@frontmcp/plugins 0.6.1 → 0.6.3

package/src/codecall/services/output-sanitizer.js

@@ -1,260 +0,0 @@
-"use strict";
-// file: libs/plugins/src/codecall/services/output-sanitizer.ts
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DEFAULT_SANITIZER_CONFIG = void 0;
-exports.sanitizeOutput = sanitizeOutput;
-exports.needsSanitization = needsSanitization;
-exports.sanitizeLogMessage = sanitizeLogMessage;
-/**
- * Default sanitization configuration.
- */
-exports.DEFAULT_SANITIZER_CONFIG = Object.freeze({
-    maxDepth: 10,
-    maxStringLength: 10000,
-    maxObjectKeys: 100,
-    maxArrayLength: 1000,
-    maxTotalSize: 1024 * 1024, // 1MB
-    removeStackTraces: true,
-    removeFilePaths: true,
-});
-/**
- * Sanitize output from CodeCall script execution.
- *
- * @param output - Raw output from script
- * @param config - Sanitization configuration
- * @returns Sanitized output with metadata
- */
-function sanitizeOutput(output, config = {}) {
-    const cfg = { ...exports.DEFAULT_SANITIZER_CONFIG, ...config };
-    const warnings = [];
-    const seen = new WeakSet();
-    const result = sanitizeValue(output, cfg, warnings, seen, 0);
-    // Check total size
-    try {
-        const serialized = JSON.stringify(result);
-        if (serialized && serialized.length > cfg.maxTotalSize) {
-            warnings.push(`Output truncated: exceeded max size of ${cfg.maxTotalSize} bytes`);
-            return {
-                value: { _truncated: true, _reason: 'Output exceeded maximum size' },
-                wasModified: true,
-                warnings,
-            };
-        }
-    }
-    catch {
-        // If we can't serialize, return a safe placeholder
-        warnings.push('Output could not be serialized');
-        return {
-            value: { _error: 'Output could not be serialized' },
-            wasModified: true,
-            warnings,
-        };
-    }
-    return {
-        value: result,
-        wasModified: warnings.length > 0,
-        warnings,
-    };
-}
-/**
- * Recursively sanitize a value.
- */
-function sanitizeValue(value, config, warnings, seen, depth) {
-    // Check depth
-    if (depth > config.maxDepth) {
-        warnings.push(`Max depth of ${config.maxDepth} exceeded`);
-        return '[max depth exceeded]';
-    }
-    // Handle null/undefined
-    if (value === null || value === undefined) {
-        return value;
-    }
-    // Handle primitives
-    if (typeof value === 'string') {
-        return sanitizeString(value, config, warnings);
-    }
-    if (typeof value === 'number' || typeof value === 'boolean') {
-        return value;
-    }
-    if (typeof value === 'bigint') {
-        return value.toString();
-    }
-    if (typeof value === 'symbol') {
-        return value.toString();
-    }
-    if (typeof value === 'function') {
-        warnings.push('Function removed from output');
-        return '[function]';
-    }
-    // Handle objects
-    if (typeof value === 'object') {
-        // Check for circular references
-        if (seen.has(value)) {
-            warnings.push('Circular reference detected');
-            return '[circular]';
-        }
-        seen.add(value);
-        // Handle arrays
-        if (Array.isArray(value)) {
-            return sanitizeArray(value, config, warnings, seen, depth);
-        }
-        // Handle Error objects
-        if (value instanceof Error) {
-            return sanitizeError(value, config, warnings);
-        }
-        // Handle Date objects
-        if (value instanceof Date) {
-            return value.toISOString();
-        }
-        // Handle RegExp objects
-        if (value instanceof RegExp) {
-            return value.toString();
-        }
-        // Handle Map
-        if (value instanceof Map) {
-            const obj = {};
-            let count = 0;
-            for (const [k, v] of value) {
-                if (count >= config.maxObjectKeys) {
-                    warnings.push(`Map truncated: exceeded ${config.maxObjectKeys} keys`);
-                    break;
-                }
-                obj[String(k)] = sanitizeValue(v, config, warnings, seen, depth + 1);
-                count++;
-            }
-            return obj;
-        }
-        // Handle Set
-        if (value instanceof Set) {
-            const arr = [];
-            let count = 0;
-            for (const item of value) {
-                if (count >= config.maxArrayLength) {
-                    warnings.push(`Set truncated: exceeded ${config.maxArrayLength} items`);
-                    break;
-                }
-                arr.push(sanitizeValue(item, config, warnings, seen, depth + 1));
-                count++;
-            }
-            return arr;
-        }
-        // Handle plain objects
-        return sanitizeObject(value, config, warnings, seen, depth);
-    }
-    // Unknown type - return safe string representation
-    return String(value);
-}
-/**
- * Sanitize a string value.
