@easynet/agent-tool 1.0.85 → 1.0.87

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (102) hide show
  1. package/README.md +1 -0
  2. package/dist/api/register-tools.d.ts +2 -1
  3. package/dist/api/register-tools.d.ts.map +1 -1
  4. package/dist/build.cjs +8 -9
  5. package/dist/build.js +3 -4
  6. package/dist/{chunk-6ORA3MNX.js → chunk-2YP4Q4BW.js} +4 -4
  7. package/dist/{chunk-6ORA3MNX.js.map → chunk-2YP4Q4BW.js.map} +1 -1
  8. package/dist/{chunk-PYCCJF7C.cjs → chunk-AGLGFQUW.cjs} +118 -7
  9. package/dist/chunk-AGLGFQUW.cjs.map +1 -0
  10. package/dist/{chunk-W2WJOS5Z.js → chunk-BBNQ6AWK.js} +6 -8
  11. package/dist/chunk-BBNQ6AWK.js.map +1 -0
  12. package/dist/{chunk-HEVWKBBQ.js → chunk-BDUSB6GT.js} +36 -6
  13. package/dist/chunk-BDUSB6GT.js.map +1 -0
  14. package/dist/{chunk-NEMGE573.js → chunk-IJVVH4JN.js} +3 -3
  15. package/dist/{chunk-NEMGE573.js.map → chunk-IJVVH4JN.js.map} +1 -1
  16. package/dist/{chunk-WUMLZERG.js → chunk-IVL4TBFB.js} +106 -4
  17. package/dist/chunk-IVL4TBFB.js.map +1 -0
  18. package/dist/{chunk-LHKEJNKL.cjs → chunk-JW4EMVTE.cjs} +38 -6
  19. package/dist/chunk-JW4EMVTE.cjs.map +1 -0
  20. package/dist/{chunk-V2RD4BHT.cjs → chunk-LKE7PMRB.cjs} +13 -13
  21. package/dist/{chunk-V2RD4BHT.cjs.map → chunk-LKE7PMRB.cjs.map} +1 -1
  22. package/dist/{chunk-5HSGVA6S.cjs → chunk-PJDINB7G.cjs} +35 -37
  23. package/dist/chunk-PJDINB7G.cjs.map +1 -0
  24. package/dist/{chunk-F4HS7H7K.cjs → chunk-QYY6PNIB.cjs} +4 -4
  25. package/dist/{chunk-F4HS7H7K.cjs.map → chunk-QYY6PNIB.cjs.map} +1 -1
  26. package/dist/{chunk-3D7XYAZO.js → chunk-SNN4QJ5Z.js} +3 -3
  27. package/dist/{chunk-3D7XYAZO.js.map → chunk-SNN4QJ5Z.js.map} +1 -1
  28. package/dist/{chunk-QCHMXVWZ.cjs → chunk-ZDEQREVL.cjs} +14 -14
  29. package/dist/{chunk-QCHMXVWZ.cjs.map → chunk-ZDEQREVL.cjs.map} +1 -1
  30. package/dist/index.cjs +256 -14
  31. package/dist/index.cjs.map +1 -1
  32. package/dist/index.js +258 -10
  33. package/dist/index.js.map +1 -1
  34. package/dist/{extension.cjs → sdk.cjs} +212 -11
  35. package/dist/sdk.cjs.map +1 -0
  36. package/dist/sdk.d.ts +17 -0
  37. package/dist/sdk.d.ts.map +1 -0
  38. package/dist/{extension.js → sdk.js} +183 -7
  39. package/dist/sdk.js.map +1 -0
  40. package/dist/tools/discoveryFactory.d.ts.map +1 -1
  41. package/dist/tools/function/scanner.d.ts.map +1 -1
  42. package/dist/tools/util/toolDescriptor.d.ts +1 -1
  43. package/dist/tools/util/toolDescriptor.d.ts.map +1 -1
  44. package/dist/utils/cli/index.cjs +23 -26
  45. package/dist/utils/cli/index.cjs.map +1 -1
  46. package/dist/utils/cli/index.js +9 -12
  47. package/dist/utils/cli/index.js.map +1 -1
  48. package/package.json +6 -20
  49. package/dist/api/main.cjs +0 -21
  50. package/dist/api/main.cjs.map +0 -1
  51. package/dist/api/main.d.ts +0 -6
  52. package/dist/api/main.d.ts.map +0 -1
  53. package/dist/api/main.js +0 -12
  54. package/dist/api/main.js.map +0 -1
  55. package/dist/chunk-5HSGVA6S.cjs.map +0 -1
  56. package/dist/chunk-ACSGEQAY.js +0 -258
  57. package/dist/chunk-ACSGEQAY.js.map +0 -1
  58. package/dist/chunk-HEVWKBBQ.js.map +0 -1
  59. package/dist/chunk-LHKEJNKL.cjs.map +0 -1
  60. package/dist/chunk-ODEHUAR4.js +0 -33
  61. package/dist/chunk-ODEHUAR4.js.map +0 -1
  62. package/dist/chunk-PYCCJF7C.cjs.map +0 -1
  63. package/dist/chunk-QEJF3KDV.cjs +0 -38
  64. package/dist/chunk-QEJF3KDV.cjs.map +0 -1
  65. package/dist/chunk-QXQ4477T.js +0 -49
  66. package/dist/chunk-QXQ4477T.js.map +0 -1
  67. package/dist/chunk-RZTTO5MQ.js +0 -65
  68. package/dist/chunk-RZTTO5MQ.js.map +0 -1
  69. package/dist/chunk-W2WJOS5Z.js.map +0 -1
  70. package/dist/chunk-WUMLZERG.js.map +0 -1
  71. package/dist/chunk-XPGHS4W7.cjs +0 -73
  72. package/dist/chunk-XPGHS4W7.cjs.map +0 -1
  73. package/dist/chunk-XW52LOLP.cjs +0 -261
  74. package/dist/chunk-XW52LOLP.cjs.map +0 -1
  75. package/dist/chunk-ZDSZHEQU.cjs +0 -52
  76. package/dist/chunk-ZDSZHEQU.cjs.map +0 -1
  77. package/dist/config/index.d.ts +0 -12
  78. package/dist/config/index.d.ts.map +0 -1
  79. package/dist/config/ref.d.ts +0 -9
  80. package/dist/config/ref.d.ts.map +0 -1
  81. package/dist/core/index.cjs +0 -20
  82. package/dist/core/index.cjs.map +0 -1
  83. package/dist/core/index.d.ts +0 -7
  84. package/dist/core/index.d.ts.map +0 -1
  85. package/dist/core/index.js +0 -3
  86. package/dist/core/index.js.map +0 -1
  87. package/dist/core/runtime.cjs +0 -26
  88. package/dist/core/runtime.cjs.map +0 -1
  89. package/dist/core/runtime.d.ts +0 -12
  90. package/dist/core/runtime.d.ts.map +0 -1
  91. package/dist/core/runtime.js +0 -5
  92. package/dist/core/runtime.js.map +0 -1
  93. package/dist/extension.cjs.map +0 -1
  94. package/dist/extension.d.ts +0 -6
  95. package/dist/extension.d.ts.map +0 -1
  96. package/dist/extension.js.map +0 -1
  97. package/dist/security.cjs +0 -193
  98. package/dist/security.cjs.map +0 -1
  99. package/dist/security.d.ts +0 -6
  100. package/dist/security.d.ts.map +0 -1
  101. package/dist/security.js +0 -182
  102. package/dist/security.js.map +0 -1
package/dist/extension.cjs.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/api/extension/contextRunner.ts","../src/api/extension/dynamicImportAdapter.ts","../src/api/extension/resolvePackageRoot.ts","../src/api/extension/registerExtension.ts","../src/api/extension/createExtension.ts","../src/api/extension/generateExtensionManifest.ts","../src/api/extension/groupPrefix.ts"],"names":["AsyncLocalStorage","path","pathToFileURL","fileURLToPath","existsSync","loadExtensionManifest","registerToolsFromManifest","readdirSync","copyFileSync","scanForTools","writeFileSync"],"mappings":";;;;;;;;;;;;;;;AAeO,SAAS,mBAAA,GAA2C;AACzD,EAAA,MAAM,OAAA,GAAU,IAAIA,6BAAA,EAAqB;AACzC,EAAA,OAAO;AAAA,IACL,OAAA,CAAQ,KAAQ,EAAA,EAA8C;AAC5D,MAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,EAAE,CAAA;AAAA,IAC5B,CAAA;AAAA,IACA,UAAA,GAAgB;AACd,MAAA,MAAM,GAAA,GAAM,QAAQ,QAAA,EAAS;AAC7B,MAAA,IAAI,QAAQ,MAAA,EAAW;AACrB,QAAA,MAAM,IAAI,MAAM,uEAAuE,CAAA;AAAA,MACzF;AACA,MAAA,OAAO,GAAA;AAAA,IACT;AAAA,GACF;AACF;AClBA,SAAS,oBAAA,CAAqB,MAAgB,IAAA,EAAwB;AACpE,EAAA,IAAI,IAAA,IAAQ,QAAQ,OAAO,IAAA,KAAS,YAAY,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,EAAG,OAAO,IAAA;AAC5E,EAAA,MAAM,IAAI,IAAA,CAAK,WAAA;AACf,EAAA,IAAI,CAAA,EAAG,IAAA,KAAS,QAAA,IAAY,CAAC,CAAA,CAAE,cAAc,OAAO,CAAA,CAAE,UAAA,KAAe,QAAA,EAAU,OAAO,IAAA;AACtF,EAAA,MAAM,QAAQ,CAAA,CAAE,UAAA;AAChB,EAAA,MAAM,WAAW,KAAA,CAAM,IAAA;AACvB,EAAA,IACE,QAAA,IAAY,IAAA,IACZ,OAAO,QAAA,KAAa,QAAA,IACnB,SAAqC,IAAA,KAAS,QAAA,IAC9C,QAAA,CAAqC,UAAA,IAAc,IAAA,EACpD;AACA,IAAA,MAAM,GAAA,GAAM,IAAA;AACZ,IAAA,IAAI,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA,CAAE,WAAW,CAAA,IAAK,MAAA,IAAU,GAAA,IAAO,OAAO,GAAA,CAAI,IAAA,KAAS,QAAA,IAAY,GAAA,CAAI,SAAS,IAAA,EAAM;AACvG,MAAA,OAAO,GAAA,CAAI,IAAA;AAAA,IACb;AAAA,EACF;AACA,EAAA,OAAO,IAAA;AACT;AAsBO,SAAS,2BACd,OAAA,EACa;AACb,EAAA,MAAM,EAAE,IAAA,EAAM,WAAA,EAAa,mBAAA,EAAqB,eAAc,GAAI,OAAA;AAClE,EAAA,OAAO;AAAA,IACL,IAAA;AAAA,IACA,MAAM,MAAA,CACJ,IAAA,EACA,IAAA,EACA,OAAA,EAC6C;AAC7C,MAAA,MAAM,OAAO,IAAA,CAAK,KAAA;AAMlB,MAAA,MAAM,aAAa,IAAA,EAAM,UAAA;AACzB,MAAA,MAAM,aAAa,IAAA,EAAM,UAAA;AACzB,MAAA,IAAI,CAAC,UAAA,IAAc,CAAC,UAAA,EAAY;AAC9B,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,eAAA,EAAkB,IAAA,CAAK,IAAI,CAAA,6CAAA,CAA+C,CAAA;AAAA,MAC5F;AACA,MAAA,MAAM,WAAA,GAAc,IAAA,EAAM,WAAA,IAAe,EAAC;AAC1C,MAAA,MAAM,UAAA,GACJ,MAAA,CAAO,IAAA,CAAK,WAAW,CAAA,CAAE,MAAA,KAAW,CAAA,GAC/B,IAAA,GACD,EAAE,GAAG,WAAA,EAAa,GAAI,IAAA,EAAiC;AAC7D,MAAA,MAAM,WAAA,GAAc,oBAAA,CAAqB,IAAA,EAAM,UAAU,CAAA;AACzD,MAAA,MAAM,mBAAA,GAAsB,MAAM,WAAA,IAAe,WAAA;AACjD,MAAA,MAAM,aAAaC,sBAAA,CAAK,IAAA,CAAK,mBAAA,EAAqB,CAAA,EAAG,UAAU,CAAA,GAAA,CAAK,CAAA;AACpE,MAAA,MAAM,GAAA,GAAM,MAAM,OAAOC,iBAAA,CAAc,UAAU,CAAA,CAAE,IAAA,CAAA;AACnD,MAAA,MAAM,OAAA,GAAU,IAAI,UAAU,CAAA;AAC9B,MAAA,IAAI,OAAO,YAAY,UAAA,EAAY;AACjC,QAAA,MAAM,IAAI,KAAA;AAAA,UACR,kBAAkB,IAAA,CAAK,IAAI,CAAA,UAAA,EAAa,UAAU,UAAU,UAAU,CAAA,kBAAA;AAAA,SACxE;AAAA,MACF;AACA,MAAA,MAAM,GAAA,GAAM,mBAAA,CAAoB,OAAA,EAAS,IAAA,EAAM,UAAqC,CAAA;AACpF,MAAA,MAAM,MAAA,GAAS,MAAM,aAAA,CAAc,OAAA,CAAQ,KAAK,MAAM,OAAA,CAAQ,WAAW,CAAC,CAAA;AAE1E,MAAA,OAAO;AAAA,QACL,QAAQ,EAAE,MAAA,EAAQ,OAAO,MAAA,EAAQ,QAAA,EAAU,OAAO,QAAA,EAAS;AAAA,QAC3D,GAAA,EAAK,EAAE,QAAA,EAAU,MAAA,CAAO,QAAA;AAAS,OACnC;AAAA,IACF;AAAA,GACF;AACF;ACzFO,SAAS,4BAA4B,aAAA,EAA+B;AACzE,EAAA,MAAM,GAAA,GAAM,aAAA,CAAc,UAAA,CAAW,OAAO,CAAA,GACxCD,sBAAAA,CAAK,OAAA,CAAQE,iBAAA,CAAc,aAAa,CAAC,CAAA,GACzCF,sBAAAA,CAAK,QAAQ,aAAa,CAAA;AAC9B,EAAA,MAAM,IAAA,GAAOA,sBAAAA,CAAK,IAAA,CAAK,GAAA,EAAK,MAAM,CAAA;AAClC,EAAA,OAAOG,aAAA,CAAW,IAAI,CAAA,GAAI,IAAA,GAAO,GAAA;AACnC;;;ACkBO,SAAS,iBAAA,CACd,UACA,OAAA,EACa;AACb,EAAA,MAAM,EAAE,aAAa,IAAA,EAAM,OAAA,EAAS,QAAQ,gBAAA,EAAkB,IAAA,EAAM,cAAa,GAAI,OAAA;AACrF,EAAA,MAAM,WAAA,GAAc,4BAA4B,WAAW,CAAA;AAC3D,EAAA,MAAM,gBAAgB,gBAAA,EAAiB;AACvC,EAAA,MAAM,MAAA,GAASC,wCAAsB,WAAW,CAAA;AAChD,EAAA,MAAM,IAAA,GAAO,OAAA,IAAW,MAAA,CAAO,IAAA,IAAQ,WAAA;AAEvC,EAAAC,2CAAA,CAA0B,QAAA,EAAU;AAAA,IAClC,iBAAA,EAAmB,WAAA;AAAA,IACnB,IAAA;AAAA,IACA,IAAA;AAAA,IACA,YAAA;AAAA,IACA;AAAA,GACD,CAAA;AAED,EAAA,MAAM,UAAU,0BAAA,CAAqC;AAAA,IACnD,IAAA;AAAA,IACA,WAAA;AAAA,IACA,mBAAA,EAAqB,CACnB,OAAA,EACA,IAAA,EACA,UAAA,KACG;AACH,MAAA,MAAM,WAAA,GAAe,IAAA,CAAK,KAAA,EAAiE,WAAA,IAAe,EAAC;AAC3G,MAAA,MAAM,UAAA,GAAc,MAAA,KAAW,MAAA,GAAa,MAAA,GAAqC,EAAC;AAClF,MAAA,MAAM,gBAAgB,UAAA,EAAY,aAAA;AAClC,MAAA,MAAM,SAAA,GAAa,IAAA,CAAK,KAAA,EAA8C,SAAA,IAAa,IAAA,CAAK,IAAA;AAExF,MAAA,MAAM,iBAAA,GACJ,aAAa,IAAA,CAAK,IAAA,CAAK,SAAS,SAAS,CAAA,IAAK,IAAA,CAAK,IAAA,CAAK,MAAA,GAAS,SAAA,CAAU,SACvE,IAAA,CAAK,IAAA,CAAK,MAAM,CAAA,EAAG,IAAA,CAAK,KAAK,MAAA,GAAS,SAAA,CAAU,MAAA,GAAS,CAAC,CAAA,GAC1D,EAAA;AACN,MAAA,MAAM,QAAQ,iBAAA,GAAoB,iBAAA,CAAkB,KAAA,CAAM,GAAG,IAAI,EAAC;AAClE,MAAA,MAAM,gBAAA,GACJ,KAAA,CAAM,MAAA,GAAS,CAAA,GAAI,GAAG,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,EAAE,EAAE,IAAA,CAAK,GAAG,CAAC,CAAA,EAAA,EAAK,SAAS,CAAA,CAAA,GAAK,EAAA;AACvE,MAAA,MAAM,OAAA,GAAW,aAAA,GAAgB,IAAA,CAAK,IAAI,CAAA,KACvC,gBAAA,GAAmB,aAAA,GAAgB,gBAAgB,CAAA,GAAI,MAAA,CAAA,IACxD,aAAA,GAAgB,SAAS,KACzB,EAAC;AACH,MAAA,MAAM,aAAA,GAAgB,KAAA,CAAM,MAAA,GAAS,CAAA,GAAI,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,CAAE,IAAA,CAAK,GAAG,CAAA,GAAI,EAAA;AACxE,MAAA,MAAM,kBAAkB,UAAA,EAAY,eAAA;AACpC,MAAA,MAAM,qBAAA,GAAA,CACH,iBAAiB,eAAA,GAAkB,aAAa,OAChD,iBAAA,IAAqB,eAAA,GAAkB,iBAAiB,CAAA,CAAA,IACzD,EAAC;AACH,MAAA,MAAM,oBAAA,GAAuB,EAAE,GAAG,UAAA,EAAW;AAC7C,MAAA,OAAQ,oBAAA,CAAiD,aAAA;AACzD,MAAA,OAAQ,oBAAA,CAAiD,eAAA;AACzD,MAAA,MAAM,cAAA,GAAiB;AAAA,QACrB,GAAG,WAAA;AAAA,QACH,GAAG,oBAAA;AAAA,QACH,GAAG,qBAAA;AAAA,QACH,GAAG,OAAA;AAAA,QACH,GAAI,cAAc;AAAC,OACrB;AACA,MAAA,OAAO,EAAE,OAAA,EAAS,MAAA,EAAQ,cAAA,EAAe;AAAA,IAC3C,CAAA;AAAA,IACA,aAAA,EAAe;AAAA,MACb,OAAA,CAAQ,KAAe,EAAA,EAAwC;AAC7D,QAAA,OAAO,aAAA,CAAc,OAAA,CAAQ,GAAA,EAAK,EAAE,CAAA;AAAA,MACtC;AAAA;AACF,GACD,CAAA;AACD,EAAA,OAAO,OAAA;AACT;;;AC3CA,SAAS,mBAAmB,OAAA,EAAwE;AAClG,EAAA,IAAI,QAAQ,WAAA,IAAe,IAAA,IAAQ,QAAQ,WAAA,KAAgB,EAAA,SAAW,OAAA,CAAQ,WAAA;AAC9E,EAAA,IAAI,OAAA,CAAQ,UAAA,EAAY,GAAA,EAAK,OAAOL,sBAAAA,CAAK,QAAQE,iBAAAA,CAAc,OAAA,CAAQ,UAAA,CAAW,GAAG,CAAC,CAAA;AACtF,EAAA,MAAM,IAAI,MAAM,oDAAoD,CAAA;AACtE;AAEO,SAAS,gBACd,OAAA,EAC6C;AAC7C,EAAA,MAAM,WAAA,GAAc,mBAAmB,OAAO,CAAA;AAC9C,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AACrB,EAAA,MAAM,WAAA,GAAc,aAAA,IAAiB,OAAA,GAAU,OAAA,CAAQ,WAAA,GAAc,MAAA;AAErE,EAAA,MAAM,gBAAgB,mBAAA,EAAyB;AAE/C,EAAA,OAAO;AAAA,IACL,QAAA,CAAS,QAAA,EAAU,gBAAA,EAAkB,IAAA,EAAM;AACzC,MAAA,MAAM,MAAA,GAAS,WAAA,GACV,WAAA,CAA4C,gBAA+B,CAAA,GAC3E,gBAAA;AACL,MAAA,OAAO,kBAAkB,QAAA,EAAU;AAAA,QACjC,WAAA;AAAA,QACA,IAAA;AAAA,QACA,MAAA;AAAA,QACA,kBAAkB,MAAM,aAAA;AAAA,QACxB,IAAA,EAAM,IAAA,EAAM,IAAA,IAAS,gBAAA,EAA6D,IAAA;AAAA,QAClF,YAAA,EAAc,IAAA,EAAM,YAAA,IAAiB,gBAAA,EAA6D;AAAA,OACnG,CAAA;AAAA,IACH,CAAA;AAAA,IACA,UAAA,GAA4C;AAC1C,MAAA,OAAO,cAAc,UAAA,EAAW;AAAA,IAClC,CAAA;AAAA,IACA,OAAA,CAAW,KAAoC,EAAA,EAAkC;AAC/E,MAAA,OAAO,aAAA,CAAc,OAAA,CAAQ,GAAA,EAAK,EAAE,CAAA;AAAA,IACtC;AAAA,GACF;AACF;ACnEA,SAAS,qBAAA,CAAsB,QAAgB,OAAA,EAAyB;AACtE,EAAA,IAAI,CAACC,aAAAA,CAAW,MAAM,CAAA,EAAG,OAAO,CAAA;AAChC,EAAA,IAAI,MAAA,GAAS,CAAA;AACb,EAAA,KAAA,MAAW,KAAKG,cAAA,CAAY,MAAA,EAAQ,EAAE,aAAA,EAAe,IAAA,EAAM,CAAA,EAAG;AAC5D,IAAA,MAAM,OAAA,GAAUN,sBAAAA,CAAK,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAI,CAAA;AACxC,IAAA,MAAM,QAAA,GAAWA,sBAAAA,CAAK,IAAA,CAAK,OAAA,EAAS,EAAE,IAAI,CAAA;AAC1C,IAAA,IAAI,CAAA,CAAE,MAAA,EAAO,KAAM,CAAA,CAAE,IAAA,CAAK,QAAA,CAAS,YAAY,CAAA,IAAK,CAAA,CAAE,IAAA,CAAK,QAAA,CAAS,eAAe,CAAA,CAAA,EAAI;AACrF,MAAA,IAAI,CAACG,cAAW,OAAO,CAAA,eAAa,OAAA,EAAS,EAAE,SAAA,EAAW,IAAA,EAAM,CAAA;AAChE,MAAAI,eAAA,CAAa,SAAS,QAAQ,CAAA;AAC9B,MAAA,MAAA,EAAA;AAAA,IACF,CAAA,MAAA,IAAW,CAAA,CAAE,WAAA,EAAY,EAAG;AAC1B,MAAA,MAAA,IAAU,qBAAA,CAAsB,SAAS,QAAQ,CAAA;AAAA,IACnD;AAAA,EACF;AACA,EAAA,OAAO,MAAA;AACT;AAMO,SAAS,0BACd,WAAA,GAAsB,OAAA,CAAQ,KAAI,EAClC,OAAA,GAA4C,EAAC,EACyB;AACtE,EAAA,MAAM,IAAA,GAAOP,sBAAAA,CAAK,OAAA,CAAQ,WAAW,CAAA;AACrC,EAAA,MAAM,MAAA,GAASA,uBAAK,OAAA,CAAQ,OAAA,CAAQ,UAAUA,sBAAAA,CAAK,IAAA,CAAK,IAAA,EAAM,MAAM,CAAC,CAAA;AACrE,EAAA,MAAM,IAAA,GAAO,QAAQ,IAAA,IAAQ,MAAA;AAE7B,EAAA,MAAM,EAAE,KAAA,EAAO,MAAA,EAAO,GAAIQ,8BAAA,CAAa;AAAA,IACrC,WAAA,EAAa,IAAA;AAAA,IACb,OAAA,EAAS,OAAA,CAAQ,OAAA,IAAW,CAAC,SAAS,CAAA;AAAA,IACtC,cAAc,OAAA,CAAQ;AAAA,GACvB,CAAA;AAED,EAAA,IAAI,MAAA,CAAO,SAAS,CAAA,EAAG;AACrB,IAAA,OAAA,CAAQ,IAAA,CAAK,0CAA0C,MAAM,CAAA;AAAA,EAC/D;AAEA,EAAA,MAAM,OAAA,GAAoC,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,KAAS;AAC5D,IAAA,MAAM,mBAAmB,IAAA,CAAK,UAAA,IAAc,EAAA,EAAI,OAAA,CAAQ,gBAAgB,EAAE,CAAA;AAC1E,IAAA,MAAM,aAAA,GAAgB,gBAAgB,OAAA,CAAQ,QAAA,EAAU,EAAE,CAAA,CAAE,OAAA,CAAQ,OAAO,GAAG,CAAA;AAC9E,IAAA,MAAM,IAAA,GAAO,KAAK,UAAA,IAAc,aAAA;AAChC,IAAA,MAAM,UAAA,GACH,IAAA,CAAK,KAAA,EAAO,IAAA,EAAM,UAAA,IAAiC,MAAA;AACtD,IAAA,OAAO;AAAA,MACL,IAAA;AAAA,MACA,WAAA,EAAa,KAAK,WAAA,IAAe,eAAA;AAAA,MACjC,aAAa,IAAA,CAAK,WAAA,IAAe,EAAE,IAAA,EAAM,QAAA,EAAU,sBAAsB,IAAA,EAAK;AAAA,MAC9E,cAAc,IAAA,CAAK,YAAA,IAAgB,EAAE,IAAA,EAAM,QAAA,EAAU,sBAAsB,IAAA,EAAK;AAAA,MAChF,UAAA,EAAY,eAAA;AAAA,MACZ,UAAA,EAAY,KAAK,UAAA,IAAc,EAAA;AAAA,MAC/B;AAAA,KACF;AAAA,EACF,CAAC,CAAA;AAED,EAAA,IAAI,CAACL,cAAW,MAAM,CAAA,eAAa,MAAA,EAAQ,EAAE,SAAA,EAAW,IAAA,EAAM,CAAA;AAC9D,EAAA,MAAM,YAAA,GAAeH,sBAAAA,CAAK,IAAA,CAAK,MAAA,EAAQ,0BAA0B,CAAA;AACjE,EAAAS,gBAAA;AAAA,IACE,YAAA;AAAA,IACA,IAAA,CAAK,UAAU,EAAE,IAAA,EAAM,OAAO,OAAA,EAAQ,EAAG,MAAM,CAAC,CAAA;AAAA,IAChD;AAAA,GACF;AAEA,EAAA,IAAI,cAAA,GAAiB,CAAA;AACrB,EAAA,MAAM,WAAW,OAAA,CAAQ,gBAAA;AACzB,EAAA,IAAI,UAAU,MAAA,EAAQ;AACpB,IAAA,KAAA,MAAW,KAAK,QAAA,EAAU;AACxB,MAAA,MAAM,MAAA,GAAST,sBAAAA,CAAK,IAAA,CAAK,IAAA,EAAM,CAAC,CAAA;AAChC,MAAA,MAAM,OAAA,GAAUA,sBAAAA,CAAK,IAAA,CAAK,MAAA,EAAQ,CAAC,CAAA;AACnC,MAAA,IAAI;AACF,QAAA,cAAA,IAAkB,qBAAA,CAAsB,QAAQ,OAAO,CAAA;AAAA,MACzD,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,YAAA,EAAc,UAAA,EAAY,OAAA,CAAQ,QAAQ,cAAA,EAAe;AACpE;AAMO,SAAS,iBACd,WAAA,GAAsB,OAAA,CAAQ,KAAI,EAClC,OAAA,GAAiE,EAAC,EAC5D;AACN,EAAA,MAAM,EAAE,YAAA,EAAc,UAAA,EAAY,cAAA,EAAe,GAAI,0BAA0B,WAAA,EAAa;AAAA,IAC1F,OAAA,EAAS,CAAC,aAAa,CAAA;AAAA,IACvB,gBAAA,EAAkB,CAAC,KAAK,CAAA;AAAA,IACxB,GAAG;AAAA,GACJ,CAAA;AACD,EAAA,OAAA,CAAQ,GAAA,CAAI,SAAS,UAAU,CAAA,UAAA,EAAaA,uBAAK,QAAA,CAAS,WAAA,EAAa,YAAY,CAAC,CAAA,CAAE,CAAA;AACtF,EAAA,IAAI,iBAAiB,CAAA,EAAG,OAAA,CAAQ,GAAA,CAAI,CAAA,OAAA,EAAU,cAAc,CAAA,yCAAA,CAA2C,CAAA;AACzG;;;ACpGO,SAAS,qBAAqB,OAAA,EAAuD;AAC1F,EAAA,MAAM,EAAE,MAAA,EAAQ,IAAA,EAAM,cAAA,EAAe,GAAI,OAAA;AACzC,EAAA,MAAM,UAAU,IAAA,EAAM,MAAA,GAAS,IAAI,GAAA,CAAI,IAAI,CAAA,GAAI,IAAA;AAC/C,EAAA,MAAM,eACJ,CAAC,OAAA,IAAW,QAAQ,MAAA,GACf,MAAA,CAAO,IAAI,CAAC,CAAA,KAAM,cAAA,CAAe,CAAC,CAAC,CAAA,CAAE,MAAA,CAAO,CAAC,CAAA,KAAmB,CAAA,IAAK,IAAI,CAAA,GAC1E,MAAA;AACN,EAAA,OAAO;AAAA,IACL,GAAI,UAAU,EAAE,IAAA,EAAM,MAAM,IAAA,CAAK,OAAO,CAAA,EAAE,GAAI,EAAC;AAAA,IAC/C,GAAI,YAAA,EAAc,MAAA,GAAS,EAAE,YAAA,KAAiB;AAAC,GACjD;AACF","file":"extension.cjs","sourcesContent":["/**\n * Generic context injection for extension tools (e.g. builtin).