Commit Graph

2736 Commits

Author SHA1 Message Date
copilot-swe-agent[bot] d09668b20b feat: batch redis ws direct messages and dedupe rebuild queue jobs 2026-06-22 15:12:07 -04:00
Owen 16abe98fd9 Add queue 2026-06-22 15:12:07 -04:00
Josh Voyles b7081aff11 fix: remove no-op autoFinalizeStatement wrapper and redundant busy_timeout (#2120)
better-sqlite3 11.x exposes no Statement.finalize() — the wrapper threw and
swallowed a TypeError on every query (verified: 'Statement.finalize exists:
undefined' in the runner image) while adding +122% per-statement overhead
(3.90 -> 8.66 us/op, 200k-op in-container microbench) and freeing nothing.
Statement lifecycle is GC-managed by the driver; drizzle-orm prepares fresh
per query, so nothing accumulates unbounded.

busy_timeout=5000 duplicates better-sqlite3's default timeout option, which
already arms sqlite3_busy_timeout(db, 5000) at open (lib/database.js).

With ENABLE_SQLITE_WAL_MODE unset the driver is now runtime-identical to
pre-1.18.3 (zero pragmas). The env-gated WAL block stays: journal_mode is
sticky in the DB file, so removing it would strand opted-in databases on
WAL+synchronous=FULL.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-22 15:11:51 -04:00
Josh Voyles a55fb21e53 fix(sqlite): remove cache_size and mmap_size PRAGMAs (#2120)
A 64 MB page cache plus a 256 MB memory-mapped region inflate RSS and
cause page-cache thrashing on small (~1 GB) instances. The PRAGMAs were
added to reduce event-loop blocking on TraefikConfigManager JOINs but
the memory cost outweighs the I/O benefit on the deployment shapes that
hit #2120. Leave SQLite on its conservative defaults.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-22 15:11:51 -04:00
copilot-swe-agent[bot] e5e7b79712 test: add normalized ASN validation coverage 2026-06-22 15:11:51 -04:00
copilot-swe-agent[bot] de48a0529e refactor: normalize ASN validation value once 2026-06-22 15:11:51 -04:00
copilot-swe-agent[bot] 3f37408dae fix: allow ALL ASN values in policy rule validation 2026-06-22 15:11:51 -04:00
Owen 476d92b3ac Convert things to regional cache 2026-06-22 15:11:51 -04:00
Owen bf604f25e9 Show the input validation in the error report 2026-06-22 15:11:50 -04:00
Owen Schwartz 62c7e0a13e Merge pull request #3251 from kshitijshresth/fix-path-rule-regex-escaping
Fix unescaped regex metacharacters in PATH rule matching causing request failures
2026-06-22 07:40:00 -07:00
miloschwartz a6568692b7 force set supporter status to true in server info endpoint 2026-06-14 14:40:37 -07:00
Owen 70bc4c0b30 Remove the path rewrite from the next route 2026-06-14 14:30:16 -07:00
Owen ea1badf4e0 Add middleware for rewriting host headers 2026-06-14 12:04:02 -07:00
Owen 4435a669a6 Fill in missing ui urls from the passed params 2026-06-14 11:35:27 -07:00
Owen 90eceb457a Clean up url passing 2026-06-14 11:10:05 -07:00
Owen f39cbc9bf4 Add same signature to oss 2026-06-14 11:03:14 -07:00
Owen 50da863bb7 Add maintence page support for remote nodes 2026-06-13 21:45:52 -07:00
Owen c6ddd5c402 Open up holepunch requirements 2026-06-13 14:14:34 -07:00
Owen 0fb5ace9c7 Support the browser gateways on the remote nodes 2026-06-13 14:08:03 -07:00
Owen 39f40e5160 Allow missing agent host 2026-06-12 15:01:09 -07:00
Owen 3fd5c98def Fix #3252 2026-06-12 14:44:45 -07:00
Owen 5a8a48f9bf Enforce the action inside of the function 2026-06-12 14:22:17 -07:00
Owen 471ae98204 Pull roles from resource policies
Fixes #3256
2026-06-12 14:12:01 -07:00
Owen a8ca28acb2 Add default for target type
Fixes #3247
2026-06-12 11:29:16 -07:00
kshitijshresth b136bd2246 Escape regex metacharacters in PATH rule wildcard matching
isValidUrlGlobPattern accepts characters like ( ) [ ] { } | . + ^ $ in PATH rule values, but isPathAllowed converted wildcard segments to regex without escaping them. A rule value such as /(api* produced an invalid regex and threw on every request to the resource, surfacing as a 500 from verifySession. Literal characters like . and + also changed matching semantics. isPathAllowed is extracted to server/lib/pathMatch.ts as a pure module, metacharacters are escaped before wildcard substitution, compiled segment regexes are cached, and the test suite now imports the real implementation instead of a stale copy, with added coverage for special characters.
2026-06-12 11:21:21 +03:00
Owen 935593885a Adjust 1.19 and add 1.19.1 to ensure sso not null 2026-06-11 22:01:20 -07:00
miloschwartz b82b41ed26 fix migration 2026-06-11 15:02:29 -07:00
Owen 5baf0c3c09 Use ssh like mode host 2026-06-11 11:11:50 -07:00
Owen 71273e1b1c Try to fix large query problem 2026-06-10 21:41:34 -07:00
Owen b1d52ad1a3 Update tiers 2026-06-10 16:27:25 -07:00
Owen bc156c715d 24 hour requirement for updates 2026-06-10 15:50:43 -07:00
Owen d47449b082 Add notes about inline policy to api endpoints 2026-06-10 10:24:31 -07:00
Owen 665806dfe8 Add some documentation; pull the override values 2026-06-10 10:03:16 -07:00
Owen dd1fba4e45 Also clear the roles and users 2026-06-09 21:59:30 -07:00
miloschwartz a1ab8d8f35 standardize client titles 2026-06-09 21:47:15 -07:00
Owen d870b9ff49 Drop the not null on resource columns 2026-06-09 21:36:27 -07:00
miloschwartz 9c09019ddb add protocol filter 2026-06-09 21:33:56 -07:00
Owen 9d88683fc5 Reset resource info when on inline policy 2026-06-09 21:28:25 -07:00
miloschwartz dd2c9f2a02 check resource policy in verifyResourceAccess middleware 2026-06-09 17:52:31 -07:00
Owen 96a54fc9cc Fix import issue in migrations 2026-06-09 16:51:55 -07:00
Owen 3a485f74f1 Move session migration out of the loop 2026-06-09 16:16:14 -07:00
Owen f186e7e99e Dont allow asn or country without having maxmind 2026-06-09 16:02:52 -07:00
Owen c85a7f6ac5 Migrate unkown openapi response from string to {} 2026-06-09 15:35:08 -07:00
Owen dd54be523f Dont need to check user exists for the whitelist 2026-06-09 15:26:35 -07:00
Owen d57f064d4c Fix spelling 2026-06-09 15:26:35 -07:00
miloschwartz a3a45b4239 add safe read 2026-06-09 14:09:36 -07:00
Owen 1089cfbacc Update query to be more efficient 2026-06-09 11:54:46 -07:00
Owen f28571629f Make sure the pamMode is push for host resources 2026-06-08 21:54:06 -07:00
Owen 5a575c916b Handle backward compatability 2026-06-08 21:11:57 -07:00
Owen 42974d1739 Make sure the skip to idp is pulled 2026-06-08 17:41:59 -07:00