- */
-function sanitizeString(value, config, warnings) {
-    let result = value;
-    // Remove file paths if configured
-    if (config.removeFilePaths) {
-        const pathRegex = /(?:\/[\w.-]+)+|(?:[A-Za-z]:\\[\w\\.-]+)+/g;
-        if (pathRegex.test(result)) {
-            result = result.replace(pathRegex, '[path]');
-            warnings.push('File paths removed from string');
-        }
-    }
-    // Truncate if too long
-    if (result.length > config.maxStringLength) {
-        result = result.substring(0, config.maxStringLength) + '...[truncated]';
-        warnings.push(`String truncated: exceeded ${config.maxStringLength} characters`);
-    }
-    return result;
-}
-/**
- * Sanitize an array.
- */
-function sanitizeArray(value, config, warnings, seen, depth) {
-    const result = [];
-    const limit = Math.min(value.length, config.maxArrayLength);
-    for (let i = 0; i < limit; i++) {
-        result.push(sanitizeValue(value[i], config, warnings, seen, depth + 1));
-    }
-    if (value.length > config.maxArrayLength) {
-        warnings.push(`Array truncated: ${value.length} items reduced to ${config.maxArrayLength}`);
-    }
-    return result;
-}
-/**
- * Sanitize a plain object.
- */
-function sanitizeObject(value, config, warnings, seen, depth) {
-    const result = {};
-    const keys = Object.keys(value);
-    const limit = Math.min(keys.length, config.maxObjectKeys);
-    for (let i = 0; i < limit; i++) {
-        const key = keys[i];
-        // Skip prototype pollution vectors
-        if (key === '__proto__' || key === 'constructor' || key === 'prototype') {
-            warnings.push(`Dangerous key "${key}" removed`);
-            continue;
-        }
-        result[key] = sanitizeValue(value[key], config, warnings, seen, depth + 1);
-    }
-    if (keys.length > config.maxObjectKeys) {
-        warnings.push(`Object truncated: ${keys.length} keys reduced to ${config.maxObjectKeys}`);
-    }
-    return result;
-}
-/**
- * Sanitize an Error object.
- */
-function sanitizeError(error, config, warnings) {
-    const result = {
-        name: error.name,
-        message: sanitizeString(error.message, config, warnings),
-    };
-    // Include stack only if configured
-    if (!config.removeStackTraces && error.stack) {
-        result['stack'] = sanitizeString(error.stack, config, warnings);
-    }
-    else if (error.stack) {
-        warnings.push('Stack trace removed');
-    }
-    // Include error code if present
-    if ('code' in error) {
-        result['code'] = error.code;
-    }
-    return result;
-}
-/**
- * Quick check if a value needs sanitization.
- * Used for optimization - skip sanitization for simple values.
- */
-function needsSanitization(value) {
-    if (value === null || value === undefined) {
-        return false;
-    }
-    if (typeof value === 'number' || typeof value === 'boolean') {
-        return false;
-    }
-    if (typeof value === 'string') {
-        // Quick heuristic: check if string might contain paths
-        return value.length > 100 || value.includes('/') || value.includes('\\');
-    }
-    // Objects and arrays always need checking
-    return true;
-}
-/**
- * Sanitize a log message (less aggressive than output sanitization).
- */
-function sanitizeLogMessage(message, maxLength = 500) {
-    if (!message)
-        return '';
-    let result = message;
-    // Remove file paths
-    result = result.replace(/(?:\/[\w.-]+)+|(?:[A-Za-z]:\\[\w\\.-]+)+/g, '[path]');
-    // Remove line numbers
-    result = result.replace(/:\d+:\d+/g, '');
-    // Remove stack trace lines
-    result = result.replace(/\n\s*at .*/g, '');
-    // Truncate
-    if (result.length > maxLength) {
-        result = result.substring(0, maxLength) + '...';
-    }
-    return result.trim();
-}
-//# sourceMappingURL=output-sanitizer.js.map

package/src/codecall/services/output-sanitizer.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"output-sanitizer.js","sourceRoot":"","sources":["../../../../src/codecall/services/output-sanitizer.ts"],"names":[],"mappings":";AAAA,+DAA+D;;;AAgG/D,wCAoCC;AA6ND,8CAgBC;AAKD,gDAoBC;AA1UD;;GAEG;AACU,QAAA,wBAAwB,GAA0B,MAAM,CAAC,MAAM,CAAC;IAC3E,QAAQ,EAAE,EAAE;IACZ,eAAe,EAAE,KAAK;IACtB,aAAa,EAAE,GAAG;IAClB,cAAc,EAAE,IAAI;IACpB,YAAY,EAAE,IAAI,GAAG,IAAI,EAAE,MAAM;IACjC,iBAAiB,EAAE,IAAI;IACvB,eAAe,EAAE,IAAI;CACtB,CAAC,CAAC;AAcH;;;;;;GAMG;AACH,SAAgB,cAAc,CAC5B,MAAe,EACf,SAAyC,EAAE;IAE3C,MAAM,GAAG,GAAG,EAAE,GAAG,gCAAwB,EAAE,GAAG,MAAM,EAAE,CAAC;IACvD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,IAAI,GAAG,IAAI,OAAO,EAAU,CAAC;IAEnC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAE7D,mBAAmB;IACnB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC;YACvD,QAAQ,CAAC,IAAI,CAAC,0CAA0C,GAAG,CAAC,YAAY,QAAQ,CAAC,CAAC;YAClF,OAAO;gBACL,KAAK,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,8BAA8B,EAAO;gBACzE,WAAW,EAAE,IAAI;gBACjB,QAAQ;aACT,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mDAAmD;QACnD,QAAQ,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAChD,OAAO;YACL,KAAK,EAAE,EAAE,MAAM,EAAE,gCAAgC,EAAO;YACxD,WAAW,EAAE,IAAI;YACjB,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAW;QAClB,WAAW,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC;QAChC,QAAQ;KACT,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,KAAc,EACd,MAA6B,EAC7B,QAAkB,EAClB,IAAqB,EACrB,KAAa;IAEb,cAAc;IACd,IAAI,KAAK,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,QAAQ,WAAW,CAAC,CAAC;QAC1D,OAAO,sBAAsB,CAAC;IAChC,CAAC;IAED,wBAAwB;IACxB,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,oBAAoB;IACpB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;QAC5D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC,QAAQ,EAAE,CAAC;IAC1B,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC,QAAQ,EAAE,CAAC;IAC1B,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,UAAU,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC9C,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,iBAAiB;IACjB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,gCAAgC;QAChC,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACpB,QAAQ,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;YAC7C,OAAO,YAAY,CAAC;QACtB,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAEhB,gBAAgB;QAChB,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;QAC7D,CAAC;QAED,uBAAuB;QACvB,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,OAAO,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChD,CAAC;QAED,sBAAsB;QACtB,IAAI,KAAK,YAAY,IAAI,EAAE,CAAC;YAC1B,OAAO,KAAK,CAAC,WAAW,EAAE,CAAC;QAC7B,CAAC;QAED,wBAAwB;QACxB,IAAI,KAAK,YAAY,MAAM,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC1B,CAAC;QAED,aAAa;QACb,IAAI,KAAK,YAAY,GAAG,EAAE,CAAC;YACzB,MAAM,GAAG,GAA4B,EAAE,CAAC;YACxC,IAAI,KAAK,GAAG,CAAC,CAAC;YACd,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;gBAC3B,IAAI,KAAK,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;oBAClC,QAAQ,CAAC,IAAI,CAAC,2BAA2B,MAAM,CAAC,aAAa,OAAO,CAAC,CAAC;oBACtE,MAAM;gBACR,CAAC;gBACD,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;gBACrE,KAAK,EAAE,CAAC;YACV,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAED,aAAa;QACb,IAAI,KAAK,YAAY,GAAG,EAAE,CAAC;YACzB,MAAM,GAAG,GAAc,EAAE,CAAC;YAC1B,IAAI,KAAK,GAAG,CAAC,CAAC;YACd,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,KAAK,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;oBACnC,QAAQ,CAAC,IAAI,CAAC,2BAA2B,MAAM,CAAC,cAAc,QAAQ,CAAC,CAAC;oBACxE,MAAM;gBACR,CAAC;gBACD,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;gBACjE,KAAK,EAAE,CAAC;YACV,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAED,uBAAuB;QACvB,OAAO,cAAc,CAAC,KAAgC,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACzF,CAAC;IAED,mDAAmD;IACnD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAAa,EAAE,MAA6B,EAAE,QAAkB;IACtF,IAAI,MAAM,GAAG,KAAK,CAAC;IAEnB,kCAAkC;IAClC,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,2CAA2C,CAAC;QAC9D,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;QAC3C,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG,gBAAgB,CAAC;QACxE,QAAQ,CAAC,IAAI,CAAC,8BAA8B,MAAM,CAAC,eAAe,aAAa,CAAC,CAAC;IACnF,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,KAAgB,EAChB,MAA6B,EAC7B,QAAkB,EAClB,IAAqB,EACrB,KAAa;IAEb,MAAM,MAAM,GAAc,EAAE,CAAC;IAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IAE5D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;QACzC,QAAQ,CAAC,IAAI,CAAC,oBAAoB,KAAK,CAAC,MAAM,qBAAqB,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;IAC9F,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CACrB,KAA8B,EAC9B,MAA6B,EAC7B,QAAkB,EAClB,IAAqB,EACrB,KAAa;IAEb,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IAE1D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAEpB,mCAAmC;QACnC,IAAI,GAAG,KAAK,WAAW,IAAI,GAAG,KAAK,aAAa,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;YACxE,QAAQ,CAAC,IAAI,CAAC,kBAAkB,GAAG,WAAW,CAAC,CAAC;YAChD,SAAS;QACX,CAAC;QAED,MAAM,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;IAC7E,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,aAAa,EAAE,CAAC;QACvC,QAAQ,CAAC,IAAI,CAAC,qBAAqB,IAAI,CAAC,MAAM,oBAAoB,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC;IAC5F,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,KAAY,EAAE,MAA6B,EAAE,QAAkB;IACpF,MAAM,MAAM,GAA4B;QACtC,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,OAAO,EAAE,cAAc,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC;KACzD,CAAC;IAEF,mCAAmC;IACnC,IAAI,CAAC,MAAM,CAAC,iBAAiB,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC7C,MAAM,CAAC,OAAO,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAClE,CAAC;SAAM,