@dollhousemcp/mcp-server 1.3.0

package/dist/test/src/security/fileLockManager.js

@@ -0,0 +1,187 @@
+import { logger } from '../utils/logger.js';
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import { randomBytes } from 'crypto';
+/**
+ * FileLockManager - Prevents race conditions in concurrent file operations
+ *
+ * Features:
+ * - Resource-based locking with automatic cleanup
+ * - Configurable timeouts to prevent deadlocks
+ * - Atomic file operations with write-rename pattern
+ * - Lock queueing for concurrent requests
+ * - Comprehensive error handling and logging
+ * - Performance metrics tracking
+ */
+export class FileLockManager {
+    // Map of resource identifiers to their lock promises
+    static locks = new Map();
+    // Lock acquisition metrics for monitoring
+    static metrics = {
+        totalLockRequests: 0,
+        lockWaitTime: new Map(),
+        lockTimeouts: 0,
+        concurrentWaits: 0
+    };
+    // Default timeout for lock operations (10 seconds)
+    static DEFAULT_TIMEOUT_MS = 10000;
+    // Temporary file directory
+    static TEMP_DIR = '.tmp';
+    /**
+     * Execute an operation with exclusive lock on a resource
+     * @param resource - Unique identifier for the resource (e.g., 'persona:name')
+     * @param operation - Async function to execute while holding the lock
+     * @param options - Lock options including timeout
+     * @returns Result of the operation
+     */
+    static async withLock(resource, operation, options = {}) {
+        const startTime = Date.now();
+        this.metrics.totalLockRequests++;
+        logger.debug(`Lock requested for resource: ${resource}`);
+        // Wait for any existing operation on this resource
+        const existingLock = this.locks.get(resource);
+        if (existingLock) {
+            this.metrics.concurrentWaits++;
+            logger.debug(`Waiting for existing lock on: ${resource}`);
+            try {
+                await existingLock;
+            }
+            catch (error) {
+                // Previous operation failed, but we can proceed
+                logger.debug(`Previous operation on ${resource} failed, proceeding`);
+            }
+        }
+        // Create new lock for this operation
+        const timeout = options.timeout || this.DEFAULT_TIMEOUT_MS;
+        const lockPromise = this.executeWithTimeout(operation, timeout, resource);
+        this.locks.set(resource, lockPromise);
+        try {
+            const result = await lockPromise;
+            // Record metrics
+            const waitTime = Date.now() - startTime;
+            if (!this.metrics.lockWaitTime.has(resource)) {
+                this.metrics.lockWaitTime.set(resource, []);
+            }
+            this.metrics.lockWaitTime.get(resource).push(waitTime);
+            logger.debug(`Lock released for resource: ${resource} (${waitTime}ms)`);
+            return result;
+        }
+        finally {
+            // Clean up lock atomically - compare and delete in one operation
+            const currentLock = this.locks.get(resource);
+            if (currentLock === lockPromise) {
+                this.locks.delete(resource);
+                logger.debug(`Lock queue cleaned up for resource: ${resource}`);
+            }
+        }
+    }
+    /**
+     * Execute operation with timeout protection
+     */
+    static async executeWithTimeout(operation, timeoutMs, resource) {
+        let timeoutHandle;
+        const timeoutPromise = new Promise((_, reject) => {
+            timeoutHandle = setTimeout(() => {
+                this.metrics.lockTimeouts++;
+                reject(new Error(`Lock operation timeout for resource: ${resource}`));
+            }, timeoutMs);
+        });
+        try {
+            const result = await Promise.race([operation(), timeoutPromise]);
+            if (timeoutHandle)
+                clearTimeout(timeoutHandle);
+            return result;
+        }
+        catch (error) {
+            if (timeoutHandle)
+                clearTimeout(timeoutHandle);
+            throw error;
+        }
+    }
+    /**
+     * Perform atomic file write operation
+     * Writes to temporary file then renames to ensure atomicity
+     */
+    static async atomicWriteFile(filePath, content, options) {
+        const tempPath = await this.getTempFilePath(filePath);
+        const dir = path.dirname(tempPath);
+        try {
+            // Ensure temp directory exists
+            await fs.mkdir(dir, { recursive: true });
+            // Write to temporary file
+            await fs.writeFile(tempPath, content, options);
+            // Atomic rename (on same filesystem)
+            await fs.rename(tempPath, filePath);
+            logger.debug(`Atomic write completed: ${filePath}`);
+        }
+        catch (error) {
+            // Clean up temp file on error
+            try {
+                await fs.unlink(tempPath);
+                logger.debug(`Cleaned up temp file after error: ${tempPath}`);
+            }
+            catch (unlinkError) {
+                // Log cleanup failure but don't throw - original error is more important
+                logger.warn(`Failed to clean up temp file ${tempPath}: ${unlinkError}`);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Perform atomic file read with lock
+     */
+    static async atomicReadFile(filePath, options) {
+        return this.withLock(`file:${filePath}`, async () => {
+            const content = await fs.readFile(filePath, options);
+            return content.toString();
+        });
+    }
+    /**
+     * Generate temporary file path for atomic operations
+     */
+    static async getTempFilePath(originalPath) {
+        const dir = path.dirname(originalPath);
+        const basename = path.basename(originalPath);
