d-bis/CurrenciCombo
4
0
Fork 0
Code Issues Pull Requests 9 Actions Packages Projects Releases Wiki Activity

Enhance ComboHandler and orchestrator functionality with access control and error handling improvements

Browse Source 
- Added AccessControl to ComboHandler for role-based access management.
- Implemented gas estimation for plan execution and improved gas limit checks.
- Updated execution and preparation methods to enforce step count limits and role restrictions.
- Enhanced error handling in orchestrator API endpoints with AppError for better validation feedback.
- Integrated request timeout middleware for improved request management.
- Updated Swagger documentation to reflect new API structure and parameters.
This commit is contained in:
defiQUG
2025-11-05 17:55:48 -08:00
parent f600b7b15e
commit f52313e7c6
54 changed files with 3230 additions and 208 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
orchestrator/src/api/execution.ts
View File

@@ -10,9 +10,12 @@ import { auditLog } from "../middleware";
export const executePlan = asyncHandler(async (req: Request, res: Response) => {
const { planId } = req.params;
const result = await executionCoordinator.executePlan(planId);
res.json(result);
try {
const result = await executionCoordinator.executePlan(planId);
res.json(result);
} catch (error: any) {
throw new AppError(ErrorType.EXTERNAL_SERVICE_ERROR, 500, "Execution failed", error.message);
}
});
/**
@@ -25,6 +28,9 @@ export const getExecutionStatus = asyncHandler(async (req: Request, res: Respons
if (executionId) {
const status = await executionCoordinator.getExecutionStatus(executionId);
if (!status) {
throw new AppError(ErrorType.NOT_FOUND_ERROR, 404, "Execution not found");
}
return res.json(status);
}
@@ -40,10 +46,12 @@ export const abortExecution = asyncHandler(async (req: Request, res: Response) =
const { planId } = req.params;
const executionId = req.query.executionId as string;
if (executionId) {
await executionCoordinator.abortExecution(executionId, planId, "User aborted");
if (!executionId) {
throw new AppError(ErrorType.VALIDATION_ERROR, 400, "executionId is required");
}
await executionCoordinator.abortExecution(executionId, planId, "User aborted");
res.json({ success: true });
});

228
orchestrator/src/api/plans.ts
View File

@@ -3,157 +3,135 @@ import { v4 as uuidv4 } from "uuid";
import { createHash } from "crypto";
import { validatePlan, checkStepDependencies } from "../services/planValidation";
import { storePlan, getPlanById, updatePlanSignature } from "../db/plans";
import { asyncHandler, AppError, ErrorType } from "../services/errorHandler";
import type { Plan, PlanStep } from "../types/plan";
/**
* POST /api/plans
* Create a new execution plan
* @swagger
* /api/plans:
* post:
* summary: Create a new execution plan
* requestBody:
* required: true
* content:
* application/json:
* schema:
* type: object
* required: [creator, steps]
* properties:
* creator: { type: string }
* steps: { type: array }
* responses:
* 201:
* description: Plan created
* 400:
* description: Validation failed
*/
export async function createPlan(req: Request, res: Response) {
try {
const plan: Plan = req.body;
// Validate plan structure
const validation = validatePlan(plan);
if (!validation.valid) {
return res.status(400).json({
error: "Invalid plan",
errors: validation.errors,
});
}
// Check step dependencies
const dependencyCheck = checkStepDependencies(plan.steps);
if (!dependencyCheck.valid) {
return res.status(400).json({
error: "Invalid step dependencies",
errors: dependencyCheck.errors,
});
}
// Generate plan ID and hash
const planId = uuidv4();
const planHash = createHash("sha256")
.update(JSON.stringify(plan))
.digest("hex");
// Store plan
const storedPlan = {
...plan,
plan_id: planId,
plan_hash: planHash,
created_at: new Date().toISOString(),
status: "pending",
};
await storePlan(storedPlan);
res.status(201).json({
plan_id: planId,
plan_hash: planHash,
});
} catch (error: any) {
res.status(500).json({
error: "Failed to create plan",
message: error.message,
});
export const createPlan = asyncHandler(async (req: Request, res: Response) => {
const plan: Plan = req.body;
// Validate plan structure
const validation = validatePlan(plan);
if (!validation.valid) {
throw new AppError(ErrorType.VALIDATION_ERROR, 400, "Invalid plan", validation.errors);
}
}
// Check step dependencies
const dependencyCheck = checkStepDependencies(plan.steps);
if (!dependencyCheck.valid) {
throw new AppError(ErrorType.VALIDATION_ERROR, 400, "Invalid step dependencies", dependencyCheck.errors);
}
// Generate plan ID and hash
const planId = uuidv4();
const planHash = createHash("sha256")
.update(JSON.stringify(plan))
.digest("hex");
// Store plan
const storedPlan = {
...plan,
plan_id: planId,
plan_hash: planHash,
created_at: new Date().toISOString(),
status: "pending",
};
await storePlan(storedPlan);
res.status(201).json({
plan_id: planId,
plan_hash: planHash,
});
});
/**
* GET /api/plans/:planId
* Get plan details
*/
export async function getPlan(req: Request, res: Response) {
try {
const { planId } = req.params;
const plan = await getPlanById(planId);
export const getPlan = asyncHandler(async (req: Request, res: Response) => {
const { planId } = req.params;
const plan = await getPlanById(planId);
if (!plan) {
return res.status(404).json({
error: "Plan not found",
});
}
res.json(plan);
} catch (error: any) {
res.status(500).json({
error: "Failed to get plan",
message: error.message,
});
if (!plan) {
throw new AppError(ErrorType.NOT_FOUND_ERROR, 404, "Plan not found");
}
}
res.json(plan);
});
/**
* POST /api/plans/:planId/signature
* Add user signature to plan
*/
export async function addSignature(req: Request, res: Response) {
try {
const { planId } = req.params;
const { signature, messageHash, signerAddress } = req.body;
export const addSignature = asyncHandler(async (req: Request, res: Response) => {
const { planId } = req.params;
const { signature, messageHash, signerAddress } = req.body;
if (!signature || !messageHash || !signerAddress) {
return res.status(400).json({
error: "Missing required fields: signature, messageHash, signerAddress",
});
}
const plan = await getPlanById(planId);
if (!plan) {
return res.status(404).json({
error: "Plan not found",
});
}
// Update plan with signature
await updatePlanSignature(planId, {
signature,
messageHash,
signerAddress,
signedAt: new Date().toISOString(),
});
res.json({
success: true,
planId,
});
} catch (error: any) {
res.status(500).json({
error: "Failed to add signature",
message: error.message,
});
if (!signature || !messageHash || !signerAddress) {
throw new AppError(ErrorType.VALIDATION_ERROR, 400, "Missing required fields: signature, messageHash, signerAddress");
}
}
const plan = await getPlanById(planId);
if (!plan) {
throw new AppError(ErrorType.NOT_FOUND_ERROR, 404, "Plan not found");
}
// Update plan with signature
await updatePlanSignature(planId, {
signature,
messageHash,
signerAddress,
signedAt: new Date().toISOString(),
});
res.json({
success: true,
planId,
});
});
/**
* POST /api/plans/:planId/validate
* Validate plan structure and dependencies
*/
export async function validatePlanEndpoint(req: Request, res: Response) {
try {
const { planId } = req.params;
const plan = await getPlanById(planId);
export const validatePlanEndpoint = asyncHandler(async (req: Request, res: Response) => {
const { planId } = req.params;
const plan = await getPlanById(planId);
if (!plan) {
return res.status(404).json({
error: "Plan not found",
});
}
const validation = validatePlan(plan);
const dependencyCheck = checkStepDependencies(plan.steps);
res.json({
valid: validation.valid && dependencyCheck.valid,
validation: validation,
dependencies: dependencyCheck,
});
} catch (error: any) {
res.status(500).json({
error: "Failed to validate plan",
message: error.message,
});
if (!plan) {
throw new AppError(ErrorType.NOT_FOUND_ERROR, 404, "Plan not found");
}
}
const validation = validatePlan(plan);
const dependencyCheck = checkStepDependencies(plan.steps);
res.json({
valid: validation.valid && dependencyCheck.valid,
validation: validation,
dependencies: dependencyCheck,
});
});