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QACvB,QAAQ,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACvC,CAAC;IAED,gCAAgC;IAChC,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;QACpB,MAAM,CAAC,MAAM,CAAC,GAAI,KAAa,CAAC,IAAI,CAAC;IACvC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB,CAAC,KAAc;IAC9C,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;QAC5D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,uDAAuD;QACvD,OAAO,KAAK,CAAC,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC3E,CAAC;IAED,0CAA0C;IAC1C,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,OAAe,EAAE,SAAS,GAAG,GAAG;IACjE,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IAExB,IAAI,MAAM,GAAG,OAAO,CAAC;IAErB,oBAAoB;IACpB,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,2CAA2C,EAAE,QAAQ,CAAC,CAAC;IAE/E,sBAAsB;IACtB,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IAEzC,2BAA2B;IAC3B,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;IAE3C,WAAW;IACX,IAAI,MAAM,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC9B,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;IAClD,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;AACvB,CAAC","sourcesContent":["// file: libs/plugins/src/codecall/services/output-sanitizer.ts\n\n/**\n * Output Sanitizer for CodeCall\n *\n * Sanitizes script outputs to prevent information leakage through:\n * - Error messages with stack traces or file paths\n * - Large outputs that could contain sensitive data\n * - Recursive structures that could cause DoS\n *\n * Security considerations:\n * - All sanitization is defensive (fail-safe)\n * - Outputs are truncated, not rejected\n * - Circular references are handled\n * - Prototype pollution is prevented\n */\n\n/**\n * Configuration for output sanitization.\n */\nexport interface OutputSanitizerConfig {\n  /**\n   * Maximum depth for nested objects/arrays.\n   * @default 10\n   */\n  maxDepth: number;\n\n  /**\n   * Maximum length for string values.\n   * @default 10000\n   */\n  maxStringLength: number;\n\n  /**\n   * Maximum number of keys in an object.\n   * @default 100\n   */\n  maxObjectKeys: number;\n\n  /**\n   * Maximum number of items in an array.\n   * @default 1000\n   */\n  maxArrayLength: number;\n\n  /**\n   * Maximum total size of serialized output in bytes.\n   * @default 1MB\n   */\n  maxTotalSize: number;\n\n  /**\n   * Remove error stack traces.\n   * @default true\n   */\n  removeStackTraces: boolean;\n\n  /**\n   * Remove file paths from strings.\n   * @default true\n   */\n  removeFilePaths: boolean;\n}\n\n/**\n * Default sanitization configuration.\n */\nexport const DEFAULT_SANITIZER_CONFIG: OutputSanitizerConfig = Object.freeze({\n  maxDepth: 10,\n  maxStringLength: 10000,\n  maxObjectKeys: 100,\n  maxArrayLength: 1000,\n  maxTotalSize: 1024 * 1024, // 1MB\n  removeStackTraces: true,\n  removeFilePaths: true,\n});\n\n/**\n * Result of sanitization.\n */\nexport interface SanitizationResult<T> {\n  /** Sanitized value */\n  value: T;\n  /** Whether any sanitization was applied */\n  wasModified: boolean;\n  /** Warnings about what was sanitized */\n  warnings: string[];\n}\n\n/**\n * Sanitize output from CodeCall script execution.\n *\n * @param output - Raw output from script\n * @param config - Sanitization configuration\n * @returns Sanitized output with metadata\n */\nexport function sanitizeOutput<T = unknown>(\n  output: unknown,\n  config: Partial<OutputSanitizerConfig> = {},\n): SanitizationResult<T> {\n  const cfg = { ...DEFAULT_SANITIZER_CONFIG, ...config };\n  const warnings: string[] = [];\n  const seen = new WeakSet<object>();\n\n  const result = sanitizeValue(output, cfg, warnings, seen, 0);\n\n  // Check total size\n  try {\n    const serialized = JSON.stringify(result);\n    if (serialized && serialized.length > cfg.maxTotalSize) {\n      warnings.push(`Output truncated: exceeded max size of ${cfg.maxTotalSize} bytes`);\n      return {\n        value: { _truncated: true, _reason: 'Output exceeded maximum size' } as T,\n        wasModified: true,\n        warnings,\n      };\n    }\n  } catch {\n    // If we can't serialize, return a safe placeholder\n    warnings.push('Output could not be serialized');\n    return {\n      value: { _error: 'Output could not be serialized' } as T,\n      wasModified: true,\n      warnings,\n    };\n  }\n\n  return {\n    value: result as T,\n    wasModified: warnings.length > 0,\n    warnings,\n  };\n}\n\n/**\n * Recursively sanitize a value.