\n * Any extension that needs to inject config (sandbox, allowedHosts, etc.) into handlers uses this.\n */\nimport { AsyncLocalStorage } from \"node:async_hooks\";\n\nexport interface ContextRunner<T> {\n runWith(ctx: T, fn: () => Promise<unknown>): Promise<unknown>;\n getContext(): T;\n}\n\n/**\n * Create a context runner for an extension. Handlers call getContext() to read config.\n * Adapter calls runWith(ctx, () => handler(args)) so getContext() returns ctx.\n */\nexport function createContextRunner<T>(): ContextRunner<T> {\n const storage = new AsyncLocalStorage<T>();\n return {\n runWith(ctx: T, fn: () => Promise<unknown>): Promise<unknown> {\n return storage.run(ctx, fn);\n },\n getContext(): T {\n const ctx = storage.getStore();\n if (ctx === undefined) {\n throw new Error(\"Extension context not set; invoke only through the extension adapter.\");\n }\n return ctx;\n },\n };\n}\n","/**\n * Generic adapter for extensions that discover tools via manifest and load handlers by dynamic import.\n * Any extension (builtin, etc.) that uses @tool scan → manifest and runs handlers with injected context uses this.\n */\nimport path from \"node:path\";\nimport { pathToFileURL } from \"node:url\";\nimport type { ToolAdapter, ToolSpec } from \"../../core/types/ToolSpec.js\";\nimport type { ExecContext } from \"../../core/types/ToolIntent.js\";\nimport type { Evidence } from \"../../core/types/ToolResult.js\";\n\n/** If spec.inputSchema wraps params in \"args\", return args.args for the handler; else return args. */\nfunction unwrapArgsForHandler(spec: ToolSpec, args: unknown): unknown {\n if (args == null || typeof args !== \"object\" || Array.isArray(args)) return args;\n const s = spec.inputSchema as Record<string, unknown>;\n if (s?.type !== \"object\" || !s.properties || typeof s.properties !== \"object\") return args;\n const props = s.properties as Record<string, unknown>;\n const argsProp = props.args;\n if (\n argsProp != null &&\n typeof argsProp === \"object\" &&\n (argsProp as Record<string, unknown>).type === \"object\" &&\n (argsProp as Record<string, unknown>).properties != null\n ) {\n const obj = args as Record<string, unknown>;\n if (Object.keys(obj).length === 1 && \"args\" in obj && typeof obj.args === \"object\" && obj.args !== null) {\n return obj.args;\n }\n }\n return args;\n}\n\nexport interface ExtensionToolResult {\n result: unknown;\n evidence: Evidence[];\n}\n\nexport interface DynamicImportAdapterOptions<TContext> {\n kind: string;\n packageRoot: string;\n /**\n * Build context from execCtx, spec, and merged request args.\n * Framework merges defaultArgs (tool.yaml) with request args; implementor can merge into ctx.config\n * so handlers read resolved config from context instead of re-resolving in each handler.\n */\n getExtensionContext: (execCtx: ExecContext, spec: ToolSpec, mergedArgs?: Record<string, unknown>) => TContext;\n contextRunner: { runWith(ctx: TContext, fn: () => Promise<ExtensionToolResult>): Promise<ExtensionToolResult> };\n}\n\n/**\n * Create an adapter that loads handlers by spec._meta.sourcePath and exportName, then runs with extension context.\n */\nexport function createDynamicImportAdapter<TContext>(\n options: DynamicImportAdapterOptions<TContext>,\n): ToolAdapter {\n const { kind, packageRoot, getExtensionContext, contextRunner } = options;\n return {\n kind: kind as ToolAdapter[\"kind\"],\n async invoke(\n spec: ToolSpec,\n args: unknown,\n execCtx: ExecContext,\n ): Promise<{ result: unknown; raw?: unknown }> {\n const meta = spec._meta as {\n sourcePath?: string;\n exportName?: string;\n defaultArgs?: Record<string, unknown>;\n packageRoot?: string;\n } | undefined;\n const sourcePath = meta?.sourcePath;\n const exportName = meta?.exportName;\n if (!sourcePath || !exportName) {\n throw new Error(`Extension tool ${spec.name} missing _meta.sourcePath or _meta.exportName`);\n }\n const defaultArgs = meta?.defaultArgs ?? {};\n const mergedArgs =\n Object.keys(defaultArgs).length === 0\n ? (args as Record<string, unknown>)\n : { ...defaultArgs, ...(args as Record<string, unknown>) };\n const handlerArgs = unwrapArgsForHandler(spec, mergedArgs);\n const resolvedPackageRoot = meta?.packageRoot ?? packageRoot;\n const modulePath = path.join(resolvedPackageRoot, `${sourcePath}.js`);\n const mod = await import(pathToFileURL(modulePath).href);\n const handler = mod[exportName];\n if (typeof handler !== \"function\") {\n throw new Error(\n `Extension tool ${spec.name}: export \"${exportName}\" from ${sourcePath} is not a function`,\n );\n }\n const ctx = getExtensionContext(execCtx, spec, mergedArgs as Record<string, unknown>);\n const output = await contextRunner.runWith(ctx, () => handler(handlerArgs));\n // Return full envelope so pipeline output validation (outputSchema: { result, evidence }) passes.\n return {\n result: { result: output.result, evidence: output.evidence },\n raw: { evidence: output.evidence },\n };\n },\n };\n}\n","/**\n * Resolve extension package root for dynamic import (dist when built, else dir).\n * Accepts import.meta.url (file:) or a directory path (e.g. __dirname).\n */\nimport path from \"node:path\";\nimport { existsSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\n\nexport function resolveExtensionPackageRoot(metaUrlOrPath: string): string {\n const dir = metaUrlOrPath.startsWith(\"file:\")\n ? path.dirname(fileURLToPath(metaUrlOrPath))\n : path.resolve(metaUrlOrPath);\n const dist = path.join(dir, \"dist\");\n return existsSync(dist) ? dist : dir;\n}\n","/**\n * One-shot: load pre-built manifest from package, register all specs, create adapter.\n * Framework does NOT scan source for @tool; it reads manifest (e.g. core-tools-manifest.json)\n * produced by the extension's build. Extension passes packagePath, config, getContextRunner.\n */\nimport type { ToolAdapter } from \"../../core/types/ToolSpec.js\";\nimport type { ToolRegistry } from \"../../core/registry/ToolRegistry.js\";\nimport type { ExecContext } from \"../../core/types/ToolIntent.js\";\nimport type { ContextRunner } from \"./contextRunner.js\";\nimport { createDynamicImportAdapter } from \"./dynamicImportAdapter.js\";\nimport type { ExtensionToolResult } from \"./dynamicImportAdapter.js\";\nimport { registerToolsFromManifest, loadExtensionManifest } from \"./registerFromManifest.js\";\nimport { resolveExtensionPackageRoot } from \"./resolvePackageRoot.js\";\n\nexport interface RegisterExtensionOptions<TContext> {\n /** Package root (e.g. __dirname of extension's entry). Manifest is read from here. */\n packagePath: string;\n /** Tool kind; if omitted, uses manifest.kind or \"extension\". */\n kind?: string;\n /** Optional default config; merged with each tool's tool.yaml (spec._meta.defaultArgs). Context config = { ...config, ...toolDefaultArgs }. */\n config?: unknown;\n /** Returns the context runner (extension's createContextRunner()). */\n getContextRunner: () => ContextRunner<TContext>;\n /** Filter: only register these tool names. */\n only?: string[];\n /** Filter: only register tools whose name starts with one of these prefixes. */\n namePrefixes?: string[];\n}\n\n/**\n * Load manifest from package (pre-built JSON; no @tool scanning). Register all specs, create and return adapter.\n */\nexport function registerExtension<TContext extends { execCtx: ExecContext; config: unknown }>(\n registry: ToolRegistry,\n options: RegisterExtensionOptions<TContext>,\n): ToolAdapter {\n const { packagePath, kind: kindOpt, config, getContextRunner, only, namePrefixes } = options;\n const packageRoot = resolveExtensionPackageRoot(packagePath);\n const contextRunner = getContextRunner();\n const loaded = loadExtensionManifest(packagePath);\n const kind = kindOpt ?? loaded.kind ?? \"extension\";\n\n registerToolsFromManifest(registry, {\n manifestPathOrDir: packagePath,\n kind,\n only,\n namePrefixes,\n packageRoot,\n });\n\n const adapter = createDynamicImportAdapter<TContext>({\n kind,\n packageRoot,\n getExtensionContext: (\n execCtx: ExecContext,\n spec: import(\"../../core/types/ToolSpec.js\").ToolSpec,\n mergedArgs?: Record<string, unknown>,\n ) => {\n const defaultArgs = (spec._meta as { defaultArgs?: Record<string, unknown> } | undefined)?.defaultArgs ?? {};\n const baseConfig = (config !== undefined ? (config as Record<string, unknown>) : {}) as Record<string, unknown>;\n const toolOverrides = baseConfig?.toolOverrides as Record<string, Record<string, unknown>> | undefined;\n const shortName = (spec._meta as { shortName?: string } | undefined)?.shortName ?? spec.name;\n // Derive package-scoped key (no version): e.g. \"npm.easynet.agent.tool.buildin::fs.listDir\" so config survives package version bumps\n const prefixWithVersion =\n shortName && spec.name.endsWith(shortName) && spec.name.length > shortName.length\n ? spec.name.slice(0, spec.name.length - shortName.length - 1)\n : \"\";\n const parts = prefixWithVersion ? prefixWithVersion.split(\".\") : [];\n const packageScopedKey =\n parts.length > 1 ? `${parts.slice(0, -1).join(\".\")}::${shortName}` : \"\";\n const perTool = (toolOverrides?.[spec.name] ??\n (packageScopedKey ? toolOverrides?.[packageScopedKey] : undefined) ??\n toolOverrides?.[shortName] ??\n {}) as Record<string, unknown>;\n const packagePrefix = parts.length > 1 ? parts.slice(0, -1).join(\".\") : \"\";\n const packageDefaults = baseConfig?.packageDefaults as Record<string, Record<string, unknown>> | undefined;\n const packageDefaultsForPkg =\n (packagePrefix && packageDefaults?.[packagePrefix]) ??\n (prefixWithVersion && packageDefaults?.[prefixWithVersion]) ??\n {};\n const baseWithoutOverrides = { ...baseConfig };\n delete (baseWithoutOverrides as Record<string, unknown>).toolOverrides;\n delete (baseWithoutOverrides as Record<string, unknown>).packageDefaults;\n const resolvedConfig = {\n ...defaultArgs,\n ...baseWithoutOverrides,\n ...packageDefaultsForPkg,\n ...perTool,\n ...(mergedArgs ?? {}),\n } as TContext[\"config\"];\n return { execCtx, config: resolvedConfig } as TContext;\n },\n contextRunner: {\n runWith(ctx: TContext, fn: () => Promise<ExtensionToolResult>) {\n return contextRunner.runWith(ctx, fn) as Promise<ExtensionToolResult>;\n },\n },\n });\n return adapter;\n}\n","/**\n * One-shot extension bootstrap: context runner + register + getContext/runWith.\n * Config can be extension-level (buildConfig) or per-tool only (defaultConfig in opts, merged with tool.yaml).\n */\nimport path from \"node:path\";\nimport { fileURLToPath } from \"node:url\";\nimport type { ToolAdapter } from \"../../core/types/ToolSpec.js\";\nimport type { ToolRegistry } from \"../../core/registry/ToolRegistry.js\";\nimport { createContextRunner } from \"./contextRunner.js\";\nimport { registerExtension } from \"./registerExtension.js\";\nimport type { ExtensionToolContext } from \"./types.js\";\n\n/** Pass import.meta so the framework derives packagePath (extension entry does not need path/fileURLToPath). */\nexport interface ImportMetaLike {\n url: string;\n}\n\n/** Options when config is built from userConfig (buildConfig). */\nexport interface CreateExtensionOptionsWithBuild<TConfig, TUserConfig> {\n packagePath?: string;\n importMeta?: ImportMetaLike;\n kind?: string;\n buildConfig: (userConfig: TUserConfig) => TConfig;\n}\n\n/** Options when config is per-tool only (each tool's tool.yaml). */\nexport interface CreateExtensionOptionsDefaultOnly {\n packagePath?: string;\n importMeta?: ImportMetaLike;\n kind?: string;\n}\n\n/** Register opts when using per-tool config only: filter tools by name. */\nexport interface RegisterOptionsDefaultOnly {\n only?: string[];\n namePrefixes?: string[];\n}\n\nexport type CreateExtensionOptions<TConfig, TUserConfig> =\n | CreateExtensionOptionsWithBuild<TConfig, TUserConfig>\n | (CreateExtensionOptionsDefaultOnly & { buildConfig?: never });\n\nexport interface CreateExtensionResult<TConfig, TUserConfig> {\n register(\n registry: ToolRegistry,\n userConfigOrOpts: TUserConfig,\n options?: { only?: string[]; namePrefixes?: string[] },\n ): ToolAdapter;\n getContext(): ExtensionToolContext<TConfig>;\n runWith<T>(ctx: ExtensionToolContext<TConfig>, fn: () => Promise<T>): Promise<T>;\n}\n\n/**\n * Create an extension. With buildConfig: register(registry, userConfig, opts?).