opcjs-base 0.1.39-alpha → 0.1.40-alpha

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +26 -21
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +7 -6
  4. package/dist/index.d.ts +7 -6
  5. package/dist/index.js +26 -21
  6. package/dist/index.js.map +1 -1
  7. package/package.json +1 -1
package/dist/index.d.cts CHANGED
@@ -8281,13 +8281,14 @@ declare class SecureChannelMessageDecoder extends TransformStream<Uint8Array, Ms
8281
8281
  private context;
8282
8282
  private logger;
8283
8283
  /**
8284
- * Validates that `sequenceNumber` is monotonically increasing from the last
8285
- * seen remote sequence. Allows exactly one UInt32 wrap-around per token.
8284
+ * Validates that `sequenceNumber` is monotonically increasing from the
8285
+ * highest seen remote sequence. Allows UInt32 wrap-around per token.
8286
8286
  *
8287
- * Forward gaps are tolerated with a warning because some server implementations
8288
- * may consume sequence numbers internally (e.g. cancelled responses) without
8289
- * sending them on the wire. Backward jumps and duplicates are rejected as
8290
- * errors since they indicate replay or reordering.
8287
+ * Over TLS/WSS the transport already provides integrity and replay
8288
+ * protection, so small out-of-order deliveries (caused by multi-threaded
8289
+ * server writes) are tolerated with a warning rather than tearing down the
8290
+ * channel. Only truly anomalous conditions (e.g. a very large backward
8291
+ * jump that could indicate corruption) are treated as errors.
8291
8292
  */
8292
8293
  private validateSequenceNumber;
8293
8294
  private transform;
package/dist/index.d.ts CHANGED
@@ -8281,13 +8281,14 @@ declare class SecureChannelMessageDecoder extends TransformStream<Uint8Array, Ms
8281
8281
  private context;
8282
8282
  private logger;
8283
8283
  /**
8284
- * Validates that `sequenceNumber` is monotonically increasing from the last
8285
- * seen remote sequence. Allows exactly one UInt32 wrap-around per token.
8284
+ * Validates that `sequenceNumber` is monotonically increasing from the
8285
+ * highest seen remote sequence. Allows UInt32 wrap-around per token.
8286
8286
  *
8287
- * Forward gaps are tolerated with a warning because some server implementations
8288
- * may consume sequence numbers internally (e.g. cancelled responses) without
8289
- * sending them on the wire. Backward jumps and duplicates are rejected as
8290
- * errors since they indicate replay or reordering.
8287
+ * Over TLS/WSS the transport already provides integrity and replay
8288
+ * protection, so small out-of-order deliveries (caused by multi-threaded
8289
+ * server writes) are tolerated with a warning rather than tearing down the
8290
+ * channel. Only truly anomalous conditions (e.g. a very large backward
8291
+ * jump that could indicate corruption) are treated as errors.
8291
8292
  */
8292
8293
  private validateSequenceNumber;
8293
8294
  private transform;
package/dist/index.js CHANGED
@@ -17868,15 +17868,16 @@ var SecureChannelMessageDecoder = class extends TransformStream {
17868
17868
  }
17869
17869
  logger = getLogger("secureChannel.SecureChannelMessageDecoder");
17870
17870
  /**
17871
- * Validates that `sequenceNumber` is monotonically increasing from the last
17872
- * seen remote sequence. Allows exactly one UInt32 wrap-around per token.
17871
+ * Validates that `sequenceNumber` is monotonically increasing from the
17872
+ * highest seen remote sequence. Allows UInt32 wrap-around per token.
17873
17873
  *
17874
- * Forward gaps are tolerated with a warning because some server implementations
17875
- * may consume sequence numbers internally (e.g. cancelled responses) without
17876
- * sending them on the wire. Backward jumps and duplicates are rejected as
17877
- * errors since they indicate replay or reordering.
17874
+ * Over TLS/WSS the transport already provides integrity and replay
17875
+ * protection, so small out-of-order deliveries (caused by multi-threaded
17876
+ * server writes) are tolerated with a warning rather than tearing down the
17877
+ * channel. Only truly anomalous conditions (e.g. a very large backward
17878
+ * jump that could indicate corruption) are treated as errors.
