Add track() API for custom event tracking + config updates via SSE#984
Draft
hansott wants to merge 15 commits into
Draft
Add track() API for custom event tracking + config updates via SSE#984hansott wants to merge 15 commits into
hansott wants to merge 15 commits into
Conversation
Codecov Report❌ Patch coverage is 📢 Thoughts on this report? Let us know! |
hansott
commented
Apr 1, 2026
…ack-api * 'main' of github.com:AikidoSec/firewall-node: (25 commits) Improve serverless docs for Lambda and Cloud Functions Simplify onPackageWrapped logic Add tests for duplicate class names across scopes Add test for nested classes with same className Skip failing SQLite3 test with latest Node.js version Switch to new Safe Chain version Remove startup warning for AIKIDO_BLOCK_INVALID_SQL Fix tests for AIKIDO_BLOCK_INVALID_SQL default change Default AIKIDO_BLOCK_INVALID_SQL to off Fix method name handling Fix linter recommendation Add className filter to MethodDefinition instrumentation Strip devDependencies and scripts from published package.json Ignore caniuse-lite is outdated in e2e test IDOR: Add dialect to cache key Update SQLite3 test to expect Zen blocking on invalid SQL Remove redundant JSDoc comment Keep dry mode test in original position to reduce diff Add docs for AIKIDO_BLOCK_INVALID_SQL env var Use AIKIDO_BLOCK_INVALID_SQL env var instead of server config ...
Use Server-Sent Events to receive near-instant config updates from zen-realtime instead of polling every 60 seconds. Falls back to polling when the SSE connection is unavailable. Vendors the eventsource-parser library (MIT) for SSE protocol parsing.
SSE is now the only mechanism for config updates — no more polling. Verbose SSE logging (connect, disconnect, chunks, events) is gated behind AIKIDO_DEBUG_SSE=true. Removes unused getConfigLastUpdatedAt.
…ack-api * 'main' of github.com:AikidoSec/firewall-node: Fix test failing in CI Skip grouped rate limiting for excluded users Fix too new version not allowed by Safe Chain Support @prisma/adapter-pg v7 Fix failing test because of ads logged to stderr Fix ESM tests Extend tests Allow disabling rate limiting per user Support Undici v8 Update Next.js instructions and run all e2e tests on v24 Remove debug logs Add Next.js v16 e2e test and update docs Support Mistral Ai v2 and v1 in ESM apps Fix unprotected Prisma methods
hansott
changed the title
…ack-api * 'main' of github.com:AikidoSec/firewall-node: (50 commits) Fix wording in ESM warning message Use dynamic box width for lines exceeding TEXT_WIDTH Fix warnIfTsxIsUsed test for ESM runner Fix formatting in hono-pg-ts-esm test Embed AIKIDO in box border, drop prefix from text Make warning messages impossible to ignore Fix wasm-pack download URL Fix test timeout in CI Add normalize to wrapDNSLookupCallback Fix ESM tests Add AIKIDO_INSTANCE_NAME env var Add normalization to isTrustedHostname for future code paths Remove unused import Fix ESM tests fix: Possible to reach max call stack size Update library/sinks/http-request/wrapResponseHandler.ts Update library/vulnerabilities/ssrf/inspectDNSLookupCalls.ts fix: Normalize hostnames and remove trailing dot Allow passing a timeout to Zen.shutdown() Add AWS Batch docs, fix retired model in test ...
…ack-api * 'main' of github.com:AikidoSec/firewall-node: (23 commits) Also check wrappedPackages as fallback Test that warning is absent when a framework is loaded Check all loaded packages, not just wrapped ones Add comments explaining v4 vs v5 Route instrumentation Fix Express v4 Router route wrapping in ESM mode Check Router.Route exists before wrapping Add null check for Router local variable Clean up Router accessLocalVariables guard Add e2e test for path traversal on Router route Instrument Express v5 Router routes in ESM mode Add test for routeParams on Router instance routes Fix adonis sqlite e2e tests Skip missing framework warning for serverless Fix linting Warn when HTTP server runs without a web framework Support fetch in Node.js v26 Update node internals and better-sqlite3 Remove Node 26 from Alpine tests until musl bins are available Check exit code instead of stderr in adonis e2e test Bump zen-internals-node to 1.0.2, add Node 26 ...
runtime.aikido.dev is replaced by zen.aikido.dev for config polling and SSE connections. On startup the agent probes zen.aikido.dev/config and falls back to runtime.aikido.dev (polling only, no SSE) when the host is unreachable, so environments with outbound allowlists keep working.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.