nexus-agents - v2.80.0
    Preparing search index...

    Interface RunWorkflowDeps

    Dependencies required by the run_workflow tool.

    interface RunWorkflowDeps {
        workflowEngine: IWorkflowEngine;
        notifier?: IMcpNotifier;
        logger?: ILogger;
        rateLimiter: McpRateLimiter;
        security?: {
            allowedPaths: string[];
            blockedPatterns: string[];
            rateLimit: {
                enabled: boolean;
                requestsPerMinute: number;
                perTool?: Record<
                    string,
                    { capacity: number; refillRate: number; refillIntervalMs: number },
                >;
            };
            secretsFile?: string;
            policy?: {
                defaultMode: "read-only"
                | "read-write";
                policyMode: "warn" | "enforce";
            };
            sandbox?: {
                mode: "policy"
                | "none"
                | "container";
                fallbackToPolicy: boolean;
                dockerImage?: string;
                networkEnabled: boolean;
            };
            timeout?: {
                defaultTimeoutMs: number;
                maxTimeoutMs: number;
                enableLogging: boolean;
                uriValidation: boolean;
                perToolTimeout?: Record<string, number>;
            };
            toolAllowlist?: string[];
            audit?: {
                enabled: boolean;
                logDir?: string;
                minSeverity: "info"
                | "warning"
                | "critical";
                enableHashChain: boolean;
                maxFileSizeBytes: number;
                maxFiles: number;
            };
            auth?: {
                enabled: boolean;
                method: "token"
                | "oauth2";
                tokenHeader: string;
                tokenFile?: string;
            };
        };
    }

    Hierarchy (View Summary)

    Index

    Properties

    workflowEngine notifier? logger? rateLimiter security?

    Properties

    workflowEngine: IWorkflowEngine
    notifier?: IMcpNotifier

    MCP notifier for client-visible logging (Issue #974)

    logger?: ILogger

    Optional logger

    rateLimiter: McpRateLimiter

    Rate limiter for throttling tool calls (required)

    security?: {
        allowedPaths: string[];
        blockedPatterns: string[];
        rateLimit: {
            enabled: boolean;
            requestsPerMinute: number;
            perTool?: Record<
                string,
                { capacity: number; refillRate: number; refillIntervalMs: number },
            >;
        };
        secretsFile?: string;
        policy?: {
            defaultMode: "read-only"
            | "read-write";
            policyMode: "warn" | "enforce";
        };
        sandbox?: {
            mode: "policy"
            | "none"
            | "container";
            fallbackToPolicy: boolean;
            dockerImage?: string;
            networkEnabled: boolean;
        };
        timeout?: {
            defaultTimeoutMs: number;
            maxTimeoutMs: number;
            enableLogging: boolean;
            uriValidation: boolean;
            perToolTimeout?: Record<string, number>;
        };
        toolAllowlist?: string[];
        audit?: {
            enabled: boolean;
            logDir?: string;
            minSeverity: "info"
            | "warning"
            | "critical";
            enableHashChain: boolean;
            maxFileSizeBytes: number;
            maxFiles: number;
        };
        auth?: {
            enabled: boolean;
            method: "token"
            | "oauth2";
            tokenHeader: string;
            tokenFile?: string;
        };
    }

    Security configuration (includes timeout settings)

    Type Declaration

    • allowedPaths: string[]
    • blockedPatterns: string[]
    • rateLimit: {
          enabled: boolean;
          requestsPerMinute: number;
          perTool?: Record<
              string,
              { capacity: number; refillRate: number; refillIntervalMs: number },
          >;
      }
      • enabled: boolean
      • requestsPerMinute: number
      • OptionalperTool?: Record<
            string,
            { capacity: number; refillRate: number; refillIntervalMs: number },
        >

        Per-tool rate limits (Issue #274 Phase 2)

    • OptionalsecretsFile?: string
    • Optionalpolicy?: { defaultMode: "read-only" | "read-write"; policyMode: "warn" | "enforce" }

      Policy firewall configuration

      • defaultMode: "read-only" | "read-write"

        Default execution mode for tool operations (default: 'read-only')

      • policyMode: "warn" | "enforce"

        Policy enforcement mode (default: 'enforce')

    • Optionalsandbox?: {
          mode: "policy" | "none" | "container";
          fallbackToPolicy: boolean;
          dockerImage?: string;
          networkEnabled: boolean;
      }

      Sandbox execution configuration (Issue #175)

      • mode: "policy" | "none" | "container"

        Sandbox execution mode (default: 'policy')

      • fallbackToPolicy: boolean

        Fall back to policy mode if container mode unavailable (default: true)

      • OptionaldockerImage?: string

        Docker image to use in container mode (default: 'node:22-alpine')

      • networkEnabled: boolean

        Enable network access in container mode (default: false)

    • Optionaltimeout?: {
          defaultTimeoutMs: number;
          maxTimeoutMs: number;
          enableLogging: boolean;
          uriValidation: boolean;
          perToolTimeout?: Record<string, number>;
      }

      Timeout configuration (Issue #271, CVE-2026-0621)

      • defaultTimeoutMs: number

        Default timeout in milliseconds (default: 30000)

      • maxTimeoutMs: number

        Maximum timeout in milliseconds (default: 300000)

      • enableLogging: boolean

        Whether to log timeout events (default: true)

      • uriValidation: boolean

        Enable URI validation to prevent ReDoS (default: true)

      • OptionalperToolTimeout?: Record<string, number>

        Per-tool timeout overrides in milliseconds (Issue #657)

    • OptionaltoolAllowlist?: string[]

      Tool allowlist — when set, only listed tools are registered (Issue #740)

    • Optionalaudit?: {
          enabled: boolean;
          logDir?: string;
          minSeverity: "info" | "warning" | "critical";
          enableHashChain: boolean;
          maxFileSizeBytes: number;
          maxFiles: number;
      }

      Audit logging configuration (Issue #740 Phase 2)

      • enabled: boolean

        Enable audit logging (default: true)

      • OptionallogDir?: string

        Log directory (default: ~/.nexus-agents/audit)

      • minSeverity: "info" | "warning" | "critical"

        Minimum severity to log (default: 'info')

      • enableHashChain: boolean

        Enable tamper-evident hash chain (default: true)

      • maxFileSizeBytes: number

        Maximum log file size in bytes (default: 10MB)

      • maxFiles: number

        Maximum number of log files to retain (default: 10)

    • Optionalauth?: {
          enabled: boolean;
          method: "token" | "oauth2";
          tokenHeader: string;
          tokenFile?: string;
      }

      Authentication configuration (Issue #739)

      • enabled: boolean

        Enable authentication for network-exposed transports (default: true)

      • method: "token" | "oauth2"

        Authentication method (default: 'token')

      • tokenHeader: string

        Header name for bearer token (default: 'Authorization')

      • OptionaltokenFile?: string

        Token file path (default: ~/.nexus-agents/auth/server-token)

    Settings

    Member Visibility

    On This Page

    Properties