risicare 0.3.0 → 0.4.0

package/dist/index.js

@@ -2040,7 +2040,14 @@ var BatchSpanProcessor = class _BatchSpanProcessor {
   failedExports = 0;
   constructor(options) {
     this._exporters = [...options.exporters];
-    this._batchSize = options.batchSize ?? 100;
+    const requestedBatchSize = options.batchSize ?? 100;
+    const clampedBatchSize = Math.max(1, Math.min(requestedBatchSize, 1e4));
+    if (clampedBatchSize !== requestedBatchSize) {
+      warn(
+        `batchSize=${requestedBatchSize} is outside the allowed range [1, 10000]; clamping to ${clampedBatchSize}`
+      );
+    }
+    this._batchSize = clampedBatchSize;
     this._batchTimeoutMs = options.batchTimeoutMs ?? 1e3;
     this._maxQueueSize = options.maxQueueSize ?? 1e4;
     this._debug = options.debug ?? false;
@@ -2181,11 +2188,15 @@ var HttpExporter = class {
   _timeoutMs;
   _maxRetries;
   _compress;
-  // Circuit breaker
+  // Circuit breaker (CON-201 / B-16). Threshold and cooldown sized for
+  // a "30-second prod restart" scenario: with default 1s batch flush a
+  // 5-failure threshold opens the circuit ~5s into an outage and the 60s
+  // cooldown gives the gateway time to come back before the half-open
+  // probe fires. Lower numbers (was 3@30s) tripped on transient blips.
   _consecutiveFailures = 0;
   _circuitOpenUntil = 0;
-  _circuitBreakerThreshold = 3;
-  _circuitBreakerCooldownMs = 3e4;
+  _circuitBreakerThreshold = 5;
+  _circuitBreakerCooldownMs = 6e4;
   constructor(options) {
     this._endpoint = options.endpoint.replace(/\/+$/, "");
     this._apiKey = options.apiKey;
@@ -2346,7 +2357,18 @@ var RisicareClient = class {
           enabled: true,
           debug: this.config.debug
         });
-      } catch {
+      } catch (e) {
+        const errName = e instanceof Error ? e.name : "Error";
+        const errMsg = e instanceof Error ? e.message : String(e);
+        try {
+          console.warn(
+            `[risicare] FixRuntime initialization failed \u2014 auto-fix is OFFLINE for this process. endpoint=${this.config.endpoint} error=${errName}: ${errMsg}. Tracing + reporting still work; only fix application is disabled. Pass debug:true in init() options for the full traceback.`
+          );
+        } catch {
+        }
+        if (this.config.debug) {
+          debug(`FixRuntime init traceback: ${e instanceof Error && e.stack ? e.stack : String(e)}`);
+        }
       }
     }
     this._registerShutdownHooks();
@@ -2498,7 +2520,7 @@ function reportError(error, options) {
 }
 function score(traceId, name, value, options) {
   try {
-    if (typeof value !== "number" || value < 0 || value > 1) {
+    if (typeof value !== "number" || !Number.isFinite(value) || value < 0 || value > 1) {
       debug(`score: value must be in [0.0, 1.0], got ${value}. Score not sent.`);
       return;
     }
@@ -2548,7 +2570,7 @@ function withAgent(options, fn) {
 }
 
 // src/decorators/agent.ts
-function agent(options, fn) {
+function _wrapAgent(options, fn) {
   const spanName = `agent:${options.name ?? "agent"}`;
   return (...args) => {
     const tracer = getTracer2();
@@ -2562,6 +2584,12 @@ function agent(options, fn) {
     });
   };
 }
+function agent(options, fn) {
+  if (fn === void 0) {
+    return (realFn) => _wrapAgent(options, realFn);
+  }
+  return _wrapAgent(options, fn);
+}
 
 // src/context/session.ts
 function withSession(options, fn) {
@@ -2576,12 +2604,18 @@ function withSession(options, fn) {
 }
 