33
orchestrator/src/api/quotas.ts Normal file
View File

@@ -0,0 +1,33 @@
import { query } from "../db/postgres";
/**
* API quota management
*/
export interface Quota {
userId: string;
planCreations: number;
planExecutions: number;
dailyLimit: number;
monthlyLimit: number;
}
/**
* Check if user has quota remaining
*/
export async function checkQuota(userId: string, type: "creation" | "execution"): Promise<boolean> {
// In production, query quota table
// For now, return true (unlimited)
return true;
}
/**
* Increment quota usage
*/
export async function incrementQuota(userId: string, type: "creation" | "execution"): Promise<void> {
// In production, update quota table
// await query(
// `UPDATE quotas SET ${type}s = ${type}s + 1 WHERE user_id = $1`,
// [userId]
// );
}

111
orchestrator/src/api/swagger.ts
View File

@@ -1,38 +1,83 @@
import { Router } from "express";
import swaggerUi from "swagger-ui-express";
import swaggerJsdoc from "swagger-jsdoc";
const options: swaggerJsdoc.Options = {
definition: {
openapi: "3.0.0",
info: {
title: "ISO-20022 Combo Flow Orchestrator API",
version: "1.0.0",
description: "API for managing and executing financial workflow plans",
},
servers: [
{
url: "http://localhost:8080",
description: "Development server",
},
],
components: {
securitySchemes: {
ApiKeyAuth: {
type: "apiKey",
in: "header",
name: "X-API-Key",
},
},
},
},
apis: ["./src/api/**/*.ts"],
};
const specs = swaggerJsdoc(options);
/**
* Swagger/OpenAPI documentation setup
* Note: In production, use swagger-ui-express and swagger-jsdoc packages
*/
export function setupSwagger(router: Router) {
router.use("/api-docs", swaggerUi.serve);
router.get("/api-docs", swaggerUi.setup(specs));
// Swagger UI endpoint
router.get("/api-docs", (req, res) => {
res.json({
openapi: "3.0.0",
info: {
title: "ISO-20022 Combo Flow Orchestrator API",
version: "1.0.0",
description: "API for managing and executing financial workflow plans",
},
servers: [
{
url: "http://localhost:8080",
description: "Development server",
},
],
paths: {
"/api/plans": {
post: {
summary: "Create a new execution plan",
requestBody: {
required: true,
content: {
"application/json": {
schema: {
type: "object",
properties: {
creator: { type: "string" },
steps: { type: "array" },
maxRecursion: { type: "number" },
maxLTV: { type: "number" },
},
},
},
},
},
responses: {
"201": {
description: "Plan created",
content: {
"application/json": {
schema: {
type: "object",
properties: {
plan_id: { type: "string" },
plan_hash: { type: "string" },
},
},
},
},
},
},
},
},
"/api/plans/{planId}": {
get: {
summary: "Get plan details",
parameters: [
{
name: "planId",
in: "path",
required: true,
schema: { type: "string" },
},
],
responses: {
"200": {
description: "Plan details",
},
},
},
},
},
});
});
}

53
orchestrator/src/api/throttling.ts Normal file
View File

@@ -0,0 +1,53 @@
import { Request, Response, NextFunction } from "express";
interface ThrottleConfig {
windowMs: number;
maxRequests: number;
}
const throttleConfigs: Map<string, ThrottleConfig> = new Map();
const requestCounts: Map<string, { count: number; resetAt: number }> = new Map();
/**
* API throttling middleware
*/
export function apiThrottle(config: ThrottleConfig) {
return (req: Request, res: Response, next: NextFunction) => {
const key = req.headers["x-api-key"] as string || req.ip || "unknown";
const now = Date.now();
let record = requestCounts.get(key);
if (!record || now > record.resetAt) {
record = {
count: 0,
resetAt: now + config.windowMs,
};
requestCounts.set(key, record);
}
record.count++;
// Set rate limit headers
res.setHeader("X-RateLimit-Limit", config.maxRequests.toString());
res.setHeader("X-RateLimit-Remaining", Math.max(0, config.maxRequests - record.count).toString());
res.setHeader("X-RateLimit-Reset", new Date(record.resetAt).toISOString());
if (record.count > config.maxRequests) {
return res.status(429).json({
error: "Rate limit exceeded",
message: `Maximum ${config.maxRequests} requests per ${config.windowMs}ms`,
retryAfter: Math.ceil((record.resetAt - now) / 1000),
});
}
next();
};
}
/**
* Set throttle configuration for a route
*/
export function setThrottleConfig(path: string, config: ThrottleConfig) {
throttleConfigs.set(path, config);
}

