npm - @blanklogic/refinery-core - Versions diffs - 0.1.1 → 0.1.2 - Mend

@blanklogic/refinery-core 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,13 @@
+# Changelog
+## [0.1.2] - 2026-05-18
+### Added
+- **512 KB** max input guard (`inputLimits.js`) for all refine/sanitize paths.
+### Changed
+- Package description and README branding aligned with blanklogic.io.
+## [0.1.1] - 2026-05-18
+- Initial public release with shared compiler and sanitizer engines.

package/README.md CHANGED Viewed

@@ -1,6 +1,26 @@
-# BlankLogic Refinery Core
+# @blanklogic/refinery-core
-Shared local engine package for BlankLogic Refinery.
+<p align="center">
+  <img src="assets/icon.png" width="96" height="96" alt="BlankLogic" />
+</p>
+**Shared local engine for BlankLogic Refinery — de-bloat, secret redaction, and full refine.**
+This package powers the CLI, MCP server, proxy transforms, and extension backend. It is local-only: no network calls, no API keys, no BlankLogic server dependency.
+## What's new in 0.1.2
+- **512 KB** max input guard on all refine/sanitize entry points.
+## Saved tokens or caught a secret?
+If BlankLogic trimmed noise, redacted secrets, or cut token waste for you, a quick review helps others find it:
+- **Cursor / Open VSX:** [Rate BlankLogic Refinery on Open VSX](https://open-vsx.org/extension/blanklogic/blanklogic-refinery-vscode)
+- **VS Code:** [Leave a review on the Marketplace](https://marketplace.visualstudio.com/items?itemName=blanklogic.blanklogic-refinery-vscode&ssr=false#review-details)
+- **Feedback:** [blanklogic.io/#bugs](https://blanklogic.io/#bugs)
+## Install
 ```bash
 npm install @blanklogic/refinery-core
@@ -14,8 +34,35 @@ import { refineFull, runCodeDebloater, runTokenSanitizer } from '@blanklogic/ref
 const cleaned = refineFull(input)
 ```
-- `runCodeDebloater(input)` removes tracker noise, comments, and boilerplate while preserving useful structure.
-- `runTokenSanitizer(input)` redacts obvious secrets and compacts text for LLM context windows.
-- `refineFull(input)` runs de-bloat first, then secret sanitization.
+| Function | Behavior |
+|----------|----------|
+| `runCodeDebloater(input)` | Remove tracker noise, comments, and boilerplate |
+| `runTokenSanitizer(input)` | Redact obvious secrets; compact text |
+| `refineFull(input)` | De-bloat, then sanitize |
+## When to use this package
+- Building integrations on top of Refinery
+- Monorepo workspaces that need the engine without the CLI binary
+- Advanced pipelines that call de-bloat and sanitize separately
+Most users should start with [@blanklogic/refinery](https://www.npmjs.com/package/@blanklogic/refinery) (CLI) or the [VS Code extension](https://marketplace.visualstudio.com/items?itemName=blanklogic.blanklogic-refinery-vscode).
+## Related BlankLogic tools
+| Product | Link |
+|---------|------|
+| **CLI** | [`@blanklogic/refinery`](https://www.npmjs.com/package/@blanklogic/refinery) |
+| **MCP** | [`@blanklogic/refinery-mcp`](https://www.npmjs.com/package/@blanklogic/refinery-mcp) |
+| **Proxy** | [`@blanklogic/proxy`](https://www.npmjs.com/package/@blanklogic/proxy) |
+| **Homepage** | [blanklogic.io](https://blanklogic.io/) |
+| **Refinery web app** | [blanklogic.io/refinery](https://blanklogic.io/refinery/) |
+## Privacy
+Local-only. No Stripe, BlankLogic servers, Ollama, or third-party APIs.
+## Support
-This package is local-only. It does not call Stripe, BlankLogic servers, Ollama, or third-party APIs.
+- Homepage: [blanklogic.io](https://blanklogic.io/)
+- Bug reports: [blanklogic.io/#bugs](https://blanklogic.io/#bugs)

