tina4-nodejs 3.13.42 → 3.13.44

package/packages/core/src/queueBackends/mongoBackend.ts

@@ -229,12 +229,20 @@ export class MongoBackend implements QueueBackend {
             if (result && result.value) {
               // findOneAndUpdate returns { value: doc } in older drivers
               const doc = result.value;
+              // Carry the framework topic on the job so complete()/fail()
+              // route the ack/requeue back to THIS topic's docs (the Mongo
+              // internal queue field is dropped from the returned shape).
+              doc.topic = queueName;
               delete doc._id;
               delete doc.queue;
               process.stdout.write(JSON.stringify(doc));
             } else if (result && result._id) {
               // Some driver versions return the doc directly
               const doc = { ...result };
+              // Carry the framework topic on the job so complete()/fail()
+              // route the ack/requeue back to THIS topic's docs (the Mongo
+              // internal queue field is dropped from the returned shape).
+              doc.topic = queueName;
               delete doc._id;
               delete doc.queue;
               process.stdout.write(JSON.stringify(doc));
@@ -253,6 +261,95 @@ export class MongoBackend implements QueueBackend {
             await col.deleteMany({ queue: queueName });
             process.stdout.write("__CLEARED__");
           }
+          else if (operation === "complete") {
+            // Ack a finished job so the reclaim never re-delivers it. data = job id.
+            // (The pop reserved this doc; without this it stays reserved and is
+            // re-delivered after the visibility window — the redelivery bug.)
+            await col.updateOne(
+              { queue: queueName, id: data },
+              { $set: { status: "completed", completedAt: new Date().toISOString(), reservedAt: null } },
+            );
+            process.stdout.write("__OK__");
+          }
+          else if (operation === "fail") {
+            // Requeue while retries remain (reset availableAt -> visible again),
+            // else dead-letter. Atomic decision in Mongo. data = JSON
+            // { id, error, maxRetries, retryBackoff }.
+            const info = JSON.parse(data);
+            const now = new Date().toISOString();
+            const doc = await col.findOne({ queue: queueName, id: info.id });
+            if (doc) {
+              const attempts = (doc.attempts || 0) + 1;
+              if (attempts >= info.maxRetries) {
+                await col.insertOne({
+                  ...doc, _id: undefined, attempts,
+                  status: "dead", queue: queueName + ".dead_letter", error: info.error,
+                });
+                await col.deleteOne({ _id: doc._id, queue: queueName });
+              } else {
+                const avail = info.retryBackoff > 0
+                  ? new Date(Date.now() + info.retryBackoff * 1000).toISOString()
+                  : now;
+                await col.updateOne(
+                  { _id: doc._id, queue: queueName },
+                  { $set: { status: "pending", availableAt: avail, reservedAt: null, error: info.error },
+                    $inc: { attempts: 1 } },
+                );
+              }
+            }
+            process.stdout.write("__OK__");
+          }
+          else if (operation === "retry") {
+            // Explicit manual re-queue (always re-enqueues). data = JSON
+            // { id, delaySeconds }.
+            const info = JSON.parse(data);
+            const avail = info.delaySeconds > 0
+              ? new Date(Date.now() + info.delaySeconds * 1000).toISOString()
+              : new Date().toISOString();
+            await col.updateOne(
+              { queue: queueName, id: info.id },
+              { $set: { status: "pending", availableAt: avail, reservedAt: null }, $inc: { attempts: 1 } },
+            );
+            process.stdout.write("__OK__");
+          }
+          else if (operation === "deadLetters") {
+            const docs = await col.find({ queue: queueName + ".dead_letter" }).toArray();
+            const out = docs.map((d) => { delete d._id; delete d.queue; return d; });
