@agirails/sdk 2.0.3 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +536 -87
- package/dist/adapters/BaseAdapter.js +2 -2
- package/dist/adapters/BaseAdapter.js.map +1 -1
- package/dist/adapters/BasicAdapter.d.ts.map +1 -1
- package/dist/adapters/BasicAdapter.js +8 -0
- package/dist/adapters/BasicAdapter.js.map +1 -1
- package/dist/adapters/StandardAdapter.d.ts +10 -5
- package/dist/adapters/StandardAdapter.d.ts.map +1 -1
- package/dist/adapters/StandardAdapter.js +19 -6
- package/dist/adapters/StandardAdapter.js.map +1 -1
- package/dist/builders/QuoteBuilder.js +1 -1
- package/dist/builders/QuoteBuilder.js.map +1 -1
- package/dist/cli/commands/config.js +1 -1
- package/dist/cli/commands/config.js.map +1 -1
- package/dist/cli/commands/simulate.js.map +1 -1
- package/dist/cli/commands/time.d.ts.map +1 -1
- package/dist/cli/commands/time.js.map +1 -1
- package/dist/config/networks.d.ts +9 -0
- package/dist/config/networks.d.ts.map +1 -1
- package/dist/config/networks.js +25 -10
- package/dist/config/networks.js.map +1 -1
- package/dist/index.d.ts +6 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +31 -1
- package/dist/index.js.map +1 -1
- package/dist/level0/provide.d.ts.map +1 -1
- package/dist/level0/provide.js +2 -1
- package/dist/level0/provide.js.map +1 -1
- package/dist/level0/request.d.ts.map +1 -1
- package/dist/level0/request.js +1 -2
- package/dist/level0/request.js.map +1 -1
- package/dist/level1/Agent.d.ts.map +1 -1
- package/dist/level1/Agent.js +11 -3
- package/dist/level1/Agent.js.map +1 -1
- package/dist/level1/pricing/PriceCalculator.js +1 -1
- package/dist/level1/pricing/PriceCalculator.js.map +1 -1
- package/dist/level1/types/Options.d.ts.map +1 -1
- package/dist/protocol/ACTPKernel.d.ts.map +1 -1
- package/dist/protocol/ACTPKernel.js +7 -5
- package/dist/protocol/ACTPKernel.js.map +1 -1
- package/dist/protocol/DIDResolver.js +1 -1
- package/dist/protocol/DIDResolver.js.map +1 -1
- package/dist/protocol/EASHelper.d.ts.map +1 -1
- package/dist/protocol/EASHelper.js +2 -3
- package/dist/protocol/EASHelper.js.map +1 -1
- package/dist/protocol/MessageSigner.d.ts.map +1 -1
- package/dist/protocol/MessageSigner.js +9 -9
- package/dist/protocol/MessageSigner.js.map +1 -1
- package/dist/protocol/ProofGenerator.d.ts.map +1 -1
- package/dist/protocol/ProofGenerator.js +1 -0
- package/dist/protocol/ProofGenerator.js.map +1 -1
- package/dist/runtime/BlockchainRuntime.d.ts +10 -3
- package/dist/runtime/BlockchainRuntime.d.ts.map +1 -1
- package/dist/runtime/BlockchainRuntime.js +41 -25
- package/dist/runtime/BlockchainRuntime.js.map +1 -1
- package/dist/runtime/IACTPRuntime.d.ts +15 -0
- package/dist/runtime/IACTPRuntime.d.ts.map +1 -1
- package/dist/runtime/MockRuntime.d.ts +7 -0
- package/dist/runtime/MockRuntime.d.ts.map +1 -1
- package/dist/runtime/MockRuntime.js +15 -4
- package/dist/runtime/MockRuntime.js.map +1 -1
- package/dist/runtime/types/MockState.d.ts +5 -2
- package/dist/runtime/types/MockState.d.ts.map +1 -1
- package/dist/runtime/types/MockState.js.map +1 -1
- package/dist/storage/ArchiveBundleBuilder.d.ts +150 -0
- package/dist/storage/ArchiveBundleBuilder.d.ts.map +1 -0
- package/dist/storage/ArchiveBundleBuilder.js +468 -0
- package/dist/storage/ArchiveBundleBuilder.js.map +1 -0
- package/dist/storage/ArweaveClient.d.ts +271 -0
- package/dist/storage/ArweaveClient.d.ts.map +1 -0
- package/dist/storage/ArweaveClient.js +761 -0
- package/dist/storage/ArweaveClient.js.map +1 -0
- package/dist/storage/FilebaseClient.d.ts +193 -0
- package/dist/storage/FilebaseClient.d.ts.map +1 -0
- package/dist/storage/FilebaseClient.js +643 -0
- package/dist/storage/FilebaseClient.js.map +1 -0
- package/dist/storage/index.d.ts +47 -0
- package/dist/storage/index.d.ts.map +1 -0
- package/dist/storage/index.js +64 -0
- package/dist/storage/index.js.map +1 -0
- package/dist/storage/types.d.ts +291 -0
- package/dist/storage/types.d.ts.map +1 -0
- package/dist/storage/types.js +18 -0
- package/dist/storage/types.js.map +1 -0
- package/dist/types/state.d.ts +5 -4
- package/dist/types/state.d.ts.map +1 -1
- package/dist/types/state.js +10 -9
- package/dist/types/state.js.map +1 -1
- package/dist/utils/ErrorRecoveryGuide.d.ts.map +1 -1
- package/dist/utils/ErrorRecoveryGuide.js +1 -2
- package/dist/utils/ErrorRecoveryGuide.js.map +1 -1
- package/dist/utils/IPFSClient.d.ts.map +1 -1
- package/dist/utils/IPFSClient.js +5 -2
- package/dist/utils/IPFSClient.js.map +1 -1
- package/dist/utils/NonceManager.d.ts.map +1 -1
- package/dist/utils/NonceManager.js +3 -2
- package/dist/utils/NonceManager.js.map +1 -1
- package/dist/utils/UsedAttestationTracker.d.ts +1 -1
- package/dist/utils/UsedAttestationTracker.d.ts.map +1 -1
- package/dist/utils/UsedAttestationTracker.js +4 -4
- package/dist/utils/UsedAttestationTracker.js.map +1 -1
- package/dist/utils/circuitBreaker.d.ts +136 -0
- package/dist/utils/circuitBreaker.d.ts.map +1 -0
- package/dist/utils/circuitBreaker.js +253 -0
- package/dist/utils/circuitBreaker.js.map +1 -0
- package/dist/utils/retry.d.ts +120 -0
- package/dist/utils/retry.d.ts.map +1 -0
- package/dist/utils/retry.js +260 -0
- package/dist/utils/retry.js.map +1 -0
- package/dist/utils/validation.d.ts +100 -0
- package/dist/utils/validation.d.ts.map +1 -1
- package/dist/utils/validation.js +248 -1
- package/dist/utils/validation.js.map +1 -1
- package/package.json +14 -2
- package/src/adapters/BaseAdapter.ts +2 -2
- package/src/adapters/BasicAdapter.ts +12 -2
- package/src/adapters/StandardAdapter.ts +27 -7
- package/src/builders/QuoteBuilder.ts +1 -1
- package/src/cli/commands/config.ts +1 -1
- package/src/cli/commands/simulate.ts +1 -1
- package/src/cli/commands/time.ts +1 -2
- package/src/config/networks.ts +34 -10
- package/src/index.ts +54 -0
- package/src/level0/provide.ts +2 -1
- package/src/level0/request.ts +1 -2
- package/src/level1/Agent.ts +15 -5
- package/src/level1/pricing/PriceCalculator.ts +1 -1
- package/src/level1/types/Options.ts +1 -1
- package/src/protocol/ACTPKernel.ts +7 -5
- package/src/protocol/DIDResolver.ts +1 -1
- package/src/protocol/EASHelper.ts +2 -5
- package/src/protocol/MessageSigner.ts +9 -15
- package/src/protocol/ProofGenerator.ts +1 -0
