@defai.digital/mcp-runtime 13.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +214 -0
- package/dist/cache/index.d.ts +2 -0
- package/dist/cache/index.d.ts.map +1 -0
- package/dist/cache/index.js +2 -0
- package/dist/cache/index.js.map +1 -0
- package/dist/cache/lru-cache.d.ts +97 -0
- package/dist/cache/lru-cache.d.ts.map +1 -0
- package/dist/cache/lru-cache.js +295 -0
- package/dist/cache/lru-cache.js.map +1 -0
- package/dist/guard/index.d.ts +2 -0
- package/dist/guard/index.d.ts.map +1 -0
- package/dist/guard/index.js +6 -0
- package/dist/guard/index.js.map +1 -0
- package/dist/guard/runtime-guard.d.ts +98 -0
- package/dist/guard/runtime-guard.d.ts.map +1 -0
- package/dist/guard/runtime-guard.js +204 -0
- package/dist/guard/runtime-guard.js.map +1 -0
- package/dist/index.d.ts +6 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +19 -0
- package/dist/index.js.map +1 -0
- package/dist/response/helpers.d.ts +118 -0
- package/dist/response/helpers.d.ts.map +1 -0
- package/dist/response/helpers.js +235 -0
- package/dist/response/helpers.js.map +1 -0
- package/dist/response/index.d.ts +2 -0
- package/dist/response/index.d.ts.map +1 -0
- package/dist/response/index.js +6 -0
- package/dist/response/index.js.map +1 -0
- package/dist/timeout/index.d.ts +2 -0
- package/dist/timeout/index.d.ts.map +1 -0
- package/dist/timeout/index.js +2 -0
- package/dist/timeout/index.js.map +1 -0
- package/dist/timeout/wrapper.d.ts +52 -0
- package/dist/timeout/wrapper.d.ts.map +1 -0
- package/dist/timeout/wrapper.js +133 -0
- package/dist/timeout/wrapper.js.map +1 -0
- package/dist/validation/index.d.ts +2 -0
- package/dist/validation/index.d.ts.map +1 -0
- package/dist/validation/index.js +2 -0
- package/dist/validation/index.js.map +1 -0
- package/dist/validation/request-validator.d.ts +28 -0
- package/dist/validation/request-validator.d.ts.map +1 -0
- package/dist/validation/request-validator.js +151 -0
- package/dist/validation/request-validator.js.map +1 -0
- package/package.json +41 -0
|
@@ -0,0 +1,151 @@
|
|
|
1
|
+
import { DEFAULT_REQUEST_LIMITS, TOOL_ARRAY_FIELDS, getArrayLimit, } from '@defai.digital/contracts';
|
|
2
|
+
/**
|
|
3
|
+
* Validate request against limits.
|
|
4
|
+
*
|
|
5
|
+
* Invariants enforced:
|
|
6
|
+
* - INV-MCP-LIMIT-001: Array size enforcement
|
|
7
|
+
* - INV-MCP-LIMIT-002: Early rejection
|
|
8
|
+
* - INV-MCP-LIMIT-003: Tool-specific limits
|
|
9
|
+
* - INV-MCP-LIMIT-004: Descriptive errors
|
|
10
|
+
*/
|
|
11
|
+
export function validateRequest(toolName, args, limits = DEFAULT_REQUEST_LIMITS) {
|
|
12
|
+
const errors = [];
|
|
13
|
+
// Validate request size
|
|
14
|
+
const requestSize = estimateRequestSize(args);
|
|
15
|
+
if (requestSize > limits.maxRequestBytes) {
|
|
16
|
+
errors.push({
|
|
17
|
+
path: '$',
|
|
18
|
+
code: 'REQUEST_TOO_LARGE',
|
|
19
|
+
message: `Request size (${requestSize} bytes) exceeds limit (${limits.maxRequestBytes} bytes)`,
|
|
20
|
+
limit: limits.maxRequestBytes,
|
|
21
|
+
actual: requestSize,
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
// Validate arrays and strings recursively
|
|
25
|
+
validateValue(args, '$', toolName, limits, errors, 0);
|
|
26
|
+
if (errors.length > 0) {
|
|
27
|
+
return { valid: false, errors };
|
|
28
|
+
}
|
|
29
|
+
return { valid: true };
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Recursively validate a value against limits.
|
|
33
|
+
*/
|
|
34
|
+
function validateValue(value, path, toolName, limits, errors, depth) {
|
|
35
|
+
// Check depth
|
|
36
|
+
if (depth > limits.maxObjectDepth) {
|
|
37
|
+
errors.push({
|
|
38
|
+
path,
|
|
39
|
+
code: 'OBJECT_TOO_DEEP',
|
|
40
|
+
message: `Object depth (${depth}) exceeds limit (${limits.maxObjectDepth})`,
|
|
41
|
+
limit: limits.maxObjectDepth,
|
|
42
|
+
actual: depth,
|
|
43
|
+
});
|
|
44
|
+
return;
|
|
45
|
+
}
|
|
46
|
+
if (Array.isArray(value)) {
|
|
47
|
+
validateArray(value, path, toolName, limits, errors, depth);
|
|
48
|
+
}
|
|
49
|
+
else if (typeof value === 'string') {
|
|
50
|
+
validateString(value, path, limits, errors);
|
|
51
|
+
}
|
|
52
|
+
else if (value !== null && typeof value === 'object') {
|
|
53
|
+
validateObject(value, path, toolName, limits, errors, depth);
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
/**
|
|
57
|
+
* Validate an array against limits.
|
|
58
|
+
*
|
|
59
|
+
* INV-MCP-LIMIT-001: Array size enforcement.
|
|
60
|
+
* INV-MCP-LIMIT-003: Tool-specific limits.
|
|
61
|
+
*/
|
|
62
|
+
function validateArray(arr, path, toolName, limits, errors, depth) {
|
|
63
|
+
// Get field name from path (last segment)
|
|
64
|
+
const fieldName = path.split('.').pop() ?? '';
|
|
65
|
+
// Check if this field has tool-specific limits
|
|
66
|
+
const toolArrayFields = TOOL_ARRAY_FIELDS[toolName] ?? [];
|
|
67
|
+
const isKnownArrayField = toolArrayFields.includes(fieldName);
|
|
68
|
+
// Get the appropriate limit
|
|
69
|
+
const arrayLimit = isKnownArrayField
|
|
70
|
+
? getArrayLimit(toolName, fieldName, limits)
|
|
71
|
+
: limits.maxArraySize;
|
|
72
|
+
if (arr.length > arrayLimit) {
|
|
73
|
+
errors.push({
|
|
74
|
+
path,
|
|
75
|
+
code: 'ARRAY_TOO_LARGE',
|
|
76
|
+
message: `Array at '${path}' has ${arr.length} items, exceeds limit of ${arrayLimit}`,
|
|
77
|
+
limit: arrayLimit,
|
|
78
|
+
actual: arr.length,
|
|
79
|
+
});
|
|
80
|
+
}
|
|
81
|
+
// Validate array items (with depth + 1)
|
|
82
|
+
for (let i = 0; i < Math.min(arr.length, 100); i++) {
|
|
83
|
+
validateValue(arr[i], `${path}[${i}]`, toolName, limits, errors, depth + 1);
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
/**
|
|
87
|
+
* Validate a string against limits.
|
|
88
|
+
*/
|
|
89
|
+
function validateString(str, path, limits, errors) {
|
|
90
|
+
if (str.length > limits.maxStringLength) {
|
|
91
|
+
errors.push({
|
|
92
|
+
path,
|
|
93
|
+
code: 'STRING_TOO_LONG',
|
|
94
|
+
message: `String at '${path}' has ${str.length} characters, exceeds limit of ${limits.maxStringLength}`,
|
|
95
|
+
limit: limits.maxStringLength,
|
|
96
|
+
actual: str.length,
|
|
97
|
+
});
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
/**
|
|
101
|
+
* Validate an object against limits.
