You're Invited:Meet the Socket Team at RSAC and BSidesSF 2026, March 23–26.RSVP →
veryfront
Advanced tools
veryfront - npm Package Compare versions
+1
-1
| export default { | ||
| "name": "veryfront", | ||
| "version": "0.1.56", | ||
| "version": "0.1.57", | ||
| "license": "Apache-2.0", | ||
@@ -5,0 +5,0 @@ "nodeModulesDir": "auto", |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"chat-handler.d.ts","sourceRoot":"","sources":["../../../src/src/agent/chat-handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAG/C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AA8K1C,MAAM,MAAM,uBAAuB,GAAG,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG;IAAE,EAAE,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAE5E,MAAM,WAAW,8BAA8B;IAC7C,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC;IACzB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,CAAC,EAAE,uBAAuB,EAAE,CAAC;IACpC,MAAM,CAAC,EAAE,uBAAuB,EAAE,CAAC;IACnC,eAAe,CAAC,EAAE,uBAAuB,EAAE,CAAC;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,MAAM,uBAAuB,GAAG,CACpC,KAAK,EAAE,8BAA8B,KAEnC,IAAI,GACJ,OAAO,CAAC,QAAQ,GAChB,6BAA6B,GAC7B,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,QAAQ,GAAG,6BAA6B,CAAC,CAAC;AAiCrE,mFAAmF;AACnF,MAAM,WAAW,kBAAkB;IACjC,uFAAuF;IACvF,OAAO,CAAC,EACJ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACvB,CAAC,CACD,OAAO,EAAE,OAAO,CAAC,OAAO,KACrB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;IACnE;;;OAGG;IACH,YAAY,CAAC,EAAE,uBAAuB,CAAC;CACxC;AAsCD;;;;;;;;;;;;GAYG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,kBAAkB,IAED,cAAc,OAAO,KAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CA+E7E"} | ||
| {"version":3,"file":"chat-handler.d.ts","sourceRoot":"","sources":["../../../src/src/agent/chat-handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAG/C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AA8K1C,MAAM,MAAM,uBAAuB,GAAG,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG;IAAE,EAAE,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAE5E,MAAM,WAAW,8BAA8B;IAC7C,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC;IACzB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,CAAC,EAAE,uBAAuB,EAAE,CAAC;IACpC,MAAM,CAAC,EAAE,uBAAuB,EAAE,CAAC;IACnC,eAAe,CAAC,EAAE,uBAAuB,EAAE,CAAC;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,MAAM,uBAAuB,GAAG,CACpC,KAAK,EAAE,8BAA8B,KAEnC,IAAI,GACJ,OAAO,CAAC,QAAQ,GAChB,6BAA6B,GAC7B,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,QAAQ,GAAG,6BAA6B,CAAC,CAAC;AAiCrE,mFAAmF;AACnF,MAAM,WAAW,kBAAkB;IACjC,uFAAuF;IACvF,OAAO,CAAC,EACJ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACvB,CAAC,CACD,OAAO,EAAE,OAAO,CAAC,OAAO,KACrB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;IACnE;;;OAGG;IACH,YAAY,CAAC,EAAE,uBAAuB,CAAC;CACxC;AAgDD;;;;;;;;;;;;GAYG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,kBAAkB,IAED,cAAc,OAAO,KAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CA+E7E"} |
@@ -175,2 +175,10 @@ import * as dntShim from "../../_dnt.shims.js"; | ||
| } | ||
| function extractUserId(request) { | ||
| const userId = request.headers.get("x-user-id"); | ||
| if (userId) | ||
| return userId; | ||
| agentLogger.warn("No user identity found in request. Using anonymous fallback. " + | ||
| "Set x-user-id header or provide a context function for proper user isolation."); | ||
| return "anonymous"; | ||
| } | ||
| function extractRequest(requestOrCtx) { | ||
@@ -223,3 +231,3 @@ if (isRequest(requestOrCtx)) | ||
| ? await options.context(request) | ||
| : options?.context ?? { userId: "current-user" }; | ||
| : options?.context ?? { userId: extractUserId(request) }; | ||
| const baseMessages = transformUIMessages(rawMessages); | ||
@@ -226,0 +234,0 @@ const beforeStreamResult = await options?.beforeStream?.({ |
@@ -28,2 +28,4 @@ /**** | ||
| keyPrefix?: string; | ||
| /** User ID for per-user memory isolation */ | ||
| userId?: string; | ||
| /** TTL in seconds (default: 24 hours) */ | ||
@@ -35,2 +37,3 @@ ttl?: number; | ||
| private agentId; | ||
| private userId; | ||
| private keyPrefix; | ||
@@ -37,0 +40,0 @@ private ttl; |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"redis.d.ts","sourceRoot":"","sources":["../../../../src/src/agent/memory/redis.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAEL,KAAK,MAAM,EACX,KAAK,gBAAgB,EACrB,KAAK,WAAW,EAChB,KAAK,cAAc,EACpB,MAAM,uBAAuB,CAAC;AAG/B;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,EAAE,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7E,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClC,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,iBAAkB,SAAQ,gBAAgB;IACzD,IAAI,EAAE,OAAO,CAAC;IACd,4BAA4B;IAC5B,MAAM,EAAE,WAAW,CAAC;IACpB,iCAAiC;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAKD,qBAAa,WAAW,CAAC,CAAC,SAAS,cAAc,GAAG,cAAc,CAAE,YAAW,MAAM,CAAC,CAAC,CAAC;IACtF,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,GAAG,CAAS;IACpB,OAAO,CAAC,MAAM,CAAoB;gBAEtB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,iBAAiB;IAQtD,OAAO,CAAC,MAAM;IAId,OAAO,CAAC,aAAa;IAUrB,GAAG,CAAC,OAAO,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IA2B9B,WAAW,IAAI,OAAO,CAAC,CAAC,EAAE,CAAC;IAQ3B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAUtB,QAAQ,IAAI,OAAO,CAAC,WAAW,CAAC;IAehC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAYtB,OAAO,CAAC,gBAAgB;CAazB;AAED,wBAAgB,iBAAiB,CAAC,CAAC,SAAS,cAAc,GAAG,cAAc,EACzE,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,iBAAiB,GACxB,WAAW,CAAC,CAAC,CAAC,CAEhB"} | ||