- package/src/runtime/BlockchainRuntime.ts +42 -48
- package/src/runtime/IACTPRuntime.ts +16 -0
- package/src/runtime/MockRuntime.ts +16 -6
- package/src/runtime/types/MockState.ts +5 -2
- package/src/storage/ArchiveBundleBuilder.ts +563 -0
- package/src/storage/ArweaveClient.ts +945 -0
- package/src/storage/FilebaseClient.ts +790 -0
- package/src/storage/index.ts +96 -0
- package/src/storage/types.ts +348 -0
- package/src/types/state.ts +10 -9
- package/src/utils/ErrorRecoveryGuide.ts +1 -2
- package/src/utils/IPFSClient.ts +5 -4
- package/src/utils/NonceManager.ts +3 -2
- package/src/utils/UsedAttestationTracker.ts +4 -6
- package/src/utils/circuitBreaker.ts +324 -0
- package/src/utils/fsSafe.ts +5 -0
- package/src/utils/retry.ts +365 -0
- package/src/utils/validation.ts +295 -1
package/dist/utils/validation.js
CHANGED
|
@@ -23,12 +23,57 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|
|
23
23
|
return result;
|
|
24
24
|
};
|
|
25
25
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
-
exports.validateEndpointURL = exports.validateTxId = exports.validateDisputeWindow = exports.validateDeadline = exports.validateAmount = exports.validateAddress = void 0;
|
|
26
|
+
exports.createSafeError = exports.sanitizeErrorMessage = exports.validateSignature = exports.validateHash = exports.validateSemver = exports.validateGatewayURL = exports.validateArweaveTxId = exports.validateCID = exports.validateEndpointURL = exports.validateTxId = exports.validateDisputeWindow = exports.validateDeadline = exports.validateAmount = exports.validateAddress = exports.ALLOWED_ARWEAVE_GATEWAYS = exports.ALLOWED_IPFS_GATEWAYS = exports.SEMVER_PATTERN = exports.ARWEAVE_TX_ID_PATTERN = exports.CID_PATTERN = exports.SIGNATURE_PATTERN = exports.HASH_PATTERN = exports.TX_ID_PATTERN = exports.ADDRESS_PATTERN = void 0;
|
|
27
27
|
const ethers_1 = require("ethers");
|
|
28
28
|
const errors_1 = require("../errors");
|
|
29
29
|
/**
|
|
30
30
|
* Input validation utilities
|
|
31
31
|
*/
|
|
32
|
+
// ============================================================================
|
|
33
|
+
// Shared Validation Patterns (AIP-7 Storage)
|
|
34
|
+
// ============================================================================
|
|
35
|
+
/** Ethereum address validation pattern */
|
|
36
|
+
exports.ADDRESS_PATTERN = /^0x[a-fA-F0-9]{40}$/;
|
|
37
|
+
/** Transaction ID (bytes32) validation pattern */
|
|
38
|
+
exports.TX_ID_PATTERN = /^0x[a-fA-F0-9]{64}$/;
|
|
39
|
+
/** Hash (bytes32) validation pattern */
|
|
40
|
+
exports.HASH_PATTERN = /^0x[a-fA-F0-9]{64}$/;
|
|
41
|
+
/** Signature (65 bytes = 130 hex chars) validation pattern */
|
|
42
|
+
exports.SIGNATURE_PATTERN = /^0x[a-fA-F0-9]{130}$/;
|
|
43
|
+
/** CID validation pattern (CIDv0 or CIDv1) */
|
|
44
|
+
exports.CID_PATTERN = /^(Qm[1-9A-HJ-NP-Za-km-z]{44}|b[a-z2-7]{58,})$/;
|
|
45
|
+
/** Arweave TX ID pattern (43 characters, base64url) */
|
|
46
|
+
exports.ARWEAVE_TX_ID_PATTERN = /^[a-zA-Z0-9_-]{43}$/;
|
|
47
|
+
/** Semver pattern for version validation */
|
|
48
|
+
exports.SEMVER_PATTERN = /^\d+\.\d+\.\d+$/;
|
|
49
|
+
// ============================================================================
|
|
50
|
+
// Gateway URL Whitelist (SSRF Protection - P0-1)
|
|
51
|
+
// ============================================================================
|
|
52
|
+
/**
|
|
53
|
+
* Allowed IPFS gateway domains
|
|
54
|
+
* Only whitelisted gateways are allowed for downloads
|
|
55
|
+
*/
|
|
56
|
+
exports.ALLOWED_IPFS_GATEWAYS = [
|
|
57
|
+
'ipfs.filebase.io',
|
|
58
|
+
'gateway.pinata.cloud',
|
|
59
|
+
'cloudflare-ipfs.com',
|
|
60
|
+
'ipfs.io',
|
|
61
|
+
'dweb.link',
|
|
62
|
+
'w3s.link',
|
|
63
|
+
'nftstorage.link'
|
|
64
|
+
];
|
|
65
|
+
/**
|
|
66
|
+
* Allowed Arweave gateway domains
|
|
67
|
+
* Only whitelisted gateways are allowed for downloads
|
|
68
|
+
*/
|
|
69
|
+
exports.ALLOWED_ARWEAVE_GATEWAYS = [
|
|
70
|
+
'arweave.net',
|
|
71
|
+
'gateway.irys.xyz',
|
|
72
|
+
'arweave.dev'
|
|
73
|
+
];
|
|
74
|
+
// ============================================================================
|
|
75
|
+
// Validation Functions
|
|
76
|
+
// ============================================================================
|
|
32
77
|
/**
|
|
33
78
|
* Validate Ethereum address
|
|
34
79
|
*/
|
|
@@ -116,13 +161,19 @@ function isPrivateIP(ip) {
|
|
|
116
161
|
}
|
|
117
162
|
}
|
|
118
163
|
// IPv6 patterns (without brackets)
|
|
164
|
+
// Includes both standard ::ffff: and alternative ::ffff:0: notation (NEW-2 fix)
|
|
119
165
|
const ipv6PrivatePatterns = [
|
|
120
166
|
/^::1$/, // IPv6 loopback
|
|
121
167
|
/^::ffff:127\./, // IPv4-mapped localhost
|
|
168
|
+
/^::ffff:0:127\./, // Alternative IPv4-mapped localhost
|
|
122
169
|
/^::ffff:10\./, // IPv4-mapped private 10.x
|
|
170
|
+
/^::ffff:0:10\./, // Alternative IPv4-mapped private 10.x
|
|
123
171
|
/^::ffff:192\.168\./, // IPv4-mapped private 192.168.x
|
|
172
|
+
/^::ffff:0:192\.168\./, // Alternative IPv4-mapped private 192.168.x
|
|
124
173
|
/^::ffff:172\.(1[6-9]|2\d|3[01])\./, // IPv4-mapped private 172.16-31.x
|
|
174
|
+
/^::ffff:0:172\.(1[6-9]|2\d|3[01])\./, // Alternative IPv4-mapped private 172.16-31.x
|
|
125
175
|
/^::ffff:169\.254\./, // IPv4-mapped link-local (CRITICAL: AWS metadata)
|
|
176
|
+
/^::ffff:0:169\.254\./, // Alternative IPv4-mapped link-local
|
|
126
177
|
/^fc00:/i, // IPv6 ULA fc00::/7
|
|
127
178
|
/^fd/i, // IPv6 ULA fd00::/8
|
|
128
179
|
/^fe80:/i // IPv6 link-local fe80::/10
|
|
@@ -220,4 +271,200 @@ async function validateEndpointURL(endpoint, fieldName = 'endpoint') {
|
|
|
220
271
|
// IPFS endpoints skip DNS check (no DNS resolution for IPFS CIDs)
|
|
221
272
|
}
|
|
222
273
|
exports.validateEndpointURL = validateEndpointURL;
|
|
274
|
+
// ============================================================================
|
|
275
|
+
// Storage Validation Functions (AIP-7)
|
|
276
|
+
// ============================================================================
|
|
277
|
+
/**
|
|
278
|
+
* Validate IPFS CID format
|
|
279
|
+
*
|
|
280
|
+
* @param cid - IPFS CID to validate
|
|
281
|
+
* @param fieldName - Field name for error messages
|
|
282
|
+
