npm - threadforge - Versions diffs - 0.1.1 → 0.2.1 - Mend

threadforge 0.1.1 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (358) hide show

package/README.md +52 -20
package/bin/forge.js +2 -1058
package/bin/host-commands.d.ts +2 -0
package/bin/host-commands.d.ts.map +1 -0
package/bin/host-commands.js +7 -8
package/bin/platform-commands.d.ts +2 -0
package/bin/platform-commands.d.ts.map +1 -0
package/bin/platform-commands.js +118 -36
package/dist/cli/base-command.d.ts +12 -0
package/dist/cli/base-command.d.ts.map +1 -0
package/dist/cli/base-command.js +25 -0
package/dist/cli/base-command.js.map +1 -0
package/dist/cli/commands/build.d.ts +10 -0
package/dist/cli/commands/build.d.ts.map +1 -0
package/dist/cli/commands/build.js +110 -0
package/dist/cli/commands/build.js.map +1 -0
package/dist/cli/commands/deploy.d.ts +12 -0
package/dist/cli/commands/deploy.d.ts.map +1 -0
package/dist/cli/commands/deploy.js +143 -0
package/dist/cli/commands/deploy.js.map +1 -0
package/dist/cli/commands/dev.d.ts +10 -0
package/dist/cli/commands/dev.d.ts.map +1 -0
package/dist/cli/commands/dev.js +138 -0
package/dist/cli/commands/dev.js.map +1 -0
package/dist/cli/commands/generate.d.ts +10 -0
package/dist/cli/commands/generate.d.ts.map +1 -0
package/dist/cli/commands/generate.js +76 -0
package/dist/cli/commands/generate.js.map +1 -0
package/dist/cli/commands/host.d.ts +8 -0
package/dist/cli/commands/host.d.ts.map +1 -0
package/dist/cli/commands/host.js +20 -0
package/dist/cli/commands/host.js.map +1 -0
package/dist/cli/commands/init.d.ts +16 -0
package/dist/cli/commands/init.d.ts.map +1 -0
package/dist/cli/commands/init.js +246 -0
package/dist/cli/commands/init.js.map +1 -0
package/dist/cli/commands/platform.d.ts +8 -0
package/dist/cli/commands/platform.d.ts.map +1 -0
package/dist/cli/commands/platform.js +20 -0
package/dist/cli/commands/platform.js.map +1 -0
package/dist/cli/commands/restart.d.ts +8 -0
package/dist/cli/commands/restart.d.ts.map +1 -0
package/dist/cli/commands/restart.js +13 -0
package/dist/cli/commands/restart.js.map +1 -0
package/dist/cli/commands/scaffold/frontend.d.ts +10 -0
package/dist/cli/commands/scaffold/frontend.d.ts.map +1 -0
package/dist/cli/commands/scaffold/frontend.js +130 -0
package/dist/cli/commands/scaffold/frontend.js.map +1 -0
package/dist/cli/commands/scaffold/react.d.ts +7 -0
package/dist/cli/commands/scaffold/react.d.ts.map +1 -0
package/dist/cli/commands/scaffold/react.js +12 -0
package/dist/cli/commands/scaffold/react.js.map +1 -0
package/dist/cli/commands/scale.d.ts +8 -0
package/dist/cli/commands/scale.d.ts.map +1 -0
package/dist/cli/commands/scale.js +13 -0
package/dist/cli/commands/scale.js.map +1 -0
package/dist/cli/commands/start.d.ts +10 -0
package/dist/cli/commands/start.d.ts.map +1 -0
package/dist/cli/commands/start.js +71 -0
package/dist/cli/commands/start.js.map +1 -0
package/dist/cli/commands/status.d.ts +11 -0
package/dist/cli/commands/status.d.ts.map +1 -0
package/dist/cli/commands/status.js +60 -0
package/dist/cli/commands/status.js.map +1 -0
package/dist/cli/commands/stop.d.ts +10 -0
package/dist/cli/commands/stop.d.ts.map +1 -0
package/dist/cli/commands/stop.js +89 -0
package/dist/cli/commands/stop.js.map +1 -0
package/dist/cli/util/config-discovery.d.ts +8 -0
package/dist/cli/util/config-discovery.d.ts.map +1 -0
package/dist/cli/util/config-discovery.js +70 -0
package/dist/cli/util/config-discovery.js.map +1 -0
package/dist/cli/util/config-patcher.d.ts +17 -0
package/dist/cli/util/config-patcher.d.ts.map +1 -0