| {"version":3,"file":"redis.d.ts","sourceRoot":"","sources":["../../../../src/src/agent/memory/redis.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAEL,KAAK,MAAM,EACX,KAAK,gBAAgB,EACrB,KAAK,WAAW,EAChB,KAAK,cAAc,EACpB,MAAM,uBAAuB,CAAC;AAG/B;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,EAAE,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7E,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClC,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,iBAAkB,SAAQ,gBAAgB;IACzD,IAAI,EAAE,OAAO,CAAC;IACd,4BAA4B;IAC5B,MAAM,EAAE,WAAW,CAAC;IACpB,iCAAiC;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4CAA4C;IAC5C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yCAAyC;IACzC,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAKD,qBAAa,WAAW,CAAC,CAAC,SAAS,cAAc,GAAG,cAAc,CAAE,YAAW,MAAM,CAAC,CAAC,CAAC;IACtF,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,GAAG,CAAS;IACpB,OAAO,CAAC,MAAM,CAAoB;gBAEtB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,iBAAiB;IAStD,OAAO,CAAC,MAAM;IAId,OAAO,CAAC,aAAa;IAUrB,GAAG,CAAC,OAAO,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IA2B9B,WAAW,IAAI,OAAO,CAAC,CAAC,EAAE,CAAC;IAQ3B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAUtB,QAAQ,IAAI,OAAO,CAAC,WAAW,CAAC;IAehC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAYtB,OAAO,CAAC,gBAAgB;CAazB;AAED,wBAAgB,iBAAiB,CAAC,CAAC,SAAS,cAAc,GAAG,cAAc,EACzE,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,iBAAiB,GACxB,WAAW,CAAC,CAAC,CAAC,CAEhB"} |
@@ -14,2 +14,3 @@ /**** | ||
| agentId; | ||
| userId; | ||
| keyPrefix; | ||
@@ -21,2 +22,3 @@ ttl; | ||
| this.agentId = agentId; | ||
| this.userId = config.userId ?? "anonymous"; | ||
| this.keyPrefix = config.keyPrefix ?? DEFAULT_KEY_PREFIX; | ||
@@ -27,3 +29,3 @@ this.ttl = config.ttl ?? DEFAULT_TTL; | ||
| getKey() { | ||
| return `${this.keyPrefix}${this.agentId}`; | ||
| return `${this.keyPrefix}${this.agentId}:${this.userId}`; | ||
| } | ||
@@ -30,0 +32,0 @@ parseMessages(data) { |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/src/agent/runtime/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,KAAK,WAAW,EAEhB,KAAK,aAAa,EAGlB,KAAK,OAAO,EAEZ,KAAK,QAAQ,EACd,MAAM,aAAa,CAAC;AAKrB,OAAO,EAAgB,KAAK,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAe/D,OAAO,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACpF,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAChF,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAC1E,YAAY,EAAE,iBAAiB,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAClG,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,gBAAgB,CAAC;AAqBxB;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,EAAE,GAAG,SAAS,CA6BxE;AAED,gEAAgE;AAChE,KAAK,iBAAiB,GAClB;IAAE,OAAO,EAAE,IAAI,CAAA;CAAE,GACjB;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAEtC;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EAAE,GAAG,SAAS,EACvC,kBAAkB,EAAE,OAAO,GAC1B,iBAAiB,CAiBnB;AAkCD,qBAAa,YAAY;IACvB,OAAO,CAAC,EAAE,CAAS;IACnB,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,MAAM,CAAkB;IAChC,OAAO,CAAC,MAAM,CAAuB;gBAEzB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;IAS3C;;OAEG;IACG,QAAQ,CACZ,KAAK,EAAE,MAAM,GAAG,OAAO,EAAE,EACzB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,aAAa,CAAC;IAgCzB;;;OAGG;IACG,MAAM,CACV,QAAQ,EAAE,OAAO,EAAE,EACnB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,SAAS,CAAC,EAAE;QACV,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,KAAK,IAAI,CAAC;QAC1C,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;KACnC,EACD,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IA+EtC;;OAEG;YACW,gBAAgB;IAyN9B;;;;OAIG;YACW,yBAAyB;IAyNvC;;OAEG;YACW,eAAe;IAqC7B;;OAEG;YACW,mBAAmB;IAOjC;;OAEG;IACH,OAAO,CAAC,eAAe;IAKvB;;OAEG;IACH,SAAS,IAAI,MAAM,CAAC,OAAO,CAAC;IAI5B;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC;QAC9B,aAAa,EAAE,MAAM,CAAC;QACtB,eAAe,EAAE,MAAM,CAAC;QACxB,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IAIF;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC;CAGnC"} | ||
| {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/src/agent/runtime/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,KAAK,WAAW,EAEhB,KAAK,aAAa,EAGlB,KAAK,OAAO,EAEZ,KAAK,QAAQ,EACd,MAAM,aAAa,CAAC;AAKrB,OAAO,EAAgB,KAAK,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAe/D,OAAO,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACpF,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAChF,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAC1E,YAAY,EAAE,iBAAiB,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAClG,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,gBAAgB,CAAC;AAqBxB;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,EAAE,GAAG,SAAS,CA6BxE;AAED,gEAAgE;AAChE,KAAK,iBAAiB,GAClB;IAAE,OAAO,EAAE,IAAI,CAAA;CAAE,GACjB;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAEtC;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EAAE,GAAG,SAAS,EACvC,kBAAkB,EAAE,OAAO,GAC1B,iBAAiB,CAiBnB;AAkCD,qBAAa,YAAY;IACvB,OAAO,CAAC,EAAE,CAAS;IACnB,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,MAAM,CAAkB;IAChC,OAAO,CAAC,MAAM,CAAuB;gBAEzB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;IAS3C;;OAEG;IACG,QAAQ,CACZ,KAAK,EAAE,MAAM,GAAG,OAAO,EAAE,EACzB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,aAAa,CAAC;IAgCzB;;;OAGG;IACG,MAAM,CACV,QAAQ,EAAE,OAAO,EAAE,EACnB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,SAAS,CAAC,EAAE;QACV,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,KAAK,IAAI,CAAC;QAC1C,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;KACnC,EACD,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAgFtC;;OAEG;YACW,gBAAgB;IAyN9B;;;;OAIG;YACW,yBAAyB;IAyNvC;;OAEG;YACW,eAAe;IAqC7B;;OAEG;YACW,mBAAmB;IAOjC;;OAEG;IACH,OAAO,CAAC,eAAe;IAKvB;;OAEG;IACH,SAAS,IAAI,MAAM,CAAC,OAAO,CAAC;IAI5B;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC;QAC9B,aAAa,EAAE,MAAM,CAAC;QACtB,eAAe,EAAE,MAAM,CAAC;QACxB,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IAIF;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC;CAGnC"} |
@@ -214,5 +214,6 @@ /** | ||
| this.status = "error"; | ||
| logger.error("Agent stream error", { error }); | ||
| sendSSE(controller, encoder, { | ||
| type: "error", | ||
| error: error instanceof Error ? error.message : String(error), | ||
| error: "An internal error occurred", | ||
| }); | ||
@@ -219,0 +220,0 @@ controller.close(); |
@@ -19,2 +19,4 @@ import * as dntShim from "../../../../_dnt.shims.js"; | ||
| export declare function rateLimit(optionsOrMaxRequests?: number | RateLimitOptions, windowMsArg?: number): Middleware; | ||
| /** Pre-configured rate limiter for authentication endpoints (5 req/15min). */ | ||
| export declare function authRateLimit(store?: RateLimitStore): Middleware; | ||