+        const random = randomBytes(8).toString('hex');
+        return path.join(dir, this.TEMP_DIR, `${basename}.${random}.tmp`);
+    }
+    /**
+     * Get lock metrics for monitoring
+     */
+    static getMetrics() {
+        const avgWaitTimes = new Map();
+        for (const [resource, times] of this.metrics.lockWaitTime.entries()) {
+            if (times.length > 0) {
+                const avg = times.reduce((a, b) => a + b, 0) / times.length;
+                avgWaitTimes.set(resource, Math.round(avg));
+            }
+        }
+        return {
+            totalRequests: this.metrics.totalLockRequests,
+            activeLocksCount: this.locks.size,
+            timeouts: this.metrics.lockTimeouts,
+            concurrentWaits: this.metrics.concurrentWaits,
+            avgWaitTimeByResource: Object.fromEntries(avgWaitTimes),
+            activeLocks: Array.from(this.locks.keys())
+        };
+    }
+    /**
+     * Clear all locks (use with caution - mainly for testing)
+     */
+    static clearAllLocks() {
+        this.locks.clear();
+        logger.warn('All file locks cleared - use only for testing/recovery');
+    }
+    /**
+     * Reset metrics
+     */
+    static resetMetrics() {
+        this.metrics = {
+            totalLockRequests: 0,
+            lockWaitTime: new Map(),
+            lockTimeouts: 0,
+            concurrentWaits: 0
+        };
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZmlsZUxvY2tNYW5hZ2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3NlY3VyaXR5L2ZpbGVMb2NrTWFuYWdlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sb0JBQW9CLENBQUM7QUFDNUMsT0FBTyxLQUFLLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFDbEMsT0FBTyxLQUFLLElBQUksTUFBTSxNQUFNLENBQUM7QUFDN0IsT0FBTyxFQUFFLFdBQVcsRUFBRSxNQUFNLFFBQVEsQ0FBQztBQUVyQzs7Ozs7Ozs7OztHQVVHO0FBQ0gsTUFBTSxPQUFPLGVBQWU7SUFDMUIscURBQXFEO0lBQzdDLE1BQU0sQ0FBQyxLQUFLLEdBQUcsSUFBSSxHQUFHLEVBQXdCLENBQUM7SUFFdkQsMENBQTBDO0lBQ2xDLE1BQU0sQ0FBQyxPQUFPLEdBQUc7UUFDdkIsaUJBQWlCLEVBQUUsQ0FBQztRQUNwQixZQUFZLEVBQUUsSUFBSSxHQUFHLEVBQW9CO1FBQ3pDLFlBQVksRUFBRSxDQUFDO1FBQ2YsZUFBZSxFQUFFLENBQUM7S0FDbkIsQ0FBQztJQUVGLG1EQUFtRDtJQUMzQyxNQUFNLENBQVUsa0JBQWtCLEdBQUcsS0FBSyxDQUFDO0lBRW5ELDJCQUEyQjtJQUNuQixNQUFNLENBQVUsUUFBUSxHQUFHLE1BQU0sQ0FBQztJQUUxQzs7Ozs7O09BTUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FDbkIsUUFBZ0IsRUFDaEIsU0FBMkIsRUFDM0IsVUFBZ0MsRUFBRTtRQUVsQyxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDN0IsSUFBSSxDQUFDLE9BQU8sQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1FBRWpDLE1BQU0sQ0FBQyxLQUFLLENBQUMsZ0NBQWdDLFFBQVEsRUFBRSxDQUFDLENBQUM7UUFFekQsbURBQW1EO1FBQ25ELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzlDLElBQUksWUFBWSxFQUFFLENBQUM7WUFDakIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUMvQixNQUFNLENBQUMsS0FBSyxDQUFDLGlDQUFpQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1lBRTFELElBQUksQ0FBQztnQkFDSCxNQUFNLFlBQVksQ0FBQztZQUNyQixDQUFDO1lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztnQkFDZixnREFBZ0Q7Z0JBQ2hELE1BQU0sQ0FBQyxLQUFLLENBQUMseUJBQXlCLFFBQVEscUJBQXFCLENBQUMsQ0FBQztZQUN2RSxDQUFDO1FBQ0gsQ0FBQztRQUVELHFDQUFxQztRQUNyQyxNQUFNLE9BQU8sR0FBRyxPQUFPLENBQUMsT0FBTyxJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQztRQUMzRCxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUMsU0FBUyxFQUFFLE9BQU8sRUFBRSxRQUFRLENBQUMsQ0FBQztRQUMxRSxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxRQUFRLEVBQUUsV0FBVyxDQUFDLENBQUM7UUFFdEMsSUFBSSxDQUFDO1lBQ0gsTUFBTSxNQUFNLEdBQUcsTUFBTSxXQUFXLENBQUM7WUFFakMsaUJBQWlCO1lBQ2pCLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxTQUFTLENBQUM7WUFDeEMsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO2dCQUM3QyxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQzlDLENBQUM7WUFDRCxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFFLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBRXhELE1BQU0sQ0FBQyxLQUFLLENBQUMsK0JBQStCLFFBQVEsS0FBSyxRQUFRLEtBQUssQ0FBQyxDQUFDO1lBQ3hFLE9BQU8sTUFBTSxDQUFDO1FBQ2hCLENBQUM7Z0JBQVMsQ0FBQztZQUNULGlFQUFpRTtZQUNqRSxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUM3QyxJQUFJLFdBQVcsS0FBSyxXQUFXLEVBQUUsQ0FBQztnQkFDaEMsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7Z0JBQzVCLE1BQU0sQ0FBQyxLQUFLLENBQUMsdUNBQXVDLFFBQVEsRUFBRSxDQUFDLENBQUM7WUFDbEUsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxNQUFNLENBQUMsS0FBSyxDQUFDLGtCQUFrQixDQUNyQyxTQUEyQixFQUMzQixTQUFpQixFQUNqQixRQUFnQjtRQUVoQixJQUFJLGFBQXlDLENBQUM7UUFFOUMsTUFBTSxjQUFjLEdBQUcsSUFBSSxPQUFPLENBQVEsQ0FBQyxDQUFDLEVBQUUsTUFBTSxFQUFFLEVBQUU7WUFDdEQsYUFBYSxHQUFHLFVBQVUsQ0FBQyxHQUFHLEVBQUU7Z0JBQzlCLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxFQUFFLENBQUM7Z0JBQzVCLE1BQU0sQ0FBQyxJQUFJLEtBQUssQ0FBQyx3Q0FBd0MsUUFBUSxFQUFFLENBQUMsQ0FBQyxDQUFDO1lBQ3hFLENBQUMsRUFBRSxTQUFTLENBQUMsQ0FBQztRQUNoQixDQUFDLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQztZQUNILE1BQU0sTUFBTSxHQUFHLE1BQU0sT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDLFNBQVMsRUFBRSxFQUFFLGNBQWMsQ0FBQyxDQUFDLENBQUM7WUFDakUsSUFBSSxhQUFhO2dCQUFFLFlBQVksQ0FBQyxhQUFhLENBQUMsQ0FBQztZQUMvQyxPQUFPLE1BQU0sQ0FBQztRQUNoQixDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLElBQUksYUFBYTtnQkFBRSxZQUFZLENBQUMsYUFBYSxDQUFDLENBQUM7WUFDL0MsTUFBTSxLQUFLLENBQUM7UUFDZCxDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7T0FHRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUMxQixRQUFnQixFQUNoQixPQUFlLEVBQ2YsT0FBdUM7UUFFdkMsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFbkMsSUFBSSxDQUFDO1lBQ0gsK0JBQStCO1lBQy9CLE1BQU0sRUFBRSxDQUFDLEtBQUssQ0FBQyxHQUFHLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztZQUV6QywwQkFBMEI7WUFDMUIsTUFBTSxFQUFFLENBQUMsU0FBUyxDQUFDLFFBQVEsRUFBRSxPQUFPLEVBQUUsT0FBTyxDQUFDLENBQUM7WUFFL0MscUNBQXFDO1lBQ3JDLE1BQU0sRUFBRSxDQUFDLE1BQU0sQ0FBQyxRQUFRLEVBQUUsUUFBUSxDQUFDLENBQUM7WUFFcEMsTUFBTSxDQUFDLEtBQUssQ0FBQywyQkFBMkIsUUFBUSxFQUFFLENBQUMsQ0FBQztRQUN0RCxDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLDhCQUE4QjtZQUM5QixJQUFJLENBQUM7Z0JBQ0gsTUFBTSxFQUFFLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDO2dCQUMxQixNQUFNLENBQUMsS0FBSyxDQUFDLHFDQUFxQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1lBQ2hFLENBQUM7WUFBQyxPQUFPLFdBQVcsRUFBRSxDQUFDO2dCQUNyQix5RUFBeUU7Z0JBQ3pFLE1BQU0sQ0FBQyxJQUFJLENBQUMsZ0NBQWdDLFFBQVEsS0FBSyxXQUFXLEVBQUUsQ0FBQyxDQUFDO1lBQzFFLENBQUM7WUFDRCxNQUFNLEtBQUssQ0FBQztRQUNkLENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLGNBQWMsQ0FDekIsUUFBZ0IsRUFDaEIsT0FBdUM7UUFFdkMsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsUUFBUSxFQUFFLEVBQUUsS0FBSyxJQUFJLEVBQUU7WUFDbEQsTUFBTSxPQUFPLEdBQUcsTUFBTSxFQUFFLENBQUMsUUFBUSxDQUFDLFFBQVEsRUFBRSxPQUFPLENBQUMsQ0FBQztZQUNyRCxPQUFPLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUM1QixDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRDs7T0FFRztJQUNLLE1BQU0sQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUFDLFlBQW9CO1FBQ3ZELE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDdkMsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUM3QyxNQUFNLE1BQU0sR0FBRyxXQUFXLENBQUMsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzlDLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLFFBQVEsRUFBRSxHQUFHLFFBQVEsSUFBSSxNQUFNLE1BQU0sQ0FBQyxDQUFDO0lBQ3BFLENBQUM7SUFFRDs7T0FFRztJQUNILE1BQU0sQ0FBQyxVQUFVO1FBQ2YsTUFBTSxZQUFZLEdBQUcsSUFBSSxHQUFHLEVBQWtCLENBQUM7UUFDL0MsS0FBSyxNQUFNLENBQUMsUUFBUSxFQUFFLEtBQUssQ0FBQyxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7WUFDcEUsSUFBSSxLQUFLLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUNyQixNQUFNLEdBQUcsR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUMsR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDO2dCQUM1RCxZQUFZLENBQUMsR0FBRyxDQUFDLFFBQVEsRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7WUFDOUMsQ0FBQztRQUNILENBQUM7UUFFRCxPQUFPO1lBQ0wsYUFBYSxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsaUJBQWlCO1lBQzdDLGdCQUFnQixFQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSTtZQUNqQyxRQUFRLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZO1lBQ25DLGVBQWUsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLGVBQWU7WUFDN0MscUJBQXFCLEVBQUUsTUFBTSxDQUFDLFdBQVcsQ0FBQyxZQUFZLENBQUM7WUFDdkQsV0FBVyxFQUFFLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLEVBQUUsQ0FBQztTQUMzQyxDQUFDO0lBQ0osQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLGFBQWE7UUFDbEIsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUNuQixNQUFNLENBQUMsSUFBSSxDQUFDLHdEQUF3RCxDQUFDLENBQUM7SUFDeEUsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLFlBQVk7UUFDakIsSUFBSSxDQUFDLE9BQU8sR0FBRztZQUNiLGlCQUFpQixFQUFFLENBQUM7WUFDcEIsWUFBWSxFQUFFLElBQUksR0FBRyxFQUFvQjtZQUN6QyxZQUFZLEVBQUUsQ0FBQztZQUNmLGVBQWUsRUFBRSxDQUFDO1NBQ25CLENBQUM7SUFDSixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgbG9nZ2VyIH0gZnJvbSAnLi4vdXRpbHMvbG9nZ2VyLmpzJztcbmltcG9ydCAqIGFzIGZzIGZyb20gJ2ZzL3Byb21pc2VzJztcbmltcG9ydCAqIGFzIHBhdGggZnJvbSAncGF0aCc7XG5pbXBvcnQgeyByYW5kb21CeXRlcyB9IGZyb20gJ2NyeXB0byc7XG5cbi8qKlxuICogRmlsZUxvY2tNYW5hZ2VyIC0gUHJldmVudHMgcmFjZSBjb25kaXRpb25zIGluIGNvbmN1cnJlbnQgZmlsZSBvcGVyYXRpb25zXG4gKiBcbiAqIEZlYXR1cmVzOlxuICogLSBSZXNvdXJjZS1iYXNlZCBsb2NraW5nIHdpdGggYXV0b21hdGljIGNsZWFudXBcbiAqIC0gQ29uZmlndXJhYmxlIHRpbWVvdXRzIHRvIHByZXZlbnQgZGVhZGxvY2tzXG4gKiAtIEF0b21pYyBmaWxlIG9wZXJhdGlvbnMgd2l0aCB3cml0ZS1yZW5hbWUgcGF0dGVyblxuICogLSBMb2NrIHF1ZXVlaW5nIGZvciBjb25jdXJyZW50IHJlcXVlc3RzXG4gKiAtIENvbXByZWhlbnNpdmUgZXJyb3IgaGFuZGxpbmcgYW5kIGxvZ2dpbmdcbiAqIC0gUGVyZm9ybWFuY2UgbWV0cmljcyB0cmFja2luZ1xuICovXG5leHBvcnQgY2xhc3MgRmlsZUxvY2tNYW5hZ2VyIHtcbiAgLy8gTWFwIG9mIHJlc291cmNlIGlkZW50aWZpZXJzIHRvIHRoZWlyIGxvY2sgcHJvbWlzZXNcbiAgcHJpdmF0ZSBzdGF0aWMgbG9ja3MgPSBuZXcgTWFwPHN0cmluZywgUHJvbWlzZTxhbnk+PigpO1xuICBcbiAgLy8gTG9jayBhY3F1aXNpdGlvbiBtZXRyaWNzIGZvciBtb25pdG9yaW5nXG4gIHByaXZhdGUgc3RhdGljIG1ldHJpY3MgPSB7XG4gICAgdG90YWxMb2NrUmVxdWVzdHM6IDAsXG4gICAgbG9ja1dhaXRUaW1lOiBuZXcgTWFwPHN0cmluZywgbnVtYmVyW10+KCksXG4gICAgbG9ja1RpbWVvdXRzOiAwLFxuICAgIGNvbmN1cnJlbnRXYWl0czogMFxuICB9O1xuXG4gIC8vIERlZmF1bHQgdGltZW91dCBmb3IgbG9jayBvcGVyYXRpb25zICgxMCBzZWNvbmRzKVxuICBwcml2YXRlIHN0YXRpYyByZWFkb25seSBERUZBVUxUX1RJTUVPVVRfTVMgPSAxMDAwMDtcbiAgXG4gIC8vIFRlbXBvcmFyeSBmaWxlIGRpcmVjdG9yeVxuICBwcml2YXRlIHN0YXRpYyByZWFkb25seSBURU1QX0RJUiA9ICcudG1wJztcblxuICAvKipcbiAgICogRXhlY3V0ZSBhbiBvcGVyYXRpb24gd2l0aCBleGNsdXNpdmUgbG9jayBvbiBhIHJlc291cmNlXG4gICAqIEBwYXJhbSByZXNvdXJjZSAtIFVuaXF1ZSBpZGVudGlmaWVyIGZvciB0aGUgcmVzb3VyY2UgKGUuZy4sICdwZXJzb25hOm5hbWUnKVxuICAgKiBAcGFyYW0gb3BlcmF0aW9uIC0gQXN5bmMgZnVuY3Rpb24gdG8gZXhlY3V0ZSB3aGlsZSBob2xkaW5nIHRoZSBsb2NrXG4gICAqIEBwYXJhbSBvcHRpb25zIC0gTG9jayBvcHRpb25zIGluY2x1ZGluZyB0aW1lb3V0XG4gICAqIEByZXR1cm5zIFJlc3VsdCBvZiB0aGUgb3BlcmF0aW9uXG4gICAqL1xuICBzdGF0aWMgYXN5bmMgd2l0aExvY2s8VD4oXG4gICAgcmVzb3VyY2U6IHN0cmluZyxcbiAgICBvcGVyYXRpb246ICgpID0+IFByb21pc2U8VD4sXG4gICAgb3B0aW9uczogeyB0aW1lb3V0PzogbnVtYmVyIH0gPSB7fVxuICApOiBQcm9taXNlPFQ+IHtcbiAgICBjb25zdCBzdGFydFRpbWUgPSBEYXRlLm5vdygpO1xuICAgIHRoaXMubWV0cmljcy50b3RhbExvY2tSZXF1ZXN0cysrO1xuICAgIFxuICAgIGxvZ2dlci5kZWJ1ZyhgTG9jayByZXF1ZXN0ZWQgZm9yIHJlc291cmNlOiAke3Jlc291cmNlfWApO1xuICAgIFxuICAgIC8vIFdhaXQgZm9yIGFueSBleGlzdGluZyBvcGVyYXRpb24gb24gdGhpcyByZXNvdXJjZVxuICAgIGNvbnN0IGV4aXN0aW5nTG9jayA9IHRoaXMubG9ja3MuZ2V0KHJlc291cmNlKTtcbiAgICBpZiAoZXhpc3RpbmdMb2NrKSB7XG4gICAgICB0aGlzLm1ldHJpY3MuY29uY3VycmVudFdhaXRzKys7XG4gICAgICBsb2dnZXIuZGVidWcoYFdhaXRpbmcgZm9yIGV4aXN0aW5nIGxvY2sgb246ICR7cmVzb3VyY2V9YCk7XG4gICAgICBcbiAgICAgIHRyeSB7XG4gICAgICAgIGF3YWl0IGV4aXN0aW5nTG9jaztcbiAgICAgIH0gY2F0Y2ggKGVycm9yKSB7XG4gICAgICAgIC8vIFByZXZpb3VzIG9wZXJhdGlvbiBmYWlsZWQsIGJ1dCB3ZSBjYW4gcHJvY2VlZFxuICAgICAgICBsb2dnZXIuZGVidWcoYFByZXZpb3VzIG9wZXJhdGlvbiBvbiAke3Jlc291cmNlfSBmYWlsZWQsIHByb2NlZWRpbmdgKTtcbiAgICAgIH1cbiAgICB9XG4gICAgXG4gICAgLy8gQ3JlYXRlIG5ldyBsb2NrIGZvciB0aGlzIG9wZXJhdGlvblxuICAgIGNvbnN0IHRpbWVvdXQgPSBvcHRpb25zLnRpbWVvdXQgfHwgdGhpcy5ERUZBVUxUX1RJTUVPVVRfTVM7XG4gICAgY29uc3QgbG9ja1Byb21pc2UgPSB0aGlzLmV4ZWN1dGVXaXRoVGltZW91dChvcGVyYXRpb24sIHRpbWVvdXQsIHJlc291cmNlKTtcbiAgICB0aGlzLmxvY2tzLnNldChyZXNvdXJjZSwgbG9ja1Byb21pc2UpO1xuICAgIFxuICAgIHRyeSB7XG4gICAgICBjb25zdCByZXN1bHQgPSBhd2FpdCBsb2NrUHJvbWlzZTtcbiAgICAgIFxuICAgICAgLy8gUmVjb3JkIG1ldHJpY3NcbiAgICAgIGNvbnN0IHdhaXRUaW1lID0gRGF0ZS5ub3coKSAtIHN0YXJ0VGltZTtcbiAgICAgIGlmICghdGhpcy5tZXRyaWNzLmxvY2tXYWl0VGltZS5oYXMocmVzb3VyY2UpKSB7XG4gICAgICAgIHRoaXMubWV0cmljcy5sb2NrV2FpdFRpbWUuc2V0KHJlc291cmNlLCBbXSk7XG4gICAgICB9XG4gICAgICB0aGlzLm1ldHJpY3MubG9ja1dhaXRUaW1lLmdldChyZXNvdXJjZSkhLnB1c2god2FpdFRpbWUpO1xuICAgICAgXG4gICAgICBsb2dnZXIuZGVidWcoYExvY2sgcmVsZWFzZWQgZm9yIHJlc291cmNlOiAke3Jlc291cmNlfSAoJHt3YWl0VGltZX1tcylgKTtcbiAgICAgIHJldHVybiByZXN1bHQ7XG4gICAgfSBmaW5hbGx5IHtcbiAgICAgIC8vIENsZWFuIHVwIGxvY2sgYXRvbWljYWxseSAtIGNvbXBhcmUgYW5kIGRlbGV0ZSBpbiBvbmUgb3BlcmF0aW9uXG4gICAgICBjb25zdCBjdXJyZW50TG9jayA9IHRoaXMubG9ja3MuZ2V0KHJlc291cmNlKTtcbiAgICAgIGlmIChjdXJyZW50TG9jayA9PT0gbG9ja1Byb21pc2UpIHtcbiAgICAgICAgdGhpcy5sb2Nrcy5kZWxldGUocmVzb3VyY2UpO1xuICAgICAgICBsb2dnZXIuZGVidWcoYExvY2sgcXVldWUgY2xlYW5lZCB1cCBmb3IgcmVzb3VyY2U6ICR7cmVzb3VyY2V9YCk7XG4gICAgICB9XG4gICAgfVxuICB9XG5cbiAgLyoqXG4gICAqIEV4ZWN1dGUgb3BlcmF0aW9uIHdpdGggdGltZW91dCBwcm90ZWN0aW9uXG4gICAqL1xuICBwcml2YXRlIHN0YXRpYyBhc3luYyBleGVjdXRlV2l0aFRpbWVvdXQ8VD4oXG4gICAgb3BlcmF0aW9uOiAoKSA9PiBQcm9taXNlPFQ+LFxuICAgIHRpbWVvdXRNczogbnVtYmVyLFxuICAgIHJlc291cmNlOiBzdHJpbmdcbiAgKTogUHJvbWlzZTxUPiB7XG4gICAgbGV0IHRpbWVvdXRIYW5kbGU6IE5vZGVKUy5UaW1lb3V0IHwgdW5kZWZpbmVkO1xuICAgIFxuICAgIGNvbnN0IHRpbWVvdXRQcm9taXNlID0gbmV3IFByb21pc2U8bmV2ZXI+KChfLCByZWplY3QpID0+IHtcbiAgICAgIHRpbWVvdXRIYW5kbGUgPSBzZXRUaW1lb3V0KCgpID0+IHtcbiAgICAgICAgdGhpcy5tZXRyaWNzLmxvY2tUaW1lb3V0cysrO1xuICAgICAgICByZWplY3QobmV3IEVycm9yKGBMb2NrIG9wZXJhdGlvbiB0aW1lb3V0IGZvciByZXNvdXJjZTogJHtyZXNvdXJjZX1gKSk7XG4gICAgICB9LCB0aW1lb3V0TXMpO1xuICAgIH0pO1xuICAgIFxuICAgIHRyeSB7XG4gICAgICBjb25zdCByZXN1bHQgPSBhd2FpdCBQcm9taXNlLnJhY2UoW29wZXJhdGlvbigpLCB0aW1lb3V0UHJvbWlzZV0pO1xuICAgICAgaWYgKHRpbWVvdXRIYW5kbGUpIGNsZWFyVGltZW91dCh0aW1lb3V0SGFuZGxlKTtcbiAgICAgIHJldHVybiByZXN1bHQ7XG4gICAgfSBjYXRjaCAoZXJyb3IpIHtcbiAgICAgIGlmICh0aW1lb3V0SGFuZGxlKSBjbGVhclRpbWVvdXQodGltZW91dEhhbmRsZSk7XG4gICAgICB0aHJvdyBlcnJvcjtcbiAgICB9XG4gIH1cblxuICAvKipcbiAgICogUGVyZm9ybSBhdG9taWMgZmlsZSB3cml0ZSBvcGVyYXRpb25cbiAgICogV3JpdGVzIHRvIHRlbXBvcmFyeSBmaWxlIHRoZW4gcmVuYW1lcyB0byBlbnN1cmUgYXRvbWljaXR5XG4gICAqL1xuICBzdGF0aWMgYXN5bmMgYXRvbWljV3JpdGVGaWxlKFxuICAgIGZpbGVQYXRoOiBzdHJpbmcsXG4gICAgY29udGVudDogc3RyaW5nLFxuICAgIG9wdGlvbnM/OiB7IGVuY29kaW5nPzogQnVmZmVyRW5jb2RpbmcgfVxuICApOiBQcm9taXNlPHZvaWQ+IHtcbiAgICBjb25zdCB0ZW1wUGF0aCA9IGF3YWl0IHRoaXMuZ2V0VGVtcEZpbGVQYXRoKGZpbGVQYXRoKTtcbiAgICBjb25zdCBkaXIgPSBwYXRoLmRpcm5hbWUodGVtcFBhdGgpO1xuICAgIFxuICAgIHRyeSB7XG4gICAgICAvLyBFbnN1cmUgdGVtcCBkaXJlY3RvcnkgZXhpc3RzXG4gICAgICBhd2FpdCBmcy5ta2RpcihkaXIsIHsgcmVjdXJzaXZlOiB0cnVlIH0pO1xuICAgICAgXG4gICAgICAvLyBXcml0ZSB0byB0ZW1wb3JhcnkgZmlsZVxuICAgICAgYXdhaXQgZnMud3JpdGVGaWxlKHRlbXBQYXRoLCBjb250ZW50LCBvcHRpb25zKTtcbiAgICAgIFxuICAgICAgLy8gQXRvbWljIHJlbmFtZSAob24gc2FtZSBmaWxlc3lzdGVtKVxuICAgICAgYXdhaXQgZnMucmVuYW1lKHRlbXBQYXRoLCBmaWxlUGF0aCk7XG4gICAgICBcbiAgICAgIGxvZ2dlci5kZWJ1ZyhgQXRvbWljIHdyaXRlIGNvbXBsZXRlZDogJHtmaWxlUGF0aH1gKTtcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgLy8gQ2xlYW4gdXAgdGVtcCBmaWxlIG9uIGVycm9yXG4gICAgICB0cnkge1xuICAgICAgICBhd2FpdCBmcy51bmxpbmsodGVtcFBhdGgpO1xuICAgICAgICBsb2dnZXIuZGVidWcoYENsZWFuZWQgdXAgdGVtcCBmaWxlIGFmdGVyIGVycm9yOiAke3RlbXBQYXRofWApO1xuICAgICAgfSBjYXRjaCAodW5saW5rRXJyb3IpIHtcbiAgICAgICAgLy8gTG9nIGNsZWFudXAgZmFpbHVyZSBidXQgZG9uJ3QgdGhyb3cgLSBvcmlnaW5hbCBlcnJvciBpcyBtb3JlIGltcG9ydGFudFxuICAgICAgICBsb2dnZXIud2FybihgRmFpbGVkIHRvIGNsZWFuIHVwIHRlbXAgZmlsZSAke3RlbXBQYXRofTogJHt1bmxpbmtFcnJvcn1gKTtcbiAgICAgIH1cbiAgICAgIHRocm93IGVycm9yO1xuICAgIH1cbiAgfVxuXG4gIC8qKlxuICAgKiBQZXJmb3JtIGF0b21pYyBmaWxlIHJlYWQgd2l0aCBsb2NrXG4gICAqL1xuICBzdGF0aWMgYXN5bmMgYXRvbWljUmVhZEZpbGUoXG4gICAgZmlsZVBhdGg6IHN0cmluZyxcbiAgICBvcHRpb25zPzogeyBlbmNvZGluZz86IEJ1ZmZlckVuY29kaW5nIH1cbiAgKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICByZXR1cm4gdGhpcy53aXRoTG9jayhgZmlsZToke2ZpbGVQYXRofWAsIGFzeW5jICgpID0+IHtcbiAgICAgIGNvbnN0IGNvbnRlbnQgPSBhd2FpdCBmcy5yZWFkRmlsZShmaWxlUGF0aCwgb3B0aW9ucyk7XG4gICAgICByZXR1cm4gY29udGVudC50b1N0cmluZygpO1xuICAgIH0pO1xuICB9XG5cbiAgLyoqXG4gICAqIEdlbmVyYXRlIHRlbXBvcmFyeSBmaWxlIHBhdGggZm9yIGF0b21pYyBvcGVyYXRpb25zXG4gICAqL1xuICBwcml2YXRlIHN0YXRpYyBhc3luYyBnZXRUZW1wRmlsZVBhdGgob3JpZ2luYWxQYXRoOiBzdHJpbmcpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGRpciA9IHBhdGguZGlybmFtZShvcmlnaW5hbFBhdGgpO1xuICAgIGNvbnN0IGJhc2VuYW1lID0gcGF0aC5iYXNlbmFtZShvcmlnaW5hbFBhdGgpO1xuICAgIGNvbnN0IHJhbmRvbSA9IHJhbmRvbUJ5dGVzKDgpLnRvU3RyaW5nKCdoZXgnKTtcbiAgICByZXR1cm4gcGF0aC5qb2luKGRpciwgdGhpcy5URU1QX0RJUiwgYCR7YmFzZW5hbWV9LiR7cmFuZG9tfS50bXBgKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBHZXQgbG9jayBtZXRyaWNzIGZvciBtb25pdG9yaW5nXG4gICAqL1xuICBzdGF0aWMgZ2V0TWV0cmljcygpIHtcbiAgICBjb25zdCBhdmdXYWl0VGltZXMgPSBuZXcgTWFwPHN0cmluZywgbnVtYmVyPigpO1xuICAgIGZvciAoY29uc3QgW3Jlc291cmNlLCB0aW1lc10gb2YgdGhpcy5tZXRyaWNzLmxvY2tXYWl0VGltZS5lbnRyaWVzKCkpIHtcbiAgICAgIGlmICh0aW1lcy5sZW5ndGggPiAwKSB7XG4gICAgICAgIGNvbnN0IGF2ZyA9IHRpbWVzLnJlZHVjZSgoYSwgYikgPT4gYSArIGIsIDApIC8gdGltZXMubGVuZ3RoO1xuICAgICAgICBhdmdXYWl0VGltZXMuc2V0KHJlc291cmNlLCBNYXRoLnJvdW5kKGF2ZykpO1xuICAgICAgfVxuICAgIH1cbiAgICBcbiAgICByZXR1cm4ge1xuICAgICAgdG90YWxSZXF1ZXN0czogdGhpcy5tZXRyaWNzLnRvdGFsTG9ja1JlcXVlc3RzLFxuICAgICAgYWN0aXZlTG9ja3NDb3VudDogdGhpcy5sb2Nrcy5zaXplLFxuICAgICAgdGltZW91dHM6IHRoaXMubWV0cmljcy5sb2NrVGltZW91dHMsXG4gICAgICBjb25jdXJyZW50V2FpdHM6IHRoaXMubWV0cmljcy5jb25jdXJyZW50V2FpdHMsXG4gICAgICBhdmdXYWl0VGltZUJ5UmVzb3VyY2U6IE9iamVjdC5mcm9tRW50cmllcyhhdmdXYWl0VGltZXMpLFxuICAgICAgYWN0aXZlTG9ja3M6IEFycmF5LmZyb20odGhpcy5sb2Nrcy5rZXlzKCkpXG4gICAgfTtcbiAgfVxuXG4gIC8qKlxuICAgKiBDbGVhciBhbGwgbG9ja3MgKHVzZSB3aXRoIGNhdXRpb24gLSBtYWlubHkgZm9yIHRlc3RpbmcpXG4gICAqL1xuICBzdGF0aWMgY2xlYXJBbGxMb2NrcygpOiB2b2lkIHtcbiAgICB0aGlzLmxvY2tzLmNsZWFyKCk7XG4gICAgbG9nZ2VyLndhcm4oJ0FsbCBmaWxlIGxvY2tzIGNsZWFyZWQgLSB1c2Ugb25seSBmb3IgdGVzdGluZy9yZWNvdmVyeScpO1xuICB9XG5cbiAgLyoqXG4gICAqIFJlc2V0IG1ldHJpY3NcbiAgICovXG4gIHN0YXRpYyByZXNldE1ldHJpY3MoKTogdm9pZCB7XG4gICAgdGhpcy5tZXRyaWNzID0ge1xuICAgICAgdG90YWxMb2NrUmVxdWVzdHM6IDAsXG4gICAgICBsb2NrV2FpdFRpbWU6IG5ldyBNYXA8c3RyaW5nLCBudW1iZXJbXT4oKSxcbiAgICAgIGxvY2tUaW1lb3V0czogMCxcbiAgICAgIGNvbmN1cnJlbnRXYWl0czogMFxuICAgIH07XG4gIH1cbn0iXX0=