* @throws {InvalidCIDError} If CID is invalid
|
|
283
|
+
*/
|
|
284
|
+
function validateCID(cid, fieldName = 'cid') {
|
|
285
|
+
if (!cid || typeof cid !== 'string') {
|
|
286
|
+
throw new errors_1.InvalidCIDError(String(cid), 'CID is required');
|
|
287
|
+
}
|
|
288
|
+
if (!exports.CID_PATTERN.test(cid)) {
|
|
289
|
+
throw new errors_1.InvalidCIDError(cid, 'Invalid CID format (expected CIDv0 Qm... or CIDv1 bafy...)');
|
|
290
|
+
}
|
|
291
|
+
}
|
|
292
|
+
exports.validateCID = validateCID;
|
|
293
|
+
/**
|
|
294
|
+
* Validate Arweave transaction ID format
|
|
295
|
+
*
|
|
296
|
+
* @param txId - Arweave TX ID to validate
|
|
297
|
+
* @param fieldName - Field name for error messages
|
|
298
|
+
* @throws {InvalidArweaveTxIdError} If TX ID is invalid
|
|
299
|
+
*/
|
|
300
|
+
function validateArweaveTxId(txId, fieldName = 'txId') {
|
|
301
|
+
if (!txId || typeof txId !== 'string') {
|
|
302
|
+
throw new errors_1.InvalidArweaveTxIdError(String(txId), 'TX ID is required');
|
|
303
|
+
}
|
|
304
|
+
if (!exports.ARWEAVE_TX_ID_PATTERN.test(txId)) {
|
|
305
|
+
throw new errors_1.InvalidArweaveTxIdError(txId, 'Invalid format (expected 43 character base64url string)');
|
|
306
|
+
}
|
|
307
|
+
}
|
|
308
|
+
exports.validateArweaveTxId = validateArweaveTxId;
|
|
309
|
+
/**
|
|
310
|
+
* Validate gateway URL against whitelist (SSRF Protection - P0-1)
|
|
311
|
+
*
|
|
312
|
+
* SECURITY FIX: Only allow downloads from whitelisted gateway domains.
|
|
313
|
+
* This prevents SSRF attacks where attacker controls the gateway URL.
|
|
314
|
+
*
|
|
315
|
+
* @param url - Full gateway URL to validate
|
|
316
|
+
* @param allowedGateways - List of allowed gateway domains
|
|
317
|
+
* @param fieldName - Field name for error messages
|
|
318
|
+
* @throws {ValidationError} If gateway is not whitelisted
|
|
319
|
+
*/
|
|
320
|
+
function validateGatewayURL(url, allowedGateways, fieldName = 'gatewayUrl') {
|
|
321
|
+
if (!url || typeof url !== 'string') {
|
|
322
|
+
throw new errors_1.ValidationError(fieldName, 'Gateway URL is required');
|
|
323
|
+
}
|
|
324
|
+
let parsedUrl;
|
|
325
|
+
try {
|
|
326
|
+
parsedUrl = new URL(url);
|
|
327
|
+
}
|
|
328
|
+
catch {
|
|
329
|
+
throw new errors_1.ValidationError(fieldName, 'Invalid URL format');
|
|
330
|
+
}
|
|
331
|
+
// Must be HTTPS
|
|
332
|
+
if (parsedUrl.protocol !== 'https:') {
|
|
333
|
+
throw new errors_1.ValidationError(fieldName, 'Gateway URL must use HTTPS');
|
|
334
|
+
}
|
|
335
|
+
// NEW-3: Validate port (must be 443 or default, prevents port bypass attacks)
|
|
336
|
+
const port = parsedUrl.port;
|
|
337
|
+
if (port && !['443', ''].includes(port)) {
|
|
338
|
+
throw new errors_1.ValidationError(fieldName, `Gateway URL must use standard HTTPS port (443). Found port: ${port}. ` +
|
|
339
|
+
`Non-standard ports may bypass whitelist intent.`);
|
|
340
|
+
}
|
|
341
|
+
// Check hostname against whitelist
|
|
342
|
+
const hostname = parsedUrl.hostname.toLowerCase();
|
|
343
|
+
const isAllowed = allowedGateways.some(gateway => hostname === gateway.toLowerCase() ||
|
|
344
|
+
hostname.endsWith('.' + gateway.toLowerCase()));
|
|
345
|
+
if (!isAllowed) {
|
|
346
|
+
throw new errors_1.ValidationError(fieldName, `Gateway "${hostname}" is not in the allowed list. ` +
|
|
347
|
+
`Allowed gateways: ${allowedGateways.join(', ')}. ` +
|
|
348
|
+
`This restriction prevents SSRF attacks.`);
|
|
349
|
+
}
|
|
350
|
+
}
|
|
351
|
+
exports.validateGatewayURL = validateGatewayURL;
|
|
352
|
+
/**
|
|
353
|
+
* Validate semver version string
|
|
354
|
+
*
|
|
355
|
+
* @param version - Version string to validate
|
|
356
|
+
* @param fieldName - Field name for error messages
|
|
357
|
+
* @throws {ValidationError} If version is invalid
|
|
358
|
+
*/
|
|
359
|
+
function validateSemver(version, fieldName = 'version') {
|
|
360
|
+
if (!version || typeof version !== 'string') {
|
|
361
|
+
throw new errors_1.ValidationError(fieldName, 'Version is required');
|
|
362
|
+
}
|
|
363
|
+
if (!exports.SEMVER_PATTERN.test(version)) {
|
|
364
|
+
throw new errors_1.ValidationError(fieldName, 'Must be semver format (e.g., 1.0.0)');
|
|
365
|
+
}
|
|
366
|
+
}
|
|
367
|
+
exports.validateSemver = validateSemver;
|
|
368
|
+
/**
|
|
369
|
+
* Validate hash (bytes32) format
|
|
370
|
+
*
|
|
371
|
+
* @param hash - Hash to validate
|
|
372
|
+
* @param fieldName - Field name for error messages
|
|
373
|
+
* @throws {ValidationError} If hash is invalid
|
|
374
|
+
*/
|
|
375
|
+
function validateHash(hash, fieldName = 'hash') {
|
|
376
|
+
if (!hash || typeof hash !== 'string') {
|
|
377
|
+
throw new errors_1.ValidationError(fieldName, 'Hash is required');
|
|
378
|
+
}
|
|
379
|
+
if (!exports.HASH_PATTERN.test(hash)) {
|
|
380
|
+
throw new errors_1.ValidationError(fieldName, 'Invalid hash format (expected bytes32 hex string)');
|
|
381
|
+
}
|
|
382
|
+
}
|
|
383
|
+
exports.validateHash = validateHash;
|
|
384
|
+
/**
|
|
385
|
+
* Validate signature format (65 bytes)
|
|
386
|
+
*
|
|
387
|
+
* @param signature - Signature to validate
|
|
388
|
+
* @param fieldName - Field name for error messages
|
|
389
|
+
* @throws {ValidationError} If signature is invalid
|
|
390
|
+
*/
|
|
391
|
+
function validateSignature(signature, fieldName = 'signature') {
|
|
392
|
+
if (!signature || typeof signature !== 'string') {
|
|
393
|
+
throw new errors_1.ValidationError(fieldName, 'Signature is required');
|
|
394
|
+
}
|
|
395
|
+
if (!exports.SIGNATURE_PATTERN.test(signature)) {
|
|
396
|
+
throw new errors_1.ValidationError(fieldName, 'Invalid signature format (expected 65 bytes = 0x + 130 hex chars)');
|
|
397
|
+
}
|
|
398
|
+
}
|
|
399
|
+
exports.validateSignature = validateSignature;
|
|
400
|
+
// ============================================================================
|
|
401
|
+
// Error Sanitization (P0-2)
|
|
402
|
+
// ============================================================================
|
|
403
|
+
/**
|
|
404
|
+
* Sanitize error messages to remove sensitive data
|
|
405
|
+
*
|
|
406
|
+
* SECURITY FIX (P0-2): Removes credentials, private keys, and other
|
|
407
|
+
* sensitive data from error messages before logging/returning.