+            process.stdout.write(JSON.stringify(out));
+          }
+          else if (operation === "failed") {
+            const docs = await col
+              .find({ queue: queueName, status: "failed", attempts: { $lt: maxRetries } })
+              .toArray();
+            const out = docs.map((d) => { delete d._id; delete d.queue; return d; });
+            process.stdout.write(JSON.stringify(out));
+          }
+          else if (operation === "retryFailed") {
+            // Revive dead-lettered jobs under the (possibly raised) limit back to
+            // the main queue as pending. data = the max-retries limit.
+            const mr = data ? Number(data) : maxRetries;
+            const now = new Date().toISOString();
+            let revived = 0;
+            while (true) {
+              const doc = await col.findOneAndUpdate(
+                { queue: queueName + ".dead_letter", attempts: { $lt: mr } },
+                { $set: { status: "pending", availableAt: now, reservedAt: null, queue: queueName, error: null } },
+                { returnDocument: "after" },
+              );
+              const updated = doc && doc.value ? doc.value : (doc && doc._id ? doc : null);
+              if (!updated) break;
+              revived++;
+            }
+            process.stdout.write(String(revived));
+          }
+          else if (operation === "purge") {
+            // Delete docs by status (default: all for the topic). data = JSON { status }.
+            const info = data ? JSON.parse(data) : {};
+            const filter = { queue: queueName };
+            if (info.status) filter.status = info.status;
+            const res = await col.deleteMany(filter);
+            process.stdout.write(String(res.deletedCount || 0));
+          }
         } catch (err) {
           process.stderr.write(err.message || String(err));
           process.exit(1);
@@ -328,4 +425,50 @@ export class MongoBackend implements QueueBackend {
   clear(queue: string): void {
     this.execSync("clear", queue);
   }
+
+  /**
+   * Acknowledge a completed job — drop its reservation so the reclaim never
+   * re-delivers it. Without this a Mongo-popped job stayed reserved and was
+   * re-delivered after the visibility window (the redelivery bug).
+   */
+  complete(queue: string, id: string): void {
+    this.execSync("complete", queue, id);
+  }
+
+  /**
+   * Record a failed attempt: requeue (reset availableAt, ++attempts) while
+   * retries remain, else dead-letter. Mirrors the file/lite backend.
+   */
+  fail(queue: string, id: string, error: string, maxRetries: number, retryBackoff: number = 0): void {
+    this.execSync("fail", queue, JSON.stringify({ id, error, maxRetries, retryBackoff }));
+  }
+
+  /** Explicit manual re-queue (always re-enqueues regardless of the retry limit). */
+  retry(queue: string, id: string, delaySeconds: number = 0): void {
+    this.execSync("retry", queue, JSON.stringify({ id, delaySeconds }));
+  }
+
+  /** Jobs that exceeded max retries (the `<queue>.dead_letter` collection topic). */
+  deadLetters(queue: string, maxRetries?: number): QueueJob[] {
+    const out = this.execSync("deadLetters", queue, String(maxRetries ?? this.maxRetries));
+    try { return JSON.parse(out) as QueueJob[]; } catch { return []; }
+  }
+
+  /** Jobs that failed but are still eligible for retry (status=failed, attempts < max). */
+  failed(queue: string, maxRetries?: number): QueueJob[] {
+    const out = this.execSync("failed", queue, String(maxRetries ?? this.maxRetries));
+    try { return JSON.parse(out) as QueueJob[]; } catch { return []; }
+  }
+
+  /** Revive dead-lettered jobs under the (possibly raised) limit. Returns count revived. */
+  retryFailed(queue: string, maxRetries?: number): number {
+    const out = this.execSync("retryFailed", queue, String(maxRetries ?? this.maxRetries));
+    return parseInt(out, 10) || 0;
+  }
+
+  /** Remove jobs by status (default: every doc for the topic). Returns count removed. */
+  purge(queue: string, status?: string): number {
+    const out = this.execSync("purge", queue, JSON.stringify({ status: status ?? "" }));
+    return parseInt(out, 10) || 0;
+  }
 }