| //# sourceMappingURL=rate-limit.d.ts.map |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../../../../src/src/middleware/builtin/security/rate-limit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,2BAA2B,CAAC;AACrD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAYjE,qBAAa,oBAAqB,YAAW,cAAc;IACzD,OAAO,CAAC,MAAM,CAAqC;IACnD,OAAO,CAAC,eAAe,CAAC,CAAyC;gBAErD,QAAQ,EAAE,MAAM;IAgB5B,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAcjE,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKjC,OAAO,IAAI,IAAI;CAIhB;AAED,MAAM,WAAW,gBAAgB;IAC/B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,cAAc,CAAC;IACvB,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,KAAK,MAAM,CAAC;CACjD;AAED,wBAAgB,SAAS,CACvB,oBAAoB,CAAC,EAAE,MAAM,GAAG,gBAAgB,EAChD,WAAW,CAAC,EAAE,MAAM,GACnB,UAAU,CA2BZ"} | ||
| {"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../../../../src/src/middleware/builtin/security/rate-limit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,2BAA2B,CAAC;AACrD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAYjE,qBAAa,oBAAqB,YAAW,cAAc;IACzD,OAAO,CAAC,MAAM,CAAqC;IACnD,OAAO,CAAC,eAAe,CAAC,CAAyC;gBAErD,QAAQ,EAAE,MAAM;IAgB5B,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAcjE,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKjC,OAAO,IAAI,IAAI;CAIhB;AAED,MAAM,WAAW,gBAAgB;IAC/B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,cAAc,CAAC;IACvB,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,KAAK,MAAM,CAAC;CACjD;AAED,wBAAgB,SAAS,CACvB,oBAAoB,CAAC,EAAE,MAAM,GAAG,gBAAgB,EAChD,WAAW,CAAC,EAAE,MAAM,GACnB,UAAU,CAkCZ;AAED,8EAA8E;AAC9E,wBAAgB,aAAa,CAAC,KAAK,CAAC,EAAE,cAAc,GAAG,UAAU,CAMhE"} |
@@ -52,4 +52,12 @@ import * as dntShim from "../../../../_dnt.shims.js"; | ||
| const store = options.store ?? new MemoryRateLimitStore(windowMs); | ||
| const keyGenerator = options.keyGenerator ?? | ||
| ((req) => req.headers.get("x-forwarded-for") || "anonymous"); | ||
| const keyGenerator = options.keyGenerator ?? ((req) => { | ||
| const forwarded = req.headers.get("x-forwarded-for"); | ||
| if (forwarded) { | ||
| const parts = forwarded.split(",").map((s) => s.trim()).filter(Boolean); | ||
| // Use rightmost IP — added by nearest trusted proxy, not spoofable by clients | ||
| if (parts.length > 0) | ||
| return parts[parts.length - 1]; | ||
| } | ||
| return "anonymous"; | ||
| }); | ||
| return async (ctx, next) => { | ||
@@ -68,1 +76,9 @@ const req = getRequest(ctx); | ||
| } | ||
| /** Pre-configured rate limiter for authentication endpoints (5 req/15min). */ | ||
| export function authRateLimit(store) { | ||
| return rateLimit({ | ||
| maxRequests: 5, | ||
| windowMs: 15 * MS_PER_MINUTE, | ||
| store, | ||
| }); | ||
| } |
@@ -5,2 +5,5 @@ import type { OAuthState, OAuthTokens, TokenStore } from "../types.js"; | ||
| private states; | ||
| private projectId; | ||
| constructor(projectId?: string); | ||
| private scopedKey; | ||
| getTokens(serviceId: string): Promise<OAuthTokens | null>; | ||
@@ -7,0 +10,0 @@ setTokens(serviceId: string, tokens: OAuthTokens): Promise<void>; |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../../../../src/src/oauth/token-store/memory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAKvE,qBAAa,gBAAiB,YAAW,UAAU;IACjD,OAAO,CAAC,MAAM,CAAkC;IAChD,OAAO,CAAC,MAAM,CAAiC;IAEzC,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAIzD,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAIhE,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI7C,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAYnD,QAAQ,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAK/C,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C,OAAO,CAAC,oBAAoB;IAS5B,oBAAoB,IAAI,MAAM,EAAE;IAIhC,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAQvC,QAAQ,IAAI,IAAI;CAIjB;AAED,eAAO,MAAM,gBAAgB,kBAAyB,CAAC"} | ||
| {"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../../../../src/src/oauth/token-store/memory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAKvE,qBAAa,gBAAiB,YAAW,UAAU;IACjD,OAAO,CAAC,MAAM,CAAkC;IAChD,OAAO,CAAC,MAAM,CAAiC;IAC/C,OAAO,CAAC,SAAS,CAAS;gBAEd,SAAS,SAAY;IAIjC,OAAO,CAAC,SAAS;IAIX,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAIzD,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAIhE,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI7C,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAYnD,QAAQ,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAK/C,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C,OAAO,CAAC,oBAAoB;IAS5B,oBAAoB,IAAI,MAAM,EAAE;IAIhC,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAQvC,QAAQ,IAAI,IAAI;CAIjB;AAED,eAAO,MAAM,gBAAgB,kBAAyB,CAAC"} |
@@ -6,10 +6,17 @@ /** How long an OAuth state nonce remains valid (10 minutes). */ | ||
| states = new Map(); | ||
| projectId; | ||
| constructor(projectId = "default") { | ||
| this.projectId = projectId; | ||
| } | ||
| scopedKey(serviceId) { | ||
| return `${this.projectId}:${serviceId}`; | ||
| } | ||
| async getTokens(serviceId) { | ||
| return this.tokens.get(serviceId) ?? null; | ||
| return this.tokens.get(this.scopedKey(serviceId)) ?? null; | ||
| } | ||
| async setTokens(serviceId, tokens) { | ||
| this.tokens.set(serviceId, tokens); | ||
| this.tokens.set(this.scopedKey(serviceId), tokens); | ||
| } | ||
| async clearTokens(serviceId) { | ||
| this.tokens.delete(serviceId); | ||
| this.tokens.delete(this.scopedKey(serviceId)); | ||
| } | ||
@@ -45,3 +52,3 @@ async getState(state) { | ||
| isConnected(serviceId) { | ||
| const tokens = this.tokens.get(serviceId); | ||
| const tokens = this.tokens.get(this.scopedKey(serviceId)); | ||
| if (!tokens) | ||
@@ -48,0 +55,0 @@ return false; |
@@ -483,2 +483,5 @@ /** | ||
| case "/_proxy/stats": | ||
| if (Object.keys(proxyHandler.localProjects).length === 0) { | ||
| return Promise.resolve(new dntShim.Response("Forbidden", { status: 403 })); | ||
| } | ||
| return handleStats(); | ||
