veryfront 0.1.75 → 0.1.76

package/esm/src/jobs/schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../../../src/src/jobs/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,eAAe,wEAM1B,CAAC;AAEH,eAAO,MAAM,mBAAmB,6CAA2C,CAAC;AAE5E,eAAO,MAAM,6BAA6B,iDAA+C,CAAC;AAE1F,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;EAKzB,CAAC;AAIH,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAU1C,CAAC;AAEH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAWf,CAAC;AAEd,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAsBpB,CAAC;AAEH,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAGtC,CAAC;AAEH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;EAQzB,CAAC;AAEH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQlC,CAAC;AAEH,eAAO,MAAM,qBAAqB;;;;;;EAEhC,CAAC;AAEH,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;EAM3C,CAAC;AAEH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;EAMrC,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAYpB,CAAC;AAEd,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EASzB,CAAC;AAEH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;EAMpC,CAAC;AAEH,eAAO,MAAM,kCAAkC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAG7C,CAAC;AAEH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkBxB,CAAC;AAEH,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAG1C,CAAC;AAEH,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AACxD,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAChE,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAEpF,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AACxF,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AACxD,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,SAAS,CAAC,CAAC;AAC5C,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAChF,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AACtD,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AACxE,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gCAAgC,CAAC,CAAC;AAC1F,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAC9E,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAClE,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAEtD,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kCAAkC,CAAC,CAAC;AAE9F,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AACpD,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC"}

package/esm/src/jobs/schemas.js

@@ -0,0 +1,159 @@
+import { z } from "zod";
+export const JobStatusSchema = z.enum([
+    "submitted",
+    "working",
+    "completed",
+    "failed",
+    "canceled",
+]);
+export const CronJobStatusSchema = z.enum(["active", "paused", "deleting"]);
+export const ReservedJobTargetFamilySchema = z.enum(["task:*", "workflow:*", "deploy:*"]);
+export const PageInfoSchema = z.object({
+    self: z.string().nullable(),
+    first: z.literal(null),
+    next: z.string().nullable(),
+    prev: z.string().nullable(),
+});
+const JsonObjectSchema = z.record(z.unknown());
+export const KnowledgeIngestFileResultSchema = z.object({
+    source: z.string(),
+    localSourcePath: z.string(),
+    outputPath: z.string(),
+    remotePath: z.string(),
+    slug: z.string(),
+    sourceType: z.string(),
+    summary: z.string(),
+    stats: JsonObjectSchema,
+    warnings: z.array(z.string()),
+});
+export const JobResultSchema = z
+    .discriminatedUnion("kind", [
+    z.object({
+        kind: z.literal("knowledge_ingest"),
+        files: z.array(KnowledgeIngestFileResultSchema),
+    }),
+    z.object({
+        kind: z.literal("artifacts"),
+        artifacts: z.array(z.unknown()),
+    }),
+])
+    .nullable();
+export const JobSchema = z.object({
+    id: z.string().uuid(),
+    project_id: z.string().uuid(),
+    environment_id: z.string().uuid().nullable(),
+    cron_job_id: z.string().uuid().nullable(),
+    batch_id: z.string().uuid().nullable(),
+    name: z.string(),
+    status: JobStatusSchema,
+    target: z.string(),
+    config: JsonObjectSchema,
+    context_id: z.string().uuid().nullable(),
+    timeout_seconds: z.number(),
+    backoff_limit: z.number(),
+    exit_code: z.number().nullable(),
+    failed_reason: z.string().nullable(),
+    failure_detail: z.string().nullable(),
+    result: JobResultSchema,
+    started_at: z.string().nullable(),
+    completed_at: z.string().nullable(),
+    created_by: z.string().uuid().nullable(),
+    created_at: z.string(),
+    updated_at: z.string(),
+});
+export const PaginatedJobsResponseSchema = z.object({
+    data: z.array(JobSchema),
+    page_info: PageInfoSchema,
+});
+export const JobEventSchema = z.object({
+    timestamp: z.string(),
+    level: z.string(),
+    message: z.string(),
+    service: z.string(),
+    trace_id: z.string().optional(),
+    request_id: z.string().optional(),
+    metadata: z.record(z.string()).optional(),
+});
+export const JobEventsResponseSchema = z.object({
+    entries: z.array(JobEventSchema),
+    next_cursor: z.string().nullable(),
+    stats: z.object({
+        bytes_processed: z.number(),
+        lines_processed: z.number(),
+        query_time_ms: z.number(),
+    }),
+});
+export const JobLogsResponseSchema = z.object({
+    logs: z.string().nullable(),
+});
+export const KnowledgeIngestBatchSourceSchema = z.object({
+    label: z.string(),
+    path: z.string().nullable(),
+    upload_id: z.string().uuid().nullable(),
+    remote_path: z.string().nullable(),
+    warning_count: z.number().int().nonnegative(),
+});
+export const JobBatchStatusCountsSchema = z.object({
+    submitted: z.number().int().nonnegative(),
+    working: z.number().int().nonnegative(),
+    completed: z.number().int().nonnegative(),
+    failed: z.number().int().nonnegative(),
+    canceled: z.number().int().nonnegative(),
+});
+export const JobBatchResultSchema = z
+    .discriminatedUnion("kind", [
+    z.object({
+        kind: z.literal("knowledge_ingest"),
+        total_count: z.number().int().nonnegative(),
+        completed_count: z.number().int().nonnegative(),
+        processing: z.array(KnowledgeIngestBatchSourceSchema),
+        completed: z.array(KnowledgeIngestBatchSourceSchema),
+        remaining: z.array(KnowledgeIngestBatchSourceSchema),
+        remaining_label: z.enum(["Remaining Files", "Not Ingested Files"]),
+    }),
+])
+    .nullable();
+export const JobBatchSchema = z.object({
+    id: z.string().uuid(),
+    project_id: z.string().uuid(),
+    target: z.string().nullable(),
+    job_count: z.number().int().nonnegative(),
+    status_counts: JobBatchStatusCountsSchema,
+    created_at: z.string(),
+    updated_at: z.string(),
+    result: JobBatchResultSchema,
+});
+export const JobTargetDefinitionSchema = z.object({
+    target: z.string(),
+    family: z.string(),
+    description: z.string(),
+    input_schema: JsonObjectSchema,
+    output_schema: JsonObjectSchema.nullable(),
+});
+export const JobTargetDefinitionsResponseSchema = z.object({
+    reserved_families: z.array(ReservedJobTargetFamilySchema),
+    data: z.array(JobTargetDefinitionSchema),
+});
+export const CronJobSchema = z.object({
+    id: z.string().uuid(),
+    project_id: z.string().uuid(),
+    environment_id: z.string().uuid().nullable(),
+    name: z.string(),
+    status: CronJobStatusSchema,
+    target: z.string(),
+    schedule: z.string(),
+    timezone: z.string(),
+    config: JsonObjectSchema,
+    timeout_seconds: z.number(),
+    backoff_limit: z.number(),
+    concurrency_policy: z.string(),
+    last_scheduled_at: z.string().nullable(),
+    last_successful_at: z.string().nullable(),
+    created_by: z.string().uuid().nullable(),
+    created_at: z.string(),
+    updated_at: z.string(),
+});
+export const PaginatedCronJobsResponseSchema = z.object({
+    data: z.array(CronJobSchema),
+    page_info: PageInfoSchema,
+});