package/packages/core/src/queueBackends/rabbitmqBackend.ts

@@ -242,6 +242,8 @@ export class RabbitMQBackend implements QueueBackend {
       let buffer = Buffer.alloc(0);
       let step = "handshake";
       let deliveryTag = null;
+      let expectedBody = 0;
+      let receivedBody = 0;
 
       sock.on("data", (chunk) => {
         buffer = Buffer.concat([buffer, chunk]);
@@ -264,11 +266,29 @@ export class RabbitMQBackend implements QueueBackend {
             const methodId = payload.readUInt16BE(2);
             handleMethod(classId, methodId, payload.subarray(4), channel);
           } else if (frameType === 2) { // HEADER frame
-            // Content header — skip for basic.get
+            // Content header — capture the declared body size so we know when the
+            // body is complete (a body may arrive in several frames).
+            if (operation === "get") {
+              // body-size is a 64-bit field at offset 4 of the header payload;
+              // the low 32 bits are enough for our JSON payloads.
+              expectedBody = payload.readUInt32BE(8);
+              receivedBody = 0;
+            }
           } else if (frameType === 3) { // BODY frame
             // Content body
             const body = payload.toString("utf-8");
             process.stdout.write(body);
+            if (operation === "get") {
+              receivedBody += payload.length;
+              // Once the whole body has arrived, cleanly close the connection so
+              // the child exits 0 with the body on stdout. Without this the get
+              // handler fell through to the 10s watchdog (exit 1), so pop()
+              // always saw a failed child and returned null even though the
+              // message body had been written to stdout.
+              if (receivedBody >= expectedBody) {
+                closeConnection();
+              }
+            }
           }
         }
       }
@@ -310,11 +330,29 @@ export class RabbitMQBackend implements QueueBackend {
           sendMethod(0, 10, 11, payload.subarray(0, offset));
         }
         else if (classId === 10 && methodId === 30) {
-          // Connection.Tune → send Connection.Tune-Ok + Connection.Open
-          const tuneOk = Buffer.alloc(12);
-          tuneOk.writeUInt16BE(0, 0);     // channel-max
-          tuneOk.writeUInt32BE(131072, 2); // frame-max
-          tuneOk.writeUInt16BE(60, 6);     // heartbeat
+          // Connection.Tune → send Connection.Tune-Ok + Connection.Open.
+          // AMQP 0-9-1 requires TuneOk values to NOT exceed the server's proposal.
+          // The broker's Tune args are channel-max:short, frame-max:long,
+          // heartbeat:short. Hardcoding channel-max=0 means "no limit", which
+          // RabbitMQ treats as exceeding its proposed channel-max (e.g. 2047) and
+          // it aborts the connection right after Open — so negotiate instead.
+          const desiredFrameMax = 131072;
+          const desiredHeartbeat = 60;
+          const serverChannelMax = args.length >= 2 ? args.readUInt16BE(0) : 0;
+          const serverFrameMax = args.length >= 6 ? args.readUInt32BE(2) : 0;
+          const serverHeartbeat = args.length >= 8 ? args.readUInt16BE(6) : 0;
+
+          // channel-max: echo the server's value (its cap); 0 = unlimited.
+          const channelMax = serverChannelMax;
+          // frame-max: min(desired, server), treating 0 as unlimited on either side.
+          const frameMax = serverFrameMax === 0 ? desiredFrameMax : Math.min(desiredFrameMax, serverFrameMax);
+          // heartbeat: our choice, clamped to the server's if it proposed a non-zero one.
+          const heartbeat = serverHeartbeat === 0 ? desiredHeartbeat : Math.min(desiredHeartbeat, serverHeartbeat);
+
+          const tuneOk = Buffer.alloc(8);
+          tuneOk.writeUInt16BE(channelMax, 0); // channel-max (negotiated)
+          tuneOk.writeUInt32BE(frameMax, 2);   // frame-max (negotiated)
+          tuneOk.writeUInt16BE(heartbeat, 6);  // heartbeat (negotiated)
           sendMethod(0, 10, 31, tuneOk);
 
           // Connection.Open
@@ -334,8 +372,13 @@ export class RabbitMQBackend implements QueueBackend {
         }
         else if (classId === 20 && methodId === 11) {
           // Channel.Open-Ok → declare queue
+          // Payload: reserved(2) + queue short-string(1 + len) + flags(1) +
+          // arguments empty-table(4) = 8 + len bytes. (Was 7 + len, which
+          // overflowed the 4-byte empty-table write at offset 4 + len and threw
+          // ERR_OUT_OF_RANGE — swallowed by the catch, so publish/get/size all
+          // silently failed even once the handshake succeeded.)
           const qBuf = Buffer.from(queueName, "utf-8");
-          const declPayload = Buffer.alloc(7 + qBuf.length);
+          const declPayload = Buffer.alloc(8 + qBuf.length);
           declPayload.writeUInt16BE(0, 0); // reserved
           declPayload.writeUInt8(qBuf.length, 2);
           qBuf.copy(declPayload, 3);
@@ -357,25 +400,21 @@ export class RabbitMQBackend implements QueueBackend {
 
             sendMethod(1, 60, 40, pubPayload);
 