package/dist/test/src/security/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Security module exports
+ */
+export * from './constants.js';
+export * from './InputValidator.js';
+export * from './contentValidator.js';
+export * from './securityMonitor.js';
+export * from './commandValidator.js';
+export * from './pathValidator.js';
+export * from './yamlValidator.js';
+export * from './fileLockManager.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/test/src/security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/security/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,gBAAgB,CAAC;AAC/B,cAAc,qBAAqB,CAAC;AACpC,cAAc,uBAAuB,CAAC;AACtC,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AACtC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,sBAAsB,CAAC"}

package/dist/test/src/security/index.js

@@ -0,0 +1,14 @@
+/**
+ * Security module exports
+ */
+export * from './constants.js';
+export * from './InputValidator.js';
+export * from './contentValidator.js';
+export * from './securityMonitor.js';
+export * from './commandValidator.js';
+export * from './pathValidator.js';
+export * from './yamlValidator.js';
+export * from './fileLockManager.js';
+// Export security functionality when ready
+// export * from './RateLimiter.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvc2VjdXJpdHkvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7O0dBRUc7QUFFSCxjQUFjLGdCQUFnQixDQUFDO0FBQy9CLGNBQWMscUJBQXFCLENBQUM7QUFDcEMsY0FBYyx1QkFBdUIsQ0FBQztBQUN0QyxjQUFjLHNCQUFzQixDQUFDO0FBQ3JDLGNBQWMsdUJBQXVCLENBQUM7QUFDdEMsY0FBYyxvQkFBb0IsQ0FBQztBQUNuQyxjQUFjLG9CQUFvQixDQUFDO0FBQ25DLGNBQWMsc0JBQXNCLENBQUM7QUFDckMsMkNBQTJDO0FBQzNDLG9DQUFvQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogU2VjdXJpdHkgbW9kdWxlIGV4cG9ydHNcbiAqL1xuXG5leHBvcnQgKiBmcm9tICcuL2NvbnN0YW50cy5qcyc7XG5leHBvcnQgKiBmcm9tICcuL0lucHV0VmFsaWRhdG9yLmpzJztcbmV4cG9ydCAqIGZyb20gJy4vY29udGVudFZhbGlkYXRvci5qcyc7XG5leHBvcnQgKiBmcm9tICcuL3NlY3VyaXR5TW9uaXRvci5qcyc7XG5leHBvcnQgKiBmcm9tICcuL2NvbW1hbmRWYWxpZGF0b3IuanMnO1xuZXhwb3J0ICogZnJvbSAnLi9wYXRoVmFsaWRhdG9yLmpzJztcbmV4cG9ydCAqIGZyb20gJy4veWFtbFZhbGlkYXRvci5qcyc7XG5leHBvcnQgKiBmcm9tICcuL2ZpbGVMb2NrTWFuYWdlci5qcyc7XG4vLyBFeHBvcnQgc2VjdXJpdHkgZnVuY3Rpb25hbGl0eSB3aGVuIHJlYWR5XG4vLyBleHBvcnQgKiBmcm9tICcuL1JhdGVMaW1pdGVyLmpzJzsiXX0=

package/dist/test/src/security/pathValidator.d.ts

@@ -0,0 +1,9 @@
+export declare class PathValidator {
+    private static ALLOWED_DIRECTORIES;
+    private static ALLOWED_EXTENSIONS;
+    static initialize(personasDir: string, allowedExtensions?: string[]): void;
+    static validatePersonaPath(userPath: string): Promise<string>;
+    static safeReadFile(filePath: string): Promise<string>;
+    static safeWriteFile(filePath: string, content: string): Promise<void>;
+}
+//# sourceMappingURL=pathValidator.d.ts.map

package/dist/test/src/security/pathValidator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pathValidator.d.ts","sourceRoot":"","sources":["../../../../src/security/pathValidator.ts"],"names":[],"mappings":"AAKA,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAgB;IAClD,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAA2D;IAE5F,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,MAAM,EAAE,iBAAiB,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI;WAc7D,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;WA8DtD,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;WAiB/C,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAmB7E"}

package/dist/test/src/security/pathValidator.js

@@ -0,0 +1,98 @@
+import path from 'path';
+import fs from 'fs/promises';
+import { logger } from '../utils/logger.js';
+import { RegexValidator } from './regexValidator.js';
+export class PathValidator {
+    static ALLOWED_DIRECTORIES = [];
+    static ALLOWED_EXTENSIONS = ['.md', '.markdown', '.txt', '.yml', '.yaml'];
+    static initialize(personasDir, allowedExtensions) {
+        this.ALLOWED_DIRECTORIES = [
+            path.resolve(personasDir),
+            path.resolve('./personas'),
+            path.resolve('./custom-personas'),
+            path.resolve('./backups'),
+            path.resolve(process.env.PERSONAS_DIR || './personas')
+        ];
+        if (allowedExtensions) {
+            this.ALLOWED_EXTENSIONS = allowedExtensions;
+        }
+    }
+    static async validatePersonaPath(userPath) {
+        if (!userPath || typeof userPath !== 'string') {
+            throw new Error('Path must be a non-empty string');
+        }
+        // Remove any null bytes
+        const cleanPath = userPath.replace(/\x00/g, '');
+        // Normalize and resolve path
+        const normalizedPath = path.normalize(cleanPath);
+        const resolvedPath = path.resolve(normalizedPath);
+        // Check for path traversal attempts
+        if (normalizedPath.includes('..') || cleanPath.includes('..')) {
+            logger.warn('Path traversal attempt detected', { userPath });
+            throw new Error('Path traversal detected');
+        }
+        // Check if path is within allowed directories
+        if (this.ALLOWED_DIRECTORIES.length === 0) {
+            // If not initialized, allow paths under current working directory's personas folder