package/dist/cli/util/config-patcher.js +439 -0
package/dist/cli/util/config-patcher.js.map +1 -0
package/dist/cli/util/frontend-dev.d.ts +8 -0
package/dist/cli/util/frontend-dev.d.ts.map +1 -0
package/dist/cli/util/frontend-dev.js +117 -0
package/dist/cli/util/frontend-dev.js.map +1 -0
package/dist/cli/util/process.d.ts +5 -0
package/dist/cli/util/process.d.ts.map +1 -0
package/dist/cli/util/process.js +17 -0
package/dist/cli/util/process.js.map +1 -0
package/dist/cli/util/templates.d.ts +10 -0
package/dist/cli/util/templates.d.ts.map +1 -0
package/dist/cli/util/templates.js +157 -0
package/dist/cli/util/templates.js.map +1 -0
package/dist/core/AlertSink.d.ts +83 -0
package/dist/core/AlertSink.d.ts.map +1 -0
package/dist/core/AlertSink.js +126 -0
package/dist/core/AlertSink.js.map +1 -0
package/dist/core/DirectMessageBus.d.ts +88 -0
package/dist/core/DirectMessageBus.d.ts.map +1 -0
package/dist/core/DirectMessageBus.js +352 -0
package/dist/core/DirectMessageBus.js.map +1 -0
package/dist/core/EndpointResolver.d.ts +111 -0
package/dist/core/EndpointResolver.d.ts.map +1 -0
package/dist/core/EndpointResolver.js +336 -0
package/dist/core/EndpointResolver.js.map +1 -0
package/dist/core/ForgeContext.d.ts +221 -0
package/dist/core/ForgeContext.d.ts.map +1 -0
package/dist/core/ForgeContext.js +1169 -0
package/dist/core/ForgeContext.js.map +1 -0
package/dist/core/ForgeEndpoints.d.ts +71 -0
package/dist/core/ForgeEndpoints.d.ts.map +1 -0
package/dist/core/ForgeEndpoints.js +442 -0
package/dist/core/ForgeEndpoints.js.map +1 -0
package/dist/core/ForgeHost.d.ts +82 -0
package/dist/core/ForgeHost.d.ts.map +1 -0
package/dist/core/ForgeHost.js +107 -0
package/dist/core/ForgeHost.js.map +1 -0
package/dist/core/ForgePlatform.d.ts +96 -0
package/dist/core/ForgePlatform.d.ts.map +1 -0
package/dist/core/ForgePlatform.js +136 -0
package/dist/core/ForgePlatform.js.map +1 -0
package/dist/core/ForgeWebSocket.d.ts +56 -0
package/dist/core/ForgeWebSocket.d.ts.map +1 -0
package/dist/core/ForgeWebSocket.js +415 -0
package/dist/core/ForgeWebSocket.js.map +1 -0
package/dist/core/Ingress.d.ts +329 -0
package/dist/core/Ingress.d.ts.map +1 -0
package/dist/core/Ingress.js +694 -0
package/dist/core/Ingress.js.map +1 -0
package/dist/core/Interceptors.d.ts +134 -0
package/dist/core/Interceptors.d.ts.map +1 -0
package/dist/core/Interceptors.js +416 -0
package/dist/core/Interceptors.js.map +1 -0
package/dist/core/Logger.d.ts +20 -0
package/dist/core/Logger.d.ts.map +1 -0
package/dist/core/Logger.js +77 -0
package/dist/core/Logger.js.map +1 -0
package/dist/core/MessageBus.d.ts +15 -0
package/dist/core/MessageBus.d.ts.map +1 -0
package/dist/core/MessageBus.js +18 -0
package/dist/core/MessageBus.js.map +1 -0
package/dist/core/Prometheus.d.ts +80 -0
package/dist/core/Prometheus.d.ts.map +1 -0
package/dist/core/Prometheus.js +332 -0
package/dist/core/Prometheus.js.map +1 -0
package/dist/core/RequestContext.d.ts +214 -0
package/dist/core/RequestContext.d.ts.map +1 -0
package/dist/core/RequestContext.js +556 -0
package/dist/core/RequestContext.js.map +1 -0
package/dist/core/Router.d.ts +45 -0
package/dist/core/Router.d.ts.map +1 -0
package/dist/core/Router.js +285 -0
package/dist/core/Router.js.map +1 -0
package/dist/core/RoutingStrategy.d.ts +116 -0
package/dist/core/RoutingStrategy.d.ts.map +1 -0
package/dist/core/RoutingStrategy.js +306 -0
package/dist/core/RoutingStrategy.js.map +1 -0
package/dist/core/RpcConfig.d.ts +72 -0
package/dist/core/RpcConfig.d.ts.map +1 -0