-            // Content header
+            // Content header frame. AMQP 0-9-1 content header body is:
+            // class-id(2) + weight(2) + body-size(8) + property-flags(2), then
+            // one entry per set property flag. With property-flags = 0 (no
+            // properties) the header is EXACTLY 14 bytes. The previous code
+            // allocated 14 + 1 + ct.length + 1 = 32 bytes but only wrote the
+            // first 14, leaving 18 trailing zero bytes that the broker parsed as
+            // bogus property data — it replied INTERNAL_ERROR (541) and closed
+            // the connection, so no message was ever stored. Allocate exactly 14.
             const bodyBuf = Buffer.from(data, "utf-8");
-            const header = Buffer.alloc(18);
-            header.writeUInt16BE(60, 0); // class = basic
-            header.writeUInt16BE(0, 2);  // weight
-            // body size (64-bit, we only use lower 32)
-            header.writeUInt32BE(0, 4);
-            header.writeUInt32BE(bodyBuf.length, 8);
-            header.writeUInt16BE(0x6000, 12); // property flags: delivery-mode + content-type
-            // content-type
-            const ct = Buffer.from("application/json");
-            header.writeUInt8(ct.length, 14);
-
-            const fullHeader = Buffer.alloc(14 + 1 + ct.length + 1);
-            fullHeader.writeUInt16BE(60, 0);
-            fullHeader.writeUInt16BE(0, 2);
-            fullHeader.writeUInt32BE(0, 4);
-            fullHeader.writeUInt32BE(bodyBuf.length, 8);
-            fullHeader.writeUInt16BE(0x0000, 12); // no properties for simplicity
+            const fullHeader = Buffer.alloc(14);
+            fullHeader.writeUInt16BE(60, 0);          // class = basic
+            fullHeader.writeUInt16BE(0, 2);           // weight
+            fullHeader.writeUInt32BE(0, 4);           // body-size high 32 bits
+            fullHeader.writeUInt32BE(bodyBuf.length, 8); // body-size low 32 bits
+            fullHeader.writeUInt16BE(0x0000, 12);     // property flags: none set
 
             // Send header frame
             const hFrame = Buffer.alloc(7 + fullHeader.length + 1);
@@ -440,9 +479,21 @@ export class RabbitMQBackend implements QueueBackend {
           closeConnection();
         }
         else if (classId === 10 && methodId === 50) {
-          // Connection.Close → send Connection.Close-Ok
+          // Connection.Close (server-initiated, e.g. a channel/protocol error)
+          // → send Connection.Close-Ok and exit non-zero so the caller sees the
+          // failure rather than a half-completed operation.
           sendMethod(0, 10, 51, Buffer.alloc(0));
           sock.destroy();
+          process.exit(1);
+        }
+        else if (classId === 10 && methodId === 51) {
+          // Connection.Close-Ok — the broker has acknowledged our Close, which
+          // means it has fully processed everything we sent (incl. a Basic.Publish
+          // and its content frames). Only now is it safe to drop the socket. The
+          // previous code destroyed the socket on a blind 200ms timer right after
+          // writing the body frame, racing the broker and dropping the message.
+          sock.destroy();
+          process.exit(0);
         }
       }
 
@@ -482,14 +533,26 @@ export class RabbitMQBackend implements QueueBackend {
       }
 
       function closeConnection() {
-        // Send Connection.Close
-        const closePayload = Buffer.alloc(6);
+        // Send Connection.Close — payload is reply-code(2) + reply-text
+        // short-string(1 + 0) + class-id(2) + method-id(2) = 7 bytes. (Was
+        // Buffer.alloc(6), so the method-id write at offset 5 overflowed and
+        // threw ERR_OUT_OF_RANGE right after "__PUBLISHED__" was written —
+        // swallowed by the parent catch, so push() reported "publish failed"
+        // even though the message had already reached the broker.)
+        const closePayload = Buffer.alloc(7);
         closePayload.writeUInt16BE(200, 0); // reply code
-        closePayload.writeUInt8(0, 2); // reply text (empty)
+        closePayload.writeUInt8(0, 2); // reply text (empty short-string)
         closePayload.writeUInt16BE(0, 3); // class
         closePayload.writeUInt16BE(0, 5); // method
         sendMethod(0, 10, 50, closePayload);
-        setTimeout(() => sock.destroy(), 500);
+        // Do NOT destroy the socket here — wait for the broker's
+        // Connection.Close-Ok (10/51), which confirms it has fully processed
+        // everything we sent (the Basic.Publish + content frames in particular).
+        // The 10/51 handler exits 0. This safety net only fires if the broker
+        // never replies, and still exits 0 because stdout already carries the
+        // operation's result (the message was flushed to the socket before
+        // Close was sent).
+        setTimeout(() => { sock.destroy(); process.exit(0); }, 3000).unref();
       }
 