package/esm/src/platform/adapters/veryfront-api-client/retry-handler.d.ts

@@ -1,3 +1,4 @@
+import * as dntShim from "../../../../_dnt.shims.js";
 export interface RetryConfig {
     maxRetries: number;
     initialDelay: number;
@@ -7,6 +8,9 @@ export interface RequestOptions {
     returnText?: boolean;
     /** Request timeout in milliseconds. Defaults to 30000ms (30 seconds). */
     timeoutMs?: number;
+    method?: string;
+    body?: dntShim.BodyInit | null;
+    headers?: dntShim.HeadersInit;
 }
 export declare function requestWithRetry(url: string, apiToken: string, retryConfig: RetryConfig, options?: RequestOptions): Promise<unknown>;
 //# sourceMappingURL=retry-handler.d.ts.map

package/esm/src/platform/adapters/veryfront-api-client/retry-handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"retry-handler.d.ts","sourceRoot":"","sources":["../../../../../src/src/platform/adapters/veryfront-api-client/retry-handler.ts"],"names":[],"mappings":"AAUA,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,yEAAyE;IACzE,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAKD,wBAAsB,gBAAgB,CACpC,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,WAAW,EACxB,OAAO,GAAE,cAAmB,GAC3B,OAAO,CAAC,OAAO,CAAC,CAsHlB"}
+{"version":3,"file":"retry-handler.d.ts","sourceRoot":"","sources":["../../../../../src/src/platform/adapters/veryfront-api-client/retry-handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,2BAA2B,CAAC;AAUrD,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,yEAAyE;IACzE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAC/B,OAAO,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC;CAC/B;AAKD,wBAAsB,gBAAgB,CACpC,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,WAAW,EACxB,OAAO,GAAE,cAAmB,GAC3B,OAAO,CAAC,OAAO,CAAC,CA4HlB"}

package/esm/src/platform/adapters/veryfront-api-client/retry-handler.js

@@ -22,12 +22,18 @@ export async function requestWithRetry(url, apiToken, retryConfig, options = {})
         try {
             const result = await withSpan(SpanNames.HTTP_CLIENT_FETCH, async () => {
                 const startTime = performance.now();
-                const headers = new dntShim.Headers({
-                    Authorization: `Bearer ${apiToken}`,
-                    "Content-Type": "application/json",
-                });
+                const headers = new dntShim.Headers(options.headers);
+                headers.set("Authorization", `Bearer ${apiToken}`);
+                if (!headers.has("Content-Type")) {
+                    headers.set("Content-Type", "application/json");
+                }
                 injectContext(headers);
-                const response = await dntShim.fetch(url, { headers, signal: controller.signal });
+                const response = await dntShim.fetch(url, {
+                    method: options.method ?? "GET",
+                    headers,
+                    body: options.body,
+                    signal: controller.signal,
+                });
                 const duration = performance.now() - startTime;
                 recordApiRequest(response.status);
                 apiLog.debug("Request completed", {
@@ -55,7 +61,7 @@ export async function requestWithRetry(url, apiToken, retryConfig, options = {})
                 const data = options.returnText ? await response.text() : await response.json();
                 return { data, status: response.status, duration };
             }, {
-                "http.method": "GET",
+                "http.method": options.method ?? "GET",
                 "http.url": url,
                 "http.target": urlPath,
                 "http.host": urlObj.host,

package/esm/src/proxy/handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/src/proxy/handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAE/C,OAAO,EAAE,KAAK,YAAY,EAAsB,MAAM,kCAAkC,CAAC;AACzF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAOnD,eAAO,MAAM,sBAAsB,0MAYzB,CAAC;AA6EX,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,SAAS,GAAG,YAAY,CAAC;IACtC,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,YAAY,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,KAAK,CAAC,EAAE;QACN,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IAC9D,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IAC7D,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IAC7D,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;CAC9E;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,WAAW,CAAC;IACpB,KAAK,CAAC,EAAE,UAAU,CAAC;IACnB,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAoCD,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,mBAAmB;0BA8K1B,OAAO,CAAC,OAAO,KAAG,OAAO,CAAC,YAAY,CAAC;0BA+NvC,OAAO,CAAC,OAAO,KAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;;;;;;;;0BAlVrD,MAAM,EAAE;;EAgYpC;AAED,MAAM,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEjE,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAwB7F"}
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/src/proxy/handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAE/C,OAAO,EAAE,KAAK,YAAY,EAAsB,MAAM,kCAAkC,CAAC;AACzF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAQnD,eAAO,MAAM,sBAAsB,0MAYzB,CAAC;AA6EX,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,SAAS,GAAG,YAAY,CAAC;IACtC,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,YAAY,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,KAAK,CAAC,EAAE;QACN,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IAC9D,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IAC7D,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;IAC7D,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;CAC9E;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,WAAW,CAAC;IACpB,KAAK,CAAC,EAAE,UAAU,CAAC;IACnB,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AA4CD,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,mBAAmB;0BA6K1B,OAAO,CAAC,OAAO,KAAG,OAAO,CAAC,YAAY,CAAC;0BA+NvC,OAAO,CAAC,OAAO,KAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;;;;;;;;0BAjVrD,MAAM,EAAE;;EA+XpC;AAED,MAAM,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEjE,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAwB7F"}