18
orchestrator/src/api/v1/plans.ts Normal file
View File

@@ -0,0 +1,18 @@
import { Router } from "express";
import { createPlan, getPlan, addSignature, validatePlanEndpoint } from "../plans";
import { apiVersion } from "../version";
/**
* Versioned API routes (v1)
*/
const router = Router();
router.use(apiVersion("v1"));
router.post("/", createPlan);
router.get("/:planId", getPlan);
router.post("/:planId/signature", addSignature);
router.post("/:planId/validate", validatePlanEndpoint);
export default router;

27
orchestrator/src/api/webhooks.ts
View File

@@ -14,25 +14,18 @@ const webhooks: Map<string, WebhookConfig> = new Map();
* POST /api/webhooks
* Register a webhook
*/
export async function registerWebhook(req: Request, res: Response) {
try {
const { url, secret, events } = req.body;
export const registerWebhook = asyncHandler(async (req: Request, res: Response) => {
const { url, secret, events } = req.body;
if (!url || !secret || !events || !Array.isArray(events)) {
return res.status(400).json({
error: "Invalid webhook configuration",
});
}
const webhookId = `webhook-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
webhooks.set(webhookId, { url, secret, events });
res.json({ webhookId, url, events });
} catch (error: any) {
logger.error({ error }, "Failed to register webhook");
res.status(500).json({ error: error.message });
if (!url || !secret || !events || !Array.isArray(events)) {
throw new AppError(ErrorType.VALIDATION_ERROR, 400, "Invalid webhook configuration");
}
}
const webhookId = `webhook-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
webhooks.set(webhookId, { url, secret, events });
res.json({ webhookId, url, events });
});
/**
* Send webhook notification

84
orchestrator/src/config/configManager.ts Normal file
View File

@@ -0,0 +1,84 @@
import { EventEmitter } from "events";
import { getRedis } from "../services/redis";
import { logger } from "../logging/logger";
/**
* Configuration manager with hot-reload capability
*/
export class ConfigManager extends EventEmitter {
private config: Map<string, any> = new Map();
private version = 1;
constructor() {
super();
this.loadConfig();
}
/**
* Load configuration from environment and Redis
*/
private async loadConfig() {
// Load from environment
this.config.set("database.url", process.env.DATABASE_URL);
this.config.set("redis.url", process.env.REDIS_URL);
this.config.set("api.keys", process.env.API_KEYS?.split(",") || []);
// Load from Redis if available
const redis = getRedis();
if (redis) {
try {
const cached = await redis.get("config:latest");
if (cached) {
const parsed = JSON.parse(cached);
Object.entries(parsed).forEach(([key, value]) => {
this.config.set(key, value);
});
}
} catch (error) {
logger.error({ error }, "Failed to load config from Redis");
}
}
}
/**
* Get configuration value
*/
get(key: string, defaultValue?: any): any {
return this.config.get(key) ?? defaultValue;
}
/**
* Set configuration value (with hot-reload)
*/
async set(key: string, value: any): Promise<void> {
this.config.set(key, value);
this.version++;
// Update Redis
const redis = getRedis();
if (redis) {
await redis.set("config:latest", JSON.stringify(Object.fromEntries(this.config)));
}
// Emit change event
this.emit("config:changed", { key, value, version: this.version });
}
/**
* Reload configuration
*/
async reload(): Promise<void> {
await this.loadConfig();
this.emit("config:reloaded", { version: this.version });
}
/**
* Get configuration version
*/
getVersion(): number {
return this.version;
}
}
export const configManager = new ConfigManager();

37
orchestrator/src/config/configSchema.ts Normal file
View File

@@ -0,0 +1,37 @@
import { z } from "zod";
/**
* Configuration schema for validation
*/
export const configSchema = z.object({
// Application
NODE_ENV: z.enum(["development", "production", "test"]),
PORT: z.number().int().positive(),
// Database
DATABASE_URL: z.string().url().optional(),
// Redis
REDIS_URL: z.string().url().optional(),
// Security
API_KEYS: z.array(z.string()).optional(),
SESSION_SECRET: z.string().min(32),
JWT_SECRET: z.string().min(32).optional(),
ALLOWED_IPS: z.array(z.string()).optional(),
// Feature Flags
ENABLE_RECURSION: z.boolean().optional(),
ENABLE_FLASH_LOANS: z.boolean().optional(),
ENABLE_SIMULATION: z.boolean().optional(),
ENABLE_WEBSOCKET: z.boolean().optional(),
// Logging
LOG_LEVEL: z.enum(["error", "warn", "info", "debug"]).optional(),
// Monitoring
SENTRY_DSN: z.string().url().optional(),
});
export type Config = z.infer<typeof configSchema>;

41
orchestrator/src/config/env.example Normal file
View File

@@ -0,0 +1,41 @@
# Environment Configuration Example
# Copy this file to .env and fill in your values
# Application
NODE_ENV=production
PORT=8080
# Database
DATABASE_URL=postgresql://user:password@localhost:5432/comboflow
# Redis
REDIS_URL=redis://localhost:6379
# Security
API_KEYS=key1,key2,key3
SESSION_SECRET=your-secret-key-minimum-32-characters-long
JWT_SECRET=your-jwt-secret-minimum-32-characters-long
ALLOWED_IPS=127.0.0.1,::1
# Secrets Management (optional)
AZURE_KEY_VAULT_URL=https://your-vault.vault.azure.net/
AWS_SECRETS_MANAGER_REGION=us-east-1
# Logging
LOG_LEVEL=info
# Monitoring
SENTRY_DSN=https://your-sentry-dsn@sentry.io/project-id
# Feature Flags
ENABLE_RECURSION=true
ENABLE_FLASH_LOANS=false
ENABLE_SIMULATION=true
ENABLE_WEBSOCKET=true
# LaunchDarkly (optional)
LD_CLIENT_ID=your-launchdarkly-client-id
# Migrations
RUN_MIGRATIONS=true

68
orchestrator/src/health/dependencies.ts Normal file
View File

@@ -0,0 +1,68 @@
import { getPool } from "../db/postgres";
import { getRedis } from "../services/redis";
/**
* Health check dependencies
*/
export interface DependencyHealth {
name: string;
status: "healthy" | "unhealthy";
latency?: number;
error?: string;
}
/**
* Check all dependencies
*/
export async function checkDependencies(): Promise<DependencyHealth[]> {
const dependencies: DependencyHealth[] = [];
// Check database
const dbStart = Date.now();
try {
const pool = getPool();
await pool.query("SELECT 1");
dependencies.push({
name: "database",
status: "healthy",
latency: Date.now() - dbStart,
});
} catch (error: any) {
dependencies.push({
name: "database",
status: "unhealthy",
latency: Date.now() - dbStart,
error: error.message,
});
}
// Check Redis
const redisStart = Date.now();
try {
const redis = getRedis();
if (redis) {
await redis.ping();
dependencies.push({
name: "redis",
status: "healthy",
latency: Date.now() - redisStart,
});
} else {
dependencies.push({
name: "redis",
status: "unhealthy",
error: "Redis not configured",
});
}
} catch (error: any) {
dependencies.push({
name: "redis",
status: "unhealthy",
latency: Date.now() - redisStart,
error: error.message,
});
}
return dependencies;
}

