@blanklogic/refinery-core 0.1.1 → 0.1.2

package/CHANGELOG.md

@@ -0,0 +1,13 @@
+# Changelog
+
+## [0.1.2] - 2026-05-18
+
+### Added
+- **512 KB** max input guard (`inputLimits.js`) for all refine/sanitize paths.
+
+### Changed
+- Package description and README branding aligned with blanklogic.io.
+
+## [0.1.1] - 2026-05-18
+
+- Initial public release with shared compiler and sanitizer engines.

package/README.md

@@ -1,6 +1,26 @@
-# BlankLogic Refinery Core
+# @blanklogic/refinery-core
 
-Shared local engine package for BlankLogic Refinery.
+<p align="center">
+  <img src="assets/icon.png" width="96" height="96" alt="BlankLogic" />
+</p>
+
+**Shared local engine for BlankLogic Refinery — de-bloat, secret redaction, and full refine.**
+
+This package powers the CLI, MCP server, proxy transforms, and extension backend. It is local-only: no network calls, no API keys, no BlankLogic server dependency.
+
+## What's new in 0.1.2
+
+- **512 KB** max input guard on all refine/sanitize entry points.
+
+## Saved tokens or caught a secret?
+
+If BlankLogic trimmed noise, redacted secrets, or cut token waste for you, a quick review helps others find it:
+
+- **Cursor / Open VSX:** [Rate BlankLogic Refinery on Open VSX](https://open-vsx.org/extension/blanklogic/blanklogic-refinery-vscode)
+- **VS Code:** [Leave a review on the Marketplace](https://marketplace.visualstudio.com/items?itemName=blanklogic.blanklogic-refinery-vscode&ssr=false#review-details)
+- **Feedback:** [blanklogic.io/#bugs](https://blanklogic.io/#bugs)
+
+## Install
 
 ```bash
 npm install @blanklogic/refinery-core
@@ -14,8 +34,35 @@ import { refineFull, runCodeDebloater, runTokenSanitizer } from '@blanklogic/ref
 const cleaned = refineFull(input)
 ```
 
-- `runCodeDebloater(input)` removes tracker noise, comments, and boilerplate while preserving useful structure.
-- `runTokenSanitizer(input)` redacts obvious secrets and compacts text for LLM context windows.
-- `refineFull(input)` runs de-bloat first, then secret sanitization.
+| Function | Behavior |
+|----------|----------|
+| `runCodeDebloater(input)` | Remove tracker noise, comments, and boilerplate |
+| `runTokenSanitizer(input)` | Redact obvious secrets; compact text |
+| `refineFull(input)` | De-bloat, then sanitize |
+
+## When to use this package
+
+- Building integrations on top of Refinery
+- Monorepo workspaces that need the engine without the CLI binary
+- Advanced pipelines that call de-bloat and sanitize separately
+
+Most users should start with [@blanklogic/refinery](https://www.npmjs.com/package/@blanklogic/refinery) (CLI) or the [VS Code extension](https://marketplace.visualstudio.com/items?itemName=blanklogic.blanklogic-refinery-vscode).
+
+## Related BlankLogic tools
+
+| Product | Link |
+|---------|------|
+| **CLI** | [`@blanklogic/refinery`](https://www.npmjs.com/package/@blanklogic/refinery) |
+| **MCP** | [`@blanklogic/refinery-mcp`](https://www.npmjs.com/package/@blanklogic/refinery-mcp) |
+| **Proxy** | [`@blanklogic/proxy`](https://www.npmjs.com/package/@blanklogic/proxy) |
+| **Homepage** | [blanklogic.io](https://blanklogic.io/) |
+| **Refinery web app** | [blanklogic.io/refinery](https://blanklogic.io/refinery/) |
+
+## Privacy
+
+Local-only. No Stripe, BlankLogic servers, Ollama, or third-party APIs.
+
+## Support
 
