@frontmcp/plugins 0.4.1 → 0.5.1

package/src/codecall/services/output-sanitizer.js

@@ -0,0 +1,260 @@
+"use strict";
+// file: libs/plugins/src/codecall/services/output-sanitizer.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_SANITIZER_CONFIG = void 0;
+exports.sanitizeOutput = sanitizeOutput;
+exports.needsSanitization = needsSanitization;
+exports.sanitizeLogMessage = sanitizeLogMessage;
+/**
+ * Default sanitization configuration.
+ */
+exports.DEFAULT_SANITIZER_CONFIG = Object.freeze({
+    maxDepth: 10,
+    maxStringLength: 10000,
+    maxObjectKeys: 100,
+    maxArrayLength: 1000,
+    maxTotalSize: 1024 * 1024, // 1MB
+    removeStackTraces: true,
+    removeFilePaths: true,
+});
+/**
+ * Sanitize output from CodeCall script execution.
+ *
+ * @param output - Raw output from script
+ * @param config - Sanitization configuration
+ * @returns Sanitized output with metadata
+ */
+function sanitizeOutput(output, config = {}) {
+    const cfg = { ...exports.DEFAULT_SANITIZER_CONFIG, ...config };
+    const warnings = [];
+    const seen = new WeakSet();
+    const result = sanitizeValue(output, cfg, warnings, seen, 0);
+    // Check total size
+    try {
+        const serialized = JSON.stringify(result);
+        if (serialized && serialized.length > cfg.maxTotalSize) {
+            warnings.push(`Output truncated: exceeded max size of ${cfg.maxTotalSize} bytes`);
+            return {
+                value: { _truncated: true, _reason: 'Output exceeded maximum size' },
+                wasModified: true,
+                warnings,
+            };
+        }
+    }
+    catch {
+        // If we can't serialize, return a safe placeholder
+        warnings.push('Output could not be serialized');
+        return {
+            value: { _error: 'Output could not be serialized' },
+            wasModified: true,
+            warnings,
+        };
+    }
+    return {
+        value: result,
+        wasModified: warnings.length > 0,
+        warnings,
+    };
+}
+/**
+ * Recursively sanitize a value.
+ */
+function sanitizeValue(value, config, warnings, seen, depth) {
+    // Check depth
+    if (depth > config.maxDepth) {
+        warnings.push(`Max depth of ${config.maxDepth} exceeded`);
+        return '[max depth exceeded]';
+    }
+    // Handle null/undefined
+    if (value === null || value === undefined) {
+        return value;
+    }
+    // Handle primitives
+    if (typeof value === 'string') {
+        return sanitizeString(value, config, warnings);
+    }
+    if (typeof value === 'number' || typeof value === 'boolean') {
+        return value;
+    }
+    if (typeof value === 'bigint') {
+        return value.toString();
+    }
+    if (typeof value === 'symbol') {
+        return value.toString();
+    }
+    if (typeof value === 'function') {
+        warnings.push('Function removed from output');
+        return '[function]';
+    }
+    // Handle objects
+    if (typeof value === 'object') {
+        // Check for circular references
+        if (seen.has(value)) {
+            warnings.push('Circular reference detected');
+            return '[circular]';
+        }
+        seen.add(value);
+        // Handle arrays
+        if (Array.isArray(value)) {
+            return sanitizeArray(value, config, warnings, seen, depth);
+        }
+        // Handle Error objects
+        if (value instanceof Error) {
+            return sanitizeError(value, config, warnings);
+        }
+        // Handle Date objects
+        if (value instanceof Date) {
+            return value.toISOString();
+        }
+        // Handle RegExp objects
+        if (value instanceof RegExp) {
+            return value.toString();
+        }
+        // Handle Map
+        if (value instanceof Map) {
+            const obj = {};
+            let count = 0;
+            for (const [k, v] of value) {
+                if (count >= config.maxObjectKeys) {
+                    warnings.push(`Map truncated: exceeded ${config.maxObjectKeys} keys`);
+                    break;
+                }
+                obj[String(k)] = sanitizeValue(v, config, warnings, seen, depth + 1);
+                count++;
+            }
+            return obj;
+        }
+        // Handle Set
+        if (value instanceof Set) {
+            const arr = [];
+            let count = 0;
+            for (const item of value) {
+                if (count >= config.maxArrayLength) {
+                    warnings.push(`Set truncated: exceeded ${config.maxArrayLength} items`);
+                    break;
+                }
+                arr.push(sanitizeValue(item, config, warnings, seen, depth + 1));
+                count++;
+            }
+            return arr;
+        }
+        // Handle plain objects
+        return sanitizeObject(value, config, warnings, seen, depth);
+    }
+    // Unknown type - return safe string representation
+    return String(value);
+}
+/**
+ * Sanitize a string value.
