@dollhousemcp/mcp-server 1.5.2 → 1.6.0

package/dist/update/SignatureVerifier.js

@@ -1,214 +0,0 @@
-/**
- * SignatureVerifier - Verifies GitHub release signatures to ensure authenticity
- *
- * Security features:
- * - Verifies GPG signatures on git tags
- * - Validates release artifacts checksums
- * - Ensures releases come from trusted sources
- * - Prevents tampering and supply chain attacks
- */
-import { safeExec } from '../utils/git.js';
-import * as crypto from 'crypto';
-import * as fs from 'fs/promises';
-import * as path from 'path';
-import { randomBytes } from 'crypto';
-import { logger } from '../utils/logger.js';
-export class SignatureVerifier {
-    trustedKeys;
-    allowUnsignedInDev;
-    constructor(options) {
-        // Default trusted keys - should be GPG key IDs of maintainers
-        this.trustedKeys = new Set(options?.trustedKeys || [
-        // Add trusted GPG key fingerprints here
-        // Example: '1234567890ABCDEF1234567890ABCDEF12345678'
-        ]);
-        // Allow unsigned releases in development mode
-        this.allowUnsignedInDev = options?.allowUnsignedInDev ?? true;
-    }
-    /**
-     * Verify a git tag signature
-     * @param tagName The tag to verify (e.g., 'v1.2.0')
-     * @returns Verification result with signer information
-     */
-    async verifyTagSignature(tagName) {
-        try {
-            // Check if GPG is available
-            try {
-                await safeExec('gpg', ['--version']);
-            }
-            catch {
-                return {
-                    verified: false,
-                    error: 'GPG is not installed or not available in PATH'
-                };
-            }
-            // Verify the tag signature
-            const { stdout, stderr } = await safeExec('git', ['verify-tag', tagName]);
-            // Parse GPG output (comes on stderr)
-            const output = stderr || stdout;
-            // Check for good signature
-            if (!output.includes('Good signature')) {
-                // Check if tag is unsigned
-                if (output.includes('error: no signature found')) {
-                    if (this.allowUnsignedInDev && process.env.NODE_ENV !== 'production') {
-                        return {
-                            verified: true,
-                            error: 'Tag is unsigned (allowed in development mode)'
-                        };
-                    }
-                    return {
-                        verified: false,
-                        error: 'Tag is not signed'
-                    };
-                }
-                return {
-                    verified: false,
-                    error: 'Invalid signature'
-                };
-            }
-            // Extract signer information
-            const keyMatch = output.match(/key (?:ID )?([A-F0-9]+)/i);
-            const emailMatch = output.match(/"([^"]+)"/);
-            const dateMatch = output.match(/made (\w+ \w+ \d+ \d+:\d+:\d+ \d+ \w+)/);
-            const signerKey = keyMatch ? keyMatch[1] : undefined;
-            const signerEmail = emailMatch ? emailMatch[1] : undefined;
-            const signatureDate = dateMatch ? new Date(dateMatch[1]) : undefined;
-            // Check if key is trusted
-            if (this.trustedKeys.size > 0 && signerKey) {
-                // Check if the key ID ends with any of our trusted keys
-                const isTrusted = Array.from(this.trustedKeys).some(trustedKey => signerKey.endsWith(trustedKey.toUpperCase()));
-                if (!isTrusted) {
-                    return {
-                        verified: false,
-                        signerKey,
-                        signerEmail,
-                        signatureDate,
-                        error: `Signature is valid but key ${signerKey} is not in trusted keys list`
-                    };
-                }
-            }
-            return {
-                verified: true,
-                signerKey,
-                signerEmail,
-                signatureDate
-            };
-        }
-        catch (error) {
-            return {
-                verified: false,
-                error: `Failed to verify signature: ${error instanceof Error ? error.message : String(error)}`
-            };
-        }
-    }
-    /**
-     * Verify a file checksum against expected value
-     * @param filePath Path to the file to verify
-     * @param expectedChecksum Expected SHA256 checksum
-     * @returns Verification result
-     */
-    async verifyChecksum(filePath, expectedChecksum) {
-        try {
-            // Read file and calculate checksum
-            const fileBuffer = await fs.readFile(filePath);
-            const hash = crypto.createHash('sha256');
-            hash.update(fileBuffer);
-            const actualChecksum = hash.digest('hex');
-            // Compare checksums
-            const verified = actualChecksum.toLowerCase() === expectedChecksum.toLowerCase();
-            return {
-                verified,
-                expectedChecksum,
-                actualChecksum,
-                error: verified ? undefined : 'Checksum mismatch'
-            };
-        }
-        catch (error) {
-            return {
-                verified: false,
-                expectedChecksum,
-                error: `Failed to verify checksum: ${error instanceof Error ? error.message : String(error)}`
-            };
-        }
-    }
-    /**
-     * Verify release artifacts using a checksums file
-     * @param checksumsFile Path to checksums file (e.g., SHA256SUMS)
-     * @param artifactDir Directory containing artifacts to verify
-     * @returns Map of filename to verification result
-     */
-    async verifyReleaseArtifacts(checksumsFile, artifactDir) {
-        const results = new Map();
-        try {
-            // Read checksums file
-            const checksumsContent = await fs.readFile(checksumsFile, 'utf-8');
-            const lines = checksumsContent.split('\n').filter(line => line.trim());
-            // Parse checksums (format: "checksum  filename" or "checksum *filename")
-            for (const line of lines) {
-                const match = line.match(/^([a-f0-9]+)\s+\*?(.+)$/i);
-                if (!match)
-                    continue;
-                const [, checksum, filename] = match;
-                const filePath = path.join(artifactDir, filename);
-                // Verify each file
-                const result = await this.verifyChecksum(filePath, checksum);
-                results.set(filename, result);
-            }
-            return results;
-        }
-        catch (error) {
-            // If we can't read the checksums file, mark all as unverified
-            results.set('*', {
-                verified: false,
-                error: `Failed to read checksums file: ${error instanceof Error ? error.message : String(error)}`
-            });
-            return results;
-        }
-    }
-    /**
-     * Add a trusted key for signature verification
-     * @param keyId GPG key ID or fingerprint
-     */
-    addTrustedKey(keyId) {
-        this.trustedKeys.add(keyId.toUpperCase());
-    }
-    /**
-     * Remove a trusted key
-     * @param keyId GPG key ID or fingerprint
-     */
-    removeTrustedKey(keyId) {
-        this.trustedKeys.delete(keyId.toUpperCase());
-    }
-    /**
-     * Get list of trusted keys
-     */
-    getTrustedKeys() {
-        return Array.from(this.trustedKeys);
-    }
-    /**
-     * Import a GPG public key
-     * @param keyData The public key data to import
-     * @returns Success status
-     */
-    async importPublicKey(keyData) {
-        try {
-            // Write key data to temporary file with secure random name
-            const tempFile = path.join(process.cwd(), `.gpg-import-${randomBytes(8).toString('hex')}.asc`);
-            await fs.writeFile(tempFile, keyData);
-            try {
-                // Import the key
-                await safeExec('gpg', ['--import', tempFile]);
-                return true;
-            }
-            finally {
-                // Clean up temp file
-                await fs.unlink(tempFile).catch(() => { });
-            }
-        }
-        catch (error) {
-            logger.error('Failed to import GPG key:', error);
-            return false;
-        }