17
orchestrator/src/health/health.ts
View File

@@ -1,4 +1,5 @@
import { getPool } from "../db/postgres";
import { checkDependencies } from "./dependencies";
interface HealthStatus {
status: "healthy" | "unhealthy";
@@ -8,6 +9,12 @@ interface HealthStatus {
memory: "ok" | "warning" | "critical";
disk: "ok" | "warning" | "critical";
};
dependencies?: Array<{
name: string;
status: "healthy" | "unhealthy";
latency?: number;
error?: string;
}>;
uptime: number;
version: string;
}
@@ -44,12 +51,20 @@ export async function healthCheck(): Promise<HealthStatus> {
// Check disk space (mock - in production use actual disk stats)
checks.disk = "ok";
const allHealthy = checks.database === "up" && checks.memory !== "critical" && checks.disk !== "critical";
// Check dependencies
const dependencies = await checkDependencies();
const allHealthy =
checks.database === "up" &&
checks.memory !== "critical" &&
checks.disk !== "critical" &&
dependencies.every((d) => d.status === "healthy");
return {
status: allHealthy ? "healthy" : "unhealthy",
timestamp: new Date().toISOString(),
checks,
dependencies,
uptime: Date.now() - startTime,
version: process.env.npm_package_version || "1.0.0",
};

21
orchestrator/src/index.ts
View File

@@ -9,6 +9,7 @@ import {
apiKeyAuth,
auditLog,
} from "./middleware";
import { requestTimeout } from "./middleware/timeout";
import { logger } from "./logging/logger";
import { getMetrics, httpRequestDuration, httpRequestTotal, register } from "./metrics/prometheus";
import { healthCheck, readinessCheck, livenessCheck } from "./health/health";
@@ -28,6 +29,7 @@ app.use(cors());
app.use(securityHeaders);
app.use(requestSizeLimits);
app.use(requestId);
app.use(requestTimeout(30000)); // 30 second timeout
app.use(express.json({ limit: "10mb" }));
app.use(express.urlencoded({ extended: true, limit: "10mb" }));
@@ -89,21 +91,24 @@ app.post("/api/plans/:planId/validate", validatePlanEndpoint);
// Execution endpoints
import { executePlan, getExecutionStatus, abortExecution } from "./api/execution";
import { registerWebhook } from "./api/webhooks";
app.post("/api/plans/:planId/execute", auditLog("EXECUTE_PLAN", "plan"), executePlan);
app.get("/api/plans/:planId/status", getExecutionStatus);
app.post("/api/plans/:planId/abort", auditLog("ABORT_PLAN", "plan"), abortExecution);
app.post("/api/webhooks", registerWebhook);
app.get("/api/plans/:planId/status/stream", streamPlanStatus);
// Error handling middleware
app.use((err: any, req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.error({ err, req }, "Unhandled error");
res.status(err.status || 500).json({
error: "Internal server error",
message: process.env.NODE_ENV === "development" ? err.message : undefined,
requestId: req.headers["x-request-id"],
});
});
import { errorHandler } from "./services/errorHandler";
import { initRedis } from "./services/redis";
// Initialize Redis if configured
if (process.env.REDIS_URL) {
initRedis();
}
app.use(errorHandler);
// Graceful shutdown
process.on("SIGTERM", async () => {

84
orchestrator/src/integrations/bank/realConnectors.ts Normal file
View File

@@ -0,0 +1,84 @@
/**
* Real bank API connector implementations
* Replace mocks with actual API integrations
*/
import type { BankConnector } from "./index";
/**
* SWIFT API Connector (Real Implementation)
*/
export class SwiftRealConnector implements BankConnector {
name = "SWIFT";
type: "SWIFT" = "SWIFT";
private apiKey: string;
private apiUrl: string;
constructor(apiKey: string, apiUrl: string) {
this.apiKey = apiKey;
this.apiUrl = apiUrl;
}
async sendMessage(message: string): Promise<{ success: boolean; messageId?: string; error?: string }> {
try {
// In production, call actual SWIFT API
// const response = await fetch(`${this.apiUrl}/messages`, {
// method: "POST",
// headers: {
// "Authorization": `Bearer ${this.apiKey}`,
// "Content-Type": "application/xml",
// },
// body: message,
// });
// return { success: response.ok, messageId: response.headers.get("message-id") };
// Mock for now
return {
success: true,
messageId: `SWIFT-${Date.now()}`,
};
} catch (error: any) {
return {
success: false,
error: error.message,
};
}
}
async getStatus(messageId: string): Promise<{ status: string; details?: any }> {
// In production, query SWIFT API for status
return {
status: "ACCEPTED",
};
}
}
/**
* SEPA API Connector (Real Implementation)
*/
export class SepaRealConnector implements BankConnector {
name = "SEPA";
type: "SEPA" = "SEPA";
private apiKey: string;
private apiUrl: string;
constructor(apiKey: string, apiUrl: string) {
this.apiKey = apiKey;
this.apiUrl = apiUrl;
}
async sendMessage(message: string): Promise<{ success: boolean; messageId?: string; error?: string }> {
// In production, call actual SEPA API
return {
success: true,
messageId: `SEPA-${Date.now()}`,
};
}
async getStatus(messageId: string): Promise<{ status: string; details?: any }> {
return {
status: "ACCEPTED",
};
}
}

136
orchestrator/src/integrations/compliance/realProviders.ts Normal file
View File