package/esm/src/proxy/handler.js

@@ -2,10 +2,11 @@ import * as dntShim from "../../_dnt.shims.js";
 import { TokenManager } from "./token-manager.js";
 import { parseProjectDomain } from "../server/utils/domain-parser.js";
 import { createFileSystem } from "../platform/compat/fs.js";
-import { cwd } from "../platform/compat/process.js";
+import { cwd, getEnv } from "../platform/compat/process.js";
 import { join } from "../platform/compat/path/index.js";
 import { injectContext, ProxySpanNames, withSpan } from "./tracing.js";
 import { computeContentSourceId } from "../cache/keys.js";
+import { jwtVerify } from "jose";
 export const INTERNAL_PROXY_HEADERS = [
     "x-token",
     "x-project-slug",
@@ -69,23 +70,23 @@ function extractUserToken(cookieHeader) {
     const match = cookieHeader.match(/(?:^|;\s*)authToken=([^;]+)/);
     return match?.[1] ? decodeURIComponent(match[1]) : undefined;
 }
-function extractUserIdFromToken(token) {
+async function extractUserIdFromToken(token, log) {
+    const jwtSecret = getEnv("JWT_SECRET");
+    if (!jwtSecret) {
+        log?.warn("JWT_SECRET not configured — cannot verify user token");
+        return undefined;
+    }
     try {
-        const payload = token.split(".")[1];
-        if (!payload)
-            return undefined;
-        // JWT payloads are base64url-encoded: normalize to standard base64 before decoding
-        let base64 = payload.replace(/-/g, "+").replace(/_/g, "/");
-        const remainder = base64.length % 4;
-        if (remainder === 2)
-            base64 += "==";
-        else if (remainder === 3)
-            base64 += "=";
-        const decoded = JSON.parse(atob(base64));
-        return decoded?.userId;
+        const secret = new TextEncoder().encode(jwtSecret);
+        const { payload } = await jwtVerify(token, secret, {
+            algorithms: ["HS256"],
+        });
+        return payload.userId;
     }
-    catch (_) {
-        /* expected: malformed JWT token */
+    catch (error) {
+        log?.debug("JWT verification failed", {
+            error: error instanceof Error ? error.message : String(error),
+        });
         return undefined;
     }
 }
@@ -171,7 +172,7 @@ export function createProxyHandler(options) {
         const returnPath = safePath + url.search;
         return `https://veryfront.com/sign-in?from=${encodeURIComponent(returnPath)}`;
     }
-    function checkProtectedAccess(req, matchingEnv, userToken, users, logContext) {
+    async function checkProtectedAccess(req, matchingEnv, userToken, users, logContext) {
         if (!matchingEnv?.protected)
             return null;
         if (!userToken) {
@@ -183,9 +184,8 @@ export function createProxyHandler(options) {
             });
             return { status: 302, message: "Authentication required", redirectUrl };
         }
-        const userId = extractUserIdFromToken(userToken);
+        const userId = await extractUserIdFromToken(userToken, logger);
         if (!userId) {
-            // Malformed token — treat as unauthenticated so user can re-sign-in
             const redirectUrl = makeAuthRedirectUrl(req);
             logger?.info("Could not extract userId from token", {
                 ...logContext,
@@ -209,7 +209,7 @@ export function createProxyHandler(options) {
         if (!lookupResult)
             return { projectId: undefined, releaseId: undefined };
         const matchingEnv = lookupResult.environments?.find(envMatcher);
-        const protectionError = checkProtectedAccess(req, matchingEnv, userToken, lookupResult.users, logContext);
+        const protectionError = await checkProtectedAccess(req, matchingEnv, userToken, lookupResult.users, logContext);
         if (protectionError)
             return { error: protectionError };
         return {
@@ -293,7 +293,7 @@ export function createProxyHandler(options) {
                 const matchingEnv = lookupResult.environments?.find((env) => env.domains?.some((d) => d.toLowerCase() === normalizedHost));
                 releaseId = matchingEnv?.active_release_id ?? undefined;
                 environmentId = matchingEnv?.id;
-                const protectionError = checkProtectedAccess(req, matchingEnv, userToken, lookupResult.users, { domain: host });
+                const protectionError = await checkProtectedAccess(req, matchingEnv, userToken, lookupResult.users, { domain: host });
                 if (protectionError) {
                     return makeErrorContext(base, protectionError.status, protectionError.message, token, protectionError.redirectUrl);
                 }