@@ -485,0 +488,0 @@ case "/_proxy/health": |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"security-config.d.ts","sourceRoot":"","sources":["../../../../../src/src/routing/api/module-loader/security-config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAGzE,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,MAAM,EAAE,CAAC,CAcnB"} | ||
| {"version":3,"file":"security-config.d.ts","sourceRoot":"","sources":["../../../../../src/src/routing/api/module-loader/security-config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAGzE,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,MAAM,EAAE,CAAC,CAoBnB"} |
@@ -8,2 +8,6 @@ import { DEFAULT_ALLOWED_CDN_HOSTS, serverLogger as logger } from "../../../utils/index.js"; | ||
| if (Array.isArray(remote)) { | ||
| if (remote.length === 0) { | ||
| logger.warn("security.remoteHosts is set to an empty array — all remote requests will be blocked. " + | ||
| "If this is intentional, you can ignore this warning."); | ||
| } | ||
| return remote; | ||
@@ -10,0 +14,0 @@ } |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../../src/src/security/http/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACtE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAO7D,qBAAa,oBAAoB;IAO7B,OAAO,CAAC,UAAU;IAClB,OAAO,CAAC,OAAO;IACf,OAAO,CAAC,cAAc,CAAC;IARzB,OAAO,CAAC,cAAc,CAA+B;IACrD,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,WAAW,CAA8B;gBAGvC,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,cAAc,EACvB,cAAc,CAAC,EAAE,eAAe,YAAA;IAGpC,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;YAQrB,IAAI;IAWlB,OAAO,CAAC,WAAW;IAYnB,OAAO,CAAC,kBAAkB;IAgB1B,iBAAiB,IAAI,cAAc,GAAG,IAAI;IAI1C,gBAAgB,IAAI,MAAM,GAAG,IAAI;IAIjC,aAAa,IAAI,cAAc,CAAC,MAAM,CAAC;IAIvC,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,GAAE,MAAwB,GAAG,MAAM;IAIjE,iBAAiB,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM;IASnE,KAAK,IAAI,IAAI;CAMd"} | ||
| {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../../src/src/security/http/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACtE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAO7D,qBAAa,oBAAoB;IAO7B,OAAO,CAAC,UAAU;IAClB,OAAO,CAAC,OAAO;IACf,OAAO,CAAC,cAAc,CAAC;IARzB,OAAO,CAAC,cAAc,CAA+B;IACrD,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,WAAW,CAA8B;gBAGvC,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,cAAc,EACvB,cAAc,CAAC,EAAE,eAAe,YAAA;IAGpC,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;YAQrB,IAAI;IAWlB,OAAO,CAAC,WAAW;IAoBnB,OAAO,CAAC,kBAAkB;IAgB1B,iBAAiB,IAAI,cAAc,GAAG,IAAI;IAI1C,gBAAgB,IAAI,MAAM,GAAG,IAAI;IAIjC,aAAa,IAAI,cAAc,CAAC,MAAM,CAAC;IAIvC,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,GAAE,MAAwB,GAAG,MAAM;IAIjE,iBAAiB,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM;IASnE,KAAK,IAAI,IAAI;CAMd"} |
@@ -41,3 +41,8 @@ import { getConfig } from "../../config/index.js"; | ||
| security.headers = { ...security.headers }; | ||
| security.cors ??= true; | ||
| security.cors ??= false; | ||
| if (!cfg?.security?.cors && !cfg?.security?.csrf) { | ||
| logger.warn("Neither CORS nor CSRF protection is configured. " + | ||
| "CORS is disabled by default (same-origin only). " + | ||
| "Consider explicitly configuring security.cors and security.csrf."); | ||
| } | ||
| this.securityConfig = security; | ||
@@ -44,0 +49,0 @@ this.cspUserHeader = this.parseCspUserHeader(security.csp); |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../../../../../../src/src/server/handlers/dev/dashboard/api.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,8BAA8B,CAAC;AA2BxD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AA2CrD,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,OAAO,CAAC,OAAO,EACpB,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CA8D5D"} | ||
| {"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../../../../../../src/src/server/handlers/dev/dashboard/api.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,8BAA8B,CAAC;AA2BxD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AA2CrD,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,OAAO,CAAC,OAAO,EACpB,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAgE5D"} |
@@ -59,2 +59,4 @@ import * as dntShim from "../../../../../_dnt.shims.js"; | ||
| export function handleDashboardAPI(req, ctx) { | ||
| if (!ctx.isLocalProject) | ||
| return errorResponse("Unauthorized", 401); | ||
| const { pathname } = new URL(req.url); | ||
@@ -61,0 +63,0 @@ if (req.method === "GET") { |
@@ -43,3 +43,3 @@ import { BaseHandler } from "../response/base.js"; | ||
| .withCache(isDev ? "no-cache" : { maxAge: SPEC_CACHE_MAX_AGE_SECONDS, public: true }) | ||
| .withCORS(req, { origin: "*" }) | ||
| .withCORS(req, ctx.securityConfig?.cors) | ||
| .withContentType(isYaml ? "text/yaml; charset=utf-8" : "application/json; charset=utf-8", content, HTTP_OK); | ||
@@ -46,0 +46,0 @@ return this.respond(response); |
@@ -78,2 +78,3 @@ /** | ||
| isAssetRequest(pathname: string): boolean; | ||
| private isDeniedDotfile; | ||
| static clearCache(): void; | ||
@@ -80,0 +81,0 @@ } |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"static-file.service.d.ts","sourceRoot":"","sources":["../../../../../src/src/server/services/static/static-file.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAEhE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAY3E;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;IACjB,uBAAuB;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,sCAAsC;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,4BAA4B;IAC5B,aAAa,EAAE,aAAa,CAAC;IAC7B,gDAAgD;IAChD,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;CACxC;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,6BAA6B;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,6CAA6C;IAC7C,OAAO,EAAE,cAAc,CAAC;IACxB,gDAAgD;IAChD,aAAa,EAAE,OAAO,CAAC;IACvB,iDAAiD;IACjD,cAAc,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,UAAU,aAAa;IACrB,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5B,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAYD;;GAEG;AACH,UAAU,qBAAqB;IAC7B,aAAa,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAC3C,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC,CAAC;CAC9D;AAID;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,qBAAqB,GAAG,IAAI,GAAG,IAAI,CAE7E;AAED,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAC,aAAa,CAAoC;IAChE,OAAO,CAAC,MAAM,CAAC,eAAe,CAAoD;IAElF,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAuB;gBAEnC,MAAM,CAAC,EAAE,oBAAoB;IAIzC,OAAO,CAAC,gBAAgB;IAIxB,OAAO,CAAC,kBAAkB;IAI1B,OAAO,CAAC,aAAa;IAWf,WAAW,CACf,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;YAarB,eAAe;YA2Bf,mBAAmB;IA2BjC,OAAO,CAAC,sBAAsB;YAkBhB,oBAAoB;YAYpB,iBAAiB;IA+C/B,OAAO,CAAC,qBAAqB;IAyC7B,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAMzC,MAAM,CAAC,UAAU,IAAI,IAAI;CAI1B"} | ||