       sock.on("error", (err) => {
@@ -497,7 +560,10 @@ export class RabbitMQBackend implements QueueBackend {
         process.exit(1);
       });
 
-      setTimeout(() => { sock.destroy(); process.exit(1); }, 10000);
+      // Watchdog: only fires if an operation never completes (handshake hangs).
+      // unref() so a completed operation's pending timer can't keep the event
+      // loop alive and delay/override the clean exit above.
+      setTimeout(() => { sock.destroy(); process.exit(1); }, 10000).unref();
     `;
 
     try {

package/packages/core/src/server.ts

@@ -937,8 +937,13 @@ ${reset}
           console.log(`    \x1b[35m${definition.tableName}\x1b[0m (${Object.keys(definition.fields).length} fields)`);
         }
 
-        // Generate auto-CRUD routes for all discovered models
-        const crudRoutes = orm.generateCrudRoutes(models);
+        // Generate auto-CRUD routes ONLY for models that explicitly opted in via
+        // `static autoCrud = true` (the documented opt-in gate; default false). The
+        // server previously generated the 5 CRUD endpoints for every discovered model
+        // regardless of the flag, contradicting the documented contract. (Python's
+        // AutoCrud is opt-in too — via an explicit AutoCrud.register/discover call.)
+        const crudModels = orm.crudEligibleModels(models);
+        const crudRoutes = crudModels.length > 0 ? orm.generateCrudRoutes(crudModels) : [];
         for (const route of crudRoutes) {
           // Only add if no file-based route already handles this
           const existing = router.match(route.method, route.pattern.replace(/\{(\w+)\}/g, "test").replace(/\[(\w+)\]/g, "test"));
@@ -947,9 +952,11 @@ ${reset}
           }
         }
 
-        console.log(`\n  Auto-CRUD endpoints:`);
-        for (const route of crudRoutes) {
-          console.log(`    \x1b[33m${route.method.padEnd(7)}\x1b[0m ${route.pattern}`);
+        if (crudRoutes.length > 0) {
+          console.log(`\n  Auto-CRUD endpoints:`);
+          for (const route of crudRoutes) {
+            console.log(`    \x1b[33m${route.method.padEnd(7)}\x1b[0m ${route.pattern}`);
+          }
         }
       }
     } catch (err) {

package/packages/core/src/session.ts

@@ -27,9 +27,9 @@
 import { randomBytes } from "node:crypto";
 import { existsSync, mkdirSync, readFileSync, writeFileSync, unlinkSync, readdirSync } from "node:fs";
 import { join } from "node:path";
-import { execFileSync } from "node:child_process";
 import { Log } from "./logger.js";
 import { isTruthy } from "./dotenv.js";
+import { respCommandSync } from "./sessionHandlers/respClient.js";
 import { RedisNpmSessionHandler } from "./sessionHandlers/redisHandler.js";
 import { ValkeySessionHandler } from "./sessionHandlers/valkeyHandler.js";
 import { MongoSessionHandler } from "./sessionHandlers/mongoHandler.js";
@@ -196,103 +196,19 @@ export class RedisSessionHandler implements SessionHandler {
   }
 
