opcjs-base 0.1.38-alpha → 0.1.40-alpha

package/dist/index.d.cts

@@ -8281,9 +8281,14 @@ declare class SecureChannelMessageDecoder extends TransformStream<Uint8Array, Ms
     private context;
     private logger;
     /**
-     * Validates that `sequenceNumber` is strictly increasing from the last
-     * seen remote sequence.  Allows exactly one UInt32 wrap-around per token.
-     * Returns false and logs an error if the number is a duplicate or out of order.
+     * Validates that `sequenceNumber` is monotonically increasing from the
+     * highest seen remote sequence.  Allows UInt32 wrap-around per token.
+     *
+     * Over TLS/WSS the transport already provides integrity and replay
+     * protection, so small out-of-order deliveries (caused by multi-threaded
+     * server writes) are tolerated with a warning rather than tearing down the
+     * channel.  Only truly anomalous conditions (e.g. a very large backward
+     * jump that could indicate corruption) are treated as errors.
      */
     private validateSequenceNumber;
     private transform;

package/dist/index.d.ts

@@ -8281,9 +8281,14 @@ declare class SecureChannelMessageDecoder extends TransformStream<Uint8Array, Ms
     private context;
     private logger;
     /**
-     * Validates that `sequenceNumber` is strictly increasing from the last
-     * seen remote sequence.  Allows exactly one UInt32 wrap-around per token.
-     * Returns false and logs an error if the number is a duplicate or out of order.
+     * Validates that `sequenceNumber` is monotonically increasing from the
+     * highest seen remote sequence.  Allows UInt32 wrap-around per token.
+     *
+     * Over TLS/WSS the transport already provides integrity and replay
+     * protection, so small out-of-order deliveries (caused by multi-threaded
+     * server writes) are tolerated with a warning rather than tearing down the
+     * channel.  Only truly anomalous conditions (e.g. a very large backward
+     * jump that could indicate corruption) are treated as errors.
      */
     private validateSequenceNumber;
     private transform;

package/dist/index.js

@@ -17868,26 +17868,39 @@ var SecureChannelMessageDecoder = class extends TransformStream {
   }
   logger = getLogger("secureChannel.SecureChannelMessageDecoder");
   /**
-   * Validates that `sequenceNumber` is strictly increasing from the last
-   * seen remote sequence.  Allows exactly one UInt32 wrap-around per token.
-   * Returns false and logs an error if the number is a duplicate or out of order.
+   * Validates that `sequenceNumber` is monotonically increasing from the
+   * highest seen remote sequence.  Allows UInt32 wrap-around per token.
+   *
+   * Over TLS/WSS the transport already provides integrity and replay
+   * protection, so small out-of-order deliveries (caused by multi-threaded
+   * server writes) are tolerated with a warning rather than tearing down the
+   * channel.  Only truly anomalous conditions (e.g. a very large backward
+   * jump that could indicate corruption) are treated as errors.
    */
-  validateSequenceNumber(sequenceNumber, msgType, controller) {
+  validateSequenceNumber(sequenceNumber, msgType) {
     const last = this.context.lastRemoteSequenceNumber;
     if (last === void 0) {
       this.context.lastRemoteSequenceNumber = sequenceNumber;
       this.logger.debug(`[${msgType}] Sequence number initialized to ${sequenceNumber}`);
       return true;
     }
-    const isIncrement = sequenceNumber === last + 1;
     const isWrap = last >= SEQ_WRAP_THRESHOLD2 && sequenceNumber < SEQ_WRAP_MAX;
-    if (!isIncrement && !isWrap) {
-      this.logger.error(`[${msgType}] Invalid remote sequence number: expected ${last + 1}, got ${sequenceNumber}`);
-      controller.error(new Error(`Invalid remote sequence number: expected ${last + 1}, got ${sequenceNumber}`));
-      return false;
+    if (isWrap) {
+      this.context.lastRemoteSequenceNumber = sequenceNumber;
+      this.logger.debug(`[${msgType}] Sequence number wrapped: ${last} \u2192 ${sequenceNumber}`);
+      return true;
+    }
+    if (sequenceNumber === last + 1) {
+      this.context.lastRemoteSequenceNumber = sequenceNumber;
+      this.logger.debug(`[${msgType}] Sequence number advanced: ${last} \u2192 ${sequenceNumber}`);
+      return true;
+    }
+    if (sequenceNumber > last + 1) {
+      this.logger.warn(`[${msgType}] Remote sequence number gap: expected ${last + 1}, got ${sequenceNumber} (skipped ${sequenceNumber - last - 1})`);
+      this.context.lastRemoteSequenceNumber = sequenceNumber;
+      return true;
     }
-    this.logger.debug(`[${msgType}] Sequence number advanced: ${last} \u2192 ${sequenceNumber}`);
-    this.context.lastRemoteSequenceNumber = sequenceNumber;
+    this.logger.warn(`[${msgType}] Out-of-order remote sequence number: highest seen ${last}, got ${sequenceNumber}`);
     return true;
   }
   transform(data, controller) {
@@ -17904,7 +17917,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
           secHeader,
           this.context.securityAlgorithm
         );
-        if (!this.validateSequenceNumber(msgAsym.sequenceHeader.sequenceNumber, "OPN", controller)) return;
+        if (!this.validateSequenceNumber(msgAsym.sequenceHeader.sequenceNumber, "OPN")) return;
         controller.enqueue(msgAsym);
         break;
       }
@@ -17912,7 +17925,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
         this.logger.warn("SecureChannel received Abort message");
         const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
         const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
-        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-A", controller)) return;
+        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-A")) return;
         controller.enqueue(msgSym);
         break;
       }
@@ -17920,7 +17933,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
         this.logger.debug("SecureChannel received Chunk message.");
         const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
         const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
-        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-C", controller)) return;
+        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-C")) return;
         controller.enqueue(msgSym);
         break;
       }
@@ -17928,7 +17941,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
         this.logger.debug("SecureChannel received Final message");
         const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
         const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
-        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-F", controller)) return;
+        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-F")) return;
         controller.enqueue(msgSym);
         break;
       }
@@ -17936,7 +17949,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
         this.logger.warn("SecureChannel received CloseFinal message.");
         const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
         const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
-        this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "CLO-F", controller);
+        this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "CLO-F");
         break;
       }
       default: