npm - triflux - Versions diffs - 3.2.0-dev.12 → 3.2.0-dev.13 - Mend

triflux 3.2.0-dev.12 → 3.2.0-dev.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/hub/bridge.mjs +21 -5
package/hub/server.mjs +34 -8
package/hub/team/nativeProxy.mjs +51 -38
package/package.json +1 -1

package/hub/bridge.mjs CHANGED Viewed

@@ -12,6 +12,16 @@ import { parseArgs as nodeParseArgs } from 'node:util';
 import { randomUUID } from 'node:crypto';
 const HUB_PID_FILE = join(homedir(), '.claude', 'cache', 'tfx-hub', 'hub.pid');
+const HUB_TOKEN_FILE = join(homedir(), '.claude', '.tfx-hub-token');
+// Hub 인증 토큰 읽기 (파일 없으면 null → 하위 호환)
+function readHubToken() {
+  try {
+    return readFileSync(HUB_TOKEN_FILE, 'utf8').trim();
+  } catch {
+    return null;
+  }
+}
 export function getHubUrl() {
   if (process.env.TFX_HUB_URL) return process.env.TFX_HUB_URL.replace(/\/mcp$/, '');
@@ -46,9 +56,15 @@ export async function post(path, body, timeoutMs = 5000) {
   const timer = setTimeout(() => controller.abort(), timeoutMs);
   try {
+    const headers = { 'Content-Type': 'application/json' };
+    const token = readHubToken();
+    if (token) {
+      headers['Authorization'] = `Bearer ${token}`;
+    }
     const res = await fetch(`${getHubUrl()}${path}`, {
       method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
+      headers,
       body: JSON.stringify(body),
       signal: controller.signal,
     });
@@ -316,7 +332,7 @@ async function cmdTeamInfo(args) {
   }
   // Hub 미실행 fallback — nativeProxy 직접 호출
   const { teamInfo } = await import('./team/nativeProxy.mjs');
-  console.log(JSON.stringify(teamInfo(body)));
+  console.log(JSON.stringify(await teamInfo(body)));
 }
 async function cmdTeamTaskList(args) {
@@ -334,7 +350,7 @@ async function cmdTeamTaskList(args) {
   }
   // Hub 미실행 fallback — nativeProxy 직접 호출
   const { teamTaskList } = await import('./team/nativeProxy.mjs');
-  console.log(JSON.stringify(teamTaskList(body)));
+  console.log(JSON.stringify(await teamTaskList(body)));
 }
 async function cmdTeamTaskUpdate(args) {
@@ -360,7 +376,7 @@ async function cmdTeamTaskUpdate(args) {
   }
   // Hub 미실행 fallback — nativeProxy 직접 호출
   const { teamTaskUpdate } = await import('./team/nativeProxy.mjs');
-  console.log(JSON.stringify(teamTaskUpdate(body)));
+  console.log(JSON.stringify(await teamTaskUpdate(body)));
 }
 async function cmdTeamSendMessage(args) {
@@ -379,7 +395,7 @@ async function cmdTeamSendMessage(args) {
   }
   // Hub 미실행 fallback — nativeProxy 직접 호출
   const { teamSendMessage } = await import('./team/nativeProxy.mjs');
-  console.log(JSON.stringify(teamSendMessage(body)));
+  console.log(JSON.stringify(await teamSendMessage(body)));
 }
 function getHubDbPath() {

package/hub/server.mjs CHANGED Viewed

@@ -52,6 +52,14 @@ async function parseBody(req) {
 const PID_DIR = join(homedir(), '.claude', 'cache', 'tfx-hub');
 const PID_FILE = join(PID_DIR, 'hub.pid');
+const TOKEN_FILE = join(homedir(), '.claude', '.tfx-hub-token');
+// localhost 계열 Origin만 허용
+const ALLOWED_ORIGIN_RE = /^https?:\/\/(localhost|127\.0\.0\.1|\[::1\])(:\d+)?$/;
+function isAllowedOrigin(origin) {
+  return origin && ALLOWED_ORIGIN_RE.test(origin);
+}
 /**
  * tfx-hub 시작
@@ -66,6 +74,11 @@ export async function startHub({ port = 27888, dbPath, host = '127.0.0.1', sessi
     dbPath = join(PID_DIR, 'state.db');
   }
+  // 인증 토큰 생성 (환경변수 우선, 없으면 자동 생성)
+  const HUB_TOKEN = process.env.TFX_HUB_TOKEN || randomUUID();
+  mkdirSync(join(homedir(), '.claude'), { recursive: true });
+  writeFileSync(TOKEN_FILE, HUB_TOKEN, { mode: 0o600 });
   const store = createStore(dbPath);
   const router = createRouter(store);
   const pipe = createPipeServer({ router, store, sessionId });
@@ -109,12 +122,16 @@ export async function startHub({ port = 27888, dbPath, host = '127.0.0.1', sessi
   }
   const httpServer = createHttpServer(async (req, res) => {
-    res.setHeader('Access-Control-Allow-Origin', '*');
-    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, DELETE, OPTIONS');
-    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, mcp-session-id, Last-Event-ID');
+    // CORS: localhost 계열 Origin만 허용
+    const origin = req.headers['origin'];
+    if (isAllowedOrigin(origin)) {
+      res.setHeader('Access-Control-Allow-Origin', origin);
+      res.setHeader('Access-Control-Allow-Methods', 'GET, POST, DELETE, OPTIONS');
+      res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, mcp-session-id, Last-Event-ID');
+    }
     if (req.method === 'OPTIONS') {
-      res.writeHead(204);
+      res.writeHead(isAllowedOrigin(origin) ? 204 : 403);
       return res.end();
     }
@@ -141,6 +158,14 @@ export async function startHub({ port = 27888, dbPath, host = '127.0.0.1', sessi
     if (req.url.startsWith('/bridge')) {
       res.setHeader('Content-Type', 'application/json');
+      // Bearer 토큰 인증
+      const authHeader = req.headers['authorization'] || '';
+      const bearerToken = authHeader.startsWith('Bearer ') ? authHeader.slice(7) : '';
+      if (bearerToken !== HUB_TOKEN) {
+        res.writeHead(401);
+        return res.end(JSON.stringify({ ok: false, error: 'Unauthorized' }));
+      }
       if (req.method !== 'POST' && req.method !== 'DELETE') {
         res.writeHead(405);
         return res.end(JSON.stringify({ ok: false, error: 'Method Not Allowed' }));
@@ -223,13 +248,13 @@ export async function startHub({ port = 27888, dbPath, host = '127.0.0.1', sessi
         if (req.method === 'POST') {
           let teamResult = null;
           if (path === '/bridge/team/info' || path === '/bridge/team-info') {
-            teamResult = teamInfo(body);
+            teamResult = await teamInfo(body);
           } else if (path === '/bridge/team/task-list' || path === '/bridge/team-task-list') {
-            teamResult = teamTaskList(body);
+            teamResult = await teamTaskList(body);
           } else if (path === '/bridge/team/task-update' || path === '/bridge/team-task-update') {
-            teamResult = teamTaskUpdate(body);
+            teamResult = await teamTaskUpdate(body);
           } else if (path === '/bridge/team/send-message' || path === '/bridge/team-send-message') {
-            teamResult = teamSendMessage(body);
+            teamResult = await teamSendMessage(body);
           }
           if (teamResult) {
@@ -452,6 +477,7 @@ export async function startHub({ port = 27888, dbPath, host = '127.0.0.1', sessi
         await pipe.stop();
         store.close();
         try { unlinkSync(PID_FILE); } catch {}
+        try { unlinkSync(TOKEN_FILE); } catch {}
         await new Promise((resolveClose) => httpServer.close(resolveClose));
       };

package/hub/team/nativeProxy.mjs CHANGED Viewed

