@coffeexdev/openclaw-sentinel 0.1.6 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/validator.js +69 -54
  2. package/package.json +1 -1
package/dist/validator.js CHANGED
@@ -1,63 +1,62 @@
1
- import { z } from "zod";
1
+ import { Type } from "@sinclair/typebox";
2
+ import { Value } from "@sinclair/typebox/value";
2
3
  const codeyKeyPattern = /(script|code|eval|handler|function|import|require)/i;
3
4
  const codeyValuePattern = /(=>|\bfunction\b|\bimport\s+|\brequire\s*\(|\beval\s*\()/i;
4
- const conditionSchema = z
5
- .object({
6
- path: z.string().min(1),
7
- op: z.enum([
8
- "eq",
9
- "neq",
10
- "gt",
11
- "gte",
12
- "lt",
13
- "lte",
14
- "exists",
15
- "absent",
16
- "contains",
17
- "matches",
18
- "changed",
5
+ const ConditionSchema = Type.Object({
6
+ path: Type.String({ minLength: 1 }),
7
+ op: Type.Union([
8
+ Type.Literal("eq"),
9
+ Type.Literal("neq"),
10
+ Type.Literal("gt"),
11
+ Type.Literal("gte"),
12
+ Type.Literal("lt"),
13
+ Type.Literal("lte"),
14
+ Type.Literal("exists"),
15
+ Type.Literal("absent"),
16
+ Type.Literal("contains"),
17
+ Type.Literal("matches"),
18
+ Type.Literal("changed"),
19
19
  ]),
20
- value: z.any().optional(),
21
- })
22
- .strict();
23
- const watcherSchema = z
24
- .object({
25
- id: z.string().min(1),
26
- skillId: z.string().min(1),
27
- enabled: z.boolean().default(true),
28
- strategy: z.enum(["http-poll", "websocket", "sse", "http-long-poll"]),
29
- endpoint: z.string().url(),
30
- method: z.enum(["GET", "POST"]).optional(),
31
- headers: z.record(z.string()).optional(),
32
- body: z.string().optional(),
33
- intervalMs: z.number().int().positive().optional(),
34
- timeoutMs: z.number().int().positive().optional(),
35
- match: z.enum(["all", "any"]),
36
- conditions: z.array(conditionSchema).min(1),
37
- fire: z
38
- .object({
39
- webhookPath: z.string().regex(/^\//),
40
- eventName: z.string().min(1),
41
- payloadTemplate: z.record(z.union([z.string(), z.number(), z.boolean(), z.null()])),
42
- })
43
- .strict(),
44
- retry: z
45
- .object({
46
- maxRetries: z.number().int().min(0).max(20),
47
- baseMs: z.number().int().min(50).max(60000),
48
- maxMs: z.number().int().min(100).max(300000),
49
- })
50
- .strict(),
51
- fireOnce: z.boolean().optional(),
52
- metadata: z.record(z.string()).optional(),
53
- })
54
- .strict();
20
+ value: Type.Optional(Type.Unknown()),
21
+ }, { additionalProperties: false });
22
+ const WatcherSchema = Type.Object({
23
+ id: Type.String({ minLength: 1 }),
24
+ skillId: Type.String({ minLength: 1 }),
25
+ enabled: Type.Boolean(),
26
+ strategy: Type.Union([
27
+ Type.Literal("http-poll"),
28
+ Type.Literal("websocket"),
29
+ Type.Literal("sse"),
30
+ Type.Literal("http-long-poll"),
31
+ ]),
32
+ endpoint: Type.String({ minLength: 1 }),
33
+ method: Type.Optional(Type.Union([Type.Literal("GET"), Type.Literal("POST")])),
34
+ headers: Type.Optional(Type.Record(Type.String(), Type.String())),
35
+ body: Type.Optional(Type.String()),
36
+ intervalMs: Type.Optional(Type.Integer({ minimum: 1 })),
37
+ timeoutMs: Type.Optional(Type.Integer({ minimum: 1 })),
38
+ match: Type.Union([Type.Literal("all"), Type.Literal("any")]),
39
+ conditions: Type.Array(ConditionSchema, { minItems: 1 }),
40
+ fire: Type.Object({
41
+ webhookPath: Type.String({ pattern: "^/" }),
42
+ eventName: Type.String({ minLength: 1 }),
43
+ payloadTemplate: Type.Record(Type.String(), Type.Union([Type.String(), Type.Number(), Type.Boolean(), Type.Null()])),
44
+ }, { additionalProperties: false }),
45
+ retry: Type.Object({
46
+ maxRetries: Type.Integer({ minimum: 0, maximum: 20 }),
47
+ baseMs: Type.Integer({ minimum: 50, maximum: 60000 }),
48
+ maxMs: Type.Integer({ minimum: 100, maximum: 300000 }),
49
+ }, { additionalProperties: false }),
50
+ fireOnce: Type.Optional(Type.Boolean()),
51
+ metadata: Type.Optional(Type.Record(Type.String(), Type.String())),
52
+ }, { additionalProperties: false });
55
53
  function scanNoCodeLike(input, parentKey = "") {
56
54
  if (input === null || input === undefined)
57
55
  return;
58
56
  if (typeof input === "string") {
59
- if (codeyValuePattern.test(input))
57
+ if (codeyValuePattern.test(input)) {
60
58
  throw new Error(`Code-like value rejected at ${parentKey || "<root>"}`);
59
+ }
61
60
  return;
62
61
  }
63
62
  if (Array.isArray(input)) {
@@ -66,13 +65,29 @@ function scanNoCodeLike(input, parentKey = "") {
66
65
  }
67
66
  if (typeof input === "object") {
68
67
  for (const [key, value] of Object.entries(input)) {
69
- if (codeyKeyPattern.test(key))
68
+ if (codeyKeyPattern.test(key)) {
70
69
  throw new Error(`Code-like field rejected: ${parentKey ? `${parentKey}.` : ""}${key}`);
70
+ }
71
71
  scanNoCodeLike(value, parentKey ? `${parentKey}.${key}` : key);
72
72
  }
73
73
  }
74
74
  }
75
75
  export function validateWatcherDefinition(input) {
76
76
  scanNoCodeLike(input);
77
- return watcherSchema.parse(input);
77
+ if (!Value.Check(WatcherSchema, input)) {
78
+ const first = [...Value.Errors(WatcherSchema, input)][0];
79
+ const where = first?.path || "(root)";
80
+ const why = first?.message || "Invalid watcher definition";
81
+ throw new Error(`Invalid watcher definition at ${where}: ${why}`);
82
+ }
83
+ const endpoint = input.endpoint;
84
+ try {
85
+ if (typeof endpoint !== "string")
86
+ throw new Error("endpoint must be a string");
87
+ new URL(endpoint);
88
+ }
89
+ catch {
90
+ throw new Error("Invalid watcher definition at /endpoint: Invalid URL");
91
+ }
92
+ return input;
78
93
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@coffeexdev/openclaw-sentinel",
3
- "version": "0.1.6",
3
+ "version": "0.1.7",
4
4
  "description": "Secure declarative gateway-native watcher plugin for OpenClaw",
5
5
  "keywords": [
6
6
  "openclaw",