package/dist/core/RpcConfig.js +127 -0
package/dist/core/RpcConfig.js.map +1 -0
package/dist/core/SignatureCache.d.ts +81 -0
package/dist/core/SignatureCache.d.ts.map +1 -0
package/dist/core/SignatureCache.js +172 -0
package/dist/core/SignatureCache.js.map +1 -0
package/dist/core/StaticFileServer.d.ts +34 -0
package/dist/core/StaticFileServer.d.ts.map +1 -0
package/dist/core/StaticFileServer.js +497 -0
package/dist/core/StaticFileServer.js.map +1 -0
package/dist/core/Supervisor.d.ts +198 -0
package/dist/core/Supervisor.d.ts.map +1 -0
package/dist/core/Supervisor.js +1418 -0
package/dist/core/Supervisor.js.map +1 -0
package/dist/core/ThreadAllocator.d.ts +52 -0
package/dist/core/ThreadAllocator.d.ts.map +1 -0
package/dist/core/ThreadAllocator.js +174 -0
package/dist/core/ThreadAllocator.js.map +1 -0
package/dist/core/WorkerChannelManager.d.ts +130 -0
package/dist/core/WorkerChannelManager.d.ts.map +1 -0
package/dist/core/WorkerChannelManager.js +956 -0
package/dist/core/WorkerChannelManager.js.map +1 -0
package/dist/core/config-enums.d.ts +41 -0
package/dist/core/config-enums.d.ts.map +1 -0
package/dist/core/config-enums.js +59 -0
package/dist/core/config-enums.js.map +1 -0
package/dist/core/config.d.ts +159 -0
package/dist/core/config.d.ts.map +1 -0
package/dist/core/config.js +694 -0
package/dist/core/config.js.map +1 -0
package/dist/core/host-config.d.ts +146 -0
package/dist/core/host-config.d.ts.map +1 -0
package/dist/core/host-config.js +312 -0
package/dist/core/host-config.js.map +1 -0
package/dist/core/ipc-errors.d.ts +27 -0
package/dist/core/ipc-errors.d.ts.map +1 -0
package/dist/core/ipc-errors.js +36 -0
package/dist/core/ipc-errors.js.map +1 -0
package/dist/core/network-utils.d.ts +35 -0
package/dist/core/network-utils.d.ts.map +1 -0
package/dist/core/network-utils.js +145 -0
package/dist/core/network-utils.js.map +1 -0
package/dist/core/platform-config.d.ts +142 -0
package/dist/core/platform-config.d.ts.map +1 -0
package/dist/core/platform-config.js +299 -0
package/dist/core/platform-config.js.map +1 -0
package/dist/decorators/ServiceProxy.d.ts +175 -0
package/dist/decorators/ServiceProxy.d.ts.map +1 -0
package/dist/decorators/ServiceProxy.js +969 -0
package/dist/decorators/ServiceProxy.js.map +1 -0
package/dist/decorators/index.d.ts +146 -0
package/dist/decorators/index.d.ts.map +1 -0
package/dist/decorators/index.js +545 -0
package/dist/decorators/index.js.map +1 -0
package/dist/deploy/NginxGenerator.d.ts +165 -0
package/dist/deploy/NginxGenerator.d.ts.map +1 -0
package/dist/deploy/NginxGenerator.js +781 -0
package/dist/deploy/NginxGenerator.js.map +1 -0
package/dist/deploy/PlatformManifestGenerator.d.ts +43 -0
package/dist/deploy/PlatformManifestGenerator.d.ts.map +1 -0
package/dist/deploy/PlatformManifestGenerator.js +80 -0
package/dist/deploy/PlatformManifestGenerator.js.map +1 -0
package/dist/deploy/RouteManifestGenerator.d.ts +42 -0
package/dist/deploy/RouteManifestGenerator.d.ts.map +1 -0
package/dist/deploy/RouteManifestGenerator.js +105 -0
package/dist/deploy/RouteManifestGenerator.js.map +1 -0
package/dist/deploy/index.d.ts +210 -0
package/dist/deploy/index.d.ts.map +1 -0
package/dist/deploy/index.js +918 -0
package/dist/deploy/index.js.map +1 -0
package/dist/frontend/FrontendDevLifecycle.d.ts +26 -0
package/dist/frontend/FrontendDevLifecycle.d.ts.map +1 -0
package/dist/frontend/FrontendDevLifecycle.js +60 -0
package/dist/frontend/FrontendDevLifecycle.js.map +1 -0
package/dist/frontend/FrontendPluginOrchestrator.d.ts +64 -0
