@coffeexdev/openclaw-sentinel 0.1.6 → 0.1.8

package/dist/configSchema.js

@@ -1,22 +1,77 @@
-import { z } from "zod";
-const limitsSchema = z.object({
-    maxWatchersTotal: z.number().int().positive().default(200),
-    maxWatchersPerSkill: z.number().int().positive().default(20),
-    maxConditionsPerWatcher: z.number().int().positive().default(25),
-    maxIntervalMsFloor: z.number().int().positive().default(1000),
-});
-const configZodSchema = z.object({
-    allowedHosts: z.array(z.string()).default([]),
-    localDispatchBase: z.string().url().default("http://127.0.0.1:18789"),
-    dispatchAuthToken: z.string().optional(),
-    stateFilePath: z.string().optional(),
-    limits: limitsSchema.default({}),
-});
+import { Type } from "@sinclair/typebox";
+import { Value } from "@sinclair/typebox/value";
+const LimitsSchema = Type.Object({
+    maxWatchersTotal: Type.Integer({ minimum: 1 }),
+    maxWatchersPerSkill: Type.Integer({ minimum: 1 }),
+    maxConditionsPerWatcher: Type.Integer({ minimum: 1 }),
+    maxIntervalMsFloor: Type.Integer({ minimum: 1 }),
+}, { additionalProperties: false });
+const ConfigSchema = Type.Object({
+    allowedHosts: Type.Array(Type.String()),
+    localDispatchBase: Type.String({ minLength: 1 }),
+    dispatchAuthToken: Type.Optional(Type.String()),
+    stateFilePath: Type.Optional(Type.String()),
+    limits: Type.Optional(LimitsSchema),
+}, { additionalProperties: false });
+function withDefaults(value) {
+    const limitsIn = value.limits ?? {};
+    return {
+        allowedHosts: Array.isArray(value.allowedHosts) ? value.allowedHosts : [],
+        localDispatchBase: typeof value.localDispatchBase === "string" && value.localDispatchBase.length > 0
+            ? value.localDispatchBase
+            : "http://127.0.0.1:18789",
+        dispatchAuthToken: typeof value.dispatchAuthToken === "string" ? value.dispatchAuthToken : undefined,
+        stateFilePath: typeof value.stateFilePath === "string" ? value.stateFilePath : undefined,
+        limits: {
+            maxWatchersTotal: typeof limitsIn.maxWatchersTotal === "number" ? limitsIn.maxWatchersTotal : 200,
+            maxWatchersPerSkill: typeof limitsIn.maxWatchersPerSkill === "number" ? limitsIn.maxWatchersPerSkill : 20,
+            maxConditionsPerWatcher: typeof limitsIn.maxConditionsPerWatcher === "number"
+                ? limitsIn.maxConditionsPerWatcher
+                : 25,
+            maxIntervalMsFloor: typeof limitsIn.maxIntervalMsFloor === "number" ? limitsIn.maxIntervalMsFloor : 1000,
+        },
+    };
+}
+function issue(path, message) {
+    const segments = path.replace(/^\//, "").split("/").filter(Boolean);
+    return {
+        path: segments,
+        message,
+    };
+}
 export const sentinelConfigSchema = {
     safeParse: (value) => {
         if (value === undefined)
             return { success: true, data: undefined };
-        return configZodSchema.safeParse(value);
+        if (value === null || typeof value !== "object" || Array.isArray(value)) {
+            return {
+                success: false,
+                error: { issues: [issue("/", "Config must be an object")] },
+            };
+        }
+        const candidate = withDefaults(value);
+        if (!Value.Check(ConfigSchema, candidate)) {
+            const first = [...Value.Errors(ConfigSchema, candidate)][0];
+            return {
+                success: false,
+                error: {
+                    issues: [issue(String(first?.path || "/"), String(first?.message || "Invalid config"))],
+                },
+            };
+        }
+        // explicit URL validation (TypeBox format validators are not enabled by default)
+        try {
+            new URL(candidate.localDispatchBase);
+        }
+        catch {
+            return {
+                success: false,
+                error: {
+                    issues: [issue("/localDispatchBase", "Invalid URL")],
+                },
+            };
+        }
+        return { success: true, data: candidate };
     },
     jsonSchema: {
         type: "object",