| {"version":3,"file":"static-file.service.d.ts","sourceRoot":"","sources":["../../../../../src/src/server/services/static/static-file.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAEhE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAY3E;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;IACjB,uBAAuB;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,sCAAsC;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,4BAA4B;IAC5B,aAAa,EAAE,aAAa,CAAC;IAC7B,gDAAgD;IAChD,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;CACxC;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,6BAA6B;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,6CAA6C;IAC7C,OAAO,EAAE,cAAc,CAAC;IACxB,gDAAgD;IAChD,aAAa,EAAE,OAAO,CAAC;IACvB,iDAAiD;IACjD,cAAc,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,UAAU,aAAa;IACrB,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5B,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAYD;;GAEG;AACH,UAAU,qBAAqB;IAC7B,aAAa,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAC3C,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC,CAAC;CAC9D;AAID;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,qBAAqB,GAAG,IAAI,GAAG,IAAI,CAE7E;AAED,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAC,aAAa,CAAoC;IAChE,OAAO,CAAC,MAAM,CAAC,eAAe,CAAoD;IAElF,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAuB;gBAEnC,MAAM,CAAC,EAAE,oBAAoB;IAIzC,OAAO,CAAC,gBAAgB;IAIxB,OAAO,CAAC,kBAAkB;IAI1B,OAAO,CAAC,aAAa;IAWf,WAAW,CACf,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;YAarB,eAAe;YA2Bf,mBAAmB;IA2BjC,OAAO,CAAC,sBAAsB;YAkBhB,oBAAoB;YAYpB,iBAAiB;IA+C/B,OAAO,CAAC,qBAAqB;IAyC7B,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAOzC,OAAO,CAAC,eAAe;IAUvB,MAAM,CAAC,UAAU,IAAI,IAAI;CAI1B"} |
@@ -199,4 +199,15 @@ /** | ||
| return false; | ||
| if (this.isDeniedDotfile(pathname)) | ||
| return false; | ||
| return pathname.includes(".") || pathname.startsWith("/_veryfront/"); | ||
| } | ||
| isDeniedDotfile(pathname) { | ||
| const segments = pathname.split("/"); | ||
| for (const segment of segments) { | ||
| if (segment.startsWith(".") && segment !== ".well-known") { | ||
| return true; | ||
| } | ||
| } | ||
| return false; | ||
| } | ||
| static clearCache() { | ||
@@ -203,0 +214,0 @@ StaticFileService.manifestCache.clear(); |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../../src/src/tool/factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AA2HzE,wBAAgB,IAAI,CAAC,MAAM,GAAG,OAAO,EAAE,OAAO,GAAG,OAAO,EACtD,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,GAClC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAoCvB;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,OAAO,CAAC;IACrB,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,oBAAoB,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;IACxF,aAAa,CAAC,EAAE,CAAC,MAAM,EAAE,OAAO,KAAK,OAAO,CAAC;IAC7C,GAAG,CAAC,EAAE;QACJ,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,WAAW,CAAC,EAAE,UAAU,GAAG,OAAO,GAAG,aAAa,CAAC;KACpD,CAAC;CACH;AAED,wBAAgB,WAAW,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAiB7E"} | ||
| {"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../../src/src/tool/factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AA2HzE,wBAAgB,IAAI,CAAC,MAAM,GAAG,OAAO,EAAE,OAAO,GAAG,OAAO,EACtD,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,GAClC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAoCvB;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,OAAO,CAAC;IACrB,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,oBAAoB,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;IACxF,aAAa,CAAC,EAAE,CAAC,MAAM,EAAE,OAAO,KAAK,OAAO,CAAC;IAC7C,GAAG,CAAC,EAAE;QACJ,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,WAAW,CAAC,EAAE,UAAU,GAAG,OAAO,GAAG,aAAa,CAAC;KACpD,CAAC;CACH;AAED,wBAAgB,WAAW,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CA2B7E"} |
@@ -108,2 +108,12 @@ import { zodToJsonSchema } from "./schema/zod-json-schema.js"; | ||
| execute: async (input, context) => { | ||
| if (config.inputSchema && | ||
| typeof config.inputSchema.parse === "function") { | ||
| config.inputSchema.parse(input); | ||
| } | ||
| else if (input === undefined) { | ||
| input = {}; | ||
| } | ||
| else if (input === null || typeof input !== "object") { | ||
| throw new Error("dynamicTool: input must be a non-null object"); | ||
| } | ||
| const result = await config.execute(input, context); | ||
@@ -110,0 +120,0 @@ return config.toModelOutput ? config.toModelOutput(result) : result; |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"transform.d.ts","sourceRoot":"","sources":["../../../../../../src/src/transforms/pipeline/stages/ssr-vf-modules/transform.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AAarE,OAAO,EAOL,KAAK,gBAAgB,EAGtB,MAAM,gBAAgB,CAAC;AAExB;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAExD;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,oBAAoB,CACxC,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,EAAE,EAAE,UAAU,CAAC,OAAO,gBAAgB,CAAC,GACtC,OAAO,CAAC,MAAM,CAAC,CA2BjB;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,GAAG,EAAE,gBAAgB,EACrB,oBAAoB,UAAQ,EAC5B,KAAK,SAAI,GACR,OAAO,CAAC,MAAM,CAAC,CAsPjB;AAED;;;GAGG;AACH,wBAAsB,kCAAkC,CACtD,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,gBAAgB,GACpB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CA4CxB;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,EAClB,EAAE,EAAE,UAAU,CAAC,OAAO,gBAAgB,CAAC,GACtC,OAAO,CAAC,MAAM,CAAC,CAEjB"} | ||