package/dist/frontend/FrontendPluginOrchestrator.d.ts.map +1 -0
package/dist/frontend/FrontendPluginOrchestrator.js +167 -0
package/dist/frontend/FrontendPluginOrchestrator.js.map +1 -0
package/dist/frontend/SiteResolver.d.ts +33 -0
package/dist/frontend/SiteResolver.d.ts.map +1 -0
package/dist/frontend/SiteResolver.js +53 -0
package/dist/frontend/SiteResolver.js.map +1 -0
package/dist/frontend/StaticMountRegistry.d.ts +36 -0
package/dist/frontend/StaticMountRegistry.d.ts.map +1 -0
package/dist/frontend/StaticMountRegistry.js +94 -0
package/dist/frontend/StaticMountRegistry.js.map +1 -0
package/dist/frontend/index.d.ts +7 -0
package/dist/frontend/index.d.ts.map +1 -0
package/{src → dist}/frontend/index.js +4 -2
package/dist/frontend/index.js.map +1 -0
package/dist/frontend/pathUtils.d.ts +8 -0
package/dist/frontend/pathUtils.d.ts.map +1 -0
package/dist/frontend/pathUtils.js +17 -0
package/dist/frontend/pathUtils.js.map +1 -0
package/dist/frontend/plugins/index.d.ts +2 -0
package/dist/frontend/plugins/index.d.ts.map +1 -0
package/{src → dist}/frontend/plugins/index.js +1 -1
package/dist/frontend/plugins/index.js.map +1 -0
package/dist/frontend/plugins/viteFrontend.d.ts +51 -0
package/dist/frontend/plugins/viteFrontend.d.ts.map +1 -0
package/dist/frontend/plugins/viteFrontend.js +134 -0
package/dist/frontend/plugins/viteFrontend.js.map +1 -0
package/dist/frontend/types.d.ts +25 -0
package/dist/frontend/types.d.ts.map +1 -0
package/dist/frontend/types.js +2 -0
package/dist/frontend/types.js.map +1 -0
package/dist/index.d.ts +17 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +32 -0
package/dist/index.js.map +1 -0
package/dist/internals.d.ts +21 -0
package/dist/internals.d.ts.map +1 -0
package/{src → dist}/internals.js +12 -14
package/dist/internals.js.map +1 -0
package/dist/plugins/PluginManager.d.ts +209 -0
package/dist/plugins/PluginManager.d.ts.map +1 -0
package/dist/plugins/PluginManager.js +365 -0
package/dist/plugins/PluginManager.js.map +1 -0
package/dist/plugins/ScopedPostgres.d.ts +78 -0
package/dist/plugins/ScopedPostgres.d.ts.map +1 -0
package/dist/plugins/ScopedPostgres.js +190 -0
package/dist/plugins/ScopedPostgres.js.map +1 -0
package/dist/plugins/ScopedRedis.d.ts +88 -0
package/dist/plugins/ScopedRedis.d.ts.map +1 -0
package/dist/plugins/ScopedRedis.js +169 -0
package/dist/plugins/ScopedRedis.js.map +1 -0
package/dist/plugins/index.d.ts +289 -0
package/dist/plugins/index.d.ts.map +1 -0
package/dist/plugins/index.js +1942 -0
package/dist/plugins/index.js.map +1 -0
package/dist/plugins/types.d.ts +59 -0
package/dist/plugins/types.d.ts.map +1 -0
package/dist/plugins/types.js +2 -0
package/dist/plugins/types.js.map +1 -0
package/dist/registry/ServiceRegistry.d.ts +305 -0
package/dist/registry/ServiceRegistry.d.ts.map +1 -0
package/dist/registry/ServiceRegistry.js +735 -0
package/dist/registry/ServiceRegistry.js.map +1 -0
package/dist/scaling/ScaleAdvisor.d.ts +214 -0
package/dist/scaling/ScaleAdvisor.d.ts.map +1 -0
package/dist/scaling/ScaleAdvisor.js +526 -0
package/dist/scaling/ScaleAdvisor.js.map +1 -0
package/dist/services/Service.d.ts +164 -0
package/dist/services/Service.d.ts.map +1 -0
package/dist/services/Service.js +106 -0
package/dist/services/Service.js.map +1 -0
package/dist/services/worker-bootstrap.d.ts +15 -0
package/dist/services/worker-bootstrap.d.ts.map +1 -0
package/dist/services/worker-bootstrap.js +744 -0
package/dist/services/worker-bootstrap.js.map +1 -0
