fix(requestlogstore): enhance log entry validation to prevent service worker pollution

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@api.global/typedserver",
-  "version": "7.8.11",
+  "version": "7.8.12",
   "description": "A TypeScript-based project for easy serving of static files with support for live reloading, compression, and typed requests.",
   "type": "module",
   "exports": {
@@ -58,11 +58,11 @@
   ],
   "homepage": "https://code.foss.global/api.global/typedserver",
   "dependencies": {
-    "@api.global/typedrequest": "^3.2.2",
+    "@api.global/typedrequest": "^3.2.5",
     "@api.global/typedrequest-interfaces": "^3.0.19",
     "@api.global/typedsocket": "^4.1.0",
     "@cloudflare/workers-types": "^4.20251202.0",
-    "@design.estate/dees-comms": "^1.0.28",
+    "@design.estate/dees-comms": "^1.0.30",
     "@push.rocks/lik": "^6.2.2",
     "@push.rocks/smartdelay": "^3.0.5",
     "@push.rocks/smartenv": "^6.0.0",

pnpm-lock.yaml

@@ -9,8 +9,8 @@ importers:
   .:
     dependencies:
       '@api.global/typedrequest':
-        specifier: ^3.2.2
-        version: 3.2.2
+        specifier: ^3.2.5
+        version: 3.2.5
       '@api.global/typedrequest-interfaces':
         specifier: ^3.0.19
         version: 3.0.19
@@ -21,8 +21,8 @@ importers:
         specifier: ^4.20251202.0
         version: 4.20251202.0
       '@design.estate/dees-comms':
-        specifier: ^1.0.28
-        version: 1.0.28
+        specifier: ^1.0.30
+        version: 1.0.30
       '@push.rocks/lik':
         specifier: ^6.2.2
         version: 6.2.2
@@ -135,8 +135,8 @@ packages:
   '@api.global/typedrequest-interfaces@3.0.19':
     resolution: {integrity: sha512-uuHUXJeOy/inWSDrwD0Cwax2rovpxYllDhM2RWh+6mVpQuNmZ3uw6IVg6dA2G1rOe24Ebs+Y9SzEogo+jYN7vw==}
 
-  '@api.global/typedrequest@3.2.2':
-    resolution: {integrity: sha512-tUmpq+JRcrj8mjb44zLfcWDnArKqqRxPra5oZo4Ghp0P/wf2MhEthZcaD9iz8goJ6PnvBrbmrIz94I7VrfLIcA==}
+  '@api.global/typedrequest@3.2.5':
+    resolution: {integrity: sha512-LM/sUTuYnU5xY4gNZrN6ERMiKr+SpDZuSxJkAZz1YazC7ymGfo6uQ8sCnN8eNNQNFqIOkC+BtfYRayfbGwYLLg==}
 
   '@api.global/typedserver@3.0.80':
     resolution: {integrity: sha512-dcp0oXsjBL+XdFg1wUUP08uJQid5bQ0Yv3V3Y3lnI2QCbat0FU+Tsb0TZRnZ4+P150Vj/ITBqJUgDzFsF34grA==}
@@ -546,8 +546,8 @@ packages:
   '@configvault.io/interfaces@1.0.17':
     resolution: {integrity: sha512-bEcCUR2VBDJsTin8HQh8Uw/mlYl2v8A3jMIaQ+MTB9Hrqd6CZL2dL7iJdWyFl/3EIX+LDxWFR+Oq7liIq7w+1Q==}
 
-  '@design.estate/dees-comms@1.0.28':
-    resolution: {integrity: sha512-xRbgAmW34FC31mrVFmkLZ0p/qcE5M7ALHTtzPNJ/pbYF4pFxKTQi+vABL0CHZL3D1RVcAP3lOemU2CPc6svO+A==}
+  '@design.estate/dees-comms@1.0.30':
+    resolution: {integrity: sha512-KchMlklJfKAjQiJiR0xmofXtQ27VgZtBIxcMwPE9d+h3jJRv+lPZxzBQVOM0eyM0uS44S5vJMZ11IeV4uDXSHg==}
 
   '@design.estate/dees-domtools@2.0.65':
     resolution: {integrity: sha512-BA+xfCqiCr3fDt2BLaUgW979083Vfm01W6QJ8IclcbINggSDBmAEhfU+CVdxeogwa/d9/ctxY12suG77dqBjaA==}
@@ -3893,7 +3893,7 @@ snapshots:
 
   '@api.global/typedrequest-interfaces@3.0.19': {}
 
-  '@api.global/typedrequest@3.2.2':
+  '@api.global/typedrequest@3.2.5':
     dependencies:
       '@api.global/typedrequest-interfaces': 3.0.19
       '@push.rocks/isounique': 1.0.5
@@ -3907,11 +3907,11 @@ snapshots:
 
   '@api.global/typedserver@3.0.80(@push.rocks/smartserve@1.1.2)':
     dependencies:
-      '@api.global/typedrequest': 3.2.2
+      '@api.global/typedrequest': 3.2.5
       '@api.global/typedrequest-interfaces': 3.0.19
       '@api.global/typedsocket': 3.1.1(@push.rocks/smartserve@1.1.2)
       '@cloudflare/workers-types': 4.20251202.0
-      '@design.estate/dees-comms': 1.0.28
+      '@design.estate/dees-comms': 1.0.30
       '@push.rocks/lik': 6.2.2
       '@push.rocks/smartchok': 1.1.1
       '@push.rocks/smartdelay': 3.0.5
@@ -3955,7 +3955,7 @@ snapshots:
 
