fix(arcrun): address PR #2 review findings
Security: - init.ts: remove cf_api_token from POST /register (only email sent to arcrun.dev) - cf-api.ts: remove base64 fallback in encryptCredential, throw clear error if key missing Correctness: - submitComponent.ts: replace KBDB dependency with SUBMISSIONS_KV + R2 (standalone) - registry/types.ts: remove KBDB_URL/KBDB_INTERNAL_TOKEN, add SUBMISSIONS_KV/ANALYTICS_KV - webhooks.ts: add waitUntil(writeExecutionVerdict) for fire-and-forget analytics - execution-logger.ts: create missing module (was imported but didn't exist) - cypher-executor/types.ts + wrangler.toml: add ANALYTICS_KV binding - gmail/telegram/google_sheets/line_notify/http_request: no_network_syscall false (api category) - init.ts: replace require() with await import() for ES module compatibility Cleanup: - Remove arcrun/builtins/ (dead code — initComponents used old HTTP endpoint model, all 21 components now in TinyGo WASM under registry/components/) Docs: - tasks.md: update to reflect completed work and remaining items Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,53 @@
|
||||
/**
|
||||
* Execution Logger — 執行結果寫入 ANALYTICS_KV(fire-and-forget)
|
||||
*
|
||||
* 設計:每次 workflow 執行後,將統計數據寫入 ANALYTICS_KV(key = stats:{workflowId})。
|
||||
* Phase 7 可升級為 POST 至 registry.arcrun.dev/analytics/record。
|
||||
*/
|
||||
|
||||
import type { Bindings, GraphNode } from '../types';
|
||||
|
||||
export interface ExecutionVerdict {
|
||||
workflow_id: string;
|
||||
component_ids: string[];
|
||||
verdict: 'success' | 'failed';
|
||||
duration_ms: number;
|
||||
message: string;
|
||||
recorded_at: string;
|
||||
}
|
||||
|
||||
/**
|
||||
* 寫入執行結果至 ANALYTICS_KV(fire-and-forget,不阻擋主流程)
|
||||
* 由 c.executionCtx.waitUntil() 包裹呼叫
|
||||
*/
|
||||
export async function writeExecutionVerdict(
|
||||
env: Bindings,
|
||||
workflowId: string,
|
||||
nodes: GraphNode[],
|
||||
verdict: 'success' | 'failed',
|
||||
durationMs: number,
|
||||
message: string,
|
||||
): Promise<void> {
|
||||
try {
|
||||
const componentIds = nodes
|
||||
.filter(n => n.type === 'Component' && n.componentId)
|
||||
.map(n => n.componentId!);
|
||||
|
||||
const record: ExecutionVerdict = {
|
||||
workflow_id: workflowId,
|
||||
component_ids: componentIds,
|
||||
verdict,
|
||||
duration_ms: durationMs,
|
||||
message,
|
||||
recorded_at: new Date().toISOString(),
|
||||
};
|
||||
|
||||
// ANALYTICS_KV key = stats:{workflowId}:{timestamp}(避免覆蓋)
|
||||
const key = `stats:${workflowId}:${Date.now()}`;
|
||||
await env.ANALYTICS_KV.put(key, JSON.stringify(record), {
|
||||
expirationTtl: 60 * 60 * 24 * 90, // 保留 90 天
|
||||
});
|
||||
} catch {
|
||||
// fire-and-forget:不拋錯,不影響主流程
|
||||
}
|
||||
}
|
||||
@@ -2,6 +2,7 @@ import { Hono } from 'hono';
|
||||
import type { Bindings } from '../types';
|
||||
import { generateToken, validateAndParseWebhook, executeWebhookGraph } from '../actions/webhook-handlers';
|
||||
import { resolveWebhookGraph } from '../actions/webhook-graph-resolver';
|
||||
import { writeExecutionVerdict } from '../actions/execution-logger';
|
||||
|
||||
export const webhooksRouter = new Hono<{ Bindings: Bindings }>();
|
||||
|
||||
@@ -69,5 +70,14 @@ webhooksRouter.post('/webhooks/:token/trigger', async (c) => {
|
||||
}
|
||||
|
||||
const result = await executeWebhookGraph(c.env, record.graph, triggerContext, token);
|
||||
|
||||
// fire-and-forget analytics(不阻擋回應)
|
||||
const graph = record.graph as { id?: string; nodes?: unknown[] };
|
||||
const workflowId = graph.id ?? token;
|
||||
const nodes = Array.isArray(graph.nodes) ? (graph.nodes as import('../types').GraphNode[]) : [];
|
||||
c.executionCtx.waitUntil(
|
||||
writeExecutionVerdict(c.env, workflowId, nodes, result.success ? 'success' : 'failed', result.duration_ms, result.error ?? ''),
|
||||
);
|
||||
|
||||
return c.json(result, result.success ? 200 : 500);
|
||||
});
|
||||
|
||||
@@ -7,6 +7,8 @@ export type Bindings = {
|
||||
WEBHOOKS: KVNamespace;
|
||||
// Credential Store:AES-GCM 加密存放用戶 API token
|
||||
CREDENTIALS_KV: KVNamespace;
|
||||
// Analytics:執行統計(fire-and-forget,key = stats:{workflowId}:{timestamp})
|
||||
ANALYTICS_KV: KVNamespace;
|
||||
// R2 Bucket:WASM 零件二進位
|
||||
WASM_BUCKET: R2Bucket;
|
||||
// Workers AI
|
||||
|
||||
@@ -20,6 +20,11 @@ id = "" # 填入你的 KV Namespace ID
|
||||
binding = "CREDENTIALS_KV"
|
||||
id = "" # 填入你的 Credentials KV Namespace ID
|
||||
|
||||
# Analytics:執行統計(fire-and-forget,保留 90 天)
|
||||
[[kv_namespaces]]
|
||||
binding = "ANALYTICS_KV"
|
||||
id = "" # 填入你的 Analytics KV Namespace ID
|
||||
|
||||
# R2 Bucket:WASM 零件二進位(arcrun.dev 公眾零件庫,或自架時填入自己的 bucket)
|
||||
[[r2_buckets]]
|
||||
binding = "WASM_BUCKET"
|
||||
|
||||
Reference in New Issue
Block a user