@frontmcp/plugin-codecall 0.0.1 → 0.7.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@frontmcp/plugin-codecall",
-  "version": "0.0.1",
+  "version": "0.7.0",
   "description": "CodeCall plugin for FrontMCP - AgentScript-based meta-tools for orchestrating MCP tools",
   "author": "AgentFront <info@agentfront.dev>",
   "license": "Apache-2.0",

package/providers/code-call.config.d.ts

@@ -0,0 +1,30 @@
+import { BaseConfig } from '@frontmcp/sdk';
+import { CodeCallPluginOptions } from '../codecall.types';
+import { ResolvedCodeCallVmOptions } from '../codecall.symbol';
+/**
+ * CodeCall configuration provider with convict-like API
+ * Extends BaseConfig to provide type-safe dotted path access
+ *
+ * @example
+ * // Get values with dotted path notation
+ * config.get('vm.preset') // returns 'secure'
+ * config.get('embedding.strategy') // returns 'tfidf'
+ * config.get('directCalls.enabled') // returns true
+ *
+ * // Get with default value
+ * config.get('vm.timeoutMs', 5000) // returns value or 5000
+ *
+ * // Get entire sections
+ * config.getSection('vm') // returns entire vm config
+ * config.getAll() // returns complete config
+ *
+ * // Require values (throws if undefined)
+ * config.getOrThrow('mode') // throws if undefined
+ * config.getRequired('topK') // same as getOrThrow
+ */
+export default class CodeCallConfig extends BaseConfig<CodeCallPluginOptions & {
+    resolvedVm: ResolvedCodeCallVmOptions;
+}> {
+    constructor(options?: Partial<CodeCallPluginOptions>);
+}
+//# sourceMappingURL=code-call.config.d.ts.map

package/providers/code-call.config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"code-call.config.d.ts","sourceRoot":"","sources":["../../src/providers/code-call.config.ts"],"names":[],"mappings":"AAEA,OAAO,EAA2B,UAAU,EAAE,MAAM,eAAe,CAAC;AACpE,OAAO,EACL,qBAAqB,EAItB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,yBAAyB,EAAE,MAAM,oBAAoB,CAAC;AAE/D;;;;;;;;;;;;;;;;;;;;GAoBG;AAMH,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,UAAU,CACpD,qBAAqB,GAAG;IAAE,UAAU,EAAE,yBAAyB,CAAA;CAAE,CAClE;gBACa,OAAO,GAAE,OAAO,CAAC,qBAAqB,CAAM;CASzD"}

package/security/index.d.ts

@@ -0,0 +1,3 @@
+export * from './self-reference-guard';
+export * from './tool-access-control.service';
+//# sourceMappingURL=index.d.ts.map

package/security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAEA,cAAc,wBAAwB,CAAC;AACvC,cAAc,+BAA+B,CAAC"}

package/security/self-reference-guard.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Check if a tool name is a CodeCall plugin tool that should be blocked.
+ *
+ * SECURITY: This is the FIRST check in callTool before ANY other processing.
+ * It prevents:
+ * - Recursive execution attacks (codecall:execute calling itself)
+ * - Privilege escalation via nested tool calls
+ * - Resource exhaustion through self-invocation loops
+ *
+ * @param toolName - The name of the tool being called
+ * @returns true if the tool is a blocked CodeCall tool
+ */
+export declare function isBlockedSelfReference(toolName: string): boolean;
+/**
+ * Assert that a tool call is not a self-reference.
+ * Throws SelfReferenceError if the tool is blocked.
+ *
+ * SECURITY: This function MUST be called at the very start of callTool,
+ * before any other validation or processing.
+ *
+ * @param toolName - The name of the tool being called
+ * @throws SelfReferenceError if the tool is a blocked CodeCall tool
+ */
+export declare function assertNotSelfReference(toolName: string): void;
+/**
+ * Get the list of blocked tool patterns for documentation/testing.
+ * This is informational only - the actual blocking uses isBlockedSelfReference().
+ */
+export declare function getBlockedPatterns(): {
+    prefix: string;
+    explicit: readonly string[];
+};
+//# sourceMappingURL=self-reference-guard.d.ts.map

package/security/self-reference-guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"self-reference-guard.d.ts","sourceRoot":"","sources":["../../src/security/self-reference-guard.ts"],"names":[],"mappings":"AAoBA;;;;;;;;;;;GAWG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAehE;AAED;;;;;;;;;GASG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAI7D;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,IAAI;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,CAAA;CAAE,CAKpF"}

package/security/tool-access-control.service.d.ts

@@ -0,0 +1,105 @@
+import type { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';
+/**
+ * Tool access control modes:
+ * - whitelist: Only explicitly allowed tools can be called (most secure)
+ * - blacklist: All tools allowed except explicitly blocked (default, more flexible)
+ * - dynamic: Evaluate access per-call based on custom function
+ */
+export type ToolAccessMode = 'whitelist' | 'blacklist' | 'dynamic';
+/**
+ * Tool access policy configuration.
+ */
+export interface ToolAccessPolicy {
+    /**
+     * Access control mode.
+     * @default 'blacklist'
+     */
+    mode: ToolAccessMode;
+    /**
+     * Tools explicitly allowed (for whitelist mode).
+     * Supports exact names and glob patterns (e.g., 'users:*').
+     */
+    whitelist?: string[];
+    /**
+     * Tools explicitly blocked (for blacklist mode).
+     * Supports exact names and glob patterns (e.g., 'admin:*').
+     */
+    blacklist?: string[];
+    /**
+     * Pattern-based rules that apply in addition to whitelist/blacklist.
+     */
+    patterns?: {
+        allow?: string[];
+        deny?: string[];
+    };
+    /**
+     * Custom evaluator function for dynamic mode.
+     * Called for each tool access request.
+     */
+    evaluator?: (context: ToolAccessContext) => Promise<ToolAccessDecision>;
+}
+/**
+ * Context provided to the access evaluator.
+ */
+export interface ToolAccessContext {
+    toolName: string;
+    authInfo?: AuthInfo;
+    executionId?: string;
+    callDepth: number;
+    timestamp: number;
+}
+/**
+ * Decision from the access control check.
+ */
+export interface ToolAccessDecision {
+    allowed: boolean;
+    reason?: string;
+}
+/**
+ * Tool Access Control Service
+ *
+ * Provides centralized access control for tool calls within CodeCall.
+ * Implements a layered security model:
+ *
+ * 1. Self-reference blocking (handled separately in self-reference-guard.ts)
+ * 2. Default blacklist (always enforced)
+ * 3. User-configured whitelist/blacklist
+ * 4. Pattern matching (glob patterns)
+ * 5. Dynamic evaluation (if configured)
+ */
+export declare class ToolAccessControlService {
+    private readonly policy;
+    private readonly whitelistSet;
+    private readonly blacklistSet;
+    private readonly allowPatterns;
+    private readonly denyPatterns;
+    constructor(policy?: ToolAccessPolicy);
+    /**
+     * Check if a tool can be accessed.
+     *
+     * @param toolName - The tool being accessed
+     * @param context - Optional access context for dynamic evaluation
+     * @returns Decision indicating if access is allowed
+     */
+    checkAccess(toolName: string, context?: Partial<ToolAccessContext>): Promise<ToolAccessDecision>;
+    private checkWhitelistMode;
+    private checkBlacklistMode;
+    private checkDynamicMode;
+    /**
+     * Check if a tool name matches any entry in a set (supports glob patterns).
+     */
+    private isInSet;
+    /**
+     * Convert a glob pattern to a RegExp.
+     * Supports: * (any characters), ? (single character)
+     *
+     * Security: Prevents ReDoS by limiting pattern complexity and using non-greedy matching.
+     */
+    private globToRegex;
+    /**
+     * Get the current policy configuration (for debugging/testing).
+     */
+    getPolicy(): Readonly<ToolAccessPolicy>;
+}
+export default ToolAccessControlService;
+//# sourceMappingURL=tool-access-control.service.d.ts.map

package/security/tool-access-control.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-access-control.service.d.ts","sourceRoot":"","sources":["../../src/security/tool-access-control.service.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gDAAgD,CAAC;AAE/E;;;;;GAKG;AACH,MAAM,MAAM,cAAc,GAAG,WAAW,GAAG,WAAW,GAAG,SAAS,CAAC;AAEnE;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;OAGG;IACH,IAAI,EAAE,cAAc,CAAC;IAErB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IAErB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IAErB;;OAEG;IACH,QAAQ,CAAC,EAAE;QACT,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;KACjB,CAAC;IAEF;;;OAGG;IACH,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;CACzE;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAeD;;;;;;;;;;;GAWG;AACH,qBAIa,wBAAwB;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAmB;IAC1C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAW;IACzC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAW;gBAE5B,MAAM,CAAC,EAAE,gBAAgB;IAWrC;;;;;;OAMG;IACG,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAAC,kBAAkB,CAAC;YAsCxF,kBAAkB;YAqBlB,kBAAkB;YAelB,gBAAgB;IAS9B;;OAEG;IACH,OAAO,CAAC,OAAO;IAmBf;;;;;OAKG;IACH,OAAO,CAAC,WAAW;IAenB;;OAEG;IACH,SAAS,IAAI,QAAQ,CAAC,gBAAgB,CAAC;CAGxC;AAED,eAAe,wBAAwB,CAAC"}

package/services/audit-logger.service.d.ts

@@ -0,0 +1,187 @@
+/**
+ * Audit event types for CodeCall operations.
+ */
+export declare const AUDIT_EVENT_TYPES: {
+    /** Script execution started */
+    readonly EXECUTION_START: "codecall:execution:start";
+    /** Script execution completed successfully */
+    readonly EXECUTION_SUCCESS: "codecall:execution:success";
+    /** Script execution failed */
+    readonly EXECUTION_FAILURE: "codecall:execution:failure";
+    /** Script execution timed out */
+    readonly EXECUTION_TIMEOUT: "codecall:execution:timeout";
+    /** Tool call initiated from script */
+    readonly TOOL_CALL_START: "codecall:tool:call:start";
+    /** Tool call completed successfully */
+    readonly TOOL_CALL_SUCCESS: "codecall:tool:call:success";
+    /** Tool call failed */
+    readonly TOOL_CALL_FAILURE: "codecall:tool:call:failure";
+    /** Self-reference attack blocked */
+    readonly SECURITY_SELF_REFERENCE: "codecall:security:self-reference";
+    /** Tool access denied */
+    readonly SECURITY_ACCESS_DENIED: "codecall:security:access-denied";
+    /** AST validation failed (blocked code pattern) */
+    readonly SECURITY_AST_BLOCKED: "codecall:security:ast-blocked";
+    /** Search performed */
+    readonly SEARCH_PERFORMED: "codecall:search:performed";
+    /** Tool described */
+    readonly DESCRIBE_PERFORMED: "codecall:describe:performed";
+    /** Direct invoke performed */
+    readonly INVOKE_PERFORMED: "codecall:invoke:performed";
+};
+export type AuditEventType = (typeof AUDIT_EVENT_TYPES)[keyof typeof AUDIT_EVENT_TYPES];
+/**
+ * Base audit event structure.
+ */
+export interface AuditEvent {
+    /** Event type */
+    type: AuditEventType;
+    /** ISO timestamp */
+    timestamp: string;
+    /** Unique execution ID for correlation */
+    executionId: string;
+    /** Duration in milliseconds (if applicable) */
+    durationMs?: number;
+    /** Additional event-specific data */
+    data?: Record<string, unknown>;
+}
+/**
+ * Execution audit event with script details.
+ */
+export interface ExecutionAuditEvent extends AuditEvent {
+    type: typeof AUDIT_EVENT_TYPES.EXECUTION_START | typeof AUDIT_EVENT_TYPES.EXECUTION_SUCCESS | typeof AUDIT_EVENT_TYPES.EXECUTION_FAILURE | typeof AUDIT_EVENT_TYPES.EXECUTION_TIMEOUT;
+    data: {
+        /** Script hash (NOT the full script - security!) */
+        scriptHash: string;
+        /** Script length in characters */
+        scriptLength: number;
+        /** Number of tool calls made */
+        toolCallCount?: number;
+        /** Error message (sanitized) if failed */
+        error?: string;
+    };
+}
+/**
+ * Tool call audit event.
+ */
+export interface ToolCallAuditEvent extends AuditEvent {
+    type: typeof AUDIT_EVENT_TYPES.TOOL_CALL_START | typeof AUDIT_EVENT_TYPES.TOOL_CALL_SUCCESS | typeof AUDIT_EVENT_TYPES.TOOL_CALL_FAILURE;
+    data: {
+        /** Tool name */
+        toolName: string;
+        /** Call depth (nested calls) */
+        callDepth: number;
+        /** Error code if failed */
+        errorCode?: string;
+    };
+}
+/**
+ * Security audit event.
+ */
+export interface SecurityAuditEvent extends AuditEvent {
+    type: typeof AUDIT_EVENT_TYPES.SECURITY_SELF_REFERENCE | typeof AUDIT_EVENT_TYPES.SECURITY_ACCESS_DENIED | typeof AUDIT_EVENT_TYPES.SECURITY_AST_BLOCKED;
+    data: {
+        /** What was blocked */
+        blocked: string;
+        /** Reason for blocking */
+        reason: string;
+    };
+}
+/**
+ * Audit event listener function type.
+ */
+export type AuditEventListener = (event: AuditEvent) => void;
+/**
+ * Audit Logger Service
+ *
+ * Provides centralized audit logging for all CodeCall operations.
+ * Uses the SDK event emitter pattern for integration with external systems.
+ *
+ * Security considerations:
+ * - NEVER logs full scripts (only hashes)
+ * - NEVER logs tool inputs/outputs (only metadata)
+ * - NEVER logs sensitive error details (only sanitized messages)
+ * - All events include execution ID for correlation
+ */
+export declare class AuditLoggerService {
+    private listeners;
+    private executionCounter;
+    /**
+     * Subscribe to audit events.
+     *
+     * @param listener - Function to call when events occur
+     * @returns Unsubscribe function
+     */
+    subscribe(listener: AuditEventListener): () => void;
+    /**
+     * Generate a unique execution ID.
+     */
+    generateExecutionId(): string;
+    /**
+     * Log execution start.
+     */
+    logExecutionStart(executionId: string, script: string): void;
+    /**
+     * Log execution success.
+     */
+    logExecutionSuccess(executionId: string, script: string, durationMs: number, toolCallCount: number): void;
+    /**
+     * Log execution failure.
+     */
+    logExecutionFailure(executionId: string, script: string, durationMs: number, error: string): void;
+    /**
+     * Log execution timeout.
+     */
+    logExecutionTimeout(executionId: string, script: string, durationMs: number): void;
+    /**
+     * Log tool call start.
+     */
+    logToolCallStart(executionId: string, toolName: string, callDepth: number): void;
+    /**
+     * Log tool call success.
+     */
+    logToolCallSuccess(executionId: string, toolName: string, callDepth: number, durationMs: number): void;
+    /**
+     * Log tool call failure.
+     */
+    logToolCallFailure(executionId: string, toolName: string, callDepth: number, durationMs: number, errorCode: string): void;
+    /**
+     * Log security event: self-reference blocked.
+     */
+    logSecuritySelfReference(executionId: string, toolName: string): void;
+    /**
+     * Log security event: access denied.
+     */
+    logSecurityAccessDenied(executionId: string, toolName: string, reason: string): void;
+    /**
+     * Log security event: AST validation blocked.
+     */
+    logSecurityAstBlocked(executionId: string, pattern: string, reason: string): void;
+    /**
+     * Log search operation.
+     */
+    logSearch(executionId: string, query: string, resultCount: number, durationMs: number): void;
+    /**
+     * Log describe operation.
+     */
+    logDescribe(executionId: string, toolNames: string[], durationMs: number): void;
+    /**
+     * Log invoke operation.
+     */
+    logInvoke(executionId: string, toolName: string, success: boolean, durationMs: number): void;
+    /**
+     * Emit an audit event to all listeners.
+     */
+    private emit;
+    /**
+     * Create a simple hash of the script for identification.
+     * Uses a fast, non-cryptographic hash for performance.
+     */
+    private hashScript;
+    /**
+     * Sanitize error messages to remove sensitive information.
+     */
+    private sanitizeError;
+}
+export default AuditLoggerService;
+//# sourceMappingURL=audit-logger.service.d.ts.map

package/services/audit-logger.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-logger.service.d.ts","sourceRoot":"","sources":["../../src/services/audit-logger.service.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,eAAO,MAAM,iBAAiB;IAC5B,+BAA+B;;IAE/B,8CAA8C;;IAE9C,8BAA8B;;IAE9B,iCAAiC;;IAGjC,sCAAsC;;IAEtC,uCAAuC;;IAEvC,uBAAuB;;IAGvB,oCAAoC;;IAEpC,yBAAyB;;IAEzB,mDAAmD;;IAGnD,uBAAuB;;IAEvB,qBAAqB;;IAErB,8BAA8B;;CAEtB,CAAC;AAEX,MAAM,MAAM,cAAc,GAAG,CAAC,OAAO,iBAAiB,CAAC,CAAC,MAAM,OAAO,iBAAiB,CAAC,CAAC;AAExF;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,iBAAiB;IACjB,IAAI,EAAE,cAAc,CAAC;IACrB,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,0CAA0C;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAoB,SAAQ,UAAU;IACrD,IAAI,EACA,OAAO,iBAAiB,CAAC,eAAe,GACxC,OAAO,iBAAiB,CAAC,iBAAiB,GAC1C,OAAO,iBAAiB,CAAC,iBAAiB,GAC1C,OAAO,iBAAiB,CAAC,iBAAiB,CAAC;IAC/C,IAAI,EAAE;QACJ,oDAAoD;QACpD,UAAU,EAAE,MAAM,CAAC;QACnB,kCAAkC;QAClC,YAAY,EAAE,MAAM,CAAC;QACrB,gCAAgC;QAChC,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,0CAA0C;QAC1C,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,kBAAmB,SAAQ,UAAU;IACpD,IAAI,EACA,OAAO,iBAAiB,CAAC,eAAe,GACxC,OAAO,iBAAiB,CAAC,iBAAiB,GAC1C,OAAO,iBAAiB,CAAC,iBAAiB,CAAC;IAC/C,IAAI,EAAE;QACJ,gBAAgB;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,gCAAgC;QAChC,SAAS,EAAE,MAAM,CAAC;QAClB,2BAA2B;QAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,kBAAmB,SAAQ,UAAU;IACpD,IAAI,EACA,OAAO,iBAAiB,CAAC,uBAAuB,GAChD,OAAO,iBAAiB,CAAC,sBAAsB,GAC/C,OAAO,iBAAiB,CAAC,oBAAoB,CAAC;IAClD,IAAI,EAAE;QACJ,uBAAuB;QACvB,OAAO,EAAE,MAAM,CAAC;QAChB,0BAA0B;QAC1B,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,KAAK,EAAE,UAAU,KAAK,IAAI,CAAC;AAE7D;;;;;;;;;;;GAWG;AACH,qBAIa,kBAAkB;IAC7B,OAAO,CAAC,SAAS,CAAsC;IACvD,OAAO,CAAC,gBAAgB,CAAK;IAE7B;;;;;OAKG;IACH,SAAS,CAAC,QAAQ,EAAE,kBAAkB,GAAG,MAAM,IAAI;IAOnD;;OAEG;IACH,mBAAmB,IAAI,MAAM;IAO7B;;OAEG;IACH,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAY5D;;OAEG;IACH,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,IAAI;IAczG;;OAEG;IACH,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAcjG;;OAEG;IACH,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI;IAalF;;OAEG;IACH,gBAAgB,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAYhF;;OAEG;IACH,kBAAkB,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI;IAatG;;OAEG;IACH,kBAAkB,CAChB,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,MAAM,GAChB,IAAI;IAcP;;OAEG;IACH,wBAAwB,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI;IAYrE;;OAEG;IACH,uBAAuB,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAYpF;;OAEG;IACH,qBAAqB,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAYjF;;OAEG;IACH,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI;IAa5F;;OAEG;IACH,WAAW,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI;IAa/E;;OAEG;IACH,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI;IAa5F;;OAEG;IACH,OAAO,CAAC,IAAI;IAaZ;;;OAGG;IACH,OAAO,CAAC,UAAU;IAUlB;;OAEG;IACH,OAAO,CAAC,aAAa;CAmBtB;AAED,eAAe,kBAAkB,CAAC"}

package/services/enclave.service.d.ts

@@ -0,0 +1,63 @@
+import type CodeCallConfig from '../providers/code-call.config';
+import type { CodeCallVmEnvironment } from '../codecall.symbol';
+/**
+ * Result from enclave execution - maps to existing VmExecutionResult interface
+ */
+export interface EnclaveExecutionResult {
+    success: boolean;
+    result?: unknown;
+    error?: {
+        message: string;
+        name: string;
+        stack?: string;
+        code?: string;
+        toolName?: string;
+        toolInput?: unknown;
+        details?: unknown;
+        [key: string]: unknown;
+    };
+    logs: string[];
+    timedOut: boolean;
+    stats?: {
+        duration: number;
+        toolCallCount: number;
+        iterationCount: number;
+    };
+}
+/**
+ * Service for executing AgentScript code using enclave-vm
+ *
+ * This service wraps the Enclave class and provides:
+ * - Safe AgentScript execution with AST validation
+ * - Automatic code transformation (callTool -> __safe_callTool)
+ * - Runtime limits (timeout, iterations, tool calls)
+ * - Tool call integration with FrontMCP pipeline
+ */
+/**
+ * Error thrown when script exceeds maximum length and sidecar is disabled
+ */
+export declare class ScriptTooLargeError extends Error {
+    readonly code = "SCRIPT_TOO_LARGE";
+    readonly scriptLength: number;
+    readonly maxLength: number;
+    constructor(scriptLength: number, maxLength: number);
+}
+export default class EnclaveService {
+    private readonly vmOptions;
+    private readonly sidecarOptions;
+    constructor(config: CodeCallConfig);
+    /**
+     * Execute AgentScript code in the enclave
+     *
+     * @param code - The AgentScript code to execute (raw, not transformed)
+     * @param environment - The VM environment with callTool, getTool, etc.
+     * @returns Execution result with success/error and logs
+     * @throws ScriptTooLargeError if script exceeds max length and sidecar is disabled
+     */
+    execute(code: string, environment: CodeCallVmEnvironment): Promise<EnclaveExecutionResult>;
+    /**
+     * Map Enclave ExecutionResult to EnclaveExecutionResult
+     */
+    private mapEnclaveResult;
+}
+//# sourceMappingURL=enclave.service.d.ts.map

package/services/enclave.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enclave.service.d.ts","sourceRoot":"","sources":["../../src/services/enclave.service.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,cAAc,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,qBAAqB,EAA6B,MAAM,oBAAoB,CAAC;AAG3F;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE;QACN,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,QAAQ,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE;QACN,QAAQ,EAAE,MAAM,CAAC;QACjB,aAAa,EAAE,MAAM,CAAC;QACtB,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;CACH;AAED;;;;;;;;GAQG;AACH;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C,QAAQ,CAAC,IAAI,sBAAsB;IACnC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;gBAEf,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM;CASpD;AAOD,MAAM,CAAC,OAAO,OAAO,cAAc;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA4B;IACtD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAyB;gBAE5C,MAAM,EAAE,cAAc;IAOlC;;;;;;;OAOG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,qBAAqB,GAAG,OAAO,CAAC,sBAAsB,CAAC;IA8EhG;;OAEG;IACH,OAAO,CAAC,gBAAgB;CAuEzB"}

package/services/error-enrichment.service.d.ts

@@ -0,0 +1,95 @@
+/**
+ * Error categories for classification.
+ */
+export declare const ERROR_CATEGORIES: {
+    /** Script syntax or parsing error */
+    readonly SYNTAX: "syntax";
+    /** AST validation blocked dangerous code */
+    readonly SECURITY: "security";
+    /** Script exceeded timeout */
+    readonly TIMEOUT: "timeout";
+    /** Tool not found */
+    readonly TOOL_NOT_FOUND: "tool_not_found";
+    /** Tool access denied */
+    readonly TOOL_ACCESS_DENIED: "tool_access_denied";
+    /** Tool validation error */
+    readonly TOOL_VALIDATION: "tool_validation";
+    /** Tool execution error */
+    readonly TOOL_EXECUTION: "tool_execution";
+    /** Runtime error in script */
+    readonly RUNTIME: "runtime";
+    /** Unknown error */
+    readonly UNKNOWN: "unknown";
+};
+export type ErrorCategory = (typeof ERROR_CATEGORIES)[keyof typeof ERROR_CATEGORIES];
+/**
+ * Enriched error with actionable suggestions.
+ */
+export interface EnrichedError {
+    /** Error category */
+    category: ErrorCategory;
+    /** User-friendly error message */
+    message: string;
+    /** Actionable suggestions for fixing the error */
+    suggestions: string[];
+    /** Related documentation links */
+    docs?: string[];
+    /** Example of correct usage (if applicable) */
+    example?: string;
+    /** Original error code (if available) */
+    code?: string;
+    /** Whether the error is recoverable */
+    recoverable: boolean;
+}
+/**
+ * Error Enrichment Service
+ *
+ * Transforms raw errors into user-friendly, actionable error messages.
+ * Provides suggestions for fixing common errors and links to documentation.
+ *
+ * Security: Never exposes internal details, only provides helpful guidance.
+ */
+export declare class ErrorEnrichmentService {
+    /**
+     * Enrich an error with category, suggestions, and examples.
+     *
+     * @param error - The error to enrich (Error object, string, or unknown)
+     * @param context - Optional context for more specific suggestions
+     * @returns Enriched error with actionable information
+     */
+    enrich(error: unknown, context?: {
+        toolName?: string;
+        scriptSnippet?: string;
+    }): EnrichedError;
+    /**
+     * Enrich a tool-specific error.
+     */
+    enrichToolError(toolName: string, errorCode: string, rawMessage?: string): EnrichedError;
+    /**
+     * Create a brief error summary for logging.
+     */
+    summarize(error: unknown): string;
+    /**
+     * Extract error message from various error types.
+     */
+    private extractMessage;
+    /**
+     * Extract error code if available.
+     */
+    private extractCode;
+    /**
+     * Format error message for user consumption.
+     * Removes technical details while keeping useful information.
+     */
+    private formatMessage;
+    /**
+     * Get a human-readable prefix for error category.
+     */
+    private getCategoryPrefix;
+    /**
+     * Contextualize suggestions based on context.
+     */
+    private contextualizeSuggestions;
+}
+export default ErrorEnrichmentService;
+//# sourceMappingURL=error-enrichment.service.d.ts.map

package/services/error-enrichment.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-enrichment.service.d.ts","sourceRoot":"","sources":["../../src/services/error-enrichment.service.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,eAAO,MAAM,gBAAgB;IAC3B,qCAAqC;;IAErC,4CAA4C;;IAE5C,8BAA8B;;IAE9B,qBAAqB;;IAErB,yBAAyB;;IAEzB,4BAA4B;;IAE5B,2BAA2B;;IAE3B,8BAA8B;;IAE9B,oBAAoB;;CAEZ,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,gBAAgB,CAAC,CAAC,MAAM,OAAO,gBAAgB,CAAC,CAAC;AAErF;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,qBAAqB;IACrB,QAAQ,EAAE,aAAa,CAAC;IACxB,kCAAkC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,kDAAkD;IAClD,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,kCAAkC;IAClC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yCAAyC;IACzC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,uCAAuC;IACvC,WAAW,EAAE,OAAO,CAAC;CACtB;AAkKD;;;;;;;GAOG;AACH,qBAIa,sBAAsB;IACjC;;;;;;OAMG;IACH,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,aAAa,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,aAAa;IAiC9F;;OAEG;IACH,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,aAAa;IA+ExF;;OAEG;IACH,SAAS,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM;IAKjC;;OAEG;IACH,OAAO,CAAC,cAAc;IAatB;;OAEG;IACH,OAAO,CAAC,WAAW;IAOnB;;;OAGG;IACH,OAAO,CAAC,aAAa;IA6BrB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAuBzB;;OAEG;IACH,OAAO,CAAC,wBAAwB;CAOjC;AAED,eAAe,sBAAsB,CAAC"}

package/services/index.d.ts

@@ -0,0 +1,7 @@
+export * from './audit-logger.service';
+export * from './output-sanitizer';
+export * from './error-enrichment.service';
+export * from './tool-search.service';
+export * from './synonym-expansion.service';
+export { default as EnclaveService } from './enclave.service';
+//# sourceMappingURL=index.d.ts.map