+ */
+function sanitizeString(value, config, warnings) {
+    let result = value;
+    // Remove file paths if configured
+    if (config.removeFilePaths) {
+        const pathRegex = /(?:\/[\w.-]+)+|(?:[A-Za-z]:\\[\w\\.-]+)+/g;
+        if (pathRegex.test(result)) {
+            result = result.replace(pathRegex, '[path]');
+            warnings.push('File paths removed from string');
+        }
+    }
+    // Truncate if too long
+    if (result.length > config.maxStringLength) {
+        result = result.substring(0, config.maxStringLength) + '...[truncated]';
+        warnings.push(`String truncated: exceeded ${config.maxStringLength} characters`);
+    }
+    return result;
+}
+/**
+ * Sanitize an array.
+ */
+function sanitizeArray(value, config, warnings, seen, depth) {
+    const result = [];
+    const limit = Math.min(value.length, config.maxArrayLength);
+    for (let i = 0; i < limit; i++) {
+        result.push(sanitizeValue(value[i], config, warnings, seen, depth + 1));
+    }
+    if (value.length > config.maxArrayLength) {
+        warnings.push(`Array truncated: ${value.length} items reduced to ${config.maxArrayLength}`);
+    }
+    return result;
+}
+/**
+ * Sanitize a plain object.
+ */
+function sanitizeObject(value, config, warnings, seen, depth) {
+    const result = {};
+    const keys = Object.keys(value);
+    const limit = Math.min(keys.length, config.maxObjectKeys);
+    for (let i = 0; i < limit; i++) {
+        const key = keys[i];
+        // Skip prototype pollution vectors
+        if (key === '__proto__' || key === 'constructor' || key === 'prototype') {
+            warnings.push(`Dangerous key "${key}" removed`);
+            continue;
+        }
+        result[key] = sanitizeValue(value[key], config, warnings, seen, depth + 1);
+    }
+    if (keys.length > config.maxObjectKeys) {
+        warnings.push(`Object truncated: ${keys.length} keys reduced to ${config.maxObjectKeys}`);
+    }
+    return result;
+}
+/**
+ * Sanitize an Error object.
+ */
+function sanitizeError(error, config, warnings) {
+    const result = {
+        name: error.name,
+        message: sanitizeString(error.message, config, warnings),
+    };
+    // Include stack only if configured
+    if (!config.removeStackTraces && error.stack) {
+        result['stack'] = sanitizeString(error.stack, config, warnings);
+    }
+    else if (error.stack) {
+        warnings.push('Stack trace removed');
+    }
+    // Include error code if present
+    if ('code' in error) {
+        result['code'] = error.code;
+    }
+    return result;
+}
+/**
+ * Quick check if a value needs sanitization.
+ * Used for optimization - skip sanitization for simple values.
+ */
+function needsSanitization(value) {
+    if (value === null || value === undefined) {
+        return false;
+    }
+    if (typeof value === 'number' || typeof value === 'boolean') {
+        return false;
+    }
+    if (typeof value === 'string') {
+        // Quick heuristic: check if string might contain paths
+        return value.length > 100 || value.includes('/') || value.includes('\\');
+    }
+    // Objects and arrays always need checking
+    return true;
+}
+/**
+ * Sanitize a log message (less aggressive than output sanitization).