package/esm/src/routing/api/route-executor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"route-executor.d.ts","sourceRoot":"","sources":["../../../../src/src/routing/api/route-executor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,wBAAwB,CAAC;AAClD,OAAO,KAAK,EAAqB,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAEzF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,KAAK,EACV,QAAQ,EAKT,MAAM,0BAA0B,CAAC;AA4RlC,MAAM,WAAW,mBAAmB;IAClC,2EAA2E;IAC3E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uDAAuD;IACvD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,eAAe,CAC7B,OAAO,EAAE,QAAQ,EACjB,OAAO,EAAE,OAAO,CAAC,OAAO,EACxB,KAAK,EAAE,UAAU,EACjB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,cAAc,EACvB,OAAO,CAAC,EAAE,mBAAmB,GAC5B,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CA6C3B;AAED,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,QAAQ,EACjB,OAAO,EAAE,OAAO,CAAC,OAAO,EACxB,KAAK,EAAE,UAAU,EACjB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,cAAc,EACvB,UAAU,CAAC,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,mBAAmB,GAC5B,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAuC3B"}
+{"version":3,"file":"route-executor.d.ts","sourceRoot":"","sources":["../../../../src/src/routing/api/route-executor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,wBAAwB,CAAC;AAClD,OAAO,KAAK,EAAqB,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAEzF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,KAAK,EACV,QAAQ,EAKT,MAAM,0BAA0B,CAAC;AAgUlC,MAAM,WAAW,mBAAmB;IAClC,2EAA2E;IAC3E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uDAAuD;IACvD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,eAAe,CAC7B,OAAO,EAAE,QAAQ,EACjB,OAAO,EAAE,OAAO,CAAC,OAAO,EACxB,KAAK,EAAE,UAAU,EACjB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,cAAc,EACvB,OAAO,CAAC,EAAE,mBAAmB,GAC5B,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CA6C3B;AAED,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,QAAQ,EACjB,OAAO,EAAE,OAAO,CAAC,OAAO,EACxB,KAAK,EAAE,UAAU,EACjB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,cAAc,EACvB,UAAU,CAAC,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,mBAAmB,GAC5B,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAuC3B"}

package/esm/src/routing/api/route-executor.js

@@ -8,6 +8,7 @@ import { errorToRFC9457Response } from "../../errors/middleware/http-error-bound
 import { serverLogger as logger } from "../../utils/index.js";
 import { isDevelopment as isDevelopmentEnv } from "../../build/config/environment.js";
 import { getWorkerPool, isWorkerIsolationEnabled, } from "../../security/sandbox/worker-pool.js";
+import { MAX_WORKER_BODY_BYTES, } from "../../security/sandbox/worker-types.js";
 import { getProjectEnvSnapshot } from "../../server/project-env/storage.js";
 function isDevelopment(adapter) {
     const env = adapter.env.get("MODE") ??
@@ -85,13 +86,39 @@ function toHeadResponse(response) {
 // ---------------------------------------------------------------------------
 // Worker Isolation Helpers
 // ---------------------------------------------------------------------------
+function checkContentLengthLimit(request) {
+    const contentLength = request.headers.get("content-length");
+    if (!contentLength)
+        return;
+    const bytes = parseInt(contentLength, 10);
+    if (bytes > MAX_WORKER_BODY_BYTES) {
+        throw createError({
+            type: "api",
+            message: `Request body too large for isolated execution (${(bytes / 1024 / 1024).toFixed(1)} MB, limit ${MAX_WORKER_BODY_BYTES / 1024 / 1024} MB)`,
+        });
+    }
+}
+async function readBodyWithSizeGuard(request) {
+    if (!request.body)
+        return null;
+    // Fast path: reject before buffering if Content-Length is known
+    checkContentLengthLimit(request);
+    const body = new Uint8Array(await request.arrayBuffer());
+    // Fallback: check actual size for chunked/streaming bodies
+    if (body.byteLength > MAX_WORKER_BODY_BYTES) {
+        throw createError({
+            type: "api",
+            message: `Request body too large for isolated execution (${(body.byteLength / 1024 / 1024).toFixed(1)} MB, limit ${MAX_WORKER_BODY_BYTES / 1024 / 1024} MB)`,
+        });
+    }
+    return body;
+}
 async function serializeRequest(request) {
-    const body = request.body ? new Uint8Array(await request.arrayBuffer()) : null;
     return {
         url: request.url,
         method: request.method,
         headers: [...request.headers.entries()],
-        body,
+        body: await readBodyWithSizeGuard(request),
     };
 }
 function deserializeResponse(s) {
@@ -165,7 +192,7 @@ function executePagesRouteIsolated(modulePath, request, match, pathname, adapter
     return withSpan("api.executePagesRoute.isolated", async () => {
         try {
             const pool = getWorkerPool();
-            const body = request.body ? new Uint8Array(await request.arrayBuffer()) : null;
+            const body = await readBodyWithSizeGuard(request);
             const workerResponse = await pool.execute(projectDir, [projectDir], {
                 type: "execute-pages-route",
                 id: dntShim.crypto.randomUUID(),

package/esm/src/security/deno-permissions.d.ts

@@ -10,7 +10,7 @@
  * SERVER — CLI server (dev, production, proxy, MCP, split-mode).
  * Also used by build and test tasks that need equivalent access.
  */
-export declare const SERVER_PERMISSIONS: readonly ["--allow-read", "--allow-write", "--allow-net", "--allow-env", "--allow-run", "--allow-ffi", "--allow-sys"];
+export declare const SERVER_PERMISSIONS: readonly ["--allow-read", "--allow-write", "--allow-net", "--allow-env", "--allow-run", "--allow-sys", "--unstable-worker-options", "--unstable-net"];
 /**
  * WORKFLOW_JOB — `ProcessJobExecutor` (RESTRICTED).
  * Runs user-authored code — no `--allow-run`, `--allow-ffi`, or `--allow-sys`.

package/esm/src/security/deno-permissions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"deno-permissions.d.ts","sourceRoot":"","sources":["../../../src/src/security/deno-permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;GAGG;AACH,eAAO,MAAM,kBAAkB,uHAQrB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,wBAAwB,0EAK3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,wBAAwB,2DAI3B,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,yDAI5B,CAAC"}
+{"version":3,"file":"deno-permissions.d.ts","sourceRoot":"","sources":["../../../src/src/security/deno-permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;GAGG;AACH,eAAO,MAAM,kBAAkB,uJASrB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,wBAAwB,0EAK3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,wBAAwB,2DAI3B,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,yDAI5B,CAAC"}

package/esm/src/security/deno-permissions.js

@@ -16,8 +16,9 @@ export const SERVER_PERMISSIONS = [
     "--allow-net",
     "--allow-env",
     "--allow-run",
-    "--allow-ffi",
     "--allow-sys",
+    "--unstable-worker-options",
+    "--unstable-net",
 ];
 /**
  * WORKFLOW_JOB — `ProcessJobExecutor` (RESTRICTED).