package/dist/templates/auth-service.d.ts +42 -0
package/dist/templates/auth-service.d.ts.map +1 -0
package/dist/templates/auth-service.js +54 -0
package/dist/templates/auth-service.js.map +1 -0
package/dist/templates/identity-service.d.ts +50 -0
package/dist/templates/identity-service.d.ts.map +1 -0
package/dist/templates/identity-service.js +62 -0
package/dist/templates/identity-service.js.map +1 -0
package/dist/types/contract.d.ts +120 -0
package/dist/types/contract.d.ts.map +1 -0
package/dist/types/contract.js +69 -0
package/dist/types/contract.js.map +1 -0
package/package.json +78 -20
package/src/core/DirectMessageBus.js +0 -364
package/src/core/EndpointResolver.js +0 -259
package/src/core/ForgeContext.js +0 -2236
package/src/core/ForgeHost.js +0 -122
package/src/core/ForgePlatform.js +0 -145
package/src/core/Ingress.js +0 -768
package/src/core/Interceptors.js +0 -420
package/src/core/MessageBus.js +0 -321
package/src/core/Prometheus.js +0 -305
package/src/core/RequestContext.js +0 -413
package/src/core/RoutingStrategy.js +0 -330
package/src/core/Supervisor.js +0 -1349
package/src/core/ThreadAllocator.js +0 -196
package/src/core/WorkerChannelManager.js +0 -879
package/src/core/config.js +0 -637
package/src/core/host-config.js +0 -311
package/src/core/network-utils.js +0 -166
package/src/core/platform-config.js +0 -308
package/src/decorators/ServiceProxy.js +0 -904
package/src/decorators/index.js +0 -571
package/src/deploy/NginxGenerator.js +0 -865
package/src/deploy/PlatformManifestGenerator.js +0 -96
package/src/deploy/RouteManifestGenerator.js +0 -112
package/src/deploy/index.js +0 -984
package/src/frontend/FrontendDevLifecycle.js +0 -65
package/src/frontend/FrontendPluginOrchestrator.js +0 -187
package/src/frontend/SiteResolver.js +0 -63
package/src/frontend/StaticMountRegistry.js +0 -90
package/src/frontend/plugins/viteFrontend.js +0 -79
package/src/frontend/types.js +0 -35
package/src/index.js +0 -58
package/src/plugins/PluginManager.js +0 -537
package/src/plugins/ScopedPostgres.js +0 -192
package/src/plugins/ScopedRedis.js +0 -142
package/src/plugins/index.js +0 -1756
package/src/registry/ServiceRegistry.js +0 -797
package/src/scaling/ScaleAdvisor.js +0 -442
package/src/services/Service.js +0 -195
package/src/services/worker-bootstrap.js +0 -679
package/src/templates/auth-service.js +0 -65
package/src/templates/identity-service.js +0 -75

package/dist/core/SignatureCache.js ADDED Viewed

@@ -0,0 +1,172 @@
+/**
+ * SignatureCache - Rotating HMAC signature cache for internal RPC optimization
+ *
+ * P-PERF-29: Reduce per-request HMAC computation cost by caching signatures with
+ * periodic rotation. Maintains replay protection guarantees while reducing CPU overhead.
+ *
+ * Security Model:
+ * - Signatures rotate every 5 seconds (configurable)
+ * - Multiple signatures active during overlap window for clock drift tolerance
+ * - Replay protection window: 30 seconds (INTERNAL_SIG_MAX_AGE_MS)
+ * - Rotation interval (5s) << replay window (30s) = safe
+ *
+ * Performance:
+ * - Reduces HMAC computations by ~5s/rotation_interval ratio
+ * - At 1000 RPS: 5000 HMAC ops/rotation vs 1 per rotation = ~5000x reduction
+ * - Memory overhead: ~200 bytes per cached signature entry
+ */
+import { createHmac } from "node:crypto";
+const MIN_SECRET_LENGTH = 32;
+/**
+ * SignatureCache maintains a rotating set of precomputed HMAC signatures
+ * for internal RPC authentication. Reduces per-request CPU cost while
+ * preserving replay protection guarantees.