package/dist/validator.js

@@ -1,63 +1,62 @@
-import { z } from "zod";
+import { Type } from "@sinclair/typebox";
+import { Value } from "@sinclair/typebox/value";
 const codeyKeyPattern = /(script|code|eval|handler|function|import|require)/i;
 const codeyValuePattern = /(=>|\bfunction\b|\bimport\s+|\brequire\s*\(|\beval\s*\()/i;
-const conditionSchema = z
-    .object({
-    path: z.string().min(1),
-    op: z.enum([
-        "eq",
-        "neq",
-        "gt",
-        "gte",
-        "lt",
-        "lte",
-        "exists",
-        "absent",
-        "contains",
-        "matches",
-        "changed",
+const ConditionSchema = Type.Object({
+    path: Type.String({ minLength: 1 }),
+    op: Type.Union([
+        Type.Literal("eq"),
+        Type.Literal("neq"),
+        Type.Literal("gt"),
+        Type.Literal("gte"),
+        Type.Literal("lt"),
+        Type.Literal("lte"),
+        Type.Literal("exists"),
+        Type.Literal("absent"),
+        Type.Literal("contains"),
+        Type.Literal("matches"),
+        Type.Literal("changed"),
     ]),
-    value: z.any().optional(),
-})
-    .strict();
-const watcherSchema = z
-    .object({
-    id: z.string().min(1),
-    skillId: z.string().min(1),
-    enabled: z.boolean().default(true),
-    strategy: z.enum(["http-poll", "websocket", "sse", "http-long-poll"]),
-    endpoint: z.string().url(),
-    method: z.enum(["GET", "POST"]).optional(),
-    headers: z.record(z.string()).optional(),
-    body: z.string().optional(),
-    intervalMs: z.number().int().positive().optional(),
-    timeoutMs: z.number().int().positive().optional(),
-    match: z.enum(["all", "any"]),
-    conditions: z.array(conditionSchema).min(1),
-    fire: z
-        .object({
-        webhookPath: z.string().regex(/^\//),
-        eventName: z.string().min(1),
-        payloadTemplate: z.record(z.union([z.string(), z.number(), z.boolean(), z.null()])),
-    })
-        .strict(),
-    retry: z
-        .object({
-        maxRetries: z.number().int().min(0).max(20),
-        baseMs: z.number().int().min(50).max(60000),
-        maxMs: z.number().int().min(100).max(300000),
-    })
-        .strict(),
-    fireOnce: z.boolean().optional(),
-    metadata: z.record(z.string()).optional(),
-})
-    .strict();
+    value: Type.Optional(Type.Unknown()),
+}, { additionalProperties: false });
+const WatcherSchema = Type.Object({
+    id: Type.String({ minLength: 1 }),
+    skillId: Type.String({ minLength: 1 }),
+    enabled: Type.Boolean(),
+    strategy: Type.Union([
+        Type.Literal("http-poll"),
+        Type.Literal("websocket"),
+        Type.Literal("sse"),
+        Type.Literal("http-long-poll"),
+    ]),
+    endpoint: Type.String({ minLength: 1 }),
+    method: Type.Optional(Type.Union([Type.Literal("GET"), Type.Literal("POST")])),
+    headers: Type.Optional(Type.Record(Type.String(), Type.String())),
+    body: Type.Optional(Type.String()),
+    intervalMs: Type.Optional(Type.Integer({ minimum: 1 })),
+    timeoutMs: Type.Optional(Type.Integer({ minimum: 1 })),
+    match: Type.Union([Type.Literal("all"), Type.Literal("any")]),
+    conditions: Type.Array(ConditionSchema, { minItems: 1 }),
+    fire: Type.Object({
+        webhookPath: Type.String({ pattern: "^/" }),
+        eventName: Type.String({ minLength: 1 }),
+        payloadTemplate: Type.Record(Type.String(), Type.Union([Type.String(), Type.Number(), Type.Boolean(), Type.Null()])),
+    }, { additionalProperties: false }),
+    retry: Type.Object({
+        maxRetries: Type.Integer({ minimum: 0, maximum: 20 }),
+        baseMs: Type.Integer({ minimum: 50, maximum: 60000 }),
+        maxMs: Type.Integer({ minimum: 100, maximum: 300000 }),
+    }, { additionalProperties: false }),
+    fireOnce: Type.Optional(Type.Boolean()),
+    metadata: Type.Optional(Type.Record(Type.String(), Type.String())),
+}, { additionalProperties: false });
 function scanNoCodeLike(input, parentKey = "") {
     if (input === null || input === undefined)
         return;
     if (typeof input === "string") {
-        if (codeyValuePattern.test(input))
+        if (codeyValuePattern.test(input)) {
             throw new Error(`Code-like value rejected at ${parentKey || "<root>"}`);
+        }
         return;
     }
     if (Array.isArray(input)) {
@@ -66,13 +65,29 @@ function scanNoCodeLike(input, parentKey = "") {
     }
     if (typeof input === "object") {
         for (const [key, value] of Object.entries(input)) {
-            if (codeyKeyPattern.test(key))
+            if (codeyKeyPattern.test(key)) {
                 throw new Error(`Code-like field rejected: ${parentKey ? `${parentKey}.` : ""}${key}`);
+            }
             scanNoCodeLike(value, parentKey ? `${parentKey}.${key}` : key);
         }
     }
 }
 export function validateWatcherDefinition(input) {
     scanNoCodeLike(input);
-    return watcherSchema.parse(input);
+    if (!Value.Check(WatcherSchema, input)) {
+        const first = [...Value.Errors(WatcherSchema, input)][0];
+        const where = first?.path || "(root)";
+        const why = first?.message || "Invalid watcher definition";
+        throw new Error(`Invalid watcher definition at ${where}: ${why}`);
+    }
+    const endpoint = input.endpoint;
+    try {
+        if (typeof endpoint !== "string")
+            throw new Error("endpoint must be a string");
+        new URL(endpoint);
+    }
+    catch {
+        throw new Error("Invalid watcher definition at /endpoint: Invalid URL");
+    }
+    return input;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coffeexdev/openclaw-sentinel",
-  "version": "0.1.6",
+  "version": "0.1.8",
   "description": "Secure declarative gateway-native watcher plugin for OpenClaw",
   "keywords": [
     "openclaw",