|
|
408
|
+
*
|
|
409
|
+
* @param error - Error to sanitize
|
|
410
|
+
* @returns Sanitized error message
|
|
411
|
+
*/
|
|
412
|
+
function sanitizeErrorMessage(error) {
|
|
413
|
+
if (!error)
|
|
414
|
+
return 'Unknown error';
|
|
415
|
+
let message = '';
|
|
416
|
+
if (error instanceof Error) {
|
|
417
|
+
message = error.message;
|
|
418
|
+
}
|
|
419
|
+
else if (typeof error === 'string') {
|
|
420
|
+
message = error;
|
|
421
|
+
}
|
|
422
|
+
else {
|
|
423
|
+
message = String(error);
|
|
424
|
+
}
|
|
425
|
+
// Patterns to redact
|
|
426
|
+
const sensitivePatterns = [
|
|
427
|
+
// Private keys (hex)
|
|
428
|
+
/0x[a-fA-F0-9]{64}/g,
|
|
429
|
+
// AWS access key IDs
|
|
430
|
+
/AKIA[0-9A-Z]{16}/g,
|
|
431
|
+
// AWS secret keys (40 chars)
|
|
432
|
+
/[a-zA-Z0-9/+=]{40}/g,
|
|
433
|
+
// Bearer tokens
|
|
434
|
+
/Bearer\s+[a-zA-Z0-9._-]+/gi,
|
|
435
|
+
// API keys (generic pattern)
|
|
436
|
+
/api[_-]?key[=:]\s*["']?[a-zA-Z0-9_-]+["']?/gi,
|
|
437
|
+
// Secret in URL query params
|
|
438
|
+
/secret[=][^&\s]+/gi,
|
|
439
|
+
// Password in URL
|
|
440
|
+
/password[=][^&\s]+/gi,
|
|
441
|
+
// Authorization headers
|
|
442
|
+
/authorization[=:]\s*["']?[^"'\s]+["']?/gi
|
|
443
|
+
];
|
|
444
|
+
let sanitized = message;
|
|
445
|
+
for (const pattern of sensitivePatterns) {
|
|
446
|
+
sanitized = sanitized.replace(pattern, '[REDACTED]');
|
|
447
|
+
}
|
|
448
|
+
return sanitized;
|
|
449
|
+
}
|
|
450
|
+
exports.sanitizeErrorMessage = sanitizeErrorMessage;
|
|
451
|
+
/**
|
|
452
|
+
* Create a safe error object for external consumption
|
|
453
|
+
*
|
|
454
|
+
* SECURITY FIX (P0-2): Returns error without stack trace or sensitive details
|
|
455
|
+
*
|
|
456
|
+
* @param error - Original error
|
|
457
|
+
* @param operation - What operation failed
|
|
458
|
+
* @returns Safe error object
|
|
459
|
+
*/
|
|
460
|
+
function createSafeError(error, operation) {
|
|
461
|
+
const sanitizedMessage = sanitizeErrorMessage(error);
|
|
462
|
+
// Don't expose internal details - generic message with operation context
|
|
463
|
+
return {
|
|
464
|
+
message: `Operation failed: ${operation}. ${sanitizedMessage}`,
|
|
465
|
+
code: error?.code || 'UNKNOWN_ERROR',
|
|
466
|
+
operation
|
|
467
|
+
};
|
|
468
|
+
}
|
|
469
|
+
exports.createSafeError = createSafeError;
|
|
223
470
|
//# sourceMappingURL=validation.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,mCAA+C;AAC/C,
|
|
1
|
+
{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,mCAA+C;AAC/C,sCAMmB;AAEnB;;GAEG;AAEH,+EAA+E;AAC/E,6CAA6C;AAC7C,+EAA+E;AAE/E,0CAA0C;AAC7B,QAAA,eAAe,GAAG,qBAAqB,CAAC;AAErD,kDAAkD;AACrC,QAAA,aAAa,GAAG,qBAAqB,CAAC;AAEnD,wCAAwC;AAC3B,QAAA,YAAY,GAAG,qBAAqB,CAAC;AAElD,8DAA8D;AACjD,QAAA,iBAAiB,GAAG,sBAAsB,CAAC;AAExD,8CAA8C;AACjC,QAAA,WAAW,GAAG,+CAA+C,CAAC;AAE3E,uDAAuD;AAC1C,QAAA,qBAAqB,GAAG,qBAAqB,CAAC;AAE3D,4CAA4C;AAC/B,QAAA,cAAc,GAAG,iBAAiB,CAAC;AAEhD,+EAA+E;AAC/E,iDAAiD;AACjD,+EAA+E;AAE/E;;;GAGG;AACU,QAAA,qBAAqB,GAAG;IACnC,kBAAkB;IAClB,sBAAsB;IACtB,qBAAqB;IACrB,SAAS;IACT,WAAW;IACX,UAAU;IACV,iBAAiB;CACT,CAAC;AAEX;;;GAGG;AACU,QAAA,wBAAwB,GAAG;IACtC,aAAa;IACb,kBAAkB;IAClB,aAAa;CACL,CAAC;AAEX,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E;;GAEG;AACH,SAAgB,eAAe,CAAC,OAAe,EAAE,YAAoB,SAAS;IAC5E,IAAI,CAAC,OAAO,IAAI,CAAC,IAAA,kBAAS,EAAC,OAAO,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,4BAAmB,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,KAAK,IAAA,mBAAU,EAAC,4CAA4C,CAAC,EAAE,CAAC;QACzE,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,gCAAgC,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AARD,0CAQC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,MAAc,EAAE,aAAqB,QAAQ;IAC1E,kDAAkD;IAClD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,2BAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,2BAA2B;IAC3E,CAAC;IAED,IAAI,MAAM,IAAI,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,2BAAkB,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAClD,CAAC;AACH,CAAC;AATD,wCASC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,QAAgB,EAAE,YAAoB,UAAU;IAC/E,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAE1C,IAAI,QAAQ,IAAI,GAAG,EAAE,CAAC;QACpB,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,wCAAwC,GAAG,eAAe,QAAQ,GAAG,CACtE,CAAC;IACJ,CAAC;AACH,CAAC;AATD,4CASC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CACnC,aAAqB,EACrB,YAAoB,eAAe;IAEnC,MAAM,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,qBAAqB;IAEnE,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,mCAAmC,CAAC,CAAC;IAC5E,CAAC;IAED,IAAI,aAAa,GAAG,kBAAkB,EAAE,CAAC;QACvC,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,mCAAmC,kBAAkB,cAAc,CACpE,CAAC;IACJ,CAAC;AACH,CAAC;AAhBD,sDAgBC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,IAAY,EAAE,YAAoB,MAAM;IACnE,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,kDAAkD,CAAC,CAAC;IAC3F,CAAC;AACH,CAAC;AAJD,oCAIC;AAED;;;;;;;;;;GAUG;AACH,SAAS,WAAW,CAAC,EAAU;IAC7B,kCAAkC;IAClC,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAE3C,gBAAgB;IAChB,MAAM,mBAAmB,GAAG;QAC1B,QAAQ,EAAuB,WAAW;QAC1C,OAAO,EAAwB,kBAAkB;QACjD,4BAA4B,EAAG,kCAAkC;QACjE,aAAa,EAAkB,kBAAkB;QACjD,aAAa,EAAkB,4BAA4B;QAC3D,MAAM,EAAyB,iBAAiB;QAChD,cAAc,CAAiB,qBAAqB;KACrD,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;QAC1C,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,gFAAgF;IAChF,MAAM,mBAAmB,GAAG;QAC1B,OAAO,EAAwB,gBAAgB;QAC/C,eAAe,EAAgB,wBAAwB;QACvD,iBAAiB,EAAc,oCAAoC;QACnE,cAAc,EAAiB,2BAA2B;QAC1D,gBAAgB,EAAe,uCAAuC;QACtE,oBAAoB,EAAW,gCAAgC;QAC/D,sBAAsB,EAAS,4CAA4C;QAC3E,mCAAmC,EAAG,kCAAkC;QACxE,qCAAqC,EAAC,8CAA8C;QACpF,oBAAoB,EAAW,kDAAkD;QACjF,sBAAsB,EAAS,qCAAqC;QACpE,SAAS,EAAsB,oBAAoB;QACnD,MAAM,EAAyB,oBAAoB;QACnD,SAAS,CAAsB,4BAA4B;KAC5D,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;QAC1C,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACI,KAAK,UAAU,mBAAmB,CAAC,QAAgB,EAAE,YAAoB,UAAU;IACxF,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,sBAAsB,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,UAAU,GAAG,GAAG,CAAC;IACvB,IAAI,QAAQ,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QACjC,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,oCAAoC,UAAU,GAAG,CAAC,CAAC;IAC1F,CAAC;IAED,IAAI,SAAc,CAAC;IACnB,IAAI,CAAC;QACH,SAAS,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,8BAA8B,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC7C,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,qCAAqC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACnE,CAAC;IACJ,CAAC;IAED,kDAAkD;IAClD,qDAAqD;IACrD,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC;IAEpC,+EAA+E;IAC/E,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,sBAAsB,QAAQ,gDAAgD,CAC/E,CAAC;IACJ,CAAC;IAED,2CAA2C;IAC3C,mEAAmE;IACnE,4EAA4E;IAC5E,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACpC,IAAI,CAAC;YACH,mEAAmE;YACnE,kFAAkF;YAClF,MAAM,GAAG,GAAG,MAAM,kDAAO,KAAK,IAAE,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;YAElD,IAAI,GAAG,EAAE,CAAC;gBACR,kFAAkF;gBAClF,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;gBAEnE,KAAK,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;oBAC1C,sCAAsC;oBACtC,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;wBACzB,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,sBAAsB,QAAQ,oCAAoC,OAAO,sBAAsB;4BAC7F,wDAAwD;4BACxD,iBAAiB,MAAM,EAAE,CAC5B,CAAC;oBACJ,CAAC;oBAED,wEAAwE;oBACxE,IAAI,OAAO,KAAK,iBAAiB,EAAE,CAAC;wBAClC,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,gEAAgE;4BAC9D,qEAAqE,CACxE,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,gEAAgE;YAChE,gFAAgF;YAChF,IAAI,KAAK,YAAY,wBAAe,EAAE,CAAC;gBACrC,MAAM,KAAK,CAAC,CAAC,6BAA6B;YAC5C,CAAC;YAED,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,+BAA+B,QAAQ,MAAM,KAAK,CAAC,OAAO,IAAI;gBAC9D,oEAAoE,CACrE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,kEAAkE;AACpE,CAAC;AAvFD,kDAuFC;AAED,+EAA+E;AAC/E,uCAAuC;AACvC,+EAA+E;AAE/E;;;;;;GAMG;AACH,SAAgB,WAAW,CAAC,GAAW,EAAE,YAAoB,KAAK;IAChE,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,wBAAe,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,iBAAiB,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,CAAC,mBAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,wBAAe,CAAC,GAAG,EAAE,4DAA4D,CAAC,CAAC;IAC/F,CAAC;AACH,CAAC;AARD,kCAQC;AAED;;;;;;GAMG;AACH,SAAgB,mBAAmB,CAAC,IAAY,EAAE,YAAoB,MAAM;IAC1E,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,gCAAuB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,mBAAmB,CAAC,CAAC;IACvE,CAAC;IAED,IAAI,CAAC,6BAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,gCAAuB,CAC/B,IAAI,EACJ,yDAAyD,CAC1D,CAAC;IACJ,CAAC;AACH,CAAC;AAXD,kDAWC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,kBAAkB,CAChC,GAAW,EACX,eAAkC,EAClC,YAAoB,YAAY;IAEhC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,yBAAyB,CAAC,CAAC;IAClE,CAAC;IAED,IAAI,SAAc,CAAC;IACnB,IAAI,CAAC;QACH,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,oBAAoB,CAAC,CAAC;IAC7D,CAAC;IAED,gBAAgB;IAChB,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,4BAA4B,CAAC,CAAC;IACrE,CAAC;IAED,8EAA8E;IAC9E,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC;IAC5B,IAAI,IAAI,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,+DAA+D,IAAI,IAAI;YACvE,iDAAiD,CAClD,CAAC;IACJ,CAAC;IAED,mCAAmC;IACnC,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAClD,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAC/C,QAAQ,KAAK,OAAO,CAAC,WAAW,EAAE;QAClC,QAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,CAC/C,CAAC;IAEF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,YAAY,QAAQ,gCAAgC;YACpD,qBAAqB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;YACnD,yCAAyC,CAC1C,CAAC;IACJ,CAAC;AACH,CAAC;AA9CD,gDA8CC;AAED;;;;;;GAMG;AACH,SAAgB,cAAc,CAAC,OAAe,EAAE,YAAoB,SAAS;IAC3E,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,qBAAqB,CAAC,CAAC;IAC9D,CAAC;IAED,IAAI,CAAC,sBAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,qCAAqC,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AARD,wCAQC;AAED;;;;;;GAMG;AACH,SAAgB,YAAY,CAAC,IAAY,EAAE,YAAoB,MAAM;IACnE,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;IAC3D,CAAC;IAED,IAAI,CAAC,oBAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,mDAAmD,CAAC,CAAC;IAC5F,CAAC;AACH,CAAC;AARD,oCAQC;AAED;;;;;;GAMG;AACH,SAAgB,iBAAiB,CAAC,SAAiB,EAAE,YAAoB,WAAW;IAClF,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,IAAI,wBAAe,CAAC,SAAS,EAAE,uBAAuB,CAAC,CAAC;IAChE,CAAC;IAED,IAAI,CAAC,yBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,wBAAe,CACvB,SAAS,EACT,mEAAmE,CACpE,CAAC;IACJ,CAAC;AACH,CAAC;AAXD,8CAWC;AAED,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E;;;;;;;;GAQG;AACH,SAAgB,oBAAoB,CAAC,KAAc;IACjD,IAAI,CAAC,KAAK;QAAE,OAAO,eAAe,CAAC;IAEnC,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;QAC3B,