package/esm/src/security/sandbox/project-worker.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"project-worker.d.ts","sourceRoot":"","sources":["../../../../src/src/security/sandbox/project-worker.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AACjE,OAAO,KAAK,EACV,aAAa,EACb,cAAc,EAGf,MAAM,mBAAmB,CAAC;AAU3B,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,iBAAiB,CAAC;IAC/B,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAcD;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,GAAG,SAAS,GAAG,YAAY,CAAC;AAEtE,qBAAa,aAAa;IACxB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAE3B,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,OAAO,CAAqC;IACpD,OAAO,CAAC,cAAc,CAAoC;IAC1D,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,WAAW,CAAoB;IACvC,OAAO,CAAC,aAAa,CAAK;IAC1B,OAAO,CAAC,eAAe,CAAc;IACrC,OAAO,CAAC,OAAO,CAAwB;gBAE3B,OAAO,EAAE,oBAAoB;IAMzC,IAAI,MAAM,IAAI,YAAY,CAEzB;IAED,IAAI,YAAY,IAAI,MAAM,CAEzB;IAED,IAAI,cAAc,IAAI,MAAM,CAE3B;IAED,IAAI,kBAAkB,IAAI,OAAO,CAEhC;IAED;;OAEG;IACH,KAAK,IAAI,IAAI;IA+Bb;;OAEG;IACH,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAqCxD;;;;;;;OAOG;IACH,aAAa,CAAC,OAAO,EAAE,aAAa,GAAG,cAAc,CAAC,UAAU,CAAC;IAgGjE;;OAEG;IACG,SAAS,CAAC,SAAS,SAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;IA+BpD;;OAEG;IACH,gBAAgB,IAAI,IAAI;IAKxB;;OAEG;IACH,SAAS,IAAI,IAAI;IAuBjB,OAAO,CAAC,kBAAkB;IAc1B,OAAO,CAAC,aAAa;IA+CrB,OAAO,CAAC,gBAAgB;IAMxB,OAAO,CAAC,gBAAgB;CAazB"}
+{"version":3,"file":"project-worker.d.ts","sourceRoot":"","sources":["../../../../src/src/security/sandbox/project-worker.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AACjE,OAAO,KAAK,EACV,aAAa,EACb,cAAc,EAGf,MAAM,mBAAmB,CAAC;AAW3B,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,iBAAiB,CAAC;IAC/B,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAcD;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,GAAG,SAAS,GAAG,YAAY,CAAC;AAEtE,qBAAa,aAAa;IACxB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAE3B,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,OAAO,CAAqC;IACpD,OAAO,CAAC,cAAc,CAAoC;IAC1D,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,WAAW,CAAoB;IACvC,OAAO,CAAC,aAAa,CAAK;IAC1B,OAAO,CAAC,eAAe,CAAc;IACrC,OAAO,CAAC,OAAO,CAAwB;gBAE3B,OAAO,EAAE,oBAAoB;IAMzC,IAAI,MAAM,IAAI,YAAY,CAEzB;IAED,IAAI,YAAY,IAAI,MAAM,CAEzB;IAED,IAAI,cAAc,IAAI,MAAM,CAE3B;IAED,IAAI,kBAAkB,IAAI,OAAO,CAEhC;IAED;;OAEG;IACH,KAAK,IAAI,IAAI;IA+Bb;;OAEG;IACH,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAqCxD;;;;;;;OAOG;IACH,aAAa,CAAC,OAAO,EAAE,aAAa,GAAG,cAAc,CAAC,UAAU,CAAC;IA+FjE;;OAEG;IACG,SAAS,CAAC,SAAS,SAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;IA+BpD;;OAEG;IACH,gBAAgB,IAAI,IAAI;IAKxB;;OAEG;IACH,SAAS,IAAI,IAAI;IAuBjB,OAAO,CAAC,kBAAkB;IAc1B,OAAO,CAAC,aAAa;IA+CrB,OAAO,CAAC,gBAAgB;IAMxB,OAAO,CAAC,gBAAgB;CAazB"}

package/esm/src/security/sandbox/project-worker.js

@@ -13,6 +13,7 @@ import { isCompiledBinary } from "../../utils/index.js";
 import { withSpan } from "../../observability/tracing/otlp-setup.js";
 import { TIMEOUT_ERROR, UNKNOWN_ERROR } from "../../errors/index.js";
 const logger = serverLogger.component("project-worker");
+const textEncoder = new TextEncoder();
 export class ProjectWorker {
     projectId;
     worker = null;
@@ -112,7 +113,6 @@ export class ProjectWorker {
         this._lastActivityAt = Date.now();
         this._status = "busy";
         const requestId = request.id;
-        const encoder = new TextEncoder();
         return new ReadableStream({
             start: (controller) => {
                 let timer = dntShim.setTimeout(() => {
@@ -164,7 +164,7 @@ export class ProjectWorker {
                         this.updateIdleStatus();
                         // If we get an ssr-result, emit it as a single chunk
                         if (response.type === "ssr-result") {
-                            controller.enqueue(encoder.encode(response.html));
+                            controller.enqueue(textEncoder.encode(response.html));
                             controller.close();
                         }
                         else if (response.type === "error") {