   /**
-   * Execute a Redis command synchronously via a short-lived TCP connection.
+   * Execute a Redis command synchronously against the live server.
    *
-   * Returns the command result string. A genuine key miss yields `""`. A
-   * transport/connection FAILURE (server unreachable, AUTH error, timeout)
-   * THROWS so the Session boundary can distinguish "not found" (silent) from
-   * "backend failed" (log-loud + degrade). Backend-failure policy parity.
+   * Delegates to the shared {@link respCommandSync} transport: a genuine key miss
+   * yields `""`, and a transport/connection FAILURE (server unreachable, rejected
+   * AUTH, timeout) THROWS so the Session boundary can distinguish "not found"
+   * (silent) from "backend failed" (log-loud + degrade). Backend-failure parity.
    */
   private execSync(args: string[]): string {
-    const script = `
-      const net = require("node:net");
-      const host = ${JSON.stringify(this.host)};
-      const port = ${this.port};
-      const password = ${JSON.stringify(this.password)};
-      const db = ${this.db};
-      const args = ${JSON.stringify(args)};
-
-      function buildCommand(a) {
-        let cmd = "*" + a.length + "\\r\\n";
-        for (const s of a) cmd += "$" + Buffer.byteLength(s) + "\\r\\n" + s + "\\r\\n";
-        return cmd;
-      }
-
-      function parseResp(buf) {
-        const str = buf.toString("utf-8");
-        if (str.startsWith("+")) return str.slice(1).split("\\r\\n")[0];
-        if (str.startsWith("-")) return "ERR:" + str.slice(1).split("\\r\\n")[0];
-        if (str.startsWith(":")) return str.slice(1).split("\\r\\n")[0];
-        if (str.startsWith("$-1")) return null;
-        if (str.startsWith("$")) {
-          const nl = str.indexOf("\\r\\n");
-          const len = parseInt(str.slice(1, nl), 10);
-          const start = nl + 2;
-          return str.slice(start, start + len);
-        }
-        return str;
-      }
-
-      const sock = net.createConnection({ host, port }, () => {
-        let commands = "";
-        if (password) commands += buildCommand(["AUTH", password]);
-        if (db !== 0) commands += buildCommand(["SELECT", String(db)]);
-        commands += buildCommand(args);
-        sock.write(commands);
-      });
-
-      let buffer = Buffer.alloc(0);
-      sock.on("data", (chunk) => {
-        buffer = Buffer.concat([buffer, chunk]);
-      });
-      sock.on("end", () => {
-        // Parse last response (skip AUTH/SELECT responses)
-        const lines = buffer.toString("utf-8").split("\\r\\n");
-        let responses = [];
-        let i = 0;
-        while (i < lines.length) {
-          const line = lines[i];
-          if (!line) { i++; continue; }
-          if (line.startsWith("+") || line.startsWith("-") || line.startsWith(":")) {
-            responses.push(line);
-            i++;
-          } else if (line.startsWith("$")) {
-            const len = parseInt(line.slice(1), 10);
-            if (len === -1) { responses.push(null); i++; }
-            else { responses.push(lines[i+1] || ""); i += 2; }
-          } else { i++; }
-        }
-        // The last response is our actual command result
-        const result = responses[responses.length - 1];
-        if (result === null) process.stdout.write("__NULL__");
-        else if (typeof result === "string" && result.startsWith("-")) process.stdout.write("__ERR__" + result);
-        else process.stdout.write(String(result ?? "__NULL__"));
-      });
-      sock.on("error", (err) => {
-        process.stderr.write(err.message);
-        process.exit(1);
-      });
-      setTimeout(() => { sock.destroy(); process.exit(1); }, 3000);
-    `;
-
-    let result: string;
-    try {
-      result = execFileSync(process.execPath, ["-e", script], {
-        encoding: "utf-8",
-        timeout: 5000,
-        stdio: ["pipe", "pipe", "pipe"],
-      });
-    } catch (err) {
-      // Non-zero exit = the child hit a socket error / AUTH failure / timeout.
-      // That is a transport FAILURE, not a key miss — surface it so the
-      // Session boundary logs + degrades (or re-throws under strict mode).
-      throw new Error(`Redis command failed: ${(err as Error).message}`);
-    }
-    if (result === "__NULL__") return "";        // genuine key miss
-    if (result.startsWith("__ERR__")) {
-      throw new Error(`Redis error: ${result.slice("__ERR__".length)}`);
-    }
-    return result;
+    return respCommandSync(
+      { host: this.host, port: this.port, password: this.password, db: this.db },
+      args,
+      "Redis",
+    );
   }
 
   private key(sessionId: string): string {