 // src/decorators/session.ts
-function session(optionsOrResolver, fn) {
+function _wrapSession(optionsOrResolver, fn) {
   return (...args) => {
     const options = typeof optionsOrResolver === "function" ? optionsOrResolver(...args) : optionsOrResolver;
     return withSession(options, () => fn(...args));
   };
 }
+function session(optionsOrResolver, fn) {
+  if (fn === void 0) {
+    return (realFn) => _wrapSession(optionsOrResolver, realFn);
+  }
+  return _wrapSession(optionsOrResolver, fn);
+}
 
 // src/context/phase.ts
 function withPhase(phase, fn) {
@@ -3203,14 +3237,180 @@ var RisicareLlamaIndexHandler = class {
 
 // src/index.ts
 init_runtime();
+
+// src/webhooks.ts
+import { createHmac, timingSafeEqual } from "crypto";
+import { Buffer as Buffer2 } from "buffer";
+var DEFAULT_TIMESTAMP_TOLERANCE_S = 300;
+var SIGNATURE_HEADER = "X-Risicare-Signature";
+var TIMESTAMP_HEADER = "X-Risicare-Timestamp";
+var SUPPORTED_SCHEMES = ["v1"];
+var HEX_SHA256_RE = /^[0-9a-f]{64}$/;
+var WebhookVerificationError = class _WebhookVerificationError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "WebhookVerificationError";
+    Object.setPrototypeOf(this, _WebhookVerificationError.prototype);
+  }
+};
+function getHeader(headers, name) {
+  const lower = name.toLowerCase();
+  if (typeof headers.get === "function") {
+    const accessor = headers;
+    const v = accessor.get(name) ?? accessor.get(lower);
+    return v ?? void 0;
+  }
+  const dict = headers;
+  const raw = dict[name] ?? dict[lower];
+  if (raw === void 0) {
+    return void 0;
+  }
+  if (Array.isArray(raw)) {
+    return raw[0];
+  }
+  return raw;
+}
+function coercePayload(payload) {
+  if (typeof payload === "string") {
+    return Buffer2.from(payload, "utf-8");
+  }
+  if (payload instanceof Uint8Array) {
+    return Buffer2.from(
+      payload.buffer,
+      payload.byteOffset,
+      payload.byteLength
+    );
+  }
+  if (payload instanceof ArrayBuffer) {
+    return Buffer2.from(payload);
+  }
+  throw new WebhookVerificationError(
+    `payload must be Uint8Array, ArrayBuffer, Buffer, or string, got ${typeof payload}`
+  );
+}
+function parseSignatureHeader(raw) {
+  const parts = /* @__PURE__ */ Object.create(null);
+  for (const rawSegment of raw.split(",")) {
+    const segment = rawSegment.trim();
+    if (segment === "") {
+      continue;
+    }
+    const eqIdx = segment.indexOf("=");
+    if (eqIdx === -1) {
+      throw new WebhookVerificationError(
+        `Malformed segment in ${SIGNATURE_HEADER}: ${JSON.stringify(segment)}`
+      );
+    }
+    const key = segment.slice(0, eqIdx).trim();
+    const value = segment.slice(eqIdx + 1).trim();
+    parts[key] = value;
+  }
+  if (!("t" in parts)) {
+    throw new WebhookVerificationError(
+      `Missing \`t=\` (timestamp) in ${SIGNATURE_HEADER}`
+    );
+  }
+  let scheme;
+  for (const candidate of SUPPORTED_SCHEMES) {
+    if (candidate in parts) {
+      scheme = candidate;
+      break;
+    }
+  }
+  if (scheme === void 0) {
+    const keys = Object.keys(parts).sort();
+    throw new WebhookVerificationError(