@@ -4,8 +4,6 @@
 import {
   existsSync,
   mkdirSync,
-  readdirSync,
-  readFileSync,
   renameSync,
   statSync,
   unlinkSync,
@@ -13,6 +11,7 @@ import {
   openSync,
   closeSync,
 } from 'node:fs';
+import { readdir, stat, readFile } from 'node:fs/promises';
 import { basename, dirname, join } from 'node:path';
 import { homedir } from 'node:os';
 import { randomUUID } from 'node:crypto';
@@ -25,6 +24,7 @@ const TASKS_ROOT = join(CLAUDE_HOME, 'tasks');
 // ── 인메모리 캐시 (디렉토리 mtime 기반 무효화) ──
 const _dirCache = new Map(); // tasksDir → { mtimeMs, files: string[] }
 const _taskIdIndex = new Map(); // taskId → filePath
+const _taskContentCache = new Map(); // filePath → { mtimeMs, data }
 function _invalidateCache(tasksDir) {
   _dirCache.delete(tasksDir);
@@ -40,9 +40,9 @@ function validateTeamName(teamName) {
   }
 }
-function readJsonSafe(path) {
+async function readJsonSafe(path) {
   try {
-    return JSON.parse(readFileSync(path, 'utf8'));
+    return JSON.parse(await readFile(path, 'utf8'));
   } catch {
     return null;
   }
@@ -66,12 +66,11 @@ function atomicWriteJson(path, value) {
   }
 }
-function sleepMs(ms) {
-  // busy-wait를 피하고 Atomics.wait로 동기 대기 (CPU 점유 최소화)
-  Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, ms);
+async function sleepMs(ms) {
+  return new Promise((r) => setTimeout(r, ms));
 }
-function withFileLock(lockPath, fn, retries = 20, delayMs = 25) {
+async function withFileLock(lockPath, fn, retries = 20, delayMs = 25) {
   let fd = null;
   for (let i = 0; i < retries; i += 1) {
     try {
@@ -79,12 +78,12 @@ function withFileLock(lockPath, fn, retries = 20, delayMs = 25) {
       break;
     } catch (e) {
       if (e?.code !== 'EEXIST' || i === retries - 1) throw e;
-      sleepMs(delayMs);
+      await sleepMs(delayMs);
     }
   }
   try {
-    return fn();
+    return await fn();
   } finally {
     try { if (fd != null) closeSync(fd); } catch {}
     try { unlinkSync(lockPath); } catch {}
@@ -99,13 +98,13 @@ function getLeadSessionId(config) {
     || null;
 }
-export function resolveTeamPaths(teamName) {
+export async function resolveTeamPaths(teamName) {
   validateTeamName(teamName);
   const teamDir = join(TEAMS_ROOT, teamName);
   const configPath = join(teamDir, 'config.json');
   const inboxesDir = join(teamDir, 'inboxes');
-  const config = readJsonSafe(configPath);
+  const config = await readJsonSafe(configPath);
   const leadSessionId = getLeadSessionId(config);
   const byTeam = join(TASKS_ROOT, teamName);
@@ -131,19 +130,20 @@ export function resolveTeamPaths(teamName) {
   };
 }
-function collectTaskFiles(tasksDir) {
+async function collectTaskFiles(tasksDir) {
   if (!existsSync(tasksDir)) return [];
   // 디렉토리 mtime 기반 캐시 — O(N) I/O를 반복 호출 시 O(1)로 축소
   let dirMtime;
-  try { dirMtime = statSync(tasksDir).mtimeMs; } catch { return []; }
+  try { dirMtime = (await stat(tasksDir)).mtimeMs; } catch { return []; }
   const cached = _dirCache.get(tasksDir);
   if (cached && cached.mtimeMs === dirMtime) {
     return cached.files;
   }
-  const files = readdirSync(tasksDir)
+  const entries = await readdir(tasksDir);
+  const files = entries
     .filter((name) => name.endsWith('.json'))
     .filter((name) => !name.endsWith('.lock'))
     .filter((name) => name !== '.highwatermark')
@@ -153,7 +153,7 @@ function collectTaskFiles(tasksDir) {