+ */
+export class SignatureCache {
+    secret;
+    rotationIntervalMs;
+    enabled;
+    // Current and previous signatures for overlap tolerance, keyed by method:path
+    currentSignatures = new Map();
+    previousSignatures = new Map();
+    // Current rotation timestamp (shared across all keys)
+    currentTimestamp = null;
+    previousTimestamp = null;
+    // Timer for automatic rotation
+    rotationTimer = null;
+    constructor(secret, config = {}) {
+        this.secret = secret;
+        this.rotationIntervalMs = config.rotationIntervalMs ?? 5000; // 5 seconds default
+        this.enabled = config.enabled ?? false; // Opt-in for safety
+        // SEC-L2: Warn on short FORGE_INTERNAL_SECRET
+        if (secret.length < MIN_SECRET_LENGTH) {
+            process.stderr.write(`${JSON.stringify({
+                timestamp: new Date().toISOString(),
+                level: "warn",
+                message: `FORGE_INTERNAL_SECRET is shorter than ${MIN_SECRET_LENGTH} characters — this is insecure. Use a longer secret in production.`,
+            })}\n`);
+        }
+        if (this.rotationIntervalMs < 1000) {
+            throw new Error("rotationIntervalMs must be at least 1000ms");
+        }
+        // Validate rotation interval doesn't exceed replay window
+        // INTERNAL_SIG_MAX_AGE_MS is 30000ms - rotation should be significantly smaller
+        const REPLAY_WINDOW_MS = 30000;
+        if (this.rotationIntervalMs >= REPLAY_WINDOW_MS / 2) {
+            throw new Error(`rotationIntervalMs (${this.rotationIntervalMs}ms) must be less than half the replay window (${REPLAY_WINDOW_MS}ms)`);
+        }
+        if (this.enabled) {
+            this._initializeCache();
+            this._startRotation();
+        }
+    }
+    /**
+     * Get a signature for the given method and path.
+     * If caching is disabled, computes a fresh signature each time.
+     * If caching is enabled, returns the current cached signature.
+     */
+    getSignature(method, path) {
+        if (!this.enabled) {
+            // Fallback to per-request computation (original behavior)
+            const ts = Date.now();
+            const sig = createHmac("sha256", this.secret).update(`${method}:${path}:${ts}`).digest("hex");
+            return { signature: sig, timestamp: String(ts) };
+        }
+        if (this.currentTimestamp === null) {
+            // Shouldn't happen if properly initialized, but handle gracefully
+            return this._computeFreshSignature(method, path);
+        }
+        const key = `${method}:${path}`;
+        let entry = this.currentSignatures.get(key);
+        if (!entry) {
+            // Lazily compute and cache for this method:path at the current rotation timestamp
+            const signature = createHmac("sha256", this.secret)
+                .update(`${method}:${path}:${this.currentTimestamp}`)
+                .digest("hex");
+            entry = { signature, timestamp: this.currentTimestamp };
+            this.currentSignatures.set(key, entry);
+        }
+        return {
+            signature: entry.signature,
+            timestamp: String(entry.timestamp),
+        };
+    }
+    /**
+     * Check if caching is enabled
+     */
+    isEnabled() {
+        return this.enabled;
+    }
+    /**
+     * Get cache statistics for monitoring
+     */
+    getStats() {
+        return {
+            enabled: this.enabled,
+            rotationIntervalMs: this.rotationIntervalMs,
+            currentTimestamp: this.currentTimestamp,
+            previousTimestamp: this.previousTimestamp,
+        };
+    }
+    /**
+     * Stop the rotation timer (for cleanup)
+     */
+    stop() {
+        if (this.rotationTimer) {
+            clearInterval(this.rotationTimer);
+            this.rotationTimer = null;
+        }
+    }
+    /**
+     * Force an immediate rotation (useful for testing)
+     */
+    rotate() {
+        this._rotateSignature();
+    }
+    // ─── Private Methods ────────────────────────────────────────
+    _initializeCache() {
+        // Generate initial signature
+        this._rotateSignature();
+    }
+    _startRotation() {
+        // Set up periodic rotation
+        this.rotationTimer = setInterval(() => {