|
|
102
|
+
*/
|
|
103
|
+
function validateObject(obj, path, toolName, limits, errors, depth) {
|
|
104
|
+
for (const [key, value] of Object.entries(obj)) {
|
|
105
|
+
const childPath = path === '$' ? key : `${path}.${key}`;
|
|
106
|
+
validateValue(value, childPath, toolName, limits, errors, depth + 1);
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
/**
|
|
110
|
+
* Estimate request size in bytes.
|
|
111
|
+
*/
|
|
112
|
+
function estimateRequestSize(value) {
|
|
113
|
+
try {
|
|
114
|
+
const json = JSON.stringify(value);
|
|
115
|
+
return json.length * 2; // Approximate UTF-8 size
|
|
116
|
+
}
|
|
117
|
+
catch {
|
|
118
|
+
return 0;
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
/**
|
|
122
|
+
* Create a validation middleware for tool handlers.
|
|
123
|
+
*
|
|
124
|
+
* INV-MCP-LIMIT-002: Early rejection.
|
|
125
|
+
*/
|
|
126
|
+
export function createValidationMiddleware(limits = DEFAULT_REQUEST_LIMITS) {
|
|
127
|
+
return function validateToolRequest(toolName, args) {
|
|
128
|
+
return validateRequest(toolName, args, limits);
|
|
129
|
+
};
|
|
130
|
+
}
|
|
131
|
+
/**
|
|
132
|
+
* Check if a validation result indicates success.
|
|
133
|
+
*/
|
|
134
|
+
export function isValidRequest(result) {
|
|
135
|
+
return result.valid;
|
|
136
|
+
}
|
|
137
|
+
/**
|
|
138
|
+
* Format validation errors for display.
|
|
139
|
+
*/
|
|
140
|
+
export function formatValidationErrors(errors) {
|
|
141
|
+
return errors
|
|
142
|
+
.map((e) => {
|
|
143
|
+
let msg = `${e.path}: ${e.message}`;
|
|
144
|
+
if (e.limit !== undefined && e.actual !== undefined) {
|
|
145
|
+
msg += ` (limit: ${e.limit}, actual: ${e.actual})`;
|
|
146
|
+
}
|
|
147
|
+
return msg;
|
|
148
|
+
})
|
|
149
|
+
.join('\n');
|
|
150
|
+
}
|
|
151
|
+
//# sourceMappingURL=request-validator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"request-validator.js","sourceRoot":"","sources":["../../src/validation/request-validator.ts"],"names":[],"mappings":"AAKA,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAElC;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAgB,EAChB,IAAa,EACb,SAA2B,sBAAsB;IAEjD,MAAM,MAAM,GAAsB,EAAE,CAAC;IAErC,wBAAwB;IACxB,MAAM,WAAW,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IAC9C,IAAI,WAAW,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,GAAG;YACT,IAAI,EAAE,mBAAmB;YACzB,OAAO,EAAE,iBAAiB,WAAW,0BAA0B,MAAM,CAAC,eAAe,SAAS;YAC9F,KAAK,EAAE,MAAM,CAAC,eAAe;YAC7B,MAAM,EAAE,WAAW;SACpB,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,aAAa,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAEtD,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IAClC,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,KAAc,EACd,IAAY,EACZ,QAAgB,EAChB,MAAwB,EACxB,MAAyB,EACzB,KAAa;IAEb,cAAc;IACd,IAAI,KAAK,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CAAC;YACV,IAAI;YACJ,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,iBAAiB,KAAK,oBAAoB,MAAM,CAAC,cAAc,GAAG;YAC3E,KAAK,EAAE,MAAM,CAAC,cAAc;YAC5B,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAC9D,CAAC;SAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrC,cAAc,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9C,CAAC;SAAM,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvD,cAAc,CAAC,KAAgC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAC1F,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,aAAa,CACpB,GAAc,EACd,IAAY,EACZ,QAAgB,EAChB,MAAwB,EACxB,MAAyB,EACzB,KAAa;IAEb,0CAA0C;IAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;IAE9C,+CAA+C;IAC/C,MAAM,eAAe,GAAG,iBAAiB,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC1D,MAAM,iBAAiB,GAAG,eAAe,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAE9D,4BAA4B;IAC5B,MAAM,UAAU,GAAG,iBAAiB;QAClC,CAAC,CAAC,aAAa,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC;QAC5C,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC;IAExB,IAAI,GAAG,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI;YACJ,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,aAAa,IAAI,SAAS,GAAG,CAAC,MAAM,4BAA4B,UAAU,EAAE;YACrF,KAAK,EAAE,UAAU;YACjB,MAAM,EAAE,GAAG,CAAC,MAAM;SACnB,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACnD,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CACrB,GAAW,EACX,IAAY,EACZ,MAAwB,EACxB,MAAyB;IAEzB,IAAI,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC;YACV,IAAI;YACJ,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,cAAc,IAAI,SAAS,GAAG,CAAC,MAAM,iCAAiC,MAAM,CAAC,eAAe,EAAE;YACvG,KAAK,EAAE,MAAM,CAAC,eAAe;YAC7B,MAAM,EAAE,GAAG,CAAC,MAAM;SACnB,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CACrB,GAA4B,EAC5B,IAAY,EACZ,QAAgB,EAChB,MAAwB,EACxB,MAAyB,EACzB,KAAa;IAEb,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,MAAM,SAAS,GAAG,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC;QACxD,aAAa,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;IACvE,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,KAAc;IACzC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,yBAAyB;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAC;IACX,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,0BAA0B,CACxC,SAA2B,sBAAsB;IAEjD,OAAO,SAAS,mBAAmB,CACjC,QAAgB,EAChB,IAAa;QAEb,OAAO,eAAe,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IACjD,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,MAAwB;IACrD,OAAO,MAAM,CAAC,KAAK,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAyB;IAC9D,OAAO,MAAM;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACT,IAAI,GAAG,GAAG,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;QACpC,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACpD,GAAG,IAAI,YAAY,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC,MAAM,GAAG,CAAC;QACrD,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC;SACD,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC"}
|
package/package.json
ADDED
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@defai.digital/mcp-runtime",
|
|
3
|
+
"version": "13.0.3",
|
|
4
|
+
"type": "module",
|
|
5
|
+
"description": "MCP runtime domain - cache, timeout, response helpers, and request validation",
|
|
6
|
+
"license": "Apache-2.0",
|
|
7
|
+
"author": "DEFAI Private Limited",
|
|
8
|
+
"repository": {
|
|
9
|
+
"type": "git",
|
|
10
|
+
"url": "https://github.com/defai-digital/automatosx.git",
|
|
11
|
+
"directory": "packages/core/mcp-runtime"
|
|
12
|
+
},
|
|
13
|
+
"homepage": "https://github.com/defai-digital/automatosx#readme",
|
|
14
|
+
"bugs": {
|
|
15
|
+
"url": "https://github.com/defai-digital/automatosx/issues"
|
|
16
|
+
},
|
|
17
|
+
"main": "./dist/index.js",
|
|
18
|
+
"types": "./dist/index.d.ts",
|
|
19
|
+
"exports": {
|
|
20
|
+
".": {
|
|
21
|
+
"types": "./dist/index.d.ts",
|
|
22
|
+
"import": "./dist/index.js"
|
|
23
|
+
}
|
|
24
|
+
},
|
|
25
|
+
"files": [
|
|
26
|
+
"dist"
|
|
27
|
+
],
|
|
28
|
+
"engines": {
|
|
29
|
+
"node": ">=20.0.0"
|
|
30
|
+
},
|
|
31
|
+
"publishConfig": {
|
|
32
|
+
"access": "public"
|
|
33
|
+
},
|
|
34
|
+
"dependencies": {
|
|
35
|
+
"@defai.digital/contracts": "13.0.3"
|
|
36
|
+
},
|
|
37
|
+
"scripts": {
|
|
38
|
+
"build": "tsc --build",
|
|
39
|
+
"clean": "rm -rf dist *.tsbuildinfo"
|
|
40
|
+
}
|
|
41
|
+
}
|