\n * Without buildConfig: register(registry, opts?) where opts = { only?, namePrefixes? }; config comes only from each tool's tool.yaml.\n */\nfunction resolvePackagePath(options: { packagePath?: string; importMeta?: ImportMetaLike }): string {\n if (options.packagePath != null && options.packagePath !== \"\") return options.packagePath;\n if (options.importMeta?.url) return path.dirname(fileURLToPath(options.importMeta.url));\n throw new Error(\"createExtension: provide packagePath or importMeta\");\n}\n\nexport function createExtension<TConfig = Record<string, unknown>, TUserConfig = RegisterOptionsDefaultOnly>(\n options: CreateExtensionOptions<TConfig, TUserConfig>,\n): CreateExtensionResult<TConfig, TUserConfig> {\n const packagePath = resolvePackagePath(options);\n const kind = options.kind;\n const buildConfig = \"buildConfig\" in options ? options.buildConfig : undefined;\n type Ctx = ExtensionToolContext<TConfig>;\n const contextRunner = createContextRunner<Ctx>();\n\n return {\n register(registry, userConfigOrOpts, opts) {\n const config = buildConfig\n ? (buildConfig as (u: TUserConfig) => TConfig)(userConfigOrOpts as TUserConfig)\n : (userConfigOrOpts as Record<string, unknown> | undefined);\n return registerExtension(registry, {\n packagePath,\n kind,\n config,\n getContextRunner: () => contextRunner,\n only: opts?.only ?? (userConfigOrOpts as RegisterOptionsDefaultOnly | undefined)?.only,\n namePrefixes: opts?.namePrefixes ?? (userConfigOrOpts as RegisterOptionsDefaultOnly | undefined)?.namePrefixes,\n });\n },\n getContext(): ExtensionToolContext<TConfig> {\n return contextRunner.getContext() as ExtensionToolContext<TConfig>;\n },\n runWith<T>(ctx: ExtensionToolContext<TConfig>, fn: () => Promise<T>): Promise<T> {\n return contextRunner.runWith(ctx, fn) as Promise<T>;\n },\n };\n}\n","/**\n * Build step: scan project for @tool, emit extension manifest (core-tools-manifest.json) and copy *.tool.yaml / *.example.yaml.\n * Extensions run this at build time; agent-tool reads the manifest when the extension's register is called.\n */\nimport { writeFileSync, mkdirSync, existsSync, readdirSync, copyFileSync } from \"node:fs\";\nimport path from \"node:path\";\nimport { scanForTools } from \"../../tools/function/scanner.js\";\nimport type { ExtensionManifestEntry } from \"./registerFromManifest.js\";\nimport type { HitlSideEffect } from \"../../core/types/ToolSpec.js\";\n\nexport interface GenerateExtensionManifestOptions {\n /** Project root (default: process.cwd()). */\n projectRoot?: string;\n /** Output directory for manifest and copied tool.yaml (default: projectRoot/dist). */\n outDir?: string;\n /** Manifest kind (default: \"core\"). */\n kind?: string;\n /** Include globs for TS files (default: all .ts). */\n include?: string[];\n /** Path to tsconfig (default: projectRoot/tsconfig.json). */\n tsconfigPath?: string;\n /** Subdirs to recursively copy *.tool.yaml and *.example.yaml from (e.g. [\"src\"]). */\n copyToolYamlDirs?: string[];\n}\n\nfunction copyToolYamlRecursive(srcDir: string, destDir: string): number {\n if (!existsSync(srcDir)) return 0;\n let copied = 0;\n for (const e of readdirSync(srcDir, { withFileTypes: true })) {\n const srcPath = path.join(srcDir, e.name);\n const destPath = path.join(destDir, e.name);\n if (e.isFile() && (e.name.endsWith(\".tool.yaml\") || e.name.endsWith(\".example.yaml\"))) {\n if (!existsSync(destDir)) mkdirSync(destDir, { recursive: true });\n copyFileSync(srcPath, destPath);\n copied++;\n } else if (e.isDirectory()) {\n copied += copyToolYamlRecursive(srcPath, destPath);\n }\n }\n return copied;\n}\n\n/**\n * Scan project for @tool, write core-tools-manifest.json and recursively copy *.tool.yaml and *.example.yaml to outDir.\n * Returns the written manifest path and number of tools.\n */\nexport function generateExtensionManifest(\n projectRoot: string = process.cwd(),\n options: GenerateExtensionManifestOptions = {},\n): { manifestPath: string; toolsCount: number; toolYamlCopied: number } {\n const root = path.resolve(projectRoot);\n const outDir = path.resolve(options.outDir ?? path.join(root, \"dist\"));\n const kind = options.kind ?? \"core\";\n\n const { specs, errors } = scanForTools({\n projectPath: root,\n include: options.include ?? [\"**/*.ts\"],\n tsconfigPath: options.tsconfigPath,\n });\n\n if (errors.length > 0) {\n console.warn(\"generateExtensionManifest: scan errors\", errors);\n }\n\n const entries: ExtensionManifestEntry[] = specs.map((spec) => {\n const sourcePathNoExt = (spec.sourcePath ?? \"\").replace(/\\.(ts|tsx)$/i, \"\");\n const pathBasedName = sourcePathNoExt.replace(/^src\\//, \"\").replace(/\\//g, \".\");\n const name = spec.exportName ?? pathBasedName;\n const sideEffect: HitlSideEffect =\n (spec._meta?.hitl?.sideEffect as HitlSideEffect) ?? \"none\";\n return {\n name,\n description: spec.description ?? sourcePathNoExt,\n inputSchema: spec.inputSchema ?? { type: \"object\", additionalProperties: true },\n outputSchema: spec.outputSchema ?? { type: \"object\", additionalProperties: true },\n sourcePath: sourcePathNoExt,\n exportName: spec.exportName ?? \"\",\n sideEffect,\n };\n });\n\n if (!existsSync(outDir)) mkdirSync(outDir, { recursive: true });\n const manifestPath = path.join(outDir, \"core-tools-manifest.json\");\n writeFileSync(\n manifestPath,\n JSON.stringify({ kind, tools: entries }, null, 2),\n \"utf-8\",\n );\n\n let toolYamlCopied = 0;\n const copyDirs = options.copyToolYamlDirs;\n if (copyDirs?.length) {\n for (const d of copyDirs) {\n const srcDir = path.join(root, d);\n const destDir = path.join(outDir, d);\n try {\n toolYamlCopied += copyToolYamlRecursive(srcDir, destDir);\n } catch {\n // ignore\n }\n }\n }\n\n return { manifestPath, toolsCount: entries.length, toolYamlCopied };\n}\n\n/**\n * Build step for extensions: scan src folder and subfolders, emit manifest, copy tool.yaml.\n * Call from extension's build script (e.g. tsx generate-manifest.ts).\n */\nexport function generateManifest(\n projectRoot: string = process.cwd(),\n options: Omit<GenerateExtensionManifestOptions, \"projectRoot\"> = {},\n): void {\n const { manifestPath, toolsCount, toolYamlCopied } = generateExtensionManifest(projectRoot, {\n include: [\"src/**/*.ts\"],\n copyToolYamlDirs: [\"src\"],\n ...options,\n });\n console.log(`Wrote ${toolsCount} tools to ${path.relative(projectRoot, manifestPath)}`);\n if (toolYamlCopied > 0) console.log(`Copied ${toolYamlCopied} .tool.yaml/.example.yaml file(s) to dist`);\n}\n","/**\n * Convert \"groups\" + \"only\" options and a group→prefix map into only/namePrefixes for registerToolsFromManifest.\n * Extensions define their own group names and prefixes (e.g. fs -> \"core/fs.\").\n */\nexport interface GroupPrefixOptions {\n /** Only register tools in these groups (e.g. [\"fs\", \"http\"]). */\n groups?: string[];\n /** Only register these tool names. Takes precedence over groups. */\n only?: string[];\n /** Map group name -> name prefix (e.g. { fs: \"core/fs.\", http: \"core/http.\" }). */\n groupPrefixMap: Record<string, string>;\n}\n\nexport interface ResolvedOnlyNamePrefixes {\n only?: string[];\n namePrefixes?: string[];\n}\n\n/**\n * Resolve groups/only + groupPrefixMap to only and namePrefixes for registerToolsFromManifest.\n */\nexport function getGroupNamePrefixes(options: GroupPrefixOptions): ResolvedOnlyNamePrefixes {\n const { groups, only, groupPrefixMap } = options;\n const onlySet = only?.length ? new Set(only) : null;\n const namePrefixes =\n !onlySet && groups?.length\n ? (groups.map((g) => groupPrefixMap[g]).filter((x): x is string => x != null) as string[])\n : undefined;\n return {\n ...(onlySet ? { only: Array.from(onlySet) } : {}),\n ...(namePrefixes?.length ? { namePrefixes } : {}),\n };\n}\n"]}
package/dist/extension.d.ts DELETED
@@ -1,6 +0,0 @@
1
- /**
2
- * Extension authoring subpath export.
3
- */
4
- export { createExtension, generateManifest, generateExtensionManifest, registerExtension, registerToolsFromManifest, loadExtensionManifest, loadToolYaml, resolveExtensionPackageRoot, overrideWithConfig, getGroupNamePrefixes, createDynamicImportAdapter, createContextRunner, } from "./api/extension/index.js";
5
- export type { CreateExtensionOptions, CreateExtensionResult, GenerateExtensionManifestOptions, RegisterExtensionOptions, RegisterFromManifestOptions, ExtensionManifestEntry, LoadedExtensionManifest, ExtensionToolContext, ExtensionToolHandler, DynamicImportAdapterOptions, ExtensionToolResult, ContextRunner, GroupPrefixOptions, ResolvedOnlyNamePrefixes, ImportMetaLike, RegisterOptionsDefaultOnly, } from "./api/extension/index.js";
6
- //# sourceMappingURL=extension.d.ts.map
package/dist/extension.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"extension.d.ts","sourceRoot":"","sources":["../src/extension.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,yBAAyB,EACzB,iBAAiB,EACjB,yBAAyB,EACzB,qBAAqB,EACrB,YAAY,EACZ,2BAA2B,EAC3B,kBAAkB,EAClB,oBAAoB,EACpB,0BAA0B,EAC1B,mBAAmB,GACpB,MAAM,0BAA0B,CAAC;AAClC,YAAY,EACV,sBAAsB,EACtB,qBAAqB,EACrB,gCAAgC,EAChC,wBAAwB,EACxB,2BAA2B,EAC3B,sBAAsB,EACtB,uBAAuB,EACvB,oBAAoB,EACpB,oBAAoB,EACpB,2BAA2B,EAC3B,mBAAmB,EACnB,aAAa,EACb,kBAAkB,EAClB,wBAAwB,EACxB,cAAc,EACd,0BAA0B,GAC3B,MAAM,0BAA0B,CAAC"}
package/dist/extension.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/api/extension/contextRunner.ts","../src/api/extension/dynamicImportAdapter.ts","../src/api/extension/resolvePackageRoot.ts","../src/api/extension/registerExtension.ts","../src/api/extension/createExtension.ts","../src/api/extension/generateExtensionManifest.ts","../src/api/extension/groupPrefix.ts"],"names":["path","fileURLToPath","existsSync"],"mappings":";;;;;;;;;;AAeO,SAAS,mBAAA,GAA2C;AACzD,EAAA,MAAM,OAAA,GAAU,IAAI,iBAAA,EAAqB;AACzC,EAAA,OAAO;AAAA,IACL,OAAA,CAAQ,KAAQ,EAAA,EAA8C;AAC5D,MAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,EAAE,CAAA;AAAA,IAC5B,CAAA;AAAA,IACA,UAAA,GAAgB;AACd,MAAA,MAAM,GAAA,GAAM,QAAQ,QAAA,EAAS;AAC7B,MAAA,IAAI,QAAQ,MAAA,EAAW;AACrB,QAAA,MAAM,IAAI,MAAM,uEAAuE,CAAA;AAAA,MACzF;AACA,MAAA,OAAO,GAAA;AAAA,IACT;AAAA,GACF;AACF;AClBA,SAAS,oBAAA,CAAqB,MAAgB,IAAA,EAAwB;AACpE,EAAA,IAAI,IAAA,IAAQ,QAAQ,OAAO,IAAA,KAAS,YAAY,KAAA,CAAM,OAAA,CAAQ,IAAI,CAAA,EAAG,OAAO,IAAA;AAC5E,EAAA,MAAM,IAAI,IAAA,CAAK,WAAA;AACf,EAAA,IAAI,CAAA,EAAG,IAAA,KAAS,QAAA,IAAY,CAAC,CAAA,CAAE,cAAc,OAAO,CAAA,CAAE,UAAA,KAAe,QAAA,EAAU,OAAO,IAAA;AACtF,EAAA,MAAM,QAAQ,CAAA,CAAE,UAAA;AAChB,EAAA,MAAM,WAAW,KAAA,CAAM,IAAA;AACvB,EAAA,IACE,QAAA,IAAY,IAAA,IACZ,OAAO,QAAA,KAAa,QAAA,IACnB,SAAqC,IAAA,KAAS,QAAA,IAC9C,QAAA,CAAqC,UAAA,IAAc,IAAA,EACpD;AACA,IAAA,MAAM,GAAA,GAAM,IAAA;AACZ,IAAA,IAAI,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA,CAAE,WAAW,CAAA,IAAK,MAAA,IAAU,GAAA,IAAO,OAAO,GAAA,CAAI,IAAA,KAAS,QAAA,IAAY,GAAA,CAAI,SAAS,IAAA,EAAM;AACvG,MAAA,OAAO,GAAA,CAAI,IAAA;AAAA,IACb;AAAA,EACF;AACA,EAAA,OAAO,IAAA;AACT;AAsBO,SAAS,2BACd,OAAA,EACa;AACb,EAAA,MAAM,EAAE,IAAA,EAAM,WAAA,EAAa,mBAAA,EAAqB,eAAc,GAAI,OAAA;AAClE,EAAA,OAAO;AAAA,IACL,IAAA;AAAA,IACA,MAAM,MAAA,CACJ,IAAA,EACA,IAAA,EACA,OAAA,EAC6C;AAC7C,MAAA,MAAM,OAAO,IAAA,CAAK,KAAA;AAMlB,MAAA,MAAM,aAAa,IAAA,EAAM,UAAA;AACzB,MAAA,MAAM,aAAa,IAAA,EAAM,UAAA;AACzB,MAAA,IAAI,CAAC,UAAA,IAAc,CAAC,UAAA,EAAY;AAC9B,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,eAAA,EAAkB,IAAA,CAAK,IAAI,CAAA,6CAAA,CAA+C,CAAA;AAAA,MAC5F;AACA,MAAA,MAAM,WAAA,GAAc,IAAA,EAAM,WAAA,IAAe,EAAC;AAC1C,MAAA,MAAM,UAAA,GACJ,MAAA,CAAO,IAAA,CAAK,WAAW,CAAA,CAAE,MAAA,KAAW,CAAA,GAC/B,IAAA,GACD,EAAE,GAAG,WAAA,EAAa,GAAI,IAAA,EAAiC;AAC7D,MAAA,MAAM,WAAA,GAAc,oBAAA,CAAqB,IAAA,EAAM,UAAU,CAAA;AACzD,MAAA,MAAM,mBAAA,GAAsB,MAAM,WAAA,IAAe,WAAA;AACjD,MAAA,MAAM,aAAaA,KAAA,CAAK,IAAA,CAAK,mBAAA,EAAqB,CAAA,EAAG,UAAU,CAAA,GAAA,CAAK,CAAA;AACpE,MAAA,MAAM,GAAA,GAAM,MAAM,OAAO,aAAA,CAAc,UAAU,CAAA,CAAE,IAAA,CAAA;AACnD,MAAA,MAAM,OAAA,GAAU,IAAI,UAAU,CAAA;AAC9B,MAAA,IAAI,OAAO,YAAY,UAAA,EAAY;AACjC,QAAA,MAAM,IAAI,KAAA;AAAA,UACR,kBAAkB,IAAA,CAAK,IAAI,CAAA,UAAA,EAAa,UAAU,UAAU,UAAU,CAAA,kBAAA;AAAA,SACxE;AAAA,MACF;AACA,MAAA,MAAM,GAAA,GAAM,mBAAA,CAAoB,OAAA,EAAS,IAAA,EAAM,UAAqC,CAAA;AACpF,MAAA,MAAM,MAAA,GAAS,MAAM,aAAA,CAAc,OAAA,CAAQ,KAAK,MAAM,OAAA,CAAQ,WAAW,CAAC,CAAA;AAE1E,MAAA,OAAO;AAAA,QACL,QAAQ,EAAE,MAAA,EAAQ,OAAO,MAAA,EAAQ,QAAA,EAAU,OAAO,QAAA,EAAS;AAAA,QAC3D,GAAA,EAAK,EAAE,QAAA,EAAU,MAAA,CAAO,QAAA;AAAS,OACnC;AAAA,IACF;AAAA,GACF;AACF;ACzFO,SAAS,4BAA4B,aAAA,EAA+B;AACzE,EAAA,MAAM,GAAA,GAAM,aAAA,CAAc,UAAA,CAAW,OAAO,CAAA,GACxCA,KAAAA,CAAK,OAAA,CAAQ,aAAA,CAAc,aAAa,CAAC,CAAA,GACzCA,KAAAA,CAAK,QAAQ,aAAa,CAAA;AAC9B,EAAA,MAAM,IAAA,GAAOA,KAAAA,CAAK,IAAA,CAAK,GAAA,EAAK,MAAM,CAAA;AAClC,EAAA,OAAO,UAAA,CAAW,IAAI,CAAA,GAAI,IAAA,GAAO,GAAA;AACnC;;;ACkBO,SAAS,iBAAA,CACd,UACA,OAAA,EACa;AACb,EAAA,MAAM,EAAE,aAAa,IAAA,EAAM,OAAA,EAAS,QAAQ,gBAAA,EAAkB,IAAA,EAAM,cAAa,GAAI,OAAA;AACrF,EAAA,MAAM,WAAA,GAAc,4BAA4B,WAAW,CAAA;AAC3D,EAAA,MAAM,gBAAgB,gBAAA,EAAiB;AACvC,EAAA,MAAM,MAAA,GAAS,sBAAsB,WAAW,CAAA;AAChD,EAAA,MAAM,IAAA,GAAO,OAAA,IAAW,MAAA,CAAO,IAAA,IAAQ,WAAA;AAEvC,EAAA,yBAAA,CAA0B,QAAA,EAAU;AAAA,IAClC,iBAAA,EAAmB,WAAA;AAAA,IACnB,IAAA;AAAA,IACA,IAAA;AAAA,IACA,YAAA;AAAA,IACA;AAAA,GACD,CAAA;AAED,EAAA,MAAM,UAAU,0BAAA