@inkeep/agents-core 0.0.0-dev-20260125001234 → 0.0.0-dev-20260126174131

package/dist/validation/schemas.js

@@ -1,11 +1,11 @@
 import { schemaValidationDefaults } from "../constants/schema-validation/defaults.js";
 import { CredentialStoreType, MCPServerType, MCPTransportType, TOOL_STATUS_VALUES, VALID_RELATION_TYPES } from "../types/utility.js";
+import { jmespathString, validateJMESPathSecure, validateRegex } from "../utils/jmespath-utils.js";
 import { agents, artifactComponents, contextConfigs, credentialReferences, dataComponents, dataset, datasetItem, datasetRunConfig, datasetRunConfigAgentRelations, evaluationJobConfig, evaluationJobConfigEvaluatorRelations, evaluationRunConfig, evaluationRunConfigEvaluationSuiteConfigRelations, evaluationSuiteConfig, evaluationSuiteConfigEvaluatorRelations, evaluator, externalAgents, functionTools, functions, projects, subAgentArtifactComponents, subAgentDataComponents, subAgentExternalAgentRelations, subAgentFunctionToolRelations, subAgentRelations, subAgentTeamAgentRelations, subAgentToolRelations, subAgents, tools, triggers } from "../db/manage/manage-schema.js";
 import { apiKeys, contextCache, conversations, datasetRun, datasetRunConversationRelations, evaluationResult, evaluationRun, ledgerArtifacts, messages, projectMetadata, taskRelations, tasks, triggerInvocations } from "../db/runtime/runtime-schema.js";
 import { ResolvedRefSchema } from "./dolt-schemas.js";
 import { MAX_ID_LENGTH, MIN_ID_LENGTH, URL_SAFE_ID_PATTERN, createInsertSchema, createResourceIdSchema, createSelectSchema, registerFieldSchemas, resourceIdSchema } from "./drizzle-schema-helpers.js";
 import { z } from "@hono/zod-openapi";
-import * as jmespath$1 from "jmespath";
 