+ */
+function sanitizeLogMessage(message, maxLength = 500) {
+    if (!message)
+        return '';
+    let result = message;
+    // Remove file paths
+    result = result.replace(/(?:\/[\w.-]+)+|(?:[A-Za-z]:\\[\w\\.-]+)+/g, '[path]');
+    // Remove line numbers
+    result = result.replace(/:\d+:\d+/g, '');
+    // Remove stack trace lines
+    result = result.replace(/\n\s*at .*/g, '');
+    // Truncate
+    if (result.length > maxLength) {
+        result = result.substring(0, maxLength) + '...';
+    }
+    return result.trim();
+}
+//# sourceMappingURL=output-sanitizer.js.map

package/src/codecall/services/output-sanitizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"output-sanitizer.js","sourceRoot":"","sources":["../../../../src/codecall/services/output-sanitizer.ts"],"names":[],"mappings":";AAAA,+DAA+D;;;AAgG/D,wCAoCC;AA6ND,8CAgBC;AAKD,gDAoBC;AA1UD;;GAEG;AACU,QAAA,wBAAwB,GAA0B,MAAM,CAAC,MAAM,CAAC;IAC3E,QAAQ,EAAE,EAAE;IACZ,eAAe,EAAE,KAAK;IACtB,aAAa,EAAE,GAAG;IAClB,cAAc,EAAE,IAAI;IACpB,YAAY,EAAE,IAAI,GAAG,IAAI,EAAE,MAAM;IACjC,iBAAiB,EAAE,IAAI;IACvB,eAAe,EAAE,IAAI;CACtB,CAAC,CAAC;AAcH;;;;;;GAMG;AACH,SAAgB,cAAc,CAC5B,MAAe,EACf,SAAyC,EAAE;IAE3C,MAAM,GAAG,GAAG,EAAE,GAAG,gCAAwB,EAAE,GAAG,MAAM,EAAE,CAAC;IACvD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,IAAI,GAAG,IAAI,OAAO,EAAU,CAAC;IAEnC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAE7D,mBAAmB;IACnB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC;YACvD,QAAQ,CAAC,IAAI,CAAC,0CAA0C,GAAG,CAAC,YAAY,QAAQ,CAAC,CAAC;YAClF,OAAO;gBACL,KAAK,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,8BAA8B,EAAO;gBACzE,WAAW,EAAE,IAAI;gBACjB,QAAQ;aACT,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mDAAmD;QACnD,QAAQ,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAChD,OAAO;YACL,KAAK,EAAE,EAAE,MAAM,EAAE,gCAAgC,EAAO;YACxD,WAAW,EAAE,IAAI;YACjB,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAW;QAClB,WAAW,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC;QAChC,QAAQ;KACT,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,KAAc,EACd,MAA6B,EAC7B,QAAkB,EAClB,IAAqB,EACrB,KAAa;IAEb,cAAc;IACd,IAAI,KAAK,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,QAAQ,WAAW,CAAC,CAAC;QAC1D,OAAO,sBAAsB,CAAC;IAChC,CAAC;IAED,wBAAwB;IACxB,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,oBAAoB;IACpB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;QAC5D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC,QAAQ,EAAE,CAAC;IAC1B,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC,QAAQ,EAAE,CAAC;IAC1B,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,UAAU,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC9C,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,iBAAiB;IACjB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,gCAAgC;QAChC,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACpB,QAAQ,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;YAC7C,OAAO,YAAY,CAAC;QACtB,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAEhB,gBAAgB;QAChB,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;QAC7D,CAAC;QAED,uBAAuB;QACvB,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,OAAO,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChD,CAAC;QAED,sBAAsB;QACtB,IAAI,KAAK,YAAY,IAAI,EAAE,CAAC;YAC1B,OAAO,KAAK,CAAC,WAAW,EAAE,CAAC;QAC7B,CAAC;QAED,wBAAwB;QACxB,IAAI,KAAK,YAAY,MAAM,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC1B,CAAC;QAED,aAAa;QACb,IAAI,KAAK,YAAY,GAAG,EAAE,CAAC;YACzB,MAAM,GAAG,GAA4B,EAAE,CAAC;YACxC,IAAI,KAAK,GAAG,CAAC,CAAC;YACd,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;gBAC3B,IAAI,KAAK,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;oBAClC,QAAQ,CAAC,IAAI,CAAC,2BAA2B,MAAM,CAAC,aAAa,OAAO,CAAC,CAAC;oBACtE,MAAM;gBACR,CAAC;gBACD,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;gBACrE,KAAK,EAAE,CAAC;YACV,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAED,aAAa;QACb,IAAI,KAAK,YAAY,GAAG,EAAE,CAAC;YACzB,MAAM,GAAG,GAAc,EAAE,CAAC;YAC1B,IAAI,KAAK,GAAG,CAAC,CAAC;YACd,