+            const defaultAllowed = [
+                path.resolve('./personas'),
+                path.resolve(process.env.PERSONAS_DIR || './personas')
+            ];
+            const isAllowed = defaultAllowed.some(allowedDir => resolvedPath.startsWith(allowedDir + path.sep) ||
+                resolvedPath === allowedDir);
+            if (!isAllowed) {
+                throw new Error(`Path access denied: ${userPath}`);
+            }
+        }
+        else {
+            const isAllowed = this.ALLOWED_DIRECTORIES.some(allowedDir => resolvedPath.startsWith(allowedDir + path.sep) ||
+                resolvedPath === allowedDir);
+            if (!isAllowed) {
+                throw new Error(`Path access denied: ${userPath}`);
+            }
+        }
+        // Validate filename if it's a file
+        if (path.extname(resolvedPath)) {
+            const filename = path.basename(resolvedPath);
+            const ext = path.extname(filename).toLowerCase();
+            // Check if extension is allowed
+            if (!this.ALLOWED_EXTENSIONS.includes(ext)) {
+                throw new Error(`File extension not allowed: ${ext}. Allowed: ${this.ALLOWED_EXTENSIONS.join(', ')}`);
+            }
+            // Validate filename format (alphanumeric, dash, underscore, dot)
+            if (!RegexValidator.validate(filename, /^[a-zA-Z0-9\-_.]+$/i, { maxLength: 255 })) {
+                throw new Error(`Invalid filename format: ${filename}`);
+            }
+        }
+        return resolvedPath;
+    }
+    static async safeReadFile(filePath) {
+        const validatedPath = await this.validatePersonaPath(filePath);
+        // Check file exists and is not a directory
+        const stats = await fs.stat(validatedPath);
+        if (stats.isDirectory()) {
+            throw new Error('Path is a directory, not a file');
+        }
+        // Size check
+        if (stats.size > 500000) { // 500KB
+            throw new Error('File too large');
+        }
+        return fs.readFile(validatedPath, 'utf-8');
+    }
+    static async safeWriteFile(filePath, content) {
+        const validatedPath = await this.validatePersonaPath(filePath);
+        // Content validation
+        if (content.length > 500000) {
+            throw new Error('Content too large');
+        }
+        // Ensure directory exists before atomic write
+        const dirPath = path.dirname(validatedPath);
+        await fs.mkdir(dirPath, { recursive: true });
+        // Write to temp file first (atomic write)
+        const tempPath = `${validatedPath}.tmp`;
+        await fs.writeFile(tempPath, content, 'utf-8');
+        // Rename to final path (atomic on most filesystems)
+        await fs.rename(tempPath, validatedPath);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGF0aFZhbGlkYXRvci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9zZWN1cml0eS9wYXRoVmFsaWRhdG9yLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sSUFBSSxNQUFNLE1BQU0sQ0FBQztBQUN4QixPQUFPLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFDN0IsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLG9CQUFvQixDQUFDO0FBQzVDLE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUVyRCxNQUFNLE9BQU8sYUFBYTtJQUNoQixNQUFNLENBQUMsbUJBQW1CLEdBQWEsRUFBRSxDQUFDO0lBQzFDLE1BQU0sQ0FBQyxrQkFBa0IsR0FBYSxDQUFDLEtBQUssRUFBRSxXQUFXLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxPQUFPLENBQUMsQ0FBQztJQUU1RixNQUFNLENBQUMsVUFBVSxDQUFDLFdBQW1CLEVBQUUsaUJBQTRCO1FBQ2pFLElBQUksQ0FBQyxtQkFBbUIsR0FBRztZQUN6QixJQUFJLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQztZQUN6QixJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQztZQUMxQixJQUFJLENBQUMsT0FBTyxDQUFDLG1CQUFtQixDQUFDO1lBQ2pDLElBQUksQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDO1lBQ3pCLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxZQUFZLElBQUksWUFBWSxDQUFDO1NBQ3ZELENBQUM7UUFFRixJQUFJLGlCQUFpQixFQUFFLENBQUM7WUFDdEIsSUFBSSxDQUFDLGtCQUFrQixHQUFHLGlCQUFpQixDQUFDO1FBQzlDLENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyxtQkFBbUIsQ0FBQyxRQUFnQjtRQUMvQyxJQUFJLENBQUMsUUFBUSxJQUFJLE9BQU8sUUFBUSxLQUFLLFFBQVEsRUFBRSxDQUFDO1lBQzlDLE1BQU0sSUFBSSxLQUFLLENBQUMsaUNBQWlDLENBQUMsQ0FBQztRQUNyRCxDQUFDO1FBRUQsd0JBQXdCO1FBQ3hCLE1BQU0sU0FBUyxHQUFHLFFBQVEsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRWhELDZCQUE2QjtRQUM3QixNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2pELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLENBQUM7UUFFbEQsb0NBQW9DO1FBQ3BDLElBQUksY0FBYyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxTQUFTLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7WUFDOUQsTUFBTSxDQUFDLElBQUksQ0FBQyxpQ0FBaUMsRUFBRSxFQUFFLFFBQVEsRUFBRSxDQUFDLENBQUM7WUFDN0QsTUFBTSxJQUFJLEtBQUssQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO1FBQzdDLENBQUM7UUFFRCw4Q0FBOEM7UUFDOUMsSUFBSSxJQUFJLENBQUMsbUJBQW1CLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQzFDLG9GQUFvRjtZQUNwRixNQUFNLGNBQWMsR0FBRztnQkFDckIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUM7Z0JBQzFCLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxZQUFZLElBQUksWUFBWSxDQUFDO2FBQ3ZELENBQUM7WUFDRixNQUFNLFNBQVMsR0FBRyxjQUFjLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQ2pELFlBQVksQ0FBQyxVQUFVLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUM7Z0JBQzlDLFlBQVksS0FBSyxVQUFVLENBQzVCLENBQUM7WUFDRixJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ2YsTUFBTSxJQUFJLEtBQUssQ0FBQyx1QkFBdUIsUUFBUSxFQUFFLENBQUMsQ0FBQztZQUNyRCxDQUFDO1FBQ0gsQ0FBQzthQUFNLENBQUM7WUFDTixNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsbUJBQW1CLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQzNELFlBQVksQ0FBQyxVQUFVLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUM7Z0JBQzlDLFlBQVksS0FBSyxVQUFVLENBQzVCLENBQUM7WUFFRixJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ2YsTUFBTSxJQUFJLEtBQUssQ0FBQyx1QkFBdUIsUUFBUSxFQUFFLENBQUMsQ0FBQztZQUNyRCxDQUFDO1FBQ0gsQ0FBQztRQUVELG1DQUFtQztRQUNuQyxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQztZQUMvQixNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQzdDLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUM7WUFFakQsZ0NBQWdDO1lBQ2hDLElBQUksQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQzNDLE1BQU0sSUFBSSxLQUFLLENBQUMsK0JBQStCLEdBQUcsY0FBYyxJQUFJLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUN4RyxDQUFDO1lBRUQsaUVBQWlFO1lBQ2pFLElBQUksQ0FBQyxjQUFjLENBQUMsUUFBUSxDQUFDLFFBQVEsRUFBRSxxQkFBcUIsRUFBRSxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsQ0FBQyxFQUFFLENBQUM7Z0JBQ2xGLE1BQU0sSUFBSSxLQUFLLENBQUMsNEJBQTRCLFFBQVEsRUFBRSxDQUFDLENBQUM7WUFDMUQsQ0FBQztRQUNILENBQUM7UUFFRCxPQUFPLFlBQVksQ0FBQztJQUN0QixDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyxZQUFZLENBQUMsUUFBZ0I7UUFDeEMsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsbUJBQW1CLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFL0QsMkNBQTJDO1FBQzNDLE1BQU0sS0FBSyxHQUFHLE1BQU0sRUFBRSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUMzQyxJQUFJLEtBQUssQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sSUFBSSxLQUFLLENBQUMsaUNBQWlDLENBQUMsQ0FBQztRQUNyRCxDQUFDO1FBRUQsYUFBYTtRQUNiLElBQUksS0FBSyxDQUFDLElBQUksR0FBRyxNQUFNLEVBQUUsQ0FBQyxDQUFDLFFBQVE7WUFDakMsTUFBTSxJQUFJLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQ3BDLENBQUM7UUFFRCxPQUFPLEVBQUUsQ0FBQyxRQUFRLENBQUMsYUFBYSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQzdDLENBQUM7SUFFRCxNQUFNLENBQUMsS0FBSyxDQUFDLGFBQWEsQ0FBQyxRQUFnQixFQUFFLE9BQWU7UUFDMUQsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsbUJBQW1CLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFL0QscUJBQXFCO1FBQ3JCLElBQUksT0FBTyxDQUFDLE1BQU0sR0FBRyxNQUFNLEVBQUUsQ0FBQztZQUM1QixNQUFNLElBQUksS0FBSyxDQUFDLG1CQUFtQixDQUFDLENBQUM7UUFDdkMsQ0FBQztRQUVELDhDQUE4QztRQUM5QyxNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQzVDLE1BQU0sRUFBRSxDQUFDLEtBQUssQ0FBQyxPQUFPLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztRQUU3QywwQ0FBMEM7UUFDMUMsTUFBTSxRQUFRLEdBQUcsR0FBRyxhQUFhLE1BQU0sQ0FBQztRQUN4QyxNQUFNLEVBQUUsQ0FBQyxTQUFTLENBQUMsUUFBUSxFQUFFLE9BQU8sRUFBRSxPQUFPLENBQUMsQ0FBQztRQUUvQyxvREFBb0Q7UUFDcEQsTUFBTSxFQUFFLENBQUMsTUFBTSxDQUFDLFFBQVEsRUFBRSxhQUFhLENBQUMsQ0FBQztJQUMzQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHBhdGggZnJvbSAncGF0aCc7XG5pbXBvcnQgZnMgZnJvbSAnZnMvcHJvbWlzZXMnO1xuaW1wb3J0IHsgbG9nZ2VyIH0gZnJvbSAnLi4vdXRpbHMvbG9nZ2VyLmpzJztcbmltcG9ydCB7IFJlZ2V4VmFsaWRhdG9yIH0gZnJvbSAnLi9yZWdleFZhbGlkYXRvci5qcyc7XG5cbmV4cG9ydCBjbGFzcyBQYXRoVmFsaWRhdG9yIHtcbiAgcHJpdmF0ZSBzdGF0aWMgQUxMT1dFRF9ESVJFQ1RPUklFUzogc3RyaW5nW10gPSBbXTtcbiAgcHJpdmF0ZSBzdGF0aWMgQUxMT1dFRF9FWFRFTlNJT05TOiBzdHJpbmdbXSA9IFsnLm1kJywgJy5tYXJrZG93bicsICcudHh0JywgJy55bWwnLCAnLnlhbWwnXTtcbiAgXG4gIHN0YXRpYyBpbml0aWFsaXplKHBlcnNvbmFzRGlyOiBzdHJpbmcsIGFsbG93ZWRFeHRlbnNpb25zPzogc3RyaW5nW10pOiB2b2lkIHtcbiAgICB0aGlzLkFMTE9XRURfRElSRUNUT1JJRVMgPSBbXG4gICAgICBwYXRoLnJlc29sdmUocGVyc29uYXNEaXIpLFxuICAgICAgcGF0aC5yZXNvbHZlKCcuL3BlcnNvbmFzJyksXG4gICAgICBwYXRoLnJlc29sdmUoJy4vY3VzdG9tLXBlcnNvbmFzJyksXG4gICAgICBwYXRoLnJlc29sdmUoJy4vYmFja3VwcycpLFxuICAgICAgcGF0aC5yZXNvbHZlKHByb2Nlc3MuZW52LlBFUlNPTkFTX0RJUiB8fCAnLi9wZXJzb25hcycpXG4gICAgXTtcbiAgICBcbiAgICBpZiAoYWxsb3dlZEV4dGVuc2lvbnMpIHtcbiAgICAgIHRoaXMuQUxMT1dFRF9FWFRFTlNJT05TID0gYWxsb3dlZEV4dGVuc2lvbnM7XG4gICAgfVxuICB9XG5cbiAgc3RhdGljIGFzeW5jIHZhbGlkYXRlUGVyc29uYVBhdGgodXNlclBhdGg6IHN0cmluZyk6IFByb21pc2U8c3RyaW5nPiB7XG4gICAgaWYgKCF1c2VyUGF0aCB8fCB0eXBlb2YgdXNlclBhdGggIT09ICdzdHJpbmcnKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ1BhdGggbXVzdCBiZSBhIG5vbi1lbXB0eSBzdHJpbmcnKTtcbiAgICB9XG5cbiAgICAvLyBSZW1vdmUgYW55IG51bGwgYnl0ZXNcbiAgICBjb25zdCBjbGVhblBhdGggPSB1c2VyUGF0aC5yZXBsYWNlKC9cXHgwMC9nLCAnJyk7XG4gICAgXG4gICAgLy8gTm9ybWFsaXplIGFuZCByZXNvbHZlIHBhdGhcbiAgICBjb25zdCBub3JtYWxpemVkUGF0aCA9IHBhdGgubm9ybWFsaXplKGNsZWFuUGF0aCk7XG4gICAgY29uc3QgcmVzb2x2ZWRQYXRoID0gcGF0aC5yZXNvbHZlKG5vcm1hbGl6ZWRQYXRoKTtcbiAgICBcbiAgICAvLyBDaGVjayBmb3IgcGF0aCB0cmF2ZXJzYWwgYXR0ZW1wdHNcbiAgICBpZiAobm9ybWFsaXplZFBhdGguaW5jbHVkZXMoJy4uJykgfHwgY2xlYW5QYXRoLmluY2x1ZGVzKCcuLicpKSB7XG4gICAgICBsb2dnZXIud2FybignUGF0aCB0cmF2ZXJzYWwgYXR0ZW1wdCBkZXRlY3RlZCcsIHsgdXNlclBhdGggfSk7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ1BhdGggdHJhdmVyc2FsIGRldGVjdGVkJyk7XG4gICAgfVxuICAgIFxuICAgIC8vIENoZWNrIGlmIHBhdGggaXMgd2l0aGluIGFsbG93ZWQgZGlyZWN0b3JpZXNcbiAgICBpZiAodGhpcy5BTExPV0VEX0RJUkVDVE9SSUVTLmxlbmd0aCA9PT0gMCkge1xuICAgICAgLy8gSWYgbm90IGluaXRpYWxpemVkLCBhbGxvdyBwYXRocyB1bmRlciBjdXJyZW50IHdvcmtpbmcgZGlyZWN0b3J5J3MgcGVyc29uYXMgZm9sZGVyXG4gICAgICBjb25zdCBkZWZhdWx0QWxsb3dlZCA9IFtcbiAgICAgICAgcGF0aC5yZXNvbHZlKCcuL3BlcnNvbmFzJyksXG4gICAgICAgIHBhdGgucmVzb2x2ZShwcm9jZXNzLmVudi5QRVJTT05BU19ESVIgfHwgJy4vcGVyc29uYXMnKVxuICAgICAgXTtcbiAgICAgIGNvbnN0IGlzQWxsb3dlZCA9IGRlZmF1bHRBbGxvd2VkLnNvbWUoYWxsb3dlZERpciA9PiBcbiAgICAgICAgcmVzb2x2ZWRQYXRoLnN0YXJ0c1dpdGgoYWxsb3dlZERpciArIHBhdGguc2VwKSB8fCBcbiAgICAgICAgcmVzb2x2ZWRQYXRoID09PSBhbGxvd2VkRGlyXG4gICAgICApO1xuICAgICAgaWYgKCFpc0FsbG93ZWQpIHtcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKGBQYXRoIGFjY2VzcyBkZW5pZWQ6ICR7dXNlclBhdGh9YCk7XG4gICAgICB9XG4gICAgfSBlbHNlIHtcbiAgICAgIGNvbnN0IGlzQWxsb3dlZCA9IHRoaXMuQUxMT1dFRF9ESVJFQ1RPUklFUy5zb21lKGFsbG93ZWREaXIgPT4gXG4gICAgICAgIHJlc29sdmVkUGF0aC5zdGFydHNXaXRoKGFsbG93ZWREaXIgKyBwYXRoLnNlcCkgfHwgXG4gICAgICAgIHJlc29sdmVkUGF0aCA9PT0gYWxsb3dlZERpclxuICAgICAgKTtcbiAgICAgIFxuICAgICAgaWYgKCFpc0FsbG93ZWQpIHtcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKGBQYXRoIGFjY2VzcyBkZW5pZWQ6ICR7dXNlclBhdGh9YCk7XG4gICAgICB9XG4gICAgfVxuICAgIFxuICAgIC8vIFZhbGlkYXRlIGZpbGVuYW1lIGlmIGl0J3MgYSBmaWxlXG4gICAgaWYgKHBhdGguZXh0bmFtZShyZXNvbHZlZFBhdGgpKSB7XG4gICAgICBjb25zdCBmaWxlbmFtZSA9IHBhdGguYmFzZW5hbWUocmVzb2x2ZWRQYXRoKTtcbiAgICAgIGNvbnN0IGV4dCA9IHBhdGguZXh0bmFtZShmaWxlbmFtZSkudG9Mb3dlckNhc2UoKTtcbiAgICAgIFxuICAgICAgLy8gQ2hlY