npm - @bike4mind/cli - Versions diffs - 0.2.30 → 0.2.31-b4m-cli-undo-command.19493 - Mend

@bike4mind/cli 0.2.30 → 0.2.31-b4m-cli-undo-command.19493

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/{chunk-RUI6HNLO.js → chunk-GQGOWACU.js} RENAMED Viewed

@@ -595,12 +595,13 @@ var HydrationEngine = class {
         return numericInputs[0] / numericInputs[1];
       case "ABS":
         return numericInputs.length > 0 ? Math.abs(numericInputs[0]) : 0;
-      case "ROUND":
+      case "ROUND": {
         if (numericInputs.length === 0)
           return 0;
         const decimals = numericInputs[1] ?? 0;
         const factor = Math.pow(10, decimals);
         return Math.round(numericInputs[0] * factor) / factor;
+      }
       case "FLOOR":
         return numericInputs.length > 0 ? Math.floor(numericInputs[0]) : 0;
       case "CEIL":
@@ -624,12 +625,13 @@ var HydrationEngine = class {
         return numericInputs.length > 0 ? Math.max(...numericInputs) : 0;
       case "COUNT":
         return inputs.filter((v) => v !== null).length;
-      case "MEDIAN":
+      case "MEDIAN": {
         if (numericInputs.length === 0)
           return 0;
         const sorted = [...numericInputs].sort((a, b) => a - b);
         const mid = Math.floor(sorted.length / 2);
         return sorted.length % 2 === 0 ? (sorted[mid - 1] + sorted[mid]) / 2 : sorted[mid];
+      }
       // Logical
       case "IF":
         return inputs[0] ? inputs[1] : inputs[2];
@@ -649,13 +651,14 @@ var HydrationEngine = class {
         return inputs.length >= 2 && inputs[0] >= inputs[1];
       case "LESS_THAN_OR_EQUAL":
         return inputs.length >= 2 && inputs[0] <= inputs[1];
-      case "BETWEEN":
+      case "BETWEEN": {
         if (inputs.length < 3)
           return false;
         const val = inputs[0];
         const min = inputs[1];
         const max = inputs[2];
         return val >= min && val <= max;
+      }
       // Financial
       case "PERCENT_OF":
         if (numericInputs.length < 2 || numericInputs[1] === 0)
@@ -714,11 +717,12 @@ var HydrationEngine = class {
       case "REFERENCE":
         return inputs[0];
       // Pass through
-      case "LOOKUP":
+      case "LOOKUP": {
         if (inputs.length < 2)
           return null;
         const index = inputs[0];
         return inputs[Math.min(index + 1, inputs.length - 1)];
+      }
       default:
         context.errors.push({
           type: "INVALID_OPERATION",