package/esm/src/security/sandbox/worker-permissions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"worker-permissions.d.ts","sourceRoot":"","sources":["../../../../src/src/security/sandbox/worker-permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IACzB,KAAK,EAAE,OAAO,CAAC;IACf,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;CACd;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CACpC,SAAS,EAAE,MAAM,EAAE,GAClB,iBAAiB,CAmCnB"}
+{"version":3,"file":"worker-permissions.d.ts","sourceRoot":"","sources":["../../../../src/src/security/sandbox/worker-permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IACzB,KAAK,EAAE,OAAO,CAAC;IACf,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;CACd;AAcD;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CACpC,SAAS,EAAE,MAAM,EAAE,GAClB,iBAAiB,CA0BnB"}

package/esm/src/security/sandbox/worker-permissions.js

@@ -11,6 +11,19 @@
  * See: https://docs.deno.com/runtime/fundamentals/permissions/
  */
 import * as dntShim from "../../../_dnt.shims.js";
+// Cache compiled binary check — Deno.execPath() is a syscall that never changes at runtime
+const _isCompiledBinary = (() => {
+    try {
+        const exec = typeof dntShim.Deno !== "undefined" ? dntShim.Deno.execPath?.() : undefined;
+        if (!exec)
+            return false;
+        const name = exec.split(/[/\\]/).pop()?.toLowerCase() ?? "";
+        return name !== "deno" && name !== "deno.exe";
+    }
+    catch {
+        return false;
+    }
+})();
 /**
  * Build scoped permissions for a project worker.
  *
@@ -27,26 +40,16 @@ export function buildWorkerPermissions(readPaths) {
     // is outside the project directory. Rather than trying to enumerate all
     // read paths, grant full read access — the security boundary is enforced
     // by denying write/run/ffi/sys, not by restricting reads.
-    // Check for compiled binary by testing if execPath is NOT "deno"/"deno.exe"
-    try {
-        const exec = typeof dntShim.Deno !== "undefined" ? dntShim.Deno.execPath?.() : undefined;
-        if (exec) {
-            const name = exec.split(/[/\\]/).pop()?.toLowerCase() ?? "";
-            if (name !== "deno" && name !== "deno.exe") {
-                return {
-                    read: true,
-                    write: false,
-                    net: true,
-                    env: true,
-                    run: false,
-                    ffi: false,
-                    sys: false,
-                };
-            }
-        }
-    }
-    catch {
-        // execPath may not be available
+    if (_isCompiledBinary) {
+        return {
+            read: true,
+            write: false,
+            net: true,
+            env: true,
+            run: false,
+            ffi: false,
+            sys: false,
+        };
     }
     return {
         read: readPaths.length > 0 ? readPaths : false,

package/esm/src/security/sandbox/worker-pool.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"worker-pool.d.ts","sourceRoot":"","sources":["../../../../src/src/security/sandbox/worker-pool.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,OAAO,KAAK,EAAE,gBAAgB,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAWzF,qBAAa,UAAU;IACrB,OAAO,CAAC,IAAI,CAAgC;IAC5C,OAAO,CAAC,SAAS,CAAqB;IACtC,OAAO,CAAC,MAAM,CAAmB;IAEjC,OAAO,CAAC,eAAe,CAAqD;IAC5E,OAAO,CAAC,mBAAmB,CAAqD;gBAEpE,MAAM,GAAE,OAAO,CAAC,gBAAgB,CAAM;IAMlD;;OAEG;IACH,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,aAAa;IA0CxE;;;OAGG;IACH,OAAO,CACL,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EAAE,EACnB,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,cAAc,CAAC;IAkD1B;;OAEG;IACH,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAUpC;;OAEG;IACH,QAAQ,IAAI;QACV,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE;YACtB,MAAM,EAAE,MAAM,CAAC;YACf,YAAY,EAAE,MAAM,CAAC;YACrB,UAAU,EAAE,OAAO,CAAC;YACpB,MAAM,EAAE,MAAM,CAAC;YACf,KAAK,EAAE,MAAM,CAAC;SACf,CAAC,CAAC;KACJ;IA4BD;;OAEG;IACH,UAAU,IAAI;QACZ,uCAAuC;QACvC,cAAc,EAAE,MAAM,CAAC;QACvB,oDAAoD;QACpD,kBAAkB,EAAE,MAAM,CAAC;QAC3B,kDAAkD;QAClD,sBAAsB,EAAE,MAAM,CAAC;QAC/B,qDAAqD;QACrD,WAAW,EAAE,MAAM,CAAC;QACpB,kEAAkE;QAClE,cAAc,EAAE,MAAM,CAAC;KACxB;IAoBD;;OAEG;IACH,QAAQ,IAAI,IAAI;IAgBhB,OAAO,CAAC,YAAY;IASpB,OAAO,CAAC,iBAAiB;IAQzB,OAAO,CAAC,gBAAgB;IAmBxB,OAAO,CAAC,aAAa;YA4BP,WAAW;IAmBzB;;;;OAIG;IACH,OAAO,CAAC,wBAAwB;CA8BjC;AAqBD;;;GAGG;AACH,wBAAgB,wBAAwB,IAAI,OAAO,CAGlD;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,IAAI,OAAO,CAGhD;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,IAAI,OAAO,CAG/C;AAKD,wBAAgB,aAAa,IAAI,UAAU,CAiB1C;AAED,8DAA8D;AAC9D,wBAAgB,mBAAmB,IAAI,IAAI,CAO1C"}
+{"version":3,"file":"worker-pool.d.ts","sourceRoot":"","sources":["../../../../src/src/security/sandbox/worker-pool.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,OAAO,KAAK,EAAE,gBAAgB,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAWzF,qBAAa,UAAU;IACrB,OAAO,CAAC,IAAI,CAAgC;IAC5C,OAAO,CAAC,SAAS,CAAqB;IACtC,OAAO,CAAC,MAAM,CAAmB;IAEjC,OAAO,CAAC,eAAe,CAAqD;IAC5E,OAAO,CAAC,mBAAmB,CAAqD;gBAEpE,MAAM,GAAE,OAAO,CAAC,gBAAgB,CAAM;IAMlD;;OAEG;IACH,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,aAAa;IA0CxE;;;OAGG;IACH,OAAO,CACL,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EAAE,EACnB,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,cAAc,CAAC;IA0D1B;;OAEG;IACH,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAUpC;;OAEG;IACH,QAAQ,IAAI;QACV,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE;YACtB,MAAM,EAAE,MAAM,CAAC;YACf,YAAY,EAAE,MAAM,CAAC;YACrB,UAAU,EAAE,OAAO,CAAC;YACpB,MAAM,EAAE,MAAM,CAAC;YACf,KAAK,EAAE,MAAM,CAAC;SACf,CAAC,CAAC;KACJ;IA4BD;;OAEG;IACH,UAAU,IAAI;QACZ,uCAAuC;QACvC,cAAc,EAAE,MAAM,CAAC;QACvB,oDAAoD;QACpD,kBAAkB,EAAE,MAAM,CAAC;QAC3B,kDAAkD;QAClD,sBAAsB,EAAE,MAAM,CAAC;QAC/B,qDAAqD;QACrD,WAAW,EAAE,MAAM,CAAC;QACpB,kEAAkE;QAClE,cAAc,EAAE,MAAM,CAAC;KACxB;IAoBD;;OAEG;IACH,QAAQ,IAAI,IAAI;IAgBhB,OAAO,CAAC,YAAY;IASpB,OAAO,CAAC,iBAAiB;IAQzB,OAAO,CAAC,gBAAgB;IAmBxB,OAAO,CAAC,aAAa;YA4BP,WAAW;IAmBzB;;;;OAIG;IACH,OAAO,CAAC,wBAAwB;CA8BjC;AAqBD;;;GAGG;AACH,wBAAgB,wBAAwB,IAAI,OAAO,CAGlD;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,IAAI,OAAO,CAGhD;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,IAAI,OAAO,CAG/C;AAKD,wBAAgB,aAAa,IAAI,UAAU,CAiB1C;AAED,8DAA8D;AAC9D,wBAAgB,mBAAmB,IAAI,IAAI,CAO1C"}