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,KAAK,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;oBACnC,QAAQ,CAAC,IAAI,CAAC,2BAA2B,MAAM,CAAC,cAAc,QAAQ,CAAC,CAAC;oBACxE,MAAM;gBACR,CAAC;gBACD,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;gBACjE,KAAK,EAAE,CAAC;YACV,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAED,uBAAuB;QACvB,OAAO,cAAc,CAAC,KAAgC,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACzF,CAAC;IAED,mDAAmD;IACnD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAAa,EAAE,MAA6B,EAAE,QAAkB;IACtF,IAAI,MAAM,GAAG,KAAK,CAAC;IAEnB,kCAAkC;IAClC,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,2CAA2C,CAAC;QAC9D,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;QAC3C,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG,gBAAgB,CAAC;QACxE,QAAQ,CAAC,IAAI,CAAC,8BAA8B,MAAM,CAAC,eAAe,aAAa,CAAC,CAAC;IACnF,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,KAAgB,EAChB,MAA6B,EAC7B,QAAkB,EAClB,IAAqB,EACrB,KAAa;IAEb,MAAM,MAAM,GAAc,EAAE,CAAC;IAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IAE5D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;QACzC,QAAQ,CAAC,IAAI,CAAC,oBAAoB,KAAK,CAAC,MAAM,qBAAqB,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;IAC9F,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CACrB,KAA8B,EAC9B,MAA6B,EAC7B,QAAkB,EAClB,IAAqB,EACrB,KAAa;IAEb,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IAE1D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAEpB,mCAAmC;QACnC,IAAI,GAAG,KAAK,WAAW,IAAI,GAAG,KAAK,aAAa,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;YACxE,QAAQ,CAAC,IAAI,CAAC,kBAAkB,GAAG,WAAW,CAAC,CAAC;YAChD,SAAS;QACX,CAAC;QAED,MAAM,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;IAC7E,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,aAAa,EAAE,CAAC;QACvC,QAAQ,CAAC,IAAI,CAAC,qBAAqB,IAAI,CAAC,MAAM,oBAAoB,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC;IAC5F,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,KAAY,EAAE,MAA6B,EAAE,QAAkB;IACpF,MAAM,MAAM,GAA4B;QACtC,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,OAAO,EAAE,cAAc,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC;KACzD,CAAC;IAEF,mCAAmC;IACnC,IAAI,CAAC,MAAM,CAAC,iBAAiB,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC7C,MAAM,CAAC,OAAO,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAClE,CAAC;SAAM,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QACvB,QAAQ,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACvC,CAAC;IAED,gCAAgC;IAChC,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;QACpB,MAAM,CAAC,MAAM,CAAC,GAAI,KAAa,CAAC,IAAI,CAAC;IACvC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB,CAAC,KAAc;IAC9C,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;QAC5D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,uDAAuD;QACvD,OAAO,KAAK,CAAC,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC3E,CAAC;IAED,0CAA0C;IAC1C,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,OAAe,EAAE,SAAS,GAAG,GAAG;IACjE,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IAExB,IAAI,MAAM,GAAG,OAAO,CAAC;IAErB,oBAAoB;IACpB,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,2CAA2C,EAAE,QAAQ,CAAC,CAAC;IAE/E,sBAAsB;IACtB,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IAEzC,2BAA2B;IAC3B,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;IAE3C,WAAW;IACX,IAAI,MAAM,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC9B,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;IAClD,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;AACvB,CAAC","sourcesContent":["// file: libs/plugins/src/codecall/services/output-sanitizer.ts\n\n/**\n * Output Sanitizer for CodeCall\n *\n * Sanitizes script outputs to prevent information leakage through:\n * - Error messages with stack traces or file paths\n * - Large outputs that could contain sensitive data\n * - Recursive structures that could cause DoS\n *\n * Security considerations:\n * - All sanitization is defensive (fail-safe)\n * - Outputs are truncated, not rejected\n * - Circular references are handled\n * - Prototype pollution is prevented\n */\n\n/**\n * Configuration for output sanitization.\n */\nexport interface OutputSanitizerConfig {\n  /**\n   * Maximum depth for nested objects/arrays.\n   * @default 10\n   */\n  maxDepth: number;\n\n  /**\n   * Maximum length for string values.\n   * @default 10000\n   */\n  maxStringLength: number;\n\n  /**\n   * Maximum number of keys in an object.\n   * @default 100\n   */\n  maxObjectKeys: number;\n\n  /**\n   * Maximum number of items in an array.\n   * @default 1000\n   */\n  maxArrayLength: number;\n\n  /**\n   * Maximum total size of serialized output in bytes.\n   * @default 1MB\n   */\n  maxTotalSize: number;\n\n  /**\n   * Remove error stack traces.\n   * @default true\n   */\n  removeStackTraces: boolean;\n\n  /**\n   * Remove file paths from strings.\n   * @default true\n   */\n  removeFilePaths: boolean;\n}\n\n/**\n * Default sanitization configuration.\n */\nexport const DEFAULT_SANITIZER_CONFIG: OutputSanitizerConfig = Object.freeze({\n  maxDepth: 10,\n  maxStringLength: 10000,\n  maxObjectKeys: 100,\n  maxArrayLength: 1000,\n  maxTotalSize: 1024 * 1024, // 1MB\n  removeStackTraces: true,\n  removeFilePaths: true,\n});\n\n/**\n * Result of sanitization.\n */\nexport interface SanitizationResult<T> {\n  /** Sanitized value */\n  value: T;\n  /** Whether any sanitization was applied */\n  wasModified: boolean;\n  /** Warnings about what was sanitized */\n  warnings: string[];\n}\n\n/**\n * Sanitize output from CodeCall script execution.\n *\n * @param output - Raw output from script\n * @param config - Sanitization configuration\n * @returns Sanitized output with metadata\n */\nexport function sanitizeOutput<T = unknown>(\n  output: unknown,\n  config: Partial<OutputSanitizerConfig> = {},\n): SanitizationResult<T> {\n  const cfg = { ...DEFAULT_SANITIZER_CONFIG, ...config };\n  const warnings: string[] = [];\n  const seen = new WeakSet<object>();\n\n  const result = sanitizeValue(output, cfg, warnings, seen, 0);\n\n  // Check total size\n  try {\n    const serialized = JSON.stringify(result);\n    if (serialized && serialized.length > cfg.maxTotalSize) {\n      warnings.push(`Output truncated: exceeded max size of ${cfg.maxTotalSize} bytes`);\n      return {\n        value: { _truncated: true, _reason: 'Output exceeded maximum size' } as T,\n        wasModified: true,\n        warnings,\n      };\n    }\n  } catch {\n    // If we can't serialize, return a safe placeholder\n    warnings.push('Output could not be serialized');\n    return {\n      value: { _error: 'Output could not be serialized' } as T,\n      wasModified: true,\n      warnings,\n    };\n  }\n\n  return {\n    value: result as T,\n    wasModified: warnings.length > 0,\n    warnings,\n  };\n}\n\n/**\n * Recursively sanitize a value.\n */\nfunction sanitizeValue(\n  value: unknown,\n  config: OutputSanitizerConfig,\n  warnings: string[],\n  seen: WeakSet<object>,\n  depth: number,\n): unknown {\n  // Check depth\n  if (depth > config.maxDepth) {\n    warnings.push(`Max depth of ${config.maxDepth} exceeded`);\n    return '[max depth exceeded]';\n  }\n\n  // Handle null/undefined\n  if (value === null || value === undefined) {\n    return value;\n  }\n\n  // Handle primitives\n  if (typeof value === 'string') {\n    return sanitizeString(value, config, warnings);\n  }\n\n  if (typeof value === 'number' || typeof value === 'boolean') {\n    return value;\n  }\n\n  if (typeof value === 'bigint') {\n    return value.toString();\n  }\n\n  if (typeof value === 'symbol') {\n    return value.toString();\n  }\n\n  if (typeof value === 'function') {\n    warnings.push('Function removed from output');\n    return '[function]';\n  }\n\n  // Handle objects\n  if (typeof value === 'object') {\n    // Check for circular references\n    if (seen.has(value)) {\n      warnings.push('Circular reference detected');\n      return '[circular]';\n    }\n    seen.add(value);\n\n    // Handle arrays\n    if (Array.isArray(value)) {\n      return sanitizeArray(value, config, warnings, seen, depth);\n    }\n\n    // Handle Error objects\n    if (value instanceof Error) {\n      return sanitizeError(value, config, warnings);\n    }\n\n    // Handle Date objects\n    if (value instanceof Date) {\n      return value.toISOString();\n    }\n\n    // Handle RegExp objects\n    if (value instanceof RegExp) {\n      return value.toString();\n    }\n\n    // Handle Map\n    if (value instanceof Map) {\n      const obj: Record<string, unknown> = {};\n      let count = 0;\n      for (const [k, v] of value) {\n        if (count >= config.maxObjectKeys) {\n          warnings.push(`Map truncated: exceeded ${config.maxObjectKeys} keys`);\n          break;\n        }\n        obj[String(k)] = sanitizeValue(v, config, warnings, seen, depth + 1);\n        count++;\n      }\n      return obj;\n    }\n\n    // Handle Set\n    if (value instanceof Set) {\n      const arr: unknown[] = [];\n      let count = 0;\n      for (const item of value) {\n        if (count >= config.maxArrayLength) {\n          warnings.push(`Set truncated: exceeded ${config.maxArrayLength} items`);\n          break;\n        }\n        arr.push(sanitizeValue(item, config, warnings, seen, depth + 1));\n        count++;\n      }\n      return arr;\n    }\n\n    // Handle plain objects\n    return sanitizeObject(value as Record<string, unknown>, config, warnings, seen, depth);\n  }\n\n  // Unknown type - return safe string representation\n  return String(value);\n}\n\n/**\n * Sanitize a string value.\n */\nfunction sanitizeString(value: string, config: OutputSanitizerConfig, warnings: string[]): string {\n  let result = value;\n\n  // Remove file paths if configured\n  if (config.removeFilePaths) {\n    const pathRegex = /(?:\\/[\\w.-]+)+|(?:[A-Za-z]:\\\\[\\w\\\\.-]+)+/g;\n    if (pathRegex.test(result)) {\n      result = result.replace(pathRegex, '[path]');\n      warnings.push('File paths removed from string');\n    }\n  }\n\n  // Truncate if too long\n  if (result.length > config.maxStringLength) {\n    result = result.substring(0, config.maxStringLength) + '...[truncated]';\n    warnings.push(`String truncated: exceeded ${config.maxStringLength} characters`);\n  }\n\n  return result;\n}\n\n/**\n * Sanitize an array.\n */\nfunction sanitizeArray(\n  value: unknown[],\n  config: OutputSanitizerConfig,\n  warnings: string[],\n  seen: WeakSet<object>,\n  depth: number,\n): unknown[] {\n  const result: unknown[] = [];\n  const limit = Math.min(value.length, config.maxArrayLength);\n\n  for (let i = 0; i < limit; i++) {\n    result.push(sanitizeValue(value[i], config, warnings, seen, depth + 1));\n  }\n\n  if (value.length > config.maxArrayLength) {\n    warnings.push(`Array truncated: ${value.length} items reduced to ${config.maxArrayLength}`);\n  }\n\n  return result;\n}\n\n/**\n * Sanitize a plain object.\n */\nfunction sanitizeObject(\n  value: Record<string, unknown>,\n  config: OutputSanitizerConfig,\n  warnings: string[],\n  seen: WeakSet<object>,\n  depth: number,\n): Record<string, unknown> {\n  const result: Record<string, unknown> = {};\n  const keys = Object.keys(value);\n  const limit = Math.min(keys.length, config.maxObjectKeys);\n\n  for (let i = 0; i < limit; i++) {\n    const key = keys[i];\n\n    // Skip prototype pollution vectors\n    if (key === '__proto__' || key === 'constructor' || key === 'prototype') {\n      warnings.push(`Dangerous key \"${key}\" removed`);\n      continue;\n    }\n\n    result[key] = sanitizeValue(value[key], config, warnings, seen, depth + 1);\n  }\n\n  if (keys.length > config.maxObjectKeys) {\n    warnings.push(`Object truncated: ${keys.length} keys reduced to ${config.maxObjectKeys}`);\n  }\n\n  return result;\n}\n\n/**\n * Sanitize an Error object.