   '@api.global/typedsocket@3.1.1(@push.rocks/smartserve@1.1.2)':
     dependencies:
-      '@api.global/typedrequest': 3.2.2
+      '@api.global/typedrequest': 3.2.5
       '@api.global/typedrequest-interfaces': 3.0.19
       '@push.rocks/isohash': 2.0.1
       '@push.rocks/smartjson': 5.2.0
@@ -3975,7 +3975,7 @@ snapshots:
 
   '@api.global/typedsocket@4.1.0(@push.rocks/smartserve@1.1.2)':
     dependencies:
-      '@api.global/typedrequest': 3.2.2
+      '@api.global/typedrequest': 3.2.5
       '@api.global/typedrequest-interfaces': 3.0.19
       '@push.rocks/isohash': 2.0.1
       '@push.rocks/smartdelay': 3.0.5
@@ -5252,17 +5252,17 @@ snapshots:
     dependencies:
       '@api.global/typedrequest-interfaces': 3.0.19
 
-  '@design.estate/dees-comms@1.0.28':
+  '@design.estate/dees-comms@1.0.30':
     dependencies:
-      '@api.global/typedrequest': 3.2.2
+      '@api.global/typedrequest': 3.2.5
       '@api.global/typedrequest-interfaces': 3.0.19
       '@push.rocks/smartdelay': 3.0.5
       broadcast-channel: 7.2.0
 
   '@design.estate/dees-domtools@2.0.65':
     dependencies:
-      '@api.global/typedrequest': 3.2.2
-      '@design.estate/dees-comms': 1.0.28
+      '@api.global/typedrequest': 3.2.5
+      '@design.estate/dees-comms': 1.0.30
       '@push.rocks/lik': 6.2.2
       '@push.rocks/smartdelay': 3.0.5
       '@push.rocks/smartjson': 5.2.0
@@ -5283,8 +5283,8 @@ snapshots:
 
   '@design.estate/dees-domtools@2.3.6':
     dependencies:
-      '@api.global/typedrequest': 3.2.2
-      '@design.estate/dees-comms': 1.0.28
+      '@api.global/typedrequest': 3.2.5
+      '@design.estate/dees-comms': 1.0.30
       '@push.rocks/lik': 6.2.2
       '@push.rocks/smartdelay': 3.0.5
       '@push.rocks/smartjson': 5.2.0
@@ -5884,7 +5884,7 @@ snapshots:
 
   '@push.rocks/qenv@6.1.3':
     dependencies:
-      '@api.global/typedrequest': 3.2.2
+      '@api.global/typedrequest': 3.2.5
       '@configvault.io/interfaces': 1.0.17
       '@push.rocks/smartfile': 11.2.7
       '@push.rocks/smartlog': 3.1.10
@@ -6371,7 +6371,7 @@ snapshots:
 
   '@push.rocks/smartserve@1.1.2':
     dependencies:
-      '@api.global/typedrequest': 3.2.2
+      '@api.global/typedrequest': 3.2.5
       '@push.rocks/lik': 6.2.2
       '@push.rocks/smartenv': 6.0.0
       '@push.rocks/smartlog': 3.1.10

ts_web_serviceworker/classes.requestlogstore.ts

@@ -29,8 +29,22 @@ export class RequestLogStore {
 
   /**
    * Add a new log entry
+   * Rejects entries for serviceworker_* methods to prevent pollution from SW internal messages
    */
   public addEntry(entry: interfaces.serviceworker.ITypedRequestLogEntry): void {
+    // Reject serviceworker_* methods - these are internal SW messages, not app traffic
+    // This prevents infinite loop pollution if hooks bypass somehow
+    if (entry.method && entry.method.startsWith('serviceworker_')) {
+      logger.log('note', `Rejecting serviceworker_* entry: ${entry.method}`);
+      return;
+    }
+
+    // Also reject entries with deeply nested payloads (sign of previous loop corruption)
+    if (this.hasNestedServiceworkerPayload(entry)) {
+      logger.log('warn', `Rejecting corrupted entry with nested serviceworker_* payload`);
+      return;
+    }
+
     // Add to log
     this.logs.push(entry);
 
@@ -43,6 +57,29 @@ export class RequestLogStore {
     this.updateStats(entry);
   }
 
+  /**
+   * Check if an entry has nested serviceworker_* methods in its payload (corruption from old loops)
+   */
+  private hasNestedServiceworkerPayload(entry: interfaces.serviceworker.ITypedRequestLogEntry, depth = 0): boolean {
+    // Limit recursion depth to prevent stack overflow
+    if (depth > 3) return false;
+
+    const payload = entry.payload;
+    if (!payload || typeof payload !== 'object') return false;
+
+    // Check if payload looks like a TypedRequest log entry with serviceworker_* method
+    if (payload.method && typeof payload.method === 'string' && payload.method.startsWith('serviceworker_')) {
+      return true;
+    }
+
+    // Check nested payload
+    if (payload.payload) {
+      return this.hasNestedServiceworkerPayload({ ...entry, payload: payload.payload }, depth + 1);
+    }
+
+    return false;
+  }
+
   /**
    * Update statistics based on new entry
    */