package/dist/{chunk-BQAPZP5Y.js → chunk-RI45VJW3.js} RENAMED Viewed

@@ -16,7 +16,7 @@ import {
   dayjsConfig_default,
   extractSnippetMeta,
   settingsMap
-} from "./chunk-T4VPCTBM.js";
+} from "./chunk-GE7Q64MS.js";
 import {
   Logger
 } from "./chunk-OCYRD7D6.js";
@@ -591,6 +591,125 @@ function getSettingsCacheStats() {
 // ../../b4m-core/packages/utils/dist/src/ingest.js
 import axios from "axios";
 import mime2 from "mime-types";
+// ../../b4m-core/packages/utils/dist/src/ssrfProtection.js
+import dns from "dns";
+import { promisify } from "util";
+var dnsResolve4 = promisify(dns.resolve4);
+var dnsResolve6 = promisify(dns.resolve6);
+function isPrivateIPv4(ip) {
+  const ipv4Match = ip.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+  if (!ipv4Match)
+    return false;
+  const [, a, b, c] = ipv4Match.map(Number);
+  if (a === 10)
+    return true;
+  if (a === 172 && b >= 16 && b <= 31)
+    return true;
+  if (a === 192 && b === 168)
+    return true;
+  if (a === 127)
+    return true;
+  if (a === 169 && b === 254)
+    return true;
+  if (a === 0)
+    return true;
+  if (a === 100 && b >= 64 && b <= 127)
+    return true;
+  if (a === 192 && b === 0 && c === 0)
+    return true;
+  if (a === 192 && b === 0 && c === 2 || a === 198 && b === 51 && c === 100 || a === 203 && b === 0 && c === 113)
+    return true;
+  if (a >= 224 && a <= 239)
+    return true;
+  if (a >= 240)
+    return true;
+  return false;
+}
+function isPrivateIPv6(ip) {
+  const normalized = ip.toLowerCase();
+  if (normalized === "::1" || normalized === "0:0:0:0:0:0:0:1")
+    return true;
+  if (normalized === "::" || normalized === "0:0:0:0:0:0:0:0")
+    return true;
+  if (normalized.startsWith("fe8") || normalized.startsWith("fe9") || normalized.startsWith("fea") || normalized.startsWith("feb"))
+    return true;
+  if (normalized.startsWith("fc") || normalized.startsWith("fd"))
+    return true;
+  if (normalized.startsWith("ff"))
+    return true;
+  const ipv4MappedMatch = normalized.match(/^::ffff:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/);
+  if (ipv4MappedMatch) {
+    return isPrivateIPv4(ipv4MappedMatch[1]);
+  }
+  if (normalized.startsWith("2001:db8:") || normalized.startsWith("2001:0db8:"))
+    return true;
+  if (normalized.startsWith("100::") || normalized.startsWith("0100::"))
+    return true;
+  if (normalized.startsWith("64:ff9b:") || normalized.startsWith("0064:ff9b:"))
+    return true;
+  return false;
+}
+function isPrivateIP(ip) {
+  if (/^(\d{1,3}\.){3}\d{1,3}$/.test(ip)) {
+    return isPrivateIPv4(ip);
+  }
+  return isPrivateIPv6(ip);
+}
+function isPrivateOrInternalHostname(hostname) {
+  const normalized = hostname.toLowerCase();
+  if (normalized === "localhost" || normalized === "127.0.0.1" || normalized === "::1" || normalized === "0.0.0.0" || normalized.endsWith(".localhost") || normalized.endsWith(".local")) {
+    return true;
+  }
+  if (normalized === "169.254.169.254" || normalized === "instance-data" || normalized === "metadata.google.internal" || normalized === "metadata.internal") {
+    return true;
+  }
+  if (normalized.endsWith(".cluster.local") || normalized.endsWith(".svc.cluster.local") || normalized.endsWith(".pod.cluster.local")) {
+    return true;
+  }
+  if (/^(\d{1,3}\.){3}\d{1,3}$/.test(normalized)) {
+    return isPrivateIPv4(normalized);
+  }
+  if (normalized.includes(":")) {
+    return isPrivateIPv6(normalized);
+  }
+  return false;
+}
+async function validateUrlForFetch(url) {
+  try {
+    const parsed = new URL(url);
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+      return { valid: false, error: "URL must use HTTP or HTTPS protocol" };
+    }
+    if (isPrivateOrInternalHostname(parsed.hostname)) {
+      return { valid: false, error: "URL points to a private or internal network" };
+    }
+    const isIPv4Address = /^(\d{1,3}\.){3}\d{1,3}$/.test(parsed.hostname);
+    const isIPv6Address = parsed.hostname.includes(":");
+    if (!isIPv4Address && !isIPv6Address) {
+      try {
+        const ipv4Addresses = await dnsResolve4(parsed.hostname).catch(() => []);
+        const ipv6Addresses = await dnsResolve6(parsed.hostname).catch(() => []);
+        const allAddresses = [...ipv4Addresses, ...ipv6Addresses];
+        if (allAddresses.length === 0) {
+          return { valid: false, error: "Could not resolve hostname" };
+        }
+        for (const ip of allAddresses) {
+          if (isPrivateIP(ip)) {