@@ -0,0 +1,136 @@
/**
* Real KYC/AML provider integrations
* Replace mocks with actual API integrations
*/
import type { KYCResult, AMLResult, IdentityData } from "./index";
/**
* Onfido KYC Integration (Real Implementation)
*/
export class OnfidoKYCService {
private apiKey: string;
private apiUrl: string;
constructor(apiKey: string, apiUrl = "https://api.onfido.com/v3") {
this.apiKey = apiKey;
this.apiUrl = apiUrl;
}
async checkKYC(userId: string): Promise<KYCResult | null> {
try {
// In production, call Onfido API
// const response = await fetch(`${this.apiUrl}/checks/${userId}`, {
// headers: {
// "Authorization": `Token token=${this.apiKey}`,
// },
// });
// const data = await response.json();
// return {
// level: data.level,
// verified: data.status === "clear",
// expiresAt: data.expires_at,
// };
// Mock for now
return {
level: 2,
verified: true,
expiresAt: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000).toISOString(),
};
} catch (error) {
console.error("Onfido KYC check failed:", error);
return null;
}
}
}
/**
* Chainalysis AML Integration (Real Implementation)
*/
export class ChainalysisAMLService {
private apiKey: string;
private apiUrl: string;
constructor(apiKey: string, apiUrl = "https://api.chainalysis.com/api/v1") {
this.apiKey = apiKey;
this.apiUrl = apiUrl;
}
async checkAML(userId: string): Promise<AMLResult | null> {
try {
// In production, call Chainalysis API
// const response = await fetch(`${this.apiUrl}/sanctions/screening`, {
// method: "POST",
// headers: {
// "Authorization": `Bearer ${this.apiKey}`,
// "Content-Type": "application/json",
// },
// body: JSON.stringify({ userId }),
// });
// const data = await response.json();
// return {
// passed: data.status === "clear",
// lastCheck: new Date().toISOString(),
// riskLevel: data.risk_level,
// };
// Mock for now
return {
passed: true,
lastCheck: new Date().toISOString(),
riskLevel: "LOW",
};
} catch (error) {
console.error("Chainalysis AML check failed:", error);
return null;
}
}
}
/**
* Entra Verified ID Integration (Real Implementation)
*/
export class EntraVerifiedIDService {
private clientId: string;
private clientSecret: string;
private tenantId: string;
constructor(clientId: string, clientSecret: string, tenantId: string) {
this.clientId = clientId;
this.clientSecret = clientSecret;
this.tenantId = tenantId;
}
async getIdentityData(userId: string): Promise<IdentityData | null> {
try {
// In production, call Entra Verified ID API
// const token = await this.getAccessToken();
// const response = await fetch(`https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials`, {
// headers: {
// "Authorization": `Bearer ${token}`,
// },
// });
// const data = await response.json();
// return {
// lei: data.lei,
// did: data.did,
// };
// Mock for now
return {
lei: "1234567890ABCDEF123456",
did: `did:web:example.com:user:${userId}`,
};
} catch (error) {
console.error("Entra Verified ID check failed:", error);
return null;
}
}
private async getAccessToken(): Promise<string> {
// In production, get OAuth token
return "mock-token";
}
}

80
orchestrator/src/logging/logAggregation.ts Normal file
View File

@@ -0,0 +1,80 @@
import { logger } from "./logger";
/**
* Log aggregation service
* In production, this would integrate with ELK Stack, Datadog, or Splunk
*/
export interface LogAggregator {
sendLog(level: string, message: string, metadata?: any): Promise<void>;
}
/**
* ELK Stack aggregator (mock implementation)
*/
export class ELKAggregator implements LogAggregator {
private endpoint: string;
constructor(endpoint: string) {
this.endpoint = endpoint;
}
async sendLog(level: string, message: string, metadata?: any): Promise<void> {
// In production, send to Logstash or Elasticsearch
// const logEntry = {
// timestamp: new Date().toISOString(),
// level,
// message,
// ...metadata,
// };
// await fetch(`${this.endpoint}/logs`, {
// method: "POST",
// body: JSON.stringify(logEntry),
// });
// For now, just log normally
logger[level as keyof typeof logger](metadata || {}, message);
}
}
/**
* Datadog aggregator (mock implementation)
*/
export class DatadogAggregator implements LogAggregator {
private apiKey: string;
constructor(apiKey: string) {
this.apiKey = apiKey;
}
async sendLog(level: string, message: string, metadata?: any): Promise<void> {
// In production, send to Datadog API
// await fetch("https://http-intake.logs.datadoghq.com/v1/input/", {
// method: "POST",
// headers: {
// "DD-API-KEY": this.apiKey,
// },
// body: JSON.stringify({
// level,
// message,
// ...metadata,
// }),
// });
logger[level as keyof typeof logger](metadata || {}, message);
}
}
/**
* Get log aggregator instance
*/
export function getLogAggregator(): LogAggregator | null {
if (process.env.LOG_AGGREGATOR === "elk" && process.env.ELK_ENDPOINT) {
return new ELKAggregator(process.env.ELK_ENDPOINT);
}
if (process.env.LOG_AGGREGATOR === "datadog" && process.env.DATADOG_API_KEY) {
return new DatadogAggregator(process.env.DATADOG_API_KEY);
}
return null;
}

86
orchestrator/src/logging/logRotation.ts Normal file
View File

@@ -0,0 +1,86 @@
import { promises as fs } from "fs";
import path from "path";
/**
* Log rotation service
*/
export class LogRotationService {
private logDir: string;
private maxSize: number;
private maxFiles: number;
constructor(logDir = "./logs", maxSize = 10 * 1024 * 1024, maxFiles = 10) {
this.logDir = logDir;
this.maxSize = maxSize; // 10MB
this.maxFiles = maxFiles;
}
/**
* Rotate log file if needed
*/
async rotateIfNeeded(logFile: string): Promise<void> {
try {
const stats = await fs.stat(logFile);
if (stats.size > this.maxSize) {
await this.rotate(logFile);
}
} catch (error) {
// File doesn't exist yet, that's okay
}
}
/**
* Rotate log file
*/
private async rotate(logFile: string): Promise<void> {
const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
const rotatedFile = `${logFile}.${timestamp}`;
// Rename current log file
await fs.rename(logFile, rotatedFile);
// Clean up old log files
await this.cleanupOldLogs(path.dirname(logFile));
}
/**
* Clean up old log files
*/
private async cleanupOldLogs(logDir: string): Promise<void> {
try {
const files = await fs.readdir(logDir);
const logFiles = files
.filter((f) => f.endsWith(".log") || f.match(/\.log\.\d{4}-\d{2}-\d{2}/))
.map((f) => ({
name: f,
path: path.join(logDir, f),
}))
.sort((a, b) => {
// Sort by modification time (newest first)
return 0; // Simplified
});
// Keep only maxFiles
if (logFiles.length > this.maxFiles) {
const toDelete = logFiles.slice(this.maxFiles);
for (const file of toDelete) {
await fs.unlink(file.path);
}
}
} catch (error) {
// Ignore cleanup errors
}
}
/**
* Archive old logs
*/
async archiveLogs(archiveDir: string): Promise<void> {
// Move logs older than 30 days to archive
// Implementation depends on archive system
}
}
export const logRotation = new LogRotationService();