\n */\nfunction sanitizeError(error: Error, config: OutputSanitizerConfig, warnings: string[]): Record<string, unknown> {\n  const result: Record<string, unknown> = {\n    name: error.name,\n    message: sanitizeString(error.message, config, warnings),\n  };\n\n  // Include stack only if configured\n  if (!config.removeStackTraces && error.stack) {\n    result['stack'] = sanitizeString(error.stack, config, warnings);\n  } else if (error.stack) {\n    warnings.push('Stack trace removed');\n  }\n\n  // Include error code if present\n  if ('code' in error) {\n    result['code'] = (error as any).code;\n  }\n\n  return result;\n}\n\n/**\n * Quick check if a value needs sanitization.\n * Used for optimization - skip sanitization for simple values.\n */\nexport function needsSanitization(value: unknown): boolean {\n  if (value === null || value === undefined) {\n    return false;\n  }\n\n  if (typeof value === 'number' || typeof value === 'boolean') {\n    return false;\n  }\n\n  if (typeof value === 'string') {\n    // Quick heuristic: check if string might contain paths\n    return value.length > 100 || value.includes('/') || value.includes('\\\\');\n  }\n\n  // Objects and arrays always need checking\n  return true;\n}\n\n/**\n * Sanitize a log message (less aggressive than output sanitization).\n */\nexport function sanitizeLogMessage(message: string, maxLength = 500): string {\n  if (!message) return '';\n\n  let result = message;\n\n  // Remove file paths\n  result = result.replace(/(?:\\/[\\w.-]+)+|(?:[A-Za-z]:\\\\[\\w\\\\.-]+)+/g, '[path]');\n\n  // Remove line numbers\n  result = result.replace(/:\\d+:\\d+/g, '');\n\n  // Remove stack trace lines\n  result = result.replace(/\\n\\s*at .*/g, '');\n\n  // Truncate\n  if (result.length > maxLength) {\n    result = result.substring(0, maxLength) + '...';\n  }\n\n  return result.trim();\n}\n"]}

package/src/codecall/services/synonym-expansion.service.d.ts

@@ -0,0 +1,66 @@
+/**
+ * Configuration for the SynonymExpansionService
+ */
+export interface SynonymExpansionConfig {
+    /**
+     * Additional synonym groups to include beyond defaults.
+     * Each group is an array of related terms.
+     */
+    additionalSynonyms?: ReadonlyArray<ReadonlyArray<string>>;
+    /**
+     * If true, completely replace default synonyms with additionalSynonyms.
+     * @default false
+     */
+    replaceDefaults?: boolean;
+    /**
+     * Maximum number of expanded terms per input term.
+     * Prevents query explosion.
+     * @default 5
+     */
+    maxExpansionsPerTerm?: number;
+}
+/**
+ * Lightweight synonym expansion service for improving TF-IDF search relevance.
+ * Zero dependencies, synchronous, and easily extensible.
+ *
+ * This service provides query-time synonym expansion to help TF-IDF-based
+ * search understand that semantically similar terms (like "add" and "create")
+ * should match the same tools.
+ */
+export declare class SynonymExpansionService {
+    private synonymMap;
+    private maxExpansions;
+    constructor(config?: SynonymExpansionConfig);
+    /**
+     * Build a bidirectional synonym map from groups.
+     * Each term maps to all other terms in its group(s).
+     */
+    private buildSynonymMap;
+    /**
+     * Get synonyms for a single term.
+     * Returns empty array if no synonyms found.
+     *
+     * @example
+     * getSynonyms('add') // ['create', 'new', 'insert', 'make']
+     */
+    getSynonyms(term: string): string[];
+    /**
+     * Expand a query string by adding synonyms for each term.
+     * Returns the expanded query string with original terms and their synonyms.
+     *
+     * @example
+     * expandQuery('add user') // 'add create new insert make user account member profile'
+     */
+    expandQuery(query: string): string;
+    /**
+     * Check if synonym expansion is available for any term in the query.
+     */
+    hasExpansions(query: string): boolean;
+    /**
+     * Get statistics about the synonym dictionary.
+     */
+    getStats(): {
+        termCount: number;
+        avgSynonymsPerTerm: number;
+    };
+}