+            return { valid: false, error: `Hostname resolves to private IP address (${ip})` };
+          }
+        }
+      } catch {
+        return { valid: false, error: "Could not resolve hostname" };
+      }
+    }
+    return { valid: true };
+  } catch {
+    return { valid: false, error: "Invalid URL format" };
+  }
+}
+// ../../b4m-core/packages/utils/dist/src/ingest.js
 var URL_REGEX = /https?:\/\/(?:[-\w.])+(?:\:[0-9]+)?(?:\/(?:[\w\/_.])*(?:\?(?:[\w&=%.])*)?(?:\#(?:[\w.])*)?)?/gi;
 function detectURLs(string) {
   const urlsFound = string.match(URL_REGEX) || [];
@@ -603,15 +722,22 @@ function urlExists(stringWithPossibleUrl) {
   const cleanString = stringWithPossibleUrl.replace(/\n/g, " ").replace(/,/g, " ");
   return detectURLs(cleanString);
 }
+var URL_FETCH_TIMEOUT_MS = 1e4;
 async function fetchAndParseURL(url, { logger }) {
   logger.updateMetadata({ failedUrl: null });
   try {
+    const ssrfValidation = await validateUrlForFetch(url);
+    if (!ssrfValidation.valid) {
+      throw new Error(`URL blocked for security reasons: ${ssrfValidation.error}`);
+    }
     let urlMimeType = "text/plain";
     if (url.split(".")?.pop()?.startsWith("pdf")) {
       urlMimeType = "application/pdf";
     }
     const response = await axios.get(url, {
-      responseType: ["application/pdf"].includes(urlMimeType) ? "arraybuffer" : "text"
+      responseType: ["application/pdf"].includes(urlMimeType) ? "arraybuffer" : "text",
+      timeout: URL_FETCH_TIMEOUT_MS
+      // Prevent Lambda timeout exhaustion
     });
     const cheerio = await import("cheerio");
     const htmlContent = response.data;
@@ -619,17 +745,19 @@ async function fetchAndParseURL(url, { logger }) {
     const title = $("title").text() || url.split("/")?.pop();
     let urlContent = null;
     switch (urlMimeType) {
-      case "application/pdf":
+      case "application/pdf": {
         const pdfbuffer = Buffer.from(response.data);
         urlContent = pdfbuffer;
         break;
-      default:
+      }
+      default: {
         let textContent = "";
         $("body").find("p").each((index, element) => {
           textContent += $(element).text() + "\n";
         });
         urlContent = textContent || htmlContent;
         break;
+      }
     }
     logger.log(`Fetched ${title} with mimetype ${urlMimeType} and parsed ${url}`);
     return { title, textContent: urlContent, mimeType: urlMimeType, ext: mime2.extension(urlMimeType) || null };
@@ -1155,8 +1283,30 @@ function separateUrls(urls) {
   const nonImageUrls = urls.filter((url) => !imageExtensions.some((ext) => url.toLowerCase().endsWith(ext)));
   return { imageUrls, nonImageUrls };
 }
-var urlContentCache = /* @__PURE__ */ new Map();
-var CACHE_TTL_MS = 5 * 60 * 1e3;
+function sanitizeUrlForLogging(url) {
+  try {
+    const parsed = new URL(url);
+    const sensitiveParams = [
+      "token",
+      "key",
+      "api_key",
+      "apikey",
+      "secret",
+      "password",
+      "session",
+      "auth",
+      "access_token"
+    ];
+    sensitiveParams.forEach((param) => {
+      if (parsed.searchParams.has(param)) {
+        parsed.searchParams.set(param, "[REDACTED]");
+      }
+    });
+    return parsed.toString();
+  } catch {
+    return url.substring(0, 100) + (url.length > 100 ? "..." : "");
+  }
+}
 async function processUrlsFromPrompt(userPrompt, maxContentBuffer, userId, sendStatusUpdate, logger, options = { verbose: false }) {
   if (!hasURLs(userPrompt)) {
     if (options?.verbose) {
@@ -1164,6 +1314,7 @@ async function processUrlsFromPrompt(userPrompt, maxContentBuffer, userId, sendS
     }
     return { userMessages: [], remainingPrompt: userPrompt };
   }
+  const urlContentCache = /* @__PURE__ */ new Map();
   sendStatusUpdate("Processing URLs from user prompt...");
   const userMessages = [];
   const promptMeta = extractSnippetMeta(userPrompt);
@@ -1191,20 +1342,26 @@ async function processUrlsFromPrompt(userPrompt, maxContentBuffer, userId, sendS
     try {
       const cached = urlContentCache.get(url);
       let textContent;
-      if (cached && Date.now() - cached.timestamp < CACHE_TTL_MS) {
-        if (options?.verbose) {
-          logger.log(`Using cached content for URL: ${url}`);
-        }
-        textContent = cached.content;
+      if (cached) {
+        logger.info("URL_FETCH", {
+          userId,
+          url: sanitizeUrlForLogging(url),
+          cacheHit: true,
+          source: "same-request-dedup"
+        });
+        textContent = cached;