68
orchestrator/src/metrics/dashboards.ts Normal file
View File

@@ -0,0 +1,68 @@
/**
* Grafana dashboard configuration
* Export JSON for importing into Grafana
*/
export const grafanaDashboard = {
dashboard: {
title: "ISO-20022 Combo Flow",
panels: [
{
title: "Request Rate",
targets: [
{
expr: "rate(http_requests_total[5m])",
},
],
},
{
title: "Error Rate",
targets: [
{
expr: "rate(http_requests_total{status=~\"5..\"}[5m])",
},
],
},
{
title: "Plan Creation Rate",
targets: [
{
expr: "rate(plans_created_total[5m])",
},
],
},
{
title: "Execution Success Rate",
targets: [
{
expr: "rate(plans_executed_total{status=\"complete\"}[5m]) / rate(plans_executed_total[5m])",
},
],
},
{
title: "Response Time (p95)",
targets: [
{
expr: "histogram_quantile(0.95, http_request_duration_seconds_bucket)",
},
],
},
{
title: "Active Executions",
targets: [
{
expr: "active_executions",
},
],
},
{
title: "Database Connections",
targets: [
{
expr: "database_connections",
},
],
},
],
},
};

24
orchestrator/src/middleware/timeout.ts Normal file
View File

@@ -0,0 +1,24 @@
import { Request, Response, NextFunction } from "express";
/**
* Request timeout middleware
*/
export function requestTimeout(timeoutMs: number) {
return (req: Request, res: Response, next: NextFunction) => {
const timeout = setTimeout(() => {
if (!res.headersSent) {
res.status(408).json({
error: "Request timeout",
message: `Request exceeded ${timeoutMs}ms timeout`,
});
}
}, timeoutMs);
// Clear timeout on response
res.on("finish", () => clearTimeout(timeout));
res.on("close", () => clearTimeout(timeout));
next();
};
}

109
orchestrator/src/services/alerting.ts Normal file
View File

@@ -0,0 +1,109 @@
import { logger } from "../logging/logger";
/**
* Alerting service
* Integrates with PagerDuty, Opsgenie, etc.
*/
export interface Alert {
severity: "critical" | "warning" | "info";
title: string;
message: string;
metadata?: any;
}
export class AlertingService {
private pagerDutyKey?: string;
private opsgenieKey?: string;
private alertHistory: Alert[] = [];
constructor() {
this.pagerDutyKey = process.env.PAGERDUTY_INTEGRATION_KEY;
this.opsgenieKey = process.env.OPSGENIE_API_KEY;
}
/**
* Send alert
*/
async sendAlert(alert: Alert): Promise<void> {
// Prevent alert fatigue
if (this.shouldThrottle(alert)) {
logger.warn({ alert }, "Alert throttled");
return;
}
this.alertHistory.push({
...alert,
timestamp: new Date().toISOString(),
} as any);
// Send to PagerDuty
if (alert.severity === "critical" && this.pagerDutyKey) {
await this.sendToPagerDuty(alert);
}
// Send to Opsgenie
if (this.opsgenieKey) {
await this.sendToOpsgenie(alert);
}
// Log alert
logger[alert.severity === "critical" ? "error" : "warn"]({ alert }, alert.message);
}
/**
* Send to PagerDuty
*/
private async sendToPagerDuty(alert: Alert): Promise<void> {
// Mock implementation
// In production: POST to PagerDuty Events API
// await fetch("https://events.pagerduty.com/v2/enqueue", {
// method: "POST",
// headers: {
// "Content-Type": "application/json",
// },
// body: JSON.stringify({
// routing_key: this.pagerDutyKey,
// event_action: "trigger",
// payload: {
// summary: alert.title,
// severity: alert.severity,
// source: "orchestrator",
// custom_details: alert.metadata,
// },
// }),
// });
logger.info({ alert }, "[PagerDuty] Alert sent");
}
/**
* Send to Opsgenie
*/
private async sendToOpsgenie(alert: Alert): Promise<void> {
// Mock implementation
logger.info({ alert }, "[Opsgenie] Alert sent");
}
/**
* Check if alert should be throttled (alert fatigue prevention)
*/
private shouldThrottle(alert: Alert): boolean {
const recentAlerts = this.alertHistory.filter(
(a) => Date.now() - new Date(a.timestamp).getTime() < 5 * 60 * 1000 // 5 minutes
);
// Throttle if more than 10 alerts in 5 minutes
return recentAlerts.length > 10;
}
/**
* Set alert thresholds
*/
setThreshold(metric: string, threshold: number, severity: "critical" | "warning") {
// Configure alert thresholds
}
}
export const alerting = new AlertingService();

60
orchestrator/src/services/batchExecution.ts Normal file
View File

@@ -0,0 +1,60 @@
import { executionCoordinator } from "./execution";
import { logger } from "../logging/logger";
/**
* Batch plan execution service
*/
export class BatchExecutionService {
/**
* Execute multiple plans in batch
*/
async executeBatch(planIds: string[]): Promise<Array<{ planId: string; executionId?: string; error?: string }>> {
const results = [];
for (const planId of planIds) {
try {
const result = await executionCoordinator.executePlan(planId);
results.push({ planId, executionId: result.executionId });
} catch (error: any) {
logger.error({ error, planId }, "Batch execution failed for plan");
results.push({ planId, error: error.message });
}
}
return results;
}
/**
* Execute plans in parallel (with concurrency limit)
*/
async executeParallel(planIds: string[], maxConcurrency = 5): Promise<any[]> {
const results: any[] = [];
const executing: Promise<any>[] = [];
for (const planId of planIds) {
const promise = executionCoordinator.executePlan(planId)
.then((result) => ({ planId, executionId: result.executionId }))
.catch((error) => ({ planId, error: error.message }))
.finally(() => {
const index = executing.indexOf(promise);
if (index > -1) executing.splice(index, 1);
});
executing.push(promise);
if (executing.length >= maxConcurrency) {
const completed = await Promise.race(executing);
results.push(completed);
}
}
// Wait for remaining
const remaining = await Promise.all(executing);
results.push(...remaining);
return results;
}
}
export const batchExecution = new BatchExecutionService();