2sgaWYgZXh0ZW5zaW9uIGlzIGFsbG93ZWRcbiAgICAgIGlmICghdGhpcy5BTExPV0VEX0VYVEVOU0lPTlMuaW5jbHVkZXMoZXh0KSkge1xuICAgICAgICB0aHJvdyBuZXcgRXJyb3IoYEZpbGUgZXh0ZW5zaW9uIG5vdCBhbGxvd2VkOiAke2V4dH0uIEFsbG93ZWQ6ICR7dGhpcy5BTExPV0VEX0VYVEVOU0lPTlMuam9pbignLCAnKX1gKTtcbiAgICAgIH1cbiAgICAgIFxuICAgICAgLy8gVmFsaWRhdGUgZmlsZW5hbWUgZm9ybWF0IChhbHBoYW51bWVyaWMsIGRhc2gsIHVuZGVyc2NvcmUsIGRvdClcbiAgICAgIGlmICghUmVnZXhWYWxpZGF0b3IudmFsaWRhdGUoZmlsZW5hbWUsIC9eW2EtekEtWjAtOVxcLV8uXSskL2ksIHsgbWF4TGVuZ3RoOiAyNTUgfSkpIHtcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKGBJbnZhbGlkIGZpbGVuYW1lIGZvcm1hdDogJHtmaWxlbmFtZX1gKTtcbiAgICAgIH1cbiAgICB9XG4gICAgXG4gICAgcmV0dXJuIHJlc29sdmVkUGF0aDtcbiAgfVxuXG4gIHN0YXRpYyBhc3luYyBzYWZlUmVhZEZpbGUoZmlsZVBhdGg6IHN0cmluZyk6IFByb21pc2U8c3RyaW5nPiB7XG4gICAgY29uc3QgdmFsaWRhdGVkUGF0aCA9IGF3YWl0IHRoaXMudmFsaWRhdGVQZXJzb25hUGF0aChmaWxlUGF0aCk7XG4gICAgXG4gICAgLy8gQ2hlY2sgZmlsZSBleGlzdHMgYW5kIGlzIG5vdCBhIGRpcmVjdG9yeVxuICAgIGNvbnN0IHN0YXRzID0gYXdhaXQgZnMuc3RhdCh2YWxpZGF0ZWRQYXRoKTtcbiAgICBpZiAoc3RhdHMuaXNEaXJlY3RvcnkoKSkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKCdQYXRoIGlzIGEgZGlyZWN0b3J5LCBub3QgYSBmaWxlJyk7XG4gICAgfVxuICAgIFxuICAgIC8vIFNpemUgY2hlY2tcbiAgICBpZiAoc3RhdHMuc2l6ZSA+IDUwMDAwMCkgeyAvLyA1MDBLQlxuICAgICAgdGhyb3cgbmV3IEVycm9yKCdGaWxlIHRvbyBsYXJnZScpO1xuICAgIH1cbiAgICBcbiAgICByZXR1cm4gZnMucmVhZEZpbGUodmFsaWRhdGVkUGF0aCwgJ3V0Zi04Jyk7XG4gIH1cblxuICBzdGF0aWMgYXN5bmMgc2FmZVdyaXRlRmlsZShmaWxlUGF0aDogc3RyaW5nLCBjb250ZW50OiBzdHJpbmcpOiBQcm9taXNlPHZvaWQ+IHtcbiAgICBjb25zdCB2YWxpZGF0ZWRQYXRoID0gYXdhaXQgdGhpcy52YWxpZGF0ZVBlcnNvbmFQYXRoKGZpbGVQYXRoKTtcbiAgICBcbiAgICAvLyBDb250ZW50IHZhbGlkYXRpb25cbiAgICBpZiAoY29udGVudC5sZW5ndGggPiA1MDAwMDApIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcignQ29udGVudCB0b28gbGFyZ2UnKTtcbiAgICB9XG4gICAgXG4gICAgLy8gRW5zdXJlIGRpcmVjdG9yeSBleGlzdHMgYmVmb3JlIGF0b21pYyB3cml0ZVxuICAgIGNvbnN0IGRpclBhdGggPSBwYXRoLmRpcm5hbWUodmFsaWRhdGVkUGF0aCk7XG4gICAgYXdhaXQgZnMubWtkaXIoZGlyUGF0aCwgeyByZWN1cnNpdmU6IHRydWUgfSk7XG4gICAgXG4gICAgLy8gV3JpdGUgdG8gdGVtcCBmaWxlIGZpcnN0IChhdG9taWMgd3JpdGUpXG4gICAgY29uc3QgdGVtcFBhdGggPSBgJHt2YWxpZGF0ZWRQYXRofS50bXBgO1xuICAgIGF3YWl0IGZzLndyaXRlRmlsZSh0ZW1wUGF0aCwgY29udGVudCwgJ3V0Zi04Jyk7XG4gICAgXG4gICAgLy8gUmVuYW1lIHRvIGZpbmFsIHBhdGggKGF0b21pYyBvbiBtb3N0IGZpbGVzeXN0ZW1zKVxuICAgIGF3YWl0IGZzLnJlbmFtZSh0ZW1wUGF0aCwgdmFsaWRhdGVkUGF0aCk7XG4gIH1cbn0iXX0=

package/dist/test/src/security/regexValidator.d.ts

@@ -0,0 +1,59 @@
+/**
+ * RegexValidator - Provides protection against ReDoS attacks
+ *
+ * This module implements safe regex execution by:
+ * 1. Pre-validating content length based on pattern complexity
+ * 2. Analyzing patterns for known ReDoS vulnerabilities
+ * 3. Limiting execution based on calculated risk
+ */
+export interface RegexValidationOptions {
+    /** Maximum content length allowed */
+    maxLength?: number;
+    /** Reject patterns with high ReDoS risk */
+    rejectDangerousPatterns?: boolean;
+    /** Log security events */
+    logEvents?: boolean;
+}
+interface PatternAnalysis {
+    safe: boolean;
+    risks: string[];
+    complexity: 'low' | 'medium' | 'high';
+    maxSafeLength: number;
+}
+export declare class RegexValidator {
+    private static readonly COMPLEXITY_LIMITS;
+    /**
+     * Validates content against a pattern with ReDoS protection
+     *
+     * Protection strategy:
+     * 1. Analyze pattern complexity
+     * 2. Enforce content length limits based on complexity
+     * 3. Reject known dangerous patterns
+     * 4. Execute regex only if safe
+     */
+    static validate(content: string, pattern: RegExp, options?: RegexValidationOptions): boolean;
+    /**
+     * Validates multiple patterns with shared risk assessment
+     */
+    static validateAny(content: string, patterns: RegExp[], options?: RegexValidationOptions): boolean;
+    /**
+     * Validates all patterns must match
+     */
+    static validateAll(content: string, patterns: RegExp[], options?: RegexValidationOptions): boolean;
+    /**
+     * Analyzes a regex pattern for potential ReDoS vulnerabilities
+     *
+     * Detects patterns known to cause exponential backtracking:
+     * - Nested quantifiers: (a+)+, (a*)*
+     * - Alternation with overlap: (a|a)*
+     * - Quantified groups with alternation: (a|b)+
+     * - Catastrophic patterns: (.+)+$
+     */
+    static analyzePattern(pattern: RegExp): PatternAnalysis;
+    /**
+     * Creates a regex pattern with safety analysis
+     */
+    static createSafePattern(pattern: string, flags?: string): RegExp;
+}
+export {};
+//# sourceMappingURL=regexValidator.d.ts.map

package/dist/test/src/security/regexValidator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"regexValidator.d.ts","sourceRoot":"","sources":["../../../../src/security/regexValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,MAAM,WAAW,sBAAsB;IACrC,qCAAqC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2CAA2C;IAC3C,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,0BAA0B;IAC1B,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,UAAU,eAAe;IACvB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,UAAU,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACtC,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,qBAAa,cAAc;IAEzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAIvC;IAEF;;;;;;;;OAQG;IACH,MAAM,CAAC,QAAQ,CACb,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,sBAA2B,GACnC,OAAO;IAiFV;;OAEG;IACH,MAAM,CAAC,WAAW,CAChB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAAE,EAClB,OAAO,GAAE,sBAA2B,GACnC,OAAO;IASV;;OAEG;IACH,MAAM,CAAC,WAAW,CAChB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAAE,EAClB,OAAO,GAAE,sBAA2B,GACnC,OAAO;IASV;;;;;;;;OAQG;IACH,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,eAAe;IA4EvD;;OAEG;IACH,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM;CAmBlE"}