,CAAqC;AAAA,IACnD,IAAA;AAAA,IACA,WAAA;AAAA,IACA,mBAAA,EAAqB,CACnB,OAAA,EACA,IAAA,EACA,UAAA,KACG;AACH,MAAA,MAAM,WAAA,GAAe,IAAA,CAAK,KAAA,EAAiE,WAAA,IAAe,EAAC;AAC3G,MAAA,MAAM,UAAA,GAAc,MAAA,KAAW,MAAA,GAAa,MAAA,GAAqC,EAAC;AAClF,MAAA,MAAM,gBAAgB,UAAA,EAAY,aAAA;AAClC,MAAA,MAAM,SAAA,GAAa,IAAA,CAAK,KAAA,EAA8C,SAAA,IAAa,IAAA,CAAK,IAAA;AAExF,MAAA,MAAM,iBAAA,GACJ,aAAa,IAAA,CAAK,IAAA,CAAK,SAAS,SAAS,CAAA,IAAK,IAAA,CAAK,IAAA,CAAK,MAAA,GAAS,SAAA,CAAU,SACvE,IAAA,CAAK,IAAA,CAAK,MAAM,CAAA,EAAG,IAAA,CAAK,KAAK,MAAA,GAAS,SAAA,CAAU,MAAA,GAAS,CAAC,CAAA,GAC1D,EAAA;AACN,MAAA,MAAM,QAAQ,iBAAA,GAAoB,iBAAA,CAAkB,KAAA,CAAM,GAAG,IAAI,EAAC;AAClE,MAAA,MAAM,gBAAA,GACJ,KAAA,CAAM,MAAA,GAAS,CAAA,GAAI,GAAG,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,EAAE,EAAE,IAAA,CAAK,GAAG,CAAC,CAAA,EAAA,EAAK,SAAS,CAAA,CAAA,GAAK,EAAA;AACvE,MAAA,MAAM,OAAA,GAAW,aAAA,GAAgB,IAAA,CAAK,IAAI,CAAA,KACvC,gBAAA,GAAmB,aAAA,GAAgB,gBAAgB,CAAA,GAAI,MAAA,CAAA,IACxD,aAAA,GAAgB,SAAS,KACzB,EAAC;AACH,MAAA,MAAM,aAAA,GAAgB,KAAA,CAAM,MAAA,GAAS,CAAA,GAAI,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,CAAE,IAAA,CAAK,GAAG,CAAA,GAAI,EAAA;AACxE,MAAA,MAAM,kBAAkB,UAAA,EAAY,eAAA;AACpC,MAAA,MAAM,qBAAA,GAAA,CACH,iBAAiB,eAAA,GAAkB,aAAa,OAChD,iBAAA,IAAqB,eAAA,GAAkB,iBAAiB,CAAA,CAAA,IACzD,EAAC;AACH,MAAA,MAAM,oBAAA,GAAuB,EAAE,GAAG,UAAA,EAAW;AAC7C,MAAA,OAAQ,oBAAA,CAAiD,aAAA;AACzD,MAAA,OAAQ,oBAAA,CAAiD,eAAA;AACzD,MAAA,MAAM,cAAA,GAAiB;AAAA,QACrB,GAAG,WAAA;AAAA,QACH,GAAG,oBAAA;AAAA,QACH,GAAG,qBAAA;AAAA,QACH,GAAG,OAAA;AAAA,QACH,GAAI,cAAc;AAAC,OACrB;AACA,MAAA,OAAO,EAAE,OAAA,EAAS,MAAA,EAAQ,cAAA,EAAe;AAAA,IAC3C,CAAA;AAAA,IACA,aAAA,EAAe;AAAA,MACb,OAAA,CAAQ,KAAe,EAAA,EAAwC;AAC7D,QAAA,OAAO,aAAA,CAAc,OAAA,CAAQ,GAAA,EAAK,EAAE,CAAA;AAAA,MACtC;AAAA;AACF,GACD,CAAA;AACD,EAAA,OAAO,OAAA;AACT;;;AC3CA,SAAS,mBAAmB,OAAA,EAAwE;AAClG,EAAA,IAAI,QAAQ,WAAA,IAAe,IAAA,IAAQ,QAAQ,WAAA,KAAgB,EAAA,SAAW,OAAA,CAAQ,WAAA;AAC9E,EAAA,IAAI,OAAA,CAAQ,UAAA,EAAY,GAAA,EAAK,OAAOA,KAAAA,CAAK,QAAQC,aAAAA,CAAc,OAAA,CAAQ,UAAA,CAAW,GAAG,CAAC,CAAA;AACtF,EAAA,MAAM,IAAI,MAAM,oDAAoD,CAAA;AACtE;AAEO,SAAS,gBACd,OAAA,EAC6C;AAC7C,EAAA,MAAM,WAAA,GAAc,mBAAmB,OAAO,CAAA;AAC9C,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AACrB,EAAA,MAAM,WAAA,GAAc,aAAA,IAAiB,OAAA,GAAU,OAAA,CAAQ,WAAA,GAAc,MAAA;AAErE,EAAA,MAAM,gBAAgB,mBAAA,EAAyB;AAE/C,EAAA,OAAO;AAAA,IACL,QAAA,CAAS,QAAA,EAAU,gBAAA,EAAkB,IAAA,EAAM;AACzC,MAAA,MAAM,MAAA,GAAS,WAAA,GACV,WAAA,CAA4C,gBAA+B,CAAA,GAC3E,gBAAA;AACL,MAAA,OAAO,kBAAkB,QAAA,EAAU;AAAA,QACjC,WAAA;AAAA,QACA,IAAA;AAAA,QACA,MAAA;AAAA,QACA,kBAAkB,MAAM,aAAA;AAAA,QACxB,IAAA,EAAM,IAAA,EAAM,IAAA,IAAS,gBAAA,EAA6D,IAAA;AAAA,QAClF,YAAA,EAAc,IAAA,EAAM,YAAA,IAAiB,gBAAA,EAA6D;AAAA,OACnG,CAAA;AAAA,IACH,CAAA;AAAA,IACA,UAAA,GAA4C;AAC1C,MAAA,OAAO,cAAc,UAAA,EAAW;AAAA,IAClC,CAAA;AAAA,IACA,OAAA,CAAW,KAAoC,EAAA,EAAkC;AAC/E,MAAA,OAAO,aAAA,CAAc,OAAA,CAAQ,GAAA,EAAK,EAAE,CAAA;AAAA,IACtC;AAAA,GACF;AACF;ACnEA,SAAS,qBAAA,CAAsB,QAAgB,OAAA,EAAyB;AACtE,EAAA,IAAI,CAACC,UAAAA,CAAW,MAAM,CAAA,EAAG,OAAO,CAAA;AAChC,EAAA,IAAI,MAAA,GAAS,CAAA;AACb,EAAA,KAAA,MAAW,KAAK,WAAA,CAAY,MAAA,EAAQ,EAAE,aAAA,EAAe,IAAA,EAAM,CAAA,EAAG;AAC5D,IAAA,MAAM,OAAA,GAAUF,KAAAA,CAAK,IAAA,CAAK,MAAA,EAAQ,EAAE,IAAI,CAAA;AACxC,IAAA,MAAM,QAAA,GAAWA,KAAAA,CAAK,IAAA,CAAK,OAAA,EAAS,EAAE,IAAI,CAAA;AAC1C,IAAA,IAAI,CAAA,CAAE,MAAA,EAAO,KAAM,CAAA,CAAE,IAAA,CAAK,QAAA,CAAS,YAAY,CAAA,IAAK,CAAA,CAAE,IAAA,CAAK,QAAA,CAAS,eAAe,CAAA,CAAA,EAAI;AACrF,MAAA,IAAI,CAACE,WAAW,OAAO,CAAA,YAAa,OAAA,EAAS,EAAE,SAAA,EAAW,IAAA,EAAM,CAAA;AAChE,MAAA,YAAA,CAAa,SAAS,QAAQ,CAAA;AAC9B,MAAA,MAAA,EAAA;AAAA,IACF,CAAA,MAAA,IAAW,CAAA,CAAE,WAAA,EAAY,EAAG;AAC1B,MAAA,MAAA,IAAU,qBAAA,CAAsB,SAAS,QAAQ,CAAA;AAAA,IACnD;AAAA,EACF;AACA,EAAA,OAAO,MAAA;AACT;AAMO,SAAS,0BACd,WAAA,GAAsB,OAAA,CAAQ,KAAI,EAClC,OAAA,GAA4C,EAAC,EACyB;AACtE,EAAA,MAAM,IAAA,GAAOF,KAAAA,CAAK,OAAA,CAAQ,WAAW,CAAA;AACrC,EAAA,MAAM,MAAA,GAASA,MAAK,OAAA,CAAQ,OAAA,CAAQ,UAAUA,KAAAA,CAAK,IAAA,CAAK,IAAA,EAAM,MAAM,CAAC,CAAA;AACrE,EAAA,MAAM,IAAA,GAAO,QAAQ,IAAA,IAAQ,MAAA;AAE7B,EAAA,MAAM,EAAE,KAAA,EAAO,MAAA,EAAO,GAAI,YAAA,CAAa;AAAA,IACrC,WAAA,EAAa,IAAA;AAAA,IACb,OAAA,EAAS,OAAA,CAAQ,OAAA,IAAW,CAAC,SAAS,CAAA;AAAA,IACtC,cAAc,OAAA,CAAQ;AAAA,GACvB,CAAA;AAED,EAAA,IAAI,MAAA,CAAO,SAAS,CAAA,EAAG;AACrB,IAAA,OAAA,CAAQ,IAAA,CAAK,0CAA0C,MAAM,CAAA;AAAA,EAC/D;AAEA,EAAA,MAAM,OAAA,GAAoC,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,KAAS;AAC5D,IAAA,MAAM,mBAAmB,IAAA,CAAK,UAAA,IAAc,EAAA,EAAI,OAAA,CAAQ,gBAAgB,EAAE,CAAA;AAC1E,IAAA,MAAM,aAAA,GAAgB,gBAAgB,OAAA,CAAQ,QAAA,EAAU,EAAE,CAAA,CAAE,OAAA,CAAQ,OAAO,GAAG,CAAA;AAC9E,IAAA,MAAM,IAAA,GAAO,KAAK,UAAA,IAAc,aAAA;AAChC,IAAA,MAAM,UAAA,GACH,IAAA,CAAK,KAAA,EAAO,IAAA,EAAM,UAAA,IAAiC,MAAA;AACtD,IAAA,OAAO;AAAA,MACL,IAAA;AAAA,MACA,WAAA,EAAa,KAAK,WAAA,IAAe,eAAA;AAAA,MACjC,aAAa,IAAA,CAAK,WAAA,IAAe,EAAE,IAAA,EAAM,QAAA,EAAU,sBAAsB,IAAA,EAAK;AAAA,MAC9E,cAAc,IAAA,CAAK,YAAA,IAAgB,EAAE,IAAA,EAAM,QAAA,EAAU,sBAAsB,IAAA,EAAK;AAAA,MAChF,UAAA,EAAY,eAAA;AAAA,MACZ,UAAA,EAAY,KAAK,UAAA,IAAc,EAAA;AAAA,MAC/B;AAAA,KACF;AAAA,EACF,CAAC,CAAA;AAED,EAAA,IAAI,CAACE,WAAW,MAAM,CAAA,YAAa,MAAA,EAAQ,EAAE,SAAA,EAAW,IAAA,EAAM,CAAA;AAC9D,EAAA,MAAM,YAAA,GAAeF,KAAAA,CAAK,IAAA,CAAK,MAAA,EAAQ,0BAA0B,CAAA;AACjE,EAAA,aAAA;AAAA,IACE,YAAA;AAAA,IACA,IAAA,CAAK,UAAU,EAAE,IAAA,EAAM,OAAO,OAAA,EAAQ,EAAG,MAAM,CAAC,CAAA;AAAA,IAChD;AAAA,GACF;AAEA,EAAA,IAAI,cAAA,GAAiB,CAAA;AACrB,EAAA,MAAM,WAAW,OAAA,CAAQ,gBAAA;AACzB,EAAA,IAAI,UAAU,MAAA,EAAQ;AACpB,IAAA,KAAA,MAAW,KAAK,QAAA,EAAU;AACxB,MAAA,MAAM,MAAA,GAASA,KAAAA,CAAK,IAAA,CAAK,IAAA,EAAM,CAAC,CAAA;AAChC,MAAA,MAAM,OAAA,GAAUA,KAAAA,CAAK,IAAA,CAAK,MAAA,EAAQ,CAAC,CAAA;AACnC,MAAA,IAAI;AACF,QAAA,cAAA,IAAkB,qBAAA,CAAsB,QAAQ,OAAO,CAAA;AAAA,MACzD,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,YAAA,EAAc,UAAA,EAAY,OAAA,CAAQ,QAAQ,cAAA,EAAe;AACpE;AAMO,SAAS,iBACd,WAAA,GAAsB,OAAA,CAAQ,KAAI,EAClC,OAAA,GAAiE,EAAC,EAC5D;AACN,EAAA,MAAM,EAAE,YAAA,EAAc,UAAA,EAAY,cAAA,EAAe,GAAI,0BAA0B,WAAA,EAAa;AAAA,IAC1F,OAAA,EAAS,CAAC,aAAa,CAAA;AAAA,IACvB,gBAAA,EAAkB,CAAC,KAAK,CAAA;AAAA,IACxB,GAAG;AAAA,GACJ,CAAA;AACD,EAAA,OAAA,CAAQ,GAAA,CAAI,SAAS,UAAU,CAAA,UAAA,EAAaA,MAAK,QAAA,CAAS,WAAA,EAAa,YAAY,CAAC,CAAA,CAAE,CAAA;AACtF,EAAA,IAAI,iBAAiB,CAAA,EAAG,OAAA,CAAQ,GAAA,CAAI,CAAA,OAAA,EAAU,cAAc,CAAA,yCAAA,CAA2C,CAAA;AACzG;;;ACpGO,SAAS,qBAAqB,OAAA,EAAuD;AAC1F,EAAA,MAAM,EAAE,MAAA,EAAQ,IAAA,EAAM,cAAA,EAAe,GAAI,OAAA;AACzC,EAAA,MAAM,UAAU,IAAA,EAAM,MAAA,GAAS,IAAI,GAAA,CAAI,IAAI,CAAA,GAAI,IAAA;AAC/C,EAAA,MAAM,eACJ,CAAC,OAAA,IAAW,QAAQ,MAAA,GACf,MAAA,CAAO,IAAI,CAAC,CAAA,KAAM,cAAA,CAAe,CAAC,CAAC,CAAA,CAAE,MAAA,CAAO,CAAC,CAAA,KAAmB,CAAA,IAAK,IAAI,CAAA,GAC1E,MAAA;AACN,EAAA,OAAO;AAAA,IACL,GAAI,UAAU,EAAE,IAAA,EAAM,MAAM,IAAA,CAAK,OAAO,CAAA,EAAE,GAAI,EAAC;AAAA,IAC/C,GAAI,YAAA,EAAc,MAAA,GAAS,EAAE,YAAA,KAAiB;AAAC,GACjD;AACF","file":"extension.js","sourcesContent":["/**\n * Generic context injection for extension tools (e.g. builtin).\n * Any extension that needs to inject config (sandbox, allowedHosts, etc.) into handlers uses this.\n */\nimport { AsyncLocalStorage } from \"node:async_hooks\";\n\nexport interface ContextRunner<T> {\n runWith(ctx: T, fn: () => Promise<unknown>): Promise<unknown>;\n getContext(): T;\n}\n\n/**\n * Create a context runner for an extension. Handlers call getContext() to read config.\n * Adapter calls runWith(ctx, () => handler(args)) so getContext() returns ctx.\n */\nexport function createContextRunner<T>(): ContextRunner<T> {\n const storage = new AsyncLocalStorage<T>();\n return {\n runWith(ctx: T, fn: () => Promise<unknown>): Promise<unknown> {\n return storage.run(ctx, fn);\n },\n getContext(): T {\n const ctx = storage.getStore();\n if (ctx === undefined) {\n throw new Error(\"Extension context not set; invoke only through the extension adapter.\");\n }\n return ctx;\n },\n };\n}\n","/**\n * Generic adapter for extensions that discover tools via manifest and load handlers by dynamic import.\n * Any extension (builtin, etc.) that uses @tool scan → manifest and runs handlers with injected context uses this.\n */\nimport path from \"node:path\";\nimport { pathToFileURL } from \"node:url\";\nimport type { ToolAdapter, ToolSpec } from \"../../core/types/ToolSpec.js\";\nimport type { ExecContext } from \"../../core/types/ToolIntent.js\";\nimport type { Evidence } from \"../../core/types/ToolResult.js\";\n\n/** If spec.inputSchema wraps params in \"args\", return args.args for the handler; else return args. */\nfunction unwrapArgsForHandler(spec: ToolSpec, args: unknown): unknown {\n if (args == null || typeof args !== \"object\" || Array.isArray(args)) return args;\n const s = spec.inputSchema as Record<string, unknown>;\n if (s?.type !== \"object\" || !s.properties || typeof s.properties !== \"object\") return args;\n const props = s.properties as Record<string, unknown>;\n const argsProp = props.args;\n if (\n argsProp != null &&\n typeof argsProp === \"object\" &&\n (argsProp as Record<string, unknown>).type === \"object\" &&\n (argsProp as Record<string, unknown>).properties != null\n ) {\n const obj = args as Record<string, unknown>;\n if (Object.keys(obj).length === 1 && \"args\" in obj && typeof obj.args === \"object\" && obj.args !== null) {\n return obj.args;\n }\n }\n return args;\n}\n\nexport interface ExtensionToolResult {\n result: unknown;\n evidence: Evidence[];\n}\n\nexport interface DynamicImportAdapterOptions<TContext> {\n kind: string;\n packageRoot: string;\n /**\n * Build context from execCtx, spec, and merged request args.\n * Framework merges defaultArgs (tool.yaml) with request args; implementor can merge into ctx.config\n * so handlers read resolved config from context instead of re-resolving in each handler.\n */\n getExtensionContext: (execCtx: ExecContext, spec: ToolSpec, mergedArgs?: Record<string, unknown>) => TContext;\n contextRunner: { runWith(ctx: TContext, fn: () => Promise<ExtensionToolResult>): Promise<ExtensionToolResult> };\n}\n\n/**\n * Create an adapter that loads handlers by spec._meta.sourcePath and exportName, then runs with extension context.\n */\nexport function createDynamicImportAdapter<TContext>(\n options: DynamicImportAdapterOptions<TContext>,\n): ToolAdapter {\n const { kind, packageRoot, getExtensionContext, contextRunner } = options;\n return {\n kind: kind as ToolAdapter[\"kind\"],\n async invoke(\n spec: ToolSpec,\n args: unknown,\n execCtx: ExecContext,\n ): Promise<{ result: unknown; raw?: unknown }> {\n const meta = spec._meta as {\n sourcePath?: string;\n exportName?: string;\n defaultArgs?: Record<string, unknown>;\n packageRoot?: string;\n } | undefined;\n const sourcePath = meta?.sourcePath;\n const exportName = meta?.exportName;\n if (!sourcePath || !exportName) {\n throw new Error(`Extension tool ${spec.name} missing _meta.sourcePath or _meta.exportName`);\n }\n const defaultArgs = meta?.defaultArgs ?? {};\n const mergedArgs =\n Object.keys(defaultArgs).length === 0\n ? (args as Record<string, unknown>)\n : { ...defaultArgs, ...(args as Record<string, unknown>) };\n const handlerArgs = unwrapArgsForHandler(spec, mergedArgs);\n const resolvedPackageRoot = meta?.packageRoot ?? packageRoot;\n const modulePath = path.join(resolvedPackageRoot, `${sourcePath}.js`);\n const mod = await import(pathToFileURL(modulePath).href);\n const handler = mod[exportName];\n if (typeof handler !== \"function\") {\n throw new Error(\n `Extension tool ${spec.name}: export \"${exportName}\" from ${sourcePath} is not a function`,\n );\n }\n const ctx = getExtensionContext(execCtx, spec, mergedArgs as Record<string, unknown>);\n const output = await contextRunner.runWith(ctx, () => handler(handlerArgs));\n // Return full envelope so pipeline output validation (outputSchema: { result, evidence }) passes.\n return {\n result: { result: output.result, evidence: output.evidence },\n raw: { evidence: output.evidence },\n };\n },\n };\n}\n","/**\n * Resolve extension package root for dynamic import (dist when built, else dir).\n * Accepts import.meta.url (file:) or a directory path (e.g. __dirname).\n */\nimport path from \"node:path\";\nimport { existsSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\n\nexport function resolveExtensionPackageRoot(metaUrlOrPath: string): string {\n const dir = metaUrlOrPath.startsWith(\"file:\")\n ? path.dirname(fileURLToPath(metaUrlOrPath))\n : path.resolve(metaUrlOrPath);\n const dist = path.join(dir, \"dist\");\n return existsSync(dist) ? dist : dir;\n}\n","/**\n * One-shot: load pre-built manifest from package, register all specs, create adapter.\n * Framework does NOT scan source for @tool; it reads manifest (e.g. core-tools-manifest.json)\n * produced by the extension's build. Extension passes packagePath, config, getContextRunner.\n */\nimport type { ToolAdapter } from \"../../core/types/ToolSpec.js\";\nimport type { ToolRegistry } from \"../../core/registry/ToolRegistry.js\";\nimport type { ExecContext } from \"../../core/types/ToolIntent.js\";\nimport type { ContextRunner } from \"./contextRunner.js\";\nimport { createDynamicImportAdapter } from \"./dynamicImportAdapter.js\";\nimport type { ExtensionToolResult } from \"./dynamicImportAdapter.js\";\nimport { registerToolsFromManifest, loadExtensionManifest } from \"./registerFromManifest.js\";\nimport { resolveExtensionPackageRoot } from \"./resolvePackageRoot.js\";\n\nexport interface RegisterExtensionOptions<TContext> {\n /** Package root (e.g. __dirname of extension's entry). Manifest is read from here. */\n packagePath: string;\n /** Tool kind; if omitted, uses manifest.kind or \"extension\". */\n kind?: string;\n /** Optional default config; merged with each tool's tool.yaml (spec._meta.defaultArgs). Context config = { ...config, ...toolDefaultArgs }. */\n config?: unknown;\n /** Returns the context runner (extension's createContextRunner()). */\n getContextRunner: () => ContextRunner<TContext>;\n /** Filter: only register these tool names. */\n only?: string[];\n /** Filter: only register tools whose name starts with one of these prefixes. */\n namePrefixes?: string[];\n}\n\n/**\n * Load manifest from package (pre-built JSON; no @tool scanning). Register all specs, create and return adapter.