\n */\nfunction sanitizeValue(\n  value: unknown,\n  config: OutputSanitizerConfig,\n  warnings: string[],\n  seen: WeakSet<object>,\n  depth: number,\n): unknown {\n  // Check depth\n  if (depth > config.maxDepth) {\n    warnings.push(`Max depth of ${config.maxDepth} exceeded`);\n    return '[max depth exceeded]';\n  }\n\n  // Handle null/undefined\n  if (value === null || value === undefined) {\n    return value;\n  }\n\n  // Handle primitives\n  if (typeof value === 'string') {\n    return sanitizeString(value, config, warnings);\n  }\n\n  if (typeof value === 'number' || typeof value === 'boolean') {\n    return value;\n  }\n\n  if (typeof value === 'bigint') {\n    return value.toString();\n  }\n\n  if (typeof value === 'symbol') {\n    return value.toString();\n  }\n\n  if (typeof value === 'function') {\n    warnings.push('Function removed from output');\n    return '[function]';\n  }\n\n  // Handle objects\n  if (typeof value === 'object') {\n    // Check for circular references\n    if (seen.has(value)) {\n      warnings.push('Circular reference detected');\n      return '[circular]';\n    }\n    seen.add(value);\n\n    // Handle arrays\n    if (Array.isArray(value)) {\n      return sanitizeArray(value, config, warnings, seen, depth);\n    }\n\n    // Handle Error objects\n    if (value instanceof Error) {\n      return sanitizeError(value, config, warnings);\n    }\n\n    // Handle Date objects\n    if (value instanceof Date) {\n      return value.toISOString();\n    }\n\n    // Handle RegExp objects\n    if (value instanceof RegExp) {\n      return value.toString();\n    }\n\n    // Handle Map\n    if (value instanceof Map) {\n      const obj: Record<string, unknown> = {};\n      let count = 0;\n      for (const [k, v] of value) {\n        if (count >= config.maxObjectKeys) {\n          warnings.push(`Map truncated: exceeded ${config.maxObjectKeys} keys`);\n          break;\n        }\n        obj[String(k)] = sanitizeValue(v, config, warnings, seen, depth + 1);\n        count++;\n      }\n      return obj;\n    }\n\n    // Handle Set\n    if (value instanceof Set) {\n      const arr: unknown[] = [];\n      let count = 0;\n      for (const item of value) {\n        if (count >= config.maxArrayLength) {\n          warnings.push(`Set truncated: exceeded ${config.maxArrayLength} items`);\n          break;\n        }\n        arr.push(sanitizeValue(item, config, warnings, seen, depth + 1));\n        count++;\n      }\n      return arr;\n    }\n\n    // Handle plain objects\n    return sanitizeObject(value as Record<string, unknown>, config, warnings, seen, depth);\n  }\n\n  // Unknown type - return safe string representation\n  return String(value);\n}\n\n/**\n * Sanitize a string value.\n */\nfunction sanitizeString(value: string, config: OutputSanitizerConfig, warnings: string[]): string {\n  let result = value;\n\n  // Remove file paths if configured\n  if (config.removeFilePaths) {\n    const pathRegex = /(?:\\/[\\w.-]+)+|(?:[A-Za-z]:\\\\[\\w\\\\.-]+)+/g;\n    if (pathRegex.test(result)) {\n      result = result.replace(pathRegex, '[path]');\n      warnings.push('File paths removed from string');\n    }\n  }\n\n  // Truncate if too long\n  if (result.length > config.maxStringLength) {\n    result = result.substring(0, config.maxStringLength) + '...[truncated]';\n    warnings.push(`String truncated: exceeded ${config.maxStringLength} characters`);\n  }\n\n  return result;\n}\n\n/**\n * Sanitize an array.\n */\nfunction sanitizeArray(\n  value: unknown[],\n  config: OutputSanitizerConfig,\n  warnings: string[],\n  seen: WeakSet<object>,\n  depth: number,\n): unknown[] {\n  const result: unknown[] = [];\n  const limit = Math.min(value.length, config.maxArrayLength);\n\n  for (let i = 0; i < limit; i++) {\n    result.push(sanitizeValue(value[i], config, warnings, seen, depth + 1));\n  }\n\n  if (value.length > config.maxArrayLength) {\n    warnings.push(`Array truncated: ${value.length} items reduced to ${config.maxArrayLength}`);\n  }\n\n  return result;\n}\n\n/**\n * Sanitize a plain object.\n */\nfunction sanitizeObject(\n  value: Record<string, unknown>,\n  config: OutputSanitizerConfig,\n  warnings: string[],\n  seen: WeakSet<object>,\n  depth: number,\n): Record<string, unknown> {\n  const result: Record<string, unknown> = {};\n  const keys = Object.keys(value);\n  const limit = Math.min(keys.length, config.maxObjectKeys);\n\n  for (let i = 0; i < limit; i++) {\n    const key = keys[i];\n\n    // Skip prototype pollution vectors\n    if (key === '__proto__' || key === 'constructor' || key === 'prototype') {\n      warnings.push(`Dangerous key \"${key}\" removed`);\n      continue;\n    }\n\n    result[key] = sanitizeValue(value[key], config, warnings, seen, depth + 1);\n  }\n\n  if (keys.length > config.maxObjectKeys) {\n    warnings.push(`Object truncated: ${keys.length} keys reduced to ${config.maxObjectKeys}`);\n  }\n\n  return result;\n}\n\n/**\n * Sanitize an Error object.\n */\nfunction sanitizeError(error: Error, config: OutputSanitizerConfig, warnings: string[]): Record<string, unknown> {\n  const result: Record<string, unknown> = {\n    name: error.name,\n    message: sanitizeString(error.message, config, warnings),\n  };\n\n  // Include stack only if configured\n  if (!config.removeStackTraces && error.stack) {\n    result['stack'] = sanitizeString(error.stack, config, warnings);\n  } else if (error.stack) {\n    warnings.push('Stack trace removed');\n  }\n\n  // Include error code if present\n  if ('code' in error) {\n    result['code'] = (error as any).code;\n  }\n\n  return result;\n}\n\n/**\n * Quick check if a value needs sanitization.\n * Used for optimization - skip sanitization for simple values.\n */\nexport function needsSanitization(value: unknown): boolean {\n  if (value === null || value === undefined) {\n    return false;\n  }\n\n  if (typeof value === 'number' || typeof value === 'boolean') {\n    return false;\n  }\n\n  if (typeof value === 'string') {\n    // Quick heuristic: check if string might contain paths\n    return value.length > 100 || value.includes('/') || value.includes('\\\\');\n  }\n\n  // Objects and arrays always need checking\n  return true;\n}\n\n/**\n * Sanitize a log message (less aggressive than output sanitization).\n */\nexport function sanitizeLogMessage(message: string, maxLength = 500): string {\n  if (!message) return '';\n\n  let result = message;\n\n  // Remove file paths\n  result = result.replace(/(?:\\/[\\w.-]+)+|(?:[A-Za-z]:\\\\[\\w\\\\.-]+)+/g, '[path]');\n\n  // Remove line numbers\n  result = result.replace(/:\\d+:\\d+/g, '');\n\n  // Remove stack trace lines\n  result = result.replace(/\\n\\s*at .*/g, '');\n\n  // Truncate\n  if (result.length > maxLength) {\n    result = result.substring(0, maxLength) + '...';\n  }\n\n  return result.trim();\n}\n"]}

package/src/codecall/services/synonym-expansion.service.js

@@ -1,374 +0,0 @@
-"use strict";
-// file: libs/plugins/src/codecall/services/synonym-expansion.service.ts
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SynonymExpansionService = void 0;
-/**
- * Universal Synonym groups for MCP Tool searching.
- *
- * DESIGN PRINCIPLE:
- * These groups bridge the gap between "User Intent" (Natural Language)
- * and "System Function" (API/Tool Names).
- *
- * STRUCTURE:
- * 1. Core Data Operations (CRUD+)
- * 2. State & Lifecycle
- * 3. Transfer & IO
- * 4. DevOps & Technical
- * 5. Commerce & Business Logic
- * 6. Communication & Social
- * 7. Universal Entities (Nouns)
- */
-const DEFAULT_SYNONYM_GROUPS = [
-    // ===========================================================================
-    // 1. CORE DATA OPERATIONS (CRUD+)
-    // ===========================================================================
-    // Creation / Instantiation
-    [
-        'create',
-        'add',
-        'new',
-        'insert',
-        'make',
-        'append',
-        'register',
-        'generate',
-        'produce',
-        'build',
-        'construct',
-        'provision',
-        'instantiate',
-        'define',
-        'compose',
-        'draft',
-    ],
-    // Destructive Removal
-    [
-        'delete',
-        'remove',
-        'destroy',
-        'drop',
-        'erase',
-        'clear',
-        'purge',
-        'discard',
-        'eliminate',
-        'nuke',
-        'unbind',
-        'unregister',
-    ],
-    // Retrieval / Access
-    ['get', 'fetch', 'retrieve', 'read', 'obtain', 'load', 'pull', 'access', 'grab', 'snag', 'receive'],
-    // Modification
-    [
-        'update',
-        'edit',
-        'modify',
-        'change',
-        'patch',
-        'alter',
-        'revise',
-        'refresh',
-        'correct',
-        'amend',
-        'adjust',
-        'tweak',
-        'rectify',
-        'refine',
-    ],
-    // Viewing / Listing
-    [
-        'list',
-        'show',
-        'display',
-        'enumerate',
-        'browse',
-        'view',
-        'peek',
-        'index',
-        'catalog',
-        'survey',
-        'inspect',
-        'ls',
-        'dir',
-    ],
-    // Searching / Discovery
-    [
-        'find',
-        'search',
-        'lookup',
-        'query',
-        'locate',
-        'filter',
-        'scan',
-        'explore',
-        'investigate',
-        'detect',
-        'scout',
-        'seek',
-    ],
-    // Soft Delete / Archival
-    ['archive', 'shelve', 'retire', 'hide', 'suppress', 'mute'],
-    ['unarchive', 'restore', 'recover', 'undelete', 'unhide'],
-    // ===========================================================================
-    // 2. STATE & LIFECYCLE
-    // ===========================================================================
-    // Activation
-    [
-        'enable',
-        'activate',
-        'start',
-        'turn on',
-        'switch on',
-        'boot',
-        'init',
-        'initialize',
-        'setup',
-        'spin up',
-        'resume',
-        'unpause',
-    ],
-    // Deactivation
-    [
-        'disable',
-        'deactivate',
-        'stop',
-        'turn off',
-        'switch off',
-        'shutdown',
-        'halt',
-        'kill',
-        'terminate',
-        'suspend',
-        'pause',
-        'cease',
-    ],
-    // Execution
-    ['run', 'execute', 'invoke', 'trigger', 'launch', 'call', 'perform', 'operate', 'handle', 'process', 'fire'],
-    // Reset cycles
-    ['restart', 'reboot', 'reset', 'reload', 'bounce', 'recycle', 'refresh'],
-    // Validation & Check
-    ['validate', 'verify', 'check', 'confirm', 'assert', 'test', 'audit', 'assess', 'healthcheck', 'ping'],
-    // Analysis & Math
-    [
-        'analyze',
-        'interpret',
-        'diagnose',
-        'evaluate',
-        'review',
-        'summarize',
-        'count',
-        'calculate',
-        'compute',
-        'measure',
-        'aggregate',
-        'summarise',
-    ],
-    // ===========================================================================
-    // 3. TRANSFER, IO & MANIPULATION
-    // ===========================================================================
-    // Duplication
-    ['copy', 'duplicate', 'clone', 'replicate', 'mirror', 'fork', 'repro'],
-    // Movement
-    ['move', 'transfer', 'migrate', 'relocate', 'rename', 'shift', 'mv', 'slide'],
-    // Persistence
-    ['save', 'store', 'write', 'persist', 'commit', 'stash', 'record', 'log'],
-    // Synchronization
-    ['sync', 'synchronize', 'resync', 'reconcile', 'align', 'pair'],
-    // Import/Export
-    ['import', 'ingest', 'upload', 'push', 'feed'],
-    ['export', 'download', 'dump', 'backup', 'extract'],
-    // Connection
-    ['connect', 'link', 'bind', 'attach', 'join', 'bridge', 'associate', 'mount', 'map'],
-    ['disconnect', 'unlink', 'unbind', 'detach', 'leave', 'dissociate', 'unmount', 'unmap'],
-    // ===========================================================================
-    // 4. DEVOPS, SECURITY & TECHNICAL
-    // ===========================================================================
-    // Auth
-    ['login', 'log in', 'sign in', 'authenticate', 'auth'],
-    ['logout', 'log out', 'sign out', 'disconnect'],
-    // Permissions
-    ['approve', 'authorize', 'grant', 'permit', 'allow', 'sanction', 'whitelist'],
-    ['deny', 'reject', 'revoke', 'forbid', 'block', 'ban', 'blacklist'],
-    // Encryption
-    ['encrypt', 'secure', 'lock', 'seal', 'protect', 'scramble', 'hash'],
-    ['decrypt', 'unlock', 'unseal', 'reveal', 'decode'],
-    // Deployment
-    ['deploy', 'release', 'ship', 'publish', 'roll out', 'promote', 'distribute', 'install'],
-    // Development
-    ['debug', 'troubleshoot', 'fix', 'repair', 'resolve', 'trace'],
-    ['compile', 'transpile', 'build', 'assemble', 'package', 'bundle', 'minify'],
-    // ===========================================================================
-    // 5. COMMERCE & BUSINESS LOGIC
-    // ===========================================================================
-    // Financial Transactions
-    ['buy', 'purchase', 'order', 'pay', 'checkout', 'spend'],
-    ['sell', 'refund', 'reimburse', 'charge', 'invoice', 'bill'],
-    ['subscribe', 'upgrade', 'upsell'],
-    ['unsubscribe', 'cancel', 'downgrade'],
-    // Scheduling
-    ['schedule', 'book', 'appoint', 'reserve', 'plan', 'calendar'],
-    ['reschedule', 'postpone', 'delay', 'defer'],
-    // ===========================================================================
-    // 6. COMMUNICATION & SOCIAL
-    // ===========================================================================
-    // Outbound
-    [
-        'send',
-        'dispatch',
-        'deliver',
-        'transmit',
-        'post',
-        'broadcast',
-        'notify',
-        'alert',
-        'email',
-        'text',
-        'message',
-        'chat',
-    ],
-    // Social Interactions
-    ['reply', 'respond', 'answer', 'retort'],
-    ['share', 'forward', 'retweet', 'repost'],
-    ['like', 'favorite', 'star', 'upvote', 'heart'],
-    ['dislike', 'downvote'],
-    ['follow', 'watch', 'track'],
-    ['unfollow', 'ignore', 'mute'],
-    // ===========================================================================
-    // 7. COMMON ENTITIES (NOUNS)
-    // ===========================================================================
-    // Users & Roles
-    [
-        'user',
-        'account',
-        'member',
-        'profile',
-        'identity',
-        'customer',
-        'principal',
-        'admin',
-        'operator',
-        'client',
-        'employee',
-        'staff',