       } else {
         const result = await fetchAndParseURL(url, { logger });
         if (typeof result.textContent !== "string")
           throw new Error("textContent is not a string");
         textContent = result.textContent;
-        urlContentCache.set(url, {
-          content: textContent,
-          timestamp: Date.now()
+        logger.info("URL_FETCH", {
+          userId,
+          url: sanitizeUrlForLogging(url),
+          cacheHit: false,
+          contentLength: textContent.length
         });
+        urlContentCache.set(url, textContent);
       }
       const message = {
         role: "user",
@@ -11600,6 +11757,9 @@ function findAutomaticFallback(originalModel, availableModels, apiKeyTable, logg
     "gemini-2.5-flash-preview-05-20": ["claude-3-5-haiku-20241022", "gpt-4o-mini", "claude-3-haiku-20240307"],
     "gemini-1.5-pro": ["claude-3-5-sonnet-20241022", "gpt-4o", "claude-3-opus-20240229"],
     "gemini-1.5-flash": ["claude-3-5-haiku-20241022", "gpt-4o-mini", "claude-3-haiku-20240307"],
+    // Claude 4.5/4.6 Opus models fallback to Sonnet 4.5
+    "claude-opus-4-5-20251101": ["claude-sonnet-4-5-20250929", "gpt-5", "claude-haiku-4-5-20251001"],
+    "claude-opus-4-6": ["claude-sonnet-4-5-20250929", "gpt-5", "claude-haiku-4-5-20251001"],
     // Claude models fallback to other Claude models or GPT
     "claude-3-5-sonnet-20241022": ["claude-3-opus-20240229", "gpt-4o", "claude-3-sonnet-20240229"],
     "claude-3-opus-20240229": ["claude-3-5-sonnet-20241022", "gpt-4o", "claude-3-sonnet-20240229"],
@@ -11609,7 +11769,7 @@ function findAutomaticFallback(originalModel, availableModels, apiKeyTable, logg
   };
   const preferences = fallbackPreferences[originalModel.id] || [];
   if (preferences.length === 0) {
-    preferences.push("claude-3-5-sonnet-20241022", "gpt-4o", "claude-3-haiku-20240307");
+    preferences.push("claude-sonnet-4-5-20250929", "gpt-5", "claude-haiku-4-5-20251001");
   }
   for (const modelId of preferences) {
     const fallbackModel = availableModels.find((m) => m.id === modelId);
@@ -11998,6 +12158,59 @@ function buildVoiceInstructions(baseInstructions, historyContext) {
   return `${baseInstructions}${historyContext}`;
 }
+// ../../b4m-core/packages/utils/dist/src/lambdaErrorHandler.js
+var isRegistered = false;
+function classifyError(error) {
+  if (error instanceof TypeError) {
+    if (error.message === "terminated" || error.message.includes("fetch failed")) {
+      return "network_terminated";
+    }
+  }
+  if (error instanceof Error) {
+    if (error.name === "AbortError") {
+      return "network_timeout";
+    }
+    const connectionErrors = ["ECONNRESET", "ETIMEDOUT", "ECONNREFUSED", "EPIPE", "ENOTFOUND"];
+    if (connectionErrors.some((code) => error.message.includes(code))) {
+      return "network_connection";
+    }
+  }
+  return "unhandled_rejection";
+}
+function buildLogEntry(error, category) {
+  return {
+    error: error instanceof Error ? error.message : String(error),
+    stack: error instanceof Error ? error.stack : void 0,
+    category,
+    functionName: process.env.AWS_LAMBDA_FUNCTION_NAME,
+    stage: process.env.SEED_STAGE_NAME,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function registerLambdaErrorHandlers(logger) {
+  if (isRegistered)
+    return;
+  isRegistered = true;
+  const log = logger || console;
+  process.on("unhandledRejection", (reason) => {
+    const category = classifyError(reason);
+    const isNetworkError = category.startsWith("network_");
+    const logEntry = buildLogEntry(reason, category);
+    if (isNetworkError) {
+      log.warn("[Lambda] Network error (unhandled rejection)", logEntry);
+    } else {
+      log.error("[Lambda] Unhandled promise rejection", logEntry);
+    }
+  });
+  process.on("uncaughtException", (error) => {
+    const logEntry = buildLogEntry(error, "uncaught_exception");
+    log.error("[Lambda] Uncaught exception", logEntry);
+  });
+}
+function _resetLambdaErrorHandlers() {
+  isRegistered = false;
+}
 export {
   BaseStorage,
   S3Storage,
@@ -12015,6 +12228,9 @@ export {
   warmUpSettingsCache,
   shutdownSettingsCache,
   getSettingsCacheStats,
+  isPrivateIP,
+  isPrivateOrInternalHostname,
+  validateUrlForFetch,
   URL_REGEX,
   detectURLs,
   hasURLs,
@@ -12132,5 +12348,7 @@ export {
   calculateRetryDelay,
   withRetry,
   formatVoiceHistory,
-  buildVoiceInstructions
+  buildVoiceInstructions,
+  registerLambdaErrorHandlers,
+  _resetLambdaErrorHandlers
 };