\n */\nexport function registerExtension<TContext extends { execCtx: ExecContext; config: unknown }>(\n registry: ToolRegistry,\n options: RegisterExtensionOptions<TContext>,\n): ToolAdapter {\n const { packagePath, kind: kindOpt, config, getContextRunner, only, namePrefixes } = options;\n const packageRoot = resolveExtensionPackageRoot(packagePath);\n const contextRunner = getContextRunner();\n const loaded = loadExtensionManifest(packagePath);\n const kind = kindOpt ?? loaded.kind ?? \"extension\";\n\n registerToolsFromManifest(registry, {\n manifestPathOrDir: packagePath,\n kind,\n only,\n namePrefixes,\n packageRoot,\n });\n\n const adapter = createDynamicImportAdapter<TContext>({\n kind,\n packageRoot,\n getExtensionContext: (\n execCtx: ExecContext,\n spec: import(\"../../core/types/ToolSpec.js\").ToolSpec,\n mergedArgs?: Record<string, unknown>,\n ) => {\n const defaultArgs = (spec._meta as { defaultArgs?: Record<string, unknown> } | undefined)?.defaultArgs ?? {};\n const baseConfig = (config !== undefined ? (config as Record<string, unknown>) : {}) as Record<string, unknown>;\n const toolOverrides = baseConfig?.toolOverrides as Record<string, Record<string, unknown>> | undefined;\n const shortName = (spec._meta as { shortName?: string } | undefined)?.shortName ?? spec.name;\n // Derive package-scoped key (no version): e.g. \"npm.easynet.agent.tool.buildin::fs.listDir\" so config survives package version bumps\n const prefixWithVersion =\n shortName && spec.name.endsWith(shortName) && spec.name.length > shortName.length\n ? spec.name.slice(0, spec.name.length - shortName.length - 1)\n : \"\";\n const parts = prefixWithVersion ? prefixWithVersion.split(\".\") : [];\n const packageScopedKey =\n parts.length > 1 ? `${parts.slice(0, -1).join(\".\")}::${shortName}` : \"\";\n const perTool = (toolOverrides?.[spec.name] ??\n (packageScopedKey ? toolOverrides?.[packageScopedKey] : undefined) ??\n toolOverrides?.[shortName] ??\n {}) as Record<string, unknown>;\n const packagePrefix = parts.length > 1 ? parts.slice(0, -1).join(\".\") : \"\";\n const packageDefaults = baseConfig?.packageDefaults as Record<string, Record<string, unknown>> | undefined;\n const packageDefaultsForPkg =\n (packagePrefix && packageDefaults?.[packagePrefix]) ??\n (prefixWithVersion && packageDefaults?.[prefixWithVersion]) ??\n {};\n const baseWithoutOverrides = { ...baseConfig };\n delete (baseWithoutOverrides as Record<string, unknown>).toolOverrides;\n delete (baseWithoutOverrides as Record<string, unknown>).packageDefaults;\n const resolvedConfig = {\n ...defaultArgs,\n ...baseWithoutOverrides,\n ...packageDefaultsForPkg,\n ...perTool,\n ...(mergedArgs ?? {}),\n } as TContext[\"config\"];\n return { execCtx, config: resolvedConfig } as TContext;\n },\n contextRunner: {\n runWith(ctx: TContext, fn: () => Promise<ExtensionToolResult>) {\n return contextRunner.runWith(ctx, fn) as Promise<ExtensionToolResult>;\n },\n },\n });\n return adapter;\n}\n","/**\n * One-shot extension bootstrap: context runner + register + getContext/runWith.\n * Config can be extension-level (buildConfig) or per-tool only (defaultConfig in opts, merged with tool.yaml).\n */\nimport path from \"node:path\";\nimport { fileURLToPath } from \"node:url\";\nimport type { ToolAdapter } from \"../../core/types/ToolSpec.js\";\nimport type { ToolRegistry } from \"../../core/registry/ToolRegistry.js\";\nimport { createContextRunner } from \"./contextRunner.js\";\nimport { registerExtension } from \"./registerExtension.js\";\nimport type { ExtensionToolContext } from \"./types.js\";\n\n/** Pass import.meta so the framework derives packagePath (extension entry does not need path/fileURLToPath). */\nexport interface ImportMetaLike {\n url: string;\n}\n\n/** Options when config is built from userConfig (buildConfig). */\nexport interface CreateExtensionOptionsWithBuild<TConfig, TUserConfig> {\n packagePath?: string;\n importMeta?: ImportMetaLike;\n kind?: string;\n buildConfig: (userConfig: TUserConfig) => TConfig;\n}\n\n/** Options when config is per-tool only (each tool's tool.yaml). */\nexport interface CreateExtensionOptionsDefaultOnly {\n packagePath?: string;\n importMeta?: ImportMetaLike;\n kind?: string;\n}\n\n/** Register opts when using per-tool config only: filter tools by name. */\nexport interface RegisterOptionsDefaultOnly {\n only?: string[];\n namePrefixes?: string[];\n}\n\nexport type CreateExtensionOptions<TConfig, TUserConfig> =\n | CreateExtensionOptionsWithBuild<TConfig, TUserConfig>\n | (CreateExtensionOptionsDefaultOnly & { buildConfig?: never });\n\nexport interface CreateExtensionResult<TConfig, TUserConfig> {\n register(\n registry: ToolRegistry,\n userConfigOrOpts: TUserConfig,\n options?: { only?: string[]; namePrefixes?: string[] },\n ): ToolAdapter;\n getContext(): ExtensionToolContext<TConfig>;\n runWith<T>(ctx: ExtensionToolContext<TConfig>, fn: () => Promise<T>): Promise<T>;\n}\n\n/**\n * Create an extension. With buildConfig: register(registry, userConfig, opts?).\n * Without buildConfig: register(registry, opts?) where opts = { only?, namePrefixes? }; config comes only from each tool's tool.yaml.\n */\nfunction resolvePackagePath(options: { packagePath?: string; importMeta?: ImportMetaLike }): string {\n if (options.packagePath != null && options.packagePath !== \"\") return options.packagePath;\n if (options.importMeta?.url) return path.dirname(fileURLToPath(options.importMeta.url));\n throw new Error(\"createExtension: provide packagePath or importMeta\");\n}\n\nexport function createExtension<TConfig = Record<string, unknown>, TUserConfig = RegisterOptionsDefaultOnly>(\n options: CreateExtensionOptions<TConfig, TUserConfig>,\n): CreateExtensionResult<TConfig, TUserConfig> {\n const packagePath = resolvePackagePath(options);\n const kind = options.kind;\n const buildConfig = \"buildConfig\" in options ? options.buildConfig : undefined;\n type Ctx = ExtensionToolContext<TConfig>;\n const contextRunner = createContextRunner<Ctx>();\n\n return {\n register(registry, userConfigOrOpts, opts) {\n const config = buildConfig\n ? (buildConfig as (u: TUserConfig) => TConfig)(userConfigOrOpts as TUserConfig)\n : (userConfigOrOpts as Record<string, unknown> | undefined);\n return registerExtension(registry, {\n packagePath,\n kind,\n config,\n getContextRunner: () => contextRunner,\n only: opts?.only ?? (userConfigOrOpts as RegisterOptionsDefaultOnly | undefined)?.only,\n namePrefixes: opts?.namePrefixes ?? (userConfigOrOpts as RegisterOptionsDefaultOnly | undefined)?.namePrefixes,\n });\n },\n getContext(): ExtensionToolContext<TConfig> {\n return contextRunner.getContext() as ExtensionToolContext<TConfig>;\n },\n runWith<T>(ctx: ExtensionToolContext<TConfig>, fn: () => Promise<T>): Promise<T> {\n return contextRunner.runWith(ctx, fn) as Promise<T>;\n },\n };\n}\n","/**\n * Build step: scan project for @tool, emit extension manifest (core-tools-manifest.json) and copy *.tool.yaml / *.example.yaml.\n * Extensions run this at build time; agent-tool reads the manifest when the extension's register is called.\n */\nimport { writeFileSync, mkdirSync, existsSync, readdirSync, copyFileSync } from \"node:fs\";\nimport path from \"node:path\";\nimport { scanForTools } from \"../../tools/function/scanner.js\";\nimport type { ExtensionManifestEntry } from \"./registerFromManifest.js\";\nimport type { HitlSideEffect } from \"../../core/types/ToolSpec.js\";\n\nexport interface GenerateExtensionManifestOptions {\n /** Project root (default: process.cwd()). */\n projectRoot?: string;\n /** Output directory for manifest and copied tool.yaml (default: projectRoot/dist). */\n outDir?: string;\n /** Manifest kind (default: \"core\"). */\n kind?: string;\n /** Include globs for TS files (default: all .ts). */\n include?: string[];\n /** Path to tsconfig (default: projectRoot/tsconfig.json). */\n tsconfigPath?: string;\n /** Subdirs to recursively copy *.tool.yaml and *.example.yaml from (e.g. [\"src\"]). */\n copyToolYamlDirs?: string[];\n}\n\nfunction copyToolYamlRecursive(srcDir: string, destDir: string): number {\n if (!existsSync(srcDir)) return 0;\n let copied = 0;\n for (const e of readdirSync(srcDir, { withFileTypes: true })) {\n const srcPath = path.join(srcDir, e.name);\n const destPath = path.join(destDir, e.name);\n if (e.isFile() && (e.name.endsWith(\".tool.yaml\") || e.name.endsWith(\".example.yaml\"))) {\n if (!existsSync(destDir)) mkdirSync(destDir, { recursive: true });\n copyFileSync(srcPath, destPath);\n copied++;\n } else if (e.isDirectory()) {\n copied += copyToolYamlRecursive(srcPath, destPath);\n }\n }\n return copied;\n}\n\n/**\n * Scan project for @tool, write core-tools-manifest.json and recursively copy *.tool.yaml and *.example.yaml to outDir.\n * Returns the written manifest path and number of tools.\n */\nexport function generateExtensionManifest(\n projectRoot: string = process.cwd(),\n options: GenerateExtensionManifestOptions = {},\n): { manifestPath: string; toolsCount: number; toolYamlCopied: number } {\n const root = path.resolve(projectRoot);\n const outDir = path.resolve(options.outDir ?? path.join(root, \"dist\"));\n const kind = options.kind ?? \"core\";\n\n const { specs, errors } = scanForTools({\n projectPath: root,\n include: options.include ?? [\"**/*.ts\"],\n tsconfigPath: options.tsconfigPath,\n });\n\n if (errors.length > 0) {\n console.warn(\"generateExtensionManifest: scan errors\", errors);\n }\n\n const entries: ExtensionManifestEntry[] = specs.map((spec) => {\n const sourcePathNoExt = (spec.sourcePath ?? \"\").replace(/\\.(ts|tsx)$/i, \"\");\n const pathBasedName = sourcePathNoExt.replace(/^src\\//, \"\").replace(/\\//g, \".\");\n const name = spec.exportName ?? pathBasedName;\n const sideEffect: HitlSideEffect =\n (spec._meta?.hitl?.sideEffect as HitlSideEffect) ?? \"none\";\n return {\n name,\n description: spec.description ?? sourcePathNoExt,\n inputSchema: spec.inputSchema ?? { type: \"object\", additionalProperties: true },\n outputSchema: spec.outputSchema ?? { type: \"object\", additionalProperties: true },\n sourcePath: sourcePathNoExt,\n exportName: spec.exportName ?? \"\",\n sideEffect,\n };\n });\n\n if (!existsSync(outDir)) mkdirSync(outDir, { recursive: true });\n const manifestPath = path.join(outDir, \"core-tools-manifest.json\");\n writeFileSync(\n manifestPath,\n JSON.stringify({ kind, tools: entries }, null, 2),\n \"utf-8\",\n );\n\n let toolYamlCopied = 0;\n const copyDirs = options.copyToolYamlDirs;\n if (copyDirs?.length) {\n for (const d of copyDirs) {\n const srcDir = path.join(root, d);\n const destDir = path.join(outDir, d);\n try {\n toolYamlCopied += copyToolYamlRecursive(srcDir, destDir);\n } catch {\n // ignore\n }\n }\n }\n\n return { manifestPath, toolsCount: entries.length, toolYamlCopied };\n}\n\n/**\n * Build step for extensions: scan src folder and subfolders, emit manifest, copy tool.yaml.\n * Call from extension's build script (e.g. tsx generate-manifest.ts).\n */\nexport function generateManifest(\n projectRoot: string = process.cwd(),\n options: Omit<GenerateExtensionManifestOptions, \"projectRoot\"> = {},\n): void {\n const { manifestPath, toolsCount, toolYamlCopied } = generateExtensionManifest(projectRoot, {\n include: [\"src/**/*.ts\"],\n copyToolYamlDirs: [\"src\"],\n ...options,\n });\n console.log(`Wrote ${toolsCount} tools to ${path.relative(projectRoot, manifestPath)}`);\n if (toolYamlCopied > 0) console.log(`Copied ${toolYamlCopied} .tool.yaml/.example.yaml file(s) to dist`);\n}\n","/**\n * Convert \"groups\" + \"only\" options and a group→prefix map into only/namePrefixes for registerToolsFromManifest.\n * Extensions define their own group names and prefixes (e.g. fs -> \"core/fs.\").\n */\nexport interface GroupPrefixOptions {\n /** Only register tools in these groups (e.g. [\"fs\", \"http\"]). */\n groups?: string[];\n /** Only register these tool names. Takes precedence over groups. */\n only?: string[];\n /** Map group name -> name prefix (e.g. { fs: \"core/fs.\", http: \"core/http.\" }). */\n groupPrefixMap: Record<string, string>;\n}\n\nexport interface ResolvedOnlyNamePrefixes {\n only?: string[];\n namePrefixes?: string[];\n}\n\n/**\n * Resolve groups/only + groupPrefixMap to only and namePrefixes for registerToolsFromManifest.\n */\nexport function getGroupNamePrefixes(options: GroupPrefixOptions): ResolvedOnlyNamePrefixes {\n const { groups, only, groupPrefixMap } = options;\n const onlySet = only?.length ? new Set(only) : null;\n const namePrefixes =\n !onlySet && groups?.length\n ? (groups.map((g) => groupPrefixMap[g]).filter((x): x is string => x != null) as string[])\n : undefined;\n return {\n ...(onlySet ? { only: Array.from(onlySet) } : {}),\n ...(namePrefixes?.length ? { namePrefixes } : {}),\n };\n}\n"]}
package/dist/security.cjs DELETED
@@ -1,193 +0,0 @@
1
- 'use strict';
2
-
3
- var chunkZDSZHEQU_cjs = require('./chunk-ZDSZHEQU.cjs');
4
- var chunkXPGHS4W7_cjs = require('./chunk-XPGHS4W7.cjs');
5
- var promises = require('dns/promises');
6
-
7
- async function validateUrl(url, options) {
8
- let parsed;
9
- try {
10
- parsed = new URL(url);
11
- } catch {
12
- throw chunkXPGHS4W7_cjs.createTaggedError(
13
- "HTTP_DISALLOWED_HOST",
14
- `Invalid URL: ${url}`,
15
- { url }
16
- );
17
- }
18
- if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
19
- throw chunkXPGHS4W7_cjs.createTaggedError(
20
- "HTTP_DISALLOWED_HOST",
21
