@dollhousemcp/mcp-server 1.4.4 → 1.5.0

package/dist/test/src/security/fileLockManager.js

@@ -1,187 +0,0 @@
-import { logger } from '../utils/logger.js';
-import * as fs from 'fs/promises';
-import * as path from 'path';
-import { randomBytes } from 'crypto';
-/**
- * FileLockManager - Prevents race conditions in concurrent file operations
- *
- * Features:
- * - Resource-based locking with automatic cleanup
- * - Configurable timeouts to prevent deadlocks
- * - Atomic file operations with write-rename pattern
- * - Lock queueing for concurrent requests
- * - Comprehensive error handling and logging
- * - Performance metrics tracking
- */
-export class FileLockManager {
-    // Map of resource identifiers to their lock promises
-    static locks = new Map();
-    // Lock acquisition metrics for monitoring
-    static metrics = {
-        totalLockRequests: 0,
-        lockWaitTime: new Map(),
-        lockTimeouts: 0,
-        concurrentWaits: 0
-    };
-    // Default timeout for lock operations (10 seconds)
-    static DEFAULT_TIMEOUT_MS = 10000;
-    // Temporary file directory
-    static TEMP_DIR = '.tmp';
-    /**
-     * Execute an operation with exclusive lock on a resource
-     * @param resource - Unique identifier for the resource (e.g., 'persona:name')
-     * @param operation - Async function to execute while holding the lock
-     * @param options - Lock options including timeout
-     * @returns Result of the operation
-     */
-    static async withLock(resource, operation, options = {}) {
-        const startTime = Date.now();
-        this.metrics.totalLockRequests++;
-        logger.debug(`Lock requested for resource: ${resource}`);
-        // Wait for any existing operation on this resource
-        const existingLock = this.locks.get(resource);
-        if (existingLock) {
-            this.metrics.concurrentWaits++;
-            logger.debug(`Waiting for existing lock on: ${resource}`);
-            try {
-                await existingLock;
-            }
-            catch (error) {
-                // Previous operation failed, but we can proceed
-                logger.debug(`Previous operation on ${resource} failed, proceeding`);
-            }
-        }
-        // Create new lock for this operation
-        const timeout = options.timeout || this.DEFAULT_TIMEOUT_MS;
-        const lockPromise = this.executeWithTimeout(operation, timeout, resource);
-        this.locks.set(resource, lockPromise);
-        try {
-            const result = await lockPromise;
-            // Record metrics
-            const waitTime = Date.now() - startTime;
-            if (!this.metrics.lockWaitTime.has(resource)) {
-                this.metrics.lockWaitTime.set(resource, []);
-            }
-            this.metrics.lockWaitTime.get(resource).push(waitTime);
-            logger.debug(`Lock released for resource: ${resource} (${waitTime}ms)`);
-            return result;
-        }
-        finally {
-            // Clean up lock atomically - compare and delete in one operation
-            const currentLock = this.locks.get(resource);
-            if (currentLock === lockPromise) {
-                this.locks.delete(resource);
-                logger.debug(`Lock queue cleaned up for resource: ${resource}`);
-            }
-        }
-    }
-    /**
-     * Execute operation with timeout protection
-     */
-    static async executeWithTimeout(operation, timeoutMs, resource) {
-        let timeoutHandle;
-        const timeoutPromise = new Promise((_, reject) => {
-            timeoutHandle = setTimeout(() => {
-                this.metrics.lockTimeouts++;
-                reject(new Error(`Lock operation timeout for resource: ${resource}`));
-            }, timeoutMs);
-        });
-        try {
-            const result = await Promise.race([operation(), timeoutPromise]);
-            if (timeoutHandle)
-                clearTimeout(timeoutHandle);
-            return result;
-        }
-        catch (error) {
-            if (timeoutHandle)
-                clearTimeout(timeoutHandle);
-            throw error;
-        }
-    }
-    /**
-     * Perform atomic file write operation
-     * Writes to temporary file then renames to ensure atomicity
-     */
-    static async atomicWriteFile(filePath, content, options) {
-        const tempPath = await this.getTempFilePath(filePath);
-        const dir = path.dirname(tempPath);
-        try {
-            // Ensure temp directory exists
-            await fs.mkdir(dir, { recursive: true });
-            // Write to temporary file
-            await fs.writeFile(tempPath, content, options);
-            // Atomic rename (on same filesystem)
-            await fs.rename(tempPath, filePath);
-            logger.debug(`Atomic write completed: ${filePath}`);
-        }
-        catch (error) {
-            // Clean up temp file on error
-            try {
-                await fs.unlink(tempPath);
-                logger.debug(`Cleaned up temp file after error: ${tempPath}`);
-            }
-            catch (unlinkError) {
-                // Log cleanup failure but don't throw - original error is more important
-                logger.warn(`Failed to clean up temp file ${tempPath}: ${unlinkError}`);
-            }
-            throw error;
-        }
-    }
-    /**
-     * Perform atomic file read with lock
-     */
-    static async atomicReadFile(filePath, options) {
-        return this.withLock(`file:${filePath}`, async () => {
-            const content = await fs.readFile(filePath, options);
-            return content.toString();
-        });
-    }
-    /**
-     * Generate temporary file path for atomic operations
-     */
-    static async getTempFilePath(originalPath) {
-        const dir = path.dirname(originalPath);
-        const basename = path.basename(originalPath);
-        const random = randomBytes(8).toString('hex');
-        return path.join(dir, this.TEMP_DIR, `${basename}.${random}.tmp`);