package/assets/icon.png ADDED Viewed

Binary file

package/package.json CHANGED Viewed

@@ -1,22 +1,25 @@
 {
   "name": "@blanklogic/refinery-core",
-  "version": "0.1.1",
-  "description": "Shared BlankLogic Refinery context hygiene engines.",
+  "version": "0.1.2",
+  "description": "Clean context before AI sees it — shared BlankLogic Refinery engines (local, no upload).",
   "type": "module",
   "private": false,
   "exports": {
     ".": "./src/index.js"
   },
   "files": [
-    "src"
+    "src",
+    "assets",
+    "README.md",
+    "CHANGELOG.md"
   ],
   "publishConfig": {
     "access": "public"
   },
   "license": "UNLICENSED",
-  "homepage": "https://blanklogic.io/refinery/",
+  "homepage": "https://blanklogic.io/",
   "bugs": {
-    "url": "https://blanklogic.io/refinery/"
+    "url": "https://blanklogic.io/#bugs"
   },
   "keywords": [
     "blanklogic",

package/src/index.js CHANGED Viewed

@@ -1,10 +1,21 @@
 import { runCodeDebloater, roughTokenCount, byteSize, lineCount } from './refineryCompiler.js'
 import { runTokenSanitizer } from './refinerySanitizer.js'
+import { assertInputWithinLimit, MAX_REFINERY_INPUT_BYTES, inputByteSize } from './inputLimits.js'
-export { runCodeDebloater, roughTokenCount, byteSize, lineCount, runTokenSanitizer }
+export {
+  runCodeDebloater,
+  roughTokenCount,
+  byteSize,
+  lineCount,
+  runTokenSanitizer,
+  assertInputWithinLimit,
+  MAX_REFINERY_INPUT_BYTES,
+  inputByteSize,
+}
 export function refineFull(inputValue) {
   const input = String(inputValue ?? '')
+  assertInputWithinLimit(input)
   const debloated = runCodeDebloater(input)
   const sanitized = runTokenSanitizer(debloated.output)
   const bytesIn = byteSize(input)

package/src/inputLimits.js ADDED Viewed

@@ -0,0 +1,24 @@
+/** Shared max input size for Refinery engines (matches refinery-api MAX_INPUT_BYTES). */
+export const MAX_REFINERY_INPUT_BYTES = 512 * 1024
+export function inputByteSize(value) {
+  const text = typeof value === 'string' ? value : String(value ?? '')
+  if (typeof Buffer !== 'undefined') {
+    return Buffer.byteLength(text, 'utf8')
+  }
+  if (typeof TextEncoder !== 'undefined') {
+    return new TextEncoder().encode(text).length
+  }
+  return text.length
+}
+/**
+ * @param {string} input
+ * @throws {Error} when input exceeds MAX_REFINERY_INPUT_BYTES
+ */
+export function assertInputWithinLimit(input) {
+  const byteSize = inputByteSize(input)
+  if (byteSize <= MAX_REFINERY_INPUT_BYTES) return
+  const limitKb = MAX_REFINERY_INPUT_BYTES / 1024
+  throw new Error(`Input exceeds ${limitKb} KB limit (${byteSize} bytes).`)
+}

package/src/refineryCompiler.js CHANGED Viewed

@@ -1,3 +1,5 @@
+import { assertInputWithinLimit } from './inputLimits.js'
 const TRACKER_BLOCK_RE = /<(script|noscript)\b[^>]*>[\s\S]*?<\/\1>/gi
 const TRACKER_VENDOR_RE =
@@ -8,6 +10,7 @@ const RAW_BLOCK_RE = /<(script|style|pre|code|textarea)\b[^>]*>[\s\S]*?<\/\1>/gi
 export function runCodeDebloater(inputValue) {
   const start = now()
   const input = String(inputValue ?? '')
+  assertInputWithinLimit(input)
   const normalized = input.replace(/\r\n?/g, '\n')
   const htmlLike = /<\/?[a-z][\s\S]*>/i.test(normalized)
   const result = htmlLike ? compactHtml(normalized) : compactLooseCode(normalized)

package/src/refinerySanitizer.js CHANGED Viewed

@@ -1,3 +1,5 @@
+import { assertInputWithinLimit } from './inputLimits.js'
 const SECRET_PATTERNS = [
   {
     pattern: /\bsk-[A-Za-z0-9_-]{12,}\b/g,
@@ -35,6 +37,7 @@ const NAMED_SECRET_ASSIGNMENT_RE =
 export function runTokenSanitizer(inputValue) {
   const start = now()
   const input = String(inputValue ?? '')
+  assertInputWithinLimit(input)
   const normalized = input.replace(/\r\n?/g, '\n')
   let secretsRedacted = 0
   let protectedText = normalized.replace(NAMED_SECRET_ASSIGNMENT_RE, (_match, prefix, assignment, quote, _value) => {