) {
-      return next();
+      if (typeof next === 'function') next();
+      return;
     }
 
     // Apply standard security headers
@@ -96,7 +97,7 @@ class SecurityMiddleware {
       }
     }
 
-    next();
+    if (typeof next === 'function') next();
   }
 
   /**
@@ -104,7 +105,8 @@ class SecurityMiddleware {
    */
   corsMiddleware(req, res, next) {
     if (!this.corsEnabled) {
-      return next();
+      if (typeof next === 'function') next();
+      return;
     }
 
     const origin = req.headers.origin;
@@ -125,7 +127,7 @@ class SecurityMiddleware {
       return;
     }
 
-    next();
+    if (typeof next === 'function') next();
   }
 
   /**
@@ -133,7 +135,8 @@ class SecurityMiddleware {
    */
   rateLimitMiddleware(req, res, next) {
     if (!this.rateLimitEnabled) {
-      return next();
+      if (typeof next === 'function') next();
+      return;
     }
 
     const identifier = this._getClientIdentifier(req);
@@ -209,7 +212,7 @@ class SecurityMiddleware {
     res.setHeader('X-RateLimit-Remaining', remaining);
     res.setHeader('X-RateLimit-Reset', new Date(resetTime).toISOString());
 
-    next();
+    if (typeof next === 'function') next();
   }
 
   /**
@@ -217,13 +220,15 @@ class SecurityMiddleware {
    */
   csrfMiddleware(req, res, next) {
     if (!this.csrfEnabled) {
-      return next();
+      if (typeof next === 'function') next();
+      return;
     }
 
     // Skip CSRF for safe methods
     const safeMethods = ['GET', 'HEAD', 'OPTIONS'];
     if (safeMethods.includes(req.method)) {
-      return next();
+      if (typeof next === 'function') next();
+      return;
     }
 
     // Get CSRF token from request
@@ -291,7 +296,7 @@ class SecurityMiddleware {
     }
 
     // Token valid, continue
-    next();
+    if (typeof next === 'function') next();
   }
 
   /**
@@ -489,7 +494,7 @@ function pipelineSecurityHeaders(options = {}) {
     instance.securityHeadersMiddleware(ctx.request, ctx.response, oldNext);
 
     // Continue pipeline if next was called
-    if (nextCalled) {
+    if (nextCalled && typeof next === 'function') {
       await next();
     }
   };
@@ -504,7 +509,7 @@ function pipelineCors(options = {}) {
     instance.corsMiddleware(ctx.request, ctx.response, oldNext);
 
     // CORS might terminate for OPTIONS - check if response ended
-    if (!ctx.response.writableEnded && nextCalled) {
+    if (!ctx.response.writableEnded && nextCalled && typeof next === 'function') {
       await next();
     }
   };
@@ -519,7 +524,7 @@ function pipelineRateLimit(options = {}) {
     instance.rateLimitMiddleware(ctx.request, ctx.response, oldNext);
 
     // Rate limit might terminate - check if response ended
-    if (!ctx.response.writableEnded && nextCalled) {
+    if (!ctx.response.writableEnded && nextCalled && typeof next === 'function') {
       await next();
     }
   };
@@ -534,7 +539,7 @@ function pipelineCsrf(options = {}) {
     instance.csrfMiddleware(ctx.request, ctx.response, oldNext);
 
     // CSRF might terminate - check if response ended
-    if (!ctx.response.writableEnded && nextCalled) {
+    if (!ctx.response.writableEnded && nextCalled && typeof next === 'function') {
       await next();
     }
   };

package/security/SessionSecurity.js

@@ -36,18 +36,25 @@ class SessionSecurity {
    * Session middleware
    */
   middleware() {
-    return async (req, res, next) => {
+    const self = this;
+
+    // Return pipeline-compatible (ctx, next) middleware.
+    // MasterPipeline.execute() calls handler(ctx, next), not handler(req, res, next).
+    return async (ctx, next) => {
+      const req = ctx.request;
+      const res = ctx.response;
+
       // Parse session from cookie
-      const sessionId = this._parseCookie(req);
+      const sessionId = self._parseCookie(req);
 
       if (sessionId) {
         // Load existing session
         const session = sessionStore.get(sessionId);
 
-        if (session && this._isSessionValid(session, req)) {
+        if (session && self._isSessionValid(session, req)) {
           // Check if session needs regeneration
-          if (this._shouldRegenerate(session)) {
-            req.session = await this._regenerateSession(sessionId, session, res);
+          if (self._shouldRegenerate(session)) {
+            req.session = await self._regenerateSession(sessionId, session, res);
           } else {
             // Use existing session
             req.session = session.data;
@@ -57,9 +64,9 @@ class SessionSecurity {
             session.lastAccess = Date.now();
 
             // Extend expiry if rolling
-            if (this.rolling) {
-              session.expiry = Date.now() + this.maxAge;
-              this._setCookie(res, sessionId);
+            if (self.rolling) {
+              session.expiry = Date.now() + self.maxAge;
+              self._setCookie(res, sessionId);
             }
           }
         } else {
@@ -74,23 +81,25 @@ class SessionSecurity {
           }
 
           // Create new session
-          req.session = await this._createSession(req, res);
+          req.session = await self._createSession(req, res);
         }
       } else {
         // No session cookie, create new session
-        req.session = await this._createSession(req, res);
+        req.session = await self._createSession(req, res);
       }
 
       // Save session on response
       if (typeof res?.end === 'function') {
         const originalEnd = res.end;
         res.end = (...args) => {
-          this._saveSession(req);
+          self._saveSession(req);
           originalEnd.apply(res, args);
         };
       }
 
-      next();
+      if (typeof next === 'function') {
+        await next();
+      }
     };
   }
 

package/security/adapters/RedisCSRFStore.js

@@ -318,7 +318,8 @@ class RedisCSRFStore {
             message: 'CSRF check skipped - no session ID',
             path: ctx.request.url
           });
-          return await next();
+          if (typeof next === 'function') return await next();
+          return;
         }
 
         // Skip CSRF check for safe methods
@@ -326,7 +327,8 @@ class RedisCSRFStore {
         if (ignoreMethods.includes(method)) {
           // Ensure token exists for this session
           await self.get(sessionId);
-          return await next();
+          if (typeof next === 'function') return await next();
+          return;
         }
 
         // Get token from request (header or body)
@@ -373,7 +375,7 @@ class RedisCSRFStore {
         }
 
         // Token valid, continue pipeline
-        await next();
+        if (typeof next === 'function') await next();
 
       } catch (error) {
         logger.error({

package/security/adapters/RedisRateLimiter.js

@@ -441,7 +441,7 @@ class RedisRateLimiter {
         }
 
         // Request allowed, continue pipeline
-        await next();
+        if (typeof next === 'function') await next();
 
       } catch (error) {
         logger.error({
@@ -451,7 +451,7 @@ class RedisRateLimiter {
         });
 
         // On error, allow request (fail open)
-        await next();
+        if (typeof next === 'function') await next();
       }
     };
   }