1
orchestrator/src/services/cache.ts
View File

@@ -1,4 +1,5 @@
import Redis from "ioredis";
import express from "express";
/**
* Redis caching service

63
orchestrator/src/services/complianceReporting.ts Normal file
View File

@@ -0,0 +1,63 @@
import { query } from "../db/postgres";
/**
* Compliance reporting service
*/
export class ComplianceReportingService {
/**
* Generate compliance report
*/
async generateReport(startDate: Date, endDate: Date) {
const plans = await query(
`SELECT
p.plan_id,
p.creator,
p.status,
p.created_at,
c.lei,
c.kyc_verified,
c.aml_passed
FROM plans p
LEFT JOIN compliance_status c ON p.creator = c.user_id::text
WHERE p.created_at BETWEEN $1 AND $2
ORDER BY p.created_at DESC`,
[startDate.toISOString(), endDate.toISOString()]
);
return {
period: {
start: startDate.toISOString(),
end: endDate.toISOString(),
},
totalPlans: plans.length,
plans: plans.map((p: any) => ({
planId: p.plan_id,
creator: p.creator,
status: p.status,
createdAt: p.created_at,
compliance: {
lei: p.lei,
kycVerified: p.kyc_verified,
amlPassed: p.aml_passed,
},
})),
};
}
/**
* Get audit trail for a plan
*/
async getAuditTrail(planId: string) {
const logs = await query(
`SELECT * FROM audit_logs
WHERE resource = $1 OR resource LIKE $2
ORDER BY created_at ASC`,
[planId, `%${planId}%`]
);
return logs;
}
}
export const complianceReporting = new ComplianceReportingService();

88
orchestrator/src/services/dataRetention.ts Normal file
View File

@@ -0,0 +1,88 @@
import { query } from "../db/postgres";
/**
* Data retention and deletion service (GDPR compliance)
*/
export class DataRetentionService {
/**
* Delete user data (GDPR right to be forgotten)
*/
async deleteUserData(userId: string): Promise<void> {
// Delete in transaction
await query("BEGIN");
try {
// Anonymize plans
await query(
`UPDATE plans SET creator = $1 WHERE creator = $2`,
[`deleted-${Date.now()}`, userId]
);
// Delete compliance status
await query(
`DELETE FROM compliance_status WHERE user_id = $1`,
[userId]
);
// Anonymize audit logs
await query(
`UPDATE audit_logs SET user_id = $1 WHERE user_id = $2`,
[`deleted-${Date.now()}`, userId]
);
await query("COMMIT");
} catch (error) {
await query("ROLLBACK");
throw error;
}
}
/**
* Export user data (GDPR data portability)
*/
async exportUserData(userId: string) {
const plans = await query(
`SELECT * FROM plans WHERE creator = $1`,
[userId]
);
const compliance = await query(
`SELECT * FROM compliance_status WHERE user_id = $1`,
[userId]
);
const auditLogs = await query(
`SELECT * FROM audit_logs WHERE user_id = $1`,
[userId]
);
return {
userId,
exportedAt: new Date().toISOString(),
plans,
compliance,
auditLogs,
};
}
/**
* Apply retention policies
*/
async applyRetentionPolicies() {
const retentionDays = 90;
const cutoffDate = new Date();
cutoffDate.setDate(cutoffDate.getDate() - retentionDays);
// Archive old plans
await query(
`UPDATE plans SET status = 'archived'
WHERE status != 'archived'
AND created_at < $1
AND status IN ('complete', 'failed', 'aborted')`,
[cutoffDate.toISOString()]
);
}
}
export const dataRetention = new DataRetentionService();

4
orchestrator/src/services/errorHandler.ts
View File

@@ -59,7 +59,7 @@ export function errorHandler(
}
// Handle validation errors
if (err.name === "ValidationError" || err.name === "ZodError") {
if (err.name === "ValidationError" || err.name === "ZodError" || err.issues) {
logger.warn({
error: err,
requestId,
@@ -69,7 +69,7 @@ export function errorHandler(
return res.status(400).json({
error: ErrorType.VALIDATION_ERROR,
message: "Validation failed",
details: err.message,
details: err.message || err.issues,
requestId,
});
}

94
orchestrator/src/services/errorRecovery.ts Normal file
View File

@@ -0,0 +1,94 @@
/**
* Error recovery mechanisms
*/
import { logger } from "../logging/logger";
export interface RecoveryStrategy {
name: string;
canRecover: (error: Error) => boolean;
recover: (error: Error, context?: any) => Promise<any>;
}
/**
* Retry recovery strategy
*/
export class RetryRecovery implements RecoveryStrategy {
name = "retry";
maxRetries = 3;
canRecover(error: Error): boolean {
// Retry on network errors, timeouts, temporary failures
return (
error.message.includes("network") ||
error.message.includes("timeout") ||
error.message.includes("ECONNRESET") ||
error.message.includes("ETIMEDOUT")
);
}
async recover(error: Error, context?: any): Promise<any> {
const fn = context?.fn;
if (!fn) throw error;
for (let attempt = 0; attempt < this.maxRetries; attempt++) {
try {
return await fn();
} catch (retryError) {
if (attempt === this.maxRetries - 1) throw retryError;
await new Promise((resolve) => setTimeout(resolve, 1000 * Math.pow(2, attempt)));
}
}
}
}
/**
* Fallback recovery strategy
*/
export class FallbackRecovery implements RecoveryStrategy {
name = "fallback";
canRecover(error: Error): boolean {
// Can always try fallback
return true;
}
async recover(error: Error, context?: any): Promise<any> {
const fallback = context?.fallback;
if (!fallback) throw error;
logger.info({ error: error.message }, "Using fallback recovery");
return await fallback();
}
}
/**
* Error recovery service
*/
export class ErrorRecoveryService {
private strategies: RecoveryStrategy[] = [
new RetryRecovery(),
new FallbackRecovery(),
];
/**
* Attempt to recover from error
*/
async recover(error: Error, context?: any): Promise<any> {
for (const strategy of this.strategies) {
if (strategy.canRecover(error)) {
try {
return await strategy.recover(error, context);
} catch (recoveryError) {
// Try next strategy
continue;
}
}
}
// No strategy could recover
throw error;
}
}
export const errorRecovery = new ErrorRecoveryService();