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU2lnbmF0dXJlVmVyaWZpZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvdXBkYXRlL1NpZ25hdHVyZVZlcmlmaWVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7OztHQVFHO0FBRUgsT0FBTyxFQUFFLFFBQVEsRUFBRSxNQUFNLGlCQUFpQixDQUFDO0FBQzNDLE9BQU8sS0FBSyxNQUFNLE1BQU0sUUFBUSxDQUFDO0FBQ2pDLE9BQU8sS0FBSyxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQ2xDLE9BQU8sS0FBSyxJQUFJLE1BQU0sTUFBTSxDQUFDO0FBQzdCLE9BQU8sRUFBRSxXQUFXLEVBQUUsTUFBTSxRQUFRLENBQUM7QUFDckMsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLG9CQUFvQixDQUFDO0FBaUI1QyxNQUFNLE9BQU8saUJBQWlCO0lBQ3BCLFdBQVcsQ0FBYztJQUN6QixrQkFBa0IsQ0FBVTtJQUVwQyxZQUFZLE9BR1g7UUFDQyw4REFBOEQ7UUFDOUQsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLEdBQUcsQ0FBQyxPQUFPLEVBQUUsV0FBVyxJQUFJO1FBQ2pELHdDQUF3QztRQUN4QyxzREFBc0Q7U0FDdkQsQ0FBQyxDQUFDO1FBRUgsOENBQThDO1FBQzlDLElBQUksQ0FBQyxrQkFBa0IsR0FBRyxPQUFPLEVBQUUsa0JBQWtCLElBQUksSUFBSSxDQUFDO0lBQ2hFLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLGtCQUFrQixDQUFDLE9BQWU7UUFDdEMsSUFBSSxDQUFDO1lBQ0gsNEJBQTRCO1lBQzVCLElBQUksQ0FBQztnQkFDSCxNQUFNLFFBQVEsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDO1lBQ3ZDLENBQUM7WUFBQyxNQUFNLENBQUM7Z0JBQ1AsT0FBTztvQkFDTCxRQUFRLEVBQUUsS0FBSztvQkFDZixLQUFLLEVBQUUsK0NBQStDO2lCQUN2RCxDQUFDO1lBQ0osQ0FBQztZQUVELDJCQUEyQjtZQUMzQixNQUFNLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxHQUFHLE1BQU0sUUFBUSxDQUFDLEtBQUssRUFBRSxDQUFDLFlBQVksRUFBRSxPQUFPLENBQUMsQ0FBQyxDQUFDO1lBRTFFLHFDQUFxQztZQUNyQyxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksTUFBTSxDQUFDO1lBRWhDLDJCQUEyQjtZQUMzQixJQUFJLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxFQUFFLENBQUM7Z0JBQ3ZDLDJCQUEyQjtnQkFDM0IsSUFBSSxNQUFNLENBQUMsUUFBUSxDQUFDLDJCQUEyQixDQUFDLEVBQUUsQ0FBQztvQkFDakQsSUFBSSxJQUFJLENBQUMsa0JBQWtCLElBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxRQUFRLEtBQUssWUFBWSxFQUFFLENBQUM7d0JBQ3JFLE9BQU87NEJBQ0wsUUFBUSxFQUFFLElBQUk7NEJBQ2QsS0FBSyxFQUFFLCtDQUErQzt5QkFDdkQsQ0FBQztvQkFDSixDQUFDO29CQUNELE9BQU87d0JBQ0wsUUFBUSxFQUFFLEtBQUs7d0JBQ2YsS0FBSyxFQUFFLG1CQUFtQjtxQkFDM0IsQ0FBQztnQkFDSixDQUFDO2dCQUVELE9BQU87b0JBQ0wsUUFBUSxFQUFFLEtBQUs7b0JBQ2YsS0FBSyxFQUFFLG1CQUFtQjtpQkFDM0IsQ0FBQztZQUNKLENBQUM7WUFFRCw2QkFBNkI7WUFDN0IsTUFBTSxRQUFRLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO1lBQzFELE1BQU0sVUFBVSxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUM7WUFDN0MsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyx3Q0FBd0MsQ0FBQyxDQUFDO1lBRXpFLE1BQU0sU0FBUyxHQUFHLFFBQVEsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUM7WUFDckQsTUFBTSxXQUFXLEdBQUcsVUFBVSxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQztZQUMzRCxNQUFNLGFBQWEsR0FBRyxTQUFTLENBQUMsQ0FBQyxDQUFDLElBQUksSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUM7WUFFckUsMEJBQTBCO1lBQzFCLElBQUksSUFBSSxDQUFDLFdBQVcsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxJQUFJLFNBQVMsRUFBRSxDQUFDO2dCQUMzQyx3REFBd0Q7Z0JBQ3hELE1BQU0sU0FBUyxHQUFHLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsRUFBRSxDQUMvRCxTQUFTLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUM3QyxDQUFDO2dCQUVGLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztvQkFDZixPQUFPO3dCQUNMLFFBQVEsRUFBRSxLQUFLO3dCQUNmLFNBQVM7d0JBQ1QsV0FBVzt3QkFDWCxhQUFhO3dCQUNiLEtBQUssRUFBRSw4QkFBOEIsU0FBUyw4QkFBOEI7cUJBQzdFLENBQUM7Z0JBQ0osQ0FBQztZQUNILENBQUM7WUFFRCxPQUFPO2dCQUNMLFFBQVEsRUFBRSxJQUFJO2dCQUNkLFNBQVM7Z0JBQ1QsV0FBVztnQkFDWCxhQUFhO2FBQ2QsQ0FBQztRQUVKLENBQUM7UUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1lBQ2YsT0FBTztnQkFDTCxRQUFRLEVBQUUsS0FBSztnQkFDZixLQUFLLEVBQUUsK0JBQStCLEtBQUssWUFBWSxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsRUFBRTthQUMvRixDQUFDO1FBQ0osQ0FBQztJQUNILENBQUM7SUFFRDs7Ozs7T0FLRztJQUNILEtBQUssQ0FBQyxjQUFjLENBQUMsUUFBZ0IsRUFBRSxnQkFBd0I7UUFDN0QsSUFBSSxDQUFDO1lBQ0gsbUNBQW1DO1lBQ25DLE1BQU0sVUFBVSxHQUFHLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUMvQyxNQUFNLElBQUksR0FBRyxNQUFNLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBQ3pDLElBQUksQ0FBQyxNQUFNLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDeEIsTUFBTSxjQUFjLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUUxQyxvQkFBb0I7WUFDcEIsTUFBTSxRQUFRLEdBQUcsY0FBYyxDQUFDLFdBQVcsRUFBRSxLQUFLLGdCQUFnQixDQUFDLFdBQVcsRUFBRSxDQUFDO1lBRWpGLE9BQU87Z0JBQ0wsUUFBUTtnQkFDUixnQkFBZ0I7Z0JBQ2hCLGNBQWM7Z0JBQ2QsS0FBSyxFQUFFLFFBQVEsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxtQkFBbUI7YUFDbEQsQ0FBQztRQUVKLENBQUM7UUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1lBQ2YsT0FBTztnQkFDTCxRQUFRLEVBQUUsS0FBSztnQkFDZixnQkFBZ0I7Z0JBQ2hCLEtBQUssRUFBRSw4QkFBOEIsS0FBSyxZQUFZLEtBQUssQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxFQUFFO2FBQzlGLENBQUM7UUFDSixDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0gsS0FBSyxDQUFDLHNCQUFzQixDQUMxQixhQUFxQixFQUNyQixXQUFtQjtRQUVuQixNQUFNLE9BQU8sR0FBRyxJQUFJLEdBQUcsRUFBc0MsQ0FBQztRQUU5RCxJQUFJLENBQUM7WUFDSCxzQkFBc0I7WUFDdEIsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLEVBQUUsQ0FBQyxRQUFRLENBQUMsYUFBYSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQ25FLE1BQU0sS0FBSyxHQUFHLGdCQUFnQixDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQztZQUV2RSx5RUFBeUU7WUFDekUsS0FBSyxNQUFNLElBQUksSUFBSSxLQUFLLEVBQUUsQ0FBQztnQkFDekIsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO2dCQUNyRCxJQUFJLENBQUMsS0FBSztvQkFBRSxTQUFTO2dCQUVyQixNQUFNLENBQUMsRUFBRSxRQUFRLEVBQUUsUUFBUSxDQUFDLEdBQUcsS0FBSyxDQUFDO2dCQUNyQyxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxRQUFRLENBQUMsQ0FBQztnQkFFbEQsbUJBQW1CO2dCQUNuQixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsUUFBUSxFQUFFLFFBQVEsQ0FBQyxDQUFDO2dCQUM3RCxPQUFPLENBQUMsR0FBRyxDQUFDLFFBQVEsRUFBRSxNQUFNLENBQUMsQ0FBQztZQUNoQyxDQUFDO1lBRUQsT0FBTyxPQUFPLENBQUM7UUFFakIsQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDZiw4REFBOEQ7WUFDOUQsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUU7Z0JBQ2YsUUFBUSxFQUFFLEtBQUs7Z0JBQ2YsS0FBSyxFQUFFLGtDQUFrQyxLQUFLLFlBQVksS0FBSyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLEVBQUU7YUFDbEcsQ0FBQyxDQUFDO1lBQ0gsT0FBTyxPQUFPLENBQUM7UUFDakIsQ0FBQztJQUNILENBQUM7SUFFRDs7O09BR0c7SUFDSCxhQUFhLENBQUMsS0FBYTtRQUN6QixJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsZ0JBQWdCLENBQUMsS0FBYTtRQUM1QixJQUFJLENBQUMsV0FBVyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBRUQ7O09BRUc7SUFDSCxjQUFjO1FBQ1osT0FBTyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEtBQUssQ0FBQyxlQUFlLENBQUMsT0FBZTtRQUNuQyxJQUFJLENBQUM7WUFDSCwyREFBMkQ7WUFDM0QsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxFQUFFLEVBQUUsZUFBZSxXQUFXLENBQUMsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUMvRixNQUFNLEVBQUUsQ0FBQyxTQUFTLENBQUMsUUFBUSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBRXRDLElBQUksQ0FBQztnQkFDSCxpQkFBaUI7Z0JBQ2pCLE1BQU0sUUFBUSxDQUFDLEtBQUssRUFBRSxDQUFDLFVBQVUsRUFBRSxRQUFRLENBQUMsQ0FBQyxDQUFDO2dCQUM5QyxPQUFPLElBQUksQ0FBQztZQUNkLENBQUM7b0JBQVMsQ0FBQztnQkFDVCxxQkFBcUI7Z0JBQ3JCLE1BQU0sRUFBRSxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsQ0FBQyxLQUFLLENBQUMsR0FBRyxFQUFFLEdBQUUsQ0FBQyxDQUFDLENBQUM7WUFDNUMsQ0FBQztRQUVILENBQUM7UUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1lBQ2YsTUFBTSxDQUFDLEtBQUssQ0FBQywyQkFBMkIsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUNqRCxPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7SUFDSCxDQUFDO0NBQ0YiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqIFNpZ25hdHVyZVZlcmlmaWVyIC0gVmVyaWZpZXMgR2l0SHViIHJlbGVhc2Ugc2lnbmF0dXJlcyB0byBlbnN1cmUgYXV0aGVudGljaXR5XG4gKiBcbiAqIFNlY3VyaXR5IGZlYXR1cmVzOlxuICogLSBWZXJpZmllcyBHUEcgc2lnbmF0dXJlcyBvbiBnaXQgdGFnc1xuICogLSBWYWxpZGF0ZXMgcmVsZWFzZSBhcnRpZmFjdHMgY2hlY2tzdW1zXG4gKiAtIEVuc3VyZXMgcmVsZWFzZXMgY29tZSBmcm9tIHRydXN0ZWQgc291cmNlc1xuICogLSBQcmV2ZW50cyB0YW1wZXJpbmcgYW5kIHN1cHBseSBjaGFpbiBhdHRhY2tzXG4gKi9cblxuaW1wb3J0IHsgc2FmZUV4ZWMgfSBmcm9tICcuLi91dGlscy9naXQuanMnO1xuaW1wb3J0ICogYXMgY3J5cHRvIGZyb20gJ2NyeXB0byc7XG5pbXBvcnQgKiBhcyBmcyBmcm9tICdmcy9wcm9taXNlcyc7XG5pbXBvcnQgKiBhcyBwYXRoIGZyb20gJ3BhdGgnO1xuaW1wb3J0IHsgcmFuZG9tQnl0ZXMgfSBmcm9tICdjcnlwdG8nO1xuaW1wb3J0IHsgbG9nZ2VyIH0gZnJvbSAnLi4vdXRpbHMvbG9nZ2VyLmpzJztcblxuZXhwb3J0IGludGVyZmFjZSBTaWduYXR1cmVWZXJpZmljYXRpb25SZXN1bHQge1xuICB2ZXJpZmllZDogYm9vbGVhbjtcbiAgc2lnbmVyS2V5Pzogc3RyaW5nO1xuICBzaWduZXJFbWFpbD86IHN0cmluZztcbiAgc2lnbmF0dXJlRGF0ZT86IERhdGU7XG4gIGVycm9yPzogc3RyaW5nO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIENoZWNrc3VtVmVyaWZpY2F0aW9uUmVzdWx0IHtcbiAgdmVyaWZpZWQ6IGJvb2xlYW47XG4gIGV4cGVjdGVkQ2hlY2tzdW0/OiBzdHJpbmc7XG4gIGFjdHVhbENoZWNrc3VtPzogc3RyaW5nO1xuICBlcnJvcj86IHN0cmluZztcbn1cblxuZXhwb3J0IGNsYXNzIFNpZ25hdHVyZVZlcmlmaWVyIHtcbiAgcHJpdmF0ZSB0cnVzdGVkS2V5czogU2V0PHN0cmluZz47XG4gIHByaXZhdGUgYWxsb3dVbnNpZ25lZEluRGV2OiBib29sZWFuO1xuICBcbiAgY29uc3RydWN0b3Iob3B0aW9ucz86IHtcbiAgICB0cnVzdGVkS2V5cz86IHN0cmluZ1tdO1xuICAgIGFsbG93VW5zaWduZWRJbkRldj86IGJvb2xlYW47XG4gIH0pIHtcbiAgICAvLyBEZWZhdWx0IHRydXN0ZWQga2V5cyAtIHNob3VsZCBiZSBHUEcga2V5IElEcyBvZiBtYWludGFpbmVyc1xuICAgIHRoaXMudHJ1c3RlZEtleXMgPSBuZXcgU2V0KG9wdGlvbnM/LnRydXN0ZWRLZXlzIHx8IFtcbiAgICAgIC8vIEFkZCB0cnVzdGVkIEdQRyBrZXkgZmluZ2VycHJpbnRzIGhlcmVcbiAgICAgIC8vIEV4YW1wbGU6ICcxMjM0NTY3ODkwQUJDREVGMTIzNDU2Nzg5MEFCQ0RFRjEyMzQ1Njc4J1xuICAgIF0pO1xuICAgIFxuICAgIC8vIEFsbG93IHVuc2lnbmVkIHJlbGVhc2VzIGluIGRldmVsb3BtZW50IG1vZGVcbiAgICB0aGlzLmFsbG93VW5zaWduZWRJbkRldiA9IG9wdGlvbnM/LmFsbG93VW5zaWduZWRJbkRldiA/PyB0cnVlO1xuICB9XG4gIFxuICAvKipcbiAgICogVmVyaWZ5IGEgZ2l0IHRhZyBzaWduYXR1cmVcbiAgICogQHBhcmFtIHRhZ05hbWUgVGhlIHRhZyB0byB2ZXJpZnkgKGUuZy4sICd2MS4yLjAnKVxuICAgKiBAcmV0dXJucyBWZXJpZmljYXRpb24gcmVzdWx0IHdpdGggc2lnbmVyIGluZm9ybWF0aW9uXG4gICAqL1xuICBhc3luYyB2ZXJpZnlUYWdTaWduYXR1cmUodGFnTmFtZTogc3RyaW5nKTogUHJvbWlzZTxTaWduYXR1cmVWZXJpZmljYXRpb25SZXN1bHQ+IHtcbiAgICB0cnkge1xuICAgICAgLy8gQ2hlY2sgaWYgR1BHIGlzIGF2YWlsYWJsZVxuICAgICAgdHJ5IHtcbiAgICAgICAgYXdhaXQgc2FmZUV4ZWMoJ2dwZycsIFsnLS12ZXJzaW9uJ10pO1xuICAgICAgfSBjYXRjaCB7XG4gICAgICAgIHJldHVybiB7XG4gICAgICAgICAgdmVyaWZpZWQ6IGZhbHNlLFxuICAgICAgICAgIGVycm9yOiAnR1BHIGlzIG5vdCBpbnN0YWxsZWQgb3Igbm90IGF2YWlsYWJsZSBpbiBQQVRIJ1xuICAgICAgICB9O1xuICAgICAgfVxuICAgICAgXG4gICAgICAvLyBWZXJpZnkgdGhlIHRhZyBzaWduYXR1cmVcbiAgICAgIGNvbnN0IHsgc3Rkb3V0LCBzdGRlcnIgfSA9IGF3YWl0IHNhZmVFeGVjKCdnaXQnLCBbJ3ZlcmlmeS10YWcnLCB0YWdOYW1lXSk7XG4gICAgICBcbiAgICAgIC8vIFBhcnNlIEdQRyBvdXRwdXQgKGNvbWVzIG9uIHN0ZGVycilcbiAgICAgIGNvbnN0IG91dHB1dCA9IHN0ZGVyciB8fCBzdGRvdXQ7XG4gICAgICBcbiAgICAgIC8vIENoZWNrIGZvciBnb29kIHNpZ25hdHVyZVxuICAgICAgaWYgKCFvdXRwdXQuaW5jbHVkZXMoJ0dvb2Qgc2lnbmF0dXJlJykpIHtcbiAgICAgICAgLy8gQ2hlY2sgaWYgdGFnIGlzIHVuc2lnbmVkXG4gICAgICAgIGlmIChvdXRwdXQuaW5jbHVkZXMoJ2Vycm9yOiBubyBzaWduYXR1cmUgZm91bmQnKSkge1xuICAgICAgICAgIGlmICh0aGlzLmFsbG93VW5zaWduZWRJbkRldiAmJiBwcm9jZXNzLmVudi5OT0RFX0VOViAhPT0gJ3Byb2R1Y3Rpb24nKSB7XG4gICAgICAgICAgICByZXR1cm4ge1xuICAgICAgICAgICAgICB2ZXJpZmllZDogdHJ1ZSxcbiAgICAgICAgICAgICAgZXJyb3I6ICdUYWcgaXMgdW5zaWduZWQgKGFsbG93ZWQgaW4gZGV2ZWxvcG1lbnQgbW9kZSknXG4gICAgICAgICAgICB9O1xuICAgICAgICAgIH1cbiAgICAgICAgICByZXR1cm4ge1xuICAgICAgICAgICAgdmVyaWZpZWQ6IGZhbHNlLFxuICAgICAgICAgICAgZXJyb3I6ICdUYWcgaXMgbm90IHNpZ25lZCdcbiAgICAgICAgICB9O1xuICAgICAgICB9XG4gICAgICAgIFxuICAgICAgICByZXR1cm4ge1xuICAgICAgICAgIHZlcmlmaWVkOiBmYWxzZSxcbiAgICAgICAgICBlcnJvcjogJ0ludmFsaWQgc2lnbmF0dXJlJ1xuICAgICAgICB9O1xuICAgICAgfVxuICAgICAgXG4gICAgICAvLyBFeHRyYWN0IHNpZ25lciBpbmZvcm1hdGlvblxuICAgICAgY29uc3Qga2V5TWF0Y2ggPSBvdXRwdXQubWF0Y2goL2tleSAoPzpJRCApPyhbQS1GMC05XSspL2kpO1xuICAgICAgY29uc3QgZW1haWxNYXRjaCA9IG91dHB1dC5tYXRjaCgvXCIoW15cIl0rKVwiLyk7XG4gICAgICBjb25zdCBkYXRlTWF0Y2ggPSBvdXRwdXQubWF0Y2goL21hZGUgKFxcdysgXFx3KyBcXGQrIFxcZCs6XFxkKzpcXGQrIFxcZCsgXFx3KykvKTtcbiAgICAgIFxuICAgICAgY29uc3Qgc2lnbmVyS2V5ID0ga2V5TWF0Y2ggPyBrZXlNYXRjaFsxXSA6IHVuZGVmaW5lZDtcbiAgICAgIGNvbnN0IHNpZ25lckVtYWlsID0gZW1haWxNYXRjaCA/IGVtYWlsTWF0Y2hbMV0gOiB1bmRlZmluZWQ7XG4gICAgICBjb25zdCBzaWduYXR1cmVEYXRlID0gZGF0ZU1hdGNoID8gbmV3IERhdGUoZGF0ZU1hdGNoWzFdKSA6IHVuZGVmaW5lZDtcbiAgICAgIFxuICAgICAgLy8gQ2hlY2sgaWYga2V5IGlzIHRydXN0ZWRcbiAgICAgIGlmICh0aGlzLnRydXN0ZWRLZXlzLnNpemUgPiAwICYmIHNpZ25lcktleSkge1xuICAgICAgICAvLyBDaGVjayBpZiB0aGUga2V5IElEIGVuZHMgd2l0aCBhbnkgb2Ygb3VyIHRydXN0ZWQga2V5c1xuICAgICAgICBjb25zdCBpc1RydXN0ZWQgPSBBcnJheS5mcm9tKHRoaXMudHJ1c3RlZEtleXMpLnNvbWUodHJ1c3RlZEtleSA9PiBcbiAgICAgICAgICBzaWduZXJLZXkuZW5kc1dpdGgodHJ1c3RlZEtleS50b1VwcGVyQ2FzZSgpKVxuICAgICAgICApO1xuICAgICAgICBcbiAgICAgICAgaWYgKCFpc1RydXN0ZWQpIHtcbiAgICAgICAgICByZXR1cm4ge1xuICAgICAgICAgICAgdmVyaWZpZWQ6IGZhbHNlLFxuICAgICAgICAgICAgc2lnbmVyS2V5LFxuICAgICAgICAgICAgc2lnbmVyRW1haWwsXG4gICAgICAgICAgICBzaWduYXR1cmVEYXRlLFxuICAgICAgICAgICAgZXJyb3I6IGBTaWduYXR1cmUgaXMgdmFsaWQgYnV0IGtleSAke3NpZ25lcktleX0gaXMgbm90IGluIHRydXN0ZWQga2V5cyBsaXN0YFxuICAgICAgICAgIH07XG4gICAgICAgIH1cbiAgICAgIH1cbiAgICAgIFxuICAgICAgcmV0dXJuIHtcbiAgICAgICAgdmVyaWZpZWQ6IHRydWUsXG4gICAgICAgIHNpZ25lcktleSxcbiAgICAgICAgc2lnbmVyRW1haWwsXG4gICAgICAgIHNpZ25hdHVyZURhdGVcbiAgICAgIH07XG4gICAgICBcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgcmV0dXJuIHtcbiAgICAgICAgdmVyaWZpZWQ6IGZhbHNlLFxuICAgICAgICBlcnJvcjogYEZhaWxlZCB0byB2ZXJpZnkgc2lnbmF0dXJlOiAke2Vycm9yIGluc3RhbmNlb2YgRXJyb3IgPyBlcnJvci5tZXNzYWdlIDogU3RyaW5nKGVycm9yKX1gXG4gICAgICB9O1xuICAgIH1cbiAgfVxuICBcbiAgLyoqXG4gICAqIFZlcmlmeSBhIGZpbGUgY2hlY2tzdW0gYWdhaW5zdCBleHBlY3RlZCB2YWx1ZVxuICAgKiBAcGFyYW0gZmlsZVBhdGggUGF0aCB0byB0aGUgZmlsZSB0byB2ZXJpZnlcbiAgICogQHBhcmFtIGV4cGVjdGVkQ2hlY2tzdW0gRXhwZWN0ZWQgU0hBMjU2IGNoZWNrc3VtXG4gICAqIEByZXR1cm5zIFZlcmlmaWNhdGlvbiByZXN1bHRcbiAgICovXG4gIGFzeW5jIHZlcmlmeUNoZWNrc3VtKGZpbGVQYXRoOiBzdHJpbmcsIGV4cGVjdGVkQ2hlY2tzdW06IHN0cmluZyk6IFByb21pc2U8Q2hlY2tzdW1WZXJpZmljYXRpb25SZXN1bHQ+IHtcbiAgICB0cnkge1xuICAgICAgLy8gUmVhZCBmaWxlIGFuZCBjYWxjdWxhdGUgY2hlY2tzdW1cbiAgICAgIGNvbnN0IGZpbGVCdWZmZXIgPSBhd2FpdCBmcy5yZWFkRmlsZShmaWxlUGF0aCk7XG4gICAgICBjb25zdCBoYXNoID0gY3J5cHRvLmNyZWF0ZUhhc2goJ3NoYTI1NicpO1xuICAgICAgaGFzaC51cGRhdGUoZmlsZUJ1ZmZlcik7XG4gICAgICBjb25zdCBhY3R1YWxDaGVja3N1bSA9IGhhc2guZGlnZXN0KCdoZXgnKTtcbiAgICAgIFxuICAgICAgLy8gQ29tcGFyZSBjaGVja3N1bXNcbiAgICAgIGNvbnN0IHZlcmlmaWVkID0gYWN0dWFsQ2hlY2tzdW0udG9Mb3dlckNhc2UoKSA9PT0gZXhwZWN0ZWRDaGVja3N1bS50b0xvd2VyQ2FzZSgpO1xuICAgICAgXG4gICAgICByZXR1cm4ge1xuICAgICAgICB2ZXJpZmllZCxcbiAgICAgICAgZXhwZWN0ZWRDaGVja3N1bSxcbiAgICAgICAgYWN0dWFsQ2hlY2tzdW0sXG4gICAgICAgIGVycm9yOiB2ZXJpZmllZCA/IHVuZGVmaW5lZCA6ICdDaGVja3N1bSBtaXNtYXRjaCdcbiAgICAgIH07XG4gICAgICBcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgcmV0dXJuIHtcbiAgICAgICAgdmVyaWZpZWQ6IGZhbHNlLFxuICAgICAgICBleHBlY3RlZENoZWNrc3VtLFxuICAgICAgICBlcnJvcjogYEZhaWxlZCB0byB2ZXJpZnkgY2hlY2tzdW06ICR7ZXJyb3IgaW5zdGFuY2VvZiBFcnJvciA/IGVycm9yLm1lc3NhZ2UgOiBTdHJpbmcoZXJyb3IpfWBcbiAgICAgIH07XG4gICAgfVxuICB9XG4gIFxuICAvKipcbiAgICogVmVyaWZ5IHJlbGVhc2UgYXJ0aWZhY3RzIHVzaW5nIGEgY2hlY2tzdW1zIGZpbGVcbiAgICogQHBhcmFtIGNoZWNrc3Vtc0ZpbGUgUGF0aCB0byBjaGVja3N1bXMgZmlsZSAoZS5nLiwgU0hBMjU2U1VNUylcbiAgICogQHBhcmFtIGFydGlmYWN0RGlyIERpcmVjdG9yeSBjb250YWluaW5nIGFydGlmYWN0cyB0byB2ZXJpZnlcbiAgICogQHJldHVybnMgTWFwIG9mIGZpbGVuYW1lIHRvIHZlcmlmaWNhdGlvbiByZXN1bHRcbiAgICovXG4gIGFzeW5jIHZlcmlmeVJlbGVhc2VBcnRpZmFjdHMoXG4gICAgY2hlY2tzdW1zRmlsZTogc3RyaW5nLCBcbiAgICBhcnRpZmFjdERpcjogc3RyaW5nXG4gICk6IFByb21pc2U8TWFwPHN0cmluZywgQ2hlY2tzdW1WZXJpZmljYXRpb25SZXN1bHQ+PiB7XG4gICAgY29uc3QgcmVzdWx0cyA9IG5ldyBNYXA8c3RyaW5nLCBDaGVja3N1bVZlcmlmaWNhdGlvblJlc3VsdD4oKTtcbiAgICBcbiAgICB0cnkge1xuICAgICAgLy8gUmVhZCBjaGVja3N1bXMgZmlsZVxuICAgICAgY29uc3QgY2hlY2tzdW1zQ29udGVudCA9IGF3YWl0IGZzLnJlYWRGaWxlKGNoZWNrc3Vtc0ZpbGUsICd1dGYtOCcpO1xuICAgICAgY29uc3QgbGluZXMgPSBjaGVja3N1bXNDb250ZW50LnNwbGl0KCdcXG4nKS5maWx0ZXIobGluZSA9PiBsaW5lLnRyaW0oKSk7XG4gICAgICBcbiAgICAgIC8vIFBhcnNlIGNoZWNrc3VtcyAoZm9ybWF0OiBcImNoZWNrc3VtICBmaWxlbmFtZVwiIG9yIFwiY2hlY2tzdW0gKmZpbGVuYW1lXCIpXG4gICAgICBmb3IgKGNvbnN0IGxpbmUgb2YgbGluZXMpIHtcbiAgICAgICAgY29uc3QgbWF0Y2ggPSBsaW5lLm1hdGNoKC9eKFthLWYwLTldKylcXHMrXFwqPyguKykkL2kpO1xuICAgICAgICBpZiAoIW1hdGNoKSBjb250aW51ZTtcbiAgICAgICAgXG4gICAgICAgIGNvbnN0IFssIGNoZWNrc3VtLCBmaWxlbmFtZV0gPSBtYXRjaDtcbiAgICAgICAgY29uc3QgZmlsZVBhdGggPSBwYXRoLmpvaW4oYXJ0aWZhY3REaXIsIGZpbGVuYW1lKTtcbiAgICAgICAgXG4gICAgICAgIC8vIFZlcmlmeSBlYWNoIGZpbGVcbiAgICAgICAgY29uc3QgcmVzdWx0ID0gYXdhaXQgdGhpcy52ZXJpZnlDaGVja3N1bShmaWxlUGF0aCwgY2hlY2tzdW0pO1xuICAgICAgICByZXN1bHRzLnNldChmaWxlbmFtZSwgcmVzdWx0KTtcbiAgICAgIH1cbiAgICAgIFxuICAgICAgcmV0dXJuIHJlc3VsdHM7XG4gICAgICBcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgLy8gSWYgd2UgY2FuJ3QgcmVhZCB0aGUgY2hlY2tzdW1zIGZpbGUsIG1hcmsgYWxsIGFzIHVudmVyaWZpZWRcbiAgICAgIHJlc3VsdHMuc2V0KCcqJywge1xuICAgICAgICB2ZXJpZmllZDogZmFsc2UsXG4gICAgICAgIGVycm9yOiBgRmFpbGVkIHRvIHJlYWQgY2hlY2tzdW1zIGZpbGU6ICR7ZXJyb3IgaW5zdGFuY2VvZiBFcnJvciA/IGVycm9yLm1lc3NhZ2UgOiBTdHJpbmcoZXJyb3IpfWBcbiAgICAgIH0pO1xuICAgICAgcmV0dXJuIHJlc3VsdHM7XG4gICAgfVxuICB9XG4gIFxuICAvKipcbiAgICogQWRkIGEgdHJ1c3RlZCBrZXkgZm9yIHNpZ25hdHVyZSB2ZXJpZmljYXRpb25cbiAgICogQHBhcmFtIGtleUlkIEdQRyBrZXkgSUQgb3IgZmluZ2VycHJpbnRcbiAgICovXG4gIGFkZFRydXN0ZWRLZXkoa2V5SWQ6IHN0cmluZyk6IHZvaWQge1xuICAgIHRoaXMudHJ1c3RlZEtleXMuYWRkKGtleUlkLnRvVXBwZXJDYXNlKCkpO1xuICB9XG4gIFxuICAvKipcbiAgICogUmVtb3ZlIGEgdHJ1c3RlZCBrZXlcbiAgICogQHBhcmFtIGtleUlkIEdQRyBrZXkgSUQgb3IgZmluZ2VycHJpbnRcbiAgICovXG4gIHJlbW92ZVRydXN0ZWRLZXkoa2V5SWQ6IHN0cmluZyk6IHZvaWQge1xuICAgIHRoaXMudHJ1c3RlZEtleXMuZGVsZXRlKGtleUlkLnRvVXBwZXJDYXNlKCkpO1xuICB9XG4gIFxuICAvKipcbiAgICogR2V0IGxpc3Qgb2YgdHJ1c3RlZCBrZXlzXG4gICAqL1xuICBnZXRUcnVzdGVkS2V5cygpOiBzdHJpbmdbXSB7XG4gICAgcmV0dXJuIEFycmF5LmZyb20odGhpcy50cnVzdGVkS2V5cyk7XG4gIH1cbiAgXG4gIC8qKlxuICAgKiBJbXBvcnQgYSBHUEcgcHVibGljIGtleVxuICAgKiBAcGFyYW0ga2V5RGF0YSBUaGUgcHVibGljIGtleSBkYXRhIHRvIGltcG9ydFxuICAgKiBAcmV0dXJucyBTdWNjZXNzIHN0YXR1c1xuICAgKi9cbiAgYXN5bmMgaW1wb3J0UHVibGljS2V5KGtleURhdGE6IHN0cmluZyk6IFByb21pc2U8Ym9vbGVhbj4ge1xuICAgIHRyeSB7XG4gICAgICAvLyBXcml0ZSBrZXkgZGF0YSB0byB0ZW1wb3JhcnkgZmlsZSB3aXRoIHNlY3VyZSByYW5kb20gbmFtZVxuICAgICAgY29uc3QgdGVtcEZpbGUgPSBwYXRoLmpvaW4ocHJvY2Vzcy5jd2QoKSwgYC5ncGctaW1wb3J0LSR7cmFuZG9tQnl0ZXMoOCkudG9TdHJpbmcoJ2hleCcpfS5hc2NgKTtcbiAgICAgIGF3YWl0IGZzLndyaXRlRmlsZSh0ZW1wRmlsZSwga2V5RGF0YSk7XG4gICAgICBcbiAgICAgIHRyeSB7XG4gICAgICAgIC8vIEltcG9ydCB0aGUga2V5XG4gICAgICAgIGF3YWl0IHNhZmVFeGVjKCdncGcnLCBbJy0taW1wb3J0JywgdGVtcEZpbGVdKTtcbiAgICAgICAgcmV0dXJuIHRydWU7XG4gICAgICB9IGZpbmFsbHkge1xuICAgICAgICAvLyBDbGVhbiB1cCB0ZW1wIGZpbGVcbiAgICAgICAgYXdhaXQgZnMudW5saW5rKHRlbXBGaWxlKS5jYXRjaCgoKSA9PiB7fSk7XG4gICAgICB9XG4gICAgICBcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgbG9nZ2VyLmVycm9yKCdGYWlsZWQgdG8gaW1wb3J0IEdQRyBrZXk6JywgZXJyb3IpO1xuICAgICAgcmV0dXJuIGZhbHNlO1xuICAgIH1cbiAgfVxufSJdfQ==

package/dist/update/UpdateChecker.d.ts

@@ -1,132 +0,0 @@
-/**
- * UpdateChecker - Secure GitHub release update checking with comprehensive sanitization
- *
- * Security measures implemented:
- * 1. XSS Protection: DOMPurify with strict no-tags/no-attributes policy
- * 2. Command Injection Prevention: Multiple regex patterns for various escape sequences
- * 3. URL Validation: Whitelist approach allowing only http/https schemes
- * 4. Information Disclosure Prevention: Sanitized logging of sensitive data
- * 5. Length Limits: Configurable limits to prevent DoS attacks
- * 6. OWASP Patterns: Protection against PHP, ASP, hex, unicode, and octal escapes
- *
- * Performance optimizations:
- * - Cached DOMPurify instance to avoid recreation overhead
- * - Single-pass regex processing for injection patterns
- * - Exponential backoff for network retries
- */
-import { VersionManager } from './VersionManager.js';
-import { RateLimiter } from './RateLimiter.js';
-import { SignatureVerifier } from './SignatureVerifier.js';
-export interface UpdateCheckResult {
-    currentVersion: string;
-    latestVersion: string;
-    isUpdateAvailable: boolean;
-    releaseDate: string;
-    releaseNotes: string;
-    releaseUrl: string;
-    tagName?: string;
-    signatureVerified?: boolean;
-    signerInfo?: string;
-}
-export declare class UpdateChecker {
-    private versionManager;
-    private rateLimiter;
-    private signatureVerifier;
-    private static purifyWindow;
-    private static purify;
-    /**
-     * Lazily initialize DOMPurify to prevent crashes during startup
-     * CRITICAL FIX: Prevents jsdom from crashing during MCP initialization
-     */
-    private initializeDOMPurify;
-    private readonly releaseNotesMaxLength;
-    private readonly urlMaxLength;
-    private readonly securityLogger?;
-    private readonly requireSignedReleases;
-    constructor(versionManager: VersionManager, options?: {
-        releaseNotesMaxLength?: number;
-        urlMaxLength?: number;
-        securityLogger?: (event: string, details: any) => void;
-        rateLimiter?: RateLimiter;
-        signatureVerifier?: SignatureVerifier;
-        requireSignedReleases?: boolean;
-    });
-    /**
-     * Execute a network operation with retry logic and exponential backoff
-     * @param operation - The async operation to execute
-     * @param maxRetries - Maximum number of retry attempts (default: 3)
-     * @param baseDelay - Base delay in milliseconds for exponential backoff (default: 1000ms)
-     * @returns Promise resolving to the operation result
-     * @throws The last error if all retries fail
-     */
-    private retryNetworkOperation;
-    /**
-     * Check for updates from GitHub releases with security and error handling
-     * @returns UpdateCheckResult if update info is available, null if no releases found
-     * @throws Error for network or API failures or rate limit exceeded
-     */
-    checkForUpdates(): Promise<UpdateCheckResult | null>;
-    /**
-     * Get current rate limit status