package/esm/src/security/sandbox/worker-pool.js

@@ -85,22 +85,25 @@ export class WorkerPool {
                 (entry && Date.now() - entry.createdAt > this.config.maxWorkerAgeMs);
             if (shouldRecycle && !this.recycling.has(projectId)) {
                 this.recycling.add(projectId);
-                try {
-                    logger.debug("Recycling worker", {
-                        projectId,
-                        requestCount: worker.requestCount,
-                        ageMs: entry ? Date.now() - entry.createdAt : 0,
-                        reason: worker.requestCount >= this.config.maxRequestsPerWorker
-                            ? "request_count"
-                            : "age",
-                    });
+                logger.debug("Recycling worker", {
+                    projectId,
+                    requestCount: worker.requestCount,
+                    ageMs: entry ? Date.now() - entry.createdAt : 0,
+                    reason: worker.requestCount >= this.config.maxRequestsPerWorker
+                        ? "request_count"
+                        : "age",
+                });
+                // Warm replacement: let the old worker handle this last request,
+                // then evict it and create a replacement after the request settles.
+                // This avoids cold-start latency for the caller AND prevents the
+                // old worker from being terminated while it still has pending work.
+                const result = worker.execute(request);
+                void result.finally(() => {
                     this.evictWorker(projectId);
-                    const fresh = this.getOrCreateWorker(projectId, readPaths);
-                    return fresh.execute(request);
-                }
-                finally {
+                    this.getOrCreateWorker(projectId, readPaths);
                     this.recycling.delete(projectId);
-                }
+                });
+                return result;
             }
             return worker.execute(request);
         }, { "workerPool.projectId": projectId });

package/esm/src/security/sandbox/worker-types.d.ts

@@ -161,5 +161,7 @@ export interface WorkerPoolConfig {
     /** Per-worker memory budget in MB (default: 64). Workers exceeding this are evicted. */
     memoryBudgetMb: number;
 }
+/** Maximum request body size for worker isolation (10 MB) */
+export declare const MAX_WORKER_BODY_BYTES: number;
 export declare const DEFAULT_WORKER_POOL_CONFIG: WorkerPoolConfig;
 //# sourceMappingURL=worker-types.d.ts.map