-    }
-    /**
-     * Get lock metrics for monitoring
-     */
-    static getMetrics() {
-        const avgWaitTimes = new Map();
-        for (const [resource, times] of this.metrics.lockWaitTime.entries()) {
-            if (times.length > 0) {
-                const avg = times.reduce((a, b) => a + b, 0) / times.length;
-                avgWaitTimes.set(resource, Math.round(avg));
-            }
-        }
-        return {
-            totalRequests: this.metrics.totalLockRequests,
-            activeLocksCount: this.locks.size,
-            timeouts: this.metrics.lockTimeouts,
-            concurrentWaits: this.metrics.concurrentWaits,
-            avgWaitTimeByResource: Object.fromEntries(avgWaitTimes),
-            activeLocks: Array.from(this.locks.keys())
-        };
-    }
-    /**
-     * Clear all locks (use with caution - mainly for testing)
-     */
-    static clearAllLocks() {
-        this.locks.clear();
-        logger.warn('All file locks cleared - use only for testing/recovery');
-    }
-    /**
-     * Reset metrics
-     */
-    static resetMetrics() {
-        this.metrics = {
-            totalLockRequests: 0,
-            lockWaitTime: new Map(),
-            lockTimeouts: 0,
-            concurrentWaits: 0
-        };
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZmlsZUxvY2tNYW5hZ2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3NlY3VyaXR5L2ZpbGVMb2NrTWFuYWdlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sb0JBQW9CLENBQUM7QUFDNUMsT0FBTyxLQUFLLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFDbEMsT0FBTyxLQUFLLElBQUksTUFBTSxNQUFNLENBQUM7QUFDN0IsT0FBTyxFQUFFLFdBQVcsRUFBRSxNQUFNLFFBQVEsQ0FBQztBQUVyQzs7Ozs7Ozs7OztHQVVHO0FBQ0gsTUFBTSxPQUFPLGVBQWU7SUFDMUIscURBQXFEO0lBQzdDLE1BQU0sQ0FBQyxLQUFLLEdBQUcsSUFBSSxHQUFHLEVBQXdCLENBQUM7SUFFdkQsMENBQTBDO0lBQ2xDLE1BQU0sQ0FBQyxPQUFPLEdBQUc7UUFDdkIsaUJBQWlCLEVBQUUsQ0FBQztRQUNwQixZQUFZLEVBQUUsSUFBSSxHQUFHLEVBQW9CO1FBQ3pDLFlBQVksRUFBRSxDQUFDO1FBQ2YsZUFBZSxFQUFFLENBQUM7S0FDbkIsQ0FBQztJQUVGLG1EQUFtRDtJQUMzQyxNQUFNLENBQVUsa0JBQWtCLEdBQUcsS0FBSyxDQUFDO0lBRW5ELDJCQUEyQjtJQUNuQixNQUFNLENBQVUsUUFBUSxHQUFHLE1BQU0sQ0FBQztJQUUxQzs7Ozs7O09BTUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FDbkIsUUFBZ0IsRUFDaEIsU0FBMkIsRUFDM0IsVUFBZ0MsRUFBRTtRQUVsQyxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDN0IsSUFBSSxDQUFDLE9BQU8sQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1FBRWpDLE1BQU0sQ0FBQyxLQUFLLENBQUMsZ0NBQWdDLFFBQVEsRUFBRSxDQUFDLENBQUM7UUFFekQsbURBQW1EO1FBQ25ELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzlDLElBQUksWUFBWSxFQUFFLENBQUM7WUFDakIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUMvQixNQUFNLENBQUMsS0FBSyxDQUFDLGlDQUFpQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1lBRTFELElBQUksQ0FBQztnQkFDSCxNQUFNLFlBQVksQ0FBQztZQUNyQixDQUFDO1lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztnQkFDZixnREFBZ0Q7Z0JBQ2hELE1BQU0sQ0FBQyxLQUFLLENBQUMseUJBQXlCLFFBQVEscUJBQXFCLENBQUMsQ0FBQztZQUN2RSxDQUFDO1FBQ0gsQ0FBQztRQUVELHFDQUFxQztRQUNyQyxNQUFNLE9BQU8sR0FBRyxPQUFPLENBQUMsT0FBTyxJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQztRQUMzRCxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUMsU0FBUyxFQUFFLE9BQU8sRUFBRSxRQUFRLENBQUMsQ0FBQztRQUMxRSxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxRQUFRLEVBQUUsV0FBVyxDQUFDLENBQUM7UUFFdEMsSUFBSSxDQUFDO1lBQ0gsTUFBTSxNQUFNLEdBQUcsTUFBTSxXQUFXLENBQUM7WUFFakMsaUJBQWlCO1lBQ2pCLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxTQUFTLENBQUM7WUFDeEMsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO2dCQUM3QyxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQzlDLENBQUM7WUFDRCxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFFLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBRXhELE1BQU0sQ0FBQyxLQUFLLENBQUMsK0JBQStCLFFBQVEsS0FBSyxRQUFRLEtBQUssQ0FBQyxDQUFDO1lBQ3hFLE9BQU8sTUFBTSxDQUFDO1FBQ2hCLENBQUM7Z0JBQVMsQ0FBQztZQUNULGlFQUFpRTtZQUNqRSxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUM3QyxJQUFJLFdBQVcsS0FBSyxXQUFXLEVBQUUsQ0FBQztnQkFDaEMsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7Z0JBQzVCLE1BQU0sQ0FBQyxLQUFLLENBQUMsdUNBQXVDLFFBQVEsRUFBRSxDQUFDLENBQUM7WUFDbEUsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxNQUFNLENBQUMsS0FBSyxDQUFDLGtCQUFrQixDQUNyQyxTQUEyQixFQUMzQixTQUFpQixFQUNqQixRQUFnQjtRQUVoQixJQUFJLGFBQXlDLENBQUM7UUFFOUMsTUFBTSxjQUFjLEdBQUcsSUFBSSxPQUFPLENBQVEsQ0FBQyxDQUFDLEVBQUUsTUFBTSxFQUFFLEVBQUU7WUFDdEQsYUFBYSxHQUFHLFVBQVUsQ0FBQyxHQUFHLEVBQUU7Z0JBQzlCLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxFQUFFLENBQUM7Z0JBQzVCLE1BQU0sQ0FBQyxJQUFJLEtBQUssQ0FBQyx3Q0FBd0MsUUFBUSxFQUFFLENBQUMsQ0FBQyxDQUFDO1lBQ3hFLENBQUMsRUFBRSxTQUFTLENBQUMsQ0FBQztRQUNoQixDQUFDLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQztZQUNILE1BQU0sTUFBTSxHQUFHLE1BQU0sT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDLFNBQVMsRUFBRSxFQUFFLGNBQWMsQ0FBQyxDQUFDLENBQUM7WUFDakUsSUFBSSxhQUFhO2dCQUFFLFlBQVksQ0FBQyxhQUFhLENBQUMsQ0FBQztZQUMvQyxPQUFPLE1BQU0sQ0FBQztRQUNoQixDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLElBQUksYUFBYTtnQkFBRSxZQUFZLENBQUMsYUFBYSxDQUFDLENBQUM7WUFDL0MsTUFBTSxLQUFLLENBQUM7UUFDZCxDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7T0FHRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUMxQixRQUFnQixFQUNoQixPQUFlLEVBQ2YsT0FBdUM7UUFFdkMsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFbkMsSUFBSSxDQUFDO1lBQ0gsK0JBQStCO1lBQy9CLE1BQU0sRUFBRSxDQUFDLEtBQUssQ0FBQyxHQUFHLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztZQUV6QywwQkFBMEI7WUFDMUIsTUFBTSxFQUFFLENBQUMsU0FBUyxDQUFDLFFBQVEsRUFBRSxPQUFPLEVBQUUsT0FBTyxDQUFDLENBQUM7WUFFL0MscUNBQXFDO1lBQ3JDLE1BQU0sRUFBRSxDQUFDLE1BQU0sQ0FBQyxRQUFRLEVBQUUsUUFBUSxDQUFDLENBQUM7WUFFcEMsTUFBTSxDQUFDLEtBQUssQ0FBQywyQkFBMkIsUUFBUSxFQUFFLENBQUMsQ0FBQztRQUN0RCxDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLDhCQUE4QjtZQUM5QixJQUFJLENBQUM7Z0JBQ0gsTUFBTSxFQUFFLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDO2dCQUMxQixNQUFNLENBQUMsS0FBSyxDQUFDLHFDQUFxQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1lBQ2hFLENBQUM7WUFBQyxPQUFPLFdBQVcsRUFBRSxDQUFDO2dCQUNyQix5RUFBeUU7Z0JBQ3pFLE1BQU0sQ0FBQyxJQUFJLENBQUMsZ0NBQWdDLFFBQVEsS0FBSyxXQUFXLEVBQUUsQ0FBQyxDQUFDO1lBQzFFLENBQUM7WUFDRCxNQUFNLEtBQUssQ0FBQztRQUNkLENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLGNBQWMsQ0FDekIsUUFBZ0IsRUFDaEIsT0FBdUM7UUFFdkMsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsUUFBUSxFQUFFLEVBQUUsS0FBSyxJQUFJLEVBQUU7WUFDbEQsTUFBTSxPQUFPLEdBQUcsTUFBTSxFQUFFLENBQUMsUUFBUSxDQUFDLFFBQVEsRUFBRSxPQUFPLENBQUMsQ0FBQztZQUNyRCxPQUFPLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUM1QixDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRDs7T0FFRztJQUNLLE1BQU0sQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUFDLFlBQW9CO1FBQ3ZELE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDdkMsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUM3QyxNQUFNLE1BQU0sR0FBRyxXQUFXLENBQUMsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzlDLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLFFBQVEsRUFBRSxHQUFHLFFBQVEsSUFBSSxNQUFNLE1BQU0sQ0FBQyxDQUFDO0lBQ3BFLENBQUM7SUFFRDs7T0FFRztJQUNILE1BQU0sQ0FBQyxVQUFVO1FBQ2YsTUFBTSxZQUFZLEdBQUcsSUFBSSxHQUFHLEVBQWtCLENBQUM7UUFDL0MsS0FBSyxNQUFNLENBQUMsUUFBUSxFQUFFLEtBQUssQ0FBQyxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7WUFDcEUsSUFBSSxLQUFLLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUNyQixNQUFNLEdBQUcsR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUMsR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDO2dCQUM1RCxZQUFZLENBQUMsR0FBRyxDQUFDLFFBQVEsRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7WUFDOUMsQ0FBQztRQUNILENBQUM7UUFFRCxPQUFPO1lBQ0wsYUFBYSxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsaUJBQWlCO1lBQzdDLGdCQUFnQixFQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSTtZQUNqQyxRQUFRLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZO1lBQ25DLGVBQWUsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLGVBQWU7WUFDN0MscUJBQXFCLEVBQUUsTUFBTSxDQUFDLFdBQVcsQ0FBQyxZQUFZLENBQUM7WUFDdkQsV0FBVyxFQUFFLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLEVBQUUsQ0FBQztTQUMzQyxDQUFDO0lBQ0osQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLGFBQWE7UUFDbEIsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUNuQixNQUFNLENBQUMsSUFBSSxDQUFDLHdEQUF3RCxDQUFDLENBQUM7SUFDeEUsQ0FBQztJQUVEOztPQUVHO0lBQ0gsTUFBTSxDQUFDLFlBQVk7UUFDakIsSUFBSSxDQUFDLE9BQU8sR0FBRztZQUNiLGlCQUFpQixFQUFFLENBQUM7WUFDcEIsWUFBWSxFQUFFLElBQUksR0FBRyxFQUFvQjtZQUN6QyxZQUFZLEVBQUUsQ0FBQztZQUNmLGVBQWUsRUFBRSxDQUFDO1NBQ25CLENBQUM7SUFDSixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgbG9nZ2VyIH0gZnJvbSAnLi4vdXRpbHMvbG9nZ2VyLmpzJztcbmltcG9ydCAqIGFzIGZzIGZyb20gJ2ZzL3Byb21pc2VzJztcbmltcG9ydCAqIGFzIHBhdGggZnJvbSAncGF0aCc7XG5pbXBvcnQgeyByYW5kb21CeXRlcyB9IGZyb20gJ2NyeXB0byc7XG5cbi8qKlxuICogRmlsZUxvY2tNYW5hZ2VyIC0gUHJldmVudHMgcmFjZSBjb25kaXRpb25zIGluIGNvbmN1cnJlbnQgZmlsZSBvcGVyYXRpb25zXG4gKiBcbiAqIEZlYXR1cmVzOlxuICogLSBSZXNvdXJjZS1iYXNlZCBsb2NraW5nIHdpdGggYXV0b21hdGljIGNsZWFudXBcbiAqIC0gQ29uZmlndXJhYmxlIHRpbWVvdXRzIHRvIHByZXZlbnQgZGVhZGxvY2tzXG4gKiAtIEF0b21pYyBmaWxlIG9wZXJhdGlvbnMgd2l0aCB3cml0ZS1yZW5hbWUgcGF0dGVyblxuICogLSBMb2NrIHF1ZXVlaW5nIGZvciBjb25jdXJyZW50IHJlcXVlc3RzXG4gKiAtIENvbXByZWhlbnNpdmUgZXJyb3IgaGFuZGxpbmcgYW5kIGxvZ2dpbmdcbiAqIC0gUGVyZm9ybWFuY2UgbWV0cmljcyB0cmFja2luZ1xuICovXG5leHBvcnQgY2xhc3MgRmlsZUxvY2tNYW5hZ2VyIHtcbiAgLy8gTWFwIG9mIHJlc291cmNlIGlkZW50aWZpZXJzIHRvIHRoZWlyIGxvY2sgcHJvbWlzZXNcbiAgcHJpdmF0ZSBzdGF0aWMgbG9ja3MgPSBuZXcgTWFwPHN0cmluZywgUHJvbWlzZTxhbnk+PigpO1xuICBcbiAgLy8gTG9jayBhY3F1aXNpdGlvbiBtZXRyaWNzIGZvciBtb25pdG9yaW5nXG4gIHByaXZhdGUgc3RhdGljIG1ldHJpY3MgPSB7XG4gICAgdG90YWxMb2NrUmVxdWVzdHM6IDAsXG4gICAgbG9ja1dhaXRUaW1lOiBuZXcgTWFwPHN0cmluZywgbnVtYmVyW10+KCksXG4gICAgbG9ja1RpbWVvdXRzOiAwLFxuICAgIGNvbmN1cnJlbnRXYWl0czogMFxuICB9O1xuXG4gIC8vIERlZmF1bHQgdGltZW91dCBmb3IgbG9jayBvcGVyYXRpb25zICgxMCBzZWNvbmRzKVxuICBwcml2YXRlIHN0YXRpYyByZWFkb25seSBERUZBVUxUX1RJTUVPVVRfTVMgPSAxMDAwMDtcbiAgXG4gIC8vIFRlbXBvcmFyeSBmaWxlIGRpcmVjdG9yeVxuICBwcml2YXRlIHN0YXRpYyByZWFkb25seSBURU1QX0RJUiA9ICcudG1wJztcblxuICAvKipcbiAgICogRXhlY3V0ZSBhbiBvcGVyYXRpb24gd2l0aCBleGNsdXNpdmUgbG9jayBvbiBhIHJlc291cmNlXG4gICAqIEBwYXJhbSByZXNvdXJjZSAtIFVuaXF1ZSBpZGVudGlmaWVyIGZvciB0aGUgcmVzb3VyY2UgKGUuZy4sICdwZXJzb25hOm5hbWUnKVxuICAgKiBAcGFyYW0gb3BlcmF0aW9uIC0gQXN5bmMgZnVuY3Rpb24gdG8gZXhlY3V0ZSB3aGlsZSBob2xkaW5nIHRoZSBsb2NrXG4gICAqIEBwYXJhbSBvcHRpb25zIC0gTG9jayBvcHRpb25zIGluY2x1ZGluZyB0aW1lb3V0XG4gICAqIEByZXR1cm5zIFJlc3VsdCBvZiB0aGUgb3BlcmF0aW9uXG4gICAqL1xuICBzdGF0aWMgYXN5bmMgd2l0aExvY2s8VD4oXG4gICAgcmVzb3VyY2U6IHN0cmluZyxcbiAgICBvcGVyYXRpb246ICgpID0+IFByb21pc2U8VD4sXG4gICAgb3B0aW9uczogeyB0aW1lb3V0PzogbnVtYmVyIH0gPSB7fVxuICApOiBQcm9taXNlPFQ+IHtcbiAgICBjb25zdCBzdGFydFRpbWUgPSBEYXRlLm5vdygpO1xuICAgIHRoaXMubWV0cmljcy50b3RhbExvY2tSZXF1ZXN0cysrO1xuICAgIFxuICAgIGxvZ2dlci5kZWJ1ZyhgTG9jayByZXF1ZXN0ZWQgZm9yIHJlc291cmNlOiAke3Jlc291cmNlfWApO1xuICAgIFxuICAgIC8vIFdhaXQgZm9yIGFueSBleGlzdGluZyBvcGVyYXRpb24gb24gdGhpcyByZXNvdXJjZVxuICAgIGNvbnN0IGV4aXN0aW5nTG9jayA9IHRoaXMubG9ja3MuZ2V0KHJlc291cmNlKTtcbiAgICBpZiAoZXhpc3RpbmdMb2NrKSB7XG4gICAgICB0aGlzLm1ldHJpY3MuY29uY3VycmVudFdhaXRzKys7XG4gICAgICBsb2dnZXIuZGVidWcoYFdhaXRpbmcgZm9yIGV4aXN0aW5nIGxvY2sgb246ICR7cmVzb3VyY2V9YCk7XG4gICAgICBcbiAgICAgIHRyeSB7XG4gICAgICAgIGF3YWl0IGV4aXN0aW5nTG9jaztcbiAgICAgIH0gY2F0Y2ggKGVycm9yKSB7XG4gICAgICAgIC8vIFByZXZpb3VzIG9wZXJhdGlvbiBmYWlsZWQsIGJ1dCB3ZSBjYW4gcHJvY2VlZFxuICAgICAgICBsb2dnZXIuZGVidWcoYFByZXZpb3VzIG9wZXJhdGlvbiBvbiAke3Jlc291cmNlfSBmYWlsZWQsIHByb2NlZWRpbmdgKTtcbiAgICAgIH1cbiAgICB9XG4gICAgXG4gICAgLy8gQ3JlYXRlIG5ldyBsb2NrIGZvciB0aGlzIG9wZXJhdGlvblxuICAgIGNvbnN0IHRpbWVvdXQgPSBvcHRpb25zLnRpbWVvdXQgfHwgdGhpcy5ERUZBVUxUX1RJTUVPVVRfTVM7XG4gICAgY29uc3QgbG9ja1Byb21pc2UgPSB0aGlzLmV4ZWN1dGVXaXRoVGltZW91dChvcGVyYXRpb24sIHRpbWVvdXQsIHJlc291cmNlKTtcbiAgICB0aGlzLmxvY2tzLnNldChyZXNvdXJjZSwgbG9ja1Byb21pc2UpO1xuICAgIFxuICAgIHRyeSB7XG4gICAgICBjb25zdCByZXN1bHQgPSBhd2FpdCBsb2NrUHJvbWlzZTtcbiAgICAgIFxuICAgICAgLy8gUmVjb3JkIG1ldHJpY3NcbiAgICAgIGNvbnN0IHdhaXRUaW1lID0gRGF0ZS5ub3coKSAtIHN0YXJ0VGltZTtcbiAgICAgIGlmICghdGhpcy5tZXRyaWNzLmxvY2tXYWl0VGltZS5oYXMocmVzb3VyY2UpKSB7XG4gICAgICAgIHRoaXMubWV0cmljcy5sb2NrV2FpdFRpbWUuc2V0KHJlc291cmNlLCBbXSk7XG4gICAgICB9XG4gICAgICB0aGlzLm1ldHJpY3MubG9ja1dhaXRUaW1lLmdldChyZXNvdXJjZSkhLnB1c2god2FpdFRpbWUpO1xuICAgICAgXG4gICAgICBsb2dnZXIuZGVidWcoYExvY2sgcmVsZWFzZWQgZm9yIHJlc291cmNlOiAke3Jlc291cmNlfSAoJHt3YWl0VGltZX1tcylgKTtcbiAgICAgIHJldHVybiByZXN1bHQ7XG4gICAgfSBmaW5hbGx5IHtcbiAgICAgIC8vIENsZWFuIHVwIGxvY2sgYXRvbWljYWxseSAtIGNvbXBhcmUgYW5kIGRlbGV0ZSBpbiBvbmUgb3BlcmF0aW9uXG4gICAgICBjb25zdCBjdXJyZW50TG9jayA9IHRoaXMubG9ja3MuZ2V0KHJlc291cmNlKTtcbiAgICAgIGlmIChjdXJyZW50TG9jayA9PT0gbG9ja1Byb21pc2UpIHtcbiAgICAgICAgdGhpcy5sb2Nrcy5kZWxldGUocmVzb3VyY2UpO1xuICAgICAgICBsb2dnZXIuZGVidWcoYExvY2sgcXVldWUgY2xlYW5lZCB1cCBmb3IgcmVzb3VyY2U6ICR7cmVzb3VyY2V9YCk7XG4gICAgICB9XG4gICAgfVxuICB9XG5cbiAgLyoqXG4gICAqIEV4ZWN1dGUgb3BlcmF0aW9uIHdpdGggdGltZW91dCBwcm90ZWN0aW9uXG4gICAqL1xuICBwcml2YXRlIHN0YXRpYyBhc3luYyBleGVjdXRlV2l0aFRpbWVvdXQ8VD4oXG4gICAgb3BlcmF0aW9uOiAoKSA9PiBQcm9taXNlPFQ+LFxuICAgIHRpbWVvdXRNczogbnVtYmVyLFxuICAgIHJlc291cmNlOiBzdHJpbmdcbiAgKTogUHJvbWlzZTxUPiB7XG4gICAgbGV0IHRpbWVvdXRIYW5kbGU6IE5vZGVKUy5UaW1lb3V0IHwgdW5kZWZpbmVkO1xuICAgIFxuICAgIGNvbnN0IHRpbWVvdXRQcm9taXNlID0gbmV3IFByb21pc2U8bmV2ZXI+KChfLCByZWplY3QpID0+IHtcbiAgICAgIHRpbWVvdXRIYW5kbGUgPSBzZXRUaW1lb3V0KCgpID0+IHtcbiAgICAgICAgdGhpcy5tZXRyaWNzLmxvY2tUaW1lb3V0cysrO1xuICAgICAgICByZWplY3QobmV3IEVycm9yKGBMb2NrIG9wZXJhdGlvbiB0aW1lb3V0IGZvciByZXNvdXJjZTogJHtyZXNvdXJjZX1gKSk7XG4gICAgICB9LCB0aW1lb3V0TXMpO1xuICAgIH0pO1xuICAgIFxuICAgIHRyeSB7XG4gICAgICBjb25zdCByZXN1bHQgPSBhd2FpdCBQcm9taXNlLnJhY2UoW29wZXJhdGlvbigpLCB0aW1lb3V0UHJvbWlzZV0pO1xuICAgICAgaWYgKHRpbWVvdXRIYW5kbGUpIGNsZWFyVGltZW91dCh0aW1lb3V0SGFuZGxlKTtcbiAgICAgIHJldHVybiByZXN1bHQ7XG4gICAgfSBjYXRjaCAoZXJyb3IpIHtcbiAgICAgIGlmICh0aW1lb3V0SGFuZGxlKSBjbGVhclRpbWVvdXQodGltZW91dEhhbmRsZSk7XG4gICAgICB0aHJvdyBlcnJvcjtcbiAgICB9XG4gIH1cblxuICAvKipcbiAgICogUGVyZm9ybSBhdG9taWMgZmlsZSB3cml0ZSBvcGVyYXRpb25cbiAgICogV3JpdGVzIHRvIHRlbXBvcmFyeSBmaWxlIHRoZW4gcmVuYW1lcyB0byBlbnN1cmUgYXRvbWljaXR5XG4gICAqL1xuICBzdGF0aWMgYXN5bmMgYXRvbWljV3JpdGVGaWxlKFxuICAgIGZpbGVQYXRoOiBzdHJpbmcsXG4gICAgY29udGVudDogc3RyaW5nLFxuICAgIG9wdGlvbnM/OiB7IGVuY29kaW5nPzogQnVmZmVyRW5jb2RpbmcgfVxuICApOiBQcm9taXNlPHZvaWQ+IHtcbiAgICBjb25zdCB0ZW1wUGF0aCA9IGF3YWl0IHRoaXMuZ2V0VGVtcEZpbGVQYXRoKGZpbGVQYXRoKTtcbiAgICBjb25zdCBkaXIgPSBwYXRoLmRpcm5hbWUodGVtcFBhdGgpO1xuICAgIFxuICAgIHRyeSB7XG4gICAgICAvLyBFbnN1cmUgdGVtcCBkaXJlY3RvcnkgZXhpc3RzXG4gICAgICBhd2FpdCBmcy5ta2RpcihkaXIsIHsgcmVjdXJzaXZlOiB0cnVlIH0pO1xuICAgICAgXG4gICAgICAvLyBXcml0ZSB0byB0ZW1wb3JhcnkgZmlsZVxuICAgICAgYXdhaXQgZnMud3JpdGVGaWxlKHRlbXBQYXRoLCBjb250ZW50LCBvcHRpb25zKTtcbiAgICAgIFxuICAgICAgLy8gQXRvbWljIHJlbmFtZSAob24gc2FtZSBmaWxlc3lzdGVtKVxuICAgICAgYXdhaXQgZnMucmVuYW1lKHRlbXBQYXRoLCBmaWxlUGF0aCk7XG4gICAgICBcbiAgICAgIGxvZ2dlci5kZWJ1ZyhgQXRvbWljIHdyaXRlIGNvbXBsZXRlZDogJHtmaWxlUGF0aH1gKTtcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgLy8gQ2xlYW4gdXAgdGVtcCBmaWxlIG9uIGVycm9yXG4gICAgICB0cnkge1xuICAgICAgICBhd2FpdCBmcy51bmxpbmsodGVtcFBhdGgpO1xuICAgICAgICBsb2dnZXIuZGVidWcoYENsZWFuZWQgdXAgdGVtcCBmaWxlIGFmdGVyIGVycm9yOiAke3RlbXBQYXRofWApO1xuICAgICAgfSBjYXRjaCAodW5saW5rRXJyb3IpIHtcbiAgICAgICAgLy8gTG9nIGNsZWFudXAgZmFpbHVyZSBidXQgZG9uJ3QgdGhyb3cgLSBvcmlnaW5hbCBlcnJvciBpcyBtb3JlIGltcG9ydGFudFxuICAgICAgICBsb2dnZXIud2FybihgRmFpbGVkIHRvIGNsZWFuIHVwIHRlbXAgZmlsZSAke3RlbXBQYXRofTogJHt1bmxpbmtFcnJvcn1gKTtcbiAgICAgIH1cbiAgICAgIHRocm93IGVycm9yO1xuICAgIH1cbiAgfVxuXG4gIC8qKlxuICAgKiBQZXJmb3JtIGF0b21pYyBmaWxlIHJlYWQgd2l0aCBsb2NrXG4gICAqL1xuICBzdGF0aWMgYXN5bmMgYXRvbWljUmVhZEZpbGUoXG4gICAgZmlsZVBhdGg6IHN0cmluZyxcbiAgICBvcHRpb25zPzogeyBlbmNvZGluZz86IEJ1ZmZlckVuY29kaW5nIH1cbiAgKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICByZXR1cm4gdGhpcy53aXRoTG9jayhgZmlsZToke2ZpbGVQYXRofWAsIGFzeW5jICgpID0+IHtcbiAgICAgIGNvbnN0IGNvbnRlbnQgPSBhd2FpdCBmcy5yZWFkRmlsZShmaWxlUGF0aCwgb3B0aW9ucyk7XG4gICAgICByZXR1cm4gY29udGVudC50b1N0cmluZygpO1xuICAgIH0pO1xuICB9XG5cbiAgLyoqXG4gICAqIEdlbmVyYXRlIHRlbXBvcmFyeSBmaWxlIHBhdGggZm9yIGF0b21pYyBvcGVyYXRpb25zXG4gICAqL1xuICBwcml2YXRlIHN0YXRpYyBhc3luYyBnZXRUZW1wRmlsZVBhdGgob3JpZ2luYWxQYXRoOiBzdHJpbmcpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGRpciA9IHBhdGguZGlybmFtZShvcmlnaW5hbFBhdGgpO1xuICAgIGNvbnN0IGJhc2VuYW1lID0gcGF0aC5iYXNlbmFtZShvcmlnaW5hbFBhdGgpO1xuICAgIGNvbnN0IHJhbmRvbSA9IHJhbmRvbUJ5dGVzKDgpLnRvU3RyaW5nKCdoZXgnKTtcbiAgICByZXR1cm4gcGF0aC5qb2luKGRpciwgdGhpcy5URU1QX0RJUiwgYCR7YmFzZW5hbWV9LiR7cmFuZG9tfS50bXBgKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBHZXQgbG9jayBtZXRyaWNzIGZvciBtb25pdG9yaW5nXG4gICAqL1xuICBzdGF0aWMgZ2V0TWV0cmljcygpIHtcbiAgICBjb25zdCBhdmdXYWl0VGltZXMgPSBuZXcgTWFwPHN0cmluZywgbnVtYmVyPigpO1xuICAgIGZvciAoY29uc3QgW3Jlc291cmNlLCB0aW1lc10gb2YgdGhpcy5tZXRyaWNzLmxvY2tXYWl0VGltZS5lbnRyaWVzKCkpIHtcbiAgICAgIGlmICh0aW1lcy5sZW5ndGggPiAwKSB7XG4gICAgICAgIGNvbnN0IGF2ZyA9IHRpbWVzLnJlZHVjZSgoYSwgYikgPT4gYSArIGIsIDApIC8gdGltZXMubGVuZ3RoO1xuICAgICAgICBhdmdXYWl0VGltZXMuc2V0KHJlc291cmNlLCBNYXRoLnJvdW5kKGF2ZykpO1xuICAgICAgfVxuICAgIH1cbiAgICBcbiAgICByZXR1cm4ge1xuICAgICAgdG90YWxSZXF1ZXN0czogdGhpcy5tZXRyaWNzLnRvdGFsTG9ja1JlcXVlc3RzLFxuICAgICAgYWN0aXZlTG9ja3NDb3VudDogdGhpcy5sb2Nrcy5zaXplLFxuICAgICAgdGltZW91dHM6IHRoaXMubWV0cmljcy5sb2NrVGltZW91dHMsXG4gICAgICBjb25jdXJyZW50V2FpdHM6IHRoaXMubWV0cmljcy5jb25jdXJyZW50V2FpdHMsXG4gICAgICBhdmdXYWl0VGltZUJ5UmVzb3VyY2U6IE9iamVjdC5mcm9tRW50cmllcyhhdmdXYWl0VGltZXMpLFxuICAgICAgYWN0aXZlTG9ja3M6IEFycmF5LmZyb20odGhpcy5sb2Nrcy5rZXlzKCkpXG4gICAgfTtcbiAgfVxuXG4gIC8qKlxuICAgKiBDbGVhciBhbGwgbG9ja3MgKHVzZSB3aXRoIGNhdXRpb24gLSBtYWlubHkgZm9yIHRlc3RpbmcpXG4gICAqL1xuICBzdGF0aWMgY2xlYXJBbGxMb2NrcygpOiB2b2lkIHtcbiAgICB0aGlzLmxvY2tzLmNsZWFyKCk7XG4gICAgbG9nZ2VyLndhcm4oJ0FsbCBmaWxlIGxvY2tzIGNsZWFyZWQgLSB1c2Ugb25seSBmb3IgdGVzdGluZy9yZWNvdmVyeScpO1xuICB9XG5cbiAgLyoqXG4gICAqIFJlc2V0IG1ldHJpY3NcbiAgICovXG4gIHN0YXRpYyByZXNldE1ldHJpY3MoKTogdm9pZCB7XG4gICAgdGhpcy5tZXRyaWNzID0ge1xuICAgICAgdG90YWxMb2NrUmVxdWVzdHM6IDAsXG4gICAgICBsb2NrV2FpdFRpbWU6IG5ldyBNYXA8c3RyaW5nLCBudW1iZXJbXT4oKSxcbiAgICAgIGxvY2tUaW1lb3V0czogMCxcbiAgICAgIGNvbmN1cnJlbnRXYWl0czogMFxuICAgIH07XG4gIH1cbn0iXX0=

package/dist/test/src/security/index.d.ts

@@ -1,12 +0,0 @@
-/**
- * Security module exports
- */
-export * from './constants.js';
-export * from './InputValidator.js';
-export * from './contentValidator.js';
-export * from './securityMonitor.js';
-export * from './commandValidator.js';
-export * from './pathValidator.js';
-export * from './yamlValidator.js';
-export * from './fileLockManager.js';
-//# sourceMappingURL=index.d.ts.map

package/dist/test/src/security/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/security/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,gBAAgB,CAAC;AAC/B,cAAc,qBAAqB,CAAC;AACpC,cAAc,uBAAuB,CAAC;AACtC,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AACtC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,sBAAsB,CAAC"}

package/dist/test/src/security/index.js

@@ -1,14 +0,0 @@
-/**
- * Security module exports
- */
-export * from './constants.js';
-export * from './InputValidator.js';
-export * from './contentValidator.js';
-export * from './securityMonitor.js';
-export * from './commandValidator.js';
-export * from './pathValidator.js';
-export * from './yamlValidator.js';
-export * from './fileLockManager.js';
-// Export security functionality when ready
-// export * from './RateLimiter.js';
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvc2VjdXJpdHkvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7O0dBRUc7QUFFSCxjQUFjLGdCQUFnQixDQUFDO0FBQy9CLGNBQWMscUJBQXFCLENBQUM7QUFDcEMsY0FBYyx1QkFBdUIsQ0FBQztBQUN0QyxjQUFjLHNCQUFzQixDQUFDO0FBQ3JDLGNBQWMsdUJBQXVCLENBQUM7QUFDdEMsY0FBYyxvQkFBb0IsQ0FBQztBQUNuQyxjQUFjLG9CQUFvQixDQUFDO0FBQ25DLGNBQWMsc0JBQXNCLENBQUM7QUFDckMsMkNBQTJDO0FBQzNDLG9DQUFvQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogU2VjdXJpdHkgbW9kdWxlIGV4cG9ydHNcbiAqL1xuXG5leHBvcnQgKiBmcm9tICcuL2NvbnN0YW50cy5qcyc7XG5leHBvcnQgKiBmcm9tICcuL0lucHV0VmFsaWRhdG9yLmpzJztcbmV4cG9ydCAqIGZyb20gJy4vY29udGVudFZhbGlkYXRvci5qcyc7XG5leHBvcnQgKiBmcm9tICcuL3NlY3VyaXR5TW9uaXRvci5qcyc7XG5leHBvcnQgKiBmcm9tICcuL2NvbW1hbmRWYWxpZGF0b3IuanMnO1xuZXhwb3J0ICogZnJvbSAnLi9wYXRoVmFsaWRhdG9yLmpzJztcbmV4cG9ydCAqIGZyb20gJy4veWFtbFZhbGlkYXRvci5qcyc7XG5leHBvcnQgKiBmcm9tICcuL2ZpbGVMb2NrTWFuYWdlci5qcyc7XG4vLyBFeHBvcnQgc2VjdXJpdHkgZnVuY3Rpb25hbGl0eSB3aGVuIHJlYWR5XG4vLyBleHBvcnQgKiBmcm9tICcuL1JhdGVMaW1pdGVyLmpzJzsiXX0=

package/dist/test/src/security/pathValidator.d.ts

@@ -1,9 +0,0 @@
-export declare class PathValidator {
-    private static ALLOWED_DIRECTORIES;
-    private static ALLOWED_EXTENSIONS;
-    static initialize(personasDir: string, allowedExtensions?: string[]): void;
-    static validatePersonaPath(userPath: string): Promise<string>;
-    static safeReadFile(filePath: string): Promise<string>;
-    static safeWriteFile(filePath: string, content: string): Promise<void>;
-}
-//# sourceMappingURL=pathValidator.d.ts.map

package/dist/test/src/security/pathValidator.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"pathValidator.d.ts","sourceRoot":"","sources":["../../../../src/security/pathValidator.ts"],"names":[],"mappings":"AAKA,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAgB;IAClD,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAA2D;IAE5F,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,MAAM,EAAE,iBAAiB,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI;WAc7D,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;WA8DtD,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;WAiB/C,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAmB7E"}

package/dist/test/src/security/pathValidator.js

@@ -1,98 +0,0 @@
-import path from 'path';
-import fs from 'fs/promises';
-import { logger } from '../utils/logger.js';
-import { RegexValidator } from './regexValidator.js';
-export class PathValidator {
-    static ALLOWED_DIRECTORIES = [];
-    static ALLOWED_EXTENSIONS = ['.md', '.markdown', '.txt', '.yml', '.yaml'];
-    static initialize(personasDir, allowedExtensions) {
-        this.ALLOWED_DIRECTORIES = [
-            path.resolve(personasDir),
-            path.resolve('./personas'),
-            path.resolve('./custom-personas'),
-            path.resolve('./backups'),
-            path.resolve(process.env.PERSONAS_DIR || './personas')
-        ];
-        if (allowedExtensions) {
-            this.ALLOWED_EXTENSIONS = allowedExtensions;
-        }
-    }
-    static async validatePersonaPath(userPath) {
-        if (!userPath || typeof userPath !== 'string') {
-            throw new Error('Path must be a non-empty string');
-        }
-        // Remove any null bytes
-        const cleanPath = userPath.replace(/\x00/g, '');
-        // Normalize and resolve path
-        const normalizedPath = path.normalize(cleanPath);
-        const resolvedPath = path.resolve(normalizedPath);
-        // Check for path traversal attempts
-        if (normalizedPath.includes('..') || cleanPath.includes('..')) {
-            logger.warn('Path traversal attempt detected', { userPath });
-            throw new Error('Path traversal detected');
-        }
-        // Check if path is within allowed directories
-        if (this.ALLOWED_DIRECTORIES.length === 0) {
-            // If not initialized, allow paths under current working directory's personas folder
-            const defaultAllowed = [
-                path.resolve('./personas'),
-                path.resolve(process.env.PERSONAS_DIR || './personas')
-            ];
-            const isAllowed = defaultAllowed.some(allowedDir => resolvedPath.startsWith(allowedDir + path.sep) ||
-                resolvedPath === allowedDir);
-            if (!isAllowed) {
-                throw new Error(`Path access denied: ${userPath}`);
-            }
-        }
-        else {
-            const isAllowed = this.ALLOWED_DIRECTORIES.some(allowedDir => resolvedPath.startsWith(allowedDir + path.sep) ||
-                resolvedPath === allowedDir);
-            if (!isAllowed) {
-                throw new Error(`Path access denied: ${userPath}`);
-            }
-        }
-        // Validate filename if it's a file
-        if (path.extname(resolvedPath)) {
-            const filename = path.basename(resolvedPath);
-            const ext = path.extname(filename).toLowerCase();
-            // Check if extension is allowed
-            if (!this.ALLOWED_EXTENSIONS.includes(ext)) {
-                throw new Error(`File extension not allowed: ${ext}. Allowed: ${this.ALLOWED_EXTENSIONS.join(', ')}`);
-            }
-            // Validate filename format (alphanumeric, dash, underscore, dot)
-            if (!RegexValidator.validate(filename, /^[a-zA-Z0-9\-_.]+$/i, { maxLength: 255 })) {
-                throw new Error(`Invalid filename format: ${filename}`);
-            }
-        }
-        return resolvedPath;
-    }
-    static async safeReadFile(filePath) {
-        const validatedPath = await this.validatePersonaPath(filePath);
-        // Check file exists and is not a directory
-        const stats = await fs.stat(validatedPath);
-        if (stats.isDirectory()) {
-            throw new Error('Path is a directory, not a file');
-        }
-        // Size check
-        if (stats.size > 500000) { // 500KB
-            throw new Error('File too large');
-        }
-        return fs.readFile(validatedPath, 'utf-8');
-    }
-    static async safeWriteFile(filePath, content) {
-        const validatedPath = await this.validatePersonaPath(filePath);
-        // Content validation
-        if (content.length > 500000) {
-            throw new Error('Content too large');
-        }
-        // Ensure directory exists before atomic write
-        const dirPath = path.dirname(validatedPath);
-        await fs.mkdir(dirPath, { recursive: true });
-        // Write to temp file first (atomic write)
-        const tempPath = `${validatedPath}.tmp`;
-        await fs.writeFile(tempPath, content, 'utf-8');
-        // Rename to final path (atomic on most filesystems)
-        await fs.rename(tempPath, validatedPath);
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGF0aFZhbGlkYXRvci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9zZWN1cml0eS9wYXRoVmFsaWRhdG9yLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sSUFBSSxNQUFNLE1BQU0sQ0FBQztBQUN4QixPQUFPLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFDN0IsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLG9CQUFvQixDQUFDO0FBQzVDLE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUVyRCxNQUFNLE9BQU8sYUFBYTtJQUNoQixNQUFNLENBQUMsbUJBQW1CLEdBQWEsRUFBRSxDQUFDO0lBQzFDLE1BQU0sQ0FBQyxrQkFBa0IsR0FBYSxDQUFDLEtBQUssRUFBRSxXQUFXLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxPQUFPLENBQUMsQ0FBQztJQUU1RixNQUFNLENBQUMsVUFBVSxDQUFDLFdBQW1CLEVBQUUsaUJBQTRCO1FBQ2pFLElBQUksQ0FBQyxtQkFBbUIsR0FBRztZQUN6QixJQUFJLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQztZQUN6QixJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQztZQUMxQixJQUFJLENBQUMsT0FBTyxDQUFDLG1CQUFtQixDQUFDO1lBQ2pDLElBQUksQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDO1lBQ3pCLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxZQUFZLElBQUksWUFBWSxDQUFDO1NBQ3ZELENBQUM7UUFFRixJQUFJLGlCQUFpQixFQUFFLENBQUM7WUFDdEIsSUFBSSxDQUFDLGtCQUFrQixHQUFHLGlCQUFpQixDQUFDO1FBQzlDLENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyxtQkFBbUIsQ0FBQyxRQUFnQjtRQUMvQyxJQUFJLENBQUMsUUFBUSxJQUFJLE9BQU8sUUFBUSxLQUFLLFFBQVEsRUFBRSxDQUFDO1lBQzlDLE1BQU0sSUFBSSxLQUFLLENBQUMsaUNBQWlDLENBQUMsQ0FBQztRQUNyRCxDQUFDO1FBRUQsd0JBQXdCO1FBQ3hCLE1BQU0sU0FBUyxHQUFHLFFBQVEsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRWhELDZCQUE2QjtRQUM3QixNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2pELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLENBQUM7UUFFbEQsb0NBQW9DO1FBQ3BDLElBQUksY0FBYyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxTQUFTLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7WUFDOUQsTUFBTSxDQUFDLElBQUksQ0FBQyxpQ0FBaUMsRUFBRSxFQUFFLFFBQVEsRUFBRSxDQUFDLENBQUM7WUFDN0QsTUFBTSxJQUFJLEtBQUssQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO1FBQzdDLENBQUM7UUFFRCw4Q0FBOEM7UUFDOUMsSUFBSSxJQUFJLENBQUMsbUJBQW1CLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQzFDLG9GQUFvRjtZQUNwRixNQUFNLGNBQWMsR0FBRztnQkFDckIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUM7Z0JBQzFCLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxZQUFZLElBQUksWUFBWSxDQUFDO2FBQ3ZELENBQUM7WUFDRixNQUFNLFNBQVMsR0FBRyxjQUFjLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQ2pELFlBQVksQ0FBQyxVQUFVLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUM7Z0JBQzlDLFlBQVksS0FBSyxVQUFVLENBQzVCLENBQUM7WUFDRixJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ2YsTUFBTSxJQUFJLEtBQUssQ0FBQyx1QkFBdUIsUUFBUSxFQUFFLENBQUMsQ0FBQztZQUNyRCxDQUFDO1FBQ0gsQ0FBQzthQUFNLENBQUM7WUFDTixNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsbUJBQW1CLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQzNELFlBQVksQ0FBQyxVQUFVLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUM7Z0JBQzlDLFlBQVksS0FBSyxVQUFVLENBQzVCLENBQUM7WUFFRixJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ2YsTUFBTSxJQUFJLEtBQUssQ0FBQyx1QkFBdUIsUUFBUSxFQUFFLENBQUMsQ0FBQztZQUNyRCxDQUFDO1FBQ0gsQ0FBQztRQUVELG1DQUFtQztRQUNuQyxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQztZQUMvQixNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQzdDLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUM7WUFFakQsZ0NBQWdDO1lBQ2hDLElBQUksQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQzNDLE1BQU0sSUFBSSxLQUFLLENBQUMsK0JBQStCLEdBQUcsY0FBYyxJQUFJLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUN4RyxDQUFDO1lBRUQsaUVBQWlFO1lBQ2pFLElBQUksQ0FBQyxjQUFjLENBQUMsUUFBUSxDQUFDLFFBQVEsRUFBRSxxQkFBcUIsRUFBRSxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsQ0FBQyxFQUFFLENBQUM7Z0JBQ2xGLE1BQU0sSUFBSSxLQUFLLENBQUMsNEJBQTRCLFFBQVEsRUFBRSxDQUFDLENBQUM7WUFDMUQsQ0FBQztRQUNILENBQUM7UUFFRCxPQUFPLFlBQVksQ0FBQztJQUN0QixDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyxZQUFZLENBQUMsUUFBZ0I7UUFDeEMsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsbUJBQW1CLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFL0QsMkNBQTJDO1FBQzNDLE1BQU0sS0FBSyxHQUFHLE1BQU0sRUFBRSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUMzQyxJQUFJLEtBQUssQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sSUFBSSxLQUFLLENBQUMsaUNBQWlDLENBQUMsQ0FBQztRQUNyRCxDQUFDO1FBRUQsYUFBYTtRQUNiLElBQUksS0FBSyxDQUFDLElBQUksR0FBRyxNQUFNLEVBQUUsQ0FBQyxDQUFDLFFBQVE7WUFDakMsTUFBTSxJQUFJLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQ3BDLENBQUM7UUFFRCxPQUFPLEVBQUUsQ0FBQyxRQUFRLENBQUMsYUFBYSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQzdDLENBQUM7SUFFRCxNQUFNLENBQUMsS0FBSyxDQUFDLGFBQWEsQ0FBQyxRQUFnQixFQUFFLE9BQWU7UUFDMUQsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsbUJBQW1CLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFL0QscUJBQXFCO1FBQ3JCLElBQUksT0FBTyxDQUFDLE1BQU0sR0FBRyxNQUFNLEVBQUUsQ0FBQztZQUM1QixNQUFNLElBQUksS0FBSyxDQUFDLG1CQUFtQixDQUFDLENBQUM7UUFDdkMsQ0FBQztRQUVELDhDQUE4QztRQUM5QyxNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQzVDLE1BQU0sRUFBRSxDQUFDLEtBQUssQ0FBQyxPQUFPLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztRQUU3QywwQ0FBMEM7UUFDMUMsTUFBTSxRQUFRLEdBQUcsR0FBRyxhQUFhLE1BQU0sQ0FBQztRQUN4QyxNQUFNLEVBQUUsQ0FBQyxTQUFTLENBQUMsUUFBUSxFQUFFLE9BQU8sRUFBRSxPQUFPLENBQUMsQ0FBQztRQUUvQyxvREFBb0Q7UUFDcEQsTUFBTSxFQUFFLENBQUMsTUFBTSxDQUFDLFFBQVEsRUFBRSxhQUFhLENBQUMsQ0FBQztJQUMzQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHBhdGggZnJvbSAncGF0aCc7XG5pbXBvcnQgZnMgZnJvbSAnZnMvcHJvbWlzZXMnO1xuaW1wb3J0IHsgbG9nZ2VyIH0gZnJvbSAnLi4vdXRpbHMvbG9nZ2VyLmpzJztcbmltcG9ydCB7IFJlZ2V4VmFsaWRhdG9yIH0gZnJvbSAnLi9yZWdleFZhbGlkYXRvci5qcyc7XG5cbmV4cG9ydCBjbGFzcyBQYXRoVmFsaWRhdG9yIHtcbiAgcHJpdmF0ZSBzdGF0aWMgQUxMT1dFRF9ESVJFQ1RPUklFUzogc3RyaW5nW10gPSBbXTtcbiAgcHJpdmF0ZSBzdGF0aWMgQUxMT1dFRF9FWFRFTlNJT05TOiBzdHJpbmdbXSA9IFsnLm1kJywgJy5tYXJrZG93bicsICcudHh0JywgJy55bWwnLCAnLnlhbWwnXTtcbiAgXG4gIHN0YXRpYyBpbml0aWFsaXplKHBlcnNvbmFzRGlyOiBzdHJpbmcsIGFsbG93ZWRFeHRlbnNpb25zPzogc3RyaW5nW10pOiB2b2lkIHtcbiAgICB0aGlzLkFMTE9XRURfRElSRUNUT1JJRVMgPSBbXG4gICAgICBwYXRoLnJlc29sdmUocGVyc29uYXNEaXIpLFxuICAgICAgcGF0aC5yZXNvbHZlKCcuL3BlcnNvbmFzJyksXG4gICAgICBwYXRoLnJlc29sdmUoJy4vY3VzdG9tLXBlcnNvbmFzJyksXG4gICAgICBwYXRoLnJlc29sdmUoJy4vYmFja3VwcycpLFxuICAgICAgcGF0aC5yZXNvbHZlKHByb2Nlc3MuZW52LlBFUlNPTkFTX0RJUiB8fCAnLi9wZXJzb25hcycpXG4gICAgXTtcbiAgICBcbiAgICBpZiAoYWxsb3dlZEV4dGVuc2lvbnMpIHtcbiAgICAgIHRoaXMuQUxMT1dFRF9FWFRFTlNJT05TID0gYWxsb3dlZEV4dGVuc2lvbnM7XG4gICAgfVxuICB9XG5cbiAgc3RhdGljIGFzeW5jIHZhbGlkYXRlUGVyc29uYVBhdGgodXNlclBhdGg6IHN0cmluZyk6IFByb21pc2U8c3RyaW5nPiB7XG4gICAgaWYgKCF1c2VyUGF0aCB8fCB0eXBlb2YgdXNlclBhdGggIT09ICdzdHJpbmcnKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ1BhdGggbXVzdCBiZSBhIG5vbi1lbXB0eSBzdHJpbmcnKTtcbiAgICB9XG5cbiAgICAvLyBSZW1vdmUgYW55IG51bGwgYnl0ZXNcbiAgICBjb25zdCBjbGVhblBhdGggPSB1c2VyUGF0aC5yZXBsYWNlKC9cXHgwMC9nLCAnJyk7XG4gICAgXG4gICAgLy8gTm9ybWFsaXplIGFuZCByZXNvbHZlIHBhdGhcbiAgICBjb25zdCBub3JtYWxpemVkUGF0aCA9IHBhdGgubm9ybWFsaXplKGNsZWFuUGF0aCk7XG4gICAgY29uc3QgcmVzb2x2ZWRQYXRoID0gcGF0aC5yZXNvbHZlKG5vcm1hbGl6ZWRQYXRoKTtcbiAgICBcbiAgICAvLyBDaGVjayBmb3IgcGF0aCB0cmF2ZXJzYWwgYXR0ZW1wdHNcbiAgICBpZiAobm9ybWFsaXplZFBhdGguaW5jbHVkZXMoJy4uJykgfHwgY2xlYW5QYXRoLmluY2x1ZGVzKCcuLicpKSB7XG4gICAgICBsb2dnZXIud2FybignUGF0aCB0cmF2ZXJzYWwgYXR0ZW1wdCBkZXRlY3RlZCcsIHsgdXNlclBhdGggfSk7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ1BhdGggdHJhdmVyc2FsIGRldGVjdGVkJyk7XG4gICAgfVxuICAgIFxuICAgIC8vIENoZWNrIGlmIHBhdGggaXMgd2l0aGluIGFsbG93ZWQgZGlyZWN0b3JpZXNcbiAgICBpZiAodGhpcy5BTExPV0VEX0RJUkVDVE9SSUVTLmxlbmd0aCA9PT0gMCkge1xuICAgICAgLy8gSWYgbm90IGluaXRpYWxpemVkLCBhbGxvdyBwYXRocyB1bmRlciBjdXJyZW50IHdvcmtpbmcgZGlyZWN0b3J5J3MgcGVyc29uYXMgZm9sZGVyXG4gICAgICBjb25zdCBkZWZhdWx0QWxsb3dlZCA9IFtcbiAgICAgICAgcGF0aC5yZXNvbHZlKCcuL3BlcnNvbmFzJyksXG4gICAgICAgIHBhdGgucmVzb2x2ZShwcm9jZXNzLmVudi5QRVJTT05BU19ESVIgfHwgJy4vcGVyc29uYXMnKVxuICAgICAgXTtcbiAgICAgIGNvbnN0IGlzQWxsb3dlZCA9IGRlZmF1bHRBbGxvd2VkLnNvbWUoYWxsb3dlZERpciA9PiBcbiAgICAgICAgcmVzb2x2ZWRQYXRoLnN0YXJ0c1dpdGgoYWxsb3dlZERpciArIHBhdGguc2VwKSB8fCBcbiAgICAgICAgcmVzb2x2ZWRQYXRoID09PSBhbGxvd2VkRGlyXG4gICAgICApO1xuICAgICAgaWYgKCFpc0FsbG93ZWQpIHtcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKGBQYXRoIGFjY2VzcyBkZW5pZWQ6ICR7dXNlclBhdGh9YCk7XG4gICAgICB9XG4gICAgfSBlbHNlIHtcbiAgICAgIGNvbnN0IGlzQWxsb3dlZCA9IHRoaXMuQUxMT1dFRF9ESVJFQ1RPUklFUy5zb21lKGFsbG93ZWREaXIgPT4gXG4gICAgICAgIHJlc29sdmVkUGF0aC5zdGFydHNXaXRoKGFsbG93ZWREaXIgKyBwYXRoLnNlcCkgfHwgXG4gICAgICAgIHJlc29sdmVkUGF0aCA9PT0gYWxsb3dlZERpclxuICAgICAgKTtcbiAgICAgIFxuICAgICAgaWYgKCFpc0FsbG93ZWQpIHtcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKGBQYXRoIGFjY2VzcyBkZW5pZWQ6ICR7dXNlclBhdGh9YCk7XG4gICAgICB9XG4gICAgfVxuICAgIFxuICAgIC8vIFZhbGlkYXRlIGZpbGVuYW1lIGlmIGl0J3MgYSBmaWxlXG4gICAgaWYgKHBhdGguZXh0bmFtZShyZXNvbHZlZFBhdGgpKSB7XG4gICAgICBjb25zdCBmaWxlbmFtZSA9IHBhdGguYmFzZW5hbWUocmVzb2x2ZWRQYXRoKTtcbiAgICAgIGNvbnN0IGV4dCA9IHBhdGguZXh0bmFtZShmaWxlbmFtZSkudG9Mb3dlckNhc2UoKTtcbiAgICAgIFxuICAgICAgLy8gQ2hlY2sgaWYgZXh0ZW5zaW9uIGlzIGFsbG93ZWRcbiAgICAgIGlmICghdGhpcy5BTExPV0VEX0VYVEVOU0lPTlMuaW5jbHVkZXMoZXh0KSkge1xuICAgICAgICB0aHJvdyBuZXcgRXJyb3IoYEZpbGUgZXh0ZW5zaW9uIG5vdCBhbGxvd2VkOiAke2V4dH0uIEFsbG93ZWQ6ICR7dGhpcy5BTExPV0VEX0VYVEVOU0lPTlMuam9pbignLCAnKX1gKTtcbiAgICAgIH1cbiAgICAgIFxuICAgICAgLy8gVmFsaWRhdGUgZmlsZW5hbWUgZm9ybWF0IChhbHBoYW51bWVyaWMsIGRhc2gsIHVuZGVyc2NvcmUsIGRvdClcbiAgICAgIGlmICghUmVnZXhWYWxpZGF0b3IudmFsaWRhdGUoZmlsZW5hbWUsIC9eW2EtekEtWjAtOVxcLV8uXSskL2ksIHsgbWF4TGVuZ3RoOiAyNTUgfSkpIHtcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKGBJbnZhbGlkIGZpbGVuYW1lIGZvcm1hdDogJHtmaWxlbmFtZX1gKTtcbiAgICAgIH1cbiAgICB9XG4gICAgXG4gICAgcmV0dXJuIHJlc29sdmVkUGF0aDtcbiAgfVxuXG4gIHN0YXRpYyBhc3luYyBzYWZlUmVhZEZpbGUoZmlsZVBhdGg6IHN0cmluZyk6IFByb21pc2U8c3RyaW5nPiB7XG4gICAgY29uc3QgdmFsaWRhdGVkUGF0aCA9IGF3YWl0IHRoaXMudmFsaWRhdGVQZXJzb25hUGF0aChmaWxlUGF0aCk7XG4gICAgXG4gICAgLy8gQ2hlY2sgZmlsZSBleGlzdHMgYW5kIGlzIG5vdCBhIGRpcmVjdG9yeVxuICAgIGNvbnN0IHN0YXRzID0gYXdhaXQgZnMuc3RhdCh2YWxpZGF0ZWRQYXRoKTtcbiAgICBpZiAoc3RhdHMuaXNEaXJlY3RvcnkoKSkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKCdQYXRoIGlzIGEgZGlyZWN0b3J5LCBub3QgYSBmaWxlJyk7XG4gICAgfVxuICAgIFxuICAgIC8vIFNpemUgY2hlY2tcbiAgICBpZiAoc3RhdHMuc2l6ZSA+IDUwMDAwMCkgeyAvLyA1MDBLQlxuICAgICAgdGhyb3cgbmV3IEVycm9yKCdGaWxlIHRvbyBsYXJnZScpO1xuICAgIH1cbiAgICBcbiAgICByZXR1cm4gZnMucmVhZEZpbGUodmFsaWRhdGVkUGF0aCwgJ3V0Zi04Jyk7XG4gIH1cblxuICBzdGF0aWMgYXN5bmMgc2FmZVdyaXRlRmlsZShmaWxlUGF0aDogc3RyaW5nLCBjb250ZW50OiBzdHJpbmcpOiBQcm9taXNlPHZvaWQ+IHtcbiAgICBjb25zdCB2YWxpZGF0ZWRQYXRoID0gYXdhaXQgdGhpcy52YWxpZGF0ZVBlcnNvbmFQYXRoKGZpbGVQYXRoKTtcbiAgICBcbiAgICAvLyBDb250ZW50IHZhbGlkYXRpb25cbiAgICBpZiAoY29udGVudC5sZW5ndGggPiA1MDAwMDApIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcignQ29udGVudCB0b28gbGFyZ2UnKTtcbiAgICB9XG4gICAgXG4gICAgLy8gRW5zdXJlIGRpcmVjdG9yeSBleGlzdHMgYmVmb3JlIGF0b21pYyB3cml0ZVxuICAgIGNvbnN0IGRpclBhdGggPSBwYXRoLmRpcm5hbWUodmFsaWRhdGVkUGF0aCk7XG4gICAgYXdhaXQgZnMubWtkaXIoZGlyUGF0aCwgeyByZWN1cnNpdmU6IHRydWUgfSk7XG4gICAgXG4gICAgLy8gV3JpdGUgdG8gdGVtcCBmaWxlIGZpcnN0IChhdG9taWMgd3JpdGUpXG4gICAgY29uc3QgdGVtcFBhdGggPSBgJHt2YWxpZGF0ZWRQYXRofS50bXBgO1xuICAgIGF3YWl0IGZzLndyaXRlRmlsZSh0ZW1wUGF0aCwgY29udGVudCwgJ3V0Zi04Jyk7XG4gICAgXG4gICAgLy8gUmVuYW1lIHRvIGZpbmFsIHBhdGggKGF0b21pYyBvbiBtb3N0IGZpbGVzeXN0ZW1zKVxuICAgIGF3YWl0IGZzLnJlbmFtZSh0ZW1wUGF0aCwgdmFsaWRhdGVkUGF0aCk7XG4gIH1cbn0iXX0=

package/dist/test/src/security/regexValidator.d.ts

@@ -1,59 +0,0 @@
-/**
- * RegexValidator - Provides protection against ReDoS attacks
- *
- * This module implements safe regex execution by:
- * 1. Pre-validating content length based on pattern complexity
- * 2. Analyzing patterns for known ReDoS vulnerabilities
- * 3. Limiting execution based on calculated risk
- */
-export interface RegexValidationOptions {
-    /** Maximum content length allowed */
-    maxLength?: number;
-    /** Reject patterns with high ReDoS risk */
-    rejectDangerousPatterns?: boolean;
-    /** Log security events */
-    logEvents?: boolean;
-}
-interface PatternAnalysis {
-    safe: boolean;
-    risks: string[];
-    complexity: 'low' | 'medium' | 'high';
-    maxSafeLength: number;
-}
-export declare class RegexValidator {
-    private static readonly COMPLEXITY_LIMITS;
-    /**
-     * Validates content against a pattern with ReDoS protection
-     *
-     * Protection strategy:
-     * 1. Analyze pattern complexity
-     * 2. Enforce content length limits based on complexity
-     * 3. Reject known dangerous patterns
-     * 4. Execute regex only if safe
-     */
-    static validate(content: string, pattern: RegExp, options?: RegexValidationOptions): boolean;
-    /**
-     * Validates multiple patterns with shared risk assessment
-     */
-    static validateAny(content: string, patterns: RegExp[], options?: RegexValidationOptions): boolean;
-    /**
-     * Validates all patterns must match
-     */
-    static validateAll(content: string, patterns: RegExp[], options?: RegexValidationOptions): boolean;
-    /**
-     * Analyzes a regex pattern for potential ReDoS vulnerabilities
-     *
-     * Detects patterns known to cause exponential backtracking:
-     * - Nested quantifiers: (a+)+, (a*)*
-     * - Alternation with overlap: (a|a)*
-     * - Quantified groups with alternation: (a|b)+
-     * - Catastrophic patterns: (.+)+$
-     */
-    static analyzePattern(pattern: RegExp): PatternAnalysis;
-    /**
-     * Creates a regex pattern with safety analysis
-     */
-    static createSafePattern(pattern: string, flags?: string): RegExp;
-}
-export {};
-//# sourceMappingURL=regexValidator.d.ts.map

package/dist/test/src/security/regexValidator.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"regexValidator.d.ts","sourceRoot":"","sources":["../../../../src/security/regexValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,MAAM,WAAW,sBAAsB;IACrC,qCAAqC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2CAA2C;IAC3C,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,0BAA0B;IAC1B,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,UAAU,eAAe;IACvB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,UAAU,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACtC,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,qBAAa,cAAc;IAEzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAIvC;IAEF;;;;;;;;OAQG;IACH,MAAM,CAAC,QAAQ,CACb,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,sBAA2B,GACnC,OAAO;IAiFV;;OAEG;IACH,MAAM,CAAC,WAAW,CAChB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAAE,EAClB,OAAO,GAAE,sBAA2B,GACnC,OAAO;IASV;;OAEG;IACH,MAAM,CAAC,WAAW,CAChB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAAE,EAClB,OAAO,GAAE,sBAA2B,GACnC,OAAO;IASV;;;;;;;;OAQG;IACH,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,eAAe;IA4EvD;;OAEG;IACH,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM;CAmBlE"}