-     * @returns Current rate limit status including remaining requests and reset time
-     */
-    getRateLimitStatus(): {
-        allowed: boolean;
-        remainingRequests: number;
-        resetTime: Date;
-        waitTimeSeconds?: number;
-    };
-    /**
-     * Format update check results for display with comprehensive sanitization
-     * @param result - The update check result to format
-     * @param error - Optional error from update check
-     * @param personaIndicator - Optional persona indicator prefix
-     * @returns Formatted string safe for display
-     */
-    formatUpdateCheckResult(result: UpdateCheckResult | null, error?: Error, personaIndicator?: string): string;
-    /**
-     * Sanitize URLs to prevent dangerous schemes and information disclosure
-     *
-     * Security measures:
-     * - Length validation to prevent DoS
-     * - Whitelist approach: only http/https allowed
-     * - Sanitized logging to prevent sensitive data exposure
-     *
-     * @param url - The URL to sanitize
-     * @returns Empty string if invalid/dangerous, original URL if safe
-     */
-    private sanitizeUrl;
-    /**
-     * Sanitize release notes to prevent XSS, command injection, and DoS
-     *
-     * Security layers:
-     * 1. Length limiting (configurable, default 5000 chars)
-     * 2. HTML/JS sanitization via DOMPurify (no tags/attributes allowed)
-     * 3. Command injection pattern removal (backticks, command substitution)
-     * 4. OWASP pattern removal (PHP, ASP, hex/unicode/octal escapes)
-     *
-     * @param notes - The release notes to sanitize
-     * @returns Sanitized release notes safe for display
-     */
-    private sanitizeReleaseNotes;
-    /**
-     * Format date to human-readable format with consistent timezone handling
-     * @param dateStr - ISO date string to format
-     * @returns Human-readable date string (e.g., "January 5, 2025")
-     */
-    private formatDate;
-    /**
-     * Log security events for monitoring and alerting
-     * Only logs if securityLogger callback was provided in constructor
-     * @param event - The security event type
-     * @param details - Event details (sanitized to prevent info disclosure)
-     */
-    private logSecurityEvent;
-    /**
-     * Reset static DOMPurify cache (useful for long-running processes)
-     * This prevents memory accumulation in services that run for extended periods
-     * @static
-     */
-    static resetCache(): void;
-}
-//# sourceMappingURL=UpdateChecker.d.ts.map

package/dist/update/UpdateChecker.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"UpdateChecker.d.ts","sourceRoot":"","sources":["../../src/update/UpdateChecker.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAsB,MAAM,kBAAkB,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAK3D,MAAM,WAAW,iBAAiB;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAKD,qBAAa,aAAa;IACxB,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,iBAAiB,CAAoB;IAK7C,OAAO,CAAC,MAAM,CAAC,YAAY,CAAa;IACxC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAkC;IAEvD;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAgC3B,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAS;IAC/C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAwC;IACxE,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAU;gBAG9C,cAAc,EAAE,cAAc,EAC9B,OAAO,CAAC,EAAE;QACR,qBAAqB,CAAC,EAAE,MAAM,CAAC;QAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,KAAK,IAAI,CAAC;QACvD,WAAW,CAAC,EAAE,WAAW,CAAC;QAC1B,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;QACtC,qBAAqB,CAAC,EAAE,OAAO,CAAC;KACjC;IA+CH;;;;;;;OAOG;YACW,qBAAqB;IAgCnC;;;;OAIG;IACG,eAAe,IAAI,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;IA4H1D;;;OAGG;IACH,kBAAkB,IAAI;QACpB,OAAO,EAAE,OAAO,CAAC;QACjB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,SAAS,EAAE,IAAI,CAAC;QAChB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B;IAUD;;;;;;OAMG;IACH,uBAAuB,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI,EAAE,KAAK,CAAC,EAAE,KAAK,EAAE,gBAAgB,GAAE,MAAW,GAAG,MAAM;IAoF/G;;;;;;;;;;OAUG;IACH,OAAO,CAAC,WAAW;IAiCnB;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,oBAAoB;IAqF5B;;;;OAIG;IACH,OAAO,CAAC,UAAU;IAmBlB;;;;;OAKG;IACH,OAAO,CAAC,gBAAgB;IAMxB;;;;OAIG;WACW,UAAU,IAAI,IAAI;CAIjC"}