17878
17879
  */
17879
- validateSequenceNumber(sequenceNumber, msgType, controller) {
17880
+ validateSequenceNumber(sequenceNumber, msgType) {
17880
17881
  const last = this.context.lastRemoteSequenceNumber;
17881
17882
  if (last === void 0) {
17882
17883
  this.context.lastRemoteSequenceNumber = sequenceNumber;
@@ -17884,18 +17885,22 @@ var SecureChannelMessageDecoder = class extends TransformStream {
17884
17885
  return true;
17885
17886
  }
17886
17887
  const isWrap = last >= SEQ_WRAP_THRESHOLD2 && sequenceNumber < SEQ_WRAP_MAX;
17887
- const isForward = sequenceNumber > last;
17888
- if (!isForward && !isWrap) {
17889
- this.logger.error(`[${msgType}] Invalid remote sequence number: expected > ${last}, got ${sequenceNumber}`);
17890
- controller.error(new Error(`Invalid remote sequence number: expected > ${last}, got ${sequenceNumber}`));
17891
- return false;
17888
+ if (isWrap) {
17889
+ this.context.lastRemoteSequenceNumber = sequenceNumber;
17890
+ this.logger.debug(`[${msgType}] Sequence number wrapped: ${last} \u2192 ${sequenceNumber}`);
17891
+ return true;
17892
17892
  }
17893
- if (sequenceNumber !== last + 1 && !isWrap) {
17894
- this.logger.warn(`[${msgType}] Remote sequence number gap: expected ${last + 1}, got ${sequenceNumber} (skipped ${sequenceNumber - last - 1})`);
17895
- } else {
17893
+ if (sequenceNumber === last + 1) {
17894
+ this.context.lastRemoteSequenceNumber = sequenceNumber;
17896
17895
  this.logger.debug(`[${msgType}] Sequence number advanced: ${last} \u2192 ${sequenceNumber}`);
17896
+ return true;
17897
+ }
17898
+ if (sequenceNumber > last + 1) {
17899
+ this.logger.warn(`[${msgType}] Remote sequence number gap: expected ${last + 1}, got ${sequenceNumber} (skipped ${sequenceNumber - last - 1})`);
17900
+ this.context.lastRemoteSequenceNumber = sequenceNumber;
17901
+ return true;
17897
17902
  }
17898
- this.context.lastRemoteSequenceNumber = sequenceNumber;
17903
+ this.logger.warn(`[${msgType}] Out-of-order remote sequence number: highest seen ${last}, got ${sequenceNumber}`);
17899
17904
  return true;
17900
17905
  }
17901
17906
  transform(data, controller) {
@@ -17912,7 +17917,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
17912
17917
  secHeader,
17913
17918
  this.context.securityAlgorithm
17914
17919
  );
17915
- if (!this.validateSequenceNumber(msgAsym.sequenceHeader.sequenceNumber, "OPN", controller)) return;
17920
+ if (!this.validateSequenceNumber(msgAsym.sequenceHeader.sequenceNumber, "OPN")) return;
17916
17921
  controller.enqueue(msgAsym);
17917
17922
  break;
17918
17923
  }
@@ -17920,7 +17925,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
17920
17925
  this.logger.warn("SecureChannel received Abort message");
17921
17926
  const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
17922
17927
  const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
17923
- if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-A", controller)) return;
17928
+ if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-A")) return;
17924
17929
  controller.enqueue(msgSym);
17925
17930
  break;
17926
17931
  }
@@ -17928,7 +17933,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
17928
17933
  this.logger.debug("SecureChannel received Chunk message.");
17929
17934
  const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
17930
17935
  const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
17931
- if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-C", controller)) return;
17936
+ if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-C")) return;
17932
17937
  controller.enqueue(msgSym);
17933
17938
  break;
17934
17939
  }
@@ -17936,7 +17941,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
17936
17941
  this.logger.debug("SecureChannel received Final message");
17937
17942
  const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
17938
17943
  const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
17939
- if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-F", controller)) return;
17944
+ if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-F")) return;
17940
17945
  controller.enqueue(msgSym);
17941
17946
  break;
17942
17947
  }
@@ -17944,7 +17949,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
17944
17949
  this.logger.warn("SecureChannel received CloseFinal message.");
17945
17950
  const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
17946
17951
  const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
17947
- this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "CLO-F", controller);
17952
+ this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "CLO-F");
17948
17953
  break;
17949
17954
  }
17950
17955
  default: