@fractary/faber-cli 1.1.0 → 1.2.0

package/dist/utils/validation.d.ts

@@ -27,4 +27,75 @@ export declare function parseOptionalInteger(value: string | undefined, fieldNam
  * @throws Error if value is not a valid positive integer
  */
 export declare function parsePositiveInteger(value: string, fieldName: string): number;
+/**
+ * Validates work ID format
+ * Work IDs must be numeric (GitHub issue numbers)
+ *
+ * @param workId - Work ID to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export declare function validateWorkId(workId: string): boolean;
+/**
+ * Validates multiple comma-separated work IDs
+ *
+ * @param workIds - Comma-separated work IDs
+ * @returns Array of validated work IDs
+ * @throws Error if any ID is invalid
+ */
+export declare function validateWorkIds(workIds: string): string[];
+/**
+ * Validates label format
+ * Labels must be alphanumeric with hyphens, colons, and underscores only
+ *
+ * @param label - Label to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export declare function validateLabel(label: string): boolean;
+/**
+ * Validates multiple comma-separated labels
+ *
+ * @param labels - Comma-separated labels
+ * @returns Array of validated labels
+ * @throws Error if any label is invalid
+ */
+export declare function validateLabels(labels: string): string[];
+/**
+ * Validates workflow name format
+ * Workflow names must be alphanumeric with hyphens and underscores
+ *
+ * @param workflowName - Workflow name to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export declare function validateWorkflowName(workflowName: string): boolean;
+/**
+ * Validates and sanitizes file path to prevent path traversal
+ * Ensures path doesn't contain dangerous patterns like ../, absolute paths, etc.
+ *
+ * @param filePath - File path to validate
+ * @param baseDir - Base directory that path must be relative to (optional)
+ * @returns Sanitized path
+ * @throws Error if path is unsafe
+ */
+export declare function validateSafePath(filePath: string, baseDir?: string): string;
+/**
+ * Validates JSON response size to prevent DoS attacks
+ *
+ * @param jsonString - JSON string to validate
+ * @param maxSizeBytes - Maximum allowed size in bytes (default: 1MB)
+ * @returns True if valid
+ * @throws Error if too large
+ */
+export declare function validateJsonSize(jsonString: string, maxSizeBytes?: number): boolean;
+/**
+ * Validates plan ID format
+ * Plan IDs follow format: fractary-faber-{work-id}-{YYYYMMDD}-{HHMMSS}
+ *
+ * @param planId - Plan ID to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export declare function validatePlanId(planId: string): boolean;
 //# sourceMappingURL=validation.d.ts.map

package/dist/utils/validation.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAY1E;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAMrG;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAQ7E"}
+{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAY1E;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAMrG;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAQ7E;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAWtD;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAiBzD;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAYpD;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAiBvD;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAYlE;AAED;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CAoC3E;AAED;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,GAAE,MAAoB,GAAG,OAAO,CAYhG;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAUtD"}