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;IAC1B,CAAC;SAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrC,OAAO,GAAG,KAAK,CAAC;IAClB,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1B,CAAC;IAED,qBAAqB;IACrB,MAAM,iBAAiB,GAAG;QACxB,qBAAqB;QACrB,oBAAoB;QACpB,qBAAqB;QACrB,mBAAmB;QACnB,6BAA6B;QAC7B,qBAAqB;QACrB,gBAAgB;QAChB,4BAA4B;QAC5B,6BAA6B;QAC7B,8CAA8C;QAC9C,6BAA6B;QAC7B,oBAAoB;QACpB,kBAAkB;QAClB,sBAAsB;QACtB,wBAAwB;QACxB,0CAA0C;KAC3C,CAAC;IAEF,IAAI,SAAS,GAAG,OAAO,CAAC;IACxB,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IACvD,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAtCD,oDAsCC;AAED;;;;;;;;GAQG;AACH,SAAgB,eAAe,CAC7B,KAAc,EACd,SAAiB;IAEjB,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;IAErD,yEAAyE;IACzE,OAAO;QACL,OAAO,EAAE,qBAAqB,SAAS,KAAK,gBAAgB,EAAE;QAC9D,IAAI,EAAG,KAAa,EAAE,IAAI,IAAI,eAAe;QAC7C,SAAS;KACV,CAAC;AACJ,CAAC;AAZD,0CAYC"}
|
package/package.json
CHANGED
|
@@ -1,9 +1,19 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agirails/sdk",
|
|
3
|
-
"version": "2.0
|
|
3
|
+
"version": "2.2.0",
|
|
4
4
|
"description": "AGIRAILS SDK for the ACTP (Agent Commerce Transaction Protocol) - Unified mock + blockchain support",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
7
|
+
"exports": {
|
|
8
|
+
".": {
|
|
9
|
+
"types": "./dist/index.d.ts",
|
|
10
|
+
"default": "./dist/index.js"
|
|
11
|
+
},
|
|
12
|
+
"./storage": {
|
|
13
|
+
"types": "./dist/storage/index.d.ts",
|
|
14
|
+
"default": "./dist/storage/index.js"
|
|
15
|
+
}
|
|
16
|
+
},
|
|
7
17
|
"bin": {
|
|
8
18
|
"actp": "./bin/actp"
|
|
9
19
|
},
|
|
@@ -31,7 +41,9 @@
|
|
|
31
41
|
"test:cancel": "ts-node test-scripts/03-cancel.ts",
|
|
32
42
|
"test:happy-path-eas": "ts-node test-scripts/04-happy-path-eas.ts",
|
|
33
43
|
"test:status": "ts-node test-scripts/status.ts",
|
|
34
|
-
"test:all": "npm run test:setup && npm run test:happy-path && npm run test:dispute && npm run test:cancel"
|
|
44
|
+
"test:all": "npm run test:setup && npm run test:happy-path && npm run test:dispute && npm run test:cancel",
|
|
45
|
+
"eas:register": "ts-node scripts/register-eas-schema.ts",
|
|
46
|
+
"eas:register:mainnet": "ts-node scripts/register-eas-schema.ts base-mainnet"
|
|
35
47
|
},
|
|
36
48
|
"keywords": [
|
|
37
49
|
"agirails",
|
|
@@ -133,7 +133,7 @@ export abstract class BaseAdapter {
|
|
|
133
133
|
// Converts all Unicode whitespace to regular spaces, then strip currency symbols
|
|
134
134
|
let normalized = String(amount)
|
|
135
135
|
.replace(/[\s\u00A0\u2000-\u200B\uFEFF]/g, ' ') // Replace all Unicode whitespace with regular space
|
|
136
|
-
.replace(/^[
|
|
136
|
+
.replace(/^[$]/, '') // Strip leading $
|
|
137
137
|
.replace(/\s*(USDC|usdc)$/, '') // Strip trailing USDC
|
|
138
138
|
.replace(/,/g, '') // Strip thousands separators
|
|
139
139
|
.replace(/\s+/g, '') // Remove ALL whitespace (including normalized Unicode spaces)
|
|
@@ -417,7 +417,7 @@ export abstract class BaseAdapter {
|
|
|
417
417
|
|
|
418
418
|
// Check it's not in the past (with 1 minute buffer)
|
|
419
419
|
const now = Math.floor(Date.now() / 1000);
|
|
420
|
-
const
|
|
420
|
+
const _oneMinuteAgo = now - 60; // Reserved for future validation
|
|
421
421
|
|
|
422
422
|
// Only apply this check if it looks like a deadline/future timestamp
|
|
423
423
|
// (e.g., createdAt can be in the past)
|
|
@@ -13,9 +13,8 @@
|
|
|
13
13
|
* @module adapters/BasicAdapter
|
|
14
14
|
*/
|
|
15
15
|
|
|
16
|
-
import { BaseAdapter, ValidationError
|
|
16
|
+
import { BaseAdapter, ValidationError } from './BaseAdapter';
|
|
17
17
|
import { IACTPRuntime } from '../runtime/IACTPRuntime';
|
|
18
|
-
import { TransactionState } from '../runtime/types/MockState';
|
|
19
18
|
import { EASHelper } from '../protocol/EASHelper';
|
|
20
19
|
|
|
21
20
|
/**
|
|
@@ -156,6 +155,17 @@ export class BasicAdapter extends BaseAdapter {
|
|
|
156
155
|
throw new ValidationError('Deadline must be in the future');
|
|
157
156
|
}
|
|
158
157
|
|
|
158
|
+
// SECURITY: Enforce transaction amount limit on unaudited mainnet contracts
|
|
159
|
+
const maxAmount = this.runtime.maxTransactionAmount;
|
|
160
|
+
const amountInUsdc = Number(amount) / 1_000_000; // Convert from wei to USDC
|
|
161
|
+
if (maxAmount !== undefined && amountInUsdc > maxAmount) {
|
|
162
|
+
throw new ValidationError(
|
|
163
|
+
`Transaction amount $${amountInUsdc.toFixed(2)} exceeds maximum allowed $${maxAmount}. ` +
|
|
164
|
+
`This limit exists because contracts have not been formally audited. ` +
|
|
165
|
+
`For larger amounts, please contact support@agirails.io.`
|
|
166
|
+
);
|
|
167
|
+
}
|
|
168
|
+
|
|
159
169
|
// Create transaction
|
|
160
170
|
const txId = await this.runtime.createTransaction({
|
|
161
171
|
provider,
|
|
@@ -12,7 +12,7 @@
|
|
|
12
12
|
* @module adapters/StandardAdapter
|
|
13
13
|
*/
|
|
14
14
|
|
|
15
|
-
import { BaseAdapter, ValidationError
|
|
15
|
+
import { BaseAdapter, ValidationError } from './BaseAdapter';
|
|
16
16
|
import { IACTPRuntime } from '../runtime/IACTPRuntime';
|
|
17
17
|
import { MockTransaction, TransactionState } from '../runtime/types/MockState';
|
|
18
18
|
import { EASHelper } from '../protocol/EASHelper';
|
|
@@ -125,6 +125,17 @@ export class StandardAdapter extends BaseAdapter {
|
|
|
125
125
|
throw new ValidationError('Deadline must be in the future');