-This package is local-only. It does not call Stripe, BlankLogic servers, Ollama, or third-party APIs.
+- Homepage: [blanklogic.io](https://blanklogic.io/)
+- Bug reports: [blanklogic.io/#bugs](https://blanklogic.io/#bugs)

package/package.json

@@ -1,22 +1,25 @@
 {
   "name": "@blanklogic/refinery-core",
-  "version": "0.1.1",
-  "description": "Shared BlankLogic Refinery context hygiene engines.",
+  "version": "0.1.2",
+  "description": "Clean context before AI sees it — shared BlankLogic Refinery engines (local, no upload).",
   "type": "module",
   "private": false,
   "exports": {
     ".": "./src/index.js"
   },
   "files": [
-    "src"
+    "src",
+    "assets",
+    "README.md",
+    "CHANGELOG.md"
   ],
   "publishConfig": {
     "access": "public"
   },
   "license": "UNLICENSED",
-  "homepage": "https://blanklogic.io/refinery/",
+  "homepage": "https://blanklogic.io/",
   "bugs": {
-    "url": "https://blanklogic.io/refinery/"
+    "url": "https://blanklogic.io/#bugs"
   },
   "keywords": [
     "blanklogic",

package/src/index.js

@@ -1,10 +1,21 @@
 import { runCodeDebloater, roughTokenCount, byteSize, lineCount } from './refineryCompiler.js'
 import { runTokenSanitizer } from './refinerySanitizer.js'
+import { assertInputWithinLimit, MAX_REFINERY_INPUT_BYTES, inputByteSize } from './inputLimits.js'
 
-export { runCodeDebloater, roughTokenCount, byteSize, lineCount, runTokenSanitizer }
+export {
+  runCodeDebloater,
+  roughTokenCount,
+  byteSize,
+  lineCount,
+  runTokenSanitizer,
+  assertInputWithinLimit,
+  MAX_REFINERY_INPUT_BYTES,
+  inputByteSize,
+}
 
 export function refineFull(inputValue) {
   const input = String(inputValue ?? '')
+  assertInputWithinLimit(input)
   const debloated = runCodeDebloater(input)
   const sanitized = runTokenSanitizer(debloated.output)
   const bytesIn = byteSize(input)

package/src/inputLimits.js

@@ -0,0 +1,24 @@
+/** Shared max input size for Refinery engines (matches refinery-api MAX_INPUT_BYTES). */
+export const MAX_REFINERY_INPUT_BYTES = 512 * 1024
+
+export function inputByteSize(value) {
+  const text = typeof value === 'string' ? value : String(value ?? '')
+  if (typeof Buffer !== 'undefined') {
+    return Buffer.byteLength(text, 'utf8')
+  }
+  if (typeof TextEncoder !== 'undefined') {
+    return new TextEncoder().encode(text).length
+  }
+  return text.length
+}
+
+/**
+ * @param {string} input
+ * @throws {Error} when input exceeds MAX_REFINERY_INPUT_BYTES
+ */
+export function assertInputWithinLimit(input) {
+  const byteSize = inputByteSize(input)
+  if (byteSize <= MAX_REFINERY_INPUT_BYTES) return
+  const limitKb = MAX_REFINERY_INPUT_BYTES / 1024
+  throw new Error(`Input exceeds ${limitKb} KB limit (${byteSize} bytes).`)
+}

package/src/refineryCompiler.js

@@ -1,3 +1,5 @@
+import { assertInputWithinLimit } from './inputLimits.js'
+
 const TRACKER_BLOCK_RE = /<(script|noscript)\b[^>]*>[\s\S]*?<\/\1>/gi
 
 const TRACKER_VENDOR_RE =
@@ -8,6 +10,7 @@ const RAW_BLOCK_RE = /<(script|style|pre|code|textarea)\b[^>]*>[\s\S]*?<\/\1>/gi
 export function runCodeDebloater(inputValue) {
   const start = now()
   const input = String(inputValue ?? '')
+  assertInputWithinLimit(input)
   const normalized = input.replace(/\r\n?/g, '\n')
   const htmlLike = /<\/?[a-z][\s\S]*>/i.test(normalized)
   const result = htmlLike ? compactHtml(normalized) : compactLooseCode(normalized)

package/src/refinerySanitizer.js

@@ -1,3 +1,5 @@
+import { assertInputWithinLimit } from './inputLimits.js'
+
 const SECRET_PATTERNS = [
   {
     pattern: /\bsk-[A-Za-z0-9_-]{12,}\b/g,
@@ -35,6 +37,7 @@ const NAMED_SECRET_ASSIGNMENT_RE =
 export function runTokenSanitizer(inputValue) {
   const start = now()
   const input = String(inputValue ?? '')
+  assertInputWithinLimit(input)
   const normalized = input.replace(/\r\n?/g, '\n')
   let secretsRedacted = 0
   let protectedText = normalized.replace(NAMED_SECRET_ASSIGNMENT_RE, (_match, prefix, assignment, quote, _value) => {