+            this._rotateSignature();
+        }, this.rotationIntervalMs);
+        // Don't keep process alive for rotation timer
+        this.rotationTimer.unref?.();
+    }
+    _rotateSignature() {
+        // Move current to previous
+        this.previousSignatures = this.currentSignatures;
+        this.previousTimestamp = this.currentTimestamp;
+        // Start new rotation with fresh map and timestamp
+        // Signatures are lazily computed per method:path on first access
+        const now = Date.now();
+        this.currentTimestamp = now;
+        this.currentSignatures = new Map();
+    }
+    _computeFreshSignature(method, path) {
+        const ts = Date.now();
+        const sig = createHmac("sha256", this.secret).update(`${method}:${path}:${ts}`).digest("hex");
+        return { signature: sig, timestamp: String(ts) };
+    }
+}
+/**
+ * Create a signature cache instance from environment configuration
+ */
+export function createSignatureCacheFromEnv() {
+    const secret = process.env.FORGE_INTERNAL_SECRET;
+    if (!secret) {
+        return null;
+    }
+    const enableCache = process.env.FORGE_CACHE_SIGNATURES === "true";
+    const rotationMs = process.env.FORGE_SIGNATURE_ROTATION_MS
+        ? parseInt(process.env.FORGE_SIGNATURE_ROTATION_MS, 10)
+        : 5000;
+    return new SignatureCache(secret, {
+        enabled: enableCache,
+        rotationIntervalMs: rotationMs,
+    });
+}
+//# sourceMappingURL=SignatureCache.js.map

package/dist/core/SignatureCache.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"SignatureCache.js","sourceRoot":"","sources":["../../src/core/SignatureCache.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAkB7B;;;;GAIG;AACH,MAAM,OAAO,cAAc;IACR,MAAM,CAAS;IACf,kBAAkB,CAAS;IAC3B,OAAO,CAAU;IAElC,8EAA8E;IACtE,iBAAiB,GAAgC,IAAI,GAAG,EAAE,CAAC;IAC3D,kBAAkB,GAAgC,IAAI,GAAG,EAAE,CAAC;IAEpE,sDAAsD;IAC9C,gBAAgB,GAAkB,IAAI,CAAC;IACvC,iBAAiB,GAAkB,IAAI,CAAC;IAEhD,+BAA+B;IACvB,aAAa,GAA0B,IAAI,CAAC;IAEpD,YAAY,MAAc,EAAE,SAA+B,EAAE;QAC3D,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,kBAAkB,GAAG,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC,CAAC,oBAAoB;QACjF,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,KAAK,CAAC,CAAC,oBAAoB;QAE5D,8CAA8C;QAC9C,IAAI,MAAM,CAAC,MAAM,GAAG,iBAAiB,EAAE,CAAC;YACtC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,GAAG,IAAI,CAAC,SAAS,CAAC;gBAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,KAAK,EAAE,MAAM;gBACb,OAAO,EAAE,yCAAyC,iBAAiB,oEAAoE;aACxI,CAAC,IAAI,CACP,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,kBAAkB,GAAG,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,0DAA0D;QAC1D,gFAAgF;QAChF,MAAM,gBAAgB,GAAG,KAAK,CAAC;QAC/B,IAAI,IAAI,CAAC,kBAAkB,IAAI,gBAAgB,GAAG,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CACb,uBAAuB,IAAI,CAAC,kBAAkB,iDAAiD,gBAAgB,KAAK,CACrH,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,IAAI,CAAC,cAAc,EAAE,CAAC;QACxB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,YAAY,CAAC,MAAc,EAAE,IAAY;QACvC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,0DAA0D;YAC1D,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACtB,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC9F,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;QACnD,CAAC;QAED,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,EAAE,CAAC;YACnC,kEAAkE;YAClE,OAAO,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,GAAG,GAAG,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC;QAChC,IAAI,KAAK,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,kFAAkF;YAClF,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC;iBAChD,MAAM,CAAC,GAAG,MAAM,IAAI,IAAI,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;iBACpD,MAAM,CAAC,KAAK,CAAC,CAAC;YACjB,KAAK,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxD,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACzC,CAAC;QAED,OAAO;YACL,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC;SACnC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,QAAQ;QAMN,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;YAC3C,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;YACvC,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;SAC1C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,IAAI