   return files;
 }
-function locateTaskFile(tasksDir, taskId) {
+async function locateTaskFile(tasksDir, taskId) {
   const direct = join(tasksDir, `${taskId}.json`);
   if (existsSync(direct)) return direct;
@@ -162,13 +162,13 @@ function locateTaskFile(tasksDir, taskId) {
   if (indexed && existsSync(indexed)) return indexed;
   // 캐시된 collectTaskFiles로 풀 스캔
-  const files = collectTaskFiles(tasksDir);
+  const files = await collectTaskFiles(tasksDir);
   for (const file of files) {
     if (basename(file, '.json') === taskId) {
       _taskIdIndex.set(taskId, file);
       return file;
     }
-    const json = readJsonSafe(file);
+    const json = await readJsonSafe(file);
     if (json && String(json.id || '') === taskId) {
       _taskIdIndex.set(taskId, file);
       return file;
@@ -181,7 +181,7 @@ function isObject(v) {
   return !!v && typeof v === 'object' && !Array.isArray(v);
 }
-export function teamInfo(args = {}) {
+export async function teamInfo(args = {}) {
   const { team_name, include_members = true, include_paths = true } = args;
   try {
     validateTeamName(team_name);
@@ -189,7 +189,7 @@ export function teamInfo(args = {}) {
     return err('INVALID_TEAM_NAME', 'team_name 형식이 올바르지 않습니다');
   }
-  const paths = resolveTeamPaths(team_name);
+  const paths = await resolveTeamPaths(team_name);
   if (!existsSync(paths.team_dir)) {
     return err('TEAM_NOT_FOUND', `팀 디렉토리가 없습니다: ${paths.team_dir}`);
   }
@@ -224,7 +224,7 @@ export function teamInfo(args = {}) {
   };
 }
-export function teamTaskList(args = {}) {
+export async function teamTaskList(args = {}) {
   const {
     team_name,
     owner,
@@ -239,7 +239,7 @@ export function teamTaskList(args = {}) {
     return err('INVALID_TEAM_NAME', 'team_name 형식이 올바르지 않습니다');
   }
-  const paths = resolveTeamPaths(team_name);
+  const paths = await resolveTeamPaths(team_name);
   if (paths.tasks_dir_resolution === 'not_found') {
     return err('TASKS_DIR_NOT_FOUND', `task 디렉토리를 찾지 못했습니다: ${team_name}`);
   }
@@ -249,8 +249,22 @@ export function teamTaskList(args = {}) {
   let parseWarnings = 0;
   const tasks = [];
-  for (const file of collectTaskFiles(paths.tasks_dir)) {
-    const json = readJsonSafe(file);
+  for (const file of await collectTaskFiles(paths.tasks_dir)) {
+    // mtime 기반 task 콘텐츠 캐시 — 변경 없으면 파일 읽기 생략
+    let fileMtime = Date.now();
+    try { fileMtime = (await stat(file)).mtimeMs; } catch {}
+    const contentCached = _taskContentCache.get(file);
+    let json;
+    if (contentCached && contentCached.mtimeMs === fileMtime) {
+      json = contentCached.data;
+    } else {
+      json = await readJsonSafe(file);
+      if (json && isObject(json)) {
+        _taskContentCache.set(file, { mtimeMs: fileMtime, data: json });
+      }
+    }
     if (!json || !isObject(json)) {
       parseWarnings += 1;
       continue;
@@ -260,13 +274,10 @@ export function teamTaskList(args = {}) {
     if (owner && String(json.owner || '') !== String(owner)) continue;
     if (statusSet.size > 0 && !statusSet.has(String(json.status || ''))) continue;
-    let mtime = Date.now();
-    try { mtime = statSync(file).mtimeMs; } catch {}
     tasks.push({
       ...json,
       task_file: file,
-      mtime_ms: mtime,
+      mtime_ms: fileMtime,
     });
   }
@@ -288,7 +299,7 @@ export function teamTaskList(args = {}) {