- `Protocol not allowed: ${parsed.protocol}. Only http: and https: are supported.`,
22
- { url, protocol: parsed.protocol }
23
- );
24
- }
25
- const hostname = parsed.hostname;
26
- if (!isHostAllowed(hostname, options.allowedHosts)) {
27
- throw chunkXPGHS4W7_cjs.createTaggedError(
28
- "HTTP_DISALLOWED_HOST",
29
- `Host "${hostname}" is not in the allowed hosts list`,
30
- { url, hostname, allowedHosts: options.allowedHosts }
31
- );
32
- }
33
- if (isHostBlocked(hostname, options.blockedHosts)) {
34
- throw chunkXPGHS4W7_cjs.createTaggedError(
35
- "HTTP_DISALLOWED_HOST",
36
- `Host "${hostname}" is in the blocked hosts list`,
37
- { url, hostname, blockedHosts: options.blockedHosts }
38
- );
39
- }
40
- try {
41
- const { address } = await promises.lookup(hostname);
42
- if (isIpInBlockedCidrs(address, options.blockedCidrs)) {
43
- throw chunkXPGHS4W7_cjs.createTaggedError(
44
- "HTTP_DISALLOWED_HOST",
45
- `Host "${hostname}" resolves to blocked IP: ${address}`,
46
- { url, hostname, resolvedIp: address }
47
- );
48
- }
49
- } catch (err) {
50
- if (err instanceof Error && err.kind === "HTTP_DISALLOWED_HOST") {
51
- throw err;
52
- }
53
- throw chunkXPGHS4W7_cjs.createTaggedError(
54
- "HTTP_DISALLOWED_HOST",
55
- `DNS resolution failed for host "${hostname}": ${err instanceof Error ? err.message : String(err)}`,
56
- { url, hostname }
57
- );
58
- }
59
- return parsed;
60
- }
61
- function isHostAllowed(hostname, allowedHosts) {
62
- for (const pattern of allowedHosts) {
63
- if (pattern === "*") {
64
- return true;
65
- }
66
- if (pattern.startsWith("*.")) {
67
- const suffix = pattern.slice(1);
68
- if (hostname.endsWith(suffix) || hostname === pattern.slice(2)) {
69
- return true;
70
- }
71
- } else if (hostname === pattern) {
72
- return true;
73
- }
74
- }
75
- return false;
76
- }
77
- function isHostBlocked(hostname, blockedHosts) {
78
- for (const pattern of blockedHosts) {
79
- if (pattern === "*") {
80
- return true;
81
- }
82
- if (pattern.startsWith("*.")) {
83
- const suffix = pattern.slice(1);
84
- if (hostname.endsWith(suffix) || hostname === pattern.slice(2)) {
85
- return true;
86
- }
87
- } else if (hostname === pattern) {
88
- return true;
89
- }
90
- }
91
- return false;
92
- }
93
- function isIpInBlockedCidrs(ip, cidrs) {
94
- const normalizedIp = normalizeIp(ip);
95
- if (!normalizedIp) return false;
96
- for (const cidr of cidrs) {
97
- if (cidr.includes(":")) {
98
- if (!ip.includes(":")) continue;
99
- if (isIpv6InCidr(ip, cidr)) return true;
100
- } else {
101
- if (isIpv4InCidr(normalizedIp, cidr)) return true;
102
- }
103
- }
104
- return false;
105
- }
106
- function normalizeIp(ip) {
107
- if (ip.startsWith("::ffff:")) {
108
- return ip.slice(7);
109
- }
110
- if (/^\d+\.\d+\.\d+\.\d+$/.test(ip)) {
111
- return ip;
112
- }
113
- return null;
114
- }
115
- function isIpv4InCidr(ip, cidr) {
116
- const [cidrIp, prefixStr] = cidr.split("/");
117
- if (!cidrIp || !prefixStr) return false;
118
- const prefix = parseInt(prefixStr, 10);
119
- if (isNaN(prefix) || prefix < 0 || prefix > 32) return false;
120
- const ipNum = ipv4ToNum(ip);
121
- const cidrNum = ipv4ToNum(cidrIp);
122
- if (ipNum === null || cidrNum === null) return false;
123
- const mask = prefix === 0 ? 0 : -1 << 32 - prefix >>> 0;
124
- return (ipNum & mask) === (cidrNum & mask);
125
- }
126
- function ipv4ToNum(ip) {
127
- const parts = ip.split(".");
128
- if (parts.length !== 4) return null;
129
- let num = 0;
130
- for (const part of parts) {
131
- const n = parseInt(part, 10);
132
- if (isNaN(n) || n < 0 || n > 255) return null;
133
- num = num << 8 | n;
134
- }
135
- return num >>> 0;
136
- }
137
- function isIpv6InCidr(ip, cidr) {
138
- const [cidrIp, prefixStr] = cidr.split("/");
139
- if (!cidrIp || !prefixStr) return false;
140
- const prefix = parseInt(prefixStr, 10);
141
- if (isNaN(prefix)) return false;
142
- const ipBytes = expandIpv6(ip);
143
- const cidrBytes = expandIpv6(cidrIp);
144
- if (!ipBytes || !cidrBytes) return false;
145
- const fullBytes = Math.floor(prefix / 8);
146
- for (let i = 0; i < fullBytes && i < 16; i++) {
147
- if (ipBytes[i] !== cidrBytes[i]) return false;
148
- }
149
- const remainingBits = prefix % 8;
150
- if (remainingBits > 0 && fullBytes < 16) {
151
- const mask = -1 << 8 - remainingBits & 255;
152
- if ((ipBytes[fullBytes] & mask) !== (cidrBytes[fullBytes] & mask)) return false;
153
- }
154
- return true;
155
- }
156
- function expandIpv6(ip) {
157
- const zoneIdx = ip.indexOf("%");
158
- if (zoneIdx !== -1) ip = ip.slice(0, zoneIdx);
159
- const parts = ip.split("::");
160
- if (parts.length > 2) return null;
161
- const bytes = new Array(16).fill(0);
162
- const expandGroup = (group) => {
163
- if (!group) return [];
164
- return group.split(":").flatMap((hex) => {
165
- const val = parseInt(hex || "0", 16);
166
- return [val >> 8 & 255, val & 255];
167
- });
168
- };
169
- if (parts.length === 1) {
170
- const expanded = expandGroup(parts[0]);
171
- if (expanded.length !== 16) return null;
172
- return expanded;
173
- }
174
- const left = expandGroup(parts[0]);
175
- const right = expandGroup(parts[1]);
176
- if (left.length + right.length > 16) return null;
177
- for (let i = 0; i < left.length; i++) bytes[i] = left[i];
178
- for (let i = 0; i < right.length; i++) bytes[16 - right.length + i] = right[i];
179
- return bytes;
180
- }
181
-
182
- Object.defineProperty(exports, "resolveSandboxedPath", {
183
- enumerable: true,
184
- get: function () { return chunkZDSZHEQU_cjs.resolveSandboxedPath; }
185
- });
186
- Object.defineProperty(exports, "setSandboxValidationEnabled", {
187
- enumerable: true,
188
- get: function () { return chunkZDSZHEQU_cjs.setSandboxValidationEnabled; }
189
- });
190
- exports.isIpInBlockedCidrs = isIpInBlockedCidrs;
191
- exports.validateUrl = validateUrl;
192
- //# sourceMappingURL=security.cjs.map
193
- //# sourceMappingURL=security.cjs.map
package/dist/security.cjs.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/security/ssrf.ts"],"names":["createTaggedError","lookup"],"mappings":";;;;;;AAsBA,eAAsB,WAAA,CAAY,KAAa,OAAA,EAA2C;AACxF,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,IAAI,IAAI,GAAG,CAAA;AAAA,EACtB,CAAA,CAAA,MAAQ;AACN,IAAA,MAAMA,mCAAA;AAAA,MACJ,sBAAA;AAAA,MACA,gBAAgB,GAAG,CAAA,CAAA;AAAA,MACnB,EAAE,GAAA;AAAI,KACR;AAAA,EACF;AAGA,EAAA,IAAI,MAAA,CAAO,QAAA,KAAa,OAAA,IAAW,MAAA,CAAO,aAAa,QAAA,EAAU;AAC/D,IAAA,MAAMA,mCAAA;AAAA,MACJ,sBAAA;AAAA,MACA,CAAA,sBAAA,EAAyB,OAAO,QAAQ,CAAA,sCAAA,CAAA;AAAA,MACxC,EAAE,GAAA,EAAK,QAAA,EAAU,MAAA,CAAO,QAAA;AAAS,KACnC;AAAA,EACF;AAEA,EAAA,MAAM,WAAW,MAAA,CAAO,QAAA;AAExB,EAAA,IAAI,CAAC,aAAA,CAAc,QAAA,EAAU,OAAA,CAAQ,YAAY,CAAA,EAAG;AAClD,IAAA,MAAMA,mCAAA;AAAA,MACJ,sBAAA;AAAA,MACA,SAAS,QAAQ,CAAA,kCAAA,CAAA;AAAA,MACjB,EAAE,GAAA,EAAK,QAAA,EAAU,YAAA,EAAc,QAAQ,YAAA;AAAa,KACtD;AAAA,EACF;AACA,EAAA,IAAI,aAAA,CAAc,QAAA,EAAU,OAAA,CAAQ,YAAY,CAAA,EAAG;AACjD,IAAA,MAAMA,mCAAA;AAAA,MACJ,sBAAA;AAAA,MACA,SAAS,QAAQ,CAAA,8BAAA,CAAA;AAAA,MACjB,EAAE,GAAA,EAAK,QAAA,EAAU,YAAA,EAAc,QAAQ,YAAA;AAAa,KACtD;AAAA,EACF;AAGA,EAAA,IAAI;AACF,IAAA,MAAM,EAAE,OAAA,EAAQ,GAAI,MAAMC,gBAAO,QAAQ,CAAA;AACzC,IAAA,IAAI,kBAAA,CAAmB,OAAA,EAAS,OAAA,CAAQ,YAAY,CAAA,EAAG;AACrD,MAAA,MAAMD,mCAAA;AAAA,QACJ,sBAAA;AAAA,QACA,CAAA,MAAA,EAAS,QAAQ,CAAA,0BAAA,EAA6B,OAAO,CAAA,CAAA;AAAA,QACrD,EAAE,GAAA,EAAK,QAAA,EAAU,UAAA,EAAY,OAAA;AAAQ,OACvC;AAAA,IACF;AAAA,EACF,SAAS,GAAA,EAAK;AAEZ,IAAA,IAAI,GAAA,YAAe,KAAA,IAAU,GAAA,CAAY,IAAA,KAAS,sBAAA,EAAwB;AACxE,MAAA,MAAM,GAAA;AAAA,IACR;AAEA,IAAA,MAAMA,mCAAA;AAAA,MACJ,sBAAA;AAAA,MACA,CAAA,gCAAA,EAAmC,QAAQ,CAAA,GAAA,EAAM,GAAA,YAAe,QAAQ,GAAA,CAAI,OAAA,GAAU,MAAA,CAAO,GAAG,CAAC,CAAA,CAAA;AAAA,MACjG,EAAE,KAAK,QAAA;AAAS,KAClB;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAMA,SAAS,aAAA,CAAc,UAAkB,YAAA,EAAiC;AACxE,EAAA,KAAA,MAAW,WAAW,YAAA,EAAc;AAClC,IAAA,IAAI,YAAY,GAAA,EAAK;AACnB,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,IAAI,CAAA,EAAG;AAC5B,MAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,KAAA,CAAM,CAAC,CAAA;AAC9B,MAAA,IAAI,QAAA,CAAS,SAAS,MAAM,CAAA,IAAK,aAAa,OAAA,CAAQ,KAAA,CAAM,CAAC,CAAA,EAAG;AAC9D,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF,CAAA,MAAA,IAAW,aAAa,OAAA,EAAS;AAC/B,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,KAAA;AACT;AAKA,SAAS,aAAA,CAAc,UAAkB,YAAA,EAAiC;AACxE,EAAA,KAAA,MAAW,WAAW,YAAA,EAAc;AAClC,IAAA,IAAI,YAAY,GAAA,EAAK;AACnB,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,IAAI,CAAA,EAAG;AAC5B,MAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,KAAA,CAAM,CAAC,CAAA;AAC9B,MAAA,IAAI,QAAA,CAAS,SAAS,MAAM,CAAA,IAAK,aAAa,OAAA,CAAQ,KAAA,CAAM,CAAC,CAAA,EAAG;AAC9D,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF,CAAA,MAAA,IAAW,aAAa,OAAA,EAAS;AAC/B,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,KAAA;AACT;AAKO,SAAS,kBAAA,CAAmB,IAAY,KAAA,EAA0B;AAEvE,EAAA,MAAM,YAAA,GAAe,YAAY,EAAE,CAAA;AACnC,EAAA,IAAI,CAAC,cAAc,OAAO,KAAA;AAE1B,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,IAAI,IAAA,CAAK,QAAA,CAAS,GAAG,CAAA,EAAG;AAEtB,MAAA,IAAI,CAAC,EAAA,CAAG,QAAA,CAAS,GAAG,CAAA,EAAG;AACvB,MAAA,IAAI,YAAA,CAAa,EAAA,EAAI,IAAI,CAAA,EAAG,OAAO,IAAA;AAAA,IACrC,CAAA,MAAO;AACL,MAAA,IAAI,YAAA,CAAa,YAAA,EAAc,IAAI,CAAA,EAAG,OAAO,IAAA;AAAA,IAC/C;AAAA,EACF;AACA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,YAAY,EAAA,EAA2B;AAE9C,EAAA,IAAI,EAAA,CAAG,UAAA,CAAW,SAAS,CAAA,EAAG;AAC5B,IAAA,OAAO,EAAA,CAAG,MAAM,CAAC,CAAA;AAAA,EACnB;AAEA,EAAA,IAAI,sBAAA,CAAuB,IAAA,CAAK,EAAE,CAAA,EAAG;AACnC,IAAA,OAAO,EAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,YAAA,CAAa,IAAY,IAAA,EAAuB;AACvD,EAAA,MAAM,CAAC,MAAA,EAAQ,SAAS,CAAA,GAAI,IAAA,CAAK,MAAM,GAAG,CAAA;AAC1C,EAAA,IAAI,CAAC,MAAA,IAAU,CAAC,SAAA,EAAW,OAAO,KAAA;AAElC,EAAA,MAAM,MAAA,GAAS,QAAA,CAAS,SAAA,EAAW,EAAE,CAAA;AACrC,EAAA,IAAI,MAAM,MAAM,CAAA,IAAK,SAAS,CAAA,IAAK,MAAA,GAAS,IAAI,OAAO,KAAA;AAEvD,EAAA,MAAM,KAAA,GAAQ,UAAU,EAAE,CAAA;AAC1B,EAAA,MAAM,OAAA,GAAU,UAAU,MAAM,CAAA;AAChC,EAAA,IAAI,KAAA,KAAU,IAAA,IAAQ,OAAA,KAAY,IAAA,EAAM,OAAO,KAAA;AAE/C,EAAA,MAAM,OAAO,MAAA,KAAW,CAAA,GAAI,IAAK,EAAC,IAAM,KAAK,MAAA,KAAa,CAAA;AAC1D,EAAA,OAAA,CAAQ,KAAA,GAAQ,WAAW,OAAA,GAAU,IAAA,CAAA;AACvC;AAEA,SAAS,UAAU,EAAA,EAA2B;AAC5C,EAAA,MAAM,KAAA,GAAQ,EAAA,CAAG,KAAA,CAAM,GAAG,CAAA;AAC1B,EAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,EAAG,OAAO,IAAA;AAC/B,EAAA,IAAI,GAAA,GAAM,CAAA;AACV,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,MAAM,CAAA,GAAI,QAAA,CAAS,IAAA,EAAM,EAAE,CAAA;AAC3B,IAAA,IAAI,MAAM,CAAC,CAAA,IAAK,IAAI,CAAA,IAAK,CAAA,GAAI,KAAK,OAAO,IAAA;AACzC,IAAA,GAAA,GAAO,OAAO,CAAA,GAAK,CAAA;AAAA,EACrB;AACA,EAAA,OAAO,GAAA,KAAQ,CAAA;AACjB;AAEA,SAAS,YAAA,CAAa,IAAY,IAAA,EAAuB;AAEvD,EAAA,MAAM,CAAC,MAAA,EAAQ,SAAS,CAAA,GAAI,IAAA,CAAK,MAAM,GAAG,CAAA;AAC1C,EAAA,IAAI,CAAC,MAAA,IAAU,CAAC,SAAA,EAAW,OAAO,KAAA;AAElC,EAAA,MAAM,MAAA,GAAS,QAAA,CAAS,SAAA,EAAW,EAAE,CAAA;AACrC,EAAA,IAAI,KAAA,CAAM,MAAM,CAAA,EAAG,OAAO,KAAA;AAE1B,EAAA,MAAM,OAAA,GAAU,WAAW,EAAE,CAAA;AAC7B,EAAA,MAAM,SAAA,GAAY,WAAW,MAAM,CAAA;AACnC,EAAA,IAAI,CAAC,OAAA,IAAW,CAAC,SAAA,EAAW,OAAO,KAAA;AAGnC,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,KAAA,CAAM,MAAA,GAAS,CAAC,CAAA;AACvC,EAAA,KAAA,IAAS,IAAI,CAAA,EAAG,CAAA,GAAI,SAAA,IAAa,CAAA,GAAI,IAAI,CAAA,EAAA,EAAK;AAC5C,IAAA,IAAI,QAAQ,CAAC,CAAA,KAAM,SAAA,CAAU,CAAC,GAAG,OAAO,KAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,gBAAgB,MAAA,GAAS,CAAA;AAC/B,EAAA,IAAI,aAAA,GAAgB,CAAA,IAAK,SAAA,GAAY,EAAA,EAAI;AACvC,IAAA,MAAM,IAAA,GAAQ,EAAC,IAAM,CAAA,GAAI,aAAA,GAAkB,GAAA;AAC3C,IAAA,IAAA,CAAK,OAAA,CAAQ,SAAS,CAAA,GAAK,IAAA,OAAW,UAAU,SAAS,CAAA,GAAK,OAAO,OAAO,KAAA;AAAA,EAC9E;AAEA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,WAAW,EAAA,EAA6B;AAE/C,EAAA,MAAM,OAAA,GAAU,EAAA,CAAG,OAAA,CAAQ,GAAG,CAAA;AAC9B,EAAA,IAAI,YAAY,EAAA,EAAI,EAAA,GAAK,EAAA,CAAG,KAAA,CAAM,GAAG,OAAO,CAAA;AAE5C,EAAA,MAAM,KAAA,GAAQ,EAAA,CAAG,KAAA,CAAM,IAAI,CAAA;AAC3B,EAAA,IAAI,KAAA,CAAM,MAAA,GAAS,CAAA,EAAG,OAAO,IAAA;AAE7B,EAAA,MAAM,QAAkB,IAAI,KAAA,CAAM,EAAE,CAAA,CAAE,KAAK,CAAC,CAAA;AAE5C,EAAA,MAAM,WAAA,GAAc,CAAC,KAAA,KAA4B;AAC/C,IAAA,IAAI,CAAC,KAAA,EAAO,OAAO,EAAC;AACpB,IAAA,OAAO,MAAM,KAAA,CAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,CAAC,GAAA,KAAQ;AACvC,MAAA,MAAM,GAAA,GAAM,QAAA,CAAS,GAAA,IAAO,GAAA,EAAK,EAAE,CAAA;AACnC,MAAA,OAAO,CAAE,GAAA,IAAO,CAAA,GAAK,GAAA,EAAM,MAAM,GAAI,CAAA;AAAA,IACvC,CAAC,CAAA;AAAA,EACH,CAAA;AAEA,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,QAAA,GAAW,WAAA,CAAY,KAAA,CAAM,CAAC,CAAE,CAAA;AACtC,IAAA,IAAI,QAAA,CAAS,MAAA,KAAW,EAAA,EAAI,OAAO,IAAA;AACnC,IAAA,OAAO,QAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAA,GAAO,WAAA,CAAY,KAAA,CAAM,CAAC,CAAE,CAAA;AAClC,EAAA,MAAM,KAAA,GAAQ,WAAA,CAAY,KAAA,CAAM,CAAC,CAAE,CAAA;AAEnC,EAAA,IAAI,IAAA,CAAK,MAAA,GAAS,KAAA,CAAM,MAAA,GAAS,IAAI,OAAO,IAAA;AAE5C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,IAAA,CAAK,MAAA,EAAQ,KAAK,KAAA,CAAM,CAAC,CAAA,GAAI,IAAA,CAAK,CAAC,CAAA;AACvD,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,MAAA,EAAQ,CAAA,EAAA,EAAK,KAAA,CAAM,EAAA,GAAK,KAAA,CAAM,MAAA,GAAS,CAAC,CAAA,GAAI,MAAM,CAAC,CAAA;AAE7E,EAAA,OAAO,KAAA;AACT","file":"security.cjs","sourcesContent":["import { lookup } from \"node:dns/promises\";\nimport { createTaggedError } from \"../core/runtime/Retry.js\";\n\n/**\n * Options for validateUrl. Unified rule: allow iff host is in allowedHosts AND not in blockedHosts.\n * - \"Default allow all + blocklist\": allowedHosts: [\"*\"], blockedHosts: [\"*.internal\", ...]\n * - \"Default disallow all + allowlist\": allowedHosts: [\"api.github.com\", ...], blockedHosts: []\n */\nexport interface ValidateUrlOptions {\n /** Allow only these hosts. Use [\"*\"] for allow-all. Supports \"*.example.com\", exact host. */\n allowedHosts: string[];\n /** Block these hosts even if allowed. Supports \"*.internal\", exact host. Merged with allowlist. */\n blockedHosts: string[];\n /** CIDR ranges to block (resolved IP). */\n blockedCidrs: string[];\n}\n\n/**\n * Validate a URL: allow iff (host in allowedHosts) AND (host not in blockedHosts). Then check blockedCidrs on resolved IP.