;QACF,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAClC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC5B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM;QACJ,IAAI,CAAC,gBAAgB,EAAE,CAAC;IAC1B,CAAC;IAED,+DAA+D;IAEvD,gBAAgB;QACtB,6BAA6B;QAC7B,IAAI,CAAC,gBAAgB,EAAE,CAAC;IAC1B,CAAC;IAEO,cAAc;QACpB,2BAA2B;QAC3B,IAAI,CAAC,aAAa,GAAG,WAAW,CAAC,GAAG,EAAE;YACpC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC1B,CAAC,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAE5B,8CAA8C;QAC9C,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,CAAC;IAC/B,CAAC;IAEO,gBAAgB;QACtB,2BAA2B;QAC3B,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,iBAAiB,CAAC;QACjD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,gBAAgB,CAAC;QAE/C,kDAAkD;QAClD,iEAAiE;QACjE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,gBAAgB,GAAG,GAAG,CAAC;QAC5B,IAAI,CAAC,iBAAiB,GAAG,IAAI,GAAG,EAAE,CAAC;IACrC,CAAC;IAEO,sBAAsB,CAAC,MAAc,EAAE,IAAY;QACzD,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACtB,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC9F,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;IACnD,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B;IACzC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;IACjD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,MAAM,CAAC;IAClE,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B;QACxD,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,2BAA2B,EAAE,EAAE,CAAC;QACvD,CAAC,CAAC,IAAI,CAAC;IAET,OAAO,IAAI,cAAc,CAAC,MAAM,EAAE;QAChC,OAAO,EAAE,WAAW;QACpB,kBAAkB,EAAE,UAAU;KAC/B,CAAC,CAAC;AACL,CAAC"}

package/dist/core/StaticFileServer.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+import type { ResolvedStaticMount } from "../frontend/StaticMountRegistry.js";
+import type { StaticMountRegistry } from "../frontend/StaticMountRegistry.js";
+export interface StaticMount extends ResolvedStaticMount {
+    spaExclude?: string[];
+}
+interface LoggerLike {
+    warn: (message: string, meta?: Record<string, unknown>) => void;
+    error: (message: string, meta?: Record<string, unknown>) => void;
+}
+interface MetricsLike {
+    httpRequestEnd: (durationSeconds: number, labels: Record<string, string | number>) => void;
+}
+interface StaticFileServerOptions {
+    staticRegistry: StaticMountRegistry;
+    logger: LoggerLike;
+    metrics: MetricsLike;
+}
+export declare class StaticFileServer {
+    private readonly _staticRegistry;
+    private readonly _logger;
+    private readonly _metrics;
+    constructor(options: StaticFileServerOptions);
+    resolveMountForRequest(req: IncomingMessage, pathname: string): ResolvedStaticMount | null;
+    tryServeStatic(req: IncomingMessage, res: ServerResponse, start: number): Promise<boolean>;
+    private _proxyStaticToDevServer;
+    private _resolveStaticFile;
+    private _resolveExistingStaticFile;
+    private _isWithinRoot;
+    private _parseRange;
+    private _staticCacheControl;
+}
+export {};
+//# sourceMappingURL=StaticFileServer.d.ts.map

package/dist/core/StaticFileServer.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"StaticFileServer.d.ts","sourceRoot":"","sources":["../../src/core/StaticFileServer.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAIjE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAiB9E,MAAM,WAAW,WAAY,SAAQ,mBAAmB;IACtD,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,UAAU,UAAU;IAClB,IAAI,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IAChE,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;CAClE;AAED,UAAU,WAAW;IACnB,cAAc,EAAE,CAAC,eAAe,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,KAAK,IAAI,CAAC;CAC5F;AAED,UAAU,uBAAuB;IAC/B,cAAc,EAAE,mBAAmB,CAAC;IACpC,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,WAAW,CAAC;CACtB;AA0ED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAsB;IACtD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAa;IACrC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAc;gBAE3B,OAAO,EAAE,uBAAuB;IAM5C,sBAAsB,CAAC,GAAG,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,GAAG,mBAAmB,GAAG,IAAI;IAMpF,cAAc,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;YAiPlF,uBAAuB;IAuFrC,OAAO,CAAC,kBAAkB;YAmBZ,0BAA0B;YAmB1B,aAAa;IAU3B,OAAO,CAAC,WAAW;IAyBnB,OAAO,CAAC,mBAAmB;CAoB5B"}