| {"version":3,"file":"transform.d.ts","sourceRoot":"","sources":["../../../../../../src/src/transforms/pipeline/stages/ssr-vf-modules/transform.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AAcrE,OAAO,EAOL,KAAK,gBAAgB,EAGtB,MAAM,gBAAgB,CAAC;AAIxB;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAExD;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,oBAAoB,CACxC,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,EAAE,EAAE,UAAU,CAAC,OAAO,gBAAgB,CAAC,GACtC,OAAO,CAAC,MAAM,CAAC,CA2BjB;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,GAAG,EAAE,gBAAgB,EACrB,oBAAoB,UAAQ,EAC5B,KAAK,SAAI,GACR,OAAO,CAAC,MAAM,CAAC,CAyQjB;AAED;;;GAGG;AACH,wBAAsB,kCAAkC,CACtD,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,gBAAgB,GACpB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CA4CxB;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,EAClB,EAAE,EAAE,UAAU,CAAC,OAAO,gBAAgB,CAAC,GACtC,OAAO,CAAC,MAAM,CAAC,CAEjB"} |
@@ -8,2 +8,3 @@ /** | ||
| import { join } from "../../../../platform/compat/path/index.js"; | ||
| import denoConfig from "../../../../../deno.js"; | ||
| import { rendererLogger as logger } from "../../../../utils/index.js"; | ||
@@ -21,2 +22,3 @@ import { IMPORT_RESOLUTION_ERROR } from "../../../../errors/index.js"; | ||
| import { EMBEDDED_SRC_DIR, FRAMEWORK_ROOT, frameworkFileCache, frameworkWriteFlight, LOG_PREFIX, MAX_RELATIVE_IMPORT_DEPTH, transformingFiles, veryfrontTransformCache, } from "./constants.js"; | ||
| const DENO_CONFIG_STUB_CODE = `export default ${JSON.stringify(denoConfig)};`; | ||
| /** | ||
@@ -241,3 +243,16 @@ * Check if a transformed code string is a cycle placeholder. | ||
| const reactImportMap = getReactImportMap(ctx.reactVersion); | ||
| // Handle Deno import-map aliases (e.g. #deno-config) that only exist in | ||
| // the Deno runtime and cannot be resolved by esm.sh or the HTTP cache. | ||
| // We create a cached JS stub module so the transformed code can import it | ||
| // without losing access to imports/exports metadata from deno.json. | ||
| let denoConfigStubUrl = null; | ||
| if (transformed.includes('"#deno-config"') || transformed.includes("'#deno-config'")) { | ||
| const stubPath = await cacheTransformedCode(DENO_CONFIG_STUB_CODE, "#deno-config-stub", ctx.fs); | ||
| denoConfigStubUrl = `file://${stubPath}`; | ||
| } | ||
| transformed = await replaceSpecifiers(transformed, (specifier) => { | ||
| // Handle Deno import-map aliases | ||
| if (specifier === "#deno-config") { | ||
| return denoConfigStubUrl; | ||
| } | ||
| // Handle #veryfront/ imports | ||
@@ -244,0 +259,0 @@ if (specifier.startsWith("#veryfront/")) { |
@@ -23,4 +23,2 @@ /** | ||
| context: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>; | ||
| /** Custom system prompt */ | ||
| system: z.ZodOptional<z.ZodString>; | ||
| }, "strip", z.ZodTypeAny, { | ||
@@ -32,3 +30,2 @@ mode: "code" | "custom" | "analysis"; | ||
| files?: string[] | undefined; | ||
| system?: string | undefined; | ||
| }, { | ||
@@ -39,3 +36,2 @@ task: string; | ||
| mode?: "code" | "custom" | "analysis" | undefined; | ||
| system?: string | undefined; | ||
| maxTurns?: number | undefined; | ||
@@ -87,3 +83,2 @@ }>; | ||
| files?: string[] | undefined; | ||
| system?: string | undefined; | ||
| }, ClaudeCodeResult>; | ||
@@ -97,3 +92,2 @@ /** Bug fix tool (code mode) */ | ||
| files?: string[] | undefined; | ||
| system?: string | undefined; | ||
| }, ClaudeCodeResult>; | ||
@@ -107,3 +101,2 @@ /** Refactoring tool (code mode) */ | ||
| files?: string[] | undefined; | ||
| system?: string | undefined; | ||
| }, ClaudeCodeResult>; | ||
@@ -117,5 +110,4 @@ /** Documentation tool (code mode) */ | ||
| files?: string[] | undefined; | ||
| system?: string | undefined; | ||
| }, ClaudeCodeResult>; | ||
| export {}; | ||
| //# sourceMappingURL=tool.d.ts.map |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"tool.d.ts","sourceRoot":"","sources":["../../../../src/src/workflow/claude-code/tool.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,qBAAqB,CAAC;AAEhD,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnE;;GAEG;AACH,QAAA,MAAM,qBAAqB;IACzB,qCAAqC;;IAGrC,gBAAgB;;IAOhB,oBAAoB;;IAOpB,wBAAwB;;IAMxB,yBAAyB;;IAMzB,2BAA2B;;;;;;;;;;;;;;;;EAK3B,CAAC;AAEH,KAAK,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAmB7D;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,cAAc,EAAE,IAAI,CAAC,eAAe,EAAE,gBAAgB,CA+BlE,CAAC;AAEF;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,GAAE;IACP,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,cAAc,CAAC;IAC7B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;CACZ,GACL,IAAI,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAiBzC;AAED;;GAEG;AAEH,kDAAkD;AAClD,eAAO,MAAM,cAAc;;;;;;;oBAazB,CAAC;AAEH,+BAA+B;AAC/B,eAAO,MAAM,UAAU;;;;;;;oBAarB,CAAC;AAEH,mCAAmC;AACnC,eAAO,MAAM,YAAY;;;;;;;oBAavB,CAAC;AAEH,qCAAqC;AACrC,eAAO,MAAM,QAAQ;;;;;;;oBAYnB,CAAC"} | ||
| {"version":3,"file":"tool.d.ts","sourceRoot":"","sources":["../../../../src/src/workflow/claude-code/tool.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,qBAAqB,CAAC;AAEhD,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnE;;GAEG;AACH,QAAA,MAAM,qBAAqB;IACzB,qCAAqC;;IAGrC,gBAAgB;;IAOhB,oBAAoB;;IAQpB,wBAAwB;;IAMxB,yBAAyB;;;;;;;;;;;;;;EAKzB,CAAC;AAEH,KAAK,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAmB7D;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,cAAc,EAAE,IAAI,CAAC,eAAe,EAAE,gBAAgB,CA6BlE,CAAC;AAEF;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,GAAE;IACP,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,cAAc,CAAC;IAC7B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;CACZ,GACL,IAAI,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAqBzC;AAED;;GAEG;AAEH,kDAAkD;AAClD,eAAO,MAAM,cAAc;;;;;;oBAazB,CAAC;AAEH,+BAA+B;AAC/B,eAAO,MAAM,UAAU;;;;;;oBAarB,CAAC;AAEH,mCAAmC;AACnC,eAAO,MAAM,YAAY;;;;;;oBAavB,CAAC;AAEH,qCAAqC;AACrC,eAAO,MAAM,QAAQ;;;;;;oBAYnB,CAAC"} |
@@ -23,2 +23,3 @@ /** | ||
| .number() | ||
| .max(100) | ||
| .optional() | ||
@@ -37,7 +38,2 @@ .default(20) | ||