\n *\n * @throws HTTP_DISALLOWED_HOST if the URL is blocked\n */\nexport async function validateUrl(url: string, options: ValidateUrlOptions): Promise<URL> {\n let parsed: URL;\n try {\n parsed = new URL(url);\n } catch {\n throw createTaggedError(\n \"HTTP_DISALLOWED_HOST\",\n `Invalid URL: ${url}`,\n { url },\n );\n }\n\n // Only allow http/https\n if (parsed.protocol !== \"http:\" && parsed.protocol !== \"https:\") {\n throw createTaggedError(\n \"HTTP_DISALLOWED_HOST\",\n `Protocol not allowed: ${parsed.protocol}. Only http: and https: are supported.`,\n { url, protocol: parsed.protocol },\n );\n }\n\n const hostname = parsed.hostname;\n\n if (!isHostAllowed(hostname, options.allowedHosts)) {\n throw createTaggedError(\n \"HTTP_DISALLOWED_HOST\",\n `Host \"${hostname}\" is not in the allowed hosts list`,\n { url, hostname, allowedHosts: options.allowedHosts },\n );\n }\n if (isHostBlocked(hostname, options.blockedHosts)) {\n throw createTaggedError(\n \"HTTP_DISALLOWED_HOST\",\n `Host \"${hostname}\" is in the blocked hosts list`,\n { url, hostname, blockedHosts: options.blockedHosts },\n );\n }\n\n // DNS resolve and check against blocked CIDRs\n try {\n const { address } = await lookup(hostname);\n if (isIpInBlockedCidrs(address, options.blockedCidrs)) {\n throw createTaggedError(\n \"HTTP_DISALLOWED_HOST\",\n `Host \"${hostname}\" resolves to blocked IP: ${address}`,\n { url, hostname, resolvedIp: address },\n );\n }\n } catch (err) {\n // Re-throw our tagged errors\n if (err instanceof Error && (err as any).kind === \"HTTP_DISALLOWED_HOST\") {\n throw err;\n }\n // DNS resolution failure — block by default\n throw createTaggedError(\n \"HTTP_DISALLOWED_HOST\",\n `DNS resolution failed for host \"${hostname}\": ${err instanceof Error ? err.message : String(err)}`,\n { url, hostname },\n );\n }\n\n return parsed;\n}\n\n/**\n * Check if a hostname matches any entry in the allowed hosts list.\n * Supports: exact \"*\" (allow any host), wildcard prefix (e.g. \"*.github.com\"), or exact host.\n */\nfunction isHostAllowed(hostname: string, allowedHosts: string[]): boolean {\n for (const pattern of allowedHosts) {\n if (pattern === \"*\") {\n return true;\n }\n if (pattern.startsWith(\"*.\")) {\n const suffix = pattern.slice(1); // \".github.com\"\n if (hostname.endsWith(suffix) || hostname === pattern.slice(2)) {\n return true;\n }\n } else if (hostname === pattern) {\n return true;\n }\n }\n return false;\n}\n\n/**\n * Check if a hostname matches any entry in the blocked hosts list (same pattern rules as allowlist).\n */\nfunction isHostBlocked(hostname: string, blockedHosts: string[]): boolean {\n for (const pattern of blockedHosts) {\n if (pattern === \"*\") {\n return true;\n }\n if (pattern.startsWith(\"*.\")) {\n const suffix = pattern.slice(1);\n if (hostname.endsWith(suffix) || hostname === pattern.slice(2)) {\n return true;\n }\n } else if (hostname === pattern) {\n return true;\n }\n }\n return false;\n}\n\n/**\n * Check if an IPv4 address falls within any blocked CIDR range.\n */\nexport function isIpInBlockedCidrs(ip: string, cidrs: string[]): boolean {\n // Handle IPv4-mapped IPv6\n const normalizedIp = normalizeIp(ip);\n if (!normalizedIp) return false;\n\n for (const cidr of cidrs) {\n if (cidr.includes(\":\")) {\n // IPv6 CIDR — skip for IPv4 addresses\n if (!ip.includes(\":\")) continue;\n if (isIpv6InCidr(ip, cidr)) return true;\n } else {\n if (isIpv4InCidr(normalizedIp, cidr)) return true;\n }\n }\n return false;\n}\n\nfunction normalizeIp(ip: string): string | null {\n // Handle IPv4-mapped IPv6 (e.g. \"::ffff:127.0.0.1\")\n if (ip.startsWith(\"::ffff:\")) {\n return ip.slice(7);\n }\n // Pure IPv4\n if (/^\\d+\\.\\d+\\.\\d+\\.\\d+$/.test(ip)) {\n return ip;\n }\n return null;\n}\n\nfunction isIpv4InCidr(ip: string, cidr: string): boolean {\n const [cidrIp, prefixStr] = cidr.split(\"/\");\n if (!cidrIp || !prefixStr) return false;\n\n const prefix = parseInt(prefixStr, 10);\n if (isNaN(prefix) || prefix < 0 || prefix > 32) return false;\n\n const ipNum = ipv4ToNum(ip);\n const cidrNum = ipv4ToNum(cidrIp);\n if (ipNum === null || cidrNum === null) return false;\n\n const mask = prefix === 0 ? 0 : (~0 << (32 - prefix)) >>> 0;\n return (ipNum & mask) === (cidrNum & mask);\n}\n\nfunction ipv4ToNum(ip: string): number | null {\n const parts = ip.split(\".\");\n if (parts.length !== 4) return null;\n let num = 0;\n for (const part of parts) {\n const n = parseInt(part, 10);\n if (isNaN(n) || n < 0 || n > 255) return null;\n num = (num << 8) | n;\n }\n return num >>> 0;\n}\n\nfunction isIpv6InCidr(ip: string, cidr: string): boolean {\n // Simplified IPv6 CIDR matching for common cases (::1, fc00::, fe80::)\n const [cidrIp, prefixStr] = cidr.split(\"/\");\n if (!cidrIp || !prefixStr) return false;\n\n const prefix = parseInt(prefixStr, 10);\n if (isNaN(prefix)) return false;\n\n const ipBytes = expandIpv6(ip);\n const cidrBytes = expandIpv6(cidrIp);\n if (!ipBytes || !cidrBytes) return false;\n\n // Compare prefix bits\n const fullBytes = Math.floor(prefix / 8);\n for (let i = 0; i < fullBytes && i < 16; i++) {\n if (ipBytes[i] !== cidrBytes[i]) return false;\n }\n\n const remainingBits = prefix % 8;\n if (remainingBits > 0 && fullBytes < 16) {\n const mask = (~0 << (8 - remainingBits)) & 0xff;\n if ((ipBytes[fullBytes]! & mask) !== (cidrBytes[fullBytes]! & mask)) return false;\n }\n\n return true;\n}\n\nfunction expandIpv6(ip: string): number[] | null {\n // Remove zone ID\n const zoneIdx = ip.indexOf(\"%\");\n if (zoneIdx !== -1) ip = ip.slice(0, zoneIdx);\n\n const parts = ip.split(\"::\");\n if (parts.length > 2) return null;\n\n const bytes: number[] = new Array(16).fill(0);\n\n const expandGroup = (group: string): number[] => {\n if (!group) return [];\n return group.split(\":\").flatMap((hex) => {\n const val = parseInt(hex || \"0\", 16);\n return [(val >> 8) & 0xff, val & 0xff];\n });\n };\n\n if (parts.length === 1) {\n const expanded = expandGroup(parts[0]!);\n if (expanded.length !== 16) return null;\n return expanded;\n }\n\n const left = expandGroup(parts[0]!);\n const right = expandGroup(parts[1]!);\n\n if (left.length + right.length > 16) return null;\n\n for (let i = 0; i < left.length; i++) bytes[i] = left[i]!;\n for (let i = 0; i < right.length; i++) bytes[16 - right.length + i] = right[i]!;\n\n return bytes;\n}\n"]}
package/dist/security.d.ts DELETED
@@ -1,6 +0,0 @@
1
- /**
2
- * Security helpers subpath export.
3
- */
4
- export { resolveSandboxedPath, setSandboxValidationEnabled } from "./security/sandbox.js";
5
- export { validateUrl, isIpInBlockedCidrs } from "./security/ssrf.js";
6
- //# sourceMappingURL=security.d.ts.map
package/dist/security.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,oBAAoB,EAAE,2BAA2B,EAAE,MAAM,uBAAuB,CAAC;AAC1F,OAAO,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC"}
package/dist/security.js DELETED
@@ -1,182 +0,0 @@
1
- export { resolveSandboxedPath, setSandboxValidationEnabled } from './chunk-QXQ4477T.js';
2
- import { createTaggedError } from './chunk-RZTTO5MQ.js';
3
- import { lookup } from 'dns/promises';
4
-
5
- async function validateUrl(url, options) {
6
- let parsed;
7
- try {
8
- parsed = new URL(url);
9
- } catch {
10
- throw createTaggedError(
11
- "HTTP_DISALLOWED_HOST",
12
- `Invalid URL: ${url}`,
13
- { url }
14
- );
15
- }
16
- if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
17
- throw createTaggedError(
18
- "HTTP_DISALLOWED_HOST",
19
- `Protocol not allowed: ${parsed.protocol}. Only http: and https: are supported.`,
20
- { url, protocol: parsed.protocol }
21
- );
22
- }
23
- const hostname = parsed.hostname;
24
- if (!isHostAllowed(hostname, options.allowedHosts)) {
25
- throw createTaggedError(
26
- "HTTP_DISALLOWED_HOST",
27
- `Host "${hostname}" is not in the allowed hosts list`,
28
- { url, hostname, allowedHosts: options.allowedHosts }
29
- );
30
- }
31
- if (isHostBlocked(hostname, options.blockedHosts)) {
32
- throw createTaggedError(
33
- "HTTP_DISALLOWED_HOST",
34
- `Host "${hostname}" is in the blocked hosts list`,
35
- { url, hostname, blockedHosts: options.blockedHosts }
36
- );
37
- }
38
- try {
39
- const { address } = await lookup(hostname);
40
- if (isIpInBlockedCidrs(address, options.blockedCidrs)) {
41
- throw createTaggedError(
42
- "HTTP_DISALLOWED_HOST",
43
- `Host "${hostname}" resolves to blocked IP: ${address}`,
44
- { url, hostname, resolvedIp: address }
45
- );
46
- }
47
- } catch (err) {
48
- if (err instanceof Error && err.kind === "HTTP_DISALLOWED_HOST") {
49
- throw err;
50
- }
51
- throw createTaggedError(
52
- "HTTP_DISALLOWED_HOST",
53
- `DNS resolution failed for host "${hostname}": ${err instanceof Error ? err.message : String(err)}`,
54
- { url, hostname }
55
- );
56
- }
57
- return parsed;
58
- }
59
- function isHostAllowed(hostname, allowedHosts) {
60
- for (const pattern of allowedHosts) {
61
- if (pattern === "*") {
62
- return true;
63
- }
64
- if (pattern.startsWith("*.")) {
65
- const suffix = pattern.slice(1);
66
- if (hostname.endsWith(suffix) || hostname === pattern.slice(2)) {
67
- return true;
68
- }
69
- } else if (hostname === pattern) {
70
- return true;
71
- }
72
- }
73
- return false;
74
- }
75
- function isHostBlocked(hostname, blockedHosts) {
76
- for (const pattern of blockedHosts) {
77
- if (pattern === "*") {
78
- return true;
79
- }
80
- if (pattern.startsWith("*.")) {
81
- const suffix = pattern.slice(1);
82
- if (hostname.endsWith(suffix) || hostname === pattern.slice(2)) {
83
- return true;
84
- }
85
- } else if (hostname === pattern) {
86
- return true;
87
- }
88
- }
89
- return false;
90
- }
91
- function isIpInBlockedCidrs(ip, cidrs) {
92
- const normalizedIp = normalizeIp(ip);
93
- if (!normalizedIp) return false;
94
- for (const cidr of cidrs) {
95
- if (cidr.includes(":")) {
96
- if (!ip.includes(":")) continue;
97
- if (isIpv6InCidr(ip, cidr)) return true;
98
- } else {
99
- if (isIpv4InCidr(normalizedIp, cidr)) return true;
100
- }
101
- }
102
- return false;
103
- }
104
- function normalizeIp(ip) {
105
- if (ip.startsWith("::ffff:")) {
106
- return ip.slice(7);
107
- }
108
- if (/^\d+\.\d+\.\d+\.\d+$/.test(ip)) {
109
- return ip;
110
- }
111
- return null;
112
- }
113
- function isIpv4InCidr(ip, cidr) {
114
- const [cidrIp, prefixStr] = cidr.split("/");
115
- if (!cidrIp || !prefixStr) return false;
116
- const prefix = parseInt(prefixStr, 10);
117
- if (isNaN(prefix) || prefix < 0 || prefix > 32) return false;
118
- const ipNum = ipv4ToNum(ip);
119
- const cidrNum = ipv4ToNum(cidrIp);
120
- if (ipNum === null || cidrNum === null) return false;
121
- const mask = prefix === 0 ? 0 : -1 << 32 - prefix >>> 0;
122
- return (ipNum & mask) === (cidrNum & mask);
123
- }
124
- function ipv4ToNum(ip) {
125
- const parts = ip.split(".");
126
- if (parts.length !== 4) return null;
127
- let num = 0;
128
- for (const part of parts) {
129
- const n = parseInt(part, 10);
130
- if (isNaN(n) || n < 0 || n > 255) return null;
131
- num = num << 8 | n;
132
- }
133
- return num >>> 0;
134
- }
135
- function isIpv6InCidr(ip, cidr) {
136
- const [cidrIp, prefixStr] = cidr.split("/");
137
- if (!cidrIp || !prefixStr) return false;
138
- const prefix = parseInt(prefixStr, 10);
139
- if (isNaN(prefix)) return false;
140
- const ipBytes = expandIpv6(ip);
141
- const cidrBytes = expandIpv6(cidrIp);
142
- if (!ipBytes || !cidrBytes) return false;
143
- const fullBytes = Math.floor(prefix / 8);
144
- for (let i = 0; i < fullBytes && i < 16; i++) {
145
- if (ipBytes[i] !== cidrBytes[i]) return false;
146
- }
147
- const remainingBits = prefix % 8;
148
- if (remainingBits > 0 && fullBytes < 16) {
149
- const mask = -1 << 8 - remainingBits & 255;
150
- if ((ipBytes[fullBytes] & mask) !== (cidrBytes[fullBytes] & mask)) return false;
151
- }
152
- return true;
153
- }
154
- function expandIpv6(ip) {
155
- const zoneIdx = ip.indexOf("%");
156
- if (zoneIdx !== -1) ip = ip.slice(0, zoneIdx);
157
- const parts = ip.split("::");
158
- if (parts.length > 2) return null;
159
- const bytes = new Array(16).fill(0);
160
- const expandGroup = (group) => {
161
- if (!group) return [];
162
- return group.split(":").flatMap((hex) => {
163
- const val = parseInt(hex || "0", 16);
164
- return [val >> 8 & 255, val & 255];
165
- });
166
- };
167
- if (parts.length === 1) {
168
- const expanded = expandGroup(parts[0]);
169
- if (expanded.length !== 16) return null;
170
- return expanded;
171
- }
172
- const left = expandGroup(parts[0]);
173
- const right = expandGroup(parts[1]);
174
- if (left.length + right.length > 16) return null;
175
- for (let i = 0; i < left.length; i++) bytes[i] = left[i];
176
- for (let i = 0; i < right.length; i++) bytes[16 - right.length + i] = right[i];
177
- return bytes;
178
- }
179
-
180
- export { isIpInBlockedCidrs, validateUrl };
181
- //# sourceMappingURL=security.js.map
182
- //# sourceMappingURL=security.js.map