+      `No supported signature scheme in ${SIGNATURE_HEADER}; expected one of (${SUPPORTED_SCHEMES.map((s) => `'${s}'`).join(", ")}), got keys [${keys.map((k) => `'${k}'`).join(", ")}]`
+    );
+  }
+  const tRaw = parts["t"];
+  if (!/^-?\d+$/.test(tRaw)) {
+    throw new WebhookVerificationError(
+      `Non-integer timestamp in ${SIGNATURE_HEADER}: ${JSON.stringify(tRaw)}`
+    );
+  }
+  const ts = parseInt(tRaw, 10);
+  if (!Number.isFinite(ts)) {
+    throw new WebhookVerificationError(
+      `Non-integer timestamp in ${SIGNATURE_HEADER}: ${JSON.stringify(tRaw)}`
+    );
+  }
+  const sigHex = parts[scheme];
+  if (sigHex === void 0 || sigHex === "") {
+    throw new WebhookVerificationError(
+      `Empty ${scheme}= value in ${SIGNATURE_HEADER}`
+    );
+  }
+  return [ts, sigHex];
+}
+function safeHexEqual(computed, expected) {
+  if (!HEX_SHA256_RE.test(expected)) {
+    return false;
+  }
+  const a = Buffer2.from(computed, "hex");
+  const b = Buffer2.from(expected, "hex");
+  if (a.length !== b.length) {
+    return false;
+  }
+  return timingSafeEqual(a, b);
+}
+function verifyWebhookSignature(payload, headers, secret, opts = {}) {
+  const toleranceS = opts.toleranceS ?? DEFAULT_TIMESTAMP_TOLERANCE_S;
+  const payloadBytes = coercePayload(payload);
+  const sigHeader = getHeader(headers, SIGNATURE_HEADER);
+  if (sigHeader === void 0 || sigHeader === "") {
+    throw new WebhookVerificationError(
+      `Missing ${SIGNATURE_HEADER} header`
+    );
+  }
+  const tsHeader = getHeader(headers, TIMESTAMP_HEADER);
+  if (tsHeader === void 0 || tsHeader === "") {
+    throw new WebhookVerificationError(
+      `Missing ${TIMESTAMP_HEADER} header`
+    );
+  }
+  const [tsInSig, expectedHex] = parseSignatureHeader(sigHeader);
+  if (!/^-?\d+$/.test(tsHeader)) {
+    throw new WebhookVerificationError(
+      `Non-integer ${TIMESTAMP_HEADER}: ${JSON.stringify(tsHeader)}`
+    );
+  }
+  const tsStandalone = parseInt(tsHeader, 10);
+  if (!Number.isFinite(tsStandalone)) {
+    throw new WebhookVerificationError(
+      `Non-integer ${TIMESTAMP_HEADER}: ${JSON.stringify(tsHeader)}`
+    );
+  }
+  if (tsStandalone !== tsInSig) {
+    throw new WebhookVerificationError(
+      `Timestamp mismatch: ${TIMESTAMP_HEADER}=${tsStandalone}, signature t=${tsInSig}`
+    );
+  }
+  const now = opts._now !== void 0 ? Math.trunc(opts._now) : Math.floor(Date.now() / 1e3);
+  const skew = Math.abs(now - tsInSig);
+  if (skew > toleranceS) {
+    throw new WebhookVerificationError(
+      `Webhook timestamp outside tolerance: skew=${skew}s, max=${toleranceS}s`
+    );
+  }
+  const hmac = createHmac("sha256", secret);
+  hmac.update(`${tsInSig}.`);
+  hmac.update(payloadBytes);
+  const computed = hmac.digest("hex");
+  if (!safeHexEqual(computed, expectedHex)) {
+    throw new WebhookVerificationError("Webhook signature mismatch");
+  }
+}
 export {
   AgentRole,
+  DEFAULT_TIMESTAMP_TOLERANCE_S,
   MessageType,
   RisicareCallbackHandler,
   RisicareLlamaIndexHandler,
   SemanticPhase,
   SpanKind,
   SpanStatus,
+  WebhookVerificationError,
   agent,
   disable,
   enable,
@@ -3254,6 +3454,7 @@ export {
   traceThink,
   tracedStream,
   unregisterSpan,
+  verifyWebhookSignature,
   withAgent,
   withPhase,
   withSession