-    ],
-    ['role', 'group', 'team', 'squad', 'unit', 'department'],
-    // Data Artifacts
-    ['file', 'document', 'attachment', 'blob', 'asset', 'object', 'resource', 'content', 'media'],
-    ['image', 'picture', 'photo', 'screenshot'],
-    ['video', 'clip', 'recording', 'footage'],
-    // System Artifacts
-    ['message', 'notification', 'alert', 'event', 'signal', 'webhook', 'ping'],
-    ['log', 'trace', 'metric', 'telemetry', 'audit trail', 'history'],
-    ['settings', 'config', 'configuration', 'preferences', 'options', 'params', 'env', 'environment', 'variables'],
-    ['permission', 'privilege', 'access right', 'policy', 'rule', 'scope'],
-    // Business Artifacts
-    ['organization', 'company', 'tenant', 'workspace', 'org', 'project', 'repo', 'repository'],
-    ['product', 'item', 'sku', 'inventory', 'stock'],
-    ['task', 'ticket', 'issue', 'bug', 'story', 'epic', 'todo', 'job', 'workitem'],
-    // Identification
-    ['id', 'identifier', 'key', 'uuid', 'guid', 'token', 'hash', 'fingerprint'],
-];
-/**
- * Lightweight synonym expansion service for improving TF-IDF search relevance.
- * Zero dependencies, synchronous, and easily extensible.
- *
- * This service provides query-time synonym expansion to help TF-IDF-based
- * search understand that semantically similar terms (like "add" and "create")
- * should match the same tools.
- */
-class SynonymExpansionService {
-    synonymMap;
-    maxExpansions;
-    constructor(config = {}) {
-        this.maxExpansions = config.maxExpansionsPerTerm ?? 5;
-        // Build synonym map from groups
-        const groups = config.replaceDefaults
-            ? config.additionalSynonyms || []
-            : [...DEFAULT_SYNONYM_GROUPS, ...(config.additionalSynonyms || [])];
-        this.synonymMap = this.buildSynonymMap(groups);
-    }
-    /**
-     * Build a bidirectional synonym map from groups.
-     * Each term maps to all other terms in its group(s).
-     */
-    buildSynonymMap(groups) {
-        const map = new Map();
-        for (const group of groups) {
-            const normalizedGroup = group.map((term) => term.toLowerCase());
-            for (const term of normalizedGroup) {
-                if (!map.has(term)) {
-                    map.set(term, new Set());
-                }
-                const synonyms = map.get(term);
-                // Add all other terms in the group as synonyms
-                for (const synonym of normalizedGroup) {
-                    if (synonym !== term) {
-                        synonyms.add(synonym);
-                    }
-                }
-            }
-        }
-        return map;
-    }
-    /**
-     * Get synonyms for a single term.
-     * Returns empty array if no synonyms found.
-     *
-     * @example
-     * getSynonyms('add') // ['create', 'new', 'insert', 'make']
-     */
-    getSynonyms(term) {
-        const normalized = term.toLowerCase();
-        const synonyms = this.synonymMap.get(normalized);
-        if (!synonyms) {
-            return [];
-        }
-        // Return limited synonyms to prevent query explosion
-        return Array.from(synonyms).slice(0, this.maxExpansions);
-    }
-    /**
-     * Expand a query string by adding synonyms for each term.
-     * Returns the expanded query string with original terms and their synonyms.
-     *
-     * @example
-     * expandQuery('add user') // 'add create new insert make user account member profile'
-     */
-    expandQuery(query) {
-        const terms = query
-            .toLowerCase()
-            .split(/\s+/)
-            .filter((term) => term.length > 1);
-        const expandedTerms = [];
-        for (const term of terms) {
-            // Always include the original term first
-            expandedTerms.push(term);
-            // Add synonyms
-            const synonyms = this.getSynonyms(term);
-            expandedTerms.push(...synonyms);
-        }
-        return expandedTerms.join(' ');
-    }
-    /**
-     * Check if synonym expansion is available for any term in the query.
-     */
-    hasExpansions(query) {
-        const terms = query.toLowerCase().split(/\s+/);
-        return terms.some((term) => this.synonymMap.has(term));
-    }
-    /**
-     * Get statistics about the synonym dictionary.
-     */
-    getStats() {
-        const termCount = this.synonymMap.size;
-        let totalSynonyms = 0;
-        for (const synonyms of this.synonymMap.values()) {
-            totalSynonyms += synonyms.size;
-        }
-        return {
-            termCount,
-            avgSynonymsPerTerm: termCount > 0 ? totalSynonyms / termCount : 0,
-        };
-    }
-}
-exports.SynonymExpansionService = SynonymExpansionService;
-//# sourceMappingURL=synonym-expansion.service.js.map