 //#region src/validation/schemas.ts
 const { AGENT_EXECUTION_TRANSFER_COUNT_MAX, AGENT_EXECUTION_TRANSFER_COUNT_MIN, CONTEXT_FETCHER_HTTP_TIMEOUT_MS_DEFAULT, STATUS_UPDATE_MAX_INTERVAL_SECONDS, STATUS_UPDATE_MAX_NUM_EVENTS, SUB_AGENT_TURN_GENERATION_STEPS_MAX, SUB_AGENT_TURN_GENERATION_STEPS_MIN, VALIDATION_AGENT_PROMPT_MAX_CHARS, VALIDATION_SUB_AGENT_PROMPT_MAX_CHARS } = schemaValidationDefaults;
@@ -163,7 +163,7 @@ const TriggerAuthHeaderStoredSchema = z.object({
 const TriggerAuthenticationStoredSchema = z.object({ headers: z.array(TriggerAuthHeaderStoredSchema).optional().describe("Array of headers with hashed values") }).openapi("TriggerAuthenticationStored");
 const TriggerAuthenticationSchema = TriggerAuthenticationInputSchema;
 const TriggerOutputTransformSchema = z.object({
-	jmespath: z.string().optional().describe("JMESPath expression for payload transformation"),
+	jmespath: jmespathString().optional(),
 	objectTransformation: z.record(z.string(), z.string()).optional().describe("Object transformation mapping")
 }).openapi("TriggerOutputTransform");
 /**
@@ -333,7 +333,6 @@ const TriggerSelectSchema = registerFieldSchemas(createSelectSchema(triggers).ex
 	signingSecretCredentialReferenceId: z.string().nullable().optional(),
 	signatureVerification: SignatureVerificationConfigSchema.nullable().optional()
 }));
-const jmespathExt = jmespath$1;
 const TriggerInsertSchemaBase = createInsertSchema(triggers, {
 	id: () => resourceIdSchema,
 	name: () => z.string().trim().nonempty().describe("Trigger name"),
@@ -349,12 +348,11 @@ const TriggerInsertSchemaBase = createInsertSchema(triggers, {
 const TriggerInsertSchema = TriggerInsertSchemaBase.superRefine((data, ctx) => {
 	const config = data.signatureVerification;
 	if (!config) return;
-	if (config.signature.regex) try {
-		new RegExp(config.signature.regex);
-	} catch (error) {
-		ctx.addIssue({
+	if (config.signature.regex) {
+		const regexResult = validateRegex(config.signature.regex);
+		if (!regexResult.valid) ctx.addIssue({
 			code: z.ZodIssueCode.custom,
-			message: `Invalid regex pattern in signature.regex: ${error instanceof Error ? error.message : String(error)}`,
+			message: `Invalid regex pattern in signature.regex: ${regexResult.error}`,
 			path: [
 				"signatureVerification",
 				"signature",
@@ -362,12 +360,11 @@ const TriggerInsertSchema = TriggerInsertSchemaBase.superRefine((data, ctx) => {
 			]
 		});
 	}
-	if (config.signature.source === "body" && config.signature.key) try {
-		jmespathExt.compile(config.signature.key);
-	} catch (error) {
-		ctx.addIssue({
+	if (config.signature.source === "body" && config.signature.key) {
+		const jmespathResult = validateJMESPathSecure(config.signature.key);
+		if (!jmespathResult.valid) ctx.addIssue({
 			code: z.ZodIssueCode.custom,
-			message: `Invalid JMESPath expression in signature.key: ${error instanceof Error ? error.message : String(error)}`,
+			message: `Invalid JMESPath expression in signature.key: ${jmespathResult.error}`,
 			path: [
 				"signatureVerification",
 				"signature",
@@ -376,12 +373,11 @@ const TriggerInsertSchema = TriggerInsertSchemaBase.superRefine((data, ctx) => {
 		});
 	}
 	config.signedComponents.forEach((component, index) => {
-		if (component.regex) try {
-			new RegExp(component.regex);
-		} catch (error) {
-			ctx.addIssue({
+		if (component.regex) {
+			const regexResult = validateRegex(component.regex);
+			if (!regexResult.valid) ctx.addIssue({
 				code: z.ZodIssueCode.custom,
-				message: `Invalid regex pattern in signedComponents[${index}].regex: ${error instanceof Error ? error.message : String(error)}`,
+				message: `Invalid regex pattern in signedComponents[${index}].regex: ${regexResult.error}`,
 				path: [
 					"signatureVerification",
 					"signedComponents",
@@ -390,12 +386,11 @@ const TriggerInsertSchema = TriggerInsertSchemaBase.superRefine((data, ctx) => {
 				]
 			});
 		}
-		if (component.source === "body" && component.key) try {
-			jmespathExt.compile(component.key);
-		} catch (error) {
-			ctx.addIssue({
+		if (component.source === "body" && component.key) {
+			const jmespathResult = validateJMESPathSecure(component.key);
+			if (!jmespathResult.valid) ctx.addIssue({
 				code: z.ZodIssueCode.custom,
-				message: `Invalid JMESPath expression in signedComponents[${index}].key: ${error instanceof Error ? error.message : String(error)}`,
+				message: `Invalid JMESPath expression in signedComponents[${index}].key: ${jmespathResult.error}`,
 				path: [
 					"signatureVerification",
 					"signedComponents",
@@ -404,19 +399,20 @@ const TriggerInsertSchema = TriggerInsertSchemaBase.superRefine((data, ctx) => {
 				]
 			});
 		}
-		if (component.value && component.source !== "literal") try {
-			jmespathExt.compile(component.value);
-		} catch (error) {
-			if (component.value.includes(".") || component.value.includes("[")) ctx.addIssue({
-				code: z.ZodIssueCode.custom,
-				message: `Invalid JMESPath expression in signedComponents[${index}].value: ${error instanceof Error ? error.message : String(error)}`,
-				path: [
-					"signatureVerification",
-					"signedComponents",
-					index,
-					"value"
-				]
-			});
+		if (component.value && component.source !== "literal") {
+			if (component.value.includes(".") || component.value.includes("[")) {
+				const jmespathResult = validateJMESPathSecure(component.value);
+				if (!jmespathResult.valid) ctx.addIssue({
+					code: z.ZodIssueCode.custom,
+					message: `Invalid JMESPath expression in signedComponents[${index}].value: ${jmespathResult.error}`,
+					path: [
+						"signatureVerification",
+						"signedComponents",
+						index,
+						"value"
+					]
+				});
+			}
 		}
 	});
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inkeep/agents-core",
-  "version": "0.0.0-dev-20260125001234",
+  "version": "0.0.0-dev-20260126174131",
   "description": "Agents Core contains the database schema, types, and validation schemas for Inkeep Agent Framework, along with core components.",
   "type": "module",
   "license": "SEE LICENSE IN LICENSE.md",