 // status 화이트리스트 (Claude Code API 호환)
 const VALID_STATUSES = new Set(['pending', 'in_progress', 'completed', 'deleted']);
-export function teamTaskUpdate(args = {}) {
+export async function teamTaskUpdate(args = {}) {
   // "failed" → "completed" + metadata.result 자동 매핑
   if (String(args.status || '') === 'failed') {
     args = {
@@ -326,12 +337,12 @@ export function teamTaskUpdate(args = {}) {
     return err('INVALID_TASK_ID', 'task_id가 필요합니다');
   }
-  const paths = resolveTeamPaths(team_name);
+  const paths = await resolveTeamPaths(team_name);
   if (paths.tasks_dir_resolution === 'not_found') {
     return err('TASKS_DIR_NOT_FOUND', `task 디렉토리를 찾지 못했습니다: ${team_name}`);
   }
-  const taskFile = locateTaskFile(paths.tasks_dir, String(task_id));
+  const taskFile = await locateTaskFile(paths.tasks_dir, String(task_id));
   if (!taskFile) {
     return err('TASK_NOT_FOUND', `task를 찾지 못했습니다: ${task_id}`);
   }
@@ -339,14 +350,14 @@ export function teamTaskUpdate(args = {}) {
   const lockFile = `${taskFile}.lock`;
   try {
-    return withFileLock(lockFile, () => {
-      const before = readJsonSafe(taskFile);
+    return await withFileLock(lockFile, async () => {
+      const before = await readJsonSafe(taskFile);
       if (!before || !isObject(before)) {
         return err('INVALID_TASK_FILE', `task 파일 파싱 실패: ${taskFile}`);
       }
       let beforeMtime = Date.now();
-      try { beforeMtime = statSync(taskFile).mtimeMs; } catch {}
+      try { beforeMtime = (await stat(taskFile)).mtimeMs; } catch {}
       if (if_match_mtime_ms != null && Number(if_match_mtime_ms) !== Number(beforeMtime)) {
         return err('MTIME_CONFLICT', 'if_match_mtime_ms가 일치하지 않습니다', {
@@ -427,6 +438,8 @@ export function teamTaskUpdate(args = {}) {
       if (updated) {
         atomicWriteJson(taskFile, after);
         _invalidateCache(dirname(taskFile));
+        // 콘텐츠 캐시 무효화
+        _taskContentCache.delete(taskFile);
       }
       let afterMtime = beforeMtime;
@@ -453,7 +466,7 @@ function sanitizeRecipientName(v) {
   return String(v || 'team-lead').replace(/[\\/:*?"<>|]/g, '_');
 }
-export function teamSendMessage(args = {}) {
+export async function teamSendMessage(args = {}) {
   const {
     team_name,
     from,
@@ -472,7 +485,7 @@ export function teamSendMessage(args = {}) {
   if (!String(from || '').trim()) return err('INVALID_FROM', 'from이 필요합니다');
   if (!String(text || '').trim()) return err('INVALID_TEXT', 'text가 필요합니다');
-  const paths = resolveTeamPaths(team_name);
+  const paths = await resolveTeamPaths(team_name);
   if (!existsSync(paths.team_dir)) {
     return err('TEAM_NOT_FOUND', `팀 디렉토리가 없습니다: ${paths.team_dir}`);
   }
@@ -483,8 +496,8 @@ export function teamSendMessage(args = {}) {
   let message;
   try {
-    const unreadCount = withFileLock(lockFile, () => {
-      const queue = readJsonSafe(inboxFile);
+    const unreadCount = await withFileLock(lockFile, async () => {
+      const queue = await readJsonSafe(inboxFile);
       const list = Array.isArray(queue) ? queue : [];
       message = {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "triflux",
-  "version": "3.2.0-dev.12",
+  "version": "3.2.0-dev.13",
   "description": "CLI-first multi-model orchestrator for Claude Code — route tasks to Codex, Gemini, and Claude",
   "type": "module",
   "bin": {