package/services/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAEA,cAAc,wBAAwB,CAAC;AACvC,cAAc,oBAAoB,CAAC;AACnC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,uBAAuB,CAAC;AACtC,cAAc,6BAA6B,CAAC;AAC5C,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,mBAAmB,CAAC"}

package/services/output-sanitizer.d.ts

@@ -0,0 +1,87 @@
+/**
+ * Output Sanitizer for CodeCall
+ *
+ * Sanitizes script outputs to prevent information leakage through:
+ * - Error messages with stack traces or file paths
+ * - Large outputs that could contain sensitive data
+ * - Recursive structures that could cause DoS
+ *
+ * Security considerations:
+ * - All sanitization is defensive (fail-safe)
+ * - Outputs are truncated, not rejected
+ * - Circular references are handled
+ * - Prototype pollution is prevented
+ */
+/**
+ * Configuration for output sanitization.
+ */
+export interface OutputSanitizerConfig {
+    /**
+     * Maximum depth for nested objects/arrays.
+     * @default 10
+     */
+    maxDepth: number;
+    /**
+     * Maximum length for string values.
+     * @default 10000
+     */
+    maxStringLength: number;
+    /**
+     * Maximum number of keys in an object.
+     * @default 100
+     */
+    maxObjectKeys: number;
+    /**
+     * Maximum number of items in an array.
+     * @default 1000
+     */
+    maxArrayLength: number;
+    /**
+     * Maximum total size of serialized output in bytes.
+     * @default 1MB
+     */
+    maxTotalSize: number;
+    /**
+     * Remove error stack traces.
+     * @default true
+     */
+    removeStackTraces: boolean;
+    /**
+     * Remove file paths from strings.
+     * @default true
+     */
+    removeFilePaths: boolean;
+}
+/**
+ * Default sanitization configuration.
+ */
+export declare const DEFAULT_SANITIZER_CONFIG: OutputSanitizerConfig;
+/**
+ * Result of sanitization.
+ */
+export interface SanitizationResult<T> {
+    /** Sanitized value */
+    value: T;
+    /** Whether any sanitization was applied */
+    wasModified: boolean;
+    /** Warnings about what was sanitized */
+    warnings: string[];
+}
+/**
+ * Sanitize output from CodeCall script execution.
+ *
+ * @param output - Raw output from script
+ * @param config - Sanitization configuration
+ * @returns Sanitized output with metadata
+ */
+export declare function sanitizeOutput<T = unknown>(output: unknown, config?: Partial<OutputSanitizerConfig>): SanitizationResult<T>;
+/**
+ * Quick check if a value needs sanitization.
+ * Used for optimization - skip sanitization for simple values.
+ */
+export declare function needsSanitization(value: unknown): boolean;
+/**
+ * Sanitize a log message (less aggressive than output sanitization).
+ */
+export declare function sanitizeLogMessage(message: string, maxLength?: number): string;
+//# sourceMappingURL=output-sanitizer.d.ts.map

package/services/output-sanitizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"output-sanitizer.d.ts","sourceRoot":"","sources":["../../src/services/output-sanitizer.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;GAaG;AAEH;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,eAAe,EAAE,MAAM,CAAC;IAExB;;;OAGG;IACH,aAAa,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,cAAc,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,iBAAiB,EAAE,OAAO,CAAC;IAE3B;;;OAGG;IACH,eAAe,EAAE,OAAO,CAAC;CAC1B;AAED;;GAEG;AACH,eAAO,MAAM,wBAAwB,EAAE,qBAQrC,CAAC;AAEH;;GAEG;AACH,MAAM,WAAW,kBAAkB,CAAC,CAAC;IACnC,sBAAsB;IACtB,KAAK,EAAE,CAAC,CAAC;IACT,2CAA2C;IAC3C,WAAW,EAAE,OAAO,CAAC;IACrB,wCAAwC;IACxC,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,CAAC,GAAG,OAAO,EACxC,MAAM,EAAE,OAAO,EACf,MAAM,GAAE,OAAO,CAAC,qBAAqB,CAAM,GAC1C,kBAAkB,CAAC,CAAC,CAAC,CAiCvB;AAyND;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAgBzD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,SAAM,GAAG,MAAM,CAoB3E"}