package/esm/src/security/sandbox/worker-types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"worker-types.d.ts","sourceRoot":"","sources":["../../../../src/src/security/sandbox/worker-types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;IAC5B,IAAI,EAAE,UAAU,GAAG,IAAI,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;IAC5B,IAAI,EAAE,UAAU,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;IAC5B,IAAI,EAAE,UAAU,GAAG,IAAI,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2DAA2D;IAC3D,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,iCAAiC;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,iBAAiB,CAAC;IAC3B,qBAAqB;IACrB,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IACxD,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;CAC7B;AAMD,MAAM,MAAM,aAAa,GACrB,sBAAsB,GACtB,wBAAwB,GACxB,gBAAgB,GAChB,gBAAgB,CAAC;AAErB,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,mBAAmB,CAAC;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,iBAAiB,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,8DAA8D;IAC9D,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,qBAAqB,CAAC;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,sBAAsB,CAAC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,8DAA8D;IAC9D,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,YAAY,CAAC;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,qBAAqB,CAAC;CAChC;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,YAAY,CAAC;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,mDAAmD;IACnD,cAAc,EAAE,MAAM,CAAC;IACvB,+DAA+D;IAC/D,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,+CAA+C;IAC/C,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,4EAA4E;IAC5E,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;IACvC,8BAA8B;IAC9B,QAAQ,EAAE,QAAQ,GAAG,QAAQ,CAAC;CAC/B;AAMD,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,cAAc,CAAC;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,UAAU,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,YAAY,CAAC;IACnB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,MAAM,cAAc,GACtB,oBAAoB,GACpB,wBAAwB,GACxB,uBAAuB,GACvB,mBAAmB,CAAC;AAExB,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,YAAY,CAAC;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,QAAQ,CAAC;IACf,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,kBAAkB,CAAC;CAC9B;AAED,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,aAAa,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,oBAAoB,CAAC;CAC9B;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,OAAO,CAAC;IACd,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,eAAe,CAAC;CACxB;AAMD,MAAM,WAAW,gBAAgB;IAC/B,yDAAyD;IACzD,WAAW,EAAE,MAAM,CAAC;IACpB,2EAA2E;IAC3E,aAAa,EAAE,MAAM,CAAC;IACtB,8DAA8D;IAC9D,gBAAgB,EAAE,MAAM,CAAC;IACzB,8CAA8C;IAC9C,qBAAqB,EAAE,MAAM,CAAC;IAC9B,iEAAiE;IACjE,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qFAAqF;IACrF,cAAc,EAAE,MAAM,CAAC;IACvB,wFAAwF;IACxF,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,eAAO,MAAM,0BAA0B,EAAE,gBAQxC,CAAC"}
+{"version":3,"file":"worker-types.d.ts","sourceRoot":"","sources":["../../../../src/src/security/sandbox/worker-types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;IAC5B,IAAI,EAAE,UAAU,GAAG,IAAI,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;IAC5B,IAAI,EAAE,UAAU,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;IAC5B,IAAI,EAAE,UAAU,GAAG,IAAI,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2DAA2D;IAC3D,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,iCAAiC;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,iBAAiB,CAAC;IAC3B,qBAAqB;IACrB,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IACxD,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;CAC7B;AAMD,MAAM,MAAM,aAAa,GACrB,sBAAsB,GACtB,wBAAwB,GACxB,gBAAgB,GAChB,gBAAgB,CAAC;AAErB,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,mBAAmB,CAAC;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,iBAAiB,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,8DAA8D;IAC9D,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,qBAAqB,CAAC;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,sBAAsB,CAAC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,8DAA8D;IAC9D,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,YAAY,CAAC;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,qBAAqB,CAAC;CAChC;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,YAAY,CAAC;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,mDAAmD;IACnD,cAAc,EAAE,MAAM,CAAC;IACvB,+DAA+D;IAC/D,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,+CAA+C;IAC/C,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,4EAA4E;IAC5E,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;IACvC,8BAA8B;IAC9B,QAAQ,EAAE,QAAQ,GAAG,QAAQ,CAAC;CAC/B;AAMD,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,cAAc,CAAC;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,UAAU,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,YAAY,CAAC;IACnB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,MAAM,cAAc,GACtB,oBAAoB,GACpB,wBAAwB,GACxB,uBAAuB,GACvB,mBAAmB,CAAC;AAExB,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,YAAY,CAAC;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,QAAQ,CAAC;IACf,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,kBAAkB,CAAC;CAC9B;AAED,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,aAAa,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,oBAAoB,CAAC;CAC9B;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,OAAO,CAAC;IACd,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,eAAe,CAAC;CACxB;AAMD,MAAM,WAAW,gBAAgB;IAC/B,yDAAyD;IACzD,WAAW,EAAE,MAAM,CAAC;IACpB,2EAA2E;IAC3E,aAAa,EAAE,MAAM,CAAC;IACtB,8DAA8D;IAC9D,gBAAgB,EAAE,MAAM,CAAC;IACzB,8CAA8C;IAC9C,qBAAqB,EAAE,MAAM,CAAC;IAC9B,iEAAiE;IACjE,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qFAAqF;IACrF,cAAc,EAAE,MAAM,CAAC;IACvB,wFAAwF;IACxF,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,6DAA6D;AAC7D,eAAO,MAAM,qBAAqB,QAAmB,CAAC;AAEtD,eAAO,MAAM,0BAA0B,EAAE,gBAQxC,CAAC"}

package/esm/src/security/sandbox/worker-types.js

@@ -6,6 +6,8 @@
  *
  * @module security/sandbox/worker-types
  */
+/** Maximum request body size for worker isolation (10 MB) */
+export const MAX_WORKER_BODY_BYTES = 10 * 1024 * 1024;
 export const DEFAULT_WORKER_POOL_CONFIG = {
     maxPoolSize: 20,
     idleTimeoutMs: 300_000,

package/esm/src/server/handlers/request/internal-tasks-list.handler.d.ts

@@ -0,0 +1,11 @@
+import * as dntShim from "../../../../_dnt.shims.js";
+import { type RuntimeTaskDiscoveryDeps } from "../../../task/control-plane.js";
+import { BaseHandler } from "../response/base.js";
+import type { HandlerContext, HandlerMetadata, HandlerResult } from "../types.js";
+export declare class InternalTasksListHandler extends BaseHandler {
+    private readonly deps;
+    metadata: HandlerMetadata;
+    constructor(deps?: RuntimeTaskDiscoveryDeps);
+    handle(req: dntShim.Request, ctx: HandlerContext): Promise<HandlerResult>;
+}
+//# sourceMappingURL=internal-tasks-list.handler.d.ts.map

package/esm/src/server/handlers/request/internal-tasks-list.handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"internal-tasks-list.handler.d.ts","sourceRoot":"","sources":["../../../../../src/src/server/handlers/request/internal-tasks-list.handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,2BAA2B,CAAC;AAGrD,OAAO,EAKL,KAAK,wBAAwB,EAC9B,MAAM,gCAAgC,CAAC;AAUxC,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAmB,aAAa,EAAE,MAAM,aAAa,CAAC;AAEnG,qBAAa,wBAAyB,SAAQ,WAAW;IAQrD,OAAO,CAAC,QAAQ,CAAC,IAAI;IAPvB,QAAQ,EAAE,eAAe,CAIvB;gBAGiB,IAAI,GAAE,wBAA0D;IAK7E,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC;CAmEhF"}