refactor: bridge architecture overhaul, connection pooling, and security hardening#57
Merged
Yashh56 merged 5 commits intoRelwave:developfrom Apr 4, 2026
Merged
Conversation
- Replaced predictably-derived encryption key with a randomly generated 32-byte app secret stored securely in ~/.relwave/relwave.key - Implemented per-credential salts for AES-256-CBC encryption in dbStore.ts BREAKING CHANGE: Existing database passwords encrypted with the legacy hostname-derived key are unrecoverable and will require user re-entry.
…nagement - Introduced connectionPool.ts to cache database configurations per dbId - Updated DatabaseService to route through the connection pool, reducing disk IO - Added a background sweeper to SessionManager that evicts orphaned, idle sessions older than 30 minutes to prevent memory leaks - Fixed DatabaseService to strictly use the dbStoreInstance singleton
…ncurrency - Fixed parallelMap concurrency limit and guaranteed input-order preservation - Created connectorRegistry.ts mapping database types to connector modules - Rewrote queryExecutor.ts and queryHandlers.ts to eliminate massive if/else dispatch chains - Eradicated globalThis mutation from RPC handler registration - Cleaned up bridge startup logic and simplified index.ts
- Removed dead rust scaffold code from src-tauri/src/lib.rs - Moved TitleBar import to the top of main.tsx - Renamed frontend theme storage key to relwave-ui-theme
…d preloading functionality
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
This PR addresses several critical and major architectural setbacks in the Node.js bridge to vastly improve security, resource management, and codebase maintainability.
Key Changes
~/.relwave/relwave.key) and per-credential salts (AES-256-CBC).Promise.racelogic inparallelMapwith a strict worker-based limit that guarantees input-order preservation.connectionPool.ts(with a 10-minute idle eviction) and added a 30-minute background sweeper for orphaned sessions to prevent memory leaks.connectorRegistry.tsto map DB types to modules, eliminating over 1,000 lines of massiveif/elsedispatch chains across handlers.globalThisdependency for JSON-RPC registration, cleaned upindex.ts, and injected proper Pino loggers.Existing user database passwords encrypted with the legacy hostname-derived key are unrecoverable. Users will be prompted to re-enter their credentials on first connect.