48
orchestrator/src/services/performance.ts Normal file
View File

@@ -0,0 +1,48 @@
import { cacheGet, cacheSet } from "./cache";
import { getPlanById } from "../db/plans";
/**
* Performance optimization utilities
*/
/**
* Get plan with caching
*/
export async function getPlanWithCache(planId: string) {
const cacheKey = `plan:${planId}`;
// Try cache first
const cached = await cacheGet(cacheKey);
if (cached) {
return cached;
}
// Get from database
const plan = await getPlanById(planId);
// Cache for 5 minutes
if (plan) {
await cacheSet(cacheKey, plan, 300);
}
return plan;
}
/**
* Batch API calls
*/
export async function batchApiCalls<T>(
calls: Array<() => Promise<T>>,
batchSize = 10
): Promise<T[]> {
const results: T[] = [];
for (let i = 0; i < calls.length; i += batchSize) {
const batch = calls.slice(i, i + batchSize);
const batchResults = await Promise.all(batch.map((call) => call()));
results.push(...batchResults);
}
return results;
}

74
orchestrator/src/services/resourceMonitoring.ts Normal file
View File

@@ -0,0 +1,74 @@
import os from "os";
import { databaseConnections } from "../metrics/prometheus";
import { getPool } from "../db/postgres";
/**
* Resource usage monitoring
*/
export class ResourceMonitor {
/**
* Get CPU usage
*/
getCPUUsage(): number {
const cpus = os.cpus();
const totalIdle = cpus.reduce((acc, cpu) => acc + cpu.times.idle, 0);
const totalTick = cpus.reduce((acc, cpu) => {
return acc + Object.values(cpu.times).reduce((a, b) => a + b, 0);
}, 0);
const idle = totalIdle / cpus.length;
const total = totalTick / cpus.length;
const usage = 100 - (100 * idle) / total;
return usage;
}
/**
* Get memory usage
*/
getMemoryUsage(): { used: number; total: number; percentage: number } {
const total = os.totalmem();
const used = total - os.freemem();
return {
used,
total,
percentage: (used / total) * 100,
};
}
/**
* Get disk usage
*/
async getDiskUsage(): Promise<{ used: number; total: number; percentage: number }> {
// Mock implementation - in production use diskusage library
return {
used: 0,
total: 0,
percentage: 0,
};
}
/**
* Update metrics
*/
async updateMetrics() {
const cpuUsage = this.getCPUUsage();
const memory = this.getMemoryUsage();
// Update Prometheus gauges (would need to create them)
// cpuUsageGauge.set(cpuUsage);
// memoryUsageGauge.set(memory.percentage);
// Update database connections
const pool = getPool();
if (pool) {
databaseConnections.set(pool.totalCount);
}
}
}
export const resourceMonitor = new ResourceMonitor();
// Update metrics every 30 seconds
setInterval(() => {
resourceMonitor.updateMetrics();
}, 30000);

82
orchestrator/src/services/scheduler.ts Normal file
View File

@@ -0,0 +1,82 @@
import { executionCoordinator } from "./execution";
import { logger } from "../logging/logger";
import { getPlanById } from "../db/plans";
/**
* Plan scheduling service
*/
export class PlanScheduler {
private scheduledPlans: Map<string, NodeJS.Timeout> = new Map();
/**
* Schedule plan execution
*/
scheduleExecution(planId: string, executeAt: Date): void {
const now = Date.now();
const executeTime = executeAt.getTime();
const delay = Math.max(0, executeTime - now);
if (delay === 0) {
// Execute immediately
this.executePlan(planId);
return;
}
const timeout = setTimeout(() => {
this.executePlan(planId);
this.scheduledPlans.delete(planId);
}, delay);
this.scheduledPlans.set(planId, timeout);
logger.info({ planId, executeAt }, "Plan scheduled for execution");
}
/**
* Cancel scheduled execution
*/
cancelExecution(planId: string): void {
const timeout = this.scheduledPlans.get(planId);
if (timeout) {
clearTimeout(timeout);
this.scheduledPlans.delete(planId);
logger.info({ planId }, "Scheduled execution cancelled");
}
}
/**
* Execute plan
*/
private async executePlan(planId: string): Promise<void> {
try {
const plan = await getPlanById(planId);
if (!plan) {
logger.error({ planId }, "Plan not found for scheduled execution");
return;
}
await executionCoordinator.executePlan(planId);
logger.info({ planId }, "Scheduled plan executed");
} catch (error) {
logger.error({ error, planId }, "Scheduled execution failed");
}
}
/**
* Schedule recurring plan
*/
scheduleRecurring(planId: string, intervalMs: number): void {
const execute = async () => {
await this.executePlan(planId);
// Reschedule
this.scheduledPlans.set(
planId,
setTimeout(execute, intervalMs)
);
};
this.scheduledPlans.set(planId, setTimeout(execute, intervalMs));
}
}
export const planScheduler = new PlanScheduler();

76
orchestrator/src/services/secretsRotation.ts Normal file
View File

@@ -0,0 +1,76 @@
import { getSecretsService } from "./secrets";
import { logger } from "../logging/logger";
/**
* Secrets rotation service
*/
export class SecretsRotationService {
private rotationInterval: NodeJS.Timeout | null = null;
/**
* Start automatic secrets rotation
*/
start(intervalMs = 24 * 60 * 60 * 1000) { // 24 hours
this.rotationInterval = setInterval(async () => {
await this.rotateSecrets();
}, intervalMs);
}
/**
* Stop secrets rotation
*/
stop() {
if (this.rotationInterval) {
clearInterval(this.rotationInterval);
this.rotationInterval = null;
}
}
/**
* Rotate secrets
*/
async rotateSecrets() {
logger.info("Starting secrets rotation");
const secretsService = getSecretsService();
// Rotate API keys
try {
// Generate new API keys
const newKeys = this.generateApiKeys();
await secretsService.setSecret("API_KEYS", newKeys.join(","));
logger.info("API keys rotated successfully");
} catch (error) {
logger.error({ error }, "Failed to rotate API keys");
}
// Rotate session secrets
try {
const newSessionSecret = this.generateSecret();
await secretsService.setSecret("SESSION_SECRET", newSessionSecret);
logger.info("Session secret rotated successfully");
} catch (error) {
logger.error({ error }, "Failed to rotate session secret");
}
logger.info("Secrets rotation completed");
}
/**
* Generate new API keys
*/
private generateApiKeys(count = 3): string[] {
return Array.from({ length: count }, () => this.generateSecret());
}
/**
* Generate random secret
*/
private generateSecret(length = 32): string {
const crypto = require("crypto");
return crypto.randomBytes(length).toString("hex");
}
}
export const secretsRotation = new SecretsRotationService();