| .describe("Additional context to include in the prompt"), | ||
| /** Custom system prompt */ | ||
| system: z | ||
| .string() | ||
| .optional() | ||
| .describe("Custom system prompt override"), | ||
| }); | ||
@@ -97,3 +93,2 @@ /** | ||
| context: { type: "object" }, | ||
| system: { type: "string" }, | ||
| }, | ||
@@ -106,3 +101,2 @@ required: ["task"], | ||
| maxTurns: input.maxTurns, | ||
| systemPrompt: input.system, | ||
| debug: true, | ||
@@ -120,3 +114,3 @@ }); | ||
| description: options.description || claudeCodeTool.description, | ||
| execute: (input, context) => { | ||
| execute: (input, _context) => { | ||
| const mergedInput = { | ||
@@ -126,5 +120,9 @@ ...input, | ||
| maxTurns: input.maxTurns || options.defaultMaxTurns || 20, | ||
| system: input.system || options.system, | ||
| }; | ||
| return claudeCodeTool.execute(mergedInput, context); | ||
| return executeAgent(buildPrompt(mergedInput), { | ||
| mode: mergedInput.mode, | ||
| maxTurns: mergedInput.maxTurns, | ||
| systemPrompt: options.system, | ||
| debug: true, | ||
| }); | ||
| }, | ||
@@ -131,0 +129,0 @@ }; |
+1
-1
| { | ||
| "name": "veryfront", | ||
| "version": "0.1.56", | ||
| "version": "0.1.57", | ||
| "description": "The simplest way to build AI-powered apps", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
+1
-1
| export default { | ||
| "name": "veryfront", | ||
| "version": "0.1.56", | ||
| "version": "0.1.57", | ||
| "license": "Apache-2.0", | ||
@@ -5,0 +5,0 @@ "nodeModulesDir": "auto", |
@@ -268,2 +268,12 @@ import * as dntShim from "../../_dnt.shims.js"; | ||
| function extractUserId(request: dntShim.Request): string { | ||
| const userId = request.headers.get("x-user-id"); | ||
| if (userId) return userId; | ||
| agentLogger.warn( | ||
| "No user identity found in request. Using anonymous fallback. " + | ||
| "Set x-user-id header or provide a context function for proper user isolation.", | ||
| ); | ||
| return "anonymous"; | ||
| } | ||
| function extractRequest(requestOrCtx: unknown): dntShim.Request { | ||
@@ -321,3 +331,3 @@ if (isRequest(requestOrCtx)) return requestOrCtx; | ||
| ? await options.context(request) | ||
| : options?.context ?? { userId: "current-user" }; | ||
| : options?.context ?? { userId: extractUserId(request) }; | ||
@@ -324,0 +334,0 @@ const baseMessages = transformUIMessages(rawMessages); |
@@ -36,2 +36,4 @@ /**** | ||
| keyPrefix?: string; | ||
| /** User ID for per-user memory isolation */ | ||
| userId?: string; | ||
| /** TTL in seconds (default: 24 hours) */ | ||
@@ -47,2 +49,3 @@ ttl?: number; | ||
| private agentId: string; | ||
| private userId: string; | ||
| private keyPrefix: string; | ||
@@ -55,2 +58,3 @@ private ttl: number; | ||
| this.agentId = agentId; | ||
| this.userId = config.userId ?? "anonymous"; | ||
| this.keyPrefix = config.keyPrefix ?? DEFAULT_KEY_PREFIX; | ||
@@ -62,3 +66,3 @@ this.ttl = config.ttl ?? DEFAULT_TTL; | ||
| private getKey(): string { | ||
| return `${this.keyPrefix}${this.agentId}`; | ||
| return `${this.keyPrefix}${this.agentId}:${this.userId}`; | ||
| } | ||
@@ -65,0 +69,0 @@ |
@@ -310,5 +310,6 @@ /** | ||
| this.status = "error"; | ||
| logger.error("Agent stream error", { error }); | ||
| sendSSE(controller, encoder, { | ||
| type: "error", | ||
| error: error instanceof Error ? error.message : String(error), | ||
| error: "An internal error occurred", | ||
| }); | ||
@@ -315,0 +316,0 @@ controller.close(); |
@@ -79,4 +79,11 @@ import * as dntShim from "../../../../_dnt.shims.js"; | ||
| const store = options.store ?? new MemoryRateLimitStore(windowMs); | ||
| const keyGenerator = options.keyGenerator ?? | ||
| ((req: dntShim.Request) => req.headers.get("x-forwarded-for") || "anonymous"); | ||
| const keyGenerator = options.keyGenerator ?? ((req: dntShim.Request) => { | ||
| const forwarded = req.headers.get("x-forwarded-for"); | ||
| if (forwarded) { | ||
| const parts = forwarded.split(",").map((s) => s.trim()).filter(Boolean); | ||
| // Use rightmost IP — added by nearest trusted proxy, not spoofable by clients | ||
| if (parts.length > 0) return parts[parts.length - 1]!; | ||
| } | ||
| return "anonymous"; | ||
| }); | ||
@@ -100,1 +107,10 @@ return async (ctx, next) => { | ||
| } | ||
| /** Pre-configured rate limiter for authentication endpoints (5 req/15min). */ | ||
| export function authRateLimit(store?: RateLimitStore): Middleware { | ||
| return rateLimit({ | ||
| maxRequests: 5, | ||
| windowMs: 15 * MS_PER_MINUTE, | ||
| store, | ||
| }); | ||
| } |
@@ -9,13 +9,22 @@ import type { OAuthState, OAuthTokens, TokenStore } from "../types.js"; | ||
| private states = new Map<string, OAuthState>(); | ||
| private projectId: string; | ||
| constructor(projectId = "default") { | ||
| this.projectId = projectId; | ||
| } | ||
| private scopedKey(serviceId: string): string { | ||
| return `${this.projectId}:${serviceId}`; | ||
| } | ||
| async getTokens(serviceId: string): Promise<OAuthTokens | null> { | ||
| return this.tokens.get(serviceId) ?? null; | ||
| return this.tokens.get(this.scopedKey(serviceId)) ?? null; | ||
| } | ||
| async setTokens(serviceId: string, tokens: OAuthTokens): Promise<void> { | ||
| this.tokens.set(serviceId, tokens); | ||
| this.tokens.set(this.scopedKey(serviceId), tokens); | ||
| } | ||
| async clearTokens(serviceId: string): Promise<void> { | ||
| this.tokens.delete(serviceId); | ||
| this.tokens.delete(this.scopedKey(serviceId)); | ||
| } | ||
@@ -58,3 +67,3 @@ | ||
| isConnected(serviceId: string): boolean { | ||
| const tokens = this.tokens.get(serviceId); | ||
| const tokens = this.tokens.get(this.scopedKey(serviceId)); | ||
| if (!tokens) return false; | ||
@@ -61,0 +70,0 @@ |
@@ -580,2 +580,5 @@ /** | ||
| case "/_proxy/stats": | ||
| if (Object.keys(proxyHandler.localProjects).length === 0) { | ||
| return Promise.resolve(new dntShim.Response("Forbidden", { status: 403 })); | ||
| } | ||
| return handleStats(); | ||
@@ -582,0 +585,0 @@ case "/_proxy/health": |
@@ -15,2 +15,8 @@ import { DEFAULT_ALLOWED_CDN_HOSTS, serverLogger as logger } from "../../../utils/index.js"; | ||
| if (Array.isArray(remote)) { | ||
| if (remote.length === 0) { | ||
| logger.warn( | ||
| "security.remoteHosts is set to an empty array — all remote requests will be blocked. " + | ||
| "If this is intentional, you can ignore this warning.", | ||
| ); | ||
| } | ||
| return remote; | ||
@@ -17,0 +23,0 @@ } |
@@ -46,4 +46,12 @@ import type { RuntimeAdapter } from "../../platform/adapters/base.js"; | ||
| security.cors ??= true; | ||
| security.cors ??= false; | ||
| if (!cfg?.security?.cors && !cfg?.security?.csrf) { | ||
| logger.warn( | ||
| "Neither CORS nor CSRF protection is configured. " + | ||
| "CORS is disabled by default (same-origin only). " + | ||
| "Consider explicitly configuring security.cors and security.csrf.", | ||
| ); | ||
| } | ||
| this.securityConfig = security; | ||
@@ -50,0 +58,0 @@ this.cspUserHeader = this.parseCspUserHeader(security.csp); |
@@ -75,2 +75,4 @@ import * as dntShim from "../../../../../_dnt.shims.js"; | ||
| ): Promise<dntShim.Response | null> | dntShim.Response | null { | ||
| if (!ctx.isLocalProject) return errorResponse("Unauthorized", 401); | ||
| const { pathname } = new URL(req.url); | ||
@@ -77,0 +79,0 @@ |
@@ -59,3 +59,3 @@ import * as dntShim from "../../../../_dnt.shims.js"; | ||
| .withCache(isDev ? "no-cache" : { maxAge: SPEC_CACHE_MAX_AGE_SECONDS, public: true }) | ||
| .withCORS(req, { origin: "*" }) | ||
| .withCORS(req, ctx.securityConfig?.cors) | ||
| .withContentType( | ||
@@ -62,0 +62,0 @@ isYaml ? "text/yaml; charset=utf-8" : "application/json; charset=utf-8", |
@@ -315,5 +315,16 @@ /** | ||
| if (pathname.endsWith(".md")) return false; | ||
| if (this.isDeniedDotfile(pathname)) return false; | ||
| return pathname.includes(".") || pathname.startsWith("/_veryfront/"); | ||
| } | ||
| private isDeniedDotfile(pathname: string): boolean { | ||
| const segments = pathname.split("/"); | ||
| for (const segment of segments) { | ||
| if (segment.startsWith(".") && segment !== ".well-known") { | ||
| return true; | ||
| } | ||
| } | ||
| return false; | ||
| } | ||
| static clearCache(): void { | ||
@@ -320,0 +331,0 @@ StaticFileService.manifestCache.clear(); |
@@ -189,2 +189,12 @@ import type { Tool, ToolConfig, ToolExecutionContext } from "./types.js"; | ||
| execute: async (input: unknown, context?: ToolExecutionContext) => { | ||
| if ( | ||
| config.inputSchema && | ||
| typeof (config.inputSchema as { parse?: unknown }).parse === "function" | ||
| ) { | ||
| (config.inputSchema as { parse: (v: unknown) => unknown }).parse(input); | ||
| } else if (input === undefined) { | ||
| input = {}; | ||
| } else if (input === null || typeof input !== "object") { | ||
| throw new Error("dynamicTool: input must be a non-null object"); | ||
| } | ||
| const result = await config.execute(input, context); | ||
@@ -191,0 +201,0 @@ return config.toModelOutput ? config.toModelOutput(result) : result; |
@@ -10,2 +10,3 @@ /** | ||
| import { join } from "../../../../platform/compat/path/index.js"; | ||
| import denoConfig from "../../../../../deno.js"; | ||
| import { rendererLogger as logger } from "../../../../utils/index.js"; | ||
@@ -34,2 +35,4 @@ import { IMPORT_RESOLUTION_ERROR } from "../../../../errors/index.js"; | ||
| const DENO_CONFIG_STUB_CODE = `export default ${JSON.stringify(denoConfig)};`; | ||
| /** | ||
@@ -296,3 +299,22 @@ * Check if a transformed code string is a cycle placeholder. | ||
| // Handle Deno import-map aliases (e.g. #deno-config) that only exist in | ||
| // the Deno runtime and cannot be resolved by esm.sh or the HTTP cache. | ||
| // We create a cached JS stub module so the transformed code can import it | ||
| // without losing access to imports/exports metadata from deno.json. | ||
| let denoConfigStubUrl: string | null = null; | ||
| if (transformed.includes('"#deno-config"') || transformed.includes("'#deno-config'")) { | ||
| const stubPath = await cacheTransformedCode( | ||
| DENO_CONFIG_STUB_CODE, | ||
| "#deno-config-stub", | ||
| ctx.fs, | ||
| ); | ||
| denoConfigStubUrl = `file://${stubPath}`; | ||
| } | ||
| transformed = await replaceSpecifiers(transformed, (specifier) => { | ||
| // Handle Deno import-map aliases | ||
| if (specifier === "#deno-config") { | ||
| return denoConfigStubUrl; | ||
| } | ||
| // Handle #veryfront/ imports | ||
@@ -299,0 +321,0 @@ if (specifier.startsWith("#veryfront/")) { |
@@ -29,2 +29,3 @@ /** | ||
| .number() | ||
| .max(100) | ||
| .optional() | ||
@@ -45,8 +46,2 @@ .default(20) | ||
| .describe("Additional context to include in the prompt"), | ||
| /** Custom system prompt */ | ||
| system: z | ||
| .string() | ||
| .optional() | ||
| .describe("Custom system prompt override"), | ||
| }); | ||
@@ -113,3 +108,2 @@ | ||
| context: { type: "object" }, | ||
| system: { type: "string" }, | ||
| }, | ||
@@ -123,3 +117,2 @@ required: ["task"], | ||
| maxTurns: input.maxTurns, | ||
| systemPrompt: input.system, | ||
| debug: true, | ||
@@ -147,3 +140,3 @@ }); | ||
| execute: (input, context) => { | ||
| execute: (input, _context) => { | ||
| const mergedInput: ClaudeCodeInput = { | ||
@@ -153,6 +146,10 @@ ...input, | ||
| maxTurns: input.maxTurns || options.defaultMaxTurns || 20, | ||
| system: input.system || options.system, | ||
| }; | ||
| return claudeCodeTool.execute(mergedInput, context); | ||
| return executeAgent(buildPrompt(mergedInput), { | ||
| mode: mergedInput.mode as ClaudeCodeMode, | ||
| maxTurns: mergedInput.maxTurns, | ||
| systemPrompt: options.system, | ||
| debug: true, | ||
| }); | ||
| }, | ||
@@ -159,0 +156,0 @@ }; |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 2 instances in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 5 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 2 instances in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 5 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
16706037
0.05%- Lines of code
348986
0.05%Worsened metrics
- Number of low supply chain risk alerts
480
0.42%No dependency changes