package/dist/{chunk-WIB75EEX.js → chunk-T67NGQW6.js} RENAMED Viewed

@@ -6,12 +6,12 @@ import {
   getSettingsByNames,
   obfuscateApiKey,
   secureParameters
-} from "./chunk-BQAPZP5Y.js";
+} from "./chunk-RI45VJW3.js";
 import {
   ApiKeyType,
   MementoTier,
   isSupportedEmbeddingModel
-} from "./chunk-T4VPCTBM.js";
+} from "./chunk-GE7Q64MS.js";
 // ../../b4m-core/packages/services/dist/src/apiKeyService/get.js
 import { z } from "zod";

package/dist/{chunk-U63VANTQ.js → chunk-ZOWCX4MQ.js} RENAMED Viewed

@@ -7,11 +7,11 @@ import {
   getSettingsMap,
   getSettingsValue,
   secureParameters
-} from "./chunk-BQAPZP5Y.js";
+} from "./chunk-RI45VJW3.js";
 import {
   KnowledgeType,
   SupportedFabFileMimeTypes
-} from "./chunk-T4VPCTBM.js";
+} from "./chunk-GE7Q64MS.js";
 // ../../b4m-core/packages/services/dist/src/fabFileService/create.js
 import { z } from "zod";

package/dist/{create-4WOBQ5JM.js → create-JNUW7ICC.js} RENAMED Viewed

@@ -2,9 +2,9 @@
 import {
   createFabFile,
   createFabFileSchema
-} from "./chunk-U63VANTQ.js";
-import "./chunk-BQAPZP5Y.js";
-import "./chunk-T4VPCTBM.js";
+} from "./chunk-ZOWCX4MQ.js";
+import "./chunk-RI45VJW3.js";
+import "./chunk-GE7Q64MS.js";
 import "./chunk-OCYRD7D6.js";
 export {
   createFabFile,