package/dist/utils/validation.js

@@ -47,3 +47,160 @@ export function parsePositiveInteger(value, fieldName) {
     }
     return parsed;
 }
+/**
+ * Validates work ID format
+ * Work IDs must be numeric (GitHub issue numbers)
+ *
+ * @param workId - Work ID to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export function validateWorkId(workId) {
+    // Work IDs must be numeric (1-8 digits for GitHub issue numbers)
+    const workIdPattern = /^\d{1,8}$/;
+    if (!workIdPattern.test(workId)) {
+        throw new Error(`Invalid work ID format: "${workId}". Work IDs must be numeric (e.g., "123", "456").`);
+    }
+    return true;
+}
+/**
+ * Validates multiple comma-separated work IDs
+ *
+ * @param workIds - Comma-separated work IDs
+ * @returns Array of validated work IDs
+ * @throws Error if any ID is invalid
+ */
+export function validateWorkIds(workIds) {
+    const ids = workIds.split(',').map(id => id.trim()).filter(Boolean);
+    if (ids.length === 0) {
+        throw new Error('No work IDs provided');
+    }
+    if (ids.length > 50) {
+        throw new Error(`Too many work IDs (${ids.length}). Maximum is 50 to prevent API overload.`);
+    }
+    // Validate each ID
+    ids.forEach(id => validateWorkId(id));
+    return ids;
+}
+/**
+ * Validates label format
+ * Labels must be alphanumeric with hyphens, colons, and underscores only
+ *
+ * @param label - Label to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export function validateLabel(label) {
+    // Labels: alphanumeric, hyphens, colons, underscores (GitHub label format)
+    // Examples: "workflow:etl", "status:approved", "priority-high"
+    const labelPattern = /^[a-zA-Z0-9_:-]{1,50}$/;
+    if (!labelPattern.test(label)) {
+        throw new Error(`Invalid label format: "${label}". Labels must be alphanumeric with hyphens, colons, or underscores (max 50 chars).`);
+    }
+    return true;
+}
+/**
+ * Validates multiple comma-separated labels
+ *
+ * @param labels - Comma-separated labels
+ * @returns Array of validated labels
+ * @throws Error if any label is invalid
+ */
+export function validateLabels(labels) {
+    const labelArray = labels.split(',').map(l => l.trim()).filter(Boolean);
+    if (labelArray.length === 0) {
+        throw new Error('No labels provided');
+    }
+    if (labelArray.length > 20) {
+        throw new Error(`Too many labels (${labelArray.length}). Maximum is 20.`);
+    }
+    // Validate each label
+    labelArray.forEach(label => validateLabel(label));
+    return labelArray;
+}
+/**
+ * Validates workflow name format
+ * Workflow names must be alphanumeric with hyphens and underscores
+ *
+ * @param workflowName - Workflow name to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export function validateWorkflowName(workflowName) {
+    // Workflow names: alphanumeric, hyphens, underscores
+    // Examples: "etl", "data-pipeline", "bugfix"
+    const workflowPattern = /^[a-zA-Z0-9_-]{1,50}$/;
+    if (!workflowPattern.test(workflowName)) {
+        throw new Error(`Invalid workflow name: "${workflowName}". Workflow names must be alphanumeric with hyphens or underscores (max 50 chars).`);
+    }
+    return true;
+}
+/**
+ * Validates and sanitizes file path to prevent path traversal
+ * Ensures path doesn't contain dangerous patterns like ../, absolute paths, etc.
+ *
+ * @param filePath - File path to validate
+ * @param baseDir - Base directory that path must be relative to (optional)
+ * @returns Sanitized path
+ * @throws Error if path is unsafe
+ */
+export function validateSafePath(filePath, baseDir) {
+    // Remove any null bytes
+    if (filePath.includes('\0')) {
+        throw new Error('Path contains null bytes');
+    }
+    // Check for path traversal patterns
+    const dangerousPatterns = [
+        /\.\./, // Parent directory (..)
+        /^\//, // Absolute path
+        /^[a-zA-Z]:\\/, // Windows absolute path
+        /^~\//, // Home directory
+    ];
+    for (const pattern of dangerousPatterns) {
+        if (pattern.test(filePath)) {
+            throw new Error(`Unsafe path detected: "${filePath}". Paths must be relative and cannot contain "..", absolute paths, or home directory references.`);
+        }
+    }
+    // Normalize path (remove redundant separators, etc.)
+    const normalized = filePath.replace(/\/+/g, '/').replace(/\\/g, '/');
+    // If base directory provided, ensure path starts with it
+    if (baseDir) {
+        const normalizedBase = baseDir.replace(/\/+$/, '');
+        if (!normalized.startsWith(normalizedBase)) {
+            throw new Error(`Path "${filePath}" must be within base directory "${baseDir}"`);
+        }
+    }
+    return normalized;
+}
+/**
+ * Validates JSON response size to prevent DoS attacks
+ *
+ * @param jsonString - JSON string to validate
+ * @param maxSizeBytes - Maximum allowed size in bytes (default: 1MB)
+ * @returns True if valid
+ * @throws Error if too large
+ */
+export function validateJsonSize(jsonString, maxSizeBytes = 1024 * 1024) {
+    const sizeBytes = Buffer.byteLength(jsonString, 'utf8');
+    if (sizeBytes > maxSizeBytes) {
+        const sizeMB = (sizeBytes / 1024 / 1024).toFixed(2);
+        const maxMB = (maxSizeBytes / 1024 / 1024).toFixed(2);
+        throw new Error(`JSON response too large: ${sizeMB}MB (maximum: ${maxMB}MB). This may indicate an API error or DoS attempt.`);
+    }
+    return true;
+}
+/**
+ * Validates plan ID format
+ * Plan IDs follow format: fractary-faber-{work-id}-{YYYYMMDD}-{HHMMSS}
+ *
+ * @param planId - Plan ID to validate
+ * @returns True if valid
+ * @throws Error if invalid
+ */
+export function validatePlanId(planId) {
+    const planIdPattern = /^fractary-faber-\d+-\d{8}-\d{6}$/;
+    if (!planIdPattern.test(planId)) {
+        throw new Error(`Invalid plan ID format: "${planId}". Expected format: fractary-faber-{work-id}-{YYYYMMDD}-{HHMMSS}`);
+    }
+    return true;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fractary/faber-cli",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "FABER CLI - Command-line interface for FABER development toolkit",
   "main": "dist/index.js",
   "bin": {