package/dist/security.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/security/ssrf.ts"],"names":[],"mappings":";;;;AAsBA,eAAsB,WAAA,CAAY,KAAa,OAAA,EAA2C;AACxF,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,IAAI,IAAI,GAAG,CAAA;AAAA,EACtB,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,iBAAA;AAAA,MACJ,sBAAA;AAAA,MACA,gBAAgB,GAAG,CAAA,CAAA;AAAA,MACnB,EAAE,GAAA;AAAI,KACR;AAAA,EACF;AAGA,EAAA,IAAI,MAAA,CAAO,QAAA,KAAa,OAAA,IAAW,MAAA,CAAO,aAAa,QAAA,EAAU;AAC/D,IAAA,MAAM,iBAAA;AAAA,MACJ,sBAAA;AAAA,MACA,CAAA,sBAAA,EAAyB,OAAO,QAAQ,CAAA,sCAAA,CAAA;AAAA,MACxC,EAAE,GAAA,EAAK,QAAA,EAAU,MAAA,CAAO,QAAA;AAAS,KACnC;AAAA,EACF;AAEA,EAAA,MAAM,WAAW,MAAA,CAAO,QAAA;AAExB,EAAA,IAAI,CAAC,aAAA,CAAc,QAAA,EAAU,OAAA,CAAQ,YAAY,CAAA,EAAG;AAClD,IAAA,MAAM,iBAAA;AAAA,MACJ,sBAAA;AAAA,MACA,SAAS,QAAQ,CAAA,kCAAA,CAAA;AAAA,MACjB,EAAE,GAAA,EAAK,QAAA,EAAU,YAAA,EAAc,QAAQ,YAAA;AAAa,KACtD;AAAA,EACF;AACA,EAAA,IAAI,aAAA,CAAc,QAAA,EAAU,OAAA,CAAQ,YAAY,CAAA,EAAG;AACjD,IAAA,MAAM,iBAAA;AAAA,MACJ,sBAAA;AAAA,MACA,SAAS,QAAQ,CAAA,8BAAA,CAAA;AAAA,MACjB,EAAE,GAAA,EAAK,QAAA,EAAU,YAAA,EAAc,QAAQ,YAAA;AAAa,KACtD;AAAA,EACF;AAGA,EAAA,IAAI;AACF,IAAA,MAAM,EAAE,OAAA,EAAQ,GAAI,MAAM,OAAO,QAAQ,CAAA;AACzC,IAAA,IAAI,kBAAA,CAAmB,OAAA,EAAS,OAAA,CAAQ,YAAY,CAAA,EAAG;AACrD,MAAA,MAAM,iBAAA;AAAA,QACJ,sBAAA;AAAA,QACA,CAAA,MAAA,EAAS,QAAQ,CAAA,0BAAA,EAA6B,OAAO,CAAA,CAAA;AAAA,QACrD,EAAE,GAAA,EAAK,QAAA,EAAU,UAAA,EAAY,OAAA;AAAQ,OACvC;AAAA,IACF;AAAA,EACF,SAAS,GAAA,EAAK;AAEZ,IAAA,IAAI,GAAA,YAAe,KAAA,IAAU,GAAA,CAAY,IAAA,KAAS,sBAAA,EAAwB;AACxE,MAAA,MAAM,GAAA;AAAA,IACR;AAEA,IAAA,MAAM,iBAAA;AAAA,MACJ,sBAAA;AAAA,MACA,CAAA,gCAAA,EAAmC,QAAQ,CAAA,GAAA,EAAM,GAAA,YAAe,QAAQ,GAAA,CAAI,OAAA,GAAU,MAAA,CAAO,GAAG,CAAC,CAAA,CAAA;AAAA,MACjG,EAAE,KAAK,QAAA;AAAS,KAClB;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAMA,SAAS,aAAA,CAAc,UAAkB,YAAA,EAAiC;AACxE,EAAA,KAAA,MAAW,WAAW,YAAA,EAAc;AAClC,IAAA,IAAI,YAAY,GAAA,EAAK;AACnB,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,IAAI,CAAA,EAAG;AAC5B,MAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,KAAA,CAAM,CAAC,CAAA;AAC9B,MAAA,IAAI,QAAA,CAAS,SAAS,MAAM,CAAA,IAAK,aAAa,OAAA,CAAQ,KAAA,CAAM,CAAC,CAAA,EAAG;AAC9D,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF,CAAA,MAAA,IAAW,aAAa,OAAA,EAAS;AAC/B,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,KAAA;AACT;AAKA,SAAS,aAAA,CAAc,UAAkB,YAAA,EAAiC;AACxE,EAAA,KAAA,MAAW,WAAW,YAAA,EAAc;AAClC,IAAA,IAAI,YAAY,GAAA,EAAK;AACnB,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,IAAI,OAAA,CAAQ,UAAA,CAAW,IAAI,CAAA,EAAG;AAC5B,MAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,KAAA,CAAM,CAAC,CAAA;AAC9B,MAAA,IAAI,QAAA,CAAS,SAAS,MAAM,CAAA,IAAK,aAAa,OAAA,CAAQ,KAAA,CAAM,CAAC,CAAA,EAAG;AAC9D,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF,CAAA,MAAA,IAAW,aAAa,OAAA,EAAS;AAC/B,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,KAAA;AACT;AAKO,SAAS,kBAAA,CAAmB,IAAY,KAAA,EAA0B;AAEvE,EAAA,MAAM,YAAA,GAAe,YAAY,EAAE,CAAA;AACnC,EAAA,IAAI,CAAC,cAAc,OAAO,KAAA;AAE1B,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,IAAI,IAAA,CAAK,QAAA,CAAS,GAAG,CAAA,EAAG;AAEtB,MAAA,IAAI,CAAC,EAAA,CAAG,QAAA,CAAS,GAAG,CAAA,EAAG;AACvB,MAAA,IAAI,YAAA,CAAa,EAAA,EAAI,IAAI,CAAA,EAAG,OAAO,IAAA;AAAA,IACrC,CAAA,MAAO;AACL,MAAA,IAAI,YAAA,CAAa,YAAA,EAAc,IAAI,CAAA,EAAG,OAAO,IAAA;AAAA,IAC/C;AAAA,EACF;AACA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,YAAY,EAAA,EAA2B;AAE9C,EAAA,IAAI,EAAA,CAAG,UAAA,CAAW,SAAS,CAAA,EAAG;AAC5B,IAAA,OAAO,EAAA,CAAG,MAAM,CAAC,CAAA;AAAA,EACnB;AAEA,EAAA,IAAI,sBAAA,CAAuB,IAAA,CAAK,EAAE,CAAA,EAAG;AACnC,IAAA,OAAO,EAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,YAAA,CAAa,IAAY,IAAA,EAAuB;AACvD,EAAA,MAAM,CAAC,MAAA,EAAQ,SAAS,CAAA,GAAI,IAAA,CAAK,MAAM,GAAG,CAAA;AAC1C,EAAA,IAAI,CAAC,MAAA,IAAU,CAAC,SAAA,EAAW,OAAO,KAAA;AAElC,EAAA,MAAM,MAAA,GAAS,QAAA,CAAS,SAAA,EAAW,EAAE,CAAA;AACrC,EAAA,IAAI,MAAM,MAAM,CAAA,IAAK,SAAS,CAAA,IAAK,MAAA,GAAS,IAAI,OAAO,KAAA;AAEvD,EAAA,MAAM,KAAA,GAAQ,UAAU,EAAE,CAAA;AAC1B,EAAA,MAAM,OAAA,GAAU,UAAU,MAAM,CAAA;AAChC,EAAA,IAAI,KAAA,KAAU,IAAA,IAAQ,OAAA,KAAY,IAAA,EAAM,OAAO,KAAA;AAE/C,EAAA,MAAM,OAAO,MAAA,KAAW,CAAA,GAAI,IAAK,EAAC,IAAM,KAAK,MAAA,KAAa,CAAA;AAC1D,EAAA,OAAA,CAAQ,KAAA,GAAQ,WAAW,OAAA,GAAU,IAAA,CAAA;AACvC;AAEA,SAAS,UAAU,EAAA,EAA2B;AAC5C,EAAA,MAAM,KAAA,GAAQ,EAAA,CAAG,KAAA,CAAM,GAAG,CAAA;AAC1B,EAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,EAAG,OAAO,IAAA;AAC/B,EAAA,IAAI,GAAA,GAAM,CAAA;AACV,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,MAAM,CAAA,GAAI,QAAA,CAAS,IAAA,EAAM,EAAE,CAAA;AAC3B,IAAA,IAAI,MAAM,CAAC,CAAA,IAAK,IAAI,CAAA,IAAK,CAAA,GAAI,KAAK,OAAO,IAAA;AACzC,IAAA,GAAA,GAAO,OAAO,CAAA,GAAK,CAAA;AAAA,EACrB;AACA,EAAA,OAAO,GAAA,KAAQ,CAAA;AACjB;AAEA,SAAS,YAAA,CAAa,IAAY,IAAA,EAAuB;AAEvD,EAAA,MAAM,CAAC,MAAA,EAAQ,SAAS,CAAA,GAAI,IAAA,CAAK,MAAM,GAAG,CAAA;AAC1C,EAAA,IAAI,CAAC,MAAA,IAAU,CAAC,SAAA,EAAW,OAAO,KAAA;AAElC,EAAA,MAAM,MAAA,GAAS,QAAA,CAAS,SAAA,EAAW,EAAE,CAAA;AACrC,EAAA,IAAI,KAAA,CAAM,MAAM,CAAA,EAAG,OAAO,KAAA;AAE1B,EAAA,MAAM,OAAA,GAAU,WAAW,EAAE,CAAA;AAC7B,EAAA,MAAM,SAAA,GAAY,WAAW,MAAM,CAAA;AACnC,EAAA,IAAI,CAAC,OAAA,IAAW,CAAC,SAAA,EAAW,OAAO,KAAA;AAGnC,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,KAAA,CAAM,MAAA,GAAS,CAAC,CAAA;AACvC,EAAA,KAAA,IAAS,IAAI,CAAA,EAAG,CAAA,GAAI,SAAA,IAAa,CAAA,GAAI,IAAI,CAAA,EAAA,EAAK;AAC5C,IAAA,IAAI,QAAQ,CAAC,CAAA,KAAM,SAAA,CAAU,CAAC,GAAG,OAAO,KAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,gBAAgB,MAAA,GAAS,CAAA;AAC/B,EAAA,IAAI,aAAA,GAAgB,CAAA,IAAK,SAAA,GAAY,EAAA,EAAI;AACvC,IAAA,MAAM,IAAA,GAAQ,EAAC,IAAM,CAAA,GAAI,aAAA,GAAkB,GAAA;AAC3C,IAAA,IAAA,CAAK,OAAA,CAAQ,SAAS,CAAA,GAAK,IAAA,OAAW,UAAU,SAAS,CAAA,GAAK,OAAO,OAAO,KAAA;AAAA,EAC9E;AAEA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,WAAW,EAAA,EAA6B;AAE/C,EAAA,MAAM,OAAA,GAAU,EAAA,CAAG,OAAA,CAAQ,GAAG,CAAA;AAC9B,EAAA,IAAI,YAAY,EAAA,EAAI,EAAA,GAAK,EAAA,CAAG,KAAA,CAAM,GAAG,OAAO,CAAA;AAE5C,EAAA,MAAM,KAAA,GAAQ,EAAA,CAAG,KAAA,CAAM,IAAI,CAAA;AAC3B,EAAA,IAAI,KAAA,CAAM,MAAA,GAAS,CAAA,EAAG,OAAO,IAAA;AAE7B,EAAA,MAAM,QAAkB,IAAI,KAAA,CAAM,EAAE,CAAA,CAAE,KAAK,CAAC,CAAA;AAE5C,EAAA,MAAM,WAAA,GAAc,CAAC,KAAA,KAA4B;AAC/C,IAAA,IAAI,CAAC,KAAA,EAAO,OAAO,EAAC;AACpB,IAAA,OAAO,MAAM,KAAA,CAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,CAAC,GAAA,KAAQ;AACvC,MAAA,MAAM,GAAA,GAAM,QAAA,CAAS,GAAA,IAAO,GAAA,EAAK,EAAE,CAAA;AACnC,MAAA,OAAO,CAAE,GAAA,IAAO,CAAA,GAAK,GAAA,EAAM,MAAM,GAAI,CAAA;AAAA,IACvC,CAAC,CAAA;AAAA,EACH,CAAA;AAEA,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,QAAA,GAAW,WAAA,CAAY,KAAA,CAAM,CAAC,CAAE,CAAA;AACtC,IAAA,IAAI,QAAA,CAAS,MAAA,KAAW,EAAA,EAAI,OAAO,IAAA;AACnC,IAAA,OAAO,QAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAA,GAAO,WAAA,CAAY,KAAA,CAAM,CAAC,CAAE,CAAA;AAClC,EAAA,MAAM,KAAA,GAAQ,WAAA,CAAY,KAAA,CAAM,CAAC,CAAE,CAAA;AAEnC,EAAA,IAAI,IAAA,CAAK,MAAA,GAAS,KAAA,CAAM,MAAA,GAAS,IAAI,OAAO,IAAA;AAE5C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,IAAA,CAAK,MAAA,EAAQ,KAAK,KAAA,CAAM,CAAC,CAAA,GAAI,IAAA,CAAK,CAAC,CAAA;AACvD,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,MAAA,EAAQ,CAAA,EAAA,EAAK,KAAA,CAAM,EAAA,GAAK,KAAA,CAAM,MAAA,GAAS,CAAC,CAAA,GAAI,MAAM,CAAC,CAAA;AAE7E,EAAA,OAAO,KAAA;AACT","file":"security.js","sourcesContent":["import { lookup } from \"node:dns/promises\";\nimport { createTaggedError } from \"../core/runtime/Retry.js\";\n\n/**\n * Options for validateUrl. Unified rule: allow iff host is in allowedHosts AND not in blockedHosts.\n * - \"Default allow all + blocklist\": allowedHosts: [\"*\"], blockedHosts: [\"*.internal\", ...]\n * - \"Default disallow all + allowlist\": allowedHosts: [\"api.github.com\", ...], blockedHosts: []\n */\nexport interface ValidateUrlOptions {\n /** Allow only these hosts. Use [\"*\"] for allow-all. Supports \"*.example.com\", exact host. */\n allowedHosts: string[];\n /** Block these hosts even if allowed. Supports \"*.internal\", exact host. Merged with allowlist. */\n blockedHosts: string[];\n /** CIDR ranges to block (resolved IP). */\n blockedCidrs: string[];\n}\n\n/**\n * Validate a URL: allow iff (host in allowedHosts) AND (host not in blockedHosts). Then check blockedCidrs on resolved IP.\n *\n * @throws HTTP_DISALLOWED_HOST if the URL is blocked\n */\nexport async function validateUrl(url: string, options: ValidateUrlOptions): Promise<URL> {\n let parsed: URL;\n try {\n parsed = new URL(url);\n } catch {\n throw createTaggedError(\n \"HTTP_DISALLOWED_HOST\",\n `Invalid URL: ${url}`,\n { url },\n );\n }\n\n // Only allow http/https\n if (parsed.protocol !== \"http:\" && parsed.protocol !== \"https:\") {\n throw createTaggedError(\n \"HTTP_DISALLOWED_HOST\",\n `Protocol not allowed: ${parsed.protocol}. Only http: and https: are supported.`,\n { url, protocol: parsed.protocol },\n );\n }\n\n const hostname = parsed.hostname;\n\n if (!isHostAllowed(hostname, options.allowedHosts)) {\n throw createTaggedError(\n \"HTTP_DISALLOWED_HOST\",\n `Host \"${hostname}\" is not in the allowed hosts list`,\n { url, hostname, allowedHosts: options.allowedHosts },\n );\n }\n if (isHostBlocked(hostname, options.blockedHosts)) {\n throw createTaggedError(\n \"HTTP_DISALLOWED_HOST\",\n `Host \"${hostname}\" is in the blocked hosts list`,\n { url, hostname, blockedHosts: options.blockedHosts },\n );\n }\n\n // DNS resolve and check against blocked CIDRs\n try {\n const { address } = await lookup(hostname);\n if (isIpInBlockedCidrs(address, options.blockedCidrs)) {\n throw createTaggedError(\n \"HTTP_DISALLOWED_HOST\",\n `Host \"${hostname}\" resolves to blocked IP: ${address}`,\n { url, hostname, resolvedIp: address },\n );\n }\n } catch (err) {\n // Re-throw our tagged errors\n if (err instanceof Error && (err as any).kind === \"HTTP_DISALLOWED_HOST\") {\n throw err;\n }\n // DNS resolution failure — block by default\n throw createTaggedError(\n \"HTTP_DISALLOWED_HOST\",\n `DNS resolution failed for host \"${hostname}\": ${err instanceof Error ? err.message : String(err)}`,\n { url, hostname },\n );\n }\n\n return parsed;\n}\n\n/**\n * Check if a hostname matches any entry in the allowed hosts list.\n * Supports: exact \"*\" (allow any host), wildcard prefix (e.g. \"*.github.com\"), or exact host.\n */\nfunction isHostAllowed(hostname: string, allowedHosts: string[]): boolean {\n for (const pattern of allowedHosts) {\n if (pattern === \"*\") {\n return true;\n }\n if (pattern.startsWith(\"*.\")) {\n const suffix = pattern.slice(1); // \".github.com\"\n if (hostname.endsWith(suffix) || hostname === pattern.slice(2)) {\n return true;\n }\n } else if (hostname === pattern) {\n return true;\n }\n }\n return false;\n}\n\n/**\n * Check if a hostname matches any entry in the blocked hosts list (same pattern rules as allowlist).\n */\nfunction isHostBlocked(hostname: string, blockedHosts: string[]): boolean {\n for (const pattern of blockedHosts) {\n if (pattern === \"*\") {\n return true;\n }\n if (pattern.startsWith(\"*.\")) {\n const suffix = pattern.slice(1);\n if (hostname.endsWith(suffix) || hostname === pattern.slice(2)) {\n return true;\n }\n } else if (hostname === pattern) {\n return true;\n }\n }\n return false;\n}\n\n/**\n * Check if an IPv4 address falls within any blocked CIDR range.\n */\nexport function isIpInBlockedCidrs(ip: string, cidrs: string[]): boolean {\n // Handle IPv4-mapped IPv6\n const normalizedIp = normalizeIp(ip);\n if (!normalizedIp) return false;\n\n for (const cidr of cidrs) {\n if (cidr.includes(\":\")) {\n // IPv6 CIDR — skip for IPv4 addresses\n if (!ip.includes(\":\")) continue;\n if (isIpv6InCidr(ip, cidr)) return true;\n } else {\n if (isIpv4InCidr(normalizedIp, cidr)) return true;\n }\n }\n return false;\n}\n\nfunction normalizeIp(ip: string): string | null {\n // Handle IPv4-mapped IPv6 (e.g. \"::ffff:127.0.0.1\")\n if (ip.startsWith(\"::ffff:\")) {\n return ip.slice(7);\n }\n // Pure IPv4\n if (/^\\d+\\.\\d+\\.\\d+\\.\\d+$/.test(ip)) {\n return ip;\n }\n return null;\n}\n\nfunction isIpv4InCidr(ip: string, cidr: string): boolean {\n const [cidrIp, prefixStr] = cidr.split(\"/\");\n if (!cidrIp || !prefixStr) return false;\n\n const prefix = parseInt(prefixStr, 10);\n if (isNaN(prefix) || prefix < 0 || prefix > 32) return false;\n\n const ipNum = ipv4ToNum(ip);\n const cidrNum = ipv4ToNum(cidrIp);\n if (ipNum === null || cidrNum === null) return false;\n\n const mask = prefix === 0 ? 0 : (~0 << (32 - prefix)) >>> 0;\n return (ipNum & mask) === (cidrNum & mask);\n}\n\nfunction ipv4ToNum(ip: string): number | null {\n const parts = ip.split(\".\");\n if (parts.length !== 4) return null;\n let num = 0;\n for (const part of parts) {\n const n = parseInt(part, 10);\n if (isNaN(n) || n < 0 || n > 255) return null;\n num = (num << 8) | n;\n }\n return num >>> 0;\n}\n\nfunction isIpv6InCidr(ip: string, cidr: string): boolean {\n // Simplified IPv6 CIDR matching for common cases (::1, fc00::, fe80::)\n const [cidrIp, prefixStr] = cidr.split(\"/\");\n if (!cidrIp || !prefixStr) return false;\n\n const prefix = parseInt(prefixStr, 10);\n if (isNaN(prefix)) return false;\n\n const ipBytes = expandIpv6(ip);\n const cidrBytes = expandIpv6(cidrIp);\n if (!ipBytes || !cidrBytes) return false;\n\n // Compare prefix bits\n const fullBytes = Math.floor(prefix / 8);\n for (let i = 0; i < fullBytes && i < 16; i++) {\n if (ipBytes[i] !== cidrBytes[i]) return false;\n }\n\n const remainingBits = prefix % 8;\n if (remainingBits > 0 && fullBytes < 16) {\n const mask = (~0 << (8 - remainingBits)) & 0xff;\n if ((ipBytes[fullBytes]! & mask) !== (cidrBytes[fullBytes]! & mask)) return false;\n }\n\n return true;\n}\n\nfunction expandIpv6(ip: string): number[] | null {\n // Remove zone ID\n const zoneIdx = ip.indexOf(\"%\");\n if (zoneIdx !== -1) ip = ip.slice(0, zoneIdx);\n\n const parts = ip.split(\"::\");\n if (parts.length > 2) return null;\n\n const bytes: number[] = new Array(16).fill(0);\n\n const expandGroup = (group: string): number[] => {\n if (!group) return [];\n return group.split(\":\").flatMap((hex) => {\n const val = parseInt(hex || \"0\", 16);\n return [(val >> 8) & 0xff, val & 0xff];\n });\n };\n\n if (parts.length === 1) {\n const expanded = expandGroup(parts[0]!);\n if (expanded.length !== 16) return null;\n return expanded;\n }\n\n const left = expandGroup(parts[0]!);\n const right = expandGroup(parts[1]!);\n\n if (left.length + right.length > 16) return null;\n\n for (let i = 0; i < left.length; i++) bytes[i] = left[i]!;\n for (let i = 0; i < right.length; i++) bytes[16 - right.length + i] = right[i]!;\n\n return bytes;\n}\n"]}