|
|
126
126
|
}
|
|
127
127
|
|
|
128
|
+
// SECURITY: Enforce transaction amount limit on unaudited mainnet contracts
|
|
129
|
+
const maxAmount = this.runtime.maxTransactionAmount;
|
|
130
|
+
const amountInUsdc = Number(amount) / 1_000_000; // Convert from wei to USDC
|
|
131
|
+
if (maxAmount !== undefined && amountInUsdc > maxAmount) {
|
|
132
|
+
throw new ValidationError(
|
|
133
|
+
`Transaction amount $${amountInUsdc.toFixed(2)} exceeds maximum allowed $${maxAmount}. ` +
|
|
134
|
+
`This limit exists because contracts have not been formally audited. ` +
|
|
135
|
+
`For larger amounts, please contact support@agirails.io.`
|
|
136
|
+
);
|
|
137
|
+
}
|
|
138
|
+
|
|
128
139
|
return this.runtime.createTransaction({
|
|
129
140
|
provider,
|
|
130
141
|
requester,
|
|
@@ -169,23 +180,32 @@ export class StandardAdapter extends BaseAdapter {
|
|
|
169
180
|
* Valid transitions:
|
|
170
181
|
* - INITIATED → QUOTED, COMMITTED, CANCELLED
|
|
171
182
|
* - QUOTED → COMMITTED, CANCELLED
|
|
172
|
-
* - COMMITTED → IN_PROGRESS,
|
|
183
|
+
* - COMMITTED → IN_PROGRESS, CANCELLED
|
|
173
184
|
* - IN_PROGRESS → DELIVERED, CANCELLED
|
|
174
185
|
* - DELIVERED → SETTLED, DISPUTED
|
|
175
|
-
* - DISPUTED → SETTLED
|
|
186
|
+
* - DISPUTED → SETTLED, CANCELLED (admin/pauser)
|
|
176
187
|
*
|
|
177
188
|
* @param txId - Transaction ID
|
|
178
189
|
* @param newState - Target state
|
|
190
|
+
* @param proof - Optional proof data (required for DELIVERED transition with dispute window)
|
|
179
191
|
* @throws {Error} If transition is invalid
|
|
180
192
|
*
|
|
181
193
|
* @example
|
|
182
194
|
* ```typescript
|
|
183
|
-
* // Provider
|
|
184
|
-
* await adapter.transitionState(txId, '
|
|
195
|
+
* // Provider starts work
|
|
196
|
+
* await adapter.transitionState(txId, 'IN_PROGRESS');
|
|
197
|
+
*
|
|
198
|
+
* // Provider marks work as delivered (with dispute window proof)
|
|
199
|
+
* const disputeWindowProof = ethers.AbiCoder.defaultAbiCoder().encode(['uint256'], [7200]);
|
|
200
|
+
* await adapter.transitionState(txId, 'DELIVERED', disputeWindowProof);
|
|
185
201
|
* ```
|
|
186
202
|
*/
|
|
187
|
-
async transitionState(
|
|
188
|
-
|
|
203
|
+
async transitionState(
|
|
204
|
+
txId: string,
|
|
205
|
+
newState: TransactionState,
|
|
206
|
+
proof?: string
|
|
207
|
+
): Promise<void> {
|
|
208
|
+
return this.runtime.transitionState(txId, newState, proof);
|
|
189
209
|
}
|
|
190
210
|
|
|
191
211
|
/**
|
|
@@ -233,7 +233,7 @@ export class QuoteBuilder {
|
|
|
233
233
|
*/
|
|
234
234
|
computeHash(quote: QuoteMessage): string {
|
|
235
235
|
// Remove signature field for hashing
|
|
236
|
-
const { signature, ...quoteWithoutSig } = quote;
|
|
236
|
+
const { signature: _signature, ...quoteWithoutSig } = quote;
|
|
237
237
|
return keccak256(toUtf8Bytes(canonicalJsonStringify(quoteWithoutSig)));
|
|
238
238
|
}
|
|
239
239
|
|
|
@@ -156,7 +156,7 @@ function createConfigSetCommand(): Command {
|
|
|
156
156
|
updates.address = value.toLowerCase();
|
|
157
157
|
}
|
|
158
158
|
|
|
159
|
-
|
|
159
|
+
updateConfig(updates);
|
|
160
160
|
|
|
161
161
|
output.result({
|
|
162
162
|
[key]: key === 'privateKey' ? '****' + value.slice(-4) : value,
|
|
@@ -14,7 +14,7 @@ import { Command } from 'commander';
|
|
|
14
14
|
import { Output, ExitCode, fmt } from '../utils/output';
|
|
15
15
|
import { loadConfig } from '../utils/config';
|
|
16
16
|
import { mapError } from '../utils/client';
|
|
17
|
-
import { BaseAdapter
|
|
17
|
+
import { BaseAdapter } from '../../adapters/BaseAdapter';
|
|
18
18
|
|
|
19
19
|
// ============================================================================
|
|
20
20
|
// Command Definition
|
package/src/cli/commands/time.ts
CHANGED
|
@@ -10,10 +10,9 @@
|
|
|
10
10
|
*/
|
|
11
11
|
|
|
12
12
|
import { Command } from 'commander';
|
|
13
|
-
import { Output, ExitCode
|
|
13
|
+
import { Output, ExitCode } from '../utils/output';
|
|
14
14
|
import { loadConfig } from '../utils/config';
|
|
15
15
|
import { createClient, mapError } from '../utils/client';
|
|
16
|
-
import { MockRuntime } from '../../runtime/MockRuntime';
|
|
17
16
|
import { IMockRuntime } from '../../runtime/IACTPRuntime';
|
|
18
17
|
|
|
19
18
|
// ============================================================================
|
package/src/config/networks.ts
CHANGED
|
@@ -30,6 +30,8 @@ export interface NetworkConfig {
|
|
|
30
30
|
eas: string; // EAS contract address
|
|
31
31
|
easSchemaRegistry: string; // EAS SchemaRegistry contract
|
|
32
32
|
agentRegistry?: string; // AIP-7 Agent Registry (optional until deployed)
|
|
33
|
+
identityRegistry?: string; // AIP-7 ERC-1056 DID Registry (optional until deployed)
|
|
34
|
+
archiveTreasury?: string; // AIP-7 Archive Treasury for Arweave funding (optional until deployed)
|
|
33
35
|
};
|
|
34
36
|
eas: {
|
|
35
37
|
deliverySchemaUID: string; // AIP-4 delivery proof schema
|
|
@@ -38,6 +40,13 @@ export interface NetworkConfig {
|
|
|
38
40
|
maxFeePerGas: bigint;
|
|
39
41
|
maxPriorityFeePerGas: bigint;
|
|
40
42
|
};
|
|
43
|
+
/**
|
|
44
|
+
* Maximum transaction amount in USDC (human-readable, e.g., 100 = $100)
|
|
45
|
+
*
|
|
46
|
+
* SECURITY: Limits exposure on unaudited mainnet contracts.
|
|
47
|
+
* Set to undefined for no limit (testnet only).
|
|
48
|
+
*/
|
|
49
|
+
maxTransactionAmount?: number;
|
|
41
50
|
}
|
|
42
51
|
|
|
43
52
|
/**
|
|
@@ -49,7 +58,7 @@ export const BASE_SEPOLIA: NetworkConfig = {
|
|
|
49
58
|
rpcUrl: BASE_SEPOLIA_RPC_URL,
|
|
50
59
|
blockExplorer: 'https://sepolia.basescan.org',
|
|
51
60
|
contracts: {
|
|
52
|
-
// Redeployed 2025-12-10
|
|
61
|
+
// Redeployed 2025-12-10
|
|
53
62
|
actpKernel: '0xD199070F8e9FB9a127F6Fe730Bc13300B4b3d962',
|
|
54
63
|
escrowVault: '0x948b9Ea081C4Cec1E112Af2e539224c531d4d585',
|
|
55
64
|
usdc: '0x444b4e1A65949AB2ac75979D5d0166Eb7A248Ccb', // MockUSDC
|
|
@@ -57,7 +66,11 @@ export const BASE_SEPOLIA: NetworkConfig = {
|
|
|
57
66
|
eas: '0x4200000000000000000000000000000000000021',
|
|
58
67
|
easSchemaRegistry: '0x4200000000000000000000000000000000000020',
|
|
59
68
|
// AIP-7 Agent Registry (deployed 2025-12-11)
|
|
60
|
-
agentRegistry: '0xFed6914Aa70c0a53E9c7Cc4d2Ae159e4748fb09D'
|
|
69
|
+
agentRegistry: '0xFed6914Aa70c0a53E9c7Cc4d2Ae159e4748fb09D',
|
|
70
|
+
// AIP-7 Identity Registry - ERC-1056 DID Registry (deployed 2026-01-09)
|
|
71
|
+
identityRegistry: '0xF64F748C7802a68Cb936a9213881fE74e83FDA97',
|
|
72
|
+
// AIP-7 Archive Treasury - Arweave funding (deployed 2026-01-09)
|
|
73
|
+
archiveTreasury: '0xeB75DE7cF5ce77ab15BB0fFa3a2A79e6aaa554B0'
|
|
61
74
|
},
|
|
62
75
|
eas: {
|
|
63
76
|
// Deployed 2025-11-23 - AIP-4 delivery proof schema
|
|
@@ -82,22 +95,31 @@ export const BASE_MAINNET: NetworkConfig = {
|
|
|
82
95
|
rpcUrl: BASE_MAINNET_RPC_URL,
|
|
83
96
|
blockExplorer: 'https://basescan.org',
|
|
84
97
|
contracts: {
|
|
85
|
-
//
|
|
86
|
-
actpKernel: '
|
|
87
|
-
escrowVault: '
|
|
98
|
+
// Deployed 2026-02-03
|
|
99
|
+
actpKernel: '0xeaE4D6925510284dbC45C8C64bb8104a079D4c60',
|
|
100
|
+
escrowVault: '0xb7bCadF7F26f0761995d95105DFb2346F81AF02D',
|
|
88
101
|
usdc: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913', // Official USDC on Base
|
|
89
102
|
// EAS contracts (Base native deployment)
|
|
90
103
|
eas: '0x4200000000000000000000000000000000000021',
|
|
91
|
-
easSchemaRegistry: '0x4200000000000000000000000000000000000020'
|
|
104
|
+
easSchemaRegistry: '0x4200000000000000000000000000000000000020',
|
|
105
|
+
// AIP-7 contracts
|
|
106
|
+
agentRegistry: '0xbf9Aa0FC291A06A4dFA943c3E0Ad41E7aE20DF02',
|
|
107
|
+
archiveTreasury: '0x64B8f93fef2D2E749F5E88586753343F73246012'
|
|
92
108
|
},
|
|
93
109
|
eas: {
|
|
94
|
-
//
|
|
95
|
-
deliverySchemaUID: '
|
|
110
|
+
// Registered 2026-02-03
|
|
111
|
+
deliverySchemaUID: '0x166501e7476e2fcf9214c4c5144533c2957d56fe59d639effc1719a0658d9c9a'
|
|
96
112
|
},
|
|
97
113
|
gasSettings: {
|
|
98
114
|
maxFeePerGas: ethers.parseUnits('0.5', 'gwei'),
|
|
99
115
|
maxPriorityFeePerGas: ethers.parseUnits('0.1', 'gwei')
|
|
100
|
-
}
|
|
116
|
+
},
|
|
117
|
+
/**
|
|
118
|
+
* SECURITY: $1,000 max transaction limit until contracts are audited.
|
|
119
|
+
* This limits exposure in case of undiscovered vulnerabilities.
|
|
120
|
+
* Will be removed/increased after formal security audit.
|
|
121
|
+
*/
|
|
122
|
+
maxTransactionAmount: 1000
|
|
101
123
|
};
|
|
102
124
|
|
|
103
125
|
/**
|
|
@@ -134,7 +156,9 @@ export function getNetwork(network: string): NetworkConfig {
|
|
|
134
156
|
usdc: config.contracts.usdc,
|
|
135
157
|
eas: config.contracts.eas,
|
|
136
158
|
easSchemaRegistry: config.contracts.easSchemaRegistry,
|
|
137
|
-
agentRegistry: config.contracts.agentRegistry
|
|
159
|
+
agentRegistry: config.contracts.agentRegistry,
|
|
160
|
+
identityRegistry: config.contracts.identityRegistry,
|
|
161
|
+
archiveTreasury: config.contracts.archiveTreasury
|
|
138
162
|
},
|
|
139
163
|
eas: {
|
|
140
164
|
deliverySchemaUID: config.eas.deliverySchemaUID
|
package/src/index.ts
CHANGED
|
@@ -217,6 +217,46 @@ export type {
|
|
|
217
217
|
PriceCalculation,
|
|
218
218
|
} from './level1';
|
|
219
219
|
|
|
220
|
+
// =============================================================================
|
|
221
|
+
// Storage Layer (AIP-7 §4) - Hybrid IPFS + Arweave
|
|
222
|
+
// =============================================================================
|
|
223
|
+
|
|
224
|
+
// Storage clients
|
|
225
|
+
export { FilebaseClient } from './storage/FilebaseClient';
|
|
226
|
+
export { ArweaveClient } from './storage/ArweaveClient';
|
|
227
|
+
|
|
228
|
+
// Archive bundle builder
|
|
229
|
+
export {
|
|
230
|
+
ArchiveBundleBuilder,
|
|
231
|
+
computeContentHash,
|
|
232
|
+
validateArchiveBundle,
|
|
233
|
+
} from './storage/ArchiveBundleBuilder';
|
|
234
|
+
|
|
235
|
+
// Storage types
|
|
236
|
+
export type {
|
|
237
|
+
FilebaseConfig,
|
|
238
|
+
ArweaveConfig,
|
|
239
|
+
IrysCurrency,
|
|
240
|
+
IrysNetwork,
|
|
241
|
+
ArchiveBundle,
|
|
242
|
+
ArchiveChainId,
|
|
243
|
+
ArchiveFinalState,
|
|
244
|
+
ArchiveParticipants,
|
|
245
|
+
ArchiveReferences,
|
|
246
|
+
ArchiveHashes,
|
|
247
|
+
ArchiveSignatures,
|
|
248
|
+
ArchiveAttestation,
|
|
249
|
+
ArchiveSettlement,
|
|
250
|
+
EscrowRelease,
|
|
251
|
+
ArchiveTags,
|
|
252
|
+
IPFSUploadResult,
|
|
253
|
+
ArweaveUploadResult,
|
|
254
|
+
DownloadResult,
|
|
255
|
+
} from './storage/types';
|
|
256
|
+
|
|
257
|
+
// Storage constants
|
|
258
|
+
export { ARCHIVE_BUNDLE_TYPE } from './storage/types';
|
|
259
|
+
|
|
220
260
|
// =============================================================================
|
|
221
261
|
// Enhanced Error Exports
|
|
222
262
|
// =============================================================================
|
|
@@ -241,4 +281,18 @@ export {
|
|
|
241
281
|
DisputeRaisedError,
|
|
242
282
|
ServiceConfigError,
|
|
243
283
|
AgentLifecycleError,
|
|
284
|
+
// Storage errors (AIP-7)
|
|
285
|
+
StorageError,
|
|
286
|
+
StorageAuthenticationError,
|
|
287
|
+
StorageRateLimitError,
|
|
288
|
+
UploadTimeoutError,
|
|
289
|
+
DownloadTimeoutError,
|
|
290
|
+
ContentNotFoundError,
|
|
291
|
+
FileSizeLimitExceededError,
|
|
292
|
+
InvalidCIDError,
|
|
293
|
+
ArweaveUploadError,
|
|
294
|
+
ArweaveDownloadError,
|
|
295
|
+
ArweaveTimeoutError,
|
|
296
|
+
InvalidArweaveTxIdError,
|
|
297
|
+
InsufficientBalanceError as StorageInsufficientBalanceError,
|
|
244
298
|
} from './errors';
|